cobaltstrike | a85fb9a68490c0d6c1066d738e7d96b64bdc91475a121dfcdceeaca9c24b7d3d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d7492c308d2da481842dce1518aa4ee1
SHA1

c8131cae5976da46248908757d722b72f3cc4918
SHA256

a85fb9a68490c0d6c1066d738e7d96b64bdc91475a121dfcdceeaca9c24b7d3d
SHA512

0d4e8a2067173d0e60f8611e743a06040cc6d85ae0edc5a0bc650f2245e64a0824402bf1b5ba4d053b8fcb601fcf137df027ce627a5aa9b5b1bb98312d080e45
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000012782-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce8-22.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d04-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2072-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000f000000012782-3.dat	xmrig
behavioral1/files/0x0007000000016cd7-13.dat	xmrig
behavioral1/memory/2312-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1736-11-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce0-9.dat	xmrig
behavioral1/memory/2244-20-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce8-22.dat	xmrig
behavioral1/memory/2172-27-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1736-37-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2796-41-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d04-39.dat	xmrig
behavioral1/files/0x00050000000193d1-52.dat	xmrig
behavioral1/memory/2188-57-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ca5-68.dat	xmrig
behavioral1/memory/2588-80-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-100.dat	xmrig
behavioral1/files/0x00050000000195c2-118.dat	xmrig
behavioral1/files/0x00050000000195c7-133.dat	xmrig
behavioral1/memory/2588-388-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2772-892-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1528-693-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2580-524-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/836-206-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-198.dat	xmrig
behavioral1/files/0x0005000000019bf0-194.dat	xmrig
behavioral1/files/0x0005000000019931-183.dat	xmrig
behavioral1/files/0x0005000000019bec-188.dat	xmrig
behavioral1/files/0x0005000000019665-173.dat	xmrig
behavioral1/files/0x00050000000196a0-178.dat	xmrig
behavioral1/files/0x0005000000019624-168.dat	xmrig
behavioral1/files/0x00050000000195e0-163.dat	xmrig
behavioral1/files/0x00050000000195d0-158.dat	xmrig
behavioral1/files/0x00050000000195ce-153.dat	xmrig
behavioral1/files/0x00050000000195cc-149.dat	xmrig
behavioral1/files/0x00050000000195ca-143.dat	xmrig
behavioral1/files/0x00050000000195c8-138.dat	xmrig
behavioral1/files/0x00050000000195c6-129.dat	xmrig
behavioral1/files/0x00050000000195c4-124.dat	xmrig
behavioral1/files/0x000500000001958b-113.dat	xmrig
behavioral1/memory/2772-106-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1032-105-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1528-97-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2188-96-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001948d-95.dat	xmrig
behavioral1/memory/2580-88-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2824-87-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-86.dat	xmrig
behavioral1/memory/2796-79-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f0-78.dat	xmrig
behavioral1/memory/1032-66-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2172-65-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-64.dat	xmrig
behavioral1/memory/836-73-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2816-72-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2244-56-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2824-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2312-48-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a8-47.dat	xmrig
behavioral1/memory/2072-34-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-33.dat	xmrig
behavioral1/memory/2244-3216-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1736-3207-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2172-3227-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1736	fendCsn.exe
2312	hZZIslI.exe
2244	pZDNpnY.exe
2172	EizOEvS.exe
2816	saKATWD.exe
2796	QRbnyLp.exe
2824	FlSKXLR.exe
2188	IHQCZWa.exe
1032	ivzcVGF.exe
836	zgqWLxC.exe
2588	MqNxYeA.exe
2580	xyeypie.exe
1528	MOkAfhe.exe
2772	OkbssbT.exe
1636	lzkwmZp.exe
2756	SHBhjJK.exe
1392	sCJeubs.exe
2028	kAGNzRc.exe
2632	IsSTmJA.exe
2920	jNcKFZd.exe
660	OwJJzih.exe
2124	KadVlHO.exe
2492	MiAKNev.exe
804	XJThqjq.exe
1300	sAStXbM.exe
1828	kEkfTjk.exe
2960	AiGSnZV.exe
2016	GJTVAqO.exe
1328	ooJOahC.exe
1076	BRMGRem.exe
3032	VVkFZJG.exe
888	vmmmifv.exe
2504	YASCMCs.exe
1752	BixRkwa.exe
1540	AxKjzRV.exe
1856	DxwPgZo.exe
2220	BkfrcxP.exe
316	hsudzqL.exe
2256	zTCaMvL.exe
552	CNiOyiJ.exe
292	KDlSFXw.exe
348	WLUBBkP.exe
3060	HDOfvwV.exe
1996	GqiOyyH.exe
1028	kzqbkAl.exe
1668	zfMpShG.exe
2020	yFgqXBb.exe
1912	Jritiqv.exe
1584	DFNMmPJ.exe
1608	qeHKeyl.exe
2176	lyWBMNV.exe
2680	YOLVIto.exe
3012	ZtHdvXI.exe
1972	pfpQATE.exe
2556	AgRVZCG.exe
2704	DYRIeog.exe
1532	gtwYAdK.exe
1620	jsOCzEj.exe
1340	ACSLkBr.exe
2836	PaPSyXu.exe
2908	bKkguVh.exe
2620	TLmJaQe.exe
3056	yQtboGc.exe
2956	QCvToLn.exe

Loads dropped DLL 64 IoCs

pid	Process
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000f000000012782-3.dat	upx
behavioral1/files/0x0007000000016cd7-13.dat	upx
behavioral1/memory/2312-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1736-11-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000016ce0-9.dat	upx
behavioral1/memory/2244-20-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce8-22.dat	upx
behavioral1/memory/2172-27-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1736-37-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2796-41-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0009000000016d04-39.dat	upx
behavioral1/files/0x00050000000193d1-52.dat	upx
behavioral1/memory/2188-57-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0009000000016ca5-68.dat	upx
behavioral1/memory/2588-80-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-100.dat	upx
behavioral1/files/0x00050000000195c2-118.dat	upx
behavioral1/files/0x00050000000195c7-133.dat	upx
behavioral1/memory/2588-388-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2772-892-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1528-693-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2580-524-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/836-206-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf2-198.dat	upx
behavioral1/files/0x0005000000019bf0-194.dat	upx
behavioral1/files/0x0005000000019931-183.dat	upx
behavioral1/files/0x0005000000019bec-188.dat	upx
behavioral1/files/0x0005000000019665-173.dat	upx
behavioral1/files/0x00050000000196a0-178.dat	upx
behavioral1/files/0x0005000000019624-168.dat	upx
behavioral1/files/0x00050000000195e0-163.dat	upx
behavioral1/files/0x00050000000195d0-158.dat	upx
behavioral1/files/0x00050000000195ce-153.dat	upx
behavioral1/files/0x00050000000195cc-149.dat	upx
behavioral1/files/0x00050000000195ca-143.dat	upx
behavioral1/files/0x00050000000195c8-138.dat	upx
behavioral1/files/0x00050000000195c6-129.dat	upx
behavioral1/files/0x00050000000195c4-124.dat	upx
behavioral1/files/0x000500000001958b-113.dat	upx
behavioral1/memory/2772-106-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1032-105-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1528-97-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2188-96-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000500000001948d-95.dat	upx
behavioral1/memory/2580-88-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2824-87-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x000500000001945c-86.dat	upx
behavioral1/memory/2796-79-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00050000000193f0-78.dat	upx
behavioral1/memory/1032-66-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2172-65-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-64.dat	upx
behavioral1/memory/836-73-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2816-72-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2244-56-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2824-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2312-48-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x00050000000193a8-47.dat	upx
behavioral1/memory/2072-34-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-33.dat	upx
behavioral1/memory/2244-3216-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1736-3207-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2172-3227-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vMKMVWT.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTaChGe.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIPFyOX.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJyIOtR.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kifSnDn.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btzohBN.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoYEjzH.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLnGjTc.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZDoxDb.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wctkgtn.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEasSae.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTWFZrb.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtOEYJa.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEnFRZT.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIBeyyv.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGClKHp.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOgjIHl.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKuhwvt.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFpGDWP.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPKEoXR.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLchwJz.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsTHKrM.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcbLABP.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XybaJtq.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbAQhVz.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOjDncX.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZxuovp.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liZQjGz.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpAElsZ.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TChoBOE.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voCMsgB.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVCjFkp.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHshuOL.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMXuwqQ.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCkvYHK.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dURoGVt.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVUlVka.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDWVKPD.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYsuqAN.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsXPuMQ.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtPbJfv.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQxXrZL.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POmmZGV.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPcJYUi.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEvnbUF.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arSTUVm.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYISLfv.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdLkRcn.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpULcpm.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tncNVzD.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mkhddfs.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgwIDwF.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzATKAC.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsjDQTZ.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoEoTVR.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsQCZbI.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqozQrL.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXfFFck.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uomHYpz.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIaNLxE.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBZgYNA.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYksRnh.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuSARZD.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUSHVMA.exe	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1736	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2072 wrote to memory of 1736	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2072 wrote to memory of 1736	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2072 wrote to memory of 2312	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2072 wrote to memory of 2312	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2072 wrote to memory of 2312	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2072 wrote to memory of 2244	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2072 wrote to memory of 2244	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2072 wrote to memory of 2244	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2072 wrote to memory of 2172	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2072 wrote to memory of 2172	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2072 wrote to memory of 2172	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2072 wrote to memory of 2816	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2072 wrote to memory of 2816	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2072 wrote to memory of 2816	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2072 wrote to memory of 2796	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2072 wrote to memory of 2796	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2072 wrote to memory of 2796	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2072 wrote to memory of 2824	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2072 wrote to memory of 2824	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2072 wrote to memory of 2824	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2072 wrote to memory of 2188	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2072 wrote to memory of 2188	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2072 wrote to memory of 2188	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2072 wrote to memory of 1032	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2072 wrote to memory of 1032	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2072 wrote to memory of 1032	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2072 wrote to memory of 836	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2072 wrote to memory of 836	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2072 wrote to memory of 836	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2072 wrote to memory of 2588	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2072 wrote to memory of 2588	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2072 wrote to memory of 2588	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2072 wrote to memory of 2580	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2072 wrote to memory of 2580	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2072 wrote to memory of 2580	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2072 wrote to memory of 1528	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2072 wrote to memory of 1528	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2072 wrote to memory of 1528	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2072 wrote to memory of 2772	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2072 wrote to memory of 2772	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2072 wrote to memory of 2772	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2072 wrote to memory of 1636	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2072 wrote to memory of 1636	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2072 wrote to memory of 1636	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2072 wrote to memory of 2756	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2072 wrote to memory of 2756	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2072 wrote to memory of 2756	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2072 wrote to memory of 1392	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2072 wrote to memory of 1392	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2072 wrote to memory of 1392	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2072 wrote to memory of 2028	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2072 wrote to memory of 2028	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2072 wrote to memory of 2028	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2072 wrote to memory of 2632	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2072 wrote to memory of 2632	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2072 wrote to memory of 2632	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2072 wrote to memory of 2920	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2072 wrote to memory of 2920	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2072 wrote to memory of 2920	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2072 wrote to memory of 660	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2072 wrote to memory of 660	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2072 wrote to memory of 660	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2072 wrote to memory of 2124	2072	2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_d7492c308d2da481842dce1518aa4ee1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\System\fendCsn.exe
  C:\Windows\System\fendCsn.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\hZZIslI.exe
  C:\Windows\System\hZZIslI.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pZDNpnY.exe
  C:\Windows\System\pZDNpnY.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\EizOEvS.exe
  C:\Windows\System\EizOEvS.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\saKATWD.exe
  C:\Windows\System\saKATWD.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\QRbnyLp.exe
  C:\Windows\System\QRbnyLp.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\FlSKXLR.exe
  C:\Windows\System\FlSKXLR.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\IHQCZWa.exe
  C:\Windows\System\IHQCZWa.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ivzcVGF.exe
  C:\Windows\System\ivzcVGF.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\zgqWLxC.exe
  C:\Windows\System\zgqWLxC.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\MqNxYeA.exe
  C:\Windows\System\MqNxYeA.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\xyeypie.exe
  C:\Windows\System\xyeypie.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\MOkAfhe.exe
  C:\Windows\System\MOkAfhe.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\OkbssbT.exe
  C:\Windows\System\OkbssbT.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\lzkwmZp.exe
  C:\Windows\System\lzkwmZp.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\SHBhjJK.exe
  C:\Windows\System\SHBhjJK.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\sCJeubs.exe
  C:\Windows\System\sCJeubs.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\kAGNzRc.exe
  C:\Windows\System\kAGNzRc.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\IsSTmJA.exe
  C:\Windows\System\IsSTmJA.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\jNcKFZd.exe
  C:\Windows\System\jNcKFZd.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OwJJzih.exe
  C:\Windows\System\OwJJzih.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\KadVlHO.exe
  C:\Windows\System\KadVlHO.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\MiAKNev.exe
  C:\Windows\System\MiAKNev.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\XJThqjq.exe
  C:\Windows\System\XJThqjq.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\sAStXbM.exe
  C:\Windows\System\sAStXbM.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\kEkfTjk.exe
  C:\Windows\System\kEkfTjk.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\AiGSnZV.exe
  C:\Windows\System\AiGSnZV.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\GJTVAqO.exe
  C:\Windows\System\GJTVAqO.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ooJOahC.exe
  C:\Windows\System\ooJOahC.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\BRMGRem.exe
  C:\Windows\System\BRMGRem.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\VVkFZJG.exe
  C:\Windows\System\VVkFZJG.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\vmmmifv.exe
  C:\Windows\System\vmmmifv.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\YASCMCs.exe
  C:\Windows\System\YASCMCs.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BixRkwa.exe
  C:\Windows\System\BixRkwa.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\AxKjzRV.exe
  C:\Windows\System\AxKjzRV.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\DxwPgZo.exe
  C:\Windows\System\DxwPgZo.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\BkfrcxP.exe
  C:\Windows\System\BkfrcxP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\hsudzqL.exe
  C:\Windows\System\hsudzqL.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\zTCaMvL.exe
  C:\Windows\System\zTCaMvL.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\CNiOyiJ.exe
  C:\Windows\System\CNiOyiJ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\KDlSFXw.exe
  C:\Windows\System\KDlSFXw.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\WLUBBkP.exe
  C:\Windows\System\WLUBBkP.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\HDOfvwV.exe
  C:\Windows\System\HDOfvwV.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\GqiOyyH.exe
  C:\Windows\System\GqiOyyH.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\kzqbkAl.exe
  C:\Windows\System\kzqbkAl.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\zfMpShG.exe
  C:\Windows\System\zfMpShG.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\yFgqXBb.exe
  C:\Windows\System\yFgqXBb.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\Jritiqv.exe
  C:\Windows\System\Jritiqv.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DFNMmPJ.exe
  C:\Windows\System\DFNMmPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\qeHKeyl.exe
  C:\Windows\System\qeHKeyl.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\lyWBMNV.exe
  C:\Windows\System\lyWBMNV.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\YOLVIto.exe
  C:\Windows\System\YOLVIto.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ZtHdvXI.exe
  C:\Windows\System\ZtHdvXI.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\pfpQATE.exe
  C:\Windows\System\pfpQATE.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\AgRVZCG.exe
  C:\Windows\System\AgRVZCG.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\DYRIeog.exe
  C:\Windows\System\DYRIeog.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gtwYAdK.exe
  C:\Windows\System\gtwYAdK.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\jsOCzEj.exe
  C:\Windows\System\jsOCzEj.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ACSLkBr.exe
  C:\Windows\System\ACSLkBr.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\PaPSyXu.exe
  C:\Windows\System\PaPSyXu.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\bKkguVh.exe
  C:\Windows\System\bKkguVh.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\TLmJaQe.exe
  C:\Windows\System\TLmJaQe.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\yQtboGc.exe
  C:\Windows\System\yQtboGc.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\QCvToLn.exe
  C:\Windows\System\QCvToLn.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\oQtmMMy.exe
  C:\Windows\System\oQtmMMy.exe
  2⤵
  PID:1480
- C:\Windows\System\HiQlvvX.exe
  C:\Windows\System\HiQlvvX.exe
  2⤵
  PID:1660
- C:\Windows\System\UYqAhLx.exe
  C:\Windows\System\UYqAhLx.exe
  2⤵
  PID:1764
- C:\Windows\System\BmMPyaA.exe
  C:\Windows\System\BmMPyaA.exe
  2⤵
  PID:3028
- C:\Windows\System\DJaMouu.exe
  C:\Windows\System\DJaMouu.exe
  2⤵
  PID:568
- C:\Windows\System\mDYyBQf.exe
  C:\Windows\System\mDYyBQf.exe
  2⤵
  PID:2248
- C:\Windows\System\cjvXimS.exe
  C:\Windows\System\cjvXimS.exe
  2⤵
  PID:2056
- C:\Windows\System\XhXfVcW.exe
  C:\Windows\System\XhXfVcW.exe
  2⤵
  PID:1564
- C:\Windows\System\HOHfwgS.exe
  C:\Windows\System\HOHfwgS.exe
  2⤵
  PID:1404
- C:\Windows\System\KGRscEx.exe
  C:\Windows\System\KGRscEx.exe
  2⤵
  PID:1144
- C:\Windows\System\vbYqmds.exe
  C:\Windows\System\vbYqmds.exe
  2⤵
  PID:3052
- C:\Windows\System\BXNnggt.exe
  C:\Windows\System\BXNnggt.exe
  2⤵
  PID:3044
- C:\Windows\System\qifhEjM.exe
  C:\Windows\System\qifhEjM.exe
  2⤵
  PID:1148
- C:\Windows\System\zGRsPgM.exe
  C:\Windows\System\zGRsPgM.exe
  2⤵
  PID:880
- C:\Windows\System\nxZVjHe.exe
  C:\Windows\System\nxZVjHe.exe
  2⤵
  PID:2468
- C:\Windows\System\PxuuCgN.exe
  C:\Windows\System\PxuuCgN.exe
  2⤵
  PID:2296
- C:\Windows\System\mBLeKoO.exe
  C:\Windows\System\mBLeKoO.exe
  2⤵
  PID:2848
- C:\Windows\System\AtcTnkU.exe
  C:\Windows\System\AtcTnkU.exe
  2⤵
  PID:2216
- C:\Windows\System\ixBEAbQ.exe
  C:\Windows\System\ixBEAbQ.exe
  2⤵
  PID:2904
- C:\Windows\System\Gbntbuo.exe
  C:\Windows\System\Gbntbuo.exe
  2⤵
  PID:2196
- C:\Windows\System\KGbUAaN.exe
  C:\Windows\System\KGbUAaN.exe
  2⤵
  PID:832
- C:\Windows\System\YcKHzMi.exe
  C:\Windows\System\YcKHzMi.exe
  2⤵
  PID:1080
- C:\Windows\System\BtGzUmU.exe
  C:\Windows\System\BtGzUmU.exe
  2⤵
  PID:2912
- C:\Windows\System\gPBWLiP.exe
  C:\Windows\System\gPBWLiP.exe
  2⤵
  PID:1788
- C:\Windows\System\aMDoFho.exe
  C:\Windows\System\aMDoFho.exe
  2⤵
  PID:1744
- C:\Windows\System\PiIqmzN.exe
  C:\Windows\System\PiIqmzN.exe
  2⤵
  PID:600
- C:\Windows\System\eutTTmv.exe
  C:\Windows\System\eutTTmv.exe
  2⤵
  PID:1720
- C:\Windows\System\XzznaRl.exe
  C:\Windows\System\XzznaRl.exe
  2⤵
  PID:916
- C:\Windows\System\NBTDcAq.exe
  C:\Windows\System\NBTDcAq.exe
  2⤵
  PID:752
- C:\Windows\System\HYzSLoj.exe
  C:\Windows\System\HYzSLoj.exe
  2⤵
  PID:3024
- C:\Windows\System\eqtxhPJ.exe
  C:\Windows\System\eqtxhPJ.exe
  2⤵
  PID:3084
- C:\Windows\System\toxSKGm.exe
  C:\Windows\System\toxSKGm.exe
  2⤵
  PID:3104
- C:\Windows\System\IUTjZqS.exe
  C:\Windows\System\IUTjZqS.exe
  2⤵
  PID:3124
- C:\Windows\System\mlEkiCA.exe
  C:\Windows\System\mlEkiCA.exe
  2⤵
  PID:3144
- C:\Windows\System\xfIbCJy.exe
  C:\Windows\System\xfIbCJy.exe
  2⤵
  PID:3164
- C:\Windows\System\OCAmhfq.exe
  C:\Windows\System\OCAmhfq.exe
  2⤵
  PID:3184
- C:\Windows\System\hYpqCHc.exe
  C:\Windows\System\hYpqCHc.exe
  2⤵
  PID:3204
- C:\Windows\System\mclAdJY.exe
  C:\Windows\System\mclAdJY.exe
  2⤵
  PID:3224
- C:\Windows\System\vuHFcWu.exe
  C:\Windows\System\vuHFcWu.exe
  2⤵
  PID:3244
- C:\Windows\System\TRIJSpW.exe
  C:\Windows\System\TRIJSpW.exe
  2⤵
  PID:3264
- C:\Windows\System\QaJEtJC.exe
  C:\Windows\System\QaJEtJC.exe
  2⤵
  PID:3284
- C:\Windows\System\ldVaohQ.exe
  C:\Windows\System\ldVaohQ.exe
  2⤵
  PID:3304
- C:\Windows\System\TSXnPcs.exe
  C:\Windows\System\TSXnPcs.exe
  2⤵
  PID:3324
- C:\Windows\System\mTKWKYT.exe
  C:\Windows\System\mTKWKYT.exe
  2⤵
  PID:3348
- C:\Windows\System\JehSBmA.exe
  C:\Windows\System\JehSBmA.exe
  2⤵
  PID:3368
- C:\Windows\System\otKnOmJ.exe
  C:\Windows\System\otKnOmJ.exe
  2⤵
  PID:3388
- C:\Windows\System\BNTXwZQ.exe
  C:\Windows\System\BNTXwZQ.exe
  2⤵
  PID:3408
- C:\Windows\System\wulaUHs.exe
  C:\Windows\System\wulaUHs.exe
  2⤵
  PID:3428
- C:\Windows\System\GdywmTj.exe
  C:\Windows\System\GdywmTj.exe
  2⤵
  PID:3448
- C:\Windows\System\tJssisF.exe
  C:\Windows\System\tJssisF.exe
  2⤵
  PID:3468
- C:\Windows\System\LWxnzsS.exe
  C:\Windows\System\LWxnzsS.exe
  2⤵
  PID:3488
- C:\Windows\System\JRBEKhr.exe
  C:\Windows\System\JRBEKhr.exe
  2⤵
  PID:3508
- C:\Windows\System\KAebitn.exe
  C:\Windows\System\KAebitn.exe
  2⤵
  PID:3528
- C:\Windows\System\FbdONLz.exe
  C:\Windows\System\FbdONLz.exe
  2⤵
  PID:3548
- C:\Windows\System\mzbEQCR.exe
  C:\Windows\System\mzbEQCR.exe
  2⤵
  PID:3568
- C:\Windows\System\jZaenIr.exe
  C:\Windows\System\jZaenIr.exe
  2⤵
  PID:3588
- C:\Windows\System\TNFJzoD.exe
  C:\Windows\System\TNFJzoD.exe
  2⤵
  PID:3608
- C:\Windows\System\HfbMUiP.exe
  C:\Windows\System\HfbMUiP.exe
  2⤵
  PID:3628
- C:\Windows\System\DyvwuXt.exe
  C:\Windows\System\DyvwuXt.exe
  2⤵
  PID:3648
- C:\Windows\System\gMMmdPy.exe
  C:\Windows\System\gMMmdPy.exe
  2⤵
  PID:3668
- C:\Windows\System\apSqlcd.exe
  C:\Windows\System\apSqlcd.exe
  2⤵
  PID:3688
- C:\Windows\System\BKqQljt.exe
  C:\Windows\System\BKqQljt.exe
  2⤵
  PID:3708
- C:\Windows\System\GrAUQOn.exe
  C:\Windows\System\GrAUQOn.exe
  2⤵
  PID:3728
- C:\Windows\System\AsEamsg.exe
  C:\Windows\System\AsEamsg.exe
  2⤵
  PID:3748
- C:\Windows\System\yKgrsyY.exe
  C:\Windows\System\yKgrsyY.exe
  2⤵
  PID:3768
- C:\Windows\System\fctJyYm.exe
  C:\Windows\System\fctJyYm.exe
  2⤵
  PID:3788
- C:\Windows\System\IZvxkKb.exe
  C:\Windows\System\IZvxkKb.exe
  2⤵
  PID:3808
- C:\Windows\System\KZiGmvu.exe
  C:\Windows\System\KZiGmvu.exe
  2⤵
  PID:3828
- C:\Windows\System\cygOAiS.exe
  C:\Windows\System\cygOAiS.exe
  2⤵
  PID:3848
- C:\Windows\System\lZalmav.exe
  C:\Windows\System\lZalmav.exe
  2⤵
  PID:3868
- C:\Windows\System\luFwfFX.exe
  C:\Windows\System\luFwfFX.exe
  2⤵
  PID:3888
- C:\Windows\System\UQhTVTb.exe
  C:\Windows\System\UQhTVTb.exe
  2⤵
  PID:3908
- C:\Windows\System\INAjdDx.exe
  C:\Windows\System\INAjdDx.exe
  2⤵
  PID:3928
- C:\Windows\System\TtgRJSB.exe
  C:\Windows\System\TtgRJSB.exe
  2⤵
  PID:3948
- C:\Windows\System\QPXmfzm.exe
  C:\Windows\System\QPXmfzm.exe
  2⤵
  PID:3968
- C:\Windows\System\BRVuQLu.exe
  C:\Windows\System\BRVuQLu.exe
  2⤵
  PID:3992
- C:\Windows\System\aNFtOVM.exe
  C:\Windows\System\aNFtOVM.exe
  2⤵
  PID:4012
- C:\Windows\System\NoERICx.exe
  C:\Windows\System\NoERICx.exe
  2⤵
  PID:4032
- C:\Windows\System\ltbWfCV.exe
  C:\Windows\System\ltbWfCV.exe
  2⤵
  PID:4052
- C:\Windows\System\nguSCDc.exe
  C:\Windows\System\nguSCDc.exe
  2⤵
  PID:4072
- C:\Windows\System\QWGzFrn.exe
  C:\Windows\System\QWGzFrn.exe
  2⤵
  PID:4092
- C:\Windows\System\arECPSt.exe
  C:\Windows\System\arECPSt.exe
  2⤵
  PID:764
- C:\Windows\System\MJgjnSl.exe
  C:\Windows\System\MJgjnSl.exe
  2⤵
  PID:2320
- C:\Windows\System\xYoIoZu.exe
  C:\Windows\System\xYoIoZu.exe
  2⤵
  PID:640
- C:\Windows\System\oGbxFKO.exe
  C:\Windows\System\oGbxFKO.exe
  2⤵
  PID:2804
- C:\Windows\System\rSUyCbV.exe
  C:\Windows\System\rSUyCbV.exe
  2⤵
  PID:2060
- C:\Windows\System\GhNRwTN.exe
  C:\Windows\System\GhNRwTN.exe
  2⤵
  PID:2540
- C:\Windows\System\biKZQVa.exe
  C:\Windows\System\biKZQVa.exe
  2⤵
  PID:1768
- C:\Windows\System\hIyUuiz.exe
  C:\Windows\System\hIyUuiz.exe
  2⤵
  PID:1664
- C:\Windows\System\DvPDhQY.exe
  C:\Windows\System\DvPDhQY.exe
  2⤵
  PID:1440
- C:\Windows\System\HOngeOD.exe
  C:\Windows\System\HOngeOD.exe
  2⤵
  PID:688
- C:\Windows\System\oFoZfBf.exe
  C:\Windows\System\oFoZfBf.exe
  2⤵
  PID:1932
- C:\Windows\System\nDEKTuy.exe
  C:\Windows\System\nDEKTuy.exe
  2⤵
  PID:2452
- C:\Windows\System\linfAsL.exe
  C:\Windows\System\linfAsL.exe
  2⤵
  PID:3100
- C:\Windows\System\kLzFESz.exe
  C:\Windows\System\kLzFESz.exe
  2⤵
  PID:3132
- C:\Windows\System\WTrIxdd.exe
  C:\Windows\System\WTrIxdd.exe
  2⤵
  PID:3156
- C:\Windows\System\DjYVwLE.exe
  C:\Windows\System\DjYVwLE.exe
  2⤵
  PID:3196
- C:\Windows\System\tmVuBXB.exe
  C:\Windows\System\tmVuBXB.exe
  2⤵
  PID:3240
- C:\Windows\System\JPFiCAw.exe
  C:\Windows\System\JPFiCAw.exe
  2⤵
  PID:3260
- C:\Windows\System\RvlQQmf.exe
  C:\Windows\System\RvlQQmf.exe
  2⤵
  PID:3292
- C:\Windows\System\zCpsVlX.exe
  C:\Windows\System\zCpsVlX.exe
  2⤵
  PID:3332
- C:\Windows\System\OYaMJCk.exe
  C:\Windows\System\OYaMJCk.exe
  2⤵
  PID:3360
- C:\Windows\System\gUZRCnE.exe
  C:\Windows\System\gUZRCnE.exe
  2⤵
  PID:3384
- C:\Windows\System\XjqeJCc.exe
  C:\Windows\System\XjqeJCc.exe
  2⤵
  PID:3420
- C:\Windows\System\tsDSfVP.exe
  C:\Windows\System\tsDSfVP.exe
  2⤵
  PID:3484
- C:\Windows\System\PpySbVH.exe
  C:\Windows\System\PpySbVH.exe
  2⤵
  PID:3500
- C:\Windows\System\haDqylU.exe
  C:\Windows\System\haDqylU.exe
  2⤵
  PID:3556
- C:\Windows\System\aMKyEkn.exe
  C:\Windows\System\aMKyEkn.exe
  2⤵
  PID:3560
- C:\Windows\System\BvLTHAs.exe
  C:\Windows\System\BvLTHAs.exe
  2⤵
  PID:3600
- C:\Windows\System\FGyOYWP.exe
  C:\Windows\System\FGyOYWP.exe
  2⤵
  PID:3624
- C:\Windows\System\hnzNCDz.exe
  C:\Windows\System\hnzNCDz.exe
  2⤵
  PID:3656
- C:\Windows\System\krjNBYN.exe
  C:\Windows\System\krjNBYN.exe
  2⤵
  PID:3716
- C:\Windows\System\eAwRfsr.exe
  C:\Windows\System\eAwRfsr.exe
  2⤵
  PID:3756
- C:\Windows\System\jyUhhGT.exe
  C:\Windows\System\jyUhhGT.exe
  2⤵
  PID:3776
- C:\Windows\System\vQrcxqL.exe
  C:\Windows\System\vQrcxqL.exe
  2⤵
  PID:3800
- C:\Windows\System\CzIgOHA.exe
  C:\Windows\System\CzIgOHA.exe
  2⤵
  PID:3840
- C:\Windows\System\hZQDBfy.exe
  C:\Windows\System\hZQDBfy.exe
  2⤵
  PID:3856
- C:\Windows\System\GmhVfMC.exe
  C:\Windows\System\GmhVfMC.exe
  2⤵
  PID:3924
- C:\Windows\System\vabUqVT.exe
  C:\Windows\System\vabUqVT.exe
  2⤵
  PID:3956
- C:\Windows\System\hjTfIym.exe
  C:\Windows\System\hjTfIym.exe
  2⤵
  PID:3976
- C:\Windows\System\dcIYxmA.exe
  C:\Windows\System\dcIYxmA.exe
  2⤵
  PID:4008
- C:\Windows\System\EpzlJEI.exe
  C:\Windows\System\EpzlJEI.exe
  2⤵
  PID:4028
- C:\Windows\System\dnuPTBT.exe
  C:\Windows\System\dnuPTBT.exe
  2⤵
  PID:4064
- C:\Windows\System\NyZPLAq.exe
  C:\Windows\System\NyZPLAq.exe
  2⤵
  PID:868
- C:\Windows\System\AfvHbWW.exe
  C:\Windows\System\AfvHbWW.exe
  2⤵
  PID:1724
- C:\Windows\System\wICTPvr.exe
  C:\Windows\System\wICTPvr.exe
  2⤵
  PID:2572
- C:\Windows\System\aWpdtdt.exe
  C:\Windows\System\aWpdtdt.exe
  2⤵
  PID:2604
- C:\Windows\System\dwPoogq.exe
  C:\Windows\System\dwPoogq.exe
  2⤵
  PID:2428
- C:\Windows\System\oQwtOOi.exe
  C:\Windows\System\oQwtOOi.exe
  2⤵
  PID:948
- C:\Windows\System\FfKUYRr.exe
  C:\Windows\System\FfKUYRr.exe
  2⤵
  PID:2308
- C:\Windows\System\zcchoVO.exe
  C:\Windows\System\zcchoVO.exe
  2⤵
  PID:3112
- C:\Windows\System\XzShYJm.exe
  C:\Windows\System\XzShYJm.exe
  2⤵
  PID:2432
- C:\Windows\System\yIKPdKg.exe
  C:\Windows\System\yIKPdKg.exe
  2⤵
  PID:3160
- C:\Windows\System\vGJBhOL.exe
  C:\Windows\System\vGJBhOL.exe
  2⤵
  PID:3272
- C:\Windows\System\pbkqiPf.exe
  C:\Windows\System\pbkqiPf.exe
  2⤵
  PID:3312
- C:\Windows\System\qJGNYAy.exe
  C:\Windows\System\qJGNYAy.exe
  2⤵
  PID:3396
- C:\Windows\System\OricEjD.exe
  C:\Windows\System\OricEjD.exe
  2⤵
  PID:3436
- C:\Windows\System\WVegyly.exe
  C:\Windows\System\WVegyly.exe
  2⤵
  PID:3464
- C:\Windows\System\fsAIdxx.exe
  C:\Windows\System\fsAIdxx.exe
  2⤵
  PID:3496
- C:\Windows\System\BWSofIX.exe
  C:\Windows\System\BWSofIX.exe
  2⤵
  PID:3544
- C:\Windows\System\EkiPAas.exe
  C:\Windows\System\EkiPAas.exe
  2⤵
  PID:3620
- C:\Windows\System\mpMfbOo.exe
  C:\Windows\System\mpMfbOo.exe
  2⤵
  PID:3664
- C:\Windows\System\PaNkdKQ.exe
  C:\Windows\System\PaNkdKQ.exe
  2⤵
  PID:3696
- C:\Windows\System\wKOoqRo.exe
  C:\Windows\System\wKOoqRo.exe
  2⤵
  PID:3780
- C:\Windows\System\BACYqnP.exe
  C:\Windows\System\BACYqnP.exe
  2⤵
  PID:3880
- C:\Windows\System\DjAtKEr.exe
  C:\Windows\System\DjAtKEr.exe
  2⤵
  PID:3936
- C:\Windows\System\TedpqwI.exe
  C:\Windows\System\TedpqwI.exe
  2⤵
  PID:4004
- C:\Windows\System\okWoDCb.exe
  C:\Windows\System\okWoDCb.exe
  2⤵
  PID:3980
- C:\Windows\System\tAXFmRT.exe
  C:\Windows\System\tAXFmRT.exe
  2⤵
  PID:4048
- C:\Windows\System\igghkfz.exe
  C:\Windows\System\igghkfz.exe
  2⤵
  PID:4084
- C:\Windows\System\bLdrmmU.exe
  C:\Windows\System\bLdrmmU.exe
  2⤵
  PID:2568
- C:\Windows\System\BvpIQYG.exe
  C:\Windows\System\BvpIQYG.exe
  2⤵
  PID:2664
- C:\Windows\System\jnJshwh.exe
  C:\Windows\System\jnJshwh.exe
  2⤵
  PID:2336
- C:\Windows\System\KNAncUT.exe
  C:\Windows\System\KNAncUT.exe
  2⤵
  PID:3180
- C:\Windows\System\ClgzqRt.exe
  C:\Windows\System\ClgzqRt.exe
  2⤵
  PID:3232
- C:\Windows\System\ubOAlYX.exe
  C:\Windows\System\ubOAlYX.exe
  2⤵
  PID:3336
- C:\Windows\System\EERUStc.exe
  C:\Windows\System\EERUStc.exe
  2⤵
  PID:2108
- C:\Windows\System\MQUFvdn.exe
  C:\Windows\System\MQUFvdn.exe
  2⤵
  PID:3504
- C:\Windows\System\WwWXMbN.exe
  C:\Windows\System\WwWXMbN.exe
  2⤵
  PID:3700
- C:\Windows\System\NzoKNPS.exe
  C:\Windows\System\NzoKNPS.exe
  2⤵
  PID:3876
- C:\Windows\System\fDHUydB.exe
  C:\Windows\System\fDHUydB.exe
  2⤵
  PID:4040
- C:\Windows\System\qAxGYcm.exe
  C:\Windows\System\qAxGYcm.exe
  2⤵
  PID:1316
- C:\Windows\System\aktkqbQ.exe
  C:\Windows\System\aktkqbQ.exe
  2⤵
  PID:1864
- C:\Windows\System\cnHYijj.exe
  C:\Windows\System\cnHYijj.exe
  2⤵
  PID:3596
- C:\Windows\System\vlgQsSX.exe
  C:\Windows\System\vlgQsSX.exe
  2⤵
  PID:3076
- C:\Windows\System\vPEpXxP.exe
  C:\Windows\System\vPEpXxP.exe
  2⤵
  PID:3676
- C:\Windows\System\oBppaZy.exe
  C:\Windows\System\oBppaZy.exe
  2⤵
  PID:4104
- C:\Windows\System\RzqihoT.exe
  C:\Windows\System\RzqihoT.exe
  2⤵
  PID:4124
- C:\Windows\System\qyJYjyj.exe
  C:\Windows\System\qyJYjyj.exe
  2⤵
  PID:4168
- C:\Windows\System\rClRXtz.exe
  C:\Windows\System\rClRXtz.exe
  2⤵
  PID:4188
- C:\Windows\System\ZYmwCQh.exe
  C:\Windows\System\ZYmwCQh.exe
  2⤵
  PID:4208
- C:\Windows\System\SxDIYWB.exe
  C:\Windows\System\SxDIYWB.exe
  2⤵
  PID:4224
- C:\Windows\System\mtIGkpN.exe
  C:\Windows\System\mtIGkpN.exe
  2⤵
  PID:4248
- C:\Windows\System\TvSypqE.exe
  C:\Windows\System\TvSypqE.exe
  2⤵
  PID:4264
- C:\Windows\System\FCVAviZ.exe
  C:\Windows\System\FCVAviZ.exe
  2⤵
  PID:4288
- C:\Windows\System\uxIXjkA.exe
  C:\Windows\System\uxIXjkA.exe
  2⤵
  PID:4304
- C:\Windows\System\SUPHjrv.exe
  C:\Windows\System\SUPHjrv.exe
  2⤵
  PID:4328
- C:\Windows\System\uFjRxQF.exe
  C:\Windows\System\uFjRxQF.exe
  2⤵
  PID:4348
- C:\Windows\System\iEEvEEm.exe
  C:\Windows\System\iEEvEEm.exe
  2⤵
  PID:4368
- C:\Windows\System\rGstITd.exe
  C:\Windows\System\rGstITd.exe
  2⤵
  PID:4384
- C:\Windows\System\zTxGMhG.exe
  C:\Windows\System\zTxGMhG.exe
  2⤵
  PID:4408
- C:\Windows\System\qyblUIw.exe
  C:\Windows\System\qyblUIw.exe
  2⤵
  PID:4424
- C:\Windows\System\wlEsNAA.exe
  C:\Windows\System\wlEsNAA.exe
  2⤵
  PID:4444
- C:\Windows\System\mvGXZxO.exe
  C:\Windows\System\mvGXZxO.exe
  2⤵
  PID:4464
- C:\Windows\System\EPIaldo.exe
  C:\Windows\System\EPIaldo.exe
  2⤵
  PID:4484
- C:\Windows\System\grCcayC.exe
  C:\Windows\System\grCcayC.exe
  2⤵
  PID:4504
- C:\Windows\System\NXhytbn.exe
  C:\Windows\System\NXhytbn.exe
  2⤵
  PID:4524
- C:\Windows\System\iUUoano.exe
  C:\Windows\System\iUUoano.exe
  2⤵
  PID:4540
- C:\Windows\System\siqeupg.exe
  C:\Windows\System\siqeupg.exe
  2⤵
  PID:4560
- C:\Windows\System\CmUvvaA.exe
  C:\Windows\System\CmUvvaA.exe
  2⤵
  PID:4580
- C:\Windows\System\qcnPxIr.exe
  C:\Windows\System\qcnPxIr.exe
  2⤵
  PID:4600
- C:\Windows\System\dRSBxgt.exe
  C:\Windows\System\dRSBxgt.exe
  2⤵
  PID:4616
- C:\Windows\System\JNxgXIG.exe
  C:\Windows\System\JNxgXIG.exe
  2⤵
  PID:4644
- C:\Windows\System\JcqCvaR.exe
  C:\Windows\System\JcqCvaR.exe
  2⤵
  PID:4660
- C:\Windows\System\QcwwEYi.exe
  C:\Windows\System\QcwwEYi.exe
  2⤵
  PID:4680
- C:\Windows\System\MWvVtxt.exe
  C:\Windows\System\MWvVtxt.exe
  2⤵
  PID:4700
- C:\Windows\System\TcvLedW.exe
  C:\Windows\System\TcvLedW.exe
  2⤵
  PID:4720
- C:\Windows\System\GLFWmwp.exe
  C:\Windows\System\GLFWmwp.exe
  2⤵
  PID:4756
- C:\Windows\System\JdotbWN.exe
  C:\Windows\System\JdotbWN.exe
  2⤵
  PID:4776
- C:\Windows\System\XHWTZZy.exe
  C:\Windows\System\XHWTZZy.exe
  2⤵
  PID:4792
- C:\Windows\System\fpltROB.exe
  C:\Windows\System\fpltROB.exe
  2⤵
  PID:4812
- C:\Windows\System\PTjKoaI.exe
  C:\Windows\System\PTjKoaI.exe
  2⤵
  PID:4832
- C:\Windows\System\kedNWWp.exe
  C:\Windows\System\kedNWWp.exe
  2⤵
  PID:4852
- C:\Windows\System\hqswgig.exe
  C:\Windows\System\hqswgig.exe
  2⤵
  PID:4872
- C:\Windows\System\BSTMNHi.exe
  C:\Windows\System\BSTMNHi.exe
  2⤵
  PID:4892
- C:\Windows\System\kqdBsPH.exe
  C:\Windows\System\kqdBsPH.exe
  2⤵
  PID:4912
- C:\Windows\System\FSFjZgm.exe
  C:\Windows\System\FSFjZgm.exe
  2⤵
  PID:4936
- C:\Windows\System\DUtuZzq.exe
  C:\Windows\System\DUtuZzq.exe
  2⤵
  PID:4952
- C:\Windows\System\nNkCsZm.exe
  C:\Windows\System\nNkCsZm.exe
  2⤵
  PID:4972
- C:\Windows\System\pNLiGNi.exe
  C:\Windows\System\pNLiGNi.exe
  2⤵
  PID:4992
- C:\Windows\System\wQeBZiD.exe
  C:\Windows\System\wQeBZiD.exe
  2⤵
  PID:5012
- C:\Windows\System\jkwVcNH.exe
  C:\Windows\System\jkwVcNH.exe
  2⤵
  PID:5028
- C:\Windows\System\DHpPLBa.exe
  C:\Windows\System\DHpPLBa.exe
  2⤵
  PID:5056
- C:\Windows\System\kRoVYpB.exe
  C:\Windows\System\kRoVYpB.exe
  2⤵
  PID:5072
- C:\Windows\System\RSmRfDf.exe
  C:\Windows\System\RSmRfDf.exe
  2⤵
  PID:5096
- C:\Windows\System\gqwoqiX.exe
  C:\Windows\System\gqwoqiX.exe
  2⤵
  PID:5116
- C:\Windows\System\SediioL.exe
  C:\Windows\System\SediioL.exe
  2⤵
  PID:1320
- C:\Windows\System\qopqDEf.exe
  C:\Windows\System\qopqDEf.exe
  2⤵
  PID:3816
- C:\Windows\System\OJcERVr.exe
  C:\Windows\System\OJcERVr.exe
  2⤵
  PID:3944
- C:\Windows\System\zxCsajb.exe
  C:\Windows\System\zxCsajb.exe
  2⤵
  PID:1964
- C:\Windows\System\bJINBmH.exe
  C:\Windows\System\bJINBmH.exe
  2⤵
  PID:4060
- C:\Windows\System\uyvbMkp.exe
  C:\Windows\System\uyvbMkp.exe
  2⤵
  PID:3916
- C:\Windows\System\MEKdPZe.exe
  C:\Windows\System\MEKdPZe.exe
  2⤵
  PID:3212
- C:\Windows\System\eSFipZE.exe
  C:\Windows\System\eSFipZE.exe
  2⤵
  PID:3524
- C:\Windows\System\vOHLVJB.exe
  C:\Windows\System\vOHLVJB.exe
  2⤵
  PID:4140
- C:\Windows\System\NYhBbgc.exe
  C:\Windows\System\NYhBbgc.exe
  2⤵
  PID:3744
- C:\Windows\System\mzVEiGI.exe
  C:\Windows\System\mzVEiGI.exe
  2⤵
  PID:4116
- C:\Windows\System\rzCcRee.exe
  C:\Windows\System\rzCcRee.exe
  2⤵
  PID:4176
- C:\Windows\System\otjPnDp.exe
  C:\Windows\System\otjPnDp.exe
  2⤵
  PID:4184
- C:\Windows\System\IGLerVF.exe
  C:\Windows\System\IGLerVF.exe
  2⤵
  PID:4284
- C:\Windows\System\krZmYGO.exe
  C:\Windows\System\krZmYGO.exe
  2⤵
  PID:4320
- C:\Windows\System\hESYWFb.exe
  C:\Windows\System\hESYWFb.exe
  2⤵
  PID:4364
- C:\Windows\System\cIlMGNS.exe
  C:\Windows\System\cIlMGNS.exe
  2⤵
  PID:4400
- C:\Windows\System\qVwDqVn.exe
  C:\Windows\System\qVwDqVn.exe
  2⤵
  PID:4472
- C:\Windows\System\vTYUKQQ.exe
  C:\Windows\System\vTYUKQQ.exe
  2⤵
  PID:4336
- C:\Windows\System\qVShGBP.exe
  C:\Windows\System\qVShGBP.exe
  2⤵
  PID:4548
- C:\Windows\System\ttYEuWH.exe
  C:\Windows\System\ttYEuWH.exe
  2⤵
  PID:4588
- C:\Windows\System\ZYcafVx.exe
  C:\Windows\System\ZYcafVx.exe
  2⤵
  PID:4624
- C:\Windows\System\iwPbrDj.exe
  C:\Windows\System\iwPbrDj.exe
  2⤵
  PID:4456
- C:\Windows\System\PRcgVoU.exe
  C:\Windows\System\PRcgVoU.exe
  2⤵
  PID:2820
- C:\Windows\System\eaDhJgi.exe
  C:\Windows\System\eaDhJgi.exe
  2⤵
  PID:4532
- C:\Windows\System\ApacdFR.exe
  C:\Windows\System\ApacdFR.exe
  2⤵
  PID:4576
- C:\Windows\System\eOEdnRi.exe
  C:\Windows\System\eOEdnRi.exe
  2⤵
  PID:4716
- C:\Windows\System\MYiyEIt.exe
  C:\Windows\System\MYiyEIt.exe
  2⤵
  PID:4728
- C:\Windows\System\SbdAjOQ.exe
  C:\Windows\System\SbdAjOQ.exe
  2⤵
  PID:2936
- C:\Windows\System\fkPxPIh.exe
  C:\Windows\System\fkPxPIh.exe
  2⤵
  PID:2104
- C:\Windows\System\BDlRbqQ.exe
  C:\Windows\System\BDlRbqQ.exe
  2⤵
  PID:2792
- C:\Windows\System\kBYxiDX.exe
  C:\Windows\System\kBYxiDX.exe
  2⤵
  PID:4772
- C:\Windows\System\GetCjJj.exe
  C:\Windows\System\GetCjJj.exe
  2⤵
  PID:4696
- C:\Windows\System\FohigUV.exe
  C:\Windows\System\FohigUV.exe
  2⤵
  PID:4840
- C:\Windows\System\DgHrboE.exe
  C:\Windows\System\DgHrboE.exe
  2⤵
  PID:4788
- C:\Windows\System\QlciAMx.exe
  C:\Windows\System\QlciAMx.exe
  2⤵
  PID:2648
- C:\Windows\System\WSpkBWA.exe
  C:\Windows\System\WSpkBWA.exe
  2⤵
  PID:4932
- C:\Windows\System\ZEvMhZM.exe
  C:\Windows\System\ZEvMhZM.exe
  2⤵
  PID:4960
- C:\Windows\System\muttCmX.exe
  C:\Windows\System\muttCmX.exe
  2⤵
  PID:4868
- C:\Windows\System\cgwIDwF.exe
  C:\Windows\System\cgwIDwF.exe
  2⤵
  PID:4908
- C:\Windows\System\ztYbdfx.exe
  C:\Windows\System\ztYbdfx.exe
  2⤵
  PID:4948
- C:\Windows\System\jjZqSew.exe
  C:\Windows\System\jjZqSew.exe
  2⤵
  PID:5040
- C:\Windows\System\uKHCIfj.exe
  C:\Windows\System\uKHCIfj.exe
  2⤵
  PID:5024
- C:\Windows\System\xoUFbDY.exe
  C:\Windows\System\xoUFbDY.exe
  2⤵
  PID:3684
- C:\Windows\System\GZLyUQi.exe
  C:\Windows\System\GZLyUQi.exe
  2⤵
  PID:2004
- C:\Windows\System\hknfSLv.exe
  C:\Windows\System\hknfSLv.exe
  2⤵
  PID:5104
- C:\Windows\System\CmdEKHL.exe
  C:\Windows\System\CmdEKHL.exe
  2⤵
  PID:4136
- C:\Windows\System\HPRaNmi.exe
  C:\Windows\System\HPRaNmi.exe
  2⤵
  PID:3276
- C:\Windows\System\NmFSFqa.exe
  C:\Windows\System\NmFSFqa.exe
  2⤵
  PID:3804
- C:\Windows\System\qPwjRUw.exe
  C:\Windows\System\qPwjRUw.exe
  2⤵
  PID:3216
- C:\Windows\System\rPcJYUi.exe
  C:\Windows\System\rPcJYUi.exe
  2⤵
  PID:4112
- C:\Windows\System\yyDMYCj.exe
  C:\Windows\System\yyDMYCj.exe
  2⤵
  PID:3316
- C:\Windows\System\DgbnvEo.exe
  C:\Windows\System\DgbnvEo.exe
  2⤵
  PID:4200
- C:\Windows\System\lynPQfN.exe
  C:\Windows\System\lynPQfN.exe
  2⤵
  PID:4316
- C:\Windows\System\XqeWcAP.exe
  C:\Windows\System\XqeWcAP.exe
  2⤵
  PID:4392
- C:\Windows\System\xRvKpps.exe
  C:\Windows\System\xRvKpps.exe
  2⤵
  PID:4356
- C:\Windows\System\hpLAtAF.exe
  C:\Windows\System\hpLAtAF.exe
  2⤵
  PID:4436
- C:\Windows\System\CAlGXaq.exe
  C:\Windows\System\CAlGXaq.exe
  2⤵
  PID:4628
- C:\Windows\System\bQCBUTz.exe
  C:\Windows\System\bQCBUTz.exe
  2⤵
  PID:2760
- C:\Windows\System\qsdrzZu.exe
  C:\Windows\System\qsdrzZu.exe
  2⤵
  PID:4452
- C:\Windows\System\UUbkcvC.exe
  C:\Windows\System\UUbkcvC.exe
  2⤵
  PID:3000
- C:\Windows\System\Plylmdl.exe
  C:\Windows\System\Plylmdl.exe
  2⤵
  PID:4708
- C:\Windows\System\eAVQypV.exe
  C:\Windows\System\eAVQypV.exe
  2⤵
  PID:4568
- C:\Windows\System\KfKYzIl.exe
  C:\Windows\System\KfKYzIl.exe
  2⤵
  PID:2728
- C:\Windows\System\pUbjZBP.exe
  C:\Windows\System\pUbjZBP.exe
  2⤵
  PID:2780
- C:\Windows\System\VpRIPHJ.exe
  C:\Windows\System\VpRIPHJ.exe
  2⤵
  PID:2524
- C:\Windows\System\RvAVBce.exe
  C:\Windows\System\RvAVBce.exe
  2⤵
  PID:4764
- C:\Windows\System\cOWAwBu.exe
  C:\Windows\System\cOWAwBu.exe
  2⤵
  PID:4744
- C:\Windows\System\kJeMgkH.exe
  C:\Windows\System\kJeMgkH.exe
  2⤵
  PID:4888
- C:\Windows\System\xjeqrtb.exe
  C:\Windows\System\xjeqrtb.exe
  2⤵
  PID:4860
- C:\Windows\System\zTIrgyu.exe
  C:\Windows\System\zTIrgyu.exe
  2⤵
  PID:5092
- C:\Windows\System\NqtQdeT.exe
  C:\Windows\System\NqtQdeT.exe
  2⤵
  PID:3116
- C:\Windows\System\LMYyDPE.exe
  C:\Windows\System\LMYyDPE.exe
  2⤵
  PID:4904
- C:\Windows\System\Cqwuiww.exe
  C:\Windows\System\Cqwuiww.exe
  2⤵
  PID:5064
- C:\Windows\System\oMXXaIq.exe
  C:\Windows\System\oMXXaIq.exe
  2⤵
  PID:3480
- C:\Windows\System\KDucTzM.exe
  C:\Windows\System\KDucTzM.exe
  2⤵
  PID:2812
- C:\Windows\System\ZgYxTov.exe
  C:\Windows\System\ZgYxTov.exe
  2⤵
  PID:5108
- C:\Windows\System\ptarmbH.exe
  C:\Windows\System\ptarmbH.exe
  2⤵
  PID:4156
- C:\Windows\System\lXLfQny.exe
  C:\Windows\System\lXLfQny.exe
  2⤵
  PID:4152
- C:\Windows\System\rXZFKGM.exe
  C:\Windows\System\rXZFKGM.exe
  2⤵
  PID:4324
- C:\Windows\System\GtuUOCA.exe
  C:\Windows\System\GtuUOCA.exe
  2⤵
  PID:4512
- C:\Windows\System\qVCjFkp.exe
  C:\Windows\System\qVCjFkp.exe
  2⤵
  PID:4396
- C:\Windows\System\URZDFXQ.exe
  C:\Windows\System\URZDFXQ.exe
  2⤵
  PID:4344
- C:\Windows\System\bhWoeuk.exe
  C:\Windows\System\bhWoeuk.exe
  2⤵
  PID:4416
- C:\Windows\System\zvfdMaK.exe
  C:\Windows\System\zvfdMaK.exe
  2⤵
  PID:4612
- C:\Windows\System\esrbLJU.exe
  C:\Windows\System\esrbLJU.exe
  2⤵
  PID:4692
- C:\Windows\System\KhLmYKM.exe
  C:\Windows\System\KhLmYKM.exe
  2⤵
  PID:2720
- C:\Windows\System\GCQHzbO.exe
  C:\Windows\System\GCQHzbO.exe
  2⤵
  PID:4924
- C:\Windows\System\KpogFuk.exe
  C:\Windows\System\KpogFuk.exe
  2⤵
  PID:2852
- C:\Windows\System\YLblyWG.exe
  C:\Windows\System\YLblyWG.exe
  2⤵
  PID:3520
- C:\Windows\System\IRndqDf.exe
  C:\Windows\System\IRndqDf.exe
  2⤵
  PID:1496
- C:\Windows\System\lZgUaPQ.exe
  C:\Windows\System\lZgUaPQ.exe
  2⤵
  PID:4864
- C:\Windows\System\ohYEWGS.exe
  C:\Windows\System\ohYEWGS.exe
  2⤵
  PID:1572
- C:\Windows\System\UbXiwbR.exe
  C:\Windows\System\UbXiwbR.exe
  2⤵
  PID:4988
- C:\Windows\System\bhInTdI.exe
  C:\Windows\System\bhInTdI.exe
  2⤵
  PID:4272
- C:\Windows\System\tYayLoe.exe
  C:\Windows\System\tYayLoe.exe
  2⤵
  PID:3364
- C:\Windows\System\VAvKLLB.exe
  C:\Windows\System\VAvKLLB.exe
  2⤵
  PID:4340
- C:\Windows\System\VuaHlhp.exe
  C:\Windows\System\VuaHlhp.exe
  2⤵
  PID:976
- C:\Windows\System\bGQKpxG.exe
  C:\Windows\System\bGQKpxG.exe
  2⤵
  PID:1596
- C:\Windows\System\ReFZASW.exe
  C:\Windows\System\ReFZASW.exe
  2⤵
  PID:4676
- C:\Windows\System\GcHcIsw.exe
  C:\Windows\System\GcHcIsw.exe
  2⤵
  PID:4844
- C:\Windows\System\rJPdxTj.exe
  C:\Windows\System\rJPdxTj.exe
  2⤵
  PID:4824
- C:\Windows\System\eYhweBm.exe
  C:\Windows\System\eYhweBm.exe
  2⤵
  PID:5052
- C:\Windows\System\sZaiJLf.exe
  C:\Windows\System\sZaiJLf.exe
  2⤵
  PID:2932
- C:\Windows\System\lOXPyTo.exe
  C:\Windows\System\lOXPyTo.exe
  2⤵
  PID:4312
- C:\Windows\System\nMMNaOk.exe
  C:\Windows\System\nMMNaOk.exe
  2⤵
  PID:2676
- C:\Windows\System\AxJakFd.exe
  C:\Windows\System\AxJakFd.exe
  2⤵
  PID:4160
- C:\Windows\System\mFHuIuq.exe
  C:\Windows\System\mFHuIuq.exe
  2⤵
  PID:3080
- C:\Windows\System\nMaTFzD.exe
  C:\Windows\System\nMaTFzD.exe
  2⤵
  PID:5044
- C:\Windows\System\QoRpjsw.exe
  C:\Windows\System\QoRpjsw.exe
  2⤵
  PID:2552
- C:\Windows\System\KzvLzmc.exe
  C:\Windows\System\KzvLzmc.exe
  2⤵
  PID:2388
- C:\Windows\System\MJENRbA.exe
  C:\Windows\System\MJENRbA.exe
  2⤵
  PID:2788
- C:\Windows\System\jLXRvbh.exe
  C:\Windows\System\jLXRvbh.exe
  2⤵
  PID:4980
- C:\Windows\System\cALSfdU.exe
  C:\Windows\System\cALSfdU.exe
  2⤵
  PID:2068
- C:\Windows\System\VBHvGgI.exe
  C:\Windows\System\VBHvGgI.exe
  2⤵
  PID:2656
- C:\Windows\System\qKPxVIV.exe
  C:\Windows\System\qKPxVIV.exe
  2⤵
  PID:2548
- C:\Windows\System\MZRqhEg.exe
  C:\Windows\System\MZRqhEg.exe
  2⤵
  PID:2800
- C:\Windows\System\rOSTxHq.exe
  C:\Windows\System\rOSTxHq.exe
  2⤵
  PID:1512
- C:\Windows\System\mWcOwBE.exe
  C:\Windows\System\mWcOwBE.exe
  2⤵
  PID:2276
- C:\Windows\System\ZToYeCo.exe
  C:\Windows\System\ZToYeCo.exe
  2⤵
  PID:2916
- C:\Windows\System\DpGXdlu.exe
  C:\Windows\System\DpGXdlu.exe
  2⤵
  PID:4552
- C:\Windows\System\lZKgbLP.exe
  C:\Windows\System\lZKgbLP.exe
  2⤵
  PID:2148
- C:\Windows\System\pWVmfQJ.exe
  C:\Windows\System\pWVmfQJ.exe
  2⤵
  PID:4164
- C:\Windows\System\NMSRFSp.exe
  C:\Windows\System\NMSRFSp.exe
  2⤵
  PID:2700
- C:\Windows\System\imAcBmQ.exe
  C:\Windows\System\imAcBmQ.exe
  2⤵
  PID:4500
- C:\Windows\System\qhtSyCR.exe
  C:\Windows\System\qhtSyCR.exe
  2⤵
  PID:1084
- C:\Windows\System\AlgIrtZ.exe
  C:\Windows\System\AlgIrtZ.exe
  2⤵
  PID:2972
- C:\Windows\System\GpkSodE.exe
  C:\Windows\System\GpkSodE.exe
  2⤵
  PID:4900
- C:\Windows\System\jCuKOEv.exe
  C:\Windows\System\jCuKOEv.exe
  2⤵
  PID:3092
- C:\Windows\System\KMckmGI.exe
  C:\Windows\System\KMckmGI.exe
  2⤵
  PID:2532
- C:\Windows\System\auqjxXP.exe
  C:\Windows\System\auqjxXP.exe
  2⤵
  PID:1196
- C:\Windows\System\yaUxFAY.exe
  C:\Windows\System\yaUxFAY.exe
  2⤵
  PID:2828
- C:\Windows\System\vGUuTBs.exe
  C:\Windows\System\vGUuTBs.exe
  2⤵
  PID:2776
- C:\Windows\System\ccTRgjE.exe
  C:\Windows\System\ccTRgjE.exe
  2⤵
  PID:5080
- C:\Windows\System\RzCuynF.exe
  C:\Windows\System\RzCuynF.exe
  2⤵
  PID:2628
- C:\Windows\System\TTvRVTn.exe
  C:\Windows\System\TTvRVTn.exe
  2⤵
  PID:2356
- C:\Windows\System\jiWKmrm.exe
  C:\Windows\System\jiWKmrm.exe
  2⤵
  PID:2192
- C:\Windows\System\qxpaZYc.exe
  C:\Windows\System\qxpaZYc.exe
  2⤵
  PID:3988
- C:\Windows\System\AmtEOmd.exe
  C:\Windows\System\AmtEOmd.exe
  2⤵
  PID:2900
- C:\Windows\System\GaXybxB.exe
  C:\Windows\System\GaXybxB.exe
  2⤵
  PID:4100
- C:\Windows\System\LopGWUm.exe
  C:\Windows\System\LopGWUm.exe
  2⤵
  PID:1860
- C:\Windows\System\WfMCKjH.exe
  C:\Windows\System\WfMCKjH.exe
  2⤵
  PID:2584
- C:\Windows\System\BgeZbuM.exe
  C:\Windows\System\BgeZbuM.exe
  2⤵
  PID:2304
- C:\Windows\System\UcTVquP.exe
  C:\Windows\System\UcTVquP.exe
  2⤵
  PID:1696
- C:\Windows\System\oSkQBRh.exe
  C:\Windows\System\oSkQBRh.exe
  2⤵
  PID:2160
- C:\Windows\System\EADplbg.exe
  C:\Windows\System\EADplbg.exe
  2⤵
  PID:4740
- C:\Windows\System\SjmFNZM.exe
  C:\Windows\System\SjmFNZM.exe
  2⤵
  PID:5140
- C:\Windows\System\IhCrYYr.exe
  C:\Windows\System\IhCrYYr.exe
  2⤵
  PID:5176
- C:\Windows\System\HyNFfWC.exe
  C:\Windows\System\HyNFfWC.exe
  2⤵
  PID:5200
- C:\Windows\System\kIPFyOX.exe
  C:\Windows\System\kIPFyOX.exe
  2⤵
  PID:5220
- C:\Windows\System\KfHLDSX.exe
  C:\Windows\System\KfHLDSX.exe
  2⤵
  PID:5236
- C:\Windows\System\zhSBJao.exe
  C:\Windows\System\zhSBJao.exe
  2⤵
  PID:5256
- C:\Windows\System\mHWzUux.exe
  C:\Windows\System\mHWzUux.exe
  2⤵
  PID:5276
- C:\Windows\System\SHshuOL.exe
  C:\Windows\System\SHshuOL.exe
  2⤵
  PID:5296
- C:\Windows\System\ZReYmnV.exe
  C:\Windows\System\ZReYmnV.exe
  2⤵
  PID:5312
- C:\Windows\System\rfkKqDi.exe
  C:\Windows\System\rfkKqDi.exe
  2⤵
  PID:5328
- C:\Windows\System\DIXXWOa.exe
  C:\Windows\System\DIXXWOa.exe
  2⤵
  PID:5356
- C:\Windows\System\axAffPp.exe
  C:\Windows\System\axAffPp.exe
  2⤵
  PID:5372
- C:\Windows\System\NuFNduS.exe
  C:\Windows\System\NuFNduS.exe
  2⤵
  PID:5388
- C:\Windows\System\AJvVFui.exe
  C:\Windows\System\AJvVFui.exe
  2⤵
  PID:5408
- C:\Windows\System\cOmPNjO.exe
  C:\Windows\System\cOmPNjO.exe
  2⤵
  PID:5432
- C:\Windows\System\rlDmLqy.exe
  C:\Windows\System\rlDmLqy.exe
  2⤵
  PID:5448
- C:\Windows\System\ZOoUfdN.exe
  C:\Windows\System\ZOoUfdN.exe
  2⤵
  PID:5464
- C:\Windows\System\TyDgleO.exe
  C:\Windows\System\TyDgleO.exe
  2⤵
  PID:5480
- C:\Windows\System\IkwXToq.exe
  C:\Windows\System\IkwXToq.exe
  2⤵
  PID:5504
- C:\Windows\System\OKdnjeq.exe
  C:\Windows\System\OKdnjeq.exe
  2⤵
  PID:5520
- C:\Windows\System\rFiXkRB.exe
  C:\Windows\System\rFiXkRB.exe
  2⤵
  PID:5536
- C:\Windows\System\uMeKwaS.exe
  C:\Windows\System\uMeKwaS.exe
  2⤵
  PID:5552
- C:\Windows\System\kSMIBNS.exe
  C:\Windows\System\kSMIBNS.exe
  2⤵
  PID:5568
- C:\Windows\System\KalmBBF.exe
  C:\Windows\System\KalmBBF.exe
  2⤵
  PID:5588
- C:\Windows\System\zavVQKp.exe
  C:\Windows\System\zavVQKp.exe
  2⤵
  PID:5608
- C:\Windows\System\AmvLLvn.exe
  C:\Windows\System\AmvLLvn.exe
  2⤵
  PID:5628
- C:\Windows\System\jFwqetB.exe
  C:\Windows\System\jFwqetB.exe
  2⤵
  PID:5644
- C:\Windows\System\DExcDOU.exe
  C:\Windows\System\DExcDOU.exe
  2⤵
  PID:5660
- C:\Windows\System\nnykHKF.exe
  C:\Windows\System\nnykHKF.exe
  2⤵
  PID:5700
- C:\Windows\System\HgVSVTj.exe
  C:\Windows\System\HgVSVTj.exe
  2⤵
  PID:5716
- C:\Windows\System\ZgJvuSs.exe
  C:\Windows\System\ZgJvuSs.exe
  2⤵
  PID:5772
- C:\Windows\System\DDSkYRi.exe
  C:\Windows\System\DDSkYRi.exe
  2⤵
  PID:5792
- C:\Windows\System\dwlQkZo.exe
  C:\Windows\System\dwlQkZo.exe
  2⤵
  PID:5808
- C:\Windows\System\XVcuMTz.exe
  C:\Windows\System\XVcuMTz.exe
  2⤵
  PID:5824
- C:\Windows\System\rfbaAcB.exe
  C:\Windows\System\rfbaAcB.exe
  2⤵
  PID:5840
- C:\Windows\System\NmLLlyG.exe
  C:\Windows\System\NmLLlyG.exe
  2⤵
  PID:5856
- C:\Windows\System\sNYHeNf.exe
  C:\Windows\System\sNYHeNf.exe
  2⤵
  PID:5872
- C:\Windows\System\fTUtizR.exe
  C:\Windows\System\fTUtizR.exe
  2⤵
  PID:5888
- C:\Windows\System\JhzXSUr.exe
  C:\Windows\System\JhzXSUr.exe
  2⤵
  PID:5916
- C:\Windows\System\CHOdLbS.exe
  C:\Windows\System\CHOdLbS.exe
  2⤵
  PID:5932
- C:\Windows\System\hObrSJE.exe
  C:\Windows\System\hObrSJE.exe
  2⤵
  PID:5948
- C:\Windows\System\BHMXotH.exe
  C:\Windows\System\BHMXotH.exe
  2⤵
  PID:5964
- C:\Windows\System\nrkWboq.exe
  C:\Windows\System\nrkWboq.exe
  2⤵
  PID:5980
- C:\Windows\System\CBZgYNA.exe
  C:\Windows\System\CBZgYNA.exe
  2⤵
  PID:5996
- C:\Windows\System\WTRByDB.exe
  C:\Windows\System\WTRByDB.exe
  2⤵
  PID:6016
- C:\Windows\System\oNkHeyg.exe
  C:\Windows\System\oNkHeyg.exe
  2⤵
  PID:6044
- C:\Windows\System\CTJtFdR.exe
  C:\Windows\System\CTJtFdR.exe
  2⤵
  PID:6080
- C:\Windows\System\VpvCOYY.exe
  C:\Windows\System\VpvCOYY.exe
  2⤵
  PID:6108
- C:\Windows\System\KLMptJY.exe
  C:\Windows\System\KLMptJY.exe
  2⤵
  PID:6124
- C:\Windows\System\EbOeMdS.exe
  C:\Windows\System\EbOeMdS.exe
  2⤵
  PID:2024
- C:\Windows\System\RUFGKyq.exe
  C:\Windows\System\RUFGKyq.exe
  2⤵
  PID:5132
- C:\Windows\System\TZZlTfU.exe
  C:\Windows\System\TZZlTfU.exe
  2⤵
  PID:1784
- C:\Windows\System\vOiyjHn.exe
  C:\Windows\System\vOiyjHn.exe
  2⤵
  PID:5172
- C:\Windows\System\OaJxlEA.exe
  C:\Windows\System\OaJxlEA.exe
  2⤵
  PID:1096
- C:\Windows\System\vwBfMob.exe
  C:\Windows\System\vwBfMob.exe
  2⤵
  PID:1008
- C:\Windows\System\XOSBxza.exe
  C:\Windows\System\XOSBxza.exe
  2⤵
  PID:5168
- C:\Windows\System\zGmAjDZ.exe
  C:\Windows\System\zGmAjDZ.exe
  2⤵
  PID:5232
- C:\Windows\System\VlKLxoe.exe
  C:\Windows\System\VlKLxoe.exe
  2⤵
  PID:5252
- C:\Windows\System\TZhluAP.exe
  C:\Windows\System\TZhluAP.exe
  2⤵
  PID:5304
- C:\Windows\System\fxCMVgD.exe
  C:\Windows\System\fxCMVgD.exe
  2⤵
  PID:5324
- C:\Windows\System\msOcLbG.exe
  C:\Windows\System\msOcLbG.exe
  2⤵
  PID:5416
- C:\Windows\System\eegDbyW.exe
  C:\Windows\System\eegDbyW.exe
  2⤵
  PID:5456
- C:\Windows\System\yiLmGZi.exe
  C:\Windows\System\yiLmGZi.exe
  2⤵
  PID:5496
- C:\Windows\System\JjDXllQ.exe
  C:\Windows\System\JjDXllQ.exe
  2⤵
  PID:5560
- C:\Windows\System\TUBBFvq.exe
  C:\Windows\System\TUBBFvq.exe
  2⤵
  PID:5636
- C:\Windows\System\kIovtgL.exe
  C:\Windows\System\kIovtgL.exe
  2⤵
  PID:5476
- C:\Windows\System\cbfHJmE.exe
  C:\Windows\System\cbfHJmE.exe
  2⤵
  PID:5676
- C:\Windows\System\eXIbvWV.exe
  C:\Windows\System\eXIbvWV.exe
  2⤵
  PID:5584
- C:\Windows\System\DstUFAy.exe
  C:\Windows\System\DstUFAy.exe
  2⤵
  PID:5732
- C:\Windows\System\aNAVfBz.exe
  C:\Windows\System\aNAVfBz.exe
  2⤵
  PID:5512
- C:\Windows\System\ydWPADd.exe
  C:\Windows\System\ydWPADd.exe
  2⤵
  PID:5708
- C:\Windows\System\KcDPWzq.exe
  C:\Windows\System\KcDPWzq.exe
  2⤵
  PID:5788
- C:\Windows\System\ggnShgA.exe
  C:\Windows\System\ggnShgA.exe
  2⤵
  PID:5800
- C:\Windows\System\AsphBRH.exe
  C:\Windows\System\AsphBRH.exe
  2⤵
  PID:5900
- C:\Windows\System\FlYldGz.exe
  C:\Windows\System\FlYldGz.exe
  2⤵
  PID:5972
- C:\Windows\System\PDjJQdn.exe
  C:\Windows\System\PDjJQdn.exe
  2⤵
  PID:5992
- C:\Windows\System\OXOQhcM.exe
  C:\Windows\System\OXOQhcM.exe
  2⤵
  PID:6008
- C:\Windows\System\NEzfKer.exe
  C:\Windows\System\NEzfKer.exe
  2⤵
  PID:6064
- C:\Windows\System\TfrMSpO.exe
  C:\Windows\System\TfrMSpO.exe
  2⤵
  PID:5880
- C:\Windows\System\jebwcWM.exe
  C:\Windows\System\jebwcWM.exe
  2⤵
  PID:6036
- C:\Windows\System\NYbtRxB.exe
  C:\Windows\System\NYbtRxB.exe
  2⤵
  PID:5852
- C:\Windows\System\xPmMRgx.exe
  C:\Windows\System\xPmMRgx.exe
  2⤵
  PID:5784
- C:\Windows\System\hWZxnJd.exe
  C:\Windows\System\hWZxnJd.exe
  2⤵
  PID:5228
- C:\Windows\System\ByztLWr.exe
  C:\Windows\System\ByztLWr.exe
  2⤵
  PID:5268
- C:\Windows\System\bSALcYD.exe
  C:\Windows\System\bSALcYD.exe
  2⤵
  PID:5340
- C:\Windows\System\fISteFd.exe
  C:\Windows\System\fISteFd.exe
  2⤵
  PID:1072
- C:\Windows\System\WpaNVFz.exe
  C:\Windows\System\WpaNVFz.exe
  2⤵
  PID:5344
- C:\Windows\System\uVmiNMH.exe
  C:\Windows\System\uVmiNMH.exe
  2⤵
  PID:5292
- C:\Windows\System\kBvGZoR.exe
  C:\Windows\System\kBvGZoR.exe
  2⤵
  PID:5364
- C:\Windows\System\lrsCwVX.exe
  C:\Windows\System\lrsCwVX.exe
  2⤵
  PID:5668
- C:\Windows\System\EEWxcXQ.exe
  C:\Windows\System\EEWxcXQ.exe
  2⤵
  PID:5624
- C:\Windows\System\LUmfxSn.exe
  C:\Windows\System\LUmfxSn.exe
  2⤵
  PID:5596
- C:\Windows\System\QjTxwbU.exe
  C:\Windows\System\QjTxwbU.exe
  2⤵
  PID:5424
- C:\Windows\System\FpWxmzP.exe
  C:\Windows\System\FpWxmzP.exe
  2⤵
  PID:5548
- C:\Windows\System\bchToXq.exe
  C:\Windows\System\bchToXq.exe
  2⤵
  PID:5752
- C:\Windows\System\tQPVyqg.exe
  C:\Windows\System\tQPVyqg.exe
  2⤵
  PID:5768
- C:\Windows\System\WVuvyhk.exe
  C:\Windows\System\WVuvyhk.exe
  2⤵
  PID:5832
- C:\Windows\System\MUzEqIj.exe
  C:\Windows\System\MUzEqIj.exe
  2⤵
  PID:5864
- C:\Windows\System\ATIWaID.exe
  C:\Windows\System\ATIWaID.exe
  2⤵
  PID:5820
- C:\Windows\System\nJNPXmq.exe
  C:\Windows\System\nJNPXmq.exe
  2⤵
  PID:6032
- C:\Windows\System\PTwIjtl.exe
  C:\Windows\System\PTwIjtl.exe
  2⤵
  PID:6120
- C:\Windows\System\fYzpGIL.exe
  C:\Windows\System\fYzpGIL.exe
  2⤵
  PID:844
- C:\Windows\System\ENhbJQG.exe
  C:\Windows\System\ENhbJQG.exe
  2⤵
  PID:6092
- C:\Windows\System\dDVJIbt.exe
  C:\Windows\System\dDVJIbt.exe
  2⤵
  PID:5248
- C:\Windows\System\mTwyidU.exe
  C:\Windows\System\mTwyidU.exe
  2⤵
  PID:5156
- C:\Windows\System\cNzPVOf.exe
  C:\Windows\System\cNzPVOf.exe
  2⤵
  PID:5244
- C:\Windows\System\ScHbkiV.exe
  C:\Windows\System\ScHbkiV.exe
  2⤵
  PID:5404
- C:\Windows\System\VVWPQKm.exe
  C:\Windows\System\VVWPQKm.exe
  2⤵
  PID:5724
- C:\Windows\System\XQTWzah.exe
  C:\Windows\System\XQTWzah.exe
  2⤵
  PID:5652
- C:\Windows\System\MezuzfB.exe
  C:\Windows\System\MezuzfB.exe
  2⤵
  PID:5428
- C:\Windows\System\qJadPPn.exe
  C:\Windows\System\qJadPPn.exe
  2⤵
  PID:5780
- C:\Windows\System\CbMzKXp.exe
  C:\Windows\System\CbMzKXp.exe
  2⤵
  PID:6060
- C:\Windows\System\XdtRRPL.exe
  C:\Windows\System\XdtRRPL.exe
  2⤵
  PID:5960
- C:\Windows\System\OSuBFXy.exe
  C:\Windows\System\OSuBFXy.exe
  2⤵
  PID:1776
- C:\Windows\System\EsQNBeC.exe
  C:\Windows\System\EsQNBeC.exe
  2⤵
  PID:5196
- C:\Windows\System\aNHSwob.exe
  C:\Windows\System\aNHSwob.exe
  2⤵
  PID:5380
- C:\Windows\System\uESLHgI.exe
  C:\Windows\System\uESLHgI.exe
  2⤵
  PID:5444
- C:\Windows\System\wzSLKFS.exe
  C:\Windows\System\wzSLKFS.exe
  2⤵
  PID:2944
- C:\Windows\System\ohORoqs.exe
  C:\Windows\System\ohORoqs.exe
  2⤵
  PID:6076
- C:\Windows\System\ncKekid.exe
  C:\Windows\System\ncKekid.exe
  2⤵
  PID:6068
- C:\Windows\System\rTyTLwa.exe
  C:\Windows\System\rTyTLwa.exe
  2⤵
  PID:5976
- C:\Windows\System\VIOeNSx.exe
  C:\Windows\System\VIOeNSx.exe
  2⤵
  PID:5184
- C:\Windows\System\BMQCpgh.exe
  C:\Windows\System\BMQCpgh.exe
  2⤵
  PID:5400
- C:\Windows\System\VqxoSXF.exe
  C:\Windows\System\VqxoSXF.exe
  2⤵
  PID:5764
- C:\Windows\System\jkjLiaX.exe
  C:\Windows\System\jkjLiaX.exe
  2⤵
  PID:5912
- C:\Windows\System\nyEsjaH.exe
  C:\Windows\System\nyEsjaH.exe
  2⤵
  PID:680
- C:\Windows\System\wqrnVWl.exe
  C:\Windows\System\wqrnVWl.exe
  2⤵
  PID:2040
- C:\Windows\System\oxymMvS.exe
  C:\Windows\System\oxymMvS.exe
  2⤵
  PID:6088
- C:\Windows\System\aqwcuJd.exe
  C:\Windows\System\aqwcuJd.exe
  2⤵
  PID:5192
- C:\Windows\System\lbLDTmp.exe
  C:\Windows\System\lbLDTmp.exe
  2⤵
  PID:6136
- C:\Windows\System\QqIPbxn.exe
  C:\Windows\System\QqIPbxn.exe
  2⤵
  PID:6152
- C:\Windows\System\cSGmGeK.exe
  C:\Windows\System\cSGmGeK.exe
  2⤵
  PID:6168
- C:\Windows\System\jgIhVoA.exe
  C:\Windows\System\jgIhVoA.exe
  2⤵
  PID:6188
- C:\Windows\System\XMBMezM.exe
  C:\Windows\System\XMBMezM.exe
  2⤵
  PID:6216
- C:\Windows\System\WeGEeOQ.exe
  C:\Windows\System\WeGEeOQ.exe
  2⤵
  PID:6236
- C:\Windows\System\cvKszaH.exe
  C:\Windows\System\cvKszaH.exe
  2⤵
  PID:6256
- C:\Windows\System\VEcGosB.exe
  C:\Windows\System\VEcGosB.exe
  2⤵
  PID:6280
- C:\Windows\System\SsjNuBL.exe
  C:\Windows\System\SsjNuBL.exe
  2⤵
  PID:6296
- C:\Windows\System\VcZNZal.exe
  C:\Windows\System\VcZNZal.exe
  2⤵
  PID:6316
- C:\Windows\System\sMaksMF.exe
  C:\Windows\System\sMaksMF.exe
  2⤵
  PID:6336
- C:\Windows\System\MoQfrsc.exe
  C:\Windows\System\MoQfrsc.exe
  2⤵
  PID:6356
- C:\Windows\System\gkOMQXh.exe
  C:\Windows\System\gkOMQXh.exe
  2⤵
  PID:6376
- C:\Windows\System\SgYGoQR.exe
  C:\Windows\System\SgYGoQR.exe
  2⤵
  PID:6392
- C:\Windows\System\CdSYueg.exe
  C:\Windows\System\CdSYueg.exe
  2⤵
  PID:6408
- C:\Windows\System\PrphTRm.exe
  C:\Windows\System\PrphTRm.exe
  2⤵
  PID:6440
- C:\Windows\System\TyqYfbb.exe
  C:\Windows\System\TyqYfbb.exe
  2⤵
  PID:6460
- C:\Windows\System\fZkFCld.exe
  C:\Windows\System\fZkFCld.exe
  2⤵
  PID:6476
- C:\Windows\System\tSSouNs.exe
  C:\Windows\System\tSSouNs.exe
  2⤵
  PID:6496
- C:\Windows\System\omMwKUD.exe
  C:\Windows\System\omMwKUD.exe
  2⤵
  PID:6520
- C:\Windows\System\JhAXonq.exe
  C:\Windows\System\JhAXonq.exe
  2⤵
  PID:6536
- C:\Windows\System\wJVvUrz.exe
  C:\Windows\System\wJVvUrz.exe
  2⤵
  PID:6552
- C:\Windows\System\FrlxgLD.exe
  C:\Windows\System\FrlxgLD.exe
  2⤵
  PID:6572
- C:\Windows\System\XtyONtn.exe
  C:\Windows\System\XtyONtn.exe
  2⤵
  PID:6588
- C:\Windows\System\jYOcfae.exe
  C:\Windows\System\jYOcfae.exe
  2⤵
  PID:6604
- C:\Windows\System\EwOlyot.exe
  C:\Windows\System\EwOlyot.exe
  2⤵
  PID:6640
- C:\Windows\System\mfcbNwK.exe
  C:\Windows\System\mfcbNwK.exe
  2⤵
  PID:6656
- C:\Windows\System\dvlasvC.exe
  C:\Windows\System\dvlasvC.exe
  2⤵
  PID:6672
- C:\Windows\System\IYGoric.exe
  C:\Windows\System\IYGoric.exe
  2⤵
  PID:6692
- C:\Windows\System\lkGnUKD.exe
  C:\Windows\System\lkGnUKD.exe
  2⤵
  PID:6708
- C:\Windows\System\BiQwoGI.exe
  C:\Windows\System\BiQwoGI.exe
  2⤵
  PID:6724
- C:\Windows\System\iIqdQUC.exe
  C:\Windows\System\iIqdQUC.exe
  2⤵
  PID:6756
- C:\Windows\System\FPWzlTr.exe
  C:\Windows\System\FPWzlTr.exe
  2⤵
  PID:6776
- C:\Windows\System\nxoQUDW.exe
  C:\Windows\System\nxoQUDW.exe
  2⤵
  PID:6800
- C:\Windows\System\hYnIjQg.exe
  C:\Windows\System\hYnIjQg.exe
  2⤵
  PID:6820
- C:\Windows\System\lCKGuPn.exe
  C:\Windows\System\lCKGuPn.exe
  2⤵
  PID:6840
- C:\Windows\System\NHKHrUu.exe
  C:\Windows\System\NHKHrUu.exe
  2⤵
  PID:6856
- C:\Windows\System\moBkbuZ.exe
  C:\Windows\System\moBkbuZ.exe
  2⤵
  PID:6872
- C:\Windows\System\PdHjgLu.exe
  C:\Windows\System\PdHjgLu.exe
  2⤵
  PID:6896
- C:\Windows\System\ySEPRRZ.exe
  C:\Windows\System\ySEPRRZ.exe
  2⤵
  PID:6916
- C:\Windows\System\skczRZv.exe
  C:\Windows\System\skczRZv.exe
  2⤵
  PID:6932
- C:\Windows\System\HIKTWPS.exe
  C:\Windows\System\HIKTWPS.exe
  2⤵
  PID:6948
- C:\Windows\System\QsAKPcz.exe
  C:\Windows\System\QsAKPcz.exe
  2⤵
  PID:6964
- C:\Windows\System\doWEuyD.exe
  C:\Windows\System\doWEuyD.exe
  2⤵
  PID:6980
- C:\Windows\System\mVewpPU.exe
  C:\Windows\System\mVewpPU.exe
  2⤵
  PID:6996
- C:\Windows\System\plEtOjI.exe
  C:\Windows\System\plEtOjI.exe
  2⤵
  PID:7012
- C:\Windows\System\xipzqQb.exe
  C:\Windows\System\xipzqQb.exe
  2⤵
  PID:7028
- C:\Windows\System\OelIKcT.exe
  C:\Windows\System\OelIKcT.exe
  2⤵
  PID:7048
- C:\Windows\System\ESHfETG.exe
  C:\Windows\System\ESHfETG.exe
  2⤵
  PID:7072
- C:\Windows\System\uqfPheW.exe
  C:\Windows\System\uqfPheW.exe
  2⤵
  PID:7104
- C:\Windows\System\VpkbcbB.exe
  C:\Windows\System\VpkbcbB.exe
  2⤵
  PID:7120
- C:\Windows\System\pjscUXQ.exe
  C:\Windows\System\pjscUXQ.exe
  2⤵
  PID:7136
- C:\Windows\System\LuLQCVx.exe
  C:\Windows\System\LuLQCVx.exe
  2⤵
  PID:7152
- C:\Windows\System\IGHrqnv.exe
  C:\Windows\System\IGHrqnv.exe
  2⤵
  PID:5988
- C:\Windows\System\lkSaIEl.exe
  C:\Windows\System\lkSaIEl.exe
  2⤵
  PID:5492
- C:\Windows\System\BGVAUVQ.exe
  C:\Windows\System\BGVAUVQ.exe
  2⤵
  PID:6196
- C:\Windows\System\gqzdPdw.exe
  C:\Windows\System\gqzdPdw.exe
  2⤵
  PID:6228
- C:\Windows\System\WpKGRDY.exe
  C:\Windows\System\WpKGRDY.exe
  2⤵
  PID:6248
- C:\Windows\System\ebFUpwz.exe
  C:\Windows\System\ebFUpwz.exe
  2⤵
  PID:6288
- C:\Windows\System\sTNjfqr.exe
  C:\Windows\System\sTNjfqr.exe
  2⤵
  PID:6372
- C:\Windows\System\tbLEchR.exe
  C:\Windows\System\tbLEchR.exe
  2⤵
  PID:6364
- C:\Windows\System\qixmSRM.exe
  C:\Windows\System\qixmSRM.exe
  2⤵
  PID:6472
- C:\Windows\System\IAhdQJE.exe
  C:\Windows\System\IAhdQJE.exe
  2⤵
  PID:6516
- C:\Windows\System\DNJRyXp.exe
  C:\Windows\System\DNJRyXp.exe
  2⤵
  PID:6580
- C:\Windows\System\CVQAwOe.exe
  C:\Windows\System\CVQAwOe.exe
  2⤵
  PID:6484
- C:\Windows\System\KmnrukO.exe
  C:\Windows\System\KmnrukO.exe
  2⤵
  PID:6492
- C:\Windows\System\fhBCXJm.exe
  C:\Windows\System\fhBCXJm.exe
  2⤵
  PID:6616
- C:\Windows\System\kcMQaZp.exe
  C:\Windows\System\kcMQaZp.exe
  2⤵
  PID:6636
- C:\Windows\System\GIVOUJW.exe
  C:\Windows\System\GIVOUJW.exe
  2⤵
  PID:6704
- C:\Windows\System\PPoZjvK.exe
  C:\Windows\System\PPoZjvK.exe
  2⤵
  PID:6744
- C:\Windows\System\kwgXcuw.exe
  C:\Windows\System\kwgXcuw.exe
  2⤵
  PID:6652
- C:\Windows\System\sdUlcXW.exe
  C:\Windows\System\sdUlcXW.exe
  2⤵
  PID:6796
- C:\Windows\System\sQGRcer.exe
  C:\Windows\System\sQGRcer.exe
  2⤵
  PID:6812
- C:\Windows\System\jAlgxdE.exe
  C:\Windows\System\jAlgxdE.exe
  2⤵
  PID:6836
- C:\Windows\System\SNHThxJ.exe
  C:\Windows\System\SNHThxJ.exe
  2⤵
  PID:6880
- C:\Windows\System\yAYfvFM.exe
  C:\Windows\System\yAYfvFM.exe
  2⤵
  PID:6912
- C:\Windows\System\NCEbKXM.exe
  C:\Windows\System\NCEbKXM.exe
  2⤵
  PID:6976
- C:\Windows\System\dRrZFEA.exe
  C:\Windows\System\dRrZFEA.exe
  2⤵
  PID:5368
- C:\Windows\System\OqUkAqB.exe
  C:\Windows\System\OqUkAqB.exe
  2⤵
  PID:7024
- C:\Windows\System\koTjldd.exe
  C:\Windows\System\koTjldd.exe
  2⤵
  PID:7080
- C:\Windows\System\BSANcoI.exe
  C:\Windows\System\BSANcoI.exe
  2⤵
  PID:7096
- C:\Windows\System\AdPUCxe.exe
  C:\Windows\System\AdPUCxe.exe
  2⤵
  PID:5264
- C:\Windows\System\wmnEqJc.exe
  C:\Windows\System\wmnEqJc.exe
  2⤵
  PID:6244
- C:\Windows\System\tiIlPVP.exe
  C:\Windows\System\tiIlPVP.exe
  2⤵
  PID:7068
- C:\Windows\System\WhWfrdA.exe
  C:\Windows\System\WhWfrdA.exe
  2⤵
  PID:7148
- C:\Windows\System\fLptiKq.exe
  C:\Windows\System\fLptiKq.exe
  2⤵
  PID:6200
- C:\Windows\System\qiMiEBX.exe
  C:\Windows\System\qiMiEBX.exe
  2⤵
  PID:6276
- C:\Windows\System\BDZFKBi.exe
  C:\Windows\System\BDZFKBi.exe
  2⤵
  PID:6332
- C:\Windows\System\lMagQDk.exe
  C:\Windows\System\lMagQDk.exe
  2⤵
  PID:6324
- C:\Windows\System\llyBTpG.exe
  C:\Windows\System\llyBTpG.exe
  2⤵
  PID:6468
- C:\Windows\System\muzgLjn.exe
  C:\Windows\System\muzgLjn.exe
  2⤵
  PID:6508
- C:\Windows\System\uCjMGsk.exe
  C:\Windows\System\uCjMGsk.exe
  2⤵
  PID:6624
- C:\Windows\System\Wctkgtn.exe
  C:\Windows\System\Wctkgtn.exe
  2⤵
  PID:6680
- C:\Windows\System\XYgwqaA.exe
  C:\Windows\System\XYgwqaA.exe
  2⤵
  PID:6596
- C:\Windows\System\vqIqitx.exe
  C:\Windows\System\vqIqitx.exe
  2⤵
  PID:6740
- C:\Windows\System\YFJiPIw.exe
  C:\Windows\System\YFJiPIw.exe
  2⤵
  PID:6828
- C:\Windows\System\WZXSbTO.exe
  C:\Windows\System\WZXSbTO.exe
  2⤵
  PID:6904
- C:\Windows\System\wwAgnen.exe
  C:\Windows\System\wwAgnen.exe
  2⤵
  PID:6960
- C:\Windows\System\AyPORLy.exe
  C:\Windows\System\AyPORLy.exe
  2⤵
  PID:7160
- C:\Windows\System\EsQdHfA.exe
  C:\Windows\System\EsQdHfA.exe
  2⤵
  PID:7132
- C:\Windows\System\lYDErkm.exe
  C:\Windows\System\lYDErkm.exe
  2⤵
  PID:6160
- C:\Windows\System\xvZWPSj.exe
  C:\Windows\System\xvZWPSj.exe
  2⤵
  PID:6352
- C:\Windows\System\ScdsBSw.exe
  C:\Windows\System\ScdsBSw.exe
  2⤵
  PID:6176
- C:\Windows\System\YOAkBor.exe
  C:\Windows\System\YOAkBor.exe
  2⤵
  PID:6432
- C:\Windows\System\ECRjDhm.exe
  C:\Windows\System\ECRjDhm.exe
  2⤵
  PID:6420
- C:\Windows\System\aJDdwMY.exe
  C:\Windows\System\aJDdwMY.exe
  2⤵
  PID:6388
- C:\Windows\System\IznxbzH.exe
  C:\Windows\System\IznxbzH.exe
  2⤵
  PID:6648
- C:\Windows\System\AAOCnRk.exe
  C:\Windows\System\AAOCnRk.exe
  2⤵
  PID:6720
- C:\Windows\System\KiLMfTM.exe
  C:\Windows\System\KiLMfTM.exe
  2⤵
  PID:6788
- C:\Windows\System\EeQOEYw.exe
  C:\Windows\System\EeQOEYw.exe
  2⤵
  PID:6792
- C:\Windows\System\frAKaKm.exe
  C:\Windows\System\frAKaKm.exe
  2⤵
  PID:7008
- C:\Windows\System\kDIFeKw.exe
  C:\Windows\System\kDIFeKw.exe
  2⤵
  PID:6972
- C:\Windows\System\WJZbaNM.exe
  C:\Windows\System\WJZbaNM.exe
  2⤵
  PID:6924
- C:\Windows\System\leFHoGA.exe
  C:\Windows\System\leFHoGA.exe
  2⤵
  PID:7088
- C:\Windows\System\pUFJxsn.exe
  C:\Windows\System\pUFJxsn.exe
  2⤵
  PID:6436
- C:\Windows\System\cUzpfbI.exe
  C:\Windows\System\cUzpfbI.exe
  2⤵
  PID:6512
- C:\Windows\System\NmygbIC.exe
  C:\Windows\System\NmygbIC.exe
  2⤵
  PID:6632
- C:\Windows\System\JfCKetG.exe
  C:\Windows\System\JfCKetG.exe
  2⤵
  PID:6956
- C:\Windows\System\tSQhobC.exe
  C:\Windows\System\tSQhobC.exe
  2⤵
  PID:6716
- C:\Windows\System\Snfoghg.exe
  C:\Windows\System\Snfoghg.exe
  2⤵
  PID:6344
- C:\Windows\System\EEItTBq.exe
  C:\Windows\System\EEItTBq.exe
  2⤵
  PID:6272
- C:\Windows\System\RUfBVyM.exe
  C:\Windows\System\RUfBVyM.exe
  2⤵
  PID:6400
- C:\Windows\System\skXFSik.exe
  C:\Windows\System\skXFSik.exe
  2⤵
  PID:6448
- C:\Windows\System\tzATKAC.exe
  C:\Windows\System\tzATKAC.exe
  2⤵
  PID:6868
- C:\Windows\System\qOeWJQj.exe
  C:\Windows\System\qOeWJQj.exe
  2⤵
  PID:7176
- C:\Windows\System\kxPlZuW.exe
  C:\Windows\System\kxPlZuW.exe
  2⤵
  PID:7192
- C:\Windows\System\rJWmkGE.exe
  C:\Windows\System\rJWmkGE.exe
  2⤵
  PID:7216
- C:\Windows\System\uOGpvQj.exe
  C:\Windows\System\uOGpvQj.exe
  2⤵
  PID:7240
- C:\Windows\System\nLZlbLu.exe
  C:\Windows\System\nLZlbLu.exe
  2⤵
  PID:7256
- C:\Windows\System\PIixQXj.exe
  C:\Windows\System\PIixQXj.exe
  2⤵
  PID:7272
- C:\Windows\System\xnSCetd.exe
  C:\Windows\System\xnSCetd.exe
  2⤵
  PID:7288
- C:\Windows\System\pkqemXC.exe
  C:\Windows\System\pkqemXC.exe
  2⤵
  PID:7304
- C:\Windows\System\jNgabzU.exe
  C:\Windows\System\jNgabzU.exe
  2⤵
  PID:7320
- C:\Windows\System\wrnPmVU.exe
  C:\Windows\System\wrnPmVU.exe
  2⤵
  PID:7372
- C:\Windows\System\PCpGVZa.exe
  C:\Windows\System\PCpGVZa.exe
  2⤵
  PID:7388
- C:\Windows\System\NsjDQTZ.exe
  C:\Windows\System\NsjDQTZ.exe
  2⤵
  PID:7404
- C:\Windows\System\VIeChtV.exe
  C:\Windows\System\VIeChtV.exe
  2⤵
  PID:7420
- C:\Windows\System\IywyNwU.exe
  C:\Windows\System\IywyNwU.exe
  2⤵
  PID:7436
- C:\Windows\System\nJxDVPJ.exe
  C:\Windows\System\nJxDVPJ.exe
  2⤵
  PID:7452
- C:\Windows\System\lQMseZz.exe
  C:\Windows\System\lQMseZz.exe
  2⤵
  PID:7468
- C:\Windows\System\AVhxYnc.exe
  C:\Windows\System\AVhxYnc.exe
  2⤵
  PID:7484
- C:\Windows\System\ZpnYPjN.exe
  C:\Windows\System\ZpnYPjN.exe
  2⤵
  PID:7512
- C:\Windows\System\EEtlGdu.exe
  C:\Windows\System\EEtlGdu.exe
  2⤵
  PID:7536
- C:\Windows\System\azEzAbs.exe
  C:\Windows\System\azEzAbs.exe
  2⤵
  PID:7552
- C:\Windows\System\DhGbuSY.exe
  C:\Windows\System\DhGbuSY.exe
  2⤵
  PID:7568
- C:\Windows\System\eMIqJZk.exe
  C:\Windows\System\eMIqJZk.exe
  2⤵
  PID:7612
- C:\Windows\System\nxdQNCL.exe
  C:\Windows\System\nxdQNCL.exe
  2⤵
  PID:7628
- C:\Windows\System\CSpApcC.exe
  C:\Windows\System\CSpApcC.exe
  2⤵
  PID:7648
- C:\Windows\System\FxrmtCT.exe
  C:\Windows\System\FxrmtCT.exe
  2⤵
  PID:7668
- C:\Windows\System\GyuUpLQ.exe
  C:\Windows\System\GyuUpLQ.exe
  2⤵
  PID:7688
- C:\Windows\System\BeSmIjR.exe
  C:\Windows\System\BeSmIjR.exe
  2⤵
  PID:7704
- C:\Windows\System\QbjCzBK.exe
  C:\Windows\System\QbjCzBK.exe
  2⤵
  PID:7724
- C:\Windows\System\nPKEoXR.exe
  C:\Windows\System\nPKEoXR.exe
  2⤵
  PID:7744
- C:\Windows\System\pshXBaI.exe
  C:\Windows\System\pshXBaI.exe
  2⤵
  PID:7764
- C:\Windows\System\hkHVbIc.exe
  C:\Windows\System\hkHVbIc.exe
  2⤵
  PID:7788
- C:\Windows\System\vpbbaCN.exe
  C:\Windows\System\vpbbaCN.exe
  2⤵
  PID:7812
- C:\Windows\System\qWLwJUO.exe
  C:\Windows\System\qWLwJUO.exe
  2⤵
  PID:7832
- C:\Windows\System\KfPtDjb.exe
  C:\Windows\System\KfPtDjb.exe
  2⤵
  PID:7848
- C:\Windows\System\bUrCwwX.exe
  C:\Windows\System\bUrCwwX.exe
  2⤵
  PID:7864
- C:\Windows\System\MvoVlnM.exe
  C:\Windows\System\MvoVlnM.exe
  2⤵
  PID:7896
- C:\Windows\System\jntOrFA.exe
  C:\Windows\System\jntOrFA.exe
  2⤵
  PID:7912
- C:\Windows\System\LESoiYs.exe
  C:\Windows\System\LESoiYs.exe
  2⤵
  PID:7928
- C:\Windows\System\uVUlVka.exe
  C:\Windows\System\uVUlVka.exe
  2⤵
  PID:7944
- C:\Windows\System\jlQEmtk.exe
  C:\Windows\System\jlQEmtk.exe
  2⤵
  PID:7960
- C:\Windows\System\QawQMjM.exe
  C:\Windows\System\QawQMjM.exe
  2⤵
  PID:7980
- C:\Windows\System\TdOIYjE.exe
  C:\Windows\System\TdOIYjE.exe
  2⤵
  PID:7996
- C:\Windows\System\jtygepf.exe
  C:\Windows\System\jtygepf.exe
  2⤵
  PID:8036
- C:\Windows\System\tgSrpPW.exe
  C:\Windows\System\tgSrpPW.exe
  2⤵
  PID:8056
- C:\Windows\System\ozksnHY.exe
  C:\Windows\System\ozksnHY.exe
  2⤵
  PID:8076
- C:\Windows\System\jnoOuAa.exe
  C:\Windows\System\jnoOuAa.exe
  2⤵
  PID:8092
- C:\Windows\System\EBwpeFH.exe
  C:\Windows\System\EBwpeFH.exe
  2⤵
  PID:8112
- C:\Windows\System\yMTJTBF.exe
  C:\Windows\System\yMTJTBF.exe
  2⤵
  PID:8128
- C:\Windows\System\cAQwBzs.exe
  C:\Windows\System\cAQwBzs.exe
  2⤵
  PID:8152
- C:\Windows\System\MqozQrL.exe
  C:\Windows\System\MqozQrL.exe
  2⤵
  PID:8180
- C:\Windows\System\KWnvSDW.exe
  C:\Windows\System\KWnvSDW.exe
  2⤵
  PID:7020
- C:\Windows\System\QDqRzii.exe
  C:\Windows\System\QDqRzii.exe
  2⤵
  PID:6684
- C:\Windows\System\sEsnNsa.exe
  C:\Windows\System\sEsnNsa.exe
  2⤵
  PID:6764
- C:\Windows\System\PTDWwZa.exe
  C:\Windows\System\PTDWwZa.exe
  2⤵
  PID:7232
- C:\Windows\System\AjPQBeH.exe
  C:\Windows\System\AjPQBeH.exe
  2⤵
  PID:6668
- C:\Windows\System\PaLEhxX.exe
  C:\Windows\System\PaLEhxX.exe
  2⤵
  PID:7312
- C:\Windows\System\hTEarQo.exe
  C:\Windows\System\hTEarQo.exe
  2⤵
  PID:7296
- C:\Windows\System\erhpNsM.exe
  C:\Windows\System\erhpNsM.exe
  2⤵
  PID:7344
- C:\Windows\System\rNdiAkY.exe
  C:\Windows\System\rNdiAkY.exe
  2⤵
  PID:7360
- C:\Windows\System\JuITJtA.exe
  C:\Windows\System\JuITJtA.exe
  2⤵
  PID:7332
- C:\Windows\System\IdHpuXT.exe
  C:\Windows\System\IdHpuXT.exe
  2⤵
  PID:7380
- C:\Windows\System\asfLREZ.exe
  C:\Windows\System\asfLREZ.exe
  2⤵
  PID:7492
- C:\Windows\System\Oguilys.exe
  C:\Windows\System\Oguilys.exe
  2⤵
  PID:7464
- C:\Windows\System\DlJAjvY.exe
  C:\Windows\System\DlJAjvY.exe
  2⤵
  PID:7524
- C:\Windows\System\VzXriOH.exe
  C:\Windows\System\VzXriOH.exe
  2⤵
  PID:7504
- C:\Windows\System\PAzpPtb.exe
  C:\Windows\System\PAzpPtb.exe
  2⤵
  PID:7596
- C:\Windows\System\AbHyArY.exe
  C:\Windows\System\AbHyArY.exe
  2⤵
  PID:7604
- C:\Windows\System\ntGAHQV.exe
  C:\Windows\System\ntGAHQV.exe
  2⤵
  PID:7624
- C:\Windows\System\lNbkwNG.exe
  C:\Windows\System\lNbkwNG.exe
  2⤵
  PID:7680
- C:\Windows\System\tEkpnFJ.exe
  C:\Windows\System\tEkpnFJ.exe
  2⤵
  PID:7700
- C:\Windows\System\nBrWHvb.exe
  C:\Windows\System\nBrWHvb.exe
  2⤵
  PID:7696
- C:\Windows\System\ubkKMcJ.exe
  C:\Windows\System\ubkKMcJ.exe
  2⤵
  PID:7772
- C:\Windows\System\fEatqMw.exe
  C:\Windows\System\fEatqMw.exe
  2⤵
  PID:7732
- C:\Windows\System\YorGOps.exe
  C:\Windows\System\YorGOps.exe
  2⤵
  PID:7796
- C:\Windows\System\wiCbtXW.exe
  C:\Windows\System\wiCbtXW.exe
  2⤵
  PID:7820
- C:\Windows\System\chxXUWp.exe
  C:\Windows\System\chxXUWp.exe
  2⤵
  PID:7880
- C:\Windows\System\DPcPkyf.exe
  C:\Windows\System\DPcPkyf.exe
  2⤵
  PID:7952
- C:\Windows\System\KdaWtau.exe
  C:\Windows\System\KdaWtau.exe
  2⤵
  PID:8004
- C:\Windows\System\thgIjwA.exe
  C:\Windows\System\thgIjwA.exe
  2⤵
  PID:7972
- C:\Windows\System\LsiJKFR.exe
  C:\Windows\System\LsiJKFR.exe
  2⤵
  PID:8028
- C:\Windows\System\mWpJWGl.exe
  C:\Windows\System\mWpJWGl.exe
  2⤵
  PID:8044
- C:\Windows\System\IFLMgqi.exe
  C:\Windows\System\IFLMgqi.exe
  2⤵
  PID:8084
- C:\Windows\System\ZTeCoUx.exe
  C:\Windows\System\ZTeCoUx.exe
  2⤵
  PID:8104
- C:\Windows\System\vTXHiGF.exe
  C:\Windows\System\vTXHiGF.exe
  2⤵
  PID:8124
- C:\Windows\System\lveqDSf.exe
  C:\Windows\System\lveqDSf.exe
  2⤵
  PID:8164
- C:\Windows\System\rfBGFgL.exe
  C:\Windows\System\rfBGFgL.exe
  2⤵
  PID:8168
- C:\Windows\System\PEwxGtB.exe
  C:\Windows\System\PEwxGtB.exe
  2⤵
  PID:7236
- C:\Windows\System\btEKOhJ.exe
  C:\Windows\System\btEKOhJ.exe
  2⤵
  PID:6532
- C:\Windows\System\qonYwwj.exe
  C:\Windows\System\qonYwwj.exe
  2⤵
  PID:7544
- C:\Windows\System\UEckaNi.exe
  C:\Windows\System\UEckaNi.exe
  2⤵
  PID:7584
- C:\Windows\System\CwbwUFw.exe
  C:\Windows\System\CwbwUFw.exe
  2⤵
  PID:7592
- C:\Windows\System\eMsuoNv.exe
  C:\Windows\System\eMsuoNv.exe
  2⤵
  PID:7740
- C:\Windows\System\BvUMJAC.exe
  C:\Windows\System\BvUMJAC.exe
  2⤵
  PID:7828
- C:\Windows\System\DJXIXek.exe
  C:\Windows\System\DJXIXek.exe
  2⤵
  PID:7904
- C:\Windows\System\hSEmBvT.exe
  C:\Windows\System\hSEmBvT.exe
  2⤵
  PID:7400
- C:\Windows\System\gXULILF.exe
  C:\Windows\System\gXULILF.exe
  2⤵
  PID:7268
- C:\Windows\System\wxMOeeP.exe
  C:\Windows\System\wxMOeeP.exe
  2⤵
  PID:7684
- C:\Windows\System\IGznBPC.exe
  C:\Windows\System\IGznBPC.exe
  2⤵
  PID:7784
- C:\Windows\System\tDtByvy.exe
  C:\Windows\System\tDtByvy.exe
  2⤵
  PID:7888
- C:\Windows\System\rKtLwVB.exe
  C:\Windows\System\rKtLwVB.exe
  2⤵
  PID:7908
- C:\Windows\System\MNwelMd.exe
  C:\Windows\System\MNwelMd.exe
  2⤵
  PID:8088
- C:\Windows\System\AjAGRGn.exe
  C:\Windows\System\AjAGRGn.exe
  2⤵
  PID:8048
- C:\Windows\System\hyCwXOO.exe
  C:\Windows\System\hyCwXOO.exe
  2⤵
  PID:8176
- C:\Windows\System\ayZMTAC.exe
  C:\Windows\System\ayZMTAC.exe
  2⤵
  PID:8144
- C:\Windows\System\IGbuFWW.exe
  C:\Windows\System\IGbuFWW.exe
  2⤵
  PID:7252
- C:\Windows\System\SDRHcmY.exe
  C:\Windows\System\SDRHcmY.exe
  2⤵
  PID:7228
- C:\Windows\System\LYJmHAb.exe
  C:\Windows\System\LYJmHAb.exe
  2⤵
  PID:6328
- C:\Windows\System\DIoMdKi.exe
  C:\Windows\System\DIoMdKi.exe
  2⤵
  PID:7336
- C:\Windows\System\UwMmJmi.exe
  C:\Windows\System\UwMmJmi.exe
  2⤵
  PID:7988
- C:\Windows\System\vUDScxK.exe
  C:\Windows\System\vUDScxK.exe
  2⤵
  PID:8188
- C:\Windows\System\oXRaLcx.exe
  C:\Windows\System\oXRaLcx.exe
  2⤵
  PID:6808
- C:\Windows\System\oLpFduU.exe
  C:\Windows\System\oLpFduU.exe
  2⤵
  PID:7284
- C:\Windows\System\VIgVTCy.exe
  C:\Windows\System\VIgVTCy.exe
  2⤵
  PID:8136
- C:\Windows\System\jmdeZIO.exe
  C:\Windows\System\jmdeZIO.exe
  2⤵
  PID:7208
- C:\Windows\System\sndPCjI.exe
  C:\Windows\System\sndPCjI.exe
  2⤵
  PID:7564
- C:\Windows\System\BErMXLJ.exe
  C:\Windows\System\BErMXLJ.exe
  2⤵
  PID:7432
- C:\Windows\System\qaULjJb.exe
  C:\Windows\System\qaULjJb.exe
  2⤵
  PID:7212
- C:\Windows\System\HOXrcYa.exe
  C:\Windows\System\HOXrcYa.exe
  2⤵
  PID:7660
- C:\Windows\System\UqCzPeb.exe
  C:\Windows\System\UqCzPeb.exe
  2⤵
  PID:7460
- C:\Windows\System\mDYnMZs.exe
  C:\Windows\System\mDYnMZs.exe
  2⤵
  PID:7036
- C:\Windows\System\jHqrwmm.exe
  C:\Windows\System\jHqrwmm.exe
  2⤵
  PID:8020
- C:\Windows\System\eHaBlpR.exe
  C:\Windows\System\eHaBlpR.exe
  2⤵
  PID:8008
- C:\Windows\System\LeOWgCA.exe
  C:\Windows\System\LeOWgCA.exe
  2⤵
  PID:7876
- C:\Windows\System\leNQGxy.exe
  C:\Windows\System\leNQGxy.exe
  2⤵
  PID:7340
- C:\Windows\System\cPQqGDn.exe
  C:\Windows\System\cPQqGDn.exe
  2⤵
  PID:7920
- C:\Windows\System\ltbjNir.exe
  C:\Windows\System\ltbjNir.exe
  2⤵
  PID:7428
- C:\Windows\System\nQyYPfE.exe
  C:\Windows\System\nQyYPfE.exe
  2⤵
  PID:7860
- C:\Windows\System\McqeGoi.exe
  C:\Windows\System\McqeGoi.exe
  2⤵
  PID:7664
- C:\Windows\System\aVEmvUN.exe
  C:\Windows\System\aVEmvUN.exe
  2⤵
  PID:7640
- C:\Windows\System\arnhylX.exe
  C:\Windows\System\arnhylX.exe
  2⤵
  PID:7580
- C:\Windows\System\ovuwxIO.exe
  C:\Windows\System\ovuwxIO.exe
  2⤵
  PID:7872
- C:\Windows\System\nyNRApx.exe
  C:\Windows\System\nyNRApx.exe
  2⤵
  PID:8216
- C:\Windows\System\aSnaHuN.exe
  C:\Windows\System\aSnaHuN.exe
  2⤵
  PID:8232
- C:\Windows\System\lxZMOTQ.exe
  C:\Windows\System\lxZMOTQ.exe
  2⤵
  PID:8252
- C:\Windows\System\SvmAmiw.exe
  C:\Windows\System\SvmAmiw.exe
  2⤵
  PID:8268
- C:\Windows\System\XibCdec.exe
  C:\Windows\System\XibCdec.exe
  2⤵
  PID:8284
- C:\Windows\System\kJLXNxd.exe
  C:\Windows\System\kJLXNxd.exe
  2⤵
  PID:8300
- C:\Windows\System\lXEJRXg.exe
  C:\Windows\System\lXEJRXg.exe
  2⤵
  PID:8328
- C:\Windows\System\GnlSLCW.exe
  C:\Windows\System\GnlSLCW.exe
  2⤵
  PID:8344
- C:\Windows\System\xUaqMES.exe
  C:\Windows\System\xUaqMES.exe
  2⤵
  PID:8364
- C:\Windows\System\WWyRRYU.exe
  C:\Windows\System\WWyRRYU.exe
  2⤵
  PID:8380
- C:\Windows\System\mXfFFck.exe
  C:\Windows\System\mXfFFck.exe
  2⤵
  PID:8400
- C:\Windows\System\PVQBfGG.exe
  C:\Windows\System\PVQBfGG.exe
  2⤵
  PID:8420
- C:\Windows\System\ZPtHlsm.exe
  C:\Windows\System\ZPtHlsm.exe
  2⤵
  PID:8448
- C:\Windows\System\GBpgUhc.exe
  C:\Windows\System\GBpgUhc.exe
  2⤵
  PID:8476
- C:\Windows\System\gwFUvse.exe
  C:\Windows\System\gwFUvse.exe
  2⤵
  PID:8496
- C:\Windows\System\wJRRzWl.exe
  C:\Windows\System\wJRRzWl.exe
  2⤵
  PID:8512
- C:\Windows\System\epOwxwX.exe
  C:\Windows\System\epOwxwX.exe
  2⤵
  PID:8532
- C:\Windows\System\kRnxZUC.exe
  C:\Windows\System\kRnxZUC.exe
  2⤵
  PID:8564
- C:\Windows\System\SJBNFWL.exe
  C:\Windows\System\SJBNFWL.exe
  2⤵
  PID:8600
- C:\Windows\System\basKNKC.exe
  C:\Windows\System\basKNKC.exe
  2⤵
  PID:8628
- C:\Windows\System\YYwNJjW.exe
  C:\Windows\System\YYwNJjW.exe
  2⤵
  PID:8644
- C:\Windows\System\JUywzYB.exe
  C:\Windows\System\JUywzYB.exe
  2⤵
  PID:8664
- C:\Windows\System\HSHgGxa.exe
  C:\Windows\System\HSHgGxa.exe
  2⤵
  PID:8688
- C:\Windows\System\FMXuwqQ.exe
  C:\Windows\System\FMXuwqQ.exe
  2⤵
  PID:8712
- C:\Windows\System\qrIEBJl.exe
  C:\Windows\System\qrIEBJl.exe
  2⤵
  PID:8732
- C:\Windows\System\zyvCxit.exe
  C:\Windows\System\zyvCxit.exe
  2⤵
  PID:8748
- C:\Windows\System\zsMreih.exe
  C:\Windows\System\zsMreih.exe
  2⤵
  PID:8768
- C:\Windows\System\hAataHG.exe
  C:\Windows\System\hAataHG.exe
  2⤵
  PID:8784
- C:\Windows\System\OumDgcM.exe
  C:\Windows\System\OumDgcM.exe
  2⤵
  PID:8800
- C:\Windows\System\cyIzPIt.exe
  C:\Windows\System\cyIzPIt.exe
  2⤵
  PID:8824
- C:\Windows\System\jMMiycP.exe
  C:\Windows\System\jMMiycP.exe
  2⤵
  PID:8856
- C:\Windows\System\VHKXQRL.exe
  C:\Windows\System\VHKXQRL.exe
  2⤵
  PID:8876
- C:\Windows\System\LUuArjX.exe
  C:\Windows\System\LUuArjX.exe
  2⤵
  PID:8896
- C:\Windows\System\yaIzhhp.exe
  C:\Windows\System\yaIzhhp.exe
  2⤵
  PID:8912
- C:\Windows\System\ILIiMvG.exe
  C:\Windows\System\ILIiMvG.exe
  2⤵
  PID:8928
- C:\Windows\System\fEWrkKd.exe
  C:\Windows\System\fEWrkKd.exe
  2⤵
  PID:8960
- C:\Windows\System\pTPIGhx.exe
  C:\Windows\System\pTPIGhx.exe
  2⤵
  PID:8976
- C:\Windows\System\PIuHSJK.exe
  C:\Windows\System\PIuHSJK.exe
  2⤵
  PID:8996
- C:\Windows\System\lFNnaeo.exe
  C:\Windows\System\lFNnaeo.exe
  2⤵
  PID:9016
- C:\Windows\System\hkIrsaw.exe
  C:\Windows\System\hkIrsaw.exe
  2⤵
  PID:9040
- C:\Windows\System\fJdQRUI.exe
  C:\Windows\System\fJdQRUI.exe
  2⤵
  PID:9060
- C:\Windows\System\kRFdZDa.exe
  C:\Windows\System\kRFdZDa.exe
  2⤵
  PID:9080
- C:\Windows\System\UiacGQz.exe
  C:\Windows\System\UiacGQz.exe
  2⤵
  PID:9100
- C:\Windows\System\gBYImNf.exe
  C:\Windows\System\gBYImNf.exe
  2⤵
  PID:9116
- C:\Windows\System\HDNJsin.exe
  C:\Windows\System\HDNJsin.exe
  2⤵
  PID:9140
- C:\Windows\System\UVTmxFl.exe
  C:\Windows\System\UVTmxFl.exe
  2⤵
  PID:9156
- C:\Windows\System\rRIAqSn.exe
  C:\Windows\System\rRIAqSn.exe
  2⤵
  PID:9180
- C:\Windows\System\wluRugq.exe
  C:\Windows\System\wluRugq.exe
  2⤵
  PID:9196
- C:\Windows\System\xPoRMzC.exe
  C:\Windows\System\xPoRMzC.exe
  2⤵
  PID:9212
- C:\Windows\System\lQmtaPz.exe
  C:\Windows\System\lQmtaPz.exe
  2⤵
  PID:7780
- C:\Windows\System\hGSogPf.exe
  C:\Windows\System\hGSogPf.exe
  2⤵
  PID:8248
- C:\Windows\System\DEvnbUF.exe
  C:\Windows\System\DEvnbUF.exe
  2⤵
  PID:8308
- C:\Windows\System\xArOKCx.exe
  C:\Windows\System\xArOKCx.exe
  2⤵
  PID:8352
- C:\Windows\System\HgHnltq.exe
  C:\Windows\System\HgHnltq.exe
  2⤵
  PID:8392
- C:\Windows\System\DDkKAAJ.exe
  C:\Windows\System\DDkKAAJ.exe
  2⤵
  PID:8224
- C:\Windows\System\pNyYsTs.exe
  C:\Windows\System\pNyYsTs.exe
  2⤵
  PID:8372
- C:\Windows\System\QHcAPot.exe
  C:\Windows\System\QHcAPot.exe
  2⤵
  PID:8456
- C:\Windows\System\JnhsRhO.exe
  C:\Windows\System\JnhsRhO.exe
  2⤵
  PID:8520
- C:\Windows\System\WFxiRMK.exe
  C:\Windows\System\WFxiRMK.exe
  2⤵
  PID:8572
- C:\Windows\System\Bvazaem.exe
  C:\Windows\System\Bvazaem.exe
  2⤵
  PID:8552
- C:\Windows\System\aJRpjHe.exe
  C:\Windows\System\aJRpjHe.exe
  2⤵
  PID:8596
- C:\Windows\System\axgsMKf.exe
  C:\Windows\System\axgsMKf.exe
  2⤵
  PID:8620
- C:\Windows\System\AZNGUHG.exe
  C:\Windows\System\AZNGUHG.exe
  2⤵
  PID:8640
- C:\Windows\System\FMVttQt.exe
  C:\Windows\System\FMVttQt.exe
  2⤵
  PID:8676
- C:\Windows\System\EcrlVxF.exe
  C:\Windows\System\EcrlVxF.exe
  2⤵
  PID:8700
- C:\Windows\System\sngWgTr.exe
  C:\Windows\System\sngWgTr.exe
  2⤵
  PID:8756
- C:\Windows\System\ActShgA.exe
  C:\Windows\System\ActShgA.exe
  2⤵
  PID:8820
- C:\Windows\System\pceyoDN.exe
  C:\Windows\System\pceyoDN.exe
  2⤵
  PID:8836
- C:\Windows\System\hdoHHFB.exe
  C:\Windows\System\hdoHHFB.exe
  2⤵
  PID:8852
- C:\Windows\System\AHIvktg.exe
  C:\Windows\System\AHIvktg.exe
  2⤵
  PID:8892
- C:\Windows\System\qvOZzOT.exe
  C:\Windows\System\qvOZzOT.exe
  2⤵
  PID:8924
- C:\Windows\System\PWfAoos.exe
  C:\Windows\System\PWfAoos.exe
  2⤵
  PID:8948
- C:\Windows\System\lQDPYKk.exe
  C:\Windows\System\lQDPYKk.exe
  2⤵
  PID:8988
- C:\Windows\System\ApScocM.exe
  C:\Windows\System\ApScocM.exe
  2⤵
  PID:9032
- C:\Windows\System\BhYexmg.exe
  C:\Windows\System\BhYexmg.exe
  2⤵
  PID:9068
- C:\Windows\System\lFRfJBD.exe
  C:\Windows\System\lFRfJBD.exe
  2⤵
  PID:9096
- C:\Windows\System\wihWqcj.exe
  C:\Windows\System\wihWqcj.exe
  2⤵
  PID:9112
- C:\Windows\System\blHuikj.exe
  C:\Windows\System\blHuikj.exe
  2⤵
  PID:9148
- C:\Windows\System\YHFKEHV.exe
  C:\Windows\System\YHFKEHV.exe
  2⤵
  PID:9188
- C:\Windows\System\JIcftob.exe
  C:\Windows\System\JIcftob.exe
  2⤵
  PID:8212
- C:\Windows\System\HtkhUSO.exe
  C:\Windows\System\HtkhUSO.exe
  2⤵
  PID:8280
- C:\Windows\System\uPtEmfX.exe
  C:\Windows\System\uPtEmfX.exe
  2⤵
  PID:8228
- C:\Windows\System\PAsvRRd.exe
  C:\Windows\System\PAsvRRd.exe
  2⤵
  PID:8264
- C:\Windows\System\OYxVSkS.exe
  C:\Windows\System\OYxVSkS.exe
  2⤵
  PID:8296
- C:\Windows\System\lmVBhDu.exe
  C:\Windows\System\lmVBhDu.exe
  2⤵
  PID:8544
- C:\Windows\System\iuALuRr.exe
  C:\Windows\System\iuALuRr.exe
  2⤵
  PID:8556
- C:\Windows\System\yvohrPm.exe
  C:\Windows\System\yvohrPm.exe
  2⤵
  PID:8616
- C:\Windows\System\HpSBMnR.exe
  C:\Windows\System\HpSBMnR.exe
  2⤵
  PID:8672
- C:\Windows\System\ArbxqAh.exe
  C:\Windows\System\ArbxqAh.exe
  2⤵
  PID:8608
- C:\Windows\System\BQHcjnM.exe
  C:\Windows\System\BQHcjnM.exe
  2⤵
  PID:8812
- C:\Windows\System\RYAeoZj.exe
  C:\Windows\System\RYAeoZj.exe
  2⤵
  PID:8660
- C:\Windows\System\lRWgMFM.exe
  C:\Windows\System\lRWgMFM.exe
  2⤵
  PID:8888
- C:\Windows\System\nfSoyQq.exe
  C:\Windows\System\nfSoyQq.exe
  2⤵
  PID:8956
- C:\Windows\System\yFvKUys.exe
  C:\Windows\System\yFvKUys.exe
  2⤵
  PID:8944
- C:\Windows\System\yCvhweU.exe
  C:\Windows\System\yCvhweU.exe
  2⤵
  PID:9012
- C:\Windows\System\DurbjTw.exe
  C:\Windows\System\DurbjTw.exe
  2⤵
  PID:9072
- C:\Windows\System\KuKzaha.exe
  C:\Windows\System\KuKzaha.exe
  2⤵
  PID:9176
- C:\Windows\System\LWhxTwN.exe
  C:\Windows\System\LWhxTwN.exe
  2⤵
  PID:8436
- C:\Windows\System\msIVHBr.exe
  C:\Windows\System\msIVHBr.exe
  2⤵
  PID:9208
- C:\Windows\System\uZGIGUX.exe
  C:\Windows\System\uZGIGUX.exe
  2⤵
  PID:8336
- C:\Windows\System\tEiNXbK.exe
  C:\Windows\System\tEiNXbK.exe
  2⤵
  PID:8492
- C:\Windows\System\UTomffn.exe
  C:\Windows\System\UTomffn.exe
  2⤵
  PID:8588
- C:\Windows\System\YmFrice.exe
  C:\Windows\System\YmFrice.exe
  2⤵
  PID:8696
- C:\Windows\System\hCiSRfC.exe
  C:\Windows\System\hCiSRfC.exe
  2⤵
  PID:8764
- C:\Windows\System\CAMXpCC.exe
  C:\Windows\System\CAMXpCC.exe
  2⤵
  PID:8920
- C:\Windows\System\tKPIXSy.exe
  C:\Windows\System\tKPIXSy.exe
  2⤵
  PID:9108
- C:\Windows\System\EhsIVEW.exe
  C:\Windows\System\EhsIVEW.exe
  2⤵
  PID:9036
- C:\Windows\System\oCwujfb.exe
  C:\Windows\System\oCwujfb.exe
  2⤵
  PID:8984
- C:\Windows\System\FJVCCXF.exe
  C:\Windows\System\FJVCCXF.exe
  2⤵
  PID:9164
- C:\Windows\System\wMtFnbB.exe
  C:\Windows\System\wMtFnbB.exe
  2⤵
  PID:8340
- C:\Windows\System\HUYQoeo.exe
  C:\Windows\System\HUYQoeo.exe
  2⤵
  PID:8416
- C:\Windows\System\uhumLge.exe
  C:\Windows\System\uhumLge.exe
  2⤵
  PID:8908
- C:\Windows\System\DnTRBeX.exe
  C:\Windows\System\DnTRBeX.exe
  2⤵
  PID:8792
- C:\Windows\System\zCkvYHK.exe
  C:\Windows\System\zCkvYHK.exe
  2⤵
  PID:8720
- C:\Windows\System\BwRioRJ.exe
  C:\Windows\System\BwRioRJ.exe
  2⤵
  PID:8412
- C:\Windows\System\XatTljP.exe
  C:\Windows\System\XatTljP.exe
  2⤵
  PID:9024
- C:\Windows\System\NMqSCFR.exe
  C:\Windows\System\NMqSCFR.exe
  2⤵
  PID:8428
- C:\Windows\System\SuGBibn.exe
  C:\Windows\System\SuGBibn.exe
  2⤵
  PID:8656
- C:\Windows\System\VanXkRc.exe
  C:\Windows\System\VanXkRc.exe
  2⤵
  PID:9124
- C:\Windows\System\WpUJkvO.exe
  C:\Windows\System\WpUJkvO.exe
  2⤵
  PID:8808
- C:\Windows\System\xbrqkvh.exe
  C:\Windows\System\xbrqkvh.exe
  2⤵
  PID:8952
- C:\Windows\System\tobWSso.exe
  C:\Windows\System\tobWSso.exe
  2⤵
  PID:8844
- C:\Windows\System\FGnveqn.exe
  C:\Windows\System\FGnveqn.exe
  2⤵
  PID:8584
- C:\Windows\System\YWtuULM.exe
  C:\Windows\System\YWtuULM.exe
  2⤵
  PID:9220
- C:\Windows\System\HPtYuve.exe
  C:\Windows\System\HPtYuve.exe
  2⤵
  PID:9236
- C:\Windows\System\vPjVmzO.exe
  C:\Windows\System\vPjVmzO.exe
  2⤵
  PID:9260
- C:\Windows\System\HHMknKR.exe
  C:\Windows\System\HHMknKR.exe
  2⤵
  PID:9280
- C:\Windows\System\sEPJGAd.exe
  C:\Windows\System\sEPJGAd.exe
  2⤵
  PID:9296
- C:\Windows\System\YclDmMf.exe
  C:\Windows\System\YclDmMf.exe
  2⤵
  PID:9316
- C:\Windows\System\JExyvHL.exe
  C:\Windows\System\JExyvHL.exe
  2⤵
  PID:9344
- C:\Windows\System\RwRXIJq.exe
  C:\Windows\System\RwRXIJq.exe
  2⤵
  PID:9360
- C:\Windows\System\kxvgQSV.exe
  C:\Windows\System\kxvgQSV.exe
  2⤵
  PID:9376
- C:\Windows\System\abqoXzC.exe
  C:\Windows\System\abqoXzC.exe
  2⤵
  PID:9392
- C:\Windows\System\KPgFrhn.exe
  C:\Windows\System\KPgFrhn.exe
  2⤵
  PID:9420
- C:\Windows\System\TGClKHp.exe
  C:\Windows\System\TGClKHp.exe
  2⤵
  PID:9448
- C:\Windows\System\mjtJFlT.exe
  C:\Windows\System\mjtJFlT.exe
  2⤵
  PID:9468
- C:\Windows\System\GtGLYoP.exe
  C:\Windows\System\GtGLYoP.exe
  2⤵
  PID:9484
- C:\Windows\System\WHiDSNz.exe
  C:\Windows\System\WHiDSNz.exe
  2⤵
  PID:9504
- C:\Windows\System\yOnCVLp.exe
  C:\Windows\System\yOnCVLp.exe
  2⤵
  PID:9520
- C:\Windows\System\bsXVxqT.exe
  C:\Windows\System\bsXVxqT.exe
  2⤵
  PID:9540
- C:\Windows\System\XYCpJuC.exe
  C:\Windows\System\XYCpJuC.exe
  2⤵
  PID:9556
- C:\Windows\System\bLhqVGg.exe
  C:\Windows\System\bLhqVGg.exe
  2⤵
  PID:9572
- C:\Windows\System\kKVrkYj.exe
  C:\Windows\System\kKVrkYj.exe
  2⤵
  PID:9596
- C:\Windows\System\YgyrEeR.exe
  C:\Windows\System\YgyrEeR.exe
  2⤵
  PID:9612
- C:\Windows\System\SyNwrAi.exe
  C:\Windows\System\SyNwrAi.exe
  2⤵
  PID:9636
- C:\Windows\System\BBAAxMA.exe
  C:\Windows\System\BBAAxMA.exe
  2⤵
  PID:9652
- C:\Windows\System\PJaXxzI.exe
  C:\Windows\System\PJaXxzI.exe
  2⤵
  PID:9668
- C:\Windows\System\amPfBwZ.exe
  C:\Windows\System\amPfBwZ.exe
  2⤵
  PID:9688
- C:\Windows\System\ThbmUhq.exe
  C:\Windows\System\ThbmUhq.exe
  2⤵
  PID:9704
- C:\Windows\System\OBJUBdv.exe
  C:\Windows\System\OBJUBdv.exe
  2⤵
  PID:9732
- C:\Windows\System\WYiTHyt.exe
  C:\Windows\System\WYiTHyt.exe
  2⤵
  PID:9752
- C:\Windows\System\qllAEHj.exe
  C:\Windows\System\qllAEHj.exe
  2⤵
  PID:9772
- C:\Windows\System\otdpTmZ.exe
  C:\Windows\System\otdpTmZ.exe
  2⤵
  PID:9788
- C:\Windows\System\QqoOvwu.exe
  C:\Windows\System\QqoOvwu.exe
  2⤵
  PID:9816
- C:\Windows\System\NyPayJW.exe
  C:\Windows\System\NyPayJW.exe
  2⤵
  PID:9856
- C:\Windows\System\liXnpAZ.exe
  C:\Windows\System\liXnpAZ.exe
  2⤵
  PID:9872
- C:\Windows\System\NZOxLlH.exe
  C:\Windows\System\NZOxLlH.exe
  2⤵
  PID:9888
- C:\Windows\System\rVmoCfI.exe
  C:\Windows\System\rVmoCfI.exe
  2⤵
  PID:9916
- C:\Windows\System\dcaFtWo.exe
  C:\Windows\System\dcaFtWo.exe
  2⤵
  PID:9932
- C:\Windows\System\MWWiaVX.exe
  C:\Windows\System\MWWiaVX.exe
  2⤵
  PID:9956
- C:\Windows\System\arxhJqP.exe
  C:\Windows\System\arxhJqP.exe
  2⤵
  PID:9972
- C:\Windows\System\lToEwMH.exe
  C:\Windows\System\lToEwMH.exe
  2⤵
  PID:9992
- C:\Windows\System\xnffqWF.exe
  C:\Windows\System\xnffqWF.exe
  2⤵
  PID:10012
- C:\Windows\System\hdcxXol.exe
  C:\Windows\System\hdcxXol.exe
  2⤵
  PID:10032
- C:\Windows\System\scyTLze.exe
  C:\Windows\System\scyTLze.exe
  2⤵
  PID:10052
- C:\Windows\System\XEtoolh.exe
  C:\Windows\System\XEtoolh.exe
  2⤵
  PID:10076
- C:\Windows\System\sfLcVYk.exe
  C:\Windows\System\sfLcVYk.exe
  2⤵
  PID:10092
- C:\Windows\System\LJTgbdK.exe
  C:\Windows\System\LJTgbdK.exe
  2⤵
  PID:10108
- C:\Windows\System\aofBVou.exe
  C:\Windows\System\aofBVou.exe
  2⤵
  PID:10136
- C:\Windows\System\xurTgqM.exe
  C:\Windows\System\xurTgqM.exe
  2⤵
  PID:10156
- C:\Windows\System\eKREnfh.exe
  C:\Windows\System\eKREnfh.exe
  2⤵
  PID:10172
- C:\Windows\System\crYhyjb.exe
  C:\Windows\System\crYhyjb.exe
  2⤵
  PID:10192
- C:\Windows\System\QLfnyZi.exe
  C:\Windows\System\QLfnyZi.exe
  2⤵
  PID:10208
- C:\Windows\System\blCPyJT.exe
  C:\Windows\System\blCPyJT.exe
  2⤵
  PID:10224
- C:\Windows\System\jqgEUcc.exe
  C:\Windows\System\jqgEUcc.exe
  2⤵
  PID:9228
- C:\Windows\System\myyKwLH.exe
  C:\Windows\System\myyKwLH.exe
  2⤵
  PID:9276
- C:\Windows\System\ERyXyKu.exe
  C:\Windows\System\ERyXyKu.exe
  2⤵
  PID:9304
- C:\Windows\System\WzgZQdk.exe
  C:\Windows\System\WzgZQdk.exe
  2⤵
  PID:9340
- C:\Windows\System\kHPscmc.exe
  C:\Windows\System\kHPscmc.exe
  2⤵
  PID:9384
- C:\Windows\System\rEnElso.exe
  C:\Windows\System\rEnElso.exe
  2⤵
  PID:9416
- C:\Windows\System\YMPHIFI.exe
  C:\Windows\System\YMPHIFI.exe
  2⤵
  PID:9400
- C:\Windows\System\OKhNktq.exe
  C:\Windows\System\OKhNktq.exe
  2⤵
  PID:9464
- C:\Windows\System\GhXtbrn.exe
  C:\Windows\System\GhXtbrn.exe
  2⤵
  PID:9532
- C:\Windows\System\grCFlcw.exe
  C:\Windows\System\grCFlcw.exe
  2⤵
  PID:9548
- C:\Windows\System\ljdzyyW.exe
  C:\Windows\System\ljdzyyW.exe
  2⤵
  PID:9588
- C:\Windows\System\OYbFFVd.exe
  C:\Windows\System\OYbFFVd.exe
  2⤵
  PID:9660
- C:\Windows\System\CAkPyjk.exe
  C:\Windows\System\CAkPyjk.exe
  2⤵
  PID:9740
- C:\Windows\System\ydQKHRc.exe
  C:\Windows\System\ydQKHRc.exe
  2⤵
  PID:9680
- C:\Windows\System\BYmrsZV.exe
  C:\Windows\System\BYmrsZV.exe
  2⤵
  PID:9724
- C:\Windows\System\yWVsbUn.exe
  C:\Windows\System\yWVsbUn.exe
  2⤵
  PID:9744
- C:\Windows\System\OEsypLq.exe
  C:\Windows\System\OEsypLq.exe
  2⤵
  PID:9796
- C:\Windows\System\iQIDyja.exe
  C:\Windows\System\iQIDyja.exe
  2⤵
  PID:9800
- C:\Windows\System\RJhIbfK.exe
  C:\Windows\System\RJhIbfK.exe
  2⤵
  PID:9836
- C:\Windows\System\nYErRMj.exe
  C:\Windows\System\nYErRMj.exe
  2⤵
  PID:9880
- C:\Windows\System\ciLSgaI.exe
  C:\Windows\System\ciLSgaI.exe
  2⤵
  PID:9904
- C:\Windows\System\LyZchWD.exe
  C:\Windows\System\LyZchWD.exe
  2⤵
  PID:9924
- C:\Windows\System\cdBimeO.exe
  C:\Windows\System\cdBimeO.exe
  2⤵
  PID:9980
- C:\Windows\System\GlibShr.exe
  C:\Windows\System\GlibShr.exe
  2⤵
  PID:10008
- C:\Windows\System\xQySvmO.exe
  C:\Windows\System\xQySvmO.exe
  2⤵
  PID:10028
- C:\Windows\System\nVCwiWL.exe
  C:\Windows\System\nVCwiWL.exe
  2⤵
  PID:10100
- C:\Windows\System\KJJuoZf.exe
  C:\Windows\System\KJJuoZf.exe
  2⤵
  PID:10116
- C:\Windows\System\pZgEFNh.exe
  C:\Windows\System\pZgEFNh.exe
  2⤵
  PID:10168
- C:\Windows\System\IQmlSQa.exe
  C:\Windows\System\IQmlSQa.exe
  2⤵
  PID:10180
- C:\Windows\System\KyDoTZL.exe
  C:\Windows\System\KyDoTZL.exe
  2⤵
  PID:10148
- C:\Windows\System\tOYNeVN.exe
  C:\Windows\System\tOYNeVN.exe
  2⤵
  PID:8972
- C:\Windows\System\ZjqxPEC.exe
  C:\Windows\System\ZjqxPEC.exe
  2⤵
  PID:9052
- C:\Windows\System\oUmaRWB.exe
  C:\Windows\System\oUmaRWB.exe
  2⤵
  PID:9352
- C:\Windows\System\ZHeWrfk.exe
  C:\Windows\System\ZHeWrfk.exe
  2⤵
  PID:9368
- C:\Windows\System\XUCuexf.exe
  C:\Windows\System\XUCuexf.exe
  2⤵
  PID:9404
- C:\Windows\System\kiUZKDU.exe
  C:\Windows\System\kiUZKDU.exe
  2⤵
  PID:9476
- C:\Windows\System\ITLZqcj.exe
  C:\Windows\System\ITLZqcj.exe
  2⤵
  PID:9480
- C:\Windows\System\aTObeGg.exe
  C:\Windows\System\aTObeGg.exe
  2⤵
  PID:9632
- C:\Windows\System\smGfJgJ.exe
  C:\Windows\System\smGfJgJ.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AiGSnZV.exe

Filesize
6.0MB

MD5
c547d5f0455b6054b515871743cdd9f4

SHA1
e21b4ac7e8dd2205089be59d6a524b00cf3fa012

SHA256
70a5aa0c0f8b0eed084ec38a63b266b7e0827f00033d7e1947e734a3f7f7013f

SHA512
c8e6cdc18847cdb7eaf701ca11ce084ef05a736583280e11c0c063dd7dba33a4bf2e5faf190d9d1cf6a2b716b0b3a3b259b7218ef4699754b9584946f95c481b

Download Submit
C:\Windows\system\BRMGRem.exe

Filesize
6.0MB

MD5
d3b06ae3dcc72f3e038a983299f9d7f7

SHA1
da9ed2b5074eeaf5e9b29a0044f0afbed3a7214c

SHA256
6b5dab05e4195a789dc3718bc27f81a92e8ce65a6eb653c7b6e7ce6a217f7548

SHA512
708b1bb41838047227c61e9f47da515d752ae7857a8263b34f8683ac0bc22bbbb141bd1d30f2950d033b33f6ce0c7a3d30448cbf4fa59b826212be9224203a9c

Download Submit
C:\Windows\system\FlSKXLR.exe

Filesize
6.0MB

MD5
b695eb603c92ae528e5b2ae1cd90e9ed

SHA1
cd8fe1ac8a8e31a0b0f1576776a2ac433435593e

SHA256
1f33e8afd2cc270dc93ed385d7727ec599a5caa9c9c54e0264b191be5079a2ae

SHA512
7010902586ad0a4f0ad12d759c96774a0ca1b62c3fde91a9f84f2a27f39a022cf7900aceb06b1f35810afc1dd77b0b2dbff580846142a15a33e6c9bf7ec7eb7a

Download Submit
C:\Windows\system\GJTVAqO.exe

Filesize
6.0MB

MD5
e02b8fc29bd958d23af9357c997d0a89

SHA1
88ea1213b16d0cca2ef68d9fc8be8d267232a9b1

SHA256
1387e6ec55c8a27e840b7cb16fba49f92940e3e2e7b55561d871b0da26397b91

SHA512
7146d2a584c6f93567ed55fd6b67e4d573ae88fb13d9eba829a5a788690acc4062180fdafa326a8ffda71b9b7e67ded40613a4972c3ac5441d5a5f714c19d727

Download Submit
C:\Windows\system\IsSTmJA.exe

Filesize
6.0MB

MD5
7731c989a593edf15b86dd456ee12930

SHA1
d7ccaad247a1b9995e65ea9d573d300a1460a4fd

SHA256
74d8a61f3c81bbda9922226a20e2a8ebf3567e75e06cf1541921793bc9b294f9

SHA512
18c779ebee6c8fee92933c91dc4fda2b201e8d809b4bef2aef820413e42d860653e18f72a0deb23cbf830f1bcb26e72eb7a79697344a4b224b809555c305053b

Download Submit
C:\Windows\system\KadVlHO.exe

Filesize
6.0MB

MD5
cb56241c7e73437e7f51b6c89f9e5bd8

SHA1
b3c91645abe9add63d43cbfeeaa7adbe60925a76

SHA256
cf69d9347a163b70c27679c0b30c7738107021cffd9052d7155bdce671e0ee2b

SHA512
363c2751816c64ccad65b1bd75aa1387592c880393ef5c2a0ee98bfc899beef6bd6a27fb8df2920880c59c39f7181fa7765349c5766c1713501309c3932ff8f9

Download Submit
C:\Windows\system\MOkAfhe.exe

Filesize
6.0MB

MD5
db2788241591b68332359d63867bd897

SHA1
32c940abb6b55423a0af8ae87d3ce25e3e42d12e

SHA256
b830808ec99d673fe9c44cc67a04aed4109408573780b3ce0a923fd2b2c1b266

SHA512
26d20f30ecaa51390099bae8b01d59c754ad040e32e7a43123b31931e35950d169c7f365473a65e4b9e58481755ff8d297fb478a6d3c576499a66cd008975b20

Download Submit
C:\Windows\system\MiAKNev.exe

Filesize
6.0MB

MD5
77c0afd49f93f1fc578f5a42ec154a3d

SHA1
b9e548fa8f2928caa811c306f31d6243b8fe2c4f

SHA256
4a322b5b007b4e8df03041293ee5df878ec90745b908074c6eda5de842beb0f5

SHA512
ce66dcec8a233d6ce039a650e2559796ba41b0f5ab8b988c1b3dbc6d829852920ddf173019d0f8dfc5f1646fa0ecd575e1b4a270ae972b0ae8a57f2dc0250914

Download Submit
C:\Windows\system\MqNxYeA.exe

Filesize
6.0MB

MD5
3ae81df9e41b59c833591b3d2d94b389

SHA1
5d016954698e34b599b345e21be55418fd14c487

SHA256
92ba1bba7d69272df300134d08570700b72e8d2cec79343f5f9c827724eb3e6f

SHA512
95b37e6fc602aecfda8f42940e45ee38344d90ab81de0403b9a464edeb9546fbbb6264535880fc674d5d54218c5ba71fc59ce42976441eb1e25cdd320f97d6e0

Download Submit
C:\Windows\system\OwJJzih.exe

Filesize
6.0MB

MD5
33a86f3d5183475828089468db40c9ed

SHA1
972862798676c42a369885fc6d3448c387b00356

SHA256
320e45eda8aac8abe2344f9e930d2a1751a329dfbf6291e965c12cc1d54ddbe5

SHA512
180842cf59a3165e4e654127e12462556f6a0a18de9b7a32ece1c53d8dd09e94e0c41a3ab4319793d0904003e1a7f9ffd71c0bc0db47622bfe5d0336d2848678

Download Submit
C:\Windows\system\QRbnyLp.exe

Filesize
6.0MB

MD5
61a261477489e1440881b292f118ebcc

SHA1
b63827bff1130933a4051a7c442bc856c2b70385

SHA256
d2a7482bd8b12c01bbeef1dfb07defb3c17f9d2c4224f98932831589a16207b9

SHA512
dff29443e91d7ebdd523c6a19998121f044b75c5ea8fc71aa7e780c299bebae5c4f6262c9e888f39cc943917d3932a8cdecea87de166a7cfbdc7296f0c841a6a

Download Submit
C:\Windows\system\SHBhjJK.exe

Filesize
6.0MB

MD5
b21c1f33695c47c686de57b19783938b

SHA1
39a6c459aca0428a5ca74425b9c37a6c47089519

SHA256
6eb489c1c1cad00b2122bb0056889500837057bd311eee65081b296f49eaac4a

SHA512
b6f2256b890419f444064e4fe00d0d750794f85374d82f2d9f50f2a5a2498ea7c506a9365cb8097e2abc7b85f65f04ef43c606c48e36949f79a701d7bf37704c

Download Submit
C:\Windows\system\VVkFZJG.exe

Filesize
6.0MB

MD5
979edad821344efdc9bfb7552b934b83

SHA1
7137a6cbddd1cec7950c3d45d1e2239d6d976944

SHA256
a961ab1aef26f53c3b79f508fe02f33ab5c599ec48b62b7ffea1ccee7431f1e9

SHA512
f3dd6b0f449abd07ff8f5302ccc939eb69119629ba2b3b06979189d335bc9dd596f436e1ec0d80c29bd11d9560eb0b198d11f49b64dde2a1b946f2dc76545cce

Download Submit
C:\Windows\system\XJThqjq.exe

Filesize
6.0MB

MD5
dedefbb4c18b3b83fecc8a89bacb3bf4

SHA1
ba32cb951853f1ada83ebcad8918dd5a2aad773b

SHA256
6f824f17b293575d5f0fa1822973c0b10fb88fce5cb8c8e3f6e5ac4cf6e18d21

SHA512
d9fa58806902aef58b955b2bc420c2ffa9515df63d39af21aa0da5d7aa8622629be9b2070b323d6bce41a6ee3dc42d802366fb9b122d236814b3645de3f8b669

Download Submit
C:\Windows\system\hZZIslI.exe

Filesize
6.0MB

MD5
7ef456170673315e760ae4c3b1f1f84a

SHA1
0385b912f1373695dcab344f85483002fed2022b

SHA256
6928218d50561508262f600a565f821597ce88ad9501723c1c32d61e85eda5f7

SHA512
9b482d0523f9689c00d3a9d2eaf4a945dccd6a557793d99599e88fac3a4c4e24bf0858aaa1a7a7d8da0417c8ea31f1597bebf5c8c1a1d2ee884b9324075329a4

Download Submit
C:\Windows\system\ivzcVGF.exe

Filesize
6.0MB

MD5
b1b459bf4cfce35246cd3e0c0048a746

SHA1
fde057aa1f5a40414887a95c5a06ffd10f31be2d

SHA256
ab9cb515ad0513bd03c46669876ff16779d41279452c6720d47812a00256c8ff

SHA512
67e761e931e68d3518462c4d1d3ec0e1b5c8678b541ef0044d173feb36f13351429b9ce5179bf664bf3605c781adeb13ce05d8239257dd095d6e48a8bc64976c

Download Submit
C:\Windows\system\jNcKFZd.exe

Filesize
6.0MB

MD5
48e97e4f121687d5297232c4dac476d7

SHA1
39f2df9c00be8428c81c587169a867bf1df581d1

SHA256
578a0ed69c34a0d71072d55c9e8a06229aab7382e9b1c82868ffae16b5e875d6

SHA512
3d1b73c8e25e96a89b03c56b5e7a9f2bd3faee468ac9ce89d91692f5d281b131b5da7e6ca59effc37e2b53ece06a42411167045c62a224a763548dbd953b12c3

Download Submit
C:\Windows\system\kAGNzRc.exe

Filesize
6.0MB

MD5
11b31c241167ecb647f2ae1e8cd87607

SHA1
4bf27f97d7c7d25113808c064d7d1252f565844b

SHA256
9459519edf271e71ab18de198d595ead2f3ea643ca21acc247b5f95749b7311e

SHA512
2ac2baaa7ebad7fe200516c5c262917987e92d3ef9138eb80e1521549a4ad87277b5f7a8ca1252b3027e4426065737e3e0645d4db2f77100bcdf9b772748871c

Download Submit
C:\Windows\system\kEkfTjk.exe

Filesize
6.0MB

MD5
f298e33848543a06ac96f060b590383a

SHA1
eed51f458ef551d1fe989325bbe57c2a1d6d7d24

SHA256
c82e0b0a69c0e8a6c5785b93b1dbf93f1ed3089d9d4996ae311665ae46ac05eb

SHA512
8444d153e5be6130682b06f998dab89dda1ac66b02974c6aec98edb341a95b26e32d470eae61640665ec79057c0af62d807c527fa02163515526df12f5188ea4

Download Submit
C:\Windows\system\lzkwmZp.exe

Filesize
6.0MB

MD5
12e4f9986ca433466f325a09babb4c69

SHA1
71f7042571513b5b449a2192f5ae39c56e6952fe

SHA256
a712fe1c07aa4060ac0e4d480c2c2882273520e80718324828f76d41d87a51e9

SHA512
638ff380d541ad29066685053c16e3c155d87c3ed7e1b0783eca003cf4b686e9100267885e6f816366a17bf8313971ffd6c81339e43f2345e9186497b5898e80

Download Submit
C:\Windows\system\ooJOahC.exe

Filesize
6.0MB

MD5
8285298819b78415cf90b86940156aa2

SHA1
22b26f4b66c231679a569c0f3b52b824ca8a193c

SHA256
f6ac134114b0ff4d69776ba443eef5b6159413b6a2b322798ef96fd4e1961c33

SHA512
506c3676be7e99ae62baaeafa5e2b9d3b2a1a4be45a3727bf483384d4a7cb02c090389ae4612e4a7567359b83428c9c18e461c8a72a9d33bab02aa7dd890506c

Download Submit
C:\Windows\system\pZDNpnY.exe

Filesize
6.0MB

MD5
ba37ee713693bd8e99a54b818f4b8012

SHA1
8dab22f1e5bb9c3b63ebc800560391aef8a00181

SHA256
0fba974e70ac3bf93b6b8c16b7d287de614231037ad76d15c9428909727d72da

SHA512
b222c998c1a64fde6b03081a1068aebc75ba301dd6e82337c3788f32987631811078a4da12d3afcce3cd46d9b176b3bb7c7e2841782afce0f11a78817893bd4d

Download Submit
C:\Windows\system\sAStXbM.exe

Filesize
6.0MB

MD5
eefb2ac05ee289d0cedec6ab375709b5

SHA1
438f53809151bdb8072ac1b627b9672b3c607a74

SHA256
6deb97fe22a42a991074ccc7f15e229c337e741244b9c6a5cd10deba84585ac5

SHA512
28146feb3a35bca6abfbb831abafa2629912a5ece0349c26d8c98a979025c871a8794ceb6059ae2d8257eb9643e92e91e2b741b29979de89deb9fe5dd19c45a3

Download Submit
C:\Windows\system\sCJeubs.exe

Filesize
6.0MB

MD5
620086459253c05f26fbecaa9e268a2c

SHA1
a77163ffd6947ae2d25a447d578d6dc5b239587a

SHA256
3d065279ddc079bb7a2c1163d69a88c592da757170c8d33bd07a8b9a556bbfb3

SHA512
e4c2c6d066f8960b326ebbe795666043eba2ae0753e8db8a012f3908fdcfe9552e0d5db14de381c762f572f46b2d13e211f5e5df4fd812c1eff5574d4dc10b77

Download Submit
C:\Windows\system\saKATWD.exe

Filesize
6.0MB

MD5
3c13bd5f2c3b9eb58b469b2acf958ad0

SHA1
b26f58462d7d19794b9cbeaa7456980917f6269e

SHA256
af4e1091972a8f0079119f68200b027e5bbb09744e94aca88b9f023b1595602a

SHA512
53da39b1ba8415240241e45fcddae0cf7e7926a7f6aa393f10a5b471334db73c712e5f5f2b233b825f8eb1f4654e3f08948ddcee4096a69761fea426c9bf7d88

Download Submit
C:\Windows\system\vmmmifv.exe

Filesize
6.0MB

MD5
25e083bc2c4ad134d66cf6fb02e2f36c

SHA1
197fb125f5c13f808913579ee0abd3b20ac09b9c

SHA256
0a5d0c87b242899f4f1bf66bc753e643578373df2c34fafa357a11e0438c9ab9

SHA512
916a3aaecd8d93c964887a250145cf7ca945d858d5bc3739a6ffbeafd384eeacb524da89705dee740066a406ad06b8e47e6e2e6246796ac6206946a0a80f083a

Download Submit
C:\Windows\system\xyeypie.exe

Filesize
6.0MB

MD5
5f783f1835599f9d4cf67b733c713b6d

SHA1
8090e2d0578fc46ee72fd1a3be267873be83e587

SHA256
08a1187d1eb8695d747ffe2c29ea41bc5adb582b6cbfa44ef9c3c6b59c0f13ee

SHA512
d4d19e237f1808b5d03851a224ba462b0074a51a8451aa1e3fd57fa5c5d863f005b741af36ddf5e4ae3f657610b7c188a368c306720af11563f373d0f2cb3b24

Download Submit
C:\Windows\system\zPlmapt.exe

Filesize
8B

MD5
1312ab3f058af827ff65b61d149a4aa4

SHA1
284f6b4ea240230cdcc1afc8680922c5ce784131

SHA256
f87d7801a2912ad312dcf82e25017574b4a982ac90af0f1eccf059ee71c9e834

SHA512
a9825ceb3352596af3e2d7569c8c87ccff53a914296c8b84ae3867ad0c19e4d50701061aba2574ec7a1b27f16503e3d05920c299356e11f87824fda0f077e745

Download Submit
\Windows\system\EizOEvS.exe

Filesize
6.0MB

MD5
c95113599c0de4eec3f3b99f8f59b40a

SHA1
09934ca7c774036056b8f958bd0a0a88487034d0

SHA256
90f48eccdc361a368ee07d037c5eaec4be46ebe6841d3e7668b7df901386272d

SHA512
28acd7e9f17d8e6b3d2a715782dc97e04233bab70a9926b8c67e7d5f734f3ade7a14ab7e0273532520c553d6f82435906e91800c5036f0844de7e58b3f0efb79

Download Submit
\Windows\system\IHQCZWa.exe

Filesize
6.0MB

MD5
0a76a017ef446796bc7d728d7c6e5b38

SHA1
e0fc929e3afc7e9bf408f786fd2e9f48356fb12b

SHA256
22f41d2d4a8e9a1933c06cf2f13e75daab37559a5dfa49b5af0605526e4cb65c

SHA512
cd6f94bda35d1151850c18758ab89814d529c31149db58a18daecb35455edc978f55413d2e1ffbbab0466013f64fd81ef454ba7d72c850317c3747da58f80963

Download Submit
\Windows\system\OkbssbT.exe

Filesize
6.0MB

MD5
700e97e8e2c947a52130c5ac00c5a815

SHA1
f5f8ec4a1879586064380573bd1d833323d9be9b

SHA256
4650ffd845b27f9dbdb2206bf61df823ff43eb04219d707ab7e7a2c9b7821313

SHA512
9305f8271799d2d10946088588e2a0206ffc457d2a8bb85a5ed4f00ad251ee43c0ce42a73a5fd5bf0bbd25c2c3897818e92f129e109031cb56e37cc6d7c2ffa6

Download Submit
\Windows\system\fendCsn.exe

Filesize
6.0MB

MD5
6bef3a0762f6fadc60846a677a559ff3

SHA1
767487dc26afe6358bbb1d099b0e656b7f312334

SHA256
3088be953373d3bdcab67e8324013163e77981b9b974a7efd0253e197b5aefb7

SHA512
de461e36d9a7336159ea2d34e4d39faf9f97e7250a6fc8605c976c49dab7b826550a3af1937d378f64207ddad8f1dd101ba212ca08969a74ab23e31a19824144

Download Submit
\Windows\system\zgqWLxC.exe

Filesize
6.0MB

MD5
7ae88fa23f384d31692e55c51c754a7b

SHA1
d04a8d436dc71157a600770ed97888f0a2e49f90

SHA256
dfe157775106a5d76a83561db8e475f2665fb08ec42fc9f6bd26cccc056a0d0a

SHA512
f98fb1c902af980a53568c4d5a7899a86ead39e25d3559ee995fa20832762dd2ad65e1243c9d0a6271ba30f421624b98001d6627f6a452f3fe13b81484eba9cc

Download Submit
memory/836-73-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/836-206-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/836-3269-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-66-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1032-3253-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1032-105-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1528-693-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-3268-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-97-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-37-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1736-3207-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1736-11-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2072-798-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2072-40-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2072-608-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-111-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2072-110-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-12-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-982-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2072-102-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2072-101-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2072-427-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2072-30-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-93-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-92-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-23-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-34-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-45-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-84-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2072-16-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-53-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2072-69-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-61-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2172-27-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-65-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3227-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-96-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3265-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-57-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-56-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-20-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3216-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-14-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2312-4259-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2312-48-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3275-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2580-524-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2580-88-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2588-80-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3285-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2588-388-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2772-106-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2772-892-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3267-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3261-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2796-41-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2796-79-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2816-72-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3241-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3266-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-49-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-87-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download