cobaltstrike | a6360219ada9ab453d3c5fad3809cfcebca39ad2fb02d6ef5ffc67af0977a0a7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9049a7a455f0041b772b4f58fca5c82e
SHA1

0dcb37e3ecbc0ed5675afcca4b50ed50754bf613
SHA256

a6360219ada9ab453d3c5fad3809cfcebca39ad2fb02d6ef5ffc67af0977a0a7
SHA512

626eb81e7d66a0857216499a5af87bb609f8dd6254d482bf43e92d0246aeb8a6515c98d5fe3e093ce1c7ad719b7ed7daa3bdc8bb735169d94fa87472a3ba923f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013b4c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739c-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173e4-10.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017409-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-33.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc8-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-76.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000e000000013b4c-3.dat	xmrig
behavioral1/files/0x000800000001739c-8.dat	xmrig
behavioral1/memory/2480-15-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/1984-6-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00070000000173e4-10.dat	xmrig
behavioral1/memory/2504-20-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2684-26-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2708-35-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000017409-39.dat	xmrig
behavioral1/memory/1996-40-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2360-41-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1984-34-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-33.dat	xmrig
behavioral1/memory/1984-30-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/files/0x00070000000173fb-25.dat	xmrig
behavioral1/files/0x0009000000016dc8-45.dat	xmrig
behavioral1/files/0x000800000001747b-62.dat	xmrig
behavioral1/files/0x0005000000019277-89.dat	xmrig
behavioral1/memory/2968-93-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2816-87-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019389-86.dat	xmrig
behavioral1/files/0x0005000000019234-54.dat	xmrig
behavioral1/memory/2736-82-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-118.dat	xmrig
behavioral1/files/0x00050000000193cc-128.dat	xmrig
behavioral1/files/0x0005000000019401-144.dat	xmrig
behavioral1/files/0x000500000001961d-189.dat	xmrig
behavioral1/memory/712-1080-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1092-785-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2816-784-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1984-782-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2360-514-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2708-307-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-193.dat	xmrig
behavioral1/files/0x000500000001961b-183.dat	xmrig
behavioral1/files/0x00050000000195e4-178.dat	xmrig
behavioral1/files/0x0005000000019539-173.dat	xmrig
behavioral1/files/0x00050000000194d8-168.dat	xmrig
behavioral1/files/0x000500000001947e-163.dat	xmrig
behavioral1/files/0x0005000000019441-158.dat	xmrig
behavioral1/files/0x000500000001942f-153.dat	xmrig
behavioral1/files/0x0005000000019403-148.dat	xmrig
behavioral1/files/0x00050000000193df-138.dat	xmrig
behavioral1/files/0x00050000000193d9-133.dat	xmrig
behavioral1/files/0x00050000000193c4-123.dat	xmrig
behavioral1/files/0x0005000000019382-114.dat	xmrig
behavioral1/files/0x0005000000019273-112.dat	xmrig
behavioral1/files/0x000500000001926b-111.dat	xmrig
behavioral1/memory/2684-107-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/712-106-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1984-98-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/1092-95-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1984-78-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-77.dat	xmrig
behavioral1/files/0x000500000001924c-76.dat	xmrig
behavioral1/memory/2356-71-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2504-63-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1996-3674-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2480-3676-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2684-3726-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2504-3741-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2816-3975-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2360-3957-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1996	JuBIuRN.exe
2480	suFrkJq.exe
2504	RpznpOK.exe
2684	XahBdRM.exe
2708	QAhjyQx.exe
2360	lttDGHi.exe
2356	YRLJjgc.exe
2736	jLYeKqs.exe
2816	ALbhEST.exe
2968	lKmzBnR.exe
1092	twNgayj.exe
712	cPTYzLc.exe
2728	QNwESMc.exe
2600	kemrbdm.exe
2248	XpOzabi.exe
1784	ECFZZee.exe
1188	NJgsTAF.exe
992	jcJRRfx.exe
1724	XnrWFrG.exe
2624	bKbwxBs.exe
1128	vJnWpcH.exe
628	sOmnRah.exe
2732	OyXUSCo.exe
2160	RBZPeJI.exe
2072	nOQkuZe.exe
2100	OrtReGo.exe
1988	muRpSaX.exe
448	UPcmNND.exe
1952	kZSlUbP.exe
2428	XzoRxtq.exe
1324	OtsxVJD.exe
1648	yDHQTBw.exe
2008	QyvyUWn.exe
1700	RYiiopP.exe
896	oWHwmvX.exe
1752	wffgLfk.exe
1768	XwCBILX.exe
1848	pAZbbFg.exe
1764	TfwxpMg.exe
2540	WijhIxR.exe
2416	ynzpQOF.exe
2272	VyAbJAC.exe
1972	arLkTEG.exe
2268	kZJfipt.exe
684	GPgjRki.exe
2420	FRXLOgL.exe
1776	klkeKac.exe
2408	MDPxOgc.exe
2652	cAoWOKQ.exe
884	YXQaAFQ.exe
2104	daSwaIy.exe
2948	fIQAJJb.exe
1812	pGvyAoU.exe
1584	MFMDsdx.exe
2532	XIvcjoc.exe
2880	GEhWPeW.exe
2908	znkkaDV.exe
2844	piEgsVN.exe
1940	uOIIzZl.exe
2664	LAQwLCe.exe
2756	EIlsKud.exe
2788	kguNZhv.exe
2552	gwkiKNH.exe
1480	AKmnXAH.exe

Loads dropped DLL 64 IoCs

pid	Process
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000e000000013b4c-3.dat	upx
behavioral1/files/0x000800000001739c-8.dat	upx
behavioral1/memory/2480-15-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1984-6-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00070000000173e4-10.dat	upx
behavioral1/memory/2504-20-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2684-26-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2708-35-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0009000000017409-39.dat	upx
behavioral1/memory/1996-40-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2360-41-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1984-34-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0007000000017403-33.dat	upx
behavioral1/files/0x00070000000173fb-25.dat	upx
behavioral1/files/0x0009000000016dc8-45.dat	upx
behavioral1/files/0x000800000001747b-62.dat	upx
behavioral1/files/0x0005000000019277-89.dat	upx
behavioral1/memory/2968-93-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2816-87-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0005000000019389-86.dat	upx
behavioral1/files/0x0005000000019234-54.dat	upx
behavioral1/memory/2736-82-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x00050000000193be-118.dat	upx
behavioral1/files/0x00050000000193cc-128.dat	upx
behavioral1/files/0x0005000000019401-144.dat	upx
behavioral1/files/0x000500000001961d-189.dat	upx
behavioral1/memory/712-1080-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1092-785-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2816-784-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2360-514-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2708-307-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001961f-193.dat	upx
behavioral1/files/0x000500000001961b-183.dat	upx
behavioral1/files/0x00050000000195e4-178.dat	upx
behavioral1/files/0x0005000000019539-173.dat	upx
behavioral1/files/0x00050000000194d8-168.dat	upx
behavioral1/files/0x000500000001947e-163.dat	upx
behavioral1/files/0x0005000000019441-158.dat	upx
behavioral1/files/0x000500000001942f-153.dat	upx
behavioral1/files/0x0005000000019403-148.dat	upx
behavioral1/files/0x00050000000193df-138.dat	upx
behavioral1/files/0x00050000000193d9-133.dat	upx
behavioral1/files/0x00050000000193c4-123.dat	upx
behavioral1/files/0x0005000000019382-114.dat	upx
behavioral1/files/0x0005000000019273-112.dat	upx
behavioral1/files/0x000500000001926b-111.dat	upx
behavioral1/memory/2684-107-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/712-106-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1092-95-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0005000000019271-77.dat	upx
behavioral1/files/0x000500000001924c-76.dat	upx
behavioral1/memory/2356-71-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2504-63-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1996-3674-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2480-3676-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2684-3726-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2504-3741-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2816-3975-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2360-3957-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2736-3969-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2968-3981-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/712-3992-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2708-3991-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DsgYxCj.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnCOBMI.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iebrVTU.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owiPjYS.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPIMBMs.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPKqTLV.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfVmLVn.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cudIewt.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEWuSgb.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJXjTYl.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aseMFEI.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoKWfgI.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeIRfhu.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SppBZFK.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnZxFIs.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uifqVDq.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AoYeLzN.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjzZcut.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpOzabi.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyGbcEu.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfySoWX.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEYYceC.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMMTphZ.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yydYlvh.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bALrkzC.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZpjsDg.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgRnQll.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnrWFrG.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRmSFpw.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNsfjDR.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWUFBqD.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnfeoiy.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hslswdr.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJkvNZP.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvfCkFy.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZnmpdG.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaMYtBa.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkzaxnq.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNQGtbP.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBwLBHD.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRvoBwk.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOtYoZx.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiUxlQV.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgWfgox.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keyHRUl.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKJnXFx.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GasBwQJ.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwuVJwq.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPTYzLc.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqynSXm.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpOAeJQ.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBZpfND.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwPLiau.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVSwmAO.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bScmFOH.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDvdfEz.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPIMWFL.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYZnBfu.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuBKfHa.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLifhxe.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnvIZor.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtkOjjg.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfRbHwb.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACAnPZd.exe	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1996	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 1996	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 1996	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1984 wrote to memory of 2480	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2480	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2480	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1984 wrote to memory of 2504	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2504	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2504	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1984 wrote to memory of 2684	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2684	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2684	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1984 wrote to memory of 2708	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2708	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2708	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1984 wrote to memory of 2360	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2360	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2360	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1984 wrote to memory of 2356	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2356	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2356	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1984 wrote to memory of 2736	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2736	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2736	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1984 wrote to memory of 2728	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2728	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2728	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1984 wrote to memory of 2816	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2816	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2816	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1984 wrote to memory of 2600	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2600	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2600	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1984 wrote to memory of 2968	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2968	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2968	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1984 wrote to memory of 2248	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 2248	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 2248	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1984 wrote to memory of 1092	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 1092	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 1092	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1984 wrote to memory of 1784	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 1784	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 1784	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1984 wrote to memory of 712	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 712	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 712	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1984 wrote to memory of 1188	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 1188	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 1188	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1984 wrote to memory of 992	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 992	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 992	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1984 wrote to memory of 1724	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 1724	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 1724	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1984 wrote to memory of 2624	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2624	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 2624	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1984 wrote to memory of 1128	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1984 wrote to memory of 1128	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1984 wrote to memory of 1128	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1984 wrote to memory of 628	1984	2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_9049a7a455f0041b772b4f58fca5c82e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\System\JuBIuRN.exe
  C:\Windows\System\JuBIuRN.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\suFrkJq.exe
  C:\Windows\System\suFrkJq.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\RpznpOK.exe
  C:\Windows\System\RpznpOK.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\XahBdRM.exe
  C:\Windows\System\XahBdRM.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\QAhjyQx.exe
  C:\Windows\System\QAhjyQx.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\lttDGHi.exe
  C:\Windows\System\lttDGHi.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\YRLJjgc.exe
  C:\Windows\System\YRLJjgc.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\jLYeKqs.exe
  C:\Windows\System\jLYeKqs.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\QNwESMc.exe
  C:\Windows\System\QNwESMc.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\ALbhEST.exe
  C:\Windows\System\ALbhEST.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\kemrbdm.exe
  C:\Windows\System\kemrbdm.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\lKmzBnR.exe
  C:\Windows\System\lKmzBnR.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\XpOzabi.exe
  C:\Windows\System\XpOzabi.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\twNgayj.exe
  C:\Windows\System\twNgayj.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\ECFZZee.exe
  C:\Windows\System\ECFZZee.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\cPTYzLc.exe
  C:\Windows\System\cPTYzLc.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\NJgsTAF.exe
  C:\Windows\System\NJgsTAF.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\jcJRRfx.exe
  C:\Windows\System\jcJRRfx.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\XnrWFrG.exe
  C:\Windows\System\XnrWFrG.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bKbwxBs.exe
  C:\Windows\System\bKbwxBs.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\vJnWpcH.exe
  C:\Windows\System\vJnWpcH.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\sOmnRah.exe
  C:\Windows\System\sOmnRah.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\OyXUSCo.exe
  C:\Windows\System\OyXUSCo.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\RBZPeJI.exe
  C:\Windows\System\RBZPeJI.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\nOQkuZe.exe
  C:\Windows\System\nOQkuZe.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\OrtReGo.exe
  C:\Windows\System\OrtReGo.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\muRpSaX.exe
  C:\Windows\System\muRpSaX.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\UPcmNND.exe
  C:\Windows\System\UPcmNND.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\kZSlUbP.exe
  C:\Windows\System\kZSlUbP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\XzoRxtq.exe
  C:\Windows\System\XzoRxtq.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\OtsxVJD.exe
  C:\Windows\System\OtsxVJD.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\yDHQTBw.exe
  C:\Windows\System\yDHQTBw.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\QyvyUWn.exe
  C:\Windows\System\QyvyUWn.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\RYiiopP.exe
  C:\Windows\System\RYiiopP.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\oWHwmvX.exe
  C:\Windows\System\oWHwmvX.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\wffgLfk.exe
  C:\Windows\System\wffgLfk.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\XwCBILX.exe
  C:\Windows\System\XwCBILX.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\pAZbbFg.exe
  C:\Windows\System\pAZbbFg.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\TfwxpMg.exe
  C:\Windows\System\TfwxpMg.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WijhIxR.exe
  C:\Windows\System\WijhIxR.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ynzpQOF.exe
  C:\Windows\System\ynzpQOF.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\VyAbJAC.exe
  C:\Windows\System\VyAbJAC.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\arLkTEG.exe
  C:\Windows\System\arLkTEG.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\kZJfipt.exe
  C:\Windows\System\kZJfipt.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\GPgjRki.exe
  C:\Windows\System\GPgjRki.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\FRXLOgL.exe
  C:\Windows\System\FRXLOgL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\klkeKac.exe
  C:\Windows\System\klkeKac.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\MDPxOgc.exe
  C:\Windows\System\MDPxOgc.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\cAoWOKQ.exe
  C:\Windows\System\cAoWOKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\YXQaAFQ.exe
  C:\Windows\System\YXQaAFQ.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\daSwaIy.exe
  C:\Windows\System\daSwaIy.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\fIQAJJb.exe
  C:\Windows\System\fIQAJJb.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\pGvyAoU.exe
  C:\Windows\System\pGvyAoU.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\MFMDsdx.exe
  C:\Windows\System\MFMDsdx.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\XIvcjoc.exe
  C:\Windows\System\XIvcjoc.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\GEhWPeW.exe
  C:\Windows\System\GEhWPeW.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\znkkaDV.exe
  C:\Windows\System\znkkaDV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\piEgsVN.exe
  C:\Windows\System\piEgsVN.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uOIIzZl.exe
  C:\Windows\System\uOIIzZl.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\LAQwLCe.exe
  C:\Windows\System\LAQwLCe.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\EIlsKud.exe
  C:\Windows\System\EIlsKud.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kguNZhv.exe
  C:\Windows\System\kguNZhv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\gwkiKNH.exe
  C:\Windows\System\gwkiKNH.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\AKmnXAH.exe
  C:\Windows\System\AKmnXAH.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\KhJcsGw.exe
  C:\Windows\System\KhJcsGw.exe
  2⤵
  PID:2544
- C:\Windows\System\MZgHcPc.exe
  C:\Windows\System\MZgHcPc.exe
  2⤵
  PID:2580
- C:\Windows\System\PyotneJ.exe
  C:\Windows\System\PyotneJ.exe
  2⤵
  PID:2612
- C:\Windows\System\OBywVst.exe
  C:\Windows\System\OBywVst.exe
  2⤵
  PID:2984
- C:\Windows\System\NluAVBo.exe
  C:\Windows\System\NluAVBo.exe
  2⤵
  PID:1856
- C:\Windows\System\MbmEoiv.exe
  C:\Windows\System\MbmEoiv.exe
  2⤵
  PID:1516
- C:\Windows\System\YMMksSP.exe
  C:\Windows\System\YMMksSP.exe
  2⤵
  PID:1740
- C:\Windows\System\zVsGAgo.exe
  C:\Windows\System\zVsGAgo.exe
  2⤵
  PID:1756
- C:\Windows\System\jSywXhc.exe
  C:\Windows\System\jSywXhc.exe
  2⤵
  PID:2856
- C:\Windows\System\rSrgwEH.exe
  C:\Windows\System\rSrgwEH.exe
  2⤵
  PID:2212
- C:\Windows\System\Pqqnemp.exe
  C:\Windows\System\Pqqnemp.exe
  2⤵
  PID:2132
- C:\Windows\System\KHHKWhk.exe
  C:\Windows\System\KHHKWhk.exe
  2⤵
  PID:328
- C:\Windows\System\ftJmXrL.exe
  C:\Windows\System\ftJmXrL.exe
  2⤵
  PID:2596
- C:\Windows\System\EbiYHrN.exe
  C:\Windows\System\EbiYHrN.exe
  2⤵
  PID:952
- C:\Windows\System\HukSjRE.exe
  C:\Windows\System\HukSjRE.exe
  2⤵
  PID:1720
- C:\Windows\System\vuApVfK.exe
  C:\Windows\System\vuApVfK.exe
  2⤵
  PID:2368
- C:\Windows\System\TaxWWtV.exe
  C:\Windows\System\TaxWWtV.exe
  2⤵
  PID:1344
- C:\Windows\System\jHpUROx.exe
  C:\Windows\System\jHpUROx.exe
  2⤵
  PID:1080
- C:\Windows\System\kxzGVsW.exe
  C:\Windows\System\kxzGVsW.exe
  2⤵
  PID:2232
- C:\Windows\System\DkXbbCw.exe
  C:\Windows\System\DkXbbCw.exe
  2⤵
  PID:984
- C:\Windows\System\XqwqIij.exe
  C:\Windows\System\XqwqIij.exe
  2⤵
  PID:2252
- C:\Windows\System\fVAZAQn.exe
  C:\Windows\System\fVAZAQn.exe
  2⤵
  PID:2396
- C:\Windows\System\zTZGssp.exe
  C:\Windows\System\zTZGssp.exe
  2⤵
  PID:1816
- C:\Windows\System\CyGbcEu.exe
  C:\Windows\System\CyGbcEu.exe
  2⤵
  PID:2168
- C:\Windows\System\iebrVTU.exe
  C:\Windows\System\iebrVTU.exe
  2⤵
  PID:1748
- C:\Windows\System\WSrJETe.exe
  C:\Windows\System\WSrJETe.exe
  2⤵
  PID:868
- C:\Windows\System\OuofMCM.exe
  C:\Windows\System\OuofMCM.exe
  2⤵
  PID:2960
- C:\Windows\System\iqynSXm.exe
  C:\Windows\System\iqynSXm.exe
  2⤵
  PID:2840
- C:\Windows\System\JkeUStG.exe
  C:\Windows\System\JkeUStG.exe
  2⤵
  PID:2740
- C:\Windows\System\vYrYTnW.exe
  C:\Windows\System\vYrYTnW.exe
  2⤵
  PID:1440
- C:\Windows\System\dCoIvcD.exe
  C:\Windows\System\dCoIvcD.exe
  2⤵
  PID:2900
- C:\Windows\System\koNQhev.exe
  C:\Windows\System\koNQhev.exe
  2⤵
  PID:2688
- C:\Windows\System\PBjjgkK.exe
  C:\Windows\System\PBjjgkK.exe
  2⤵
  PID:2868
- C:\Windows\System\TVmOfBC.exe
  C:\Windows\System\TVmOfBC.exe
  2⤵
  PID:2608
- C:\Windows\System\RIxcfOd.exe
  C:\Windows\System\RIxcfOd.exe
  2⤵
  PID:2604
- C:\Windows\System\gmhoOvW.exe
  C:\Windows\System\gmhoOvW.exe
  2⤵
  PID:2676
- C:\Windows\System\BpCJxcJ.exe
  C:\Windows\System\BpCJxcJ.exe
  2⤵
  PID:2020
- C:\Windows\System\SaOtNNq.exe
  C:\Windows\System\SaOtNNq.exe
  2⤵
  PID:1064
- C:\Windows\System\vQGvmJl.exe
  C:\Windows\System\vQGvmJl.exe
  2⤵
  PID:1692
- C:\Windows\System\lVjPBVv.exe
  C:\Windows\System\lVjPBVv.exe
  2⤵
  PID:2116
- C:\Windows\System\bjKYiCk.exe
  C:\Windows\System\bjKYiCk.exe
  2⤵
  PID:2536
- C:\Windows\System\sBferaF.exe
  C:\Windows\System\sBferaF.exe
  2⤵
  PID:828
- C:\Windows\System\hKVZIpE.exe
  C:\Windows\System\hKVZIpE.exe
  2⤵
  PID:2024
- C:\Windows\System\ZkPBzKP.exe
  C:\Windows\System\ZkPBzKP.exe
  2⤵
  PID:1920
- C:\Windows\System\QwwwpLN.exe
  C:\Windows\System\QwwwpLN.exe
  2⤵
  PID:2172
- C:\Windows\System\LauOzVw.exe
  C:\Windows\System\LauOzVw.exe
  2⤵
  PID:2512
- C:\Windows\System\EhnIiia.exe
  C:\Windows\System\EhnIiia.exe
  2⤵
  PID:3016
- C:\Windows\System\nFLNukC.exe
  C:\Windows\System\nFLNukC.exe
  2⤵
  PID:2996
- C:\Windows\System\ytVgXAp.exe
  C:\Windows\System\ytVgXAp.exe
  2⤵
  PID:1216
- C:\Windows\System\vfVHTea.exe
  C:\Windows\System\vfVHTea.exe
  2⤵
  PID:1208
- C:\Windows\System\wBztpfg.exe
  C:\Windows\System\wBztpfg.exe
  2⤵
  PID:1288
- C:\Windows\System\huITGfk.exe
  C:\Windows\System\huITGfk.exe
  2⤵
  PID:2784
- C:\Windows\System\pVTtNGk.exe
  C:\Windows\System\pVTtNGk.exe
  2⤵
  PID:2804
- C:\Windows\System\MjNVCUs.exe
  C:\Windows\System\MjNVCUs.exe
  2⤵
  PID:304
- C:\Windows\System\vQMItNz.exe
  C:\Windows\System\vQMItNz.exe
  2⤵
  PID:1248
- C:\Windows\System\VPXLpAv.exe
  C:\Windows\System\VPXLpAv.exe
  2⤵
  PID:2156
- C:\Windows\System\ipxFBUP.exe
  C:\Windows\System\ipxFBUP.exe
  2⤵
  PID:2884
- C:\Windows\System\lhGrPCr.exe
  C:\Windows\System\lhGrPCr.exe
  2⤵
  PID:1912
- C:\Windows\System\SppBZFK.exe
  C:\Windows\System\SppBZFK.exe
  2⤵
  PID:1964
- C:\Windows\System\gkobxcz.exe
  C:\Windows\System\gkobxcz.exe
  2⤵
  PID:1772
- C:\Windows\System\LAasjLm.exe
  C:\Windows\System\LAasjLm.exe
  2⤵
  PID:3004
- C:\Windows\System\bnfeoiy.exe
  C:\Windows\System\bnfeoiy.exe
  2⤵
  PID:2528
- C:\Windows\System\MMQWftT.exe
  C:\Windows\System\MMQWftT.exe
  2⤵
  PID:2184
- C:\Windows\System\nDmPmVi.exe
  C:\Windows\System\nDmPmVi.exe
  2⤵
  PID:2944
- C:\Windows\System\ztlVTxY.exe
  C:\Windows\System\ztlVTxY.exe
  2⤵
  PID:2780
- C:\Windows\System\JPkdish.exe
  C:\Windows\System\JPkdish.exe
  2⤵
  PID:3088
- C:\Windows\System\WoKlqrh.exe
  C:\Windows\System\WoKlqrh.exe
  2⤵
  PID:3108
- C:\Windows\System\wwjsKFg.exe
  C:\Windows\System\wwjsKFg.exe
  2⤵
  PID:3128
- C:\Windows\System\ehtEgvK.exe
  C:\Windows\System\ehtEgvK.exe
  2⤵
  PID:3148
- C:\Windows\System\OMiGgfa.exe
  C:\Windows\System\OMiGgfa.exe
  2⤵
  PID:3168
- C:\Windows\System\DPIMWFL.exe
  C:\Windows\System\DPIMWFL.exe
  2⤵
  PID:3188
- C:\Windows\System\gRtoYVA.exe
  C:\Windows\System\gRtoYVA.exe
  2⤵
  PID:3208
- C:\Windows\System\gcDmlQy.exe
  C:\Windows\System\gcDmlQy.exe
  2⤵
  PID:3228
- C:\Windows\System\iLFmDCe.exe
  C:\Windows\System\iLFmDCe.exe
  2⤵
  PID:3248
- C:\Windows\System\ePIHFPM.exe
  C:\Windows\System\ePIHFPM.exe
  2⤵
  PID:3272
- C:\Windows\System\BnyGjRy.exe
  C:\Windows\System\BnyGjRy.exe
  2⤵
  PID:3292
- C:\Windows\System\ECOULMU.exe
  C:\Windows\System\ECOULMU.exe
  2⤵
  PID:3312
- C:\Windows\System\KWLNUeA.exe
  C:\Windows\System\KWLNUeA.exe
  2⤵
  PID:3332
- C:\Windows\System\pmgVWij.exe
  C:\Windows\System\pmgVWij.exe
  2⤵
  PID:3352
- C:\Windows\System\nnLhDvv.exe
  C:\Windows\System\nnLhDvv.exe
  2⤵
  PID:3368
- C:\Windows\System\XqaktMn.exe
  C:\Windows\System\XqaktMn.exe
  2⤵
  PID:3392
- C:\Windows\System\QczGISd.exe
  C:\Windows\System\QczGISd.exe
  2⤵
  PID:3412
- C:\Windows\System\dNlxPBN.exe
  C:\Windows\System\dNlxPBN.exe
  2⤵
  PID:3432
- C:\Windows\System\zGPSaYq.exe
  C:\Windows\System\zGPSaYq.exe
  2⤵
  PID:3452
- C:\Windows\System\MgEJGwq.exe
  C:\Windows\System\MgEJGwq.exe
  2⤵
  PID:3472
- C:\Windows\System\hslswdr.exe
  C:\Windows\System\hslswdr.exe
  2⤵
  PID:3492
- C:\Windows\System\fRXoXwL.exe
  C:\Windows\System\fRXoXwL.exe
  2⤵
  PID:3512
- C:\Windows\System\rqhJeIU.exe
  C:\Windows\System\rqhJeIU.exe
  2⤵
  PID:3532
- C:\Windows\System\fmyDseY.exe
  C:\Windows\System\fmyDseY.exe
  2⤵
  PID:3552
- C:\Windows\System\WwUQNYk.exe
  C:\Windows\System\WwUQNYk.exe
  2⤵
  PID:3572
- C:\Windows\System\bALrkzC.exe
  C:\Windows\System\bALrkzC.exe
  2⤵
  PID:3592
- C:\Windows\System\aEbZVMC.exe
  C:\Windows\System\aEbZVMC.exe
  2⤵
  PID:3612
- C:\Windows\System\GxQOGcl.exe
  C:\Windows\System\GxQOGcl.exe
  2⤵
  PID:3632
- C:\Windows\System\ZNufyfU.exe
  C:\Windows\System\ZNufyfU.exe
  2⤵
  PID:3652
- C:\Windows\System\qLMwuYz.exe
  C:\Windows\System\qLMwuYz.exe
  2⤵
  PID:3672
- C:\Windows\System\TIfjSfp.exe
  C:\Windows\System\TIfjSfp.exe
  2⤵
  PID:3692
- C:\Windows\System\thPcmBn.exe
  C:\Windows\System\thPcmBn.exe
  2⤵
  PID:3712
- C:\Windows\System\aAvbsoi.exe
  C:\Windows\System\aAvbsoi.exe
  2⤵
  PID:3732
- C:\Windows\System\LMICyqa.exe
  C:\Windows\System\LMICyqa.exe
  2⤵
  PID:3752
- C:\Windows\System\DdCFVlS.exe
  C:\Windows\System\DdCFVlS.exe
  2⤵
  PID:3772
- C:\Windows\System\ewERRBw.exe
  C:\Windows\System\ewERRBw.exe
  2⤵
  PID:3792
- C:\Windows\System\pbiDCrO.exe
  C:\Windows\System\pbiDCrO.exe
  2⤵
  PID:3812
- C:\Windows\System\BGIFQnw.exe
  C:\Windows\System\BGIFQnw.exe
  2⤵
  PID:3832
- C:\Windows\System\Rientdd.exe
  C:\Windows\System\Rientdd.exe
  2⤵
  PID:3852
- C:\Windows\System\PnZgkwR.exe
  C:\Windows\System\PnZgkwR.exe
  2⤵
  PID:3872
- C:\Windows\System\UhsDgQc.exe
  C:\Windows\System\UhsDgQc.exe
  2⤵
  PID:3892
- C:\Windows\System\lmOQsyz.exe
  C:\Windows\System\lmOQsyz.exe
  2⤵
  PID:3912
- C:\Windows\System\sOBvVxk.exe
  C:\Windows\System\sOBvVxk.exe
  2⤵
  PID:3932
- C:\Windows\System\HrlnJiY.exe
  C:\Windows\System\HrlnJiY.exe
  2⤵
  PID:3952
- C:\Windows\System\ADAqBjS.exe
  C:\Windows\System\ADAqBjS.exe
  2⤵
  PID:3972
- C:\Windows\System\bVOIDgT.exe
  C:\Windows\System\bVOIDgT.exe
  2⤵
  PID:3992
- C:\Windows\System\DxEFggf.exe
  C:\Windows\System\DxEFggf.exe
  2⤵
  PID:4012
- C:\Windows\System\kKRrAwk.exe
  C:\Windows\System\kKRrAwk.exe
  2⤵
  PID:4032
- C:\Windows\System\mSbTtMv.exe
  C:\Windows\System\mSbTtMv.exe
  2⤵
  PID:4052
- C:\Windows\System\MOpBTmh.exe
  C:\Windows\System\MOpBTmh.exe
  2⤵
  PID:4072
- C:\Windows\System\hEMnjCX.exe
  C:\Windows\System\hEMnjCX.exe
  2⤵
  PID:4092
- C:\Windows\System\aHpsYUL.exe
  C:\Windows\System\aHpsYUL.exe
  2⤵
  PID:2572
- C:\Windows\System\TyztgGp.exe
  C:\Windows\System\TyztgGp.exe
  2⤵
  PID:2956
- C:\Windows\System\CLfRxYM.exe
  C:\Windows\System\CLfRxYM.exe
  2⤵
  PID:1052
- C:\Windows\System\QDXDKqS.exe
  C:\Windows\System\QDXDKqS.exe
  2⤵
  PID:2176
- C:\Windows\System\raOrkqW.exe
  C:\Windows\System\raOrkqW.exe
  2⤵
  PID:924
- C:\Windows\System\qtZSlHV.exe
  C:\Windows\System\qtZSlHV.exe
  2⤵
  PID:1992
- C:\Windows\System\XuEFTWM.exe
  C:\Windows\System\XuEFTWM.exe
  2⤵
  PID:2952
- C:\Windows\System\UZkkcLi.exe
  C:\Windows\System\UZkkcLi.exe
  2⤵
  PID:3104
- C:\Windows\System\iHRsfEe.exe
  C:\Windows\System\iHRsfEe.exe
  2⤵
  PID:3136
- C:\Windows\System\sWbgqNC.exe
  C:\Windows\System\sWbgqNC.exe
  2⤵
  PID:3124
- C:\Windows\System\vJcWgKQ.exe
  C:\Windows\System\vJcWgKQ.exe
  2⤵
  PID:3216
- C:\Windows\System\emgJoGI.exe
  C:\Windows\System\emgJoGI.exe
  2⤵
  PID:3204
- C:\Windows\System\CxcwPXK.exe
  C:\Windows\System\CxcwPXK.exe
  2⤵
  PID:3264
- C:\Windows\System\ifuvaRb.exe
  C:\Windows\System\ifuvaRb.exe
  2⤵
  PID:3300
- C:\Windows\System\WRmSFpw.exe
  C:\Windows\System\WRmSFpw.exe
  2⤵
  PID:3348
- C:\Windows\System\gukRXwQ.exe
  C:\Windows\System\gukRXwQ.exe
  2⤵
  PID:3324
- C:\Windows\System\FXqvtIJ.exe
  C:\Windows\System\FXqvtIJ.exe
  2⤵
  PID:3384
- C:\Windows\System\zOqNMGu.exe
  C:\Windows\System\zOqNMGu.exe
  2⤵
  PID:3404
- C:\Windows\System\BDAmQbI.exe
  C:\Windows\System\BDAmQbI.exe
  2⤵
  PID:3440
- C:\Windows\System\WbQzvHE.exe
  C:\Windows\System\WbQzvHE.exe
  2⤵
  PID:3504
- C:\Windows\System\nCvQPxx.exe
  C:\Windows\System\nCvQPxx.exe
  2⤵
  PID:3520
- C:\Windows\System\KuowdIB.exe
  C:\Windows\System\KuowdIB.exe
  2⤵
  PID:3580
- C:\Windows\System\ijbfOli.exe
  C:\Windows\System\ijbfOli.exe
  2⤵
  PID:3568
- C:\Windows\System\kAachrN.exe
  C:\Windows\System\kAachrN.exe
  2⤵
  PID:3608
- C:\Windows\System\GCttOAU.exe
  C:\Windows\System\GCttOAU.exe
  2⤵
  PID:3644
- C:\Windows\System\WljwOgp.exe
  C:\Windows\System\WljwOgp.exe
  2⤵
  PID:3680
- C:\Windows\System\FarVtxg.exe
  C:\Windows\System\FarVtxg.exe
  2⤵
  PID:3748
- C:\Windows\System\PCPxOfY.exe
  C:\Windows\System\PCPxOfY.exe
  2⤵
  PID:3760
- C:\Windows\System\VbSQBBi.exe
  C:\Windows\System\VbSQBBi.exe
  2⤵
  PID:3764
- C:\Windows\System\pQiQZtw.exe
  C:\Windows\System\pQiQZtw.exe
  2⤵
  PID:3808
- C:\Windows\System\cMEHsyc.exe
  C:\Windows\System\cMEHsyc.exe
  2⤵
  PID:3844
- C:\Windows\System\pAvjqVi.exe
  C:\Windows\System\pAvjqVi.exe
  2⤵
  PID:3880
- C:\Windows\System\pBVffTF.exe
  C:\Windows\System\pBVffTF.exe
  2⤵
  PID:3948
- C:\Windows\System\puupMLV.exe
  C:\Windows\System\puupMLV.exe
  2⤵
  PID:3960
- C:\Windows\System\BvBIKav.exe
  C:\Windows\System\BvBIKav.exe
  2⤵
  PID:3984
- C:\Windows\System\tfKXqoS.exe
  C:\Windows\System\tfKXqoS.exe
  2⤵
  PID:4008
- C:\Windows\System\bqELboW.exe
  C:\Windows\System\bqELboW.exe
  2⤵
  PID:4064
- C:\Windows\System\coZOsha.exe
  C:\Windows\System\coZOsha.exe
  2⤵
  PID:2680
- C:\Windows\System\kIRDaHj.exe
  C:\Windows\System\kIRDaHj.exe
  2⤵
  PID:2592
- C:\Windows\System\tLdVcOn.exe
  C:\Windows\System\tLdVcOn.exe
  2⤵
  PID:1396
- C:\Windows\System\LBwLBHD.exe
  C:\Windows\System\LBwLBHD.exe
  2⤵
  PID:1068
- C:\Windows\System\WasIdlL.exe
  C:\Windows\System\WasIdlL.exe
  2⤵
  PID:544
- C:\Windows\System\OoQddPC.exe
  C:\Windows\System\OoQddPC.exe
  2⤵
  PID:3080
- C:\Windows\System\qREdtZX.exe
  C:\Windows\System\qREdtZX.exe
  2⤵
  PID:3116
- C:\Windows\System\FJWXsTW.exe
  C:\Windows\System\FJWXsTW.exe
  2⤵
  PID:3224
- C:\Windows\System\llOawQo.exe
  C:\Windows\System\llOawQo.exe
  2⤵
  PID:3304
- C:\Windows\System\NJNkcRP.exe
  C:\Windows\System\NJNkcRP.exe
  2⤵
  PID:3380
- C:\Windows\System\kEiPRNz.exe
  C:\Windows\System\kEiPRNz.exe
  2⤵
  PID:3464
- C:\Windows\System\lVzkPbq.exe
  C:\Windows\System\lVzkPbq.exe
  2⤵
  PID:3484
- C:\Windows\System\vFyjFjb.exe
  C:\Windows\System\vFyjFjb.exe
  2⤵
  PID:3584
- C:\Windows\System\CnadTUc.exe
  C:\Windows\System\CnadTUc.exe
  2⤵
  PID:3560
- C:\Windows\System\FlKfwtq.exe
  C:\Windows\System\FlKfwtq.exe
  2⤵
  PID:3624
- C:\Windows\System\CnvSHgP.exe
  C:\Windows\System\CnvSHgP.exe
  2⤵
  PID:3684
- C:\Windows\System\RHasnbb.exe
  C:\Windows\System\RHasnbb.exe
  2⤵
  PID:3784
- C:\Windows\System\mpAnqUh.exe
  C:\Windows\System\mpAnqUh.exe
  2⤵
  PID:3868
- C:\Windows\System\FdGrrKi.exe
  C:\Windows\System\FdGrrKi.exe
  2⤵
  PID:3864
- C:\Windows\System\bgcCjIy.exe
  C:\Windows\System\bgcCjIy.exe
  2⤵
  PID:3908
- C:\Windows\System\owiPjYS.exe
  C:\Windows\System\owiPjYS.exe
  2⤵
  PID:3928
- C:\Windows\System\cdpgowV.exe
  C:\Windows\System\cdpgowV.exe
  2⤵
  PID:4088
- C:\Windows\System\HLrwNoD.exe
  C:\Windows\System\HLrwNoD.exe
  2⤵
  PID:4020
- C:\Windows\System\cOFjeOE.exe
  C:\Windows\System\cOFjeOE.exe
  2⤵
  PID:4080
- C:\Windows\System\KSYZihk.exe
  C:\Windows\System\KSYZihk.exe
  2⤵
  PID:2016
- C:\Windows\System\YGGRMtm.exe
  C:\Windows\System\YGGRMtm.exe
  2⤵
  PID:3180
- C:\Windows\System\EukwNIX.exe
  C:\Windows\System\EukwNIX.exe
  2⤵
  PID:2088
- C:\Windows\System\MuVZGjm.exe
  C:\Windows\System\MuVZGjm.exe
  2⤵
  PID:3140
- C:\Windows\System\EtnKGlE.exe
  C:\Windows\System\EtnKGlE.exe
  2⤵
  PID:3256
- C:\Windows\System\ILbUUVz.exe
  C:\Windows\System\ILbUUVz.exe
  2⤵
  PID:3428
- C:\Windows\System\JGsOVMO.exe
  C:\Windows\System\JGsOVMO.exe
  2⤵
  PID:2760
- C:\Windows\System\eNyjUnS.exe
  C:\Windows\System\eNyjUnS.exe
  2⤵
  PID:3500
- C:\Windows\System\kApneoL.exe
  C:\Windows\System\kApneoL.exe
  2⤵
  PID:3688
- C:\Windows\System\JKElLut.exe
  C:\Windows\System\JKElLut.exe
  2⤵
  PID:3728
- C:\Windows\System\uqDOLVG.exe
  C:\Windows\System\uqDOLVG.exe
  2⤵
  PID:3940
- C:\Windows\System\yTaGuMG.exe
  C:\Windows\System\yTaGuMG.exe
  2⤵
  PID:3828
- C:\Windows\System\QZbTOCk.exe
  C:\Windows\System\QZbTOCk.exe
  2⤵
  PID:3924
- C:\Windows\System\kCgAJyE.exe
  C:\Windows\System\kCgAJyE.exe
  2⤵
  PID:4068
- C:\Windows\System\NKrPpne.exe
  C:\Windows\System\NKrPpne.exe
  2⤵
  PID:1564
- C:\Windows\System\TNfvvGq.exe
  C:\Windows\System\TNfvvGq.exe
  2⤵
  PID:3156
- C:\Windows\System\kdGbmLz.exe
  C:\Windows\System\kdGbmLz.exe
  2⤵
  PID:3244
- C:\Windows\System\bAMZSqL.exe
  C:\Windows\System\bAMZSqL.exe
  2⤵
  PID:3200
- C:\Windows\System\LWsoldS.exe
  C:\Windows\System\LWsoldS.exe
  2⤵
  PID:3468
- C:\Windows\System\vUcGsmG.exe
  C:\Windows\System\vUcGsmG.exe
  2⤵
  PID:4108
- C:\Windows\System\mUatRPk.exe
  C:\Windows\System\mUatRPk.exe
  2⤵
  PID:4128
- C:\Windows\System\JPHUrng.exe
  C:\Windows\System\JPHUrng.exe
  2⤵
  PID:4148
- C:\Windows\System\NsVsBVr.exe
  C:\Windows\System\NsVsBVr.exe
  2⤵
  PID:4168
- C:\Windows\System\dUIcjkm.exe
  C:\Windows\System\dUIcjkm.exe
  2⤵
  PID:4188
- C:\Windows\System\jMxgJHr.exe
  C:\Windows\System\jMxgJHr.exe
  2⤵
  PID:4208
- C:\Windows\System\PpwdtmQ.exe
  C:\Windows\System\PpwdtmQ.exe
  2⤵
  PID:4228
- C:\Windows\System\ptBCnDG.exe
  C:\Windows\System\ptBCnDG.exe
  2⤵
  PID:4248
- C:\Windows\System\gllKfRw.exe
  C:\Windows\System\gllKfRw.exe
  2⤵
  PID:4268
- C:\Windows\System\RsjHJjX.exe
  C:\Windows\System\RsjHJjX.exe
  2⤵
  PID:4288
- C:\Windows\System\MSlWEfr.exe
  C:\Windows\System\MSlWEfr.exe
  2⤵
  PID:4308
- C:\Windows\System\AkALlzp.exe
  C:\Windows\System\AkALlzp.exe
  2⤵
  PID:4324
- C:\Windows\System\TMOcZwD.exe
  C:\Windows\System\TMOcZwD.exe
  2⤵
  PID:4348
- C:\Windows\System\jVjodBq.exe
  C:\Windows\System\jVjodBq.exe
  2⤵
  PID:4368
- C:\Windows\System\OAirsTm.exe
  C:\Windows\System\OAirsTm.exe
  2⤵
  PID:4388
- C:\Windows\System\RiKMqIH.exe
  C:\Windows\System\RiKMqIH.exe
  2⤵
  PID:4408
- C:\Windows\System\LXrMOxA.exe
  C:\Windows\System\LXrMOxA.exe
  2⤵
  PID:4428
- C:\Windows\System\ApDClst.exe
  C:\Windows\System\ApDClst.exe
  2⤵
  PID:4448
- C:\Windows\System\WEmFibN.exe
  C:\Windows\System\WEmFibN.exe
  2⤵
  PID:4468
- C:\Windows\System\IjwMEAb.exe
  C:\Windows\System\IjwMEAb.exe
  2⤵
  PID:4488
- C:\Windows\System\qqCKULW.exe
  C:\Windows\System\qqCKULW.exe
  2⤵
  PID:4508
- C:\Windows\System\emFXnjX.exe
  C:\Windows\System\emFXnjX.exe
  2⤵
  PID:4528
- C:\Windows\System\mvoisQg.exe
  C:\Windows\System\mvoisQg.exe
  2⤵
  PID:4548
- C:\Windows\System\zSCFTDC.exe
  C:\Windows\System\zSCFTDC.exe
  2⤵
  PID:4568
- C:\Windows\System\erOzLNR.exe
  C:\Windows\System\erOzLNR.exe
  2⤵
  PID:4588
- C:\Windows\System\tDiqphA.exe
  C:\Windows\System\tDiqphA.exe
  2⤵
  PID:4608
- C:\Windows\System\QxUTNMC.exe
  C:\Windows\System\QxUTNMC.exe
  2⤵
  PID:4628
- C:\Windows\System\WJqmImk.exe
  C:\Windows\System\WJqmImk.exe
  2⤵
  PID:4644
- C:\Windows\System\EohDGkO.exe
  C:\Windows\System\EohDGkO.exe
  2⤵
  PID:4668
- C:\Windows\System\esygDfD.exe
  C:\Windows\System\esygDfD.exe
  2⤵
  PID:4696
- C:\Windows\System\kdAEYYj.exe
  C:\Windows\System\kdAEYYj.exe
  2⤵
  PID:4716
- C:\Windows\System\oTGetAV.exe
  C:\Windows\System\oTGetAV.exe
  2⤵
  PID:4736
- C:\Windows\System\QwoewIr.exe
  C:\Windows\System\QwoewIr.exe
  2⤵
  PID:4756
- C:\Windows\System\LXKEgey.exe
  C:\Windows\System\LXKEgey.exe
  2⤵
  PID:4776
- C:\Windows\System\KJfmSjW.exe
  C:\Windows\System\KJfmSjW.exe
  2⤵
  PID:4796
- C:\Windows\System\NSHOhFz.exe
  C:\Windows\System\NSHOhFz.exe
  2⤵
  PID:4816
- C:\Windows\System\cXpMavf.exe
  C:\Windows\System\cXpMavf.exe
  2⤵
  PID:4836
- C:\Windows\System\WQykkxZ.exe
  C:\Windows\System\WQykkxZ.exe
  2⤵
  PID:4856
- C:\Windows\System\TqDBrFi.exe
  C:\Windows\System\TqDBrFi.exe
  2⤵
  PID:4876
- C:\Windows\System\SwvIFZJ.exe
  C:\Windows\System\SwvIFZJ.exe
  2⤵
  PID:4896
- C:\Windows\System\wMNwvfQ.exe
  C:\Windows\System\wMNwvfQ.exe
  2⤵
  PID:4916
- C:\Windows\System\uFchaHX.exe
  C:\Windows\System\uFchaHX.exe
  2⤵
  PID:4936
- C:\Windows\System\gdrhOCI.exe
  C:\Windows\System\gdrhOCI.exe
  2⤵
  PID:4956
- C:\Windows\System\MULqFco.exe
  C:\Windows\System\MULqFco.exe
  2⤵
  PID:4976
- C:\Windows\System\qnNIFHe.exe
  C:\Windows\System\qnNIFHe.exe
  2⤵
  PID:4996
- C:\Windows\System\ixNkBfM.exe
  C:\Windows\System\ixNkBfM.exe
  2⤵
  PID:5016
- C:\Windows\System\ZHYnTIS.exe
  C:\Windows\System\ZHYnTIS.exe
  2⤵
  PID:5036
- C:\Windows\System\CojzMoV.exe
  C:\Windows\System\CojzMoV.exe
  2⤵
  PID:5056
- C:\Windows\System\yweavmg.exe
  C:\Windows\System\yweavmg.exe
  2⤵
  PID:5076
- C:\Windows\System\YUYgmPA.exe
  C:\Windows\System\YUYgmPA.exe
  2⤵
  PID:5096
- C:\Windows\System\oPenVog.exe
  C:\Windows\System\oPenVog.exe
  2⤵
  PID:5116
- C:\Windows\System\arDFvSN.exe
  C:\Windows\System\arDFvSN.exe
  2⤵
  PID:3648
- C:\Windows\System\YbmUxiB.exe
  C:\Windows\System\YbmUxiB.exe
  2⤵
  PID:3788
- C:\Windows\System\ipQECCE.exe
  C:\Windows\System\ipQECCE.exe
  2⤵
  PID:2372
- C:\Windows\System\LHGkZHx.exe
  C:\Windows\System\LHGkZHx.exe
  2⤵
  PID:2464
- C:\Windows\System\TDeSjtY.exe
  C:\Windows\System\TDeSjtY.exe
  2⤵
  PID:2460
- C:\Windows\System\mOMoPJy.exe
  C:\Windows\System\mOMoPJy.exe
  2⤵
  PID:3360
- C:\Windows\System\XhPMKak.exe
  C:\Windows\System\XhPMKak.exe
  2⤵
  PID:4104
- C:\Windows\System\wLfmAMd.exe
  C:\Windows\System\wLfmAMd.exe
  2⤵
  PID:4140
- C:\Windows\System\hJkvNZP.exe
  C:\Windows\System\hJkvNZP.exe
  2⤵
  PID:4176
- C:\Windows\System\fkuEcQD.exe
  C:\Windows\System\fkuEcQD.exe
  2⤵
  PID:4216
- C:\Windows\System\ixvHXdA.exe
  C:\Windows\System\ixvHXdA.exe
  2⤵
  PID:4236
- C:\Windows\System\UZIfiXt.exe
  C:\Windows\System\UZIfiXt.exe
  2⤵
  PID:4240
- C:\Windows\System\AJAbQdZ.exe
  C:\Windows\System\AJAbQdZ.exe
  2⤵
  PID:4284
- C:\Windows\System\XyDbjjw.exe
  C:\Windows\System\XyDbjjw.exe
  2⤵
  PID:4320
- C:\Windows\System\MOmrKew.exe
  C:\Windows\System\MOmrKew.exe
  2⤵
  PID:4360
- C:\Windows\System\IzGMfAN.exe
  C:\Windows\System\IzGMfAN.exe
  2⤵
  PID:4424
- C:\Windows\System\ciIIuAe.exe
  C:\Windows\System\ciIIuAe.exe
  2⤵
  PID:4464
- C:\Windows\System\WKvNCZx.exe
  C:\Windows\System\WKvNCZx.exe
  2⤵
  PID:4436
- C:\Windows\System\gnoccpJ.exe
  C:\Windows\System\gnoccpJ.exe
  2⤵
  PID:4484
- C:\Windows\System\NtGmIoR.exe
  C:\Windows\System\NtGmIoR.exe
  2⤵
  PID:4524
- C:\Windows\System\UycxqlI.exe
  C:\Windows\System\UycxqlI.exe
  2⤵
  PID:4616
- C:\Windows\System\nlmNXKs.exe
  C:\Windows\System\nlmNXKs.exe
  2⤵
  PID:4556
- C:\Windows\System\ycOMwxk.exe
  C:\Windows\System\ycOMwxk.exe
  2⤵
  PID:4660
- C:\Windows\System\paHkFmE.exe
  C:\Windows\System\paHkFmE.exe
  2⤵
  PID:4704
- C:\Windows\System\lbgdCMN.exe
  C:\Windows\System\lbgdCMN.exe
  2⤵
  PID:4708
- C:\Windows\System\yRymidy.exe
  C:\Windows\System\yRymidy.exe
  2⤵
  PID:4728
- C:\Windows\System\KRGcoZp.exe
  C:\Windows\System\KRGcoZp.exe
  2⤵
  PID:4824
- C:\Windows\System\ivYvDhR.exe
  C:\Windows\System\ivYvDhR.exe
  2⤵
  PID:4772
- C:\Windows\System\EAhzvRS.exe
  C:\Windows\System\EAhzvRS.exe
  2⤵
  PID:4864
- C:\Windows\System\qsbscUa.exe
  C:\Windows\System\qsbscUa.exe
  2⤵
  PID:4848
- C:\Windows\System\xgnRDLO.exe
  C:\Windows\System\xgnRDLO.exe
  2⤵
  PID:4888
- C:\Windows\System\WezHfFo.exe
  C:\Windows\System\WezHfFo.exe
  2⤵
  PID:4952
- C:\Windows\System\nRvoBwk.exe
  C:\Windows\System\nRvoBwk.exe
  2⤵
  PID:2440
- C:\Windows\System\IiMZRdz.exe
  C:\Windows\System\IiMZRdz.exe
  2⤵
  PID:760
- C:\Windows\System\YiCXbUE.exe
  C:\Windows\System\YiCXbUE.exe
  2⤵
  PID:4984
- C:\Windows\System\xDtFYEE.exe
  C:\Windows\System\xDtFYEE.exe
  2⤵
  PID:4988
- C:\Windows\System\jFunjyf.exe
  C:\Windows\System\jFunjyf.exe
  2⤵
  PID:5028
- C:\Windows\System\pyZygUG.exe
  C:\Windows\System\pyZygUG.exe
  2⤵
  PID:5044
- C:\Windows\System\vBfthQz.exe
  C:\Windows\System\vBfthQz.exe
  2⤵
  PID:5112
- C:\Windows\System\luLetms.exe
  C:\Windows\System\luLetms.exe
  2⤵
  PID:3708
- C:\Windows\System\zbmTgHR.exe
  C:\Windows\System\zbmTgHR.exe
  2⤵
  PID:2616
- C:\Windows\System\ZdjcirE.exe
  C:\Windows\System\ZdjcirE.exe
  2⤵
  PID:536
- C:\Windows\System\upEpojl.exe
  C:\Windows\System\upEpojl.exe
  2⤵
  PID:3044
- C:\Windows\System\DckcXsL.exe
  C:\Windows\System\DckcXsL.exe
  2⤵
  PID:3548
- C:\Windows\System\LWuSKIF.exe
  C:\Windows\System\LWuSKIF.exe
  2⤵
  PID:4184
- C:\Windows\System\cdWuIiY.exe
  C:\Windows\System\cdWuIiY.exe
  2⤵
  PID:4200
- C:\Windows\System\TJZWIiq.exe
  C:\Windows\System\TJZWIiq.exe
  2⤵
  PID:4244
- C:\Windows\System\YDolSoe.exe
  C:\Windows\System\YDolSoe.exe
  2⤵
  PID:4316
- C:\Windows\System\PmKQktM.exe
  C:\Windows\System\PmKQktM.exe
  2⤵
  PID:4376
- C:\Windows\System\IHrDGHw.exe
  C:\Windows\System\IHrDGHw.exe
  2⤵
  PID:4496
- C:\Windows\System\rTATNoP.exe
  C:\Windows\System\rTATNoP.exe
  2⤵
  PID:4540
- C:\Windows\System\ZtkOjjg.exe
  C:\Windows\System\ZtkOjjg.exe
  2⤵
  PID:4544
- C:\Windows\System\wTneFrz.exe
  C:\Windows\System\wTneFrz.exe
  2⤵
  PID:4640
- C:\Windows\System\JNIpuGh.exe
  C:\Windows\System\JNIpuGh.exe
  2⤵
  PID:4604
- C:\Windows\System\araFyfK.exe
  C:\Windows\System\araFyfK.exe
  2⤵
  PID:4724
- C:\Windows\System\zBFwxPh.exe
  C:\Windows\System\zBFwxPh.exe
  2⤵
  PID:4832
- C:\Windows\System\qWaDjJQ.exe
  C:\Windows\System\qWaDjJQ.exe
  2⤵
  PID:4812
- C:\Windows\System\XgEvxhJ.exe
  C:\Windows\System\XgEvxhJ.exe
  2⤵
  PID:2988
- C:\Windows\System\DlNtXZU.exe
  C:\Windows\System\DlNtXZU.exe
  2⤵
  PID:4884
- C:\Windows\System\HbzlQkm.exe
  C:\Windows\System\HbzlQkm.exe
  2⤵
  PID:1552
- C:\Windows\System\LepSXCx.exe
  C:\Windows\System\LepSXCx.exe
  2⤵
  PID:4968
- C:\Windows\System\hkZuuYW.exe
  C:\Windows\System\hkZuuYW.exe
  2⤵
  PID:5008
- C:\Windows\System\rDQshfu.exe
  C:\Windows\System\rDQshfu.exe
  2⤵
  PID:5048
- C:\Windows\System\DbFjmSa.exe
  C:\Windows\System\DbFjmSa.exe
  2⤵
  PID:5092
- C:\Windows\System\vmMbTEE.exe
  C:\Windows\System\vmMbTEE.exe
  2⤵
  PID:4040
- C:\Windows\System\RZxVSec.exe
  C:\Windows\System\RZxVSec.exe
  2⤵
  PID:784
- C:\Windows\System\IpYcEvx.exe
  C:\Windows\System\IpYcEvx.exe
  2⤵
  PID:3540
- C:\Windows\System\OjxVbMd.exe
  C:\Windows\System\OjxVbMd.exe
  2⤵
  PID:4220
- C:\Windows\System\qksewnk.exe
  C:\Windows\System\qksewnk.exe
  2⤵
  PID:4396
- C:\Windows\System\QToFjSl.exe
  C:\Windows\System\QToFjSl.exe
  2⤵
  PID:4364
- C:\Windows\System\VYaNnPV.exe
  C:\Windows\System\VYaNnPV.exe
  2⤵
  PID:4504
- C:\Windows\System\aEWuSgb.exe
  C:\Windows\System\aEWuSgb.exe
  2⤵
  PID:4584
- C:\Windows\System\WaHXHOs.exe
  C:\Windows\System\WaHXHOs.exe
  2⤵
  PID:4684
- C:\Windows\System\ilwVOMG.exe
  C:\Windows\System\ilwVOMG.exe
  2⤵
  PID:4804
- C:\Windows\System\WPeuIvc.exe
  C:\Windows\System\WPeuIvc.exe
  2⤵
  PID:4788
- C:\Windows\System\OEBUYdn.exe
  C:\Windows\System\OEBUYdn.exe
  2⤵
  PID:4908
- C:\Windows\System\gYEkTau.exe
  C:\Windows\System\gYEkTau.exe
  2⤵
  PID:5068
- C:\Windows\System\vOtYoZx.exe
  C:\Windows\System\vOtYoZx.exe
  2⤵
  PID:5004
- C:\Windows\System\UgZVcIt.exe
  C:\Windows\System\UgZVcIt.exe
  2⤵
  PID:720
- C:\Windows\System\KzBxfED.exe
  C:\Windows\System\KzBxfED.exe
  2⤵
  PID:3800
- C:\Windows\System\vCUoNKx.exe
  C:\Windows\System\vCUoNKx.exe
  2⤵
  PID:4120
- C:\Windows\System\dJXjTYl.exe
  C:\Windows\System\dJXjTYl.exe
  2⤵
  PID:4260
- C:\Windows\System\GNACGgH.exe
  C:\Windows\System\GNACGgH.exe
  2⤵
  PID:4580
- C:\Windows\System\HbqLlSq.exe
  C:\Windows\System\HbqLlSq.exe
  2⤵
  PID:4652
- C:\Windows\System\urOmCOc.exe
  C:\Windows\System\urOmCOc.exe
  2⤵
  PID:1164
- C:\Windows\System\ufSolXf.exe
  C:\Windows\System\ufSolXf.exe
  2⤵
  PID:2316
- C:\Windows\System\mziKQpl.exe
  C:\Windows\System\mziKQpl.exe
  2⤵
  PID:4944
- C:\Windows\System\iKZvSEy.exe
  C:\Windows\System\iKZvSEy.exe
  2⤵
  PID:5136
- C:\Windows\System\zBRJpYl.exe
  C:\Windows\System\zBRJpYl.exe
  2⤵
  PID:5156
- C:\Windows\System\FypJoRK.exe
  C:\Windows\System\FypJoRK.exe
  2⤵
  PID:5176
- C:\Windows\System\NzSLJAO.exe
  C:\Windows\System\NzSLJAO.exe
  2⤵
  PID:5192
- C:\Windows\System\hrFfMCW.exe
  C:\Windows\System\hrFfMCW.exe
  2⤵
  PID:5216
- C:\Windows\System\SbvTUEu.exe
  C:\Windows\System\SbvTUEu.exe
  2⤵
  PID:5236
- C:\Windows\System\VzJHRjs.exe
  C:\Windows\System\VzJHRjs.exe
  2⤵
  PID:5256
- C:\Windows\System\OMbJlwk.exe
  C:\Windows\System\OMbJlwk.exe
  2⤵
  PID:5272
- C:\Windows\System\AAzWMyl.exe
  C:\Windows\System\AAzWMyl.exe
  2⤵
  PID:5296
- C:\Windows\System\XBNANZo.exe
  C:\Windows\System\XBNANZo.exe
  2⤵
  PID:5316
- C:\Windows\System\UveheZB.exe
  C:\Windows\System\UveheZB.exe
  2⤵
  PID:5336
- C:\Windows\System\fBpOmal.exe
  C:\Windows\System\fBpOmal.exe
  2⤵
  PID:5356
- C:\Windows\System\UqHSStc.exe
  C:\Windows\System\UqHSStc.exe
  2⤵
  PID:5376
- C:\Windows\System\qgDykfa.exe
  C:\Windows\System\qgDykfa.exe
  2⤵
  PID:5396
- C:\Windows\System\Uwtxrsb.exe
  C:\Windows\System\Uwtxrsb.exe
  2⤵
  PID:5416
- C:\Windows\System\MyYhWIv.exe
  C:\Windows\System\MyYhWIv.exe
  2⤵
  PID:5436
- C:\Windows\System\lPtXfQH.exe
  C:\Windows\System\lPtXfQH.exe
  2⤵
  PID:5456
- C:\Windows\System\YvfCkFy.exe
  C:\Windows\System\YvfCkFy.exe
  2⤵
  PID:5472
- C:\Windows\System\aZdPJUk.exe
  C:\Windows\System\aZdPJUk.exe
  2⤵
  PID:5496
- C:\Windows\System\MgYaAPv.exe
  C:\Windows\System\MgYaAPv.exe
  2⤵
  PID:5516
- C:\Windows\System\XMyXBjb.exe
  C:\Windows\System\XMyXBjb.exe
  2⤵
  PID:5536
- C:\Windows\System\IuabEff.exe
  C:\Windows\System\IuabEff.exe
  2⤵
  PID:5556
- C:\Windows\System\EdmjGsh.exe
  C:\Windows\System\EdmjGsh.exe
  2⤵
  PID:5576
- C:\Windows\System\cXkJogQ.exe
  C:\Windows\System\cXkJogQ.exe
  2⤵
  PID:5596
- C:\Windows\System\hZYkiDk.exe
  C:\Windows\System\hZYkiDk.exe
  2⤵
  PID:5616
- C:\Windows\System\BPnBbaZ.exe
  C:\Windows\System\BPnBbaZ.exe
  2⤵
  PID:5636
- C:\Windows\System\nfcQfpo.exe
  C:\Windows\System\nfcQfpo.exe
  2⤵
  PID:5656
- C:\Windows\System\djrdseF.exe
  C:\Windows\System\djrdseF.exe
  2⤵
  PID:5676
- C:\Windows\System\fTvSNhN.exe
  C:\Windows\System\fTvSNhN.exe
  2⤵
  PID:5696
- C:\Windows\System\OyftxWh.exe
  C:\Windows\System\OyftxWh.exe
  2⤵
  PID:5716
- C:\Windows\System\aIkGAVu.exe
  C:\Windows\System\aIkGAVu.exe
  2⤵
  PID:5736
- C:\Windows\System\mQnBWuG.exe
  C:\Windows\System\mQnBWuG.exe
  2⤵
  PID:5752
- C:\Windows\System\pJzIwBc.exe
  C:\Windows\System\pJzIwBc.exe
  2⤵
  PID:5776
- C:\Windows\System\AjZfEWP.exe
  C:\Windows\System\AjZfEWP.exe
  2⤵
  PID:5796
- C:\Windows\System\TZnmpdG.exe
  C:\Windows\System\TZnmpdG.exe
  2⤵
  PID:5816
- C:\Windows\System\ggixEzU.exe
  C:\Windows\System\ggixEzU.exe
  2⤵
  PID:5836
- C:\Windows\System\FZhxhrS.exe
  C:\Windows\System\FZhxhrS.exe
  2⤵
  PID:5856
- C:\Windows\System\OhsjDKC.exe
  C:\Windows\System\OhsjDKC.exe
  2⤵
  PID:5876
- C:\Windows\System\tyyAMbI.exe
  C:\Windows\System\tyyAMbI.exe
  2⤵
  PID:5896
- C:\Windows\System\NykkmRl.exe
  C:\Windows\System\NykkmRl.exe
  2⤵
  PID:5916
- C:\Windows\System\EbLNbVC.exe
  C:\Windows\System\EbLNbVC.exe
  2⤵
  PID:5936
- C:\Windows\System\BDigeaO.exe
  C:\Windows\System\BDigeaO.exe
  2⤵
  PID:5956
- C:\Windows\System\gTpUUBi.exe
  C:\Windows\System\gTpUUBi.exe
  2⤵
  PID:5976
- C:\Windows\System\EKBvsNR.exe
  C:\Windows\System\EKBvsNR.exe
  2⤵
  PID:5996
- C:\Windows\System\uZXKeVN.exe
  C:\Windows\System\uZXKeVN.exe
  2⤵
  PID:6016
- C:\Windows\System\cFSvVbp.exe
  C:\Windows\System\cFSvVbp.exe
  2⤵
  PID:6036
- C:\Windows\System\CSplxEo.exe
  C:\Windows\System\CSplxEo.exe
  2⤵
  PID:6056
- C:\Windows\System\tIVIsTg.exe
  C:\Windows\System\tIVIsTg.exe
  2⤵
  PID:6076
- C:\Windows\System\PitHqaQ.exe
  C:\Windows\System\PitHqaQ.exe
  2⤵
  PID:6096
- C:\Windows\System\UlTCzIM.exe
  C:\Windows\System\UlTCzIM.exe
  2⤵
  PID:6116
- C:\Windows\System\YdSIYKq.exe
  C:\Windows\System\YdSIYKq.exe
  2⤵
  PID:6136
- C:\Windows\System\ZsiMjoD.exe
  C:\Windows\System\ZsiMjoD.exe
  2⤵
  PID:4156
- C:\Windows\System\EWzNVnE.exe
  C:\Windows\System\EWzNVnE.exe
  2⤵
  PID:4380
- C:\Windows\System\jTLSzyp.exe
  C:\Windows\System\jTLSzyp.exe
  2⤵
  PID:4456
- C:\Windows\System\fNsfjDR.exe
  C:\Windows\System\fNsfjDR.exe
  2⤵
  PID:1684
- C:\Windows\System\LvPNLLk.exe
  C:\Windows\System\LvPNLLk.exe
  2⤵
  PID:3268
- C:\Windows\System\uDLHQzf.exe
  C:\Windows\System\uDLHQzf.exe
  2⤵
  PID:5024
- C:\Windows\System\gVVWyYj.exe
  C:\Windows\System\gVVWyYj.exe
  2⤵
  PID:5144
- C:\Windows\System\HfySoWX.exe
  C:\Windows\System\HfySoWX.exe
  2⤵
  PID:5208
- C:\Windows\System\VJqYaTU.exe
  C:\Windows\System\VJqYaTU.exe
  2⤵
  PID:5244
- C:\Windows\System\WvgXIof.exe
  C:\Windows\System\WvgXIof.exe
  2⤵
  PID:5264
- C:\Windows\System\PwkMiUq.exe
  C:\Windows\System\PwkMiUq.exe
  2⤵
  PID:5268
- C:\Windows\System\qoSiOpG.exe
  C:\Windows\System\qoSiOpG.exe
  2⤵
  PID:5312
- C:\Windows\System\FbUxIPF.exe
  C:\Windows\System\FbUxIPF.exe
  2⤵
  PID:5352
- C:\Windows\System\UOiTbzN.exe
  C:\Windows\System\UOiTbzN.exe
  2⤵
  PID:5412
- C:\Windows\System\GIHlodI.exe
  C:\Windows\System\GIHlodI.exe
  2⤵
  PID:5432
- C:\Windows\System\uLUlyik.exe
  C:\Windows\System\uLUlyik.exe
  2⤵
  PID:5480
- C:\Windows\System\pPIMBMs.exe
  C:\Windows\System\pPIMBMs.exe
  2⤵
  PID:5488
- C:\Windows\System\quHJzEc.exe
  C:\Windows\System\quHJzEc.exe
  2⤵
  PID:5504
- C:\Windows\System\SpOAeJQ.exe
  C:\Windows\System\SpOAeJQ.exe
  2⤵
  PID:5564
- C:\Windows\System\FIcuoSq.exe
  C:\Windows\System\FIcuoSq.exe
  2⤵
  PID:5568
- C:\Windows\System\QfOBUTd.exe
  C:\Windows\System\QfOBUTd.exe
  2⤵
  PID:5588
- C:\Windows\System\ZqzeCsQ.exe
  C:\Windows\System\ZqzeCsQ.exe
  2⤵
  PID:5632
- C:\Windows\System\DnIOXdg.exe
  C:\Windows\System\DnIOXdg.exe
  2⤵
  PID:5628
- C:\Windows\System\OPLLQnC.exe
  C:\Windows\System\OPLLQnC.exe
  2⤵
  PID:5688
- C:\Windows\System\DtBRkYV.exe
  C:\Windows\System\DtBRkYV.exe
  2⤵
  PID:5732
- C:\Windows\System\MnnijSw.exe
  C:\Windows\System\MnnijSw.exe
  2⤵
  PID:5764
- C:\Windows\System\zbKWGuu.exe
  C:\Windows\System\zbKWGuu.exe
  2⤵
  PID:5804
- C:\Windows\System\oAkylvg.exe
  C:\Windows\System\oAkylvg.exe
  2⤵
  PID:5808
- C:\Windows\System\Xgdukvt.exe
  C:\Windows\System\Xgdukvt.exe
  2⤵
  PID:5828
- C:\Windows\System\gVIoAPY.exe
  C:\Windows\System\gVIoAPY.exe
  2⤵
  PID:5872
- C:\Windows\System\eBOgdLy.exe
  C:\Windows\System\eBOgdLy.exe
  2⤵
  PID:5932
- C:\Windows\System\MZriWDZ.exe
  C:\Windows\System\MZriWDZ.exe
  2⤵
  PID:5964
- C:\Windows\System\yCBWyTA.exe
  C:\Windows\System\yCBWyTA.exe
  2⤵
  PID:5948
- C:\Windows\System\oehdlby.exe
  C:\Windows\System\oehdlby.exe
  2⤵
  PID:5984
- C:\Windows\System\gdtJebP.exe
  C:\Windows\System\gdtJebP.exe
  2⤵
  PID:6052
- C:\Windows\System\tiwqLGd.exe
  C:\Windows\System\tiwqLGd.exe
  2⤵
  PID:6084
- C:\Windows\System\paixJdE.exe
  C:\Windows\System\paixJdE.exe
  2⤵
  PID:6068
- C:\Windows\System\kTkMTQf.exe
  C:\Windows\System\kTkMTQf.exe
  2⤵
  PID:6132
- C:\Windows\System\rDSRcOp.exe
  C:\Windows\System\rDSRcOp.exe
  2⤵
  PID:4060
- C:\Windows\System\AsFGkOU.exe
  C:\Windows\System\AsFGkOU.exe
  2⤵
  PID:4748
- C:\Windows\System\wOvTpBW.exe
  C:\Windows\System\wOvTpBW.exe
  2⤵
  PID:5132
- C:\Windows\System\yifRKfp.exe
  C:\Windows\System\yifRKfp.exe
  2⤵
  PID:5184
- C:\Windows\System\adnWdAa.exe
  C:\Windows\System\adnWdAa.exe
  2⤵
  PID:5212
- C:\Windows\System\VGyhIBb.exe
  C:\Windows\System\VGyhIBb.exe
  2⤵
  PID:5224
- C:\Windows\System\cWjfDkg.exe
  C:\Windows\System\cWjfDkg.exe
  2⤵
  PID:5324
- C:\Windows\System\xyUhQCF.exe
  C:\Windows\System\xyUhQCF.exe
  2⤵
  PID:5364
- C:\Windows\System\vxDGgKX.exe
  C:\Windows\System\vxDGgKX.exe
  2⤵
  PID:5344
- C:\Windows\System\FvarhgB.exe
  C:\Windows\System\FvarhgB.exe
  2⤵
  PID:5424
- C:\Windows\System\PBZpfND.exe
  C:\Windows\System\PBZpfND.exe
  2⤵
  PID:5468
- C:\Windows\System\wNUhrHF.exe
  C:\Windows\System\wNUhrHF.exe
  2⤵
  PID:5552
- C:\Windows\System\TXacjkV.exe
  C:\Windows\System\TXacjkV.exe
  2⤵
  PID:5604
- C:\Windows\System\JCEuEaF.exe
  C:\Windows\System\JCEuEaF.exe
  2⤵
  PID:5652
- C:\Windows\System\dGzpLBS.exe
  C:\Windows\System\dGzpLBS.exe
  2⤵
  PID:5712
- C:\Windows\System\BPFYebP.exe
  C:\Windows\System\BPFYebP.exe
  2⤵
  PID:5724
- C:\Windows\System\MmGMIFU.exe
  C:\Windows\System\MmGMIFU.exe
  2⤵
  PID:5784
- C:\Windows\System\iSUgzfF.exe
  C:\Windows\System\iSUgzfF.exe
  2⤵
  PID:2208
- C:\Windows\System\cRQBLjt.exe
  C:\Windows\System\cRQBLjt.exe
  2⤵
  PID:5824
- C:\Windows\System\OEJSdqp.exe
  C:\Windows\System\OEJSdqp.exe
  2⤵
  PID:5868
- C:\Windows\System\JGoWvJk.exe
  C:\Windows\System\JGoWvJk.exe
  2⤵
  PID:5904
- C:\Windows\System\AXQgCRT.exe
  C:\Windows\System\AXQgCRT.exe
  2⤵
  PID:1728
- C:\Windows\System\jTUEaIF.exe
  C:\Windows\System\jTUEaIF.exe
  2⤵
  PID:1072
- C:\Windows\System\DvjSaWh.exe
  C:\Windows\System\DvjSaWh.exe
  2⤵
  PID:852
- C:\Windows\System\aKFwGGw.exe
  C:\Windows\System\aKFwGGw.exe
  2⤵
  PID:2404
- C:\Windows\System\kpYsbqF.exe
  C:\Windows\System\kpYsbqF.exe
  2⤵
  PID:808
- C:\Windows\System\yeRGtbP.exe
  C:\Windows\System\yeRGtbP.exe
  2⤵
  PID:1596
- C:\Windows\System\DVIgoYV.exe
  C:\Windows\System\DVIgoYV.exe
  2⤵
  PID:948
- C:\Windows\System\kLGdMTF.exe
  C:\Windows\System\kLGdMTF.exe
  2⤵
  PID:4344
- C:\Windows\System\xxMyple.exe
  C:\Windows\System\xxMyple.exe
  2⤵
  PID:6048
- C:\Windows\System\JNJFWVw.exe
  C:\Windows\System\JNJFWVw.exe
  2⤵
  PID:6112
- C:\Windows\System\RbhmVLl.exe
  C:\Windows\System\RbhmVLl.exe
  2⤵
  PID:6108
- C:\Windows\System\sqRkzHJ.exe
  C:\Windows\System\sqRkzHJ.exe
  2⤵
  PID:3340
- C:\Windows\System\IeZiFKv.exe
  C:\Windows\System\IeZiFKv.exe
  2⤵
  PID:4476
- C:\Windows\System\UvipBpJ.exe
  C:\Windows\System\UvipBpJ.exe
  2⤵
  PID:4680
- C:\Windows\System\dyfNOCf.exe
  C:\Windows\System\dyfNOCf.exe
  2⤵
  PID:5232
- C:\Windows\System\mhxnrdt.exe
  C:\Windows\System\mhxnrdt.exe
  2⤵
  PID:348
- C:\Windows\System\rXxHiCQ.exe
  C:\Windows\System\rXxHiCQ.exe
  2⤵
  PID:1204
- C:\Windows\System\eWjlxXK.exe
  C:\Windows\System\eWjlxXK.exe
  2⤵
  PID:5404
- C:\Windows\System\OfTcOxO.exe
  C:\Windows\System\OfTcOxO.exe
  2⤵
  PID:5528
- C:\Windows\System\VyUchaD.exe
  C:\Windows\System\VyUchaD.exe
  2⤵
  PID:5684
- C:\Windows\System\OEmSVao.exe
  C:\Windows\System\OEmSVao.exe
  2⤵
  PID:5908
- C:\Windows\System\tpwZDlp.exe
  C:\Windows\System\tpwZDlp.exe
  2⤵
  PID:2152
- C:\Windows\System\TfjiRSJ.exe
  C:\Windows\System\TfjiRSJ.exe
  2⤵
  PID:1040
- C:\Windows\System\ZsPbVAA.exe
  C:\Windows\System\ZsPbVAA.exe
  2⤵
  PID:5748
- C:\Windows\System\hrNPGxD.exe
  C:\Windows\System\hrNPGxD.exe
  2⤵
  PID:5924
- C:\Windows\System\mSWMLoP.exe
  C:\Windows\System\mSWMLoP.exe
  2⤵
  PID:3460
- C:\Windows\System\UlDbVFg.exe
  C:\Windows\System\UlDbVFg.exe
  2⤵
  PID:2200
- C:\Windows\System\AsxokqE.exe
  C:\Windows\System\AsxokqE.exe
  2⤵
  PID:6024
- C:\Windows\System\gMjVbfc.exe
  C:\Windows\System\gMjVbfc.exe
  2⤵
  PID:6104
- C:\Windows\System\nHLLFuB.exe
  C:\Windows\System\nHLLFuB.exe
  2⤵
  PID:6044
- C:\Windows\System\wqpifTT.exe
  C:\Windows\System\wqpifTT.exe
  2⤵
  PID:4164
- C:\Windows\System\zSmfgIf.exe
  C:\Windows\System\zSmfgIf.exe
  2⤵
  PID:5492
- C:\Windows\System\VbsjhmU.exe
  C:\Windows\System\VbsjhmU.exe
  2⤵
  PID:1556
- C:\Windows\System\NaBJeXQ.exe
  C:\Windows\System\NaBJeXQ.exe
  2⤵
  PID:2560
- C:\Windows\System\paafHgL.exe
  C:\Windows\System\paafHgL.exe
  2⤵
  PID:5384
- C:\Windows\System\wFPWWlu.exe
  C:\Windows\System\wFPWWlu.exe
  2⤵
  PID:1688
- C:\Windows\System\iFUSLAE.exe
  C:\Windows\System\iFUSLAE.exe
  2⤵
  PID:5864
- C:\Windows\System\RRQQXPt.exe
  C:\Windows\System\RRQQXPt.exe
  2⤵
  PID:668
- C:\Windows\System\WrSKoLl.exe
  C:\Windows\System\WrSKoLl.exe
  2⤵
  PID:1100
- C:\Windows\System\vxXNpao.exe
  C:\Windows\System\vxXNpao.exe
  2⤵
  PID:2216
- C:\Windows\System\bqMAKAF.exe
  C:\Windows\System\bqMAKAF.exe
  2⤵
  PID:4692
- C:\Windows\System\YUgGjwJ.exe
  C:\Windows\System\YUgGjwJ.exe
  2⤵
  PID:5148
- C:\Windows\System\OmYSZbb.exe
  C:\Windows\System\OmYSZbb.exe
  2⤵
  PID:4300
- C:\Windows\System\TBGUnTs.exe
  C:\Windows\System\TBGUnTs.exe
  2⤵
  PID:5792
- C:\Windows\System\kZixidL.exe
  C:\Windows\System\kZixidL.exe
  2⤵
  PID:4116
- C:\Windows\System\YXKjdgf.exe
  C:\Windows\System\YXKjdgf.exe
  2⤵
  PID:5668
- C:\Windows\System\GDirhtV.exe
  C:\Windows\System\GDirhtV.exe
  2⤵
  PID:6180
- C:\Windows\System\FNCHDgE.exe
  C:\Windows\System\FNCHDgE.exe
  2⤵
  PID:6200
- C:\Windows\System\seJTLwT.exe
  C:\Windows\System\seJTLwT.exe
  2⤵
  PID:6220
- C:\Windows\System\cAkFgDo.exe
  C:\Windows\System\cAkFgDo.exe
  2⤵
  PID:6236
- C:\Windows\System\XqdXxZz.exe
  C:\Windows\System\XqdXxZz.exe
  2⤵
  PID:6252
- C:\Windows\System\fGilGXN.exe
  C:\Windows\System\fGilGXN.exe
  2⤵
  PID:6272
- C:\Windows\System\aYEkylB.exe
  C:\Windows\System\aYEkylB.exe
  2⤵
  PID:6288
- C:\Windows\System\hYZnBfu.exe
  C:\Windows\System\hYZnBfu.exe
  2⤵
  PID:6304
- C:\Windows\System\AbIYRXA.exe
  C:\Windows\System\AbIYRXA.exe
  2⤵
  PID:6320
- C:\Windows\System\QKHHcRy.exe
  C:\Windows\System\QKHHcRy.exe
  2⤵
  PID:6336
- C:\Windows\System\GEYYceC.exe
  C:\Windows\System\GEYYceC.exe
  2⤵
  PID:6352
- C:\Windows\System\bJGoRXh.exe
  C:\Windows\System\bJGoRXh.exe
  2⤵
  PID:6368
- C:\Windows\System\nLmQVnC.exe
  C:\Windows\System\nLmQVnC.exe
  2⤵
  PID:6412
- C:\Windows\System\fkUHwot.exe
  C:\Windows\System\fkUHwot.exe
  2⤵
  PID:6432
- C:\Windows\System\rJqNiea.exe
  C:\Windows\System\rJqNiea.exe
  2⤵
  PID:6448
- C:\Windows\System\UTxelxF.exe
  C:\Windows\System\UTxelxF.exe
  2⤵
  PID:6464
- C:\Windows\System\zquFePM.exe
  C:\Windows\System\zquFePM.exe
  2⤵
  PID:6484
- C:\Windows\System\hABKZCs.exe
  C:\Windows\System\hABKZCs.exe
  2⤵
  PID:6504
- C:\Windows\System\LepWqOh.exe
  C:\Windows\System\LepWqOh.exe
  2⤵
  PID:6520
- C:\Windows\System\wDiRQcf.exe
  C:\Windows\System\wDiRQcf.exe
  2⤵
  PID:6544
- C:\Windows\System\RFYhrst.exe
  C:\Windows\System\RFYhrst.exe
  2⤵
  PID:6560
- C:\Windows\System\YSIqArs.exe
  C:\Windows\System\YSIqArs.exe
  2⤵
  PID:6580
- C:\Windows\System\KOpBmMU.exe
  C:\Windows\System\KOpBmMU.exe
  2⤵
  PID:6596
- C:\Windows\System\TrgWtdp.exe
  C:\Windows\System\TrgWtdp.exe
  2⤵
  PID:6612
- C:\Windows\System\HPpLLya.exe
  C:\Windows\System\HPpLLya.exe
  2⤵
  PID:6656
- C:\Windows\System\MnAxpzH.exe
  C:\Windows\System\MnAxpzH.exe
  2⤵
  PID:6676
- C:\Windows\System\PImwevd.exe
  C:\Windows\System\PImwevd.exe
  2⤵
  PID:6692
- C:\Windows\System\pUjbStn.exe
  C:\Windows\System\pUjbStn.exe
  2⤵
  PID:6708
- C:\Windows\System\iDayDlp.exe
  C:\Windows\System\iDayDlp.exe
  2⤵
  PID:6724
- C:\Windows\System\yJBJSCP.exe
  C:\Windows\System\yJBJSCP.exe
  2⤵
  PID:6744
- C:\Windows\System\TUjkrDc.exe
  C:\Windows\System\TUjkrDc.exe
  2⤵
  PID:6764
- C:\Windows\System\AbDFjYm.exe
  C:\Windows\System\AbDFjYm.exe
  2⤵
  PID:6780
- C:\Windows\System\tuMnLUT.exe
  C:\Windows\System\tuMnLUT.exe
  2⤵
  PID:6796
- C:\Windows\System\AHPHdku.exe
  C:\Windows\System\AHPHdku.exe
  2⤵
  PID:6812
- C:\Windows\System\ordjoXm.exe
  C:\Windows\System\ordjoXm.exe
  2⤵
  PID:6828
- C:\Windows\System\SihuDGw.exe
  C:\Windows\System\SihuDGw.exe
  2⤵
  PID:6844
- C:\Windows\System\uMMTphZ.exe
  C:\Windows\System\uMMTphZ.exe
  2⤵
  PID:6860
- C:\Windows\System\FyZaEza.exe
  C:\Windows\System\FyZaEza.exe
  2⤵
  PID:6876
- C:\Windows\System\AiUxlQV.exe
  C:\Windows\System\AiUxlQV.exe
  2⤵
  PID:6896
- C:\Windows\System\zZpmExK.exe
  C:\Windows\System\zZpmExK.exe
  2⤵
  PID:6916
- C:\Windows\System\BqIPuEq.exe
  C:\Windows\System\BqIPuEq.exe
  2⤵
  PID:6932
- C:\Windows\System\fWtmpJe.exe
  C:\Windows\System\fWtmpJe.exe
  2⤵
  PID:6948
- C:\Windows\System\uRkIeco.exe
  C:\Windows\System\uRkIeco.exe
  2⤵
  PID:6964
- C:\Windows\System\WqArPfi.exe
  C:\Windows\System\WqArPfi.exe
  2⤵
  PID:6988
- C:\Windows\System\CnyiIce.exe
  C:\Windows\System\CnyiIce.exe
  2⤵
  PID:7004
- C:\Windows\System\myfkYqX.exe
  C:\Windows\System\myfkYqX.exe
  2⤵
  PID:7020
- C:\Windows\System\gJERqaX.exe
  C:\Windows\System\gJERqaX.exe
  2⤵
  PID:7036
- C:\Windows\System\gcfLYkg.exe
  C:\Windows\System\gcfLYkg.exe
  2⤵
  PID:7060
- C:\Windows\System\iTUZqMq.exe
  C:\Windows\System\iTUZqMq.exe
  2⤵
  PID:7076
- C:\Windows\System\CWVBqHn.exe
  C:\Windows\System\CWVBqHn.exe
  2⤵
  PID:7092
- C:\Windows\System\WXJrUCA.exe
  C:\Windows\System\WXJrUCA.exe
  2⤵
  PID:7108
- C:\Windows\System\FnJkZeJ.exe
  C:\Windows\System\FnJkZeJ.exe
  2⤵
  PID:580
- C:\Windows\System\EYbTWPf.exe
  C:\Windows\System\EYbTWPf.exe
  2⤵
  PID:2508
- C:\Windows\System\zUFHVuu.exe
  C:\Windows\System\zUFHVuu.exe
  2⤵
  PID:4520
- C:\Windows\System\yydYlvh.exe
  C:\Windows\System\yydYlvh.exe
  2⤵
  PID:540
- C:\Windows\System\kzpqDXO.exe
  C:\Windows\System\kzpqDXO.exe
  2⤵
  PID:6164
- C:\Windows\System\jJRvlLs.exe
  C:\Windows\System\jJRvlLs.exe
  2⤵
  PID:6172
- C:\Windows\System\EdFSsXf.exe
  C:\Windows\System\EdFSsXf.exe
  2⤵
  PID:6176
- C:\Windows\System\dwhuUvx.exe
  C:\Windows\System\dwhuUvx.exe
  2⤵
  PID:6244
- C:\Windows\System\NzWFpNM.exe
  C:\Windows\System\NzWFpNM.exe
  2⤵
  PID:6196
- C:\Windows\System\vgfhvdB.exe
  C:\Windows\System\vgfhvdB.exe
  2⤵
  PID:6268
- C:\Windows\System\eBDOOnM.exe
  C:\Windows\System\eBDOOnM.exe
  2⤵
  PID:6316
- C:\Windows\System\WBWpJmP.exe
  C:\Windows\System\WBWpJmP.exe
  2⤵
  PID:6312
- C:\Windows\System\QqiLAnj.exe
  C:\Windows\System\QqiLAnj.exe
  2⤵
  PID:6400
- C:\Windows\System\OvplLbJ.exe
  C:\Windows\System\OvplLbJ.exe
  2⤵
  PID:6332
- C:\Windows\System\qMVyhqQ.exe
  C:\Windows\System\qMVyhqQ.exe
  2⤵
  PID:6632
- C:\Windows\System\DbKNBEj.exe
  C:\Windows\System\DbKNBEj.exe
  2⤵
  PID:6652
- C:\Windows\System\fqjJGAi.exe
  C:\Windows\System\fqjJGAi.exe
  2⤵
  PID:6716
- C:\Windows\System\FPlKmCO.exe
  C:\Windows\System\FPlKmCO.exe
  2⤵
  PID:6420
- C:\Windows\System\nJKubgw.exe
  C:\Windows\System\nJKubgw.exe
  2⤵
  PID:6460
- C:\Windows\System\mGibkEb.exe
  C:\Windows\System\mGibkEb.exe
  2⤵
  PID:6540
- C:\Windows\System\RObhBpd.exe
  C:\Windows\System\RObhBpd.exe
  2⤵
  PID:6668
- C:\Windows\System\kfaKJTy.exe
  C:\Windows\System\kfaKJTy.exe
  2⤵
  PID:6704
- C:\Windows\System\rFMvmDk.exe
  C:\Windows\System\rFMvmDk.exe
  2⤵
  PID:6772
- C:\Windows\System\zkxcJRD.exe
  C:\Windows\System\zkxcJRD.exe
  2⤵
  PID:6756
- C:\Windows\System\lVBkHoG.exe
  C:\Windows\System\lVBkHoG.exe
  2⤵
  PID:6792
- C:\Windows\System\tErNgVb.exe
  C:\Windows\System\tErNgVb.exe
  2⤵
  PID:6824
- C:\Windows\System\fzPtzyC.exe
  C:\Windows\System\fzPtzyC.exe
  2⤵
  PID:7028
- C:\Windows\System\KbsYFPc.exe
  C:\Windows\System\KbsYFPc.exe
  2⤵
  PID:7100
- C:\Windows\System\aTnLCPQ.exe
  C:\Windows\System\aTnLCPQ.exe
  2⤵
  PID:7016
- C:\Windows\System\EzswKgK.exe
  C:\Windows\System\EzswKgK.exe
  2⤵
  PID:7048
- C:\Windows\System\PVWHkYy.exe
  C:\Windows\System\PVWHkYy.exe
  2⤵
  PID:7120
- C:\Windows\System\bIIkoon.exe
  C:\Windows\System\bIIkoon.exe
  2⤵
  PID:7136
- C:\Windows\System\YTYbAef.exe
  C:\Windows\System\YTYbAef.exe
  2⤵
  PID:7156
- C:\Windows\System\mbepghG.exe
  C:\Windows\System\mbepghG.exe
  2⤵
  PID:1388
- C:\Windows\System\UTRuBuD.exe
  C:\Windows\System\UTRuBuD.exe
  2⤵
  PID:6912
- C:\Windows\System\gKOfWNW.exe
  C:\Windows\System\gKOfWNW.exe
  2⤵
  PID:2980
- C:\Windows\System\gReJNzc.exe
  C:\Windows\System\gReJNzc.exe
  2⤵
  PID:6260
- C:\Windows\System\nulVboC.exe
  C:\Windows\System\nulVboC.exe
  2⤵
  PID:6384
- C:\Windows\System\XGSObpf.exe
  C:\Windows\System\XGSObpf.exe
  2⤵
  PID:6012
- C:\Windows\System\FZKRtyV.exe
  C:\Windows\System\FZKRtyV.exe
  2⤵
  PID:6296
- C:\Windows\System\UuBKfHa.exe
  C:\Windows\System\UuBKfHa.exe
  2⤵
  PID:1860
- C:\Windows\System\qwPLiau.exe
  C:\Windows\System\qwPLiau.exe
  2⤵
  PID:6516
- C:\Windows\System\gOUxnIA.exe
  C:\Windows\System\gOUxnIA.exe
  2⤵
  PID:2872
- C:\Windows\System\lHZiuvn.exe
  C:\Windows\System\lHZiuvn.exe
  2⤵
  PID:6284
- C:\Windows\System\kJiQnUy.exe
  C:\Windows\System\kJiQnUy.exe
  2⤵
  PID:6444
- C:\Windows\System\KdecOej.exe
  C:\Windows\System\KdecOej.exe
  2⤵
  PID:6752
- C:\Windows\System\lgXMnNd.exe
  C:\Windows\System\lgXMnNd.exe
  2⤵
  PID:6428
- C:\Windows\System\OCPahlM.exe
  C:\Windows\System\OCPahlM.exe
  2⤵
  PID:6532
- C:\Windows\System\ZGfRyKU.exe
  C:\Windows\System\ZGfRyKU.exe
  2⤵
  PID:6700
- C:\Windows\System\QQQvcfu.exe
  C:\Windows\System\QQQvcfu.exe
  2⤵
  PID:6820
- C:\Windows\System\xAVHuUk.exe
  C:\Windows\System\xAVHuUk.exe
  2⤵
  PID:6928
- C:\Windows\System\pYyAxkT.exe
  C:\Windows\System\pYyAxkT.exe
  2⤵
  PID:6960
- C:\Windows\System\kjPdshK.exe
  C:\Windows\System\kjPdshK.exe
  2⤵
  PID:6996
- C:\Windows\System\rHjbiGq.exe
  C:\Windows\System\rHjbiGq.exe
  2⤵
  PID:6840
- C:\Windows\System\jxKHdxk.exe
  C:\Windows\System\jxKHdxk.exe
  2⤵
  PID:6984
- C:\Windows\System\wgMUJkw.exe
  C:\Windows\System\wgMUJkw.exe
  2⤵
  PID:6348
- C:\Windows\System\kyrLwVf.exe
  C:\Windows\System\kyrLwVf.exe
  2⤵
  PID:6392
- C:\Windows\System\bGZZcNp.exe
  C:\Windows\System\bGZZcNp.exe
  2⤵
  PID:6872
- C:\Windows\System\crvMevS.exe
  C:\Windows\System\crvMevS.exe
  2⤵
  PID:6216
- C:\Windows\System\qBjuGac.exe
  C:\Windows\System\qBjuGac.exe
  2⤵
  PID:6440
- C:\Windows\System\yvQnSOv.exe
  C:\Windows\System\yvQnSOv.exe
  2⤵
  PID:6648
- C:\Windows\System\bOJSHCw.exe
  C:\Windows\System\bOJSHCw.exe
  2⤵
  PID:5172
- C:\Windows\System\bFMlStw.exe
  C:\Windows\System\bFMlStw.exe
  2⤵
  PID:6408
- C:\Windows\System\EFcWyxg.exe
  C:\Windows\System\EFcWyxg.exe
  2⤵
  PID:6808
- C:\Windows\System\VttpVrg.exe
  C:\Windows\System\VttpVrg.exe
  2⤵
  PID:7068
- C:\Windows\System\mZcsNJB.exe
  C:\Windows\System\mZcsNJB.exe
  2⤵
  PID:7128
- C:\Windows\System\PMtnPVx.exe
  C:\Windows\System\PMtnPVx.exe
  2⤵
  PID:6604
- C:\Windows\System\UemLbhr.exe
  C:\Windows\System\UemLbhr.exe
  2⤵
  PID:6892
- C:\Windows\System\svzfmYK.exe
  C:\Windows\System\svzfmYK.exe
  2⤵
  PID:6972
- C:\Windows\System\iiJmRza.exe
  C:\Windows\System\iiJmRza.exe
  2⤵
  PID:6644
- C:\Windows\System\McnTgmX.exe
  C:\Windows\System\McnTgmX.exe
  2⤵
  PID:5392
- C:\Windows\System\EQHqZts.exe
  C:\Windows\System\EQHqZts.exe
  2⤵
  PID:6212
- C:\Windows\System\OGXksot.exe
  C:\Windows\System\OGXksot.exe
  2⤵
  PID:6160
- C:\Windows\System\uHydCAZ.exe
  C:\Windows\System\uHydCAZ.exe
  2⤵
  PID:7012
- C:\Windows\System\LDPUHYb.exe
  C:\Windows\System\LDPUHYb.exe
  2⤵
  PID:7000
- C:\Windows\System\YyJqUxg.exe
  C:\Windows\System\YyJqUxg.exe
  2⤵
  PID:6496
- C:\Windows\System\tgTRWeb.exe
  C:\Windows\System\tgTRWeb.exe
  2⤵
  PID:6640
- C:\Windows\System\LxnJMyV.exe
  C:\Windows\System\LxnJMyV.exe
  2⤵
  PID:6232
- C:\Windows\System\mQQZPCZ.exe
  C:\Windows\System\mQQZPCZ.exe
  2⤵
  PID:6364
- C:\Windows\System\rrAyRHm.exe
  C:\Windows\System\rrAyRHm.exe
  2⤵
  PID:7152
- C:\Windows\System\JYfCZcJ.exe
  C:\Windows\System\JYfCZcJ.exe
  2⤵
  PID:6976
- C:\Windows\System\cgReUhE.exe
  C:\Windows\System\cgReUhE.exe
  2⤵
  PID:6788
- C:\Windows\System\EShHWRm.exe
  C:\Windows\System\EShHWRm.exe
  2⤵
  PID:5692
- C:\Windows\System\kXgbDJW.exe
  C:\Windows\System\kXgbDJW.exe
  2⤵
  PID:5944
- C:\Windows\System\xlCeQEj.exe
  C:\Windows\System\xlCeQEj.exe
  2⤵
  PID:7188
- C:\Windows\System\ExCQgbc.exe
  C:\Windows\System\ExCQgbc.exe
  2⤵
  PID:7204
- C:\Windows\System\IIhkMkY.exe
  C:\Windows\System\IIhkMkY.exe
  2⤵
  PID:7220
- C:\Windows\System\Ffwnuor.exe
  C:\Windows\System\Ffwnuor.exe
  2⤵
  PID:7240
- C:\Windows\System\BxnECKg.exe
  C:\Windows\System\BxnECKg.exe
  2⤵
  PID:7260
- C:\Windows\System\FsMLoRJ.exe
  C:\Windows\System\FsMLoRJ.exe
  2⤵
  PID:7276
- C:\Windows\System\wNbCptj.exe
  C:\Windows\System\wNbCptj.exe
  2⤵
  PID:7292
- C:\Windows\System\wSaDSnI.exe
  C:\Windows\System\wSaDSnI.exe
  2⤵
  PID:7312
- C:\Windows\System\MFTClVn.exe
  C:\Windows\System\MFTClVn.exe
  2⤵
  PID:7332
- C:\Windows\System\apQVUlx.exe
  C:\Windows\System\apQVUlx.exe
  2⤵
  PID:7348
- C:\Windows\System\zHqkcxO.exe
  C:\Windows\System\zHqkcxO.exe
  2⤵
  PID:7364
- C:\Windows\System\zvYsViQ.exe
  C:\Windows\System\zvYsViQ.exe
  2⤵
  PID:7380
- C:\Windows\System\LPVKHeU.exe
  C:\Windows\System\LPVKHeU.exe
  2⤵
  PID:7400
- C:\Windows\System\aIXnqzd.exe
  C:\Windows\System\aIXnqzd.exe
  2⤵
  PID:7420
- C:\Windows\System\MTwlooz.exe
  C:\Windows\System\MTwlooz.exe
  2⤵
  PID:7440
- C:\Windows\System\UPKqTLV.exe
  C:\Windows\System\UPKqTLV.exe
  2⤵
  PID:7460
- C:\Windows\System\qCxEamy.exe
  C:\Windows\System\qCxEamy.exe
  2⤵
  PID:7488
- C:\Windows\System\AEeyvmS.exe
  C:\Windows\System\AEeyvmS.exe
  2⤵
  PID:7540
- C:\Windows\System\oikJtBM.exe
  C:\Windows\System\oikJtBM.exe
  2⤵
  PID:7560
- C:\Windows\System\wUENDAo.exe
  C:\Windows\System\wUENDAo.exe
  2⤵
  PID:7576
- C:\Windows\System\KFeGsro.exe
  C:\Windows\System\KFeGsro.exe
  2⤵
  PID:7592
- C:\Windows\System\pUoZRUc.exe
  C:\Windows\System\pUoZRUc.exe
  2⤵
  PID:7608
- C:\Windows\System\vlwQnbo.exe
  C:\Windows\System\vlwQnbo.exe
  2⤵
  PID:7624
- C:\Windows\System\eaLSatf.exe
  C:\Windows\System\eaLSatf.exe
  2⤵
  PID:7640
- C:\Windows\System\NCiOFby.exe
  C:\Windows\System\NCiOFby.exe
  2⤵
  PID:7664
- C:\Windows\System\riqggJe.exe
  C:\Windows\System\riqggJe.exe
  2⤵
  PID:7684
- C:\Windows\System\cygeBsF.exe
  C:\Windows\System\cygeBsF.exe
  2⤵
  PID:7708
- C:\Windows\System\wrKwFnN.exe
  C:\Windows\System\wrKwFnN.exe
  2⤵
  PID:7732
- C:\Windows\System\GaMYtBa.exe
  C:\Windows\System\GaMYtBa.exe
  2⤵
  PID:7756
- C:\Windows\System\ldcrYHg.exe
  C:\Windows\System\ldcrYHg.exe
  2⤵
  PID:7772
- C:\Windows\System\OgizLNK.exe
  C:\Windows\System\OgizLNK.exe
  2⤵
  PID:7788
- C:\Windows\System\RNfNaiQ.exe
  C:\Windows\System\RNfNaiQ.exe
  2⤵
  PID:7816
- C:\Windows\System\jrIjqeW.exe
  C:\Windows\System\jrIjqeW.exe
  2⤵
  PID:7832
- C:\Windows\System\vvTZgAC.exe
  C:\Windows\System\vvTZgAC.exe
  2⤵
  PID:7848
- C:\Windows\System\KACkVfx.exe
  C:\Windows\System\KACkVfx.exe
  2⤵
  PID:7864
- C:\Windows\System\aBCPfPQ.exe
  C:\Windows\System\aBCPfPQ.exe
  2⤵
  PID:7884
- C:\Windows\System\ZehwtcO.exe
  C:\Windows\System\ZehwtcO.exe
  2⤵
  PID:7916
- C:\Windows\System\GoUCFcK.exe
  C:\Windows\System\GoUCFcK.exe
  2⤵
  PID:7932
- C:\Windows\System\rNwHPct.exe
  C:\Windows\System\rNwHPct.exe
  2⤵
  PID:7956
- C:\Windows\System\LODIrhL.exe
  C:\Windows\System\LODIrhL.exe
  2⤵
  PID:7980
- C:\Windows\System\kkXeOgi.exe
  C:\Windows\System\kkXeOgi.exe
  2⤵
  PID:7996
- C:\Windows\System\eTILObb.exe
  C:\Windows\System\eTILObb.exe
  2⤵
  PID:8016
- C:\Windows\System\fduBWEq.exe
  C:\Windows\System\fduBWEq.exe
  2⤵
  PID:8044
- C:\Windows\System\HCdcetP.exe
  C:\Windows\System\HCdcetP.exe
  2⤵
  PID:8060
- C:\Windows\System\ODEnNeM.exe
  C:\Windows\System\ODEnNeM.exe
  2⤵
  PID:8084
- C:\Windows\System\HLBWyBN.exe
  C:\Windows\System\HLBWyBN.exe
  2⤵
  PID:8104
- C:\Windows\System\vXyarjA.exe
  C:\Windows\System\vXyarjA.exe
  2⤵
  PID:8120
- C:\Windows\System\yPGTeMH.exe
  C:\Windows\System\yPGTeMH.exe
  2⤵
  PID:8144
- C:\Windows\System\AILwnQG.exe
  C:\Windows\System\AILwnQG.exe
  2⤵
  PID:8160
- C:\Windows\System\xdzlknY.exe
  C:\Windows\System\xdzlknY.exe
  2⤵
  PID:8176
- C:\Windows\System\DABatzp.exe
  C:\Windows\System\DABatzp.exe
  2⤵
  PID:7196
- C:\Windows\System\jmLOMHX.exe
  C:\Windows\System\jmLOMHX.exe
  2⤵
  PID:7216
- C:\Windows\System\scgNvxb.exe
  C:\Windows\System\scgNvxb.exe
  2⤵
  PID:7300
- C:\Windows\System\oFEaiKz.exe
  C:\Windows\System\oFEaiKz.exe
  2⤵
  PID:7344
- C:\Windows\System\kTshKJR.exe
  C:\Windows\System\kTshKJR.exe
  2⤵
  PID:7412
- C:\Windows\System\XjpcYiD.exe
  C:\Windows\System\XjpcYiD.exe
  2⤵
  PID:7392
- C:\Windows\System\qvDjSdD.exe
  C:\Windows\System\qvDjSdD.exe
  2⤵
  PID:7284
- C:\Windows\System\JdhBTkc.exe
  C:\Windows\System\JdhBTkc.exe
  2⤵
  PID:7176
- C:\Windows\System\crWSCsY.exe
  C:\Windows\System\crWSCsY.exe
  2⤵
  PID:7428
- C:\Windows\System\IaNyYLC.exe
  C:\Windows\System\IaNyYLC.exe
  2⤵
  PID:7476
- C:\Windows\System\iaawMVN.exe
  C:\Windows\System\iaawMVN.exe
  2⤵
  PID:7524
- C:\Windows\System\PFRXSeX.exe
  C:\Windows\System\PFRXSeX.exe
  2⤵
  PID:7568
- C:\Windows\System\ZZpjsDg.exe
  C:\Windows\System\ZZpjsDg.exe
  2⤵
  PID:7676
- C:\Windows\System\BFlUWco.exe
  C:\Windows\System\BFlUWco.exe
  2⤵
  PID:7728
- C:\Windows\System\ymoGWyR.exe
  C:\Windows\System\ymoGWyR.exe
  2⤵
  PID:7552
- C:\Windows\System\OJHQVIi.exe
  C:\Windows\System\OJHQVIi.exe
  2⤵
  PID:7844
- C:\Windows\System\QHCivCB.exe
  C:\Windows\System\QHCivCB.exe
  2⤵
  PID:7928
- C:\Windows\System\kElqJEv.exe
  C:\Windows\System\kElqJEv.exe
  2⤵
  PID:7976
- C:\Windows\System\bgpqSrT.exe
  C:\Windows\System\bgpqSrT.exe
  2⤵
  PID:7860
- C:\Windows\System\zxZOtfh.exe
  C:\Windows\System\zxZOtfh.exe
  2⤵
  PID:8056
- C:\Windows\System\hEWvREI.exe
  C:\Windows\System\hEWvREI.exe
  2⤵
  PID:7784
- C:\Windows\System\sBHvzUy.exe
  C:\Windows\System\sBHvzUy.exe
  2⤵
  PID:7616
- C:\Windows\System\OMRpqPV.exe
  C:\Windows\System\OMRpqPV.exe
  2⤵
  PID:8024
- C:\Windows\System\RJVhdrW.exe
  C:\Windows\System\RJVhdrW.exe
  2⤵
  PID:7660
- C:\Windows\System\etWcQTT.exe
  C:\Windows\System\etWcQTT.exe
  2⤵
  PID:7704
- C:\Windows\System\opVABYd.exe
  C:\Windows\System\opVABYd.exe
  2⤵
  PID:8128
- C:\Windows\System\sfenssX.exe
  C:\Windows\System\sfenssX.exe
  2⤵
  PID:7900
- C:\Windows\System\EOLBNsB.exe
  C:\Windows\System\EOLBNsB.exe
  2⤵
  PID:8168
- C:\Windows\System\sNQomul.exe
  C:\Windows\System\sNQomul.exe
  2⤵
  PID:8080
- C:\Windows\System\mgWfgox.exe
  C:\Windows\System\mgWfgox.exe
  2⤵
  PID:8116
- C:\Windows\System\lZVmKgA.exe
  C:\Windows\System\lZVmKgA.exe
  2⤵
  PID:6576
- C:\Windows\System\CgJuRti.exe
  C:\Windows\System\CgJuRti.exe
  2⤵
  PID:6684
- C:\Windows\System\ASewQUb.exe
  C:\Windows\System\ASewQUb.exe
  2⤵
  PID:7340
- C:\Windows\System\IZHNovb.exe
  C:\Windows\System\IZHNovb.exe
  2⤵
  PID:7324
- C:\Windows\System\acXoCVL.exe
  C:\Windows\System\acXoCVL.exe
  2⤵
  PID:7436
- C:\Windows\System\KJcNBRl.exe
  C:\Windows\System\KJcNBRl.exe
  2⤵
  PID:7496
- C:\Windows\System\WGWayqd.exe
  C:\Windows\System\WGWayqd.exe
  2⤵
  PID:7376
- C:\Windows\System\pNsbKBN.exe
  C:\Windows\System\pNsbKBN.exe
  2⤵
  PID:7636
- C:\Windows\System\HcUcXiJ.exe
  C:\Windows\System\HcUcXiJ.exe
  2⤵
  PID:7632
- C:\Windows\System\hpcMdPl.exe
  C:\Windows\System\hpcMdPl.exe
  2⤵
  PID:7840
- C:\Windows\System\uwItFpi.exe
  C:\Windows\System\uwItFpi.exe
  2⤵
  PID:7880
- C:\Windows\System\XyHmvpO.exe
  C:\Windows\System\XyHmvpO.exe
  2⤵
  PID:7652
- C:\Windows\System\taNxoVC.exe
  C:\Windows\System\taNxoVC.exe
  2⤵
  PID:7828
- C:\Windows\System\tSUJdlk.exe
  C:\Windows\System\tSUJdlk.exe
  2⤵
  PID:8100
- C:\Windows\System\YKpGeGA.exe
  C:\Windows\System\YKpGeGA.exe
  2⤵
  PID:7748
- C:\Windows\System\fPAuDyK.exe
  C:\Windows\System\fPAuDyK.exe
  2⤵
  PID:7892
- C:\Windows\System\uKeZXKu.exe
  C:\Windows\System\uKeZXKu.exe
  2⤵
  PID:8140
- C:\Windows\System\OIufpSt.exe
  C:\Windows\System\OIufpSt.exe
  2⤵
  PID:7692
- C:\Windows\System\LjPHqSv.exe
  C:\Windows\System\LjPHqSv.exe
  2⤵
  PID:7180
- C:\Windows\System\pFNpnXA.exe
  C:\Windows\System\pFNpnXA.exe
  2⤵
  PID:8188
- C:\Windows\System\ZVLHzaH.exe
  C:\Windows\System\ZVLHzaH.exe
  2⤵
  PID:7232
- C:\Windows\System\ozGwuFN.exe
  C:\Windows\System\ozGwuFN.exe
  2⤵
  PID:6156
- C:\Windows\System\bqvNKtT.exe
  C:\Windows\System\bqvNKtT.exe
  2⤵
  PID:7468
- C:\Windows\System\HsOvQFs.exe
  C:\Windows\System\HsOvQFs.exe
  2⤵
  PID:7452
- C:\Windows\System\HbrJRuN.exe
  C:\Windows\System\HbrJRuN.exe
  2⤵
  PID:7672
- C:\Windows\System\ZPgTZNo.exe
  C:\Windows\System\ZPgTZNo.exe
  2⤵
  PID:7768
- C:\Windows\System\VBsjOKi.exe
  C:\Windows\System\VBsjOKi.exe
  2⤵
  PID:7968
- C:\Windows\System\WFklRpG.exe
  C:\Windows\System\WFklRpG.exe
  2⤵
  PID:8008
- C:\Windows\System\rqbClPC.exe
  C:\Windows\System\rqbClPC.exe
  2⤵
  PID:8152
- C:\Windows\System\ThyhvWK.exe
  C:\Windows\System\ThyhvWK.exe
  2⤵
  PID:8072
- C:\Windows\System\IwRcuBO.exe
  C:\Windows\System\IwRcuBO.exe
  2⤵
  PID:7212
- C:\Windows\System\xQCzWuA.exe
  C:\Windows\System\xQCzWuA.exe
  2⤵
  PID:7520
- C:\Windows\System\hQcLexe.exe
  C:\Windows\System\hQcLexe.exe
  2⤵
  PID:8156
- C:\Windows\System\laDzund.exe
  C:\Windows\System\laDzund.exe
  2⤵
  PID:7940
- C:\Windows\System\cEeKLeh.exe
  C:\Windows\System\cEeKLeh.exe
  2⤵
  PID:7184
- C:\Windows\System\TSFZGai.exe
  C:\Windows\System\TSFZGai.exe
  2⤵
  PID:7896
- C:\Windows\System\qfRbHwb.exe
  C:\Windows\System\qfRbHwb.exe
  2⤵
  PID:7272
- C:\Windows\System\VUTAOyW.exe
  C:\Windows\System\VUTAOyW.exe
  2⤵
  PID:7780
- C:\Windows\System\SpGUAef.exe
  C:\Windows\System\SpGUAef.exe
  2⤵
  PID:7604
- C:\Windows\System\GQoHYlk.exe
  C:\Windows\System\GQoHYlk.exe
  2⤵
  PID:7952
- C:\Windows\System\clPcpJG.exe
  C:\Windows\System\clPcpJG.exe
  2⤵
  PID:7548
- C:\Windows\System\vzCwFDe.exe
  C:\Windows\System\vzCwFDe.exe
  2⤵
  PID:7972
- C:\Windows\System\yzAAikQ.exe
  C:\Windows\System\yzAAikQ.exe
  2⤵
  PID:7320
- C:\Windows\System\WKipyTQ.exe
  C:\Windows\System\WKipyTQ.exe
  2⤵
  PID:8076
- C:\Windows\System\ZABjsNc.exe
  C:\Windows\System\ZABjsNc.exe
  2⤵
  PID:7720
- C:\Windows\System\kWYqBlX.exe
  C:\Windows\System\kWYqBlX.exe
  2⤵
  PID:8212
- C:\Windows\System\zjSylwh.exe
  C:\Windows\System\zjSylwh.exe
  2⤵
  PID:8232
- C:\Windows\System\NTObyBK.exe
  C:\Windows\System\NTObyBK.exe
  2⤵
  PID:8248
- C:\Windows\System\bWyBeZy.exe
  C:\Windows\System\bWyBeZy.exe
  2⤵
  PID:8272
- C:\Windows\System\QkOXhgT.exe
  C:\Windows\System\QkOXhgT.exe
  2⤵
  PID:8288
- C:\Windows\System\PCuaTXI.exe
  C:\Windows\System\PCuaTXI.exe
  2⤵
  PID:8316
- C:\Windows\System\TivrSEm.exe
  C:\Windows\System\TivrSEm.exe
  2⤵
  PID:8336
- C:\Windows\System\ccmKOxo.exe
  C:\Windows\System\ccmKOxo.exe
  2⤵
  PID:8364
- C:\Windows\System\AWxOWjj.exe
  C:\Windows\System\AWxOWjj.exe
  2⤵
  PID:8380
- C:\Windows\System\TyOmrPA.exe
  C:\Windows\System\TyOmrPA.exe
  2⤵
  PID:8396
- C:\Windows\System\fBctoQp.exe
  C:\Windows\System\fBctoQp.exe
  2⤵
  PID:8420
- C:\Windows\System\tjoSvOM.exe
  C:\Windows\System\tjoSvOM.exe
  2⤵
  PID:8436
- C:\Windows\System\IAcdFhg.exe
  C:\Windows\System\IAcdFhg.exe
  2⤵
  PID:8460
- C:\Windows\System\AKmEZwy.exe
  C:\Windows\System\AKmEZwy.exe
  2⤵
  PID:8480
- C:\Windows\System\uVsfHtm.exe
  C:\Windows\System\uVsfHtm.exe
  2⤵
  PID:8504
- C:\Windows\System\cnXAdYw.exe
  C:\Windows\System\cnXAdYw.exe
  2⤵
  PID:8520
- C:\Windows\System\VYERcvb.exe
  C:\Windows\System\VYERcvb.exe
  2⤵
  PID:8540
- C:\Windows\System\KxCmWQf.exe
  C:\Windows\System\KxCmWQf.exe
  2⤵
  PID:8560
- C:\Windows\System\vdmkCXn.exe
  C:\Windows\System\vdmkCXn.exe
  2⤵
  PID:8584
- C:\Windows\System\FSnXdjh.exe
  C:\Windows\System\FSnXdjh.exe
  2⤵
  PID:8600
- C:\Windows\System\QGtWiDV.exe
  C:\Windows\System\QGtWiDV.exe
  2⤵
  PID:8624
- C:\Windows\System\CbPBMoz.exe
  C:\Windows\System\CbPBMoz.exe
  2⤵
  PID:8644
- C:\Windows\System\NEPLHhx.exe
  C:\Windows\System\NEPLHhx.exe
  2⤵
  PID:8664
- C:\Windows\System\NPrKMNf.exe
  C:\Windows\System\NPrKMNf.exe
  2⤵
  PID:8684
- C:\Windows\System\eiwymYX.exe
  C:\Windows\System\eiwymYX.exe
  2⤵
  PID:8700
- C:\Windows\System\uFJLkeV.exe
  C:\Windows\System\uFJLkeV.exe
  2⤵
  PID:8724
- C:\Windows\System\TNJxzsV.exe
  C:\Windows\System\TNJxzsV.exe
  2⤵
  PID:8744
- C:\Windows\System\hxokXWs.exe
  C:\Windows\System\hxokXWs.exe
  2⤵
  PID:8764
- C:\Windows\System\HWvOgGz.exe
  C:\Windows\System\HWvOgGz.exe
  2⤵
  PID:8788
- C:\Windows\System\LSHShVy.exe
  C:\Windows\System\LSHShVy.exe
  2⤵
  PID:8808
- C:\Windows\System\vMyCcnL.exe
  C:\Windows\System\vMyCcnL.exe
  2⤵
  PID:8828
- C:\Windows\System\ovaboYX.exe
  C:\Windows\System\ovaboYX.exe
  2⤵
  PID:8848
- C:\Windows\System\wzXUmWx.exe
  C:\Windows\System\wzXUmWx.exe
  2⤵
  PID:8864
- C:\Windows\System\WHFFwwd.exe
  C:\Windows\System\WHFFwwd.exe
  2⤵
  PID:8888
- C:\Windows\System\UJxRpIN.exe
  C:\Windows\System\UJxRpIN.exe
  2⤵
  PID:8904
- C:\Windows\System\xyFVDvR.exe
  C:\Windows\System\xyFVDvR.exe
  2⤵
  PID:8928
- C:\Windows\System\ngJgspB.exe
  C:\Windows\System\ngJgspB.exe
  2⤵
  PID:8948
- C:\Windows\System\rWeXMEn.exe
  C:\Windows\System\rWeXMEn.exe
  2⤵
  PID:8964
- C:\Windows\System\JrimOuT.exe
  C:\Windows\System\JrimOuT.exe
  2⤵
  PID:8980
- C:\Windows\System\gCAGCOh.exe
  C:\Windows\System\gCAGCOh.exe
  2⤵
  PID:9000
- C:\Windows\System\ACAnPZd.exe
  C:\Windows\System\ACAnPZd.exe
  2⤵
  PID:9028
- C:\Windows\System\ftkKQut.exe
  C:\Windows\System\ftkKQut.exe
  2⤵
  PID:9044
- C:\Windows\System\KNFnCYC.exe
  C:\Windows\System\KNFnCYC.exe
  2⤵
  PID:9060
- C:\Windows\System\eYVCvVy.exe
  C:\Windows\System\eYVCvVy.exe
  2⤵
  PID:9084
- C:\Windows\System\MoWDeTa.exe
  C:\Windows\System\MoWDeTa.exe
  2⤵
  PID:9100
- C:\Windows\System\nJdCwiM.exe
  C:\Windows\System\nJdCwiM.exe
  2⤵
  PID:9116
- C:\Windows\System\qFIlKpw.exe
  C:\Windows\System\qFIlKpw.exe
  2⤵
  PID:9132
- C:\Windows\System\CkuCfHR.exe
  C:\Windows\System\CkuCfHR.exe
  2⤵
  PID:9148
- C:\Windows\System\hASREGx.exe
  C:\Windows\System\hASREGx.exe
  2⤵
  PID:9164
- C:\Windows\System\lfypkoA.exe
  C:\Windows\System\lfypkoA.exe
  2⤵
  PID:9180
- C:\Windows\System\IhJueKr.exe
  C:\Windows\System\IhJueKr.exe
  2⤵
  PID:9200
- C:\Windows\System\jjzZcut.exe
  C:\Windows\System\jjzZcut.exe
  2⤵
  PID:8204
- C:\Windows\System\WdAPSAW.exe
  C:\Windows\System\WdAPSAW.exe
  2⤵
  PID:8284
- C:\Windows\System\AtHnJUa.exe
  C:\Windows\System\AtHnJUa.exe
  2⤵
  PID:8296
- C:\Windows\System\MgBPztQ.exe
  C:\Windows\System\MgBPztQ.exe
  2⤵
  PID:7812
- C:\Windows\System\azZWQhA.exe
  C:\Windows\System\azZWQhA.exe
  2⤵
  PID:8312
- C:\Windows\System\AXQnDMn.exe
  C:\Windows\System\AXQnDMn.exe
  2⤵
  PID:8412
- C:\Windows\System\keyHRUl.exe
  C:\Windows\System\keyHRUl.exe
  2⤵
  PID:8444
- C:\Windows\System\DqvsRej.exe
  C:\Windows\System\DqvsRej.exe
  2⤵
  PID:8352
- C:\Windows\System\HIaQGoJ.exe
  C:\Windows\System\HIaQGoJ.exe
  2⤵
  PID:8468
- C:\Windows\System\CbMmyRA.exe
  C:\Windows\System\CbMmyRA.exe
  2⤵
  PID:8516
- C:\Windows\System\VHivubT.exe
  C:\Windows\System\VHivubT.exe
  2⤵
  PID:8568
- C:\Windows\System\UYavuTj.exe
  C:\Windows\System\UYavuTj.exe
  2⤵
  PID:8592
- C:\Windows\System\nWfotvg.exe
  C:\Windows\System\nWfotvg.exe
  2⤵
  PID:8640
- C:\Windows\System\MzvNtzd.exe
  C:\Windows\System\MzvNtzd.exe
  2⤵
  PID:8660
- C:\Windows\System\OWhEwOi.exe
  C:\Windows\System\OWhEwOi.exe
  2⤵
  PID:8692
- C:\Windows\System\Dtyqqkj.exe
  C:\Windows\System\Dtyqqkj.exe
  2⤵
  PID:8720
- C:\Windows\System\hYvnBoj.exe
  C:\Windows\System\hYvnBoj.exe
  2⤵
  PID:8752
- C:\Windows\System\iAbuoEQ.exe
  C:\Windows\System\iAbuoEQ.exe
  2⤵
  PID:8780
- C:\Windows\System\UJRuTON.exe
  C:\Windows\System\UJRuTON.exe
  2⤵
  PID:8816
- C:\Windows\System\HLHcmfx.exe
  C:\Windows\System\HLHcmfx.exe
  2⤵
  PID:8856
- C:\Windows\System\QZDqHqD.exe
  C:\Windows\System\QZDqHqD.exe
  2⤵
  PID:8896
- C:\Windows\System\EPIEIeW.exe
  C:\Windows\System\EPIEIeW.exe
  2⤵
  PID:8936
- C:\Windows\System\yKPhFrT.exe
  C:\Windows\System\yKPhFrT.exe
  2⤵
  PID:8956
- C:\Windows\System\FctQGGC.exe
  C:\Windows\System\FctQGGC.exe
  2⤵
  PID:9008
- C:\Windows\System\VjFvuoB.exe
  C:\Windows\System\VjFvuoB.exe
  2⤵
  PID:9016
- C:\Windows\System\oMNYbGJ.exe
  C:\Windows\System\oMNYbGJ.exe
  2⤵
  PID:9092
- C:\Windows\System\tNWpObn.exe
  C:\Windows\System\tNWpObn.exe
  2⤵
  PID:9156
- C:\Windows\System\ULFdcQq.exe
  C:\Windows\System\ULFdcQq.exe
  2⤵
  PID:9196
- C:\Windows\System\GonXLDq.exe
  C:\Windows\System\GonXLDq.exe
  2⤵
  PID:8220
- C:\Windows\System\gvkyEAv.exe
  C:\Windows\System\gvkyEAv.exe
  2⤵
  PID:9076
- C:\Windows\System\zDyvpXF.exe
  C:\Windows\System\zDyvpXF.exe
  2⤵
  PID:9176
- C:\Windows\System\vmlnREL.exe
  C:\Windows\System\vmlnREL.exe
  2⤵
  PID:9144
- C:\Windows\System\dyLnrSi.exe
  C:\Windows\System\dyLnrSi.exe
  2⤵
  PID:9208
- C:\Windows\System\PiPYNGU.exe
  C:\Windows\System\PiPYNGU.exe
  2⤵
  PID:7944
- C:\Windows\System\vTrWsmB.exe
  C:\Windows\System\vTrWsmB.exe
  2⤵
  PID:8496
- C:\Windows\System\KKWcVEz.exe
  C:\Windows\System\KKWcVEz.exe
  2⤵
  PID:8428
- C:\Windows\System\OqjJDQa.exe
  C:\Windows\System\OqjJDQa.exe
  2⤵
  PID:8548
- C:\Windows\System\cPczLha.exe
  C:\Windows\System\cPczLha.exe
  2⤵
  PID:8576
- C:\Windows\System\bjWcQRA.exe
  C:\Windows\System\bjWcQRA.exe
  2⤵
  PID:8392
- C:\Windows\System\vgxMIwW.exe
  C:\Windows\System\vgxMIwW.exe
  2⤵
  PID:8712
- C:\Windows\System\EYpwxZz.exe
  C:\Windows\System\EYpwxZz.exe
  2⤵
  PID:8844
- C:\Windows\System\KFMgqNl.exe
  C:\Windows\System\KFMgqNl.exe
  2⤵
  PID:7044
- C:\Windows\System\isfbqiT.exe
  C:\Windows\System\isfbqiT.exe
  2⤵
  PID:8804
- C:\Windows\System\nLWSklf.exe
  C:\Windows\System\nLWSklf.exe
  2⤵
  PID:8988
- C:\Windows\System\Njamdha.exe
  C:\Windows\System\Njamdha.exe
  2⤵
  PID:9036
- C:\Windows\System\RQKNkAw.exe
  C:\Windows\System\RQKNkAw.exe
  2⤵
  PID:8992
- C:\Windows\System\ZZvbltZ.exe
  C:\Windows\System\ZZvbltZ.exe
  2⤵
  PID:8996
- C:\Windows\System\fzlhIdH.exe
  C:\Windows\System\fzlhIdH.exe
  2⤵
  PID:9124
- C:\Windows\System\eBbZxwA.exe
  C:\Windows\System\eBbZxwA.exe
  2⤵
  PID:8224
- C:\Windows\System\EhfVaTL.exe
  C:\Windows\System\EhfVaTL.exe
  2⤵
  PID:8376
- C:\Windows\System\uSWIvcl.exe
  C:\Windows\System\uSWIvcl.exe
  2⤵
  PID:9212
- C:\Windows\System\NnZuseW.exe
  C:\Windows\System\NnZuseW.exe
  2⤵
  PID:8492
- C:\Windows\System\ViRrdwg.exe
  C:\Windows\System\ViRrdwg.exe
  2⤵
  PID:8580
- C:\Windows\System\wxanyyH.exe
  C:\Windows\System\wxanyyH.exe
  2⤵
  PID:8532
- C:\Windows\System\gaXiBgT.exe
  C:\Windows\System\gaXiBgT.exe
  2⤵
  PID:8680
- C:\Windows\System\neDIJhZ.exe
  C:\Windows\System\neDIJhZ.exe
  2⤵
  PID:8776
- C:\Windows\System\KvlynMM.exe
  C:\Windows\System\KvlynMM.exe
  2⤵
  PID:8784
- C:\Windows\System\FEdRRsf.exe
  C:\Windows\System\FEdRRsf.exe
  2⤵
  PID:8976
- C:\Windows\System\ixXSZAb.exe
  C:\Windows\System\ixXSZAb.exe
  2⤵
  PID:8940
- C:\Windows\System\nIhxmdX.exe
  C:\Windows\System\nIhxmdX.exe
  2⤵
  PID:9096
- C:\Windows\System\kqcPVQy.exe
  C:\Windows\System\kqcPVQy.exe
  2⤵
  PID:8404
- C:\Windows\System\eCBHWAx.exe
  C:\Windows\System\eCBHWAx.exe
  2⤵
  PID:9080
- C:\Windows\System\kwtqsmK.exe
  C:\Windows\System\kwtqsmK.exe
  2⤵
  PID:8656
- C:\Windows\System\RKohTss.exe
  C:\Windows\System\RKohTss.exe
  2⤵
  PID:8916
- C:\Windows\System\eTYrpLM.exe
  C:\Windows\System\eTYrpLM.exe
  2⤵
  PID:8872
- C:\Windows\System\TyrPsYX.exe
  C:\Windows\System\TyrPsYX.exe
  2⤵
  PID:8300
- C:\Windows\System\KtrSHnB.exe
  C:\Windows\System\KtrSHnB.exe
  2⤵
  PID:8280
- C:\Windows\System\BVSwmAO.exe
  C:\Windows\System\BVSwmAO.exe
  2⤵
  PID:8924
- C:\Windows\System\NmtSNBP.exe
  C:\Windows\System\NmtSNBP.exe
  2⤵
  PID:8616
- C:\Windows\System\WuKDNQt.exe
  C:\Windows\System\WuKDNQt.exe
  2⤵
  PID:9112
- C:\Windows\System\bwkxQhS.exe
  C:\Windows\System\bwkxQhS.exe
  2⤵
  PID:8244
- C:\Windows\System\fPRZnqr.exe
  C:\Windows\System\fPRZnqr.exe
  2⤵
  PID:8348
- C:\Windows\System\GuOnKwn.exe
  C:\Windows\System\GuOnKwn.exe
  2⤵
  PID:8500
- C:\Windows\System\JJAnhQS.exe
  C:\Windows\System\JJAnhQS.exe
  2⤵
  PID:8040
- C:\Windows\System\UHDLHXW.exe
  C:\Windows\System\UHDLHXW.exe
  2⤵
  PID:9228
- C:\Windows\System\StPMlHp.exe
  C:\Windows\System\StPMlHp.exe
  2⤵
  PID:9260
- C:\Windows\System\XhBZWPx.exe
  C:\Windows\System\XhBZWPx.exe
  2⤵
  PID:9284
- C:\Windows\System\iMGuxqd.exe
  C:\Windows\System\iMGuxqd.exe
  2⤵
  PID:9300
- C:\Windows\System\FcWBSnT.exe
  C:\Windows\System\FcWBSnT.exe
  2⤵
  PID:9324
- C:\Windows\System\gXejnWZ.exe
  C:\Windows\System\gXejnWZ.exe
  2⤵
  PID:9340
- C:\Windows\System\frdkqnQ.exe
  C:\Windows\System\frdkqnQ.exe
  2⤵
  PID:9364
- C:\Windows\System\WPBoVVd.exe
  C:\Windows\System\WPBoVVd.exe
  2⤵
  PID:9380
- C:\Windows\System\cUxkQHb.exe
  C:\Windows\System\cUxkQHb.exe
  2⤵
  PID:9400
- C:\Windows\System\rGxwtLY.exe
  C:\Windows\System\rGxwtLY.exe
  2⤵
  PID:9424
- C:\Windows\System\yxMfkpA.exe
  C:\Windows\System\yxMfkpA.exe
  2⤵
  PID:9444
- C:\Windows\System\rUMHHaC.exe
  C:\Windows\System\rUMHHaC.exe
  2⤵
  PID:9464
- C:\Windows\System\hwnfFaX.exe
  C:\Windows\System\hwnfFaX.exe
  2⤵
  PID:9484
- C:\Windows\System\mnZwdmA.exe
  C:\Windows\System\mnZwdmA.exe
  2⤵
  PID:9500
- C:\Windows\System\xtQHrTf.exe
  C:\Windows\System\xtQHrTf.exe
  2⤵
  PID:9520
- C:\Windows\System\pLXCowK.exe
  C:\Windows\System\pLXCowK.exe
  2⤵
  PID:9544
- C:\Windows\System\UXJkFsB.exe
  C:\Windows\System\UXJkFsB.exe
  2⤵
  PID:9564
- C:\Windows\System\nrwuTqi.exe
  C:\Windows\System\nrwuTqi.exe
  2⤵
  PID:9584
- C:\Windows\System\fkzaxnq.exe
  C:\Windows\System\fkzaxnq.exe
  2⤵
  PID:9604
- C:\Windows\System\apLMYfU.exe
  C:\Windows\System\apLMYfU.exe
  2⤵
  PID:9624
- C:\Windows\System\iDLSHCP.exe
  C:\Windows\System\iDLSHCP.exe
  2⤵
  PID:9644
- C:\Windows\System\ubMbwLF.exe
  C:\Windows\System\ubMbwLF.exe
  2⤵
  PID:9668
- C:\Windows\System\dfVmLVn.exe
  C:\Windows\System\dfVmLVn.exe
  2⤵
  PID:9684
- C:\Windows\System\yEjBzUn.exe
  C:\Windows\System\yEjBzUn.exe
  2⤵
  PID:9700
- C:\Windows\System\HTXRBvx.exe
  C:\Windows\System\HTXRBvx.exe
  2⤵
  PID:9724
- C:\Windows\System\TpCdand.exe
  C:\Windows\System\TpCdand.exe
  2⤵
  PID:9748
- C:\Windows\System\ShnmnAq.exe
  C:\Windows\System\ShnmnAq.exe
  2⤵
  PID:9764
- C:\Windows\System\ZELmBwb.exe
  C:\Windows\System\ZELmBwb.exe
  2⤵
  PID:9780
- C:\Windows\System\EPlsuQL.exe
  C:\Windows\System\EPlsuQL.exe
  2⤵
  PID:9804
- C:\Windows\System\KDlkaXR.exe
  C:\Windows\System\KDlkaXR.exe
  2⤵
  PID:9824
- C:\Windows\System\QgMuDNZ.exe
  C:\Windows\System\QgMuDNZ.exe
  2⤵
  PID:9840
- C:\Windows\System\KuLoroj.exe
  C:\Windows\System\KuLoroj.exe
  2⤵
  PID:9872
- C:\Windows\System\QqSSvuR.exe
  C:\Windows\System\QqSSvuR.exe
  2⤵
  PID:9892
- C:\Windows\System\AFshWXP.exe
  C:\Windows\System\AFshWXP.exe
  2⤵
  PID:9908
- C:\Windows\System\kUaWvoS.exe
  C:\Windows\System\kUaWvoS.exe
  2⤵
  PID:9932
- C:\Windows\System\oeoiDpZ.exe
  C:\Windows\System\oeoiDpZ.exe
  2⤵
  PID:9948
- C:\Windows\System\JSHvQnK.exe
  C:\Windows\System\JSHvQnK.exe
  2⤵
  PID:9964
- C:\Windows\System\RtBCLjh.exe
  C:\Windows\System\RtBCLjh.exe
  2⤵
  PID:9984
- C:\Windows\System\CaiwqFb.exe
  C:\Windows\System\CaiwqFb.exe
  2⤵
  PID:10000
- C:\Windows\System\BtyoOaS.exe
  C:\Windows\System\BtyoOaS.exe
  2⤵
  PID:10024
- C:\Windows\System\LFFySek.exe
  C:\Windows\System\LFFySek.exe
  2⤵
  PID:10040
- C:\Windows\System\SVyqUyA.exe
  C:\Windows\System\SVyqUyA.exe
  2⤵
  PID:10060
- C:\Windows\System\RCZRBUG.exe
  C:\Windows\System\RCZRBUG.exe
  2⤵
  PID:10080
- C:\Windows\System\lwfgFeP.exe
  C:\Windows\System\lwfgFeP.exe
  2⤵
  PID:10112
- C:\Windows\System\pFnywtY.exe
  C:\Windows\System\pFnywtY.exe
  2⤵
  PID:10132
- C:\Windows\System\CMVXgAn.exe
  C:\Windows\System\CMVXgAn.exe
  2⤵
  PID:10148
- C:\Windows\System\HlaeGeR.exe
  C:\Windows\System\HlaeGeR.exe
  2⤵
  PID:10168
- C:\Windows\System\uueaHSb.exe
  C:\Windows\System\uueaHSb.exe
  2⤵
  PID:10192
- C:\Windows\System\dBjrgUg.exe
  C:\Windows\System\dBjrgUg.exe
  2⤵
  PID:10208
- C:\Windows\System\kFljBBE.exe
  C:\Windows\System\kFljBBE.exe
  2⤵
  PID:10228
- C:\Windows\System\YNBRfgp.exe
  C:\Windows\System\YNBRfgp.exe
  2⤵
  PID:8944
- C:\Windows\System\VotZxkj.exe
  C:\Windows\System\VotZxkj.exe
  2⤵
  PID:9024
- C:\Windows\System\ibZZbxH.exe
  C:\Windows\System\ibZZbxH.exe
  2⤵
  PID:9256
- C:\Windows\System\BzHlEYS.exe
  C:\Windows\System\BzHlEYS.exe
  2⤵
  PID:9272
- C:\Windows\System\hJiPJUy.exe
  C:\Windows\System\hJiPJUy.exe
  2⤵
  PID:9308
- C:\Windows\System\cdXilpD.exe
  C:\Windows\System\cdXilpD.exe
  2⤵
  PID:9336
- C:\Windows\System\TuzpXlZ.exe
  C:\Windows\System\TuzpXlZ.exe
  2⤵
  PID:9356
- C:\Windows\System\fjdEsTj.exe
  C:\Windows\System\fjdEsTj.exe
  2⤵
  PID:9408
- C:\Windows\System\OJUPnmE.exe
  C:\Windows\System\OJUPnmE.exe
  2⤵
  PID:9452
- C:\Windows\System\eFDlrKN.exe
  C:\Windows\System\eFDlrKN.exe
  2⤵
  PID:9496
- C:\Windows\System\XxwPivz.exe
  C:\Windows\System\XxwPivz.exe
  2⤵
  PID:9536
- C:\Windows\System\FdfIdbU.exe
  C:\Windows\System\FdfIdbU.exe
  2⤵
  PID:9556
- C:\Windows\System\GasBwQJ.exe
  C:\Windows\System\GasBwQJ.exe
  2⤵
  PID:9580
- C:\Windows\System\htZXrTE.exe
  C:\Windows\System\htZXrTE.exe
  2⤵
  PID:9640
- C:\Windows\System\FwvFFWw.exe
  C:\Windows\System\FwvFFWw.exe
  2⤵
  PID:9660
- C:\Windows\System\ufCEGYi.exe
  C:\Windows\System\ufCEGYi.exe
  2⤵
  PID:9696
- C:\Windows\System\irPwgRk.exe
  C:\Windows\System\irPwgRk.exe
  2⤵
  PID:9732
- C:\Windows\System\XCUwOED.exe
  C:\Windows\System\XCUwOED.exe
  2⤵
  PID:9772
- C:\Windows\System\NDgdTlD.exe
  C:\Windows\System\NDgdTlD.exe
  2⤵
  PID:9788
- C:\Windows\System\TOeABNQ.exe
  C:\Windows\System\TOeABNQ.exe
  2⤵
  PID:9820
- C:\Windows\System\HlJxDKo.exe
  C:\Windows\System\HlJxDKo.exe
  2⤵
  PID:9856
- C:\Windows\System\ukdBJaN.exe
  C:\Windows\System\ukdBJaN.exe
  2⤵
  PID:9884
- C:\Windows\System\zkXylqX.exe
  C:\Windows\System\zkXylqX.exe
  2⤵
  PID:9940
- C:\Windows\System\EDAvTfi.exe
  C:\Windows\System\EDAvTfi.exe
  2⤵
  PID:10008
- C:\Windows\System\PRMGzCq.exe
  C:\Windows\System\PRMGzCq.exe
  2⤵
  PID:10052
- C:\Windows\System\sRLCKxB.exe
  C:\Windows\System\sRLCKxB.exe
  2⤵
  PID:9996
- C:\Windows\System\JYPUMCy.exe
  C:\Windows\System\JYPUMCy.exe
  2⤵
  PID:10032
- C:\Windows\System\tnZxFIs.exe
  C:\Windows\System\tnZxFIs.exe
  2⤵
  PID:10076
- C:\Windows\System\WKgOUOY.exe
  C:\Windows\System\WKgOUOY.exe
  2⤵
  PID:10140
- C:\Windows\System\SszDLiu.exe
  C:\Windows\System\SszDLiu.exe
  2⤵
  PID:10156
- C:\Windows\System\WlHDfjx.exe
  C:\Windows\System\WlHDfjx.exe
  2⤵
  PID:10216
- C:\Windows\System\qVMKRoB.exe
  C:\Windows\System\qVMKRoB.exe
  2⤵
  PID:8732
- C:\Windows\System\LBPXkyE.exe
  C:\Windows\System\LBPXkyE.exe
  2⤵
  PID:9224
- C:\Windows\System\nvCLpIr.exe
  C:\Windows\System\nvCLpIr.exe
  2⤵
  PID:9276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALbhEST.exe

Filesize
6.0MB

MD5
981ac4a0dfc02b41453974b9d3dbb1db

SHA1
584efd617ceb999a615930d5f3fe29f7aad52285

SHA256
005df803e5e3236db6d291d75b452f106782c94628ed0133d8dc76386c71c268

SHA512
4fdf457f21419a850444c56890151d60b5c70d0ae840655d6df4881d1d6f52ef5b3d7e1cab8ee2955f6b85476e0b09e3458eb6d87e5684aa181ca7643b6497e3

Download Submit
C:\Windows\system\ECFZZee.exe

Filesize
6.0MB

MD5
854aa5be56e9acb55efd4c8196fe90a7

SHA1
41cf45eae8d65b10be665866981f00d10dcb6bb1

SHA256
4575aeeeed47883c092b389e7ad1584937f322c598c7e706b6b3fa8eb672466e

SHA512
e0a262a24d5f44ba91703d61d835ea381905361ee2f2819dee86f9628f5cb320991e082dc125a0b5e2c542f95a1b9ec426d87b382eb867cafa550f75b760a2a3

Download Submit
C:\Windows\system\NJgsTAF.exe

Filesize
6.0MB

MD5
d9724ae602d20c9d81b92c7187501173

SHA1
ad9d4fab0708ce364059cff6779db64ca6a9af46

SHA256
4cf73b88ce97df38e6ae2efa265499d848fe139f3ab793363cfe7d929308b66e

SHA512
894fc0bf1dfaec0c747345ce49e0a3242ece98ab27898eaf1fe8770999ff9540f8def98681c78a2e7d62e5f805735da2ea160e49dfddc32e4f88b2ea51c5f90b

Download Submit
C:\Windows\system\OrtReGo.exe

Filesize
6.0MB

MD5
03638056ce61e7a9955474c3d5fb3a36

SHA1
f74d69cbd4131b9dffe1708774d59779a4925b4c

SHA256
01b944282dd6d55cef520182df1f25157e7b600fcd5e59b3ab5ba388aa717c0a

SHA512
4e3c9a05a6a2e100d3f02e7f1ed7e2c965bcfd71f6da3ddc73a1560f6aa8077cd05b2bb5033764c062bc4c6b9d9ac81dc17eb235762a02e6bd7bb6f7802d3b5d

Download Submit
C:\Windows\system\OtsxVJD.exe

Filesize
6.0MB

MD5
608f6d7e74470c6c583a89bd3cb21563

SHA1
45f45cd36ee0bc5442d56120abd71bb463ea349f

SHA256
a832d100253b2aa0d161dd3b7cc87a521ca18645fb3acf9025c1b66cb082bc0e

SHA512
2a0582b1da3aa8849893d45d6b2e076a08c917450913e507d1270a5d7e9621be7db30b72163704f46337f2d822017134f64c03efc2d505a1ec650f667de25edf

Download Submit
C:\Windows\system\OyXUSCo.exe

Filesize
6.0MB

MD5
a3aac8a5b725742a4c350900cc773c4c

SHA1
5cfeb5ee2d360d32e9dabe1bfe1198c20e184bb7

SHA256
7a32ec2d24f1af70c5082b6915b5277462c2be77bad4c8e6508b24ad52818161

SHA512
9d6d616457b3cba06791e6d47755a2869117e3621151e643372969d610d32073009f82ab434bab004a29b662becaa29082df8fa3a8a02f4f512f466945fc977e

Download Submit
C:\Windows\system\QAhjyQx.exe

Filesize
6.0MB

MD5
483804f876465ee59ed23dc6c03a7f6a

SHA1
a36d90c8253d8050fa57c9471ea0a28fd5e37d65

SHA256
3572b58d01b448350db6fe775f3818cb9af455afcd0c5a3756e8d06b03429931

SHA512
00b4ffa8d96cdadfb324fa4f68cac660c3aea4df709da5b5b1164f43abc8d04575c01d48e72c1f73cd5246e39dd9d68e25f0cd125088a215db77729d47adf1e5

Download Submit
C:\Windows\system\RBZPeJI.exe

Filesize
6.0MB

MD5
b4d88eda6fe9381c6c391e7f94946a5b

SHA1
05dbedd3080cc52fab35d3f805c7794a5cfc2065

SHA256
0e23ec4684739959a7ed44e01f3929bec520a6a669997569e7761d1e37f5f8b8

SHA512
6c3bc1c39c1ee5987be075028792d80415500155ee80d3df5e891bf3dc035ea0e5680bd1908eedf98afeb1f756d93da678d66eeaa0511832998c3a90681c96e0

Download Submit
C:\Windows\system\RpznpOK.exe

Filesize
6.0MB

MD5
a6bf3852064060494a4768b88534dab7

SHA1
2c0f3a19e53d575421d8cd69fff7d426932a0262

SHA256
52991f39e65e31c999cd15cc0030831574c0476ab46b77daea9fdc336efc0600

SHA512
08ef6d2013a857f1ebde3db610973f31eab73ef146c3a993779ca66de6e3d80bd54dacbb1715c1c240fc8e5d9833d4244c4f50a9f9eb6caf45b4b8e2f0769158

Download Submit
C:\Windows\system\UPcmNND.exe

Filesize
6.0MB

MD5
20d6878ba101d529ebb03e8168c91a39

SHA1
2e44f679d0f79b96837363157c2605d17375f8e9

SHA256
0bd66836b5d134365d98bb06e2fab3ac07ee4db6d2fb50e23b22382f1af80b30

SHA512
7eb651f8399a18231ff03f43d02f34d25ab5198897a385ccdab0540765bfb1746ffe3c304756fdf8ebdd1d7948f3dfa9fa8bea45adf98709b619ed61f1d76e6c

Download Submit
C:\Windows\system\XahBdRM.exe

Filesize
6.0MB

MD5
d196fc34d34746f0a0c6cbc1e17dd507

SHA1
f906c58c7d65336adb41afaf52e6ff3be7638430

SHA256
e8cee66f2911eb6a6666858689f14ff3b2538805d9f0891de4f3e90d418bd1bb

SHA512
ad03d6b79373565494df63d2a493e6f2b60d172617be66f802568e96d6f6f0ea738845174121aa08ca910b06b3aff3a66aac7142c84ff210094a8ea1baf21223

Download Submit
C:\Windows\system\XnrWFrG.exe

Filesize
6.0MB

MD5
f829a7b8ff1bfd60c39f52d27beb0cf2

SHA1
23a4cd840d23f630165227461911b82e258eb531

SHA256
745821bb72236c5e60fb6ac0b85ceb08d4161bcd944b6a1a8eaa181dc7276408

SHA512
13fb0bb68c916d42821dd9620d3eacee1398dd6e128e2e013b82a9b69ddb7576b7df536728bc3870ada8726d8f7a4ff181d20cf3086b1f3e106de4c2b96a4d5f

Download Submit
C:\Windows\system\XpOzabi.exe

Filesize
6.0MB

MD5
dc7539b7d6a2eda0d84ddda0a8977a76

SHA1
d728e00d97904f0676a5ee864f447f2ba2522dfb

SHA256
0755e60bbea46087732fcd1cd47088448adc61712010dd246bb32723b822c4c6

SHA512
5dbae5fb4afb318b356407e103446b16df41dec7b2ebf83e47b7758a498a1de0276521db528c958037db240816c923911788ef0193563e48da5d66f25a4601a3

Download Submit
C:\Windows\system\XzoRxtq.exe

Filesize
6.0MB

MD5
1ea7de292910012673d0376b5b8ddf9f

SHA1
2eb08fa716a9468aa28c3ffdde419f1deb33d6d6

SHA256
2a3214e5f1763267b913cf3ff0b3588bd6165f917414bf62b4a41eb4fdd38320

SHA512
35321b64e9318af403461f145702e4b2c5c19d6d0fbd43e9fd10a8c38bee1a333303cb611db7ef6c5db2e26a3aebdff9482856927389032d20cd57de0057c793

Download Submit
C:\Windows\system\bKbwxBs.exe

Filesize
6.0MB

MD5
81eb97ac0cd21a4ef34c97ce27f53f7d

SHA1
3a5e562f3e41238515e5a333c67678c164541414

SHA256
e101d05c839eae13e915f39c644203f7516c5c762bb45ea544ba17d56bc4526c

SHA512
8c60bbaa728234fd3102f326ed1880b2bdd77bffcf81b07b8cec39aaff0beb27899e054aa3f147cc20625f30f00dfbdeb1a09f12ae7eed126e1aec24e8a7048b

Download Submit
C:\Windows\system\jLYeKqs.exe

Filesize
6.0MB

MD5
ec5ac67c394dbe3925d74349e49bb808

SHA1
3eb6be4e30571792beca7cdf5a4de042eb315137

SHA256
628e5ec996e2bc03f2410a20ac2228ace4c1e99582f624837d4b670708f660c1

SHA512
e81ed62676031887e0fd3e40a732633a3b9283cae0a20f91f31b33db699cae059f2cf79f7d38ac29bfc3f8399ef3923c15114552578c9adb62baa70e9fe12bce

Download Submit
C:\Windows\system\jcJRRfx.exe

Filesize
6.0MB

MD5
5bdb8a61b6092ef3eb11afbf9a3ad0c6

SHA1
08b53ec933d01577ef733f154aaab2f2f5125930

SHA256
5a3788f290498fe4dd43fcd8921125759ee8e6298bdf22f7b071b91843ef6257

SHA512
f1fb34fe7edd625f3a70823dcd8ec586590232fc735fbf23dabac3dadf7a28142d419dae9d5d8f6adbb865bc429ec71b0a38e3f9f6bda459c2280790bae1a752

Download Submit
C:\Windows\system\kZSlUbP.exe

Filesize
6.0MB

MD5
f6eb8939f29a680cf0f0f26962d53e60

SHA1
fb25cc2806cf7323b6112386db47d0cf5cfc33e5

SHA256
72787eb09e393a6d0cca6835df5118a63ad1dd44ab7c6e14e36fe3739c9a6378

SHA512
9f6edf35a36b1f8e30fe4f277718ea97757d9b921f1457e34d2189cd0222d9961b9489f67fa634e7ae6db6d7ace55f32a75c12d51dce6f7d70ffc61682358bac

Download Submit
C:\Windows\system\kemrbdm.exe

Filesize
6.0MB

MD5
ceed3d149e991f049c76e0cdbd8b8a82

SHA1
5035546ed5886cacb2b010b6e8b373e784bfc4db

SHA256
388445fa7fca2535c91a49ab71b2957468c95f069310575da434c74194ff6aa7

SHA512
3d848398e3f50e909e30ea9d184a2450b87e7b379fb44938110d61d205f4a958206b50d682c6e81f3440fc7c07fdc35a4f22e2420f0f9e260abc2825a15c8b24

Download Submit
C:\Windows\system\lKmzBnR.exe

Filesize
6.0MB

MD5
1d44a669129da110f93f94db8b6b507b

SHA1
f46f71c33d7460400f32bad8c8cb3ebe6038f369

SHA256
4588a12e52589d76b290f2d14d148ba5989c67a7d71cffffd617a00aea42e8e0

SHA512
47193543028eb4e29d3117803fb0b9f10306386323127707ee67e40f61b21fe6dc149d66db5e5c00290518c7c6dcf45894014bbcff46f4747ff840a2f3878231

Download Submit
C:\Windows\system\lttDGHi.exe

Filesize
6.0MB

MD5
daf406c5bea27d17679b31f727c1e405

SHA1
b6e722b2eadd7d97ede3e382ed15b41ac4a0e09b

SHA256
c92e2e327c6f36b0f7bf03c59dc348cf6a28864c2e64452d4c8182c7db0b74ed

SHA512
5619949ef38b5958ed536ee9c192aa3192692500a277544803d270b4c6e935b79c0dedb7ac83178239030b54011d0eb11f0c038ead4256f871fdff3d38af7811

Download Submit
C:\Windows\system\muRpSaX.exe

Filesize
6.0MB

MD5
085664bfc9e6ffd2f8a4ec7a5502e51b

SHA1
03f5bd4fb92bae7cc483d7eb6727991c793fc0d9

SHA256
949b5763f21bdf0533bf30e05b0a8006a504ca56380caaca77573543941d7991

SHA512
18402ac42431a6000142483a49485348da34489435149b450943eeb712cee4c86fa0c3b2638b36bd1b6a1c8d15a4bae87d1cc9e5202dcbe07f773029b1bc1fde

Download Submit
C:\Windows\system\nOQkuZe.exe

Filesize
6.0MB

MD5
f94bece8a7cc8c28bf071c3ba8227469

SHA1
0b7ca19fc310e2b98b1b73039c83611295d632a2

SHA256
c57a007bd8d61f127acdc22a5bb066517ec94d90a67258a9baf95a745619c32f

SHA512
9b1d5130c193ac39966410f2317daba498facb38a5a838f2c3a9c9e95dc92df41433733e8f9eb768d31a4e43348505ec354bf4da2dbb9f6c879f7c4bf80f25b4

Download Submit
C:\Windows\system\sOmnRah.exe

Filesize
6.0MB

MD5
c72f2c57bf5bd36247207f2e1d16146f

SHA1
fd8554e0bf728b56ed609134ce88d07d54546a87

SHA256
ca08d8ca4e74396de2a1e4c483f9238c02de683bb63b0b7bda876f0b9227e05a

SHA512
b1f107ebb870b72ba00b695d3702197b8d9fd46133b994ab792313d2eb04d7602dcccf3aad3aea99c7478be01b5caeffd9fd5b9102f99dcc60e013bb45b68934

Download Submit
C:\Windows\system\twNgayj.exe

Filesize
6.0MB

MD5
4e39a05d1b003047213a3ff9e50e7066

SHA1
53f02a9406c3462462cb5d0ad07031ae1051fc1b

SHA256
8b94d80debb60e6e6672205d4acf987c451bc4eb9261279baf0b7f2cc8766fa1

SHA512
428a11b0085926ed668bc13e8aa77f03d534cd3cb6c14176821143afb85a1541a0cbaec9e758b301f5cf2039712167c952f3320ac17746a1650ed9c0104e5799

Download Submit
C:\Windows\system\vJnWpcH.exe

Filesize
6.0MB

MD5
977b97a004f4d1583a8282e7eb22bead

SHA1
05df06e45aeea47ea3aab8ce7f33d520e713a627

SHA256
aef9c1a35e570a46586e0706cf8035f75d00d621727e1652213d302623263406

SHA512
38e2fc2dadcba5330ebeebbfac723cfcd0cf45fcc5d8bf1eff8573bd7901f75d1dce2b2c7fee4053091a4d4295b5537ffa3af638ed340ce45159965a8c1e02a3

Download Submit
C:\Windows\system\yDHQTBw.exe

Filesize
6.0MB

MD5
4af2b8d14e54d6e12bc5283544711eb3

SHA1
8e79fe7edb0fe42459bf6baedba3b844871b080a

SHA256
fd7eec80dbccc774a285de423189db63950f168156fa7430efd5eb8dcc9bc4b8

SHA512
ef6bc402521536d7e0878fdc38bb7f598e62eae521dea5f65649b514f69c0bdc2649f1364e4e78abfe53a68515fcedc5ed556134266bce790c3fd1bf0bc367fc

Download Submit
\Windows\system\JuBIuRN.exe

Filesize
6.0MB

MD5
5e07d6d8e54f1fbc980ec2ba0aa7da7e

SHA1
8436ff9fab1483146d52b61aad0439600c42f42c

SHA256
f42cceb843b92786efc73ad25a515476e70c678d1c5d6209eebac8cb18525173

SHA512
4b3d8a6bbffe2cded8585e15aa9c8cd27e0794952ca13452a4449d302fa573ea90fcfa33898dd88d9753500e45a76ae1ef4399ecdc67f03e65dc05aaa77f6977

Download Submit
\Windows\system\QNwESMc.exe

Filesize
6.0MB

MD5
7fa75629c13f0985a4199084251cfcf0

SHA1
576e3fd0de33eeae9a50985b31ccaaa00caa7b1c

SHA256
b6b6daac4567e834b74e7a4b751b46cf834149c917198770cf7e159c3807adca

SHA512
ca3d22dee08127d722c46a7b4e8ca457dc94f115249c03d48bcfde008599c5f716885d22d47e954c219e1a4677f7fe54fae38de8e042768d7d44bc4f182b20c3

Download Submit
\Windows\system\YRLJjgc.exe

Filesize
6.0MB

MD5
499e1a0b013eaa967132afbf42b1ed08

SHA1
9ee295c86c022ba602dca60aa0c54fab86e23164

SHA256
1949f95182a028bd97540378d52d1ea407876491ad2c315b6b8cd5bef8c5cbe6

SHA512
5b0b56e1b84a9c1b384aed9d7700e403e370a0a0f27d7fb4adb9b2496dab56ecbaf80f671712c1ed096050a399dd5b00c52cd8c6fd4908f5b06c3e7e6c475755

Download Submit
\Windows\system\cPTYzLc.exe

Filesize
6.0MB

MD5
355f431bf9027d0ebda3c319bb820c49

SHA1
0196cb07b586a0c4ba4227b37300bb0b57fdc3e1

SHA256
f6a0fd0a62a7f389416cb723ffec205a6ebdd53b5b86cb1c3c3c17314891eb14

SHA512
ad357bb30ab5fc4610a097f588b601b84966d14616c6e4f20f7fe32fe3217f76ee13a6bda4ecf0a5c34da9ecfc0dff9a47f682508f07515d9c975e7bd5a0cd52

Download Submit
\Windows\system\suFrkJq.exe

Filesize
6.0MB

MD5
f6e538c91912fa5538a270ecaa36fd7d

SHA1
d03762bf4a9de0042f85ae92ba39db6ce05f2985

SHA256
c71b2cb64489b759e17045585e7db5fb15b54dd938bcd99b405a017239d1fded

SHA512
95970b5ae86005d6c4ee2f3a75317fd3d9cfae59ba0c0f0d159a21a0f6edd725e547f57eebdcad289c8ce5d280841b0c3508204edace7a94435cd7c95344b687

Download Submit
memory/712-106-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/712-1080-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/712-3992-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-3990-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-95-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-785-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-30-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1984-683-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-98-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1984-52-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-783-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-22-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-973-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-34-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-99-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-100-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1984-37-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1984-48-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-67-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-974-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-782-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-6-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1984-14-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1984-42-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1984-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-78-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-101-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-105-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-104-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-103-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-102-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1996-40-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1996-3674-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3993-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2356-71-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2360-514-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3957-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2360-41-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2480-3676-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2480-15-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2504-20-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3741-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-63-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3726-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-107-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-26-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-307-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-35-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3991-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3969-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2736-82-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-87-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3975-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-784-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3981-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2968-93-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download