cobaltstrike | f9e1ea311ecd270c40901105485b60ea967c47bfb5ef6e94e60e531229604885

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38a94f4190201ca38723abb595f5e444
SHA1

80ca32644dfd5050249166424164351524c9504e
SHA256

f9e1ea311ecd270c40901105485b60ea967c47bfb5ef6e94e60e531229604885
SHA512

d632f7f526012506e7200a7edecb516a1c8793e9f94f8463c49dbebfb616c1f4b794d3d37ca14f48f961017b673b556bb7722ce0f53611d84acad33bb8084e3d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-44.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-72.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015d5c-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162b8-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2896-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/memory/2804-9-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d75-10.dat	xmrig
behavioral1/files/0x0008000000015d7f-12.dat	xmrig
behavioral1/memory/2284-20-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e25-24.dat	xmrig
behavioral1/memory/2632-30-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2728-26-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e47-34.dat	xmrig
behavioral1/memory/2212-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f1b-37.dat	xmrig
behavioral1/files/0x0007000000015f2a-44.dat	xmrig
behavioral1/files/0x00080000000160ae-45.dat	xmrig
behavioral1/files/0x0005000000019234-63.dat	xmrig
behavioral1/files/0x0005000000019241-67.dat	xmrig
behavioral1/files/0x000500000001925c-72.dat	xmrig
behavioral1/files/0x0034000000015d5c-75.dat	xmrig
behavioral1/files/0x0005000000019273-89.dat	xmrig
behavioral1/files/0x00050000000193a2-119.dat	xmrig
behavioral1/files/0x00050000000193af-124.dat	xmrig
behavioral1/files/0x00050000000193fa-143.dat	xmrig
behavioral1/files/0x00050000000193f8-135.dat	xmrig
behavioral1/memory/2896-139-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-171.dat	xmrig
behavioral1/files/0x00050000000194d4-183.dat	xmrig
behavioral1/memory/2896-300-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2804-388-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2728-389-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-186.dat	xmrig
behavioral1/files/0x00050000000194b4-175.dat	xmrig
behavioral1/memory/2128-159-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2896-158-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2324-157-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2060-155-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2896-154-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1864-153-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/548-151-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2896-150-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1492-149-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/1084-147-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-145.dat	xmrig
behavioral1/files/0x0005000000019494-166.dat	xmrig
behavioral1/memory/784-138-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1764-163-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-129.dat	xmrig
behavioral1/files/0x0005000000019384-114.dat	xmrig
behavioral1/files/0x0005000000019346-109.dat	xmrig
behavioral1/files/0x000500000001933e-104.dat	xmrig
behavioral1/files/0x000500000001932a-99.dat	xmrig
behavioral1/files/0x00050000000192f0-94.dat	xmrig
behavioral1/files/0x0005000000019228-59.dat	xmrig
behavioral1/files/0x000500000001920f-55.dat	xmrig
behavioral1/files/0x00070000000162b8-51.dat	xmrig
behavioral1/memory/2284-4019-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2728-4020-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2632-4021-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2212-4022-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1084-4023-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2128-4024-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1764-4029-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/548-4028-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1864-4027-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2060-4026-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2804	TmXJBff.exe
2284	SUdGOUl.exe
2728	tTANWFi.exe
2632	EEAGpoj.exe
2212	CtcyNBq.exe
1764	tNOMRtm.exe
784	fACfnUl.exe
1084	xtvBISm.exe
1492	oonbsyo.exe
548	MbLwQlS.exe
1864	CLDxHid.exe
2060	NTsqoFj.exe
2324	ZdLLrmm.exe
2128	wxCsKUI.exe
2992	yMvnfrx.exe
2520	CxxuENA.exe
316	RKCmdaL.exe
2808	zXjsCij.exe
2940	slmWZVc.exe
2656	tgsUBDo.exe
2508	oSKzlyQ.exe
568	RGuwjIA.exe
1164	bMFAmQn.exe
1664	AfkivrR.exe
1440	KTChTCL.exe
2972	BTEgEqp.exe
1436	QyDiTgu.exe
1144	VwXEvmq.exe
1160	bCILRRN.exe
468	vrDMXeR.exe
1516	eauKtzK.exe
1876	zFlUFtT.exe
1356	EjiAWDC.exe
1188	qiBhyjw.exe
1296	rNShqrs.exe
2000	bbVNZEe.exe
1280	vJsNMyy.exe
1920	kHyoeuo.exe
2280	tDgONhL.exe
1704	pshiFCM.exe
2024	SCBVKoX.exe
1496	hPCaVLF.exe
2052	saYurjs.exe
1744	tvZaEeB.exe
2452	BaATMQU.exe
1748	bnpTsse.exe
2740	CukCWeB.exe
884	NOuzUTM.exe
2536	DCxBOhn.exe
2440	MTEZWLB.exe
1612	YMRYusF.exe
1624	LMntLso.exe
2660	rYFQYWJ.exe
2640	IcIhwSR.exe
2456	pFiOJrv.exe
1172	PrsCRwJ.exe
1868	xClCoxV.exe
2152	cQzlEyr.exe
2980	wLNOHPZ.exe
3060	mBhoVwA.exe
2604	hpxpTby.exe
1324	HfRGRSE.exe
2716	PRsFGIO.exe
3008	jZlkncM.exe

Loads dropped DLL 64 IoCs

pid	Process
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2896-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/memory/2804-9-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000015d75-10.dat	upx
behavioral1/files/0x0008000000015d7f-12.dat	upx
behavioral1/memory/2284-20-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0007000000015e25-24.dat	upx
behavioral1/memory/2632-30-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2728-26-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0007000000015e47-34.dat	upx
behavioral1/memory/2212-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0007000000015f1b-37.dat	upx
behavioral1/files/0x0007000000015f2a-44.dat	upx
behavioral1/files/0x00080000000160ae-45.dat	upx
behavioral1/files/0x0005000000019234-63.dat	upx
behavioral1/files/0x0005000000019241-67.dat	upx
behavioral1/files/0x000500000001925c-72.dat	upx
behavioral1/files/0x0034000000015d5c-75.dat	upx
behavioral1/files/0x0005000000019273-89.dat	upx
behavioral1/files/0x00050000000193a2-119.dat	upx
behavioral1/files/0x00050000000193af-124.dat	upx
behavioral1/files/0x00050000000193fa-143.dat	upx
behavioral1/files/0x00050000000193f8-135.dat	upx
behavioral1/files/0x00050000000194a7-171.dat	upx
behavioral1/files/0x00050000000194d4-183.dat	upx
behavioral1/memory/2896-300-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2804-388-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2728-389-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x00050000000194da-186.dat	upx
behavioral1/files/0x00050000000194b4-175.dat	upx
behavioral1/memory/2128-159-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2324-157-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2060-155-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1864-153-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/548-151-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1492-149-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/1084-147-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019408-145.dat	upx
behavioral1/files/0x0005000000019494-166.dat	upx
behavioral1/memory/784-138-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/1764-163-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-129.dat	upx
behavioral1/files/0x0005000000019384-114.dat	upx
behavioral1/files/0x0005000000019346-109.dat	upx
behavioral1/files/0x000500000001933e-104.dat	upx
behavioral1/files/0x000500000001932a-99.dat	upx
behavioral1/files/0x00050000000192f0-94.dat	upx
behavioral1/files/0x0005000000019228-59.dat	upx
behavioral1/files/0x000500000001920f-55.dat	upx
behavioral1/files/0x00070000000162b8-51.dat	upx
behavioral1/memory/2284-4019-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2728-4020-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2632-4021-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2212-4022-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1084-4023-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2128-4024-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1764-4029-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/548-4028-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1864-4027-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2060-4026-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/784-4025-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2324-4030-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1492-4031-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jieaIYX.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lmfkjae.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcUYUMe.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEValvg.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjrhFuk.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aopEhYd.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaCOrpT.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHyMPVj.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrldZuZ.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJJbvvA.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efaizEd.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WodfxoW.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dayVzQT.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdKkaYv.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaKTVxi.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doTNiWD.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLohjWB.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JamRsbT.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCKfzdc.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqvoByg.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwkuLES.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAHCkSA.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFrZFsx.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzKvohu.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDOCtLi.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlyCMYU.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOaOEkh.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbAyQpR.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXWlXqD.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpYmiXn.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcQNZhX.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWEqEfb.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjnMZDE.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgqNull.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrdQIWN.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLfXbAk.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQxblNa.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkgyTwb.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znMJxZU.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXsHxpG.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJJZmSD.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFjTcWI.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqSkioe.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVQdfEG.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jreFOmX.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWOuOcM.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjRWqDI.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvUTrVh.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhgHZVI.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDhgZVJ.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtCNUTm.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdFrYVi.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXscXBx.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIikrzo.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTBzlhH.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMEgkXY.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzAaIlU.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhSrlVh.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmBWRil.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWAVNFT.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvKyrbo.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdCXIGa.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvSwhAl.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slmWZVc.exe	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2804	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2896 wrote to memory of 2804	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2896 wrote to memory of 2804	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2896 wrote to memory of 2284	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2896 wrote to memory of 2284	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2896 wrote to memory of 2284	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2896 wrote to memory of 2728	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2896 wrote to memory of 2728	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2896 wrote to memory of 2728	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2896 wrote to memory of 2632	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2896 wrote to memory of 2632	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2896 wrote to memory of 2632	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2896 wrote to memory of 2212	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2896 wrote to memory of 2212	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2896 wrote to memory of 2212	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2896 wrote to memory of 1764	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2896 wrote to memory of 1764	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2896 wrote to memory of 1764	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2896 wrote to memory of 784	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2896 wrote to memory of 784	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2896 wrote to memory of 784	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2896 wrote to memory of 1084	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2896 wrote to memory of 1084	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2896 wrote to memory of 1084	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2896 wrote to memory of 1492	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2896 wrote to memory of 1492	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2896 wrote to memory of 1492	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2896 wrote to memory of 548	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2896 wrote to memory of 548	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2896 wrote to memory of 548	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2896 wrote to memory of 1864	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2896 wrote to memory of 1864	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2896 wrote to memory of 1864	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2896 wrote to memory of 2060	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2896 wrote to memory of 2060	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2896 wrote to memory of 2060	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2896 wrote to memory of 2324	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2896 wrote to memory of 2324	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2896 wrote to memory of 2324	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2896 wrote to memory of 2128	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2896 wrote to memory of 2128	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2896 wrote to memory of 2128	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2896 wrote to memory of 2992	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2896 wrote to memory of 2992	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2896 wrote to memory of 2992	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2896 wrote to memory of 2520	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2896 wrote to memory of 2520	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2896 wrote to memory of 2520	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2896 wrote to memory of 316	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2896 wrote to memory of 316	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2896 wrote to memory of 316	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2896 wrote to memory of 2808	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2896 wrote to memory of 2808	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2896 wrote to memory of 2808	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2896 wrote to memory of 2940	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2896 wrote to memory of 2940	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2896 wrote to memory of 2940	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2896 wrote to memory of 2656	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2896 wrote to memory of 2656	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2896 wrote to memory of 2656	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2896 wrote to memory of 2508	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2896 wrote to memory of 2508	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2896 wrote to memory of 2508	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2896 wrote to memory of 568	2896	2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_38a94f4190201ca38723abb595f5e444_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\System\TmXJBff.exe
  C:\Windows\System\TmXJBff.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\SUdGOUl.exe
  C:\Windows\System\SUdGOUl.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\tTANWFi.exe
  C:\Windows\System\tTANWFi.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EEAGpoj.exe
  C:\Windows\System\EEAGpoj.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\CtcyNBq.exe
  C:\Windows\System\CtcyNBq.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\tNOMRtm.exe
  C:\Windows\System\tNOMRtm.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\fACfnUl.exe
  C:\Windows\System\fACfnUl.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\xtvBISm.exe
  C:\Windows\System\xtvBISm.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\oonbsyo.exe
  C:\Windows\System\oonbsyo.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\MbLwQlS.exe
  C:\Windows\System\MbLwQlS.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\CLDxHid.exe
  C:\Windows\System\CLDxHid.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\NTsqoFj.exe
  C:\Windows\System\NTsqoFj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ZdLLrmm.exe
  C:\Windows\System\ZdLLrmm.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\wxCsKUI.exe
  C:\Windows\System\wxCsKUI.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\yMvnfrx.exe
  C:\Windows\System\yMvnfrx.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CxxuENA.exe
  C:\Windows\System\CxxuENA.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\RKCmdaL.exe
  C:\Windows\System\RKCmdaL.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\zXjsCij.exe
  C:\Windows\System\zXjsCij.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\slmWZVc.exe
  C:\Windows\System\slmWZVc.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\tgsUBDo.exe
  C:\Windows\System\tgsUBDo.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\oSKzlyQ.exe
  C:\Windows\System\oSKzlyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\RGuwjIA.exe
  C:\Windows\System\RGuwjIA.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\bMFAmQn.exe
  C:\Windows\System\bMFAmQn.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\AfkivrR.exe
  C:\Windows\System\AfkivrR.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\KTChTCL.exe
  C:\Windows\System\KTChTCL.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\BTEgEqp.exe
  C:\Windows\System\BTEgEqp.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\QyDiTgu.exe
  C:\Windows\System\QyDiTgu.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\VwXEvmq.exe
  C:\Windows\System\VwXEvmq.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\bCILRRN.exe
  C:\Windows\System\bCILRRN.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\vrDMXeR.exe
  C:\Windows\System\vrDMXeR.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\eauKtzK.exe
  C:\Windows\System\eauKtzK.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\zFlUFtT.exe
  C:\Windows\System\zFlUFtT.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\EjiAWDC.exe
  C:\Windows\System\EjiAWDC.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\qiBhyjw.exe
  C:\Windows\System\qiBhyjw.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\rNShqrs.exe
  C:\Windows\System\rNShqrs.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\bbVNZEe.exe
  C:\Windows\System\bbVNZEe.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\vJsNMyy.exe
  C:\Windows\System\vJsNMyy.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\kHyoeuo.exe
  C:\Windows\System\kHyoeuo.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\tDgONhL.exe
  C:\Windows\System\tDgONhL.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\pshiFCM.exe
  C:\Windows\System\pshiFCM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\SCBVKoX.exe
  C:\Windows\System\SCBVKoX.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\hPCaVLF.exe
  C:\Windows\System\hPCaVLF.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\saYurjs.exe
  C:\Windows\System\saYurjs.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\tvZaEeB.exe
  C:\Windows\System\tvZaEeB.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\bnpTsse.exe
  C:\Windows\System\bnpTsse.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\BaATMQU.exe
  C:\Windows\System\BaATMQU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\NOuzUTM.exe
  C:\Windows\System\NOuzUTM.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\CukCWeB.exe
  C:\Windows\System\CukCWeB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\MTEZWLB.exe
  C:\Windows\System\MTEZWLB.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\DCxBOhn.exe
  C:\Windows\System\DCxBOhn.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\LMntLso.exe
  C:\Windows\System\LMntLso.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\YMRYusF.exe
  C:\Windows\System\YMRYusF.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\IcIhwSR.exe
  C:\Windows\System\IcIhwSR.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\rYFQYWJ.exe
  C:\Windows\System\rYFQYWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\pFiOJrv.exe
  C:\Windows\System\pFiOJrv.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\PrsCRwJ.exe
  C:\Windows\System\PrsCRwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\xClCoxV.exe
  C:\Windows\System\xClCoxV.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\cQzlEyr.exe
  C:\Windows\System\cQzlEyr.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\wLNOHPZ.exe
  C:\Windows\System\wLNOHPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mBhoVwA.exe
  C:\Windows\System\mBhoVwA.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hpxpTby.exe
  C:\Windows\System\hpxpTby.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\HfRGRSE.exe
  C:\Windows\System\HfRGRSE.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\PRsFGIO.exe
  C:\Windows\System\PRsFGIO.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jZlkncM.exe
  C:\Windows\System\jZlkncM.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\qNvAMuX.exe
  C:\Windows\System\qNvAMuX.exe
  2⤵
  PID:2116
- C:\Windows\System\aOaOEkh.exe
  C:\Windows\System\aOaOEkh.exe
  2⤵
  PID:1288
- C:\Windows\System\eQozWPJ.exe
  C:\Windows\System\eQozWPJ.exe
  2⤵
  PID:2956
- C:\Windows\System\QnHWGVh.exe
  C:\Windows\System\QnHWGVh.exe
  2⤵
  PID:2340
- C:\Windows\System\vbsUReF.exe
  C:\Windows\System\vbsUReF.exe
  2⤵
  PID:1348
- C:\Windows\System\OjsVnlv.exe
  C:\Windows\System\OjsVnlv.exe
  2⤵
  PID:2372
- C:\Windows\System\tnsqnuo.exe
  C:\Windows\System\tnsqnuo.exe
  2⤵
  PID:1668
- C:\Windows\System\wIikrzo.exe
  C:\Windows\System\wIikrzo.exe
  2⤵
  PID:2428
- C:\Windows\System\sbawaaP.exe
  C:\Windows\System\sbawaaP.exe
  2⤵
  PID:960
- C:\Windows\System\GmHTalw.exe
  C:\Windows\System\GmHTalw.exe
  2⤵
  PID:868
- C:\Windows\System\JuNwyml.exe
  C:\Windows\System\JuNwyml.exe
  2⤵
  PID:1544
- C:\Windows\System\qYGpbQX.exe
  C:\Windows\System\qYGpbQX.exe
  2⤵
  PID:1936
- C:\Windows\System\mzQZYsV.exe
  C:\Windows\System\mzQZYsV.exe
  2⤵
  PID:2264
- C:\Windows\System\dayVzQT.exe
  C:\Windows\System\dayVzQT.exe
  2⤵
  PID:2864
- C:\Windows\System\woGWsYR.exe
  C:\Windows\System\woGWsYR.exe
  2⤵
  PID:2592
- C:\Windows\System\szVFknC.exe
  C:\Windows\System\szVFknC.exe
  2⤵
  PID:1616
- C:\Windows\System\HwRruAZ.exe
  C:\Windows\System\HwRruAZ.exe
  2⤵
  PID:2544
- C:\Windows\System\dlSaceb.exe
  C:\Windows\System\dlSaceb.exe
  2⤵
  PID:1036
- C:\Windows\System\sYuIjxO.exe
  C:\Windows\System\sYuIjxO.exe
  2⤵
  PID:2776
- C:\Windows\System\aHJEJhV.exe
  C:\Windows\System\aHJEJhV.exe
  2⤵
  PID:2664
- C:\Windows\System\RavmDWa.exe
  C:\Windows\System\RavmDWa.exe
  2⤵
  PID:320
- C:\Windows\System\tLfXbAk.exe
  C:\Windows\System\tLfXbAk.exe
  2⤵
  PID:2420
- C:\Windows\System\duzSdmc.exe
  C:\Windows\System\duzSdmc.exe
  2⤵
  PID:2932
- C:\Windows\System\oOdzSIk.exe
  C:\Windows\System\oOdzSIk.exe
  2⤵
  PID:2812
- C:\Windows\System\aulwIuQ.exe
  C:\Windows\System\aulwIuQ.exe
  2⤵
  PID:2480
- C:\Windows\System\ueSzzcc.exe
  C:\Windows\System\ueSzzcc.exe
  2⤵
  PID:3056
- C:\Windows\System\xadoAlU.exe
  C:\Windows\System\xadoAlU.exe
  2⤵
  PID:1264
- C:\Windows\System\lItOkdk.exe
  C:\Windows\System\lItOkdk.exe
  2⤵
  PID:1928
- C:\Windows\System\qkoTKrw.exe
  C:\Windows\System\qkoTKrw.exe
  2⤵
  PID:1404
- C:\Windows\System\NgcQCHb.exe
  C:\Windows\System\NgcQCHb.exe
  2⤵
  PID:908
- C:\Windows\System\PxEGPfv.exe
  C:\Windows\System\PxEGPfv.exe
  2⤵
  PID:2376
- C:\Windows\System\CadQUOT.exe
  C:\Windows\System\CadQUOT.exe
  2⤵
  PID:708
- C:\Windows\System\GlyNbTI.exe
  C:\Windows\System\GlyNbTI.exe
  2⤵
  PID:1840
- C:\Windows\System\DBjAKRu.exe
  C:\Windows\System\DBjAKRu.exe
  2⤵
  PID:1712
- C:\Windows\System\dnIaZSi.exe
  C:\Windows\System\dnIaZSi.exe
  2⤵
  PID:1596
- C:\Windows\System\qlpbnVh.exe
  C:\Windows\System\qlpbnVh.exe
  2⤵
  PID:1996
- C:\Windows\System\GVgcDbN.exe
  C:\Windows\System\GVgcDbN.exe
  2⤵
  PID:1796
- C:\Windows\System\CRQGaTz.exe
  C:\Windows\System\CRQGaTz.exe
  2⤵
  PID:2796
- C:\Windows\System\CzglgxV.exe
  C:\Windows\System\CzglgxV.exe
  2⤵
  PID:2484
- C:\Windows\System\dAqtBeN.exe
  C:\Windows\System\dAqtBeN.exe
  2⤵
  PID:2424
- C:\Windows\System\EzvKLbZ.exe
  C:\Windows\System\EzvKLbZ.exe
  2⤵
  PID:2132
- C:\Windows\System\qANvDAT.exe
  C:\Windows\System\qANvDAT.exe
  2⤵
  PID:2072
- C:\Windows\System\FkaKbqx.exe
  C:\Windows\System\FkaKbqx.exe
  2⤵
  PID:1556
- C:\Windows\System\LJtJBIM.exe
  C:\Windows\System\LJtJBIM.exe
  2⤵
  PID:2364
- C:\Windows\System\yqsBgDU.exe
  C:\Windows\System\yqsBgDU.exe
  2⤵
  PID:2224
- C:\Windows\System\UBXdDDj.exe
  C:\Windows\System\UBXdDDj.exe
  2⤵
  PID:2268
- C:\Windows\System\DrpQasV.exe
  C:\Windows\System\DrpQasV.exe
  2⤵
  PID:2196
- C:\Windows\System\nQXCacr.exe
  C:\Windows\System\nQXCacr.exe
  2⤵
  PID:1200
- C:\Windows\System\uUfEkOo.exe
  C:\Windows\System\uUfEkOo.exe
  2⤵
  PID:1628
- C:\Windows\System\dthmifp.exe
  C:\Windows\System\dthmifp.exe
  2⤵
  PID:1536
- C:\Windows\System\QkwCQOJ.exe
  C:\Windows\System\QkwCQOJ.exe
  2⤵
  PID:2476
- C:\Windows\System\IbaijvY.exe
  C:\Windows\System\IbaijvY.exe
  2⤵
  PID:2912
- C:\Windows\System\EzkWbxw.exe
  C:\Windows\System\EzkWbxw.exe
  2⤵
  PID:3068
- C:\Windows\System\bZeEtLt.exe
  C:\Windows\System\bZeEtLt.exe
  2⤵
  PID:2568
- C:\Windows\System\deqEScE.exe
  C:\Windows\System\deqEScE.exe
  2⤵
  PID:1588
- C:\Windows\System\oSrzCTa.exe
  C:\Windows\System\oSrzCTa.exe
  2⤵
  PID:1656
- C:\Windows\System\TODPUwa.exe
  C:\Windows\System\TODPUwa.exe
  2⤵
  PID:1268
- C:\Windows\System\buVpjbT.exe
  C:\Windows\System\buVpjbT.exe
  2⤵
  PID:2336
- C:\Windows\System\oxOusXM.exe
  C:\Windows\System\oxOusXM.exe
  2⤵
  PID:1364
- C:\Windows\System\ULKvRmy.exe
  C:\Windows\System\ULKvRmy.exe
  2⤵
  PID:3052
- C:\Windows\System\FvFlzXg.exe
  C:\Windows\System\FvFlzXg.exe
  2⤵
  PID:2556
- C:\Windows\System\TWQGbRG.exe
  C:\Windows\System\TWQGbRG.exe
  2⤵
  PID:3044
- C:\Windows\System\IkDVdwp.exe
  C:\Windows\System\IkDVdwp.exe
  2⤵
  PID:1520
- C:\Windows\System\BsVZqFx.exe
  C:\Windows\System\BsVZqFx.exe
  2⤵
  PID:2156
- C:\Windows\System\VDEbqLu.exe
  C:\Windows\System\VDEbqLu.exe
  2⤵
  PID:2820
- C:\Windows\System\sKBDuUq.exe
  C:\Windows\System\sKBDuUq.exe
  2⤵
  PID:1512
- C:\Windows\System\cTcTjRO.exe
  C:\Windows\System\cTcTjRO.exe
  2⤵
  PID:1728
- C:\Windows\System\vWYaEjJ.exe
  C:\Windows\System\vWYaEjJ.exe
  2⤵
  PID:2472
- C:\Windows\System\xGzwkCs.exe
  C:\Windows\System\xGzwkCs.exe
  2⤵
  PID:1772
- C:\Windows\System\TQzldUw.exe
  C:\Windows\System\TQzldUw.exe
  2⤵
  PID:1980
- C:\Windows\System\UFqFdmS.exe
  C:\Windows\System\UFqFdmS.exe
  2⤵
  PID:2092
- C:\Windows\System\AUpdBxv.exe
  C:\Windows\System\AUpdBxv.exe
  2⤵
  PID:2984
- C:\Windows\System\oyPmiXw.exe
  C:\Windows\System\oyPmiXw.exe
  2⤵
  PID:2368
- C:\Windows\System\vONxAmv.exe
  C:\Windows\System\vONxAmv.exe
  2⤵
  PID:3088
- C:\Windows\System\RrnpONj.exe
  C:\Windows\System\RrnpONj.exe
  2⤵
  PID:3104
- C:\Windows\System\awGtLMN.exe
  C:\Windows\System\awGtLMN.exe
  2⤵
  PID:3124
- C:\Windows\System\KrNyupm.exe
  C:\Windows\System\KrNyupm.exe
  2⤵
  PID:3144
- C:\Windows\System\bznKpuV.exe
  C:\Windows\System\bznKpuV.exe
  2⤵
  PID:3164
- C:\Windows\System\OdZBGaM.exe
  C:\Windows\System\OdZBGaM.exe
  2⤵
  PID:3184
- C:\Windows\System\wQgWMYY.exe
  C:\Windows\System\wQgWMYY.exe
  2⤵
  PID:3204
- C:\Windows\System\MNSFlgy.exe
  C:\Windows\System\MNSFlgy.exe
  2⤵
  PID:3224
- C:\Windows\System\QUomyZl.exe
  C:\Windows\System\QUomyZl.exe
  2⤵
  PID:3240
- C:\Windows\System\aopEhYd.exe
  C:\Windows\System\aopEhYd.exe
  2⤵
  PID:3256
- C:\Windows\System\XTLsXFd.exe
  C:\Windows\System\XTLsXFd.exe
  2⤵
  PID:3272
- C:\Windows\System\wfrYudS.exe
  C:\Windows\System\wfrYudS.exe
  2⤵
  PID:3288
- C:\Windows\System\RrhKeai.exe
  C:\Windows\System\RrhKeai.exe
  2⤵
  PID:3304
- C:\Windows\System\EshcqOV.exe
  C:\Windows\System\EshcqOV.exe
  2⤵
  PID:3320
- C:\Windows\System\uZlwptX.exe
  C:\Windows\System\uZlwptX.exe
  2⤵
  PID:3336
- C:\Windows\System\qoKVDrU.exe
  C:\Windows\System\qoKVDrU.exe
  2⤵
  PID:3356
- C:\Windows\System\RrzNilg.exe
  C:\Windows\System\RrzNilg.exe
  2⤵
  PID:3372
- C:\Windows\System\YwNKgGv.exe
  C:\Windows\System\YwNKgGv.exe
  2⤵
  PID:3412
- C:\Windows\System\qclBPaW.exe
  C:\Windows\System\qclBPaW.exe
  2⤵
  PID:3432
- C:\Windows\System\LnqHkoZ.exe
  C:\Windows\System\LnqHkoZ.exe
  2⤵
  PID:3448
- C:\Windows\System\adhZQlQ.exe
  C:\Windows\System\adhZQlQ.exe
  2⤵
  PID:3464
- C:\Windows\System\QAnsAYj.exe
  C:\Windows\System\QAnsAYj.exe
  2⤵
  PID:3500
- C:\Windows\System\PIpbDmR.exe
  C:\Windows\System\PIpbDmR.exe
  2⤵
  PID:3524
- C:\Windows\System\twEriNs.exe
  C:\Windows\System\twEriNs.exe
  2⤵
  PID:3540
- C:\Windows\System\qedVOKt.exe
  C:\Windows\System\qedVOKt.exe
  2⤵
  PID:3556
- C:\Windows\System\crZJjmx.exe
  C:\Windows\System\crZJjmx.exe
  2⤵
  PID:3572
- C:\Windows\System\ucVmmIj.exe
  C:\Windows\System\ucVmmIj.exe
  2⤵
  PID:3588
- C:\Windows\System\YnDxHzu.exe
  C:\Windows\System\YnDxHzu.exe
  2⤵
  PID:3604
- C:\Windows\System\bOcusSe.exe
  C:\Windows\System\bOcusSe.exe
  2⤵
  PID:3620
- C:\Windows\System\jnBFyMf.exe
  C:\Windows\System\jnBFyMf.exe
  2⤵
  PID:3640
- C:\Windows\System\iNmKeJL.exe
  C:\Windows\System\iNmKeJL.exe
  2⤵
  PID:3660
- C:\Windows\System\ygKbXeW.exe
  C:\Windows\System\ygKbXeW.exe
  2⤵
  PID:3692
- C:\Windows\System\BbXqRoX.exe
  C:\Windows\System\BbXqRoX.exe
  2⤵
  PID:3708
- C:\Windows\System\xUDVfez.exe
  C:\Windows\System\xUDVfez.exe
  2⤵
  PID:3736
- C:\Windows\System\GDjhFLy.exe
  C:\Windows\System\GDjhFLy.exe
  2⤵
  PID:3752
- C:\Windows\System\Svilbaf.exe
  C:\Windows\System\Svilbaf.exe
  2⤵
  PID:3776
- C:\Windows\System\YorOpEd.exe
  C:\Windows\System\YorOpEd.exe
  2⤵
  PID:3796
- C:\Windows\System\lreNSrN.exe
  C:\Windows\System\lreNSrN.exe
  2⤵
  PID:3820
- C:\Windows\System\jDOdWBS.exe
  C:\Windows\System\jDOdWBS.exe
  2⤵
  PID:3836
- C:\Windows\System\PeYwtLu.exe
  C:\Windows\System\PeYwtLu.exe
  2⤵
  PID:3852
- C:\Windows\System\yVVSmgZ.exe
  C:\Windows\System\yVVSmgZ.exe
  2⤵
  PID:3880
- C:\Windows\System\nhBOADC.exe
  C:\Windows\System\nhBOADC.exe
  2⤵
  PID:3896
- C:\Windows\System\tKkNevt.exe
  C:\Windows\System\tKkNevt.exe
  2⤵
  PID:3912
- C:\Windows\System\CzEpZkI.exe
  C:\Windows\System\CzEpZkI.exe
  2⤵
  PID:3940
- C:\Windows\System\flNiNOR.exe
  C:\Windows\System\flNiNOR.exe
  2⤵
  PID:3960
- C:\Windows\System\ORXnubM.exe
  C:\Windows\System\ORXnubM.exe
  2⤵
  PID:3976
- C:\Windows\System\jPRmPSk.exe
  C:\Windows\System\jPRmPSk.exe
  2⤵
  PID:3996
- C:\Windows\System\hrSfGQe.exe
  C:\Windows\System\hrSfGQe.exe
  2⤵
  PID:4012
- C:\Windows\System\VdKkaYv.exe
  C:\Windows\System\VdKkaYv.exe
  2⤵
  PID:4028
- C:\Windows\System\yFaYhQn.exe
  C:\Windows\System\yFaYhQn.exe
  2⤵
  PID:4048
- C:\Windows\System\vlgmjBn.exe
  C:\Windows\System\vlgmjBn.exe
  2⤵
  PID:4064
- C:\Windows\System\XUhcuCj.exe
  C:\Windows\System\XUhcuCj.exe
  2⤵
  PID:4080
- C:\Windows\System\XBIAPSy.exe
  C:\Windows\System\XBIAPSy.exe
  2⤵
  PID:1112
- C:\Windows\System\FLaYCGO.exe
  C:\Windows\System\FLaYCGO.exe
  2⤵
  PID:408
- C:\Windows\System\deQeJdo.exe
  C:\Windows\System\deQeJdo.exe
  2⤵
  PID:2460
- C:\Windows\System\HSCnnxU.exe
  C:\Windows\System\HSCnnxU.exe
  2⤵
  PID:1804
- C:\Windows\System\MMEgkXY.exe
  C:\Windows\System\MMEgkXY.exe
  2⤵
  PID:3100
- C:\Windows\System\RwKJTZr.exe
  C:\Windows\System\RwKJTZr.exe
  2⤵
  PID:3084
- C:\Windows\System\nwtvBbl.exe
  C:\Windows\System\nwtvBbl.exe
  2⤵
  PID:3140
- C:\Windows\System\eWujoWJ.exe
  C:\Windows\System\eWujoWJ.exe
  2⤵
  PID:3172
- C:\Windows\System\lSrPcsY.exe
  C:\Windows\System\lSrPcsY.exe
  2⤵
  PID:3176
- C:\Windows\System\PymJmHr.exe
  C:\Windows\System\PymJmHr.exe
  2⤵
  PID:3192
- C:\Windows\System\bCCdYWk.exe
  C:\Windows\System\bCCdYWk.exe
  2⤵
  PID:3268
- C:\Windows\System\MogzRZV.exe
  C:\Windows\System\MogzRZV.exe
  2⤵
  PID:3196
- C:\Windows\System\lQviqhn.exe
  C:\Windows\System\lQviqhn.exe
  2⤵
  PID:3300
- C:\Windows\System\kyolukq.exe
  C:\Windows\System\kyolukq.exe
  2⤵
  PID:3252
- C:\Windows\System\jreFOmX.exe
  C:\Windows\System\jreFOmX.exe
  2⤵
  PID:3344
- C:\Windows\System\gtFGgeH.exe
  C:\Windows\System\gtFGgeH.exe
  2⤵
  PID:3396
- C:\Windows\System\hLyNGVK.exe
  C:\Windows\System\hLyNGVK.exe
  2⤵
  PID:3404
- C:\Windows\System\ZtOFPpZ.exe
  C:\Windows\System\ZtOFPpZ.exe
  2⤵
  PID:3424
- C:\Windows\System\vhNSIaE.exe
  C:\Windows\System\vhNSIaE.exe
  2⤵
  PID:3472
- C:\Windows\System\eqzzTqx.exe
  C:\Windows\System\eqzzTqx.exe
  2⤵
  PID:3508
- C:\Windows\System\qRQdUgH.exe
  C:\Windows\System\qRQdUgH.exe
  2⤵
  PID:700
- C:\Windows\System\qaEIYzM.exe
  C:\Windows\System\qaEIYzM.exe
  2⤵
  PID:3564
- C:\Windows\System\MuVJbis.exe
  C:\Windows\System\MuVJbis.exe
  2⤵
  PID:3636
- C:\Windows\System\RGzVYwi.exe
  C:\Windows\System\RGzVYwi.exe
  2⤵
  PID:3700
- C:\Windows\System\CTlpHNT.exe
  C:\Windows\System\CTlpHNT.exe
  2⤵
  PID:3648
- C:\Windows\System\DaBspPx.exe
  C:\Windows\System\DaBspPx.exe
  2⤵
  PID:3816
- C:\Windows\System\CjtvcSA.exe
  C:\Windows\System\CjtvcSA.exe
  2⤵
  PID:3888
- C:\Windows\System\qqAeYqb.exe
  C:\Windows\System\qqAeYqb.exe
  2⤵
  PID:3924
- C:\Windows\System\uNENYKh.exe
  C:\Windows\System\uNENYKh.exe
  2⤵
  PID:3876
- C:\Windows\System\ZrQupSz.exe
  C:\Windows\System\ZrQupSz.exe
  2⤵
  PID:4008
- C:\Windows\System\GcSFwsq.exe
  C:\Windows\System\GcSFwsq.exe
  2⤵
  PID:3788
- C:\Windows\System\ucPZSxq.exe
  C:\Windows\System\ucPZSxq.exe
  2⤵
  PID:4072
- C:\Windows\System\UBwOXZs.exe
  C:\Windows\System\UBwOXZs.exe
  2⤵
  PID:4076
- C:\Windows\System\RbbyivP.exe
  C:\Windows\System\RbbyivP.exe
  2⤵
  PID:2600
- C:\Windows\System\mVfpayx.exe
  C:\Windows\System\mVfpayx.exe
  2⤵
  PID:3904
- C:\Windows\System\wifdbEM.exe
  C:\Windows\System\wifdbEM.exe
  2⤵
  PID:3956
- C:\Windows\System\voNVGLK.exe
  C:\Windows\System\voNVGLK.exe
  2⤵
  PID:1068
- C:\Windows\System\aUxbusN.exe
  C:\Windows\System\aUxbusN.exe
  2⤵
  PID:2648
- C:\Windows\System\KlENshQ.exe
  C:\Windows\System\KlENshQ.exe
  2⤵
  PID:3212
- C:\Windows\System\PfROeCj.exe
  C:\Windows\System\PfROeCj.exe
  2⤵
  PID:1204
- C:\Windows\System\gzUhIvH.exe
  C:\Windows\System\gzUhIvH.exe
  2⤵
  PID:2404
- C:\Windows\System\gSjVdAP.exe
  C:\Windows\System\gSjVdAP.exe
  2⤵
  PID:3248
- C:\Windows\System\KsilHgK.exe
  C:\Windows\System\KsilHgK.exe
  2⤵
  PID:2584
- C:\Windows\System\MAiCRMG.exe
  C:\Windows\System\MAiCRMG.exe
  2⤵
  PID:3480
- C:\Windows\System\jgRUTjP.exe
  C:\Windows\System\jgRUTjP.exe
  2⤵
  PID:3180
- C:\Windows\System\KFkbDFD.exe
  C:\Windows\System\KFkbDFD.exe
  2⤵
  PID:3400
- C:\Windows\System\NtuKGTk.exe
  C:\Windows\System\NtuKGTk.exe
  2⤵
  PID:3512
- C:\Windows\System\dKwkjRL.exe
  C:\Windows\System\dKwkjRL.exe
  2⤵
  PID:3680
- C:\Windows\System\UCYJpyG.exe
  C:\Windows\System\UCYJpyG.exe
  2⤵
  PID:3732
- C:\Windows\System\oOnDsoc.exe
  C:\Windows\System\oOnDsoc.exe
  2⤵
  PID:3612
- C:\Windows\System\EnjueKz.exe
  C:\Windows\System\EnjueKz.exe
  2⤵
  PID:3812
- C:\Windows\System\BGexgZn.exe
  C:\Windows\System\BGexgZn.exe
  2⤵
  PID:3844
- C:\Windows\System\guHQjFa.exe
  C:\Windows\System\guHQjFa.exe
  2⤵
  PID:3864
- C:\Windows\System\IYdFpsk.exe
  C:\Windows\System\IYdFpsk.exe
  2⤵
  PID:4088
- C:\Windows\System\uRDJjxu.exe
  C:\Windows\System\uRDJjxu.exe
  2⤵
  PID:3928
- C:\Windows\System\yZzrELQ.exe
  C:\Windows\System\yZzrELQ.exe
  2⤵
  PID:3860
- C:\Windows\System\AlxknWU.exe
  C:\Windows\System\AlxknWU.exe
  2⤵
  PID:2684
- C:\Windows\System\fNmGsrQ.exe
  C:\Windows\System\fNmGsrQ.exe
  2⤵
  PID:4092
- C:\Windows\System\YViUUVj.exe
  C:\Windows\System\YViUUVj.exe
  2⤵
  PID:996
- C:\Windows\System\HHvpOit.exe
  C:\Windows\System\HHvpOit.exe
  2⤵
  PID:4024
- C:\Windows\System\WjSqdJF.exe
  C:\Windows\System\WjSqdJF.exe
  2⤵
  PID:3368
- C:\Windows\System\CndGaoQ.exe
  C:\Windows\System\CndGaoQ.exe
  2⤵
  PID:3316
- C:\Windows\System\xqnOrSv.exe
  C:\Windows\System\xqnOrSv.exe
  2⤵
  PID:3076
- C:\Windows\System\fVACGxP.exe
  C:\Windows\System\fVACGxP.exe
  2⤵
  PID:3440
- C:\Windows\System\XbxVidq.exe
  C:\Windows\System\XbxVidq.exe
  2⤵
  PID:3000
- C:\Windows\System\zNXZOqo.exe
  C:\Windows\System\zNXZOqo.exe
  2⤵
  PID:3616
- C:\Windows\System\zFmUBhs.exe
  C:\Windows\System\zFmUBhs.exe
  2⤵
  PID:3488
- C:\Windows\System\uLFANdp.exe
  C:\Windows\System\uLFANdp.exe
  2⤵
  PID:3992
- C:\Windows\System\SLPTiWL.exe
  C:\Windows\System\SLPTiWL.exe
  2⤵
  PID:2892
- C:\Windows\System\YeULEKS.exe
  C:\Windows\System\YeULEKS.exe
  2⤵
  PID:3132
- C:\Windows\System\DJItPVg.exe
  C:\Windows\System\DJItPVg.exe
  2⤵
  PID:3116
- C:\Windows\System\gtcpfJU.exe
  C:\Windows\System\gtcpfJU.exe
  2⤵
  PID:3768
- C:\Windows\System\CWAVNFT.exe
  C:\Windows\System\CWAVNFT.exe
  2⤵
  PID:3548
- C:\Windows\System\WYyaQyf.exe
  C:\Windows\System\WYyaQyf.exe
  2⤵
  PID:1924
- C:\Windows\System\Lmfkjae.exe
  C:\Windows\System\Lmfkjae.exe
  2⤵
  PID:3632
- C:\Windows\System\cevmGKN.exe
  C:\Windows\System\cevmGKN.exe
  2⤵
  PID:3932
- C:\Windows\System\mUMRElA.exe
  C:\Windows\System\mUMRElA.exe
  2⤵
  PID:1768
- C:\Windows\System\IGMMGze.exe
  C:\Windows\System\IGMMGze.exe
  2⤵
  PID:1308
- C:\Windows\System\sbYeGKA.exe
  C:\Windows\System\sbYeGKA.exe
  2⤵
  PID:1600
- C:\Windows\System\LgHQCLm.exe
  C:\Windows\System\LgHQCLm.exe
  2⤵
  PID:3392
- C:\Windows\System\mXNQpST.exe
  C:\Windows\System\mXNQpST.exe
  2⤵
  PID:3688
- C:\Windows\System\jkgpzOq.exe
  C:\Windows\System\jkgpzOq.exe
  2⤵
  PID:3380
- C:\Windows\System\DNGAoKB.exe
  C:\Windows\System\DNGAoKB.exe
  2⤵
  PID:3724
- C:\Windows\System\gHZeLlI.exe
  C:\Windows\System\gHZeLlI.exe
  2⤵
  PID:2792
- C:\Windows\System\dgoLKry.exe
  C:\Windows\System\dgoLKry.exe
  2⤵
  PID:3764
- C:\Windows\System\wONGydl.exe
  C:\Windows\System\wONGydl.exe
  2⤵
  PID:2088
- C:\Windows\System\pkpflxf.exe
  C:\Windows\System\pkpflxf.exe
  2⤵
  PID:3112
- C:\Windows\System\pzdYzCj.exe
  C:\Windows\System\pzdYzCj.exe
  2⤵
  PID:2244
- C:\Windows\System\SDxZBiw.exe
  C:\Windows\System\SDxZBiw.exe
  2⤵
  PID:2168
- C:\Windows\System\eXabCXU.exe
  C:\Windows\System\eXabCXU.exe
  2⤵
  PID:936
- C:\Windows\System\YaoMnPG.exe
  C:\Windows\System\YaoMnPG.exe
  2⤵
  PID:3760
- C:\Windows\System\yQjQIzy.exe
  C:\Windows\System\yQjQIzy.exe
  2⤵
  PID:3784
- C:\Windows\System\BprUQOf.exe
  C:\Windows\System\BprUQOf.exe
  2⤵
  PID:2580
- C:\Windows\System\hfPoSlV.exe
  C:\Windows\System\hfPoSlV.exe
  2⤵
  PID:3984
- C:\Windows\System\TjTBXMe.exe
  C:\Windows\System\TjTBXMe.exe
  2⤵
  PID:4108
- C:\Windows\System\jbAyQpR.exe
  C:\Windows\System\jbAyQpR.exe
  2⤵
  PID:4124
- C:\Windows\System\aVEAMOn.exe
  C:\Windows\System\aVEAMOn.exe
  2⤵
  PID:4140
- C:\Windows\System\quNIbch.exe
  C:\Windows\System\quNIbch.exe
  2⤵
  PID:4160
- C:\Windows\System\DrldZuZ.exe
  C:\Windows\System\DrldZuZ.exe
  2⤵
  PID:4180
- C:\Windows\System\XDHEfsT.exe
  C:\Windows\System\XDHEfsT.exe
  2⤵
  PID:4216
- C:\Windows\System\asFjOvY.exe
  C:\Windows\System\asFjOvY.exe
  2⤵
  PID:4236
- C:\Windows\System\mXsMtXi.exe
  C:\Windows\System\mXsMtXi.exe
  2⤵
  PID:4252
- C:\Windows\System\yjbxzjc.exe
  C:\Windows\System\yjbxzjc.exe
  2⤵
  PID:4272
- C:\Windows\System\BQqRmGW.exe
  C:\Windows\System\BQqRmGW.exe
  2⤵
  PID:4288
- C:\Windows\System\WISOjGD.exe
  C:\Windows\System\WISOjGD.exe
  2⤵
  PID:4308
- C:\Windows\System\VaCOrpT.exe
  C:\Windows\System\VaCOrpT.exe
  2⤵
  PID:4324
- C:\Windows\System\rgIbMOu.exe
  C:\Windows\System\rgIbMOu.exe
  2⤵
  PID:4348
- C:\Windows\System\fgXZNHx.exe
  C:\Windows\System\fgXZNHx.exe
  2⤵
  PID:4364
- C:\Windows\System\zWRYhjJ.exe
  C:\Windows\System\zWRYhjJ.exe
  2⤵
  PID:4404
- C:\Windows\System\mADTbbI.exe
  C:\Windows\System\mADTbbI.exe
  2⤵
  PID:4420
- C:\Windows\System\bCCzuSc.exe
  C:\Windows\System\bCCzuSc.exe
  2⤵
  PID:4436
- C:\Windows\System\WyEFfsk.exe
  C:\Windows\System\WyEFfsk.exe
  2⤵
  PID:4452
- C:\Windows\System\EQeAimG.exe
  C:\Windows\System\EQeAimG.exe
  2⤵
  PID:4468
- C:\Windows\System\iKaWgyb.exe
  C:\Windows\System\iKaWgyb.exe
  2⤵
  PID:4484
- C:\Windows\System\IqcdKbs.exe
  C:\Windows\System\IqcdKbs.exe
  2⤵
  PID:4508
- C:\Windows\System\jDtCthI.exe
  C:\Windows\System\jDtCthI.exe
  2⤵
  PID:4524
- C:\Windows\System\dygVDSY.exe
  C:\Windows\System\dygVDSY.exe
  2⤵
  PID:4540
- C:\Windows\System\rYUaVAY.exe
  C:\Windows\System\rYUaVAY.exe
  2⤵
  PID:4564
- C:\Windows\System\HrwhaJe.exe
  C:\Windows\System\HrwhaJe.exe
  2⤵
  PID:4580
- C:\Windows\System\xUBrLNq.exe
  C:\Windows\System\xUBrLNq.exe
  2⤵
  PID:4620
- C:\Windows\System\lVOWXzD.exe
  C:\Windows\System\lVOWXzD.exe
  2⤵
  PID:4636
- C:\Windows\System\sQxblNa.exe
  C:\Windows\System\sQxblNa.exe
  2⤵
  PID:4652
- C:\Windows\System\gRmtJkY.exe
  C:\Windows\System\gRmtJkY.exe
  2⤵
  PID:4680
- C:\Windows\System\mLInhBX.exe
  C:\Windows\System\mLInhBX.exe
  2⤵
  PID:4700
- C:\Windows\System\MtVqcZg.exe
  C:\Windows\System\MtVqcZg.exe
  2⤵
  PID:4716
- C:\Windows\System\JvvRHjS.exe
  C:\Windows\System\JvvRHjS.exe
  2⤵
  PID:4732
- C:\Windows\System\gffGFhO.exe
  C:\Windows\System\gffGFhO.exe
  2⤵
  PID:4752
- C:\Windows\System\adOSKTU.exe
  C:\Windows\System\adOSKTU.exe
  2⤵
  PID:4768
- C:\Windows\System\yMPYGZF.exe
  C:\Windows\System\yMPYGZF.exe
  2⤵
  PID:4788
- C:\Windows\System\YclRQUk.exe
  C:\Windows\System\YclRQUk.exe
  2⤵
  PID:4808
- C:\Windows\System\PaEGYlF.exe
  C:\Windows\System\PaEGYlF.exe
  2⤵
  PID:4824
- C:\Windows\System\ZhumRKx.exe
  C:\Windows\System\ZhumRKx.exe
  2⤵
  PID:4840
- C:\Windows\System\qwYhlIg.exe
  C:\Windows\System\qwYhlIg.exe
  2⤵
  PID:4856
- C:\Windows\System\VChLoWa.exe
  C:\Windows\System\VChLoWa.exe
  2⤵
  PID:4884
- C:\Windows\System\TqMbEcF.exe
  C:\Windows\System\TqMbEcF.exe
  2⤵
  PID:4908
- C:\Windows\System\RNsxHcj.exe
  C:\Windows\System\RNsxHcj.exe
  2⤵
  PID:4940
- C:\Windows\System\MPWQQAp.exe
  C:\Windows\System\MPWQQAp.exe
  2⤵
  PID:4956
- C:\Windows\System\tIwHJOj.exe
  C:\Windows\System\tIwHJOj.exe
  2⤵
  PID:4972
- C:\Windows\System\ObLiKnY.exe
  C:\Windows\System\ObLiKnY.exe
  2⤵
  PID:5008
- C:\Windows\System\wkbhBgI.exe
  C:\Windows\System\wkbhBgI.exe
  2⤵
  PID:5028
- C:\Windows\System\dhgzGEC.exe
  C:\Windows\System\dhgzGEC.exe
  2⤵
  PID:5044
- C:\Windows\System\jozamWj.exe
  C:\Windows\System\jozamWj.exe
  2⤵
  PID:5076
- C:\Windows\System\kiiItDU.exe
  C:\Windows\System\kiiItDU.exe
  2⤵
  PID:5092
- C:\Windows\System\hhJZwfh.exe
  C:\Windows\System\hhJZwfh.exe
  2⤵
  PID:5108
- C:\Windows\System\YDivCtP.exe
  C:\Windows\System\YDivCtP.exe
  2⤵
  PID:2444
- C:\Windows\System\FDbagZy.exe
  C:\Windows\System\FDbagZy.exe
  2⤵
  PID:4116
- C:\Windows\System\OafpwHf.exe
  C:\Windows\System\OafpwHf.exe
  2⤵
  PID:4156
- C:\Windows\System\GHhxVmm.exe
  C:\Windows\System\GHhxVmm.exe
  2⤵
  PID:4172
- C:\Windows\System\fcXTFtD.exe
  C:\Windows\System\fcXTFtD.exe
  2⤵
  PID:4104
- C:\Windows\System\FveeRvf.exe
  C:\Windows\System\FveeRvf.exe
  2⤵
  PID:4208
- C:\Windows\System\iuqSVqp.exe
  C:\Windows\System\iuqSVqp.exe
  2⤵
  PID:4284
- C:\Windows\System\KdXKOwG.exe
  C:\Windows\System\KdXKOwG.exe
  2⤵
  PID:2996
- C:\Windows\System\LOHmCZs.exe
  C:\Windows\System\LOHmCZs.exe
  2⤵
  PID:4320
- C:\Windows\System\iogUxXW.exe
  C:\Windows\System\iogUxXW.exe
  2⤵
  PID:4360
- C:\Windows\System\UOFAGHR.exe
  C:\Windows\System\UOFAGHR.exe
  2⤵
  PID:4388
- C:\Windows\System\yaPehJg.exe
  C:\Windows\System\yaPehJg.exe
  2⤵
  PID:4344
- C:\Windows\System\aXWlXqD.exe
  C:\Windows\System\aXWlXqD.exe
  2⤵
  PID:1396
- C:\Windows\System\GdFVfhP.exe
  C:\Windows\System\GdFVfhP.exe
  2⤵
  PID:4492
- C:\Windows\System\kKmaplF.exe
  C:\Windows\System\kKmaplF.exe
  2⤵
  PID:4432
- C:\Windows\System\HHoKquJ.exe
  C:\Windows\System\HHoKquJ.exe
  2⤵
  PID:4416
- C:\Windows\System\QxNDsha.exe
  C:\Windows\System\QxNDsha.exe
  2⤵
  PID:4460
- C:\Windows\System\MgnwJKX.exe
  C:\Windows\System\MgnwJKX.exe
  2⤵
  PID:4548
- C:\Windows\System\zaKTVxi.exe
  C:\Windows\System\zaKTVxi.exe
  2⤵
  PID:4592
- C:\Windows\System\uQrIMWA.exe
  C:\Windows\System\uQrIMWA.exe
  2⤵
  PID:4608
- C:\Windows\System\TGYYfof.exe
  C:\Windows\System\TGYYfof.exe
  2⤵
  PID:4644
- C:\Windows\System\Moezjph.exe
  C:\Windows\System\Moezjph.exe
  2⤵
  PID:4632
- C:\Windows\System\qgTylrs.exe
  C:\Windows\System\qgTylrs.exe
  2⤵
  PID:4728
- C:\Windows\System\JDyiOpa.exe
  C:\Windows\System\JDyiOpa.exe
  2⤵
  PID:1820
- C:\Windows\System\sQpLbef.exe
  C:\Windows\System\sQpLbef.exe
  2⤵
  PID:4800
- C:\Windows\System\rIvUaly.exe
  C:\Windows\System\rIvUaly.exe
  2⤵
  PID:4780
- C:\Windows\System\jCioNQw.exe
  C:\Windows\System\jCioNQw.exe
  2⤵
  PID:4900
- C:\Windows\System\pPtUSIY.exe
  C:\Windows\System\pPtUSIY.exe
  2⤵
  PID:4948
- C:\Windows\System\gGgofNH.exe
  C:\Windows\System\gGgofNH.exe
  2⤵
  PID:4964
- C:\Windows\System\sJiifmx.exe
  C:\Windows\System\sJiifmx.exe
  2⤵
  PID:5040
- C:\Windows\System\CqHxoqc.exe
  C:\Windows\System\CqHxoqc.exe
  2⤵
  PID:4936
- C:\Windows\System\hPrZLye.exe
  C:\Windows\System\hPrZLye.exe
  2⤵
  PID:5056
- C:\Windows\System\QlVEPrx.exe
  C:\Windows\System\QlVEPrx.exe
  2⤵
  PID:5072
- C:\Windows\System\ddFxidk.exe
  C:\Windows\System\ddFxidk.exe
  2⤵
  PID:4196
- C:\Windows\System\CmDcKDT.exe
  C:\Windows\System\CmDcKDT.exe
  2⤵
  PID:5084
- C:\Windows\System\pbVoInA.exe
  C:\Windows\System\pbVoInA.exe
  2⤵
  PID:4100
- C:\Windows\System\wzlpjuH.exe
  C:\Windows\System\wzlpjuH.exe
  2⤵
  PID:4304
- C:\Windows\System\tWOuOcM.exe
  C:\Windows\System\tWOuOcM.exe
  2⤵
  PID:4464
- C:\Windows\System\wNVZPHC.exe
  C:\Windows\System\wNVZPHC.exe
  2⤵
  PID:4600
- C:\Windows\System\lVWbpDG.exe
  C:\Windows\System\lVWbpDG.exe
  2⤵
  PID:4616
- C:\Windows\System\lAsVVbM.exe
  C:\Windows\System\lAsVVbM.exe
  2⤵
  PID:4396
- C:\Windows\System\iCKfzdc.exe
  C:\Windows\System\iCKfzdc.exe
  2⤵
  PID:4576
- C:\Windows\System\FmttqSN.exe
  C:\Windows\System\FmttqSN.exe
  2⤵
  PID:4688
- C:\Windows\System\QGPuReE.exe
  C:\Windows\System\QGPuReE.exe
  2⤵
  PID:4152
- C:\Windows\System\UafZDZc.exe
  C:\Windows\System\UafZDZc.exe
  2⤵
  PID:4852
- C:\Windows\System\pQEUIqt.exe
  C:\Windows\System\pQEUIqt.exe
  2⤵
  PID:4796
- C:\Windows\System\fItTCtN.exe
  C:\Windows\System\fItTCtN.exe
  2⤵
  PID:4740
- C:\Windows\System\mioBqlj.exe
  C:\Windows\System\mioBqlj.exe
  2⤵
  PID:4820
- C:\Windows\System\KivrZzv.exe
  C:\Windows\System\KivrZzv.exe
  2⤵
  PID:4876
- C:\Windows\System\SOIDADj.exe
  C:\Windows\System\SOIDADj.exe
  2⤵
  PID:4836
- C:\Windows\System\CkgyTwb.exe
  C:\Windows\System\CkgyTwb.exe
  2⤵
  PID:4924
- C:\Windows\System\ZKbQwNs.exe
  C:\Windows\System\ZKbQwNs.exe
  2⤵
  PID:5052
- C:\Windows\System\dmktfmB.exe
  C:\Windows\System\dmktfmB.exe
  2⤵
  PID:4200
- C:\Windows\System\gIRhpyj.exe
  C:\Windows\System\gIRhpyj.exe
  2⤵
  PID:4336
- C:\Windows\System\nbVKHBO.exe
  C:\Windows\System\nbVKHBO.exe
  2⤵
  PID:4928
- C:\Windows\System\weMUXnv.exe
  C:\Windows\System\weMUXnv.exe
  2⤵
  PID:4448
- C:\Windows\System\GXazedi.exe
  C:\Windows\System\GXazedi.exe
  2⤵
  PID:5116
- C:\Windows\System\xtnNIQh.exe
  C:\Windows\System\xtnNIQh.exe
  2⤵
  PID:4572
- C:\Windows\System\rqfCVHs.exe
  C:\Windows\System\rqfCVHs.exe
  2⤵
  PID:4676
- C:\Windows\System\VpbhSfa.exe
  C:\Windows\System\VpbhSfa.exe
  2⤵
  PID:4896
- C:\Windows\System\yIzHIHJ.exe
  C:\Windows\System\yIzHIHJ.exe
  2⤵
  PID:4848
- C:\Windows\System\oXVuaoa.exe
  C:\Windows\System\oXVuaoa.exe
  2⤵
  PID:5068
- C:\Windows\System\RYqiSaH.exe
  C:\Windows\System\RYqiSaH.exe
  2⤵
  PID:4532
- C:\Windows\System\ZoKEajy.exe
  C:\Windows\System\ZoKEajy.exe
  2⤵
  PID:4520
- C:\Windows\System\OGwbZFR.exe
  C:\Windows\System\OGwbZFR.exe
  2⤵
  PID:4864
- C:\Windows\System\caocnKV.exe
  C:\Windows\System\caocnKV.exe
  2⤵
  PID:5024
- C:\Windows\System\zFWBhnj.exe
  C:\Windows\System\zFWBhnj.exe
  2⤵
  PID:2768
- C:\Windows\System\wPaqJYL.exe
  C:\Windows\System\wPaqJYL.exe
  2⤵
  PID:3828
- C:\Windows\System\LeuODXR.exe
  C:\Windows\System\LeuODXR.exe
  2⤵
  PID:4760
- C:\Windows\System\LmiBshv.exe
  C:\Windows\System\LmiBshv.exe
  2⤵
  PID:4556
- C:\Windows\System\PUQdogl.exe
  C:\Windows\System\PUQdogl.exe
  2⤵
  PID:4260
- C:\Windows\System\KljOJKt.exe
  C:\Windows\System\KljOJKt.exe
  2⤵
  PID:5036
- C:\Windows\System\MxBoyRj.exe
  C:\Windows\System\MxBoyRj.exe
  2⤵
  PID:4228
- C:\Windows\System\doTNiWD.exe
  C:\Windows\System\doTNiWD.exe
  2⤵
  PID:4536
- C:\Windows\System\LQCzhLp.exe
  C:\Windows\System\LQCzhLp.exe
  2⤵
  PID:5004
- C:\Windows\System\znMJxZU.exe
  C:\Windows\System\znMJxZU.exe
  2⤵
  PID:4380
- C:\Windows\System\OyUZKGo.exe
  C:\Windows\System\OyUZKGo.exe
  2⤵
  PID:4412
- C:\Windows\System\iFClAMT.exe
  C:\Windows\System\iFClAMT.exe
  2⤵
  PID:5132
- C:\Windows\System\RduTYNv.exe
  C:\Windows\System\RduTYNv.exe
  2⤵
  PID:5156
- C:\Windows\System\EhCgUdm.exe
  C:\Windows\System\EhCgUdm.exe
  2⤵
  PID:5176
- C:\Windows\System\SsTehWf.exe
  C:\Windows\System\SsTehWf.exe
  2⤵
  PID:5192
- C:\Windows\System\xpvgqCc.exe
  C:\Windows\System\xpvgqCc.exe
  2⤵
  PID:5208
- C:\Windows\System\AzOJIkZ.exe
  C:\Windows\System\AzOJIkZ.exe
  2⤵
  PID:5232
- C:\Windows\System\FZRIoup.exe
  C:\Windows\System\FZRIoup.exe
  2⤵
  PID:5252
- C:\Windows\System\XZWATHH.exe
  C:\Windows\System\XZWATHH.exe
  2⤵
  PID:5272
- C:\Windows\System\ESwBCWQ.exe
  C:\Windows\System\ESwBCWQ.exe
  2⤵
  PID:5288
- C:\Windows\System\rJMnZlu.exe
  C:\Windows\System\rJMnZlu.exe
  2⤵
  PID:5328
- C:\Windows\System\rreCKLb.exe
  C:\Windows\System\rreCKLb.exe
  2⤵
  PID:5344
- C:\Windows\System\CAFseLl.exe
  C:\Windows\System\CAFseLl.exe
  2⤵
  PID:5360
- C:\Windows\System\svQiMxk.exe
  C:\Windows\System\svQiMxk.exe
  2⤵
  PID:5376
- C:\Windows\System\pWyHeWy.exe
  C:\Windows\System\pWyHeWy.exe
  2⤵
  PID:5396
- C:\Windows\System\TeFQfCB.exe
  C:\Windows\System\TeFQfCB.exe
  2⤵
  PID:5412
- C:\Windows\System\wcnxpEL.exe
  C:\Windows\System\wcnxpEL.exe
  2⤵
  PID:5428
- C:\Windows\System\QXvvjsE.exe
  C:\Windows\System\QXvvjsE.exe
  2⤵
  PID:5452
- C:\Windows\System\dzmHMTa.exe
  C:\Windows\System\dzmHMTa.exe
  2⤵
  PID:5468
- C:\Windows\System\CXKwQwR.exe
  C:\Windows\System\CXKwQwR.exe
  2⤵
  PID:5484
- C:\Windows\System\oWiJtGf.exe
  C:\Windows\System\oWiJtGf.exe
  2⤵
  PID:5500
- C:\Windows\System\zvSJTfF.exe
  C:\Windows\System\zvSJTfF.exe
  2⤵
  PID:5516
- C:\Windows\System\mrGVbDT.exe
  C:\Windows\System\mrGVbDT.exe
  2⤵
  PID:5536
- C:\Windows\System\UHryxWu.exe
  C:\Windows\System\UHryxWu.exe
  2⤵
  PID:5560
- C:\Windows\System\RFZnwVv.exe
  C:\Windows\System\RFZnwVv.exe
  2⤵
  PID:5584
- C:\Windows\System\YiEpvjG.exe
  C:\Windows\System\YiEpvjG.exe
  2⤵
  PID:5600
- C:\Windows\System\CPMnfCY.exe
  C:\Windows\System\CPMnfCY.exe
  2⤵
  PID:5640
- C:\Windows\System\wUiEoIO.exe
  C:\Windows\System\wUiEoIO.exe
  2⤵
  PID:5656
- C:\Windows\System\qffNRkc.exe
  C:\Windows\System\qffNRkc.exe
  2⤵
  PID:5672
- C:\Windows\System\DJUVvSt.exe
  C:\Windows\System\DJUVvSt.exe
  2⤵
  PID:5688
- C:\Windows\System\NBsDrPY.exe
  C:\Windows\System\NBsDrPY.exe
  2⤵
  PID:5712
- C:\Windows\System\npWtAJt.exe
  C:\Windows\System\npWtAJt.exe
  2⤵
  PID:5732
- C:\Windows\System\TgoSfIR.exe
  C:\Windows\System\TgoSfIR.exe
  2⤵
  PID:5748
- C:\Windows\System\UiBJZlx.exe
  C:\Windows\System\UiBJZlx.exe
  2⤵
  PID:5764
- C:\Windows\System\aYvxYnC.exe
  C:\Windows\System\aYvxYnC.exe
  2⤵
  PID:5780
- C:\Windows\System\FJcqDjm.exe
  C:\Windows\System\FJcqDjm.exe
  2⤵
  PID:5796
- C:\Windows\System\LfQGlfw.exe
  C:\Windows\System\LfQGlfw.exe
  2⤵
  PID:5812
- C:\Windows\System\DbEVZXh.exe
  C:\Windows\System\DbEVZXh.exe
  2⤵
  PID:5828
- C:\Windows\System\WkYknne.exe
  C:\Windows\System\WkYknne.exe
  2⤵
  PID:5848
- C:\Windows\System\kuSqkaD.exe
  C:\Windows\System\kuSqkaD.exe
  2⤵
  PID:5876
- C:\Windows\System\hOgUusw.exe
  C:\Windows\System\hOgUusw.exe
  2⤵
  PID:5892
- C:\Windows\System\BPoyCyR.exe
  C:\Windows\System\BPoyCyR.exe
  2⤵
  PID:5908
- C:\Windows\System\YcHhgQD.exe
  C:\Windows\System\YcHhgQD.exe
  2⤵
  PID:5924
- C:\Windows\System\pRPNHRJ.exe
  C:\Windows\System\pRPNHRJ.exe
  2⤵
  PID:5940
- C:\Windows\System\QPuDuIC.exe
  C:\Windows\System\QPuDuIC.exe
  2⤵
  PID:5956
- C:\Windows\System\gJXEJQz.exe
  C:\Windows\System\gJXEJQz.exe
  2⤵
  PID:5996
- C:\Windows\System\CeRJdyZ.exe
  C:\Windows\System\CeRJdyZ.exe
  2⤵
  PID:6040
- C:\Windows\System\RiJKpAb.exe
  C:\Windows\System\RiJKpAb.exe
  2⤵
  PID:6056
- C:\Windows\System\hoRSXtW.exe
  C:\Windows\System\hoRSXtW.exe
  2⤵
  PID:6072
- C:\Windows\System\XoeNylh.exe
  C:\Windows\System\XoeNylh.exe
  2⤵
  PID:6088
- C:\Windows\System\mObVZuV.exe
  C:\Windows\System\mObVZuV.exe
  2⤵
  PID:6104
- C:\Windows\System\LoGqkjU.exe
  C:\Windows\System\LoGqkjU.exe
  2⤵
  PID:6136
- C:\Windows\System\tlzUOLr.exe
  C:\Windows\System\tlzUOLr.exe
  2⤵
  PID:4268
- C:\Windows\System\PANaZgb.exe
  C:\Windows\System\PANaZgb.exe
  2⤵
  PID:4516
- C:\Windows\System\uZcztTj.exe
  C:\Windows\System\uZcztTj.exe
  2⤵
  PID:4400
- C:\Windows\System\zWUGTEY.exe
  C:\Windows\System\zWUGTEY.exe
  2⤵
  PID:5172
- C:\Windows\System\RVzAuBM.exe
  C:\Windows\System\RVzAuBM.exe
  2⤵
  PID:5240
- C:\Windows\System\kGAvXXH.exe
  C:\Windows\System\kGAvXXH.exe
  2⤵
  PID:5152
- C:\Windows\System\wtQUIAF.exe
  C:\Windows\System\wtQUIAF.exe
  2⤵
  PID:5260
- C:\Windows\System\bPzZcfK.exe
  C:\Windows\System\bPzZcfK.exe
  2⤵
  PID:5188
- C:\Windows\System\psBmPzd.exe
  C:\Windows\System\psBmPzd.exe
  2⤵
  PID:5300
- C:\Windows\System\EETDKaY.exe
  C:\Windows\System\EETDKaY.exe
  2⤵
  PID:5368
- C:\Windows\System\rkyQsWe.exe
  C:\Windows\System\rkyQsWe.exe
  2⤵
  PID:1488
- C:\Windows\System\LwOtWCw.exe
  C:\Windows\System\LwOtWCw.exe
  2⤵
  PID:5444
- C:\Windows\System\rDhgZVJ.exe
  C:\Windows\System\rDhgZVJ.exe
  2⤵
  PID:5512
- C:\Windows\System\DLqwiOc.exe
  C:\Windows\System\DLqwiOc.exe
  2⤵
  PID:5556
- C:\Windows\System\GXgVGNU.exe
  C:\Windows\System\GXgVGNU.exe
  2⤵
  PID:5388
- C:\Windows\System\wdUgWBA.exe
  C:\Windows\System\wdUgWBA.exe
  2⤵
  PID:5424
- C:\Windows\System\kCKaVsY.exe
  C:\Windows\System\kCKaVsY.exe
  2⤵
  PID:5460
- C:\Windows\System\LjnMZDE.exe
  C:\Windows\System\LjnMZDE.exe
  2⤵
  PID:5680
- C:\Windows\System\UGtdUbh.exe
  C:\Windows\System\UGtdUbh.exe
  2⤵
  PID:5756
- C:\Windows\System\NSRZdkZ.exe
  C:\Windows\System\NSRZdkZ.exe
  2⤵
  PID:5856
- C:\Windows\System\EpPawTg.exe
  C:\Windows\System\EpPawTg.exe
  2⤵
  PID:5868
- C:\Windows\System\KaJtpUp.exe
  C:\Windows\System\KaJtpUp.exe
  2⤵
  PID:5872
- C:\Windows\System\rBPNbIs.exe
  C:\Windows\System\rBPNbIs.exe
  2⤵
  PID:5972
- C:\Windows\System\TVgJKRd.exe
  C:\Windows\System\TVgJKRd.exe
  2⤵
  PID:5988
- C:\Windows\System\UfOiuan.exe
  C:\Windows\System\UfOiuan.exe
  2⤵
  PID:5620
- C:\Windows\System\BFrJUoJ.exe
  C:\Windows\System\BFrJUoJ.exe
  2⤵
  PID:5664
- C:\Windows\System\NHKVYTa.exe
  C:\Windows\System\NHKVYTa.exe
  2⤵
  PID:5700
- C:\Windows\System\iFxNFyu.exe
  C:\Windows\System\iFxNFyu.exe
  2⤵
  PID:5776
- C:\Windows\System\bzZWQiE.exe
  C:\Windows\System\bzZWQiE.exe
  2⤵
  PID:5808
- C:\Windows\System\CnMrPNQ.exe
  C:\Windows\System\CnMrPNQ.exe
  2⤵
  PID:6008
- C:\Windows\System\RjRWqDI.exe
  C:\Windows\System\RjRWqDI.exe
  2⤵
  PID:5920
- C:\Windows\System\lnkuoNS.exe
  C:\Windows\System\lnkuoNS.exe
  2⤵
  PID:6080
- C:\Windows\System\IXPGRnF.exe
  C:\Windows\System\IXPGRnF.exe
  2⤵
  PID:6068
- C:\Windows\System\eFomZlB.exe
  C:\Windows\System\eFomZlB.exe
  2⤵
  PID:6036
- C:\Windows\System\EWQkoKw.exe
  C:\Windows\System\EWQkoKw.exe
  2⤵
  PID:6128
- C:\Windows\System\yilqoLY.exe
  C:\Windows\System\yilqoLY.exe
  2⤵
  PID:5124
- C:\Windows\System\kdcQhJJ.exe
  C:\Windows\System\kdcQhJJ.exe
  2⤵
  PID:5168
- C:\Windows\System\ifoeYPF.exe
  C:\Windows\System\ifoeYPF.exe
  2⤵
  PID:4724
- C:\Windows\System\zccJsKh.exe
  C:\Windows\System\zccJsKh.exe
  2⤵
  PID:5148
- C:\Windows\System\QZylolP.exe
  C:\Windows\System\QZylolP.exe
  2⤵
  PID:5228
- C:\Windows\System\XpTaDDc.exe
  C:\Windows\System\XpTaDDc.exe
  2⤵
  PID:5436
- C:\Windows\System\BKaHyFo.exe
  C:\Windows\System\BKaHyFo.exe
  2⤵
  PID:5552
- C:\Windows\System\maKDxgs.exe
  C:\Windows\System\maKDxgs.exe
  2⤵
  PID:5312
- C:\Windows\System\pvXBIBE.exe
  C:\Windows\System\pvXBIBE.exe
  2⤵
  PID:5384
- C:\Windows\System\ncxCSrI.exe
  C:\Windows\System\ncxCSrI.exe
  2⤵
  PID:5580
- C:\Windows\System\YXBhCrS.exe
  C:\Windows\System\YXBhCrS.exe
  2⤵
  PID:5628
- C:\Windows\System\tEXrhvD.exe
  C:\Windows\System\tEXrhvD.exe
  2⤵
  PID:5140
- C:\Windows\System\etfCfUH.exe
  C:\Windows\System\etfCfUH.exe
  2⤵
  PID:5528
- C:\Windows\System\fDxnccc.exe
  C:\Windows\System\fDxnccc.exe
  2⤵
  PID:5984
- C:\Windows\System\JcdwWiP.exe
  C:\Windows\System\JcdwWiP.exe
  2⤵
  PID:5744
- C:\Windows\System\tKXaPpO.exe
  C:\Windows\System\tKXaPpO.exe
  2⤵
  PID:6020
- C:\Windows\System\DzSOHEF.exe
  C:\Windows\System\DzSOHEF.exe
  2⤵
  PID:6100
- C:\Windows\System\YwSCNNP.exe
  C:\Windows\System\YwSCNNP.exe
  2⤵
  PID:2712
- C:\Windows\System\AgyaXlY.exe
  C:\Windows\System\AgyaXlY.exe
  2⤵
  PID:5284
- C:\Windows\System\UYmhHES.exe
  C:\Windows\System\UYmhHES.exe
  2⤵
  PID:5220
- C:\Windows\System\tWVdznz.exe
  C:\Windows\System\tWVdznz.exe
  2⤵
  PID:5340
- C:\Windows\System\GKgTsYJ.exe
  C:\Windows\System\GKgTsYJ.exe
  2⤵
  PID:6028
- C:\Windows\System\sVEPcJv.exe
  C:\Windows\System\sVEPcJv.exe
  2⤵
  PID:5596
- C:\Windows\System\vkymctT.exe
  C:\Windows\System\vkymctT.exe
  2⤵
  PID:5648
- C:\Windows\System\OuFrinP.exe
  C:\Windows\System\OuFrinP.exe
  2⤵
  PID:5792
- C:\Windows\System\yWKIhLr.exe
  C:\Windows\System\yWKIhLr.exe
  2⤵
  PID:5476
- C:\Windows\System\traiyLq.exe
  C:\Windows\System\traiyLq.exe
  2⤵
  PID:5532
- C:\Windows\System\cExQGsn.exe
  C:\Windows\System\cExQGsn.exe
  2⤵
  PID:1984
- C:\Windows\System\gOSfHWr.exe
  C:\Windows\System\gOSfHWr.exe
  2⤵
  PID:6052
- C:\Windows\System\zonhZDo.exe
  C:\Windows\System\zonhZDo.exe
  2⤵
  PID:5316
- C:\Windows\System\eqcdEUt.exe
  C:\Windows\System\eqcdEUt.exe
  2⤵
  PID:5696
- C:\Windows\System\rHWMKmt.exe
  C:\Windows\System\rHWMKmt.exe
  2⤵
  PID:5336
- C:\Windows\System\pivUnGj.exe
  C:\Windows\System\pivUnGj.exe
  2⤵
  PID:5884
- C:\Windows\System\BqvoByg.exe
  C:\Windows\System\BqvoByg.exe
  2⤵
  PID:5632
- C:\Windows\System\rVLcSYw.exe
  C:\Windows\System\rVLcSYw.exe
  2⤵
  PID:5616
- C:\Windows\System\mKggXxo.exe
  C:\Windows\System\mKggXxo.exe
  2⤵
  PID:5864
- C:\Windows\System\ruyrvEs.exe
  C:\Windows\System\ruyrvEs.exe
  2⤵
  PID:5548
- C:\Windows\System\OmqMOuO.exe
  C:\Windows\System\OmqMOuO.exe
  2⤵
  PID:4764
- C:\Windows\System\sQNJfQT.exe
  C:\Windows\System\sQNJfQT.exe
  2⤵
  PID:5724
- C:\Windows\System\KiKUYRJ.exe
  C:\Windows\System\KiKUYRJ.exe
  2⤵
  PID:5964
- C:\Windows\System\AISJOtz.exe
  C:\Windows\System\AISJOtz.exe
  2⤵
  PID:5916
- C:\Windows\System\DRpRlsc.exe
  C:\Windows\System\DRpRlsc.exe
  2⤵
  PID:4224
- C:\Windows\System\rqRhvEy.exe
  C:\Windows\System\rqRhvEy.exe
  2⤵
  PID:6152
- C:\Windows\System\PMCTVIY.exe
  C:\Windows\System\PMCTVIY.exe
  2⤵
  PID:6168
- C:\Windows\System\KuVIRUw.exe
  C:\Windows\System\KuVIRUw.exe
  2⤵
  PID:6188
- C:\Windows\System\jZyHfYM.exe
  C:\Windows\System\jZyHfYM.exe
  2⤵
  PID:6208
- C:\Windows\System\JQxJOyr.exe
  C:\Windows\System\JQxJOyr.exe
  2⤵
  PID:6224
- C:\Windows\System\ZvUTrVh.exe
  C:\Windows\System\ZvUTrVh.exe
  2⤵
  PID:6252
- C:\Windows\System\smFPZjV.exe
  C:\Windows\System\smFPZjV.exe
  2⤵
  PID:6268
- C:\Windows\System\AAXDRaa.exe
  C:\Windows\System\AAXDRaa.exe
  2⤵
  PID:6316
- C:\Windows\System\OoswFJa.exe
  C:\Windows\System\OoswFJa.exe
  2⤵
  PID:6332
- C:\Windows\System\DdrjPlV.exe
  C:\Windows\System\DdrjPlV.exe
  2⤵
  PID:6348
- C:\Windows\System\WBKCijE.exe
  C:\Windows\System\WBKCijE.exe
  2⤵
  PID:6364
- C:\Windows\System\GSgVNvI.exe
  C:\Windows\System\GSgVNvI.exe
  2⤵
  PID:6384
- C:\Windows\System\XOWULgF.exe
  C:\Windows\System\XOWULgF.exe
  2⤵
  PID:6400
- C:\Windows\System\AORuhwe.exe
  C:\Windows\System\AORuhwe.exe
  2⤵
  PID:6416
- C:\Windows\System\BrfaRfG.exe
  C:\Windows\System\BrfaRfG.exe
  2⤵
  PID:6432
- C:\Windows\System\zkxdWQb.exe
  C:\Windows\System\zkxdWQb.exe
  2⤵
  PID:6452
- C:\Windows\System\XpcSYyt.exe
  C:\Windows\System\XpcSYyt.exe
  2⤵
  PID:6468
- C:\Windows\System\QeKaSLJ.exe
  C:\Windows\System\QeKaSLJ.exe
  2⤵
  PID:6484
- C:\Windows\System\TOJKcqn.exe
  C:\Windows\System\TOJKcqn.exe
  2⤵
  PID:6500
- C:\Windows\System\FXybbVB.exe
  C:\Windows\System\FXybbVB.exe
  2⤵
  PID:6516
- C:\Windows\System\ZLfjuyT.exe
  C:\Windows\System\ZLfjuyT.exe
  2⤵
  PID:6532
- C:\Windows\System\oPRjsam.exe
  C:\Windows\System\oPRjsam.exe
  2⤵
  PID:6548
- C:\Windows\System\UxVtxZJ.exe
  C:\Windows\System\UxVtxZJ.exe
  2⤵
  PID:6564
- C:\Windows\System\VbKYZsL.exe
  C:\Windows\System\VbKYZsL.exe
  2⤵
  PID:6580
- C:\Windows\System\WOARNVd.exe
  C:\Windows\System\WOARNVd.exe
  2⤵
  PID:6652
- C:\Windows\System\lJtTYJK.exe
  C:\Windows\System\lJtTYJK.exe
  2⤵
  PID:6668
- C:\Windows\System\LXIULuG.exe
  C:\Windows\System\LXIULuG.exe
  2⤵
  PID:6684
- C:\Windows\System\YbtnMHC.exe
  C:\Windows\System\YbtnMHC.exe
  2⤵
  PID:6704
- C:\Windows\System\qMOFHOT.exe
  C:\Windows\System\qMOFHOT.exe
  2⤵
  PID:6720
- C:\Windows\System\mgiTilx.exe
  C:\Windows\System\mgiTilx.exe
  2⤵
  PID:6736
- C:\Windows\System\kKJZXXj.exe
  C:\Windows\System\kKJZXXj.exe
  2⤵
  PID:6756
- C:\Windows\System\iJJZmSD.exe
  C:\Windows\System\iJJZmSD.exe
  2⤵
  PID:6776
- C:\Windows\System\PRDjcdF.exe
  C:\Windows\System\PRDjcdF.exe
  2⤵
  PID:6792
- C:\Windows\System\BwkuLES.exe
  C:\Windows\System\BwkuLES.exe
  2⤵
  PID:6808
- C:\Windows\System\wbWNMZR.exe
  C:\Windows\System\wbWNMZR.exe
  2⤵
  PID:6824
- C:\Windows\System\jvQHlSD.exe
  C:\Windows\System\jvQHlSD.exe
  2⤵
  PID:6840
- C:\Windows\System\fFjTcWI.exe
  C:\Windows\System\fFjTcWI.exe
  2⤵
  PID:6856
- C:\Windows\System\mpYmiXn.exe
  C:\Windows\System\mpYmiXn.exe
  2⤵
  PID:6872
- C:\Windows\System\PKjpEcR.exe
  C:\Windows\System\PKjpEcR.exe
  2⤵
  PID:6888
- C:\Windows\System\JjIqASU.exe
  C:\Windows\System\JjIqASU.exe
  2⤵
  PID:6952
- C:\Windows\System\NmIUlDI.exe
  C:\Windows\System\NmIUlDI.exe
  2⤵
  PID:6972
- C:\Windows\System\ZIaCUVw.exe
  C:\Windows\System\ZIaCUVw.exe
  2⤵
  PID:6996
- C:\Windows\System\CEDMQBH.exe
  C:\Windows\System\CEDMQBH.exe
  2⤵
  PID:7012
- C:\Windows\System\ENXdotw.exe
  C:\Windows\System\ENXdotw.exe
  2⤵
  PID:7028
- C:\Windows\System\TAWiFkz.exe
  C:\Windows\System\TAWiFkz.exe
  2⤵
  PID:7044
- C:\Windows\System\GwjqYMH.exe
  C:\Windows\System\GwjqYMH.exe
  2⤵
  PID:7064
- C:\Windows\System\zKZoBzu.exe
  C:\Windows\System\zKZoBzu.exe
  2⤵
  PID:7084
- C:\Windows\System\NybowtK.exe
  C:\Windows\System\NybowtK.exe
  2⤵
  PID:7100
- C:\Windows\System\Ynuabgr.exe
  C:\Windows\System\Ynuabgr.exe
  2⤵
  PID:7116
- C:\Windows\System\NGkQlkj.exe
  C:\Windows\System\NGkQlkj.exe
  2⤵
  PID:7132
- C:\Windows\System\aRYKVFj.exe
  C:\Windows\System\aRYKVFj.exe
  2⤵
  PID:7152
- C:\Windows\System\NCMjLQE.exe
  C:\Windows\System\NCMjLQE.exe
  2⤵
  PID:6016
- C:\Windows\System\QgHRWNN.exe
  C:\Windows\System\QgHRWNN.exe
  2⤵
  PID:5524
- C:\Windows\System\jHyMPVj.exe
  C:\Windows\System\jHyMPVj.exe
  2⤵
  PID:6216
- C:\Windows\System\kUjKCZe.exe
  C:\Windows\System\kUjKCZe.exe
  2⤵
  PID:6196
- C:\Windows\System\sBjLHnd.exe
  C:\Windows\System\sBjLHnd.exe
  2⤵
  PID:6244
- C:\Windows\System\gosvyMX.exe
  C:\Windows\System\gosvyMX.exe
  2⤵
  PID:1740
- C:\Windows\System\DjiRMIf.exe
  C:\Windows\System\DjiRMIf.exe
  2⤵
  PID:6300
- C:\Windows\System\NPAsrYD.exe
  C:\Windows\System\NPAsrYD.exe
  2⤵
  PID:6260
- C:\Windows\System\rcUYUMe.exe
  C:\Windows\System\rcUYUMe.exe
  2⤵
  PID:6276
- C:\Windows\System\sXTMbzu.exe
  C:\Windows\System\sXTMbzu.exe
  2⤵
  PID:6340
- C:\Windows\System\DtgPrYQ.exe
  C:\Windows\System\DtgPrYQ.exe
  2⤵
  PID:6408
- C:\Windows\System\FUSaMKu.exe
  C:\Windows\System\FUSaMKu.exe
  2⤵
  PID:6360
- C:\Windows\System\FKUFdSw.exe
  C:\Windows\System\FKUFdSw.exe
  2⤵
  PID:6480
- C:\Windows\System\dDLwZGg.exe
  C:\Windows\System\dDLwZGg.exe
  2⤵
  PID:6424
- C:\Windows\System\dWZTTAT.exe
  C:\Windows\System\dWZTTAT.exe
  2⤵
  PID:6492
- C:\Windows\System\yptisfQ.exe
  C:\Windows\System\yptisfQ.exe
  2⤵
  PID:6556
- C:\Windows\System\xvkwfSv.exe
  C:\Windows\System\xvkwfSv.exe
  2⤵
  PID:6600
- C:\Windows\System\bQsHCXl.exe
  C:\Windows\System\bQsHCXl.exe
  2⤵
  PID:6616
- C:\Windows\System\dFpUHrn.exe
  C:\Windows\System\dFpUHrn.exe
  2⤵
  PID:6632
- C:\Windows\System\MBStXEz.exe
  C:\Windows\System\MBStXEz.exe
  2⤵
  PID:6544
- C:\Windows\System\SgOWGdp.exe
  C:\Windows\System\SgOWGdp.exe
  2⤵
  PID:6768
- C:\Windows\System\BXvykZp.exe
  C:\Windows\System\BXvykZp.exe
  2⤵
  PID:6836
- C:\Windows\System\wcAmeIN.exe
  C:\Windows\System\wcAmeIN.exe
  2⤵
  PID:6712
- C:\Windows\System\KCrHPgA.exe
  C:\Windows\System\KCrHPgA.exe
  2⤵
  PID:6744
- C:\Windows\System\UJgdKuI.exe
  C:\Windows\System\UJgdKuI.exe
  2⤵
  PID:6788
- C:\Windows\System\xbPdrmB.exe
  C:\Windows\System\xbPdrmB.exe
  2⤵
  PID:6884
- C:\Windows\System\oaPVTZk.exe
  C:\Windows\System\oaPVTZk.exe
  2⤵
  PID:6700
- C:\Windows\System\wJeIPDh.exe
  C:\Windows\System\wJeIPDh.exe
  2⤵
  PID:4248
- C:\Windows\System\trtmJVy.exe
  C:\Windows\System\trtmJVy.exe
  2⤵
  PID:6912
- C:\Windows\System\RIzHYDA.exe
  C:\Windows\System\RIzHYDA.exe
  2⤵
  PID:6932
- C:\Windows\System\nabjEqF.exe
  C:\Windows\System\nabjEqF.exe
  2⤵
  PID:6960
- C:\Windows\System\uWdgpDa.exe
  C:\Windows\System\uWdgpDa.exe
  2⤵
  PID:2448
- C:\Windows\System\dXVqspR.exe
  C:\Windows\System\dXVqspR.exe
  2⤵
  PID:7056
- C:\Windows\System\UFrZFsx.exe
  C:\Windows\System\UFrZFsx.exe
  2⤵
  PID:6992
- C:\Windows\System\bahnFkV.exe
  C:\Windows\System\bahnFkV.exe
  2⤵
  PID:7096
- C:\Windows\System\fEZGddR.exe
  C:\Windows\System\fEZGddR.exe
  2⤵
  PID:7144
- C:\Windows\System\AXjKOKv.exe
  C:\Windows\System\AXjKOKv.exe
  2⤵
  PID:5480
- C:\Windows\System\MzCIDgW.exe
  C:\Windows\System\MzCIDgW.exe
  2⤵
  PID:5804
- C:\Windows\System\mdnfmZu.exe
  C:\Windows\System\mdnfmZu.exe
  2⤵
  PID:5216
- C:\Windows\System\wSaKeeV.exe
  C:\Windows\System\wSaKeeV.exe
  2⤵
  PID:5572
- C:\Windows\System\qFUwGRo.exe
  C:\Windows\System\qFUwGRo.exe
  2⤵
  PID:6324
- C:\Windows\System\ApPwZAe.exe
  C:\Windows\System\ApPwZAe.exe
  2⤵
  PID:6464
- C:\Windows\System\wIiJUeL.exe
  C:\Windows\System\wIiJUeL.exe
  2⤵
  PID:6312
- C:\Windows\System\DLQbMXw.exe
  C:\Windows\System\DLQbMXw.exe
  2⤵
  PID:6624
- C:\Windows\System\PcnelIs.exe
  C:\Windows\System\PcnelIs.exe
  2⤵
  PID:6900
- C:\Windows\System\AQxwxDc.exe
  C:\Windows\System\AQxwxDc.exe
  2⤵
  PID:6356
- C:\Windows\System\QHmWQbt.exe
  C:\Windows\System\QHmWQbt.exe
  2⤵
  PID:6304
- C:\Windows\System\JzAaIlU.exe
  C:\Windows\System\JzAaIlU.exe
  2⤵
  PID:6524
- C:\Windows\System\srIVczy.exe
  C:\Windows\System\srIVczy.exe
  2⤵
  PID:6572
- C:\Windows\System\xFrscTj.exe
  C:\Windows\System\xFrscTj.exe
  2⤵
  PID:6868
- C:\Windows\System\wGVAGFm.exe
  C:\Windows\System\wGVAGFm.exe
  2⤵
  PID:6940
- C:\Windows\System\zmlubpJ.exe
  C:\Windows\System\zmlubpJ.exe
  2⤵
  PID:6848
- C:\Windows\System\EwplXuG.exe
  C:\Windows\System\EwplXuG.exe
  2⤵
  PID:6920
- C:\Windows\System\xiwpSSS.exe
  C:\Windows\System\xiwpSSS.exe
  2⤵
  PID:7008
- C:\Windows\System\KzXcspG.exe
  C:\Windows\System\KzXcspG.exe
  2⤵
  PID:6820
- C:\Windows\System\GAHCkSA.exe
  C:\Windows\System\GAHCkSA.exe
  2⤵
  PID:6944
- C:\Windows\System\ObrGChd.exe
  C:\Windows\System\ObrGChd.exe
  2⤵
  PID:7040
- C:\Windows\System\LzKvohu.exe
  C:\Windows\System\LzKvohu.exe
  2⤵
  PID:6984
- C:\Windows\System\UJitLOX.exe
  C:\Windows\System\UJitLOX.exe
  2⤵
  PID:7164
- C:\Windows\System\QaiTLdF.exe
  C:\Windows\System\QaiTLdF.exe
  2⤵
  PID:7140
- C:\Windows\System\rjWXWeS.exe
  C:\Windows\System\rjWXWeS.exe
  2⤵
  PID:6460
- C:\Windows\System\ahgJUcC.exe
  C:\Windows\System\ahgJUcC.exe
  2⤵
  PID:6236
- C:\Windows\System\broFzxf.exe
  C:\Windows\System\broFzxf.exe
  2⤵
  PID:6292
- C:\Windows\System\SaCIAPc.exe
  C:\Windows\System\SaCIAPc.exe
  2⤵
  PID:6232
- C:\Windows\System\cQGKOaz.exe
  C:\Windows\System\cQGKOaz.exe
  2⤵
  PID:6692
- C:\Windows\System\sZUZest.exe
  C:\Windows\System\sZUZest.exe
  2⤵
  PID:5840
- C:\Windows\System\gsSecwv.exe
  C:\Windows\System\gsSecwv.exe
  2⤵
  PID:6308
- C:\Windows\System\SrswyKL.exe
  C:\Windows\System\SrswyKL.exe
  2⤵
  PID:6864
- C:\Windows\System\gZJViXj.exe
  C:\Windows\System\gZJViXj.exe
  2⤵
  PID:768
- C:\Windows\System\ryoIVxT.exe
  C:\Windows\System\ryoIVxT.exe
  2⤵
  PID:6772
- C:\Windows\System\ZnEnjFE.exe
  C:\Windows\System\ZnEnjFE.exe
  2⤵
  PID:5144
- C:\Windows\System\FllXigz.exe
  C:\Windows\System\FllXigz.exe
  2⤵
  PID:5708
- C:\Windows\System\YVLAnet.exe
  C:\Windows\System\YVLAnet.exe
  2⤵
  PID:6160
- C:\Windows\System\IqzfpAb.exe
  C:\Windows\System\IqzfpAb.exe
  2⤵
  PID:7112
- C:\Windows\System\CJFATql.exe
  C:\Windows\System\CJFATql.exe
  2⤵
  PID:6664
- C:\Windows\System\SwwHIRL.exe
  C:\Windows\System\SwwHIRL.exe
  2⤵
  PID:6676
- C:\Windows\System\dnakAwp.exe
  C:\Windows\System\dnakAwp.exe
  2⤵
  PID:6968
- C:\Windows\System\RVBGaER.exe
  C:\Windows\System\RVBGaER.exe
  2⤵
  PID:7128
- C:\Windows\System\arGDbOB.exe
  C:\Windows\System\arGDbOB.exe
  2⤵
  PID:1736
- C:\Windows\System\QlNaKly.exe
  C:\Windows\System\QlNaKly.exe
  2⤵
  PID:7024
- C:\Windows\System\oxSeZld.exe
  C:\Windows\System\oxSeZld.exe
  2⤵
  PID:6908
- C:\Windows\System\RoYBPCH.exe
  C:\Windows\System\RoYBPCH.exe
  2⤵
  PID:7180
- C:\Windows\System\bgaUfcq.exe
  C:\Windows\System\bgaUfcq.exe
  2⤵
  PID:7196
- C:\Windows\System\HJFAXac.exe
  C:\Windows\System\HJFAXac.exe
  2⤵
  PID:7212
- C:\Windows\System\eOxVjXC.exe
  C:\Windows\System\eOxVjXC.exe
  2⤵
  PID:7228
- C:\Windows\System\lwpSjNl.exe
  C:\Windows\System\lwpSjNl.exe
  2⤵
  PID:7248
- C:\Windows\System\ZkxOSgw.exe
  C:\Windows\System\ZkxOSgw.exe
  2⤵
  PID:7268
- C:\Windows\System\BBPlHRK.exe
  C:\Windows\System\BBPlHRK.exe
  2⤵
  PID:7284
- C:\Windows\System\vXYtNWr.exe
  C:\Windows\System\vXYtNWr.exe
  2⤵
  PID:7300
- C:\Windows\System\bEJpVVv.exe
  C:\Windows\System\bEJpVVv.exe
  2⤵
  PID:7324
- C:\Windows\System\KQQvFlf.exe
  C:\Windows\System\KQQvFlf.exe
  2⤵
  PID:7340
- C:\Windows\System\zuWzInL.exe
  C:\Windows\System\zuWzInL.exe
  2⤵
  PID:7356
- C:\Windows\System\uPBCIyy.exe
  C:\Windows\System\uPBCIyy.exe
  2⤵
  PID:7372
- C:\Windows\System\KMNzxLz.exe
  C:\Windows\System\KMNzxLz.exe
  2⤵
  PID:7388
- C:\Windows\System\LtekByQ.exe
  C:\Windows\System\LtekByQ.exe
  2⤵
  PID:7404
- C:\Windows\System\kAsFOXm.exe
  C:\Windows\System\kAsFOXm.exe
  2⤵
  PID:7420
- C:\Windows\System\GjmdSfM.exe
  C:\Windows\System\GjmdSfM.exe
  2⤵
  PID:7436
- C:\Windows\System\LapwBwf.exe
  C:\Windows\System\LapwBwf.exe
  2⤵
  PID:7452
- C:\Windows\System\rmpjqPZ.exe
  C:\Windows\System\rmpjqPZ.exe
  2⤵
  PID:7468
- C:\Windows\System\WqzvWnw.exe
  C:\Windows\System\WqzvWnw.exe
  2⤵
  PID:7484
- C:\Windows\System\qYfLopg.exe
  C:\Windows\System\qYfLopg.exe
  2⤵
  PID:7500
- C:\Windows\System\sVwFwil.exe
  C:\Windows\System\sVwFwil.exe
  2⤵
  PID:7516
- C:\Windows\System\EZuaCGJ.exe
  C:\Windows\System\EZuaCGJ.exe
  2⤵
  PID:7532
- C:\Windows\System\nXamSCG.exe
  C:\Windows\System\nXamSCG.exe
  2⤵
  PID:7548
- C:\Windows\System\LObLXcZ.exe
  C:\Windows\System\LObLXcZ.exe
  2⤵
  PID:7564
- C:\Windows\System\iqCYqXT.exe
  C:\Windows\System\iqCYqXT.exe
  2⤵
  PID:7580
- C:\Windows\System\kJpVKSu.exe
  C:\Windows\System\kJpVKSu.exe
  2⤵
  PID:7596
- C:\Windows\System\OBdIrEB.exe
  C:\Windows\System\OBdIrEB.exe
  2⤵
  PID:7612
- C:\Windows\System\SEViZaZ.exe
  C:\Windows\System\SEViZaZ.exe
  2⤵
  PID:7628
- C:\Windows\System\fhOAfUZ.exe
  C:\Windows\System\fhOAfUZ.exe
  2⤵
  PID:7644
- C:\Windows\System\gWpaPgb.exe
  C:\Windows\System\gWpaPgb.exe
  2⤵
  PID:7660
- C:\Windows\System\QghGRho.exe
  C:\Windows\System\QghGRho.exe
  2⤵
  PID:7680
- C:\Windows\System\lTBzlhH.exe
  C:\Windows\System\lTBzlhH.exe
  2⤵
  PID:7696
- C:\Windows\System\nRzwiqK.exe
  C:\Windows\System\nRzwiqK.exe
  2⤵
  PID:7740
- C:\Windows\System\VMmxSuJ.exe
  C:\Windows\System\VMmxSuJ.exe
  2⤵
  PID:7772
- C:\Windows\System\qhgXsJk.exe
  C:\Windows\System\qhgXsJk.exe
  2⤵
  PID:7788
- C:\Windows\System\haNOarR.exe
  C:\Windows\System\haNOarR.exe
  2⤵
  PID:7804
- C:\Windows\System\KAYVswA.exe
  C:\Windows\System\KAYVswA.exe
  2⤵
  PID:7820
- C:\Windows\System\eeWOBCi.exe
  C:\Windows\System\eeWOBCi.exe
  2⤵
  PID:7840
- C:\Windows\System\rCqhQjC.exe
  C:\Windows\System\rCqhQjC.exe
  2⤵
  PID:7856
- C:\Windows\System\BxINmqe.exe
  C:\Windows\System\BxINmqe.exe
  2⤵
  PID:7872
- C:\Windows\System\XiKYCfE.exe
  C:\Windows\System\XiKYCfE.exe
  2⤵
  PID:7888
- C:\Windows\System\LkNOXsg.exe
  C:\Windows\System\LkNOXsg.exe
  2⤵
  PID:7904
- C:\Windows\System\dVVmHVz.exe
  C:\Windows\System\dVVmHVz.exe
  2⤵
  PID:7928
- C:\Windows\System\mGpNVvr.exe
  C:\Windows\System\mGpNVvr.exe
  2⤵
  PID:7944
- C:\Windows\System\RRuOIEe.exe
  C:\Windows\System\RRuOIEe.exe
  2⤵
  PID:7964
- C:\Windows\System\UTKaCUC.exe
  C:\Windows\System\UTKaCUC.exe
  2⤵
  PID:7980
- C:\Windows\System\BxCtbhr.exe
  C:\Windows\System\BxCtbhr.exe
  2⤵
  PID:7996
- C:\Windows\System\vtCNUTm.exe
  C:\Windows\System\vtCNUTm.exe
  2⤵
  PID:8012
- C:\Windows\System\jieaIYX.exe
  C:\Windows\System\jieaIYX.exe
  2⤵
  PID:8028
- C:\Windows\System\MrBTROk.exe
  C:\Windows\System\MrBTROk.exe
  2⤵
  PID:8044
- C:\Windows\System\pBfsxNs.exe
  C:\Windows\System\pBfsxNs.exe
  2⤵
  PID:8060
- C:\Windows\System\iXvpWvi.exe
  C:\Windows\System\iXvpWvi.exe
  2⤵
  PID:8076
- C:\Windows\System\UJTJtQY.exe
  C:\Windows\System\UJTJtQY.exe
  2⤵
  PID:8092
- C:\Windows\System\DzYtwUY.exe
  C:\Windows\System\DzYtwUY.exe
  2⤵
  PID:8108
- C:\Windows\System\btBoakt.exe
  C:\Windows\System\btBoakt.exe
  2⤵
  PID:8124
- C:\Windows\System\OGEMZjc.exe
  C:\Windows\System\OGEMZjc.exe
  2⤵
  PID:8144
- C:\Windows\System\sVUPxKI.exe
  C:\Windows\System\sVUPxKI.exe
  2⤵
  PID:8160
- C:\Windows\System\fMmMHAP.exe
  C:\Windows\System\fMmMHAP.exe
  2⤵
  PID:8176
- C:\Windows\System\jnbVyVz.exe
  C:\Windows\System\jnbVyVz.exe
  2⤵
  PID:6608
- C:\Windows\System\LXolUKj.exe
  C:\Windows\System\LXolUKj.exe
  2⤵
  PID:6296
- C:\Windows\System\jdFrYVi.exe
  C:\Windows\System\jdFrYVi.exe
  2⤵
  PID:6328
- C:\Windows\System\szEXtZD.exe
  C:\Windows\System\szEXtZD.exe
  2⤵
  PID:5304
- C:\Windows\System\YDXyJzU.exe
  C:\Windows\System\YDXyJzU.exe
  2⤵
  PID:4988
- C:\Windows\System\fKWsVay.exe
  C:\Windows\System\fKWsVay.exe
  2⤵
  PID:7240
- C:\Windows\System\LIhkyGv.exe
  C:\Windows\System\LIhkyGv.exe
  2⤵
  PID:7260
- C:\Windows\System\HlZTkaX.exe
  C:\Windows\System\HlZTkaX.exe
  2⤵
  PID:7280
- C:\Windows\System\nAlfxyF.exe
  C:\Windows\System\nAlfxyF.exe
  2⤵
  PID:6372
- C:\Windows\System\gJOlQts.exe
  C:\Windows\System\gJOlQts.exe
  2⤵
  PID:7296
- C:\Windows\System\IKDdXRK.exe
  C:\Windows\System\IKDdXRK.exe
  2⤵
  PID:7352
- C:\Windows\System\GaNCdii.exe
  C:\Windows\System\GaNCdii.exe
  2⤵
  PID:7416
- C:\Windows\System\xVqaoyc.exe
  C:\Windows\System\xVqaoyc.exe
  2⤵
  PID:7464
- C:\Windows\System\dheCvsJ.exe
  C:\Windows\System\dheCvsJ.exe
  2⤵
  PID:7428
- C:\Windows\System\xtAvmWF.exe
  C:\Windows\System\xtAvmWF.exe
  2⤵
  PID:7508
- C:\Windows\System\nsJAnZP.exe
  C:\Windows\System\nsJAnZP.exe
  2⤵
  PID:7572
- C:\Windows\System\aHrqnOg.exe
  C:\Windows\System\aHrqnOg.exe
  2⤵
  PID:7560
- C:\Windows\System\sFzNXvo.exe
  C:\Windows\System\sFzNXvo.exe
  2⤵
  PID:7652
- C:\Windows\System\IbPFGTs.exe
  C:\Windows\System\IbPFGTs.exe
  2⤵
  PID:7656
- C:\Windows\System\uLGpvUD.exe
  C:\Windows\System\uLGpvUD.exe
  2⤵
  PID:7676
- C:\Windows\System\bDqRzTv.exe
  C:\Windows\System\bDqRzTv.exe
  2⤵
  PID:7688
- C:\Windows\System\bygADCe.exe
  C:\Windows\System\bygADCe.exe
  2⤵
  PID:7692
- C:\Windows\System\GyLzsdr.exe
  C:\Windows\System\GyLzsdr.exe
  2⤵
  PID:7756
- C:\Windows\System\yrvxgZX.exe
  C:\Windows\System\yrvxgZX.exe
  2⤵
  PID:7800
- C:\Windows\System\ZsKoqHP.exe
  C:\Windows\System\ZsKoqHP.exe
  2⤵
  PID:7868
- C:\Windows\System\GDOCtLi.exe
  C:\Windows\System\GDOCtLi.exe
  2⤵
  PID:7848
- C:\Windows\System\adNoWoM.exe
  C:\Windows\System\adNoWoM.exe
  2⤵
  PID:7884
- C:\Windows\System\WNaHEVT.exe
  C:\Windows\System\WNaHEVT.exe
  2⤵
  PID:7796
- C:\Windows\System\kmGJZSY.exe
  C:\Windows\System\kmGJZSY.exe
  2⤵
  PID:7924
- C:\Windows\System\VLMpytF.exe
  C:\Windows\System\VLMpytF.exe
  2⤵
  PID:7940
- C:\Windows\System\wKlZFhf.exe
  C:\Windows\System\wKlZFhf.exe
  2⤵
  PID:8004
- C:\Windows\System\eczdYhz.exe
  C:\Windows\System\eczdYhz.exe
  2⤵
  PID:8052
- C:\Windows\System\ROOzRHN.exe
  C:\Windows\System\ROOzRHN.exe
  2⤵
  PID:7972
- C:\Windows\System\PaaQZcM.exe
  C:\Windows\System\PaaQZcM.exe
  2⤵
  PID:8120
- C:\Windows\System\BYuSxdv.exe
  C:\Windows\System\BYuSxdv.exe
  2⤵
  PID:8036
- C:\Windows\System\HshDoaw.exe
  C:\Windows\System\HshDoaw.exe
  2⤵
  PID:8100
- C:\Windows\System\SvtpahF.exe
  C:\Windows\System\SvtpahF.exe
  2⤵
  PID:8168
- C:\Windows\System\duQaREs.exe
  C:\Windows\System\duQaREs.exe
  2⤵
  PID:6592
- C:\Windows\System\OVZeLLo.exe
  C:\Windows\System\OVZeLLo.exe
  2⤵
  PID:7148
- C:\Windows\System\NApxXja.exe
  C:\Windows\System\NApxXja.exe
  2⤵
  PID:7188
- C:\Windows\System\OIotDJy.exe
  C:\Windows\System\OIotDJy.exe
  2⤵
  PID:7312
- C:\Windows\System\MKEKdeV.exe
  C:\Windows\System\MKEKdeV.exe
  2⤵
  PID:5020
- C:\Windows\System\GHGLhxc.exe
  C:\Windows\System\GHGLhxc.exe
  2⤵
  PID:7396
- C:\Windows\System\jFVsxUm.exe
  C:\Windows\System\jFVsxUm.exe
  2⤵
  PID:7348
- C:\Windows\System\jhBgJrZ.exe
  C:\Windows\System\jhBgJrZ.exe
  2⤵
  PID:7496
- C:\Windows\System\zXGYAgC.exe
  C:\Windows\System\zXGYAgC.exe
  2⤵
  PID:7492
- C:\Windows\System\zkYltut.exe
  C:\Windows\System\zkYltut.exe
  2⤵
  PID:7588
- C:\Windows\System\JQLevOT.exe
  C:\Windows\System\JQLevOT.exe
  2⤵
  PID:7712
- C:\Windows\System\OoAhYGz.exe
  C:\Windows\System\OoAhYGz.exe
  2⤵
  PID:7748
- C:\Windows\System\MnbFgPN.exe
  C:\Windows\System\MnbFgPN.exe
  2⤵
  PID:7668
- C:\Windows\System\bmbKNUH.exe
  C:\Windows\System\bmbKNUH.exe
  2⤵
  PID:7736
- C:\Windows\System\SIwkQJM.exe
  C:\Windows\System\SIwkQJM.exe
  2⤵
  PID:7936
- C:\Windows\System\Shuoybi.exe
  C:\Windows\System\Shuoybi.exe
  2⤵
  PID:8068
- C:\Windows\System\iSmNQFP.exe
  C:\Windows\System\iSmNQFP.exe
  2⤵
  PID:8072
- C:\Windows\System\uLpnAfF.exe
  C:\Windows\System\uLpnAfF.exe
  2⤵
  PID:8132
- C:\Windows\System\tTzymgy.exe
  C:\Windows\System\tTzymgy.exe
  2⤵
  PID:7988
- C:\Windows\System\MfCEOVM.exe
  C:\Windows\System\MfCEOVM.exe
  2⤵
  PID:6640
- C:\Windows\System\nnkHBTD.exe
  C:\Windows\System\nnkHBTD.exe
  2⤵
  PID:7224
- C:\Windows\System\rFWoEcu.exe
  C:\Windows\System\rFWoEcu.exe
  2⤵
  PID:7476
- C:\Windows\System\RHlsrMQ.exe
  C:\Windows\System\RHlsrMQ.exe
  2⤵
  PID:7368
- C:\Windows\System\jXVklfb.exe
  C:\Windows\System\jXVklfb.exe
  2⤵
  PID:7176
- C:\Windows\System\sbJqRxt.exe
  C:\Windows\System\sbJqRxt.exe
  2⤵
  PID:7544
- C:\Windows\System\YLekXfo.exe
  C:\Windows\System\YLekXfo.exe
  2⤵
  PID:8116
- C:\Windows\System\agtvLaW.exe
  C:\Windows\System\agtvLaW.exe
  2⤵
  PID:7816
- C:\Windows\System\YyXMvib.exe
  C:\Windows\System\YyXMvib.exe
  2⤵
  PID:8024
- C:\Windows\System\fEAZgAr.exe
  C:\Windows\System\fEAZgAr.exe
  2⤵
  PID:7852
- C:\Windows\System\XzxbWqY.exe
  C:\Windows\System\XzxbWqY.exe
  2⤵
  PID:7204
- C:\Windows\System\mcCsJuU.exe
  C:\Windows\System\mcCsJuU.exe
  2⤵
  PID:7480
- C:\Windows\System\CnJXUcE.exe
  C:\Windows\System\CnJXUcE.exe
  2⤵
  PID:7432
- C:\Windows\System\NjrzUgi.exe
  C:\Windows\System\NjrzUgi.exe
  2⤵
  PID:7724
- C:\Windows\System\uDsgMDv.exe
  C:\Windows\System\uDsgMDv.exe
  2⤵
  PID:7864
- C:\Windows\System\REcUMSA.exe
  C:\Windows\System\REcUMSA.exe
  2⤵
  PID:7752
- C:\Windows\System\rStTibh.exe
  C:\Windows\System\rStTibh.exe
  2⤵
  PID:8204
- C:\Windows\System\kqblZXS.exe
  C:\Windows\System\kqblZXS.exe
  2⤵
  PID:8220
- C:\Windows\System\NSvbrRN.exe
  C:\Windows\System\NSvbrRN.exe
  2⤵
  PID:8236
- C:\Windows\System\HhtbmJr.exe
  C:\Windows\System\HhtbmJr.exe
  2⤵
  PID:8252
- C:\Windows\System\IjsWxmw.exe
  C:\Windows\System\IjsWxmw.exe
  2⤵
  PID:8268
- C:\Windows\System\ArgrOrL.exe
  C:\Windows\System\ArgrOrL.exe
  2⤵
  PID:8284
- C:\Windows\System\rpAlcwi.exe
  C:\Windows\System\rpAlcwi.exe
  2⤵
  PID:8300
- C:\Windows\System\mJUTpUk.exe
  C:\Windows\System\mJUTpUk.exe
  2⤵
  PID:8316
- C:\Windows\System\FgBSwyY.exe
  C:\Windows\System\FgBSwyY.exe
  2⤵
  PID:8332
- C:\Windows\System\NAQfWDa.exe
  C:\Windows\System\NAQfWDa.exe
  2⤵
  PID:8348
- C:\Windows\System\RDjHTDh.exe
  C:\Windows\System\RDjHTDh.exe
  2⤵
  PID:8364
- C:\Windows\System\KhLEQzc.exe
  C:\Windows\System\KhLEQzc.exe
  2⤵
  PID:8380
- C:\Windows\System\JAjkUCt.exe
  C:\Windows\System\JAjkUCt.exe
  2⤵
  PID:8396
- C:\Windows\System\EVDIajL.exe
  C:\Windows\System\EVDIajL.exe
  2⤵
  PID:8412
- C:\Windows\System\qHLfGAy.exe
  C:\Windows\System\qHLfGAy.exe
  2⤵
  PID:8428
- C:\Windows\System\GHFCRGh.exe
  C:\Windows\System\GHFCRGh.exe
  2⤵
  PID:8444
- C:\Windows\System\YlyCMYU.exe
  C:\Windows\System\YlyCMYU.exe
  2⤵
  PID:8460
- C:\Windows\System\rfFEWkR.exe
  C:\Windows\System\rfFEWkR.exe
  2⤵
  PID:8476
- C:\Windows\System\DypPUdx.exe
  C:\Windows\System\DypPUdx.exe
  2⤵
  PID:8492
- C:\Windows\System\ockoEWg.exe
  C:\Windows\System\ockoEWg.exe
  2⤵
  PID:8508
- C:\Windows\System\oDlXBpv.exe
  C:\Windows\System\oDlXBpv.exe
  2⤵
  PID:8524
- C:\Windows\System\mDuVOUc.exe
  C:\Windows\System\mDuVOUc.exe
  2⤵
  PID:8540
- C:\Windows\System\iuuaeUf.exe
  C:\Windows\System\iuuaeUf.exe
  2⤵
  PID:8556
- C:\Windows\System\yFcGylc.exe
  C:\Windows\System\yFcGylc.exe
  2⤵
  PID:8572
- C:\Windows\System\QvsGkXo.exe
  C:\Windows\System\QvsGkXo.exe
  2⤵
  PID:8588
- C:\Windows\System\OWauxZA.exe
  C:\Windows\System\OWauxZA.exe
  2⤵
  PID:8604
- C:\Windows\System\AcJHTSa.exe
  C:\Windows\System\AcJHTSa.exe
  2⤵
  PID:8620
- C:\Windows\System\nmToIKt.exe
  C:\Windows\System\nmToIKt.exe
  2⤵
  PID:8636
- C:\Windows\System\xXImHAc.exe
  C:\Windows\System\xXImHAc.exe
  2⤵
  PID:8652
- C:\Windows\System\GwPFiGw.exe
  C:\Windows\System\GwPFiGw.exe
  2⤵
  PID:8668
- C:\Windows\System\EYwvSmq.exe
  C:\Windows\System\EYwvSmq.exe
  2⤵
  PID:8684
- C:\Windows\System\uyLvXbU.exe
  C:\Windows\System\uyLvXbU.exe
  2⤵
  PID:8700
- C:\Windows\System\OGVjVwo.exe
  C:\Windows\System\OGVjVwo.exe
  2⤵
  PID:8716
- C:\Windows\System\xsClIGX.exe
  C:\Windows\System\xsClIGX.exe
  2⤵
  PID:8732
- C:\Windows\System\wkcwrTt.exe
  C:\Windows\System\wkcwrTt.exe
  2⤵
  PID:8748
- C:\Windows\System\MnqLzQh.exe
  C:\Windows\System\MnqLzQh.exe
  2⤵
  PID:8764
- C:\Windows\System\xWXVebZ.exe
  C:\Windows\System\xWXVebZ.exe
  2⤵
  PID:8780
- C:\Windows\System\WhdYBkB.exe
  C:\Windows\System\WhdYBkB.exe
  2⤵
  PID:8796
- C:\Windows\System\ryeATAi.exe
  C:\Windows\System\ryeATAi.exe
  2⤵
  PID:8812
- C:\Windows\System\ZvMEnzj.exe
  C:\Windows\System\ZvMEnzj.exe
  2⤵
  PID:8828
- C:\Windows\System\XrpRIdf.exe
  C:\Windows\System\XrpRIdf.exe
  2⤵
  PID:8844
- C:\Windows\System\bhDnvrg.exe
  C:\Windows\System\bhDnvrg.exe
  2⤵
  PID:8860
- C:\Windows\System\TNnMSkZ.exe
  C:\Windows\System\TNnMSkZ.exe
  2⤵
  PID:8876
- C:\Windows\System\QosXoPx.exe
  C:\Windows\System\QosXoPx.exe
  2⤵
  PID:8892
- C:\Windows\System\RbVuhoP.exe
  C:\Windows\System\RbVuhoP.exe
  2⤵
  PID:8908
- C:\Windows\System\FuIGSEs.exe
  C:\Windows\System\FuIGSEs.exe
  2⤵
  PID:8924
- C:\Windows\System\qDFVKTK.exe
  C:\Windows\System\qDFVKTK.exe
  2⤵
  PID:8940
- C:\Windows\System\hpkUAJN.exe
  C:\Windows\System\hpkUAJN.exe
  2⤵
  PID:8956
- C:\Windows\System\bkvgIHX.exe
  C:\Windows\System\bkvgIHX.exe
  2⤵
  PID:8972
- C:\Windows\System\iYghMKY.exe
  C:\Windows\System\iYghMKY.exe
  2⤵
  PID:8988
- C:\Windows\System\BEDRITZ.exe
  C:\Windows\System\BEDRITZ.exe
  2⤵
  PID:9004
- C:\Windows\System\DaTHcla.exe
  C:\Windows\System\DaTHcla.exe
  2⤵
  PID:9024
- C:\Windows\System\OufzxOv.exe
  C:\Windows\System\OufzxOv.exe
  2⤵
  PID:9040
- C:\Windows\System\RLEvPoK.exe
  C:\Windows\System\RLEvPoK.exe
  2⤵
  PID:9056
- C:\Windows\System\spRiXsH.exe
  C:\Windows\System\spRiXsH.exe
  2⤵
  PID:9072
- C:\Windows\System\fdIYjzm.exe
  C:\Windows\System\fdIYjzm.exe
  2⤵
  PID:9088
- C:\Windows\System\SIIcdei.exe
  C:\Windows\System\SIIcdei.exe
  2⤵
  PID:9104
- C:\Windows\System\NmYHxpb.exe
  C:\Windows\System\NmYHxpb.exe
  2⤵
  PID:9120
- C:\Windows\System\yCURQGs.exe
  C:\Windows\System\yCURQGs.exe
  2⤵
  PID:9136
- C:\Windows\System\sgmCYwP.exe
  C:\Windows\System\sgmCYwP.exe
  2⤵
  PID:9152
- C:\Windows\System\zwRkXWN.exe
  C:\Windows\System\zwRkXWN.exe
  2⤵
  PID:9168
- C:\Windows\System\AHpXQkh.exe
  C:\Windows\System\AHpXQkh.exe
  2⤵
  PID:9184
- C:\Windows\System\UqzQoHt.exe
  C:\Windows\System\UqzQoHt.exe
  2⤵
  PID:9208
- C:\Windows\System\mtiEkjO.exe
  C:\Windows\System\mtiEkjO.exe
  2⤵
  PID:8140
- C:\Windows\System\LsrIsHr.exe
  C:\Windows\System\LsrIsHr.exe
  2⤵
  PID:7900
- C:\Windows\System\SMPzrkG.exe
  C:\Windows\System\SMPzrkG.exe
  2⤵
  PID:8228
- C:\Windows\System\MwqzygU.exe
  C:\Windows\System\MwqzygU.exe
  2⤵
  PID:8260
- C:\Windows\System\wbSxoak.exe
  C:\Windows\System\wbSxoak.exe
  2⤵
  PID:8324
- C:\Windows\System\xnZplWZ.exe
  C:\Windows\System\xnZplWZ.exe
  2⤵
  PID:8420
- C:\Windows\System\uQopocb.exe
  C:\Windows\System\uQopocb.exe
  2⤵
  PID:8456
- C:\Windows\System\dhSrlVh.exe
  C:\Windows\System\dhSrlVh.exe
  2⤵
  PID:8404
- C:\Windows\System\XUzNbDT.exe
  C:\Windows\System\XUzNbDT.exe
  2⤵
  PID:8308
- C:\Windows\System\gFMDKIM.exe
  C:\Windows\System\gFMDKIM.exe
  2⤵
  PID:8468
- C:\Windows\System\sdNjpTS.exe
  C:\Windows\System\sdNjpTS.exe
  2⤵
  PID:8516
- C:\Windows\System\Eszqcek.exe
  C:\Windows\System\Eszqcek.exe
  2⤵
  PID:8580
- C:\Windows\System\efaizEd.exe
  C:\Windows\System\efaizEd.exe
  2⤵
  PID:8564
- C:\Windows\System\djMpZRM.exe
  C:\Windows\System\djMpZRM.exe
  2⤵
  PID:8616
- C:\Windows\System\RTUFndf.exe
  C:\Windows\System\RTUFndf.exe
  2⤵
  PID:8648
- C:\Windows\System\ZDHXtRp.exe
  C:\Windows\System\ZDHXtRp.exe
  2⤵
  PID:8692
- C:\Windows\System\dMSFGwF.exe
  C:\Windows\System\dMSFGwF.exe
  2⤵
  PID:8712
- C:\Windows\System\jKIBQep.exe
  C:\Windows\System\jKIBQep.exe
  2⤵
  PID:8696
- C:\Windows\System\DdyBIdl.exe
  C:\Windows\System\DdyBIdl.exe
  2⤵
  PID:8760
- C:\Windows\System\JZMoFyy.exe
  C:\Windows\System\JZMoFyy.exe
  2⤵
  PID:8804
- C:\Windows\System\CPbKfhU.exe
  C:\Windows\System\CPbKfhU.exe
  2⤵
  PID:8868
- C:\Windows\System\hJnfxMr.exe
  C:\Windows\System\hJnfxMr.exe
  2⤵
  PID:8856
- C:\Windows\System\szRxxtj.exe
  C:\Windows\System\szRxxtj.exe
  2⤵
  PID:8936
- C:\Windows\System\xiLsKUN.exe
  C:\Windows\System\xiLsKUN.exe
  2⤵
  PID:9036
- C:\Windows\System\NINTogn.exe
  C:\Windows\System\NINTogn.exe
  2⤵
  PID:9128
- C:\Windows\System\EDctlVP.exe
  C:\Windows\System\EDctlVP.exe
  2⤵
  PID:8984
- C:\Windows\System\UEOhGKx.exe
  C:\Windows\System\UEOhGKx.exe
  2⤵
  PID:9020
- C:\Windows\System\FvYqxWK.exe
  C:\Windows\System\FvYqxWK.exe
  2⤵
  PID:9204
- C:\Windows\System\DEValvg.exe
  C:\Windows\System\DEValvg.exe
  2⤵
  PID:7896
- C:\Windows\System\zBOWAvr.exe
  C:\Windows\System\zBOWAvr.exe
  2⤵
  PID:8200
- C:\Windows\System\HXPVWYD.exe
  C:\Windows\System\HXPVWYD.exe
  2⤵
  PID:8356
- C:\Windows\System\vHMmPaq.exe
  C:\Windows\System\vHMmPaq.exe
  2⤵
  PID:8388
- C:\Windows\System\xVxQXUv.exe
  C:\Windows\System\xVxQXUv.exe
  2⤵
  PID:8452
- C:\Windows\System\OUMCckI.exe
  C:\Windows\System\OUMCckI.exe
  2⤵
  PID:8276
- C:\Windows\System\ovgSQVV.exe
  C:\Windows\System\ovgSQVV.exe
  2⤵
  PID:8548
- C:\Windows\System\AuBwhQz.exe
  C:\Windows\System\AuBwhQz.exe
  2⤵
  PID:8280
- C:\Windows\System\GpYnzyb.exe
  C:\Windows\System\GpYnzyb.exe
  2⤵
  PID:8744
- C:\Windows\System\NpsBLTz.exe
  C:\Windows\System\NpsBLTz.exe
  2⤵
  PID:8628
- C:\Windows\System\pypgTyT.exe
  C:\Windows\System\pypgTyT.exe
  2⤵
  PID:8772
- C:\Windows\System\MQiTPLZ.exe
  C:\Windows\System\MQiTPLZ.exe
  2⤵
  PID:8776
- C:\Windows\System\TCMpfEg.exe
  C:\Windows\System\TCMpfEg.exe
  2⤵
  PID:8904
- C:\Windows\System\hJDumpO.exe
  C:\Windows\System\hJDumpO.exe
  2⤵
  PID:8888
- C:\Windows\System\FpzBPzo.exe
  C:\Windows\System\FpzBPzo.exe
  2⤵
  PID:8932
- C:\Windows\System\JZmZXrp.exe
  C:\Windows\System\JZmZXrp.exe
  2⤵
  PID:9100
- C:\Windows\System\WLZaabN.exe
  C:\Windows\System\WLZaabN.exe
  2⤵
  PID:8392
- C:\Windows\System\aSbeMFd.exe
  C:\Windows\System\aSbeMFd.exe
  2⤵
  PID:7364
- C:\Windows\System\IjHDCOH.exe
  C:\Windows\System\IjHDCOH.exe
  2⤵
  PID:8536
- C:\Windows\System\xqSkioe.exe
  C:\Windows\System\xqSkioe.exe
  2⤵
  PID:8372
- C:\Windows\System\nBdRBeR.exe
  C:\Windows\System\nBdRBeR.exe
  2⤵
  PID:8824
- C:\Windows\System\nlBVpyN.exe
  C:\Windows\System\nlBVpyN.exe
  2⤵
  PID:9200
- C:\Windows\System\vOPlARv.exe
  C:\Windows\System\vOPlARv.exe
  2⤵
  PID:8900
- C:\Windows\System\wEsmYSR.exe
  C:\Windows\System\wEsmYSR.exe
  2⤵
  PID:9084
- C:\Windows\System\hpKjYIQ.exe
  C:\Windows\System\hpKjYIQ.exe
  2⤵
  PID:9116
- C:\Windows\System\OHhFNFj.exe
  C:\Windows\System\OHhFNFj.exe
  2⤵
  PID:8680
- C:\Windows\System\rnnunJO.exe
  C:\Windows\System\rnnunJO.exe
  2⤵
  PID:9328
- C:\Windows\System\YylESsJ.exe
  C:\Windows\System\YylESsJ.exe
  2⤵
  PID:9448
- C:\Windows\System\TgOfPcf.exe
  C:\Windows\System\TgOfPcf.exe
  2⤵
  PID:9468
- C:\Windows\System\bSqIJWL.exe
  C:\Windows\System\bSqIJWL.exe
  2⤵
  PID:9484
- C:\Windows\System\SGnIdxp.exe
  C:\Windows\System\SGnIdxp.exe
  2⤵
  PID:9500
- C:\Windows\System\aDqequU.exe
  C:\Windows\System\aDqequU.exe
  2⤵
  PID:9516
- C:\Windows\System\CfHEYZO.exe
  C:\Windows\System\CfHEYZO.exe
  2⤵
  PID:9540
- C:\Windows\System\lfRvySL.exe
  C:\Windows\System\lfRvySL.exe
  2⤵
  PID:9560
- C:\Windows\System\YPkPjSo.exe
  C:\Windows\System\YPkPjSo.exe
  2⤵
  PID:9592
- C:\Windows\System\jlPxaDn.exe
  C:\Windows\System\jlPxaDn.exe
  2⤵
  PID:9612
- C:\Windows\System\wbXmpDS.exe
  C:\Windows\System\wbXmpDS.exe
  2⤵
  PID:9628
- C:\Windows\System\MiyFxwl.exe
  C:\Windows\System\MiyFxwl.exe
  2⤵
  PID:9644
- C:\Windows\System\fhOjkFv.exe
  C:\Windows\System\fhOjkFv.exe
  2⤵
  PID:9664
- C:\Windows\System\FzhOSid.exe
  C:\Windows\System\FzhOSid.exe
  2⤵
  PID:9684
- C:\Windows\System\hNMjpJH.exe
  C:\Windows\System\hNMjpJH.exe
  2⤵
  PID:9704
- C:\Windows\System\wsCWueD.exe
  C:\Windows\System\wsCWueD.exe
  2⤵
  PID:9720
- C:\Windows\System\RthMzTn.exe
  C:\Windows\System\RthMzTn.exe
  2⤵
  PID:9752
- C:\Windows\System\jAkGgzY.exe
  C:\Windows\System\jAkGgzY.exe
  2⤵
  PID:9768
- C:\Windows\System\CRAFNmu.exe
  C:\Windows\System\CRAFNmu.exe
  2⤵
  PID:9788
- C:\Windows\System\cBlUYrK.exe
  C:\Windows\System\cBlUYrK.exe
  2⤵
  PID:9808
- C:\Windows\System\BUwykTD.exe
  C:\Windows\System\BUwykTD.exe
  2⤵
  PID:9836
- C:\Windows\System\FIVpxhQ.exe
  C:\Windows\System\FIVpxhQ.exe
  2⤵
  PID:9852
- C:\Windows\System\ewleITI.exe
  C:\Windows\System\ewleITI.exe
  2⤵
  PID:9872
- C:\Windows\System\PTjhGcV.exe
  C:\Windows\System\PTjhGcV.exe
  2⤵
  PID:9896
- C:\Windows\System\KxBryhi.exe
  C:\Windows\System\KxBryhi.exe
  2⤵
  PID:9912
- C:\Windows\System\ZKlAWnu.exe
  C:\Windows\System\ZKlAWnu.exe
  2⤵
  PID:9936
- C:\Windows\System\KKlLsRm.exe
  C:\Windows\System\KKlLsRm.exe
  2⤵
  PID:9952
- C:\Windows\System\SHeZmSZ.exe
  C:\Windows\System\SHeZmSZ.exe
  2⤵
  PID:9972
- C:\Windows\System\ZQLgZme.exe
  C:\Windows\System\ZQLgZme.exe
  2⤵
  PID:9996
- C:\Windows\System\SCrzTPR.exe
  C:\Windows\System\SCrzTPR.exe
  2⤵
  PID:10012
- C:\Windows\System\FiKYbRT.exe
  C:\Windows\System\FiKYbRT.exe
  2⤵
  PID:10028
- C:\Windows\System\RthaFeU.exe
  C:\Windows\System\RthaFeU.exe
  2⤵
  PID:10056
- C:\Windows\System\eHdqLDI.exe
  C:\Windows\System\eHdqLDI.exe
  2⤵
  PID:10072
- C:\Windows\System\LxKuvbj.exe
  C:\Windows\System\LxKuvbj.exe
  2⤵
  PID:10096
- C:\Windows\System\JYMWaCu.exe
  C:\Windows\System\JYMWaCu.exe
  2⤵
  PID:10112
- C:\Windows\System\bPNKNpo.exe
  C:\Windows\System\bPNKNpo.exe
  2⤵
  PID:10136
- C:\Windows\System\rnQYaWX.exe
  C:\Windows\System\rnQYaWX.exe
  2⤵
  PID:10156
- C:\Windows\System\JGtEjWz.exe
  C:\Windows\System\JGtEjWz.exe
  2⤵
  PID:10180
- C:\Windows\System\nhdVlyi.exe
  C:\Windows\System\nhdVlyi.exe
  2⤵
  PID:10196
- C:\Windows\System\yBjcWOc.exe
  C:\Windows\System\yBjcWOc.exe
  2⤵
  PID:10212
- C:\Windows\System\xhFyHpl.exe
  C:\Windows\System\xhFyHpl.exe
  2⤵
  PID:8296
- C:\Windows\System\FVFlpjx.exe
  C:\Windows\System\FVFlpjx.exe
  2⤵
  PID:9344
- C:\Windows\System\vGNkMfv.exe
  C:\Windows\System\vGNkMfv.exe
  2⤵
  PID:8248
- C:\Windows\System\LmHWWaf.exe
  C:\Windows\System\LmHWWaf.exe
  2⤵
  PID:9364
- C:\Windows\System\uwISfTB.exe
  C:\Windows\System\uwISfTB.exe
  2⤵
  PID:9224
- C:\Windows\System\SuxmDce.exe
  C:\Windows\System\SuxmDce.exe
  2⤵
  PID:9016
- C:\Windows\System\nufItmE.exe
  C:\Windows\System\nufItmE.exe
  2⤵
  PID:8612
- C:\Windows\System\XxgIwqp.exe
  C:\Windows\System\XxgIwqp.exe
  2⤵
  PID:8792
- C:\Windows\System\oufZkKM.exe
  C:\Windows\System\oufZkKM.exe
  2⤵
  PID:9236
- C:\Windows\System\MxvqZUE.exe
  C:\Windows\System\MxvqZUE.exe
  2⤵
  PID:9252
- C:\Windows\System\vUvpgxS.exe
  C:\Windows\System\vUvpgxS.exe
  2⤵
  PID:9288
- C:\Windows\System\SjigiYQ.exe
  C:\Windows\System\SjigiYQ.exe
  2⤵
  PID:9308
- C:\Windows\System\xWrRmaK.exe
  C:\Windows\System\xWrRmaK.exe
  2⤵
  PID:9384
- C:\Windows\System\BsYNBdd.exe
  C:\Windows\System\BsYNBdd.exe
  2⤵
  PID:9404
- C:\Windows\System\QTaeaQM.exe
  C:\Windows\System\QTaeaQM.exe
  2⤵
  PID:9420
- C:\Windows\System\drwhDyU.exe
  C:\Windows\System\drwhDyU.exe
  2⤵
  PID:9440
- C:\Windows\System\nrLdgBy.exe
  C:\Windows\System\nrLdgBy.exe
  2⤵
  PID:9460
- C:\Windows\System\tWNfVzN.exe
  C:\Windows\System\tWNfVzN.exe
  2⤵
  PID:9492
- C:\Windows\System\rXsIfrX.exe
  C:\Windows\System\rXsIfrX.exe
  2⤵
  PID:9496
- C:\Windows\System\WVMLxPP.exe
  C:\Windows\System\WVMLxPP.exe
  2⤵
  PID:9568
- C:\Windows\System\SHmjrQf.exe
  C:\Windows\System\SHmjrQf.exe
  2⤵
  PID:9600
- C:\Windows\System\SxcIAwe.exe
  C:\Windows\System\SxcIAwe.exe
  2⤵
  PID:9640
- C:\Windows\System\MDHsVFh.exe
  C:\Windows\System\MDHsVFh.exe
  2⤵
  PID:9680
- C:\Windows\System\FyGtVvZ.exe
  C:\Windows\System\FyGtVvZ.exe
  2⤵
  PID:9692
- C:\Windows\System\FXchhsR.exe
  C:\Windows\System\FXchhsR.exe
  2⤵
  PID:9732
- C:\Windows\System\ZHGaCFP.exe
  C:\Windows\System\ZHGaCFP.exe
  2⤵
  PID:9584
- C:\Windows\System\gpDWcQB.exe
  C:\Windows\System\gpDWcQB.exe
  2⤵
  PID:9784
- C:\Windows\System\RwNwEhE.exe
  C:\Windows\System\RwNwEhE.exe
  2⤵
  PID:9816
- C:\Windows\System\IAtMhhk.exe
  C:\Windows\System\IAtMhhk.exe
  2⤵
  PID:9848
- C:\Windows\System\JFzxEpG.exe
  C:\Windows\System\JFzxEpG.exe
  2⤵
  PID:9884
- C:\Windows\System\kORTfng.exe
  C:\Windows\System\kORTfng.exe
  2⤵
  PID:9920
- C:\Windows\System\CDwlGPC.exe
  C:\Windows\System\CDwlGPC.exe
  2⤵
  PID:9960
- C:\Windows\System\nXscXBx.exe
  C:\Windows\System\nXscXBx.exe
  2⤵
  PID:9984
- C:\Windows\System\OnRvuyY.exe
  C:\Windows\System\OnRvuyY.exe
  2⤵
  PID:10036
- C:\Windows\System\FrPXJqb.exe
  C:\Windows\System\FrPXJqb.exe
  2⤵
  PID:10052
- C:\Windows\System\koLrDOi.exe
  C:\Windows\System\koLrDOi.exe
  2⤵
  PID:10080
- C:\Windows\System\tesrqlJ.exe
  C:\Windows\System\tesrqlJ.exe
  2⤵
  PID:10124
- C:\Windows\System\swPkulC.exe
  C:\Windows\System\swPkulC.exe
  2⤵
  PID:10172
- C:\Windows\System\TCouMNG.exe
  C:\Windows\System\TCouMNG.exe
  2⤵
  PID:10204
- C:\Windows\System\prVWMRi.exe
  C:\Windows\System\prVWMRi.exe
  2⤵
  PID:9336
- C:\Windows\System\whzbFHW.exe
  C:\Windows\System\whzbFHW.exe
  2⤵
  PID:9356
- C:\Windows\System\aTAuliH.exe
  C:\Windows\System\aTAuliH.exe
  2⤵
  PID:8708
- C:\Windows\System\bjpEIwr.exe
  C:\Windows\System\bjpEIwr.exe
  2⤵
  PID:9276
- C:\Windows\System\LwKefMk.exe
  C:\Windows\System\LwKefMk.exe
  2⤵
  PID:8376
- C:\Windows\System\AsbDoSd.exe
  C:\Windows\System\AsbDoSd.exe
  2⤵
  PID:9396
- C:\Windows\System\MZXiCUV.exe
  C:\Windows\System\MZXiCUV.exe
  2⤵
  PID:9476
- C:\Windows\System\alBOPnH.exe
  C:\Windows\System\alBOPnH.exe
  2⤵
  PID:9636
- C:\Windows\System\bdCXIGa.exe
  C:\Windows\System\bdCXIGa.exe
  2⤵
  PID:9740
- C:\Windows\System\HvTFAHY.exe
  C:\Windows\System\HvTFAHY.exe
  2⤵
  PID:9804
- C:\Windows\System\ZZUiSvz.exe
  C:\Windows\System\ZZUiSvz.exe
  2⤵
  PID:9924
- C:\Windows\System\pWgQJxk.exe
  C:\Windows\System\pWgQJxk.exe
  2⤵
  PID:10004
- C:\Windows\System\yThhqMj.exe
  C:\Windows\System\yThhqMj.exe
  2⤵
  PID:9272
- C:\Windows\System\FmTWDKN.exe
  C:\Windows\System\FmTWDKN.exe
  2⤵
  PID:10164
- C:\Windows\System\IZAFyXp.exe
  C:\Windows\System\IZAFyXp.exe
  2⤵
  PID:9824
- C:\Windows\System\rgbHOme.exe
  C:\Windows\System\rgbHOme.exe
  2⤵
  PID:9032
- C:\Windows\System\CaRjBoa.exe
  C:\Windows\System\CaRjBoa.exe
  2⤵
  PID:9416
- C:\Windows\System\gDLnaOh.exe
  C:\Windows\System\gDLnaOh.exe
  2⤵
  PID:9552
- C:\Windows\System\REWpXyU.exe
  C:\Windows\System\REWpXyU.exe
  2⤵
  PID:9660
- C:\Windows\System\AFHQpZz.exe
  C:\Windows\System\AFHQpZz.exe
  2⤵
  PID:9908
- C:\Windows\System\LyDrDmo.exe
  C:\Windows\System\LyDrDmo.exe
  2⤵
  PID:10088
- C:\Windows\System\JTFheCe.exe
  C:\Windows\System\JTFheCe.exe
  2⤵
  PID:10128
- C:\Windows\System\LgqNull.exe
  C:\Windows\System\LgqNull.exe
  2⤵
  PID:9248
- C:\Windows\System\PKFUyTQ.exe
  C:\Windows\System\PKFUyTQ.exe
  2⤵
  PID:9300
- C:\Windows\System\QGAhjQG.exe
  C:\Windows\System\QGAhjQG.exe
  2⤵
  PID:9828
- C:\Windows\System\KWwTzLq.exe
  C:\Windows\System\KWwTzLq.exe
  2⤵
  PID:9572
- C:\Windows\System\QfDxnrc.exe
  C:\Windows\System\QfDxnrc.exe
  2⤵
  PID:9880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AfkivrR.exe

Filesize
6.0MB

MD5
b3fb2dddc542c7fef6163467b0ddc305

SHA1
a5853df2650c507d88dd7125b06d2579e7cf8e04

SHA256
e2300dac6c9da64aced197c86b5e22a9672522e22c44e91cb6ea2adaf0725842

SHA512
a4020084ebb8af9f2f779d6652c97c3923c34f5d665030e7a5365c39d3f8b7f9149793237c21d8962ea1a4d728f3fb626f6a4483e5bd46c185c02b66861265c0

Download Submit
C:\Windows\system\BTEgEqp.exe

Filesize
6.0MB

MD5
8fc13188e4bfe7537a09a50aeedac88e

SHA1
08534344d875eb415d6017b80c577470934da282

SHA256
3fb40fd401b6140a7535a17b50c0195b1413cc08e0ed17daad9f538198ae4a76

SHA512
8fe491004f22bac0d67a4f1999a4517306a2d1af2aebffc57a96348c9988300b66b1e1442d155fcc78480c76546e8fac1795cfcaa9328a98217d3ef564fe1098

Download Submit
C:\Windows\system\CLDxHid.exe

Filesize
6.0MB

MD5
484c85dcb4dda2102f7b99e666cb510a

SHA1
526a620793ed1376fe6abcb8661a78aaa42645f9

SHA256
ab1492c3681827996923c73e83ab4e3861f196799f5e4d87c7d39ee792145cca

SHA512
68765b3ce766eab4b4c04830f09c5303718007ea971ca917c3878a57fb9acbd47a46cc6743dbed799b833d4a60487cca1763f3e11c238c26ed79a34f2eb41b70

Download Submit
C:\Windows\system\CtcyNBq.exe

Filesize
6.0MB

MD5
b80f05c034fb346e10741eb31cdf1e21

SHA1
bb2592f950b9d1871f30d68202b6a0c212445bac

SHA256
133a6c598c75e89ab3c318cfa78dd3ff747d639b9ba2685b5b279e546319c61e

SHA512
ffa99a2112165283a1625d280d306083edaaae34ebd4bf0bc9c587ab3737cdcf6d39bbb4fdc4a83d8275f1e99dd95368949f69a982dbbbe951c425ae6c6eff0b

Download Submit
C:\Windows\system\CxxuENA.exe

Filesize
6.0MB

MD5
9d415699cb2be99ec7cf45a1d2f5b952

SHA1
6b7e16776d99254cad81d949b06a0a8d4d0cdba7

SHA256
5125d98488925ba3e2501a6d15f048aee54628ce4341e49c222a1f09a3a1ce64

SHA512
b7e71378ca9ca1c03eec81dc3944d63460816a27eb6e348f386efec5add2e39e4c708af86378f82502d7ee88dda11f7985855731c11f4e515d55848e2636b3e8

Download Submit
C:\Windows\system\EEAGpoj.exe

Filesize
6.0MB

MD5
d52e6494ccef18996284a6b7b09d8ea2

SHA1
eca8383e4db8e1dc4470cf3da7d90ebc12af83dd

SHA256
f8e6fd4752c598a56c25d7f6d166af96e8755a65dbe4ced99dfe6011088ccfa2

SHA512
6ab960a951e21180f8338556ade2f3880acc02a1bb6cbc7a995a184ba9b4f23033f0741aaf29a177410dd6ccb09d13935ebb45f9e35ff0cdcfcef6ac52a0d94c

Download Submit
C:\Windows\system\KTChTCL.exe

Filesize
6.0MB

MD5
ed6d08d66311cf2a35a109a5b3894ef5

SHA1
6c0931d383e57d5a7a6b7f83ffdf3fb2d3a21f4e

SHA256
7e3323f5e7272b4f415011e4fa433f779f6442b91c0db3b02a22ee78ccd21a41

SHA512
d94a77d4b94a4dd4252389892c725523078f735f797c24d5f579c18b87873558b9eca6d7c2c17feb1bab2a2c378f2657bdb65fd99726f28c028dfaf0e88316e9

Download Submit
C:\Windows\system\MbLwQlS.exe

Filesize
6.0MB

MD5
33b6e7e4541244b12443cbcee68d30d3

SHA1
be14ca4a135da920496274d6fd8945514ee56f0c

SHA256
3968f7d9ed6a0d5930a64026a1028f5eaa6e5385ee07126c3a52a0041241279d

SHA512
8b281fc6abedb73e812b4d13fa11a5a2d618e305307d48dec8432ddd6757f87907efb1e0af469c9259a236a7305376e2e161efbdf55a1335d59a31ac95062614

Download Submit
C:\Windows\system\NTsqoFj.exe

Filesize
6.0MB

MD5
2d8ec66395d2865846d878f8ca9eae81

SHA1
29a3b10ac5115f20df1c0a935afe12bddc559106

SHA256
f53e16f631d3e24bc2dd32c8b8389970d7e4cdf599ffd81f433e100ebbcab189

SHA512
da35d159d83e9e4bec48e4fc4d05655bedde268da8b3a315fd2434fb6b460acb9c4f1197aa71f00829af762c9d0be0a430b3626eb567c805b98ab230cf875d13

Download Submit
C:\Windows\system\RGuwjIA.exe

Filesize
6.0MB

MD5
55f04eda351da39ad57ff05032265dc5

SHA1
f30fff242c55398c09c6f90b743b89a0b6a27044

SHA256
5b4802d76a7f01c776594359c77bdf1fbf3913e5d91d9743a0fcde55ee37cfc0

SHA512
db2a62b56ea942551ae44f33eea7015ea12f6484a62653fe439f9fbaa4d9a4d6223ae01825ba438eea85b671c7e26ec12413e7a50c19f2c426490891610ea9e3

Download Submit
C:\Windows\system\RKCmdaL.exe

Filesize
6.0MB

MD5
a2852bf203c8eeb4ac6a4392a20412ed

SHA1
2975b41f18e98e80d448864a3b6133cbae1ce499

SHA256
846e9ff0f3d78d97d3693318216b6b1a4a9a9c53595061a93ba694c9d94560c9

SHA512
65cbc156e33fb62feb3e4f935f4a3f11195fde7f3abb3d174bd58fe8b08ec20d0f029f3b6dbfcf7c6715d17a0f577a3289cd721ca4cbde8712bfc4ce378884b9

Download Submit
C:\Windows\system\VwXEvmq.exe

Filesize
6.0MB

MD5
d0777d32734d6e27290b7e595d673b97

SHA1
f326e54ac9942a287dfe8d33b098d82c5e106c4a

SHA256
3f5dfcf09830b71a2c511c58a3a20f3ee48073efc2c0c6c2e817bee6e315c520

SHA512
969c1698ed531fe22f56f831b7a7ac07d2a4ae464cdbc4688555bd9a1e8fb975f18f5682853e22678c01fea84f705009caa75c5645dc20faee268d549de8883d

Download Submit
C:\Windows\system\ZdLLrmm.exe

Filesize
6.0MB

MD5
c09c1b1f0c812ebdeb314a295a782957

SHA1
8a5fad5de85b75b56b52be6c1af1746bb47273ae

SHA256
364c826da72efc26c9cdf89b79fe589f8b8efce3eaab978d9109b1bacf2d2b9e

SHA512
59725ecd91301c4f6c27b02c15d1faef44a28ee634fe00c6e111073b8c857647571b42088fdc4134b84b39d6754f820b36c0e893579d0725ca62da87e9353556

Download Submit
C:\Windows\system\bCILRRN.exe

Filesize
6.0MB

MD5
f2b81dcef825958300e46461cbae8b7f

SHA1
918f6b4ede588b64c63705a19146daeae8d508e7

SHA256
b7ecbfde2d1bea6d6bfe1247d8df29799bc1a03deb8784aafe195d0b855cf37d

SHA512
e0ded8fa7ae7bd4a4c71ef63d4c1823b99bb4f16d2d1e36337afb7cd9d472a1ffe536ec8229513331b28ee51ef2fd44358ba51f28de7e3c43de426eb900dc751

Download Submit
C:\Windows\system\bMFAmQn.exe

Filesize
6.0MB

MD5
44ed2c5016ee84566000335e34f1e866

SHA1
faa8b74263b6f5e5b2b5a530608957db2e368dd2

SHA256
25898294b7db8fc1be810a913e02a55c46e0d53d5ff008a20c109778d9bf2e1b

SHA512
3e023bf967e5536122da426b9579056f65672a12d7b794ad440106a2e5028238e25ade23a1c6412d78bb9bbd3a606dc568e0f354eaf3088c131a33e674833f60

Download Submit
C:\Windows\system\eauKtzK.exe

Filesize
6.0MB

MD5
09ca2f63b5722dca2aa3d88f5edaf5d0

SHA1
4b732fa27c706511d809e1f8cece873c9299acbd

SHA256
afaad7f6ac2c7248ac98c14e56346758eb08b994df70d58cac2902e34178a90e

SHA512
e739352476eaf0b044cc91bde9b53012e274ec126accff70f4072f481d3a568c44ceecee95290b30e8a1eaf4f12c85cdc0c321daa143a085ceb4bc914dc68dec

Download Submit
C:\Windows\system\fACfnUl.exe

Filesize
6.0MB

MD5
5a3f4b80bb553e10eac518c06ede929b

SHA1
2ca97589f5e50bad02ca1c089d84fa3d97428ee1

SHA256
7fd50aa6af0b02e47ac1ad54547c341961cec5cd24026ee8789de6e31aebde20

SHA512
88a1791469653c6f67d182eec3d207dd9bd8f1ff339769807328b915c950c79967cd78d6132732b7e1686385656c104b65ed695bedd2fcdb2608c72bf1956bc7

Download Submit
C:\Windows\system\oSKzlyQ.exe

Filesize
6.0MB

MD5
dd4290ec7cd421277e9223fecfceb1df

SHA1
ca1514275dd6518918ba62bfb78ad61d4e7b3d72

SHA256
2673d27644e5cf2e3f323a48fb5f0e273a7dccf8394c0be61e2b50d30da0bde1

SHA512
1a26db3500d1dfc27d4d36391678e97b196ca7a1e104a4eb905c1f3d83a0bad92f4032858947d322105bf27f69b498790bfef7d1b21adfe6a3c4213a4c54c93f

Download Submit
C:\Windows\system\oonbsyo.exe

Filesize
6.0MB

MD5
0f138b09e024a53f48ae0c714d673750

SHA1
2c3a19d3ac6877713909aae1440d677414965d44

SHA256
2fcb140c9f351799888e4bea1251fd735c40e058b63c80c24558ad496e538f64

SHA512
c6fbc8b803badd354dae817580a8aaa5df4d2cf4305651752a4330ab834145059708954255bf4058738de6b46e9818bf4f37f1965d97e9bc8243fe288467c6e2

Download Submit
C:\Windows\system\slmWZVc.exe

Filesize
6.0MB

MD5
6110825e107e73cc69b90c702d711817

SHA1
630e589eb5bcf855870dd5bdc6be20d1f3f21ba9

SHA256
dd60b09def754e118553a3a496a881619dd728d733a889c74ae6c1139db0ddb6

SHA512
883467e82f60925314a16c7a2c6c5f2691635dd10f40d31c489924e893241faf6a95157dc3a999681ea4d04e161aa28dffbb8f73955fa808442670099a1a2e21

Download Submit
C:\Windows\system\tTANWFi.exe

Filesize
6.0MB

MD5
dd42d7b52c8a438c8eb5a08387a9add9

SHA1
d456f3f55d42c7689e806170ee834b93c657659e

SHA256
b486b2c9b1016d7eb30510ea6784d62c80cf75dc5b206b317dc5a2f1f4ade999

SHA512
89e748dc816eb178de0eb50a2b4f3eed694454c3fe9e9a8fd2977c28ad629bc21b1cd9cec9a9ee82c642e317679523bb923f75d705a2313a72f0cd972b0eccf1

Download Submit
C:\Windows\system\tgsUBDo.exe

Filesize
6.0MB

MD5
07a0de0261ab3995e8ffc49c765ee072

SHA1
d1636da23137ffb733cafc3d631d2b741e01e29a

SHA256
ef905a99ee23a7445490db32e583e26f580239d7049dcf93f65d0fa42a27fd9d

SHA512
41b436be44990ed5236b2d20eb63acee13d8ad689e71d2fa03c3974d7bc64671df43a38a02a8f58fdde63e986eae2c5bbab46a531048a90224fb8c012761cb99

Download Submit
C:\Windows\system\vrDMXeR.exe

Filesize
6.0MB

MD5
1178b036db629e8ef8f16c776c21c956

SHA1
eb8b10f696dc62b06d22d46dd3309ed3a5487f6a

SHA256
700dcc309db85548d40a27d0f072af3c0c0de507b19a263d1c1383ee051a2702

SHA512
72234f331718bb04938d3691b5aeb08d6444fd85f8175de5a828a2f591f546f5289326d7902aac892cb49472127f82c9b6fdc60fa965bdf60776e36e8f6a0160

Download Submit
C:\Windows\system\wxCsKUI.exe

Filesize
6.0MB

MD5
132e5bcc70b5229fcf08dc4db8bbd36d

SHA1
f11f6d41f26739ad1fad1d69859e666d8d415c0c

SHA256
1389e56c62cbb3a43985c4f0a18dc04079b39ff04e6457c74e676e81e7747fed

SHA512
ca636874c4bed0492161774e53383eeaad155b0504bd2b115a9727411ae46a91e9b2443e028a6a5f2c799da7c526831b5e3a777f54296fb834128dce7d28dc65

Download Submit
C:\Windows\system\yMvnfrx.exe

Filesize
6.0MB

MD5
bf65325d8a91a0e6835a01a077c98d97

SHA1
067c216ae65cae0175f921a9d6d76cf07990bff8

SHA256
fc4fd3cb23b6b39e1eb2727444bbce32a86a0fe5798befbc833aae127594ae18

SHA512
a2233d5eb4a190fd2c7696fcdbc681c4dfb093b4f1ea4d34ba0922e80a1c951b6a06103ca73b73b905add1f9f0e2089299eab3e104be0c3f6fba6fe468d7f3de

Download Submit
C:\Windows\system\zFlUFtT.exe

Filesize
6.0MB

MD5
137ebd5c9be10e50d688e363f218482f

SHA1
429a0e03c69eaf3a6210f1a008ea2c6eea140977

SHA256
728bc8db59041c20dbdd22a7065f219787a0dbd98e048484d6d98eb755fe2355

SHA512
facfd79eb0be579c43214d28b6399e3a90505ea505d04d007221d480c38fa43ecc52e8969bb39879cd36f600233a62a79765295be49ee592c8fd6dd3df5a168f

Download Submit
C:\Windows\system\zXjsCij.exe

Filesize
6.0MB

MD5
3ab071a73a2260640dcc98a56e29532d

SHA1
f0da7d3577712b34d00b259ffb98e10f9cecf1c5

SHA256
60eccb225b3ad7f79baab099d8f1fada50231cf5118bd4fe003f1a6d9354b205

SHA512
31f4671d49f3be2bf53c55099370c39c378039bc6dda48bcbc818e621bf4c47dd269a80a61419bf115cfa453d84e461ebd3f62b3b21799ee0505a6d68642bd78

Download Submit
\Windows\system\QyDiTgu.exe

Filesize
6.0MB

MD5
b995088b8b6bf90999e8f116bfd5ce8f

SHA1
c969707eda63ee0374b221bbb11b359f0e1c0a09

SHA256
b1b070aade6e6062b3571ef18f8992a146ab9ce80d6a250b8b9d7e0be37dbd21

SHA512
4b373f0fbc76df9459039fd5905ba93ddb00698a1a68cc4b933b106f4b1a152c5e8f154c2117a8a54bd19ef1a8695e895e158bf576aa2f3962a2ec3a3cf3d48c

Download Submit
\Windows\system\SUdGOUl.exe

Filesize
6.0MB

MD5
d74914262c5f7391a34879c97557541c

SHA1
330ed94ee681f1a4981145c6f609400bc0d69fd5

SHA256
4de189985bfde4f612fcbce7c94b4bba6ede697729036b7fd3783d8609c97ef6

SHA512
af71e937092ca091e3a711d61bef083d84f53fb101139eefa5e3c7b033de2fd375feb82ae039b12d7a7aa4b2a17f240e5c9678ed290ed39d169c0dc441068501

Download Submit
\Windows\system\TmXJBff.exe

Filesize
6.0MB

MD5
0dd5c1c35344f040874524335ddfef0e

SHA1
23cb3258c81b1e12c211b1a67a03b5b64afdf082

SHA256
3391b74759dc15fd145a4e7eb5990e480540313c594589ad40992a7b721155c9

SHA512
363274117e84935ac82dbbb5ed82ed4a32803f51b382ba3d7c1d4b26f6931d4230541fc1b2dae763c6019fae43cd879bf425e1e1377b2976505168fac5b44cbd

Download Submit
\Windows\system\tNOMRtm.exe

Filesize
6.0MB

MD5
b26813a3a45bde1f2076327b2b7e8bd5

SHA1
c43c968f201b853adfb756aa91521c0448a4154a

SHA256
821a14ab61080863687818e44ca8a768da7cf2a1c48f3dd06b6ad88041bf9cc4

SHA512
2646aede08f0caef3110e57559e5a82f3637a0ce829f07de5d07bc722856b4680280505980555e4872f57567dee45de80d5b4ca15b5e90f9877d55accabcd531

Download Submit
\Windows\system\xtvBISm.exe

Filesize
6.0MB

MD5
f03eed094015ea58ba98803d51c7e088

SHA1
60a1fc64b326a2c799dd511dbc118cb9ce721e18

SHA256
b24cae18aa14e32482959887de3337133194449205fcd3ac7ba7ba8558bcca13

SHA512
7815683f72b4ef9fbd44bf62e1417a3180a6e553b309b70ad3155ade5b0ea8730581537b0ee19dddc13c5498ff27043df07e9ab2c1bc6e78a649a87cbdd1ed72

Download Submit
memory/548-4028-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/548-151-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/784-138-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/784-4025-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1084-4023-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1084-147-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1492-4031-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-149-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-163-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1764-4029-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1864-153-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1864-4027-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-4026-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2060-155-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2128-159-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2128-4024-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2212-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-4022-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-20-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4019-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2324-4030-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2324-157-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-30-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4021-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2728-26-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4020-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-389-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-388-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-9-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-158-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2896-300-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-14-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2896-6-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-139-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2896-1072-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-137-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2896-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-161-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1095-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2896-29-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-148-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-150-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-28-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1079-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-152-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1073-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-154-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2896-156-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download