cobaltstrike | e582ed483928b919a98fc8e46d247168596760862f76f7c0183cd8cee13c09f0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/01/2025, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

cbe7fff7d16710d9df5010b793726422
SHA1

9b650adf376cccba88e3566ae57cffb5fcd43299
SHA256

e582ed483928b919a98fc8e46d247168596760862f76f7c0183cd8cee13c09f0
SHA512

667d3d26b6e1ef0b55eec4a3a292d251e5e76d35e18e6ce0fdf0ef063a35a5ce8bae50f31139ef9e1fc76df6eaa4026c603145952eff7162bb05505c141f1bed
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016652-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b17-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c81-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c76-32.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016311-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017546-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-85.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1720-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/memory/2000-8-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0008000000016652-9.dat	xmrig
behavioral1/memory/348-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016858-11.dat	xmrig
behavioral1/files/0x0008000000016b17-21.dat	xmrig
behavioral1/memory/484-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c81-34.dat	xmrig
behavioral1/memory/1720-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2760-42-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c76-32.dat	xmrig
behavioral1/memory/2076-31-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1708-26-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016311-51.dat	xmrig
behavioral1/files/0x0008000000017546-56.dat	xmrig
behavioral1/memory/2768-58-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-74.dat	xmrig
behavioral1/memory/1720-80-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1720-66-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a2-65.dat	xmrig
behavioral1/files/0x00050000000193fa-97.dat	xmrig
behavioral1/memory/2632-98-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2688-92-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2076-91-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-101.dat	xmrig
behavioral1/files/0x0005000000019494-108.dat	xmrig
behavioral1/files/0x00050000000194f6-146.dat	xmrig
behavioral1/memory/2756-546-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1720-548-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2688-549-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2632-730-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/824-239-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-189.dat	xmrig
behavioral1/files/0x000500000001961f-183.dat	xmrig
behavioral1/files/0x000500000001961b-178.dat	xmrig
behavioral1/files/0x0005000000019589-173.dat	xmrig
behavioral1/files/0x000500000001953a-168.dat	xmrig
behavioral1/files/0x0005000000019503-158.dat	xmrig
behavioral1/files/0x0005000000019515-163.dat	xmrig
behavioral1/files/0x0005000000019501-154.dat	xmrig
behavioral1/files/0x00050000000194f2-143.dat	xmrig
behavioral1/files/0x00050000000194ea-138.dat	xmrig
behavioral1/files/0x00050000000194da-128.dat	xmrig
behavioral1/files/0x00050000000194e2-133.dat	xmrig
behavioral1/files/0x00050000000194d4-123.dat	xmrig
behavioral1/files/0x00050000000194b4-118.dat	xmrig
behavioral1/files/0x00050000000194a7-113.dat	xmrig
behavioral1/files/0x00050000000193f8-90.dat	xmrig
behavioral1/memory/2856-89-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-85.dat	xmrig
behavioral1/memory/2772-84-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1720-95-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/484-94-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1720-79-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2756-77-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2580-75-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/348-61-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/824-53-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c89-46.dat	xmrig
behavioral1/memory/348-3961-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2000-3979-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2076-3989-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2760-3999-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2000	gCbtIZB.exe
348	dezmlQG.exe
1708	zCEXfRV.exe
2076	fQhxHja.exe
484	WjvBNEp.exe
2760	SLSXnLX.exe
824	ZnZgWby.exe
2768	VptLjkK.exe
2580	DDqBpdu.exe
2772	TOMQzxD.exe
2756	wWwnOwO.exe
2856	FCSaiiv.exe
2688	BldalqK.exe
2632	RZjPtaY.exe
2944	JiNarKi.exe
1140	HhpvHNC.exe
1504	bpzuLAP.exe
864	nHUNbAu.exe
2916	kuGPmcY.exe
1148	NBWSvVH.exe
1924	XsTMCcg.exe
1752	JjeOeRC.exe
2872	EFpwYsa.exe
2416	ftgpGbX.exe
2232	zEImSYB.exe
2236	pIGigPn.exe
2408	CSBgYlC.exe
2068	VTTgWKn.exe
448	ZndsfCT.exe
2480	cLlAkUV.exe
3064	fakAyOd.exe
1568	SmFbZNv.exe
1288	SxuOylK.exe
1516	hCpKGJH.exe
1084	ADZMgfe.exe
1792	prwZvov.exe
2212	SiMiIrv.exe
900	SgTMEVd.exe
1768	boJbTkG.exe
2452	iSEyHVi.exe
1044	lUTHTaY.exe
2064	BksAhIZ.exe
2224	ekGYkci.exe
2080	YmJDFVy.exe
3020	iriBVom.exe
2448	BgFxuJn.exe
1496	ZQeBUPA.exe
880	BQgBCsg.exe
1028	noeLRdY.exe
1592	XQKtWAU.exe
1600	NNIgeZD.exe
2020	aVFbXvV.exe
1280	YLWBgYs.exe
1988	moDrKVg.exe
352	mnbbPWN.exe
2720	YAnPkCE.exe
2808	HAQIOtf.exe
2612	jtcinbX.exe
2716	TXyQwEB.exe
2628	uSFeFud.exe
840	xRaeBfQ.exe
2904	knujSFX.exe
2056	jUtvjDP.exe
2956	hpaYWpQ.exe

Loads dropped DLL 64 IoCs

pid	Process
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/memory/2000-8-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0008000000016652-9.dat	upx
behavioral1/memory/348-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0008000000016858-11.dat	upx
behavioral1/files/0x0008000000016b17-21.dat	upx
behavioral1/memory/484-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000016c81-34.dat	upx
behavioral1/memory/1720-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2760-42-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0007000000016c76-32.dat	upx
behavioral1/memory/2076-31-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1708-26-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0009000000016311-51.dat	upx
behavioral1/files/0x0008000000017546-56.dat	upx
behavioral1/memory/2768-58-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-74.dat	upx
behavioral1/files/0x00050000000193a2-65.dat	upx
behavioral1/files/0x00050000000193fa-97.dat	upx
behavioral1/memory/2632-98-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2688-92-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2076-91-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019408-101.dat	upx
behavioral1/files/0x0005000000019494-108.dat	upx
behavioral1/files/0x00050000000194f6-146.dat	upx
behavioral1/memory/2756-546-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2688-549-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2632-730-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/824-239-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0005000000019624-189.dat	upx
behavioral1/files/0x000500000001961f-183.dat	upx
behavioral1/files/0x000500000001961b-178.dat	upx
behavioral1/files/0x0005000000019589-173.dat	upx
behavioral1/files/0x000500000001953a-168.dat	upx
behavioral1/files/0x0005000000019503-158.dat	upx
behavioral1/files/0x0005000000019515-163.dat	upx
behavioral1/files/0x0005000000019501-154.dat	upx
behavioral1/files/0x00050000000194f2-143.dat	upx
behavioral1/files/0x00050000000194ea-138.dat	upx
behavioral1/files/0x00050000000194da-128.dat	upx
behavioral1/files/0x00050000000194e2-133.dat	upx
behavioral1/files/0x00050000000194d4-123.dat	upx
behavioral1/files/0x00050000000194b4-118.dat	upx
behavioral1/files/0x00050000000194a7-113.dat	upx
behavioral1/files/0x00050000000193f8-90.dat	upx
behavioral1/memory/2856-89-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00050000000193af-85.dat	upx
behavioral1/memory/2772-84-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/484-94-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2756-77-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2580-75-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/348-61-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/824-53-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0007000000016c89-46.dat	upx
behavioral1/memory/348-3961-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2000-3979-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2076-3989-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2760-3999-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2768-4007-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2756-4014-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/484-4022-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2580-4018-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/824-4030-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WyfaDxP.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjzBQbx.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVFNhfn.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJjLxkZ.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTxlCrn.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aarvoXP.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdsclPu.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BksAhIZ.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwjDhsm.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldWfabM.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkYFnBA.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReVPjly.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwvqKGg.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDDomQA.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyFzHvW.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nppbsSF.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryUUxHa.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxQHdZt.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUgFzeA.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPFPwbg.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUiVUpB.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpMFSdp.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjHJsvi.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHqaiSA.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teJbnKa.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecEZuCn.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKTFLLJ.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOmFmYL.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJlDFwY.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAQIOtf.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocgbSxq.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOgCsSK.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTIgTir.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMDqwdP.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvxBVcO.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnbbPWN.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMmGEHh.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuJyXWU.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRTfCxp.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NextXDv.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBAMGiq.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjMCxcc.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnBbNtP.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLWBgYs.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLCjIgU.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvxzsuZ.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaAjbOc.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHHUIkX.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGiUDOn.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFDlwkF.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbLPmCe.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsHHSpE.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAqnpkU.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwzSJUS.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akTFPlC.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VptLjkK.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CurrYFT.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoYgaTh.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUVDGmF.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRzrrBR.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qykcZLm.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOXSshM.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSNgzrf.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpbUqdO.exe	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2000	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 2000	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 2000	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1720 wrote to memory of 348	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 348	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 348	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1720 wrote to memory of 1708	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 1708	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 1708	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1720 wrote to memory of 2076	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 2076	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 2076	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1720 wrote to memory of 484	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 484	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 484	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1720 wrote to memory of 2760	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 2760	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 2760	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1720 wrote to memory of 824	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 824	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 824	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1720 wrote to memory of 2768	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2768	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2768	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1720 wrote to memory of 2772	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2772	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2772	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1720 wrote to memory of 2580	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2580	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2580	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1720 wrote to memory of 2856	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2856	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2856	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1720 wrote to memory of 2756	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2756	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2756	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1720 wrote to memory of 2688	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2688	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2688	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1720 wrote to memory of 2632	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2632	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2632	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1720 wrote to memory of 2944	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 2944	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 2944	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1720 wrote to memory of 1140	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 1140	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 1140	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1720 wrote to memory of 1504	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 1504	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 1504	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1720 wrote to memory of 864	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 864	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 864	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1720 wrote to memory of 2916	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 2916	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 2916	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1720 wrote to memory of 1148	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1148	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1148	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1720 wrote to memory of 1924	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1720 wrote to memory of 1924	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1720 wrote to memory of 1924	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1720 wrote to memory of 1752	1720	2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-27_cbe7fff7d16710d9df5010b793726422_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\System\gCbtIZB.exe
  C:\Windows\System\gCbtIZB.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\dezmlQG.exe
  C:\Windows\System\dezmlQG.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\zCEXfRV.exe
  C:\Windows\System\zCEXfRV.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\fQhxHja.exe
  C:\Windows\System\fQhxHja.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WjvBNEp.exe
  C:\Windows\System\WjvBNEp.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\SLSXnLX.exe
  C:\Windows\System\SLSXnLX.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ZnZgWby.exe
  C:\Windows\System\ZnZgWby.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\VptLjkK.exe
  C:\Windows\System\VptLjkK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\TOMQzxD.exe
  C:\Windows\System\TOMQzxD.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\DDqBpdu.exe
  C:\Windows\System\DDqBpdu.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\FCSaiiv.exe
  C:\Windows\System\FCSaiiv.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\wWwnOwO.exe
  C:\Windows\System\wWwnOwO.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\BldalqK.exe
  C:\Windows\System\BldalqK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\RZjPtaY.exe
  C:\Windows\System\RZjPtaY.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\JiNarKi.exe
  C:\Windows\System\JiNarKi.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\HhpvHNC.exe
  C:\Windows\System\HhpvHNC.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\bpzuLAP.exe
  C:\Windows\System\bpzuLAP.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\nHUNbAu.exe
  C:\Windows\System\nHUNbAu.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\kuGPmcY.exe
  C:\Windows\System\kuGPmcY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\NBWSvVH.exe
  C:\Windows\System\NBWSvVH.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\XsTMCcg.exe
  C:\Windows\System\XsTMCcg.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\JjeOeRC.exe
  C:\Windows\System\JjeOeRC.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\EFpwYsa.exe
  C:\Windows\System\EFpwYsa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ftgpGbX.exe
  C:\Windows\System\ftgpGbX.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\zEImSYB.exe
  C:\Windows\System\zEImSYB.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\pIGigPn.exe
  C:\Windows\System\pIGigPn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\CSBgYlC.exe
  C:\Windows\System\CSBgYlC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\VTTgWKn.exe
  C:\Windows\System\VTTgWKn.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ZndsfCT.exe
  C:\Windows\System\ZndsfCT.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\cLlAkUV.exe
  C:\Windows\System\cLlAkUV.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\fakAyOd.exe
  C:\Windows\System\fakAyOd.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\SmFbZNv.exe
  C:\Windows\System\SmFbZNv.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\SxuOylK.exe
  C:\Windows\System\SxuOylK.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\hCpKGJH.exe
  C:\Windows\System\hCpKGJH.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ADZMgfe.exe
  C:\Windows\System\ADZMgfe.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\prwZvov.exe
  C:\Windows\System\prwZvov.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\SiMiIrv.exe
  C:\Windows\System\SiMiIrv.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\SgTMEVd.exe
  C:\Windows\System\SgTMEVd.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\boJbTkG.exe
  C:\Windows\System\boJbTkG.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\iSEyHVi.exe
  C:\Windows\System\iSEyHVi.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\lUTHTaY.exe
  C:\Windows\System\lUTHTaY.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\BksAhIZ.exe
  C:\Windows\System\BksAhIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ekGYkci.exe
  C:\Windows\System\ekGYkci.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\YmJDFVy.exe
  C:\Windows\System\YmJDFVy.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\iriBVom.exe
  C:\Windows\System\iriBVom.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\BgFxuJn.exe
  C:\Windows\System\BgFxuJn.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZQeBUPA.exe
  C:\Windows\System\ZQeBUPA.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\BQgBCsg.exe
  C:\Windows\System\BQgBCsg.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\noeLRdY.exe
  C:\Windows\System\noeLRdY.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\XQKtWAU.exe
  C:\Windows\System\XQKtWAU.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\NNIgeZD.exe
  C:\Windows\System\NNIgeZD.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\aVFbXvV.exe
  C:\Windows\System\aVFbXvV.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\YLWBgYs.exe
  C:\Windows\System\YLWBgYs.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\moDrKVg.exe
  C:\Windows\System\moDrKVg.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\mnbbPWN.exe
  C:\Windows\System\mnbbPWN.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\YAnPkCE.exe
  C:\Windows\System\YAnPkCE.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\HAQIOtf.exe
  C:\Windows\System\HAQIOtf.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\jtcinbX.exe
  C:\Windows\System\jtcinbX.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\TXyQwEB.exe
  C:\Windows\System\TXyQwEB.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\uSFeFud.exe
  C:\Windows\System\uSFeFud.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\xRaeBfQ.exe
  C:\Windows\System\xRaeBfQ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\knujSFX.exe
  C:\Windows\System\knujSFX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\jUtvjDP.exe
  C:\Windows\System\jUtvjDP.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hpaYWpQ.exe
  C:\Windows\System\hpaYWpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QeLBYEI.exe
  C:\Windows\System\QeLBYEI.exe
  2⤵
  PID:1048
- C:\Windows\System\GlMnPJb.exe
  C:\Windows\System\GlMnPJb.exe
  2⤵
  PID:2968
- C:\Windows\System\hfXnqfe.exe
  C:\Windows\System\hfXnqfe.exe
  2⤵
  PID:2528
- C:\Windows\System\fHHHaES.exe
  C:\Windows\System\fHHHaES.exe
  2⤵
  PID:1468
- C:\Windows\System\lPBfiiS.exe
  C:\Windows\System\lPBfiiS.exe
  2⤵
  PID:1128
- C:\Windows\System\lWCqIrt.exe
  C:\Windows\System\lWCqIrt.exe
  2⤵
  PID:2196
- C:\Windows\System\YllOPYD.exe
  C:\Windows\System\YllOPYD.exe
  2⤵
  PID:600
- C:\Windows\System\yNOTOZm.exe
  C:\Windows\System\yNOTOZm.exe
  2⤵
  PID:944
- C:\Windows\System\vYMRlQT.exe
  C:\Windows\System\vYMRlQT.exe
  2⤵
  PID:2676
- C:\Windows\System\gaXTLqv.exe
  C:\Windows\System\gaXTLqv.exe
  2⤵
  PID:1716
- C:\Windows\System\WHmaZsG.exe
  C:\Windows\System\WHmaZsG.exe
  2⤵
  PID:1776
- C:\Windows\System\xbveTAL.exe
  C:\Windows\System\xbveTAL.exe
  2⤵
  PID:1848
- C:\Windows\System\KQormwo.exe
  C:\Windows\System\KQormwo.exe
  2⤵
  PID:2524
- C:\Windows\System\GmCVvtI.exe
  C:\Windows\System\GmCVvtI.exe
  2⤵
  PID:1892
- C:\Windows\System\yJWHTVB.exe
  C:\Windows\System\yJWHTVB.exe
  2⤵
  PID:1544
- C:\Windows\System\RjaAiyK.exe
  C:\Windows\System\RjaAiyK.exe
  2⤵
  PID:892
- C:\Windows\System\gqtZwgt.exe
  C:\Windows\System\gqtZwgt.exe
  2⤵
  PID:2436
- C:\Windows\System\wSDTUIO.exe
  C:\Windows\System\wSDTUIO.exe
  2⤵
  PID:2444
- C:\Windows\System\dhGWUvF.exe
  C:\Windows\System\dhGWUvF.exe
  2⤵
  PID:1604
- C:\Windows\System\koLMlUL.exe
  C:\Windows\System\koLMlUL.exe
  2⤵
  PID:2012
- C:\Windows\System\uPjGwTz.exe
  C:\Windows\System\uPjGwTz.exe
  2⤵
  PID:3052
- C:\Windows\System\kwkbQuS.exe
  C:\Windows\System\kwkbQuS.exe
  2⤵
  PID:2692
- C:\Windows\System\xXPpjWW.exe
  C:\Windows\System\xXPpjWW.exe
  2⤵
  PID:1508
- C:\Windows\System\qqQxDYn.exe
  C:\Windows\System\qqQxDYn.exe
  2⤵
  PID:2748
- C:\Windows\System\YpvfWZA.exe
  C:\Windows\System\YpvfWZA.exe
  2⤵
  PID:684
- C:\Windows\System\wsnlxVg.exe
  C:\Windows\System\wsnlxVg.exe
  2⤵
  PID:1312
- C:\Windows\System\OUdpynM.exe
  C:\Windows\System\OUdpynM.exe
  2⤵
  PID:1144
- C:\Windows\System\jzlaZPg.exe
  C:\Windows\System\jzlaZPg.exe
  2⤵
  PID:2252
- C:\Windows\System\zKWiyPw.exe
  C:\Windows\System\zKWiyPw.exe
  2⤵
  PID:2280
- C:\Windows\System\nTaqMct.exe
  C:\Windows\System\nTaqMct.exe
  2⤵
  PID:2184
- C:\Windows\System\QPDfgpn.exe
  C:\Windows\System\QPDfgpn.exe
  2⤵
  PID:1932
- C:\Windows\System\YHXDgHe.exe
  C:\Windows\System\YHXDgHe.exe
  2⤵
  PID:1956
- C:\Windows\System\CzASHsU.exe
  C:\Windows\System\CzASHsU.exe
  2⤵
  PID:852
- C:\Windows\System\eMRLJeA.exe
  C:\Windows\System\eMRLJeA.exe
  2⤵
  PID:1484
- C:\Windows\System\XnmbkFz.exe
  C:\Windows\System\XnmbkFz.exe
  2⤵
  PID:560
- C:\Windows\System\VHjCNfe.exe
  C:\Windows\System\VHjCNfe.exe
  2⤵
  PID:1352
- C:\Windows\System\brjuEjG.exe
  C:\Windows\System\brjuEjG.exe
  2⤵
  PID:1996
- C:\Windows\System\MZqRtcJ.exe
  C:\Windows\System\MZqRtcJ.exe
  2⤵
  PID:2288
- C:\Windows\System\sKJlquk.exe
  C:\Windows\System\sKJlquk.exe
  2⤵
  PID:2468
- C:\Windows\System\otQhkyK.exe
  C:\Windows\System\otQhkyK.exe
  2⤵
  PID:2860
- C:\Windows\System\GKTFLLJ.exe
  C:\Windows\System\GKTFLLJ.exe
  2⤵
  PID:2940
- C:\Windows\System\tAFSGrE.exe
  C:\Windows\System\tAFSGrE.exe
  2⤵
  PID:1224
- C:\Windows\System\yBnivNW.exe
  C:\Windows\System\yBnivNW.exe
  2⤵
  PID:2124
- C:\Windows\System\GrUmNep.exe
  C:\Windows\System\GrUmNep.exe
  2⤵
  PID:1196
- C:\Windows\System\bNjFAmM.exe
  C:\Windows\System\bNjFAmM.exe
  2⤵
  PID:3080
- C:\Windows\System\oNgQddk.exe
  C:\Windows\System\oNgQddk.exe
  2⤵
  PID:3100
- C:\Windows\System\hBlQpVd.exe
  C:\Windows\System\hBlQpVd.exe
  2⤵
  PID:3120
- C:\Windows\System\qGiUDOn.exe
  C:\Windows\System\qGiUDOn.exe
  2⤵
  PID:3140
- C:\Windows\System\DEGtacJ.exe
  C:\Windows\System\DEGtacJ.exe
  2⤵
  PID:3160
- C:\Windows\System\cSojYXk.exe
  C:\Windows\System\cSojYXk.exe
  2⤵
  PID:3180
- C:\Windows\System\vPiexsA.exe
  C:\Windows\System\vPiexsA.exe
  2⤵
  PID:3200
- C:\Windows\System\MlsBxVI.exe
  C:\Windows\System\MlsBxVI.exe
  2⤵
  PID:3220
- C:\Windows\System\VcSMNaZ.exe
  C:\Windows\System\VcSMNaZ.exe
  2⤵
  PID:3240
- C:\Windows\System\JXXDcMr.exe
  C:\Windows\System\JXXDcMr.exe
  2⤵
  PID:3260
- C:\Windows\System\QIphQxu.exe
  C:\Windows\System\QIphQxu.exe
  2⤵
  PID:3280
- C:\Windows\System\bAefCXQ.exe
  C:\Windows\System\bAefCXQ.exe
  2⤵
  PID:3300
- C:\Windows\System\RyWyAXK.exe
  C:\Windows\System\RyWyAXK.exe
  2⤵
  PID:3320
- C:\Windows\System\RyFzHvW.exe
  C:\Windows\System\RyFzHvW.exe
  2⤵
  PID:3340
- C:\Windows\System\lSubxJO.exe
  C:\Windows\System\lSubxJO.exe
  2⤵
  PID:3360
- C:\Windows\System\eOSNbZq.exe
  C:\Windows\System\eOSNbZq.exe
  2⤵
  PID:3380
- C:\Windows\System\jIpvJDQ.exe
  C:\Windows\System\jIpvJDQ.exe
  2⤵
  PID:3400
- C:\Windows\System\MffuguL.exe
  C:\Windows\System\MffuguL.exe
  2⤵
  PID:3420
- C:\Windows\System\sTaAhuz.exe
  C:\Windows\System\sTaAhuz.exe
  2⤵
  PID:3440
- C:\Windows\System\CjFmJCM.exe
  C:\Windows\System\CjFmJCM.exe
  2⤵
  PID:3460
- C:\Windows\System\TFuDpSq.exe
  C:\Windows\System\TFuDpSq.exe
  2⤵
  PID:3484
- C:\Windows\System\CurrYFT.exe
  C:\Windows\System\CurrYFT.exe
  2⤵
  PID:3504
- C:\Windows\System\YSfLexS.exe
  C:\Windows\System\YSfLexS.exe
  2⤵
  PID:3528
- C:\Windows\System\CFATNic.exe
  C:\Windows\System\CFATNic.exe
  2⤵
  PID:3548
- C:\Windows\System\IpBYGIz.exe
  C:\Windows\System\IpBYGIz.exe
  2⤵
  PID:3568
- C:\Windows\System\jBiauFT.exe
  C:\Windows\System\jBiauFT.exe
  2⤵
  PID:3588
- C:\Windows\System\evkFdid.exe
  C:\Windows\System\evkFdid.exe
  2⤵
  PID:3604
- C:\Windows\System\wDFVkTX.exe
  C:\Windows\System\wDFVkTX.exe
  2⤵
  PID:3628
- C:\Windows\System\NTjQDew.exe
  C:\Windows\System\NTjQDew.exe
  2⤵
  PID:3644
- C:\Windows\System\zLCjIgU.exe
  C:\Windows\System\zLCjIgU.exe
  2⤵
  PID:3668
- C:\Windows\System\kSshTjg.exe
  C:\Windows\System\kSshTjg.exe
  2⤵
  PID:3688
- C:\Windows\System\JghqpDu.exe
  C:\Windows\System\JghqpDu.exe
  2⤵
  PID:3708
- C:\Windows\System\bZEjKya.exe
  C:\Windows\System\bZEjKya.exe
  2⤵
  PID:3728
- C:\Windows\System\inwtliq.exe
  C:\Windows\System\inwtliq.exe
  2⤵
  PID:3748
- C:\Windows\System\RALRlaB.exe
  C:\Windows\System\RALRlaB.exe
  2⤵
  PID:3768
- C:\Windows\System\UbMwnWK.exe
  C:\Windows\System\UbMwnWK.exe
  2⤵
  PID:3788
- C:\Windows\System\QsWdiGF.exe
  C:\Windows\System\QsWdiGF.exe
  2⤵
  PID:3804
- C:\Windows\System\GoYgaTh.exe
  C:\Windows\System\GoYgaTh.exe
  2⤵
  PID:3828
- C:\Windows\System\bHGIZGr.exe
  C:\Windows\System\bHGIZGr.exe
  2⤵
  PID:3848
- C:\Windows\System\ZOIQbRp.exe
  C:\Windows\System\ZOIQbRp.exe
  2⤵
  PID:3868
- C:\Windows\System\xZETIvG.exe
  C:\Windows\System\xZETIvG.exe
  2⤵
  PID:3884
- C:\Windows\System\OtSSrgX.exe
  C:\Windows\System\OtSSrgX.exe
  2⤵
  PID:3928
- C:\Windows\System\NUFzXeI.exe
  C:\Windows\System\NUFzXeI.exe
  2⤵
  PID:3952
- C:\Windows\System\hJFJyYq.exe
  C:\Windows\System\hJFJyYq.exe
  2⤵
  PID:3976
- C:\Windows\System\ImxluYV.exe
  C:\Windows\System\ImxluYV.exe
  2⤵
  PID:3992
- C:\Windows\System\tvILMuU.exe
  C:\Windows\System\tvILMuU.exe
  2⤵
  PID:4012
- C:\Windows\System\iJuaOSm.exe
  C:\Windows\System\iJuaOSm.exe
  2⤵
  PID:4040
- C:\Windows\System\tPmthTn.exe
  C:\Windows\System\tPmthTn.exe
  2⤵
  PID:4056
- C:\Windows\System\lDMyjEB.exe
  C:\Windows\System\lDMyjEB.exe
  2⤵
  PID:4076
- C:\Windows\System\QjcRQLO.exe
  C:\Windows\System\QjcRQLO.exe
  2⤵
  PID:4092
- C:\Windows\System\AsWfqSB.exe
  C:\Windows\System\AsWfqSB.exe
  2⤵
  PID:1856
- C:\Windows\System\bOnHZNo.exe
  C:\Windows\System\bOnHZNo.exe
  2⤵
  PID:2660
- C:\Windows\System\URdGQck.exe
  C:\Windows\System\URdGQck.exe
  2⤵
  PID:2312
- C:\Windows\System\DEKKQSo.exe
  C:\Windows\System\DEKKQSo.exe
  2⤵
  PID:1500
- C:\Windows\System\itCWaPP.exe
  C:\Windows\System\itCWaPP.exe
  2⤵
  PID:3008
- C:\Windows\System\HomkcdK.exe
  C:\Windows\System\HomkcdK.exe
  2⤵
  PID:2308
- C:\Windows\System\ZSLAXbV.exe
  C:\Windows\System\ZSLAXbV.exe
  2⤵
  PID:2788
- C:\Windows\System\ZGbwbhb.exe
  C:\Windows\System\ZGbwbhb.exe
  2⤵
  PID:3096
- C:\Windows\System\rdgdTZf.exe
  C:\Windows\System\rdgdTZf.exe
  2⤵
  PID:3128
- C:\Windows\System\yWGHjcD.exe
  C:\Windows\System\yWGHjcD.exe
  2⤵
  PID:3132
- C:\Windows\System\tBWtkGX.exe
  C:\Windows\System\tBWtkGX.exe
  2⤵
  PID:3172
- C:\Windows\System\lKIcGPq.exe
  C:\Windows\System\lKIcGPq.exe
  2⤵
  PID:3216
- C:\Windows\System\aliGMGa.exe
  C:\Windows\System\aliGMGa.exe
  2⤵
  PID:3292
- C:\Windows\System\nkKuxFc.exe
  C:\Windows\System\nkKuxFc.exe
  2⤵
  PID:3268
- C:\Windows\System\YoqwVLF.exe
  C:\Windows\System\YoqwVLF.exe
  2⤵
  PID:3336
- C:\Windows\System\gOmFmYL.exe
  C:\Windows\System\gOmFmYL.exe
  2⤵
  PID:3368
- C:\Windows\System\DWwdCEw.exe
  C:\Windows\System\DWwdCEw.exe
  2⤵
  PID:3376
- C:\Windows\System\TLxpUpA.exe
  C:\Windows\System\TLxpUpA.exe
  2⤵
  PID:3396
- C:\Windows\System\inhkFas.exe
  C:\Windows\System\inhkFas.exe
  2⤵
  PID:3456
- C:\Windows\System\nnrjgrr.exe
  C:\Windows\System\nnrjgrr.exe
  2⤵
  PID:3468
- C:\Windows\System\iYyEvbp.exe
  C:\Windows\System\iYyEvbp.exe
  2⤵
  PID:2668
- C:\Windows\System\xuLXfSN.exe
  C:\Windows\System\xuLXfSN.exe
  2⤵
  PID:3556
- C:\Windows\System\PDkqsoR.exe
  C:\Windows\System\PDkqsoR.exe
  2⤵
  PID:3612
- C:\Windows\System\GSjIAmb.exe
  C:\Windows\System\GSjIAmb.exe
  2⤵
  PID:3596
- C:\Windows\System\BmzfTfh.exe
  C:\Windows\System\BmzfTfh.exe
  2⤵
  PID:3640
- C:\Windows\System\GdGSvMf.exe
  C:\Windows\System\GdGSvMf.exe
  2⤵
  PID:3680
- C:\Windows\System\aPAYTEM.exe
  C:\Windows\System\aPAYTEM.exe
  2⤵
  PID:3716
- C:\Windows\System\UyEaJjk.exe
  C:\Windows\System\UyEaJjk.exe
  2⤵
  PID:3720
- C:\Windows\System\jsMZlGi.exe
  C:\Windows\System\jsMZlGi.exe
  2⤵
  PID:3820
- C:\Windows\System\AGAkRCp.exe
  C:\Windows\System\AGAkRCp.exe
  2⤵
  PID:3756
- C:\Windows\System\xkbfzEN.exe
  C:\Windows\System\xkbfzEN.exe
  2⤵
  PID:3892
- C:\Windows\System\zfsFLGV.exe
  C:\Windows\System\zfsFLGV.exe
  2⤵
  PID:3844
- C:\Windows\System\jyinAWR.exe
  C:\Windows\System\jyinAWR.exe
  2⤵
  PID:1660
- C:\Windows\System\rfpQOOY.exe
  C:\Windows\System\rfpQOOY.exe
  2⤵
  PID:3012
- C:\Windows\System\sNlaPyp.exe
  C:\Windows\System\sNlaPyp.exe
  2⤵
  PID:3896
- C:\Windows\System\sJnWUFr.exe
  C:\Windows\System\sJnWUFr.exe
  2⤵
  PID:2088
- C:\Windows\System\kgBZifu.exe
  C:\Windows\System\kgBZifu.exe
  2⤵
  PID:2608
- C:\Windows\System\McpDYjT.exe
  C:\Windows\System\McpDYjT.exe
  2⤵
  PID:2568
- C:\Windows\System\gCeYESj.exe
  C:\Windows\System\gCeYESj.exe
  2⤵
  PID:848
- C:\Windows\System\nsFPsdY.exe
  C:\Windows\System\nsFPsdY.exe
  2⤵
  PID:1620
- C:\Windows\System\DqLdznx.exe
  C:\Windows\System\DqLdznx.exe
  2⤵
  PID:3944
- C:\Windows\System\mrSXpFi.exe
  C:\Windows\System\mrSXpFi.exe
  2⤵
  PID:3968
- C:\Windows\System\aFWsCGz.exe
  C:\Windows\System\aFWsCGz.exe
  2⤵
  PID:3984
- C:\Windows\System\ZeOePeM.exe
  C:\Windows\System\ZeOePeM.exe
  2⤵
  PID:4036
- C:\Windows\System\vbISseS.exe
  C:\Windows\System\vbISseS.exe
  2⤵
  PID:4088
- C:\Windows\System\vRbLfzH.exe
  C:\Windows\System\vRbLfzH.exe
  2⤵
  PID:3480
- C:\Windows\System\tEORMzr.exe
  C:\Windows\System\tEORMzr.exe
  2⤵
  PID:1680
- C:\Windows\System\YgOGIti.exe
  C:\Windows\System\YgOGIti.exe
  2⤵
  PID:2712
- C:\Windows\System\vbgomkP.exe
  C:\Windows\System\vbgomkP.exe
  2⤵
  PID:2412
- C:\Windows\System\bogrWrK.exe
  C:\Windows\System\bogrWrK.exe
  2⤵
  PID:2780
- C:\Windows\System\qKnmVye.exe
  C:\Windows\System\qKnmVye.exe
  2⤵
  PID:2828
- C:\Windows\System\FneAMrk.exe
  C:\Windows\System\FneAMrk.exe
  2⤵
  PID:3108
- C:\Windows\System\STRJwJI.exe
  C:\Windows\System\STRJwJI.exe
  2⤵
  PID:3208
- C:\Windows\System\eRxJuoN.exe
  C:\Windows\System\eRxJuoN.exe
  2⤵
  PID:2800
- C:\Windows\System\aBLzffI.exe
  C:\Windows\System\aBLzffI.exe
  2⤵
  PID:3276
- C:\Windows\System\DDndaJa.exe
  C:\Windows\System\DDndaJa.exe
  2⤵
  PID:3316
- C:\Windows\System\PKvKAoY.exe
  C:\Windows\System\PKvKAoY.exe
  2⤵
  PID:3448
- C:\Windows\System\gdkLQtV.exe
  C:\Windows\System\gdkLQtV.exe
  2⤵
  PID:3428
- C:\Windows\System\ysPYzdn.exe
  C:\Windows\System\ysPYzdn.exe
  2⤵
  PID:3524
- C:\Windows\System\CDkgqsQ.exe
  C:\Windows\System\CDkgqsQ.exe
  2⤵
  PID:3540
- C:\Windows\System\WXVlGNo.exe
  C:\Windows\System\WXVlGNo.exe
  2⤵
  PID:3564
- C:\Windows\System\oQfmKhT.exe
  C:\Windows\System\oQfmKhT.exe
  2⤵
  PID:3624
- C:\Windows\System\EKpOrIh.exe
  C:\Windows\System\EKpOrIh.exe
  2⤵
  PID:3920
- C:\Windows\System\QDNeVUJ.exe
  C:\Windows\System\QDNeVUJ.exe
  2⤵
  PID:3696
- C:\Windows\System\KGcQpNC.exe
  C:\Windows\System\KGcQpNC.exe
  2⤵
  PID:2320
- C:\Windows\System\ejUmagZ.exe
  C:\Windows\System\ejUmagZ.exe
  2⤵
  PID:3704
- C:\Windows\System\tDSkyfi.exe
  C:\Windows\System\tDSkyfi.exe
  2⤵
  PID:3780
- C:\Windows\System\dKpZNXE.exe
  C:\Windows\System\dKpZNXE.exe
  2⤵
  PID:1860
- C:\Windows\System\umqIbxv.exe
  C:\Windows\System\umqIbxv.exe
  2⤵
  PID:3904
- C:\Windows\System\cttEsFo.exe
  C:\Windows\System\cttEsFo.exe
  2⤵
  PID:3800
- C:\Windows\System\zLKOUvj.exe
  C:\Windows\System\zLKOUvj.exe
  2⤵
  PID:2648
- C:\Windows\System\ocgbSxq.exe
  C:\Windows\System\ocgbSxq.exe
  2⤵
  PID:2728
- C:\Windows\System\VzClDnc.exe
  C:\Windows\System\VzClDnc.exe
  2⤵
  PID:2752
- C:\Windows\System\UeVslCm.exe
  C:\Windows\System\UeVslCm.exe
  2⤵
  PID:2652
- C:\Windows\System\TMwhZvm.exe
  C:\Windows\System\TMwhZvm.exe
  2⤵
  PID:4020
- C:\Windows\System\bXBpBHs.exe
  C:\Windows\System\bXBpBHs.exe
  2⤵
  PID:4032
- C:\Windows\System\HjCiMna.exe
  C:\Windows\System\HjCiMna.exe
  2⤵
  PID:1428
- C:\Windows\System\qykcZLm.exe
  C:\Windows\System\qykcZLm.exe
  2⤵
  PID:4068
- C:\Windows\System\SavOkRq.exe
  C:\Windows\System\SavOkRq.exe
  2⤵
  PID:1388
- C:\Windows\System\APoGrET.exe
  C:\Windows\System\APoGrET.exe
  2⤵
  PID:3088
- C:\Windows\System\QrTOZGR.exe
  C:\Windows\System\QrTOZGR.exe
  2⤵
  PID:3248
- C:\Windows\System\MaWijQa.exe
  C:\Windows\System\MaWijQa.exe
  2⤵
  PID:1772
- C:\Windows\System\PnAgMFo.exe
  C:\Windows\System\PnAgMFo.exe
  2⤵
  PID:3388
- C:\Windows\System\athnyKp.exe
  C:\Windows\System\athnyKp.exe
  2⤵
  PID:3328
- C:\Windows\System\xLXgHSy.exe
  C:\Windows\System\xLXgHSy.exe
  2⤵
  PID:3156
- C:\Windows\System\EjqmOog.exe
  C:\Windows\System\EjqmOog.exe
  2⤵
  PID:876
- C:\Windows\System\WEUYiih.exe
  C:\Windows\System\WEUYiih.exe
  2⤵
  PID:3516
- C:\Windows\System\KqGNHKx.exe
  C:\Windows\System\KqGNHKx.exe
  2⤵
  PID:2596
- C:\Windows\System\tUVDGmF.exe
  C:\Windows\System\tUVDGmF.exe
  2⤵
  PID:3856
- C:\Windows\System\aFIIidB.exe
  C:\Windows\System\aFIIidB.exe
  2⤵
  PID:3924
- C:\Windows\System\thtQqKj.exe
  C:\Windows\System\thtQqKj.exe
  2⤵
  PID:3812
- C:\Windows\System\DkMpCnW.exe
  C:\Windows\System\DkMpCnW.exe
  2⤵
  PID:796
- C:\Windows\System\OTkHozh.exe
  C:\Windows\System\OTkHozh.exe
  2⤵
  PID:2832
- C:\Windows\System\RHcdwca.exe
  C:\Windows\System\RHcdwca.exe
  2⤵
  PID:3784
- C:\Windows\System\teiyJFc.exe
  C:\Windows\System\teiyJFc.exe
  2⤵
  PID:2424
- C:\Windows\System\EzBGKUV.exe
  C:\Windows\System\EzBGKUV.exe
  2⤵
  PID:3876
- C:\Windows\System\BujXLAk.exe
  C:\Windows\System\BujXLAk.exe
  2⤵
  PID:1944
- C:\Windows\System\UGAcxXD.exe
  C:\Windows\System\UGAcxXD.exe
  2⤵
  PID:3936
- C:\Windows\System\ZdUGdop.exe
  C:\Windows\System\ZdUGdop.exe
  2⤵
  PID:4072
- C:\Windows\System\ySQsuaz.exe
  C:\Windows\System\ySQsuaz.exe
  2⤵
  PID:3236
- C:\Windows\System\UHlbcxC.exe
  C:\Windows\System\UHlbcxC.exe
  2⤵
  PID:2884
- C:\Windows\System\YDCVUWM.exe
  C:\Windows\System\YDCVUWM.exe
  2⤵
  PID:3112
- C:\Windows\System\hARLdkb.exe
  C:\Windows\System\hARLdkb.exe
  2⤵
  PID:3296
- C:\Windows\System\NkRlfsO.exe
  C:\Windows\System\NkRlfsO.exe
  2⤵
  PID:3496
- C:\Windows\System\mFdmjen.exe
  C:\Windows\System\mFdmjen.exe
  2⤵
  PID:3664
- C:\Windows\System\pasAQfy.exe
  C:\Windows\System\pasAQfy.exe
  2⤵
  PID:2824
- C:\Windows\System\hgdVFcY.exe
  C:\Windows\System\hgdVFcY.exe
  2⤵
  PID:2576
- C:\Windows\System\lPnVRQA.exe
  C:\Windows\System\lPnVRQA.exe
  2⤵
  PID:2388
- C:\Windows\System\KqRErBH.exe
  C:\Windows\System\KqRErBH.exe
  2⤵
  PID:1736
- C:\Windows\System\MShlLhl.exe
  C:\Windows\System\MShlLhl.exe
  2⤵
  PID:1764
- C:\Windows\System\ohybdFk.exe
  C:\Windows\System\ohybdFk.exe
  2⤵
  PID:3076
- C:\Windows\System\ZhAcHLn.exe
  C:\Windows\System\ZhAcHLn.exe
  2⤵
  PID:4052
- C:\Windows\System\rLoQRZr.exe
  C:\Windows\System\rLoQRZr.exe
  2⤵
  PID:3092
- C:\Windows\System\vsmiFAZ.exe
  C:\Windows\System\vsmiFAZ.exe
  2⤵
  PID:3544
- C:\Windows\System\rEIYJtB.exe
  C:\Windows\System\rEIYJtB.exe
  2⤵
  PID:3288
- C:\Windows\System\oBaDDyL.exe
  C:\Windows\System\oBaDDyL.exe
  2⤵
  PID:3740
- C:\Windows\System\apZdCkN.exe
  C:\Windows\System\apZdCkN.exe
  2⤵
  PID:1992
- C:\Windows\System\ggafhCa.exe
  C:\Windows\System\ggafhCa.exe
  2⤵
  PID:4104
- C:\Windows\System\XLPuQoC.exe
  C:\Windows\System\XLPuQoC.exe
  2⤵
  PID:4120
- C:\Windows\System\GUgJTkT.exe
  C:\Windows\System\GUgJTkT.exe
  2⤵
  PID:4156
- C:\Windows\System\QjoHRBR.exe
  C:\Windows\System\QjoHRBR.exe
  2⤵
  PID:4176
- C:\Windows\System\sgVJNqo.exe
  C:\Windows\System\sgVJNqo.exe
  2⤵
  PID:4196
- C:\Windows\System\zegkNtT.exe
  C:\Windows\System\zegkNtT.exe
  2⤵
  PID:4224
- C:\Windows\System\vGlpySE.exe
  C:\Windows\System\vGlpySE.exe
  2⤵
  PID:4256
- C:\Windows\System\TgGIzkZ.exe
  C:\Windows\System\TgGIzkZ.exe
  2⤵
  PID:4272
- C:\Windows\System\voUnflM.exe
  C:\Windows\System\voUnflM.exe
  2⤵
  PID:4288
- C:\Windows\System\sQjgtBU.exe
  C:\Windows\System\sQjgtBU.exe
  2⤵
  PID:4304
- C:\Windows\System\efKjKfF.exe
  C:\Windows\System\efKjKfF.exe
  2⤵
  PID:4320
- C:\Windows\System\TjmSVbw.exe
  C:\Windows\System\TjmSVbw.exe
  2⤵
  PID:4336
- C:\Windows\System\innxEvK.exe
  C:\Windows\System\innxEvK.exe
  2⤵
  PID:4352
- C:\Windows\System\wkjyski.exe
  C:\Windows\System\wkjyski.exe
  2⤵
  PID:4368
- C:\Windows\System\bOFfwbH.exe
  C:\Windows\System\bOFfwbH.exe
  2⤵
  PID:4384
- C:\Windows\System\DVRJKbL.exe
  C:\Windows\System\DVRJKbL.exe
  2⤵
  PID:4400
- C:\Windows\System\zGDQdDM.exe
  C:\Windows\System\zGDQdDM.exe
  2⤵
  PID:4416
- C:\Windows\System\KzSrRTN.exe
  C:\Windows\System\KzSrRTN.exe
  2⤵
  PID:4484
- C:\Windows\System\Cdtcder.exe
  C:\Windows\System\Cdtcder.exe
  2⤵
  PID:4500
- C:\Windows\System\yKlLhXS.exe
  C:\Windows\System\yKlLhXS.exe
  2⤵
  PID:4520
- C:\Windows\System\YrehSEy.exe
  C:\Windows\System\YrehSEy.exe
  2⤵
  PID:4536
- C:\Windows\System\nOjzHaI.exe
  C:\Windows\System\nOjzHaI.exe
  2⤵
  PID:4560
- C:\Windows\System\MxwlyXe.exe
  C:\Windows\System\MxwlyXe.exe
  2⤵
  PID:4576
- C:\Windows\System\EPokiEh.exe
  C:\Windows\System\EPokiEh.exe
  2⤵
  PID:4596
- C:\Windows\System\MTqTTKl.exe
  C:\Windows\System\MTqTTKl.exe
  2⤵
  PID:4612
- C:\Windows\System\NmqIKHf.exe
  C:\Windows\System\NmqIKHf.exe
  2⤵
  PID:4628
- C:\Windows\System\eRWdEmF.exe
  C:\Windows\System\eRWdEmF.exe
  2⤵
  PID:4644
- C:\Windows\System\MJtFXGA.exe
  C:\Windows\System\MJtFXGA.exe
  2⤵
  PID:4660
- C:\Windows\System\inQWsuv.exe
  C:\Windows\System\inQWsuv.exe
  2⤵
  PID:4684
- C:\Windows\System\YfPoLPS.exe
  C:\Windows\System\YfPoLPS.exe
  2⤵
  PID:4700
- C:\Windows\System\tunpHWA.exe
  C:\Windows\System\tunpHWA.exe
  2⤵
  PID:4720
- C:\Windows\System\NtesvuH.exe
  C:\Windows\System\NtesvuH.exe
  2⤵
  PID:4740
- C:\Windows\System\OUQTyNA.exe
  C:\Windows\System\OUQTyNA.exe
  2⤵
  PID:4756
- C:\Windows\System\hnZYvkl.exe
  C:\Windows\System\hnZYvkl.exe
  2⤵
  PID:4800
- C:\Windows\System\xRtUcQA.exe
  C:\Windows\System\xRtUcQA.exe
  2⤵
  PID:4820
- C:\Windows\System\fhaUCkP.exe
  C:\Windows\System\fhaUCkP.exe
  2⤵
  PID:4844
- C:\Windows\System\fXMJpeA.exe
  C:\Windows\System\fXMJpeA.exe
  2⤵
  PID:4860
- C:\Windows\System\siHpObo.exe
  C:\Windows\System\siHpObo.exe
  2⤵
  PID:4876
- C:\Windows\System\vAWXKzP.exe
  C:\Windows\System\vAWXKzP.exe
  2⤵
  PID:4892
- C:\Windows\System\CNlnZQE.exe
  C:\Windows\System\CNlnZQE.exe
  2⤵
  PID:4912
- C:\Windows\System\BvFnHpZ.exe
  C:\Windows\System\BvFnHpZ.exe
  2⤵
  PID:4932
- C:\Windows\System\lfDAMek.exe
  C:\Windows\System\lfDAMek.exe
  2⤵
  PID:4948
- C:\Windows\System\oweYGAO.exe
  C:\Windows\System\oweYGAO.exe
  2⤵
  PID:4964
- C:\Windows\System\FRzrrBR.exe
  C:\Windows\System\FRzrrBR.exe
  2⤵
  PID:4992
- C:\Windows\System\jecETQm.exe
  C:\Windows\System\jecETQm.exe
  2⤵
  PID:5008
- C:\Windows\System\LJqIkAn.exe
  C:\Windows\System\LJqIkAn.exe
  2⤵
  PID:5024
- C:\Windows\System\dOMabDa.exe
  C:\Windows\System\dOMabDa.exe
  2⤵
  PID:5064
- C:\Windows\System\ZBGPZHi.exe
  C:\Windows\System\ZBGPZHi.exe
  2⤵
  PID:5084
- C:\Windows\System\bqKcdzm.exe
  C:\Windows\System\bqKcdzm.exe
  2⤵
  PID:5100
- C:\Windows\System\iVKVgTH.exe
  C:\Windows\System\iVKVgTH.exe
  2⤵
  PID:5116
- C:\Windows\System\XzvhLwi.exe
  C:\Windows\System\XzvhLwi.exe
  2⤵
  PID:2188
- C:\Windows\System\sHwcurq.exe
  C:\Windows\System\sHwcurq.exe
  2⤵
  PID:2912
- C:\Windows\System\hKMkChR.exe
  C:\Windows\System\hKMkChR.exe
  2⤵
  PID:3492
- C:\Windows\System\bnrfZES.exe
  C:\Windows\System\bnrfZES.exe
  2⤵
  PID:2384
- C:\Windows\System\trTaFKn.exe
  C:\Windows\System\trTaFKn.exe
  2⤵
  PID:3412
- C:\Windows\System\GrbANMg.exe
  C:\Windows\System\GrbANMg.exe
  2⤵
  PID:4128
- C:\Windows\System\DQeFWaF.exe
  C:\Windows\System\DQeFWaF.exe
  2⤵
  PID:4116
- C:\Windows\System\zITcMbA.exe
  C:\Windows\System\zITcMbA.exe
  2⤵
  PID:4152
- C:\Windows\System\oSKbDvd.exe
  C:\Windows\System\oSKbDvd.exe
  2⤵
  PID:4192
- C:\Windows\System\WSUlEAw.exe
  C:\Windows\System\WSUlEAw.exe
  2⤵
  PID:4204
- C:\Windows\System\Daxvhoc.exe
  C:\Windows\System\Daxvhoc.exe
  2⤵
  PID:4264
- C:\Windows\System\KSgckii.exe
  C:\Windows\System\KSgckii.exe
  2⤵
  PID:4240
- C:\Windows\System\glodKWt.exe
  C:\Windows\System\glodKWt.exe
  2⤵
  PID:4376
- C:\Windows\System\OKfFGDl.exe
  C:\Windows\System\OKfFGDl.exe
  2⤵
  PID:4360
- C:\Windows\System\SnWSFhd.exe
  C:\Windows\System\SnWSFhd.exe
  2⤵
  PID:4300
- C:\Windows\System\kTlEMAz.exe
  C:\Windows\System\kTlEMAz.exe
  2⤵
  PID:4496
- C:\Windows\System\QCtjHVB.exe
  C:\Windows\System\QCtjHVB.exe
  2⤵
  PID:4452
- C:\Windows\System\flNUTbL.exe
  C:\Windows\System\flNUTbL.exe
  2⤵
  PID:4364
- C:\Windows\System\xibhBne.exe
  C:\Windows\System\xibhBne.exe
  2⤵
  PID:4428
- C:\Windows\System\LjlSrbV.exe
  C:\Windows\System\LjlSrbV.exe
  2⤵
  PID:4604
- C:\Windows\System\pPcEmUn.exe
  C:\Windows\System\pPcEmUn.exe
  2⤵
  PID:4672
- C:\Windows\System\NDEeQbq.exe
  C:\Windows\System\NDEeQbq.exe
  2⤵
  PID:4676
- C:\Windows\System\skIipzs.exe
  C:\Windows\System\skIipzs.exe
  2⤵
  PID:4716
- C:\Windows\System\IEWCiyD.exe
  C:\Windows\System\IEWCiyD.exe
  2⤵
  PID:4652
- C:\Windows\System\fASFsoP.exe
  C:\Windows\System\fASFsoP.exe
  2⤵
  PID:4548
- C:\Windows\System\vdYqlas.exe
  C:\Windows\System\vdYqlas.exe
  2⤵
  PID:4812
- C:\Windows\System\XAIueGb.exe
  C:\Windows\System\XAIueGb.exe
  2⤵
  PID:4852
- C:\Windows\System\qTbCMPH.exe
  C:\Windows\System\qTbCMPH.exe
  2⤵
  PID:4888
- C:\Windows\System\qdDwzgW.exe
  C:\Windows\System\qdDwzgW.exe
  2⤵
  PID:4736
- C:\Windows\System\EFNRAFG.exe
  C:\Windows\System\EFNRAFG.exe
  2⤵
  PID:4920
- C:\Windows\System\ajdNavJ.exe
  C:\Windows\System\ajdNavJ.exe
  2⤵
  PID:4960
- C:\Windows\System\SZPfXzG.exe
  C:\Windows\System\SZPfXzG.exe
  2⤵
  PID:4836
- C:\Windows\System\jXmyZOi.exe
  C:\Windows\System\jXmyZOi.exe
  2⤵
  PID:4984
- C:\Windows\System\hFiijlu.exe
  C:\Windows\System\hFiijlu.exe
  2⤵
  PID:4972
- C:\Windows\System\wvJchOt.exe
  C:\Windows\System\wvJchOt.exe
  2⤵
  PID:5048
- C:\Windows\System\DVFNhfn.exe
  C:\Windows\System\DVFNhfn.exe
  2⤵
  PID:5092
- C:\Windows\System\TFsoKPr.exe
  C:\Windows\System\TFsoKPr.exe
  2⤵
  PID:5112
- C:\Windows\System\iOfqfRw.exe
  C:\Windows\System\iOfqfRw.exe
  2⤵
  PID:3948
- C:\Windows\System\dwjDhsm.exe
  C:\Windows\System\dwjDhsm.exe
  2⤵
  PID:2864
- C:\Windows\System\ZVyIXVr.exe
  C:\Windows\System\ZVyIXVr.exe
  2⤵
  PID:4136
- C:\Windows\System\XubIbPA.exe
  C:\Windows\System\XubIbPA.exe
  2⤵
  PID:4188
- C:\Windows\System\KiOYHQs.exe
  C:\Windows\System\KiOYHQs.exe
  2⤵
  PID:4252
- C:\Windows\System\pCAJUBo.exe
  C:\Windows\System\pCAJUBo.exe
  2⤵
  PID:2840
- C:\Windows\System\SvxzsuZ.exe
  C:\Windows\System\SvxzsuZ.exe
  2⤵
  PID:4332
- C:\Windows\System\RxIXDSW.exe
  C:\Windows\System\RxIXDSW.exe
  2⤵
  PID:4284
- C:\Windows\System\BQXTcVr.exe
  C:\Windows\System\BQXTcVr.exe
  2⤵
  PID:4316
- C:\Windows\System\PxqxGjx.exe
  C:\Windows\System\PxqxGjx.exe
  2⤵
  PID:4220
- C:\Windows\System\gUkEfrc.exe
  C:\Windows\System\gUkEfrc.exe
  2⤵
  PID:4480
- C:\Windows\System\alHBZAh.exe
  C:\Windows\System\alHBZAh.exe
  2⤵
  PID:4464
- C:\Windows\System\YvHGafi.exe
  C:\Windows\System\YvHGafi.exe
  2⤵
  PID:4640
- C:\Windows\System\cjBtVXa.exe
  C:\Windows\System\cjBtVXa.exe
  2⤵
  PID:4624
- C:\Windows\System\NkUTjZO.exe
  C:\Windows\System\NkUTjZO.exe
  2⤵
  PID:4696
- C:\Windows\System\ziWQRDY.exe
  C:\Windows\System\ziWQRDY.exe
  2⤵
  PID:4796
- C:\Windows\System\yNsnUxz.exe
  C:\Windows\System\yNsnUxz.exe
  2⤵
  PID:4772
- C:\Windows\System\PTNCrhh.exe
  C:\Windows\System\PTNCrhh.exe
  2⤵
  PID:4788
- C:\Windows\System\hKRubzn.exe
  C:\Windows\System\hKRubzn.exe
  2⤵
  PID:4904
- C:\Windows\System\KEezKid.exe
  C:\Windows\System\KEezKid.exe
  2⤵
  PID:5032
- C:\Windows\System\YFuJIsI.exe
  C:\Windows\System\YFuJIsI.exe
  2⤵
  PID:4980
- C:\Windows\System\qNdXcZR.exe
  C:\Windows\System\qNdXcZR.exe
  2⤵
  PID:5040
- C:\Windows\System\xZRSnab.exe
  C:\Windows\System\xZRSnab.exe
  2⤵
  PID:5080
- C:\Windows\System\YXxrPsJ.exe
  C:\Windows\System\YXxrPsJ.exe
  2⤵
  PID:2260
- C:\Windows\System\nppbsSF.exe
  C:\Windows\System\nppbsSF.exe
  2⤵
  PID:3764
- C:\Windows\System\QFWgHKK.exe
  C:\Windows\System\QFWgHKK.exe
  2⤵
  PID:4348
- C:\Windows\System\AnEbuhC.exe
  C:\Windows\System\AnEbuhC.exe
  2⤵
  PID:4532
- C:\Windows\System\HnitnLP.exe
  C:\Windows\System\HnitnLP.exe
  2⤵
  PID:4928
- C:\Windows\System\xedrnGz.exe
  C:\Windows\System\xedrnGz.exe
  2⤵
  PID:4780
- C:\Windows\System\ldWfabM.exe
  C:\Windows\System\ldWfabM.exe
  2⤵
  PID:4412
- C:\Windows\System\fOwWGmK.exe
  C:\Windows\System\fOwWGmK.exe
  2⤵
  PID:4492
- C:\Windows\System\CQDjAQW.exe
  C:\Windows\System\CQDjAQW.exe
  2⤵
  PID:4588
- C:\Windows\System\SbAXJfp.exe
  C:\Windows\System\SbAXJfp.exe
  2⤵
  PID:4544
- C:\Windows\System\xdvpOoz.exe
  C:\Windows\System\xdvpOoz.exe
  2⤵
  PID:3908
- C:\Windows\System\jlKYeeY.exe
  C:\Windows\System\jlKYeeY.exe
  2⤵
  PID:4884
- C:\Windows\System\qIXocUC.exe
  C:\Windows\System\qIXocUC.exe
  2⤵
  PID:4768
- C:\Windows\System\cKHXcif.exe
  C:\Windows\System\cKHXcif.exe
  2⤵
  PID:4024
- C:\Windows\System\cTyUxlm.exe
  C:\Windows\System\cTyUxlm.exe
  2⤵
  PID:4100
- C:\Windows\System\UEMFxsE.exe
  C:\Windows\System\UEMFxsE.exe
  2⤵
  PID:4344
- C:\Windows\System\VzHbrey.exe
  C:\Windows\System\VzHbrey.exe
  2⤵
  PID:4460
- C:\Windows\System\OYGfRLl.exe
  C:\Windows\System\OYGfRLl.exe
  2⤵
  PID:1344
- C:\Windows\System\uzenlfx.exe
  C:\Windows\System\uzenlfx.exe
  2⤵
  PID:4584
- C:\Windows\System\GJBBvIM.exe
  C:\Windows\System\GJBBvIM.exe
  2⤵
  PID:5056
- C:\Windows\System\VklalxZ.exe
  C:\Windows\System\VklalxZ.exe
  2⤵
  PID:3256
- C:\Windows\System\GLGnywQ.exe
  C:\Windows\System\GLGnywQ.exe
  2⤵
  PID:5060
- C:\Windows\System\vNPVDVs.exe
  C:\Windows\System\vNPVDVs.exe
  2⤵
  PID:4516
- C:\Windows\System\RJuwuWE.exe
  C:\Windows\System\RJuwuWE.exe
  2⤵
  PID:4712
- C:\Windows\System\kGEzLyu.exe
  C:\Windows\System\kGEzLyu.exe
  2⤵
  PID:3356
- C:\Windows\System\sLPIXmf.exe
  C:\Windows\System\sLPIXmf.exe
  2⤵
  PID:4752
- C:\Windows\System\rdwxHPU.exe
  C:\Windows\System\rdwxHPU.exe
  2⤵
  PID:5128
- C:\Windows\System\dlnXeYe.exe
  C:\Windows\System\dlnXeYe.exe
  2⤵
  PID:5148
- C:\Windows\System\DEWpvLj.exe
  C:\Windows\System\DEWpvLj.exe
  2⤵
  PID:5168
- C:\Windows\System\FqtuekZ.exe
  C:\Windows\System\FqtuekZ.exe
  2⤵
  PID:5192
- C:\Windows\System\kknaahs.exe
  C:\Windows\System\kknaahs.exe
  2⤵
  PID:5220
- C:\Windows\System\DljrXpF.exe
  C:\Windows\System\DljrXpF.exe
  2⤵
  PID:5236
- C:\Windows\System\eZbpzlR.exe
  C:\Windows\System\eZbpzlR.exe
  2⤵
  PID:5252
- C:\Windows\System\mkzIxMR.exe
  C:\Windows\System\mkzIxMR.exe
  2⤵
  PID:5272
- C:\Windows\System\SZzEAtI.exe
  C:\Windows\System\SZzEAtI.exe
  2⤵
  PID:5288
- C:\Windows\System\aUmepAv.exe
  C:\Windows\System\aUmepAv.exe
  2⤵
  PID:5304
- C:\Windows\System\WhGFmEC.exe
  C:\Windows\System\WhGFmEC.exe
  2⤵
  PID:5328
- C:\Windows\System\zsAieqk.exe
  C:\Windows\System\zsAieqk.exe
  2⤵
  PID:5348
- C:\Windows\System\MsRXSEL.exe
  C:\Windows\System\MsRXSEL.exe
  2⤵
  PID:5364
- C:\Windows\System\soeVoqb.exe
  C:\Windows\System\soeVoqb.exe
  2⤵
  PID:5380
- C:\Windows\System\mgeTMbc.exe
  C:\Windows\System\mgeTMbc.exe
  2⤵
  PID:5396
- C:\Windows\System\xmxLrKf.exe
  C:\Windows\System\xmxLrKf.exe
  2⤵
  PID:5412
- C:\Windows\System\QekIbQw.exe
  C:\Windows\System\QekIbQw.exe
  2⤵
  PID:5428
- C:\Windows\System\JhHIiwv.exe
  C:\Windows\System\JhHIiwv.exe
  2⤵
  PID:5456
- C:\Windows\System\GgotKqt.exe
  C:\Windows\System\GgotKqt.exe
  2⤵
  PID:5472
- C:\Windows\System\LAHRPFx.exe
  C:\Windows\System\LAHRPFx.exe
  2⤵
  PID:5520
- C:\Windows\System\gziwHQk.exe
  C:\Windows\System\gziwHQk.exe
  2⤵
  PID:5536
- C:\Windows\System\kwzSJUS.exe
  C:\Windows\System\kwzSJUS.exe
  2⤵
  PID:5552
- C:\Windows\System\KiyUKOr.exe
  C:\Windows\System\KiyUKOr.exe
  2⤵
  PID:5576
- C:\Windows\System\WxRdIdD.exe
  C:\Windows\System\WxRdIdD.exe
  2⤵
  PID:5600
- C:\Windows\System\rLEwTgk.exe
  C:\Windows\System\rLEwTgk.exe
  2⤵
  PID:5616
- C:\Windows\System\drBXVNv.exe
  C:\Windows\System\drBXVNv.exe
  2⤵
  PID:5632
- C:\Windows\System\OdKKDnY.exe
  C:\Windows\System\OdKKDnY.exe
  2⤵
  PID:5648
- C:\Windows\System\MxfGjlM.exe
  C:\Windows\System\MxfGjlM.exe
  2⤵
  PID:5664
- C:\Windows\System\uSrxpIb.exe
  C:\Windows\System\uSrxpIb.exe
  2⤵
  PID:5680
- C:\Windows\System\cOgCsSK.exe
  C:\Windows\System\cOgCsSK.exe
  2⤵
  PID:5696
- C:\Windows\System\UOfoeXB.exe
  C:\Windows\System\UOfoeXB.exe
  2⤵
  PID:5712
- C:\Windows\System\fndBnDu.exe
  C:\Windows\System\fndBnDu.exe
  2⤵
  PID:5728
- C:\Windows\System\MklnoaP.exe
  C:\Windows\System\MklnoaP.exe
  2⤵
  PID:5764
- C:\Windows\System\XaVGsQG.exe
  C:\Windows\System\XaVGsQG.exe
  2⤵
  PID:5800
- C:\Windows\System\XlaTrHS.exe
  C:\Windows\System\XlaTrHS.exe
  2⤵
  PID:5816
- C:\Windows\System\ttVRVYM.exe
  C:\Windows\System\ttVRVYM.exe
  2⤵
  PID:5836
- C:\Windows\System\ZSkpceP.exe
  C:\Windows\System\ZSkpceP.exe
  2⤵
  PID:5852
- C:\Windows\System\lZuZnLF.exe
  C:\Windows\System\lZuZnLF.exe
  2⤵
  PID:5868
- C:\Windows\System\kTjOVNj.exe
  C:\Windows\System\kTjOVNj.exe
  2⤵
  PID:5884
- C:\Windows\System\FXCOeQL.exe
  C:\Windows\System\FXCOeQL.exe
  2⤵
  PID:5900
- C:\Windows\System\chxJVrA.exe
  C:\Windows\System\chxJVrA.exe
  2⤵
  PID:5924
- C:\Windows\System\LgkvTbF.exe
  C:\Windows\System\LgkvTbF.exe
  2⤵
  PID:5940
- C:\Windows\System\VDsSAYK.exe
  C:\Windows\System\VDsSAYK.exe
  2⤵
  PID:5972
- C:\Windows\System\oVToMoa.exe
  C:\Windows\System\oVToMoa.exe
  2⤵
  PID:5988
- C:\Windows\System\umZRFmX.exe
  C:\Windows\System\umZRFmX.exe
  2⤵
  PID:6016
- C:\Windows\System\qdODAnD.exe
  C:\Windows\System\qdODAnD.exe
  2⤵
  PID:6036
- C:\Windows\System\XsOLOqp.exe
  C:\Windows\System\XsOLOqp.exe
  2⤵
  PID:6060
- C:\Windows\System\nMmGEHh.exe
  C:\Windows\System\nMmGEHh.exe
  2⤵
  PID:6076
- C:\Windows\System\uPIWbxW.exe
  C:\Windows\System\uPIWbxW.exe
  2⤵
  PID:6100
- C:\Windows\System\TsOYXQL.exe
  C:\Windows\System\TsOYXQL.exe
  2⤵
  PID:6116
- C:\Windows\System\jJUVxMg.exe
  C:\Windows\System\jJUVxMg.exe
  2⤵
  PID:6132
- C:\Windows\System\QiuCItj.exe
  C:\Windows\System\QiuCItj.exe
  2⤵
  PID:4432
- C:\Windows\System\SJFYjSR.exe
  C:\Windows\System\SJFYjSR.exe
  2⤵
  PID:4668
- C:\Windows\System\BGoeGJA.exe
  C:\Windows\System\BGoeGJA.exe
  2⤵
  PID:5160
- C:\Windows\System\ODAfbqw.exe
  C:\Windows\System\ODAfbqw.exe
  2⤵
  PID:4164
- C:\Windows\System\cJnZrHk.exe
  C:\Windows\System\cJnZrHk.exe
  2⤵
  PID:5200
- C:\Windows\System\BeJEnzf.exe
  C:\Windows\System\BeJEnzf.exe
  2⤵
  PID:5144
- C:\Windows\System\FyaOsVh.exe
  C:\Windows\System\FyaOsVh.exe
  2⤵
  PID:5212
- C:\Windows\System\ENFJjeO.exe
  C:\Windows\System\ENFJjeO.exe
  2⤵
  PID:5228
- C:\Windows\System\ihWHtLW.exe
  C:\Windows\System\ihWHtLW.exe
  2⤵
  PID:5316
- C:\Windows\System\pexYbmB.exe
  C:\Windows\System\pexYbmB.exe
  2⤵
  PID:5268
- C:\Windows\System\yzqURIR.exe
  C:\Windows\System\yzqURIR.exe
  2⤵
  PID:5388
- C:\Windows\System\gwioAdF.exe
  C:\Windows\System\gwioAdF.exe
  2⤵
  PID:5464
- C:\Windows\System\fGdcZqX.exe
  C:\Windows\System\fGdcZqX.exe
  2⤵
  PID:2496
- C:\Windows\System\WtDSCtz.exe
  C:\Windows\System\WtDSCtz.exe
  2⤵
  PID:2084
- C:\Windows\System\qharFZp.exe
  C:\Windows\System\qharFZp.exe
  2⤵
  PID:5436
- C:\Windows\System\FRGyLpg.exe
  C:\Windows\System\FRGyLpg.exe
  2⤵
  PID:5480
- C:\Windows\System\uMygYUI.exe
  C:\Windows\System\uMygYUI.exe
  2⤵
  PID:5544
- C:\Windows\System\mmWKRIc.exe
  C:\Windows\System\mmWKRIc.exe
  2⤵
  PID:5548
- C:\Windows\System\SDexcQi.exe
  C:\Windows\System\SDexcQi.exe
  2⤵
  PID:5584
- C:\Windows\System\aMNAPmb.exe
  C:\Windows\System\aMNAPmb.exe
  2⤵
  PID:5612
- C:\Windows\System\gJuzAvA.exe
  C:\Windows\System\gJuzAvA.exe
  2⤵
  PID:5704
- C:\Windows\System\KigQaVl.exe
  C:\Windows\System\KigQaVl.exe
  2⤵
  PID:5736
- C:\Windows\System\jyTcBYc.exe
  C:\Windows\System\jyTcBYc.exe
  2⤵
  PID:5752
- C:\Windows\System\cqClXYY.exe
  C:\Windows\System\cqClXYY.exe
  2⤵
  PID:5720
- C:\Windows\System\zPpfxwP.exe
  C:\Windows\System\zPpfxwP.exe
  2⤵
  PID:5628
- C:\Windows\System\qwbELzy.exe
  C:\Windows\System\qwbELzy.exe
  2⤵
  PID:5784
- C:\Windows\System\VXLqAsK.exe
  C:\Windows\System\VXLqAsK.exe
  2⤵
  PID:5776
- C:\Windows\System\ZZhURIc.exe
  C:\Windows\System\ZZhURIc.exe
  2⤵
  PID:5892
- C:\Windows\System\EJjLxkZ.exe
  C:\Windows\System\EJjLxkZ.exe
  2⤵
  PID:5952
- C:\Windows\System\iAwCLtQ.exe
  C:\Windows\System\iAwCLtQ.exe
  2⤵
  PID:5968
- C:\Windows\System\VnefROW.exe
  C:\Windows\System\VnefROW.exe
  2⤵
  PID:5860
- C:\Windows\System\cplDpfI.exe
  C:\Windows\System\cplDpfI.exe
  2⤵
  PID:6000
- C:\Windows\System\muILwfF.exe
  C:\Windows\System\muILwfF.exe
  2⤵
  PID:6012
- C:\Windows\System\NvdlJUI.exe
  C:\Windows\System\NvdlJUI.exe
  2⤵
  PID:6084
- C:\Windows\System\QwoCmIh.exe
  C:\Windows\System\QwoCmIh.exe
  2⤵
  PID:6128
- C:\Windows\System\vGGsjGE.exe
  C:\Windows\System\vGGsjGE.exe
  2⤵
  PID:2812
- C:\Windows\System\gZJSrEK.exe
  C:\Windows\System\gZJSrEK.exe
  2⤵
  PID:6140
- C:\Windows\System\VopYFbt.exe
  C:\Windows\System\VopYFbt.exe
  2⤵
  PID:5264
- C:\Windows\System\uFfZVEu.exe
  C:\Windows\System\uFfZVEu.exe
  2⤵
  PID:5488
- C:\Windows\System\MVXQdbM.exe
  C:\Windows\System\MVXQdbM.exe
  2⤵
  PID:5452
- C:\Windows\System\Gnnaohi.exe
  C:\Windows\System\Gnnaohi.exe
  2⤵
  PID:6072
- C:\Windows\System\kaAjbOc.exe
  C:\Windows\System\kaAjbOc.exe
  2⤵
  PID:5560
- C:\Windows\System\CVEqiNw.exe
  C:\Windows\System\CVEqiNw.exe
  2⤵
  PID:5780
- C:\Windows\System\CwVXhfy.exe
  C:\Windows\System\CwVXhfy.exe
  2⤵
  PID:5408
- C:\Windows\System\QHDDocw.exe
  C:\Windows\System\QHDDocw.exe
  2⤵
  PID:6108
- C:\Windows\System\cpkQmFq.exe
  C:\Windows\System\cpkQmFq.exe
  2⤵
  PID:5216
- C:\Windows\System\ABbuomQ.exe
  C:\Windows\System\ABbuomQ.exe
  2⤵
  PID:5336
- C:\Windows\System\LVpcpBU.exe
  C:\Windows\System\LVpcpBU.exe
  2⤵
  PID:5016
- C:\Windows\System\uJkxfnB.exe
  C:\Windows\System\uJkxfnB.exe
  2⤵
  PID:5844
- C:\Windows\System\iptSqvV.exe
  C:\Windows\System\iptSqvV.exe
  2⤵
  PID:5908
- C:\Windows\System\QOXSshM.exe
  C:\Windows\System\QOXSshM.exe
  2⤵
  PID:5644
- C:\Windows\System\EZXVWGh.exe
  C:\Windows\System\EZXVWGh.exe
  2⤵
  PID:5660
- C:\Windows\System\AHEknrG.exe
  C:\Windows\System\AHEknrG.exe
  2⤵
  PID:1056
- C:\Windows\System\vAcTInL.exe
  C:\Windows\System\vAcTInL.exe
  2⤵
  PID:5964
- C:\Windows\System\CTCfWCQ.exe
  C:\Windows\System\CTCfWCQ.exe
  2⤵
  PID:6032
- C:\Windows\System\GTxlCrn.exe
  C:\Windows\System\GTxlCrn.exe
  2⤵
  PID:5932
- C:\Windows\System\tIAaGzC.exe
  C:\Windows\System\tIAaGzC.exe
  2⤵
  PID:5248
- C:\Windows\System\TtNqPcJ.exe
  C:\Windows\System\TtNqPcJ.exe
  2⤵
  PID:2108
- C:\Windows\System\MMXYqxy.exe
  C:\Windows\System\MMXYqxy.exe
  2⤵
  PID:5424
- C:\Windows\System\lyGaOAv.exe
  C:\Windows\System\lyGaOAv.exe
  2⤵
  PID:5592
- C:\Windows\System\dcyDmyB.exe
  C:\Windows\System\dcyDmyB.exe
  2⤵
  PID:5608
- C:\Windows\System\BsYRFUm.exe
  C:\Windows\System\BsYRFUm.exe
  2⤵
  PID:1260
- C:\Windows\System\AiMWDKP.exe
  C:\Windows\System\AiMWDKP.exe
  2⤵
  PID:3520
- C:\Windows\System\afYUfqv.exe
  C:\Windows\System\afYUfqv.exe
  2⤵
  PID:5504
- C:\Windows\System\zutvJqt.exe
  C:\Windows\System\zutvJqt.exe
  2⤵
  PID:5176
- C:\Windows\System\YNpfgMG.exe
  C:\Windows\System\YNpfgMG.exe
  2⤵
  PID:5360
- C:\Windows\System\YFDlwkF.exe
  C:\Windows\System\YFDlwkF.exe
  2⤵
  PID:2256
- C:\Windows\System\bCrXqGB.exe
  C:\Windows\System\bCrXqGB.exe
  2⤵
  PID:5920
- C:\Windows\System\CHGKfyc.exe
  C:\Windows\System\CHGKfyc.exe
  2⤵
  PID:6024
- C:\Windows\System\apkjNhj.exe
  C:\Windows\System\apkjNhj.exe
  2⤵
  PID:884
- C:\Windows\System\MUhVsmq.exe
  C:\Windows\System\MUhVsmq.exe
  2⤵
  PID:5004
- C:\Windows\System\yTwqdlp.exe
  C:\Windows\System\yTwqdlp.exe
  2⤵
  PID:3724
- C:\Windows\System\KUyDRgd.exe
  C:\Windows\System\KUyDRgd.exe
  2⤵
  PID:316
- C:\Windows\System\ThQuzXe.exe
  C:\Windows\System\ThQuzXe.exe
  2⤵
  PID:5980
- C:\Windows\System\liOhOYz.exe
  C:\Windows\System\liOhOYz.exe
  2⤵
  PID:6096
- C:\Windows\System\Urttvvv.exe
  C:\Windows\System\Urttvvv.exe
  2⤵
  PID:4468
- C:\Windows\System\zkcjhZv.exe
  C:\Windows\System\zkcjhZv.exe
  2⤵
  PID:2976
- C:\Windows\System\Xyrwqev.exe
  C:\Windows\System\Xyrwqev.exe
  2⤵
  PID:5344
- C:\Windows\System\VDXiKKT.exe
  C:\Windows\System\VDXiKKT.exe
  2⤵
  PID:4472
- C:\Windows\System\WCZYrEv.exe
  C:\Windows\System\WCZYrEv.exe
  2⤵
  PID:5792
- C:\Windows\System\dqnHCyM.exe
  C:\Windows\System\dqnHCyM.exe
  2⤵
  PID:5812
- C:\Windows\System\UCQtivX.exe
  C:\Windows\System\UCQtivX.exe
  2⤵
  PID:6068
- C:\Windows\System\sqFspGj.exe
  C:\Windows\System\sqFspGj.exe
  2⤵
  PID:5184
- C:\Windows\System\XloyZXF.exe
  C:\Windows\System\XloyZXF.exe
  2⤵
  PID:5916
- C:\Windows\System\TBnEKOi.exe
  C:\Windows\System\TBnEKOi.exe
  2⤵
  PID:5572
- C:\Windows\System\wHdxFYX.exe
  C:\Windows\System\wHdxFYX.exe
  2⤵
  PID:4408
- C:\Windows\System\cWJJTRM.exe
  C:\Windows\System\cWJJTRM.exe
  2⤵
  PID:5796
- C:\Windows\System\QVNuNOj.exe
  C:\Windows\System\QVNuNOj.exe
  2⤵
  PID:5324
- C:\Windows\System\eaqBBxo.exe
  C:\Windows\System\eaqBBxo.exe
  2⤵
  PID:5156
- C:\Windows\System\jSbleFQ.exe
  C:\Windows\System\jSbleFQ.exe
  2⤵
  PID:6156
- C:\Windows\System\wGQEkjZ.exe
  C:\Windows\System\wGQEkjZ.exe
  2⤵
  PID:6176
- C:\Windows\System\ZHqJtoZ.exe
  C:\Windows\System\ZHqJtoZ.exe
  2⤵
  PID:6196
- C:\Windows\System\cZEiWFT.exe
  C:\Windows\System\cZEiWFT.exe
  2⤵
  PID:6216
- C:\Windows\System\DpMFSdp.exe
  C:\Windows\System\DpMFSdp.exe
  2⤵
  PID:6232
- C:\Windows\System\zwrtFxd.exe
  C:\Windows\System\zwrtFxd.exe
  2⤵
  PID:6248
- C:\Windows\System\orlWFqR.exe
  C:\Windows\System\orlWFqR.exe
  2⤵
  PID:6264
- C:\Windows\System\xEtipbC.exe
  C:\Windows\System\xEtipbC.exe
  2⤵
  PID:6284
- C:\Windows\System\FciVNbM.exe
  C:\Windows\System\FciVNbM.exe
  2⤵
  PID:6308
- C:\Windows\System\bBhEcaN.exe
  C:\Windows\System\bBhEcaN.exe
  2⤵
  PID:6332
- C:\Windows\System\ijfYPqx.exe
  C:\Windows\System\ijfYPqx.exe
  2⤵
  PID:6368
- C:\Windows\System\mnyTRcF.exe
  C:\Windows\System\mnyTRcF.exe
  2⤵
  PID:6384
- C:\Windows\System\RKatjwY.exe
  C:\Windows\System\RKatjwY.exe
  2⤵
  PID:6400
- C:\Windows\System\rATKwLs.exe
  C:\Windows\System\rATKwLs.exe
  2⤵
  PID:6416
- C:\Windows\System\ZZJogGW.exe
  C:\Windows\System\ZZJogGW.exe
  2⤵
  PID:6432
- C:\Windows\System\OePLibH.exe
  C:\Windows\System\OePLibH.exe
  2⤵
  PID:6472
- C:\Windows\System\PNmZDnp.exe
  C:\Windows\System\PNmZDnp.exe
  2⤵
  PID:6488
- C:\Windows\System\jXcbMWL.exe
  C:\Windows\System\jXcbMWL.exe
  2⤵
  PID:6508
- C:\Windows\System\sYGqMoS.exe
  C:\Windows\System\sYGqMoS.exe
  2⤵
  PID:6532
- C:\Windows\System\idTMMCu.exe
  C:\Windows\System\idTMMCu.exe
  2⤵
  PID:6548
- C:\Windows\System\aarvoXP.exe
  C:\Windows\System\aarvoXP.exe
  2⤵
  PID:6564
- C:\Windows\System\LuKUmTa.exe
  C:\Windows\System\LuKUmTa.exe
  2⤵
  PID:6580
- C:\Windows\System\FuEHPuo.exe
  C:\Windows\System\FuEHPuo.exe
  2⤵
  PID:6596
- C:\Windows\System\wZeipoZ.exe
  C:\Windows\System\wZeipoZ.exe
  2⤵
  PID:6612
- C:\Windows\System\magGKwn.exe
  C:\Windows\System\magGKwn.exe
  2⤵
  PID:6632
- C:\Windows\System\FagMJWN.exe
  C:\Windows\System\FagMJWN.exe
  2⤵
  PID:6652
- C:\Windows\System\KthzdvH.exe
  C:\Windows\System\KthzdvH.exe
  2⤵
  PID:6668
- C:\Windows\System\vZwZOmQ.exe
  C:\Windows\System\vZwZOmQ.exe
  2⤵
  PID:6684
- C:\Windows\System\sIbffUA.exe
  C:\Windows\System\sIbffUA.exe
  2⤵
  PID:6708
- C:\Windows\System\qMNysBW.exe
  C:\Windows\System\qMNysBW.exe
  2⤵
  PID:6724
- C:\Windows\System\CbORIkZ.exe
  C:\Windows\System\CbORIkZ.exe
  2⤵
  PID:6748
- C:\Windows\System\mQgowBk.exe
  C:\Windows\System\mQgowBk.exe
  2⤵
  PID:6768
- C:\Windows\System\yyYKLHq.exe
  C:\Windows\System\yyYKLHq.exe
  2⤵
  PID:6784
- C:\Windows\System\VbfjIyn.exe
  C:\Windows\System\VbfjIyn.exe
  2⤵
  PID:6800
- C:\Windows\System\vukoNTx.exe
  C:\Windows\System\vukoNTx.exe
  2⤵
  PID:6824
- C:\Windows\System\HWLEWep.exe
  C:\Windows\System\HWLEWep.exe
  2⤵
  PID:6840
- C:\Windows\System\HyAhTpx.exe
  C:\Windows\System\HyAhTpx.exe
  2⤵
  PID:6860
- C:\Windows\System\CZcLllV.exe
  C:\Windows\System\CZcLllV.exe
  2⤵
  PID:6876
- C:\Windows\System\MRsHlmE.exe
  C:\Windows\System\MRsHlmE.exe
  2⤵
  PID:6896
- C:\Windows\System\AWfsvut.exe
  C:\Windows\System\AWfsvut.exe
  2⤵
  PID:6940
- C:\Windows\System\PMHJDVY.exe
  C:\Windows\System\PMHJDVY.exe
  2⤵
  PID:6972
- C:\Windows\System\qjapbFk.exe
  C:\Windows\System\qjapbFk.exe
  2⤵
  PID:6988
- C:\Windows\System\aOjSvqJ.exe
  C:\Windows\System\aOjSvqJ.exe
  2⤵
  PID:7004
- C:\Windows\System\gkGCSCi.exe
  C:\Windows\System\gkGCSCi.exe
  2⤵
  PID:7020
- C:\Windows\System\mZPiLZs.exe
  C:\Windows\System\mZPiLZs.exe
  2⤵
  PID:7036
- C:\Windows\System\sRakmzu.exe
  C:\Windows\System\sRakmzu.exe
  2⤵
  PID:7052
- C:\Windows\System\PdsclPu.exe
  C:\Windows\System\PdsclPu.exe
  2⤵
  PID:7072
- C:\Windows\System\EqhdFLX.exe
  C:\Windows\System\EqhdFLX.exe
  2⤵
  PID:7092
- C:\Windows\System\bXNTJNu.exe
  C:\Windows\System\bXNTJNu.exe
  2⤵
  PID:7108
- C:\Windows\System\zoCnKmn.exe
  C:\Windows\System\zoCnKmn.exe
  2⤵
  PID:7124
- C:\Windows\System\sgfBgWZ.exe
  C:\Windows\System\sgfBgWZ.exe
  2⤵
  PID:7140
- C:\Windows\System\HHlusBf.exe
  C:\Windows\System\HHlusBf.exe
  2⤵
  PID:7156
- C:\Windows\System\CDJvuQt.exe
  C:\Windows\System\CDJvuQt.exe
  2⤵
  PID:6184
- C:\Windows\System\rDRYVQh.exe
  C:\Windows\System\rDRYVQh.exe
  2⤵
  PID:6224
- C:\Windows\System\mnMGfuI.exe
  C:\Windows\System\mnMGfuI.exe
  2⤵
  PID:6164
- C:\Windows\System\fovnhCf.exe
  C:\Windows\System\fovnhCf.exe
  2⤵
  PID:6300
- C:\Windows\System\fcvnuzL.exe
  C:\Windows\System\fcvnuzL.exe
  2⤵
  PID:5500
- C:\Windows\System\JUYAqBv.exe
  C:\Windows\System\JUYAqBv.exe
  2⤵
  PID:6344
- C:\Windows\System\EIkAmVv.exe
  C:\Windows\System\EIkAmVv.exe
  2⤵
  PID:6324
- C:\Windows\System\PyGlSgP.exe
  C:\Windows\System\PyGlSgP.exe
  2⤵
  PID:5312
- C:\Windows\System\MZuSBQC.exe
  C:\Windows\System\MZuSBQC.exe
  2⤵
  PID:6392
- C:\Windows\System\DJpyAKA.exe
  C:\Windows\System\DJpyAKA.exe
  2⤵
  PID:6396
- C:\Windows\System\zzYJjmA.exe
  C:\Windows\System\zzYJjmA.exe
  2⤵
  PID:6464
- C:\Windows\System\gxiwijj.exe
  C:\Windows\System\gxiwijj.exe
  2⤵
  PID:6484
- C:\Windows\System\SuUNDYx.exe
  C:\Windows\System\SuUNDYx.exe
  2⤵
  PID:6520
- C:\Windows\System\GmdPdlD.exe
  C:\Windows\System\GmdPdlD.exe
  2⤵
  PID:6560
- C:\Windows\System\OkYFnBA.exe
  C:\Windows\System\OkYFnBA.exe
  2⤵
  PID:6692
- C:\Windows\System\hwOxmTE.exe
  C:\Windows\System\hwOxmTE.exe
  2⤵
  PID:6740
- C:\Windows\System\WTYdfsJ.exe
  C:\Windows\System\WTYdfsJ.exe
  2⤵
  PID:6576
- C:\Windows\System\dHmOUbU.exe
  C:\Windows\System\dHmOUbU.exe
  2⤵
  PID:6676
- C:\Windows\System\gpBPijT.exe
  C:\Windows\System\gpBPijT.exe
  2⤵
  PID:6760
- C:\Windows\System\NuJyXWU.exe
  C:\Windows\System\NuJyXWU.exe
  2⤵
  PID:6852
- C:\Windows\System\KElZLmH.exe
  C:\Windows\System\KElZLmH.exe
  2⤵
  PID:6892
- C:\Windows\System\wJCOnyj.exe
  C:\Windows\System\wJCOnyj.exe
  2⤵
  PID:6872
- C:\Windows\System\cDuClvq.exe
  C:\Windows\System\cDuClvq.exe
  2⤵
  PID:6832
- C:\Windows\System\RbRGdYs.exe
  C:\Windows\System\RbRGdYs.exe
  2⤵
  PID:6912
- C:\Windows\System\EDaHNrk.exe
  C:\Windows\System\EDaHNrk.exe
  2⤵
  PID:6960
- C:\Windows\System\CyMSqFi.exe
  C:\Windows\System\CyMSqFi.exe
  2⤵
  PID:6924
- C:\Windows\System\txhsMWJ.exe
  C:\Windows\System\txhsMWJ.exe
  2⤵
  PID:6964
- C:\Windows\System\qYuSNvB.exe
  C:\Windows\System\qYuSNvB.exe
  2⤵
  PID:7060
- C:\Windows\System\LRxabBS.exe
  C:\Windows\System\LRxabBS.exe
  2⤵
  PID:7016
- C:\Windows\System\yNHKbtU.exe
  C:\Windows\System\yNHKbtU.exe
  2⤵
  PID:7084
- C:\Windows\System\PfIDlIt.exe
  C:\Windows\System\PfIDlIt.exe
  2⤵
  PID:6228
- C:\Windows\System\dJdoCDv.exe
  C:\Windows\System\dJdoCDv.exe
  2⤵
  PID:5708
- C:\Windows\System\POGqeCJ.exe
  C:\Windows\System\POGqeCJ.exe
  2⤵
  PID:6212
- C:\Windows\System\WyfaDxP.exe
  C:\Windows\System\WyfaDxP.exe
  2⤵
  PID:6056
- C:\Windows\System\yTTSqox.exe
  C:\Windows\System\yTTSqox.exe
  2⤵
  PID:6204
- C:\Windows\System\WNwxtHK.exe
  C:\Windows\System\WNwxtHK.exe
  2⤵
  PID:6352
- C:\Windows\System\YNQCOqk.exe
  C:\Windows\System\YNQCOqk.exe
  2⤵
  PID:6380
- C:\Windows\System\xzFfzwz.exe
  C:\Windows\System\xzFfzwz.exe
  2⤵
  PID:6448
- C:\Windows\System\rvpYDpo.exe
  C:\Windows\System\rvpYDpo.exe
  2⤵
  PID:6452
- C:\Windows\System\zehtoVV.exe
  C:\Windows\System\zehtoVV.exe
  2⤵
  PID:6516
- C:\Windows\System\kcFLHQC.exe
  C:\Windows\System\kcFLHQC.exe
  2⤵
  PID:6556
- C:\Windows\System\KPGkhAE.exe
  C:\Windows\System\KPGkhAE.exe
  2⤵
  PID:6624
- C:\Windows\System\cDzuXHp.exe
  C:\Windows\System\cDzuXHp.exe
  2⤵
  PID:6776
- C:\Windows\System\VzgAfAr.exe
  C:\Windows\System\VzgAfAr.exe
  2⤵
  PID:6848
- C:\Windows\System\otkWyhU.exe
  C:\Windows\System\otkWyhU.exe
  2⤵
  PID:6812
- C:\Windows\System\YfIKjoR.exe
  C:\Windows\System\YfIKjoR.exe
  2⤵
  PID:6908
- C:\Windows\System\iwrCzGq.exe
  C:\Windows\System\iwrCzGq.exe
  2⤵
  PID:6952
- C:\Windows\System\eaWAptI.exe
  C:\Windows\System\eaWAptI.exe
  2⤵
  PID:6764
- C:\Windows\System\PsAamMF.exe
  C:\Windows\System\PsAamMF.exe
  2⤵
  PID:7032
- C:\Windows\System\AzVgVAs.exe
  C:\Windows\System\AzVgVAs.exe
  2⤵
  PID:7044
- C:\Windows\System\cHHUIkX.exe
  C:\Windows\System\cHHUIkX.exe
  2⤵
  PID:7104
- C:\Windows\System\IKJTVIT.exe
  C:\Windows\System\IKJTVIT.exe
  2⤵
  PID:6316
- C:\Windows\System\PxKCdzp.exe
  C:\Windows\System\PxKCdzp.exe
  2⤵
  PID:7100
- C:\Windows\System\LCsaKJN.exe
  C:\Windows\System\LCsaKJN.exe
  2⤵
  PID:6260
- C:\Windows\System\BFtImje.exe
  C:\Windows\System\BFtImje.exe
  2⤵
  PID:7152
- C:\Windows\System\XXUNveJ.exe
  C:\Windows\System\XXUNveJ.exe
  2⤵
  PID:5936
- C:\Windows\System\ddJniDD.exe
  C:\Windows\System\ddJniDD.exe
  2⤵
  PID:6704
- C:\Windows\System\JAAOEbN.exe
  C:\Windows\System\JAAOEbN.exe
  2⤵
  PID:6732
- C:\Windows\System\aMOURXQ.exe
  C:\Windows\System\aMOURXQ.exe
  2⤵
  PID:6780
- C:\Windows\System\xMppGkd.exe
  C:\Windows\System\xMppGkd.exe
  2⤵
  PID:7068
- C:\Windows\System\nrbUxbT.exe
  C:\Windows\System\nrbUxbT.exe
  2⤵
  PID:6716
- C:\Windows\System\ImZCsXd.exe
  C:\Windows\System\ImZCsXd.exe
  2⤵
  PID:6608
- C:\Windows\System\mcNUdYK.exe
  C:\Windows\System\mcNUdYK.exe
  2⤵
  PID:6320
- C:\Windows\System\UAXztxu.exe
  C:\Windows\System\UAXztxu.exe
  2⤵
  PID:6148
- C:\Windows\System\AQsTnZw.exe
  C:\Windows\System\AQsTnZw.exe
  2⤵
  PID:6528
- C:\Windows\System\LWFmTyS.exe
  C:\Windows\System\LWFmTyS.exe
  2⤵
  PID:6500
- C:\Windows\System\UcWfQmO.exe
  C:\Windows\System\UcWfQmO.exe
  2⤵
  PID:6620
- C:\Windows\System\ILXkYoW.exe
  C:\Windows\System\ILXkYoW.exe
  2⤵
  PID:6984
- C:\Windows\System\jAwXFmG.exe
  C:\Windows\System\jAwXFmG.exe
  2⤵
  PID:6364
- C:\Windows\System\MvPukzA.exe
  C:\Windows\System\MvPukzA.exe
  2⤵
  PID:7012
- C:\Windows\System\jxGVtOk.exe
  C:\Windows\System\jxGVtOk.exe
  2⤵
  PID:6936
- C:\Windows\System\bFWhKTJ.exe
  C:\Windows\System\bFWhKTJ.exe
  2⤵
  PID:7176
- C:\Windows\System\sPmyxfE.exe
  C:\Windows\System\sPmyxfE.exe
  2⤵
  PID:7220
- C:\Windows\System\RxzNwjk.exe
  C:\Windows\System\RxzNwjk.exe
  2⤵
  PID:7244
- C:\Windows\System\NVHMSQn.exe
  C:\Windows\System\NVHMSQn.exe
  2⤵
  PID:7268
- C:\Windows\System\sJqZLEv.exe
  C:\Windows\System\sJqZLEv.exe
  2⤵
  PID:7284
- C:\Windows\System\RRzocLK.exe
  C:\Windows\System\RRzocLK.exe
  2⤵
  PID:7300
- C:\Windows\System\OxRwXFe.exe
  C:\Windows\System\OxRwXFe.exe
  2⤵
  PID:7316
- C:\Windows\System\kEFcwFY.exe
  C:\Windows\System\kEFcwFY.exe
  2⤵
  PID:7332
- C:\Windows\System\aJaSQdx.exe
  C:\Windows\System\aJaSQdx.exe
  2⤵
  PID:7352
- C:\Windows\System\sBjLAwF.exe
  C:\Windows\System\sBjLAwF.exe
  2⤵
  PID:7368
- C:\Windows\System\rTemiuy.exe
  C:\Windows\System\rTemiuy.exe
  2⤵
  PID:7388
- C:\Windows\System\xrsEDae.exe
  C:\Windows\System\xrsEDae.exe
  2⤵
  PID:7404
- C:\Windows\System\xtZfRPY.exe
  C:\Windows\System\xtZfRPY.exe
  2⤵
  PID:7420
- C:\Windows\System\oaVoRSu.exe
  C:\Windows\System\oaVoRSu.exe
  2⤵
  PID:7464
- C:\Windows\System\gSCiGNn.exe
  C:\Windows\System\gSCiGNn.exe
  2⤵
  PID:7488
- C:\Windows\System\PUbAWTO.exe
  C:\Windows\System\PUbAWTO.exe
  2⤵
  PID:7504
- C:\Windows\System\MNqtIsG.exe
  C:\Windows\System\MNqtIsG.exe
  2⤵
  PID:7524
- C:\Windows\System\ehGytYS.exe
  C:\Windows\System\ehGytYS.exe
  2⤵
  PID:7540
- C:\Windows\System\xifaHdg.exe
  C:\Windows\System\xifaHdg.exe
  2⤵
  PID:7556
- C:\Windows\System\AxaCIBG.exe
  C:\Windows\System\AxaCIBG.exe
  2⤵
  PID:7584
- C:\Windows\System\kPFyFWI.exe
  C:\Windows\System\kPFyFWI.exe
  2⤵
  PID:7604
- C:\Windows\System\bkahxfC.exe
  C:\Windows\System\bkahxfC.exe
  2⤵
  PID:7624
- C:\Windows\System\ggGJXDz.exe
  C:\Windows\System\ggGJXDz.exe
  2⤵
  PID:7640
- C:\Windows\System\znHIgpB.exe
  C:\Windows\System\znHIgpB.exe
  2⤵
  PID:7656
- C:\Windows\System\VwQzHZg.exe
  C:\Windows\System\VwQzHZg.exe
  2⤵
  PID:7676
- C:\Windows\System\qAgvBoC.exe
  C:\Windows\System\qAgvBoC.exe
  2⤵
  PID:7712
- C:\Windows\System\OLBHzHY.exe
  C:\Windows\System\OLBHzHY.exe
  2⤵
  PID:7732
- C:\Windows\System\xgpvWJs.exe
  C:\Windows\System\xgpvWJs.exe
  2⤵
  PID:7752
- C:\Windows\System\SdOsUlQ.exe
  C:\Windows\System\SdOsUlQ.exe
  2⤵
  PID:7768
- C:\Windows\System\uiFwQbM.exe
  C:\Windows\System\uiFwQbM.exe
  2⤵
  PID:7784
- C:\Windows\System\AMNnKhT.exe
  C:\Windows\System\AMNnKhT.exe
  2⤵
  PID:7800
- C:\Windows\System\GPqNkyR.exe
  C:\Windows\System\GPqNkyR.exe
  2⤵
  PID:7820
- C:\Windows\System\sgEIAQG.exe
  C:\Windows\System\sgEIAQG.exe
  2⤵
  PID:7836
- C:\Windows\System\jDLpnqX.exe
  C:\Windows\System\jDLpnqX.exe
  2⤵
  PID:7852
- C:\Windows\System\PZltQrh.exe
  C:\Windows\System\PZltQrh.exe
  2⤵
  PID:7868
- C:\Windows\System\OgoUeIf.exe
  C:\Windows\System\OgoUeIf.exe
  2⤵
  PID:7884
- C:\Windows\System\LvUVKaE.exe
  C:\Windows\System\LvUVKaE.exe
  2⤵
  PID:7904
- C:\Windows\System\EOlBQoJ.exe
  C:\Windows\System\EOlBQoJ.exe
  2⤵
  PID:7924
- C:\Windows\System\disvnlB.exe
  C:\Windows\System\disvnlB.exe
  2⤵
  PID:7972
- C:\Windows\System\OUQWbQU.exe
  C:\Windows\System\OUQWbQU.exe
  2⤵
  PID:7988
- C:\Windows\System\FcynjdP.exe
  C:\Windows\System\FcynjdP.exe
  2⤵
  PID:8008
- C:\Windows\System\mCLEhmq.exe
  C:\Windows\System\mCLEhmq.exe
  2⤵
  PID:8024
- C:\Windows\System\zLMAcSy.exe
  C:\Windows\System\zLMAcSy.exe
  2⤵
  PID:8040
- C:\Windows\System\TBLqAVs.exe
  C:\Windows\System\TBLqAVs.exe
  2⤵
  PID:8056
- C:\Windows\System\ParDcgW.exe
  C:\Windows\System\ParDcgW.exe
  2⤵
  PID:8076
- C:\Windows\System\PrjWCIB.exe
  C:\Windows\System\PrjWCIB.exe
  2⤵
  PID:8092
- C:\Windows\System\qdylBOr.exe
  C:\Windows\System\qdylBOr.exe
  2⤵
  PID:8108
- C:\Windows\System\EZRpVfy.exe
  C:\Windows\System\EZRpVfy.exe
  2⤵
  PID:8124
- C:\Windows\System\nIjnrab.exe
  C:\Windows\System\nIjnrab.exe
  2⤵
  PID:8148
- C:\Windows\System\qtzFuzo.exe
  C:\Windows\System\qtzFuzo.exe
  2⤵
  PID:8172
- C:\Windows\System\OMIKfNB.exe
  C:\Windows\System\OMIKfNB.exe
  2⤵
  PID:5496
- C:\Windows\System\jaBMdto.exe
  C:\Windows\System\jaBMdto.exe
  2⤵
  PID:7200
- C:\Windows\System\QjHJsvi.exe
  C:\Windows\System\QjHJsvi.exe
  2⤵
  PID:7212
- C:\Windows\System\jhnXQpz.exe
  C:\Windows\System\jhnXQpz.exe
  2⤵
  PID:6208
- C:\Windows\System\DlzWixM.exe
  C:\Windows\System\DlzWixM.exe
  2⤵
  PID:6628
- C:\Windows\System\MyWawLE.exe
  C:\Windows\System\MyWawLE.exe
  2⤵
  PID:6868
- C:\Windows\System\mATMSFp.exe
  C:\Windows\System\mATMSFp.exe
  2⤵
  PID:7256
- C:\Windows\System\NpmVpsN.exe
  C:\Windows\System\NpmVpsN.exe
  2⤵
  PID:7264
- C:\Windows\System\rKeqEUf.exe
  C:\Windows\System\rKeqEUf.exe
  2⤵
  PID:7328
- C:\Windows\System\xdIgazm.exe
  C:\Windows\System\xdIgazm.exe
  2⤵
  PID:7396
- C:\Windows\System\kxeusBQ.exe
  C:\Windows\System\kxeusBQ.exe
  2⤵
  PID:7452
- C:\Windows\System\onrwWGU.exe
  C:\Windows\System\onrwWGU.exe
  2⤵
  PID:7340
- C:\Windows\System\eSNgzrf.exe
  C:\Windows\System\eSNgzrf.exe
  2⤵
  PID:7496
- C:\Windows\System\lEaNvUt.exe
  C:\Windows\System\lEaNvUt.exe
  2⤵
  PID:7536
- C:\Windows\System\UXwIDnG.exe
  C:\Windows\System\UXwIDnG.exe
  2⤵
  PID:7512
- C:\Windows\System\tFiGuQH.exe
  C:\Windows\System\tFiGuQH.exe
  2⤵
  PID:7648
- C:\Windows\System\VzyULUv.exe
  C:\Windows\System\VzyULUv.exe
  2⤵
  PID:7688
- C:\Windows\System\SLxVaIv.exe
  C:\Windows\System\SLxVaIv.exe
  2⤵
  PID:7600
- C:\Windows\System\rlueVXV.exe
  C:\Windows\System\rlueVXV.exe
  2⤵
  PID:7668
- C:\Windows\System\tdrXaCT.exe
  C:\Windows\System\tdrXaCT.exe
  2⤵
  PID:7708
- C:\Windows\System\lxodpnr.exe
  C:\Windows\System\lxodpnr.exe
  2⤵
  PID:7744
- C:\Windows\System\yFeqImD.exe
  C:\Windows\System\yFeqImD.exe
  2⤵
  PID:7760
- C:\Windows\System\IEvDBLi.exe
  C:\Windows\System\IEvDBLi.exe
  2⤵
  PID:7812
- C:\Windows\System\IHKNiys.exe
  C:\Windows\System\IHKNiys.exe
  2⤵
  PID:7916
- C:\Windows\System\WaIdvZI.exe
  C:\Windows\System\WaIdvZI.exe
  2⤵
  PID:7828
- C:\Windows\System\GZPnWoI.exe
  C:\Windows\System\GZPnWoI.exe
  2⤵
  PID:7952
- C:\Windows\System\fDsaBWe.exe
  C:\Windows\System\fDsaBWe.exe
  2⤵
  PID:7948
- C:\Windows\System\XGfWJKY.exe
  C:\Windows\System\XGfWJKY.exe
  2⤵
  PID:8016
- C:\Windows\System\yDenWdU.exe
  C:\Windows\System\yDenWdU.exe
  2⤵
  PID:8052
- C:\Windows\System\LQFwGUN.exe
  C:\Windows\System\LQFwGUN.exe
  2⤵
  PID:8156
- C:\Windows\System\QJAudYc.exe
  C:\Windows\System\QJAudYc.exe
  2⤵
  PID:6468
- C:\Windows\System\DDeTVsV.exe
  C:\Windows\System\DDeTVsV.exe
  2⤵
  PID:8144
- C:\Windows\System\wQgESAB.exe
  C:\Windows\System\wQgESAB.exe
  2⤵
  PID:8036
- C:\Windows\System\dWKFpex.exe
  C:\Windows\System\dWKFpex.exe
  2⤵
  PID:8188
- C:\Windows\System\ktQKFSq.exe
  C:\Windows\System\ktQKFSq.exe
  2⤵
  PID:7192
- C:\Windows\System\sxVwhll.exe
  C:\Windows\System\sxVwhll.exe
  2⤵
  PID:6928
- C:\Windows\System\pKdKcGn.exe
  C:\Windows\System\pKdKcGn.exe
  2⤵
  PID:8072
- C:\Windows\System\bmVULiX.exe
  C:\Windows\System\bmVULiX.exe
  2⤵
  PID:7312
- C:\Windows\System\xckuyPk.exe
  C:\Windows\System\xckuyPk.exe
  2⤵
  PID:7440
- C:\Windows\System\RxWRlkL.exe
  C:\Windows\System\RxWRlkL.exe
  2⤵
  PID:7324
- C:\Windows\System\uSGzNZN.exe
  C:\Windows\System\uSGzNZN.exe
  2⤵
  PID:6440
- C:\Windows\System\nhjpOEp.exe
  C:\Windows\System\nhjpOEp.exe
  2⤵
  PID:7208
- C:\Windows\System\xazFxcZ.exe
  C:\Windows\System\xazFxcZ.exe
  2⤵
  PID:7520
- C:\Windows\System\hSYOgxV.exe
  C:\Windows\System\hSYOgxV.exe
  2⤵
  PID:7616
- C:\Windows\System\ltlshYA.exe
  C:\Windows\System\ltlshYA.exe
  2⤵
  PID:7776
- C:\Windows\System\dBUcTsy.exe
  C:\Windows\System\dBUcTsy.exe
  2⤵
  PID:7632
- C:\Windows\System\JhBTPnn.exe
  C:\Windows\System\JhBTPnn.exe
  2⤵
  PID:7940
- C:\Windows\System\AfRkhyg.exe
  C:\Windows\System\AfRkhyg.exe
  2⤵
  PID:7984
- C:\Windows\System\NkNJZuq.exe
  C:\Windows\System\NkNJZuq.exe
  2⤵
  PID:7796
- C:\Windows\System\NAoHaoW.exe
  C:\Windows\System\NAoHaoW.exe
  2⤵
  PID:7724
- C:\Windows\System\TygHTmj.exe
  C:\Windows\System\TygHTmj.exe
  2⤵
  PID:7892
- C:\Windows\System\gBZmUbh.exe
  C:\Windows\System\gBZmUbh.exe
  2⤵
  PID:8140
- C:\Windows\System\SWzBoQr.exe
  C:\Windows\System\SWzBoQr.exe
  2⤵
  PID:8168
- C:\Windows\System\LKreazU.exe
  C:\Windows\System\LKreazU.exe
  2⤵
  PID:5948
- C:\Windows\System\ZgYVbBq.exe
  C:\Windows\System\ZgYVbBq.exe
  2⤵
  PID:7240
- C:\Windows\System\YJavNdG.exe
  C:\Windows\System\YJavNdG.exe
  2⤵
  PID:8184
- C:\Windows\System\OptHexY.exe
  C:\Windows\System\OptHexY.exe
  2⤵
  PID:7432
- C:\Windows\System\xLtNwHe.exe
  C:\Windows\System\xLtNwHe.exe
  2⤵
  PID:7000
- C:\Windows\System\YvYIEyW.exe
  C:\Windows\System\YvYIEyW.exe
  2⤵
  PID:7480
- C:\Windows\System\swmCFum.exe
  C:\Windows\System\swmCFum.exe
  2⤵
  PID:7612
- C:\Windows\System\MckwGtT.exe
  C:\Windows\System\MckwGtT.exe
  2⤵
  PID:7516
- C:\Windows\System\NUCViAB.exe
  C:\Windows\System\NUCViAB.exe
  2⤵
  PID:7880
- C:\Windows\System\cbAsajp.exe
  C:\Windows\System\cbAsajp.exe
  2⤵
  PID:1556
- C:\Windows\System\yBAMGiq.exe
  C:\Windows\System\yBAMGiq.exe
  2⤵
  PID:7964
- C:\Windows\System\IHqaiSA.exe
  C:\Windows\System\IHqaiSA.exe
  2⤵
  PID:6700
- C:\Windows\System\slDtaZC.exe
  C:\Windows\System\slDtaZC.exe
  2⤵
  PID:6888
- C:\Windows\System\KSuyKhw.exe
  C:\Windows\System\KSuyKhw.exe
  2⤵
  PID:6644
- C:\Windows\System\gNJCuPm.exe
  C:\Windows\System\gNJCuPm.exe
  2⤵
  PID:7436
- C:\Windows\System\BECLEOp.exe
  C:\Windows\System\BECLEOp.exe
  2⤵
  PID:7596
- C:\Windows\System\CtcYNGA.exe
  C:\Windows\System\CtcYNGA.exe
  2⤵
  PID:7876
- C:\Windows\System\AdMoApT.exe
  C:\Windows\System\AdMoApT.exe
  2⤵
  PID:7428
- C:\Windows\System\JSYnThA.exe
  C:\Windows\System\JSYnThA.exe
  2⤵
  PID:7296
- C:\Windows\System\bthuMWY.exe
  C:\Windows\System\bthuMWY.exe
  2⤵
  PID:7960
- C:\Windows\System\YaKGxzA.exe
  C:\Windows\System\YaKGxzA.exe
  2⤵
  PID:7936
- C:\Windows\System\erBRdbP.exe
  C:\Windows\System\erBRdbP.exe
  2⤵
  PID:8084
- C:\Windows\System\pbLPmCe.exe
  C:\Windows\System\pbLPmCe.exe
  2⤵
  PID:7844
- C:\Windows\System\nZuMTBz.exe
  C:\Windows\System\nZuMTBz.exe
  2⤵
  PID:7572
- C:\Windows\System\ZBoYsCt.exe
  C:\Windows\System\ZBoYsCt.exe
  2⤵
  PID:7684
- C:\Windows\System\uSvikWu.exe
  C:\Windows\System\uSvikWu.exe
  2⤵
  PID:8164
- C:\Windows\System\qTdDfnb.exe
  C:\Windows\System\qTdDfnb.exe
  2⤵
  PID:8216
- C:\Windows\System\BwXeYpO.exe
  C:\Windows\System\BwXeYpO.exe
  2⤵
  PID:8236
- C:\Windows\System\puvPOTh.exe
  C:\Windows\System\puvPOTh.exe
  2⤵
  PID:8260
- C:\Windows\System\JAJJzQF.exe
  C:\Windows\System\JAJJzQF.exe
  2⤵
  PID:8280
- C:\Windows\System\NvdYgpL.exe
  C:\Windows\System\NvdYgpL.exe
  2⤵
  PID:8300
- C:\Windows\System\TdwkEbV.exe
  C:\Windows\System\TdwkEbV.exe
  2⤵
  PID:8316
- C:\Windows\System\ZgOXSnN.exe
  C:\Windows\System\ZgOXSnN.exe
  2⤵
  PID:8336
- C:\Windows\System\OxGOIJK.exe
  C:\Windows\System\OxGOIJK.exe
  2⤵
  PID:8352
- C:\Windows\System\DmdJMTQ.exe
  C:\Windows\System\DmdJMTQ.exe
  2⤵
  PID:8372
- C:\Windows\System\SvLUaIp.exe
  C:\Windows\System\SvLUaIp.exe
  2⤵
  PID:8392
- C:\Windows\System\JIOaITf.exe
  C:\Windows\System\JIOaITf.exe
  2⤵
  PID:8408
- C:\Windows\System\QpLlhvC.exe
  C:\Windows\System\QpLlhvC.exe
  2⤵
  PID:8432
- C:\Windows\System\KgXzDxS.exe
  C:\Windows\System\KgXzDxS.exe
  2⤵
  PID:8468
- C:\Windows\System\zMpNLgD.exe
  C:\Windows\System\zMpNLgD.exe
  2⤵
  PID:8484
- C:\Windows\System\cmlAYcN.exe
  C:\Windows\System\cmlAYcN.exe
  2⤵
  PID:8500
- C:\Windows\System\hzYTFxp.exe
  C:\Windows\System\hzYTFxp.exe
  2⤵
  PID:8524
- C:\Windows\System\CVpsqlO.exe
  C:\Windows\System\CVpsqlO.exe
  2⤵
  PID:8540
- C:\Windows\System\EYOaQvp.exe
  C:\Windows\System\EYOaQvp.exe
  2⤵
  PID:8564
- C:\Windows\System\sGCxmdx.exe
  C:\Windows\System\sGCxmdx.exe
  2⤵
  PID:8588
- C:\Windows\System\csmEhMJ.exe
  C:\Windows\System\csmEhMJ.exe
  2⤵
  PID:8604
- C:\Windows\System\BkyPAfB.exe
  C:\Windows\System\BkyPAfB.exe
  2⤵
  PID:8624
- C:\Windows\System\gxXgZMA.exe
  C:\Windows\System\gxXgZMA.exe
  2⤵
  PID:8652
- C:\Windows\System\EXcHbLa.exe
  C:\Windows\System\EXcHbLa.exe
  2⤵
  PID:8668
- C:\Windows\System\FvHTIxh.exe
  C:\Windows\System\FvHTIxh.exe
  2⤵
  PID:8688
- C:\Windows\System\RaTYGiv.exe
  C:\Windows\System\RaTYGiv.exe
  2⤵
  PID:8712
- C:\Windows\System\rwTjKjK.exe
  C:\Windows\System\rwTjKjK.exe
  2⤵
  PID:8728
- C:\Windows\System\MjdQHVv.exe
  C:\Windows\System\MjdQHVv.exe
  2⤵
  PID:8748
- C:\Windows\System\CCgTGWa.exe
  C:\Windows\System\CCgTGWa.exe
  2⤵
  PID:8768
- C:\Windows\System\UfRmgDx.exe
  C:\Windows\System\UfRmgDx.exe
  2⤵
  PID:8784
- C:\Windows\System\ByYmJlg.exe
  C:\Windows\System\ByYmJlg.exe
  2⤵
  PID:8800
- C:\Windows\System\FtJrJxe.exe
  C:\Windows\System\FtJrJxe.exe
  2⤵
  PID:8820
- C:\Windows\System\zgzkFrb.exe
  C:\Windows\System\zgzkFrb.exe
  2⤵
  PID:8836
- C:\Windows\System\cDqkawI.exe
  C:\Windows\System\cDqkawI.exe
  2⤵
  PID:8852
- C:\Windows\System\vmmxqVf.exe
  C:\Windows\System\vmmxqVf.exe
  2⤵
  PID:8872
- C:\Windows\System\AxkDnlu.exe
  C:\Windows\System\AxkDnlu.exe
  2⤵
  PID:8888
- C:\Windows\System\WKLKzIT.exe
  C:\Windows\System\WKLKzIT.exe
  2⤵
  PID:8912
- C:\Windows\System\kbZPXOB.exe
  C:\Windows\System\kbZPXOB.exe
  2⤵
  PID:8928
- C:\Windows\System\syqwdla.exe
  C:\Windows\System\syqwdla.exe
  2⤵
  PID:8952
- C:\Windows\System\wPjUkGd.exe
  C:\Windows\System\wPjUkGd.exe
  2⤵
  PID:8972
- C:\Windows\System\iWQiCWc.exe
  C:\Windows\System\iWQiCWc.exe
  2⤵
  PID:8996
- C:\Windows\System\ZDcranT.exe
  C:\Windows\System\ZDcranT.exe
  2⤵
  PID:9016
- C:\Windows\System\uRfxjYh.exe
  C:\Windows\System\uRfxjYh.exe
  2⤵
  PID:9036
- C:\Windows\System\taQRdEC.exe
  C:\Windows\System\taQRdEC.exe
  2⤵
  PID:9056
- C:\Windows\System\EntukGZ.exe
  C:\Windows\System\EntukGZ.exe
  2⤵
  PID:9084
- C:\Windows\System\VnqoXgW.exe
  C:\Windows\System\VnqoXgW.exe
  2⤵
  PID:9100
- C:\Windows\System\VvaczTB.exe
  C:\Windows\System\VvaczTB.exe
  2⤵
  PID:9120
- C:\Windows\System\RlgIVtU.exe
  C:\Windows\System\RlgIVtU.exe
  2⤵
  PID:9144
- C:\Windows\System\twHoXvy.exe
  C:\Windows\System\twHoXvy.exe
  2⤵
  PID:9164
- C:\Windows\System\EVpkPSG.exe
  C:\Windows\System\EVpkPSG.exe
  2⤵
  PID:9180
- C:\Windows\System\ixNynLS.exe
  C:\Windows\System\ixNynLS.exe
  2⤵
  PID:9204
- C:\Windows\System\DnssAfB.exe
  C:\Windows\System\DnssAfB.exe
  2⤵
  PID:7276
- C:\Windows\System\qcIVJJg.exe
  C:\Windows\System\qcIVJJg.exe
  2⤵
  PID:8196
- C:\Windows\System\yLQLHFV.exe
  C:\Windows\System\yLQLHFV.exe
  2⤵
  PID:8224
- C:\Windows\System\qigtMYI.exe
  C:\Windows\System\qigtMYI.exe
  2⤵
  PID:8248
- C:\Windows\System\NXsMRht.exe
  C:\Windows\System\NXsMRht.exe
  2⤵
  PID:8276
- C:\Windows\System\DRTfCxp.exe
  C:\Windows\System\DRTfCxp.exe
  2⤵
  PID:8328
- C:\Windows\System\XglDiIE.exe
  C:\Windows\System\XglDiIE.exe
  2⤵
  PID:8380
- C:\Windows\System\dBVteQE.exe
  C:\Windows\System\dBVteQE.exe
  2⤵
  PID:8388
- C:\Windows\System\aXfycuD.exe
  C:\Windows\System\aXfycuD.exe
  2⤵
  PID:8444
- C:\Windows\System\OSAumYg.exe
  C:\Windows\System\OSAumYg.exe
  2⤵
  PID:8464
- C:\Windows\System\aiIpFxE.exe
  C:\Windows\System\aiIpFxE.exe
  2⤵
  PID:8496
- C:\Windows\System\mQzdrFd.exe
  C:\Windows\System\mQzdrFd.exe
  2⤵
  PID:8536
- C:\Windows\System\BNvCLPN.exe
  C:\Windows\System\BNvCLPN.exe
  2⤵
  PID:8552
- C:\Windows\System\AgIDHVS.exe
  C:\Windows\System\AgIDHVS.exe
  2⤵
  PID:8580
- C:\Windows\System\lJommoa.exe
  C:\Windows\System\lJommoa.exe
  2⤵
  PID:8600
- C:\Windows\System\hSOrUvI.exe
  C:\Windows\System\hSOrUvI.exe
  2⤵
  PID:8640
- C:\Windows\System\StVpDsp.exe
  C:\Windows\System\StVpDsp.exe
  2⤵
  PID:8696
- C:\Windows\System\FwkpbLe.exe
  C:\Windows\System\FwkpbLe.exe
  2⤵
  PID:8736
- C:\Windows\System\iApkQsH.exe
  C:\Windows\System\iApkQsH.exe
  2⤵
  PID:8744
- C:\Windows\System\XgzfjBR.exe
  C:\Windows\System\XgzfjBR.exe
  2⤵
  PID:8920
- C:\Windows\System\gyDrjQj.exe
  C:\Windows\System\gyDrjQj.exe
  2⤵
  PID:8968
- C:\Windows\System\ttHhWvy.exe
  C:\Windows\System\ttHhWvy.exe
  2⤵
  PID:8760
- C:\Windows\System\BkzufxS.exe
  C:\Windows\System\BkzufxS.exe
  2⤵
  PID:9004
- C:\Windows\System\HXYBEvS.exe
  C:\Windows\System\HXYBEvS.exe
  2⤵
  PID:8988
- C:\Windows\System\jqUvTVv.exe
  C:\Windows\System\jqUvTVv.exe
  2⤵
  PID:8992
- C:\Windows\System\LwJGNar.exe
  C:\Windows\System\LwJGNar.exe
  2⤵
  PID:8944
- C:\Windows\System\WAcfMhY.exe
  C:\Windows\System\WAcfMhY.exe
  2⤵
  PID:9044
- C:\Windows\System\bFFMQIv.exe
  C:\Windows\System\bFFMQIv.exe
  2⤵
  PID:9028
- C:\Windows\System\FmrnRpI.exe
  C:\Windows\System\FmrnRpI.exe
  2⤵
  PID:9096
- C:\Windows\System\vTJTMRK.exe
  C:\Windows\System\vTJTMRK.exe
  2⤵
  PID:9140
- C:\Windows\System\krwzXpt.exe
  C:\Windows\System\krwzXpt.exe
  2⤵
  PID:7912
- C:\Windows\System\VCKCUOa.exe
  C:\Windows\System\VCKCUOa.exe
  2⤵
  PID:8200
- C:\Windows\System\fDCeMGz.exe
  C:\Windows\System\fDCeMGz.exe
  2⤵
  PID:8360
- C:\Windows\System\qjoLvth.exe
  C:\Windows\System\qjoLvth.exe
  2⤵
  PID:9188
- C:\Windows\System\zFEMGRk.exe
  C:\Windows\System\zFEMGRk.exe
  2⤵
  PID:8368
- C:\Windows\System\SwhrWDg.exe
  C:\Windows\System\SwhrWDg.exe
  2⤵
  PID:8252
- C:\Windows\System\qOEprkc.exe
  C:\Windows\System\qOEprkc.exe
  2⤵
  PID:8440
- C:\Windows\System\icDEtUw.exe
  C:\Windows\System\icDEtUw.exe
  2⤵
  PID:8480
- C:\Windows\System\tktQXOM.exe
  C:\Windows\System\tktQXOM.exe
  2⤵
  PID:8616
- C:\Windows\System\lgvlJpO.exe
  C:\Windows\System\lgvlJpO.exe
  2⤵
  PID:8684
- C:\Windows\System\fYOMsEr.exe
  C:\Windows\System\fYOMsEr.exe
  2⤵
  PID:8532
- C:\Windows\System\eDdyPJe.exe
  C:\Windows\System\eDdyPJe.exe
  2⤵
  PID:8632
- C:\Windows\System\cfoqlVw.exe
  C:\Windows\System\cfoqlVw.exe
  2⤵
  PID:8508
- C:\Windows\System\HrvNNJc.exe
  C:\Windows\System\HrvNNJc.exe
  2⤵
  PID:8924
- C:\Windows\System\FYToVPu.exe
  C:\Windows\System\FYToVPu.exe
  2⤵
  PID:8832
- C:\Windows\System\OAXZdmX.exe
  C:\Windows\System\OAXZdmX.exe
  2⤵
  PID:8984
- C:\Windows\System\WAvBRoV.exe
  C:\Windows\System\WAvBRoV.exe
  2⤵
  PID:8792
- C:\Windows\System\SCSzhhP.exe
  C:\Windows\System\SCSzhhP.exe
  2⤵
  PID:9024
- C:\Windows\System\cBDNERx.exe
  C:\Windows\System\cBDNERx.exe
  2⤵
  PID:9112
- C:\Windows\System\XOVTVQh.exe
  C:\Windows\System\XOVTVQh.exe
  2⤵
  PID:9172
- C:\Windows\System\uzorcud.exe
  C:\Windows\System\uzorcud.exe
  2⤵
  PID:9212
- C:\Windows\System\ipVJXJz.exe
  C:\Windows\System\ipVJXJz.exe
  2⤵
  PID:8296
- C:\Windows\System\dRdOMJJ.exe
  C:\Windows\System\dRdOMJJ.exe
  2⤵
  PID:8384
- C:\Windows\System\MiRvLKF.exe
  C:\Windows\System\MiRvLKF.exe
  2⤵
  PID:8400
- C:\Windows\System\UtylXOJ.exe
  C:\Windows\System\UtylXOJ.exe
  2⤵
  PID:8548
- C:\Windows\System\DHCuCwy.exe
  C:\Windows\System\DHCuCwy.exe
  2⤵
  PID:9176
- C:\Windows\System\csKrPvT.exe
  C:\Windows\System\csKrPvT.exe
  2⤵
  PID:8556
- C:\Windows\System\nExFIUo.exe
  C:\Windows\System\nExFIUo.exe
  2⤵
  PID:8816
- C:\Windows\System\YRcKzOF.exe
  C:\Windows\System\YRcKzOF.exe
  2⤵
  PID:8964
- C:\Windows\System\siqGYfY.exe
  C:\Windows\System\siqGYfY.exe
  2⤵
  PID:8796
- C:\Windows\System\vIhrHKf.exe
  C:\Windows\System\vIhrHKf.exe
  2⤵
  PID:9068
- C:\Windows\System\Hkvofkj.exe
  C:\Windows\System\Hkvofkj.exe
  2⤵
  PID:8780
- C:\Windows\System\FZqCFRP.exe
  C:\Windows\System\FZqCFRP.exe
  2⤵
  PID:8272
- C:\Windows\System\dsdMjFc.exe
  C:\Windows\System\dsdMjFc.exe
  2⤵
  PID:8324
- C:\Windows\System\AWWkjDi.exe
  C:\Windows\System\AWWkjDi.exe
  2⤵
  PID:8452
- C:\Windows\System\RfFIVCp.exe
  C:\Windows\System\RfFIVCp.exe
  2⤵
  PID:8704
- C:\Windows\System\hDRQWPE.exe
  C:\Windows\System\hDRQWPE.exe
  2⤵
  PID:8808
- C:\Windows\System\ZViVYNY.exe
  C:\Windows\System\ZViVYNY.exe
  2⤵
  PID:8884
- C:\Windows\System\xPRsMsN.exe
  C:\Windows\System\xPRsMsN.exe
  2⤵
  PID:8980
- C:\Windows\System\XTkxuRr.exe
  C:\Windows\System\XTkxuRr.exe
  2⤵
  PID:9160
- C:\Windows\System\TNmvphG.exe
  C:\Windows\System\TNmvphG.exe
  2⤵
  PID:7848
- C:\Windows\System\LQAnXOg.exe
  C:\Windows\System\LQAnXOg.exe
  2⤵
  PID:8720
- C:\Windows\System\btAywec.exe
  C:\Windows\System\btAywec.exe
  2⤵
  PID:8724
- C:\Windows\System\JFmzArK.exe
  C:\Windows\System\JFmzArK.exe
  2⤵
  PID:9128
- C:\Windows\System\ZGwyGha.exe
  C:\Windows\System\ZGwyGha.exe
  2⤵
  PID:8344
- C:\Windows\System\IXMnQcN.exe
  C:\Windows\System\IXMnQcN.exe
  2⤵
  PID:8664
- C:\Windows\System\VqsTtVt.exe
  C:\Windows\System\VqsTtVt.exe
  2⤵
  PID:9052
- C:\Windows\System\PsrjYRy.exe
  C:\Windows\System\PsrjYRy.exe
  2⤵
  PID:8308
- C:\Windows\System\jjzBQbx.exe
  C:\Windows\System\jjzBQbx.exe
  2⤵
  PID:8848
- C:\Windows\System\WDCvaIO.exe
  C:\Windows\System\WDCvaIO.exe
  2⤵
  PID:9256
- C:\Windows\System\WTORdeK.exe
  C:\Windows\System\WTORdeK.exe
  2⤵
  PID:9276
- C:\Windows\System\wkfFmIZ.exe
  C:\Windows\System\wkfFmIZ.exe
  2⤵
  PID:9296
- C:\Windows\System\AzWEjvj.exe
  C:\Windows\System\AzWEjvj.exe
  2⤵
  PID:9324
- C:\Windows\System\icdgzFb.exe
  C:\Windows\System\icdgzFb.exe
  2⤵
  PID:9340
- C:\Windows\System\QBiWCah.exe
  C:\Windows\System\QBiWCah.exe
  2⤵
  PID:9356
- C:\Windows\System\ReVPjly.exe
  C:\Windows\System\ReVPjly.exe
  2⤵
  PID:9376
- C:\Windows\System\pvFsTiJ.exe
  C:\Windows\System\pvFsTiJ.exe
  2⤵
  PID:9392
- C:\Windows\System\sIeOwOf.exe
  C:\Windows\System\sIeOwOf.exe
  2⤵
  PID:9412
- C:\Windows\System\jgWxnlh.exe
  C:\Windows\System\jgWxnlh.exe
  2⤵
  PID:9428
- C:\Windows\System\NTkcCDy.exe
  C:\Windows\System\NTkcCDy.exe
  2⤵
  PID:9468
- C:\Windows\System\KyrKghJ.exe
  C:\Windows\System\KyrKghJ.exe
  2⤵
  PID:9488
- C:\Windows\System\SOjMmnB.exe
  C:\Windows\System\SOjMmnB.exe
  2⤵
  PID:9504
- C:\Windows\System\HIKpMaq.exe
  C:\Windows\System\HIKpMaq.exe
  2⤵
  PID:9520
- C:\Windows\System\RqUaxaz.exe
  C:\Windows\System\RqUaxaz.exe
  2⤵
  PID:9544
- C:\Windows\System\YqTHJqR.exe
  C:\Windows\System\YqTHJqR.exe
  2⤵
  PID:9560
- C:\Windows\System\mGHqLWi.exe
  C:\Windows\System\mGHqLWi.exe
  2⤵
  PID:9576
- C:\Windows\System\fQRcXZf.exe
  C:\Windows\System\fQRcXZf.exe
  2⤵
  PID:9592
- C:\Windows\System\CuBcNsH.exe
  C:\Windows\System\CuBcNsH.exe
  2⤵
  PID:9608
- C:\Windows\System\iosUOjq.exe
  C:\Windows\System\iosUOjq.exe
  2⤵
  PID:9624
- C:\Windows\System\vnmfIpR.exe
  C:\Windows\System\vnmfIpR.exe
  2⤵
  PID:9644
- C:\Windows\System\ALyStBe.exe
  C:\Windows\System\ALyStBe.exe
  2⤵
  PID:9668
- C:\Windows\System\Evszkqo.exe
  C:\Windows\System\Evszkqo.exe
  2⤵
  PID:9692
- C:\Windows\System\DlxFNUX.exe
  C:\Windows\System\DlxFNUX.exe
  2⤵
  PID:9708
- C:\Windows\System\rikWXTx.exe
  C:\Windows\System\rikWXTx.exe
  2⤵
  PID:9724
- C:\Windows\System\tKbZSyU.exe
  C:\Windows\System\tKbZSyU.exe
  2⤵
  PID:9744
- C:\Windows\System\xQdaZTj.exe
  C:\Windows\System\xQdaZTj.exe
  2⤵
  PID:9768
- C:\Windows\System\cpYlebg.exe
  C:\Windows\System\cpYlebg.exe
  2⤵
  PID:9784
- C:\Windows\System\okqeSaX.exe
  C:\Windows\System\okqeSaX.exe
  2⤵
  PID:9800
- C:\Windows\System\KJGhthZ.exe
  C:\Windows\System\KJGhthZ.exe
  2⤵
  PID:9828
- C:\Windows\System\lvhBAKn.exe
  C:\Windows\System\lvhBAKn.exe
  2⤵
  PID:9864
- C:\Windows\System\rAvXYCr.exe
  C:\Windows\System\rAvXYCr.exe
  2⤵
  PID:9880
- C:\Windows\System\KTjZvgr.exe
  C:\Windows\System\KTjZvgr.exe
  2⤵
  PID:9900
- C:\Windows\System\gWWLmnJ.exe
  C:\Windows\System\gWWLmnJ.exe
  2⤵
  PID:9916
- C:\Windows\System\HOQsbXN.exe
  C:\Windows\System\HOQsbXN.exe
  2⤵
  PID:9932
- C:\Windows\System\woYesdN.exe
  C:\Windows\System\woYesdN.exe
  2⤵
  PID:9956
- C:\Windows\System\edLaJip.exe
  C:\Windows\System\edLaJip.exe
  2⤵
  PID:9988
- C:\Windows\System\sSZnvNp.exe
  C:\Windows\System\sSZnvNp.exe
  2⤵
  PID:10004
- C:\Windows\System\qxEKvOD.exe
  C:\Windows\System\qxEKvOD.exe
  2⤵
  PID:10020
- C:\Windows\System\xswfpkl.exe
  C:\Windows\System\xswfpkl.exe
  2⤵
  PID:10040
- C:\Windows\System\FAICoza.exe
  C:\Windows\System\FAICoza.exe
  2⤵
  PID:10068
- C:\Windows\System\yzwxtDq.exe
  C:\Windows\System\yzwxtDq.exe
  2⤵
  PID:10088
- C:\Windows\System\sBBGeQy.exe
  C:\Windows\System\sBBGeQy.exe
  2⤵
  PID:10116
- C:\Windows\System\CIIvTQU.exe
  C:\Windows\System\CIIvTQU.exe
  2⤵
  PID:10140
- C:\Windows\System\xlLlKxh.exe
  C:\Windows\System\xlLlKxh.exe
  2⤵
  PID:10160
- C:\Windows\System\JVrAQfp.exe
  C:\Windows\System\JVrAQfp.exe
  2⤵
  PID:10176
- C:\Windows\System\VNprKwv.exe
  C:\Windows\System\VNprKwv.exe
  2⤵
  PID:10192
- C:\Windows\System\tiigjWK.exe
  C:\Windows\System\tiigjWK.exe
  2⤵
  PID:10212
- C:\Windows\System\RhcpBma.exe
  C:\Windows\System\RhcpBma.exe
  2⤵
  PID:9268
- C:\Windows\System\QlfkaxU.exe
  C:\Windows\System\QlfkaxU.exe
  2⤵
  PID:9220
- C:\Windows\System\bnndlSk.exe
  C:\Windows\System\bnndlSk.exe
  2⤵
  PID:9228
- C:\Windows\System\olTMIZq.exe
  C:\Windows\System\olTMIZq.exe
  2⤵
  PID:9272
- C:\Windows\System\HRLGgce.exe
  C:\Windows\System\HRLGgce.exe
  2⤵
  PID:9316
- C:\Windows\System\KiwDlgs.exe
  C:\Windows\System\KiwDlgs.exe
  2⤵
  PID:9352
- C:\Windows\System\rvvWtaA.exe
  C:\Windows\System\rvvWtaA.exe
  2⤵
  PID:9364
- C:\Windows\System\PvipNwG.exe
  C:\Windows\System\PvipNwG.exe
  2⤵
  PID:9408
- C:\Windows\System\ZlzQKkT.exe
  C:\Windows\System\ZlzQKkT.exe
  2⤵
  PID:9440
- C:\Windows\System\CmlQAAy.exe
  C:\Windows\System\CmlQAAy.exe
  2⤵
  PID:9484
- C:\Windows\System\HgQOLLy.exe
  C:\Windows\System\HgQOLLy.exe
  2⤵
  PID:9496
- C:\Windows\System\TFJnSmz.exe
  C:\Windows\System\TFJnSmz.exe
  2⤵
  PID:9572
- C:\Windows\System\gORKVcS.exe
  C:\Windows\System\gORKVcS.exe
  2⤵
  PID:9588
- C:\Windows\System\POObtvE.exe
  C:\Windows\System\POObtvE.exe
  2⤵
  PID:9584
- C:\Windows\System\XybDFFG.exe
  C:\Windows\System\XybDFFG.exe
  2⤵
  PID:9660
- C:\Windows\System\jqNCMVD.exe
  C:\Windows\System\jqNCMVD.exe
  2⤵
  PID:9704
- C:\Windows\System\IKMqPWQ.exe
  C:\Windows\System\IKMqPWQ.exe
  2⤵
  PID:9688
- C:\Windows\System\ZSnejzV.exe
  C:\Windows\System\ZSnejzV.exe
  2⤵
  PID:9760
- C:\Windows\System\lMtXvQV.exe
  C:\Windows\System\lMtXvQV.exe
  2⤵
  PID:9808
- C:\Windows\System\CQBPwTi.exe
  C:\Windows\System\CQBPwTi.exe
  2⤵
  PID:9792
- C:\Windows\System\zRjWkDm.exe
  C:\Windows\System\zRjWkDm.exe
  2⤵
  PID:9844
- C:\Windows\System\gnyFQDf.exe
  C:\Windows\System\gnyFQDf.exe
  2⤵
  PID:9908
- C:\Windows\System\ZqhofAF.exe
  C:\Windows\System\ZqhofAF.exe
  2⤵
  PID:9996
- C:\Windows\System\QxfbHJu.exe
  C:\Windows\System\QxfbHJu.exe
  2⤵
  PID:9892
- C:\Windows\System\ZfniHyY.exe
  C:\Windows\System\ZfniHyY.exe
  2⤵
  PID:9976
- C:\Windows\System\WTzMUzZ.exe
  C:\Windows\System\WTzMUzZ.exe
  2⤵
  PID:10028
- C:\Windows\System\NmCXgHG.exe
  C:\Windows\System\NmCXgHG.exe
  2⤵
  PID:10032
- C:\Windows\System\LurwTau.exe
  C:\Windows\System\LurwTau.exe
  2⤵
  PID:10056
- C:\Windows\System\LkWZFsB.exe
  C:\Windows\System\LkWZFsB.exe
  2⤵
  PID:10104
- C:\Windows\System\RAzWnbI.exe
  C:\Windows\System\RAzWnbI.exe
  2⤵
  PID:10148
- C:\Windows\System\ruxxVHY.exe
  C:\Windows\System\ruxxVHY.exe
  2⤵
  PID:10204
- C:\Windows\System\rQBkPKL.exe
  C:\Windows\System\rQBkPKL.exe
  2⤵
  PID:10188
- C:\Windows\System\AhrphRV.exe
  C:\Windows\System\AhrphRV.exe
  2⤵
  PID:10236
- C:\Windows\System\PhnYWfg.exe
  C:\Windows\System\PhnYWfg.exe
  2⤵
  PID:9232
- C:\Windows\System\NlmNrln.exe
  C:\Windows\System\NlmNrln.exe
  2⤵
  PID:9292
- C:\Windows\System\lehIRmE.exe
  C:\Windows\System\lehIRmE.exe
  2⤵
  PID:9384
- C:\Windows\System\yaLQXpv.exe
  C:\Windows\System\yaLQXpv.exe
  2⤵
  PID:9424
- C:\Windows\System\LWOiWDj.exe
  C:\Windows\System\LWOiWDj.exe
  2⤵
  PID:9464
- C:\Windows\System\zQjSawL.exe
  C:\Windows\System\zQjSawL.exe
  2⤵
  PID:9536
- C:\Windows\System\jXqMLBr.exe
  C:\Windows\System\jXqMLBr.exe
  2⤵
  PID:9556
- C:\Windows\System\uOKDAJl.exe
  C:\Windows\System\uOKDAJl.exe
  2⤵
  PID:9636
- C:\Windows\System\yTrntNo.exe
  C:\Windows\System\yTrntNo.exe
  2⤵
  PID:9680
- C:\Windows\System\CFBvwfa.exe
  C:\Windows\System\CFBvwfa.exe
  2⤵
  PID:9720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BldalqK.exe

Filesize
6.0MB

MD5
ecbba2175e4c0102ba77a5cc7ff29542

SHA1
38f8b792093932e831d616be08edceb13e52ac4e

SHA256
895cd343f90a7f8ed947f322c1b74894e85679305008afecfff9ea584fe7a74f

SHA512
2a7a3f17453c5b8684ec165a959c1b48fe0faae5bccbca95dd149653692c5309362d4ff6db31b566ff580d963a7f8028e81383eb22c8876614f9f8a8430a0716

Download Submit
C:\Windows\system\CSBgYlC.exe

Filesize
6.0MB

MD5
314fe2cb98d7bd2386d0fd4ddfe84fb0

SHA1
f63db2d69e9c7f5ec9dece62c1d99211f1f4f5af

SHA256
76c20c63473754f97b33f82d35c1de1ccb978012a11a0f5127140a885aa127a4

SHA512
4238bd07b9f31be81d38b9109a809dca1855003449da31e662a09fc27b402568d1653a2079b5e6eb7b608e44981e33aaf3fae49146d8792a04de59313ebd9baf

Download Submit
C:\Windows\system\DDqBpdu.exe

Filesize
6.0MB

MD5
f76a22fe805db9af2792fb6b42b05be0

SHA1
7fa1069922e67e42cb8dccdf19d07a8ba244eaa3

SHA256
4e4513b7feead9de888fc15f27188b5c5833695d4fc19753b5d58ef08624fc98

SHA512
f3c7754a4d88523276275aed5a6577cb7a16ce605d703786944cf5f74c954d7c5993b35903e3b79190598d3e49382b5322741df9526862342901dac2c4aed51b

Download Submit
C:\Windows\system\EFpwYsa.exe

Filesize
6.0MB

MD5
e0c8aca29f173681ae25b685a4f77cec

SHA1
4b3c273a61935c2f259b84e01ebb593d110e7d35

SHA256
238e13e3bb8070abfe8cafc93371142a6e29fdf56b8d8766c720f7bd1aeb7a33

SHA512
78f59f88839395769d35a4cb3c8ed6ad6d39ea5a7ecef10cded98f8bfa6ad756a0ece6c139c30e940d6babb7fa822ef9d00f4f2291bafd7384d5a01c00f15eb8

Download Submit
C:\Windows\system\FCSaiiv.exe

Filesize
6.0MB

MD5
e2570c26591ba9245a62a38a598f5ccb

SHA1
371ab957a1bcdace2c0133ec06a10407a1df0105

SHA256
a344092c69154429e40a834c426dd4edfc0b2adadd5ad576a621c35f16b69d23

SHA512
195886da46e05c680e4622ffc6ea0a4ccd1980d29e71527a002e108777504ffd45339a93bfced04a4b45070f4b562be76f388afbdf28262a40bb8f1e89987f18

Download Submit
C:\Windows\system\HhpvHNC.exe

Filesize
6.0MB

MD5
fe02da0609b51e6f3288560081e5fb11

SHA1
1ede38b73813bf44557906a29e420ad3b726e638

SHA256
4583d0a4803f0331c5f866ff64bf181e58df4246536bec2db40a33615b8dfaa3

SHA512
475884a65e0d006ce3a8f556dec6fd034c47a7bd4f4693df6e0ee4a9ee9c8b81f00dad113b5218a103a9c3c23e87fee8e7c91249d5b3e801b0bec17d451b96b5

Download Submit
C:\Windows\system\JjeOeRC.exe

Filesize
6.0MB

MD5
3e6c0c122b96b53151b7a0cc8f9f1c76

SHA1
234493f1ed6a2447ccd982e74806916bc1b09602

SHA256
11f235937e5cf162a39fe9b5a38e5fffd8e0b52cea9cdadfd5339ae5a02dc070

SHA512
7bad94a66feb0e4857e3371119c4182dee77d39be87bea3137fa9665442093c810fb41ca44f6da627f0a866ab7eaf0dfc11294ad0f1b6697b6235b387940cefe

Download Submit
C:\Windows\system\NBWSvVH.exe

Filesize
6.0MB

MD5
62c129a4f9b0fb838ced8b0b8a450d53

SHA1
feb05dcf77a9186fb54c620b9b7fcab5750d7b5d

SHA256
d407bab2ebff61e0a37abe384a38939433a6d76a01df8c6edcd46d023fccbe60

SHA512
b28cebde7e84d25ef93fc63d18dcda6e662daceb66ce139214498b9ab59699f44a39fd1995640227452dc4604544759b0ba4b9777151e89435315e3f5260b87c

Download Submit
C:\Windows\system\RZjPtaY.exe

Filesize
6.0MB

MD5
a1df1e4f51a63da972510baf87d7844a

SHA1
1cb1ef220a5bfda2412ed8e02c00294b36c4d094

SHA256
188de3d3694ae2cd213bd48c819ab517376b7a8cbd5336f325a99f63fb08b2fa

SHA512
b483deac84c31133ff3e2e460df214cde0937231dbb7848d37b70cd4d8cbbaa2b045487904ec5f63b0ab8443be207ef3a9fcf034129e47e31acac61b14d9beba

Download Submit
C:\Windows\system\SmFbZNv.exe

Filesize
6.0MB

MD5
50b37ca0ecbfb3157896d33d2445a935

SHA1
f9348748b7debe112e8e77ccb299b6ec92b0e6de

SHA256
6d3e7bea22475b481b469d4ea2df53547c45f3e22b5902b9e9dd718f3892ff83

SHA512
8fba2775236a0e255978acf3870873552e2eb5d71d766c1387299632aabda4fd96e05f1c6103c20b6bcf09d8afebde0b3cbd192031bc484a44a0ae8446a085a9

Download Submit
C:\Windows\system\VTTgWKn.exe

Filesize
6.0MB

MD5
9c80d68dcab1bc5d70211690ce81f3d3

SHA1
2637af75bb1e9de9e7d25563fb64f8ad748f0acb

SHA256
fdd9cb1aacaf2cf469ab4498519e6d91dfc8ed61cd216f158f722d25d25058d9

SHA512
23e34f729c8069c7740679109b54b97557b8e6227dcb726736645de4a08bde2f6e27d793b2462fb5e4b6d6ba2c1e910daee1efcea7c44e504d09eddd15fd40d4

Download Submit
C:\Windows\system\VptLjkK.exe

Filesize
6.0MB

MD5
a2bb531c8df4eb9413d861e0278dad4c

SHA1
1d639cc6008172300300dd7f5ccbfd97f006760b

SHA256
e908cfd01d5fc299ba3fec2b6952897569d4033fe03324a613c6052a907e4f33

SHA512
fe5097fab7b36ee440bdc0a07afcf0134fdb60390c920d1cea5b1ec33e7af312bf8f3aa4af792463052ede95c6dc5eecb4cbe3a28055d5998b24d7f31f0a33c8

Download Submit
C:\Windows\system\WjvBNEp.exe

Filesize
6.0MB

MD5
effa79b9515fa8247405256c93937f5f

SHA1
764bbcd60814ec65f01b83abc392f30939c6e77e

SHA256
69ae05c04d25c49299bb5960c01790030b9370bad84ac9d3ad35937d09e3325f

SHA512
d2b18c9fd31b5ddb4349f06809e697bf86fa40820491370a411e9777fb9fb1cd2c1395d3cac6e0fea7ae06cc7f50e396a1919b9562ff099c47fecddaab920554

Download Submit
C:\Windows\system\XsTMCcg.exe

Filesize
6.0MB

MD5
f0daf5ad8ae97e87535aef6978109338

SHA1
57df82709e2791341392d8d10d2478a2d450f388

SHA256
ec9e1b92ab7ee30ac925004301cc421febeb6c1cce1ee8f52c255516191b5bdd

SHA512
059aa5764068f1eb1b43af387c2df078713341aab22c1d3abcdc704aed3844a8b86c4d53b685807586fb1cba47113e5a1ffe9b6e99b86c00bdfe2cafe0841cef

Download Submit
C:\Windows\system\ZnZgWby.exe

Filesize
6.0MB

MD5
240805cdac088a7e7dd12a2c30d21347

SHA1
265e1ed89e55e08134c0aff788d822aad714d8f8

SHA256
3f332780c1457c16a8ec8ee16ec523cd37360eead8fe98709dc6d9e66971f89c

SHA512
71771b2e7dfa7430f7e783509d0c4c84393407a7f87b1d085365edc1e1c6793656526a1766afd2b6a82c552895ea4d51191fd2960f0d08c1b9b1a42d549de5d2

Download Submit
C:\Windows\system\ZndsfCT.exe

Filesize
6.0MB

MD5
216696b7925c620970983a8f6c5f1b6e

SHA1
6dc0ed31eb4f5d378bae298935e3715433fb1962

SHA256
e1c4ae18477d9959ec0c1b73e0cd782a926e70c20e62a277e5921d7f80ac7f1d

SHA512
b99129d0504d5d7e1574d3e4e580bd901ac749c91e9fd051860393ef7ba569f45d3c10bb9d10fa27d4f83ec57fc507b25550d02ec37b042047cd3f1d4668f05d

Download Submit
C:\Windows\system\bpzuLAP.exe

Filesize
6.0MB

MD5
dc32e66cf0f38208b4e190f1890cc7d6

SHA1
9b1d80e191304d20c67d49ebb2ccbef67c86d3ca

SHA256
47a525046ff7ac429e2575e520324c39fe64e25301ee285978a9a54808117256

SHA512
8a9c78b027cc4ef4b595bad14f6047a613be217bf29c90ab4602af2dddc05c5463135c2827776f73fddd845e3d26a0252e08b23020f52d5bfea3377942db8bde

Download Submit
C:\Windows\system\cLlAkUV.exe

Filesize
6.0MB

MD5
a3511ba85a8849f5a13956f5015919d9

SHA1
2f2b3f988a0803bb0b44311b30def5352af3b7e0

SHA256
e11477ef8c179a2997a2ee255cd52c639d1c9f38b62c8796cac99dcddf107798

SHA512
4686187403db64f6f6efca304c1722e0cf32cdd41e6730161a57c1fbb02c2dcf95bccd119186f475be0a96bb2f0a602e3fe9d0c6aa97114b7230f15bc5dc1c95

Download Submit
C:\Windows\system\fakAyOd.exe

Filesize
6.0MB

MD5
6686761c3740be227f6090dcbaa41ba8

SHA1
05d9e77e73fac4f4209951d0ad8be6a333b4431f

SHA256
88436c935391bf913a0553272c824a9fcd952d25eece3d801ef969cce376f3c4

SHA512
fb4e1324420c5645551edd3d1e76950e5274145dff540b416b25a30f7fb8925959e1103ac769f38ac40cdecae05b8ec1fee0b2adc93a49fe14b84c80c4865c2b

Download Submit
C:\Windows\system\gCbtIZB.exe

Filesize
6.0MB

MD5
1fc510fbd1b53b87a54be0df300188f2

SHA1
eff955a39ca532e394292460d6aa9f0e19b22e4c

SHA256
78584b7e76d4f183a27db200fdff438574311e5f672a060561182453dacd4b53

SHA512
d943e4935e7593f91865a340cc6b6dafcfa61583bfacc28f938cfb0e81538b0cca4f4d849e4d627fec11d5632373afef58607c6e5cedc2f9383061620a8a449a

Download Submit
C:\Windows\system\kuGPmcY.exe

Filesize
6.0MB

MD5
dc67b6e183096ff078c054e101977678

SHA1
25694c0c9886958a58e871109d32df2145a8910a

SHA256
414f9109b37ca8589702cce6e19c17ee773b388a59e36028bf31176f0d32f23f

SHA512
5a0b1da265040ece1e2f3c10956e23ebcfa339ab62558c6872a835d453e3fdf702e23d33f161c0d7e9d9ab595f58a27747a3acc17f0737e05ee07f3355487757

Download Submit
C:\Windows\system\nHUNbAu.exe

Filesize
6.0MB

MD5
37e916d1affc5506025de464d56a3efd

SHA1
4e3271bab779b1aab575bb09753db2640eb7c4a0

SHA256
468979c27646f6effb6bcdecf850bbb65fe0aea199add92ac74491586fb99bf9

SHA512
712d2d4c22c68552ee855ecc47b191b21315d3eed9f8ef8eb478ab1baacdffd0764e08874b59cca2797bfc9f95f3cea99fe23b0f5d2e14678bb89281ff6dbbc4

Download Submit
C:\Windows\system\pIGigPn.exe

Filesize
6.0MB

MD5
c14668439b40b349ddce2144ea5e185c

SHA1
70df2e696fb04813744d2c9c4423a307a4af27ea

SHA256
b1443163174443e0e7b86e8ebec0ff6d0c568297974bb7bc514be0ba5d0ad5b6

SHA512
d161659280b30a17e136fee30715567fe2fe4fc7b76420f16f9a994a8f191fbc86ba8b9925e6c1ad8f0a928080fadc0e8b97d443c8050b7c3e3dea47ee314907

Download Submit
C:\Windows\system\wWwnOwO.exe

Filesize
6.0MB

MD5
7034523968dec4e61e8f8e7830e29e30

SHA1
8bf4df88d9660d012a0be2b5dce3a9fcebdb2a6d

SHA256
ae88f1a38ab684c53289c8b0b2c6c2db8dc57e37ad38ce574e99d0dd996ab3dc

SHA512
570298c73d3c052ce975d0bdb364f30a1b4a213b69cc4e6049c2b4ce9ddf773c1b4cc5216384b662d99d1c564681756e365b254be4299fd26a6d20a1f3cb961a

Download Submit
C:\Windows\system\zCEXfRV.exe

Filesize
6.0MB

MD5
c0e93a78d813898b240613b003fefcab

SHA1
1ea53e5d8f43ac7b865b0769700a5000d60b92b1

SHA256
3feb44c955bb8c9aebb6c0a13ea05ae01749980fbc79ed819cf916538d61284e

SHA512
f421b9e864a82da14e05fbbdd57aafc2ff689a712e7f426b346e8a04b050d0f50ba47c02eca2f195f64f95d8da1dc62fa67d305d117a8676bd98c4586526c559

Download Submit
C:\Windows\system\zEImSYB.exe

Filesize
6.0MB

MD5
e2c0e2f04a1090a424805e867dd63c44

SHA1
25655b49b46f878d8813f541c1bb8f7f81f2854d

SHA256
12d6b5e61b98bad288bf0065df46ca75da67abffd03e073bedfc235373b2a696

SHA512
6852272536befb4337740eec2bf3cbe82458878d88cc77a7be133be8c6b21550841fd0d38f408c41e470a181846fdee765bb493de2a96d63e9bf2e900baf2689

Download Submit
\Windows\system\JiNarKi.exe

Filesize
6.0MB

MD5
f9db0e650c5ab47f2aee7210c8785489

SHA1
6876b009cda1a1e1405cebd4570e9cb39dd2a5e1

SHA256
dd04af52b50ac6f6f9c1171501b788076fb127547d7e3e47011f8c04be7241c8

SHA512
88e4321c6d25bbc9fc82473b68641f236e900aab9555e8073b98b10ccc7f436bfba9cfd87b12cc77907c41ffc345b73e6b01c6c2edc85b30c0b3fcd472ab6b9b

Download Submit
\Windows\system\SLSXnLX.exe

Filesize
6.0MB

MD5
79a189880e34c9f02f2db96331bdc06e

SHA1
e0d6903bbdcad286e81880cd6801101aa6eb6fe8

SHA256
32070fa03860406ed6803b6bdd03da010b276ca8dce53a1ddb92ad84d11b0b5a

SHA512
d7b4d7ceaf8f3e4ae4a7b627601347415d7c602e3fa423a6689dd9f7e795d1af7f41dd162bcaceecc5753838cfa06307e7ac3c4d090957eb69c2b3d692430757

Download Submit
\Windows\system\TOMQzxD.exe

Filesize
6.0MB

MD5
26b49147e0e70f42c49e8dc2fdf039e1

SHA1
05f317648c879a35b285f4f5114fcd0ca2e3c2aa

SHA256
da9e2102e62b3f32d47696b4e8c47a2233a25d527eec7f74ab28943cddccbea6

SHA512
ed3e7531db9d7117c624af855fa71253e2c68faa8be11215bc2a35690ae68db30b2820eb8c2c4bee1f70183ab6d8a968f71f0cfb19bcd8b1a145e1b69528523e

Download Submit
\Windows\system\dezmlQG.exe

Filesize
6.0MB

MD5
e3b0464969d1940be40b6ce580a8bd26

SHA1
6070405d8e2d9fce9999ce2b420007a1f1838d0d

SHA256
fb07b4438b2d8a81a89fa4d1f5be76f92f6bdf270d8d5c1a8c5f742611271d9c

SHA512
9ebbbc51e94571ac742c773c4ecf9604da442816441cb28e6921910ec2d33581bed5a58367fda64e6d7689a1e7621bcc652589f52a4b48f0982f8efb26ed5ace

Download Submit
\Windows\system\fQhxHja.exe

Filesize
6.0MB

MD5
86506d0da15131fd8ef80f2fc8823d3a

SHA1
ea3ff779b832153f9e21ec021f40f6c2b0a99797

SHA256
9405d01d618b99f4e7c7ffea9e20b2db575b5d8384f5af3b76985830b6c29994

SHA512
5450ae91f60fafe6f901ec2a7fc4a354d8358a49813964595ffa66a9b22085b3c705b89069cb56575cb9a74cdeafa3827c4751cbcb1e3db2109be3ea469d6224

Download Submit
\Windows\system\ftgpGbX.exe

Filesize
6.0MB

MD5
cd760d691c3f194bdc6d516634960655

SHA1
13bc1ecd831dad2e63ccd056b85cfb9ec137ba22

SHA256
5fab6523fb7e772e84d442c35f6ba388de7221242d902c9cfcb3d26d6d0f6327

SHA512
a75ac7ca141f85d3b5b3499f4e9f811bcb3c3f80cf1efc244be401327aa0e56568e307fe65b93673a05b748a5d2129526a52a5028d2f97ead7d7c719ce883c61

Download Submit
memory/348-15-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/348-3961-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/348-61-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/484-94-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/484-4022-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/484-33-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/824-4030-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/824-53-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/824-239-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1708-26-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-80-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1720-12-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1720-611-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1720-238-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-547-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-548-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1720-41-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-480-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-481-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1720-47-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-55-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-36-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-66-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1720-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-79-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1720-95-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1720-87-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-86-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1720-29-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-3979-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2000-8-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2076-31-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-91-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3989-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4018-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2580-75-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2632-730-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2632-98-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4033-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-92-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-549-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-546-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4014-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2756-77-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3999-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-42-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4007-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-58-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-84-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4031-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4032-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2856-89-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download