cobaltstrike | 93cef15ffde5fcce1047725f4e216415061e4615f65a956c0dda1309373dfae7

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

85f2437ab5035bd5cef9e7dee006acb5
SHA1

de5279f7ecd661f2dbbc7dd9fc6f2e90b682c1e1
SHA256

93cef15ffde5fcce1047725f4e216415061e4615f65a956c0dda1309373dfae7
SHA512

c30dbd5594d042b1272fe772447093cd5bcb4dbf8962a5517fa19aebf714302bc3d5a4e669873aebb943abb92ff0aabd133fcf18ea0a9164586bfa437dbbd89d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000018b59-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-41.dat	cobalt_reflective_dll
behavioral1/files/0x00150000000170f8-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-76.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b64-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b28-28.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186c3-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-12.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012263-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x0009000000018b59-53.dat	xmrig
behavioral1/memory/1056-52-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/1056-50-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/3024-49-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2836-48-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b54-41.dat	xmrig
behavioral1/files/0x00150000000170f8-40.dat	xmrig
behavioral1/memory/2872-66-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-69.dat	xmrig
behavioral1/memory/2652-72-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-97.dat	xmrig
behavioral1/memory/2656-104-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf9-130.dat	xmrig
behavioral1/files/0x0005000000019d61-141.dat	xmrig
behavioral1/files/0x0005000000019e92-156.dat	xmrig
behavioral1/files/0x0005000000019fdd-166.dat	xmrig
behavioral1/memory/1056-288-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-196.dat	xmrig
behavioral1/files/0x000500000001a309-186.dat	xmrig
behavioral1/files/0x000500000001a3ab-190.dat	xmrig
behavioral1/files/0x000500000001a049-176.dat	xmrig
behavioral1/files/0x000500000001a0b6-181.dat	xmrig
behavioral1/files/0x000500000001a03c-171.dat	xmrig
behavioral1/files/0x0005000000019fd4-161.dat	xmrig
behavioral1/files/0x0005000000019d6d-151.dat	xmrig
behavioral1/memory/2652-148-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d62-145.dat	xmrig
behavioral1/files/0x0005000000019c3c-135.dat	xmrig
behavioral1/files/0x0005000000019bf6-126.dat	xmrig
behavioral1/files/0x000500000001998d-115.dat	xmrig
behavioral1/files/0x0005000000019bf5-121.dat	xmrig
behavioral1/files/0x0005000000019820-108.dat	xmrig
behavioral1/memory/2948-105-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2212-100-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-83.dat	xmrig
behavioral1/memory/2616-93-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1056-91-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-88.dat	xmrig
behavioral1/memory/2476-82-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2788-79-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-76.dat	xmrig
behavioral1/memory/2800-65-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2656-57-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b64-61.dat	xmrig
behavioral1/memory/2788-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b50-34.dat	xmrig
behavioral1/memory/2872-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b28-28.dat	xmrig
behavioral1/memory/1664-26-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00070000000186c3-11.dat	xmrig
behavioral1/memory/2924-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2592-15-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-12.dat	xmrig
behavioral1/files/0x000b000000012263-6.dat	xmrig
behavioral1/memory/1056-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2788-1566-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/3024-1565-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2652-1562-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1664-1586-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2924-1616-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2616-1624-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2592-1625-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2212-1622-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2800-1623-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2592	XiEzuJK.exe
2924	OVfodTX.exe
1664	EozbSkb.exe
2872	psDQOpF.exe
2788	ZHyBLJN.exe
2836	MqLzlXq.exe
3024	CmiFUtD.exe
2656	pDyOcnS.exe
2800	cnDOHeI.exe
2652	rdOEgJJ.exe
2476	dakbJpx.exe
2616	IWyzVjZ.exe
2212	NQgrlpx.exe
2948	ZQuWBPb.exe
2996	VLZqIwP.exe
1268	QLSoFPj.exe
2036	ucpselN.exe
1748	cLGyqAq.exe
1096	LXcsAFC.exe
1856	gdiXjqW.exe
844	wRMLWKF.exe
2880	pLGNGgU.exe
1116	yzZoKnI.exe
1944	ztdmhow.exe
1964	CScHdsb.exe
2192	PFQZiJQ.exe
2344	twwFokh.exe
2156	zOVBmRk.exe
2352	RcEGxXk.exe
2152	tuzQJda.exe
3048	xMAICmq.exe
972	GzMpEba.exe
764	lGUXplr.exe
2068	jlnWxNM.exe
2516	NAfaqhO.exe
1564	ZROipdk.exe
956	jBPLvNd.exe
1768	kwiPAbD.exe
1764	BuZMPKZ.exe
1892	vTmpiLL.exe
2288	fXIghyE.exe
2348	dqXtPvJ.exe
936	cdpyOqX.exe
1612	oUoTRgm.exe
2076	SaqEVMN.exe
1704	LuqxMYm.exe
2016	zJHfpXw.exe
2448	byShHZk.exe
880	SCUYKkR.exe
2272	btAnBas.exe
1636	wsYzuTs.exe
2280	LVtirKZ.exe
1596	vuNEzCO.exe
1604	mbfQuTX.exe
2568	tJRYkIv.exe
1684	NTEBakl.exe
2884	YeIvgam.exe
2740	NKiUzNe.exe
2660	JWixddJ.exe
2636	NKDYveV.exe
2752	TMrmcsn.exe
2952	lcYvTlF.exe
1712	AZtKXZl.exe
3004	DlsQzts.exe

Loads dropped DLL 64 IoCs

pid	Process
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000018b59-53.dat	upx
behavioral1/memory/1056-50-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/3024-49-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2836-48-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0007000000018b54-41.dat	upx
behavioral1/files/0x00150000000170f8-40.dat	upx
behavioral1/memory/2872-66-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0006000000019489-69.dat	upx
behavioral1/memory/2652-72-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-97.dat	upx
behavioral1/memory/2656-104-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0005000000019bf9-130.dat	upx
behavioral1/files/0x0005000000019d61-141.dat	upx
behavioral1/files/0x0005000000019e92-156.dat	upx
behavioral1/files/0x0005000000019fdd-166.dat	upx
behavioral1/files/0x000500000001a3f6-196.dat	upx
behavioral1/files/0x000500000001a309-186.dat	upx
behavioral1/files/0x000500000001a3ab-190.dat	upx
behavioral1/files/0x000500000001a049-176.dat	upx
behavioral1/files/0x000500000001a0b6-181.dat	upx
behavioral1/files/0x000500000001a03c-171.dat	upx
behavioral1/files/0x0005000000019fd4-161.dat	upx
behavioral1/files/0x0005000000019d6d-151.dat	upx
behavioral1/memory/2652-148-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019d62-145.dat	upx
behavioral1/files/0x0005000000019c3c-135.dat	upx
behavioral1/files/0x0005000000019bf6-126.dat	upx
behavioral1/files/0x000500000001998d-115.dat	upx
behavioral1/files/0x0005000000019bf5-121.dat	upx
behavioral1/files/0x0005000000019820-108.dat	upx
behavioral1/memory/2948-105-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2212-100-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000500000001975a-83.dat	upx
behavioral1/memory/2616-93-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0005000000019761-88.dat	upx
behavioral1/memory/2476-82-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2788-79-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019643-76.dat	upx
behavioral1/memory/2800-65-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2656-57-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0008000000018b64-61.dat	upx
behavioral1/memory/2788-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0007000000018b50-34.dat	upx
behavioral1/memory/2872-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000018b28-28.dat	upx
behavioral1/memory/1664-26-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00070000000186c3-11.dat	upx
behavioral1/memory/2924-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2592-15-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-12.dat	upx
behavioral1/files/0x000b000000012263-6.dat	upx
behavioral1/memory/1056-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2788-1566-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/3024-1565-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2652-1562-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1664-1586-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2924-1616-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2616-1624-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2592-1625-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2212-1622-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2800-1623-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2836-1613-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2948-1632-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2872-1637-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pLqxIkN.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJtJNzJ.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmpoNoB.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIgoHuz.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIylYtS.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzKPGCS.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtYvYhv.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDEsgWn.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLrJnzP.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejOFwPw.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PziGJlH.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuLFnZt.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZROipdk.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNsNZpv.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgIruSX.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKRzJQo.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWkjrfE.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IidSMKC.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAEdLeE.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMkPbDZ.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPaFMvU.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaqEVMN.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGCuebg.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEsgYfA.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgctFAf.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMWUxuY.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkJfAAZ.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSCFamE.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQZniYb.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrGyQNx.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oefFbbd.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMjUsfS.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMgBuJB.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUmREUb.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HocXdci.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybJPzhk.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\parauCq.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGsDRAg.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\entzBtO.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFMUxIA.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcCPZlT.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEhJMVm.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPEipHI.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNMkOEu.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riIdeNm.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldromdF.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIkOdLO.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aViAqzB.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQuWBPb.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RupLFMb.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNTNFke.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYDWuPj.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeZCyyt.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBatdzW.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWqdngF.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaZImFv.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzSsYnS.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYRFsrm.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXXizRl.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmpFBaP.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STnTArm.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrJZrig.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZyCBOs.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNjfeaq.exe	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2592	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2592	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2592	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2924	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 2924	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 2924	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 1664	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 1664	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 1664	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 2872	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2872	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2872	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2788	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2788	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2788	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2836	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 2836	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 2836	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 3024	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 3024	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 3024	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 2656	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2656	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2656	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2800	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2800	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2800	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2652	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 2652	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 2652	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 2476	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 2476	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 2476	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 2212	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 2212	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 2212	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 2616	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 2616	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 2616	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 2948	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 2948	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 2948	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 2996	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 2996	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 2996	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 1268	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 1268	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 1268	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 2036	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 2036	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 2036	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 1748	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 1748	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 1748	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 1096	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 1096	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 1096	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 1856	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 1856	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 1856	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 844	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 844	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 844	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 2880	1056	2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Windows\System32\hi5-9c.exe
"C:\Windows\System32\hi5-9c.exe"
1⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_85f2437ab5035bd5cef9e7dee006acb5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\System\XiEzuJK.exe
  C:\Windows\System\XiEzuJK.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\OVfodTX.exe
  C:\Windows\System\OVfodTX.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\EozbSkb.exe
  C:\Windows\System\EozbSkb.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\psDQOpF.exe
  C:\Windows\System\psDQOpF.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ZHyBLJN.exe
  C:\Windows\System\ZHyBLJN.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\MqLzlXq.exe
  C:\Windows\System\MqLzlXq.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\CmiFUtD.exe
  C:\Windows\System\CmiFUtD.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\pDyOcnS.exe
  C:\Windows\System\pDyOcnS.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\cnDOHeI.exe
  C:\Windows\System\cnDOHeI.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\rdOEgJJ.exe
  C:\Windows\System\rdOEgJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\dakbJpx.exe
  C:\Windows\System\dakbJpx.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\NQgrlpx.exe
  C:\Windows\System\NQgrlpx.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\IWyzVjZ.exe
  C:\Windows\System\IWyzVjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZQuWBPb.exe
  C:\Windows\System\ZQuWBPb.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\VLZqIwP.exe
  C:\Windows\System\VLZqIwP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\QLSoFPj.exe
  C:\Windows\System\QLSoFPj.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ucpselN.exe
  C:\Windows\System\ucpselN.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\cLGyqAq.exe
  C:\Windows\System\cLGyqAq.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\LXcsAFC.exe
  C:\Windows\System\LXcsAFC.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\gdiXjqW.exe
  C:\Windows\System\gdiXjqW.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\wRMLWKF.exe
  C:\Windows\System\wRMLWKF.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\pLGNGgU.exe
  C:\Windows\System\pLGNGgU.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\yzZoKnI.exe
  C:\Windows\System\yzZoKnI.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\ztdmhow.exe
  C:\Windows\System\ztdmhow.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\CScHdsb.exe
  C:\Windows\System\CScHdsb.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\PFQZiJQ.exe
  C:\Windows\System\PFQZiJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\twwFokh.exe
  C:\Windows\System\twwFokh.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\zOVBmRk.exe
  C:\Windows\System\zOVBmRk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\RcEGxXk.exe
  C:\Windows\System\RcEGxXk.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\tuzQJda.exe
  C:\Windows\System\tuzQJda.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xMAICmq.exe
  C:\Windows\System\xMAICmq.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\GzMpEba.exe
  C:\Windows\System\GzMpEba.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\lGUXplr.exe
  C:\Windows\System\lGUXplr.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\NAfaqhO.exe
  C:\Windows\System\NAfaqhO.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\jlnWxNM.exe
  C:\Windows\System\jlnWxNM.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ZROipdk.exe
  C:\Windows\System\ZROipdk.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\jBPLvNd.exe
  C:\Windows\System\jBPLvNd.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\kwiPAbD.exe
  C:\Windows\System\kwiPAbD.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\BuZMPKZ.exe
  C:\Windows\System\BuZMPKZ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\vTmpiLL.exe
  C:\Windows\System\vTmpiLL.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\fXIghyE.exe
  C:\Windows\System\fXIghyE.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\cdpyOqX.exe
  C:\Windows\System\cdpyOqX.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\dqXtPvJ.exe
  C:\Windows\System\dqXtPvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\oUoTRgm.exe
  C:\Windows\System\oUoTRgm.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\SaqEVMN.exe
  C:\Windows\System\SaqEVMN.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\zJHfpXw.exe
  C:\Windows\System\zJHfpXw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LuqxMYm.exe
  C:\Windows\System\LuqxMYm.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\byShHZk.exe
  C:\Windows\System\byShHZk.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\SCUYKkR.exe
  C:\Windows\System\SCUYKkR.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\btAnBas.exe
  C:\Windows\System\btAnBas.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\wsYzuTs.exe
  C:\Windows\System\wsYzuTs.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\LVtirKZ.exe
  C:\Windows\System\LVtirKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vuNEzCO.exe
  C:\Windows\System\vuNEzCO.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\mbfQuTX.exe
  C:\Windows\System\mbfQuTX.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tJRYkIv.exe
  C:\Windows\System\tJRYkIv.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\NTEBakl.exe
  C:\Windows\System\NTEBakl.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\YeIvgam.exe
  C:\Windows\System\YeIvgam.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\NKiUzNe.exe
  C:\Windows\System\NKiUzNe.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\JWixddJ.exe
  C:\Windows\System\JWixddJ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\NKDYveV.exe
  C:\Windows\System\NKDYveV.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\TMrmcsn.exe
  C:\Windows\System\TMrmcsn.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\AZtKXZl.exe
  C:\Windows\System\AZtKXZl.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\lcYvTlF.exe
  C:\Windows\System\lcYvTlF.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\DlsQzts.exe
  C:\Windows\System\DlsQzts.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\MzjIGEr.exe
  C:\Windows\System\MzjIGEr.exe
  2⤵
  PID:236
- C:\Windows\System\BKRzJQo.exe
  C:\Windows\System\BKRzJQo.exe
  2⤵
  PID:2464
- C:\Windows\System\FNqXtbR.exe
  C:\Windows\System\FNqXtbR.exe
  2⤵
  PID:1724
- C:\Windows\System\LDgJagy.exe
  C:\Windows\System\LDgJagy.exe
  2⤵
  PID:1776
- C:\Windows\System\YSGUBGY.exe
  C:\Windows\System\YSGUBGY.exe
  2⤵
  PID:2808
- C:\Windows\System\QTubSWW.exe
  C:\Windows\System\QTubSWW.exe
  2⤵
  PID:1452
- C:\Windows\System\cSYrfmS.exe
  C:\Windows\System\cSYrfmS.exe
  2⤵
  PID:1936
- C:\Windows\System\ZXTuQle.exe
  C:\Windows\System\ZXTuQle.exe
  2⤵
  PID:2316
- C:\Windows\System\Fogslrn.exe
  C:\Windows\System\Fogslrn.exe
  2⤵
  PID:2112
- C:\Windows\System\ssvQHWF.exe
  C:\Windows\System\ssvQHWF.exe
  2⤵
  PID:912
- C:\Windows\System\qQzaueg.exe
  C:\Windows\System\qQzaueg.exe
  2⤵
  PID:2144
- C:\Windows\System\ALBwJRa.exe
  C:\Windows\System\ALBwJRa.exe
  2⤵
  PID:2312
- C:\Windows\System\aecUcqP.exe
  C:\Windows\System\aecUcqP.exe
  2⤵
  PID:2440
- C:\Windows\System\DgWKgzR.exe
  C:\Windows\System\DgWKgzR.exe
  2⤵
  PID:624
- C:\Windows\System\QScGclq.exe
  C:\Windows\System\QScGclq.exe
  2⤵
  PID:2168
- C:\Windows\System\NWBuByu.exe
  C:\Windows\System\NWBuByu.exe
  2⤵
  PID:2472
- C:\Windows\System\dDTTNkm.exe
  C:\Windows\System\dDTTNkm.exe
  2⤵
  PID:2484
- C:\Windows\System\yYoWIMg.exe
  C:\Windows\System\yYoWIMg.exe
  2⤵
  PID:604
- C:\Windows\System\QrxaMgn.exe
  C:\Windows\System\QrxaMgn.exe
  2⤵
  PID:2292
- C:\Windows\System\pbkDjjJ.exe
  C:\Windows\System\pbkDjjJ.exe
  2⤵
  PID:468
- C:\Windows\System\gMOVvBP.exe
  C:\Windows\System\gMOVvBP.exe
  2⤵
  PID:784
- C:\Windows\System\WegGSTY.exe
  C:\Windows\System\WegGSTY.exe
  2⤵
  PID:888
- C:\Windows\System\eNsNZpv.exe
  C:\Windows\System\eNsNZpv.exe
  2⤵
  PID:2480
- C:\Windows\System\BJSOVtt.exe
  C:\Windows\System\BJSOVtt.exe
  2⤵
  PID:1688
- C:\Windows\System\muGrDWj.exe
  C:\Windows\System\muGrDWj.exe
  2⤵
  PID:2764
- C:\Windows\System\comdmhe.exe
  C:\Windows\System\comdmhe.exe
  2⤵
  PID:2856
- C:\Windows\System\VAYFmNV.exe
  C:\Windows\System\VAYFmNV.exe
  2⤵
  PID:2748
- C:\Windows\System\hruNGGK.exe
  C:\Windows\System\hruNGGK.exe
  2⤵
  PID:2228
- C:\Windows\System\pgCEDID.exe
  C:\Windows\System\pgCEDID.exe
  2⤵
  PID:2060
- C:\Windows\System\fBkDDmx.exe
  C:\Windows\System\fBkDDmx.exe
  2⤵
  PID:2724
- C:\Windows\System\elSXxTS.exe
  C:\Windows\System\elSXxTS.exe
  2⤵
  PID:1924
- C:\Windows\System\NuOefHw.exe
  C:\Windows\System\NuOefHw.exe
  2⤵
  PID:924
- C:\Windows\System\cxQNFep.exe
  C:\Windows\System\cxQNFep.exe
  2⤵
  PID:1644
- C:\Windows\System\grvkqBu.exe
  C:\Windows\System\grvkqBu.exe
  2⤵
  PID:2844
- C:\Windows\System\gkIEIOu.exe
  C:\Windows\System\gkIEIOu.exe
  2⤵
  PID:2376
- C:\Windows\System\pdEgxaH.exe
  C:\Windows\System\pdEgxaH.exe
  2⤵
  PID:2340
- C:\Windows\System\fVKXAMc.exe
  C:\Windows\System\fVKXAMc.exe
  2⤵
  PID:1292
- C:\Windows\System\NmpoNoB.exe
  C:\Windows\System\NmpoNoB.exe
  2⤵
  PID:2896
- C:\Windows\System\ndGCsAI.exe
  C:\Windows\System\ndGCsAI.exe
  2⤵
  PID:2528
- C:\Windows\System\eNNYvbi.exe
  C:\Windows\System\eNNYvbi.exe
  2⤵
  PID:2040
- C:\Windows\System\IcUlRLz.exe
  C:\Windows\System\IcUlRLz.exe
  2⤵
  PID:1252
- C:\Windows\System\DrmmYQY.exe
  C:\Windows\System\DrmmYQY.exe
  2⤵
  PID:1512
- C:\Windows\System\noyNWJJ.exe
  C:\Windows\System\noyNWJJ.exe
  2⤵
  PID:1364
- C:\Windows\System\rWMHKVr.exe
  C:\Windows\System\rWMHKVr.exe
  2⤵
  PID:3064
- C:\Windows\System\PACgtyu.exe
  C:\Windows\System\PACgtyu.exe
  2⤵
  PID:2588
- C:\Windows\System\mltClHZ.exe
  C:\Windows\System\mltClHZ.exe
  2⤵
  PID:2384
- C:\Windows\System\QtxPsrv.exe
  C:\Windows\System\QtxPsrv.exe
  2⤵
  PID:2544
- C:\Windows\System\WihjOZn.exe
  C:\Windows\System\WihjOZn.exe
  2⤵
  PID:2912
- C:\Windows\System\oWrssmr.exe
  C:\Windows\System\oWrssmr.exe
  2⤵
  PID:3088
- C:\Windows\System\hwVFYpQ.exe
  C:\Windows\System\hwVFYpQ.exe
  2⤵
  PID:3108
- C:\Windows\System\luDjXNH.exe
  C:\Windows\System\luDjXNH.exe
  2⤵
  PID:3124
- C:\Windows\System\DYYLPdt.exe
  C:\Windows\System\DYYLPdt.exe
  2⤵
  PID:3140
- C:\Windows\System\pdvDiux.exe
  C:\Windows\System\pdvDiux.exe
  2⤵
  PID:3156
- C:\Windows\System\abVcFkx.exe
  C:\Windows\System\abVcFkx.exe
  2⤵
  PID:3172
- C:\Windows\System\CLusxSr.exe
  C:\Windows\System\CLusxSr.exe
  2⤵
  PID:3188
- C:\Windows\System\jZLIuDc.exe
  C:\Windows\System\jZLIuDc.exe
  2⤵
  PID:3204
- C:\Windows\System\pCoPzoK.exe
  C:\Windows\System\pCoPzoK.exe
  2⤵
  PID:3220
- C:\Windows\System\UtQthOY.exe
  C:\Windows\System\UtQthOY.exe
  2⤵
  PID:3236
- C:\Windows\System\rqmeZHC.exe
  C:\Windows\System\rqmeZHC.exe
  2⤵
  PID:3252
- C:\Windows\System\cmwXTzj.exe
  C:\Windows\System\cmwXTzj.exe
  2⤵
  PID:3272
- C:\Windows\System\LSPOqwA.exe
  C:\Windows\System\LSPOqwA.exe
  2⤵
  PID:3288
- C:\Windows\System\aIIMHif.exe
  C:\Windows\System\aIIMHif.exe
  2⤵
  PID:3304
- C:\Windows\System\BeqcUUS.exe
  C:\Windows\System\BeqcUUS.exe
  2⤵
  PID:3320
- C:\Windows\System\zMaeMxz.exe
  C:\Windows\System\zMaeMxz.exe
  2⤵
  PID:3372
- C:\Windows\System\qbLfdLT.exe
  C:\Windows\System\qbLfdLT.exe
  2⤵
  PID:3444
- C:\Windows\System\IXIQdwD.exe
  C:\Windows\System\IXIQdwD.exe
  2⤵
  PID:3460
- C:\Windows\System\cykslAJ.exe
  C:\Windows\System\cykslAJ.exe
  2⤵
  PID:3484
- C:\Windows\System\BQekFbm.exe
  C:\Windows\System\BQekFbm.exe
  2⤵
  PID:3500
- C:\Windows\System\yWVQUSM.exe
  C:\Windows\System\yWVQUSM.exe
  2⤵
  PID:3516
- C:\Windows\System\UmWOGVC.exe
  C:\Windows\System\UmWOGVC.exe
  2⤵
  PID:3532
- C:\Windows\System\KcMZGrs.exe
  C:\Windows\System\KcMZGrs.exe
  2⤵
  PID:3556
- C:\Windows\System\jMPPJVT.exe
  C:\Windows\System\jMPPJVT.exe
  2⤵
  PID:3580
- C:\Windows\System\CEfUmwr.exe
  C:\Windows\System\CEfUmwr.exe
  2⤵
  PID:3596
- C:\Windows\System\hrgwscf.exe
  C:\Windows\System\hrgwscf.exe
  2⤵
  PID:3624
- C:\Windows\System\BrGyQNx.exe
  C:\Windows\System\BrGyQNx.exe
  2⤵
  PID:3640
- C:\Windows\System\jwkTjWS.exe
  C:\Windows\System\jwkTjWS.exe
  2⤵
  PID:3664
- C:\Windows\System\CCKOIfX.exe
  C:\Windows\System\CCKOIfX.exe
  2⤵
  PID:3680
- C:\Windows\System\azMBhLy.exe
  C:\Windows\System\azMBhLy.exe
  2⤵
  PID:3696
- C:\Windows\System\MbsGPyF.exe
  C:\Windows\System\MbsGPyF.exe
  2⤵
  PID:3724
- C:\Windows\System\htgMCSu.exe
  C:\Windows\System\htgMCSu.exe
  2⤵
  PID:3744
- C:\Windows\System\pIvQbQK.exe
  C:\Windows\System\pIvQbQK.exe
  2⤵
  PID:3768
- C:\Windows\System\DFyibWn.exe
  C:\Windows\System\DFyibWn.exe
  2⤵
  PID:3784
- C:\Windows\System\NuhNVyZ.exe
  C:\Windows\System\NuhNVyZ.exe
  2⤵
  PID:3800
- C:\Windows\System\QAcqzIz.exe
  C:\Windows\System\QAcqzIz.exe
  2⤵
  PID:3816
- C:\Windows\System\DTcIQqb.exe
  C:\Windows\System\DTcIQqb.exe
  2⤵
  PID:3832
- C:\Windows\System\szzLoyL.exe
  C:\Windows\System\szzLoyL.exe
  2⤵
  PID:3856
- C:\Windows\System\jCQlHAu.exe
  C:\Windows\System\jCQlHAu.exe
  2⤵
  PID:3872
- C:\Windows\System\qhqYRvf.exe
  C:\Windows\System\qhqYRvf.exe
  2⤵
  PID:3888
- C:\Windows\System\TtZSsAr.exe
  C:\Windows\System\TtZSsAr.exe
  2⤵
  PID:3904
- C:\Windows\System\YEIvqTR.exe
  C:\Windows\System\YEIvqTR.exe
  2⤵
  PID:3920
- C:\Windows\System\ojUPjwf.exe
  C:\Windows\System\ojUPjwf.exe
  2⤵
  PID:3936
- C:\Windows\System\gjZXkYY.exe
  C:\Windows\System\gjZXkYY.exe
  2⤵
  PID:3952
- C:\Windows\System\kMICqQz.exe
  C:\Windows\System\kMICqQz.exe
  2⤵
  PID:3968
- C:\Windows\System\lqqoQjL.exe
  C:\Windows\System\lqqoQjL.exe
  2⤵
  PID:3984
- C:\Windows\System\cnhxeBJ.exe
  C:\Windows\System\cnhxeBJ.exe
  2⤵
  PID:4000
- C:\Windows\System\XEwgWFM.exe
  C:\Windows\System\XEwgWFM.exe
  2⤵
  PID:4016
- C:\Windows\System\QBhTjbT.exe
  C:\Windows\System\QBhTjbT.exe
  2⤵
  PID:4032
- C:\Windows\System\FuvvWIf.exe
  C:\Windows\System\FuvvWIf.exe
  2⤵
  PID:4048
- C:\Windows\System\nAIPReY.exe
  C:\Windows\System\nAIPReY.exe
  2⤵
  PID:4064
- C:\Windows\System\GbPpLzR.exe
  C:\Windows\System\GbPpLzR.exe
  2⤵
  PID:4080
- C:\Windows\System\KxZzlwx.exe
  C:\Windows\System\KxZzlwx.exe
  2⤵
  PID:2860
- C:\Windows\System\cHmhFxq.exe
  C:\Windows\System\cHmhFxq.exe
  2⤵
  PID:2024
- C:\Windows\System\pLAjshO.exe
  C:\Windows\System\pLAjshO.exe
  2⤵
  PID:2160
- C:\Windows\System\QrfcMCi.exe
  C:\Windows\System\QrfcMCi.exe
  2⤵
  PID:2712
- C:\Windows\System\KnNpTYy.exe
  C:\Windows\System\KnNpTYy.exe
  2⤵
  PID:2524
- C:\Windows\System\ZOXDTLj.exe
  C:\Windows\System\ZOXDTLj.exe
  2⤵
  PID:2096
- C:\Windows\System\gDgCyOa.exe
  C:\Windows\System\gDgCyOa.exe
  2⤵
  PID:1744
- C:\Windows\System\vOBrOdQ.exe
  C:\Windows\System\vOBrOdQ.exe
  2⤵
  PID:2632
- C:\Windows\System\STmohSw.exe
  C:\Windows\System\STmohSw.exe
  2⤵
  PID:3132
- C:\Windows\System\VLaBcHD.exe
  C:\Windows\System\VLaBcHD.exe
  2⤵
  PID:3008
- C:\Windows\System\GfCldWo.exe
  C:\Windows\System\GfCldWo.exe
  2⤵
  PID:2668
- C:\Windows\System\zFwiJuY.exe
  C:\Windows\System\zFwiJuY.exe
  2⤵
  PID:3260
- C:\Windows\System\acfHpjG.exe
  C:\Windows\System\acfHpjG.exe
  2⤵
  PID:2676
- C:\Windows\System\FLtdXmz.exe
  C:\Windows\System\FLtdXmz.exe
  2⤵
  PID:3492
- C:\Windows\System\YLtNsqs.exe
  C:\Windows\System\YLtNsqs.exe
  2⤵
  PID:3244
- C:\Windows\System\kyJYyAZ.exe
  C:\Windows\System\kyJYyAZ.exe
  2⤵
  PID:3216
- C:\Windows\System\ZoJKZwZ.exe
  C:\Windows\System\ZoJKZwZ.exe
  2⤵
  PID:3148
- C:\Windows\System\mBqKvJj.exe
  C:\Windows\System\mBqKvJj.exe
  2⤵
  PID:3076
- C:\Windows\System\nvlYMhi.exe
  C:\Windows\System\nvlYMhi.exe
  2⤵
  PID:1508
- C:\Windows\System\HAJsmxt.exe
  C:\Windows\System\HAJsmxt.exe
  2⤵
  PID:3400
- C:\Windows\System\uLKdtWm.exe
  C:\Windows\System\uLKdtWm.exe
  2⤵
  PID:3416
- C:\Windows\System\VxObINY.exe
  C:\Windows\System\VxObINY.exe
  2⤵
  PID:3576
- C:\Windows\System\vBlENnA.exe
  C:\Windows\System\vBlENnA.exe
  2⤵
  PID:3436
- C:\Windows\System\adCZbAM.exe
  C:\Windows\System\adCZbAM.exe
  2⤵
  PID:3612
- C:\Windows\System\JgXvuHP.exe
  C:\Windows\System\JgXvuHP.exe
  2⤵
  PID:3544
- C:\Windows\System\MsttNHp.exe
  C:\Windows\System\MsttNHp.exe
  2⤵
  PID:3508
- C:\Windows\System\ZdnrtMq.exe
  C:\Windows\System\ZdnrtMq.exe
  2⤵
  PID:3592
- C:\Windows\System\iejhFtT.exe
  C:\Windows\System\iejhFtT.exe
  2⤵
  PID:3732
- C:\Windows\System\MkhqzPf.exe
  C:\Windows\System\MkhqzPf.exe
  2⤵
  PID:3808
- C:\Windows\System\gYeFtRf.exe
  C:\Windows\System\gYeFtRf.exe
  2⤵
  PID:3884
- C:\Windows\System\PkuqWLv.exe
  C:\Windows\System\PkuqWLv.exe
  2⤵
  PID:2628
- C:\Windows\System\EvbPCei.exe
  C:\Windows\System\EvbPCei.exe
  2⤵
  PID:4044
- C:\Windows\System\Cazdoja.exe
  C:\Windows\System\Cazdoja.exe
  2⤵
  PID:2596
- C:\Windows\System\RIQBVgZ.exe
  C:\Windows\System\RIQBVgZ.exe
  2⤵
  PID:2256
- C:\Windows\System\FpKlvJu.exe
  C:\Windows\System\FpKlvJu.exe
  2⤵
  PID:3232
- C:\Windows\System\AscyLzf.exe
  C:\Windows\System\AscyLzf.exe
  2⤵
  PID:3676
- C:\Windows\System\sqboKJB.exe
  C:\Windows\System\sqboKJB.exe
  2⤵
  PID:2432
- C:\Windows\System\MiVWlFD.exe
  C:\Windows\System\MiVWlFD.exe
  2⤵
  PID:3708
- C:\Windows\System\PlsUiLb.exe
  C:\Windows\System\PlsUiLb.exe
  2⤵
  PID:3328
- C:\Windows\System\zjMCgij.exe
  C:\Windows\System\zjMCgij.exe
  2⤵
  PID:3336
- C:\Windows\System\NWwuYic.exe
  C:\Windows\System\NWwuYic.exe
  2⤵
  PID:2400
- C:\Windows\System\aMnnRjT.exe
  C:\Windows\System\aMnnRjT.exe
  2⤵
  PID:3792
- C:\Windows\System\UuqGITM.exe
  C:\Windows\System\UuqGITM.exe
  2⤵
  PID:3864
- C:\Windows\System\gFvswBb.exe
  C:\Windows\System\gFvswBb.exe
  2⤵
  PID:1548
- C:\Windows\System\OPEJPLS.exe
  C:\Windows\System\OPEJPLS.exe
  2⤵
  PID:3964
- C:\Windows\System\eaQYLCk.exe
  C:\Windows\System\eaQYLCk.exe
  2⤵
  PID:4024
- C:\Windows\System\sVmyflZ.exe
  C:\Windows\System\sVmyflZ.exe
  2⤵
  PID:2584
- C:\Windows\System\TSuBpFh.exe
  C:\Windows\System\TSuBpFh.exe
  2⤵
  PID:1968
- C:\Windows\System\pyNBilY.exe
  C:\Windows\System\pyNBilY.exe
  2⤵
  PID:2812
- C:\Windows\System\zFRbeZz.exe
  C:\Windows\System\zFRbeZz.exe
  2⤵
  PID:3200
- C:\Windows\System\ZVpckSh.exe
  C:\Windows\System\ZVpckSh.exe
  2⤵
  PID:2720
- C:\Windows\System\qZTvCoq.exe
  C:\Windows\System\qZTvCoq.exe
  2⤵
  PID:2600
- C:\Windows\System\AFpEgyj.exe
  C:\Windows\System\AFpEgyj.exe
  2⤵
  PID:2032
- C:\Windows\System\bkKWzQm.exe
  C:\Windows\System\bkKWzQm.exe
  2⤵
  PID:2736
- C:\Windows\System\VTjJyJm.exe
  C:\Windows\System\VTjJyJm.exe
  2⤵
  PID:3316
- C:\Windows\System\nMuJcRp.exe
  C:\Windows\System\nMuJcRp.exe
  2⤵
  PID:2848
- C:\Windows\System\ihKuqZF.exe
  C:\Windows\System\ihKuqZF.exe
  2⤵
  PID:3424
- C:\Windows\System\vlhBDMh.exe
  C:\Windows\System\vlhBDMh.exe
  2⤵
  PID:3528
- C:\Windows\System\HzvCpKj.exe
  C:\Windows\System\HzvCpKj.exe
  2⤵
  PID:3608
- C:\Windows\System\zvtDRNd.exe
  C:\Windows\System\zvtDRNd.exe
  2⤵
  PID:3512
- C:\Windows\System\FwkHUlN.exe
  C:\Windows\System\FwkHUlN.exe
  2⤵
  PID:3180
- C:\Windows\System\pmfHzJX.exe
  C:\Windows\System\pmfHzJX.exe
  2⤵
  PID:3412
- C:\Windows\System\lnQQxUB.exe
  C:\Windows\System\lnQQxUB.exe
  2⤵
  PID:3540
- C:\Windows\System\XDAKAUX.exe
  C:\Windows\System\XDAKAUX.exe
  2⤵
  PID:3736
- C:\Windows\System\LBrxjvI.exe
  C:\Windows\System\LBrxjvI.exe
  2⤵
  PID:3976
- C:\Windows\System\fJsljvn.exe
  C:\Windows\System\fJsljvn.exe
  2⤵
  PID:2220
- C:\Windows\System\ICsHqjU.exe
  C:\Windows\System\ICsHqjU.exe
  2⤵
  PID:2796
- C:\Windows\System\YedNucI.exe
  C:\Windows\System\YedNucI.exe
  2⤵
  PID:3168
- C:\Windows\System\NIgsEep.exe
  C:\Windows\System\NIgsEep.exe
  2⤵
  PID:3704
- C:\Windows\System\tJHVSBn.exe
  C:\Windows\System\tJHVSBn.exe
  2⤵
  PID:3752
- C:\Windows\System\fqSkjEl.exe
  C:\Windows\System\fqSkjEl.exe
  2⤵
  PID:3332
- C:\Windows\System\ogcVcVs.exe
  C:\Windows\System\ogcVcVs.exe
  2⤵
  PID:3796
- C:\Windows\System\oRRiSoM.exe
  C:\Windows\System\oRRiSoM.exe
  2⤵
  PID:3084
- C:\Windows\System\xrwSFAo.exe
  C:\Windows\System\xrwSFAo.exe
  2⤵
  PID:1588
- C:\Windows\System\Vvddidc.exe
  C:\Windows\System\Vvddidc.exe
  2⤵
  PID:4092
- C:\Windows\System\DRKDVOj.exe
  C:\Windows\System\DRKDVOj.exe
  2⤵
  PID:3104
- C:\Windows\System\dseltNP.exe
  C:\Windows\System\dseltNP.exe
  2⤵
  PID:2804
- C:\Windows\System\oTZpnpq.exe
  C:\Windows\System\oTZpnpq.exe
  2⤵
  PID:3268
- C:\Windows\System\zJPASwf.exe
  C:\Windows\System\zJPASwf.exe
  2⤵
  PID:1728
- C:\Windows\System\xZrYQTB.exe
  C:\Windows\System\xZrYQTB.exe
  2⤵
  PID:3116
- C:\Windows\System\wzqbVIf.exe
  C:\Windows\System\wzqbVIf.exe
  2⤵
  PID:2892
- C:\Windows\System\gNEUMjU.exe
  C:\Windows\System\gNEUMjU.exe
  2⤵
  PID:3396
- C:\Windows\System\NFVruIV.exe
  C:\Windows\System\NFVruIV.exe
  2⤵
  PID:3472
- C:\Windows\System\WabFUcX.exe
  C:\Windows\System\WabFUcX.exe
  2⤵
  PID:3408
- C:\Windows\System\XXKPGEd.exe
  C:\Windows\System\XXKPGEd.exe
  2⤵
  PID:3844
- C:\Windows\System\xVIHbum.exe
  C:\Windows\System\xVIHbum.exe
  2⤵
  PID:3620
- C:\Windows\System\uZQbONN.exe
  C:\Windows\System\uZQbONN.exe
  2⤵
  PID:3948
- C:\Windows\System\WJditCd.exe
  C:\Windows\System\WJditCd.exe
  2⤵
  PID:3164
- C:\Windows\System\CGCuebg.exe
  C:\Windows\System\CGCuebg.exe
  2⤵
  PID:1884
- C:\Windows\System\TGPpiQL.exe
  C:\Windows\System\TGPpiQL.exe
  2⤵
  PID:520
- C:\Windows\System\yqhdwTf.exe
  C:\Windows\System\yqhdwTf.exe
  2⤵
  PID:3720
- C:\Windows\System\UdhErWZ.exe
  C:\Windows\System\UdhErWZ.exe
  2⤵
  PID:3960
- C:\Windows\System\DwhNXuz.exe
  C:\Windows\System\DwhNXuz.exe
  2⤵
  PID:668
- C:\Windows\System\QeDIqlh.exe
  C:\Windows\System\QeDIqlh.exe
  2⤵
  PID:2760
- C:\Windows\System\sxMZTku.exe
  C:\Windows\System\sxMZTku.exe
  2⤵
  PID:984
- C:\Windows\System\zgYtWhS.exe
  C:\Windows\System\zgYtWhS.exe
  2⤵
  PID:3452
- C:\Windows\System\RCpTMbx.exe
  C:\Windows\System\RCpTMbx.exe
  2⤵
  PID:2100
- C:\Windows\System\eTrqicw.exe
  C:\Windows\System\eTrqicw.exe
  2⤵
  PID:4108
- C:\Windows\System\MfMRuif.exe
  C:\Windows\System\MfMRuif.exe
  2⤵
  PID:4124
- C:\Windows\System\QwsqKfD.exe
  C:\Windows\System\QwsqKfD.exe
  2⤵
  PID:4148
- C:\Windows\System\XTBydas.exe
  C:\Windows\System\XTBydas.exe
  2⤵
  PID:4172
- C:\Windows\System\thtwmww.exe
  C:\Windows\System\thtwmww.exe
  2⤵
  PID:4192
- C:\Windows\System\EIaSJmS.exe
  C:\Windows\System\EIaSJmS.exe
  2⤵
  PID:4212
- C:\Windows\System\oQqEYfb.exe
  C:\Windows\System\oQqEYfb.exe
  2⤵
  PID:4232
- C:\Windows\System\qDRqyHr.exe
  C:\Windows\System\qDRqyHr.exe
  2⤵
  PID:4252
- C:\Windows\System\WXwcDQo.exe
  C:\Windows\System\WXwcDQo.exe
  2⤵
  PID:4272
- C:\Windows\System\xPJkjly.exe
  C:\Windows\System\xPJkjly.exe
  2⤵
  PID:4292
- C:\Windows\System\tlxtyKb.exe
  C:\Windows\System\tlxtyKb.exe
  2⤵
  PID:4312
- C:\Windows\System\HIfFaXW.exe
  C:\Windows\System\HIfFaXW.exe
  2⤵
  PID:4328
- C:\Windows\System\YEmnrky.exe
  C:\Windows\System\YEmnrky.exe
  2⤵
  PID:4352
- C:\Windows\System\ZxljtHL.exe
  C:\Windows\System\ZxljtHL.exe
  2⤵
  PID:4372
- C:\Windows\System\GnNrGyf.exe
  C:\Windows\System\GnNrGyf.exe
  2⤵
  PID:4392
- C:\Windows\System\udmGIuP.exe
  C:\Windows\System\udmGIuP.exe
  2⤵
  PID:4412
- C:\Windows\System\juzLydS.exe
  C:\Windows\System\juzLydS.exe
  2⤵
  PID:4436
- C:\Windows\System\kaFnHVM.exe
  C:\Windows\System\kaFnHVM.exe
  2⤵
  PID:4456
- C:\Windows\System\kKarUes.exe
  C:\Windows\System\kKarUes.exe
  2⤵
  PID:4476
- C:\Windows\System\OcgeChe.exe
  C:\Windows\System\OcgeChe.exe
  2⤵
  PID:4496
- C:\Windows\System\YozORKk.exe
  C:\Windows\System\YozORKk.exe
  2⤵
  PID:4516
- C:\Windows\System\SfeFtUY.exe
  C:\Windows\System\SfeFtUY.exe
  2⤵
  PID:4536
- C:\Windows\System\DckycLC.exe
  C:\Windows\System\DckycLC.exe
  2⤵
  PID:4556
- C:\Windows\System\ClTLutQ.exe
  C:\Windows\System\ClTLutQ.exe
  2⤵
  PID:4572
- C:\Windows\System\znCJNiL.exe
  C:\Windows\System\znCJNiL.exe
  2⤵
  PID:4596
- C:\Windows\System\uWNmgzV.exe
  C:\Windows\System\uWNmgzV.exe
  2⤵
  PID:4612
- C:\Windows\System\CKWQSXc.exe
  C:\Windows\System\CKWQSXc.exe
  2⤵
  PID:4636
- C:\Windows\System\mlIzkvL.exe
  C:\Windows\System\mlIzkvL.exe
  2⤵
  PID:4660
- C:\Windows\System\IlmEITH.exe
  C:\Windows\System\IlmEITH.exe
  2⤵
  PID:4680
- C:\Windows\System\xfvKncr.exe
  C:\Windows\System\xfvKncr.exe
  2⤵
  PID:4700
- C:\Windows\System\URrxPBc.exe
  C:\Windows\System\URrxPBc.exe
  2⤵
  PID:4720
- C:\Windows\System\ztNHSkI.exe
  C:\Windows\System\ztNHSkI.exe
  2⤵
  PID:4740
- C:\Windows\System\ztVYfQc.exe
  C:\Windows\System\ztVYfQc.exe
  2⤵
  PID:4760
- C:\Windows\System\QUWKDkd.exe
  C:\Windows\System\QUWKDkd.exe
  2⤵
  PID:4780
- C:\Windows\System\joTbBLU.exe
  C:\Windows\System\joTbBLU.exe
  2⤵
  PID:4800
- C:\Windows\System\YrJWwzD.exe
  C:\Windows\System\YrJWwzD.exe
  2⤵
  PID:4820
- C:\Windows\System\QIzgKFp.exe
  C:\Windows\System\QIzgKFp.exe
  2⤵
  PID:4844
- C:\Windows\System\ZBMDUlq.exe
  C:\Windows\System\ZBMDUlq.exe
  2⤵
  PID:4864
- C:\Windows\System\ZodfRuk.exe
  C:\Windows\System\ZodfRuk.exe
  2⤵
  PID:4884
- C:\Windows\System\JTYNXYy.exe
  C:\Windows\System\JTYNXYy.exe
  2⤵
  PID:4904
- C:\Windows\System\VUfTwIo.exe
  C:\Windows\System\VUfTwIo.exe
  2⤵
  PID:4924
- C:\Windows\System\lJRtFpk.exe
  C:\Windows\System\lJRtFpk.exe
  2⤵
  PID:4940
- C:\Windows\System\KRggmAT.exe
  C:\Windows\System\KRggmAT.exe
  2⤵
  PID:4960
- C:\Windows\System\EGRjbKV.exe
  C:\Windows\System\EGRjbKV.exe
  2⤵
  PID:4980
- C:\Windows\System\RqgLcLo.exe
  C:\Windows\System\RqgLcLo.exe
  2⤵
  PID:5004
- C:\Windows\System\UKQwlBM.exe
  C:\Windows\System\UKQwlBM.exe
  2⤵
  PID:5020
- C:\Windows\System\zvLHUml.exe
  C:\Windows\System\zvLHUml.exe
  2⤵
  PID:5040
- C:\Windows\System\uTvZGOv.exe
  C:\Windows\System\uTvZGOv.exe
  2⤵
  PID:5064
- C:\Windows\System\RrbYfcM.exe
  C:\Windows\System\RrbYfcM.exe
  2⤵
  PID:5084
- C:\Windows\System\AtgNXyL.exe
  C:\Windows\System\AtgNXyL.exe
  2⤵
  PID:5104
- C:\Windows\System\Aphcaqk.exe
  C:\Windows\System\Aphcaqk.exe
  2⤵
  PID:2028
- C:\Windows\System\hNvsmfo.exe
  C:\Windows\System\hNvsmfo.exe
  2⤵
  PID:3692
- C:\Windows\System\nVRjnaF.exe
  C:\Windows\System\nVRjnaF.exe
  2⤵
  PID:4012
- C:\Windows\System\gtPLvNj.exe
  C:\Windows\System\gtPLvNj.exe
  2⤵
  PID:2876
- C:\Windows\System\agCbVEm.exe
  C:\Windows\System\agCbVEm.exe
  2⤵
  PID:3636
- C:\Windows\System\VhRRmaG.exe
  C:\Windows\System\VhRRmaG.exe
  2⤵
  PID:3348
- C:\Windows\System\HXXkRVF.exe
  C:\Windows\System\HXXkRVF.exe
  2⤵
  PID:2072
- C:\Windows\System\MKUbJbL.exe
  C:\Windows\System\MKUbJbL.exe
  2⤵
  PID:2864
- C:\Windows\System\AMmpKZN.exe
  C:\Windows\System\AMmpKZN.exe
  2⤵
  PID:3280
- C:\Windows\System\XaWuaeu.exe
  C:\Windows\System\XaWuaeu.exe
  2⤵
  PID:4132
- C:\Windows\System\urkQMjZ.exe
  C:\Windows\System\urkQMjZ.exe
  2⤵
  PID:4136
- C:\Windows\System\fXiNpnH.exe
  C:\Windows\System\fXiNpnH.exe
  2⤵
  PID:4156
- C:\Windows\System\LfgSJRp.exe
  C:\Windows\System\LfgSJRp.exe
  2⤵
  PID:4200
- C:\Windows\System\ibLaBNe.exe
  C:\Windows\System\ibLaBNe.exe
  2⤵
  PID:4240
- C:\Windows\System\MMATGgL.exe
  C:\Windows\System\MMATGgL.exe
  2⤵
  PID:4300
- C:\Windows\System\swxnxMJ.exe
  C:\Windows\System\swxnxMJ.exe
  2⤵
  PID:4336
- C:\Windows\System\yhfyFqG.exe
  C:\Windows\System\yhfyFqG.exe
  2⤵
  PID:4324
- C:\Windows\System\KNMkOEu.exe
  C:\Windows\System\KNMkOEu.exe
  2⤵
  PID:4364
- C:\Windows\System\pcVkoRG.exe
  C:\Windows\System\pcVkoRG.exe
  2⤵
  PID:4428
- C:\Windows\System\zHcOUIM.exe
  C:\Windows\System\zHcOUIM.exe
  2⤵
  PID:4468
- C:\Windows\System\hvhJijy.exe
  C:\Windows\System\hvhJijy.exe
  2⤵
  PID:4452
- C:\Windows\System\OLKYfKU.exe
  C:\Windows\System\OLKYfKU.exe
  2⤵
  PID:2932
- C:\Windows\System\rMCkYUw.exe
  C:\Windows\System\rMCkYUw.exe
  2⤵
  PID:4552
- C:\Windows\System\rSCFamE.exe
  C:\Windows\System\rSCFamE.exe
  2⤵
  PID:4584
- C:\Windows\System\hpPIlMI.exe
  C:\Windows\System\hpPIlMI.exe
  2⤵
  PID:4620
- C:\Windows\System\sLoMALd.exe
  C:\Windows\System\sLoMALd.exe
  2⤵
  PID:4632
- C:\Windows\System\RFTMcxu.exe
  C:\Windows\System\RFTMcxu.exe
  2⤵
  PID:4676
- C:\Windows\System\eZNesCm.exe
  C:\Windows\System\eZNesCm.exe
  2⤵
  PID:4712
- C:\Windows\System\nWOvFAA.exe
  C:\Windows\System\nWOvFAA.exe
  2⤵
  PID:4752
- C:\Windows\System\RUzcntX.exe
  C:\Windows\System\RUzcntX.exe
  2⤵
  PID:4732
- C:\Windows\System\TZEBEBY.exe
  C:\Windows\System\TZEBEBY.exe
  2⤵
  PID:4828
- C:\Windows\System\vRioVUm.exe
  C:\Windows\System\vRioVUm.exe
  2⤵
  PID:4836
- C:\Windows\System\ljGcuLz.exe
  C:\Windows\System\ljGcuLz.exe
  2⤵
  PID:4860
- C:\Windows\System\BtAneDt.exe
  C:\Windows\System\BtAneDt.exe
  2⤵
  PID:4900
- C:\Windows\System\ohIXfWE.exe
  C:\Windows\System\ohIXfWE.exe
  2⤵
  PID:4956
- C:\Windows\System\lbEKlxO.exe
  C:\Windows\System\lbEKlxO.exe
  2⤵
  PID:1460
- C:\Windows\System\ACUBqwO.exe
  C:\Windows\System\ACUBqwO.exe
  2⤵
  PID:4972
- C:\Windows\System\EOEkXfR.exe
  C:\Windows\System\EOEkXfR.exe
  2⤵
  PID:5048
- C:\Windows\System\XGBkejw.exe
  C:\Windows\System\XGBkejw.exe
  2⤵
  PID:5080
- C:\Windows\System\yfmJddP.exe
  C:\Windows\System\yfmJddP.exe
  2⤵
  PID:5092
- C:\Windows\System\HhDZzTw.exe
  C:\Windows\System\HhDZzTw.exe
  2⤵
  PID:5100
- C:\Windows\System\cDqpKNc.exe
  C:\Windows\System\cDqpKNc.exe
  2⤵
  PID:3212
- C:\Windows\System\FIRTjcG.exe
  C:\Windows\System\FIRTjcG.exe
  2⤵
  PID:2184
- C:\Windows\System\oXLEZTP.exe
  C:\Windows\System\oXLEZTP.exe
  2⤵
  PID:2976
- C:\Windows\System\fmDndrd.exe
  C:\Windows\System\fmDndrd.exe
  2⤵
  PID:3352
- C:\Windows\System\CCLbFTi.exe
  C:\Windows\System\CCLbFTi.exe
  2⤵
  PID:3652
- C:\Windows\System\vwWavaB.exe
  C:\Windows\System\vwWavaB.exe
  2⤵
  PID:4144
- C:\Windows\System\gXxZrau.exe
  C:\Windows\System\gXxZrau.exe
  2⤵
  PID:4224
- C:\Windows\System\hXUfYst.exe
  C:\Windows\System\hXUfYst.exe
  2⤵
  PID:4244
- C:\Windows\System\XcLUiFo.exe
  C:\Windows\System\XcLUiFo.exe
  2⤵
  PID:4320
- C:\Windows\System\BQvYqrA.exe
  C:\Windows\System\BQvYqrA.exe
  2⤵
  PID:4400
- C:\Windows\System\mYebWsA.exe
  C:\Windows\System\mYebWsA.exe
  2⤵
  PID:4368
- C:\Windows\System\myLTNbH.exe
  C:\Windows\System\myLTNbH.exe
  2⤵
  PID:4464
- C:\Windows\System\UqLRRqd.exe
  C:\Windows\System\UqLRRqd.exe
  2⤵
  PID:4508
- C:\Windows\System\HRJqfoo.exe
  C:\Windows\System\HRJqfoo.exe
  2⤵
  PID:4592
- C:\Windows\System\RBLEqQI.exe
  C:\Windows\System\RBLEqQI.exe
  2⤵
  PID:4568
- C:\Windows\System\rpFTnAB.exe
  C:\Windows\System\rpFTnAB.exe
  2⤵
  PID:4692
- C:\Windows\System\AbbLcMS.exe
  C:\Windows\System\AbbLcMS.exe
  2⤵
  PID:4748
- C:\Windows\System\ZFnOxSq.exe
  C:\Windows\System\ZFnOxSq.exe
  2⤵
  PID:4772
- C:\Windows\System\HUupkwS.exe
  C:\Windows\System\HUupkwS.exe
  2⤵
  PID:4808
- C:\Windows\System\FbFWeyI.exe
  C:\Windows\System\FbFWeyI.exe
  2⤵
  PID:4932
- C:\Windows\System\CSrgPPA.exe
  C:\Windows\System\CSrgPPA.exe
  2⤵
  PID:4968
- C:\Windows\System\EnJYROl.exe
  C:\Windows\System\EnJYROl.exe
  2⤵
  PID:4988
- C:\Windows\System\ErvSitV.exe
  C:\Windows\System\ErvSitV.exe
  2⤵
  PID:5036
- C:\Windows\System\koGAQaF.exe
  C:\Windows\System\koGAQaF.exe
  2⤵
  PID:5076
- C:\Windows\System\UQCRIlT.exe
  C:\Windows\System\UQCRIlT.exe
  2⤵
  PID:1044
- C:\Windows\System\AepVkje.exe
  C:\Windows\System\AepVkje.exe
  2⤵
  PID:3588
- C:\Windows\System\MZtlNLG.exe
  C:\Windows\System\MZtlNLG.exe
  2⤵
  PID:1988
- C:\Windows\System\PxdWRRy.exe
  C:\Windows\System\PxdWRRy.exe
  2⤵
  PID:940
- C:\Windows\System\zDIJHPN.exe
  C:\Windows\System\zDIJHPN.exe
  2⤵
  PID:4168
- C:\Windows\System\TxJvjfK.exe
  C:\Windows\System\TxJvjfK.exe
  2⤵
  PID:4264
- C:\Windows\System\yYiUaee.exe
  C:\Windows\System\yYiUaee.exe
  2⤵
  PID:4380
- C:\Windows\System\XDabZWW.exe
  C:\Windows\System\XDabZWW.exe
  2⤵
  PID:2980
- C:\Windows\System\TSouAad.exe
  C:\Windows\System\TSouAad.exe
  2⤵
  PID:4488
- C:\Windows\System\uZFNzPC.exe
  C:\Windows\System\uZFNzPC.exe
  2⤵
  PID:4528
- C:\Windows\System\qJrTDkO.exe
  C:\Windows\System\qJrTDkO.exe
  2⤵
  PID:4792
- C:\Windows\System\IRpqqAc.exe
  C:\Windows\System\IRpqqAc.exe
  2⤵
  PID:4816
- C:\Windows\System\WvguOxd.exe
  C:\Windows\System\WvguOxd.exe
  2⤵
  PID:4728
- C:\Windows\System\vIzaFnJ.exe
  C:\Windows\System\vIzaFnJ.exe
  2⤵
  PID:4892
- C:\Windows\System\pCnFhud.exe
  C:\Windows\System\pCnFhud.exe
  2⤵
  PID:4652
- C:\Windows\System\XqiMYei.exe
  C:\Windows\System\XqiMYei.exe
  2⤵
  PID:1572
- C:\Windows\System\ylehdaL.exe
  C:\Windows\System\ylehdaL.exe
  2⤵
  PID:4104
- C:\Windows\System\ovpZrEr.exe
  C:\Windows\System\ovpZrEr.exe
  2⤵
  PID:4116
- C:\Windows\System\RupLFMb.exe
  C:\Windows\System\RupLFMb.exe
  2⤵
  PID:2128
- C:\Windows\System\DJiJzAJ.exe
  C:\Windows\System\DJiJzAJ.exe
  2⤵
  PID:4404
- C:\Windows\System\xcvGqIC.exe
  C:\Windows\System\xcvGqIC.exe
  2⤵
  PID:4648
- C:\Windows\System\YPmPEhE.exe
  C:\Windows\System\YPmPEhE.exe
  2⤵
  PID:4524
- C:\Windows\System\uzJCzIJ.exe
  C:\Windows\System\uzJCzIJ.exe
  2⤵
  PID:4668
- C:\Windows\System\LporFNK.exe
  C:\Windows\System\LporFNK.exe
  2⤵
  PID:4936
- C:\Windows\System\bleeorw.exe
  C:\Windows\System\bleeorw.exe
  2⤵
  PID:5132
- C:\Windows\System\onIFaHs.exe
  C:\Windows\System\onIFaHs.exe
  2⤵
  PID:5156
- C:\Windows\System\YBcpQQL.exe
  C:\Windows\System\YBcpQQL.exe
  2⤵
  PID:5176
- C:\Windows\System\zLxPThp.exe
  C:\Windows\System\zLxPThp.exe
  2⤵
  PID:5196
- C:\Windows\System\zUvQXbB.exe
  C:\Windows\System\zUvQXbB.exe
  2⤵
  PID:5216
- C:\Windows\System\YvaueMy.exe
  C:\Windows\System\YvaueMy.exe
  2⤵
  PID:5236
- C:\Windows\System\zPwNhfE.exe
  C:\Windows\System\zPwNhfE.exe
  2⤵
  PID:5256
- C:\Windows\System\JLhyJSH.exe
  C:\Windows\System\JLhyJSH.exe
  2⤵
  PID:5280
- C:\Windows\System\gcxyBOT.exe
  C:\Windows\System\gcxyBOT.exe
  2⤵
  PID:5300
- C:\Windows\System\CBctmti.exe
  C:\Windows\System\CBctmti.exe
  2⤵
  PID:5320
- C:\Windows\System\KPOcZsT.exe
  C:\Windows\System\KPOcZsT.exe
  2⤵
  PID:5344
- C:\Windows\System\ZOZgqqG.exe
  C:\Windows\System\ZOZgqqG.exe
  2⤵
  PID:5364
- C:\Windows\System\GCJjErr.exe
  C:\Windows\System\GCJjErr.exe
  2⤵
  PID:5384
- C:\Windows\System\vgemhRZ.exe
  C:\Windows\System\vgemhRZ.exe
  2⤵
  PID:5404
- C:\Windows\System\PxAHgXk.exe
  C:\Windows\System\PxAHgXk.exe
  2⤵
  PID:5424
- C:\Windows\System\vwzkteG.exe
  C:\Windows\System\vwzkteG.exe
  2⤵
  PID:5444
- C:\Windows\System\jQFbHSF.exe
  C:\Windows\System\jQFbHSF.exe
  2⤵
  PID:5464
- C:\Windows\System\xcsyJwy.exe
  C:\Windows\System\xcsyJwy.exe
  2⤵
  PID:5484
- C:\Windows\System\RSSckPk.exe
  C:\Windows\System\RSSckPk.exe
  2⤵
  PID:5504
- C:\Windows\System\ecphOwS.exe
  C:\Windows\System\ecphOwS.exe
  2⤵
  PID:5524
- C:\Windows\System\PWQotQe.exe
  C:\Windows\System\PWQotQe.exe
  2⤵
  PID:5544
- C:\Windows\System\gVCDJot.exe
  C:\Windows\System\gVCDJot.exe
  2⤵
  PID:5564
- C:\Windows\System\dpSaNYH.exe
  C:\Windows\System\dpSaNYH.exe
  2⤵
  PID:5584
- C:\Windows\System\tuhnIwY.exe
  C:\Windows\System\tuhnIwY.exe
  2⤵
  PID:5604
- C:\Windows\System\IcTUjKu.exe
  C:\Windows\System\IcTUjKu.exe
  2⤵
  PID:5624
- C:\Windows\System\prmerDC.exe
  C:\Windows\System\prmerDC.exe
  2⤵
  PID:5644
- C:\Windows\System\ZvfkpYQ.exe
  C:\Windows\System\ZvfkpYQ.exe
  2⤵
  PID:5664
- C:\Windows\System\VjvHjTK.exe
  C:\Windows\System\VjvHjTK.exe
  2⤵
  PID:5684
- C:\Windows\System\qhyfEfy.exe
  C:\Windows\System\qhyfEfy.exe
  2⤵
  PID:5708
- C:\Windows\System\YDghQFo.exe
  C:\Windows\System\YDghQFo.exe
  2⤵
  PID:5728
- C:\Windows\System\qoDyrgT.exe
  C:\Windows\System\qoDyrgT.exe
  2⤵
  PID:5752
- C:\Windows\System\XVXDtaU.exe
  C:\Windows\System\XVXDtaU.exe
  2⤵
  PID:5772
- C:\Windows\System\VhhHQqC.exe
  C:\Windows\System\VhhHQqC.exe
  2⤵
  PID:5792
- C:\Windows\System\fhFFHoX.exe
  C:\Windows\System\fhFFHoX.exe
  2⤵
  PID:5812
- C:\Windows\System\dGqDwwi.exe
  C:\Windows\System\dGqDwwi.exe
  2⤵
  PID:5832
- C:\Windows\System\VttvwZT.exe
  C:\Windows\System\VttvwZT.exe
  2⤵
  PID:5852
- C:\Windows\System\xxfUdlz.exe
  C:\Windows\System\xxfUdlz.exe
  2⤵
  PID:5872
- C:\Windows\System\XVzTykp.exe
  C:\Windows\System\XVzTykp.exe
  2⤵
  PID:5892
- C:\Windows\System\YsZmosa.exe
  C:\Windows\System\YsZmosa.exe
  2⤵
  PID:5912
- C:\Windows\System\nezoHMt.exe
  C:\Windows\System\nezoHMt.exe
  2⤵
  PID:5932
- C:\Windows\System\YKaoQct.exe
  C:\Windows\System\YKaoQct.exe
  2⤵
  PID:5952
- C:\Windows\System\YqpMtLU.exe
  C:\Windows\System\YqpMtLU.exe
  2⤵
  PID:5972
- C:\Windows\System\PpjvEUb.exe
  C:\Windows\System\PpjvEUb.exe
  2⤵
  PID:5992
- C:\Windows\System\xsFJSbG.exe
  C:\Windows\System\xsFJSbG.exe
  2⤵
  PID:6012
- C:\Windows\System\kCSXNqP.exe
  C:\Windows\System\kCSXNqP.exe
  2⤵
  PID:6032
- C:\Windows\System\suQIkkW.exe
  C:\Windows\System\suQIkkW.exe
  2⤵
  PID:6056
- C:\Windows\System\pEYsRuq.exe
  C:\Windows\System\pEYsRuq.exe
  2⤵
  PID:6076
- C:\Windows\System\QyWixGl.exe
  C:\Windows\System\QyWixGl.exe
  2⤵
  PID:6092
- C:\Windows\System\ogdFUuz.exe
  C:\Windows\System\ogdFUuz.exe
  2⤵
  PID:6112
- C:\Windows\System\CCunWhR.exe
  C:\Windows\System\CCunWhR.exe
  2⤵
  PID:6140
- C:\Windows\System\jfDpOIG.exe
  C:\Windows\System\jfDpOIG.exe
  2⤵
  PID:3604
- C:\Windows\System\tgElKQL.exe
  C:\Windows\System\tgElKQL.exe
  2⤵
  PID:2460
- C:\Windows\System\NDtkdzh.exe
  C:\Windows\System\NDtkdzh.exe
  2⤵
  PID:2960
- C:\Windows\System\SmXdiLL.exe
  C:\Windows\System\SmXdiLL.exe
  2⤵
  PID:4228
- C:\Windows\System\ijDudsq.exe
  C:\Windows\System\ijDudsq.exe
  2⤵
  PID:4656
- C:\Windows\System\uftXxZo.exe
  C:\Windows\System\uftXxZo.exe
  2⤵
  PID:4688
- C:\Windows\System\fQwRzfE.exe
  C:\Windows\System\fQwRzfE.exe
  2⤵
  PID:4992
- C:\Windows\System\dzEXXFh.exe
  C:\Windows\System\dzEXXFh.exe
  2⤵
  PID:5144
- C:\Windows\System\VKeYSSz.exe
  C:\Windows\System\VKeYSSz.exe
  2⤵
  PID:5172
- C:\Windows\System\OltZrBk.exe
  C:\Windows\System\OltZrBk.exe
  2⤵
  PID:5228
- C:\Windows\System\qtrmBrq.exe
  C:\Windows\System\qtrmBrq.exe
  2⤵
  PID:5268
- C:\Windows\System\CsAVCFc.exe
  C:\Windows\System\CsAVCFc.exe
  2⤵
  PID:5308
- C:\Windows\System\tXRROKm.exe
  C:\Windows\System\tXRROKm.exe
  2⤵
  PID:5292
- C:\Windows\System\QZlPVIn.exe
  C:\Windows\System\QZlPVIn.exe
  2⤵
  PID:5352
- C:\Windows\System\KwWzHvW.exe
  C:\Windows\System\KwWzHvW.exe
  2⤵
  PID:5372
- C:\Windows\System\OogPcIr.exe
  C:\Windows\System\OogPcIr.exe
  2⤵
  PID:1064
- C:\Windows\System\GJCGkUW.exe
  C:\Windows\System\GJCGkUW.exe
  2⤵
  PID:5420
- C:\Windows\System\pCpaszl.exe
  C:\Windows\System\pCpaszl.exe
  2⤵
  PID:5452
- C:\Windows\System\ffPJnSF.exe
  C:\Windows\System\ffPJnSF.exe
  2⤵
  PID:5512
- C:\Windows\System\NmRLekc.exe
  C:\Windows\System\NmRLekc.exe
  2⤵
  PID:5560
- C:\Windows\System\TaNNQeJ.exe
  C:\Windows\System\TaNNQeJ.exe
  2⤵
  PID:5536
- C:\Windows\System\DgcGkjN.exe
  C:\Windows\System\DgcGkjN.exe
  2⤵
  PID:5596
- C:\Windows\System\kFRBHRZ.exe
  C:\Windows\System\kFRBHRZ.exe
  2⤵
  PID:5632
- C:\Windows\System\PJQsKiF.exe
  C:\Windows\System\PJQsKiF.exe
  2⤵
  PID:5680
- C:\Windows\System\ijkDCWF.exe
  C:\Windows\System\ijkDCWF.exe
  2⤵
  PID:5652
- C:\Windows\System\fcojZUO.exe
  C:\Windows\System\fcojZUO.exe
  2⤵
  PID:5724
- C:\Windows\System\xbxkqdz.exe
  C:\Windows\System\xbxkqdz.exe
  2⤵
  PID:5736
- C:\Windows\System\RcULHGl.exe
  C:\Windows\System\RcULHGl.exe
  2⤵
  PID:5748
- C:\Windows\System\AioVnsN.exe
  C:\Windows\System\AioVnsN.exe
  2⤵
  PID:5780
- C:\Windows\System\ifPDXna.exe
  C:\Windows\System\ifPDXna.exe
  2⤵
  PID:5804
- C:\Windows\System\KIfMnxx.exe
  C:\Windows\System\KIfMnxx.exe
  2⤵
  PID:5840
- C:\Windows\System\QgqXNJE.exe
  C:\Windows\System\QgqXNJE.exe
  2⤵
  PID:5860
- C:\Windows\System\FSUhPOP.exe
  C:\Windows\System\FSUhPOP.exe
  2⤵
  PID:5960
- C:\Windows\System\ttxGhyf.exe
  C:\Windows\System\ttxGhyf.exe
  2⤵
  PID:2832
- C:\Windows\System\LrpSFXT.exe
  C:\Windows\System\LrpSFXT.exe
  2⤵
  PID:5984
- C:\Windows\System\Bnrjpao.exe
  C:\Windows\System\Bnrjpao.exe
  2⤵
  PID:6028
- C:\Windows\System\LdNrGqT.exe
  C:\Windows\System\LdNrGqT.exe
  2⤵
  PID:6072
- C:\Windows\System\ApONlRh.exe
  C:\Windows\System\ApONlRh.exe
  2⤵
  PID:6132
- C:\Windows\System\phlsbMP.exe
  C:\Windows\System\phlsbMP.exe
  2⤵
  PID:6128
- C:\Windows\System\MfNYBxE.exe
  C:\Windows\System\MfNYBxE.exe
  2⤵
  PID:2284
- C:\Windows\System\SmzfYDp.exe
  C:\Windows\System\SmzfYDp.exe
  2⤵
  PID:4424
- C:\Windows\System\oiMekAx.exe
  C:\Windows\System\oiMekAx.exe
  2⤵
  PID:3900
- C:\Windows\System\vIcZHud.exe
  C:\Windows\System\vIcZHud.exe
  2⤵
  PID:2972
- C:\Windows\System\HfULnKQ.exe
  C:\Windows\System\HfULnKQ.exe
  2⤵
  PID:5128
- C:\Windows\System\HocXdci.exe
  C:\Windows\System\HocXdci.exe
  2⤵
  PID:5140
- C:\Windows\System\NdPUHOB.exe
  C:\Windows\System\NdPUHOB.exe
  2⤵
  PID:5164
- C:\Windows\System\iCqSKID.exe
  C:\Windows\System\iCqSKID.exe
  2⤵
  PID:1732
- C:\Windows\System\FNHqywZ.exe
  C:\Windows\System\FNHqywZ.exe
  2⤵
  PID:5312
- C:\Windows\System\iMvuATH.exe
  C:\Windows\System\iMvuATH.exe
  2⤵
  PID:5244
- C:\Windows\System\wVmULRN.exe
  C:\Windows\System\wVmULRN.exe
  2⤵
  PID:5332
- C:\Windows\System\TtTBMOT.exe
  C:\Windows\System\TtTBMOT.exe
  2⤵
  PID:5436
- C:\Windows\System\PdkxhSY.exe
  C:\Windows\System\PdkxhSY.exe
  2⤵
  PID:5412
- C:\Windows\System\MGoxoXb.exe
  C:\Windows\System\MGoxoXb.exe
  2⤵
  PID:5456
- C:\Windows\System\YlXOrgO.exe
  C:\Windows\System\YlXOrgO.exe
  2⤵
  PID:5496
- C:\Windows\System\MPoGXrb.exe
  C:\Windows\System\MPoGXrb.exe
  2⤵
  PID:5532
- C:\Windows\System\ybJPzhk.exe
  C:\Windows\System\ybJPzhk.exe
  2⤵
  PID:336
- C:\Windows\System\ouhXXyG.exe
  C:\Windows\System\ouhXXyG.exe
  2⤵
  PID:5576
- C:\Windows\System\vVjyntu.exe
  C:\Windows\System\vVjyntu.exe
  2⤵
  PID:5620
- C:\Windows\System\PJcugre.exe
  C:\Windows\System\PJcugre.exe
  2⤵
  PID:3040
- C:\Windows\System\dJVVXyP.exe
  C:\Windows\System\dJVVXyP.exe
  2⤵
  PID:5696
- C:\Windows\System\xCRDCOo.exe
  C:\Windows\System\xCRDCOo.exe
  2⤵
  PID:5768
- C:\Windows\System\ZNybigh.exe
  C:\Windows\System\ZNybigh.exe
  2⤵
  PID:1120
- C:\Windows\System\VMXMzuR.exe
  C:\Windows\System\VMXMzuR.exe
  2⤵
  PID:5828
- C:\Windows\System\MkSyGuy.exe
  C:\Windows\System\MkSyGuy.exe
  2⤵
  PID:5864
- C:\Windows\System\OpEVKRP.exe
  C:\Windows\System\OpEVKRP.exe
  2⤵
  PID:2084
- C:\Windows\System\bGwrZXx.exe
  C:\Windows\System\bGwrZXx.exe
  2⤵
  PID:5924
- C:\Windows\System\GQeyvHv.exe
  C:\Windows\System\GQeyvHv.exe
  2⤵
  PID:1092
- C:\Windows\System\mydPqzB.exe
  C:\Windows\System\mydPqzB.exe
  2⤵
  PID:6008
- C:\Windows\System\QKJHHuW.exe
  C:\Windows\System\QKJHHuW.exe
  2⤵
  PID:6048
- C:\Windows\System\dsAEqKr.exe
  C:\Windows\System\dsAEqKr.exe
  2⤵
  PID:6084
- C:\Windows\System\spZIwtp.exe
  C:\Windows\System\spZIwtp.exe
  2⤵
  PID:4304
- C:\Windows\System\FmXGHok.exe
  C:\Windows\System\FmXGHok.exe
  2⤵
  PID:4948
- C:\Windows\System\clnnvum.exe
  C:\Windows\System\clnnvum.exe
  2⤵
  PID:4484
- C:\Windows\System\xupftaP.exe
  C:\Windows\System\xupftaP.exe
  2⤵
  PID:5192
- C:\Windows\System\OKPXcFP.exe
  C:\Windows\System\OKPXcFP.exe
  2⤵
  PID:5356
- C:\Windows\System\BkHnnWL.exe
  C:\Windows\System\BkHnnWL.exe
  2⤵
  PID:5476
- C:\Windows\System\YMHIgHD.exe
  C:\Windows\System\YMHIgHD.exe
  2⤵
  PID:5600
- C:\Windows\System\YRmVZuA.exe
  C:\Windows\System\YRmVZuA.exe
  2⤵
  PID:2964
- C:\Windows\System\dyLPkXA.exe
  C:\Windows\System\dyLPkXA.exe
  2⤵
  PID:5660
- C:\Windows\System\zWkjrfE.exe
  C:\Windows\System\zWkjrfE.exe
  2⤵
  PID:964
- C:\Windows\System\utsIZmS.exe
  C:\Windows\System\utsIZmS.exe
  2⤵
  PID:564
- C:\Windows\System\jffEnBh.exe
  C:\Windows\System\jffEnBh.exe
  2⤵
  PID:5788
- C:\Windows\System\qrrzQwS.exe
  C:\Windows\System\qrrzQwS.exe
  2⤵
  PID:5920
- C:\Windows\System\HnDzcUK.exe
  C:\Windows\System\HnDzcUK.exe
  2⤵
  PID:6064
- C:\Windows\System\QInQOVq.exe
  C:\Windows\System\QInQOVq.exe
  2⤵
  PID:1916
- C:\Windows\System\YBCucXR.exe
  C:\Windows\System\YBCucXR.exe
  2⤵
  PID:6052
- C:\Windows\System\ckJzQvr.exe
  C:\Windows\System\ckJzQvr.exe
  2⤵
  PID:6136
- C:\Windows\System\riIdeNm.exe
  C:\Windows\System\riIdeNm.exe
  2⤵
  PID:3916
- C:\Windows\System\pwyfEFI.exe
  C:\Windows\System\pwyfEFI.exe
  2⤵
  PID:4736
- C:\Windows\System\JEBEDyF.exe
  C:\Windows\System\JEBEDyF.exe
  2⤵
  PID:1384
- C:\Windows\System\kYtltRd.exe
  C:\Windows\System\kYtltRd.exe
  2⤵
  PID:5400
- C:\Windows\System\GyATUkC.exe
  C:\Windows\System\GyATUkC.exe
  2⤵
  PID:6120
- C:\Windows\System\CNVZvGC.exe
  C:\Windows\System\CNVZvGC.exe
  2⤵
  PID:6124
- C:\Windows\System\gSrEypT.exe
  C:\Windows\System\gSrEypT.exe
  2⤵
  PID:1032
- C:\Windows\System\JlhcBXN.exe
  C:\Windows\System\JlhcBXN.exe
  2⤵
  PID:3428
- C:\Windows\System\JgctFAf.exe
  C:\Windows\System\JgctFAf.exe
  2⤵
  PID:2688
- C:\Windows\System\gPKsDqL.exe
  C:\Windows\System\gPKsDqL.exe
  2⤵
  PID:5784
- C:\Windows\System\icqevEv.exe
  C:\Windows\System\icqevEv.exe
  2⤵
  PID:5636
- C:\Windows\System\iPJhSke.exe
  C:\Windows\System\iPJhSke.exe
  2⤵
  PID:5980
- C:\Windows\System\UklDMoA.exe
  C:\Windows\System\UklDMoA.exe
  2⤵
  PID:6160
- C:\Windows\System\dXVmVAD.exe
  C:\Windows\System\dXVmVAD.exe
  2⤵
  PID:6176
- C:\Windows\System\JIKMyNr.exe
  C:\Windows\System\JIKMyNr.exe
  2⤵
  PID:6192
- C:\Windows\System\CVYHJSs.exe
  C:\Windows\System\CVYHJSs.exe
  2⤵
  PID:6208
- C:\Windows\System\NmAksOR.exe
  C:\Windows\System\NmAksOR.exe
  2⤵
  PID:6228
- C:\Windows\System\DqAmrNA.exe
  C:\Windows\System\DqAmrNA.exe
  2⤵
  PID:6244
- C:\Windows\System\nukEXdP.exe
  C:\Windows\System\nukEXdP.exe
  2⤵
  PID:6260
- C:\Windows\System\iKNVLOt.exe
  C:\Windows\System\iKNVLOt.exe
  2⤵
  PID:6276
- C:\Windows\System\SCiUOuv.exe
  C:\Windows\System\SCiUOuv.exe
  2⤵
  PID:6292
- C:\Windows\System\VjCEvYR.exe
  C:\Windows\System\VjCEvYR.exe
  2⤵
  PID:6308
- C:\Windows\System\SpcqDUI.exe
  C:\Windows\System\SpcqDUI.exe
  2⤵
  PID:6324
- C:\Windows\System\YRYYDmm.exe
  C:\Windows\System\YRYYDmm.exe
  2⤵
  PID:6340
- C:\Windows\System\JVxQVGx.exe
  C:\Windows\System\JVxQVGx.exe
  2⤵
  PID:6356
- C:\Windows\System\WmjLxJS.exe
  C:\Windows\System\WmjLxJS.exe
  2⤵
  PID:6372
- C:\Windows\System\VvQXGZn.exe
  C:\Windows\System\VvQXGZn.exe
  2⤵
  PID:6388
- C:\Windows\System\HxmsrBt.exe
  C:\Windows\System\HxmsrBt.exe
  2⤵
  PID:6728
- C:\Windows\System\LMyHXsw.exe
  C:\Windows\System\LMyHXsw.exe
  2⤵
  PID:6748
- C:\Windows\System\GXxUvGA.exe
  C:\Windows\System\GXxUvGA.exe
  2⤵
  PID:6768
- C:\Windows\System\BhgxYzE.exe
  C:\Windows\System\BhgxYzE.exe
  2⤵
  PID:6784
- C:\Windows\System\dhcIFiR.exe
  C:\Windows\System\dhcIFiR.exe
  2⤵
  PID:6808
- C:\Windows\System\rblAWZO.exe
  C:\Windows\System\rblAWZO.exe
  2⤵
  PID:6824
- C:\Windows\System\EyCszHr.exe
  C:\Windows\System\EyCszHr.exe
  2⤵
  PID:6840
- C:\Windows\System\hJDXmfR.exe
  C:\Windows\System\hJDXmfR.exe
  2⤵
  PID:6856
- C:\Windows\System\RoSJfPq.exe
  C:\Windows\System\RoSJfPq.exe
  2⤵
  PID:6872
- C:\Windows\System\AqIBhsL.exe
  C:\Windows\System\AqIBhsL.exe
  2⤵
  PID:6896
- C:\Windows\System\lWbpGaH.exe
  C:\Windows\System\lWbpGaH.exe
  2⤵
  PID:6916
- C:\Windows\System\zNtYfXj.exe
  C:\Windows\System\zNtYfXj.exe
  2⤵
  PID:6932
- C:\Windows\System\zmCGIeb.exe
  C:\Windows\System\zmCGIeb.exe
  2⤵
  PID:6956
- C:\Windows\System\AmyPOko.exe
  C:\Windows\System\AmyPOko.exe
  2⤵
  PID:6972
- C:\Windows\System\cjIOmpL.exe
  C:\Windows\System\cjIOmpL.exe
  2⤵
  PID:7004
- C:\Windows\System\GuKZWnH.exe
  C:\Windows\System\GuKZWnH.exe
  2⤵
  PID:7024
- C:\Windows\System\WBSmjRf.exe
  C:\Windows\System\WBSmjRf.exe
  2⤵
  PID:7040
- C:\Windows\System\qccoIXq.exe
  C:\Windows\System\qccoIXq.exe
  2⤵
  PID:7060
- C:\Windows\System\CokqgJG.exe
  C:\Windows\System\CokqgJG.exe
  2⤵
  PID:7088
- C:\Windows\System\RNihfok.exe
  C:\Windows\System\RNihfok.exe
  2⤵
  PID:7104
- C:\Windows\System\STnTArm.exe
  C:\Windows\System\STnTArm.exe
  2⤵
  PID:7120
- C:\Windows\System\saxOHGR.exe
  C:\Windows\System\saxOHGR.exe
  2⤵
  PID:7136
- C:\Windows\System\eYPIdkt.exe
  C:\Windows\System\eYPIdkt.exe
  2⤵
  PID:7152
- C:\Windows\System\hKbxGXV.exe
  C:\Windows\System\hKbxGXV.exe
  2⤵
  PID:1692
- C:\Windows\System\EbfBgpO.exe
  C:\Windows\System\EbfBgpO.exe
  2⤵
  PID:5540
- C:\Windows\System\YpAIvPW.exe
  C:\Windows\System\YpAIvPW.exe
  2⤵
  PID:5328
- C:\Windows\System\JkuOJSY.exe
  C:\Windows\System\JkuOJSY.exe
  2⤵
  PID:3056
- C:\Windows\System\rauMXJs.exe
  C:\Windows\System\rauMXJs.exe
  2⤵
  PID:6200
- C:\Windows\System\qqyDkDS.exe
  C:\Windows\System\qqyDkDS.exe
  2⤵
  PID:6252
- C:\Windows\System\CEofDEH.exe
  C:\Windows\System\CEofDEH.exe
  2⤵
  PID:6272
- C:\Windows\System\NhyDGng.exe
  C:\Windows\System\NhyDGng.exe
  2⤵
  PID:6336
- C:\Windows\System\aailFax.exe
  C:\Windows\System\aailFax.exe
  2⤵
  PID:6384
- C:\Windows\System\PzKKmYx.exe
  C:\Windows\System\PzKKmYx.exe
  2⤵
  PID:5948
- C:\Windows\System\yjeJBsv.exe
  C:\Windows\System\yjeJBsv.exe
  2⤵
  PID:6412
- C:\Windows\System\yfeGrsW.exe
  C:\Windows\System\yfeGrsW.exe
  2⤵
  PID:6428
- C:\Windows\System\HfcAxID.exe
  C:\Windows\System\HfcAxID.exe
  2⤵
  PID:6444
- C:\Windows\System\FtkgbjV.exe
  C:\Windows\System\FtkgbjV.exe
  2⤵
  PID:6464
- C:\Windows\System\pPTuDdF.exe
  C:\Windows\System\pPTuDdF.exe
  2⤵
  PID:6476
- C:\Windows\System\ycvtOzq.exe
  C:\Windows\System\ycvtOzq.exe
  2⤵
  PID:6500
- C:\Windows\System\wvfoMYU.exe
  C:\Windows\System\wvfoMYU.exe
  2⤵
  PID:6220
- C:\Windows\System\NBAzRIR.exe
  C:\Windows\System\NBAzRIR.exe
  2⤵
  PID:6528
- C:\Windows\System\VGxfXax.exe
  C:\Windows\System\VGxfXax.exe
  2⤵
  PID:6544
- C:\Windows\System\ojgNnwa.exe
  C:\Windows\System\ojgNnwa.exe
  2⤵
  PID:6560
- C:\Windows\System\AGmehOC.exe
  C:\Windows\System\AGmehOC.exe
  2⤵
  PID:6592
- C:\Windows\System\SEeEFVI.exe
  C:\Windows\System\SEeEFVI.exe
  2⤵
  PID:6580
- C:\Windows\System\lMWUxuY.exe
  C:\Windows\System\lMWUxuY.exe
  2⤵
  PID:6608
- C:\Windows\System\CXcjvRG.exe
  C:\Windows\System\CXcjvRG.exe
  2⤵
  PID:6620
- C:\Windows\System\vRhlDWe.exe
  C:\Windows\System\vRhlDWe.exe
  2⤵
  PID:6640
- C:\Windows\System\TYRFsrm.exe
  C:\Windows\System\TYRFsrm.exe
  2⤵
  PID:6652
- C:\Windows\System\yPCimeD.exe
  C:\Windows\System\yPCimeD.exe
  2⤵
  PID:6672
- C:\Windows\System\srPNvfy.exe
  C:\Windows\System\srPNvfy.exe
  2⤵
  PID:6700
- C:\Windows\System\pTKPIHP.exe
  C:\Windows\System\pTKPIHP.exe
  2⤵
  PID:6704
- C:\Windows\System\wThRyYo.exe
  C:\Windows\System\wThRyYo.exe
  2⤵
  PID:6716
- C:\Windows\System\BmelXoz.exe
  C:\Windows\System\BmelXoz.exe
  2⤵
  PID:6744
- C:\Windows\System\exIvwMl.exe
  C:\Windows\System\exIvwMl.exe
  2⤵
  PID:6760
- C:\Windows\System\HRolFnp.exe
  C:\Windows\System\HRolFnp.exe
  2⤵
  PID:6804
- C:\Windows\System\oafpUlD.exe
  C:\Windows\System\oafpUlD.exe
  2⤵
  PID:6864
- C:\Windows\System\ZOyZivF.exe
  C:\Windows\System\ZOyZivF.exe
  2⤵
  PID:6868
- C:\Windows\System\gvzjzsj.exe
  C:\Windows\System\gvzjzsj.exe
  2⤵
  PID:6908
- C:\Windows\System\uKItOIE.exe
  C:\Windows\System\uKItOIE.exe
  2⤵
  PID:6852
- C:\Windows\System\OCYFShm.exe
  C:\Windows\System\OCYFShm.exe
  2⤵
  PID:6892
- C:\Windows\System\DlLoBOb.exe
  C:\Windows\System\DlLoBOb.exe
  2⤵
  PID:6968
- C:\Windows\System\cNmgTsX.exe
  C:\Windows\System\cNmgTsX.exe
  2⤵
  PID:6948
- C:\Windows\System\qsYGTZs.exe
  C:\Windows\System\qsYGTZs.exe
  2⤵
  PID:7000
- C:\Windows\System\iApfHSp.exe
  C:\Windows\System\iApfHSp.exe
  2⤵
  PID:7016
- C:\Windows\System\woaHTKi.exe
  C:\Windows\System\woaHTKi.exe
  2⤵
  PID:7056
- C:\Windows\System\kZjRJSh.exe
  C:\Windows\System\kZjRJSh.exe
  2⤵
  PID:7116
- C:\Windows\System\XQHtxfc.exe
  C:\Windows\System\XQHtxfc.exe
  2⤵
  PID:5288
- C:\Windows\System\eplgOBG.exe
  C:\Windows\System\eplgOBG.exe
  2⤵
  PID:6188
- C:\Windows\System\vkUWVnG.exe
  C:\Windows\System\vkUWVnG.exe
  2⤵
  PID:7128
- C:\Windows\System\ffjSICd.exe
  C:\Windows\System\ffjSICd.exe
  2⤵
  PID:6288
- C:\Windows\System\lesjIZg.exe
  C:\Windows\System\lesjIZg.exe
  2⤵
  PID:7160
- C:\Windows\System\RzriSgI.exe
  C:\Windows\System\RzriSgI.exe
  2⤵
  PID:6352
- C:\Windows\System\ihosCCi.exe
  C:\Windows\System\ihosCCi.exe
  2⤵
  PID:6368
- C:\Windows\System\RkjqZSp.exe
  C:\Windows\System\RkjqZSp.exe
  2⤵
  PID:6168
- C:\Windows\System\ZUcbpdP.exe
  C:\Windows\System\ZUcbpdP.exe
  2⤵
  PID:6268
- C:\Windows\System\CvcHIjB.exe
  C:\Windows\System\CvcHIjB.exe
  2⤵
  PID:6420
- C:\Windows\System\PwlwztM.exe
  C:\Windows\System\PwlwztM.exe
  2⤵
  PID:6408
- C:\Windows\System\NFTrjLQ.exe
  C:\Windows\System\NFTrjLQ.exe
  2⤵
  PID:6440
- C:\Windows\System\NUGFyzt.exe
  C:\Windows\System\NUGFyzt.exe
  2⤵
  PID:6460
- C:\Windows\System\FuOfrSs.exe
  C:\Windows\System\FuOfrSs.exe
  2⤵
  PID:6524
- C:\Windows\System\PEGUdry.exe
  C:\Windows\System\PEGUdry.exe
  2⤵
  PID:6724
- C:\Windows\System\VLUsPTV.exe
  C:\Windows\System\VLUsPTV.exe
  2⤵
  PID:6648
- C:\Windows\System\NaDfFhr.exe
  C:\Windows\System\NaDfFhr.exe
  2⤵
  PID:6472
- C:\Windows\System\ZcjAihG.exe
  C:\Windows\System\ZcjAihG.exe
  2⤵
  PID:6540
- C:\Windows\System\FKfMBxM.exe
  C:\Windows\System\FKfMBxM.exe
  2⤵
  PID:6604
- C:\Windows\System\agWVgUj.exe
  C:\Windows\System\agWVgUj.exe
  2⤵
  PID:6668
- C:\Windows\System\qsDdBYe.exe
  C:\Windows\System\qsDdBYe.exe
  2⤵
  PID:6712
- C:\Windows\System\NUSRJPH.exe
  C:\Windows\System\NUSRJPH.exe
  2⤵
  PID:6736
- C:\Windows\System\AVfLtwg.exe
  C:\Windows\System\AVfLtwg.exe
  2⤵
  PID:6836
- C:\Windows\System\SqEnlkE.exe
  C:\Windows\System\SqEnlkE.exe
  2⤵
  PID:6800
- C:\Windows\System\cOWodid.exe
  C:\Windows\System\cOWodid.exe
  2⤵
  PID:6928
- C:\Windows\System\CMLxjPr.exe
  C:\Windows\System\CMLxjPr.exe
  2⤵
  PID:7052
- C:\Windows\System\gePBnbv.exe
  C:\Windows\System\gePBnbv.exe
  2⤵
  PID:7080
- C:\Windows\System\OtYvYhv.exe
  C:\Windows\System\OtYvYhv.exe
  2⤵
  PID:7112
- C:\Windows\System\NQTSdRV.exe
  C:\Windows\System\NQTSdRV.exe
  2⤵
  PID:7096
- C:\Windows\System\IidSMKC.exe
  C:\Windows\System\IidSMKC.exe
  2⤵
  PID:2188
- C:\Windows\System\pcCPZlT.exe
  C:\Windows\System\pcCPZlT.exe
  2⤵
  PID:6348
- C:\Windows\System\cZfraYb.exe
  C:\Windows\System\cZfraYb.exe
  2⤵
  PID:2560
- C:\Windows\System\xYmuCvu.exe
  C:\Windows\System\xYmuCvu.exe
  2⤵
  PID:5764
- C:\Windows\System\nRAVxGe.exe
  C:\Windows\System\nRAVxGe.exe
  2⤵
  PID:6364
- C:\Windows\System\mcuhMlJ.exe
  C:\Windows\System\mcuhMlJ.exe
  2⤵
  PID:6576
- C:\Windows\System\eFbfRfk.exe
  C:\Windows\System\eFbfRfk.exe
  2⤵
  PID:6520
- C:\Windows\System\QDnMrvz.exe
  C:\Windows\System\QDnMrvz.exe
  2⤵
  PID:6696
- C:\Windows\System\BSfTJca.exe
  C:\Windows\System\BSfTJca.exe
  2⤵
  PID:6756
- C:\Windows\System\sAYJpol.exe
  C:\Windows\System\sAYJpol.exe
  2⤵
  PID:6888
- C:\Windows\System\zCYcFTW.exe
  C:\Windows\System\zCYcFTW.exe
  2⤵
  PID:6980
- C:\Windows\System\yNZRiNG.exe
  C:\Windows\System\yNZRiNG.exe
  2⤵
  PID:6284
- C:\Windows\System\jeMOhzg.exe
  C:\Windows\System\jeMOhzg.exe
  2⤵
  PID:6316
- C:\Windows\System\LIXcDVz.exe
  C:\Windows\System\LIXcDVz.exe
  2⤵
  PID:6436
- C:\Windows\System\CvxbZGy.exe
  C:\Windows\System\CvxbZGy.exe
  2⤵
  PID:6600
- C:\Windows\System\sEZnGkC.exe
  C:\Windows\System\sEZnGkC.exe
  2⤵
  PID:6480
- C:\Windows\System\HpdzChk.exe
  C:\Windows\System\HpdzChk.exe
  2⤵
  PID:6780
- C:\Windows\System\uJcvWol.exe
  C:\Windows\System\uJcvWol.exe
  2⤵
  PID:6664
- C:\Windows\System\fKTfIFV.exe
  C:\Windows\System\fKTfIFV.exe
  2⤵
  PID:6996
- C:\Windows\System\oGigvHU.exe
  C:\Windows\System\oGigvHU.exe
  2⤵
  PID:7048
- C:\Windows\System\nPEipHI.exe
  C:\Windows\System\nPEipHI.exe
  2⤵
  PID:6656
- C:\Windows\System\AaMLGtC.exe
  C:\Windows\System\AaMLGtC.exe
  2⤵
  PID:1528
- C:\Windows\System\DxDNFVX.exe
  C:\Windows\System\DxDNFVX.exe
  2⤵
  PID:6152
- C:\Windows\System\gaftGkO.exe
  C:\Windows\System\gaftGkO.exe
  2⤵
  PID:5900
- C:\Windows\System\klQnFae.exe
  C:\Windows\System\klQnFae.exe
  2⤵
  PID:7180
- C:\Windows\System\iRXwOIA.exe
  C:\Windows\System\iRXwOIA.exe
  2⤵
  PID:7204
- C:\Windows\System\TCleakd.exe
  C:\Windows\System\TCleakd.exe
  2⤵
  PID:7224
- C:\Windows\System\UHwmDby.exe
  C:\Windows\System\UHwmDby.exe
  2⤵
  PID:7256
- C:\Windows\System\WRmdcbR.exe
  C:\Windows\System\WRmdcbR.exe
  2⤵
  PID:7272
- C:\Windows\System\cNAURoK.exe
  C:\Windows\System\cNAURoK.exe
  2⤵
  PID:7288
- C:\Windows\System\sbKHGpJ.exe
  C:\Windows\System\sbKHGpJ.exe
  2⤵
  PID:7304
- C:\Windows\System\XqOsbhy.exe
  C:\Windows\System\XqOsbhy.exe
  2⤵
  PID:7320
- C:\Windows\System\AYwYYZf.exe
  C:\Windows\System\AYwYYZf.exe
  2⤵
  PID:7336
- C:\Windows\System\ePbqSwV.exe
  C:\Windows\System\ePbqSwV.exe
  2⤵
  PID:7352
- C:\Windows\System\iqHyJZh.exe
  C:\Windows\System\iqHyJZh.exe
  2⤵
  PID:7372
- C:\Windows\System\lfDvqiK.exe
  C:\Windows\System\lfDvqiK.exe
  2⤵
  PID:7388
- C:\Windows\System\gMEAFAH.exe
  C:\Windows\System\gMEAFAH.exe
  2⤵
  PID:7404
- C:\Windows\System\BhbmRDj.exe
  C:\Windows\System\BhbmRDj.exe
  2⤵
  PID:7424
- C:\Windows\System\sDcVdHx.exe
  C:\Windows\System\sDcVdHx.exe
  2⤵
  PID:7440
- C:\Windows\System\ZCvyIEW.exe
  C:\Windows\System\ZCvyIEW.exe
  2⤵
  PID:7460
- C:\Windows\System\oOskvYw.exe
  C:\Windows\System\oOskvYw.exe
  2⤵
  PID:7476
- C:\Windows\System\COquJEx.exe
  C:\Windows\System\COquJEx.exe
  2⤵
  PID:7492
- C:\Windows\System\rswSXSv.exe
  C:\Windows\System\rswSXSv.exe
  2⤵
  PID:7516
- C:\Windows\System\xkjmrJU.exe
  C:\Windows\System\xkjmrJU.exe
  2⤵
  PID:7532
- C:\Windows\System\BNWqbnq.exe
  C:\Windows\System\BNWqbnq.exe
  2⤵
  PID:7556
- C:\Windows\System\BawDRPe.exe
  C:\Windows\System\BawDRPe.exe
  2⤵
  PID:7572
- C:\Windows\System\AEuqhLj.exe
  C:\Windows\System\AEuqhLj.exe
  2⤵
  PID:7588
- C:\Windows\System\tkPtZIG.exe
  C:\Windows\System\tkPtZIG.exe
  2⤵
  PID:7608
- C:\Windows\System\GfmFHob.exe
  C:\Windows\System\GfmFHob.exe
  2⤵
  PID:7648
- C:\Windows\System\xuorhIX.exe
  C:\Windows\System\xuorhIX.exe
  2⤵
  PID:7668
- C:\Windows\System\dEPuxxk.exe
  C:\Windows\System\dEPuxxk.exe
  2⤵
  PID:7708
- C:\Windows\System\zsxDoAj.exe
  C:\Windows\System\zsxDoAj.exe
  2⤵
  PID:7736
- C:\Windows\System\gjcRjke.exe
  C:\Windows\System\gjcRjke.exe
  2⤵
  PID:7752
- C:\Windows\System\ReJarDt.exe
  C:\Windows\System\ReJarDt.exe
  2⤵
  PID:7772
- C:\Windows\System\JoKvrPG.exe
  C:\Windows\System\JoKvrPG.exe
  2⤵
  PID:7788
- C:\Windows\System\LAEdLeE.exe
  C:\Windows\System\LAEdLeE.exe
  2⤵
  PID:7808
- C:\Windows\System\RpwpTHF.exe
  C:\Windows\System\RpwpTHF.exe
  2⤵
  PID:7824
- C:\Windows\System\NWfWCxr.exe
  C:\Windows\System\NWfWCxr.exe
  2⤵
  PID:7844
- C:\Windows\System\Hqqrvyf.exe
  C:\Windows\System\Hqqrvyf.exe
  2⤵
  PID:8160
- C:\Windows\System\rrJZrig.exe
  C:\Windows\System\rrJZrig.exe
  2⤵
  PID:8180
- C:\Windows\System\EwlDQgU.exe
  C:\Windows\System\EwlDQgU.exe
  2⤵
  PID:7036
- C:\Windows\System\cFiwYgx.exe
  C:\Windows\System\cFiwYgx.exe
  2⤵
  PID:7012
- C:\Windows\System\eutQrVU.exe
  C:\Windows\System\eutQrVU.exe
  2⤵
  PID:7200
- C:\Windows\System\lHqZwLA.exe
  C:\Windows\System\lHqZwLA.exe
  2⤵
  PID:7240
- C:\Windows\System\qCbnDKk.exe
  C:\Windows\System\qCbnDKk.exe
  2⤵
  PID:7252
- C:\Windows\System\RAEMHNI.exe
  C:\Windows\System\RAEMHNI.exe
  2⤵
  PID:1976
- C:\Windows\System\LpiTffa.exe
  C:\Windows\System\LpiTffa.exe
  2⤵
  PID:7236
- C:\Windows\System\OZDGUFW.exe
  C:\Windows\System\OZDGUFW.exe
  2⤵
  PID:7264
- C:\Windows\System\JOKotty.exe
  C:\Windows\System\JOKotty.exe
  2⤵
  PID:7268
- C:\Windows\System\ptlhqaT.exe
  C:\Windows\System\ptlhqaT.exe
  2⤵
  PID:7380
- C:\Windows\System\tKUrghZ.exe
  C:\Windows\System\tKUrghZ.exe
  2⤵
  PID:7384
- C:\Windows\System\EOFKQRN.exe
  C:\Windows\System\EOFKQRN.exe
  2⤵
  PID:7396
- C:\Windows\System\rnifxfw.exe
  C:\Windows\System\rnifxfw.exe
  2⤵
  PID:7456
- C:\Windows\System\UIxHJmk.exe
  C:\Windows\System\UIxHJmk.exe
  2⤵
  PID:7500
- C:\Windows\System\LDTGGJO.exe
  C:\Windows\System\LDTGGJO.exe
  2⤵
  PID:7504
- C:\Windows\System\DtrWias.exe
  C:\Windows\System\DtrWias.exe
  2⤵
  PID:7548
- C:\Windows\System\gxrYTOK.exe
  C:\Windows\System\gxrYTOK.exe
  2⤵
  PID:7688
- C:\Windows\System\MAcVJjn.exe
  C:\Windows\System\MAcVJjn.exe
  2⤵
  PID:7780
- C:\Windows\System\AgClDhL.exe
  C:\Windows\System\AgClDhL.exe
  2⤵
  PID:7796
- C:\Windows\System\WNjgkKR.exe
  C:\Windows\System\WNjgkKR.exe
  2⤵
  PID:7720
- C:\Windows\System\iCYFZcE.exe
  C:\Windows\System\iCYFZcE.exe
  2⤵
  PID:7764
- C:\Windows\System\OITwVHb.exe
  C:\Windows\System\OITwVHb.exe
  2⤵
  PID:7836
- C:\Windows\System\fKwcfsc.exe
  C:\Windows\System\fKwcfsc.exe
  2⤵
  PID:7880
- C:\Windows\System\FqdjKNz.exe
  C:\Windows\System\FqdjKNz.exe
  2⤵
  PID:7888
- C:\Windows\System\XJsufNj.exe
  C:\Windows\System\XJsufNj.exe
  2⤵
  PID:7904
- C:\Windows\System\hGFmuUI.exe
  C:\Windows\System\hGFmuUI.exe
  2⤵
  PID:7920
- C:\Windows\System\EVGQfhb.exe
  C:\Windows\System\EVGQfhb.exe
  2⤵
  PID:7940
- C:\Windows\System\mBHRdJD.exe
  C:\Windows\System\mBHRdJD.exe
  2⤵
  PID:7956
- C:\Windows\System\fcEOLFD.exe
  C:\Windows\System\fcEOLFD.exe
  2⤵
  PID:7988
- C:\Windows\System\DeqaIqx.exe
  C:\Windows\System\DeqaIqx.exe
  2⤵
  PID:8004
- C:\Windows\System\jrILXNG.exe
  C:\Windows\System\jrILXNG.exe
  2⤵
  PID:8020
- C:\Windows\System\xbffsge.exe
  C:\Windows\System\xbffsge.exe
  2⤵
  PID:8040
- C:\Windows\System\xOJYtiY.exe
  C:\Windows\System\xOJYtiY.exe
  2⤵
  PID:8068
- C:\Windows\System\kNAOCIC.exe
  C:\Windows\System\kNAOCIC.exe
  2⤵
  PID:8080
- C:\Windows\System\wxhHRRd.exe
  C:\Windows\System\wxhHRRd.exe
  2⤵
  PID:8100
- C:\Windows\System\yjapFtq.exe
  C:\Windows\System\yjapFtq.exe
  2⤵
  PID:8120
- C:\Windows\System\QtiCZSa.exe
  C:\Windows\System\QtiCZSa.exe
  2⤵
  PID:8152
- C:\Windows\System\cwWRErr.exe
  C:\Windows\System\cwWRErr.exe
  2⤵
  PID:8144
- C:\Windows\System\RJsKoZU.exe
  C:\Windows\System\RJsKoZU.exe
  2⤵
  PID:7248
- C:\Windows\System\hbaFgOm.exe
  C:\Windows\System\hbaFgOm.exe
  2⤵
  PID:2148
- C:\Windows\System\nQZniYb.exe
  C:\Windows\System\nQZniYb.exe
  2⤵
  PID:1544
- C:\Windows\System\COheFJh.exe
  C:\Windows\System\COheFJh.exe
  2⤵
  PID:7360
- C:\Windows\System\wkEBjSu.exe
  C:\Windows\System\wkEBjSu.exe
  2⤵
  PID:7344
- C:\Windows\System\hzHwbSI.exe
  C:\Windows\System\hzHwbSI.exe
  2⤵
  PID:7528
- C:\Windows\System\iawwQFS.exe
  C:\Windows\System\iawwQFS.exe
  2⤵
  PID:7484
- C:\Windows\System\CCJniOE.exe
  C:\Windows\System\CCJniOE.exe
  2⤵
  PID:7100
- C:\Windows\System\FHPOnDE.exe
  C:\Windows\System\FHPOnDE.exe
  2⤵
  PID:7624
- C:\Windows\System\nAVHSET.exe
  C:\Windows\System\nAVHSET.exe
  2⤵
  PID:7644
- C:\Windows\System\NybWskG.exe
  C:\Windows\System\NybWskG.exe
  2⤵
  PID:7680
- C:\Windows\System\FBOaTwV.exe
  C:\Windows\System\FBOaTwV.exe
  2⤵
  PID:7580
- C:\Windows\System\emhPvFf.exe
  C:\Windows\System\emhPvFf.exe
  2⤵
  PID:7664
- C:\Windows\System\ZqmwiIm.exe
  C:\Windows\System\ZqmwiIm.exe
  2⤵
  PID:7832
- C:\Windows\System\CclsVFT.exe
  C:\Windows\System\CclsVFT.exe
  2⤵
  PID:7816
- C:\Windows\System\IahWfMP.exe
  C:\Windows\System\IahWfMP.exe
  2⤵
  PID:7864
- C:\Windows\System\dcjeucK.exe
  C:\Windows\System\dcjeucK.exe
  2⤵
  PID:7964
- C:\Windows\System\HxGQIiR.exe
  C:\Windows\System\HxGQIiR.exe
  2⤵
  PID:7968
- C:\Windows\System\whLFeGZ.exe
  C:\Windows\System\whLFeGZ.exe
  2⤵
  PID:7872
- C:\Windows\System\bKKChLP.exe
  C:\Windows\System\bKKChLP.exe
  2⤵
  PID:8032
- C:\Windows\System\HAZTTnr.exe
  C:\Windows\System\HAZTTnr.exe
  2⤵
  PID:7996
- C:\Windows\System\ZerAEDJ.exe
  C:\Windows\System\ZerAEDJ.exe
  2⤵
  PID:8124
- C:\Windows\System\vqXqdlZ.exe
  C:\Windows\System\vqXqdlZ.exe
  2⤵
  PID:8116
- C:\Windows\System\autIRSY.exe
  C:\Windows\System\autIRSY.exe
  2⤵
  PID:7192
- C:\Windows\System\hQHajYS.exe
  C:\Windows\System\hQHajYS.exe
  2⤵
  PID:7332
- C:\Windows\System\ZAZLTgo.exe
  C:\Windows\System\ZAZLTgo.exe
  2⤵
  PID:7176
- C:\Windows\System\OSpwwNs.exe
  C:\Windows\System\OSpwwNs.exe
  2⤵
  PID:7416
- C:\Windows\System\jbkAlEB.exe
  C:\Windows\System\jbkAlEB.exe
  2⤵
  PID:7524
- C:\Windows\System\ZyFPCUf.exe
  C:\Windows\System\ZyFPCUf.exe
  2⤵
  PID:7468
- C:\Windows\System\adGEydO.exe
  C:\Windows\System\adGEydO.exe
  2⤵
  PID:7616
- C:\Windows\System\IvBhSUk.exe
  C:\Windows\System\IvBhSUk.exe
  2⤵
  PID:7600
- C:\Windows\System\auAcIuf.exe
  C:\Windows\System\auAcIuf.exe
  2⤵
  PID:7692
- C:\Windows\System\WDOLEvW.exe
  C:\Windows\System\WDOLEvW.exe
  2⤵
  PID:8016
- C:\Windows\System\BjszLRx.exe
  C:\Windows\System\BjszLRx.exe
  2⤵
  PID:7952
- C:\Windows\System\cWlKUsC.exe
  C:\Windows\System\cWlKUsC.exe
  2⤵
  PID:8036
- C:\Windows\System\TKvWFxS.exe
  C:\Windows\System\TKvWFxS.exe
  2⤵
  PID:8000
- C:\Windows\System\CWYMNFr.exe
  C:\Windows\System\CWYMNFr.exe
  2⤵
  PID:8136
- C:\Windows\System\JWQAZQH.exe
  C:\Windows\System\JWQAZQH.exe
  2⤵
  PID:2504
- C:\Windows\System\AxsdeHp.exe
  C:\Windows\System\AxsdeHp.exe
  2⤵
  PID:7584
- C:\Windows\System\sjPUocq.exe
  C:\Windows\System\sjPUocq.exe
  2⤵
  PID:7916
- C:\Windows\System\njCnZDJ.exe
  C:\Windows\System\njCnZDJ.exe
  2⤵
  PID:7296
- C:\Windows\System\TlBPoyo.exe
  C:\Windows\System\TlBPoyo.exe
  2⤵
  PID:7696
- C:\Windows\System\jDBwrdx.exe
  C:\Windows\System\jDBwrdx.exe
  2⤵
  PID:8132
- C:\Windows\System\oMkPbDZ.exe
  C:\Windows\System\oMkPbDZ.exe
  2⤵
  PID:7980
- C:\Windows\System\qELDNae.exe
  C:\Windows\System\qELDNae.exe
  2⤵
  PID:1140
- C:\Windows\System\JUvUlQv.exe
  C:\Windows\System\JUvUlQv.exe
  2⤵
  PID:7540
- C:\Windows\System\HDHdluR.exe
  C:\Windows\System\HDHdluR.exe
  2⤵
  PID:7604
- C:\Windows\System\DZkETxF.exe
  C:\Windows\System\DZkETxF.exe
  2⤵
  PID:7640
- C:\Windows\System\cdHEpyr.exe
  C:\Windows\System\cdHEpyr.exe
  2⤵
  PID:7912
- C:\Windows\System\ZhvyOZM.exe
  C:\Windows\System\ZhvyOZM.exe
  2⤵
  PID:7700
- C:\Windows\System\LKxFELC.exe
  C:\Windows\System\LKxFELC.exe
  2⤵
  PID:7732
- C:\Windows\System\xefmDZG.exe
  C:\Windows\System\xefmDZG.exe
  2⤵
  PID:7220
- C:\Windows\System\HcxsxTJ.exe
  C:\Windows\System\HcxsxTJ.exe
  2⤵
  PID:7948
- C:\Windows\System\wPNHrjg.exe
  C:\Windows\System\wPNHrjg.exe
  2⤵
  PID:2444
- C:\Windows\System\RcQWFrm.exe
  C:\Windows\System\RcQWFrm.exe
  2⤵
  PID:1652
- C:\Windows\System\IpXoZbn.exe
  C:\Windows\System\IpXoZbn.exe
  2⤵
  PID:7676
- C:\Windows\System\ruecDdD.exe
  C:\Windows\System\ruecDdD.exe
  2⤵
  PID:7552
- C:\Windows\System\sQeahuz.exe
  C:\Windows\System\sQeahuz.exe
  2⤵
  PID:7284
- C:\Windows\System\OBhrkkS.exe
  C:\Windows\System\OBhrkkS.exe
  2⤵
  PID:7196
- C:\Windows\System\GutcUXN.exe
  C:\Windows\System\GutcUXN.exe
  2⤵
  PID:7800
- C:\Windows\System\GMjUsfS.exe
  C:\Windows\System\GMjUsfS.exe
  2⤵
  PID:7860
- C:\Windows\System\lKHxGCf.exe
  C:\Windows\System\lKHxGCf.exe
  2⤵
  PID:8196
- C:\Windows\System\zVQBOte.exe
  C:\Windows\System\zVQBOte.exe
  2⤵
  PID:8212
- C:\Windows\System\rTXzABB.exe
  C:\Windows\System\rTXzABB.exe
  2⤵
  PID:8228
- C:\Windows\System\xmcxWps.exe
  C:\Windows\System\xmcxWps.exe
  2⤵
  PID:8244
- C:\Windows\System\nucRHJn.exe
  C:\Windows\System\nucRHJn.exe
  2⤵
  PID:8260
- C:\Windows\System\CLrJnzP.exe
  C:\Windows\System\CLrJnzP.exe
  2⤵
  PID:8276
- C:\Windows\System\RjDEiKK.exe
  C:\Windows\System\RjDEiKK.exe
  2⤵
  PID:8292
- C:\Windows\System\mVHPZDV.exe
  C:\Windows\System\mVHPZDV.exe
  2⤵
  PID:8308
- C:\Windows\System\rTRtBty.exe
  C:\Windows\System\rTRtBty.exe
  2⤵
  PID:8324
- C:\Windows\System\SZkERtR.exe
  C:\Windows\System\SZkERtR.exe
  2⤵
  PID:8340
- C:\Windows\System\HfGUnpL.exe
  C:\Windows\System\HfGUnpL.exe
  2⤵
  PID:8356
- C:\Windows\System\zPwdVnh.exe
  C:\Windows\System\zPwdVnh.exe
  2⤵
  PID:8372
- C:\Windows\System\cQvJuAw.exe
  C:\Windows\System\cQvJuAw.exe
  2⤵
  PID:8388
- C:\Windows\System\iNVAIhW.exe
  C:\Windows\System\iNVAIhW.exe
  2⤵
  PID:8404
- C:\Windows\System\QHpLmnZ.exe
  C:\Windows\System\QHpLmnZ.exe
  2⤵
  PID:8420
- C:\Windows\System\HtPAxxt.exe
  C:\Windows\System\HtPAxxt.exe
  2⤵
  PID:8436
- C:\Windows\System\iqjGhUr.exe
  C:\Windows\System\iqjGhUr.exe
  2⤵
  PID:8452
- C:\Windows\System\EpMMPgJ.exe
  C:\Windows\System\EpMMPgJ.exe
  2⤵
  PID:8468
- C:\Windows\System\LBvnwJX.exe
  C:\Windows\System\LBvnwJX.exe
  2⤵
  PID:8484
- C:\Windows\System\mtkadjB.exe
  C:\Windows\System\mtkadjB.exe
  2⤵
  PID:8500
- C:\Windows\System\LfCFYhB.exe
  C:\Windows\System\LfCFYhB.exe
  2⤵
  PID:8516
- C:\Windows\System\cYnDodM.exe
  C:\Windows\System\cYnDodM.exe
  2⤵
  PID:8532
- C:\Windows\System\ACPXExi.exe
  C:\Windows\System\ACPXExi.exe
  2⤵
  PID:8548
- C:\Windows\System\vrPDUCp.exe
  C:\Windows\System\vrPDUCp.exe
  2⤵
  PID:8564
- C:\Windows\System\PXXizRl.exe
  C:\Windows\System\PXXizRl.exe
  2⤵
  PID:8580
- C:\Windows\System\YAJBAOe.exe
  C:\Windows\System\YAJBAOe.exe
  2⤵
  PID:8596
- C:\Windows\System\cQghPcG.exe
  C:\Windows\System\cQghPcG.exe
  2⤵
  PID:8612
- C:\Windows\System\IYJpPPd.exe
  C:\Windows\System\IYJpPPd.exe
  2⤵
  PID:8628
- C:\Windows\System\ahXOnse.exe
  C:\Windows\System\ahXOnse.exe
  2⤵
  PID:8644
- C:\Windows\System\tSyYHRp.exe
  C:\Windows\System\tSyYHRp.exe
  2⤵
  PID:8660
- C:\Windows\System\lhqJfBC.exe
  C:\Windows\System\lhqJfBC.exe
  2⤵
  PID:8676
- C:\Windows\System\eveSyBj.exe
  C:\Windows\System\eveSyBj.exe
  2⤵
  PID:8692
- C:\Windows\System\PNQtnjI.exe
  C:\Windows\System\PNQtnjI.exe
  2⤵
  PID:8708
- C:\Windows\System\kLPJylt.exe
  C:\Windows\System\kLPJylt.exe
  2⤵
  PID:8724
- C:\Windows\System\bmhYgaH.exe
  C:\Windows\System\bmhYgaH.exe
  2⤵
  PID:8744
- C:\Windows\System\KDIJLLd.exe
  C:\Windows\System\KDIJLLd.exe
  2⤵
  PID:8760
- C:\Windows\System\vVIlajh.exe
  C:\Windows\System\vVIlajh.exe
  2⤵
  PID:8776
- C:\Windows\System\AUWsekK.exe
  C:\Windows\System\AUWsekK.exe
  2⤵
  PID:8792
- C:\Windows\System\ITJYwTL.exe
  C:\Windows\System\ITJYwTL.exe
  2⤵
  PID:8808
- C:\Windows\System\CXrudvD.exe
  C:\Windows\System\CXrudvD.exe
  2⤵
  PID:8824
- C:\Windows\System\PxhxUWY.exe
  C:\Windows\System\PxhxUWY.exe
  2⤵
  PID:8840
- C:\Windows\System\kuykMyL.exe
  C:\Windows\System\kuykMyL.exe
  2⤵
  PID:8856
- C:\Windows\System\dznsKvJ.exe
  C:\Windows\System\dznsKvJ.exe
  2⤵
  PID:8872
- C:\Windows\System\kRobTWY.exe
  C:\Windows\System\kRobTWY.exe
  2⤵
  PID:8888
- C:\Windows\System\alvSWLm.exe
  C:\Windows\System\alvSWLm.exe
  2⤵
  PID:8904
- C:\Windows\System\KbgkfXL.exe
  C:\Windows\System\KbgkfXL.exe
  2⤵
  PID:8920
- C:\Windows\System\SNsDWNx.exe
  C:\Windows\System\SNsDWNx.exe
  2⤵
  PID:8936
- C:\Windows\System\iZXrUxb.exe
  C:\Windows\System\iZXrUxb.exe
  2⤵
  PID:8952
- C:\Windows\System\whFIcvJ.exe
  C:\Windows\System\whFIcvJ.exe
  2⤵
  PID:8984
- C:\Windows\System\KZyCBOs.exe
  C:\Windows\System\KZyCBOs.exe
  2⤵
  PID:9000
- C:\Windows\System\wprDDML.exe
  C:\Windows\System\wprDDML.exe
  2⤵
  PID:9016
- C:\Windows\System\ldromdF.exe
  C:\Windows\System\ldromdF.exe
  2⤵
  PID:9032
- C:\Windows\System\ktSyuce.exe
  C:\Windows\System\ktSyuce.exe
  2⤵
  PID:9048
- C:\Windows\System\PAdnDSJ.exe
  C:\Windows\System\PAdnDSJ.exe
  2⤵
  PID:9064
- C:\Windows\System\nWbbBQX.exe
  C:\Windows\System\nWbbBQX.exe
  2⤵
  PID:9080
- C:\Windows\System\oEgZwCk.exe
  C:\Windows\System\oEgZwCk.exe
  2⤵
  PID:9096
- C:\Windows\System\amIxghI.exe
  C:\Windows\System\amIxghI.exe
  2⤵
  PID:9112
- C:\Windows\System\RnQnMiy.exe
  C:\Windows\System\RnQnMiy.exe
  2⤵
  PID:9128
- C:\Windows\System\KOtNQUg.exe
  C:\Windows\System\KOtNQUg.exe
  2⤵
  PID:9144
- C:\Windows\System\UgkEKaw.exe
  C:\Windows\System\UgkEKaw.exe
  2⤵
  PID:9164
- C:\Windows\System\zFdSbTu.exe
  C:\Windows\System\zFdSbTu.exe
  2⤵
  PID:9180
- C:\Windows\System\DSMguzA.exe
  C:\Windows\System\DSMguzA.exe
  2⤵
  PID:9196
- C:\Windows\System\XGpoWDN.exe
  C:\Windows\System\XGpoWDN.exe
  2⤵
  PID:9212
- C:\Windows\System\qLpmMaN.exe
  C:\Windows\System\qLpmMaN.exe
  2⤵
  PID:8204
- C:\Windows\System\EvmIuKr.exe
  C:\Windows\System\EvmIuKr.exe
  2⤵
  PID:2268
- C:\Windows\System\EJRBRjd.exe
  C:\Windows\System\EJRBRjd.exe
  2⤵
  PID:8252
- C:\Windows\System\iUZkrUa.exe
  C:\Windows\System\iUZkrUa.exe
  2⤵
  PID:8220
- C:\Windows\System\iCsDqpS.exe
  C:\Windows\System\iCsDqpS.exe
  2⤵
  PID:8336
- C:\Windows\System\tOHtLKe.exe
  C:\Windows\System\tOHtLKe.exe
  2⤵
  PID:8316
- C:\Windows\System\KYDWuPj.exe
  C:\Windows\System\KYDWuPj.exe
  2⤵
  PID:7280
- C:\Windows\System\flBaooA.exe
  C:\Windows\System\flBaooA.exe
  2⤵
  PID:8384
- C:\Windows\System\UGDxIGV.exe
  C:\Windows\System\UGDxIGV.exe
  2⤵
  PID:8428
- C:\Windows\System\hZRGBYj.exe
  C:\Windows\System\hZRGBYj.exe
  2⤵
  PID:1480
- C:\Windows\System\hFgRrnu.exe
  C:\Windows\System\hFgRrnu.exe
  2⤵
  PID:8444
- C:\Windows\System\MDVrezJ.exe
  C:\Windows\System\MDVrezJ.exe
  2⤵
  PID:8508
- C:\Windows\System\zaaqvge.exe
  C:\Windows\System\zaaqvge.exe
  2⤵
  PID:8556
- C:\Windows\System\YQEsjeC.exe
  C:\Windows\System\YQEsjeC.exe
  2⤵
  PID:8544
- C:\Windows\System\neZhjFu.exe
  C:\Windows\System\neZhjFu.exe
  2⤵
  PID:8576
- C:\Windows\System\ySyhJYQ.exe
  C:\Windows\System\ySyhJYQ.exe
  2⤵
  PID:8656
- C:\Windows\System\GsqyxPY.exe
  C:\Windows\System\GsqyxPY.exe
  2⤵
  PID:8620
- C:\Windows\System\UFtPwpb.exe
  C:\Windows\System\UFtPwpb.exe
  2⤵
  PID:8716
- C:\Windows\System\FWuVRZZ.exe
  C:\Windows\System\FWuVRZZ.exe
  2⤵
  PID:8784
- C:\Windows\System\SWagsOi.exe
  C:\Windows\System\SWagsOi.exe
  2⤵
  PID:8732
- C:\Windows\System\kZThjOC.exe
  C:\Windows\System\kZThjOC.exe
  2⤵
  PID:8800
- C:\Windows\System\lRSYsee.exe
  C:\Windows\System\lRSYsee.exe
  2⤵
  PID:8852
- C:\Windows\System\VBatdzW.exe
  C:\Windows\System\VBatdzW.exe
  2⤵
  PID:8896
- C:\Windows\System\YGANUZE.exe
  C:\Windows\System\YGANUZE.exe
  2⤵
  PID:8848
- C:\Windows\System\usGBBzR.exe
  C:\Windows\System\usGBBzR.exe
  2⤵
  PID:8948
- C:\Windows\System\SRyHpjp.exe
  C:\Windows\System\SRyHpjp.exe
  2⤵
  PID:8968
- C:\Windows\System\clOZjsB.exe
  C:\Windows\System\clOZjsB.exe
  2⤵
  PID:8992
- C:\Windows\System\DZNmMFv.exe
  C:\Windows\System\DZNmMFv.exe
  2⤵
  PID:9056
- C:\Windows\System\HaYORaM.exe
  C:\Windows\System\HaYORaM.exe
  2⤵
  PID:9124
- C:\Windows\System\OeKCHae.exe
  C:\Windows\System\OeKCHae.exe
  2⤵
  PID:9072
- C:\Windows\System\ApZvAGE.exe
  C:\Windows\System\ApZvAGE.exe
  2⤵
  PID:9108
- C:\Windows\System\JkkgSNh.exe
  C:\Windows\System\JkkgSNh.exe
  2⤵
  PID:9172
- C:\Windows\System\CMePPUl.exe
  C:\Windows\System\CMePPUl.exe
  2⤵
  PID:9188
- C:\Windows\System\ZfAyxyq.exe
  C:\Windows\System\ZfAyxyq.exe
  2⤵
  PID:8332
- C:\Windows\System\nHAFHfE.exe
  C:\Windows\System\nHAFHfE.exe
  2⤵
  PID:8320
- C:\Windows\System\JsAWaPy.exe
  C:\Windows\System\JsAWaPy.exe
  2⤵
  PID:8412
- C:\Windows\System\zxsbgvw.exe
  C:\Windows\System\zxsbgvw.exe
  2⤵
  PID:8368
- C:\Windows\System\oaEZWni.exe
  C:\Windows\System\oaEZWni.exe
  2⤵
  PID:8272
- C:\Windows\System\gslBWAK.exe
  C:\Windows\System\gslBWAK.exe
  2⤵
  PID:8492
- C:\Windows\System\boyvASi.exe
  C:\Windows\System\boyvASi.exe
  2⤵
  PID:7716
- C:\Windows\System\oFSxbcU.exe
  C:\Windows\System\oFSxbcU.exe
  2⤵
  PID:8640
- C:\Windows\System\FOkJdNF.exe
  C:\Windows\System\FOkJdNF.exe
  2⤵
  PID:8752
- C:\Windows\System\OQncnHW.exe
  C:\Windows\System\OQncnHW.exe
  2⤵
  PID:8704
- C:\Windows\System\DaoDytT.exe
  C:\Windows\System\DaoDytT.exe
  2⤵
  PID:8700
- C:\Windows\System\SczWklO.exe
  C:\Windows\System\SczWklO.exe
  2⤵
  PID:8884
- C:\Windows\System\zZANQCt.exe
  C:\Windows\System\zZANQCt.exe
  2⤵
  PID:8912
- C:\Windows\System\VBIvwqZ.exe
  C:\Windows\System\VBIvwqZ.exe
  2⤵
  PID:8932
- C:\Windows\System\bGMnqlS.exe
  C:\Windows\System\bGMnqlS.exe
  2⤵
  PID:9012
- C:\Windows\System\gyHoYrF.exe
  C:\Windows\System\gyHoYrF.exe
  2⤵
  PID:9104
- C:\Windows\System\IVbilBT.exe
  C:\Windows\System\IVbilBT.exe
  2⤵
  PID:9140
- C:\Windows\System\BGgXekA.exe
  C:\Windows\System\BGgXekA.exe
  2⤵
  PID:9204
- C:\Windows\System\iLgBSno.exe
  C:\Windows\System\iLgBSno.exe
  2⤵
  PID:8540
- C:\Windows\System\bUBuZUa.exe
  C:\Windows\System\bUBuZUa.exe
  2⤵
  PID:8816
- C:\Windows\System\ZVgETUG.exe
  C:\Windows\System\ZVgETUG.exe
  2⤵
  PID:8964
- C:\Windows\System\toehdBM.exe
  C:\Windows\System\toehdBM.exe
  2⤵
  PID:9156
- C:\Windows\System\EXkanxp.exe
  C:\Windows\System\EXkanxp.exe
  2⤵
  PID:8268
- C:\Windows\System\MtOfngt.exe
  C:\Windows\System\MtOfngt.exe
  2⤵
  PID:9160
- C:\Windows\System\mYJavng.exe
  C:\Windows\System\mYJavng.exe
  2⤵
  PID:8416
- C:\Windows\System\MXTJowE.exe
  C:\Windows\System\MXTJowE.exe
  2⤵
  PID:8928
- C:\Windows\System\RdZxSuJ.exe
  C:\Windows\System\RdZxSuJ.exe
  2⤵
  PID:9152
- C:\Windows\System\iTZbfeU.exe
  C:\Windows\System\iTZbfeU.exe
  2⤵
  PID:8672
- C:\Windows\System\TijrOSq.exe
  C:\Windows\System\TijrOSq.exe
  2⤵
  PID:9232
- C:\Windows\System\QGsBWSq.exe
  C:\Windows\System\QGsBWSq.exe
  2⤵
  PID:9248
- C:\Windows\System\zXUBNqu.exe
  C:\Windows\System\zXUBNqu.exe
  2⤵
  PID:9264
- C:\Windows\System\VKXtRQe.exe
  C:\Windows\System\VKXtRQe.exe
  2⤵
  PID:9280
- C:\Windows\System\wGezIvX.exe
  C:\Windows\System\wGezIvX.exe
  2⤵
  PID:9296
- C:\Windows\System\wWjOQil.exe
  C:\Windows\System\wWjOQil.exe
  2⤵
  PID:9312
- C:\Windows\System\mXZclbL.exe
  C:\Windows\System\mXZclbL.exe
  2⤵
  PID:9328
- C:\Windows\System\jrvExdd.exe
  C:\Windows\System\jrvExdd.exe
  2⤵
  PID:9344
- C:\Windows\System\wCpfTJW.exe
  C:\Windows\System\wCpfTJW.exe
  2⤵
  PID:9360
- C:\Windows\System\SfsbDyG.exe
  C:\Windows\System\SfsbDyG.exe
  2⤵
  PID:9376
- C:\Windows\System\EuaeSxD.exe
  C:\Windows\System\EuaeSxD.exe
  2⤵
  PID:9392
- C:\Windows\System\fbKJscg.exe
  C:\Windows\System\fbKJscg.exe
  2⤵
  PID:9412
- C:\Windows\System\zpShMDk.exe
  C:\Windows\System\zpShMDk.exe
  2⤵
  PID:9428
- C:\Windows\System\bAvgKvc.exe
  C:\Windows\System\bAvgKvc.exe
  2⤵
  PID:9444
- C:\Windows\System\uspyLii.exe
  C:\Windows\System\uspyLii.exe
  2⤵
  PID:9460
- C:\Windows\System\frmbutu.exe
  C:\Windows\System\frmbutu.exe
  2⤵
  PID:9476
- C:\Windows\System\DkKQQXS.exe
  C:\Windows\System\DkKQQXS.exe
  2⤵
  PID:9492
- C:\Windows\System\xdqWgWu.exe
  C:\Windows\System\xdqWgWu.exe
  2⤵
  PID:9508
- C:\Windows\System\iMcgRbQ.exe
  C:\Windows\System\iMcgRbQ.exe
  2⤵
  PID:9524
- C:\Windows\System\knbOtkt.exe
  C:\Windows\System\knbOtkt.exe
  2⤵
  PID:9544
- C:\Windows\System\OdZPNda.exe
  C:\Windows\System\OdZPNda.exe
  2⤵
  PID:9560
- C:\Windows\System\xswYsAi.exe
  C:\Windows\System\xswYsAi.exe
  2⤵
  PID:9576
- C:\Windows\System\msccSTV.exe
  C:\Windows\System\msccSTV.exe
  2⤵
  PID:9592
- C:\Windows\System\GrUvzpU.exe
  C:\Windows\System\GrUvzpU.exe
  2⤵
  PID:9612
- C:\Windows\System\duGAKOB.exe
  C:\Windows\System\duGAKOB.exe
  2⤵
  PID:9628
- C:\Windows\System\XxNGUCx.exe
  C:\Windows\System\XxNGUCx.exe
  2⤵
  PID:9644
- C:\Windows\System\vvQktPT.exe
  C:\Windows\System\vvQktPT.exe
  2⤵
  PID:9664
- C:\Windows\System\XIgoHuz.exe
  C:\Windows\System\XIgoHuz.exe
  2⤵
  PID:9680
- C:\Windows\System\iGNEyJB.exe
  C:\Windows\System\iGNEyJB.exe
  2⤵
  PID:9696
- C:\Windows\System\uvLafVu.exe
  C:\Windows\System\uvLafVu.exe
  2⤵
  PID:9712
- C:\Windows\System\arItbDb.exe
  C:\Windows\System\arItbDb.exe
  2⤵
  PID:9740
- C:\Windows\System\fKuntEe.exe
  C:\Windows\System\fKuntEe.exe
  2⤵
  PID:9756
- C:\Windows\System\kDEsgWn.exe
  C:\Windows\System\kDEsgWn.exe
  2⤵
  PID:9772
- C:\Windows\System\sRatoXw.exe
  C:\Windows\System\sRatoXw.exe
  2⤵
  PID:9788
- C:\Windows\System\YrFztat.exe
  C:\Windows\System\YrFztat.exe
  2⤵
  PID:9808
- C:\Windows\System\BBZFUld.exe
  C:\Windows\System\BBZFUld.exe
  2⤵
  PID:9824
- C:\Windows\System\DPxyXVo.exe
  C:\Windows\System\DPxyXVo.exe
  2⤵
  PID:9840
- C:\Windows\System\YkJfAAZ.exe
  C:\Windows\System\YkJfAAZ.exe
  2⤵
  PID:9860
- C:\Windows\System\jdNgXEJ.exe
  C:\Windows\System\jdNgXEJ.exe
  2⤵
  PID:9876
- C:\Windows\System\YWVkInC.exe
  C:\Windows\System\YWVkInC.exe
  2⤵
  PID:9892
- C:\Windows\System\TMgBuJB.exe
  C:\Windows\System\TMgBuJB.exe
  2⤵
  PID:9908
- C:\Windows\System\ZORVhvR.exe
  C:\Windows\System\ZORVhvR.exe
  2⤵
  PID:9924
- C:\Windows\System\mmHHtQO.exe
  C:\Windows\System\mmHHtQO.exe
  2⤵
  PID:9940
- C:\Windows\System\BmpFBaP.exe
  C:\Windows\System\BmpFBaP.exe
  2⤵
  PID:9956
- C:\Windows\System\DxgktUq.exe
  C:\Windows\System\DxgktUq.exe
  2⤵
  PID:9972
- C:\Windows\System\juYVuuL.exe
  C:\Windows\System\juYVuuL.exe
  2⤵
  PID:9988
- C:\Windows\System\hfXtlwQ.exe
  C:\Windows\System\hfXtlwQ.exe
  2⤵
  PID:10004
- C:\Windows\System\YeYJfLQ.exe
  C:\Windows\System\YeYJfLQ.exe
  2⤵
  PID:10020
- C:\Windows\System\vZFOsoF.exe
  C:\Windows\System\vZFOsoF.exe
  2⤵
  PID:10036
- C:\Windows\System\RtGFBVC.exe
  C:\Windows\System\RtGFBVC.exe
  2⤵
  PID:10052
- C:\Windows\System\jyfBzvR.exe
  C:\Windows\System\jyfBzvR.exe
  2⤵
  PID:10072
- C:\Windows\System\xHOuYip.exe
  C:\Windows\System\xHOuYip.exe
  2⤵
  PID:10108
- C:\Windows\System\JjMUOkx.exe
  C:\Windows\System\JjMUOkx.exe
  2⤵
  PID:10132
- C:\Windows\System\aIWKYAa.exe
  C:\Windows\System\aIWKYAa.exe
  2⤵
  PID:10148
- C:\Windows\System\gymXkWN.exe
  C:\Windows\System\gymXkWN.exe
  2⤵
  PID:10168
- C:\Windows\System\NddULnf.exe
  C:\Windows\System\NddULnf.exe
  2⤵
  PID:10188
- C:\Windows\System\FRxOpPE.exe
  C:\Windows\System\FRxOpPE.exe
  2⤵
  PID:10204
- C:\Windows\System\DngCZLm.exe
  C:\Windows\System\DngCZLm.exe
  2⤵
  PID:10224
- C:\Windows\System\oLwNqoJ.exe
  C:\Windows\System\oLwNqoJ.exe
  2⤵
  PID:9120
- C:\Windows\System\vRrPTgr.exe
  C:\Windows\System\vRrPTgr.exe
  2⤵
  PID:8804
- C:\Windows\System\iXHNRxY.exe
  C:\Windows\System\iXHNRxY.exe
  2⤵
  PID:8864
- C:\Windows\System\ejOFwPw.exe
  C:\Windows\System\ejOFwPw.exe
  2⤵
  PID:9224
- C:\Windows\System\oeTQjkB.exe
  C:\Windows\System\oeTQjkB.exe
  2⤵
  PID:9260
- C:\Windows\System\kQLmHnk.exe
  C:\Windows\System\kQLmHnk.exe
  2⤵
  PID:9584
- C:\Windows\System\bXVlCUE.exe
  C:\Windows\System\bXVlCUE.exe
  2⤵
  PID:9780
- C:\Windows\System\bEZlxFj.exe
  C:\Windows\System\bEZlxFj.exe
  2⤵
  PID:9728
- C:\Windows\System\Zwvfxmp.exe
  C:\Windows\System\Zwvfxmp.exe
  2⤵
  PID:9816
- C:\Windows\System\jNYebUs.exe
  C:\Windows\System\jNYebUs.exe
  2⤵
  PID:9852
- C:\Windows\System\VLQURnm.exe
  C:\Windows\System\VLQURnm.exe
  2⤵
  PID:9836
- C:\Windows\System\LCTMPQS.exe
  C:\Windows\System\LCTMPQS.exe
  2⤵
  PID:9948
- C:\Windows\System\rUaTtuU.exe
  C:\Windows\System\rUaTtuU.exe
  2⤵
  PID:9984
- C:\Windows\System\sWDhSlT.exe
  C:\Windows\System\sWDhSlT.exe
  2⤵
  PID:9872
- C:\Windows\System\juSqcac.exe
  C:\Windows\System\juSqcac.exe
  2⤵
  PID:10032
- C:\Windows\System\jkveQGh.exe
  C:\Windows\System\jkveQGh.exe
  2⤵
  PID:9964
- C:\Windows\System\zAfblsQ.exe
  C:\Windows\System\zAfblsQ.exe
  2⤵
  PID:10000
- C:\Windows\System\KgkBEnf.exe
  C:\Windows\System\KgkBEnf.exe
  2⤵
  PID:10068
- C:\Windows\System\OfJYaaY.exe
  C:\Windows\System\OfJYaaY.exe
  2⤵
  PID:10084
- C:\Windows\System\jgqgCBE.exe
  C:\Windows\System\jgqgCBE.exe
  2⤵
  PID:10116
- C:\Windows\System\QkDosoM.exe
  C:\Windows\System\QkDosoM.exe
  2⤵
  PID:10124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CScHdsb.exe

Filesize
6.0MB

MD5
decb6da83be657ad5c1ac8522e94f2ac

SHA1
7a730b131edc5546263ae829d0cc9402f71c9b22

SHA256
6c7fb87d75b6081aee364dab3bd9c1780a1cf0447fc0aaf853176a8ef3b5b483

SHA512
6032cc39de5f253a9afff7bdbe67f397bacf1aefdb8f31baba47c01f7b35ede2119cf654ff1af3bb9d8b92c7f55679d7090957cef161abaa54cd5cb9c679c835

Download Submit
C:\Windows\system\EozbSkb.exe

Filesize
6.0MB

MD5
b0abd2675a200e5b3d0203cb4bb3a5bc

SHA1
324a2aa2f4e2830711c93efa017bf241a8ffbcfc

SHA256
33aedf4630596aa29560e4ad38643b0b7528b680da2b86de547a83ba8e8b6ea2

SHA512
15dd982749233ee46dd3372a2005ef6f1def75fa2956f1110d951c7903f8b72b65811b035046ea7951367162c391596e8f21c74f1e40b4fb70d8df3888740324

Download Submit
C:\Windows\system\GzMpEba.exe

Filesize
6.0MB

MD5
fdbf5b6e9c13ed2b47a3967f47d8dd56

SHA1
8583a5e0a5829fbfb96fedf7f2b487461dae8868

SHA256
296f1c0318c729d56c11008fce9e270799c619fab24846c34c5fb118e31e0eb8

SHA512
10f2300a03b783cf0bb0aedc8dc119187cdbbfbc430b397e01a4debca1e7e5b4185eaa999b70c6bfaaae873509a2c6c494bb6b26187740ca52f8c63b51d07793

Download Submit
C:\Windows\system\IWyzVjZ.exe

Filesize
6.0MB

MD5
48fb5604fbe6b42e9e0f6082467ab693

SHA1
05e9e5fb316098f23759bc653ffc829bf7ce0391

SHA256
40abe799877b1e8fc1f9cf9ce1fa67186496f33bdec38bb91a4a9b64714d2c4b

SHA512
202774fefa2f001ed1e5a5a2fd0bef785e1cf7f8dbd44c51df511def4fce78b6e38cd16dbdd798db00aa07e5659ee2d3b0b847c11a2860dd33e8a29ece6fbd20

Download Submit
C:\Windows\system\LXcsAFC.exe

Filesize
6.0MB

MD5
ab80cb0530cab1ff12262f346c44a9fc

SHA1
13df9daf9d9096730e9edca6c181cac69c1b9551

SHA256
a099bc7ebe36b48332b957a83d12c47308da005956bf837f2f2d4c5e27c4a1fc

SHA512
328d2fb40ad3553e00c593f8709f375c3729fd8fdb0b1ed3fb1600773fbb4f21ff4763f69bfe53591cd0132770b66de047ce0f87c89a53f85f31e5b873adcb93

Download Submit
C:\Windows\system\MqLzlXq.exe

Filesize
6.0MB

MD5
daeb15ce7f3faed1c7c470de73205741

SHA1
19ac5735596ad01cb917fcc54ea6eebd3d7b1efb

SHA256
96eaa7366f404dcecce69b84def1966d4900786228280abe8045fb0281413b2e

SHA512
5339c86afc88e1ce4131f1fc1c412cc8161f62715ebcaec7ca3ef5cfae66f0b959729822b2a3fa7a6c30bc4133e61626a0e7d9159faf20518729d4989b5f6c36

Download Submit
C:\Windows\system\OVfodTX.exe

Filesize
6.0MB

MD5
d0584a457e1a10ebd09ac8dae38a581f

SHA1
5b027b3e5e945fde77d1930e484ab3afd9dba0c7

SHA256
add410f28fe9f1e3a21d14c23a0099cd1a878b7ef32fa0d356ca33495918424f

SHA512
cf8e73efd7d70a900f942a0331d803a8c54c3b3f37c15518b766be96cf413562dadc488699a051cc7226b80a76203fdd71f10dc0e195ec2be85138a7e1912515

Download Submit
C:\Windows\system\PFQZiJQ.exe

Filesize
6.0MB

MD5
f583f8c2532abc038b522491c3e25d82

SHA1
0110b9822cdf395444b1401ed6b3a6a53a3ee263

SHA256
5879a94c94074d3676c09f6507d6c23c76d84a33920b7bab67a5bf4a4f21c06d

SHA512
d85c2aa023e7d97e27c1499f412360642dd1322297a7976ee8fd75c6bf9a1fa2fa58d906e20c8aeb7c658c508297e73dad34bf7810307937faf4c0771f924889

Download Submit
C:\Windows\system\QLSoFPj.exe

Filesize
6.0MB

MD5
e2abffe4cbe87eec9b7410446c90d94c

SHA1
cd9d36e6ed5485f1881cbdb83e7bc6646f3c1920

SHA256
2a7d411a6929d2fda51bba0d5d312e106ac473df93f914b383da2e3095aef658

SHA512
1319406abfd98eb99b11094a60ca90f7d6245b3a21d34a32dcb4c09641785191c53428560fc4dae915a4f334ba1ab06c2b93c5816afd60c4cddbeefc2f3d28cc

Download Submit
C:\Windows\system\RcEGxXk.exe

Filesize
6.0MB

MD5
480c82e292c60987a79c769d5b47abdf

SHA1
e03a5270e5a49df0249cc919aaec129df9d5dd7a

SHA256
ee460ff2f121b6b6d87839bba69655dfc34ff163f800bf6f45a8dd80d9ac765d

SHA512
b2e1d165bca6c39dc527f01765a376fb82dd9dcfda9c0dfdbd119f5dbd0d35ddd5dc7cf9f88e12321f6ee4b1e5be0381ac264d32a15a0370d2460d687ec359a7

Download Submit
C:\Windows\system\VLZqIwP.exe

Filesize
6.0MB

MD5
04b8d855e564d5ccb07152174551fbb8

SHA1
142c27b26b347a8717b3cb497076ec0a59203fc4

SHA256
3118821d94742b2973937453549bb14ff5c1322358a7ab75c90f30b9ff28fac9

SHA512
6e1588080a970330cf7b529dc628a295a5c96c972c1c0449122196f21e5f5669be240f828ff606f55d6fbc2d519dec41af4e9148d8ab63a9b8e94623fa141483

Download Submit
C:\Windows\system\XiEzuJK.exe

Filesize
6.0MB

MD5
b563f89e776afcdc1d8d0e3300cd615a

SHA1
42508ac723dd6fb1495d8eaed7fe59b2a7b477d4

SHA256
aa02a7ed542043bbbb441dbbfd8544728915c8dfe12ca47694068617e45e95c1

SHA512
9ae60e8f4fb7e856d3775b70d8dd3d10d832ded3684a07acfae23cb51294c3bee47d0476af48023fe3199f537111c75e5eafb83c87651383a94d95b3f3b3c978

Download Submit
C:\Windows\system\ZHyBLJN.exe

Filesize
6.0MB

MD5
deb471fa9aacc5adba646ceadb5bb73b

SHA1
cf4f79e3e19c5bc777cd937f8591a33614602b0e

SHA256
305d89e14238a3b7f85bb69d54e43e2f7db87507aba1c177cf4e4794d949a3a9

SHA512
e4113db45d91990a5603b038761f74e2cde7fe706d605ed3ee3983984f2b88ebafa4647a3ae19e143b7774d48e3910c0454f3f8c16bf0a17ebe12d4ebb73fad9

Download Submit
C:\Windows\system\cLGyqAq.exe

Filesize
6.0MB

MD5
ec5b79e8d7154ab39fe7e1cb657abe13

SHA1
4506770f692af7c1444ff62b7c62ec63f6f62326

SHA256
5c3db636cfa804e62682c3015500440b092c48392553bb3425d3a7da36e79cd4

SHA512
97158901c397739f05fdebcf27eb113f586fe0fffc6869e696fa4710f201c432108409fbaf3a6e5410cca394b80e02c7aed38f9003ae99b4c1bb7563cd53a515

Download Submit
C:\Windows\system\cnDOHeI.exe

Filesize
6.0MB

MD5
d2a7716f42001928f0321499c908279a

SHA1
16da3062f2616c83fe192bcba99fe17c067e2f4b

SHA256
85ec3f8a84ac016e0b620bded9b2de447acd4f7210e8bf219e0a730b3f84b97e

SHA512
3a3de535e82102f51d7731dc6a06a484330e472ec3959949399a74cc05eb268d0a13cc5569dc72550ff887dbe1073cccf3ce3fa02177be95bf1588175e6fe5e7

Download Submit
C:\Windows\system\dakbJpx.exe

Filesize
6.0MB

MD5
a5e021392bb6dcc321276cb4a7a4637d

SHA1
5eff9db443002c18c4f10237d481547bfce7d685

SHA256
d0a7c5d5639804a9f69e107573c5c1c0fe86a4e25dea9ee0438135c793c8ac0b

SHA512
775c465ec1944e30f3a4e14406d9664aaa44b84234c52fa029a126d1a11b1187a5e4300573a1ddf2adef38e56cfadf976f4eb166f5cb65a32273317295b3066b

Download Submit
C:\Windows\system\gdiXjqW.exe

Filesize
6.0MB

MD5
fcdb3c84b5836fcf1af3cd709ee5880a

SHA1
01461bca21c8b7449862d874714f5974633e6073

SHA256
bcac0e6a14e1deff301064db5ed13c578855715bcc609ea123492bf551733493

SHA512
baf24f81b45abb97bfaf8d5223ba00e1c8d543a0eccf12a348cd10a2df9432502ba4389b10d8e626e0696f19de315f6cc2020efa7c229fa5e64f9a65d6246852

Download Submit
C:\Windows\system\pLGNGgU.exe

Filesize
6.0MB

MD5
127bc8e791b3fb30f97cd5de80097d9f

SHA1
335c4e32418840d430755915dfe9ff6d3ba8fb20

SHA256
f33ac569b05a5571c1585c119d05b6a6f3890515d994321e739274180563785b

SHA512
bf0f5dd5e0aa21511a027b98c5be34417f9caca30815bdf6cdecda1fe4f1d41a690936afda950c771034d5033cc6021119d4291c188d2862c950f454994559e1

Download Submit
C:\Windows\system\psDQOpF.exe

Filesize
6.0MB

MD5
d83aca4bad5ea972d6f4613bc8a7c06f

SHA1
08ce2652171cc423755fca3b96e1077d99e563d3

SHA256
99b528b9b194ae47d87f9f1b2e2a5b7f7845032c30fb2312cbba6e0033c02100

SHA512
54931dde7689040ed9c89f4447256d43d3f71db5315c07e292bb6cc0acd43e337b396f23e08044b9701d135c3e6219ee99c3b6fbb05e38a15171e8ec959b33cf

Download Submit
C:\Windows\system\rdOEgJJ.exe

Filesize
6.0MB

MD5
1f6da72415fb3e4f28cefbe0451e4a2a

SHA1
be93f827d3f29d6792cffaee26ddd568d2010664

SHA256
a594471fa3e2d2cd99f7411a0be8456b1f69fc28183e6ea312f2702629898546

SHA512
2104ee6bff2c33f480480821e2f536173e011ee52dd694f1d59a5a2796c8d2ee856090b052b0b19496fb583f9fb12d1772381ed6c6e1586264e16446eab8e829

Download Submit
C:\Windows\system\tuzQJda.exe

Filesize
6.0MB

MD5
c6002098b7b9203a023469508487d365

SHA1
09e4f250acfac1cde28806d5c9cbcbd9d6b839ef

SHA256
05eb6964388265682956e9254c0166573a76d16d63978283a52e712208d157ea

SHA512
63c4f2832c720d5a0d1a5727712e3f94c2f7dc4a7ea0def9d2d88dd23db1d809dfd6117bdeed70922f38b6814a653e12a93a178314ea634c471fe7bf03ace4a1

Download Submit
C:\Windows\system\twwFokh.exe

Filesize
6.0MB

MD5
54227db23b64354d2ae551e07798c525

SHA1
2d1c1c2db269d18967134df12ec231142c40bd74

SHA256
bec08ade0b2860d9a7b83f328d37b980610a7c58604fc7ca7af2436313f25779

SHA512
36720536162e4c694399a579214a2e58ea48d2b12396cc26be013d1bfa05a12b2e84a21a706df0acc397020a2c9e0257b696db927c3802fec70fa46566eaecd9

Download Submit
C:\Windows\system\ucpselN.exe

Filesize
6.0MB

MD5
49fcbb2b6418e0483e216a46b14b128b

SHA1
3d0a86e1f020bebd5cfd9b53f6aac281c22148fe

SHA256
b47da6d77daed4623c66865053010b0c9ec9a899dabc07587c8d97ae4f4e8115

SHA512
5d800d0fb8583d2bd0eb3715020f76fbb39bd63bf2575ecb4dc17cc46830538e98d672cff840a3370c913fc5a543f27274b1e9a105b6f9b6515d36de5e868d7b

Download Submit
C:\Windows\system\wRMLWKF.exe

Filesize
6.0MB

MD5
573a737d9d0c503744708a604fb4198c

SHA1
8a096b8037e2bc8916bd50126e5cf697820c32ff

SHA256
2bc7d4f6c0a4055b04c055689b0ac9d14369eea35686434d6b14c888c308a055

SHA512
6ce229ca0d4e16b836f57eddb66ec065b2f69338816a880b4519178459dfb42358bcc5e049db09359ca18c670198a2232502d44fe30c15c1bd68964f68317c42

Download Submit
C:\Windows\system\xMAICmq.exe

Filesize
6.0MB

MD5
49a67e392716d88e1e5f6fb21004ea28

SHA1
58c04e8b8e5c6757c64bc2803db0b16f37808737

SHA256
d743f673c8ff2373961f88e7f9bb1e4bdc8039184bc1e851bb93380e97a22f1a

SHA512
b99e48863b19bdd7c996e97556832dffc10701ac58e4d01863595265a08a6d7cb2d2d5df9f25ea3915816daa2f016687a514e420b43c2a265e55f00ff458b272

Download Submit
C:\Windows\system\yzZoKnI.exe

Filesize
6.0MB

MD5
f58a719763703aca892d4d454f8045db

SHA1
4aafa18d41c782b9258ce7b58adb919c876b88bc

SHA256
98258522e1c7b7c882b3a199fc70ea016128016258122168327770855a5fa14b

SHA512
1918111435843aa6284f97c097166c097d00160057b739d19ed5d0f04e6a3723850d59c5870bd7777b60c5012f1da464f2ed99c52b681bf73fbb7a712a9c5954

Download Submit
C:\Windows\system\zOVBmRk.exe

Filesize
6.0MB

MD5
055c479a7bb4d58cc040c38242e5d4c9

SHA1
812e6b9c5c6741dd531e86118dbdea722d14bb84

SHA256
75dfad638b24ce940daf5b087ee1bee4806bfc02529c7883695e78e679e091f6

SHA512
b4de183c19250524939b60e9c94863413243a09570b629bcb4338084395eab8aa3eb300523354cddac12e632ee5e16a3ffb6a2fb19671d2c32a637f922f18885

Download Submit
C:\Windows\system\ztdmhow.exe

Filesize
6.0MB

MD5
e9c389429905d7e9288a8d4e69ff6da6

SHA1
d0a7339129b2958ded5125d80405be6400ee5e69

SHA256
7bd45920e9073915e7634dacd9b82df960a8c766f213ed17d845ee03eec85f1b

SHA512
4859cb8883e28efc6b33a8a9a982982c49b5dda7e5631c7b5f3d5c6e4619ea77ca739a94dccccba33355ed325a8a7b04163a4d1d67c4845d30e27e1853847185

Download Submit
\Windows\system\CmiFUtD.exe

Filesize
6.0MB

MD5
977d1bd3e057ccba1ad9d3fbb6b067db

SHA1
30e80c110b5b7719ca94c00db3ea3d1499dffefe

SHA256
f3d89a5aaf4175099ed29396a915c0eea92b5b80b9dcf4b6b3a25994463d5ee1

SHA512
7dd1532b2229c4141754006c0744a989eae0c37cd5a49e415a7c650c139af95f13871d775605936a285dd4badb03968ff82d334fa812301cf6382b18fbdae9e6

Download Submit
\Windows\system\NQgrlpx.exe

Filesize
6.0MB

MD5
613e21d75d9170ec1bf5db56a7bc071f

SHA1
d3a570f2aca3048180d91826237aedb9a24ed98e

SHA256
dc6f3ddace9c8f4da9b00ae1a23f40b0f0c73d4e05258da7ff140ce7c9ba9efc

SHA512
ec6a53c8b1fde54839df53372f083dad3e359857f872a724dd2c2fe22cce2c05495e4526dbf087544d8c9a7e3b585729ba8987c5b3d79cbbb15ac169f6f6b224

Download Submit
\Windows\system\ZQuWBPb.exe

Filesize
6.0MB

MD5
f71a84a39494a2ba3a81d625f9ca2e8b

SHA1
7d14bd97e6dad608959a39ab865cb48b03f68b84

SHA256
1967555fe5556e18e3ed8dd95a333b9b8116de77687bbb8258bdb8c4a6bdbc7f

SHA512
11722a4988bff2410002fb26afe559ca05589536ce2944df8d41e8bf571b40ebaf40d91381b25be22153202cd76339a9c512054243c32be9d1a74c58c42d4c9a

Download Submit
\Windows\system\pDyOcnS.exe

Filesize
6.0MB

MD5
75d6d8d86cecbdeea2ee2d733fb3af75

SHA1
d282284bff7c97e2cf65bab59c07216b6c0fafd0

SHA256
1fb11021b6cb718837e32b846aad04363e3ab370260e871c5c9624946f71894a

SHA512
5b5c5cf28d92f635294a8404adcf845976009ad2d474c0c7ba6408db9851f6914b1a667c10f910dd1613326e148033587ad67c8dc64b81f3e972acedfd81d04f

Download Submit
memory/1056-101-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-91-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1056-473-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-354-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-288-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-27-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1056-96-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-112-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-111-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1056-92-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-50-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1056-71-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-14-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-10-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-45-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1056-22-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1056-51-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-81-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1056-80-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1056-64-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1056-52-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1586-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1664-26-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2212-100-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1622-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2476-82-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1603-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1625-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-15-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-93-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1624-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1562-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2652-72-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2652-148-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2656-57-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1594-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2656-104-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2788-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-79-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1566-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1623-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2800-65-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2836-48-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1613-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2872-29-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1637-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2872-66-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1616-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-16-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-105-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1632-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1565-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3024-49-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download