cobaltstrike | 5a5525c9542e05a3a928f119e59c916964dc56827373a2889d91ee3c9f0de25e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9a295039ed516057314b1013797aa66f
SHA1

b529417f993c8cf4c64b93c5a7f9fb2a7bfdcbde
SHA256

5a5525c9542e05a3a928f119e59c916964dc56827373a2889d91ee3c9f0de25e
SHA512

523c22da31e694768f84ae9b71b9ac16ce898c9b8a2931a50856815179ffba289fbb9b6dc3dc805cab2e31e7f876604002d643c03224c8614ae9e1ebfcb51d85
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017409-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-32.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c4-67.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001879b-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018690-53.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1552-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000017403-11.dat	xmrig
behavioral1/memory/2764-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0008000000017409-10.dat	xmrig
behavioral1/files/0x000800000001748f-27.dat	xmrig
behavioral1/files/0x000700000001752f-32.dat	xmrig
behavioral1/memory/1968-35-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x000a000000018678-43.dat	xmrig
behavioral1/memory/2604-49-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/1968-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2608-79-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2952-91-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-95.dat	xmrig
behavioral1/files/0x0005000000019441-109.dat	xmrig
behavioral1/files/0x0005000000019539-121.dat	xmrig
behavioral1/files/0x0005000000019621-143.dat	xmrig
behavioral1/memory/1552-913-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/1552-543-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001967d-169.dat	xmrig
behavioral1/files/0x0005000000019639-165.dat	xmrig
behavioral1/files/0x0005000000019629-161.dat	xmrig
behavioral1/files/0x0005000000019625-154.dat	xmrig
behavioral1/files/0x0005000000019627-157.dat	xmrig
behavioral1/files/0x0005000000019623-149.dat	xmrig
behavioral1/files/0x0005000000019620-142.dat	xmrig
behavioral1/files/0x000500000001961f-137.dat	xmrig
behavioral1/files/0x000500000001961d-134.dat	xmrig
behavioral1/files/0x000500000001961b-129.dat	xmrig
behavioral1/files/0x00050000000195e4-125.dat	xmrig
behavioral1/files/0x00050000000194d8-117.dat	xmrig
behavioral1/files/0x000500000001947e-113.dat	xmrig
behavioral1/files/0x000500000001942f-105.dat	xmrig
behavioral1/memory/1232-101-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019403-100.dat	xmrig
behavioral1/memory/792-90-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1552-81-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-77.dat	xmrig
behavioral1/files/0x00050000000193df-88.dat	xmrig
behavioral1/memory/1552-86-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2920-85-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2740-72-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-75.dat	xmrig
behavioral1/files/0x00060000000193c4-67.dat	xmrig
behavioral1/memory/2972-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2292-63-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001879b-61.dat	xmrig
behavioral1/memory/2092-57-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1552-55-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0007000000018690-53.dat	xmrig
behavioral1/memory/2608-40-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x001600000001866d-38.dat	xmrig
behavioral1/memory/2972-28-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2780-24-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2704-22-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2764-3915-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2608-3926-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2780-3928-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2704-3930-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2604-3964-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2972-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2092-4057-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2740-4578-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1968-4579-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	VxNnTCv.exe
2704	biMlBYz.exe
2780	MJEJtLQ.exe
2972	cZkwzCr.exe
1968	tjPGTID.exe
2608	AensnVM.exe
2604	jdPTeKh.exe
2092	hTziDol.exe
2292	tcNhHIm.exe
2740	GxhkefY.exe
2920	DFyJEqy.exe
792	lyBBTLh.exe
2952	OJyWFtj.exe
1232	vjuIjQb.exe
1588	cBLBjBc.exe
2612	MhkxSth.exe
1940	UCDKVey.exe
1400	meDbmKQ.exe
1840	hZmWCAa.exe
2992	ObiSZaN.exe
112	FtUjpyo.exe
1748	KXLohFq.exe
2012	HoIzgDe.exe
2188	PYQjqWF.exe
2364	rCQRtuQ.exe
2404	ZnAAtii.exe
1948	AMMyIyW.exe
1976	INKESvV.exe
2392	Mdiwocs.exe
688	RNTPruB.exe
1304	NWcWeas.exe
324	hUdTADT.exe
900	ksTLpUn.exe
1964	OHFIfVD.exe
1580	wSJaFFM.exe
2500	uwVkBOR.exe
2464	krmwXUA.exe
1292	VsRBVVO.exe
1464	hzZcnuD.exe
1532	dzhBHpc.exe
2216	aHOjNhX.exe
2400	JFvpkxS.exe
644	cPogdmH.exe
2060	XYzpWqm.exe
2444	zqBIzOa.exe
288	RrOJVVv.exe
3040	rliyGCa.exe
3028	tWsjbWW.exe
1916	wVtgnHk.exe
1280	OVmosfX.exe
2484	nNRfbTW.exe
2980	DitgUtm.exe
1412	IhENkpY.exe
1020	DNZrEjK.exe
1432	LMLklvu.exe
1952	ruNBWfn.exe
880	kVcmanq.exe
2452	cqbJVNa.exe
2692	ohpRjTt.exe
2744	WfQlQPw.exe
1180	nZavrPs.exe
2752	VcAeukj.exe
2820	NeAyVBM.exe
2732	yujyRdH.exe

Loads dropped DLL 64 IoCs

pid	Process
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1552-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000017403-11.dat	upx
behavioral1/memory/2764-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0008000000017409-10.dat	upx
behavioral1/files/0x000800000001748f-27.dat	upx
behavioral1/files/0x000700000001752f-32.dat	upx
behavioral1/memory/1968-35-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x000a000000018678-43.dat	upx
behavioral1/memory/2604-49-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/1968-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2608-79-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2952-91-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0005000000019401-95.dat	upx
behavioral1/files/0x0005000000019441-109.dat	upx
behavioral1/files/0x0005000000019539-121.dat	upx
behavioral1/files/0x0005000000019621-143.dat	upx
behavioral1/files/0x000500000001967d-169.dat	upx
behavioral1/files/0x0005000000019639-165.dat	upx
behavioral1/files/0x0005000000019629-161.dat	upx
behavioral1/files/0x0005000000019625-154.dat	upx
behavioral1/files/0x0005000000019627-157.dat	upx
behavioral1/files/0x0005000000019623-149.dat	upx
behavioral1/files/0x0005000000019620-142.dat	upx
behavioral1/files/0x000500000001961f-137.dat	upx
behavioral1/files/0x000500000001961d-134.dat	upx
behavioral1/files/0x000500000001961b-129.dat	upx
behavioral1/files/0x00050000000195e4-125.dat	upx
behavioral1/files/0x00050000000194d8-117.dat	upx
behavioral1/files/0x000500000001947e-113.dat	upx
behavioral1/files/0x000500000001942f-105.dat	upx
behavioral1/memory/1232-101-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0005000000019403-100.dat	upx
behavioral1/memory/792-90-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x00050000000193d9-77.dat	upx
behavioral1/files/0x00050000000193df-88.dat	upx
behavioral1/memory/2920-85-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2740-72-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-75.dat	upx
behavioral1/files/0x00060000000193c4-67.dat	upx
behavioral1/memory/2972-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2292-63-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x000700000001879b-61.dat	upx
behavioral1/memory/2092-57-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1552-55-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0007000000018690-53.dat	upx
behavioral1/memory/2608-40-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x001600000001866d-38.dat	upx
behavioral1/memory/2972-28-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2780-24-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2704-22-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2764-3915-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2608-3926-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2780-3928-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2704-3930-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2604-3964-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2972-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2092-4057-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2740-4578-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1968-4579-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/792-4580-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2292-4581-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2920-4582-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1232-4583-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hZmWCAa.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwpDLGV.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIgaWAZ.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLvgejg.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UepzQsC.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRJQCfo.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgAeDHq.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUxVzeu.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlXQjCY.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLWCdCB.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIjnmha.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJyWFtj.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNFkQRq.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqPeGbM.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwFjKAD.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPKqNco.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDQsNuN.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjgJieE.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfoPcHP.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtnQiPF.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XycMDJi.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rByFOKs.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zATiSLR.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuKVwsd.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiPEhea.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veBTnLb.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSkIZmT.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfTSKPK.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSvuXmL.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVnpbgg.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNvrxUV.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmxSZNX.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNUkQxu.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNdomey.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsYDMCi.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvDhUjT.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elvztpx.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUdTADT.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meyFfrM.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGRJYtf.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObrvkmB.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywcgCPX.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEWlYwe.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOqWQOi.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUNSBrE.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyvXRYZ.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwUpzZx.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVHgSnf.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFYYLSA.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlNFSTn.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNhkAHD.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reZkiYv.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxnzOkE.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxrPdoF.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJjSRog.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keciVYw.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amhKeJU.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oubETJH.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VjTFghA.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYXqVEt.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbJTggu.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWyUKRd.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNZrEjK.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUkjvFl.exe	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 2764	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1552 wrote to memory of 2764	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1552 wrote to memory of 2764	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1552 wrote to memory of 2704	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1552 wrote to memory of 2704	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1552 wrote to memory of 2704	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1552 wrote to memory of 2780	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1552 wrote to memory of 2780	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1552 wrote to memory of 2780	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1552 wrote to memory of 2972	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1552 wrote to memory of 2972	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1552 wrote to memory of 2972	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1552 wrote to memory of 1968	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1552 wrote to memory of 1968	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1552 wrote to memory of 1968	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1552 wrote to memory of 2608	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1552 wrote to memory of 2608	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1552 wrote to memory of 2608	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1552 wrote to memory of 2604	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1552 wrote to memory of 2604	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1552 wrote to memory of 2604	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1552 wrote to memory of 2092	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1552 wrote to memory of 2092	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1552 wrote to memory of 2092	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1552 wrote to memory of 2292	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1552 wrote to memory of 2292	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1552 wrote to memory of 2292	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1552 wrote to memory of 2740	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1552 wrote to memory of 2740	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1552 wrote to memory of 2740	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1552 wrote to memory of 2920	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1552 wrote to memory of 2920	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1552 wrote to memory of 2920	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1552 wrote to memory of 2952	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1552 wrote to memory of 2952	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1552 wrote to memory of 2952	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1552 wrote to memory of 792	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1552 wrote to memory of 792	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1552 wrote to memory of 792	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1552 wrote to memory of 1232	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1552 wrote to memory of 1232	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1552 wrote to memory of 1232	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1552 wrote to memory of 1588	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1552 wrote to memory of 1588	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1552 wrote to memory of 1588	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1552 wrote to memory of 2612	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1552 wrote to memory of 2612	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1552 wrote to memory of 2612	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1552 wrote to memory of 1940	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1552 wrote to memory of 1940	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1552 wrote to memory of 1940	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1552 wrote to memory of 1400	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1552 wrote to memory of 1400	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1552 wrote to memory of 1400	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1552 wrote to memory of 1840	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1552 wrote to memory of 1840	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1552 wrote to memory of 1840	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1552 wrote to memory of 2992	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1552 wrote to memory of 2992	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1552 wrote to memory of 2992	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1552 wrote to memory of 112	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1552 wrote to memory of 112	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1552 wrote to memory of 112	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1552 wrote to memory of 1748	1552	2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_9a295039ed516057314b1013797aa66f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\System\VxNnTCv.exe
  C:\Windows\System\VxNnTCv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\biMlBYz.exe
  C:\Windows\System\biMlBYz.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\MJEJtLQ.exe
  C:\Windows\System\MJEJtLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\cZkwzCr.exe
  C:\Windows\System\cZkwzCr.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\tjPGTID.exe
  C:\Windows\System\tjPGTID.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\AensnVM.exe
  C:\Windows\System\AensnVM.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jdPTeKh.exe
  C:\Windows\System\jdPTeKh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\hTziDol.exe
  C:\Windows\System\hTziDol.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tcNhHIm.exe
  C:\Windows\System\tcNhHIm.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\GxhkefY.exe
  C:\Windows\System\GxhkefY.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\DFyJEqy.exe
  C:\Windows\System\DFyJEqy.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OJyWFtj.exe
  C:\Windows\System\OJyWFtj.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\lyBBTLh.exe
  C:\Windows\System\lyBBTLh.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\vjuIjQb.exe
  C:\Windows\System\vjuIjQb.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\cBLBjBc.exe
  C:\Windows\System\cBLBjBc.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\MhkxSth.exe
  C:\Windows\System\MhkxSth.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UCDKVey.exe
  C:\Windows\System\UCDKVey.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\meDbmKQ.exe
  C:\Windows\System\meDbmKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\hZmWCAa.exe
  C:\Windows\System\hZmWCAa.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\ObiSZaN.exe
  C:\Windows\System\ObiSZaN.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\FtUjpyo.exe
  C:\Windows\System\FtUjpyo.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\KXLohFq.exe
  C:\Windows\System\KXLohFq.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\HoIzgDe.exe
  C:\Windows\System\HoIzgDe.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\PYQjqWF.exe
  C:\Windows\System\PYQjqWF.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\rCQRtuQ.exe
  C:\Windows\System\rCQRtuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\ZnAAtii.exe
  C:\Windows\System\ZnAAtii.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\AMMyIyW.exe
  C:\Windows\System\AMMyIyW.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\INKESvV.exe
  C:\Windows\System\INKESvV.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\Mdiwocs.exe
  C:\Windows\System\Mdiwocs.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\RNTPruB.exe
  C:\Windows\System\RNTPruB.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\NWcWeas.exe
  C:\Windows\System\NWcWeas.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\hUdTADT.exe
  C:\Windows\System\hUdTADT.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ksTLpUn.exe
  C:\Windows\System\ksTLpUn.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\OHFIfVD.exe
  C:\Windows\System\OHFIfVD.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\wSJaFFM.exe
  C:\Windows\System\wSJaFFM.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\uwVkBOR.exe
  C:\Windows\System\uwVkBOR.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\krmwXUA.exe
  C:\Windows\System\krmwXUA.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\VsRBVVO.exe
  C:\Windows\System\VsRBVVO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\hzZcnuD.exe
  C:\Windows\System\hzZcnuD.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\dzhBHpc.exe
  C:\Windows\System\dzhBHpc.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\aHOjNhX.exe
  C:\Windows\System\aHOjNhX.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\JFvpkxS.exe
  C:\Windows\System\JFvpkxS.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\cPogdmH.exe
  C:\Windows\System\cPogdmH.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\zqBIzOa.exe
  C:\Windows\System\zqBIzOa.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\XYzpWqm.exe
  C:\Windows\System\XYzpWqm.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\RrOJVVv.exe
  C:\Windows\System\RrOJVVv.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\rliyGCa.exe
  C:\Windows\System\rliyGCa.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\tWsjbWW.exe
  C:\Windows\System\tWsjbWW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\wVtgnHk.exe
  C:\Windows\System\wVtgnHk.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\OVmosfX.exe
  C:\Windows\System\OVmosfX.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\nNRfbTW.exe
  C:\Windows\System\nNRfbTW.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\DitgUtm.exe
  C:\Windows\System\DitgUtm.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\IhENkpY.exe
  C:\Windows\System\IhENkpY.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\DNZrEjK.exe
  C:\Windows\System\DNZrEjK.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\LMLklvu.exe
  C:\Windows\System\LMLklvu.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\ruNBWfn.exe
  C:\Windows\System\ruNBWfn.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\kVcmanq.exe
  C:\Windows\System\kVcmanq.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\cqbJVNa.exe
  C:\Windows\System\cqbJVNa.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ohpRjTt.exe
  C:\Windows\System\ohpRjTt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\WfQlQPw.exe
  C:\Windows\System\WfQlQPw.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nZavrPs.exe
  C:\Windows\System\nZavrPs.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\VcAeukj.exe
  C:\Windows\System\VcAeukj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\NeAyVBM.exe
  C:\Windows\System\NeAyVBM.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\yujyRdH.exe
  C:\Windows\System\yujyRdH.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\LrLghQQ.exe
  C:\Windows\System\LrLghQQ.exe
  2⤵
  PID:2600
- C:\Windows\System\shWNaQC.exe
  C:\Windows\System\shWNaQC.exe
  2⤵
  PID:2584
- C:\Windows\System\uoiheMX.exe
  C:\Windows\System\uoiheMX.exe
  2⤵
  PID:2572
- C:\Windows\System\AjJRcPX.exe
  C:\Windows\System\AjJRcPX.exe
  2⤵
  PID:2372
- C:\Windows\System\gzAnuhQ.exe
  C:\Windows\System\gzAnuhQ.exe
  2⤵
  PID:2852
- C:\Windows\System\MPUgJvB.exe
  C:\Windows\System\MPUgJvB.exe
  2⤵
  PID:3044
- C:\Windows\System\eJIhpxB.exe
  C:\Windows\System\eJIhpxB.exe
  2⤵
  PID:1600
- C:\Windows\System\wOzEipM.exe
  C:\Windows\System\wOzEipM.exe
  2⤵
  PID:1908
- C:\Windows\System\YUaACVi.exe
  C:\Windows\System\YUaACVi.exe
  2⤵
  PID:1112
- C:\Windows\System\oAHaXhZ.exe
  C:\Windows\System\oAHaXhZ.exe
  2⤵
  PID:2944
- C:\Windows\System\biEFteK.exe
  C:\Windows\System\biEFteK.exe
  2⤵
  PID:980
- C:\Windows\System\veBTnLb.exe
  C:\Windows\System\veBTnLb.exe
  2⤵
  PID:1736
- C:\Windows\System\fKtQdrm.exe
  C:\Windows\System\fKtQdrm.exe
  2⤵
  PID:1960
- C:\Windows\System\MQNFuZI.exe
  C:\Windows\System\MQNFuZI.exe
  2⤵
  PID:2184
- C:\Windows\System\wElYFWz.exe
  C:\Windows\System\wElYFWz.exe
  2⤵
  PID:1792
- C:\Windows\System\qSqtWQX.exe
  C:\Windows\System\qSqtWQX.exe
  2⤵
  PID:856
- C:\Windows\System\uSwqeas.exe
  C:\Windows\System\uSwqeas.exe
  2⤵
  PID:1696
- C:\Windows\System\aHbyIJn.exe
  C:\Windows\System\aHbyIJn.exe
  2⤵
  PID:2428
- C:\Windows\System\xFMgShb.exe
  C:\Windows\System\xFMgShb.exe
  2⤵
  PID:1724
- C:\Windows\System\hdYngvd.exe
  C:\Windows\System\hdYngvd.exe
  2⤵
  PID:1240
- C:\Windows\System\OmxSZNX.exe
  C:\Windows\System\OmxSZNX.exe
  2⤵
  PID:2176
- C:\Windows\System\jajvjBR.exe
  C:\Windows\System\jajvjBR.exe
  2⤵
  PID:560
- C:\Windows\System\IyxJONJ.exe
  C:\Windows\System\IyxJONJ.exe
  2⤵
  PID:2240
- C:\Windows\System\xBOETKk.exe
  C:\Windows\System\xBOETKk.exe
  2⤵
  PID:2964
- C:\Windows\System\owdMlbE.exe
  C:\Windows\System\owdMlbE.exe
  2⤵
  PID:752
- C:\Windows\System\QZdblck.exe
  C:\Windows\System\QZdblck.exe
  2⤵
  PID:1424
- C:\Windows\System\ocULrKn.exe
  C:\Windows\System\ocULrKn.exe
  2⤵
  PID:996
- C:\Windows\System\ISpolJk.exe
  C:\Windows\System\ISpolJk.exe
  2⤵
  PID:1928
- C:\Windows\System\GQgTYuR.exe
  C:\Windows\System\GQgTYuR.exe
  2⤵
  PID:2472
- C:\Windows\System\omtJqmY.exe
  C:\Windows\System\omtJqmY.exe
  2⤵
  PID:1496
- C:\Windows\System\ZvZHTpY.exe
  C:\Windows\System\ZvZHTpY.exe
  2⤵
  PID:2684
- C:\Windows\System\djUJCTt.exe
  C:\Windows\System\djUJCTt.exe
  2⤵
  PID:2296
- C:\Windows\System\VHpfvow.exe
  C:\Windows\System\VHpfvow.exe
  2⤵
  PID:2768
- C:\Windows\System\QlcFVsU.exe
  C:\Windows\System\QlcFVsU.exe
  2⤵
  PID:2860
- C:\Windows\System\vUkjvFl.exe
  C:\Windows\System\vUkjvFl.exe
  2⤵
  PID:1408
- C:\Windows\System\RMigLuu.exe
  C:\Windows\System\RMigLuu.exe
  2⤵
  PID:3000
- C:\Windows\System\pnGPeHx.exe
  C:\Windows\System\pnGPeHx.exe
  2⤵
  PID:3084
- C:\Windows\System\QHVpgSE.exe
  C:\Windows\System\QHVpgSE.exe
  2⤵
  PID:3100
- C:\Windows\System\GWQrAle.exe
  C:\Windows\System\GWQrAle.exe
  2⤵
  PID:3116
- C:\Windows\System\nIeXrpJ.exe
  C:\Windows\System\nIeXrpJ.exe
  2⤵
  PID:3132
- C:\Windows\System\HWlcvTH.exe
  C:\Windows\System\HWlcvTH.exe
  2⤵
  PID:3148
- C:\Windows\System\uUlSUAH.exe
  C:\Windows\System\uUlSUAH.exe
  2⤵
  PID:3164
- C:\Windows\System\GMJzZPw.exe
  C:\Windows\System\GMJzZPw.exe
  2⤵
  PID:3180
- C:\Windows\System\yqOqshR.exe
  C:\Windows\System\yqOqshR.exe
  2⤵
  PID:3196
- C:\Windows\System\CGoZSVR.exe
  C:\Windows\System\CGoZSVR.exe
  2⤵
  PID:3212
- C:\Windows\System\ccfweGj.exe
  C:\Windows\System\ccfweGj.exe
  2⤵
  PID:3228
- C:\Windows\System\DWhwIdG.exe
  C:\Windows\System\DWhwIdG.exe
  2⤵
  PID:3244
- C:\Windows\System\JpdusWd.exe
  C:\Windows\System\JpdusWd.exe
  2⤵
  PID:3260
- C:\Windows\System\CGKjdwe.exe
  C:\Windows\System\CGKjdwe.exe
  2⤵
  PID:3276
- C:\Windows\System\idWcAdB.exe
  C:\Windows\System\idWcAdB.exe
  2⤵
  PID:3292
- C:\Windows\System\bLQNpTp.exe
  C:\Windows\System\bLQNpTp.exe
  2⤵
  PID:3308
- C:\Windows\System\dSOOshy.exe
  C:\Windows\System\dSOOshy.exe
  2⤵
  PID:3324
- C:\Windows\System\vmUmzRv.exe
  C:\Windows\System\vmUmzRv.exe
  2⤵
  PID:3340
- C:\Windows\System\sJlKrGW.exe
  C:\Windows\System\sJlKrGW.exe
  2⤵
  PID:3356
- C:\Windows\System\yGHoPdM.exe
  C:\Windows\System\yGHoPdM.exe
  2⤵
  PID:3372
- C:\Windows\System\dBzXIzA.exe
  C:\Windows\System\dBzXIzA.exe
  2⤵
  PID:3388
- C:\Windows\System\rLvXsXp.exe
  C:\Windows\System\rLvXsXp.exe
  2⤵
  PID:3404
- C:\Windows\System\VszqZQc.exe
  C:\Windows\System\VszqZQc.exe
  2⤵
  PID:3420
- C:\Windows\System\qxVIiga.exe
  C:\Windows\System\qxVIiga.exe
  2⤵
  PID:3436
- C:\Windows\System\mCSrptN.exe
  C:\Windows\System\mCSrptN.exe
  2⤵
  PID:3452
- C:\Windows\System\NWAnghX.exe
  C:\Windows\System\NWAnghX.exe
  2⤵
  PID:3468
- C:\Windows\System\yTQNwFt.exe
  C:\Windows\System\yTQNwFt.exe
  2⤵
  PID:3484
- C:\Windows\System\hwpDLGV.exe
  C:\Windows\System\hwpDLGV.exe
  2⤵
  PID:3500
- C:\Windows\System\EtUOabp.exe
  C:\Windows\System\EtUOabp.exe
  2⤵
  PID:3516
- C:\Windows\System\DwhZvmW.exe
  C:\Windows\System\DwhZvmW.exe
  2⤵
  PID:3532
- C:\Windows\System\GJGmJvN.exe
  C:\Windows\System\GJGmJvN.exe
  2⤵
  PID:3548
- C:\Windows\System\yczXSHG.exe
  C:\Windows\System\yczXSHG.exe
  2⤵
  PID:3564
- C:\Windows\System\jgpBndt.exe
  C:\Windows\System\jgpBndt.exe
  2⤵
  PID:3580
- C:\Windows\System\vAnpBVJ.exe
  C:\Windows\System\vAnpBVJ.exe
  2⤵
  PID:3596
- C:\Windows\System\QPIoNWk.exe
  C:\Windows\System\QPIoNWk.exe
  2⤵
  PID:3612
- C:\Windows\System\BXevYZb.exe
  C:\Windows\System\BXevYZb.exe
  2⤵
  PID:3628
- C:\Windows\System\TNxPQVn.exe
  C:\Windows\System\TNxPQVn.exe
  2⤵
  PID:3644
- C:\Windows\System\rmPDKXV.exe
  C:\Windows\System\rmPDKXV.exe
  2⤵
  PID:3660
- C:\Windows\System\LHEeLqe.exe
  C:\Windows\System\LHEeLqe.exe
  2⤵
  PID:3676
- C:\Windows\System\rfVDlNL.exe
  C:\Windows\System\rfVDlNL.exe
  2⤵
  PID:3692
- C:\Windows\System\cSwPbWd.exe
  C:\Windows\System\cSwPbWd.exe
  2⤵
  PID:3708
- C:\Windows\System\eXTpfhL.exe
  C:\Windows\System\eXTpfhL.exe
  2⤵
  PID:3724
- C:\Windows\System\UVQvKaz.exe
  C:\Windows\System\UVQvKaz.exe
  2⤵
  PID:3740
- C:\Windows\System\fSUdcTT.exe
  C:\Windows\System\fSUdcTT.exe
  2⤵
  PID:3756
- C:\Windows\System\gtGGOGS.exe
  C:\Windows\System\gtGGOGS.exe
  2⤵
  PID:3772
- C:\Windows\System\fctNQGs.exe
  C:\Windows\System\fctNQGs.exe
  2⤵
  PID:3792
- C:\Windows\System\ntcumyX.exe
  C:\Windows\System\ntcumyX.exe
  2⤵
  PID:3808
- C:\Windows\System\ORjDyxc.exe
  C:\Windows\System\ORjDyxc.exe
  2⤵
  PID:3824
- C:\Windows\System\KNFkQRq.exe
  C:\Windows\System\KNFkQRq.exe
  2⤵
  PID:3840
- C:\Windows\System\jMZqgXD.exe
  C:\Windows\System\jMZqgXD.exe
  2⤵
  PID:3856
- C:\Windows\System\fjWqeqd.exe
  C:\Windows\System\fjWqeqd.exe
  2⤵
  PID:3872
- C:\Windows\System\tfTmSjp.exe
  C:\Windows\System\tfTmSjp.exe
  2⤵
  PID:3888
- C:\Windows\System\EaxHKhc.exe
  C:\Windows\System\EaxHKhc.exe
  2⤵
  PID:3904
- C:\Windows\System\AeCHpYt.exe
  C:\Windows\System\AeCHpYt.exe
  2⤵
  PID:3920
- C:\Windows\System\DcczgJq.exe
  C:\Windows\System\DcczgJq.exe
  2⤵
  PID:3936
- C:\Windows\System\korxigl.exe
  C:\Windows\System\korxigl.exe
  2⤵
  PID:3952
- C:\Windows\System\icBQFzM.exe
  C:\Windows\System\icBQFzM.exe
  2⤵
  PID:3968
- C:\Windows\System\wLvEvzO.exe
  C:\Windows\System\wLvEvzO.exe
  2⤵
  PID:3984
- C:\Windows\System\qgAeDHq.exe
  C:\Windows\System\qgAeDHq.exe
  2⤵
  PID:4000
- C:\Windows\System\lzvkBkG.exe
  C:\Windows\System\lzvkBkG.exe
  2⤵
  PID:4016
- C:\Windows\System\pvMxGHu.exe
  C:\Windows\System\pvMxGHu.exe
  2⤵
  PID:4032
- C:\Windows\System\NhfcWcE.exe
  C:\Windows\System\NhfcWcE.exe
  2⤵
  PID:4048
- C:\Windows\System\yPBzaCp.exe
  C:\Windows\System\yPBzaCp.exe
  2⤵
  PID:4064
- C:\Windows\System\bGmpJbi.exe
  C:\Windows\System\bGmpJbi.exe
  2⤵
  PID:4080
- C:\Windows\System\cKKoyWh.exe
  C:\Windows\System\cKKoyWh.exe
  2⤵
  PID:2532
- C:\Windows\System\bsUEroa.exe
  C:\Windows\System\bsUEroa.exe
  2⤵
  PID:2144
- C:\Windows\System\PEClgzo.exe
  C:\Windows\System\PEClgzo.exe
  2⤵
  PID:1176
- C:\Windows\System\LcMDKhM.exe
  C:\Windows\System\LcMDKhM.exe
  2⤵
  PID:340
- C:\Windows\System\fFWDLxD.exe
  C:\Windows\System\fFWDLxD.exe
  2⤵
  PID:2436
- C:\Windows\System\skhllJp.exe
  C:\Windows\System\skhllJp.exe
  2⤵
  PID:1652
- C:\Windows\System\oYUlIeg.exe
  C:\Windows\System\oYUlIeg.exe
  2⤵
  PID:852
- C:\Windows\System\FOArRDM.exe
  C:\Windows\System\FOArRDM.exe
  2⤵
  PID:2632
- C:\Windows\System\kiPYGkC.exe
  C:\Windows\System\kiPYGkC.exe
  2⤵
  PID:3024
- C:\Windows\System\dRzfFnU.exe
  C:\Windows\System\dRzfFnU.exe
  2⤵
  PID:2316
- C:\Windows\System\WbAzVMQ.exe
  C:\Windows\System\WbAzVMQ.exe
  2⤵
  PID:2488
- C:\Windows\System\VtYGMBP.exe
  C:\Windows\System\VtYGMBP.exe
  2⤵
  PID:2756
- C:\Windows\System\yXByTVf.exe
  C:\Windows\System\yXByTVf.exe
  2⤵
  PID:2036
- C:\Windows\System\DqPrrfT.exe
  C:\Windows\System\DqPrrfT.exe
  2⤵
  PID:592
- C:\Windows\System\MRhxvGq.exe
  C:\Windows\System\MRhxvGq.exe
  2⤵
  PID:3080
- C:\Windows\System\AGlNCyo.exe
  C:\Windows\System\AGlNCyo.exe
  2⤵
  PID:3128
- C:\Windows\System\yMIzApp.exe
  C:\Windows\System\yMIzApp.exe
  2⤵
  PID:3188
- C:\Windows\System\HsfCKsz.exe
  C:\Windows\System\HsfCKsz.exe
  2⤵
  PID:3220
- C:\Windows\System\rkQVyNw.exe
  C:\Windows\System\rkQVyNw.exe
  2⤵
  PID:3236
- C:\Windows\System\MqWXtMk.exe
  C:\Windows\System\MqWXtMk.exe
  2⤵
  PID:3288
- C:\Windows\System\IlkChtS.exe
  C:\Windows\System\IlkChtS.exe
  2⤵
  PID:3348
- C:\Windows\System\VkzHrFF.exe
  C:\Windows\System\VkzHrFF.exe
  2⤵
  PID:3304
- C:\Windows\System\jUxVzeu.exe
  C:\Windows\System\jUxVzeu.exe
  2⤵
  PID:3380
- C:\Windows\System\FaXNEYs.exe
  C:\Windows\System\FaXNEYs.exe
  2⤵
  PID:3412
- C:\Windows\System\KYXILXt.exe
  C:\Windows\System\KYXILXt.exe
  2⤵
  PID:3444
- C:\Windows\System\gjgwtdS.exe
  C:\Windows\System\gjgwtdS.exe
  2⤵
  PID:3476
- C:\Windows\System\eJJEruK.exe
  C:\Windows\System\eJJEruK.exe
  2⤵
  PID:3492
- C:\Windows\System\cxnzOkE.exe
  C:\Windows\System\cxnzOkE.exe
  2⤵
  PID:3524
- C:\Windows\System\wNEdWXi.exe
  C:\Windows\System\wNEdWXi.exe
  2⤵
  PID:3576
- C:\Windows\System\jnfJfIa.exe
  C:\Windows\System\jnfJfIa.exe
  2⤵
  PID:3588
- C:\Windows\System\tqQposF.exe
  C:\Windows\System\tqQposF.exe
  2⤵
  PID:3620
- C:\Windows\System\KRxOhZx.exe
  C:\Windows\System\KRxOhZx.exe
  2⤵
  PID:3668
- C:\Windows\System\BcxtLEi.exe
  C:\Windows\System\BcxtLEi.exe
  2⤵
  PID:3700
- C:\Windows\System\nJEwqPB.exe
  C:\Windows\System\nJEwqPB.exe
  2⤵
  PID:3732
- C:\Windows\System\KFJwqpx.exe
  C:\Windows\System\KFJwqpx.exe
  2⤵
  PID:3764
- C:\Windows\System\TIPgtlj.exe
  C:\Windows\System\TIPgtlj.exe
  2⤵
  PID:3800
- C:\Windows\System\kBZsUwX.exe
  C:\Windows\System\kBZsUwX.exe
  2⤵
  PID:3816
- C:\Windows\System\hHFBoRW.exe
  C:\Windows\System\hHFBoRW.exe
  2⤵
  PID:3864
- C:\Windows\System\AIvDrxT.exe
  C:\Windows\System\AIvDrxT.exe
  2⤵
  PID:3880
- C:\Windows\System\NpPycWT.exe
  C:\Windows\System\NpPycWT.exe
  2⤵
  PID:3928
- C:\Windows\System\TdDObeW.exe
  C:\Windows\System\TdDObeW.exe
  2⤵
  PID:3960
- C:\Windows\System\DlXQjCY.exe
  C:\Windows\System\DlXQjCY.exe
  2⤵
  PID:3992
- C:\Windows\System\MQvjTsA.exe
  C:\Windows\System\MQvjTsA.exe
  2⤵
  PID:4024
- C:\Windows\System\lbHfshu.exe
  C:\Windows\System\lbHfshu.exe
  2⤵
  PID:4056
- C:\Windows\System\bkwdlip.exe
  C:\Windows\System\bkwdlip.exe
  2⤵
  PID:4088
- C:\Windows\System\sVWkPXK.exe
  C:\Windows\System\sVWkPXK.exe
  2⤵
  PID:2396
- C:\Windows\System\FAQRequ.exe
  C:\Windows\System\FAQRequ.exe
  2⤵
  PID:580
- C:\Windows\System\TiRvlHB.exe
  C:\Windows\System\TiRvlHB.exe
  2⤵
  PID:1784
- C:\Windows\System\HJrpNsy.exe
  C:\Windows\System\HJrpNsy.exe
  2⤵
  PID:1956
- C:\Windows\System\ufuJKbn.exe
  C:\Windows\System\ufuJKbn.exe
  2⤵
  PID:352
- C:\Windows\System\GLSgmbc.exe
  C:\Windows\System\GLSgmbc.exe
  2⤵
  PID:2760
- C:\Windows\System\wHVswzE.exe
  C:\Windows\System\wHVswzE.exe
  2⤵
  PID:3096
- C:\Windows\System\XEDXJuD.exe
  C:\Windows\System\XEDXJuD.exe
  2⤵
  PID:3112
- C:\Windows\System\cNUxPiA.exe
  C:\Windows\System\cNUxPiA.exe
  2⤵
  PID:3224
- C:\Windows\System\kbdVmoI.exe
  C:\Windows\System\kbdVmoI.exe
  2⤵
  PID:3320
- C:\Windows\System\WGUEkFL.exe
  C:\Windows\System\WGUEkFL.exe
  2⤵
  PID:3300
- C:\Windows\System\rSkIZmT.exe
  C:\Windows\System\rSkIZmT.exe
  2⤵
  PID:3400
- C:\Windows\System\IXMqqvT.exe
  C:\Windows\System\IXMqqvT.exe
  2⤵
  PID:3432
- C:\Windows\System\QiXjEUd.exe
  C:\Windows\System\QiXjEUd.exe
  2⤵
  PID:3496
- C:\Windows\System\MBJAxUG.exe
  C:\Windows\System\MBJAxUG.exe
  2⤵
  PID:3636
- C:\Windows\System\PbHKShs.exe
  C:\Windows\System\PbHKShs.exe
  2⤵
  PID:3652
- C:\Windows\System\dGZEflZ.exe
  C:\Windows\System\dGZEflZ.exe
  2⤵
  PID:3716
- C:\Windows\System\OOIqOjH.exe
  C:\Windows\System\OOIqOjH.exe
  2⤵
  PID:3832
- C:\Windows\System\IFZxdcv.exe
  C:\Windows\System\IFZxdcv.exe
  2⤵
  PID:3848
- C:\Windows\System\dXvQOnq.exe
  C:\Windows\System\dXvQOnq.exe
  2⤵
  PID:3912
- C:\Windows\System\KKwykcb.exe
  C:\Windows\System\KKwykcb.exe
  2⤵
  PID:3980
- C:\Windows\System\dTuUBkX.exe
  C:\Windows\System\dTuUBkX.exe
  2⤵
  PID:4072
- C:\Windows\System\WYcWatX.exe
  C:\Windows\System\WYcWatX.exe
  2⤵
  PID:4092
- C:\Windows\System\Bjzhpjs.exe
  C:\Windows\System\Bjzhpjs.exe
  2⤵
  PID:4100
- C:\Windows\System\XAkVpUZ.exe
  C:\Windows\System\XAkVpUZ.exe
  2⤵
  PID:4116
- C:\Windows\System\ndqZHTd.exe
  C:\Windows\System\ndqZHTd.exe
  2⤵
  PID:4132
- C:\Windows\System\tYClPSR.exe
  C:\Windows\System\tYClPSR.exe
  2⤵
  PID:4148
- C:\Windows\System\dIAKBgd.exe
  C:\Windows\System\dIAKBgd.exe
  2⤵
  PID:4164
- C:\Windows\System\yhQnLbz.exe
  C:\Windows\System\yhQnLbz.exe
  2⤵
  PID:4180
- C:\Windows\System\rdJWAro.exe
  C:\Windows\System\rdJWAro.exe
  2⤵
  PID:4196
- C:\Windows\System\PTzDJlf.exe
  C:\Windows\System\PTzDJlf.exe
  2⤵
  PID:4212
- C:\Windows\System\MLGnqKW.exe
  C:\Windows\System\MLGnqKW.exe
  2⤵
  PID:4228
- C:\Windows\System\jIYyXOi.exe
  C:\Windows\System\jIYyXOi.exe
  2⤵
  PID:4244
- C:\Windows\System\nOiFNuf.exe
  C:\Windows\System\nOiFNuf.exe
  2⤵
  PID:4260
- C:\Windows\System\XxMeKQn.exe
  C:\Windows\System\XxMeKQn.exe
  2⤵
  PID:4276
- C:\Windows\System\ioBQGmS.exe
  C:\Windows\System\ioBQGmS.exe
  2⤵
  PID:4292
- C:\Windows\System\srXjABf.exe
  C:\Windows\System\srXjABf.exe
  2⤵
  PID:4308
- C:\Windows\System\OhEXSdU.exe
  C:\Windows\System\OhEXSdU.exe
  2⤵
  PID:4324
- C:\Windows\System\BZaGxja.exe
  C:\Windows\System\BZaGxja.exe
  2⤵
  PID:4340
- C:\Windows\System\xhrbKBE.exe
  C:\Windows\System\xhrbKBE.exe
  2⤵
  PID:4360
- C:\Windows\System\GHeHkPA.exe
  C:\Windows\System\GHeHkPA.exe
  2⤵
  PID:4376
- C:\Windows\System\anxOtWs.exe
  C:\Windows\System\anxOtWs.exe
  2⤵
  PID:4392
- C:\Windows\System\aTjHOmh.exe
  C:\Windows\System\aTjHOmh.exe
  2⤵
  PID:4408
- C:\Windows\System\pBAubTj.exe
  C:\Windows\System\pBAubTj.exe
  2⤵
  PID:4424
- C:\Windows\System\AxrPdoF.exe
  C:\Windows\System\AxrPdoF.exe
  2⤵
  PID:4440
- C:\Windows\System\cuaefHI.exe
  C:\Windows\System\cuaefHI.exe
  2⤵
  PID:4456
- C:\Windows\System\DZBbqyh.exe
  C:\Windows\System\DZBbqyh.exe
  2⤵
  PID:4472
- C:\Windows\System\AWuRCbk.exe
  C:\Windows\System\AWuRCbk.exe
  2⤵
  PID:4488
- C:\Windows\System\GSNVUYF.exe
  C:\Windows\System\GSNVUYF.exe
  2⤵
  PID:4504
- C:\Windows\System\tbFGigg.exe
  C:\Windows\System\tbFGigg.exe
  2⤵
  PID:4520
- C:\Windows\System\oiSDrtt.exe
  C:\Windows\System\oiSDrtt.exe
  2⤵
  PID:4536
- C:\Windows\System\meyFfrM.exe
  C:\Windows\System\meyFfrM.exe
  2⤵
  PID:4552
- C:\Windows\System\FvTaqVa.exe
  C:\Windows\System\FvTaqVa.exe
  2⤵
  PID:4568
- C:\Windows\System\caCjIFl.exe
  C:\Windows\System\caCjIFl.exe
  2⤵
  PID:4584
- C:\Windows\System\IcJpbRm.exe
  C:\Windows\System\IcJpbRm.exe
  2⤵
  PID:4604
- C:\Windows\System\ChLeFVH.exe
  C:\Windows\System\ChLeFVH.exe
  2⤵
  PID:4620
- C:\Windows\System\WPqbugd.exe
  C:\Windows\System\WPqbugd.exe
  2⤵
  PID:4636
- C:\Windows\System\dJjSRog.exe
  C:\Windows\System\dJjSRog.exe
  2⤵
  PID:4652
- C:\Windows\System\TMgHuyE.exe
  C:\Windows\System\TMgHuyE.exe
  2⤵
  PID:4668
- C:\Windows\System\OavGxKg.exe
  C:\Windows\System\OavGxKg.exe
  2⤵
  PID:4684
- C:\Windows\System\YDtsjKF.exe
  C:\Windows\System\YDtsjKF.exe
  2⤵
  PID:4700
- C:\Windows\System\fJGoxvv.exe
  C:\Windows\System\fJGoxvv.exe
  2⤵
  PID:4716
- C:\Windows\System\muPwSwf.exe
  C:\Windows\System\muPwSwf.exe
  2⤵
  PID:4732
- C:\Windows\System\kUBpAZU.exe
  C:\Windows\System\kUBpAZU.exe
  2⤵
  PID:4748
- C:\Windows\System\nljLbVC.exe
  C:\Windows\System\nljLbVC.exe
  2⤵
  PID:4764
- C:\Windows\System\pnylOFN.exe
  C:\Windows\System\pnylOFN.exe
  2⤵
  PID:4780
- C:\Windows\System\GnBNSYv.exe
  C:\Windows\System\GnBNSYv.exe
  2⤵
  PID:4796
- C:\Windows\System\PHYSHrk.exe
  C:\Windows\System\PHYSHrk.exe
  2⤵
  PID:4812
- C:\Windows\System\aFqUHmv.exe
  C:\Windows\System\aFqUHmv.exe
  2⤵
  PID:4828
- C:\Windows\System\keqLHiZ.exe
  C:\Windows\System\keqLHiZ.exe
  2⤵
  PID:4844
- C:\Windows\System\jVXgSaB.exe
  C:\Windows\System\jVXgSaB.exe
  2⤵
  PID:4860
- C:\Windows\System\gzPxTKn.exe
  C:\Windows\System\gzPxTKn.exe
  2⤵
  PID:4876
- C:\Windows\System\TsxTSEm.exe
  C:\Windows\System\TsxTSEm.exe
  2⤵
  PID:4892
- C:\Windows\System\endkoWa.exe
  C:\Windows\System\endkoWa.exe
  2⤵
  PID:4908
- C:\Windows\System\xTvZtRQ.exe
  C:\Windows\System\xTvZtRQ.exe
  2⤵
  PID:4924
- C:\Windows\System\cKPPLpY.exe
  C:\Windows\System\cKPPLpY.exe
  2⤵
  PID:4940
- C:\Windows\System\hTQhfpB.exe
  C:\Windows\System\hTQhfpB.exe
  2⤵
  PID:4956
- C:\Windows\System\IGifWev.exe
  C:\Windows\System\IGifWev.exe
  2⤵
  PID:4972
- C:\Windows\System\aZksxhB.exe
  C:\Windows\System\aZksxhB.exe
  2⤵
  PID:4988
- C:\Windows\System\SsMFJVG.exe
  C:\Windows\System\SsMFJVG.exe
  2⤵
  PID:5004
- C:\Windows\System\niDboXl.exe
  C:\Windows\System\niDboXl.exe
  2⤵
  PID:5020
- C:\Windows\System\fpmsiqc.exe
  C:\Windows\System\fpmsiqc.exe
  2⤵
  PID:5036
- C:\Windows\System\mtvfhAZ.exe
  C:\Windows\System\mtvfhAZ.exe
  2⤵
  PID:5052
- C:\Windows\System\SDTkHky.exe
  C:\Windows\System\SDTkHky.exe
  2⤵
  PID:5068
- C:\Windows\System\uwyXEKA.exe
  C:\Windows\System\uwyXEKA.exe
  2⤵
  PID:5084
- C:\Windows\System\qNTXsrH.exe
  C:\Windows\System\qNTXsrH.exe
  2⤵
  PID:5100
- C:\Windows\System\ZjgJieE.exe
  C:\Windows\System\ZjgJieE.exe
  2⤵
  PID:5116
- C:\Windows\System\rSyUbXW.exe
  C:\Windows\System\rSyUbXW.exe
  2⤵
  PID:3592
- C:\Windows\System\BTUZSXT.exe
  C:\Windows\System\BTUZSXT.exe
  2⤵
  PID:2796
- C:\Windows\System\zSGLtTL.exe
  C:\Windows\System\zSGLtTL.exe
  2⤵
  PID:3176
- C:\Windows\System\WfpFtzB.exe
  C:\Windows\System\WfpFtzB.exe
  2⤵
  PID:3364
- C:\Windows\System\qJOPqJK.exe
  C:\Windows\System\qJOPqJK.exe
  2⤵
  PID:3512
- C:\Windows\System\oqfYAjK.exe
  C:\Windows\System\oqfYAjK.exe
  2⤵
  PID:3624
- C:\Windows\System\nSCYRma.exe
  C:\Windows\System\nSCYRma.exe
  2⤵
  PID:3804
- C:\Windows\System\DryAXmx.exe
  C:\Windows\System\DryAXmx.exe
  2⤵
  PID:3884
- C:\Windows\System\ffJLXWN.exe
  C:\Windows\System\ffJLXWN.exe
  2⤵
  PID:4060
- C:\Windows\System\yhGwEuz.exe
  C:\Windows\System\yhGwEuz.exe
  2⤵
  PID:284
- C:\Windows\System\jPxdesx.exe
  C:\Windows\System\jPxdesx.exe
  2⤵
  PID:4108
- C:\Windows\System\ellNKUL.exe
  C:\Windows\System\ellNKUL.exe
  2⤵
  PID:4156
- C:\Windows\System\OcDIsrB.exe
  C:\Windows\System\OcDIsrB.exe
  2⤵
  PID:4144
- C:\Windows\System\zeuhkxr.exe
  C:\Windows\System\zeuhkxr.exe
  2⤵
  PID:4220
- C:\Windows\System\ApAZItu.exe
  C:\Windows\System\ApAZItu.exe
  2⤵
  PID:4252
- C:\Windows\System\iCWtGEW.exe
  C:\Windows\System\iCWtGEW.exe
  2⤵
  PID:4284
- C:\Windows\System\qCQKJJR.exe
  C:\Windows\System\qCQKJJR.exe
  2⤵
  PID:4316
- C:\Windows\System\GAiHRZI.exe
  C:\Windows\System\GAiHRZI.exe
  2⤵
  PID:4352
- C:\Windows\System\mEgYWpu.exe
  C:\Windows\System\mEgYWpu.exe
  2⤵
  PID:4368
- C:\Windows\System\zRZrWrP.exe
  C:\Windows\System\zRZrWrP.exe
  2⤵
  PID:4404
- C:\Windows\System\LQCbvaD.exe
  C:\Windows\System\LQCbvaD.exe
  2⤵
  PID:4448
- C:\Windows\System\RYUIEuN.exe
  C:\Windows\System\RYUIEuN.exe
  2⤵
  PID:4480
- C:\Windows\System\aSnkYOB.exe
  C:\Windows\System\aSnkYOB.exe
  2⤵
  PID:4496
- C:\Windows\System\APgfrVp.exe
  C:\Windows\System\APgfrVp.exe
  2⤵
  PID:4544
- C:\Windows\System\pPyekwu.exe
  C:\Windows\System\pPyekwu.exe
  2⤵
  PID:4576
- C:\Windows\System\wyjMDEy.exe
  C:\Windows\System\wyjMDEy.exe
  2⤵
  PID:4356
- C:\Windows\System\GsjAXLM.exe
  C:\Windows\System\GsjAXLM.exe
  2⤵
  PID:4644
- C:\Windows\System\DMsZIcw.exe
  C:\Windows\System\DMsZIcw.exe
  2⤵
  PID:4660
- C:\Windows\System\qDvgFGA.exe
  C:\Windows\System\qDvgFGA.exe
  2⤵
  PID:4708
- C:\Windows\System\YNcpSsc.exe
  C:\Windows\System\YNcpSsc.exe
  2⤵
  PID:4740
- C:\Windows\System\EefSLKX.exe
  C:\Windows\System\EefSLKX.exe
  2⤵
  PID:4728
- C:\Windows\System\MufdGjy.exe
  C:\Windows\System\MufdGjy.exe
  2⤵
  PID:4788
- C:\Windows\System\gewyYpa.exe
  C:\Windows\System\gewyYpa.exe
  2⤵
  PID:4840
- C:\Windows\System\WtYdmIO.exe
  C:\Windows\System\WtYdmIO.exe
  2⤵
  PID:4868
- C:\Windows\System\gaiznot.exe
  C:\Windows\System\gaiznot.exe
  2⤵
  PID:4852
- C:\Windows\System\bDGRYBR.exe
  C:\Windows\System\bDGRYBR.exe
  2⤵
  PID:4884
- C:\Windows\System\ACyhoHY.exe
  C:\Windows\System\ACyhoHY.exe
  2⤵
  PID:4964
- C:\Windows\System\nyxmKpS.exe
  C:\Windows\System\nyxmKpS.exe
  2⤵
  PID:4996
- C:\Windows\System\YFtIEzo.exe
  C:\Windows\System\YFtIEzo.exe
  2⤵
  PID:4980
- C:\Windows\System\eISpQbq.exe
  C:\Windows\System\eISpQbq.exe
  2⤵
  PID:5060
- C:\Windows\System\KEzXhvX.exe
  C:\Windows\System\KEzXhvX.exe
  2⤵
  PID:5016
- C:\Windows\System\qIYtlnQ.exe
  C:\Windows\System\qIYtlnQ.exe
  2⤵
  PID:5080
- C:\Windows\System\tLWCdCB.exe
  C:\Windows\System\tLWCdCB.exe
  2⤵
  PID:3160
- C:\Windows\System\vxgxTcc.exe
  C:\Windows\System\vxgxTcc.exe
  2⤵
  PID:3032
- C:\Windows\System\qnyuSHg.exe
  C:\Windows\System\qnyuSHg.exe
  2⤵
  PID:3720
- C:\Windows\System\vhrazHr.exe
  C:\Windows\System\vhrazHr.exe
  2⤵
  PID:3608
- C:\Windows\System\WjOkFEZ.exe
  C:\Windows\System\WjOkFEZ.exe
  2⤵
  PID:4040
- C:\Windows\System\dmNNxXs.exe
  C:\Windows\System\dmNNxXs.exe
  2⤵
  PID:3836
- C:\Windows\System\nGRJYtf.exe
  C:\Windows\System\nGRJYtf.exe
  2⤵
  PID:4192
- C:\Windows\System\RNfoFPa.exe
  C:\Windows\System\RNfoFPa.exe
  2⤵
  PID:4204
- C:\Windows\System\VUCNgCY.exe
  C:\Windows\System\VUCNgCY.exe
  2⤵
  PID:4268
- C:\Windows\System\ZeJYZbm.exe
  C:\Windows\System\ZeJYZbm.exe
  2⤵
  PID:4420
- C:\Windows\System\PcjGPST.exe
  C:\Windows\System\PcjGPST.exe
  2⤵
  PID:4484
- C:\Windows\System\bwaHrCW.exe
  C:\Windows\System\bwaHrCW.exe
  2⤵
  PID:4464
- C:\Windows\System\sdZLyBi.exe
  C:\Windows\System\sdZLyBi.exe
  2⤵
  PID:4528
- C:\Windows\System\XZmkvGd.exe
  C:\Windows\System\XZmkvGd.exe
  2⤵
  PID:4564
- C:\Windows\System\eyTpbME.exe
  C:\Windows\System\eyTpbME.exe
  2⤵
  PID:4632
- C:\Windows\System\AwlXLZn.exe
  C:\Windows\System\AwlXLZn.exe
  2⤵
  PID:4712
- C:\Windows\System\sxFnwka.exe
  C:\Windows\System\sxFnwka.exe
  2⤵
  PID:4776
- C:\Windows\System\WFjiIur.exe
  C:\Windows\System\WFjiIur.exe
  2⤵
  PID:4760
- C:\Windows\System\ilAzWuP.exe
  C:\Windows\System\ilAzWuP.exe
  2⤵
  PID:5128
- C:\Windows\System\nfWMHnZ.exe
  C:\Windows\System\nfWMHnZ.exe
  2⤵
  PID:5144
- C:\Windows\System\SWwCXum.exe
  C:\Windows\System\SWwCXum.exe
  2⤵
  PID:5160
- C:\Windows\System\SJkLgcU.exe
  C:\Windows\System\SJkLgcU.exe
  2⤵
  PID:5176
- C:\Windows\System\aNotoTg.exe
  C:\Windows\System\aNotoTg.exe
  2⤵
  PID:5196
- C:\Windows\System\HFLwQfT.exe
  C:\Windows\System\HFLwQfT.exe
  2⤵
  PID:5212
- C:\Windows\System\IgoSOhw.exe
  C:\Windows\System\IgoSOhw.exe
  2⤵
  PID:5228
- C:\Windows\System\hfTSKPK.exe
  C:\Windows\System\hfTSKPK.exe
  2⤵
  PID:5244
- C:\Windows\System\pQsPDOO.exe
  C:\Windows\System\pQsPDOO.exe
  2⤵
  PID:5260
- C:\Windows\System\vHwzcgq.exe
  C:\Windows\System\vHwzcgq.exe
  2⤵
  PID:5276
- C:\Windows\System\qSvuXmL.exe
  C:\Windows\System\qSvuXmL.exe
  2⤵
  PID:5292
- C:\Windows\System\vOltiDZ.exe
  C:\Windows\System\vOltiDZ.exe
  2⤵
  PID:5308
- C:\Windows\System\wrjwcVQ.exe
  C:\Windows\System\wrjwcVQ.exe
  2⤵
  PID:5324
- C:\Windows\System\AtTWOir.exe
  C:\Windows\System\AtTWOir.exe
  2⤵
  PID:5340
- C:\Windows\System\UieQSIS.exe
  C:\Windows\System\UieQSIS.exe
  2⤵
  PID:5356
- C:\Windows\System\XdRysvP.exe
  C:\Windows\System\XdRysvP.exe
  2⤵
  PID:5372
- C:\Windows\System\kChkYVq.exe
  C:\Windows\System\kChkYVq.exe
  2⤵
  PID:5388
- C:\Windows\System\SuCNMEr.exe
  C:\Windows\System\SuCNMEr.exe
  2⤵
  PID:5404
- C:\Windows\System\RcYLjiC.exe
  C:\Windows\System\RcYLjiC.exe
  2⤵
  PID:5420
- C:\Windows\System\liafokY.exe
  C:\Windows\System\liafokY.exe
  2⤵
  PID:5436
- C:\Windows\System\RLXaoiP.exe
  C:\Windows\System\RLXaoiP.exe
  2⤵
  PID:5452
- C:\Windows\System\GolDrED.exe
  C:\Windows\System\GolDrED.exe
  2⤵
  PID:5468
- C:\Windows\System\AlMQSnV.exe
  C:\Windows\System\AlMQSnV.exe
  2⤵
  PID:5484
- C:\Windows\System\iQVViWZ.exe
  C:\Windows\System\iQVViWZ.exe
  2⤵
  PID:5500
- C:\Windows\System\IWfXRzp.exe
  C:\Windows\System\IWfXRzp.exe
  2⤵
  PID:5516
- C:\Windows\System\QrWWySk.exe
  C:\Windows\System\QrWWySk.exe
  2⤵
  PID:5532
- C:\Windows\System\cYYSalL.exe
  C:\Windows\System\cYYSalL.exe
  2⤵
  PID:5548
- C:\Windows\System\dEOTpxj.exe
  C:\Windows\System\dEOTpxj.exe
  2⤵
  PID:5564
- C:\Windows\System\slsOuBk.exe
  C:\Windows\System\slsOuBk.exe
  2⤵
  PID:5580
- C:\Windows\System\teujyoE.exe
  C:\Windows\System\teujyoE.exe
  2⤵
  PID:5596
- C:\Windows\System\JLQAron.exe
  C:\Windows\System\JLQAron.exe
  2⤵
  PID:5612
- C:\Windows\System\HHJJEOs.exe
  C:\Windows\System\HHJJEOs.exe
  2⤵
  PID:5628
- C:\Windows\System\NfoPcHP.exe
  C:\Windows\System\NfoPcHP.exe
  2⤵
  PID:5644
- C:\Windows\System\fUztFjl.exe
  C:\Windows\System\fUztFjl.exe
  2⤵
  PID:5660
- C:\Windows\System\MwoMnry.exe
  C:\Windows\System\MwoMnry.exe
  2⤵
  PID:5676
- C:\Windows\System\vPJxyFd.exe
  C:\Windows\System\vPJxyFd.exe
  2⤵
  PID:5692
- C:\Windows\System\QsCYaMy.exe
  C:\Windows\System\QsCYaMy.exe
  2⤵
  PID:5708
- C:\Windows\System\BaGSOFq.exe
  C:\Windows\System\BaGSOFq.exe
  2⤵
  PID:5724
- C:\Windows\System\kIrBncb.exe
  C:\Windows\System\kIrBncb.exe
  2⤵
  PID:5740
- C:\Windows\System\orPNkeO.exe
  C:\Windows\System\orPNkeO.exe
  2⤵
  PID:5756
- C:\Windows\System\FxOLIlL.exe
  C:\Windows\System\FxOLIlL.exe
  2⤵
  PID:5772
- C:\Windows\System\KNPuDmk.exe
  C:\Windows\System\KNPuDmk.exe
  2⤵
  PID:5788
- C:\Windows\System\xMIjpXn.exe
  C:\Windows\System\xMIjpXn.exe
  2⤵
  PID:5804
- C:\Windows\System\SoVNkzj.exe
  C:\Windows\System\SoVNkzj.exe
  2⤵
  PID:5820
- C:\Windows\System\BxsXVDG.exe
  C:\Windows\System\BxsXVDG.exe
  2⤵
  PID:5836
- C:\Windows\System\AdOrDBk.exe
  C:\Windows\System\AdOrDBk.exe
  2⤵
  PID:5856
- C:\Windows\System\jPoyCeN.exe
  C:\Windows\System\jPoyCeN.exe
  2⤵
  PID:5876
- C:\Windows\System\YEcnXGq.exe
  C:\Windows\System\YEcnXGq.exe
  2⤵
  PID:5892
- C:\Windows\System\EiACGnG.exe
  C:\Windows\System\EiACGnG.exe
  2⤵
  PID:5908
- C:\Windows\System\NVnpbgg.exe
  C:\Windows\System\NVnpbgg.exe
  2⤵
  PID:5924
- C:\Windows\System\ibKqVsa.exe
  C:\Windows\System\ibKqVsa.exe
  2⤵
  PID:5940
- C:\Windows\System\aRbVesJ.exe
  C:\Windows\System\aRbVesJ.exe
  2⤵
  PID:5956
- C:\Windows\System\SiViECf.exe
  C:\Windows\System\SiViECf.exe
  2⤵
  PID:5972
- C:\Windows\System\yMtGOmM.exe
  C:\Windows\System\yMtGOmM.exe
  2⤵
  PID:5988
- C:\Windows\System\hVCsftf.exe
  C:\Windows\System\hVCsftf.exe
  2⤵
  PID:6004
- C:\Windows\System\yVgtEMA.exe
  C:\Windows\System\yVgtEMA.exe
  2⤵
  PID:6020
- C:\Windows\System\GyHUbqA.exe
  C:\Windows\System\GyHUbqA.exe
  2⤵
  PID:6036
- C:\Windows\System\KNSGzuI.exe
  C:\Windows\System\KNSGzuI.exe
  2⤵
  PID:6052
- C:\Windows\System\uyhizQE.exe
  C:\Windows\System\uyhizQE.exe
  2⤵
  PID:6068
- C:\Windows\System\XrIPWYE.exe
  C:\Windows\System\XrIPWYE.exe
  2⤵
  PID:6084
- C:\Windows\System\zgMLUWy.exe
  C:\Windows\System\zgMLUWy.exe
  2⤵
  PID:6100
- C:\Windows\System\Jgwtbgb.exe
  C:\Windows\System\Jgwtbgb.exe
  2⤵
  PID:6116
- C:\Windows\System\LePfqNU.exe
  C:\Windows\System\LePfqNU.exe
  2⤵
  PID:6132
- C:\Windows\System\eCoPxnc.exe
  C:\Windows\System\eCoPxnc.exe
  2⤵
  PID:4888
- C:\Windows\System\MGVFFxL.exe
  C:\Windows\System\MGVFFxL.exe
  2⤵
  PID:4920
- C:\Windows\System\BOkAavi.exe
  C:\Windows\System\BOkAavi.exe
  2⤵
  PID:5092
- C:\Windows\System\SiVgotv.exe
  C:\Windows\System\SiVgotv.exe
  2⤵
  PID:5076
- C:\Windows\System\rNEZeuq.exe
  C:\Windows\System\rNEZeuq.exe
  2⤵
  PID:4028
- C:\Windows\System\XNofzQq.exe
  C:\Windows\System\XNofzQq.exe
  2⤵
  PID:4300
- C:\Windows\System\kZTjYMK.exe
  C:\Windows\System\kZTjYMK.exe
  2⤵
  PID:3932
- C:\Windows\System\DXcHStu.exe
  C:\Windows\System\DXcHStu.exe
  2⤵
  PID:4336
- C:\Windows\System\cLDZiqP.exe
  C:\Windows\System\cLDZiqP.exe
  2⤵
  PID:4592
- C:\Windows\System\XCVYCgw.exe
  C:\Windows\System\XCVYCgw.exe
  2⤵
  PID:4836
- C:\Windows\System\gAzfHEV.exe
  C:\Windows\System\gAzfHEV.exe
  2⤵
  PID:5156
- C:\Windows\System\hwgomSx.exe
  C:\Windows\System\hwgomSx.exe
  2⤵
  PID:4400
- C:\Windows\System\OYplmZf.exe
  C:\Windows\System\OYplmZf.exe
  2⤵
  PID:4724
- C:\Windows\System\RlnWMrs.exe
  C:\Windows\System\RlnWMrs.exe
  2⤵
  PID:5184
- C:\Windows\System\BfRUdHU.exe
  C:\Windows\System\BfRUdHU.exe
  2⤵
  PID:5220
- C:\Windows\System\GEpQezs.exe
  C:\Windows\System\GEpQezs.exe
  2⤵
  PID:5168
- C:\Windows\System\VCiculK.exe
  C:\Windows\System\VCiculK.exe
  2⤵
  PID:5320
- C:\Windows\System\eyvXRYZ.exe
  C:\Windows\System\eyvXRYZ.exe
  2⤵
  PID:5172
- C:\Windows\System\nXlzvGk.exe
  C:\Windows\System\nXlzvGk.exe
  2⤵
  PID:5240
- C:\Windows\System\dZMQHIc.exe
  C:\Windows\System\dZMQHIc.exe
  2⤵
  PID:5368
- C:\Windows\System\YpeFzGA.exe
  C:\Windows\System\YpeFzGA.exe
  2⤵
  PID:5336
- C:\Windows\System\dRccJHN.exe
  C:\Windows\System\dRccJHN.exe
  2⤵
  PID:5444
- C:\Windows\System\grVSzQM.exe
  C:\Windows\System\grVSzQM.exe
  2⤵
  PID:5508
- C:\Windows\System\vWDllLn.exe
  C:\Windows\System\vWDllLn.exe
  2⤵
  PID:5396
- C:\Windows\System\qEgsxYL.exe
  C:\Windows\System\qEgsxYL.exe
  2⤵
  PID:5460
- C:\Windows\System\RfdkcIN.exe
  C:\Windows\System\RfdkcIN.exe
  2⤵
  PID:5540
- C:\Windows\System\rnXCPdA.exe
  C:\Windows\System\rnXCPdA.exe
  2⤵
  PID:5588
- C:\Windows\System\IpmQFAo.exe
  C:\Windows\System\IpmQFAo.exe
  2⤵
  PID:5556
- C:\Windows\System\JHxeBlO.exe
  C:\Windows\System\JHxeBlO.exe
  2⤵
  PID:5592
- C:\Windows\System\ADUrHEH.exe
  C:\Windows\System\ADUrHEH.exe
  2⤵
  PID:5672
- C:\Windows\System\BwYmuxZ.exe
  C:\Windows\System\BwYmuxZ.exe
  2⤵
  PID:5700
- C:\Windows\System\wyGNaQT.exe
  C:\Windows\System\wyGNaQT.exe
  2⤵
  PID:5720
- C:\Windows\System\ICgLIig.exe
  C:\Windows\System\ICgLIig.exe
  2⤵
  PID:5752
- C:\Windows\System\YFJZZMQ.exe
  C:\Windows\System\YFJZZMQ.exe
  2⤵
  PID:5796
- C:\Windows\System\gARkKEa.exe
  C:\Windows\System\gARkKEa.exe
  2⤵
  PID:5828
- C:\Windows\System\bRhiglk.exe
  C:\Windows\System\bRhiglk.exe
  2⤵
  PID:2664
- C:\Windows\System\ymEhcDW.exe
  C:\Windows\System\ymEhcDW.exe
  2⤵
  PID:2868
- C:\Windows\System\RafXsNS.exe
  C:\Windows\System\RafXsNS.exe
  2⤵
  PID:3052
- C:\Windows\System\HqYrECX.exe
  C:\Windows\System\HqYrECX.exe
  2⤵
  PID:5904
- C:\Windows\System\dPDRHOs.exe
  C:\Windows\System\dPDRHOs.exe
  2⤵
  PID:5936
- C:\Windows\System\KLSjoSj.exe
  C:\Windows\System\KLSjoSj.exe
  2⤵
  PID:5920
- C:\Windows\System\RGCphTA.exe
  C:\Windows\System\RGCphTA.exe
  2⤵
  PID:5996
- C:\Windows\System\XJETopu.exe
  C:\Windows\System\XJETopu.exe
  2⤵
  PID:6012
- C:\Windows\System\xRMLqPs.exe
  C:\Windows\System\xRMLqPs.exe
  2⤵
  PID:6032
- C:\Windows\System\kjpxkXO.exe
  C:\Windows\System\kjpxkXO.exe
  2⤵
  PID:6096
- C:\Windows\System\NDnYBJd.exe
  C:\Windows\System\NDnYBJd.exe
  2⤵
  PID:6048
- C:\Windows\System\RofRXFH.exe
  C:\Windows\System\RofRXFH.exe
  2⤵
  PID:6112
- C:\Windows\System\KwcaPpB.exe
  C:\Windows\System\KwcaPpB.exe
  2⤵
  PID:5044
- C:\Windows\System\ijeSrHU.exe
  C:\Windows\System\ijeSrHU.exe
  2⤵
  PID:6140
- C:\Windows\System\FECVUQi.exe
  C:\Windows\System\FECVUQi.exe
  2⤵
  PID:4140
- C:\Windows\System\omdROqE.exe
  C:\Windows\System\omdROqE.exe
  2⤵
  PID:2644
- C:\Windows\System\GBiLxcF.exe
  C:\Windows\System\GBiLxcF.exe
  2⤵
  PID:4560
- C:\Windows\System\ejpEPuI.exe
  C:\Windows\System\ejpEPuI.exe
  2⤵
  PID:4384
- C:\Windows\System\OOvtDGv.exe
  C:\Windows\System\OOvtDGv.exe
  2⤵
  PID:4616
- C:\Windows\System\yCfClLo.exe
  C:\Windows\System\yCfClLo.exe
  2⤵
  PID:5852
- C:\Windows\System\WrUseTO.exe
  C:\Windows\System\WrUseTO.exe
  2⤵
  PID:5352
- C:\Windows\System\cUprPre.exe
  C:\Windows\System\cUprPre.exe
  2⤵
  PID:5204
- C:\Windows\System\Eivygcb.exe
  C:\Windows\System\Eivygcb.exe
  2⤵
  PID:5288
- C:\Windows\System\iwwuGIx.exe
  C:\Windows\System\iwwuGIx.exe
  2⤵
  PID:5300
- C:\Windows\System\keciVYw.exe
  C:\Windows\System\keciVYw.exe
  2⤵
  PID:5428
- C:\Windows\System\KoLyWLF.exe
  C:\Windows\System\KoLyWLF.exe
  2⤵
  PID:5492
- C:\Windows\System\BHcHNil.exe
  C:\Windows\System\BHcHNil.exe
  2⤵
  PID:5192
- C:\Windows\System\VMfAwMR.exe
  C:\Windows\System\VMfAwMR.exe
  2⤵
  PID:1796
- C:\Windows\System\LfHiLUx.exe
  C:\Windows\System\LfHiLUx.exe
  2⤵
  PID:5684
- C:\Windows\System\YnsOmWC.exe
  C:\Windows\System\YnsOmWC.exe
  2⤵
  PID:5768
- C:\Windows\System\ediDWEZ.exe
  C:\Windows\System\ediDWEZ.exe
  2⤵
  PID:2828
- C:\Windows\System\VWNlrNw.exe
  C:\Windows\System\VWNlrNw.exe
  2⤵
  PID:5888
- C:\Windows\System\cYKKilW.exe
  C:\Windows\System\cYKKilW.exe
  2⤵
  PID:2588
- C:\Windows\System\TXYmmxB.exe
  C:\Windows\System\TXYmmxB.exe
  2⤵
  PID:5868
- C:\Windows\System\MyRMWhU.exe
  C:\Windows\System\MyRMWhU.exe
  2⤵
  PID:6000
- C:\Windows\System\ooLKkJe.exe
  C:\Windows\System\ooLKkJe.exe
  2⤵
  PID:6128
- C:\Windows\System\OuzeqJD.exe
  C:\Windows\System\OuzeqJD.exe
  2⤵
  PID:6064
- C:\Windows\System\hEBmtTV.exe
  C:\Windows\System\hEBmtTV.exe
  2⤵
  PID:3656
- C:\Windows\System\lmfEJnX.exe
  C:\Windows\System\lmfEJnX.exe
  2⤵
  PID:4128
- C:\Windows\System\JTlheXh.exe
  C:\Windows\System\JTlheXh.exe
  2⤵
  PID:1704
- C:\Windows\System\nkylCTB.exe
  C:\Windows\System\nkylCTB.exe
  2⤵
  PID:4348
- C:\Windows\System\oEdZLkc.exe
  C:\Windows\System\oEdZLkc.exe
  2⤵
  PID:4792
- C:\Windows\System\TDcOgfv.exe
  C:\Windows\System\TDcOgfv.exe
  2⤵
  PID:5316
- C:\Windows\System\iMqhRRs.exe
  C:\Windows\System\iMqhRRs.exe
  2⤵
  PID:6156
- C:\Windows\System\KUWRoBu.exe
  C:\Windows\System\KUWRoBu.exe
  2⤵
  PID:6172
- C:\Windows\System\MAZUuJC.exe
  C:\Windows\System\MAZUuJC.exe
  2⤵
  PID:6188
- C:\Windows\System\jxxaLEu.exe
  C:\Windows\System\jxxaLEu.exe
  2⤵
  PID:6204
- C:\Windows\System\lYKvaWU.exe
  C:\Windows\System\lYKvaWU.exe
  2⤵
  PID:6220
- C:\Windows\System\olQZYzp.exe
  C:\Windows\System\olQZYzp.exe
  2⤵
  PID:6236
- C:\Windows\System\FPnGDEi.exe
  C:\Windows\System\FPnGDEi.exe
  2⤵
  PID:6252
- C:\Windows\System\CYvcWmf.exe
  C:\Windows\System\CYvcWmf.exe
  2⤵
  PID:6268
- C:\Windows\System\KlxkTRH.exe
  C:\Windows\System\KlxkTRH.exe
  2⤵
  PID:6284
- C:\Windows\System\GIYkrii.exe
  C:\Windows\System\GIYkrii.exe
  2⤵
  PID:6300
- C:\Windows\System\OwUpzZx.exe
  C:\Windows\System\OwUpzZx.exe
  2⤵
  PID:6316
- C:\Windows\System\oqbLIKf.exe
  C:\Windows\System\oqbLIKf.exe
  2⤵
  PID:6332
- C:\Windows\System\YfmTfnw.exe
  C:\Windows\System\YfmTfnw.exe
  2⤵
  PID:6348
- C:\Windows\System\DozRWQD.exe
  C:\Windows\System\DozRWQD.exe
  2⤵
  PID:6364
- C:\Windows\System\nJPUlaI.exe
  C:\Windows\System\nJPUlaI.exe
  2⤵
  PID:6380
- C:\Windows\System\YOGpXKJ.exe
  C:\Windows\System\YOGpXKJ.exe
  2⤵
  PID:6396
- C:\Windows\System\YcPQors.exe
  C:\Windows\System\YcPQors.exe
  2⤵
  PID:6412
- C:\Windows\System\dRXkEiT.exe
  C:\Windows\System\dRXkEiT.exe
  2⤵
  PID:6428
- C:\Windows\System\amhKeJU.exe
  C:\Windows\System\amhKeJU.exe
  2⤵
  PID:6444
- C:\Windows\System\xOOPWhC.exe
  C:\Windows\System\xOOPWhC.exe
  2⤵
  PID:6460
- C:\Windows\System\GQgLvTU.exe
  C:\Windows\System\GQgLvTU.exe
  2⤵
  PID:6476
- C:\Windows\System\xwugSzw.exe
  C:\Windows\System\xwugSzw.exe
  2⤵
  PID:6492
- C:\Windows\System\PAaImbR.exe
  C:\Windows\System\PAaImbR.exe
  2⤵
  PID:6508
- C:\Windows\System\UBKAYhm.exe
  C:\Windows\System\UBKAYhm.exe
  2⤵
  PID:6524
- C:\Windows\System\lsGIHDP.exe
  C:\Windows\System\lsGIHDP.exe
  2⤵
  PID:6540
- C:\Windows\System\vewCKCK.exe
  C:\Windows\System\vewCKCK.exe
  2⤵
  PID:6560
- C:\Windows\System\ppjGCAg.exe
  C:\Windows\System\ppjGCAg.exe
  2⤵
  PID:6576
- C:\Windows\System\gGGLvSn.exe
  C:\Windows\System\gGGLvSn.exe
  2⤵
  PID:6592
- C:\Windows\System\ZSWmkrT.exe
  C:\Windows\System\ZSWmkrT.exe
  2⤵
  PID:6608
- C:\Windows\System\lFzWFZI.exe
  C:\Windows\System\lFzWFZI.exe
  2⤵
  PID:6624
- C:\Windows\System\aJIEuIU.exe
  C:\Windows\System\aJIEuIU.exe
  2⤵
  PID:6640
- C:\Windows\System\WJALovh.exe
  C:\Windows\System\WJALovh.exe
  2⤵
  PID:6656
- C:\Windows\System\RepeopH.exe
  C:\Windows\System\RepeopH.exe
  2⤵
  PID:6672
- C:\Windows\System\KmmRUOt.exe
  C:\Windows\System\KmmRUOt.exe
  2⤵
  PID:6688
- C:\Windows\System\SXzDpvC.exe
  C:\Windows\System\SXzDpvC.exe
  2⤵
  PID:6704
- C:\Windows\System\ydgcamZ.exe
  C:\Windows\System\ydgcamZ.exe
  2⤵
  PID:6720
- C:\Windows\System\gotMbcZ.exe
  C:\Windows\System\gotMbcZ.exe
  2⤵
  PID:6736
- C:\Windows\System\pumPHIT.exe
  C:\Windows\System\pumPHIT.exe
  2⤵
  PID:6752
- C:\Windows\System\hkAAuIK.exe
  C:\Windows\System\hkAAuIK.exe
  2⤵
  PID:6768
- C:\Windows\System\wvoxesL.exe
  C:\Windows\System\wvoxesL.exe
  2⤵
  PID:6784
- C:\Windows\System\ljdXMXK.exe
  C:\Windows\System\ljdXMXK.exe
  2⤵
  PID:6800
- C:\Windows\System\ASsegPo.exe
  C:\Windows\System\ASsegPo.exe
  2⤵
  PID:6816
- C:\Windows\System\gxNekOE.exe
  C:\Windows\System\gxNekOE.exe
  2⤵
  PID:6832
- C:\Windows\System\twOcPCV.exe
  C:\Windows\System\twOcPCV.exe
  2⤵
  PID:6848
- C:\Windows\System\HqYEcBD.exe
  C:\Windows\System\HqYEcBD.exe
  2⤵
  PID:6864
- C:\Windows\System\dNUkQxu.exe
  C:\Windows\System\dNUkQxu.exe
  2⤵
  PID:6880
- C:\Windows\System\lHSsHSc.exe
  C:\Windows\System\lHSsHSc.exe
  2⤵
  PID:6896
- C:\Windows\System\NupMECL.exe
  C:\Windows\System\NupMECL.exe
  2⤵
  PID:6912
- C:\Windows\System\UJJqKIh.exe
  C:\Windows\System\UJJqKIh.exe
  2⤵
  PID:6928
- C:\Windows\System\pVUqnuT.exe
  C:\Windows\System\pVUqnuT.exe
  2⤵
  PID:6944
- C:\Windows\System\DabOPRk.exe
  C:\Windows\System\DabOPRk.exe
  2⤵
  PID:6960
- C:\Windows\System\YjMVEsZ.exe
  C:\Windows\System\YjMVEsZ.exe
  2⤵
  PID:6976
- C:\Windows\System\ZnzgEOh.exe
  C:\Windows\System\ZnzgEOh.exe
  2⤵
  PID:6992
- C:\Windows\System\aRwgFen.exe
  C:\Windows\System\aRwgFen.exe
  2⤵
  PID:7008
- C:\Windows\System\axFXvcn.exe
  C:\Windows\System\axFXvcn.exe
  2⤵
  PID:7024
- C:\Windows\System\rjdBFsm.exe
  C:\Windows\System\rjdBFsm.exe
  2⤵
  PID:7040
- C:\Windows\System\PtnQiPF.exe
  C:\Windows\System\PtnQiPF.exe
  2⤵
  PID:7056
- C:\Windows\System\blnucfF.exe
  C:\Windows\System\blnucfF.exe
  2⤵
  PID:7072
- C:\Windows\System\mRBEHie.exe
  C:\Windows\System\mRBEHie.exe
  2⤵
  PID:7088
- C:\Windows\System\axhHOGN.exe
  C:\Windows\System\axhHOGN.exe
  2⤵
  PID:7104
- C:\Windows\System\IiZdsBx.exe
  C:\Windows\System\IiZdsBx.exe
  2⤵
  PID:7120
- C:\Windows\System\bYrScBQ.exe
  C:\Windows\System\bYrScBQ.exe
  2⤵
  PID:7136
- C:\Windows\System\pXIoFHe.exe
  C:\Windows\System\pXIoFHe.exe
  2⤵
  PID:7152
- C:\Windows\System\TNwYSBO.exe
  C:\Windows\System\TNwYSBO.exe
  2⤵
  PID:5400
- C:\Windows\System\qooDrbF.exe
  C:\Windows\System\qooDrbF.exe
  2⤵
  PID:3068
- C:\Windows\System\eIZVeyU.exe
  C:\Windows\System\eIZVeyU.exe
  2⤵
  PID:1476
- C:\Windows\System\EqjJKAa.exe
  C:\Windows\System\EqjJKAa.exe
  2⤵
  PID:5704
- C:\Windows\System\HfXJSIq.exe
  C:\Windows\System\HfXJSIq.exe
  2⤵
  PID:5832
- C:\Windows\System\sWiUzQV.exe
  C:\Windows\System\sWiUzQV.exe
  2⤵
  PID:5980
- C:\Windows\System\LbcFStT.exe
  C:\Windows\System\LbcFStT.exe
  2⤵
  PID:3060
- C:\Windows\System\qXPQsbf.exe
  C:\Windows\System\qXPQsbf.exe
  2⤵
  PID:2948
- C:\Windows\System\wTdZOsa.exe
  C:\Windows\System\wTdZOsa.exe
  2⤵
  PID:5012
- C:\Windows\System\LVxSxOA.exe
  C:\Windows\System\LVxSxOA.exe
  2⤵
  PID:756
- C:\Windows\System\XrHlksd.exe
  C:\Windows\System\XrHlksd.exe
  2⤵
  PID:828
- C:\Windows\System\YYbLkVg.exe
  C:\Windows\System\YYbLkVg.exe
  2⤵
  PID:6168
- C:\Windows\System\LwRPxME.exe
  C:\Windows\System\LwRPxME.exe
  2⤵
  PID:6200
- C:\Windows\System\aIHObLb.exe
  C:\Windows\System\aIHObLb.exe
  2⤵
  PID:6180
- C:\Windows\System\mGFtXtc.exe
  C:\Windows\System\mGFtXtc.exe
  2⤵
  PID:6216
- C:\Windows\System\dBeGXPg.exe
  C:\Windows\System\dBeGXPg.exe
  2⤵
  PID:6264
- C:\Windows\System\OafdCGk.exe
  C:\Windows\System\OafdCGk.exe
  2⤵
  PID:6296
- C:\Windows\System\jXiuDeR.exe
  C:\Windows\System\jXiuDeR.exe
  2⤵
  PID:6280
- C:\Windows\System\vduZmTr.exe
  C:\Windows\System\vduZmTr.exe
  2⤵
  PID:6308
- C:\Windows\System\dWQDsWM.exe
  C:\Windows\System\dWQDsWM.exe
  2⤵
  PID:676
- C:\Windows\System\OpLlwvH.exe
  C:\Windows\System\OpLlwvH.exe
  2⤵
  PID:2912
- C:\Windows\System\KpSJMeZ.exe
  C:\Windows\System\KpSJMeZ.exe
  2⤵
  PID:6392
- C:\Windows\System\yanpOSq.exe
  C:\Windows\System\yanpOSq.exe
  2⤵
  PID:6424
- C:\Windows\System\YxdTGeG.exe
  C:\Windows\System\YxdTGeG.exe
  2⤵
  PID:6452
- C:\Windows\System\DkbHsbb.exe
  C:\Windows\System\DkbHsbb.exe
  2⤵
  PID:6468
- C:\Windows\System\hRYcjOI.exe
  C:\Windows\System\hRYcjOI.exe
  2⤵
  PID:6472
- C:\Windows\System\WmLBYFg.exe
  C:\Windows\System\WmLBYFg.exe
  2⤵
  PID:6548
- C:\Windows\System\FmHnYxJ.exe
  C:\Windows\System\FmHnYxJ.exe
  2⤵
  PID:6588
- C:\Windows\System\mReIiuY.exe
  C:\Windows\System\mReIiuY.exe
  2⤵
  PID:6616
- C:\Windows\System\EvTqIgh.exe
  C:\Windows\System\EvTqIgh.exe
  2⤵
  PID:6648
- C:\Windows\System\LIXsBry.exe
  C:\Windows\System\LIXsBry.exe
  2⤵
  PID:6684
- C:\Windows\System\TBgzdyr.exe
  C:\Windows\System\TBgzdyr.exe
  2⤵
  PID:6712
- C:\Windows\System\YQWICTI.exe
  C:\Windows\System\YQWICTI.exe
  2⤵
  PID:6748
- C:\Windows\System\AvLnOtC.exe
  C:\Windows\System\AvLnOtC.exe
  2⤵
  PID:6812
- C:\Windows\System\PRbhfyx.exe
  C:\Windows\System\PRbhfyx.exe
  2⤵
  PID:6696
- C:\Windows\System\ywWVSlc.exe
  C:\Windows\System\ywWVSlc.exe
  2⤵
  PID:6760
- C:\Windows\System\RwDaGcd.exe
  C:\Windows\System\RwDaGcd.exe
  2⤵
  PID:6876
- C:\Windows\System\emjHcDB.exe
  C:\Windows\System\emjHcDB.exe
  2⤵
  PID:6940
- C:\Windows\System\HeXYyKW.exe
  C:\Windows\System\HeXYyKW.exe
  2⤵
  PID:6856
- C:\Windows\System\cLGSujJ.exe
  C:\Windows\System\cLGSujJ.exe
  2⤵
  PID:7004
- C:\Windows\System\qlSHzNL.exe
  C:\Windows\System\qlSHzNL.exe
  2⤵
  PID:6920
- C:\Windows\System\XzXvERu.exe
  C:\Windows\System\XzXvERu.exe
  2⤵
  PID:7068
- C:\Windows\System\IxSGRGX.exe
  C:\Windows\System\IxSGRGX.exe
  2⤵
  PID:7052
- C:\Windows\System\EmrQleX.exe
  C:\Windows\System\EmrQleX.exe
  2⤵
  PID:6988
- C:\Windows\System\VxTlCdI.exe
  C:\Windows\System\VxTlCdI.exe
  2⤵
  PID:7080
- C:\Windows\System\ReugBNF.exe
  C:\Windows\System\ReugBNF.exe
  2⤵
  PID:7084
- C:\Windows\System\purLEea.exe
  C:\Windows\System\purLEea.exe
  2⤵
  PID:7160
- C:\Windows\System\WNkGxet.exe
  C:\Windows\System\WNkGxet.exe
  2⤵
  PID:7144
- C:\Windows\System\xqcLLzW.exe
  C:\Windows\System\xqcLLzW.exe
  2⤵
  PID:5576
- C:\Windows\System\imYMhdP.exe
  C:\Windows\System\imYMhdP.exe
  2⤵
  PID:6092
- C:\Windows\System\TvcPybi.exe
  C:\Windows\System\TvcPybi.exe
  2⤵
  PID:4808
- C:\Windows\System\KIjnmha.exe
  C:\Windows\System\KIjnmha.exe
  2⤵
  PID:5948
- C:\Windows\System\sUtDfwb.exe
  C:\Windows\System\sUtDfwb.exe
  2⤵
  PID:1864
- C:\Windows\System\HYcQXSD.exe
  C:\Windows\System\HYcQXSD.exe
  2⤵
  PID:6248
- C:\Windows\System\WgdBVMO.exe
  C:\Windows\System\WgdBVMO.exe
  2⤵
  PID:6388
- C:\Windows\System\oFVMlIP.exe
  C:\Windows\System\oFVMlIP.exe
  2⤵
  PID:6212
- C:\Windows\System\jVTNKuo.exe
  C:\Windows\System\jVTNKuo.exe
  2⤵
  PID:6376
- C:\Windows\System\JxvGgaB.exe
  C:\Windows\System\JxvGgaB.exe
  2⤵
  PID:6436
- C:\Windows\System\sWlouLL.exe
  C:\Windows\System\sWlouLL.exe
  2⤵
  PID:2128
- C:\Windows\System\NgzPtxb.exe
  C:\Windows\System\NgzPtxb.exe
  2⤵
  PID:6408
- C:\Windows\System\WbrWoCp.exe
  C:\Windows\System\WbrWoCp.exe
  2⤵
  PID:6536
- C:\Windows\System\TdCmUhZ.exe
  C:\Windows\System\TdCmUhZ.exe
  2⤵
  PID:6716
- C:\Windows\System\zapGifB.exe
  C:\Windows\System\zapGifB.exe
  2⤵
  PID:6600
- C:\Windows\System\uFYTNLP.exe
  C:\Windows\System\uFYTNLP.exe
  2⤵
  PID:2772
- C:\Windows\System\EwuXTzm.exe
  C:\Windows\System\EwuXTzm.exe
  2⤵
  PID:6792
- C:\Windows\System\EuujxaR.exe
  C:\Windows\System\EuujxaR.exe
  2⤵
  PID:6860
- C:\Windows\System\MsPGHhO.exe
  C:\Windows\System\MsPGHhO.exe
  2⤵
  PID:6892
- C:\Windows\System\RBXtJNf.exe
  C:\Windows\System\RBXtJNf.exe
  2⤵
  PID:7036
- C:\Windows\System\WzSQaEf.exe
  C:\Windows\System\WzSQaEf.exe
  2⤵
  PID:6956
- C:\Windows\System\MgDOrxC.exe
  C:\Windows\System\MgDOrxC.exe
  2⤵
  PID:7164
- C:\Windows\System\csdWptI.exe
  C:\Windows\System\csdWptI.exe
  2⤵
  PID:6016
- C:\Windows\System\WpMEPmR.exe
  C:\Windows\System\WpMEPmR.exe
  2⤵
  PID:5656
- C:\Windows\System\vvYEdMQ.exe
  C:\Windows\System\vvYEdMQ.exe
  2⤵
  PID:2112
- C:\Windows\System\voJwsgz.exe
  C:\Windows\System\voJwsgz.exe
  2⤵
  PID:5848
- C:\Windows\System\pnEXVUw.exe
  C:\Windows\System\pnEXVUw.exe
  2⤵
  PID:6232
- C:\Windows\System\btUPkHO.exe
  C:\Windows\System\btUPkHO.exe
  2⤵
  PID:6420
- C:\Windows\System\ckPCLvq.exe
  C:\Windows\System\ckPCLvq.exe
  2⤵
  PID:6164
- C:\Windows\System\ROjDVaf.exe
  C:\Windows\System\ROjDVaf.exe
  2⤵
  PID:6532
- C:\Windows\System\XqPeGbM.exe
  C:\Windows\System\XqPeGbM.exe
  2⤵
  PID:6344
- C:\Windows\System\GNdomey.exe
  C:\Windows\System\GNdomey.exe
  2⤵
  PID:6844
- C:\Windows\System\BOCXwBS.exe
  C:\Windows\System\BOCXwBS.exe
  2⤵
  PID:7176
- C:\Windows\System\MhxIiRB.exe
  C:\Windows\System\MhxIiRB.exe
  2⤵
  PID:7192
- C:\Windows\System\uWbbiHH.exe
  C:\Windows\System\uWbbiHH.exe
  2⤵
  PID:7208
- C:\Windows\System\avuyFew.exe
  C:\Windows\System\avuyFew.exe
  2⤵
  PID:7224
- C:\Windows\System\irtOMKm.exe
  C:\Windows\System\irtOMKm.exe
  2⤵
  PID:7240
- C:\Windows\System\qzysDDH.exe
  C:\Windows\System\qzysDDH.exe
  2⤵
  PID:7256
- C:\Windows\System\KDRayyn.exe
  C:\Windows\System\KDRayyn.exe
  2⤵
  PID:7276
- C:\Windows\System\zATiSLR.exe
  C:\Windows\System\zATiSLR.exe
  2⤵
  PID:7292
- C:\Windows\System\DomHTwf.exe
  C:\Windows\System\DomHTwf.exe
  2⤵
  PID:7308
- C:\Windows\System\lEGEUoI.exe
  C:\Windows\System\lEGEUoI.exe
  2⤵
  PID:7324
- C:\Windows\System\uPJWJTu.exe
  C:\Windows\System\uPJWJTu.exe
  2⤵
  PID:7340
- C:\Windows\System\LZIFBtb.exe
  C:\Windows\System\LZIFBtb.exe
  2⤵
  PID:7356
- C:\Windows\System\YuqVHqv.exe
  C:\Windows\System\YuqVHqv.exe
  2⤵
  PID:7372
- C:\Windows\System\YxuECMr.exe
  C:\Windows\System\YxuECMr.exe
  2⤵
  PID:7388
- C:\Windows\System\gJPueFV.exe
  C:\Windows\System\gJPueFV.exe
  2⤵
  PID:7404
- C:\Windows\System\mUoWtoR.exe
  C:\Windows\System\mUoWtoR.exe
  2⤵
  PID:7420
- C:\Windows\System\nromzpA.exe
  C:\Windows\System\nromzpA.exe
  2⤵
  PID:7436
- C:\Windows\System\mzlbJGT.exe
  C:\Windows\System\mzlbJGT.exe
  2⤵
  PID:7452
- C:\Windows\System\RHaHFIV.exe
  C:\Windows\System\RHaHFIV.exe
  2⤵
  PID:7468
- C:\Windows\System\AZXdvCy.exe
  C:\Windows\System\AZXdvCy.exe
  2⤵
  PID:7484
- C:\Windows\System\YZdhPHA.exe
  C:\Windows\System\YZdhPHA.exe
  2⤵
  PID:7500
- C:\Windows\System\REAxYyq.exe
  C:\Windows\System\REAxYyq.exe
  2⤵
  PID:7516
- C:\Windows\System\EoXDdsA.exe
  C:\Windows\System\EoXDdsA.exe
  2⤵
  PID:7532
- C:\Windows\System\tJtlHnP.exe
  C:\Windows\System\tJtlHnP.exe
  2⤵
  PID:7548
- C:\Windows\System\CjXjYtg.exe
  C:\Windows\System\CjXjYtg.exe
  2⤵
  PID:7564
- C:\Windows\System\VdtfqTg.exe
  C:\Windows\System\VdtfqTg.exe
  2⤵
  PID:7580
- C:\Windows\System\ItOXVXC.exe
  C:\Windows\System\ItOXVXC.exe
  2⤵
  PID:7596
- C:\Windows\System\ObrvkmB.exe
  C:\Windows\System\ObrvkmB.exe
  2⤵
  PID:7612
- C:\Windows\System\wRzqPwe.exe
  C:\Windows\System\wRzqPwe.exe
  2⤵
  PID:7628
- C:\Windows\System\BeOudPr.exe
  C:\Windows\System\BeOudPr.exe
  2⤵
  PID:7644
- C:\Windows\System\AKbtdkc.exe
  C:\Windows\System\AKbtdkc.exe
  2⤵
  PID:7660
- C:\Windows\System\HxbwBew.exe
  C:\Windows\System\HxbwBew.exe
  2⤵
  PID:7676
- C:\Windows\System\bvmMRDx.exe
  C:\Windows\System\bvmMRDx.exe
  2⤵
  PID:7692
- C:\Windows\System\vxPtKmn.exe
  C:\Windows\System\vxPtKmn.exe
  2⤵
  PID:7708
- C:\Windows\System\aKPWMeE.exe
  C:\Windows\System\aKPWMeE.exe
  2⤵
  PID:7728
- C:\Windows\System\AcJfgxh.exe
  C:\Windows\System\AcJfgxh.exe
  2⤵
  PID:7744
- C:\Windows\System\LDeIvpz.exe
  C:\Windows\System\LDeIvpz.exe
  2⤵
  PID:7760
- C:\Windows\System\quLOOcF.exe
  C:\Windows\System\quLOOcF.exe
  2⤵
  PID:7776
- C:\Windows\System\aSryaKM.exe
  C:\Windows\System\aSryaKM.exe
  2⤵
  PID:7792
- C:\Windows\System\JnOVxtq.exe
  C:\Windows\System\JnOVxtq.exe
  2⤵
  PID:7808
- C:\Windows\System\cnjOeCv.exe
  C:\Windows\System\cnjOeCv.exe
  2⤵
  PID:7824
- C:\Windows\System\mkUEEVo.exe
  C:\Windows\System\mkUEEVo.exe
  2⤵
  PID:7840
- C:\Windows\System\vfSIjyZ.exe
  C:\Windows\System\vfSIjyZ.exe
  2⤵
  PID:7856
- C:\Windows\System\huQxFux.exe
  C:\Windows\System\huQxFux.exe
  2⤵
  PID:7872
- C:\Windows\System\FgdtzeH.exe
  C:\Windows\System\FgdtzeH.exe
  2⤵
  PID:7888
- C:\Windows\System\wuKVwsd.exe
  C:\Windows\System\wuKVwsd.exe
  2⤵
  PID:7904
- C:\Windows\System\emDShKf.exe
  C:\Windows\System\emDShKf.exe
  2⤵
  PID:7920
- C:\Windows\System\lRcWeUm.exe
  C:\Windows\System\lRcWeUm.exe
  2⤵
  PID:7936
- C:\Windows\System\qMGAMbu.exe
  C:\Windows\System\qMGAMbu.exe
  2⤵
  PID:7952
- C:\Windows\System\ybYbxKz.exe
  C:\Windows\System\ybYbxKz.exe
  2⤵
  PID:7968
- C:\Windows\System\myDkHPV.exe
  C:\Windows\System\myDkHPV.exe
  2⤵
  PID:7984
- C:\Windows\System\LBFFwRf.exe
  C:\Windows\System\LBFFwRf.exe
  2⤵
  PID:8000
- C:\Windows\System\kiIiYCv.exe
  C:\Windows\System\kiIiYCv.exe
  2⤵
  PID:8016
- C:\Windows\System\RHWnvly.exe
  C:\Windows\System\RHWnvly.exe
  2⤵
  PID:8032
- C:\Windows\System\pkixWJb.exe
  C:\Windows\System\pkixWJb.exe
  2⤵
  PID:8048
- C:\Windows\System\tbhhGyy.exe
  C:\Windows\System\tbhhGyy.exe
  2⤵
  PID:8064
- C:\Windows\System\zgiEnvm.exe
  C:\Windows\System\zgiEnvm.exe
  2⤵
  PID:8080
- C:\Windows\System\KBGyUeB.exe
  C:\Windows\System\KBGyUeB.exe
  2⤵
  PID:8096
- C:\Windows\System\crDbUPr.exe
  C:\Windows\System\crDbUPr.exe
  2⤵
  PID:8112
- C:\Windows\System\wPDlTXZ.exe
  C:\Windows\System\wPDlTXZ.exe
  2⤵
  PID:8128
- C:\Windows\System\tnphWPX.exe
  C:\Windows\System\tnphWPX.exe
  2⤵
  PID:8144
- C:\Windows\System\FRIJfzg.exe
  C:\Windows\System\FRIJfzg.exe
  2⤵
  PID:8160
- C:\Windows\System\QGBlSBh.exe
  C:\Windows\System\QGBlSBh.exe
  2⤵
  PID:8176
- C:\Windows\System\fTMSusf.exe
  C:\Windows\System\fTMSusf.exe
  2⤵
  PID:6908
- C:\Windows\System\ebietPB.exe
  C:\Windows\System\ebietPB.exe
  2⤵
  PID:6824
- C:\Windows\System\pmgRnsu.exe
  C:\Windows\System\pmgRnsu.exe
  2⤵
  PID:7016
- C:\Windows\System\iAmTySk.exe
  C:\Windows\System\iAmTySk.exe
  2⤵
  PID:4676
- C:\Windows\System\zFtqVpA.exe
  C:\Windows\System\zFtqVpA.exe
  2⤵
  PID:5412
- C:\Windows\System\RsKLlyI.exe
  C:\Windows\System\RsKLlyI.exe
  2⤵
  PID:2800
- C:\Windows\System\DVMRxOJ.exe
  C:\Windows\System\DVMRxOJ.exe
  2⤵
  PID:7172
- C:\Windows\System\mCezUnB.exe
  C:\Windows\System\mCezUnB.exe
  2⤵
  PID:6228
- C:\Windows\System\amSEQwW.exe
  C:\Windows\System\amSEQwW.exe
  2⤵
  PID:7184
- C:\Windows\System\dtbJZYM.exe
  C:\Windows\System\dtbJZYM.exe
  2⤵
  PID:7236
- C:\Windows\System\UOAnbQq.exe
  C:\Windows\System\UOAnbQq.exe
  2⤵
  PID:7304
- C:\Windows\System\gwRQagA.exe
  C:\Windows\System\gwRQagA.exe
  2⤵
  PID:7248
- C:\Windows\System\NELJdjZ.exe
  C:\Windows\System\NELJdjZ.exe
  2⤵
  PID:7288
- C:\Windows\System\FdeGsHY.exe
  C:\Windows\System\FdeGsHY.exe
  2⤵
  PID:7400
- C:\Windows\System\WbrAbSF.exe
  C:\Windows\System\WbrAbSF.exe
  2⤵
  PID:7352
- C:\Windows\System\VRWggsf.exe
  C:\Windows\System\VRWggsf.exe
  2⤵
  PID:7432
- C:\Windows\System\tdYlWXR.exe
  C:\Windows\System\tdYlWXR.exe
  2⤵
  PID:7464
- C:\Windows\System\ojjubPc.exe
  C:\Windows\System\ojjubPc.exe
  2⤵
  PID:7448
- C:\Windows\System\EZjrFwG.exe
  C:\Windows\System\EZjrFwG.exe
  2⤵
  PID:7524
- C:\Windows\System\cbuKrRR.exe
  C:\Windows\System\cbuKrRR.exe
  2⤵
  PID:7556
- C:\Windows\System\zTimntB.exe
  C:\Windows\System\zTimntB.exe
  2⤵
  PID:7588
- C:\Windows\System\NuHmRbh.exe
  C:\Windows\System\NuHmRbh.exe
  2⤵
  PID:2720
- C:\Windows\System\oIiwTPv.exe
  C:\Windows\System\oIiwTPv.exe
  2⤵
  PID:1740
- C:\Windows\System\shsTWmI.exe
  C:\Windows\System\shsTWmI.exe
  2⤵
  PID:7608
- C:\Windows\System\OOAXhDD.exe
  C:\Windows\System\OOAXhDD.exe
  2⤵
  PID:7652
- C:\Windows\System\zepEEXg.exe
  C:\Windows\System\zepEEXg.exe
  2⤵
  PID:7684
- C:\Windows\System\hJcKgtp.exe
  C:\Windows\System\hJcKgtp.exe
  2⤵
  PID:7704
- C:\Windows\System\WhIpEPh.exe
  C:\Windows\System\WhIpEPh.exe
  2⤵
  PID:7752
- C:\Windows\System\llBbjQc.exe
  C:\Windows\System\llBbjQc.exe
  2⤵
  PID:7784
- C:\Windows\System\bHvbFYm.exe
  C:\Windows\System\bHvbFYm.exe
  2⤵
  PID:7804
- C:\Windows\System\BKFtwAB.exe
  C:\Windows\System\BKFtwAB.exe
  2⤵
  PID:7836
- C:\Windows\System\fpvnLat.exe
  C:\Windows\System\fpvnLat.exe
  2⤵
  PID:7868
- C:\Windows\System\KkeyZfZ.exe
  C:\Windows\System\KkeyZfZ.exe
  2⤵
  PID:7912
- C:\Windows\System\GImuWaL.exe
  C:\Windows\System\GImuWaL.exe
  2⤵
  PID:7932
- C:\Windows\System\brPmrge.exe
  C:\Windows\System\brPmrge.exe
  2⤵
  PID:7964
- C:\Windows\System\PurPtbe.exe
  C:\Windows\System\PurPtbe.exe
  2⤵
  PID:7992
- C:\Windows\System\uMmoKzz.exe
  C:\Windows\System\uMmoKzz.exe
  2⤵
  PID:8028
- C:\Windows\System\eVQVMDd.exe
  C:\Windows\System\eVQVMDd.exe
  2⤵
  PID:8060
- C:\Windows\System\uAgNoJr.exe
  C:\Windows\System\uAgNoJr.exe
  2⤵
  PID:8076
- C:\Windows\System\tnIGYEv.exe
  C:\Windows\System\tnIGYEv.exe
  2⤵
  PID:8108
- C:\Windows\System\CtvNxzq.exe
  C:\Windows\System\CtvNxzq.exe
  2⤵
  PID:8152
- C:\Windows\System\WSOguBt.exe
  C:\Windows\System\WSOguBt.exe
  2⤵
  PID:8172
- C:\Windows\System\ueEJRVR.exe
  C:\Windows\System\ueEJRVR.exe
  2⤵
  PID:6796
- C:\Windows\System\LkVdrgv.exe
  C:\Windows\System\LkVdrgv.exe
  2⤵
  PID:2940
- C:\Windows\System\CSGwtVW.exe
  C:\Windows\System\CSGwtVW.exe
  2⤵
  PID:6504
- C:\Windows\System\zHcIDHY.exe
  C:\Windows\System\zHcIDHY.exe
  2⤵
  PID:7204
- C:\Windows\System\iSslvxJ.exe
  C:\Windows\System\iSslvxJ.exe
  2⤵
  PID:6488
- C:\Windows\System\EtNRmxM.exe
  C:\Windows\System\EtNRmxM.exe
  2⤵
  PID:7268
- C:\Windows\System\oMIkjta.exe
  C:\Windows\System\oMIkjta.exe
  2⤵
  PID:7336
- C:\Windows\System\JkRLTFS.exe
  C:\Windows\System\JkRLTFS.exe
  2⤵
  PID:7384
- C:\Windows\System\vOKfWGv.exe
  C:\Windows\System\vOKfWGv.exe
  2⤵
  PID:7444
- C:\Windows\System\ywcgCPX.exe
  C:\Windows\System\ywcgCPX.exe
  2⤵
  PID:7508
- C:\Windows\System\nlNUlQP.exe
  C:\Windows\System\nlNUlQP.exe
  2⤵
  PID:7512
- C:\Windows\System\FQbzizp.exe
  C:\Windows\System\FQbzizp.exe
  2⤵
  PID:7272
- C:\Windows\System\LnoNREb.exe
  C:\Windows\System\LnoNREb.exe
  2⤵
  PID:2552
- C:\Windows\System\NqaRbKM.exe
  C:\Windows\System\NqaRbKM.exe
  2⤵
  PID:7640
- C:\Windows\System\nqNVnmR.exe
  C:\Windows\System\nqNVnmR.exe
  2⤵
  PID:7740
- C:\Windows\System\NFiGddB.exe
  C:\Windows\System\NFiGddB.exe
  2⤵
  PID:2976
- C:\Windows\System\QpKzBVE.exe
  C:\Windows\System\QpKzBVE.exe
  2⤵
  PID:2836
- C:\Windows\System\NEkJjAa.exe
  C:\Windows\System\NEkJjAa.exe
  2⤵
  PID:7896
- C:\Windows\System\dmsoFPL.exe
  C:\Windows\System\dmsoFPL.exe
  2⤵
  PID:7928
- C:\Windows\System\FZQXfnq.exe
  C:\Windows\System\FZQXfnq.exe
  2⤵
  PID:8008
- C:\Windows\System\CEIdIAI.exe
  C:\Windows\System\CEIdIAI.exe
  2⤵
  PID:8056
- C:\Windows\System\crHRjTc.exe
  C:\Windows\System\crHRjTc.exe
  2⤵
  PID:8092
- C:\Windows\System\OfrjToN.exe
  C:\Windows\System\OfrjToN.exe
  2⤵
  PID:8136
- C:\Windows\System\bddvezw.exe
  C:\Windows\System\bddvezw.exe
  2⤵
  PID:8188
- C:\Windows\System\hhnKxNu.exe
  C:\Windows\System\hhnKxNu.exe
  2⤵
  PID:2204
- C:\Windows\System\LuchpTg.exe
  C:\Windows\System\LuchpTg.exe
  2⤵
  PID:7232
- C:\Windows\System\OXnYUKZ.exe
  C:\Windows\System\OXnYUKZ.exe
  2⤵
  PID:7284
- C:\Windows\System\DnoUGGD.exe
  C:\Windows\System\DnoUGGD.exe
  2⤵
  PID:1932
- C:\Windows\System\iUIbycf.exe
  C:\Windows\System\iUIbycf.exe
  2⤵
  PID:7496
- C:\Windows\System\MIwvDkF.exe
  C:\Windows\System\MIwvDkF.exe
  2⤵
  PID:7576
- C:\Windows\System\IfdCfad.exe
  C:\Windows\System\IfdCfad.exe
  2⤵
  PID:2548
- C:\Windows\System\EPngOus.exe
  C:\Windows\System\EPngOus.exe
  2⤵
  PID:1140
- C:\Windows\System\GTfWGQu.exe
  C:\Windows\System\GTfWGQu.exe
  2⤵
  PID:1576
- C:\Windows\System\qurBVXa.exe
  C:\Windows\System\qurBVXa.exe
  2⤵
  PID:7852
- C:\Windows\System\pXVvswq.exe
  C:\Windows\System\pXVvswq.exe
  2⤵
  PID:1072
- C:\Windows\System\EAOGnYv.exe
  C:\Windows\System\EAOGnYv.exe
  2⤵
  PID:2540
- C:\Windows\System\sbepcTY.exe
  C:\Windows\System\sbepcTY.exe
  2⤵
  PID:7048
- C:\Windows\System\YrCevcH.exe
  C:\Windows\System\YrCevcH.exe
  2⤵
  PID:7116
- C:\Windows\System\IVoHhXz.exe
  C:\Windows\System\IVoHhXz.exe
  2⤵
  PID:2916
- C:\Windows\System\tkkzqqQ.exe
  C:\Windows\System\tkkzqqQ.exe
  2⤵
  PID:2196
- C:\Windows\System\MeiHHrb.exe
  C:\Windows\System\MeiHHrb.exe
  2⤵
  PID:1436
- C:\Windows\System\dfxLbpa.exe
  C:\Windows\System\dfxLbpa.exe
  2⤵
  PID:7476
- C:\Windows\System\ribyCTj.exe
  C:\Windows\System\ribyCTj.exe
  2⤵
  PID:2448
- C:\Windows\System\qBuEAXD.exe
  C:\Windows\System\qBuEAXD.exe
  2⤵
  PID:7884
- C:\Windows\System\JIjtxbE.exe
  C:\Windows\System\JIjtxbE.exe
  2⤵
  PID:8124
- C:\Windows\System\zdpGZxK.exe
  C:\Windows\System\zdpGZxK.exe
  2⤵
  PID:1896
- C:\Windows\System\yFqhIoV.exe
  C:\Windows\System\yFqhIoV.exe
  2⤵
  PID:5872
- C:\Windows\System\VuCTqIh.exe
  C:\Windows\System\VuCTqIh.exe
  2⤵
  PID:8156
- C:\Windows\System\NNehoRj.exe
  C:\Windows\System\NNehoRj.exe
  2⤵
  PID:7188
- C:\Windows\System\tiQeGGE.exe
  C:\Windows\System\tiQeGGE.exe
  2⤵
  PID:7252
- C:\Windows\System\ZMhZpEH.exe
  C:\Windows\System\ZMhZpEH.exe
  2⤵
  PID:2424
- C:\Windows\System\wwrnson.exe
  C:\Windows\System\wwrnson.exe
  2⤵
  PID:636
- C:\Windows\System\jgFWafz.exe
  C:\Windows\System\jgFWafz.exe
  2⤵
  PID:2804
- C:\Windows\System\oubETJH.exe
  C:\Windows\System\oubETJH.exe
  2⤵
  PID:8024
- C:\Windows\System\BmuLXRZ.exe
  C:\Windows\System\BmuLXRZ.exe
  2⤵
  PID:8208
- C:\Windows\System\aKgOmwm.exe
  C:\Windows\System\aKgOmwm.exe
  2⤵
  PID:8268
- C:\Windows\System\ubOnCXu.exe
  C:\Windows\System\ubOnCXu.exe
  2⤵
  PID:8284
- C:\Windows\System\JvRBBkV.exe
  C:\Windows\System\JvRBBkV.exe
  2⤵
  PID:8300
- C:\Windows\System\VIgaWAZ.exe
  C:\Windows\System\VIgaWAZ.exe
  2⤵
  PID:8316
- C:\Windows\System\veetjhZ.exe
  C:\Windows\System\veetjhZ.exe
  2⤵
  PID:8332
- C:\Windows\System\bDviNEJ.exe
  C:\Windows\System\bDviNEJ.exe
  2⤵
  PID:8348
- C:\Windows\System\HiuusQB.exe
  C:\Windows\System\HiuusQB.exe
  2⤵
  PID:8364
- C:\Windows\System\FUEoflw.exe
  C:\Windows\System\FUEoflw.exe
  2⤵
  PID:8380
- C:\Windows\System\pCmhwvQ.exe
  C:\Windows\System\pCmhwvQ.exe
  2⤵
  PID:8412
- C:\Windows\System\iidyTBw.exe
  C:\Windows\System\iidyTBw.exe
  2⤵
  PID:8428
- C:\Windows\System\QCGYygh.exe
  C:\Windows\System\QCGYygh.exe
  2⤵
  PID:8444
- C:\Windows\System\cpHQAog.exe
  C:\Windows\System\cpHQAog.exe
  2⤵
  PID:8460
- C:\Windows\System\UAqiQNa.exe
  C:\Windows\System\UAqiQNa.exe
  2⤵
  PID:8476
- C:\Windows\System\RcYjlNZ.exe
  C:\Windows\System\RcYjlNZ.exe
  2⤵
  PID:8492
- C:\Windows\System\VjTFghA.exe
  C:\Windows\System\VjTFghA.exe
  2⤵
  PID:8508
- C:\Windows\System\ZxICGbZ.exe
  C:\Windows\System\ZxICGbZ.exe
  2⤵
  PID:8524
- C:\Windows\System\JFBvSme.exe
  C:\Windows\System\JFBvSme.exe
  2⤵
  PID:8540
- C:\Windows\System\vUVzQHd.exe
  C:\Windows\System\vUVzQHd.exe
  2⤵
  PID:8556
- C:\Windows\System\PeoWYCt.exe
  C:\Windows\System\PeoWYCt.exe
  2⤵
  PID:8572
- C:\Windows\System\fZbUFGE.exe
  C:\Windows\System\fZbUFGE.exe
  2⤵
  PID:8588
- C:\Windows\System\REqJmed.exe
  C:\Windows\System\REqJmed.exe
  2⤵
  PID:8608
- C:\Windows\System\mfXcbRM.exe
  C:\Windows\System\mfXcbRM.exe
  2⤵
  PID:8624
- C:\Windows\System\kvLvisX.exe
  C:\Windows\System\kvLvisX.exe
  2⤵
  PID:8640
- C:\Windows\System\hlycAIW.exe
  C:\Windows\System\hlycAIW.exe
  2⤵
  PID:8656
- C:\Windows\System\jbzWFNU.exe
  C:\Windows\System\jbzWFNU.exe
  2⤵
  PID:8672
- C:\Windows\System\JYfggxy.exe
  C:\Windows\System\JYfggxy.exe
  2⤵
  PID:8688
- C:\Windows\System\Spcchch.exe
  C:\Windows\System\Spcchch.exe
  2⤵
  PID:8704
- C:\Windows\System\TJvVLwi.exe
  C:\Windows\System\TJvVLwi.exe
  2⤵
  PID:8736
- C:\Windows\System\AVmpAQj.exe
  C:\Windows\System\AVmpAQj.exe
  2⤵
  PID:8752
- C:\Windows\System\ArZfMas.exe
  C:\Windows\System\ArZfMas.exe
  2⤵
  PID:8772
- C:\Windows\System\zMJkpDG.exe
  C:\Windows\System\zMJkpDG.exe
  2⤵
  PID:8788
- C:\Windows\System\xiOQxMF.exe
  C:\Windows\System\xiOQxMF.exe
  2⤵
  PID:8804
- C:\Windows\System\NDqapyX.exe
  C:\Windows\System\NDqapyX.exe
  2⤵
  PID:8820
- C:\Windows\System\omTWFmj.exe
  C:\Windows\System\omTWFmj.exe
  2⤵
  PID:8836
- C:\Windows\System\pknkrWU.exe
  C:\Windows\System\pknkrWU.exe
  2⤵
  PID:8852
- C:\Windows\System\qeiTKqZ.exe
  C:\Windows\System\qeiTKqZ.exe
  2⤵
  PID:8868
- C:\Windows\System\EFewVuo.exe
  C:\Windows\System\EFewVuo.exe
  2⤵
  PID:8884
- C:\Windows\System\SvuzLFF.exe
  C:\Windows\System\SvuzLFF.exe
  2⤵
  PID:8900
- C:\Windows\System\eUGjTtU.exe
  C:\Windows\System\eUGjTtU.exe
  2⤵
  PID:8916
- C:\Windows\System\BaQYHYX.exe
  C:\Windows\System\BaQYHYX.exe
  2⤵
  PID:8932
- C:\Windows\System\gNwdCfd.exe
  C:\Windows\System\gNwdCfd.exe
  2⤵
  PID:8948
- C:\Windows\System\TmpBPBo.exe
  C:\Windows\System\TmpBPBo.exe
  2⤵
  PID:8964
- C:\Windows\System\eVzWAhI.exe
  C:\Windows\System\eVzWAhI.exe
  2⤵
  PID:8980
- C:\Windows\System\JkxXTUQ.exe
  C:\Windows\System\JkxXTUQ.exe
  2⤵
  PID:9000
- C:\Windows\System\fNTKvmR.exe
  C:\Windows\System\fNTKvmR.exe
  2⤵
  PID:9016
- C:\Windows\System\MWzswCm.exe
  C:\Windows\System\MWzswCm.exe
  2⤵
  PID:9032
- C:\Windows\System\DBrbEdB.exe
  C:\Windows\System\DBrbEdB.exe
  2⤵
  PID:9048
- C:\Windows\System\dUYsAPH.exe
  C:\Windows\System\dUYsAPH.exe
  2⤵
  PID:9064
- C:\Windows\System\wlUmgFk.exe
  C:\Windows\System\wlUmgFk.exe
  2⤵
  PID:9080
- C:\Windows\System\gVUPlqe.exe
  C:\Windows\System\gVUPlqe.exe
  2⤵
  PID:9096
- C:\Windows\System\KcSOvre.exe
  C:\Windows\System\KcSOvre.exe
  2⤵
  PID:9112
- C:\Windows\System\sNOyIUy.exe
  C:\Windows\System\sNOyIUy.exe
  2⤵
  PID:9128
- C:\Windows\System\CWZxgUA.exe
  C:\Windows\System\CWZxgUA.exe
  2⤵
  PID:9144
- C:\Windows\System\PANjHSx.exe
  C:\Windows\System\PANjHSx.exe
  2⤵
  PID:9160
- C:\Windows\System\ajyVMhG.exe
  C:\Windows\System\ajyVMhG.exe
  2⤵
  PID:9176
- C:\Windows\System\RvBKYVp.exe
  C:\Windows\System\RvBKYVp.exe
  2⤵
  PID:9192
- C:\Windows\System\UepzQsC.exe
  C:\Windows\System\UepzQsC.exe
  2⤵
  PID:9208
- C:\Windows\System\kzNDJhc.exe
  C:\Windows\System\kzNDJhc.exe
  2⤵
  PID:2924
- C:\Windows\System\pAvkTfw.exe
  C:\Windows\System\pAvkTfw.exe
  2⤵
  PID:7800
- C:\Windows\System\CsDhGbW.exe
  C:\Windows\System\CsDhGbW.exe
  2⤵
  PID:8200
- C:\Windows\System\pUUiYhD.exe
  C:\Windows\System\pUUiYhD.exe
  2⤵
  PID:1492
- C:\Windows\System\SqoIwVC.exe
  C:\Windows\System\SqoIwVC.exe
  2⤵
  PID:8220
- C:\Windows\System\dGPhEwI.exe
  C:\Windows\System\dGPhEwI.exe
  2⤵
  PID:8236
- C:\Windows\System\XDpDhbW.exe
  C:\Windows\System\XDpDhbW.exe
  2⤵
  PID:8252
- C:\Windows\System\joAfNQx.exe
  C:\Windows\System\joAfNQx.exe
  2⤵
  PID:8292
- C:\Windows\System\xSVryux.exe
  C:\Windows\System\xSVryux.exe
  2⤵
  PID:8356
- C:\Windows\System\IUOdpLv.exe
  C:\Windows\System\IUOdpLv.exe
  2⤵
  PID:8400
- C:\Windows\System\FaZHSnU.exe
  C:\Windows\System\FaZHSnU.exe
  2⤵
  PID:8436
- C:\Windows\System\wJztyEg.exe
  C:\Windows\System\wJztyEg.exe
  2⤵
  PID:8500
- C:\Windows\System\xrERZLf.exe
  C:\Windows\System\xrERZLf.exe
  2⤵
  PID:8564
- C:\Windows\System\lAcqYAo.exe
  C:\Windows\System\lAcqYAo.exe
  2⤵
  PID:8632
- C:\Windows\System\YrZIVvZ.exe
  C:\Windows\System\YrZIVvZ.exe
  2⤵
  PID:8696
- C:\Windows\System\iudfKHz.exe
  C:\Windows\System\iudfKHz.exe
  2⤵
  PID:8276
- C:\Windows\System\hsFmKfW.exe
  C:\Windows\System\hsFmKfW.exe
  2⤵
  PID:8344
- C:\Windows\System\jhBUofA.exe
  C:\Windows\System\jhBUofA.exe
  2⤵
  PID:8516
- C:\Windows\System\wGWmWte.exe
  C:\Windows\System\wGWmWte.exe
  2⤵
  PID:8452
- C:\Windows\System\hZNIXDP.exe
  C:\Windows\System\hZNIXDP.exe
  2⤵
  PID:8620
- C:\Windows\System\RijvTIC.exe
  C:\Windows\System\RijvTIC.exe
  2⤵
  PID:8684
- C:\Windows\System\GcpoPGh.exe
  C:\Windows\System\GcpoPGh.exe
  2⤵
  PID:8732
- C:\Windows\System\GNpvWWe.exe
  C:\Windows\System\GNpvWWe.exe
  2⤵
  PID:8784
- C:\Windows\System\yfQpIae.exe
  C:\Windows\System\yfQpIae.exe
  2⤵
  PID:8848
- C:\Windows\System\XVzyDUR.exe
  C:\Windows\System\XVzyDUR.exe
  2⤵
  PID:8912
- C:\Windows\System\ZxOpxgQ.exe
  C:\Windows\System\ZxOpxgQ.exe
  2⤵
  PID:8860
- C:\Windows\System\BzHGRZA.exe
  C:\Windows\System\BzHGRZA.exe
  2⤵
  PID:8924
- C:\Windows\System\VnIFrBH.exe
  C:\Windows\System\VnIFrBH.exe
  2⤵
  PID:8828
- C:\Windows\System\jMJKoly.exe
  C:\Windows\System\jMJKoly.exe
  2⤵
  PID:8960
- C:\Windows\System\aOwSCac.exe
  C:\Windows\System\aOwSCac.exe
  2⤵
  PID:1220
- C:\Windows\System\RGIfDlB.exe
  C:\Windows\System\RGIfDlB.exe
  2⤵
  PID:8196
- C:\Windows\System\LeUrpAL.exe
  C:\Windows\System\LeUrpAL.exe
  2⤵
  PID:1988
- C:\Windows\System\NJosPJC.exe
  C:\Windows\System\NJosPJC.exe
  2⤵
  PID:2968
- C:\Windows\System\sPxBuvd.exe
  C:\Windows\System\sPxBuvd.exe
  2⤵
  PID:8264
- C:\Windows\System\LRswctd.exe
  C:\Windows\System\LRswctd.exe
  2⤵
  PID:8388
- C:\Windows\System\SsxzTpe.exe
  C:\Windows\System\SsxzTpe.exe
  2⤵
  PID:8328
- C:\Windows\System\ozVyngl.exe
  C:\Windows\System\ozVyngl.exe
  2⤵
  PID:8472
- C:\Windows\System\Zzfbseu.exe
  C:\Windows\System\Zzfbseu.exe
  2⤵
  PID:8552
- C:\Windows\System\iAmwQkk.exe
  C:\Windows\System\iAmwQkk.exe
  2⤵
  PID:1848
- C:\Windows\System\xOBmoDy.exe
  C:\Windows\System\xOBmoDy.exe
  2⤵
  PID:8584
- C:\Windows\System\ivKWZPv.exe
  C:\Windows\System\ivKWZPv.exe
  2⤵
  PID:8764
- C:\Windows\System\cwJJshh.exe
  C:\Windows\System\cwJJshh.exe
  2⤵
  PID:8976
- C:\Windows\System\XycMDJi.exe
  C:\Windows\System\XycMDJi.exe
  2⤵
  PID:8456
- C:\Windows\System\sWjghkc.exe
  C:\Windows\System\sWjghkc.exe
  2⤵
  PID:8748
- C:\Windows\System\iTmVXlT.exe
  C:\Windows\System\iTmVXlT.exe
  2⤵
  PID:316
- C:\Windows\System\vYgqgrZ.exe
  C:\Windows\System\vYgqgrZ.exe
  2⤵
  PID:8668
- C:\Windows\System\awPVsPj.exe
  C:\Windows\System\awPVsPj.exe
  2⤵
  PID:1656
- C:\Windows\System\UjQkVyq.exe
  C:\Windows\System\UjQkVyq.exe
  2⤵
  PID:9040
- C:\Windows\System\PYQrFKp.exe
  C:\Windows\System\PYQrFKp.exe
  2⤵
  PID:2228
- C:\Windows\System\TcVNmRP.exe
  C:\Windows\System\TcVNmRP.exe
  2⤵
  PID:8992
- C:\Windows\System\fViUgGS.exe
  C:\Windows\System\fViUgGS.exe
  2⤵
  PID:9076
- C:\Windows\System\FQwiUBQ.exe
  C:\Windows\System\FQwiUBQ.exe
  2⤵
  PID:9136
- C:\Windows\System\ZLGkHUp.exe
  C:\Windows\System\ZLGkHUp.exe
  2⤵
  PID:9200
- C:\Windows\System\JgjbZui.exe
  C:\Windows\System\JgjbZui.exe
  2⤵
  PID:9024
- C:\Windows\System\FldCFXN.exe
  C:\Windows\System\FldCFXN.exe
  2⤵
  PID:9060
- C:\Windows\System\QTxXiuo.exe
  C:\Windows\System\QTxXiuo.exe
  2⤵
  PID:9184
- C:\Windows\System\HDmRZKv.exe
  C:\Windows\System\HDmRZKv.exe
  2⤵
  PID:8408
- C:\Windows\System\BKVmaQP.exe
  C:\Windows\System\BKVmaQP.exe
  2⤵
  PID:2900
- C:\Windows\System\mEHZlfw.exe
  C:\Windows\System\mEHZlfw.exe
  2⤵
  PID:8244
- C:\Windows\System\lqcaalE.exe
  C:\Windows\System\lqcaalE.exe
  2⤵
  PID:8420
- C:\Windows\System\CmOLXrW.exe
  C:\Windows\System\CmOLXrW.exe
  2⤵
  PID:8800
- C:\Windows\System\joXrEdB.exe
  C:\Windows\System\joXrEdB.exe
  2⤵
  PID:8664
- C:\Windows\System\TPlLyrf.exe
  C:\Windows\System\TPlLyrf.exe
  2⤵
  PID:8484
- C:\Windows\System\UvSlNWf.exe
  C:\Windows\System\UvSlNWf.exe
  2⤵
  PID:9104
- C:\Windows\System\mjcZnJT.exe
  C:\Windows\System\mjcZnJT.exe
  2⤵
  PID:2648
- C:\Windows\System\uurkMvf.exe
  C:\Windows\System\uurkMvf.exe
  2⤵
  PID:8896
- C:\Windows\System\EQzWHxJ.exe
  C:\Windows\System\EQzWHxJ.exe
  2⤵
  PID:8232
- C:\Windows\System\BqxGtfa.exe
  C:\Windows\System\BqxGtfa.exe
  2⤵
  PID:9156
- C:\Windows\System\asdskmY.exe
  C:\Windows\System\asdskmY.exe
  2⤵
  PID:8996
- C:\Windows\System\UcsathD.exe
  C:\Windows\System\UcsathD.exe
  2⤵
  PID:444
- C:\Windows\System\FCMDhme.exe
  C:\Windows\System\FCMDhme.exe
  2⤵
  PID:8312
- C:\Windows\System\dPyfDft.exe
  C:\Windows\System\dPyfDft.exe
  2⤵
  PID:9232
- C:\Windows\System\nUNjXqu.exe
  C:\Windows\System\nUNjXqu.exe
  2⤵
  PID:9248
- C:\Windows\System\IFMXwwW.exe
  C:\Windows\System\IFMXwwW.exe
  2⤵
  PID:9264
- C:\Windows\System\PjUdtBj.exe
  C:\Windows\System\PjUdtBj.exe
  2⤵
  PID:9280
- C:\Windows\System\YrpFDEV.exe
  C:\Windows\System\YrpFDEV.exe
  2⤵
  PID:9296
- C:\Windows\System\BzIyQHl.exe
  C:\Windows\System\BzIyQHl.exe
  2⤵
  PID:9312
- C:\Windows\System\hQCFici.exe
  C:\Windows\System\hQCFici.exe
  2⤵
  PID:9328
- C:\Windows\System\akyLJLk.exe
  C:\Windows\System\akyLJLk.exe
  2⤵
  PID:9344
- C:\Windows\System\HTJevWa.exe
  C:\Windows\System\HTJevWa.exe
  2⤵
  PID:9360
- C:\Windows\System\ilGiqMd.exe
  C:\Windows\System\ilGiqMd.exe
  2⤵
  PID:9376
- C:\Windows\System\WhGihtu.exe
  C:\Windows\System\WhGihtu.exe
  2⤵
  PID:9392
- C:\Windows\System\YHXWfYk.exe
  C:\Windows\System\YHXWfYk.exe
  2⤵
  PID:9408
- C:\Windows\System\ckQZeCV.exe
  C:\Windows\System\ckQZeCV.exe
  2⤵
  PID:9424
- C:\Windows\System\eRfQLFa.exe
  C:\Windows\System\eRfQLFa.exe
  2⤵
  PID:9440
- C:\Windows\System\BLICLAI.exe
  C:\Windows\System\BLICLAI.exe
  2⤵
  PID:9456
- C:\Windows\System\CspAnVm.exe
  C:\Windows\System\CspAnVm.exe
  2⤵
  PID:9480
- C:\Windows\System\VtcAJJq.exe
  C:\Windows\System\VtcAJJq.exe
  2⤵
  PID:9496
- C:\Windows\System\RgOVPaU.exe
  C:\Windows\System\RgOVPaU.exe
  2⤵
  PID:9512
- C:\Windows\System\VJrzdwr.exe
  C:\Windows\System\VJrzdwr.exe
  2⤵
  PID:9528
- C:\Windows\System\IFyxjMV.exe
  C:\Windows\System\IFyxjMV.exe
  2⤵
  PID:9544
- C:\Windows\System\ANjmNVb.exe
  C:\Windows\System\ANjmNVb.exe
  2⤵
  PID:9564
- C:\Windows\System\BNhkAHD.exe
  C:\Windows\System\BNhkAHD.exe
  2⤵
  PID:9584
- C:\Windows\System\DohUjQY.exe
  C:\Windows\System\DohUjQY.exe
  2⤵
  PID:9600
- C:\Windows\System\deduLwm.exe
  C:\Windows\System\deduLwm.exe
  2⤵
  PID:9616
- C:\Windows\System\UtCCfhG.exe
  C:\Windows\System\UtCCfhG.exe
  2⤵
  PID:9632
- C:\Windows\System\RpUEomE.exe
  C:\Windows\System\RpUEomE.exe
  2⤵
  PID:9648
- C:\Windows\System\AWxQWoc.exe
  C:\Windows\System\AWxQWoc.exe
  2⤵
  PID:9664
- C:\Windows\System\wBgEPcI.exe
  C:\Windows\System\wBgEPcI.exe
  2⤵
  PID:9680
- C:\Windows\System\gqIMjrr.exe
  C:\Windows\System\gqIMjrr.exe
  2⤵
  PID:9700
- C:\Windows\System\IYXqVEt.exe
  C:\Windows\System\IYXqVEt.exe
  2⤵
  PID:9716
- C:\Windows\System\qVlxQPg.exe
  C:\Windows\System\qVlxQPg.exe
  2⤵
  PID:9732
- C:\Windows\System\zIdElGx.exe
  C:\Windows\System\zIdElGx.exe
  2⤵
  PID:9764
- C:\Windows\System\yRygyDd.exe
  C:\Windows\System\yRygyDd.exe
  2⤵
  PID:9840
- C:\Windows\System\HyOyqxF.exe
  C:\Windows\System\HyOyqxF.exe
  2⤵
  PID:9856
- C:\Windows\System\hAkHQlm.exe
  C:\Windows\System\hAkHQlm.exe
  2⤵
  PID:9872
- C:\Windows\System\VmYTDGv.exe
  C:\Windows\System\VmYTDGv.exe
  2⤵
  PID:9888
- C:\Windows\System\QdhvXaa.exe
  C:\Windows\System\QdhvXaa.exe
  2⤵
  PID:9904
- C:\Windows\System\EcVMubq.exe
  C:\Windows\System\EcVMubq.exe
  2⤵
  PID:9920
- C:\Windows\System\rByFOKs.exe
  C:\Windows\System\rByFOKs.exe
  2⤵
  PID:9936
- C:\Windows\System\FoWhfCc.exe
  C:\Windows\System\FoWhfCc.exe
  2⤵
  PID:9952
- C:\Windows\System\PDVBUZv.exe
  C:\Windows\System\PDVBUZv.exe
  2⤵
  PID:9972
- C:\Windows\System\uULdHkP.exe
  C:\Windows\System\uULdHkP.exe
  2⤵
  PID:9996
- C:\Windows\System\dEROWAF.exe
  C:\Windows\System\dEROWAF.exe
  2⤵
  PID:10012
- C:\Windows\System\uSeWlnY.exe
  C:\Windows\System\uSeWlnY.exe
  2⤵
  PID:10028
- C:\Windows\System\OnMZqAi.exe
  C:\Windows\System\OnMZqAi.exe
  2⤵
  PID:10044
- C:\Windows\System\eIkrkxz.exe
  C:\Windows\System\eIkrkxz.exe
  2⤵
  PID:10060
- C:\Windows\System\ajTMswo.exe
  C:\Windows\System\ajTMswo.exe
  2⤵
  PID:10076
- C:\Windows\System\dlNTaBx.exe
  C:\Windows\System\dlNTaBx.exe
  2⤵
  PID:10092
- C:\Windows\System\dGZVaao.exe
  C:\Windows\System\dGZVaao.exe
  2⤵
  PID:10108
- C:\Windows\System\dYtwtCT.exe
  C:\Windows\System\dYtwtCT.exe
  2⤵
  PID:10124
- C:\Windows\System\ZcewoTE.exe
  C:\Windows\System\ZcewoTE.exe
  2⤵
  PID:10140
- C:\Windows\System\mxHVBlb.exe
  C:\Windows\System\mxHVBlb.exe
  2⤵
  PID:10156
- C:\Windows\System\QRvqosR.exe
  C:\Windows\System\QRvqosR.exe
  2⤵
  PID:10180
- C:\Windows\System\ezFBTWs.exe
  C:\Windows\System\ezFBTWs.exe
  2⤵
  PID:10196
- C:\Windows\System\QjsRKeR.exe
  C:\Windows\System\QjsRKeR.exe
  2⤵
  PID:10212
- C:\Windows\System\MaIQQGD.exe
  C:\Windows\System\MaIQQGD.exe
  2⤵
  PID:10228
- C:\Windows\System\hICpWLU.exe
  C:\Windows\System\hICpWLU.exe
  2⤵
  PID:7832
- C:\Windows\System\HiirOiM.exe
  C:\Windows\System\HiirOiM.exe
  2⤵
  PID:9008
- C:\Windows\System\ExStgmv.exe
  C:\Windows\System\ExStgmv.exe
  2⤵
  PID:9340
- C:\Windows\System\jMmOiig.exe
  C:\Windows\System\jMmOiig.exe
  2⤵
  PID:9404
- C:\Windows\System\frqJsSi.exe
  C:\Windows\System\frqJsSi.exe
  2⤵
  PID:9476
- C:\Windows\System\DbgBkhX.exe
  C:\Windows\System\DbgBkhX.exe
  2⤵
  PID:9228
- C:\Windows\System\fRcWICU.exe
  C:\Windows\System\fRcWICU.exe
  2⤵
  PID:9320
- C:\Windows\System\VTcnOWs.exe
  C:\Windows\System\VTcnOWs.exe
  2⤵
  PID:9352
- C:\Windows\System\czyLkkg.exe
  C:\Windows\System\czyLkkg.exe
  2⤵
  PID:9520
- C:\Windows\System\Tswyhih.exe
  C:\Windows\System\Tswyhih.exe
  2⤵
  PID:8548
- C:\Windows\System\pLRedAF.exe
  C:\Windows\System\pLRedAF.exe
  2⤵
  PID:9172
- C:\Windows\System\GmdYXNa.exe
  C:\Windows\System\GmdYXNa.exe
  2⤵
  PID:9152
- C:\Windows\System\DDXoNgb.exe
  C:\Windows\System\DDXoNgb.exe
  2⤵
  PID:9464
- C:\Windows\System\hMFQTfI.exe
  C:\Windows\System\hMFQTfI.exe
  2⤵
  PID:9612
- C:\Windows\System\ETkkIxa.exe
  C:\Windows\System\ETkkIxa.exe
  2⤵
  PID:9384
- C:\Windows\System\Tgrhiep.exe
  C:\Windows\System\Tgrhiep.exe
  2⤵
  PID:9492
- C:\Windows\System\qZojbPR.exe
  C:\Windows\System\qZojbPR.exe
  2⤵
  PID:9012
- C:\Windows\System\DVvGovD.exe
  C:\Windows\System\DVvGovD.exe
  2⤵
  PID:9672
- C:\Windows\System\iBVCull.exe
  C:\Windows\System\iBVCull.exe
  2⤵
  PID:9728
- C:\Windows\System\eNmMDay.exe
  C:\Windows\System\eNmMDay.exe
  2⤵
  PID:9744
- C:\Windows\System\HZiSPyO.exe
  C:\Windows\System\HZiSPyO.exe
  2⤵
  PID:9696
- C:\Windows\System\BcdXzdf.exe
  C:\Windows\System\BcdXzdf.exe
  2⤵
  PID:9776
- C:\Windows\System\ggegIiN.exe
  C:\Windows\System\ggegIiN.exe
  2⤵
  PID:9792
- C:\Windows\System\xhKRewf.exe
  C:\Windows\System\xhKRewf.exe
  2⤵
  PID:9808
- C:\Windows\System\gszaNeG.exe
  C:\Windows\System\gszaNeG.exe
  2⤵
  PID:9824
- C:\Windows\System\fCIjIVM.exe
  C:\Windows\System\fCIjIVM.exe
  2⤵
  PID:9864
- C:\Windows\System\VplxZnq.exe
  C:\Windows\System\VplxZnq.exe
  2⤵
  PID:9928
- C:\Windows\System\sgquBxO.exe
  C:\Windows\System\sgquBxO.exe
  2⤵
  PID:9968
- C:\Windows\System\hhbuAdZ.exe
  C:\Windows\System\hhbuAdZ.exe
  2⤵
  PID:9748
- C:\Windows\System\DInFLoE.exe
  C:\Windows\System\DInFLoE.exe
  2⤵
  PID:9852
- C:\Windows\System\LNWilAZ.exe
  C:\Windows\System\LNWilAZ.exe
  2⤵
  PID:9944
- C:\Windows\System\EASpVXy.exe
  C:\Windows\System\EASpVXy.exe
  2⤵
  PID:10132
- C:\Windows\System\qACbZGJ.exe
  C:\Windows\System\qACbZGJ.exe
  2⤵
  PID:10136
- C:\Windows\System\svpwlTY.exe
  C:\Windows\System\svpwlTY.exe
  2⤵
  PID:10176
- C:\Windows\System\dJHYhIU.exe
  C:\Windows\System\dJHYhIU.exe
  2⤵
  PID:1912
- C:\Windows\System\qiluOGj.exe
  C:\Windows\System\qiluOGj.exe
  2⤵
  PID:10056
- C:\Windows\System\MKvRgaq.exe
  C:\Windows\System\MKvRgaq.exe
  2⤵
  PID:10220
- C:\Windows\System\qeTRyui.exe
  C:\Windows\System\qeTRyui.exe
  2⤵
  PID:9988
- C:\Windows\System\fZoTWco.exe
  C:\Windows\System\fZoTWco.exe
  2⤵
  PID:10120
- C:\Windows\System\vftAWPQ.exe
  C:\Windows\System\vftAWPQ.exe
  2⤵
  PID:10088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMMyIyW.exe

Filesize
6.0MB

MD5
fbb0ad48a87b5e855162fd9621629dd9

SHA1
d73d1568ea8d658f04b22de67b05cf923df73b72

SHA256
787d9b1ca386699b4a888c824ba29058f5563c89077c7044d314e03cb3be31ef

SHA512
dfc982dfd67bb05872719912e9b417f51b5d9ac19f20b69cc765391ab5ba0b84912c1c69c9bfb3072612b8736d965b30985d3757d32e5b26ffb297d7262eb504

Download Submit
C:\Windows\system\AensnVM.exe

Filesize
6.0MB

MD5
ef67e26735b73b8846ccb8c427dd59e7

SHA1
797f5eb0d97a247482fe637dbd211cced241ca5d

SHA256
8235597f4422b68a63e9aba4ae62eb77d3767945fe9600313f59ec618653d023

SHA512
0c6b3a1758734055733ff6cc23863507aef5ab9e27a37b222cfc90a0f274491b843e18346f0c173472a5d911358ecf7d838ad89fb2c099ce84ef97e6c7643680

Download Submit
C:\Windows\system\DFyJEqy.exe

Filesize
6.0MB

MD5
3b8d713e4e5a0cd398bf3416bf05db2f

SHA1
b1c4308b4e44d43a84eeb95c4f42b55bc8c66f97

SHA256
ea7203108c385e846b851a33e0aef56fdb4a8a81bf8b1b4e154f8720198de8e4

SHA512
05e1d6a1598525c359c9f23f343f22d701541659f49a8369c21fbf4e9810f6749162bb7e3904132814ec35b5586c0ac41e5896d6d62a0132eb2e8c84577930ce

Download Submit
C:\Windows\system\FtUjpyo.exe

Filesize
6.0MB

MD5
32f0c4511e6f418c28ce41523622a622

SHA1
7a49f782d3ca77d3ef39e17c4dc61a0681bbe989

SHA256
1619d33526fd3e0c5d1e4a400344344c3fbacc4dd3230b28fe527db9ca4c3d9e

SHA512
63a011267ade56cc9522244103d88bd53d36b7aaa5e1b963b99ff2d4b004d1e617a63810a04809a2ea79eb951cb1b08e624b9a71851fe5c8a17dc1c71c3b6c72

Download Submit
C:\Windows\system\GxhkefY.exe

Filesize
6.0MB

MD5
f4540f0bc564db7cad5dc6fdd74e0434

SHA1
78bae21c13a62a5a5541702779772564d5ccd1de

SHA256
9d58d0456000c8937d71b3cd0a0a0c8b7857b81ebce52731a50c26673f1b9de9

SHA512
29c759c8497983291dd9fe302fd36c92b0ce7466290ec4f13158503afb8bf3202b18eddadfa2551597d5c655bdb0df191d7c3372235489d8a71e3b43833acada

Download Submit
C:\Windows\system\HoIzgDe.exe

Filesize
6.0MB

MD5
92f778333bdf429116f3dd2d51a677c1

SHA1
7fe9a97bcb56ae5cd57804987ecf6f92cbff70b6

SHA256
e4c73461a28758bc2d234098ff3a33c107d0b85149fd9af0add54eaa3f1334af

SHA512
bcec3fab41e56cc938ba626249b9979b8d862300984566738a333d4e417fde33a27f0f6dba3263d58b6407c3d0117947947f6b5b50a29c5a929c0435fa15a99b

Download Submit
C:\Windows\system\INKESvV.exe

Filesize
6.0MB

MD5
8edf21f7ad919fe4a601623db6d756bc

SHA1
ccef60ec7b26722135311593a09c978f62afca7b

SHA256
a3cf601d79d6dadb02301d4e1a2e7f13621431628fbd1a19731237c12608e67c

SHA512
1b844dbd62e93fb418b36e7dd07e55a5d911391ef1812a198eee2dfebffff47c260e3ceef399583d101d96af7b5768e85ae3b1e7da26a077398d039c20992c49

Download Submit
C:\Windows\system\KXLohFq.exe

Filesize
6.0MB

MD5
3f483ad1032485fa9b52ae1f3b24c948

SHA1
caa4664e794816e6475773251440b9d355e7cbaf

SHA256
a6508931bc60d6af996dc554c780c706a124f9f63196a19a0609f90015391f69

SHA512
1c9f32f17d2085349b9f7c9f63ccc123967641f40e42387b2c57749fabfc4b9c0206e08760d0c09490ec0d8f39cecd1dfec7fe1178630d49763e3c56bde1244b

Download Submit
C:\Windows\system\MJEJtLQ.exe

Filesize
6.0MB

MD5
bdb93acff7e8d25f1fd201a7251cc3e4

SHA1
1d7fe15ccb118e095b050744fad8ffb6e52640cc

SHA256
f913bdb5d25952d81597510d7278e6787d21c7c3ac6840fe3cc77f8bca8f6fd6

SHA512
ed7fd795f69df482699b3bb096cb0a68f66e124938ca2ea9e5d11a915f67876df91e5d8a6387c2c541271a30375846915d1d78143bcee72550684d7e0b9d04d8

Download Submit
C:\Windows\system\Mdiwocs.exe

Filesize
6.0MB

MD5
719a0a90b792054149a95c3be6a087b1

SHA1
940fcba8608fc9457ded4a137e71631619dd0e50

SHA256
493d6bc171badddce2db675704861e9e63f962197769db5c5d87fad51b2ad8ed

SHA512
541e95839a4847d840f615290751fd5a661d91f01341412b79329ef75d74d7e41d2d089b716f44e18f8c210d3eaa15865b8b0f63d4c7db64d52a5e659024dde1

Download Submit
C:\Windows\system\MhkxSth.exe

Filesize
6.0MB

MD5
3ad486a9625d42cd5ba8c2f115614e2f

SHA1
61d55cd3f639f87cb8afa50fae1a9596e2728d21

SHA256
dc507a480c2a0bd3b8d6b8e0e748f8c866be589b82dc762a2bae6fd307ef6607

SHA512
01b695de1068220614af3f0930032d6bdd4aab980a494f5851e62285183af3beacadd464d1bd6cc40a887cd3b5805aa776fd538a33a9040bc53d4eb9f6817ea8

Download Submit
C:\Windows\system\NWcWeas.exe

Filesize
6.0MB

MD5
753d009960d6e20a5574112734a081d6

SHA1
675f77260bd3952701cb162e660f446dd65cd717

SHA256
a60d8969d1b9d36ddf74d9fa0f9668460d3e23fee6b4c015595c3b8d2023b126

SHA512
45b5acc54b28d11f7706523fa20f05a0cf878ddd7ed8169a6aafc713130b02fea7577b8849f09307fa6b45c7a8b7077f9f47a51614331bc581bef739b06ac703

Download Submit
C:\Windows\system\ObiSZaN.exe

Filesize
6.0MB

MD5
2a0fcce190652de193b15d769ac25a0f

SHA1
0a2cf7cc4153bcbf970f1c5deadf8d4e83240960

SHA256
825eaa01b53354ef4fb121550f26e15533997377b35d7d90c989fe1a0e02439b

SHA512
fb17c05325afacc3089df7480442043b6a1dff667ca1e6b16ccfa0b1babcd6a2760a315fb6759963372853253991c564247307a69af7d976b5e79357e1065a48

Download Submit
C:\Windows\system\PYQjqWF.exe

Filesize
6.0MB

MD5
456a9535bf387e1d15fb4d2771e7a711

SHA1
df14d42089c45f12fc9ae5b8a7f2d3d4794f50e0

SHA256
766d8be89c43db2310fa21d5aadbcef300a9b3bbed5543be593946b3795f1c8b

SHA512
b541102785667feae4c256133de98d743eac7dc33a993fe7f44ad011dd0a5c1d1ad0857bc4b834bb7855c9234827aabd38bc25d32ee9f0cd2cb65503f822c8f3

Download Submit
C:\Windows\system\RNTPruB.exe

Filesize
6.0MB

MD5
cdb0c633e6c3e774272d2c3757c85ab2

SHA1
663761fa2aeff70f1af949b50af85cb0d1690565

SHA256
fed4a7c831ecd54c41673759fdb97b8ce53ac09c984cedbff2b9d87318ab0dfd

SHA512
23e8cc3c13234dd138e13287de6550475b965121a3773126d2b2393ae02c2a28e3d2bc8122cfc9e4fb97be29b9bcf58168408429892d205ebdad7b72758ad480

Download Submit
C:\Windows\system\UCDKVey.exe

Filesize
6.0MB

MD5
33aac0eb816c1508616b6fb400eceb7a

SHA1
6514983ec87cccf6bcf7eb8e8dcf18682c7cfde7

SHA256
61be1cffde154346ac4b559b638a12f4db706b6b1109ee767b458919da650746

SHA512
2fdbc5757de50763ef7822e7782b8b9a68ed9d7562296c75efbecd034b3c5ee2f864c51a19c45f301d64af682c518c85ebbcaa75adb2bd6e5473e7b4623c39b7

Download Submit
C:\Windows\system\biMlBYz.exe

Filesize
6.0MB

MD5
28dc357172146154e5942d7b2661af8b

SHA1
ed70272e75cf597333d1bce67b7ebab4b2f05503

SHA256
ad96c3fe06c0f56d061419e1821c6d575e158307c211ecd0fa471c8b799e0baf

SHA512
f306db7430ed7a2556db5c2e61db1b70e71dfa75fbb3d45242f2bd98d364c5f4e3507a46f8bb6a422f0c7e324e2c35d556b694696b48a8ad447542d6f39c3289

Download Submit
C:\Windows\system\cBLBjBc.exe

Filesize
6.0MB

MD5
3f789e5d6944e82588c87f6840b49cf8

SHA1
9e0fc23ed46d05d67f707466b5a369c0d4dfb93b

SHA256
56f4e7597d89589c28a81595d264802b52398d18baedde50b922724453383d04

SHA512
8941d9b1b3a9a9e8b17adedf4e3afb4fab362f891f36eaa1c6a7782e73f0e35036d36d6f0f6ef93d492b26408f750f8f47f2da07994e8417f68fab6ad1769c4c

Download Submit
C:\Windows\system\cZkwzCr.exe

Filesize
6.0MB

MD5
26c5452041d55593ed42988caac6cb7e

SHA1
7a1e982bf2d7c9c84ccfa860627dd813ab3c05d6

SHA256
359d133ae2d6c364760b3e1853ceb00905718114a3a67f50ec49e2dc27faa6f4

SHA512
ce986edac338477f9444ca744074d67a80d7e234616e63ae441b66324f92c9feda965e5aee9212c39a4404fd77f29ab7d152d206c19aad7e5f135c000ed537ac

Download Submit
C:\Windows\system\hTziDol.exe

Filesize
6.0MB

MD5
01340c9f221c055e26714b4502c22829

SHA1
47ae9ed7a7864df89c7fa9318735b271217400f7

SHA256
56be2bba909eaaba60b605c9ae4ae09d5e21fd59aae0a5bbba5a7deb3d7f05d0

SHA512
1c374785e9cd731128545560c5e0a360a221c983637442ebb4006a027ca20df773e77cc2a609e9b1ba9beecf684e356e78c5fb51f7c97633169aef5549644a43

Download Submit
C:\Windows\system\hUdTADT.exe

Filesize
6.0MB

MD5
21e3b9c472bf37f532f8e17d3e095016

SHA1
dca64a3a3bed419d4ab49e20a8ee4b4f4d18ca75

SHA256
f64cd4dbc81e89e4ba80956f04fb93f61018e07fb4937493b1ba022f627f68b4

SHA512
a6a7d06fcc450fa9bf4fc0627dfca3a1ac22207c9144f225e61b5810b2923a9d48bdc86b0923d6b9c0f2791c4d075f0aae979ed721400931c4138858e4a30ce5

Download Submit
C:\Windows\system\hZmWCAa.exe

Filesize
6.0MB

MD5
2e20071d1fb1be4ed0a5fcf5f47aba1d

SHA1
4615ecdcb5eda7e398b97bb0dac5a4c51e2af6cf

SHA256
54ae0884d9e2e57afd14b0ae3d6fcb1e44a82c6617de7cace23435a27024ab97

SHA512
fc2dea4d3b5d16df9efa80cc30139b362c64dc5dc4a8b4399282c0f8ce14a398b59ea96dc17c5a260d0288da13d5487aa2047c1ed75f34c5046d1f6d5b6164f5

Download Submit
C:\Windows\system\lyBBTLh.exe

Filesize
6.0MB

MD5
e72df6eccfa7a350bc8ba94cf60fa785

SHA1
f28d4c2198ca9971dd8cea022e5b2b41a8a25bf8

SHA256
f9fee366bf740f17876f73eb6bb5e573b52a2e274252197e2c4ad1d85b9ccade

SHA512
9c90b608a10e41d7423574656f25dc158b9a5e8a6daedf96caf4af53eb6cb4c7649b99aa582ea0289f89255ee90e6ae8210544e368e3f73f11f85cb438528cfb

Download Submit
C:\Windows\system\meDbmKQ.exe

Filesize
6.0MB

MD5
5aceb1f8541f396918de693f5a700889

SHA1
b816ae5c7ab2d5c9ae4cd0151ed70d932c24c792

SHA256
ce3e103b13df0da15a9d21624484f75b7ac54e353df96d3cba9ea3e376d16a27

SHA512
adf65b712807631cc90f3b152725f1bcdd177c37d9ec733e9a1f1ca78c3f15a984424f566356e468d13394b4fc246d31a309edc5c317a41bd974a9e8f9d81d3d

Download Submit
C:\Windows\system\rCQRtuQ.exe

Filesize
6.0MB

MD5
434ed15d29c933893b19e1f64c44b47e

SHA1
cad8c26dcc6b94996a707674d3b5404424d0b4e6

SHA256
9bb71eb75bf8f1c51175e9b8b812a9b7ecf7fe505e5d95c585efc633133629bf

SHA512
7bda9644b9ec0f91c2c1114ba56f113b555a3df9002caf80a57351ae02f44319f83bf65d14d7a01da51858638dc3fe6fab6659f5adc6b9d52874774531725bb7

Download Submit
C:\Windows\system\tcNhHIm.exe

Filesize
6.0MB

MD5
daaa561868dcd519db5bb4913a9936db

SHA1
a60f27a516f51bca35a4bc0af8f962a087f0839b

SHA256
78223dd6f384bfed79d3d2be9d4ae782efc80f4c916850ac28afb95a903f04ba

SHA512
9db2c13795bd3b1926640185229b5c5d8a99f4887b10dd787ad08a2b356042ca77cffb9688904e29645bd866cd3a2a4c7d2754107e2b46723808bb5f06512292

Download Submit
C:\Windows\system\tjPGTID.exe

Filesize
6.0MB

MD5
ef78a4eb493a0fcf92e845f04ccb03a5

SHA1
0fb0c9f80df43043b0fb2a3222b2a218bbb5465f

SHA256
1da75f5051b2616ac766ab834c442200282a2cb48a4f63fbe0b149331b645517

SHA512
70a727d8c12d14a606554b2be848ae8faba861602400f130b4fc22b60fd95ce60fca5c57a31a2c76ef50ee88ee3a2fcba357f77fa0533d96506b1f0c484acf9c

Download Submit
C:\Windows\system\vjuIjQb.exe

Filesize
6.0MB

MD5
0eb7131ba6c68446688456ad4b2079c8

SHA1
6daf78efad94ed23bc77f113f4ad28b0f6092f63

SHA256
6ba766956904e4f78ef3b75511492363ce17596ccfb5525979dc734c0778b17c

SHA512
faca1b58eed30ee44b3da07cc5d7141f3d1298a96a3ff63e8cd27ba94131db6309a70b419db3a1dfa29fe0942e4857a5fdf0c69bff7862e1fc87b296e59307af

Download Submit
\Windows\system\OJyWFtj.exe

Filesize
6.0MB

MD5
0b74b6e6634805d36a45d39ae2c8f1ee

SHA1
c0a950242929628e07a222198c2562efaa1f7c6b

SHA256
dfd14d23e85201abd75fd10052eaa14376a0f3878761118f86d53353a5179480

SHA512
f9dc6465bee76d885f5dc7ea7b0a2334f14ffedd9a26bf963d10c7dd3db2018ce0670cc22c121d6f29a89b6aae82ce236c35625229cb2b69f0dcab6505afd797

Download Submit
\Windows\system\VxNnTCv.exe

Filesize
6.0MB

MD5
f7d9a02b6b67a17c959c3b7275c36dba

SHA1
4afd4cfb14dd7382eceaaeb132f4ac2bf8f97e7c

SHA256
c92d8cb93a81d9a2d77ee80ed761eddbd47cf90ad093ed4daaada6e4d802505e

SHA512
1c9eb87f6868ea0242a83f147e851aaea7a8883ce777177bc1b8d2d156314421b1d155df1156981151dedabaf155793ad1678716a86b89329dc2cef12733192e

Download Submit
\Windows\system\ZnAAtii.exe

Filesize
6.0MB

MD5
5fd40d4a0ef4236e7f2b4213c9d8b857

SHA1
104b6840d219846c205fd4c3a00ce046e5107692

SHA256
ddbe360fd7897176afba7cd0d556ba68d3d659db0983e597686f6bf91a764b1e

SHA512
93aef3ab8974087b87c096ed8003e967ad99ee872fc2c799b35433ab710d4bad04430e1b4fe4585a1b528e09360c8611951152ee03b23bf98a9df6e68d290802

Download Submit
\Windows\system\jdPTeKh.exe

Filesize
6.0MB

MD5
d4529d93c5235acece096c2715550aae

SHA1
db471b2197aaeb8d6110707bafa0e73ab52bcecd

SHA256
cf3a3976ccce4b4b1889e2d6046e9c476b165a89062bbd3a0d3ce75c5342f644

SHA512
bc87721999ea421fb05967f014501a84c00f32232ee25e77f2921d7ca6f912c4d517b2717b074022c2ffa962f2fce94bfa4f72a5276139cf52e2a2a9716ad714

Download Submit
memory/792-4580-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/792-90-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1232-101-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1232-4583-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1552-633-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-71-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-395-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-102-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1552-543-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-0-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1552-99-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-913-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-81-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1552-26-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-87-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1552-86-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-23-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1552-34-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1552-25-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-69-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1552-178-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-56-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-48-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-39-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-62-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1552-55-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1968-70-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1968-35-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1968-4579-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2092-57-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4057-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2292-63-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-4581-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-49-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3964-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3926-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-79-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-40-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3930-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-22-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4578-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2740-72-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2764-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3915-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3928-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2780-24-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2920-85-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4582-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2952-91-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4584-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2972-64-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2972-28-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download