cobaltstrike | 452aaf958102f3bfb7d4c2e59eaa65830a12f3e005f7f81bdb0c77a1b9f15ff3

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5173e788684fa08aaf82e149cf307b85
SHA1

2617dceddd2854a803358ee13508fce771297ad8
SHA256

452aaf958102f3bfb7d4c2e59eaa65830a12f3e005f7f81bdb0c77a1b9f15ff3
SHA512

c0e03e14d8667b87d8a00c6d6703f93dcd964455f6fcd430f65b6ab367a776f77eb88b75a942e282d0ecd336d62c7e1e5db39bb5f88cb947bad2c08c1d5cc2e6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-5.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-23.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001662e-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-63.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e71-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-177.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-172.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-167.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-142.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-129.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-123.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-79.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016aa9-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-109.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-105.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-53.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000b00000001226a-3.dat	xmrig
behavioral1/files/0x000800000001612f-5.dat	xmrig
behavioral1/files/0x000700000001658c-23.dat	xmrig
behavioral1/memory/2136-21-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2680-28-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x00080000000161f6-20.dat	xmrig
behavioral1/memory/2200-18-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1800-13-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016855-36.dat	xmrig
behavioral1/files/0x000700000001662e-30.dat	xmrig
behavioral1/files/0x00060000000173da-63.dat	xmrig
behavioral1/files/0x0009000000015e71-82.dat	xmrig
behavioral1/memory/1928-111-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00060000000174a2-101.dat	xmrig
behavioral1/files/0x000500000001922c-188.dat	xmrig
behavioral1/memory/1928-332-0x0000000002500000-0x0000000002854000-memory.dmp	xmrig
behavioral1/memory/1928-931-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2988-930-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2724-828-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2652-725-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2896-331-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1928-244-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019244-192.dat	xmrig
behavioral1/files/0x00050000000191ff-181.dat	xmrig
behavioral1/files/0x00050000000191d4-177.dat	xmrig
behavioral1/files/0x00060000000190e0-172.dat	xmrig
behavioral1/files/0x00060000000190ce-167.dat	xmrig
behavioral1/files/0x000600000001903b-162.dat	xmrig
behavioral1/files/0x0006000000018f53-157.dat	xmrig
behavioral1/files/0x0006000000018c1a-147.dat	xmrig
behavioral1/files/0x0006000000018c26-152.dat	xmrig
behavioral1/files/0x0005000000018687-137.dat	xmrig
behavioral1/files/0x0005000000018792-142.dat	xmrig
behavioral1/files/0x000d00000001866e-129.dat	xmrig
behavioral1/files/0x0014000000018663-125.dat	xmrig
behavioral1/files/0x0006000000017472-123.dat	xmrig
behavioral1/memory/2744-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-85.dat	xmrig
behavioral1/memory/2988-80-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-79.dat	xmrig
behavioral1/memory/2724-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2680-75-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000600000001706d-74.dat	xmrig
behavioral1/memory/2652-73-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016aa9-72.dat	xmrig
behavioral1/memory/2136-71-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2476-69-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0006000000017525-113.dat	xmrig
behavioral1/memory/2660-112-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-109.dat	xmrig
behavioral1/memory/592-107-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fc-105.dat	xmrig
behavioral1/memory/2896-58-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c62-53.dat	xmrig
behavioral1/memory/2660-45-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2744-35-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1928-31-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1800-50-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/1928-42-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2200-3629-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2680-3660-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2136-3667-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1800-3669-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1800	LVzHFYI.exe
2200	TsCILeO.exe
2136	obRwZEA.exe
2680	gwHkOtH.exe
2744	qUCjtvY.exe
2660	RprgioJ.exe
2896	HyepnFJ.exe
2476	ArjgHNO.exe
2652	aTJwBEZ.exe
2724	mLIwWNJ.exe
2988	BBRcOpA.exe
592	YAuKSeU.exe
2464	gXpvVqV.exe
1744	DpYSsFU.exe
2164	swdnPbt.exe
1508	yXxwwlE.exe
1968	PmimCYo.exe
1932	uQGeUDB.exe
1320	xljpviY.exe
808	hYHYZcH.exe
1248	jgFgRlG.exe
2880	xLCYdGh.exe
2892	SAUwper.exe
2096	hLKyTwy.exe
2876	ecDTVOd.exe
1692	QaWIMer.exe
1300	kggBcPz.exe
1140	ECsTyCm.exe
948	dHqMsmp.exe
700	GodqaLD.exe
1972	lriJkLo.exe
3000	yrJiskX.exe
1016	scRvGip.exe
1520	MZkjiVf.exe
1332	yObakRe.exe
2180	zFbRjXH.exe
1344	EziyhiO.exe
1540	TlZBMIc.exe
2220	oSWMdhe.exe
3032	RACccTw.exe
3016	QEpMAKO.exe
1760	MLiJXHG.exe
2080	cBDIoOZ.exe
2448	gICaIpv.exe
2408	YpjSNJj.exe
2460	mIjmzDv.exe
992	suKrFbb.exe
888	HSkPEld.exe
1756	JsKXmAx.exe
3036	tsrrNcn.exe
1608	JAedzFM.exe
1712	auzTPCA.exe
2100	hcrGgWk.exe
2212	EYXbkCf.exe
2372	VKkLqNE.exe
2576	ocqyvfh.exe
2752	AOaomXE.exe
1252	ElbKuSD.exe
2572	NUBXgKq.exe
2580	IcQFXNI.exe
2444	vIfWRzc.exe
984	KwSolmC.exe
2312	KLTAONj.exe
2868	KYwyrCR.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-3.dat	upx
behavioral1/files/0x000800000001612f-5.dat	upx
behavioral1/files/0x000700000001658c-23.dat	upx
behavioral1/memory/2136-21-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2680-28-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x00080000000161f6-20.dat	upx
behavioral1/memory/2200-18-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1800-13-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0007000000016855-36.dat	upx
behavioral1/files/0x000700000001662e-30.dat	upx
behavioral1/files/0x00060000000173da-63.dat	upx
behavioral1/files/0x0009000000015e71-82.dat	upx
behavioral1/files/0x00060000000174a2-101.dat	upx
behavioral1/files/0x000500000001922c-188.dat	upx
behavioral1/memory/2988-930-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2724-828-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2652-725-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2896-331-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0005000000019244-192.dat	upx
behavioral1/files/0x00050000000191ff-181.dat	upx
behavioral1/files/0x00050000000191d4-177.dat	upx
behavioral1/files/0x00060000000190e0-172.dat	upx
behavioral1/files/0x00060000000190ce-167.dat	upx
behavioral1/files/0x000600000001903b-162.dat	upx
behavioral1/files/0x0006000000018f53-157.dat	upx
behavioral1/files/0x0006000000018c1a-147.dat	upx
behavioral1/files/0x0006000000018c26-152.dat	upx
behavioral1/files/0x0005000000018687-137.dat	upx
behavioral1/files/0x0005000000018792-142.dat	upx
behavioral1/files/0x000d00000001866e-129.dat	upx
behavioral1/files/0x0014000000018663-125.dat	upx
behavioral1/files/0x0006000000017472-123.dat	upx
behavioral1/memory/2744-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-85.dat	upx
behavioral1/memory/2988-80-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00060000000173f1-79.dat	upx
behavioral1/memory/2724-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2680-75-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000600000001706d-74.dat	upx
behavioral1/memory/2652-73-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0008000000016aa9-72.dat	upx
behavioral1/memory/2136-71-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2476-69-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0006000000017525-113.dat	upx
behavioral1/memory/2660-112-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0006000000017487-109.dat	upx
behavioral1/memory/592-107-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-105.dat	upx
behavioral1/memory/1928-94-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2896-58-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-53.dat	upx
behavioral1/memory/2660-45-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2744-35-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1800-50-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/1928-42-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2200-3629-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2680-3660-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2136-3667-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1800-3669-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2660-3674-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2744-3712-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2476-3706-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2896-3696-0x000000013F100000-0x000000013F454000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UXYhxeg.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wayziao.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCjNziN.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZcOUKu.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBJUvvV.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOZvZkK.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcuKGSY.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvlVclf.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpLHcqQ.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JegDDgz.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVpbKGF.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asqwZkn.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfogltL.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcUScqD.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yowFjeU.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcBLWjM.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwgRPuk.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVhSJLi.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJFsHNx.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJEGZLR.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjKugju.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bysrNWF.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhWVDLN.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQWwWIh.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdkRNNW.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPdGxNq.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cECuBic.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzWrWiM.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFiYCfI.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCJSmmc.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAUaGbR.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtaFlIY.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibtaeKw.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azigOnr.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYCiwkk.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYbCYzy.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShCqeFF.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfpnSej.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHHDlym.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXFQaGy.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxyBwpV.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqUVdom.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sksWirA.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbNJRPn.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBCkEOf.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONVquuG.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MItyKeE.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvffyJX.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLIVlax.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOUzAhA.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQjggSp.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLlNkAr.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSrxyFX.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNUUBek.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQBdCeR.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdoitEr.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYoIwSu.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrONWxB.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJySHcA.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvjSQDN.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUBfDiO.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOWXqlK.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTfNCDZ.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPpjkxE.exe	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1800	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 1800	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 1800	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2200	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2200	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2200	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2136	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2136	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2136	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2680	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2680	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2680	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2660	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2660	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2660	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2652	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2652	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2652	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2896	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2896	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2896	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2724	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2724	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2724	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2476	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2476	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2476	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2988	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2988	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2988	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 592	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 592	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 592	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 1508	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 1508	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 1508	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2464	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 2464	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 2464	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1968	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1968	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1968	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1744	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1932	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1932	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1932	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 2164	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2164	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 2164	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 1320	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1320	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1320	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 808	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 808	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 808	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 1248	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 1248	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 1248	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2880	1928	2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_5173e788684fa08aaf82e149cf307b85_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\LVzHFYI.exe
  C:\Windows\System\LVzHFYI.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\TsCILeO.exe
  C:\Windows\System\TsCILeO.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\obRwZEA.exe
  C:\Windows\System\obRwZEA.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\gwHkOtH.exe
  C:\Windows\System\gwHkOtH.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\qUCjtvY.exe
  C:\Windows\System\qUCjtvY.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\RprgioJ.exe
  C:\Windows\System\RprgioJ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\aTJwBEZ.exe
  C:\Windows\System\aTJwBEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\HyepnFJ.exe
  C:\Windows\System\HyepnFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\mLIwWNJ.exe
  C:\Windows\System\mLIwWNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ArjgHNO.exe
  C:\Windows\System\ArjgHNO.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\BBRcOpA.exe
  C:\Windows\System\BBRcOpA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\YAuKSeU.exe
  C:\Windows\System\YAuKSeU.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\yXxwwlE.exe
  C:\Windows\System\yXxwwlE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\gXpvVqV.exe
  C:\Windows\System\gXpvVqV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\PmimCYo.exe
  C:\Windows\System\PmimCYo.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\DpYSsFU.exe
  C:\Windows\System\DpYSsFU.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\uQGeUDB.exe
  C:\Windows\System\uQGeUDB.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\swdnPbt.exe
  C:\Windows\System\swdnPbt.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\xljpviY.exe
  C:\Windows\System\xljpviY.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\hYHYZcH.exe
  C:\Windows\System\hYHYZcH.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\jgFgRlG.exe
  C:\Windows\System\jgFgRlG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\xLCYdGh.exe
  C:\Windows\System\xLCYdGh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\SAUwper.exe
  C:\Windows\System\SAUwper.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\hLKyTwy.exe
  C:\Windows\System\hLKyTwy.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ecDTVOd.exe
  C:\Windows\System\ecDTVOd.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QaWIMer.exe
  C:\Windows\System\QaWIMer.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\kggBcPz.exe
  C:\Windows\System\kggBcPz.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ECsTyCm.exe
  C:\Windows\System\ECsTyCm.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\dHqMsmp.exe
  C:\Windows\System\dHqMsmp.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\GodqaLD.exe
  C:\Windows\System\GodqaLD.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\lriJkLo.exe
  C:\Windows\System\lriJkLo.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\yrJiskX.exe
  C:\Windows\System\yrJiskX.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\scRvGip.exe
  C:\Windows\System\scRvGip.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\MZkjiVf.exe
  C:\Windows\System\MZkjiVf.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\yObakRe.exe
  C:\Windows\System\yObakRe.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\zFbRjXH.exe
  C:\Windows\System\zFbRjXH.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\EziyhiO.exe
  C:\Windows\System\EziyhiO.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\TlZBMIc.exe
  C:\Windows\System\TlZBMIc.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\oSWMdhe.exe
  C:\Windows\System\oSWMdhe.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\RACccTw.exe
  C:\Windows\System\RACccTw.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\QEpMAKO.exe
  C:\Windows\System\QEpMAKO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MLiJXHG.exe
  C:\Windows\System\MLiJXHG.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\cBDIoOZ.exe
  C:\Windows\System\cBDIoOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\gICaIpv.exe
  C:\Windows\System\gICaIpv.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YpjSNJj.exe
  C:\Windows\System\YpjSNJj.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\mIjmzDv.exe
  C:\Windows\System\mIjmzDv.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\suKrFbb.exe
  C:\Windows\System\suKrFbb.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\HSkPEld.exe
  C:\Windows\System\HSkPEld.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\JsKXmAx.exe
  C:\Windows\System\JsKXmAx.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\tsrrNcn.exe
  C:\Windows\System\tsrrNcn.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\JAedzFM.exe
  C:\Windows\System\JAedzFM.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\auzTPCA.exe
  C:\Windows\System\auzTPCA.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\hcrGgWk.exe
  C:\Windows\System\hcrGgWk.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\EYXbkCf.exe
  C:\Windows\System\EYXbkCf.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VKkLqNE.exe
  C:\Windows\System\VKkLqNE.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ocqyvfh.exe
  C:\Windows\System\ocqyvfh.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\AOaomXE.exe
  C:\Windows\System\AOaomXE.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ElbKuSD.exe
  C:\Windows\System\ElbKuSD.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\NUBXgKq.exe
  C:\Windows\System\NUBXgKq.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\IcQFXNI.exe
  C:\Windows\System\IcQFXNI.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\vIfWRzc.exe
  C:\Windows\System\vIfWRzc.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\KwSolmC.exe
  C:\Windows\System\KwSolmC.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\KLTAONj.exe
  C:\Windows\System\KLTAONj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\KYwyrCR.exe
  C:\Windows\System\KYwyrCR.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VJRNKjy.exe
  C:\Windows\System\VJRNKjy.exe
  2⤵
  PID:2984
- C:\Windows\System\qEuRQYH.exe
  C:\Windows\System\qEuRQYH.exe
  2⤵
  PID:2888
- C:\Windows\System\xwOgXsI.exe
  C:\Windows\System\xwOgXsI.exe
  2⤵
  PID:2884
- C:\Windows\System\RPGJJnL.exe
  C:\Windows\System\RPGJJnL.exe
  2⤵
  PID:1228
- C:\Windows\System\MAYcliK.exe
  C:\Windows\System\MAYcliK.exe
  2⤵
  PID:828
- C:\Windows\System\wgxiIvS.exe
  C:\Windows\System\wgxiIvS.exe
  2⤵
  PID:1656
- C:\Windows\System\ULYpeoe.exe
  C:\Windows\System\ULYpeoe.exe
  2⤵
  PID:900
- C:\Windows\System\XnNMnLL.exe
  C:\Windows\System\XnNMnLL.exe
  2⤵
  PID:916
- C:\Windows\System\ihqEhYA.exe
  C:\Windows\System\ihqEhYA.exe
  2⤵
  PID:568
- C:\Windows\System\cnCGBCa.exe
  C:\Windows\System\cnCGBCa.exe
  2⤵
  PID:2232
- C:\Windows\System\ockfcFf.exe
  C:\Windows\System\ockfcFf.exe
  2⤵
  PID:1676
- C:\Windows\System\uextSeG.exe
  C:\Windows\System\uextSeG.exe
  2⤵
  PID:780
- C:\Windows\System\wVkWyUE.exe
  C:\Windows\System\wVkWyUE.exe
  2⤵
  PID:3040
- C:\Windows\System\JUzBTdi.exe
  C:\Windows\System\JUzBTdi.exe
  2⤵
  PID:2360
- C:\Windows\System\RChuCDJ.exe
  C:\Windows\System\RChuCDJ.exe
  2⤵
  PID:980
- C:\Windows\System\mKiZqln.exe
  C:\Windows\System\mKiZqln.exe
  2⤵
  PID:2972
- C:\Windows\System\ZfOpYpU.exe
  C:\Windows\System\ZfOpYpU.exe
  2⤵
  PID:2008
- C:\Windows\System\mwKkdpF.exe
  C:\Windows\System\mwKkdpF.exe
  2⤵
  PID:1576
- C:\Windows\System\wIIwldt.exe
  C:\Windows\System\wIIwldt.exe
  2⤵
  PID:1612
- C:\Windows\System\AkWQJQj.exe
  C:\Windows\System\AkWQJQj.exe
  2⤵
  PID:2736
- C:\Windows\System\CwroZjG.exe
  C:\Windows\System\CwroZjG.exe
  2⤵
  PID:2784
- C:\Windows\System\ZdTWSyX.exe
  C:\Windows\System\ZdTWSyX.exe
  2⤵
  PID:2588
- C:\Windows\System\RkXuerN.exe
  C:\Windows\System\RkXuerN.exe
  2⤵
  PID:1092
- C:\Windows\System\ETBpkeL.exe
  C:\Windows\System\ETBpkeL.exe
  2⤵
  PID:2584
- C:\Windows\System\cuxcwqr.exe
  C:\Windows\System\cuxcwqr.exe
  2⤵
  PID:1732
- C:\Windows\System\BTrQQMc.exe
  C:\Windows\System\BTrQQMc.exe
  2⤵
  PID:1404
- C:\Windows\System\CzSaQxe.exe
  C:\Windows\System\CzSaQxe.exe
  2⤵
  PID:1828
- C:\Windows\System\TlmwijS.exe
  C:\Windows\System\TlmwijS.exe
  2⤵
  PID:2860
- C:\Windows\System\hBeHgVc.exe
  C:\Windows\System\hBeHgVc.exe
  2⤵
  PID:988
- C:\Windows\System\EdrZoPT.exe
  C:\Windows\System\EdrZoPT.exe
  2⤵
  PID:1740
- C:\Windows\System\jmnOLdy.exe
  C:\Windows\System\jmnOLdy.exe
  2⤵
  PID:2496
- C:\Windows\System\TKPaijg.exe
  C:\Windows\System\TKPaijg.exe
  2⤵
  PID:2808
- C:\Windows\System\BwqEjOf.exe
  C:\Windows\System\BwqEjOf.exe
  2⤵
  PID:1952
- C:\Windows\System\bqQXzat.exe
  C:\Windows\System\bqQXzat.exe
  2⤵
  PID:2116
- C:\Windows\System\HslzjnT.exe
  C:\Windows\System\HslzjnT.exe
  2⤵
  PID:292
- C:\Windows\System\rQtluir.exe
  C:\Windows\System\rQtluir.exe
  2⤵
  PID:3088
- C:\Windows\System\QTykkxz.exe
  C:\Windows\System\QTykkxz.exe
  2⤵
  PID:3108
- C:\Windows\System\hFPWBtk.exe
  C:\Windows\System\hFPWBtk.exe
  2⤵
  PID:3128
- C:\Windows\System\ONrKPhU.exe
  C:\Windows\System\ONrKPhU.exe
  2⤵
  PID:3148
- C:\Windows\System\lqdmwzj.exe
  C:\Windows\System\lqdmwzj.exe
  2⤵
  PID:3168
- C:\Windows\System\xhtIQNs.exe
  C:\Windows\System\xhtIQNs.exe
  2⤵
  PID:3188
- C:\Windows\System\GzvtLxd.exe
  C:\Windows\System\GzvtLxd.exe
  2⤵
  PID:3208
- C:\Windows\System\csppYvr.exe
  C:\Windows\System\csppYvr.exe
  2⤵
  PID:3228
- C:\Windows\System\jlafZBM.exe
  C:\Windows\System\jlafZBM.exe
  2⤵
  PID:3248
- C:\Windows\System\VYmLQis.exe
  C:\Windows\System\VYmLQis.exe
  2⤵
  PID:3268
- C:\Windows\System\nPHAOWn.exe
  C:\Windows\System\nPHAOWn.exe
  2⤵
  PID:3288
- C:\Windows\System\gbXKITA.exe
  C:\Windows\System\gbXKITA.exe
  2⤵
  PID:3308
- C:\Windows\System\DxooxFX.exe
  C:\Windows\System\DxooxFX.exe
  2⤵
  PID:3324
- C:\Windows\System\ejFoBrg.exe
  C:\Windows\System\ejFoBrg.exe
  2⤵
  PID:3348
- C:\Windows\System\uoccQsE.exe
  C:\Windows\System\uoccQsE.exe
  2⤵
  PID:3372
- C:\Windows\System\bcbdJSq.exe
  C:\Windows\System\bcbdJSq.exe
  2⤵
  PID:3392
- C:\Windows\System\YbRWrjQ.exe
  C:\Windows\System\YbRWrjQ.exe
  2⤵
  PID:3412
- C:\Windows\System\iDPoDlQ.exe
  C:\Windows\System\iDPoDlQ.exe
  2⤵
  PID:3432
- C:\Windows\System\PzrEUmM.exe
  C:\Windows\System\PzrEUmM.exe
  2⤵
  PID:3448
- C:\Windows\System\ZdECAds.exe
  C:\Windows\System\ZdECAds.exe
  2⤵
  PID:3472
- C:\Windows\System\SNVVtEU.exe
  C:\Windows\System\SNVVtEU.exe
  2⤵
  PID:3488
- C:\Windows\System\ibtaeKw.exe
  C:\Windows\System\ibtaeKw.exe
  2⤵
  PID:3504
- C:\Windows\System\atysgpT.exe
  C:\Windows\System\atysgpT.exe
  2⤵
  PID:3532
- C:\Windows\System\FfQCawl.exe
  C:\Windows\System\FfQCawl.exe
  2⤵
  PID:3552
- C:\Windows\System\sFcvUFS.exe
  C:\Windows\System\sFcvUFS.exe
  2⤵
  PID:3572
- C:\Windows\System\fuzRpUR.exe
  C:\Windows\System\fuzRpUR.exe
  2⤵
  PID:3592
- C:\Windows\System\AfNQQSg.exe
  C:\Windows\System\AfNQQSg.exe
  2⤵
  PID:3612
- C:\Windows\System\fALfJEp.exe
  C:\Windows\System\fALfJEp.exe
  2⤵
  PID:3632
- C:\Windows\System\AmwXAep.exe
  C:\Windows\System\AmwXAep.exe
  2⤵
  PID:3652
- C:\Windows\System\EysNfnY.exe
  C:\Windows\System\EysNfnY.exe
  2⤵
  PID:3672
- C:\Windows\System\pKmNjLR.exe
  C:\Windows\System\pKmNjLR.exe
  2⤵
  PID:3692
- C:\Windows\System\SQkZjld.exe
  C:\Windows\System\SQkZjld.exe
  2⤵
  PID:3712
- C:\Windows\System\zXiEwcs.exe
  C:\Windows\System\zXiEwcs.exe
  2⤵
  PID:3732
- C:\Windows\System\hQaXufm.exe
  C:\Windows\System\hQaXufm.exe
  2⤵
  PID:3752
- C:\Windows\System\RHGdJmW.exe
  C:\Windows\System\RHGdJmW.exe
  2⤵
  PID:3772
- C:\Windows\System\HMJQKfa.exe
  C:\Windows\System\HMJQKfa.exe
  2⤵
  PID:3792
- C:\Windows\System\GafKktj.exe
  C:\Windows\System\GafKktj.exe
  2⤵
  PID:3812
- C:\Windows\System\zAGBGxs.exe
  C:\Windows\System\zAGBGxs.exe
  2⤵
  PID:3832
- C:\Windows\System\QWQgLUA.exe
  C:\Windows\System\QWQgLUA.exe
  2⤵
  PID:3856
- C:\Windows\System\VxYCDSw.exe
  C:\Windows\System\VxYCDSw.exe
  2⤵
  PID:3876
- C:\Windows\System\mWDrWZN.exe
  C:\Windows\System\mWDrWZN.exe
  2⤵
  PID:3896
- C:\Windows\System\kpvsKnC.exe
  C:\Windows\System\kpvsKnC.exe
  2⤵
  PID:3916
- C:\Windows\System\aJQoMXc.exe
  C:\Windows\System\aJQoMXc.exe
  2⤵
  PID:3936
- C:\Windows\System\IcdIxQu.exe
  C:\Windows\System\IcdIxQu.exe
  2⤵
  PID:3956
- C:\Windows\System\chgotGX.exe
  C:\Windows\System\chgotGX.exe
  2⤵
  PID:3976
- C:\Windows\System\EboNnOW.exe
  C:\Windows\System\EboNnOW.exe
  2⤵
  PID:3996
- C:\Windows\System\zSgmZJv.exe
  C:\Windows\System\zSgmZJv.exe
  2⤵
  PID:4016
- C:\Windows\System\uNhwPsM.exe
  C:\Windows\System\uNhwPsM.exe
  2⤵
  PID:4036
- C:\Windows\System\YVstFbT.exe
  C:\Windows\System\YVstFbT.exe
  2⤵
  PID:4056
- C:\Windows\System\ZmtMyjV.exe
  C:\Windows\System\ZmtMyjV.exe
  2⤵
  PID:4076
- C:\Windows\System\qMmCewk.exe
  C:\Windows\System\qMmCewk.exe
  2⤵
  PID:2516
- C:\Windows\System\WukbuWs.exe
  C:\Windows\System\WukbuWs.exe
  2⤵
  PID:304
- C:\Windows\System\SKFQSwr.exe
  C:\Windows\System\SKFQSwr.exe
  2⤵
  PID:2960
- C:\Windows\System\uFFmlgV.exe
  C:\Windows\System\uFFmlgV.exe
  2⤵
  PID:2720
- C:\Windows\System\kCIHtTj.exe
  C:\Windows\System\kCIHtTj.exe
  2⤵
  PID:2688
- C:\Windows\System\HBIvuPv.exe
  C:\Windows\System\HBIvuPv.exe
  2⤵
  PID:1664
- C:\Windows\System\MZXPVvX.exe
  C:\Windows\System\MZXPVvX.exe
  2⤵
  PID:1960
- C:\Windows\System\ghydFle.exe
  C:\Windows\System\ghydFle.exe
  2⤵
  PID:1764
- C:\Windows\System\TODqtib.exe
  C:\Windows\System\TODqtib.exe
  2⤵
  PID:2384
- C:\Windows\System\SzhooOQ.exe
  C:\Windows\System\SzhooOQ.exe
  2⤵
  PID:756
- C:\Windows\System\LIZkxvU.exe
  C:\Windows\System\LIZkxvU.exe
  2⤵
  PID:376
- C:\Windows\System\LZoXTcl.exe
  C:\Windows\System\LZoXTcl.exe
  2⤵
  PID:3020
- C:\Windows\System\BdcUqPZ.exe
  C:\Windows\System\BdcUqPZ.exe
  2⤵
  PID:3076
- C:\Windows\System\oRcnzqm.exe
  C:\Windows\System\oRcnzqm.exe
  2⤵
  PID:3100
- C:\Windows\System\bkJPcxU.exe
  C:\Windows\System\bkJPcxU.exe
  2⤵
  PID:3120
- C:\Windows\System\qmaiTCC.exe
  C:\Windows\System\qmaiTCC.exe
  2⤵
  PID:3164
- C:\Windows\System\ApaIGZB.exe
  C:\Windows\System\ApaIGZB.exe
  2⤵
  PID:3220
- C:\Windows\System\yRxRVnL.exe
  C:\Windows\System\yRxRVnL.exe
  2⤵
  PID:3236
- C:\Windows\System\EGzcqgc.exe
  C:\Windows\System\EGzcqgc.exe
  2⤵
  PID:2764
- C:\Windows\System\DqSOnFK.exe
  C:\Windows\System\DqSOnFK.exe
  2⤵
  PID:3280
- C:\Windows\System\bFHURPy.exe
  C:\Windows\System\bFHURPy.exe
  2⤵
  PID:3316
- C:\Windows\System\vxbmuwO.exe
  C:\Windows\System\vxbmuwO.exe
  2⤵
  PID:3356
- C:\Windows\System\DHwBDXw.exe
  C:\Windows\System\DHwBDXw.exe
  2⤵
  PID:3404
- C:\Windows\System\hehVEsL.exe
  C:\Windows\System\hehVEsL.exe
  2⤵
  PID:3456
- C:\Windows\System\JmIdtTv.exe
  C:\Windows\System\JmIdtTv.exe
  2⤵
  PID:3440
- C:\Windows\System\qdCPbql.exe
  C:\Windows\System\qdCPbql.exe
  2⤵
  PID:3512
- C:\Windows\System\nQZJamv.exe
  C:\Windows\System\nQZJamv.exe
  2⤵
  PID:3540
- C:\Windows\System\wneQkRf.exe
  C:\Windows\System\wneQkRf.exe
  2⤵
  PID:3588
- C:\Windows\System\LIFtQiP.exe
  C:\Windows\System\LIFtQiP.exe
  2⤵
  PID:3620
- C:\Windows\System\oeAQYLX.exe
  C:\Windows\System\oeAQYLX.exe
  2⤵
  PID:3640
- C:\Windows\System\TsiOOHg.exe
  C:\Windows\System\TsiOOHg.exe
  2⤵
  PID:3668
- C:\Windows\System\bcoVTZt.exe
  C:\Windows\System\bcoVTZt.exe
  2⤵
  PID:3688
- C:\Windows\System\uqtanGa.exe
  C:\Windows\System\uqtanGa.exe
  2⤵
  PID:3720
- C:\Windows\System\GdWjmHx.exe
  C:\Windows\System\GdWjmHx.exe
  2⤵
  PID:3764
- C:\Windows\System\gBYAsFc.exe
  C:\Windows\System\gBYAsFc.exe
  2⤵
  PID:3828
- C:\Windows\System\xgeNBQg.exe
  C:\Windows\System\xgeNBQg.exe
  2⤵
  PID:3864
- C:\Windows\System\jUEpkMI.exe
  C:\Windows\System\jUEpkMI.exe
  2⤵
  PID:3844
- C:\Windows\System\YoINSTN.exe
  C:\Windows\System\YoINSTN.exe
  2⤵
  PID:3892
- C:\Windows\System\BTynZkh.exe
  C:\Windows\System\BTynZkh.exe
  2⤵
  PID:3952
- C:\Windows\System\uMrLbGj.exe
  C:\Windows\System\uMrLbGj.exe
  2⤵
  PID:3988
- C:\Windows\System\oiueHQB.exe
  C:\Windows\System\oiueHQB.exe
  2⤵
  PID:4028
- C:\Windows\System\FthkOav.exe
  C:\Windows\System\FthkOav.exe
  2⤵
  PID:4064
- C:\Windows\System\SXdQhzU.exe
  C:\Windows\System\SXdQhzU.exe
  2⤵
  PID:4068
- C:\Windows\System\RSubazO.exe
  C:\Windows\System\RSubazO.exe
  2⤵
  PID:4088
- C:\Windows\System\ebjpavG.exe
  C:\Windows\System\ebjpavG.exe
  2⤵
  PID:2908
- C:\Windows\System\TKnlnzF.exe
  C:\Windows\System\TKnlnzF.exe
  2⤵
  PID:1532
- C:\Windows\System\urVlqUt.exe
  C:\Windows\System\urVlqUt.exe
  2⤵
  PID:1644
- C:\Windows\System\FedTrXQ.exe
  C:\Windows\System\FedTrXQ.exe
  2⤵
  PID:2392
- C:\Windows\System\zQtGZvv.exe
  C:\Windows\System\zQtGZvv.exe
  2⤵
  PID:408
- C:\Windows\System\nidZVgP.exe
  C:\Windows\System\nidZVgP.exe
  2⤵
  PID:1688
- C:\Windows\System\pPSEWtl.exe
  C:\Windows\System\pPSEWtl.exe
  2⤵
  PID:3096
- C:\Windows\System\ObRXTtA.exe
  C:\Windows\System\ObRXTtA.exe
  2⤵
  PID:3180
- C:\Windows\System\GDzhLKU.exe
  C:\Windows\System\GDzhLKU.exe
  2⤵
  PID:3184
- C:\Windows\System\axMJXwb.exe
  C:\Windows\System\axMJXwb.exe
  2⤵
  PID:3304
- C:\Windows\System\GKiWkvX.exe
  C:\Windows\System\GKiWkvX.exe
  2⤵
  PID:3244
- C:\Windows\System\UkKZbYa.exe
  C:\Windows\System\UkKZbYa.exe
  2⤵
  PID:3344
- C:\Windows\System\JefpNLS.exe
  C:\Windows\System\JefpNLS.exe
  2⤵
  PID:3428
- C:\Windows\System\FeDbIMX.exe
  C:\Windows\System\FeDbIMX.exe
  2⤵
  PID:3484
- C:\Windows\System\Nfmehze.exe
  C:\Windows\System\Nfmehze.exe
  2⤵
  PID:3548
- C:\Windows\System\ZDkzBpV.exe
  C:\Windows\System\ZDkzBpV.exe
  2⤵
  PID:3604
- C:\Windows\System\XidvJUL.exe
  C:\Windows\System\XidvJUL.exe
  2⤵
  PID:3568
- C:\Windows\System\qRanzPu.exe
  C:\Windows\System\qRanzPu.exe
  2⤵
  PID:3644
- C:\Windows\System\yjzIEID.exe
  C:\Windows\System\yjzIEID.exe
  2⤵
  PID:3748
- C:\Windows\System\TvHvwDd.exe
  C:\Windows\System\TvHvwDd.exe
  2⤵
  PID:3808
- C:\Windows\System\cHUEJkG.exe
  C:\Windows\System\cHUEJkG.exe
  2⤵
  PID:3884
- C:\Windows\System\rzTNsEr.exe
  C:\Windows\System\rzTNsEr.exe
  2⤵
  PID:3944
- C:\Windows\System\gbQfegI.exe
  C:\Windows\System\gbQfegI.exe
  2⤵
  PID:3932
- C:\Windows\System\egkaetD.exe
  C:\Windows\System\egkaetD.exe
  2⤵
  PID:4024
- C:\Windows\System\CcQaeLr.exe
  C:\Windows\System\CcQaeLr.exe
  2⤵
  PID:1516
- C:\Windows\System\ECyIgej.exe
  C:\Windows\System\ECyIgej.exe
  2⤵
  PID:2952
- C:\Windows\System\uxqTIFz.exe
  C:\Windows\System\uxqTIFz.exe
  2⤵
  PID:704
- C:\Windows\System\XAOjXth.exe
  C:\Windows\System\XAOjXth.exe
  2⤵
  PID:1652
- C:\Windows\System\PnpIpDT.exe
  C:\Windows\System\PnpIpDT.exe
  2⤵
  PID:1776
- C:\Windows\System\jwqUNBa.exe
  C:\Windows\System\jwqUNBa.exe
  2⤵
  PID:2328
- C:\Windows\System\eFXLBsR.exe
  C:\Windows\System\eFXLBsR.exe
  2⤵
  PID:3256
- C:\Windows\System\aGpDjxD.exe
  C:\Windows\System\aGpDjxD.exe
  2⤵
  PID:3340
- C:\Windows\System\CsdPmZG.exe
  C:\Windows\System\CsdPmZG.exe
  2⤵
  PID:3424
- C:\Windows\System\DtiLHqb.exe
  C:\Windows\System\DtiLHqb.exe
  2⤵
  PID:2592
- C:\Windows\System\tkXKWhd.exe
  C:\Windows\System\tkXKWhd.exe
  2⤵
  PID:3560
- C:\Windows\System\EDqPXHc.exe
  C:\Windows\System\EDqPXHc.exe
  2⤵
  PID:3704
- C:\Windows\System\pFMcKzl.exe
  C:\Windows\System\pFMcKzl.exe
  2⤵
  PID:3804
- C:\Windows\System\Ddpqmvm.exe
  C:\Windows\System\Ddpqmvm.exe
  2⤵
  PID:3912
- C:\Windows\System\aJCiNmD.exe
  C:\Windows\System\aJCiNmD.exe
  2⤵
  PID:3984
- C:\Windows\System\ybWZqpI.exe
  C:\Windows\System\ybWZqpI.exe
  2⤵
  PID:3924
- C:\Windows\System\gqATXlu.exe
  C:\Windows\System\gqATXlu.exe
  2⤵
  PID:4112
- C:\Windows\System\yAJrsig.exe
  C:\Windows\System\yAJrsig.exe
  2⤵
  PID:4132
- C:\Windows\System\kBBZrAp.exe
  C:\Windows\System\kBBZrAp.exe
  2⤵
  PID:4152
- C:\Windows\System\dikCJCw.exe
  C:\Windows\System\dikCJCw.exe
  2⤵
  PID:4172
- C:\Windows\System\BWwrPvr.exe
  C:\Windows\System\BWwrPvr.exe
  2⤵
  PID:4192
- C:\Windows\System\BXYtwry.exe
  C:\Windows\System\BXYtwry.exe
  2⤵
  PID:4212
- C:\Windows\System\CVdpJMl.exe
  C:\Windows\System\CVdpJMl.exe
  2⤵
  PID:4228
- C:\Windows\System\kLdcOtW.exe
  C:\Windows\System\kLdcOtW.exe
  2⤵
  PID:4248
- C:\Windows\System\bKbKZso.exe
  C:\Windows\System\bKbKZso.exe
  2⤵
  PID:4268
- C:\Windows\System\pTaHMZV.exe
  C:\Windows\System\pTaHMZV.exe
  2⤵
  PID:4296
- C:\Windows\System\OxMYdGE.exe
  C:\Windows\System\OxMYdGE.exe
  2⤵
  PID:4316
- C:\Windows\System\OUMbzlB.exe
  C:\Windows\System\OUMbzlB.exe
  2⤵
  PID:4336
- C:\Windows\System\PVJriQk.exe
  C:\Windows\System\PVJriQk.exe
  2⤵
  PID:4356
- C:\Windows\System\gxmuWFO.exe
  C:\Windows\System\gxmuWFO.exe
  2⤵
  PID:4376
- C:\Windows\System\JAMGYOz.exe
  C:\Windows\System\JAMGYOz.exe
  2⤵
  PID:4396
- C:\Windows\System\FGxaXMQ.exe
  C:\Windows\System\FGxaXMQ.exe
  2⤵
  PID:4416
- C:\Windows\System\fyHqgcY.exe
  C:\Windows\System\fyHqgcY.exe
  2⤵
  PID:4436
- C:\Windows\System\SEgMTqU.exe
  C:\Windows\System\SEgMTqU.exe
  2⤵
  PID:4456
- C:\Windows\System\jKeYReL.exe
  C:\Windows\System\jKeYReL.exe
  2⤵
  PID:4476
- C:\Windows\System\IojNZFk.exe
  C:\Windows\System\IojNZFk.exe
  2⤵
  PID:4496
- C:\Windows\System\UqVFYoj.exe
  C:\Windows\System\UqVFYoj.exe
  2⤵
  PID:4516
- C:\Windows\System\gmhfLLZ.exe
  C:\Windows\System\gmhfLLZ.exe
  2⤵
  PID:4536
- C:\Windows\System\rjVIsHM.exe
  C:\Windows\System\rjVIsHM.exe
  2⤵
  PID:4556
- C:\Windows\System\KQRyhBQ.exe
  C:\Windows\System\KQRyhBQ.exe
  2⤵
  PID:4576
- C:\Windows\System\TTfNCDZ.exe
  C:\Windows\System\TTfNCDZ.exe
  2⤵
  PID:4596
- C:\Windows\System\uSJRkZX.exe
  C:\Windows\System\uSJRkZX.exe
  2⤵
  PID:4616
- C:\Windows\System\TcnLjei.exe
  C:\Windows\System\TcnLjei.exe
  2⤵
  PID:4636
- C:\Windows\System\obLGOhk.exe
  C:\Windows\System\obLGOhk.exe
  2⤵
  PID:4656
- C:\Windows\System\ihOdIuM.exe
  C:\Windows\System\ihOdIuM.exe
  2⤵
  PID:4676
- C:\Windows\System\BMKXTIY.exe
  C:\Windows\System\BMKXTIY.exe
  2⤵
  PID:4696
- C:\Windows\System\bIkdlAZ.exe
  C:\Windows\System\bIkdlAZ.exe
  2⤵
  PID:4716
- C:\Windows\System\lTeXHUl.exe
  C:\Windows\System\lTeXHUl.exe
  2⤵
  PID:4736
- C:\Windows\System\wwaucln.exe
  C:\Windows\System\wwaucln.exe
  2⤵
  PID:4756
- C:\Windows\System\SMokxLM.exe
  C:\Windows\System\SMokxLM.exe
  2⤵
  PID:4776
- C:\Windows\System\EuwyaLu.exe
  C:\Windows\System\EuwyaLu.exe
  2⤵
  PID:4796
- C:\Windows\System\reuGxEs.exe
  C:\Windows\System\reuGxEs.exe
  2⤵
  PID:4816
- C:\Windows\System\NQwIoyM.exe
  C:\Windows\System\NQwIoyM.exe
  2⤵
  PID:4836
- C:\Windows\System\ulgEpqY.exe
  C:\Windows\System\ulgEpqY.exe
  2⤵
  PID:4856
- C:\Windows\System\VXlAyNE.exe
  C:\Windows\System\VXlAyNE.exe
  2⤵
  PID:4876
- C:\Windows\System\zsivXHQ.exe
  C:\Windows\System\zsivXHQ.exe
  2⤵
  PID:4896
- C:\Windows\System\aCXLbVm.exe
  C:\Windows\System\aCXLbVm.exe
  2⤵
  PID:4916
- C:\Windows\System\yTXBoUF.exe
  C:\Windows\System\yTXBoUF.exe
  2⤵
  PID:4936
- C:\Windows\System\MIdVGUj.exe
  C:\Windows\System\MIdVGUj.exe
  2⤵
  PID:4964
- C:\Windows\System\IaOrYHE.exe
  C:\Windows\System\IaOrYHE.exe
  2⤵
  PID:4988
- C:\Windows\System\LzXnTQg.exe
  C:\Windows\System\LzXnTQg.exe
  2⤵
  PID:5008
- C:\Windows\System\OOwsyFy.exe
  C:\Windows\System\OOwsyFy.exe
  2⤵
  PID:5028
- C:\Windows\System\gXgJKEA.exe
  C:\Windows\System\gXgJKEA.exe
  2⤵
  PID:5048
- C:\Windows\System\XUgotgJ.exe
  C:\Windows\System\XUgotgJ.exe
  2⤵
  PID:5068
- C:\Windows\System\sNNVeje.exe
  C:\Windows\System\sNNVeje.exe
  2⤵
  PID:5088
- C:\Windows\System\gaYwYSk.exe
  C:\Windows\System\gaYwYSk.exe
  2⤵
  PID:5108
- C:\Windows\System\NZzphyQ.exe
  C:\Windows\System\NZzphyQ.exe
  2⤵
  PID:2356
- C:\Windows\System\RZKZuan.exe
  C:\Windows\System\RZKZuan.exe
  2⤵
  PID:2604
- C:\Windows\System\YKGwkDz.exe
  C:\Windows\System\YKGwkDz.exe
  2⤵
  PID:1900
- C:\Windows\System\kmhBSkM.exe
  C:\Windows\System\kmhBSkM.exe
  2⤵
  PID:2228
- C:\Windows\System\IwetXJF.exe
  C:\Windows\System\IwetXJF.exe
  2⤵
  PID:3124
- C:\Windows\System\qEQdJMJ.exe
  C:\Windows\System\qEQdJMJ.exe
  2⤵
  PID:3496
- C:\Windows\System\GtqHHIy.exe
  C:\Windows\System\GtqHHIy.exe
  2⤵
  PID:3260
- C:\Windows\System\ifoyhnu.exe
  C:\Windows\System\ifoyhnu.exe
  2⤵
  PID:3480
- C:\Windows\System\AdfXPJe.exe
  C:\Windows\System\AdfXPJe.exe
  2⤵
  PID:3820
- C:\Windows\System\pnDMpdT.exe
  C:\Windows\System\pnDMpdT.exe
  2⤵
  PID:4032
- C:\Windows\System\SqUVdom.exe
  C:\Windows\System\SqUVdom.exe
  2⤵
  PID:3840
- C:\Windows\System\NtwZNyt.exe
  C:\Windows\System\NtwZNyt.exe
  2⤵
  PID:4160
- C:\Windows\System\bvxvkks.exe
  C:\Windows\System\bvxvkks.exe
  2⤵
  PID:4164
- C:\Windows\System\ylkSDva.exe
  C:\Windows\System\ylkSDva.exe
  2⤵
  PID:4188
- C:\Windows\System\LJNiydn.exe
  C:\Windows\System\LJNiydn.exe
  2⤵
  PID:4220
- C:\Windows\System\nmbHYVF.exe
  C:\Windows\System\nmbHYVF.exe
  2⤵
  PID:4260
- C:\Windows\System\iowaOEq.exe
  C:\Windows\System\iowaOEq.exe
  2⤵
  PID:4328
- C:\Windows\System\XFTKAVP.exe
  C:\Windows\System\XFTKAVP.exe
  2⤵
  PID:4364
- C:\Windows\System\JiGeMqn.exe
  C:\Windows\System\JiGeMqn.exe
  2⤵
  PID:4384
- C:\Windows\System\AmbFZTr.exe
  C:\Windows\System\AmbFZTr.exe
  2⤵
  PID:4388
- C:\Windows\System\IRaNwHx.exe
  C:\Windows\System\IRaNwHx.exe
  2⤵
  PID:4432
- C:\Windows\System\QsWXHRN.exe
  C:\Windows\System\QsWXHRN.exe
  2⤵
  PID:4468
- C:\Windows\System\mONGzDU.exe
  C:\Windows\System\mONGzDU.exe
  2⤵
  PID:4532
- C:\Windows\System\YznFxgi.exe
  C:\Windows\System\YznFxgi.exe
  2⤵
  PID:4564
- C:\Windows\System\AcBLWjM.exe
  C:\Windows\System\AcBLWjM.exe
  2⤵
  PID:4584
- C:\Windows\System\hjNrpaD.exe
  C:\Windows\System\hjNrpaD.exe
  2⤵
  PID:4608
- C:\Windows\System\tCEtkES.exe
  C:\Windows\System\tCEtkES.exe
  2⤵
  PID:4624
- C:\Windows\System\oOEGeEP.exe
  C:\Windows\System\oOEGeEP.exe
  2⤵
  PID:4668
- C:\Windows\System\dJYJFor.exe
  C:\Windows\System\dJYJFor.exe
  2⤵
  PID:4704
- C:\Windows\System\bQjggSp.exe
  C:\Windows\System\bQjggSp.exe
  2⤵
  PID:4764
- C:\Windows\System\yySnCcm.exe
  C:\Windows\System\yySnCcm.exe
  2⤵
  PID:4804
- C:\Windows\System\IrcKSeI.exe
  C:\Windows\System\IrcKSeI.exe
  2⤵
  PID:4788
- C:\Windows\System\jBIPkCy.exe
  C:\Windows\System\jBIPkCy.exe
  2⤵
  PID:4832
- C:\Windows\System\xjrnJgn.exe
  C:\Windows\System\xjrnJgn.exe
  2⤵
  PID:4868
- C:\Windows\System\CzTyRri.exe
  C:\Windows\System\CzTyRri.exe
  2⤵
  PID:4924
- C:\Windows\System\ssPnSrr.exe
  C:\Windows\System\ssPnSrr.exe
  2⤵
  PID:4948
- C:\Windows\System\SuqoItr.exe
  C:\Windows\System\SuqoItr.exe
  2⤵
  PID:4976
- C:\Windows\System\ZKDnLmu.exe
  C:\Windows\System\ZKDnLmu.exe
  2⤵
  PID:4996
- C:\Windows\System\TlccIom.exe
  C:\Windows\System\TlccIom.exe
  2⤵
  PID:5044
- C:\Windows\System\MunMDUD.exe
  C:\Windows\System\MunMDUD.exe
  2⤵
  PID:5076
- C:\Windows\System\AhqzMnv.exe
  C:\Windows\System\AhqzMnv.exe
  2⤵
  PID:4048
- C:\Windows\System\nSGNDTr.exe
  C:\Windows\System\nSGNDTr.exe
  2⤵
  PID:1748
- C:\Windows\System\WmZZnUp.exe
  C:\Windows\System\WmZZnUp.exe
  2⤵
  PID:2404
- C:\Windows\System\bLGuUWZ.exe
  C:\Windows\System\bLGuUWZ.exe
  2⤵
  PID:3204
- C:\Windows\System\omLyqtr.exe
  C:\Windows\System\omLyqtr.exe
  2⤵
  PID:3400
- C:\Windows\System\ejNhmxN.exe
  C:\Windows\System\ejNhmxN.exe
  2⤵
  PID:3780
- C:\Windows\System\tuxnWdf.exe
  C:\Windows\System\tuxnWdf.exe
  2⤵
  PID:3788
- C:\Windows\System\daIufWT.exe
  C:\Windows\System\daIufWT.exe
  2⤵
  PID:4104
- C:\Windows\System\OAYgrqp.exe
  C:\Windows\System\OAYgrqp.exe
  2⤵
  PID:4208
- C:\Windows\System\hPVjUuB.exe
  C:\Windows\System\hPVjUuB.exe
  2⤵
  PID:4276
- C:\Windows\System\tznYrIW.exe
  C:\Windows\System\tznYrIW.exe
  2⤵
  PID:4312
- C:\Windows\System\gseTunh.exe
  C:\Windows\System\gseTunh.exe
  2⤵
  PID:4324
- C:\Windows\System\JynCIUr.exe
  C:\Windows\System\JynCIUr.exe
  2⤵
  PID:4348
- C:\Windows\System\CpeggLn.exe
  C:\Windows\System\CpeggLn.exe
  2⤵
  PID:4484
- C:\Windows\System\pghEeyG.exe
  C:\Windows\System\pghEeyG.exe
  2⤵
  PID:4452
- C:\Windows\System\yUhXlNH.exe
  C:\Windows\System\yUhXlNH.exe
  2⤵
  PID:4568
- C:\Windows\System\MflbnOf.exe
  C:\Windows\System\MflbnOf.exe
  2⤵
  PID:4692
- C:\Windows\System\wIQhkwF.exe
  C:\Windows\System\wIQhkwF.exe
  2⤵
  PID:4648
- C:\Windows\System\TshscNi.exe
  C:\Windows\System\TshscNi.exe
  2⤵
  PID:4724
- C:\Windows\System\mVDZIkN.exe
  C:\Windows\System\mVDZIkN.exe
  2⤵
  PID:4772
- C:\Windows\System\UOgfAAW.exe
  C:\Windows\System\UOgfAAW.exe
  2⤵
  PID:4872
- C:\Windows\System\xxurUyE.exe
  C:\Windows\System\xxurUyE.exe
  2⤵
  PID:4908
- C:\Windows\System\FlyMGcP.exe
  C:\Windows\System\FlyMGcP.exe
  2⤵
  PID:4904
- C:\Windows\System\eECslyY.exe
  C:\Windows\System\eECslyY.exe
  2⤵
  PID:5004
- C:\Windows\System\FbjFSyx.exe
  C:\Windows\System\FbjFSyx.exe
  2⤵
  PID:5060
- C:\Windows\System\mteuWXL.exe
  C:\Windows\System\mteuWXL.exe
  2⤵
  PID:1040
- C:\Windows\System\qpJCvNz.exe
  C:\Windows\System\qpJCvNz.exe
  2⤵
  PID:5084
- C:\Windows\System\HRCUhYO.exe
  C:\Windows\System\HRCUhYO.exe
  2⤵
  PID:3080
- C:\Windows\System\VpMSRXb.exe
  C:\Windows\System\VpMSRXb.exe
  2⤵
  PID:3388
- C:\Windows\System\vnlpuir.exe
  C:\Windows\System\vnlpuir.exe
  2⤵
  PID:4108
- C:\Windows\System\RsCWpjg.exe
  C:\Windows\System\RsCWpjg.exe
  2⤵
  PID:4204
- C:\Windows\System\kbLFhIP.exe
  C:\Windows\System\kbLFhIP.exe
  2⤵
  PID:4288
- C:\Windows\System\LjCqKTL.exe
  C:\Windows\System\LjCqKTL.exe
  2⤵
  PID:4244
- C:\Windows\System\FenVQzQ.exe
  C:\Windows\System\FenVQzQ.exe
  2⤵
  PID:2076
- C:\Windows\System\hMyQHUL.exe
  C:\Windows\System\hMyQHUL.exe
  2⤵
  PID:4592
- C:\Windows\System\sHEKYEE.exe
  C:\Windows\System\sHEKYEE.exe
  2⤵
  PID:4628
- C:\Windows\System\onwoxnz.exe
  C:\Windows\System\onwoxnz.exe
  2⤵
  PID:4744
- C:\Windows\System\TEcFsEh.exe
  C:\Windows\System\TEcFsEh.exe
  2⤵
  PID:4712
- C:\Windows\System\NHqMrRL.exe
  C:\Windows\System\NHqMrRL.exe
  2⤵
  PID:4864
- C:\Windows\System\MjFTRZn.exe
  C:\Windows\System\MjFTRZn.exe
  2⤵
  PID:4828
- C:\Windows\System\VMcdUaf.exe
  C:\Windows\System\VMcdUaf.exe
  2⤵
  PID:5128
- C:\Windows\System\VTzzcRR.exe
  C:\Windows\System\VTzzcRR.exe
  2⤵
  PID:5148
- C:\Windows\System\WLynknv.exe
  C:\Windows\System\WLynknv.exe
  2⤵
  PID:5164
- C:\Windows\System\BepOVxF.exe
  C:\Windows\System\BepOVxF.exe
  2⤵
  PID:5188
- C:\Windows\System\pjOoliM.exe
  C:\Windows\System\pjOoliM.exe
  2⤵
  PID:5208
- C:\Windows\System\GmOPUyg.exe
  C:\Windows\System\GmOPUyg.exe
  2⤵
  PID:5228
- C:\Windows\System\IKSSqKF.exe
  C:\Windows\System\IKSSqKF.exe
  2⤵
  PID:5248
- C:\Windows\System\HKITYnw.exe
  C:\Windows\System\HKITYnw.exe
  2⤵
  PID:5268
- C:\Windows\System\GnkAjPE.exe
  C:\Windows\System\GnkAjPE.exe
  2⤵
  PID:5288
- C:\Windows\System\DMZYEXP.exe
  C:\Windows\System\DMZYEXP.exe
  2⤵
  PID:5308
- C:\Windows\System\nzpIYzk.exe
  C:\Windows\System\nzpIYzk.exe
  2⤵
  PID:5328
- C:\Windows\System\wzEcMLs.exe
  C:\Windows\System\wzEcMLs.exe
  2⤵
  PID:5348
- C:\Windows\System\pRoOvjq.exe
  C:\Windows\System\pRoOvjq.exe
  2⤵
  PID:5368
- C:\Windows\System\VzusRol.exe
  C:\Windows\System\VzusRol.exe
  2⤵
  PID:5388
- C:\Windows\System\UxdLFGe.exe
  C:\Windows\System\UxdLFGe.exe
  2⤵
  PID:5408
- C:\Windows\System\gkpHxrP.exe
  C:\Windows\System\gkpHxrP.exe
  2⤵
  PID:5428
- C:\Windows\System\rYcTKFp.exe
  C:\Windows\System\rYcTKFp.exe
  2⤵
  PID:5448
- C:\Windows\System\iQcwyMo.exe
  C:\Windows\System\iQcwyMo.exe
  2⤵
  PID:5468
- C:\Windows\System\dsjUZRM.exe
  C:\Windows\System\dsjUZRM.exe
  2⤵
  PID:5488
- C:\Windows\System\RHTRxBZ.exe
  C:\Windows\System\RHTRxBZ.exe
  2⤵
  PID:5508
- C:\Windows\System\FKSEhzY.exe
  C:\Windows\System\FKSEhzY.exe
  2⤵
  PID:5528
- C:\Windows\System\xtzWYVE.exe
  C:\Windows\System\xtzWYVE.exe
  2⤵
  PID:5548
- C:\Windows\System\KmBHrVh.exe
  C:\Windows\System\KmBHrVh.exe
  2⤵
  PID:5568
- C:\Windows\System\WkSzPDm.exe
  C:\Windows\System\WkSzPDm.exe
  2⤵
  PID:5588
- C:\Windows\System\azjoHqs.exe
  C:\Windows\System\azjoHqs.exe
  2⤵
  PID:5608
- C:\Windows\System\kUALsxX.exe
  C:\Windows\System\kUALsxX.exe
  2⤵
  PID:5628
- C:\Windows\System\zAajElS.exe
  C:\Windows\System\zAajElS.exe
  2⤵
  PID:5648
- C:\Windows\System\rfzApIa.exe
  C:\Windows\System\rfzApIa.exe
  2⤵
  PID:5668
- C:\Windows\System\IsqnPCg.exe
  C:\Windows\System\IsqnPCg.exe
  2⤵
  PID:5688
- C:\Windows\System\MMStYpV.exe
  C:\Windows\System\MMStYpV.exe
  2⤵
  PID:5708
- C:\Windows\System\pocnBZi.exe
  C:\Windows\System\pocnBZi.exe
  2⤵
  PID:5728
- C:\Windows\System\TOFHfiU.exe
  C:\Windows\System\TOFHfiU.exe
  2⤵
  PID:5748
- C:\Windows\System\eNiozAY.exe
  C:\Windows\System\eNiozAY.exe
  2⤵
  PID:5768
- C:\Windows\System\aSorMED.exe
  C:\Windows\System\aSorMED.exe
  2⤵
  PID:5788
- C:\Windows\System\vrgSklV.exe
  C:\Windows\System\vrgSklV.exe
  2⤵
  PID:5808
- C:\Windows\System\ksvHtLi.exe
  C:\Windows\System\ksvHtLi.exe
  2⤵
  PID:5828
- C:\Windows\System\wPOAnDY.exe
  C:\Windows\System\wPOAnDY.exe
  2⤵
  PID:5848
- C:\Windows\System\qPhHbWn.exe
  C:\Windows\System\qPhHbWn.exe
  2⤵
  PID:5868
- C:\Windows\System\HUeriTB.exe
  C:\Windows\System\HUeriTB.exe
  2⤵
  PID:5888
- C:\Windows\System\wMaZQSD.exe
  C:\Windows\System\wMaZQSD.exe
  2⤵
  PID:5908
- C:\Windows\System\VWrbrfn.exe
  C:\Windows\System\VWrbrfn.exe
  2⤵
  PID:5928
- C:\Windows\System\sNXseqg.exe
  C:\Windows\System\sNXseqg.exe
  2⤵
  PID:5948
- C:\Windows\System\ZxQqAWg.exe
  C:\Windows\System\ZxQqAWg.exe
  2⤵
  PID:5968
- C:\Windows\System\apIYgSw.exe
  C:\Windows\System\apIYgSw.exe
  2⤵
  PID:5988
- C:\Windows\System\jjEJjZK.exe
  C:\Windows\System\jjEJjZK.exe
  2⤵
  PID:6008
- C:\Windows\System\MyHcunG.exe
  C:\Windows\System\MyHcunG.exe
  2⤵
  PID:6028
- C:\Windows\System\YPHyLVq.exe
  C:\Windows\System\YPHyLVq.exe
  2⤵
  PID:6044
- C:\Windows\System\cFQQvLm.exe
  C:\Windows\System\cFQQvLm.exe
  2⤵
  PID:6068
- C:\Windows\System\KtAimcC.exe
  C:\Windows\System\KtAimcC.exe
  2⤵
  PID:6088
- C:\Windows\System\CQzjkNt.exe
  C:\Windows\System\CQzjkNt.exe
  2⤵
  PID:6108
- C:\Windows\System\Vkhlguk.exe
  C:\Windows\System\Vkhlguk.exe
  2⤵
  PID:6128
- C:\Windows\System\HkaVXMx.exe
  C:\Windows\System\HkaVXMx.exe
  2⤵
  PID:5104
- C:\Windows\System\CVjIpyv.exe
  C:\Windows\System\CVjIpyv.exe
  2⤵
  PID:5100
- C:\Windows\System\eyQyPXN.exe
  C:\Windows\System\eyQyPXN.exe
  2⤵
  PID:3708
- C:\Windows\System\AeLpQrk.exe
  C:\Windows\System\AeLpQrk.exe
  2⤵
  PID:2564
- C:\Windows\System\VLdEZtj.exe
  C:\Windows\System\VLdEZtj.exe
  2⤵
  PID:4148
- C:\Windows\System\VtaCRcc.exe
  C:\Windows\System\VtaCRcc.exe
  2⤵
  PID:4472
- C:\Windows\System\cjIhTas.exe
  C:\Windows\System\cjIhTas.exe
  2⤵
  PID:4544
- C:\Windows\System\gGTNkCc.exe
  C:\Windows\System\gGTNkCc.exe
  2⤵
  PID:4792
- C:\Windows\System\AwzgGxD.exe
  C:\Windows\System\AwzgGxD.exe
  2⤵
  PID:2004
- C:\Windows\System\nGDArKN.exe
  C:\Windows\System\nGDArKN.exe
  2⤵
  PID:4980
- C:\Windows\System\JQmZXjz.exe
  C:\Windows\System\JQmZXjz.exe
  2⤵
  PID:4984
- C:\Windows\System\LgjiItQ.exe
  C:\Windows\System\LgjiItQ.exe
  2⤵
  PID:5184
- C:\Windows\System\jKnOgBf.exe
  C:\Windows\System\jKnOgBf.exe
  2⤵
  PID:5216
- C:\Windows\System\CELiKfc.exe
  C:\Windows\System\CELiKfc.exe
  2⤵
  PID:5236
- C:\Windows\System\WfaDIFA.exe
  C:\Windows\System\WfaDIFA.exe
  2⤵
  PID:5260
- C:\Windows\System\RFFiXSf.exe
  C:\Windows\System\RFFiXSf.exe
  2⤵
  PID:5280
- C:\Windows\System\nKlOlam.exe
  C:\Windows\System\nKlOlam.exe
  2⤵
  PID:5324
- C:\Windows\System\VYbYbFA.exe
  C:\Windows\System\VYbYbFA.exe
  2⤵
  PID:5376
- C:\Windows\System\EcAZLfb.exe
  C:\Windows\System\EcAZLfb.exe
  2⤵
  PID:5416
- C:\Windows\System\hrwmDWV.exe
  C:\Windows\System\hrwmDWV.exe
  2⤵
  PID:5404
- C:\Windows\System\ZeelHDF.exe
  C:\Windows\System\ZeelHDF.exe
  2⤵
  PID:5440
- C:\Windows\System\FuJTepk.exe
  C:\Windows\System\FuJTepk.exe
  2⤵
  PID:5484
- C:\Windows\System\LgaEMld.exe
  C:\Windows\System\LgaEMld.exe
  2⤵
  PID:388
- C:\Windows\System\zQDlMZu.exe
  C:\Windows\System\zQDlMZu.exe
  2⤵
  PID:5520
- C:\Windows\System\RZeQGAt.exe
  C:\Windows\System\RZeQGAt.exe
  2⤵
  PID:5580
- C:\Windows\System\LEogrDn.exe
  C:\Windows\System\LEogrDn.exe
  2⤵
  PID:5624
- C:\Windows\System\lnsagYC.exe
  C:\Windows\System\lnsagYC.exe
  2⤵
  PID:5664
- C:\Windows\System\JGwnBnM.exe
  C:\Windows\System\JGwnBnM.exe
  2⤵
  PID:5696
- C:\Windows\System\XspBlcg.exe
  C:\Windows\System\XspBlcg.exe
  2⤵
  PID:5704
- C:\Windows\System\lprlAaU.exe
  C:\Windows\System\lprlAaU.exe
  2⤵
  PID:5744
- C:\Windows\System\ZgolIsr.exe
  C:\Windows\System\ZgolIsr.exe
  2⤵
  PID:5784
- C:\Windows\System\cCgRAty.exe
  C:\Windows\System\cCgRAty.exe
  2⤵
  PID:5816
- C:\Windows\System\jiuIHxE.exe
  C:\Windows\System\jiuIHxE.exe
  2⤵
  PID:5804
- C:\Windows\System\revfcmH.exe
  C:\Windows\System\revfcmH.exe
  2⤵
  PID:5840
- C:\Windows\System\KJpKgse.exe
  C:\Windows\System\KJpKgse.exe
  2⤵
  PID:5876
- C:\Windows\System\sOiyynG.exe
  C:\Windows\System\sOiyynG.exe
  2⤵
  PID:5880
- C:\Windows\System\KcYZjbS.exe
  C:\Windows\System\KcYZjbS.exe
  2⤵
  PID:5924
- C:\Windows\System\COLvxYt.exe
  C:\Windows\System\COLvxYt.exe
  2⤵
  PID:5984
- C:\Windows\System\VgLpSVu.exe
  C:\Windows\System\VgLpSVu.exe
  2⤵
  PID:2768
- C:\Windows\System\JfNnRND.exe
  C:\Windows\System\JfNnRND.exe
  2⤵
  PID:6004
- C:\Windows\System\QnPzwbv.exe
  C:\Windows\System\QnPzwbv.exe
  2⤵
  PID:2788
- C:\Windows\System\zEdrebi.exe
  C:\Windows\System\zEdrebi.exe
  2⤵
  PID:6096
- C:\Windows\System\XypapQK.exe
  C:\Windows\System\XypapQK.exe
  2⤵
  PID:6084
- C:\Windows\System\oYHzZGT.exe
  C:\Windows\System\oYHzZGT.exe
  2⤵
  PID:6136
- C:\Windows\System\khdQoyc.exe
  C:\Windows\System\khdQoyc.exe
  2⤵
  PID:6116
- C:\Windows\System\jEGCioj.exe
  C:\Windows\System\jEGCioj.exe
  2⤵
  PID:4084
- C:\Windows\System\nLQPNyE.exe
  C:\Windows\System\nLQPNyE.exe
  2⤵
  PID:3992
- C:\Windows\System\PHDGJwX.exe
  C:\Windows\System\PHDGJwX.exe
  2⤵
  PID:4284
- C:\Windows\System\wIChIFI.exe
  C:\Windows\System\wIChIFI.exe
  2⤵
  PID:4444
- C:\Windows\System\pQRJEbY.exe
  C:\Windows\System\pQRJEbY.exe
  2⤵
  PID:4684
- C:\Windows\System\YCmkSgu.exe
  C:\Windows\System\YCmkSgu.exe
  2⤵
  PID:4928
- C:\Windows\System\DDYXnWl.exe
  C:\Windows\System\DDYXnWl.exe
  2⤵
  PID:5124
- C:\Windows\System\NWITlkl.exe
  C:\Windows\System\NWITlkl.exe
  2⤵
  PID:5220
- C:\Windows\System\DyLweTb.exe
  C:\Windows\System\DyLweTb.exe
  2⤵
  PID:5200
- C:\Windows\System\iQOJoVx.exe
  C:\Windows\System\iQOJoVx.exe
  2⤵
  PID:5316
- C:\Windows\System\rDiOotm.exe
  C:\Windows\System\rDiOotm.exe
  2⤵
  PID:5356
- C:\Windows\System\VprwLGD.exe
  C:\Windows\System\VprwLGD.exe
  2⤵
  PID:5424
- C:\Windows\System\JDgKjrw.exe
  C:\Windows\System\JDgKjrw.exe
  2⤵
  PID:5496
- C:\Windows\System\AgCyHaJ.exe
  C:\Windows\System\AgCyHaJ.exe
  2⤵
  PID:5540
- C:\Windows\System\nEFjiDg.exe
  C:\Windows\System\nEFjiDg.exe
  2⤵
  PID:5480
- C:\Windows\System\FMfnGJO.exe
  C:\Windows\System\FMfnGJO.exe
  2⤵
  PID:5656
- C:\Windows\System\AAEFUhz.exe
  C:\Windows\System\AAEFUhz.exe
  2⤵
  PID:5680
- C:\Windows\System\dJEcqUl.exe
  C:\Windows\System\dJEcqUl.exe
  2⤵
  PID:5720
- C:\Windows\System\GIYupGA.exe
  C:\Windows\System\GIYupGA.exe
  2⤵
  PID:5820
- C:\Windows\System\IfjrJuf.exe
  C:\Windows\System\IfjrJuf.exe
  2⤵
  PID:2684
- C:\Windows\System\JcGlyBV.exe
  C:\Windows\System\JcGlyBV.exe
  2⤵
  PID:5944
- C:\Windows\System\VSJBLvv.exe
  C:\Windows\System\VSJBLvv.exe
  2⤵
  PID:5920
- C:\Windows\System\pzAnNrn.exe
  C:\Windows\System\pzAnNrn.exe
  2⤵
  PID:5960
- C:\Windows\System\dZgiygM.exe
  C:\Windows\System\dZgiygM.exe
  2⤵
  PID:6056
- C:\Windows\System\jQNkXPu.exe
  C:\Windows\System\jQNkXPu.exe
  2⤵
  PID:6076
- C:\Windows\System\GfFZomW.exe
  C:\Windows\System\GfFZomW.exe
  2⤵
  PID:6104
- C:\Windows\System\RJhYoGq.exe
  C:\Windows\System\RJhYoGq.exe
  2⤵
  PID:6120
- C:\Windows\System\hbYQnsu.exe
  C:\Windows\System\hbYQnsu.exe
  2⤵
  PID:4184
- C:\Windows\System\iLWUPuE.exe
  C:\Windows\System\iLWUPuE.exe
  2⤵
  PID:3744
- C:\Windows\System\NkiLKFG.exe
  C:\Windows\System\NkiLKFG.exe
  2⤵
  PID:4748
- C:\Windows\System\gEdELfY.exe
  C:\Windows\System\gEdELfY.exe
  2⤵
  PID:5144
- C:\Windows\System\ikaVbdy.exe
  C:\Windows\System\ikaVbdy.exe
  2⤵
  PID:5156
- C:\Windows\System\jpcQbiN.exe
  C:\Windows\System\jpcQbiN.exe
  2⤵
  PID:5204
- C:\Windows\System\VuGemKS.exe
  C:\Windows\System\VuGemKS.exe
  2⤵
  PID:5456
- C:\Windows\System\dwJmyBc.exe
  C:\Windows\System\dwJmyBc.exe
  2⤵
  PID:5444
- C:\Windows\System\LPHSTeQ.exe
  C:\Windows\System\LPHSTeQ.exe
  2⤵
  PID:5396
- C:\Windows\System\AnEGyaD.exe
  C:\Windows\System\AnEGyaD.exe
  2⤵
  PID:5516
- C:\Windows\System\cHTUmqT.exe
  C:\Windows\System\cHTUmqT.exe
  2⤵
  PID:5636
- C:\Windows\System\xQapJaL.exe
  C:\Windows\System\xQapJaL.exe
  2⤵
  PID:5776
- C:\Windows\System\mOsyYjs.exe
  C:\Windows\System\mOsyYjs.exe
  2⤵
  PID:5864
- C:\Windows\System\WmArxGo.exe
  C:\Windows\System\WmArxGo.exe
  2⤵
  PID:2664
- C:\Windows\System\XnbkVUt.exe
  C:\Windows\System\XnbkVUt.exe
  2⤵
  PID:2920
- C:\Windows\System\RuMgbGo.exe
  C:\Windows\System\RuMgbGo.exe
  2⤵
  PID:6000
- C:\Windows\System\IwHlDoq.exe
  C:\Windows\System\IwHlDoq.exe
  2⤵
  PID:6124
- C:\Windows\System\sVwxznK.exe
  C:\Windows\System\sVwxznK.exe
  2⤵
  PID:3564
- C:\Windows\System\RzkdrWy.exe
  C:\Windows\System\RzkdrWy.exe
  2⤵
  PID:2628
- C:\Windows\System\ueEjCKF.exe
  C:\Windows\System\ueEjCKF.exe
  2⤵
  PID:5136
- C:\Windows\System\SzSiPmH.exe
  C:\Windows\System\SzSiPmH.exe
  2⤵
  PID:5264
- C:\Windows\System\sKLlkrb.exe
  C:\Windows\System\sKLlkrb.exe
  2⤵
  PID:5536
- C:\Windows\System\UfxhzNc.exe
  C:\Windows\System\UfxhzNc.exe
  2⤵
  PID:5476
- C:\Windows\System\poMiWQx.exe
  C:\Windows\System\poMiWQx.exe
  2⤵
  PID:5576
- C:\Windows\System\LeCWwtK.exe
  C:\Windows\System\LeCWwtK.exe
  2⤵
  PID:5796
- C:\Windows\System\cwgRPuk.exe
  C:\Windows\System\cwgRPuk.exe
  2⤵
  PID:2700
- C:\Windows\System\ktyDfwZ.exe
  C:\Windows\System\ktyDfwZ.exe
  2⤵
  PID:3196
- C:\Windows\System\tAvsnmm.exe
  C:\Windows\System\tAvsnmm.exe
  2⤵
  PID:4332
- C:\Windows\System\KwPHpAZ.exe
  C:\Windows\System\KwPHpAZ.exe
  2⤵
  PID:2556
- C:\Windows\System\fNQwDNu.exe
  C:\Windows\System\fNQwDNu.exe
  2⤵
  PID:6148
- C:\Windows\System\UQKnapf.exe
  C:\Windows\System\UQKnapf.exe
  2⤵
  PID:6168
- C:\Windows\System\IuaIVro.exe
  C:\Windows\System\IuaIVro.exe
  2⤵
  PID:6188
- C:\Windows\System\OURjLyh.exe
  C:\Windows\System\OURjLyh.exe
  2⤵
  PID:6208
- C:\Windows\System\drUPiCT.exe
  C:\Windows\System\drUPiCT.exe
  2⤵
  PID:6228
- C:\Windows\System\zNOAmBT.exe
  C:\Windows\System\zNOAmBT.exe
  2⤵
  PID:6248
- C:\Windows\System\OfDimvR.exe
  C:\Windows\System\OfDimvR.exe
  2⤵
  PID:6268
- C:\Windows\System\lGuhtHt.exe
  C:\Windows\System\lGuhtHt.exe
  2⤵
  PID:6288
- C:\Windows\System\xjEVcDO.exe
  C:\Windows\System\xjEVcDO.exe
  2⤵
  PID:6308
- C:\Windows\System\mEkKsOr.exe
  C:\Windows\System\mEkKsOr.exe
  2⤵
  PID:6328
- C:\Windows\System\nHVLBNq.exe
  C:\Windows\System\nHVLBNq.exe
  2⤵
  PID:6348
- C:\Windows\System\SKjpiWF.exe
  C:\Windows\System\SKjpiWF.exe
  2⤵
  PID:6368
- C:\Windows\System\mvAhKUN.exe
  C:\Windows\System\mvAhKUN.exe
  2⤵
  PID:6384
- C:\Windows\System\yJUCwEV.exe
  C:\Windows\System\yJUCwEV.exe
  2⤵
  PID:6408
- C:\Windows\System\ThDeNMY.exe
  C:\Windows\System\ThDeNMY.exe
  2⤵
  PID:6428
- C:\Windows\System\ujaUOPp.exe
  C:\Windows\System\ujaUOPp.exe
  2⤵
  PID:6448
- C:\Windows\System\yPpjkxE.exe
  C:\Windows\System\yPpjkxE.exe
  2⤵
  PID:6468
- C:\Windows\System\UyFnEkh.exe
  C:\Windows\System\UyFnEkh.exe
  2⤵
  PID:6488
- C:\Windows\System\TeisnfY.exe
  C:\Windows\System\TeisnfY.exe
  2⤵
  PID:6508
- C:\Windows\System\YKFuilj.exe
  C:\Windows\System\YKFuilj.exe
  2⤵
  PID:6528
- C:\Windows\System\CtMfcKM.exe
  C:\Windows\System\CtMfcKM.exe
  2⤵
  PID:6548
- C:\Windows\System\VTKenAX.exe
  C:\Windows\System\VTKenAX.exe
  2⤵
  PID:6568
- C:\Windows\System\dXuFRiX.exe
  C:\Windows\System\dXuFRiX.exe
  2⤵
  PID:6588
- C:\Windows\System\OCpOqnw.exe
  C:\Windows\System\OCpOqnw.exe
  2⤵
  PID:6608
- C:\Windows\System\IbJxTgo.exe
  C:\Windows\System\IbJxTgo.exe
  2⤵
  PID:6628
- C:\Windows\System\DVMAOAY.exe
  C:\Windows\System\DVMAOAY.exe
  2⤵
  PID:6648
- C:\Windows\System\vdFJNIJ.exe
  C:\Windows\System\vdFJNIJ.exe
  2⤵
  PID:6664
- C:\Windows\System\igSvByS.exe
  C:\Windows\System\igSvByS.exe
  2⤵
  PID:6688
- C:\Windows\System\EqZNflt.exe
  C:\Windows\System\EqZNflt.exe
  2⤵
  PID:6704
- C:\Windows\System\mKQhitC.exe
  C:\Windows\System\mKQhitC.exe
  2⤵
  PID:6728
- C:\Windows\System\yjWZqQH.exe
  C:\Windows\System\yjWZqQH.exe
  2⤵
  PID:6748
- C:\Windows\System\htDIdfc.exe
  C:\Windows\System\htDIdfc.exe
  2⤵
  PID:6768
- C:\Windows\System\eoVPldz.exe
  C:\Windows\System\eoVPldz.exe
  2⤵
  PID:6788
- C:\Windows\System\EOSMfih.exe
  C:\Windows\System\EOSMfih.exe
  2⤵
  PID:6808
- C:\Windows\System\LthQLOX.exe
  C:\Windows\System\LthQLOX.exe
  2⤵
  PID:6828
- C:\Windows\System\AiHxotK.exe
  C:\Windows\System\AiHxotK.exe
  2⤵
  PID:6848
- C:\Windows\System\sLpojDG.exe
  C:\Windows\System\sLpojDG.exe
  2⤵
  PID:6868
- C:\Windows\System\VlJiwRB.exe
  C:\Windows\System\VlJiwRB.exe
  2⤵
  PID:6888
- C:\Windows\System\sGmdDsa.exe
  C:\Windows\System\sGmdDsa.exe
  2⤵
  PID:6908
- C:\Windows\System\MFoErXO.exe
  C:\Windows\System\MFoErXO.exe
  2⤵
  PID:6928
- C:\Windows\System\GGUAnoi.exe
  C:\Windows\System\GGUAnoi.exe
  2⤵
  PID:6948
- C:\Windows\System\MIatJsm.exe
  C:\Windows\System\MIatJsm.exe
  2⤵
  PID:6968
- C:\Windows\System\NTfInuo.exe
  C:\Windows\System\NTfInuo.exe
  2⤵
  PID:6988
- C:\Windows\System\rEvxsQV.exe
  C:\Windows\System\rEvxsQV.exe
  2⤵
  PID:7008
- C:\Windows\System\fZpFevc.exe
  C:\Windows\System\fZpFevc.exe
  2⤵
  PID:7028
- C:\Windows\System\RjZBjPi.exe
  C:\Windows\System\RjZBjPi.exe
  2⤵
  PID:7048
- C:\Windows\System\tDNMPYX.exe
  C:\Windows\System\tDNMPYX.exe
  2⤵
  PID:7068
- C:\Windows\System\aUeneYR.exe
  C:\Windows\System\aUeneYR.exe
  2⤵
  PID:7088
- C:\Windows\System\TjZlnaN.exe
  C:\Windows\System\TjZlnaN.exe
  2⤵
  PID:7104
- C:\Windows\System\zwoXkLM.exe
  C:\Windows\System\zwoXkLM.exe
  2⤵
  PID:7128
- C:\Windows\System\zhrdJJf.exe
  C:\Windows\System\zhrdJJf.exe
  2⤵
  PID:7148
- C:\Windows\System\cbRYvCc.exe
  C:\Windows\System\cbRYvCc.exe
  2⤵
  PID:4944
- C:\Windows\System\pUcJJgc.exe
  C:\Windows\System\pUcJJgc.exe
  2⤵
  PID:5380
- C:\Windows\System\DcKydQP.exe
  C:\Windows\System\DcKydQP.exe
  2⤵
  PID:5756
- C:\Windows\System\ldvaAZH.exe
  C:\Windows\System\ldvaAZH.exe
  2⤵
  PID:5764
- C:\Windows\System\EgSSqEw.exe
  C:\Windows\System\EgSSqEw.exe
  2⤵
  PID:5956
- C:\Windows\System\gjKqQFW.exe
  C:\Windows\System\gjKqQFW.exe
  2⤵
  PID:2352
- C:\Windows\System\moGBfrs.exe
  C:\Windows\System\moGBfrs.exe
  2⤵
  PID:5284
- C:\Windows\System\cbOugGn.exe
  C:\Windows\System\cbOugGn.exe
  2⤵
  PID:6204
- C:\Windows\System\AHhgEDV.exe
  C:\Windows\System\AHhgEDV.exe
  2⤵
  PID:6184
- C:\Windows\System\cFZQXeH.exe
  C:\Windows\System\cFZQXeH.exe
  2⤵
  PID:6224
- C:\Windows\System\DdsDCUH.exe
  C:\Windows\System\DdsDCUH.exe
  2⤵
  PID:6284
- C:\Windows\System\BgIeJFH.exe
  C:\Windows\System\BgIeJFH.exe
  2⤵
  PID:6316
- C:\Windows\System\NVOFMJx.exe
  C:\Windows\System\NVOFMJx.exe
  2⤵
  PID:6356
- C:\Windows\System\ldkWkYI.exe
  C:\Windows\System\ldkWkYI.exe
  2⤵
  PID:6360
- C:\Windows\System\PtFgXlC.exe
  C:\Windows\System\PtFgXlC.exe
  2⤵
  PID:6400
- C:\Windows\System\tmyLErO.exe
  C:\Windows\System\tmyLErO.exe
  2⤵
  PID:6416
- C:\Windows\System\tVhSJLi.exe
  C:\Windows\System\tVhSJLi.exe
  2⤵
  PID:2708
- C:\Windows\System\CQEHmJG.exe
  C:\Windows\System\CQEHmJG.exe
  2⤵
  PID:6480
- C:\Windows\System\wEWdxFY.exe
  C:\Windows\System\wEWdxFY.exe
  2⤵
  PID:6524
- C:\Windows\System\AgeVVSS.exe
  C:\Windows\System\AgeVVSS.exe
  2⤵
  PID:6540
- C:\Windows\System\UiqqcFV.exe
  C:\Windows\System\UiqqcFV.exe
  2⤵
  PID:6584
- C:\Windows\System\pTkWawB.exe
  C:\Windows\System\pTkWawB.exe
  2⤵
  PID:6636
- C:\Windows\System\pyvJPBo.exe
  C:\Windows\System\pyvJPBo.exe
  2⤵
  PID:6620
- C:\Windows\System\ktgqomM.exe
  C:\Windows\System\ktgqomM.exe
  2⤵
  PID:6684
- C:\Windows\System\tLmKLOL.exe
  C:\Windows\System\tLmKLOL.exe
  2⤵
  PID:6720
- C:\Windows\System\mcDpMRJ.exe
  C:\Windows\System\mcDpMRJ.exe
  2⤵
  PID:6744
- C:\Windows\System\KBVKOPx.exe
  C:\Windows\System\KBVKOPx.exe
  2⤵
  PID:2552
- C:\Windows\System\CatdYIh.exe
  C:\Windows\System\CatdYIh.exe
  2⤵
  PID:6780
- C:\Windows\System\qacggHD.exe
  C:\Windows\System\qacggHD.exe
  2⤵
  PID:6824
- C:\Windows\System\qodwGyg.exe
  C:\Windows\System\qodwGyg.exe
  2⤵
  PID:6884
- C:\Windows\System\YuwwtDq.exe
  C:\Windows\System\YuwwtDq.exe
  2⤵
  PID:6896
- C:\Windows\System\IhcjADr.exe
  C:\Windows\System\IhcjADr.exe
  2⤵
  PID:6900
- C:\Windows\System\MkRCbDG.exe
  C:\Windows\System\MkRCbDG.exe
  2⤵
  PID:6944
- C:\Windows\System\yycoORW.exe
  C:\Windows\System\yycoORW.exe
  2⤵
  PID:6976
- C:\Windows\System\AytMDlq.exe
  C:\Windows\System\AytMDlq.exe
  2⤵
  PID:7044
- C:\Windows\System\OBIqyqF.exe
  C:\Windows\System\OBIqyqF.exe
  2⤵
  PID:7076
- C:\Windows\System\lLQAbeM.exe
  C:\Windows\System\lLQAbeM.exe
  2⤵
  PID:7056
- C:\Windows\System\obpvoCS.exe
  C:\Windows\System\obpvoCS.exe
  2⤵
  PID:7100
- C:\Windows\System\cIlcXog.exe
  C:\Windows\System\cIlcXog.exe
  2⤵
  PID:7136
- C:\Windows\System\OHURrtt.exe
  C:\Windows\System\OHURrtt.exe
  2⤵
  PID:5760
- C:\Windows\System\JRIFtGZ.exe
  C:\Windows\System\JRIFtGZ.exe
  2⤵
  PID:6040
- C:\Windows\System\CmcBexz.exe
  C:\Windows\System\CmcBexz.exe
  2⤵
  PID:536
- C:\Windows\System\snaUQVg.exe
  C:\Windows\System\snaUQVg.exe
  2⤵
  PID:2064
- C:\Windows\System\qVfLJuu.exe
  C:\Windows\System\qVfLJuu.exe
  2⤵
  PID:5336
- C:\Windows\System\jwWCQSt.exe
  C:\Windows\System\jwWCQSt.exe
  2⤵
  PID:2000
- C:\Windows\System\GsUINeJ.exe
  C:\Windows\System\GsUINeJ.exe
  2⤵
  PID:3500
- C:\Windows\System\wzXTWLb.exe
  C:\Windows\System\wzXTWLb.exe
  2⤵
  PID:6320
- C:\Windows\System\CtERCIk.exe
  C:\Windows\System\CtERCIk.exe
  2⤵
  PID:6344
- C:\Windows\System\nWYoHuh.exe
  C:\Windows\System\nWYoHuh.exe
  2⤵
  PID:6456
- C:\Windows\System\RGojYIq.exe
  C:\Windows\System\RGojYIq.exe
  2⤵
  PID:6460
- C:\Windows\System\TWhnZto.exe
  C:\Windows\System\TWhnZto.exe
  2⤵
  PID:6536
- C:\Windows\System\SSAqsDe.exe
  C:\Windows\System\SSAqsDe.exe
  2⤵
  PID:2816
- C:\Windows\System\VoriltR.exe
  C:\Windows\System\VoriltR.exe
  2⤵
  PID:4956
- C:\Windows\System\SQRRtBT.exe
  C:\Windows\System\SQRRtBT.exe
  2⤵
  PID:6640
- C:\Windows\System\TUhcBiA.exe
  C:\Windows\System\TUhcBiA.exe
  2⤵
  PID:6680
- C:\Windows\System\DmsEURp.exe
  C:\Windows\System\DmsEURp.exe
  2⤵
  PID:6700
- C:\Windows\System\EyRJVNT.exe
  C:\Windows\System\EyRJVNT.exe
  2⤵
  PID:6736
- C:\Windows\System\saqbswm.exe
  C:\Windows\System\saqbswm.exe
  2⤵
  PID:6820
- C:\Windows\System\znJMAgS.exe
  C:\Windows\System\znJMAgS.exe
  2⤵
  PID:2728
- C:\Windows\System\wdXPTVF.exe
  C:\Windows\System\wdXPTVF.exe
  2⤵
  PID:6924
- C:\Windows\System\RVkotWR.exe
  C:\Windows\System\RVkotWR.exe
  2⤵
  PID:6960
- C:\Windows\System\GwRAYIq.exe
  C:\Windows\System\GwRAYIq.exe
  2⤵
  PID:668
- C:\Windows\System\xkZyTbQ.exe
  C:\Windows\System\xkZyTbQ.exe
  2⤵
  PID:7004
- C:\Windows\System\KFgfjup.exe
  C:\Windows\System\KFgfjup.exe
  2⤵
  PID:7120
- C:\Windows\System\VHCUeHN.exe
  C:\Windows\System\VHCUeHN.exe
  2⤵
  PID:1052
- C:\Windows\System\djpuDNP.exe
  C:\Windows\System\djpuDNP.exe
  2⤵
  PID:7164
- C:\Windows\System\iWSZGrw.exe
  C:\Windows\System\iWSZGrw.exe
  2⤵
  PID:7140
- C:\Windows\System\AqbwnAk.exe
  C:\Windows\System\AqbwnAk.exe
  2⤵
  PID:2792
- C:\Windows\System\hYbzZPn.exe
  C:\Windows\System\hYbzZPn.exe
  2⤵
  PID:636
- C:\Windows\System\VdPBqTm.exe
  C:\Windows\System\VdPBqTm.exe
  2⤵
  PID:5716
- C:\Windows\System\yMrtpxJ.exe
  C:\Windows\System\yMrtpxJ.exe
  2⤵
  PID:6180
- C:\Windows\System\XTTvkiG.exe
  C:\Windows\System\XTTvkiG.exe
  2⤵
  PID:1984
- C:\Windows\System\NIppcPg.exe
  C:\Windows\System\NIppcPg.exe
  2⤵
  PID:1536
- C:\Windows\System\kgKGBKB.exe
  C:\Windows\System\kgKGBKB.exe
  2⤵
  PID:6256
- C:\Windows\System\YjxEzlK.exe
  C:\Windows\System\YjxEzlK.exe
  2⤵
  PID:912
- C:\Windows\System\QkijQZb.exe
  C:\Windows\System\QkijQZb.exe
  2⤵
  PID:6304
- C:\Windows\System\XahDhzw.exe
  C:\Windows\System\XahDhzw.exe
  2⤵
  PID:2800
- C:\Windows\System\MOyCMmy.exe
  C:\Windows\System\MOyCMmy.exe
  2⤵
  PID:6364
- C:\Windows\System\RSwFgCL.exe
  C:\Windows\System\RSwFgCL.exe
  2⤵
  PID:320
- C:\Windows\System\CLALmrz.exe
  C:\Windows\System\CLALmrz.exe
  2⤵
  PID:6712
- C:\Windows\System\tcAJOik.exe
  C:\Windows\System\tcAJOik.exe
  2⤵
  PID:6740
- C:\Windows\System\XATCkUX.exe
  C:\Windows\System\XATCkUX.exe
  2⤵
  PID:6476
- C:\Windows\System\ePDTgQF.exe
  C:\Windows\System\ePDTgQF.exe
  2⤵
  PID:4960
- C:\Windows\System\QsaoYUq.exe
  C:\Windows\System\QsaoYUq.exe
  2⤵
  PID:6836
- C:\Windows\System\TIXmgPH.exe
  C:\Windows\System\TIXmgPH.exe
  2⤵
  PID:6920
- C:\Windows\System\VHCAuoZ.exe
  C:\Windows\System\VHCAuoZ.exe
  2⤵
  PID:6856
- C:\Windows\System\iAbHkub.exe
  C:\Windows\System\iAbHkub.exe
  2⤵
  PID:2872
- C:\Windows\System\jDGuWwv.exe
  C:\Windows\System\jDGuWwv.exe
  2⤵
  PID:7020
- C:\Windows\System\NarhHAF.exe
  C:\Windows\System\NarhHAF.exe
  2⤵
  PID:2388
- C:\Windows\System\VoeRAnb.exe
  C:\Windows\System\VoeRAnb.exe
  2⤵
  PID:3364
- C:\Windows\System\iZYbuBd.exe
  C:\Windows\System\iZYbuBd.exe
  2⤵
  PID:616
- C:\Windows\System\hJzndAo.exe
  C:\Windows\System\hJzndAo.exe
  2⤵
  PID:2776
- C:\Windows\System\kBGFwnH.exe
  C:\Windows\System\kBGFwnH.exe
  2⤵
  PID:2848
- C:\Windows\System\DNIaKCR.exe
  C:\Windows\System\DNIaKCR.exe
  2⤵
  PID:1812
- C:\Windows\System\oZDtfQu.exe
  C:\Windows\System\oZDtfQu.exe
  2⤵
  PID:544
- C:\Windows\System\CZEwFGl.exe
  C:\Windows\System\CZEwFGl.exe
  2⤵
  PID:6604
- C:\Windows\System\deOTYri.exe
  C:\Windows\System\deOTYri.exe
  2⤵
  PID:6504
- C:\Windows\System\FmdMFJq.exe
  C:\Windows\System\FmdMFJq.exe
  2⤵
  PID:6556
- C:\Windows\System\PqSIRsl.exe
  C:\Windows\System\PqSIRsl.exe
  2⤵
  PID:7064
- C:\Windows\System\HmlioZM.exe
  C:\Windows\System\HmlioZM.exe
  2⤵
  PID:6716
- C:\Windows\System\LGruhNi.exe
  C:\Windows\System\LGruhNi.exe
  2⤵
  PID:4952
- C:\Windows\System\CDDfoDb.exe
  C:\Windows\System\CDDfoDb.exe
  2⤵
  PID:6296
- C:\Windows\System\xFeQFIv.exe
  C:\Windows\System\xFeQFIv.exe
  2⤵
  PID:5896
- C:\Windows\System\yFVzBJq.exe
  C:\Windows\System\yFVzBJq.exe
  2⤵
  PID:3852
- C:\Windows\System\FOoIAjj.exe
  C:\Windows\System\FOoIAjj.exe
  2⤵
  PID:1648
- C:\Windows\System\jNDBTmY.exe
  C:\Windows\System\jNDBTmY.exe
  2⤵
  PID:1592
- C:\Windows\System\DddHtIn.exe
  C:\Windows\System\DddHtIn.exe
  2⤵
  PID:6260
- C:\Windows\System\JaAEQQW.exe
  C:\Windows\System\JaAEQQW.exe
  2⤵
  PID:6436
- C:\Windows\System\xmlHhzV.exe
  C:\Windows\System\xmlHhzV.exe
  2⤵
  PID:1088
- C:\Windows\System\kNBXcRv.exe
  C:\Windows\System\kNBXcRv.exe
  2⤵
  PID:7176
- C:\Windows\System\wWRyCQU.exe
  C:\Windows\System\wWRyCQU.exe
  2⤵
  PID:7192
- C:\Windows\System\CaBZHoy.exe
  C:\Windows\System\CaBZHoy.exe
  2⤵
  PID:7208
- C:\Windows\System\gqstSNp.exe
  C:\Windows\System\gqstSNp.exe
  2⤵
  PID:7224
- C:\Windows\System\trIWTKQ.exe
  C:\Windows\System\trIWTKQ.exe
  2⤵
  PID:7244
- C:\Windows\System\iMESuGT.exe
  C:\Windows\System\iMESuGT.exe
  2⤵
  PID:7260
- C:\Windows\System\txNuGWI.exe
  C:\Windows\System\txNuGWI.exe
  2⤵
  PID:7280
- C:\Windows\System\BSeQbra.exe
  C:\Windows\System\BSeQbra.exe
  2⤵
  PID:7332
- C:\Windows\System\rnoVHMB.exe
  C:\Windows\System\rnoVHMB.exe
  2⤵
  PID:7348
- C:\Windows\System\YzxrKNk.exe
  C:\Windows\System\YzxrKNk.exe
  2⤵
  PID:7368
- C:\Windows\System\eevZkLW.exe
  C:\Windows\System\eevZkLW.exe
  2⤵
  PID:7388
- C:\Windows\System\btlGwMd.exe
  C:\Windows\System\btlGwMd.exe
  2⤵
  PID:7404
- C:\Windows\System\habpOer.exe
  C:\Windows\System\habpOer.exe
  2⤵
  PID:7424
- C:\Windows\System\bgrMIvO.exe
  C:\Windows\System\bgrMIvO.exe
  2⤵
  PID:7444
- C:\Windows\System\ZdtZQcl.exe
  C:\Windows\System\ZdtZQcl.exe
  2⤵
  PID:7464
- C:\Windows\System\nhGIFwe.exe
  C:\Windows\System\nhGIFwe.exe
  2⤵
  PID:7480
- C:\Windows\System\iqaNoxm.exe
  C:\Windows\System\iqaNoxm.exe
  2⤵
  PID:7496
- C:\Windows\System\OGmZokb.exe
  C:\Windows\System\OGmZokb.exe
  2⤵
  PID:7516
- C:\Windows\System\ztwqXHM.exe
  C:\Windows\System\ztwqXHM.exe
  2⤵
  PID:7532
- C:\Windows\System\bsxKAHn.exe
  C:\Windows\System\bsxKAHn.exe
  2⤵
  PID:7576
- C:\Windows\System\vMptHzk.exe
  C:\Windows\System\vMptHzk.exe
  2⤵
  PID:7592
- C:\Windows\System\OwgpyeR.exe
  C:\Windows\System\OwgpyeR.exe
  2⤵
  PID:7608
- C:\Windows\System\OGnbEBK.exe
  C:\Windows\System\OGnbEBK.exe
  2⤵
  PID:7628
- C:\Windows\System\lfkqOvB.exe
  C:\Windows\System\lfkqOvB.exe
  2⤵
  PID:7644
- C:\Windows\System\HQimMvh.exe
  C:\Windows\System\HQimMvh.exe
  2⤵
  PID:7664
- C:\Windows\System\KOAEjEt.exe
  C:\Windows\System\KOAEjEt.exe
  2⤵
  PID:7680
- C:\Windows\System\TYRBINN.exe
  C:\Windows\System\TYRBINN.exe
  2⤵
  PID:7696
- C:\Windows\System\AeEHieX.exe
  C:\Windows\System\AeEHieX.exe
  2⤵
  PID:7716
- C:\Windows\System\OPYzMUI.exe
  C:\Windows\System\OPYzMUI.exe
  2⤵
  PID:7732
- C:\Windows\System\tlXmwWJ.exe
  C:\Windows\System\tlXmwWJ.exe
  2⤵
  PID:7752
- C:\Windows\System\PeLhhKg.exe
  C:\Windows\System\PeLhhKg.exe
  2⤵
  PID:7772
- C:\Windows\System\UBYkKpt.exe
  C:\Windows\System\UBYkKpt.exe
  2⤵
  PID:7824
- C:\Windows\System\UvaHXrj.exe
  C:\Windows\System\UvaHXrj.exe
  2⤵
  PID:7840
- C:\Windows\System\jFkSfIO.exe
  C:\Windows\System\jFkSfIO.exe
  2⤵
  PID:7860
- C:\Windows\System\FAMBDlh.exe
  C:\Windows\System\FAMBDlh.exe
  2⤵
  PID:7876
- C:\Windows\System\aSsfypp.exe
  C:\Windows\System\aSsfypp.exe
  2⤵
  PID:7892
- C:\Windows\System\fnnhIMW.exe
  C:\Windows\System\fnnhIMW.exe
  2⤵
  PID:7908
- C:\Windows\System\ekLKOFi.exe
  C:\Windows\System\ekLKOFi.exe
  2⤵
  PID:7924
- C:\Windows\System\sfSmBUT.exe
  C:\Windows\System\sfSmBUT.exe
  2⤵
  PID:7944
- C:\Windows\System\NmAqKaj.exe
  C:\Windows\System\NmAqKaj.exe
  2⤵
  PID:7972
- C:\Windows\System\nwzIGfE.exe
  C:\Windows\System\nwzIGfE.exe
  2⤵
  PID:7988
- C:\Windows\System\jQESCjc.exe
  C:\Windows\System\jQESCjc.exe
  2⤵
  PID:8012
- C:\Windows\System\ydaYsGa.exe
  C:\Windows\System\ydaYsGa.exe
  2⤵
  PID:8036
- C:\Windows\System\mJqdeVL.exe
  C:\Windows\System\mJqdeVL.exe
  2⤵
  PID:8052
- C:\Windows\System\YjuFROH.exe
  C:\Windows\System\YjuFROH.exe
  2⤵
  PID:8068
- C:\Windows\System\EqmGZpd.exe
  C:\Windows\System\EqmGZpd.exe
  2⤵
  PID:8084
- C:\Windows\System\CCmRmFS.exe
  C:\Windows\System\CCmRmFS.exe
  2⤵
  PID:8104
- C:\Windows\System\alcdUrO.exe
  C:\Windows\System\alcdUrO.exe
  2⤵
  PID:8140
- C:\Windows\System\doUKmwG.exe
  C:\Windows\System\doUKmwG.exe
  2⤵
  PID:8160
- C:\Windows\System\XbLdalT.exe
  C:\Windows\System\XbLdalT.exe
  2⤵
  PID:8180
- C:\Windows\System\BFzmdEo.exe
  C:\Windows\System\BFzmdEo.exe
  2⤵
  PID:2224
- C:\Windows\System\gFGWkiN.exe
  C:\Windows\System\gFGWkiN.exe
  2⤵
  PID:7024
- C:\Windows\System\UoOzJdd.exe
  C:\Windows\System\UoOzJdd.exe
  2⤵
  PID:1548
- C:\Windows\System\selFnqA.exe
  C:\Windows\System\selFnqA.exe
  2⤵
  PID:2124
- C:\Windows\System\WZXyTmm.exe
  C:\Windows\System\WZXyTmm.exe
  2⤵
  PID:7252
- C:\Windows\System\xISgZVb.exe
  C:\Windows\System\xISgZVb.exe
  2⤵
  PID:7300
- C:\Windows\System\NYftvyx.exe
  C:\Windows\System\NYftvyx.exe
  2⤵
  PID:7312
- C:\Windows\System\oRDTAhT.exe
  C:\Windows\System\oRDTAhT.exe
  2⤵
  PID:7328
- C:\Windows\System\LMpWnfv.exe
  C:\Windows\System\LMpWnfv.exe
  2⤵
  PID:6956
- C:\Windows\System\PYeVuID.exe
  C:\Windows\System\PYeVuID.exe
  2⤵
  PID:7268
- C:\Windows\System\HGjMYoi.exe
  C:\Windows\System\HGjMYoi.exe
  2⤵
  PID:7440
- C:\Windows\System\bHHptiO.exe
  C:\Windows\System\bHHptiO.exe
  2⤵
  PID:5400
- C:\Windows\System\XNCtZnV.exe
  C:\Windows\System\XNCtZnV.exe
  2⤵
  PID:7376
- C:\Windows\System\dbcwjbv.exe
  C:\Windows\System\dbcwjbv.exe
  2⤵
  PID:7412
- C:\Windows\System\jbMbHzA.exe
  C:\Windows\System\jbMbHzA.exe
  2⤵
  PID:7508
- C:\Windows\System\OdmUoqu.exe
  C:\Windows\System\OdmUoqu.exe
  2⤵
  PID:7456
- C:\Windows\System\EAoyIck.exe
  C:\Windows\System\EAoyIck.exe
  2⤵
  PID:7540
- C:\Windows\System\KDRXHSF.exe
  C:\Windows\System\KDRXHSF.exe
  2⤵
  PID:7560
- C:\Windows\System\ozTpKUo.exe
  C:\Windows\System\ozTpKUo.exe
  2⤵
  PID:7492
- C:\Windows\System\ijMrZLm.exe
  C:\Windows\System\ijMrZLm.exe
  2⤵
  PID:7544
- C:\Windows\System\CLLSFmR.exe
  C:\Windows\System\CLLSFmR.exe
  2⤵
  PID:7640
- C:\Windows\System\RftOLWh.exe
  C:\Windows\System\RftOLWh.exe
  2⤵
  PID:7712
- C:\Windows\System\NWSNpOn.exe
  C:\Windows\System\NWSNpOn.exe
  2⤵
  PID:7780
- C:\Windows\System\sAyNxsu.exe
  C:\Windows\System\sAyNxsu.exe
  2⤵
  PID:7808
- C:\Windows\System\TnQUPon.exe
  C:\Windows\System\TnQUPon.exe
  2⤵
  PID:7768
- C:\Windows\System\LJnpPiL.exe
  C:\Windows\System\LJnpPiL.exe
  2⤵
  PID:7784
- C:\Windows\System\RwpiuNi.exe
  C:\Windows\System\RwpiuNi.exe
  2⤵
  PID:7872
- C:\Windows\System\HZrangm.exe
  C:\Windows\System\HZrangm.exe
  2⤵
  PID:7856
- C:\Windows\System\CwgfOjD.exe
  C:\Windows\System\CwgfOjD.exe
  2⤵
  PID:7920
- C:\Windows\System\FLcYWji.exe
  C:\Windows\System\FLcYWji.exe
  2⤵
  PID:7936
- C:\Windows\System\rRGoAIf.exe
  C:\Windows\System\rRGoAIf.exe
  2⤵
  PID:7996
- C:\Windows\System\zbATCZT.exe
  C:\Windows\System\zbATCZT.exe
  2⤵
  PID:8020
- C:\Windows\System\QhVYfpO.exe
  C:\Windows\System\QhVYfpO.exe
  2⤵
  PID:8032
- C:\Windows\System\WJqeOBl.exe
  C:\Windows\System\WJqeOBl.exe
  2⤵
  PID:7984
- C:\Windows\System\VXWJEac.exe
  C:\Windows\System\VXWJEac.exe
  2⤵
  PID:8128
- C:\Windows\System\kGsXxvO.exe
  C:\Windows\System\kGsXxvO.exe
  2⤵
  PID:8148
- C:\Windows\System\nNehNWn.exe
  C:\Windows\System\nNehNWn.exe
  2⤵
  PID:2812
- C:\Windows\System\McBGYXc.exe
  C:\Windows\System\McBGYXc.exe
  2⤵
  PID:2936
- C:\Windows\System\uATkVRJ.exe
  C:\Windows\System\uATkVRJ.exe
  2⤵
  PID:8176
- C:\Windows\System\eXlnfET.exe
  C:\Windows\System\eXlnfET.exe
  2⤵
  PID:7256
- C:\Windows\System\xdNeCyg.exe
  C:\Windows\System\xdNeCyg.exe
  2⤵
  PID:7396
- C:\Windows\System\wFNKQkO.exe
  C:\Windows\System\wFNKQkO.exe
  2⤵
  PID:7344
- C:\Windows\System\cDpBoei.exe
  C:\Windows\System\cDpBoei.exe
  2⤵
  PID:6860
- C:\Windows\System\QjMnIxE.exe
  C:\Windows\System\QjMnIxE.exe
  2⤵
  PID:7620
- C:\Windows\System\IaJFyrM.exe
  C:\Windows\System\IaJFyrM.exe
  2⤵
  PID:7360
- C:\Windows\System\MfQUIls.exe
  C:\Windows\System\MfQUIls.exe
  2⤵
  PID:7160
- C:\Windows\System\lZgyNGZ.exe
  C:\Windows\System\lZgyNGZ.exe
  2⤵
  PID:7380
- C:\Windows\System\buLGrjD.exe
  C:\Windows\System\buLGrjD.exe
  2⤵
  PID:7556
- C:\Windows\System\BuhxTBX.exe
  C:\Windows\System\BuhxTBX.exe
  2⤵
  PID:7656
- C:\Windows\System\QWmSJpz.exe
  C:\Windows\System\QWmSJpz.exe
  2⤵
  PID:7792
- C:\Windows\System\ZgibEhz.exe
  C:\Windows\System\ZgibEhz.exe
  2⤵
  PID:7848
- C:\Windows\System\KJUTfJP.exe
  C:\Windows\System\KJUTfJP.exe
  2⤵
  PID:7724
- C:\Windows\System\XAicHAS.exe
  C:\Windows\System\XAicHAS.exe
  2⤵
  PID:7956
- C:\Windows\System\mphhklh.exe
  C:\Windows\System\mphhklh.exe
  2⤵
  PID:7940
- C:\Windows\System\BiedUUM.exe
  C:\Windows\System\BiedUUM.exe
  2⤵
  PID:7748
- C:\Windows\System\fPMgUhz.exe
  C:\Windows\System\fPMgUhz.exe
  2⤵
  PID:8064
- C:\Windows\System\vIwMwCp.exe
  C:\Windows\System\vIwMwCp.exe
  2⤵
  PID:8156
- C:\Windows\System\AsoPgBF.exe
  C:\Windows\System\AsoPgBF.exe
  2⤵
  PID:6840
- C:\Windows\System\RAdsrtB.exe
  C:\Windows\System\RAdsrtB.exe
  2⤵
  PID:2364
- C:\Windows\System\HUlrQAl.exe
  C:\Windows\System\HUlrQAl.exe
  2⤵
  PID:7000
- C:\Windows\System\eTEbpyh.exe
  C:\Windows\System\eTEbpyh.exe
  2⤵
  PID:6560
- C:\Windows\System\TdmsGpy.exe
  C:\Windows\System\TdmsGpy.exe
  2⤵
  PID:7476
- C:\Windows\System\JnnYpRr.exe
  C:\Windows\System\JnnYpRr.exe
  2⤵
  PID:7636
- C:\Windows\System\BHKqvij.exe
  C:\Windows\System\BHKqvij.exe
  2⤵
  PID:7584
- C:\Windows\System\NGnzAQz.exe
  C:\Windows\System\NGnzAQz.exe
  2⤵
  PID:7688
- C:\Windows\System\AcMfnDp.exe
  C:\Windows\System\AcMfnDp.exe
  2⤵
  PID:7676
- C:\Windows\System\FFaTPmi.exe
  C:\Windows\System\FFaTPmi.exe
  2⤵
  PID:8044
- C:\Windows\System\uIHnXOA.exe
  C:\Windows\System\uIHnXOA.exe
  2⤵
  PID:8112
- C:\Windows\System\BnRyvbe.exe
  C:\Windows\System\BnRyvbe.exe
  2⤵
  PID:7436
- C:\Windows\System\eUZNJSB.exe
  C:\Windows\System\eUZNJSB.exe
  2⤵
  PID:7216
- C:\Windows\System\FWhMCsy.exe
  C:\Windows\System\FWhMCsy.exe
  2⤵
  PID:7568
- C:\Windows\System\jzpOgne.exe
  C:\Windows\System\jzpOgne.exe
  2⤵
  PID:8132
- C:\Windows\System\VfSzvwQ.exe
  C:\Windows\System\VfSzvwQ.exe
  2⤵
  PID:7744
- C:\Windows\System\BHuXffC.exe
  C:\Windows\System\BHuXffC.exe
  2⤵
  PID:7356
- C:\Windows\System\CKqPSiH.exe
  C:\Windows\System\CKqPSiH.exe
  2⤵
  PID:7572
- C:\Windows\System\wqfIsfh.exe
  C:\Windows\System\wqfIsfh.exe
  2⤵
  PID:7324
- C:\Windows\System\EzvdHrC.exe
  C:\Windows\System\EzvdHrC.exe
  2⤵
  PID:7760
- C:\Windows\System\FSrxyFX.exe
  C:\Windows\System\FSrxyFX.exe
  2⤵
  PID:8004
- C:\Windows\System\WhtBIjq.exe
  C:\Windows\System\WhtBIjq.exe
  2⤵
  PID:7016
- C:\Windows\System\oqXKKNK.exe
  C:\Windows\System\oqXKKNK.exe
  2⤵
  PID:7604
- C:\Windows\System\iKBUgWW.exe
  C:\Windows\System\iKBUgWW.exe
  2⤵
  PID:7552
- C:\Windows\System\xBMXYyV.exe
  C:\Windows\System\xBMXYyV.exe
  2⤵
  PID:7796
- C:\Windows\System\KWnbTTC.exe
  C:\Windows\System\KWnbTTC.exe
  2⤵
  PID:8100
- C:\Windows\System\nCjNziN.exe
  C:\Windows\System\nCjNziN.exe
  2⤵
  PID:8008
- C:\Windows\System\KAdiyCz.exe
  C:\Windows\System\KAdiyCz.exe
  2⤵
  PID:8200
- C:\Windows\System\XWcDwKm.exe
  C:\Windows\System\XWcDwKm.exe
  2⤵
  PID:8224
- C:\Windows\System\oSGMRnI.exe
  C:\Windows\System\oSGMRnI.exe
  2⤵
  PID:8244
- C:\Windows\System\oQKikUz.exe
  C:\Windows\System\oQKikUz.exe
  2⤵
  PID:8260
- C:\Windows\System\wprYhck.exe
  C:\Windows\System\wprYhck.exe
  2⤵
  PID:8276
- C:\Windows\System\YJEGZLR.exe
  C:\Windows\System\YJEGZLR.exe
  2⤵
  PID:8292
- C:\Windows\System\gMqHudM.exe
  C:\Windows\System\gMqHudM.exe
  2⤵
  PID:8312
- C:\Windows\System\cDOtxkO.exe
  C:\Windows\System\cDOtxkO.exe
  2⤵
  PID:8336
- C:\Windows\System\mGLASbY.exe
  C:\Windows\System\mGLASbY.exe
  2⤵
  PID:8356
- C:\Windows\System\hHybUDL.exe
  C:\Windows\System\hHybUDL.exe
  2⤵
  PID:8372
- C:\Windows\System\ZMPsqXc.exe
  C:\Windows\System\ZMPsqXc.exe
  2⤵
  PID:8416
- C:\Windows\System\inRRZDO.exe
  C:\Windows\System\inRRZDO.exe
  2⤵
  PID:8436
- C:\Windows\System\zXRzZvV.exe
  C:\Windows\System\zXRzZvV.exe
  2⤵
  PID:8452
- C:\Windows\System\qfpnSej.exe
  C:\Windows\System\qfpnSej.exe
  2⤵
  PID:8468
- C:\Windows\System\jGbUKlK.exe
  C:\Windows\System\jGbUKlK.exe
  2⤵
  PID:8484
- C:\Windows\System\CqSuDzw.exe
  C:\Windows\System\CqSuDzw.exe
  2⤵
  PID:8512
- C:\Windows\System\DaaSQzu.exe
  C:\Windows\System\DaaSQzu.exe
  2⤵
  PID:8532
- C:\Windows\System\aMOBgsa.exe
  C:\Windows\System\aMOBgsa.exe
  2⤵
  PID:8548
- C:\Windows\System\nsOElmV.exe
  C:\Windows\System\nsOElmV.exe
  2⤵
  PID:8564
- C:\Windows\System\AreOUIq.exe
  C:\Windows\System\AreOUIq.exe
  2⤵
  PID:8600
- C:\Windows\System\fiwsgzL.exe
  C:\Windows\System\fiwsgzL.exe
  2⤵
  PID:8616
- C:\Windows\System\pYYMgJh.exe
  C:\Windows\System\pYYMgJh.exe
  2⤵
  PID:8636
- C:\Windows\System\pjfBcAJ.exe
  C:\Windows\System\pjfBcAJ.exe
  2⤵
  PID:8656
- C:\Windows\System\wCLRPLH.exe
  C:\Windows\System\wCLRPLH.exe
  2⤵
  PID:8672
- C:\Windows\System\xmyylVe.exe
  C:\Windows\System\xmyylVe.exe
  2⤵
  PID:8692
- C:\Windows\System\MnXlsQN.exe
  C:\Windows\System\MnXlsQN.exe
  2⤵
  PID:8708
- C:\Windows\System\XHcrWQP.exe
  C:\Windows\System\XHcrWQP.exe
  2⤵
  PID:8740
- C:\Windows\System\mvDucmX.exe
  C:\Windows\System\mvDucmX.exe
  2⤵
  PID:8760
- C:\Windows\System\qEhTHcl.exe
  C:\Windows\System\qEhTHcl.exe
  2⤵
  PID:8776
- C:\Windows\System\ImvbQtN.exe
  C:\Windows\System\ImvbQtN.exe
  2⤵
  PID:8792
- C:\Windows\System\LMOFhvS.exe
  C:\Windows\System\LMOFhvS.exe
  2⤵
  PID:8816
- C:\Windows\System\wioWznM.exe
  C:\Windows\System\wioWznM.exe
  2⤵
  PID:8832
- C:\Windows\System\YwOJaVM.exe
  C:\Windows\System\YwOJaVM.exe
  2⤵
  PID:8864
- C:\Windows\System\uISgPVd.exe
  C:\Windows\System\uISgPVd.exe
  2⤵
  PID:8880
- C:\Windows\System\BsSRqwE.exe
  C:\Windows\System\BsSRqwE.exe
  2⤵
  PID:8900
- C:\Windows\System\qkEFgLJ.exe
  C:\Windows\System\qkEFgLJ.exe
  2⤵
  PID:8916
- C:\Windows\System\VMoJIhE.exe
  C:\Windows\System\VMoJIhE.exe
  2⤵
  PID:8940
- C:\Windows\System\MlYPSzj.exe
  C:\Windows\System\MlYPSzj.exe
  2⤵
  PID:8956
- C:\Windows\System\eYFLDFt.exe
  C:\Windows\System\eYFLDFt.exe
  2⤵
  PID:8988
- C:\Windows\System\vSORuxB.exe
  C:\Windows\System\vSORuxB.exe
  2⤵
  PID:9004
- C:\Windows\System\qJzItQn.exe
  C:\Windows\System\qJzItQn.exe
  2⤵
  PID:9024
- C:\Windows\System\HPpgVHF.exe
  C:\Windows\System\HPpgVHF.exe
  2⤵
  PID:9040
- C:\Windows\System\eGozzxM.exe
  C:\Windows\System\eGozzxM.exe
  2⤵
  PID:9068
- C:\Windows\System\aemZkMJ.exe
  C:\Windows\System\aemZkMJ.exe
  2⤵
  PID:9084
- C:\Windows\System\ikCYmzm.exe
  C:\Windows\System\ikCYmzm.exe
  2⤵
  PID:9112
- C:\Windows\System\otcVZMJ.exe
  C:\Windows\System\otcVZMJ.exe
  2⤵
  PID:9128
- C:\Windows\System\mNzGOXE.exe
  C:\Windows\System\mNzGOXE.exe
  2⤵
  PID:9144
- C:\Windows\System\ppKjPtD.exe
  C:\Windows\System\ppKjPtD.exe
  2⤵
  PID:9160
- C:\Windows\System\GzHGotc.exe
  C:\Windows\System\GzHGotc.exe
  2⤵
  PID:9176
- C:\Windows\System\BDkCjDW.exe
  C:\Windows\System\BDkCjDW.exe
  2⤵
  PID:9192
- C:\Windows\System\mlygspU.exe
  C:\Windows\System\mlygspU.exe
  2⤵
  PID:9208
- C:\Windows\System\BwqMBOf.exe
  C:\Windows\System\BwqMBOf.exe
  2⤵
  PID:8208
- C:\Windows\System\crSqKTl.exe
  C:\Windows\System\crSqKTl.exe
  2⤵
  PID:8252
- C:\Windows\System\FXsHLBZ.exe
  C:\Windows\System\FXsHLBZ.exe
  2⤵
  PID:8092
- C:\Windows\System\EVyGWtO.exe
  C:\Windows\System\EVyGWtO.exe
  2⤵
  PID:8332
- C:\Windows\System\HJVtvOk.exe
  C:\Windows\System\HJVtvOk.exe
  2⤵
  PID:8308
- C:\Windows\System\MbRqOTt.exe
  C:\Windows\System\MbRqOTt.exe
  2⤵
  PID:8352
- C:\Windows\System\wHjhmPm.exe
  C:\Windows\System\wHjhmPm.exe
  2⤵
  PID:8196
- C:\Windows\System\DLVxJbJ.exe
  C:\Windows\System\DLVxJbJ.exe
  2⤵
  PID:8400
- C:\Windows\System\pBNkKMl.exe
  C:\Windows\System\pBNkKMl.exe
  2⤵
  PID:8432
- C:\Windows\System\eZkkDSU.exe
  C:\Windows\System\eZkkDSU.exe
  2⤵
  PID:8448
- C:\Windows\System\FXOpshV.exe
  C:\Windows\System\FXOpshV.exe
  2⤵
  PID:8480
- C:\Windows\System\IbXtlHO.exe
  C:\Windows\System\IbXtlHO.exe
  2⤵
  PID:8524
- C:\Windows\System\JiQopIs.exe
  C:\Windows\System\JiQopIs.exe
  2⤵
  PID:8572
- C:\Windows\System\aXXZTzQ.exe
  C:\Windows\System\aXXZTzQ.exe
  2⤵
  PID:8580
- C:\Windows\System\dILwKLF.exe
  C:\Windows\System\dILwKLF.exe
  2⤵
  PID:8596
- C:\Windows\System\EXMAUWy.exe
  C:\Windows\System\EXMAUWy.exe
  2⤵
  PID:8612
- C:\Windows\System\SneUlRB.exe
  C:\Windows\System\SneUlRB.exe
  2⤵
  PID:8720
- C:\Windows\System\OTQPyOx.exe
  C:\Windows\System\OTQPyOx.exe
  2⤵
  PID:8736
- C:\Windows\System\GNHRyjo.exe
  C:\Windows\System\GNHRyjo.exe
  2⤵
  PID:8804
- C:\Windows\System\eAIvQZL.exe
  C:\Windows\System\eAIvQZL.exe
  2⤵
  PID:8840
- C:\Windows\System\riieSTS.exe
  C:\Windows\System\riieSTS.exe
  2⤵
  PID:8876
- C:\Windows\System\ZGaRWfG.exe
  C:\Windows\System\ZGaRWfG.exe
  2⤵
  PID:8896
- C:\Windows\System\pXlmwXP.exe
  C:\Windows\System\pXlmwXP.exe
  2⤵
  PID:8936
- C:\Windows\System\Qgruobp.exe
  C:\Windows\System\Qgruobp.exe
  2⤵
  PID:8964
- C:\Windows\System\BtTipOP.exe
  C:\Windows\System\BtTipOP.exe
  2⤵
  PID:8848
- C:\Windows\System\nhyXzvo.exe
  C:\Windows\System\nhyXzvo.exe
  2⤵
  PID:9032
- C:\Windows\System\HxOGGpV.exe
  C:\Windows\System\HxOGGpV.exe
  2⤵
  PID:9048
- C:\Windows\System\nLgfVNG.exe
  C:\Windows\System\nLgfVNG.exe
  2⤵
  PID:9056
- C:\Windows\System\ayTPQNt.exe
  C:\Windows\System\ayTPQNt.exe
  2⤵
  PID:9136
- C:\Windows\System\maGMAZH.exe
  C:\Windows\System\maGMAZH.exe
  2⤵
  PID:9200
- C:\Windows\System\DmLgYia.exe
  C:\Windows\System\DmLgYia.exe
  2⤵
  PID:9152
- C:\Windows\System\JdQFJKB.exe
  C:\Windows\System\JdQFJKB.exe
  2⤵
  PID:8236
- C:\Windows\System\ZtcgaFM.exe
  C:\Windows\System\ZtcgaFM.exe
  2⤵
  PID:8392
- C:\Windows\System\fVQzlBP.exe
  C:\Windows\System\fVQzlBP.exe
  2⤵
  PID:9188
- C:\Windows\System\codfwgl.exe
  C:\Windows\System\codfwgl.exe
  2⤵
  PID:8424
- C:\Windows\System\oAUKXDj.exe
  C:\Windows\System\oAUKXDj.exe
  2⤵
  PID:8544
- C:\Windows\System\FOUEZfa.exe
  C:\Windows\System\FOUEZfa.exe
  2⤵
  PID:8412
- C:\Windows\System\RIsdQMa.exe
  C:\Windows\System\RIsdQMa.exe
  2⤵
  PID:8648
- C:\Windows\System\yiKdxlg.exe
  C:\Windows\System\yiKdxlg.exe
  2⤵
  PID:8724
- C:\Windows\System\riPduMq.exe
  C:\Windows\System\riPduMq.exe
  2⤵
  PID:8444
- C:\Windows\System\NSCRLtE.exe
  C:\Windows\System\NSCRLtE.exe
  2⤵
  PID:8592
- C:\Windows\System\EUsWFKX.exe
  C:\Windows\System\EUsWFKX.exe
  2⤵
  PID:8752
- C:\Windows\System\IiattnT.exe
  C:\Windows\System\IiattnT.exe
  2⤵
  PID:8788
- C:\Windows\System\EfmnktH.exe
  C:\Windows\System\EfmnktH.exe
  2⤵
  PID:8856
- C:\Windows\System\XQOziAa.exe
  C:\Windows\System\XQOziAa.exe
  2⤵
  PID:8972
- C:\Windows\System\daqWiGf.exe
  C:\Windows\System\daqWiGf.exe
  2⤵
  PID:9036
- C:\Windows\System\RFvvwmr.exe
  C:\Windows\System\RFvvwmr.exe
  2⤵
  PID:9104
- C:\Windows\System\aLhVfGs.exe
  C:\Windows\System\aLhVfGs.exe
  2⤵
  PID:8952
- C:\Windows\System\MItyKeE.exe
  C:\Windows\System\MItyKeE.exe
  2⤵
  PID:9060
- C:\Windows\System\cNicKCw.exe
  C:\Windows\System\cNicKCw.exe
  2⤵
  PID:8384
- C:\Windows\System\sSdUWbW.exe
  C:\Windows\System\sSdUWbW.exe
  2⤵
  PID:7432
- C:\Windows\System\RXoVfdc.exe
  C:\Windows\System\RXoVfdc.exe
  2⤵
  PID:9096
- C:\Windows\System\otilOxN.exe
  C:\Windows\System\otilOxN.exe
  2⤵
  PID:8476
- C:\Windows\System\gfSJSzm.exe
  C:\Windows\System\gfSJSzm.exe
  2⤵
  PID:8528
- C:\Windows\System\vHDCZFG.exe
  C:\Windows\System\vHDCZFG.exe
  2⤵
  PID:8624
- C:\Windows\System\PGWzwnl.exe
  C:\Windows\System\PGWzwnl.exe
  2⤵
  PID:8680
- C:\Windows\System\HoatnXp.exe
  C:\Windows\System\HoatnXp.exe
  2⤵
  PID:9092
- C:\Windows\System\ROyosYp.exe
  C:\Windows\System\ROyosYp.exe
  2⤵
  PID:8860
- C:\Windows\System\SBSwSSl.exe
  C:\Windows\System\SBSwSSl.exe
  2⤵
  PID:8268
- C:\Windows\System\WrcQlul.exe
  C:\Windows\System\WrcQlul.exe
  2⤵
  PID:8932
- C:\Windows\System\ZYEhGni.exe
  C:\Windows\System\ZYEhGni.exe
  2⤵
  PID:8220
- C:\Windows\System\LahJmIU.exe
  C:\Windows\System\LahJmIU.exe
  2⤵
  PID:8368
- C:\Windows\System\gxbfmtV.exe
  C:\Windows\System\gxbfmtV.exe
  2⤵
  PID:7868
- C:\Windows\System\UMYCsIW.exe
  C:\Windows\System\UMYCsIW.exe
  2⤵
  PID:8756
- C:\Windows\System\GUneopK.exe
  C:\Windows\System\GUneopK.exe
  2⤵
  PID:8948
- C:\Windows\System\wkcDRdD.exe
  C:\Windows\System\wkcDRdD.exe
  2⤵
  PID:8348
- C:\Windows\System\OPcxfZg.exe
  C:\Windows\System\OPcxfZg.exe
  2⤵
  PID:8560
- C:\Windows\System\WaWwboq.exe
  C:\Windows\System\WaWwboq.exe
  2⤵
  PID:9168
- C:\Windows\System\GBpTMIw.exe
  C:\Windows\System\GBpTMIw.exe
  2⤵
  PID:8520
- C:\Windows\System\ALXxHbe.exe
  C:\Windows\System\ALXxHbe.exe
  2⤵
  PID:8908
- C:\Windows\System\CsmxPCW.exe
  C:\Windows\System\CsmxPCW.exe
  2⤵
  PID:8928
- C:\Windows\System\pDSylcv.exe
  C:\Windows\System\pDSylcv.exe
  2⤵
  PID:8284
- C:\Windows\System\ZQfJTwV.exe
  C:\Windows\System\ZQfJTwV.exe
  2⤵
  PID:8772
- C:\Windows\System\OUNahRS.exe
  C:\Windows\System\OUNahRS.exe
  2⤵
  PID:9000
- C:\Windows\System\CuiwPzl.exe
  C:\Windows\System\CuiwPzl.exe
  2⤵
  PID:8324
- C:\Windows\System\wnfqILB.exe
  C:\Windows\System\wnfqILB.exe
  2⤵
  PID:9100
- C:\Windows\System\sObpGIg.exe
  C:\Windows\System\sObpGIg.exe
  2⤵
  PID:9120
- C:\Windows\System\QFZsmZq.exe
  C:\Windows\System\QFZsmZq.exe
  2⤵
  PID:8892
- C:\Windows\System\dMbMNci.exe
  C:\Windows\System\dMbMNci.exe
  2⤵
  PID:9232
- C:\Windows\System\CYfRTMo.exe
  C:\Windows\System\CYfRTMo.exe
  2⤵
  PID:9256
- C:\Windows\System\kUjtzSy.exe
  C:\Windows\System\kUjtzSy.exe
  2⤵
  PID:9276
- C:\Windows\System\uOfSqbD.exe
  C:\Windows\System\uOfSqbD.exe
  2⤵
  PID:9300
- C:\Windows\System\FWfhalW.exe
  C:\Windows\System\FWfhalW.exe
  2⤵
  PID:9316
- C:\Windows\System\fyugvlQ.exe
  C:\Windows\System\fyugvlQ.exe
  2⤵
  PID:9332
- C:\Windows\System\LlJVqIu.exe
  C:\Windows\System\LlJVqIu.exe
  2⤵
  PID:9356
- C:\Windows\System\Txgqsof.exe
  C:\Windows\System\Txgqsof.exe
  2⤵
  PID:9372
- C:\Windows\System\AhTxIwZ.exe
  C:\Windows\System\AhTxIwZ.exe
  2⤵
  PID:9388
- C:\Windows\System\ctVqczT.exe
  C:\Windows\System\ctVqczT.exe
  2⤵
  PID:9412
- C:\Windows\System\baVAOti.exe
  C:\Windows\System\baVAOti.exe
  2⤵
  PID:9428
- C:\Windows\System\ADuZMSf.exe
  C:\Windows\System\ADuZMSf.exe
  2⤵
  PID:9448
- C:\Windows\System\mUZvJHn.exe
  C:\Windows\System\mUZvJHn.exe
  2⤵
  PID:9464
- C:\Windows\System\qGdBKhU.exe
  C:\Windows\System\qGdBKhU.exe
  2⤵
  PID:9480
- C:\Windows\System\CORCVaz.exe
  C:\Windows\System\CORCVaz.exe
  2⤵
  PID:9504
- C:\Windows\System\ZUjsxki.exe
  C:\Windows\System\ZUjsxki.exe
  2⤵
  PID:9520
- C:\Windows\System\AzVeZoQ.exe
  C:\Windows\System\AzVeZoQ.exe
  2⤵
  PID:9536
- C:\Windows\System\vOPAjtx.exe
  C:\Windows\System\vOPAjtx.exe
  2⤵
  PID:9556
- C:\Windows\System\qeJqBuh.exe
  C:\Windows\System\qeJqBuh.exe
  2⤵
  PID:9572
- C:\Windows\System\QIbAJzm.exe
  C:\Windows\System\QIbAJzm.exe
  2⤵
  PID:9588
- C:\Windows\System\DgRDHNo.exe
  C:\Windows\System\DgRDHNo.exe
  2⤵
  PID:9604
- C:\Windows\System\jNGymfb.exe
  C:\Windows\System\jNGymfb.exe
  2⤵
  PID:9628
- C:\Windows\System\rnTBmyx.exe
  C:\Windows\System\rnTBmyx.exe
  2⤵
  PID:9648
- C:\Windows\System\Ucmpxzt.exe
  C:\Windows\System\Ucmpxzt.exe
  2⤵
  PID:9696
- C:\Windows\System\oASgiSG.exe
  C:\Windows\System\oASgiSG.exe
  2⤵
  PID:9716
- C:\Windows\System\XqvNqjw.exe
  C:\Windows\System\XqvNqjw.exe
  2⤵
  PID:9736
- C:\Windows\System\mPeseuU.exe
  C:\Windows\System\mPeseuU.exe
  2⤵
  PID:9752
- C:\Windows\System\ozkabfl.exe
  C:\Windows\System\ozkabfl.exe
  2⤵
  PID:9768
- C:\Windows\System\OTTtuQF.exe
  C:\Windows\System\OTTtuQF.exe
  2⤵
  PID:9788
- C:\Windows\System\swKILfz.exe
  C:\Windows\System\swKILfz.exe
  2⤵
  PID:9808
- C:\Windows\System\LjvZAUr.exe
  C:\Windows\System\LjvZAUr.exe
  2⤵
  PID:9840
- C:\Windows\System\CPuzbkt.exe
  C:\Windows\System\CPuzbkt.exe
  2⤵
  PID:9856
- C:\Windows\System\nFFdijf.exe
  C:\Windows\System\nFFdijf.exe
  2⤵
  PID:9880
- C:\Windows\System\wCOsbTU.exe
  C:\Windows\System\wCOsbTU.exe
  2⤵
  PID:9896
- C:\Windows\System\NDZHoGe.exe
  C:\Windows\System\NDZHoGe.exe
  2⤵
  PID:9912
- C:\Windows\System\AWCBYab.exe
  C:\Windows\System\AWCBYab.exe
  2⤵
  PID:9928
- C:\Windows\System\izhnurA.exe
  C:\Windows\System\izhnurA.exe
  2⤵
  PID:9944
- C:\Windows\System\cUYHUWc.exe
  C:\Windows\System\cUYHUWc.exe
  2⤵
  PID:9960
- C:\Windows\System\qtbymop.exe
  C:\Windows\System\qtbymop.exe
  2⤵
  PID:9980
- C:\Windows\System\iTlNICY.exe
  C:\Windows\System\iTlNICY.exe
  2⤵
  PID:10004
- C:\Windows\System\xXehegZ.exe
  C:\Windows\System\xXehegZ.exe
  2⤵
  PID:10024
- C:\Windows\System\uPIyFTu.exe
  C:\Windows\System\uPIyFTu.exe
  2⤵
  PID:10044
- C:\Windows\System\esdvyPn.exe
  C:\Windows\System\esdvyPn.exe
  2⤵
  PID:10060
- C:\Windows\System\oNNlcQA.exe
  C:\Windows\System\oNNlcQA.exe
  2⤵
  PID:10080
- C:\Windows\System\VrTWige.exe
  C:\Windows\System\VrTWige.exe
  2⤵
  PID:10104
- C:\Windows\System\gIVaKMw.exe
  C:\Windows\System\gIVaKMw.exe
  2⤵
  PID:10144
- C:\Windows\System\CKvhgPe.exe
  C:\Windows\System\CKvhgPe.exe
  2⤵
  PID:10164
- C:\Windows\System\PgbPyDa.exe
  C:\Windows\System\PgbPyDa.exe
  2⤵
  PID:10180
- C:\Windows\System\KxLHafy.exe
  C:\Windows\System\KxLHafy.exe
  2⤵
  PID:10200
- C:\Windows\System\DLhCIOE.exe
  C:\Windows\System\DLhCIOE.exe
  2⤵
  PID:10220
- C:\Windows\System\CixovBX.exe
  C:\Windows\System\CixovBX.exe
  2⤵
  PID:9224
- C:\Windows\System\SRvUeeg.exe
  C:\Windows\System\SRvUeeg.exe
  2⤵
  PID:9244
- C:\Windows\System\MLnktkw.exe
  C:\Windows\System\MLnktkw.exe
  2⤵
  PID:9272
- C:\Windows\System\mSBWkgJ.exe
  C:\Windows\System\mSBWkgJ.exe
  2⤵
  PID:9312
- C:\Windows\System\HmvTFAT.exe
  C:\Windows\System\HmvTFAT.exe
  2⤵
  PID:9328
- C:\Windows\System\OcBpgJh.exe
  C:\Windows\System\OcBpgJh.exe
  2⤵
  PID:9380
- C:\Windows\System\XvCAaxA.exe
  C:\Windows\System\XvCAaxA.exe
  2⤵
  PID:9404
- C:\Windows\System\dTStQhd.exe
  C:\Windows\System\dTStQhd.exe
  2⤵
  PID:9488
- C:\Windows\System\MNpWNtc.exe
  C:\Windows\System\MNpWNtc.exe
  2⤵
  PID:9408
- C:\Windows\System\sksWirA.exe
  C:\Windows\System\sksWirA.exe
  2⤵
  PID:9528
- C:\Windows\System\pqkppDZ.exe
  C:\Windows\System\pqkppDZ.exe
  2⤵
  PID:9612
- C:\Windows\System\oNDUccx.exe
  C:\Windows\System\oNDUccx.exe
  2⤵
  PID:9512
- C:\Windows\System\lXgUCrQ.exe
  C:\Windows\System\lXgUCrQ.exe
  2⤵
  PID:9616
- C:\Windows\System\OxgHSzX.exe
  C:\Windows\System\OxgHSzX.exe
  2⤵
  PID:9548
- C:\Windows\System\FzqhOFa.exe
  C:\Windows\System\FzqhOFa.exe
  2⤵
  PID:9692
- C:\Windows\System\syGtlBy.exe
  C:\Windows\System\syGtlBy.exe
  2⤵
  PID:9708
- C:\Windows\System\hMLReUk.exe
  C:\Windows\System\hMLReUk.exe
  2⤵
  PID:9784
- C:\Windows\System\bZQMtmY.exe
  C:\Windows\System\bZQMtmY.exe
  2⤵
  PID:9724
- C:\Windows\System\JgOzKpx.exe
  C:\Windows\System\JgOzKpx.exe
  2⤵
  PID:9828
- C:\Windows\System\PeEzTDo.exe
  C:\Windows\System\PeEzTDo.exe
  2⤵
  PID:9804
- C:\Windows\System\oBaBaED.exe
  C:\Windows\System\oBaBaED.exe
  2⤵
  PID:9868
- C:\Windows\System\NGMWyFm.exe
  C:\Windows\System\NGMWyFm.exe
  2⤵
  PID:9908
- C:\Windows\System\edCfyed.exe
  C:\Windows\System\edCfyed.exe
  2⤵
  PID:9968
- C:\Windows\System\CqhfcRI.exe
  C:\Windows\System\CqhfcRI.exe
  2⤵
  PID:10052
- C:\Windows\System\kSnwsRQ.exe
  C:\Windows\System\kSnwsRQ.exe
  2⤵
  PID:10100
- C:\Windows\System\WyoVkjr.exe
  C:\Windows\System\WyoVkjr.exe
  2⤵
  PID:10068
- C:\Windows\System\ZIfBPQV.exe
  C:\Windows\System\ZIfBPQV.exe
  2⤵
  PID:10032
- C:\Windows\System\FweTHzQ.exe
  C:\Windows\System\FweTHzQ.exe
  2⤵
  PID:9996
- C:\Windows\System\cECuBic.exe
  C:\Windows\System\cECuBic.exe
  2⤵
  PID:10132
- C:\Windows\System\WZrZzDE.exe
  C:\Windows\System\WZrZzDE.exe
  2⤵
  PID:10160
- C:\Windows\System\nnaAczI.exe
  C:\Windows\System\nnaAczI.exe
  2⤵
  PID:10192
- C:\Windows\System\Xgdhwet.exe
  C:\Windows\System\Xgdhwet.exe
  2⤵
  PID:10216
- C:\Windows\System\RmrnVwr.exe
  C:\Windows\System\RmrnVwr.exe
  2⤵
  PID:9252
- C:\Windows\System\mjYXoPV.exe
  C:\Windows\System\mjYXoPV.exe
  2⤵
  PID:9284
- C:\Windows\System\DFSdhWo.exe
  C:\Windows\System\DFSdhWo.exe
  2⤵
  PID:9420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ArjgHNO.exe

Filesize
6.0MB

MD5
f65e6b7b578470aa8caa4e9b3d749162

SHA1
0025e7db92b0c3f92de5993b381e200c10150c8e

SHA256
60c1a5a1b2cffccbe207814735ac888a5b4b625c4a6f4741b64ae9acb6b60cdb

SHA512
e8ca1d36938e56cd848d151cedb01f680c81f01c44330493980cc3fbed8612918da0ebf09f2d4d31fe28472620e9f0d60f0f02b23ae0009fc6547ab26225f1cc

Download Submit
C:\Windows\system\BBRcOpA.exe

Filesize
6.0MB

MD5
61fc7f3270d3fa9604c80ef041bbf8a2

SHA1
f9fefce7d9b098ed850e9682d5341db33622522d

SHA256
c576ae71b637228d8268b4c79f4b3a2b21119e0ed2da114e4dea2cb8a2b35ce7

SHA512
c705762397782e715756903b0e59d60bc588702e3993fea99499172959ade3ed17b6f32a0ce9f9aa66b5ac270442d445304de5717c98cd5d82542bbba3cc43f8

Download Submit
C:\Windows\system\DpYSsFU.exe

Filesize
6.0MB

MD5
66ebba414954115561859af99c47c252

SHA1
33bb7003c9f2808c480f016d5c0418980334e754

SHA256
ed5e8e6c6027d9eac064a9d02c4b4daedca113b1e26a7afb7d6c854828f4a766

SHA512
0c1f19b41722b4d25d1f01319079eb14641ded35063e393d897f14fa7c1fa6b1f0a283eedb71b25af7fca724a635169ac4fa15b943b9d3c69217ec66101bb5bc

Download Submit
C:\Windows\system\ECsTyCm.exe

Filesize
6.0MB

MD5
83ab8ccc768ea5dbd2bdf293cebfd7bb

SHA1
b9daa1f11233c7be46eff9555829f134038e2d28

SHA256
40b62d90d2ba3f13c482e0d92824f2ccf0f19d3cc45954a567a782c4356e8f45

SHA512
bcd0868002697a0f9a87a53b4ce55a4dcd073d6e87f1559abce97c041c7f30da5a7eb751ac9d2acdd6a71249d62dc855a50b5a31ecedd721ac0fc499b06a07e8

Download Submit
C:\Windows\system\GodqaLD.exe

Filesize
6.0MB

MD5
dbf5a3d103f40de28484574c1bf98557

SHA1
229d00dc57015db40787a03ce0569c855cd821db

SHA256
9030b03746054b6a08c930e61f33d8349e8e3884607feab237664e6a3149316e

SHA512
df8bd3309c1c3051569d3644410bb17ab15e40998d143f187e7951ef1b385b7f9acbd371adcadbbc2fd837ea4ecb86eb24874a32a4623b438cd9dbf2f2f5b84e

Download Submit
C:\Windows\system\HyepnFJ.exe

Filesize
6.0MB

MD5
2d1428ab90339c2dea8d8c0328899696

SHA1
34da78e869e03c16e1530554445b3043dfb95f1f

SHA256
d4ddc26e0061f29275c08d7e495c503b6671855893670a7e0ff92c19acbc7003

SHA512
6dd835d4a4fe29634d58bec551c3915b347050bf5a015a22983061dcb2fbe0c2426e204ecbbbbd8b59da5f5c7820b5b2b38e5760ea5a0e48229191c28aed7aaa

Download Submit
C:\Windows\system\PmimCYo.exe

Filesize
6.0MB

MD5
c203445a7804dc77b870a165e7ccf004

SHA1
0d99f557a2ec64d4dbfc324bb84818120794528f

SHA256
c1f1e79dfc76bffd2fd0a8b8d3b2c6155ebc71e98ce2262f778315045dd4240b

SHA512
5d8b1af853a49c208dd1ad40a354b8b033f956a11a74416a1bc68f7e4cd0139350b07d92dec254647e96f922c111b932dd5aa6278cb67a2b54f712d79a29184b

Download Submit
C:\Windows\system\QaWIMer.exe

Filesize
6.0MB

MD5
9d66b4629894d069c0fcd2fe7f2c76e1

SHA1
053904e50161e3a015215a02db74b70df2f435c9

SHA256
25785b5c0bc1b3769e82f6a0f3701896eb9c13b5c08ee1a9440b0e51194fab63

SHA512
f2498a91ce276d714881c6f21d3322fbb0de242e4339b34fcb0a5650df54963933b30dd319821945760ece0e3f6e8b358fdc8ae942cda4192d3c7093f2494122

Download Submit
C:\Windows\system\SAUwper.exe

Filesize
6.0MB

MD5
d3efef3008911f0b78ab34283aff99c9

SHA1
543693415c62d55e545b55a87cfea0302054bdd1

SHA256
c4c3034363dc92b35af3e3ebaaff73da0026ef668bedae82c6108d95ec6fcdca

SHA512
7890a8e2fda83a6f9a5d374aa44f50dd9721aa4cf0c9d711d66c5ae8ccb2a4e29b820edddb2fbb199f0dd93cab19701d055d38865344db0c79197e437ffa74ec

Download Submit
C:\Windows\system\TsCILeO.exe

Filesize
6.0MB

MD5
23cfb246fb72ccd8cc16ffe40c5929db

SHA1
201462e149c64317154f69ee4b05635a68a3c6d7

SHA256
c1ef9d98a877f5dd4b261ec40f03103519555fc1771ca9f3baa636ad7a909a71

SHA512
56e2c523375f75192d27208c5ecb89ed1ecc335a78ab86aa7619246984d8fd1d5c0150df2b96750fe6b00ced19d682364e610931fde983a6b543069da8848264

Download Submit
C:\Windows\system\TuijoAY.exe

Filesize
8B

MD5
dbc44cb72bf22ca0e60d6c5d340dad8d

SHA1
aa3e7278f0716de7acc105d941a3218747bfc45a

SHA256
7a58a953809da03755e19a91b3100e492b0e54051e455bbc13d0e4cc2cf8c5bf

SHA512
3aedc162f069066ddf1f21204d89ac8de639fade483735d63256ab7fd7503d25956ee3f5cb8b25b0ffd241d3b2fc5c2cdc1d65296d0a2911dd50e6dd07186b70

Download Submit
C:\Windows\system\aTJwBEZ.exe

Filesize
6.0MB

MD5
5de7331175272ac30936b1d2fe27ebc5

SHA1
2bb03a0553142a6fffeb81641d302aa2c49fc91f

SHA256
b151d4248abedb5b01999ce5b5ff18bf15f6d8d2010cc3906ff7565dfa277e8c

SHA512
5a342b3deaddf11fd0e48d38f3f8922092ea3ff29031e8b32a48ebd3036f7b0e57d358c9470e4071aa78bba242ddc1a25e3c36383d1a9cf41579370d540cabbe

Download Submit
C:\Windows\system\dHqMsmp.exe

Filesize
6.0MB

MD5
b4a426ba1bb0369de31bacfabbcb0577

SHA1
c2e6872299ceb96bfd6c02de4e7c08f28de91f09

SHA256
62582b05b3b94a19756ec6725dabbc6d2a6eb265628e0a990909093346c2192e

SHA512
224a1b6c1db79711399e67c006c04d3b773b4ed4695ae8c0c14194f6c326822b344091cb877d843ebee48cc270c353b263df2f5d181a93ab1d5fdd3d8497eeb7

Download Submit
C:\Windows\system\ecDTVOd.exe

Filesize
6.0MB

MD5
0b27b826efa5d8e22fb766af198a9cc1

SHA1
d00420cd159bf5f5610408ad33e9c4e07df823c7

SHA256
b01eddb4626021d01d04865fa7c30e948191bf3a575581bbcef2b51d3a187e58

SHA512
49f52428ffb3c4a5b7b2b7f55928acb19725b0527917057711863aac9ef04c9fd7615bf60711f0d84c5d826e32ed2ea2e7f5a5ae7a3b9d9eb2c6c42ca2fde7e8

Download Submit
C:\Windows\system\gXpvVqV.exe

Filesize
6.0MB

MD5
d0713de86a7e1ecfee999aa9e749bd5e

SHA1
0bd14f404472153a2b31b3b0d7405d3d2cc14c23

SHA256
2eb9043dd50b4e0054ee771f98824ba0f2046cf42270b5f1b208853c6a6e403b

SHA512
bd826cd2b03556b2c96312d2e5dac0bc39ab69fde5ebe5c21c33f1f187574cacfe57418c602f2725d51df9b4698efdcd479b4f4a6437b7b692519825d7449a19

Download Submit
C:\Windows\system\hLKyTwy.exe

Filesize
6.0MB

MD5
576e105566272a8a333f0f2a14842dfc

SHA1
0d4fc717b7c361e16caa34cd8b973198a14cb9d2

SHA256
c828138f8fd9d69a6a2e8b78769feb9d132c0bc9a85024956a6b7dc189cf5b54

SHA512
f04241424c50d386dab05cbd833592469a9e63859205a9bde71017c451d04e8c44141627a7ce4d02f9afa10a80219bdc8bc0b1af388d72ad9bbea6f47fd2a772

Download Submit
C:\Windows\system\hYHYZcH.exe

Filesize
6.0MB

MD5
cd5df5ed00fcaa6953c8a8d085bfeaf0

SHA1
796d52cf011702ce272482efc0e4c976f740b388

SHA256
8d8179d4b63036bc2afbcb96112a53e603923c1e42cf9aac1799faf2bba14dde

SHA512
c1eb8b64ee2162b9f80f2eff32f4aa3311312967762dd8bba54606050584a92e0fe46cc1f3d6c289c753fe5de01a4623fa93ceb085c94a3a74e815de58f4c9ff

Download Submit
C:\Windows\system\jgFgRlG.exe

Filesize
6.0MB

MD5
861dde4fbd0eea0082f72adf9f1ef8f2

SHA1
e696d2320a3d007d3659112fb060744514343f54

SHA256
eef860867e8588fc643d07def815b8691ccb6db40127215984e499b07cfccfed

SHA512
967a578b341ec56dff277723ddf3c7e736a4de5592fe4eeea5cdc5079ff83d1c7b9405a81e5c76f3417e513b99ac4d0a6e2b37f1adff74dc67b5bf78729a5462

Download Submit
C:\Windows\system\kggBcPz.exe

Filesize
6.0MB

MD5
b4205d1c6adc64375a99b0c7bf5f84b6

SHA1
0313a5776214e1b32f09f7d06ef3aefc72e661cb

SHA256
4421a00394009e46b656a2981d0034f7716936fb3e8c2393191df3591bc1a55e

SHA512
f51610b353fbcd65c894768b48fd4565f8a85fbee6fd06a0060b84a1c3289d98fab030967c7cb05cd78bd161246b28357442f6cde1123e6353f1d3c3a3f9f655

Download Submit
C:\Windows\system\lriJkLo.exe

Filesize
6.0MB

MD5
68d82a63bd0e13055464db43866756ed

SHA1
14181a64678acae2889b6780b569cc8f80284ba7

SHA256
23d64de678868ad5930d09cfcd3c21534dd5944a7e779c06218d043b1dc75e8a

SHA512
c45502742bc8315f6207df82ef9cc31b3c4767c3d019a64419c733405a71dfdc355d5c14e3dcc7086c02d7d883ef2275adb0f080d7df02b91d7da6d2e40bcbef

Download Submit
C:\Windows\system\mLIwWNJ.exe

Filesize
6.0MB

MD5
4bd8fead686033f345f1771b69cce012

SHA1
d477a41c9ba44f81027ea64384f902449ff8b8c4

SHA256
5b53419ffa76894b03323e23c4c70b475dc231a447dd217371f8103375b63cfa

SHA512
065fcf95407c5109869842b2641edea11360c16d20fbd30521b8c9e9fcc305c80cc58da2a2873fc1d92688dab0706a7121873d1f7af9a0aac03013c6b9a63793

Download Submit
C:\Windows\system\obRwZEA.exe

Filesize
6.0MB

MD5
a54f147566f7fa8d5a9080b69f3b3e5c

SHA1
7d92a4ebd360f55bd7f5b302355193dff85d1372

SHA256
b05aa533675efbace47698eef471bce33cb96a15b45d1e8c3af0c297d24ecfda

SHA512
df72664b1c311a5a60797049c8ebea8cad8f1162dd3929e6ca82b6e4ff50e3eb39805631eb5f61b753a17ec1295fe797eacdba2153fac80765c99c983fe952cc

Download Submit
C:\Windows\system\swdnPbt.exe

Filesize
6.0MB

MD5
9d9e6c6a2061e08f6e7c2408770254da

SHA1
07ff0fcb7a2bfb1c191b38aeaba84b95637baf1f

SHA256
107eee62a741f3ff6c58d5b027269d0fd8b6a3d0655c3a61c6744c5e41326319

SHA512
6be2e139fb54cfd05c94035f26593c71afa124f85c1cadd579349f0b30ec9bf3e3bcc084d0960b11ea40786c373a4361536ce38714811353b0df9c641a963392

Download Submit
C:\Windows\system\xLCYdGh.exe

Filesize
6.0MB

MD5
8daecc1839222ba99d59e75a3d4ee78b

SHA1
3a5b3abfe218b189dc4b812fa1885a10a214a7a5

SHA256
17521076b0cbc0e12bcce9bd478589def944a74e41b3a2978a905c2c869fb880

SHA512
4872695264a87e01b9408210078015717b354bb82d0866b59d9452903c8b852979d4bc2033f51fc67cb03f825a69b43cd802bcb4323d31faa74984d7a7fbfd87

Download Submit
C:\Windows\system\xljpviY.exe

Filesize
6.0MB

MD5
3e5828f1aa7afea356adf5cfecefd44d

SHA1
5d99e0be360ea2373211f8754f6459a7dec60847

SHA256
607ad118db011b09129ee551496ffec932fb3310a7b285b33a72f66eba08d6c5

SHA512
39d3920af497f168677874b4b34c3814f9cf1a174a39a1d1ca9470a8069bf69d19f6669c05e79a3865a0089b3acbff907fb0fac08c4cf713d42c1997ee4fcbf3

Download Submit
C:\Windows\system\yrJiskX.exe

Filesize
6.0MB

MD5
16a6d023af1f4700ea0c6edac2e68e45

SHA1
a74f4cefb672795447aeb9adabe3688f6ba50c3f

SHA256
381cac3b93b17a15a1a2d05c528adb9e7919597c043c154179c41d731152e246

SHA512
d0455755de29f98d64f7f5068bc8be40b116bf037be9750bfdf4f2c81813c681f57732f88a590c7b8d6a130b3488a7d685d5afe314ee54b446887f4b58732326

Download Submit
\Windows\system\LVzHFYI.exe

Filesize
6.0MB

MD5
41f2a29ca292a921c733166751ecdb90

SHA1
e1447f3ec8f86861d1e20f288663833487aae1a7

SHA256
ceca18212384c4a1db1cb13ec17fd6f96e686fbb5f0e79c77d87969c94fd5509

SHA512
5a970a8e936b66fad6732d18d1b9e08dcc448c2c1853fa3bddf6e0be132522d8c2167da2612f7a751fd3f42723b1b8c9527f2aa932358c1828891075a3a4eae9

Download Submit
\Windows\system\RprgioJ.exe

Filesize
6.0MB

MD5
a8898b7ee5acbaeda1741224266841fa

SHA1
686dde6c4846eb0310e8b1f9c99eb9609ba9c5f4

SHA256
055df80cf735dafbeacba5d091b2f0596ba4baf442c61c93514754ba87a4b843

SHA512
61504d55314a1fd853f026625869b1782bdeba768be6efd8f34e4739c9bd88f385dd057e9bc55dc03388f475a952790d6bd155ff7d0cc68cf58ff655460cbf0b

Download Submit
\Windows\system\YAuKSeU.exe

Filesize
6.0MB

MD5
c1672fa266efaa230f8473eab16a46bd

SHA1
7b72ab256dbab5d58483e88a2d8d719d525be6f5

SHA256
dd7b0aae70762024c296ec1489bbbde3b4de213c32f4bba8f2ddcc8c84daeffa

SHA512
8abe36c9e5a09ac0d21f263631d4c93c87ae1e329024637f96b1e1ed074f098f5197524367944fdae9153d28e3988586f5545cbfd293eb377ce16273ea7e4860

Download Submit
\Windows\system\gwHkOtH.exe

Filesize
6.0MB

MD5
295b7bde721d78016cecc1957cf32219

SHA1
77f1a1bd7dd308f77d0b8bafe8f09fca0c2435aa

SHA256
748f740c2f1b4969cc2f3e2a523462e87d39aa39a6fa85450fcb8835662d7b8c

SHA512
6695989d0e1c9ebab9fdbca6fabf6620ff2e87482389821ebb7865746196f86b7b19d127b05d920c8c3ce16a7a72376508518a3eb36d6fbecab04529bda87f23

Download Submit
\Windows\system\qUCjtvY.exe

Filesize
6.0MB

MD5
2b06f186bbc00594a694562b2f756c0f

SHA1
ba6a0b41532c147334e97e4c8d4abd6f04f5675e

SHA256
696ebe214c5a3f1e9e25be97b7df7cab260d395bcd8b26e80b76629a8fda17f2

SHA512
105db94d20f360c28a92e4fed1755ef6ebd33c90caa1a6e7db4cb24835bead32ecd4ef415b836c5a3086d8fbd7e00b9db89d01bdcfb5ca8cabe377a79fefa4a0

Download Submit
\Windows\system\uQGeUDB.exe

Filesize
6.0MB

MD5
2ca9de2a4468df13d3f6fa047672b0fd

SHA1
935f9b8bb20d9a38d3da1aab7d754ba4aee3da17

SHA256
04758a2db394117537140f2515b217f5727c3ac3c1643d5522e9aa7a4a204792

SHA512
84821a0fb0f0d8e03bb0e2175ddbb48c0f4a5fd4527f336d88b94824034ae542d1df32672ce471fd81a6074d6c1d4c2033cdd686728381fad94f04af47b592c2

Download Submit
\Windows\system\yXxwwlE.exe

Filesize
6.0MB

MD5
b4936faebc62481c09ca8e2890f07096

SHA1
fac012450465b18a2973ff556a448735b7595ab4

SHA256
1ef81118605d704640c037f97662c16ae84a6bd9d8a0bb21e1dc92ef932ed53e

SHA512
d02880ea3b20a8b8ec3cfd4cbbfa2cabf439e9beb72cc83ae0c195a34ab976d79a019a1fea6bb2210adbe3ce4496cea3bbcf49c272dc6fd48e8805411f3c207e

Download Submit
memory/592-107-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/592-3721-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1800-13-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1800-3669-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1800-50-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1928-42-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1928-931-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1928-932-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1003-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1928-440-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-332-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1928-114-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-111-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-106-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-60-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-66-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1928-108-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/1928-64-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-54-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-26-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1928-94-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1928-244-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-31-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1928-626-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1928-17-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-514-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1928-39-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1928-19-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-71-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-3667-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-21-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-18-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3629-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-69-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3706-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3743-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-725-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-73-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-45-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3674-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2660-112-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3660-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2680-28-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2680-75-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2724-828-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-76-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3746-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-35-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3712-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-58-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3696-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2896-331-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2988-80-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3749-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2988-930-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download