cobaltstrike | d5a1ccbf47cfac833c9aadcd431d50a8edb28e28b946dd52647f1dc02c918e73

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

98df38c2c2041a8954f5407038886a63
SHA1

092341f3aaf2b4067da26e8316873135aae4634f
SHA256

d5a1ccbf47cfac833c9aadcd431d50a8edb28e28b946dd52647f1dc02c918e73
SHA512

f70c251b05be43a14d9f6632fdbdf6f7f735fbc3e641b4977db6fec9fa7739720b781556ad61467748340987fc4625f573094243f4beb80683db7fcb348ab86d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195c5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019609-10.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960d-25.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960f-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019461-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019611-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019615-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c59-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cb9-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a037-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a34c-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a458-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a466-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45e-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45c-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a407-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0da-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a9-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a3-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03d-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019efb-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019deb-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc2-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc0-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199bf-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000197f8-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001227e-6.dat	xmrig
behavioral1/files/0x00070000000195c5-12.dat	xmrig
behavioral1/memory/3016-15-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2516-13-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019609-10.dat	xmrig
behavioral1/memory/2256-20-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001960d-25.dat	xmrig
behavioral1/memory/2640-28-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2688-33-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001960f-32.dat	xmrig
behavioral1/memory/2276-35-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019461-36.dat	xmrig
behavioral1/memory/2680-42-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2276-40-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019611-43.dat	xmrig
behavioral1/memory/3016-46-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2844-50-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019615-51.dat	xmrig
behavioral1/memory/2276-55-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2256-52-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2800-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2660-66-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-70.dat	xmrig
behavioral1/files/0x00050000000198f0-73.dat	xmrig
behavioral1/files/0x0005000000019c59-90.dat	xmrig
behavioral1/files/0x0005000000019cb9-98.dat	xmrig
behavioral1/files/0x000500000001a037-124.dat	xmrig
behavioral1/files/0x000500000001a34c-149.dat	xmrig
behavioral1/files/0x000500000001a458-159.dat	xmrig
behavioral1/memory/2688-1248-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2620-1270-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2596-1281-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2276-1284-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2276-1296-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1572-1295-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2780-1307-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2564-1311-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a466-179.dat	xmrig
behavioral1/files/0x000500000001a463-174.dat	xmrig
behavioral1/files/0x000500000001a45e-169.dat	xmrig
behavioral1/files/0x000500000001a45c-165.dat	xmrig
behavioral1/files/0x000500000001a407-154.dat	xmrig
behavioral1/files/0x000500000001a0da-144.dat	xmrig
behavioral1/files/0x000500000001a0a9-139.dat	xmrig
behavioral1/files/0x000500000001a0a3-134.dat	xmrig
behavioral1/files/0x000500000001a03d-129.dat	xmrig
behavioral1/files/0x0005000000019efb-119.dat	xmrig
behavioral1/files/0x0005000000019deb-114.dat	xmrig
behavioral1/files/0x0005000000019dc2-108.dat	xmrig
behavioral1/files/0x0005000000019dc0-105.dat	xmrig
behavioral1/files/0x0005000000019c5b-95.dat	xmrig
behavioral1/files/0x0005000000019c57-84.dat	xmrig
behavioral1/files/0x00050000000199bf-79.dat	xmrig
behavioral1/memory/2640-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00060000000197f8-62.dat	xmrig
behavioral1/memory/2680-1575-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2276-1576-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2844-1869-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2276-2357-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2800-2405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2276-2622-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2276-2623-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/3016-3217-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2516	IRhCKtw.exe
3016	xoGgAvk.exe
2256	MhllEpg.exe
2640	eafSHRN.exe
2688	WYLrmZi.exe
2680	qhePWAk.exe
2844	MOxFAPd.exe
2800	dpUzxqh.exe
2660	PjlNqII.exe
2564	XkGLGuW.exe
2620	UbRFSNG.exe
2596	lGfZDGh.exe
1572	NyKHFuM.exe
2780	MXimJxB.exe
2616	OLlOsHC.exe
2064	MSmVFdR.exe
596	QWYJEiD.exe
1820	VRYDXGw.exe
2744	kCPxygh.exe
2796	UZrLEHz.exe
2360	mzDUmjk.exe
2040	FGmmPaD.exe
1300	eGiBZEV.exe
2136	vqqlSDQ.exe
760	dSPpaIQ.exe
1156	TQSKHIO.exe
1280	NFFPAhp.exe
2288	AxmwqVk.exe
892	KbCVdTJ.exe
2924	NPPawdq.exe
2932	kgLtKXs.exe
696	ebCNZzI.exe
1344	lmuGLHM.exe
1868	ZTtkunh.exe
924	gcaagzi.exe
1712	aqrdKZx.exe
808	aaHFUNA.exe
2912	VkCSpsD.exe
376	xHQcWIc.exe
1540	zGcvEAH.exe
1728	ZbxOAMR.exe
1824	amvMELj.exe
1720	DVllyTE.exe
788	GgTfthY.exe
1644	SOYpdvZ.exe
1660	gbISIBa.exe
2232	jhtjcSV.exe
2376	CfiOJlB.exe
2324	qfKlYHT.exe
1752	vzMoZPB.exe
544	YyeZcHP.exe
784	otGjmfN.exe
276	dOAmsIF.exe
2352	CtfspBS.exe
1564	MRICDnp.exe
1588	YjPbBBn.exe
3028	riXJFZx.exe
2152	IKaIniN.exe
2264	lTtVHQS.exe
2804	hcaNgsL.exe
3012	bMQIxkv.exe
2836	IVfIGfY.exe
2812	WmstFVw.exe
1860	jenIMhr.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000c00000001227e-6.dat	upx
behavioral1/files/0x00070000000195c5-12.dat	upx
behavioral1/memory/3016-15-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2516-13-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0007000000019609-10.dat	upx
behavioral1/memory/2256-20-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000600000001960d-25.dat	upx
behavioral1/memory/2640-28-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2688-33-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000600000001960f-32.dat	upx
behavioral1/memory/2276-35-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0008000000019461-36.dat	upx
behavioral1/memory/2680-42-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0006000000019611-43.dat	upx
behavioral1/memory/3016-46-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2844-50-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0008000000019615-51.dat	upx
behavioral1/memory/2256-52-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2800-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2660-66-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0005000000019838-70.dat	upx
behavioral1/files/0x00050000000198f0-73.dat	upx
behavioral1/files/0x0005000000019c59-90.dat	upx
behavioral1/files/0x0005000000019cb9-98.dat	upx
behavioral1/files/0x000500000001a037-124.dat	upx
behavioral1/files/0x000500000001a34c-149.dat	upx
behavioral1/files/0x000500000001a458-159.dat	upx
behavioral1/memory/2688-1248-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2620-1270-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2596-1281-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1572-1295-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2780-1307-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2564-1311-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001a466-179.dat	upx
behavioral1/files/0x000500000001a463-174.dat	upx
behavioral1/files/0x000500000001a45e-169.dat	upx
behavioral1/files/0x000500000001a45c-165.dat	upx
behavioral1/files/0x000500000001a407-154.dat	upx
behavioral1/files/0x000500000001a0da-144.dat	upx
behavioral1/files/0x000500000001a0a9-139.dat	upx
behavioral1/files/0x000500000001a0a3-134.dat	upx
behavioral1/files/0x000500000001a03d-129.dat	upx
behavioral1/files/0x0005000000019efb-119.dat	upx
behavioral1/files/0x0005000000019deb-114.dat	upx
behavioral1/files/0x0005000000019dc2-108.dat	upx
behavioral1/files/0x0005000000019dc0-105.dat	upx
behavioral1/files/0x0005000000019c5b-95.dat	upx
behavioral1/files/0x0005000000019c57-84.dat	upx
behavioral1/files/0x00050000000199bf-79.dat	upx
behavioral1/memory/2640-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00060000000197f8-62.dat	upx
behavioral1/memory/2680-1575-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2844-1869-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2800-2405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3016-3217-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2516-3215-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2256-3287-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2640-3274-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2688-3340-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2800-3555-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2680-3560-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2844-3571-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2564-3583-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\URbpDpM.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaWWpIT.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGghiEg.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNrtVlx.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbpoWQR.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBeGImk.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCSDMwm.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbmhiPX.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzqUDvN.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SetyOGx.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rApUYpH.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYdzdZP.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjEsyzs.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifGxqCJ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIEmsus.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVTjhRC.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keJKgwZ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCNIEHH.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIQUkbZ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilENtLZ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNhiYvI.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPFzCdP.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsAKzhU.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvKthJS.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUlnWqN.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMNyQrb.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQHGaEO.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKqKQRk.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTpaXQz.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tucPHIO.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tftSfDk.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGBKyDb.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flyyClh.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXDIcXL.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaXklYs.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGrDPKw.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzRpvoQ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMlIZpy.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzKxfly.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKkwdkJ.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKBuDrR.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKdobCp.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLjWBfj.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaTZIRq.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjGTpRC.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIgQZvK.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXLCJYc.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQaUfwT.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSgpBOW.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SveuCbL.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToMqbZV.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDeGGUT.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCXLkoP.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNopJmM.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDNkWuh.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKlpCVB.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpKYPwB.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWwCRBk.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFRDNAf.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbJxvge.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhCuKJl.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOFYcYm.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBCbSjd.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIuirlh.exe	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2516	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2516	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2516	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 3016	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 3016	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 3016	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2256	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2256	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2256	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2640	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2640	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2640	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2688	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2688	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2688	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2680	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2680	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2680	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2844	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2844	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2844	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2800	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2800	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2800	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2660	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2660	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2660	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2564	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2564	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2564	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2620	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2620	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2620	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 1572	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1572	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1572	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 2780	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2780	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2780	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2616	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2616	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2616	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2064	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2064	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2064	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 596	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 1820	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 1820	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 1820	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 2744	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 2744	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 2744	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 2796	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 2796	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 2796	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 2360	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2276 wrote to memory of 2360	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2276 wrote to memory of 2360	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2276 wrote to memory of 2040	2276	2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_98df38c2c2041a8954f5407038886a63_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\System\IRhCKtw.exe
  C:\Windows\System\IRhCKtw.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\xoGgAvk.exe
  C:\Windows\System\xoGgAvk.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MhllEpg.exe
  C:\Windows\System\MhllEpg.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\eafSHRN.exe
  C:\Windows\System\eafSHRN.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WYLrmZi.exe
  C:\Windows\System\WYLrmZi.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\qhePWAk.exe
  C:\Windows\System\qhePWAk.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\MOxFAPd.exe
  C:\Windows\System\MOxFAPd.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\dpUzxqh.exe
  C:\Windows\System\dpUzxqh.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\PjlNqII.exe
  C:\Windows\System\PjlNqII.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\XkGLGuW.exe
  C:\Windows\System\XkGLGuW.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\UbRFSNG.exe
  C:\Windows\System\UbRFSNG.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\lGfZDGh.exe
  C:\Windows\System\lGfZDGh.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\NyKHFuM.exe
  C:\Windows\System\NyKHFuM.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\MXimJxB.exe
  C:\Windows\System\MXimJxB.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\OLlOsHC.exe
  C:\Windows\System\OLlOsHC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\MSmVFdR.exe
  C:\Windows\System\MSmVFdR.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\QWYJEiD.exe
  C:\Windows\System\QWYJEiD.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\VRYDXGw.exe
  C:\Windows\System\VRYDXGw.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\kCPxygh.exe
  C:\Windows\System\kCPxygh.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UZrLEHz.exe
  C:\Windows\System\UZrLEHz.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\mzDUmjk.exe
  C:\Windows\System\mzDUmjk.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\FGmmPaD.exe
  C:\Windows\System\FGmmPaD.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\eGiBZEV.exe
  C:\Windows\System\eGiBZEV.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\vqqlSDQ.exe
  C:\Windows\System\vqqlSDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\dSPpaIQ.exe
  C:\Windows\System\dSPpaIQ.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\TQSKHIO.exe
  C:\Windows\System\TQSKHIO.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\NFFPAhp.exe
  C:\Windows\System\NFFPAhp.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\AxmwqVk.exe
  C:\Windows\System\AxmwqVk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\KbCVdTJ.exe
  C:\Windows\System\KbCVdTJ.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\NPPawdq.exe
  C:\Windows\System\NPPawdq.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\kgLtKXs.exe
  C:\Windows\System\kgLtKXs.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ebCNZzI.exe
  C:\Windows\System\ebCNZzI.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\lmuGLHM.exe
  C:\Windows\System\lmuGLHM.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\ZTtkunh.exe
  C:\Windows\System\ZTtkunh.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\gcaagzi.exe
  C:\Windows\System\gcaagzi.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\aqrdKZx.exe
  C:\Windows\System\aqrdKZx.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\aaHFUNA.exe
  C:\Windows\System\aaHFUNA.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\VkCSpsD.exe
  C:\Windows\System\VkCSpsD.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\xHQcWIc.exe
  C:\Windows\System\xHQcWIc.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\zGcvEAH.exe
  C:\Windows\System\zGcvEAH.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\ZbxOAMR.exe
  C:\Windows\System\ZbxOAMR.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\amvMELj.exe
  C:\Windows\System\amvMELj.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\DVllyTE.exe
  C:\Windows\System\DVllyTE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\GgTfthY.exe
  C:\Windows\System\GgTfthY.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\SOYpdvZ.exe
  C:\Windows\System\SOYpdvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\gbISIBa.exe
  C:\Windows\System\gbISIBa.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\jhtjcSV.exe
  C:\Windows\System\jhtjcSV.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\CfiOJlB.exe
  C:\Windows\System\CfiOJlB.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\qfKlYHT.exe
  C:\Windows\System\qfKlYHT.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\vzMoZPB.exe
  C:\Windows\System\vzMoZPB.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\YyeZcHP.exe
  C:\Windows\System\YyeZcHP.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\otGjmfN.exe
  C:\Windows\System\otGjmfN.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\dOAmsIF.exe
  C:\Windows\System\dOAmsIF.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\CtfspBS.exe
  C:\Windows\System\CtfspBS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\MRICDnp.exe
  C:\Windows\System\MRICDnp.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\YjPbBBn.exe
  C:\Windows\System\YjPbBBn.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\riXJFZx.exe
  C:\Windows\System\riXJFZx.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\IKaIniN.exe
  C:\Windows\System\IKaIniN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\lTtVHQS.exe
  C:\Windows\System\lTtVHQS.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\hcaNgsL.exe
  C:\Windows\System\hcaNgsL.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\bMQIxkv.exe
  C:\Windows\System\bMQIxkv.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\IVfIGfY.exe
  C:\Windows\System\IVfIGfY.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\WmstFVw.exe
  C:\Windows\System\WmstFVw.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\jenIMhr.exe
  C:\Windows\System\jenIMhr.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\NbManFq.exe
  C:\Windows\System\NbManFq.exe
  2⤵
  PID:2848
- C:\Windows\System\HlOrYMX.exe
  C:\Windows\System\HlOrYMX.exe
  2⤵
  PID:1508
- C:\Windows\System\bfSXudY.exe
  C:\Windows\System\bfSXudY.exe
  2⤵
  PID:2960
- C:\Windows\System\bVIMuRV.exe
  C:\Windows\System\bVIMuRV.exe
  2⤵
  PID:1492
- C:\Windows\System\wHxzaYW.exe
  C:\Windows\System\wHxzaYW.exe
  2⤵
  PID:2896
- C:\Windows\System\MoCMKcY.exe
  C:\Windows\System\MoCMKcY.exe
  2⤵
  PID:532
- C:\Windows\System\tDPNpBo.exe
  C:\Windows\System\tDPNpBo.exe
  2⤵
  PID:1032
- C:\Windows\System\yGRyCZh.exe
  C:\Windows\System\yGRyCZh.exe
  2⤵
  PID:2756
- C:\Windows\System\IouuVDL.exe
  C:\Windows\System\IouuVDL.exe
  2⤵
  PID:2356
- C:\Windows\System\OtTlpfW.exe
  C:\Windows\System\OtTlpfW.exe
  2⤵
  PID:1976
- C:\Windows\System\HiorCeC.exe
  C:\Windows\System\HiorCeC.exe
  2⤵
  PID:2164
- C:\Windows\System\DqODMbx.exe
  C:\Windows\System\DqODMbx.exe
  2⤵
  PID:2068
- C:\Windows\System\qIdbrZc.exe
  C:\Windows\System\qIdbrZc.exe
  2⤵
  PID:2080
- C:\Windows\System\qzXjHXC.exe
  C:\Windows\System\qzXjHXC.exe
  2⤵
  PID:2936
- C:\Windows\System\thHapac.exe
  C:\Windows\System\thHapac.exe
  2⤵
  PID:1104
- C:\Windows\System\rmCzaqo.exe
  C:\Windows\System\rmCzaqo.exe
  2⤵
  PID:1352
- C:\Windows\System\VhvdMfM.exe
  C:\Windows\System\VhvdMfM.exe
  2⤵
  PID:1916
- C:\Windows\System\hMAmhyB.exe
  C:\Windows\System\hMAmhyB.exe
  2⤵
  PID:1964
- C:\Windows\System\EEuWVIR.exe
  C:\Windows\System\EEuWVIR.exe
  2⤵
  PID:2292
- C:\Windows\System\hPbUZao.exe
  C:\Windows\System\hPbUZao.exe
  2⤵
  PID:3020
- C:\Windows\System\SlcUnKB.exe
  C:\Windows\System\SlcUnKB.exe
  2⤵
  PID:1708
- C:\Windows\System\ZZTTHfj.exe
  C:\Windows\System\ZZTTHfj.exe
  2⤵
  PID:348
- C:\Windows\System\wBHzoEV.exe
  C:\Windows\System\wBHzoEV.exe
  2⤵
  PID:2380
- C:\Windows\System\rIOVpTn.exe
  C:\Windows\System\rIOVpTn.exe
  2⤵
  PID:1748
- C:\Windows\System\kVKbJVo.exe
  C:\Windows\System\kVKbJVo.exe
  2⤵
  PID:572
- C:\Windows\System\zMUVEcp.exe
  C:\Windows\System\zMUVEcp.exe
  2⤵
  PID:2340
- C:\Windows\System\dLljARV.exe
  C:\Windows\System\dLljARV.exe
  2⤵
  PID:896
- C:\Windows\System\rQHGaEO.exe
  C:\Windows\System\rQHGaEO.exe
  2⤵
  PID:1756
- C:\Windows\System\XLkdAkT.exe
  C:\Windows\System\XLkdAkT.exe
  2⤵
  PID:536
- C:\Windows\System\FCnsRFo.exe
  C:\Windows\System\FCnsRFo.exe
  2⤵
  PID:1848
- C:\Windows\System\EbiBigT.exe
  C:\Windows\System\EbiBigT.exe
  2⤵
  PID:1700
- C:\Windows\System\ErpLMCb.exe
  C:\Windows\System\ErpLMCb.exe
  2⤵
  PID:1680
- C:\Windows\System\hAtVFTb.exe
  C:\Windows\System\hAtVFTb.exe
  2⤵
  PID:2964
- C:\Windows\System\XhKNMmL.exe
  C:\Windows\System\XhKNMmL.exe
  2⤵
  PID:2176
- C:\Windows\System\kTJvMJs.exe
  C:\Windows\System\kTJvMJs.exe
  2⤵
  PID:2244
- C:\Windows\System\hdJjidq.exe
  C:\Windows\System\hdJjidq.exe
  2⤵
  PID:2608
- C:\Windows\System\jvVnMzZ.exe
  C:\Windows\System\jvVnMzZ.exe
  2⤵
  PID:2788
- C:\Windows\System\brmBewh.exe
  C:\Windows\System\brmBewh.exe
  2⤵
  PID:2252
- C:\Windows\System\QiFpjJa.exe
  C:\Windows\System\QiFpjJa.exe
  2⤵
  PID:2724
- C:\Windows\System\BwaqXcC.exe
  C:\Windows\System\BwaqXcC.exe
  2⤵
  PID:2792
- C:\Windows\System\guInFuI.exe
  C:\Windows\System\guInFuI.exe
  2⤵
  PID:1240
- C:\Windows\System\wlUzXof.exe
  C:\Windows\System\wlUzXof.exe
  2⤵
  PID:1500
- C:\Windows\System\SbwFfMR.exe
  C:\Windows\System\SbwFfMR.exe
  2⤵
  PID:2476
- C:\Windows\System\iuQwgYs.exe
  C:\Windows\System\iuQwgYs.exe
  2⤵
  PID:2948
- C:\Windows\System\JxscdMD.exe
  C:\Windows\System\JxscdMD.exe
  2⤵
  PID:1444
- C:\Windows\System\shkngWO.exe
  C:\Windows\System\shkngWO.exe
  2⤵
  PID:956
- C:\Windows\System\xXAxSON.exe
  C:\Windows\System\xXAxSON.exe
  2⤵
  PID:2728
- C:\Windows\System\EGVFqic.exe
  C:\Windows\System\EGVFqic.exe
  2⤵
  PID:1100
- C:\Windows\System\LeGfNhC.exe
  C:\Windows\System\LeGfNhC.exe
  2⤵
  PID:1920
- C:\Windows\System\JXFiVsd.exe
  C:\Windows\System\JXFiVsd.exe
  2⤵
  PID:2396
- C:\Windows\System\FcPRMNS.exe
  C:\Windows\System\FcPRMNS.exe
  2⤵
  PID:2444
- C:\Windows\System\pvLWAYM.exe
  C:\Windows\System\pvLWAYM.exe
  2⤵
  PID:2240
- C:\Windows\System\IbYnxrX.exe
  C:\Windows\System\IbYnxrX.exe
  2⤵
  PID:280
- C:\Windows\System\iQBzWLc.exe
  C:\Windows\System\iQBzWLc.exe
  2⤵
  PID:2928
- C:\Windows\System\NpvkQXh.exe
  C:\Windows\System\NpvkQXh.exe
  2⤵
  PID:2656
- C:\Windows\System\IutSmbw.exe
  C:\Windows\System\IutSmbw.exe
  2⤵
  PID:2856
- C:\Windows\System\svoDbRg.exe
  C:\Windows\System\svoDbRg.exe
  2⤵
  PID:3056
- C:\Windows\System\rQDltOV.exe
  C:\Windows\System\rQDltOV.exe
  2⤵
  PID:2888
- C:\Windows\System\BoQeuwi.exe
  C:\Windows\System\BoQeuwi.exe
  2⤵
  PID:1764
- C:\Windows\System\DkRrUGY.exe
  C:\Windows\System\DkRrUGY.exe
  2⤵
  PID:2028
- C:\Windows\System\hkMMyrL.exe
  C:\Windows\System\hkMMyrL.exe
  2⤵
  PID:992
- C:\Windows\System\BdtCKnO.exe
  C:\Windows\System\BdtCKnO.exe
  2⤵
  PID:1760
- C:\Windows\System\aRhLmbk.exe
  C:\Windows\System\aRhLmbk.exe
  2⤵
  PID:444
- C:\Windows\System\TtFvjzg.exe
  C:\Windows\System\TtFvjzg.exe
  2⤵
  PID:1832
- C:\Windows\System\xtHKKue.exe
  C:\Windows\System\xtHKKue.exe
  2⤵
  PID:1780
- C:\Windows\System\CstgthI.exe
  C:\Windows\System\CstgthI.exe
  2⤵
  PID:1984
- C:\Windows\System\DbnHgdJ.exe
  C:\Windows\System\DbnHgdJ.exe
  2⤵
  PID:2168
- C:\Windows\System\WQGYoSD.exe
  C:\Windows\System\WQGYoSD.exe
  2⤵
  PID:2612
- C:\Windows\System\zWeyeOo.exe
  C:\Windows\System\zWeyeOo.exe
  2⤵
  PID:1368
- C:\Windows\System\CeXalRU.exe
  C:\Windows\System\CeXalRU.exe
  2⤵
  PID:2676
- C:\Windows\System\izCPRsS.exe
  C:\Windows\System\izCPRsS.exe
  2⤵
  PID:2908
- C:\Windows\System\wpgQzPC.exe
  C:\Windows\System\wpgQzPC.exe
  2⤵
  PID:1088
- C:\Windows\System\ItnHaDR.exe
  C:\Windows\System\ItnHaDR.exe
  2⤵
  PID:3080
- C:\Windows\System\zXIlMbD.exe
  C:\Windows\System\zXIlMbD.exe
  2⤵
  PID:3100
- C:\Windows\System\VzRxzjM.exe
  C:\Windows\System\VzRxzjM.exe
  2⤵
  PID:3120
- C:\Windows\System\BOOASxl.exe
  C:\Windows\System\BOOASxl.exe
  2⤵
  PID:3140
- C:\Windows\System\GPOhYDg.exe
  C:\Windows\System\GPOhYDg.exe
  2⤵
  PID:3160
- C:\Windows\System\wkGwSDO.exe
  C:\Windows\System\wkGwSDO.exe
  2⤵
  PID:3180
- C:\Windows\System\IreqojK.exe
  C:\Windows\System\IreqojK.exe
  2⤵
  PID:3200
- C:\Windows\System\IPpMQsz.exe
  C:\Windows\System\IPpMQsz.exe
  2⤵
  PID:3216
- C:\Windows\System\ToMqbZV.exe
  C:\Windows\System\ToMqbZV.exe
  2⤵
  PID:3240
- C:\Windows\System\tAfUTdw.exe
  C:\Windows\System\tAfUTdw.exe
  2⤵
  PID:3260
- C:\Windows\System\SbJxvge.exe
  C:\Windows\System\SbJxvge.exe
  2⤵
  PID:3280
- C:\Windows\System\WNhJsrY.exe
  C:\Windows\System\WNhJsrY.exe
  2⤵
  PID:3300
- C:\Windows\System\ZOUPEOM.exe
  C:\Windows\System\ZOUPEOM.exe
  2⤵
  PID:3320
- C:\Windows\System\cAGxWWu.exe
  C:\Windows\System\cAGxWWu.exe
  2⤵
  PID:3340
- C:\Windows\System\XjwqEOA.exe
  C:\Windows\System\XjwqEOA.exe
  2⤵
  PID:3364
- C:\Windows\System\FAOIobK.exe
  C:\Windows\System\FAOIobK.exe
  2⤵
  PID:3380
- C:\Windows\System\eUuaaYn.exe
  C:\Windows\System\eUuaaYn.exe
  2⤵
  PID:3404
- C:\Windows\System\AYZzCsC.exe
  C:\Windows\System\AYZzCsC.exe
  2⤵
  PID:3424
- C:\Windows\System\IOvyvJN.exe
  C:\Windows\System\IOvyvJN.exe
  2⤵
  PID:3444
- C:\Windows\System\DlpVdVa.exe
  C:\Windows\System\DlpVdVa.exe
  2⤵
  PID:3464
- C:\Windows\System\DkJYEZS.exe
  C:\Windows\System\DkJYEZS.exe
  2⤵
  PID:3484
- C:\Windows\System\tIYulDp.exe
  C:\Windows\System\tIYulDp.exe
  2⤵
  PID:3504
- C:\Windows\System\oazhRmQ.exe
  C:\Windows\System\oazhRmQ.exe
  2⤵
  PID:3524
- C:\Windows\System\wNHTmIQ.exe
  C:\Windows\System\wNHTmIQ.exe
  2⤵
  PID:3544
- C:\Windows\System\dBFXRVx.exe
  C:\Windows\System\dBFXRVx.exe
  2⤵
  PID:3564
- C:\Windows\System\MwqaCVG.exe
  C:\Windows\System\MwqaCVG.exe
  2⤵
  PID:3584
- C:\Windows\System\evnPNHc.exe
  C:\Windows\System\evnPNHc.exe
  2⤵
  PID:3604
- C:\Windows\System\DYTAMgL.exe
  C:\Windows\System\DYTAMgL.exe
  2⤵
  PID:3620
- C:\Windows\System\WRZfIdH.exe
  C:\Windows\System\WRZfIdH.exe
  2⤵
  PID:3644
- C:\Windows\System\exUhCGS.exe
  C:\Windows\System\exUhCGS.exe
  2⤵
  PID:3664
- C:\Windows\System\WUOrFrY.exe
  C:\Windows\System\WUOrFrY.exe
  2⤵
  PID:3684
- C:\Windows\System\wnHwuIB.exe
  C:\Windows\System\wnHwuIB.exe
  2⤵
  PID:3704
- C:\Windows\System\aRUsFCa.exe
  C:\Windows\System\aRUsFCa.exe
  2⤵
  PID:3724
- C:\Windows\System\hCIMShJ.exe
  C:\Windows\System\hCIMShJ.exe
  2⤵
  PID:3744
- C:\Windows\System\jzdXzlH.exe
  C:\Windows\System\jzdXzlH.exe
  2⤵
  PID:3764
- C:\Windows\System\qsXmJKc.exe
  C:\Windows\System\qsXmJKc.exe
  2⤵
  PID:3784
- C:\Windows\System\BWbmYMP.exe
  C:\Windows\System\BWbmYMP.exe
  2⤵
  PID:3804
- C:\Windows\System\sHBhHlq.exe
  C:\Windows\System\sHBhHlq.exe
  2⤵
  PID:3824
- C:\Windows\System\cVUsbHk.exe
  C:\Windows\System\cVUsbHk.exe
  2⤵
  PID:3844
- C:\Windows\System\ougjbvo.exe
  C:\Windows\System\ougjbvo.exe
  2⤵
  PID:3868
- C:\Windows\System\UcfmVgI.exe
  C:\Windows\System\UcfmVgI.exe
  2⤵
  PID:3888
- C:\Windows\System\pkhoNpW.exe
  C:\Windows\System\pkhoNpW.exe
  2⤵
  PID:3908
- C:\Windows\System\EtDzEyS.exe
  C:\Windows\System\EtDzEyS.exe
  2⤵
  PID:3928
- C:\Windows\System\OxhyElK.exe
  C:\Windows\System\OxhyElK.exe
  2⤵
  PID:3948
- C:\Windows\System\dKsvKOK.exe
  C:\Windows\System\dKsvKOK.exe
  2⤵
  PID:3968
- C:\Windows\System\VPJoJrR.exe
  C:\Windows\System\VPJoJrR.exe
  2⤵
  PID:3988
- C:\Windows\System\CaaTDzv.exe
  C:\Windows\System\CaaTDzv.exe
  2⤵
  PID:4008
- C:\Windows\System\fLKYnlq.exe
  C:\Windows\System\fLKYnlq.exe
  2⤵
  PID:4028
- C:\Windows\System\AAnWDDn.exe
  C:\Windows\System\AAnWDDn.exe
  2⤵
  PID:4048
- C:\Windows\System\AYwwHtq.exe
  C:\Windows\System\AYwwHtq.exe
  2⤵
  PID:4068
- C:\Windows\System\SqaXaAL.exe
  C:\Windows\System\SqaXaAL.exe
  2⤵
  PID:4088
- C:\Windows\System\RIyGmOc.exe
  C:\Windows\System\RIyGmOc.exe
  2⤵
  PID:2400
- C:\Windows\System\RuHGICd.exe
  C:\Windows\System\RuHGICd.exe
  2⤵
  PID:1704
- C:\Windows\System\vtlBlcK.exe
  C:\Windows\System\vtlBlcK.exe
  2⤵
  PID:2852
- C:\Windows\System\efayaeb.exe
  C:\Windows\System\efayaeb.exe
  2⤵
  PID:2272
- C:\Windows\System\iVCpxdJ.exe
  C:\Windows\System\iVCpxdJ.exe
  2⤵
  PID:2840
- C:\Windows\System\dCXYbVS.exe
  C:\Windows\System\dCXYbVS.exe
  2⤵
  PID:3076
- C:\Windows\System\oZngBSh.exe
  C:\Windows\System\oZngBSh.exe
  2⤵
  PID:756
- C:\Windows\System\uALPqJD.exe
  C:\Windows\System\uALPqJD.exe
  2⤵
  PID:3112
- C:\Windows\System\cjZwTqJ.exe
  C:\Windows\System\cjZwTqJ.exe
  2⤵
  PID:2684
- C:\Windows\System\hsyPLgO.exe
  C:\Windows\System\hsyPLgO.exe
  2⤵
  PID:3188
- C:\Windows\System\ZfBEyUK.exe
  C:\Windows\System\ZfBEyUK.exe
  2⤵
  PID:3192
- C:\Windows\System\ibyJXmj.exe
  C:\Windows\System\ibyJXmj.exe
  2⤵
  PID:3212
- C:\Windows\System\cpLxUFE.exe
  C:\Windows\System\cpLxUFE.exe
  2⤵
  PID:3272
- C:\Windows\System\JiehsSn.exe
  C:\Windows\System\JiehsSn.exe
  2⤵
  PID:3288
- C:\Windows\System\uTfQDYS.exe
  C:\Windows\System\uTfQDYS.exe
  2⤵
  PID:3348
- C:\Windows\System\lOmZbUK.exe
  C:\Windows\System\lOmZbUK.exe
  2⤵
  PID:3336
- C:\Windows\System\XFzDaOk.exe
  C:\Windows\System\XFzDaOk.exe
  2⤵
  PID:3392
- C:\Windows\System\IFmapGO.exe
  C:\Windows\System\IFmapGO.exe
  2⤵
  PID:3440
- C:\Windows\System\hbCKbkJ.exe
  C:\Windows\System\hbCKbkJ.exe
  2⤵
  PID:3480
- C:\Windows\System\fMjHBiX.exe
  C:\Windows\System\fMjHBiX.exe
  2⤵
  PID:3512
- C:\Windows\System\sHfrZJA.exe
  C:\Windows\System\sHfrZJA.exe
  2⤵
  PID:3516
- C:\Windows\System\gKNrECI.exe
  C:\Windows\System\gKNrECI.exe
  2⤵
  PID:3556
- C:\Windows\System\yCUtOLI.exe
  C:\Windows\System\yCUtOLI.exe
  2⤵
  PID:3356
- C:\Windows\System\PAGXZvg.exe
  C:\Windows\System\PAGXZvg.exe
  2⤵
  PID:3632
- C:\Windows\System\EnzEBWg.exe
  C:\Windows\System\EnzEBWg.exe
  2⤵
  PID:3672
- C:\Windows\System\pvHMlpb.exe
  C:\Windows\System\pvHMlpb.exe
  2⤵
  PID:3676
- C:\Windows\System\YfCrWuM.exe
  C:\Windows\System\YfCrWuM.exe
  2⤵
  PID:3700
- C:\Windows\System\ediJSGy.exe
  C:\Windows\System\ediJSGy.exe
  2⤵
  PID:3740
- C:\Windows\System\tGplDPa.exe
  C:\Windows\System\tGplDPa.exe
  2⤵
  PID:3776
- C:\Windows\System\tCPJpNB.exe
  C:\Windows\System\tCPJpNB.exe
  2⤵
  PID:3836
- C:\Windows\System\EDBrQnz.exe
  C:\Windows\System\EDBrQnz.exe
  2⤵
  PID:3884
- C:\Windows\System\UfBobVD.exe
  C:\Windows\System\UfBobVD.exe
  2⤵
  PID:3916
- C:\Windows\System\bbEgekm.exe
  C:\Windows\System\bbEgekm.exe
  2⤵
  PID:3920
- C:\Windows\System\EPhirxe.exe
  C:\Windows\System\EPhirxe.exe
  2⤵
  PID:3940
- C:\Windows\System\tiyubLt.exe
  C:\Windows\System\tiyubLt.exe
  2⤵
  PID:4000
- C:\Windows\System\QcBumed.exe
  C:\Windows\System\QcBumed.exe
  2⤵
  PID:4016
- C:\Windows\System\GVvCVaq.exe
  C:\Windows\System\GVvCVaq.exe
  2⤵
  PID:4056
- C:\Windows\System\NPGfXNS.exe
  C:\Windows\System\NPGfXNS.exe
  2⤵
  PID:2148
- C:\Windows\System\LqWFFXi.exe
  C:\Windows\System\LqWFFXi.exe
  2⤵
  PID:1276
- C:\Windows\System\OKVSdcY.exe
  C:\Windows\System\OKVSdcY.exe
  2⤵
  PID:2540
- C:\Windows\System\tfnrNsO.exe
  C:\Windows\System\tfnrNsO.exe
  2⤵
  PID:1052
- C:\Windows\System\WWNuZDC.exe
  C:\Windows\System\WWNuZDC.exe
  2⤵
  PID:2636
- C:\Windows\System\UmbuAKK.exe
  C:\Windows\System\UmbuAKK.exe
  2⤵
  PID:1624
- C:\Windows\System\NmtySng.exe
  C:\Windows\System\NmtySng.exe
  2⤵
  PID:3132
- C:\Windows\System\BcsMCQC.exe
  C:\Windows\System\BcsMCQC.exe
  2⤵
  PID:3172
- C:\Windows\System\lwpHvfv.exe
  C:\Windows\System\lwpHvfv.exe
  2⤵
  PID:3256
- C:\Windows\System\PZPEVpM.exe
  C:\Windows\System\PZPEVpM.exe
  2⤵
  PID:1320
- C:\Windows\System\yAFdkim.exe
  C:\Windows\System\yAFdkim.exe
  2⤵
  PID:3292
- C:\Windows\System\iFKpxFO.exe
  C:\Windows\System\iFKpxFO.exe
  2⤵
  PID:3400
- C:\Windows\System\IgZGXkP.exe
  C:\Windows\System\IgZGXkP.exe
  2⤵
  PID:3456
- C:\Windows\System\MxvHzNJ.exe
  C:\Windows\System\MxvHzNJ.exe
  2⤵
  PID:3420
- C:\Windows\System\cqZrpvO.exe
  C:\Windows\System\cqZrpvO.exe
  2⤵
  PID:3536
- C:\Windows\System\HIGcdEt.exe
  C:\Windows\System\HIGcdEt.exe
  2⤵
  PID:3576
- C:\Windows\System\CSiBXZV.exe
  C:\Windows\System\CSiBXZV.exe
  2⤵
  PID:3680
- C:\Windows\System\rTkrJdw.exe
  C:\Windows\System\rTkrJdw.exe
  2⤵
  PID:3752
- C:\Windows\System\uKWJBzP.exe
  C:\Windows\System\uKWJBzP.exe
  2⤵
  PID:3796
- C:\Windows\System\zHwKidn.exe
  C:\Windows\System\zHwKidn.exe
  2⤵
  PID:3792
- C:\Windows\System\AevdjZv.exe
  C:\Windows\System\AevdjZv.exe
  2⤵
  PID:3944
- C:\Windows\System\NBxwDcp.exe
  C:\Windows\System\NBxwDcp.exe
  2⤵
  PID:3896
- C:\Windows\System\DpHLtmc.exe
  C:\Windows\System\DpHLtmc.exe
  2⤵
  PID:3976
- C:\Windows\System\IpedQiR.exe
  C:\Windows\System\IpedQiR.exe
  2⤵
  PID:4004
- C:\Windows\System\RkKVZiF.exe
  C:\Windows\System\RkKVZiF.exe
  2⤵
  PID:1160
- C:\Windows\System\Sdgelkh.exe
  C:\Windows\System\Sdgelkh.exe
  2⤵
  PID:2556
- C:\Windows\System\yObVuYW.exe
  C:\Windows\System\yObVuYW.exe
  2⤵
  PID:676
- C:\Windows\System\rvUCezY.exe
  C:\Windows\System\rvUCezY.exe
  2⤵
  PID:3148
- C:\Windows\System\naQPVTL.exe
  C:\Windows\System\naQPVTL.exe
  2⤵
  PID:3228
- C:\Windows\System\NVCoCue.exe
  C:\Windows\System\NVCoCue.exe
  2⤵
  PID:3352
- C:\Windows\System\aNwaofR.exe
  C:\Windows\System\aNwaofR.exe
  2⤵
  PID:3360
- C:\Windows\System\vIHZwLv.exe
  C:\Windows\System\vIHZwLv.exe
  2⤵
  PID:3412
- C:\Windows\System\CzdVKhV.exe
  C:\Windows\System\CzdVKhV.exe
  2⤵
  PID:3460
- C:\Windows\System\QTAWZik.exe
  C:\Windows\System\QTAWZik.exe
  2⤵
  PID:3580
- C:\Windows\System\IIephUz.exe
  C:\Windows\System\IIephUz.exe
  2⤵
  PID:3692
- C:\Windows\System\GSdRdLS.exe
  C:\Windows\System\GSdRdLS.exe
  2⤵
  PID:3852
- C:\Windows\System\NXavnyJ.exe
  C:\Windows\System\NXavnyJ.exe
  2⤵
  PID:3772
- C:\Windows\System\YVZDJNs.exe
  C:\Windows\System\YVZDJNs.exe
  2⤵
  PID:3816
- C:\Windows\System\bHPcPUH.exe
  C:\Windows\System\bHPcPUH.exe
  2⤵
  PID:4076
- C:\Windows\System\bzxgmqD.exe
  C:\Windows\System\bzxgmqD.exe
  2⤵
  PID:812
- C:\Windows\System\WuWItWj.exe
  C:\Windows\System\WuWItWj.exe
  2⤵
  PID:2864
- C:\Windows\System\vlOduwh.exe
  C:\Windows\System\vlOduwh.exe
  2⤵
  PID:2480
- C:\Windows\System\bCSDMwm.exe
  C:\Windows\System\bCSDMwm.exe
  2⤵
  PID:3252
- C:\Windows\System\pohSFba.exe
  C:\Windows\System\pohSFba.exe
  2⤵
  PID:3328
- C:\Windows\System\LMGCzUd.exe
  C:\Windows\System\LMGCzUd.exe
  2⤵
  PID:3496
- C:\Windows\System\fTLpfXs.exe
  C:\Windows\System\fTLpfXs.exe
  2⤵
  PID:3964
- C:\Windows\System\CZtRRGT.exe
  C:\Windows\System\CZtRRGT.exe
  2⤵
  PID:3820
- C:\Windows\System\lvsRTZN.exe
  C:\Windows\System\lvsRTZN.exe
  2⤵
  PID:3876
- C:\Windows\System\KkcdzfH.exe
  C:\Windows\System\KkcdzfH.exe
  2⤵
  PID:556
- C:\Windows\System\JZpsUlY.exe
  C:\Windows\System\JZpsUlY.exe
  2⤵
  PID:4112
- C:\Windows\System\iTbcIuE.exe
  C:\Windows\System\iTbcIuE.exe
  2⤵
  PID:4132
- C:\Windows\System\ZUzGwav.exe
  C:\Windows\System\ZUzGwav.exe
  2⤵
  PID:4152
- C:\Windows\System\DHGIHHE.exe
  C:\Windows\System\DHGIHHE.exe
  2⤵
  PID:4172
- C:\Windows\System\wJSCsYK.exe
  C:\Windows\System\wJSCsYK.exe
  2⤵
  PID:4192
- C:\Windows\System\JzmdTnT.exe
  C:\Windows\System\JzmdTnT.exe
  2⤵
  PID:4212
- C:\Windows\System\flzlvuA.exe
  C:\Windows\System\flzlvuA.exe
  2⤵
  PID:4232
- C:\Windows\System\gAhgHLT.exe
  C:\Windows\System\gAhgHLT.exe
  2⤵
  PID:4252
- C:\Windows\System\yLROLKi.exe
  C:\Windows\System\yLROLKi.exe
  2⤵
  PID:4272
- C:\Windows\System\nmRMTYK.exe
  C:\Windows\System\nmRMTYK.exe
  2⤵
  PID:4292
- C:\Windows\System\AUNwxEh.exe
  C:\Windows\System\AUNwxEh.exe
  2⤵
  PID:4312
- C:\Windows\System\fLISDhf.exe
  C:\Windows\System\fLISDhf.exe
  2⤵
  PID:4332
- C:\Windows\System\NjNxfJo.exe
  C:\Windows\System\NjNxfJo.exe
  2⤵
  PID:4352
- C:\Windows\System\QiEAFwo.exe
  C:\Windows\System\QiEAFwo.exe
  2⤵
  PID:4372
- C:\Windows\System\CSDwzIl.exe
  C:\Windows\System\CSDwzIl.exe
  2⤵
  PID:4392
- C:\Windows\System\GHsPYWH.exe
  C:\Windows\System\GHsPYWH.exe
  2⤵
  PID:4412
- C:\Windows\System\TdgnXiT.exe
  C:\Windows\System\TdgnXiT.exe
  2⤵
  PID:4428
- C:\Windows\System\EGZnFBO.exe
  C:\Windows\System\EGZnFBO.exe
  2⤵
  PID:4452
- C:\Windows\System\ndYqXCc.exe
  C:\Windows\System\ndYqXCc.exe
  2⤵
  PID:4468
- C:\Windows\System\VLIDhBm.exe
  C:\Windows\System\VLIDhBm.exe
  2⤵
  PID:4492
- C:\Windows\System\rHHncgR.exe
  C:\Windows\System\rHHncgR.exe
  2⤵
  PID:4512
- C:\Windows\System\wvRNJBs.exe
  C:\Windows\System\wvRNJBs.exe
  2⤵
  PID:4532
- C:\Windows\System\hbDaZfg.exe
  C:\Windows\System\hbDaZfg.exe
  2⤵
  PID:4552
- C:\Windows\System\kOUlbmf.exe
  C:\Windows\System\kOUlbmf.exe
  2⤵
  PID:4572
- C:\Windows\System\nKFfkRk.exe
  C:\Windows\System\nKFfkRk.exe
  2⤵
  PID:4588
- C:\Windows\System\XvFJdae.exe
  C:\Windows\System\XvFJdae.exe
  2⤵
  PID:4616
- C:\Windows\System\aSvgvBc.exe
  C:\Windows\System\aSvgvBc.exe
  2⤵
  PID:4636
- C:\Windows\System\ZgaNzck.exe
  C:\Windows\System\ZgaNzck.exe
  2⤵
  PID:4656
- C:\Windows\System\gOHmmrP.exe
  C:\Windows\System\gOHmmrP.exe
  2⤵
  PID:4676
- C:\Windows\System\bPTzxIQ.exe
  C:\Windows\System\bPTzxIQ.exe
  2⤵
  PID:4696
- C:\Windows\System\XgGfzxE.exe
  C:\Windows\System\XgGfzxE.exe
  2⤵
  PID:4716
- C:\Windows\System\zspurAa.exe
  C:\Windows\System\zspurAa.exe
  2⤵
  PID:4736
- C:\Windows\System\jzTaClg.exe
  C:\Windows\System\jzTaClg.exe
  2⤵
  PID:4756
- C:\Windows\System\eqQddQd.exe
  C:\Windows\System\eqQddQd.exe
  2⤵
  PID:4776
- C:\Windows\System\ZAgUCub.exe
  C:\Windows\System\ZAgUCub.exe
  2⤵
  PID:4796
- C:\Windows\System\ehQigDI.exe
  C:\Windows\System\ehQigDI.exe
  2⤵
  PID:4816
- C:\Windows\System\ZHuCenA.exe
  C:\Windows\System\ZHuCenA.exe
  2⤵
  PID:4832
- C:\Windows\System\sxpHMGp.exe
  C:\Windows\System\sxpHMGp.exe
  2⤵
  PID:4856
- C:\Windows\System\whqcSgZ.exe
  C:\Windows\System\whqcSgZ.exe
  2⤵
  PID:4876
- C:\Windows\System\OsPtaMW.exe
  C:\Windows\System\OsPtaMW.exe
  2⤵
  PID:4896
- C:\Windows\System\DITGUnE.exe
  C:\Windows\System\DITGUnE.exe
  2⤵
  PID:4912
- C:\Windows\System\DrAbejR.exe
  C:\Windows\System\DrAbejR.exe
  2⤵
  PID:4932
- C:\Windows\System\BKLHomK.exe
  C:\Windows\System\BKLHomK.exe
  2⤵
  PID:4952
- C:\Windows\System\wzRPbtH.exe
  C:\Windows\System\wzRPbtH.exe
  2⤵
  PID:4976
- C:\Windows\System\nMDxZyB.exe
  C:\Windows\System\nMDxZyB.exe
  2⤵
  PID:4996
- C:\Windows\System\jPMOIFC.exe
  C:\Windows\System\jPMOIFC.exe
  2⤵
  PID:5016
- C:\Windows\System\qQaUfwT.exe
  C:\Windows\System\qQaUfwT.exe
  2⤵
  PID:5036
- C:\Windows\System\KsUAEkb.exe
  C:\Windows\System\KsUAEkb.exe
  2⤵
  PID:5056
- C:\Windows\System\SbEruqD.exe
  C:\Windows\System\SbEruqD.exe
  2⤵
  PID:5072
- C:\Windows\System\fVDFLGH.exe
  C:\Windows\System\fVDFLGH.exe
  2⤵
  PID:5096
- C:\Windows\System\psbSolK.exe
  C:\Windows\System\psbSolK.exe
  2⤵
  PID:5116
- C:\Windows\System\bntyHfq.exe
  C:\Windows\System\bntyHfq.exe
  2⤵
  PID:3152
- C:\Windows\System\PKyyWXt.exe
  C:\Windows\System\PKyyWXt.exe
  2⤵
  PID:3492
- C:\Windows\System\MzFEhhX.exe
  C:\Windows\System\MzFEhhX.exe
  2⤵
  PID:3756
- C:\Windows\System\oqeKXLM.exe
  C:\Windows\System\oqeKXLM.exe
  2⤵
  PID:2228
- C:\Windows\System\fKvnATT.exe
  C:\Windows\System\fKvnATT.exe
  2⤵
  PID:4120
- C:\Windows\System\PEUOFLm.exe
  C:\Windows\System\PEUOFLm.exe
  2⤵
  PID:4108
- C:\Windows\System\AnRZFIP.exe
  C:\Windows\System\AnRZFIP.exe
  2⤵
  PID:4200
- C:\Windows\System\XjYRmLf.exe
  C:\Windows\System\XjYRmLf.exe
  2⤵
  PID:4184
- C:\Windows\System\JIxsQNp.exe
  C:\Windows\System\JIxsQNp.exe
  2⤵
  PID:4248
- C:\Windows\System\yapoAUh.exe
  C:\Windows\System\yapoAUh.exe
  2⤵
  PID:4288
- C:\Windows\System\tubrygu.exe
  C:\Windows\System\tubrygu.exe
  2⤵
  PID:4320
- C:\Windows\System\FaQSpyY.exe
  C:\Windows\System\FaQSpyY.exe
  2⤵
  PID:4324
- C:\Windows\System\jeYTETF.exe
  C:\Windows\System\jeYTETF.exe
  2⤵
  PID:4344
- C:\Windows\System\CXdBzLa.exe
  C:\Windows\System\CXdBzLa.exe
  2⤵
  PID:4380
- C:\Windows\System\SvyrCBF.exe
  C:\Windows\System\SvyrCBF.exe
  2⤵
  PID:4420
- C:\Windows\System\rZHuNAI.exe
  C:\Windows\System\rZHuNAI.exe
  2⤵
  PID:4444
- C:\Windows\System\UATqQtq.exe
  C:\Windows\System\UATqQtq.exe
  2⤵
  PID:4480
- C:\Windows\System\IjoaFgv.exe
  C:\Windows\System\IjoaFgv.exe
  2⤵
  PID:4500
- C:\Windows\System\gwiKxaf.exe
  C:\Windows\System\gwiKxaf.exe
  2⤵
  PID:4564
- C:\Windows\System\XabkutD.exe
  C:\Windows\System\XabkutD.exe
  2⤵
  PID:4596
- C:\Windows\System\rilFiLT.exe
  C:\Windows\System\rilFiLT.exe
  2⤵
  PID:4584
- C:\Windows\System\SEToZky.exe
  C:\Windows\System\SEToZky.exe
  2⤵
  PID:4624
- C:\Windows\System\rqpTjXG.exe
  C:\Windows\System\rqpTjXG.exe
  2⤵
  PID:4692
- C:\Windows\System\QESxryb.exe
  C:\Windows\System\QESxryb.exe
  2⤵
  PID:4672
- C:\Windows\System\dtfBaMC.exe
  C:\Windows\System\dtfBaMC.exe
  2⤵
  PID:4768
- C:\Windows\System\VEhmJwX.exe
  C:\Windows\System\VEhmJwX.exe
  2⤵
  PID:4808
- C:\Windows\System\pTEbCDf.exe
  C:\Windows\System\pTEbCDf.exe
  2⤵
  PID:4840
- C:\Windows\System\cZGweRR.exe
  C:\Windows\System\cZGweRR.exe
  2⤵
  PID:4788
- C:\Windows\System\fsUoedr.exe
  C:\Windows\System\fsUoedr.exe
  2⤵
  PID:4864
- C:\Windows\System\mVerabZ.exe
  C:\Windows\System\mVerabZ.exe
  2⤵
  PID:4872
- C:\Windows\System\wUFnmhx.exe
  C:\Windows\System\wUFnmhx.exe
  2⤵
  PID:4964
- C:\Windows\System\abSFIhe.exe
  C:\Windows\System\abSFIhe.exe
  2⤵
  PID:4608
- C:\Windows\System\efXPRyP.exe
  C:\Windows\System\efXPRyP.exe
  2⤵
  PID:4992
- C:\Windows\System\ikUhOjT.exe
  C:\Windows\System\ikUhOjT.exe
  2⤵
  PID:5028
- C:\Windows\System\HBxtGMH.exe
  C:\Windows\System\HBxtGMH.exe
  2⤵
  PID:5092
- C:\Windows\System\DLmkNGT.exe
  C:\Windows\System\DLmkNGT.exe
  2⤵
  PID:5108
- C:\Windows\System\jjsFlGT.exe
  C:\Windows\System\jjsFlGT.exe
  2⤵
  PID:3656
- C:\Windows\System\ioOdgEB.exe
  C:\Windows\System\ioOdgEB.exe
  2⤵
  PID:2624
- C:\Windows\System\qQnnuir.exe
  C:\Windows\System\qQnnuir.exe
  2⤵
  PID:4044
- C:\Windows\System\zzdoqMg.exe
  C:\Windows\System\zzdoqMg.exe
  2⤵
  PID:4124
- C:\Windows\System\gxGjTHT.exe
  C:\Windows\System\gxGjTHT.exe
  2⤵
  PID:4148
- C:\Windows\System\cnUOeSk.exe
  C:\Windows\System\cnUOeSk.exe
  2⤵
  PID:4228
- C:\Windows\System\ajWgcSM.exe
  C:\Windows\System\ajWgcSM.exe
  2⤵
  PID:4368
- C:\Windows\System\eVaRdBT.exe
  C:\Windows\System\eVaRdBT.exe
  2⤵
  PID:4436
- C:\Windows\System\hZWaxQx.exe
  C:\Windows\System\hZWaxQx.exe
  2⤵
  PID:4484
- C:\Windows\System\SRMLndc.exe
  C:\Windows\System\SRMLndc.exe
  2⤵
  PID:4568
- C:\Windows\System\cblbyBo.exe
  C:\Windows\System\cblbyBo.exe
  2⤵
  PID:4580
- C:\Windows\System\CZdtRJG.exe
  C:\Windows\System\CZdtRJG.exe
  2⤵
  PID:4632
- C:\Windows\System\RdliOpS.exe
  C:\Windows\System\RdliOpS.exe
  2⤵
  PID:2104
- C:\Windows\System\xNBbsHq.exe
  C:\Windows\System\xNBbsHq.exe
  2⤵
  PID:4772
- C:\Windows\System\ZAcAqzR.exe
  C:\Windows\System\ZAcAqzR.exe
  2⤵
  PID:4748
- C:\Windows\System\xrACQcm.exe
  C:\Windows\System\xrACQcm.exe
  2⤵
  PID:4792
- C:\Windows\System\TzlWcKC.exe
  C:\Windows\System\TzlWcKC.exe
  2⤵
  PID:4732
- C:\Windows\System\ekptudM.exe
  C:\Windows\System\ekptudM.exe
  2⤵
  PID:1064
- C:\Windows\System\bOvDWdG.exe
  C:\Windows\System\bOvDWdG.exe
  2⤵
  PID:4884
- C:\Windows\System\kgPEwbn.exe
  C:\Windows\System\kgPEwbn.exe
  2⤵
  PID:5048
- C:\Windows\System\aaZZFSQ.exe
  C:\Windows\System\aaZZFSQ.exe
  2⤵
  PID:4924
- C:\Windows\System\azKlDMm.exe
  C:\Windows\System\azKlDMm.exe
  2⤵
  PID:4948
- C:\Windows\System\HUYbGZL.exe
  C:\Windows\System\HUYbGZL.exe
  2⤵
  PID:3560
- C:\Windows\System\wVNWxBf.exe
  C:\Windows\System\wVNWxBf.exe
  2⤵
  PID:4940
- C:\Windows\System\zgAPfzB.exe
  C:\Windows\System\zgAPfzB.exe
  2⤵
  PID:5112
- C:\Windows\System\acjPaqY.exe
  C:\Windows\System\acjPaqY.exe
  2⤵
  PID:3856
- C:\Windows\System\szBlaFB.exe
  C:\Windows\System\szBlaFB.exe
  2⤵
  PID:4168
- C:\Windows\System\PpJIORR.exe
  C:\Windows\System\PpJIORR.exe
  2⤵
  PID:4284
- C:\Windows\System\rSqHgoM.exe
  C:\Windows\System\rSqHgoM.exe
  2⤵
  PID:852
- C:\Windows\System\SKwWtTF.exe
  C:\Windows\System\SKwWtTF.exe
  2⤵
  PID:4476
- C:\Windows\System\BCdUNDB.exe
  C:\Windows\System\BCdUNDB.exe
  2⤵
  PID:2020
- C:\Windows\System\SDbndkV.exe
  C:\Windows\System\SDbndkV.exe
  2⤵
  PID:1308
- C:\Windows\System\oNNHZSu.exe
  C:\Windows\System\oNNHZSu.exe
  2⤵
  PID:4528
- C:\Windows\System\cdNYMvf.exe
  C:\Windows\System\cdNYMvf.exe
  2⤵
  PID:4548
- C:\Windows\System\KzbIezF.exe
  C:\Windows\System\KzbIezF.exe
  2⤵
  PID:1788
- C:\Windows\System\uCdxoQH.exe
  C:\Windows\System\uCdxoQH.exe
  2⤵
  PID:2776
- C:\Windows\System\manFqWK.exe
  C:\Windows\System\manFqWK.exe
  2⤵
  PID:2940
- C:\Windows\System\EZUQYyG.exe
  C:\Windows\System\EZUQYyG.exe
  2⤵
  PID:4804
- C:\Windows\System\VODKKbA.exe
  C:\Windows\System\VODKKbA.exe
  2⤵
  PID:4904
- C:\Windows\System\ruEteKM.exe
  C:\Windows\System\ruEteKM.exe
  2⤵
  PID:5008
- C:\Windows\System\ZDlHzYC.exe
  C:\Windows\System\ZDlHzYC.exe
  2⤵
  PID:2004
- C:\Windows\System\mtAiBZi.exe
  C:\Windows\System\mtAiBZi.exe
  2⤵
  PID:3596
- C:\Windows\System\FJZZVzm.exe
  C:\Windows\System\FJZZVzm.exe
  2⤵
  PID:4164
- C:\Windows\System\keJKgwZ.exe
  C:\Windows\System\keJKgwZ.exe
  2⤵
  PID:2216
- C:\Windows\System\qvETOHV.exe
  C:\Windows\System\qvETOHV.exe
  2⤵
  PID:2772
- C:\Windows\System\YdPCYpe.exe
  C:\Windows\System\YdPCYpe.exe
  2⤵
  PID:4308
- C:\Windows\System\bdQbaSi.exe
  C:\Windows\System\bdQbaSi.exe
  2⤵
  PID:2644
- C:\Windows\System\NIotqMq.exe
  C:\Windows\System\NIotqMq.exe
  2⤵
  PID:4764
- C:\Windows\System\mLNGQRb.exe
  C:\Windows\System\mLNGQRb.exe
  2⤵
  PID:1312
- C:\Windows\System\YYVhTub.exe
  C:\Windows\System\YYVhTub.exe
  2⤵
  PID:4812
- C:\Windows\System\ewIYnRr.exe
  C:\Windows\System\ewIYnRr.exe
  2⤵
  PID:2588
- C:\Windows\System\oxhfWxw.exe
  C:\Windows\System\oxhfWxw.exe
  2⤵
  PID:588
- C:\Windows\System\cxdLivN.exe
  C:\Windows\System\cxdLivN.exe
  2⤵
  PID:600
- C:\Windows\System\xlvTtoE.exe
  C:\Windows\System\xlvTtoE.exe
  2⤵
  PID:4084
- C:\Windows\System\NdxKFoh.exe
  C:\Windows\System\NdxKFoh.exe
  2⤵
  PID:2212
- C:\Windows\System\tZtbxVm.exe
  C:\Windows\System\tZtbxVm.exe
  2⤵
  PID:4280
- C:\Windows\System\okgNjOx.exe
  C:\Windows\System\okgNjOx.exe
  2⤵
  PID:4180
- C:\Windows\System\MjzuMlh.exe
  C:\Windows\System\MjzuMlh.exe
  2⤵
  PID:2296
- C:\Windows\System\vfLKHBl.exe
  C:\Windows\System\vfLKHBl.exe
  2⤵
  PID:4824
- C:\Windows\System\hkVtzuf.exe
  C:\Windows\System\hkVtzuf.exe
  2⤵
  PID:4724
- C:\Windows\System\hMUiuLx.exe
  C:\Windows\System\hMUiuLx.exe
  2⤵
  PID:4968
- C:\Windows\System\BgDTDzd.exe
  C:\Windows\System\BgDTDzd.exe
  2⤵
  PID:2760
- C:\Windows\System\zNrtVlx.exe
  C:\Windows\System\zNrtVlx.exe
  2⤵
  PID:5064
- C:\Windows\System\zhAgYcr.exe
  C:\Windows\System\zhAgYcr.exe
  2⤵
  PID:4460
- C:\Windows\System\yMQBJsd.exe
  C:\Windows\System\yMQBJsd.exe
  2⤵
  PID:2828
- C:\Windows\System\mvDtjrE.exe
  C:\Windows\System\mvDtjrE.exe
  2⤵
  PID:4240
- C:\Windows\System\UKdwHNW.exe
  C:\Windows\System\UKdwHNW.exe
  2⤵
  PID:5012
- C:\Windows\System\DnAVkQs.exe
  C:\Windows\System\DnAVkQs.exe
  2⤵
  PID:4144
- C:\Windows\System\hQqrXaf.exe
  C:\Windows\System\hQqrXaf.exe
  2⤵
  PID:4140
- C:\Windows\System\MQRSlXU.exe
  C:\Windows\System\MQRSlXU.exe
  2⤵
  PID:708
- C:\Windows\System\eXLRFzk.exe
  C:\Windows\System\eXLRFzk.exe
  2⤵
  PID:4944
- C:\Windows\System\jsBOKsb.exe
  C:\Windows\System\jsBOKsb.exe
  2⤵
  PID:2512
- C:\Windows\System\bmvEpOs.exe
  C:\Windows\System\bmvEpOs.exe
  2⤵
  PID:2584
- C:\Windows\System\zgtOvQu.exe
  C:\Windows\System\zgtOvQu.exe
  2⤵
  PID:4300
- C:\Windows\System\PGSZbFw.exe
  C:\Windows\System\PGSZbFw.exe
  2⤵
  PID:4508
- C:\Windows\System\wdkIZdt.exe
  C:\Windows\System\wdkIZdt.exe
  2⤵
  PID:1944
- C:\Windows\System\veaMLvq.exe
  C:\Windows\System\veaMLvq.exe
  2⤵
  PID:5148
- C:\Windows\System\tOQakxT.exe
  C:\Windows\System\tOQakxT.exe
  2⤵
  PID:5164
- C:\Windows\System\yDROViI.exe
  C:\Windows\System\yDROViI.exe
  2⤵
  PID:5180
- C:\Windows\System\QOifFJw.exe
  C:\Windows\System\QOifFJw.exe
  2⤵
  PID:5200
- C:\Windows\System\EvYrtPV.exe
  C:\Windows\System\EvYrtPV.exe
  2⤵
  PID:5216
- C:\Windows\System\remHhjy.exe
  C:\Windows\System\remHhjy.exe
  2⤵
  PID:5248
- C:\Windows\System\ZPiuWTQ.exe
  C:\Windows\System\ZPiuWTQ.exe
  2⤵
  PID:5264
- C:\Windows\System\GKgJXBk.exe
  C:\Windows\System\GKgJXBk.exe
  2⤵
  PID:5280
- C:\Windows\System\LOtSnPS.exe
  C:\Windows\System\LOtSnPS.exe
  2⤵
  PID:5296
- C:\Windows\System\oWeXGkX.exe
  C:\Windows\System\oWeXGkX.exe
  2⤵
  PID:5312
- C:\Windows\System\gFmUvHG.exe
  C:\Windows\System\gFmUvHG.exe
  2⤵
  PID:5332
- C:\Windows\System\XpaWkWB.exe
  C:\Windows\System\XpaWkWB.exe
  2⤵
  PID:5348
- C:\Windows\System\wMRyJdJ.exe
  C:\Windows\System\wMRyJdJ.exe
  2⤵
  PID:5364
- C:\Windows\System\kzKxfly.exe
  C:\Windows\System\kzKxfly.exe
  2⤵
  PID:5380
- C:\Windows\System\gvVvVLX.exe
  C:\Windows\System\gvVvVLX.exe
  2⤵
  PID:5396
- C:\Windows\System\qLVSaPv.exe
  C:\Windows\System\qLVSaPv.exe
  2⤵
  PID:5416
- C:\Windows\System\VRDjodf.exe
  C:\Windows\System\VRDjodf.exe
  2⤵
  PID:5436
- C:\Windows\System\tSOHCUk.exe
  C:\Windows\System\tSOHCUk.exe
  2⤵
  PID:5456
- C:\Windows\System\jIhljyb.exe
  C:\Windows\System\jIhljyb.exe
  2⤵
  PID:5472
- C:\Windows\System\TGaKTwU.exe
  C:\Windows\System\TGaKTwU.exe
  2⤵
  PID:5488
- C:\Windows\System\JApXQLA.exe
  C:\Windows\System\JApXQLA.exe
  2⤵
  PID:5504
- C:\Windows\System\sHdiIqq.exe
  C:\Windows\System\sHdiIqq.exe
  2⤵
  PID:5532
- C:\Windows\System\TARfXqc.exe
  C:\Windows\System\TARfXqc.exe
  2⤵
  PID:5548
- C:\Windows\System\QzqWNvP.exe
  C:\Windows\System\QzqWNvP.exe
  2⤵
  PID:5568
- C:\Windows\System\UKoAong.exe
  C:\Windows\System\UKoAong.exe
  2⤵
  PID:5616
- C:\Windows\System\mzERKyW.exe
  C:\Windows\System\mzERKyW.exe
  2⤵
  PID:5632
- C:\Windows\System\wGQCMMd.exe
  C:\Windows\System\wGQCMMd.exe
  2⤵
  PID:5648
- C:\Windows\System\njWXYxp.exe
  C:\Windows\System\njWXYxp.exe
  2⤵
  PID:5668
- C:\Windows\System\DLcqMHW.exe
  C:\Windows\System\DLcqMHW.exe
  2⤵
  PID:5692
- C:\Windows\System\cWiEUCy.exe
  C:\Windows\System\cWiEUCy.exe
  2⤵
  PID:5716
- C:\Windows\System\mRPGANF.exe
  C:\Windows\System\mRPGANF.exe
  2⤵
  PID:5732
- C:\Windows\System\yWIDeFN.exe
  C:\Windows\System\yWIDeFN.exe
  2⤵
  PID:5748
- C:\Windows\System\zTrvrNp.exe
  C:\Windows\System\zTrvrNp.exe
  2⤵
  PID:5764
- C:\Windows\System\sWUPxQZ.exe
  C:\Windows\System\sWUPxQZ.exe
  2⤵
  PID:5784
- C:\Windows\System\utzZpQd.exe
  C:\Windows\System\utzZpQd.exe
  2⤵
  PID:5816
- C:\Windows\System\KsndGOT.exe
  C:\Windows\System\KsndGOT.exe
  2⤵
  PID:5840
- C:\Windows\System\BIDzoIG.exe
  C:\Windows\System\BIDzoIG.exe
  2⤵
  PID:5856
- C:\Windows\System\oRCsWsB.exe
  C:\Windows\System\oRCsWsB.exe
  2⤵
  PID:5896
- C:\Windows\System\LDeMnve.exe
  C:\Windows\System\LDeMnve.exe
  2⤵
  PID:5912
- C:\Windows\System\xplVXKc.exe
  C:\Windows\System\xplVXKc.exe
  2⤵
  PID:5928
- C:\Windows\System\KedPOWO.exe
  C:\Windows\System\KedPOWO.exe
  2⤵
  PID:5944
- C:\Windows\System\KxFRcDV.exe
  C:\Windows\System\KxFRcDV.exe
  2⤵
  PID:5964
- C:\Windows\System\iVLuiCy.exe
  C:\Windows\System\iVLuiCy.exe
  2⤵
  PID:5984
- C:\Windows\System\LrSckeF.exe
  C:\Windows\System\LrSckeF.exe
  2⤵
  PID:6004
- C:\Windows\System\pUJPaoX.exe
  C:\Windows\System\pUJPaoX.exe
  2⤵
  PID:6024
- C:\Windows\System\fPfzreh.exe
  C:\Windows\System\fPfzreh.exe
  2⤵
  PID:6048
- C:\Windows\System\TIVrgxC.exe
  C:\Windows\System\TIVrgxC.exe
  2⤵
  PID:6064
- C:\Windows\System\ftZCgsz.exe
  C:\Windows\System\ftZCgsz.exe
  2⤵
  PID:6080
- C:\Windows\System\bXwDrTI.exe
  C:\Windows\System\bXwDrTI.exe
  2⤵
  PID:6096
- C:\Windows\System\wcCCFdy.exe
  C:\Windows\System\wcCCFdy.exe
  2⤵
  PID:6124
- C:\Windows\System\mObqjvD.exe
  C:\Windows\System\mObqjvD.exe
  2⤵
  PID:6140
- C:\Windows\System\VNhiYvI.exe
  C:\Windows\System\VNhiYvI.exe
  2⤵
  PID:5124
- C:\Windows\System\hBCWTUj.exe
  C:\Windows\System\hBCWTUj.exe
  2⤵
  PID:5140
- C:\Windows\System\xFezLyD.exe
  C:\Windows\System\xFezLyD.exe
  2⤵
  PID:5212
- C:\Windows\System\PKaAMUO.exe
  C:\Windows\System\PKaAMUO.exe
  2⤵
  PID:5196
- C:\Windows\System\EjUyAFT.exe
  C:\Windows\System\EjUyAFT.exe
  2⤵
  PID:5232
- C:\Windows\System\tBouTpD.exe
  C:\Windows\System\tBouTpD.exe
  2⤵
  PID:5256
- C:\Windows\System\BcYDOmr.exe
  C:\Windows\System\BcYDOmr.exe
  2⤵
  PID:5288
- C:\Windows\System\ZXszoRL.exe
  C:\Windows\System\ZXszoRL.exe
  2⤵
  PID:5424
- C:\Windows\System\GkLpdgl.exe
  C:\Windows\System\GkLpdgl.exe
  2⤵
  PID:5428
- C:\Windows\System\lHamPad.exe
  C:\Windows\System\lHamPad.exe
  2⤵
  PID:5496
- C:\Windows\System\BKxAozh.exe
  C:\Windows\System\BKxAozh.exe
  2⤵
  PID:5340
- C:\Windows\System\KOFYcYm.exe
  C:\Windows\System\KOFYcYm.exe
  2⤵
  PID:5580
- C:\Windows\System\WxTDXzv.exe
  C:\Windows\System\WxTDXzv.exe
  2⤵
  PID:5592
- C:\Windows\System\DlxRdEn.exe
  C:\Windows\System\DlxRdEn.exe
  2⤵
  PID:5612
- C:\Windows\System\dTlNyVI.exe
  C:\Windows\System\dTlNyVI.exe
  2⤵
  PID:5680
- C:\Windows\System\PlqgXje.exe
  C:\Windows\System\PlqgXje.exe
  2⤵
  PID:5728
- C:\Windows\System\yTfeDVk.exe
  C:\Windows\System\yTfeDVk.exe
  2⤵
  PID:5700
- C:\Windows\System\pdgZwBA.exe
  C:\Windows\System\pdgZwBA.exe
  2⤵
  PID:5712
- C:\Windows\System\DGfnfBp.exe
  C:\Windows\System\DGfnfBp.exe
  2⤵
  PID:5776
- C:\Windows\System\dBrjSdy.exe
  C:\Windows\System\dBrjSdy.exe
  2⤵
  PID:5624
- C:\Windows\System\xYvovlk.exe
  C:\Windows\System\xYvovlk.exe
  2⤵
  PID:5828
- C:\Windows\System\mcfdxYp.exe
  C:\Windows\System\mcfdxYp.exe
  2⤵
  PID:5880
- C:\Windows\System\eIUJHZs.exe
  C:\Windows\System\eIUJHZs.exe
  2⤵
  PID:5936
- C:\Windows\System\ExlylOp.exe
  C:\Windows\System\ExlylOp.exe
  2⤵
  PID:6012
- C:\Windows\System\henxUKM.exe
  C:\Windows\System\henxUKM.exe
  2⤵
  PID:5992
- C:\Windows\System\ZzruxgI.exe
  C:\Windows\System\ZzruxgI.exe
  2⤵
  PID:5924
- C:\Windows\System\sYDGcUR.exe
  C:\Windows\System\sYDGcUR.exe
  2⤵
  PID:5952
- C:\Windows\System\FFgjYsz.exe
  C:\Windows\System\FFgjYsz.exe
  2⤵
  PID:6112
- C:\Windows\System\NguBcCN.exe
  C:\Windows\System\NguBcCN.exe
  2⤵
  PID:6116
- C:\Windows\System\iLLulpb.exe
  C:\Windows\System\iLLulpb.exe
  2⤵
  PID:5236
- C:\Windows\System\ImGEuXG.exe
  C:\Windows\System\ImGEuXG.exe
  2⤵
  PID:5388
- C:\Windows\System\ITHSQsk.exe
  C:\Windows\System\ITHSQsk.exe
  2⤵
  PID:5132
- C:\Windows\System\eShMkwI.exe
  C:\Windows\System\eShMkwI.exe
  2⤵
  PID:5228
- C:\Windows\System\eDNkWuh.exe
  C:\Windows\System\eDNkWuh.exe
  2⤵
  PID:4544
- C:\Windows\System\SDkdIIO.exe
  C:\Windows\System\SDkdIIO.exe
  2⤵
  PID:5512
- C:\Windows\System\tnBEwdg.exe
  C:\Windows\System\tnBEwdg.exe
  2⤵
  PID:5516
- C:\Windows\System\vdBQkvR.exe
  C:\Windows\System\vdBQkvR.exe
  2⤵
  PID:5372
- C:\Windows\System\AwcTurA.exe
  C:\Windows\System\AwcTurA.exe
  2⤵
  PID:5304
- C:\Windows\System\xdOiaAI.exe
  C:\Windows\System\xdOiaAI.exe
  2⤵
  PID:5608
- C:\Windows\System\cxeGErK.exe
  C:\Windows\System\cxeGErK.exe
  2⤵
  PID:5676
- C:\Windows\System\dHQkHgX.exe
  C:\Windows\System\dHQkHgX.exe
  2⤵
  PID:5724
- C:\Windows\System\hMzDPrV.exe
  C:\Windows\System\hMzDPrV.exe
  2⤵
  PID:5792
- C:\Windows\System\UwYWjTD.exe
  C:\Windows\System\UwYWjTD.exe
  2⤵
  PID:5836
- C:\Windows\System\lWkdrvR.exe
  C:\Windows\System\lWkdrvR.exe
  2⤵
  PID:5812
- C:\Windows\System\ESIENIt.exe
  C:\Windows\System\ESIENIt.exe
  2⤵
  PID:5976
- C:\Windows\System\idaRlGa.exe
  C:\Windows\System\idaRlGa.exe
  2⤵
  PID:6000
- C:\Windows\System\MmxpEBH.exe
  C:\Windows\System\MmxpEBH.exe
  2⤵
  PID:5960
- C:\Windows\System\OWPDiEu.exe
  C:\Windows\System\OWPDiEu.exe
  2⤵
  PID:6088
- C:\Windows\System\oaZnegl.exe
  C:\Windows\System\oaZnegl.exe
  2⤵
  PID:6104
- C:\Windows\System\QRVBydX.exe
  C:\Windows\System\QRVBydX.exe
  2⤵
  PID:5540
- C:\Windows\System\fzGlRSs.exe
  C:\Windows\System\fzGlRSs.exe
  2⤵
  PID:5172
- C:\Windows\System\eIYTfJF.exe
  C:\Windows\System\eIYTfJF.exe
  2⤵
  PID:5160
- C:\Windows\System\NkavrVD.exe
  C:\Windows\System\NkavrVD.exe
  2⤵
  PID:5524
- C:\Windows\System\ONVmSsP.exe
  C:\Windows\System\ONVmSsP.exe
  2⤵
  PID:5544
- C:\Windows\System\aZhHkfc.exe
  C:\Windows\System\aZhHkfc.exe
  2⤵
  PID:5444
- C:\Windows\System\ziueSDP.exe
  C:\Windows\System\ziueSDP.exe
  2⤵
  PID:5704
- C:\Windows\System\kzKEXGI.exe
  C:\Windows\System\kzKEXGI.exe
  2⤵
  PID:5708
- C:\Windows\System\mzARnQc.exe
  C:\Windows\System\mzARnQc.exe
  2⤵
  PID:6092
- C:\Windows\System\MNmUuOf.exe
  C:\Windows\System\MNmUuOf.exe
  2⤵
  PID:6148
- C:\Windows\System\SauDxcF.exe
  C:\Windows\System\SauDxcF.exe
  2⤵
  PID:6164
- C:\Windows\System\aSysjly.exe
  C:\Windows\System\aSysjly.exe
  2⤵
  PID:6184
- C:\Windows\System\WzMjIDZ.exe
  C:\Windows\System\WzMjIDZ.exe
  2⤵
  PID:6200
- C:\Windows\System\QknaBdV.exe
  C:\Windows\System\QknaBdV.exe
  2⤵
  PID:6216
- C:\Windows\System\FqroePb.exe
  C:\Windows\System\FqroePb.exe
  2⤵
  PID:6236
- C:\Windows\System\JqZYwIn.exe
  C:\Windows\System\JqZYwIn.exe
  2⤵
  PID:6252
- C:\Windows\System\UKdzkNf.exe
  C:\Windows\System\UKdzkNf.exe
  2⤵
  PID:6268
- C:\Windows\System\GkBcjMQ.exe
  C:\Windows\System\GkBcjMQ.exe
  2⤵
  PID:6284
- C:\Windows\System\RHyGdKS.exe
  C:\Windows\System\RHyGdKS.exe
  2⤵
  PID:6300
- C:\Windows\System\AONEeAR.exe
  C:\Windows\System\AONEeAR.exe
  2⤵
  PID:6384
- C:\Windows\System\mjKLrXx.exe
  C:\Windows\System\mjKLrXx.exe
  2⤵
  PID:6408
- C:\Windows\System\tgwtJjZ.exe
  C:\Windows\System\tgwtJjZ.exe
  2⤵
  PID:6424
- C:\Windows\System\VajaBUJ.exe
  C:\Windows\System\VajaBUJ.exe
  2⤵
  PID:6440
- C:\Windows\System\nKkLDfM.exe
  C:\Windows\System\nKkLDfM.exe
  2⤵
  PID:6460
- C:\Windows\System\vnOVgPC.exe
  C:\Windows\System\vnOVgPC.exe
  2⤵
  PID:6484
- C:\Windows\System\WFvdRhl.exe
  C:\Windows\System\WFvdRhl.exe
  2⤵
  PID:6500
- C:\Windows\System\igIfpkw.exe
  C:\Windows\System\igIfpkw.exe
  2⤵
  PID:6516
- C:\Windows\System\QlsiELb.exe
  C:\Windows\System\QlsiELb.exe
  2⤵
  PID:6536
- C:\Windows\System\VOPVvRJ.exe
  C:\Windows\System\VOPVvRJ.exe
  2⤵
  PID:6560
- C:\Windows\System\JAzdeOv.exe
  C:\Windows\System\JAzdeOv.exe
  2⤵
  PID:6580
- C:\Windows\System\dvdbjuT.exe
  C:\Windows\System\dvdbjuT.exe
  2⤵
  PID:6604
- C:\Windows\System\RFGgZsM.exe
  C:\Windows\System\RFGgZsM.exe
  2⤵
  PID:6620
- C:\Windows\System\bkKwptx.exe
  C:\Windows\System\bkKwptx.exe
  2⤵
  PID:6636
- C:\Windows\System\oLyuaWp.exe
  C:\Windows\System\oLyuaWp.exe
  2⤵
  PID:6652
- C:\Windows\System\bBoPGLe.exe
  C:\Windows\System\bBoPGLe.exe
  2⤵
  PID:6668
- C:\Windows\System\HtyveCP.exe
  C:\Windows\System\HtyveCP.exe
  2⤵
  PID:6684
- C:\Windows\System\XIYcrEd.exe
  C:\Windows\System\XIYcrEd.exe
  2⤵
  PID:6700
- C:\Windows\System\thKDPgL.exe
  C:\Windows\System\thKDPgL.exe
  2⤵
  PID:6720
- C:\Windows\System\BClFlzz.exe
  C:\Windows\System\BClFlzz.exe
  2⤵
  PID:6740
- C:\Windows\System\ccHujuY.exe
  C:\Windows\System\ccHujuY.exe
  2⤵
  PID:6756
- C:\Windows\System\KmGTzwz.exe
  C:\Windows\System\KmGTzwz.exe
  2⤵
  PID:6772
- C:\Windows\System\jSgpBOW.exe
  C:\Windows\System\jSgpBOW.exe
  2⤵
  PID:6824
- C:\Windows\System\xEHKbaE.exe
  C:\Windows\System\xEHKbaE.exe
  2⤵
  PID:6840
- C:\Windows\System\AgAVMfR.exe
  C:\Windows\System\AgAVMfR.exe
  2⤵
  PID:6856
- C:\Windows\System\QCiXuhA.exe
  C:\Windows\System\QCiXuhA.exe
  2⤵
  PID:6880
- C:\Windows\System\vyAqkgY.exe
  C:\Windows\System\vyAqkgY.exe
  2⤵
  PID:6896
- C:\Windows\System\CQqcmyE.exe
  C:\Windows\System\CQqcmyE.exe
  2⤵
  PID:6912
- C:\Windows\System\ggKVWXJ.exe
  C:\Windows\System\ggKVWXJ.exe
  2⤵
  PID:6928
- C:\Windows\System\UNHypyV.exe
  C:\Windows\System\UNHypyV.exe
  2⤵
  PID:6952
- C:\Windows\System\qlyczqH.exe
  C:\Windows\System\qlyczqH.exe
  2⤵
  PID:6980
- C:\Windows\System\CbpoWQR.exe
  C:\Windows\System\CbpoWQR.exe
  2⤵
  PID:6996
- C:\Windows\System\VapmiJP.exe
  C:\Windows\System\VapmiJP.exe
  2⤵
  PID:7012
- C:\Windows\System\jDjHsHA.exe
  C:\Windows\System\jDjHsHA.exe
  2⤵
  PID:7048
- C:\Windows\System\TfoEULG.exe
  C:\Windows\System\TfoEULG.exe
  2⤵
  PID:7064
- C:\Windows\System\IohDebR.exe
  C:\Windows\System\IohDebR.exe
  2⤵
  PID:7084
- C:\Windows\System\hQtDpfH.exe
  C:\Windows\System\hQtDpfH.exe
  2⤵
  PID:7100
- C:\Windows\System\LwIolds.exe
  C:\Windows\System\LwIolds.exe
  2⤵
  PID:7116
- C:\Windows\System\JskuqHa.exe
  C:\Windows\System\JskuqHa.exe
  2⤵
  PID:7132
- C:\Windows\System\bZJzeMj.exe
  C:\Windows\System\bZJzeMj.exe
  2⤵
  PID:7148
- C:\Windows\System\eJVKLkL.exe
  C:\Windows\System\eJVKLkL.exe
  2⤵
  PID:7164
- C:\Windows\System\Hwkyfyt.exe
  C:\Windows\System\Hwkyfyt.exe
  2⤵
  PID:5412
- C:\Windows\System\UbDHJLc.exe
  C:\Windows\System\UbDHJLc.exe
  2⤵
  PID:5744
- C:\Windows\System\NBQKhZn.exe
  C:\Windows\System\NBQKhZn.exe
  2⤵
  PID:6072
- C:\Windows\System\tJvcCRp.exe
  C:\Windows\System\tJvcCRp.exe
  2⤵
  PID:5872
- C:\Windows\System\YpxAOwc.exe
  C:\Windows\System\YpxAOwc.exe
  2⤵
  PID:6136
- C:\Windows\System\bXJxjHR.exe
  C:\Windows\System\bXJxjHR.exe
  2⤵
  PID:6292
- C:\Windows\System\snccLee.exe
  C:\Windows\System\snccLee.exe
  2⤵
  PID:6040
- C:\Windows\System\iHYOVBm.exe
  C:\Windows\System\iHYOVBm.exe
  2⤵
  PID:6392
- C:\Windows\System\otIbKOK.exe
  C:\Windows\System\otIbKOK.exe
  2⤵
  PID:6380
- C:\Windows\System\rliWzMz.exe
  C:\Windows\System\rliWzMz.exe
  2⤵
  PID:5464
- C:\Windows\System\vSrzQEW.exe
  C:\Windows\System\vSrzQEW.exe
  2⤵
  PID:5604
- C:\Windows\System\bASfipF.exe
  C:\Windows\System\bASfipF.exe
  2⤵
  PID:6360
- C:\Windows\System\HGMcuBQ.exe
  C:\Windows\System\HGMcuBQ.exe
  2⤵
  PID:6208
- C:\Windows\System\sIwOJDO.exe
  C:\Windows\System\sIwOJDO.exe
  2⤵
  PID:6368
- C:\Windows\System\GmqhKvM.exe
  C:\Windows\System\GmqhKvM.exe
  2⤵
  PID:6376
- C:\Windows\System\hSVacGg.exe
  C:\Windows\System\hSVacGg.exe
  2⤵
  PID:6416
- C:\Windows\System\YxutFjD.exe
  C:\Windows\System\YxutFjD.exe
  2⤵
  PID:6472
- C:\Windows\System\XbJKAHE.exe
  C:\Windows\System\XbJKAHE.exe
  2⤵
  PID:6508
- C:\Windows\System\JagyklC.exe
  C:\Windows\System\JagyklC.exe
  2⤵
  PID:6496
- C:\Windows\System\rVQHkGO.exe
  C:\Windows\System\rVQHkGO.exe
  2⤵
  PID:6532
- C:\Windows\System\YGWlWkz.exe
  C:\Windows\System\YGWlWkz.exe
  2⤵
  PID:6568
- C:\Windows\System\FAPkyux.exe
  C:\Windows\System\FAPkyux.exe
  2⤵
  PID:6612
- C:\Windows\System\tKNXrRE.exe
  C:\Windows\System\tKNXrRE.exe
  2⤵
  PID:6600
- C:\Windows\System\tJQGfhP.exe
  C:\Windows\System\tJQGfhP.exe
  2⤵
  PID:6632
- C:\Windows\System\uLXfbdY.exe
  C:\Windows\System\uLXfbdY.exe
  2⤵
  PID:6696
- C:\Windows\System\uPFzCdP.exe
  C:\Windows\System\uPFzCdP.exe
  2⤵
  PID:6764
- C:\Windows\System\dRfNoJm.exe
  C:\Windows\System\dRfNoJm.exe
  2⤵
  PID:6712
- C:\Windows\System\qulbBtw.exe
  C:\Windows\System\qulbBtw.exe
  2⤵
  PID:6796
- C:\Windows\System\VfHISiK.exe
  C:\Windows\System\VfHISiK.exe
  2⤵
  PID:6808
- C:\Windows\System\tJhpeHe.exe
  C:\Windows\System\tJhpeHe.exe
  2⤵
  PID:6752
- C:\Windows\System\QcSwSjc.exe
  C:\Windows\System\QcSwSjc.exe
  2⤵
  PID:6944
- C:\Windows\System\mAlvHMf.exe
  C:\Windows\System\mAlvHMf.exe
  2⤵
  PID:6920
- C:\Windows\System\VAUXdys.exe
  C:\Windows\System\VAUXdys.exe
  2⤵
  PID:6964
- C:\Windows\System\iYadAxu.exe
  C:\Windows\System\iYadAxu.exe
  2⤵
  PID:6972
- C:\Windows\System\LFACWGn.exe
  C:\Windows\System\LFACWGn.exe
  2⤵
  PID:7032
- C:\Windows\System\LipNzwu.exe
  C:\Windows\System\LipNzwu.exe
  2⤵
  PID:6992
- C:\Windows\System\YCEHYiG.exe
  C:\Windows\System\YCEHYiG.exe
  2⤵
  PID:7044
- C:\Windows\System\ICBTFTF.exe
  C:\Windows\System\ICBTFTF.exe
  2⤵
  PID:7112
- C:\Windows\System\oWkOrgs.exe
  C:\Windows\System\oWkOrgs.exe
  2⤵
  PID:5244
- C:\Windows\System\KuTyXel.exe
  C:\Windows\System\KuTyXel.exe
  2⤵
  PID:7060
- C:\Windows\System\exZkdbe.exe
  C:\Windows\System\exZkdbe.exe
  2⤵
  PID:5852
- C:\Windows\System\cLFnxYJ.exe
  C:\Windows\System\cLFnxYJ.exe
  2⤵
  PID:7096
- C:\Windows\System\utmcYSo.exe
  C:\Windows\System\utmcYSo.exe
  2⤵
  PID:7128
- C:\Windows\System\GwrOiZJ.exe
  C:\Windows\System\GwrOiZJ.exe
  2⤵
  PID:6196
- C:\Windows\System\LtitXTh.exe
  C:\Windows\System\LtitXTh.exe
  2⤵
  PID:5756
- C:\Windows\System\zioHKEf.exe
  C:\Windows\System\zioHKEf.exe
  2⤵
  PID:6232
- C:\Windows\System\HxEYuaC.exe
  C:\Windows\System\HxEYuaC.exe
  2⤵
  PID:5600
- C:\Windows\System\zkXKjaR.exe
  C:\Windows\System\zkXKjaR.exe
  2⤵
  PID:5588
- C:\Windows\System\ZncfvUS.exe
  C:\Windows\System\ZncfvUS.exe
  2⤵
  PID:6324
- C:\Windows\System\DxCJPyw.exe
  C:\Windows\System\DxCJPyw.exe
  2⤵
  PID:6176
- C:\Windows\System\vOKGzLT.exe
  C:\Windows\System\vOKGzLT.exe
  2⤵
  PID:6432
- C:\Windows\System\DUHgNzr.exe
  C:\Windows\System\DUHgNzr.exe
  2⤵
  PID:6280
- C:\Windows\System\lreADIh.exe
  C:\Windows\System\lreADIh.exe
  2⤵
  PID:6244
- C:\Windows\System\YQMtnkG.exe
  C:\Windows\System\YQMtnkG.exe
  2⤵
  PID:6448
- C:\Windows\System\JxAinif.exe
  C:\Windows\System\JxAinif.exe
  2⤵
  PID:6588
- C:\Windows\System\kfmBREk.exe
  C:\Windows\System\kfmBREk.exe
  2⤵
  PID:6676
- C:\Windows\System\vEBvLvG.exe
  C:\Windows\System\vEBvLvG.exe
  2⤵
  PID:6644
- C:\Windows\System\yYgGEwk.exe
  C:\Windows\System\yYgGEwk.exe
  2⤵
  PID:6748
- C:\Windows\System\wPGYaNU.exe
  C:\Windows\System\wPGYaNU.exe
  2⤵
  PID:6784
- C:\Windows\System\TKlozJr.exe
  C:\Windows\System\TKlozJr.exe
  2⤵
  PID:6788
- C:\Windows\System\uTxBQtl.exe
  C:\Windows\System\uTxBQtl.exe
  2⤵
  PID:6876
- C:\Windows\System\ilENtLZ.exe
  C:\Windows\System\ilENtLZ.exe
  2⤵
  PID:6940
- C:\Windows\System\KdgLdQR.exe
  C:\Windows\System\KdgLdQR.exe
  2⤵
  PID:7008
- C:\Windows\System\okcoPWM.exe
  C:\Windows\System\okcoPWM.exe
  2⤵
  PID:7108
- C:\Windows\System\uVxBBLc.exe
  C:\Windows\System\uVxBBLc.exe
  2⤵
  PID:5980
- C:\Windows\System\RLPdUeJ.exe
  C:\Windows\System\RLPdUeJ.exe
  2⤵
  PID:5972
- C:\Windows\System\JNeeiET.exe
  C:\Windows\System\JNeeiET.exe
  2⤵
  PID:5272
- C:\Windows\System\AyrkGqF.exe
  C:\Windows\System\AyrkGqF.exe
  2⤵
  PID:6356
- C:\Windows\System\nJyQIAl.exe
  C:\Windows\System\nJyQIAl.exe
  2⤵
  PID:7124
- C:\Windows\System\GlrMyLe.exe
  C:\Windows\System\GlrMyLe.exe
  2⤵
  PID:6348
- C:\Windows\System\HnsQIrM.exe
  C:\Windows\System\HnsQIrM.exe
  2⤵
  PID:6664
- C:\Windows\System\XqTGgjv.exe
  C:\Windows\System\XqTGgjv.exe
  2⤵
  PID:6308
- C:\Windows\System\AjOvHUm.exe
  C:\Windows\System\AjOvHUm.exe
  2⤵
  PID:6556
- C:\Windows\System\YsINUrh.exe
  C:\Windows\System\YsINUrh.exe
  2⤵
  PID:6736
- C:\Windows\System\UlxMfkc.exe
  C:\Windows\System\UlxMfkc.exe
  2⤵
  PID:6864
- C:\Windows\System\XzxMalK.exe
  C:\Windows\System\XzxMalK.exe
  2⤵
  PID:6816
- C:\Windows\System\wYZAfoc.exe
  C:\Windows\System\wYZAfoc.exe
  2⤵
  PID:6848
- C:\Windows\System\lteIEmq.exe
  C:\Windows\System\lteIEmq.exe
  2⤵
  PID:7144
- C:\Windows\System\RAtifWx.exe
  C:\Windows\System\RAtifWx.exe
  2⤵
  PID:7056
- C:\Windows\System\FyRIkKd.exe
  C:\Windows\System\FyRIkKd.exe
  2⤵
  PID:6988
- C:\Windows\System\LkwXSCh.exe
  C:\Windows\System\LkwXSCh.exe
  2⤵
  PID:7076
- C:\Windows\System\LyQjNqe.exe
  C:\Windows\System\LyQjNqe.exe
  2⤵
  PID:6160
- C:\Windows\System\lxbtgYZ.exe
  C:\Windows\System\lxbtgYZ.exe
  2⤵
  PID:6576
- C:\Windows\System\vVTyQzz.exe
  C:\Windows\System\vVTyQzz.exe
  2⤵
  PID:6456
- C:\Windows\System\DmjorJG.exe
  C:\Windows\System\DmjorJG.exe
  2⤵
  PID:6708
- C:\Windows\System\COIDSEM.exe
  C:\Windows\System\COIDSEM.exe
  2⤵
  PID:6264
- C:\Windows\System\WnczInT.exe
  C:\Windows\System\WnczInT.exe
  2⤵
  PID:6888
- C:\Windows\System\CcvhdPL.exe
  C:\Windows\System\CcvhdPL.exe
  2⤵
  PID:6592
- C:\Windows\System\PBDCzKh.exe
  C:\Windows\System\PBDCzKh.exe
  2⤵
  PID:6732
- C:\Windows\System\jWENCcE.exe
  C:\Windows\System\jWENCcE.exe
  2⤵
  PID:7040
- C:\Windows\System\tfrlpsC.exe
  C:\Windows\System\tfrlpsC.exe
  2⤵
  PID:6400
- C:\Windows\System\Afcqvbp.exe
  C:\Windows\System\Afcqvbp.exe
  2⤵
  PID:7184
- C:\Windows\System\wiJMDTF.exe
  C:\Windows\System\wiJMDTF.exe
  2⤵
  PID:7200
- C:\Windows\System\ebjjkFE.exe
  C:\Windows\System\ebjjkFE.exe
  2⤵
  PID:7216
- C:\Windows\System\kRfMoZV.exe
  C:\Windows\System\kRfMoZV.exe
  2⤵
  PID:7232
- C:\Windows\System\QjMXsXy.exe
  C:\Windows\System\QjMXsXy.exe
  2⤵
  PID:7248
- C:\Windows\System\TkZcHeg.exe
  C:\Windows\System\TkZcHeg.exe
  2⤵
  PID:7264
- C:\Windows\System\ugGnomg.exe
  C:\Windows\System\ugGnomg.exe
  2⤵
  PID:7280
- C:\Windows\System\EmpiCfP.exe
  C:\Windows\System\EmpiCfP.exe
  2⤵
  PID:7296
- C:\Windows\System\DXgINGl.exe
  C:\Windows\System\DXgINGl.exe
  2⤵
  PID:7312
- C:\Windows\System\SvkXlFh.exe
  C:\Windows\System\SvkXlFh.exe
  2⤵
  PID:7328
- C:\Windows\System\ZbHwILY.exe
  C:\Windows\System\ZbHwILY.exe
  2⤵
  PID:7344
- C:\Windows\System\qCjzPVy.exe
  C:\Windows\System\qCjzPVy.exe
  2⤵
  PID:7360
- C:\Windows\System\ZnhTeuS.exe
  C:\Windows\System\ZnhTeuS.exe
  2⤵
  PID:7376
- C:\Windows\System\bcFMHrZ.exe
  C:\Windows\System\bcFMHrZ.exe
  2⤵
  PID:7392
- C:\Windows\System\HsaLkKr.exe
  C:\Windows\System\HsaLkKr.exe
  2⤵
  PID:7408
- C:\Windows\System\TNsAJOc.exe
  C:\Windows\System\TNsAJOc.exe
  2⤵
  PID:7424
- C:\Windows\System\OOhxmQY.exe
  C:\Windows\System\OOhxmQY.exe
  2⤵
  PID:7440
- C:\Windows\System\pjwnFOq.exe
  C:\Windows\System\pjwnFOq.exe
  2⤵
  PID:7456
- C:\Windows\System\OgXkkOZ.exe
  C:\Windows\System\OgXkkOZ.exe
  2⤵
  PID:7472
- C:\Windows\System\nolIBDx.exe
  C:\Windows\System\nolIBDx.exe
  2⤵
  PID:7488
- C:\Windows\System\eEPTbKw.exe
  C:\Windows\System\eEPTbKw.exe
  2⤵
  PID:7504
- C:\Windows\System\DJGxErV.exe
  C:\Windows\System\DJGxErV.exe
  2⤵
  PID:7520
- C:\Windows\System\azdMhGM.exe
  C:\Windows\System\azdMhGM.exe
  2⤵
  PID:7536
- C:\Windows\System\FDjKOll.exe
  C:\Windows\System\FDjKOll.exe
  2⤵
  PID:7552
- C:\Windows\System\MVnlzBm.exe
  C:\Windows\System\MVnlzBm.exe
  2⤵
  PID:7568
- C:\Windows\System\jVlbvjD.exe
  C:\Windows\System\jVlbvjD.exe
  2⤵
  PID:7584
- C:\Windows\System\kxstzRF.exe
  C:\Windows\System\kxstzRF.exe
  2⤵
  PID:7600
- C:\Windows\System\uAFXdbv.exe
  C:\Windows\System\uAFXdbv.exe
  2⤵
  PID:7616
- C:\Windows\System\bcIwOeM.exe
  C:\Windows\System\bcIwOeM.exe
  2⤵
  PID:7632
- C:\Windows\System\iWfNpqJ.exe
  C:\Windows\System\iWfNpqJ.exe
  2⤵
  PID:7648
- C:\Windows\System\tVNFLWM.exe
  C:\Windows\System\tVNFLWM.exe
  2⤵
  PID:7664
- C:\Windows\System\MtjaYxu.exe
  C:\Windows\System\MtjaYxu.exe
  2⤵
  PID:7680
- C:\Windows\System\YqkFqbh.exe
  C:\Windows\System\YqkFqbh.exe
  2⤵
  PID:7696
- C:\Windows\System\YnAkiSu.exe
  C:\Windows\System\YnAkiSu.exe
  2⤵
  PID:7712
- C:\Windows\System\gkqOdOi.exe
  C:\Windows\System\gkqOdOi.exe
  2⤵
  PID:7728
- C:\Windows\System\PLGydtY.exe
  C:\Windows\System\PLGydtY.exe
  2⤵
  PID:7744
- C:\Windows\System\mbfUlGl.exe
  C:\Windows\System\mbfUlGl.exe
  2⤵
  PID:7764
- C:\Windows\System\TEdXLzV.exe
  C:\Windows\System\TEdXLzV.exe
  2⤵
  PID:7780
- C:\Windows\System\OigVNsw.exe
  C:\Windows\System\OigVNsw.exe
  2⤵
  PID:7796
- C:\Windows\System\VIqrtEW.exe
  C:\Windows\System\VIqrtEW.exe
  2⤵
  PID:7812
- C:\Windows\System\VtDLavO.exe
  C:\Windows\System\VtDLavO.exe
  2⤵
  PID:7828
- C:\Windows\System\nhQQAZY.exe
  C:\Windows\System\nhQQAZY.exe
  2⤵
  PID:7844
- C:\Windows\System\mQMeNkB.exe
  C:\Windows\System\mQMeNkB.exe
  2⤵
  PID:7860
- C:\Windows\System\lVKDdEy.exe
  C:\Windows\System\lVKDdEy.exe
  2⤵
  PID:7876
- C:\Windows\System\MwcvCfs.exe
  C:\Windows\System\MwcvCfs.exe
  2⤵
  PID:7892
- C:\Windows\System\WTkirhn.exe
  C:\Windows\System\WTkirhn.exe
  2⤵
  PID:7908
- C:\Windows\System\oznyfoW.exe
  C:\Windows\System\oznyfoW.exe
  2⤵
  PID:7924
- C:\Windows\System\tlHXJBO.exe
  C:\Windows\System\tlHXJBO.exe
  2⤵
  PID:7940
- C:\Windows\System\OgnwNMJ.exe
  C:\Windows\System\OgnwNMJ.exe
  2⤵
  PID:7956
- C:\Windows\System\aevxuhy.exe
  C:\Windows\System\aevxuhy.exe
  2⤵
  PID:7972
- C:\Windows\System\RriMgWP.exe
  C:\Windows\System\RriMgWP.exe
  2⤵
  PID:7988
- C:\Windows\System\uUHuBAj.exe
  C:\Windows\System\uUHuBAj.exe
  2⤵
  PID:8004
- C:\Windows\System\kShsJTt.exe
  C:\Windows\System\kShsJTt.exe
  2⤵
  PID:8020
- C:\Windows\System\pGpiPtV.exe
  C:\Windows\System\pGpiPtV.exe
  2⤵
  PID:8036
- C:\Windows\System\qJgdcPc.exe
  C:\Windows\System\qJgdcPc.exe
  2⤵
  PID:8052
- C:\Windows\System\NgeBKVH.exe
  C:\Windows\System\NgeBKVH.exe
  2⤵
  PID:8068
- C:\Windows\System\qjMzYjc.exe
  C:\Windows\System\qjMzYjc.exe
  2⤵
  PID:8084
- C:\Windows\System\HZdvCjY.exe
  C:\Windows\System\HZdvCjY.exe
  2⤵
  PID:8100
- C:\Windows\System\dSgQSBo.exe
  C:\Windows\System\dSgQSBo.exe
  2⤵
  PID:8132
- C:\Windows\System\uFJdKwD.exe
  C:\Windows\System\uFJdKwD.exe
  2⤵
  PID:8148
- C:\Windows\System\rCgZZLq.exe
  C:\Windows\System\rCgZZLq.exe
  2⤵
  PID:8164
- C:\Windows\System\zwOLgTS.exe
  C:\Windows\System\zwOLgTS.exe
  2⤵
  PID:8180
- C:\Windows\System\URbpDpM.exe
  C:\Windows\System\URbpDpM.exe
  2⤵
  PID:7192
- C:\Windows\System\hmxFMou.exe
  C:\Windows\System\hmxFMou.exe
  2⤵
  PID:7180
- C:\Windows\System\TqXAmFb.exe
  C:\Windows\System\TqXAmFb.exe
  2⤵
  PID:7260
- C:\Windows\System\eBtgatD.exe
  C:\Windows\System\eBtgatD.exe
  2⤵
  PID:7304
- C:\Windows\System\CrnvlLf.exe
  C:\Windows\System\CrnvlLf.exe
  2⤵
  PID:7352
- C:\Windows\System\LMbOBnX.exe
  C:\Windows\System\LMbOBnX.exe
  2⤵
  PID:7372
- C:\Windows\System\fpsBzXY.exe
  C:\Windows\System\fpsBzXY.exe
  2⤵
  PID:7420
- C:\Windows\System\XuVPFeF.exe
  C:\Windows\System\XuVPFeF.exe
  2⤵
  PID:7484
- C:\Windows\System\vfzwPkN.exe
  C:\Windows\System\vfzwPkN.exe
  2⤵
  PID:7464
- C:\Windows\System\OPrHQnp.exe
  C:\Windows\System\OPrHQnp.exe
  2⤵
  PID:7548
- C:\Windows\System\RfppgZt.exe
  C:\Windows\System\RfppgZt.exe
  2⤵
  PID:7580
- C:\Windows\System\DtMncZU.exe
  C:\Windows\System\DtMncZU.exe
  2⤵
  PID:7644
- C:\Windows\System\lJECnYn.exe
  C:\Windows\System\lJECnYn.exe
  2⤵
  PID:7564
- C:\Windows\System\jGlrklN.exe
  C:\Windows\System\jGlrklN.exe
  2⤵
  PID:7660
- C:\Windows\System\gjALzhy.exe
  C:\Windows\System\gjALzhy.exe
  2⤵
  PID:7596
- C:\Windows\System\CcIamOI.exe
  C:\Windows\System\CcIamOI.exe
  2⤵
  PID:7736
- C:\Windows\System\JATnCCT.exe
  C:\Windows\System\JATnCCT.exe
  2⤵
  PID:7776
- C:\Windows\System\UUHFQMH.exe
  C:\Windows\System\UUHFQMH.exe
  2⤵
  PID:7840
- C:\Windows\System\oNmixrH.exe
  C:\Windows\System\oNmixrH.exe
  2⤵
  PID:7792
- C:\Windows\System\CRuOioS.exe
  C:\Windows\System\CRuOioS.exe
  2⤵
  PID:7852
- C:\Windows\System\zDpXVDF.exe
  C:\Windows\System\zDpXVDF.exe
  2⤵
  PID:7996
- C:\Windows\System\lQFHBLB.exe
  C:\Windows\System\lQFHBLB.exe
  2⤵
  PID:8028
- C:\Windows\System\GHwkeAi.exe
  C:\Windows\System\GHwkeAi.exe
  2⤵
  PID:8044
- C:\Windows\System\UJSKmaa.exe
  C:\Windows\System\UJSKmaa.exe
  2⤵
  PID:8016
- C:\Windows\System\imKsJsS.exe
  C:\Windows\System\imKsJsS.exe
  2⤵
  PID:8092
- C:\Windows\System\PolOLJe.exe
  C:\Windows\System\PolOLJe.exe
  2⤵
  PID:8080
- C:\Windows\System\oYaOlsq.exe
  C:\Windows\System\oYaOlsq.exe
  2⤵
  PID:8172
- C:\Windows\System\VymDgQl.exe
  C:\Windows\System\VymDgQl.exe
  2⤵
  PID:8128
- C:\Windows\System\KUgUMSd.exe
  C:\Windows\System\KUgUMSd.exe
  2⤵
  PID:6548
- C:\Windows\System\VKOPHNM.exe
  C:\Windows\System\VKOPHNM.exe
  2⤵
  PID:5156
- C:\Windows\System\ecbcOZn.exe
  C:\Windows\System\ecbcOZn.exe
  2⤵
  PID:7212
- C:\Windows\System\PCvpkdR.exe
  C:\Windows\System\PCvpkdR.exe
  2⤵
  PID:7244
- C:\Windows\System\oKnlnen.exe
  C:\Windows\System\oKnlnen.exe
  2⤵
  PID:7276
- C:\Windows\System\ALChJCj.exe
  C:\Windows\System\ALChJCj.exe
  2⤵
  PID:7384
- C:\Windows\System\iYOIQdD.exe
  C:\Windows\System\iYOIQdD.exe
  2⤵
  PID:7516
- C:\Windows\System\muMeOJu.exe
  C:\Windows\System\muMeOJu.exe
  2⤵
  PID:7452
- C:\Windows\System\MIEmsus.exe
  C:\Windows\System\MIEmsus.exe
  2⤵
  PID:7528
- C:\Windows\System\jLcEoph.exe
  C:\Windows\System\jLcEoph.exe
  2⤵
  PID:7624
- C:\Windows\System\pREHBTU.exe
  C:\Windows\System\pREHBTU.exe
  2⤵
  PID:7720
- C:\Windows\System\XZwceOj.exe
  C:\Windows\System\XZwceOj.exe
  2⤵
  PID:7868
- C:\Windows\System\qtSVdrn.exe
  C:\Windows\System\qtSVdrn.exe
  2⤵
  PID:7752
- C:\Windows\System\BXOQjvE.exe
  C:\Windows\System\BXOQjvE.exe
  2⤵
  PID:7856
- C:\Windows\System\gtGQavt.exe
  C:\Windows\System\gtGQavt.exe
  2⤵
  PID:7916
- C:\Windows\System\XMQtyNi.exe
  C:\Windows\System\XMQtyNi.exe
  2⤵
  PID:8144
- C:\Windows\System\VVxKFLF.exe
  C:\Windows\System\VVxKFLF.exe
  2⤵
  PID:8124
- C:\Windows\System\QJMANkG.exe
  C:\Windows\System\QJMANkG.exe
  2⤵
  PID:7724
- C:\Windows\System\JOFIzIY.exe
  C:\Windows\System\JOFIzIY.exe
  2⤵
  PID:7968
- C:\Windows\System\fwcnQKt.exe
  C:\Windows\System\fwcnQKt.exe
  2⤵
  PID:8064
- C:\Windows\System\CJbfMfC.exe
  C:\Windows\System\CJbfMfC.exe
  2⤵
  PID:8160
- C:\Windows\System\vLjWBfj.exe
  C:\Windows\System\vLjWBfj.exe
  2⤵
  PID:7544
- C:\Windows\System\fKofxSh.exe
  C:\Windows\System\fKofxSh.exe
  2⤵
  PID:7904
- C:\Windows\System\foimIvE.exe
  C:\Windows\System\foimIvE.exe
  2⤵
  PID:7888
- C:\Windows\System\PXSjXhp.exe
  C:\Windows\System\PXSjXhp.exe
  2⤵
  PID:7560
- C:\Windows\System\KlNgmup.exe
  C:\Windows\System\KlNgmup.exe
  2⤵
  PID:8420
- C:\Windows\System\LJvYJRt.exe
  C:\Windows\System\LJvYJRt.exe
  2⤵
  PID:8452
- C:\Windows\System\ZIBFsnO.exe
  C:\Windows\System\ZIBFsnO.exe
  2⤵
  PID:8472
- C:\Windows\System\mfBDJVQ.exe
  C:\Windows\System\mfBDJVQ.exe
  2⤵
  PID:8488
- C:\Windows\System\RTvdxMg.exe
  C:\Windows\System\RTvdxMg.exe
  2⤵
  PID:8508
- C:\Windows\System\njJLdbf.exe
  C:\Windows\System\njJLdbf.exe
  2⤵
  PID:8584
- C:\Windows\System\DwBvjWJ.exe
  C:\Windows\System\DwBvjWJ.exe
  2⤵
  PID:8600
- C:\Windows\System\DHnwHmt.exe
  C:\Windows\System\DHnwHmt.exe
  2⤵
  PID:8620
- C:\Windows\System\dJyuUVA.exe
  C:\Windows\System\dJyuUVA.exe
  2⤵
  PID:8636
- C:\Windows\System\BgRxYRR.exe
  C:\Windows\System\BgRxYRR.exe
  2⤵
  PID:8652
- C:\Windows\System\NoYDowQ.exe
  C:\Windows\System\NoYDowQ.exe
  2⤵
  PID:8676
- C:\Windows\System\FzgFLAC.exe
  C:\Windows\System\FzgFLAC.exe
  2⤵
  PID:8692
- C:\Windows\System\FDpeiqQ.exe
  C:\Windows\System\FDpeiqQ.exe
  2⤵
  PID:8712
- C:\Windows\System\BzNgZey.exe
  C:\Windows\System\BzNgZey.exe
  2⤵
  PID:8736
- C:\Windows\System\hAFavIB.exe
  C:\Windows\System\hAFavIB.exe
  2⤵
  PID:8752
- C:\Windows\System\bkCDmwg.exe
  C:\Windows\System\bkCDmwg.exe
  2⤵
  PID:8768
- C:\Windows\System\AMqbHdy.exe
  C:\Windows\System\AMqbHdy.exe
  2⤵
  PID:8792
- C:\Windows\System\JrBngli.exe
  C:\Windows\System\JrBngli.exe
  2⤵
  PID:8812
- C:\Windows\System\yVYVQJz.exe
  C:\Windows\System\yVYVQJz.exe
  2⤵
  PID:8828
- C:\Windows\System\wGefjIx.exe
  C:\Windows\System\wGefjIx.exe
  2⤵
  PID:8844
- C:\Windows\System\cnaglwX.exe
  C:\Windows\System\cnaglwX.exe
  2⤵
  PID:8864
- C:\Windows\System\BYZKmPG.exe
  C:\Windows\System\BYZKmPG.exe
  2⤵
  PID:8880
- C:\Windows\System\JxSIOQm.exe
  C:\Windows\System\JxSIOQm.exe
  2⤵
  PID:8904
- C:\Windows\System\fhAQmPX.exe
  C:\Windows\System\fhAQmPX.exe
  2⤵
  PID:8928
- C:\Windows\System\xJjuJJu.exe
  C:\Windows\System\xJjuJJu.exe
  2⤵
  PID:8960
- C:\Windows\System\jjcBWRx.exe
  C:\Windows\System\jjcBWRx.exe
  2⤵
  PID:8996
- C:\Windows\System\MThysYh.exe
  C:\Windows\System\MThysYh.exe
  2⤵
  PID:9016
- C:\Windows\System\ZNmESbr.exe
  C:\Windows\System\ZNmESbr.exe
  2⤵
  PID:9032
- C:\Windows\System\VvICdzt.exe
  C:\Windows\System\VvICdzt.exe
  2⤵
  PID:9056
- C:\Windows\System\wKbCNVP.exe
  C:\Windows\System\wKbCNVP.exe
  2⤵
  PID:9072
- C:\Windows\System\YDmNsjZ.exe
  C:\Windows\System\YDmNsjZ.exe
  2⤵
  PID:9088
- C:\Windows\System\RDKpWgG.exe
  C:\Windows\System\RDKpWgG.exe
  2⤵
  PID:9108
- C:\Windows\System\BqEpNrH.exe
  C:\Windows\System\BqEpNrH.exe
  2⤵
  PID:9140
- C:\Windows\System\xmOiCPb.exe
  C:\Windows\System\xmOiCPb.exe
  2⤵
  PID:9156
- C:\Windows\System\TLKurgj.exe
  C:\Windows\System\TLKurgj.exe
  2⤵
  PID:9176
- C:\Windows\System\CQApvfw.exe
  C:\Windows\System\CQApvfw.exe
  2⤵
  PID:9196
- C:\Windows\System\FYhGOWn.exe
  C:\Windows\System\FYhGOWn.exe
  2⤵
  PID:9212
- C:\Windows\System\iMMZImc.exe
  C:\Windows\System\iMMZImc.exe
  2⤵
  PID:7436
- C:\Windows\System\inhLwml.exe
  C:\Windows\System\inhLwml.exe
  2⤵
  PID:7692
- C:\Windows\System\XsTdwHL.exe
  C:\Windows\System\XsTdwHL.exe
  2⤵
  PID:8012
- C:\Windows\System\GACldWp.exe
  C:\Windows\System\GACldWp.exe
  2⤵
  PID:8048
- C:\Windows\System\SUrdkhh.exe
  C:\Windows\System\SUrdkhh.exe
  2⤵
  PID:8208
- C:\Windows\System\OHzpOQi.exe
  C:\Windows\System\OHzpOQi.exe
  2⤵
  PID:8232
- C:\Windows\System\nuSpGMm.exe
  C:\Windows\System\nuSpGMm.exe
  2⤵
  PID:8256
- C:\Windows\System\MNKkjJD.exe
  C:\Windows\System\MNKkjJD.exe
  2⤵
  PID:8276
- C:\Windows\System\LDrhfKf.exe
  C:\Windows\System\LDrhfKf.exe
  2⤵
  PID:8300
- C:\Windows\System\NAFSMuE.exe
  C:\Windows\System\NAFSMuE.exe
  2⤵
  PID:8316
- C:\Windows\System\WHtFMEX.exe
  C:\Windows\System\WHtFMEX.exe
  2⤵
  PID:8336
- C:\Windows\System\JwlwQoD.exe
  C:\Windows\System\JwlwQoD.exe
  2⤵
  PID:8356
- C:\Windows\System\jTdcPCn.exe
  C:\Windows\System\jTdcPCn.exe
  2⤵
  PID:8376
- C:\Windows\System\MnDzACS.exe
  C:\Windows\System\MnDzACS.exe
  2⤵
  PID:8400
- C:\Windows\System\HcEtXnI.exe
  C:\Windows\System\HcEtXnI.exe
  2⤵
  PID:8416
- C:\Windows\System\JBQhGup.exe
  C:\Windows\System\JBQhGup.exe
  2⤵
  PID:8440
- C:\Windows\System\dnQfjHB.exe
  C:\Windows\System\dnQfjHB.exe
  2⤵
  PID:8468
- C:\Windows\System\vmgePms.exe
  C:\Windows\System\vmgePms.exe
  2⤵
  PID:8504
- C:\Windows\System\OwkhAfG.exe
  C:\Windows\System\OwkhAfG.exe
  2⤵
  PID:8532
- C:\Windows\System\yOdMCAL.exe
  C:\Windows\System\yOdMCAL.exe
  2⤵
  PID:8548
- C:\Windows\System\ncMWZbj.exe
  C:\Windows\System\ncMWZbj.exe
  2⤵
  PID:8564
- C:\Windows\System\pbYfEGY.exe
  C:\Windows\System\pbYfEGY.exe
  2⤵
  PID:8592
- C:\Windows\System\bLtAXjZ.exe
  C:\Windows\System\bLtAXjZ.exe
  2⤵
  PID:8616
- C:\Windows\System\cCMFjzG.exe
  C:\Windows\System\cCMFjzG.exe
  2⤵
  PID:8660
- C:\Windows\System\DKYEdMi.exe
  C:\Windows\System\DKYEdMi.exe
  2⤵
  PID:8700
- C:\Windows\System\RKmjTfg.exe
  C:\Windows\System\RKmjTfg.exe
  2⤵
  PID:8704
- C:\Windows\System\HsdUTII.exe
  C:\Windows\System\HsdUTII.exe
  2⤵
  PID:8788
- C:\Windows\System\DfthEsF.exe
  C:\Windows\System\DfthEsF.exe
  2⤵
  PID:8856
- C:\Windows\System\bUuweSX.exe
  C:\Windows\System\bUuweSX.exe
  2⤵
  PID:8900
- C:\Windows\System\vhoqWRh.exe
  C:\Windows\System\vhoqWRh.exe
  2⤵
  PID:8720
- C:\Windows\System\ykvKUdf.exe
  C:\Windows\System\ykvKUdf.exe
  2⤵
  PID:8840
- C:\Windows\System\dhJWkgA.exe
  C:\Windows\System\dhJWkgA.exe
  2⤵
  PID:8836
- C:\Windows\System\hAJZxLj.exe
  C:\Windows\System\hAJZxLj.exe
  2⤵
  PID:8976
- C:\Windows\System\zHyXeMO.exe
  C:\Windows\System\zHyXeMO.exe
  2⤵
  PID:9012
- C:\Windows\System\WbiOzyf.exe
  C:\Windows\System\WbiOzyf.exe
  2⤵
  PID:9048
- C:\Windows\System\BHBaGiz.exe
  C:\Windows\System\BHBaGiz.exe
  2⤵
  PID:9068
- C:\Windows\System\mWYyZwX.exe
  C:\Windows\System\mWYyZwX.exe
  2⤵
  PID:9116
- C:\Windows\System\hLVmlYY.exe
  C:\Windows\System\hLVmlYY.exe
  2⤵
  PID:9132
- C:\Windows\System\mNpFQRJ.exe
  C:\Windows\System\mNpFQRJ.exe
  2⤵
  PID:9168
- C:\Windows\System\atpcqaC.exe
  C:\Windows\System\atpcqaC.exe
  2⤵
  PID:9192
- C:\Windows\System\tRCbIHS.exe
  C:\Windows\System\tRCbIHS.exe
  2⤵
  PID:7256
- C:\Windows\System\EmvXmKN.exe
  C:\Windows\System\EmvXmKN.exe
  2⤵
  PID:7416
- C:\Windows\System\rjxZIYF.exe
  C:\Windows\System\rjxZIYF.exe
  2⤵
  PID:8216
- C:\Windows\System\TWcfsKi.exe
  C:\Windows\System\TWcfsKi.exe
  2⤵
  PID:8220
- C:\Windows\System\ghkevRK.exe
  C:\Windows\System\ghkevRK.exe
  2⤵
  PID:7356
- C:\Windows\System\WOZeucX.exe
  C:\Windows\System\WOZeucX.exe
  2⤵
  PID:8264
- C:\Windows\System\lBhFydY.exe
  C:\Windows\System\lBhFydY.exe
  2⤵
  PID:8268
- C:\Windows\System\mXamfCz.exe
  C:\Windows\System\mXamfCz.exe
  2⤵
  PID:8284
- C:\Windows\System\QmJthZQ.exe
  C:\Windows\System\QmJthZQ.exe
  2⤵
  PID:8384
- C:\Windows\System\XiFCdvb.exe
  C:\Windows\System\XiFCdvb.exe
  2⤵
  PID:8412
- C:\Windows\System\zWXwyfV.exe
  C:\Windows\System\zWXwyfV.exe
  2⤵
  PID:8484
- C:\Windows\System\GBXLqJn.exe
  C:\Windows\System\GBXLqJn.exe
  2⤵
  PID:8540
- C:\Windows\System\rWZbXCw.exe
  C:\Windows\System\rWZbXCw.exe
  2⤵
  PID:8516
- C:\Windows\System\raPFLbz.exe
  C:\Windows\System\raPFLbz.exe
  2⤵
  PID:8612
- C:\Windows\System\sdCaVuK.exe
  C:\Windows\System\sdCaVuK.exe
  2⤵
  PID:8576
- C:\Windows\System\HVlHIAL.exe
  C:\Windows\System\HVlHIAL.exe
  2⤵
  PID:8668
- C:\Windows\System\TtqRlHh.exe
  C:\Windows\System\TtqRlHh.exe
  2⤵
  PID:8776
- C:\Windows\System\SYPtFkv.exe
  C:\Windows\System\SYPtFkv.exe
  2⤵
  PID:8896
- C:\Windows\System\mCeGYII.exe
  C:\Windows\System\mCeGYII.exe
  2⤵
  PID:8804
- C:\Windows\System\LNSZUyx.exe
  C:\Windows\System\LNSZUyx.exe
  2⤵
  PID:8984
- C:\Windows\System\xtOhVtf.exe
  C:\Windows\System\xtOhVtf.exe
  2⤵
  PID:9004
- C:\Windows\System\ICZYcSO.exe
  C:\Windows\System\ICZYcSO.exe
  2⤵
  PID:9028
- C:\Windows\System\GBimnkd.exe
  C:\Windows\System\GBimnkd.exe
  2⤵
  PID:9100
- C:\Windows\System\PcBPbBe.exe
  C:\Windows\System\PcBPbBe.exe
  2⤵
  PID:9188
- C:\Windows\System\tWmKSsa.exe
  C:\Windows\System\tWmKSsa.exe
  2⤵
  PID:8228
- C:\Windows\System\QjEYiTF.exe
  C:\Windows\System\QjEYiTF.exe
  2⤵
  PID:8288
- C:\Windows\System\taZEUzG.exe
  C:\Windows\System\taZEUzG.exe
  2⤵
  PID:8308
- C:\Windows\System\txCGTCw.exe
  C:\Windows\System\txCGTCw.exe
  2⤵
  PID:8076
- C:\Windows\System\tDFarjy.exe
  C:\Windows\System\tDFarjy.exe
  2⤵
  PID:8204
- C:\Windows\System\jXuHhyY.exe
  C:\Windows\System\jXuHhyY.exe
  2⤵
  PID:8352
- C:\Windows\System\OOemCTv.exe
  C:\Windows\System\OOemCTv.exe
  2⤵
  PID:8396
- C:\Windows\System\xSuAgxi.exe
  C:\Windows\System\xSuAgxi.exe
  2⤵
  PID:8480
- C:\Windows\System\CAspWHw.exe
  C:\Windows\System\CAspWHw.exe
  2⤵
  PID:8524
- C:\Windows\System\gevWMMC.exe
  C:\Windows\System\gevWMMC.exe
  2⤵
  PID:8684
- C:\Windows\System\zSNqHvv.exe
  C:\Windows\System\zSNqHvv.exe
  2⤵
  PID:8936
- C:\Windows\System\djFvQYB.exe
  C:\Windows\System\djFvQYB.exe
  2⤵
  PID:8760
- C:\Windows\System\OxcJoSN.exe
  C:\Windows\System\OxcJoSN.exe
  2⤵
  PID:8944
- C:\Windows\System\oCslXIS.exe
  C:\Windows\System\oCslXIS.exe
  2⤵
  PID:8972
- C:\Windows\System\oLFPOCR.exe
  C:\Windows\System\oLFPOCR.exe
  2⤵
  PID:9104
- C:\Windows\System\dzGocsR.exe
  C:\Windows\System\dzGocsR.exe
  2⤵
  PID:8200
- C:\Windows\System\YGtekjO.exe
  C:\Windows\System\YGtekjO.exe
  2⤵
  PID:9044
- C:\Windows\System\PROwhMk.exe
  C:\Windows\System\PROwhMk.exe
  2⤵
  PID:9136
- C:\Windows\System\NAzGPCg.exe
  C:\Windows\System\NAzGPCg.exe
  2⤵
  PID:8344
- C:\Windows\System\atdjznC.exe
  C:\Windows\System\atdjznC.exe
  2⤵
  PID:8364
- C:\Windows\System\gNvktTV.exe
  C:\Windows\System\gNvktTV.exe
  2⤵
  PID:8572
- C:\Windows\System\WMWGBSl.exe
  C:\Windows\System\WMWGBSl.exe
  2⤵
  PID:8648
- C:\Windows\System\wBPGMUM.exe
  C:\Windows\System\wBPGMUM.exe
  2⤵
  PID:8876
- C:\Windows\System\VwGRvdJ.exe
  C:\Windows\System\VwGRvdJ.exe
  2⤵
  PID:8764
- C:\Windows\System\wDTwhac.exe
  C:\Windows\System\wDTwhac.exe
  2⤵
  PID:8252
- C:\Windows\System\zTIqRxg.exe
  C:\Windows\System\zTIqRxg.exe
  2⤵
  PID:7272
- C:\Windows\System\VYucySE.exe
  C:\Windows\System\VYucySE.exe
  2⤵
  PID:9152
- C:\Windows\System\agNNGhu.exe
  C:\Windows\System\agNNGhu.exe
  2⤵
  PID:8444
- C:\Windows\System\vWSiGsp.exe
  C:\Windows\System\vWSiGsp.exe
  2⤵
  PID:8248
- C:\Windows\System\TPXFfzM.exe
  C:\Windows\System\TPXFfzM.exe
  2⤵
  PID:8728
- C:\Windows\System\mSyBVzO.exe
  C:\Windows\System\mSyBVzO.exe
  2⤵
  PID:8116
- C:\Windows\System\hPcfcyr.exe
  C:\Windows\System\hPcfcyr.exe
  2⤵
  PID:9120
- C:\Windows\System\uXXWWjU.exe
  C:\Windows\System\uXXWWjU.exe
  2⤵
  PID:8732
- C:\Windows\System\PdzMjnt.exe
  C:\Windows\System\PdzMjnt.exe
  2⤵
  PID:8708
- C:\Windows\System\ADzbseD.exe
  C:\Windows\System\ADzbseD.exe
  2⤵
  PID:9232
- C:\Windows\System\bmwwEeO.exe
  C:\Windows\System\bmwwEeO.exe
  2⤵
  PID:9256
- C:\Windows\System\fPoQYVM.exe
  C:\Windows\System\fPoQYVM.exe
  2⤵
  PID:9280
- C:\Windows\System\rHSvaoB.exe
  C:\Windows\System\rHSvaoB.exe
  2⤵
  PID:9296
- C:\Windows\System\PjsDoPS.exe
  C:\Windows\System\PjsDoPS.exe
  2⤵
  PID:9312
- C:\Windows\System\qSWarDf.exe
  C:\Windows\System\qSWarDf.exe
  2⤵
  PID:9332
- C:\Windows\System\zFSIXkc.exe
  C:\Windows\System\zFSIXkc.exe
  2⤵
  PID:9352
- C:\Windows\System\qABWnlF.exe
  C:\Windows\System\qABWnlF.exe
  2⤵
  PID:9372
- C:\Windows\System\IEStOQQ.exe
  C:\Windows\System\IEStOQQ.exe
  2⤵
  PID:9396
- C:\Windows\System\vaahOQY.exe
  C:\Windows\System\vaahOQY.exe
  2⤵
  PID:9424
- C:\Windows\System\uXjNxaJ.exe
  C:\Windows\System\uXjNxaJ.exe
  2⤵
  PID:9440
- C:\Windows\System\BEzNtjz.exe
  C:\Windows\System\BEzNtjz.exe
  2⤵
  PID:9464
- C:\Windows\System\erepbUC.exe
  C:\Windows\System\erepbUC.exe
  2⤵
  PID:9488
- C:\Windows\System\NLAJMTb.exe
  C:\Windows\System\NLAJMTb.exe
  2⤵
  PID:9508
- C:\Windows\System\IXzejGM.exe
  C:\Windows\System\IXzejGM.exe
  2⤵
  PID:9528
- C:\Windows\System\xqNMvxz.exe
  C:\Windows\System\xqNMvxz.exe
  2⤵
  PID:9564
- C:\Windows\System\VBZPtej.exe
  C:\Windows\System\VBZPtej.exe
  2⤵
  PID:9580
- C:\Windows\System\lOLvjQq.exe
  C:\Windows\System\lOLvjQq.exe
  2⤵
  PID:9596
- C:\Windows\System\GBnqrGi.exe
  C:\Windows\System\GBnqrGi.exe
  2⤵
  PID:9612
- C:\Windows\System\hsvPSou.exe
  C:\Windows\System\hsvPSou.exe
  2⤵
  PID:9640
- C:\Windows\System\roTUhKE.exe
  C:\Windows\System\roTUhKE.exe
  2⤵
  PID:9660
- C:\Windows\System\ojIidfD.exe
  C:\Windows\System\ojIidfD.exe
  2⤵
  PID:9676
- C:\Windows\System\bRlCptg.exe
  C:\Windows\System\bRlCptg.exe
  2⤵
  PID:9700
- C:\Windows\System\sdddjes.exe
  C:\Windows\System\sdddjes.exe
  2⤵
  PID:9720
- C:\Windows\System\CuGxiVT.exe
  C:\Windows\System\CuGxiVT.exe
  2⤵
  PID:9744
- C:\Windows\System\wmrgYBV.exe
  C:\Windows\System\wmrgYBV.exe
  2⤵
  PID:9764
- C:\Windows\System\QfjJKzW.exe
  C:\Windows\System\QfjJKzW.exe
  2⤵
  PID:9784
- C:\Windows\System\DnqNuAC.exe
  C:\Windows\System\DnqNuAC.exe
  2⤵
  PID:9804
- C:\Windows\System\CumriWh.exe
  C:\Windows\System\CumriWh.exe
  2⤵
  PID:9824
- C:\Windows\System\GgXxKSh.exe
  C:\Windows\System\GgXxKSh.exe
  2⤵
  PID:9844
- C:\Windows\System\XKCPVxu.exe
  C:\Windows\System\XKCPVxu.exe
  2⤵
  PID:9860
- C:\Windows\System\znodDxA.exe
  C:\Windows\System\znodDxA.exe
  2⤵
  PID:9876
- C:\Windows\System\eWmbtHm.exe
  C:\Windows\System\eWmbtHm.exe
  2⤵
  PID:9892
- C:\Windows\System\HTkBNmE.exe
  C:\Windows\System\HTkBNmE.exe
  2⤵
  PID:9908
- C:\Windows\System\piXsFDP.exe
  C:\Windows\System\piXsFDP.exe
  2⤵
  PID:9932
- C:\Windows\System\GwQfkXr.exe
  C:\Windows\System\GwQfkXr.exe
  2⤵
  PID:9952
- C:\Windows\System\CxfMlMU.exe
  C:\Windows\System\CxfMlMU.exe
  2⤵
  PID:9968
- C:\Windows\System\tfoFrbU.exe
  C:\Windows\System\tfoFrbU.exe
  2⤵
  PID:9988
- C:\Windows\System\nrboVTS.exe
  C:\Windows\System\nrboVTS.exe
  2⤵
  PID:10004
- C:\Windows\System\DgGLukA.exe
  C:\Windows\System\DgGLukA.exe
  2⤵
  PID:10024
- C:\Windows\System\WsAKzhU.exe
  C:\Windows\System\WsAKzhU.exe
  2⤵
  PID:10044
- C:\Windows\System\nzQUouN.exe
  C:\Windows\System\nzQUouN.exe
  2⤵
  PID:10060
- C:\Windows\System\RSAPKgS.exe
  C:\Windows\System\RSAPKgS.exe
  2⤵
  PID:10080
- C:\Windows\System\dQZKxDL.exe
  C:\Windows\System\dQZKxDL.exe
  2⤵
  PID:10100
- C:\Windows\System\ZlehQBN.exe
  C:\Windows\System\ZlehQBN.exe
  2⤵
  PID:10120
- C:\Windows\System\NMiqgzx.exe
  C:\Windows\System\NMiqgzx.exe
  2⤵
  PID:10136
- C:\Windows\System\ycFPMuP.exe
  C:\Windows\System\ycFPMuP.exe
  2⤵
  PID:10152
- C:\Windows\System\bTgyyRY.exe
  C:\Windows\System\bTgyyRY.exe
  2⤵
  PID:10172
- C:\Windows\System\OGBmXJD.exe
  C:\Windows\System\OGBmXJD.exe
  2⤵
  PID:10188
- C:\Windows\System\EtQcYyB.exe
  C:\Windows\System\EtQcYyB.exe
  2⤵
  PID:10208
- C:\Windows\System\yCIPEGG.exe
  C:\Windows\System\yCIPEGG.exe
  2⤵
  PID:10228
- C:\Windows\System\RGwPauG.exe
  C:\Windows\System\RGwPauG.exe
  2⤵
  PID:9240
- C:\Windows\System\ZKHZLcd.exe
  C:\Windows\System\ZKHZLcd.exe
  2⤵
  PID:9288
- C:\Windows\System\LCiWKdP.exe
  C:\Windows\System\LCiWKdP.exe
  2⤵
  PID:9368
- C:\Windows\System\caFvJDU.exe
  C:\Windows\System\caFvJDU.exe
  2⤵
  PID:8528
- C:\Windows\System\hnWJIUT.exe
  C:\Windows\System\hnWJIUT.exe
  2⤵
  PID:9268
- C:\Windows\System\xELeasS.exe
  C:\Windows\System\xELeasS.exe
  2⤵
  PID:9408
- C:\Windows\System\QSIfMml.exe
  C:\Windows\System\QSIfMml.exe
  2⤵
  PID:9448
- C:\Windows\System\uALPkjK.exe
  C:\Windows\System\uALPkjK.exe
  2⤵
  PID:9504
- C:\Windows\System\JbAsZEY.exe
  C:\Windows\System\JbAsZEY.exe
  2⤵
  PID:9392
- C:\Windows\System\ijDdNuo.exe
  C:\Windows\System\ijDdNuo.exe
  2⤵
  PID:9436
- C:\Windows\System\NQIBKxx.exe
  C:\Windows\System\NQIBKxx.exe
  2⤵
  PID:9544
- C:\Windows\System\FTtZTay.exe
  C:\Windows\System\FTtZTay.exe
  2⤵
  PID:9572
- C:\Windows\System\rvuWKck.exe
  C:\Windows\System\rvuWKck.exe
  2⤵
  PID:9620
- C:\Windows\System\XJgDYuL.exe
  C:\Windows\System\XJgDYuL.exe
  2⤵
  PID:9608
- C:\Windows\System\QbeVGif.exe
  C:\Windows\System\QbeVGif.exe
  2⤵
  PID:9656
- C:\Windows\System\RIRixkw.exe
  C:\Windows\System\RIRixkw.exe
  2⤵
  PID:9696
- C:\Windows\System\jhtbDwm.exe
  C:\Windows\System\jhtbDwm.exe
  2⤵
  PID:9732
- C:\Windows\System\REAdaXG.exe
  C:\Windows\System\REAdaXG.exe
  2⤵
  PID:9752
- C:\Windows\System\DOFdPCO.exe
  C:\Windows\System\DOFdPCO.exe
  2⤵
  PID:9780
- C:\Windows\System\zHxdCQG.exe
  C:\Windows\System\zHxdCQG.exe
  2⤵
  PID:9800
- C:\Windows\System\tmZhWdj.exe
  C:\Windows\System\tmZhWdj.exe
  2⤵
  PID:9816
- C:\Windows\System\UGfJEMQ.exe
  C:\Windows\System\UGfJEMQ.exe
  2⤵
  PID:9900
- C:\Windows\System\nLayoAG.exe
  C:\Windows\System\nLayoAG.exe
  2⤵
  PID:9948
- C:\Windows\System\NsgBkVA.exe
  C:\Windows\System\NsgBkVA.exe
  2⤵
  PID:10052
- C:\Windows\System\OgHfwJh.exe
  C:\Windows\System\OgHfwJh.exe
  2⤵
  PID:9884
- C:\Windows\System\vxwdipw.exe
  C:\Windows\System\vxwdipw.exe
  2⤵
  PID:10204
- C:\Windows\System\ruWUngW.exe
  C:\Windows\System\ruWUngW.exe
  2⤵
  PID:9324
- C:\Windows\System\WJNTWXE.exe
  C:\Windows\System\WJNTWXE.exe
  2⤵
  PID:10184
- C:\Windows\System\QKHLbAb.exe
  C:\Windows\System\QKHLbAb.exe
  2⤵
  PID:10116
- C:\Windows\System\ZaPQxwn.exe
  C:\Windows\System\ZaPQxwn.exe
  2⤵
  PID:10000
- C:\Windows\System\qSxlQHC.exe
  C:\Windows\System\qSxlQHC.exe
  2⤵
  PID:9328
- C:\Windows\System\WoGdgbu.exe
  C:\Windows\System\WoGdgbu.exe
  2⤵
  PID:8992
- C:\Windows\System\NjmIhGy.exe
  C:\Windows\System\NjmIhGy.exe
  2⤵
  PID:9264
- C:\Windows\System\THxfnlN.exe
  C:\Windows\System\THxfnlN.exe
  2⤵
  PID:8496
- C:\Windows\System\qIEdpDr.exe
  C:\Windows\System\qIEdpDr.exe
  2⤵
  PID:9416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxmwqVk.exe

Filesize
6.0MB

MD5
0fd9d92bd44f5f2105aacb2b852f4094

SHA1
eab2c8d6e0fe7bfa16d5c8da5486b86a21710444

SHA256
80606d67045ba4d3f6dc214bd943531175c4655edbbee51502d3a07cff6e618b

SHA512
efcedc4d55fe0131ec905b9c563b2abb4647810f7cb270453fcb82250a411468f031b1423207420bd23343ce01b9ec0a7def5bda8c04d80366dddba468eff6d8

Download Submit
C:\Windows\system\FGmmPaD.exe

Filesize
6.0MB

MD5
5c63d39bc52835108f901ea46e8c8543

SHA1
407aebb6006fa5c7bb97a2e46b0097a3af77e51a

SHA256
15072261029d4f19fbd8c5805458ad5891938d0e375752e315d4bdd669911acb

SHA512
82d670ee070d0a98047b09e2fe41c043cc13d8797d7639fa9e0dc229b28f4d2b22e710d01742d6cc0e681f18c8846added376d2cd37a2dd7919eb48e2caed817

Download Submit
C:\Windows\system\IRhCKtw.exe

Filesize
6.0MB

MD5
81b2d159aa36090dd4cfb0a2d1b970e8

SHA1
6e386f1c9ca8a7750d16ad04045c7a7236d8f12f

SHA256
9f199d189beb960d4cb9f77f0b5e850ed09786dab7ffda7aa5a949be5453be86

SHA512
f32dd64cfdadb91fe149a8d8d6cba4fd52a9c08334d41876bd64eca6424c712fcc264407b4077d49e7d5562fb91c0da95a6fef2e378bf315ffb86ae6da8d0e41

Download Submit
C:\Windows\system\KbCVdTJ.exe

Filesize
6.0MB

MD5
415b8bdf0749e70908814db79da30471

SHA1
6d0d1f4da14e1abd91e819e50e9c4ef00eee98be

SHA256
b8244df99ad7528e126906265a79ac65ff33459bede2602c0f9f7e113fd1f644

SHA512
b8c5033a1e79caf6146dfb6a7eee655603f78cf5d6d3092d63a77b7a42fa1b1706faf57ab9c45cc7e54d8494a64713fd76b8dd08506f164808146fd2c1055ecd

Download Submit
C:\Windows\system\MSmVFdR.exe

Filesize
6.0MB

MD5
50e82e0b04dc4f890a7bd84506effdfc

SHA1
d53962a54fff105f325e41584457fad3034dd258

SHA256
bf619e507273d6e379ab8e121f4d10952ef082def0a8e413a0c9d1c6eb31dbea

SHA512
aac82b11b9e8ce9343c606add84334e3b91368b85044e636a59e7f55b12a35cbd15ae6f7ef5c72a7d217d6623b6c2481984dea7bffecaef30e2e5f0f17857864

Download Submit
C:\Windows\system\MXimJxB.exe

Filesize
6.0MB

MD5
7d2a6e3575b2e8e836ea20a7d86cc1bc

SHA1
64ed634891d78dc856850e9c5c51305c54ac2c9b

SHA256
1be8c7fb12a278de960ae64e7515ce797dc89e307412dee7c37b8c304385a58c

SHA512
f8e8e5859fa8c3e36a44df7f2a14f8d479f5fbdb6cc1dc37f727621a7259b7f5b5c4d5ab280da350a15c2d5d8d6c3671b7baed2cbf27f283ca27ff16568b7a72

Download Submit
C:\Windows\system\MhllEpg.exe

Filesize
6.0MB

MD5
1841f7587f490b68a1496849a2c1eece

SHA1
5bbd706d3ac7632ca5ca04bb0745481c8217133d

SHA256
1d7047e25f58e6a6987b1cd39a872a8bfc36dcae252f5423d29ae8886b3d239f

SHA512
6a736761877e9df189f0df4bec2a92347e4aafb853eab4c6d8bf0492b4d785d82ded9d3057c951f0c08180c802d829e5bbfcffafb4bba801785cfe0ff5b38946

Download Submit
C:\Windows\system\NFFPAhp.exe

Filesize
6.0MB

MD5
af7edea60146ba6eee82cab810282fb2

SHA1
a99ebffc5890b744d6d3a95d938447e76f152bde

SHA256
5bd80746b095da9a9da762a36b6aa97063dd13f0fafe1182717c0b45c0a3e5fb

SHA512
b5c45ccb48f93622b0ce847528f7cc9ac8c5fb07cf4b1d6fccd132abb348bd89079d35b4c51680e13e25aaabea3e86c25b7af35b21378aa9e88508ddcb7c1dab

Download Submit
C:\Windows\system\NPPawdq.exe

Filesize
6.0MB

MD5
a24b433e98676582985cd33e6dee706b

SHA1
8a1e13358be25c254be4dedd64becb1f7a2a631c

SHA256
4e1e5ab0700ba9db83fee8c38bdc969489ede8e82cd56e117926527fb7e78386

SHA512
845e7cbf8296cf3060af80a3bfb0fbae209b20c8b59e25c1eb734bc88bcc6ba606c8028f52b2aaf8394efe1e5b88768f0b49547c39a1730408e09a21c164e202

Download Submit
C:\Windows\system\NyKHFuM.exe

Filesize
6.0MB

MD5
c9e659de179c4514b4cc6a0ddc704834

SHA1
45c758ca4bd42fbabb8aa0143619cd67f5244f46

SHA256
cbe22ceb0e02efbf66cdc9dd232a6a4a458929f4e0b835b8f43c44a09b728b33

SHA512
e1aa804c270a62510466fe8d88b693f179061f39a3e1fd348478788acc104c3d0b49515c319da9f6550ee0444fa0ab8e17b6ed106d90233b004ac37853e7a08c

Download Submit
C:\Windows\system\OLlOsHC.exe

Filesize
6.0MB

MD5
a623491b8abd57754af88a1e8874ae60

SHA1
5cbced21dcacf5d7502dc60c99a65c5520c83dac

SHA256
c5ba3f724d6167cc48304013f226eb8223e9dffa6c4e6e6a74000990b0e51ea2

SHA512
01a91be74ad7911a6a5bc7bedca8219833507d517483e49638d584a23e24f2d780770b1ba607587e600cdfcd5e3228647db2f85cf636ac1453558a61b57ae692

Download Submit
C:\Windows\system\PjlNqII.exe

Filesize
6.0MB

MD5
b0beb476032a31760b1183d1c95d8640

SHA1
f9d202f8d82ac6db3578c6f3c7d73dda0af4cb41

SHA256
bab985f2180e3f025bbc2d31af200129ccd9ea24ac22e1a817010592f3fd0674

SHA512
a4ad9100c475cd0633805d5f4b2dfc1ebe48c2993a1e2346209b4ecdeea9682fcd28e267e835537d0d9d5206b986cc083e4992c7582508bf933b33d6837df95a

Download Submit
C:\Windows\system\QWYJEiD.exe

Filesize
6.0MB

MD5
f2919a0c5873c642e529340c3a793a2b

SHA1
2284c0136eecfc397270d5ede7943c0fe53fe650

SHA256
c913438d683b0568d0d4677c1911e06e2d395432630423d08c670475cdd6ffd4

SHA512
5851a7af80ac16a1914aeb9cba98ccee2ce0d4877f3d9ed28ece53dc21bc35a0254edc0a227fb3e153a38d22780cb5fefe5dc2e69f714078c70c9fbad4d1e871

Download Submit
C:\Windows\system\TQSKHIO.exe

Filesize
6.0MB

MD5
82eb0166fd4dc6046576adeca4911929

SHA1
5264e1214ae945638dd4b86ae145183bf174bfb0

SHA256
75ee19ec06d173de2b0618b949bdddb15ab407fe2449b48c78931297ad7b8397

SHA512
1429a8c9e3708ac0ab0b8efd0279f4eb914a3871b1285ee550b0528d351561d740214940fdf999ebcf56931100e6e63dba58050da2c92d35641cf0e6d296fb72

Download Submit
C:\Windows\system\UZrLEHz.exe

Filesize
6.0MB

MD5
1f6619f7a38b36023d39a44c40114b71

SHA1
01bb0ffe418dba3e3bdcd423ac06319c078a101f

SHA256
a9b0c2e852372cea2a563dc80a37e04124b4f9a1a2dfcda107705bbfcec8ffa1

SHA512
ab97150f2be469cc3d0f5fca2d1d3515e9a7d2ae7f5a68316857a9e8c539c11c6be18579115fa00d703b1dbf1dda4c6bc4f7222961bb1f4dde8b64d5cdb8b8f7

Download Submit
C:\Windows\system\UbRFSNG.exe

Filesize
6.0MB

MD5
8575b77fc8667344b4068c13ca72d47c

SHA1
39365e21e02fa239109351133c5b49e6da5ad6fc

SHA256
8cb9988ea482209f2dff084e67c6b7b80d6e3db1782c42c55043fad652582122

SHA512
220d2e0f68bb4c41d4d67dc5dc4a67ab0afdf0c7771b60815037eee723d37b949c201e7a86bba623bd204ee06ad05abb12b63475d68057bcbd4f024786a8835d

Download Submit
C:\Windows\system\VRYDXGw.exe

Filesize
6.0MB

MD5
928fe6141e27fe071ab84f5988b9cbc0

SHA1
346a2543b28311ee39ae8f553e4e39435dc8d35b

SHA256
7f95d33518dcca0061152bf2f672689d8264d5440c8a8b570ef8a95de8a644b7

SHA512
9fc63913a00213162339d60544e5dbea24e111b561bf48e034682c356efa0c4fb725aaaa29ffda4220ac57dd85f87802c7dc0108304e09ad0a33b7b09f41f79b

Download Submit
C:\Windows\system\WTRiaYM.exe

Filesize
8B

MD5
91cfa3e7b324fce5322c914dbfe08c90

SHA1
dbba2cad8546ac3cbcc6321f0e93f76956e4175d

SHA256
00b442c5a8d5365d954d2850d09691ea2670479cbf8c17bb974e6e2b6faae28f

SHA512
2ee300ec169f17394bfc957a89a1e4e0f4ef0a39e98fe6f3c1ebe719f51d0cfe1a713e31b97892eedf9f08701bdb3faf1dbbbb5857d315f5c84fb7b3e2d7d67c

Download Submit
C:\Windows\system\WYLrmZi.exe

Filesize
6.0MB

MD5
053fbe4499eace5aa35314f3c41cf1a3

SHA1
3272a5d1aeae6f3b94d62798774467e9e2f9058f

SHA256
769d7a8d6cffd069627957c4fb13249a9fe0a463bd64b13d782c151a8b2f21c7

SHA512
905552a61bf340b803664b709b6b0fb7d6069b3769b4e715d0a4a507063b19c12724f6a25f0582f721129558674c2d757d9af0c528c7e483da36cc13c4da9a53

Download Submit
C:\Windows\system\XkGLGuW.exe

Filesize
6.0MB

MD5
240cad7b31d157593e3bc2f1dde45ca2

SHA1
8f2a46dd7871f45e635bc5eeb8b1889a85a5d89a

SHA256
e35427551af58427b63ce341d3e39e7949a115d505d634927bd4fe378342d2a2

SHA512
89e6d459834aaf39d8bbf5232653463ba76911834c30e10db58b88f8106c0fc04696112aa496870df7b45274241781205c6bf5031651c7ef2c98f71076ce2d24

Download Submit
C:\Windows\system\dSPpaIQ.exe

Filesize
6.0MB

MD5
3b7ef4668339a089a0bdf9abe188e2f4

SHA1
6407864a487551318236fb3f47435500ac04b1d0

SHA256
cedad4bcffb1500ce446c39d9711a1e25b72013a0bbf0cbc217a0fddda802a9b

SHA512
ddc0ebdd27692b624aeca34781fd252fa7df0798e800b37e68cd9542e8df9333cc2ebb3b137c1e1b7319897276b3d274c745605814cd4189066d2b05e9bde941

Download Submit
C:\Windows\system\eGiBZEV.exe

Filesize
6.0MB

MD5
eafcc4956b908a4dc7aa678401adbd87

SHA1
aeec426b006c690b5ea7a577b77aca8e8b6a45b7

SHA256
b4ef64d6ee98022265ea6eb9ad2955dcdc3889498528fffbbd1ed06fcdcb206c

SHA512
40f3289707ae7e7587342a1a5b7c28b30190580b6ec52acf7d0a847cd514f83d883171cea547a980f644f8a9f051a86fcdd6236bac783a10e298ca0fd7a43593

Download Submit
C:\Windows\system\eafSHRN.exe

Filesize
6.0MB

MD5
42476daa807682c4a24c4f92f1a80e96

SHA1
dfa7c0b6164f61a39e4006df462eb4f6e8321eaa

SHA256
acd30416ca3c796a96d2ac2e72deafd1e218e3c5f1362198adcefb982168b865

SHA512
f6accc8adca24577bc7e659f2b98586adddfe3269c151a056beaea0157c6aeba002f4e41ce0977f8b4d1c88f4fddbcf1ff7cbbaf58e62102a5c499a2df23d723

Download Submit
C:\Windows\system\ebCNZzI.exe

Filesize
6.0MB

MD5
8855f6daa0fbb8db2127a35779a3572e

SHA1
e403013d7310fd544e3fe4b260e3620b76462222

SHA256
d69b920d1dc5541d27fe7a1aedf3aad59554a4ad60fc64fd115d7b555378968f

SHA512
df443fb9b3b9bc135aaf6dc37b60e2093ef9743166134046329051ad6c35527f0c832bd4851eff839e717bb67b39a5f661d2e21b209459661ebf59a269a78def

Download Submit
C:\Windows\system\kCPxygh.exe

Filesize
6.0MB

MD5
984d8e46ccf3f78159ff9c15fa56e133

SHA1
61146b04942c48879580f80a745634a83a6c79f0

SHA256
4f3330dea954033e12040a89e880b78dd4c1835bf608796c0a3b8f9f3577231d

SHA512
1856777aec38ef9ecfd51810144abbc26b7eb4e91e97ec21a941e202c91150bb9baa9df8e45378aba73ed56e50a7714aa4ca38be9e537d432e45d05667a3db0c

Download Submit
C:\Windows\system\kgLtKXs.exe

Filesize
6.0MB

MD5
2c1e47a788984e885c410c544e5e2b8b

SHA1
492c67a4c432a8ebdd0e83e093a6301d4e311279

SHA256
219de076c4d686e533a9c649eb0068e28b89dedc94700de9733b824442d0200b

SHA512
012c1f5968896fd66621448112520a9d765f36eadf81dc6d5f1c34096726d3fb04ba333558c8c2f50b5233d0717ebb1d32443e4164430aaef1c2c0e64b211d81

Download Submit
C:\Windows\system\lGfZDGh.exe

Filesize
6.0MB

MD5
3f1965fbf306fff742b7cd4f16ad89f5

SHA1
e54a349ceeb8ea011ffa3bb2c13382663e74b86e

SHA256
c8edffc5ac5e87d995f19c73d53cdb381433c74a485f62aa3112b1bb7a5d6d05

SHA512
dd1f8649165d079d1568644e7a99feab016a6b42b377f26804c3b27f0066e3e089f56c41413f35c229ede213aa6306cdd168681c067d1e4be35df164d98ad496

Download Submit
C:\Windows\system\mzDUmjk.exe

Filesize
6.0MB

MD5
4dd2fe24d655f49aa9c42c287f95dc52

SHA1
56985c0e6e908ed2d48002f09a2f14c1c6c0c843

SHA256
b58ef5e5e6a38a84155f8701cc92495f9f77f043935ce9587d76aa0b13e83741

SHA512
1f26a6eb06b15438819843586a826ed6f41b361a986b3ad65c589fe95afdd3dd107f293e785323d30d221b9ba039f039230cae4358eabd3d0aaa86ebcb24de62

Download Submit
C:\Windows\system\vqqlSDQ.exe

Filesize
6.0MB

MD5
ea7b3bbd5dc45585a3166ac7ac688125

SHA1
3995a7e6af39ce2dfed23db65fb6924424651a45

SHA256
4891be2b7d40063be287427213f61d63bb8fcd748d9a3750c0b32d2363d80726

SHA512
d299279b9e7ae60f974a1fb9a9d8f63d35c582f768d2ce64cb0691fa8483727f44b35745a9b6814b1a1132a997fa932420ba6b5c2c2c3cb3fb31cecf293393a3

Download Submit
C:\Windows\system\xoGgAvk.exe

Filesize
6.0MB

MD5
e4afcf70ff38e8121fe5ade285e23947

SHA1
43ab9adcec73a0168b54108ed461c508de5c191f

SHA256
ef8bd8d9d19064b75ded5668ae4052f3d992d6c151b579accc609c6d8f5222a4

SHA512
550f23a33333ff52826e907336cc237511b3bcfeb7bfc36d9cb6b0ba33314e75878bf16bd189db2a2e82e7babe7f4382c8b92ad3d0d249dad8e9de1db0999bed

Download Submit
\Windows\system\MOxFAPd.exe

Filesize
6.0MB

MD5
6eadf1458dd8d0b5499dc7ce10c91838

SHA1
5738f8dba1c71282119654f248a2d06277f86149

SHA256
babdf158fa8d8d33d0f2c19c3789e0794eba5058a7dbfc32d772ecd362b31964

SHA512
ece941535c44c75874f4d3208e100abc379740c54f6c06ea17d910cf406510869b61dea516c743d12f5366e9bc0683a374cdbfc14a1b502e2e232fcae12c6dbb

Download Submit
\Windows\system\dpUzxqh.exe

Filesize
6.0MB

MD5
349f8ae6a838705abddf30ef62f09c18

SHA1
04377d5ce2d845d7b23b8d5f8890dbf672fa7195

SHA256
3ed64190628e255c4f535d764a71e0489f9fe3b4d619770f6be32de8e487599f

SHA512
a6ea1471a2df47aa8dd01584733430660c1a172140af4a7e06f9356a80c9a5dbee8eefd8e00b2b8ae844c6f52c77f35192bcdccd6c3449dbf10ad6c48c26ad87

Download Submit
\Windows\system\qhePWAk.exe

Filesize
6.0MB

MD5
b9b4cd1fb75e24b305f18e38646fb1f0

SHA1
3373edf125a82fa8da82c05507588eac7611887b

SHA256
652811d1d5312ed203c1ca7a25897950455fb044c00fda846c9a67c28b0ae21c

SHA512
43667cf68721ec7c909b3a545ff826c826866cb995aa00cb9475933ba061c7329800f4461f8b8dc2a95f1b117627ede95625f83bced002863de3c4ed3160466f

Download Submit
memory/1572-1295-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-3595-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-20-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3287-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-52-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1312-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-65-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1284-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1296-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2622-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1309-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2276-0-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2357-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1273-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2276-7-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1254-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1250-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2623-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1576-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-55-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-48-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2621-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2524-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-40-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2625-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2276-35-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2626-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-22-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2624-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3215-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-13-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3583-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1311-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1281-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3586-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3580-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1270-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-64-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3274-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2640-28-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2660-66-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3582-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-42-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1575-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3560-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1248-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-33-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3340-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1307-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3590-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3555-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2405-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-58-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3571-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-50-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1869-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-15-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-46-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3217-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download