cobaltstrike | 7e8f4b0c8f27fd16edac448b76cb069272f4e54fb2c5ab2d7a4928be938e2d4d

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

432095b88894c4d3bb99c6a90403429b
SHA1

e58283d38ac15774359c42a66be84aa807d5c9e0
SHA256

7e8f4b0c8f27fd16edac448b76cb069272f4e54fb2c5ab2d7a4928be938e2d4d
SHA512

805ca0b730d1435b2b27ecf43bd9cf1fb653fee819da9e5cfafbde5ee4f723c7f3a146b9b226f513ef981f5e75dd9a76c221152f3554cf1da81bc292ea73d774
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lU+:E+b56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-8.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016009-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-190.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-185.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-156.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-154.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-141.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001686c-139.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-137.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-121.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-108.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001659b-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-77.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000015dc0-28.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001613e-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2600-1-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/memory/2600-6-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-8.dat	xmrig
behavioral1/memory/2740-15-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2600-13-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016009-11.dat	xmrig
behavioral1/memory/336-37-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2600-20-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/memory/2536-44-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-54.dat	xmrig
behavioral1/files/0x000600000001707c-85.dat	xmrig
behavioral1/files/0x00060000000174a6-101.dat	xmrig
behavioral1/files/0x0005000000018696-126.dat	xmrig
behavioral1/memory/2696-119-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-88.dat	xmrig
behavioral1/memory/2536-917-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2440-812-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2640-430-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2740-252-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-190.dat	xmrig
behavioral1/files/0x00060000000190e1-185.dat	xmrig
behavioral1/files/0x000600000001904c-180.dat	xmrig
behavioral1/files/0x0006000000018f65-175.dat	xmrig
behavioral1/files/0x0006000000018c44-170.dat	xmrig
behavioral1/files/0x0006000000018c34-165.dat	xmrig
behavioral1/files/0x00050000000187a2-160.dat	xmrig
behavioral1/files/0x0005000000018697-156.dat	xmrig
behavioral1/files/0x0015000000018676-154.dat	xmrig
behavioral1/files/0x00060000000174c3-152.dat	xmrig
behavioral1/files/0x0006000000017488-150.dat	xmrig
behavioral1/files/0x00060000000173f3-146.dat	xmrig
behavioral1/files/0x0006000000016edb-144.dat	xmrig
behavioral1/files/0x0006000000016de8-141.dat	xmrig
behavioral1/files/0x000900000001686c-139.dat	xmrig
behavioral1/files/0x00070000000164db-137.dat	xmrig
behavioral1/memory/1300-136-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2800-133-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x000600000001757f-121.dat	xmrig
behavioral1/files/0x000600000001746a-108.dat	xmrig
behavioral1/memory/2404-90-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000700000001659b-67.dat	xmrig
behavioral1/memory/2600-118-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2856-117-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/704-103-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0006000000017400-93.dat	xmrig
behavioral1/files/0x0006000000016eb8-77.dat	xmrig
behavioral1/files/0x0038000000015dc0-28.dat	xmrig
behavioral1/memory/2640-26-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2600-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x000800000001613e-41.dat	xmrig
behavioral1/memory/2440-39-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2600-38-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000016334-36.dat	xmrig
behavioral1/memory/2740-3598-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2696-3609-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2440-3614-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1300-3623-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2404-3622-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2856-3621-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2800-3625-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/336-3657-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/704-3632-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2536-3653-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	zaQkgBt.exe
2740	kqHZorq.exe
2640	yaWYJiV.exe
336	ekVspin.exe
2440	wJvtNIp.exe
2536	yJOtQaa.exe
2404	yyCsLlu.exe
704	iPNeipN.exe
2800	mPEaFXm.exe
2856	gBFaJGd.exe
1300	ZZjrhNF.exe
1916	IYcvFEN.exe
772	BaYcejy.exe
1032	mOlqJne.exe
2108	ICnXAMg.exe
2580	TxWCGxg.exe
2228	KdlhSuz.exe
2576	fgKPZzF.exe
2828	lqwIsJy.exe
268	pFEEHVw.exe
1612	nYIQBLV.exe
2400	fTnlfxW.exe
1684	ZAAuXwr.exe
864	MAyZehP.exe
2136	xhXgBYd.exe
2140	lexIcOF.exe
1048	RbmXyNY.exe
444	yPNBuLj.exe
1704	vxCIKfL.exe
1784	zcGHQOT.exe
1624	iRVQLgy.exe
464	QgylKTK.exe
912	EFhZuZd.exe
992	MADZYXM.exe
1680	HkcOoIC.exe
572	GyWYRti.exe
1552	mAqMxWi.exe
1856	zZSDrnP.exe
1524	uIZGuAX.exe
1036	BGYVxNF.exe
752	uxSnfIF.exe
784	SvPOslA.exe
2044	xKiFrgw.exe
2436	aBwwxrC.exe
2244	uVWCdno.exe
2464	CPNthwq.exe
1976	MjkIJMG.exe
2028	XjsVweD.exe
2924	MQNoJim.exe
1188	LURueIg.exe
884	fQPfica.exe
2168	RGOxUxm.exe
2120	gZabdEJ.exe
1576	UwEfpxE.exe
1712	JVAlGXh.exe
2712	dBeXuLc.exe
2616	cVAgpjo.exe
2732	smshnQi.exe
2888	RyTuBVA.exe
2560	uVGexLE.exe
2816	SCddDxt.exe
1660	vTpaMGj.exe
1936	RFWrvqQ.exe
2492	oUhhKLB.exe

Loads dropped DLL 64 IoCs

pid	Process
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2600-1-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/memory/2600-6-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0008000000015f96-8.dat	upx
behavioral1/memory/2740-15-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0009000000016009-11.dat	upx
behavioral1/memory/336-37-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2536-44-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-54.dat	upx
behavioral1/files/0x000600000001707c-85.dat	upx
behavioral1/files/0x00060000000174a6-101.dat	upx
behavioral1/files/0x0005000000018696-126.dat	upx
behavioral1/memory/2696-119-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0006000000017403-88.dat	upx
behavioral1/memory/2536-917-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2440-812-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2640-430-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2740-252-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-190.dat	upx
behavioral1/files/0x00060000000190e1-185.dat	upx
behavioral1/files/0x000600000001904c-180.dat	upx
behavioral1/files/0x0006000000018f65-175.dat	upx
behavioral1/files/0x0006000000018c44-170.dat	upx
behavioral1/files/0x0006000000018c34-165.dat	upx
behavioral1/files/0x00050000000187a2-160.dat	upx
behavioral1/files/0x0005000000018697-156.dat	upx
behavioral1/files/0x0015000000018676-154.dat	upx
behavioral1/files/0x00060000000174c3-152.dat	upx
behavioral1/files/0x0006000000017488-150.dat	upx
behavioral1/files/0x00060000000173f3-146.dat	upx
behavioral1/files/0x0006000000016edb-144.dat	upx
behavioral1/files/0x0006000000016de8-141.dat	upx
behavioral1/files/0x000900000001686c-139.dat	upx
behavioral1/files/0x00070000000164db-137.dat	upx
behavioral1/memory/1300-136-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2800-133-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x000600000001757f-121.dat	upx
behavioral1/files/0x000600000001746a-108.dat	upx
behavioral1/memory/2404-90-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000700000001659b-67.dat	upx
behavioral1/memory/2856-117-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/704-103-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0006000000017400-93.dat	upx
behavioral1/files/0x0006000000016eb8-77.dat	upx
behavioral1/files/0x0038000000015dc0-28.dat	upx
behavioral1/memory/2640-26-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2600-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x000800000001613e-41.dat	upx
behavioral1/memory/2440-39-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000016334-36.dat	upx
behavioral1/memory/2740-3598-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2696-3609-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2440-3614-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1300-3623-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2404-3622-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2856-3621-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2800-3625-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/336-3657-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/704-3632-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2536-3653-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2640-3662-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tFghYip.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFukSaI.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpvWooZ.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdPLyYF.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFPEqmV.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbdXpaS.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGjjrmz.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVIekMX.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YklAqGS.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEaVUCZ.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFTIvIa.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaCdscz.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqldPau.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INoeMwl.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMIHTHi.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkmrvMt.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqvNuMe.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfIZCYM.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxwrovM.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKfovJa.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxIyagH.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klOMcQi.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUuRVhi.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdiSuwP.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUGTdCc.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfAYDVa.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZETIgq.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfyidSJ.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxUdItI.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILskmoT.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPSEezS.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DffslJM.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGmvLCM.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJWGEbe.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvizdTb.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYWtwPA.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XblKwfk.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOcRGxQ.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKiLYnz.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HASVuhq.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocXfUDf.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbCVFlm.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBNRDUO.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtYkOAY.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghQtAwK.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGrAytx.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvNigGf.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciUDTgO.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVMgpsi.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFrlsvh.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdfWMHi.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhSMorz.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBUaovx.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDUAhiS.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNxdDqp.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnLdsgX.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtxEudf.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKRmEbW.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAQdOXl.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCLBCrl.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNKbEhm.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcyVeaU.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZDMYez.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbVrNYK.exe	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2696	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2696	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2696	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2740	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2740	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2740	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2640	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 2640	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 2640	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 336	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 336	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 336	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2536	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2536	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2536	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2440	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2440	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2440	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2580	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2580	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2580	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2404	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2404	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2404	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2228	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2228	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2228	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 704	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 704	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 704	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2576	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2576	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2576	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2800	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2800	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2800	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2828	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2828	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2828	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2856	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 2856	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 2856	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 268	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 268	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 268	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2600 wrote to memory of 1300	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 1300	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 1300	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 1612	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1612	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1612	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1916	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 1916	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 1916	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 2400	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 2400	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 2400	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 772	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 772	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 772	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1684	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1684	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1684	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1032	2600	2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_432095b88894c4d3bb99c6a90403429b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\System\zaQkgBt.exe
  C:\Windows\System\zaQkgBt.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\kqHZorq.exe
  C:\Windows\System\kqHZorq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\yaWYJiV.exe
  C:\Windows\System\yaWYJiV.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ekVspin.exe
  C:\Windows\System\ekVspin.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\yJOtQaa.exe
  C:\Windows\System\yJOtQaa.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\wJvtNIp.exe
  C:\Windows\System\wJvtNIp.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\TxWCGxg.exe
  C:\Windows\System\TxWCGxg.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\yyCsLlu.exe
  C:\Windows\System\yyCsLlu.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\KdlhSuz.exe
  C:\Windows\System\KdlhSuz.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\iPNeipN.exe
  C:\Windows\System\iPNeipN.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\fgKPZzF.exe
  C:\Windows\System\fgKPZzF.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\mPEaFXm.exe
  C:\Windows\System\mPEaFXm.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\lqwIsJy.exe
  C:\Windows\System\lqwIsJy.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\gBFaJGd.exe
  C:\Windows\System\gBFaJGd.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\pFEEHVw.exe
  C:\Windows\System\pFEEHVw.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\ZZjrhNF.exe
  C:\Windows\System\ZZjrhNF.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\nYIQBLV.exe
  C:\Windows\System\nYIQBLV.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\IYcvFEN.exe
  C:\Windows\System\IYcvFEN.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\fTnlfxW.exe
  C:\Windows\System\fTnlfxW.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\BaYcejy.exe
  C:\Windows\System\BaYcejy.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ZAAuXwr.exe
  C:\Windows\System\ZAAuXwr.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\mOlqJne.exe
  C:\Windows\System\mOlqJne.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\MAyZehP.exe
  C:\Windows\System\MAyZehP.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\ICnXAMg.exe
  C:\Windows\System\ICnXAMg.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\xhXgBYd.exe
  C:\Windows\System\xhXgBYd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\lexIcOF.exe
  C:\Windows\System\lexIcOF.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\RbmXyNY.exe
  C:\Windows\System\RbmXyNY.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\yPNBuLj.exe
  C:\Windows\System\yPNBuLj.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\vxCIKfL.exe
  C:\Windows\System\vxCIKfL.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\zcGHQOT.exe
  C:\Windows\System\zcGHQOT.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\iRVQLgy.exe
  C:\Windows\System\iRVQLgy.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\QgylKTK.exe
  C:\Windows\System\QgylKTK.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\EFhZuZd.exe
  C:\Windows\System\EFhZuZd.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\MADZYXM.exe
  C:\Windows\System\MADZYXM.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\HkcOoIC.exe
  C:\Windows\System\HkcOoIC.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\GyWYRti.exe
  C:\Windows\System\GyWYRti.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\mAqMxWi.exe
  C:\Windows\System\mAqMxWi.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\zZSDrnP.exe
  C:\Windows\System\zZSDrnP.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\uIZGuAX.exe
  C:\Windows\System\uIZGuAX.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\BGYVxNF.exe
  C:\Windows\System\BGYVxNF.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\uxSnfIF.exe
  C:\Windows\System\uxSnfIF.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\SvPOslA.exe
  C:\Windows\System\SvPOslA.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\xKiFrgw.exe
  C:\Windows\System\xKiFrgw.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\aBwwxrC.exe
  C:\Windows\System\aBwwxrC.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\uVWCdno.exe
  C:\Windows\System\uVWCdno.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\CPNthwq.exe
  C:\Windows\System\CPNthwq.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\MjkIJMG.exe
  C:\Windows\System\MjkIJMG.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\XjsVweD.exe
  C:\Windows\System\XjsVweD.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\MQNoJim.exe
  C:\Windows\System\MQNoJim.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\LURueIg.exe
  C:\Windows\System\LURueIg.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\fQPfica.exe
  C:\Windows\System\fQPfica.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\RGOxUxm.exe
  C:\Windows\System\RGOxUxm.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\gZabdEJ.exe
  C:\Windows\System\gZabdEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\UwEfpxE.exe
  C:\Windows\System\UwEfpxE.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\JVAlGXh.exe
  C:\Windows\System\JVAlGXh.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\dBeXuLc.exe
  C:\Windows\System\dBeXuLc.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\cVAgpjo.exe
  C:\Windows\System\cVAgpjo.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\smshnQi.exe
  C:\Windows\System\smshnQi.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\RyTuBVA.exe
  C:\Windows\System\RyTuBVA.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\uVGexLE.exe
  C:\Windows\System\uVGexLE.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\SCddDxt.exe
  C:\Windows\System\SCddDxt.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\vTpaMGj.exe
  C:\Windows\System\vTpaMGj.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\RFWrvqQ.exe
  C:\Windows\System\RFWrvqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\oUhhKLB.exe
  C:\Windows\System\oUhhKLB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\GrEBVkA.exe
  C:\Windows\System\GrEBVkA.exe
  2⤵
  PID:2804
- C:\Windows\System\ePZldzU.exe
  C:\Windows\System\ePZldzU.exe
  2⤵
  PID:1724
- C:\Windows\System\psFzfrG.exe
  C:\Windows\System\psFzfrG.exe
  2⤵
  PID:480
- C:\Windows\System\frVABNO.exe
  C:\Windows\System\frVABNO.exe
  2⤵
  PID:1808
- C:\Windows\System\VYTdWKv.exe
  C:\Windows\System\VYTdWKv.exe
  2⤵
  PID:1944
- C:\Windows\System\VZiwjpb.exe
  C:\Windows\System\VZiwjpb.exe
  2⤵
  PID:840
- C:\Windows\System\JNBhGQG.exe
  C:\Windows\System\JNBhGQG.exe
  2⤵
  PID:2488
- C:\Windows\System\fuvKKEl.exe
  C:\Windows\System\fuvKKEl.exe
  2⤵
  PID:2116
- C:\Windows\System\yydCitq.exe
  C:\Windows\System\yydCitq.exe
  2⤵
  PID:3032
- C:\Windows\System\wpoKxXr.exe
  C:\Windows\System\wpoKxXr.exe
  2⤵
  PID:1316
- C:\Windows\System\jyrFBZE.exe
  C:\Windows\System\jyrFBZE.exe
  2⤵
  PID:616
- C:\Windows\System\JedGeDO.exe
  C:\Windows\System\JedGeDO.exe
  2⤵
  PID:1996
- C:\Windows\System\ghWKYCc.exe
  C:\Windows\System\ghWKYCc.exe
  2⤵
  PID:1556
- C:\Windows\System\RNjIGsu.exe
  C:\Windows\System\RNjIGsu.exe
  2⤵
  PID:1852
- C:\Windows\System\qvhStPk.exe
  C:\Windows\System\qvhStPk.exe
  2⤵
  PID:2892
- C:\Windows\System\JNnCNUM.exe
  C:\Windows\System\JNnCNUM.exe
  2⤵
  PID:1548
- C:\Windows\System\zpWJToi.exe
  C:\Windows\System\zpWJToi.exe
  2⤵
  PID:2432
- C:\Windows\System\csGuNRX.exe
  C:\Windows\System\csGuNRX.exe
  2⤵
  PID:2268
- C:\Windows\System\tFTOExJ.exe
  C:\Windows\System\tFTOExJ.exe
  2⤵
  PID:1372
- C:\Windows\System\skETBMe.exe
  C:\Windows\System\skETBMe.exe
  2⤵
  PID:1980
- C:\Windows\System\ZlzAiBi.exe
  C:\Windows\System\ZlzAiBi.exe
  2⤵
  PID:1748
- C:\Windows\System\AUSZQMD.exe
  C:\Windows\System\AUSZQMD.exe
  2⤵
  PID:888
- C:\Windows\System\cukuhIq.exe
  C:\Windows\System\cukuhIq.exe
  2⤵
  PID:2096
- C:\Windows\System\SqKRdDu.exe
  C:\Windows\System\SqKRdDu.exe
  2⤵
  PID:2076
- C:\Windows\System\DfGfEUU.exe
  C:\Windows\System\DfGfEUU.exe
  2⤵
  PID:2728
- C:\Windows\System\iksQmvo.exe
  C:\Windows\System\iksQmvo.exe
  2⤵
  PID:2632
- C:\Windows\System\TAKRaic.exe
  C:\Windows\System\TAKRaic.exe
  2⤵
  PID:2556
- C:\Windows\System\fbVnSPf.exe
  C:\Windows\System\fbVnSPf.exe
  2⤵
  PID:2496
- C:\Windows\System\QSTSwCx.exe
  C:\Windows\System\QSTSwCx.exe
  2⤵
  PID:2972
- C:\Windows\System\HForzLQ.exe
  C:\Windows\System\HForzLQ.exe
  2⤵
  PID:2524
- C:\Windows\System\EoUWnpl.exe
  C:\Windows\System\EoUWnpl.exe
  2⤵
  PID:2976
- C:\Windows\System\lBkuDWn.exe
  C:\Windows\System\lBkuDWn.exe
  2⤵
  PID:1392
- C:\Windows\System\zgcFUAU.exe
  C:\Windows\System\zgcFUAU.exe
  2⤵
  PID:3028
- C:\Windows\System\AtRePEf.exe
  C:\Windows\System\AtRePEf.exe
  2⤵
  PID:2232
- C:\Windows\System\rpbmbWg.exe
  C:\Windows\System\rpbmbWg.exe
  2⤵
  PID:2912
- C:\Windows\System\jwFkawA.exe
  C:\Windows\System\jwFkawA.exe
  2⤵
  PID:2472
- C:\Windows\System\wtZfGui.exe
  C:\Windows\System\wtZfGui.exe
  2⤵
  PID:2692
- C:\Windows\System\sJwxbcw.exe
  C:\Windows\System\sJwxbcw.exe
  2⤵
  PID:2184
- C:\Windows\System\mgxzOZX.exe
  C:\Windows\System\mgxzOZX.exe
  2⤵
  PID:908
- C:\Windows\System\DOxUmwF.exe
  C:\Windows\System\DOxUmwF.exe
  2⤵
  PID:956
- C:\Windows\System\cnTmqCe.exe
  C:\Windows\System\cnTmqCe.exe
  2⤵
  PID:1760
- C:\Windows\System\TDbEsDW.exe
  C:\Windows\System\TDbEsDW.exe
  2⤵
  PID:1544
- C:\Windows\System\wWxiMSm.exe
  C:\Windows\System\wWxiMSm.exe
  2⤵
  PID:2952
- C:\Windows\System\vpGayhE.exe
  C:\Windows\System\vpGayhE.exe
  2⤵
  PID:2708
- C:\Windows\System\WsAdnCH.exe
  C:\Windows\System\WsAdnCH.exe
  2⤵
  PID:2612
- C:\Windows\System\JXrUdfd.exe
  C:\Windows\System\JXrUdfd.exe
  2⤵
  PID:2764
- C:\Windows\System\eIYJUKK.exe
  C:\Windows\System\eIYJUKK.exe
  2⤵
  PID:272
- C:\Windows\System\aNKyFrs.exe
  C:\Windows\System\aNKyFrs.exe
  2⤵
  PID:2844
- C:\Windows\System\cIjhpXf.exe
  C:\Windows\System\cIjhpXf.exe
  2⤵
  PID:1964
- C:\Windows\System\IUKGneq.exe
  C:\Windows\System\IUKGneq.exe
  2⤵
  PID:2272
- C:\Windows\System\uGrAytx.exe
  C:\Windows\System\uGrAytx.exe
  2⤵
  PID:932
- C:\Windows\System\lnZDBqO.exe
  C:\Windows\System\lnZDBqO.exe
  2⤵
  PID:2204
- C:\Windows\System\rdHBQof.exe
  C:\Windows\System\rdHBQof.exe
  2⤵
  PID:1000
- C:\Windows\System\iBMRCqp.exe
  C:\Windows\System\iBMRCqp.exe
  2⤵
  PID:2288
- C:\Windows\System\PLPcVEF.exe
  C:\Windows\System\PLPcVEF.exe
  2⤵
  PID:1512
- C:\Windows\System\JwJtpIz.exe
  C:\Windows\System\JwJtpIz.exe
  2⤵
  PID:348
- C:\Windows\System\AUwozxZ.exe
  C:\Windows\System\AUwozxZ.exe
  2⤵
  PID:2884
- C:\Windows\System\PftkBAA.exe
  C:\Windows\System\PftkBAA.exe
  2⤵
  PID:1776
- C:\Windows\System\jixjlVP.exe
  C:\Windows\System\jixjlVP.exe
  2⤵
  PID:3092
- C:\Windows\System\BGTywuG.exe
  C:\Windows\System\BGTywuG.exe
  2⤵
  PID:3108
- C:\Windows\System\ETuLvxc.exe
  C:\Windows\System\ETuLvxc.exe
  2⤵
  PID:3132
- C:\Windows\System\RWLODKq.exe
  C:\Windows\System\RWLODKq.exe
  2⤵
  PID:3152
- C:\Windows\System\HeYNgTY.exe
  C:\Windows\System\HeYNgTY.exe
  2⤵
  PID:3172
- C:\Windows\System\pUQlspt.exe
  C:\Windows\System\pUQlspt.exe
  2⤵
  PID:3192
- C:\Windows\System\hyRNkqm.exe
  C:\Windows\System\hyRNkqm.exe
  2⤵
  PID:3212
- C:\Windows\System\bYDuPxg.exe
  C:\Windows\System\bYDuPxg.exe
  2⤵
  PID:3232
- C:\Windows\System\itzHFlN.exe
  C:\Windows\System\itzHFlN.exe
  2⤵
  PID:3252
- C:\Windows\System\bBmYkdc.exe
  C:\Windows\System\bBmYkdc.exe
  2⤵
  PID:3272
- C:\Windows\System\HPAHIdW.exe
  C:\Windows\System\HPAHIdW.exe
  2⤵
  PID:3292
- C:\Windows\System\HILVPeE.exe
  C:\Windows\System\HILVPeE.exe
  2⤵
  PID:3312
- C:\Windows\System\bzufhTk.exe
  C:\Windows\System\bzufhTk.exe
  2⤵
  PID:3332
- C:\Windows\System\ayTVWIx.exe
  C:\Windows\System\ayTVWIx.exe
  2⤵
  PID:3352
- C:\Windows\System\vBvSdRx.exe
  C:\Windows\System\vBvSdRx.exe
  2⤵
  PID:3376
- C:\Windows\System\gUuCZoE.exe
  C:\Windows\System\gUuCZoE.exe
  2⤵
  PID:3396
- C:\Windows\System\JUMofSp.exe
  C:\Windows\System\JUMofSp.exe
  2⤵
  PID:3416
- C:\Windows\System\wzfRBYq.exe
  C:\Windows\System\wzfRBYq.exe
  2⤵
  PID:3436
- C:\Windows\System\uYIakeA.exe
  C:\Windows\System\uYIakeA.exe
  2⤵
  PID:3456
- C:\Windows\System\XfqNZSn.exe
  C:\Windows\System\XfqNZSn.exe
  2⤵
  PID:3472
- C:\Windows\System\fXvamtY.exe
  C:\Windows\System\fXvamtY.exe
  2⤵
  PID:3496
- C:\Windows\System\EcbqeMM.exe
  C:\Windows\System\EcbqeMM.exe
  2⤵
  PID:3516
- C:\Windows\System\QpSCEGQ.exe
  C:\Windows\System\QpSCEGQ.exe
  2⤵
  PID:3536
- C:\Windows\System\idHaBVS.exe
  C:\Windows\System\idHaBVS.exe
  2⤵
  PID:3556
- C:\Windows\System\iMPrOLq.exe
  C:\Windows\System\iMPrOLq.exe
  2⤵
  PID:3576
- C:\Windows\System\cwSCndZ.exe
  C:\Windows\System\cwSCndZ.exe
  2⤵
  PID:3592
- C:\Windows\System\jHyAtQw.exe
  C:\Windows\System\jHyAtQw.exe
  2⤵
  PID:3616
- C:\Windows\System\fvxbzEb.exe
  C:\Windows\System\fvxbzEb.exe
  2⤵
  PID:3636
- C:\Windows\System\YpJnnDM.exe
  C:\Windows\System\YpJnnDM.exe
  2⤵
  PID:3656
- C:\Windows\System\wBFXPtK.exe
  C:\Windows\System\wBFXPtK.exe
  2⤵
  PID:3676
- C:\Windows\System\xEfseoD.exe
  C:\Windows\System\xEfseoD.exe
  2⤵
  PID:3696
- C:\Windows\System\JCShpFx.exe
  C:\Windows\System\JCShpFx.exe
  2⤵
  PID:3712
- C:\Windows\System\gnXYSlp.exe
  C:\Windows\System\gnXYSlp.exe
  2⤵
  PID:3736
- C:\Windows\System\hqcEMnH.exe
  C:\Windows\System\hqcEMnH.exe
  2⤵
  PID:3756
- C:\Windows\System\vEMcKTs.exe
  C:\Windows\System\vEMcKTs.exe
  2⤵
  PID:3776
- C:\Windows\System\TdnRBld.exe
  C:\Windows\System\TdnRBld.exe
  2⤵
  PID:3796
- C:\Windows\System\Owxbhus.exe
  C:\Windows\System\Owxbhus.exe
  2⤵
  PID:3816
- C:\Windows\System\UfmohHJ.exe
  C:\Windows\System\UfmohHJ.exe
  2⤵
  PID:3836
- C:\Windows\System\jGEEgby.exe
  C:\Windows\System\jGEEgby.exe
  2⤵
  PID:3856
- C:\Windows\System\iGrkgbn.exe
  C:\Windows\System\iGrkgbn.exe
  2⤵
  PID:3876
- C:\Windows\System\RqybcdE.exe
  C:\Windows\System\RqybcdE.exe
  2⤵
  PID:3896
- C:\Windows\System\IJRwywe.exe
  C:\Windows\System\IJRwywe.exe
  2⤵
  PID:3916
- C:\Windows\System\JuwfFnU.exe
  C:\Windows\System\JuwfFnU.exe
  2⤵
  PID:3936
- C:\Windows\System\uDHqJGG.exe
  C:\Windows\System\uDHqJGG.exe
  2⤵
  PID:3956
- C:\Windows\System\HHnLVuf.exe
  C:\Windows\System\HHnLVuf.exe
  2⤵
  PID:3976
- C:\Windows\System\gHhgAOa.exe
  C:\Windows\System\gHhgAOa.exe
  2⤵
  PID:3996
- C:\Windows\System\LDBbpku.exe
  C:\Windows\System\LDBbpku.exe
  2⤵
  PID:4016
- C:\Windows\System\DvfzoCx.exe
  C:\Windows\System\DvfzoCx.exe
  2⤵
  PID:4036
- C:\Windows\System\uCXHaNa.exe
  C:\Windows\System\uCXHaNa.exe
  2⤵
  PID:4056
- C:\Windows\System\JbVrNYK.exe
  C:\Windows\System\JbVrNYK.exe
  2⤵
  PID:4076
- C:\Windows\System\ePeNemI.exe
  C:\Windows\System\ePeNemI.exe
  2⤵
  PID:1764
- C:\Windows\System\NaIGLfs.exe
  C:\Windows\System\NaIGLfs.exe
  2⤵
  PID:492
- C:\Windows\System\LTGpuYK.exe
  C:\Windows\System\LTGpuYK.exe
  2⤵
  PID:2428
- C:\Windows\System\gWrtGvY.exe
  C:\Windows\System\gWrtGvY.exe
  2⤵
  PID:1844
- C:\Windows\System\BzVJvRM.exe
  C:\Windows\System\BzVJvRM.exe
  2⤵
  PID:2360
- C:\Windows\System\EpnLOSm.exe
  C:\Windows\System\EpnLOSm.exe
  2⤵
  PID:1596
- C:\Windows\System\IlWemIa.exe
  C:\Windows\System\IlWemIa.exe
  2⤵
  PID:2540
- C:\Windows\System\VayRNPp.exe
  C:\Windows\System\VayRNPp.exe
  2⤵
  PID:3128
- C:\Windows\System\dkQnsyE.exe
  C:\Windows\System\dkQnsyE.exe
  2⤵
  PID:3168
- C:\Windows\System\FburqaR.exe
  C:\Windows\System\FburqaR.exe
  2⤵
  PID:3140
- C:\Windows\System\GEEWiNZ.exe
  C:\Windows\System\GEEWiNZ.exe
  2⤵
  PID:3184
- C:\Windows\System\XwIstrX.exe
  C:\Windows\System\XwIstrX.exe
  2⤵
  PID:3224
- C:\Windows\System\JaKjUbG.exe
  C:\Windows\System\JaKjUbG.exe
  2⤵
  PID:3264
- C:\Windows\System\mTVHQKn.exe
  C:\Windows\System\mTVHQKn.exe
  2⤵
  PID:3320
- C:\Windows\System\XinRuLf.exe
  C:\Windows\System\XinRuLf.exe
  2⤵
  PID:3368
- C:\Windows\System\JiqousE.exe
  C:\Windows\System\JiqousE.exe
  2⤵
  PID:3404
- C:\Windows\System\lFqKEHA.exe
  C:\Windows\System\lFqKEHA.exe
  2⤵
  PID:3408
- C:\Windows\System\zybXMdA.exe
  C:\Windows\System\zybXMdA.exe
  2⤵
  PID:3432
- C:\Windows\System\CGouMgD.exe
  C:\Windows\System\CGouMgD.exe
  2⤵
  PID:3488
- C:\Windows\System\XDkmPBj.exe
  C:\Windows\System\XDkmPBj.exe
  2⤵
  PID:3532
- C:\Windows\System\hLIkStk.exe
  C:\Windows\System\hLIkStk.exe
  2⤵
  PID:3572
- C:\Windows\System\mxFYxNV.exe
  C:\Windows\System\mxFYxNV.exe
  2⤵
  PID:3612
- C:\Windows\System\RWipbui.exe
  C:\Windows\System\RWipbui.exe
  2⤵
  PID:3604
- C:\Windows\System\FcpPJty.exe
  C:\Windows\System\FcpPJty.exe
  2⤵
  PID:3648
- C:\Windows\System\bSNVKFX.exe
  C:\Windows\System\bSNVKFX.exe
  2⤵
  PID:3688
- C:\Windows\System\pRpiDLR.exe
  C:\Windows\System\pRpiDLR.exe
  2⤵
  PID:3728
- C:\Windows\System\qbEBvWW.exe
  C:\Windows\System\qbEBvWW.exe
  2⤵
  PID:3764
- C:\Windows\System\JTmuCOL.exe
  C:\Windows\System\JTmuCOL.exe
  2⤵
  PID:3748
- C:\Windows\System\MSShOpn.exe
  C:\Windows\System\MSShOpn.exe
  2⤵
  PID:3792
- C:\Windows\System\TGYotWe.exe
  C:\Windows\System\TGYotWe.exe
  2⤵
  PID:3832
- C:\Windows\System\OOEQRsQ.exe
  C:\Windows\System\OOEQRsQ.exe
  2⤵
  PID:3888
- C:\Windows\System\sasgUxO.exe
  C:\Windows\System\sasgUxO.exe
  2⤵
  PID:3924
- C:\Windows\System\uPpmhjO.exe
  C:\Windows\System\uPpmhjO.exe
  2⤵
  PID:3944
- C:\Windows\System\tPUZnXr.exe
  C:\Windows\System\tPUZnXr.exe
  2⤵
  PID:3968
- C:\Windows\System\SlzeZDE.exe
  C:\Windows\System\SlzeZDE.exe
  2⤵
  PID:3992
- C:\Windows\System\qfnDUfm.exe
  C:\Windows\System\qfnDUfm.exe
  2⤵
  PID:4028
- C:\Windows\System\oGIdwQZ.exe
  C:\Windows\System\oGIdwQZ.exe
  2⤵
  PID:4064
- C:\Windows\System\fhbQyaP.exe
  C:\Windows\System\fhbQyaP.exe
  2⤵
  PID:2080
- C:\Windows\System\ZqiyBXQ.exe
  C:\Windows\System\ZqiyBXQ.exe
  2⤵
  PID:1648
- C:\Windows\System\MyBfARI.exe
  C:\Windows\System\MyBfARI.exe
  2⤵
  PID:2396
- C:\Windows\System\AEAlVJD.exe
  C:\Windows\System\AEAlVJD.exe
  2⤵
  PID:2364
- C:\Windows\System\GVutYYb.exe
  C:\Windows\System\GVutYYb.exe
  2⤵
  PID:3120
- C:\Windows\System\ZHCWfmp.exe
  C:\Windows\System\ZHCWfmp.exe
  2⤵
  PID:3144
- C:\Windows\System\kxQzFBD.exe
  C:\Windows\System\kxQzFBD.exe
  2⤵
  PID:3268
- C:\Windows\System\xXuZaQR.exe
  C:\Windows\System\xXuZaQR.exe
  2⤵
  PID:3324
- C:\Windows\System\qxwHYKn.exe
  C:\Windows\System\qxwHYKn.exe
  2⤵
  PID:3340
- C:\Windows\System\slDNTWI.exe
  C:\Windows\System\slDNTWI.exe
  2⤵
  PID:3348
- C:\Windows\System\XuLxVwn.exe
  C:\Windows\System\XuLxVwn.exe
  2⤵
  PID:3424
- C:\Windows\System\ljkANOx.exe
  C:\Windows\System\ljkANOx.exe
  2⤵
  PID:3528
- C:\Windows\System\LOLHKHF.exe
  C:\Windows\System\LOLHKHF.exe
  2⤵
  PID:3544
- C:\Windows\System\ebAoKQn.exe
  C:\Windows\System\ebAoKQn.exe
  2⤵
  PID:3584
- C:\Windows\System\qUHIIaa.exe
  C:\Windows\System\qUHIIaa.exe
  2⤵
  PID:3372
- C:\Windows\System\bnCHkGU.exe
  C:\Windows\System\bnCHkGU.exe
  2⤵
  PID:3724
- C:\Windows\System\LfxLUwu.exe
  C:\Windows\System\LfxLUwu.exe
  2⤵
  PID:3784
- C:\Windows\System\CAkphPi.exe
  C:\Windows\System\CAkphPi.exe
  2⤵
  PID:3824
- C:\Windows\System\NjDOAos.exe
  C:\Windows\System\NjDOAos.exe
  2⤵
  PID:3844
- C:\Windows\System\lbftAfw.exe
  C:\Windows\System\lbftAfw.exe
  2⤵
  PID:3908
- C:\Windows\System\gzJuJfT.exe
  C:\Windows\System\gzJuJfT.exe
  2⤵
  PID:3952
- C:\Windows\System\EtqmCLK.exe
  C:\Windows\System\EtqmCLK.exe
  2⤵
  PID:4092
- C:\Windows\System\obIdvas.exe
  C:\Windows\System\obIdvas.exe
  2⤵
  PID:1688
- C:\Windows\System\ShVEBKf.exe
  C:\Windows\System\ShVEBKf.exe
  2⤵
  PID:2384
- C:\Windows\System\RAnIAoq.exe
  C:\Windows\System\RAnIAoq.exe
  2⤵
  PID:1816
- C:\Windows\System\yWlWMvn.exe
  C:\Windows\System\yWlWMvn.exe
  2⤵
  PID:3160
- C:\Windows\System\rjLLayr.exe
  C:\Windows\System\rjLLayr.exe
  2⤵
  PID:3220
- C:\Windows\System\rezShti.exe
  C:\Windows\System\rezShti.exe
  2⤵
  PID:3300
- C:\Windows\System\SoCwxfO.exe
  C:\Windows\System\SoCwxfO.exe
  2⤵
  PID:3508
- C:\Windows\System\mQNwnnO.exe
  C:\Windows\System\mQNwnnO.exe
  2⤵
  PID:3608
- C:\Windows\System\VvpxEoY.exe
  C:\Windows\System\VvpxEoY.exe
  2⤵
  PID:3704
- C:\Windows\System\WsmscHl.exe
  C:\Windows\System\WsmscHl.exe
  2⤵
  PID:3684
- C:\Windows\System\qBTRxJU.exe
  C:\Windows\System\qBTRxJU.exe
  2⤵
  PID:3812
- C:\Windows\System\BLJJHlV.exe
  C:\Windows\System\BLJJHlV.exe
  2⤵
  PID:4112
- C:\Windows\System\KTcfzUU.exe
  C:\Windows\System\KTcfzUU.exe
  2⤵
  PID:4132
- C:\Windows\System\xLwnUea.exe
  C:\Windows\System\xLwnUea.exe
  2⤵
  PID:4152
- C:\Windows\System\VktQIrp.exe
  C:\Windows\System\VktQIrp.exe
  2⤵
  PID:4172
- C:\Windows\System\NODLqag.exe
  C:\Windows\System\NODLqag.exe
  2⤵
  PID:4192
- C:\Windows\System\dcaEeAO.exe
  C:\Windows\System\dcaEeAO.exe
  2⤵
  PID:4212
- C:\Windows\System\POWmXxq.exe
  C:\Windows\System\POWmXxq.exe
  2⤵
  PID:4232
- C:\Windows\System\DMAEYGc.exe
  C:\Windows\System\DMAEYGc.exe
  2⤵
  PID:4252
- C:\Windows\System\WqZYXTt.exe
  C:\Windows\System\WqZYXTt.exe
  2⤵
  PID:4272
- C:\Windows\System\ywTiizF.exe
  C:\Windows\System\ywTiizF.exe
  2⤵
  PID:4292
- C:\Windows\System\IEWjava.exe
  C:\Windows\System\IEWjava.exe
  2⤵
  PID:4312
- C:\Windows\System\ulIuEZm.exe
  C:\Windows\System\ulIuEZm.exe
  2⤵
  PID:4332
- C:\Windows\System\mLhyKNx.exe
  C:\Windows\System\mLhyKNx.exe
  2⤵
  PID:4352
- C:\Windows\System\pyvMafe.exe
  C:\Windows\System\pyvMafe.exe
  2⤵
  PID:4372
- C:\Windows\System\pyBOiEW.exe
  C:\Windows\System\pyBOiEW.exe
  2⤵
  PID:4392
- C:\Windows\System\APOglDh.exe
  C:\Windows\System\APOglDh.exe
  2⤵
  PID:4412
- C:\Windows\System\IQUTzAg.exe
  C:\Windows\System\IQUTzAg.exe
  2⤵
  PID:4436
- C:\Windows\System\myuFBxo.exe
  C:\Windows\System\myuFBxo.exe
  2⤵
  PID:4456
- C:\Windows\System\aChpBUt.exe
  C:\Windows\System\aChpBUt.exe
  2⤵
  PID:4476
- C:\Windows\System\QthepJO.exe
  C:\Windows\System\QthepJO.exe
  2⤵
  PID:4496
- C:\Windows\System\ZNcGEJD.exe
  C:\Windows\System\ZNcGEJD.exe
  2⤵
  PID:4516
- C:\Windows\System\mYqfLvq.exe
  C:\Windows\System\mYqfLvq.exe
  2⤵
  PID:4536
- C:\Windows\System\aRmTqWJ.exe
  C:\Windows\System\aRmTqWJ.exe
  2⤵
  PID:4556
- C:\Windows\System\xJNDmvV.exe
  C:\Windows\System\xJNDmvV.exe
  2⤵
  PID:4576
- C:\Windows\System\FQQNfFI.exe
  C:\Windows\System\FQQNfFI.exe
  2⤵
  PID:4596
- C:\Windows\System\lfOxZdF.exe
  C:\Windows\System\lfOxZdF.exe
  2⤵
  PID:4612
- C:\Windows\System\NyCcXXd.exe
  C:\Windows\System\NyCcXXd.exe
  2⤵
  PID:4636
- C:\Windows\System\YxisgBb.exe
  C:\Windows\System\YxisgBb.exe
  2⤵
  PID:4656
- C:\Windows\System\YVNdDek.exe
  C:\Windows\System\YVNdDek.exe
  2⤵
  PID:4676
- C:\Windows\System\GLyGKXq.exe
  C:\Windows\System\GLyGKXq.exe
  2⤵
  PID:4696
- C:\Windows\System\SqnQOat.exe
  C:\Windows\System\SqnQOat.exe
  2⤵
  PID:4716
- C:\Windows\System\HZkTnaC.exe
  C:\Windows\System\HZkTnaC.exe
  2⤵
  PID:4736
- C:\Windows\System\ftlNINX.exe
  C:\Windows\System\ftlNINX.exe
  2⤵
  PID:4760
- C:\Windows\System\tKqswaf.exe
  C:\Windows\System\tKqswaf.exe
  2⤵
  PID:4780
- C:\Windows\System\gxznhkI.exe
  C:\Windows\System\gxznhkI.exe
  2⤵
  PID:4800
- C:\Windows\System\KEwyXNP.exe
  C:\Windows\System\KEwyXNP.exe
  2⤵
  PID:4820
- C:\Windows\System\bqWwaVG.exe
  C:\Windows\System\bqWwaVG.exe
  2⤵
  PID:4840
- C:\Windows\System\WFGQAEC.exe
  C:\Windows\System\WFGQAEC.exe
  2⤵
  PID:4860
- C:\Windows\System\hbqtJgT.exe
  C:\Windows\System\hbqtJgT.exe
  2⤵
  PID:4880
- C:\Windows\System\bcRmcaP.exe
  C:\Windows\System\bcRmcaP.exe
  2⤵
  PID:4900
- C:\Windows\System\avqmNtl.exe
  C:\Windows\System\avqmNtl.exe
  2⤵
  PID:4924
- C:\Windows\System\GJRgIZG.exe
  C:\Windows\System\GJRgIZG.exe
  2⤵
  PID:4944
- C:\Windows\System\GhINlfc.exe
  C:\Windows\System\GhINlfc.exe
  2⤵
  PID:4964
- C:\Windows\System\JexAJdt.exe
  C:\Windows\System\JexAJdt.exe
  2⤵
  PID:4984
- C:\Windows\System\CXEPSxF.exe
  C:\Windows\System\CXEPSxF.exe
  2⤵
  PID:5004
- C:\Windows\System\bKYtcLf.exe
  C:\Windows\System\bKYtcLf.exe
  2⤵
  PID:5024
- C:\Windows\System\kheghZG.exe
  C:\Windows\System\kheghZG.exe
  2⤵
  PID:5044
- C:\Windows\System\axOfiXi.exe
  C:\Windows\System\axOfiXi.exe
  2⤵
  PID:5060
- C:\Windows\System\aBaECfJ.exe
  C:\Windows\System\aBaECfJ.exe
  2⤵
  PID:5092
- C:\Windows\System\oEGHusi.exe
  C:\Windows\System\oEGHusi.exe
  2⤵
  PID:5112
- C:\Windows\System\zNFvLxF.exe
  C:\Windows\System\zNFvLxF.exe
  2⤵
  PID:3904
- C:\Windows\System\DCPatVb.exe
  C:\Windows\System\DCPatVb.exe
  2⤵
  PID:4044
- C:\Windows\System\ZoDUmsx.exe
  C:\Windows\System\ZoDUmsx.exe
  2⤵
  PID:4072
- C:\Windows\System\OIHvyXt.exe
  C:\Windows\System\OIHvyXt.exe
  2⤵
  PID:1220
- C:\Windows\System\eRGzlMG.exe
  C:\Windows\System\eRGzlMG.exe
  2⤵
  PID:2960
- C:\Windows\System\qJzFWfc.exe
  C:\Windows\System\qJzFWfc.exe
  2⤵
  PID:3284
- C:\Windows\System\IXvWLXi.exe
  C:\Windows\System\IXvWLXi.exe
  2⤵
  PID:3260
- C:\Windows\System\OBFiPFI.exe
  C:\Windows\System\OBFiPFI.exe
  2⤵
  PID:3668
- C:\Windows\System\wBwsNGW.exe
  C:\Windows\System\wBwsNGW.exe
  2⤵
  PID:3808
- C:\Windows\System\wPKUQHI.exe
  C:\Windows\System\wPKUQHI.exe
  2⤵
  PID:4104
- C:\Windows\System\VUlPiRN.exe
  C:\Windows\System\VUlPiRN.exe
  2⤵
  PID:4128
- C:\Windows\System\IdiSuwP.exe
  C:\Windows\System\IdiSuwP.exe
  2⤵
  PID:4164
- C:\Windows\System\QeEOPRK.exe
  C:\Windows\System\QeEOPRK.exe
  2⤵
  PID:4224
- C:\Windows\System\TlMBseL.exe
  C:\Windows\System\TlMBseL.exe
  2⤵
  PID:4240
- C:\Windows\System\guIRtQy.exe
  C:\Windows\System\guIRtQy.exe
  2⤵
  PID:4280
- C:\Windows\System\zPnbkZi.exe
  C:\Windows\System\zPnbkZi.exe
  2⤵
  PID:4284
- C:\Windows\System\AXgbFkp.exe
  C:\Windows\System\AXgbFkp.exe
  2⤵
  PID:4328
- C:\Windows\System\BPbFFLl.exe
  C:\Windows\System\BPbFFLl.exe
  2⤵
  PID:4384
- C:\Windows\System\VLPntPL.exe
  C:\Windows\System\VLPntPL.exe
  2⤵
  PID:4428
- C:\Windows\System\JkkSozh.exe
  C:\Windows\System\JkkSozh.exe
  2⤵
  PID:4468
- C:\Windows\System\RQvzpnt.exe
  C:\Windows\System\RQvzpnt.exe
  2⤵
  PID:4448
- C:\Windows\System\iZrllBD.exe
  C:\Windows\System\iZrllBD.exe
  2⤵
  PID:4488
- C:\Windows\System\DffslJM.exe
  C:\Windows\System\DffslJM.exe
  2⤵
  PID:4532
- C:\Windows\System\zvpblKO.exe
  C:\Windows\System\zvpblKO.exe
  2⤵
  PID:4588
- C:\Windows\System\mqeAQue.exe
  C:\Windows\System\mqeAQue.exe
  2⤵
  PID:4572
- C:\Windows\System\yunMadQ.exe
  C:\Windows\System\yunMadQ.exe
  2⤵
  PID:4664
- C:\Windows\System\iTUtTzT.exe
  C:\Windows\System\iTUtTzT.exe
  2⤵
  PID:4684
- C:\Windows\System\JOWLmjq.exe
  C:\Windows\System\JOWLmjq.exe
  2⤵
  PID:4688
- C:\Windows\System\yvoPxDX.exe
  C:\Windows\System\yvoPxDX.exe
  2⤵
  PID:4756
- C:\Windows\System\FIrkMjB.exe
  C:\Windows\System\FIrkMjB.exe
  2⤵
  PID:4772
- C:\Windows\System\lVWSrVk.exe
  C:\Windows\System\lVWSrVk.exe
  2⤵
  PID:2620
- C:\Windows\System\xysiThV.exe
  C:\Windows\System\xysiThV.exe
  2⤵
  PID:4868
- C:\Windows\System\MdZyFxl.exe
  C:\Windows\System\MdZyFxl.exe
  2⤵
  PID:4908
- C:\Windows\System\LijFxnX.exe
  C:\Windows\System\LijFxnX.exe
  2⤵
  PID:4852
- C:\Windows\System\hJCeDkc.exe
  C:\Windows\System\hJCeDkc.exe
  2⤵
  PID:4952
- C:\Windows\System\dNZSIaI.exe
  C:\Windows\System\dNZSIaI.exe
  2⤵
  PID:5000
- C:\Windows\System\cOtQZuT.exe
  C:\Windows\System\cOtQZuT.exe
  2⤵
  PID:4936
- C:\Windows\System\FUzHbaC.exe
  C:\Windows\System\FUzHbaC.exe
  2⤵
  PID:5020
- C:\Windows\System\jivUOsG.exe
  C:\Windows\System\jivUOsG.exe
  2⤵
  PID:2552
- C:\Windows\System\zGxSQik.exe
  C:\Windows\System\zGxSQik.exe
  2⤵
  PID:3892
- C:\Windows\System\zqDHxZe.exe
  C:\Windows\System\zqDHxZe.exe
  2⤵
  PID:3928
- C:\Windows\System\stLGTzv.exe
  C:\Windows\System\stLGTzv.exe
  2⤵
  PID:4032
- C:\Windows\System\AgpTEwX.exe
  C:\Windows\System\AgpTEwX.exe
  2⤵
  PID:4068
- C:\Windows\System\cGcldGz.exe
  C:\Windows\System\cGcldGz.exe
  2⤵
  PID:3148
- C:\Windows\System\kUQirwe.exe
  C:\Windows\System\kUQirwe.exe
  2⤵
  PID:3480
- C:\Windows\System\tybjZMm.exe
  C:\Windows\System\tybjZMm.exe
  2⤵
  PID:3484
- C:\Windows\System\cDPudWx.exe
  C:\Windows\System\cDPudWx.exe
  2⤵
  PID:4108
- C:\Windows\System\zpgESPt.exe
  C:\Windows\System\zpgESPt.exe
  2⤵
  PID:4180
- C:\Windows\System\KzAyyaW.exe
  C:\Windows\System\KzAyyaW.exe
  2⤵
  PID:4204
- C:\Windows\System\yOIJOCu.exe
  C:\Windows\System\yOIJOCu.exe
  2⤵
  PID:4244
- C:\Windows\System\dAzeUMH.exe
  C:\Windows\System\dAzeUMH.exe
  2⤵
  PID:4348
- C:\Windows\System\YVIekMX.exe
  C:\Windows\System\YVIekMX.exe
  2⤵
  PID:4364
- C:\Windows\System\xeQEaEt.exe
  C:\Windows\System\xeQEaEt.exe
  2⤵
  PID:4360
- C:\Windows\System\ifOCBXV.exe
  C:\Windows\System\ifOCBXV.exe
  2⤵
  PID:4548
- C:\Windows\System\uVmhUPL.exe
  C:\Windows\System\uVmhUPL.exe
  2⤵
  PID:4508
- C:\Windows\System\yqomzWR.exe
  C:\Windows\System\yqomzWR.exe
  2⤵
  PID:4564
- C:\Windows\System\JbfvlTU.exe
  C:\Windows\System\JbfvlTU.exe
  2⤵
  PID:4668
- C:\Windows\System\egFzfzc.exe
  C:\Windows\System\egFzfzc.exe
  2⤵
  PID:4604
- C:\Windows\System\aCGmNrH.exe
  C:\Windows\System\aCGmNrH.exe
  2⤵
  PID:4708
- C:\Windows\System\uvNigGf.exe
  C:\Windows\System\uvNigGf.exe
  2⤵
  PID:4776
- C:\Windows\System\thDxaUH.exe
  C:\Windows\System\thDxaUH.exe
  2⤵
  PID:4876
- C:\Windows\System\UKDIMcv.exe
  C:\Windows\System\UKDIMcv.exe
  2⤵
  PID:4932
- C:\Windows\System\wDLYAxd.exe
  C:\Windows\System\wDLYAxd.exe
  2⤵
  PID:5036
- C:\Windows\System\XnLMhIn.exe
  C:\Windows\System\XnLMhIn.exe
  2⤵
  PID:2528
- C:\Windows\System\ALyCrJX.exe
  C:\Windows\System\ALyCrJX.exe
  2⤵
  PID:5100
- C:\Windows\System\POEoHPQ.exe
  C:\Windows\System\POEoHPQ.exe
  2⤵
  PID:5104
- C:\Windows\System\ghFuodc.exe
  C:\Windows\System\ghFuodc.exe
  2⤵
  PID:3208
- C:\Windows\System\XdyqGvz.exe
  C:\Windows\System\XdyqGvz.exe
  2⤵
  PID:3464
- C:\Windows\System\rwmmPfK.exe
  C:\Windows\System\rwmmPfK.exe
  2⤵
  PID:3344
- C:\Windows\System\GuSgEdw.exe
  C:\Windows\System\GuSgEdw.exe
  2⤵
  PID:4140
- C:\Windows\System\ibMnKJP.exe
  C:\Windows\System\ibMnKJP.exe
  2⤵
  PID:4220
- C:\Windows\System\auGItEl.exe
  C:\Windows\System\auGItEl.exe
  2⤵
  PID:4260
- C:\Windows\System\PYAkqRE.exe
  C:\Windows\System\PYAkqRE.exe
  2⤵
  PID:1272
- C:\Windows\System\mInATjp.exe
  C:\Windows\System\mInATjp.exe
  2⤵
  PID:4420
- C:\Windows\System\JBAUETI.exe
  C:\Windows\System\JBAUETI.exe
  2⤵
  PID:4408
- C:\Windows\System\OLSoOSe.exe
  C:\Windows\System\OLSoOSe.exe
  2⤵
  PID:4444
- C:\Windows\System\TrIoxPS.exe
  C:\Windows\System\TrIoxPS.exe
  2⤵
  PID:4652
- C:\Windows\System\XqLJctQ.exe
  C:\Windows\System\XqLJctQ.exe
  2⤵
  PID:4744
- C:\Windows\System\WZPzfeM.exe
  C:\Windows\System\WZPzfeM.exe
  2⤵
  PID:4808
- C:\Windows\System\RodiDWY.exe
  C:\Windows\System\RodiDWY.exe
  2⤵
  PID:2784
- C:\Windows\System\yqoFqNq.exe
  C:\Windows\System\yqoFqNq.exe
  2⤵
  PID:4832
- C:\Windows\System\SIRYNUI.exe
  C:\Windows\System\SIRYNUI.exe
  2⤵
  PID:4992
- C:\Windows\System\mytqGwG.exe
  C:\Windows\System\mytqGwG.exe
  2⤵
  PID:3948
- C:\Windows\System\LoaAqxr.exe
  C:\Windows\System\LoaAqxr.exe
  2⤵
  PID:4644
- C:\Windows\System\gAhUSKV.exe
  C:\Windows\System\gAhUSKV.exe
  2⤵
  PID:592
- C:\Windows\System\gRWwWBQ.exe
  C:\Windows\System\gRWwWBQ.exe
  2⤵
  PID:4268
- C:\Windows\System\jLYBYqR.exe
  C:\Windows\System\jLYBYqR.exe
  2⤵
  PID:4208
- C:\Windows\System\RNpTqJr.exe
  C:\Windows\System\RNpTqJr.exe
  2⤵
  PID:4304
- C:\Windows\System\jUFTaiL.exe
  C:\Windows\System\jUFTaiL.exe
  2⤵
  PID:4492
- C:\Windows\System\uNICrht.exe
  C:\Windows\System\uNICrht.exe
  2⤵
  PID:4816
- C:\Windows\System\LltXnkl.exe
  C:\Windows\System\LltXnkl.exe
  2⤵
  PID:1088
- C:\Windows\System\LSQvuZh.exe
  C:\Windows\System\LSQvuZh.exe
  2⤵
  PID:5032
- C:\Windows\System\gHgLfew.exe
  C:\Windows\System\gHgLfew.exe
  2⤵
  PID:4856
- C:\Windows\System\gmISVuI.exe
  C:\Windows\System\gmISVuI.exe
  2⤵
  PID:5040
- C:\Windows\System\IrDXHcB.exe
  C:\Windows\System\IrDXHcB.exe
  2⤵
  PID:5128
- C:\Windows\System\wggecle.exe
  C:\Windows\System\wggecle.exe
  2⤵
  PID:5144
- C:\Windows\System\cJxkysH.exe
  C:\Windows\System\cJxkysH.exe
  2⤵
  PID:5168
- C:\Windows\System\HJavFRT.exe
  C:\Windows\System\HJavFRT.exe
  2⤵
  PID:5188
- C:\Windows\System\OYJUlPZ.exe
  C:\Windows\System\OYJUlPZ.exe
  2⤵
  PID:5208
- C:\Windows\System\fGHyTDW.exe
  C:\Windows\System\fGHyTDW.exe
  2⤵
  PID:5228
- C:\Windows\System\jOZhuuA.exe
  C:\Windows\System\jOZhuuA.exe
  2⤵
  PID:5248
- C:\Windows\System\QTvYmON.exe
  C:\Windows\System\QTvYmON.exe
  2⤵
  PID:5268
- C:\Windows\System\kxSruhl.exe
  C:\Windows\System\kxSruhl.exe
  2⤵
  PID:5288
- C:\Windows\System\JMriCzf.exe
  C:\Windows\System\JMriCzf.exe
  2⤵
  PID:5308
- C:\Windows\System\PZfHMVY.exe
  C:\Windows\System\PZfHMVY.exe
  2⤵
  PID:5328
- C:\Windows\System\cQlLFRS.exe
  C:\Windows\System\cQlLFRS.exe
  2⤵
  PID:5348
- C:\Windows\System\UYqgXvm.exe
  C:\Windows\System\UYqgXvm.exe
  2⤵
  PID:5372
- C:\Windows\System\JGrmEfO.exe
  C:\Windows\System\JGrmEfO.exe
  2⤵
  PID:5392
- C:\Windows\System\rsbHeyu.exe
  C:\Windows\System\rsbHeyu.exe
  2⤵
  PID:5412
- C:\Windows\System\eCPwbAH.exe
  C:\Windows\System\eCPwbAH.exe
  2⤵
  PID:5432
- C:\Windows\System\buSEtAE.exe
  C:\Windows\System\buSEtAE.exe
  2⤵
  PID:5452
- C:\Windows\System\pxFCnRv.exe
  C:\Windows\System\pxFCnRv.exe
  2⤵
  PID:5472
- C:\Windows\System\bVercZm.exe
  C:\Windows\System\bVercZm.exe
  2⤵
  PID:5492
- C:\Windows\System\waSMzPV.exe
  C:\Windows\System\waSMzPV.exe
  2⤵
  PID:5512
- C:\Windows\System\MUZrlMg.exe
  C:\Windows\System\MUZrlMg.exe
  2⤵
  PID:5532
- C:\Windows\System\PxSlEed.exe
  C:\Windows\System\PxSlEed.exe
  2⤵
  PID:5552
- C:\Windows\System\OXjumRm.exe
  C:\Windows\System\OXjumRm.exe
  2⤵
  PID:5572
- C:\Windows\System\rJrvaOs.exe
  C:\Windows\System\rJrvaOs.exe
  2⤵
  PID:5592
- C:\Windows\System\iAtpeKf.exe
  C:\Windows\System\iAtpeKf.exe
  2⤵
  PID:5612
- C:\Windows\System\yBIgnPr.exe
  C:\Windows\System\yBIgnPr.exe
  2⤵
  PID:5632
- C:\Windows\System\EWviqEm.exe
  C:\Windows\System\EWviqEm.exe
  2⤵
  PID:5652
- C:\Windows\System\ZYjirNv.exe
  C:\Windows\System\ZYjirNv.exe
  2⤵
  PID:5672
- C:\Windows\System\nzKYRgV.exe
  C:\Windows\System\nzKYRgV.exe
  2⤵
  PID:5692
- C:\Windows\System\EJpxMYs.exe
  C:\Windows\System\EJpxMYs.exe
  2⤵
  PID:5708
- C:\Windows\System\zwehNbc.exe
  C:\Windows\System\zwehNbc.exe
  2⤵
  PID:5732
- C:\Windows\System\FYfOjYm.exe
  C:\Windows\System\FYfOjYm.exe
  2⤵
  PID:5752
- C:\Windows\System\ddQFXxc.exe
  C:\Windows\System\ddQFXxc.exe
  2⤵
  PID:5772
- C:\Windows\System\SIOMkMD.exe
  C:\Windows\System\SIOMkMD.exe
  2⤵
  PID:5792
- C:\Windows\System\scYrsTg.exe
  C:\Windows\System\scYrsTg.exe
  2⤵
  PID:5812
- C:\Windows\System\XkaSzVv.exe
  C:\Windows\System\XkaSzVv.exe
  2⤵
  PID:5832
- C:\Windows\System\TNladTq.exe
  C:\Windows\System\TNladTq.exe
  2⤵
  PID:5852
- C:\Windows\System\jWIibVq.exe
  C:\Windows\System\jWIibVq.exe
  2⤵
  PID:5872
- C:\Windows\System\oEXgUxR.exe
  C:\Windows\System\oEXgUxR.exe
  2⤵
  PID:5892
- C:\Windows\System\cnszaZa.exe
  C:\Windows\System\cnszaZa.exe
  2⤵
  PID:5912
- C:\Windows\System\yQlVaVh.exe
  C:\Windows\System\yQlVaVh.exe
  2⤵
  PID:5932
- C:\Windows\System\yAgenbG.exe
  C:\Windows\System\yAgenbG.exe
  2⤵
  PID:5952
- C:\Windows\System\MYAUnuz.exe
  C:\Windows\System\MYAUnuz.exe
  2⤵
  PID:5972
- C:\Windows\System\wMGHkDC.exe
  C:\Windows\System\wMGHkDC.exe
  2⤵
  PID:5992
- C:\Windows\System\JMgVtOj.exe
  C:\Windows\System\JMgVtOj.exe
  2⤵
  PID:6012
- C:\Windows\System\TUGTdCc.exe
  C:\Windows\System\TUGTdCc.exe
  2⤵
  PID:6032
- C:\Windows\System\uGRYehV.exe
  C:\Windows\System\uGRYehV.exe
  2⤵
  PID:6052
- C:\Windows\System\NbLyxiH.exe
  C:\Windows\System\NbLyxiH.exe
  2⤵
  PID:6072
- C:\Windows\System\XzZxuJw.exe
  C:\Windows\System\XzZxuJw.exe
  2⤵
  PID:6092
- C:\Windows\System\wYwVhHR.exe
  C:\Windows\System\wYwVhHR.exe
  2⤵
  PID:6112
- C:\Windows\System\eKLUYjF.exe
  C:\Windows\System\eKLUYjF.exe
  2⤵
  PID:6132
- C:\Windows\System\TrSKXFm.exe
  C:\Windows\System\TrSKXFm.exe
  2⤵
  PID:5088
- C:\Windows\System\fjIsNqA.exe
  C:\Windows\System\fjIsNqA.exe
  2⤵
  PID:3524
- C:\Windows\System\AUHsYsi.exe
  C:\Windows\System\AUHsYsi.exe
  2⤵
  PID:2036
- C:\Windows\System\QqWzZEs.exe
  C:\Windows\System\QqWzZEs.exe
  2⤵
  PID:1692
- C:\Windows\System\luxczPi.exe
  C:\Windows\System\luxczPi.exe
  2⤵
  PID:2532
- C:\Windows\System\mgUcHIs.exe
  C:\Windows\System\mgUcHIs.exe
  2⤵
  PID:2908
- C:\Windows\System\chWiukX.exe
  C:\Windows\System\chWiukX.exe
  2⤵
  PID:5056
- C:\Windows\System\DLISStl.exe
  C:\Windows\System\DLISStl.exe
  2⤵
  PID:5152
- C:\Windows\System\fiqqrFe.exe
  C:\Windows\System\fiqqrFe.exe
  2⤵
  PID:5140
- C:\Windows\System\UREIleL.exe
  C:\Windows\System\UREIleL.exe
  2⤵
  PID:5184
- C:\Windows\System\UuyBPeV.exe
  C:\Windows\System\UuyBPeV.exe
  2⤵
  PID:5240
- C:\Windows\System\aYKKcyJ.exe
  C:\Windows\System\aYKKcyJ.exe
  2⤵
  PID:5256
- C:\Windows\System\KYItmCY.exe
  C:\Windows\System\KYItmCY.exe
  2⤵
  PID:5324
- C:\Windows\System\iVMVIRB.exe
  C:\Windows\System\iVMVIRB.exe
  2⤵
  PID:5356
- C:\Windows\System\woxBYub.exe
  C:\Windows\System\woxBYub.exe
  2⤵
  PID:5344
- C:\Windows\System\DFozbZW.exe
  C:\Windows\System\DFozbZW.exe
  2⤵
  PID:5388
- C:\Windows\System\YzLsijW.exe
  C:\Windows\System\YzLsijW.exe
  2⤵
  PID:5420
- C:\Windows\System\fAWCxzZ.exe
  C:\Windows\System\fAWCxzZ.exe
  2⤵
  PID:5484
- C:\Windows\System\AXiLimj.exe
  C:\Windows\System\AXiLimj.exe
  2⤵
  PID:5500
- C:\Windows\System\jXXwqjB.exe
  C:\Windows\System\jXXwqjB.exe
  2⤵
  PID:5560
- C:\Windows\System\uCYCZpS.exe
  C:\Windows\System\uCYCZpS.exe
  2⤵
  PID:5548
- C:\Windows\System\rgtAjgO.exe
  C:\Windows\System\rgtAjgO.exe
  2⤵
  PID:5584
- C:\Windows\System\bXukXcx.exe
  C:\Windows\System\bXukXcx.exe
  2⤵
  PID:5624
- C:\Windows\System\OdfYvrd.exe
  C:\Windows\System\OdfYvrd.exe
  2⤵
  PID:5688
- C:\Windows\System\tItTFnp.exe
  C:\Windows\System\tItTFnp.exe
  2⤵
  PID:5720
- C:\Windows\System\sjxsBRc.exe
  C:\Windows\System\sjxsBRc.exe
  2⤵
  PID:5760
- C:\Windows\System\ZaMohmq.exe
  C:\Windows\System\ZaMohmq.exe
  2⤵
  PID:5740
- C:\Windows\System\DWHjssh.exe
  C:\Windows\System\DWHjssh.exe
  2⤵
  PID:5808
- C:\Windows\System\mjeCyuz.exe
  C:\Windows\System\mjeCyuz.exe
  2⤵
  PID:5828
- C:\Windows\System\ZFbDSlU.exe
  C:\Windows\System\ZFbDSlU.exe
  2⤵
  PID:5880
- C:\Windows\System\YsCFSyc.exe
  C:\Windows\System\YsCFSyc.exe
  2⤵
  PID:5900
- C:\Windows\System\DOXsKPD.exe
  C:\Windows\System\DOXsKPD.exe
  2⤵
  PID:5924
- C:\Windows\System\BANqCso.exe
  C:\Windows\System\BANqCso.exe
  2⤵
  PID:5944
- C:\Windows\System\TKBuEXs.exe
  C:\Windows\System\TKBuEXs.exe
  2⤵
  PID:5984
- C:\Windows\System\KhDlZTh.exe
  C:\Windows\System\KhDlZTh.exe
  2⤵
  PID:6028
- C:\Windows\System\YmgDdFO.exe
  C:\Windows\System\YmgDdFO.exe
  2⤵
  PID:6080
- C:\Windows\System\PsLmIUZ.exe
  C:\Windows\System\PsLmIUZ.exe
  2⤵
  PID:6108
- C:\Windows\System\oLfyyYI.exe
  C:\Windows\System\oLfyyYI.exe
  2⤵
  PID:6140
- C:\Windows\System\DyjdvES.exe
  C:\Windows\System\DyjdvES.exe
  2⤵
  PID:4184
- C:\Windows\System\YkxrgQx.exe
  C:\Windows\System\YkxrgQx.exe
  2⤵
  PID:3752
- C:\Windows\System\UuyBLPC.exe
  C:\Windows\System\UuyBLPC.exe
  2⤵
  PID:2512
- C:\Windows\System\ZSDdZWi.exe
  C:\Windows\System\ZSDdZWi.exe
  2⤵
  PID:3308
- C:\Windows\System\NHltCvD.exe
  C:\Windows\System\NHltCvD.exe
  2⤵
  PID:5136
- C:\Windows\System\ikPobCE.exe
  C:\Windows\System\ikPobCE.exe
  2⤵
  PID:5236
- C:\Windows\System\QWjmaVH.exe
  C:\Windows\System\QWjmaVH.exe
  2⤵
  PID:5224
- C:\Windows\System\ZXJrXjk.exe
  C:\Windows\System\ZXJrXjk.exe
  2⤵
  PID:5304
- C:\Windows\System\CTGCRxI.exe
  C:\Windows\System\CTGCRxI.exe
  2⤵
  PID:5380
- C:\Windows\System\WWlxGvC.exe
  C:\Windows\System\WWlxGvC.exe
  2⤵
  PID:5428
- C:\Windows\System\QlNXSXD.exe
  C:\Windows\System\QlNXSXD.exe
  2⤵
  PID:5524
- C:\Windows\System\qGDeNwA.exe
  C:\Windows\System\qGDeNwA.exe
  2⤵
  PID:5564
- C:\Windows\System\lzmYAlI.exe
  C:\Windows\System\lzmYAlI.exe
  2⤵
  PID:5604
- C:\Windows\System\OPJFTYH.exe
  C:\Windows\System\OPJFTYH.exe
  2⤵
  PID:5648
- C:\Windows\System\dkWwpHV.exe
  C:\Windows\System\dkWwpHV.exe
  2⤵
  PID:5716
- C:\Windows\System\okNQPjZ.exe
  C:\Windows\System\okNQPjZ.exe
  2⤵
  PID:5780
- C:\Windows\System\XxUWrii.exe
  C:\Windows\System\XxUWrii.exe
  2⤵
  PID:5804
- C:\Windows\System\Bsselhk.exe
  C:\Windows\System\Bsselhk.exe
  2⤵
  PID:5844
- C:\Windows\System\YBiBsjL.exe
  C:\Windows\System\YBiBsjL.exe
  2⤵
  PID:5904
- C:\Windows\System\KWlxQFR.exe
  C:\Windows\System\KWlxQFR.exe
  2⤵
  PID:5948
- C:\Windows\System\uaaEeAX.exe
  C:\Windows\System\uaaEeAX.exe
  2⤵
  PID:6060
- C:\Windows\System\KEMsJIt.exe
  C:\Windows\System\KEMsJIt.exe
  2⤵
  PID:6064
- C:\Windows\System\asGNPBn.exe
  C:\Windows\System\asGNPBn.exe
  2⤵
  PID:6104
- C:\Windows\System\qGuFGjF.exe
  C:\Windows\System\qGuFGjF.exe
  2⤵
  PID:4144
- C:\Windows\System\DtcGmZD.exe
  C:\Windows\System\DtcGmZD.exe
  2⤵
  PID:4728
- C:\Windows\System\duqUigN.exe
  C:\Windows\System\duqUigN.exe
  2⤵
  PID:5164
- C:\Windows\System\JEwcIql.exe
  C:\Windows\System\JEwcIql.exe
  2⤵
  PID:5404
- C:\Windows\System\tKxWgrG.exe
  C:\Windows\System\tKxWgrG.exe
  2⤵
  PID:5264
- C:\Windows\System\UYIEYuy.exe
  C:\Windows\System\UYIEYuy.exe
  2⤵
  PID:5400
- C:\Windows\System\oqjWDva.exe
  C:\Windows\System\oqjWDva.exe
  2⤵
  PID:5464
- C:\Windows\System\tsHZaYV.exe
  C:\Windows\System\tsHZaYV.exe
  2⤵
  PID:5640
- C:\Windows\System\LQZjnRU.exe
  C:\Windows\System\LQZjnRU.exe
  2⤵
  PID:5680
- C:\Windows\System\XThcpzz.exe
  C:\Windows\System\XThcpzz.exe
  2⤵
  PID:5704
- C:\Windows\System\QRrHGxu.exe
  C:\Windows\System\QRrHGxu.exe
  2⤵
  PID:5820
- C:\Windows\System\QRWuKWP.exe
  C:\Windows\System\QRWuKWP.exe
  2⤵
  PID:6156
- C:\Windows\System\WHkZWYw.exe
  C:\Windows\System\WHkZWYw.exe
  2⤵
  PID:6176
- C:\Windows\System\wVEXRJW.exe
  C:\Windows\System\wVEXRJW.exe
  2⤵
  PID:6200
- C:\Windows\System\lkRVfxV.exe
  C:\Windows\System\lkRVfxV.exe
  2⤵
  PID:6220
- C:\Windows\System\GyMZndR.exe
  C:\Windows\System\GyMZndR.exe
  2⤵
  PID:6240
- C:\Windows\System\DHosiRZ.exe
  C:\Windows\System\DHosiRZ.exe
  2⤵
  PID:6260
- C:\Windows\System\pCcXKez.exe
  C:\Windows\System\pCcXKez.exe
  2⤵
  PID:6280
- C:\Windows\System\NNKHxwb.exe
  C:\Windows\System\NNKHxwb.exe
  2⤵
  PID:6300
- C:\Windows\System\ZXFFvNC.exe
  C:\Windows\System\ZXFFvNC.exe
  2⤵
  PID:6320
- C:\Windows\System\JXMQAqB.exe
  C:\Windows\System\JXMQAqB.exe
  2⤵
  PID:6340
- C:\Windows\System\Qgzhlbt.exe
  C:\Windows\System\Qgzhlbt.exe
  2⤵
  PID:6364
- C:\Windows\System\XfqbxEt.exe
  C:\Windows\System\XfqbxEt.exe
  2⤵
  PID:6384
- C:\Windows\System\GhwNofw.exe
  C:\Windows\System\GhwNofw.exe
  2⤵
  PID:6404
- C:\Windows\System\xKLyAhB.exe
  C:\Windows\System\xKLyAhB.exe
  2⤵
  PID:6424
- C:\Windows\System\LhiKnxn.exe
  C:\Windows\System\LhiKnxn.exe
  2⤵
  PID:6444
- C:\Windows\System\wkGOjLe.exe
  C:\Windows\System\wkGOjLe.exe
  2⤵
  PID:6464
- C:\Windows\System\LXKPQaP.exe
  C:\Windows\System\LXKPQaP.exe
  2⤵
  PID:6484
- C:\Windows\System\CPFnmEG.exe
  C:\Windows\System\CPFnmEG.exe
  2⤵
  PID:6504
- C:\Windows\System\guWbtbE.exe
  C:\Windows\System\guWbtbE.exe
  2⤵
  PID:6524
- C:\Windows\System\zrgSlrw.exe
  C:\Windows\System\zrgSlrw.exe
  2⤵
  PID:6544
- C:\Windows\System\gYRReqk.exe
  C:\Windows\System\gYRReqk.exe
  2⤵
  PID:6564
- C:\Windows\System\SwRjcMC.exe
  C:\Windows\System\SwRjcMC.exe
  2⤵
  PID:6584
- C:\Windows\System\QMmaEMR.exe
  C:\Windows\System\QMmaEMR.exe
  2⤵
  PID:6604
- C:\Windows\System\RUzDRTn.exe
  C:\Windows\System\RUzDRTn.exe
  2⤵
  PID:6624
- C:\Windows\System\YNKbEhm.exe
  C:\Windows\System\YNKbEhm.exe
  2⤵
  PID:6644
- C:\Windows\System\XWTJZbY.exe
  C:\Windows\System\XWTJZbY.exe
  2⤵
  PID:6664
- C:\Windows\System\fFHSfSm.exe
  C:\Windows\System\fFHSfSm.exe
  2⤵
  PID:6684
- C:\Windows\System\iITcquL.exe
  C:\Windows\System\iITcquL.exe
  2⤵
  PID:6704
- C:\Windows\System\SQvyHgf.exe
  C:\Windows\System\SQvyHgf.exe
  2⤵
  PID:6724
- C:\Windows\System\UtlQmck.exe
  C:\Windows\System\UtlQmck.exe
  2⤵
  PID:6744
- C:\Windows\System\ANLkFVT.exe
  C:\Windows\System\ANLkFVT.exe
  2⤵
  PID:6764
- C:\Windows\System\HPMgWNu.exe
  C:\Windows\System\HPMgWNu.exe
  2⤵
  PID:6784
- C:\Windows\System\AurCwVB.exe
  C:\Windows\System\AurCwVB.exe
  2⤵
  PID:6804
- C:\Windows\System\AYiBPUH.exe
  C:\Windows\System\AYiBPUH.exe
  2⤵
  PID:6824
- C:\Windows\System\QdwHQVb.exe
  C:\Windows\System\QdwHQVb.exe
  2⤵
  PID:6844
- C:\Windows\System\VPBOLio.exe
  C:\Windows\System\VPBOLio.exe
  2⤵
  PID:6864
- C:\Windows\System\OEXiWNm.exe
  C:\Windows\System\OEXiWNm.exe
  2⤵
  PID:6884
- C:\Windows\System\fxNfnrV.exe
  C:\Windows\System\fxNfnrV.exe
  2⤵
  PID:6904
- C:\Windows\System\rsgUsJc.exe
  C:\Windows\System\rsgUsJc.exe
  2⤵
  PID:6924
- C:\Windows\System\XkJfcdx.exe
  C:\Windows\System\XkJfcdx.exe
  2⤵
  PID:6944
- C:\Windows\System\mwmOoJq.exe
  C:\Windows\System\mwmOoJq.exe
  2⤵
  PID:6964
- C:\Windows\System\XqmYnCi.exe
  C:\Windows\System\XqmYnCi.exe
  2⤵
  PID:6984
- C:\Windows\System\JRAOhfa.exe
  C:\Windows\System\JRAOhfa.exe
  2⤵
  PID:7004
- C:\Windows\System\ZoZRpii.exe
  C:\Windows\System\ZoZRpii.exe
  2⤵
  PID:7024
- C:\Windows\System\QVYKBPK.exe
  C:\Windows\System\QVYKBPK.exe
  2⤵
  PID:7044
- C:\Windows\System\iFtNADi.exe
  C:\Windows\System\iFtNADi.exe
  2⤵
  PID:7064
- C:\Windows\System\JgdeSat.exe
  C:\Windows\System\JgdeSat.exe
  2⤵
  PID:7084
- C:\Windows\System\czTwvaL.exe
  C:\Windows\System\czTwvaL.exe
  2⤵
  PID:7104
- C:\Windows\System\rhEiOXr.exe
  C:\Windows\System\rhEiOXr.exe
  2⤵
  PID:7124
- C:\Windows\System\wasEakj.exe
  C:\Windows\System\wasEakj.exe
  2⤵
  PID:7144
- C:\Windows\System\EohBXoE.exe
  C:\Windows\System\EohBXoE.exe
  2⤵
  PID:7164
- C:\Windows\System\SvsfPyc.exe
  C:\Windows\System\SvsfPyc.exe
  2⤵
  PID:5980
- C:\Windows\System\VhYxRCR.exe
  C:\Windows\System\VhYxRCR.exe
  2⤵
  PID:6004
- C:\Windows\System\UJnCqLQ.exe
  C:\Windows\System\UJnCqLQ.exe
  2⤵
  PID:3600
- C:\Windows\System\DZTvZuY.exe
  C:\Windows\System\DZTvZuY.exe
  2⤵
  PID:2196
- C:\Windows\System\nWAdWrf.exe
  C:\Windows\System\nWAdWrf.exe
  2⤵
  PID:2252
- C:\Windows\System\wDnBnTb.exe
  C:\Windows\System\wDnBnTb.exe
  2⤵
  PID:5336
- C:\Windows\System\nXACdBs.exe
  C:\Windows\System\nXACdBs.exe
  2⤵
  PID:5508
- C:\Windows\System\WoVmQmV.exe
  C:\Windows\System\WoVmQmV.exe
  2⤵
  PID:5700
- C:\Windows\System\wIPIUKo.exe
  C:\Windows\System\wIPIUKo.exe
  2⤵
  PID:5860
- C:\Windows\System\bJBDsfL.exe
  C:\Windows\System\bJBDsfL.exe
  2⤵
  PID:6152
- C:\Windows\System\HhlYosS.exe
  C:\Windows\System\HhlYosS.exe
  2⤵
  PID:6208
- C:\Windows\System\DsOCDiK.exe
  C:\Windows\System\DsOCDiK.exe
  2⤵
  PID:6236
- C:\Windows\System\tsBRiMg.exe
  C:\Windows\System\tsBRiMg.exe
  2⤵
  PID:6268
- C:\Windows\System\iKAdjCr.exe
  C:\Windows\System\iKAdjCr.exe
  2⤵
  PID:6292
- C:\Windows\System\JIVZxOh.exe
  C:\Windows\System\JIVZxOh.exe
  2⤵
  PID:6336
- C:\Windows\System\vCpDvhu.exe
  C:\Windows\System\vCpDvhu.exe
  2⤵
  PID:6372
- C:\Windows\System\hCWiwVF.exe
  C:\Windows\System\hCWiwVF.exe
  2⤵
  PID:6400
- C:\Windows\System\egjWuNx.exe
  C:\Windows\System\egjWuNx.exe
  2⤵
  PID:6432
- C:\Windows\System\LZQQMuU.exe
  C:\Windows\System\LZQQMuU.exe
  2⤵
  PID:6456
- C:\Windows\System\iGxBPDi.exe
  C:\Windows\System\iGxBPDi.exe
  2⤵
  PID:6476
- C:\Windows\System\xNxdDqp.exe
  C:\Windows\System\xNxdDqp.exe
  2⤵
  PID:6532
- C:\Windows\System\XBhMqXU.exe
  C:\Windows\System\XBhMqXU.exe
  2⤵
  PID:6556
- C:\Windows\System\ooEMqeU.exe
  C:\Windows\System\ooEMqeU.exe
  2⤵
  PID:6592
- C:\Windows\System\WlxcJOg.exe
  C:\Windows\System\WlxcJOg.exe
  2⤵
  PID:6616
- C:\Windows\System\cljFqsF.exe
  C:\Windows\System\cljFqsF.exe
  2⤵
  PID:6660
- C:\Windows\System\Ikcmoij.exe
  C:\Windows\System\Ikcmoij.exe
  2⤵
  PID:6692
- C:\Windows\System\OFZBphN.exe
  C:\Windows\System\OFZBphN.exe
  2⤵
  PID:6720
- C:\Windows\System\SJwURvM.exe
  C:\Windows\System\SJwURvM.exe
  2⤵
  PID:6736
- C:\Windows\System\oQBZwuq.exe
  C:\Windows\System\oQBZwuq.exe
  2⤵
  PID:6780
- C:\Windows\System\dApxeAS.exe
  C:\Windows\System\dApxeAS.exe
  2⤵
  PID:6800
- C:\Windows\System\AGvSNnI.exe
  C:\Windows\System\AGvSNnI.exe
  2⤵
  PID:6832
- C:\Windows\System\ZWnHPaH.exe
  C:\Windows\System\ZWnHPaH.exe
  2⤵
  PID:6856
- C:\Windows\System\rxcVMiT.exe
  C:\Windows\System\rxcVMiT.exe
  2⤵
  PID:6876
- C:\Windows\System\dprhXIz.exe
  C:\Windows\System\dprhXIz.exe
  2⤵
  PID:6940
- C:\Windows\System\JnWpjJG.exe
  C:\Windows\System\JnWpjJG.exe
  2⤵
  PID:6972
- C:\Windows\System\MHvOpZC.exe
  C:\Windows\System\MHvOpZC.exe
  2⤵
  PID:7000
- C:\Windows\System\ebwqERr.exe
  C:\Windows\System\ebwqERr.exe
  2⤵
  PID:7052
- C:\Windows\System\nLwsxyo.exe
  C:\Windows\System\nLwsxyo.exe
  2⤵
  PID:7056
- C:\Windows\System\sFfMeGX.exe
  C:\Windows\System\sFfMeGX.exe
  2⤵
  PID:7100
- C:\Windows\System\DFgJhOd.exe
  C:\Windows\System\DFgJhOd.exe
  2⤵
  PID:7132
- C:\Windows\System\JPTfyff.exe
  C:\Windows\System\JPTfyff.exe
  2⤵
  PID:5968
- C:\Windows\System\vzXuGFv.exe
  C:\Windows\System\vzXuGFv.exe
  2⤵
  PID:6124
- C:\Windows\System\TIfjHKQ.exe
  C:\Windows\System\TIfjHKQ.exe
  2⤵
  PID:4288
- C:\Windows\System\SnsnSXF.exe
  C:\Windows\System\SnsnSXF.exe
  2⤵
  PID:4704
- C:\Windows\System\lyOLxJB.exe
  C:\Windows\System\lyOLxJB.exe
  2⤵
  PID:5316
- C:\Windows\System\MtpiJQX.exe
  C:\Windows\System\MtpiJQX.exe
  2⤵
  PID:5668
- C:\Windows\System\HHWIIKo.exe
  C:\Windows\System\HHWIIKo.exe
  2⤵
  PID:5764
- C:\Windows\System\tXbVeRB.exe
  C:\Windows\System\tXbVeRB.exe
  2⤵
  PID:6184
- C:\Windows\System\pYcDeRs.exe
  C:\Windows\System\pYcDeRs.exe
  2⤵
  PID:6228
- C:\Windows\System\KuqoSrS.exe
  C:\Windows\System\KuqoSrS.exe
  2⤵
  PID:6312
- C:\Windows\System\jfhjHOI.exe
  C:\Windows\System\jfhjHOI.exe
  2⤵
  PID:2376
- C:\Windows\System\cbrtvib.exe
  C:\Windows\System\cbrtvib.exe
  2⤵
  PID:6436
- C:\Windows\System\mCJrWWn.exe
  C:\Windows\System\mCJrWWn.exe
  2⤵
  PID:6452
- C:\Windows\System\AxRltvV.exe
  C:\Windows\System\AxRltvV.exe
  2⤵
  PID:6516
- C:\Windows\System\QonWEAz.exe
  C:\Windows\System\QonWEAz.exe
  2⤵
  PID:6560
- C:\Windows\System\ZidqgIf.exe
  C:\Windows\System\ZidqgIf.exe
  2⤵
  PID:6600
- C:\Windows\System\AjvJZdU.exe
  C:\Windows\System\AjvJZdU.exe
  2⤵
  PID:6696
- C:\Windows\System\qemVxSs.exe
  C:\Windows\System\qemVxSs.exe
  2⤵
  PID:6680
- C:\Windows\System\FSBCjeZ.exe
  C:\Windows\System\FSBCjeZ.exe
  2⤵
  PID:6732
- C:\Windows\System\TMkMHNl.exe
  C:\Windows\System\TMkMHNl.exe
  2⤵
  PID:6816
- C:\Windows\System\FHGgeCr.exe
  C:\Windows\System\FHGgeCr.exe
  2⤵
  PID:6900
- C:\Windows\System\sDYKLEv.exe
  C:\Windows\System\sDYKLEv.exe
  2⤵
  PID:6916
- C:\Windows\System\OYlmunE.exe
  C:\Windows\System\OYlmunE.exe
  2⤵
  PID:6932
- C:\Windows\System\InsAVCi.exe
  C:\Windows\System\InsAVCi.exe
  2⤵
  PID:6996
- C:\Windows\System\XwflkRi.exe
  C:\Windows\System\XwflkRi.exe
  2⤵
  PID:7060
- C:\Windows\System\DiCaslZ.exe
  C:\Windows\System\DiCaslZ.exe
  2⤵
  PID:1756
- C:\Windows\System\sxwEvNJ.exe
  C:\Windows\System\sxwEvNJ.exe
  2⤵
  PID:7160
- C:\Windows\System\ITjrrEE.exe
  C:\Windows\System\ITjrrEE.exe
  2⤵
  PID:6128
- C:\Windows\System\XimfiIb.exe
  C:\Windows\System\XimfiIb.exe
  2⤵
  PID:5444
- C:\Windows\System\MYEQdto.exe
  C:\Windows\System\MYEQdto.exe
  2⤵
  PID:1412
- C:\Windows\System\GvEWELd.exe
  C:\Windows\System\GvEWELd.exe
  2⤵
  PID:5408
- C:\Windows\System\XpRJoMt.exe
  C:\Windows\System\XpRJoMt.exe
  2⤵
  PID:2864
- C:\Windows\System\ipQxnVG.exe
  C:\Windows\System\ipQxnVG.exe
  2⤵
  PID:6296
- C:\Windows\System\QaarIwJ.exe
  C:\Windows\System\QaarIwJ.exe
  2⤵
  PID:6328
- C:\Windows\System\RmANJdu.exe
  C:\Windows\System\RmANJdu.exe
  2⤵
  PID:6376
- C:\Windows\System\PSdGHyW.exe
  C:\Windows\System\PSdGHyW.exe
  2⤵
  PID:6536
- C:\Windows\System\wTGQbBX.exe
  C:\Windows\System\wTGQbBX.exe
  2⤵
  PID:2780
- C:\Windows\System\BGLfivD.exe
  C:\Windows\System\BGLfivD.exe
  2⤵
  PID:6752
- C:\Windows\System\kCwbAQV.exe
  C:\Windows\System\kCwbAQV.exe
  2⤵
  PID:6740
- C:\Windows\System\YyWQaEi.exe
  C:\Windows\System\YyWQaEi.exe
  2⤵
  PID:2344
- C:\Windows\System\NOMzBod.exe
  C:\Windows\System\NOMzBod.exe
  2⤵
  PID:3512
- C:\Windows\System\zyvkIoZ.exe
  C:\Windows\System\zyvkIoZ.exe
  2⤵
  PID:1504
- C:\Windows\System\xDktrac.exe
  C:\Windows\System\xDktrac.exe
  2⤵
  PID:6956
- C:\Windows\System\zYfmnfq.exe
  C:\Windows\System\zYfmnfq.exe
  2⤵
  PID:7112
- C:\Windows\System\MBbryRp.exe
  C:\Windows\System\MBbryRp.exe
  2⤵
  PID:2040
- C:\Windows\System\RdPTgRf.exe
  C:\Windows\System\RdPTgRf.exe
  2⤵
  PID:4624
- C:\Windows\System\DDqjOqn.exe
  C:\Windows\System\DDqjOqn.exe
  2⤵
  PID:5488
- C:\Windows\System\qrGQCcu.exe
  C:\Windows\System\qrGQCcu.exe
  2⤵
  PID:1516
- C:\Windows\System\ZNdqmdF.exe
  C:\Windows\System\ZNdqmdF.exe
  2⤵
  PID:2260
- C:\Windows\System\uLzPBnN.exe
  C:\Windows\System\uLzPBnN.exe
  2⤵
  PID:1456
- C:\Windows\System\RYitQSv.exe
  C:\Windows\System\RYitQSv.exe
  2⤵
  PID:1736
- C:\Windows\System\nvsEBkB.exe
  C:\Windows\System\nvsEBkB.exe
  2⤵
  PID:2240
- C:\Windows\System\foYpFqn.exe
  C:\Windows\System\foYpFqn.exe
  2⤵
  PID:6576
- C:\Windows\System\Ifurijz.exe
  C:\Windows\System\Ifurijz.exe
  2⤵
  PID:2548
- C:\Windows\System\ebrTTit.exe
  C:\Windows\System\ebrTTit.exe
  2⤵
  PID:6652
- C:\Windows\System\BOoARUN.exe
  C:\Windows\System\BOoARUN.exe
  2⤵
  PID:6772
- C:\Windows\System\tRxOqcy.exe
  C:\Windows\System\tRxOqcy.exe
  2⤵
  PID:6836
- C:\Windows\System\cStDANr.exe
  C:\Windows\System\cStDANr.exe
  2⤵
  PID:6872
- C:\Windows\System\fWzHisv.exe
  C:\Windows\System\fWzHisv.exe
  2⤵
  PID:7020
- C:\Windows\System\BseVYXi.exe
  C:\Windows\System\BseVYXi.exe
  2⤵
  PID:7076
- C:\Windows\System\FdwzhBe.exe
  C:\Windows\System\FdwzhBe.exe
  2⤵
  PID:7116
- C:\Windows\System\KzYzkzh.exe
  C:\Windows\System\KzYzkzh.exe
  2⤵
  PID:2964
- C:\Windows\System\BNsRAqO.exe
  C:\Windows\System\BNsRAqO.exe
  2⤵
  PID:2984
- C:\Windows\System\xGwowxy.exe
  C:\Windows\System\xGwowxy.exe
  2⤵
  PID:2748
- C:\Windows\System\xdZmYEm.exe
  C:\Windows\System\xdZmYEm.exe
  2⤵
  PID:6316
- C:\Windows\System\XSyoyZd.exe
  C:\Windows\System\XSyoyZd.exe
  2⤵
  PID:2720
- C:\Windows\System\djcrFSb.exe
  C:\Windows\System\djcrFSb.exe
  2⤵
  PID:1080
- C:\Windows\System\xKXBxoq.exe
  C:\Windows\System\xKXBxoq.exe
  2⤵
  PID:580
- C:\Windows\System\mhniFPq.exe
  C:\Windows\System\mhniFPq.exe
  2⤵
  PID:2852
- C:\Windows\System\xdtqsTw.exe
  C:\Windows\System\xdtqsTw.exe
  2⤵
  PID:6596
- C:\Windows\System\mYsOMEI.exe
  C:\Windows\System\mYsOMEI.exe
  2⤵
  PID:4812
- C:\Windows\System\GFSEFnJ.exe
  C:\Windows\System\GFSEFnJ.exe
  2⤵
  PID:6500
- C:\Windows\System\xTavQJL.exe
  C:\Windows\System\xTavQJL.exe
  2⤵
  PID:2756
- C:\Windows\System\JgJzcvX.exe
  C:\Windows\System\JgJzcvX.exe
  2⤵
  PID:7176
- C:\Windows\System\TNRNFOJ.exe
  C:\Windows\System\TNRNFOJ.exe
  2⤵
  PID:7200
- C:\Windows\System\OFoucPW.exe
  C:\Windows\System\OFoucPW.exe
  2⤵
  PID:7216
- C:\Windows\System\oANEioF.exe
  C:\Windows\System\oANEioF.exe
  2⤵
  PID:7232
- C:\Windows\System\rAOEARf.exe
  C:\Windows\System\rAOEARf.exe
  2⤵
  PID:7248
- C:\Windows\System\VsVzHRE.exe
  C:\Windows\System\VsVzHRE.exe
  2⤵
  PID:7268
- C:\Windows\System\bvaHvqd.exe
  C:\Windows\System\bvaHvqd.exe
  2⤵
  PID:7288
- C:\Windows\System\gUCfwcx.exe
  C:\Windows\System\gUCfwcx.exe
  2⤵
  PID:7328
- C:\Windows\System\vcXNSqZ.exe
  C:\Windows\System\vcXNSqZ.exe
  2⤵
  PID:7360
- C:\Windows\System\MfMNxKi.exe
  C:\Windows\System\MfMNxKi.exe
  2⤵
  PID:7408
- C:\Windows\System\CXkiDpP.exe
  C:\Windows\System\CXkiDpP.exe
  2⤵
  PID:7424
- C:\Windows\System\NrUBmHJ.exe
  C:\Windows\System\NrUBmHJ.exe
  2⤵
  PID:7452
- C:\Windows\System\lzuNzVq.exe
  C:\Windows\System\lzuNzVq.exe
  2⤵
  PID:7468
- C:\Windows\System\RAcnOCh.exe
  C:\Windows\System\RAcnOCh.exe
  2⤵
  PID:7488
- C:\Windows\System\HRvbTTm.exe
  C:\Windows\System\HRvbTTm.exe
  2⤵
  PID:7512
- C:\Windows\System\JECujgl.exe
  C:\Windows\System\JECujgl.exe
  2⤵
  PID:7528
- C:\Windows\System\kbwgXvC.exe
  C:\Windows\System\kbwgXvC.exe
  2⤵
  PID:7544
- C:\Windows\System\DYJDYdD.exe
  C:\Windows\System\DYJDYdD.exe
  2⤵
  PID:7560
- C:\Windows\System\djIqAKs.exe
  C:\Windows\System\djIqAKs.exe
  2⤵
  PID:7584
- C:\Windows\System\xOEyGLE.exe
  C:\Windows\System\xOEyGLE.exe
  2⤵
  PID:7624
- C:\Windows\System\owPDiuG.exe
  C:\Windows\System\owPDiuG.exe
  2⤵
  PID:7640
- C:\Windows\System\WciJOJK.exe
  C:\Windows\System\WciJOJK.exe
  2⤵
  PID:7656
- C:\Windows\System\fxdFBoO.exe
  C:\Windows\System\fxdFBoO.exe
  2⤵
  PID:7672
- C:\Windows\System\ETTxFwA.exe
  C:\Windows\System\ETTxFwA.exe
  2⤵
  PID:7688
- C:\Windows\System\jYzHsPy.exe
  C:\Windows\System\jYzHsPy.exe
  2⤵
  PID:7712
- C:\Windows\System\jbLkjob.exe
  C:\Windows\System\jbLkjob.exe
  2⤵
  PID:7728
- C:\Windows\System\EzcaZtA.exe
  C:\Windows\System\EzcaZtA.exe
  2⤵
  PID:7744
- C:\Windows\System\yiItJIM.exe
  C:\Windows\System\yiItJIM.exe
  2⤵
  PID:7772
- C:\Windows\System\UnoMoLS.exe
  C:\Windows\System\UnoMoLS.exe
  2⤵
  PID:7792
- C:\Windows\System\cWhJQWt.exe
  C:\Windows\System\cWhJQWt.exe
  2⤵
  PID:7808
- C:\Windows\System\QWCehVt.exe
  C:\Windows\System\QWCehVt.exe
  2⤵
  PID:7836
- C:\Windows\System\mYxvXoI.exe
  C:\Windows\System\mYxvXoI.exe
  2⤵
  PID:7864
- C:\Windows\System\EItHAVs.exe
  C:\Windows\System\EItHAVs.exe
  2⤵
  PID:7880
- C:\Windows\System\yOUPnHd.exe
  C:\Windows\System\yOUPnHd.exe
  2⤵
  PID:7896
- C:\Windows\System\eRrNtYZ.exe
  C:\Windows\System\eRrNtYZ.exe
  2⤵
  PID:7912
- C:\Windows\System\VBcvGrT.exe
  C:\Windows\System\VBcvGrT.exe
  2⤵
  PID:7928
- C:\Windows\System\xPKsAUV.exe
  C:\Windows\System\xPKsAUV.exe
  2⤵
  PID:7944
- C:\Windows\System\TEdStKG.exe
  C:\Windows\System\TEdStKG.exe
  2⤵
  PID:7960
- C:\Windows\System\CkDGrrt.exe
  C:\Windows\System\CkDGrrt.exe
  2⤵
  PID:7976
- C:\Windows\System\XnKiBqA.exe
  C:\Windows\System\XnKiBqA.exe
  2⤵
  PID:7992
- C:\Windows\System\OjSiibA.exe
  C:\Windows\System\OjSiibA.exe
  2⤵
  PID:8008
- C:\Windows\System\LXrWPSz.exe
  C:\Windows\System\LXrWPSz.exe
  2⤵
  PID:8024
- C:\Windows\System\gfFDBuG.exe
  C:\Windows\System\gfFDBuG.exe
  2⤵
  PID:8040
- C:\Windows\System\sQmzTBN.exe
  C:\Windows\System\sQmzTBN.exe
  2⤵
  PID:8056
- C:\Windows\System\jUkkFBV.exe
  C:\Windows\System\jUkkFBV.exe
  2⤵
  PID:8072
- C:\Windows\System\BuIQPSS.exe
  C:\Windows\System\BuIQPSS.exe
  2⤵
  PID:8096
- C:\Windows\System\vXQOLTU.exe
  C:\Windows\System\vXQOLTU.exe
  2⤵
  PID:8152
- C:\Windows\System\DgXvXro.exe
  C:\Windows\System\DgXvXro.exe
  2⤵
  PID:8176
- C:\Windows\System\nIXBBDh.exe
  C:\Windows\System\nIXBBDh.exe
  2⤵
  PID:6392
- C:\Windows\System\DWbLmZu.exe
  C:\Windows\System\DWbLmZu.exe
  2⤵
  PID:6852
- C:\Windows\System\bLqoOtC.exe
  C:\Windows\System\bLqoOtC.exe
  2⤵
  PID:7184
- C:\Windows\System\vrfpJDK.exe
  C:\Windows\System\vrfpJDK.exe
  2⤵
  PID:7228
- C:\Windows\System\vCOZehq.exe
  C:\Windows\System\vCOZehq.exe
  2⤵
  PID:7300
- C:\Windows\System\vMDxOCo.exe
  C:\Windows\System\vMDxOCo.exe
  2⤵
  PID:7312
- C:\Windows\System\mWzdQik.exe
  C:\Windows\System\mWzdQik.exe
  2⤵
  PID:1136
- C:\Windows\System\REpUlxq.exe
  C:\Windows\System\REpUlxq.exe
  2⤵
  PID:2188
- C:\Windows\System\GaVLbjg.exe
  C:\Windows\System\GaVLbjg.exe
  2⤵
  PID:7240
- C:\Windows\System\iKpVTkH.exe
  C:\Windows\System\iKpVTkH.exe
  2⤵
  PID:4732
- C:\Windows\System\oIUnHqe.exe
  C:\Windows\System\oIUnHqe.exe
  2⤵
  PID:2860
- C:\Windows\System\VEkrBkQ.exe
  C:\Windows\System\VEkrBkQ.exe
  2⤵
  PID:2348
- C:\Windows\System\fIXkxlG.exe
  C:\Windows\System\fIXkxlG.exe
  2⤵
  PID:7388
- C:\Windows\System\LMMYCSE.exe
  C:\Windows\System\LMMYCSE.exe
  2⤵
  PID:7416
- C:\Windows\System\NMMlBPa.exe
  C:\Windows\System\NMMlBPa.exe
  2⤵
  PID:7444
- C:\Windows\System\KQVfMJu.exe
  C:\Windows\System\KQVfMJu.exe
  2⤵
  PID:7484
- C:\Windows\System\HSPWJNf.exe
  C:\Windows\System\HSPWJNf.exe
  2⤵
  PID:7524
- C:\Windows\System\FccMLRQ.exe
  C:\Windows\System\FccMLRQ.exe
  2⤵
  PID:7536
- C:\Windows\System\FZftXYZ.exe
  C:\Windows\System\FZftXYZ.exe
  2⤵
  PID:7576
- C:\Windows\System\tPhDOlS.exe
  C:\Windows\System\tPhDOlS.exe
  2⤵
  PID:7592
- C:\Windows\System\aRwphcR.exe
  C:\Windows\System\aRwphcR.exe
  2⤵
  PID:7600
- C:\Windows\System\bWdfaHt.exe
  C:\Windows\System\bWdfaHt.exe
  2⤵
  PID:7632
- C:\Windows\System\vBbZeDt.exe
  C:\Windows\System\vBbZeDt.exe
  2⤵
  PID:7708
- C:\Windows\System\AfvZeHa.exe
  C:\Windows\System\AfvZeHa.exe
  2⤵
  PID:7684
- C:\Windows\System\mdEjABu.exe
  C:\Windows\System\mdEjABu.exe
  2⤵
  PID:7760
- C:\Windows\System\VQHYAlZ.exe
  C:\Windows\System\VQHYAlZ.exe
  2⤵
  PID:7740
- C:\Windows\System\ZRnTesS.exe
  C:\Windows\System\ZRnTesS.exe
  2⤵
  PID:7824
- C:\Windows\System\ozGHKng.exe
  C:\Windows\System\ozGHKng.exe
  2⤵
  PID:7872
- C:\Windows\System\vZVwhJG.exe
  C:\Windows\System\vZVwhJG.exe
  2⤵
  PID:8004
- C:\Windows\System\kusPfJe.exe
  C:\Windows\System\kusPfJe.exe
  2⤵
  PID:8112
- C:\Windows\System\BPtciFI.exe
  C:\Windows\System\BPtciFI.exe
  2⤵
  PID:8124
- C:\Windows\System\jacqpmi.exe
  C:\Windows\System\jacqpmi.exe
  2⤵
  PID:7968
- C:\Windows\System\EgebfKo.exe
  C:\Windows\System\EgebfKo.exe
  2⤵
  PID:8148
- C:\Windows\System\NHBvWjX.exe
  C:\Windows\System\NHBvWjX.exe
  2⤵
  PID:7888
- C:\Windows\System\rZvojoE.exe
  C:\Windows\System\rZvojoE.exe
  2⤵
  PID:7988
- C:\Windows\System\zjdDjsH.exe
  C:\Windows\System\zjdDjsH.exe
  2⤵
  PID:8020
- C:\Windows\System\QCQdRHj.exe
  C:\Windows\System\QCQdRHj.exe
  2⤵
  PID:2916
- C:\Windows\System\iYKmzbi.exe
  C:\Windows\System\iYKmzbi.exe
  2⤵
  PID:7308
- C:\Windows\System\pmIXXKZ.exe
  C:\Windows\System\pmIXXKZ.exe
  2⤵
  PID:2280
- C:\Windows\System\ikXZpnh.exe
  C:\Windows\System\ikXZpnh.exe
  2⤵
  PID:7264
- C:\Windows\System\pNEJtAE.exe
  C:\Windows\System\pNEJtAE.exe
  2⤵
  PID:5080
- C:\Windows\System\qxqwFNy.exe
  C:\Windows\System\qxqwFNy.exe
  2⤵
  PID:620
- C:\Windows\System\adysSZT.exe
  C:\Windows\System\adysSZT.exe
  2⤵
  PID:7368
- C:\Windows\System\jRNCnhz.exe
  C:\Windows\System\jRNCnhz.exe
  2⤵
  PID:1312
- C:\Windows\System\ADuIFIG.exe
  C:\Windows\System\ADuIFIG.exe
  2⤵
  PID:7320
- C:\Windows\System\RpgugkY.exe
  C:\Windows\System\RpgugkY.exe
  2⤵
  PID:7280
- C:\Windows\System\aDvJdMB.exe
  C:\Windows\System\aDvJdMB.exe
  2⤵
  PID:7432
- C:\Windows\System\jEvOhsj.exe
  C:\Windows\System\jEvOhsj.exe
  2⤵
  PID:7480
- C:\Windows\System\zKkcAco.exe
  C:\Windows\System\zKkcAco.exe
  2⤵
  PID:7556
- C:\Windows\System\ZYnPXDB.exe
  C:\Windows\System\ZYnPXDB.exe
  2⤵
  PID:7664
- C:\Windows\System\xAcoORT.exe
  C:\Windows\System\xAcoORT.exe
  2⤵
  PID:7568
- C:\Windows\System\ZlSoKvy.exe
  C:\Windows\System\ZlSoKvy.exe
  2⤵
  PID:7572
- C:\Windows\System\MrbVvGf.exe
  C:\Windows\System\MrbVvGf.exe
  2⤵
  PID:8104
- C:\Windows\System\DrKcqSQ.exe
  C:\Windows\System\DrKcqSQ.exe
  2⤵
  PID:7984
- C:\Windows\System\IWPARtV.exe
  C:\Windows\System\IWPARtV.exe
  2⤵
  PID:7724
- C:\Windows\System\KjHJeAz.exe
  C:\Windows\System\KjHJeAz.exe
  2⤵
  PID:7784
- C:\Windows\System\AzQeoQc.exe
  C:\Windows\System\AzQeoQc.exe
  2⤵
  PID:7972
- C:\Windows\System\HzAIaQE.exe
  C:\Windows\System\HzAIaQE.exe
  2⤵
  PID:8052
- C:\Windows\System\KFYuDYv.exe
  C:\Windows\System\KFYuDYv.exe
  2⤵
  PID:8172
- C:\Windows\System\Fkoeyii.exe
  C:\Windows\System\Fkoeyii.exe
  2⤵
  PID:7212
- C:\Windows\System\ETAgbUK.exe
  C:\Windows\System\ETAgbUK.exe
  2⤵
  PID:7304
- C:\Windows\System\BzTcSBq.exe
  C:\Windows\System\BzTcSBq.exe
  2⤵
  PID:7404
- C:\Windows\System\knsCDlU.exe
  C:\Windows\System\knsCDlU.exe
  2⤵
  PID:3044
- C:\Windows\System\dBgvWWd.exe
  C:\Windows\System\dBgvWWd.exe
  2⤵
  PID:7612
- C:\Windows\System\rpIVsMM.exe
  C:\Windows\System\rpIVsMM.exe
  2⤵
  PID:7648
- C:\Windows\System\CJnjigD.exe
  C:\Windows\System\CJnjigD.exe
  2⤵
  PID:8132
- C:\Windows\System\VckKWni.exe
  C:\Windows\System\VckKWni.exe
  2⤵
  PID:7700
- C:\Windows\System\wxmgbHA.exe
  C:\Windows\System\wxmgbHA.exe
  2⤵
  PID:7136
- C:\Windows\System\sjJLTiH.exe
  C:\Windows\System\sjJLTiH.exe
  2⤵
  PID:980
- C:\Windows\System\iJTJWyr.exe
  C:\Windows\System\iJTJWyr.exe
  2⤵
  PID:7860
- C:\Windows\System\NLLjsCM.exe
  C:\Windows\System\NLLjsCM.exe
  2⤵
  PID:7920
- C:\Windows\System\uyClxuk.exe
  C:\Windows\System\uyClxuk.exe
  2⤵
  PID:7496
- C:\Windows\System\DiojIEN.exe
  C:\Windows\System\DiojIEN.exe
  2⤵
  PID:8016
- C:\Windows\System\RGavuoY.exe
  C:\Windows\System\RGavuoY.exe
  2⤵
  PID:8128
- C:\Windows\System\gvevkzS.exe
  C:\Windows\System\gvevkzS.exe
  2⤵
  PID:7504
- C:\Windows\System\LfVRlGn.exe
  C:\Windows\System\LfVRlGn.exe
  2⤵
  PID:7924
- C:\Windows\System\lJuKpkG.exe
  C:\Windows\System\lJuKpkG.exe
  2⤵
  PID:8160
- C:\Windows\System\TOtxOAr.exe
  C:\Windows\System\TOtxOAr.exe
  2⤵
  PID:7356
- C:\Windows\System\vyyTKBd.exe
  C:\Windows\System\vyyTKBd.exe
  2⤵
  PID:8140
- C:\Windows\System\YQqlrNd.exe
  C:\Windows\System\YQqlrNd.exe
  2⤵
  PID:7876
- C:\Windows\System\zheHMNg.exe
  C:\Windows\System\zheHMNg.exe
  2⤵
  PID:7852
- C:\Windows\System\iCrMpaw.exe
  C:\Windows\System\iCrMpaw.exe
  2⤵
  PID:7596
- C:\Windows\System\MSDnRhY.exe
  C:\Windows\System\MSDnRhY.exe
  2⤵
  PID:1960
- C:\Windows\System\cNAauco.exe
  C:\Windows\System\cNAauco.exe
  2⤵
  PID:7804
- C:\Windows\System\PEDxuqb.exe
  C:\Windows\System\PEDxuqb.exe
  2⤵
  PID:7440
- C:\Windows\System\iWDXeuV.exe
  C:\Windows\System\iWDXeuV.exe
  2⤵
  PID:6636
- C:\Windows\System\LfPgXJW.exe
  C:\Windows\System\LfPgXJW.exe
  2⤵
  PID:7324
- C:\Windows\System\lUKJjfv.exe
  C:\Windows\System\lUKJjfv.exe
  2⤵
  PID:7460
- C:\Windows\System\cvkNayu.exe
  C:\Windows\System\cvkNayu.exe
  2⤵
  PID:7352
- C:\Windows\System\VWqtUuB.exe
  C:\Windows\System\VWqtUuB.exe
  2⤵
  PID:7680
- C:\Windows\System\SIaHXAM.exe
  C:\Windows\System\SIaHXAM.exe
  2⤵
  PID:8208
- C:\Windows\System\OrwCvxV.exe
  C:\Windows\System\OrwCvxV.exe
  2⤵
  PID:8224
- C:\Windows\System\ZuxVueI.exe
  C:\Windows\System\ZuxVueI.exe
  2⤵
  PID:8244
- C:\Windows\System\gOmakdq.exe
  C:\Windows\System\gOmakdq.exe
  2⤵
  PID:8264
- C:\Windows\System\lmPWySL.exe
  C:\Windows\System\lmPWySL.exe
  2⤵
  PID:8288
- C:\Windows\System\GpfBOOw.exe
  C:\Windows\System\GpfBOOw.exe
  2⤵
  PID:8324
- C:\Windows\System\yiDrnUx.exe
  C:\Windows\System\yiDrnUx.exe
  2⤵
  PID:8340
- C:\Windows\System\xzFElrU.exe
  C:\Windows\System\xzFElrU.exe
  2⤵
  PID:8364
- C:\Windows\System\xZMRdqH.exe
  C:\Windows\System\xZMRdqH.exe
  2⤵
  PID:8380
- C:\Windows\System\zLKItDA.exe
  C:\Windows\System\zLKItDA.exe
  2⤵
  PID:8396
- C:\Windows\System\NRSDLJn.exe
  C:\Windows\System\NRSDLJn.exe
  2⤵
  PID:8416
- C:\Windows\System\zyHTzhC.exe
  C:\Windows\System\zyHTzhC.exe
  2⤵
  PID:8432
- C:\Windows\System\qzjBGWa.exe
  C:\Windows\System\qzjBGWa.exe
  2⤵
  PID:8456
- C:\Windows\System\uXhjVGN.exe
  C:\Windows\System\uXhjVGN.exe
  2⤵
  PID:8472
- C:\Windows\System\FXQDSLQ.exe
  C:\Windows\System\FXQDSLQ.exe
  2⤵
  PID:8488
- C:\Windows\System\BahSQpO.exe
  C:\Windows\System\BahSQpO.exe
  2⤵
  PID:8512
- C:\Windows\System\cCZuqZp.exe
  C:\Windows\System\cCZuqZp.exe
  2⤵
  PID:8528
- C:\Windows\System\OBKIbRY.exe
  C:\Windows\System\OBKIbRY.exe
  2⤵
  PID:8552
- C:\Windows\System\ltGLpFs.exe
  C:\Windows\System\ltGLpFs.exe
  2⤵
  PID:8572
- C:\Windows\System\eaMySns.exe
  C:\Windows\System\eaMySns.exe
  2⤵
  PID:8592
- C:\Windows\System\bvSRWir.exe
  C:\Windows\System\bvSRWir.exe
  2⤵
  PID:8628
- C:\Windows\System\JnuQFEF.exe
  C:\Windows\System\JnuQFEF.exe
  2⤵
  PID:8644
- C:\Windows\System\MBKRVOG.exe
  C:\Windows\System\MBKRVOG.exe
  2⤵
  PID:8664
- C:\Windows\System\LrpDEJR.exe
  C:\Windows\System\LrpDEJR.exe
  2⤵
  PID:8680
- C:\Windows\System\gMAaBOK.exe
  C:\Windows\System\gMAaBOK.exe
  2⤵
  PID:8700
- C:\Windows\System\kWPifIb.exe
  C:\Windows\System\kWPifIb.exe
  2⤵
  PID:8716
- C:\Windows\System\lRxBtpE.exe
  C:\Windows\System\lRxBtpE.exe
  2⤵
  PID:8732
- C:\Windows\System\YklAqGS.exe
  C:\Windows\System\YklAqGS.exe
  2⤵
  PID:8752
- C:\Windows\System\oYzAAdb.exe
  C:\Windows\System\oYzAAdb.exe
  2⤵
  PID:8772
- C:\Windows\System\aWnvpNG.exe
  C:\Windows\System\aWnvpNG.exe
  2⤵
  PID:8788
- C:\Windows\System\iuSLTkj.exe
  C:\Windows\System\iuSLTkj.exe
  2⤵
  PID:8812
- C:\Windows\System\uqgoeUv.exe
  C:\Windows\System\uqgoeUv.exe
  2⤵
  PID:8836
- C:\Windows\System\IddPvZy.exe
  C:\Windows\System\IddPvZy.exe
  2⤵
  PID:8856
- C:\Windows\System\TJitpMb.exe
  C:\Windows\System\TJitpMb.exe
  2⤵
  PID:8884
- C:\Windows\System\sZlPHvi.exe
  C:\Windows\System\sZlPHvi.exe
  2⤵
  PID:8900
- C:\Windows\System\JbYnEku.exe
  C:\Windows\System\JbYnEku.exe
  2⤵
  PID:8920
- C:\Windows\System\IMAOHxC.exe
  C:\Windows\System\IMAOHxC.exe
  2⤵
  PID:8944
- C:\Windows\System\AApWchL.exe
  C:\Windows\System\AApWchL.exe
  2⤵
  PID:8960
- C:\Windows\System\bnlWmrt.exe
  C:\Windows\System\bnlWmrt.exe
  2⤵
  PID:8992
- C:\Windows\System\ApuZLpB.exe
  C:\Windows\System\ApuZLpB.exe
  2⤵
  PID:9012
- C:\Windows\System\rMLSdVN.exe
  C:\Windows\System\rMLSdVN.exe
  2⤵
  PID:9028
- C:\Windows\System\vENUZFP.exe
  C:\Windows\System\vENUZFP.exe
  2⤵
  PID:9048
- C:\Windows\System\xGKIGwL.exe
  C:\Windows\System\xGKIGwL.exe
  2⤵
  PID:9064
- C:\Windows\System\JPFvpzU.exe
  C:\Windows\System\JPFvpzU.exe
  2⤵
  PID:9084
- C:\Windows\System\EwGaQTq.exe
  C:\Windows\System\EwGaQTq.exe
  2⤵
  PID:9112
- C:\Windows\System\gSNdQLL.exe
  C:\Windows\System\gSNdQLL.exe
  2⤵
  PID:9128
- C:\Windows\System\fZyddSU.exe
  C:\Windows\System\fZyddSU.exe
  2⤵
  PID:9148
- C:\Windows\System\iFefxDE.exe
  C:\Windows\System\iFefxDE.exe
  2⤵
  PID:9172
- C:\Windows\System\FlCmXty.exe
  C:\Windows\System\FlCmXty.exe
  2⤵
  PID:9192
- C:\Windows\System\ziqAHKJ.exe
  C:\Windows\System\ziqAHKJ.exe
  2⤵
  PID:9212
- C:\Windows\System\ocXfUDf.exe
  C:\Windows\System\ocXfUDf.exe
  2⤵
  PID:8216
- C:\Windows\System\RqwcKHC.exe
  C:\Windows\System\RqwcKHC.exe
  2⤵
  PID:8200
- C:\Windows\System\LlAVjWi.exe
  C:\Windows\System\LlAVjWi.exe
  2⤵
  PID:8240
- C:\Windows\System\ihsXsxj.exe
  C:\Windows\System\ihsXsxj.exe
  2⤵
  PID:8300
- C:\Windows\System\SXHuPHK.exe
  C:\Windows\System\SXHuPHK.exe
  2⤵
  PID:7752
- C:\Windows\System\BtxNAJe.exe
  C:\Windows\System\BtxNAJe.exe
  2⤵
  PID:8352
- C:\Windows\System\cChJaCa.exe
  C:\Windows\System\cChJaCa.exe
  2⤵
  PID:8392
- C:\Windows\System\mIqSTVg.exe
  C:\Windows\System\mIqSTVg.exe
  2⤵
  PID:8408
- C:\Windows\System\HyhhsJg.exe
  C:\Windows\System\HyhhsJg.exe
  2⤵
  PID:8496
- C:\Windows\System\FtfdyEI.exe
  C:\Windows\System\FtfdyEI.exe
  2⤵
  PID:8536
- C:\Windows\System\oVzoAqZ.exe
  C:\Windows\System\oVzoAqZ.exe
  2⤵
  PID:8484
- C:\Windows\System\nQideOn.exe
  C:\Windows\System\nQideOn.exe
  2⤵
  PID:8568
- C:\Windows\System\RhQABsz.exe
  C:\Windows\System\RhQABsz.exe
  2⤵
  PID:8612
- C:\Windows\System\XPcrhNW.exe
  C:\Windows\System\XPcrhNW.exe
  2⤵
  PID:8640
- C:\Windows\System\adwKvsy.exe
  C:\Windows\System\adwKvsy.exe
  2⤵
  PID:8672
- C:\Windows\System\OsaXYJU.exe
  C:\Windows\System\OsaXYJU.exe
  2⤵
  PID:8708
- C:\Windows\System\oAQehzL.exe
  C:\Windows\System\oAQehzL.exe
  2⤵
  PID:8728
- C:\Windows\System\NBNRDUO.exe
  C:\Windows\System\NBNRDUO.exe
  2⤵
  PID:8800
- C:\Windows\System\cNIRuRk.exe
  C:\Windows\System\cNIRuRk.exe
  2⤵
  PID:8768
- C:\Windows\System\VrswxZN.exe
  C:\Windows\System\VrswxZN.exe
  2⤵
  PID:8620
- C:\Windows\System\GPbVVcH.exe
  C:\Windows\System\GPbVVcH.exe
  2⤵
  PID:8868
- C:\Windows\System\UzwGxSv.exe
  C:\Windows\System\UzwGxSv.exe
  2⤵
  PID:8908
- C:\Windows\System\kYyFNMO.exe
  C:\Windows\System\kYyFNMO.exe
  2⤵
  PID:8912
- C:\Windows\System\dIHLPly.exe
  C:\Windows\System\dIHLPly.exe
  2⤵
  PID:8928
- C:\Windows\System\nnCvIPb.exe
  C:\Windows\System\nnCvIPb.exe
  2⤵
  PID:8984
- C:\Windows\System\waRgpvq.exe
  C:\Windows\System\waRgpvq.exe
  2⤵
  PID:9004
- C:\Windows\System\iIiIJAY.exe
  C:\Windows\System\iIiIJAY.exe
  2⤵
  PID:9120
- C:\Windows\System\VwtdCmu.exe
  C:\Windows\System\VwtdCmu.exe
  2⤵
  PID:9108
- C:\Windows\System\JtknEId.exe
  C:\Windows\System\JtknEId.exe
  2⤵
  PID:9144
- C:\Windows\System\qLjskCQ.exe
  C:\Windows\System\qLjskCQ.exe
  2⤵
  PID:9184
- C:\Windows\System\DFKjtpz.exe
  C:\Windows\System\DFKjtpz.exe
  2⤵
  PID:9208
- C:\Windows\System\TseQSue.exe
  C:\Windows\System\TseQSue.exe
  2⤵
  PID:8332
- C:\Windows\System\GBkmvyb.exe
  C:\Windows\System\GBkmvyb.exe
  2⤵
  PID:8428
- C:\Windows\System\YhWSCNP.exe
  C:\Windows\System\YhWSCNP.exe
  2⤵
  PID:7940
- C:\Windows\System\DYWDTxu.exe
  C:\Windows\System\DYWDTxu.exe
  2⤵
  PID:8316
- C:\Windows\System\YnLdsgX.exe
  C:\Windows\System\YnLdsgX.exe
  2⤵
  PID:8440
- C:\Windows\System\dcHUilZ.exe
  C:\Windows\System\dcHUilZ.exe
  2⤵
  PID:8540
- C:\Windows\System\DRENGRo.exe
  C:\Windows\System\DRENGRo.exe
  2⤵
  PID:8564
- C:\Windows\System\YTIXcrc.exe
  C:\Windows\System\YTIXcrc.exe
  2⤵
  PID:8588
- C:\Windows\System\hXXFggq.exe
  C:\Windows\System\hXXFggq.exe
  2⤵
  PID:8624
- C:\Windows\System\CChYRkR.exe
  C:\Windows\System\CChYRkR.exe
  2⤵
  PID:8660
- C:\Windows\System\SgZspKw.exe
  C:\Windows\System\SgZspKw.exe
  2⤵
  PID:8696
- C:\Windows\System\fOOkLfj.exe
  C:\Windows\System\fOOkLfj.exe
  2⤵
  PID:8608
- C:\Windows\System\myMUEqA.exe
  C:\Windows\System\myMUEqA.exe
  2⤵
  PID:8932
- C:\Windows\System\tGIxSaq.exe
  C:\Windows\System\tGIxSaq.exe
  2⤵
  PID:9008
- C:\Windows\System\UpUgHCv.exe
  C:\Windows\System\UpUgHCv.exe
  2⤵
  PID:8844
- C:\Windows\System\HsvMyPi.exe
  C:\Windows\System\HsvMyPi.exe
  2⤵
  PID:9056
- C:\Windows\System\BZvWtZz.exe
  C:\Windows\System\BZvWtZz.exe
  2⤵
  PID:9100
- C:\Windows\System\aAYlOaq.exe
  C:\Windows\System\aAYlOaq.exe
  2⤵
  PID:9200
- C:\Windows\System\KsepIUa.exe
  C:\Windows\System\KsepIUa.exe
  2⤵
  PID:8348
- C:\Windows\System\OMrgrjq.exe
  C:\Windows\System\OMrgrjq.exe
  2⤵
  PID:8232
- C:\Windows\System\QhZEkET.exe
  C:\Windows\System\QhZEkET.exe
  2⤵
  PID:8452
- C:\Windows\System\YcdcCUM.exe
  C:\Windows\System\YcdcCUM.exe
  2⤵
  PID:8276
- C:\Windows\System\EhiUBJR.exe
  C:\Windows\System\EhiUBJR.exe
  2⤵
  PID:8284
- C:\Windows\System\fNxajTD.exe
  C:\Windows\System\fNxajTD.exe
  2⤵
  PID:8828
- C:\Windows\System\tTkZgyk.exe
  C:\Windows\System\tTkZgyk.exe
  2⤵
  PID:8468
- C:\Windows\System\vHBEIqn.exe
  C:\Windows\System\vHBEIqn.exe
  2⤵
  PID:8936
- C:\Windows\System\REMJeru.exe
  C:\Windows\System\REMJeru.exe
  2⤵
  PID:8916
- C:\Windows\System\ZNcmeiF.exe
  C:\Windows\System\ZNcmeiF.exe
  2⤵
  PID:9096
- C:\Windows\System\qAhEhhJ.exe
  C:\Windows\System\qAhEhhJ.exe
  2⤵
  PID:8272
- C:\Windows\System\mRjfkSk.exe
  C:\Windows\System\mRjfkSk.exe
  2⤵
  PID:8196
- C:\Windows\System\bJuEJzw.exe
  C:\Windows\System\bJuEJzw.exe
  2⤵
  PID:8372
- C:\Windows\System\mtYpFXG.exe
  C:\Windows\System\mtYpFXG.exe
  2⤵
  PID:8508
- C:\Windows\System\yeyQdtc.exe
  C:\Windows\System\yeyQdtc.exe
  2⤵
  PID:8692
- C:\Windows\System\zdZLumL.exe
  C:\Windows\System\zdZLumL.exe
  2⤵
  PID:8760
- C:\Windows\System\nYNHQSl.exe
  C:\Windows\System\nYNHQSl.exe
  2⤵
  PID:8956
- C:\Windows\System\uYdRwww.exe
  C:\Windows\System\uYdRwww.exe
  2⤵
  PID:9104
- C:\Windows\System\hlcMUtB.exe
  C:\Windows\System\hlcMUtB.exe
  2⤵
  PID:9160
- C:\Windows\System\sydNHUC.exe
  C:\Windows\System\sydNHUC.exe
  2⤵
  PID:8504
- C:\Windows\System\bUYbASB.exe
  C:\Windows\System\bUYbASB.exe
  2⤵
  PID:8712
- C:\Windows\System\ZEZeerz.exe
  C:\Windows\System\ZEZeerz.exe
  2⤵
  PID:8980
- C:\Windows\System\fDlUxwF.exe
  C:\Windows\System\fDlUxwF.exe
  2⤵
  PID:9072
- C:\Windows\System\JBkjakN.exe
  C:\Windows\System\JBkjakN.exe
  2⤵
  PID:9156
- C:\Windows\System\lFkCwyE.exe
  C:\Windows\System\lFkCwyE.exe
  2⤵
  PID:8892
- C:\Windows\System\xnSNphe.exe
  C:\Windows\System\xnSNphe.exe
  2⤵
  PID:8848
- C:\Windows\System\lFQszyT.exe
  C:\Windows\System\lFQszyT.exe
  2⤵
  PID:8404
- C:\Windows\System\IfAtBZx.exe
  C:\Windows\System\IfAtBZx.exe
  2⤵
  PID:9000
- C:\Windows\System\AZWWGKi.exe
  C:\Windows\System\AZWWGKi.exe
  2⤵
  PID:9244
- C:\Windows\System\ctfBRob.exe
  C:\Windows\System\ctfBRob.exe
  2⤵
  PID:9260
- C:\Windows\System\sMTMeLA.exe
  C:\Windows\System\sMTMeLA.exe
  2⤵
  PID:9276
- C:\Windows\System\kpvWooZ.exe
  C:\Windows\System\kpvWooZ.exe
  2⤵
  PID:9308
- C:\Windows\System\atayYAe.exe
  C:\Windows\System\atayYAe.exe
  2⤵
  PID:9328
- C:\Windows\System\iPhhDGT.exe
  C:\Windows\System\iPhhDGT.exe
  2⤵
  PID:9348
- C:\Windows\System\pLmdGoi.exe
  C:\Windows\System\pLmdGoi.exe
  2⤵
  PID:9364
- C:\Windows\System\JRwXKae.exe
  C:\Windows\System\JRwXKae.exe
  2⤵
  PID:9380
- C:\Windows\System\qnjWdKE.exe
  C:\Windows\System\qnjWdKE.exe
  2⤵
  PID:9396
- C:\Windows\System\UEaVUCZ.exe
  C:\Windows\System\UEaVUCZ.exe
  2⤵
  PID:9416
- C:\Windows\System\PdPLyYF.exe
  C:\Windows\System\PdPLyYF.exe
  2⤵
  PID:9440
- C:\Windows\System\CvHqvpj.exe
  C:\Windows\System\CvHqvpj.exe
  2⤵
  PID:9464
- C:\Windows\System\jsGHJil.exe
  C:\Windows\System\jsGHJil.exe
  2⤵
  PID:9484
- C:\Windows\System\cxUdItI.exe
  C:\Windows\System\cxUdItI.exe
  2⤵
  PID:9504
- C:\Windows\System\SbyyDZJ.exe
  C:\Windows\System\SbyyDZJ.exe
  2⤵
  PID:9528
- C:\Windows\System\OrYAvoY.exe
  C:\Windows\System\OrYAvoY.exe
  2⤵
  PID:9548
- C:\Windows\System\VFYfomk.exe
  C:\Windows\System\VFYfomk.exe
  2⤵
  PID:9568
- C:\Windows\System\qSxviFA.exe
  C:\Windows\System\qSxviFA.exe
  2⤵
  PID:9584
- C:\Windows\System\sIGRPue.exe
  C:\Windows\System\sIGRPue.exe
  2⤵
  PID:9608
- C:\Windows\System\MfjXYLZ.exe
  C:\Windows\System\MfjXYLZ.exe
  2⤵
  PID:9628
- C:\Windows\System\TiNMeop.exe
  C:\Windows\System\TiNMeop.exe
  2⤵
  PID:9648
- C:\Windows\System\BZlVRfb.exe
  C:\Windows\System\BZlVRfb.exe
  2⤵
  PID:9668
- C:\Windows\System\LmWOBkJ.exe
  C:\Windows\System\LmWOBkJ.exe
  2⤵
  PID:9684
- C:\Windows\System\YWEoUvO.exe
  C:\Windows\System\YWEoUvO.exe
  2⤵
  PID:9700
- C:\Windows\System\XoNAMDY.exe
  C:\Windows\System\XoNAMDY.exe
  2⤵
  PID:9716
- C:\Windows\System\NIfcgxl.exe
  C:\Windows\System\NIfcgxl.exe
  2⤵
  PID:9740
- C:\Windows\System\JnrtWna.exe
  C:\Windows\System\JnrtWna.exe
  2⤵
  PID:9756
- C:\Windows\System\bsPakza.exe
  C:\Windows\System\bsPakza.exe
  2⤵
  PID:9772
- C:\Windows\System\AdDPeTV.exe
  C:\Windows\System\AdDPeTV.exe
  2⤵
  PID:9800
- C:\Windows\System\tYGqDfh.exe
  C:\Windows\System\tYGqDfh.exe
  2⤵
  PID:9820
- C:\Windows\System\Wdqtdcq.exe
  C:\Windows\System\Wdqtdcq.exe
  2⤵
  PID:9840
- C:\Windows\System\EiuAGKg.exe
  C:\Windows\System\EiuAGKg.exe
  2⤵
  PID:9856
- C:\Windows\System\cZECRCh.exe
  C:\Windows\System\cZECRCh.exe
  2⤵
  PID:9876
- C:\Windows\System\PwfYERJ.exe
  C:\Windows\System\PwfYERJ.exe
  2⤵
  PID:9896
- C:\Windows\System\BGkEdFc.exe
  C:\Windows\System\BGkEdFc.exe
  2⤵
  PID:9912
- C:\Windows\System\kytvHGy.exe
  C:\Windows\System\kytvHGy.exe
  2⤵
  PID:9940
- C:\Windows\System\UoNGrIW.exe
  C:\Windows\System\UoNGrIW.exe
  2⤵
  PID:9956
- C:\Windows\System\fRmfcPL.exe
  C:\Windows\System\fRmfcPL.exe
  2⤵
  PID:9980
- C:\Windows\System\lwiBPgk.exe
  C:\Windows\System\lwiBPgk.exe
  2⤵
  PID:10000
- C:\Windows\System\VeyDuXp.exe
  C:\Windows\System\VeyDuXp.exe
  2⤵
  PID:10020
- C:\Windows\System\XVoETjH.exe
  C:\Windows\System\XVoETjH.exe
  2⤵
  PID:10044
- C:\Windows\System\XloRQya.exe
  C:\Windows\System\XloRQya.exe
  2⤵
  PID:10064
- C:\Windows\System\uyuMjVG.exe
  C:\Windows\System\uyuMjVG.exe
  2⤵
  PID:10088
- C:\Windows\System\SmZvlwv.exe
  C:\Windows\System\SmZvlwv.exe
  2⤵
  PID:10104
- C:\Windows\System\djyqijz.exe
  C:\Windows\System\djyqijz.exe
  2⤵
  PID:10128
- C:\Windows\System\oKyfsEq.exe
  C:\Windows\System\oKyfsEq.exe
  2⤵
  PID:10152
- C:\Windows\System\NoHykyr.exe
  C:\Windows\System\NoHykyr.exe
  2⤵
  PID:10168
- C:\Windows\System\HRVODtG.exe
  C:\Windows\System\HRVODtG.exe
  2⤵
  PID:10184
- C:\Windows\System\awuKBaP.exe
  C:\Windows\System\awuKBaP.exe
  2⤵
  PID:10212
- C:\Windows\System\wPnHNhV.exe
  C:\Windows\System\wPnHNhV.exe
  2⤵
  PID:10228
- C:\Windows\System\wZWiHNQ.exe
  C:\Windows\System\wZWiHNQ.exe
  2⤵
  PID:9224
- C:\Windows\System\MoxGqmP.exe
  C:\Windows\System\MoxGqmP.exe
  2⤵
  PID:9240
- C:\Windows\System\WcrZUgP.exe
  C:\Windows\System\WcrZUgP.exe
  2⤵
  PID:9272
- C:\Windows\System\TfSqzJY.exe
  C:\Windows\System\TfSqzJY.exe
  2⤵
  PID:9304
- C:\Windows\System\FqNMHmi.exe
  C:\Windows\System\FqNMHmi.exe
  2⤵
  PID:9344
- C:\Windows\System\oxixTyE.exe
  C:\Windows\System\oxixTyE.exe
  2⤵
  PID:9376
- C:\Windows\System\znpjZly.exe
  C:\Windows\System\znpjZly.exe
  2⤵
  PID:9408
- C:\Windows\System\SgaFgEB.exe
  C:\Windows\System\SgaFgEB.exe
  2⤵
  PID:9432
- C:\Windows\System\qBPLExw.exe
  C:\Windows\System\qBPLExw.exe
  2⤵
  PID:8852
- C:\Windows\System\SnUNajd.exe
  C:\Windows\System\SnUNajd.exe
  2⤵
  PID:9480
- C:\Windows\System\qwCfcBP.exe
  C:\Windows\System\qwCfcBP.exe
  2⤵
  PID:9512
- C:\Windows\System\kxJAXqs.exe
  C:\Windows\System\kxJAXqs.exe
  2⤵
  PID:9580
- C:\Windows\System\MJzOUtf.exe
  C:\Windows\System\MJzOUtf.exe
  2⤵
  PID:9644
- C:\Windows\System\exfnhkC.exe
  C:\Windows\System\exfnhkC.exe
  2⤵
  PID:9676
- C:\Windows\System\AyPjMti.exe
  C:\Windows\System\AyPjMti.exe
  2⤵
  PID:9748
- C:\Windows\System\yaLauEA.exe
  C:\Windows\System\yaLauEA.exe
  2⤵
  PID:9796
- C:\Windows\System\aJrzZbe.exe
  C:\Windows\System\aJrzZbe.exe
  2⤵
  PID:9768
- C:\Windows\System\ozdccyf.exe
  C:\Windows\System\ozdccyf.exe
  2⤵
  PID:9864
- C:\Windows\System\EgErJMZ.exe
  C:\Windows\System\EgErJMZ.exe
  2⤵
  PID:9724
- C:\Windows\System\qiSTIRD.exe
  C:\Windows\System\qiSTIRD.exe
  2⤵
  PID:9992
- C:\Windows\System\aSqSXXi.exe
  C:\Windows\System\aSqSXXi.exe
  2⤵
  PID:9816
- C:\Windows\System\PDonhyH.exe
  C:\Windows\System\PDonhyH.exe
  2⤵
  PID:10032
- C:\Windows\System\OTWXJZm.exe
  C:\Windows\System\OTWXJZm.exe
  2⤵
  PID:10040
- C:\Windows\System\kjQkuBn.exe
  C:\Windows\System\kjQkuBn.exe
  2⤵
  PID:9936
- C:\Windows\System\Lafweuj.exe
  C:\Windows\System\Lafweuj.exe
  2⤵
  PID:9972
- C:\Windows\System\NaeFBvS.exe
  C:\Windows\System\NaeFBvS.exe
  2⤵
  PID:10072
- C:\Windows\System\NEYFNkE.exe
  C:\Windows\System\NEYFNkE.exe
  2⤵
  PID:10096
- C:\Windows\System\NSaTRDi.exe
  C:\Windows\System\NSaTRDi.exe
  2⤵
  PID:10144
- C:\Windows\System\zUZVKFN.exe
  C:\Windows\System\zUZVKFN.exe
  2⤵
  PID:10192
- C:\Windows\System\HFniOtp.exe
  C:\Windows\System\HFniOtp.exe
  2⤵
  PID:10180
- C:\Windows\System\EDCAhrp.exe
  C:\Windows\System\EDCAhrp.exe
  2⤵
  PID:9268
- C:\Windows\System\WJdbalZ.exe
  C:\Windows\System\WJdbalZ.exe
  2⤵
  PID:9324
- C:\Windows\System\vDRPzkH.exe
  C:\Windows\System\vDRPzkH.exe
  2⤵
  PID:9372
- C:\Windows\System\SfAYDVa.exe
  C:\Windows\System\SfAYDVa.exe
  2⤵
  PID:9456
- C:\Windows\System\ONSKYvb.exe
  C:\Windows\System\ONSKYvb.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IYcvFEN.exe

Filesize
5.9MB

MD5
31604323dd43c649332f2dbdea8564bb

SHA1
3e402292502011b233645b315a1fedd43a5fb351

SHA256
e4001b9306eea4f1c9f834dfedbcafe076e3c0c882bc0384fd445ef7bd7c669b

SHA512
39d67b220973febfa0e6985297cb63626dce948a4ee761670bd3dd47d8f62068228645635763e5d8db9fbe30f93a2208d0612744be6b11616df58946d6cc1d2a

Download Submit
C:\Windows\system\KdlhSuz.exe

Filesize
5.9MB

MD5
c93ee3f9b9c98ae92fe1536dab580435

SHA1
e849d991edd04b532711ffa4f980e29c04216353

SHA256
51d0fb56a4e3b6fde959d9d17bfbd17b89ed1ed8939ab13c54462853c6583eea

SHA512
6bba6b2bec22e0102d7ddf330e27efc99286cd862139d0509479f7594f14ffa200bd1ab446949793088c1cc7a77e8408920ece3621b16ac77df2c39f24041f91

Download Submit
C:\Windows\system\MAyZehP.exe

Filesize
5.9MB

MD5
4bd8c8af3dc7d053565d5903c4ca97d6

SHA1
123b4daa0545f94f75aabeefc53d2404b1c1c5ae

SHA256
cc86a9129b1cf053cf328e11170893858036c5b7556b83b86a33b736f7a06f35

SHA512
6248f973bc34ff4ed474558dcfa18b330f7834a8f2623942029c72dc32edc19a4b2e8dddbfecf6f55dbfdc0454ff9595887f6a49dbb2cc3a9d3cd299d3e57035

Download Submit
C:\Windows\system\QgylKTK.exe

Filesize
5.9MB

MD5
f4ea56ff600e5e2628507e3b53e4e338

SHA1
554f0f632c5bb6a57472f5e19b1f3a142cb4bdb3

SHA256
89467802fcd1ea65806484ec4f28f15dafbd1827f5e131f4c12cc9ffe44ac689

SHA512
51c485d9883ab21c1128c504439c44f3e59cc417089588b1c44c7e9ebc1ec95fbca6aa424c08fa034c3272da011d7f944b006d9080199f7447317ce277ae5fb6

Download Submit
C:\Windows\system\RbmXyNY.exe

Filesize
5.9MB

MD5
f3547cac39b4f8aa702cc2ef96253224

SHA1
b90745a0bc40adbbc0da6464b96e368af79e0439

SHA256
de1579f1cc2676242970a5f3b99dd4e301df166044894206a6e987cc4b1007ed

SHA512
6eda14371a8535e392620c354641d8144416187cb81856b4c17b09d0778456f9f2820a97947b11e4c1a4233941ec580a54174005ffdc917c9ac70f10a3290394

Download Submit
C:\Windows\system\TxWCGxg.exe

Filesize
5.9MB

MD5
de80bd841ea643a9e796dc405934f20c

SHA1
afaa4a0ebf8cd1a16c74fca1b33c66c740185458

SHA256
a3a10514c0a6b882a5b28ab46da388660ca07fb3d426d078f49e1d94fdb9ae04

SHA512
dcfb5830ef918c1e75af6383ff8f4779885b5ed3876087c8e53d0fe8102fd51be7bc24b3d2d239d750becdcf6673ffb9835de8762638a47d4fa480d513fe4be9

Download Submit
C:\Windows\system\ZAAuXwr.exe

Filesize
5.9MB

MD5
fefa37d7786df2ab1b4c8d8f94b9a366

SHA1
da6c86c99ffa73ff64b3c2b23f6faf4d944b1ead

SHA256
2bf36b296a27f0bc0f06846a1561de230494b7eac08b54950556c082e3627578

SHA512
0c215f8d5e690c41b8986a6487b782fae2183ff6a194bd85dc5e74d4e24a6cb650930a5b0d3082acad6a52f26b1f9c1f43984b703f12aba43c37f317c35786e3

Download Submit
C:\Windows\system\ZZjrhNF.exe

Filesize
5.9MB

MD5
8e04e0c87574c3416af28a7385c72904

SHA1
dfe0c93edbc078e902be885b79760bf112669262

SHA256
dea3aa8fa18e6ee1120734e6a5a1f3a8386f2d9162a8a0285a0f06045f7f1778

SHA512
20392a4d84e95bc37a62ef88ad475836ea02aedeeb0d70947ccb2798cd83f2f315a95b9ffdbe4323cca8a935c37069298cacec26c9274d7b2ed8b944e6476121

Download Submit
C:\Windows\system\ekVspin.exe

Filesize
5.9MB

MD5
194e76bd697aba51931f5e7a852fc893

SHA1
dafc8ead553fa9ded73b5f36b20a9bb7d6137990

SHA256
8f4ef60230c6f662ff108c8fb1a06248d6e51351722b60daabf9de503a352805

SHA512
882116712942c3403176d785791e79d44f0984431249cc084a4d1b43afac6a26bb3e8d3d38f7d8ae1502d6c6554e9e9ee71d46e4aff56140de40076ea37d8387

Download Submit
C:\Windows\system\fTnlfxW.exe

Filesize
5.9MB

MD5
d118c5d44b40b44505875ee4c5e70931

SHA1
6ebbce9b890aa4102ea5b3ad190c02081c3b4039

SHA256
3399bd9caa90195327110b0c8921315df9fff78cdcbf2894a6a2ae44b0f9f72b

SHA512
2de6e80ec8872790fd8700d499e3ea9a16e693c38b5ba626acbadad1ec983be1b96960432fc2eb2fd92601c15befcdd7a2a27264b1ceb724bfd2fe0c3c33b501

Download Submit
C:\Windows\system\fgKPZzF.exe

Filesize
5.9MB

MD5
1524937a86f2d72e71f051cec1d57f29

SHA1
e44c25e98a0753c4d8efdab09a5810f367f7dc91

SHA256
699f554387e3bd1645743aebb479fcb2129c7fe1061e0ccb671c55e4716dc287

SHA512
ef6a008c996b686acde4984850a6aeac4d1bf13283f277c64d97f35d739fcd01939445a6d21687eee8a6cd8689fbfeccd4daece0b9c620ddc6061d5efa048a79

Download Submit
C:\Windows\system\gBFaJGd.exe

Filesize
5.9MB

MD5
472d0b9f7502d3620d276fc9a7d3c3d3

SHA1
de2aecb27b3c7560e32512d59d51b0ad6a7b672d

SHA256
cebd89340bf79917fda672dfecf2a357756929f202209a0027182ce7c69f8fa9

SHA512
6c0e0b3a536160b9f2c2c8bb0e7a0d68d681a57eb4c4cbe1f24728d1507dae9c6b3f539d5346206df64116310143544620fe23bddd13ee789fd8bce77739a98a

Download Submit
C:\Windows\system\iRVQLgy.exe

Filesize
5.9MB

MD5
091f77055bd8452aa4eeaee6df653d8c

SHA1
640ea6e45f6620b1ae2e3bae412adf5b7cddca1d

SHA256
0e2e284b4b8b582bb92e70d745ee40242076a2fc2374d7f5bbc811fc301d4f6e

SHA512
ba6d6d77250b5fcaeef743de36d6b4e55f05a5df74449cd89a0db408c552adedbbcf2116d6d50be90af854cc69aa0fbbb50b9ff86cf979c1ea0d294bae7c023c

Download Submit
C:\Windows\system\lexIcOF.exe

Filesize
5.9MB

MD5
2b048f554143fa5655b2372b5c6d1c71

SHA1
d08ab99365b251064bbfb44c509722e94e78802d

SHA256
3720e9b4b925c9df06018ef3f4640bcd989b13663351f5ddece65b310498fcfb

SHA512
0294370adc2d6c30444997f62c2867891509cb7cd63ab59997b4b0f84ad89250f172ef9e62f34fee9121946a53f8e5ed81629f21c0cc791c49ed881e898568f3

Download Submit
C:\Windows\system\lqwIsJy.exe

Filesize
5.9MB

MD5
d47bd7167b7ed4eb5c0457ed33fe0786

SHA1
74dfaea474cb39eb17f4d31370d478443b98b5c6

SHA256
f30b44c2977d73cd0e896d9dab30e6bcf9c628682b3785f926c4a6c40a84f205

SHA512
0cac714747af16596fefbbe4c4017841d4624223e3c2face390f4ea3d8c89e69cd60912b399e2a6f147a714becb5f836368da6606621667d16a154ed08d7de31

Download Submit
C:\Windows\system\mOlqJne.exe

Filesize
5.9MB

MD5
0cdd5d349a2f0a2cbd8d32f39d7f24e4

SHA1
76d53a4e431fd6c839def295a933a6f6ccfa48ec

SHA256
db139ea699f202cf265ef42dd56c525cdd2c7fe5e07b239936dbf05bcec3838d

SHA512
bfea7352e7981417544501462d4dba5d49f731488cbe8a4f608700e107358288970a75780ae88c68e5190aad80f842f0afb940f15ab6840830b623dccdd49c7b

Download Submit
C:\Windows\system\mPEaFXm.exe

Filesize
5.9MB

MD5
4659c0bea29b09cebf1024854bcf11a7

SHA1
93416ff1c0aaadbb195043885974c8cfcf61bb4f

SHA256
e6f17cd577187af33059480102e2822a4c75aa48fe07a1d5e1d7e297b5feab01

SHA512
b4742a4dd2e0f5de1ffe98d100364a556aaad5a58071a5317ab383eb840f15d0b153b5764fd05d5ceb4ab685615942f5cd74ff6b9411aa7b12d1c9d16ad53ba0

Download Submit
C:\Windows\system\pFEEHVw.exe

Filesize
5.9MB

MD5
6b63f2a3b42454aa1d69aac189c4917c

SHA1
45759558f45e997a50bb663e9dfe0658065a0f1e

SHA256
4ee4374e2bc55378b5cf2491e839d4fe8a0187112019b00169b6a586461d5a75

SHA512
52965c01704ed86415c99d190de4a54e73b50614052f403e119d75a59b53b4cb3247bdbd226df76cf6376a120c717eb5814f2c4748c266affb2d607b43ee8e0b

Download Submit
C:\Windows\system\vxCIKfL.exe

Filesize
5.9MB

MD5
2ad02610f0c580acdc3f9a3bbba9ecfd

SHA1
31ea8b195fa535f4167e89f1287bc344f2ed83e0

SHA256
2fee75f1d117ba79f1bcc59d2fd3bb2a994944810539b04428281484a9b07c66

SHA512
e6da2ab15b38a4f28512195133b764fb88a41a4a2fedf1358dd7eed2794e995206fbde5fa9d4aa10b72574798c30a60b8a1ecdee301bfc732da2c1db997a5533

Download Submit
C:\Windows\system\wJvtNIp.exe

Filesize
5.9MB

MD5
fc8a718f6fd8808d1f0fa091a252c0c2

SHA1
bce70aff84bbb271f4b654f0d93f2067b0671e97

SHA256
240cb4b18d165570c8d72a7bfef40fdd7104e5198755195ed10e5f8383e28ca3

SHA512
11195da32f3e197317e0712ee684d6150d4278231ab94e265888a6cda34f719abcf42b4716c5e6d33235bf4a92c6e7856edcc8cb53b184c73128fce420fbaf6e

Download Submit
C:\Windows\system\wzyUYgI.exe

Filesize
8B

MD5
ea85ef4283c3ea0e061c1135b1096ae3

SHA1
ee7e34463248534c5ba622af3b3ef3dd1be57102

SHA256
eadedcd23988365961b7e278b525a0ab38a05c3a2b716edfced60648640943a8

SHA512
c9ff3757dafb75bfa0f2ca50f2586e29757000dfb01f346ac419fcc2491a51bfaa342155d4d17f5ccfbdd7d58d0aa2611e493f12406d03592bfdecf1f01a9746

Download Submit
C:\Windows\system\xhXgBYd.exe

Filesize
5.9MB

MD5
fc47fa90e66cf6838816fa0a7c83ad70

SHA1
f99b9fbbdac7357ae63acc3f6a0fc915d1dd130b

SHA256
65e670ce1355868079f6fc57660fe9ae8b63c5083942be65aff86ea1e438bbcc

SHA512
9b43e077b1a346636d491bf021e53f3a424498d096b13f6c3e2687d99e42740d10eaac074789b00d31aba8df350f8bc4aefffaf060eeefe2bbe6f6024186c985

Download Submit
C:\Windows\system\yJOtQaa.exe

Filesize
5.9MB

MD5
7e0694fdfae0efd57558620f7d7aec36

SHA1
9bb9647928fc27065537ced6f01e4f8c5e3739de

SHA256
4bee96bd1c864e8c7156e9a6c25d7aaef68e8b8e7476114c36e7582a77dd0ade

SHA512
8bd474cc0a3e6cb1cc873df16cf0d4010a825944ce5041e2816bcad6cd77306bf345fe408c092b04fe1b88484a063d474350e9af5133a3dd9c4caf7d233345d6

Download Submit
C:\Windows\system\yPNBuLj.exe

Filesize
5.9MB

MD5
46477601695e8cb212caca00d93fa4a0

SHA1
191f9ad1be917e855258269d18862a0207fe8b86

SHA256
d9f1c776e21fd6c0349b2ac02159658038bcd7a9c2b67a40a95fc16f76e7b695

SHA512
754bf7b5f479f032787e4d26fae510c27cc0b373165b8c5b06fcaf5f7c0f7a9da82c6e53d70ac48e9887bc769afd63dd1a9b009183c3f9a2e12183ef26515267

Download Submit
C:\Windows\system\yaWYJiV.exe

Filesize
5.9MB

MD5
a2d60d5a30d1b8bd0097f4f8b0ad6fb6

SHA1
3ee55d24924a61deafa80f3a0ab86c1141e80943

SHA256
99a750d052906698b7f347cb8ee1b6fac925ea7c6dc98595ee196ddd31ffd5c6

SHA512
4a6a7769b4b08c99fbf10d61cf56b0ab67e21d8550c11127995e2e18430d8922f82f22f8439bc09dd3b0919b67bc65a6a143cfddfef224c9312a293c60e200cd

Download Submit
C:\Windows\system\yyCsLlu.exe

Filesize
5.9MB

MD5
13045b34cf31ceee2d3704f5a5de2ad7

SHA1
890a90af43758e2778b441da83eadcb9e1b5361b

SHA256
58f3fa33b70c9f0f269811e1e5fb82cee61a4048fbc1d1f7664e79175b463510

SHA512
496c0eebda206f88e1704ddbe88b77f6533a5e9dc74872e822f9656c5237afcfb69bc62c17dd41aa5d0d365f2362a1a22c3294b4732fc6f28de1fc3b47706782

Download Submit
C:\Windows\system\zcGHQOT.exe

Filesize
5.9MB

MD5
ac3bf1ea6b578aa2c47668ce9edc95cc

SHA1
6ad8cd74c7439c917a10ee7a2ddd2726d238c2a7

SHA256
812fa4db73b680836784306ee77effe3d957917a3478dae861d38a9f9cee362d

SHA512
0d2e9d811a4d14f19a106700aedf90067830275a092350ccf634835aa64ced1615ab666172d6f2dad00afdcb143473ea7b30788295a5879f5f10086e3dbe7ec4

Download Submit
\Windows\system\BaYcejy.exe

Filesize
5.9MB

MD5
c8824872f4a103048988b05dd98c3aad

SHA1
28b3adcf463a592752c635592685fd54ad53ce8d

SHA256
c3ab2224ad0311c7c2c422c711c538c6fec7544ba7d44bb0fd7ffbf83f9124ff

SHA512
977b363125802bbcec60736e472f6b0750dd599c824da9db1f59ee332ac3480552075e3c046c64c55c52aa493b8acd5bfc8eb200ebbeb12d720db5f12f5122aa

Download Submit
\Windows\system\ICnXAMg.exe

Filesize
5.9MB

MD5
ae22bd25ea1c1b8ed9e6ba5a2b5318de

SHA1
66af3fb90d3753400b09b88bb3fb57822415a817

SHA256
f4bdb4b4c9e38e7d49f5f2f8a69d750facbdc8b53bbd441dfffc81386500a32d

SHA512
43604072763167a8e143f316e823c5edd9f839cebaa093d687d7441b53ede26077171513f9bb4bfb5afcb70f662f9406b55884c1b054610777bd9998e40d1f5e

Download Submit
\Windows\system\iPNeipN.exe

Filesize
5.9MB

MD5
e8beb52f4946403dd4b0f7d1caa24d7b

SHA1
43735943b870580d5aff3b4fcaf6bdd0a390bd65

SHA256
711607e84d40f6a34066d20388be85bcd970ce65254219a2defa1da089c40b45

SHA512
c5de884f458886fe0d0eaf034aa8c34ca457c3da5cab98b724beaf298bf6eca5119a2d9f755279ecb360403ef1f7184de0ed493433d745b6939fb9c98a072f55

Download Submit
\Windows\system\kqHZorq.exe

Filesize
5.9MB

MD5
68366174f9b6e393dc3d533f94057000

SHA1
9df42e5671844071fc67cef6a1b842aa3533a41f

SHA256
2a64f7bf8821fab55f8c7408ddfa0c24ac58d3a8dec46123880d34f82b2e43f0

SHA512
fcb8ec0870c6e32181d8ffd5c3f10514bce928e2ac0783b5fcf2f538a56983b3ada60b803d952a13ed28117a9e98d158ae6c76d21a354a26644340f10a5f00f1

Download Submit
\Windows\system\nYIQBLV.exe

Filesize
5.9MB

MD5
ee595af788c2ae71834d807b13af1354

SHA1
f50042c7b0a460c9ef06b902841f63879419becc

SHA256
916971bd17b0b77f02b125bdfddf34a4c4b0b8617007f10f4e0749aaa23079b3

SHA512
d849a183077c3c8f71b1c09b6370a1342f3f88ce0c0b4febfd7313010379d711328b1ed9860c4c6619985a7d6aa43e61e7887d656680db1c266de769b1441608

Download Submit
\Windows\system\zaQkgBt.exe

Filesize
5.9MB

MD5
ca13eb195286aac54cd4c62441a62b67

SHA1
c4939f0800306ea449a361f1432515a777c5b906

SHA256
0fb26fdd369341fd87824778bbc38552ff3f97ff22686caca8c5d65dbdd445fc

SHA512
1a6e611e5f0c147b5e48c56b8a3074300e126f55fdc44bfebe1d7d2b4d80914a537feac4208044b42a3bf31c7973059b43b0f19a64d11cc54ea296af176fe3f1

Download Submit
memory/336-37-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/336-3657-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/704-103-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/704-3632-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1300-3623-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1300-136-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2404-90-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3622-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2440-812-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3614-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2440-39-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3653-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-917-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-44-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1069-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-71-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-87-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-86-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2600-135-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-118-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2600-6-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2600-105-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-104-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2600-13-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-29-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2600-20-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-968-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-73-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2600-72-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-55-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2600-969-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-132-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-42-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2600-1070-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-38-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2600-116-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2600-34-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2640-26-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-430-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3662-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3609-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2696-119-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3598-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-252-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-15-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3625-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2800-133-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3621-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2856-117-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download