cobaltstrike | 0aa75022e4aa46944d7e5ea3e282572025e6ab0c5026d3be4bcc488ca2bbbbc0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b2ce04927751649aa8a09052af28e87b
SHA1

c8716c5119cf087a6540367fcecea42026685be7
SHA256

0aa75022e4aa46944d7e5ea3e282572025e6ab0c5026d3be4bcc488ca2bbbbc0
SHA512

460ff7fa079e17b94c2720dc595076d1e26eb683d80037b1921a4ada5038b17c1b6d848ed1c93a618159b0ad7e6b23953ea62a48ef59a602c0ac1b78acb46d65
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cdc-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf1-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d03-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d1a-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c4a-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c51-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cc8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d06-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d21-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d42-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-163.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-160.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-149.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016fdf-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d64-120.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-156.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015c9f-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017079-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d89-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5e-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d31-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d29-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d18-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0e-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cec-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9d-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d78-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0007000000015cdc-15.dat	xmrig
behavioral1/files/0x0008000000015cd0-11.dat	xmrig
behavioral1/files/0x0007000000015ce4-21.dat	xmrig
behavioral1/files/0x0007000000015cf1-26.dat	xmrig
behavioral1/files/0x0007000000015d03-30.dat	xmrig
behavioral1/files/0x0009000000015d1a-36.dat	xmrig
behavioral1/files/0x0007000000016c4a-45.dat	xmrig
behavioral1/files/0x0006000000016c51-50.dat	xmrig
behavioral1/files/0x0006000000016cc8-60.dat	xmrig
behavioral1/files/0x0006000000016d06-70.dat	xmrig
behavioral1/files/0x0006000000016d21-85.dat	xmrig
behavioral1/files/0x0006000000016d42-105.dat	xmrig
behavioral1/files/0x0006000000017492-163.dat	xmrig
behavioral1/files/0x0006000000017488-160.dat	xmrig
behavioral1/files/0x00060000000173a7-149.dat	xmrig
behavioral1/files/0x00060000000171a8-142.dat	xmrig
behavioral1/files/0x0006000000016fdf-135.dat	xmrig
behavioral1/files/0x0006000000016d6d-128.dat	xmrig
behavioral1/files/0x0006000000016d64-120.dat	xmrig
behavioral1/files/0x00060000000173a9-156.dat	xmrig
behavioral1/files/0x0009000000015c9f-148.dat	xmrig
behavioral1/files/0x0006000000017079-140.dat	xmrig
behavioral1/files/0x0006000000016d89-133.dat	xmrig
behavioral1/files/0x0006000000016d68-125.dat	xmrig
behavioral1/files/0x0006000000016d5e-115.dat	xmrig
behavioral1/files/0x0006000000016d4a-110.dat	xmrig
behavioral1/files/0x0006000000016d3a-100.dat	xmrig
behavioral1/files/0x0006000000016d31-95.dat	xmrig
behavioral1/files/0x0006000000016d29-90.dat	xmrig
behavioral1/files/0x0006000000016d18-80.dat	xmrig
behavioral1/files/0x0006000000016d0e-75.dat	xmrig
behavioral1/files/0x0006000000016cec-65.dat	xmrig
behavioral1/files/0x0006000000016c9d-55.dat	xmrig
behavioral1/files/0x0008000000015d78-41.dat	xmrig
behavioral1/memory/2380-2568-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2528-2569-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2192-2691-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2380-3277-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2528-3996-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2192-3988-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2192	BwMDEVe.exe
2064	fZCpThz.exe
3048	CnGfCQF.exe
1544	rfZdDEL.exe
2528	WjZlpaG.exe
2112	JycQwLm.exe
2268	fpFTNub.exe
2768	IPTVwyG.exe
2872	AJqLZaQ.exe
2760	mQHwNIK.exe
332	WtCPwcu.exe
2864	YEkHZZd.exe
2964	OAHMHbF.exe
2784	FpgMgGQ.exe
2792	NqPktsC.exe
2648	nczxLiV.exe
2012	RNuyqMt.exe
2248	NFOyTWs.exe
1960	SScdeaE.exe
1104	TMYILUh.exe
564	XDvYuxf.exe
1820	ENZVOOy.exe
1684	NwWSRll.exe
1700	gTnzhAX.exe
1204	UfppHdW.exe
2936	ZcNnFlE.exe
2252	pQvicjV.exe
2184	NQhfBsZ.exe
984	WzTAJsQ.exe
2052	LuvIEDN.exe
1332	RPKglmp.exe
2912	spiFMGY.exe
2348	xASOMiJ.exe
2304	aSeAwma.exe
348	NZBNQDx.exe
1500	sBQYtSt.exe
1840	cweeeAy.exe
1984	LZMewSy.exe
1916	QUjxBaY.exe
840	pLVIdEJ.exe
1172	FJzXSiQ.exe
2256	uIkVuxc.exe
1724	iiTQYtY.exe
2280	uwVvVQE.exe
3064	wPHJaoj.exe
2260	SzstjJq.exe
892	eKBJWrw.exe
1780	ycOptkZ.exe
2072	EtgQktA.exe
2224	QQisRlV.exe
1504	oSteTNH.exe
1044	iLKwrtQ.exe
2444	PDunWWO.exe
2188	KegIfNf.exe
1232	yzadWnz.exe
2440	jvuLoYZ.exe
1584	HVtFMRF.exe
2388	aulziii.exe
1616	hpWJheV.exe
2412	oIwdBon.exe
2800	MjTMfal.exe
2296	xgQgeZe.exe
3004	RxAAnzz.exe
2216	oojszUJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0007000000015cdc-15.dat	upx
behavioral1/files/0x0008000000015cd0-11.dat	upx
behavioral1/files/0x0007000000015ce4-21.dat	upx
behavioral1/files/0x0007000000015cf1-26.dat	upx
behavioral1/files/0x0007000000015d03-30.dat	upx
behavioral1/files/0x0009000000015d1a-36.dat	upx
behavioral1/files/0x0007000000016c4a-45.dat	upx
behavioral1/files/0x0006000000016c51-50.dat	upx
behavioral1/files/0x0006000000016cc8-60.dat	upx
behavioral1/files/0x0006000000016d06-70.dat	upx
behavioral1/files/0x0006000000016d21-85.dat	upx
behavioral1/files/0x0006000000016d42-105.dat	upx
behavioral1/files/0x0006000000017492-163.dat	upx
behavioral1/files/0x0006000000017488-160.dat	upx
behavioral1/files/0x00060000000173a7-149.dat	upx
behavioral1/files/0x00060000000171a8-142.dat	upx
behavioral1/files/0x0006000000016fdf-135.dat	upx
behavioral1/files/0x0006000000016d6d-128.dat	upx
behavioral1/files/0x0006000000016d64-120.dat	upx
behavioral1/files/0x00060000000173a9-156.dat	upx
behavioral1/files/0x0009000000015c9f-148.dat	upx
behavioral1/files/0x0006000000017079-140.dat	upx
behavioral1/files/0x0006000000016d89-133.dat	upx
behavioral1/files/0x0006000000016d68-125.dat	upx
behavioral1/files/0x0006000000016d5e-115.dat	upx
behavioral1/files/0x0006000000016d4a-110.dat	upx
behavioral1/files/0x0006000000016d3a-100.dat	upx
behavioral1/files/0x0006000000016d31-95.dat	upx
behavioral1/files/0x0006000000016d29-90.dat	upx
behavioral1/files/0x0006000000016d18-80.dat	upx
behavioral1/files/0x0006000000016d0e-75.dat	upx
behavioral1/files/0x0006000000016cec-65.dat	upx
behavioral1/files/0x0006000000016c9d-55.dat	upx
behavioral1/files/0x0008000000015d78-41.dat	upx
behavioral1/memory/2528-2569-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2192-2691-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2380-3277-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2528-3996-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2192-3988-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TmouUoy.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbJVuzS.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsaWGNC.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skgWHLy.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQqnKNH.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJnvxno.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLUMbkz.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odBDhmv.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axYEVsS.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKmHrxA.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrXMUNt.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYGhdll.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuZiLKM.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkUnGZV.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqWZfAO.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkNFPEA.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egIYODF.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgUmzMd.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddTpAcG.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjOpPKZ.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICvilQm.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTtdPQD.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwYbQIN.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmVNTEM.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwIEGzN.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJypGqv.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFWQAlZ.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDNhLSc.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzadWnz.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZrphhk.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAICuiY.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPZjCZN.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuBjnel.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRkhRCe.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPxttmj.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxRRNRo.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHQUQUX.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmfWKOn.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwBFBaJ.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJvlYIy.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvraUgm.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWWzTTs.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmBRgqD.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSsmDwa.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGKWiUV.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRkxFHF.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwWzzev.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DERFerd.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQBdVPw.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNdxnOR.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzieKBh.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfiYImd.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvptKIR.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGjIoIK.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNFaLbS.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyGsIwB.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygeLpMj.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXJBNam.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybruqwl.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrqNvKG.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhliSMe.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enmdwOx.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVXaCYt.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvwJqam.exe	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4604	giPiNGf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2192	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2192	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2192	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2064	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2064	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2064	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 3048	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 3048	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 3048	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 1544	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1544	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1544	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2528	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2528	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2528	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2112	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2112	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2112	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2268	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2268	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2268	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2768	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2768	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2768	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2872	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2872	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2872	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2760	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2760	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2760	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 332	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 332	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 332	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2864	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2864	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2864	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2964	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2964	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2964	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2784	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 2784	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 2784	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 2792	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2792	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2792	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2648	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2648	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2648	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2012	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2012	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2012	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2248	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2248	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2248	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1960	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1960	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1960	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1104	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1104	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1104	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 564	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 564	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 564	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1820	2380	2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_b2ce04927751649aa8a09052af28e87b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\BwMDEVe.exe
  C:\Windows\System\BwMDEVe.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fZCpThz.exe
  C:\Windows\System\fZCpThz.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\CnGfCQF.exe
  C:\Windows\System\CnGfCQF.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rfZdDEL.exe
  C:\Windows\System\rfZdDEL.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\WjZlpaG.exe
  C:\Windows\System\WjZlpaG.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\JycQwLm.exe
  C:\Windows\System\JycQwLm.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\fpFTNub.exe
  C:\Windows\System\fpFTNub.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\IPTVwyG.exe
  C:\Windows\System\IPTVwyG.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\AJqLZaQ.exe
  C:\Windows\System\AJqLZaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\mQHwNIK.exe
  C:\Windows\System\mQHwNIK.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\WtCPwcu.exe
  C:\Windows\System\WtCPwcu.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\YEkHZZd.exe
  C:\Windows\System\YEkHZZd.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\OAHMHbF.exe
  C:\Windows\System\OAHMHbF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\FpgMgGQ.exe
  C:\Windows\System\FpgMgGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NqPktsC.exe
  C:\Windows\System\NqPktsC.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\nczxLiV.exe
  C:\Windows\System\nczxLiV.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\RNuyqMt.exe
  C:\Windows\System\RNuyqMt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\NFOyTWs.exe
  C:\Windows\System\NFOyTWs.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\SScdeaE.exe
  C:\Windows\System\SScdeaE.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\TMYILUh.exe
  C:\Windows\System\TMYILUh.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\XDvYuxf.exe
  C:\Windows\System\XDvYuxf.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\ENZVOOy.exe
  C:\Windows\System\ENZVOOy.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\NwWSRll.exe
  C:\Windows\System\NwWSRll.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\gTnzhAX.exe
  C:\Windows\System\gTnzhAX.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\UfppHdW.exe
  C:\Windows\System\UfppHdW.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\spiFMGY.exe
  C:\Windows\System\spiFMGY.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ZcNnFlE.exe
  C:\Windows\System\ZcNnFlE.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\xASOMiJ.exe
  C:\Windows\System\xASOMiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\pQvicjV.exe
  C:\Windows\System\pQvicjV.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\aSeAwma.exe
  C:\Windows\System\aSeAwma.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\NQhfBsZ.exe
  C:\Windows\System\NQhfBsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\NZBNQDx.exe
  C:\Windows\System\NZBNQDx.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\WzTAJsQ.exe
  C:\Windows\System\WzTAJsQ.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\cweeeAy.exe
  C:\Windows\System\cweeeAy.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\LuvIEDN.exe
  C:\Windows\System\LuvIEDN.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LZMewSy.exe
  C:\Windows\System\LZMewSy.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\RPKglmp.exe
  C:\Windows\System\RPKglmp.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\QUjxBaY.exe
  C:\Windows\System\QUjxBaY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\sBQYtSt.exe
  C:\Windows\System\sBQYtSt.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\FJzXSiQ.exe
  C:\Windows\System\FJzXSiQ.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\pLVIdEJ.exe
  C:\Windows\System\pLVIdEJ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\eKBJWrw.exe
  C:\Windows\System\eKBJWrw.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\uIkVuxc.exe
  C:\Windows\System\uIkVuxc.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ycOptkZ.exe
  C:\Windows\System\ycOptkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iiTQYtY.exe
  C:\Windows\System\iiTQYtY.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\EtgQktA.exe
  C:\Windows\System\EtgQktA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\uwVvVQE.exe
  C:\Windows\System\uwVvVQE.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\QQisRlV.exe
  C:\Windows\System\QQisRlV.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\wPHJaoj.exe
  C:\Windows\System\wPHJaoj.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\oSteTNH.exe
  C:\Windows\System\oSteTNH.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\SzstjJq.exe
  C:\Windows\System\SzstjJq.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\iLKwrtQ.exe
  C:\Windows\System\iLKwrtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\PDunWWO.exe
  C:\Windows\System\PDunWWO.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\yzadWnz.exe
  C:\Windows\System\yzadWnz.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\KegIfNf.exe
  C:\Windows\System\KegIfNf.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\jvuLoYZ.exe
  C:\Windows\System\jvuLoYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\HVtFMRF.exe
  C:\Windows\System\HVtFMRF.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\hpWJheV.exe
  C:\Windows\System\hpWJheV.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\aulziii.exe
  C:\Windows\System\aulziii.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\oIwdBon.exe
  C:\Windows\System\oIwdBon.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\MjTMfal.exe
  C:\Windows\System\MjTMfal.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\xgQgeZe.exe
  C:\Windows\System\xgQgeZe.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\RxAAnzz.exe
  C:\Windows\System\RxAAnzz.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\oojszUJ.exe
  C:\Windows\System\oojszUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ZlHOkzW.exe
  C:\Windows\System\ZlHOkzW.exe
  2⤵
  PID:2896
- C:\Windows\System\fiJYATj.exe
  C:\Windows\System\fiJYATj.exe
  2⤵
  PID:2880
- C:\Windows\System\xdHTeen.exe
  C:\Windows\System\xdHTeen.exe
  2⤵
  PID:1056
- C:\Windows\System\JzcYmZM.exe
  C:\Windows\System\JzcYmZM.exe
  2⤵
  PID:2680
- C:\Windows\System\LfiYImd.exe
  C:\Windows\System\LfiYImd.exe
  2⤵
  PID:2372
- C:\Windows\System\JXYkHVa.exe
  C:\Windows\System\JXYkHVa.exe
  2⤵
  PID:2952
- C:\Windows\System\owshkpl.exe
  C:\Windows\System\owshkpl.exe
  2⤵
  PID:2552
- C:\Windows\System\qVRsdtB.exe
  C:\Windows\System\qVRsdtB.exe
  2⤵
  PID:400
- C:\Windows\System\anJPMfe.exe
  C:\Windows\System\anJPMfe.exe
  2⤵
  PID:2276
- C:\Windows\System\RBoFUYx.exe
  C:\Windows\System\RBoFUYx.exe
  2⤵
  PID:900
- C:\Windows\System\nPMjeVj.exe
  C:\Windows\System\nPMjeVj.exe
  2⤵
  PID:2500
- C:\Windows\System\BCICOTn.exe
  C:\Windows\System\BCICOTn.exe
  2⤵
  PID:1624
- C:\Windows\System\UQrtqsG.exe
  C:\Windows\System\UQrtqsG.exe
  2⤵
  PID:2448
- C:\Windows\System\nWpVeSN.exe
  C:\Windows\System\nWpVeSN.exe
  2⤵
  PID:1860
- C:\Windows\System\nIdVdTo.exe
  C:\Windows\System\nIdVdTo.exe
  2⤵
  PID:1564
- C:\Windows\System\YUduzyg.exe
  C:\Windows\System\YUduzyg.exe
  2⤵
  PID:2940
- C:\Windows\System\knXmRbu.exe
  C:\Windows\System\knXmRbu.exe
  2⤵
  PID:1184
- C:\Windows\System\fcGgpWm.exe
  C:\Windows\System\fcGgpWm.exe
  2⤵
  PID:2316
- C:\Windows\System\SLzhRTk.exe
  C:\Windows\System\SLzhRTk.exe
  2⤵
  PID:1592
- C:\Windows\System\TnXLbJw.exe
  C:\Windows\System\TnXLbJw.exe
  2⤵
  PID:2040
- C:\Windows\System\lECwcxQ.exe
  C:\Windows\System\lECwcxQ.exe
  2⤵
  PID:1652
- C:\Windows\System\gHrvIyj.exe
  C:\Windows\System\gHrvIyj.exe
  2⤵
  PID:2332
- C:\Windows\System\TdQjXFJ.exe
  C:\Windows\System\TdQjXFJ.exe
  2⤵
  PID:2204
- C:\Windows\System\rihZLZV.exe
  C:\Windows\System\rihZLZV.exe
  2⤵
  PID:1800
- C:\Windows\System\sSMBpYe.exe
  C:\Windows\System\sSMBpYe.exe
  2⤵
  PID:1048
- C:\Windows\System\WwpGFhf.exe
  C:\Windows\System\WwpGFhf.exe
  2⤵
  PID:2556
- C:\Windows\System\CVxqcMi.exe
  C:\Windows\System\CVxqcMi.exe
  2⤵
  PID:880
- C:\Windows\System\jsVzYml.exe
  C:\Windows\System\jsVzYml.exe
  2⤵
  PID:3028
- C:\Windows\System\SJsZkmJ.exe
  C:\Windows\System\SJsZkmJ.exe
  2⤵
  PID:2508
- C:\Windows\System\OgtEZkJ.exe
  C:\Windows\System\OgtEZkJ.exe
  2⤵
  PID:2516
- C:\Windows\System\jTparlQ.exe
  C:\Windows\System\jTparlQ.exe
  2⤵
  PID:1508
- C:\Windows\System\MmCrYcy.exe
  C:\Windows\System\MmCrYcy.exe
  2⤵
  PID:2992
- C:\Windows\System\rXcBEqn.exe
  C:\Windows\System\rXcBEqn.exe
  2⤵
  PID:2756
- C:\Windows\System\bNAceYa.exe
  C:\Windows\System\bNAceYa.exe
  2⤵
  PID:2636
- C:\Windows\System\YDXLsKb.exe
  C:\Windows\System\YDXLsKb.exe
  2⤵
  PID:972
- C:\Windows\System\mEqOpPZ.exe
  C:\Windows\System\mEqOpPZ.exe
  2⤵
  PID:1632
- C:\Windows\System\qKvDpNu.exe
  C:\Windows\System\qKvDpNu.exe
  2⤵
  PID:1908
- C:\Windows\System\ulaTrJE.exe
  C:\Windows\System\ulaTrJE.exe
  2⤵
  PID:2308
- C:\Windows\System\JaPOcOo.exe
  C:\Windows\System\JaPOcOo.exe
  2⤵
  PID:620
- C:\Windows\System\VnoFCTO.exe
  C:\Windows\System\VnoFCTO.exe
  2⤵
  PID:2164
- C:\Windows\System\QvUMNzo.exe
  C:\Windows\System\QvUMNzo.exe
  2⤵
  PID:2584
- C:\Windows\System\yZAnmfR.exe
  C:\Windows\System\yZAnmfR.exe
  2⤵
  PID:1620
- C:\Windows\System\gZrphhk.exe
  C:\Windows\System\gZrphhk.exe
  2⤵
  PID:664
- C:\Windows\System\igSejEo.exe
  C:\Windows\System\igSejEo.exe
  2⤵
  PID:940
- C:\Windows\System\LGDzvgh.exe
  C:\Windows\System\LGDzvgh.exe
  2⤵
  PID:2292
- C:\Windows\System\KLcsOID.exe
  C:\Windows\System\KLcsOID.exe
  2⤵
  PID:2220
- C:\Windows\System\qeoLbwN.exe
  C:\Windows\System\qeoLbwN.exe
  2⤵
  PID:740
- C:\Windows\System\fesGDhz.exe
  C:\Windows\System\fesGDhz.exe
  2⤵
  PID:2432
- C:\Windows\System\xkOnrfC.exe
  C:\Windows\System\xkOnrfC.exe
  2⤵
  PID:1704
- C:\Windows\System\xRAWweO.exe
  C:\Windows\System\xRAWweO.exe
  2⤵
  PID:2424
- C:\Windows\System\AILRtQa.exe
  C:\Windows\System\AILRtQa.exe
  2⤵
  PID:3088
- C:\Windows\System\oFcQhqe.exe
  C:\Windows\System\oFcQhqe.exe
  2⤵
  PID:3108
- C:\Windows\System\JGTjexd.exe
  C:\Windows\System\JGTjexd.exe
  2⤵
  PID:3128
- C:\Windows\System\YcrEyPX.exe
  C:\Windows\System\YcrEyPX.exe
  2⤵
  PID:3148
- C:\Windows\System\klKwdHg.exe
  C:\Windows\System\klKwdHg.exe
  2⤵
  PID:3168
- C:\Windows\System\xiEMlKf.exe
  C:\Windows\System\xiEMlKf.exe
  2⤵
  PID:3188
- C:\Windows\System\OqrIrGZ.exe
  C:\Windows\System\OqrIrGZ.exe
  2⤵
  PID:3208
- C:\Windows\System\YCSrUUS.exe
  C:\Windows\System\YCSrUUS.exe
  2⤵
  PID:3228
- C:\Windows\System\TkmHPZh.exe
  C:\Windows\System\TkmHPZh.exe
  2⤵
  PID:3248
- C:\Windows\System\SmfWKOn.exe
  C:\Windows\System\SmfWKOn.exe
  2⤵
  PID:3268
- C:\Windows\System\zULmemx.exe
  C:\Windows\System\zULmemx.exe
  2⤵
  PID:3288
- C:\Windows\System\MMrvASG.exe
  C:\Windows\System\MMrvASG.exe
  2⤵
  PID:3308
- C:\Windows\System\hoiGYcZ.exe
  C:\Windows\System\hoiGYcZ.exe
  2⤵
  PID:3328
- C:\Windows\System\zrdTsUI.exe
  C:\Windows\System\zrdTsUI.exe
  2⤵
  PID:3348
- C:\Windows\System\DwRQVVD.exe
  C:\Windows\System\DwRQVVD.exe
  2⤵
  PID:3368
- C:\Windows\System\wciiskr.exe
  C:\Windows\System\wciiskr.exe
  2⤵
  PID:3388
- C:\Windows\System\ROGURna.exe
  C:\Windows\System\ROGURna.exe
  2⤵
  PID:3408
- C:\Windows\System\yRkuyee.exe
  C:\Windows\System\yRkuyee.exe
  2⤵
  PID:3428
- C:\Windows\System\NYQrxvU.exe
  C:\Windows\System\NYQrxvU.exe
  2⤵
  PID:3448
- C:\Windows\System\lWlnsgN.exe
  C:\Windows\System\lWlnsgN.exe
  2⤵
  PID:3468
- C:\Windows\System\IeXfwzx.exe
  C:\Windows\System\IeXfwzx.exe
  2⤵
  PID:3488
- C:\Windows\System\grpKNHQ.exe
  C:\Windows\System\grpKNHQ.exe
  2⤵
  PID:3508
- C:\Windows\System\QrVPgAq.exe
  C:\Windows\System\QrVPgAq.exe
  2⤵
  PID:3528
- C:\Windows\System\FWsAmPI.exe
  C:\Windows\System\FWsAmPI.exe
  2⤵
  PID:3548
- C:\Windows\System\CORkTVV.exe
  C:\Windows\System\CORkTVV.exe
  2⤵
  PID:3568
- C:\Windows\System\pkYLANn.exe
  C:\Windows\System\pkYLANn.exe
  2⤵
  PID:3588
- C:\Windows\System\LkefUwn.exe
  C:\Windows\System\LkefUwn.exe
  2⤵
  PID:3608
- C:\Windows\System\JKpFRLJ.exe
  C:\Windows\System\JKpFRLJ.exe
  2⤵
  PID:3628
- C:\Windows\System\FVPbFrk.exe
  C:\Windows\System\FVPbFrk.exe
  2⤵
  PID:3648
- C:\Windows\System\PeppnVM.exe
  C:\Windows\System\PeppnVM.exe
  2⤵
  PID:3668
- C:\Windows\System\uzozMqs.exe
  C:\Windows\System\uzozMqs.exe
  2⤵
  PID:3688
- C:\Windows\System\rfAAupl.exe
  C:\Windows\System\rfAAupl.exe
  2⤵
  PID:3708
- C:\Windows\System\ukYwXIX.exe
  C:\Windows\System\ukYwXIX.exe
  2⤵
  PID:3728
- C:\Windows\System\lsfJfBJ.exe
  C:\Windows\System\lsfJfBJ.exe
  2⤵
  PID:3748
- C:\Windows\System\kRkxFHF.exe
  C:\Windows\System\kRkxFHF.exe
  2⤵
  PID:3768
- C:\Windows\System\zrqNvKG.exe
  C:\Windows\System\zrqNvKG.exe
  2⤵
  PID:3788
- C:\Windows\System\IZCQWSL.exe
  C:\Windows\System\IZCQWSL.exe
  2⤵
  PID:3808
- C:\Windows\System\UqWZfAO.exe
  C:\Windows\System\UqWZfAO.exe
  2⤵
  PID:3828
- C:\Windows\System\XYuApQj.exe
  C:\Windows\System\XYuApQj.exe
  2⤵
  PID:3848
- C:\Windows\System\mPappum.exe
  C:\Windows\System\mPappum.exe
  2⤵
  PID:3868
- C:\Windows\System\TpDSDnD.exe
  C:\Windows\System\TpDSDnD.exe
  2⤵
  PID:3888
- C:\Windows\System\YHAvaLj.exe
  C:\Windows\System\YHAvaLj.exe
  2⤵
  PID:3908
- C:\Windows\System\vWTKPEp.exe
  C:\Windows\System\vWTKPEp.exe
  2⤵
  PID:3928
- C:\Windows\System\UCpfPUy.exe
  C:\Windows\System\UCpfPUy.exe
  2⤵
  PID:3948
- C:\Windows\System\NkcGiSN.exe
  C:\Windows\System\NkcGiSN.exe
  2⤵
  PID:3968
- C:\Windows\System\wTivHLn.exe
  C:\Windows\System\wTivHLn.exe
  2⤵
  PID:3988
- C:\Windows\System\DtQhcAY.exe
  C:\Windows\System\DtQhcAY.exe
  2⤵
  PID:4008
- C:\Windows\System\isEYqCi.exe
  C:\Windows\System\isEYqCi.exe
  2⤵
  PID:4028
- C:\Windows\System\TeJfTAq.exe
  C:\Windows\System\TeJfTAq.exe
  2⤵
  PID:4052
- C:\Windows\System\FyYfsxX.exe
  C:\Windows\System\FyYfsxX.exe
  2⤵
  PID:4072
- C:\Windows\System\cdzcMuj.exe
  C:\Windows\System\cdzcMuj.exe
  2⤵
  PID:4092
- C:\Windows\System\SvptKIR.exe
  C:\Windows\System\SvptKIR.exe
  2⤵
  PID:2300
- C:\Windows\System\JRaTFTN.exe
  C:\Windows\System\JRaTFTN.exe
  2⤵
  PID:2840
- C:\Windows\System\eaPtuCN.exe
  C:\Windows\System\eaPtuCN.exe
  2⤵
  PID:2788
- C:\Windows\System\dwIEGzN.exe
  C:\Windows\System\dwIEGzN.exe
  2⤵
  PID:2812
- C:\Windows\System\KQgziJK.exe
  C:\Windows\System\KQgziJK.exe
  2⤵
  PID:1140
- C:\Windows\System\UWBPrMT.exe
  C:\Windows\System\UWBPrMT.exe
  2⤵
  PID:540
- C:\Windows\System\uaGQyVR.exe
  C:\Windows\System\uaGQyVR.exe
  2⤵
  PID:1920
- C:\Windows\System\hXhctZK.exe
  C:\Windows\System\hXhctZK.exe
  2⤵
  PID:2408
- C:\Windows\System\EwMEFYw.exe
  C:\Windows\System\EwMEFYw.exe
  2⤵
  PID:268
- C:\Windows\System\pugqPgw.exe
  C:\Windows\System\pugqPgw.exe
  2⤵
  PID:600
- C:\Windows\System\aCpmMXA.exe
  C:\Windows\System\aCpmMXA.exe
  2⤵
  PID:2456
- C:\Windows\System\IvkdJLX.exe
  C:\Windows\System\IvkdJLX.exe
  2⤵
  PID:1264
- C:\Windows\System\PwBFBaJ.exe
  C:\Windows\System\PwBFBaJ.exe
  2⤵
  PID:3104
- C:\Windows\System\rePynqN.exe
  C:\Windows\System\rePynqN.exe
  2⤵
  PID:3124
- C:\Windows\System\ApFpUfW.exe
  C:\Windows\System\ApFpUfW.exe
  2⤵
  PID:3176
- C:\Windows\System\VhSJNDA.exe
  C:\Windows\System\VhSJNDA.exe
  2⤵
  PID:3196
- C:\Windows\System\AAkgAPS.exe
  C:\Windows\System\AAkgAPS.exe
  2⤵
  PID:3220
- C:\Windows\System\cNsVdaP.exe
  C:\Windows\System\cNsVdaP.exe
  2⤵
  PID:3240
- C:\Windows\System\oizPSzI.exe
  C:\Windows\System\oizPSzI.exe
  2⤵
  PID:3280
- C:\Windows\System\JxGbLcr.exe
  C:\Windows\System\JxGbLcr.exe
  2⤵
  PID:3324
- C:\Windows\System\EoIylFL.exe
  C:\Windows\System\EoIylFL.exe
  2⤵
  PID:3376
- C:\Windows\System\aoVAcmA.exe
  C:\Windows\System\aoVAcmA.exe
  2⤵
  PID:3396
- C:\Windows\System\WWyjQJe.exe
  C:\Windows\System\WWyjQJe.exe
  2⤵
  PID:3420
- C:\Windows\System\PqNRhVJ.exe
  C:\Windows\System\PqNRhVJ.exe
  2⤵
  PID:3464
- C:\Windows\System\yanuKcs.exe
  C:\Windows\System\yanuKcs.exe
  2⤵
  PID:3496
- C:\Windows\System\gpMGxpd.exe
  C:\Windows\System\gpMGxpd.exe
  2⤵
  PID:3524
- C:\Windows\System\UipktXI.exe
  C:\Windows\System\UipktXI.exe
  2⤵
  PID:3564
- C:\Windows\System\xOYOAYP.exe
  C:\Windows\System\xOYOAYP.exe
  2⤵
  PID:3596
- C:\Windows\System\abGEjMP.exe
  C:\Windows\System\abGEjMP.exe
  2⤵
  PID:3620
- C:\Windows\System\mVbsIuk.exe
  C:\Windows\System\mVbsIuk.exe
  2⤵
  PID:3640
- C:\Windows\System\WLUMbkz.exe
  C:\Windows\System\WLUMbkz.exe
  2⤵
  PID:3696
- C:\Windows\System\gpMkiMz.exe
  C:\Windows\System\gpMkiMz.exe
  2⤵
  PID:3720
- C:\Windows\System\jAOHCQx.exe
  C:\Windows\System\jAOHCQx.exe
  2⤵
  PID:3776
- C:\Windows\System\cOeApXo.exe
  C:\Windows\System\cOeApXo.exe
  2⤵
  PID:3796
- C:\Windows\System\TKvcsnG.exe
  C:\Windows\System\TKvcsnG.exe
  2⤵
  PID:3820
- C:\Windows\System\SGYryzU.exe
  C:\Windows\System\SGYryzU.exe
  2⤵
  PID:3840
- C:\Windows\System\WkNFPEA.exe
  C:\Windows\System\WkNFPEA.exe
  2⤵
  PID:3880
- C:\Windows\System\mZPLDzi.exe
  C:\Windows\System\mZPLDzi.exe
  2⤵
  PID:3924
- C:\Windows\System\AbUpEYZ.exe
  C:\Windows\System\AbUpEYZ.exe
  2⤵
  PID:3964
- C:\Windows\System\UereNDj.exe
  C:\Windows\System\UereNDj.exe
  2⤵
  PID:4016
- C:\Windows\System\WYSNExP.exe
  C:\Windows\System\WYSNExP.exe
  2⤵
  PID:4060
- C:\Windows\System\WYpQPQe.exe
  C:\Windows\System\WYpQPQe.exe
  2⤵
  PID:4080
- C:\Windows\System\nIqlWOn.exe
  C:\Windows\System\nIqlWOn.exe
  2⤵
  PID:2168
- C:\Windows\System\EpACBmE.exe
  C:\Windows\System\EpACBmE.exe
  2⤵
  PID:2860
- C:\Windows\System\zbslKWQ.exe
  C:\Windows\System\zbslKWQ.exe
  2⤵
  PID:2092
- C:\Windows\System\IpYfEbz.exe
  C:\Windows\System\IpYfEbz.exe
  2⤵
  PID:1692
- C:\Windows\System\TsHrUnx.exe
  C:\Windows\System\TsHrUnx.exe
  2⤵
  PID:2028
- C:\Windows\System\waUziNS.exe
  C:\Windows\System\waUziNS.exe
  2⤵
  PID:568
- C:\Windows\System\SCdaIvT.exe
  C:\Windows\System\SCdaIvT.exe
  2⤵
  PID:3076
- C:\Windows\System\EXooKIb.exe
  C:\Windows\System\EXooKIb.exe
  2⤵
  PID:3144
- C:\Windows\System\SyxyjaQ.exe
  C:\Windows\System\SyxyjaQ.exe
  2⤵
  PID:3164
- C:\Windows\System\RhliSMe.exe
  C:\Windows\System\RhliSMe.exe
  2⤵
  PID:3204
- C:\Windows\System\yfFBYzp.exe
  C:\Windows\System\yfFBYzp.exe
  2⤵
  PID:3284
- C:\Windows\System\ynjBxQc.exe
  C:\Windows\System\ynjBxQc.exe
  2⤵
  PID:3316
- C:\Windows\System\MNXYYQK.exe
  C:\Windows\System\MNXYYQK.exe
  2⤵
  PID:3416
- C:\Windows\System\WRFwFYp.exe
  C:\Windows\System\WRFwFYp.exe
  2⤵
  PID:3484
- C:\Windows\System\KiQWOwZ.exe
  C:\Windows\System\KiQWOwZ.exe
  2⤵
  PID:3556
- C:\Windows\System\aJEAuII.exe
  C:\Windows\System\aJEAuII.exe
  2⤵
  PID:3624
- C:\Windows\System\RhfBuhN.exe
  C:\Windows\System\RhfBuhN.exe
  2⤵
  PID:3676
- C:\Windows\System\STJsRcv.exe
  C:\Windows\System\STJsRcv.exe
  2⤵
  PID:3700
- C:\Windows\System\bDXSVXK.exe
  C:\Windows\System\bDXSVXK.exe
  2⤵
  PID:3740
- C:\Windows\System\fctCtJl.exe
  C:\Windows\System\fctCtJl.exe
  2⤵
  PID:3800
- C:\Windows\System\unFTTof.exe
  C:\Windows\System\unFTTof.exe
  2⤵
  PID:3876
- C:\Windows\System\YAICuiY.exe
  C:\Windows\System\YAICuiY.exe
  2⤵
  PID:3916
- C:\Windows\System\WlDJzgp.exe
  C:\Windows\System\WlDJzgp.exe
  2⤵
  PID:3976
- C:\Windows\System\ofhYedF.exe
  C:\Windows\System\ofhYedF.exe
  2⤵
  PID:4000
- C:\Windows\System\wdhzgfM.exe
  C:\Windows\System\wdhzgfM.exe
  2⤵
  PID:2696
- C:\Windows\System\CYTAUUY.exe
  C:\Windows\System\CYTAUUY.exe
  2⤵
  PID:1680
- C:\Windows\System\cxDxVKs.exe
  C:\Windows\System\cxDxVKs.exe
  2⤵
  PID:2036
- C:\Windows\System\kPYvlKj.exe
  C:\Windows\System\kPYvlKj.exe
  2⤵
  PID:656
- C:\Windows\System\tDSduCc.exe
  C:\Windows\System\tDSduCc.exe
  2⤵
  PID:3096
- C:\Windows\System\oIxSCNH.exe
  C:\Windows\System\oIxSCNH.exe
  2⤵
  PID:3116
- C:\Windows\System\hEFAiEf.exe
  C:\Windows\System\hEFAiEf.exe
  2⤵
  PID:3264
- C:\Windows\System\cdIAvJe.exe
  C:\Windows\System\cdIAvJe.exe
  2⤵
  PID:4112
- C:\Windows\System\SqoDgra.exe
  C:\Windows\System\SqoDgra.exe
  2⤵
  PID:4132
- C:\Windows\System\bJfnRbP.exe
  C:\Windows\System\bJfnRbP.exe
  2⤵
  PID:4152
- C:\Windows\System\SAQdItg.exe
  C:\Windows\System\SAQdItg.exe
  2⤵
  PID:4172
- C:\Windows\System\oDWssex.exe
  C:\Windows\System\oDWssex.exe
  2⤵
  PID:4192
- C:\Windows\System\vsHAsRh.exe
  C:\Windows\System\vsHAsRh.exe
  2⤵
  PID:4212
- C:\Windows\System\ypnInsf.exe
  C:\Windows\System\ypnInsf.exe
  2⤵
  PID:4232
- C:\Windows\System\AyBLHMe.exe
  C:\Windows\System\AyBLHMe.exe
  2⤵
  PID:4252
- C:\Windows\System\cNOZeKU.exe
  C:\Windows\System\cNOZeKU.exe
  2⤵
  PID:4272
- C:\Windows\System\wGVvhuu.exe
  C:\Windows\System\wGVvhuu.exe
  2⤵
  PID:4292
- C:\Windows\System\ybIxlrY.exe
  C:\Windows\System\ybIxlrY.exe
  2⤵
  PID:4312
- C:\Windows\System\ByUPugw.exe
  C:\Windows\System\ByUPugw.exe
  2⤵
  PID:4332
- C:\Windows\System\tXCbXTI.exe
  C:\Windows\System\tXCbXTI.exe
  2⤵
  PID:4352
- C:\Windows\System\qgtLnob.exe
  C:\Windows\System\qgtLnob.exe
  2⤵
  PID:4372
- C:\Windows\System\gtueWKp.exe
  C:\Windows\System\gtueWKp.exe
  2⤵
  PID:4392
- C:\Windows\System\ooeRKjZ.exe
  C:\Windows\System\ooeRKjZ.exe
  2⤵
  PID:4412
- C:\Windows\System\mIyrobm.exe
  C:\Windows\System\mIyrobm.exe
  2⤵
  PID:4432
- C:\Windows\System\WHXahoP.exe
  C:\Windows\System\WHXahoP.exe
  2⤵
  PID:4452
- C:\Windows\System\xDXYkTF.exe
  C:\Windows\System\xDXYkTF.exe
  2⤵
  PID:4472
- C:\Windows\System\iKYtCnL.exe
  C:\Windows\System\iKYtCnL.exe
  2⤵
  PID:4492
- C:\Windows\System\RMepxYL.exe
  C:\Windows\System\RMepxYL.exe
  2⤵
  PID:4512
- C:\Windows\System\NqkqlHm.exe
  C:\Windows\System\NqkqlHm.exe
  2⤵
  PID:4532
- C:\Windows\System\krDLqTW.exe
  C:\Windows\System\krDLqTW.exe
  2⤵
  PID:4552
- C:\Windows\System\RROllAI.exe
  C:\Windows\System\RROllAI.exe
  2⤵
  PID:4572
- C:\Windows\System\WJZYXTk.exe
  C:\Windows\System\WJZYXTk.exe
  2⤵
  PID:4592
- C:\Windows\System\USUFOyh.exe
  C:\Windows\System\USUFOyh.exe
  2⤵
  PID:4612
- C:\Windows\System\uUsmcdQ.exe
  C:\Windows\System\uUsmcdQ.exe
  2⤵
  PID:4632
- C:\Windows\System\oGtnUYv.exe
  C:\Windows\System\oGtnUYv.exe
  2⤵
  PID:4652
- C:\Windows\System\SlYHSYU.exe
  C:\Windows\System\SlYHSYU.exe
  2⤵
  PID:4672
- C:\Windows\System\TmouUoy.exe
  C:\Windows\System\TmouUoy.exe
  2⤵
  PID:4692
- C:\Windows\System\VXCYeQo.exe
  C:\Windows\System\VXCYeQo.exe
  2⤵
  PID:4712
- C:\Windows\System\fdSZtYD.exe
  C:\Windows\System\fdSZtYD.exe
  2⤵
  PID:4732
- C:\Windows\System\qbLUaxH.exe
  C:\Windows\System\qbLUaxH.exe
  2⤵
  PID:4752
- C:\Windows\System\YCGvHyP.exe
  C:\Windows\System\YCGvHyP.exe
  2⤵
  PID:4772
- C:\Windows\System\EixiHLz.exe
  C:\Windows\System\EixiHLz.exe
  2⤵
  PID:4792
- C:\Windows\System\pHKYFzH.exe
  C:\Windows\System\pHKYFzH.exe
  2⤵
  PID:4816
- C:\Windows\System\LMOlhID.exe
  C:\Windows\System\LMOlhID.exe
  2⤵
  PID:4836
- C:\Windows\System\oSnpzVy.exe
  C:\Windows\System\oSnpzVy.exe
  2⤵
  PID:4856
- C:\Windows\System\mUuslsH.exe
  C:\Windows\System\mUuslsH.exe
  2⤵
  PID:4876
- C:\Windows\System\HswmRgT.exe
  C:\Windows\System\HswmRgT.exe
  2⤵
  PID:4896
- C:\Windows\System\DsvnsSZ.exe
  C:\Windows\System\DsvnsSZ.exe
  2⤵
  PID:4916
- C:\Windows\System\QbJVuzS.exe
  C:\Windows\System\QbJVuzS.exe
  2⤵
  PID:4936
- C:\Windows\System\iIkZAdU.exe
  C:\Windows\System\iIkZAdU.exe
  2⤵
  PID:4956
- C:\Windows\System\UgCOrxk.exe
  C:\Windows\System\UgCOrxk.exe
  2⤵
  PID:4976
- C:\Windows\System\rVSJKTa.exe
  C:\Windows\System\rVSJKTa.exe
  2⤵
  PID:4996
- C:\Windows\System\ntiDUug.exe
  C:\Windows\System\ntiDUug.exe
  2⤵
  PID:5016
- C:\Windows\System\egIYODF.exe
  C:\Windows\System\egIYODF.exe
  2⤵
  PID:5036
- C:\Windows\System\fcAUCtL.exe
  C:\Windows\System\fcAUCtL.exe
  2⤵
  PID:5056
- C:\Windows\System\GTMHbfN.exe
  C:\Windows\System\GTMHbfN.exe
  2⤵
  PID:5076
- C:\Windows\System\rsiQAuz.exe
  C:\Windows\System\rsiQAuz.exe
  2⤵
  PID:5096
- C:\Windows\System\QWyQjnY.exe
  C:\Windows\System\QWyQjnY.exe
  2⤵
  PID:5116
- C:\Windows\System\RaQFfTi.exe
  C:\Windows\System\RaQFfTi.exe
  2⤵
  PID:3480
- C:\Windows\System\UYnxOkI.exe
  C:\Windows\System\UYnxOkI.exe
  2⤵
  PID:3560
- C:\Windows\System\XCPisTF.exe
  C:\Windows\System\XCPisTF.exe
  2⤵
  PID:3664
- C:\Windows\System\BFwBkod.exe
  C:\Windows\System\BFwBkod.exe
  2⤵
  PID:3724
- C:\Windows\System\uVSqZgj.exe
  C:\Windows\System\uVSqZgj.exe
  2⤵
  PID:3780
- C:\Windows\System\SjRFNzG.exe
  C:\Windows\System\SjRFNzG.exe
  2⤵
  PID:3936
- C:\Windows\System\zxUqavT.exe
  C:\Windows\System\zxUqavT.exe
  2⤵
  PID:4048
- C:\Windows\System\aPnbHRB.exe
  C:\Windows\System\aPnbHRB.exe
  2⤵
  PID:2844
- C:\Windows\System\rWUYHpB.exe
  C:\Windows\System\rWUYHpB.exe
  2⤵
  PID:808
- C:\Windows\System\FyuAeaa.exe
  C:\Windows\System\FyuAeaa.exe
  2⤵
  PID:3160
- C:\Windows\System\znGKPsu.exe
  C:\Windows\System\znGKPsu.exe
  2⤵
  PID:3136
- C:\Windows\System\kLDOCEI.exe
  C:\Windows\System\kLDOCEI.exe
  2⤵
  PID:4104
- C:\Windows\System\UKmHrxA.exe
  C:\Windows\System\UKmHrxA.exe
  2⤵
  PID:4128
- C:\Windows\System\uCAjxHe.exe
  C:\Windows\System\uCAjxHe.exe
  2⤵
  PID:4188
- C:\Windows\System\wrFJoTv.exe
  C:\Windows\System\wrFJoTv.exe
  2⤵
  PID:4208
- C:\Windows\System\pJiYNQY.exe
  C:\Windows\System\pJiYNQY.exe
  2⤵
  PID:4240
- C:\Windows\System\vpWCzvz.exe
  C:\Windows\System\vpWCzvz.exe
  2⤵
  PID:4264
- C:\Windows\System\xKbUUNd.exe
  C:\Windows\System\xKbUUNd.exe
  2⤵
  PID:4308
- C:\Windows\System\uONMxLZ.exe
  C:\Windows\System\uONMxLZ.exe
  2⤵
  PID:4348
- C:\Windows\System\gNaNQLi.exe
  C:\Windows\System\gNaNQLi.exe
  2⤵
  PID:4368
- C:\Windows\System\rjOpPKZ.exe
  C:\Windows\System\rjOpPKZ.exe
  2⤵
  PID:4420
- C:\Windows\System\fflYwHX.exe
  C:\Windows\System\fflYwHX.exe
  2⤵
  PID:4440
- C:\Windows\System\GgNgsAI.exe
  C:\Windows\System\GgNgsAI.exe
  2⤵
  PID:4464
- C:\Windows\System\bITPPaf.exe
  C:\Windows\System\bITPPaf.exe
  2⤵
  PID:4508
- C:\Windows\System\npeWCum.exe
  C:\Windows\System\npeWCum.exe
  2⤵
  PID:4540
- C:\Windows\System\KcVkZGn.exe
  C:\Windows\System\KcVkZGn.exe
  2⤵
  PID:4588
- C:\Windows\System\UKpiYJi.exe
  C:\Windows\System\UKpiYJi.exe
  2⤵
  PID:4608
- C:\Windows\System\vcYRXCB.exe
  C:\Windows\System\vcYRXCB.exe
  2⤵
  PID:4640
- C:\Windows\System\kwWzzev.exe
  C:\Windows\System\kwWzzev.exe
  2⤵
  PID:4664
- C:\Windows\System\EGIHMez.exe
  C:\Windows\System\EGIHMez.exe
  2⤵
  PID:4708
- C:\Windows\System\EQsqJQv.exe
  C:\Windows\System\EQsqJQv.exe
  2⤵
  PID:4740
- C:\Windows\System\xuWlwQO.exe
  C:\Windows\System\xuWlwQO.exe
  2⤵
  PID:4764
- C:\Windows\System\KywfHkv.exe
  C:\Windows\System\KywfHkv.exe
  2⤵
  PID:4824
- C:\Windows\System\NwUnCVK.exe
  C:\Windows\System\NwUnCVK.exe
  2⤵
  PID:4844
- C:\Windows\System\sRYnQrT.exe
  C:\Windows\System\sRYnQrT.exe
  2⤵
  PID:4868
- C:\Windows\System\yCEAdVx.exe
  C:\Windows\System\yCEAdVx.exe
  2⤵
  PID:4908
- C:\Windows\System\ZJrsZRh.exe
  C:\Windows\System\ZJrsZRh.exe
  2⤵
  PID:4952
- C:\Windows\System\EboZbLb.exe
  C:\Windows\System\EboZbLb.exe
  2⤵
  PID:4984
- C:\Windows\System\OyCfUcc.exe
  C:\Windows\System\OyCfUcc.exe
  2⤵
  PID:5008
- C:\Windows\System\VMcVkZa.exe
  C:\Windows\System\VMcVkZa.exe
  2⤵
  PID:5052
- C:\Windows\System\QmTHnnq.exe
  C:\Windows\System\QmTHnnq.exe
  2⤵
  PID:5084
- C:\Windows\System\AJvlYIy.exe
  C:\Windows\System\AJvlYIy.exe
  2⤵
  PID:5108
- C:\Windows\System\gflKKEE.exe
  C:\Windows\System\gflKKEE.exe
  2⤵
  PID:3540
- C:\Windows\System\wqjPVom.exe
  C:\Windows\System\wqjPVom.exe
  2⤵
  PID:3656
- C:\Windows\System\KkXkkzB.exe
  C:\Windows\System\KkXkkzB.exe
  2⤵
  PID:3816
- C:\Windows\System\uXpgXrW.exe
  C:\Windows\System\uXpgXrW.exe
  2⤵
  PID:3984
- C:\Windows\System\apkuIdn.exe
  C:\Windows\System\apkuIdn.exe
  2⤵
  PID:2524
- C:\Windows\System\gSWFmgc.exe
  C:\Windows\System\gSWFmgc.exe
  2⤵
  PID:1728
- C:\Windows\System\MkusnlT.exe
  C:\Windows\System\MkusnlT.exe
  2⤵
  PID:4108
- C:\Windows\System\yrFYAgD.exe
  C:\Windows\System\yrFYAgD.exe
  2⤵
  PID:4144
- C:\Windows\System\wYLWGkp.exe
  C:\Windows\System\wYLWGkp.exe
  2⤵
  PID:4184
- C:\Windows\System\QXWVwnl.exe
  C:\Windows\System\QXWVwnl.exe
  2⤵
  PID:4268
- C:\Windows\System\rgrLcOE.exe
  C:\Windows\System\rgrLcOE.exe
  2⤵
  PID:4320
- C:\Windows\System\SPZjCZN.exe
  C:\Windows\System\SPZjCZN.exe
  2⤵
  PID:4380
- C:\Windows\System\EEsdoyY.exe
  C:\Windows\System\EEsdoyY.exe
  2⤵
  PID:4424
- C:\Windows\System\GCXybDo.exe
  C:\Windows\System\GCXybDo.exe
  2⤵
  PID:4484
- C:\Windows\System\GVVaEXA.exe
  C:\Windows\System\GVVaEXA.exe
  2⤵
  PID:4544
- C:\Windows\System\IEuOmCE.exe
  C:\Windows\System\IEuOmCE.exe
  2⤵
  PID:4564
- C:\Windows\System\pkpvNEg.exe
  C:\Windows\System\pkpvNEg.exe
  2⤵
  PID:4668
- C:\Windows\System\zrStWkN.exe
  C:\Windows\System\zrStWkN.exe
  2⤵
  PID:4684
- C:\Windows\System\jaYuACi.exe
  C:\Windows\System\jaYuACi.exe
  2⤵
  PID:4768
- C:\Windows\System\FRNpCes.exe
  C:\Windows\System\FRNpCes.exe
  2⤵
  PID:4804
- C:\Windows\System\WrYpkNc.exe
  C:\Windows\System\WrYpkNc.exe
  2⤵
  PID:4872
- C:\Windows\System\thHvvsf.exe
  C:\Windows\System\thHvvsf.exe
  2⤵
  PID:4944
- C:\Windows\System\MOvOYBe.exe
  C:\Windows\System\MOvOYBe.exe
  2⤵
  PID:4988
- C:\Windows\System\aQUfeqb.exe
  C:\Windows\System\aQUfeqb.exe
  2⤵
  PID:5028
- C:\Windows\System\DERFerd.exe
  C:\Windows\System\DERFerd.exe
  2⤵
  PID:5072
- C:\Windows\System\rKmHYtz.exe
  C:\Windows\System\rKmHYtz.exe
  2⤵
  PID:3424
- C:\Windows\System\YcyKXuP.exe
  C:\Windows\System\YcyKXuP.exe
  2⤵
  PID:3864
- C:\Windows\System\naspFmm.exe
  C:\Windows\System\naspFmm.exe
  2⤵
  PID:2644
- C:\Windows\System\wmabjaa.exe
  C:\Windows\System\wmabjaa.exe
  2⤵
  PID:3140
- C:\Windows\System\xZrenuQ.exe
  C:\Windows\System\xZrenuQ.exe
  2⤵
  PID:4148
- C:\Windows\System\LrbJIfj.exe
  C:\Windows\System\LrbJIfj.exe
  2⤵
  PID:4248
- C:\Windows\System\MsOfWpe.exe
  C:\Windows\System\MsOfWpe.exe
  2⤵
  PID:4360
- C:\Windows\System\ItneJXd.exe
  C:\Windows\System\ItneJXd.exe
  2⤵
  PID:4488
- C:\Windows\System\VdbYVJx.exe
  C:\Windows\System\VdbYVJx.exe
  2⤵
  PID:4528
- C:\Windows\System\LDXCSun.exe
  C:\Windows\System\LDXCSun.exe
  2⤵
  PID:5124
- C:\Windows\System\qeJFEhj.exe
  C:\Windows\System\qeJFEhj.exe
  2⤵
  PID:5144
- C:\Windows\System\vBgOGhx.exe
  C:\Windows\System\vBgOGhx.exe
  2⤵
  PID:5164
- C:\Windows\System\nZCxHOM.exe
  C:\Windows\System\nZCxHOM.exe
  2⤵
  PID:5184
- C:\Windows\System\EiRWpPy.exe
  C:\Windows\System\EiRWpPy.exe
  2⤵
  PID:5204
- C:\Windows\System\npiCrWV.exe
  C:\Windows\System\npiCrWV.exe
  2⤵
  PID:5224
- C:\Windows\System\ILTffqE.exe
  C:\Windows\System\ILTffqE.exe
  2⤵
  PID:5244
- C:\Windows\System\DGjIoIK.exe
  C:\Windows\System\DGjIoIK.exe
  2⤵
  PID:5264
- C:\Windows\System\hyHXsYJ.exe
  C:\Windows\System\hyHXsYJ.exe
  2⤵
  PID:5288
- C:\Windows\System\NIXzjkk.exe
  C:\Windows\System\NIXzjkk.exe
  2⤵
  PID:5308
- C:\Windows\System\oFrYxgS.exe
  C:\Windows\System\oFrYxgS.exe
  2⤵
  PID:5328
- C:\Windows\System\bzCxOeb.exe
  C:\Windows\System\bzCxOeb.exe
  2⤵
  PID:5348
- C:\Windows\System\OFLmBjP.exe
  C:\Windows\System\OFLmBjP.exe
  2⤵
  PID:5368
- C:\Windows\System\cNfOTfz.exe
  C:\Windows\System\cNfOTfz.exe
  2⤵
  PID:5388
- C:\Windows\System\aOEeRdr.exe
  C:\Windows\System\aOEeRdr.exe
  2⤵
  PID:5408
- C:\Windows\System\mcVBfFx.exe
  C:\Windows\System\mcVBfFx.exe
  2⤵
  PID:5428
- C:\Windows\System\IiCBtlY.exe
  C:\Windows\System\IiCBtlY.exe
  2⤵
  PID:5448
- C:\Windows\System\kjqLZWd.exe
  C:\Windows\System\kjqLZWd.exe
  2⤵
  PID:5468
- C:\Windows\System\chmMvmb.exe
  C:\Windows\System\chmMvmb.exe
  2⤵
  PID:5488
- C:\Windows\System\YsSGawg.exe
  C:\Windows\System\YsSGawg.exe
  2⤵
  PID:5508
- C:\Windows\System\EPuKYUH.exe
  C:\Windows\System\EPuKYUH.exe
  2⤵
  PID:5528
- C:\Windows\System\tgDkeAF.exe
  C:\Windows\System\tgDkeAF.exe
  2⤵
  PID:5548
- C:\Windows\System\NCwAJPu.exe
  C:\Windows\System\NCwAJPu.exe
  2⤵
  PID:5568
- C:\Windows\System\wVuyHZR.exe
  C:\Windows\System\wVuyHZR.exe
  2⤵
  PID:5588
- C:\Windows\System\JTVqPSN.exe
  C:\Windows\System\JTVqPSN.exe
  2⤵
  PID:5608
- C:\Windows\System\gPIRflw.exe
  C:\Windows\System\gPIRflw.exe
  2⤵
  PID:5628
- C:\Windows\System\BjXOggz.exe
  C:\Windows\System\BjXOggz.exe
  2⤵
  PID:5648
- C:\Windows\System\MDcQFlO.exe
  C:\Windows\System\MDcQFlO.exe
  2⤵
  PID:5668
- C:\Windows\System\UaLRSMy.exe
  C:\Windows\System\UaLRSMy.exe
  2⤵
  PID:5688
- C:\Windows\System\szclKCD.exe
  C:\Windows\System\szclKCD.exe
  2⤵
  PID:5708
- C:\Windows\System\RDdqxFd.exe
  C:\Windows\System\RDdqxFd.exe
  2⤵
  PID:5728
- C:\Windows\System\QZvHoOL.exe
  C:\Windows\System\QZvHoOL.exe
  2⤵
  PID:5748
- C:\Windows\System\UvQvXjd.exe
  C:\Windows\System\UvQvXjd.exe
  2⤵
  PID:5768
- C:\Windows\System\IHHsEaK.exe
  C:\Windows\System\IHHsEaK.exe
  2⤵
  PID:5788
- C:\Windows\System\RxUrBiD.exe
  C:\Windows\System\RxUrBiD.exe
  2⤵
  PID:5808
- C:\Windows\System\KpEcqaS.exe
  C:\Windows\System\KpEcqaS.exe
  2⤵
  PID:5828
- C:\Windows\System\wexGRPC.exe
  C:\Windows\System\wexGRPC.exe
  2⤵
  PID:5848
- C:\Windows\System\nyLsLfT.exe
  C:\Windows\System\nyLsLfT.exe
  2⤵
  PID:5868
- C:\Windows\System\IjLPfHv.exe
  C:\Windows\System\IjLPfHv.exe
  2⤵
  PID:5888
- C:\Windows\System\sapdiIq.exe
  C:\Windows\System\sapdiIq.exe
  2⤵
  PID:5908
- C:\Windows\System\zyeTfFE.exe
  C:\Windows\System\zyeTfFE.exe
  2⤵
  PID:5928
- C:\Windows\System\XtUuqcz.exe
  C:\Windows\System\XtUuqcz.exe
  2⤵
  PID:5948
- C:\Windows\System\qzarqkK.exe
  C:\Windows\System\qzarqkK.exe
  2⤵
  PID:5968
- C:\Windows\System\dSqMrhS.exe
  C:\Windows\System\dSqMrhS.exe
  2⤵
  PID:5988
- C:\Windows\System\uvnTVTj.exe
  C:\Windows\System\uvnTVTj.exe
  2⤵
  PID:6008
- C:\Windows\System\uPoVBnO.exe
  C:\Windows\System\uPoVBnO.exe
  2⤵
  PID:6028
- C:\Windows\System\jZhKvca.exe
  C:\Windows\System\jZhKvca.exe
  2⤵
  PID:6048
- C:\Windows\System\ZcacWYt.exe
  C:\Windows\System\ZcacWYt.exe
  2⤵
  PID:6068
- C:\Windows\System\HVIYykw.exe
  C:\Windows\System\HVIYykw.exe
  2⤵
  PID:6088
- C:\Windows\System\DBlelON.exe
  C:\Windows\System\DBlelON.exe
  2⤵
  PID:6108
- C:\Windows\System\vrPDAXC.exe
  C:\Windows\System\vrPDAXC.exe
  2⤵
  PID:6128
- C:\Windows\System\aWFCfFw.exe
  C:\Windows\System\aWFCfFw.exe
  2⤵
  PID:4584
- C:\Windows\System\xHEgAyr.exe
  C:\Windows\System\xHEgAyr.exe
  2⤵
  PID:4724
- C:\Windows\System\yFeGRKS.exe
  C:\Windows\System\yFeGRKS.exe
  2⤵
  PID:4800
- C:\Windows\System\ucoctjj.exe
  C:\Windows\System\ucoctjj.exe
  2⤵
  PID:4848
- C:\Windows\System\mntWsFU.exe
  C:\Windows\System\mntWsFU.exe
  2⤵
  PID:4928
- C:\Windows\System\dNpiHzh.exe
  C:\Windows\System\dNpiHzh.exe
  2⤵
  PID:5112
- C:\Windows\System\PQgpqKk.exe
  C:\Windows\System\PQgpqKk.exe
  2⤵
  PID:3716
- C:\Windows\System\FLNNLIJ.exe
  C:\Windows\System\FLNNLIJ.exe
  2⤵
  PID:1524
- C:\Windows\System\rFzgtRp.exe
  C:\Windows\System\rFzgtRp.exe
  2⤵
  PID:1100
- C:\Windows\System\YxsndgY.exe
  C:\Windows\System\YxsndgY.exe
  2⤵
  PID:4244
- C:\Windows\System\EcwYpfe.exe
  C:\Windows\System\EcwYpfe.exe
  2⤵
  PID:4428
- C:\Windows\System\giPiNGf.exe
  C:\Windows\System\giPiNGf.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4604
- C:\Windows\System\kFOUfom.exe
  C:\Windows\System\kFOUfom.exe
  2⤵
  PID:5156
- C:\Windows\System\FDgNmcc.exe
  C:\Windows\System\FDgNmcc.exe
  2⤵
  PID:5200
- C:\Windows\System\OhBynwL.exe
  C:\Windows\System\OhBynwL.exe
  2⤵
  PID:5232
- C:\Windows\System\KLRYMhX.exe
  C:\Windows\System\KLRYMhX.exe
  2⤵
  PID:5256
- C:\Windows\System\ripqNUu.exe
  C:\Windows\System\ripqNUu.exe
  2⤵
  PID:5276
- C:\Windows\System\fsaWGNC.exe
  C:\Windows\System\fsaWGNC.exe
  2⤵
  PID:5336
- C:\Windows\System\zNTaBPd.exe
  C:\Windows\System\zNTaBPd.exe
  2⤵
  PID:5384
- C:\Windows\System\oWiGWWE.exe
  C:\Windows\System\oWiGWWE.exe
  2⤵
  PID:5404
- C:\Windows\System\fsDMMpt.exe
  C:\Windows\System\fsDMMpt.exe
  2⤵
  PID:5436
- C:\Windows\System\eEUpazY.exe
  C:\Windows\System\eEUpazY.exe
  2⤵
  PID:5460
- C:\Windows\System\CjiCvin.exe
  C:\Windows\System\CjiCvin.exe
  2⤵
  PID:5500
- C:\Windows\System\QwvsWHd.exe
  C:\Windows\System\QwvsWHd.exe
  2⤵
  PID:5520
- C:\Windows\System\yNFaLbS.exe
  C:\Windows\System\yNFaLbS.exe
  2⤵
  PID:5564
- C:\Windows\System\zllcveh.exe
  C:\Windows\System\zllcveh.exe
  2⤵
  PID:5616
- C:\Windows\System\TSyiQQP.exe
  C:\Windows\System\TSyiQQP.exe
  2⤵
  PID:5656
- C:\Windows\System\vZMtAry.exe
  C:\Windows\System\vZMtAry.exe
  2⤵
  PID:5640
- C:\Windows\System\npgzKLZ.exe
  C:\Windows\System\npgzKLZ.exe
  2⤵
  PID:5704
- C:\Windows\System\rnyCEZr.exe
  C:\Windows\System\rnyCEZr.exe
  2⤵
  PID:5744
- C:\Windows\System\YuBjnel.exe
  C:\Windows\System\YuBjnel.exe
  2⤵
  PID:5784
- C:\Windows\System\SAPbUfP.exe
  C:\Windows\System\SAPbUfP.exe
  2⤵
  PID:5796
- C:\Windows\System\KYJOtuY.exe
  C:\Windows\System\KYJOtuY.exe
  2⤵
  PID:5836
- C:\Windows\System\vEikAGY.exe
  C:\Windows\System\vEikAGY.exe
  2⤵
  PID:5860
- C:\Windows\System\jRROpds.exe
  C:\Windows\System\jRROpds.exe
  2⤵
  PID:5880
- C:\Windows\System\mugReoT.exe
  C:\Windows\System\mugReoT.exe
  2⤵
  PID:5924
- C:\Windows\System\oJbSsQY.exe
  C:\Windows\System\oJbSsQY.exe
  2⤵
  PID:5984
- C:\Windows\System\kkywRUq.exe
  C:\Windows\System\kkywRUq.exe
  2⤵
  PID:6016
- C:\Windows\System\UerZViX.exe
  C:\Windows\System\UerZViX.exe
  2⤵
  PID:6036
- C:\Windows\System\xpFckWL.exe
  C:\Windows\System\xpFckWL.exe
  2⤵
  PID:6060
- C:\Windows\System\aMUmvmF.exe
  C:\Windows\System\aMUmvmF.exe
  2⤵
  PID:6104
- C:\Windows\System\iytgswC.exe
  C:\Windows\System\iytgswC.exe
  2⤵
  PID:6124
- C:\Windows\System\kkDLaHt.exe
  C:\Windows\System\kkDLaHt.exe
  2⤵
  PID:4648
- C:\Windows\System\EJxClTk.exe
  C:\Windows\System\EJxClTk.exe
  2⤵
  PID:4904
- C:\Windows\System\ltsCWbg.exe
  C:\Windows\System\ltsCWbg.exe
  2⤵
  PID:3536
- C:\Windows\System\aERtnvP.exe
  C:\Windows\System\aERtnvP.exe
  2⤵
  PID:3476
- C:\Windows\System\ZJWLCtR.exe
  C:\Windows\System\ZJWLCtR.exe
  2⤵
  PID:4140
- C:\Windows\System\COTKoir.exe
  C:\Windows\System\COTKoir.exe
  2⤵
  PID:4340
- C:\Windows\System\kidCcIX.exe
  C:\Windows\System\kidCcIX.exe
  2⤵
  PID:4520
- C:\Windows\System\RkOetrd.exe
  C:\Windows\System\RkOetrd.exe
  2⤵
  PID:5216
- C:\Windows\System\qKXbxJP.exe
  C:\Windows\System\qKXbxJP.exe
  2⤵
  PID:5252
- C:\Windows\System\mmTTBLT.exe
  C:\Windows\System\mmTTBLT.exe
  2⤵
  PID:5236
- C:\Windows\System\NSdGTXU.exe
  C:\Windows\System\NSdGTXU.exe
  2⤵
  PID:5324
- C:\Windows\System\qYtOEkO.exe
  C:\Windows\System\qYtOEkO.exe
  2⤵
  PID:5420
- C:\Windows\System\MmWgfQo.exe
  C:\Windows\System\MmWgfQo.exe
  2⤵
  PID:5504
- C:\Windows\System\EdZnCIZ.exe
  C:\Windows\System\EdZnCIZ.exe
  2⤵
  PID:5556
- C:\Windows\System\cKNVIAi.exe
  C:\Windows\System\cKNVIAi.exe
  2⤵
  PID:5560
- C:\Windows\System\DuWhgJn.exe
  C:\Windows\System\DuWhgJn.exe
  2⤵
  PID:5580
- C:\Windows\System\uLZeDqA.exe
  C:\Windows\System\uLZeDqA.exe
  2⤵
  PID:5664
- C:\Windows\System\zdIBLzj.exe
  C:\Windows\System\zdIBLzj.exe
  2⤵
  PID:5776
- C:\Windows\System\UQoRkTR.exe
  C:\Windows\System\UQoRkTR.exe
  2⤵
  PID:5820
- C:\Windows\System\poYRqiY.exe
  C:\Windows\System\poYRqiY.exe
  2⤵
  PID:5896
- C:\Windows\System\wQJAyeV.exe
  C:\Windows\System\wQJAyeV.exe
  2⤵
  PID:5916
- C:\Windows\System\UIZUHcF.exe
  C:\Windows\System\UIZUHcF.exe
  2⤵
  PID:5960
- C:\Windows\System\pOGMVzw.exe
  C:\Windows\System\pOGMVzw.exe
  2⤵
  PID:6024
- C:\Windows\System\qdHUDOz.exe
  C:\Windows\System\qdHUDOz.exe
  2⤵
  PID:6080
- C:\Windows\System\yqzXgxF.exe
  C:\Windows\System\yqzXgxF.exe
  2⤵
  PID:6140
- C:\Windows\System\wPmblgv.exe
  C:\Windows\System\wPmblgv.exe
  2⤵
  PID:4888
- C:\Windows\System\axTWTji.exe
  C:\Windows\System\axTWTji.exe
  2⤵
  PID:3784
- C:\Windows\System\exgSoqy.exe
  C:\Windows\System\exgSoqy.exe
  2⤵
  PID:4284
- C:\Windows\System\PcjQAGs.exe
  C:\Windows\System\PcjQAGs.exe
  2⤵
  PID:4444
- C:\Windows\System\bVXqGsE.exe
  C:\Windows\System\bVXqGsE.exe
  2⤵
  PID:5220
- C:\Windows\System\IAPaTAl.exe
  C:\Windows\System\IAPaTAl.exe
  2⤵
  PID:5296
- C:\Windows\System\CcbjorG.exe
  C:\Windows\System\CcbjorG.exe
  2⤵
  PID:5424
- C:\Windows\System\skgWHLy.exe
  C:\Windows\System\skgWHLy.exe
  2⤵
  PID:5536
- C:\Windows\System\HKgWZqD.exe
  C:\Windows\System\HKgWZqD.exe
  2⤵
  PID:5620
- C:\Windows\System\LlaFsnM.exe
  C:\Windows\System\LlaFsnM.exe
  2⤵
  PID:5696
- C:\Windows\System\ihRrHfv.exe
  C:\Windows\System\ihRrHfv.exe
  2⤵
  PID:5824
- C:\Windows\System\tORXYQB.exe
  C:\Windows\System\tORXYQB.exe
  2⤵
  PID:5844
- C:\Windows\System\vpETxoF.exe
  C:\Windows\System\vpETxoF.exe
  2⤵
  PID:6160
- C:\Windows\System\iTwCJrq.exe
  C:\Windows\System\iTwCJrq.exe
  2⤵
  PID:6180
- C:\Windows\System\SXupCDJ.exe
  C:\Windows\System\SXupCDJ.exe
  2⤵
  PID:6200
- C:\Windows\System\EyinKFF.exe
  C:\Windows\System\EyinKFF.exe
  2⤵
  PID:6220
- C:\Windows\System\srIknSX.exe
  C:\Windows\System\srIknSX.exe
  2⤵
  PID:6240
- C:\Windows\System\xyEyKId.exe
  C:\Windows\System\xyEyKId.exe
  2⤵
  PID:6260
- C:\Windows\System\WtxWNPN.exe
  C:\Windows\System\WtxWNPN.exe
  2⤵
  PID:6280
- C:\Windows\System\OddEBEh.exe
  C:\Windows\System\OddEBEh.exe
  2⤵
  PID:6300
- C:\Windows\System\JryXGhz.exe
  C:\Windows\System\JryXGhz.exe
  2⤵
  PID:6320
- C:\Windows\System\EJcHFgD.exe
  C:\Windows\System\EJcHFgD.exe
  2⤵
  PID:6340
- C:\Windows\System\gaKDIMT.exe
  C:\Windows\System\gaKDIMT.exe
  2⤵
  PID:6360
- C:\Windows\System\LhcgwiX.exe
  C:\Windows\System\LhcgwiX.exe
  2⤵
  PID:6380
- C:\Windows\System\vmXPUFw.exe
  C:\Windows\System\vmXPUFw.exe
  2⤵
  PID:6400
- C:\Windows\System\FeJOIHe.exe
  C:\Windows\System\FeJOIHe.exe
  2⤵
  PID:6420
- C:\Windows\System\BneUUSM.exe
  C:\Windows\System\BneUUSM.exe
  2⤵
  PID:6440
- C:\Windows\System\TQbiyKs.exe
  C:\Windows\System\TQbiyKs.exe
  2⤵
  PID:6460
- C:\Windows\System\onywFjn.exe
  C:\Windows\System\onywFjn.exe
  2⤵
  PID:6480
- C:\Windows\System\bHUuaMT.exe
  C:\Windows\System\bHUuaMT.exe
  2⤵
  PID:6500
- C:\Windows\System\KiUOGDE.exe
  C:\Windows\System\KiUOGDE.exe
  2⤵
  PID:6520
- C:\Windows\System\qnEpzWk.exe
  C:\Windows\System\qnEpzWk.exe
  2⤵
  PID:6540
- C:\Windows\System\BoZlVdq.exe
  C:\Windows\System\BoZlVdq.exe
  2⤵
  PID:6560
- C:\Windows\System\kpOrgOA.exe
  C:\Windows\System\kpOrgOA.exe
  2⤵
  PID:6580
- C:\Windows\System\yjnZRTF.exe
  C:\Windows\System\yjnZRTF.exe
  2⤵
  PID:6600
- C:\Windows\System\HwfwHRA.exe
  C:\Windows\System\HwfwHRA.exe
  2⤵
  PID:6620
- C:\Windows\System\mbWLvEC.exe
  C:\Windows\System\mbWLvEC.exe
  2⤵
  PID:6640
- C:\Windows\System\KoMwaXh.exe
  C:\Windows\System\KoMwaXh.exe
  2⤵
  PID:6660
- C:\Windows\System\NzdppHt.exe
  C:\Windows\System\NzdppHt.exe
  2⤵
  PID:6680
- C:\Windows\System\hPYZqWr.exe
  C:\Windows\System\hPYZqWr.exe
  2⤵
  PID:6700
- C:\Windows\System\raWuqRI.exe
  C:\Windows\System\raWuqRI.exe
  2⤵
  PID:6720
- C:\Windows\System\LdUFDXK.exe
  C:\Windows\System\LdUFDXK.exe
  2⤵
  PID:6740
- C:\Windows\System\HDynJcE.exe
  C:\Windows\System\HDynJcE.exe
  2⤵
  PID:6760
- C:\Windows\System\CxsOGRK.exe
  C:\Windows\System\CxsOGRK.exe
  2⤵
  PID:6780
- C:\Windows\System\Xnzmywz.exe
  C:\Windows\System\Xnzmywz.exe
  2⤵
  PID:6800
- C:\Windows\System\JhTceoW.exe
  C:\Windows\System\JhTceoW.exe
  2⤵
  PID:6820
- C:\Windows\System\zHYXJJZ.exe
  C:\Windows\System\zHYXJJZ.exe
  2⤵
  PID:6844
- C:\Windows\System\RviXFlz.exe
  C:\Windows\System\RviXFlz.exe
  2⤵
  PID:6864
- C:\Windows\System\LDossTZ.exe
  C:\Windows\System\LDossTZ.exe
  2⤵
  PID:6884
- C:\Windows\System\LvMNzFu.exe
  C:\Windows\System\LvMNzFu.exe
  2⤵
  PID:6904
- C:\Windows\System\QUFFWQp.exe
  C:\Windows\System\QUFFWQp.exe
  2⤵
  PID:6924
- C:\Windows\System\QFdGthK.exe
  C:\Windows\System\QFdGthK.exe
  2⤵
  PID:6944
- C:\Windows\System\npSIiDT.exe
  C:\Windows\System\npSIiDT.exe
  2⤵
  PID:6964
- C:\Windows\System\dDIaqHA.exe
  C:\Windows\System\dDIaqHA.exe
  2⤵
  PID:6984
- C:\Windows\System\pxECHar.exe
  C:\Windows\System\pxECHar.exe
  2⤵
  PID:7004
- C:\Windows\System\iEEsxkS.exe
  C:\Windows\System\iEEsxkS.exe
  2⤵
  PID:7024
- C:\Windows\System\vXkLTsF.exe
  C:\Windows\System\vXkLTsF.exe
  2⤵
  PID:7044
- C:\Windows\System\ECATaVG.exe
  C:\Windows\System\ECATaVG.exe
  2⤵
  PID:7064
- C:\Windows\System\GZQmzVy.exe
  C:\Windows\System\GZQmzVy.exe
  2⤵
  PID:7084
- C:\Windows\System\oBKssTK.exe
  C:\Windows\System\oBKssTK.exe
  2⤵
  PID:7104
- C:\Windows\System\TxRxhzX.exe
  C:\Windows\System\TxRxhzX.exe
  2⤵
  PID:7124
- C:\Windows\System\EMQqgdR.exe
  C:\Windows\System\EMQqgdR.exe
  2⤵
  PID:7144
- C:\Windows\System\IHcKdIs.exe
  C:\Windows\System\IHcKdIs.exe
  2⤵
  PID:7164
- C:\Windows\System\PQBdVPw.exe
  C:\Windows\System\PQBdVPw.exe
  2⤵
  PID:5980
- C:\Windows\System\CZYZyGh.exe
  C:\Windows\System\CZYZyGh.exe
  2⤵
  PID:6040
- C:\Windows\System\jscIRkY.exe
  C:\Windows\System\jscIRkY.exe
  2⤵
  PID:5012
- C:\Windows\System\hQQNTpc.exe
  C:\Windows\System\hQQNTpc.exe
  2⤵
  PID:5088
- C:\Windows\System\xfTPnLC.exe
  C:\Windows\System\xfTPnLC.exe
  2⤵
  PID:4224
- C:\Windows\System\zTDLJyw.exe
  C:\Windows\System\zTDLJyw.exe
  2⤵
  PID:5260
- C:\Windows\System\xZIAvvu.exe
  C:\Windows\System\xZIAvvu.exe
  2⤵
  PID:5360
- C:\Windows\System\qDUJPVg.exe
  C:\Windows\System\qDUJPVg.exe
  2⤵
  PID:5524
- C:\Windows\System\qRWGgKS.exe
  C:\Windows\System\qRWGgKS.exe
  2⤵
  PID:5760
- C:\Windows\System\ZYpVHLp.exe
  C:\Windows\System\ZYpVHLp.exe
  2⤵
  PID:6148
- C:\Windows\System\YtBjRwR.exe
  C:\Windows\System\YtBjRwR.exe
  2⤵
  PID:6152
- C:\Windows\System\zCmBJTJ.exe
  C:\Windows\System\zCmBJTJ.exe
  2⤵
  PID:6216
- C:\Windows\System\IKyoPst.exe
  C:\Windows\System\IKyoPst.exe
  2⤵
  PID:6236
- C:\Windows\System\xtWEQyg.exe
  C:\Windows\System\xtWEQyg.exe
  2⤵
  PID:6288
- C:\Windows\System\ViMKuKA.exe
  C:\Windows\System\ViMKuKA.exe
  2⤵
  PID:6328
- C:\Windows\System\rSMNdfh.exe
  C:\Windows\System\rSMNdfh.exe
  2⤵
  PID:6348
- C:\Windows\System\NzrCGTW.exe
  C:\Windows\System\NzrCGTW.exe
  2⤵
  PID:6372
- C:\Windows\System\HsWGQbc.exe
  C:\Windows\System\HsWGQbc.exe
  2⤵
  PID:6416
- C:\Windows\System\DtUSQFx.exe
  C:\Windows\System\DtUSQFx.exe
  2⤵
  PID:6452
- C:\Windows\System\WoLzePM.exe
  C:\Windows\System\WoLzePM.exe
  2⤵
  PID:6488
- C:\Windows\System\VNnqHHc.exe
  C:\Windows\System\VNnqHHc.exe
  2⤵
  PID:6528
- C:\Windows\System\HfGfhVW.exe
  C:\Windows\System\HfGfhVW.exe
  2⤵
  PID:6548
- C:\Windows\System\dgQMYOO.exe
  C:\Windows\System\dgQMYOO.exe
  2⤵
  PID:6572
- C:\Windows\System\bslIgwx.exe
  C:\Windows\System\bslIgwx.exe
  2⤵
  PID:6592
- C:\Windows\System\YcQLvsr.exe
  C:\Windows\System\YcQLvsr.exe
  2⤵
  PID:6656
- C:\Windows\System\iOXVhkz.exe
  C:\Windows\System\iOXVhkz.exe
  2⤵
  PID:6688
- C:\Windows\System\UosfShy.exe
  C:\Windows\System\UosfShy.exe
  2⤵
  PID:6716
- C:\Windows\System\COiAqUz.exe
  C:\Windows\System\COiAqUz.exe
  2⤵
  PID:6768
- C:\Windows\System\BBCQrsE.exe
  C:\Windows\System\BBCQrsE.exe
  2⤵
  PID:6772
- C:\Windows\System\vSvrVOP.exe
  C:\Windows\System\vSvrVOP.exe
  2⤵
  PID:6816
- C:\Windows\System\cRsKbun.exe
  C:\Windows\System\cRsKbun.exe
  2⤵
  PID:6852
- C:\Windows\System\TYsTQLB.exe
  C:\Windows\System\TYsTQLB.exe
  2⤵
  PID:6896
- C:\Windows\System\ilyaItX.exe
  C:\Windows\System\ilyaItX.exe
  2⤵
  PID:6940
- C:\Windows\System\ENllpzI.exe
  C:\Windows\System\ENllpzI.exe
  2⤵
  PID:6952
- C:\Windows\System\eOHWAak.exe
  C:\Windows\System\eOHWAak.exe
  2⤵
  PID:6976
- C:\Windows\System\LxdCWOX.exe
  C:\Windows\System\LxdCWOX.exe
  2⤵
  PID:7000
- C:\Windows\System\FEXbHcn.exe
  C:\Windows\System\FEXbHcn.exe
  2⤵
  PID:7056
- C:\Windows\System\kGhngcm.exe
  C:\Windows\System\kGhngcm.exe
  2⤵
  PID:7100
- C:\Windows\System\KzJpuhc.exe
  C:\Windows\System\KzJpuhc.exe
  2⤵
  PID:7112
- C:\Windows\System\lxjTpUF.exe
  C:\Windows\System\lxjTpUF.exe
  2⤵
  PID:7116
- C:\Windows\System\ICvilQm.exe
  C:\Windows\System\ICvilQm.exe
  2⤵
  PID:7156
- C:\Windows\System\JBzVAQH.exe
  C:\Windows\System\JBzVAQH.exe
  2⤵
  PID:4728
- C:\Windows\System\qmZbPRH.exe
  C:\Windows\System\qmZbPRH.exe
  2⤵
  PID:4744
- C:\Windows\System\ahUVTiO.exe
  C:\Windows\System\ahUVTiO.exe
  2⤵
  PID:5304
- C:\Windows\System\OxblSRV.exe
  C:\Windows\System\OxblSRV.exe
  2⤵
  PID:5680
- C:\Windows\System\awNdEpz.exe
  C:\Windows\System\awNdEpz.exe
  2⤵
  PID:5540
- C:\Windows\System\tEcKiTk.exe
  C:\Windows\System\tEcKiTk.exe
  2⤵
  PID:6156
- C:\Windows\System\yzFWLrx.exe
  C:\Windows\System\yzFWLrx.exe
  2⤵
  PID:6248
- C:\Windows\System\RAeoBPU.exe
  C:\Windows\System\RAeoBPU.exe
  2⤵
  PID:6252
- C:\Windows\System\gyAvUsR.exe
  C:\Windows\System\gyAvUsR.exe
  2⤵
  PID:6316
- C:\Windows\System\icddqiD.exe
  C:\Windows\System\icddqiD.exe
  2⤵
  PID:6392
- C:\Windows\System\oikoFwM.exe
  C:\Windows\System\oikoFwM.exe
  2⤵
  PID:6448
- C:\Windows\System\zbEAAOX.exe
  C:\Windows\System\zbEAAOX.exe
  2⤵
  PID:6552
- C:\Windows\System\YxKbkZq.exe
  C:\Windows\System\YxKbkZq.exe
  2⤵
  PID:6512
- C:\Windows\System\ukzeWvo.exe
  C:\Windows\System\ukzeWvo.exe
  2⤵
  PID:6608
- C:\Windows\System\wdssNaz.exe
  C:\Windows\System\wdssNaz.exe
  2⤵
  PID:6676
- C:\Windows\System\AtxoNdc.exe
  C:\Windows\System\AtxoNdc.exe
  2⤵
  PID:6736
- C:\Windows\System\mVoZFhB.exe
  C:\Windows\System\mVoZFhB.exe
  2⤵
  PID:6712
- C:\Windows\System\eMKPXYr.exe
  C:\Windows\System\eMKPXYr.exe
  2⤵
  PID:6792
- C:\Windows\System\nNImNxi.exe
  C:\Windows\System\nNImNxi.exe
  2⤵
  PID:6900
- C:\Windows\System\YdShbEi.exe
  C:\Windows\System\YdShbEi.exe
  2⤵
  PID:6916
- C:\Windows\System\TfzZXgd.exe
  C:\Windows\System\TfzZXgd.exe
  2⤵
  PID:7060
- C:\Windows\System\adpnLUl.exe
  C:\Windows\System\adpnLUl.exe
  2⤵
  PID:7076
- C:\Windows\System\AJMFjVY.exe
  C:\Windows\System\AJMFjVY.exe
  2⤵
  PID:7036
- C:\Windows\System\GyqVmPo.exe
  C:\Windows\System\GyqVmPo.exe
  2⤵
  PID:7120
- C:\Windows\System\CtjmZYK.exe
  C:\Windows\System\CtjmZYK.exe
  2⤵
  PID:5400
- C:\Windows\System\lMKgOzS.exe
  C:\Windows\System\lMKgOzS.exe
  2⤵
  PID:3456
- C:\Windows\System\MNTUKAd.exe
  C:\Windows\System\MNTUKAd.exe
  2⤵
  PID:6168
- C:\Windows\System\LITqrgu.exe
  C:\Windows\System\LITqrgu.exe
  2⤵
  PID:6292
- C:\Windows\System\YuVnKof.exe
  C:\Windows\System\YuVnKof.exe
  2⤵
  PID:6408
- C:\Windows\System\stQBDke.exe
  C:\Windows\System\stQBDke.exe
  2⤵
  PID:6268
- C:\Windows\System\yHLcIJu.exe
  C:\Windows\System\yHLcIJu.exe
  2⤵
  PID:6256
- C:\Windows\System\hiDDoLq.exe
  C:\Windows\System\hiDDoLq.exe
  2⤵
  PID:6616
- C:\Windows\System\XZRMesd.exe
  C:\Windows\System\XZRMesd.exe
  2⤵
  PID:6692
- C:\Windows\System\yHlAwDf.exe
  C:\Windows\System\yHlAwDf.exe
  2⤵
  PID:6632
- C:\Windows\System\GNbugSg.exe
  C:\Windows\System\GNbugSg.exe
  2⤵
  PID:6980
- C:\Windows\System\xRnoeFT.exe
  C:\Windows\System\xRnoeFT.exe
  2⤵
  PID:6892
- C:\Windows\System\NFBjbKS.exe
  C:\Windows\System\NFBjbKS.exe
  2⤵
  PID:7184
- C:\Windows\System\KnktEeU.exe
  C:\Windows\System\KnktEeU.exe
  2⤵
  PID:7200
- C:\Windows\System\laUvjpZ.exe
  C:\Windows\System\laUvjpZ.exe
  2⤵
  PID:7224
- C:\Windows\System\gkaKifq.exe
  C:\Windows\System\gkaKifq.exe
  2⤵
  PID:7252
- C:\Windows\System\WPdEzsr.exe
  C:\Windows\System\WPdEzsr.exe
  2⤵
  PID:7272
- C:\Windows\System\TBWfNRN.exe
  C:\Windows\System\TBWfNRN.exe
  2⤵
  PID:7288
- C:\Windows\System\wikwDch.exe
  C:\Windows\System\wikwDch.exe
  2⤵
  PID:7308
- C:\Windows\System\URWcXTO.exe
  C:\Windows\System\URWcXTO.exe
  2⤵
  PID:7332
- C:\Windows\System\iLldTQo.exe
  C:\Windows\System\iLldTQo.exe
  2⤵
  PID:7352
- C:\Windows\System\ZWDksss.exe
  C:\Windows\System\ZWDksss.exe
  2⤵
  PID:7372
- C:\Windows\System\KGGDkAn.exe
  C:\Windows\System\KGGDkAn.exe
  2⤵
  PID:7392
- C:\Windows\System\ObCwpAI.exe
  C:\Windows\System\ObCwpAI.exe
  2⤵
  PID:7412
- C:\Windows\System\RwXfTbt.exe
  C:\Windows\System\RwXfTbt.exe
  2⤵
  PID:7432
- C:\Windows\System\QWeSaWz.exe
  C:\Windows\System\QWeSaWz.exe
  2⤵
  PID:7452
- C:\Windows\System\qTvxIew.exe
  C:\Windows\System\qTvxIew.exe
  2⤵
  PID:7472
- C:\Windows\System\CMEjQRP.exe
  C:\Windows\System\CMEjQRP.exe
  2⤵
  PID:7492
- C:\Windows\System\oqyTXfg.exe
  C:\Windows\System\oqyTXfg.exe
  2⤵
  PID:7512
- C:\Windows\System\fRsyFee.exe
  C:\Windows\System\fRsyFee.exe
  2⤵
  PID:7532
- C:\Windows\System\uzPlddm.exe
  C:\Windows\System\uzPlddm.exe
  2⤵
  PID:7552
- C:\Windows\System\HoSBsfH.exe
  C:\Windows\System\HoSBsfH.exe
  2⤵
  PID:7572
- C:\Windows\System\iJypGqv.exe
  C:\Windows\System\iJypGqv.exe
  2⤵
  PID:7592
- C:\Windows\System\RQjnCJs.exe
  C:\Windows\System\RQjnCJs.exe
  2⤵
  PID:7612
- C:\Windows\System\zWSunuS.exe
  C:\Windows\System\zWSunuS.exe
  2⤵
  PID:7628
- C:\Windows\System\anfVcMw.exe
  C:\Windows\System\anfVcMw.exe
  2⤵
  PID:7652
- C:\Windows\System\DtyhlSZ.exe
  C:\Windows\System\DtyhlSZ.exe
  2⤵
  PID:7672
- C:\Windows\System\JYBaPIR.exe
  C:\Windows\System\JYBaPIR.exe
  2⤵
  PID:7692
- C:\Windows\System\yboPscR.exe
  C:\Windows\System\yboPscR.exe
  2⤵
  PID:7712
- C:\Windows\System\DWJsbho.exe
  C:\Windows\System\DWJsbho.exe
  2⤵
  PID:7732
- C:\Windows\System\uosDXTt.exe
  C:\Windows\System\uosDXTt.exe
  2⤵
  PID:7752
- C:\Windows\System\WflSied.exe
  C:\Windows\System\WflSied.exe
  2⤵
  PID:7772
- C:\Windows\System\JChyLob.exe
  C:\Windows\System\JChyLob.exe
  2⤵
  PID:7792
- C:\Windows\System\NbVvQOP.exe
  C:\Windows\System\NbVvQOP.exe
  2⤵
  PID:7812
- C:\Windows\System\ufWIYNI.exe
  C:\Windows\System\ufWIYNI.exe
  2⤵
  PID:7828
- C:\Windows\System\IkWTeMr.exe
  C:\Windows\System\IkWTeMr.exe
  2⤵
  PID:7848
- C:\Windows\System\nrAnVHV.exe
  C:\Windows\System\nrAnVHV.exe
  2⤵
  PID:7868
- C:\Windows\System\besLMld.exe
  C:\Windows\System\besLMld.exe
  2⤵
  PID:7892
- C:\Windows\System\odBDhmv.exe
  C:\Windows\System\odBDhmv.exe
  2⤵
  PID:7912
- C:\Windows\System\yqjIgaN.exe
  C:\Windows\System\yqjIgaN.exe
  2⤵
  PID:7932
- C:\Windows\System\tYUPJhg.exe
  C:\Windows\System\tYUPJhg.exe
  2⤵
  PID:7948
- C:\Windows\System\hvraUgm.exe
  C:\Windows\System\hvraUgm.exe
  2⤵
  PID:7972
- C:\Windows\System\ddDYutV.exe
  C:\Windows\System\ddDYutV.exe
  2⤵
  PID:7992
- C:\Windows\System\CjjGmMy.exe
  C:\Windows\System\CjjGmMy.exe
  2⤵
  PID:8012
- C:\Windows\System\tKinGZf.exe
  C:\Windows\System\tKinGZf.exe
  2⤵
  PID:8028
- C:\Windows\System\LjwGBUe.exe
  C:\Windows\System\LjwGBUe.exe
  2⤵
  PID:8048
- C:\Windows\System\QVsXnaQ.exe
  C:\Windows\System\QVsXnaQ.exe
  2⤵
  PID:8072
- C:\Windows\System\NjuIfTD.exe
  C:\Windows\System\NjuIfTD.exe
  2⤵
  PID:8096
- C:\Windows\System\vHdXAWA.exe
  C:\Windows\System\vHdXAWA.exe
  2⤵
  PID:8116
- C:\Windows\System\rvjtrPI.exe
  C:\Windows\System\rvjtrPI.exe
  2⤵
  PID:8136
- C:\Windows\System\AdPODlg.exe
  C:\Windows\System\AdPODlg.exe
  2⤵
  PID:8156
- C:\Windows\System\LoTZcPj.exe
  C:\Windows\System\LoTZcPj.exe
  2⤵
  PID:8176
- C:\Windows\System\dtVGUxN.exe
  C:\Windows\System\dtVGUxN.exe
  2⤵
  PID:7012
- C:\Windows\System\yRtaSCz.exe
  C:\Windows\System\yRtaSCz.exe
  2⤵
  PID:5956
- C:\Windows\System\ZcWcwnh.exe
  C:\Windows\System\ZcWcwnh.exe
  2⤵
  PID:5936
- C:\Windows\System\BMumCWc.exe
  C:\Windows\System\BMumCWc.exe
  2⤵
  PID:4560
- C:\Windows\System\qhXeeFT.exe
  C:\Windows\System\qhXeeFT.exe
  2⤵
  PID:6308
- C:\Windows\System\EgfgFmc.exe
  C:\Windows\System\EgfgFmc.exe
  2⤵
  PID:6228
- C:\Windows\System\eqhUiUj.exe
  C:\Windows\System\eqhUiUj.exe
  2⤵
  PID:5660
- C:\Windows\System\nEAyRpg.exe
  C:\Windows\System\nEAyRpg.exe
  2⤵
  PID:6468
- C:\Windows\System\sEFlJck.exe
  C:\Windows\System\sEFlJck.exe
  2⤵
  PID:6636
- C:\Windows\System\JEBmUzf.exe
  C:\Windows\System\JEBmUzf.exe
  2⤵
  PID:6912
- C:\Windows\System\QdCbSCv.exe
  C:\Windows\System\QdCbSCv.exe
  2⤵
  PID:7196
- C:\Windows\System\skMujih.exe
  C:\Windows\System\skMujih.exe
  2⤵
  PID:7248
- C:\Windows\System\wThTsfS.exe
  C:\Windows\System\wThTsfS.exe
  2⤵
  PID:7260
- C:\Windows\System\FaPsCyE.exe
  C:\Windows\System\FaPsCyE.exe
  2⤵
  PID:7316
- C:\Windows\System\FRPISRd.exe
  C:\Windows\System\FRPISRd.exe
  2⤵
  PID:7300
- C:\Windows\System\TbfMQTr.exe
  C:\Windows\System\TbfMQTr.exe
  2⤵
  PID:7344
- C:\Windows\System\EaCSJWV.exe
  C:\Windows\System\EaCSJWV.exe
  2⤵
  PID:7380
- C:\Windows\System\ovgQJFP.exe
  C:\Windows\System\ovgQJFP.exe
  2⤵
  PID:7440
- C:\Windows\System\PIoFTCs.exe
  C:\Windows\System\PIoFTCs.exe
  2⤵
  PID:7480
- C:\Windows\System\sNaiJoB.exe
  C:\Windows\System\sNaiJoB.exe
  2⤵
  PID:7520
- C:\Windows\System\izuUORM.exe
  C:\Windows\System\izuUORM.exe
  2⤵
  PID:7524
- C:\Windows\System\VmhhcPi.exe
  C:\Windows\System\VmhhcPi.exe
  2⤵
  PID:7568
- C:\Windows\System\KwdYYWb.exe
  C:\Windows\System\KwdYYWb.exe
  2⤵
  PID:7600
- C:\Windows\System\MSPcpvL.exe
  C:\Windows\System\MSPcpvL.exe
  2⤵
  PID:7584
- C:\Windows\System\PldHydJ.exe
  C:\Windows\System\PldHydJ.exe
  2⤵
  PID:7680
- C:\Windows\System\yLiqKHM.exe
  C:\Windows\System\yLiqKHM.exe
  2⤵
  PID:7660
- C:\Windows\System\mdPZujs.exe
  C:\Windows\System\mdPZujs.exe
  2⤵
  PID:7724
- C:\Windows\System\RtxiKeU.exe
  C:\Windows\System\RtxiKeU.exe
  2⤵
  PID:7768
- C:\Windows\System\lazJoBX.exe
  C:\Windows\System\lazJoBX.exe
  2⤵
  PID:7780
- C:\Windows\System\iWPlvoc.exe
  C:\Windows\System\iWPlvoc.exe
  2⤵
  PID:7836
- C:\Windows\System\NbHlBmo.exe
  C:\Windows\System\NbHlBmo.exe
  2⤵
  PID:7840
- C:\Windows\System\hMfBNNH.exe
  C:\Windows\System\hMfBNNH.exe
  2⤵
  PID:7856
- C:\Windows\System\tLDBeiz.exe
  C:\Windows\System\tLDBeiz.exe
  2⤵
  PID:7900
- C:\Windows\System\WPoFkfC.exe
  C:\Windows\System\WPoFkfC.exe
  2⤵
  PID:7960
- C:\Windows\System\TrXMUNt.exe
  C:\Windows\System\TrXMUNt.exe
  2⤵
  PID:8000
- C:\Windows\System\pSsVQKo.exe
  C:\Windows\System\pSsVQKo.exe
  2⤵
  PID:7984
- C:\Windows\System\HlceGno.exe
  C:\Windows\System\HlceGno.exe
  2⤵
  PID:8040
- C:\Windows\System\bFrHWEn.exe
  C:\Windows\System\bFrHWEn.exe
  2⤵
  PID:8068
- C:\Windows\System\AJKpdot.exe
  C:\Windows\System\AJKpdot.exe
  2⤵
  PID:8104
- C:\Windows\System\IYuXGrA.exe
  C:\Windows\System\IYuXGrA.exe
  2⤵
  PID:8164
- C:\Windows\System\AiOFjOi.exe
  C:\Windows\System\AiOFjOi.exe
  2⤵
  PID:6932
- C:\Windows\System\oCQcgxa.exe
  C:\Windows\System\oCQcgxa.exe
  2⤵
  PID:7032
- C:\Windows\System\PgRuYvQ.exe
  C:\Windows\System\PgRuYvQ.exe
  2⤵
  PID:6064
- C:\Windows\System\oOfjIeL.exe
  C:\Windows\System\oOfjIeL.exe
  2⤵
  PID:5316
- C:\Windows\System\rBjPQjq.exe
  C:\Windows\System\rBjPQjq.exe
  2⤵
  PID:5624
- C:\Windows\System\DrwNHYu.exe
  C:\Windows\System\DrwNHYu.exe
  2⤵
  PID:6876
- C:\Windows\System\KttdQbg.exe
  C:\Windows\System\KttdQbg.exe
  2⤵
  PID:7192
- C:\Windows\System\rIEkglE.exe
  C:\Windows\System\rIEkglE.exe
  2⤵
  PID:7208
- C:\Windows\System\AQtxSFh.exe
  C:\Windows\System\AQtxSFh.exe
  2⤵
  PID:7360
- C:\Windows\System\FtBMztt.exe
  C:\Windows\System\FtBMztt.exe
  2⤵
  PID:7340
- C:\Windows\System\vKyGEBj.exe
  C:\Windows\System\vKyGEBj.exe
  2⤵
  PID:7408
- C:\Windows\System\vRoTOMo.exe
  C:\Windows\System\vRoTOMo.exe
  2⤵
  PID:7488
- C:\Windows\System\gskxuPO.exe
  C:\Windows\System\gskxuPO.exe
  2⤵
  PID:7508
- C:\Windows\System\iymDtHy.exe
  C:\Windows\System\iymDtHy.exe
  2⤵
  PID:7588
- C:\Windows\System\UnLKHwv.exe
  C:\Windows\System\UnLKHwv.exe
  2⤵
  PID:7644
- C:\Windows\System\pYSGoJj.exe
  C:\Windows\System\pYSGoJj.exe
  2⤵
  PID:7648
- C:\Windows\System\uzuoqWL.exe
  C:\Windows\System\uzuoqWL.exe
  2⤵
  PID:7704
- C:\Windows\System\rtJdoKZ.exe
  C:\Windows\System\rtJdoKZ.exe
  2⤵
  PID:7744
- C:\Windows\System\pnQkPpd.exe
  C:\Windows\System\pnQkPpd.exe
  2⤵
  PID:7888
- C:\Windows\System\oShDqoY.exe
  C:\Windows\System\oShDqoY.exe
  2⤵
  PID:7820
- C:\Windows\System\qclWYTA.exe
  C:\Windows\System\qclWYTA.exe
  2⤵
  PID:7920
- C:\Windows\System\QlclUeY.exe
  C:\Windows\System\QlclUeY.exe
  2⤵
  PID:7940
- C:\Windows\System\SAGgzku.exe
  C:\Windows\System\SAGgzku.exe
  2⤵
  PID:8056
- C:\Windows\System\LTtdPQD.exe
  C:\Windows\System\LTtdPQD.exe
  2⤵
  PID:8124
- C:\Windows\System\XZxZfTS.exe
  C:\Windows\System\XZxZfTS.exe
  2⤵
  PID:7016
- C:\Windows\System\nFCSdAH.exe
  C:\Windows\System\nFCSdAH.exe
  2⤵
  PID:8152
- C:\Windows\System\MCdhtTx.exe
  C:\Windows\System\MCdhtTx.exe
  2⤵
  PID:6076
- C:\Windows\System\dEpFBeW.exe
  C:\Windows\System\dEpFBeW.exe
  2⤵
  PID:7136
- C:\Windows\System\nMjcgpY.exe
  C:\Windows\System\nMjcgpY.exe
  2⤵
  PID:6628
- C:\Windows\System\UjjaTll.exe
  C:\Windows\System\UjjaTll.exe
  2⤵
  PID:7236
- C:\Windows\System\ljgGyKD.exe
  C:\Windows\System\ljgGyKD.exe
  2⤵
  PID:7304
- C:\Windows\System\IRdasOg.exe
  C:\Windows\System\IRdasOg.exe
  2⤵
  PID:7420
- C:\Windows\System\nBNjhSO.exe
  C:\Windows\System\nBNjhSO.exe
  2⤵
  PID:7580
- C:\Windows\System\TzqLemb.exe
  C:\Windows\System\TzqLemb.exe
  2⤵
  PID:3036
- C:\Windows\System\bnIZTEf.exe
  C:\Windows\System\bnIZTEf.exe
  2⤵
  PID:7640
- C:\Windows\System\cDtxRKb.exe
  C:\Windows\System\cDtxRKb.exe
  2⤵
  PID:7808
- C:\Windows\System\WMiMWQW.exe
  C:\Windows\System\WMiMWQW.exe
  2⤵
  PID:7804
- C:\Windows\System\FSEMAIK.exe
  C:\Windows\System\FSEMAIK.exe
  2⤵
  PID:7924
- C:\Windows\System\ebfSXHn.exe
  C:\Windows\System\ebfSXHn.exe
  2⤵
  PID:7944
- C:\Windows\System\fOjzwUv.exe
  C:\Windows\System\fOjzwUv.exe
  2⤵
  PID:8044
- C:\Windows\System\UrijpWV.exe
  C:\Windows\System\UrijpWV.exe
  2⤵
  PID:8132
- C:\Windows\System\GakDWXo.exe
  C:\Windows\System\GakDWXo.exe
  2⤵
  PID:8204
- C:\Windows\System\TFraIxo.exe
  C:\Windows\System\TFraIxo.exe
  2⤵
  PID:8224
- C:\Windows\System\NGYTYeZ.exe
  C:\Windows\System\NGYTYeZ.exe
  2⤵
  PID:8244
- C:\Windows\System\DygcWLJ.exe
  C:\Windows\System\DygcWLJ.exe
  2⤵
  PID:8264
- C:\Windows\System\CnhyiAU.exe
  C:\Windows\System\CnhyiAU.exe
  2⤵
  PID:8284
- C:\Windows\System\nRkhRCe.exe
  C:\Windows\System\nRkhRCe.exe
  2⤵
  PID:8304
- C:\Windows\System\nBqfTDx.exe
  C:\Windows\System\nBqfTDx.exe
  2⤵
  PID:8324
- C:\Windows\System\NsKZIqT.exe
  C:\Windows\System\NsKZIqT.exe
  2⤵
  PID:8344
- C:\Windows\System\WgUmzMd.exe
  C:\Windows\System\WgUmzMd.exe
  2⤵
  PID:8360
- C:\Windows\System\vxXuCzC.exe
  C:\Windows\System\vxXuCzC.exe
  2⤵
  PID:8388
- C:\Windows\System\rFWQAlZ.exe
  C:\Windows\System\rFWQAlZ.exe
  2⤵
  PID:8408
- C:\Windows\System\QoUUUUA.exe
  C:\Windows\System\QoUUUUA.exe
  2⤵
  PID:8428
- C:\Windows\System\VziyDrP.exe
  C:\Windows\System\VziyDrP.exe
  2⤵
  PID:8448
- C:\Windows\System\wUOgOtJ.exe
  C:\Windows\System\wUOgOtJ.exe
  2⤵
  PID:8468
- C:\Windows\System\nFfvqWC.exe
  C:\Windows\System\nFfvqWC.exe
  2⤵
  PID:8488
- C:\Windows\System\NPCexRk.exe
  C:\Windows\System\NPCexRk.exe
  2⤵
  PID:8508
- C:\Windows\System\tjUnqWG.exe
  C:\Windows\System\tjUnqWG.exe
  2⤵
  PID:8528
- C:\Windows\System\ckYXrdN.exe
  C:\Windows\System\ckYXrdN.exe
  2⤵
  PID:8548
- C:\Windows\System\WlUhFSo.exe
  C:\Windows\System\WlUhFSo.exe
  2⤵
  PID:8568
- C:\Windows\System\xfuqugY.exe
  C:\Windows\System\xfuqugY.exe
  2⤵
  PID:8588
- C:\Windows\System\GhXVddV.exe
  C:\Windows\System\GhXVddV.exe
  2⤵
  PID:8608
- C:\Windows\System\VObntnZ.exe
  C:\Windows\System\VObntnZ.exe
  2⤵
  PID:8628
- C:\Windows\System\JLHjlrx.exe
  C:\Windows\System\JLHjlrx.exe
  2⤵
  PID:8648
- C:\Windows\System\jejosHm.exe
  C:\Windows\System\jejosHm.exe
  2⤵
  PID:8668
- C:\Windows\System\enmdwOx.exe
  C:\Windows\System\enmdwOx.exe
  2⤵
  PID:8688
- C:\Windows\System\ikuEKYd.exe
  C:\Windows\System\ikuEKYd.exe
  2⤵
  PID:8708
- C:\Windows\System\WczRaYJ.exe
  C:\Windows\System\WczRaYJ.exe
  2⤵
  PID:8728
- C:\Windows\System\pjYDevj.exe
  C:\Windows\System\pjYDevj.exe
  2⤵
  PID:8748
- C:\Windows\System\UiXGraY.exe
  C:\Windows\System\UiXGraY.exe
  2⤵
  PID:8768
- C:\Windows\System\AhqErEl.exe
  C:\Windows\System\AhqErEl.exe
  2⤵
  PID:8788
- C:\Windows\System\oGapHqY.exe
  C:\Windows\System\oGapHqY.exe
  2⤵
  PID:8808
- C:\Windows\System\ztYhSOl.exe
  C:\Windows\System\ztYhSOl.exe
  2⤵
  PID:8828
- C:\Windows\System\NQQekba.exe
  C:\Windows\System\NQQekba.exe
  2⤵
  PID:8848
- C:\Windows\System\ddfpbch.exe
  C:\Windows\System\ddfpbch.exe
  2⤵
  PID:8868
- C:\Windows\System\eorEalm.exe
  C:\Windows\System\eorEalm.exe
  2⤵
  PID:8888
- C:\Windows\System\WSEvVhC.exe
  C:\Windows\System\WSEvVhC.exe
  2⤵
  PID:8908
- C:\Windows\System\uAVPgKK.exe
  C:\Windows\System\uAVPgKK.exe
  2⤵
  PID:8928
- C:\Windows\System\IoFGrtq.exe
  C:\Windows\System\IoFGrtq.exe
  2⤵
  PID:8944
- C:\Windows\System\bJqhzrl.exe
  C:\Windows\System\bJqhzrl.exe
  2⤵
  PID:8968
- C:\Windows\System\RFEzNZI.exe
  C:\Windows\System\RFEzNZI.exe
  2⤵
  PID:8988
- C:\Windows\System\okIeqjz.exe
  C:\Windows\System\okIeqjz.exe
  2⤵
  PID:9008
- C:\Windows\System\lwApETY.exe
  C:\Windows\System\lwApETY.exe
  2⤵
  PID:9028
- C:\Windows\System\FyGsIwB.exe
  C:\Windows\System\FyGsIwB.exe
  2⤵
  PID:9048
- C:\Windows\System\PMqapwv.exe
  C:\Windows\System\PMqapwv.exe
  2⤵
  PID:9068
- C:\Windows\System\lwdkHBu.exe
  C:\Windows\System\lwdkHBu.exe
  2⤵
  PID:9088
- C:\Windows\System\uYGhdll.exe
  C:\Windows\System\uYGhdll.exe
  2⤵
  PID:9108
- C:\Windows\System\SQvKWAt.exe
  C:\Windows\System\SQvKWAt.exe
  2⤵
  PID:9124
- C:\Windows\System\ZlrtqQw.exe
  C:\Windows\System\ZlrtqQw.exe
  2⤵
  PID:9144
- C:\Windows\System\ZSSWbED.exe
  C:\Windows\System\ZSSWbED.exe
  2⤵
  PID:9160
- C:\Windows\System\KuUZrrE.exe
  C:\Windows\System\KuUZrrE.exe
  2⤵
  PID:9176
- C:\Windows\System\XuxWnyM.exe
  C:\Windows\System\XuxWnyM.exe
  2⤵
  PID:9192
- C:\Windows\System\fNXiiPH.exe
  C:\Windows\System\fNXiiPH.exe
  2⤵
  PID:9212
- C:\Windows\System\nxYoHQX.exe
  C:\Windows\System\nxYoHQX.exe
  2⤵
  PID:6752
- C:\Windows\System\hwAmdfr.exe
  C:\Windows\System\hwAmdfr.exe
  2⤵
  PID:6860
- C:\Windows\System\hRCqwkG.exe
  C:\Windows\System\hRCqwkG.exe
  2⤵
  PID:7264
- C:\Windows\System\mHSUwqR.exe
  C:\Windows\System\mHSUwqR.exe
  2⤵
  PID:7444
- C:\Windows\System\ROBpwrw.exe
  C:\Windows\System\ROBpwrw.exe
  2⤵
  PID:7464
- C:\Windows\System\WIxTtvm.exe
  C:\Windows\System\WIxTtvm.exe
  2⤵
  PID:7560
- C:\Windows\System\uCUqWGt.exe
  C:\Windows\System\uCUqWGt.exe
  2⤵
  PID:7708
- C:\Windows\System\vXQEYSc.exe
  C:\Windows\System\vXQEYSc.exe
  2⤵
  PID:7904
- C:\Windows\System\zEZzezT.exe
  C:\Windows\System\zEZzezT.exe
  2⤵
  PID:8024
- C:\Windows\System\VhtBPve.exe
  C:\Windows\System\VhtBPve.exe
  2⤵
  PID:8220
- C:\Windows\System\mgLBCaa.exe
  C:\Windows\System\mgLBCaa.exe
  2⤵
  PID:8280
- C:\Windows\System\RFkCNxp.exe
  C:\Windows\System\RFkCNxp.exe
  2⤵
  PID:8296
- C:\Windows\System\kNdxnOR.exe
  C:\Windows\System\kNdxnOR.exe
  2⤵
  PID:8340
- C:\Windows\System\rzieKBh.exe
  C:\Windows\System\rzieKBh.exe
  2⤵
  PID:8376
- C:\Windows\System\ZvYVOOm.exe
  C:\Windows\System\ZvYVOOm.exe
  2⤵
  PID:8436
- C:\Windows\System\WwOcrSl.exe
  C:\Windows\System\WwOcrSl.exe
  2⤵
  PID:8424
- C:\Windows\System\eKMvJBM.exe
  C:\Windows\System\eKMvJBM.exe
  2⤵
  PID:8460
- C:\Windows\System\GoxcwRN.exe
  C:\Windows\System\GoxcwRN.exe
  2⤵
  PID:8504
- C:\Windows\System\xriirfQ.exe
  C:\Windows\System\xriirfQ.exe
  2⤵
  PID:8556
- C:\Windows\System\hgFRxdS.exe
  C:\Windows\System\hgFRxdS.exe
  2⤵
  PID:8540
- C:\Windows\System\gmEgqAl.exe
  C:\Windows\System\gmEgqAl.exe
  2⤵
  PID:8580
- C:\Windows\System\ScfCIRm.exe
  C:\Windows\System\ScfCIRm.exe
  2⤵
  PID:8616
- C:\Windows\System\OJKwKqO.exe
  C:\Windows\System\OJKwKqO.exe
  2⤵
  PID:8644
- C:\Windows\System\dtVHGQg.exe
  C:\Windows\System\dtVHGQg.exe
  2⤵
  PID:2620
- C:\Windows\System\QKlPsPU.exe
  C:\Windows\System\QKlPsPU.exe
  2⤵
  PID:8680
- C:\Windows\System\kOoSzqe.exe
  C:\Windows\System\kOoSzqe.exe
  2⤵
  PID:8720
- C:\Windows\System\cpoNnjP.exe
  C:\Windows\System\cpoNnjP.exe
  2⤵
  PID:8736
- C:\Windows\System\PEbhrzV.exe
  C:\Windows\System\PEbhrzV.exe
  2⤵
  PID:8764
- C:\Windows\System\eIbvYDW.exe
  C:\Windows\System\eIbvYDW.exe
  2⤵
  PID:8860
- C:\Windows\System\frpRsBT.exe
  C:\Windows\System\frpRsBT.exe
  2⤵
  PID:8904
- C:\Windows\System\wpZHphl.exe
  C:\Windows\System\wpZHphl.exe
  2⤵
  PID:2504
- C:\Windows\System\TLcyYmq.exe
  C:\Windows\System\TLcyYmq.exe
  2⤵
  PID:1696
- C:\Windows\System\FTsfqLc.exe
  C:\Windows\System\FTsfqLc.exe
  2⤵
  PID:8996
- C:\Windows\System\IfWCLKN.exe
  C:\Windows\System\IfWCLKN.exe
  2⤵
  PID:9016
- C:\Windows\System\xkbbKDA.exe
  C:\Windows\System\xkbbKDA.exe
  2⤵
  PID:9020
- C:\Windows\System\wauBlTP.exe
  C:\Windows\System\wauBlTP.exe
  2⤵
  PID:2916
- C:\Windows\System\pkGlvDc.exe
  C:\Windows\System\pkGlvDc.exe
  2⤵
  PID:2120
- C:\Windows\System\QCjdYBR.exe
  C:\Windows\System\QCjdYBR.exe
  2⤵
  PID:9116
- C:\Windows\System\yQpBSxD.exe
  C:\Windows\System\yQpBSxD.exe
  2⤵
  PID:9100
- C:\Windows\System\pQWzFnu.exe
  C:\Windows\System\pQWzFnu.exe
  2⤵
  PID:9152
- C:\Windows\System\UIqXYlz.exe
  C:\Windows\System\UIqXYlz.exe
  2⤵
  PID:9156
- C:\Windows\System\YZZZBMW.exe
  C:\Windows\System\YZZZBMW.exe
  2⤵
  PID:9188
- C:\Windows\System\xzQBbtC.exe
  C:\Windows\System\xzQBbtC.exe
  2⤵
  PID:4164
- C:\Windows\System\HHeSqKJ.exe
  C:\Windows\System\HHeSqKJ.exe
  2⤵
  PID:1432
- C:\Windows\System\qkBmwIX.exe
  C:\Windows\System\qkBmwIX.exe
  2⤵
  PID:5756
- C:\Windows\System\OjgbkvO.exe
  C:\Windows\System\OjgbkvO.exe
  2⤵
  PID:2228
- C:\Windows\System\NsJXuQI.exe
  C:\Windows\System\NsJXuQI.exe
  2⤵
  PID:2692
- C:\Windows\System\IncAUUt.exe
  C:\Windows\System\IncAUUt.exe
  2⤵
  PID:980
- C:\Windows\System\ZkdkUqn.exe
  C:\Windows\System\ZkdkUqn.exe
  2⤵
  PID:2520
- C:\Windows\System\BbpvmRV.exe
  C:\Windows\System\BbpvmRV.exe
  2⤵
  PID:7740
- C:\Windows\System\kHCgLCC.exe
  C:\Windows\System\kHCgLCC.exe
  2⤵
  PID:1912
- C:\Windows\System\VTNTQUk.exe
  C:\Windows\System\VTNTQUk.exe
  2⤵
  PID:7564
- C:\Windows\System\SExEniu.exe
  C:\Windows\System\SExEniu.exe
  2⤵
  PID:1744
- C:\Windows\System\EABhmLh.exe
  C:\Windows\System\EABhmLh.exe
  2⤵
  PID:852
- C:\Windows\System\DXMbaXv.exe
  C:\Windows\System\DXMbaXv.exe
  2⤵
  PID:8168
- C:\Windows\System\lWrFHTP.exe
  C:\Windows\System\lWrFHTP.exe
  2⤵
  PID:1580
- C:\Windows\System\xDKbOpq.exe
  C:\Windows\System\xDKbOpq.exe
  2⤵
  PID:8272
- C:\Windows\System\acsbzBw.exe
  C:\Windows\System\acsbzBw.exe
  2⤵
  PID:8316
- C:\Windows\System\IrtmiSZ.exe
  C:\Windows\System\IrtmiSZ.exe
  2⤵
  PID:8336
- C:\Windows\System\WmSvATV.exe
  C:\Windows\System\WmSvATV.exe
  2⤵
  PID:8396
- C:\Windows\System\AHbxAnT.exe
  C:\Windows\System\AHbxAnT.exe
  2⤵
  PID:8444
- C:\Windows\System\DVXaCYt.exe
  C:\Windows\System\DVXaCYt.exe
  2⤵
  PID:1640
- C:\Windows\System\qoEMJEm.exe
  C:\Windows\System\qoEMJEm.exe
  2⤵
  PID:8836
- C:\Windows\System\uRrPeRo.exe
  C:\Windows\System\uRrPeRo.exe
  2⤵
  PID:8876
- C:\Windows\System\pFsBAsE.exe
  C:\Windows\System\pFsBAsE.exe
  2⤵
  PID:8864
- C:\Windows\System\OtqIjfv.exe
  C:\Windows\System\OtqIjfv.exe
  2⤵
  PID:8920
- C:\Windows\System\NwXKmDu.exe
  C:\Windows\System\NwXKmDu.exe
  2⤵
  PID:8936
- C:\Windows\System\XOeRyRH.exe
  C:\Windows\System\XOeRyRH.exe
  2⤵
  PID:8984
- C:\Windows\System\hKedZbE.exe
  C:\Windows\System\hKedZbE.exe
  2⤵
  PID:9056
- C:\Windows\System\APygone.exe
  C:\Windows\System\APygone.exe
  2⤵
  PID:2836
- C:\Windows\System\ouqleUf.exe
  C:\Windows\System\ouqleUf.exe
  2⤵
  PID:2752
- C:\Windows\System\HtqkIhc.exe
  C:\Windows\System\HtqkIhc.exe
  2⤵
  PID:548
- C:\Windows\System\tSfKCGV.exe
  C:\Windows\System\tSfKCGV.exe
  2⤵
  PID:9132
- C:\Windows\System\gjRzPSV.exe
  C:\Windows\System\gjRzPSV.exe
  2⤵
  PID:2180
- C:\Windows\System\oIYTIZv.exe
  C:\Windows\System\oIYTIZv.exe
  2⤵
  PID:7884
- C:\Windows\System\YgNCgmJ.exe
  C:\Windows\System\YgNCgmJ.exe
  2⤵
  PID:7220
- C:\Windows\System\PpNfLJK.exe
  C:\Windows\System\PpNfLJK.exe
  2⤵
  PID:7720
- C:\Windows\System\FFtmhkh.exe
  C:\Windows\System\FFtmhkh.exe
  2⤵
  PID:7928
- C:\Windows\System\FxiVbEq.exe
  C:\Windows\System\FxiVbEq.exe
  2⤵
  PID:8476
- C:\Windows\System\BwgDRhn.exe
  C:\Windows\System\BwgDRhn.exe
  2⤵
  PID:8544
- C:\Windows\System\JszHpPK.exe
  C:\Windows\System\JszHpPK.exe
  2⤵
  PID:8716
- C:\Windows\System\ZWsMLLk.exe
  C:\Windows\System\ZWsMLLk.exe
  2⤵
  PID:8564
- C:\Windows\System\dPKBLQe.exe
  C:\Windows\System\dPKBLQe.exe
  2⤵
  PID:8664
- C:\Windows\System\hxbOxSA.exe
  C:\Windows\System\hxbOxSA.exe
  2⤵
  PID:1852
- C:\Windows\System\LsnPRqy.exe
  C:\Windows\System\LsnPRqy.exe
  2⤵
  PID:8784
- C:\Windows\System\xlMvCGk.exe
  C:\Windows\System\xlMvCGk.exe
  2⤵
  PID:8840
- C:\Windows\System\XmsBDyD.exe
  C:\Windows\System\XmsBDyD.exe
  2⤵
  PID:9168
- C:\Windows\System\ytdGZZZ.exe
  C:\Windows\System\ytdGZZZ.exe
  2⤵
  PID:2748
- C:\Windows\System\hAVMGrD.exe
  C:\Windows\System\hAVMGrD.exe
  2⤵
  PID:2724
- C:\Windows\System\ptYEqZL.exe
  C:\Windows\System\ptYEqZL.exe
  2⤵
  PID:1664
- C:\Windows\System\oIETSNj.exe
  C:\Windows\System\oIETSNj.exe
  2⤵
  PID:2716
- C:\Windows\System\aVGSpIy.exe
  C:\Windows\System\aVGSpIy.exe
  2⤵
  PID:7620
- C:\Windows\System\zqnUlnS.exe
  C:\Windows\System\zqnUlnS.exe
  2⤵
  PID:8200
- C:\Windows\System\lheThbf.exe
  C:\Windows\System\lheThbf.exe
  2⤵
  PID:8372
- C:\Windows\System\YZdekOt.exe
  C:\Windows\System\YZdekOt.exe
  2⤵
  PID:8524
- C:\Windows\System\AKKVqUC.exe
  C:\Windows\System\AKKVqUC.exe
  2⤵
  PID:8600
- C:\Windows\System\LdoMrZG.exe
  C:\Windows\System\LdoMrZG.exe
  2⤵
  PID:8724
- C:\Windows\System\AtcygHN.exe
  C:\Windows\System\AtcygHN.exe
  2⤵
  PID:8584
- C:\Windows\System\lwYbQIN.exe
  C:\Windows\System\lwYbQIN.exe
  2⤵
  PID:8816
- C:\Windows\System\BLHswRf.exe
  C:\Windows\System\BLHswRf.exe
  2⤵
  PID:9044
- C:\Windows\System\ZvwJqam.exe
  C:\Windows\System\ZvwJqam.exe
  2⤵
  PID:2360
- C:\Windows\System\OrJDQTS.exe
  C:\Windows\System\OrJDQTS.exe
  2⤵
  PID:8940
- C:\Windows\System\jQeLiUJ.exe
  C:\Windows\System\jQeLiUJ.exe
  2⤵
  PID:9096
- C:\Windows\System\YzgXdgf.exe
  C:\Windows\System\YzgXdgf.exe
  2⤵
  PID:8356
- C:\Windows\System\TFuIrtB.exe
  C:\Windows\System\TFuIrtB.exe
  2⤵
  PID:2780
- C:\Windows\System\wCqTqCn.exe
  C:\Windows\System\wCqTqCn.exe
  2⤵
  PID:8960
- C:\Windows\System\oKKRtgh.exe
  C:\Windows\System\oKKRtgh.exe
  2⤵
  PID:8844
- C:\Windows\System\YONdYEJ.exe
  C:\Windows\System\YONdYEJ.exe
  2⤵
  PID:8956
- C:\Windows\System\ApHQMUY.exe
  C:\Windows\System\ApHQMUY.exe
  2⤵
  PID:2972
- C:\Windows\System\qspZNEx.exe
  C:\Windows\System\qspZNEx.exe
  2⤵
  PID:8212
- C:\Windows\System\CAIwliL.exe
  C:\Windows\System\CAIwliL.exe
  2⤵
  PID:8924
- C:\Windows\System\ofYFZAS.exe
  C:\Windows\System\ofYFZAS.exe
  2⤵
  PID:8880
- C:\Windows\System\EDccMKu.exe
  C:\Windows\System\EDccMKu.exe
  2⤵
  PID:8320
- C:\Windows\System\nCfCEIB.exe
  C:\Windows\System\nCfCEIB.exe
  2⤵
  PID:2084
- C:\Windows\System\MFimgFt.exe
  C:\Windows\System\MFimgFt.exe
  2⤵
  PID:1708
- C:\Windows\System\dyrtZxp.exe
  C:\Windows\System\dyrtZxp.exe
  2⤵
  PID:9232
- C:\Windows\System\GwZkjkd.exe
  C:\Windows\System\GwZkjkd.exe
  2⤵
  PID:9248
- C:\Windows\System\GSRmRHg.exe
  C:\Windows\System\GSRmRHg.exe
  2⤵
  PID:9264
- C:\Windows\System\yodbWQM.exe
  C:\Windows\System\yodbWQM.exe
  2⤵
  PID:9280
- C:\Windows\System\ZXAAPiK.exe
  C:\Windows\System\ZXAAPiK.exe
  2⤵
  PID:9296
- C:\Windows\System\sgkejyI.exe
  C:\Windows\System\sgkejyI.exe
  2⤵
  PID:9312
- C:\Windows\System\DVtqYUT.exe
  C:\Windows\System\DVtqYUT.exe
  2⤵
  PID:9328
- C:\Windows\System\atTqccE.exe
  C:\Windows\System\atTqccE.exe
  2⤵
  PID:9344
- C:\Windows\System\rEYONdK.exe
  C:\Windows\System\rEYONdK.exe
  2⤵
  PID:9360
- C:\Windows\System\McaFpYb.exe
  C:\Windows\System\McaFpYb.exe
  2⤵
  PID:9376
- C:\Windows\System\nKSdeVw.exe
  C:\Windows\System\nKSdeVw.exe
  2⤵
  PID:9392
- C:\Windows\System\OGNkFIJ.exe
  C:\Windows\System\OGNkFIJ.exe
  2⤵
  PID:9408
- C:\Windows\System\MbrILgI.exe
  C:\Windows\System\MbrILgI.exe
  2⤵
  PID:9424
- C:\Windows\System\mnpeCpH.exe
  C:\Windows\System\mnpeCpH.exe
  2⤵
  PID:9444
- C:\Windows\System\xEPgISn.exe
  C:\Windows\System\xEPgISn.exe
  2⤵
  PID:9464
- C:\Windows\System\clktwSt.exe
  C:\Windows\System\clktwSt.exe
  2⤵
  PID:9480
- C:\Windows\System\JVURDHC.exe
  C:\Windows\System\JVURDHC.exe
  2⤵
  PID:9496
- C:\Windows\System\hatCVdx.exe
  C:\Windows\System\hatCVdx.exe
  2⤵
  PID:9544
- C:\Windows\System\WREhkPN.exe
  C:\Windows\System\WREhkPN.exe
  2⤵
  PID:9584
- C:\Windows\System\DSNKBRl.exe
  C:\Windows\System\DSNKBRl.exe
  2⤵
  PID:9608
- C:\Windows\System\axYEVsS.exe
  C:\Windows\System\axYEVsS.exe
  2⤵
  PID:9624
- C:\Windows\System\WBkxXWe.exe
  C:\Windows\System\WBkxXWe.exe
  2⤵
  PID:9640
- C:\Windows\System\hOvOCcs.exe
  C:\Windows\System\hOvOCcs.exe
  2⤵
  PID:9656
- C:\Windows\System\xXctwES.exe
  C:\Windows\System\xXctwES.exe
  2⤵
  PID:9676
- C:\Windows\System\Lbrsixy.exe
  C:\Windows\System\Lbrsixy.exe
  2⤵
  PID:9692
- C:\Windows\System\YebcCaL.exe
  C:\Windows\System\YebcCaL.exe
  2⤵
  PID:9708
- C:\Windows\System\LFMmlNK.exe
  C:\Windows\System\LFMmlNK.exe
  2⤵
  PID:9724
- C:\Windows\System\qgWqDST.exe
  C:\Windows\System\qgWqDST.exe
  2⤵
  PID:9740
- C:\Windows\System\EziyAFW.exe
  C:\Windows\System\EziyAFW.exe
  2⤵
  PID:9756
- C:\Windows\System\fczeiCG.exe
  C:\Windows\System\fczeiCG.exe
  2⤵
  PID:9772
- C:\Windows\System\SOGGtXL.exe
  C:\Windows\System\SOGGtXL.exe
  2⤵
  PID:9788
- C:\Windows\System\VOWbRue.exe
  C:\Windows\System\VOWbRue.exe
  2⤵
  PID:9804
- C:\Windows\System\WeilILH.exe
  C:\Windows\System\WeilILH.exe
  2⤵
  PID:9820
- C:\Windows\System\vazMjcj.exe
  C:\Windows\System\vazMjcj.exe
  2⤵
  PID:9836
- C:\Windows\System\DscXOto.exe
  C:\Windows\System\DscXOto.exe
  2⤵
  PID:9852
- C:\Windows\System\poMAjMs.exe
  C:\Windows\System\poMAjMs.exe
  2⤵
  PID:9868
- C:\Windows\System\OXidRKd.exe
  C:\Windows\System\OXidRKd.exe
  2⤵
  PID:9884
- C:\Windows\System\KMstVwx.exe
  C:\Windows\System\KMstVwx.exe
  2⤵
  PID:9964
- C:\Windows\System\roVlELk.exe
  C:\Windows\System\roVlELk.exe
  2⤵
  PID:10008
- C:\Windows\System\naYZWTU.exe
  C:\Windows\System\naYZWTU.exe
  2⤵
  PID:10024
- C:\Windows\System\lznomvc.exe
  C:\Windows\System\lznomvc.exe
  2⤵
  PID:10040
- C:\Windows\System\acZbkuK.exe
  C:\Windows\System\acZbkuK.exe
  2⤵
  PID:10056
- C:\Windows\System\DqXpYwx.exe
  C:\Windows\System\DqXpYwx.exe
  2⤵
  PID:10072
- C:\Windows\System\UyzWuCq.exe
  C:\Windows\System\UyzWuCq.exe
  2⤵
  PID:10088
- C:\Windows\System\kUpTGso.exe
  C:\Windows\System\kUpTGso.exe
  2⤵
  PID:10132
- C:\Windows\System\HtlcxIm.exe
  C:\Windows\System\HtlcxIm.exe
  2⤵
  PID:10152
- C:\Windows\System\hQgBVDy.exe
  C:\Windows\System\hQgBVDy.exe
  2⤵
  PID:10168
- C:\Windows\System\UiNuPyd.exe
  C:\Windows\System\UiNuPyd.exe
  2⤵
  PID:10184
- C:\Windows\System\kYyIHyQ.exe
  C:\Windows\System\kYyIHyQ.exe
  2⤵
  PID:10200
- C:\Windows\System\eJYYzMx.exe
  C:\Windows\System\eJYYzMx.exe
  2⤵
  PID:10216
- C:\Windows\System\TCmLNyK.exe
  C:\Windows\System\TCmLNyK.exe
  2⤵
  PID:10232
- C:\Windows\System\hBEqdOQ.exe
  C:\Windows\System\hBEqdOQ.exe
  2⤵
  PID:9224
- C:\Windows\System\bVCjjZa.exe
  C:\Windows\System\bVCjjZa.exe
  2⤵
  PID:9288
- C:\Windows\System\GAlRWZh.exe
  C:\Windows\System\GAlRWZh.exe
  2⤵
  PID:9352
- C:\Windows\System\VrlfuXM.exe
  C:\Windows\System\VrlfuXM.exe
  2⤵
  PID:9432
- C:\Windows\System\vMxAvPL.exe
  C:\Windows\System\vMxAvPL.exe
  2⤵
  PID:8684
- C:\Windows\System\KNLayRm.exe
  C:\Windows\System\KNLayRm.exe
  2⤵
  PID:9308
- C:\Windows\System\PepXvTZ.exe
  C:\Windows\System\PepXvTZ.exe
  2⤵
  PID:9372
- C:\Windows\System\dPaKEFp.exe
  C:\Windows\System\dPaKEFp.exe
  2⤵
  PID:9436
- C:\Windows\System\wVxObvV.exe
  C:\Windows\System\wVxObvV.exe
  2⤵
  PID:9504
- C:\Windows\System\wKoBekQ.exe
  C:\Windows\System\wKoBekQ.exe
  2⤵
  PID:9488
- C:\Windows\System\VZsPODX.exe
  C:\Windows\System\VZsPODX.exe
  2⤵
  PID:9552
- C:\Windows\System\ayHzCeo.exe
  C:\Windows\System\ayHzCeo.exe
  2⤵
  PID:9560
- C:\Windows\System\oZKcuRG.exe
  C:\Windows\System\oZKcuRG.exe
  2⤵
  PID:9632
- C:\Windows\System\HeYReki.exe
  C:\Windows\System\HeYReki.exe
  2⤵
  PID:9736
- C:\Windows\System\WBeKbJk.exe
  C:\Windows\System\WBeKbJk.exe
  2⤵
  PID:9828
- C:\Windows\System\UrWtZsN.exe
  C:\Windows\System\UrWtZsN.exe
  2⤵
  PID:9576
- C:\Windows\System\aysgavB.exe
  C:\Windows\System\aysgavB.exe
  2⤵
  PID:9688
- C:\Windows\System\kSpKIdH.exe
  C:\Windows\System\kSpKIdH.exe
  2⤵
  PID:9812
- C:\Windows\System\zwFEITV.exe
  C:\Windows\System\zwFEITV.exe
  2⤵
  PID:9880
- C:\Windows\System\ivcjkqu.exe
  C:\Windows\System\ivcjkqu.exe
  2⤵
  PID:9912
- C:\Windows\System\nGiBWXc.exe
  C:\Windows\System\nGiBWXc.exe
  2⤵
  PID:9940
- C:\Windows\System\lXNXKac.exe
  C:\Windows\System\lXNXKac.exe
  2⤵
  PID:9960
- C:\Windows\System\ibkukdf.exe
  C:\Windows\System\ibkukdf.exe
  2⤵
  PID:9984
- C:\Windows\System\aKBBjni.exe
  C:\Windows\System\aKBBjni.exe
  2⤵
  PID:10004
- C:\Windows\System\bBANlcs.exe
  C:\Windows\System\bBANlcs.exe
  2⤵
  PID:10052
- C:\Windows\System\yAHABvd.exe
  C:\Windows\System\yAHABvd.exe
  2⤵
  PID:10096
- C:\Windows\System\HJxehis.exe
  C:\Windows\System\HJxehis.exe
  2⤵
  PID:10100
- C:\Windows\System\sHGhMfI.exe
  C:\Windows\System\sHGhMfI.exe
  2⤵
  PID:10140
- C:\Windows\System\XRZoUKh.exe
  C:\Windows\System\XRZoUKh.exe
  2⤵
  PID:10196
- C:\Windows\System\BNkmwHh.exe
  C:\Windows\System\BNkmwHh.exe
  2⤵
  PID:9204
- C:\Windows\System\jseZcDu.exe
  C:\Windows\System\jseZcDu.exe
  2⤵
  PID:8636
- C:\Windows\System\aeJqWcu.exe
  C:\Windows\System\aeJqWcu.exe
  2⤵
  PID:8236
- C:\Windows\System\cPuMMsI.exe
  C:\Windows\System\cPuMMsI.exe
  2⤵
  PID:9472
- C:\Windows\System\UwOrPfq.exe
  C:\Windows\System\UwOrPfq.exe
  2⤵
  PID:9388
- C:\Windows\System\aYhzROZ.exe
  C:\Windows\System\aYhzROZ.exe
  2⤵
  PID:9520
- C:\Windows\System\LKbePob.exe
  C:\Windows\System\LKbePob.exe
  2⤵
  PID:9420
- C:\Windows\System\qAUelkH.exe
  C:\Windows\System\qAUelkH.exe
  2⤵
  PID:9540
- C:\Windows\System\YyADLoa.exe
  C:\Windows\System\YyADLoa.exe
  2⤵
  PID:9592
- C:\Windows\System\ewziNas.exe
  C:\Windows\System\ewziNas.exe
  2⤵
  PID:9556
- C:\Windows\System\IAolPCa.exe
  C:\Windows\System\IAolPCa.exe
  2⤵
  PID:9704
- C:\Windows\System\wbZljmP.exe
  C:\Windows\System\wbZljmP.exe
  2⤵
  PID:9860
- C:\Windows\System\VtxwoZI.exe
  C:\Windows\System\VtxwoZI.exe
  2⤵
  PID:9616
- C:\Windows\System\EnTiclh.exe
  C:\Windows\System\EnTiclh.exe
  2⤵
  PID:9684
- C:\Windows\System\EWxCiBz.exe
  C:\Windows\System\EWxCiBz.exe
  2⤵
  PID:9844
- C:\Windows\System\ELWNwsc.exe
  C:\Windows\System\ELWNwsc.exe
  2⤵
  PID:9908
- C:\Windows\System\tIsZWSW.exe
  C:\Windows\System\tIsZWSW.exe
  2⤵
  PID:9956
- C:\Windows\System\IWWzTTs.exe
  C:\Windows\System\IWWzTTs.exe
  2⤵
  PID:10020
- C:\Windows\System\EPtCjon.exe
  C:\Windows\System\EPtCjon.exe
  2⤵
  PID:10124
- C:\Windows\System\naasCRK.exe
  C:\Windows\System\naasCRK.exe
  2⤵
  PID:10160
- C:\Windows\System\cEsrysr.exe
  C:\Windows\System\cEsrysr.exe
  2⤵
  PID:9260
- C:\Windows\System\mrXlBqI.exe
  C:\Windows\System\mrXlBqI.exe
  2⤵
  PID:10108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AJqLZaQ.exe

Filesize
6.0MB

MD5
19e5ae96ae17426a22a166b99e9e8d1e

SHA1
9e0d97c0c6346c07c1167a61a03e415065b86ecd

SHA256
855ae6f93c9ba30be1f1ed79b35213f883ecdd356021ba1e53c17d8d73843e70

SHA512
edcbee25fb67be7cbf386045e2b7a6147a53d10b420675db141e3f221f965f2e0485cd0e68161f0c241c3d3aede09af55c05cf587fb12996198246d52ec66e55

Download Submit
C:\Windows\system\BwMDEVe.exe

Filesize
6.0MB

MD5
f3a307267e076935b8b360a780c0053c

SHA1
b400618bd87a0201c319e8373da3fcf8006a5a05

SHA256
8575f19f46c76727c48ac4bfa1252f5a43676edd926dd46cebd3b9a5f11a6246

SHA512
b5a549cd098e56656a40ba1f3e620d241f8b700cfc72d5fa92f9d93124a547ccdf3e341d9deda04d4f14c122d77751373f71bf785e06b7be7e88497bb8a7316c

Download Submit
C:\Windows\system\CnGfCQF.exe

Filesize
6.0MB

MD5
9b1aa6dbe6c8ab8fbbf1ce86a211a8ad

SHA1
8b224652a58133a2c9bfd56b7e0b014696c371df

SHA256
8199ca147d9481f6c2840c2e844e4256f3f8bcf25042a82bc8927374f317b6e0

SHA512
92213ca0fe7754a024576cc8a0a93c8e9efd7707cde28663aad153345896e5718d6c9c2c6e3b633108912e05c47645b1e24564f7808a3fe273c270482831f69e

Download Submit
C:\Windows\system\ENZVOOy.exe

Filesize
6.0MB

MD5
160973f4bf56698b3a33631e11e1047e

SHA1
18e74eef7110f52aca32aa5c624090cc72490b38

SHA256
73794cc68d1887425cd99971a30460932595dea877c0a57205ba66c6fef45139

SHA512
9dc18d6c77dc5d93214965252cb927789f7d9d1156fcb11ade7c01627c6205a266bacbd6ac0fdbdac1d8699495aa91e50f12e604e30154aead4388a00de7b174

Download Submit
C:\Windows\system\FpgMgGQ.exe

Filesize
6.0MB

MD5
c754cb18e19bd9935efbd58e2c962438

SHA1
23658e6a53099cbf4df487fc39072afdc03ac73d

SHA256
55dc0a4e2ccda9e83b71623ebe2099a0bc023c36117e2e3442898200bf650352

SHA512
6e334e6b650c34158e170e2fe0d51215bf11c1c63632156f7f8d9ae89ff34f7c0ae6ced76e61ee865a92a7182a6fc6be4a3b74fbee65f74c64b0521df2b271ad

Download Submit
C:\Windows\system\IPTVwyG.exe

Filesize
6.0MB

MD5
bc42c9954ff21ba01b05019d85234527

SHA1
22242614c9a0635dc44ca200722c9bfeabcd8534

SHA256
492b2512bedd571c022e495be19f2fde8f09cf80266c28f2071c4ab250bd8ee4

SHA512
c5b16088380f483c7393231ed36f1376cdbb089c9a574b5714ea62aca6af7dca57ae9e1bdc5f990958e41686300b0ab19458b2dc256ea99e1994720fc9edb5f8

Download Submit
C:\Windows\system\JycQwLm.exe

Filesize
6.0MB

MD5
eb548c7e934d88f57e77b886df651f13

SHA1
5f5e87b20a34f8baec00af39bbcc549a49aa9a89

SHA256
0f5bfb76c3b37e425d986b2078241caea524c442716bad8f5ff7b5f491fa5ce4

SHA512
c51d6d0081ab4158bf29a58667af37bdb067a31322783a0dae8f36ab3fe74fd864f8e6ba0001fb79c9e10cb7f33f0da68ca5b536dfde3397e3426242ad597b4b

Download Submit
C:\Windows\system\NFOyTWs.exe

Filesize
6.0MB

MD5
5ff87c43ba1dd4bf89653127bee363fb

SHA1
14d1bd059bd64224029ef91ae1cf95542d16a799

SHA256
031b9919058469e1584ea1aeb3959c0e2d5bf393a29b7989f567a06436a55a03

SHA512
2bf150f269222667ef39361d6e31137fb7bd6ea5e1c921b419defc4e6c59fac0d165ce4cb30ffb55a3f2c14de258e3bdb00b6655f8f2ef0961e7d44795ccb420

Download Submit
C:\Windows\system\NQhfBsZ.exe

Filesize
6.0MB

MD5
eee7f3a2b5130da4e79c89923d8a2496

SHA1
26434e29271aaca982a1a43065d576c9c3f59885

SHA256
c2f9aae7cdea901ed7012e14f35f92ba5a3b6af63b283894543435a6438cf30a

SHA512
a582e77fdd37b4532ac73561d9a2f3a393dd4f71cd127254499d450f234a64225411b72ce5cafb2c50d50a33199c10505ff726644935ea126c661655b9c0ef1c

Download Submit
C:\Windows\system\NqPktsC.exe

Filesize
6.0MB

MD5
2c1c436c9b730c24b3f25db2554d3f09

SHA1
118fd1252f28b1b0af12c9776ef7e446913f55a4

SHA256
61d131f48e35420359aec61818c7d542c3e1956caed1f251ac6881a67379309c

SHA512
24fee4d5076c42e5a13f9cdf4cfbdd44d670922a54708ecbfacc0e13b080bab7fb24e2f37e0a383bd8cae75ac0a48383599b34b26ffe87dfc1aa5396ef63941c

Download Submit
C:\Windows\system\NwWSRll.exe

Filesize
6.0MB

MD5
9f3bb526a8f67effbb1529aa0901ef82

SHA1
2125c1fbff0e7582c8c4661b834113c24009fe59

SHA256
55ee1297b919a814050295def4751dd1789877ff954d904178b4afb0a8169390

SHA512
d1cd7c874097db17075dce37f6be9266c2240133674a196f51b001825c2cbbd4f8e87956869a1e3ef8238d2a17b4113bbcdab71079cb860fcee254e4bee7ea9a

Download Submit
C:\Windows\system\OAHMHbF.exe

Filesize
6.0MB

MD5
6899453d03f2fddc7636348d3f337e71

SHA1
7c59a2d8d585ff8af20bd942d121416832bfc5eb

SHA256
c0c0cb49b156f90e439267e51988fb25828249d9e1a0403580333e9352c76924

SHA512
a85836b1a5a4c03e583787a4c90c13b17162a73f820c592cc3036050b9c031ccae1284f3856c2de6beae7da8a3bcdacc2f518af43beb7ac50be23d9f625e9128

Download Submit
C:\Windows\system\RNuyqMt.exe

Filesize
6.0MB

MD5
f65124546c65ef35200096068f837b79

SHA1
e9f1f374fde2fe863b6ae132e7042027977a2019

SHA256
d91ce02597fb15c1ca1cfa4b47bdfd5df6b039974be09cdff21f2cc85bf0491c

SHA512
16e0f1318fc80ae1c2f25968d77a62645837541718d1d4f4ba0a9fb448ed883f4b846c4649c52ad11119f0cbe18db6923817d4b2214d682a585b90ca8a1cb786

Download Submit
C:\Windows\system\SScdeaE.exe

Filesize
6.0MB

MD5
68b400a6116d1f3da95024ba002d0c1c

SHA1
4769c9d604387c0d0bfd98acaa0a1477f59bc2a5

SHA256
e98bd46a3053ab775fe1788bcce6114b6910e97978c6896c1850c4d0193c6150

SHA512
02a0eb89d635d1f720a3d98ec7ebdb43a3d19cf6f6a6801bf8638565fb6285c0c6f8177fe1f828d9b380c5cc5c95cbd02b60eebd06d22c67e53323cf7377a8a2

Download Submit
C:\Windows\system\TMYILUh.exe

Filesize
6.0MB

MD5
93c7f593e88cfa43236b78d549e57433

SHA1
9f844aedbf7722597dab1e0df8f4d7509a3b256c

SHA256
f2a3402d233fc3164ab04d6425504a87686a58707248f9986c579d00801027fb

SHA512
f55849ec2288e1aa559875ad133dd225ff38b153ab1814bc3087cb90e585d04f644fc4bfefea3a5e29eec0e518101221258ac93b3d9ce098c7b6d184341247a4

Download Submit
C:\Windows\system\UfppHdW.exe

Filesize
6.0MB

MD5
5f64f97709a2035e5b2b76aeb8b8a6e6

SHA1
69d589964f5f9efd498ce8d9b88b282b79474d87

SHA256
ef6a9cea270cd646195b778031c3f86ca024fefbcc7285414cb2a97f3eba253b

SHA512
dd07d5f4d706efb074e888b266d9f629cde3c3b363b4646866a0ec99dda3cd683fa2fabc397d646b1f4a76f705e78386fd774e21aba6a43295b76a97a7b7a6f7

Download Submit
C:\Windows\system\WjZlpaG.exe

Filesize
6.0MB

MD5
cfb9a65795d3e1d99b24e322b201e52c

SHA1
30984db587e825e432405b3b31f92c805759aa1b

SHA256
b22119b6f82ab1f2fe02275a7355f7ba88d3ab692383f9ed00c0bb23abd9581b

SHA512
e997c23cce1ddc73103c116d449d93cad8ffb3ea8e93f8643268c1d26e1dabd1cb077a8c6120d4d0f951e40423ae50acf4e17a14b1b3d5c190eca91280dc198c

Download Submit
C:\Windows\system\WtCPwcu.exe

Filesize
6.0MB

MD5
b6ed1a0e2548e2c037fe4cc432541baf

SHA1
0637c3c3f09a99ef35964704b0131a90a30c1511

SHA256
ab87e3280244cbb65809df19e26a010925515f1f32f934f4ac072d74bd3bf18c

SHA512
67758d8bf33667863d09555ccbeaae035e7ec590c7fa5a4bee73b6508333d55d512645783d80c2420a5294facc3314bf9d1360c608141b7039e752d68499325d

Download Submit
C:\Windows\system\WzTAJsQ.exe

Filesize
6.0MB

MD5
3882de6f78fcd0d66d55335f77c07dc5

SHA1
8acf62aaf1268a6bff9c991325eedb25f0ffaee0

SHA256
9f356d5e9098088c84ff6f66d4f9749b489960af9c8dba955d7fe5bd792a0a20

SHA512
0882c7a39cd5450b606d1945f22f664b0fca1c4cd8185217e355587bb64093c8ac32e4d9561b65997380edcb51130c4d9fb88e7a069d45e5d8cd227fb7279c37

Download Submit
C:\Windows\system\XDvYuxf.exe

Filesize
6.0MB

MD5
a11dfe54069e81b52880ba5b5f5de00a

SHA1
0da496dd44e7b3b7fc9df09ccf9c3ec3ed472d93

SHA256
396e0271c25c87aee7aa609b92e1a38c38c69e11af6ff984c8feb59d99d7c6d9

SHA512
3df1d7aa826a33333095b9be916f12c6ce574814760a69c39a7a85c0723711fc59f48f80b414929b94290e3362080d812643995a9ec5fed0359a366913bd295b

Download Submit
C:\Windows\system\YEkHZZd.exe

Filesize
6.0MB

MD5
ce0f76f87a8c848c1b42ce497d52c1b3

SHA1
a22b1b2a901c5e7354fac65f0bf3fbf04633af4d

SHA256
d9a737742d4703dea5b4eda6a0f79bc8a0241bb9b411b1e231a2ca87481ee71e

SHA512
721472d0453224ec96646bd9ac419f4dbb9d50c97df608ab25c7dc80e2733e0eb9b8ded3a22a9415f582b08bc7b5211d2e12ddc4a1f9930d2d7ff5369fa3dd65

Download Submit
C:\Windows\system\ZcNnFlE.exe

Filesize
6.0MB

MD5
f88a86193eab85ce8885bf897f1d52a1

SHA1
9688b302f872e400619ea79edf81fbfb02face69

SHA256
b92fa13c3145a7571eb57df84a0a787c47ff2f96a65da884cabf3c7513cc9418

SHA512
ff59b47ae01f95403d79a39373c6b83975bffa1f45482a2921187315526d7734c6a3d1e6d77ba7d21e3f3b7812af3754b48d1e13ac6cb2d978ccb028c2a10beb

Download Submit
C:\Windows\system\fZCpThz.exe

Filesize
6.0MB

MD5
ff021c9f7fd480e9e87e561987b22c22

SHA1
3cc14ec770961a63c20e4ed4d9700736507272c6

SHA256
6c819207eb34844a7dccca1da49b49acaae6d06515ecbf6b0eb15aa38a4dacd0

SHA512
9ccb3aa044698a2a970cf10a6ac3f99a7958d906bbd96767c7be5f3fa93272543b6eac754ad4b294ef535567907b1e8221e197a5034aa7a164152108b0236288

Download Submit
C:\Windows\system\fpFTNub.exe

Filesize
6.0MB

MD5
e4d321612ddbbf30b68790506e6035b3

SHA1
86f421c717293aba91495646b18f84e49de31b9f

SHA256
b66041eae80f4e7be95729ee24872f22c27ab47f1746aaebdfbd19eaafe5d4b9

SHA512
720b839488e91e17dd3ac7770b4831c54c519b272ca433f23da7634acc2effd7a721dad1ad7e5a4b1cdee2f0ed12740a8176ef539a02393c582c557ecb4f689f

Download Submit
C:\Windows\system\gTnzhAX.exe

Filesize
6.0MB

MD5
8559ba0775e4d90fb2c825ef3ae54d55

SHA1
0425cb7ec321fe19348012dcbf1508c5ee660913

SHA256
56ebc34e749d62e53585a268c37f67e0068f4ee5f012ca853f385fdfe8e88c2e

SHA512
52ff374d77953bde12722de37cbf579b973587090bd47e744477a17d5de1f01088fcdf71ce2cbb11d8a91892124709c4d9f2c8c9dbb527a13b1b1a0c246a02e8

Download Submit
C:\Windows\system\mQHwNIK.exe

Filesize
6.0MB

MD5
32190f1c5cba2f96b382cce7ef7d9ef0

SHA1
643977ccb9e6af233f5da0df3f31b6ce6e097eca

SHA256
b1653a594b046a644c865498f23b86aab31cc10d40e26eee0bcdd4b90d2e711c

SHA512
9afec422852b80c21c30bc94e3c92e097d6e722690431dc2c81499b4a8ff27007b8f12e55044362d6c22f2d4613911843223bcff82d409e2aaa40b1d21c2365f

Download Submit
C:\Windows\system\nczxLiV.exe

Filesize
6.0MB

MD5
a63c376b33d3961bf33189cab86c7e73

SHA1
fe7e75f837c6bcd537c937333069456fbd4efb67

SHA256
c6178679aac8fb48b951cf0f1f5bbcd67fb49701681baa521e204805f86def46

SHA512
21304ab4102008cabb206ad80f0e0e4fa117268287ac742db2f5ef39a0eb331ca40cc42307846dd0f49d55cb6f673050ce9b03bd267fea287dbf986193ddccdc

Download Submit
C:\Windows\system\pQvicjV.exe

Filesize
6.0MB

MD5
dc4df0e5330e8e03ba2483376018bf4b

SHA1
f3f11d90686642ff843ca1aec6344169a0ad98f5

SHA256
011de230e1ce325977b96fea903694e7a45aa799e3615c49ad442b18ad96343c

SHA512
33d73d7f5eaa701ec4fb3d283ece7985c5ae97430aa8c236215e0f00eea462d23fe1b42cc54d6c0e42bd281fe5b0fdb3274d0eecb3d409dc7dea19812b1ad85f

Download Submit
C:\Windows\system\rfZdDEL.exe

Filesize
6.0MB

MD5
67e38c840f33791abf2ac26e1a7e5324

SHA1
6bf7e5c92238bdc88509271cc4360332dd233c2d

SHA256
3b6ca25bb3dbfd4a4914876c97656549c5cc6f66e05e338798c86d3f85597caf

SHA512
5a9f4927165dbc0cf7fde0ed9499841b63df7576f4ded6ab6bc78007a920c342ab1f36d4206f82c5fba7cc3e089073c12cdd33b48cb89e492ce73addaec48776

Download Submit
\Windows\system\LuvIEDN.exe

Filesize
6.0MB

MD5
aab34d5de4d509451be8333f7b15b4df

SHA1
b6aca11bd6c5c86ee459e72a7493d6be7da1bfe4

SHA256
08aa83127987811ff89b6bffe77ed35a12904a794daed115a01cc7a4489c61cc

SHA512
81f0c826826b1d9012e161d97fa4be2d7f0ccf4f358e8bc976b2d3a58a016a2fdf22f952f5486a54700d2b592cf6539da3f27328bc120bbb7f7d440ce8d0d571

Download Submit
\Windows\system\NZBNQDx.exe

Filesize
6.0MB

MD5
c29c31b50f93a589c4510c01020c0408

SHA1
a0c13b45900c10fcef4c7ad423c87ddbf3bb0496

SHA256
2e34f0624a9b3a8e9411ad61fb0ba64e230573c2b67bb2c7f3fcb19d79337260

SHA512
2dc5ffd97e2b7c177cef72dc7a604ddf0e64fa947aff96b2065e2302d6bb50e467180e701f6b4d09a66077f0aae2ca7a48a4aac0c311bc09861955ba3ccd3c7c

Download Submit
\Windows\system\aSeAwma.exe

Filesize
6.0MB

MD5
d52833cf3e2fd5cd2d81c97f81037a26

SHA1
227b15e696cb96f9edc45e7da3880cd9859d50b8

SHA256
7d11c168a9e7664f394ecacbe6584ced3422fef6a33e1704110e2482b3f0e947

SHA512
696265c7c08f9c70c0a7609e107e91566db998e4f45261b51df55df06ccde43089f3c59eb0779c3fc0f1b65764f3102e8cc54544042c8ac9319c2e43345b52e5

Download Submit
\Windows\system\cweeeAy.exe

Filesize
6.0MB

MD5
0b5c81602f6e1d696243669bd1f1d86c

SHA1
cfbf856ce994b9c9176c03b506ba5e85f197c113

SHA256
efb1226b81cf7fda24755ae9abb1989c3ef7cabb04732bddedf19850968233e9

SHA512
bb0daef73eaccfbf24db85e2750fbc8ed3d36300ab68b1fd67442d100eab5f8d850a689758b71ebdb65cfd6098ce03cd32bbcd80da9bdb10e67f7aa01697fd8c

Download Submit
\Windows\system\spiFMGY.exe

Filesize
6.0MB

MD5
9a113c33b20fc9ea49a0869e2a343853

SHA1
10be77427b1cd6ae0474ba5efd8defac26a444b4

SHA256
e9eb9660af3958ab58948a33f770bcc19ab0d4d00c36ef9e0d5666e9d10c57e0

SHA512
aa66faa262b5e2aab6b39341db6e643d2547f977cb943477be66804ce7f2246bbd12c148feebe7d5a7b5fdf572b7e53030b7870ae7e081b9e6b04c3bd91e0037

Download Submit
\Windows\system\xASOMiJ.exe

Filesize
6.0MB

MD5
a777512a7bdf6d58a85895a2793fefaa

SHA1
3aa62e6d535e53648894f84185caeec345094cd6

SHA256
32d0c33f456cabd69e9068e98512bdff508c0d18c22a4e494fb3ba15d102d9c9

SHA512
08f2711792490e8eeb86b7d49ea796f2e3273b38588f88903774fe61abc7cc82abcea9eea120670033ec03b75cb8dd316d5dda04dfa2da37800637dafc379cfe

Download Submit
memory/2192-2691-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3988-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3277-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2568-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3281-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2380-3431-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2528-2569-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3996-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download