cobaltstrike | 8943f142b2d66d20b07defba56f54d5e75223b55a4e82cd0153753d79df27428

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e12131df52f9767d151b87d429e7091d
SHA1

8c54bac408a9c8340c8e2abd018c4c2eb4dfa6fe
SHA256

8943f142b2d66d20b07defba56f54d5e75223b55a4e82cd0153753d79df27428
SHA512

943a3769a39ac42768fae651f59ef2e33b64682315040766ab4dc68180b8d644a97640220b6a8b480b96d12cee7d3d54d90ebced3f1066bdf6aede7c338a6dbb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c0000000122ce-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d19-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d68-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d78-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019220-114.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c6-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019238-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-178.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cdd-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191fd-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190c9-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878d-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174bf-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186c8-71.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018657-60.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018662-59.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-44.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001867d-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d70-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2028-0-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x000c0000000122ce-6.dat	xmrig
behavioral1/files/0x0008000000015d19-12.dat	xmrig
behavioral1/files/0x0007000000015d48-19.dat	xmrig
behavioral1/files/0x0007000000015d68-24.dat	xmrig
behavioral1/memory/2768-33-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d78-34.dat	xmrig
behavioral1/files/0x0005000000019220-114.dat	xmrig
behavioral1/files/0x00060000000190c6-123.dat	xmrig
behavioral1/files/0x0005000000019238-110.dat	xmrig
behavioral1/files/0x00050000000193c1-167.dat	xmrig
behavioral1/files/0x00050000000193b7-171.dat	xmrig
behavioral1/memory/2028-1040-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2848-1162-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2784-765-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2780-646-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c8-178.dat	xmrig
behavioral1/files/0x0009000000015cdd-181.dat	xmrig
behavioral1/files/0x000500000001938b-158.dat	xmrig
behavioral1/files/0x0005000000019399-169.dat	xmrig
behavioral1/files/0x0005000000019278-149.dat	xmrig
behavioral1/files/0x0005000000019280-152.dat	xmrig
behavioral1/files/0x0005000000019263-143.dat	xmrig
behavioral1/files/0x000500000001925d-138.dat	xmrig
behavioral1/files/0x0005000000019240-133.dat	xmrig
behavioral1/memory/2028-102-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x00050000000191fd-101.dat	xmrig
behavioral1/files/0x0005000000019217-100.dat	xmrig
behavioral1/files/0x00060000000190c9-91.dat	xmrig
behavioral1/files/0x000500000001878d-90.dat	xmrig
behavioral1/files/0x00050000000191f3-89.dat	xmrig
behavioral1/files/0x00060000000174bf-78.dat	xmrig
behavioral1/memory/2752-77-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2776-76-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2028-75-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x00050000000186c8-71.dat	xmrig
behavioral1/memory/2028-65-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x0014000000018657-60.dat	xmrig
behavioral1/files/0x000d000000018662-59.dat	xmrig
behavioral1/files/0x0008000000015da1-44.dat	xmrig
behavioral1/memory/2028-118-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2848-117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2652-115-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2784-53-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-52.dat	xmrig
behavioral1/memory/2028-49-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2028-80-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2684-69-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000500000001867d-68.dat	xmrig
behavioral1/memory/2780-39-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2056-36-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2664-32-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d70-29.dat	xmrig
behavioral1/memory/2556-15-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2092-14-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2556-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2664-4011-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2768-4012-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2056-4013-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2780-4014-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2784-4016-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2684-4015-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2776-4017-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2752-4018-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2092	dxoAyGe.exe
2556	hsBQDJI.exe
2664	WjMIrAG.exe
2768	EMHVgWK.exe
2056	OJESWjK.exe
2780	lZrRGpV.exe
2784	UTFIYUG.exe
2684	rnQqniX.exe
2776	pCAYmNR.exe
2752	YnCkbIH.exe
2848	ZzPuXeH.exe
2652	aQJjQqc.exe
2208	MaVoaAS.exe
2164	ulpIlfX.exe
1444	DhMMuza.exe
2956	zheoaJA.exe
2308	FWNYeiG.exe
2132	RRPEHPu.exe
1536	oodpRYp.exe
2944	FVGVDYC.exe
1836	uCxmBEX.exe
2680	XsYOMPK.exe
2760	VowtSXm.exe
2872	TuqOKWu.exe
1676	KFVZcjJ.exe
1704	ZKMdMWk.exe
2080	aRDmFJp.exe
1656	NoCfiiV.exe
1276	lZdGsFq.exe
1228	OHhMKFs.exe
1856	YSYcThz.exe
900	lCpsJMd.exe
612	STbcRso.exe
1784	hbBwpIJ.exe
2264	uYAcYOw.exe
1732	wGWvFDV.exe
636	TvrjiAD.exe
2248	DiyoTlK.exe
1808	ANkVbaq.exe
2412	PFeENlw.exe
2296	cUCoVOS.exe
2404	VoOAKOo.exe
2460	gPBWnJV.exe
1208	mYfqDXl.exe
2072	HCFjhJR.exe
2068	NzVEYBb.exe
2020	AuHMiWz.exe
892	ixZEAJH.exe
1512	nZegdrl.exe
1604	BuhPocU.exe
2348	TEFrXQd.exe
1164	oszSSSz.exe
2428	QWwhbrp.exe
2856	YGtqukR.exe
2948	GiJKuds.exe
2144	NRmjevb.exe
2864	AUoxphQ.exe
1864	YhVGZIS.exe
2724	ENSBneY.exe
2212	BejIifm.exe
2596	xIqwzST.exe
1088	JGnTmgn.exe
2484	AHvGIMZ.exe
1876	ZJxXvFK.exe

Loads dropped DLL 64 IoCs

pid	Process
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2028-0-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x000c0000000122ce-6.dat	upx
behavioral1/files/0x0008000000015d19-12.dat	upx
behavioral1/files/0x0007000000015d48-19.dat	upx
behavioral1/files/0x0007000000015d68-24.dat	upx
behavioral1/memory/2768-33-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0009000000015d78-34.dat	upx
behavioral1/files/0x0005000000019220-114.dat	upx
behavioral1/files/0x00060000000190c6-123.dat	upx
behavioral1/files/0x0005000000019238-110.dat	upx
behavioral1/files/0x00050000000193c1-167.dat	upx
behavioral1/files/0x00050000000193b7-171.dat	upx
behavioral1/memory/2848-1162-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2784-765-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2780-646-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00050000000193c8-178.dat	upx
behavioral1/files/0x0009000000015cdd-181.dat	upx
behavioral1/files/0x000500000001938b-158.dat	upx
behavioral1/files/0x0005000000019399-169.dat	upx
behavioral1/files/0x0005000000019278-149.dat	upx
behavioral1/files/0x0005000000019280-152.dat	upx
behavioral1/files/0x0005000000019263-143.dat	upx
behavioral1/files/0x000500000001925d-138.dat	upx
behavioral1/files/0x0005000000019240-133.dat	upx
behavioral1/files/0x00050000000191fd-101.dat	upx
behavioral1/files/0x0005000000019217-100.dat	upx
behavioral1/files/0x00060000000190c9-91.dat	upx
behavioral1/files/0x000500000001878d-90.dat	upx
behavioral1/files/0x00050000000191f3-89.dat	upx
behavioral1/files/0x00060000000174bf-78.dat	upx
behavioral1/memory/2752-77-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2776-76-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x00050000000186c8-71.dat	upx
behavioral1/memory/2028-65-0x0000000002290000-0x00000000025E4000-memory.dmp	upx
behavioral1/files/0x0014000000018657-60.dat	upx
behavioral1/files/0x000d000000018662-59.dat	upx
behavioral1/files/0x0008000000015da1-44.dat	upx
behavioral1/memory/2028-118-0x0000000002290000-0x00000000025E4000-memory.dmp	upx
behavioral1/memory/2848-117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2652-115-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2784-53-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x000600000001749c-52.dat	upx
behavioral1/memory/2028-49-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2684-69-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000500000001867d-68.dat	upx
behavioral1/memory/2780-39-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2056-36-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2664-32-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000015d70-29.dat	upx
behavioral1/memory/2556-15-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2092-14-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2556-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2664-4011-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2768-4012-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2056-4013-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2780-4014-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2784-4016-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2684-4015-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2776-4017-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2752-4018-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2652-4019-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2848-4020-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DSNuJdX.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWflQPK.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkTqVJr.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncVboGE.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYcMeTH.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvfzMcl.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIsJpqj.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImdLbhU.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXinzBT.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRldKTh.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxdJpck.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoGEpLM.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvTbNbS.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoiIxsX.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INKOirt.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmEvorF.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGiJAYo.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHwuHim.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKVMdHg.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKNmlIr.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUbvziA.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avJTvBC.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VePetBu.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCkQuam.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyKPOvf.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFqXryA.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flRIGKN.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjtMhLZ.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHVVwCD.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvmiPJo.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPlRHfT.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QETGKzs.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLhkXew.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDfqwZZ.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUhrwMA.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IflLtgN.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCFjhJR.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPXvyvD.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyrRNaD.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmOzDgm.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDeazMF.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXzGuNd.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNWKTsN.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjdobIA.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtRlSsR.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzSexNb.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRRJviP.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpsVBfW.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBeryLv.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swPRiYl.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msTqWCv.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhawiXy.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrDwama.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjCmTox.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOHXqWL.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVWkcJr.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXMvicB.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLmtCom.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEDKaKl.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIRtzLU.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUhmWZK.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKiLsZE.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZZsAVt.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcIXAwy.exe	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2092	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2028 wrote to memory of 2092	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2028 wrote to memory of 2092	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2028 wrote to memory of 2556	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2028 wrote to memory of 2556	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2028 wrote to memory of 2556	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2028 wrote to memory of 2664	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2028 wrote to memory of 2664	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2028 wrote to memory of 2664	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2028 wrote to memory of 2768	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2028 wrote to memory of 2768	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2028 wrote to memory of 2768	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2028 wrote to memory of 2056	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2028 wrote to memory of 2056	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2028 wrote to memory of 2056	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2028 wrote to memory of 2780	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2028 wrote to memory of 2780	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2028 wrote to memory of 2780	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2028 wrote to memory of 2784	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2028 wrote to memory of 2784	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2028 wrote to memory of 2784	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2028 wrote to memory of 2684	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2028 wrote to memory of 2684	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2028 wrote to memory of 2684	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2028 wrote to memory of 2848	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2028 wrote to memory of 2848	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2028 wrote to memory of 2848	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2028 wrote to memory of 2776	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2028 wrote to memory of 2776	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2028 wrote to memory of 2776	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2028 wrote to memory of 2956	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2028 wrote to memory of 2956	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2028 wrote to memory of 2956	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2028 wrote to memory of 2752	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2028 wrote to memory of 2752	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2028 wrote to memory of 2752	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2028 wrote to memory of 2308	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2028 wrote to memory of 2308	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2028 wrote to memory of 2308	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2028 wrote to memory of 2652	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2028 wrote to memory of 2652	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2028 wrote to memory of 2652	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2028 wrote to memory of 2132	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2028 wrote to memory of 2132	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2028 wrote to memory of 2132	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2028 wrote to memory of 2208	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2028 wrote to memory of 2208	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2028 wrote to memory of 2208	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2028 wrote to memory of 1536	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2028 wrote to memory of 1536	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2028 wrote to memory of 1536	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2028 wrote to memory of 2164	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2028 wrote to memory of 2164	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2028 wrote to memory of 2164	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2028 wrote to memory of 2944	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2028 wrote to memory of 2944	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2028 wrote to memory of 2944	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2028 wrote to memory of 1444	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2028 wrote to memory of 1444	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2028 wrote to memory of 1444	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2028 wrote to memory of 1836	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2028 wrote to memory of 1836	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2028 wrote to memory of 1836	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2028 wrote to memory of 2680	2028	2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_e12131df52f9767d151b87d429e7091d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\System\dxoAyGe.exe
  C:\Windows\System\dxoAyGe.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\hsBQDJI.exe
  C:\Windows\System\hsBQDJI.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\WjMIrAG.exe
  C:\Windows\System\WjMIrAG.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\EMHVgWK.exe
  C:\Windows\System\EMHVgWK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\OJESWjK.exe
  C:\Windows\System\OJESWjK.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\lZrRGpV.exe
  C:\Windows\System\lZrRGpV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\UTFIYUG.exe
  C:\Windows\System\UTFIYUG.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\rnQqniX.exe
  C:\Windows\System\rnQqniX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ZzPuXeH.exe
  C:\Windows\System\ZzPuXeH.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\pCAYmNR.exe
  C:\Windows\System\pCAYmNR.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\zheoaJA.exe
  C:\Windows\System\zheoaJA.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\YnCkbIH.exe
  C:\Windows\System\YnCkbIH.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FWNYeiG.exe
  C:\Windows\System\FWNYeiG.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\aQJjQqc.exe
  C:\Windows\System\aQJjQqc.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\RRPEHPu.exe
  C:\Windows\System\RRPEHPu.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MaVoaAS.exe
  C:\Windows\System\MaVoaAS.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\oodpRYp.exe
  C:\Windows\System\oodpRYp.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ulpIlfX.exe
  C:\Windows\System\ulpIlfX.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\FVGVDYC.exe
  C:\Windows\System\FVGVDYC.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\DhMMuza.exe
  C:\Windows\System\DhMMuza.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\uCxmBEX.exe
  C:\Windows\System\uCxmBEX.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\XsYOMPK.exe
  C:\Windows\System\XsYOMPK.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VowtSXm.exe
  C:\Windows\System\VowtSXm.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\TuqOKWu.exe
  C:\Windows\System\TuqOKWu.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\KFVZcjJ.exe
  C:\Windows\System\KFVZcjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ZKMdMWk.exe
  C:\Windows\System\ZKMdMWk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\aRDmFJp.exe
  C:\Windows\System\aRDmFJp.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\NoCfiiV.exe
  C:\Windows\System\NoCfiiV.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\OHhMKFs.exe
  C:\Windows\System\OHhMKFs.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\lZdGsFq.exe
  C:\Windows\System\lZdGsFq.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\YSYcThz.exe
  C:\Windows\System\YSYcThz.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\lCpsJMd.exe
  C:\Windows\System\lCpsJMd.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\STbcRso.exe
  C:\Windows\System\STbcRso.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\hbBwpIJ.exe
  C:\Windows\System\hbBwpIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\uYAcYOw.exe
  C:\Windows\System\uYAcYOw.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\wGWvFDV.exe
  C:\Windows\System\wGWvFDV.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\TvrjiAD.exe
  C:\Windows\System\TvrjiAD.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\DiyoTlK.exe
  C:\Windows\System\DiyoTlK.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ANkVbaq.exe
  C:\Windows\System\ANkVbaq.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\PFeENlw.exe
  C:\Windows\System\PFeENlw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\cUCoVOS.exe
  C:\Windows\System\cUCoVOS.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\VoOAKOo.exe
  C:\Windows\System\VoOAKOo.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\gPBWnJV.exe
  C:\Windows\System\gPBWnJV.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\mYfqDXl.exe
  C:\Windows\System\mYfqDXl.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\HCFjhJR.exe
  C:\Windows\System\HCFjhJR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\NzVEYBb.exe
  C:\Windows\System\NzVEYBb.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ixZEAJH.exe
  C:\Windows\System\ixZEAJH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\AuHMiWz.exe
  C:\Windows\System\AuHMiWz.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\BuhPocU.exe
  C:\Windows\System\BuhPocU.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\nZegdrl.exe
  C:\Windows\System\nZegdrl.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\TEFrXQd.exe
  C:\Windows\System\TEFrXQd.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\oszSSSz.exe
  C:\Windows\System\oszSSSz.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\QWwhbrp.exe
  C:\Windows\System\QWwhbrp.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\YGtqukR.exe
  C:\Windows\System\YGtqukR.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\GiJKuds.exe
  C:\Windows\System\GiJKuds.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\NRmjevb.exe
  C:\Windows\System\NRmjevb.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\AUoxphQ.exe
  C:\Windows\System\AUoxphQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\YhVGZIS.exe
  C:\Windows\System\YhVGZIS.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ENSBneY.exe
  C:\Windows\System\ENSBneY.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\BejIifm.exe
  C:\Windows\System\BejIifm.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\xIqwzST.exe
  C:\Windows\System\xIqwzST.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\JGnTmgn.exe
  C:\Windows\System\JGnTmgn.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\AHvGIMZ.exe
  C:\Windows\System\AHvGIMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\ZJxXvFK.exe
  C:\Windows\System\ZJxXvFK.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\MHqtKZN.exe
  C:\Windows\System\MHqtKZN.exe
  2⤵
  PID:676
- C:\Windows\System\xeABBKQ.exe
  C:\Windows\System\xeABBKQ.exe
  2⤵
  PID:2392
- C:\Windows\System\QjkmCDv.exe
  C:\Windows\System\QjkmCDv.exe
  2⤵
  PID:2916
- C:\Windows\System\JWCsaYb.exe
  C:\Windows\System\JWCsaYb.exe
  2⤵
  PID:1880
- C:\Windows\System\OzbtLvm.exe
  C:\Windows\System\OzbtLvm.exe
  2⤵
  PID:324
- C:\Windows\System\omRDIQb.exe
  C:\Windows\System\omRDIQb.exe
  2⤵
  PID:844
- C:\Windows\System\sFqqkGd.exe
  C:\Windows\System\sFqqkGd.exe
  2⤵
  PID:1356
- C:\Windows\System\JYixjGF.exe
  C:\Windows\System\JYixjGF.exe
  2⤵
  PID:1568
- C:\Windows\System\OZXkimf.exe
  C:\Windows\System\OZXkimf.exe
  2⤵
  PID:1192
- C:\Windows\System\NxRjprv.exe
  C:\Windows\System\NxRjprv.exe
  2⤵
  PID:328
- C:\Windows\System\IDfZRKG.exe
  C:\Windows\System\IDfZRKG.exe
  2⤵
  PID:1672
- C:\Windows\System\nKEtZwJ.exe
  C:\Windows\System\nKEtZwJ.exe
  2⤵
  PID:2036
- C:\Windows\System\LJsVWop.exe
  C:\Windows\System\LJsVWop.exe
  2⤵
  PID:1400
- C:\Windows\System\uUSwVdX.exe
  C:\Windows\System\uUSwVdX.exe
  2⤵
  PID:1944
- C:\Windows\System\NGhvtQZ.exe
  C:\Windows\System\NGhvtQZ.exe
  2⤵
  PID:988
- C:\Windows\System\jufgxxT.exe
  C:\Windows\System\jufgxxT.exe
  2⤵
  PID:1516
- C:\Windows\System\AdgpcMj.exe
  C:\Windows\System\AdgpcMj.exe
  2⤵
  PID:1736
- C:\Windows\System\eeMEpYr.exe
  C:\Windows\System\eeMEpYr.exe
  2⤵
  PID:836
- C:\Windows\System\yDBoSVk.exe
  C:\Windows\System\yDBoSVk.exe
  2⤵
  PID:1552
- C:\Windows\System\EYkPCvR.exe
  C:\Windows\System\EYkPCvR.exe
  2⤵
  PID:2828
- C:\Windows\System\pTnvovt.exe
  C:\Windows\System\pTnvovt.exe
  2⤵
  PID:2704
- C:\Windows\System\zYpaKGF.exe
  C:\Windows\System\zYpaKGF.exe
  2⤵
  PID:564
- C:\Windows\System\IbgCzym.exe
  C:\Windows\System\IbgCzym.exe
  2⤵
  PID:2592
- C:\Windows\System\NWpvBfX.exe
  C:\Windows\System\NWpvBfX.exe
  2⤵
  PID:1684
- C:\Windows\System\iEQaBMC.exe
  C:\Windows\System\iEQaBMC.exe
  2⤵
  PID:3056
- C:\Windows\System\qxSMilV.exe
  C:\Windows\System\qxSMilV.exe
  2⤵
  PID:1520
- C:\Windows\System\totoMHy.exe
  C:\Windows\System\totoMHy.exe
  2⤵
  PID:1224
- C:\Windows\System\XEWfRQk.exe
  C:\Windows\System\XEWfRQk.exe
  2⤵
  PID:1868
- C:\Windows\System\BCUgJnS.exe
  C:\Windows\System\BCUgJnS.exe
  2⤵
  PID:1456
- C:\Windows\System\sloWaki.exe
  C:\Windows\System\sloWaki.exe
  2⤵
  PID:692
- C:\Windows\System\eWASBNq.exe
  C:\Windows\System\eWASBNq.exe
  2⤵
  PID:2280
- C:\Windows\System\bCGruxs.exe
  C:\Windows\System\bCGruxs.exe
  2⤵
  PID:2276
- C:\Windows\System\ayutzxp.exe
  C:\Windows\System\ayutzxp.exe
  2⤵
  PID:3008
- C:\Windows\System\zzaFywx.exe
  C:\Windows\System\zzaFywx.exe
  2⤵
  PID:1952
- C:\Windows\System\iSvSqbA.exe
  C:\Windows\System\iSvSqbA.exe
  2⤵
  PID:2708
- C:\Windows\System\LcDCiDp.exe
  C:\Windows\System\LcDCiDp.exe
  2⤵
  PID:2952
- C:\Windows\System\MNGEotJ.exe
  C:\Windows\System\MNGEotJ.exe
  2⤵
  PID:532
- C:\Windows\System\bkqVLWw.exe
  C:\Windows\System\bkqVLWw.exe
  2⤵
  PID:2012
- C:\Windows\System\LvxXfIR.exe
  C:\Windows\System\LvxXfIR.exe
  2⤵
  PID:1236
- C:\Windows\System\vvXaYEe.exe
  C:\Windows\System\vvXaYEe.exe
  2⤵
  PID:2316
- C:\Windows\System\VCOjUCT.exe
  C:\Windows\System\VCOjUCT.exe
  2⤵
  PID:2004
- C:\Windows\System\BqUdeBw.exe
  C:\Windows\System\BqUdeBw.exe
  2⤵
  PID:1956
- C:\Windows\System\WpoyDaI.exe
  C:\Windows\System\WpoyDaI.exe
  2⤵
  PID:1968
- C:\Windows\System\UKVMdHg.exe
  C:\Windows\System\UKVMdHg.exe
  2⤵
  PID:2120
- C:\Windows\System\DDXNVyw.exe
  C:\Windows\System\DDXNVyw.exe
  2⤵
  PID:2628
- C:\Windows\System\ZtMOpIr.exe
  C:\Windows\System\ZtMOpIr.exe
  2⤵
  PID:2192
- C:\Windows\System\LLdyUbh.exe
  C:\Windows\System\LLdyUbh.exe
  2⤵
  PID:2576
- C:\Windows\System\rCWXGEW.exe
  C:\Windows\System\rCWXGEW.exe
  2⤵
  PID:2156
- C:\Windows\System\qRenqRJ.exe
  C:\Windows\System\qRenqRJ.exe
  2⤵
  PID:2728
- C:\Windows\System\ttccMng.exe
  C:\Windows\System\ttccMng.exe
  2⤵
  PID:960
- C:\Windows\System\RgKChsa.exe
  C:\Windows\System\RgKChsa.exe
  2⤵
  PID:3080
- C:\Windows\System\WgLFwUt.exe
  C:\Windows\System\WgLFwUt.exe
  2⤵
  PID:3096
- C:\Windows\System\rrmQbsY.exe
  C:\Windows\System\rrmQbsY.exe
  2⤵
  PID:3116
- C:\Windows\System\pmPKXoa.exe
  C:\Windows\System\pmPKXoa.exe
  2⤵
  PID:3140
- C:\Windows\System\kTdpjjM.exe
  C:\Windows\System\kTdpjjM.exe
  2⤵
  PID:3160
- C:\Windows\System\Ybrhgik.exe
  C:\Windows\System\Ybrhgik.exe
  2⤵
  PID:3180
- C:\Windows\System\nuPEWVm.exe
  C:\Windows\System\nuPEWVm.exe
  2⤵
  PID:3200
- C:\Windows\System\lkcAERx.exe
  C:\Windows\System\lkcAERx.exe
  2⤵
  PID:3220
- C:\Windows\System\ucJZjZe.exe
  C:\Windows\System\ucJZjZe.exe
  2⤵
  PID:3240
- C:\Windows\System\uRDlUwi.exe
  C:\Windows\System\uRDlUwi.exe
  2⤵
  PID:3260
- C:\Windows\System\lJbxZDl.exe
  C:\Windows\System\lJbxZDl.exe
  2⤵
  PID:3280
- C:\Windows\System\fhFBcjc.exe
  C:\Windows\System\fhFBcjc.exe
  2⤵
  PID:3300
- C:\Windows\System\YExMIWC.exe
  C:\Windows\System\YExMIWC.exe
  2⤵
  PID:3320
- C:\Windows\System\sMKoJuL.exe
  C:\Windows\System\sMKoJuL.exe
  2⤵
  PID:3340
- C:\Windows\System\NnniqwQ.exe
  C:\Windows\System\NnniqwQ.exe
  2⤵
  PID:3360
- C:\Windows\System\dLoqgNk.exe
  C:\Windows\System\dLoqgNk.exe
  2⤵
  PID:3380
- C:\Windows\System\jPlRHfT.exe
  C:\Windows\System\jPlRHfT.exe
  2⤵
  PID:3400
- C:\Windows\System\JdpdRGx.exe
  C:\Windows\System\JdpdRGx.exe
  2⤵
  PID:3420
- C:\Windows\System\XBnYetM.exe
  C:\Windows\System\XBnYetM.exe
  2⤵
  PID:3440
- C:\Windows\System\mADkyOn.exe
  C:\Windows\System\mADkyOn.exe
  2⤵
  PID:3460
- C:\Windows\System\OJXShIN.exe
  C:\Windows\System\OJXShIN.exe
  2⤵
  PID:3480
- C:\Windows\System\PoiIxsX.exe
  C:\Windows\System\PoiIxsX.exe
  2⤵
  PID:3500
- C:\Windows\System\lGDIeaE.exe
  C:\Windows\System\lGDIeaE.exe
  2⤵
  PID:3516
- C:\Windows\System\tPXvyvD.exe
  C:\Windows\System\tPXvyvD.exe
  2⤵
  PID:3540
- C:\Windows\System\aVCQCty.exe
  C:\Windows\System\aVCQCty.exe
  2⤵
  PID:3560
- C:\Windows\System\BjdobIA.exe
  C:\Windows\System\BjdobIA.exe
  2⤵
  PID:3580
- C:\Windows\System\OEIftzI.exe
  C:\Windows\System\OEIftzI.exe
  2⤵
  PID:3600
- C:\Windows\System\pOVPyXU.exe
  C:\Windows\System\pOVPyXU.exe
  2⤵
  PID:3620
- C:\Windows\System\MoXdzwd.exe
  C:\Windows\System\MoXdzwd.exe
  2⤵
  PID:3636
- C:\Windows\System\LCBFmjE.exe
  C:\Windows\System\LCBFmjE.exe
  2⤵
  PID:3660
- C:\Windows\System\uVHAkPv.exe
  C:\Windows\System\uVHAkPv.exe
  2⤵
  PID:3680
- C:\Windows\System\asYhfcp.exe
  C:\Windows\System\asYhfcp.exe
  2⤵
  PID:3700
- C:\Windows\System\axckjAB.exe
  C:\Windows\System\axckjAB.exe
  2⤵
  PID:3720
- C:\Windows\System\PoqWniS.exe
  C:\Windows\System\PoqWniS.exe
  2⤵
  PID:3740
- C:\Windows\System\hHCAUBJ.exe
  C:\Windows\System\hHCAUBJ.exe
  2⤵
  PID:3760
- C:\Windows\System\uFASEAZ.exe
  C:\Windows\System\uFASEAZ.exe
  2⤵
  PID:3780
- C:\Windows\System\pXAeYcf.exe
  C:\Windows\System\pXAeYcf.exe
  2⤵
  PID:3800
- C:\Windows\System\zOxhalL.exe
  C:\Windows\System\zOxhalL.exe
  2⤵
  PID:3820
- C:\Windows\System\IZimhVV.exe
  C:\Windows\System\IZimhVV.exe
  2⤵
  PID:3840
- C:\Windows\System\roZcXia.exe
  C:\Windows\System\roZcXia.exe
  2⤵
  PID:3860
- C:\Windows\System\zLRexPm.exe
  C:\Windows\System\zLRexPm.exe
  2⤵
  PID:3880
- C:\Windows\System\TBmiYlp.exe
  C:\Windows\System\TBmiYlp.exe
  2⤵
  PID:3900
- C:\Windows\System\nFkhNHD.exe
  C:\Windows\System\nFkhNHD.exe
  2⤵
  PID:3920
- C:\Windows\System\hrWtYQc.exe
  C:\Windows\System\hrWtYQc.exe
  2⤵
  PID:3940
- C:\Windows\System\KwjLfxS.exe
  C:\Windows\System\KwjLfxS.exe
  2⤵
  PID:3960
- C:\Windows\System\WBVKEGe.exe
  C:\Windows\System\WBVKEGe.exe
  2⤵
  PID:3980
- C:\Windows\System\AnQkwmS.exe
  C:\Windows\System\AnQkwmS.exe
  2⤵
  PID:3996
- C:\Windows\System\ZmBCwhE.exe
  C:\Windows\System\ZmBCwhE.exe
  2⤵
  PID:4024
- C:\Windows\System\unHdlCH.exe
  C:\Windows\System\unHdlCH.exe
  2⤵
  PID:4044
- C:\Windows\System\zQfrbDR.exe
  C:\Windows\System\zQfrbDR.exe
  2⤵
  PID:4060
- C:\Windows\System\cWWpYcp.exe
  C:\Windows\System\cWWpYcp.exe
  2⤵
  PID:4080
- C:\Windows\System\RuhcYqW.exe
  C:\Windows\System\RuhcYqW.exe
  2⤵
  PID:1632
- C:\Windows\System\JhRpMZS.exe
  C:\Windows\System\JhRpMZS.exe
  2⤵
  PID:1620
- C:\Windows\System\HhdGmlH.exe
  C:\Windows\System\HhdGmlH.exe
  2⤵
  PID:1848
- C:\Windows\System\DVBoUNh.exe
  C:\Windows\System\DVBoUNh.exe
  2⤵
  PID:1696
- C:\Windows\System\dTGXwdy.exe
  C:\Windows\System\dTGXwdy.exe
  2⤵
  PID:2968
- C:\Windows\System\PPnraqO.exe
  C:\Windows\System\PPnraqO.exe
  2⤵
  PID:3092
- C:\Windows\System\lZpNHzE.exe
  C:\Windows\System\lZpNHzE.exe
  2⤵
  PID:3136
- C:\Windows\System\MohjKwu.exe
  C:\Windows\System\MohjKwu.exe
  2⤵
  PID:3172
- C:\Windows\System\fpHrGml.exe
  C:\Windows\System\fpHrGml.exe
  2⤵
  PID:3216
- C:\Windows\System\zOcQMZH.exe
  C:\Windows\System\zOcQMZH.exe
  2⤵
  PID:3268
- C:\Windows\System\Wqtyxrg.exe
  C:\Windows\System\Wqtyxrg.exe
  2⤵
  PID:3272
- C:\Windows\System\pxepIZb.exe
  C:\Windows\System\pxepIZb.exe
  2⤵
  PID:3316
- C:\Windows\System\QfnRlRS.exe
  C:\Windows\System\QfnRlRS.exe
  2⤵
  PID:3348
- C:\Windows\System\UTkKZxv.exe
  C:\Windows\System\UTkKZxv.exe
  2⤵
  PID:3392
- C:\Windows\System\GtTOrGg.exe
  C:\Windows\System\GtTOrGg.exe
  2⤵
  PID:3408
- C:\Windows\System\fHWgkKC.exe
  C:\Windows\System\fHWgkKC.exe
  2⤵
  PID:3472
- C:\Windows\System\hgglDtR.exe
  C:\Windows\System\hgglDtR.exe
  2⤵
  PID:3508
- C:\Windows\System\rHImhOe.exe
  C:\Windows\System\rHImhOe.exe
  2⤵
  PID:3548
- C:\Windows\System\kIREUfk.exe
  C:\Windows\System\kIREUfk.exe
  2⤵
  PID:3536
- C:\Windows\System\AZdNmWl.exe
  C:\Windows\System\AZdNmWl.exe
  2⤵
  PID:3592
- C:\Windows\System\mGkGdWr.exe
  C:\Windows\System\mGkGdWr.exe
  2⤵
  PID:3616
- C:\Windows\System\VyyGFmE.exe
  C:\Windows\System\VyyGFmE.exe
  2⤵
  PID:3648
- C:\Windows\System\pJSajts.exe
  C:\Windows\System\pJSajts.exe
  2⤵
  PID:3696
- C:\Windows\System\meeSNxK.exe
  C:\Windows\System\meeSNxK.exe
  2⤵
  PID:3728
- C:\Windows\System\zCnqquD.exe
  C:\Windows\System\zCnqquD.exe
  2⤵
  PID:3752
- C:\Windows\System\NWywcUZ.exe
  C:\Windows\System\NWywcUZ.exe
  2⤵
  PID:3776
- C:\Windows\System\aPZZkha.exe
  C:\Windows\System\aPZZkha.exe
  2⤵
  PID:3836
- C:\Windows\System\bZCByvw.exe
  C:\Windows\System\bZCByvw.exe
  2⤵
  PID:3872
- C:\Windows\System\hTlwKJa.exe
  C:\Windows\System\hTlwKJa.exe
  2⤵
  PID:3908
- C:\Windows\System\FKEUSlC.exe
  C:\Windows\System\FKEUSlC.exe
  2⤵
  PID:3952
- C:\Windows\System\uNGqjTQ.exe
  C:\Windows\System\uNGqjTQ.exe
  2⤵
  PID:3932
- C:\Windows\System\fCgofwW.exe
  C:\Windows\System\fCgofwW.exe
  2⤵
  PID:4008
- C:\Windows\System\BLInItQ.exe
  C:\Windows\System\BLInItQ.exe
  2⤵
  PID:4020
- C:\Windows\System\XrnpBpu.exe
  C:\Windows\System\XrnpBpu.exe
  2⤵
  PID:4072
- C:\Windows\System\VHKjSLz.exe
  C:\Windows\System\VHKjSLz.exe
  2⤵
  PID:1248
- C:\Windows\System\zQNbShe.exe
  C:\Windows\System\zQNbShe.exe
  2⤵
  PID:1508
- C:\Windows\System\NseTMUr.exe
  C:\Windows\System\NseTMUr.exe
  2⤵
  PID:1852
- C:\Windows\System\bjaTSti.exe
  C:\Windows\System\bjaTSti.exe
  2⤵
  PID:3108
- C:\Windows\System\IVJmFoR.exe
  C:\Windows\System\IVJmFoR.exe
  2⤵
  PID:3156
- C:\Windows\System\pnyWdEV.exe
  C:\Windows\System\pnyWdEV.exe
  2⤵
  PID:3208
- C:\Windows\System\GJXmvlC.exe
  C:\Windows\System\GJXmvlC.exe
  2⤵
  PID:3256
- C:\Windows\System\JUfqGEO.exe
  C:\Windows\System\JUfqGEO.exe
  2⤵
  PID:3292
- C:\Windows\System\yGBitHf.exe
  C:\Windows\System\yGBitHf.exe
  2⤵
  PID:3336
- C:\Windows\System\bKlCYVs.exe
  C:\Windows\System\bKlCYVs.exe
  2⤵
  PID:3428
- C:\Windows\System\KAuaLoS.exe
  C:\Windows\System\KAuaLoS.exe
  2⤵
  PID:3492
- C:\Windows\System\aGNsjkc.exe
  C:\Windows\System\aGNsjkc.exe
  2⤵
  PID:3552
- C:\Windows\System\oSYnUOr.exe
  C:\Windows\System\oSYnUOr.exe
  2⤵
  PID:3524
- C:\Windows\System\QDeazMF.exe
  C:\Windows\System\QDeazMF.exe
  2⤵
  PID:3644
- C:\Windows\System\vgjDbmC.exe
  C:\Windows\System\vgjDbmC.exe
  2⤵
  PID:3672
- C:\Windows\System\sRLMePO.exe
  C:\Windows\System\sRLMePO.exe
  2⤵
  PID:3792
- C:\Windows\System\xaJENBn.exe
  C:\Windows\System\xaJENBn.exe
  2⤵
  PID:3812
- C:\Windows\System\AzHxGxs.exe
  C:\Windows\System\AzHxGxs.exe
  2⤵
  PID:3868
- C:\Windows\System\kHtxZxx.exe
  C:\Windows\System\kHtxZxx.exe
  2⤵
  PID:3888
- C:\Windows\System\qCDNrFt.exe
  C:\Windows\System\qCDNrFt.exe
  2⤵
  PID:3892
- C:\Windows\System\ZgQovxP.exe
  C:\Windows\System\ZgQovxP.exe
  2⤵
  PID:4040
- C:\Windows\System\qvyvBBE.exe
  C:\Windows\System\qvyvBBE.exe
  2⤵
  PID:3972
- C:\Windows\System\xqjPGuL.exe
  C:\Windows\System\xqjPGuL.exe
  2⤵
  PID:1612
- C:\Windows\System\czhSFFL.exe
  C:\Windows\System\czhSFFL.exe
  2⤵
  PID:3076
- C:\Windows\System\srsNdiD.exe
  C:\Windows\System\srsNdiD.exe
  2⤵
  PID:3228
- C:\Windows\System\INKOirt.exe
  C:\Windows\System\INKOirt.exe
  2⤵
  PID:3296
- C:\Windows\System\skVABda.exe
  C:\Windows\System\skVABda.exe
  2⤵
  PID:3328
- C:\Windows\System\XcwJHzy.exe
  C:\Windows\System\XcwJHzy.exe
  2⤵
  PID:3452
- C:\Windows\System\iVCWfqv.exe
  C:\Windows\System\iVCWfqv.exe
  2⤵
  PID:3432
- C:\Windows\System\oXMvicB.exe
  C:\Windows\System\oXMvicB.exe
  2⤵
  PID:3608
- C:\Windows\System\JzrTIuh.exe
  C:\Windows\System\JzrTIuh.exe
  2⤵
  PID:3688
- C:\Windows\System\UOxRIeQ.exe
  C:\Windows\System\UOxRIeQ.exe
  2⤵
  PID:3816
- C:\Windows\System\nnNimvo.exe
  C:\Windows\System\nnNimvo.exe
  2⤵
  PID:3016
- C:\Windows\System\ImnZEdw.exe
  C:\Windows\System\ImnZEdw.exe
  2⤵
  PID:3992
- C:\Windows\System\hpyyszj.exe
  C:\Windows\System\hpyyszj.exe
  2⤵
  PID:2800
- C:\Windows\System\pIXUSDz.exe
  C:\Windows\System\pIXUSDz.exe
  2⤵
  PID:4088
- C:\Windows\System\TLoQROV.exe
  C:\Windows\System\TLoQROV.exe
  2⤵
  PID:2804
- C:\Windows\System\ZEtSqDn.exe
  C:\Windows\System\ZEtSqDn.exe
  2⤵
  PID:2692
- C:\Windows\System\HbJDvMn.exe
  C:\Windows\System\HbJDvMn.exe
  2⤵
  PID:3388
- C:\Windows\System\dHCYobr.exe
  C:\Windows\System\dHCYobr.exe
  2⤵
  PID:3456
- C:\Windows\System\tuWuNMV.exe
  C:\Windows\System\tuWuNMV.exe
  2⤵
  PID:3488
- C:\Windows\System\nTSqymS.exe
  C:\Windows\System\nTSqymS.exe
  2⤵
  PID:3956
- C:\Windows\System\amLrpFf.exe
  C:\Windows\System\amLrpFf.exe
  2⤵
  PID:3748
- C:\Windows\System\yCfHEIy.exe
  C:\Windows\System\yCfHEIy.exe
  2⤵
  PID:1020
- C:\Windows\System\QETGKzs.exe
  C:\Windows\System\QETGKzs.exe
  2⤵
  PID:3168
- C:\Windows\System\yfDYgmn.exe
  C:\Windows\System\yfDYgmn.exe
  2⤵
  PID:3332
- C:\Windows\System\HMQOrlo.exe
  C:\Windows\System\HMQOrlo.exe
  2⤵
  PID:3668
- C:\Windows\System\BbfZqHt.exe
  C:\Windows\System\BbfZqHt.exe
  2⤵
  PID:3692
- C:\Windows\System\oClHfaj.exe
  C:\Windows\System\oClHfaj.exe
  2⤵
  PID:4116
- C:\Windows\System\bKWljyN.exe
  C:\Windows\System\bKWljyN.exe
  2⤵
  PID:4136
- C:\Windows\System\rpxkFCY.exe
  C:\Windows\System\rpxkFCY.exe
  2⤵
  PID:4156
- C:\Windows\System\kRYwBNJ.exe
  C:\Windows\System\kRYwBNJ.exe
  2⤵
  PID:4176
- C:\Windows\System\SnYYehG.exe
  C:\Windows\System\SnYYehG.exe
  2⤵
  PID:4196
- C:\Windows\System\PenovRa.exe
  C:\Windows\System\PenovRa.exe
  2⤵
  PID:4216
- C:\Windows\System\ygodZxy.exe
  C:\Windows\System\ygodZxy.exe
  2⤵
  PID:4232
- C:\Windows\System\IyamFJl.exe
  C:\Windows\System\IyamFJl.exe
  2⤵
  PID:4256
- C:\Windows\System\gWZjORp.exe
  C:\Windows\System\gWZjORp.exe
  2⤵
  PID:4276
- C:\Windows\System\hUhmWZK.exe
  C:\Windows\System\hUhmWZK.exe
  2⤵
  PID:4296
- C:\Windows\System\NwonKPE.exe
  C:\Windows\System\NwonKPE.exe
  2⤵
  PID:4316
- C:\Windows\System\kBnwnNE.exe
  C:\Windows\System\kBnwnNE.exe
  2⤵
  PID:4336
- C:\Windows\System\GDrpOwh.exe
  C:\Windows\System\GDrpOwh.exe
  2⤵
  PID:4356
- C:\Windows\System\YHmYuqw.exe
  C:\Windows\System\YHmYuqw.exe
  2⤵
  PID:4376
- C:\Windows\System\SswAXKW.exe
  C:\Windows\System\SswAXKW.exe
  2⤵
  PID:4392
- C:\Windows\System\hyiuuuQ.exe
  C:\Windows\System\hyiuuuQ.exe
  2⤵
  PID:4416
- C:\Windows\System\nTAkhpr.exe
  C:\Windows\System\nTAkhpr.exe
  2⤵
  PID:4436
- C:\Windows\System\eDbRZIp.exe
  C:\Windows\System\eDbRZIp.exe
  2⤵
  PID:4456
- C:\Windows\System\BpuYhbu.exe
  C:\Windows\System\BpuYhbu.exe
  2⤵
  PID:4476
- C:\Windows\System\xQHqvrZ.exe
  C:\Windows\System\xQHqvrZ.exe
  2⤵
  PID:4492
- C:\Windows\System\uSoqXDb.exe
  C:\Windows\System\uSoqXDb.exe
  2⤵
  PID:4512
- C:\Windows\System\vZEpwGu.exe
  C:\Windows\System\vZEpwGu.exe
  2⤵
  PID:4528
- C:\Windows\System\ZlBSMmM.exe
  C:\Windows\System\ZlBSMmM.exe
  2⤵
  PID:4548
- C:\Windows\System\kurtwLg.exe
  C:\Windows\System\kurtwLg.exe
  2⤵
  PID:4572
- C:\Windows\System\RSzQbJt.exe
  C:\Windows\System\RSzQbJt.exe
  2⤵
  PID:4604
- C:\Windows\System\lcxugnF.exe
  C:\Windows\System\lcxugnF.exe
  2⤵
  PID:4620
- C:\Windows\System\bNNUVrb.exe
  C:\Windows\System\bNNUVrb.exe
  2⤵
  PID:4636
- C:\Windows\System\LTvFMWD.exe
  C:\Windows\System\LTvFMWD.exe
  2⤵
  PID:4652
- C:\Windows\System\bSYmxpW.exe
  C:\Windows\System\bSYmxpW.exe
  2⤵
  PID:4672
- C:\Windows\System\IXvpfIc.exe
  C:\Windows\System\IXvpfIc.exe
  2⤵
  PID:4688
- C:\Windows\System\KMJMBEY.exe
  C:\Windows\System\KMJMBEY.exe
  2⤵
  PID:4704
- C:\Windows\System\lhIJnEh.exe
  C:\Windows\System\lhIJnEh.exe
  2⤵
  PID:4720
- C:\Windows\System\zRsoKbh.exe
  C:\Windows\System\zRsoKbh.exe
  2⤵
  PID:4736
- C:\Windows\System\OLYavRR.exe
  C:\Windows\System\OLYavRR.exe
  2⤵
  PID:4756
- C:\Windows\System\lxrmtVI.exe
  C:\Windows\System\lxrmtVI.exe
  2⤵
  PID:4776
- C:\Windows\System\twZBtwc.exe
  C:\Windows\System\twZBtwc.exe
  2⤵
  PID:4796
- C:\Windows\System\RdWcyRy.exe
  C:\Windows\System\RdWcyRy.exe
  2⤵
  PID:4816
- C:\Windows\System\ZJseOvb.exe
  C:\Windows\System\ZJseOvb.exe
  2⤵
  PID:4832
- C:\Windows\System\OXoLpNo.exe
  C:\Windows\System\OXoLpNo.exe
  2⤵
  PID:4848
- C:\Windows\System\VQjobgC.exe
  C:\Windows\System\VQjobgC.exe
  2⤵
  PID:4864
- C:\Windows\System\eSgtYrc.exe
  C:\Windows\System\eSgtYrc.exe
  2⤵
  PID:4884
- C:\Windows\System\CdCzVbB.exe
  C:\Windows\System\CdCzVbB.exe
  2⤵
  PID:4904
- C:\Windows\System\mKiLsZE.exe
  C:\Windows\System\mKiLsZE.exe
  2⤵
  PID:4932
- C:\Windows\System\fFCZnBw.exe
  C:\Windows\System\fFCZnBw.exe
  2⤵
  PID:4988
- C:\Windows\System\LUNhwZK.exe
  C:\Windows\System\LUNhwZK.exe
  2⤵
  PID:5004
- C:\Windows\System\lQemyCr.exe
  C:\Windows\System\lQemyCr.exe
  2⤵
  PID:5024
- C:\Windows\System\wZhENyG.exe
  C:\Windows\System\wZhENyG.exe
  2⤵
  PID:5040
- C:\Windows\System\ysrThbe.exe
  C:\Windows\System\ysrThbe.exe
  2⤵
  PID:5068
- C:\Windows\System\zAtOIfz.exe
  C:\Windows\System\zAtOIfz.exe
  2⤵
  PID:5084
- C:\Windows\System\agQXTfI.exe
  C:\Windows\System\agQXTfI.exe
  2⤵
  PID:5104
- C:\Windows\System\BevdBHT.exe
  C:\Windows\System\BevdBHT.exe
  2⤵
  PID:3852
- C:\Windows\System\fNdetSb.exe
  C:\Windows\System\fNdetSb.exe
  2⤵
  PID:4036
- C:\Windows\System\MCvaDBD.exe
  C:\Windows\System\MCvaDBD.exe
  2⤵
  PID:340
- C:\Windows\System\ZgSmbtf.exe
  C:\Windows\System\ZgSmbtf.exe
  2⤵
  PID:3652
- C:\Windows\System\RrvJBxa.exe
  C:\Windows\System\RrvJBxa.exe
  2⤵
  PID:3808
- C:\Windows\System\FJjrRcr.exe
  C:\Windows\System\FJjrRcr.exe
  2⤵
  PID:4172
- C:\Windows\System\ZNEyDGx.exe
  C:\Windows\System\ZNEyDGx.exe
  2⤵
  PID:4148
- C:\Windows\System\fCwZAym.exe
  C:\Windows\System\fCwZAym.exe
  2⤵
  PID:4188
- C:\Windows\System\kQglqKL.exe
  C:\Windows\System\kQglqKL.exe
  2⤵
  PID:4252
- C:\Windows\System\FtQUYFI.exe
  C:\Windows\System\FtQUYFI.exe
  2⤵
  PID:4284
- C:\Windows\System\NwhRZzd.exe
  C:\Windows\System\NwhRZzd.exe
  2⤵
  PID:4324
- C:\Windows\System\iXRtJTE.exe
  C:\Windows\System\iXRtJTE.exe
  2⤵
  PID:2796
- C:\Windows\System\XtstEol.exe
  C:\Windows\System\XtstEol.exe
  2⤵
  PID:4344
- C:\Windows\System\pugYoJV.exe
  C:\Windows\System\pugYoJV.exe
  2⤵
  PID:4400
- C:\Windows\System\xzZDDXV.exe
  C:\Windows\System\xzZDDXV.exe
  2⤵
  PID:4444
- C:\Windows\System\slOcUKn.exe
  C:\Windows\System\slOcUKn.exe
  2⤵
  PID:4488
- C:\Windows\System\JGXAGDB.exe
  C:\Windows\System\JGXAGDB.exe
  2⤵
  PID:4564
- C:\Windows\System\WjauPdx.exe
  C:\Windows\System\WjauPdx.exe
  2⤵
  PID:4432
- C:\Windows\System\miiWyNu.exe
  C:\Windows\System\miiWyNu.exe
  2⤵
  PID:2052
- C:\Windows\System\UmEvorF.exe
  C:\Windows\System\UmEvorF.exe
  2⤵
  PID:2632
- C:\Windows\System\SsEnrnf.exe
  C:\Windows\System\SsEnrnf.exe
  2⤵
  PID:4580
- C:\Windows\System\iQFQNuS.exe
  C:\Windows\System\iQFQNuS.exe
  2⤵
  PID:1644
- C:\Windows\System\ekixKXr.exe
  C:\Windows\System\ekixKXr.exe
  2⤵
  PID:4644
- C:\Windows\System\INcWmvg.exe
  C:\Windows\System\INcWmvg.exe
  2⤵
  PID:4716
- C:\Windows\System\aYbKcPN.exe
  C:\Windows\System\aYbKcPN.exe
  2⤵
  PID:4784
- C:\Windows\System\qYsMSyR.exe
  C:\Windows\System\qYsMSyR.exe
  2⤵
  PID:4828
- C:\Windows\System\cvzaVNe.exe
  C:\Windows\System\cvzaVNe.exe
  2⤵
  PID:4768
- C:\Windows\System\UrFhDoE.exe
  C:\Windows\System\UrFhDoE.exe
  2⤵
  PID:4872
- C:\Windows\System\yLHtSoh.exe
  C:\Windows\System\yLHtSoh.exe
  2⤵
  PID:4772
- C:\Windows\System\uTkueWH.exe
  C:\Windows\System\uTkueWH.exe
  2⤵
  PID:4660
- C:\Windows\System\FRHBOsa.exe
  C:\Windows\System\FRHBOsa.exe
  2⤵
  PID:4924
- C:\Windows\System\kpsVBfW.exe
  C:\Windows\System\kpsVBfW.exe
  2⤵
  PID:4976
- C:\Windows\System\FmwNook.exe
  C:\Windows\System\FmwNook.exe
  2⤵
  PID:5048
- C:\Windows\System\DBBjvPG.exe
  C:\Windows\System\DBBjvPG.exe
  2⤵
  PID:5060
- C:\Windows\System\yXeOlOG.exe
  C:\Windows\System\yXeOlOG.exe
  2⤵
  PID:5032
- C:\Windows\System\CqIlhzG.exe
  C:\Windows\System\CqIlhzG.exe
  2⤵
  PID:5080
- C:\Windows\System\WjiiivZ.exe
  C:\Windows\System\WjiiivZ.exe
  2⤵
  PID:3968
- C:\Windows\System\ZtyDaqM.exe
  C:\Windows\System\ZtyDaqM.exe
  2⤵
  PID:4132
- C:\Windows\System\JpJXqon.exe
  C:\Windows\System\JpJXqon.exe
  2⤵
  PID:4128
- C:\Windows\System\GYRgMRw.exe
  C:\Windows\System\GYRgMRw.exe
  2⤵
  PID:3192
- C:\Windows\System\fMcimaS.exe
  C:\Windows\System\fMcimaS.exe
  2⤵
  PID:3596
- C:\Windows\System\QwazwBl.exe
  C:\Windows\System\QwazwBl.exe
  2⤵
  PID:4152
- C:\Windows\System\ZzkYijG.exe
  C:\Windows\System\ZzkYijG.exe
  2⤵
  PID:4228
- C:\Windows\System\ouKEiOK.exe
  C:\Windows\System\ouKEiOK.exe
  2⤵
  PID:4332
- C:\Windows\System\fTZGsZM.exe
  C:\Windows\System\fTZGsZM.exe
  2⤵
  PID:4304
- C:\Windows\System\kapBtlO.exe
  C:\Windows\System\kapBtlO.exe
  2⤵
  PID:4388
- C:\Windows\System\ZgjwpSH.exe
  C:\Windows\System\ZgjwpSH.exe
  2⤵
  PID:4404
- C:\Windows\System\yRHyUNf.exe
  C:\Windows\System\yRHyUNf.exe
  2⤵
  PID:1812
- C:\Windows\System\SahDYfm.exe
  C:\Windows\System\SahDYfm.exe
  2⤵
  PID:4728
- C:\Windows\System\chIaMpO.exe
  C:\Windows\System\chIaMpO.exe
  2⤵
  PID:4664
- C:\Windows\System\MvHvBJq.exe
  C:\Windows\System\MvHvBJq.exe
  2⤵
  PID:4860
- C:\Windows\System\wXYRNMS.exe
  C:\Windows\System\wXYRNMS.exe
  2⤵
  PID:4556
- C:\Windows\System\yeDSXLd.exe
  C:\Windows\System\yeDSXLd.exe
  2⤵
  PID:4612
- C:\Windows\System\nfkdafJ.exe
  C:\Windows\System\nfkdafJ.exe
  2⤵
  PID:4752
- C:\Windows\System\VsqWlOH.exe
  C:\Windows\System\VsqWlOH.exe
  2⤵
  PID:4804
- C:\Windows\System\ibWHPTv.exe
  C:\Windows\System\ibWHPTv.exe
  2⤵
  PID:952
- C:\Windows\System\pIcXhcQ.exe
  C:\Windows\System\pIcXhcQ.exe
  2⤵
  PID:4960
- C:\Windows\System\IOJaeBM.exe
  C:\Windows\System\IOJaeBM.exe
  2⤵
  PID:2040
- C:\Windows\System\uleRVQC.exe
  C:\Windows\System\uleRVQC.exe
  2⤵
  PID:4996
- C:\Windows\System\ioiGtRR.exe
  C:\Windows\System\ioiGtRR.exe
  2⤵
  PID:584
- C:\Windows\System\YgajWJk.exe
  C:\Windows\System\YgajWJk.exe
  2⤵
  PID:5116
- C:\Windows\System\Rzttuvu.exe
  C:\Windows\System\Rzttuvu.exe
  2⤵
  PID:2740
- C:\Windows\System\vwWbbRa.exe
  C:\Windows\System\vwWbbRa.exe
  2⤵
  PID:2600
- C:\Windows\System\vEtBrSF.exe
  C:\Windows\System\vEtBrSF.exe
  2⤵
  PID:2852
- C:\Windows\System\xCJFCEP.exe
  C:\Windows\System\xCJFCEP.exe
  2⤵
  PID:4448
- C:\Windows\System\RyrRNaD.exe
  C:\Windows\System\RyrRNaD.exe
  2⤵
  PID:4592
- C:\Windows\System\bedStQT.exe
  C:\Windows\System\bedStQT.exe
  2⤵
  PID:4792
- C:\Windows\System\qnwaHEr.exe
  C:\Windows\System\qnwaHEr.exe
  2⤵
  PID:4700
- C:\Windows\System\hYHpquD.exe
  C:\Windows\System\hYHpquD.exe
  2⤵
  PID:4712
- C:\Windows\System\HVjQtlx.exe
  C:\Windows\System\HVjQtlx.exe
  2⤵
  PID:4968
- C:\Windows\System\AUODUig.exe
  C:\Windows\System\AUODUig.exe
  2⤵
  PID:1792
- C:\Windows\System\gLJzGyQ.exe
  C:\Windows\System\gLJzGyQ.exe
  2⤵
  PID:4272
- C:\Windows\System\HumLKdi.exe
  C:\Windows\System\HumLKdi.exe
  2⤵
  PID:2408
- C:\Windows\System\rLdSDzS.exe
  C:\Windows\System\rLdSDzS.exe
  2⤵
  PID:4468
- C:\Windows\System\TaGDUMD.exe
  C:\Windows\System\TaGDUMD.exe
  2⤵
  PID:4508
- C:\Windows\System\JSQqhmv.exe
  C:\Windows\System\JSQqhmv.exe
  2⤵
  PID:792
- C:\Windows\System\pAezpzf.exe
  C:\Windows\System\pAezpzf.exe
  2⤵
  PID:4732
- C:\Windows\System\saZpSSr.exe
  C:\Windows\System\saZpSSr.exe
  2⤵
  PID:4892
- C:\Windows\System\lrHvJhv.exe
  C:\Windows\System\lrHvJhv.exe
  2⤵
  PID:4984
- C:\Windows\System\QipdhpJ.exe
  C:\Windows\System\QipdhpJ.exe
  2⤵
  PID:264
- C:\Windows\System\ikCwWus.exe
  C:\Windows\System\ikCwWus.exe
  2⤵
  PID:4900
- C:\Windows\System\ZYatTWd.exe
  C:\Windows\System\ZYatTWd.exe
  2⤵
  PID:852
- C:\Windows\System\jPqedNL.exe
  C:\Windows\System\jPqedNL.exe
  2⤵
  PID:4680
- C:\Windows\System\RBCGWuL.exe
  C:\Windows\System\RBCGWuL.exe
  2⤵
  PID:5076
- C:\Windows\System\dtTvVll.exe
  C:\Windows\System\dtTvVll.exe
  2⤵
  PID:4540
- C:\Windows\System\eELAeXw.exe
  C:\Windows\System\eELAeXw.exe
  2⤵
  PID:2936
- C:\Windows\System\xaUBwfA.exe
  C:\Windows\System\xaUBwfA.exe
  2⤵
  PID:2116
- C:\Windows\System\JfRJiJY.exe
  C:\Windows\System\JfRJiJY.exe
  2⤵
  PID:5124
- C:\Windows\System\nMcKQAF.exe
  C:\Windows\System\nMcKQAF.exe
  2⤵
  PID:5144
- C:\Windows\System\hqOJPMJ.exe
  C:\Windows\System\hqOJPMJ.exe
  2⤵
  PID:5168
- C:\Windows\System\odmOQht.exe
  C:\Windows\System\odmOQht.exe
  2⤵
  PID:5184
- C:\Windows\System\pjlvfRb.exe
  C:\Windows\System\pjlvfRb.exe
  2⤵
  PID:5200
- C:\Windows\System\YoRDZNx.exe
  C:\Windows\System\YoRDZNx.exe
  2⤵
  PID:5216
- C:\Windows\System\EpucnGA.exe
  C:\Windows\System\EpucnGA.exe
  2⤵
  PID:5232
- C:\Windows\System\LorCJkY.exe
  C:\Windows\System\LorCJkY.exe
  2⤵
  PID:5256
- C:\Windows\System\UDoERdQ.exe
  C:\Windows\System\UDoERdQ.exe
  2⤵
  PID:5272
- C:\Windows\System\BamrVal.exe
  C:\Windows\System\BamrVal.exe
  2⤵
  PID:5288
- C:\Windows\System\RNMoxMT.exe
  C:\Windows\System\RNMoxMT.exe
  2⤵
  PID:5304
- C:\Windows\System\oPPnsYC.exe
  C:\Windows\System\oPPnsYC.exe
  2⤵
  PID:5328
- C:\Windows\System\eIUuvgp.exe
  C:\Windows\System\eIUuvgp.exe
  2⤵
  PID:5352
- C:\Windows\System\JraQLAK.exe
  C:\Windows\System\JraQLAK.exe
  2⤵
  PID:5368
- C:\Windows\System\gqQgZJA.exe
  C:\Windows\System\gqQgZJA.exe
  2⤵
  PID:5384
- C:\Windows\System\sIcqYNI.exe
  C:\Windows\System\sIcqYNI.exe
  2⤵
  PID:5400
- C:\Windows\System\NCsixLo.exe
  C:\Windows\System\NCsixLo.exe
  2⤵
  PID:5436
- C:\Windows\System\MshBJAR.exe
  C:\Windows\System\MshBJAR.exe
  2⤵
  PID:5452
- C:\Windows\System\goulOeC.exe
  C:\Windows\System\goulOeC.exe
  2⤵
  PID:5496
- C:\Windows\System\QSTJbFK.exe
  C:\Windows\System\QSTJbFK.exe
  2⤵
  PID:5520
- C:\Windows\System\fJpcvGb.exe
  C:\Windows\System\fJpcvGb.exe
  2⤵
  PID:5556
- C:\Windows\System\eLhkXew.exe
  C:\Windows\System\eLhkXew.exe
  2⤵
  PID:5572
- C:\Windows\System\xFqXryA.exe
  C:\Windows\System\xFqXryA.exe
  2⤵
  PID:5596
- C:\Windows\System\kKbIbzU.exe
  C:\Windows\System\kKbIbzU.exe
  2⤵
  PID:5612
- C:\Windows\System\lAWsBwO.exe
  C:\Windows\System\lAWsBwO.exe
  2⤵
  PID:5636
- C:\Windows\System\sXNiwDj.exe
  C:\Windows\System\sXNiwDj.exe
  2⤵
  PID:5652
- C:\Windows\System\HvZfhwi.exe
  C:\Windows\System\HvZfhwi.exe
  2⤵
  PID:5668
- C:\Windows\System\UzLwVUH.exe
  C:\Windows\System\UzLwVUH.exe
  2⤵
  PID:5688
- C:\Windows\System\rsRoSOM.exe
  C:\Windows\System\rsRoSOM.exe
  2⤵
  PID:5712
- C:\Windows\System\AiGoSFP.exe
  C:\Windows\System\AiGoSFP.exe
  2⤵
  PID:5732
- C:\Windows\System\QTLcpaC.exe
  C:\Windows\System\QTLcpaC.exe
  2⤵
  PID:5748
- C:\Windows\System\XNwEQCi.exe
  C:\Windows\System\XNwEQCi.exe
  2⤵
  PID:5776
- C:\Windows\System\ZyVdNOl.exe
  C:\Windows\System\ZyVdNOl.exe
  2⤵
  PID:5792
- C:\Windows\System\XebfgMI.exe
  C:\Windows\System\XebfgMI.exe
  2⤵
  PID:5812
- C:\Windows\System\ByCDuDA.exe
  C:\Windows\System\ByCDuDA.exe
  2⤵
  PID:5832
- C:\Windows\System\brnxmSr.exe
  C:\Windows\System\brnxmSr.exe
  2⤵
  PID:5848
- C:\Windows\System\DwLWxDK.exe
  C:\Windows\System\DwLWxDK.exe
  2⤵
  PID:5864
- C:\Windows\System\riVFCMi.exe
  C:\Windows\System\riVFCMi.exe
  2⤵
  PID:5880
- C:\Windows\System\LgChTbw.exe
  C:\Windows\System\LgChTbw.exe
  2⤵
  PID:5896
- C:\Windows\System\AFJJeYb.exe
  C:\Windows\System\AFJJeYb.exe
  2⤵
  PID:5912
- C:\Windows\System\maEZEUD.exe
  C:\Windows\System\maEZEUD.exe
  2⤵
  PID:5928
- C:\Windows\System\OyUlATa.exe
  C:\Windows\System\OyUlATa.exe
  2⤵
  PID:5944
- C:\Windows\System\XqvMMYV.exe
  C:\Windows\System\XqvMMYV.exe
  2⤵
  PID:6004
- C:\Windows\System\EJVlMmf.exe
  C:\Windows\System\EJVlMmf.exe
  2⤵
  PID:6020
- C:\Windows\System\sTsDhoB.exe
  C:\Windows\System\sTsDhoB.exe
  2⤵
  PID:6036
- C:\Windows\System\fCSlwTd.exe
  C:\Windows\System\fCSlwTd.exe
  2⤵
  PID:6052
- C:\Windows\System\PDPgiKU.exe
  C:\Windows\System\PDPgiKU.exe
  2⤵
  PID:6072
- C:\Windows\System\wLmtCom.exe
  C:\Windows\System\wLmtCom.exe
  2⤵
  PID:6092
- C:\Windows\System\wGugUxq.exe
  C:\Windows\System\wGugUxq.exe
  2⤵
  PID:6112
- C:\Windows\System\qDlvLRU.exe
  C:\Windows\System\qDlvLRU.exe
  2⤵
  PID:6132
- C:\Windows\System\yBsdsHv.exe
  C:\Windows\System\yBsdsHv.exe
  2⤵
  PID:2008
- C:\Windows\System\oOPDTYT.exe
  C:\Windows\System\oOPDTYT.exe
  2⤵
  PID:2332
- C:\Windows\System\hhUFfbW.exe
  C:\Windows\System\hhUFfbW.exe
  2⤵
  PID:5160
- C:\Windows\System\ZpoQKSa.exe
  C:\Windows\System\ZpoQKSa.exe
  2⤵
  PID:4980
- C:\Windows\System\YbAcILJ.exe
  C:\Windows\System\YbAcILJ.exe
  2⤵
  PID:2124
- C:\Windows\System\Zfmkaof.exe
  C:\Windows\System\Zfmkaof.exe
  2⤵
  PID:5264
- C:\Windows\System\FYvxGUw.exe
  C:\Windows\System\FYvxGUw.exe
  2⤵
  PID:5336
- C:\Windows\System\jpScEGe.exe
  C:\Windows\System\jpScEGe.exe
  2⤵
  PID:5408
- C:\Windows\System\IhTkRWL.exe
  C:\Windows\System\IhTkRWL.exe
  2⤵
  PID:5432
- C:\Windows\System\nCuRMkQ.exe
  C:\Windows\System\nCuRMkQ.exe
  2⤵
  PID:5240
- C:\Windows\System\iYmuCMQ.exe
  C:\Windows\System\iYmuCMQ.exe
  2⤵
  PID:5248
- C:\Windows\System\CcZKQmE.exe
  C:\Windows\System\CcZKQmE.exe
  2⤵
  PID:5316
- C:\Windows\System\HtIGOYH.exe
  C:\Windows\System\HtIGOYH.exe
  2⤵
  PID:5176
- C:\Windows\System\EzrEoQo.exe
  C:\Windows\System\EzrEoQo.exe
  2⤵
  PID:5392
- C:\Windows\System\JHBSfyp.exe
  C:\Windows\System\JHBSfyp.exe
  2⤵
  PID:5444
- C:\Windows\System\zjlaKzM.exe
  C:\Windows\System\zjlaKzM.exe
  2⤵
  PID:5468
- C:\Windows\System\IgtfutF.exe
  C:\Windows\System\IgtfutF.exe
  2⤵
  PID:5492
- C:\Windows\System\ustdYZt.exe
  C:\Windows\System\ustdYZt.exe
  2⤵
  PID:108
- C:\Windows\System\uHXxwTK.exe
  C:\Windows\System\uHXxwTK.exe
  2⤵
  PID:5536
- C:\Windows\System\rSetjqz.exe
  C:\Windows\System\rSetjqz.exe
  2⤵
  PID:5512
- C:\Windows\System\ltSxkiF.exe
  C:\Windows\System\ltSxkiF.exe
  2⤵
  PID:472
- C:\Windows\System\KSsESWO.exe
  C:\Windows\System\KSsESWO.exe
  2⤵
  PID:5632
- C:\Windows\System\iwXNyTq.exe
  C:\Windows\System\iwXNyTq.exe
  2⤵
  PID:5696
- C:\Windows\System\iWiGFlZ.exe
  C:\Windows\System\iWiGFlZ.exe
  2⤵
  PID:5604
- C:\Windows\System\bFYZoLk.exe
  C:\Windows\System\bFYZoLk.exe
  2⤵
  PID:5740
- C:\Windows\System\goPQyyj.exe
  C:\Windows\System\goPQyyj.exe
  2⤵
  PID:5724
- C:\Windows\System\JQeLAEH.exe
  C:\Windows\System\JQeLAEH.exe
  2⤵
  PID:5828
- C:\Windows\System\KhBMNVo.exe
  C:\Windows\System\KhBMNVo.exe
  2⤵
  PID:5860
- C:\Windows\System\dQZTsnS.exe
  C:\Windows\System\dQZTsnS.exe
  2⤵
  PID:5924
- C:\Windows\System\gWNOPkg.exe
  C:\Windows\System\gWNOPkg.exe
  2⤵
  PID:5972
- C:\Windows\System\uCjKpkO.exe
  C:\Windows\System\uCjKpkO.exe
  2⤵
  PID:5840
- C:\Windows\System\RHHUlzX.exe
  C:\Windows\System\RHHUlzX.exe
  2⤵
  PID:980
- C:\Windows\System\ZAbsWZH.exe
  C:\Windows\System\ZAbsWZH.exe
  2⤵
  PID:5772
- C:\Windows\System\iOJkgXc.exe
  C:\Windows\System\iOJkgXc.exe
  2⤵
  PID:5808
- C:\Windows\System\rkmAGDE.exe
  C:\Windows\System\rkmAGDE.exe
  2⤵
  PID:5872
- C:\Windows\System\nAkMqja.exe
  C:\Windows\System\nAkMqja.exe
  2⤵
  PID:6032
- C:\Windows\System\sdloFXH.exe
  C:\Windows\System\sdloFXH.exe
  2⤵
  PID:6064
- C:\Windows\System\qcQKrhg.exe
  C:\Windows\System\qcQKrhg.exe
  2⤵
  PID:6140
- C:\Windows\System\RBcpmri.exe
  C:\Windows\System\RBcpmri.exe
  2⤵
  PID:6084
- C:\Windows\System\dgmgDAb.exe
  C:\Windows\System\dgmgDAb.exe
  2⤵
  PID:6080
- C:\Windows\System\OQmEEAK.exe
  C:\Windows\System\OQmEEAK.exe
  2⤵
  PID:5196
- C:\Windows\System\rgmQInG.exe
  C:\Windows\System\rgmQInG.exe
  2⤵
  PID:6128
- C:\Windows\System\SBLdqaF.exe
  C:\Windows\System\SBLdqaF.exe
  2⤵
  PID:5096
- C:\Windows\System\nMEIVmX.exe
  C:\Windows\System\nMEIVmX.exe
  2⤵
  PID:5376
- C:\Windows\System\jBqavcY.exe
  C:\Windows\System\jBqavcY.exe
  2⤵
  PID:5380
- C:\Windows\System\KboGlUL.exe
  C:\Windows\System\KboGlUL.exe
  2⤵
  PID:5424
- C:\Windows\System\hrDRQdk.exe
  C:\Windows\System\hrDRQdk.exe
  2⤵
  PID:5244
- C:\Windows\System\GDXYiJm.exe
  C:\Windows\System\GDXYiJm.exe
  2⤵
  PID:5208
- C:\Windows\System\eBDBQGT.exe
  C:\Windows\System\eBDBQGT.exe
  2⤵
  PID:5312
- C:\Windows\System\CHHXcXF.exe
  C:\Windows\System\CHHXcXF.exe
  2⤵
  PID:5488
- C:\Windows\System\EANyMVu.exe
  C:\Windows\System\EANyMVu.exe
  2⤵
  PID:3176
- C:\Windows\System\sgYCDGa.exe
  C:\Windows\System\sgYCDGa.exe
  2⤵
  PID:5548
- C:\Windows\System\jDiXoyG.exe
  C:\Windows\System\jDiXoyG.exe
  2⤵
  PID:5448
- C:\Windows\System\ARFTKRo.exe
  C:\Windows\System\ARFTKRo.exe
  2⤵
  PID:5584
- C:\Windows\System\XZjoQei.exe
  C:\Windows\System\XZjoQei.exe
  2⤵
  PID:5624
- C:\Windows\System\iicGUgQ.exe
  C:\Windows\System\iicGUgQ.exe
  2⤵
  PID:5720
- C:\Windows\System\RegEFob.exe
  C:\Windows\System\RegEFob.exe
  2⤵
  PID:5820
- C:\Windows\System\rQdnSYh.exe
  C:\Windows\System\rQdnSYh.exe
  2⤵
  PID:2924
- C:\Windows\System\xVgtRbf.exe
  C:\Windows\System\xVgtRbf.exe
  2⤵
  PID:5984
- C:\Windows\System\nDJCaDH.exe
  C:\Windows\System\nDJCaDH.exe
  2⤵
  PID:3236
- C:\Windows\System\uiiCHek.exe
  C:\Windows\System\uiiCHek.exe
  2⤵
  PID:5764
- C:\Windows\System\MpfrnwU.exe
  C:\Windows\System\MpfrnwU.exe
  2⤵
  PID:5804
- C:\Windows\System\SmOzDgm.exe
  C:\Windows\System\SmOzDgm.exe
  2⤵
  PID:6060
- C:\Windows\System\tMGiLPq.exe
  C:\Windows\System\tMGiLPq.exe
  2⤵
  PID:4164
- C:\Windows\System\RbcEPpP.exe
  C:\Windows\System\RbcEPpP.exe
  2⤵
  PID:5156
- C:\Windows\System\eLOqijX.exe
  C:\Windows\System\eLOqijX.exe
  2⤵
  PID:4844
- C:\Windows\System\NfJHHNU.exe
  C:\Windows\System\NfJHHNU.exe
  2⤵
  PID:2588
- C:\Windows\System\sLUYfZL.exe
  C:\Windows\System\sLUYfZL.exe
  2⤵
  PID:5228
- C:\Windows\System\yrLmKPA.exe
  C:\Windows\System\yrLmKPA.exe
  2⤵
  PID:1436
- C:\Windows\System\CDmFFSL.exe
  C:\Windows\System\CDmFFSL.exe
  2⤵
  PID:5320
- C:\Windows\System\VbArYPN.exe
  C:\Windows\System\VbArYPN.exe
  2⤵
  PID:5592
- C:\Windows\System\piIivsc.exe
  C:\Windows\System\piIivsc.exe
  2⤵
  PID:5676
- C:\Windows\System\MCFoGrJ.exe
  C:\Windows\System\MCFoGrJ.exe
  2⤵
  PID:3004
- C:\Windows\System\duYKQnP.exe
  C:\Windows\System\duYKQnP.exe
  2⤵
  PID:5484
- C:\Windows\System\bzODpKZ.exe
  C:\Windows\System\bzODpKZ.exe
  2⤵
  PID:5964
- C:\Windows\System\FBeHjfM.exe
  C:\Windows\System\FBeHjfM.exe
  2⤵
  PID:5480
- C:\Windows\System\rzJErkI.exe
  C:\Windows\System\rzJErkI.exe
  2⤵
  PID:5508
- C:\Windows\System\LQMxuGb.exe
  C:\Windows\System\LQMxuGb.exe
  2⤵
  PID:5892
- C:\Windows\System\KJhOrbr.exe
  C:\Windows\System\KJhOrbr.exe
  2⤵
  PID:5992
- C:\Windows\System\UusnDDi.exe
  C:\Windows\System\UusnDDi.exe
  2⤵
  PID:6000
- C:\Windows\System\HtJJEnE.exe
  C:\Windows\System\HtJJEnE.exe
  2⤵
  PID:6044
- C:\Windows\System\SliWXly.exe
  C:\Windows\System\SliWXly.exe
  2⤵
  PID:6012
- C:\Windows\System\viFIEGL.exe
  C:\Windows\System\viFIEGL.exe
  2⤵
  PID:3252
- C:\Windows\System\ZFLNiqJ.exe
  C:\Windows\System\ZFLNiqJ.exe
  2⤵
  PID:5340
- C:\Windows\System\gDmNpVs.exe
  C:\Windows\System\gDmNpVs.exe
  2⤵
  PID:2700
- C:\Windows\System\QUWHFOC.exe
  C:\Windows\System\QUWHFOC.exe
  2⤵
  PID:5588
- C:\Windows\System\WCNlGcS.exe
  C:\Windows\System\WCNlGcS.exe
  2⤵
  PID:5788
- C:\Windows\System\OKSlKbx.exe
  C:\Windows\System\OKSlKbx.exe
  2⤵
  PID:5728
- C:\Windows\System\BBeryLv.exe
  C:\Windows\System\BBeryLv.exe
  2⤵
  PID:4824
- C:\Windows\System\uLjTdYx.exe
  C:\Windows\System\uLjTdYx.exe
  2⤵
  PID:2540
- C:\Windows\System\wZZsAVt.exe
  C:\Windows\System\wZZsAVt.exe
  2⤵
  PID:6088
- C:\Windows\System\ScHbPdX.exe
  C:\Windows\System\ScHbPdX.exe
  2⤵
  PID:5996
- C:\Windows\System\RkdVzdo.exe
  C:\Windows\System\RkdVzdo.exe
  2⤵
  PID:6108
- C:\Windows\System\kECjtAX.exe
  C:\Windows\System\kECjtAX.exe
  2⤵
  PID:6120
- C:\Windows\System\xHEcqhA.exe
  C:\Windows\System\xHEcqhA.exe
  2⤵
  PID:2112
- C:\Windows\System\FGiJAYo.exe
  C:\Windows\System\FGiJAYo.exe
  2⤵
  PID:572
- C:\Windows\System\ifKYAaG.exe
  C:\Windows\System\ifKYAaG.exe
  2⤵
  PID:5420
- C:\Windows\System\uoSDZRs.exe
  C:\Windows\System\uoSDZRs.exe
  2⤵
  PID:5824
- C:\Windows\System\XGwdLqH.exe
  C:\Windows\System\XGwdLqH.exe
  2⤵
  PID:6104
- C:\Windows\System\rjPbBvJ.exe
  C:\Windows\System\rjPbBvJ.exe
  2⤵
  PID:5428
- C:\Windows\System\uvrjjnH.exe
  C:\Windows\System\uvrjjnH.exe
  2⤵
  PID:2136
- C:\Windows\System\xeXbsVr.exe
  C:\Windows\System\xeXbsVr.exe
  2⤵
  PID:2604
- C:\Windows\System\YjlVrpL.exe
  C:\Windows\System\YjlVrpL.exe
  2⤵
  PID:6156
- C:\Windows\System\LpEkQzC.exe
  C:\Windows\System\LpEkQzC.exe
  2⤵
  PID:6172
- C:\Windows\System\lwhXuGV.exe
  C:\Windows\System\lwhXuGV.exe
  2⤵
  PID:6192
- C:\Windows\System\gfALQWV.exe
  C:\Windows\System\gfALQWV.exe
  2⤵
  PID:6212
- C:\Windows\System\KdSCccJ.exe
  C:\Windows\System\KdSCccJ.exe
  2⤵
  PID:6228
- C:\Windows\System\BgNPfrI.exe
  C:\Windows\System\BgNPfrI.exe
  2⤵
  PID:6244
- C:\Windows\System\Qwgzyuv.exe
  C:\Windows\System\Qwgzyuv.exe
  2⤵
  PID:6260
- C:\Windows\System\pPBhoHY.exe
  C:\Windows\System\pPBhoHY.exe
  2⤵
  PID:6280
- C:\Windows\System\QVYdSwh.exe
  C:\Windows\System\QVYdSwh.exe
  2⤵
  PID:6304
- C:\Windows\System\tXUhtoo.exe
  C:\Windows\System\tXUhtoo.exe
  2⤵
  PID:6320
- C:\Windows\System\jFewxrC.exe
  C:\Windows\System\jFewxrC.exe
  2⤵
  PID:6348
- C:\Windows\System\HdysJZF.exe
  C:\Windows\System\HdysJZF.exe
  2⤵
  PID:6364
- C:\Windows\System\lzMnIyN.exe
  C:\Windows\System\lzMnIyN.exe
  2⤵
  PID:6384
- C:\Windows\System\PZWyRcP.exe
  C:\Windows\System\PZWyRcP.exe
  2⤵
  PID:6404
- C:\Windows\System\hghsZdN.exe
  C:\Windows\System\hghsZdN.exe
  2⤵
  PID:6432
- C:\Windows\System\dUhrwMA.exe
  C:\Windows\System\dUhrwMA.exe
  2⤵
  PID:6472
- C:\Windows\System\WaYFsHL.exe
  C:\Windows\System\WaYFsHL.exe
  2⤵
  PID:6488
- C:\Windows\System\flRIGKN.exe
  C:\Windows\System\flRIGKN.exe
  2⤵
  PID:6508
- C:\Windows\System\LyCQQts.exe
  C:\Windows\System\LyCQQts.exe
  2⤵
  PID:6528
- C:\Windows\System\RGMLlmY.exe
  C:\Windows\System\RGMLlmY.exe
  2⤵
  PID:6544
- C:\Windows\System\SMJDMPs.exe
  C:\Windows\System\SMJDMPs.exe
  2⤵
  PID:6572
- C:\Windows\System\ehifgrf.exe
  C:\Windows\System\ehifgrf.exe
  2⤵
  PID:6592
- C:\Windows\System\WXfAgWl.exe
  C:\Windows\System\WXfAgWl.exe
  2⤵
  PID:6616
- C:\Windows\System\ErWWuxM.exe
  C:\Windows\System\ErWWuxM.exe
  2⤵
  PID:6632
- C:\Windows\System\bENhuGb.exe
  C:\Windows\System\bENhuGb.exe
  2⤵
  PID:6660
- C:\Windows\System\nBInxzy.exe
  C:\Windows\System\nBInxzy.exe
  2⤵
  PID:6676
- C:\Windows\System\oIdIsoa.exe
  C:\Windows\System\oIdIsoa.exe
  2⤵
  PID:6692
- C:\Windows\System\fedzeXt.exe
  C:\Windows\System\fedzeXt.exe
  2⤵
  PID:6708
- C:\Windows\System\GJDzexh.exe
  C:\Windows\System\GJDzexh.exe
  2⤵
  PID:6724
- C:\Windows\System\wHgiIDk.exe
  C:\Windows\System\wHgiIDk.exe
  2⤵
  PID:6756
- C:\Windows\System\XTNHIrt.exe
  C:\Windows\System\XTNHIrt.exe
  2⤵
  PID:6772
- C:\Windows\System\fHvESgC.exe
  C:\Windows\System\fHvESgC.exe
  2⤵
  PID:6788
- C:\Windows\System\OFRYJBr.exe
  C:\Windows\System\OFRYJBr.exe
  2⤵
  PID:6808
- C:\Windows\System\rGGrhcx.exe
  C:\Windows\System\rGGrhcx.exe
  2⤵
  PID:6836
- C:\Windows\System\fmNhVtd.exe
  C:\Windows\System\fmNhVtd.exe
  2⤵
  PID:6852
- C:\Windows\System\ZASiYVv.exe
  C:\Windows\System\ZASiYVv.exe
  2⤵
  PID:6868
- C:\Windows\System\RhQQayU.exe
  C:\Windows\System\RhQQayU.exe
  2⤵
  PID:6884
- C:\Windows\System\yAXgiMl.exe
  C:\Windows\System\yAXgiMl.exe
  2⤵
  PID:6904
- C:\Windows\System\ZoQjEXV.exe
  C:\Windows\System\ZoQjEXV.exe
  2⤵
  PID:6924
- C:\Windows\System\WFlePnO.exe
  C:\Windows\System\WFlePnO.exe
  2⤵
  PID:6944
- C:\Windows\System\OsPpgrK.exe
  C:\Windows\System\OsPpgrK.exe
  2⤵
  PID:6960
- C:\Windows\System\tAYlZJQ.exe
  C:\Windows\System\tAYlZJQ.exe
  2⤵
  PID:6976
- C:\Windows\System\SrGYMiZ.exe
  C:\Windows\System\SrGYMiZ.exe
  2⤵
  PID:6992
- C:\Windows\System\NDGOeYc.exe
  C:\Windows\System\NDGOeYc.exe
  2⤵
  PID:7008
- C:\Windows\System\wRFQSYk.exe
  C:\Windows\System\wRFQSYk.exe
  2⤵
  PID:7028
- C:\Windows\System\tDSYCGF.exe
  C:\Windows\System\tDSYCGF.exe
  2⤵
  PID:7048
- C:\Windows\System\BiwcygM.exe
  C:\Windows\System\BiwcygM.exe
  2⤵
  PID:7064
- C:\Windows\System\DJuennu.exe
  C:\Windows\System\DJuennu.exe
  2⤵
  PID:7084
- C:\Windows\System\UCuIKuH.exe
  C:\Windows\System\UCuIKuH.exe
  2⤵
  PID:7108
- C:\Windows\System\LxEdumb.exe
  C:\Windows\System\LxEdumb.exe
  2⤵
  PID:7132
- C:\Windows\System\cwIuDJF.exe
  C:\Windows\System\cwIuDJF.exe
  2⤵
  PID:5360
- C:\Windows\System\fHacfCg.exe
  C:\Windows\System\fHacfCg.exe
  2⤵
  PID:6148
- C:\Windows\System\vVdjpcd.exe
  C:\Windows\System\vVdjpcd.exe
  2⤵
  PID:6188
- C:\Windows\System\rlwhlcE.exe
  C:\Windows\System\rlwhlcE.exe
  2⤵
  PID:6256
- C:\Windows\System\OGweKXg.exe
  C:\Windows\System\OGweKXg.exe
  2⤵
  PID:984
- C:\Windows\System\QdhYdmR.exe
  C:\Windows\System\QdhYdmR.exe
  2⤵
  PID:6236
- C:\Windows\System\DJgCuVH.exe
  C:\Windows\System\DJgCuVH.exe
  2⤵
  PID:6204
- C:\Windows\System\fcWNFjE.exe
  C:\Windows\System\fcWNFjE.exe
  2⤵
  PID:6312
- C:\Windows\System\DKFYgzl.exe
  C:\Windows\System\DKFYgzl.exe
  2⤵
  PID:6208
- C:\Windows\System\YYybnmw.exe
  C:\Windows\System\YYybnmw.exe
  2⤵
  PID:5348
- C:\Windows\System\gYTjbry.exe
  C:\Windows\System\gYTjbry.exe
  2⤵
  PID:6372
- C:\Windows\System\cIEUAXx.exe
  C:\Windows\System\cIEUAXx.exe
  2⤵
  PID:6420
- C:\Windows\System\JrpRhvM.exe
  C:\Windows\System\JrpRhvM.exe
  2⤵
  PID:6484
- C:\Windows\System\zTTaoHy.exe
  C:\Windows\System\zTTaoHy.exe
  2⤵
  PID:6396
- C:\Windows\System\RstfxLF.exe
  C:\Windows\System\RstfxLF.exe
  2⤵
  PID:6456
- C:\Windows\System\FRjcvfU.exe
  C:\Windows\System\FRjcvfU.exe
  2⤵
  PID:6452
- C:\Windows\System\lVVyypE.exe
  C:\Windows\System\lVVyypE.exe
  2⤵
  PID:6604
- C:\Windows\System\XsqonYK.exe
  C:\Windows\System\XsqonYK.exe
  2⤵
  PID:6648
- C:\Windows\System\llDPfnE.exe
  C:\Windows\System\llDPfnE.exe
  2⤵
  PID:6536
- C:\Windows\System\qRldKTh.exe
  C:\Windows\System\qRldKTh.exe
  2⤵
  PID:6656
- C:\Windows\System\nKNmlIr.exe
  C:\Windows\System\nKNmlIr.exe
  2⤵
  PID:6668
- C:\Windows\System\MIzciZo.exe
  C:\Windows\System\MIzciZo.exe
  2⤵
  PID:6716
- C:\Windows\System\JWUXpWX.exe
  C:\Windows\System\JWUXpWX.exe
  2⤵
  PID:6736
- C:\Windows\System\swjnvhJ.exe
  C:\Windows\System\swjnvhJ.exe
  2⤵
  PID:6732
- C:\Windows\System\gbxPQJD.exe
  C:\Windows\System\gbxPQJD.exe
  2⤵
  PID:6844
- C:\Windows\System\PcYnHSJ.exe
  C:\Windows\System\PcYnHSJ.exe
  2⤵
  PID:6912
- C:\Windows\System\yusRfUg.exe
  C:\Windows\System\yusRfUg.exe
  2⤵
  PID:6956
- C:\Windows\System\wHzkiuW.exe
  C:\Windows\System\wHzkiuW.exe
  2⤵
  PID:7024
- C:\Windows\System\ZuLQygN.exe
  C:\Windows\System\ZuLQygN.exe
  2⤵
  PID:6820
- C:\Windows\System\ynrelwv.exe
  C:\Windows\System\ynrelwv.exe
  2⤵
  PID:7100
- C:\Windows\System\sxdJpck.exe
  C:\Windows\System\sxdJpck.exe
  2⤵
  PID:7004
- C:\Windows\System\IIUKPWd.exe
  C:\Windows\System\IIUKPWd.exe
  2⤵
  PID:7124
- C:\Windows\System\yVhNZQU.exe
  C:\Windows\System\yVhNZQU.exe
  2⤵
  PID:7148
- C:\Windows\System\QlLuMPw.exe
  C:\Windows\System\QlLuMPw.exe
  2⤵
  PID:7164
- C:\Windows\System\AmoBAUs.exe
  C:\Windows\System\AmoBAUs.exe
  2⤵
  PID:7036
- C:\Windows\System\nEDKaKl.exe
  C:\Windows\System\nEDKaKl.exe
  2⤵
  PID:7116
- C:\Windows\System\BiEfJBg.exe
  C:\Windows\System\BiEfJBg.exe
  2⤵
  PID:5760
- C:\Windows\System\oIRtzLU.exe
  C:\Windows\System\oIRtzLU.exe
  2⤵
  PID:6332
- C:\Windows\System\VDfqwZZ.exe
  C:\Windows\System\VDfqwZZ.exe
  2⤵
  PID:1888
- C:\Windows\System\XRyMZAK.exe
  C:\Windows\System\XRyMZAK.exe
  2⤵
  PID:6440
- C:\Windows\System\QBTkfJw.exe
  C:\Windows\System\QBTkfJw.exe
  2⤵
  PID:6336
- C:\Windows\System\irHzBSQ.exe
  C:\Windows\System\irHzBSQ.exe
  2⤵
  PID:6168
- C:\Windows\System\OfTbiKp.exe
  C:\Windows\System\OfTbiKp.exe
  2⤵
  PID:6524
- C:\Windows\System\jdDDNca.exe
  C:\Windows\System\jdDDNca.exe
  2⤵
  PID:6272
- C:\Windows\System\imCXyTL.exe
  C:\Windows\System\imCXyTL.exe
  2⤵
  PID:6564
- C:\Windows\System\DSNuJdX.exe
  C:\Windows\System\DSNuJdX.exe
  2⤵
  PID:6580
- C:\Windows\System\eQYwXbW.exe
  C:\Windows\System\eQYwXbW.exe
  2⤵
  PID:6684
- C:\Windows\System\NeKmmpl.exe
  C:\Windows\System\NeKmmpl.exe
  2⤵
  PID:6768
- C:\Windows\System\rWliJex.exe
  C:\Windows\System\rWliJex.exe
  2⤵
  PID:6804
- C:\Windows\System\rXzQrXx.exe
  C:\Windows\System\rXzQrXx.exe
  2⤵
  PID:6640
- C:\Windows\System\ejryJkP.exe
  C:\Windows\System\ejryJkP.exe
  2⤵
  PID:6744
- C:\Windows\System\VzyaBFs.exe
  C:\Windows\System\VzyaBFs.exe
  2⤵
  PID:6988
- C:\Windows\System\aCPuFbk.exe
  C:\Windows\System\aCPuFbk.exe
  2⤵
  PID:7096
- C:\Windows\System\pVwTphD.exe
  C:\Windows\System\pVwTphD.exe
  2⤵
  PID:6968
- C:\Windows\System\IlVixvq.exe
  C:\Windows\System\IlVixvq.exe
  2⤵
  PID:3528
- C:\Windows\System\KGpjGJM.exe
  C:\Windows\System\KGpjGJM.exe
  2⤵
  PID:3628
- C:\Windows\System\JHcItLy.exe
  C:\Windows\System\JHcItLy.exe
  2⤵
  PID:5784
- C:\Windows\System\lfepafb.exe
  C:\Windows\System\lfepafb.exe
  2⤵
  PID:7080
- C:\Windows\System\mUWElSQ.exe
  C:\Windows\System\mUWElSQ.exe
  2⤵
  PID:6316
- C:\Windows\System\QuhZFFy.exe
  C:\Windows\System\QuhZFFy.exe
  2⤵
  PID:6448
- C:\Windows\System\krSpUqd.exe
  C:\Windows\System\krSpUqd.exe
  2⤵
  PID:6412
- C:\Windows\System\uGGuGmw.exe
  C:\Windows\System\uGGuGmw.exe
  2⤵
  PID:6560
- C:\Windows\System\JLmFrqO.exe
  C:\Windows\System\JLmFrqO.exe
  2⤵
  PID:6796
- C:\Windows\System\cwPGfOp.exe
  C:\Windows\System\cwPGfOp.exe
  2⤵
  PID:6628
- C:\Windows\System\CbcBBxv.exe
  C:\Windows\System\CbcBBxv.exe
  2⤵
  PID:6764
- C:\Windows\System\phjUOzR.exe
  C:\Windows\System\phjUOzR.exe
  2⤵
  PID:6832
- C:\Windows\System\DJmmYsx.exe
  C:\Windows\System\DJmmYsx.exe
  2⤵
  PID:6816
- C:\Windows\System\XHMijkp.exe
  C:\Windows\System\XHMijkp.exe
  2⤵
  PID:6896
- C:\Windows\System\udXJxUB.exe
  C:\Windows\System\udXJxUB.exe
  2⤵
  PID:6568
- C:\Windows\System\MXpGDtW.exe
  C:\Windows\System\MXpGDtW.exe
  2⤵
  PID:6328
- C:\Windows\System\yaQOvZI.exe
  C:\Windows\System\yaQOvZI.exe
  2⤵
  PID:6480
- C:\Windows\System\gysXMfM.exe
  C:\Windows\System\gysXMfM.exe
  2⤵
  PID:6584
- C:\Windows\System\NhawiXy.exe
  C:\Windows\System\NhawiXy.exe
  2⤵
  PID:6880
- C:\Windows\System\giOTESZ.exe
  C:\Windows\System\giOTESZ.exe
  2⤵
  PID:6520
- C:\Windows\System\AJjCglb.exe
  C:\Windows\System\AJjCglb.exe
  2⤵
  PID:6552
- C:\Windows\System\cChYfGq.exe
  C:\Windows\System\cChYfGq.exe
  2⤵
  PID:6252
- C:\Windows\System\PAZigKi.exe
  C:\Windows\System\PAZigKi.exe
  2⤵
  PID:5300
- C:\Windows\System\mgXNeyb.exe
  C:\Windows\System\mgXNeyb.exe
  2⤵
  PID:6124
- C:\Windows\System\bVwoCdZ.exe
  C:\Windows\System\bVwoCdZ.exe
  2⤵
  PID:7044
- C:\Windows\System\bdPdMVy.exe
  C:\Windows\System\bdPdMVy.exe
  2⤵
  PID:2436
- C:\Windows\System\wgqxUix.exe
  C:\Windows\System\wgqxUix.exe
  2⤵
  PID:6780
- C:\Windows\System\MuWoLyA.exe
  C:\Windows\System\MuWoLyA.exe
  2⤵
  PID:7184
- C:\Windows\System\ZJkhhjC.exe
  C:\Windows\System\ZJkhhjC.exe
  2⤵
  PID:7204
- C:\Windows\System\goUVNgI.exe
  C:\Windows\System\goUVNgI.exe
  2⤵
  PID:7260
- C:\Windows\System\wsZsAZY.exe
  C:\Windows\System\wsZsAZY.exe
  2⤵
  PID:7280
- C:\Windows\System\TcKcBrv.exe
  C:\Windows\System\TcKcBrv.exe
  2⤵
  PID:7296
- C:\Windows\System\UvfzMcl.exe
  C:\Windows\System\UvfzMcl.exe
  2⤵
  PID:7316
- C:\Windows\System\DIXqikV.exe
  C:\Windows\System\DIXqikV.exe
  2⤵
  PID:7336
- C:\Windows\System\lqOjFRn.exe
  C:\Windows\System\lqOjFRn.exe
  2⤵
  PID:7352
- C:\Windows\System\sYlFgKH.exe
  C:\Windows\System\sYlFgKH.exe
  2⤵
  PID:7376
- C:\Windows\System\jQlAczB.exe
  C:\Windows\System\jQlAczB.exe
  2⤵
  PID:7396
- C:\Windows\System\HTIVbkV.exe
  C:\Windows\System\HTIVbkV.exe
  2⤵
  PID:7416
- C:\Windows\System\vlpKDWj.exe
  C:\Windows\System\vlpKDWj.exe
  2⤵
  PID:7432
- C:\Windows\System\biGrXqh.exe
  C:\Windows\System\biGrXqh.exe
  2⤵
  PID:7448
- C:\Windows\System\XdhANFX.exe
  C:\Windows\System\XdhANFX.exe
  2⤵
  PID:7464
- C:\Windows\System\xXzxWjM.exe
  C:\Windows\System\xXzxWjM.exe
  2⤵
  PID:7480
- C:\Windows\System\BYVLJMD.exe
  C:\Windows\System\BYVLJMD.exe
  2⤵
  PID:7500
- C:\Windows\System\uycQvQd.exe
  C:\Windows\System\uycQvQd.exe
  2⤵
  PID:7516
- C:\Windows\System\pHIViXf.exe
  C:\Windows\System\pHIViXf.exe
  2⤵
  PID:7540
- C:\Windows\System\xVTYsBH.exe
  C:\Windows\System\xVTYsBH.exe
  2⤵
  PID:7560
- C:\Windows\System\yKsyewz.exe
  C:\Windows\System\yKsyewz.exe
  2⤵
  PID:7576
- C:\Windows\System\AFFNODT.exe
  C:\Windows\System\AFFNODT.exe
  2⤵
  PID:7620
- C:\Windows\System\JIEZrCg.exe
  C:\Windows\System\JIEZrCg.exe
  2⤵
  PID:7640
- C:\Windows\System\OROmbvB.exe
  C:\Windows\System\OROmbvB.exe
  2⤵
  PID:7656
- C:\Windows\System\rVqhEbR.exe
  C:\Windows\System\rVqhEbR.exe
  2⤵
  PID:7672
- C:\Windows\System\bNIyBkY.exe
  C:\Windows\System\bNIyBkY.exe
  2⤵
  PID:7692
- C:\Windows\System\KcPTkpM.exe
  C:\Windows\System\KcPTkpM.exe
  2⤵
  PID:7708
- C:\Windows\System\MspuTiO.exe
  C:\Windows\System\MspuTiO.exe
  2⤵
  PID:7724
- C:\Windows\System\CuqNxyS.exe
  C:\Windows\System\CuqNxyS.exe
  2⤵
  PID:7740
- C:\Windows\System\ENVOabg.exe
  C:\Windows\System\ENVOabg.exe
  2⤵
  PID:7768
- C:\Windows\System\EATeoEO.exe
  C:\Windows\System\EATeoEO.exe
  2⤵
  PID:7784
- C:\Windows\System\rVPxowI.exe
  C:\Windows\System\rVPxowI.exe
  2⤵
  PID:7804
- C:\Windows\System\eejwwAk.exe
  C:\Windows\System\eejwwAk.exe
  2⤵
  PID:7824
- C:\Windows\System\jlbyjZH.exe
  C:\Windows\System\jlbyjZH.exe
  2⤵
  PID:7844
- C:\Windows\System\swPRiYl.exe
  C:\Windows\System\swPRiYl.exe
  2⤵
  PID:7860
- C:\Windows\System\eldsUxv.exe
  C:\Windows\System\eldsUxv.exe
  2⤵
  PID:7876
- C:\Windows\System\gxVjamE.exe
  C:\Windows\System\gxVjamE.exe
  2⤵
  PID:7896
- C:\Windows\System\EpjyOUw.exe
  C:\Windows\System\EpjyOUw.exe
  2⤵
  PID:7924
- C:\Windows\System\kUyGCjI.exe
  C:\Windows\System\kUyGCjI.exe
  2⤵
  PID:7952
- C:\Windows\System\ngXqIiQ.exe
  C:\Windows\System\ngXqIiQ.exe
  2⤵
  PID:7972
- C:\Windows\System\ZwQIJei.exe
  C:\Windows\System\ZwQIJei.exe
  2⤵
  PID:8000
- C:\Windows\System\csBGmBz.exe
  C:\Windows\System\csBGmBz.exe
  2⤵
  PID:8020
- C:\Windows\System\DijJDPr.exe
  C:\Windows\System\DijJDPr.exe
  2⤵
  PID:8036
- C:\Windows\System\AOPxMJn.exe
  C:\Windows\System\AOPxMJn.exe
  2⤵
  PID:8052
- C:\Windows\System\KdrotEP.exe
  C:\Windows\System\KdrotEP.exe
  2⤵
  PID:8084
- C:\Windows\System\FPYTErG.exe
  C:\Windows\System\FPYTErG.exe
  2⤵
  PID:8100
- C:\Windows\System\HGCBcvp.exe
  C:\Windows\System\HGCBcvp.exe
  2⤵
  PID:8116
- C:\Windows\System\hGrjHdq.exe
  C:\Windows\System\hGrjHdq.exe
  2⤵
  PID:8136
- C:\Windows\System\tCNaZGH.exe
  C:\Windows\System\tCNaZGH.exe
  2⤵
  PID:8164
- C:\Windows\System\KIIzNHz.exe
  C:\Windows\System\KIIzNHz.exe
  2⤵
  PID:8180
- C:\Windows\System\fskKSaf.exe
  C:\Windows\System\fskKSaf.exe
  2⤵
  PID:2612
- C:\Windows\System\BHwlJfU.exe
  C:\Windows\System\BHwlJfU.exe
  2⤵
  PID:6892
- C:\Windows\System\ICMDQxv.exe
  C:\Windows\System\ICMDQxv.exe
  2⤵
  PID:4596
- C:\Windows\System\UveIPmr.exe
  C:\Windows\System\UveIPmr.exe
  2⤵
  PID:7020
- C:\Windows\System\jUaQYtt.exe
  C:\Windows\System\jUaQYtt.exe
  2⤵
  PID:7176
- C:\Windows\System\xAKhOIm.exe
  C:\Windows\System\xAKhOIm.exe
  2⤵
  PID:6360
- C:\Windows\System\CbriioT.exe
  C:\Windows\System\CbriioT.exe
  2⤵
  PID:7228
- C:\Windows\System\SJAQqzw.exe
  C:\Windows\System\SJAQqzw.exe
  2⤵
  PID:7244
- C:\Windows\System\YKcBzdo.exe
  C:\Windows\System\YKcBzdo.exe
  2⤵
  PID:7220
- C:\Windows\System\iGUPLqM.exe
  C:\Windows\System\iGUPLqM.exe
  2⤵
  PID:7292
- C:\Windows\System\rHRymxx.exe
  C:\Windows\System\rHRymxx.exe
  2⤵
  PID:7368
- C:\Windows\System\xItRzLP.exe
  C:\Windows\System\xItRzLP.exe
  2⤵
  PID:7364
- C:\Windows\System\BliooyJ.exe
  C:\Windows\System\BliooyJ.exe
  2⤵
  PID:7424
- C:\Windows\System\dANyYly.exe
  C:\Windows\System\dANyYly.exe
  2⤵
  PID:7536
- C:\Windows\System\MgcljxV.exe
  C:\Windows\System\MgcljxV.exe
  2⤵
  PID:7444
- C:\Windows\System\bGSePwT.exe
  C:\Windows\System\bGSePwT.exe
  2⤵
  PID:7512
- C:\Windows\System\sEPEdKM.exe
  C:\Windows\System\sEPEdKM.exe
  2⤵
  PID:7584
- C:\Windows\System\UoGEpLM.exe
  C:\Windows\System\UoGEpLM.exe
  2⤵
  PID:7604
- C:\Windows\System\IllgwRC.exe
  C:\Windows\System\IllgwRC.exe
  2⤵
  PID:7588
- C:\Windows\System\KEbRnIx.exe
  C:\Windows\System\KEbRnIx.exe
  2⤵
  PID:7632
- C:\Windows\System\JbeKDxF.exe
  C:\Windows\System\JbeKDxF.exe
  2⤵
  PID:7704
- C:\Windows\System\PHnVcMs.exe
  C:\Windows\System\PHnVcMs.exe
  2⤵
  PID:7652
- C:\Windows\System\DIczgzz.exe
  C:\Windows\System\DIczgzz.exe
  2⤵
  PID:7812
- C:\Windows\System\YXRNivC.exe
  C:\Windows\System\YXRNivC.exe
  2⤵
  PID:7688
- C:\Windows\System\dCoLrdq.exe
  C:\Windows\System\dCoLrdq.exe
  2⤵
  PID:7884
- C:\Windows\System\RYvQVJV.exe
  C:\Windows\System\RYvQVJV.exe
  2⤵
  PID:7840
- C:\Windows\System\UXRrRAS.exe
  C:\Windows\System\UXRrRAS.exe
  2⤵
  PID:7872
- C:\Windows\System\chvTwFm.exe
  C:\Windows\System\chvTwFm.exe
  2⤵
  PID:7980
- C:\Windows\System\djglCtH.exe
  C:\Windows\System\djglCtH.exe
  2⤵
  PID:7964
- C:\Windows\System\yxchryW.exe
  C:\Windows\System\yxchryW.exe
  2⤵
  PID:7968
- C:\Windows\System\jyfRuuh.exe
  C:\Windows\System\jyfRuuh.exe
  2⤵
  PID:8028
- C:\Windows\System\iwAAaQD.exe
  C:\Windows\System\iwAAaQD.exe
  2⤵
  PID:8068
- C:\Windows\System\jAMRvUB.exe
  C:\Windows\System\jAMRvUB.exe
  2⤵
  PID:8108
- C:\Windows\System\igmoaUW.exe
  C:\Windows\System\igmoaUW.exe
  2⤵
  PID:8124
- C:\Windows\System\psPLzzw.exe
  C:\Windows\System\psPLzzw.exe
  2⤵
  PID:8096
- C:\Windows\System\YWvuzpx.exe
  C:\Windows\System\YWvuzpx.exe
  2⤵
  PID:8188
- C:\Windows\System\UDQHSQM.exe
  C:\Windows\System\UDQHSQM.exe
  2⤵
  PID:5908
- C:\Windows\System\xwPAorj.exe
  C:\Windows\System\xwPAorj.exe
  2⤵
  PID:7256
- C:\Windows\System\ONifsft.exe
  C:\Windows\System\ONifsft.exe
  2⤵
  PID:6972
- C:\Windows\System\nxQLZul.exe
  C:\Windows\System\nxQLZul.exe
  2⤵
  PID:7324
- C:\Windows\System\rBtdBqX.exe
  C:\Windows\System\rBtdBqX.exe
  2⤵
  PID:7212
- C:\Windows\System\rBuAoKX.exe
  C:\Windows\System\rBuAoKX.exe
  2⤵
  PID:7360
- C:\Windows\System\lwxxndS.exe
  C:\Windows\System\lwxxndS.exe
  2⤵
  PID:7524
- C:\Windows\System\VHJONDY.exe
  C:\Windows\System\VHJONDY.exe
  2⤵
  PID:7528
- C:\Windows\System\QPhnCWH.exe
  C:\Windows\System\QPhnCWH.exe
  2⤵
  PID:7476
- C:\Windows\System\ZdxZscy.exe
  C:\Windows\System\ZdxZscy.exe
  2⤵
  PID:7636
- C:\Windows\System\KdpqFHy.exe
  C:\Windows\System\KdpqFHy.exe
  2⤵
  PID:7684
- C:\Windows\System\BnXxHSr.exe
  C:\Windows\System\BnXxHSr.exe
  2⤵
  PID:7612
- C:\Windows\System\adUoZJG.exe
  C:\Windows\System\adUoZJG.exe
  2⤵
  PID:7752
- C:\Windows\System\CUDEfws.exe
  C:\Windows\System\CUDEfws.exe
  2⤵
  PID:7892
- C:\Windows\System\kSqbQUd.exe
  C:\Windows\System\kSqbQUd.exe
  2⤵
  PID:8008
- C:\Windows\System\DxgZNOf.exe
  C:\Windows\System\DxgZNOf.exe
  2⤵
  PID:7800
- C:\Windows\System\aASMXuy.exe
  C:\Windows\System\aASMXuy.exe
  2⤵
  PID:7940
- C:\Windows\System\VePetBu.exe
  C:\Windows\System\VePetBu.exe
  2⤵
  PID:8012
- C:\Windows\System\UcQBXjx.exe
  C:\Windows\System\UcQBXjx.exe
  2⤵
  PID:8080
- C:\Windows\System\VYzmBvs.exe
  C:\Windows\System\VYzmBvs.exe
  2⤵
  PID:4568
- C:\Windows\System\dAuCwtx.exe
  C:\Windows\System\dAuCwtx.exe
  2⤵
  PID:7224
- C:\Windows\System\ugckUkq.exe
  C:\Windows\System\ugckUkq.exe
  2⤵
  PID:7272
- C:\Windows\System\RKTDLKj.exe
  C:\Windows\System\RKTDLKj.exe
  2⤵
  PID:8148
- C:\Windows\System\cTbEXpz.exe
  C:\Windows\System\cTbEXpz.exe
  2⤵
  PID:6496
- C:\Windows\System\gjtMhLZ.exe
  C:\Windows\System\gjtMhLZ.exe
  2⤵
  PID:7496
- C:\Windows\System\KQwdlIB.exe
  C:\Windows\System\KQwdlIB.exe
  2⤵
  PID:7404
- C:\Windows\System\osTaMVv.exe
  C:\Windows\System\osTaMVv.exe
  2⤵
  PID:7700
- C:\Windows\System\tNcZknt.exe
  C:\Windows\System\tNcZknt.exe
  2⤵
  PID:7492
- C:\Windows\System\zfUKZaZ.exe
  C:\Windows\System\zfUKZaZ.exe
  2⤵
  PID:7920
- C:\Windows\System\xVOnXlo.exe
  C:\Windows\System\xVOnXlo.exe
  2⤵
  PID:7792
- C:\Windows\System\gVhbTxi.exe
  C:\Windows\System\gVhbTxi.exe
  2⤵
  PID:7836
- C:\Windows\System\UAobZxa.exe
  C:\Windows\System\UAobZxa.exe
  2⤵
  PID:8064
- C:\Windows\System\PTEtNwY.exe
  C:\Windows\System\PTEtNwY.exe
  2⤵
  PID:7948
- C:\Windows\System\KJSYBMU.exe
  C:\Windows\System\KJSYBMU.exe
  2⤵
  PID:7192
- C:\Windows\System\gxiMhHf.exe
  C:\Windows\System\gxiMhHf.exe
  2⤵
  PID:7348
- C:\Windows\System\mFONInX.exe
  C:\Windows\System\mFONInX.exe
  2⤵
  PID:7820
- C:\Windows\System\lXOMZfU.exe
  C:\Windows\System\lXOMZfU.exe
  2⤵
  PID:7912
- C:\Windows\System\ysjQXQH.exe
  C:\Windows\System\ysjQXQH.exe
  2⤵
  PID:8048
- C:\Windows\System\NYAzFAe.exe
  C:\Windows\System\NYAzFAe.exe
  2⤵
  PID:7868
- C:\Windows\System\MIsJpqj.exe
  C:\Windows\System\MIsJpqj.exe
  2⤵
  PID:7568
- C:\Windows\System\wmcuirL.exe
  C:\Windows\System\wmcuirL.exe
  2⤵
  PID:7552
- C:\Windows\System\fbLQdue.exe
  C:\Windows\System\fbLQdue.exe
  2⤵
  PID:7200
- C:\Windows\System\EXzGuNd.exe
  C:\Windows\System\EXzGuNd.exe
  2⤵
  PID:7556
- C:\Windows\System\YAVXTtr.exe
  C:\Windows\System\YAVXTtr.exe
  2⤵
  PID:7748
- C:\Windows\System\EXmkkek.exe
  C:\Windows\System\EXmkkek.exe
  2⤵
  PID:7456
- C:\Windows\System\HWflQPK.exe
  C:\Windows\System\HWflQPK.exe
  2⤵
  PID:7916
- C:\Windows\System\NrXHLmW.exe
  C:\Windows\System\NrXHLmW.exe
  2⤵
  PID:8060
- C:\Windows\System\OjIiLiS.exe
  C:\Windows\System\OjIiLiS.exe
  2⤵
  PID:8200
- C:\Windows\System\cwvsWCD.exe
  C:\Windows\System\cwvsWCD.exe
  2⤵
  PID:8220
- C:\Windows\System\OHVVwCD.exe
  C:\Windows\System\OHVVwCD.exe
  2⤵
  PID:8264
- C:\Windows\System\smXpZGy.exe
  C:\Windows\System\smXpZGy.exe
  2⤵
  PID:8284
- C:\Windows\System\CDVpQTq.exe
  C:\Windows\System\CDVpQTq.exe
  2⤵
  PID:8300
- C:\Windows\System\GYXLAsK.exe
  C:\Windows\System\GYXLAsK.exe
  2⤵
  PID:8316
- C:\Windows\System\wLCmqdv.exe
  C:\Windows\System\wLCmqdv.exe
  2⤵
  PID:8336
- C:\Windows\System\CeRPLSe.exe
  C:\Windows\System\CeRPLSe.exe
  2⤵
  PID:8360
- C:\Windows\System\tjYRvyT.exe
  C:\Windows\System\tjYRvyT.exe
  2⤵
  PID:8380
- C:\Windows\System\gynVzho.exe
  C:\Windows\System\gynVzho.exe
  2⤵
  PID:8400
- C:\Windows\System\nHxRZLM.exe
  C:\Windows\System\nHxRZLM.exe
  2⤵
  PID:8420
- C:\Windows\System\CYFgiGG.exe
  C:\Windows\System\CYFgiGG.exe
  2⤵
  PID:8436
- C:\Windows\System\jwMGlwi.exe
  C:\Windows\System\jwMGlwi.exe
  2⤵
  PID:8468
- C:\Windows\System\VRaRGmr.exe
  C:\Windows\System\VRaRGmr.exe
  2⤵
  PID:8484
- C:\Windows\System\tdgfUqn.exe
  C:\Windows\System\tdgfUqn.exe
  2⤵
  PID:8504
- C:\Windows\System\mbOzwdy.exe
  C:\Windows\System\mbOzwdy.exe
  2⤵
  PID:8524
- C:\Windows\System\BCaQKZK.exe
  C:\Windows\System\BCaQKZK.exe
  2⤵
  PID:8540
- C:\Windows\System\RIfLhdC.exe
  C:\Windows\System\RIfLhdC.exe
  2⤵
  PID:8560
- C:\Windows\System\ZPajaBY.exe
  C:\Windows\System\ZPajaBY.exe
  2⤵
  PID:8576
- C:\Windows\System\uNcRSpF.exe
  C:\Windows\System\uNcRSpF.exe
  2⤵
  PID:8592
- C:\Windows\System\gqPbEsH.exe
  C:\Windows\System\gqPbEsH.exe
  2⤵
  PID:8628
- C:\Windows\System\fJsHgEg.exe
  C:\Windows\System\fJsHgEg.exe
  2⤵
  PID:8644
- C:\Windows\System\czKZuvN.exe
  C:\Windows\System\czKZuvN.exe
  2⤵
  PID:8660
- C:\Windows\System\mbQAKLX.exe
  C:\Windows\System\mbQAKLX.exe
  2⤵
  PID:8676
- C:\Windows\System\TRDTmQI.exe
  C:\Windows\System\TRDTmQI.exe
  2⤵
  PID:8712
- C:\Windows\System\veCeQmp.exe
  C:\Windows\System\veCeQmp.exe
  2⤵
  PID:8732
- C:\Windows\System\vbchbSD.exe
  C:\Windows\System\vbchbSD.exe
  2⤵
  PID:8748
- C:\Windows\System\GsJFwYf.exe
  C:\Windows\System\GsJFwYf.exe
  2⤵
  PID:8764
- C:\Windows\System\xslAsPX.exe
  C:\Windows\System\xslAsPX.exe
  2⤵
  PID:8784
- C:\Windows\System\QCWMCMS.exe
  C:\Windows\System\QCWMCMS.exe
  2⤵
  PID:8804
- C:\Windows\System\jdYDDLu.exe
  C:\Windows\System\jdYDDLu.exe
  2⤵
  PID:8820
- C:\Windows\System\XFeFlij.exe
  C:\Windows\System\XFeFlij.exe
  2⤵
  PID:8844
- C:\Windows\System\LAOQOhi.exe
  C:\Windows\System\LAOQOhi.exe
  2⤵
  PID:8868
- C:\Windows\System\yGFtEFW.exe
  C:\Windows\System\yGFtEFW.exe
  2⤵
  PID:8884
- C:\Windows\System\WbriUCo.exe
  C:\Windows\System\WbriUCo.exe
  2⤵
  PID:8900
- C:\Windows\System\MvmiPJo.exe
  C:\Windows\System\MvmiPJo.exe
  2⤵
  PID:8920
- C:\Windows\System\wkYVpNn.exe
  C:\Windows\System\wkYVpNn.exe
  2⤵
  PID:8936
- C:\Windows\System\yBjAGZH.exe
  C:\Windows\System\yBjAGZH.exe
  2⤵
  PID:8968
- C:\Windows\System\PYcRIen.exe
  C:\Windows\System\PYcRIen.exe
  2⤵
  PID:8988
- C:\Windows\System\fLeUALD.exe
  C:\Windows\System\fLeUALD.exe
  2⤵
  PID:9004
- C:\Windows\System\TbGGpdP.exe
  C:\Windows\System\TbGGpdP.exe
  2⤵
  PID:9024
- C:\Windows\System\zROpSSH.exe
  C:\Windows\System\zROpSSH.exe
  2⤵
  PID:9044
- C:\Windows\System\EaLodih.exe
  C:\Windows\System\EaLodih.exe
  2⤵
  PID:9060
- C:\Windows\System\HeSrQFy.exe
  C:\Windows\System\HeSrQFy.exe
  2⤵
  PID:9088
- C:\Windows\System\CQXJjPR.exe
  C:\Windows\System\CQXJjPR.exe
  2⤵
  PID:9108
- C:\Windows\System\rOQjvXK.exe
  C:\Windows\System\rOQjvXK.exe
  2⤵
  PID:9132
- C:\Windows\System\HgEXGDB.exe
  C:\Windows\System\HgEXGDB.exe
  2⤵
  PID:9148
- C:\Windows\System\uRtqHpa.exe
  C:\Windows\System\uRtqHpa.exe
  2⤵
  PID:9176
- C:\Windows\System\BAXbmdV.exe
  C:\Windows\System\BAXbmdV.exe
  2⤵
  PID:9192
- C:\Windows\System\JUFZfPo.exe
  C:\Windows\System\JUFZfPo.exe
  2⤵
  PID:9212
- C:\Windows\System\oaLTHFI.exe
  C:\Windows\System\oaLTHFI.exe
  2⤵
  PID:7988
- C:\Windows\System\dSSOuYC.exe
  C:\Windows\System\dSSOuYC.exe
  2⤵
  PID:1932
- C:\Windows\System\YnTsOSY.exe
  C:\Windows\System\YnTsOSY.exe
  2⤵
  PID:7304
- C:\Windows\System\ygOkVqP.exe
  C:\Windows\System\ygOkVqP.exe
  2⤵
  PID:8232
- C:\Windows\System\wTVomLv.exe
  C:\Windows\System\wTVomLv.exe
  2⤵
  PID:8252
- C:\Windows\System\pKaYXCs.exe
  C:\Windows\System\pKaYXCs.exe
  2⤵
  PID:8144
- C:\Windows\System\ocMOVyG.exe
  C:\Windows\System\ocMOVyG.exe
  2⤵
  PID:8348
- C:\Windows\System\JcIXAwy.exe
  C:\Windows\System\JcIXAwy.exe
  2⤵
  PID:8328
- C:\Windows\System\BSzjZpZ.exe
  C:\Windows\System\BSzjZpZ.exe
  2⤵
  PID:8372
- C:\Windows\System\EqDIybI.exe
  C:\Windows\System\EqDIybI.exe
  2⤵
  PID:8448
- C:\Windows\System\wrDTEeY.exe
  C:\Windows\System\wrDTEeY.exe
  2⤵
  PID:8464
- C:\Windows\System\EKvoofQ.exe
  C:\Windows\System\EKvoofQ.exe
  2⤵
  PID:8520
- C:\Windows\System\bGYVwKI.exe
  C:\Windows\System\bGYVwKI.exe
  2⤵
  PID:8552
- C:\Windows\System\Rilduam.exe
  C:\Windows\System\Rilduam.exe
  2⤵
  PID:8572
- C:\Windows\System\FeHkxCD.exe
  C:\Windows\System\FeHkxCD.exe
  2⤵
  PID:8568
- C:\Windows\System\VSEttHt.exe
  C:\Windows\System\VSEttHt.exe
  2⤵
  PID:8624
- C:\Windows\System\eFMxOxI.exe
  C:\Windows\System\eFMxOxI.exe
  2⤵
  PID:8652
- C:\Windows\System\iXEyYPz.exe
  C:\Windows\System\iXEyYPz.exe
  2⤵
  PID:8692
- C:\Windows\System\msTqWCv.exe
  C:\Windows\System\msTqWCv.exe
  2⤵
  PID:8728
- C:\Windows\System\wNsvoUk.exe
  C:\Windows\System\wNsvoUk.exe
  2⤵
  PID:8744
- C:\Windows\System\qoXesyq.exe
  C:\Windows\System\qoXesyq.exe
  2⤵
  PID:8792
- C:\Windows\System\HOEVAzj.exe
  C:\Windows\System\HOEVAzj.exe
  2⤵
  PID:8832
- C:\Windows\System\SwuPsle.exe
  C:\Windows\System\SwuPsle.exe
  2⤵
  PID:8880
- C:\Windows\System\abwzkku.exe
  C:\Windows\System\abwzkku.exe
  2⤵
  PID:8948
- C:\Windows\System\gNkWbFw.exe
  C:\Windows\System\gNkWbFw.exe
  2⤵
  PID:8860
- C:\Windows\System\ZahwgHf.exe
  C:\Windows\System\ZahwgHf.exe
  2⤵
  PID:8932
- C:\Windows\System\HyjQQgn.exe
  C:\Windows\System\HyjQQgn.exe
  2⤵
  PID:8928
- C:\Windows\System\POuKqSn.exe
  C:\Windows\System\POuKqSn.exe
  2⤵
  PID:9040
- C:\Windows\System\GnyJbUk.exe
  C:\Windows\System\GnyJbUk.exe
  2⤵
  PID:9020
- C:\Windows\System\NsnFKLY.exe
  C:\Windows\System\NsnFKLY.exe
  2⤵
  PID:9076
- C:\Windows\System\tiWekKm.exe
  C:\Windows\System\tiWekKm.exe
  2⤵
  PID:9128
- C:\Windows\System\MmWqhtA.exe
  C:\Windows\System\MmWqhtA.exe
  2⤵
  PID:9144
- C:\Windows\System\ImdLbhU.exe
  C:\Windows\System\ImdLbhU.exe
  2⤵
  PID:9204
- C:\Windows\System\iIOItcf.exe
  C:\Windows\System\iIOItcf.exe
  2⤵
  PID:8228
- C:\Windows\System\TBxxItG.exe
  C:\Windows\System\TBxxItG.exe
  2⤵
  PID:8356
- C:\Windows\System\AGEthYp.exe
  C:\Windows\System\AGEthYp.exe
  2⤵
  PID:8368
- C:\Windows\System\jXusYzw.exe
  C:\Windows\System\jXusYzw.exe
  2⤵
  PID:8212
- C:\Windows\System\VoRStVR.exe
  C:\Windows\System\VoRStVR.exe
  2⤵
  PID:8236
- C:\Windows\System\cvNUmYW.exe
  C:\Windows\System\cvNUmYW.exe
  2⤵
  PID:8432
- C:\Windows\System\LomkWTA.exe
  C:\Windows\System\LomkWTA.exe
  2⤵
  PID:8444
- C:\Windows\System\pqkWXyn.exe
  C:\Windows\System\pqkWXyn.exe
  2⤵
  PID:8604
- C:\Windows\System\WjGlqrr.exe
  C:\Windows\System\WjGlqrr.exe
  2⤵
  PID:8672
- C:\Windows\System\AuKFwoR.exe
  C:\Windows\System\AuKFwoR.exe
  2⤵
  PID:8756
- C:\Windows\System\ieislod.exe
  C:\Windows\System\ieislod.exe
  2⤵
  PID:8800
- C:\Windows\System\rQcMKOk.exe
  C:\Windows\System\rQcMKOk.exe
  2⤵
  PID:8548
- C:\Windows\System\QehmjEK.exe
  C:\Windows\System\QehmjEK.exe
  2⤵
  PID:8640
- C:\Windows\System\OWxktRk.exe
  C:\Windows\System\OWxktRk.exe
  2⤵
  PID:8840
- C:\Windows\System\dpPRRAr.exe
  C:\Windows\System\dpPRRAr.exe
  2⤵
  PID:8952
- C:\Windows\System\IflLtgN.exe
  C:\Windows\System\IflLtgN.exe
  2⤵
  PID:9012
- C:\Windows\System\wONJydV.exe
  C:\Windows\System\wONJydV.exe
  2⤵
  PID:9016
- C:\Windows\System\prsaJGW.exe
  C:\Windows\System\prsaJGW.exe
  2⤵
  PID:9140
- C:\Windows\System\QiMfCif.exe
  C:\Windows\System\QiMfCif.exe
  2⤵
  PID:9200
- C:\Windows\System\mCzFnwg.exe
  C:\Windows\System\mCzFnwg.exe
  2⤵
  PID:9208
- C:\Windows\System\ybFrqwA.exe
  C:\Windows\System\ybFrqwA.exe
  2⤵
  PID:9184
- C:\Windows\System\WSnZpim.exe
  C:\Windows\System\WSnZpim.exe
  2⤵
  PID:7372
- C:\Windows\System\LZLFbuR.exe
  C:\Windows\System\LZLFbuR.exe
  2⤵
  PID:8412
- C:\Windows\System\tXinzBT.exe
  C:\Windows\System\tXinzBT.exe
  2⤵
  PID:8480
- C:\Windows\System\KfeNPoY.exe
  C:\Windows\System\KfeNPoY.exe
  2⤵
  PID:8600
- C:\Windows\System\ZpKkbni.exe
  C:\Windows\System\ZpKkbni.exe
  2⤵
  PID:9168
- C:\Windows\System\fYyMTWa.exe
  C:\Windows\System\fYyMTWa.exe
  2⤵
  PID:8688
- C:\Windows\System\XhdeApH.exe
  C:\Windows\System\XhdeApH.exe
  2⤵
  PID:8852
- C:\Windows\System\OTAMOtg.exe
  C:\Windows\System\OTAMOtg.exe
  2⤵
  PID:8700
- C:\Windows\System\WUgrgzC.exe
  C:\Windows\System\WUgrgzC.exe
  2⤵
  PID:8896
- C:\Windows\System\NXxnsNR.exe
  C:\Windows\System\NXxnsNR.exe
  2⤵
  PID:8984
- C:\Windows\System\KTcraXo.exe
  C:\Windows\System\KTcraXo.exe
  2⤵
  PID:9116
- C:\Windows\System\rzTOImI.exe
  C:\Windows\System\rzTOImI.exe
  2⤵
  PID:8396
- C:\Windows\System\hzDuMeu.exe
  C:\Windows\System\hzDuMeu.exe
  2⤵
  PID:8776
- C:\Windows\System\vcihnDB.exe
  C:\Windows\System\vcihnDB.exe
  2⤵
  PID:9056
- C:\Windows\System\cIqratx.exe
  C:\Windows\System\cIqratx.exe
  2⤵
  PID:8964
- C:\Windows\System\juXHGEi.exe
  C:\Windows\System\juXHGEi.exe
  2⤵
  PID:9096
- C:\Windows\System\PMqkkMk.exe
  C:\Windows\System\PMqkkMk.exe
  2⤵
  PID:9160
- C:\Windows\System\ohsTKMW.exe
  C:\Windows\System\ohsTKMW.exe
  2⤵
  PID:8272
- C:\Windows\System\IQrqqhn.exe
  C:\Windows\System\IQrqqhn.exe
  2⤵
  PID:9100
- C:\Windows\System\gQhisnt.exe
  C:\Windows\System\gQhisnt.exe
  2⤵
  PID:9032
- C:\Windows\System\dcsZYaq.exe
  C:\Windows\System\dcsZYaq.exe
  2⤵
  PID:9120
- C:\Windows\System\EUVYqbz.exe
  C:\Windows\System\EUVYqbz.exe
  2⤵
  PID:8760
- C:\Windows\System\avHAvBv.exe
  C:\Windows\System\avHAvBv.exe
  2⤵
  PID:8780
- C:\Windows\System\zsqhKZg.exe
  C:\Windows\System\zsqhKZg.exe
  2⤵
  PID:8492
- C:\Windows\System\FhCGRPC.exe
  C:\Windows\System\FhCGRPC.exe
  2⤵
  PID:8720
- C:\Windows\System\pWEgxUk.exe
  C:\Windows\System\pWEgxUk.exe
  2⤵
  PID:8392
- C:\Windows\System\lAomeCJ.exe
  C:\Windows\System\lAomeCJ.exe
  2⤵
  PID:9084
- C:\Windows\System\oIdJxJE.exe
  C:\Windows\System\oIdJxJE.exe
  2⤵
  PID:9232
- C:\Windows\System\gEBjgxx.exe
  C:\Windows\System\gEBjgxx.exe
  2⤵
  PID:9264
- C:\Windows\System\SOiQRuO.exe
  C:\Windows\System\SOiQRuO.exe
  2⤵
  PID:9280
- C:\Windows\System\KWcmiNJ.exe
  C:\Windows\System\KWcmiNJ.exe
  2⤵
  PID:9300
- C:\Windows\System\epxOqwt.exe
  C:\Windows\System\epxOqwt.exe
  2⤵
  PID:9320
- C:\Windows\System\AKSqTFV.exe
  C:\Windows\System\AKSqTFV.exe
  2⤵
  PID:9336
- C:\Windows\System\iiEBVPB.exe
  C:\Windows\System\iiEBVPB.exe
  2⤵
  PID:9364
- C:\Windows\System\SWYridk.exe
  C:\Windows\System\SWYridk.exe
  2⤵
  PID:9380
- C:\Windows\System\cXmwrSy.exe
  C:\Windows\System\cXmwrSy.exe
  2⤵
  PID:9396
- C:\Windows\System\pFoIbvc.exe
  C:\Windows\System\pFoIbvc.exe
  2⤵
  PID:9416
- C:\Windows\System\FeSMFMT.exe
  C:\Windows\System\FeSMFMT.exe
  2⤵
  PID:9440
- C:\Windows\System\KCGhuCL.exe
  C:\Windows\System\KCGhuCL.exe
  2⤵
  PID:9460
- C:\Windows\System\CPMCEIw.exe
  C:\Windows\System\CPMCEIw.exe
  2⤵
  PID:9476
- C:\Windows\System\uxOAbZq.exe
  C:\Windows\System\uxOAbZq.exe
  2⤵
  PID:9492
- C:\Windows\System\xxvgsSc.exe
  C:\Windows\System\xxvgsSc.exe
  2⤵
  PID:9520
- C:\Windows\System\EFBvlfc.exe
  C:\Windows\System\EFBvlfc.exe
  2⤵
  PID:9540
- C:\Windows\System\ejObbNB.exe
  C:\Windows\System\ejObbNB.exe
  2⤵
  PID:9560
- C:\Windows\System\RyjKdqX.exe
  C:\Windows\System\RyjKdqX.exe
  2⤵
  PID:9580
- C:\Windows\System\RdRwoOJ.exe
  C:\Windows\System\RdRwoOJ.exe
  2⤵
  PID:9600
- C:\Windows\System\gZUmqHY.exe
  C:\Windows\System\gZUmqHY.exe
  2⤵
  PID:9620
- C:\Windows\System\PnaPgLA.exe
  C:\Windows\System\PnaPgLA.exe
  2⤵
  PID:9640
- C:\Windows\System\xwNWjcr.exe
  C:\Windows\System\xwNWjcr.exe
  2⤵
  PID:9656
- C:\Windows\System\VDJZAHN.exe
  C:\Windows\System\VDJZAHN.exe
  2⤵
  PID:9676
- C:\Windows\System\YodAqnv.exe
  C:\Windows\System\YodAqnv.exe
  2⤵
  PID:9692
- C:\Windows\System\StYOljG.exe
  C:\Windows\System\StYOljG.exe
  2⤵
  PID:9720
- C:\Windows\System\wdDlAog.exe
  C:\Windows\System\wdDlAog.exe
  2⤵
  PID:9740
- C:\Windows\System\QGKJvys.exe
  C:\Windows\System\QGKJvys.exe
  2⤵
  PID:9764
- C:\Windows\System\JcvkCxI.exe
  C:\Windows\System\JcvkCxI.exe
  2⤵
  PID:9780
- C:\Windows\System\mQryIqW.exe
  C:\Windows\System\mQryIqW.exe
  2⤵
  PID:9796
- C:\Windows\System\eRuZGTN.exe
  C:\Windows\System\eRuZGTN.exe
  2⤵
  PID:9812
- C:\Windows\System\ZCRwrmR.exe
  C:\Windows\System\ZCRwrmR.exe
  2⤵
  PID:9836
- C:\Windows\System\aTvEpEt.exe
  C:\Windows\System\aTvEpEt.exe
  2⤵
  PID:9856
- C:\Windows\System\jxFPGSN.exe
  C:\Windows\System\jxFPGSN.exe
  2⤵
  PID:9872
- C:\Windows\System\QfreWzT.exe
  C:\Windows\System\QfreWzT.exe
  2⤵
  PID:9888
- C:\Windows\System\CzSexNb.exe
  C:\Windows\System\CzSexNb.exe
  2⤵
  PID:9916
- C:\Windows\System\GdyYXaq.exe
  C:\Windows\System\GdyYXaq.exe
  2⤵
  PID:9932
- C:\Windows\System\IgOBspr.exe
  C:\Windows\System\IgOBspr.exe
  2⤵
  PID:9952
- C:\Windows\System\OSGskFY.exe
  C:\Windows\System\OSGskFY.exe
  2⤵
  PID:9968
- C:\Windows\System\WiPbUBd.exe
  C:\Windows\System\WiPbUBd.exe
  2⤵
  PID:9992
- C:\Windows\System\aUbvziA.exe
  C:\Windows\System\aUbvziA.exe
  2⤵
  PID:10012
- C:\Windows\System\FUYcIbZ.exe
  C:\Windows\System\FUYcIbZ.exe
  2⤵
  PID:10028
- C:\Windows\System\ebTxiSs.exe
  C:\Windows\System\ebTxiSs.exe
  2⤵
  PID:10044
- C:\Windows\System\vydulid.exe
  C:\Windows\System\vydulid.exe
  2⤵
  PID:10060
- C:\Windows\System\ejFjjuz.exe
  C:\Windows\System\ejFjjuz.exe
  2⤵
  PID:10076
- C:\Windows\System\JvmceMO.exe
  C:\Windows\System\JvmceMO.exe
  2⤵
  PID:10096
- C:\Windows\System\KTJkFub.exe
  C:\Windows\System\KTJkFub.exe
  2⤵
  PID:10124
- C:\Windows\System\fUkAJvz.exe
  C:\Windows\System\fUkAJvz.exe
  2⤵
  PID:10148
- C:\Windows\System\XfTAMfr.exe
  C:\Windows\System\XfTAMfr.exe
  2⤵
  PID:10164
- C:\Windows\System\pkVZlWp.exe
  C:\Windows\System\pkVZlWp.exe
  2⤵
  PID:10184
- C:\Windows\System\YBqimAp.exe
  C:\Windows\System\YBqimAp.exe
  2⤵
  PID:10200
- C:\Windows\System\QjszDNv.exe
  C:\Windows\System\QjszDNv.exe
  2⤵
  PID:10220
- C:\Windows\System\LSmcaaM.exe
  C:\Windows\System\LSmcaaM.exe
  2⤵
  PID:10236
- C:\Windows\System\EPXVRSG.exe
  C:\Windows\System\EPXVRSG.exe
  2⤵
  PID:9240
- C:\Windows\System\bnMqdYl.exe
  C:\Windows\System\bnMqdYl.exe
  2⤵
  PID:9260
- C:\Windows\System\KHntcYr.exe
  C:\Windows\System\KHntcYr.exe
  2⤵
  PID:9288
- C:\Windows\System\OCpyOIk.exe
  C:\Windows\System\OCpyOIk.exe
  2⤵
  PID:9316
- C:\Windows\System\ESMQYIy.exe
  C:\Windows\System\ESMQYIy.exe
  2⤵
  PID:9352
- C:\Windows\System\xKoelKq.exe
  C:\Windows\System\xKoelKq.exe
  2⤵
  PID:9388
- C:\Windows\System\sWECPTV.exe
  C:\Windows\System\sWECPTV.exe
  2⤵
  PID:9500
- C:\Windows\System\beuNrjs.exe
  C:\Windows\System\beuNrjs.exe
  2⤵
  PID:9536
- C:\Windows\System\vqiEKVr.exe
  C:\Windows\System\vqiEKVr.exe
  2⤵
  PID:9572
- C:\Windows\System\pzvdfmN.exe
  C:\Windows\System\pzvdfmN.exe
  2⤵
  PID:9592
- C:\Windows\System\GADZsAk.exe
  C:\Windows\System\GADZsAk.exe
  2⤵
  PID:9648
- C:\Windows\System\taqoEVI.exe
  C:\Windows\System\taqoEVI.exe
  2⤵
  PID:9668
- C:\Windows\System\SpEYpmg.exe
  C:\Windows\System\SpEYpmg.exe
  2⤵
  PID:9708
- C:\Windows\System\UZSGeAc.exe
  C:\Windows\System\UZSGeAc.exe
  2⤵
  PID:9728
- C:\Windows\System\QyxONSf.exe
  C:\Windows\System\QyxONSf.exe
  2⤵
  PID:9752
- C:\Windows\System\sKIvMNm.exe
  C:\Windows\System\sKIvMNm.exe
  2⤵
  PID:9820
- C:\Windows\System\TEKNscM.exe
  C:\Windows\System\TEKNscM.exe
  2⤵
  PID:9804
- C:\Windows\System\RLvVgvf.exe
  C:\Windows\System\RLvVgvf.exe
  2⤵
  PID:9808
- C:\Windows\System\gCkQuam.exe
  C:\Windows\System\gCkQuam.exe
  2⤵
  PID:9868
- C:\Windows\System\rfKJXHf.exe
  C:\Windows\System\rfKJXHf.exe
  2⤵
  PID:9908
- C:\Windows\System\bcQZNbN.exe
  C:\Windows\System\bcQZNbN.exe
  2⤵
  PID:9948
- C:\Windows\System\aylvzmz.exe
  C:\Windows\System\aylvzmz.exe
  2⤵
  PID:10024
- C:\Windows\System\jajHSHp.exe
  C:\Windows\System\jajHSHp.exe
  2⤵
  PID:10092
- C:\Windows\System\TkhoErT.exe
  C:\Windows\System\TkhoErT.exe
  2⤵
  PID:10040
- C:\Windows\System\aHfZFhh.exe
  C:\Windows\System\aHfZFhh.exe
  2⤵
  PID:10180
- C:\Windows\System\rEZgJZE.exe
  C:\Windows\System\rEZgJZE.exe
  2⤵
  PID:10008
- C:\Windows\System\UKwAMyQ.exe
  C:\Windows\System\UKwAMyQ.exe
  2⤵
  PID:10192
- C:\Windows\System\IrDwama.exe
  C:\Windows\System\IrDwama.exe
  2⤵
  PID:10112
- C:\Windows\System\GGigboe.exe
  C:\Windows\System\GGigboe.exe
  2⤵
  PID:9344
- C:\Windows\System\VUrGNXQ.exe
  C:\Windows\System\VUrGNXQ.exe
  2⤵
  PID:10120
- C:\Windows\System\mNzcJFf.exe
  C:\Windows\System\mNzcJFf.exe
  2⤵
  PID:8956
- C:\Windows\System\QAaaQeB.exe
  C:\Windows\System\QAaaQeB.exe
  2⤵
  PID:10232
- C:\Windows\System\WjCmTox.exe
  C:\Windows\System\WjCmTox.exe
  2⤵
  PID:9472
- C:\Windows\System\vxGNnbA.exe
  C:\Windows\System\vxGNnbA.exe
  2⤵
  PID:9484
- C:\Windows\System\eEcJvOr.exe
  C:\Windows\System\eEcJvOr.exe
  2⤵
  PID:9512
- C:\Windows\System\SecCTuV.exe
  C:\Windows\System\SecCTuV.exe
  2⤵
  PID:9556
- C:\Windows\System\WrHTiNR.exe
  C:\Windows\System\WrHTiNR.exe
  2⤵
  PID:9612
- C:\Windows\System\XXjnZkQ.exe
  C:\Windows\System\XXjnZkQ.exe
  2⤵
  PID:9664
- C:\Windows\System\CaIPiWh.exe
  C:\Windows\System\CaIPiWh.exe
  2⤵
  PID:9736
- C:\Windows\System\ZSxuGvm.exe
  C:\Windows\System\ZSxuGvm.exe
  2⤵
  PID:9832
- C:\Windows\System\PktgWLn.exe
  C:\Windows\System\PktgWLn.exe
  2⤵
  PID:9904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DhMMuza.exe

Filesize
6.0MB

MD5
e854437376b2d30f3d29e8eec76e958e

SHA1
9181da1503168acf65ab94c191c9f3582b3722c9

SHA256
64e92fb25d609c706bf85270992734f37ccade03fa83dd244e57154f68413935

SHA512
9f66a0e58caa0dce16b2dd621f5e2c7c07f83c505ec9f7343f46186d5e250da3fc354f1cd77d236d56faafe2f40194f51761872bf104263caa469a40746a87bc

Download Submit
C:\Windows\system\EMHVgWK.exe

Filesize
6.0MB

MD5
d91f2f85b407ecb418c85c2365699387

SHA1
7da5b17a2c8c8c850ed4f4c690fcba6bd343ce22

SHA256
ffa75b6eb6ad63347b8f2aba7d1b77d7322850c799bee0fa6a10dc710de3584e

SHA512
9c5856969db702fe2b6126c9ac3b9ef5b34c33af81e6f42fb7e47eca9d052828a290ba06da00b5b51d40a83d293742b15fd4686441d53f6b133c5fabb88b9256

Download Submit
C:\Windows\system\KFVZcjJ.exe

Filesize
6.0MB

MD5
90118e1e40d05e41f2a5ccb91e5336d0

SHA1
cb44fe6e9e5adb6c92b7bcfe6f803f9c0073eba9

SHA256
6000ce60c3675ee895b6da36dcd057a266381a6defe2a466b7693405ee866030

SHA512
eff770b8d9c23fe9c6fafe87f99bd42df97c08f70338c58483660fc300e665589ae3f64cb07afa2a6137bae368cd7b8250ee0fc56b146e8fbac052c6ae9d3459

Download Submit
C:\Windows\system\MaVoaAS.exe

Filesize
6.0MB

MD5
dbd00784f00318cee4549f506931c404

SHA1
21612327a7045bce3a78361bcc91f27eaab72658

SHA256
51125d7637cab2ccce3f2c52508234de9e8542bf965bb6bdbc14ae883e423e03

SHA512
35ebd9bbcc34fa6ceb32d839d773ea8e3d10510612bb72f7c59da492bf4cc7bbed13625eb5ae40b49ddf50166fce54930729ea0071d8f5f6bbd3f8acac9e88c9

Download Submit
C:\Windows\system\NoCfiiV.exe

Filesize
6.0MB

MD5
a220acaf9f3c0dd75dea0699b6fc9f8c

SHA1
1683009213232cfdfcf7397cee149120d1a37c4a

SHA256
bb1e84e11ca365dc7341fc94b36457de1ee423eed6db8a24db05dbaca97b1c55

SHA512
ef4df764024b83c721760b003f167c28adcde992c781e9fa5ecbf0e8f076c9b6ab2a8e21683a32fdae69c2e1923813ad82e279bb64836c01cfebc78292d5f591

Download Submit
C:\Windows\system\OHhMKFs.exe

Filesize
6.0MB

MD5
2e15d8f822a79e608a4dbb47b0fc2ec7

SHA1
4b18ea35ac517156fd088b9ffdfe8810e9b9728c

SHA256
b76375938d502f4c4d4c36e4b596d89fbea599df8d31373b79452c65947a3485

SHA512
3c2f98b4f7de6d1775b2eacbf98ac65f2173c98f2c33a2d45b951dd5dee39b6caf3b981b95b7e7240a10aa7a47eb84b659d44efadbeaf27f184ef9936538b41d

Download Submit
C:\Windows\system\OJESWjK.exe

Filesize
6.0MB

MD5
8ce44962eece475c1f8d6a6067dafce4

SHA1
8a90ee1cfc1c68996c2c8de417ce1e5df7274251

SHA256
370230158f28997321aa67c80ebec3ccdf57df6cf9e029b699a3c60c3930e627

SHA512
1d161795e1af4894eca6f5bc1f18ceb4f6cc032764d35e9772dbded788d3d43eeb9dd88b34d942fcd1c6669775e5c186cf4cbbc54d83c3d67071e44916333c94

Download Submit
C:\Windows\system\RRPEHPu.exe

Filesize
6.0MB

MD5
fd765fff9fd149d74c1d1db7a42e5cbc

SHA1
c531829696467b547c473c9cd25c08a6aba9966c

SHA256
c4d0100ac9e33ff3142dae56ae196af435d837fda134812ca109e940a9d19c0a

SHA512
f180dfbb5aa3426c94e843957951b5b33f99a0c5e25eb160ebc31ddae21039eea2beca3b27cdf8bf7bf12d5bb746b4c335e897a05ffbd066a828317d5e09d05c

Download Submit
C:\Windows\system\TuqOKWu.exe

Filesize
6.0MB

MD5
ab516cae6455ddd0b8323a0730b4d2ab

SHA1
2b277b646df808ea267bd28e093a6a10e7f7927c

SHA256
72a34f60e2f60a758acb84884aeefb39182b3fabefa15ccf7e33d4a882ddebe3

SHA512
e19616c81fd2411594cbadbf9f3af4f01aa8322eaa6bc019fb82efd0decd58ba65a49128aff5bc2da830d739a8be2ab152b4d58b96476679c61ad9e44ebb19cd

Download Submit
C:\Windows\system\UTFIYUG.exe

Filesize
6.0MB

MD5
5081a5a09103505c5a7f6b73f31de93d

SHA1
ab3ddb658eed58041cef1bf30abf73da983b7723

SHA256
2515a257fdcb07f4b18a4cf454c6b87fe96acdf718d1d50dfa8ed12f7a289aa5

SHA512
2535d7e76ef71c85aeff7f73f2137b1b1d525b5b08b30ecdf9b5f7051af3a53e43b435dcc368c7164cff947d37bc863231288fa43bafaabd08eb437cbf0bc1d0

Download Submit
C:\Windows\system\VowtSXm.exe

Filesize
6.0MB

MD5
c4974e4e80a6831fa6f0ca300747cb6c

SHA1
08d5b691bef8c8a33d979ae194e387f149fa7cfb

SHA256
4fa176d40271c58639b1eabcf2420038e7f9e467e27d42e9a8a489a1cc66b030

SHA512
21130684cf68bbe78a4a7435319e1cd201d02ddf3d1fef7939f1bc3e179267c24081425943edb1902a54651df35ce33d698a4276a71843a50d5de82499b345cf

Download Submit
C:\Windows\system\WjMIrAG.exe

Filesize
6.0MB

MD5
5f19fbe6b216325a0a7addbd3abbb0bb

SHA1
11268e0732bc088fd98a01a7175105480eae9314

SHA256
9bc2aae44e9cec18d716cd067bc842caae0f4af009a2e3e3ecf29d218ce35d11

SHA512
b71d9bf80d27d0e023b48f6cbfebebdc0835e5c47df9cb3d00f2954ce92cc60ab8a9ebe3418ec9546a3913d1a660c8eca4b152cf459f8d31e1236647c4b84800

Download Submit
C:\Windows\system\XsYOMPK.exe

Filesize
6.0MB

MD5
03dad1b2081f6e982f5dc3df8325c040

SHA1
2d0f2313a90693cf1463454d8ea355ae20cf9bb5

SHA256
678eb936ceeab80f3e371290524db2b0bf2d4b116c80a973296f57284860a20e

SHA512
74b6cccaa29cde2e05de0042123dbd5aec23e698bf5858e91b16a5d4e635c1e3d24c2ab4b39e1aff15bdd791b5b9ae233a9c4831c999a8642d3c460568ce344c

Download Submit
C:\Windows\system\YSYcThz.exe

Filesize
6.0MB

MD5
d99f817c686997d7e19ff981ea12ad27

SHA1
e0e702be49493629b8b0cf6b56ba6abe83046845

SHA256
96b06a5e05152948bc97682f41c2c94413ec213e5308419d5d8a0713bc132775

SHA512
248edd1cbbb23966fc7e50281241066c35a66d479068a6fd11b281807263491eb2d5d554e95068c8591c5664ab1222efa0a3e4b6dad7145e15840af76ff4497a

Download Submit
C:\Windows\system\YnCkbIH.exe

Filesize
6.0MB

MD5
9117e9dbf0b978e297a68f892e50f5f9

SHA1
84baf40d63b83f634a4f1f1a2f23f391c34cca3c

SHA256
ea89b577f2feed027da45c201f0047399e495349f364567d895643bef9ea50be

SHA512
ff2be824d849d5dbc4532b6cb24fbf30012505e4ead9a93015b1c91626d0dd146eb89bc99dbd391b4173da9c401dd4fbe64328d8444bc38123e2aa983e50ce3d

Download Submit
C:\Windows\system\ZKMdMWk.exe

Filesize
6.0MB

MD5
a07cfc1635aaa4e32477000e3ca5fa83

SHA1
1e727be86e82c2d00e2928c2e10f89c8b8f55d9e

SHA256
b315b89a3659dbb1035c9e296d6e77897630ba0ce1487caab36a91a0e5a79b4c

SHA512
be8f52a64a976ad44db094fbf68322e4c611f98b620a1696558f91ece413ff5187fd1e38f7d9909210deba49e2d6e127559c5c5eab09b7e9a668ccba4a59f9dc

Download Submit
C:\Windows\system\ZzPuXeH.exe

Filesize
6.0MB

MD5
a92464199b7100250ff7e7908ad77996

SHA1
f469fbadfbdc144892391ce281c81d83218de135

SHA256
864c958a37e5408c29c79e94e86c64aed9a8e72d76386d5a039ebf56357b84dd

SHA512
49b17bc54c7b01bff76f37e3cca4584d02442de54be41c9f688c70f569e7714409be2e11860a0e6fb0603f9073c99399fcd781b8a464bbe2ddf3be59b2874cad

Download Submit
C:\Windows\system\aQJjQqc.exe

Filesize
6.0MB

MD5
034d113a31a891fc04cd4b793ee44d09

SHA1
93e5a4a13ecbd64daf33078e61a543fb53791133

SHA256
8d881c7c5f39c63e83bea65d6732c6cbda28cd4249b6f95b2ca579034ea7dded

SHA512
ccfcca2e5d88c9facfe5f85384f0a80d145738bc09a51519a72111f718bdebba36e40f087edf6d48c3ea47b7e7737929cfb446c1643386c8cd63e7b7707ca867

Download Submit
C:\Windows\system\aRDmFJp.exe

Filesize
6.0MB

MD5
c0f08d5f3eef9538efb3ed06f0d87550

SHA1
2e911ef344c338734956b359c82ea37a58fec792

SHA256
35d8c1ca4fd00f548568a15cfbe24c9807c1ec6406f163a8d69880abc56733c7

SHA512
5af00cd777c6b026171c765b56eb01f38a3db0535c00a83ffe2102b5ced7107703e15c529a3af195d0be85d7c63829566ac6cdf0a8fe3bc8ced700e7c70843b4

Download Submit
C:\Windows\system\dxoAyGe.exe

Filesize
6.0MB

MD5
d253e85c007b3679df072c4c5437007b

SHA1
b67c33a3136ed4f48b43823f6eb4525342b0a311

SHA256
ee7c917d526e7ee55f665feecb608735c3c95aba7e97151bbd84fae228d817e7

SHA512
817ce91e7efbcf004ab016790dd8d553f95f99803b9bc753ec79f424c4c3f131ab90c5529d15c0eb7c4c35df021c71aec73ffc4fc60075c5b77523dd5e346445

Download Submit
C:\Windows\system\hsBQDJI.exe

Filesize
6.0MB

MD5
9aa6cddb428d1f0e282cd40ebba1d07c

SHA1
e4680b741a58f60f4a3c410b944a047a4b4ebd65

SHA256
261fc0f4c95b7f47e0689051687f14f68d9ae5c0b3521f80fb53a114483fc417

SHA512
1723171e586f3eb33ad535c692ea6d067f3b14df98e30b84b21184ff06962d7aa032113dc9d31d389182482633779b464f79ea3b8ffb826e5f6360ff549fd8a1

Download Submit
C:\Windows\system\lCpsJMd.exe

Filesize
6.0MB

MD5
907669f0490aa7672b1ac84c972eeddb

SHA1
e2bb5c8635b7acbc31753895b2a7acaacf209774

SHA256
75a3a984d8599ee54e4f52c3fabe9848c6f449620b089ef17486bb30eccb1c25

SHA512
05a70c8f07ac0eab29a074e7424f09ded5e73d4752ec0342d1e296b56dac8b79de5e9f5860d5de8907d10f9fbf3a68263adbd91de31518a9a1bacf502f504d45

Download Submit
C:\Windows\system\pCAYmNR.exe

Filesize
6.0MB

MD5
6a2bea0a5ab37c2fd3d173e0c0686b7d

SHA1
cd58b15b281cf915b9b1866b1924b519727ed44c

SHA256
67ede95c0eeb6b6a84561f9c5f383ffff07ee82717136da5f1ee8444badfc96e

SHA512
270d5d77053a0d98ea696d7ec74bd306ce3323925800054bda631826c9cafcc2ec30184f12a0f6c8d8023b11401a1873fbbd76289a3dd8ac19f8879f84046894

Download Submit
C:\Windows\system\rnQqniX.exe

Filesize
6.0MB

MD5
0da8ada11b5a7c0ae5ddbed8d1595123

SHA1
b0ed614da8c393e4b73b8ac27199997a9725d07e

SHA256
61283ca43a51450a218d5be7cf207b20cb94cb15caad581f30c1c76bc619d934

SHA512
ad4e34519427fd5ee79fca717932c6c8c9d67abf9c0d17b09012dd28f47db9a6b97f63a222fbb9e52a089b9e50612831da21baf16fed7590d223ac7ed9a45f76

Download Submit
C:\Windows\system\ulpIlfX.exe

Filesize
6.0MB

MD5
c073c08ff00ff88acf37799f08949a8a

SHA1
7072c5c9ca8fa7db3d641a23c207a01a5c452fc2

SHA256
b0effcfab82d5ce8e21e9137305903de251a23906165d3c36032cc9a847364bb

SHA512
c3a3996ac1090653f59605151481bbf24ac4cd6873600525e4f83678f08cf9430074d137b348d732f710e8cc08c24acc7f83a6d56c4b8e1767002176986c1a28

Download Submit
\Windows\system\FVGVDYC.exe

Filesize
6.0MB

MD5
970942fe13a9fe173ae4a039b64d674a

SHA1
959e426b4529f541badb9c2b5e77f6cfbb1c760a

SHA256
34c25579c6567c122c2897b7f1ac769dcf8376750ddb41dfe8c25794c0a920a4

SHA512
702f79f1413ac21bf40c194581ed5ad701bdebec5427f78d852492ed93219c44c8adb7726d4b1c7ac55792d93cae34e29b4f4b0f01999db553ffc3485379c03d

Download Submit
\Windows\system\FWNYeiG.exe

Filesize
6.0MB

MD5
ed6ea374d1839a21fd5fbe70c7ac0147

SHA1
6f2aaa6ec5f54935fe2d326a5b4e13f5e2365a56

SHA256
7c91fda3254c7b520f4f6d3f4c11279457738c59b9de0ae9b9d79e55803f3ea9

SHA512
219bce0047a077e4ad16681b36e1161d7c9fffdba59a233a2abfcf4be6fba902bfc4807aad88b7e76c7649bd6de25ef81ac46a43b26ee4459e8e6d99ff8ae87d

Download Submit
\Windows\system\lZdGsFq.exe

Filesize
6.0MB

MD5
589c81be1e7c381f97183834777f6d18

SHA1
77c7bdccb6b9a3bc66fec1a1a485098f617c5201

SHA256
f09ca301d69cca1b8ac8c777319eb9354ae8955e315997693224f21b919d5db3

SHA512
5c4cd741a56882f8050c39ebaad5f487fa737eedd8f86935f79364da81bfb68b32abf71f1893bd1a9de63b2baa2a08955e7a2d25778ce20d5e25a854c230bd80

Download Submit
\Windows\system\lZrRGpV.exe

Filesize
6.0MB

MD5
8dcd1fa645420dc84e73b4642bf7d573

SHA1
e1c130e0f23d4798cc2524e76b2aee36c803d498

SHA256
808a01eb9087db64137769c1b8e919f2ccb806559edcdaa9a570babfe8b0508c

SHA512
bc104e1c91e607921ff2cda4c6e751f418a511fc7815752c9cfe9e8e2594aae30995450dde9e21c92b003c3d0784f50b0e863cf87c6669e669d7667eea2ed3e5

Download Submit
\Windows\system\oodpRYp.exe

Filesize
6.0MB

MD5
d3e0bead2105ce7d17124a389a2279b8

SHA1
979ccd7e874e901aa161b9826fa967d78d4913ad

SHA256
9be1aeb47b2cc0cc7348812c652d68ce58c410b2ef3d52a3819f51031f6537e2

SHA512
1526dc2409eb0c0cd507c5514e9fffe423897072bfbf433c85f7a05e0e7a56d9ae9a8c8b0e57cdaf1950a8c371fc250b4522bd8817329a4fd5f0a3429f1185a4

Download Submit
\Windows\system\uCxmBEX.exe

Filesize
6.0MB

MD5
d047adf7eb1cc9aef73d975a48addfec

SHA1
1c286588a17af67a79f4aa1e9a727ebf961990d0

SHA256
780e0cea12f529e5ddd90a53457a37d9b06adf187f50a6b78f429c838d896598

SHA512
913d64a2d9a80a7dcb5a136574f0246ed43380e033baca9b7bc33d50fe0431ee71b5517a0cec68c462c9cae54dfee21bbe17ca99f80b15611e00a1925366c13c

Download Submit
\Windows\system\zheoaJA.exe

Filesize
6.0MB

MD5
5fe67a56ac471a447fbacd80109fe0be

SHA1
f8e0226da9e179cab1cbf050bcf77b307d61bb2a

SHA256
226771e6d04f3956bab5429a278669b082c005579b338035e018d713beb04f71

SHA512
297b268f7c8337bb0d35dfe397a283d21ddbce5706a34f2d22add028f2322320cd95f5587b826ad2a5674e0b646a741ec652f17eeaefc51a95f3075f75dfdcdc

Download Submit
memory/2028-766-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-75-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2028-109-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-647-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-92-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2028-0-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2028-908-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-102-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2028-7-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-80-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-49-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1163-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-65-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1040-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1035-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-120-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2028-588-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-118-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-58-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-27-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-36-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2056-4013-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2092-14-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2556-15-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-115-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4019-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2664-32-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4011-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-69-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4015-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4018-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-77-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4012-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-33-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4017-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-76-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2780-646-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4014-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2780-39-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2784-765-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4016-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-53-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1162-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-117-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4020-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download