cobaltstrike | 2006ed9c94d7f905d7234ac93faa029d089ade8507bebbbfbeff30137513e3a5

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1dcc14005b298aa4626804f422648ada
SHA1

38f391e443eba7da1ac1f761eb5b6c0c594474ff
SHA256

2006ed9c94d7f905d7234ac93faa029d089ade8507bebbbfbeff30137513e3a5
SHA512

eeeda623fb9316155b6edbf285717d763282048d044142316d5e565105431b585c48fb680575c83d0728e3eae29c7874290316e0c1b29b9d450af46d5a6135a5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016d5a-10.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000120d5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-64.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1820-0-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d5a-10.dat	xmrig
behavioral1/memory/2028-15-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1768-13-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d5-12.dat	xmrig
behavioral1/files/0x0007000000016d71-9.dat	xmrig
behavioral1/files/0x0009000000016ce8-21.dat	xmrig
behavioral1/memory/2256-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1820-22-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2568-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1244-36-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f45-37.dat	xmrig
behavioral1/memory/1768-41-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2768-42-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1820-33-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2028-50-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2716-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2616-90-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2752-107-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-137.dat	xmrig
behavioral1/files/0x0005000000019bec-159.dat	xmrig
behavioral1/memory/2940-804-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2408-689-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2544-509-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2800-367-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2748-234-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-199.dat	xmrig
behavioral1/files/0x0005000000019d69-194.dat	xmrig
behavioral1/files/0x0005000000019d5c-189.dat	xmrig
behavioral1/files/0x0005000000019cfc-184.dat	xmrig
behavioral1/files/0x0005000000019cd5-179.dat	xmrig
behavioral1/files/0x0005000000019c0b-174.dat	xmrig
behavioral1/files/0x0005000000019bf2-169.dat	xmrig
behavioral1/files/0x0005000000019bf0-165.dat	xmrig
behavioral1/files/0x0005000000019931-154.dat	xmrig
behavioral1/files/0x00050000000196a0-149.dat	xmrig
behavioral1/files/0x0005000000019665-144.dat	xmrig
behavioral1/files/0x00050000000195e0-134.dat	xmrig
behavioral1/files/0x00050000000195d0-129.dat	xmrig
behavioral1/files/0x00050000000195ce-124.dat	xmrig
behavioral1/files/0x00050000000195cc-120.dat	xmrig
behavioral1/files/0x00050000000195ca-114.dat	xmrig
behavioral1/memory/2940-108-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-106.dat	xmrig
behavioral1/memory/2408-98-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2716-97-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-96.dat	xmrig
behavioral1/memory/2544-91-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-89.dat	xmrig
behavioral1/memory/2800-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2768-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c4-81.dat	xmrig
behavioral1/memory/2748-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1244-73-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-72.dat	xmrig
behavioral1/memory/2752-66-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2568-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0007000000019080-64.dat	xmrig
behavioral1/memory/2256-58-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0009000000017355-57.dat	xmrig
behavioral1/memory/2616-51-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0007000000017342-49.dat	xmrig
behavioral1/files/0x0007000000016e1d-32.dat	xmrig
behavioral1/memory/1768-3115-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1768	cVbENdx.exe
2028	umDlJiu.exe
2256	iBNHMeo.exe
2568	xspuYfw.exe
1244	aUASzjP.exe
2768	IfqfKDd.exe
2616	HjRzIJL.exe
2716	EofBBfB.exe
2752	oqhqOpt.exe
2748	WfPQPFE.exe
2800	vrYXQXh.exe
2544	MVjxOTY.exe
2408	NCrZmYz.exe
2940	PoCicQc.exe
2388	UHEJuvm.exe
808	aTmSAiH.exe
2476	YitMlWX.exe
1776	CJLGdlC.exe
1664	qqoHIAK.exe
2316	gUYzGBX.exe
1800	kizmcIF.exe
1996	aZiwhvj.exe
1320	cLFNzVL.exe
1916	baiBjID.exe
1580	XxiHmmW.exe
2844	xFIAMZx.exe
2960	ISNlwYt.exe
2144	bDwEtyc.exe
304	XwsKeLM.exe
2188	uGmayuh.exe
1812	aaxjxgT.exe
2112	ZquxdOY.exe
404	FwPAtqU.exe
776	wFXlwGE.exe
2400	dVIGzIL.exe
1084	vQeUQFt.exe
1584	oAXkvVw.exe
1748	LeMaOhC.exe
848	bIxiofX.exe
1520	PfHJJgs.exe
1328	jSfbojo.exe
2300	iyRGdGa.exe
1904	QSNXKpH.exe
692	KuyskjU.exe
640	TDTpKHy.exe
2012	mOkFKZa.exe
2184	egNRfNN.exe
2180	EwBlMVC.exe
564	aRxrVzY.exe
464	jsubmwc.exe
984	nFoGTYo.exe
884	XKmbIxI.exe
2196	qVspFWm.exe
2440	ZxHEtmL.exe
1548	QYakJvy.exe
2912	aWBRdfo.exe
2392	ADWmYGT.exe
2904	MqnhjJk.exe
2448	YnAGycg.exe
2668	XGCEqlt.exe
2680	LUamVoA.exe
2640	aYsxeIC.exe
3024	XUpAPYh.exe
1724	ProdvpN.exe

Loads dropped DLL 64 IoCs

pid	Process
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1820-0-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d5a-10.dat	upx
behavioral1/memory/2028-15-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1768-13-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-12.dat	upx
behavioral1/files/0x0007000000016d71-9.dat	upx
behavioral1/files/0x0009000000016ce8-21.dat	upx
behavioral1/memory/2256-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2568-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1244-36-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0007000000016f45-37.dat	upx
behavioral1/memory/1768-41-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2768-42-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1820-34-0x00000000023B0000-0x0000000002704000-memory.dmp	upx
behavioral1/memory/1820-33-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2028-50-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2716-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2616-90-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2752-107-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0005000000019624-137.dat	upx
behavioral1/files/0x0005000000019bec-159.dat	upx
behavioral1/memory/2940-804-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2408-689-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2544-509-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2800-367-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2748-234-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-199.dat	upx
behavioral1/files/0x0005000000019d69-194.dat	upx
behavioral1/files/0x0005000000019d5c-189.dat	upx
behavioral1/files/0x0005000000019cfc-184.dat	upx
behavioral1/files/0x0005000000019cd5-179.dat	upx
behavioral1/files/0x0005000000019c0b-174.dat	upx
behavioral1/files/0x0005000000019bf2-169.dat	upx
behavioral1/files/0x0005000000019bf0-165.dat	upx
behavioral1/files/0x0005000000019931-154.dat	upx
behavioral1/files/0x00050000000196a0-149.dat	upx
behavioral1/files/0x0005000000019665-144.dat	upx
behavioral1/files/0x00050000000195e0-134.dat	upx
behavioral1/files/0x00050000000195d0-129.dat	upx
behavioral1/files/0x00050000000195ce-124.dat	upx
behavioral1/files/0x00050000000195cc-120.dat	upx
behavioral1/files/0x00050000000195ca-114.dat	upx
behavioral1/memory/2940-108-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-106.dat	upx
behavioral1/memory/2408-98-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2716-97-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-96.dat	upx
behavioral1/memory/2544-91-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-89.dat	upx
behavioral1/memory/2800-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2768-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00050000000195c4-81.dat	upx
behavioral1/memory/2748-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1244-73-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-72.dat	upx
behavioral1/memory/2752-66-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2568-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0007000000019080-64.dat	upx
behavioral1/memory/2256-58-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0009000000017355-57.dat	upx
behavioral1/memory/2616-51-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0007000000017342-49.dat	upx
behavioral1/files/0x0007000000016e1d-32.dat	upx
behavioral1/memory/1768-3115-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kToXgup.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKdeEQC.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrmWGvH.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwABLKU.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imgbUQC.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzajmrC.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYeEdtS.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdTOdXP.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfsDPxv.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZFpGiy.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTDQNba.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFMQbvZ.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKvnthr.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrlGkJa.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFRVFDA.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpkBNqJ.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEKTceZ.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESRdaVV.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYOcpWl.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJPenjn.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPrTinz.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBbaZbe.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Iqwxavt.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtZobjd.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpidWoy.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtEyKIW.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZroBcj.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVzZXoT.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMMCnhN.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoliNDQ.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XePAHAz.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhnILvi.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uabAXzw.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoQuhVZ.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmMASNF.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEdutws.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foaBHXU.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSvZzjE.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjBcEEe.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFamJeL.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjEWPcP.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aywXZSM.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUuMXZe.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIGskfX.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmBsqdq.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpyIDVS.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYjinCy.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNMxMPE.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdJssbs.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQmxqXa.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qygAwqG.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOYZDFV.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPHBsUO.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfboFkL.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeFqjNt.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cmtuixj.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynzJZXS.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQmWsEy.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkPSfGf.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZTFcik.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKaamMC.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfMPKMX.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlYqxUd.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqqJqRf.exe	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
22136	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2028	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1820 wrote to memory of 2028	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1820 wrote to memory of 2028	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1820 wrote to memory of 1768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1820 wrote to memory of 1768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1820 wrote to memory of 1768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1820 wrote to memory of 2256	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 2256	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 2256	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 2568	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 2568	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 2568	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 1244	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 1244	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 1244	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 2768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2768	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2616	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2616	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2616	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2716	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 2716	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 2716	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 2752	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 2752	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 2752	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 2748	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2748	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2748	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 2800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 2800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 2544	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 2544	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 2544	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 2408	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 2408	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 2408	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 2940	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2940	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2940	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2388	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 2388	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 2388	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 808	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 808	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 808	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 2476	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 2476	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 2476	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 1776	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1776	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1776	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1664	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 1664	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 1664	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 2316	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 2316	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 2316	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 1800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 1800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 1800	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 1996	1820	2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_1dcc14005b298aa4626804f422648ada_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\System\umDlJiu.exe
  C:\Windows\System\umDlJiu.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\cVbENdx.exe
  C:\Windows\System\cVbENdx.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\iBNHMeo.exe
  C:\Windows\System\iBNHMeo.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\xspuYfw.exe
  C:\Windows\System\xspuYfw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\aUASzjP.exe
  C:\Windows\System\aUASzjP.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\IfqfKDd.exe
  C:\Windows\System\IfqfKDd.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\HjRzIJL.exe
  C:\Windows\System\HjRzIJL.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\EofBBfB.exe
  C:\Windows\System\EofBBfB.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\oqhqOpt.exe
  C:\Windows\System\oqhqOpt.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\WfPQPFE.exe
  C:\Windows\System\WfPQPFE.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\vrYXQXh.exe
  C:\Windows\System\vrYXQXh.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\MVjxOTY.exe
  C:\Windows\System\MVjxOTY.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NCrZmYz.exe
  C:\Windows\System\NCrZmYz.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\PoCicQc.exe
  C:\Windows\System\PoCicQc.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\UHEJuvm.exe
  C:\Windows\System\UHEJuvm.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\aTmSAiH.exe
  C:\Windows\System\aTmSAiH.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\YitMlWX.exe
  C:\Windows\System\YitMlWX.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\CJLGdlC.exe
  C:\Windows\System\CJLGdlC.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qqoHIAK.exe
  C:\Windows\System\qqoHIAK.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\gUYzGBX.exe
  C:\Windows\System\gUYzGBX.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\kizmcIF.exe
  C:\Windows\System\kizmcIF.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\aZiwhvj.exe
  C:\Windows\System\aZiwhvj.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\cLFNzVL.exe
  C:\Windows\System\cLFNzVL.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\baiBjID.exe
  C:\Windows\System\baiBjID.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\XxiHmmW.exe
  C:\Windows\System\XxiHmmW.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\xFIAMZx.exe
  C:\Windows\System\xFIAMZx.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ISNlwYt.exe
  C:\Windows\System\ISNlwYt.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\bDwEtyc.exe
  C:\Windows\System\bDwEtyc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\XwsKeLM.exe
  C:\Windows\System\XwsKeLM.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\uGmayuh.exe
  C:\Windows\System\uGmayuh.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\aaxjxgT.exe
  C:\Windows\System\aaxjxgT.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ZquxdOY.exe
  C:\Windows\System\ZquxdOY.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\FwPAtqU.exe
  C:\Windows\System\FwPAtqU.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\wFXlwGE.exe
  C:\Windows\System\wFXlwGE.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\dVIGzIL.exe
  C:\Windows\System\dVIGzIL.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\vQeUQFt.exe
  C:\Windows\System\vQeUQFt.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\oAXkvVw.exe
  C:\Windows\System\oAXkvVw.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\LeMaOhC.exe
  C:\Windows\System\LeMaOhC.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\bIxiofX.exe
  C:\Windows\System\bIxiofX.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\PfHJJgs.exe
  C:\Windows\System\PfHJJgs.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\jSfbojo.exe
  C:\Windows\System\jSfbojo.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\iyRGdGa.exe
  C:\Windows\System\iyRGdGa.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\QSNXKpH.exe
  C:\Windows\System\QSNXKpH.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\KuyskjU.exe
  C:\Windows\System\KuyskjU.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\TDTpKHy.exe
  C:\Windows\System\TDTpKHy.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\mOkFKZa.exe
  C:\Windows\System\mOkFKZa.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\egNRfNN.exe
  C:\Windows\System\egNRfNN.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\EwBlMVC.exe
  C:\Windows\System\EwBlMVC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\aRxrVzY.exe
  C:\Windows\System\aRxrVzY.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\jsubmwc.exe
  C:\Windows\System\jsubmwc.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\nFoGTYo.exe
  C:\Windows\System\nFoGTYo.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\XKmbIxI.exe
  C:\Windows\System\XKmbIxI.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\qVspFWm.exe
  C:\Windows\System\qVspFWm.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ZxHEtmL.exe
  C:\Windows\System\ZxHEtmL.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\QYakJvy.exe
  C:\Windows\System\QYakJvy.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\aWBRdfo.exe
  C:\Windows\System\aWBRdfo.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ADWmYGT.exe
  C:\Windows\System\ADWmYGT.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\MqnhjJk.exe
  C:\Windows\System\MqnhjJk.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\YnAGycg.exe
  C:\Windows\System\YnAGycg.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\XGCEqlt.exe
  C:\Windows\System\XGCEqlt.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\LUamVoA.exe
  C:\Windows\System\LUamVoA.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\aYsxeIC.exe
  C:\Windows\System\aYsxeIC.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\XUpAPYh.exe
  C:\Windows\System\XUpAPYh.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ProdvpN.exe
  C:\Windows\System\ProdvpN.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\oBgFupN.exe
  C:\Windows\System\oBgFupN.exe
  2⤵
  PID:2656
- C:\Windows\System\HabnIzF.exe
  C:\Windows\System\HabnIzF.exe
  2⤵
  PID:1676
- C:\Windows\System\nDCNfCz.exe
  C:\Windows\System\nDCNfCz.exe
  2⤵
  PID:2548
- C:\Windows\System\drIxvEm.exe
  C:\Windows\System\drIxvEm.exe
  2⤵
  PID:2032
- C:\Windows\System\guYdGsE.exe
  C:\Windows\System\guYdGsE.exe
  2⤵
  PID:1656
- C:\Windows\System\nxtDIzV.exe
  C:\Windows\System\nxtDIzV.exe
  2⤵
  PID:1960
- C:\Windows\System\tLCWeRg.exe
  C:\Windows\System\tLCWeRg.exe
  2⤵
  PID:1836
- C:\Windows\System\SAYLspW.exe
  C:\Windows\System\SAYLspW.exe
  2⤵
  PID:1808
- C:\Windows\System\XGqJWuI.exe
  C:\Windows\System\XGqJWuI.exe
  2⤵
  PID:2836
- C:\Windows\System\IqjwWRz.exe
  C:\Windows\System\IqjwWRz.exe
  2⤵
  PID:2176
- C:\Windows\System\rIgroCm.exe
  C:\Windows\System\rIgroCm.exe
  2⤵
  PID:2336
- C:\Windows\System\aDNYAGh.exe
  C:\Windows\System\aDNYAGh.exe
  2⤵
  PID:1080
- C:\Windows\System\MBVJkTS.exe
  C:\Windows\System\MBVJkTS.exe
  2⤵
  PID:916
- C:\Windows\System\zpAZwYj.exe
  C:\Windows\System\zpAZwYj.exe
  2⤵
  PID:264
- C:\Windows\System\bWElCSM.exe
  C:\Windows\System\bWElCSM.exe
  2⤵
  PID:980
- C:\Windows\System\VzIJjZA.exe
  C:\Windows\System\VzIJjZA.exe
  2⤵
  PID:2840
- C:\Windows\System\iOjQevW.exe
  C:\Windows\System\iOjQevW.exe
  2⤵
  PID:1088
- C:\Windows\System\sAGqqut.exe
  C:\Windows\System\sAGqqut.exe
  2⤵
  PID:1648
- C:\Windows\System\BPwnMDt.exe
  C:\Windows\System\BPwnMDt.exe
  2⤵
  PID:1604
- C:\Windows\System\MGmEvBS.exe
  C:\Windows\System\MGmEvBS.exe
  2⤵
  PID:904
- C:\Windows\System\wIlkQiP.exe
  C:\Windows\System\wIlkQiP.exe
  2⤵
  PID:348
- C:\Windows\System\CnOBiYn.exe
  C:\Windows\System\CnOBiYn.exe
  2⤵
  PID:1652
- C:\Windows\System\wBhaebZ.exe
  C:\Windows\System\wBhaebZ.exe
  2⤵
  PID:2376
- C:\Windows\System\UfboFkL.exe
  C:\Windows\System\UfboFkL.exe
  2⤵
  PID:2092
- C:\Windows\System\sviPcVu.exe
  C:\Windows\System\sviPcVu.exe
  2⤵
  PID:1568
- C:\Windows\System\YOceqIr.exe
  C:\Windows\System\YOceqIr.exe
  2⤵
  PID:1576
- C:\Windows\System\FiePfdJ.exe
  C:\Windows\System\FiePfdJ.exe
  2⤵
  PID:2024
- C:\Windows\System\keclnUy.exe
  C:\Windows\System\keclnUy.exe
  2⤵
  PID:1072
- C:\Windows\System\WJBrHtY.exe
  C:\Windows\System\WJBrHtY.exe
  2⤵
  PID:1792
- C:\Windows\System\oKqWbBw.exe
  C:\Windows\System\oKqWbBw.exe
  2⤵
  PID:2860
- C:\Windows\System\xuOIwYZ.exe
  C:\Windows\System\xuOIwYZ.exe
  2⤵
  PID:2428
- C:\Windows\System\HTDQNba.exe
  C:\Windows\System\HTDQNba.exe
  2⤵
  PID:1968
- C:\Windows\System\jeFqjNt.exe
  C:\Windows\System\jeFqjNt.exe
  2⤵
  PID:2424
- C:\Windows\System\skwAZaD.exe
  C:\Windows\System\skwAZaD.exe
  2⤵
  PID:1184
- C:\Windows\System\gZLvhlZ.exe
  C:\Windows\System\gZLvhlZ.exe
  2⤵
  PID:676
- C:\Windows\System\MbdxsWJ.exe
  C:\Windows\System\MbdxsWJ.exe
  2⤵
  PID:1912
- C:\Windows\System\dsTkqqR.exe
  C:\Windows\System\dsTkqqR.exe
  2⤵
  PID:2136
- C:\Windows\System\eQrElmw.exe
  C:\Windows\System\eQrElmw.exe
  2⤵
  PID:2056
- C:\Windows\System\nNJFuqE.exe
  C:\Windows\System\nNJFuqE.exe
  2⤵
  PID:1596
- C:\Windows\System\KfmjDcg.exe
  C:\Windows\System\KfmjDcg.exe
  2⤵
  PID:1312
- C:\Windows\System\QnKWAaX.exe
  C:\Windows\System\QnKWAaX.exe
  2⤵
  PID:612
- C:\Windows\System\DkwIEKy.exe
  C:\Windows\System\DkwIEKy.exe
  2⤵
  PID:1492
- C:\Windows\System\UyNJGHd.exe
  C:\Windows\System\UyNJGHd.exe
  2⤵
  PID:752
- C:\Windows\System\SKvbRtE.exe
  C:\Windows\System\SKvbRtE.exe
  2⤵
  PID:1508
- C:\Windows\System\wEaNLcX.exe
  C:\Windows\System\wEaNLcX.exe
  2⤵
  PID:2164
- C:\Windows\System\EuVcWsI.exe
  C:\Windows\System\EuVcWsI.exe
  2⤵
  PID:2120
- C:\Windows\System\JDFnMlZ.exe
  C:\Windows\System\JDFnMlZ.exe
  2⤵
  PID:2228
- C:\Windows\System\GbamzcN.exe
  C:\Windows\System\GbamzcN.exe
  2⤵
  PID:2168
- C:\Windows\System\FYcqLUM.exe
  C:\Windows\System\FYcqLUM.exe
  2⤵
  PID:2412
- C:\Windows\System\ePbKhqt.exe
  C:\Windows\System\ePbKhqt.exe
  2⤵
  PID:2488
- C:\Windows\System\LoBmVhi.exe
  C:\Windows\System\LoBmVhi.exe
  2⤵
  PID:1448
- C:\Windows\System\rYYWuSZ.exe
  C:\Windows\System\rYYWuSZ.exe
  2⤵
  PID:1132
- C:\Windows\System\thaxNoR.exe
  C:\Windows\System\thaxNoR.exe
  2⤵
  PID:2784
- C:\Windows\System\BHHngwd.exe
  C:\Windows\System\BHHngwd.exe
  2⤵
  PID:3092
- C:\Windows\System\SnQcfEr.exe
  C:\Windows\System\SnQcfEr.exe
  2⤵
  PID:3112
- C:\Windows\System\RsbLdBi.exe
  C:\Windows\System\RsbLdBi.exe
  2⤵
  PID:3132
- C:\Windows\System\UeIeUTm.exe
  C:\Windows\System\UeIeUTm.exe
  2⤵
  PID:3152
- C:\Windows\System\yizVRof.exe
  C:\Windows\System\yizVRof.exe
  2⤵
  PID:3172
- C:\Windows\System\wexheNB.exe
  C:\Windows\System\wexheNB.exe
  2⤵
  PID:3192
- C:\Windows\System\SzdZENT.exe
  C:\Windows\System\SzdZENT.exe
  2⤵
  PID:3212
- C:\Windows\System\LhFnfYH.exe
  C:\Windows\System\LhFnfYH.exe
  2⤵
  PID:3232
- C:\Windows\System\auAdKlx.exe
  C:\Windows\System\auAdKlx.exe
  2⤵
  PID:3252
- C:\Windows\System\TYfjnRx.exe
  C:\Windows\System\TYfjnRx.exe
  2⤵
  PID:3272
- C:\Windows\System\IfAqyVQ.exe
  C:\Windows\System\IfAqyVQ.exe
  2⤵
  PID:3292
- C:\Windows\System\JXeyumU.exe
  C:\Windows\System\JXeyumU.exe
  2⤵
  PID:3312
- C:\Windows\System\MVBMWZG.exe
  C:\Windows\System\MVBMWZG.exe
  2⤵
  PID:3332
- C:\Windows\System\XDDNnUL.exe
  C:\Windows\System\XDDNnUL.exe
  2⤵
  PID:3352
- C:\Windows\System\eCTwMSP.exe
  C:\Windows\System\eCTwMSP.exe
  2⤵
  PID:3372
- C:\Windows\System\QxzKZlq.exe
  C:\Windows\System\QxzKZlq.exe
  2⤵
  PID:3392
- C:\Windows\System\teFpIBV.exe
  C:\Windows\System\teFpIBV.exe
  2⤵
  PID:3416
- C:\Windows\System\wKYvWad.exe
  C:\Windows\System\wKYvWad.exe
  2⤵
  PID:3436
- C:\Windows\System\apEcgbE.exe
  C:\Windows\System\apEcgbE.exe
  2⤵
  PID:3456
- C:\Windows\System\nigIhAa.exe
  C:\Windows\System\nigIhAa.exe
  2⤵
  PID:3476
- C:\Windows\System\FfRDpxf.exe
  C:\Windows\System\FfRDpxf.exe
  2⤵
  PID:3496
- C:\Windows\System\GXMJUER.exe
  C:\Windows\System\GXMJUER.exe
  2⤵
  PID:3516
- C:\Windows\System\hccgonR.exe
  C:\Windows\System\hccgonR.exe
  2⤵
  PID:3536
- C:\Windows\System\CbqJbCh.exe
  C:\Windows\System\CbqJbCh.exe
  2⤵
  PID:3556
- C:\Windows\System\rXwsPCt.exe
  C:\Windows\System\rXwsPCt.exe
  2⤵
  PID:3576
- C:\Windows\System\ZFAyXrC.exe
  C:\Windows\System\ZFAyXrC.exe
  2⤵
  PID:3596
- C:\Windows\System\StdrlYb.exe
  C:\Windows\System\StdrlYb.exe
  2⤵
  PID:3616
- C:\Windows\System\tpfMEps.exe
  C:\Windows\System\tpfMEps.exe
  2⤵
  PID:3636
- C:\Windows\System\lVMsOyM.exe
  C:\Windows\System\lVMsOyM.exe
  2⤵
  PID:3656
- C:\Windows\System\KTaKEhi.exe
  C:\Windows\System\KTaKEhi.exe
  2⤵
  PID:3676
- C:\Windows\System\kHVBBeN.exe
  C:\Windows\System\kHVBBeN.exe
  2⤵
  PID:3696
- C:\Windows\System\OsvGtwm.exe
  C:\Windows\System\OsvGtwm.exe
  2⤵
  PID:3720
- C:\Windows\System\mpfmGrO.exe
  C:\Windows\System\mpfmGrO.exe
  2⤵
  PID:3740
- C:\Windows\System\lGFjDvC.exe
  C:\Windows\System\lGFjDvC.exe
  2⤵
  PID:3760
- C:\Windows\System\AaCqrEL.exe
  C:\Windows\System\AaCqrEL.exe
  2⤵
  PID:3780
- C:\Windows\System\agifzRx.exe
  C:\Windows\System\agifzRx.exe
  2⤵
  PID:3800
- C:\Windows\System\hBPysLq.exe
  C:\Windows\System\hBPysLq.exe
  2⤵
  PID:3820
- C:\Windows\System\MPHkWCj.exe
  C:\Windows\System\MPHkWCj.exe
  2⤵
  PID:3840
- C:\Windows\System\YySmQov.exe
  C:\Windows\System\YySmQov.exe
  2⤵
  PID:3860
- C:\Windows\System\wMSzDmy.exe
  C:\Windows\System\wMSzDmy.exe
  2⤵
  PID:3880
- C:\Windows\System\WtESWlv.exe
  C:\Windows\System\WtESWlv.exe
  2⤵
  PID:3900
- C:\Windows\System\VpQxhzL.exe
  C:\Windows\System\VpQxhzL.exe
  2⤵
  PID:3920
- C:\Windows\System\qqPWISi.exe
  C:\Windows\System\qqPWISi.exe
  2⤵
  PID:3940
- C:\Windows\System\IEPhnrp.exe
  C:\Windows\System\IEPhnrp.exe
  2⤵
  PID:3960
- C:\Windows\System\uzdZZiX.exe
  C:\Windows\System\uzdZZiX.exe
  2⤵
  PID:3980
- C:\Windows\System\ERaejRn.exe
  C:\Windows\System\ERaejRn.exe
  2⤵
  PID:4004
- C:\Windows\System\pBlbeFf.exe
  C:\Windows\System\pBlbeFf.exe
  2⤵
  PID:4024
- C:\Windows\System\wSRHJfL.exe
  C:\Windows\System\wSRHJfL.exe
  2⤵
  PID:4044
- C:\Windows\System\BRsIeQs.exe
  C:\Windows\System\BRsIeQs.exe
  2⤵
  PID:4064
- C:\Windows\System\zPyGxir.exe
  C:\Windows\System\zPyGxir.exe
  2⤵
  PID:4084
- C:\Windows\System\TNTPJgY.exe
  C:\Windows\System\TNTPJgY.exe
  2⤵
  PID:2084
- C:\Windows\System\yRfuGvI.exe
  C:\Windows\System\yRfuGvI.exe
  2⤵
  PID:1172
- C:\Windows\System\ifOEwmq.exe
  C:\Windows\System\ifOEwmq.exe
  2⤵
  PID:1980
- C:\Windows\System\tsJVPFM.exe
  C:\Windows\System\tsJVPFM.exe
  2⤵
  PID:1772
- C:\Windows\System\nVdrEhY.exe
  C:\Windows\System\nVdrEhY.exe
  2⤵
  PID:2368
- C:\Windows\System\rCBMrJI.exe
  C:\Windows\System\rCBMrJI.exe
  2⤵
  PID:756
- C:\Windows\System\vFPTHRC.exe
  C:\Windows\System\vFPTHRC.exe
  2⤵
  PID:1220
- C:\Windows\System\vluyXTM.exe
  C:\Windows\System\vluyXTM.exe
  2⤵
  PID:2808
- C:\Windows\System\iwnBpbg.exe
  C:\Windows\System\iwnBpbg.exe
  2⤵
  PID:2216
- C:\Windows\System\fbcJfjs.exe
  C:\Windows\System\fbcJfjs.exe
  2⤵
  PID:2712
- C:\Windows\System\gQfQrAv.exe
  C:\Windows\System\gQfQrAv.exe
  2⤵
  PID:3084
- C:\Windows\System\NUZQXxN.exe
  C:\Windows\System\NUZQXxN.exe
  2⤵
  PID:3148
- C:\Windows\System\PxnKWte.exe
  C:\Windows\System\PxnKWte.exe
  2⤵
  PID:3160
- C:\Windows\System\TUMLCip.exe
  C:\Windows\System\TUMLCip.exe
  2⤵
  PID:3184
- C:\Windows\System\ZZNSgQV.exe
  C:\Windows\System\ZZNSgQV.exe
  2⤵
  PID:3204
- C:\Windows\System\JKXqGXk.exe
  C:\Windows\System\JKXqGXk.exe
  2⤵
  PID:3248
- C:\Windows\System\BEZMlTi.exe
  C:\Windows\System\BEZMlTi.exe
  2⤵
  PID:3308
- C:\Windows\System\AFQLLfR.exe
  C:\Windows\System\AFQLLfR.exe
  2⤵
  PID:3340
- C:\Windows\System\mTJSDyi.exe
  C:\Windows\System\mTJSDyi.exe
  2⤵
  PID:3368
- C:\Windows\System\KOlbhhw.exe
  C:\Windows\System\KOlbhhw.exe
  2⤵
  PID:3400
- C:\Windows\System\AhxiYIr.exe
  C:\Windows\System\AhxiYIr.exe
  2⤵
  PID:3428
- C:\Windows\System\JlsCqeD.exe
  C:\Windows\System\JlsCqeD.exe
  2⤵
  PID:3472
- C:\Windows\System\mfoVAsv.exe
  C:\Windows\System\mfoVAsv.exe
  2⤵
  PID:3504
- C:\Windows\System\rzNyuYU.exe
  C:\Windows\System\rzNyuYU.exe
  2⤵
  PID:3532
- C:\Windows\System\bkcoBcp.exe
  C:\Windows\System\bkcoBcp.exe
  2⤵
  PID:3572
- C:\Windows\System\jtdnDgF.exe
  C:\Windows\System\jtdnDgF.exe
  2⤵
  PID:3604
- C:\Windows\System\PeHxtfo.exe
  C:\Windows\System\PeHxtfo.exe
  2⤵
  PID:3644
- C:\Windows\System\gQjgznl.exe
  C:\Windows\System\gQjgznl.exe
  2⤵
  PID:3668
- C:\Windows\System\DwrwraH.exe
  C:\Windows\System\DwrwraH.exe
  2⤵
  PID:3716
- C:\Windows\System\eWtLhZF.exe
  C:\Windows\System\eWtLhZF.exe
  2⤵
  PID:3748
- C:\Windows\System\wPLGbUH.exe
  C:\Windows\System\wPLGbUH.exe
  2⤵
  PID:3796
- C:\Windows\System\KCvXtdE.exe
  C:\Windows\System\KCvXtdE.exe
  2⤵
  PID:3816
- C:\Windows\System\xoLcwsc.exe
  C:\Windows\System\xoLcwsc.exe
  2⤵
  PID:3848
- C:\Windows\System\DdcUegL.exe
  C:\Windows\System\DdcUegL.exe
  2⤵
  PID:3872
- C:\Windows\System\vtyVwcQ.exe
  C:\Windows\System\vtyVwcQ.exe
  2⤵
  PID:3896
- C:\Windows\System\SYfXZVk.exe
  C:\Windows\System\SYfXZVk.exe
  2⤵
  PID:3956
- C:\Windows\System\EhVxOGM.exe
  C:\Windows\System\EhVxOGM.exe
  2⤵
  PID:3976
- C:\Windows\System\ONuTpRp.exe
  C:\Windows\System\ONuTpRp.exe
  2⤵
  PID:4012
- C:\Windows\System\LEobXJS.exe
  C:\Windows\System\LEobXJS.exe
  2⤵
  PID:4036
- C:\Windows\System\YjuYLiX.exe
  C:\Windows\System\YjuYLiX.exe
  2⤵
  PID:4080
- C:\Windows\System\BBVLrXD.exe
  C:\Windows\System\BBVLrXD.exe
  2⤵
  PID:2128
- C:\Windows\System\EvTyxgV.exe
  C:\Windows\System\EvTyxgV.exe
  2⤵
  PID:2052
- C:\Windows\System\nDiFrVh.exe
  C:\Windows\System\nDiFrVh.exe
  2⤵
  PID:336
- C:\Windows\System\dQQnIUL.exe
  C:\Windows\System\dQQnIUL.exe
  2⤵
  PID:2704
- C:\Windows\System\wtoAWdv.exe
  C:\Windows\System\wtoAWdv.exe
  2⤵
  PID:2624
- C:\Windows\System\fFkChGq.exe
  C:\Windows\System\fFkChGq.exe
  2⤵
  PID:3080
- C:\Windows\System\SLmcXHF.exe
  C:\Windows\System\SLmcXHF.exe
  2⤵
  PID:3120
- C:\Windows\System\BfzFSwK.exe
  C:\Windows\System\BfzFSwK.exe
  2⤵
  PID:3188
- C:\Windows\System\aCRqFbJ.exe
  C:\Windows\System\aCRqFbJ.exe
  2⤵
  PID:3260
- C:\Windows\System\MRIsowv.exe
  C:\Windows\System\MRIsowv.exe
  2⤵
  PID:3280
- C:\Windows\System\QFtxPhP.exe
  C:\Windows\System\QFtxPhP.exe
  2⤵
  PID:3344
- C:\Windows\System\JWXnyGq.exe
  C:\Windows\System\JWXnyGq.exe
  2⤵
  PID:3404
- C:\Windows\System\hJZjnNP.exe
  C:\Windows\System\hJZjnNP.exe
  2⤵
  PID:3464
- C:\Windows\System\PEqegWo.exe
  C:\Windows\System\PEqegWo.exe
  2⤵
  PID:3524
- C:\Windows\System\ZsDDwrB.exe
  C:\Windows\System\ZsDDwrB.exe
  2⤵
  PID:3528
- C:\Windows\System\ptXrpaE.exe
  C:\Windows\System\ptXrpaE.exe
  2⤵
  PID:3632
- C:\Windows\System\gaWKLKw.exe
  C:\Windows\System\gaWKLKw.exe
  2⤵
  PID:3688
- C:\Windows\System\OuDMuiE.exe
  C:\Windows\System\OuDMuiE.exe
  2⤵
  PID:3736
- C:\Windows\System\ylEQqdD.exe
  C:\Windows\System\ylEQqdD.exe
  2⤵
  PID:3808
- C:\Windows\System\vcXdxlv.exe
  C:\Windows\System\vcXdxlv.exe
  2⤵
  PID:3852
- C:\Windows\System\WvqtWKx.exe
  C:\Windows\System\WvqtWKx.exe
  2⤵
  PID:3908
- C:\Windows\System\BKbRQLz.exe
  C:\Windows\System\BKbRQLz.exe
  2⤵
  PID:3952
- C:\Windows\System\sFOYlMA.exe
  C:\Windows\System\sFOYlMA.exe
  2⤵
  PID:4020
- C:\Windows\System\sLIneQi.exe
  C:\Windows\System\sLIneQi.exe
  2⤵
  PID:4092
- C:\Windows\System\yxQirvv.exe
  C:\Windows\System\yxQirvv.exe
  2⤵
  PID:2848
- C:\Windows\System\MBBCWyt.exe
  C:\Windows\System\MBBCWyt.exe
  2⤵
  PID:880
- C:\Windows\System\UMzOLtI.exe
  C:\Windows\System\UMzOLtI.exe
  2⤵
  PID:2492
- C:\Windows\System\ZvDYzCJ.exe
  C:\Windows\System\ZvDYzCJ.exe
  2⤵
  PID:1736
- C:\Windows\System\UcQUGOL.exe
  C:\Windows\System\UcQUGOL.exe
  2⤵
  PID:3124
- C:\Windows\System\gFedkCz.exe
  C:\Windows\System\gFedkCz.exe
  2⤵
  PID:3228
- C:\Windows\System\dMPbPvC.exe
  C:\Windows\System\dMPbPvC.exe
  2⤵
  PID:3324
- C:\Windows\System\mjwukCL.exe
  C:\Windows\System\mjwukCL.exe
  2⤵
  PID:3448
- C:\Windows\System\UHfDfdI.exe
  C:\Windows\System\UHfDfdI.exe
  2⤵
  PID:3588
- C:\Windows\System\iGBkhUv.exe
  C:\Windows\System\iGBkhUv.exe
  2⤵
  PID:4100
- C:\Windows\System\DruwWmC.exe
  C:\Windows\System\DruwWmC.exe
  2⤵
  PID:4120
- C:\Windows\System\NqglZZZ.exe
  C:\Windows\System\NqglZZZ.exe
  2⤵
  PID:4140
- C:\Windows\System\TiEWDth.exe
  C:\Windows\System\TiEWDth.exe
  2⤵
  PID:4160
- C:\Windows\System\qsMNGfy.exe
  C:\Windows\System\qsMNGfy.exe
  2⤵
  PID:4180
- C:\Windows\System\xOADDhB.exe
  C:\Windows\System\xOADDhB.exe
  2⤵
  PID:4200
- C:\Windows\System\DpncZTH.exe
  C:\Windows\System\DpncZTH.exe
  2⤵
  PID:4220
- C:\Windows\System\ABJUNQS.exe
  C:\Windows\System\ABJUNQS.exe
  2⤵
  PID:4240
- C:\Windows\System\wUUgnYO.exe
  C:\Windows\System\wUUgnYO.exe
  2⤵
  PID:4260
- C:\Windows\System\wvPPGJX.exe
  C:\Windows\System\wvPPGJX.exe
  2⤵
  PID:4280
- C:\Windows\System\rQQfAKf.exe
  C:\Windows\System\rQQfAKf.exe
  2⤵
  PID:4300
- C:\Windows\System\XBWcqYD.exe
  C:\Windows\System\XBWcqYD.exe
  2⤵
  PID:4320
- C:\Windows\System\mSRINhV.exe
  C:\Windows\System\mSRINhV.exe
  2⤵
  PID:4340
- C:\Windows\System\aoOWkNM.exe
  C:\Windows\System\aoOWkNM.exe
  2⤵
  PID:4360
- C:\Windows\System\LeouvJO.exe
  C:\Windows\System\LeouvJO.exe
  2⤵
  PID:4380
- C:\Windows\System\DHGWxkf.exe
  C:\Windows\System\DHGWxkf.exe
  2⤵
  PID:4400
- C:\Windows\System\laJEfwe.exe
  C:\Windows\System\laJEfwe.exe
  2⤵
  PID:4420
- C:\Windows\System\EMQgcxU.exe
  C:\Windows\System\EMQgcxU.exe
  2⤵
  PID:4440
- C:\Windows\System\EvSxEZv.exe
  C:\Windows\System\EvSxEZv.exe
  2⤵
  PID:4460
- C:\Windows\System\JKJtQXq.exe
  C:\Windows\System\JKJtQXq.exe
  2⤵
  PID:4480
- C:\Windows\System\egKeEVZ.exe
  C:\Windows\System\egKeEVZ.exe
  2⤵
  PID:4500
- C:\Windows\System\PjJFvkJ.exe
  C:\Windows\System\PjJFvkJ.exe
  2⤵
  PID:4524
- C:\Windows\System\JYPIWmX.exe
  C:\Windows\System\JYPIWmX.exe
  2⤵
  PID:4544
- C:\Windows\System\lcefhJQ.exe
  C:\Windows\System\lcefhJQ.exe
  2⤵
  PID:4564
- C:\Windows\System\bnAEBlD.exe
  C:\Windows\System\bnAEBlD.exe
  2⤵
  PID:4584
- C:\Windows\System\gILBIPW.exe
  C:\Windows\System\gILBIPW.exe
  2⤵
  PID:4604
- C:\Windows\System\ZWdvJHd.exe
  C:\Windows\System\ZWdvJHd.exe
  2⤵
  PID:4624
- C:\Windows\System\LKyOqiX.exe
  C:\Windows\System\LKyOqiX.exe
  2⤵
  PID:4644
- C:\Windows\System\waxTIbb.exe
  C:\Windows\System\waxTIbb.exe
  2⤵
  PID:4664
- C:\Windows\System\TwWEiKK.exe
  C:\Windows\System\TwWEiKK.exe
  2⤵
  PID:4684
- C:\Windows\System\HNZyyOD.exe
  C:\Windows\System\HNZyyOD.exe
  2⤵
  PID:4704
- C:\Windows\System\nmpKJJM.exe
  C:\Windows\System\nmpKJJM.exe
  2⤵
  PID:4724
- C:\Windows\System\aexcIGW.exe
  C:\Windows\System\aexcIGW.exe
  2⤵
  PID:4744
- C:\Windows\System\YOGVghS.exe
  C:\Windows\System\YOGVghS.exe
  2⤵
  PID:4764
- C:\Windows\System\qitvMiO.exe
  C:\Windows\System\qitvMiO.exe
  2⤵
  PID:4784
- C:\Windows\System\pdRvRCY.exe
  C:\Windows\System\pdRvRCY.exe
  2⤵
  PID:4808
- C:\Windows\System\xoMMNrA.exe
  C:\Windows\System\xoMMNrA.exe
  2⤵
  PID:4828
- C:\Windows\System\mAJrrFi.exe
  C:\Windows\System\mAJrrFi.exe
  2⤵
  PID:4848
- C:\Windows\System\ekZznTl.exe
  C:\Windows\System\ekZznTl.exe
  2⤵
  PID:4868
- C:\Windows\System\CwABLKU.exe
  C:\Windows\System\CwABLKU.exe
  2⤵
  PID:4888
- C:\Windows\System\KaPOUfY.exe
  C:\Windows\System\KaPOUfY.exe
  2⤵
  PID:4908
- C:\Windows\System\ZvyPFbQ.exe
  C:\Windows\System\ZvyPFbQ.exe
  2⤵
  PID:4928
- C:\Windows\System\sHygRrm.exe
  C:\Windows\System\sHygRrm.exe
  2⤵
  PID:4948
- C:\Windows\System\uXoVMsu.exe
  C:\Windows\System\uXoVMsu.exe
  2⤵
  PID:4968
- C:\Windows\System\xKxnBOo.exe
  C:\Windows\System\xKxnBOo.exe
  2⤵
  PID:4988
- C:\Windows\System\LKLgjTK.exe
  C:\Windows\System\LKLgjTK.exe
  2⤵
  PID:5008
- C:\Windows\System\srHhHgg.exe
  C:\Windows\System\srHhHgg.exe
  2⤵
  PID:5028
- C:\Windows\System\UQoUDdq.exe
  C:\Windows\System\UQoUDdq.exe
  2⤵
  PID:5048
- C:\Windows\System\fHIUWXi.exe
  C:\Windows\System\fHIUWXi.exe
  2⤵
  PID:5068
- C:\Windows\System\sYaTuZB.exe
  C:\Windows\System\sYaTuZB.exe
  2⤵
  PID:5088
- C:\Windows\System\AAURPBA.exe
  C:\Windows\System\AAURPBA.exe
  2⤵
  PID:5108
- C:\Windows\System\fZwcdYa.exe
  C:\Windows\System\fZwcdYa.exe
  2⤵
  PID:3692
- C:\Windows\System\cHTVkPg.exe
  C:\Windows\System\cHTVkPg.exe
  2⤵
  PID:3788
- C:\Windows\System\vVFdTRA.exe
  C:\Windows\System\vVFdTRA.exe
  2⤵
  PID:3868
- C:\Windows\System\JMXkyrw.exe
  C:\Windows\System\JMXkyrw.exe
  2⤵
  PID:3928
- C:\Windows\System\QyUwBqm.exe
  C:\Windows\System\QyUwBqm.exe
  2⤵
  PID:4056
- C:\Windows\System\yStvkWl.exe
  C:\Windows\System\yStvkWl.exe
  2⤵
  PID:1856
- C:\Windows\System\XePAHAz.exe
  C:\Windows\System\XePAHAz.exe
  2⤵
  PID:568
- C:\Windows\System\LAdNjHW.exe
  C:\Windows\System\LAdNjHW.exe
  2⤵
  PID:3208
- C:\Windows\System\tfEVJSV.exe
  C:\Windows\System\tfEVJSV.exe
  2⤵
  PID:3264
- C:\Windows\System\LfPZVOI.exe
  C:\Windows\System\LfPZVOI.exe
  2⤵
  PID:3424
- C:\Windows\System\bWfQVLm.exe
  C:\Windows\System\bWfQVLm.exe
  2⤵
  PID:3608
- C:\Windows\System\FJsTfHF.exe
  C:\Windows\System\FJsTfHF.exe
  2⤵
  PID:4136
- C:\Windows\System\ZfyjCTy.exe
  C:\Windows\System\ZfyjCTy.exe
  2⤵
  PID:4176
- C:\Windows\System\honEdeR.exe
  C:\Windows\System\honEdeR.exe
  2⤵
  PID:4208
- C:\Windows\System\dssrxbC.exe
  C:\Windows\System\dssrxbC.exe
  2⤵
  PID:4212
- C:\Windows\System\wpyIDVS.exe
  C:\Windows\System\wpyIDVS.exe
  2⤵
  PID:4256
- C:\Windows\System\UjlEnWE.exe
  C:\Windows\System\UjlEnWE.exe
  2⤵
  PID:4288
- C:\Windows\System\oZUhDIg.exe
  C:\Windows\System\oZUhDIg.exe
  2⤵
  PID:4308
- C:\Windows\System\RUxQwsw.exe
  C:\Windows\System\RUxQwsw.exe
  2⤵
  PID:4356
- C:\Windows\System\OkNHlxy.exe
  C:\Windows\System\OkNHlxy.exe
  2⤵
  PID:4408
- C:\Windows\System\JfxqRAf.exe
  C:\Windows\System\JfxqRAf.exe
  2⤵
  PID:4412
- C:\Windows\System\AeaGOaX.exe
  C:\Windows\System\AeaGOaX.exe
  2⤵
  PID:4456
- C:\Windows\System\gMwGYGe.exe
  C:\Windows\System\gMwGYGe.exe
  2⤵
  PID:4496
- C:\Windows\System\NbzCkeg.exe
  C:\Windows\System\NbzCkeg.exe
  2⤵
  PID:4532
- C:\Windows\System\mqwLWhq.exe
  C:\Windows\System\mqwLWhq.exe
  2⤵
  PID:4560
- C:\Windows\System\cMOIzbb.exe
  C:\Windows\System\cMOIzbb.exe
  2⤵
  PID:4612
- C:\Windows\System\zksQnoJ.exe
  C:\Windows\System\zksQnoJ.exe
  2⤵
  PID:4596
- C:\Windows\System\utRbVnk.exe
  C:\Windows\System\utRbVnk.exe
  2⤵
  PID:4656
- C:\Windows\System\CgweUWN.exe
  C:\Windows\System\CgweUWN.exe
  2⤵
  PID:4676
- C:\Windows\System\KrfDUuK.exe
  C:\Windows\System\KrfDUuK.exe
  2⤵
  PID:4740
- C:\Windows\System\PcEJyuo.exe
  C:\Windows\System\PcEJyuo.exe
  2⤵
  PID:4772
- C:\Windows\System\CIwNEqr.exe
  C:\Windows\System\CIwNEqr.exe
  2⤵
  PID:4776
- C:\Windows\System\yoQWoic.exe
  C:\Windows\System\yoQWoic.exe
  2⤵
  PID:4820
- C:\Windows\System\AJPrURm.exe
  C:\Windows\System\AJPrURm.exe
  2⤵
  PID:4840
- C:\Windows\System\PLIgdnB.exe
  C:\Windows\System\PLIgdnB.exe
  2⤵
  PID:4896
- C:\Windows\System\TfBqAkA.exe
  C:\Windows\System\TfBqAkA.exe
  2⤵
  PID:4944
- C:\Windows\System\faXYJBi.exe
  C:\Windows\System\faXYJBi.exe
  2⤵
  PID:4956
- C:\Windows\System\bJKhiMT.exe
  C:\Windows\System\bJKhiMT.exe
  2⤵
  PID:4980
- C:\Windows\System\jGaPniO.exe
  C:\Windows\System\jGaPniO.exe
  2⤵
  PID:5000
- C:\Windows\System\mZLKOfj.exe
  C:\Windows\System\mZLKOfj.exe
  2⤵
  PID:5056
- C:\Windows\System\KeNDhAI.exe
  C:\Windows\System\KeNDhAI.exe
  2⤵
  PID:5084
- C:\Windows\System\YgcuLxy.exe
  C:\Windows\System\YgcuLxy.exe
  2⤵
  PID:3664
- C:\Windows\System\YMhwbNx.exe
  C:\Windows\System\YMhwbNx.exe
  2⤵
  PID:3768
- C:\Windows\System\OnVdiHz.exe
  C:\Windows\System\OnVdiHz.exe
  2⤵
  PID:3712
- C:\Windows\System\uZHIIPO.exe
  C:\Windows\System\uZHIIPO.exe
  2⤵
  PID:3996
- C:\Windows\System\tMDyptN.exe
  C:\Windows\System\tMDyptN.exe
  2⤵
  PID:2404
- C:\Windows\System\nXqnVYx.exe
  C:\Windows\System\nXqnVYx.exe
  2⤵
  PID:3180
- C:\Windows\System\qWlyVve.exe
  C:\Windows\System\qWlyVve.exe
  2⤵
  PID:3548
- C:\Windows\System\tWTqapc.exe
  C:\Windows\System\tWTqapc.exe
  2⤵
  PID:4116
- C:\Windows\System\mAvOCzS.exe
  C:\Windows\System\mAvOCzS.exe
  2⤵
  PID:4188
- C:\Windows\System\WJquhdm.exe
  C:\Windows\System\WJquhdm.exe
  2⤵
  PID:4236
- C:\Windows\System\PAdiGYz.exe
  C:\Windows\System\PAdiGYz.exe
  2⤵
  PID:4276
- C:\Windows\System\QPFnpUw.exe
  C:\Windows\System\QPFnpUw.exe
  2⤵
  PID:4348
- C:\Windows\System\oGLUuto.exe
  C:\Windows\System\oGLUuto.exe
  2⤵
  PID:4396
- C:\Windows\System\onrvQtD.exe
  C:\Windows\System\onrvQtD.exe
  2⤵
  PID:4432
- C:\Windows\System\idsJlCc.exe
  C:\Windows\System\idsJlCc.exe
  2⤵
  PID:4516
- C:\Windows\System\blNUjYR.exe
  C:\Windows\System\blNUjYR.exe
  2⤵
  PID:4576
- C:\Windows\System\wtnTBqd.exe
  C:\Windows\System\wtnTBqd.exe
  2⤵
  PID:4600
- C:\Windows\System\RAAKMci.exe
  C:\Windows\System\RAAKMci.exe
  2⤵
  PID:4696
- C:\Windows\System\AKcAyjH.exe
  C:\Windows\System\AKcAyjH.exe
  2⤵
  PID:4736
- C:\Windows\System\KTuWmQJ.exe
  C:\Windows\System\KTuWmQJ.exe
  2⤵
  PID:5136
- C:\Windows\System\BoeJdVI.exe
  C:\Windows\System\BoeJdVI.exe
  2⤵
  PID:5156
- C:\Windows\System\UFMQbvZ.exe
  C:\Windows\System\UFMQbvZ.exe
  2⤵
  PID:5176
- C:\Windows\System\DxHJBRz.exe
  C:\Windows\System\DxHJBRz.exe
  2⤵
  PID:5196
- C:\Windows\System\tfbUNgW.exe
  C:\Windows\System\tfbUNgW.exe
  2⤵
  PID:5216
- C:\Windows\System\RinYwfC.exe
  C:\Windows\System\RinYwfC.exe
  2⤵
  PID:5236
- C:\Windows\System\elpmeYW.exe
  C:\Windows\System\elpmeYW.exe
  2⤵
  PID:5256
- C:\Windows\System\RIfvooi.exe
  C:\Windows\System\RIfvooi.exe
  2⤵
  PID:5276
- C:\Windows\System\nZbJwQq.exe
  C:\Windows\System\nZbJwQq.exe
  2⤵
  PID:5296
- C:\Windows\System\ouBMUII.exe
  C:\Windows\System\ouBMUII.exe
  2⤵
  PID:5316
- C:\Windows\System\duOQWGH.exe
  C:\Windows\System\duOQWGH.exe
  2⤵
  PID:5336
- C:\Windows\System\buapYYp.exe
  C:\Windows\System\buapYYp.exe
  2⤵
  PID:5356
- C:\Windows\System\CRhPzeO.exe
  C:\Windows\System\CRhPzeO.exe
  2⤵
  PID:5376
- C:\Windows\System\sFrPWqZ.exe
  C:\Windows\System\sFrPWqZ.exe
  2⤵
  PID:5400
- C:\Windows\System\isEZJwx.exe
  C:\Windows\System\isEZJwx.exe
  2⤵
  PID:5420
- C:\Windows\System\cOsQdmJ.exe
  C:\Windows\System\cOsQdmJ.exe
  2⤵
  PID:5440
- C:\Windows\System\fNMikxl.exe
  C:\Windows\System\fNMikxl.exe
  2⤵
  PID:5460
- C:\Windows\System\sWSJHmm.exe
  C:\Windows\System\sWSJHmm.exe
  2⤵
  PID:5480
- C:\Windows\System\RyJpEHL.exe
  C:\Windows\System\RyJpEHL.exe
  2⤵
  PID:5500
- C:\Windows\System\UCQmxIN.exe
  C:\Windows\System\UCQmxIN.exe
  2⤵
  PID:5520
- C:\Windows\System\MnsZZeV.exe
  C:\Windows\System\MnsZZeV.exe
  2⤵
  PID:5540
- C:\Windows\System\IZeXvYX.exe
  C:\Windows\System\IZeXvYX.exe
  2⤵
  PID:5560
- C:\Windows\System\hoKFHlO.exe
  C:\Windows\System\hoKFHlO.exe
  2⤵
  PID:5580
- C:\Windows\System\VWbKzps.exe
  C:\Windows\System\VWbKzps.exe
  2⤵
  PID:5600
- C:\Windows\System\QTgfuxm.exe
  C:\Windows\System\QTgfuxm.exe
  2⤵
  PID:5620
- C:\Windows\System\AkkgPTb.exe
  C:\Windows\System\AkkgPTb.exe
  2⤵
  PID:5640
- C:\Windows\System\aywPPot.exe
  C:\Windows\System\aywPPot.exe
  2⤵
  PID:5660
- C:\Windows\System\qwhUPxK.exe
  C:\Windows\System\qwhUPxK.exe
  2⤵
  PID:5680
- C:\Windows\System\leMCsdj.exe
  C:\Windows\System\leMCsdj.exe
  2⤵
  PID:5700
- C:\Windows\System\FxWUqgH.exe
  C:\Windows\System\FxWUqgH.exe
  2⤵
  PID:5720
- C:\Windows\System\TUUqXnF.exe
  C:\Windows\System\TUUqXnF.exe
  2⤵
  PID:5740
- C:\Windows\System\THjIOjA.exe
  C:\Windows\System\THjIOjA.exe
  2⤵
  PID:5760
- C:\Windows\System\jmdEwJN.exe
  C:\Windows\System\jmdEwJN.exe
  2⤵
  PID:5780
- C:\Windows\System\QkxuAVx.exe
  C:\Windows\System\QkxuAVx.exe
  2⤵
  PID:5800
- C:\Windows\System\QNjNJuC.exe
  C:\Windows\System\QNjNJuC.exe
  2⤵
  PID:5820
- C:\Windows\System\KrhAUss.exe
  C:\Windows\System\KrhAUss.exe
  2⤵
  PID:5840
- C:\Windows\System\PNzgRTe.exe
  C:\Windows\System\PNzgRTe.exe
  2⤵
  PID:5860
- C:\Windows\System\UyKwgkx.exe
  C:\Windows\System\UyKwgkx.exe
  2⤵
  PID:5880
- C:\Windows\System\mjFbiWl.exe
  C:\Windows\System\mjFbiWl.exe
  2⤵
  PID:5900
- C:\Windows\System\CRYRZkp.exe
  C:\Windows\System\CRYRZkp.exe
  2⤵
  PID:5920
- C:\Windows\System\cKEzNeF.exe
  C:\Windows\System\cKEzNeF.exe
  2⤵
  PID:5944
- C:\Windows\System\fTxnqFN.exe
  C:\Windows\System\fTxnqFN.exe
  2⤵
  PID:5964
- C:\Windows\System\HNdBbIu.exe
  C:\Windows\System\HNdBbIu.exe
  2⤵
  PID:5984
- C:\Windows\System\ZLXPGgi.exe
  C:\Windows\System\ZLXPGgi.exe
  2⤵
  PID:6004
- C:\Windows\System\NeximkZ.exe
  C:\Windows\System\NeximkZ.exe
  2⤵
  PID:6024
- C:\Windows\System\mnpIGbh.exe
  C:\Windows\System\mnpIGbh.exe
  2⤵
  PID:6044
- C:\Windows\System\AERauRo.exe
  C:\Windows\System\AERauRo.exe
  2⤵
  PID:6064
- C:\Windows\System\ZMCcMXl.exe
  C:\Windows\System\ZMCcMXl.exe
  2⤵
  PID:6084
- C:\Windows\System\YSNIXIZ.exe
  C:\Windows\System\YSNIXIZ.exe
  2⤵
  PID:6104
- C:\Windows\System\oVbxtBo.exe
  C:\Windows\System\oVbxtBo.exe
  2⤵
  PID:6124
- C:\Windows\System\AeFkGGR.exe
  C:\Windows\System\AeFkGGR.exe
  2⤵
  PID:4752
- C:\Windows\System\rAYEZcH.exe
  C:\Windows\System\rAYEZcH.exe
  2⤵
  PID:4816
- C:\Windows\System\lSCWJhz.exe
  C:\Windows\System\lSCWJhz.exe
  2⤵
  PID:4856
- C:\Windows\System\JfJaHrC.exe
  C:\Windows\System\JfJaHrC.exe
  2⤵
  PID:4936
- C:\Windows\System\mlEihCe.exe
  C:\Windows\System\mlEihCe.exe
  2⤵
  PID:4984
- C:\Windows\System\oYCuMid.exe
  C:\Windows\System\oYCuMid.exe
  2⤵
  PID:4996
- C:\Windows\System\QEhzYeh.exe
  C:\Windows\System\QEhzYeh.exe
  2⤵
  PID:5096
- C:\Windows\System\WeMLloT.exe
  C:\Windows\System\WeMLloT.exe
  2⤵
  PID:5116
- C:\Windows\System\OcuyDWb.exe
  C:\Windows\System\OcuyDWb.exe
  2⤵
  PID:3836
- C:\Windows\System\VRZEAaG.exe
  C:\Windows\System\VRZEAaG.exe
  2⤵
  PID:1284
- C:\Windows\System\prnUweC.exe
  C:\Windows\System\prnUweC.exe
  2⤵
  PID:2244
- C:\Windows\System\KSRaeGr.exe
  C:\Windows\System\KSRaeGr.exe
  2⤵
  PID:4168
- C:\Windows\System\wKbBkDp.exe
  C:\Windows\System\wKbBkDp.exe
  2⤵
  PID:4192
- C:\Windows\System\pUePsgx.exe
  C:\Windows\System\pUePsgx.exe
  2⤵
  PID:4352
- C:\Windows\System\GYCiWCy.exe
  C:\Windows\System\GYCiWCy.exe
  2⤵
  PID:4436
- C:\Windows\System\jchOiBQ.exe
  C:\Windows\System\jchOiBQ.exe
  2⤵
  PID:4492
- C:\Windows\System\PnBrgyV.exe
  C:\Windows\System\PnBrgyV.exe
  2⤵
  PID:4572
- C:\Windows\System\osSzoga.exe
  C:\Windows\System\osSzoga.exe
  2⤵
  PID:4672
- C:\Windows\System\KIcMUCB.exe
  C:\Windows\System\KIcMUCB.exe
  2⤵
  PID:5124
- C:\Windows\System\EOqyrqx.exe
  C:\Windows\System\EOqyrqx.exe
  2⤵
  PID:5164
- C:\Windows\System\CZWUUBr.exe
  C:\Windows\System\CZWUUBr.exe
  2⤵
  PID:5188
- C:\Windows\System\OcEJobi.exe
  C:\Windows\System\OcEJobi.exe
  2⤵
  PID:5208
- C:\Windows\System\ZVdISmb.exe
  C:\Windows\System\ZVdISmb.exe
  2⤵
  PID:5264
- C:\Windows\System\vCfyPLS.exe
  C:\Windows\System\vCfyPLS.exe
  2⤵
  PID:5304
- C:\Windows\System\lsMGuYs.exe
  C:\Windows\System\lsMGuYs.exe
  2⤵
  PID:5332
- C:\Windows\System\JzGTdAU.exe
  C:\Windows\System\JzGTdAU.exe
  2⤵
  PID:3032
- C:\Windows\System\LSnmyhm.exe
  C:\Windows\System\LSnmyhm.exe
  2⤵
  PID:5392
- C:\Windows\System\XCOBDdv.exe
  C:\Windows\System\XCOBDdv.exe
  2⤵
  PID:5412
- C:\Windows\System\gavnvEj.exe
  C:\Windows\System\gavnvEj.exe
  2⤵
  PID:5476
- C:\Windows\System\HfKVYuF.exe
  C:\Windows\System\HfKVYuF.exe
  2⤵
  PID:5508
- C:\Windows\System\IsCvTus.exe
  C:\Windows\System\IsCvTus.exe
  2⤵
  PID:5556
- C:\Windows\System\Treyfbu.exe
  C:\Windows\System\Treyfbu.exe
  2⤵
  PID:5568
- C:\Windows\System\nlOVrkG.exe
  C:\Windows\System\nlOVrkG.exe
  2⤵
  PID:5572
- C:\Windows\System\PJwbonE.exe
  C:\Windows\System\PJwbonE.exe
  2⤵
  PID:5636
- C:\Windows\System\FfnUuGW.exe
  C:\Windows\System\FfnUuGW.exe
  2⤵
  PID:5676
- C:\Windows\System\BWUFEAv.exe
  C:\Windows\System\BWUFEAv.exe
  2⤵
  PID:5688
- C:\Windows\System\yZcfIbL.exe
  C:\Windows\System\yZcfIbL.exe
  2⤵
  PID:5712
- C:\Windows\System\oraGQyR.exe
  C:\Windows\System\oraGQyR.exe
  2⤵
  PID:5756
- C:\Windows\System\KJaTCBG.exe
  C:\Windows\System\KJaTCBG.exe
  2⤵
  PID:5776
- C:\Windows\System\oSEEWJS.exe
  C:\Windows\System\oSEEWJS.exe
  2⤵
  PID:5808
- C:\Windows\System\DqLHCll.exe
  C:\Windows\System\DqLHCll.exe
  2⤵
  PID:5848
- C:\Windows\System\ULNYnUh.exe
  C:\Windows\System\ULNYnUh.exe
  2⤵
  PID:5872
- C:\Windows\System\JJEKMNQ.exe
  C:\Windows\System\JJEKMNQ.exe
  2⤵
  PID:5916
- C:\Windows\System\MmBZhan.exe
  C:\Windows\System\MmBZhan.exe
  2⤵
  PID:5940
- C:\Windows\System\QrJJSpj.exe
  C:\Windows\System\QrJJSpj.exe
  2⤵
  PID:5992
- C:\Windows\System\XtmWlhw.exe
  C:\Windows\System\XtmWlhw.exe
  2⤵
  PID:5996
- C:\Windows\System\DGJVMHy.exe
  C:\Windows\System\DGJVMHy.exe
  2⤵
  PID:6040
- C:\Windows\System\qgVdKST.exe
  C:\Windows\System\qgVdKST.exe
  2⤵
  PID:6080
- C:\Windows\System\QVVQYCZ.exe
  C:\Windows\System\QVVQYCZ.exe
  2⤵
  PID:6112
- C:\Windows\System\sfOBBRd.exe
  C:\Windows\System\sfOBBRd.exe
  2⤵
  PID:6132
- C:\Windows\System\xSknNpy.exe
  C:\Windows\System\xSknNpy.exe
  2⤵
  PID:4756
- C:\Windows\System\WOoPzzc.exe
  C:\Windows\System\WOoPzzc.exe
  2⤵
  PID:4904
- C:\Windows\System\BCDoIEA.exe
  C:\Windows\System\BCDoIEA.exe
  2⤵
  PID:4976
- C:\Windows\System\ZGXIsGV.exe
  C:\Windows\System\ZGXIsGV.exe
  2⤵
  PID:5040
- C:\Windows\System\HXwmmOV.exe
  C:\Windows\System\HXwmmOV.exe
  2⤵
  PID:3948
- C:\Windows\System\HJVuzrD.exe
  C:\Windows\System\HJVuzrD.exe
  2⤵
  PID:876
- C:\Windows\System\yBPUjOM.exe
  C:\Windows\System\yBPUjOM.exe
  2⤵
  PID:3492
- C:\Windows\System\CGzjHUv.exe
  C:\Windows\System\CGzjHUv.exe
  2⤵
  PID:4268
- C:\Windows\System\MStMQhZ.exe
  C:\Windows\System\MStMQhZ.exe
  2⤵
  PID:4372
- C:\Windows\System\nxqxRYm.exe
  C:\Windows\System\nxqxRYm.exe
  2⤵
  PID:4636
- C:\Windows\System\FEeEXXp.exe
  C:\Windows\System\FEeEXXp.exe
  2⤵
  PID:5144
- C:\Windows\System\QQwIpIi.exe
  C:\Windows\System\QQwIpIi.exe
  2⤵
  PID:5172
- C:\Windows\System\kcWLmhq.exe
  C:\Windows\System\kcWLmhq.exe
  2⤵
  PID:5244
- C:\Windows\System\LiwxGIS.exe
  C:\Windows\System\LiwxGIS.exe
  2⤵
  PID:5284
- C:\Windows\System\nDnvHgq.exe
  C:\Windows\System\nDnvHgq.exe
  2⤵
  PID:5344
- C:\Windows\System\TMqMKdZ.exe
  C:\Windows\System\TMqMKdZ.exe
  2⤵
  PID:5372
- C:\Windows\System\yWTfizG.exe
  C:\Windows\System\yWTfizG.exe
  2⤵
  PID:5448
- C:\Windows\System\KOykkDz.exe
  C:\Windows\System\KOykkDz.exe
  2⤵
  PID:5516
- C:\Windows\System\HKnGzxd.exe
  C:\Windows\System\HKnGzxd.exe
  2⤵
  PID:5588
- C:\Windows\System\lkwbjuN.exe
  C:\Windows\System\lkwbjuN.exe
  2⤵
  PID:5616
- C:\Windows\System\WLlqSIf.exe
  C:\Windows\System\WLlqSIf.exe
  2⤵
  PID:2592
- C:\Windows\System\xRvvrFG.exe
  C:\Windows\System\xRvvrFG.exe
  2⤵
  PID:5708
- C:\Windows\System\JftEVnY.exe
  C:\Windows\System\JftEVnY.exe
  2⤵
  PID:5792
- C:\Windows\System\zOhBQxa.exe
  C:\Windows\System\zOhBQxa.exe
  2⤵
  PID:5812
- C:\Windows\System\yRqYfKi.exe
  C:\Windows\System\yRqYfKi.exe
  2⤵
  PID:5908
- C:\Windows\System\qBRPYRv.exe
  C:\Windows\System\qBRPYRv.exe
  2⤵
  PID:5960
- C:\Windows\System\HzGwCHf.exe
  C:\Windows\System\HzGwCHf.exe
  2⤵
  PID:5972
- C:\Windows\System\pWirkaG.exe
  C:\Windows\System\pWirkaG.exe
  2⤵
  PID:6016
- C:\Windows\System\VLScmMz.exe
  C:\Windows\System\VLScmMz.exe
  2⤵
  PID:6100
- C:\Windows\System\NgRsdHY.exe
  C:\Windows\System\NgRsdHY.exe
  2⤵
  PID:4472
- C:\Windows\System\jrIZuAm.exe
  C:\Windows\System\jrIZuAm.exe
  2⤵
  PID:4924
- C:\Windows\System\XxgrfqG.exe
  C:\Windows\System\XxgrfqG.exe
  2⤵
  PID:5044
- C:\Windows\System\IoNBFRP.exe
  C:\Windows\System\IoNBFRP.exe
  2⤵
  PID:5104
- C:\Windows\System\CMMCnhN.exe
  C:\Windows\System\CMMCnhN.exe
  2⤵
  PID:3488
- C:\Windows\System\dsEjIbo.exe
  C:\Windows\System\dsEjIbo.exe
  2⤵
  PID:4488
- C:\Windows\System\rLGtOzl.exe
  C:\Windows\System\rLGtOzl.exe
  2⤵
  PID:4620
- C:\Windows\System\BrPtJku.exe
  C:\Windows\System\BrPtJku.exe
  2⤵
  PID:6160
- C:\Windows\System\pJhpDUX.exe
  C:\Windows\System\pJhpDUX.exe
  2⤵
  PID:6180
- C:\Windows\System\bLBTueG.exe
  C:\Windows\System\bLBTueG.exe
  2⤵
  PID:6200
- C:\Windows\System\VsJBisZ.exe
  C:\Windows\System\VsJBisZ.exe
  2⤵
  PID:6220
- C:\Windows\System\xUvBkBl.exe
  C:\Windows\System\xUvBkBl.exe
  2⤵
  PID:6240
- C:\Windows\System\xgtsgwz.exe
  C:\Windows\System\xgtsgwz.exe
  2⤵
  PID:6260
- C:\Windows\System\nDLtvgc.exe
  C:\Windows\System\nDLtvgc.exe
  2⤵
  PID:6280
- C:\Windows\System\LEAQisg.exe
  C:\Windows\System\LEAQisg.exe
  2⤵
  PID:6300
- C:\Windows\System\rVmAKzN.exe
  C:\Windows\System\rVmAKzN.exe
  2⤵
  PID:6320
- C:\Windows\System\SsoMWSG.exe
  C:\Windows\System\SsoMWSG.exe
  2⤵
  PID:6340
- C:\Windows\System\bvVIGwq.exe
  C:\Windows\System\bvVIGwq.exe
  2⤵
  PID:6360
- C:\Windows\System\MVkenqB.exe
  C:\Windows\System\MVkenqB.exe
  2⤵
  PID:6380
- C:\Windows\System\lvQDwBS.exe
  C:\Windows\System\lvQDwBS.exe
  2⤵
  PID:6400
- C:\Windows\System\hsVdRkV.exe
  C:\Windows\System\hsVdRkV.exe
  2⤵
  PID:6420
- C:\Windows\System\SBYSzmb.exe
  C:\Windows\System\SBYSzmb.exe
  2⤵
  PID:6440
- C:\Windows\System\nhPTmod.exe
  C:\Windows\System\nhPTmod.exe
  2⤵
  PID:6460
- C:\Windows\System\VJPpzgK.exe
  C:\Windows\System\VJPpzgK.exe
  2⤵
  PID:6480
- C:\Windows\System\hPNALYY.exe
  C:\Windows\System\hPNALYY.exe
  2⤵
  PID:6500
- C:\Windows\System\dMdOFlL.exe
  C:\Windows\System\dMdOFlL.exe
  2⤵
  PID:6520
- C:\Windows\System\VTNrXLZ.exe
  C:\Windows\System\VTNrXLZ.exe
  2⤵
  PID:6540
- C:\Windows\System\olyqyUs.exe
  C:\Windows\System\olyqyUs.exe
  2⤵
  PID:6560
- C:\Windows\System\hWTmxPx.exe
  C:\Windows\System\hWTmxPx.exe
  2⤵
  PID:6580
- C:\Windows\System\xmTBLEF.exe
  C:\Windows\System\xmTBLEF.exe
  2⤵
  PID:6604
- C:\Windows\System\TKuQaEX.exe
  C:\Windows\System\TKuQaEX.exe
  2⤵
  PID:6624
- C:\Windows\System\ErwBUht.exe
  C:\Windows\System\ErwBUht.exe
  2⤵
  PID:6644
- C:\Windows\System\dMqNack.exe
  C:\Windows\System\dMqNack.exe
  2⤵
  PID:6668
- C:\Windows\System\ldWGQSF.exe
  C:\Windows\System\ldWGQSF.exe
  2⤵
  PID:6688
- C:\Windows\System\IEpRFZI.exe
  C:\Windows\System\IEpRFZI.exe
  2⤵
  PID:6708
- C:\Windows\System\OOnWLNq.exe
  C:\Windows\System\OOnWLNq.exe
  2⤵
  PID:6728
- C:\Windows\System\TCqQfyh.exe
  C:\Windows\System\TCqQfyh.exe
  2⤵
  PID:6748
- C:\Windows\System\phOlJHK.exe
  C:\Windows\System\phOlJHK.exe
  2⤵
  PID:6768
- C:\Windows\System\cngEltY.exe
  C:\Windows\System\cngEltY.exe
  2⤵
  PID:6788
- C:\Windows\System\AeCPXtq.exe
  C:\Windows\System\AeCPXtq.exe
  2⤵
  PID:6808
- C:\Windows\System\cuOZTHg.exe
  C:\Windows\System\cuOZTHg.exe
  2⤵
  PID:6828
- C:\Windows\System\ALALvUX.exe
  C:\Windows\System\ALALvUX.exe
  2⤵
  PID:6848
- C:\Windows\System\eeBBIMo.exe
  C:\Windows\System\eeBBIMo.exe
  2⤵
  PID:6868
- C:\Windows\System\ENPMFYv.exe
  C:\Windows\System\ENPMFYv.exe
  2⤵
  PID:6888
- C:\Windows\System\JEmwkZg.exe
  C:\Windows\System\JEmwkZg.exe
  2⤵
  PID:6908
- C:\Windows\System\KXwXjHy.exe
  C:\Windows\System\KXwXjHy.exe
  2⤵
  PID:6928
- C:\Windows\System\zxLVzOX.exe
  C:\Windows\System\zxLVzOX.exe
  2⤵
  PID:6948
- C:\Windows\System\WwGtwWb.exe
  C:\Windows\System\WwGtwWb.exe
  2⤵
  PID:6968
- C:\Windows\System\SPWtWzb.exe
  C:\Windows\System\SPWtWzb.exe
  2⤵
  PID:6988
- C:\Windows\System\AVwiIeE.exe
  C:\Windows\System\AVwiIeE.exe
  2⤵
  PID:7008
- C:\Windows\System\pBXOqBk.exe
  C:\Windows\System\pBXOqBk.exe
  2⤵
  PID:7028
- C:\Windows\System\rRQguOn.exe
  C:\Windows\System\rRQguOn.exe
  2⤵
  PID:7048
- C:\Windows\System\lYXllrB.exe
  C:\Windows\System\lYXllrB.exe
  2⤵
  PID:7068
- C:\Windows\System\sVfDMyj.exe
  C:\Windows\System\sVfDMyj.exe
  2⤵
  PID:7088
- C:\Windows\System\KHrPRgd.exe
  C:\Windows\System\KHrPRgd.exe
  2⤵
  PID:7108
- C:\Windows\System\aDrApRT.exe
  C:\Windows\System\aDrApRT.exe
  2⤵
  PID:7128
- C:\Windows\System\fsCLLPL.exe
  C:\Windows\System\fsCLLPL.exe
  2⤵
  PID:7148
- C:\Windows\System\LsPcYQa.exe
  C:\Windows\System\LsPcYQa.exe
  2⤵
  PID:4692
- C:\Windows\System\zBZVAnC.exe
  C:\Windows\System\zBZVAnC.exe
  2⤵
  PID:5168
- C:\Windows\System\HGzAVba.exe
  C:\Windows\System\HGzAVba.exe
  2⤵
  PID:5288
- C:\Windows\System\MddnFXH.exe
  C:\Windows\System\MddnFXH.exe
  2⤵
  PID:5364
- C:\Windows\System\qsbkpJV.exe
  C:\Windows\System\qsbkpJV.exe
  2⤵
  PID:5488
- C:\Windows\System\lnOAGWm.exe
  C:\Windows\System\lnOAGWm.exe
  2⤵
  PID:5552
- C:\Windows\System\hHpxyGC.exe
  C:\Windows\System\hHpxyGC.exe
  2⤵
  PID:5668
- C:\Windows\System\gESCaqD.exe
  C:\Windows\System\gESCaqD.exe
  2⤵
  PID:5748
- C:\Windows\System\SQDarix.exe
  C:\Windows\System\SQDarix.exe
  2⤵
  PID:2688
- C:\Windows\System\AMZrthg.exe
  C:\Windows\System\AMZrthg.exe
  2⤵
  PID:5876
- C:\Windows\System\VZILEhM.exe
  C:\Windows\System\VZILEhM.exe
  2⤵
  PID:5896
- C:\Windows\System\lkCFbDS.exe
  C:\Windows\System\lkCFbDS.exe
  2⤵
  PID:6020
- C:\Windows\System\NynixTD.exe
  C:\Windows\System\NynixTD.exe
  2⤵
  PID:6092
- C:\Windows\System\seOhydo.exe
  C:\Windows\System\seOhydo.exe
  2⤵
  PID:5060
- C:\Windows\System\fHvBvNq.exe
  C:\Windows\System\fHvBvNq.exe
  2⤵
  PID:3672
- C:\Windows\System\kYZMabQ.exe
  C:\Windows\System\kYZMabQ.exe
  2⤵
  PID:3320
- C:\Windows\System\XkezWLF.exe
  C:\Windows\System\XkezWLF.exe
  2⤵
  PID:4148
- C:\Windows\System\owTAvbr.exe
  C:\Windows\System\owTAvbr.exe
  2⤵
  PID:6168
- C:\Windows\System\ahrhYrA.exe
  C:\Windows\System\ahrhYrA.exe
  2⤵
  PID:6196
- C:\Windows\System\EkCfpvH.exe
  C:\Windows\System\EkCfpvH.exe
  2⤵
  PID:6228
- C:\Windows\System\aUEUmPY.exe
  C:\Windows\System\aUEUmPY.exe
  2⤵
  PID:6268
- C:\Windows\System\uIILxTP.exe
  C:\Windows\System\uIILxTP.exe
  2⤵
  PID:6292
- C:\Windows\System\AYiOZPL.exe
  C:\Windows\System\AYiOZPL.exe
  2⤵
  PID:6336
- C:\Windows\System\lVbnibk.exe
  C:\Windows\System\lVbnibk.exe
  2⤵
  PID:6376
- C:\Windows\System\FmYRlne.exe
  C:\Windows\System\FmYRlne.exe
  2⤵
  PID:6408
- C:\Windows\System\fTbsFkn.exe
  C:\Windows\System\fTbsFkn.exe
  2⤵
  PID:6456
- C:\Windows\System\yOSzolx.exe
  C:\Windows\System\yOSzolx.exe
  2⤵
  PID:6496
- C:\Windows\System\gAJjunT.exe
  C:\Windows\System\gAJjunT.exe
  2⤵
  PID:6508
- C:\Windows\System\zEZhtsP.exe
  C:\Windows\System\zEZhtsP.exe
  2⤵
  PID:6548
- C:\Windows\System\GKdAflR.exe
  C:\Windows\System\GKdAflR.exe
  2⤵
  PID:6572
- C:\Windows\System\WyrWAzE.exe
  C:\Windows\System\WyrWAzE.exe
  2⤵
  PID:6620
- C:\Windows\System\xwHMGJN.exe
  C:\Windows\System\xwHMGJN.exe
  2⤵
  PID:6652
- C:\Windows\System\qXqsUyJ.exe
  C:\Windows\System\qXqsUyJ.exe
  2⤵
  PID:6696
- C:\Windows\System\URcAvRG.exe
  C:\Windows\System\URcAvRG.exe
  2⤵
  PID:6716
- C:\Windows\System\sYRbnog.exe
  C:\Windows\System\sYRbnog.exe
  2⤵
  PID:6756
- C:\Windows\System\AfkdQPY.exe
  C:\Windows\System\AfkdQPY.exe
  2⤵
  PID:6784
- C:\Windows\System\qxKVaty.exe
  C:\Windows\System\qxKVaty.exe
  2⤵
  PID:6796
- C:\Windows\System\wHzPhVB.exe
  C:\Windows\System\wHzPhVB.exe
  2⤵
  PID:6824
- C:\Windows\System\kebQwik.exe
  C:\Windows\System\kebQwik.exe
  2⤵
  PID:6864
- C:\Windows\System\HcHWEgI.exe
  C:\Windows\System\HcHWEgI.exe
  2⤵
  PID:6884
- C:\Windows\System\JYjinCy.exe
  C:\Windows\System\JYjinCy.exe
  2⤵
  PID:6916
- C:\Windows\System\LIYgORs.exe
  C:\Windows\System\LIYgORs.exe
  2⤵
  PID:6940
- C:\Windows\System\wjmuzWt.exe
  C:\Windows\System\wjmuzWt.exe
  2⤵
  PID:6964
- C:\Windows\System\mZrMLQL.exe
  C:\Windows\System\mZrMLQL.exe
  2⤵
  PID:7004
- C:\Windows\System\tXuqYoz.exe
  C:\Windows\System\tXuqYoz.exe
  2⤵
  PID:7044
- C:\Windows\System\QcewsCC.exe
  C:\Windows\System\QcewsCC.exe
  2⤵
  PID:7076
- C:\Windows\System\fLIqvow.exe
  C:\Windows\System\fLIqvow.exe
  2⤵
  PID:7100
- C:\Windows\System\kzNYAYE.exe
  C:\Windows\System\kzNYAYE.exe
  2⤵
  PID:7144
- C:\Windows\System\DPkwDZn.exe
  C:\Windows\System\DPkwDZn.exe
  2⤵
  PID:5268
- C:\Windows\System\zBbaZbe.exe
  C:\Windows\System\zBbaZbe.exe
  2⤵
  PID:5352
- C:\Windows\System\XMuIsld.exe
  C:\Windows\System\XMuIsld.exe
  2⤵
  PID:2628
- C:\Windows\System\mwZZjlr.exe
  C:\Windows\System\mwZZjlr.exe
  2⤵
  PID:2760
- C:\Windows\System\zakukMK.exe
  C:\Windows\System\zakukMK.exe
  2⤵
  PID:5692
- C:\Windows\System\zVMuMjT.exe
  C:\Windows\System\zVMuMjT.exe
  2⤵
  PID:2564
- C:\Windows\System\ehJJgyO.exe
  C:\Windows\System\ehJJgyO.exe
  2⤵
  PID:5768
- C:\Windows\System\mQZiTtT.exe
  C:\Windows\System\mQZiTtT.exe
  2⤵
  PID:5192
- C:\Windows\System\LtYOJjE.exe
  C:\Windows\System\LtYOJjE.exe
  2⤵
  PID:6032
- C:\Windows\System\JDsDPGp.exe
  C:\Windows\System\JDsDPGp.exe
  2⤵
  PID:6076
- C:\Windows\System\XoeGzzo.exe
  C:\Windows\System\XoeGzzo.exe
  2⤵
  PID:4940
- C:\Windows\System\arSxCWw.exe
  C:\Windows\System\arSxCWw.exe
  2⤵
  PID:6152
- C:\Windows\System\oxRJWAM.exe
  C:\Windows\System\oxRJWAM.exe
  2⤵
  PID:6188
- C:\Windows\System\jNMxMPE.exe
  C:\Windows\System\jNMxMPE.exe
  2⤵
  PID:6272
- C:\Windows\System\xRxUoqb.exe
  C:\Windows\System\xRxUoqb.exe
  2⤵
  PID:6348
- C:\Windows\System\KTbTinE.exe
  C:\Windows\System\KTbTinE.exe
  2⤵
  PID:6368
- C:\Windows\System\TygSogZ.exe
  C:\Windows\System\TygSogZ.exe
  2⤵
  PID:6392
- C:\Windows\System\JGboEWk.exe
  C:\Windows\System\JGboEWk.exe
  2⤵
  PID:6492
- C:\Windows\System\RSgCoCV.exe
  C:\Windows\System\RSgCoCV.exe
  2⤵
  PID:6532
- C:\Windows\System\MzcFGOk.exe
  C:\Windows\System\MzcFGOk.exe
  2⤵
  PID:6632
- C:\Windows\System\JVsILFF.exe
  C:\Windows\System\JVsILFF.exe
  2⤵
  PID:6640
- C:\Windows\System\yMIijAi.exe
  C:\Windows\System\yMIijAi.exe
  2⤵
  PID:6684
- C:\Windows\System\wxXFGLi.exe
  C:\Windows\System\wxXFGLi.exe
  2⤵
  PID:6760
- C:\Windows\System\GrdhtjE.exe
  C:\Windows\System\GrdhtjE.exe
  2⤵
  PID:6800
- C:\Windows\System\TXhVoPI.exe
  C:\Windows\System\TXhVoPI.exe
  2⤵
  PID:6856
- C:\Windows\System\EoBMYjy.exe
  C:\Windows\System\EoBMYjy.exe
  2⤵
  PID:6352
- C:\Windows\System\DQUZRMV.exe
  C:\Windows\System\DQUZRMV.exe
  2⤵
  PID:6920
- C:\Windows\System\LpOmAlk.exe
  C:\Windows\System\LpOmAlk.exe
  2⤵
  PID:7016
- C:\Windows\System\klAKxpK.exe
  C:\Windows\System\klAKxpK.exe
  2⤵
  PID:7036
- C:\Windows\System\yBSqwlB.exe
  C:\Windows\System\yBSqwlB.exe
  2⤵
  PID:7104
- C:\Windows\System\DIvEOiy.exe
  C:\Windows\System\DIvEOiy.exe
  2⤵
  PID:7160
- C:\Windows\System\emCYGPv.exe
  C:\Windows\System\emCYGPv.exe
  2⤵
  PID:5224
- C:\Windows\System\unSWaMu.exe
  C:\Windows\System\unSWaMu.exe
  2⤵
  PID:5512
- C:\Windows\System\EJVnoju.exe
  C:\Windows\System\EJVnoju.exe
  2⤵
  PID:6256
- C:\Windows\System\AldhaaJ.exe
  C:\Windows\System\AldhaaJ.exe
  2⤵
  PID:6432
- C:\Windows\System\KdSEDhF.exe
  C:\Windows\System\KdSEDhF.exe
  2⤵
  PID:6468
- C:\Windows\System\xIdgqXk.exe
  C:\Windows\System\xIdgqXk.exe
  2⤵
  PID:1848
- C:\Windows\System\yYVmPMo.exe
  C:\Windows\System\yYVmPMo.exe
  2⤵
  PID:6600
- C:\Windows\System\ngsMcbq.exe
  C:\Windows\System\ngsMcbq.exe
  2⤵
  PID:6744
- C:\Windows\System\QNiuRJy.exe
  C:\Windows\System\QNiuRJy.exe
  2⤵
  PID:6876
- C:\Windows\System\xSiVsaI.exe
  C:\Windows\System\xSiVsaI.exe
  2⤵
  PID:6900
- C:\Windows\System\wGtoImC.exe
  C:\Windows\System\wGtoImC.exe
  2⤵
  PID:7056
- C:\Windows\System\fdVnHvz.exe
  C:\Windows\System\fdVnHvz.exe
  2⤵
  PID:7060
- C:\Windows\System\cCscLuv.exe
  C:\Windows\System\cCscLuv.exe
  2⤵
  PID:5252
- C:\Windows\System\ELHVMzB.exe
  C:\Windows\System\ELHVMzB.exe
  2⤵
  PID:5628
- C:\Windows\System\JuQuCbL.exe
  C:\Windows\System\JuQuCbL.exe
  2⤵
  PID:912
- C:\Windows\System\mhamFef.exe
  C:\Windows\System\mhamFef.exe
  2⤵
  PID:1480
- C:\Windows\System\KgKNLQx.exe
  C:\Windows\System\KgKNLQx.exe
  2⤵
  PID:2240
- C:\Windows\System\JoTsnKJ.exe
  C:\Windows\System\JoTsnKJ.exe
  2⤵
  PID:4328
- C:\Windows\System\RMWEPgA.exe
  C:\Windows\System\RMWEPgA.exe
  2⤵
  PID:2596
- C:\Windows\System\nehdpie.exe
  C:\Windows\System\nehdpie.exe
  2⤵
  PID:2484
- C:\Windows\System\BisrLPI.exe
  C:\Windows\System\BisrLPI.exe
  2⤵
  PID:2536
- C:\Windows\System\bsuinwu.exe
  C:\Windows\System\bsuinwu.exe
  2⤵
  PID:5648
- C:\Windows\System\wsJDbnW.exe
  C:\Windows\System\wsJDbnW.exe
  2⤵
  PID:6356
- C:\Windows\System\RLUZoro.exe
  C:\Windows\System\RLUZoro.exe
  2⤵
  PID:6208
- C:\Windows\System\FDyHQKQ.exe
  C:\Windows\System\FDyHQKQ.exe
  2⤵
  PID:1688
- C:\Windows\System\LcuUKZc.exe
  C:\Windows\System\LcuUKZc.exe
  2⤵
  PID:2380
- C:\Windows\System\vwSlfNe.exe
  C:\Windows\System\vwSlfNe.exe
  2⤵
  PID:1952
- C:\Windows\System\OSaTFWn.exe
  C:\Windows\System\OSaTFWn.exe
  2⤵
  PID:1408
- C:\Windows\System\elfToWC.exe
  C:\Windows\System\elfToWC.exe
  2⤵
  PID:1948
- C:\Windows\System\gavgBOg.exe
  C:\Windows\System\gavgBOg.exe
  2⤵
  PID:2040
- C:\Windows\System\bpNpaUj.exe
  C:\Windows\System\bpNpaUj.exe
  2⤵
  PID:6448
- C:\Windows\System\MdJssbs.exe
  C:\Windows\System\MdJssbs.exe
  2⤵
  PID:2672
- C:\Windows\System\tjsUozH.exe
  C:\Windows\System\tjsUozH.exe
  2⤵
  PID:6592
- C:\Windows\System\YIXQPiU.exe
  C:\Windows\System\YIXQPiU.exe
  2⤵
  PID:2504
- C:\Windows\System\LJgyuOS.exe
  C:\Windows\System\LJgyuOS.exe
  2⤵
  PID:6996
- C:\Windows\System\renRNfn.exe
  C:\Windows\System\renRNfn.exe
  2⤵
  PID:6924
- C:\Windows\System\xKfejJg.exe
  C:\Windows\System\xKfejJg.exe
  2⤵
  PID:7164
- C:\Windows\System\kAICMHJ.exe
  C:\Windows\System\kAICMHJ.exe
  2⤵
  PID:3412
- C:\Windows\System\HRlgfBK.exe
  C:\Windows\System\HRlgfBK.exe
  2⤵
  PID:4072
- C:\Windows\System\cALQjKl.exe
  C:\Windows\System\cALQjKl.exe
  2⤵
  PID:2644
- C:\Windows\System\RoOALYG.exe
  C:\Windows\System\RoOALYG.exe
  2⤵
  PID:308
- C:\Windows\System\IqAuzUM.exe
  C:\Windows\System\IqAuzUM.exe
  2⤵
  PID:2964
- C:\Windows\System\jIPHcNe.exe
  C:\Windows\System\jIPHcNe.exe
  2⤵
  PID:2988
- C:\Windows\System\wLmRvBr.exe
  C:\Windows\System\wLmRvBr.exe
  2⤵
  PID:2576
- C:\Windows\System\JbVIbpM.exe
  C:\Windows\System\JbVIbpM.exe
  2⤵
  PID:6656
- C:\Windows\System\FInDnQs.exe
  C:\Windows\System\FInDnQs.exe
  2⤵
  PID:1368
- C:\Windows\System\QcZnKUC.exe
  C:\Windows\System\QcZnKUC.exe
  2⤵
  PID:1632
- C:\Windows\System\iQWTHDZ.exe
  C:\Windows\System\iQWTHDZ.exe
  2⤵
  PID:6576
- C:\Windows\System\NhchqMM.exe
  C:\Windows\System\NhchqMM.exe
  2⤵
  PID:7120
- C:\Windows\System\EmkkHri.exe
  C:\Windows\System\EmkkHri.exe
  2⤵
  PID:2264
- C:\Windows\System\pstRkHX.exe
  C:\Windows\System\pstRkHX.exe
  2⤵
  PID:5432
- C:\Windows\System\zXzcGvr.exe
  C:\Windows\System\zXzcGvr.exe
  2⤵
  PID:2652
- C:\Windows\System\PDByskr.exe
  C:\Windows\System\PDByskr.exe
  2⤵
  PID:2600
- C:\Windows\System\kNfZXyh.exe
  C:\Windows\System\kNfZXyh.exe
  2⤵
  PID:2584
- C:\Windows\System\WsDsVHl.exe
  C:\Windows\System\WsDsVHl.exe
  2⤵
  PID:2088
- C:\Windows\System\cgsvaMH.exe
  C:\Windows\System\cgsvaMH.exe
  2⤵
  PID:4000
- C:\Windows\System\ZugtmuB.exe
  C:\Windows\System\ZugtmuB.exe
  2⤵
  PID:1932
- C:\Windows\System\qwKPaEZ.exe
  C:\Windows\System\qwKPaEZ.exe
  2⤵
  PID:2820
- C:\Windows\System\JOtJTgm.exe
  C:\Windows\System\JOtJTgm.exe
  2⤵
  PID:6764
- C:\Windows\System\xwNDwsY.exe
  C:\Windows\System\xwNDwsY.exe
  2⤵
  PID:2612
- C:\Windows\System\vIFGsbk.exe
  C:\Windows\System\vIFGsbk.exe
  2⤵
  PID:2796
- C:\Windows\System\MLeCrkE.exe
  C:\Windows\System\MLeCrkE.exe
  2⤵
  PID:3064
- C:\Windows\System\XvkPhiC.exe
  C:\Windows\System\XvkPhiC.exe
  2⤵
  PID:2648
- C:\Windows\System\JTpahvQ.exe
  C:\Windows\System\JTpahvQ.exe
  2⤵
  PID:2372
- C:\Windows\System\VMoFNRy.exe
  C:\Windows\System\VMoFNRy.exe
  2⤵
  PID:1936
- C:\Windows\System\SvRHexE.exe
  C:\Windows\System\SvRHexE.exe
  2⤵
  PID:1068
- C:\Windows\System\rstUJpu.exe
  C:\Windows\System\rstUJpu.exe
  2⤵
  PID:2532
- C:\Windows\System\WSkXivm.exe
  C:\Windows\System\WSkXivm.exe
  2⤵
  PID:2772
- C:\Windows\System\CsyrgXs.exe
  C:\Windows\System\CsyrgXs.exe
  2⤵
  PID:5652
- C:\Windows\System\QoVwhhC.exe
  C:\Windows\System\QoVwhhC.exe
  2⤵
  PID:7188
- C:\Windows\System\JHbiPLM.exe
  C:\Windows\System\JHbiPLM.exe
  2⤵
  PID:7204
- C:\Windows\System\QKSILjb.exe
  C:\Windows\System\QKSILjb.exe
  2⤵
  PID:7220
- C:\Windows\System\oVjaSln.exe
  C:\Windows\System\oVjaSln.exe
  2⤵
  PID:7240
- C:\Windows\System\AsvMMxf.exe
  C:\Windows\System\AsvMMxf.exe
  2⤵
  PID:7260
- C:\Windows\System\LbeInHS.exe
  C:\Windows\System\LbeInHS.exe
  2⤵
  PID:7280
- C:\Windows\System\sfRoIaE.exe
  C:\Windows\System\sfRoIaE.exe
  2⤵
  PID:7296
- C:\Windows\System\KqqYNxA.exe
  C:\Windows\System\KqqYNxA.exe
  2⤵
  PID:7340
- C:\Windows\System\kaWyGHf.exe
  C:\Windows\System\kaWyGHf.exe
  2⤵
  PID:7364
- C:\Windows\System\ZqsNHDh.exe
  C:\Windows\System\ZqsNHDh.exe
  2⤵
  PID:7380
- C:\Windows\System\INJsGVs.exe
  C:\Windows\System\INJsGVs.exe
  2⤵
  PID:7396
- C:\Windows\System\XsuTqkp.exe
  C:\Windows\System\XsuTqkp.exe
  2⤵
  PID:7420
- C:\Windows\System\SXqPaxO.exe
  C:\Windows\System\SXqPaxO.exe
  2⤵
  PID:7436
- C:\Windows\System\stYfEhA.exe
  C:\Windows\System\stYfEhA.exe
  2⤵
  PID:7452
- C:\Windows\System\zQCzixv.exe
  C:\Windows\System\zQCzixv.exe
  2⤵
  PID:7472
- C:\Windows\System\xeDnzjR.exe
  C:\Windows\System\xeDnzjR.exe
  2⤵
  PID:7488
- C:\Windows\System\UGHbCYW.exe
  C:\Windows\System\UGHbCYW.exe
  2⤵
  PID:7508
- C:\Windows\System\xBFDCUu.exe
  C:\Windows\System\xBFDCUu.exe
  2⤵
  PID:7528
- C:\Windows\System\xtZdscu.exe
  C:\Windows\System\xtZdscu.exe
  2⤵
  PID:7556
- C:\Windows\System\wezZThm.exe
  C:\Windows\System\wezZThm.exe
  2⤵
  PID:7580
- C:\Windows\System\vBFKagz.exe
  C:\Windows\System\vBFKagz.exe
  2⤵
  PID:7596
- C:\Windows\System\GjPJIwY.exe
  C:\Windows\System\GjPJIwY.exe
  2⤵
  PID:7620
- C:\Windows\System\gmcARiM.exe
  C:\Windows\System\gmcARiM.exe
  2⤵
  PID:7636
- C:\Windows\System\BrSckYy.exe
  C:\Windows\System\BrSckYy.exe
  2⤵
  PID:7656
- C:\Windows\System\sXxPoiD.exe
  C:\Windows\System\sXxPoiD.exe
  2⤵
  PID:7676
- C:\Windows\System\ChKvJkD.exe
  C:\Windows\System\ChKvJkD.exe
  2⤵
  PID:7708
- C:\Windows\System\DAyRJxk.exe
  C:\Windows\System\DAyRJxk.exe
  2⤵
  PID:7724
- C:\Windows\System\ivZhuMJ.exe
  C:\Windows\System\ivZhuMJ.exe
  2⤵
  PID:7740
- C:\Windows\System\ITmikCK.exe
  C:\Windows\System\ITmikCK.exe
  2⤵
  PID:7772
- C:\Windows\System\weUxQFH.exe
  C:\Windows\System\weUxQFH.exe
  2⤵
  PID:7788
- C:\Windows\System\nkMChfD.exe
  C:\Windows\System\nkMChfD.exe
  2⤵
  PID:7804
- C:\Windows\System\CeABjxZ.exe
  C:\Windows\System\CeABjxZ.exe
  2⤵
  PID:7824
- C:\Windows\System\xOyntLf.exe
  C:\Windows\System\xOyntLf.exe
  2⤵
  PID:7840
- C:\Windows\System\isgKwsY.exe
  C:\Windows\System\isgKwsY.exe
  2⤵
  PID:7860
- C:\Windows\System\MxhFKCi.exe
  C:\Windows\System\MxhFKCi.exe
  2⤵
  PID:7888
- C:\Windows\System\lfnedls.exe
  C:\Windows\System\lfnedls.exe
  2⤵
  PID:7908
- C:\Windows\System\wtykQVW.exe
  C:\Windows\System\wtykQVW.exe
  2⤵
  PID:7924
- C:\Windows\System\HiSCxIJ.exe
  C:\Windows\System\HiSCxIJ.exe
  2⤵
  PID:7940
- C:\Windows\System\WFXYJiS.exe
  C:\Windows\System\WFXYJiS.exe
  2⤵
  PID:7956
- C:\Windows\System\LBThcrV.exe
  C:\Windows\System\LBThcrV.exe
  2⤵
  PID:7972
- C:\Windows\System\SHmGtxf.exe
  C:\Windows\System\SHmGtxf.exe
  2⤵
  PID:7992
- C:\Windows\System\SqIOumj.exe
  C:\Windows\System\SqIOumj.exe
  2⤵
  PID:8012
- C:\Windows\System\Iaulubk.exe
  C:\Windows\System\Iaulubk.exe
  2⤵
  PID:8028
- C:\Windows\System\UHrjQUX.exe
  C:\Windows\System\UHrjQUX.exe
  2⤵
  PID:8044
- C:\Windows\System\QbDUCDf.exe
  C:\Windows\System\QbDUCDf.exe
  2⤵
  PID:8060
- C:\Windows\System\bYaKhFH.exe
  C:\Windows\System\bYaKhFH.exe
  2⤵
  PID:8080
- C:\Windows\System\NfGOWRQ.exe
  C:\Windows\System\NfGOWRQ.exe
  2⤵
  PID:8108
- C:\Windows\System\rUGuVFL.exe
  C:\Windows\System\rUGuVFL.exe
  2⤵
  PID:8140
- C:\Windows\System\DtbbKdU.exe
  C:\Windows\System\DtbbKdU.exe
  2⤵
  PID:8156
- C:\Windows\System\HJXWyIK.exe
  C:\Windows\System\HJXWyIK.exe
  2⤵
  PID:8172
- C:\Windows\System\PhwFyYB.exe
  C:\Windows\System\PhwFyYB.exe
  2⤵
  PID:8188
- C:\Windows\System\nxxFaie.exe
  C:\Windows\System\nxxFaie.exe
  2⤵
  PID:7200
- C:\Windows\System\jrXwfMb.exe
  C:\Windows\System\jrXwfMb.exe
  2⤵
  PID:812
- C:\Windows\System\JhjoShr.exe
  C:\Windows\System\JhjoShr.exe
  2⤵
  PID:7276
- C:\Windows\System\bXXPlxH.exe
  C:\Windows\System\bXXPlxH.exe
  2⤵
  PID:7320
- C:\Windows\System\dJIhgsY.exe
  C:\Windows\System\dJIhgsY.exe
  2⤵
  PID:2816
- C:\Windows\System\wsNvkJZ.exe
  C:\Windows\System\wsNvkJZ.exe
  2⤵
  PID:7308
- C:\Windows\System\BBDdflO.exe
  C:\Windows\System\BBDdflO.exe
  2⤵
  PID:7360
- C:\Windows\System\ZMXqMzT.exe
  C:\Windows\System\ZMXqMzT.exe
  2⤵
  PID:7444
- C:\Windows\System\IezCOhs.exe
  C:\Windows\System\IezCOhs.exe
  2⤵
  PID:7516
- C:\Windows\System\lReWfla.exe
  C:\Windows\System\lReWfla.exe
  2⤵
  PID:7520
- C:\Windows\System\nwFQKMw.exe
  C:\Windows\System\nwFQKMw.exe
  2⤵
  PID:7548
- C:\Windows\System\jBEUBNO.exe
  C:\Windows\System\jBEUBNO.exe
  2⤵
  PID:7552
- C:\Windows\System\oZpiico.exe
  C:\Windows\System\oZpiico.exe
  2⤵
  PID:7544
- C:\Windows\System\fYVRdMU.exe
  C:\Windows\System\fYVRdMU.exe
  2⤵
  PID:7576
- C:\Windows\System\ViDPhfA.exe
  C:\Windows\System\ViDPhfA.exe
  2⤵
  PID:7692
- C:\Windows\System\nevHTuM.exe
  C:\Windows\System\nevHTuM.exe
  2⤵
  PID:7672
- C:\Windows\System\gEVfVfL.exe
  C:\Windows\System\gEVfVfL.exe
  2⤵
  PID:7668
- C:\Windows\System\gcvxAEb.exe
  C:\Windows\System\gcvxAEb.exe
  2⤵
  PID:7764
- C:\Windows\System\oyuNqEb.exe
  C:\Windows\System\oyuNqEb.exe
  2⤵
  PID:7784
- C:\Windows\System\RtblCPl.exe
  C:\Windows\System\RtblCPl.exe
  2⤵
  PID:7848
- C:\Windows\System\DTwWeLV.exe
  C:\Windows\System\DTwWeLV.exe
  2⤵
  PID:7836
- C:\Windows\System\JRivuKA.exe
  C:\Windows\System\JRivuKA.exe
  2⤵
  PID:1004
- C:\Windows\System\wKxgagN.exe
  C:\Windows\System\wKxgagN.exe
  2⤵
  PID:7936
- C:\Windows\System\IrmJnTZ.exe
  C:\Windows\System\IrmJnTZ.exe
  2⤵
  PID:8036
- C:\Windows\System\rgkpsGz.exe
  C:\Windows\System\rgkpsGz.exe
  2⤵
  PID:8024
- C:\Windows\System\RPBAqAg.exe
  C:\Windows\System\RPBAqAg.exe
  2⤵
  PID:7884
- C:\Windows\System\VocRAzQ.exe
  C:\Windows\System\VocRAzQ.exe
  2⤵
  PID:8072
- C:\Windows\System\XOcyFaQ.exe
  C:\Windows\System\XOcyFaQ.exe
  2⤵
  PID:8092
- C:\Windows\System\OECynjb.exe
  C:\Windows\System\OECynjb.exe
  2⤵
  PID:8128
- C:\Windows\System\xrqtrNM.exe
  C:\Windows\System\xrqtrNM.exe
  2⤵
  PID:2824
- C:\Windows\System\mJZMUFx.exe
  C:\Windows\System\mJZMUFx.exe
  2⤵
  PID:7212
- C:\Windows\System\jJwbNst.exe
  C:\Windows\System\jJwbNst.exe
  2⤵
  PID:7336
- C:\Windows\System\rEUIHCc.exe
  C:\Windows\System\rEUIHCc.exe
  2⤵
  PID:8184
- C:\Windows\System\dMbKiyU.exe
  C:\Windows\System\dMbKiyU.exe
  2⤵
  PID:7408
- C:\Windows\System\jjHTxPD.exe
  C:\Windows\System\jjHTxPD.exe
  2⤵
  PID:7348
- C:\Windows\System\uVSpwJo.exe
  C:\Windows\System\uVSpwJo.exe
  2⤵
  PID:7432
- C:\Windows\System\qLcsYBf.exe
  C:\Windows\System\qLcsYBf.exe
  2⤵
  PID:7288
- C:\Windows\System\kBEmyoh.exe
  C:\Windows\System\kBEmyoh.exe
  2⤵
  PID:7464
- C:\Windows\System\GMTJDWj.exe
  C:\Windows\System\GMTJDWj.exe
  2⤵
  PID:7292
- C:\Windows\System\MOxVXbe.exe
  C:\Windows\System\MOxVXbe.exe
  2⤵
  PID:7732
- C:\Windows\System\HzajmrC.exe
  C:\Windows\System\HzajmrC.exe
  2⤵
  PID:7704
- C:\Windows\System\tsTXsGJ.exe
  C:\Windows\System\tsTXsGJ.exe
  2⤵
  PID:7748
- C:\Windows\System\sdvqFHl.exe
  C:\Windows\System\sdvqFHl.exe
  2⤵
  PID:7768
- C:\Windows\System\jqPciky.exe
  C:\Windows\System\jqPciky.exe
  2⤵
  PID:7816
- C:\Windows\System\lDESSEM.exe
  C:\Windows\System\lDESSEM.exe
  2⤵
  PID:7900
- C:\Windows\System\WfZQFmo.exe
  C:\Windows\System\WfZQFmo.exe
  2⤵
  PID:7876
- C:\Windows\System\SHoBvdl.exe
  C:\Windows\System\SHoBvdl.exe
  2⤵
  PID:8008
- C:\Windows\System\mjdRqJQ.exe
  C:\Windows\System\mjdRqJQ.exe
  2⤵
  PID:8056
- C:\Windows\System\VrqtRvS.exe
  C:\Windows\System\VrqtRvS.exe
  2⤵
  PID:8124
- C:\Windows\System\JeEYWdk.exe
  C:\Windows\System\JeEYWdk.exe
  2⤵
  PID:7916
- C:\Windows\System\JBoPafs.exe
  C:\Windows\System\JBoPafs.exe
  2⤵
  PID:7316
- C:\Windows\System\TrFUdzA.exe
  C:\Windows\System\TrFUdzA.exe
  2⤵
  PID:8152
- C:\Windows\System\CFogqVA.exe
  C:\Windows\System\CFogqVA.exe
  2⤵
  PID:7252
- C:\Windows\System\fNLiukl.exe
  C:\Windows\System\fNLiukl.exe
  2⤵
  PID:7648
- C:\Windows\System\MLLaljA.exe
  C:\Windows\System\MLLaljA.exe
  2⤵
  PID:7760
- C:\Windows\System\VgVddzL.exe
  C:\Windows\System\VgVddzL.exe
  2⤵
  PID:8000
- C:\Windows\System\XEXxdcx.exe
  C:\Windows\System\XEXxdcx.exe
  2⤵
  PID:8116
- C:\Windows\System\PqZPyeC.exe
  C:\Windows\System\PqZPyeC.exe
  2⤵
  PID:7352
- C:\Windows\System\LFWMhKc.exe
  C:\Windows\System\LFWMhKc.exe
  2⤵
  PID:7920
- C:\Windows\System\PGHJENs.exe
  C:\Windows\System\PGHJENs.exe
  2⤵
  PID:8212
- C:\Windows\System\CbOczDv.exe
  C:\Windows\System\CbOczDv.exe
  2⤵
  PID:8228
- C:\Windows\System\iVAWihK.exe
  C:\Windows\System\iVAWihK.exe
  2⤵
  PID:8248
- C:\Windows\System\QAcKIbD.exe
  C:\Windows\System\QAcKIbD.exe
  2⤵
  PID:8280
- C:\Windows\System\YovQLkQ.exe
  C:\Windows\System\YovQLkQ.exe
  2⤵
  PID:8296
- C:\Windows\System\anLCXfl.exe
  C:\Windows\System\anLCXfl.exe
  2⤵
  PID:8316
- C:\Windows\System\ybWTpoW.exe
  C:\Windows\System\ybWTpoW.exe
  2⤵
  PID:8340
- C:\Windows\System\DOlaRyd.exe
  C:\Windows\System\DOlaRyd.exe
  2⤵
  PID:8364
- C:\Windows\System\iGGXpph.exe
  C:\Windows\System\iGGXpph.exe
  2⤵
  PID:8388
- C:\Windows\System\xvWKtFG.exe
  C:\Windows\System\xvWKtFG.exe
  2⤵
  PID:8408
- C:\Windows\System\sZwVqzN.exe
  C:\Windows\System\sZwVqzN.exe
  2⤵
  PID:8432
- C:\Windows\System\mnLMMal.exe
  C:\Windows\System\mnLMMal.exe
  2⤵
  PID:8448
- C:\Windows\System\oiwxISP.exe
  C:\Windows\System\oiwxISP.exe
  2⤵
  PID:8464
- C:\Windows\System\PgzURuM.exe
  C:\Windows\System\PgzURuM.exe
  2⤵
  PID:8508
- C:\Windows\System\FFoxntW.exe
  C:\Windows\System\FFoxntW.exe
  2⤵
  PID:8528
- C:\Windows\System\iCPucKO.exe
  C:\Windows\System\iCPucKO.exe
  2⤵
  PID:8544
- C:\Windows\System\pVlrNKp.exe
  C:\Windows\System\pVlrNKp.exe
  2⤵
  PID:8560
- C:\Windows\System\krrbcRl.exe
  C:\Windows\System\krrbcRl.exe
  2⤵
  PID:8576
- C:\Windows\System\bguvkRQ.exe
  C:\Windows\System\bguvkRQ.exe
  2⤵
  PID:8604
- C:\Windows\System\BBblltz.exe
  C:\Windows\System\BBblltz.exe
  2⤵
  PID:8628
- C:\Windows\System\lzbEyFr.exe
  C:\Windows\System\lzbEyFr.exe
  2⤵
  PID:8644
- C:\Windows\System\PLkYGqK.exe
  C:\Windows\System\PLkYGqK.exe
  2⤵
  PID:8668
- C:\Windows\System\bCCNYah.exe
  C:\Windows\System\bCCNYah.exe
  2⤵
  PID:8688
- C:\Windows\System\TrOeOZR.exe
  C:\Windows\System\TrOeOZR.exe
  2⤵
  PID:8708
- C:\Windows\System\GzJYrGQ.exe
  C:\Windows\System\GzJYrGQ.exe
  2⤵
  PID:8724
- C:\Windows\System\NZMbUpI.exe
  C:\Windows\System\NZMbUpI.exe
  2⤵
  PID:8740
- C:\Windows\System\DffNXyH.exe
  C:\Windows\System\DffNXyH.exe
  2⤵
  PID:8768
- C:\Windows\System\IxjvHDF.exe
  C:\Windows\System\IxjvHDF.exe
  2⤵
  PID:8784
- C:\Windows\System\eKDYkcP.exe
  C:\Windows\System\eKDYkcP.exe
  2⤵
  PID:8804
- C:\Windows\System\JrewHCJ.exe
  C:\Windows\System\JrewHCJ.exe
  2⤵
  PID:8824
- C:\Windows\System\ONrkmnv.exe
  C:\Windows\System\ONrkmnv.exe
  2⤵
  PID:8840
- C:\Windows\System\VcIJQLe.exe
  C:\Windows\System\VcIJQLe.exe
  2⤵
  PID:8860
- C:\Windows\System\PXHRatg.exe
  C:\Windows\System\PXHRatg.exe
  2⤵
  PID:8888
- C:\Windows\System\OoMXTWD.exe
  C:\Windows\System\OoMXTWD.exe
  2⤵
  PID:8904
- C:\Windows\System\yVhgqpC.exe
  C:\Windows\System\yVhgqpC.exe
  2⤵
  PID:8924
- C:\Windows\System\XInCvBg.exe
  C:\Windows\System\XInCvBg.exe
  2⤵
  PID:8948
- C:\Windows\System\zTzQdoJ.exe
  C:\Windows\System\zTzQdoJ.exe
  2⤵
  PID:8964
- C:\Windows\System\pWmPath.exe
  C:\Windows\System\pWmPath.exe
  2⤵
  PID:9000
- C:\Windows\System\RNwEWAp.exe
  C:\Windows\System\RNwEWAp.exe
  2⤵
  PID:9016
- C:\Windows\System\utaczCQ.exe
  C:\Windows\System\utaczCQ.exe
  2⤵
  PID:9032
- C:\Windows\System\FbyMAtU.exe
  C:\Windows\System\FbyMAtU.exe
  2⤵
  PID:9052
- C:\Windows\System\tEFvltZ.exe
  C:\Windows\System\tEFvltZ.exe
  2⤵
  PID:9076
- C:\Windows\System\cudONPH.exe
  C:\Windows\System\cudONPH.exe
  2⤵
  PID:9092
- C:\Windows\System\iYikHBx.exe
  C:\Windows\System\iYikHBx.exe
  2⤵
  PID:9116
- C:\Windows\System\ghkncBI.exe
  C:\Windows\System\ghkncBI.exe
  2⤵
  PID:9132
- C:\Windows\System\YWJpwLy.exe
  C:\Windows\System\YWJpwLy.exe
  2⤵
  PID:9148
- C:\Windows\System\ZOgrhmG.exe
  C:\Windows\System\ZOgrhmG.exe
  2⤵
  PID:9164
- C:\Windows\System\WiRNHBE.exe
  C:\Windows\System\WiRNHBE.exe
  2⤵
  PID:9180
- C:\Windows\System\jDqnRzZ.exe
  C:\Windows\System\jDqnRzZ.exe
  2⤵
  PID:9200
- C:\Windows\System\mWIbyzD.exe
  C:\Windows\System\mWIbyzD.exe
  2⤵
  PID:8264
- C:\Windows\System\kBxeXtQ.exe
  C:\Windows\System\kBxeXtQ.exe
  2⤵
  PID:8268
- C:\Windows\System\uRtdQkF.exe
  C:\Windows\System\uRtdQkF.exe
  2⤵
  PID:8312
- C:\Windows\System\jvdoVQP.exe
  C:\Windows\System\jvdoVQP.exe
  2⤵
  PID:7608
- C:\Windows\System\gaVYrvS.exe
  C:\Windows\System\gaVYrvS.exe
  2⤵
  PID:7736
- C:\Windows\System\hENHkVk.exe
  C:\Windows\System\hENHkVk.exe
  2⤵
  PID:7872
- C:\Windows\System\uStyUqR.exe
  C:\Windows\System\uStyUqR.exe
  2⤵
  PID:8356
- C:\Windows\System\oQwMPXt.exe
  C:\Windows\System\oQwMPXt.exe
  2⤵
  PID:7272
- C:\Windows\System\AzgLTTr.exe
  C:\Windows\System\AzgLTTr.exe
  2⤵
  PID:8208
- C:\Windows\System\IXpCFRL.exe
  C:\Windows\System\IXpCFRL.exe
  2⤵
  PID:8244
- C:\Windows\System\NhsqVAz.exe
  C:\Windows\System\NhsqVAz.exe
  2⤵
  PID:8196
- C:\Windows\System\QNHPszM.exe
  C:\Windows\System\QNHPszM.exe
  2⤵
  PID:8292
- C:\Windows\System\OdYxAzS.exe
  C:\Windows\System\OdYxAzS.exe
  2⤵
  PID:8372
- C:\Windows\System\TzzExsh.exe
  C:\Windows\System\TzzExsh.exe
  2⤵
  PID:8404
- C:\Windows\System\KcVeOfy.exe
  C:\Windows\System\KcVeOfy.exe
  2⤵
  PID:8440
- C:\Windows\System\hdxhoaH.exe
  C:\Windows\System\hdxhoaH.exe
  2⤵
  PID:8428
- C:\Windows\System\CrOdVrh.exe
  C:\Windows\System\CrOdVrh.exe
  2⤵
  PID:8500
- C:\Windows\System\GAWNIzT.exe
  C:\Windows\System\GAWNIzT.exe
  2⤵
  PID:8524
- C:\Windows\System\BoehNTT.exe
  C:\Windows\System\BoehNTT.exe
  2⤵
  PID:8584
- C:\Windows\System\TUdDvcN.exe
  C:\Windows\System\TUdDvcN.exe
  2⤵
  PID:8620
- C:\Windows\System\RZKQHDH.exe
  C:\Windows\System\RZKQHDH.exe
  2⤵
  PID:8664
- C:\Windows\System\HYZVfYW.exe
  C:\Windows\System\HYZVfYW.exe
  2⤵
  PID:8676
- C:\Windows\System\XoliNDQ.exe
  C:\Windows\System\XoliNDQ.exe
  2⤵
  PID:8720
- C:\Windows\System\YsqQiWZ.exe
  C:\Windows\System\YsqQiWZ.exe
  2⤵
  PID:8760
- C:\Windows\System\HTDGxWZ.exe
  C:\Windows\System\HTDGxWZ.exe
  2⤵
  PID:8792
- C:\Windows\System\JiRnuwE.exe
  C:\Windows\System\JiRnuwE.exe
  2⤵
  PID:8848
- C:\Windows\System\oskXrYP.exe
  C:\Windows\System\oskXrYP.exe
  2⤵
  PID:8836
- C:\Windows\System\oKMKXOZ.exe
  C:\Windows\System\oKMKXOZ.exe
  2⤵
  PID:8876
- C:\Windows\System\SVoGStU.exe
  C:\Windows\System\SVoGStU.exe
  2⤵
  PID:8520
- C:\Windows\System\YSkSgRf.exe
  C:\Windows\System\YSkSgRf.exe
  2⤵
  PID:8932
- C:\Windows\System\DBdjBzZ.exe
  C:\Windows\System\DBdjBzZ.exe
  2⤵
  PID:8980
- C:\Windows\System\wYXCQcX.exe
  C:\Windows\System\wYXCQcX.exe
  2⤵
  PID:9028
- C:\Windows\System\qfsGiKv.exe
  C:\Windows\System\qfsGiKv.exe
  2⤵
  PID:9044
- C:\Windows\System\qPghRzY.exe
  C:\Windows\System\qPghRzY.exe
  2⤵
  PID:9100
- C:\Windows\System\hLwXsJc.exe
  C:\Windows\System\hLwXsJc.exe
  2⤵
  PID:2068
- C:\Windows\System\EFaIWMC.exe
  C:\Windows\System\EFaIWMC.exe
  2⤵
  PID:9212
- C:\Windows\System\DiFJRDE.exe
  C:\Windows\System\DiFJRDE.exe
  2⤵
  PID:9124
- C:\Windows\System\sJMHbwH.exe
  C:\Windows\System\sJMHbwH.exe
  2⤵
  PID:9128
- C:\Windows\System\FBcNRKd.exe
  C:\Windows\System\FBcNRKd.exe
  2⤵
  PID:7688
- C:\Windows\System\UIlOeKD.exe
  C:\Windows\System\UIlOeKD.exe
  2⤵
  PID:8992
- C:\Windows\System\GmYTxWt.exe
  C:\Windows\System\GmYTxWt.exe
  2⤵
  PID:7632
- C:\Windows\System\MdZYjPq.exe
  C:\Windows\System\MdZYjPq.exe
  2⤵
  PID:8096
- C:\Windows\System\ctWUebQ.exe
  C:\Windows\System\ctWUebQ.exe
  2⤵
  PID:7856
- C:\Windows\System\WAXCaSj.exe
  C:\Windows\System\WAXCaSj.exe
  2⤵
  PID:7932
- C:\Windows\System\OeuQhPV.exe
  C:\Windows\System\OeuQhPV.exe
  2⤵
  PID:8328
- C:\Windows\System\NBkvZZE.exe
  C:\Windows\System\NBkvZZE.exe
  2⤵
  PID:8424
- C:\Windows\System\SmyLVgx.exe
  C:\Windows\System\SmyLVgx.exe
  2⤵
  PID:8568
- C:\Windows\System\HEktZpa.exe
  C:\Windows\System\HEktZpa.exe
  2⤵
  PID:8636
- C:\Windows\System\kVYgqMr.exe
  C:\Windows\System\kVYgqMr.exe
  2⤵
  PID:8288
- C:\Windows\System\EmGXEiO.exe
  C:\Windows\System\EmGXEiO.exe
  2⤵
  PID:8516
- C:\Windows\System\YTdctSK.exe
  C:\Windows\System\YTdctSK.exe
  2⤵
  PID:8704
- C:\Windows\System\JaJUWQR.exe
  C:\Windows\System\JaJUWQR.exe
  2⤵
  PID:8764
- C:\Windows\System\EUGTLpY.exe
  C:\Windows\System\EUGTLpY.exe
  2⤵
  PID:8816
- C:\Windows\System\AEYleGw.exe
  C:\Windows\System\AEYleGw.exe
  2⤵
  PID:8820
- C:\Windows\System\TUkwkoi.exe
  C:\Windows\System\TUkwkoi.exe
  2⤵
  PID:8880
- C:\Windows\System\HZvbzbi.exe
  C:\Windows\System\HZvbzbi.exe
  2⤵
  PID:8972
- C:\Windows\System\zuKkeGp.exe
  C:\Windows\System\zuKkeGp.exe
  2⤵
  PID:9024
- C:\Windows\System\JWKTKEg.exe
  C:\Windows\System\JWKTKEg.exe
  2⤵
  PID:9040
- C:\Windows\System\aHxogGz.exe
  C:\Windows\System\aHxogGz.exe
  2⤵
  PID:9176
- C:\Windows\System\BdZXdKU.exe
  C:\Windows\System\BdZXdKU.exe
  2⤵
  PID:9172
- C:\Windows\System\lJVoAoS.exe
  C:\Windows\System\lJVoAoS.exe
  2⤵
  PID:8276
- C:\Windows\System\jqThdRP.exe
  C:\Windows\System\jqThdRP.exe
  2⤵
  PID:7372
- C:\Windows\System\ycLTUGQ.exe
  C:\Windows\System\ycLTUGQ.exe
  2⤵
  PID:7952
- C:\Windows\System\nYfSnUe.exe
  C:\Windows\System\nYfSnUe.exe
  2⤵
  PID:8352
- C:\Windows\System\JPWZKig.exe
  C:\Windows\System\JPWZKig.exe
  2⤵
  PID:7832
- C:\Windows\System\BpakzfI.exe
  C:\Windows\System\BpakzfI.exe
  2⤵
  PID:8420
- C:\Windows\System\qHDtYIo.exe
  C:\Windows\System\qHDtYIo.exe
  2⤵
  PID:8396
- C:\Windows\System\qZYxZuc.exe
  C:\Windows\System\qZYxZuc.exe
  2⤵
  PID:8380
- C:\Windows\System\wsyIspa.exe
  C:\Windows\System\wsyIspa.exe
  2⤵
  PID:8700
- C:\Windows\System\foNJWhN.exe
  C:\Windows\System\foNJWhN.exe
  2⤵
  PID:8756
- C:\Windows\System\YFBRBEr.exe
  C:\Windows\System\YFBRBEr.exe
  2⤵
  PID:8920
- C:\Windows\System\GuIizwS.exe
  C:\Windows\System\GuIizwS.exe
  2⤵
  PID:7616
- C:\Windows\System\EKfcxsQ.exe
  C:\Windows\System\EKfcxsQ.exe
  2⤵
  PID:9064
- C:\Windows\System\egIHaXD.exe
  C:\Windows\System\egIHaXD.exe
  2⤵
  PID:9144
- C:\Windows\System\btiuzgd.exe
  C:\Windows\System\btiuzgd.exe
  2⤵
  PID:9160
- C:\Windows\System\ZnZlICr.exe
  C:\Windows\System\ZnZlICr.exe
  2⤵
  PID:7568
- C:\Windows\System\VCHlczn.exe
  C:\Windows\System\VCHlczn.exe
  2⤵
  PID:2496
- C:\Windows\System\dJDAVDu.exe
  C:\Windows\System\dJDAVDu.exe
  2⤵
  PID:8496
- C:\Windows\System\KFvhLnO.exe
  C:\Windows\System\KFvhLnO.exe
  2⤵
  PID:8592
- C:\Windows\System\nAQKepd.exe
  C:\Windows\System\nAQKepd.exe
  2⤵
  PID:8612
- C:\Windows\System\tRUojwt.exe
  C:\Windows\System\tRUojwt.exe
  2⤵
  PID:8996
- C:\Windows\System\VaFIlnT.exe
  C:\Windows\System\VaFIlnT.exe
  2⤵
  PID:9008
- C:\Windows\System\WrlGkJa.exe
  C:\Windows\System\WrlGkJa.exe
  2⤵
  PID:7644
- C:\Windows\System\Auznoja.exe
  C:\Windows\System\Auznoja.exe
  2⤵
  PID:7356
- C:\Windows\System\oyWKdMN.exe
  C:\Windows\System\oyWKdMN.exe
  2⤵
  PID:8832
- C:\Windows\System\HbehBIP.exe
  C:\Windows\System\HbehBIP.exe
  2⤵
  PID:8204
- C:\Windows\System\FdVNMbJ.exe
  C:\Windows\System\FdVNMbJ.exe
  2⤵
  PID:8872
- C:\Windows\System\SaMFysZ.exe
  C:\Windows\System\SaMFysZ.exe
  2⤵
  PID:8164
- C:\Windows\System\YdDpqOZ.exe
  C:\Windows\System\YdDpqOZ.exe
  2⤵
  PID:7248
- C:\Windows\System\NfQWJdH.exe
  C:\Windows\System\NfQWJdH.exe
  2⤵
  PID:8640
- C:\Windows\System\yoSbcoV.exe
  C:\Windows\System\yoSbcoV.exe
  2⤵
  PID:8384
- C:\Windows\System\fbzGLhL.exe
  C:\Windows\System\fbzGLhL.exe
  2⤵
  PID:8916
- C:\Windows\System\xBbxaBT.exe
  C:\Windows\System\xBbxaBT.exe
  2⤵
  PID:9228
- C:\Windows\System\lsvxZMB.exe
  C:\Windows\System\lsvxZMB.exe
  2⤵
  PID:9244
- C:\Windows\System\qbCnzNq.exe
  C:\Windows\System\qbCnzNq.exe
  2⤵
  PID:9260
- C:\Windows\System\CfGpcjU.exe
  C:\Windows\System\CfGpcjU.exe
  2⤵
  PID:9276
- C:\Windows\System\HwsMUXv.exe
  C:\Windows\System\HwsMUXv.exe
  2⤵
  PID:9292
- C:\Windows\System\GVkIAHD.exe
  C:\Windows\System\GVkIAHD.exe
  2⤵
  PID:9312
- C:\Windows\System\NFvFIqx.exe
  C:\Windows\System\NFvFIqx.exe
  2⤵
  PID:9344
- C:\Windows\System\aWlfWin.exe
  C:\Windows\System\aWlfWin.exe
  2⤵
  PID:9364
- C:\Windows\System\LwekDFt.exe
  C:\Windows\System\LwekDFt.exe
  2⤵
  PID:9380
- C:\Windows\System\vditQhq.exe
  C:\Windows\System\vditQhq.exe
  2⤵
  PID:9400
- C:\Windows\System\YEOPBGl.exe
  C:\Windows\System\YEOPBGl.exe
  2⤵
  PID:9416
- C:\Windows\System\RhBOsIF.exe
  C:\Windows\System\RhBOsIF.exe
  2⤵
  PID:9432
- C:\Windows\System\hoSpnsu.exe
  C:\Windows\System\hoSpnsu.exe
  2⤵
  PID:9452
- C:\Windows\System\RytvOeN.exe
  C:\Windows\System\RytvOeN.exe
  2⤵
  PID:9468
- C:\Windows\System\QjTpYVy.exe
  C:\Windows\System\QjTpYVy.exe
  2⤵
  PID:9512
- C:\Windows\System\EHmPTvw.exe
  C:\Windows\System\EHmPTvw.exe
  2⤵
  PID:9532
- C:\Windows\System\ndXMtqJ.exe
  C:\Windows\System\ndXMtqJ.exe
  2⤵
  PID:9564
- C:\Windows\System\LCEQZgl.exe
  C:\Windows\System\LCEQZgl.exe
  2⤵
  PID:9580
- C:\Windows\System\ySwwWQp.exe
  C:\Windows\System\ySwwWQp.exe
  2⤵
  PID:9596
- C:\Windows\System\ANlaOXM.exe
  C:\Windows\System\ANlaOXM.exe
  2⤵
  PID:9612
- C:\Windows\System\gMwKHXB.exe
  C:\Windows\System\gMwKHXB.exe
  2⤵
  PID:9636
- C:\Windows\System\imgbUQC.exe
  C:\Windows\System\imgbUQC.exe
  2⤵
  PID:9660
- C:\Windows\System\tCpPNQO.exe
  C:\Windows\System\tCpPNQO.exe
  2⤵
  PID:9676
- C:\Windows\System\FfWmPLk.exe
  C:\Windows\System\FfWmPLk.exe
  2⤵
  PID:9692
- C:\Windows\System\bNeIqLk.exe
  C:\Windows\System\bNeIqLk.exe
  2⤵
  PID:9712
- C:\Windows\System\YYTZSPQ.exe
  C:\Windows\System\YYTZSPQ.exe
  2⤵
  PID:9728
- C:\Windows\System\SldWCmZ.exe
  C:\Windows\System\SldWCmZ.exe
  2⤵
  PID:9756
- C:\Windows\System\mLtmkOg.exe
  C:\Windows\System\mLtmkOg.exe
  2⤵
  PID:9772
- C:\Windows\System\WbdQLWB.exe
  C:\Windows\System\WbdQLWB.exe
  2⤵
  PID:9788
- C:\Windows\System\BntAeTQ.exe
  C:\Windows\System\BntAeTQ.exe
  2⤵
  PID:9804
- C:\Windows\System\KxKgIdI.exe
  C:\Windows\System\KxKgIdI.exe
  2⤵
  PID:9828
- C:\Windows\System\BAWrXvh.exe
  C:\Windows\System\BAWrXvh.exe
  2⤵
  PID:9852
- C:\Windows\System\nrOzXYN.exe
  C:\Windows\System\nrOzXYN.exe
  2⤵
  PID:9876
- C:\Windows\System\fAaKGYe.exe
  C:\Windows\System\fAaKGYe.exe
  2⤵
  PID:9892
- C:\Windows\System\kgfUivR.exe
  C:\Windows\System\kgfUivR.exe
  2⤵
  PID:9924
- C:\Windows\System\IoNaDmX.exe
  C:\Windows\System\IoNaDmX.exe
  2⤵
  PID:9940
- C:\Windows\System\HRUHGMy.exe
  C:\Windows\System\HRUHGMy.exe
  2⤵
  PID:9960
- C:\Windows\System\vqIntqi.exe
  C:\Windows\System\vqIntqi.exe
  2⤵
  PID:9976
- C:\Windows\System\nlGOBKr.exe
  C:\Windows\System\nlGOBKr.exe
  2⤵
  PID:9992
- C:\Windows\System\msKNZcZ.exe
  C:\Windows\System\msKNZcZ.exe
  2⤵
  PID:10012
- C:\Windows\System\wmQpSIN.exe
  C:\Windows\System\wmQpSIN.exe
  2⤵
  PID:10040
- C:\Windows\System\jZgSwYf.exe
  C:\Windows\System\jZgSwYf.exe
  2⤵
  PID:10060
- C:\Windows\System\RugObay.exe
  C:\Windows\System\RugObay.exe
  2⤵
  PID:10076
- C:\Windows\System\nCdblvJ.exe
  C:\Windows\System\nCdblvJ.exe
  2⤵
  PID:10100
- C:\Windows\System\OnmPHpW.exe
  C:\Windows\System\OnmPHpW.exe
  2⤵
  PID:10128
- C:\Windows\System\DVcABTv.exe
  C:\Windows\System\DVcABTv.exe
  2⤵
  PID:10144
- C:\Windows\System\FitAAJT.exe
  C:\Windows\System\FitAAJT.exe
  2⤵
  PID:10168
- C:\Windows\System\tPxFjRa.exe
  C:\Windows\System\tPxFjRa.exe
  2⤵
  PID:10184
- C:\Windows\System\sLSJjVW.exe
  C:\Windows\System\sLSJjVW.exe
  2⤵
  PID:10204
- C:\Windows\System\SZjuRgw.exe
  C:\Windows\System\SZjuRgw.exe
  2⤵
  PID:10228
- C:\Windows\System\REwUfba.exe
  C:\Windows\System\REwUfba.exe
  2⤵
  PID:9252
- C:\Windows\System\lDsHCuj.exe
  C:\Windows\System\lDsHCuj.exe
  2⤵
  PID:9336
- C:\Windows\System\ahVuZEx.exe
  C:\Windows\System\ahVuZEx.exe
  2⤵
  PID:9372
- C:\Windows\System\xFCEUdH.exe
  C:\Windows\System\xFCEUdH.exe
  2⤵
  PID:9444
- C:\Windows\System\weyPhwZ.exe
  C:\Windows\System\weyPhwZ.exe
  2⤵
  PID:8416
- C:\Windows\System\bOIrBiJ.exe
  C:\Windows\System\bOIrBiJ.exe
  2⤵
  PID:9484
- C:\Windows\System\HzjppCt.exe
  C:\Windows\System\HzjppCt.exe
  2⤵
  PID:9304
- C:\Windows\System\IcbdjPJ.exe
  C:\Windows\System\IcbdjPJ.exe
  2⤵
  PID:9360
- C:\Windows\System\VfQPASm.exe
  C:\Windows\System\VfQPASm.exe
  2⤵
  PID:9480
- C:\Windows\System\ZwuDwMt.exe
  C:\Windows\System\ZwuDwMt.exe
  2⤵
  PID:9556
- C:\Windows\System\SMOOrWi.exe
  C:\Windows\System\SMOOrWi.exe
  2⤵
  PID:9396
- C:\Windows\System\BbPaGVQ.exe
  C:\Windows\System\BbPaGVQ.exe
  2⤵
  PID:9572
- C:\Windows\System\chBPflN.exe
  C:\Windows\System\chBPflN.exe
  2⤵
  PID:9620
- C:\Windows\System\kqtFCIX.exe
  C:\Windows\System\kqtFCIX.exe
  2⤵
  PID:9624
- C:\Windows\System\ZKvZLne.exe
  C:\Windows\System\ZKvZLne.exe
  2⤵
  PID:9700
- C:\Windows\System\MZBXabM.exe
  C:\Windows\System\MZBXabM.exe
  2⤵
  PID:9740
- C:\Windows\System\EBWJROU.exe
  C:\Windows\System\EBWJROU.exe
  2⤵
  PID:9784
- C:\Windows\System\QdPhXUY.exe
  C:\Windows\System\QdPhXUY.exe
  2⤵
  PID:9688
- C:\Windows\System\hHHRyTP.exe
  C:\Windows\System\hHHRyTP.exe
  2⤵
  PID:9864
- C:\Windows\System\xoZHqth.exe
  C:\Windows\System\xoZHqth.exe
  2⤵
  PID:9720
- C:\Windows\System\WTLdDpZ.exe
  C:\Windows\System\WTLdDpZ.exe
  2⤵
  PID:9800
- C:\Windows\System\OMOYSMN.exe
  C:\Windows\System\OMOYSMN.exe
  2⤵
  PID:9908
- C:\Windows\System\kGMrixh.exe
  C:\Windows\System\kGMrixh.exe
  2⤵
  PID:9936
- C:\Windows\System\goiMQKT.exe
  C:\Windows\System\goiMQKT.exe
  2⤵
  PID:9988
- C:\Windows\System\SaCjQZT.exe
  C:\Windows\System\SaCjQZT.exe
  2⤵
  PID:9972
- C:\Windows\System\jmLKTsW.exe
  C:\Windows\System\jmLKTsW.exe
  2⤵
  PID:10032
- C:\Windows\System\qngSZks.exe
  C:\Windows\System\qngSZks.exe
  2⤵
  PID:10108
- C:\Windows\System\DPVKqLW.exe
  C:\Windows\System\DPVKqLW.exe
  2⤵
  PID:10116
- C:\Windows\System\wChDvlH.exe
  C:\Windows\System\wChDvlH.exe
  2⤵
  PID:10088
- C:\Windows\System\UbwGlLd.exe
  C:\Windows\System\UbwGlLd.exe
  2⤵
  PID:10200
- C:\Windows\System\IHEJHCM.exe
  C:\Windows\System\IHEJHCM.exe
  2⤵
  PID:9224
- C:\Windows\System\aILItpT.exe
  C:\Windows\System\aILItpT.exe
  2⤵
  PID:10212
- C:\Windows\System\svpEbce.exe
  C:\Windows\System\svpEbce.exe
  2⤵
  PID:9284
- C:\Windows\System\QxEItSR.exe
  C:\Windows\System\QxEItSR.exe
  2⤵
  PID:9412
- C:\Windows\System\qwHMbcU.exe
  C:\Windows\System\qwHMbcU.exe
  2⤵
  PID:9268
- C:\Windows\System\DabUVwF.exe
  C:\Windows\System\DabUVwF.exe
  2⤵
  PID:9356
- C:\Windows\System\iNuSnsy.exe
  C:\Windows\System\iNuSnsy.exe
  2⤵
  PID:9504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJLGdlC.exe

Filesize
6.0MB

MD5
634e065a213d0cfe0076c9b79832832b

SHA1
c8640526946f2523c9796892572c925f629ded30

SHA256
6673d75c4ea85119738acb2c2611c8a58964b26b5984fe94bdc8fabe68d1870c

SHA512
70d8e8b583ee7a4db988ae5d8a550da91bf4c02254be0408c01d6b75d3767d08f82d801b0827d37f6912e4d8e398072c570f6b9985d5d8648ad6ef9c3ba5e64b

Download Submit
C:\Windows\system\EofBBfB.exe

Filesize
6.0MB

MD5
a4f970ee4fb11d624f4553a7a6f41256

SHA1
d8ffb644ac65d36fb7ed2b8239a063b3ab9fa70b

SHA256
24748f2912f0081ca675653d9bffd4ee0264693e2f879b11b9c64a9ec7a1f0a9

SHA512
67fb7d9dc338e3c7bb3ea1efb6e77191e3af782615c03a0d8a980021362496e46c654327a4d75ebc64be7c178d496fac424767da3941001a1ae74c92d369db2c

Download Submit
C:\Windows\system\HjRzIJL.exe

Filesize
6.0MB

MD5
988852aced004d6595cddd15026fc8b2

SHA1
0a9a7a0ce500e0803b92f0efd1e8ab15b72ff1c0

SHA256
45cbccda09bfa905cb68879f991f716dd7dfa693c53f206104f38ed9438de2b4

SHA512
c1c69a5efa6d9760c3f81c329f681e1850152458b35e26a87e8545295cdfdeff31dcc913b102af9804432f1be9ef9dcaf2011b9d0ea769d4d2df895473996bdd

Download Submit
C:\Windows\system\ISNlwYt.exe

Filesize
6.0MB

MD5
00bfb183adaa6e660f4be113bfc1146c

SHA1
0adb173dcf7918a739e542f2ae796612d13b0689

SHA256
e4ea50c55f5af9580d0f36ed8742503a571225a5c0d028a06b3c8c5e3a120704

SHA512
b9305e72281c9e90de138928cc848d747ae8b1249cb81549b9d1720d47ea5b419a62d68eea20c4a011397f402479b538d1e0d55861995fc48c7f0ec09e237c9d

Download Submit
C:\Windows\system\MVjxOTY.exe

Filesize
6.0MB

MD5
42f94944581cb459350fbe7f50138483

SHA1
4cd7ec7954345497111ea4330b6c08b295d9f2dc

SHA256
110bb44232a8c51b0bea4999b178cf67ad00a0dcebf822bf6f0308ab6b029664

SHA512
fc4d6fafde181a7eb24699128c46c00b80c74ce416bd7b3c8c18f3d47f9407426d418d7279332d7476a18c42c51f449198481b6a9e0e9a1dc66f0c5c9bb494d0

Download Submit
C:\Windows\system\NCrZmYz.exe

Filesize
6.0MB

MD5
c5cb8a0779ef01bbd2d4ed1722fdb4cd

SHA1
022af4abbd12e94d90c94d36fceccc62361447a8

SHA256
5405b06266711664b98ec836dd9d5db25e2aec3f59cbf3eaa368c65d4e672326

SHA512
d4ae0a1acd038dd6192bbf606c9815f87b830bfe0a882a5ce659abd57fa345f07c3e4602725dc2cf57d9916d1bdd1051f53b5c6342ddb38c69fd7fae3aafcf0b

Download Submit
C:\Windows\system\PoCicQc.exe

Filesize
6.0MB

MD5
1d22452d70355e060341f198cc22e519

SHA1
ff70a9499c050c02fb21b60123513a51b822f231

SHA256
707a82b85312199586a58bb20f713dd401fe64f200dfba7ae6c95efc1a829a3b

SHA512
2103548bda4adec6df86ee827904c1e78c981a84d54bb91c6b8d91e869a503f814c782db23d8f5c75525097a82262fe9d020a07167999f2831c18aab8094135a

Download Submit
C:\Windows\system\UHEJuvm.exe

Filesize
6.0MB

MD5
206f874f872ef46d45d84bebd6d165f9

SHA1
d7c81a3d78ed3dcb5502767eee1b5d204983a477

SHA256
af5d62651298d63abe1308b1b11b4e2db1c4270d227e0311d646230f849923ad

SHA512
591aa00edfe5d9f74b4d8c351441d11608697727f4cccf42651023a54c2911f7839ca195aaa20d4621d0531488d24b63721abe159a956daceab8ae89cb4933fc

Download Submit
C:\Windows\system\WfPQPFE.exe

Filesize
6.0MB

MD5
5aa35442d9c50d1470760472dabf629e

SHA1
f84b811e5a17201fc02c1fc6676dcf9c33c8da96

SHA256
9a1307aada8c01382edb903bafece347153615fb0cedd293f7535908122fffa2

SHA512
d2b141eeb9196f134213f939f8d7d3577a34bfec348872111f95699846903361adfaa7952e98fb2e0f5bfdce9daa85df8f85b4ddaa4fbfb4fd6b7c8f37075330

Download Submit
C:\Windows\system\XwsKeLM.exe

Filesize
6.0MB

MD5
55dd26219c631e14ef4f8207706c2447

SHA1
139822fdaadb00558169a5e91f70537daba93a34

SHA256
6b6c2e77cbf3321e3ddde05e4613d3056e27305b71366348a1431e72eaadfc76

SHA512
47662cb45decbb2478bef04eb44a3a389b181c6f4c63f971dcea75601dbb93f600de64702b73aff64e4d178c83ed97c7c22d9acf7f846e7e01f3a3d78dc29df9

Download Submit
C:\Windows\system\XxiHmmW.exe

Filesize
6.0MB

MD5
27c204bd29a11864c0b66a4ccca76261

SHA1
17828f87149dcbb0fe2cf6d4c0e0a6c848344ca9

SHA256
ca2cc7e13c9efa6247db16f78d851ddf8db377b9df9307219c565a907be4ce6b

SHA512
a0af800e1cd95e288e079f0a87be3801c34b76c32a2ba1ab24056f687f3be4dc51d4f538bd61018ace8b105dad832ccb2711d572969e47343e52d60e1a7d50c4

Download Submit
C:\Windows\system\YitMlWX.exe

Filesize
6.0MB

MD5
b1c641a287c97fbd416831dd7b2cb2b1

SHA1
2aa8c10e11ac017301d7297e855ea49504c7bd39

SHA256
60b04dc89f46ae0e70c1581525ca86c7597239733058d1a791f37f212394c574

SHA512
c354090c11e5ceb7c29301a6f5f6dd30bef1773cece913dbec9fbc179be87734ee99603d234c79f61e9a41402142a2dde77d18fadc76fa637416a38fa935d436

Download Submit
C:\Windows\system\ZquxdOY.exe

Filesize
6.0MB

MD5
301a32cdd33f944dbc777bc4dd45b058

SHA1
20a65e415107d2b41a95b7a98dd416f3d02aca51

SHA256
f4e06dedeb1a683d16f8812846f85d3e65fcc60990cb2d89280d92d98ac64bb1

SHA512
b5d22cc8f71b41185e869b998f0887891809c07e39529406ae557f14880ff8b92e039843b555accb68c271f6a0661683f3bdc6eae9299d7d71a8a12eab8ec915

Download Submit
C:\Windows\system\aTmSAiH.exe

Filesize
6.0MB

MD5
3e894d4d32f43b2fdb8147b096cac805

SHA1
da5e75196f14d38b7056a6c528944a03e828dd0b

SHA256
7607695a5c1a94f15b2bda07552b1e1fdc57122a9fca2ea0b5c50d3d786ef6c0

SHA512
8fd0000c0d2ac7881a4e7dc9007ea31d914d57d7843ba2a3c75e5aa09dbdaa22c1b0af173b8a26251d4111bfc9ef74676a69820322b2a9c15d6ec37ba2cd037a

Download Submit
C:\Windows\system\aUASzjP.exe

Filesize
6.0MB

MD5
25518161c86744de1633d9bb4e0d1d46

SHA1
6bf522d4dde99b469ea128ee2b117c71c487353d

SHA256
1fa6748b6866bfe4d5563610b2cba6adca3670e550b479c66544f4a154d61c7f

SHA512
31781d689adf7d6acff25f77783563a746fb674523d3f0367658b58fa529525b890122e75855e4fa51bae02a4b36c5f67c1668197638351dd4888885106dd842

Download Submit
C:\Windows\system\aZiwhvj.exe

Filesize
6.0MB

MD5
c390b57111814b3fc08d6f2cb23c7ce4

SHA1
68eb159aaa7693878f3d8ef65251c935e175be2c

SHA256
7a84ee210547283fde8107fb732c9d7b60102b12eee7566d3bb92d830dfdd558

SHA512
70a817fbf5eef65f774486803402345c934ca6b5a85e2bc1e721a3250474887df193531db73a26ffe5acc58ae693050069745746a5c337c6bb9853b2dacad928

Download Submit
C:\Windows\system\aaxjxgT.exe

Filesize
6.0MB

MD5
091c854ac21640f472e0b0e0b67a6328

SHA1
88340e1bf66791efe8741854beae69a135a745e2

SHA256
001c752659f9a0579663ef1b69122eda76e760d0475759002b30b8787bc4d4a3

SHA512
cc944e5cd0b8b9bba2d051b4ddb449bdbf18ae72a115feb6521df0fa8f488372b0e30fe7a98cfa6b4770d66a19d1c999d011c1b7cca5011899989cccee403dd3

Download Submit
C:\Windows\system\bDwEtyc.exe

Filesize
6.0MB

MD5
0de722fafad9ecf2e6b37d9f436fccf3

SHA1
46ee03ae32a536b748b0e6690b44610ba6a8d87f

SHA256
11fb0a1ad85322e069d8e55a908b2524341d275b8357b3b819ab8d2746b3da9a

SHA512
bdd7d50e4b98f2caf6ec0188588a9b3ab39c715f3f7f07a22197399331b90526e99d388fbe67e596c1beab7a5460b218b49e18ec81cf90871f11e7de8fc62cdd

Download Submit
C:\Windows\system\baiBjID.exe

Filesize
6.0MB

MD5
1cd55439aa707544d5672aa4b1308e87

SHA1
2252bded86caed8d53d4b4fe386eb7cc1369efda

SHA256
8e8e642d8f843f96b85ff20bb06a02ad1425cfcccdac2e40efc4cae09bf32c65

SHA512
957cc3d9128b9b7544b988314aedb6a9eb38c0fc86d51beb1d62d4cfb35da6e34ff294e1e8b222565a915c63ce89f05b0d1aa0174b1213cfb5976e18fe31d3e0

Download Submit
C:\Windows\system\cLFNzVL.exe

Filesize
6.0MB

MD5
74e26737101df779c6899403d482e222

SHA1
d0ba440c99ce363cc8711153d0f9dab28453ecda

SHA256
70430289bf66956d159e1c5e473c31bc7c1c65e4ae55a6367d9ef33474a11cec

SHA512
1ab4485d95cc8f17b9eb5137cdf8c4774e2986d3c257bc8d5d38807989dd4768a95c33765dbd2a4eb532cf99d0037e8e06cf5a230d020230aad052fa53f1e923

Download Submit
C:\Windows\system\cVbENdx.exe

Filesize
6.0MB

MD5
a5f7a1c028399902f5b1e29b0d4303f0

SHA1
857f348ecd3eea3ef4eb18d09464ec17da991c38

SHA256
c337ca1ac5cab926d0b9ff439a61b38ffa87beb08223eefa235e00a9b7239f20

SHA512
2f3e6811337aaad949c49a0dfb3e59a3c14f73c383b11966dec24b22b47da669f70eb792c1027d6a2e8c048316c614f602e563e0844b0ea4251eb10066d10c32

Download Submit
C:\Windows\system\iBNHMeo.exe

Filesize
6.0MB

MD5
fde252712113ec2ad6ef74b288563506

SHA1
da597265c743c23fa8488be62d4b0764315a5abf

SHA256
6f06f4f43dab28e72ac80166ff9b15c4dece6f452f671769ebab670ddf05dfa3

SHA512
561f42d7ed4157e83599c7736c4eee987f0c87040c73137c71133e727fd32bff4f447dc8511bcd63e08b1c22fe60fbda891f150f5d265facd337692d0f7f536b

Download Submit
C:\Windows\system\kizmcIF.exe

Filesize
6.0MB

MD5
3e653ee8d948b56624f2d350cdaf9f2f

SHA1
52f9ce33473681848cd3636880e3ac240303c36d

SHA256
510f59e12b0a591227dd9cd4bf2db7f7f060c15ce4333d86bfc20a941ebe23a7

SHA512
ad1a8bcc18be395f1a559f162c1167dea29d1da22df2be934619c7a2f049d3fb788bc725a89a1a8f6d4585372cb10d8bf6fc3d4f7917f7a0b4af2c814aaad5b7

Download Submit
C:\Windows\system\mTvwusS.exe

Filesize
8B

MD5
5fa0c98e2615508796f257ff558027f9

SHA1
249b459fe9e0ba4c758d29db8f45489f1ff9c78f

SHA256
42f62ed2c9ba09080df45536ed799fc4f49a78320722ef01f1680221f686363e

SHA512
5b4b2624f7fb8c39ac0d4f569dfaf2fb1ae3641a82b530d6f33d9fb2342f91e9cdedd8d87417554823e778298d7847b2cde05ac692ddda10c60c77cf71836fa3

Download Submit
C:\Windows\system\oqhqOpt.exe

Filesize
6.0MB

MD5
6a899b3a4b273a2de5822fe7b5134b1f

SHA1
a9061e834c99036190710dd8b995b8df8f9f4d87

SHA256
ab84b4524a4cb16471a5a896ca0e2b0f9e87b62c93c1f091ac89456f7ced9241

SHA512
27cb0e8f874ff780958e78f7b52e7980e29bcde853f54452b5a6e7ba1d0189f98b20ff2d5b525515a0b8b800eea0938289620d0941b81a84705241eb25b89008

Download Submit
C:\Windows\system\qqoHIAK.exe

Filesize
6.0MB

MD5
364b5ba09f6f5d30135068330a8cdec4

SHA1
b57aaad7e720d010a956f4770cf7a9a5bd313b52

SHA256
666e7d866a7aa40d0de9927d9c6ace772602979323e6d0b06b6befcf67e270a0

SHA512
0c1f5c3fcde2c6b4af866392c83033380668fd66175cdddfa819f64a61602f5df44cca606fb0e5df17c4ad210c1a5fc38eceef211c91d0881b305ea90ed0ab00

Download Submit
C:\Windows\system\uGmayuh.exe

Filesize
6.0MB

MD5
b0ba55e813bc0d8115318ba18fbe6d0f

SHA1
c5d251ad1268db2c22692df6e46239bbd5aff403

SHA256
cbd685e1ed08b465ff6e82ee698454d26770f470d3109f415db004c399284852

SHA512
99eec0e40e7dda527624c2fdc39488daca9f6a88ef5c3b022f91dc46c43448cf65077fa21bc79206542d156f6f0322cdf696e358a1070b1da4fd9a217254c990

Download Submit
C:\Windows\system\umDlJiu.exe

Filesize
6.0MB

MD5
b50e5a1ebc7227f626ba2d3c3edbfa44

SHA1
3856d7c275fac527d38d01b826ef5e7859cc0033

SHA256
da1cecb2627a2f685ef20e1adb7749e36a6fa66e5820aaafc51ef86afd33ff30

SHA512
a8711548e215a8e2184dd9df5003befefdc7489e937fd495af092da70918cf2a144d5262dae381aeed36dc736517b6d8217db528cb744c47de9468b10853f3ed

Download Submit
C:\Windows\system\vrYXQXh.exe

Filesize
6.0MB

MD5
abdcd1ab24529eecfe88bfc6a5bb205f

SHA1
87fdb4a1a22a23c65aaca835c18e978dbec8e20f

SHA256
8319451843005e5001181a93487c68120aacb7b298a9705c8584de41bb75184e

SHA512
0fd8e974c5a684b4ab13d51953245c03ae1a86040ad609103b3f7186706b54549e76458006ddc9f2ae328f99deee10648039927fb7dc58c82488b1f9323b7985

Download Submit
C:\Windows\system\xFIAMZx.exe

Filesize
6.0MB

MD5
15572cac0ef7f6c356056fb5ad06bdc4

SHA1
cd5358d3ae20ca9fc60719499b8397cc6933bc11

SHA256
891297f2cb342c994409a9674f8390ced2aee8f2c0fa4b6da297ca69fc1c6f33

SHA512
5cab996e363477a420e82a05735058d5e08f5a76e344474f95029a77b304be3c7c3f498674540898f74c9618e1e552d469cd7bdd433b389b1a58bfdf7791b6a7

Download Submit
\Windows\system\IfqfKDd.exe

Filesize
6.0MB

MD5
272be04545b9c228418d338a38559974

SHA1
0fbad6394390bc75044ebde7090e65328059d07b

SHA256
9419fe90d0d27931e5f140326d8a38e23f6f7db1e42ee33ba4b12d3c2a44809b

SHA512
2a987fc034f05f556614b55f731a01c328ea2fe62e9429c8f27c9200a4169935320c9270a41f329bb5478480c57f18028cb554f27ee251b8d0a8e6bd01f9b067

Download Submit
\Windows\system\gUYzGBX.exe

Filesize
6.0MB

MD5
0598208c495ef3506fb32483818a4b3e

SHA1
df87234d4ad1b1528fb4af42efa7e1d37b92837f

SHA256
3e8dc4b71d478e4565f55c8e68ff96630e1d4ce4871a996aa7087a8a98b98084

SHA512
f37c7584d7b083d80fe8b80d86327df8574e47ae39df35688de6ce93ad4b6f61b7e114c50a6846c63be88b0311bfaf9fe51e09884d3444b05714a17d41a78a99

Download Submit
\Windows\system\xspuYfw.exe

Filesize
6.0MB

MD5
e4c2140fa69254bb324e8df20def530d

SHA1
c228ac517ee6acabc8419dd89b36abd9621a29cb

SHA256
b1dc280426ba1537a236666b7024d925eea6c6b20bc28135ff2abc8f8bfc8ca1

SHA512
82b76b6834682c4b997b8a6355163a93223ec651caacaffc101e766c075e4a8c9888c65004c1c76fcefca287dde70c4f723d7b4a9b1785f9c97e2dd5ee2a3682

Download Submit
memory/1244-4977-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1244-73-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1244-36-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1768-41-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-3115-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-13-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-54-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-6-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-898-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-0-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-78-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1820-70-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1820-22-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1820-323-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-33-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-34-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-38-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1820-29-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1820-112-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-111-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1820-417-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-740-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1820-103-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1820-102-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1820-46-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1820-62-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1820-597-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1820-94-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1820-86-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2028-3118-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2028-15-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2028-50-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2256-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2256-58-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3176-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2408-689-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3283-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2408-98-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2544-509-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2544-91-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3266-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3190-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2568-27-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2568-65-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2616-90-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3224-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2616-51-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3237-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-97-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-59-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3242-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-234-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-66-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3244-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-107-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3206-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2768-42-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2768-82-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2800-367-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3247-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-804-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3263-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2940-108-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download