cobaltstrike | 3af3dd636eb705164af3292862e7957c067dd47b6e5ec99eecd2347f55791f4b

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2b6ca2737808332e8ed02ca6ef866204
SHA1

e3eaf7526ae9873b51bd7ddba07ce55b1d43f283
SHA256

3af3dd636eb705164af3292862e7957c067dd47b6e5ec99eecd2347f55791f4b
SHA512

d38702f5756f4a567493793d2f692ecf9c51737412f968987aad8c488da7e81743b29892284f046568ad179f7797f42ed0f634eb93fdd13f15fb688d433a5301
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca0-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-45.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-78.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d68-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1860-1-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/1984-9-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-10.dat	xmrig
behavioral1/memory/1988-14-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b86-15.dat	xmrig
behavioral1/files/0x0008000000016c89-22.dat	xmrig
behavioral1/memory/1860-25-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2580-21-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1860-34-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca0-33.dat	xmrig
behavioral1/files/0x0007000000016cf0-35.dat	xmrig
behavioral1/memory/2932-39-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1860-19-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1988-43-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-45.dat	xmrig
behavioral1/files/0x00080000000164de-57.dat	xmrig
behavioral1/memory/2640-73-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-78.dat	xmrig
behavioral1/files/0x000d000000018683-86.dat	xmrig
behavioral1/memory/2612-87-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2508-105-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001871c-109.dat	xmrig
behavioral1/files/0x0006000000018d7b-125.dat	xmrig
behavioral1/files/0x0006000000018d83-130.dat	xmrig
behavioral1/files/0x0006000000018fdf-135.dat	xmrig
behavioral1/files/0x0005000000019261-158.dat	xmrig
behavioral1/files/0x0005000000019299-175.dat	xmrig
behavioral1/files/0x000500000001938e-195.dat	xmrig
behavioral1/memory/2640-218-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1860-1460-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2508-1297-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1860-1134-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2800-972-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2612-668-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2784-557-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019358-190.dat	xmrig
behavioral1/files/0x00050000000192a1-181.dat	xmrig
behavioral1/files/0x0005000000019354-185.dat	xmrig
behavioral1/files/0x000500000001927a-171.dat	xmrig
behavioral1/files/0x0005000000019274-165.dat	xmrig
behavioral1/files/0x000500000001924f-155.dat	xmrig
behavioral1/files/0x0005000000019237-150.dat	xmrig
behavioral1/files/0x0005000000019203-145.dat	xmrig
behavioral1/files/0x0006000000019056-140.dat	xmrig
behavioral1/files/0x0006000000018be7-120.dat	xmrig
behavioral1/files/0x0005000000018745-114.dat	xmrig
behavioral1/memory/2800-95-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-93.dat	xmrig
behavioral1/files/0x000500000001870c-103.dat	xmrig
behavioral1/memory/1860-101-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1236-99-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4c-53.dat	xmrig
behavioral1/memory/2784-82-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2932-79-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2956-72-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2880-70-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2704-69-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1860-68-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d68-65.dat	xmrig
behavioral1/memory/1816-63-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2580-48-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1236-60-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1860-52-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1984	eNABgBL.exe
1988	jhRmsqk.exe
2580	UrBGHfP.exe
1816	jaXSPCY.exe
2956	CyWIdOl.exe
2932	KPeieaJ.exe
1236	scAKcuq.exe
2880	lfpfafj.exe
2704	kPpBlYF.exe
2640	HjItnZQ.exe
2784	jWUphum.exe
2612	DnqZjfQ.exe
2800	sKfNKki.exe
2508	fBsiDKh.exe
2424	PSKzmFO.exe
764	AMyDDap.exe
1772	iRQYwMW.exe
1052	nGEJxzj.exe
1624	GrtJdup.exe
1472	dwwCFbx.exe
1124	BjjDxiL.exe
1436	kQrlPUq.exe
2240	kEfPwlw.exe
1944	JhzvPvR.exe
308	jjVSbKK.exe
2024	zBkBEcn.exe
2780	LhYEGCY.exe
2484	pbRGopB.exe
692	iigkBkl.exe
2456	Vvyemmp.exe
2988	LXTfLdt.exe
1160	BMDkYzv.exe
544	DbGNZRa.exe
596	IFtDnVc.exe
2144	gbOXuTk.exe
1672	zaROHNC.exe
1936	vfLYxwc.exe
1376	LBlNcuM.exe
2776	UlQiZsc.exe
1668	ljPqioO.exe
1552	fLuaEQD.exe
788	EROCBGu.exe
1212	vCeyHQb.exe
1688	mhTMQJT.exe
1100	JFvUPao.exe
2912	NURIqPi.exe
1324	fpHkKvC.exe
2148	pEVUDeo.exe
2128	apBbBZy.exe
560	wqRqglu.exe
608	clxntjf.exe
1888	RLeCGkh.exe
892	TImbZMr.exe
2164	pDVrRca.exe
1868	VAcBdvN.exe
2280	albfxhk.exe
1784	zDzUgEr.exe
2292	ryWRRdj.exe
2816	mfWnvlE.exe
3020	sOkKfHT.exe
1276	SJZXWKm.exe
2944	JEdPTlK.exe
2308	acvfPgC.exe
2300	QccoJlj.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-1-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/1984-9-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0008000000016890-10.dat	upx
behavioral1/memory/1988-14-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0008000000016b86-15.dat	upx
behavioral1/files/0x0008000000016c89-22.dat	upx
behavioral1/memory/1860-25-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2580-21-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1860-34-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0008000000016ca0-33.dat	upx
behavioral1/files/0x0007000000016cf0-35.dat	upx
behavioral1/memory/2932-39-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/1988-43-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-45.dat	upx
behavioral1/files/0x00080000000164de-57.dat	upx
behavioral1/memory/2640-73-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000018697-78.dat	upx
behavioral1/files/0x000d000000018683-86.dat	upx
behavioral1/memory/2612-87-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2508-105-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x000500000001871c-109.dat	upx
behavioral1/files/0x0006000000018d7b-125.dat	upx
behavioral1/files/0x0006000000018d83-130.dat	upx
behavioral1/files/0x0006000000018fdf-135.dat	upx
behavioral1/files/0x0005000000019261-158.dat	upx
behavioral1/files/0x0005000000019299-175.dat	upx
behavioral1/files/0x000500000001938e-195.dat	upx
behavioral1/memory/2640-218-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2508-1297-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2800-972-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2612-668-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2784-557-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019358-190.dat	upx
behavioral1/files/0x00050000000192a1-181.dat	upx
behavioral1/files/0x0005000000019354-185.dat	upx
behavioral1/files/0x000500000001927a-171.dat	upx
behavioral1/files/0x0005000000019274-165.dat	upx
behavioral1/files/0x000500000001924f-155.dat	upx
behavioral1/files/0x0005000000019237-150.dat	upx
behavioral1/files/0x0005000000019203-145.dat	upx
behavioral1/files/0x0006000000019056-140.dat	upx
behavioral1/files/0x0006000000018be7-120.dat	upx
behavioral1/files/0x0005000000018745-114.dat	upx
behavioral1/memory/2800-95-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000018706-93.dat	upx
behavioral1/files/0x000500000001870c-103.dat	upx
behavioral1/memory/1236-99-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x0007000000016d4c-53.dat	upx
behavioral1/memory/2784-82-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2932-79-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2956-72-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2880-70-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2704-69-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0009000000016d68-65.dat	upx
behavioral1/memory/1816-63-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2580-48-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1236-60-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1988-3652-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2580-3661-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1984-3660-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1816-3653-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2932-3753-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2956-3770-0x000000013FF10000-0x0000000140264000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JCcaAEI.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpDIqcH.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHdjGTA.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAPybem.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihwitQF.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNABgBL.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbPlCbH.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbxqFgY.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFstbjo.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlIexoG.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxTDpJQ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtIiWUC.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qkffner.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWitBHq.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovkeBeT.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIiGqQW.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLOkNaS.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGWbSXg.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpvZMch.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjjDxiL.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKmKWyI.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcGOPwJ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdzbCQm.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdphjUh.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAGdKUl.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQngToL.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciyeVAm.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCsGvmH.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHuwVBY.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEcTmPz.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxeveNS.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKfnSEc.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuvPnoc.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYAOChZ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvlIwyA.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWiSQwa.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQHJeOA.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsfEFoD.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbMhvwJ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIglMBh.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ixiiboy.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycNbjvQ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNiGvQg.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjUbifl.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmxJOkg.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQOWesO.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxSZVoY.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUfYtGf.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INxszcX.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnsTwQA.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPejTQj.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvTVPOP.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiPZxYS.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPeieaJ.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZbhCuI.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkZLMdj.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkxDpHy.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toddtqC.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvaNHzn.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGlOpZy.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFeoKHb.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQyVyyH.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfZqseo.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FerYNpw.exe	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1984	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 1984	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 1984	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1860 wrote to memory of 1988	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 1988	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 1988	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1860 wrote to memory of 2580	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2580	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2580	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 1816	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1816	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1816	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 2956	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2956	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2956	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 2932	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2932	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2932	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2880	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2880	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2880	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 1236	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 1236	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 1236	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2640	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2640	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2640	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2704	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2704	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2704	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2612	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2612	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2612	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2784	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2784	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2784	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2800	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2800	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2800	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 2508	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2508	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2508	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2424	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2424	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2424	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 764	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 764	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 764	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 1772	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1772	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1772	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1052	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1052	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1052	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1624	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1624	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1624	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 1472	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1472	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1472	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 1124	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1124	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1124	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 1436	1860	2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_2b6ca2737808332e8ed02ca6ef866204_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\System\eNABgBL.exe
  C:\Windows\System\eNABgBL.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\jhRmsqk.exe
  C:\Windows\System\jhRmsqk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\UrBGHfP.exe
  C:\Windows\System\UrBGHfP.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\jaXSPCY.exe
  C:\Windows\System\jaXSPCY.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\CyWIdOl.exe
  C:\Windows\System\CyWIdOl.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\KPeieaJ.exe
  C:\Windows\System\KPeieaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\lfpfafj.exe
  C:\Windows\System\lfpfafj.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\scAKcuq.exe
  C:\Windows\System\scAKcuq.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\HjItnZQ.exe
  C:\Windows\System\HjItnZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\kPpBlYF.exe
  C:\Windows\System\kPpBlYF.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\DnqZjfQ.exe
  C:\Windows\System\DnqZjfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\jWUphum.exe
  C:\Windows\System\jWUphum.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\sKfNKki.exe
  C:\Windows\System\sKfNKki.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\fBsiDKh.exe
  C:\Windows\System\fBsiDKh.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\PSKzmFO.exe
  C:\Windows\System\PSKzmFO.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\AMyDDap.exe
  C:\Windows\System\AMyDDap.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\iRQYwMW.exe
  C:\Windows\System\iRQYwMW.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\nGEJxzj.exe
  C:\Windows\System\nGEJxzj.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\GrtJdup.exe
  C:\Windows\System\GrtJdup.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\dwwCFbx.exe
  C:\Windows\System\dwwCFbx.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\BjjDxiL.exe
  C:\Windows\System\BjjDxiL.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\kQrlPUq.exe
  C:\Windows\System\kQrlPUq.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\kEfPwlw.exe
  C:\Windows\System\kEfPwlw.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\JhzvPvR.exe
  C:\Windows\System\JhzvPvR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\jjVSbKK.exe
  C:\Windows\System\jjVSbKK.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\zBkBEcn.exe
  C:\Windows\System\zBkBEcn.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\LhYEGCY.exe
  C:\Windows\System\LhYEGCY.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\pbRGopB.exe
  C:\Windows\System\pbRGopB.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\iigkBkl.exe
  C:\Windows\System\iigkBkl.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\Vvyemmp.exe
  C:\Windows\System\Vvyemmp.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\LXTfLdt.exe
  C:\Windows\System\LXTfLdt.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\BMDkYzv.exe
  C:\Windows\System\BMDkYzv.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\DbGNZRa.exe
  C:\Windows\System\DbGNZRa.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\IFtDnVc.exe
  C:\Windows\System\IFtDnVc.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\gbOXuTk.exe
  C:\Windows\System\gbOXuTk.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\zaROHNC.exe
  C:\Windows\System\zaROHNC.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\vfLYxwc.exe
  C:\Windows\System\vfLYxwc.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\LBlNcuM.exe
  C:\Windows\System\LBlNcuM.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\UlQiZsc.exe
  C:\Windows\System\UlQiZsc.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ljPqioO.exe
  C:\Windows\System\ljPqioO.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\fLuaEQD.exe
  C:\Windows\System\fLuaEQD.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\EROCBGu.exe
  C:\Windows\System\EROCBGu.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\vCeyHQb.exe
  C:\Windows\System\vCeyHQb.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\mhTMQJT.exe
  C:\Windows\System\mhTMQJT.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\JFvUPao.exe
  C:\Windows\System\JFvUPao.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\NURIqPi.exe
  C:\Windows\System\NURIqPi.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\fpHkKvC.exe
  C:\Windows\System\fpHkKvC.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\pEVUDeo.exe
  C:\Windows\System\pEVUDeo.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\apBbBZy.exe
  C:\Windows\System\apBbBZy.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\wqRqglu.exe
  C:\Windows\System\wqRqglu.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\clxntjf.exe
  C:\Windows\System\clxntjf.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\RLeCGkh.exe
  C:\Windows\System\RLeCGkh.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\TImbZMr.exe
  C:\Windows\System\TImbZMr.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\pDVrRca.exe
  C:\Windows\System\pDVrRca.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\VAcBdvN.exe
  C:\Windows\System\VAcBdvN.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\albfxhk.exe
  C:\Windows\System\albfxhk.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\zDzUgEr.exe
  C:\Windows\System\zDzUgEr.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ryWRRdj.exe
  C:\Windows\System\ryWRRdj.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\mfWnvlE.exe
  C:\Windows\System\mfWnvlE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\sOkKfHT.exe
  C:\Windows\System\sOkKfHT.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\SJZXWKm.exe
  C:\Windows\System\SJZXWKm.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\JEdPTlK.exe
  C:\Windows\System\JEdPTlK.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\acvfPgC.exe
  C:\Windows\System\acvfPgC.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\QccoJlj.exe
  C:\Windows\System\QccoJlj.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\EBTzLQw.exe
  C:\Windows\System\EBTzLQw.exe
  2⤵
  PID:1268
- C:\Windows\System\pjElegU.exe
  C:\Windows\System\pjElegU.exe
  2⤵
  PID:2996
- C:\Windows\System\aybZXoO.exe
  C:\Windows\System\aybZXoO.exe
  2⤵
  PID:2340
- C:\Windows\System\zGDcMIw.exe
  C:\Windows\System\zGDcMIw.exe
  2⤵
  PID:2624
- C:\Windows\System\EFuxsnj.exe
  C:\Windows\System\EFuxsnj.exe
  2⤵
  PID:2696
- C:\Windows\System\VarFyxm.exe
  C:\Windows\System\VarFyxm.exe
  2⤵
  PID:2560
- C:\Windows\System\tXdCYrQ.exe
  C:\Windows\System\tXdCYrQ.exe
  2⤵
  PID:3012
- C:\Windows\System\BrwRnRc.exe
  C:\Windows\System\BrwRnRc.exe
  2⤵
  PID:852
- C:\Windows\System\nlBtias.exe
  C:\Windows\System\nlBtias.exe
  2⤵
  PID:1380
- C:\Windows\System\xefyPuT.exe
  C:\Windows\System\xefyPuT.exe
  2⤵
  PID:1680
- C:\Windows\System\uTVHQZV.exe
  C:\Windows\System\uTVHQZV.exe
  2⤵
  PID:1952
- C:\Windows\System\IwxkHZS.exe
  C:\Windows\System\IwxkHZS.exe
  2⤵
  PID:1948
- C:\Windows\System\uiiocNO.exe
  C:\Windows\System\uiiocNO.exe
  2⤵
  PID:1776
- C:\Windows\System\IJimidk.exe
  C:\Windows\System\IJimidk.exe
  2⤵
  PID:2752
- C:\Windows\System\gmdexWc.exe
  C:\Windows\System\gmdexWc.exe
  2⤵
  PID:2772
- C:\Windows\System\UjFvpvg.exe
  C:\Windows\System\UjFvpvg.exe
  2⤵
  PID:2832
- C:\Windows\System\QqDSYPL.exe
  C:\Windows\System\QqDSYPL.exe
  2⤵
  PID:1008
- C:\Windows\System\GoQttXQ.exe
  C:\Windows\System\GoQttXQ.exe
  2⤵
  PID:1872
- C:\Windows\System\kAOwtMr.exe
  C:\Windows\System\kAOwtMr.exe
  2⤵
  PID:796
- C:\Windows\System\QTlxtff.exe
  C:\Windows\System\QTlxtff.exe
  2⤵
  PID:936
- C:\Windows\System\zRuZwhl.exe
  C:\Windows\System\zRuZwhl.exe
  2⤵
  PID:1232
- C:\Windows\System\oAAAFms.exe
  C:\Windows\System\oAAAFms.exe
  2⤵
  PID:2060
- C:\Windows\System\uWBSEqv.exe
  C:\Windows\System\uWBSEqv.exe
  2⤵
  PID:2404
- C:\Windows\System\XcbNooA.exe
  C:\Windows\System\XcbNooA.exe
  2⤵
  PID:916
- C:\Windows\System\KjTDkbM.exe
  C:\Windows\System\KjTDkbM.exe
  2⤵
  PID:1692
- C:\Windows\System\TufNJez.exe
  C:\Windows\System\TufNJez.exe
  2⤵
  PID:2384
- C:\Windows\System\YiIZKjI.exe
  C:\Windows\System\YiIZKjI.exe
  2⤵
  PID:2848
- C:\Windows\System\oWgBstq.exe
  C:\Windows\System\oWgBstq.exe
  2⤵
  PID:2256
- C:\Windows\System\xNvdWDa.exe
  C:\Windows\System\xNvdWDa.exe
  2⤵
  PID:900
- C:\Windows\System\oltKHeG.exe
  C:\Windows\System\oltKHeG.exe
  2⤵
  PID:2064
- C:\Windows\System\xcClLtU.exe
  C:\Windows\System\xcClLtU.exe
  2⤵
  PID:1724
- C:\Windows\System\aNhRvhL.exe
  C:\Windows\System\aNhRvhL.exe
  2⤵
  PID:2264
- C:\Windows\System\xvfhlSq.exe
  C:\Windows\System\xvfhlSq.exe
  2⤵
  PID:2820
- C:\Windows\System\TgLcHZl.exe
  C:\Windows\System\TgLcHZl.exe
  2⤵
  PID:2936
- C:\Windows\System\bIzlEjX.exe
  C:\Windows\System\bIzlEjX.exe
  2⤵
  PID:3032
- C:\Windows\System\nWntFlJ.exe
  C:\Windows\System\nWntFlJ.exe
  2⤵
  PID:2392
- C:\Windows\System\sGkuDPc.exe
  C:\Windows\System\sGkuDPc.exe
  2⤵
  PID:2120
- C:\Windows\System\OMdJpzM.exe
  C:\Windows\System\OMdJpzM.exe
  2⤵
  PID:2688
- C:\Windows\System\ejVACgL.exe
  C:\Windows\System\ejVACgL.exe
  2⤵
  PID:2572
- C:\Windows\System\svCnXJw.exe
  C:\Windows\System\svCnXJw.exe
  2⤵
  PID:2716
- C:\Windows\System\VcfZpct.exe
  C:\Windows\System\VcfZpct.exe
  2⤵
  PID:1148
- C:\Windows\System\UIFcupW.exe
  C:\Windows\System\UIFcupW.exe
  2⤵
  PID:1620
- C:\Windows\System\FOugEKi.exe
  C:\Windows\System\FOugEKi.exe
  2⤵
  PID:1388
- C:\Windows\System\tBtNhbU.exe
  C:\Windows\System\tBtNhbU.exe
  2⤵
  PID:2736
- C:\Windows\System\nKtVjxM.exe
  C:\Windows\System\nKtVjxM.exe
  2⤵
  PID:2756
- C:\Windows\System\IjXDTmG.exe
  C:\Windows\System\IjXDTmG.exe
  2⤵
  PID:612
- C:\Windows\System\UphEKVU.exe
  C:\Windows\System\UphEKVU.exe
  2⤵
  PID:2760
- C:\Windows\System\VWlAFbW.exe
  C:\Windows\System\VWlAFbW.exe
  2⤵
  PID:956
- C:\Windows\System\UKvSCNj.exe
  C:\Windows\System\UKvSCNj.exe
  2⤵
  PID:1068
- C:\Windows\System\oaAEdIk.exe
  C:\Windows\System\oaAEdIk.exe
  2⤵
  PID:1516
- C:\Windows\System\WbMhvwJ.exe
  C:\Windows\System\WbMhvwJ.exe
  2⤵
  PID:1684
- C:\Windows\System\YSWGzaj.exe
  C:\Windows\System\YSWGzaj.exe
  2⤵
  PID:2372
- C:\Windows\System\wOnmEkT.exe
  C:\Windows\System\wOnmEkT.exe
  2⤵
  PID:1256
- C:\Windows\System\tgtiXZf.exe
  C:\Windows\System\tgtiXZf.exe
  2⤵
  PID:2196
- C:\Windows\System\FJaTYQy.exe
  C:\Windows\System\FJaTYQy.exe
  2⤵
  PID:1608
- C:\Windows\System\lSnXwQE.exe
  C:\Windows\System\lSnXwQE.exe
  2⤵
  PID:2008
- C:\Windows\System\gGELfZT.exe
  C:\Windows\System\gGELfZT.exe
  2⤵
  PID:1828
- C:\Windows\System\aCXyNnS.exe
  C:\Windows\System\aCXyNnS.exe
  2⤵
  PID:2332
- C:\Windows\System\SErgLjl.exe
  C:\Windows\System\SErgLjl.exe
  2⤵
  PID:2248
- C:\Windows\System\kALYKTS.exe
  C:\Windows\System\kALYKTS.exe
  2⤵
  PID:676
- C:\Windows\System\mGYOInv.exe
  C:\Windows\System\mGYOInv.exe
  2⤵
  PID:2524
- C:\Windows\System\yVvCrJI.exe
  C:\Windows\System\yVvCrJI.exe
  2⤵
  PID:2828
- C:\Windows\System\gdhaMBQ.exe
  C:\Windows\System\gdhaMBQ.exe
  2⤵
  PID:2840
- C:\Windows\System\XRgpAwF.exe
  C:\Windows\System\XRgpAwF.exe
  2⤵
  PID:2044
- C:\Windows\System\ptTgDeQ.exe
  C:\Windows\System\ptTgDeQ.exe
  2⤵
  PID:448
- C:\Windows\System\wUKgUfJ.exe
  C:\Windows\System\wUKgUfJ.exe
  2⤵
  PID:2092
- C:\Windows\System\FofhWDJ.exe
  C:\Windows\System\FofhWDJ.exe
  2⤵
  PID:1152
- C:\Windows\System\LuugelK.exe
  C:\Windows\System\LuugelK.exe
  2⤵
  PID:2212
- C:\Windows\System\Lgcnmep.exe
  C:\Windows\System\Lgcnmep.exe
  2⤵
  PID:1928
- C:\Windows\System\XidrUrW.exe
  C:\Windows\System\XidrUrW.exe
  2⤵
  PID:2312
- C:\Windows\System\BfuTjbA.exe
  C:\Windows\System\BfuTjbA.exe
  2⤵
  PID:2052
- C:\Windows\System\sBWhmkH.exe
  C:\Windows\System\sBWhmkH.exe
  2⤵
  PID:3016
- C:\Windows\System\ccxnWqH.exe
  C:\Windows\System\ccxnWqH.exe
  2⤵
  PID:3080
- C:\Windows\System\khwzoSd.exe
  C:\Windows\System\khwzoSd.exe
  2⤵
  PID:3096
- C:\Windows\System\TCBlgcf.exe
  C:\Windows\System\TCBlgcf.exe
  2⤵
  PID:3116
- C:\Windows\System\wafIyXN.exe
  C:\Windows\System\wafIyXN.exe
  2⤵
  PID:3136
- C:\Windows\System\hhIPznO.exe
  C:\Windows\System\hhIPznO.exe
  2⤵
  PID:3168
- C:\Windows\System\BOMHOUB.exe
  C:\Windows\System\BOMHOUB.exe
  2⤵
  PID:3184
- C:\Windows\System\OrlWNNF.exe
  C:\Windows\System\OrlWNNF.exe
  2⤵
  PID:3208
- C:\Windows\System\ysqDvdE.exe
  C:\Windows\System\ysqDvdE.exe
  2⤵
  PID:3228
- C:\Windows\System\OlbfHlw.exe
  C:\Windows\System\OlbfHlw.exe
  2⤵
  PID:3248
- C:\Windows\System\bJmeZca.exe
  C:\Windows\System\bJmeZca.exe
  2⤵
  PID:3268
- C:\Windows\System\uXJYwnV.exe
  C:\Windows\System\uXJYwnV.exe
  2⤵
  PID:3288
- C:\Windows\System\abnHruk.exe
  C:\Windows\System\abnHruk.exe
  2⤵
  PID:3308
- C:\Windows\System\amAEHBn.exe
  C:\Windows\System\amAEHBn.exe
  2⤵
  PID:3328
- C:\Windows\System\XVmlkIw.exe
  C:\Windows\System\XVmlkIw.exe
  2⤵
  PID:3348
- C:\Windows\System\EVjQNqd.exe
  C:\Windows\System\EVjQNqd.exe
  2⤵
  PID:3368
- C:\Windows\System\wKnyNuU.exe
  C:\Windows\System\wKnyNuU.exe
  2⤵
  PID:3392
- C:\Windows\System\EJRxCMY.exe
  C:\Windows\System\EJRxCMY.exe
  2⤵
  PID:3412
- C:\Windows\System\IhSWBBb.exe
  C:\Windows\System\IhSWBBb.exe
  2⤵
  PID:3432
- C:\Windows\System\TeymmJU.exe
  C:\Windows\System\TeymmJU.exe
  2⤵
  PID:3452
- C:\Windows\System\SnTWOEL.exe
  C:\Windows\System\SnTWOEL.exe
  2⤵
  PID:3472
- C:\Windows\System\xQGWyjX.exe
  C:\Windows\System\xQGWyjX.exe
  2⤵
  PID:3492
- C:\Windows\System\GgUIaRJ.exe
  C:\Windows\System\GgUIaRJ.exe
  2⤵
  PID:3508
- C:\Windows\System\jPOhtkF.exe
  C:\Windows\System\jPOhtkF.exe
  2⤵
  PID:3528
- C:\Windows\System\IuCSGcf.exe
  C:\Windows\System\IuCSGcf.exe
  2⤵
  PID:3552
- C:\Windows\System\ecCSSZN.exe
  C:\Windows\System\ecCSSZN.exe
  2⤵
  PID:3572
- C:\Windows\System\DfwcOCe.exe
  C:\Windows\System\DfwcOCe.exe
  2⤵
  PID:3592
- C:\Windows\System\nATONgO.exe
  C:\Windows\System\nATONgO.exe
  2⤵
  PID:3612
- C:\Windows\System\jTlWYAi.exe
  C:\Windows\System\jTlWYAi.exe
  2⤵
  PID:3632
- C:\Windows\System\CgrHIqt.exe
  C:\Windows\System\CgrHIqt.exe
  2⤵
  PID:3652
- C:\Windows\System\NQdbcWL.exe
  C:\Windows\System\NQdbcWL.exe
  2⤵
  PID:3668
- C:\Windows\System\guuofLU.exe
  C:\Windows\System\guuofLU.exe
  2⤵
  PID:3688
- C:\Windows\System\EXQJAPT.exe
  C:\Windows\System\EXQJAPT.exe
  2⤵
  PID:3708
- C:\Windows\System\TJISsgV.exe
  C:\Windows\System\TJISsgV.exe
  2⤵
  PID:3732
- C:\Windows\System\BnTxjtm.exe
  C:\Windows\System\BnTxjtm.exe
  2⤵
  PID:3752
- C:\Windows\System\IhgigqG.exe
  C:\Windows\System\IhgigqG.exe
  2⤵
  PID:3772
- C:\Windows\System\XOghLJk.exe
  C:\Windows\System\XOghLJk.exe
  2⤵
  PID:3788
- C:\Windows\System\rzKSvec.exe
  C:\Windows\System\rzKSvec.exe
  2⤵
  PID:3808
- C:\Windows\System\rvdAqVh.exe
  C:\Windows\System\rvdAqVh.exe
  2⤵
  PID:3828
- C:\Windows\System\pjTpbFY.exe
  C:\Windows\System\pjTpbFY.exe
  2⤵
  PID:3852
- C:\Windows\System\RXfIzeE.exe
  C:\Windows\System\RXfIzeE.exe
  2⤵
  PID:3868
- C:\Windows\System\mhprhNH.exe
  C:\Windows\System\mhprhNH.exe
  2⤵
  PID:3888
- C:\Windows\System\RQSzfrX.exe
  C:\Windows\System\RQSzfrX.exe
  2⤵
  PID:3908
- C:\Windows\System\RxfPYpH.exe
  C:\Windows\System\RxfPYpH.exe
  2⤵
  PID:3932
- C:\Windows\System\OKmklif.exe
  C:\Windows\System\OKmklif.exe
  2⤵
  PID:3952
- C:\Windows\System\unqIDAA.exe
  C:\Windows\System\unqIDAA.exe
  2⤵
  PID:3972
- C:\Windows\System\INxszcX.exe
  C:\Windows\System\INxszcX.exe
  2⤵
  PID:3992
- C:\Windows\System\QOwIIco.exe
  C:\Windows\System\QOwIIco.exe
  2⤵
  PID:4012
- C:\Windows\System\jBybylk.exe
  C:\Windows\System\jBybylk.exe
  2⤵
  PID:4032
- C:\Windows\System\wWjpNxY.exe
  C:\Windows\System\wWjpNxY.exe
  2⤵
  PID:4052
- C:\Windows\System\qSrWFPw.exe
  C:\Windows\System\qSrWFPw.exe
  2⤵
  PID:4072
- C:\Windows\System\UTnRiNn.exe
  C:\Windows\System\UTnRiNn.exe
  2⤵
  PID:4092
- C:\Windows\System\JfnUmig.exe
  C:\Windows\System\JfnUmig.exe
  2⤵
  PID:2532
- C:\Windows\System\rfileCx.exe
  C:\Windows\System\rfileCx.exe
  2⤵
  PID:2232
- C:\Windows\System\mvbsUcp.exe
  C:\Windows\System\mvbsUcp.exe
  2⤵
  PID:1760
- C:\Windows\System\WsnLDaN.exe
  C:\Windows\System\WsnLDaN.exe
  2⤵
  PID:1576
- C:\Windows\System\RoCCzAj.exe
  C:\Windows\System\RoCCzAj.exe
  2⤵
  PID:2948
- C:\Windows\System\OTcvSnu.exe
  C:\Windows\System\OTcvSnu.exe
  2⤵
  PID:2328
- C:\Windows\System\xRGGxfr.exe
  C:\Windows\System\xRGGxfr.exe
  2⤵
  PID:2428
- C:\Windows\System\quCNBmY.exe
  C:\Windows\System\quCNBmY.exe
  2⤵
  PID:2216
- C:\Windows\System\qITSKxi.exe
  C:\Windows\System\qITSKxi.exe
  2⤵
  PID:2084
- C:\Windows\System\oGFoTiA.exe
  C:\Windows\System\oGFoTiA.exe
  2⤵
  PID:3192
- C:\Windows\System\ezwGjgw.exe
  C:\Windows\System\ezwGjgw.exe
  2⤵
  PID:3176
- C:\Windows\System\hdwKTma.exe
  C:\Windows\System\hdwKTma.exe
  2⤵
  PID:3220
- C:\Windows\System\JCgAglu.exe
  C:\Windows\System\JCgAglu.exe
  2⤵
  PID:3276
- C:\Windows\System\QcPsUpA.exe
  C:\Windows\System\QcPsUpA.exe
  2⤵
  PID:3320
- C:\Windows\System\cnjdZzA.exe
  C:\Windows\System\cnjdZzA.exe
  2⤵
  PID:3300
- C:\Windows\System\FhRXoYd.exe
  C:\Windows\System\FhRXoYd.exe
  2⤵
  PID:3364
- C:\Windows\System\wWSzzdy.exe
  C:\Windows\System\wWSzzdy.exe
  2⤵
  PID:3420
- C:\Windows\System\abxOEGH.exe
  C:\Windows\System\abxOEGH.exe
  2⤵
  PID:3424
- C:\Windows\System\JAGXkVy.exe
  C:\Windows\System\JAGXkVy.exe
  2⤵
  PID:3488
- C:\Windows\System\qpWpTbV.exe
  C:\Windows\System\qpWpTbV.exe
  2⤵
  PID:3468
- C:\Windows\System\idyHxQg.exe
  C:\Windows\System\idyHxQg.exe
  2⤵
  PID:3504
- C:\Windows\System\McQZeOT.exe
  C:\Windows\System\McQZeOT.exe
  2⤵
  PID:3544
- C:\Windows\System\SRLvwip.exe
  C:\Windows\System\SRLvwip.exe
  2⤵
  PID:3588
- C:\Windows\System\TCKQbrr.exe
  C:\Windows\System\TCKQbrr.exe
  2⤵
  PID:3644
- C:\Windows\System\kUSeGUr.exe
  C:\Windows\System\kUSeGUr.exe
  2⤵
  PID:3680
- C:\Windows\System\EfBPJua.exe
  C:\Windows\System\EfBPJua.exe
  2⤵
  PID:3728
- C:\Windows\System\iPNgBRj.exe
  C:\Windows\System\iPNgBRj.exe
  2⤵
  PID:3700
- C:\Windows\System\mhGcoil.exe
  C:\Windows\System\mhGcoil.exe
  2⤵
  PID:3796
- C:\Windows\System\SHdAhFV.exe
  C:\Windows\System\SHdAhFV.exe
  2⤵
  PID:3800
- C:\Windows\System\mLnKbEX.exe
  C:\Windows\System\mLnKbEX.exe
  2⤵
  PID:3844
- C:\Windows\System\jsjaZRY.exe
  C:\Windows\System\jsjaZRY.exe
  2⤵
  PID:3824
- C:\Windows\System\bBEDNMY.exe
  C:\Windows\System\bBEDNMY.exe
  2⤵
  PID:3916
- C:\Windows\System\UtPyhPd.exe
  C:\Windows\System\UtPyhPd.exe
  2⤵
  PID:3924
- C:\Windows\System\YyvTCZV.exe
  C:\Windows\System\YyvTCZV.exe
  2⤵
  PID:3900
- C:\Windows\System\ptgNOIL.exe
  C:\Windows\System\ptgNOIL.exe
  2⤵
  PID:2504
- C:\Windows\System\dqTMwux.exe
  C:\Windows\System\dqTMwux.exe
  2⤵
  PID:4008
- C:\Windows\System\EpNHkQT.exe
  C:\Windows\System\EpNHkQT.exe
  2⤵
  PID:4044
- C:\Windows\System\WrdiWgn.exe
  C:\Windows\System\WrdiWgn.exe
  2⤵
  PID:4080
- C:\Windows\System\xdblBVo.exe
  C:\Windows\System\xdblBVo.exe
  2⤵
  PID:4060
- C:\Windows\System\RCFEGOy.exe
  C:\Windows\System\RCFEGOy.exe
  2⤵
  PID:1076
- C:\Windows\System\yRIFwxG.exe
  C:\Windows\System\yRIFwxG.exe
  2⤵
  PID:1596
- C:\Windows\System\NhmVKOu.exe
  C:\Windows\System\NhmVKOu.exe
  2⤵
  PID:1700
- C:\Windows\System\ryyQsxY.exe
  C:\Windows\System\ryyQsxY.exe
  2⤵
  PID:1556
- C:\Windows\System\BDUKrCM.exe
  C:\Windows\System\BDUKrCM.exe
  2⤵
  PID:3128
- C:\Windows\System\ZqpjgKr.exe
  C:\Windows\System\ZqpjgKr.exe
  2⤵
  PID:3164
- C:\Windows\System\lIOJRCU.exe
  C:\Windows\System\lIOJRCU.exe
  2⤵
  PID:3224
- C:\Windows\System\hsIXMnD.exe
  C:\Windows\System\hsIXMnD.exe
  2⤵
  PID:3324
- C:\Windows\System\JndogCL.exe
  C:\Windows\System\JndogCL.exe
  2⤵
  PID:3340
- C:\Windows\System\pAbnSen.exe
  C:\Windows\System\pAbnSen.exe
  2⤵
  PID:3304
- C:\Windows\System\JGCLvEt.exe
  C:\Windows\System\JGCLvEt.exe
  2⤵
  PID:3440
- C:\Windows\System\BjUOTCv.exe
  C:\Windows\System\BjUOTCv.exe
  2⤵
  PID:3524
- C:\Windows\System\OlqNqlb.exe
  C:\Windows\System\OlqNqlb.exe
  2⤵
  PID:3500
- C:\Windows\System\kPZoQBG.exe
  C:\Windows\System\kPZoQBG.exe
  2⤵
  PID:3608
- C:\Windows\System\cFYjKAl.exe
  C:\Windows\System\cFYjKAl.exe
  2⤵
  PID:3620
- C:\Windows\System\dWiSQwa.exe
  C:\Windows\System\dWiSQwa.exe
  2⤵
  PID:2636
- C:\Windows\System\XpbhoQS.exe
  C:\Windows\System\XpbhoQS.exe
  2⤵
  PID:3768
- C:\Windows\System\ogPtByN.exe
  C:\Windows\System\ogPtByN.exe
  2⤵
  PID:3744
- C:\Windows\System\WLIDVuh.exe
  C:\Windows\System\WLIDVuh.exe
  2⤵
  PID:3880
- C:\Windows\System\XwrUxqN.exe
  C:\Windows\System\XwrUxqN.exe
  2⤵
  PID:3820
- C:\Windows\System\QgrLGTO.exe
  C:\Windows\System\QgrLGTO.exe
  2⤵
  PID:3860
- C:\Windows\System\aojCsCh.exe
  C:\Windows\System\aojCsCh.exe
  2⤵
  PID:2628
- C:\Windows\System\kIetwcl.exe
  C:\Windows\System\kIetwcl.exe
  2⤵
  PID:2520
- C:\Windows\System\MMBvNIg.exe
  C:\Windows\System\MMBvNIg.exe
  2⤵
  PID:2156
- C:\Windows\System\nCpHlJu.exe
  C:\Windows\System\nCpHlJu.exe
  2⤵
  PID:4084
- C:\Windows\System\EUTvgHs.exe
  C:\Windows\System\EUTvgHs.exe
  2⤵
  PID:2032
- C:\Windows\System\iCKkMSD.exe
  C:\Windows\System\iCKkMSD.exe
  2⤵
  PID:3024
- C:\Windows\System\WqfvsOk.exe
  C:\Windows\System\WqfvsOk.exe
  2⤵
  PID:3236
- C:\Windows\System\gciHPyN.exe
  C:\Windows\System\gciHPyN.exe
  2⤵
  PID:3256
- C:\Windows\System\kHrrFBS.exe
  C:\Windows\System\kHrrFBS.exe
  2⤵
  PID:3336
- C:\Windows\System\fepYugj.exe
  C:\Windows\System\fepYugj.exe
  2⤵
  PID:3384
- C:\Windows\System\wkhxWUV.exe
  C:\Windows\System\wkhxWUV.exe
  2⤵
  PID:3568
- C:\Windows\System\tqPJcbo.exe
  C:\Windows\System\tqPJcbo.exe
  2⤵
  PID:3564
- C:\Windows\System\xLcWPQi.exe
  C:\Windows\System\xLcWPQi.exe
  2⤵
  PID:3764
- C:\Windows\System\GTROwDk.exe
  C:\Windows\System\GTROwDk.exe
  2⤵
  PID:3664
- C:\Windows\System\fJbMVUZ.exe
  C:\Windows\System\fJbMVUZ.exe
  2⤵
  PID:3960
- C:\Windows\System\scXEKrD.exe
  C:\Windows\System\scXEKrD.exe
  2⤵
  PID:3928
- C:\Windows\System\jDnoCLm.exe
  C:\Windows\System\jDnoCLm.exe
  2⤵
  PID:3988
- C:\Windows\System\sqxivro.exe
  C:\Windows\System\sqxivro.exe
  2⤵
  PID:4108
- C:\Windows\System\mZxPVJc.exe
  C:\Windows\System\mZxPVJc.exe
  2⤵
  PID:4128
- C:\Windows\System\gCLBcBs.exe
  C:\Windows\System\gCLBcBs.exe
  2⤵
  PID:4148
- C:\Windows\System\gCCAVNG.exe
  C:\Windows\System\gCCAVNG.exe
  2⤵
  PID:4168
- C:\Windows\System\QQMBqPA.exe
  C:\Windows\System\QQMBqPA.exe
  2⤵
  PID:4188
- C:\Windows\System\xEZtQOM.exe
  C:\Windows\System\xEZtQOM.exe
  2⤵
  PID:4208
- C:\Windows\System\XcbWHkj.exe
  C:\Windows\System\XcbWHkj.exe
  2⤵
  PID:4228
- C:\Windows\System\HAorWEF.exe
  C:\Windows\System\HAorWEF.exe
  2⤵
  PID:4248
- C:\Windows\System\hQRxMud.exe
  C:\Windows\System\hQRxMud.exe
  2⤵
  PID:4268
- C:\Windows\System\eoWoydc.exe
  C:\Windows\System\eoWoydc.exe
  2⤵
  PID:4288
- C:\Windows\System\htyYhwH.exe
  C:\Windows\System\htyYhwH.exe
  2⤵
  PID:4308
- C:\Windows\System\iStwzhp.exe
  C:\Windows\System\iStwzhp.exe
  2⤵
  PID:4328
- C:\Windows\System\GvAVXUq.exe
  C:\Windows\System\GvAVXUq.exe
  2⤵
  PID:4348
- C:\Windows\System\hDlNjdo.exe
  C:\Windows\System\hDlNjdo.exe
  2⤵
  PID:4368
- C:\Windows\System\PKpaNMQ.exe
  C:\Windows\System\PKpaNMQ.exe
  2⤵
  PID:4388
- C:\Windows\System\qINWJly.exe
  C:\Windows\System\qINWJly.exe
  2⤵
  PID:4408
- C:\Windows\System\InmJdrB.exe
  C:\Windows\System\InmJdrB.exe
  2⤵
  PID:4428
- C:\Windows\System\QiCrYKm.exe
  C:\Windows\System\QiCrYKm.exe
  2⤵
  PID:4448
- C:\Windows\System\JjncDxB.exe
  C:\Windows\System\JjncDxB.exe
  2⤵
  PID:4468
- C:\Windows\System\lIcjxwv.exe
  C:\Windows\System\lIcjxwv.exe
  2⤵
  PID:4488
- C:\Windows\System\TPTQtro.exe
  C:\Windows\System\TPTQtro.exe
  2⤵
  PID:4508
- C:\Windows\System\fncHEik.exe
  C:\Windows\System\fncHEik.exe
  2⤵
  PID:4528
- C:\Windows\System\WWEcuHw.exe
  C:\Windows\System\WWEcuHw.exe
  2⤵
  PID:4548
- C:\Windows\System\CvPgeaM.exe
  C:\Windows\System\CvPgeaM.exe
  2⤵
  PID:4568
- C:\Windows\System\DyokeOT.exe
  C:\Windows\System\DyokeOT.exe
  2⤵
  PID:4588
- C:\Windows\System\YOuGINC.exe
  C:\Windows\System\YOuGINC.exe
  2⤵
  PID:4612
- C:\Windows\System\RkuKOxr.exe
  C:\Windows\System\RkuKOxr.exe
  2⤵
  PID:4632
- C:\Windows\System\whvqyGh.exe
  C:\Windows\System\whvqyGh.exe
  2⤵
  PID:4652
- C:\Windows\System\nSyHbsE.exe
  C:\Windows\System\nSyHbsE.exe
  2⤵
  PID:4672
- C:\Windows\System\MAUWKzV.exe
  C:\Windows\System\MAUWKzV.exe
  2⤵
  PID:4692
- C:\Windows\System\Corfona.exe
  C:\Windows\System\Corfona.exe
  2⤵
  PID:4712
- C:\Windows\System\IIctUWc.exe
  C:\Windows\System\IIctUWc.exe
  2⤵
  PID:4732
- C:\Windows\System\TYwqLEe.exe
  C:\Windows\System\TYwqLEe.exe
  2⤵
  PID:4752
- C:\Windows\System\SNbUoZB.exe
  C:\Windows\System\SNbUoZB.exe
  2⤵
  PID:4776
- C:\Windows\System\PQQbcck.exe
  C:\Windows\System\PQQbcck.exe
  2⤵
  PID:4796
- C:\Windows\System\KMrXvSs.exe
  C:\Windows\System\KMrXvSs.exe
  2⤵
  PID:4816
- C:\Windows\System\AVlgeTn.exe
  C:\Windows\System\AVlgeTn.exe
  2⤵
  PID:4836
- C:\Windows\System\rNrfyCD.exe
  C:\Windows\System\rNrfyCD.exe
  2⤵
  PID:4856
- C:\Windows\System\GJufiMx.exe
  C:\Windows\System\GJufiMx.exe
  2⤵
  PID:4876
- C:\Windows\System\AukwtGC.exe
  C:\Windows\System\AukwtGC.exe
  2⤵
  PID:4896
- C:\Windows\System\RGAAgJa.exe
  C:\Windows\System\RGAAgJa.exe
  2⤵
  PID:4916
- C:\Windows\System\xftBEqx.exe
  C:\Windows\System\xftBEqx.exe
  2⤵
  PID:4936
- C:\Windows\System\ydDfRry.exe
  C:\Windows\System\ydDfRry.exe
  2⤵
  PID:4956
- C:\Windows\System\ayRDzRj.exe
  C:\Windows\System\ayRDzRj.exe
  2⤵
  PID:4976
- C:\Windows\System\YSJiXpf.exe
  C:\Windows\System\YSJiXpf.exe
  2⤵
  PID:4996
- C:\Windows\System\pYIGkcC.exe
  C:\Windows\System\pYIGkcC.exe
  2⤵
  PID:5016
- C:\Windows\System\XUzoSJW.exe
  C:\Windows\System\XUzoSJW.exe
  2⤵
  PID:5036
- C:\Windows\System\aiHiGJD.exe
  C:\Windows\System\aiHiGJD.exe
  2⤵
  PID:5056
- C:\Windows\System\fGpzBno.exe
  C:\Windows\System\fGpzBno.exe
  2⤵
  PID:5076
- C:\Windows\System\nGazsmM.exe
  C:\Windows\System\nGazsmM.exe
  2⤵
  PID:5096
- C:\Windows\System\IUGcMCK.exe
  C:\Windows\System\IUGcMCK.exe
  2⤵
  PID:5116
- C:\Windows\System\shYsgAD.exe
  C:\Windows\System\shYsgAD.exe
  2⤵
  PID:3984
- C:\Windows\System\Tspzhoi.exe
  C:\Windows\System\Tspzhoi.exe
  2⤵
  PID:1528
- C:\Windows\System\OuvlYre.exe
  C:\Windows\System\OuvlYre.exe
  2⤵
  PID:3156
- C:\Windows\System\JFyIZYn.exe
  C:\Windows\System\JFyIZYn.exe
  2⤵
  PID:3400
- C:\Windows\System\wlSATzV.exe
  C:\Windows\System\wlSATzV.exe
  2⤵
  PID:3540
- C:\Windows\System\vffzvYP.exe
  C:\Windows\System\vffzvYP.exe
  2⤵
  PID:3604
- C:\Windows\System\szaUumc.exe
  C:\Windows\System\szaUumc.exe
  2⤵
  PID:3760
- C:\Windows\System\lFIBmpl.exe
  C:\Windows\System\lFIBmpl.exe
  2⤵
  PID:3864
- C:\Windows\System\kveIKXs.exe
  C:\Windows\System\kveIKXs.exe
  2⤵
  PID:4104
- C:\Windows\System\TTbQtNc.exe
  C:\Windows\System\TTbQtNc.exe
  2⤵
  PID:2804
- C:\Windows\System\ZMLLvcY.exe
  C:\Windows\System\ZMLLvcY.exe
  2⤵
  PID:4140
- C:\Windows\System\HvqLCsP.exe
  C:\Windows\System\HvqLCsP.exe
  2⤵
  PID:4160
- C:\Windows\System\HTCEweX.exe
  C:\Windows\System\HTCEweX.exe
  2⤵
  PID:4196
- C:\Windows\System\fEIaMsn.exe
  C:\Windows\System\fEIaMsn.exe
  2⤵
  PID:4236
- C:\Windows\System\uByclcA.exe
  C:\Windows\System\uByclcA.exe
  2⤵
  PID:4260
- C:\Windows\System\mfQYMTk.exe
  C:\Windows\System\mfQYMTk.exe
  2⤵
  PID:4300
- C:\Windows\System\LoOclBJ.exe
  C:\Windows\System\LoOclBJ.exe
  2⤵
  PID:4340
- C:\Windows\System\kchsTky.exe
  C:\Windows\System\kchsTky.exe
  2⤵
  PID:4384
- C:\Windows\System\toddtqC.exe
  C:\Windows\System\toddtqC.exe
  2⤵
  PID:4416
- C:\Windows\System\nAZpwZM.exe
  C:\Windows\System\nAZpwZM.exe
  2⤵
  PID:4420
- C:\Windows\System\OzJPiOn.exe
  C:\Windows\System\OzJPiOn.exe
  2⤵
  PID:2136
- C:\Windows\System\qGzsLlx.exe
  C:\Windows\System\qGzsLlx.exe
  2⤵
  PID:4476
- C:\Windows\System\fHxlhus.exe
  C:\Windows\System\fHxlhus.exe
  2⤵
  PID:4536
- C:\Windows\System\RaxcfKH.exe
  C:\Windows\System\RaxcfKH.exe
  2⤵
  PID:4540
- C:\Windows\System\cFdzRRy.exe
  C:\Windows\System\cFdzRRy.exe
  2⤵
  PID:4560
- C:\Windows\System\fumgpnm.exe
  C:\Windows\System\fumgpnm.exe
  2⤵
  PID:2680
- C:\Windows\System\jbBsHYk.exe
  C:\Windows\System\jbBsHYk.exe
  2⤵
  PID:4668
- C:\Windows\System\gwNCjyl.exe
  C:\Windows\System\gwNCjyl.exe
  2⤵
  PID:4708
- C:\Windows\System\zfksUGw.exe
  C:\Windows\System\zfksUGw.exe
  2⤵
  PID:4740
- C:\Windows\System\JsimAxK.exe
  C:\Windows\System\JsimAxK.exe
  2⤵
  PID:4744
- C:\Windows\System\uvxQjto.exe
  C:\Windows\System\uvxQjto.exe
  2⤵
  PID:4772
- C:\Windows\System\pwKuOuL.exe
  C:\Windows\System\pwKuOuL.exe
  2⤵
  PID:4812
- C:\Windows\System\PkBDgcT.exe
  C:\Windows\System\PkBDgcT.exe
  2⤵
  PID:4844
- C:\Windows\System\FzptYTP.exe
  C:\Windows\System\FzptYTP.exe
  2⤵
  PID:4904
- C:\Windows\System\kWNEMeb.exe
  C:\Windows\System\kWNEMeb.exe
  2⤵
  PID:2496
- C:\Windows\System\zwWDgEy.exe
  C:\Windows\System\zwWDgEy.exe
  2⤵
  PID:4948
- C:\Windows\System\lpodAMO.exe
  C:\Windows\System\lpodAMO.exe
  2⤵
  PID:4984
- C:\Windows\System\LnocRHq.exe
  C:\Windows\System\LnocRHq.exe
  2⤵
  PID:5024
- C:\Windows\System\luaHSpK.exe
  C:\Windows\System\luaHSpK.exe
  2⤵
  PID:5008
- C:\Windows\System\GlFIqig.exe
  C:\Windows\System\GlFIqig.exe
  2⤵
  PID:5048
- C:\Windows\System\DFsluKe.exe
  C:\Windows\System\DFsluKe.exe
  2⤵
  PID:5112
- C:\Windows\System\uWmJzGX.exe
  C:\Windows\System\uWmJzGX.exe
  2⤵
  PID:3076
- C:\Windows\System\lgmTtHz.exe
  C:\Windows\System\lgmTtHz.exe
  2⤵
  PID:2928
- C:\Windows\System\vaahvTT.exe
  C:\Windows\System\vaahvTT.exe
  2⤵
  PID:3204
- C:\Windows\System\heSnDgh.exe
  C:\Windows\System\heSnDgh.exe
  2⤵
  PID:3648
- C:\Windows\System\AGnCThW.exe
  C:\Windows\System\AGnCThW.exe
  2⤵
  PID:3684
- C:\Windows\System\wJVCslc.exe
  C:\Windows\System\wJVCslc.exe
  2⤵
  PID:4000
- C:\Windows\System\PUiZnPW.exe
  C:\Windows\System\PUiZnPW.exe
  2⤵
  PID:4176
- C:\Windows\System\nMTqyqw.exe
  C:\Windows\System\nMTqyqw.exe
  2⤵
  PID:2548
- C:\Windows\System\lTGlRzN.exe
  C:\Windows\System\lTGlRzN.exe
  2⤵
  PID:4216
- C:\Windows\System\IJfvSiq.exe
  C:\Windows\System\IJfvSiq.exe
  2⤵
  PID:2616
- C:\Windows\System\iGurkGR.exe
  C:\Windows\System\iGurkGR.exe
  2⤵
  PID:4376
- C:\Windows\System\eMXUCkq.exe
  C:\Windows\System\eMXUCkq.exe
  2⤵
  PID:4360
- C:\Windows\System\CEwUwKC.exe
  C:\Windows\System\CEwUwKC.exe
  2⤵
  PID:4464
- C:\Windows\System\IfOoMlC.exe
  C:\Windows\System\IfOoMlC.exe
  2⤵
  PID:4516
- C:\Windows\System\eUFJBAi.exe
  C:\Windows\System\eUFJBAi.exe
  2⤵
  PID:4520
- C:\Windows\System\LqbUKuW.exe
  C:\Windows\System\LqbUKuW.exe
  2⤵
  PID:4596
- C:\Windows\System\DxsBNFu.exe
  C:\Windows\System\DxsBNFu.exe
  2⤵
  PID:4660
- C:\Windows\System\rdXahVl.exe
  C:\Windows\System\rdXahVl.exe
  2⤵
  PID:4720
- C:\Windows\System\pRcXHih.exe
  C:\Windows\System\pRcXHih.exe
  2⤵
  PID:4832
- C:\Windows\System\IThWXlp.exe
  C:\Windows\System\IThWXlp.exe
  2⤵
  PID:4848
- C:\Windows\System\KRpfzRW.exe
  C:\Windows\System\KRpfzRW.exe
  2⤵
  PID:4868
- C:\Windows\System\cWeoroQ.exe
  C:\Windows\System\cWeoroQ.exe
  2⤵
  PID:2668
- C:\Windows\System\TdeFyQu.exe
  C:\Windows\System\TdeFyQu.exe
  2⤵
  PID:5072
- C:\Windows\System\vUmiVos.exe
  C:\Windows\System\vUmiVos.exe
  2⤵
  PID:2608
- C:\Windows\System\NSrCqym.exe
  C:\Windows\System\NSrCqym.exe
  2⤵
  PID:5012
- C:\Windows\System\lAlEfnL.exe
  C:\Windows\System\lAlEfnL.exe
  2⤵
  PID:5084
- C:\Windows\System\qXmYQmI.exe
  C:\Windows\System\qXmYQmI.exe
  2⤵
  PID:5092
- C:\Windows\System\eXUWwiu.exe
  C:\Windows\System\eXUWwiu.exe
  2⤵
  PID:3428
- C:\Windows\System\uQRwnmR.exe
  C:\Windows\System\uQRwnmR.exe
  2⤵
  PID:4028
- C:\Windows\System\SBuLiSj.exe
  C:\Windows\System\SBuLiSj.exe
  2⤵
  PID:2528
- C:\Windows\System\XwuNgIf.exe
  C:\Windows\System\XwuNgIf.exe
  2⤵
  PID:4324
- C:\Windows\System\yUYEnxQ.exe
  C:\Windows\System\yUYEnxQ.exe
  2⤵
  PID:4320
- C:\Windows\System\QuMGFIt.exe
  C:\Windows\System\QuMGFIt.exe
  2⤵
  PID:4404
- C:\Windows\System\ewYFECi.exe
  C:\Windows\System\ewYFECi.exe
  2⤵
  PID:2468
- C:\Windows\System\aUhxTwe.exe
  C:\Windows\System\aUhxTwe.exe
  2⤵
  PID:4620
- C:\Windows\System\BhjUpiJ.exe
  C:\Windows\System\BhjUpiJ.exe
  2⤵
  PID:4704
- C:\Windows\System\OIXpjFB.exe
  C:\Windows\System\OIXpjFB.exe
  2⤵
  PID:4792
- C:\Windows\System\wcJmhMx.exe
  C:\Windows\System\wcJmhMx.exe
  2⤵
  PID:4988
- C:\Windows\System\hXLKPLI.exe
  C:\Windows\System\hXLKPLI.exe
  2⤵
  PID:4972
- C:\Windows\System\GTrxmAK.exe
  C:\Windows\System\GTrxmAK.exe
  2⤵
  PID:5088
- C:\Windows\System\yECvXXp.exe
  C:\Windows\System\yECvXXp.exe
  2⤵
  PID:2576
- C:\Windows\System\EuiMANy.exe
  C:\Windows\System\EuiMANy.exe
  2⤵
  PID:2168
- C:\Windows\System\nBzGXNr.exe
  C:\Windows\System\nBzGXNr.exe
  2⤵
  PID:4304
- C:\Windows\System\DlBLzQB.exe
  C:\Windows\System\DlBLzQB.exe
  2⤵
  PID:4344
- C:\Windows\System\PoGwkUg.exe
  C:\Windows\System\PoGwkUg.exe
  2⤵
  PID:5132
- C:\Windows\System\zsFWrIh.exe
  C:\Windows\System\zsFWrIh.exe
  2⤵
  PID:5152
- C:\Windows\System\qavQFJj.exe
  C:\Windows\System\qavQFJj.exe
  2⤵
  PID:5172
- C:\Windows\System\tBWVRlR.exe
  C:\Windows\System\tBWVRlR.exe
  2⤵
  PID:5192
- C:\Windows\System\BcCfCUn.exe
  C:\Windows\System\BcCfCUn.exe
  2⤵
  PID:5224
- C:\Windows\System\tVutdqj.exe
  C:\Windows\System\tVutdqj.exe
  2⤵
  PID:5244
- C:\Windows\System\sjikDrl.exe
  C:\Windows\System\sjikDrl.exe
  2⤵
  PID:5264
- C:\Windows\System\uiGKHgr.exe
  C:\Windows\System\uiGKHgr.exe
  2⤵
  PID:5284
- C:\Windows\System\uOvxFKd.exe
  C:\Windows\System\uOvxFKd.exe
  2⤵
  PID:5300
- C:\Windows\System\azhtWgb.exe
  C:\Windows\System\azhtWgb.exe
  2⤵
  PID:5324
- C:\Windows\System\OlbvAFK.exe
  C:\Windows\System\OlbvAFK.exe
  2⤵
  PID:5344
- C:\Windows\System\TVTBMIm.exe
  C:\Windows\System\TVTBMIm.exe
  2⤵
  PID:5364
- C:\Windows\System\QqLaGIr.exe
  C:\Windows\System\QqLaGIr.exe
  2⤵
  PID:5384
- C:\Windows\System\ZhXjBaB.exe
  C:\Windows\System\ZhXjBaB.exe
  2⤵
  PID:5404
- C:\Windows\System\wSBgJXu.exe
  C:\Windows\System\wSBgJXu.exe
  2⤵
  PID:5424
- C:\Windows\System\iKYKRow.exe
  C:\Windows\System\iKYKRow.exe
  2⤵
  PID:5448
- C:\Windows\System\iVpCFQw.exe
  C:\Windows\System\iVpCFQw.exe
  2⤵
  PID:5468
- C:\Windows\System\sqihETh.exe
  C:\Windows\System\sqihETh.exe
  2⤵
  PID:5488
- C:\Windows\System\ZdPrSfS.exe
  C:\Windows\System\ZdPrSfS.exe
  2⤵
  PID:5512
- C:\Windows\System\NnceLeq.exe
  C:\Windows\System\NnceLeq.exe
  2⤵
  PID:5532
- C:\Windows\System\yAEboaC.exe
  C:\Windows\System\yAEboaC.exe
  2⤵
  PID:5548
- C:\Windows\System\adJNKUR.exe
  C:\Windows\System\adJNKUR.exe
  2⤵
  PID:5576
- C:\Windows\System\TSSmrLP.exe
  C:\Windows\System\TSSmrLP.exe
  2⤵
  PID:5596
- C:\Windows\System\LKKpaHz.exe
  C:\Windows\System\LKKpaHz.exe
  2⤵
  PID:5616
- C:\Windows\System\RoTccxI.exe
  C:\Windows\System\RoTccxI.exe
  2⤵
  PID:5636
- C:\Windows\System\oAWMcGD.exe
  C:\Windows\System\oAWMcGD.exe
  2⤵
  PID:5656
- C:\Windows\System\RXvAWjl.exe
  C:\Windows\System\RXvAWjl.exe
  2⤵
  PID:5684
- C:\Windows\System\EtIiWUC.exe
  C:\Windows\System\EtIiWUC.exe
  2⤵
  PID:5704
- C:\Windows\System\IQCazck.exe
  C:\Windows\System\IQCazck.exe
  2⤵
  PID:5724
- C:\Windows\System\pxsoHtH.exe
  C:\Windows\System\pxsoHtH.exe
  2⤵
  PID:5744
- C:\Windows\System\tLmKMYT.exe
  C:\Windows\System\tLmKMYT.exe
  2⤵
  PID:5772
- C:\Windows\System\lycFara.exe
  C:\Windows\System\lycFara.exe
  2⤵
  PID:5792
- C:\Windows\System\ibVhxOg.exe
  C:\Windows\System\ibVhxOg.exe
  2⤵
  PID:5812
- C:\Windows\System\UGSbIpb.exe
  C:\Windows\System\UGSbIpb.exe
  2⤵
  PID:5832
- C:\Windows\System\NFaLkGP.exe
  C:\Windows\System\NFaLkGP.exe
  2⤵
  PID:5852
- C:\Windows\System\ETezTPZ.exe
  C:\Windows\System\ETezTPZ.exe
  2⤵
  PID:5872
- C:\Windows\System\oCCwuGV.exe
  C:\Windows\System\oCCwuGV.exe
  2⤵
  PID:5892
- C:\Windows\System\tTuBAlj.exe
  C:\Windows\System\tTuBAlj.exe
  2⤵
  PID:5912
- C:\Windows\System\QapURjW.exe
  C:\Windows\System\QapURjW.exe
  2⤵
  PID:5932
- C:\Windows\System\srLrASo.exe
  C:\Windows\System\srLrASo.exe
  2⤵
  PID:5952
- C:\Windows\System\VKiFTdG.exe
  C:\Windows\System\VKiFTdG.exe
  2⤵
  PID:5972
- C:\Windows\System\zKcZRZe.exe
  C:\Windows\System\zKcZRZe.exe
  2⤵
  PID:5992
- C:\Windows\System\vxQzzkS.exe
  C:\Windows\System\vxQzzkS.exe
  2⤵
  PID:6012
- C:\Windows\System\doQDkXk.exe
  C:\Windows\System\doQDkXk.exe
  2⤵
  PID:6032
- C:\Windows\System\lngqKlO.exe
  C:\Windows\System\lngqKlO.exe
  2⤵
  PID:6056
- C:\Windows\System\kyPeLPq.exe
  C:\Windows\System\kyPeLPq.exe
  2⤵
  PID:6080
- C:\Windows\System\KyXWJff.exe
  C:\Windows\System\KyXWJff.exe
  2⤵
  PID:6100
- C:\Windows\System\qXpvtWa.exe
  C:\Windows\System\qXpvtWa.exe
  2⤵
  PID:6132
- C:\Windows\System\qbUjcom.exe
  C:\Windows\System\qbUjcom.exe
  2⤵
  PID:4480
- C:\Windows\System\qCVTaOH.exe
  C:\Windows\System\qCVTaOH.exe
  2⤵
  PID:4460
- C:\Windows\System\LOsFpQV.exe
  C:\Windows\System\LOsFpQV.exe
  2⤵
  PID:4644
- C:\Windows\System\oSrbRFj.exe
  C:\Windows\System\oSrbRFj.exe
  2⤵
  PID:4872
- C:\Windows\System\IYjYKxy.exe
  C:\Windows\System\IYjYKxy.exe
  2⤵
  PID:4888
- C:\Windows\System\zmxViEP.exe
  C:\Windows\System\zmxViEP.exe
  2⤵
  PID:4136
- C:\Windows\System\geZFqkv.exe
  C:\Windows\System\geZFqkv.exe
  2⤵
  PID:4224
- C:\Windows\System\sbPlCbH.exe
  C:\Windows\System\sbPlCbH.exe
  2⤵
  PID:5148
- C:\Windows\System\ExrSfQp.exe
  C:\Windows\System\ExrSfQp.exe
  2⤵
  PID:5200
- C:\Windows\System\HvTAYhu.exe
  C:\Windows\System\HvTAYhu.exe
  2⤵
  PID:5232
- C:\Windows\System\ZhNBdPZ.exe
  C:\Windows\System\ZhNBdPZ.exe
  2⤵
  PID:5252
- C:\Windows\System\RnMcmqm.exe
  C:\Windows\System\RnMcmqm.exe
  2⤵
  PID:5316
- C:\Windows\System\SqpLEbg.exe
  C:\Windows\System\SqpLEbg.exe
  2⤵
  PID:5332
- C:\Windows\System\HJbUQEt.exe
  C:\Windows\System\HJbUQEt.exe
  2⤵
  PID:5356
- C:\Windows\System\eISSwzZ.exe
  C:\Windows\System\eISSwzZ.exe
  2⤵
  PID:5376
- C:\Windows\System\VKjYXgE.exe
  C:\Windows\System\VKjYXgE.exe
  2⤵
  PID:5412
- C:\Windows\System\rUtfmCa.exe
  C:\Windows\System\rUtfmCa.exe
  2⤵
  PID:5464
- C:\Windows\System\wRJnMWq.exe
  C:\Windows\System\wRJnMWq.exe
  2⤵
  PID:5520
- C:\Windows\System\VWjtmSg.exe
  C:\Windows\System\VWjtmSg.exe
  2⤵
  PID:2712
- C:\Windows\System\VbPljPf.exe
  C:\Windows\System\VbPljPf.exe
  2⤵
  PID:5560
- C:\Windows\System\phZSrSl.exe
  C:\Windows\System\phZSrSl.exe
  2⤵
  PID:5612
- C:\Windows\System\bYDYdsl.exe
  C:\Windows\System\bYDYdsl.exe
  2⤵
  PID:5624
- C:\Windows\System\AfwwVzc.exe
  C:\Windows\System\AfwwVzc.exe
  2⤵
  PID:5628
- C:\Windows\System\TcjwuAO.exe
  C:\Windows\System\TcjwuAO.exe
  2⤵
  PID:5668
- C:\Windows\System\mZwiImC.exe
  C:\Windows\System\mZwiImC.exe
  2⤵
  PID:5720
- C:\Windows\System\rbJSERX.exe
  C:\Windows\System\rbJSERX.exe
  2⤵
  PID:5780
- C:\Windows\System\pcONtxx.exe
  C:\Windows\System\pcONtxx.exe
  2⤵
  PID:2172
- C:\Windows\System\cTNdNXv.exe
  C:\Windows\System\cTNdNXv.exe
  2⤵
  PID:5824
- C:\Windows\System\RgiAIin.exe
  C:\Windows\System\RgiAIin.exe
  2⤵
  PID:5840
- C:\Windows\System\yjtvYxp.exe
  C:\Windows\System\yjtvYxp.exe
  2⤵
  PID:5908
- C:\Windows\System\gGceHKR.exe
  C:\Windows\System\gGceHKR.exe
  2⤵
  PID:5948
- C:\Windows\System\RKtkmFv.exe
  C:\Windows\System\RKtkmFv.exe
  2⤵
  PID:5928
- C:\Windows\System\xMjGXHA.exe
  C:\Windows\System\xMjGXHA.exe
  2⤵
  PID:5964
- C:\Windows\System\EMkClGm.exe
  C:\Windows\System\EMkClGm.exe
  2⤵
  PID:6008
- C:\Windows\System\xhUZpeI.exe
  C:\Windows\System\xhUZpeI.exe
  2⤵
  PID:6040
- C:\Windows\System\eNiGvQg.exe
  C:\Windows\System\eNiGvQg.exe
  2⤵
  PID:6076
- C:\Windows\System\tKFJPfy.exe
  C:\Windows\System\tKFJPfy.exe
  2⤵
  PID:6116
- C:\Windows\System\TvYKhvN.exe
  C:\Windows\System\TvYKhvN.exe
  2⤵
  PID:4256
- C:\Windows\System\TaDJtSF.exe
  C:\Windows\System\TaDJtSF.exe
  2⤵
  PID:4892
- C:\Windows\System\vpJjVWh.exe
  C:\Windows\System\vpJjVWh.exe
  2⤵
  PID:4180
- C:\Windows\System\xzzvUgK.exe
  C:\Windows\System\xzzvUgK.exe
  2⤵
  PID:5124
- C:\Windows\System\iKRyDoD.exe
  C:\Windows\System\iKRyDoD.exe
  2⤵
  PID:5140
- C:\Windows\System\saaGoAc.exe
  C:\Windows\System\saaGoAc.exe
  2⤵
  PID:5272
- C:\Windows\System\QAiYAxD.exe
  C:\Windows\System\QAiYAxD.exe
  2⤵
  PID:5256
- C:\Windows\System\gogAlWw.exe
  C:\Windows\System\gogAlWw.exe
  2⤵
  PID:5380
- C:\Windows\System\SuVnyGX.exe
  C:\Windows\System\SuVnyGX.exe
  2⤵
  PID:5432
- C:\Windows\System\ojIGeQN.exe
  C:\Windows\System\ojIGeQN.exe
  2⤵
  PID:5500
- C:\Windows\System\KuDZWLv.exe
  C:\Windows\System\KuDZWLv.exe
  2⤵
  PID:5496
- C:\Windows\System\CTnBZqd.exe
  C:\Windows\System\CTnBZqd.exe
  2⤵
  PID:2652
- C:\Windows\System\ycNbjvQ.exe
  C:\Windows\System\ycNbjvQ.exe
  2⤵
  PID:2708
- C:\Windows\System\gjBCfVU.exe
  C:\Windows\System\gjBCfVU.exe
  2⤵
  PID:5700
- C:\Windows\System\oBNolku.exe
  C:\Windows\System\oBNolku.exe
  2⤵
  PID:5712
- C:\Windows\System\fPqPDwp.exe
  C:\Windows\System\fPqPDwp.exe
  2⤵
  PID:2344
- C:\Windows\System\raaJIns.exe
  C:\Windows\System\raaJIns.exe
  2⤵
  PID:5868
- C:\Windows\System\lhWkyqC.exe
  C:\Windows\System\lhWkyqC.exe
  2⤵
  PID:5940
- C:\Windows\System\qfmPNsY.exe
  C:\Windows\System\qfmPNsY.exe
  2⤵
  PID:5920
- C:\Windows\System\Dkfpshx.exe
  C:\Windows\System\Dkfpshx.exe
  2⤵
  PID:6088
- C:\Windows\System\bpdqHST.exe
  C:\Windows\System\bpdqHST.exe
  2⤵
  PID:6096
- C:\Windows\System\NIBFxwU.exe
  C:\Windows\System\NIBFxwU.exe
  2⤵
  PID:6068
- C:\Windows\System\vIzSUWH.exe
  C:\Windows\System\vIzSUWH.exe
  2⤵
  PID:4764
- C:\Windows\System\jDzNWuK.exe
  C:\Windows\System\jDzNWuK.exe
  2⤵
  PID:3676
- C:\Windows\System\jGlagVz.exe
  C:\Windows\System\jGlagVz.exe
  2⤵
  PID:5168
- C:\Windows\System\eKlGATC.exe
  C:\Windows\System\eKlGATC.exe
  2⤵
  PID:5280
- C:\Windows\System\naMBGww.exe
  C:\Windows\System\naMBGww.exe
  2⤵
  PID:5392
- C:\Windows\System\FGoUatS.exe
  C:\Windows\System\FGoUatS.exe
  2⤵
  PID:5456
- C:\Windows\System\ziCKFQc.exe
  C:\Windows\System\ziCKFQc.exe
  2⤵
  PID:5544
- C:\Windows\System\obQGqhX.exe
  C:\Windows\System\obQGqhX.exe
  2⤵
  PID:5592
- C:\Windows\System\ZZfbNxZ.exe
  C:\Windows\System\ZZfbNxZ.exe
  2⤵
  PID:5632
- C:\Windows\System\JuRyhSw.exe
  C:\Windows\System\JuRyhSw.exe
  2⤵
  PID:5828
- C:\Windows\System\XIrTJwy.exe
  C:\Windows\System\XIrTJwy.exe
  2⤵
  PID:5732
- C:\Windows\System\iiaDTCa.exe
  C:\Windows\System\iiaDTCa.exe
  2⤵
  PID:5844
- C:\Windows\System\BElBqlV.exe
  C:\Windows\System\BElBqlV.exe
  2⤵
  PID:5980
- C:\Windows\System\annVVPv.exe
  C:\Windows\System\annVVPv.exe
  2⤵
  PID:6024
- C:\Windows\System\PZPaPsU.exe
  C:\Windows\System\PZPaPsU.exe
  2⤵
  PID:6112
- C:\Windows\System\rjmAcNe.exe
  C:\Windows\System\rjmAcNe.exe
  2⤵
  PID:4444
- C:\Windows\System\jsuOOHQ.exe
  C:\Windows\System\jsuOOHQ.exe
  2⤵
  PID:2796
- C:\Windows\System\KQjebjk.exe
  C:\Windows\System\KQjebjk.exe
  2⤵
  PID:5184
- C:\Windows\System\WJACedK.exe
  C:\Windows\System\WJACedK.exe
  2⤵
  PID:5276
- C:\Windows\System\xrinWZy.exe
  C:\Windows\System\xrinWZy.exe
  2⤵
  PID:5476
- C:\Windows\System\FqMdOYI.exe
  C:\Windows\System\FqMdOYI.exe
  2⤵
  PID:5484
- C:\Windows\System\vJlYyyW.exe
  C:\Windows\System\vJlYyyW.exe
  2⤵
  PID:2400
- C:\Windows\System\iZbhCuI.exe
  C:\Windows\System\iZbhCuI.exe
  2⤵
  PID:5860
- C:\Windows\System\CkdBXHK.exe
  C:\Windows\System\CkdBXHK.exe
  2⤵
  PID:1648
- C:\Windows\System\qZxDOJT.exe
  C:\Windows\System\qZxDOJT.exe
  2⤵
  PID:4932
- C:\Windows\System\SBrmoAr.exe
  C:\Windows\System\SBrmoAr.exe
  2⤵
  PID:4380
- C:\Windows\System\wXFmyMA.exe
  C:\Windows\System\wXFmyMA.exe
  2⤵
  PID:1524
- C:\Windows\System\oZKvcuZ.exe
  C:\Windows\System\oZKvcuZ.exe
  2⤵
  PID:5416
- C:\Windows\System\ZUabEUe.exe
  C:\Windows\System\ZUabEUe.exe
  2⤵
  PID:2728
- C:\Windows\System\eFtaIuv.exe
  C:\Windows\System\eFtaIuv.exe
  2⤵
  PID:5752
- C:\Windows\System\aZrXGTj.exe
  C:\Windows\System\aZrXGTj.exe
  2⤵
  PID:2768
- C:\Windows\System\yPhTuug.exe
  C:\Windows\System\yPhTuug.exe
  2⤵
  PID:4908
- C:\Windows\System\ALEfpwH.exe
  C:\Windows\System\ALEfpwH.exe
  2⤵
  PID:6000
- C:\Windows\System\XehRqxA.exe
  C:\Windows\System\XehRqxA.exe
  2⤵
  PID:816
- C:\Windows\System\TlEucvk.exe
  C:\Windows\System\TlEucvk.exe
  2⤵
  PID:2568
- C:\Windows\System\gDYPiAi.exe
  C:\Windows\System\gDYPiAi.exe
  2⤵
  PID:1384
- C:\Windows\System\JVOyaPf.exe
  C:\Windows\System\JVOyaPf.exe
  2⤵
  PID:2088
- C:\Windows\System\IQVZWer.exe
  C:\Windows\System\IQVZWer.exe
  2⤵
  PID:5960
- C:\Windows\System\OKlbWOf.exe
  C:\Windows\System\OKlbWOf.exe
  2⤵
  PID:2556
- C:\Windows\System\rrnwIOD.exe
  C:\Windows\System\rrnwIOD.exe
  2⤵
  PID:2536
- C:\Windows\System\MJUnDhS.exe
  C:\Windows\System\MJUnDhS.exe
  2⤵
  PID:1224
- C:\Windows\System\YrYkbZC.exe
  C:\Windows\System\YrYkbZC.exe
  2⤵
  PID:2316
- C:\Windows\System\TChpKlb.exe
  C:\Windows\System\TChpKlb.exe
  2⤵
  PID:4364
- C:\Windows\System\rAMyYky.exe
  C:\Windows\System\rAMyYky.exe
  2⤵
  PID:2040
- C:\Windows\System\hULeLXE.exe
  C:\Windows\System\hULeLXE.exe
  2⤵
  PID:2852
- C:\Windows\System\JIAVcWi.exe
  C:\Windows\System\JIAVcWi.exe
  2⤵
  PID:1252
- C:\Windows\System\yPWlSPz.exe
  C:\Windows\System\yPWlSPz.exe
  2⤵
  PID:4600
- C:\Windows\System\VngFjmo.exe
  C:\Windows\System\VngFjmo.exe
  2⤵
  PID:2000
- C:\Windows\System\AYoFwqj.exe
  C:\Windows\System\AYoFwqj.exe
  2⤵
  PID:2844
- C:\Windows\System\eDxtHGs.exe
  C:\Windows\System\eDxtHGs.exe
  2⤵
  PID:1568
- C:\Windows\System\GpPVXvW.exe
  C:\Windows\System\GpPVXvW.exe
  2⤵
  PID:2564
- C:\Windows\System\TvuolLB.exe
  C:\Windows\System\TvuolLB.exe
  2⤵
  PID:6160
- C:\Windows\System\FSSSNYB.exe
  C:\Windows\System\FSSSNYB.exe
  2⤵
  PID:6188
- C:\Windows\System\yBdbpkg.exe
  C:\Windows\System\yBdbpkg.exe
  2⤵
  PID:6204
- C:\Windows\System\xSyeCFK.exe
  C:\Windows\System\xSyeCFK.exe
  2⤵
  PID:6220
- C:\Windows\System\SDDcGpa.exe
  C:\Windows\System\SDDcGpa.exe
  2⤵
  PID:6240
- C:\Windows\System\NsBXJDa.exe
  C:\Windows\System\NsBXJDa.exe
  2⤵
  PID:6268
- C:\Windows\System\jnZmvjC.exe
  C:\Windows\System\jnZmvjC.exe
  2⤵
  PID:6288
- C:\Windows\System\kLaECSX.exe
  C:\Windows\System\kLaECSX.exe
  2⤵
  PID:6304
- C:\Windows\System\rNpVkdt.exe
  C:\Windows\System\rNpVkdt.exe
  2⤵
  PID:6328
- C:\Windows\System\BFtPFPs.exe
  C:\Windows\System\BFtPFPs.exe
  2⤵
  PID:6352
- C:\Windows\System\BvBwgAX.exe
  C:\Windows\System\BvBwgAX.exe
  2⤵
  PID:6368
- C:\Windows\System\FjYExIy.exe
  C:\Windows\System\FjYExIy.exe
  2⤵
  PID:6396
- C:\Windows\System\gSVvCam.exe
  C:\Windows\System\gSVvCam.exe
  2⤵
  PID:6412
- C:\Windows\System\tmSnSTc.exe
  C:\Windows\System\tmSnSTc.exe
  2⤵
  PID:6436
- C:\Windows\System\ySQtBws.exe
  C:\Windows\System\ySQtBws.exe
  2⤵
  PID:6452
- C:\Windows\System\FvAIkPk.exe
  C:\Windows\System\FvAIkPk.exe
  2⤵
  PID:6468
- C:\Windows\System\SQjsJrW.exe
  C:\Windows\System\SQjsJrW.exe
  2⤵
  PID:6488
- C:\Windows\System\SRaPSaG.exe
  C:\Windows\System\SRaPSaG.exe
  2⤵
  PID:6504
- C:\Windows\System\PXoIOtA.exe
  C:\Windows\System\PXoIOtA.exe
  2⤵
  PID:6524
- C:\Windows\System\GlyecOl.exe
  C:\Windows\System\GlyecOl.exe
  2⤵
  PID:6544
- C:\Windows\System\zGGyHwf.exe
  C:\Windows\System\zGGyHwf.exe
  2⤵
  PID:6560
- C:\Windows\System\uaPGqwe.exe
  C:\Windows\System\uaPGqwe.exe
  2⤵
  PID:6580
- C:\Windows\System\XLmdoFj.exe
  C:\Windows\System\XLmdoFj.exe
  2⤵
  PID:6616
- C:\Windows\System\voZzWsg.exe
  C:\Windows\System\voZzWsg.exe
  2⤵
  PID:6632
- C:\Windows\System\zqoPZbF.exe
  C:\Windows\System\zqoPZbF.exe
  2⤵
  PID:6648
- C:\Windows\System\ToaKust.exe
  C:\Windows\System\ToaKust.exe
  2⤵
  PID:6664
- C:\Windows\System\MClqVpV.exe
  C:\Windows\System\MClqVpV.exe
  2⤵
  PID:6684
- C:\Windows\System\VVGJyAb.exe
  C:\Windows\System\VVGJyAb.exe
  2⤵
  PID:6704
- C:\Windows\System\LcpjtoE.exe
  C:\Windows\System\LcpjtoE.exe
  2⤵
  PID:6724
- C:\Windows\System\UPpWlHN.exe
  C:\Windows\System\UPpWlHN.exe
  2⤵
  PID:6740
- C:\Windows\System\VgjmXhw.exe
  C:\Windows\System\VgjmXhw.exe
  2⤵
  PID:6756
- C:\Windows\System\gmvTyhS.exe
  C:\Windows\System\gmvTyhS.exe
  2⤵
  PID:6772
- C:\Windows\System\scTDCKx.exe
  C:\Windows\System\scTDCKx.exe
  2⤵
  PID:6788
- C:\Windows\System\aOktCyA.exe
  C:\Windows\System\aOktCyA.exe
  2⤵
  PID:6804
- C:\Windows\System\DDWnbuN.exe
  C:\Windows\System\DDWnbuN.exe
  2⤵
  PID:6820
- C:\Windows\System\GoDaCjX.exe
  C:\Windows\System\GoDaCjX.exe
  2⤵
  PID:6876
- C:\Windows\System\sSfSkyx.exe
  C:\Windows\System\sSfSkyx.exe
  2⤵
  PID:6892
- C:\Windows\System\OBXrPWW.exe
  C:\Windows\System\OBXrPWW.exe
  2⤵
  PID:6908
- C:\Windows\System\tRMNEsm.exe
  C:\Windows\System\tRMNEsm.exe
  2⤵
  PID:6924
- C:\Windows\System\dYgeoIP.exe
  C:\Windows\System\dYgeoIP.exe
  2⤵
  PID:6940
- C:\Windows\System\jTUzBgh.exe
  C:\Windows\System\jTUzBgh.exe
  2⤵
  PID:6956
- C:\Windows\System\BIjNymy.exe
  C:\Windows\System\BIjNymy.exe
  2⤵
  PID:6972
- C:\Windows\System\afczaoi.exe
  C:\Windows\System\afczaoi.exe
  2⤵
  PID:6992
- C:\Windows\System\DHIgYCs.exe
  C:\Windows\System\DHIgYCs.exe
  2⤵
  PID:7012
- C:\Windows\System\gdphjUh.exe
  C:\Windows\System\gdphjUh.exe
  2⤵
  PID:7044
- C:\Windows\System\LbIrltW.exe
  C:\Windows\System\LbIrltW.exe
  2⤵
  PID:7064
- C:\Windows\System\nCFzQmW.exe
  C:\Windows\System\nCFzQmW.exe
  2⤵
  PID:7080
- C:\Windows\System\LwTkGJa.exe
  C:\Windows\System\LwTkGJa.exe
  2⤵
  PID:7096
- C:\Windows\System\QZtCXkK.exe
  C:\Windows\System\QZtCXkK.exe
  2⤵
  PID:7112
- C:\Windows\System\HnFPWKP.exe
  C:\Windows\System\HnFPWKP.exe
  2⤵
  PID:7128
- C:\Windows\System\uqXlLrZ.exe
  C:\Windows\System\uqXlLrZ.exe
  2⤵
  PID:7144
- C:\Windows\System\KboZXIU.exe
  C:\Windows\System\KboZXIU.exe
  2⤵
  PID:7160
- C:\Windows\System\LhRCbTC.exe
  C:\Windows\System\LhRCbTC.exe
  2⤵
  PID:4700
- C:\Windows\System\UKGDWit.exe
  C:\Windows\System\UKGDWit.exe
  2⤵
  PID:6312
- C:\Windows\System\urueigj.exe
  C:\Windows\System\urueigj.exe
  2⤵
  PID:6212
- C:\Windows\System\PqFLkql.exe
  C:\Windows\System\PqFLkql.exe
  2⤵
  PID:6256
- C:\Windows\System\SrmRape.exe
  C:\Windows\System\SrmRape.exe
  2⤵
  PID:6300
- C:\Windows\System\gOHINRP.exe
  C:\Windows\System\gOHINRP.exe
  2⤵
  PID:6364
- C:\Windows\System\dyVZHrc.exe
  C:\Windows\System\dyVZHrc.exe
  2⤵
  PID:6384
- C:\Windows\System\jsTbYjA.exe
  C:\Windows\System\jsTbYjA.exe
  2⤵
  PID:6408
- C:\Windows\System\oscoAxE.exe
  C:\Windows\System\oscoAxE.exe
  2⤵
  PID:6428
- C:\Windows\System\opXkNiR.exe
  C:\Windows\System\opXkNiR.exe
  2⤵
  PID:6588
- C:\Windows\System\FpMzQaN.exe
  C:\Windows\System\FpMzQaN.exe
  2⤵
  PID:6608
- C:\Windows\System\eMmBePH.exe
  C:\Windows\System\eMmBePH.exe
  2⤵
  PID:6496
- C:\Windows\System\SkQNxKI.exe
  C:\Windows\System\SkQNxKI.exe
  2⤵
  PID:6536
- C:\Windows\System\FlbroOM.exe
  C:\Windows\System\FlbroOM.exe
  2⤵
  PID:6576
- C:\Windows\System\tLwfgBD.exe
  C:\Windows\System\tLwfgBD.exe
  2⤵
  PID:6712
- C:\Windows\System\aiqexth.exe
  C:\Windows\System\aiqexth.exe
  2⤵
  PID:6656
- C:\Windows\System\hGUrBWB.exe
  C:\Windows\System\hGUrBWB.exe
  2⤵
  PID:6720
- C:\Windows\System\woGgXdI.exe
  C:\Windows\System\woGgXdI.exe
  2⤵
  PID:6800
- C:\Windows\System\peDuXQT.exe
  C:\Windows\System\peDuXQT.exe
  2⤵
  PID:6844
- C:\Windows\System\okfsdrF.exe
  C:\Windows\System\okfsdrF.exe
  2⤵
  PID:6752
- C:\Windows\System\UrUdLXi.exe
  C:\Windows\System\UrUdLXi.exe
  2⤵
  PID:6868
- C:\Windows\System\hmWIhzs.exe
  C:\Windows\System\hmWIhzs.exe
  2⤵
  PID:6860
- C:\Windows\System\uaEQwiP.exe
  C:\Windows\System\uaEQwiP.exe
  2⤵
  PID:6920
- C:\Windows\System\kAGdKUl.exe
  C:\Windows\System\kAGdKUl.exe
  2⤵
  PID:6980
- C:\Windows\System\JwHFGMQ.exe
  C:\Windows\System\JwHFGMQ.exe
  2⤵
  PID:6900
- C:\Windows\System\fmqXOcw.exe
  C:\Windows\System\fmqXOcw.exe
  2⤵
  PID:7028
- C:\Windows\System\nIEpFDS.exe
  C:\Windows\System\nIEpFDS.exe
  2⤵
  PID:6864
- C:\Windows\System\XlwoEkL.exe
  C:\Windows\System\XlwoEkL.exe
  2⤵
  PID:7108
- C:\Windows\System\lWyIfBm.exe
  C:\Windows\System\lWyIfBm.exe
  2⤵
  PID:7008
- C:\Windows\System\ranwWaI.exe
  C:\Windows\System\ranwWaI.exe
  2⤵
  PID:7092
- C:\Windows\System\ixtNsot.exe
  C:\Windows\System\ixtNsot.exe
  2⤵
  PID:7156
- C:\Windows\System\SnBhvez.exe
  C:\Windows\System\SnBhvez.exe
  2⤵
  PID:6152
- C:\Windows\System\XOQHzzj.exe
  C:\Windows\System\XOQHzzj.exe
  2⤵
  PID:6228
- C:\Windows\System\PfYDFfp.exe
  C:\Windows\System\PfYDFfp.exe
  2⤵
  PID:2740
- C:\Windows\System\ECNbnwK.exe
  C:\Windows\System\ECNbnwK.exe
  2⤵
  PID:6180
- C:\Windows\System\yNwFRDV.exe
  C:\Windows\System\yNwFRDV.exe
  2⤵
  PID:6296
- C:\Windows\System\QHOpRkV.exe
  C:\Windows\System\QHOpRkV.exe
  2⤵
  PID:6344
- C:\Windows\System\TkOumRR.exe
  C:\Windows\System\TkOumRR.exe
  2⤵
  PID:6404
- C:\Windows\System\iOuBeFd.exe
  C:\Windows\System\iOuBeFd.exe
  2⤵
  PID:6324
- C:\Windows\System\xtQnMga.exe
  C:\Windows\System\xtQnMga.exe
  2⤵
  PID:6448
- C:\Windows\System\sZfuXov.exe
  C:\Windows\System\sZfuXov.exe
  2⤵
  PID:6556
- C:\Windows\System\yaUfFaJ.exe
  C:\Windows\System\yaUfFaJ.exe
  2⤵
  PID:6604
- C:\Windows\System\xsSSSJZ.exe
  C:\Windows\System\xsSSSJZ.exe
  2⤵
  PID:6464
- C:\Windows\System\ismenlp.exe
  C:\Windows\System\ismenlp.exe
  2⤵
  PID:6692
- C:\Windows\System\qaDIzTD.exe
  C:\Windows\System\qaDIzTD.exe
  2⤵
  PID:6612
- C:\Windows\System\RQeykxg.exe
  C:\Windows\System\RQeykxg.exe
  2⤵
  PID:6700
- C:\Windows\System\SGTwixO.exe
  C:\Windows\System\SGTwixO.exe
  2⤵
  PID:6768
- C:\Windows\System\kunwPdy.exe
  C:\Windows\System\kunwPdy.exe
  2⤵
  PID:6884
- C:\Windows\System\gvffMeM.exe
  C:\Windows\System\gvffMeM.exe
  2⤵
  PID:6888
- C:\Windows\System\JKmKWyI.exe
  C:\Windows\System\JKmKWyI.exe
  2⤵
  PID:6764
- C:\Windows\System\WDvZYVV.exe
  C:\Windows\System\WDvZYVV.exe
  2⤵
  PID:7032
- C:\Windows\System\WCjjAng.exe
  C:\Windows\System\WCjjAng.exe
  2⤵
  PID:7140
- C:\Windows\System\ebDObdA.exe
  C:\Windows\System\ebDObdA.exe
  2⤵
  PID:6196
- C:\Windows\System\ibsYwdb.exe
  C:\Windows\System\ibsYwdb.exe
  2⤵
  PID:7000
- C:\Windows\System\FFPnyOf.exe
  C:\Windows\System\FFPnyOf.exe
  2⤵
  PID:6200
- C:\Windows\System\FTHSVah.exe
  C:\Windows\System\FTHSVah.exe
  2⤵
  PID:6392
- C:\Windows\System\cihXgbF.exe
  C:\Windows\System\cihXgbF.exe
  2⤵
  PID:6532
- C:\Windows\System\Dxpmchn.exe
  C:\Windows\System\Dxpmchn.exe
  2⤵
  PID:6376
- C:\Windows\System\RaZxZvA.exe
  C:\Windows\System\RaZxZvA.exe
  2⤵
  PID:6432
- C:\Windows\System\mRHHCRe.exe
  C:\Windows\System\mRHHCRe.exe
  2⤵
  PID:6696
- C:\Windows\System\XASEqYR.exe
  C:\Windows\System\XASEqYR.exe
  2⤵
  PID:6736
- C:\Windows\System\WUbBeWA.exe
  C:\Windows\System\WUbBeWA.exe
  2⤵
  PID:7024
- C:\Windows\System\BIvwhkR.exe
  C:\Windows\System\BIvwhkR.exe
  2⤵
  PID:6952
- C:\Windows\System\TGizoKP.exe
  C:\Windows\System\TGizoKP.exe
  2⤵
  PID:3408
- C:\Windows\System\UtuVNRr.exe
  C:\Windows\System\UtuVNRr.exe
  2⤵
  PID:7088
- C:\Windows\System\BctZJOo.exe
  C:\Windows\System\BctZJOo.exe
  2⤵
  PID:6280
- C:\Windows\System\ZvPdVxo.exe
  C:\Windows\System\ZvPdVxo.exe
  2⤵
  PID:6816
- C:\Windows\System\WEXizjc.exe
  C:\Windows\System\WEXizjc.exe
  2⤵
  PID:7076
- C:\Windows\System\FfsCMpE.exe
  C:\Windows\System\FfsCMpE.exe
  2⤵
  PID:2876
- C:\Windows\System\FHiHCAU.exe
  C:\Windows\System\FHiHCAU.exe
  2⤵
  PID:6264
- C:\Windows\System\sYcEnYZ.exe
  C:\Windows\System\sYcEnYZ.exe
  2⤵
  PID:6484
- C:\Windows\System\RPGheIF.exe
  C:\Windows\System\RPGheIF.exe
  2⤵
  PID:7180
- C:\Windows\System\snrzamJ.exe
  C:\Windows\System\snrzamJ.exe
  2⤵
  PID:7204
- C:\Windows\System\nTThkRq.exe
  C:\Windows\System\nTThkRq.exe
  2⤵
  PID:7220
- C:\Windows\System\eWLlZoi.exe
  C:\Windows\System\eWLlZoi.exe
  2⤵
  PID:7236
- C:\Windows\System\CxtmqrP.exe
  C:\Windows\System\CxtmqrP.exe
  2⤵
  PID:7252
- C:\Windows\System\EOMQrkN.exe
  C:\Windows\System\EOMQrkN.exe
  2⤵
  PID:7268
- C:\Windows\System\DPiUDyX.exe
  C:\Windows\System\DPiUDyX.exe
  2⤵
  PID:7284
- C:\Windows\System\YDLFAWT.exe
  C:\Windows\System\YDLFAWT.exe
  2⤵
  PID:7300
- C:\Windows\System\VuRxHBF.exe
  C:\Windows\System\VuRxHBF.exe
  2⤵
  PID:7316
- C:\Windows\System\GwvObtJ.exe
  C:\Windows\System\GwvObtJ.exe
  2⤵
  PID:7336
- C:\Windows\System\UevACDZ.exe
  C:\Windows\System\UevACDZ.exe
  2⤵
  PID:7352
- C:\Windows\System\lcXKnhd.exe
  C:\Windows\System\lcXKnhd.exe
  2⤵
  PID:7368
- C:\Windows\System\NjUbifl.exe
  C:\Windows\System\NjUbifl.exe
  2⤵
  PID:7384
- C:\Windows\System\dxLbwcq.exe
  C:\Windows\System\dxLbwcq.exe
  2⤵
  PID:7404
- C:\Windows\System\IjxlkQO.exe
  C:\Windows\System\IjxlkQO.exe
  2⤵
  PID:7420
- C:\Windows\System\zQLDDPy.exe
  C:\Windows\System\zQLDDPy.exe
  2⤵
  PID:7436
- C:\Windows\System\FQLDfkV.exe
  C:\Windows\System\FQLDfkV.exe
  2⤵
  PID:7452
- C:\Windows\System\AwYLPMg.exe
  C:\Windows\System\AwYLPMg.exe
  2⤵
  PID:7468
- C:\Windows\System\YqLgDHf.exe
  C:\Windows\System\YqLgDHf.exe
  2⤵
  PID:7484
- C:\Windows\System\RNXIwfo.exe
  C:\Windows\System\RNXIwfo.exe
  2⤵
  PID:7500
- C:\Windows\System\koYPbkQ.exe
  C:\Windows\System\koYPbkQ.exe
  2⤵
  PID:7520
- C:\Windows\System\oidGCTY.exe
  C:\Windows\System\oidGCTY.exe
  2⤵
  PID:7540
- C:\Windows\System\VXiSqzj.exe
  C:\Windows\System\VXiSqzj.exe
  2⤵
  PID:7564
- C:\Windows\System\DEXJfPc.exe
  C:\Windows\System\DEXJfPc.exe
  2⤵
  PID:7580
- C:\Windows\System\wNKlxrC.exe
  C:\Windows\System\wNKlxrC.exe
  2⤵
  PID:7596
- C:\Windows\System\lYkwjcT.exe
  C:\Windows\System\lYkwjcT.exe
  2⤵
  PID:7612
- C:\Windows\System\LKGSCEu.exe
  C:\Windows\System\LKGSCEu.exe
  2⤵
  PID:7636
- C:\Windows\System\tRLSaVK.exe
  C:\Windows\System\tRLSaVK.exe
  2⤵
  PID:7664
- C:\Windows\System\OTMxqFM.exe
  C:\Windows\System\OTMxqFM.exe
  2⤵
  PID:7680
- C:\Windows\System\BiFxnjZ.exe
  C:\Windows\System\BiFxnjZ.exe
  2⤵
  PID:7704
- C:\Windows\System\haYjtvV.exe
  C:\Windows\System\haYjtvV.exe
  2⤵
  PID:7720
- C:\Windows\System\LYtuttP.exe
  C:\Windows\System\LYtuttP.exe
  2⤵
  PID:7736
- C:\Windows\System\nEAqyyW.exe
  C:\Windows\System\nEAqyyW.exe
  2⤵
  PID:7756
- C:\Windows\System\YUrNota.exe
  C:\Windows\System\YUrNota.exe
  2⤵
  PID:7776
- C:\Windows\System\LGYrLxr.exe
  C:\Windows\System\LGYrLxr.exe
  2⤵
  PID:7792
- C:\Windows\System\XfPqRhv.exe
  C:\Windows\System\XfPqRhv.exe
  2⤵
  PID:7808
- C:\Windows\System\DHxPGAe.exe
  C:\Windows\System\DHxPGAe.exe
  2⤵
  PID:7824
- C:\Windows\System\cpxcmac.exe
  C:\Windows\System\cpxcmac.exe
  2⤵
  PID:7840
- C:\Windows\System\myznnRW.exe
  C:\Windows\System\myznnRW.exe
  2⤵
  PID:7856
- C:\Windows\System\NGVnHrW.exe
  C:\Windows\System\NGVnHrW.exe
  2⤵
  PID:7872
- C:\Windows\System\cnRWzZJ.exe
  C:\Windows\System\cnRWzZJ.exe
  2⤵
  PID:7888
- C:\Windows\System\RzdMMfI.exe
  C:\Windows\System\RzdMMfI.exe
  2⤵
  PID:7904
- C:\Windows\System\sgqCudw.exe
  C:\Windows\System\sgqCudw.exe
  2⤵
  PID:7920
- C:\Windows\System\EVEYnjF.exe
  C:\Windows\System\EVEYnjF.exe
  2⤵
  PID:7936
- C:\Windows\System\iKfnSEc.exe
  C:\Windows\System\iKfnSEc.exe
  2⤵
  PID:7952
- C:\Windows\System\UEzffOh.exe
  C:\Windows\System\UEzffOh.exe
  2⤵
  PID:7968
- C:\Windows\System\pGyrpZd.exe
  C:\Windows\System\pGyrpZd.exe
  2⤵
  PID:7988
- C:\Windows\System\UxiBLTv.exe
  C:\Windows\System\UxiBLTv.exe
  2⤵
  PID:8004
- C:\Windows\System\tLZjezT.exe
  C:\Windows\System\tLZjezT.exe
  2⤵
  PID:8020
- C:\Windows\System\FqLhQLH.exe
  C:\Windows\System\FqLhQLH.exe
  2⤵
  PID:8036
- C:\Windows\System\eoCqohf.exe
  C:\Windows\System\eoCqohf.exe
  2⤵
  PID:8052
- C:\Windows\System\AtLTJRL.exe
  C:\Windows\System\AtLTJRL.exe
  2⤵
  PID:8068
- C:\Windows\System\CikwjhV.exe
  C:\Windows\System\CikwjhV.exe
  2⤵
  PID:8084
- C:\Windows\System\NUjzPvC.exe
  C:\Windows\System\NUjzPvC.exe
  2⤵
  PID:8100
- C:\Windows\System\DEYPSTO.exe
  C:\Windows\System\DEYPSTO.exe
  2⤵
  PID:8116
- C:\Windows\System\msitqgU.exe
  C:\Windows\System\msitqgU.exe
  2⤵
  PID:8132
- C:\Windows\System\WZOlHSq.exe
  C:\Windows\System\WZOlHSq.exe
  2⤵
  PID:8148
- C:\Windows\System\HRRkOQE.exe
  C:\Windows\System\HRRkOQE.exe
  2⤵
  PID:8164
- C:\Windows\System\dPpxbNV.exe
  C:\Windows\System\dPpxbNV.exe
  2⤵
  PID:8180
- C:\Windows\System\GpqjvOj.exe
  C:\Windows\System\GpqjvOj.exe
  2⤵
  PID:7052
- C:\Windows\System\lmNDxLH.exe
  C:\Windows\System\lmNDxLH.exe
  2⤵
  PID:7176
- C:\Windows\System\rEzGVsV.exe
  C:\Windows\System\rEzGVsV.exe
  2⤵
  PID:6480
- C:\Windows\System\EXcubQx.exe
  C:\Windows\System\EXcubQx.exe
  2⤵
  PID:7188
- C:\Windows\System\boyYMnd.exe
  C:\Windows\System\boyYMnd.exe
  2⤵
  PID:7228
- C:\Windows\System\aizYETQ.exe
  C:\Windows\System\aizYETQ.exe
  2⤵
  PID:7264
- C:\Windows\System\Oupavwn.exe
  C:\Windows\System\Oupavwn.exe
  2⤵
  PID:7244
- C:\Windows\System\imjMxTK.exe
  C:\Windows\System\imjMxTK.exe
  2⤵
  PID:7412
- C:\Windows\System\dXkfKrY.exe
  C:\Windows\System\dXkfKrY.exe
  2⤵
  PID:7364
- C:\Windows\System\RPRiIRa.exe
  C:\Windows\System\RPRiIRa.exe
  2⤵
  PID:7432
- C:\Windows\System\NKcNTJR.exe
  C:\Windows\System\NKcNTJR.exe
  2⤵
  PID:7348
- C:\Windows\System\OQcBpna.exe
  C:\Windows\System\OQcBpna.exe
  2⤵
  PID:7464
- C:\Windows\System\jAXaNqP.exe
  C:\Windows\System\jAXaNqP.exe
  2⤵
  PID:7532
- C:\Windows\System\JpShJrt.exe
  C:\Windows\System\JpShJrt.exe
  2⤵
  PID:7576
- C:\Windows\System\syNBUQB.exe
  C:\Windows\System\syNBUQB.exe
  2⤵
  PID:7476
- C:\Windows\System\zAVBnLx.exe
  C:\Windows\System\zAVBnLx.exe
  2⤵
  PID:7480
- C:\Windows\System\GZehmAP.exe
  C:\Windows\System\GZehmAP.exe
  2⤵
  PID:7620
- C:\Windows\System\xPvApzh.exe
  C:\Windows\System\xPvApzh.exe
  2⤵
  PID:7648
- C:\Windows\System\pcMTLAY.exe
  C:\Windows\System\pcMTLAY.exe
  2⤵
  PID:7688
- C:\Windows\System\nHnOHzE.exe
  C:\Windows\System\nHnOHzE.exe
  2⤵
  PID:7696
- C:\Windows\System\AqDcnED.exe
  C:\Windows\System\AqDcnED.exe
  2⤵
  PID:7744
- C:\Windows\System\QMWwIuN.exe
  C:\Windows\System\QMWwIuN.exe
  2⤵
  PID:7712
- C:\Windows\System\wUvNTxD.exe
  C:\Windows\System\wUvNTxD.exe
  2⤵
  PID:7832
- C:\Windows\System\cLMACOI.exe
  C:\Windows\System\cLMACOI.exe
  2⤵
  PID:7868
- C:\Windows\System\hJhkiog.exe
  C:\Windows\System\hJhkiog.exe
  2⤵
  PID:7820
- C:\Windows\System\Coxjbbt.exe
  C:\Windows\System\Coxjbbt.exe
  2⤵
  PID:7880
- C:\Windows\System\XDZTQbU.exe
  C:\Windows\System\XDZTQbU.exe
  2⤵
  PID:7928
- C:\Windows\System\FnIoxwr.exe
  C:\Windows\System\FnIoxwr.exe
  2⤵
  PID:7948
- C:\Windows\System\xAlvYMH.exe
  C:\Windows\System\xAlvYMH.exe
  2⤵
  PID:7996
- C:\Windows\System\chKBvBt.exe
  C:\Windows\System\chKBvBt.exe
  2⤵
  PID:8060
- C:\Windows\System\NJyVHSM.exe
  C:\Windows\System\NJyVHSM.exe
  2⤵
  PID:8092
- C:\Windows\System\fSsPgwb.exe
  C:\Windows\System\fSsPgwb.exe
  2⤵
  PID:8124
- C:\Windows\System\dLoRUrX.exe
  C:\Windows\System\dLoRUrX.exe
  2⤵
  PID:8188
- C:\Windows\System\MWFkYHy.exe
  C:\Windows\System\MWFkYHy.exe
  2⤵
  PID:6628
- C:\Windows\System\ZKoUWGX.exe
  C:\Windows\System\ZKoUWGX.exe
  2⤵
  PID:8144
- C:\Windows\System\MIJMcRe.exe
  C:\Windows\System\MIJMcRe.exe
  2⤵
  PID:8112
- C:\Windows\System\DuQlBNs.exe
  C:\Windows\System\DuQlBNs.exe
  2⤵
  PID:7200
- C:\Windows\System\GbLQYBL.exe
  C:\Windows\System\GbLQYBL.exe
  2⤵
  PID:6984
- C:\Windows\System\YPawlvS.exe
  C:\Windows\System\YPawlvS.exe
  2⤵
  PID:7332
- C:\Windows\System\LQEVaGY.exe
  C:\Windows\System\LQEVaGY.exe
  2⤵
  PID:7376
- C:\Windows\System\rFHibaF.exe
  C:\Windows\System\rFHibaF.exe
  2⤵
  PID:7548
- C:\Windows\System\gUpSDqm.exe
  C:\Windows\System\gUpSDqm.exe
  2⤵
  PID:7512
- C:\Windows\System\NVfuLYj.exe
  C:\Windows\System\NVfuLYj.exe
  2⤵
  PID:7396
- C:\Windows\System\IauYFqY.exe
  C:\Windows\System\IauYFqY.exe
  2⤵
  PID:7628
- C:\Windows\System\PcDNGxh.exe
  C:\Windows\System\PcDNGxh.exe
  2⤵
  PID:7804
- C:\Windows\System\trdsPFW.exe
  C:\Windows\System\trdsPFW.exe
  2⤵
  PID:7676
- C:\Windows\System\ReuJPNw.exe
  C:\Windows\System\ReuJPNw.exe
  2⤵
  PID:7764
- C:\Windows\System\zvaNHzn.exe
  C:\Windows\System\zvaNHzn.exe
  2⤵
  PID:7976
- C:\Windows\System\UtooGvm.exe
  C:\Windows\System\UtooGvm.exe
  2⤵
  PID:7960
- C:\Windows\System\FKXVSFb.exe
  C:\Windows\System\FKXVSFb.exe
  2⤵
  PID:8048
- C:\Windows\System\ruciJtF.exe
  C:\Windows\System\ruciJtF.exe
  2⤵
  PID:8096
- C:\Windows\System\mfYimCf.exe
  C:\Windows\System\mfYimCf.exe
  2⤵
  PID:7324
- C:\Windows\System\fGaxGma.exe
  C:\Windows\System\fGaxGma.exe
  2⤵
  PID:7328
- C:\Windows\System\SKmJiNm.exe
  C:\Windows\System\SKmJiNm.exe
  2⤵
  PID:7572
- C:\Windows\System\YOwTrpN.exe
  C:\Windows\System\YOwTrpN.exe
  2⤵
  PID:7280
- C:\Windows\System\cQrVSXu.exe
  C:\Windows\System\cQrVSXu.exe
  2⤵
  PID:7516
- C:\Windows\System\ZOgpKha.exe
  C:\Windows\System\ZOgpKha.exe
  2⤵
  PID:7916
- C:\Windows\System\ItpkefT.exe
  C:\Windows\System\ItpkefT.exe
  2⤵
  PID:8012
- C:\Windows\System\kSCFlGe.exe
  C:\Windows\System\kSCFlGe.exe
  2⤵
  PID:860
- C:\Windows\System\usjGtqc.exe
  C:\Windows\System\usjGtqc.exe
  2⤵
  PID:7912
- C:\Windows\System\jkfPHjh.exe
  C:\Windows\System\jkfPHjh.exe
  2⤵
  PID:7528
- C:\Windows\System\mYNyXix.exe
  C:\Windows\System\mYNyXix.exe
  2⤵
  PID:6840
- C:\Windows\System\YgHLABR.exe
  C:\Windows\System\YgHLABR.exe
  2⤵
  PID:7216
- C:\Windows\System\dAinODE.exe
  C:\Windows\System\dAinODE.exe
  2⤵
  PID:7728
- C:\Windows\System\onsKRle.exe
  C:\Windows\System\onsKRle.exe
  2⤵
  PID:8204
- C:\Windows\System\IWnXDpw.exe
  C:\Windows\System\IWnXDpw.exe
  2⤵
  PID:8232
- C:\Windows\System\dbHnzek.exe
  C:\Windows\System\dbHnzek.exe
  2⤵
  PID:8252
- C:\Windows\System\sOoFkmq.exe
  C:\Windows\System\sOoFkmq.exe
  2⤵
  PID:8268
- C:\Windows\System\FpqWkeI.exe
  C:\Windows\System\FpqWkeI.exe
  2⤵
  PID:8284
- C:\Windows\System\bHAPhef.exe
  C:\Windows\System\bHAPhef.exe
  2⤵
  PID:8320
- C:\Windows\System\qAqGXSl.exe
  C:\Windows\System\qAqGXSl.exe
  2⤵
  PID:8348
- C:\Windows\System\UyMdnQs.exe
  C:\Windows\System\UyMdnQs.exe
  2⤵
  PID:8364
- C:\Windows\System\ZjPBeTX.exe
  C:\Windows\System\ZjPBeTX.exe
  2⤵
  PID:8384
- C:\Windows\System\gWycXqP.exe
  C:\Windows\System\gWycXqP.exe
  2⤵
  PID:8400
- C:\Windows\System\HPkINBH.exe
  C:\Windows\System\HPkINBH.exe
  2⤵
  PID:8416
- C:\Windows\System\bgtmzwP.exe
  C:\Windows\System\bgtmzwP.exe
  2⤵
  PID:8432
- C:\Windows\System\NqgIcgV.exe
  C:\Windows\System\NqgIcgV.exe
  2⤵
  PID:8448
- C:\Windows\System\vTelbuN.exe
  C:\Windows\System\vTelbuN.exe
  2⤵
  PID:8476
- C:\Windows\System\kDJEWxZ.exe
  C:\Windows\System\kDJEWxZ.exe
  2⤵
  PID:8508
- C:\Windows\System\lkgpenD.exe
  C:\Windows\System\lkgpenD.exe
  2⤵
  PID:8528
- C:\Windows\System\cJHlFMW.exe
  C:\Windows\System\cJHlFMW.exe
  2⤵
  PID:8544
- C:\Windows\System\sIVnlxu.exe
  C:\Windows\System\sIVnlxu.exe
  2⤵
  PID:8564
- C:\Windows\System\VBcFYHJ.exe
  C:\Windows\System\VBcFYHJ.exe
  2⤵
  PID:8580
- C:\Windows\System\dyIjOKS.exe
  C:\Windows\System\dyIjOKS.exe
  2⤵
  PID:8604
- C:\Windows\System\BpkrJTM.exe
  C:\Windows\System\BpkrJTM.exe
  2⤵
  PID:8620
- C:\Windows\System\oKImUVC.exe
  C:\Windows\System\oKImUVC.exe
  2⤵
  PID:8636
- C:\Windows\System\CHdjGTA.exe
  C:\Windows\System\CHdjGTA.exe
  2⤵
  PID:8652
- C:\Windows\System\BKiZvAk.exe
  C:\Windows\System\BKiZvAk.exe
  2⤵
  PID:8668
- C:\Windows\System\nVNFoez.exe
  C:\Windows\System\nVNFoez.exe
  2⤵
  PID:8684
- C:\Windows\System\OJDiZtn.exe
  C:\Windows\System\OJDiZtn.exe
  2⤵
  PID:8708
- C:\Windows\System\ZBeVzzf.exe
  C:\Windows\System\ZBeVzzf.exe
  2⤵
  PID:8728
- C:\Windows\System\TSUrwPA.exe
  C:\Windows\System\TSUrwPA.exe
  2⤵
  PID:8744
- C:\Windows\System\GlcvXBr.exe
  C:\Windows\System\GlcvXBr.exe
  2⤵
  PID:8768
- C:\Windows\System\VJVZElt.exe
  C:\Windows\System\VJVZElt.exe
  2⤵
  PID:8784
- C:\Windows\System\PujGadq.exe
  C:\Windows\System\PujGadq.exe
  2⤵
  PID:8800
- C:\Windows\System\eOXmMkC.exe
  C:\Windows\System\eOXmMkC.exe
  2⤵
  PID:8816
- C:\Windows\System\mgzYqOM.exe
  C:\Windows\System\mgzYqOM.exe
  2⤵
  PID:8832
- C:\Windows\System\DqOQfnK.exe
  C:\Windows\System\DqOQfnK.exe
  2⤵
  PID:8848
- C:\Windows\System\pTwMToA.exe
  C:\Windows\System\pTwMToA.exe
  2⤵
  PID:8864
- C:\Windows\System\lgghDFc.exe
  C:\Windows\System\lgghDFc.exe
  2⤵
  PID:8880
- C:\Windows\System\YGcvvbg.exe
  C:\Windows\System\YGcvvbg.exe
  2⤵
  PID:8896
- C:\Windows\System\PYFPNpg.exe
  C:\Windows\System\PYFPNpg.exe
  2⤵
  PID:8912
- C:\Windows\System\fcIPRGn.exe
  C:\Windows\System\fcIPRGn.exe
  2⤵
  PID:8928
- C:\Windows\System\wDpCLXv.exe
  C:\Windows\System\wDpCLXv.exe
  2⤵
  PID:8944
- C:\Windows\System\YbGGFtU.exe
  C:\Windows\System\YbGGFtU.exe
  2⤵
  PID:8960
- C:\Windows\System\VxmPdPR.exe
  C:\Windows\System\VxmPdPR.exe
  2⤵
  PID:8976
- C:\Windows\System\SSmetml.exe
  C:\Windows\System\SSmetml.exe
  2⤵
  PID:8992
- C:\Windows\System\caYCbJu.exe
  C:\Windows\System\caYCbJu.exe
  2⤵
  PID:9008
- C:\Windows\System\tGOYyFe.exe
  C:\Windows\System\tGOYyFe.exe
  2⤵
  PID:9024
- C:\Windows\System\rzwiqqj.exe
  C:\Windows\System\rzwiqqj.exe
  2⤵
  PID:9040
- C:\Windows\System\NcGOPwJ.exe
  C:\Windows\System\NcGOPwJ.exe
  2⤵
  PID:9056
- C:\Windows\System\qrPWnkF.exe
  C:\Windows\System\qrPWnkF.exe
  2⤵
  PID:9072
- C:\Windows\System\SZrYZDP.exe
  C:\Windows\System\SZrYZDP.exe
  2⤵
  PID:9088
- C:\Windows\System\ZrMxbaE.exe
  C:\Windows\System\ZrMxbaE.exe
  2⤵
  PID:9104
- C:\Windows\System\odBTwsH.exe
  C:\Windows\System\odBTwsH.exe
  2⤵
  PID:9120
- C:\Windows\System\MXwpKcm.exe
  C:\Windows\System\MXwpKcm.exe
  2⤵
  PID:9136
- C:\Windows\System\hQHXHGg.exe
  C:\Windows\System\hQHXHGg.exe
  2⤵
  PID:9152
- C:\Windows\System\pEFbeRd.exe
  C:\Windows\System\pEFbeRd.exe
  2⤵
  PID:9168
- C:\Windows\System\JIzVTfA.exe
  C:\Windows\System\JIzVTfA.exe
  2⤵
  PID:9184
- C:\Windows\System\idCtdYr.exe
  C:\Windows\System\idCtdYr.exe
  2⤵
  PID:9200
- C:\Windows\System\TUDDFuX.exe
  C:\Windows\System\TUDDFuX.exe
  2⤵
  PID:7716
- C:\Windows\System\vJnlPNP.exe
  C:\Windows\System\vJnlPNP.exe
  2⤵
  PID:8140
- C:\Windows\System\aMJohfY.exe
  C:\Windows\System\aMJohfY.exe
  2⤵
  PID:8196
- C:\Windows\System\SGRYzpr.exe
  C:\Windows\System\SGRYzpr.exe
  2⤵
  PID:7196
- C:\Windows\System\sCccTtl.exe
  C:\Windows\System\sCccTtl.exe
  2⤵
  PID:8212
- C:\Windows\System\gFvFOQN.exe
  C:\Windows\System\gFvFOQN.exe
  2⤵
  PID:8228
- C:\Windows\System\GmnOtKr.exe
  C:\Windows\System\GmnOtKr.exe
  2⤵
  PID:8248
- C:\Windows\System\wNbjrgG.exe
  C:\Windows\System\wNbjrgG.exe
  2⤵
  PID:8264
- C:\Windows\System\MDpJXgt.exe
  C:\Windows\System\MDpJXgt.exe
  2⤵
  PID:8292
- C:\Windows\System\KazQorA.exe
  C:\Windows\System\KazQorA.exe
  2⤵
  PID:8328
- C:\Windows\System\XmbDSEu.exe
  C:\Windows\System\XmbDSEu.exe
  2⤵
  PID:8344
- C:\Windows\System\BwLskMk.exe
  C:\Windows\System\BwLskMk.exe
  2⤵
  PID:8408
- C:\Windows\System\jfOrJUx.exe
  C:\Windows\System\jfOrJUx.exe
  2⤵
  PID:8444
- C:\Windows\System\rcrOSva.exe
  C:\Windows\System\rcrOSva.exe
  2⤵
  PID:8460
- C:\Windows\System\XWltnio.exe
  C:\Windows\System\XWltnio.exe
  2⤵
  PID:8472
- C:\Windows\System\GPNQPcp.exe
  C:\Windows\System\GPNQPcp.exe
  2⤵
  PID:8496
- C:\Windows\System\TmhDOQO.exe
  C:\Windows\System\TmhDOQO.exe
  2⤵
  PID:8572
- C:\Windows\System\myjVknr.exe
  C:\Windows\System\myjVknr.exe
  2⤵
  PID:8552
- C:\Windows\System\EshNkgN.exe
  C:\Windows\System\EshNkgN.exe
  2⤵
  PID:8612
- C:\Windows\System\eIQbxXT.exe
  C:\Windows\System\eIQbxXT.exe
  2⤵
  PID:8952
- C:\Windows\System\nxZdhKS.exe
  C:\Windows\System\nxZdhKS.exe
  2⤵
  PID:9016
- C:\Windows\System\iQUtcCP.exe
  C:\Windows\System\iQUtcCP.exe
  2⤵
  PID:9032
- C:\Windows\System\BGsLCWj.exe
  C:\Windows\System\BGsLCWj.exe
  2⤵
  PID:9084
- C:\Windows\System\wxXfKCw.exe
  C:\Windows\System\wxXfKCw.exe
  2⤵
  PID:9148
- C:\Windows\System\RJcVThW.exe
  C:\Windows\System\RJcVThW.exe
  2⤵
  PID:9212
- C:\Windows\System\TCRgvPD.exe
  C:\Windows\System\TCRgvPD.exe
  2⤵
  PID:9064
- C:\Windows\System\NDqledh.exe
  C:\Windows\System\NDqledh.exe
  2⤵
  PID:8356
- C:\Windows\System\cMcYAbC.exe
  C:\Windows\System\cMcYAbC.exe
  2⤵
  PID:8224
- C:\Windows\System\JupAkmG.exe
  C:\Windows\System\JupAkmG.exe
  2⤵
  PID:8488
- C:\Windows\System\uYoYINM.exe
  C:\Windows\System\uYoYINM.exe
  2⤵
  PID:8504
- C:\Windows\System\dxaWFmt.exe
  C:\Windows\System\dxaWFmt.exe
  2⤵
  PID:8520
- C:\Windows\System\dhxhlFn.exe
  C:\Windows\System\dhxhlFn.exe
  2⤵
  PID:8516
- C:\Windows\System\SHoRipI.exe
  C:\Windows\System\SHoRipI.exe
  2⤵
  PID:8588
- C:\Windows\System\XQFzoDV.exe
  C:\Windows\System\XQFzoDV.exe
  2⤵
  PID:8632
- C:\Windows\System\jkzibCl.exe
  C:\Windows\System\jkzibCl.exe
  2⤵
  PID:8716
- C:\Windows\System\acTdGoh.exe
  C:\Windows\System\acTdGoh.exe
  2⤵
  PID:8740
- C:\Windows\System\vLDtDJr.exe
  C:\Windows\System\vLDtDJr.exe
  2⤵
  PID:8780
- C:\Windows\System\woaFNpB.exe
  C:\Windows\System\woaFNpB.exe
  2⤵
  PID:8828
- C:\Windows\System\xpLfVdY.exe
  C:\Windows\System\xpLfVdY.exe
  2⤵
  PID:8984
- C:\Windows\System\KwyzqCz.exe
  C:\Windows\System\KwyzqCz.exe
  2⤵
  PID:8988
- C:\Windows\System\tMpvnDG.exe
  C:\Windows\System\tMpvnDG.exe
  2⤵
  PID:8904
- C:\Windows\System\BvfDtWp.exe
  C:\Windows\System\BvfDtWp.exe
  2⤵
  PID:9000
- C:\Windows\System\IxVDFtP.exe
  C:\Windows\System\IxVDFtP.exe
  2⤵
  PID:9144
- C:\Windows\System\gEzOVyK.exe
  C:\Windows\System\gEzOVyK.exe
  2⤵
  PID:9196
- C:\Windows\System\IOIuDcm.exe
  C:\Windows\System\IOIuDcm.exe
  2⤵
  PID:7800
- C:\Windows\System\lIJSaTN.exe
  C:\Windows\System\lIJSaTN.exe
  2⤵
  PID:7344
- C:\Windows\System\OxQfZGA.exe
  C:\Windows\System\OxQfZGA.exe
  2⤵
  PID:8340
- C:\Windows\System\zrXsOPB.exe
  C:\Windows\System\zrXsOPB.exe
  2⤵
  PID:8360
- C:\Windows\System\mnQOrsY.exe
  C:\Windows\System\mnQOrsY.exe
  2⤵
  PID:8440
- C:\Windows\System\BcjuITC.exe
  C:\Windows\System\BcjuITC.exe
  2⤵
  PID:7632
- C:\Windows\System\DNpoRni.exe
  C:\Windows\System\DNpoRni.exe
  2⤵
  PID:8600
- C:\Windows\System\FNRTkgO.exe
  C:\Windows\System\FNRTkgO.exe
  2⤵
  PID:8700
- C:\Windows\System\fCSynky.exe
  C:\Windows\System\fCSynky.exe
  2⤵
  PID:8796
- C:\Windows\System\UdmglNM.exe
  C:\Windows\System\UdmglNM.exe
  2⤵
  PID:8840
- C:\Windows\System\YSoDZoy.exe
  C:\Windows\System\YSoDZoy.exe
  2⤵
  PID:8876
- C:\Windows\System\wUxUMJV.exe
  C:\Windows\System\wUxUMJV.exe
  2⤵
  PID:5756
- C:\Windows\System\NQBYnpJ.exe
  C:\Windows\System\NQBYnpJ.exe
  2⤵
  PID:9080
- C:\Windows\System\YCmwOFT.exe
  C:\Windows\System\YCmwOFT.exe
  2⤵
  PID:9164
- C:\Windows\System\aJrCZGQ.exe
  C:\Windows\System\aJrCZGQ.exe
  2⤵
  PID:8016
- C:\Windows\System\onbgODO.exe
  C:\Windows\System\onbgODO.exe
  2⤵
  PID:8336
- C:\Windows\System\TTRrdsY.exe
  C:\Windows\System\TTRrdsY.exe
  2⤵
  PID:8376
- C:\Windows\System\uKzBmld.exe
  C:\Windows\System\uKzBmld.exe
  2⤵
  PID:8468
- C:\Windows\System\LJRsynH.exe
  C:\Windows\System\LJRsynH.exe
  2⤵
  PID:8628
- C:\Windows\System\gjgEGJH.exe
  C:\Windows\System\gjgEGJH.exe
  2⤵
  PID:8756
- C:\Windows\System\YIJlRsD.exe
  C:\Windows\System\YIJlRsD.exe
  2⤵
  PID:8844
- C:\Windows\System\Beudlue.exe
  C:\Windows\System\Beudlue.exe
  2⤵
  PID:8968
- C:\Windows\System\HUoyOnp.exe
  C:\Windows\System\HUoyOnp.exe
  2⤵
  PID:9160
- C:\Windows\System\MghChii.exe
  C:\Windows\System\MghChii.exe
  2⤵
  PID:8300
- C:\Windows\System\Zdycsrk.exe
  C:\Windows\System\Zdycsrk.exe
  2⤵
  PID:8312
- C:\Windows\System\QtsrBbG.exe
  C:\Windows\System\QtsrBbG.exe
  2⤵
  PID:8592
- C:\Windows\System\SfixyJG.exe
  C:\Windows\System\SfixyJG.exe
  2⤵
  PID:8824
- C:\Windows\System\HIgmRwP.exe
  C:\Windows\System\HIgmRwP.exe
  2⤵
  PID:8936
- C:\Windows\System\VPgkgpV.exe
  C:\Windows\System\VPgkgpV.exe
  2⤵
  PID:9132
- C:\Windows\System\kkzoWQS.exe
  C:\Windows\System\kkzoWQS.exe
  2⤵
  PID:8648
- C:\Windows\System\gmIAUsT.exe
  C:\Windows\System\gmIAUsT.exe
  2⤵
  PID:8792
- C:\Windows\System\dZgTIkD.exe
  C:\Windows\System\dZgTIkD.exe
  2⤵
  PID:8216
- C:\Windows\System\tjSNLtF.exe
  C:\Windows\System\tjSNLtF.exe
  2⤵
  PID:8920
- C:\Windows\System\QsQRvVe.exe
  C:\Windows\System\QsQRvVe.exe
  2⤵
  PID:8660
- C:\Windows\System\GKmZvXs.exe
  C:\Windows\System\GKmZvXs.exe
  2⤵
  PID:8860
- C:\Windows\System\caTVMXA.exe
  C:\Windows\System\caTVMXA.exe
  2⤵
  PID:7732
- C:\Windows\System\WzGitCi.exe
  C:\Windows\System\WzGitCi.exe
  2⤵
  PID:9236
- C:\Windows\System\UjcvXTZ.exe
  C:\Windows\System\UjcvXTZ.exe
  2⤵
  PID:9256
- C:\Windows\System\ArLUNiw.exe
  C:\Windows\System\ArLUNiw.exe
  2⤵
  PID:9276
- C:\Windows\System\GeaNGPV.exe
  C:\Windows\System\GeaNGPV.exe
  2⤵
  PID:9292
- C:\Windows\System\klzXQHB.exe
  C:\Windows\System\klzXQHB.exe
  2⤵
  PID:9316
- C:\Windows\System\EUJqdrw.exe
  C:\Windows\System\EUJqdrw.exe
  2⤵
  PID:9332
- C:\Windows\System\NxuSvtA.exe
  C:\Windows\System\NxuSvtA.exe
  2⤵
  PID:9356
- C:\Windows\System\hSjbMYs.exe
  C:\Windows\System\hSjbMYs.exe
  2⤵
  PID:9372
- C:\Windows\System\vvadJfm.exe
  C:\Windows\System\vvadJfm.exe
  2⤵
  PID:9392
- C:\Windows\System\aJxITUC.exe
  C:\Windows\System\aJxITUC.exe
  2⤵
  PID:9412
- C:\Windows\System\gpsrhCE.exe
  C:\Windows\System\gpsrhCE.exe
  2⤵
  PID:9436
- C:\Windows\System\VZiZWdG.exe
  C:\Windows\System\VZiZWdG.exe
  2⤵
  PID:9452
- C:\Windows\System\gHDrNrQ.exe
  C:\Windows\System\gHDrNrQ.exe
  2⤵
  PID:9472
- C:\Windows\System\GxUWbKe.exe
  C:\Windows\System\GxUWbKe.exe
  2⤵
  PID:9492
- C:\Windows\System\fGhcgib.exe
  C:\Windows\System\fGhcgib.exe
  2⤵
  PID:9508
- C:\Windows\System\MiYvpRI.exe
  C:\Windows\System\MiYvpRI.exe
  2⤵
  PID:9528
- C:\Windows\System\PlVpTWl.exe
  C:\Windows\System\PlVpTWl.exe
  2⤵
  PID:9544
- C:\Windows\System\DDIxZjV.exe
  C:\Windows\System\DDIxZjV.exe
  2⤵
  PID:9568
- C:\Windows\System\gMhcVoq.exe
  C:\Windows\System\gMhcVoq.exe
  2⤵
  PID:9584
- C:\Windows\System\mFJocFK.exe
  C:\Windows\System\mFJocFK.exe
  2⤵
  PID:9612
- C:\Windows\System\XToxVno.exe
  C:\Windows\System\XToxVno.exe
  2⤵
  PID:9628
- C:\Windows\System\tdddeOP.exe
  C:\Windows\System\tdddeOP.exe
  2⤵
  PID:9644
- C:\Windows\System\SApBbWQ.exe
  C:\Windows\System\SApBbWQ.exe
  2⤵
  PID:9664
- C:\Windows\System\IEOHhMT.exe
  C:\Windows\System\IEOHhMT.exe
  2⤵
  PID:9680
- C:\Windows\System\RkBakMI.exe
  C:\Windows\System\RkBakMI.exe
  2⤵
  PID:9704
- C:\Windows\System\zWFUUlv.exe
  C:\Windows\System\zWFUUlv.exe
  2⤵
  PID:9724
- C:\Windows\System\LAKouxd.exe
  C:\Windows\System\LAKouxd.exe
  2⤵
  PID:9748
- C:\Windows\System\MLnDjxB.exe
  C:\Windows\System\MLnDjxB.exe
  2⤵
  PID:9764
- C:\Windows\System\PwxYwJT.exe
  C:\Windows\System\PwxYwJT.exe
  2⤵
  PID:9792
- C:\Windows\System\RUQVeBg.exe
  C:\Windows\System\RUQVeBg.exe
  2⤵
  PID:9808
- C:\Windows\System\gpTiZoy.exe
  C:\Windows\System\gpTiZoy.exe
  2⤵
  PID:9836
- C:\Windows\System\rIJUymO.exe
  C:\Windows\System\rIJUymO.exe
  2⤵
  PID:9852
- C:\Windows\System\zzACYdU.exe
  C:\Windows\System\zzACYdU.exe
  2⤵
  PID:9868
- C:\Windows\System\VsaHeyZ.exe
  C:\Windows\System\VsaHeyZ.exe
  2⤵
  PID:9884
- C:\Windows\System\PkChfmN.exe
  C:\Windows\System\PkChfmN.exe
  2⤵
  PID:9908
- C:\Windows\System\MrEwhhR.exe
  C:\Windows\System\MrEwhhR.exe
  2⤵
  PID:9928
- C:\Windows\System\AviJjjx.exe
  C:\Windows\System\AviJjjx.exe
  2⤵
  PID:9948
- C:\Windows\System\KveyPVj.exe
  C:\Windows\System\KveyPVj.exe
  2⤵
  PID:9964
- C:\Windows\System\IWxkQqx.exe
  C:\Windows\System\IWxkQqx.exe
  2⤵
  PID:9988
- C:\Windows\System\BLrRnkw.exe
  C:\Windows\System\BLrRnkw.exe
  2⤵
  PID:10008
- C:\Windows\System\CCxcRDQ.exe
  C:\Windows\System\CCxcRDQ.exe
  2⤵
  PID:10028
- C:\Windows\System\mSZMqDq.exe
  C:\Windows\System\mSZMqDq.exe
  2⤵
  PID:10048
- C:\Windows\System\fzpcvfo.exe
  C:\Windows\System\fzpcvfo.exe
  2⤵
  PID:10064
- C:\Windows\System\CqwrCou.exe
  C:\Windows\System\CqwrCou.exe
  2⤵
  PID:10104
- C:\Windows\System\YHzdwRK.exe
  C:\Windows\System\YHzdwRK.exe
  2⤵
  PID:10124
- C:\Windows\System\lCfzdTG.exe
  C:\Windows\System\lCfzdTG.exe
  2⤵
  PID:10140
- C:\Windows\System\jWmngkD.exe
  C:\Windows\System\jWmngkD.exe
  2⤵
  PID:10164
- C:\Windows\System\laoFVRp.exe
  C:\Windows\System\laoFVRp.exe
  2⤵
  PID:10180
- C:\Windows\System\hvWYUXB.exe
  C:\Windows\System\hvWYUXB.exe
  2⤵
  PID:10204
- C:\Windows\System\PwRPFOn.exe
  C:\Windows\System\PwRPFOn.exe
  2⤵
  PID:10224
- C:\Windows\System\FFYqBDp.exe
  C:\Windows\System\FFYqBDp.exe
  2⤵
  PID:8764
- C:\Windows\System\whclfYy.exe
  C:\Windows\System\whclfYy.exe
  2⤵
  PID:9252
- C:\Windows\System\hxgpLjh.exe
  C:\Windows\System\hxgpLjh.exe
  2⤵
  PID:9284
- C:\Windows\System\hpLVQTv.exe
  C:\Windows\System\hpLVQTv.exe
  2⤵
  PID:9312
- C:\Windows\System\DzIZmQF.exe
  C:\Windows\System\DzIZmQF.exe
  2⤵
  PID:9340
- C:\Windows\System\uQrSFXj.exe
  C:\Windows\System\uQrSFXj.exe
  2⤵
  PID:9384
- C:\Windows\System\VOJcNfS.exe
  C:\Windows\System\VOJcNfS.exe
  2⤵
  PID:9404
- C:\Windows\System\FznqGtn.exe
  C:\Windows\System\FznqGtn.exe
  2⤵
  PID:9448
- C:\Windows\System\pkqAHgC.exe
  C:\Windows\System\pkqAHgC.exe
  2⤵
  PID:9484
- C:\Windows\System\qiQmkxC.exe
  C:\Windows\System\qiQmkxC.exe
  2⤵
  PID:9536
- C:\Windows\System\KvLObtL.exe
  C:\Windows\System\KvLObtL.exe
  2⤵
  PID:9552
- C:\Windows\System\LnIcvMb.exe
  C:\Windows\System\LnIcvMb.exe
  2⤵
  PID:9564
- C:\Windows\System\alXoLNA.exe
  C:\Windows\System\alXoLNA.exe
  2⤵
  PID:9600
- C:\Windows\System\thOlTyO.exe
  C:\Windows\System\thOlTyO.exe
  2⤵
  PID:9656
- C:\Windows\System\nopAgtD.exe
  C:\Windows\System\nopAgtD.exe
  2⤵
  PID:9712
- C:\Windows\System\OiTbLlW.exe
  C:\Windows\System\OiTbLlW.exe
  2⤵
  PID:9732
- C:\Windows\System\AHZVHfn.exe
  C:\Windows\System\AHZVHfn.exe
  2⤵
  PID:9744
- C:\Windows\System\scfOvEf.exe
  C:\Windows\System\scfOvEf.exe
  2⤵
  PID:9720
- C:\Windows\System\VOSQcQr.exe
  C:\Windows\System\VOSQcQr.exe
  2⤵
  PID:9820
- C:\Windows\System\SnJyZuD.exe
  C:\Windows\System\SnJyZuD.exe
  2⤵
  PID:9864
- C:\Windows\System\NbWCHtP.exe
  C:\Windows\System\NbWCHtP.exe
  2⤵
  PID:9844
- C:\Windows\System\TxsNHVq.exe
  C:\Windows\System\TxsNHVq.exe
  2⤵
  PID:9916
- C:\Windows\System\KhECryf.exe
  C:\Windows\System\KhECryf.exe
  2⤵
  PID:9972
- C:\Windows\System\YNSZcQT.exe
  C:\Windows\System\YNSZcQT.exe
  2⤵
  PID:10024
- C:\Windows\System\DlzDXXR.exe
  C:\Windows\System\DlzDXXR.exe
  2⤵
  PID:9996
- C:\Windows\System\DZjGDAy.exe
  C:\Windows\System\DZjGDAy.exe
  2⤵
  PID:10072
- C:\Windows\System\HCpUzww.exe
  C:\Windows\System\HCpUzww.exe
  2⤵
  PID:10092
- C:\Windows\System\jNRUTIV.exe
  C:\Windows\System\jNRUTIV.exe
  2⤵
  PID:10116
- C:\Windows\System\BinfKIF.exe
  C:\Windows\System\BinfKIF.exe
  2⤵
  PID:10156
- C:\Windows\System\LAgrGIv.exe
  C:\Windows\System\LAgrGIv.exe
  2⤵
  PID:10192
- C:\Windows\System\CuNmwnz.exe
  C:\Windows\System\CuNmwnz.exe
  2⤵
  PID:10216
- C:\Windows\System\qskGkTs.exe
  C:\Windows\System\qskGkTs.exe
  2⤵
  PID:9228
- C:\Windows\System\pOrFhVt.exe
  C:\Windows\System\pOrFhVt.exe
  2⤵
  PID:9300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMyDDap.exe

Filesize
6.0MB

MD5
f7cae40ebbc31aa7b1194b6bd2404c17

SHA1
964da28e358153da1e31605fee857f721033f372

SHA256
0e50812451164003b83d7d3dfc6eeef147425198c98f5dba0945c5d2ad0b6b81

SHA512
29e5cb3e7a827adf96980e689e91c81bfb1b2021a574f4fead9591abf63579dc512f97d6c48de09f4653c422129fb7182ae7a430764098e2d9af7bf5b4830e8a

Download Submit
C:\Windows\system\BMDkYzv.exe

Filesize
6.0MB

MD5
0f676d0330bdb3f238e97b46918115a5

SHA1
105f2b5ad493bd4f79034c76b9d63fd65b3337da

SHA256
c587e4b8c0c612836a21c0307f9af3dd60a4cdd307db5952f021d54d989c2c54

SHA512
1c449d1b5b11eef74f3e7925aa88a59cc304eabb35f3a4c0647b9495d5065c120f8a99c074a1031baed3c97613c3b95d2731cf1900a94d18725cc2ccc9d78bce

Download Submit
C:\Windows\system\BNEHXWB.exe

Filesize
8B

MD5
171d8cdad6c958664bc64b7ac9acc7db

SHA1
34a8b0bf4a2feda43ec85c448bceefbc82f2f806

SHA256
827aa895e801414fdc25ed54edde8897f8082b73e3a25ae1d28da88ad659c91a

SHA512
7a7f61ccbebf5563361a9ef7ed04c9ac68f4770b47b9ed16c3667f36ab43a3927ff06f300d3f2d0847d0a65f0339e87b9eeed647795388cb9b6fa4e687661f1e

Download Submit
C:\Windows\system\BjjDxiL.exe

Filesize
6.0MB

MD5
3a273fd2be391058e6e36785fd198d8e

SHA1
9d8319176ec67f339c5d2e51d2a7c7a73c13a34e

SHA256
376f8098205919e3ad5b584a7b8475509ad4053d141b79690cd1021f0c4c3fe0

SHA512
f46be9595c934e2aee29e6dc17b7d597b02d3f54a24af5889dec3199a55a18c74112552e2c100b3302c89e7c3f57fec0b0e55da91f65af173d69a2829c45ad67

Download Submit
C:\Windows\system\CyWIdOl.exe

Filesize
6.0MB

MD5
9c52177836b3b37ed1f5acbfdcf676fd

SHA1
7a8569a0427fcf2f91a69ad9a2a70cee833b5fb1

SHA256
99aa94b1f6aea1992fbb50eac30c14a93bc2c98603c33e8de1b2830dc552bf14

SHA512
6c88a7837f8fae3c14bdefd026919083e2929c9aa70841b6e957a89ecea03306c5b08d3e9eea92f536ff4d23d31d955f77716c956b13e938830a5a6095110c77

Download Submit
C:\Windows\system\DnqZjfQ.exe

Filesize
6.0MB

MD5
cd96887b799167d9bd286c4267e90e20

SHA1
a924c31fb20652f0658e976bd97ef23e01e5d44e

SHA256
54079ca8d49e50e4d500bb582310bbb497217f114993a991018270e47f98d8fd

SHA512
0267848fe51ef3e587bdb54a5abccc7312ce0b2d9782d62ea622ae48a886336c0d36ffcdd99e3eea0320918e4728f7f93ac4cfb714777e5fb0e3065e2e204559

Download Submit
C:\Windows\system\GrtJdup.exe

Filesize
6.0MB

MD5
5a01e2345eff09e98d97de327b7fb263

SHA1
c6a93708ea6a3d4393962e44c9bb58e86e8d095f

SHA256
9ece71a7acaac0d61367c7e21f8179b63c5ff296b290e6e58c8f424732747018

SHA512
9ee3fd973df19937254e15c69ecc2b7da852d0ddfc28fe41bcda0ecad19512b860217debf679a287fc9da885bd86a6c437358a5101abfbd4f0076bc2e7d2407a

Download Submit
C:\Windows\system\JhzvPvR.exe

Filesize
6.0MB

MD5
e39da2f3d7383f2dd4ecc3403808085e

SHA1
83f94e8db073fb3899dbba7575c8c17f2c11e507

SHA256
8909d110c321ff99099c2bdfd9399e330a1d09ce667d50f28bfca82707135a91

SHA512
205321b29451cb3ee29b8341f14c343999502dc1f673f3036248a67870931df442c2715110b6c69f024953e3e156c2b52c2270625299b67289305e1eb32504f3

Download Submit
C:\Windows\system\LXTfLdt.exe

Filesize
6.0MB

MD5
4ad036c2f3bcaca1867edd55fcf1942f

SHA1
8de37fd9cf62e8aca66e9992575b4bbfae3ecc69

SHA256
cd7b91f8dc9d0fef2aa43d76d7026527a2500df0aa49f27d0ec646a071843401

SHA512
c0cbafe0d4a734e5ad35d71b8a687824fb394efd40eaa57eb33e24fb5fe676bc1f30548ce1a452896b2b902357fa67f46e0b120ed5cbfc0746cc05c80c9b4ba2

Download Submit
C:\Windows\system\LhYEGCY.exe

Filesize
6.0MB

MD5
3c254c528c70aceb42521617cdab3991

SHA1
7d0d6eadb9048d55dcc8a937080e52e3fa9f0148

SHA256
6f4fc6cd6730aa33779c1599a8e4a5ca8b0203098140ba4bffcb150c7ba4de61

SHA512
3d93889095efa01b858079138567ed8bf48e36bd6e037bdbd963bf2ddda1d3b3aa53e549b0de8a3147324c5d01b7184fcd9834cdec861f9f4a52f188dcfb7965

Download Submit
C:\Windows\system\PSKzmFO.exe

Filesize
6.0MB

MD5
c8832bda7efe8b513ac08b416346bde9

SHA1
b6ddcb081ebf161130383d90c74c2a03c57cd350

SHA256
0ec84dbf63291a6fcccf59e8344335487d110ec78d6ef4bcb3fc7d935b9d6678

SHA512
405fde4c873bef1491df42e237d9aae4d01532f28aa306f6748c6a3ae45fb7b31e79eddfae7966beec14f73a30f23eb799d8b0c342fb8a632ff41702a196ccfd

Download Submit
C:\Windows\system\Vvyemmp.exe

Filesize
6.0MB

MD5
bb66daa953541c6590206c924951c65e

SHA1
2b47b09f513ddf6babcde07eff06b1a4eb43ac80

SHA256
dc231d8705e5d92e6b5a3b2b3d877569bff4729b25ca598ea88448fbf8a2b97e

SHA512
d8536d9b619a1fd7bbb7a8d9e905c1dd47c3fbb9554640799f079349f808508ac7eaf7041cd6fa4e31fcb3b818f16207aa4f7d6c1e1990d02b5312bf13e10f80

Download Submit
C:\Windows\system\dwwCFbx.exe

Filesize
6.0MB

MD5
61d8780b682f670fb2b4bf9f1937e876

SHA1
9ae12e46661cffc5e7102bc4464c8627daecc877

SHA256
12abb03ccf0182e599e953ae9f88621800126b551991156799018a53f1871ca5

SHA512
511acdccce443580afc9bcffce53f5dd267255f34ee46d4746c463508e03665bba49e9006798fc0b271103a01c4e64eb3a05b58f35d4fccd5b79e5e394de81fd

Download Submit
C:\Windows\system\fBsiDKh.exe

Filesize
6.0MB

MD5
f98496c642383d07562a68ffae80b72c

SHA1
455fa9a2e744a46fb3ad67754c84e5d475d8790b

SHA256
d54de0c81603340b648a3944017667d419ef3ccb0b6acdd56f79f7ef1eae6163

SHA512
d0487c9541730116cff28d4761c24037220a1d65f79fec3dd5002f8956e6a2fb7cae41eb3942ec1e30d4d90f4cc8f1f17b635b5f16f3c6ff171f71275252478a

Download Submit
C:\Windows\system\iRQYwMW.exe

Filesize
6.0MB

MD5
589104ac584c1002e2346e63b97d922e

SHA1
05d4e3845ee3ca81f735bd1d940f722521ce4e8f

SHA256
d2670d34f4e8c003440607433335300e672413f87c13064e97f62d281db20e8a

SHA512
492eb7192f5bfb4d241dc1e7859816347234d2392528b0ce542ea9e6dfb11edea8d574dfdda149c06e3c8fed1a4bee171217588eb24af99985caa5a0ab4beef6

Download Submit
C:\Windows\system\iigkBkl.exe

Filesize
6.0MB

MD5
5d8eebd46cbc7e66f49b638836069bd9

SHA1
336e564fb8ff680fc22bfee59642bfb442516136

SHA256
5d8c65652ae61d8f11f45071bfb6afb78d9c94ff75cc6a916cd14ac47b52a6ec

SHA512
797bfa67cc25b66783e4f2efa133655e9ded3c6613209d2333945d242b0c14e3c884c681c4dc878fe71b494dc2cf925d1caf087cd82693e3808256615557c72b

Download Submit
C:\Windows\system\kEfPwlw.exe

Filesize
6.0MB

MD5
482c4662999ee4d835ed8b26b8e20047

SHA1
8c105dfccdabe6f0a6a0fa0a477f27b91e6423d1

SHA256
06801287d6c3eece85d7a245cfa258c933e89a229bf8326dd476d4b785430a76

SHA512
ec665c8b58f6b2100049c2aff51ea4b77575e2dd5b06546af2fc335aa869435bd37e55f801bd215f71c794b6b502440a439da8675eabcf2b507141b10823b875

Download Submit
C:\Windows\system\kPpBlYF.exe

Filesize
6.0MB

MD5
197e5a4560d7f984ef4dc679b03e50d0

SHA1
9ef5ec8f7df3ca42bbe8f9b37248e76377c13375

SHA256
836b7b344035c5ed475811dc1d996bf06f1c71fb888a5c7642bd42bc7111b6dc

SHA512
8b96ce76770405748f0ec117e2cb04d79ccc1570051c0c08f1b7b1857411e4428bd4b8324ee250cf72a07a8f7afb03e54e5f19904b2c4ab91637db8c37f8840c

Download Submit
C:\Windows\system\kQrlPUq.exe

Filesize
6.0MB

MD5
41bd85d51a508ebeab183476ee9310c4

SHA1
9d50898472e87a0ab9f3c6c880fa401584dd6796

SHA256
986670fe6697ee2d98842012b2abb1a704462d041f3f143339203b5df8e9759c

SHA512
8507f1f643f05429e72a3f6733c3e852074571e096b7b4dbafa7ff4376eef3b8114a504366d694c634fa2438f2dee0a73af663ffbab55a31a023637da90b5a7e

Download Submit
C:\Windows\system\nGEJxzj.exe

Filesize
6.0MB

MD5
fef9e9f16361b458640ff27dcd2ca0e7

SHA1
959913288cd0165c66fe2d5be6b6eeaa14cc5707

SHA256
8e200d4dcc10d990ea6f40e16144a673bf0561cb5c7fbe17167a0dbcc2afccca

SHA512
989bbdba8ac842ba2b55f797339662404a7311796e560c412f3170bcabeef4d0c4f709f335176e9a052d07c923d74aad6177eebb4a05f3eadf394976c6b5575f

Download Submit
C:\Windows\system\pbRGopB.exe

Filesize
6.0MB

MD5
3aeca69a8c4d84f500b8ffa24b1c68ef

SHA1
404b8a294fec47139bab81b96549c9a5426c5b4f

SHA256
c804d00290a5bb3d85d751624045bed52769a569f14521a94eb5fd9a2eaebae9

SHA512
120123ca5cc7f53d48d662fd8d94d703860301f251da36aede2f6b79823b187c976968294af4e3a3a85e2d2f2549b6615da223b6d5cf6984fd8714247a9c4ca2

Download Submit
C:\Windows\system\sKfNKki.exe

Filesize
6.0MB

MD5
666a7697f9f5a43198670b4880450a6e

SHA1
c5a308c80b6eca367348b4872fcedac1d7bc1fad

SHA256
e8e1b5287c6a0bfd8481c26339f2b5e9e6a15b9759acb3c3e443cf9e07801e31

SHA512
f2b548ec4add623e83cefdb027b6b76353b43bd3388cd626eb7be157436dc1b127bac227a927e17cc196cd8e482c1edf08c0e7f0645435f284df271756e6eadf

Download Submit
C:\Windows\system\scAKcuq.exe

Filesize
6.0MB

MD5
476797fba40e0dd42581f6e23060e596

SHA1
dab7fe8aa966cd2c3be70bafa8b28cf3afaf38dc

SHA256
221687dd45c75e6ab80db712f2f7f6c66ca465d7dde994b0eff6724d98069008

SHA512
89ba8ac9547231623872ea4bf8c619d7dde16c9fd7c44c6461ac25272558849dfeaafc509da83dfbd321d001e68cae06d603a27cd1d586255c455781a7609d9a

Download Submit
C:\Windows\system\zBkBEcn.exe

Filesize
6.0MB

MD5
0c40f115661e2557a96f1025c85334b3

SHA1
6e4f069365cee16e68809234dc2494284cf20632

SHA256
cd7ce37621f5e93eaa44ea65af7861aa795c46802e071389ba23bfe20991a6fd

SHA512
b2d441a0ba1d65d10d517e424728b1f1b5089afd9ee2c53123f71a1b6e606044579ab4a2f8e1475897e5ad9dc7a8be8c5dbcf019023921ed54b450f3a1e5562d

Download Submit
\Windows\system\HjItnZQ.exe

Filesize
6.0MB

MD5
ee489498ff2038cf46cca3212b407ba6

SHA1
80569d4cff7678716812f51c8cc460f0ca1434f0

SHA256
f321fe24cee711ffc8a54dc575588cac93a9cbecde587b9c04e14aaa5fa4a21b

SHA512
ea86b5ebb58e30f9254d6fe50ab63226d41b8b961f5be6442a9ef47b0e279e8860e14be699f6891d3c417fe69a03ec24bdd25237e8e3337a6522f41d76926c5e

Download Submit
\Windows\system\KPeieaJ.exe

Filesize
6.0MB

MD5
e7c10e66eac6e4b2bf5d302087ad5910

SHA1
6fb92f683c39a416de8358bd07f455fc2db8dd7e

SHA256
35ede545fc8eb74ea90c77c9cf0a99046ff715cf789409b3e93d9bdce9008c0e

SHA512
8e45fcb629182e6b6319b7d211c584c648c98e4079ab16aac5d8d1dd1a6108e415cca65534162a8e26ee2555513246f48b159246ad2ac852587ec52ac3fea4e7

Download Submit
\Windows\system\UrBGHfP.exe

Filesize
6.0MB

MD5
a79ffabfd9ed1de163522ce4575e33b9

SHA1
a09aa729be504c62afd384ebdf91453f42815af2

SHA256
5049ddc083d6aeb1960c83de0491add91245cfb9462f7eca75ae0507e3dfb073

SHA512
db37a5bb75f228e1162fe084bf7347dbdbb1b6c49c90838dd60fe1b4ca7dab7b5e7d1d586685bd69401649513981104697fc3cdb6c329a54ba01a19252ed8104

Download Submit
\Windows\system\eNABgBL.exe

Filesize
6.0MB

MD5
5c881854cef08b3b7563e85e90c6bfb4

SHA1
4f4f5b75d5640ca4cc83fdff7be639ef91f81bfa

SHA256
5fc7a8fd10c719cf528aeb82b14cf72ca04f2b9d76cfb848fe5dde8b4683e632

SHA512
89939bda93efbf7912413248e53f67bab972c3ba2370c2b786794e0303f9b0e2e92b2b07dfc95ddea3a70de3aa917c2b588ccff3416aec3ccda07d7e1d617f24

Download Submit
\Windows\system\jWUphum.exe

Filesize
6.0MB

MD5
08ea04b195c2312fb9ef09bcb2585f83

SHA1
63b38eaf7a2df6d6732c163244cffa17c754cdbe

SHA256
f0e5bf51433e2daf65205d8531d458b730800079996528f3c4443d2486122b3b

SHA512
7c108a2b7d50ea6b1be50c4a294b13fdae7087a7f17ea30acc38d967f2a8150bb12f470199febfbdacfa851ba486df055b192b94d3aa5cefa51882be776bde8f

Download Submit
\Windows\system\jaXSPCY.exe

Filesize
6.0MB

MD5
2f0077e001d4e88fd7fa7a37b8509a31

SHA1
650b677055b40d10bbe164335a16855a6f9f6e41

SHA256
f784f26b18271945f079eb4f827af65db6514b0be27d2b7164afae79381607ea

SHA512
5a0841aaf5a2ebabe19570f7b8ccb5757a25f3445e82f607775ad02250903262c1cd1f2065a2799281ae0ed2c1003069777b7c0e19746bbcf9e63006150ce6df

Download Submit
\Windows\system\jhRmsqk.exe

Filesize
6.0MB

MD5
10eaf8a55cc3a8da5bc90b71c429457f

SHA1
47e153f60655c9ab1105497437e18cf4b209db8a

SHA256
36813024c2e1a725eb534887808c323456e37f238ae1b4031ef41bbc8afb6ff1

SHA512
d0b70c2e6d10d9729dc91a0d0b20c3a336e1eede77213445d13852d4c16bc971ffa94cf54da265d231eff82fddd57e9bff7e596bc2281a9241c924e0c02087db

Download Submit
\Windows\system\jjVSbKK.exe

Filesize
6.0MB

MD5
f82e6e5c139071fbde52d05e4cd7da9a

SHA1
6365bfb05bf64f7be65762e98ee4a501dfd52668

SHA256
57c2dd3415d0bf06b0bfa58d5c317a13b65568c36eb7fedc1e5ba843cb6ce0ba

SHA512
5d1ce2da5154afbae5f12d4be70673d3786bebad939b33dc12d475e07e21871db78b93c029fa474cef9de3f72146935bcc1123ec2b8f64bd53c1c4d78ae3699f

Download Submit
\Windows\system\lfpfafj.exe

Filesize
6.0MB

MD5
2ca366f0a1adfbf2a7e446c823e655eb

SHA1
58210408125e28f7b5c6c4d3714223de69efbc2a

SHA256
e3971d42733c6a4529a2b241991e87bf4cc222a4aefb46d1fc3060af47a3c350

SHA512
3bff22ce388ad6ddb1f84a03fb05ed02e6bbdf47013c39c0e453af35c2d8c30bb6b3bda81872b8f69dab69878673910871b439d85db0733a0b58bee18f10552b

Download Submit
memory/1236-3881-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1236-60-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1236-99-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1816-3653-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1816-63-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1860-91-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1860-61-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-804-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1860-52-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1860-100-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-324-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1860-68-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-40-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1860-19-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1860-30-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1860-36-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1860-90-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1860-34-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1134-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-25-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1460-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-107-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-101-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-94-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-7-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-77-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3660-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1984-9-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1988-43-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1988-14-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3652-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2508-105-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-1297-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3900-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-21-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3661-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2580-48-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2612-668-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3898-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2612-87-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3895-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2640-73-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2640-218-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3886-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-69-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-82-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-557-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3894-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-972-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2800-95-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3899-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3896-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2880-70-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3753-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2932-79-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2932-39-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2956-72-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3770-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download