cobaltstrike | f560a4c7559b6f98366b56f448297615ea82c4c684a281f26e5a02080bb906e6

Analysis

max time kernel
150s
max time network
27s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31/01/2025, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

82f4a4f8b08108dacc39fee251a84987
SHA1

d6c5cce530d21c8e828a280dff6f14a73688c2ea
SHA256

f560a4c7559b6f98366b56f448297615ea82c4c684a281f26e5a02080bb906e6
SHA512

4eda9d27cb8daf8d3d901286f9d86122a892cd59d5cc2a3880fc33b57a5c9be69ac84551c3f1932fee3079300d7bd9d0845e592c19379825b2e70c4752e4a41e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00100000000122f3-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccc-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-66.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ef-57.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d2c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/816-0-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00100000000122f3-6.dat	xmrig
behavioral1/files/0x0008000000016ce9-8.dat	xmrig
behavioral1/files/0x0007000000016d0c-21.dat	xmrig
behavioral1/files/0x0007000000016d1c-31.dat	xmrig
behavioral1/memory/2884-36-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2956-46-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ccc-39.dat	xmrig
behavioral1/files/0x000500000001957c-82.dat	xmrig
behavioral1/memory/3036-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-108.dat	xmrig
behavioral1/files/0x00050000000195b1-127.dat	xmrig
behavioral1/files/0x00050000000195b5-137.dat	xmrig
behavioral1/files/0x00050000000195b7-141.dat	xmrig
behavioral1/files/0x00050000000195bb-147.dat	xmrig
behavioral1/files/0x00050000000195c1-158.dat	xmrig
behavioral1/files/0x00050000000195c3-162.dat	xmrig
behavioral1/files/0x000500000001960c-183.dat	xmrig
behavioral1/memory/1136-371-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/816-370-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2148-1776-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3000-1783-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2652-1784-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1628-1752-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/3036-438-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2844-311-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2780-310-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/816-309-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-189.dat	xmrig
behavioral1/files/0x0005000000019761-193.dat	xmrig
behavioral1/files/0x0005000000019643-187.dat	xmrig
behavioral1/memory/2832-175-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-173.dat	xmrig
behavioral1/files/0x00050000000195c7-178.dat	xmrig
behavioral1/files/0x00050000000195c5-168.dat	xmrig
behavioral1/files/0x00050000000195bd-152.dat	xmrig
behavioral1/memory/580-144-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-131.dat	xmrig
behavioral1/files/0x00050000000195ad-105.dat	xmrig
behavioral1/files/0x00050000000195ab-101.dat	xmrig
behavioral1/files/0x00050000000195a7-89.dat	xmrig
behavioral1/files/0x00050000000195a9-94.dat	xmrig
behavioral1/memory/1136-86-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2884-84-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2844-79-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2780-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-76.dat	xmrig
behavioral1/files/0x000500000001950f-75.dat	xmrig
behavioral1/memory/1384-54-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/816-69-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2832-68-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/580-67-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-66.dat	xmrig
behavioral1/files/0x00060000000194ef-57.dat	xmrig
behavioral1/files/0x0002000000018334-52.dat	xmrig
behavioral1/memory/2940-47-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d2c-45.dat	xmrig
behavioral1/memory/1628-29-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/3000-28-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2148-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2652-25-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf0-15.dat	xmrig
behavioral1/memory/2832-1817-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2844-1838-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1628	XPownXU.exe
2652	csINSbd.exe
2148	XyOWNFY.exe
3000	UAJKhFE.exe
2884	jWHMjAB.exe
2956	xFapacn.exe
2940	kpvQGHr.exe
1384	JNXQUzM.exe
580	dAPuCrp.exe
2832	agvqIXX.exe
2780	qDqhxuD.exe
2844	aBIuztk.exe
1136	wwMlMDV.exe
3036	CroFYFF.exe
1692	gYsmzkl.exe
932	pPgtYab.exe
584	PlkbqTY.exe
2684	eRYdwkD.exe
2140	tHdgETc.exe
1764	gpApRif.exe
1676	IdBcFhQ.exe
1132	pCpOPSl.exe
1600	AcyQlPS.exe
2400	ZThiDQY.exe
1640	sONwaxa.exe
2008	hhDoCuk.exe
1672	bVuDflg.exe
1960	HnzqAiA.exe
1504	gftspFj.exe
2496	RmhtTRj.exe
1048	wUXpyCP.exe
1972	sqfCPvq.exe
2144	NcLdwjP.exe
1108	rmzCWSD.exe
1664	nQXLexN.exe
756	BFSBGzy.exe
2068	wQaeuWT.exe
1632	KSKmDyr.exe
2332	kCVWwbI.exe
2680	BLWcglO.exe
2748	rCZDjRQ.exe
1756	CBwNeon.exe
1836	WWIsKRr.exe
1088	KDfXRfT.exe
1592	xKYIgLY.exe
1072	FcFxAfz.exe
2276	vbgubwY.exe
1564	PdgjEpd.exe
2584	JKapapr.exe
2212	wyNCPHb.exe
2536	szBOEgd.exe
2976	nAzBedw.exe
2852	vRGEsVl.exe
1044	oJjoEKZ.exe
1208	PXNtWha.exe
1832	sHpYTMr.exe
2372	qqIYrJf.exe
1516	hSnZBrg.exe
2864	RCwZXbT.exe
2224	dUVPNIL.exe
1908	CaAAFMU.exe
2724	bzzHBYS.exe
2908	EuswjNu.exe
2988	WGKzXYF.exe

Loads dropped DLL 64 IoCs

pid	Process
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/816-0-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00100000000122f3-6.dat	upx
behavioral1/files/0x0008000000016ce9-8.dat	upx
behavioral1/files/0x0007000000016d0c-21.dat	upx
behavioral1/files/0x0007000000016d1c-31.dat	upx
behavioral1/memory/2884-36-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2956-46-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0009000000016ccc-39.dat	upx
behavioral1/files/0x000500000001957c-82.dat	upx
behavioral1/memory/3036-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x00050000000195af-108.dat	upx
behavioral1/files/0x00050000000195b1-127.dat	upx
behavioral1/files/0x00050000000195b5-137.dat	upx
behavioral1/files/0x00050000000195b7-141.dat	upx
behavioral1/files/0x00050000000195bb-147.dat	upx
behavioral1/files/0x00050000000195c1-158.dat	upx
behavioral1/files/0x00050000000195c3-162.dat	upx
behavioral1/files/0x000500000001960c-183.dat	upx
behavioral1/memory/1136-371-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2148-1776-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/3000-1783-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2652-1784-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1628-1752-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/3036-438-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2844-311-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2780-310-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-189.dat	upx
behavioral1/files/0x0005000000019761-193.dat	upx
behavioral1/files/0x0005000000019643-187.dat	upx
behavioral1/memory/2832-175-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-173.dat	upx
behavioral1/files/0x00050000000195c7-178.dat	upx
behavioral1/files/0x00050000000195c5-168.dat	upx
behavioral1/files/0x00050000000195bd-152.dat	upx
behavioral1/memory/580-144-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-131.dat	upx
behavioral1/files/0x00050000000195ad-105.dat	upx
behavioral1/files/0x00050000000195ab-101.dat	upx
behavioral1/files/0x00050000000195a7-89.dat	upx
behavioral1/files/0x00050000000195a9-94.dat	upx
behavioral1/memory/1136-86-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2884-84-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2844-79-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2780-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0005000000019547-76.dat	upx
behavioral1/files/0x000500000001950f-75.dat	upx
behavioral1/memory/1384-54-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/816-69-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2832-68-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/580-67-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0005000000019515-66.dat	upx
behavioral1/files/0x00060000000194ef-57.dat	upx
behavioral1/files/0x0002000000018334-52.dat	upx
behavioral1/memory/2940-47-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0009000000016d2c-45.dat	upx
behavioral1/memory/1628-29-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/3000-28-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2148-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2652-25-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000016cf0-15.dat	upx
behavioral1/memory/2832-1817-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2844-1838-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2956-1839-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2780-1837-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GdpDMCT.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\besIAny.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIfjLJZ.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbfEcOR.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGjjaZN.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoqPIWk.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYBTiwY.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGxwjfD.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utHgoTF.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmgnhYi.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOytwAd.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWujNwo.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKLAQld.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dskIOUy.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abuOlAB.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYACXqB.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goEDXDA.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjzYDyU.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PalIfuu.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyqgsuU.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcmbhQy.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHdgETc.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNAHyGF.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzvYhIl.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StHOifH.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvfWyyh.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcLdwjP.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWIsKRr.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHSRbmC.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBwNeon.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtiRtPH.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsJjyxN.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adJKFNU.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzXsWkY.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiwUPXy.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPZPcUJ.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzBcgPG.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmJDtVd.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiMsLlg.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIuEMKh.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFapacn.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCZKsDS.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDlOGcL.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXSNwIN.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtkDzey.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fINeMBN.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ozbdzfq.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvfCGek.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhUHVKE.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClCtbOf.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIovfIy.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWSogXw.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSMdoBN.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFVKOXv.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfNgVLm.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUHCfdE.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymSWOFr.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsNxyRD.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEaMBJD.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skZGXAE.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJppOcX.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLbSNRU.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBwvtOF.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tthItUh.exe	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 1628	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 816 wrote to memory of 1628	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 816 wrote to memory of 1628	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 816 wrote to memory of 2652	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 816 wrote to memory of 2652	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 816 wrote to memory of 2652	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 816 wrote to memory of 2148	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 816 wrote to memory of 2148	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 816 wrote to memory of 2148	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 816 wrote to memory of 3000	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 816 wrote to memory of 3000	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 816 wrote to memory of 3000	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 816 wrote to memory of 2884	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 816 wrote to memory of 2884	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 816 wrote to memory of 2884	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 816 wrote to memory of 2956	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 816 wrote to memory of 2956	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 816 wrote to memory of 2956	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 816 wrote to memory of 2940	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 816 wrote to memory of 2940	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 816 wrote to memory of 2940	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 816 wrote to memory of 1384	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 816 wrote to memory of 1384	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 816 wrote to memory of 1384	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 816 wrote to memory of 580	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 816 wrote to memory of 580	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 816 wrote to memory of 580	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 816 wrote to memory of 2780	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 816 wrote to memory of 2780	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 816 wrote to memory of 2780	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 816 wrote to memory of 2832	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 816 wrote to memory of 2832	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 816 wrote to memory of 2832	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 816 wrote to memory of 2844	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 816 wrote to memory of 2844	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 816 wrote to memory of 2844	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 816 wrote to memory of 1136	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 816 wrote to memory of 1136	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 816 wrote to memory of 1136	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 816 wrote to memory of 3036	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 816 wrote to memory of 3036	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 816 wrote to memory of 3036	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 816 wrote to memory of 1692	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 816 wrote to memory of 1692	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 816 wrote to memory of 1692	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 816 wrote to memory of 932	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 816 wrote to memory of 932	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 816 wrote to memory of 932	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 816 wrote to memory of 584	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 816 wrote to memory of 584	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 816 wrote to memory of 584	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 816 wrote to memory of 2684	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 816 wrote to memory of 2684	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 816 wrote to memory of 2684	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 816 wrote to memory of 2140	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 816 wrote to memory of 2140	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 816 wrote to memory of 2140	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 816 wrote to memory of 1764	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 816 wrote to memory of 1764	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 816 wrote to memory of 1764	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 816 wrote to memory of 1676	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 816 wrote to memory of 1676	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 816 wrote to memory of 1676	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 816 wrote to memory of 1132	816	2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_82f4a4f8b08108dacc39fee251a84987_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:816
- C:\Windows\System\XPownXU.exe
  C:\Windows\System\XPownXU.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\csINSbd.exe
  C:\Windows\System\csINSbd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XyOWNFY.exe
  C:\Windows\System\XyOWNFY.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\UAJKhFE.exe
  C:\Windows\System\UAJKhFE.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\jWHMjAB.exe
  C:\Windows\System\jWHMjAB.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\xFapacn.exe
  C:\Windows\System\xFapacn.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\kpvQGHr.exe
  C:\Windows\System\kpvQGHr.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\JNXQUzM.exe
  C:\Windows\System\JNXQUzM.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\dAPuCrp.exe
  C:\Windows\System\dAPuCrp.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\qDqhxuD.exe
  C:\Windows\System\qDqhxuD.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\agvqIXX.exe
  C:\Windows\System\agvqIXX.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\aBIuztk.exe
  C:\Windows\System\aBIuztk.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\wwMlMDV.exe
  C:\Windows\System\wwMlMDV.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\CroFYFF.exe
  C:\Windows\System\CroFYFF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\gYsmzkl.exe
  C:\Windows\System\gYsmzkl.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\pPgtYab.exe
  C:\Windows\System\pPgtYab.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\PlkbqTY.exe
  C:\Windows\System\PlkbqTY.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\eRYdwkD.exe
  C:\Windows\System\eRYdwkD.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\tHdgETc.exe
  C:\Windows\System\tHdgETc.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\gpApRif.exe
  C:\Windows\System\gpApRif.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IdBcFhQ.exe
  C:\Windows\System\IdBcFhQ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\pCpOPSl.exe
  C:\Windows\System\pCpOPSl.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\AcyQlPS.exe
  C:\Windows\System\AcyQlPS.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ZThiDQY.exe
  C:\Windows\System\ZThiDQY.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\sONwaxa.exe
  C:\Windows\System\sONwaxa.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\hhDoCuk.exe
  C:\Windows\System\hhDoCuk.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\bVuDflg.exe
  C:\Windows\System\bVuDflg.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\HnzqAiA.exe
  C:\Windows\System\HnzqAiA.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\gftspFj.exe
  C:\Windows\System\gftspFj.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\RmhtTRj.exe
  C:\Windows\System\RmhtTRj.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\wUXpyCP.exe
  C:\Windows\System\wUXpyCP.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\NcLdwjP.exe
  C:\Windows\System\NcLdwjP.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\sqfCPvq.exe
  C:\Windows\System\sqfCPvq.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\BFSBGzy.exe
  C:\Windows\System\BFSBGzy.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\rmzCWSD.exe
  C:\Windows\System\rmzCWSD.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\wQaeuWT.exe
  C:\Windows\System\wQaeuWT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\nQXLexN.exe
  C:\Windows\System\nQXLexN.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\KSKmDyr.exe
  C:\Windows\System\KSKmDyr.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\kCVWwbI.exe
  C:\Windows\System\kCVWwbI.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CBwNeon.exe
  C:\Windows\System\CBwNeon.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\BLWcglO.exe
  C:\Windows\System\BLWcglO.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xKYIgLY.exe
  C:\Windows\System\xKYIgLY.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\rCZDjRQ.exe
  C:\Windows\System\rCZDjRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\JKapapr.exe
  C:\Windows\System\JKapapr.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WWIsKRr.exe
  C:\Windows\System\WWIsKRr.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\szBOEgd.exe
  C:\Windows\System\szBOEgd.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\KDfXRfT.exe
  C:\Windows\System\KDfXRfT.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\hSnZBrg.exe
  C:\Windows\System\hSnZBrg.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\FcFxAfz.exe
  C:\Windows\System\FcFxAfz.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\RCwZXbT.exe
  C:\Windows\System\RCwZXbT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\vbgubwY.exe
  C:\Windows\System\vbgubwY.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\CaAAFMU.exe
  C:\Windows\System\CaAAFMU.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\PdgjEpd.exe
  C:\Windows\System\PdgjEpd.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\bzzHBYS.exe
  C:\Windows\System\bzzHBYS.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wyNCPHb.exe
  C:\Windows\System\wyNCPHb.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\EuswjNu.exe
  C:\Windows\System\EuswjNu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\nAzBedw.exe
  C:\Windows\System\nAzBedw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\WGKzXYF.exe
  C:\Windows\System\WGKzXYF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\vRGEsVl.exe
  C:\Windows\System\vRGEsVl.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\gWZjhQI.exe
  C:\Windows\System\gWZjhQI.exe
  2⤵
  PID:2968
- C:\Windows\System\oJjoEKZ.exe
  C:\Windows\System\oJjoEKZ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OjnDoMD.exe
  C:\Windows\System\OjnDoMD.exe
  2⤵
  PID:1744
- C:\Windows\System\PXNtWha.exe
  C:\Windows\System\PXNtWha.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\MCZKsDS.exe
  C:\Windows\System\MCZKsDS.exe
  2⤵
  PID:1180
- C:\Windows\System\sHpYTMr.exe
  C:\Windows\System\sHpYTMr.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\vDozMBO.exe
  C:\Windows\System\vDozMBO.exe
  2⤵
  PID:2120
- C:\Windows\System\qqIYrJf.exe
  C:\Windows\System\qqIYrJf.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\MiNFLXU.exe
  C:\Windows\System\MiNFLXU.exe
  2⤵
  PID:2436
- C:\Windows\System\dUVPNIL.exe
  C:\Windows\System\dUVPNIL.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\NpAAERf.exe
  C:\Windows\System\NpAAERf.exe
  2⤵
  PID:2376
- C:\Windows\System\LAVbNar.exe
  C:\Windows\System\LAVbNar.exe
  2⤵
  PID:1124
- C:\Windows\System\ZLbrCnf.exe
  C:\Windows\System\ZLbrCnf.exe
  2⤵
  PID:1616
- C:\Windows\System\KEIvHED.exe
  C:\Windows\System\KEIvHED.exe
  2⤵
  PID:2124
- C:\Windows\System\SCJnoXR.exe
  C:\Windows\System\SCJnoXR.exe
  2⤵
  PID:792
- C:\Windows\System\XUZHIyI.exe
  C:\Windows\System\XUZHIyI.exe
  2⤵
  PID:876
- C:\Windows\System\skSfILI.exe
  C:\Windows\System\skSfILI.exe
  2⤵
  PID:2700
- C:\Windows\System\oBwvtOF.exe
  C:\Windows\System\oBwvtOF.exe
  2⤵
  PID:2188
- C:\Windows\System\uXpRCVq.exe
  C:\Windows\System\uXpRCVq.exe
  2⤵
  PID:2052
- C:\Windows\System\ymMZVFK.exe
  C:\Windows\System\ymMZVFK.exe
  2⤵
  PID:436
- C:\Windows\System\aXztsoP.exe
  C:\Windows\System\aXztsoP.exe
  2⤵
  PID:336
- C:\Windows\System\QvoQTqz.exe
  C:\Windows\System\QvoQTqz.exe
  2⤵
  PID:2692
- C:\Windows\System\aNJHohl.exe
  C:\Windows\System\aNJHohl.exe
  2⤵
  PID:2668
- C:\Windows\System\KqtIBdF.exe
  C:\Windows\System\KqtIBdF.exe
  2⤵
  PID:1904
- C:\Windows\System\qbGWmYN.exe
  C:\Windows\System\qbGWmYN.exe
  2⤵
  PID:1760
- C:\Windows\System\eXiuQAi.exe
  C:\Windows\System\eXiuQAi.exe
  2⤵
  PID:1512
- C:\Windows\System\WlSyGsF.exe
  C:\Windows\System\WlSyGsF.exe
  2⤵
  PID:1408
- C:\Windows\System\pTAVqxQ.exe
  C:\Windows\System\pTAVqxQ.exe
  2⤵
  PID:3024
- C:\Windows\System\uGJxvNQ.exe
  C:\Windows\System\uGJxvNQ.exe
  2⤵
  PID:616
- C:\Windows\System\zmnopYd.exe
  C:\Windows\System\zmnopYd.exe
  2⤵
  PID:3044
- C:\Windows\System\TDwjEsc.exe
  C:\Windows\System\TDwjEsc.exe
  2⤵
  PID:1976
- C:\Windows\System\bzKoiMD.exe
  C:\Windows\System\bzKoiMD.exe
  2⤵
  PID:2716
- C:\Windows\System\eVvsWiZ.exe
  C:\Windows\System\eVvsWiZ.exe
  2⤵
  PID:1556
- C:\Windows\System\xpOVPDo.exe
  C:\Windows\System\xpOVPDo.exe
  2⤵
  PID:1812
- C:\Windows\System\ypvnHTJ.exe
  C:\Windows\System\ypvnHTJ.exe
  2⤵
  PID:2712
- C:\Windows\System\qpDNNlA.exe
  C:\Windows\System\qpDNNlA.exe
  2⤵
  PID:2168
- C:\Windows\System\iMARIkT.exe
  C:\Windows\System\iMARIkT.exe
  2⤵
  PID:844
- C:\Windows\System\ndZSDRb.exe
  C:\Windows\System\ndZSDRb.exe
  2⤵
  PID:2324
- C:\Windows\System\MlFodlH.exe
  C:\Windows\System\MlFodlH.exe
  2⤵
  PID:2364
- C:\Windows\System\RvghoTO.exe
  C:\Windows\System\RvghoTO.exe
  2⤵
  PID:2728
- C:\Windows\System\yKLAQld.exe
  C:\Windows\System\yKLAQld.exe
  2⤵
  PID:2880
- C:\Windows\System\LMxSUJB.exe
  C:\Windows\System\LMxSUJB.exe
  2⤵
  PID:2408
- C:\Windows\System\AFdtNEp.exe
  C:\Windows\System\AFdtNEp.exe
  2⤵
  PID:2080
- C:\Windows\System\Mjzuxxt.exe
  C:\Windows\System\Mjzuxxt.exe
  2⤵
  PID:572
- C:\Windows\System\OfiClLq.exe
  C:\Windows\System\OfiClLq.exe
  2⤵
  PID:2156
- C:\Windows\System\QVyozhc.exe
  C:\Windows\System\QVyozhc.exe
  2⤵
  PID:992
- C:\Windows\System\XwfhePw.exe
  C:\Windows\System\XwfhePw.exe
  2⤵
  PID:1716
- C:\Windows\System\CBwTuEb.exe
  C:\Windows\System\CBwTuEb.exe
  2⤵
  PID:1064
- C:\Windows\System\AOkfFRX.exe
  C:\Windows\System\AOkfFRX.exe
  2⤵
  PID:1968
- C:\Windows\System\CjoHclm.exe
  C:\Windows\System\CjoHclm.exe
  2⤵
  PID:2564
- C:\Windows\System\Bxaclvj.exe
  C:\Windows\System\Bxaclvj.exe
  2⤵
  PID:1992
- C:\Windows\System\PxxFvCf.exe
  C:\Windows\System\PxxFvCf.exe
  2⤵
  PID:2648
- C:\Windows\System\QMSRzgS.exe
  C:\Windows\System\QMSRzgS.exe
  2⤵
  PID:3084
- C:\Windows\System\gajtIyh.exe
  C:\Windows\System\gajtIyh.exe
  2⤵
  PID:3100
- C:\Windows\System\QzjkXlF.exe
  C:\Windows\System\QzjkXlF.exe
  2⤵
  PID:3124
- C:\Windows\System\UrPOFjB.exe
  C:\Windows\System\UrPOFjB.exe
  2⤵
  PID:3140
- C:\Windows\System\rgMORus.exe
  C:\Windows\System\rgMORus.exe
  2⤵
  PID:3156
- C:\Windows\System\zeRZeXw.exe
  C:\Windows\System\zeRZeXw.exe
  2⤵
  PID:3176
- C:\Windows\System\OGiTsOE.exe
  C:\Windows\System\OGiTsOE.exe
  2⤵
  PID:3196
- C:\Windows\System\WKLxGDp.exe
  C:\Windows\System\WKLxGDp.exe
  2⤵
  PID:3212
- C:\Windows\System\ZWGYoLN.exe
  C:\Windows\System\ZWGYoLN.exe
  2⤵
  PID:3232
- C:\Windows\System\KtYHHfn.exe
  C:\Windows\System\KtYHHfn.exe
  2⤵
  PID:3252
- C:\Windows\System\aqbkAlL.exe
  C:\Windows\System\aqbkAlL.exe
  2⤵
  PID:3268
- C:\Windows\System\oeOMyEq.exe
  C:\Windows\System\oeOMyEq.exe
  2⤵
  PID:3288
- C:\Windows\System\QSgvpCF.exe
  C:\Windows\System\QSgvpCF.exe
  2⤵
  PID:3304
- C:\Windows\System\EPyLjdV.exe
  C:\Windows\System\EPyLjdV.exe
  2⤵
  PID:3328
- C:\Windows\System\kQheOpu.exe
  C:\Windows\System\kQheOpu.exe
  2⤵
  PID:3344
- C:\Windows\System\JsrJdZi.exe
  C:\Windows\System\JsrJdZi.exe
  2⤵
  PID:3360
- C:\Windows\System\ztKhDXH.exe
  C:\Windows\System\ztKhDXH.exe
  2⤵
  PID:3376
- C:\Windows\System\uJgUeuL.exe
  C:\Windows\System\uJgUeuL.exe
  2⤵
  PID:3400
- C:\Windows\System\ZHNIzVX.exe
  C:\Windows\System\ZHNIzVX.exe
  2⤵
  PID:3416
- C:\Windows\System\FbPYOAw.exe
  C:\Windows\System\FbPYOAw.exe
  2⤵
  PID:3432
- C:\Windows\System\NbAMgWw.exe
  C:\Windows\System\NbAMgWw.exe
  2⤵
  PID:3448
- C:\Windows\System\DLThizV.exe
  C:\Windows\System\DLThizV.exe
  2⤵
  PID:3464
- C:\Windows\System\LMgyyXS.exe
  C:\Windows\System\LMgyyXS.exe
  2⤵
  PID:3480
- C:\Windows\System\EWehgmV.exe
  C:\Windows\System\EWehgmV.exe
  2⤵
  PID:3496
- C:\Windows\System\puXJGbt.exe
  C:\Windows\System\puXJGbt.exe
  2⤵
  PID:3520
- C:\Windows\System\hQHlAzF.exe
  C:\Windows\System\hQHlAzF.exe
  2⤵
  PID:3540
- C:\Windows\System\dDJXJDf.exe
  C:\Windows\System\dDJXJDf.exe
  2⤵
  PID:3560
- C:\Windows\System\INNhLsU.exe
  C:\Windows\System\INNhLsU.exe
  2⤵
  PID:3580
- C:\Windows\System\XVHnwOh.exe
  C:\Windows\System\XVHnwOh.exe
  2⤵
  PID:3604
- C:\Windows\System\ImafTHs.exe
  C:\Windows\System\ImafTHs.exe
  2⤵
  PID:3624
- C:\Windows\System\EGhFkeX.exe
  C:\Windows\System\EGhFkeX.exe
  2⤵
  PID:3644
- C:\Windows\System\iHTcbkU.exe
  C:\Windows\System\iHTcbkU.exe
  2⤵
  PID:3664
- C:\Windows\System\nLJktJl.exe
  C:\Windows\System\nLJktJl.exe
  2⤵
  PID:3688
- C:\Windows\System\icSZDRP.exe
  C:\Windows\System\icSZDRP.exe
  2⤵
  PID:3708
- C:\Windows\System\xPGjtmi.exe
  C:\Windows\System\xPGjtmi.exe
  2⤵
  PID:3728
- C:\Windows\System\smuJUmu.exe
  C:\Windows\System\smuJUmu.exe
  2⤵
  PID:3744
- C:\Windows\System\ZdGEWWI.exe
  C:\Windows\System\ZdGEWWI.exe
  2⤵
  PID:3760
- C:\Windows\System\cKjrZaj.exe
  C:\Windows\System\cKjrZaj.exe
  2⤵
  PID:3776
- C:\Windows\System\Xuixkrh.exe
  C:\Windows\System\Xuixkrh.exe
  2⤵
  PID:3792
- C:\Windows\System\DsOmyvm.exe
  C:\Windows\System\DsOmyvm.exe
  2⤵
  PID:3812
- C:\Windows\System\fqeGkAa.exe
  C:\Windows\System\fqeGkAa.exe
  2⤵
  PID:3828
- C:\Windows\System\raDAIdc.exe
  C:\Windows\System\raDAIdc.exe
  2⤵
  PID:3852
- C:\Windows\System\gZYPYoz.exe
  C:\Windows\System\gZYPYoz.exe
  2⤵
  PID:3868
- C:\Windows\System\ymWbTLp.exe
  C:\Windows\System\ymWbTLp.exe
  2⤵
  PID:3884
- C:\Windows\System\qGEXkIy.exe
  C:\Windows\System\qGEXkIy.exe
  2⤵
  PID:3908
- C:\Windows\System\OQfpHgz.exe
  C:\Windows\System\OQfpHgz.exe
  2⤵
  PID:3928
- C:\Windows\System\FsYNrzo.exe
  C:\Windows\System\FsYNrzo.exe
  2⤵
  PID:3944
- C:\Windows\System\LQydcdS.exe
  C:\Windows\System\LQydcdS.exe
  2⤵
  PID:3968
- C:\Windows\System\zxGGxQJ.exe
  C:\Windows\System\zxGGxQJ.exe
  2⤵
  PID:3984
- C:\Windows\System\obppiIF.exe
  C:\Windows\System\obppiIF.exe
  2⤵
  PID:4004
- C:\Windows\System\CmsGCbT.exe
  C:\Windows\System\CmsGCbT.exe
  2⤵
  PID:4020
- C:\Windows\System\gIJBYIO.exe
  C:\Windows\System\gIJBYIO.exe
  2⤵
  PID:4040
- C:\Windows\System\OOwHFEj.exe
  C:\Windows\System\OOwHFEj.exe
  2⤵
  PID:4056
- C:\Windows\System\eRfXHLH.exe
  C:\Windows\System\eRfXHLH.exe
  2⤵
  PID:4080
- C:\Windows\System\VEPzzGX.exe
  C:\Windows\System\VEPzzGX.exe
  2⤵
  PID:2980
- C:\Windows\System\yiTPpky.exe
  C:\Windows\System\yiTPpky.exe
  2⤵
  PID:660
- C:\Windows\System\mXlhqMT.exe
  C:\Windows\System\mXlhqMT.exe
  2⤵
  PID:3112
- C:\Windows\System\DeJkmeT.exe
  C:\Windows\System\DeJkmeT.exe
  2⤵
  PID:3148
- C:\Windows\System\ZbLVGfz.exe
  C:\Windows\System\ZbLVGfz.exe
  2⤵
  PID:3032
- C:\Windows\System\FVrFvyw.exe
  C:\Windows\System\FVrFvyw.exe
  2⤵
  PID:3296
- C:\Windows\System\AVwebTk.exe
  C:\Windows\System\AVwebTk.exe
  2⤵
  PID:3368
- C:\Windows\System\WWLsvcY.exe
  C:\Windows\System\WWLsvcY.exe
  2⤵
  PID:3444
- C:\Windows\System\zSNCoix.exe
  C:\Windows\System\zSNCoix.exe
  2⤵
  PID:3508
- C:\Windows\System\SRSIZFD.exe
  C:\Windows\System\SRSIZFD.exe
  2⤵
  PID:3556
- C:\Windows\System\XUVDXph.exe
  C:\Windows\System\XUVDXph.exe
  2⤵
  PID:3592
- C:\Windows\System\OCiqQWz.exe
  C:\Windows\System\OCiqQWz.exe
  2⤵
  PID:3672
- C:\Windows\System\MZKSFrm.exe
  C:\Windows\System\MZKSFrm.exe
  2⤵
  PID:3720
- C:\Windows\System\xsuEExk.exe
  C:\Windows\System\xsuEExk.exe
  2⤵
  PID:3788
- C:\Windows\System\RmCMFQQ.exe
  C:\Windows\System\RmCMFQQ.exe
  2⤵
  PID:1148
- C:\Windows\System\CreslVC.exe
  C:\Windows\System\CreslVC.exe
  2⤵
  PID:2596
- C:\Windows\System\irnKLaG.exe
  C:\Windows\System\irnKLaG.exe
  2⤵
  PID:3900
- C:\Windows\System\BFQDYRg.exe
  C:\Windows\System\BFQDYRg.exe
  2⤵
  PID:3976
- C:\Windows\System\anVjOcP.exe
  C:\Windows\System\anVjOcP.exe
  2⤵
  PID:3096
- C:\Windows\System\raztMXr.exe
  C:\Windows\System\raztMXr.exe
  2⤵
  PID:4016
- C:\Windows\System\VkwMfqr.exe
  C:\Windows\System\VkwMfqr.exe
  2⤵
  PID:3280
- C:\Windows\System\hgKalGJ.exe
  C:\Windows\System\hgKalGJ.exe
  2⤵
  PID:3324
- C:\Windows\System\BVJAJuD.exe
  C:\Windows\System\BVJAJuD.exe
  2⤵
  PID:3388
- C:\Windows\System\BXuXkwf.exe
  C:\Windows\System\BXuXkwf.exe
  2⤵
  PID:3536
- C:\Windows\System\sJdeYDV.exe
  C:\Windows\System\sJdeYDV.exe
  2⤵
  PID:3704
- C:\Windows\System\gTnJMOu.exe
  C:\Windows\System\gTnJMOu.exe
  2⤵
  PID:3800
- C:\Windows\System\qlBJfiO.exe
  C:\Windows\System\qlBJfiO.exe
  2⤵
  PID:4092
- C:\Windows\System\VzRPRNn.exe
  C:\Windows\System\VzRPRNn.exe
  2⤵
  PID:2136
- C:\Windows\System\HZzXlcm.exe
  C:\Windows\System\HZzXlcm.exe
  2⤵
  PID:2108
- C:\Windows\System\DmHirWs.exe
  C:\Windows\System\DmHirWs.exe
  2⤵
  PID:2292
- C:\Windows\System\Dfeuxud.exe
  C:\Windows\System\Dfeuxud.exe
  2⤵
  PID:1016
- C:\Windows\System\FbSKQtM.exe
  C:\Windows\System\FbSKQtM.exe
  2⤵
  PID:3960
- C:\Windows\System\uCTRAaj.exe
  C:\Windows\System\uCTRAaj.exe
  2⤵
  PID:3504
- C:\Windows\System\nfpcKUS.exe
  C:\Windows\System\nfpcKUS.exe
  2⤵
  PID:4072
- C:\Windows\System\RqsZsiy.exe
  C:\Windows\System\RqsZsiy.exe
  2⤵
  PID:4068
- C:\Windows\System\eXOnUvZ.exe
  C:\Windows\System\eXOnUvZ.exe
  2⤵
  PID:3952
- C:\Windows\System\dUKRkCr.exe
  C:\Windows\System\dUKRkCr.exe
  2⤵
  PID:3848
- C:\Windows\System\NLUmyJr.exe
  C:\Windows\System\NLUmyJr.exe
  2⤵
  PID:3616
- C:\Windows\System\caHgkGu.exe
  C:\Windows\System\caHgkGu.exe
  2⤵
  PID:3492
- C:\Windows\System\LJkJXPZ.exe
  C:\Windows\System\LJkJXPZ.exe
  2⤵
  PID:3600
- C:\Windows\System\rwwcmkW.exe
  C:\Windows\System\rwwcmkW.exe
  2⤵
  PID:3716
- C:\Windows\System\LvZPokv.exe
  C:\Windows\System\LvZPokv.exe
  2⤵
  PID:3116
- C:\Windows\System\vVFNPFK.exe
  C:\Windows\System\vVFNPFK.exe
  2⤵
  PID:3228
- C:\Windows\System\uFfWbGc.exe
  C:\Windows\System\uFfWbGc.exe
  2⤵
  PID:2628
- C:\Windows\System\AlMxsFy.exe
  C:\Windows\System\AlMxsFy.exe
  2⤵
  PID:3412
- C:\Windows\System\pcMcAeU.exe
  C:\Windows\System\pcMcAeU.exe
  2⤵
  PID:3240
- C:\Windows\System\ymSWOFr.exe
  C:\Windows\System\ymSWOFr.exe
  2⤵
  PID:3548
- C:\Windows\System\eyBxDDa.exe
  C:\Windows\System\eyBxDDa.exe
  2⤵
  PID:3356
- C:\Windows\System\HbVxPPB.exe
  C:\Windows\System\HbVxPPB.exe
  2⤵
  PID:3576
- C:\Windows\System\fBGKbnK.exe
  C:\Windows\System\fBGKbnK.exe
  2⤵
  PID:3136
- C:\Windows\System\cjXGvvH.exe
  C:\Windows\System\cjXGvvH.exe
  2⤵
  PID:2096
- C:\Windows\System\NgiwOvh.exe
  C:\Windows\System\NgiwOvh.exe
  2⤵
  PID:3636
- C:\Windows\System\hpqWdoB.exe
  C:\Windows\System\hpqWdoB.exe
  2⤵
  PID:4088
- C:\Windows\System\obzJpxB.exe
  C:\Windows\System\obzJpxB.exe
  2⤵
  PID:2260
- C:\Windows\System\pzFNmaF.exe
  C:\Windows\System\pzFNmaF.exe
  2⤵
  PID:3768
- C:\Windows\System\eIGfwAB.exe
  C:\Windows\System\eIGfwAB.exe
  2⤵
  PID:1892
- C:\Windows\System\VunDvLA.exe
  C:\Windows\System\VunDvLA.exe
  2⤵
  PID:3596
- C:\Windows\System\YrblbKR.exe
  C:\Windows\System\YrblbKR.exe
  2⤵
  PID:3880
- C:\Windows\System\HHJWYzm.exe
  C:\Windows\System\HHJWYzm.exe
  2⤵
  PID:3528
- C:\Windows\System\GQsJhoM.exe
  C:\Windows\System\GQsJhoM.exe
  2⤵
  PID:1560
- C:\Windows\System\QQIuYol.exe
  C:\Windows\System\QQIuYol.exe
  2⤵
  PID:3956
- C:\Windows\System\JfrMyTO.exe
  C:\Windows\System\JfrMyTO.exe
  2⤵
  PID:3220
- C:\Windows\System\rqjmOVO.exe
  C:\Windows\System\rqjmOVO.exe
  2⤵
  PID:4112
- C:\Windows\System\CUaGwdI.exe
  C:\Windows\System\CUaGwdI.exe
  2⤵
  PID:4132
- C:\Windows\System\SOrSMCi.exe
  C:\Windows\System\SOrSMCi.exe
  2⤵
  PID:4156
- C:\Windows\System\tthItUh.exe
  C:\Windows\System\tthItUh.exe
  2⤵
  PID:4172
- C:\Windows\System\qYNyIBP.exe
  C:\Windows\System\qYNyIBP.exe
  2⤵
  PID:4200
- C:\Windows\System\hiuAIJS.exe
  C:\Windows\System\hiuAIJS.exe
  2⤵
  PID:4220
- C:\Windows\System\SrYycBw.exe
  C:\Windows\System\SrYycBw.exe
  2⤵
  PID:4240
- C:\Windows\System\stsJlXU.exe
  C:\Windows\System\stsJlXU.exe
  2⤵
  PID:4264
- C:\Windows\System\CLzoQJO.exe
  C:\Windows\System\CLzoQJO.exe
  2⤵
  PID:4284
- C:\Windows\System\lxAYMmx.exe
  C:\Windows\System\lxAYMmx.exe
  2⤵
  PID:4304
- C:\Windows\System\rePwUvL.exe
  C:\Windows\System\rePwUvL.exe
  2⤵
  PID:4324
- C:\Windows\System\ilNXKKw.exe
  C:\Windows\System\ilNXKKw.exe
  2⤵
  PID:4344
- C:\Windows\System\JIdfgFg.exe
  C:\Windows\System\JIdfgFg.exe
  2⤵
  PID:4364
- C:\Windows\System\keRXUQS.exe
  C:\Windows\System\keRXUQS.exe
  2⤵
  PID:4392
- C:\Windows\System\mgWhdsd.exe
  C:\Windows\System\mgWhdsd.exe
  2⤵
  PID:4412
- C:\Windows\System\KyKhdry.exe
  C:\Windows\System\KyKhdry.exe
  2⤵
  PID:4432
- C:\Windows\System\NmyaJNS.exe
  C:\Windows\System\NmyaJNS.exe
  2⤵
  PID:4452
- C:\Windows\System\yOdGPpf.exe
  C:\Windows\System\yOdGPpf.exe
  2⤵
  PID:4472
- C:\Windows\System\BQXqBfF.exe
  C:\Windows\System\BQXqBfF.exe
  2⤵
  PID:4496
- C:\Windows\System\tsXSWbz.exe
  C:\Windows\System\tsXSWbz.exe
  2⤵
  PID:4516
- C:\Windows\System\iQBjdJk.exe
  C:\Windows\System\iQBjdJk.exe
  2⤵
  PID:4536
- C:\Windows\System\iHKLrLE.exe
  C:\Windows\System\iHKLrLE.exe
  2⤵
  PID:4556
- C:\Windows\System\oyWeLlq.exe
  C:\Windows\System\oyWeLlq.exe
  2⤵
  PID:4576
- C:\Windows\System\xTcbigC.exe
  C:\Windows\System\xTcbigC.exe
  2⤵
  PID:4596
- C:\Windows\System\ZbkIUjm.exe
  C:\Windows\System\ZbkIUjm.exe
  2⤵
  PID:4616
- C:\Windows\System\dHLuqGl.exe
  C:\Windows\System\dHLuqGl.exe
  2⤵
  PID:4636
- C:\Windows\System\FdrutLZ.exe
  C:\Windows\System\FdrutLZ.exe
  2⤵
  PID:4652
- C:\Windows\System\oymZqvo.exe
  C:\Windows\System\oymZqvo.exe
  2⤵
  PID:4676
- C:\Windows\System\siAgcBQ.exe
  C:\Windows\System\siAgcBQ.exe
  2⤵
  PID:4696
- C:\Windows\System\vERXgmI.exe
  C:\Windows\System\vERXgmI.exe
  2⤵
  PID:4716
- C:\Windows\System\BrRjAzY.exe
  C:\Windows\System\BrRjAzY.exe
  2⤵
  PID:4736
- C:\Windows\System\sVTKxHv.exe
  C:\Windows\System\sVTKxHv.exe
  2⤵
  PID:4752
- C:\Windows\System\jeOtOAn.exe
  C:\Windows\System\jeOtOAn.exe
  2⤵
  PID:4776
- C:\Windows\System\KktIoPq.exe
  C:\Windows\System\KktIoPq.exe
  2⤵
  PID:4796
- C:\Windows\System\KPlMdWQ.exe
  C:\Windows\System\KPlMdWQ.exe
  2⤵
  PID:4816
- C:\Windows\System\LjLXIHJ.exe
  C:\Windows\System\LjLXIHJ.exe
  2⤵
  PID:4840
- C:\Windows\System\NnmnTwJ.exe
  C:\Windows\System\NnmnTwJ.exe
  2⤵
  PID:4860
- C:\Windows\System\ENaOYUg.exe
  C:\Windows\System\ENaOYUg.exe
  2⤵
  PID:4876
- C:\Windows\System\YfriMUi.exe
  C:\Windows\System\YfriMUi.exe
  2⤵
  PID:4900
- C:\Windows\System\GHZNgKs.exe
  C:\Windows\System\GHZNgKs.exe
  2⤵
  PID:4920
- C:\Windows\System\mNlojzc.exe
  C:\Windows\System\mNlojzc.exe
  2⤵
  PID:4940
- C:\Windows\System\mZrtdPl.exe
  C:\Windows\System\mZrtdPl.exe
  2⤵
  PID:4960
- C:\Windows\System\nWJBPkh.exe
  C:\Windows\System\nWJBPkh.exe
  2⤵
  PID:4980
- C:\Windows\System\KDSKShX.exe
  C:\Windows\System\KDSKShX.exe
  2⤵
  PID:5000
- C:\Windows\System\TdhhjkG.exe
  C:\Windows\System\TdhhjkG.exe
  2⤵
  PID:5020
- C:\Windows\System\UAXznAt.exe
  C:\Windows\System\UAXznAt.exe
  2⤵
  PID:5040
- C:\Windows\System\zVWpEfV.exe
  C:\Windows\System\zVWpEfV.exe
  2⤵
  PID:5060
- C:\Windows\System\hnKCKtC.exe
  C:\Windows\System\hnKCKtC.exe
  2⤵
  PID:5080
- C:\Windows\System\RuDUymy.exe
  C:\Windows\System\RuDUymy.exe
  2⤵
  PID:5100
- C:\Windows\System\vHgerLc.exe
  C:\Windows\System\vHgerLc.exe
  2⤵
  PID:5116
- C:\Windows\System\UjulxtX.exe
  C:\Windows\System\UjulxtX.exe
  2⤵
  PID:1492
- C:\Windows\System\sRIfOYx.exe
  C:\Windows\System\sRIfOYx.exe
  2⤵
  PID:3260
- C:\Windows\System\MWVPYRD.exe
  C:\Windows\System\MWVPYRD.exe
  2⤵
  PID:3384
- C:\Windows\System\JKfNIXi.exe
  C:\Windows\System\JKfNIXi.exe
  2⤵
  PID:3936
- C:\Windows\System\mvAXsnS.exe
  C:\Windows\System\mvAXsnS.exe
  2⤵
  PID:3312
- C:\Windows\System\boNUEHc.exe
  C:\Windows\System\boNUEHc.exe
  2⤵
  PID:3836
- C:\Windows\System\xefgbao.exe
  C:\Windows\System\xefgbao.exe
  2⤵
  PID:3756
- C:\Windows\System\JlFivUW.exe
  C:\Windows\System\JlFivUW.exe
  2⤵
  PID:2664
- C:\Windows\System\rERlKJA.exe
  C:\Windows\System\rERlKJA.exe
  2⤵
  PID:2128
- C:\Windows\System\ACnFBtV.exe
  C:\Windows\System\ACnFBtV.exe
  2⤵
  PID:2800
- C:\Windows\System\jDsjgVN.exe
  C:\Windows\System\jDsjgVN.exe
  2⤵
  PID:4032
- C:\Windows\System\GNlRvdn.exe
  C:\Windows\System\GNlRvdn.exe
  2⤵
  PID:3804
- C:\Windows\System\yrNUcty.exe
  C:\Windows\System\yrNUcty.exe
  2⤵
  PID:4104
- C:\Windows\System\THeVxes.exe
  C:\Windows\System\THeVxes.exe
  2⤵
  PID:4120
- C:\Windows\System\acABuzG.exe
  C:\Windows\System\acABuzG.exe
  2⤵
  PID:4192
- C:\Windows\System\JbqfHCk.exe
  C:\Windows\System\JbqfHCk.exe
  2⤵
  PID:4212
- C:\Windows\System\mrOBVCB.exe
  C:\Windows\System\mrOBVCB.exe
  2⤵
  PID:4260
- C:\Windows\System\yXKdxFg.exe
  C:\Windows\System\yXKdxFg.exe
  2⤵
  PID:4292
- C:\Windows\System\hxFFsYZ.exe
  C:\Windows\System\hxFFsYZ.exe
  2⤵
  PID:4316
- C:\Windows\System\AymYNUm.exe
  C:\Windows\System\AymYNUm.exe
  2⤵
  PID:4360
- C:\Windows\System\mNBxLbw.exe
  C:\Windows\System\mNBxLbw.exe
  2⤵
  PID:4400
- C:\Windows\System\KbEbxmH.exe
  C:\Windows\System\KbEbxmH.exe
  2⤵
  PID:4428
- C:\Windows\System\hkNvpZA.exe
  C:\Windows\System\hkNvpZA.exe
  2⤵
  PID:4480
- C:\Windows\System\rpNpmPA.exe
  C:\Windows\System\rpNpmPA.exe
  2⤵
  PID:4464
- C:\Windows\System\QZTuDFn.exe
  C:\Windows\System\QZTuDFn.exe
  2⤵
  PID:4508
- C:\Windows\System\kYHSLHy.exe
  C:\Windows\System\kYHSLHy.exe
  2⤵
  PID:4552
- C:\Windows\System\PmRtncR.exe
  C:\Windows\System\PmRtncR.exe
  2⤵
  PID:4612
- C:\Windows\System\lSiEPyB.exe
  C:\Windows\System\lSiEPyB.exe
  2⤵
  PID:4624
- C:\Windows\System\ZsrOWsy.exe
  C:\Windows\System\ZsrOWsy.exe
  2⤵
  PID:4684
- C:\Windows\System\vaTcUnX.exe
  C:\Windows\System\vaTcUnX.exe
  2⤵
  PID:4660
- C:\Windows\System\iVNAtmw.exe
  C:\Windows\System\iVNAtmw.exe
  2⤵
  PID:4712
- C:\Windows\System\hOPeuVy.exe
  C:\Windows\System\hOPeuVy.exe
  2⤵
  PID:4764
- C:\Windows\System\BzJmTRt.exe
  C:\Windows\System\BzJmTRt.exe
  2⤵
  PID:4748
- C:\Windows\System\oRZFoCb.exe
  C:\Windows\System\oRZFoCb.exe
  2⤵
  PID:4812
- C:\Windows\System\CUxSHov.exe
  C:\Windows\System\CUxSHov.exe
  2⤵
  PID:4836
- C:\Windows\System\aiGNvNt.exe
  C:\Windows\System\aiGNvNt.exe
  2⤵
  PID:2920
- C:\Windows\System\fOtKYAI.exe
  C:\Windows\System\fOtKYAI.exe
  2⤵
  PID:2936
- C:\Windows\System\hfOpUtL.exe
  C:\Windows\System\hfOpUtL.exe
  2⤵
  PID:4916
- C:\Windows\System\BIaVnVd.exe
  C:\Windows\System\BIaVnVd.exe
  2⤵
  PID:4948
- C:\Windows\System\IRMfync.exe
  C:\Windows\System\IRMfync.exe
  2⤵
  PID:5008
- C:\Windows\System\soMPerB.exe
  C:\Windows\System\soMPerB.exe
  2⤵
  PID:4992
- C:\Windows\System\HjLdIiN.exe
  C:\Windows\System\HjLdIiN.exe
  2⤵
  PID:5032
- C:\Windows\System\KbfEcOR.exe
  C:\Windows\System\KbfEcOR.exe
  2⤵
  PID:5076
- C:\Windows\System\qjwzGcV.exe
  C:\Windows\System\qjwzGcV.exe
  2⤵
  PID:3408
- C:\Windows\System\ajkCoRI.exe
  C:\Windows\System\ajkCoRI.exe
  2⤵
  PID:3892
- C:\Windows\System\WyIMVEQ.exe
  C:\Windows\System\WyIMVEQ.exe
  2⤵
  PID:3940
- C:\Windows\System\ZYVYWeh.exe
  C:\Windows\System\ZYVYWeh.exe
  2⤵
  PID:3172
- C:\Windows\System\TCBAdXf.exe
  C:\Windows\System\TCBAdXf.exe
  2⤵
  PID:3752
- C:\Windows\System\FcRKafW.exe
  C:\Windows\System\FcRKafW.exe
  2⤵
  PID:1736
- C:\Windows\System\IjDGZOE.exe
  C:\Windows\System\IjDGZOE.exe
  2⤵
  PID:3532
- C:\Windows\System\UWZIclL.exe
  C:\Windows\System\UWZIclL.exe
  2⤵
  PID:3184
- C:\Windows\System\ouqUEKl.exe
  C:\Windows\System\ouqUEKl.exe
  2⤵
  PID:4180
- C:\Windows\System\SDIoKaD.exe
  C:\Windows\System\SDIoKaD.exe
  2⤵
  PID:2720
- C:\Windows\System\KfmajtA.exe
  C:\Windows\System\KfmajtA.exe
  2⤵
  PID:4216
- C:\Windows\System\DkeJCiq.exe
  C:\Windows\System\DkeJCiq.exe
  2⤵
  PID:4296
- C:\Windows\System\gGenAWP.exe
  C:\Windows\System\gGenAWP.exe
  2⤵
  PID:2924
- C:\Windows\System\iWVdcwQ.exe
  C:\Windows\System\iWVdcwQ.exe
  2⤵
  PID:2896
- C:\Windows\System\blJNCTH.exe
  C:\Windows\System\blJNCTH.exe
  2⤵
  PID:4448
- C:\Windows\System\jVOeVTp.exe
  C:\Windows\System\jVOeVTp.exe
  2⤵
  PID:4532
- C:\Windows\System\nnqMGqu.exe
  C:\Windows\System\nnqMGqu.exe
  2⤵
  PID:4604
- C:\Windows\System\ZWJEuRl.exe
  C:\Windows\System\ZWJEuRl.exe
  2⤵
  PID:4628
- C:\Windows\System\GvVeBnu.exe
  C:\Windows\System\GvVeBnu.exe
  2⤵
  PID:4608
- C:\Windows\System\ZBwqVkm.exe
  C:\Windows\System\ZBwqVkm.exe
  2⤵
  PID:4724
- C:\Windows\System\rWzJBzc.exe
  C:\Windows\System\rWzJBzc.exe
  2⤵
  PID:4856
- C:\Windows\System\rLKtffF.exe
  C:\Windows\System\rLKtffF.exe
  2⤵
  PID:4784
- C:\Windows\System\IAhwOSy.exe
  C:\Windows\System\IAhwOSy.exe
  2⤵
  PID:4884
- C:\Windows\System\MGIHWWy.exe
  C:\Windows\System\MGIHWWy.exe
  2⤵
  PID:4932
- C:\Windows\System\CHjNdjT.exe
  C:\Windows\System\CHjNdjT.exe
  2⤵
  PID:2904
- C:\Windows\System\HFzmkuh.exe
  C:\Windows\System\HFzmkuh.exe
  2⤵
  PID:5096
- C:\Windows\System\pHXiSjW.exe
  C:\Windows\System\pHXiSjW.exe
  2⤵
  PID:5056
- C:\Windows\System\GdpDMCT.exe
  C:\Windows\System\GdpDMCT.exe
  2⤵
  PID:2612
- C:\Windows\System\lzsYwyZ.exe
  C:\Windows\System\lzsYwyZ.exe
  2⤵
  PID:4256
- C:\Windows\System\ncpjRkB.exe
  C:\Windows\System\ncpjRkB.exe
  2⤵
  PID:3340
- C:\Windows\System\BTupGoN.exe
  C:\Windows\System\BTupGoN.exe
  2⤵
  PID:3656
- C:\Windows\System\nHcLiur.exe
  C:\Windows\System\nHcLiur.exe
  2⤵
  PID:4232
- C:\Windows\System\EgJlpnr.exe
  C:\Windows\System\EgJlpnr.exe
  2⤵
  PID:4148
- C:\Windows\System\bbSolou.exe
  C:\Windows\System\bbSolou.exe
  2⤵
  PID:4272
- C:\Windows\System\UgFtCwI.exe
  C:\Windows\System\UgFtCwI.exe
  2⤵
  PID:4312
- C:\Windows\System\bOooCCq.exe
  C:\Windows\System\bOooCCq.exe
  2⤵
  PID:4484
- C:\Windows\System\DMSbnWC.exe
  C:\Windows\System\DMSbnWC.exe
  2⤵
  PID:4388
- C:\Windows\System\DbPkKcq.exe
  C:\Windows\System\DbPkKcq.exe
  2⤵
  PID:2912
- C:\Windows\System\xsyqFDv.exe
  C:\Windows\System\xsyqFDv.exe
  2⤵
  PID:4732
- C:\Windows\System\UACrWXO.exe
  C:\Windows\System\UACrWXO.exe
  2⤵
  PID:4788
- C:\Windows\System\MxRhPdb.exe
  C:\Windows\System\MxRhPdb.exe
  2⤵
  PID:4744
- C:\Windows\System\HTvrsgH.exe
  C:\Windows\System\HTvrsgH.exe
  2⤵
  PID:4996
- C:\Windows\System\AOujfqk.exe
  C:\Windows\System\AOujfqk.exe
  2⤵
  PID:5012
- C:\Windows\System\GtlWOWi.exe
  C:\Windows\System\GtlWOWi.exe
  2⤵
  PID:4912
- C:\Windows\System\KzDQWHS.exe
  C:\Windows\System\KzDQWHS.exe
  2⤵
  PID:5128
- C:\Windows\System\wDKsuta.exe
  C:\Windows\System\wDKsuta.exe
  2⤵
  PID:5148
- C:\Windows\System\YizSUqA.exe
  C:\Windows\System\YizSUqA.exe
  2⤵
  PID:5168
- C:\Windows\System\stySklh.exe
  C:\Windows\System\stySklh.exe
  2⤵
  PID:5188
- C:\Windows\System\fkyxCdx.exe
  C:\Windows\System\fkyxCdx.exe
  2⤵
  PID:5208
- C:\Windows\System\juQWlvG.exe
  C:\Windows\System\juQWlvG.exe
  2⤵
  PID:5228
- C:\Windows\System\besIAny.exe
  C:\Windows\System\besIAny.exe
  2⤵
  PID:5252
- C:\Windows\System\tULKsAS.exe
  C:\Windows\System\tULKsAS.exe
  2⤵
  PID:5268
- C:\Windows\System\HXfcSEg.exe
  C:\Windows\System\HXfcSEg.exe
  2⤵
  PID:5288
- C:\Windows\System\SizKYoJ.exe
  C:\Windows\System\SizKYoJ.exe
  2⤵
  PID:5312
- C:\Windows\System\saJIdPo.exe
  C:\Windows\System\saJIdPo.exe
  2⤵
  PID:5332
- C:\Windows\System\yMmbWrM.exe
  C:\Windows\System\yMmbWrM.exe
  2⤵
  PID:5352
- C:\Windows\System\QsKkakD.exe
  C:\Windows\System\QsKkakD.exe
  2⤵
  PID:5372
- C:\Windows\System\ZnwsLdE.exe
  C:\Windows\System\ZnwsLdE.exe
  2⤵
  PID:5392
- C:\Windows\System\lIkeRll.exe
  C:\Windows\System\lIkeRll.exe
  2⤵
  PID:5412
- C:\Windows\System\swfaKwl.exe
  C:\Windows\System\swfaKwl.exe
  2⤵
  PID:5432
- C:\Windows\System\nEiiYbj.exe
  C:\Windows\System\nEiiYbj.exe
  2⤵
  PID:5448
- C:\Windows\System\ANoDjUW.exe
  C:\Windows\System\ANoDjUW.exe
  2⤵
  PID:5472
- C:\Windows\System\zEDZZCY.exe
  C:\Windows\System\zEDZZCY.exe
  2⤵
  PID:5492
- C:\Windows\System\nrrnNfE.exe
  C:\Windows\System\nrrnNfE.exe
  2⤵
  PID:5508
- C:\Windows\System\iDGsouI.exe
  C:\Windows\System\iDGsouI.exe
  2⤵
  PID:5528
- C:\Windows\System\fTzXumr.exe
  C:\Windows\System\fTzXumr.exe
  2⤵
  PID:5552
- C:\Windows\System\XHJkDTQ.exe
  C:\Windows\System\XHJkDTQ.exe
  2⤵
  PID:5568
- C:\Windows\System\cqaPyCf.exe
  C:\Windows\System\cqaPyCf.exe
  2⤵
  PID:5588
- C:\Windows\System\vhWjkDn.exe
  C:\Windows\System\vhWjkDn.exe
  2⤵
  PID:5604
- C:\Windows\System\RnUBCdo.exe
  C:\Windows\System\RnUBCdo.exe
  2⤵
  PID:5632
- C:\Windows\System\YRDlnPc.exe
  C:\Windows\System\YRDlnPc.exe
  2⤵
  PID:5656
- C:\Windows\System\SxkKyar.exe
  C:\Windows\System\SxkKyar.exe
  2⤵
  PID:5676
- C:\Windows\System\Zywvzti.exe
  C:\Windows\System\Zywvzti.exe
  2⤵
  PID:5696
- C:\Windows\System\wwrVCqT.exe
  C:\Windows\System\wwrVCqT.exe
  2⤵
  PID:5712
- C:\Windows\System\dNMGPob.exe
  C:\Windows\System\dNMGPob.exe
  2⤵
  PID:5736
- C:\Windows\System\kyVGptl.exe
  C:\Windows\System\kyVGptl.exe
  2⤵
  PID:5752
- C:\Windows\System\fwuElDU.exe
  C:\Windows\System\fwuElDU.exe
  2⤵
  PID:5776
- C:\Windows\System\yWrppmx.exe
  C:\Windows\System\yWrppmx.exe
  2⤵
  PID:5796
- C:\Windows\System\djGAvvT.exe
  C:\Windows\System\djGAvvT.exe
  2⤵
  PID:5816
- C:\Windows\System\XKjlYEC.exe
  C:\Windows\System\XKjlYEC.exe
  2⤵
  PID:5836
- C:\Windows\System\sRDddPl.exe
  C:\Windows\System\sRDddPl.exe
  2⤵
  PID:5856
- C:\Windows\System\jENxadl.exe
  C:\Windows\System\jENxadl.exe
  2⤵
  PID:5876
- C:\Windows\System\hYBTiwY.exe
  C:\Windows\System\hYBTiwY.exe
  2⤵
  PID:5892
- C:\Windows\System\fTHIovn.exe
  C:\Windows\System\fTHIovn.exe
  2⤵
  PID:5912
- C:\Windows\System\kBjmRBA.exe
  C:\Windows\System\kBjmRBA.exe
  2⤵
  PID:5932
- C:\Windows\System\LxgpYnz.exe
  C:\Windows\System\LxgpYnz.exe
  2⤵
  PID:5956
- C:\Windows\System\ozldJBL.exe
  C:\Windows\System\ozldJBL.exe
  2⤵
  PID:5976
- C:\Windows\System\sGXtiOX.exe
  C:\Windows\System\sGXtiOX.exe
  2⤵
  PID:5996
- C:\Windows\System\VDuKycl.exe
  C:\Windows\System\VDuKycl.exe
  2⤵
  PID:6016
- C:\Windows\System\zUDHObW.exe
  C:\Windows\System\zUDHObW.exe
  2⤵
  PID:6036
- C:\Windows\System\OzaeVKO.exe
  C:\Windows\System\OzaeVKO.exe
  2⤵
  PID:6060
- C:\Windows\System\WaVChEf.exe
  C:\Windows\System\WaVChEf.exe
  2⤵
  PID:6080
- C:\Windows\System\MfYsqoi.exe
  C:\Windows\System\MfYsqoi.exe
  2⤵
  PID:6100
- C:\Windows\System\McUysYK.exe
  C:\Windows\System\McUysYK.exe
  2⤵
  PID:6120
- C:\Windows\System\gffhkFa.exe
  C:\Windows\System\gffhkFa.exe
  2⤵
  PID:6140
- C:\Windows\System\SZBBGqQ.exe
  C:\Windows\System\SZBBGqQ.exe
  2⤵
  PID:3168
- C:\Windows\System\vfwujmv.exe
  C:\Windows\System\vfwujmv.exe
  2⤵
  PID:4236
- C:\Windows\System\gUUyUiE.exe
  C:\Windows\System\gUUyUiE.exe
  2⤵
  PID:4152
- C:\Windows\System\lnEiQtU.exe
  C:\Windows\System\lnEiQtU.exe
  2⤵
  PID:3996
- C:\Windows\System\RXHDuef.exe
  C:\Windows\System\RXHDuef.exe
  2⤵
  PID:2644
- C:\Windows\System\WKLQoxv.exe
  C:\Windows\System\WKLQoxv.exe
  2⤵
  PID:4544
- C:\Windows\System\SWzTqTW.exe
  C:\Windows\System\SWzTqTW.exe
  2⤵
  PID:2996
- C:\Windows\System\pstnwHH.exe
  C:\Windows\System\pstnwHH.exe
  2⤵
  PID:4704
- C:\Windows\System\yIruVtK.exe
  C:\Windows\System\yIruVtK.exe
  2⤵
  PID:4892
- C:\Windows\System\rmCxsjU.exe
  C:\Windows\System\rmCxsjU.exe
  2⤵
  PID:5108
- C:\Windows\System\njirasc.exe
  C:\Windows\System\njirasc.exe
  2⤵
  PID:5140
- C:\Windows\System\BrESzwI.exe
  C:\Windows\System\BrESzwI.exe
  2⤵
  PID:5176
- C:\Windows\System\psUJHcu.exe
  C:\Windows\System\psUJHcu.exe
  2⤵
  PID:5160
- C:\Windows\System\YuBmQqm.exe
  C:\Windows\System\YuBmQqm.exe
  2⤵
  PID:5264
- C:\Windows\System\MwcHgNz.exe
  C:\Windows\System\MwcHgNz.exe
  2⤵
  PID:5296
- C:\Windows\System\NHedkqr.exe
  C:\Windows\System\NHedkqr.exe
  2⤵
  PID:5240
- C:\Windows\System\GdowmvL.exe
  C:\Windows\System\GdowmvL.exe
  2⤵
  PID:5328
- C:\Windows\System\vlsTRaS.exe
  C:\Windows\System\vlsTRaS.exe
  2⤵
  PID:5380
- C:\Windows\System\owSUtBV.exe
  C:\Windows\System\owSUtBV.exe
  2⤵
  PID:5428
- C:\Windows\System\aQqvGCA.exe
  C:\Windows\System\aQqvGCA.exe
  2⤵
  PID:5400
- C:\Windows\System\uWAsCQN.exe
  C:\Windows\System\uWAsCQN.exe
  2⤵
  PID:5404
- C:\Windows\System\BBHAEec.exe
  C:\Windows\System\BBHAEec.exe
  2⤵
  PID:5484
- C:\Windows\System\mMGSxQO.exe
  C:\Windows\System\mMGSxQO.exe
  2⤵
  PID:5548
- C:\Windows\System\NuNXOFJ.exe
  C:\Windows\System\NuNXOFJ.exe
  2⤵
  PID:5584
- C:\Windows\System\mxHCuIN.exe
  C:\Windows\System\mxHCuIN.exe
  2⤵
  PID:5520
- C:\Windows\System\kaMORMi.exe
  C:\Windows\System\kaMORMi.exe
  2⤵
  PID:5640
- C:\Windows\System\rxggwOP.exe
  C:\Windows\System\rxggwOP.exe
  2⤵
  PID:5644
- C:\Windows\System\MXztmEv.exe
  C:\Windows\System\MXztmEv.exe
  2⤵
  PID:5744
- C:\Windows\System\EIvXxpW.exe
  C:\Windows\System\EIvXxpW.exe
  2⤵
  PID:5720
- C:\Windows\System\WsUHzms.exe
  C:\Windows\System\WsUHzms.exe
  2⤵
  PID:5732
- C:\Windows\System\iOKvDPY.exe
  C:\Windows\System\iOKvDPY.exe
  2⤵
  PID:5764
- C:\Windows\System\AAOiKTL.exe
  C:\Windows\System\AAOiKTL.exe
  2⤵
  PID:5808
- C:\Windows\System\wTEwLXy.exe
  C:\Windows\System\wTEwLXy.exe
  2⤵
  PID:5868
- C:\Windows\System\UVqIuuy.exe
  C:\Windows\System\UVqIuuy.exe
  2⤵
  PID:5848
- C:\Windows\System\UJPjOmk.exe
  C:\Windows\System\UJPjOmk.exe
  2⤵
  PID:5940
- C:\Windows\System\bGzaymr.exe
  C:\Windows\System\bGzaymr.exe
  2⤵
  PID:5928
- C:\Windows\System\lGiTaDn.exe
  C:\Windows\System\lGiTaDn.exe
  2⤵
  PID:5988
- C:\Windows\System\PqnfYSR.exe
  C:\Windows\System\PqnfYSR.exe
  2⤵
  PID:6032
- C:\Windows\System\KyVBmhL.exe
  C:\Windows\System\KyVBmhL.exe
  2⤵
  PID:6008
- C:\Windows\System\xnUYvNg.exe
  C:\Windows\System\xnUYvNg.exe
  2⤵
  PID:6068
- C:\Windows\System\xmbumRj.exe
  C:\Windows\System\xmbumRj.exe
  2⤵
  PID:6096
- C:\Windows\System\QZUFhBj.exe
  C:\Windows\System\QZUFhBj.exe
  2⤵
  PID:5068
- C:\Windows\System\yCOIPaO.exe
  C:\Windows\System\yCOIPaO.exe
  2⤵
  PID:6128
- C:\Windows\System\kYCHOqY.exe
  C:\Windows\System\kYCHOqY.exe
  2⤵
  PID:3336
- C:\Windows\System\QnkTjWp.exe
  C:\Windows\System\QnkTjWp.exe
  2⤵
  PID:4512
- C:\Windows\System\QcDfDUc.exe
  C:\Windows\System\QcDfDUc.exe
  2⤵
  PID:4648
- C:\Windows\System\PBYtdxe.exe
  C:\Windows\System\PBYtdxe.exe
  2⤵
  PID:4908
- C:\Windows\System\NjPwnPQ.exe
  C:\Windows\System\NjPwnPQ.exe
  2⤵
  PID:4768
- C:\Windows\System\yNFbJhx.exe
  C:\Windows\System\yNFbJhx.exe
  2⤵
  PID:5112
- C:\Windows\System\vuvCvwk.exe
  C:\Windows\System\vuvCvwk.exe
  2⤵
  PID:832
- C:\Windows\System\ITxHnJz.exe
  C:\Windows\System\ITxHnJz.exe
  2⤵
  PID:5224
- C:\Windows\System\hOJHJRd.exe
  C:\Windows\System\hOJHJRd.exe
  2⤵
  PID:2040
- C:\Windows\System\CoNyDnp.exe
  C:\Windows\System\CoNyDnp.exe
  2⤵
  PID:5284
- C:\Windows\System\EaPNVLd.exe
  C:\Windows\System\EaPNVLd.exe
  2⤵
  PID:5324
- C:\Windows\System\JLFtBAK.exe
  C:\Windows\System\JLFtBAK.exe
  2⤵
  PID:5460
- C:\Windows\System\vwgfkmo.exe
  C:\Windows\System\vwgfkmo.exe
  2⤵
  PID:5364
- C:\Windows\System\bMDpHlr.exe
  C:\Windows\System\bMDpHlr.exe
  2⤵
  PID:5488
- C:\Windows\System\SuvCvjE.exe
  C:\Windows\System\SuvCvjE.exe
  2⤵
  PID:5516
- C:\Windows\System\StHOifH.exe
  C:\Windows\System\StHOifH.exe
  2⤵
  PID:5564
- C:\Windows\System\zcZctNl.exe
  C:\Windows\System\zcZctNl.exe
  2⤵
  PID:5688
- C:\Windows\System\XfEhRDo.exe
  C:\Windows\System\XfEhRDo.exe
  2⤵
  PID:5788
- C:\Windows\System\OjljudD.exe
  C:\Windows\System\OjljudD.exe
  2⤵
  PID:2820
- C:\Windows\System\DOOwCFY.exe
  C:\Windows\System\DOOwCFY.exe
  2⤵
  PID:3076
- C:\Windows\System\sjrihqL.exe
  C:\Windows\System\sjrihqL.exe
  2⤵
  PID:5812
- C:\Windows\System\VwyFrJT.exe
  C:\Windows\System\VwyFrJT.exe
  2⤵
  PID:2836
- C:\Windows\System\UIyGgPU.exe
  C:\Windows\System\UIyGgPU.exe
  2⤵
  PID:3012
- C:\Windows\System\oWWalgR.exe
  C:\Windows\System\oWWalgR.exe
  2⤵
  PID:5968
- C:\Windows\System\NGNBMRS.exe
  C:\Windows\System\NGNBMRS.exe
  2⤵
  PID:2280
- C:\Windows\System\ZbsCirt.exe
  C:\Windows\System\ZbsCirt.exe
  2⤵
  PID:6116
- C:\Windows\System\vBBgsEK.exe
  C:\Windows\System\vBBgsEK.exe
  2⤵
  PID:4384
- C:\Windows\System\ywCqSzA.exe
  C:\Windows\System\ywCqSzA.exe
  2⤵
  PID:2232
- C:\Windows\System\vjiYCXk.exe
  C:\Windows\System\vjiYCXk.exe
  2⤵
  PID:4340
- C:\Windows\System\ZaBEGOh.exe
  C:\Windows\System\ZaBEGOh.exe
  2⤵
  PID:1424
- C:\Windows\System\urWiMNq.exe
  C:\Windows\System\urWiMNq.exe
  2⤵
  PID:4952
- C:\Windows\System\uMxIuzI.exe
  C:\Windows\System\uMxIuzI.exe
  2⤵
  PID:5300
- C:\Windows\System\akyiopn.exe
  C:\Windows\System\akyiopn.exe
  2⤵
  PID:5348
- C:\Windows\System\lLlQzTu.exe
  C:\Windows\System\lLlQzTu.exe
  2⤵
  PID:5320
- C:\Windows\System\ZKgKrFh.exe
  C:\Windows\System\ZKgKrFh.exe
  2⤵
  PID:5544
- C:\Windows\System\nlYdSqA.exe
  C:\Windows\System\nlYdSqA.exe
  2⤵
  PID:5368
- C:\Windows\System\vLIdkvr.exe
  C:\Windows\System\vLIdkvr.exe
  2⤵
  PID:5708
- C:\Windows\System\uWepKjs.exe
  C:\Windows\System\uWepKjs.exe
  2⤵
  PID:5580
- C:\Windows\System\saNMnQX.exe
  C:\Windows\System\saNMnQX.exe
  2⤵
  PID:5804
- C:\Windows\System\uYFLXmT.exe
  C:\Windows\System\uYFLXmT.exe
  2⤵
  PID:5888
- C:\Windows\System\BONYSUF.exe
  C:\Windows\System\BONYSUF.exe
  2⤵
  PID:5884
- C:\Windows\System\oqLzhkB.exe
  C:\Windows\System\oqLzhkB.exe
  2⤵
  PID:5920
- C:\Windows\System\XQYqcXz.exe
  C:\Windows\System\XQYqcXz.exe
  2⤵
  PID:6072
- C:\Windows\System\idBCexo.exe
  C:\Windows\System\idBCexo.exe
  2⤵
  PID:2868
- C:\Windows\System\IRGnqgr.exe
  C:\Windows\System\IRGnqgr.exe
  2⤵
  PID:4888
- C:\Windows\System\pUJPFpk.exe
  C:\Windows\System\pUJPFpk.exe
  2⤵
  PID:2044
- C:\Windows\System\RSMdoBN.exe
  C:\Windows\System\RSMdoBN.exe
  2⤵
  PID:896
- C:\Windows\System\NYACXqB.exe
  C:\Windows\System\NYACXqB.exe
  2⤵
  PID:5184
- C:\Windows\System\nCrqueb.exe
  C:\Windows\System\nCrqueb.exe
  2⤵
  PID:5420
- C:\Windows\System\iWhcrqn.exe
  C:\Windows\System\iWhcrqn.exe
  2⤵
  PID:5768
- C:\Windows\System\tBvanoD.exe
  C:\Windows\System\tBvanoD.exe
  2⤵
  PID:5596
- C:\Windows\System\mLLwjDK.exe
  C:\Windows\System\mLLwjDK.exe
  2⤵
  PID:5728
- C:\Windows\System\TnLuTyX.exe
  C:\Windows\System\TnLuTyX.exe
  2⤵
  PID:1192
- C:\Windows\System\lQqPfSb.exe
  C:\Windows\System\lQqPfSb.exe
  2⤵
  PID:548
- C:\Windows\System\YiwUPXy.exe
  C:\Windows\System\YiwUPXy.exe
  2⤵
  PID:6048
- C:\Windows\System\kUccoxZ.exe
  C:\Windows\System\kUccoxZ.exe
  2⤵
  PID:6156
- C:\Windows\System\LOGDbUE.exe
  C:\Windows\System\LOGDbUE.exe
  2⤵
  PID:6176
- C:\Windows\System\cytyZIv.exe
  C:\Windows\System\cytyZIv.exe
  2⤵
  PID:6196
- C:\Windows\System\fPVOjsG.exe
  C:\Windows\System\fPVOjsG.exe
  2⤵
  PID:6216
- C:\Windows\System\awOkaFL.exe
  C:\Windows\System\awOkaFL.exe
  2⤵
  PID:6236
- C:\Windows\System\zPZPcUJ.exe
  C:\Windows\System\zPZPcUJ.exe
  2⤵
  PID:6256
- C:\Windows\System\iEcZMMU.exe
  C:\Windows\System\iEcZMMU.exe
  2⤵
  PID:6272
- C:\Windows\System\JowQoXZ.exe
  C:\Windows\System\JowQoXZ.exe
  2⤵
  PID:6296
- C:\Windows\System\HiNRqwn.exe
  C:\Windows\System\HiNRqwn.exe
  2⤵
  PID:6316
- C:\Windows\System\LPxjdWE.exe
  C:\Windows\System\LPxjdWE.exe
  2⤵
  PID:6332
- C:\Windows\System\JEIEZwp.exe
  C:\Windows\System\JEIEZwp.exe
  2⤵
  PID:6356
- C:\Windows\System\yIovfIy.exe
  C:\Windows\System\yIovfIy.exe
  2⤵
  PID:6376
- C:\Windows\System\qHEKBRT.exe
  C:\Windows\System\qHEKBRT.exe
  2⤵
  PID:6396
- C:\Windows\System\bHiQGJu.exe
  C:\Windows\System\bHiQGJu.exe
  2⤵
  PID:6412
- C:\Windows\System\IgAWYIH.exe
  C:\Windows\System\IgAWYIH.exe
  2⤵
  PID:6436
- C:\Windows\System\rOpoJyb.exe
  C:\Windows\System\rOpoJyb.exe
  2⤵
  PID:6456
- C:\Windows\System\hbmguUk.exe
  C:\Windows\System\hbmguUk.exe
  2⤵
  PID:6476
- C:\Windows\System\ElmtVUx.exe
  C:\Windows\System\ElmtVUx.exe
  2⤵
  PID:6492
- C:\Windows\System\nYNVtAT.exe
  C:\Windows\System\nYNVtAT.exe
  2⤵
  PID:6516
- C:\Windows\System\DgsnwfC.exe
  C:\Windows\System\DgsnwfC.exe
  2⤵
  PID:6536
- C:\Windows\System\BfRWBaW.exe
  C:\Windows\System\BfRWBaW.exe
  2⤵
  PID:6556
- C:\Windows\System\TIBkabC.exe
  C:\Windows\System\TIBkabC.exe
  2⤵
  PID:6576
- C:\Windows\System\CbjbKkp.exe
  C:\Windows\System\CbjbKkp.exe
  2⤵
  PID:6596
- C:\Windows\System\gETvXHr.exe
  C:\Windows\System\gETvXHr.exe
  2⤵
  PID:6612
- C:\Windows\System\iybgbPG.exe
  C:\Windows\System\iybgbPG.exe
  2⤵
  PID:6636
- C:\Windows\System\QyRgQLa.exe
  C:\Windows\System\QyRgQLa.exe
  2⤵
  PID:6656
- C:\Windows\System\BHRsJfC.exe
  C:\Windows\System\BHRsJfC.exe
  2⤵
  PID:6672
- C:\Windows\System\VdmnDAe.exe
  C:\Windows\System\VdmnDAe.exe
  2⤵
  PID:6696
- C:\Windows\System\IIqTXMb.exe
  C:\Windows\System\IIqTXMb.exe
  2⤵
  PID:6716
- C:\Windows\System\axWXRdt.exe
  C:\Windows\System\axWXRdt.exe
  2⤵
  PID:6736
- C:\Windows\System\scofOMp.exe
  C:\Windows\System\scofOMp.exe
  2⤵
  PID:6756
- C:\Windows\System\bZWjNQK.exe
  C:\Windows\System\bZWjNQK.exe
  2⤵
  PID:6776
- C:\Windows\System\IWFgDFg.exe
  C:\Windows\System\IWFgDFg.exe
  2⤵
  PID:6796
- C:\Windows\System\BuGjuNC.exe
  C:\Windows\System\BuGjuNC.exe
  2⤵
  PID:6816
- C:\Windows\System\aykqVSf.exe
  C:\Windows\System\aykqVSf.exe
  2⤵
  PID:6836
- C:\Windows\System\lxnmlBU.exe
  C:\Windows\System\lxnmlBU.exe
  2⤵
  PID:6860
- C:\Windows\System\QtoKRsa.exe
  C:\Windows\System\QtoKRsa.exe
  2⤵
  PID:6880
- C:\Windows\System\yJFOEhR.exe
  C:\Windows\System\yJFOEhR.exe
  2⤵
  PID:6900
- C:\Windows\System\GMsrsOm.exe
  C:\Windows\System\GMsrsOm.exe
  2⤵
  PID:6920
- C:\Windows\System\svRDkZl.exe
  C:\Windows\System\svRDkZl.exe
  2⤵
  PID:6940
- C:\Windows\System\aNBcoKj.exe
  C:\Windows\System\aNBcoKj.exe
  2⤵
  PID:6960
- C:\Windows\System\LayNGaM.exe
  C:\Windows\System\LayNGaM.exe
  2⤵
  PID:6976
- C:\Windows\System\zxpMPfK.exe
  C:\Windows\System\zxpMPfK.exe
  2⤵
  PID:7000
- C:\Windows\System\mznEoLn.exe
  C:\Windows\System\mznEoLn.exe
  2⤵
  PID:7020
- C:\Windows\System\fwXEkFK.exe
  C:\Windows\System\fwXEkFK.exe
  2⤵
  PID:7044
- C:\Windows\System\ITQwLJf.exe
  C:\Windows\System\ITQwLJf.exe
  2⤵
  PID:7100
- C:\Windows\System\LIpjHGs.exe
  C:\Windows\System\LIpjHGs.exe
  2⤵
  PID:7116
- C:\Windows\System\XpVmhTl.exe
  C:\Windows\System\XpVmhTl.exe
  2⤵
  PID:7132
- C:\Windows\System\rZIBnrT.exe
  C:\Windows\System\rZIBnrT.exe
  2⤵
  PID:7152
- C:\Windows\System\ciIPfxU.exe
  C:\Windows\System\ciIPfxU.exe
  2⤵
  PID:5136
- C:\Windows\System\ImERfiC.exe
  C:\Windows\System\ImERfiC.exe
  2⤵
  PID:1576
- C:\Windows\System\UVJzBHl.exe
  C:\Windows\System\UVJzBHl.exe
  2⤵
  PID:5248
- C:\Windows\System\VRGbqAm.exe
  C:\Windows\System\VRGbqAm.exe
  2⤵
  PID:5444
- C:\Windows\System\VzDeTYK.exe
  C:\Windows\System\VzDeTYK.exe
  2⤵
  PID:5792
- C:\Windows\System\LXUycFK.exe
  C:\Windows\System\LXUycFK.exe
  2⤵
  PID:1276
- C:\Windows\System\Qurkufg.exe
  C:\Windows\System\Qurkufg.exe
  2⤵
  PID:5952
- C:\Windows\System\ioZrnNh.exe
  C:\Windows\System\ioZrnNh.exe
  2⤵
  PID:2448
- C:\Windows\System\KHERnvK.exe
  C:\Windows\System\KHERnvK.exe
  2⤵
  PID:6188
- C:\Windows\System\ZgKRcNV.exe
  C:\Windows\System\ZgKRcNV.exe
  2⤵
  PID:6224
- C:\Windows\System\DXDsqhu.exe
  C:\Windows\System\DXDsqhu.exe
  2⤵
  PID:624
- C:\Windows\System\kCPczUx.exe
  C:\Windows\System\kCPczUx.exe
  2⤵
  PID:6252
- C:\Windows\System\oxLDTdb.exe
  C:\Windows\System\oxLDTdb.exe
  2⤵
  PID:6292
- C:\Windows\System\VLQBBEK.exe
  C:\Windows\System\VLQBBEK.exe
  2⤵
  PID:2480
- C:\Windows\System\VeuVoSq.exe
  C:\Windows\System\VeuVoSq.exe
  2⤵
  PID:6344
- C:\Windows\System\IkJXrrT.exe
  C:\Windows\System\IkJXrrT.exe
  2⤵
  PID:6392
- C:\Windows\System\rTFSRRc.exe
  C:\Windows\System\rTFSRRc.exe
  2⤵
  PID:6432
- C:\Windows\System\EMGiQfD.exe
  C:\Windows\System\EMGiQfD.exe
  2⤵
  PID:6564
- C:\Windows\System\SGjjaZN.exe
  C:\Windows\System\SGjjaZN.exe
  2⤵
  PID:6588
- C:\Windows\System\blAzVvH.exe
  C:\Windows\System\blAzVvH.exe
  2⤵
  PID:6568
- C:\Windows\System\srMbkVX.exe
  C:\Windows\System\srMbkVX.exe
  2⤵
  PID:532
- C:\Windows\System\EuhijWF.exe
  C:\Windows\System\EuhijWF.exe
  2⤵
  PID:6668
- C:\Windows\System\DZaTWBw.exe
  C:\Windows\System\DZaTWBw.exe
  2⤵
  PID:6712
- C:\Windows\System\pKxrzmT.exe
  C:\Windows\System\pKxrzmT.exe
  2⤵
  PID:6688
- C:\Windows\System\yUtsHTy.exe
  C:\Windows\System\yUtsHTy.exe
  2⤵
  PID:6804
- C:\Windows\System\kPwevbK.exe
  C:\Windows\System\kPwevbK.exe
  2⤵
  PID:6844
- C:\Windows\System\HOWyZUj.exe
  C:\Windows\System\HOWyZUj.exe
  2⤵
  PID:6852
- C:\Windows\System\jYaTcyV.exe
  C:\Windows\System\jYaTcyV.exe
  2⤵
  PID:6912
- C:\Windows\System\GuHbmDx.exe
  C:\Windows\System\GuHbmDx.exe
  2⤵
  PID:6952
- C:\Windows\System\eZTwMzY.exe
  C:\Windows\System\eZTwMzY.exe
  2⤵
  PID:6888
- C:\Windows\System\ZZCJrxU.exe
  C:\Windows\System\ZZCJrxU.exe
  2⤵
  PID:7036
- C:\Windows\System\OAnnmqY.exe
  C:\Windows\System\OAnnmqY.exe
  2⤵
  PID:964
- C:\Windows\System\LdjCHzk.exe
  C:\Windows\System\LdjCHzk.exe
  2⤵
  PID:7012
- C:\Windows\System\CkIjqOC.exe
  C:\Windows\System\CkIjqOC.exe
  2⤵
  PID:7060
- C:\Windows\System\SvemYLt.exe
  C:\Windows\System\SvemYLt.exe
  2⤵
  PID:7084
- C:\Windows\System\KbLGFVX.exe
  C:\Windows\System\KbLGFVX.exe
  2⤵
  PID:7112
- C:\Windows\System\IkAlkex.exe
  C:\Windows\System\IkAlkex.exe
  2⤵
  PID:4564
- C:\Windows\System\gXccnlO.exe
  C:\Windows\System\gXccnlO.exe
  2⤵
  PID:1596
- C:\Windows\System\nFmgLTP.exe
  C:\Windows\System\nFmgLTP.exe
  2⤵
  PID:5748
- C:\Windows\System\FlVTyNP.exe
  C:\Windows\System\FlVTyNP.exe
  2⤵
  PID:2992
- C:\Windows\System\VNiqYbi.exe
  C:\Windows\System\VNiqYbi.exe
  2⤵
  PID:2132
- C:\Windows\System\lPtoEAQ.exe
  C:\Windows\System\lPtoEAQ.exe
  2⤵
  PID:4832
- C:\Windows\System\vwxhXvb.exe
  C:\Windows\System\vwxhXvb.exe
  2⤵
  PID:5772
- C:\Windows\System\yZdNhnG.exe
  C:\Windows\System\yZdNhnG.exe
  2⤵
  PID:6232
- C:\Windows\System\RXjXdVc.exe
  C:\Windows\System\RXjXdVc.exe
  2⤵
  PID:6364
- C:\Windows\System\CBaDLiu.exe
  C:\Windows\System\CBaDLiu.exe
  2⤵
  PID:6352
- C:\Windows\System\rFobyfR.exe
  C:\Windows\System\rFobyfR.exe
  2⤵
  PID:6424
- C:\Windows\System\AGRhXwe.exe
  C:\Windows\System\AGRhXwe.exe
  2⤵
  PID:6468
- C:\Windows\System\honXFnR.exe
  C:\Windows\System\honXFnR.exe
  2⤵
  PID:6500
- C:\Windows\System\CwLaPRG.exe
  C:\Windows\System\CwLaPRG.exe
  2⤵
  PID:6544
- C:\Windows\System\eOSyEqt.exe
  C:\Windows\System\eOSyEqt.exe
  2⤵
  PID:6384
- C:\Windows\System\gWsRUDs.exe
  C:\Windows\System\gWsRUDs.exe
  2⤵
  PID:6528
- C:\Windows\System\vKkPKYP.exe
  C:\Windows\System\vKkPKYP.exe
  2⤵
  PID:924
- C:\Windows\System\wPnZcOR.exe
  C:\Windows\System\wPnZcOR.exe
  2⤵
  PID:6584
- C:\Windows\System\HGCMAmA.exe
  C:\Windows\System\HGCMAmA.exe
  2⤵
  PID:6648
- C:\Windows\System\UgGWbbg.exe
  C:\Windows\System\UgGWbbg.exe
  2⤵
  PID:6684
- C:\Windows\System\LeCCXJj.exe
  C:\Windows\System\LeCCXJj.exe
  2⤵
  PID:920
- C:\Windows\System\feALWhs.exe
  C:\Windows\System\feALWhs.exe
  2⤵
  PID:6748
- C:\Windows\System\rxbMTfr.exe
  C:\Windows\System\rxbMTfr.exe
  2⤵
  PID:6932
- C:\Windows\System\wzlPFlo.exe
  C:\Windows\System\wzlPFlo.exe
  2⤵
  PID:2916
- C:\Windows\System\qRPAaYU.exe
  C:\Windows\System\qRPAaYU.exe
  2⤵
  PID:7108
- C:\Windows\System\rLtgqcm.exe
  C:\Windows\System\rLtgqcm.exe
  2⤵
  PID:6928
- C:\Windows\System\kcHXbvH.exe
  C:\Windows\System\kcHXbvH.exe
  2⤵
  PID:6152
- C:\Windows\System\rTcRQma.exe
  C:\Windows\System\rTcRQma.exe
  2⤵
  PID:7008
- C:\Windows\System\nrLlaxV.exe
  C:\Windows\System\nrLlaxV.exe
  2⤵
  PID:2428
- C:\Windows\System\BhBYsFH.exe
  C:\Windows\System\BhBYsFH.exe
  2⤵
  PID:7140
- C:\Windows\System\hGfJZvt.exe
  C:\Windows\System\hGfJZvt.exe
  2⤵
  PID:6056
- C:\Windows\System\JsZLWwZ.exe
  C:\Windows\System\JsZLWwZ.exe
  2⤵
  PID:6168
- C:\Windows\System\AYiKStJ.exe
  C:\Windows\System\AYiKStJ.exe
  2⤵
  PID:2088
- C:\Windows\System\dskIOUy.exe
  C:\Windows\System\dskIOUy.exe
  2⤵
  PID:6512
- C:\Windows\System\NNFTbbJ.exe
  C:\Windows\System\NNFTbbJ.exe
  2⤵
  PID:5864
- C:\Windows\System\aVfdVnE.exe
  C:\Windows\System\aVfdVnE.exe
  2⤵
  PID:6244
- C:\Windows\System\oFVKOXv.exe
  C:\Windows\System\oFVKOXv.exe
  2⤵
  PID:2556
- C:\Windows\System\OsdXlZb.exe
  C:\Windows\System\OsdXlZb.exe
  2⤵
  PID:6452
- C:\Windows\System\IDnXeeD.exe
  C:\Windows\System\IDnXeeD.exe
  2⤵
  PID:6628
- C:\Windows\System\PgxZuux.exe
  C:\Windows\System\PgxZuux.exe
  2⤵
  PID:6652
- C:\Windows\System\ubCMzNM.exe
  C:\Windows\System\ubCMzNM.exe
  2⤵
  PID:2388
- C:\Windows\System\RKrYMlA.exe
  C:\Windows\System\RKrYMlA.exe
  2⤵
  PID:6828
- C:\Windows\System\QyqioRa.exe
  C:\Windows\System\QyqioRa.exe
  2⤵
  PID:6472
- C:\Windows\System\nRHlAwZ.exe
  C:\Windows\System\nRHlAwZ.exe
  2⤵
  PID:6972
- C:\Windows\System\mtBSqly.exe
  C:\Windows\System\mtBSqly.exe
  2⤵
  PID:7040
- C:\Windows\System\iaCBufl.exe
  C:\Windows\System\iaCBufl.exe
  2⤵
  PID:912
- C:\Windows\System\FefWUZr.exe
  C:\Windows\System\FefWUZr.exe
  2⤵
  PID:6968
- C:\Windows\System\NdqTcOg.exe
  C:\Windows\System\NdqTcOg.exe
  2⤵
  PID:736
- C:\Windows\System\BatTEep.exe
  C:\Windows\System\BatTEep.exe
  2⤵
  PID:5360
- C:\Windows\System\BKqZkWT.exe
  C:\Windows\System\BKqZkWT.exe
  2⤵
  PID:1080
- C:\Windows\System\DiuuLFY.exe
  C:\Windows\System\DiuuLFY.exe
  2⤵
  PID:6504
- C:\Windows\System\dsiVhTi.exe
  C:\Windows\System\dsiVhTi.exe
  2⤵
  PID:6268
- C:\Windows\System\AWNUSaL.exe
  C:\Windows\System\AWNUSaL.exe
  2⤵
  PID:6624
- C:\Windows\System\YNajIrU.exe
  C:\Windows\System\YNajIrU.exe
  2⤵
  PID:6408
- C:\Windows\System\vwQLByT.exe
  C:\Windows\System\vwQLByT.exe
  2⤵
  PID:7076
- C:\Windows\System\KcTkrMU.exe
  C:\Windows\System\KcTkrMU.exe
  2⤵
  PID:2804
- C:\Windows\System\boPbxrM.exe
  C:\Windows\System\boPbxrM.exe
  2⤵
  PID:6448
- C:\Windows\System\ovPIuxQ.exe
  C:\Windows\System\ovPIuxQ.exe
  2⤵
  PID:6808
- C:\Windows\System\ULljQyk.exe
  C:\Windows\System\ULljQyk.exe
  2⤵
  PID:6956
- C:\Windows\System\mzBcgPG.exe
  C:\Windows\System\mzBcgPG.exe
  2⤵
  PID:7124
- C:\Windows\System\JzdUDBN.exe
  C:\Windows\System\JzdUDBN.exe
  2⤵
  PID:6632
- C:\Windows\System\WbuGgRp.exe
  C:\Windows\System\WbuGgRp.exe
  2⤵
  PID:1884
- C:\Windows\System\hjcMGan.exe
  C:\Windows\System\hjcMGan.exe
  2⤵
  PID:1436
- C:\Windows\System\tKQTVpo.exe
  C:\Windows\System\tKQTVpo.exe
  2⤵
  PID:6872
- C:\Windows\System\AXPfqtl.exe
  C:\Windows\System\AXPfqtl.exe
  2⤵
  PID:6420
- C:\Windows\System\yFGOted.exe
  C:\Windows\System\yFGOted.exe
  2⤵
  PID:6824
- C:\Windows\System\ROLpvJw.exe
  C:\Windows\System\ROLpvJw.exe
  2⤵
  PID:6892
- C:\Windows\System\vJLpTXn.exe
  C:\Windows\System\vJLpTXn.exe
  2⤵
  PID:6388
- C:\Windows\System\BaMWdLh.exe
  C:\Windows\System\BaMWdLh.exe
  2⤵
  PID:7188
- C:\Windows\System\rtkDzey.exe
  C:\Windows\System\rtkDzey.exe
  2⤵
  PID:7204
- C:\Windows\System\MMDubhY.exe
  C:\Windows\System\MMDubhY.exe
  2⤵
  PID:7224
- C:\Windows\System\GdnQWci.exe
  C:\Windows\System\GdnQWci.exe
  2⤵
  PID:7240
- C:\Windows\System\zQPcVev.exe
  C:\Windows\System\zQPcVev.exe
  2⤵
  PID:7292
- C:\Windows\System\kztKVSZ.exe
  C:\Windows\System\kztKVSZ.exe
  2⤵
  PID:7308
- C:\Windows\System\xkVgGnw.exe
  C:\Windows\System\xkVgGnw.exe
  2⤵
  PID:7324
- C:\Windows\System\XENkhjL.exe
  C:\Windows\System\XENkhjL.exe
  2⤵
  PID:7344
- C:\Windows\System\EjepqFX.exe
  C:\Windows\System\EjepqFX.exe
  2⤵
  PID:7360
- C:\Windows\System\mWEVuuu.exe
  C:\Windows\System\mWEVuuu.exe
  2⤵
  PID:7380
- C:\Windows\System\PElYIaI.exe
  C:\Windows\System\PElYIaI.exe
  2⤵
  PID:7396
- C:\Windows\System\FJeRfGD.exe
  C:\Windows\System\FJeRfGD.exe
  2⤵
  PID:7416
- C:\Windows\System\WvtpsIe.exe
  C:\Windows\System\WvtpsIe.exe
  2⤵
  PID:7436
- C:\Windows\System\BovJWUr.exe
  C:\Windows\System\BovJWUr.exe
  2⤵
  PID:7452
- C:\Windows\System\wASJPdc.exe
  C:\Windows\System\wASJPdc.exe
  2⤵
  PID:7472
- C:\Windows\System\jRfGgMU.exe
  C:\Windows\System\jRfGgMU.exe
  2⤵
  PID:7492
- C:\Windows\System\rymUdkm.exe
  C:\Windows\System\rymUdkm.exe
  2⤵
  PID:7508
- C:\Windows\System\ESduRTG.exe
  C:\Windows\System\ESduRTG.exe
  2⤵
  PID:7552
- C:\Windows\System\zkEuPbS.exe
  C:\Windows\System\zkEuPbS.exe
  2⤵
  PID:7568
- C:\Windows\System\osNtSpv.exe
  C:\Windows\System\osNtSpv.exe
  2⤵
  PID:7584
- C:\Windows\System\djFQFYR.exe
  C:\Windows\System\djFQFYR.exe
  2⤵
  PID:7604
- C:\Windows\System\TAhnvuX.exe
  C:\Windows\System\TAhnvuX.exe
  2⤵
  PID:7620
- C:\Windows\System\iSoxQsS.exe
  C:\Windows\System\iSoxQsS.exe
  2⤵
  PID:7636
- C:\Windows\System\feEIrBH.exe
  C:\Windows\System\feEIrBH.exe
  2⤵
  PID:7660
- C:\Windows\System\pdQwqRu.exe
  C:\Windows\System\pdQwqRu.exe
  2⤵
  PID:7676
- C:\Windows\System\YczztpY.exe
  C:\Windows\System\YczztpY.exe
  2⤵
  PID:7708
- C:\Windows\System\OdyyNBs.exe
  C:\Windows\System\OdyyNBs.exe
  2⤵
  PID:7728
- C:\Windows\System\LnIAWoo.exe
  C:\Windows\System\LnIAWoo.exe
  2⤵
  PID:7748
- C:\Windows\System\QkrZGvh.exe
  C:\Windows\System\QkrZGvh.exe
  2⤵
  PID:7772
- C:\Windows\System\jCUTVOd.exe
  C:\Windows\System\jCUTVOd.exe
  2⤵
  PID:7796
- C:\Windows\System\HvyONXO.exe
  C:\Windows\System\HvyONXO.exe
  2⤵
  PID:7812
- C:\Windows\System\fINeMBN.exe
  C:\Windows\System\fINeMBN.exe
  2⤵
  PID:7828
- C:\Windows\System\GkTqOjz.exe
  C:\Windows\System\GkTqOjz.exe
  2⤵
  PID:7844
- C:\Windows\System\kInoydO.exe
  C:\Windows\System\kInoydO.exe
  2⤵
  PID:7864
- C:\Windows\System\OroxjWC.exe
  C:\Windows\System\OroxjWC.exe
  2⤵
  PID:7884
- C:\Windows\System\zCKyVBB.exe
  C:\Windows\System\zCKyVBB.exe
  2⤵
  PID:7900
- C:\Windows\System\Ozbdzfq.exe
  C:\Windows\System\Ozbdzfq.exe
  2⤵
  PID:7916
- C:\Windows\System\lLWRqmQ.exe
  C:\Windows\System\lLWRqmQ.exe
  2⤵
  PID:7940
- C:\Windows\System\xUcaQBM.exe
  C:\Windows\System\xUcaQBM.exe
  2⤵
  PID:7956
- C:\Windows\System\anmxWBJ.exe
  C:\Windows\System\anmxWBJ.exe
  2⤵
  PID:7972
- C:\Windows\System\yZFtTgz.exe
  C:\Windows\System\yZFtTgz.exe
  2⤵
  PID:7988
- C:\Windows\System\ibdBlNe.exe
  C:\Windows\System\ibdBlNe.exe
  2⤵
  PID:8012
- C:\Windows\System\PaaTHYw.exe
  C:\Windows\System\PaaTHYw.exe
  2⤵
  PID:8032
- C:\Windows\System\tIyjimm.exe
  C:\Windows\System\tIyjimm.exe
  2⤵
  PID:8048
- C:\Windows\System\hwuKnFI.exe
  C:\Windows\System\hwuKnFI.exe
  2⤵
  PID:8064
- C:\Windows\System\OgoaOKx.exe
  C:\Windows\System\OgoaOKx.exe
  2⤵
  PID:8088
- C:\Windows\System\NylFtOk.exe
  C:\Windows\System\NylFtOk.exe
  2⤵
  PID:8108
- C:\Windows\System\RbTUlvP.exe
  C:\Windows\System\RbTUlvP.exe
  2⤵
  PID:8128
- C:\Windows\System\mSmCrYX.exe
  C:\Windows\System\mSmCrYX.exe
  2⤵
  PID:8172
- C:\Windows\System\GDetBke.exe
  C:\Windows\System\GDetBke.exe
  2⤵
  PID:8188
- C:\Windows\System\MQHGGXV.exe
  C:\Windows\System\MQHGGXV.exe
  2⤵
  PID:5628
- C:\Windows\System\CcDkOsv.exe
  C:\Windows\System\CcDkOsv.exe
  2⤵
  PID:2788
- C:\Windows\System\ZeufzYQ.exe
  C:\Windows\System\ZeufzYQ.exe
  2⤵
  PID:7180
- C:\Windows\System\mOjydSW.exe
  C:\Windows\System\mOjydSW.exe
  2⤵
  PID:7220
- C:\Windows\System\JtwVRwe.exe
  C:\Windows\System\JtwVRwe.exe
  2⤵
  PID:7272
- C:\Windows\System\CiksULy.exe
  C:\Windows\System\CiksULy.exe
  2⤵
  PID:7288
- C:\Windows\System\XRMIgxF.exe
  C:\Windows\System\XRMIgxF.exe
  2⤵
  PID:6212
- C:\Windows\System\IASRhqF.exe
  C:\Windows\System\IASRhqF.exe
  2⤵
  PID:7428
- C:\Windows\System\UQvPGQD.exe
  C:\Windows\System\UQvPGQD.exe
  2⤵
  PID:1260
- C:\Windows\System\uYEnVmB.exe
  C:\Windows\System\uYEnVmB.exe
  2⤵
  PID:7232
- C:\Windows\System\UpHZvup.exe
  C:\Windows\System\UpHZvup.exe
  2⤵
  PID:7560
- C:\Windows\System\EfcfFSc.exe
  C:\Windows\System\EfcfFSc.exe
  2⤵
  PID:7596
- C:\Windows\System\glKGmkZ.exe
  C:\Windows\System\glKGmkZ.exe
  2⤵
  PID:7368
- C:\Windows\System\dGptZQm.exe
  C:\Windows\System\dGptZQm.exe
  2⤵
  PID:7332
- C:\Windows\System\IzKxwSe.exe
  C:\Windows\System\IzKxwSe.exe
  2⤵
  PID:7716
- C:\Windows\System\quNTmae.exe
  C:\Windows\System\quNTmae.exe
  2⤵
  PID:7764
- C:\Windows\System\RVetCbH.exe
  C:\Windows\System\RVetCbH.exe
  2⤵
  PID:7408
- C:\Windows\System\LAnPmFu.exe
  C:\Windows\System\LAnPmFu.exe
  2⤵
  PID:7480
- C:\Windows\System\usOZZwD.exe
  C:\Windows\System\usOZZwD.exe
  2⤵
  PID:7528
- C:\Windows\System\NylalCb.exe
  C:\Windows\System\NylalCb.exe
  2⤵
  PID:7532
- C:\Windows\System\AqVFCUP.exe
  C:\Windows\System\AqVFCUP.exe
  2⤵
  PID:7520
- C:\Windows\System\Wjqkgpa.exe
  C:\Windows\System\Wjqkgpa.exe
  2⤵
  PID:7652
- C:\Windows\System\jnYRlJL.exe
  C:\Windows\System\jnYRlJL.exe
  2⤵
  PID:7692
- C:\Windows\System\JWYlbwy.exe
  C:\Windows\System\JWYlbwy.exe
  2⤵
  PID:7740
- C:\Windows\System\LclwOoW.exe
  C:\Windows\System\LclwOoW.exe
  2⤵
  PID:7768
- C:\Windows\System\kEDQVnX.exe
  C:\Windows\System\kEDQVnX.exe
  2⤵
  PID:7804
- C:\Windows\System\GToLtVd.exe
  C:\Windows\System\GToLtVd.exe
  2⤵
  PID:7860
- C:\Windows\System\ByTTJuk.exe
  C:\Windows\System\ByTTJuk.exe
  2⤵
  PID:7876
- C:\Windows\System\mWQaPYA.exe
  C:\Windows\System\mWQaPYA.exe
  2⤵
  PID:7984
- C:\Windows\System\dOMlHXi.exe
  C:\Windows\System\dOMlHXi.exe
  2⤵
  PID:7820
- C:\Windows\System\zwPtcGz.exe
  C:\Windows\System\zwPtcGz.exe
  2⤵
  PID:8024
- C:\Windows\System\ThxeQLY.exe
  C:\Windows\System\ThxeQLY.exe
  2⤵
  PID:8104
- C:\Windows\System\vgGmdyQ.exe
  C:\Windows\System\vgGmdyQ.exe
  2⤵
  PID:8148
- C:\Windows\System\wtsMXfH.exe
  C:\Windows\System\wtsMXfH.exe
  2⤵
  PID:7996
- C:\Windows\System\joFgLab.exe
  C:\Windows\System\joFgLab.exe
  2⤵
  PID:7896
- C:\Windows\System\KZiwVze.exe
  C:\Windows\System\KZiwVze.exe
  2⤵
  PID:7928
- C:\Windows\System\qbYHZOm.exe
  C:\Windows\System\qbYHZOm.exe
  2⤵
  PID:7968
- C:\Windows\System\fGxwjfD.exe
  C:\Windows\System\fGxwjfD.exe
  2⤵
  PID:8040
- C:\Windows\System\LApRcLB.exe
  C:\Windows\System\LApRcLB.exe
  2⤵
  PID:8080
- C:\Windows\System\dFBFaur.exe
  C:\Windows\System\dFBFaur.exe
  2⤵
  PID:6328
- C:\Windows\System\qNJcvXO.exe
  C:\Windows\System\qNJcvXO.exe
  2⤵
  PID:7256
- C:\Windows\System\eMBFNyo.exe
  C:\Windows\System\eMBFNyo.exe
  2⤵
  PID:6148
- C:\Windows\System\CEfBZWR.exe
  C:\Windows\System\CEfBZWR.exe
  2⤵
  PID:5504
- C:\Windows\System\llAduwy.exe
  C:\Windows\System\llAduwy.exe
  2⤵
  PID:7284
- C:\Windows\System\LsNxyRD.exe
  C:\Windows\System\LsNxyRD.exe
  2⤵
  PID:7352
- C:\Windows\System\DXcxRNF.exe
  C:\Windows\System\DXcxRNF.exe
  2⤵
  PID:7388
- C:\Windows\System\XURHUme.exe
  C:\Windows\System\XURHUme.exe
  2⤵
  PID:7504
- C:\Windows\System\FDcirvm.exe
  C:\Windows\System\FDcirvm.exe
  2⤵
  PID:7200
- C:\Windows\System\HVqZDwM.exe
  C:\Windows\System\HVqZDwM.exe
  2⤵
  PID:7628
- C:\Windows\System\GnWnPBO.exe
  C:\Windows\System\GnWnPBO.exe
  2⤵
  PID:7376
- C:\Windows\System\QvfCGek.exe
  C:\Windows\System\QvfCGek.exe
  2⤵
  PID:7524
- C:\Windows\System\oVyJwBo.exe
  C:\Windows\System\oVyJwBo.exe
  2⤵
  PID:7444
- C:\Windows\System\rSBHYvm.exe
  C:\Windows\System\rSBHYvm.exe
  2⤵
  PID:7616
- C:\Windows\System\NrNDakL.exe
  C:\Windows\System\NrNDakL.exe
  2⤵
  PID:7840
- C:\Windows\System\cpXqzSD.exe
  C:\Windows\System\cpXqzSD.exe
  2⤵
  PID:8140
- C:\Windows\System\XTCpOPF.exe
  C:\Windows\System\XTCpOPF.exe
  2⤵
  PID:7704
- C:\Windows\System\GULTwbj.exe
  C:\Windows\System\GULTwbj.exe
  2⤵
  PID:7872
- C:\Windows\System\bqYiUPg.exe
  C:\Windows\System\bqYiUPg.exe
  2⤵
  PID:8100
- C:\Windows\System\muYCiAw.exe
  C:\Windows\System\muYCiAw.exe
  2⤵
  PID:7460
- C:\Windows\System\OGfZSFR.exe
  C:\Windows\System\OGfZSFR.exe
  2⤵
  PID:8076
- C:\Windows\System\gFLQdkl.exe
  C:\Windows\System\gFLQdkl.exe
  2⤵
  PID:6992
- C:\Windows\System\ZOyxmnK.exe
  C:\Windows\System\ZOyxmnK.exe
  2⤵
  PID:6368
- C:\Windows\System\fCfmFxF.exe
  C:\Windows\System\fCfmFxF.exe
  2⤵
  PID:8164
- C:\Windows\System\uwiSRWo.exe
  C:\Windows\System\uwiSRWo.exe
  2⤵
  PID:7264
- C:\Windows\System\LJXskQO.exe
  C:\Windows\System\LJXskQO.exe
  2⤵
  PID:7780
- C:\Windows\System\LKBKEwr.exe
  C:\Windows\System\LKBKEwr.exe
  2⤵
  PID:7592
- C:\Windows\System\RuQHFWo.exe
  C:\Windows\System\RuQHFWo.exe
  2⤵
  PID:7516
- C:\Windows\System\DaMSWfr.exe
  C:\Windows\System\DaMSWfr.exe
  2⤵
  PID:7644
- C:\Windows\System\YxYHyvE.exe
  C:\Windows\System\YxYHyvE.exe
  2⤵
  PID:7952
- C:\Windows\System\WrQVRLu.exe
  C:\Windows\System\WrQVRLu.exe
  2⤵
  PID:7736
- C:\Windows\System\JVDnDyr.exe
  C:\Windows\System\JVDnDyr.exe
  2⤵
  PID:8096
- C:\Windows\System\LFpQBsu.exe
  C:\Windows\System\LFpQBsu.exe
  2⤵
  PID:6792
- C:\Windows\System\uyvhnFG.exe
  C:\Windows\System\uyvhnFG.exe
  2⤵
  PID:8184
- C:\Windows\System\UpmIMoI.exe
  C:\Windows\System\UpmIMoI.exe
  2⤵
  PID:7216
- C:\Windows\System\DqPvwkV.exe
  C:\Windows\System\DqPvwkV.exe
  2⤵
  PID:8120
- C:\Windows\System\VnvhPhN.exe
  C:\Windows\System\VnvhPhN.exe
  2⤵
  PID:7672
- C:\Windows\System\oYdLIND.exe
  C:\Windows\System\oYdLIND.exe
  2⤵
  PID:7700
- C:\Windows\System\fcIntcb.exe
  C:\Windows\System\fcIntcb.exe
  2⤵
  PID:7612
- C:\Windows\System\QmIVZta.exe
  C:\Windows\System\QmIVZta.exe
  2⤵
  PID:7760
- C:\Windows\System\nDZScey.exe
  C:\Windows\System\nDZScey.exe
  2⤵
  PID:7164
- C:\Windows\System\eDupWvs.exe
  C:\Windows\System\eDupWvs.exe
  2⤵
  PID:7304
- C:\Windows\System\OKSaPwo.exe
  C:\Windows\System\OKSaPwo.exe
  2⤵
  PID:7948
- C:\Windows\System\KXzucYc.exe
  C:\Windows\System\KXzucYc.exe
  2⤵
  PID:7300
- C:\Windows\System\CPpVjJH.exe
  C:\Windows\System\CPpVjJH.exe
  2⤵
  PID:8208
- C:\Windows\System\lAgOtiL.exe
  C:\Windows\System\lAgOtiL.exe
  2⤵
  PID:8224
- C:\Windows\System\gLrXkOI.exe
  C:\Windows\System\gLrXkOI.exe
  2⤵
  PID:8240
- C:\Windows\System\xskfVRu.exe
  C:\Windows\System\xskfVRu.exe
  2⤵
  PID:8256
- C:\Windows\System\wyjlFTv.exe
  C:\Windows\System\wyjlFTv.exe
  2⤵
  PID:8272
- C:\Windows\System\DUmitWj.exe
  C:\Windows\System\DUmitWj.exe
  2⤵
  PID:8288
- C:\Windows\System\ZSPQvMk.exe
  C:\Windows\System\ZSPQvMk.exe
  2⤵
  PID:8304
- C:\Windows\System\UZudeTx.exe
  C:\Windows\System\UZudeTx.exe
  2⤵
  PID:8320
- C:\Windows\System\Bwwfqmw.exe
  C:\Windows\System\Bwwfqmw.exe
  2⤵
  PID:8336
- C:\Windows\System\SmJDtVd.exe
  C:\Windows\System\SmJDtVd.exe
  2⤵
  PID:8352
- C:\Windows\System\HgHNbeb.exe
  C:\Windows\System\HgHNbeb.exe
  2⤵
  PID:8368
- C:\Windows\System\qfNgVLm.exe
  C:\Windows\System\qfNgVLm.exe
  2⤵
  PID:8384
- C:\Windows\System\frYmCwP.exe
  C:\Windows\System\frYmCwP.exe
  2⤵
  PID:8400
- C:\Windows\System\HKMcQsY.exe
  C:\Windows\System\HKMcQsY.exe
  2⤵
  PID:8416
- C:\Windows\System\PFhszSH.exe
  C:\Windows\System\PFhszSH.exe
  2⤵
  PID:8432
- C:\Windows\System\RwscpQq.exe
  C:\Windows\System\RwscpQq.exe
  2⤵
  PID:8448
- C:\Windows\System\BEjPxms.exe
  C:\Windows\System\BEjPxms.exe
  2⤵
  PID:8464
- C:\Windows\System\zbGNlFj.exe
  C:\Windows\System\zbGNlFj.exe
  2⤵
  PID:8480
- C:\Windows\System\ajjGWoC.exe
  C:\Windows\System\ajjGWoC.exe
  2⤵
  PID:8496
- C:\Windows\System\scCZgRb.exe
  C:\Windows\System\scCZgRb.exe
  2⤵
  PID:8512
- C:\Windows\System\zZdQHsy.exe
  C:\Windows\System\zZdQHsy.exe
  2⤵
  PID:8528
- C:\Windows\System\ypdhfIe.exe
  C:\Windows\System\ypdhfIe.exe
  2⤵
  PID:8544
- C:\Windows\System\vlwOoJF.exe
  C:\Windows\System\vlwOoJF.exe
  2⤵
  PID:8564
- C:\Windows\System\lGuZgfG.exe
  C:\Windows\System\lGuZgfG.exe
  2⤵
  PID:8580
- C:\Windows\System\GBhogoK.exe
  C:\Windows\System\GBhogoK.exe
  2⤵
  PID:8596
- C:\Windows\System\EEzwysB.exe
  C:\Windows\System\EEzwysB.exe
  2⤵
  PID:8612
- C:\Windows\System\aITKcZU.exe
  C:\Windows\System\aITKcZU.exe
  2⤵
  PID:8628
- C:\Windows\System\pVkLIrT.exe
  C:\Windows\System\pVkLIrT.exe
  2⤵
  PID:8644
- C:\Windows\System\CdzILGy.exe
  C:\Windows\System\CdzILGy.exe
  2⤵
  PID:8660
- C:\Windows\System\XYMTUql.exe
  C:\Windows\System\XYMTUql.exe
  2⤵
  PID:8676
- C:\Windows\System\xOYcVGD.exe
  C:\Windows\System\xOYcVGD.exe
  2⤵
  PID:8692
- C:\Windows\System\bdpfBar.exe
  C:\Windows\System\bdpfBar.exe
  2⤵
  PID:8708
- C:\Windows\System\TUGLxYZ.exe
  C:\Windows\System\TUGLxYZ.exe
  2⤵
  PID:8724
- C:\Windows\System\LPtErFw.exe
  C:\Windows\System\LPtErFw.exe
  2⤵
  PID:8740
- C:\Windows\System\rnJXTjd.exe
  C:\Windows\System\rnJXTjd.exe
  2⤵
  PID:8756
- C:\Windows\System\TfwNwDR.exe
  C:\Windows\System\TfwNwDR.exe
  2⤵
  PID:8772
- C:\Windows\System\CrKVsag.exe
  C:\Windows\System\CrKVsag.exe
  2⤵
  PID:8788
- C:\Windows\System\nYcMaEZ.exe
  C:\Windows\System\nYcMaEZ.exe
  2⤵
  PID:8804
- C:\Windows\System\mAhOSVL.exe
  C:\Windows\System\mAhOSVL.exe
  2⤵
  PID:8820
- C:\Windows\System\FmqetNU.exe
  C:\Windows\System\FmqetNU.exe
  2⤵
  PID:8836
- C:\Windows\System\OtfSQoA.exe
  C:\Windows\System\OtfSQoA.exe
  2⤵
  PID:8852
- C:\Windows\System\tPLfGju.exe
  C:\Windows\System\tPLfGju.exe
  2⤵
  PID:8868
- C:\Windows\System\tzclRlx.exe
  C:\Windows\System\tzclRlx.exe
  2⤵
  PID:8884
- C:\Windows\System\ILJcRKa.exe
  C:\Windows\System\ILJcRKa.exe
  2⤵
  PID:8908
- C:\Windows\System\rUAYZlQ.exe
  C:\Windows\System\rUAYZlQ.exe
  2⤵
  PID:8940
- C:\Windows\System\fTsbhER.exe
  C:\Windows\System\fTsbhER.exe
  2⤵
  PID:8956
- C:\Windows\System\XQRfayY.exe
  C:\Windows\System\XQRfayY.exe
  2⤵
  PID:8972
- C:\Windows\System\LFsULhB.exe
  C:\Windows\System\LFsULhB.exe
  2⤵
  PID:8988
- C:\Windows\System\cziIpqu.exe
  C:\Windows\System\cziIpqu.exe
  2⤵
  PID:9004
- C:\Windows\System\QlUtSav.exe
  C:\Windows\System\QlUtSav.exe
  2⤵
  PID:9048
- C:\Windows\System\lhssAdk.exe
  C:\Windows\System\lhssAdk.exe
  2⤵
  PID:9084
- C:\Windows\System\aaXQrxY.exe
  C:\Windows\System\aaXQrxY.exe
  2⤵
  PID:9112
- C:\Windows\System\hNCrGCL.exe
  C:\Windows\System\hNCrGCL.exe
  2⤵
  PID:9136
- C:\Windows\System\TenZtGn.exe
  C:\Windows\System\TenZtGn.exe
  2⤵
  PID:9152
- C:\Windows\System\DZnpmwn.exe
  C:\Windows\System\DZnpmwn.exe
  2⤵
  PID:9168
- C:\Windows\System\LitNwjf.exe
  C:\Windows\System\LitNwjf.exe
  2⤵
  PID:9184
- C:\Windows\System\WLHOebA.exe
  C:\Windows\System\WLHOebA.exe
  2⤵
  PID:9200
- C:\Windows\System\LSeITyK.exe
  C:\Windows\System\LSeITyK.exe
  2⤵
  PID:8216
- C:\Windows\System\BrIDSLE.exe
  C:\Windows\System\BrIDSLE.exe
  2⤵
  PID:7340
- C:\Windows\System\OGPwTeN.exe
  C:\Windows\System\OGPwTeN.exe
  2⤵
  PID:8252
- C:\Windows\System\euQaSAW.exe
  C:\Windows\System\euQaSAW.exe
  2⤵
  PID:8316
- C:\Windows\System\iqvwQiY.exe
  C:\Windows\System\iqvwQiY.exe
  2⤵
  PID:8268
- C:\Windows\System\nTvZrgd.exe
  C:\Windows\System\nTvZrgd.exe
  2⤵
  PID:8348
- C:\Windows\System\cBXoCgN.exe
  C:\Windows\System\cBXoCgN.exe
  2⤵
  PID:8412
- C:\Windows\System\HIOGWIa.exe
  C:\Windows\System\HIOGWIa.exe
  2⤵
  PID:8476
- C:\Windows\System\sYJrcJM.exe
  C:\Windows\System\sYJrcJM.exe
  2⤵
  PID:8540
- C:\Windows\System\qAiwnjR.exe
  C:\Windows\System\qAiwnjR.exe
  2⤵
  PID:8364
- C:\Windows\System\MusjPEk.exe
  C:\Windows\System\MusjPEk.exe
  2⤵
  PID:8608
- C:\Windows\System\SdopuzU.exe
  C:\Windows\System\SdopuzU.exe
  2⤵
  PID:8460
- C:\Windows\System\zSkvePy.exe
  C:\Windows\System\zSkvePy.exe
  2⤵
  PID:8560
- C:\Windows\System\vracNnV.exe
  C:\Windows\System\vracNnV.exe
  2⤵
  PID:8492
- C:\Windows\System\srnTiSh.exe
  C:\Windows\System\srnTiSh.exe
  2⤵
  PID:8672
- C:\Windows\System\NsWKhmm.exe
  C:\Windows\System\NsWKhmm.exe
  2⤵
  PID:8736
- C:\Windows\System\wSxQDeP.exe
  C:\Windows\System\wSxQDeP.exe
  2⤵
  PID:8796
- C:\Windows\System\QMCodkD.exe
  C:\Windows\System\QMCodkD.exe
  2⤵
  PID:8652
- C:\Windows\System\pTkGYbg.exe
  C:\Windows\System\pTkGYbg.exe
  2⤵
  PID:8716
- C:\Windows\System\ZtlSgez.exe
  C:\Windows\System\ZtlSgez.exe
  2⤵
  PID:6784
- C:\Windows\System\GYulZKm.exe
  C:\Windows\System\GYulZKm.exe
  2⤵
  PID:8752
- C:\Windows\System\bJFjrvs.exe
  C:\Windows\System\bJFjrvs.exe
  2⤵
  PID:8784
- C:\Windows\System\GPNZvAN.exe
  C:\Windows\System\GPNZvAN.exe
  2⤵
  PID:8892
- C:\Windows\System\jgdVydJ.exe
  C:\Windows\System\jgdVydJ.exe
  2⤵
  PID:1776
- C:\Windows\System\eqHXFyk.exe
  C:\Windows\System\eqHXFyk.exe
  2⤵
  PID:1248
- C:\Windows\System\itxzFkH.exe
  C:\Windows\System\itxzFkH.exe
  2⤵
  PID:8116
- C:\Windows\System\FWhbdNP.exe
  C:\Windows\System\FWhbdNP.exe
  2⤵
  PID:8948
- C:\Windows\System\PFAkDrd.exe
  C:\Windows\System\PFAkDrd.exe
  2⤵
  PID:8980
- C:\Windows\System\unpQhwJ.exe
  C:\Windows\System\unpQhwJ.exe
  2⤵
  PID:9000
- C:\Windows\System\FlaTHdW.exe
  C:\Windows\System\FlaTHdW.exe
  2⤵
  PID:9092
- C:\Windows\System\WIcZStY.exe
  C:\Windows\System\WIcZStY.exe
  2⤵
  PID:9044
- C:\Windows\System\zKfiIsR.exe
  C:\Windows\System\zKfiIsR.exe
  2⤵
  PID:9104
- C:\Windows\System\vYnIyoo.exe
  C:\Windows\System\vYnIyoo.exe
  2⤵
  PID:9180
- C:\Windows\System\aCLtgAm.exe
  C:\Windows\System\aCLtgAm.exe
  2⤵
  PID:9120
- C:\Windows\System\JzThBob.exe
  C:\Windows\System\JzThBob.exe
  2⤵
  PID:9072
- C:\Windows\System\iuZyXPT.exe
  C:\Windows\System\iuZyXPT.exe
  2⤵
  PID:9192
- C:\Windows\System\vQrfKjx.exe
  C:\Windows\System\vQrfKjx.exe
  2⤵
  PID:9160
- C:\Windows\System\jZUmDJZ.exe
  C:\Windows\System\jZUmDJZ.exe
  2⤵
  PID:8928
- C:\Windows\System\kPeAAza.exe
  C:\Windows\System\kPeAAza.exe
  2⤵
  PID:8264
- C:\Windows\System\ZAAjyFC.exe
  C:\Windows\System\ZAAjyFC.exe
  2⤵
  PID:1160
- C:\Windows\System\tLguWxL.exe
  C:\Windows\System\tLguWxL.exe
  2⤵
  PID:8280
- C:\Windows\System\pRRZzBh.exe
  C:\Windows\System\pRRZzBh.exe
  2⤵
  PID:8444
- C:\Windows\System\IVLLqsG.exe
  C:\Windows\System\IVLLqsG.exe
  2⤵
  PID:8536
- C:\Windows\System\eRstdzQ.exe
  C:\Windows\System\eRstdzQ.exe
  2⤵
  PID:8640
- C:\Windows\System\RsJjyxN.exe
  C:\Windows\System\RsJjyxN.exe
  2⤵
  PID:8520
- C:\Windows\System\TYBCsdS.exe
  C:\Windows\System\TYBCsdS.exe
  2⤵
  PID:8732
- C:\Windows\System\ZJqCzjx.exe
  C:\Windows\System\ZJqCzjx.exe
  2⤵
  PID:8624
- C:\Windows\System\qmXJbdx.exe
  C:\Windows\System\qmXJbdx.exe
  2⤵
  PID:8828
- C:\Windows\System\fwezaLU.exe
  C:\Windows\System\fwezaLU.exe
  2⤵
  PID:8748
- C:\Windows\System\MBjWurW.exe
  C:\Windows\System\MBjWurW.exe
  2⤵
  PID:2756
- C:\Windows\System\VOYJfqx.exe
  C:\Windows\System\VOYJfqx.exe
  2⤵
  PID:8864
- C:\Windows\System\OvkONWo.exe
  C:\Windows\System\OvkONWo.exe
  2⤵
  PID:6728
- C:\Windows\System\GiBJmmP.exe
  C:\Windows\System\GiBJmmP.exe
  2⤵
  PID:2624
- C:\Windows\System\MEZYYBB.exe
  C:\Windows\System\MEZYYBB.exe
  2⤵
  PID:8984
- C:\Windows\System\OovYURL.exe
  C:\Windows\System\OovYURL.exe
  2⤵
  PID:9028
- C:\Windows\System\USlNBFU.exe
  C:\Windows\System\USlNBFU.exe
  2⤵
  PID:9024
- C:\Windows\System\ycGLacC.exe
  C:\Windows\System\ycGLacC.exe
  2⤵
  PID:9212
- C:\Windows\System\sYkmNTw.exe
  C:\Windows\System\sYkmNTw.exe
  2⤵
  PID:9068
- C:\Windows\System\PQgqtrQ.exe
  C:\Windows\System\PQgqtrQ.exe
  2⤵
  PID:8296
- C:\Windows\System\XUWOyOh.exe
  C:\Windows\System\XUWOyOh.exe
  2⤵
  PID:9164
- C:\Windows\System\FGgvGpT.exe
  C:\Windows\System\FGgvGpT.exe
  2⤵
  PID:8524
- C:\Windows\System\hgCeFhe.exe
  C:\Windows\System\hgCeFhe.exe
  2⤵
  PID:8380
- C:\Windows\System\NhOjcLd.exe
  C:\Windows\System\NhOjcLd.exe
  2⤵
  PID:8008
- C:\Windows\System\bpLZDsy.exe
  C:\Windows\System\bpLZDsy.exe
  2⤵
  PID:8456
- C:\Windows\System\abuOlAB.exe
  C:\Windows\System\abuOlAB.exe
  2⤵
  PID:2552
- C:\Windows\System\CnZdhqy.exe
  C:\Windows\System\CnZdhqy.exe
  2⤵
  PID:8704
- C:\Windows\System\VmnZTuS.exe
  C:\Windows\System\VmnZTuS.exe
  2⤵
  PID:1060
- C:\Windows\System\WxVuAPE.exe
  C:\Windows\System\WxVuAPE.exe
  2⤵
  PID:1420
- C:\Windows\System\WjEBfJv.exe
  C:\Windows\System\WjEBfJv.exe
  2⤵
  PID:8636
- C:\Windows\System\RknJmxc.exe
  C:\Windows\System\RknJmxc.exe
  2⤵
  PID:8880
- C:\Windows\System\oXlBZSP.exe
  C:\Windows\System\oXlBZSP.exe
  2⤵
  PID:9096
- C:\Windows\System\fnktnNc.exe
  C:\Windows\System\fnktnNc.exe
  2⤵
  PID:9060
- C:\Windows\System\kQlUrhm.exe
  C:\Windows\System\kQlUrhm.exe
  2⤵
  PID:8408
- C:\Windows\System\cGUcveU.exe
  C:\Windows\System\cGUcveU.exe
  2⤵
  PID:2760
- C:\Windows\System\dZdlqSk.exe
  C:\Windows\System\dZdlqSk.exe
  2⤵
  PID:8936
- C:\Windows\System\hvzObUW.exe
  C:\Windows\System\hvzObUW.exe
  2⤵
  PID:8360
- C:\Windows\System\OJVhhUE.exe
  C:\Windows\System\OJVhhUE.exe
  2⤵
  PID:8924
- C:\Windows\System\vTLYmba.exe
  C:\Windows\System\vTLYmba.exe
  2⤵
  PID:8768
- C:\Windows\System\FMzVyzL.exe
  C:\Windows\System\FMzVyzL.exe
  2⤵
  PID:2304
- C:\Windows\System\VRciVtv.exe
  C:\Windows\System\VRciVtv.exe
  2⤵
  PID:9040
- C:\Windows\System\HhnqtFp.exe
  C:\Windows\System\HhnqtFp.exe
  2⤵
  PID:9232
- C:\Windows\System\lIdoEFR.exe
  C:\Windows\System\lIdoEFR.exe
  2⤵
  PID:9264
- C:\Windows\System\vYjFleh.exe
  C:\Windows\System\vYjFleh.exe
  2⤵
  PID:9280
- C:\Windows\System\NhxeRpL.exe
  C:\Windows\System\NhxeRpL.exe
  2⤵
  PID:9296
- C:\Windows\System\ZoqPIWk.exe
  C:\Windows\System\ZoqPIWk.exe
  2⤵
  PID:9312
- C:\Windows\System\tvoGyEG.exe
  C:\Windows\System\tvoGyEG.exe
  2⤵
  PID:9328
- C:\Windows\System\wxtZYxN.exe
  C:\Windows\System\wxtZYxN.exe
  2⤵
  PID:9344
- C:\Windows\System\qlsomvI.exe
  C:\Windows\System\qlsomvI.exe
  2⤵
  PID:9364
- C:\Windows\System\LNCFFfV.exe
  C:\Windows\System\LNCFFfV.exe
  2⤵
  PID:9380
- C:\Windows\System\UlYCHzj.exe
  C:\Windows\System\UlYCHzj.exe
  2⤵
  PID:9396
- C:\Windows\System\qYYDAhW.exe
  C:\Windows\System\qYYDAhW.exe
  2⤵
  PID:9416
- C:\Windows\System\dgNLeIB.exe
  C:\Windows\System\dgNLeIB.exe
  2⤵
  PID:9436
- C:\Windows\System\JObZoXH.exe
  C:\Windows\System\JObZoXH.exe
  2⤵
  PID:9452
- C:\Windows\System\qcPEBmE.exe
  C:\Windows\System\qcPEBmE.exe
  2⤵
  PID:9468
- C:\Windows\System\cZsBUHe.exe
  C:\Windows\System\cZsBUHe.exe
  2⤵
  PID:9488
- C:\Windows\System\TMmOSGz.exe
  C:\Windows\System\TMmOSGz.exe
  2⤵
  PID:9504
- C:\Windows\System\wqCPuBc.exe
  C:\Windows\System\wqCPuBc.exe
  2⤵
  PID:9520
- C:\Windows\System\gsIOGdW.exe
  C:\Windows\System\gsIOGdW.exe
  2⤵
  PID:9536
- C:\Windows\System\iPgJUcd.exe
  C:\Windows\System\iPgJUcd.exe
  2⤵
  PID:9576
- C:\Windows\System\zndsaAw.exe
  C:\Windows\System\zndsaAw.exe
  2⤵
  PID:9592
- C:\Windows\System\rJOJyvX.exe
  C:\Windows\System\rJOJyvX.exe
  2⤵
  PID:9608
- C:\Windows\System\yLovwQg.exe
  C:\Windows\System\yLovwQg.exe
  2⤵
  PID:9632
- C:\Windows\System\DISGaxS.exe
  C:\Windows\System\DISGaxS.exe
  2⤵
  PID:9652
- C:\Windows\System\flmpGiB.exe
  C:\Windows\System\flmpGiB.exe
  2⤵
  PID:9668
- C:\Windows\System\gWpnQWf.exe
  C:\Windows\System\gWpnQWf.exe
  2⤵
  PID:9684
- C:\Windows\System\jUuZACT.exe
  C:\Windows\System\jUuZACT.exe
  2⤵
  PID:9704
- C:\Windows\System\aRuibYW.exe
  C:\Windows\System\aRuibYW.exe
  2⤵
  PID:9720
- C:\Windows\System\IaZadtI.exe
  C:\Windows\System\IaZadtI.exe
  2⤵
  PID:9736
- C:\Windows\System\ahoNUER.exe
  C:\Windows\System\ahoNUER.exe
  2⤵
  PID:9752
- C:\Windows\System\GYgKRxq.exe
  C:\Windows\System\GYgKRxq.exe
  2⤵
  PID:9768
- C:\Windows\System\jUJuxGe.exe
  C:\Windows\System\jUJuxGe.exe
  2⤵
  PID:9784
- C:\Windows\System\lbLXsae.exe
  C:\Windows\System\lbLXsae.exe
  2⤵
  PID:9800
- C:\Windows\System\HUoSqID.exe
  C:\Windows\System\HUoSqID.exe
  2⤵
  PID:9816
- C:\Windows\System\fRvSArV.exe
  C:\Windows\System\fRvSArV.exe
  2⤵
  PID:9832
- C:\Windows\System\lqfXuow.exe
  C:\Windows\System\lqfXuow.exe
  2⤵
  PID:9848
- C:\Windows\System\utHgoTF.exe
  C:\Windows\System\utHgoTF.exe
  2⤵
  PID:9864
- C:\Windows\System\VWioCkg.exe
  C:\Windows\System\VWioCkg.exe
  2⤵
  PID:9880
- C:\Windows\System\qUDtBJz.exe
  C:\Windows\System\qUDtBJz.exe
  2⤵
  PID:9976
- C:\Windows\System\jmIUNLV.exe
  C:\Windows\System\jmIUNLV.exe
  2⤵
  PID:10004
- C:\Windows\System\IpMjLWZ.exe
  C:\Windows\System\IpMjLWZ.exe
  2⤵
  PID:10028
- C:\Windows\System\dRXCZWG.exe
  C:\Windows\System\dRXCZWG.exe
  2⤵
  PID:10048
- C:\Windows\System\aEVeXkH.exe
  C:\Windows\System\aEVeXkH.exe
  2⤵
  PID:10100
- C:\Windows\System\jXhDRQS.exe
  C:\Windows\System\jXhDRQS.exe
  2⤵
  PID:10132
- C:\Windows\System\IzVOJjz.exe
  C:\Windows\System\IzVOJjz.exe
  2⤵
  PID:10156
- C:\Windows\System\uUJzcMW.exe
  C:\Windows\System\uUJzcMW.exe
  2⤵
  PID:10172
- C:\Windows\System\oXpTrKq.exe
  C:\Windows\System\oXpTrKq.exe
  2⤵
  PID:10188
- C:\Windows\System\ETZtcZz.exe
  C:\Windows\System\ETZtcZz.exe
  2⤵
  PID:10204
- C:\Windows\System\DAUiRsD.exe
  C:\Windows\System\DAUiRsD.exe
  2⤵
  PID:10220
- C:\Windows\System\sLMoaEl.exe
  C:\Windows\System\sLMoaEl.exe
  2⤵
  PID:10236
- C:\Windows\System\ShihWPT.exe
  C:\Windows\System\ShihWPT.exe
  2⤵
  PID:8964
- C:\Windows\System\LYUEJuq.exe
  C:\Windows\System\LYUEJuq.exe
  2⤵
  PID:9252
- C:\Windows\System\AfxyBPZ.exe
  C:\Windows\System\AfxyBPZ.exe
  2⤵
  PID:9276
- C:\Windows\System\acGBkrY.exe
  C:\Windows\System\acGBkrY.exe
  2⤵
  PID:9256
- C:\Windows\System\JQOIZPT.exe
  C:\Windows\System\JQOIZPT.exe
  2⤵
  PID:9288
- C:\Windows\System\trSPrkF.exe
  C:\Windows\System\trSPrkF.exe
  2⤵
  PID:9340
- C:\Windows\System\XHOmdds.exe
  C:\Windows\System\XHOmdds.exe
  2⤵
  PID:9412
- C:\Windows\System\yfzSuTk.exe
  C:\Windows\System\yfzSuTk.exe
  2⤵
  PID:9388
- C:\Windows\System\NSEllZC.exe
  C:\Windows\System\NSEllZC.exe
  2⤵
  PID:9392
- C:\Windows\System\PSmmLgr.exe
  C:\Windows\System\PSmmLgr.exe
  2⤵
  PID:9460
- C:\Windows\System\mUmSnKp.exe
  C:\Windows\System\mUmSnKp.exe
  2⤵
  PID:9544
- C:\Windows\System\BNoGlTs.exe
  C:\Windows\System\BNoGlTs.exe
  2⤵
  PID:9556
- C:\Windows\System\weTxrgR.exe
  C:\Windows\System\weTxrgR.exe
  2⤵
  PID:9532
- C:\Windows\System\EshbCYc.exe
  C:\Windows\System\EshbCYc.exe
  2⤵
  PID:9552
- C:\Windows\System\YLvlLnW.exe
  C:\Windows\System\YLvlLnW.exe
  2⤵
  PID:9644
- C:\Windows\System\wiMsLlg.exe
  C:\Windows\System\wiMsLlg.exe
  2⤵
  PID:9584
- C:\Windows\System\VCKLCZO.exe
  C:\Windows\System\VCKLCZO.exe
  2⤵
  PID:9680
- C:\Windows\System\aKOjPAF.exe
  C:\Windows\System\aKOjPAF.exe
  2⤵
  PID:9628
- C:\Windows\System\uxryKBI.exe
  C:\Windows\System\uxryKBI.exe
  2⤵
  PID:9780
- C:\Windows\System\QBCokNs.exe
  C:\Windows\System\QBCokNs.exe
  2⤵
  PID:9872
- C:\Windows\System\sAxqNSk.exe
  C:\Windows\System\sAxqNSk.exe
  2⤵
  PID:9792
- C:\Windows\System\ciYCNze.exe
  C:\Windows\System\ciYCNze.exe
  2⤵
  PID:9728
- C:\Windows\System\rbXGCZi.exe
  C:\Windows\System\rbXGCZi.exe
  2⤵
  PID:9908
- C:\Windows\System\lykUcKH.exe
  C:\Windows\System\lykUcKH.exe
  2⤵
  PID:9936
- C:\Windows\System\uCYyGdO.exe
  C:\Windows\System\uCYyGdO.exe
  2⤵
  PID:9952
- C:\Windows\System\ekflYsz.exe
  C:\Windows\System\ekflYsz.exe
  2⤵
  PID:10016
- C:\Windows\System\gVJiqZi.exe
  C:\Windows\System\gVJiqZi.exe
  2⤵
  PID:9988
- C:\Windows\System\fvQNFZn.exe
  C:\Windows\System\fvQNFZn.exe
  2⤵
  PID:10040
- C:\Windows\System\PinlORm.exe
  C:\Windows\System\PinlORm.exe
  2⤵
  PID:10068
- C:\Windows\System\JBriFbF.exe
  C:\Windows\System\JBriFbF.exe
  2⤵
  PID:10084
- C:\Windows\System\PUNoRYz.exe
  C:\Windows\System\PUNoRYz.exe
  2⤵
  PID:10096
- C:\Windows\System\KkErKjc.exe
  C:\Windows\System\KkErKjc.exe
  2⤵
  PID:10116
- C:\Windows\System\PRKthGw.exe
  C:\Windows\System\PRKthGw.exe
  2⤵
  PID:10140
- C:\Windows\System\yzQLMru.exe
  C:\Windows\System\yzQLMru.exe
  2⤵
  PID:10196
- C:\Windows\System\KKcaZmH.exe
  C:\Windows\System\KKcaZmH.exe
  2⤵
  PID:8876
- C:\Windows\System\rbOhIjX.exe
  C:\Windows\System\rbOhIjX.exe
  2⤵
  PID:10152
- C:\Windows\System\zEaMBJD.exe
  C:\Windows\System\zEaMBJD.exe
  2⤵
  PID:10212
- C:\Windows\System\jMMzbwL.exe
  C:\Windows\System\jMMzbwL.exe
  2⤵
  PID:9444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcyQlPS.exe

Filesize
6.0MB

MD5
a9d54e10fa14561bf74c3a2c7c20eb51

SHA1
a1c566daa4b77f7c81cb23246db4801cee078ab6

SHA256
914d52c8e3b7d83b6296feb660d6d6143ef53844b1a47880dd379703bdec0e5f

SHA512
27cbb3d5ab993aa074e0f2b6dd118c4fdf45c1082d93e709570d0c50520411477c1a502ae43294aa8fe2672ccba809919849fca2066dfce9abbecbd6d559148f

Download Submit
C:\Windows\system\CroFYFF.exe

Filesize
6.0MB

MD5
777cc4b1488b22c77bec325e42e7f614

SHA1
d09b059c2c46a8f559e10d70771a2573139fb53b

SHA256
6ae3006e984ad2284d0049a865c31b09bb0632eb49558465c2dbf5000b67963c

SHA512
93169771535d1a77499945028dabd9899d54525919093600cc6be23dd3ad5e919722aed4e3c0017cc774f85cb76280791b8ad249ea84dd9721cc8047c3af2fec

Download Submit
C:\Windows\system\HnzqAiA.exe

Filesize
6.0MB

MD5
6b96484d5d8cd303dbf5efb8d2e96867

SHA1
98919856546329536ec60c75abb48675b2137e04

SHA256
e7e22f9e44452aadd6a5fc7d99b6ae6d8f7dc2156cf32fbefe11367e0d344ff9

SHA512
86883c71857eecf57d3a8aa59c5c7c1e8cdefd90deed4951bdf369b2fb098659603787c7c269bf6eddabd5b151b6070af9651c58d1106a3a91af289b1b7348dc

Download Submit
C:\Windows\system\IdBcFhQ.exe

Filesize
6.0MB

MD5
36e1139542807d326c9e82736b6eb753

SHA1
7660063c7f9cc1422cb8b2d294fc57bd0b117c27

SHA256
16e384e6b829ef45438f1dedef2c5442fd4b9912b3bfbc144b326c5c41ec5b86

SHA512
b328f2062bb8eb8784bef28266181da42c902b64b4195e0305a373d98ba788a6953f15c99efbb80bb92d1efcedbc7a88a682e2719195e317cd05a6cad0d4b2b7

Download Submit
C:\Windows\system\JNXQUzM.exe

Filesize
6.0MB

MD5
6a49fd666ec217d9c9e26d8904fd612f

SHA1
ddb4b18f0b28f69879ddd0104ce655f302ae0517

SHA256
228d6da1c796b41a634eb72e573476ff86f6db618b44cfd88b59eaebabaa595d

SHA512
dc7ef363445fa759001d737e00aca7030785535a0bfcd2a4382d0e938b85a38518bd8cb386040e50d75b1bf5f015a6cb487320a978edd11083efb8688557056a

Download Submit
C:\Windows\system\PlkbqTY.exe

Filesize
6.0MB

MD5
1d0c60a0bb023002fee5dafa0b33aaab

SHA1
2d6added499e62768a09732084e6106379afe2b3

SHA256
841b7ca850ca939ed430535e45eebb73e808194e49d9e6108b8704123c0e3471

SHA512
921e207544a5ecad137488d770d4abbff2fe8a51ea5746bc61ed62506c7cee00f84811e5ef50c770c4c75ab7253217c4f0f8e4aa9dffdd70d6042742124464ce

Download Submit
C:\Windows\system\RmhtTRj.exe

Filesize
6.0MB

MD5
45da4ba92cdc28b010d891fd238fdc3d

SHA1
3f4bf81874c00d3c76d671f596f886775c287214

SHA256
a5b5561bfda2fa9be1dce0b0fa3d5515dd0f0b5ed3a0dfae769d62a541a5d898

SHA512
5a974a249fdc8b49e0c49003833ce713171869ec8ba92bd943814b307ed7475923085d3bb1e82522c6348c6de088ac20cef2325105cc1c8ca2756bc34ce8aba8

Download Submit
C:\Windows\system\UAJKhFE.exe

Filesize
6.0MB

MD5
862a3adce51b4fe96ff9d85501c605d6

SHA1
7c910772393b7551e3d92f72d6a78c76b32a50fd

SHA256
20546aae83b41e072de9336b947b66ff32717ef2565d90a0a8b4cff4590023d5

SHA512
04858c1cbc63b0e61f4a916becf6300d2bca8f9d74f598ba79fa85e24964a0f11c8e25af0e87f1d0513b8542af65b27cf3d6a476607d7e85ac1e957d5bc0238f

Download Submit
C:\Windows\system\XPownXU.exe

Filesize
6.0MB

MD5
7bce9549df98a65b5ce1b5ab3f176c98

SHA1
976a2cc559fdf7135cf9329d84991292882cf152

SHA256
cf30dcebf857682abcf791810544950040cec99d271d42698d14a3a96658ae91

SHA512
d7f70db99a27cac8d20da12ccb501677bc2ef15c800142844ffe72dab3f6e145957ad4e251a6ba33dc72fb2e10d5d5cffe753480cf6c587e1a2276320f705959

Download Submit
C:\Windows\system\XyOWNFY.exe

Filesize
6.0MB

MD5
65a229c601e5a99f0c1a49d45abb5152

SHA1
75017574314d6c7797fe7cdd0ecf63ca9c1fefb2

SHA256
178ab15705dc38bc1664a8f700ec5801a60c387655fa415771286abd48707a37

SHA512
cfaabfde6e9456d2254c4f4e8bd57a1128df7cb3da02e00228ba731e2b6daaed98ae4e80b1901b3e6f938a6452d00f56192f82bf3104545a82e2ff0f15408b4e

Download Submit
C:\Windows\system\ZThiDQY.exe

Filesize
6.0MB

MD5
703ed8e954ca5eebb476df00a2ebec41

SHA1
4bb21eb67ceaaffa7c359404b0fe9823fc870c84

SHA256
0a6e309890312aa7db5912fa1378ab5bac7b1276ff243a039b1ab242777bb3f2

SHA512
79b700ab838bb30a28c6cd1359c49d45878b8955f61b82769035ef0651e21c31d760469dfc1c2ee50d10aa9d7310f31a1b5d8ea6deb2fad390e9cad05d203dd5

Download Submit
C:\Windows\system\aBIuztk.exe

Filesize
6.0MB

MD5
b16c80ce01f0c7311404f5f00c79332c

SHA1
b3e2b154d5c37193722f1faef8454675106ddc4a

SHA256
bf6543af31e17db00c7f58bb73e376a2d6c3fd9b2da9df6c2d9d097081e19d56

SHA512
cd58fd2bed9942fed72e659d7d7cc3529c7b05ef6168e66a2fd424506521b0da5893d04aa899210a15c5c607703c6781d78b7ef9475d961b9e64ebe2da0d5498

Download Submit
C:\Windows\system\agvqIXX.exe

Filesize
6.0MB

MD5
25b802f7838a7d05e6880bcea247ea9a

SHA1
6e66d714db21baba83b58a87e70dfb73a8f4f2fd

SHA256
4628893f936269e9ab5c3a7704c042aa978fc6ef544bd1b212d145495b2621c3

SHA512
4edaf3f0b8884ca91ff0fa0531b59f6b3dc77a3d7bed4f1769e1ba3260effaa34ba20adf5a6f4751ca8907082e93ab79f30195621046fca70dc80949c42d94de

Download Submit
C:\Windows\system\bVuDflg.exe

Filesize
6.0MB

MD5
05f70d3a7059ae769c07cb649afe3077

SHA1
13c0b2891b2a5bcaff3b35a833372e0da91d8061

SHA256
3e1e42f5f98ba8d435ac4ebff410c61419c465de074d2e89dd3dbfeaebbd01c4

SHA512
df3f3356bfd9caa65d23087404377982b6ea4dc675e93f6437c5d542a50806a312cd0350a6024430ee54d6fe7be1b62699368bddffc449c5c3de2b5085c65565

Download Submit
C:\Windows\system\dAPuCrp.exe

Filesize
6.0MB

MD5
8462edc80361b848cf079f8efdb9ebb2

SHA1
a93a0aad6fa4095364991efafac4285bbb3d533c

SHA256
f0174814f88aedaebbd93828903012ec5428bb01672288f6bae8b81634c5bc22

SHA512
1f33cdc81724e8b2be65e6642f49dfd48461cd1dd388c5ac888a27699bd010f785b4b1b91885430fd53c03169f7cd4ecf907c9ad071f391e1323936ad58dd480

Download Submit
C:\Windows\system\eRYdwkD.exe

Filesize
6.0MB

MD5
0c09503d82c31c9d91dd27f83e35639a

SHA1
2dc9152612626a707c136381297d25bde459d922

SHA256
8492872f78f48d017b0d69dc52d4c936a60702698447d9c4628b21f1e0e9ebac

SHA512
2364220ba477704a707cd9f5070b2580fb1b8fb827e52ab5782fbce895463e4bf10f9f1396b055f5e4ae0c42fae7b49c4df941218412a438bdde25b6927d887d

Download Submit
C:\Windows\system\gYsmzkl.exe

Filesize
6.0MB

MD5
c8cf8877e510e82654707ccafc3cb021

SHA1
dde8262ffd0343cd5eb9a668d3294d7ebc86ac5a

SHA256
e75d45faac4ae164ddbe9faec4d5cedcf70129fe121051c7277e1cbb6b5bb3b4

SHA512
a8a1150f039d7e5cb20df48478e81072a8fa88192e000def9e4128621a0a08f90f09d43ad5af40264f1671d948f1feb819039d2247e76111330e67ea60851a5b

Download Submit
C:\Windows\system\gftspFj.exe

Filesize
6.0MB

MD5
fa1ab367cf4851cc086b7b2c8f4bad12

SHA1
b96a5d2e9af94f54ac75e0e1b427d6b8364e4f96

SHA256
5203052ac3abf606feb1082eeca654f1d8675be69658a675859da16e13f4964d

SHA512
6c4e15ded1ebf59dcb154076430078162fb44d5df75a3e2b8d704b871ddf5f0448b2709cfea50075e91491251885cdc15fb041dac36a9b58f381a6f308838c9a

Download Submit
C:\Windows\system\gpApRif.exe

Filesize
6.0MB

MD5
9dfc7f69297d96534027bda1863b1b8a

SHA1
3c99332f084c9a5adda6a3dbd211d66bba49dcff

SHA256
10dd4ce61430409931aa087eb30a46cd27373c7309d6f3aba4232f6e5c07ca1f

SHA512
6055b183a6cd3643be2257fb10fc3514ffbb0d0f621ab16878105af94921bbfbbd4f47d2c3b856431357b8d9e024551b181c603781a5220369c3bc99421f95d0

Download Submit
C:\Windows\system\hhDoCuk.exe

Filesize
6.0MB

MD5
e41cd2bb6e6a677e082a16862bd2c52d

SHA1
de2e60183976d8fecc34c0dc02aee83e5c925058

SHA256
c27b0e995c3cbcb15b37a09cd96f4eb01f7e01bb958af491c647790082e21b0e

SHA512
29b4f9a181873934033bc1bd4f9560e3100dffc3c58e7df3ccd8f773acd284d7048cbdcad3701b864f1cce4415ef135903f5c563ab0db3f57740a0c49cc98179

Download Submit
C:\Windows\system\kpvQGHr.exe

Filesize
6.0MB

MD5
712bc2588ce8029f76a1bbb507ba47c8

SHA1
a65db68bfd9209b79b54f8bf7ef0c7d8b1d28119

SHA256
e22712e1e52bd3b607948ec2f505fe734ab32a34cafb2742a7032cc66fd9654a

SHA512
49edcfa55208901fa042149efc4c3c2a9cb4fe455ee7b0962626d730bfe8f40631438f6599a867f0c5e5a2160b98d46622a793124141d163db628add9a00128a

Download Submit
C:\Windows\system\pCpOPSl.exe

Filesize
6.0MB

MD5
6d7ae3c93d5f2d66d7361c973dd16b74

SHA1
3fa05564618caa410ec3ccaa6c03f8972bf05f81

SHA256
d9714a190599318045de2b74e975e496fa9a59eea446a56a4eca023da2a75353

SHA512
c7065a4415608472ffbe06532ad35a67b88df01187702467c163950a59f622b35db2452ad6e447a79d890b64a18c6ea46a23a71560755b05dcd485e0f87e489f

Download Submit
C:\Windows\system\pPgtYab.exe

Filesize
6.0MB

MD5
f4855e2fb37538624c152985f57b5171

SHA1
ec5f95df6e6cd5d19d564492be35781c18b03288

SHA256
04b665767dc6ba0ae6b4cb6b204d7695f22a3fe3a6950ab27ca8499800977060

SHA512
76cce14274275c249581b362b0d380b524d4e982c6786debe15077c1421e8b525507e4edb82163efc859e42f766c9680c061826b4e1fdddf7d5a2c46f3b928d6

Download Submit
C:\Windows\system\qDqhxuD.exe

Filesize
6.0MB

MD5
e2058bc30b6be84b190a6106e09c031e

SHA1
51fccabba77873a306abcbc4abeb089dde279e67

SHA256
4f815e6345a2d5a8704f585f3c39b29f7427999ea57b8a346e3d4ea8fc52e377

SHA512
5d25ecf47d890dc5c697c4473a05adac8f100fb79ccb1f87dda45be249c75af328f661cb4cb9a42a0d4380cef123612f94672609c43e42626ec173a0d23dfbac

Download Submit
C:\Windows\system\sONwaxa.exe

Filesize
6.0MB

MD5
aafea4fe360b86001646e97286a32249

SHA1
f560881ec9c47b432b857778c1c0412feb792ab6

SHA256
3b9ecbb10db6ad303e5fc5ea6e149b287628c31bb858d0a438892afb112fd7d0

SHA512
454da03a7a2c994896715e3e55de5bc01307df3ebddfcd0f2d047e62965321aa417ac98ff4b40c3bedcceecc50a3375345308b68b40fa72c5c2a5d3347c46c82

Download Submit
C:\Windows\system\tHdgETc.exe

Filesize
6.0MB

MD5
5e1b9cd1b5355b9e2826d09448415c8c

SHA1
d810d09d87398a4e45f944f93fe5cf3b7feecd9a

SHA256
2b562b9126afc711a367b9398e6e562fcad743c926dd9a2ae5912ac1b65d0989

SHA512
b972c6e6aa9f4c6554c682c27c19cd1b4f88062769dcd81adf76d450a8601123183145c9549a8851ca87fd82f66fa9bffa3c9e17b875842bb59d39e1efeb21e2

Download Submit
C:\Windows\system\wUXpyCP.exe

Filesize
6.0MB

MD5
424d642ce5d569e6ae91936d48b15bf4

SHA1
e38de8444af70b0e6617c78786b4ae71ce8716b2

SHA256
da21240354886ad0a9109dcf0a1a23ade3ef0462ff4156071c36a7f23e288bd9

SHA512
827a04bbd5b6278f054dfc34f3a3c3a84f21d6923e5865117fe423baf39896119ae74cd4a5404062f8cb59664419de39ccb76fd455c72dadf8ec8e6137e32925

Download Submit
C:\Windows\system\wwMlMDV.exe

Filesize
6.0MB

MD5
9c223541c20c10ac6b6142d06c72aa53

SHA1
6cdb1b298a25a1883262a5da1b46c4890d7dd054

SHA256
424788818790be8285b73304415363eed2ca9284ba87197ce3f8736fcc69eef3

SHA512
db6e39169974a408c55bc3368accc34c811496d868aaa21d883b0bc1618bd4f16f818b2e77bc1ba616af4bc2387f155b28208514cc658ee47f929ea7f14436e2

Download Submit
C:\Windows\system\xFapacn.exe

Filesize
6.0MB

MD5
d09202e8095cd26720b10b27d0b88f78

SHA1
7a982070e916a922f510ff582b1f54c3041bb4f0

SHA256
8f90d5fceb1ea1843495457beba2ca4ac0cbe4916a65830f5b0f66d863325db3

SHA512
6f5ed9de8821d70994910680271c2fcbf18bddcc4d0a6c45b5922f2a20f1e16f743da03db4c7a1eb3c2b15be26c7abb837b271717ecfc7b5b1933b7dbde96030

Download Submit
\Windows\system\NcLdwjP.exe

Filesize
6.0MB

MD5
0c42bf2e4e419c293b02f737a829b1a3

SHA1
f812dc38d4c5e6bc51341c6c61250060d89a1269

SHA256
94e5d440b1af691f5c3a37e931d659570d32604ff2b7ee3985464753d55a6967

SHA512
ef6da9275dfa1d69b3d27e19c6670ca6c4694df496d4673b0d53e5ae84264bd765e320d214e764593d865dfb54391e89b7aebfbf15a76dbabab463ee20e0cba9

Download Submit
\Windows\system\csINSbd.exe

Filesize
6.0MB

MD5
6d50d08b27534cb214b758c897e0367c

SHA1
693ad594f41beaa102f043bc0e670844afc47efa

SHA256
111f48bf749497da66aff630ee3cee68a9dcae66547a074a1bf84b756fabce52

SHA512
d7e9608d12f10b4603406ad3d991bad937850a06b839a7c110c9bb03a6ec562569986ae3729444492a5599811731b7b750630007adce55e1a01cea7f9fb4a951

Download Submit
\Windows\system\jWHMjAB.exe

Filesize
6.0MB

MD5
b369ac3609aff4126d1f66ea5a70acb4

SHA1
5fedc2c9292f5533e7b452b90bf7fe8b07a98847

SHA256
455a524294b3faec1193fb368ecf3281bb3ab9cadb5018accc37933f15035945

SHA512
aeb41fe2f67381890f022073a6cb0d8aae4d5d2f0c60834e88a4a8585c93092c3ffc14ba7f85faeada233e98dd1aab360794541852d3b8c092bbf98ca7a00212

Download Submit
\Windows\system\sqfCPvq.exe

Filesize
6.0MB

MD5
2b2e6d46e6bb7db9b79373f9cd24cf9d

SHA1
b8fbcc9481f0b653b693fc7dd91830edce81a209

SHA256
cecc45513ef2cc5dbca245cc8b9ba33992ad588dec01a3a7fb0d1a343a2994e2

SHA512
278469d39456681365662cb2e4baf3194d81aff545a6fea40cdb4e9051a3b2a36ba11b3e67bfaa45bfd1e17e8b481fdcaf92aeb89daaffe7e6a9ebd20266719a

Download Submit
memory/580-144-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/580-67-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/580-1816-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/816-23-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/816-35-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/816-309-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/816-48-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/816-435-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-77-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/816-71-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-53-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/816-26-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/816-0-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/816-41-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/816-254-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-17-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/816-97-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/816-95-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-30-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-370-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-85-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/816-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/816-69-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/816-70-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/816-62-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1136-86-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1136-371-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1136-1823-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1384-54-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1384-1832-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-1752-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-29-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-27-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1776-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1784-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2652-25-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2780-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1837-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-310-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-175-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1817-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-68-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1838-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2844-79-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2844-311-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2884-84-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1820-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-36-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-47-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1800-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1839-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-46-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-28-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1783-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1834-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-438-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download