cobaltstrike | 85c68856fbe6e0dc401053fa4eddb0228dac179de4ed131c69968c8eb8a339fe

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7fc2fb910b562f0e29c309f84924b458
SHA1

aa83d8c70f27b9eddc1330b0d2260f8754952334
SHA256

85c68856fbe6e0dc401053fa4eddb0228dac179de4ed131c69968c8eb8a339fe
SHA512

f28507ac4e0aa2573ba31a499b042d7ca3de048534007a8fcb7032e3ea0ec8cef0a93174aa2cff3296ad5e2a5050391bc8eefc79c5b1d085c05a6bbdca979f00
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d89-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-22.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001610d-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-57.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-130.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-120.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2a-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001202c-3.dat	xmrig
behavioral1/files/0x0008000000015d81-10.dat	xmrig
behavioral1/files/0x0007000000015d89-14.dat	xmrig
behavioral1/files/0x0007000000015ec4-15.dat	xmrig
behavioral1/files/0x0007000000015f25-22.dat	xmrig
behavioral1/files/0x000900000001610d-30.dat	xmrig
behavioral1/files/0x0006000000016d43-41.dat	xmrig
behavioral1/files/0x0006000000016d4b-45.dat	xmrig
behavioral1/files/0x0006000000016d54-49.dat	xmrig
behavioral1/files/0x0006000000016d67-53.dat	xmrig
behavioral1/files/0x0006000000016d6b-57.dat	xmrig
behavioral1/files/0x0006000000016d6f-61.dat	xmrig
behavioral1/files/0x0006000000016d77-65.dat	xmrig
behavioral1/files/0x0006000000016dea-86.dat	xmrig
behavioral1/files/0x00050000000186e7-135.dat	xmrig
behavioral1/memory/1312-2037-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2116-2038-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2300-2093-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2284-2181-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2396-1999-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-161.dat	xmrig
behavioral1/files/0x00050000000186f4-151.dat	xmrig
behavioral1/files/0x0005000000018704-154.dat	xmrig
behavioral1/files/0x00050000000186ed-140.dat	xmrig
behavioral1/files/0x00050000000186f1-144.dat	xmrig
behavioral1/files/0x0005000000018686-130.dat	xmrig
behavioral1/files/0x000600000001749c-120.dat	xmrig
behavioral1/files/0x000600000001755b-124.dat	xmrig
behavioral1/files/0x0006000000017049-110.dat	xmrig
behavioral1/files/0x0006000000017497-114.dat	xmrig
behavioral1/files/0x0006000000016df3-88.dat	xmrig
behavioral1/files/0x0006000000016de8-71.dat	xmrig
behavioral1/files/0x0006000000016ecf-97.dat	xmrig
behavioral1/memory/2788-2261-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-69.dat	xmrig
behavioral1/files/0x0006000000016d3a-37.dat	xmrig
behavioral1/files/0x0008000000016d2a-33.dat	xmrig
behavioral1/files/0x0007000000015f7b-25.dat	xmrig
behavioral1/memory/2880-2339-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2904-2358-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2828-2393-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2688-2405-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1428-2446-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1428-4148-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1312-4147-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2396-4149-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2116-4150-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2880-4146-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2284-4145-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2300-4144-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2788-4143-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2904-4142-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2828-3926-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1428	dzETELx.exe
2396	RYghrfA.exe
1312	TTXVbeb.exe
2300	gmKsNfh.exe
2284	StDAYpe.exe
2788	GFnhUdX.exe
2880	JGAfmvz.exe
2904	wjvcJZu.exe
2828	IvTQQUi.exe
2688	KUtpjnj.exe
2180	kzVJjch.exe
2304	xvzZehh.exe
1772	AjNHfbv.exe
2844	EQAGqIr.exe
2680	uavqvGB.exe
1724	EaBiGmW.exe
316	XsTyKou.exe
2856	wsGhehc.exe
1484	qkXHgqn.exe
1980	tmQeqBT.exe
356	HRWojhm.exe
2132	zRmIUUz.exe
1248	VXZMMXW.exe
1052	isoFAfj.exe
1764	WxRzASp.exe
3068	nwqtgqW.exe
3020	zAQZPil.exe
2080	lxCDLWm.exe
2220	MlpYXZP.exe
2136	spOMzbv.exe
2328	OMzIkeq.exe
2088	osXvUyC.exe
1132	lVmsPnM.exe
1808	ewEPKTH.exe
3024	yinKwrz.exe
1352	ykONqyO.exe
1620	jNzcGif.exe
304	OSwDJYo.exe
1656	HsWrVqo.exe
1920	cXAeVEw.exe
2252	mhaCnaA.exe
2064	rUiWdUn.exe
1536	VXtGinY.exe
1684	ZYIKOyS.exe
2468	iVOZhfa.exe
2424	qjVrXSC.exe
1316	dVDuTZi.exe
2256	qJeLgEo.exe
1792	KCjCeiP.exe
2780	bdsANuy.exe
1924	dndxTUy.exe
2176	akxhGed.exe
1976	QnbtFKM.exe
1260	aQssLIu.exe
1512	XsBJQdQ.exe
1960	LNGMvsd.exe
2172	jYAMZOG.exe
2108	uVPMfhm.exe
1604	cxwqnmr.exe
2112	roobnBm.exe
1572	PbgTexz.exe
2892	BgJetus.exe
2940	CTxOtof.exe
2716	dWRORby.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000b00000001202c-3.dat	upx
behavioral1/files/0x0008000000015d81-10.dat	upx
behavioral1/files/0x0007000000015d89-14.dat	upx
behavioral1/files/0x0007000000015ec4-15.dat	upx
behavioral1/files/0x0007000000015f25-22.dat	upx
behavioral1/files/0x000900000001610d-30.dat	upx
behavioral1/files/0x0006000000016d43-41.dat	upx
behavioral1/files/0x0006000000016d4b-45.dat	upx
behavioral1/files/0x0006000000016d54-49.dat	upx
behavioral1/files/0x0006000000016d67-53.dat	upx
behavioral1/files/0x0006000000016d6b-57.dat	upx
behavioral1/files/0x0006000000016d6f-61.dat	upx
behavioral1/files/0x0006000000016d77-65.dat	upx
behavioral1/files/0x0006000000016dea-86.dat	upx
behavioral1/files/0x00050000000186e7-135.dat	upx
behavioral1/memory/1312-2037-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2300-2093-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2284-2181-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2396-1999-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000018739-161.dat	upx
behavioral1/files/0x00050000000186f4-151.dat	upx
behavioral1/files/0x0005000000018704-154.dat	upx
behavioral1/files/0x00050000000186ed-140.dat	upx
behavioral1/files/0x00050000000186f1-144.dat	upx
behavioral1/files/0x0005000000018686-130.dat	upx
behavioral1/files/0x000600000001749c-120.dat	upx
behavioral1/files/0x000600000001755b-124.dat	upx
behavioral1/files/0x0006000000017049-110.dat	upx
behavioral1/files/0x0006000000017497-114.dat	upx
behavioral1/files/0x0006000000016df3-88.dat	upx
behavioral1/files/0x0006000000016de8-71.dat	upx
behavioral1/files/0x0006000000016ecf-97.dat	upx
behavioral1/memory/2788-2261-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-69.dat	upx
behavioral1/files/0x0006000000016d3a-37.dat	upx
behavioral1/files/0x0008000000016d2a-33.dat	upx
behavioral1/files/0x0007000000015f7b-25.dat	upx
behavioral1/memory/2880-2339-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2904-2358-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2828-2393-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2688-2405-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1428-2446-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1428-4148-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1312-4147-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2396-4149-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2116-4150-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2880-4146-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2284-4145-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2300-4144-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2788-4143-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2904-4142-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2828-3926-0x000000013FE00000-0x0000000140154000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XlSTjnk.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trxxuQF.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phpeLah.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLwlUpd.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnJSZrJ.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LafXmAA.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbpeTUv.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMUPiiC.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmpQPtc.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdFyOnj.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTwhoTi.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROHvqDa.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJvjlTt.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbKblkH.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEvqMmA.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtSlmal.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTgJvGS.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VADAIei.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYKTHkm.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGhlQtv.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZNkbrj.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwuqSxZ.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEfjJtK.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpTOtDJ.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqbgWlE.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtbQOWe.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlHWTqc.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOwUKMx.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLVEIOu.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnbPUiw.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBptxel.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpMCNUP.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFWhmKb.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNPaPiE.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILMjROQ.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhkywfT.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWoziww.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmBBqBV.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsmITCt.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmOIIek.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezULeGB.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjNHfbv.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRmIUUz.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxExXjo.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcqEUTL.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUHsoru.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQNyNiB.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxkIrOR.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmgVCmS.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvnyVdt.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PajNxON.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRmhAdK.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfZHvxh.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPzxXDc.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdKkZIU.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMBBVpV.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSrxZYX.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOyENBA.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVINeVp.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dysLfol.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWJVlhO.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAtEPDs.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMBLuQX.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYkMqSb.exe	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1428	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 1428	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 1428	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2396	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2396	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2396	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 1312	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 1312	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 1312	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2300	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2300	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2300	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2284	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2284	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2284	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2788	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2788	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2788	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2880	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2880	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2880	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2904	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2904	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2904	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2828	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2828	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2828	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2688	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2688	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2688	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2180	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2180	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2180	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2304	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 2304	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 2304	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 1772	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 1772	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 1772	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 2844	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2844	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2844	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 2680	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2680	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2680	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 1724	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1724	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 1724	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 316	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 316	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 316	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 1980	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 1980	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 1980	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2856	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2856	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 2856	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 356	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 356	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 356	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1484	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 1484	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 1484	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 2132	2116	2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_7fc2fb910b562f0e29c309f84924b458_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System\dzETELx.exe
  C:\Windows\System\dzETELx.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\RYghrfA.exe
  C:\Windows\System\RYghrfA.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\TTXVbeb.exe
  C:\Windows\System\TTXVbeb.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\gmKsNfh.exe
  C:\Windows\System\gmKsNfh.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\StDAYpe.exe
  C:\Windows\System\StDAYpe.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\GFnhUdX.exe
  C:\Windows\System\GFnhUdX.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\JGAfmvz.exe
  C:\Windows\System\JGAfmvz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wjvcJZu.exe
  C:\Windows\System\wjvcJZu.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\IvTQQUi.exe
  C:\Windows\System\IvTQQUi.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\KUtpjnj.exe
  C:\Windows\System\KUtpjnj.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\kzVJjch.exe
  C:\Windows\System\kzVJjch.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\xvzZehh.exe
  C:\Windows\System\xvzZehh.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\AjNHfbv.exe
  C:\Windows\System\AjNHfbv.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EQAGqIr.exe
  C:\Windows\System\EQAGqIr.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uavqvGB.exe
  C:\Windows\System\uavqvGB.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\EaBiGmW.exe
  C:\Windows\System\EaBiGmW.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\XsTyKou.exe
  C:\Windows\System\XsTyKou.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\tmQeqBT.exe
  C:\Windows\System\tmQeqBT.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\wsGhehc.exe
  C:\Windows\System\wsGhehc.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\HRWojhm.exe
  C:\Windows\System\HRWojhm.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\qkXHgqn.exe
  C:\Windows\System\qkXHgqn.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\zRmIUUz.exe
  C:\Windows\System\zRmIUUz.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\VXZMMXW.exe
  C:\Windows\System\VXZMMXW.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\isoFAfj.exe
  C:\Windows\System\isoFAfj.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\WxRzASp.exe
  C:\Windows\System\WxRzASp.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\nwqtgqW.exe
  C:\Windows\System\nwqtgqW.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\zAQZPil.exe
  C:\Windows\System\zAQZPil.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\lxCDLWm.exe
  C:\Windows\System\lxCDLWm.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\MlpYXZP.exe
  C:\Windows\System\MlpYXZP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\spOMzbv.exe
  C:\Windows\System\spOMzbv.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\OMzIkeq.exe
  C:\Windows\System\OMzIkeq.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\osXvUyC.exe
  C:\Windows\System\osXvUyC.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\lVmsPnM.exe
  C:\Windows\System\lVmsPnM.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\yinKwrz.exe
  C:\Windows\System\yinKwrz.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ewEPKTH.exe
  C:\Windows\System\ewEPKTH.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ykONqyO.exe
  C:\Windows\System\ykONqyO.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\jNzcGif.exe
  C:\Windows\System\jNzcGif.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OSwDJYo.exe
  C:\Windows\System\OSwDJYo.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\HsWrVqo.exe
  C:\Windows\System\HsWrVqo.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\cXAeVEw.exe
  C:\Windows\System\cXAeVEw.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\mhaCnaA.exe
  C:\Windows\System\mhaCnaA.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\rUiWdUn.exe
  C:\Windows\System\rUiWdUn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\VXtGinY.exe
  C:\Windows\System\VXtGinY.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ZYIKOyS.exe
  C:\Windows\System\ZYIKOyS.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\iVOZhfa.exe
  C:\Windows\System\iVOZhfa.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\qjVrXSC.exe
  C:\Windows\System\qjVrXSC.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\dVDuTZi.exe
  C:\Windows\System\dVDuTZi.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\qJeLgEo.exe
  C:\Windows\System\qJeLgEo.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\KCjCeiP.exe
  C:\Windows\System\KCjCeiP.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\bdsANuy.exe
  C:\Windows\System\bdsANuy.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\dndxTUy.exe
  C:\Windows\System\dndxTUy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\akxhGed.exe
  C:\Windows\System\akxhGed.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\QnbtFKM.exe
  C:\Windows\System\QnbtFKM.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\aQssLIu.exe
  C:\Windows\System\aQssLIu.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\XsBJQdQ.exe
  C:\Windows\System\XsBJQdQ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\LNGMvsd.exe
  C:\Windows\System\LNGMvsd.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jYAMZOG.exe
  C:\Windows\System\jYAMZOG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\uVPMfhm.exe
  C:\Windows\System\uVPMfhm.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\cxwqnmr.exe
  C:\Windows\System\cxwqnmr.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\PbgTexz.exe
  C:\Windows\System\PbgTexz.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\roobnBm.exe
  C:\Windows\System\roobnBm.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\CTxOtof.exe
  C:\Windows\System\CTxOtof.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\BgJetus.exe
  C:\Windows\System\BgJetus.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\UEUGzLn.exe
  C:\Windows\System\UEUGzLn.exe
  2⤵
  PID:2836
- C:\Windows\System\dWRORby.exe
  C:\Windows\System\dWRORby.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qzaZVqw.exe
  C:\Windows\System\qzaZVqw.exe
  2⤵
  PID:2920
- C:\Windows\System\EJYbNjB.exe
  C:\Windows\System\EJYbNjB.exe
  2⤵
  PID:2732
- C:\Windows\System\sgfAztL.exe
  C:\Windows\System\sgfAztL.exe
  2⤵
  PID:576
- C:\Windows\System\HzJwKpV.exe
  C:\Windows\System\HzJwKpV.exe
  2⤵
  PID:968
- C:\Windows\System\CbNTGWA.exe
  C:\Windows\System\CbNTGWA.exe
  2⤵
  PID:1700
- C:\Windows\System\MrbJeDj.exe
  C:\Windows\System\MrbJeDj.exe
  2⤵
  PID:1104
- C:\Windows\System\cDiUoBt.exe
  C:\Windows\System\cDiUoBt.exe
  2⤵
  PID:2952
- C:\Windows\System\qevMlcp.exe
  C:\Windows\System\qevMlcp.exe
  2⤵
  PID:1500
- C:\Windows\System\jwwrWHb.exe
  C:\Windows\System\jwwrWHb.exe
  2⤵
  PID:1164
- C:\Windows\System\kQzfVsA.exe
  C:\Windows\System\kQzfVsA.exe
  2⤵
  PID:2996
- C:\Windows\System\MmpQPtc.exe
  C:\Windows\System\MmpQPtc.exe
  2⤵
  PID:2720
- C:\Windows\System\QGvKpNW.exe
  C:\Windows\System\QGvKpNW.exe
  2⤵
  PID:1860
- C:\Windows\System\dWPWwVx.exe
  C:\Windows\System\dWPWwVx.exe
  2⤵
  PID:3052
- C:\Windows\System\uFuJcZZ.exe
  C:\Windows\System\uFuJcZZ.exe
  2⤵
  PID:2204
- C:\Windows\System\xrvUcDk.exe
  C:\Windows\System\xrvUcDk.exe
  2⤵
  PID:848
- C:\Windows\System\YWxRrEQ.exe
  C:\Windows\System\YWxRrEQ.exe
  2⤵
  PID:2660
- C:\Windows\System\qFaqXMF.exe
  C:\Windows\System\qFaqXMF.exe
  2⤵
  PID:2348
- C:\Windows\System\DUOUwxX.exe
  C:\Windows\System\DUOUwxX.exe
  2⤵
  PID:808
- C:\Windows\System\LcexDgy.exe
  C:\Windows\System\LcexDgy.exe
  2⤵
  PID:920
- C:\Windows\System\GmMmMmA.exe
  C:\Windows\System\GmMmMmA.exe
  2⤵
  PID:956
- C:\Windows\System\cftoPZJ.exe
  C:\Windows\System\cftoPZJ.exe
  2⤵
  PID:924
- C:\Windows\System\PovxYYz.exe
  C:\Windows\System\PovxYYz.exe
  2⤵
  PID:1256
- C:\Windows\System\ydABagB.exe
  C:\Windows\System\ydABagB.exe
  2⤵
  PID:2344
- C:\Windows\System\IlbXhAq.exe
  C:\Windows\System\IlbXhAq.exe
  2⤵
  PID:1676
- C:\Windows\System\AATIDfy.exe
  C:\Windows\System\AATIDfy.exe
  2⤵
  PID:1496
- C:\Windows\System\FiIThCv.exe
  C:\Windows\System\FiIThCv.exe
  2⤵
  PID:2544
- C:\Windows\System\OknVYnH.exe
  C:\Windows\System\OknVYnH.exe
  2⤵
  PID:1280
- C:\Windows\System\DosnLro.exe
  C:\Windows\System\DosnLro.exe
  2⤵
  PID:2572
- C:\Windows\System\wzMAWky.exe
  C:\Windows\System\wzMAWky.exe
  2⤵
  PID:1508
- C:\Windows\System\MTUmydm.exe
  C:\Windows\System\MTUmydm.exe
  2⤵
  PID:1268
- C:\Windows\System\pLIvXOh.exe
  C:\Windows\System\pLIvXOh.exe
  2⤵
  PID:2408
- C:\Windows\System\iNAfqVM.exe
  C:\Windows\System\iNAfqVM.exe
  2⤵
  PID:2848
- C:\Windows\System\NPkLNAa.exe
  C:\Windows\System\NPkLNAa.exe
  2⤵
  PID:2100
- C:\Windows\System\qxExXjo.exe
  C:\Windows\System\qxExXjo.exe
  2⤵
  PID:2184
- C:\Windows\System\rmgVCmS.exe
  C:\Windows\System\rmgVCmS.exe
  2⤵
  PID:2756
- C:\Windows\System\tferNnH.exe
  C:\Windows\System\tferNnH.exe
  2⤵
  PID:1648
- C:\Windows\System\jxfQmKk.exe
  C:\Windows\System\jxfQmKk.exe
  2⤵
  PID:1784
- C:\Windows\System\xnsGVWx.exe
  C:\Windows\System\xnsGVWx.exe
  2⤵
  PID:1444
- C:\Windows\System\ypRSXDX.exe
  C:\Windows\System\ypRSXDX.exe
  2⤵
  PID:1504
- C:\Windows\System\gXdkLaI.exe
  C:\Windows\System\gXdkLaI.exe
  2⤵
  PID:2984
- C:\Windows\System\nIOXhxB.exe
  C:\Windows\System\nIOXhxB.exe
  2⤵
  PID:3008
- C:\Windows\System\qzAqZPA.exe
  C:\Windows\System\qzAqZPA.exe
  2⤵
  PID:2104
- C:\Windows\System\eSOmOGx.exe
  C:\Windows\System\eSOmOGx.exe
  2⤵
  PID:2500
- C:\Windows\System\YKHNuDs.exe
  C:\Windows\System\YKHNuDs.exe
  2⤵
  PID:408
- C:\Windows\System\GYrcFDB.exe
  C:\Windows\System\GYrcFDB.exe
  2⤵
  PID:1912
- C:\Windows\System\CVINeVp.exe
  C:\Windows\System\CVINeVp.exe
  2⤵
  PID:1328
- C:\Windows\System\MZtLDpX.exe
  C:\Windows\System\MZtLDpX.exe
  2⤵
  PID:2460
- C:\Windows\System\lJvLZDf.exe
  C:\Windows\System\lJvLZDf.exe
  2⤵
  PID:812
- C:\Windows\System\xeRggQX.exe
  C:\Windows\System\xeRggQX.exe
  2⤵
  PID:344
- C:\Windows\System\zVDAdig.exe
  C:\Windows\System\zVDAdig.exe
  2⤵
  PID:2260
- C:\Windows\System\THnhsAo.exe
  C:\Windows\System\THnhsAo.exe
  2⤵
  PID:1600
- C:\Windows\System\ZItytSi.exe
  C:\Windows\System\ZItytSi.exe
  2⤵
  PID:1752
- C:\Windows\System\pWtYkau.exe
  C:\Windows\System\pWtYkau.exe
  2⤵
  PID:1736
- C:\Windows\System\EEakxSi.exe
  C:\Windows\System\EEakxSi.exe
  2⤵
  PID:2704
- C:\Windows\System\ZDkozfL.exe
  C:\Windows\System\ZDkozfL.exe
  2⤵
  PID:2864
- C:\Windows\System\DfeJzLX.exe
  C:\Windows\System\DfeJzLX.exe
  2⤵
  PID:3088
- C:\Windows\System\ougVfPY.exe
  C:\Windows\System\ougVfPY.exe
  2⤵
  PID:3108
- C:\Windows\System\SWAryHm.exe
  C:\Windows\System\SWAryHm.exe
  2⤵
  PID:3128
- C:\Windows\System\fhByPGT.exe
  C:\Windows\System\fhByPGT.exe
  2⤵
  PID:3148
- C:\Windows\System\JdFyOnj.exe
  C:\Windows\System\JdFyOnj.exe
  2⤵
  PID:3168
- C:\Windows\System\ZwLPclD.exe
  C:\Windows\System\ZwLPclD.exe
  2⤵
  PID:3188
- C:\Windows\System\HLsAdKT.exe
  C:\Windows\System\HLsAdKT.exe
  2⤵
  PID:3212
- C:\Windows\System\MPfloQA.exe
  C:\Windows\System\MPfloQA.exe
  2⤵
  PID:3232
- C:\Windows\System\vGZdWqN.exe
  C:\Windows\System\vGZdWqN.exe
  2⤵
  PID:3248
- C:\Windows\System\vutSiaq.exe
  C:\Windows\System\vutSiaq.exe
  2⤵
  PID:3268
- C:\Windows\System\eLDWteG.exe
  C:\Windows\System\eLDWteG.exe
  2⤵
  PID:3292
- C:\Windows\System\qWawEil.exe
  C:\Windows\System\qWawEil.exe
  2⤵
  PID:3312
- C:\Windows\System\thAaacD.exe
  C:\Windows\System\thAaacD.exe
  2⤵
  PID:3332
- C:\Windows\System\UiRramC.exe
  C:\Windows\System\UiRramC.exe
  2⤵
  PID:3352
- C:\Windows\System\OltJlzV.exe
  C:\Windows\System\OltJlzV.exe
  2⤵
  PID:3372
- C:\Windows\System\BrapJzo.exe
  C:\Windows\System\BrapJzo.exe
  2⤵
  PID:3388
- C:\Windows\System\vvdmugi.exe
  C:\Windows\System\vvdmugi.exe
  2⤵
  PID:3412
- C:\Windows\System\boprDse.exe
  C:\Windows\System\boprDse.exe
  2⤵
  PID:3428
- C:\Windows\System\RIvSKpN.exe
  C:\Windows\System\RIvSKpN.exe
  2⤵
  PID:3452
- C:\Windows\System\gPrpjtJ.exe
  C:\Windows\System\gPrpjtJ.exe
  2⤵
  PID:3472
- C:\Windows\System\YxfelBs.exe
  C:\Windows\System\YxfelBs.exe
  2⤵
  PID:3492
- C:\Windows\System\VpFlqll.exe
  C:\Windows\System\VpFlqll.exe
  2⤵
  PID:3512
- C:\Windows\System\gZdwmzO.exe
  C:\Windows\System\gZdwmzO.exe
  2⤵
  PID:3528
- C:\Windows\System\jXPagFx.exe
  C:\Windows\System\jXPagFx.exe
  2⤵
  PID:3552
- C:\Windows\System\wlXaprj.exe
  C:\Windows\System\wlXaprj.exe
  2⤵
  PID:3568
- C:\Windows\System\CIpGexa.exe
  C:\Windows\System\CIpGexa.exe
  2⤵
  PID:3588
- C:\Windows\System\nEWoVqJ.exe
  C:\Windows\System\nEWoVqJ.exe
  2⤵
  PID:3612
- C:\Windows\System\tsRhScX.exe
  C:\Windows\System\tsRhScX.exe
  2⤵
  PID:3632
- C:\Windows\System\bWGmVjk.exe
  C:\Windows\System\bWGmVjk.exe
  2⤵
  PID:3652
- C:\Windows\System\kKHXqVw.exe
  C:\Windows\System\kKHXqVw.exe
  2⤵
  PID:3672
- C:\Windows\System\LbERZwa.exe
  C:\Windows\System\LbERZwa.exe
  2⤵
  PID:3688
- C:\Windows\System\bcstWyP.exe
  C:\Windows\System\bcstWyP.exe
  2⤵
  PID:3708
- C:\Windows\System\XWglXwX.exe
  C:\Windows\System\XWglXwX.exe
  2⤵
  PID:3728
- C:\Windows\System\OBNzTmO.exe
  C:\Windows\System\OBNzTmO.exe
  2⤵
  PID:3748
- C:\Windows\System\rDZmxxh.exe
  C:\Windows\System\rDZmxxh.exe
  2⤵
  PID:3768
- C:\Windows\System\pxkCKYY.exe
  C:\Windows\System\pxkCKYY.exe
  2⤵
  PID:3788
- C:\Windows\System\brnaNPN.exe
  C:\Windows\System\brnaNPN.exe
  2⤵
  PID:3804
- C:\Windows\System\aHxTIVb.exe
  C:\Windows\System\aHxTIVb.exe
  2⤵
  PID:3832
- C:\Windows\System\bLhrXTT.exe
  C:\Windows\System\bLhrXTT.exe
  2⤵
  PID:3848
- C:\Windows\System\yaLAZcA.exe
  C:\Windows\System\yaLAZcA.exe
  2⤵
  PID:3872
- C:\Windows\System\hyWtZmB.exe
  C:\Windows\System\hyWtZmB.exe
  2⤵
  PID:3888
- C:\Windows\System\kUtAwQk.exe
  C:\Windows\System\kUtAwQk.exe
  2⤵
  PID:3912
- C:\Windows\System\NcdFeIl.exe
  C:\Windows\System\NcdFeIl.exe
  2⤵
  PID:3932
- C:\Windows\System\adRAJmg.exe
  C:\Windows\System\adRAJmg.exe
  2⤵
  PID:3952
- C:\Windows\System\aphSjSP.exe
  C:\Windows\System\aphSjSP.exe
  2⤵
  PID:3968
- C:\Windows\System\CqJYEIJ.exe
  C:\Windows\System\CqJYEIJ.exe
  2⤵
  PID:3992
- C:\Windows\System\yoyMAij.exe
  C:\Windows\System\yoyMAij.exe
  2⤵
  PID:4012
- C:\Windows\System\dysLfol.exe
  C:\Windows\System\dysLfol.exe
  2⤵
  PID:4032
- C:\Windows\System\PubAQqY.exe
  C:\Windows\System\PubAQqY.exe
  2⤵
  PID:4052
- C:\Windows\System\UAYVkjS.exe
  C:\Windows\System\UAYVkjS.exe
  2⤵
  PID:4072
- C:\Windows\System\LPpjfNE.exe
  C:\Windows\System\LPpjfNE.exe
  2⤵
  PID:4088
- C:\Windows\System\FpjUHRS.exe
  C:\Windows\System\FpjUHRS.exe
  2⤵
  PID:2584
- C:\Windows\System\qnNqBKB.exe
  C:\Windows\System\qnNqBKB.exe
  2⤵
  PID:3032
- C:\Windows\System\lGhBXqd.exe
  C:\Windows\System\lGhBXqd.exe
  2⤵
  PID:2000
- C:\Windows\System\teZKuqw.exe
  C:\Windows\System\teZKuqw.exe
  2⤵
  PID:620
- C:\Windows\System\qcJYfga.exe
  C:\Windows\System\qcJYfga.exe
  2⤵
  PID:1908
- C:\Windows\System\muasRAY.exe
  C:\Windows\System\muasRAY.exe
  2⤵
  PID:604
- C:\Windows\System\YPCEiEc.exe
  C:\Windows\System\YPCEiEc.exe
  2⤵
  PID:2452
- C:\Windows\System\wrbcEeK.exe
  C:\Windows\System\wrbcEeK.exe
  2⤵
  PID:836
- C:\Windows\System\qsHRRhb.exe
  C:\Windows\System\qsHRRhb.exe
  2⤵
  PID:2692
- C:\Windows\System\dFEMEJw.exe
  C:\Windows\System\dFEMEJw.exe
  2⤵
  PID:1392
- C:\Windows\System\BaUaZYP.exe
  C:\Windows\System\BaUaZYP.exe
  2⤵
  PID:2004
- C:\Windows\System\LtDhNXh.exe
  C:\Windows\System\LtDhNXh.exe
  2⤵
  PID:3104
- C:\Windows\System\gYvECUA.exe
  C:\Windows\System\gYvECUA.exe
  2⤵
  PID:3076
- C:\Windows\System\CeDhdYK.exe
  C:\Windows\System\CeDhdYK.exe
  2⤵
  PID:3140
- C:\Windows\System\GOrHdrU.exe
  C:\Windows\System\GOrHdrU.exe
  2⤵
  PID:3164
- C:\Windows\System\IXqITie.exe
  C:\Windows\System\IXqITie.exe
  2⤵
  PID:3220
- C:\Windows\System\hJoQtGq.exe
  C:\Windows\System\hJoQtGq.exe
  2⤵
  PID:3256
- C:\Windows\System\vOPSntL.exe
  C:\Windows\System\vOPSntL.exe
  2⤵
  PID:3280
- C:\Windows\System\GyvgLSx.exe
  C:\Windows\System\GyvgLSx.exe
  2⤵
  PID:3284
- C:\Windows\System\wcqEUTL.exe
  C:\Windows\System\wcqEUTL.exe
  2⤵
  PID:3348
- C:\Windows\System\NCqAmOZ.exe
  C:\Windows\System\NCqAmOZ.exe
  2⤵
  PID:3360
- C:\Windows\System\XIoGPJl.exe
  C:\Windows\System\XIoGPJl.exe
  2⤵
  PID:3424
- C:\Windows\System\AQRMoYj.exe
  C:\Windows\System\AQRMoYj.exe
  2⤵
  PID:3436
- C:\Windows\System\cVnZTey.exe
  C:\Windows\System\cVnZTey.exe
  2⤵
  PID:3468
- C:\Windows\System\fvwmNEx.exe
  C:\Windows\System\fvwmNEx.exe
  2⤵
  PID:3508
- C:\Windows\System\yiQEcPI.exe
  C:\Windows\System\yiQEcPI.exe
  2⤵
  PID:3524
- C:\Windows\System\UMFyBue.exe
  C:\Windows\System\UMFyBue.exe
  2⤵
  PID:3584
- C:\Windows\System\NhvEtuv.exe
  C:\Windows\System\NhvEtuv.exe
  2⤵
  PID:3620
- C:\Windows\System\qKXuVih.exe
  C:\Windows\System\qKXuVih.exe
  2⤵
  PID:3668
- C:\Windows\System\iNnHTAz.exe
  C:\Windows\System\iNnHTAz.exe
  2⤵
  PID:3680
- C:\Windows\System\YLHTTnp.exe
  C:\Windows\System\YLHTTnp.exe
  2⤵
  PID:3736
- C:\Windows\System\SAspYPy.exe
  C:\Windows\System\SAspYPy.exe
  2⤵
  PID:3780
- C:\Windows\System\ytzgAgG.exe
  C:\Windows\System\ytzgAgG.exe
  2⤵
  PID:3764
- C:\Windows\System\MczvGaQ.exe
  C:\Windows\System\MczvGaQ.exe
  2⤵
  PID:3824
- C:\Windows\System\eWurQkt.exe
  C:\Windows\System\eWurQkt.exe
  2⤵
  PID:3864
- C:\Windows\System\MkbNHZs.exe
  C:\Windows\System\MkbNHZs.exe
  2⤵
  PID:3844
- C:\Windows\System\RuMNOYp.exe
  C:\Windows\System\RuMNOYp.exe
  2⤵
  PID:3884
- C:\Windows\System\qusWaCH.exe
  C:\Windows\System\qusWaCH.exe
  2⤵
  PID:3948
- C:\Windows\System\TjpHvoO.exe
  C:\Windows\System\TjpHvoO.exe
  2⤵
  PID:3980
- C:\Windows\System\bLgVjQu.exe
  C:\Windows\System\bLgVjQu.exe
  2⤵
  PID:4020
- C:\Windows\System\xhwcRHd.exe
  C:\Windows\System\xhwcRHd.exe
  2⤵
  PID:4044
- C:\Windows\System\IXGCJmX.exe
  C:\Windows\System\IXGCJmX.exe
  2⤵
  PID:2980
- C:\Windows\System\NvssZRs.exe
  C:\Windows\System\NvssZRs.exe
  2⤵
  PID:2576
- C:\Windows\System\xvUUqJx.exe
  C:\Windows\System\xvUUqJx.exe
  2⤵
  PID:456
- C:\Windows\System\wbqBgGv.exe
  C:\Windows\System\wbqBgGv.exe
  2⤵
  PID:1252
- C:\Windows\System\sEVqJJm.exe
  C:\Windows\System\sEVqJJm.exe
  2⤵
  PID:1940
- C:\Windows\System\IZgvWiM.exe
  C:\Windows\System\IZgvWiM.exe
  2⤵
  PID:2336
- C:\Windows\System\BTPVfst.exe
  C:\Windows\System\BTPVfst.exe
  2⤵
  PID:568
- C:\Windows\System\ywHRscX.exe
  C:\Windows\System\ywHRscX.exe
  2⤵
  PID:3080
- C:\Windows\System\zCUWJJR.exe
  C:\Windows\System\zCUWJJR.exe
  2⤵
  PID:2640
- C:\Windows\System\SQpdbRF.exe
  C:\Windows\System\SQpdbRF.exe
  2⤵
  PID:3224
- C:\Windows\System\ZUEfUJy.exe
  C:\Windows\System\ZUEfUJy.exe
  2⤵
  PID:3116
- C:\Windows\System\jQvlIjS.exe
  C:\Windows\System\jQvlIjS.exe
  2⤵
  PID:3156
- C:\Windows\System\msvxsvv.exe
  C:\Windows\System\msvxsvv.exe
  2⤵
  PID:3328
- C:\Windows\System\nwUKCcF.exe
  C:\Windows\System\nwUKCcF.exe
  2⤵
  PID:3320
- C:\Windows\System\BsrEnLh.exe
  C:\Windows\System\BsrEnLh.exe
  2⤵
  PID:3420
- C:\Windows\System\gWJVlhO.exe
  C:\Windows\System\gWJVlhO.exe
  2⤵
  PID:3564
- C:\Windows\System\AWWzuna.exe
  C:\Windows\System\AWWzuna.exe
  2⤵
  PID:3560
- C:\Windows\System\fkiuRmD.exe
  C:\Windows\System\fkiuRmD.exe
  2⤵
  PID:3608
- C:\Windows\System\wDXIohy.exe
  C:\Windows\System\wDXIohy.exe
  2⤵
  PID:3704
- C:\Windows\System\PbEBimG.exe
  C:\Windows\System\PbEBimG.exe
  2⤵
  PID:3720
- C:\Windows\System\xHZGxaP.exe
  C:\Windows\System\xHZGxaP.exe
  2⤵
  PID:3740
- C:\Windows\System\NXCjsXO.exe
  C:\Windows\System\NXCjsXO.exe
  2⤵
  PID:3904
- C:\Windows\System\MzmJqkO.exe
  C:\Windows\System\MzmJqkO.exe
  2⤵
  PID:3840
- C:\Windows\System\LDzlwtM.exe
  C:\Windows\System\LDzlwtM.exe
  2⤵
  PID:4008
- C:\Windows\System\oQQHmCy.exe
  C:\Windows\System\oQQHmCy.exe
  2⤵
  PID:3940
- C:\Windows\System\JZiYBKq.exe
  C:\Windows\System\JZiYBKq.exe
  2⤵
  PID:4068
- C:\Windows\System\mdUPdaB.exe
  C:\Windows\System\mdUPdaB.exe
  2⤵
  PID:2160
- C:\Windows\System\csSOatc.exe
  C:\Windows\System\csSOatc.exe
  2⤵
  PID:2748
- C:\Windows\System\xkhLApn.exe
  C:\Windows\System\xkhLApn.exe
  2⤵
  PID:1664
- C:\Windows\System\YPFJapQ.exe
  C:\Windows\System\YPFJapQ.exe
  2⤵
  PID:2928
- C:\Windows\System\SojJyvq.exe
  C:\Windows\System\SojJyvq.exe
  2⤵
  PID:3160
- C:\Windows\System\bLjrLuE.exe
  C:\Windows\System\bLjrLuE.exe
  2⤵
  PID:3208
- C:\Windows\System\KlYTRdg.exe
  C:\Windows\System\KlYTRdg.exe
  2⤵
  PID:3144
- C:\Windows\System\wEjrWem.exe
  C:\Windows\System\wEjrWem.exe
  2⤵
  PID:3276
- C:\Windows\System\EguNyDK.exe
  C:\Windows\System\EguNyDK.exe
  2⤵
  PID:3484
- C:\Windows\System\bZIFzLk.exe
  C:\Windows\System\bZIFzLk.exe
  2⤵
  PID:3596
- C:\Windows\System\WUDPbkN.exe
  C:\Windows\System\WUDPbkN.exe
  2⤵
  PID:3644
- C:\Windows\System\ACvdVIo.exe
  C:\Windows\System\ACvdVIo.exe
  2⤵
  PID:3724
- C:\Windows\System\GcllCPo.exe
  C:\Windows\System\GcllCPo.exe
  2⤵
  PID:3828
- C:\Windows\System\NyLxPqB.exe
  C:\Windows\System\NyLxPqB.exe
  2⤵
  PID:3976
- C:\Windows\System\NCCCfiG.exe
  C:\Windows\System\NCCCfiG.exe
  2⤵
  PID:3960
- C:\Windows\System\SCvyuHH.exe
  C:\Windows\System\SCvyuHH.exe
  2⤵
  PID:4064
- C:\Windows\System\SnbPUiw.exe
  C:\Windows\System\SnbPUiw.exe
  2⤵
  PID:3184
- C:\Windows\System\CAjHeKg.exe
  C:\Windows\System\CAjHeKg.exe
  2⤵
  PID:4100
- C:\Windows\System\qTKaxDh.exe
  C:\Windows\System\qTKaxDh.exe
  2⤵
  PID:4124
- C:\Windows\System\xmmWBEM.exe
  C:\Windows\System\xmmWBEM.exe
  2⤵
  PID:4148
- C:\Windows\System\FOXxwXx.exe
  C:\Windows\System\FOXxwXx.exe
  2⤵
  PID:4168
- C:\Windows\System\tZmCzMq.exe
  C:\Windows\System\tZmCzMq.exe
  2⤵
  PID:4184
- C:\Windows\System\MLyXkBV.exe
  C:\Windows\System\MLyXkBV.exe
  2⤵
  PID:4208
- C:\Windows\System\ynnHoNv.exe
  C:\Windows\System\ynnHoNv.exe
  2⤵
  PID:4228
- C:\Windows\System\XmXlFdP.exe
  C:\Windows\System\XmXlFdP.exe
  2⤵
  PID:4248
- C:\Windows\System\mlOwGrC.exe
  C:\Windows\System\mlOwGrC.exe
  2⤵
  PID:4268
- C:\Windows\System\adcnYDm.exe
  C:\Windows\System\adcnYDm.exe
  2⤵
  PID:4288
- C:\Windows\System\JuKXcAm.exe
  C:\Windows\System\JuKXcAm.exe
  2⤵
  PID:4308
- C:\Windows\System\LrfBtnq.exe
  C:\Windows\System\LrfBtnq.exe
  2⤵
  PID:4324
- C:\Windows\System\DJvjlTt.exe
  C:\Windows\System\DJvjlTt.exe
  2⤵
  PID:4340
- C:\Windows\System\MmBBqBV.exe
  C:\Windows\System\MmBBqBV.exe
  2⤵
  PID:4364
- C:\Windows\System\aQjAicT.exe
  C:\Windows\System\aQjAicT.exe
  2⤵
  PID:4388
- C:\Windows\System\zbwoNTo.exe
  C:\Windows\System\zbwoNTo.exe
  2⤵
  PID:4408
- C:\Windows\System\jtSlmal.exe
  C:\Windows\System\jtSlmal.exe
  2⤵
  PID:4428
- C:\Windows\System\uZMobVk.exe
  C:\Windows\System\uZMobVk.exe
  2⤵
  PID:4448
- C:\Windows\System\NBSoest.exe
  C:\Windows\System\NBSoest.exe
  2⤵
  PID:4468
- C:\Windows\System\iKjuoge.exe
  C:\Windows\System\iKjuoge.exe
  2⤵
  PID:4488
- C:\Windows\System\bBptxel.exe
  C:\Windows\System\bBptxel.exe
  2⤵
  PID:4508
- C:\Windows\System\NHKPzHd.exe
  C:\Windows\System\NHKPzHd.exe
  2⤵
  PID:4532
- C:\Windows\System\ZBZYwwt.exe
  C:\Windows\System\ZBZYwwt.exe
  2⤵
  PID:4552
- C:\Windows\System\phjBGJK.exe
  C:\Windows\System\phjBGJK.exe
  2⤵
  PID:4572
- C:\Windows\System\gypOoje.exe
  C:\Windows\System\gypOoje.exe
  2⤵
  PID:4592
- C:\Windows\System\LtZtLFS.exe
  C:\Windows\System\LtZtLFS.exe
  2⤵
  PID:4612
- C:\Windows\System\SVIsUgR.exe
  C:\Windows\System\SVIsUgR.exe
  2⤵
  PID:4632
- C:\Windows\System\zUzlfyl.exe
  C:\Windows\System\zUzlfyl.exe
  2⤵
  PID:4652
- C:\Windows\System\NMObycf.exe
  C:\Windows\System\NMObycf.exe
  2⤵
  PID:4672
- C:\Windows\System\rUyvXgf.exe
  C:\Windows\System\rUyvXgf.exe
  2⤵
  PID:4692
- C:\Windows\System\YSwlCeI.exe
  C:\Windows\System\YSwlCeI.exe
  2⤵
  PID:4716
- C:\Windows\System\wHPNePR.exe
  C:\Windows\System\wHPNePR.exe
  2⤵
  PID:4736
- C:\Windows\System\wuQzuEH.exe
  C:\Windows\System\wuQzuEH.exe
  2⤵
  PID:4756
- C:\Windows\System\GEfIErj.exe
  C:\Windows\System\GEfIErj.exe
  2⤵
  PID:4776
- C:\Windows\System\aYjpFrx.exe
  C:\Windows\System\aYjpFrx.exe
  2⤵
  PID:4804
- C:\Windows\System\JHftOzg.exe
  C:\Windows\System\JHftOzg.exe
  2⤵
  PID:4824
- C:\Windows\System\DZwZMjq.exe
  C:\Windows\System\DZwZMjq.exe
  2⤵
  PID:4844
- C:\Windows\System\SDMMnRk.exe
  C:\Windows\System\SDMMnRk.exe
  2⤵
  PID:4864
- C:\Windows\System\yEqmSAG.exe
  C:\Windows\System\yEqmSAG.exe
  2⤵
  PID:4884
- C:\Windows\System\lPvPIEq.exe
  C:\Windows\System\lPvPIEq.exe
  2⤵
  PID:4904
- C:\Windows\System\KYJrKGy.exe
  C:\Windows\System\KYJrKGy.exe
  2⤵
  PID:4924
- C:\Windows\System\JuhHGhy.exe
  C:\Windows\System\JuhHGhy.exe
  2⤵
  PID:4944
- C:\Windows\System\ShiaXYR.exe
  C:\Windows\System\ShiaXYR.exe
  2⤵
  PID:4964
- C:\Windows\System\hqRHIxY.exe
  C:\Windows\System\hqRHIxY.exe
  2⤵
  PID:4984
- C:\Windows\System\WVztAfj.exe
  C:\Windows\System\WVztAfj.exe
  2⤵
  PID:5008
- C:\Windows\System\qsZxlkR.exe
  C:\Windows\System\qsZxlkR.exe
  2⤵
  PID:5028
- C:\Windows\System\ceZSvVY.exe
  C:\Windows\System\ceZSvVY.exe
  2⤵
  PID:5052
- C:\Windows\System\tWXmBtn.exe
  C:\Windows\System\tWXmBtn.exe
  2⤵
  PID:5072
- C:\Windows\System\qnBQkPE.exe
  C:\Windows\System\qnBQkPE.exe
  2⤵
  PID:5096
- C:\Windows\System\RzCFrte.exe
  C:\Windows\System\RzCFrte.exe
  2⤵
  PID:5116
- C:\Windows\System\DfxjRcK.exe
  C:\Windows\System\DfxjRcK.exe
  2⤵
  PID:2700
- C:\Windows\System\gNRbCCC.exe
  C:\Windows\System\gNRbCCC.exe
  2⤵
  PID:3404
- C:\Windows\System\qzSLQqq.exe
  C:\Windows\System\qzSLQqq.exe
  2⤵
  PID:3396
- C:\Windows\System\rYhCYCs.exe
  C:\Windows\System\rYhCYCs.exe
  2⤵
  PID:3544
- C:\Windows\System\NbdKEbN.exe
  C:\Windows\System\NbdKEbN.exe
  2⤵
  PID:3908
- C:\Windows\System\gtRzrGb.exe
  C:\Windows\System\gtRzrGb.exe
  2⤵
  PID:3856
- C:\Windows\System\ZmJOWnf.exe
  C:\Windows\System\ZmJOWnf.exe
  2⤵
  PID:4080
- C:\Windows\System\kXuYZQO.exe
  C:\Windows\System\kXuYZQO.exe
  2⤵
  PID:4136
- C:\Windows\System\iCTIrrz.exe
  C:\Windows\System\iCTIrrz.exe
  2⤵
  PID:4108
- C:\Windows\System\kkxYfZJ.exe
  C:\Windows\System\kkxYfZJ.exe
  2⤵
  PID:4180
- C:\Windows\System\jWScZeJ.exe
  C:\Windows\System\jWScZeJ.exe
  2⤵
  PID:4216
- C:\Windows\System\XSbzQgg.exe
  C:\Windows\System\XSbzQgg.exe
  2⤵
  PID:4200
- C:\Windows\System\LUBwhDD.exe
  C:\Windows\System\LUBwhDD.exe
  2⤵
  PID:4240
- C:\Windows\System\rTgJvGS.exe
  C:\Windows\System\rTgJvGS.exe
  2⤵
  PID:4280
- C:\Windows\System\MiUctgX.exe
  C:\Windows\System\MiUctgX.exe
  2⤵
  PID:4316
- C:\Windows\System\aYkMqSb.exe
  C:\Windows\System\aYkMqSb.exe
  2⤵
  PID:4360
- C:\Windows\System\usYxUpv.exe
  C:\Windows\System\usYxUpv.exe
  2⤵
  PID:4416
- C:\Windows\System\nXReenA.exe
  C:\Windows\System\nXReenA.exe
  2⤵
  PID:4424
- C:\Windows\System\WQXahBF.exe
  C:\Windows\System\WQXahBF.exe
  2⤵
  PID:4460
- C:\Windows\System\GYceroM.exe
  C:\Windows\System\GYceroM.exe
  2⤵
  PID:4500
- C:\Windows\System\XfZHvxh.exe
  C:\Windows\System\XfZHvxh.exe
  2⤵
  PID:4520
- C:\Windows\System\nBGedEn.exe
  C:\Windows\System\nBGedEn.exe
  2⤵
  PID:4580
- C:\Windows\System\zkizuem.exe
  C:\Windows\System\zkizuem.exe
  2⤵
  PID:4620
- C:\Windows\System\tOAaVyi.exe
  C:\Windows\System\tOAaVyi.exe
  2⤵
  PID:4640
- C:\Windows\System\SwmUQWH.exe
  C:\Windows\System\SwmUQWH.exe
  2⤵
  PID:4664
- C:\Windows\System\Qymqohy.exe
  C:\Windows\System\Qymqohy.exe
  2⤵
  PID:4684
- C:\Windows\System\dXSTuWk.exe
  C:\Windows\System\dXSTuWk.exe
  2⤵
  PID:4748
- C:\Windows\System\MkErEJM.exe
  C:\Windows\System\MkErEJM.exe
  2⤵
  PID:4772
- C:\Windows\System\wIKnQaO.exe
  C:\Windows\System\wIKnQaO.exe
  2⤵
  PID:4792
- C:\Windows\System\nlsfSYM.exe
  C:\Windows\System\nlsfSYM.exe
  2⤵
  PID:4836
- C:\Windows\System\BktSEdP.exe
  C:\Windows\System\BktSEdP.exe
  2⤵
  PID:4872
- C:\Windows\System\AOPFZLC.exe
  C:\Windows\System\AOPFZLC.exe
  2⤵
  PID:4920
- C:\Windows\System\SSVSDZo.exe
  C:\Windows\System\SSVSDZo.exe
  2⤵
  PID:4952
- C:\Windows\System\iZsAraR.exe
  C:\Windows\System\iZsAraR.exe
  2⤵
  PID:4992
- C:\Windows\System\XWuhRcx.exe
  C:\Windows\System\XWuhRcx.exe
  2⤵
  PID:4996
- C:\Windows\System\SmMYjmK.exe
  C:\Windows\System\SmMYjmK.exe
  2⤵
  PID:5048
- C:\Windows\System\jBxbQfD.exe
  C:\Windows\System\jBxbQfD.exe
  2⤵
  PID:5084
- C:\Windows\System\YwxxDgs.exe
  C:\Windows\System\YwxxDgs.exe
  2⤵
  PID:3380
- C:\Windows\System\NZxgeCh.exe
  C:\Windows\System\NZxgeCh.exe
  2⤵
  PID:3344
- C:\Windows\System\ZjHLCZP.exe
  C:\Windows\System\ZjHLCZP.exe
  2⤵
  PID:3660
- C:\Windows\System\MkhCrYG.exe
  C:\Windows\System\MkhCrYG.exe
  2⤵
  PID:3900
- C:\Windows\System\hoHaGZg.exe
  C:\Windows\System\hoHaGZg.exe
  2⤵
  PID:3964
- C:\Windows\System\umLgsUA.exe
  C:\Windows\System\umLgsUA.exe
  2⤵
  PID:4120
- C:\Windows\System\rqBMkNN.exe
  C:\Windows\System\rqBMkNN.exe
  2⤵
  PID:4204
- C:\Windows\System\lDiwaZk.exe
  C:\Windows\System\lDiwaZk.exe
  2⤵
  PID:4284
- C:\Windows\System\yodysUi.exe
  C:\Windows\System\yodysUi.exe
  2⤵
  PID:4376
- C:\Windows\System\FQXiJOP.exe
  C:\Windows\System\FQXiJOP.exe
  2⤵
  PID:4332
- C:\Windows\System\TeFmTHf.exe
  C:\Windows\System\TeFmTHf.exe
  2⤵
  PID:4380
- C:\Windows\System\CbMgfzs.exe
  C:\Windows\System\CbMgfzs.exe
  2⤵
  PID:4484
- C:\Windows\System\lSviUlW.exe
  C:\Windows\System\lSviUlW.exe
  2⤵
  PID:4524
- C:\Windows\System\JmSEwJP.exe
  C:\Windows\System\JmSEwJP.exe
  2⤵
  PID:4624
- C:\Windows\System\oDHtjBl.exe
  C:\Windows\System\oDHtjBl.exe
  2⤵
  PID:4660
- C:\Windows\System\IFlywBz.exe
  C:\Windows\System\IFlywBz.exe
  2⤵
  PID:4668
- C:\Windows\System\AZyhQyH.exe
  C:\Windows\System\AZyhQyH.exe
  2⤵
  PID:4752
- C:\Windows\System\VpTOtDJ.exe
  C:\Windows\System\VpTOtDJ.exe
  2⤵
  PID:4812
- C:\Windows\System\rKpzALa.exe
  C:\Windows\System\rKpzALa.exe
  2⤵
  PID:4876
- C:\Windows\System\jQuywYs.exe
  C:\Windows\System\jQuywYs.exe
  2⤵
  PID:4976
- C:\Windows\System\yxdOogA.exe
  C:\Windows\System\yxdOogA.exe
  2⤵
  PID:5016
- C:\Windows\System\YuFXZmT.exe
  C:\Windows\System\YuFXZmT.exe
  2⤵
  PID:5068
- C:\Windows\System\kAarCPE.exe
  C:\Windows\System\kAarCPE.exe
  2⤵
  PID:780
- C:\Windows\System\RpMCNUP.exe
  C:\Windows\System\RpMCNUP.exe
  2⤵
  PID:3648
- C:\Windows\System\fYoDBYa.exe
  C:\Windows\System\fYoDBYa.exe
  2⤵
  PID:4144
- C:\Windows\System\JiBbvXY.exe
  C:\Windows\System\JiBbvXY.exe
  2⤵
  PID:1952
- C:\Windows\System\BNvVXRj.exe
  C:\Windows\System\BNvVXRj.exe
  2⤵
  PID:4296
- C:\Windows\System\eyeltQE.exe
  C:\Windows\System\eyeltQE.exe
  2⤵
  PID:4264
- C:\Windows\System\WCAREXh.exe
  C:\Windows\System\WCAREXh.exe
  2⤵
  PID:4336
- C:\Windows\System\vRsPGXp.exe
  C:\Windows\System\vRsPGXp.exe
  2⤵
  PID:4496
- C:\Windows\System\EsfeZxn.exe
  C:\Windows\System\EsfeZxn.exe
  2⤵
  PID:4568
- C:\Windows\System\HMKgZAO.exe
  C:\Windows\System\HMKgZAO.exe
  2⤵
  PID:4704
- C:\Windows\System\FrLFgOZ.exe
  C:\Windows\System\FrLFgOZ.exe
  2⤵
  PID:4852
- C:\Windows\System\BzLYzhR.exe
  C:\Windows\System\BzLYzhR.exe
  2⤵
  PID:4892
- C:\Windows\System\NwQDoQz.exe
  C:\Windows\System\NwQDoQz.exe
  2⤵
  PID:5140
- C:\Windows\System\EVVgTXR.exe
  C:\Windows\System\EVVgTXR.exe
  2⤵
  PID:5160
- C:\Windows\System\yPqXDNm.exe
  C:\Windows\System\yPqXDNm.exe
  2⤵
  PID:5180
- C:\Windows\System\POHGHBf.exe
  C:\Windows\System\POHGHBf.exe
  2⤵
  PID:5200
- C:\Windows\System\VWFZYfK.exe
  C:\Windows\System\VWFZYfK.exe
  2⤵
  PID:5220
- C:\Windows\System\uLLEUWL.exe
  C:\Windows\System\uLLEUWL.exe
  2⤵
  PID:5240
- C:\Windows\System\OwfRfdy.exe
  C:\Windows\System\OwfRfdy.exe
  2⤵
  PID:5260
- C:\Windows\System\VInNyTM.exe
  C:\Windows\System\VInNyTM.exe
  2⤵
  PID:5280
- C:\Windows\System\tTwhoTi.exe
  C:\Windows\System\tTwhoTi.exe
  2⤵
  PID:5304
- C:\Windows\System\YGHpIsC.exe
  C:\Windows\System\YGHpIsC.exe
  2⤵
  PID:5320
- C:\Windows\System\NPMoPMG.exe
  C:\Windows\System\NPMoPMG.exe
  2⤵
  PID:5344
- C:\Windows\System\ZpvgiZU.exe
  C:\Windows\System\ZpvgiZU.exe
  2⤵
  PID:5364
- C:\Windows\System\MYQCHMv.exe
  C:\Windows\System\MYQCHMv.exe
  2⤵
  PID:5380
- C:\Windows\System\JBGSHrk.exe
  C:\Windows\System\JBGSHrk.exe
  2⤵
  PID:5404
- C:\Windows\System\ButIFCJ.exe
  C:\Windows\System\ButIFCJ.exe
  2⤵
  PID:5424
- C:\Windows\System\UWSuTeF.exe
  C:\Windows\System\UWSuTeF.exe
  2⤵
  PID:5444
- C:\Windows\System\nyvDKlT.exe
  C:\Windows\System\nyvDKlT.exe
  2⤵
  PID:5464
- C:\Windows\System\vjnKSCL.exe
  C:\Windows\System\vjnKSCL.exe
  2⤵
  PID:5484
- C:\Windows\System\CFqLlIs.exe
  C:\Windows\System\CFqLlIs.exe
  2⤵
  PID:5504
- C:\Windows\System\qyYLbwF.exe
  C:\Windows\System\qyYLbwF.exe
  2⤵
  PID:5524
- C:\Windows\System\kuwGMEm.exe
  C:\Windows\System\kuwGMEm.exe
  2⤵
  PID:5544
- C:\Windows\System\AalBWhV.exe
  C:\Windows\System\AalBWhV.exe
  2⤵
  PID:5564
- C:\Windows\System\lgjIIle.exe
  C:\Windows\System\lgjIIle.exe
  2⤵
  PID:5584
- C:\Windows\System\AHhjwmV.exe
  C:\Windows\System\AHhjwmV.exe
  2⤵
  PID:5600
- C:\Windows\System\okNBWoB.exe
  C:\Windows\System\okNBWoB.exe
  2⤵
  PID:5624
- C:\Windows\System\vwcJGNJ.exe
  C:\Windows\System\vwcJGNJ.exe
  2⤵
  PID:5644
- C:\Windows\System\mPlKwpo.exe
  C:\Windows\System\mPlKwpo.exe
  2⤵
  PID:5664
- C:\Windows\System\ZshQlyb.exe
  C:\Windows\System\ZshQlyb.exe
  2⤵
  PID:5684
- C:\Windows\System\zVvGViT.exe
  C:\Windows\System\zVvGViT.exe
  2⤵
  PID:5700
- C:\Windows\System\zDXIQmG.exe
  C:\Windows\System\zDXIQmG.exe
  2⤵
  PID:5724
- C:\Windows\System\UBanpTr.exe
  C:\Windows\System\UBanpTr.exe
  2⤵
  PID:5744
- C:\Windows\System\zHmnOvG.exe
  C:\Windows\System\zHmnOvG.exe
  2⤵
  PID:5764
- C:\Windows\System\ZGBwAYp.exe
  C:\Windows\System\ZGBwAYp.exe
  2⤵
  PID:5784
- C:\Windows\System\yTkksVZ.exe
  C:\Windows\System\yTkksVZ.exe
  2⤵
  PID:5804
- C:\Windows\System\DXpfueO.exe
  C:\Windows\System\DXpfueO.exe
  2⤵
  PID:5824
- C:\Windows\System\BykDubK.exe
  C:\Windows\System\BykDubK.exe
  2⤵
  PID:5844
- C:\Windows\System\UTZWLPu.exe
  C:\Windows\System\UTZWLPu.exe
  2⤵
  PID:5864
- C:\Windows\System\zpgBZBh.exe
  C:\Windows\System\zpgBZBh.exe
  2⤵
  PID:5884
- C:\Windows\System\CDuKmZc.exe
  C:\Windows\System\CDuKmZc.exe
  2⤵
  PID:5904
- C:\Windows\System\fVudfOq.exe
  C:\Windows\System\fVudfOq.exe
  2⤵
  PID:5924
- C:\Windows\System\jGgunrl.exe
  C:\Windows\System\jGgunrl.exe
  2⤵
  PID:5944
- C:\Windows\System\RTykbpS.exe
  C:\Windows\System\RTykbpS.exe
  2⤵
  PID:5960
- C:\Windows\System\ZQxDPdf.exe
  C:\Windows\System\ZQxDPdf.exe
  2⤵
  PID:5984
- C:\Windows\System\lEwpMHt.exe
  C:\Windows\System\lEwpMHt.exe
  2⤵
  PID:6004
- C:\Windows\System\ifrMJqR.exe
  C:\Windows\System\ifrMJqR.exe
  2⤵
  PID:6024
- C:\Windows\System\DwgcRlA.exe
  C:\Windows\System\DwgcRlA.exe
  2⤵
  PID:6040
- C:\Windows\System\VIUhwAd.exe
  C:\Windows\System\VIUhwAd.exe
  2⤵
  PID:6064
- C:\Windows\System\hVjCGKo.exe
  C:\Windows\System\hVjCGKo.exe
  2⤵
  PID:6084
- C:\Windows\System\TMzJdiQ.exe
  C:\Windows\System\TMzJdiQ.exe
  2⤵
  PID:6104
- C:\Windows\System\IFIyjIZ.exe
  C:\Windows\System\IFIyjIZ.exe
  2⤵
  PID:6120
- C:\Windows\System\vHyleck.exe
  C:\Windows\System\vHyleck.exe
  2⤵
  PID:4912
- C:\Windows\System\ccjEXEF.exe
  C:\Windows\System\ccjEXEF.exe
  2⤵
  PID:4936
- C:\Windows\System\fLUHVsO.exe
  C:\Windows\System\fLUHVsO.exe
  2⤵
  PID:5080
- C:\Windows\System\QyHVfaM.exe
  C:\Windows\System\QyHVfaM.exe
  2⤵
  PID:3520
- C:\Windows\System\mYBoBbf.exe
  C:\Windows\System\mYBoBbf.exe
  2⤵
  PID:4116
- C:\Windows\System\HEpSUdn.exe
  C:\Windows\System\HEpSUdn.exe
  2⤵
  PID:4256
- C:\Windows\System\OPTkiFl.exe
  C:\Windows\System\OPTkiFl.exe
  2⤵
  PID:4476
- C:\Windows\System\yyEoDDC.exe
  C:\Windows\System\yyEoDDC.exe
  2⤵
  PID:4600
- C:\Windows\System\MSEgARD.exe
  C:\Windows\System\MSEgARD.exe
  2⤵
  PID:4712
- C:\Windows\System\GoNtIex.exe
  C:\Windows\System\GoNtIex.exe
  2⤵
  PID:4900
- C:\Windows\System\NLqGcWV.exe
  C:\Windows\System\NLqGcWV.exe
  2⤵
  PID:5172
- C:\Windows\System\QWvdbNg.exe
  C:\Windows\System\QWvdbNg.exe
  2⤵
  PID:5196
- C:\Windows\System\FXYUlNx.exe
  C:\Windows\System\FXYUlNx.exe
  2⤵
  PID:5212
- C:\Windows\System\MefvHYW.exe
  C:\Windows\System\MefvHYW.exe
  2⤵
  PID:5236
- C:\Windows\System\MmaBirC.exe
  C:\Windows\System\MmaBirC.exe
  2⤵
  PID:5296
- C:\Windows\System\WsYMaVS.exe
  C:\Windows\System\WsYMaVS.exe
  2⤵
  PID:5312
- C:\Windows\System\BbIGonJ.exe
  C:\Windows\System\BbIGonJ.exe
  2⤵
  PID:5376
- C:\Windows\System\BVfGJsV.exe
  C:\Windows\System\BVfGJsV.exe
  2⤵
  PID:5416
- C:\Windows\System\MJDvFpL.exe
  C:\Windows\System\MJDvFpL.exe
  2⤵
  PID:5400
- C:\Windows\System\wQwbkNh.exe
  C:\Windows\System\wQwbkNh.exe
  2⤵
  PID:5500
- C:\Windows\System\rIuAfra.exe
  C:\Windows\System\rIuAfra.exe
  2⤵
  PID:5480
- C:\Windows\System\udjWFYV.exe
  C:\Windows\System\udjWFYV.exe
  2⤵
  PID:5516
- C:\Windows\System\xLsJNpC.exe
  C:\Windows\System\xLsJNpC.exe
  2⤵
  PID:5580
- C:\Windows\System\NfwprdI.exe
  C:\Windows\System\NfwprdI.exe
  2⤵
  PID:5612
- C:\Windows\System\HXNFdOG.exe
  C:\Windows\System\HXNFdOG.exe
  2⤵
  PID:5632
- C:\Windows\System\hASoINR.exe
  C:\Windows\System\hASoINR.exe
  2⤵
  PID:5692
- C:\Windows\System\WQAvSGt.exe
  C:\Windows\System\WQAvSGt.exe
  2⤵
  PID:5680
- C:\Windows\System\ONWLjuo.exe
  C:\Windows\System\ONWLjuo.exe
  2⤵
  PID:5712
- C:\Windows\System\pAvixMk.exe
  C:\Windows\System\pAvixMk.exe
  2⤵
  PID:5776
- C:\Windows\System\aAoarUn.exe
  C:\Windows\System\aAoarUn.exe
  2⤵
  PID:5820
- C:\Windows\System\uiJioTR.exe
  C:\Windows\System\uiJioTR.exe
  2⤵
  PID:5860
- C:\Windows\System\QwRtyvm.exe
  C:\Windows\System\QwRtyvm.exe
  2⤵
  PID:5892
- C:\Windows\System\TLwlUpd.exe
  C:\Windows\System\TLwlUpd.exe
  2⤵
  PID:5880
- C:\Windows\System\RDlNkGv.exe
  C:\Windows\System\RDlNkGv.exe
  2⤵
  PID:5940
- C:\Windows\System\xDhlnnD.exe
  C:\Windows\System\xDhlnnD.exe
  2⤵
  PID:5952
- C:\Windows\System\OteJFDy.exe
  C:\Windows\System\OteJFDy.exe
  2⤵
  PID:6016
- C:\Windows\System\GxqLWix.exe
  C:\Windows\System\GxqLWix.exe
  2⤵
  PID:6056
- C:\Windows\System\uFuoLIh.exe
  C:\Windows\System\uFuoLIh.exe
  2⤵
  PID:6092
- C:\Windows\System\WHDrsaK.exe
  C:\Windows\System\WHDrsaK.exe
  2⤵
  PID:6072
- C:\Windows\System\NcpsseC.exe
  C:\Windows\System\NcpsseC.exe
  2⤵
  PID:5064
- C:\Windows\System\zRzajWl.exe
  C:\Windows\System\zRzajWl.exe
  2⤵
  PID:5024
- C:\Windows\System\SNkRpQZ.exe
  C:\Windows\System\SNkRpQZ.exe
  2⤵
  PID:4040
- C:\Windows\System\UYmltbK.exe
  C:\Windows\System\UYmltbK.exe
  2⤵
  PID:4372
- C:\Windows\System\hOtYbBD.exe
  C:\Windows\System\hOtYbBD.exe
  2⤵
  PID:3800
- C:\Windows\System\bkPIayT.exe
  C:\Windows\System\bkPIayT.exe
  2⤵
  PID:4440
- C:\Windows\System\ERQeVxT.exe
  C:\Windows\System\ERQeVxT.exe
  2⤵
  PID:4820
- C:\Windows\System\yLOTGgl.exe
  C:\Windows\System\yLOTGgl.exe
  2⤵
  PID:5152
- C:\Windows\System\ASrWsQE.exe
  C:\Windows\System\ASrWsQE.exe
  2⤵
  PID:5268
- C:\Windows\System\iigVBIL.exe
  C:\Windows\System\iigVBIL.exe
  2⤵
  PID:5352
- C:\Windows\System\vjkJEKF.exe
  C:\Windows\System\vjkJEKF.exe
  2⤵
  PID:5360
- C:\Windows\System\wYnlIIT.exe
  C:\Windows\System\wYnlIIT.exe
  2⤵
  PID:5440
- C:\Windows\System\gZshdML.exe
  C:\Windows\System\gZshdML.exe
  2⤵
  PID:5492
- C:\Windows\System\IPKEAFv.exe
  C:\Windows\System\IPKEAFv.exe
  2⤵
  PID:5520
- C:\Windows\System\wSjhDUZ.exe
  C:\Windows\System\wSjhDUZ.exe
  2⤵
  PID:5652
- C:\Windows\System\hbFJPGH.exe
  C:\Windows\System\hbFJPGH.exe
  2⤵
  PID:5732
- C:\Windows\System\VapcxwA.exe
  C:\Windows\System\VapcxwA.exe
  2⤵
  PID:5640
- C:\Windows\System\xykKlPr.exe
  C:\Windows\System\xykKlPr.exe
  2⤵
  PID:5772
- C:\Windows\System\bPwNAZQ.exe
  C:\Windows\System\bPwNAZQ.exe
  2⤵
  PID:5796
- C:\Windows\System\EzUjYtV.exe
  C:\Windows\System\EzUjYtV.exe
  2⤵
  PID:5900
- C:\Windows\System\hBKMfBn.exe
  C:\Windows\System\hBKMfBn.exe
  2⤵
  PID:5912
- C:\Windows\System\MtBXYmZ.exe
  C:\Windows\System\MtBXYmZ.exe
  2⤵
  PID:6048
- C:\Windows\System\UMzSNfZ.exe
  C:\Windows\System\UMzSNfZ.exe
  2⤵
  PID:6012
- C:\Windows\System\CAleyku.exe
  C:\Windows\System\CAleyku.exe
  2⤵
  PID:6116
- C:\Windows\System\dHbPEGy.exe
  C:\Windows\System\dHbPEGy.exe
  2⤵
  PID:6036
- C:\Windows\System\ZNQljST.exe
  C:\Windows\System\ZNQljST.exe
  2⤵
  PID:6136
- C:\Windows\System\SrzHQeL.exe
  C:\Windows\System\SrzHQeL.exe
  2⤵
  PID:4628
- C:\Windows\System\FWMieyj.exe
  C:\Windows\System\FWMieyj.exe
  2⤵
  PID:5188
- C:\Windows\System\pQkjKcR.exe
  C:\Windows\System\pQkjKcR.exe
  2⤵
  PID:5148
- C:\Windows\System\cepSVNg.exe
  C:\Windows\System\cepSVNg.exe
  2⤵
  PID:5396
- C:\Windows\System\qaniYwy.exe
  C:\Windows\System\qaniYwy.exe
  2⤵
  PID:5276
- C:\Windows\System\tkeaGQM.exe
  C:\Windows\System\tkeaGQM.exe
  2⤵
  PID:5608
- C:\Windows\System\VADAIei.exe
  C:\Windows\System\VADAIei.exe
  2⤵
  PID:5708
- C:\Windows\System\KGJjCls.exe
  C:\Windows\System\KGJjCls.exe
  2⤵
  PID:5556
- C:\Windows\System\UFWhmKb.exe
  C:\Windows\System\UFWhmKb.exe
  2⤵
  PID:5656
- C:\Windows\System\LqrDJFa.exe
  C:\Windows\System\LqrDJFa.exe
  2⤵
  PID:5792
- C:\Windows\System\sCWUtZf.exe
  C:\Windows\System\sCWUtZf.exe
  2⤵
  PID:4276
- C:\Windows\System\iwsHaba.exe
  C:\Windows\System\iwsHaba.exe
  2⤵
  PID:5876
- C:\Windows\System\XGcKsZi.exe
  C:\Windows\System\XGcKsZi.exe
  2⤵
  PID:6052
- C:\Windows\System\tifuBym.exe
  C:\Windows\System\tifuBym.exe
  2⤵
  PID:4220
- C:\Windows\System\YSpdaJP.exe
  C:\Windows\System\YSpdaJP.exe
  2⤵
  PID:5328
- C:\Windows\System\rOwPMSU.exe
  C:\Windows\System\rOwPMSU.exe
  2⤵
  PID:4132
- C:\Windows\System\WJXRzfp.exe
  C:\Windows\System\WJXRzfp.exe
  2⤵
  PID:6152
- C:\Windows\System\aYLaZwa.exe
  C:\Windows\System\aYLaZwa.exe
  2⤵
  PID:6176
- C:\Windows\System\kvscTMg.exe
  C:\Windows\System\kvscTMg.exe
  2⤵
  PID:6196
- C:\Windows\System\uNPaPiE.exe
  C:\Windows\System\uNPaPiE.exe
  2⤵
  PID:6216
- C:\Windows\System\AOYgaiV.exe
  C:\Windows\System\AOYgaiV.exe
  2⤵
  PID:6232
- C:\Windows\System\MtifTWk.exe
  C:\Windows\System\MtifTWk.exe
  2⤵
  PID:6256
- C:\Windows\System\rnJSZrJ.exe
  C:\Windows\System\rnJSZrJ.exe
  2⤵
  PID:6276
- C:\Windows\System\ijiMWSq.exe
  C:\Windows\System\ijiMWSq.exe
  2⤵
  PID:6296
- C:\Windows\System\AxQHyIC.exe
  C:\Windows\System\AxQHyIC.exe
  2⤵
  PID:6316
- C:\Windows\System\JsmITCt.exe
  C:\Windows\System\JsmITCt.exe
  2⤵
  PID:6336
- C:\Windows\System\ALKjisN.exe
  C:\Windows\System\ALKjisN.exe
  2⤵
  PID:6352
- C:\Windows\System\zwfGeyo.exe
  C:\Windows\System\zwfGeyo.exe
  2⤵
  PID:6376
- C:\Windows\System\zSLWZXw.exe
  C:\Windows\System\zSLWZXw.exe
  2⤵
  PID:6396
- C:\Windows\System\XBXhxVA.exe
  C:\Windows\System\XBXhxVA.exe
  2⤵
  PID:6416
- C:\Windows\System\yCdEoKc.exe
  C:\Windows\System\yCdEoKc.exe
  2⤵
  PID:6436
- C:\Windows\System\gdrvVYC.exe
  C:\Windows\System\gdrvVYC.exe
  2⤵
  PID:6456
- C:\Windows\System\OhVuqfG.exe
  C:\Windows\System\OhVuqfG.exe
  2⤵
  PID:6476
- C:\Windows\System\VgbBPFA.exe
  C:\Windows\System\VgbBPFA.exe
  2⤵
  PID:6496
- C:\Windows\System\aqjsThV.exe
  C:\Windows\System\aqjsThV.exe
  2⤵
  PID:6516
- C:\Windows\System\JvTpYKw.exe
  C:\Windows\System\JvTpYKw.exe
  2⤵
  PID:6536
- C:\Windows\System\ByYPbkV.exe
  C:\Windows\System\ByYPbkV.exe
  2⤵
  PID:6552
- C:\Windows\System\XlvgaPv.exe
  C:\Windows\System\XlvgaPv.exe
  2⤵
  PID:6576
- C:\Windows\System\SZTEEsi.exe
  C:\Windows\System\SZTEEsi.exe
  2⤵
  PID:6596
- C:\Windows\System\DjDJEpm.exe
  C:\Windows\System\DjDJEpm.exe
  2⤵
  PID:6616
- C:\Windows\System\QSCFRFR.exe
  C:\Windows\System\QSCFRFR.exe
  2⤵
  PID:6636
- C:\Windows\System\RbYdwHF.exe
  C:\Windows\System\RbYdwHF.exe
  2⤵
  PID:6656
- C:\Windows\System\NjuPXbQ.exe
  C:\Windows\System\NjuPXbQ.exe
  2⤵
  PID:6676
- C:\Windows\System\wQaQPot.exe
  C:\Windows\System\wQaQPot.exe
  2⤵
  PID:6696
- C:\Windows\System\durFJhP.exe
  C:\Windows\System\durFJhP.exe
  2⤵
  PID:6716
- C:\Windows\System\aKvxZix.exe
  C:\Windows\System\aKvxZix.exe
  2⤵
  PID:6736
- C:\Windows\System\ysICapm.exe
  C:\Windows\System\ysICapm.exe
  2⤵
  PID:6756
- C:\Windows\System\UBUomxo.exe
  C:\Windows\System\UBUomxo.exe
  2⤵
  PID:6776
- C:\Windows\System\amvBaoZ.exe
  C:\Windows\System\amvBaoZ.exe
  2⤵
  PID:6792
- C:\Windows\System\VFVsaZG.exe
  C:\Windows\System\VFVsaZG.exe
  2⤵
  PID:6816
- C:\Windows\System\HuwogDH.exe
  C:\Windows\System\HuwogDH.exe
  2⤵
  PID:6836
- C:\Windows\System\NhlFixr.exe
  C:\Windows\System\NhlFixr.exe
  2⤵
  PID:6856
- C:\Windows\System\CXwBxjO.exe
  C:\Windows\System\CXwBxjO.exe
  2⤵
  PID:6876
- C:\Windows\System\hSdvThn.exe
  C:\Windows\System\hSdvThn.exe
  2⤵
  PID:6896
- C:\Windows\System\ckBKxdE.exe
  C:\Windows\System\ckBKxdE.exe
  2⤵
  PID:6916
- C:\Windows\System\tjDZpmX.exe
  C:\Windows\System\tjDZpmX.exe
  2⤵
  PID:6936
- C:\Windows\System\TMsjcyo.exe
  C:\Windows\System\TMsjcyo.exe
  2⤵
  PID:6956
- C:\Windows\System\XHaOqaT.exe
  C:\Windows\System\XHaOqaT.exe
  2⤵
  PID:6976
- C:\Windows\System\svmYZdD.exe
  C:\Windows\System\svmYZdD.exe
  2⤵
  PID:6996
- C:\Windows\System\lIOdNTl.exe
  C:\Windows\System\lIOdNTl.exe
  2⤵
  PID:7016
- C:\Windows\System\LsJrepK.exe
  C:\Windows\System\LsJrepK.exe
  2⤵
  PID:7036
- C:\Windows\System\WlmaQxa.exe
  C:\Windows\System\WlmaQxa.exe
  2⤵
  PID:7056
- C:\Windows\System\XMnszid.exe
  C:\Windows\System\XMnszid.exe
  2⤵
  PID:7072
- C:\Windows\System\GvnyVdt.exe
  C:\Windows\System\GvnyVdt.exe
  2⤵
  PID:7096
- C:\Windows\System\aELJJTT.exe
  C:\Windows\System\aELJJTT.exe
  2⤵
  PID:7112
- C:\Windows\System\MZVDyWT.exe
  C:\Windows\System\MZVDyWT.exe
  2⤵
  PID:7136
- C:\Windows\System\ILMjROQ.exe
  C:\Windows\System\ILMjROQ.exe
  2⤵
  PID:7156
- C:\Windows\System\gNgYNfK.exe
  C:\Windows\System\gNgYNfK.exe
  2⤵
  PID:5576
- C:\Windows\System\cbKblkH.exe
  C:\Windows\System\cbKblkH.exe
  2⤵
  PID:5476
- C:\Windows\System\bucOSTY.exe
  C:\Windows\System\bucOSTY.exe
  2⤵
  PID:6000
- C:\Windows\System\RbkcHcx.exe
  C:\Windows\System\RbkcHcx.exe
  2⤵
  PID:5836
- C:\Windows\System\NVPrmqo.exe
  C:\Windows\System\NVPrmqo.exe
  2⤵
  PID:4972
- C:\Windows\System\joNwwlp.exe
  C:\Windows\System\joNwwlp.exe
  2⤵
  PID:5388
- C:\Windows\System\UoMRFJy.exe
  C:\Windows\System\UoMRFJy.exe
  2⤵
  PID:6160
- C:\Windows\System\tARmXxb.exe
  C:\Windows\System\tARmXxb.exe
  2⤵
  PID:5432
- C:\Windows\System\OvDsgdw.exe
  C:\Windows\System\OvDsgdw.exe
  2⤵
  PID:6204
- C:\Windows\System\aVuSgUW.exe
  C:\Windows\System\aVuSgUW.exe
  2⤵
  PID:6240
- C:\Windows\System\HceZPQL.exe
  C:\Windows\System\HceZPQL.exe
  2⤵
  PID:6228
- C:\Windows\System\zsyPhie.exe
  C:\Windows\System\zsyPhie.exe
  2⤵
  PID:6292
- C:\Windows\System\ONsUube.exe
  C:\Windows\System\ONsUube.exe
  2⤵
  PID:6312
- C:\Windows\System\giBzKtW.exe
  C:\Windows\System\giBzKtW.exe
  2⤵
  PID:6372
- C:\Windows\System\BPUObwR.exe
  C:\Windows\System\BPUObwR.exe
  2⤵
  PID:6404
- C:\Windows\System\RnTUvbw.exe
  C:\Windows\System\RnTUvbw.exe
  2⤵
  PID:6444
- C:\Windows\System\cPQefMC.exe
  C:\Windows\System\cPQefMC.exe
  2⤵
  PID:6448
- C:\Windows\System\eyDvFvQ.exe
  C:\Windows\System\eyDvFvQ.exe
  2⤵
  PID:6468
- C:\Windows\System\ZFAYVjm.exe
  C:\Windows\System\ZFAYVjm.exe
  2⤵
  PID:6532
- C:\Windows\System\dcsPYjN.exe
  C:\Windows\System\dcsPYjN.exe
  2⤵
  PID:6560
- C:\Windows\System\wOQvBch.exe
  C:\Windows\System\wOQvBch.exe
  2⤵
  PID:6604
- C:\Windows\System\uPttRPt.exe
  C:\Windows\System\uPttRPt.exe
  2⤵
  PID:6592
- C:\Windows\System\XfZaeYN.exe
  C:\Windows\System\XfZaeYN.exe
  2⤵
  PID:6624
- C:\Windows\System\FqwCyKo.exe
  C:\Windows\System\FqwCyKo.exe
  2⤵
  PID:6684
- C:\Windows\System\vuPsirZ.exe
  C:\Windows\System\vuPsirZ.exe
  2⤵
  PID:6672
- C:\Windows\System\UHDPdUg.exe
  C:\Windows\System\UHDPdUg.exe
  2⤵
  PID:6728
- C:\Windows\System\DlHWTqc.exe
  C:\Windows\System\DlHWTqc.exe
  2⤵
  PID:6744
- C:\Windows\System\LTNUAjt.exe
  C:\Windows\System\LTNUAjt.exe
  2⤵
  PID:6812
- C:\Windows\System\OXDONIN.exe
  C:\Windows\System\OXDONIN.exe
  2⤵
  PID:6824
- C:\Windows\System\tRVxvcm.exe
  C:\Windows\System\tRVxvcm.exe
  2⤵
  PID:6828
- C:\Windows\System\yMiiKTU.exe
  C:\Windows\System\yMiiKTU.exe
  2⤵
  PID:6868
- C:\Windows\System\AUPxyuQ.exe
  C:\Windows\System\AUPxyuQ.exe
  2⤵
  PID:6912
- C:\Windows\System\BfsizWp.exe
  C:\Windows\System\BfsizWp.exe
  2⤵
  PID:6952
- C:\Windows\System\UYsuKFI.exe
  C:\Windows\System\UYsuKFI.exe
  2⤵
  PID:6992
- C:\Windows\System\JsfncPu.exe
  C:\Windows\System\JsfncPu.exe
  2⤵
  PID:7024
- C:\Windows\System\QNCJhok.exe
  C:\Windows\System\QNCJhok.exe
  2⤵
  PID:7084
- C:\Windows\System\PQkWcJO.exe
  C:\Windows\System\PQkWcJO.exe
  2⤵
  PID:7064
- C:\Windows\System\pCzrBeG.exe
  C:\Windows\System\pCzrBeG.exe
  2⤵
  PID:5460
- C:\Windows\System\LpGBwjT.exe
  C:\Windows\System\LpGBwjT.exe
  2⤵
  PID:7148
- C:\Windows\System\zNGcnIb.exe
  C:\Windows\System\zNGcnIb.exe
  2⤵
  PID:5968
- C:\Windows\System\GSteRSf.exe
  C:\Windows\System\GSteRSf.exe
  2⤵
  PID:5132
- C:\Windows\System\PzzJcme.exe
  C:\Windows\System\PzzJcme.exe
  2⤵
  PID:6076
- C:\Windows\System\cqCqMxD.exe
  C:\Windows\System\cqCqMxD.exe
  2⤵
  PID:5996
- C:\Windows\System\NqGFxbb.exe
  C:\Windows\System\NqGFxbb.exe
  2⤵
  PID:6324
- C:\Windows\System\XgFvtaD.exe
  C:\Windows\System\XgFvtaD.exe
  2⤵
  PID:6488
- C:\Windows\System\gqlIteX.exe
  C:\Windows\System\gqlIteX.exe
  2⤵
  PID:6644
- C:\Windows\System\OdtcHpc.exe
  C:\Windows\System\OdtcHpc.exe
  2⤵
  PID:6184
- C:\Windows\System\wxjdQpv.exe
  C:\Windows\System\wxjdQpv.exe
  2⤵
  PID:6784
- C:\Windows\System\LckgMVJ.exe
  C:\Windows\System\LckgMVJ.exe
  2⤵
  PID:6308
- C:\Windows\System\AnbWtwb.exe
  C:\Windows\System\AnbWtwb.exe
  2⤵
  PID:6892
- C:\Windows\System\PCsbvjc.exe
  C:\Windows\System\PCsbvjc.exe
  2⤵
  PID:2616
- C:\Windows\System\sSujEUw.exe
  C:\Windows\System\sSujEUw.exe
  2⤵
  PID:6888
- C:\Windows\System\SFcUral.exe
  C:\Windows\System\SFcUral.exe
  2⤵
  PID:6528
- C:\Windows\System\pzjgUPV.exe
  C:\Windows\System\pzjgUPV.exe
  2⤵
  PID:7044
- C:\Windows\System\RyaaOoZ.exe
  C:\Windows\System\RyaaOoZ.exe
  2⤵
  PID:7132
- C:\Windows\System\qnmpnpU.exe
  C:\Windows\System\qnmpnpU.exe
  2⤵
  PID:6732
- C:\Windows\System\FwdZxgP.exe
  C:\Windows\System\FwdZxgP.exe
  2⤵
  PID:6904
- C:\Windows\System\jfzgxZa.exe
  C:\Windows\System\jfzgxZa.exe
  2⤵
  PID:5956
- C:\Windows\System\RcacCjL.exe
  C:\Windows\System\RcacCjL.exe
  2⤵
  PID:6848
- C:\Windows\System\YRMGkQg.exe
  C:\Windows\System\YRMGkQg.exe
  2⤵
  PID:7104
- C:\Windows\System\oRszxia.exe
  C:\Windows\System\oRszxia.exe
  2⤵
  PID:6424
- C:\Windows\System\kLSCbYf.exe
  C:\Windows\System\kLSCbYf.exe
  2⤵
  PID:6224
- C:\Windows\System\znTEHoa.exe
  C:\Windows\System\znTEHoa.exe
  2⤵
  PID:6272
- C:\Windows\System\SxwCjPQ.exe
  C:\Windows\System\SxwCjPQ.exe
  2⤵
  PID:6568
- C:\Windows\System\qimsBhm.exe
  C:\Windows\System\qimsBhm.exe
  2⤵
  PID:2784
- C:\Windows\System\HwKcpjH.exe
  C:\Windows\System\HwKcpjH.exe
  2⤵
  PID:6508
- C:\Windows\System\qKxZaZx.exe
  C:\Windows\System\qKxZaZx.exe
  2⤵
  PID:6428
- C:\Windows\System\tZBVIfQ.exe
  C:\Windows\System\tZBVIfQ.exe
  2⤵
  PID:6484
- C:\Windows\System\ncawVRf.exe
  C:\Windows\System\ncawVRf.exe
  2⤵
  PID:6928
- C:\Windows\System\pIISCzt.exe
  C:\Windows\System\pIISCzt.exe
  2⤵
  PID:6584
- C:\Windows\System\ROHvqDa.exe
  C:\Windows\System\ROHvqDa.exe
  2⤵
  PID:6688
- C:\Windows\System\MLyalkY.exe
  C:\Windows\System\MLyalkY.exe
  2⤵
  PID:6944
- C:\Windows\System\YYhXtbH.exe
  C:\Windows\System\YYhXtbH.exe
  2⤵
  PID:6648
- C:\Windows\System\OMlXOks.exe
  C:\Windows\System\OMlXOks.exe
  2⤵
  PID:4396
- C:\Windows\System\tvZzmnp.exe
  C:\Windows\System\tvZzmnp.exe
  2⤵
  PID:2480
- C:\Windows\System\ZiQNytN.exe
  C:\Windows\System\ZiQNytN.exe
  2⤵
  PID:6464
- C:\Windows\System\wLidqKb.exe
  C:\Windows\System\wLidqKb.exe
  2⤵
  PID:6748
- C:\Windows\System\JuDfsrA.exe
  C:\Windows\System\JuDfsrA.exe
  2⤵
  PID:2676
- C:\Windows\System\MFiKHKT.exe
  C:\Windows\System\MFiKHKT.exe
  2⤵
  PID:1244
- C:\Windows\System\dQauXRh.exe
  C:\Windows\System\dQauXRh.exe
  2⤵
  PID:6548
- C:\Windows\System\vjcUcFW.exe
  C:\Windows\System\vjcUcFW.exe
  2⤵
  PID:6768
- C:\Windows\System\waOeyUz.exe
  C:\Windows\System\waOeyUz.exe
  2⤵
  PID:2416
- C:\Windows\System\caxHfXe.exe
  C:\Windows\System\caxHfXe.exe
  2⤵
  PID:7152
- C:\Windows\System\nvEBZkM.exe
  C:\Windows\System\nvEBZkM.exe
  2⤵
  PID:1712
- C:\Windows\System\PJYfyIP.exe
  C:\Windows\System\PJYfyIP.exe
  2⤵
  PID:1404
- C:\Windows\System\RGNlvdF.exe
  C:\Windows\System\RGNlvdF.exe
  2⤵
  PID:2944
- C:\Windows\System\ySRAnfh.exe
  C:\Windows\System\ySRAnfh.exe
  2⤵
  PID:3056
- C:\Windows\System\gyJLqjX.exe
  C:\Windows\System\gyJLqjX.exe
  2⤵
  PID:7176
- C:\Windows\System\yNGinrv.exe
  C:\Windows\System\yNGinrv.exe
  2⤵
  PID:7192
- C:\Windows\System\yTZZsHv.exe
  C:\Windows\System\yTZZsHv.exe
  2⤵
  PID:7208
- C:\Windows\System\MGfhtrG.exe
  C:\Windows\System\MGfhtrG.exe
  2⤵
  PID:7224
- C:\Windows\System\NnHYDJa.exe
  C:\Windows\System\NnHYDJa.exe
  2⤵
  PID:7240
- C:\Windows\System\UYzOGiw.exe
  C:\Windows\System\UYzOGiw.exe
  2⤵
  PID:7300
- C:\Windows\System\zXrfNJX.exe
  C:\Windows\System\zXrfNJX.exe
  2⤵
  PID:7316
- C:\Windows\System\ngKfGoS.exe
  C:\Windows\System\ngKfGoS.exe
  2⤵
  PID:7332
- C:\Windows\System\RsCGlbE.exe
  C:\Windows\System\RsCGlbE.exe
  2⤵
  PID:7348
- C:\Windows\System\MNzZBFo.exe
  C:\Windows\System\MNzZBFo.exe
  2⤵
  PID:7364
- C:\Windows\System\qttpqJO.exe
  C:\Windows\System\qttpqJO.exe
  2⤵
  PID:7380
- C:\Windows\System\aMuxeEC.exe
  C:\Windows\System\aMuxeEC.exe
  2⤵
  PID:7396
- C:\Windows\System\KpiytmG.exe
  C:\Windows\System\KpiytmG.exe
  2⤵
  PID:7412
- C:\Windows\System\sdmDhHR.exe
  C:\Windows\System\sdmDhHR.exe
  2⤵
  PID:7428
- C:\Windows\System\EjbcZKR.exe
  C:\Windows\System\EjbcZKR.exe
  2⤵
  PID:7444
- C:\Windows\System\gTFtXCo.exe
  C:\Windows\System\gTFtXCo.exe
  2⤵
  PID:7460
- C:\Windows\System\EdRoLtn.exe
  C:\Windows\System\EdRoLtn.exe
  2⤵
  PID:7476
- C:\Windows\System\XmDHOgm.exe
  C:\Windows\System\XmDHOgm.exe
  2⤵
  PID:7492
- C:\Windows\System\MMFmlJI.exe
  C:\Windows\System\MMFmlJI.exe
  2⤵
  PID:7508
- C:\Windows\System\QxUVrHp.exe
  C:\Windows\System\QxUVrHp.exe
  2⤵
  PID:7524
- C:\Windows\System\MQdWryv.exe
  C:\Windows\System\MQdWryv.exe
  2⤵
  PID:7540
- C:\Windows\System\WeXDeeS.exe
  C:\Windows\System\WeXDeeS.exe
  2⤵
  PID:7556
- C:\Windows\System\okaGDQd.exe
  C:\Windows\System\okaGDQd.exe
  2⤵
  PID:7688
- C:\Windows\System\GJxYDSG.exe
  C:\Windows\System\GJxYDSG.exe
  2⤵
  PID:7704
- C:\Windows\System\XxEdYTJ.exe
  C:\Windows\System\XxEdYTJ.exe
  2⤵
  PID:7720
- C:\Windows\System\otFGqsn.exe
  C:\Windows\System\otFGqsn.exe
  2⤵
  PID:7736
- C:\Windows\System\tTXEwrn.exe
  C:\Windows\System\tTXEwrn.exe
  2⤵
  PID:7752
- C:\Windows\System\jwriXaK.exe
  C:\Windows\System\jwriXaK.exe
  2⤵
  PID:7768
- C:\Windows\System\MwZWQMf.exe
  C:\Windows\System\MwZWQMf.exe
  2⤵
  PID:7784
- C:\Windows\System\CdHUnJn.exe
  C:\Windows\System\CdHUnJn.exe
  2⤵
  PID:7800
- C:\Windows\System\NgVEdHM.exe
  C:\Windows\System\NgVEdHM.exe
  2⤵
  PID:7820
- C:\Windows\System\kQCnhoJ.exe
  C:\Windows\System\kQCnhoJ.exe
  2⤵
  PID:7836
- C:\Windows\System\mwFqNIS.exe
  C:\Windows\System\mwFqNIS.exe
  2⤵
  PID:7852
- C:\Windows\System\SmUTKNq.exe
  C:\Windows\System\SmUTKNq.exe
  2⤵
  PID:7868
- C:\Windows\System\yFrqSzh.exe
  C:\Windows\System\yFrqSzh.exe
  2⤵
  PID:7888
- C:\Windows\System\JgJhEDN.exe
  C:\Windows\System\JgJhEDN.exe
  2⤵
  PID:7904
- C:\Windows\System\qpSlkLK.exe
  C:\Windows\System\qpSlkLK.exe
  2⤵
  PID:7928
- C:\Windows\System\aGhlQtv.exe
  C:\Windows\System\aGhlQtv.exe
  2⤵
  PID:7944
- C:\Windows\System\NQMRwoV.exe
  C:\Windows\System\NQMRwoV.exe
  2⤵
  PID:7960
- C:\Windows\System\atpFvTI.exe
  C:\Windows\System\atpFvTI.exe
  2⤵
  PID:7976
- C:\Windows\System\pkiYiMh.exe
  C:\Windows\System\pkiYiMh.exe
  2⤵
  PID:7992
- C:\Windows\System\igXrOGv.exe
  C:\Windows\System\igXrOGv.exe
  2⤵
  PID:8008
- C:\Windows\System\iFDWjvf.exe
  C:\Windows\System\iFDWjvf.exe
  2⤵
  PID:8024
- C:\Windows\System\gjZCGjo.exe
  C:\Windows\System\gjZCGjo.exe
  2⤵
  PID:8040
- C:\Windows\System\BOAPiLJ.exe
  C:\Windows\System\BOAPiLJ.exe
  2⤵
  PID:8056
- C:\Windows\System\WfupRCm.exe
  C:\Windows\System\WfupRCm.exe
  2⤵
  PID:8072
- C:\Windows\System\NStytGC.exe
  C:\Windows\System\NStytGC.exe
  2⤵
  PID:8088
- C:\Windows\System\DnjauWM.exe
  C:\Windows\System\DnjauWM.exe
  2⤵
  PID:8104
- C:\Windows\System\KQTBTjr.exe
  C:\Windows\System\KQTBTjr.exe
  2⤵
  PID:8120
- C:\Windows\System\YvuSTlH.exe
  C:\Windows\System\YvuSTlH.exe
  2⤵
  PID:8136
- C:\Windows\System\evlUpCS.exe
  C:\Windows\System\evlUpCS.exe
  2⤵
  PID:8152
- C:\Windows\System\AUHApgY.exe
  C:\Windows\System\AUHApgY.exe
  2⤵
  PID:8168
- C:\Windows\System\cTUcJCL.exe
  C:\Windows\System\cTUcJCL.exe
  2⤵
  PID:8184
- C:\Windows\System\XtdXUaL.exe
  C:\Windows\System\XtdXUaL.exe
  2⤵
  PID:1688
- C:\Windows\System\ESwKPkb.exe
  C:\Windows\System\ESwKPkb.exe
  2⤵
  PID:1720
- C:\Windows\System\ebWDyeU.exe
  C:\Windows\System\ebWDyeU.exe
  2⤵
  PID:2812
- C:\Windows\System\nMjsbTP.exe
  C:\Windows\System\nMjsbTP.exe
  2⤵
  PID:2884
- C:\Windows\System\tRLmwiT.exe
  C:\Windows\System\tRLmwiT.exe
  2⤵
  PID:6388
- C:\Windows\System\lSDbdAg.exe
  C:\Windows\System\lSDbdAg.exe
  2⤵
  PID:7188
- C:\Windows\System\KxFphnC.exe
  C:\Windows\System\KxFphnC.exe
  2⤵
  PID:2976
- C:\Windows\System\ljNglfD.exe
  C:\Windows\System\ljNglfD.exe
  2⤵
  PID:6572
- C:\Windows\System\hEdYRpt.exe
  C:\Windows\System\hEdYRpt.exe
  2⤵
  PID:7200
- C:\Windows\System\ugNERrW.exe
  C:\Windows\System\ugNERrW.exe
  2⤵
  PID:2352
- C:\Windows\System\cUOzqkj.exe
  C:\Windows\System\cUOzqkj.exe
  2⤵
  PID:496
- C:\Windows\System\BJGvrQU.exe
  C:\Windows\System\BJGvrQU.exe
  2⤵
  PID:7308
- C:\Windows\System\KytSPIn.exe
  C:\Windows\System\KytSPIn.exe
  2⤵
  PID:7372
- C:\Windows\System\EULLcLq.exe
  C:\Windows\System\EULLcLq.exe
  2⤵
  PID:7284
- C:\Windows\System\gdOjfUc.exe
  C:\Windows\System\gdOjfUc.exe
  2⤵
  PID:7328
- C:\Windows\System\LfylXZd.exe
  C:\Windows\System\LfylXZd.exe
  2⤵
  PID:7392
- C:\Windows\System\ahOuWqi.exe
  C:\Windows\System\ahOuWqi.exe
  2⤵
  PID:7456
- C:\Windows\System\aKVYWeq.exe
  C:\Windows\System\aKVYWeq.exe
  2⤵
  PID:7500
- C:\Windows\System\gcwNxSo.exe
  C:\Windows\System\gcwNxSo.exe
  2⤵
  PID:7548
- C:\Windows\System\bGsFMEW.exe
  C:\Windows\System\bGsFMEW.exe
  2⤵
  PID:2744
- C:\Windows\System\CoCnDIr.exe
  C:\Windows\System\CoCnDIr.exe
  2⤵
  PID:7576
- C:\Windows\System\JZyqVNn.exe
  C:\Windows\System\JZyqVNn.exe
  2⤵
  PID:7664
- C:\Windows\System\RyUSYsX.exe
  C:\Windows\System\RyUSYsX.exe
  2⤵
  PID:7616
- C:\Windows\System\MIfAbeU.exe
  C:\Windows\System\MIfAbeU.exe
  2⤵
  PID:7612
- C:\Windows\System\oGdwtqf.exe
  C:\Windows\System\oGdwtqf.exe
  2⤵
  PID:7604
- C:\Windows\System\NuqMqqM.exe
  C:\Windows\System\NuqMqqM.exe
  2⤵
  PID:7672
- C:\Windows\System\aMRWsCg.exe
  C:\Windows\System\aMRWsCg.exe
  2⤵
  PID:2956
- C:\Windows\System\ePoWXus.exe
  C:\Windows\System\ePoWXus.exe
  2⤵
  PID:7684
- C:\Windows\System\enkvwxD.exe
  C:\Windows\System\enkvwxD.exe
  2⤵
  PID:2972
- C:\Windows\System\GcUMQil.exe
  C:\Windows\System\GcUMQil.exe
  2⤵
  PID:7732
- C:\Windows\System\zEyTGQV.exe
  C:\Windows\System\zEyTGQV.exe
  2⤵
  PID:2448
- C:\Windows\System\mplzvcD.exe
  C:\Windows\System\mplzvcD.exe
  2⤵
  PID:7828
- C:\Windows\System\VIbfZWb.exe
  C:\Windows\System\VIbfZWb.exe
  2⤵
  PID:7900
- C:\Windows\System\ukrCiBZ.exe
  C:\Windows\System\ukrCiBZ.exe
  2⤵
  PID:7808
- C:\Windows\System\PBLVwMv.exe
  C:\Windows\System\PBLVwMv.exe
  2⤵
  PID:7952
- C:\Windows\System\McxLAwU.exe
  C:\Windows\System\McxLAwU.exe
  2⤵
  PID:7984
- C:\Windows\System\egWrVTL.exe
  C:\Windows\System\egWrVTL.exe
  2⤵
  PID:8032
- C:\Windows\System\PzEOcTW.exe
  C:\Windows\System\PzEOcTW.exe
  2⤵
  PID:8064
- C:\Windows\System\NMBjHzF.exe
  C:\Windows\System\NMBjHzF.exe
  2⤵
  PID:8080
- C:\Windows\System\chwxzis.exe
  C:\Windows\System\chwxzis.exe
  2⤵
  PID:8100
- C:\Windows\System\rWCxpIg.exe
  C:\Windows\System\rWCxpIg.exe
  2⤵
  PID:3004
- C:\Windows\System\AiKKNrT.exe
  C:\Windows\System\AiKKNrT.exe
  2⤵
  PID:2852
- C:\Windows\System\PvQEpKd.exe
  C:\Windows\System\PvQEpKd.exe
  2⤵
  PID:2628
- C:\Windows\System\YXvhvHJ.exe
  C:\Windows\System\YXvhvHJ.exe
  2⤵
  PID:2792
- C:\Windows\System\aShhnZm.exe
  C:\Windows\System\aShhnZm.exe
  2⤵
  PID:8176
- C:\Windows\System\SbIRieD.exe
  C:\Windows\System\SbIRieD.exe
  2⤵
  PID:2820
- C:\Windows\System\gKEJGQU.exe
  C:\Windows\System\gKEJGQU.exe
  2⤵
  PID:2816
- C:\Windows\System\wNmotQL.exe
  C:\Windows\System\wNmotQL.exe
  2⤵
  PID:7436
- C:\Windows\System\IaIUFJe.exe
  C:\Windows\System\IaIUFJe.exe
  2⤵
  PID:7404
- C:\Windows\System\bKlbOpU.exe
  C:\Windows\System\bKlbOpU.exe
  2⤵
  PID:7324
- C:\Windows\System\ZyCbJUK.exe
  C:\Windows\System\ZyCbJUK.exe
  2⤵
  PID:7796
- C:\Windows\System\LEcMdUv.exe
  C:\Windows\System\LEcMdUv.exe
  2⤵
  PID:8112
- C:\Windows\System\gIoYKbc.exe
  C:\Windows\System\gIoYKbc.exe
  2⤵
  PID:8084
- C:\Windows\System\llWkrwK.exe
  C:\Windows\System\llWkrwK.exe
  2⤵
  PID:7248
- C:\Windows\System\wWtKDhr.exe
  C:\Windows\System\wWtKDhr.exe
  2⤵
  PID:7184
- C:\Windows\System\lwgtYiu.exe
  C:\Windows\System\lwgtYiu.exe
  2⤵
  PID:7232
- C:\Windows\System\EdIHIgc.exe
  C:\Windows\System\EdIHIgc.exe
  2⤵
  PID:7280
- C:\Windows\System\riSJLjf.exe
  C:\Windows\System\riSJLjf.exe
  2⤵
  PID:7468
- C:\Windows\System\VREmMvC.exe
  C:\Windows\System\VREmMvC.exe
  2⤵
  PID:7452
- C:\Windows\System\uurDRaG.exe
  C:\Windows\System\uurDRaG.exe
  2⤵
  PID:7608
- C:\Windows\System\mzHPBGQ.exe
  C:\Windows\System\mzHPBGQ.exe
  2⤵
  PID:7748
- C:\Windows\System\FpSCvun.exe
  C:\Windows\System\FpSCvun.exe
  2⤵
  PID:7792
- C:\Windows\System\tGEfMmF.exe
  C:\Windows\System\tGEfMmF.exe
  2⤵
  PID:7628
- C:\Windows\System\XkFresc.exe
  C:\Windows\System\XkFresc.exe
  2⤵
  PID:7780
- C:\Windows\System\uaRmAMC.exe
  C:\Windows\System\uaRmAMC.exe
  2⤵
  PID:7924
- C:\Windows\System\VBkEWmD.exe
  C:\Windows\System\VBkEWmD.exe
  2⤵
  PID:7712
- C:\Windows\System\WwGgmEF.exe
  C:\Windows\System\WwGgmEF.exe
  2⤵
  PID:7700
- C:\Windows\System\TpkDDAe.exe
  C:\Windows\System\TpkDDAe.exe
  2⤵
  PID:7968
- C:\Windows\System\QtVOdrR.exe
  C:\Windows\System\QtVOdrR.exe
  2⤵
  PID:8004
- C:\Windows\System\sVofrdo.exe
  C:\Windows\System\sVofrdo.exe
  2⤵
  PID:7504
- C:\Windows\System\FRxmoHc.exe
  C:\Windows\System\FRxmoHc.exe
  2⤵
  PID:7592
- C:\Windows\System\LafXmAA.exe
  C:\Windows\System\LafXmAA.exe
  2⤵
  PID:8148
- C:\Windows\System\omepafp.exe
  C:\Windows\System\omepafp.exe
  2⤵
  PID:7848
- C:\Windows\System\iXnCARA.exe
  C:\Windows\System\iXnCARA.exe
  2⤵
  PID:7652
- C:\Windows\System\DHwPceI.exe
  C:\Windows\System\DHwPceI.exe
  2⤵
  PID:7764
- C:\Windows\System\ItClrlh.exe
  C:\Windows\System\ItClrlh.exe
  2⤵
  PID:7876
- C:\Windows\System\FwmUQwz.exe
  C:\Windows\System\FwmUQwz.exe
  2⤵
  PID:7596
- C:\Windows\System\ioGqPJn.exe
  C:\Windows\System\ioGqPJn.exe
  2⤵
  PID:7728
- C:\Windows\System\OKQExIA.exe
  C:\Windows\System\OKQExIA.exe
  2⤵
  PID:7388
- C:\Windows\System\tnCTirY.exe
  C:\Windows\System\tnCTirY.exe
  2⤵
  PID:7884
- C:\Windows\System\QdlHsDD.exe
  C:\Windows\System\QdlHsDD.exe
  2⤵
  PID:1704
- C:\Windows\System\QLyHceJ.exe
  C:\Windows\System\QLyHceJ.exe
  2⤵
  PID:7680
- C:\Windows\System\NfbkCKp.exe
  C:\Windows\System\NfbkCKp.exe
  2⤵
  PID:7288
- C:\Windows\System\EGGCrws.exe
  C:\Windows\System\EGGCrws.exe
  2⤵
  PID:2288
- C:\Windows\System\dxMsqvz.exe
  C:\Windows\System\dxMsqvz.exe
  2⤵
  PID:7696
- C:\Windows\System\ZWNeOEb.exe
  C:\Windows\System\ZWNeOEb.exe
  2⤵
  PID:8128
- C:\Windows\System\hilWafJ.exe
  C:\Windows\System\hilWafJ.exe
  2⤵
  PID:7472
- C:\Windows\System\eHyOjvA.exe
  C:\Windows\System\eHyOjvA.exe
  2⤵
  PID:7632
- C:\Windows\System\BWxezQk.exe
  C:\Windows\System\BWxezQk.exe
  2⤵
  PID:8048
- C:\Windows\System\QiVieaY.exe
  C:\Windows\System\QiVieaY.exe
  2⤵
  PID:3044
- C:\Windows\System\IdDUTIb.exe
  C:\Windows\System\IdDUTIb.exe
  2⤵
  PID:8132
- C:\Windows\System\TypDIbK.exe
  C:\Windows\System\TypDIbK.exe
  2⤵
  PID:7864
- C:\Windows\System\wCMtmGh.exe
  C:\Windows\System\wCMtmGh.exe
  2⤵
  PID:7516
- C:\Windows\System\YIrSFse.exe
  C:\Windows\System\YIrSFse.exe
  2⤵
  PID:2912
- C:\Windows\System\vBGDdhi.exe
  C:\Windows\System\vBGDdhi.exe
  2⤵
  PID:8208
- C:\Windows\System\NRKNNTJ.exe
  C:\Windows\System\NRKNNTJ.exe
  2⤵
  PID:8228
- C:\Windows\System\oBPYSZY.exe
  C:\Windows\System\oBPYSZY.exe
  2⤵
  PID:8244
- C:\Windows\System\KZelNaa.exe
  C:\Windows\System\KZelNaa.exe
  2⤵
  PID:8264
- C:\Windows\System\xYKTHkm.exe
  C:\Windows\System\xYKTHkm.exe
  2⤵
  PID:8280
- C:\Windows\System\rHKYsGo.exe
  C:\Windows\System\rHKYsGo.exe
  2⤵
  PID:8296
- C:\Windows\System\HYyusKP.exe
  C:\Windows\System\HYyusKP.exe
  2⤵
  PID:8316
- C:\Windows\System\CWWtjdg.exe
  C:\Windows\System\CWWtjdg.exe
  2⤵
  PID:8368
- C:\Windows\System\xBqzbJy.exe
  C:\Windows\System\xBqzbJy.exe
  2⤵
  PID:8388
- C:\Windows\System\gapIjJu.exe
  C:\Windows\System\gapIjJu.exe
  2⤵
  PID:8404
- C:\Windows\System\AmuuRmQ.exe
  C:\Windows\System\AmuuRmQ.exe
  2⤵
  PID:8424
- C:\Windows\System\QyWvajc.exe
  C:\Windows\System\QyWvajc.exe
  2⤵
  PID:8444
- C:\Windows\System\esbOTto.exe
  C:\Windows\System\esbOTto.exe
  2⤵
  PID:8460
- C:\Windows\System\VUtTidV.exe
  C:\Windows\System\VUtTidV.exe
  2⤵
  PID:8476
- C:\Windows\System\IreNAVf.exe
  C:\Windows\System\IreNAVf.exe
  2⤵
  PID:8492
- C:\Windows\System\mFSQbaA.exe
  C:\Windows\System\mFSQbaA.exe
  2⤵
  PID:8508
- C:\Windows\System\ZuRzEMc.exe
  C:\Windows\System\ZuRzEMc.exe
  2⤵
  PID:8524
- C:\Windows\System\mFCYpmz.exe
  C:\Windows\System\mFCYpmz.exe
  2⤵
  PID:8540
- C:\Windows\System\WaEDTrJ.exe
  C:\Windows\System\WaEDTrJ.exe
  2⤵
  PID:8556
- C:\Windows\System\kOSzYYs.exe
  C:\Windows\System\kOSzYYs.exe
  2⤵
  PID:8572
- C:\Windows\System\YPziNPT.exe
  C:\Windows\System\YPziNPT.exe
  2⤵
  PID:8588
- C:\Windows\System\bCNDUMa.exe
  C:\Windows\System\bCNDUMa.exe
  2⤵
  PID:8604
- C:\Windows\System\AynYPgP.exe
  C:\Windows\System\AynYPgP.exe
  2⤵
  PID:8620
- C:\Windows\System\ExFjFoE.exe
  C:\Windows\System\ExFjFoE.exe
  2⤵
  PID:8636
- C:\Windows\System\GnXhbOU.exe
  C:\Windows\System\GnXhbOU.exe
  2⤵
  PID:8724
- C:\Windows\System\BsVsvBi.exe
  C:\Windows\System\BsVsvBi.exe
  2⤵
  PID:8740
- C:\Windows\System\LLHqVcI.exe
  C:\Windows\System\LLHqVcI.exe
  2⤵
  PID:8756
- C:\Windows\System\nDKrmdK.exe
  C:\Windows\System\nDKrmdK.exe
  2⤵
  PID:8784
- C:\Windows\System\XRCKMhn.exe
  C:\Windows\System\XRCKMhn.exe
  2⤵
  PID:8800
- C:\Windows\System\XHGfLob.exe
  C:\Windows\System\XHGfLob.exe
  2⤵
  PID:8816
- C:\Windows\System\XsXKjfW.exe
  C:\Windows\System\XsXKjfW.exe
  2⤵
  PID:8832
- C:\Windows\System\NOYEQPz.exe
  C:\Windows\System\NOYEQPz.exe
  2⤵
  PID:8848
- C:\Windows\System\RiBBLLS.exe
  C:\Windows\System\RiBBLLS.exe
  2⤵
  PID:8864
- C:\Windows\System\aFevRoo.exe
  C:\Windows\System\aFevRoo.exe
  2⤵
  PID:8880
- C:\Windows\System\FbydHvp.exe
  C:\Windows\System\FbydHvp.exe
  2⤵
  PID:8900
- C:\Windows\System\ARXsVmQ.exe
  C:\Windows\System\ARXsVmQ.exe
  2⤵
  PID:8916
- C:\Windows\System\llXeEPo.exe
  C:\Windows\System\llXeEPo.exe
  2⤵
  PID:8932
- C:\Windows\System\OffCTZz.exe
  C:\Windows\System\OffCTZz.exe
  2⤵
  PID:8948
- C:\Windows\System\uKPQtkV.exe
  C:\Windows\System\uKPQtkV.exe
  2⤵
  PID:8964
- C:\Windows\System\igLgDrM.exe
  C:\Windows\System\igLgDrM.exe
  2⤵
  PID:9008
- C:\Windows\System\mPnuKaf.exe
  C:\Windows\System\mPnuKaf.exe
  2⤵
  PID:9044
- C:\Windows\System\JBGXCGN.exe
  C:\Windows\System\JBGXCGN.exe
  2⤵
  PID:9064
- C:\Windows\System\TsxeSMx.exe
  C:\Windows\System\TsxeSMx.exe
  2⤵
  PID:9080
- C:\Windows\System\HzdmjHT.exe
  C:\Windows\System\HzdmjHT.exe
  2⤵
  PID:9108
- C:\Windows\System\mwAzTeR.exe
  C:\Windows\System\mwAzTeR.exe
  2⤵
  PID:9124
- C:\Windows\System\OikaDlM.exe
  C:\Windows\System\OikaDlM.exe
  2⤵
  PID:9140
- C:\Windows\System\KMyhRrF.exe
  C:\Windows\System\KMyhRrF.exe
  2⤵
  PID:9156
- C:\Windows\System\ovPGbJo.exe
  C:\Windows\System\ovPGbJo.exe
  2⤵
  PID:9172
- C:\Windows\System\iNdcLkt.exe
  C:\Windows\System\iNdcLkt.exe
  2⤵
  PID:9188
- C:\Windows\System\XznhzqG.exe
  C:\Windows\System\XznhzqG.exe
  2⤵
  PID:9204
- C:\Windows\System\yhlIkqT.exe
  C:\Windows\System\yhlIkqT.exe
  2⤵
  PID:7276
- C:\Windows\System\rytRuBO.exe
  C:\Windows\System\rytRuBO.exe
  2⤵
  PID:8272
- C:\Windows\System\amenxAp.exe
  C:\Windows\System\amenxAp.exe
  2⤵
  PID:7600
- C:\Windows\System\bfaWuAI.exe
  C:\Windows\System\bfaWuAI.exe
  2⤵
  PID:8204
- C:\Windows\System\qbtDZFB.exe
  C:\Windows\System\qbtDZFB.exe
  2⤵
  PID:8324
- C:\Windows\System\wlRkOYn.exe
  C:\Windows\System\wlRkOYn.exe
  2⤵
  PID:8376
- C:\Windows\System\MAJwVKI.exe
  C:\Windows\System\MAJwVKI.exe
  2⤵
  PID:8336
- C:\Windows\System\VylJmOT.exe
  C:\Windows\System\VylJmOT.exe
  2⤵
  PID:8400
- C:\Windows\System\WeSljWo.exe
  C:\Windows\System\WeSljWo.exe
  2⤵
  PID:8536
- C:\Windows\System\BcGnnBC.exe
  C:\Windows\System\BcGnnBC.exe
  2⤵
  PID:8616
- C:\Windows\System\SGmboHB.exe
  C:\Windows\System\SGmboHB.exe
  2⤵
  PID:8488
- C:\Windows\System\OrOzMTV.exe
  C:\Windows\System\OrOzMTV.exe
  2⤵
  PID:8548
- C:\Windows\System\nmniUDA.exe
  C:\Windows\System\nmniUDA.exe
  2⤵
  PID:8584
- C:\Windows\System\aoURsEF.exe
  C:\Windows\System\aoURsEF.exe
  2⤵
  PID:8660
- C:\Windows\System\iwWucGQ.exe
  C:\Windows\System\iwWucGQ.exe
  2⤵
  PID:8676
- C:\Windows\System\MytLukn.exe
  C:\Windows\System\MytLukn.exe
  2⤵
  PID:8432
- C:\Windows\System\LGpWets.exe
  C:\Windows\System\LGpWets.exe
  2⤵
  PID:8472
- C:\Windows\System\AsBmEPv.exe
  C:\Windows\System\AsBmEPv.exe
  2⤵
  PID:8500
- C:\Windows\System\KTytNet.exe
  C:\Windows\System\KTytNet.exe
  2⤵
  PID:8712
- C:\Windows\System\kpBQkud.exe
  C:\Windows\System\kpBQkud.exe
  2⤵
  PID:8748
- C:\Windows\System\mOwUKMx.exe
  C:\Windows\System\mOwUKMx.exe
  2⤵
  PID:8772
- C:\Windows\System\kJexXAZ.exe
  C:\Windows\System\kJexXAZ.exe
  2⤵
  PID:8796
- C:\Windows\System\gYdmomj.exe
  C:\Windows\System\gYdmomj.exe
  2⤵
  PID:8860
- C:\Windows\System\xfOASuK.exe
  C:\Windows\System\xfOASuK.exe
  2⤵
  PID:8808
- C:\Windows\System\RRcUcBT.exe
  C:\Windows\System\RRcUcBT.exe
  2⤵
  PID:8872
- C:\Windows\System\PzFzDKO.exe
  C:\Windows\System\PzFzDKO.exe
  2⤵
  PID:8924
- C:\Windows\System\JGrtAWe.exe
  C:\Windows\System\JGrtAWe.exe
  2⤵
  PID:8912
- C:\Windows\System\nOxHQvf.exe
  C:\Windows\System\nOxHQvf.exe
  2⤵
  PID:8984
- C:\Windows\System\EqCXBgx.exe
  C:\Windows\System\EqCXBgx.exe
  2⤵
  PID:8992
- C:\Windows\System\CnVAjBY.exe
  C:\Windows\System\CnVAjBY.exe
  2⤵
  PID:9024
- C:\Windows\System\UjqLiwZ.exe
  C:\Windows\System\UjqLiwZ.exe
  2⤵
  PID:9040
- C:\Windows\System\YQsFHOn.exe
  C:\Windows\System\YQsFHOn.exe
  2⤵
  PID:9004
- C:\Windows\System\oKhjcjW.exe
  C:\Windows\System\oKhjcjW.exe
  2⤵
  PID:8252
- C:\Windows\System\ifhruEV.exe
  C:\Windows\System\ifhruEV.exe
  2⤵
  PID:9136
- C:\Windows\System\PEpSnjK.exe
  C:\Windows\System\PEpSnjK.exe
  2⤵
  PID:9180
- C:\Windows\System\JahwUor.exe
  C:\Windows\System\JahwUor.exe
  2⤵
  PID:8160
- C:\Windows\System\DdSWUkg.exe
  C:\Windows\System\DdSWUkg.exe
  2⤵
  PID:7440
- C:\Windows\System\TFurZMo.exe
  C:\Windows\System\TFurZMo.exe
  2⤵
  PID:8328
- C:\Windows\System\atZSMTl.exe
  C:\Windows\System\atZSMTl.exe
  2⤵
  PID:8220
- C:\Windows\System\JFHfsPV.exe
  C:\Windows\System\JFHfsPV.exe
  2⤵
  PID:8344
- C:\Windows\System\WVWBIKw.exe
  C:\Windows\System\WVWBIKw.exe
  2⤵
  PID:8332
- C:\Windows\System\ZaRvNyi.exe
  C:\Windows\System\ZaRvNyi.exe
  2⤵
  PID:8412
- C:\Windows\System\BiZXque.exe
  C:\Windows\System\BiZXque.exe
  2⤵
  PID:8596
- C:\Windows\System\HoQWmOY.exe
  C:\Windows\System\HoQWmOY.exe
  2⤵
  PID:8580
- C:\Windows\System\RrBctry.exe
  C:\Windows\System\RrBctry.exe
  2⤵
  PID:8704
- C:\Windows\System\VMUPiiC.exe
  C:\Windows\System\VMUPiiC.exe
  2⤵
  PID:8828
- C:\Windows\System\aoQxjPF.exe
  C:\Windows\System\aoQxjPF.exe
  2⤵
  PID:8568
- C:\Windows\System\hVdIbhf.exe
  C:\Windows\System\hVdIbhf.exe
  2⤵
  PID:8468
- C:\Windows\System\xMshDYm.exe
  C:\Windows\System\xMshDYm.exe
  2⤵
  PID:8736
- C:\Windows\System\hjNfAfT.exe
  C:\Windows\System\hjNfAfT.exe
  2⤵
  PID:8812
- C:\Windows\System\YuWRJzz.exe
  C:\Windows\System\YuWRJzz.exe
  2⤵
  PID:8972
- C:\Windows\System\qcyPrux.exe
  C:\Windows\System\qcyPrux.exe
  2⤵
  PID:9000
- C:\Windows\System\GwzmWQx.exe
  C:\Windows\System\GwzmWQx.exe
  2⤵
  PID:8840
- C:\Windows\System\srfOkQb.exe
  C:\Windows\System\srfOkQb.exe
  2⤵
  PID:2412
- C:\Windows\System\SrJHBtP.exe
  C:\Windows\System\SrJHBtP.exe
  2⤵
  PID:9072
- C:\Windows\System\XfqkQed.exe
  C:\Windows\System\XfqkQed.exe
  2⤵
  PID:8240
- C:\Windows\System\OeNBjST.exe
  C:\Windows\System\OeNBjST.exe
  2⤵
  PID:9092
- C:\Windows\System\rWOZVEL.exe
  C:\Windows\System\rWOZVEL.exe
  2⤵
  PID:8308
- C:\Windows\System\xawcFAo.exe
  C:\Windows\System\xawcFAo.exe
  2⤵
  PID:8304
- C:\Windows\System\hlaeQZA.exe
  C:\Windows\System\hlaeQZA.exe
  2⤵
  PID:8656
- C:\Windows\System\damVqnk.exe
  C:\Windows\System\damVqnk.exe
  2⤵
  PID:8888
- C:\Windows\System\KvxKCiQ.exe
  C:\Windows\System\KvxKCiQ.exe
  2⤵
  PID:9020
- C:\Windows\System\sRBiRvy.exe
  C:\Windows\System\sRBiRvy.exe
  2⤵
  PID:8420
- C:\Windows\System\ByZYabb.exe
  C:\Windows\System\ByZYabb.exe
  2⤵
  PID:9196
- C:\Windows\System\whKjWay.exe
  C:\Windows\System\whKjWay.exe
  2⤵
  PID:9200
- C:\Windows\System\hilNUkr.exe
  C:\Windows\System\hilNUkr.exe
  2⤵
  PID:8452
- C:\Windows\System\XpjHCnh.exe
  C:\Windows\System\XpjHCnh.exe
  2⤵
  PID:8632
- C:\Windows\System\ERKNpsh.exe
  C:\Windows\System\ERKNpsh.exe
  2⤵
  PID:9088
- C:\Windows\System\mzxhkvj.exe
  C:\Windows\System\mzxhkvj.exe
  2⤵
  PID:1000
- C:\Windows\System\DFyuLJt.exe
  C:\Windows\System\DFyuLJt.exe
  2⤵
  PID:9148
- C:\Windows\System\aTwMPlA.exe
  C:\Windows\System\aTwMPlA.exe
  2⤵
  PID:8980
- C:\Windows\System\HgOxiWy.exe
  C:\Windows\System\HgOxiWy.exe
  2⤵
  PID:8288
- C:\Windows\System\jBsdZzc.exe
  C:\Windows\System\jBsdZzc.exe
  2⤵
  PID:8352
- C:\Windows\System\MQbnYUE.exe
  C:\Windows\System\MQbnYUE.exe
  2⤵
  PID:8516
- C:\Windows\System\USdOXED.exe
  C:\Windows\System\USdOXED.exe
  2⤵
  PID:8764
- C:\Windows\System\vOiVhLx.exe
  C:\Windows\System\vOiVhLx.exe
  2⤵
  PID:8928
- C:\Windows\System\NQxxGTI.exe
  C:\Windows\System\NQxxGTI.exe
  2⤵
  PID:8768
- C:\Windows\System\oTCYtqg.exe
  C:\Windows\System\oTCYtqg.exe
  2⤵
  PID:9240
- C:\Windows\System\OZNkbrj.exe
  C:\Windows\System\OZNkbrj.exe
  2⤵
  PID:9256
- C:\Windows\System\weMCgSD.exe
  C:\Windows\System\weMCgSD.exe
  2⤵
  PID:9272
- C:\Windows\System\mqwcjjX.exe
  C:\Windows\System\mqwcjjX.exe
  2⤵
  PID:9288
- C:\Windows\System\kNnSXDL.exe
  C:\Windows\System\kNnSXDL.exe
  2⤵
  PID:9304
- C:\Windows\System\vlLAZur.exe
  C:\Windows\System\vlLAZur.exe
  2⤵
  PID:9320
- C:\Windows\System\koHioXf.exe
  C:\Windows\System\koHioXf.exe
  2⤵
  PID:9336
- C:\Windows\System\nVeBhOA.exe
  C:\Windows\System\nVeBhOA.exe
  2⤵
  PID:9352
- C:\Windows\System\ezCFSFx.exe
  C:\Windows\System\ezCFSFx.exe
  2⤵
  PID:9368
- C:\Windows\System\BElLgmy.exe
  C:\Windows\System\BElLgmy.exe
  2⤵
  PID:9388
- C:\Windows\System\xvlVjZV.exe
  C:\Windows\System\xvlVjZV.exe
  2⤵
  PID:9404
- C:\Windows\System\eRiPcGl.exe
  C:\Windows\System\eRiPcGl.exe
  2⤵
  PID:9420
- C:\Windows\System\oCgFntV.exe
  C:\Windows\System\oCgFntV.exe
  2⤵
  PID:9436
- C:\Windows\System\UXAMzYj.exe
  C:\Windows\System\UXAMzYj.exe
  2⤵
  PID:9452
- C:\Windows\System\kSheXlJ.exe
  C:\Windows\System\kSheXlJ.exe
  2⤵
  PID:9468
- C:\Windows\System\yDtoOvY.exe
  C:\Windows\System\yDtoOvY.exe
  2⤵
  PID:9484
- C:\Windows\System\CYeZRhU.exe
  C:\Windows\System\CYeZRhU.exe
  2⤵
  PID:9500
- C:\Windows\System\ByaLJzc.exe
  C:\Windows\System\ByaLJzc.exe
  2⤵
  PID:9516
- C:\Windows\System\qPnivgd.exe
  C:\Windows\System\qPnivgd.exe
  2⤵
  PID:9532
- C:\Windows\System\yWPrYQn.exe
  C:\Windows\System\yWPrYQn.exe
  2⤵
  PID:9552
- C:\Windows\System\fKAIILo.exe
  C:\Windows\System\fKAIILo.exe
  2⤵
  PID:9568
- C:\Windows\System\KAVyjxZ.exe
  C:\Windows\System\KAVyjxZ.exe
  2⤵
  PID:9584
- C:\Windows\System\BgAEPHk.exe
  C:\Windows\System\BgAEPHk.exe
  2⤵
  PID:9600
- C:\Windows\System\jqwMtEl.exe
  C:\Windows\System\jqwMtEl.exe
  2⤵
  PID:9616
- C:\Windows\System\fEHMrPZ.exe
  C:\Windows\System\fEHMrPZ.exe
  2⤵
  PID:9632
- C:\Windows\System\AtKqwQw.exe
  C:\Windows\System\AtKqwQw.exe
  2⤵
  PID:9648
- C:\Windows\System\CNGbAmX.exe
  C:\Windows\System\CNGbAmX.exe
  2⤵
  PID:9664
- C:\Windows\System\FeLJltn.exe
  C:\Windows\System\FeLJltn.exe
  2⤵
  PID:9680
- C:\Windows\System\yWECEjI.exe
  C:\Windows\System\yWECEjI.exe
  2⤵
  PID:9700
- C:\Windows\System\LOyUujl.exe
  C:\Windows\System\LOyUujl.exe
  2⤵
  PID:9732
- C:\Windows\System\NcqEFIf.exe
  C:\Windows\System\NcqEFIf.exe
  2⤵
  PID:9748
- C:\Windows\System\awXNTjq.exe
  C:\Windows\System\awXNTjq.exe
  2⤵
  PID:9808
- C:\Windows\System\qFIjKqc.exe
  C:\Windows\System\qFIjKqc.exe
  2⤵
  PID:9828
- C:\Windows\System\ifScGwc.exe
  C:\Windows\System\ifScGwc.exe
  2⤵
  PID:9844
- C:\Windows\System\wZFKChZ.exe
  C:\Windows\System\wZFKChZ.exe
  2⤵
  PID:9864
- C:\Windows\System\kdfymPP.exe
  C:\Windows\System\kdfymPP.exe
  2⤵
  PID:9880
- C:\Windows\System\JOCsnve.exe
  C:\Windows\System\JOCsnve.exe
  2⤵
  PID:9896
- C:\Windows\System\rmOIIek.exe
  C:\Windows\System\rmOIIek.exe
  2⤵
  PID:9912
- C:\Windows\System\ZloHkOb.exe
  C:\Windows\System\ZloHkOb.exe
  2⤵
  PID:9928
- C:\Windows\System\UdrhXHb.exe
  C:\Windows\System\UdrhXHb.exe
  2⤵
  PID:9944
- C:\Windows\System\qlEpMRF.exe
  C:\Windows\System\qlEpMRF.exe
  2⤵
  PID:9960
- C:\Windows\System\UAtEPDs.exe
  C:\Windows\System\UAtEPDs.exe
  2⤵
  PID:9976
- C:\Windows\System\mVgpwIj.exe
  C:\Windows\System\mVgpwIj.exe
  2⤵
  PID:9992
- C:\Windows\System\hXTgPFt.exe
  C:\Windows\System\hXTgPFt.exe
  2⤵
  PID:10016
- C:\Windows\System\FlKfUsF.exe
  C:\Windows\System\FlKfUsF.exe
  2⤵
  PID:10036
- C:\Windows\System\MPGylDf.exe
  C:\Windows\System\MPGylDf.exe
  2⤵
  PID:10052
- C:\Windows\System\fKrQdkN.exe
  C:\Windows\System\fKrQdkN.exe
  2⤵
  PID:10068
- C:\Windows\System\qBJoDKH.exe
  C:\Windows\System\qBJoDKH.exe
  2⤵
  PID:10084
- C:\Windows\System\kukrzlX.exe
  C:\Windows\System\kukrzlX.exe
  2⤵
  PID:10100
- C:\Windows\System\snUCQrt.exe
  C:\Windows\System\snUCQrt.exe
  2⤵
  PID:10116
- C:\Windows\System\nBNnXOb.exe
  C:\Windows\System\nBNnXOb.exe
  2⤵
  PID:10132
- C:\Windows\System\PYBZyUB.exe
  C:\Windows\System\PYBZyUB.exe
  2⤵
  PID:10148
- C:\Windows\System\JTjMuvW.exe
  C:\Windows\System\JTjMuvW.exe
  2⤵
  PID:10164
- C:\Windows\System\xXFvdfL.exe
  C:\Windows\System\xXFvdfL.exe
  2⤵
  PID:10184
- C:\Windows\System\LahyVDj.exe
  C:\Windows\System\LahyVDj.exe
  2⤵
  PID:10200
- C:\Windows\System\vxNWHhT.exe
  C:\Windows\System\vxNWHhT.exe
  2⤵
  PID:10216
- C:\Windows\System\XkRBydf.exe
  C:\Windows\System\XkRBydf.exe
  2⤵
  PID:10232
- C:\Windows\System\tUHwWna.exe
  C:\Windows\System\tUHwWna.exe
  2⤵
  PID:8532
- C:\Windows\System\CSrxZYX.exe
  C:\Windows\System\CSrxZYX.exe
  2⤵
  PID:9232
- C:\Windows\System\Ukkhdpu.exe
  C:\Windows\System\Ukkhdpu.exe
  2⤵
  PID:9300
- C:\Windows\System\WNzRRjo.exe
  C:\Windows\System\WNzRRjo.exe
  2⤵
  PID:9364
- C:\Windows\System\Oyeasjj.exe
  C:\Windows\System\Oyeasjj.exe
  2⤵
  PID:9284
- C:\Windows\System\uKcKtCu.exe
  C:\Windows\System\uKcKtCu.exe
  2⤵
  PID:8440
- C:\Windows\System\gYbTEjF.exe
  C:\Windows\System\gYbTEjF.exe
  2⤵
  PID:9252
- C:\Windows\System\SmNoZFK.exe
  C:\Windows\System\SmNoZFK.exe
  2⤵
  PID:9380
- C:\Windows\System\RPzxXDc.exe
  C:\Windows\System\RPzxXDc.exe
  2⤵
  PID:9428
- C:\Windows\System\jtpepOb.exe
  C:\Windows\System\jtpepOb.exe
  2⤵
  PID:9460
- C:\Windows\System\yvPHrnd.exe
  C:\Windows\System\yvPHrnd.exe
  2⤵
  PID:9564
- C:\Windows\System\XbsVWyL.exe
  C:\Windows\System\XbsVWyL.exe
  2⤵
  PID:9444
- C:\Windows\System\FrWoKvd.exe
  C:\Windows\System\FrWoKvd.exe
  2⤵
  PID:9512
- C:\Windows\System\RwtbBnK.exe
  C:\Windows\System\RwtbBnK.exe
  2⤵
  PID:9576
- C:\Windows\System\GOocAvI.exe
  C:\Windows\System\GOocAvI.exe
  2⤵
  PID:9596
- C:\Windows\System\BxgSjoB.exe
  C:\Windows\System\BxgSjoB.exe
  2⤵
  PID:9660
- C:\Windows\System\zqHDFTW.exe
  C:\Windows\System\zqHDFTW.exe
  2⤵
  PID:9612
- C:\Windows\System\uvpHSVz.exe
  C:\Windows\System\uvpHSVz.exe
  2⤵
  PID:9676
- C:\Windows\System\XceWPsi.exe
  C:\Windows\System\XceWPsi.exe
  2⤵
  PID:9720
- C:\Windows\System\rjRqEzB.exe
  C:\Windows\System\rjRqEzB.exe
  2⤵
  PID:9728
- C:\Windows\System\LUuknEs.exe
  C:\Windows\System\LUuknEs.exe
  2⤵
  PID:9768
- C:\Windows\System\mcbkaGh.exe
  C:\Windows\System\mcbkaGh.exe
  2⤵
  PID:9824
- C:\Windows\System\mBkIfmp.exe
  C:\Windows\System\mBkIfmp.exe
  2⤵
  PID:9888
- C:\Windows\System\aEjmtbm.exe
  C:\Windows\System\aEjmtbm.exe
  2⤵
  PID:9952
- C:\Windows\System\tjwtHyP.exe
  C:\Windows\System\tjwtHyP.exe
  2⤵
  PID:9792
- C:\Windows\System\gmnsdLn.exe
  C:\Windows\System\gmnsdLn.exe
  2⤵
  PID:9796
- C:\Windows\System\xpeIxfL.exe
  C:\Windows\System\xpeIxfL.exe
  2⤵
  PID:9840
- C:\Windows\System\OupJbmT.exe
  C:\Windows\System\OupJbmT.exe
  2⤵
  PID:9908
- C:\Windows\System\eMhHRZP.exe
  C:\Windows\System\eMhHRZP.exe
  2⤵
  PID:10000
- C:\Windows\System\PPzTzSX.exe
  C:\Windows\System\PPzTzSX.exe
  2⤵
  PID:10004
- C:\Windows\System\KoRHCvP.exe
  C:\Windows\System\KoRHCvP.exe
  2⤵
  PID:10024
- C:\Windows\System\azahkrE.exe
  C:\Windows\System\azahkrE.exe
  2⤵
  PID:9716
- C:\Windows\System\YCqxJgQ.exe
  C:\Windows\System\YCqxJgQ.exe
  2⤵
  PID:10124
- C:\Windows\System\ulukprI.exe
  C:\Windows\System\ulukprI.exe
  2⤵
  PID:10076
- C:\Windows\System\gPRhEiV.exe
  C:\Windows\System\gPRhEiV.exe
  2⤵
  PID:10080
- C:\Windows\System\YAtzPja.exe
  C:\Windows\System\YAtzPja.exe
  2⤵
  PID:10180
- C:\Windows\System\NaDiFDo.exe
  C:\Windows\System\NaDiFDo.exe
  2⤵
  PID:10212
- C:\Windows\System\FteAvtP.exe
  C:\Windows\System\FteAvtP.exe
  2⤵
  PID:9104
- C:\Windows\System\gXsQJSk.exe
  C:\Windows\System\gXsQJSk.exe
  2⤵
  PID:9264
- C:\Windows\System\iJGDJoB.exe
  C:\Windows\System\iJGDJoB.exe
  2⤵
  PID:9312
- C:\Windows\System\EsMORLd.exe
  C:\Windows\System\EsMORLd.exe
  2⤵
  PID:9316
- C:\Windows\System\MsiMoFm.exe
  C:\Windows\System\MsiMoFm.exe
  2⤵
  PID:9248
- C:\Windows\System\AZcvLja.exe
  C:\Windows\System\AZcvLja.exe
  2⤵
  PID:9464
- C:\Windows\System\ufXQGWf.exe
  C:\Windows\System\ufXQGWf.exe
  2⤵
  PID:9416
- C:\Windows\System\bmzEZdR.exe
  C:\Windows\System\bmzEZdR.exe
  2⤵
  PID:9628
- C:\Windows\System\dJJpEeH.exe
  C:\Windows\System\dJJpEeH.exe
  2⤵
  PID:9712
- C:\Windows\System\ITBAUzd.exe
  C:\Windows\System\ITBAUzd.exe
  2⤵
  PID:9640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AjNHfbv.exe

Filesize
6.0MB

MD5
e5d41a17b5a774a177225a1a14d82a96

SHA1
d54910be812f96b875d114d5c655e38ac6d83a2f

SHA256
22d528ef4daa41ff9698225e3647572b06316812fcd4730c2b961b94aa0eb2ef

SHA512
41650bd340c9f1778cebe45d5224fefa42b1ace260d54e410cf6d7d45aa002ae2e5ac8fb1f7ad0de290c3f93b505e8d080cc8984565bdaa2da1ac7742527e473

Download Submit
C:\Windows\system\EQAGqIr.exe

Filesize
6.0MB

MD5
7318c6a5332dad2dc7785d649fad7739

SHA1
86b263e5e32302ce1a8fc02e04823fd8364cfe34

SHA256
5878aedcf072253f057a6d17ec889577067813ee9002d4259084413a81f1286e

SHA512
c6f5b84767411663122e9af198c87b60599eb42b328448230bad19c7da9df0783ce49a5d32e6c4001d95be678735a22db1bae243acc3e95da468ec4ad8580db2

Download Submit
C:\Windows\system\EaBiGmW.exe

Filesize
6.0MB

MD5
0f7725ead2cf5f674e1750f60982a90c

SHA1
f804c800210cd09dc0f1dfe69ea284f6260a1491

SHA256
e5140bf1adf619b79e8fdf7bd8a7a53b5c9e48ac479086bba9012c0c05eaee61

SHA512
dbcac68c2fe767d7670d42325fe61be27449753f26a402f04bff183258e8d6ba10e7db82528cf4e39cd28eeec014cc916ccaf419c174d38dafdd46cde5052a47

Download Submit
C:\Windows\system\GFnhUdX.exe

Filesize
6.0MB

MD5
b66ac381b191fc3bb33d7557c4b1ba33

SHA1
f6c3b5b52560a516a8bdb7c46f3918e3a27ad960

SHA256
ef4f16fe9bb563e1d1d064a4adec87a8b71bdf8a14086ee5af83cab99bd4ef43

SHA512
dc6a22470124e03aeb0d25f7069278e00cc81ee80c70ef122743e2dfe8b994a005dc400bb92f6b5186072bf333e800eb0df732ec169f69884daece2aa2923988

Download Submit
C:\Windows\system\IvTQQUi.exe

Filesize
6.0MB

MD5
46c08f591a9a28cbcd5eb1e3bed03749

SHA1
88fd27a5e21019b086a591a1fddce5aff6d1cf2f

SHA256
297f6d8872cf1e9ebd8b714a5ebb72cedae32701dd94b92582158ceadbf7a5d4

SHA512
c404f2b04251329e1d73565a8c9a2d88014c0a65be14bff2554b9ac8d817c7cedfe19a16b90d5850c5c3e58ca63c643f44776274238941acd40b3c7100269868

Download Submit
C:\Windows\system\JGAfmvz.exe

Filesize
6.0MB

MD5
39be2043ae9a8f82c084c69e838c863d

SHA1
45971b91401b76a6191a6032ea842086e28fd5e5

SHA256
3e38046a1fe4ccceeb7ed239f138b502d197024adf66ae523cd579b5da9fbc96

SHA512
e1cff70a7f19c14909684d44e1ed48cc6b3ed76fed57447f443fcbdd7e8a3a01aef4a58bc01a15fbf13dd62294f7713c2743abb534ef950b0bdea35f63b6fbcb

Download Submit
C:\Windows\system\KUtpjnj.exe

Filesize
6.0MB

MD5
c0415f7b6fecbbf6166b81950d013eb9

SHA1
d5a52a2da4737eaf4bd4242b69977f83ac024a26

SHA256
c9b343f511c56c632a754f41301e55d47856952b7b7b1be317bbcc424127e2f7

SHA512
5736daa0a2eeecfe68839b3a27b2b5c416a13367fd7f66e097f239b6be6e6360a6674d5ade9d01c946de19a3d015df24a0cffa61cb478614c495cd5f30f3369c

Download Submit
C:\Windows\system\MlpYXZP.exe

Filesize
6.0MB

MD5
53db907b4ae65d39eccca7d55d83db3f

SHA1
c5b43d0ac699dafc55595ee80344593583e7c6cb

SHA256
4e78dd24977e88866aedde2807112e9f445430608eef76f369fb4df8ade61222

SHA512
183f8642098af13d78209b5831fd1da7697576912e655cddcaba6b11578fc114cb48be1c116de1e7863d02c0b1710236b87acaf34d35cad41eaa7a1536baa13f

Download Submit
C:\Windows\system\OMzIkeq.exe

Filesize
6.0MB

MD5
26fab0acc569801544046b5e3ab21c0d

SHA1
4682816093639c826a90158b43db9390a84016fa

SHA256
c055db6b3bf0c6eeb3b9e1820f8b85cc20fe4aa7c088c5d575b5f891a464eb5d

SHA512
67b91e888aa958189744a754709f6d8909b0b0851b03cf9e13a5fcae47940b4b9943db738a0e14eaeff80dc9f4b9553d85928720db0fd4be43ce70df4a05493d

Download Submit
C:\Windows\system\RYghrfA.exe

Filesize
6.0MB

MD5
9e0799045d026c02ba94c29b7e19d0ae

SHA1
ecbb5a0ffe2cf2bcf984912ac9db249669a86acf

SHA256
2fd6f421594488f91fdcdeea2656bb9bacebed8aeacbc2fef29f47debca7721b

SHA512
936a65606e1634019b022e4ff29ec27c597078babbcd69214053e6df3280c99cc3642caaa45b5e049254b92853ba24f48b2620b35fa70d5caf4dc02290abfaaa

Download Submit
C:\Windows\system\StDAYpe.exe

Filesize
6.0MB

MD5
77796c99fafde1f204788e7a19991609

SHA1
0ec6a3e44b2df60f2a38808ca2d6b5c46b5f613f

SHA256
80ec7bfd2349ae525611113ee1e2facbb286b749d0289282323741ff809bdbe9

SHA512
ddb4fd117a608e2b3e1419ffdc8119275abbdc34b3eaf26ff749a432091011d44ef26f9ada32e4533253f54d4ca5ce4f5064475724896247fff2afd3a31ac2da

Download Submit
C:\Windows\system\TTXVbeb.exe

Filesize
6.0MB

MD5
6a52a4198916c6298b3aab3a8e3c9be0

SHA1
ccbd47e7d121c64457def54ef9934888f638fe24

SHA256
2a555b5ee0c4a40dafae44123815bc6bb4d15138997931c472f46da075bfa4b5

SHA512
d18fa43ab805d4d43aa818bd844c6dc5015be87005719eae77d8af409e32b23bdf5ef18176c6ecf68a51e902d909bb2748c185440ba3775b040706ab597a224b

Download Submit
C:\Windows\system\VXZMMXW.exe

Filesize
6.0MB

MD5
1e1bc734f5320955a6db7b7b56b408e3

SHA1
8444e7ea0368892048fe543fd719695c871cb766

SHA256
64ca5a4d02ec2aa85352529751663ff0ddd480aaa3e569c73c744314164074a3

SHA512
e686d77137706faf34fba24ae47702445ab8f8cfec2e84255fb8003afc9308c8d2279d534aaf47bc39e089266bb2b2ee2cb6ea68bd8662921c214416d2ca65fa

Download Submit
C:\Windows\system\WxRzASp.exe

Filesize
6.0MB

MD5
44af1479514713e6a3b82d638bc8470d

SHA1
e96113f8a4e317d6953024b6fd3a8993fe836360

SHA256
ac843607049cca4d06a5138e9581e9a7a7249478ba330f0defbe230bf428aed6

SHA512
f8f7cef69d594ba5bda0a59f3933696faf6cd11967c02acfcf242bdca2b67e5cb35318b6cd2a6f2e0ff3d9e18641a5598e4e071ace1b91ef3f5f05bbe3b9fa0b

Download Submit
C:\Windows\system\XsTyKou.exe

Filesize
6.0MB

MD5
548d347aaaf7a3a706f20fb7e408bb0b

SHA1
57b1cdd22e98dac997bbd3ca485ac4175c1270e5

SHA256
d7f6609bbedeb284295c05cde0b63de45435845af6b8f359aa6afcc524f402ef

SHA512
6666c2299ac135b077d94d7ad7d568bc85b27ddee294e190f3fb2dcb05e6a1a72eacf34d008e7c72f925ecf6b0ce92f0624e361ecd8d4d4a0f99deaa0d438793

Download Submit
C:\Windows\system\isoFAfj.exe

Filesize
6.0MB

MD5
7370be1ec96bee1029612554fa6f630c

SHA1
fa226df09d76245d3993bb32de866639b5698d69

SHA256
97db0e24aa1a13bd84575a9781fda48a2defa6dd4aedd6341f1dcd69aced0d56

SHA512
dfd94f2bace986f4ee06eab0bd47437fd9bf16d11b58c3af4625dcee3f81a4ba8bbabf0f0da6c7e9ee61af112e939a5f65e46fef304d1c8cd54b5a983961b6f7

Download Submit
C:\Windows\system\kzVJjch.exe

Filesize
6.0MB

MD5
6ae544fe0dc00adff07e7c1b7f0ea830

SHA1
1920528464494fd3f4c576623932636854abdf7d

SHA256
673d8ff753c510ee837d317c55973d99f010420ae63a88b085163577e1fb17a6

SHA512
8d5db8effce73fe52a39a8687da9a07fc8c4237d2180ccaf3d11611f303f8c9fdab5f8caf30ec59b4d4b7046d26ea18fd9bf611f327dcf5d01b4fd495da3b0d3

Download Submit
C:\Windows\system\lxCDLWm.exe

Filesize
6.0MB

MD5
b2d31d9fbc63fb5e2f9f98332faddd3e

SHA1
92f30f804a7bf063a1dc449315a2c4f2c14d914a

SHA256
52f245a18c1149e6210416e5bae482afe74ecef64087020437cbb56a1c5cf63c

SHA512
1f1b68c3180bc191a440fe4efffc7eab652cecdaf1e5f4153bc40bb47caf7e424181b0630e52d56698c8d0ab9d83e78d9ba636b665e0a2d1dde4a4d5b567eec8

Download Submit
C:\Windows\system\nwqtgqW.exe

Filesize
6.0MB

MD5
1661b82d512eb9fbcf621087b1d176ee

SHA1
2d6db3d7ddb35d366e84c94cc3318147995a9e80

SHA256
785a647adcece9a0cb57e2c9c05e21678f7a8ee498f1c3323e1b87f1f7683927

SHA512
76f02ec9fb3f6f7a25b4399bd3ca563bcb70a101b1e54c1701683429fe6cae67fc7af56b840db138a5e8601b8ca7d62c52c507ce82fa6e5ac186f03b1c6515bb

Download Submit
C:\Windows\system\osXvUyC.exe

Filesize
6.0MB

MD5
e1ec4dd6e95577df5511a6cb3a04c66b

SHA1
ed41f090785feeadbe691be19f783e1e082b7950

SHA256
769b23e4698f2318e87425cc64bd453ba6e9e1512d0139345ef1559eb4139778

SHA512
86c1a7e6857bad695cb8a49f1283974d1df5489bf1df38a5307a00d02a6effa43d1b9a4bafe8b0793a77109e62193c2a0c1637e64f188e7910ef3da63a54ec62

Download Submit
C:\Windows\system\qkXHgqn.exe

Filesize
6.0MB

MD5
6d8a17801689b78a4c5bb7cca4c6b84f

SHA1
e2e6955ba56bd1dcb960112e835f7a77da1de19a

SHA256
34045b8081bc7682f8d7001eef17a01dc7e459a16d6eef1ffcf6a16aea8d4d7b

SHA512
00c934eacef61f9c69ae604a539c120459e980accaed8936048777dd727fb393b5d0c6405beba07b7222727fc6a737df94b6b271236538a1fe841915cccbfb2e

Download Submit
C:\Windows\system\spOMzbv.exe

Filesize
6.0MB

MD5
df1def6d710f5f996aa086f5f5625fbf

SHA1
5c86e0edbdcdd0eab760c16ef8e2bef34c92c45c

SHA256
322af59e65ba52c646c72b22beb97965d779abcd3652319b9162f2b61cc2ce25

SHA512
feb918927291f514cbb06491fbd554f56a46967fa7ecd469ab6f12cefaa46bc40de923d6f4cf2935eee89a6f72a0ac4b7a6c4f3218b30027c65fd9abd2c63c68

Download Submit
C:\Windows\system\uavqvGB.exe

Filesize
6.0MB

MD5
f70f9f8bf16feb94805407e39239dabd

SHA1
40e2886e72070f6ca82058f7af5bf3fa664bf337

SHA256
e2b826736f12a92c3cbab45a8d95889a5b39de6c2db7131af992f490c04575ba

SHA512
b099a506e5d2150ddb4a27a7364ec4e70f44e6dd399c2aac1cd37c748bcff4efd0c273e509ce5335a2df68d1e1a79921a05db73b06cfdb45b416d1ef460e37ef

Download Submit
C:\Windows\system\wjvcJZu.exe

Filesize
6.0MB

MD5
e1a150eef3fb06b7c09144abc5bb40ce

SHA1
88959cf80b6a44359e3327eb012f3b3431ade3b4

SHA256
b956a5ef2579344d735f03588fc8a0108d828a30befa7f866ec47e313ea74733

SHA512
9d8541e299c78d206dd5752af929bc960cd565aa02cfad7dc04ce2668877b0a31107edbe5ea56075f210b4285e981f17d086a9587cc6c55159568788a0f3feeb

Download Submit
C:\Windows\system\wsGhehc.exe

Filesize
6.0MB

MD5
fa4f6b51c12c1f1b22990b5d89e0e811

SHA1
26307ef2fbe81520c0ea769f5051c99f49fd2387

SHA256
9b9607e132e7c5e9b1b0f32367c10299550f683787ed094fe60e4cb501308d1e

SHA512
cc543c224273ed1bc485418079a2c21a80c0587ff543024010523e807c7f6afc2e402cc335baae03f0b33e66322541af8b3bd6252fdc0007b53395645e3ec474

Download Submit
C:\Windows\system\xvzZehh.exe

Filesize
6.0MB

MD5
a4ca775e4c922f8c46d20be3b074e2b6

SHA1
74795707f67fa1480bf4075ddc433be7b55ea8eb

SHA256
358640a7e85d7425b7de655014cb6ccb642acbada98abf842ddcdbaa39f67180

SHA512
07d477a033178b6066cf9771fe8726d3e0249769d1278f138e52863c53a159d7f4b1e0f357c6a9923ff909465dbc23ecb3edac1e3b7bba86078e74ba4f841626

Download Submit
C:\Windows\system\zAQZPil.exe

Filesize
6.0MB

MD5
a6d0494d1d43c41ca0184570a884844d

SHA1
549b8e461c80e4fce8452b7388a9aeba14050e17

SHA256
9d62a9024793c33832f17b4c4c4187cbdfc921034701887f21a0c79c4e59a1d7

SHA512
e0a648eab5a19e7aca90ad22067e1b18ad48c777ed220a68d1eac7f4225a688241d08a98f111d01caacfb0c3f3c72dc38989bea28e9e41c9f6aa3f72f18e29ac

Download Submit
C:\Windows\system\zRmIUUz.exe

Filesize
6.0MB

MD5
5b54fc3d60bd815a20523e78468a245e

SHA1
43b7b58f079e6ddc259969747ce7a3d947b8acb1

SHA256
299d175894ebbb00765dafb9648e0a9e650112dc3bb9d8949b57bd58721e734d

SHA512
6c4ec9bb318d91886d493913b5ced7370701354fe6a063a34f5d5ab9b51cf6956d455109c6efffdddfe5cb7ddc1cec31ff2b67f4edef8ae57efcae4d666f53a6

Download Submit
\Windows\system\HRWojhm.exe

Filesize
6.0MB

MD5
4028a82fcc9b2287e61d03c80cd29d7d

SHA1
aac87efe68e3d8019e88b1073e6c039f19b53c4b

SHA256
98168166ffbb406fe6fd2cbc80986c5896acb307157c80bc9a198fa10eed7417

SHA512
9359642927d527f8fdb2c96833276a717a9f15170929d7bb0306d5875b4760e8810cb4622fe135230cfc2b9595b53746f36ed9a5927af302796db11aabcf6db4

Download Submit
\Windows\system\dzETELx.exe

Filesize
6.0MB

MD5
5e385e85fa845d5e3e9b47f84758b60c

SHA1
47d6a21a717748ee1a490943757d4981fe0eb68d

SHA256
3b0696e515af27069c290c8f9e6b2b8cb8c34ebfaf085da51d2b596953bc4f15

SHA512
b18d26d2ee675080931617431820c05281c820b6f343c08286693aa188826b83efbf779c7e446eed15b3d7557e8127842561f4a3fa08155bc1ab0d21eb0863ab

Download Submit
\Windows\system\gmKsNfh.exe

Filesize
6.0MB

MD5
ae6cbcd5166f41c069f9f12475e21b3b

SHA1
efe243797efeb8f645a5d0135612aed7de605f04

SHA256
d3c497dae0d96368e91dc641b0eac06f9ca2a22217b4cfa0b5838034fe7530b6

SHA512
56efd91f6343d848d37f9e48e065c0c681b4a5196e72390c5224a4687ac4354d5c68bb2b5911f3c1dcfb111c0e9ba0bf32117db62de5f26aeebf8ba3a92c7844

Download Submit
\Windows\system\tmQeqBT.exe

Filesize
6.0MB

MD5
0b06f0ff19a6d72003a59ea8569051b4

SHA1
16683125e028d4a4c4b8eb5229459239f75967fa

SHA256
b1da1f15be9e400171a6ddadcd66fb70149f5367658a7a4bcfd666e83f7fe0e6

SHA512
d7001dbeb1a5d10eef7d98905d23a51f9a5029559ad946f65e96193ec97cea8f845468b5e5cbabe406c547bd632d40df80ef3e09d56b28ee70ca33b2fc6254f8

Download Submit
memory/1312-4147-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2037-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1428-2446-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1428-4148-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2116-4150-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-0-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2385-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2394-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2038-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2182-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2096-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2116-2268-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2002-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1960-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2343-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4145-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-2181-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-4144-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2093-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-4149-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1999-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2405-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4143-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2261-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3926-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2393-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4146-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2339-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2358-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4142-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download