cobaltstrike | 98860d2ba24dd8af4b0faf913e13f50353663c7334356b51542de33ade094852

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01/02/2025, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0e769544be95c474a0265345811cef90
SHA1

b0b2fb47052ef3ccebc0dbd29b0de3bb19c2aa39
SHA256

98860d2ba24dd8af4b0faf913e13f50353663c7334356b51542de33ade094852
SHA512

6f285e070979d54149726dcf65eddedc2c8f3c91c543e10bb78204e19ff683dc5ecc9061c661dd7bf0f6731879f4616e8514fdb2ed74c82fe5555486c90f9846
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d42-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d46-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbc-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc0-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017021-43.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d40-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d18-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-48.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d17-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc8-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2288-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/memory/2664-8-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d42-9.dat	xmrig
behavioral1/files/0x0008000000016d46-11.dat	xmrig
behavioral1/files/0x0008000000016d4a-18.dat	xmrig
behavioral1/files/0x0007000000016dbc-26.dat	xmrig
behavioral1/files/0x0007000000016dc0-30.dat	xmrig
behavioral1/files/0x0009000000017021-43.dat	xmrig
behavioral1/files/0x00050000000195c0-60.dat	xmrig
behavioral1/files/0x00050000000195f7-67.dat	xmrig
behavioral1/files/0x00050000000195f9-70.dat	xmrig
behavioral1/files/0x00050000000195fd-83.dat	xmrig
behavioral1/files/0x00050000000195fe-88.dat	xmrig
behavioral1/files/0x0005000000019603-100.dat	xmrig
behavioral1/files/0x0005000000019c34-143.dat	xmrig
behavioral1/files/0x0005000000019d40-160.dat	xmrig
behavioral1/memory/2288-873-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2896-872-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2288-924-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/992-951-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2664-2365-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2096-2689-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2288-2805-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2852-2812-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2288-2912-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2288-1274-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2288-940-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/796-939-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2320-931-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2412-923-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1804-916-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1480-909-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2852-901-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2860-894-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2288-888-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2688-887-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2984-880-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2688-3579-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2896-3582-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2984-3581-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2860-3587-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1804-3586-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1480-3585-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2836-3584-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2412-3583-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2664-3580-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2096-3578-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/796-3588-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2320-3597-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/992-3614-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d18-157.dat	xmrig
behavioral1/files/0x0005000000019c50-152.dat	xmrig
behavioral1/files/0x0005000000019c36-147.dat	xmrig
behavioral1/files/0x0005000000019c32-137.dat	xmrig
behavioral1/files/0x0005000000019999-132.dat	xmrig
behavioral1/files/0x00050000000196ed-127.dat	xmrig
behavioral1/files/0x000500000001969b-122.dat	xmrig
behavioral1/files/0x0005000000019659-117.dat	xmrig
behavioral1/files/0x0005000000019615-112.dat	xmrig
behavioral1/files/0x0005000000019605-107.dat	xmrig
behavioral1/files/0x0005000000019601-98.dat	xmrig
behavioral1/files/0x00050000000195ff-92.dat	xmrig
behavioral1/files/0x00050000000195fb-77.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2664	gWuvUDP.exe
2096	NTsrqXV.exe
2836	trHonXy.exe
2896	znyvCat.exe
2984	lRYQVIi.exe
2688	uUKVnmR.exe
2860	PCWBFoQ.exe
2852	TyHBwWg.exe
1480	ZEAINSi.exe
1804	FeXfOhf.exe
2412	wRRpTzi.exe
2320	cxNcoKX.exe
796	vdQShAz.exe
992	kychtSY.exe
1644	EMIblyX.exe
1152	TbHllqg.exe
1692	hZZLOha.exe
2672	meSONSq.exe
2944	WzeKmAK.exe
760	SAoMhoc.exe
1820	VNYbHJo.exe
2468	bRbJwVA.exe
1832	EgbTxbi.exe
1688	zsgeWVG.exe
1824	cFFUhSg.exe
1064	QblIorT.exe
1524	nVdwDwB.exe
2812	IvVXqjz.exe
2020	yPqwqgs.exe
1656	wtaQdue.exe
1060	QkRxNvu.exe
2532	LddbZBB.exe
2668	MwpNLJP.exe
2172	ufXAzgb.exe
2040	dQXvysR.exe
2396	mSGkQuk.exe
1540	VQTsKEp.exe
264	EArjLlO.exe
1236	Ttbbozo.exe
2368	xXtJxfK.exe
3020	AmrfjOv.exe
628	mHGnoiA.exe
2416	ImYrPrj.exe
1088	UqMSaUp.exe
948	OcNunvn.exe
108	OtMeUfg.exe
1980	NNWsaMU.exe
1384	fQpaFGN.exe
1672	szqFZZw.exe
2500	igjjULo.exe
1932	yAZCwbH.exe
2452	WvHCYKq.exe
1108	UcWMzzv.exe
1800	piBPDdE.exe
1468	URKoAmo.exe
3016	FfwLGiV.exe
3036	mrAwpYK.exe
2988	PTdVfom.exe
2968	WMeTwNs.exe
2260	TMniScl.exe
3048	wENQayw.exe
2404	iuDoIEW.exe
1716	VBcPZTL.exe
2908	KxlefKW.exe

Loads dropped DLL 64 IoCs

pid	Process
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2288-0-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/memory/2664-8-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0008000000016d42-9.dat	upx
behavioral1/files/0x0008000000016d46-11.dat	upx
behavioral1/files/0x0008000000016d4a-18.dat	upx
behavioral1/files/0x0007000000016dbc-26.dat	upx
behavioral1/files/0x0007000000016dc0-30.dat	upx
behavioral1/files/0x0009000000017021-43.dat	upx
behavioral1/files/0x00050000000195c0-60.dat	upx
behavioral1/files/0x00050000000195f7-67.dat	upx
behavioral1/files/0x00050000000195f9-70.dat	upx
behavioral1/files/0x00050000000195fd-83.dat	upx
behavioral1/files/0x00050000000195fe-88.dat	upx
behavioral1/files/0x0005000000019603-100.dat	upx
behavioral1/files/0x0005000000019c34-143.dat	upx
behavioral1/files/0x0005000000019d40-160.dat	upx
behavioral1/memory/2896-872-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/992-951-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2664-2365-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2096-2689-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2852-2812-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2288-1274-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/796-939-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2320-931-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2412-923-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1804-916-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1480-909-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2852-901-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2860-894-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2688-887-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2984-880-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2688-3579-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2896-3582-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2984-3581-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2860-3587-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1804-3586-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1480-3585-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2836-3584-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2412-3583-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2664-3580-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2096-3578-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/796-3588-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2320-3597-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/992-3614-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019d18-157.dat	upx
behavioral1/files/0x0005000000019c50-152.dat	upx
behavioral1/files/0x0005000000019c36-147.dat	upx
behavioral1/files/0x0005000000019c32-137.dat	upx
behavioral1/files/0x0005000000019999-132.dat	upx
behavioral1/files/0x00050000000196ed-127.dat	upx
behavioral1/files/0x000500000001969b-122.dat	upx
behavioral1/files/0x0005000000019659-117.dat	upx
behavioral1/files/0x0005000000019615-112.dat	upx
behavioral1/files/0x0005000000019605-107.dat	upx
behavioral1/files/0x0005000000019601-98.dat	upx
behavioral1/files/0x00050000000195ff-92.dat	upx
behavioral1/files/0x00050000000195fb-77.dat	upx
behavioral1/files/0x0005000000019581-57.dat	upx
behavioral1/files/0x000500000001955c-48.dat	upx
behavioral1/files/0x0034000000016d17-52.dat	upx
behavioral1/memory/2836-40-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2096-39-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0007000000016dc8-36.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VsOMdVa.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcZRuIa.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkGBbsV.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJsXkcC.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMEKstn.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIrlOst.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgAilWM.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDyvSga.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgniXQd.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGUmNHk.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEcMEWQ.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TikFiNA.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSvDeHW.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLUVsQp.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsZgucy.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzcRLMF.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbRZcia.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oypxlxA.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYsDave.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McCxuKo.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLAEETj.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztCqgeX.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIwTSOu.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frhlHSH.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMHXyBM.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByBIIar.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLNQrHp.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztKPnJX.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isrwtfn.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFreQue.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKMQXps.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqBLohq.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kheAyOf.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcVkrDq.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCpokQC.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRLlFHu.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTOXvUb.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGvLNRv.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZhcrSU.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgDCeCs.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPwKZUo.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgEhvOb.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piBPDdE.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqzEzRp.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaFQmfB.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNrNqwC.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXIglhy.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRFfjrw.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seYHwPg.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEDVXQT.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlQgEje.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmkcDhI.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FygiHZo.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcFQcwa.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmAMIhn.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyOAqPb.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMnrLaq.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAXnVMl.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYIcPBB.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usRwHDF.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJuyqrL.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcvBqYZ.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKPPJAu.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSoxLzw.exe	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2664	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2288 wrote to memory of 2664	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2288 wrote to memory of 2664	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2288 wrote to memory of 2096	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2288 wrote to memory of 2096	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2288 wrote to memory of 2096	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2288 wrote to memory of 2836	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2288 wrote to memory of 2836	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2288 wrote to memory of 2836	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2288 wrote to memory of 2896	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2288 wrote to memory of 2896	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2288 wrote to memory of 2896	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2288 wrote to memory of 2984	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2288 wrote to memory of 2984	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2288 wrote to memory of 2984	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2288 wrote to memory of 2688	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2288 wrote to memory of 2688	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2288 wrote to memory of 2688	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2288 wrote to memory of 2860	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2288 wrote to memory of 2860	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2288 wrote to memory of 2860	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2288 wrote to memory of 2852	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2288 wrote to memory of 2852	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2288 wrote to memory of 2852	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2288 wrote to memory of 1480	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2288 wrote to memory of 1480	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2288 wrote to memory of 1480	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2288 wrote to memory of 1804	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2288 wrote to memory of 1804	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2288 wrote to memory of 1804	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2288 wrote to memory of 2412	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2288 wrote to memory of 2412	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2288 wrote to memory of 2412	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2288 wrote to memory of 2320	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2288 wrote to memory of 2320	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2288 wrote to memory of 2320	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2288 wrote to memory of 796	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2288 wrote to memory of 796	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2288 wrote to memory of 796	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2288 wrote to memory of 992	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2288 wrote to memory of 992	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2288 wrote to memory of 992	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2288 wrote to memory of 1644	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2288 wrote to memory of 1644	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2288 wrote to memory of 1644	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2288 wrote to memory of 1152	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2288 wrote to memory of 1152	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2288 wrote to memory of 1152	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2288 wrote to memory of 1692	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2288 wrote to memory of 1692	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2288 wrote to memory of 1692	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2288 wrote to memory of 2672	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2288 wrote to memory of 2672	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2288 wrote to memory of 2672	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2288 wrote to memory of 2944	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2288 wrote to memory of 2944	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2288 wrote to memory of 2944	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2288 wrote to memory of 760	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2288 wrote to memory of 760	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2288 wrote to memory of 760	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2288 wrote to memory of 1820	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2288 wrote to memory of 1820	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2288 wrote to memory of 1820	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2288 wrote to memory of 2468	2288	2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_0e769544be95c474a0265345811cef90_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\System\gWuvUDP.exe
  C:\Windows\System\gWuvUDP.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\NTsrqXV.exe
  C:\Windows\System\NTsrqXV.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\trHonXy.exe
  C:\Windows\System\trHonXy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\znyvCat.exe
  C:\Windows\System\znyvCat.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lRYQVIi.exe
  C:\Windows\System\lRYQVIi.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\uUKVnmR.exe
  C:\Windows\System\uUKVnmR.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\PCWBFoQ.exe
  C:\Windows\System\PCWBFoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\TyHBwWg.exe
  C:\Windows\System\TyHBwWg.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ZEAINSi.exe
  C:\Windows\System\ZEAINSi.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\FeXfOhf.exe
  C:\Windows\System\FeXfOhf.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\wRRpTzi.exe
  C:\Windows\System\wRRpTzi.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\cxNcoKX.exe
  C:\Windows\System\cxNcoKX.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\vdQShAz.exe
  C:\Windows\System\vdQShAz.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\kychtSY.exe
  C:\Windows\System\kychtSY.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\EMIblyX.exe
  C:\Windows\System\EMIblyX.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\TbHllqg.exe
  C:\Windows\System\TbHllqg.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\hZZLOha.exe
  C:\Windows\System\hZZLOha.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\meSONSq.exe
  C:\Windows\System\meSONSq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\WzeKmAK.exe
  C:\Windows\System\WzeKmAK.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\SAoMhoc.exe
  C:\Windows\System\SAoMhoc.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\VNYbHJo.exe
  C:\Windows\System\VNYbHJo.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\bRbJwVA.exe
  C:\Windows\System\bRbJwVA.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\EgbTxbi.exe
  C:\Windows\System\EgbTxbi.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\zsgeWVG.exe
  C:\Windows\System\zsgeWVG.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\cFFUhSg.exe
  C:\Windows\System\cFFUhSg.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\QblIorT.exe
  C:\Windows\System\QblIorT.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\nVdwDwB.exe
  C:\Windows\System\nVdwDwB.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\IvVXqjz.exe
  C:\Windows\System\IvVXqjz.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\yPqwqgs.exe
  C:\Windows\System\yPqwqgs.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\wtaQdue.exe
  C:\Windows\System\wtaQdue.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QkRxNvu.exe
  C:\Windows\System\QkRxNvu.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\LddbZBB.exe
  C:\Windows\System\LddbZBB.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\MwpNLJP.exe
  C:\Windows\System\MwpNLJP.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ufXAzgb.exe
  C:\Windows\System\ufXAzgb.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\dQXvysR.exe
  C:\Windows\System\dQXvysR.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\mSGkQuk.exe
  C:\Windows\System\mSGkQuk.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\VQTsKEp.exe
  C:\Windows\System\VQTsKEp.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\EArjLlO.exe
  C:\Windows\System\EArjLlO.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\Ttbbozo.exe
  C:\Windows\System\Ttbbozo.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\xXtJxfK.exe
  C:\Windows\System\xXtJxfK.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\AmrfjOv.exe
  C:\Windows\System\AmrfjOv.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mHGnoiA.exe
  C:\Windows\System\mHGnoiA.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ImYrPrj.exe
  C:\Windows\System\ImYrPrj.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\UqMSaUp.exe
  C:\Windows\System\UqMSaUp.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\OcNunvn.exe
  C:\Windows\System\OcNunvn.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\OtMeUfg.exe
  C:\Windows\System\OtMeUfg.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\NNWsaMU.exe
  C:\Windows\System\NNWsaMU.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\fQpaFGN.exe
  C:\Windows\System\fQpaFGN.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\szqFZZw.exe
  C:\Windows\System\szqFZZw.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\igjjULo.exe
  C:\Windows\System\igjjULo.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\yAZCwbH.exe
  C:\Windows\System\yAZCwbH.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\WvHCYKq.exe
  C:\Windows\System\WvHCYKq.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\UcWMzzv.exe
  C:\Windows\System\UcWMzzv.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\piBPDdE.exe
  C:\Windows\System\piBPDdE.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\URKoAmo.exe
  C:\Windows\System\URKoAmo.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\FfwLGiV.exe
  C:\Windows\System\FfwLGiV.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\mrAwpYK.exe
  C:\Windows\System\mrAwpYK.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\PTdVfom.exe
  C:\Windows\System\PTdVfom.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\WMeTwNs.exe
  C:\Windows\System\WMeTwNs.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\TMniScl.exe
  C:\Windows\System\TMniScl.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\wENQayw.exe
  C:\Windows\System\wENQayw.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\iuDoIEW.exe
  C:\Windows\System\iuDoIEW.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\VBcPZTL.exe
  C:\Windows\System\VBcPZTL.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\KxlefKW.exe
  C:\Windows\System\KxlefKW.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\gqREKsO.exe
  C:\Windows\System\gqREKsO.exe
  2⤵
  PID:2324
- C:\Windows\System\LIMaGZd.exe
  C:\Windows\System\LIMaGZd.exe
  2⤵
  PID:2724
- C:\Windows\System\VSNDvba.exe
  C:\Windows\System\VSNDvba.exe
  2⤵
  PID:2080
- C:\Windows\System\iZbONex.exe
  C:\Windows\System\iZbONex.exe
  2⤵
  PID:2544
- C:\Windows\System\swPRwXA.exe
  C:\Windows\System\swPRwXA.exe
  2⤵
  PID:2952
- C:\Windows\System\raImnAB.exe
  C:\Windows\System\raImnAB.exe
  2⤵
  PID:2644
- C:\Windows\System\CvCiCic.exe
  C:\Windows\System\CvCiCic.exe
  2⤵
  PID:2176
- C:\Windows\System\VnTiTrw.exe
  C:\Windows\System\VnTiTrw.exe
  2⤵
  PID:1168
- C:\Windows\System\FKvorTK.exe
  C:\Windows\System\FKvorTK.exe
  2⤵
  PID:1500
- C:\Windows\System\vLMqpli.exe
  C:\Windows\System\vLMqpli.exe
  2⤵
  PID:636
- C:\Windows\System\jCZNxjX.exe
  C:\Windows\System\jCZNxjX.exe
  2⤵
  PID:2948
- C:\Windows\System\MyuQfXL.exe
  C:\Windows\System\MyuQfXL.exe
  2⤵
  PID:3068
- C:\Windows\System\EYPXzKr.exe
  C:\Windows\System\EYPXzKr.exe
  2⤵
  PID:2232
- C:\Windows\System\FNFdgac.exe
  C:\Windows\System\FNFdgac.exe
  2⤵
  PID:1612
- C:\Windows\System\GYNShtW.exe
  C:\Windows\System\GYNShtW.exe
  2⤵
  PID:1300
- C:\Windows\System\IjOWMNU.exe
  C:\Windows\System\IjOWMNU.exe
  2⤵
  PID:1212
- C:\Windows\System\fLBWtHL.exe
  C:\Windows\System\fLBWtHL.exe
  2⤵
  PID:2012
- C:\Windows\System\gZlboKc.exe
  C:\Windows\System\gZlboKc.exe
  2⤵
  PID:2612
- C:\Windows\System\UalKmNG.exe
  C:\Windows\System\UalKmNG.exe
  2⤵
  PID:2084
- C:\Windows\System\qNUHjDs.exe
  C:\Windows\System\qNUHjDs.exe
  2⤵
  PID:2444
- C:\Windows\System\XImtBWn.exe
  C:\Windows\System\XImtBWn.exe
  2⤵
  PID:2768
- C:\Windows\System\eAVlFMX.exe
  C:\Windows\System\eAVlFMX.exe
  2⤵
  PID:1528
- C:\Windows\System\zOwggHe.exe
  C:\Windows\System\zOwggHe.exe
  2⤵
  PID:2164
- C:\Windows\System\TznSVkQ.exe
  C:\Windows\System\TznSVkQ.exe
  2⤵
  PID:1852
- C:\Windows\System\AwtUptU.exe
  C:\Windows\System\AwtUptU.exe
  2⤵
  PID:1160
- C:\Windows\System\wyqSXWA.exe
  C:\Windows\System\wyqSXWA.exe
  2⤵
  PID:2856
- C:\Windows\System\dEZAdHR.exe
  C:\Windows\System\dEZAdHR.exe
  2⤵
  PID:2420
- C:\Windows\System\wWrbvTH.exe
  C:\Windows\System\wWrbvTH.exe
  2⤵
  PID:1616
- C:\Windows\System\UEZwzPC.exe
  C:\Windows\System\UEZwzPC.exe
  2⤵
  PID:1884
- C:\Windows\System\VCgYydS.exe
  C:\Windows\System\VCgYydS.exe
  2⤵
  PID:1680
- C:\Windows\System\AhOjVEd.exe
  C:\Windows\System\AhOjVEd.exe
  2⤵
  PID:2156
- C:\Windows\System\DeeSfAO.exe
  C:\Windows\System\DeeSfAO.exe
  2⤵
  PID:1768
- C:\Windows\System\JYMRNjK.exe
  C:\Windows\System\JYMRNjK.exe
  2⤵
  PID:1256
- C:\Windows\System\rprqDAA.exe
  C:\Windows\System\rprqDAA.exe
  2⤵
  PID:832
- C:\Windows\System\wxJRyHC.exe
  C:\Windows\System\wxJRyHC.exe
  2⤵
  PID:1784
- C:\Windows\System\csSFiXL.exe
  C:\Windows\System\csSFiXL.exe
  2⤵
  PID:2496
- C:\Windows\System\dbQuwnT.exe
  C:\Windows\System\dbQuwnT.exe
  2⤵
  PID:1576
- C:\Windows\System\oXwvLfC.exe
  C:\Windows\System\oXwvLfC.exe
  2⤵
  PID:1604
- C:\Windows\System\PcflTIO.exe
  C:\Windows\System\PcflTIO.exe
  2⤵
  PID:2408
- C:\Windows\System\vyBPlyz.exe
  C:\Windows\System\vyBPlyz.exe
  2⤵
  PID:2900
- C:\Windows\System\VqzEzRp.exe
  C:\Windows\System\VqzEzRp.exe
  2⤵
  PID:2608
- C:\Windows\System\ZYFIiCO.exe
  C:\Windows\System\ZYFIiCO.exe
  2⤵
  PID:2624
- C:\Windows\System\RxWNgXc.exe
  C:\Windows\System\RxWNgXc.exe
  2⤵
  PID:1508
- C:\Windows\System\lRaPSlX.exe
  C:\Windows\System\lRaPSlX.exe
  2⤵
  PID:1880
- C:\Windows\System\mxsjNyj.exe
  C:\Windows\System\mxsjNyj.exe
  2⤵
  PID:2932
- C:\Windows\System\jlSPNyD.exe
  C:\Windows\System\jlSPNyD.exe
  2⤵
  PID:2788
- C:\Windows\System\etmmmUU.exe
  C:\Windows\System\etmmmUU.exe
  2⤵
  PID:2540
- C:\Windows\System\RkalDZw.exe
  C:\Windows\System\RkalDZw.exe
  2⤵
  PID:2792
- C:\Windows\System\AppPvoC.exe
  C:\Windows\System\AppPvoC.exe
  2⤵
  PID:1032
- C:\Windows\System\cAaYEBz.exe
  C:\Windows\System\cAaYEBz.exe
  2⤵
  PID:2076
- C:\Windows\System\cAFuxuL.exe
  C:\Windows\System\cAFuxuL.exe
  2⤵
  PID:2384
- C:\Windows\System\xFyoJnO.exe
  C:\Windows\System\xFyoJnO.exe
  2⤵
  PID:2992
- C:\Windows\System\sXFwnfd.exe
  C:\Windows\System\sXFwnfd.exe
  2⤵
  PID:1552
- C:\Windows\System\ztCqgeX.exe
  C:\Windows\System\ztCqgeX.exe
  2⤵
  PID:2400
- C:\Windows\System\nSrlBJm.exe
  C:\Windows\System\nSrlBJm.exe
  2⤵
  PID:1760
- C:\Windows\System\ocnHtIn.exe
  C:\Windows\System\ocnHtIn.exe
  2⤵
  PID:1536
- C:\Windows\System\eJVNjGo.exe
  C:\Windows\System\eJVNjGo.exe
  2⤵
  PID:2008
- C:\Windows\System\XVEZpAu.exe
  C:\Windows\System\XVEZpAu.exe
  2⤵
  PID:956
- C:\Windows\System\YqndBYb.exe
  C:\Windows\System\YqndBYb.exe
  2⤵
  PID:2220
- C:\Windows\System\vduCgXX.exe
  C:\Windows\System\vduCgXX.exe
  2⤵
  PID:1752
- C:\Windows\System\pysgYcG.exe
  C:\Windows\System\pysgYcG.exe
  2⤵
  PID:2228
- C:\Windows\System\jlmsaOE.exe
  C:\Windows\System\jlmsaOE.exe
  2⤵
  PID:2848
- C:\Windows\System\MiljRhl.exe
  C:\Windows\System\MiljRhl.exe
  2⤵
  PID:2736
- C:\Windows\System\nycTAqJ.exe
  C:\Windows\System\nycTAqJ.exe
  2⤵
  PID:2692
- C:\Windows\System\sbyDLHV.exe
  C:\Windows\System\sbyDLHV.exe
  2⤵
  PID:2660
- C:\Windows\System\fEwEqEE.exe
  C:\Windows\System\fEwEqEE.exe
  2⤵
  PID:3060
- C:\Windows\System\cMoSLcb.exe
  C:\Windows\System\cMoSLcb.exe
  2⤵
  PID:2824
- C:\Windows\System\rIWiXJY.exe
  C:\Windows\System\rIWiXJY.exe
  2⤵
  PID:1636
- C:\Windows\System\hFvQZXF.exe
  C:\Windows\System\hFvQZXF.exe
  2⤵
  PID:2124
- C:\Windows\System\CIrlOst.exe
  C:\Windows\System\CIrlOst.exe
  2⤵
  PID:1592
- C:\Windows\System\LYXgHSc.exe
  C:\Windows\System\LYXgHSc.exe
  2⤵
  PID:692
- C:\Windows\System\PnDzvFK.exe
  C:\Windows\System\PnDzvFK.exe
  2⤵
  PID:1548
- C:\Windows\System\bcoXgJu.exe
  C:\Windows\System\bcoXgJu.exe
  2⤵
  PID:2280
- C:\Windows\System\kShNdCL.exe
  C:\Windows\System\kShNdCL.exe
  2⤵
  PID:2388
- C:\Windows\System\WZoytXr.exe
  C:\Windows\System\WZoytXr.exe
  2⤵
  PID:2212
- C:\Windows\System\WXQmgrj.exe
  C:\Windows\System\WXQmgrj.exe
  2⤵
  PID:2708
- C:\Windows\System\UqbgyYh.exe
  C:\Windows\System\UqbgyYh.exe
  2⤵
  PID:776
- C:\Windows\System\DnTvWEU.exe
  C:\Windows\System\DnTvWEU.exe
  2⤵
  PID:3084
- C:\Windows\System\BAIuQrG.exe
  C:\Windows\System\BAIuQrG.exe
  2⤵
  PID:3104
- C:\Windows\System\bOJndsy.exe
  C:\Windows\System\bOJndsy.exe
  2⤵
  PID:3124
- C:\Windows\System\lJvvnMC.exe
  C:\Windows\System\lJvvnMC.exe
  2⤵
  PID:3144
- C:\Windows\System\aOoFMkU.exe
  C:\Windows\System\aOoFMkU.exe
  2⤵
  PID:3164
- C:\Windows\System\yYJOgiP.exe
  C:\Windows\System\yYJOgiP.exe
  2⤵
  PID:3184
- C:\Windows\System\HzdEcaE.exe
  C:\Windows\System\HzdEcaE.exe
  2⤵
  PID:3204
- C:\Windows\System\FXzXNPN.exe
  C:\Windows\System\FXzXNPN.exe
  2⤵
  PID:3224
- C:\Windows\System\PAJiBaS.exe
  C:\Windows\System\PAJiBaS.exe
  2⤵
  PID:3244
- C:\Windows\System\qOvGPiq.exe
  C:\Windows\System\qOvGPiq.exe
  2⤵
  PID:3264
- C:\Windows\System\yVSygQr.exe
  C:\Windows\System\yVSygQr.exe
  2⤵
  PID:3284
- C:\Windows\System\wxAaAKJ.exe
  C:\Windows\System\wxAaAKJ.exe
  2⤵
  PID:3304
- C:\Windows\System\CcrBECo.exe
  C:\Windows\System\CcrBECo.exe
  2⤵
  PID:3324
- C:\Windows\System\BGAlBPb.exe
  C:\Windows\System\BGAlBPb.exe
  2⤵
  PID:3344
- C:\Windows\System\sSXsOZD.exe
  C:\Windows\System\sSXsOZD.exe
  2⤵
  PID:3364
- C:\Windows\System\tPzjpYd.exe
  C:\Windows\System\tPzjpYd.exe
  2⤵
  PID:3384
- C:\Windows\System\mfkBCCG.exe
  C:\Windows\System\mfkBCCG.exe
  2⤵
  PID:3404
- C:\Windows\System\WTGKNrv.exe
  C:\Windows\System\WTGKNrv.exe
  2⤵
  PID:3424
- C:\Windows\System\KBvxiRI.exe
  C:\Windows\System\KBvxiRI.exe
  2⤵
  PID:3444
- C:\Windows\System\cCMaSDJ.exe
  C:\Windows\System\cCMaSDJ.exe
  2⤵
  PID:3464
- C:\Windows\System\DPXAsqc.exe
  C:\Windows\System\DPXAsqc.exe
  2⤵
  PID:3484
- C:\Windows\System\nMIsXaR.exe
  C:\Windows\System\nMIsXaR.exe
  2⤵
  PID:3504
- C:\Windows\System\QkFYgDT.exe
  C:\Windows\System\QkFYgDT.exe
  2⤵
  PID:3524
- C:\Windows\System\kQqcwLn.exe
  C:\Windows\System\kQqcwLn.exe
  2⤵
  PID:3544
- C:\Windows\System\tWmlGEm.exe
  C:\Windows\System\tWmlGEm.exe
  2⤵
  PID:3564
- C:\Windows\System\MrFUiQg.exe
  C:\Windows\System\MrFUiQg.exe
  2⤵
  PID:3584
- C:\Windows\System\xrtgRaa.exe
  C:\Windows\System\xrtgRaa.exe
  2⤵
  PID:3604
- C:\Windows\System\vXugqjb.exe
  C:\Windows\System\vXugqjb.exe
  2⤵
  PID:3624
- C:\Windows\System\bOsIAUO.exe
  C:\Windows\System\bOsIAUO.exe
  2⤵
  PID:3644
- C:\Windows\System\VIfTGTn.exe
  C:\Windows\System\VIfTGTn.exe
  2⤵
  PID:3664
- C:\Windows\System\ztJWSYF.exe
  C:\Windows\System\ztJWSYF.exe
  2⤵
  PID:3684
- C:\Windows\System\OoHTQbi.exe
  C:\Windows\System\OoHTQbi.exe
  2⤵
  PID:3704
- C:\Windows\System\WXWZMIV.exe
  C:\Windows\System\WXWZMIV.exe
  2⤵
  PID:3724
- C:\Windows\System\IFAWETb.exe
  C:\Windows\System\IFAWETb.exe
  2⤵
  PID:3744
- C:\Windows\System\CmXofxu.exe
  C:\Windows\System\CmXofxu.exe
  2⤵
  PID:3764
- C:\Windows\System\iwymcHF.exe
  C:\Windows\System\iwymcHF.exe
  2⤵
  PID:3784
- C:\Windows\System\FrZVsZU.exe
  C:\Windows\System\FrZVsZU.exe
  2⤵
  PID:3804
- C:\Windows\System\CnBWfJC.exe
  C:\Windows\System\CnBWfJC.exe
  2⤵
  PID:3824
- C:\Windows\System\hLDsqnG.exe
  C:\Windows\System\hLDsqnG.exe
  2⤵
  PID:3844
- C:\Windows\System\vwRwdBS.exe
  C:\Windows\System\vwRwdBS.exe
  2⤵
  PID:3864
- C:\Windows\System\ihWKrcu.exe
  C:\Windows\System\ihWKrcu.exe
  2⤵
  PID:3884
- C:\Windows\System\gbvQJLJ.exe
  C:\Windows\System\gbvQJLJ.exe
  2⤵
  PID:3904
- C:\Windows\System\vSrfduM.exe
  C:\Windows\System\vSrfduM.exe
  2⤵
  PID:3924
- C:\Windows\System\zotbPyW.exe
  C:\Windows\System\zotbPyW.exe
  2⤵
  PID:3944
- C:\Windows\System\rHzNEkR.exe
  C:\Windows\System\rHzNEkR.exe
  2⤵
  PID:3964
- C:\Windows\System\qjULQfR.exe
  C:\Windows\System\qjULQfR.exe
  2⤵
  PID:3984
- C:\Windows\System\QvoYFBq.exe
  C:\Windows\System\QvoYFBq.exe
  2⤵
  PID:4004
- C:\Windows\System\ObyzCfn.exe
  C:\Windows\System\ObyzCfn.exe
  2⤵
  PID:4024
- C:\Windows\System\VQsWMii.exe
  C:\Windows\System\VQsWMii.exe
  2⤵
  PID:4044
- C:\Windows\System\JIwRoaM.exe
  C:\Windows\System\JIwRoaM.exe
  2⤵
  PID:4064
- C:\Windows\System\UcfwFXP.exe
  C:\Windows\System\UcfwFXP.exe
  2⤵
  PID:4084
- C:\Windows\System\yNOjAUo.exe
  C:\Windows\System\yNOjAUo.exe
  2⤵
  PID:1740
- C:\Windows\System\nqQesAU.exe
  C:\Windows\System\nqQesAU.exe
  2⤵
  PID:2332
- C:\Windows\System\eZCkhdz.exe
  C:\Windows\System\eZCkhdz.exe
  2⤵
  PID:1560
- C:\Windows\System\FzbkFKz.exe
  C:\Windows\System\FzbkFKz.exe
  2⤵
  PID:1416
- C:\Windows\System\quOArAM.exe
  C:\Windows\System\quOArAM.exe
  2⤵
  PID:1244
- C:\Windows\System\xTJtxiB.exe
  C:\Windows\System\xTJtxiB.exe
  2⤵
  PID:1260
- C:\Windows\System\AZCdbhR.exe
  C:\Windows\System\AZCdbhR.exe
  2⤵
  PID:1184
- C:\Windows\System\UOnkAbW.exe
  C:\Windows\System\UOnkAbW.exe
  2⤵
  PID:484
- C:\Windows\System\dHcnszn.exe
  C:\Windows\System\dHcnszn.exe
  2⤵
  PID:3112
- C:\Windows\System\fkqTjrW.exe
  C:\Windows\System\fkqTjrW.exe
  2⤵
  PID:3116
- C:\Windows\System\XKPOZcp.exe
  C:\Windows\System\XKPOZcp.exe
  2⤵
  PID:3180
- C:\Windows\System\oypxlxA.exe
  C:\Windows\System\oypxlxA.exe
  2⤵
  PID:3200
- C:\Windows\System\sGekVTN.exe
  C:\Windows\System\sGekVTN.exe
  2⤵
  PID:3240
- C:\Windows\System\fvMyYBp.exe
  C:\Windows\System\fvMyYBp.exe
  2⤵
  PID:3292
- C:\Windows\System\aduwGbh.exe
  C:\Windows\System\aduwGbh.exe
  2⤵
  PID:3312
- C:\Windows\System\qMIsPfa.exe
  C:\Windows\System\qMIsPfa.exe
  2⤵
  PID:3336
- C:\Windows\System\tgPREIg.exe
  C:\Windows\System\tgPREIg.exe
  2⤵
  PID:3380
- C:\Windows\System\CTuRRpS.exe
  C:\Windows\System\CTuRRpS.exe
  2⤵
  PID:3412
- C:\Windows\System\XoBFPwP.exe
  C:\Windows\System\XoBFPwP.exe
  2⤵
  PID:3436
- C:\Windows\System\lKhLtPR.exe
  C:\Windows\System\lKhLtPR.exe
  2⤵
  PID:3492
- C:\Windows\System\JIdoFNM.exe
  C:\Windows\System\JIdoFNM.exe
  2⤵
  PID:3512
- C:\Windows\System\kFHdQGh.exe
  C:\Windows\System\kFHdQGh.exe
  2⤵
  PID:3536
- C:\Windows\System\POMxkrW.exe
  C:\Windows\System\POMxkrW.exe
  2⤵
  PID:3580
- C:\Windows\System\jthqglR.exe
  C:\Windows\System\jthqglR.exe
  2⤵
  PID:3600
- C:\Windows\System\GmRZyyx.exe
  C:\Windows\System\GmRZyyx.exe
  2⤵
  PID:3640
- C:\Windows\System\sFEDpDV.exe
  C:\Windows\System\sFEDpDV.exe
  2⤵
  PID:3680
- C:\Windows\System\oisNaug.exe
  C:\Windows\System\oisNaug.exe
  2⤵
  PID:3712
- C:\Windows\System\mWNHlmv.exe
  C:\Windows\System\mWNHlmv.exe
  2⤵
  PID:3736
- C:\Windows\System\VlRuYFn.exe
  C:\Windows\System\VlRuYFn.exe
  2⤵
  PID:3780
- C:\Windows\System\JcWLlen.exe
  C:\Windows\System\JcWLlen.exe
  2⤵
  PID:3820
- C:\Windows\System\JlMOQdm.exe
  C:\Windows\System\JlMOQdm.exe
  2⤵
  PID:3836
- C:\Windows\System\NnsfyuF.exe
  C:\Windows\System\NnsfyuF.exe
  2⤵
  PID:3880
- C:\Windows\System\NYHZxKZ.exe
  C:\Windows\System\NYHZxKZ.exe
  2⤵
  PID:3912
- C:\Windows\System\GbueDfV.exe
  C:\Windows\System\GbueDfV.exe
  2⤵
  PID:3936
- C:\Windows\System\cGHqNmG.exe
  C:\Windows\System\cGHqNmG.exe
  2⤵
  PID:3980
- C:\Windows\System\gjVpNuO.exe
  C:\Windows\System\gjVpNuO.exe
  2⤵
  PID:3996
- C:\Windows\System\vbodMUN.exe
  C:\Windows\System\vbodMUN.exe
  2⤵
  PID:4052
- C:\Windows\System\zxvsEAG.exe
  C:\Windows\System\zxvsEAG.exe
  2⤵
  PID:4080
- C:\Windows\System\iHedLWK.exe
  C:\Windows\System\iHedLWK.exe
  2⤵
  PID:1972
- C:\Windows\System\djykHnk.exe
  C:\Windows\System\djykHnk.exe
  2⤵
  PID:2148
- C:\Windows\System\WUKAMgi.exe
  C:\Windows\System\WUKAMgi.exe
  2⤵
  PID:1148
- C:\Windows\System\pkLYQFc.exe
  C:\Windows\System\pkLYQFc.exe
  2⤵
  PID:1600
- C:\Windows\System\oJxpBNM.exe
  C:\Windows\System\oJxpBNM.exe
  2⤵
  PID:2200
- C:\Windows\System\quzSImz.exe
  C:\Windows\System\quzSImz.exe
  2⤵
  PID:3120
- C:\Windows\System\RhfHpgP.exe
  C:\Windows\System\RhfHpgP.exe
  2⤵
  PID:3216
- C:\Windows\System\mlDqswr.exe
  C:\Windows\System\mlDqswr.exe
  2⤵
  PID:3252
- C:\Windows\System\HDZmuZf.exe
  C:\Windows\System\HDZmuZf.exe
  2⤵
  PID:3296
- C:\Windows\System\mPAafxN.exe
  C:\Windows\System\mPAafxN.exe
  2⤵
  PID:3332
- C:\Windows\System\MvlARzD.exe
  C:\Windows\System\MvlARzD.exe
  2⤵
  PID:3432
- C:\Windows\System\tdMuadj.exe
  C:\Windows\System\tdMuadj.exe
  2⤵
  PID:3472
- C:\Windows\System\OMdpXpm.exe
  C:\Windows\System\OMdpXpm.exe
  2⤵
  PID:3516
- C:\Windows\System\mOxhdJD.exe
  C:\Windows\System\mOxhdJD.exe
  2⤵
  PID:3556
- C:\Windows\System\ppAzAXg.exe
  C:\Windows\System\ppAzAXg.exe
  2⤵
  PID:3612
- C:\Windows\System\SijLumx.exe
  C:\Windows\System\SijLumx.exe
  2⤵
  PID:3656
- C:\Windows\System\RlppAAr.exe
  C:\Windows\System\RlppAAr.exe
  2⤵
  PID:3760
- C:\Windows\System\swmzulb.exe
  C:\Windows\System\swmzulb.exe
  2⤵
  PID:3840
- C:\Windows\System\xXrzrit.exe
  C:\Windows\System\xXrzrit.exe
  2⤵
  PID:3860
- C:\Windows\System\jLCdYBW.exe
  C:\Windows\System\jLCdYBW.exe
  2⤵
  PID:3876
- C:\Windows\System\rHuNLQY.exe
  C:\Windows\System\rHuNLQY.exe
  2⤵
  PID:3972
- C:\Windows\System\qGjMGFI.exe
  C:\Windows\System\qGjMGFI.exe
  2⤵
  PID:4036
- C:\Windows\System\SGZGaiB.exe
  C:\Windows\System\SGZGaiB.exe
  2⤵
  PID:4072
- C:\Windows\System\QIzltlt.exe
  C:\Windows\System\QIzltlt.exe
  2⤵
  PID:3004
- C:\Windows\System\yeFVfNO.exe
  C:\Windows\System\yeFVfNO.exe
  2⤵
  PID:2380
- C:\Windows\System\UyGoAoH.exe
  C:\Windows\System\UyGoAoH.exe
  2⤵
  PID:2584
- C:\Windows\System\lzDlPVv.exe
  C:\Windows\System\lzDlPVv.exe
  2⤵
  PID:3140
- C:\Windows\System\CnMHrkr.exe
  C:\Windows\System\CnMHrkr.exe
  2⤵
  PID:3196
- C:\Windows\System\fwVygTG.exe
  C:\Windows\System\fwVygTG.exe
  2⤵
  PID:3340
- C:\Windows\System\VjOMReH.exe
  C:\Windows\System\VjOMReH.exe
  2⤵
  PID:3460
- C:\Windows\System\KQObaZF.exe
  C:\Windows\System\KQObaZF.exe
  2⤵
  PID:3532
- C:\Windows\System\SbJvynV.exe
  C:\Windows\System\SbJvynV.exe
  2⤵
  PID:3652
- C:\Windows\System\bIQuOCp.exe
  C:\Windows\System\bIQuOCp.exe
  2⤵
  PID:3716
- C:\Windows\System\srkFSKg.exe
  C:\Windows\System\srkFSKg.exe
  2⤵
  PID:3792
- C:\Windows\System\VzJBwvr.exe
  C:\Windows\System\VzJBwvr.exe
  2⤵
  PID:3896
- C:\Windows\System\KRoUVJD.exe
  C:\Windows\System\KRoUVJD.exe
  2⤵
  PID:4012
- C:\Windows\System\MDHhvRR.exe
  C:\Windows\System\MDHhvRR.exe
  2⤵
  PID:3064
- C:\Windows\System\UJoTWCg.exe
  C:\Windows\System\UJoTWCg.exe
  2⤵
  PID:2336
- C:\Windows\System\ihOIeiv.exe
  C:\Windows\System\ihOIeiv.exe
  2⤵
  PID:3156
- C:\Windows\System\PrvTgRt.exe
  C:\Windows\System\PrvTgRt.exe
  2⤵
  PID:3260
- C:\Windows\System\fHJMfKV.exe
  C:\Windows\System\fHJMfKV.exe
  2⤵
  PID:3396
- C:\Windows\System\kMroqol.exe
  C:\Windows\System\kMroqol.exe
  2⤵
  PID:3592
- C:\Windows\System\aTFOsuW.exe
  C:\Windows\System\aTFOsuW.exe
  2⤵
  PID:3672
- C:\Windows\System\tVOefcW.exe
  C:\Windows\System\tVOefcW.exe
  2⤵
  PID:3816
- C:\Windows\System\bbBIvGo.exe
  C:\Windows\System\bbBIvGo.exe
  2⤵
  PID:4000
- C:\Windows\System\pJbnoSl.exe
  C:\Windows\System\pJbnoSl.exe
  2⤵
  PID:2572
- C:\Windows\System\tDPJqny.exe
  C:\Windows\System\tDPJqny.exe
  2⤵
  PID:3352
- C:\Windows\System\TikFiNA.exe
  C:\Windows\System\TikFiNA.exe
  2⤵
  PID:3476
- C:\Windows\System\RuTCVjv.exe
  C:\Windows\System\RuTCVjv.exe
  2⤵
  PID:3756
- C:\Windows\System\UzNdReB.exe
  C:\Windows\System\UzNdReB.exe
  2⤵
  PID:4056
- C:\Windows\System\hkQaTFq.exe
  C:\Windows\System\hkQaTFq.exe
  2⤵
  PID:4112
- C:\Windows\System\kRZcQcV.exe
  C:\Windows\System\kRZcQcV.exe
  2⤵
  PID:4128
- C:\Windows\System\rtbcILu.exe
  C:\Windows\System\rtbcILu.exe
  2⤵
  PID:4152
- C:\Windows\System\lXRnvig.exe
  C:\Windows\System\lXRnvig.exe
  2⤵
  PID:4168
- C:\Windows\System\gasNIOK.exe
  C:\Windows\System\gasNIOK.exe
  2⤵
  PID:4184
- C:\Windows\System\cHeAEYf.exe
  C:\Windows\System\cHeAEYf.exe
  2⤵
  PID:4208
- C:\Windows\System\ZAosOKR.exe
  C:\Windows\System\ZAosOKR.exe
  2⤵
  PID:4224
- C:\Windows\System\mslVfzQ.exe
  C:\Windows\System\mslVfzQ.exe
  2⤵
  PID:4240
- C:\Windows\System\uSrdwgc.exe
  C:\Windows\System\uSrdwgc.exe
  2⤵
  PID:4264
- C:\Windows\System\dhHPCCN.exe
  C:\Windows\System\dhHPCCN.exe
  2⤵
  PID:4280
- C:\Windows\System\NbacJmx.exe
  C:\Windows\System\NbacJmx.exe
  2⤵
  PID:4296
- C:\Windows\System\OcXwFDm.exe
  C:\Windows\System\OcXwFDm.exe
  2⤵
  PID:4320
- C:\Windows\System\cxNaCGd.exe
  C:\Windows\System\cxNaCGd.exe
  2⤵
  PID:4336
- C:\Windows\System\KiyxdHC.exe
  C:\Windows\System\KiyxdHC.exe
  2⤵
  PID:4352
- C:\Windows\System\BYksAWF.exe
  C:\Windows\System\BYksAWF.exe
  2⤵
  PID:4376
- C:\Windows\System\VFSJtpf.exe
  C:\Windows\System\VFSJtpf.exe
  2⤵
  PID:4392
- C:\Windows\System\uuNDRfQ.exe
  C:\Windows\System\uuNDRfQ.exe
  2⤵
  PID:4408
- C:\Windows\System\lwjzdME.exe
  C:\Windows\System\lwjzdME.exe
  2⤵
  PID:4424
- C:\Windows\System\bUybquT.exe
  C:\Windows\System\bUybquT.exe
  2⤵
  PID:4456
- C:\Windows\System\anbUaWG.exe
  C:\Windows\System\anbUaWG.exe
  2⤵
  PID:4472
- C:\Windows\System\PGqfyCv.exe
  C:\Windows\System\PGqfyCv.exe
  2⤵
  PID:4488
- C:\Windows\System\XXHjyrC.exe
  C:\Windows\System\XXHjyrC.exe
  2⤵
  PID:4504
- C:\Windows\System\fVDVTFf.exe
  C:\Windows\System\fVDVTFf.exe
  2⤵
  PID:4520
- C:\Windows\System\CKdoFpW.exe
  C:\Windows\System\CKdoFpW.exe
  2⤵
  PID:4536
- C:\Windows\System\gmKzRPB.exe
  C:\Windows\System\gmKzRPB.exe
  2⤵
  PID:4552
- C:\Windows\System\QZzqBGQ.exe
  C:\Windows\System\QZzqBGQ.exe
  2⤵
  PID:4568
- C:\Windows\System\hJtLUOB.exe
  C:\Windows\System\hJtLUOB.exe
  2⤵
  PID:4584
- C:\Windows\System\PKOMsak.exe
  C:\Windows\System\PKOMsak.exe
  2⤵
  PID:4600
- C:\Windows\System\CfwiwFp.exe
  C:\Windows\System\CfwiwFp.exe
  2⤵
  PID:4616
- C:\Windows\System\oHCScmU.exe
  C:\Windows\System\oHCScmU.exe
  2⤵
  PID:4632
- C:\Windows\System\YItvnvu.exe
  C:\Windows\System\YItvnvu.exe
  2⤵
  PID:4648
- C:\Windows\System\MIVWsJY.exe
  C:\Windows\System\MIVWsJY.exe
  2⤵
  PID:4664
- C:\Windows\System\ZkEdaMc.exe
  C:\Windows\System\ZkEdaMc.exe
  2⤵
  PID:4680
- C:\Windows\System\hSZQJzY.exe
  C:\Windows\System\hSZQJzY.exe
  2⤵
  PID:4696
- C:\Windows\System\zRcyoNa.exe
  C:\Windows\System\zRcyoNa.exe
  2⤵
  PID:4712
- C:\Windows\System\yJAZREq.exe
  C:\Windows\System\yJAZREq.exe
  2⤵
  PID:4728
- C:\Windows\System\NUjILqS.exe
  C:\Windows\System\NUjILqS.exe
  2⤵
  PID:4744
- C:\Windows\System\RxkTZXv.exe
  C:\Windows\System\RxkTZXv.exe
  2⤵
  PID:4760
- C:\Windows\System\ApMWcrp.exe
  C:\Windows\System\ApMWcrp.exe
  2⤵
  PID:4776
- C:\Windows\System\rGhEMex.exe
  C:\Windows\System\rGhEMex.exe
  2⤵
  PID:4792
- C:\Windows\System\dKzgJMD.exe
  C:\Windows\System\dKzgJMD.exe
  2⤵
  PID:4808
- C:\Windows\System\UHAQgZQ.exe
  C:\Windows\System\UHAQgZQ.exe
  2⤵
  PID:4824
- C:\Windows\System\TmIDACm.exe
  C:\Windows\System\TmIDACm.exe
  2⤵
  PID:4840
- C:\Windows\System\JccRhJH.exe
  C:\Windows\System\JccRhJH.exe
  2⤵
  PID:4856
- C:\Windows\System\BaCSraA.exe
  C:\Windows\System\BaCSraA.exe
  2⤵
  PID:4872
- C:\Windows\System\fwTTLDp.exe
  C:\Windows\System\fwTTLDp.exe
  2⤵
  PID:4888
- C:\Windows\System\nvEqQCm.exe
  C:\Windows\System\nvEqQCm.exe
  2⤵
  PID:4904
- C:\Windows\System\oaEhVuY.exe
  C:\Windows\System\oaEhVuY.exe
  2⤵
  PID:4920
- C:\Windows\System\CTZEntk.exe
  C:\Windows\System\CTZEntk.exe
  2⤵
  PID:4936
- C:\Windows\System\UQVaRIL.exe
  C:\Windows\System\UQVaRIL.exe
  2⤵
  PID:4952
- C:\Windows\System\IOrJOvM.exe
  C:\Windows\System\IOrJOvM.exe
  2⤵
  PID:4968
- C:\Windows\System\gkBtNiV.exe
  C:\Windows\System\gkBtNiV.exe
  2⤵
  PID:4984
- C:\Windows\System\MrBXZrj.exe
  C:\Windows\System\MrBXZrj.exe
  2⤵
  PID:5000
- C:\Windows\System\NosOknC.exe
  C:\Windows\System\NosOknC.exe
  2⤵
  PID:5016
- C:\Windows\System\qFjVELR.exe
  C:\Windows\System\qFjVELR.exe
  2⤵
  PID:5032
- C:\Windows\System\JbSomNN.exe
  C:\Windows\System\JbSomNN.exe
  2⤵
  PID:5048
- C:\Windows\System\RgBPDWJ.exe
  C:\Windows\System\RgBPDWJ.exe
  2⤵
  PID:5064
- C:\Windows\System\YbBurfF.exe
  C:\Windows\System\YbBurfF.exe
  2⤵
  PID:5080
- C:\Windows\System\OhtGApU.exe
  C:\Windows\System\OhtGApU.exe
  2⤵
  PID:5096
- C:\Windows\System\VlnJWdi.exe
  C:\Windows\System\VlnJWdi.exe
  2⤵
  PID:5112
- C:\Windows\System\kJtOdKy.exe
  C:\Windows\System\kJtOdKy.exe
  2⤵
  PID:3636
- C:\Windows\System\HHmbgiQ.exe
  C:\Windows\System\HHmbgiQ.exe
  2⤵
  PID:3932
- C:\Windows\System\UTABFyL.exe
  C:\Windows\System\UTABFyL.exe
  2⤵
  PID:4140
- C:\Windows\System\ARgUYAb.exe
  C:\Windows\System\ARgUYAb.exe
  2⤵
  PID:4180
- C:\Windows\System\NKapwyu.exe
  C:\Windows\System\NKapwyu.exe
  2⤵
  PID:4220
- C:\Windows\System\UvXFkOP.exe
  C:\Windows\System\UvXFkOP.exe
  2⤵
  PID:4256
- C:\Windows\System\cnTHbIH.exe
  C:\Windows\System\cnTHbIH.exe
  2⤵
  PID:4276
- C:\Windows\System\FFMSAMs.exe
  C:\Windows\System\FFMSAMs.exe
  2⤵
  PID:4316
- C:\Windows\System\DdLMOhE.exe
  C:\Windows\System\DdLMOhE.exe
  2⤵
  PID:4344
- C:\Windows\System\tupyFpY.exe
  C:\Windows\System\tupyFpY.exe
  2⤵
  PID:4432
- C:\Windows\System\CnfUXxb.exe
  C:\Windows\System\CnfUXxb.exe
  2⤵
  PID:4416
- C:\Windows\System\PwqfuBB.exe
  C:\Windows\System\PwqfuBB.exe
  2⤵
  PID:4480
- C:\Windows\System\oCawOon.exe
  C:\Windows\System\oCawOon.exe
  2⤵
  PID:4512
- C:\Windows\System\iOjIPFX.exe
  C:\Windows\System\iOjIPFX.exe
  2⤵
  PID:4544
- C:\Windows\System\ZSxFpPj.exe
  C:\Windows\System\ZSxFpPj.exe
  2⤵
  PID:4564
- C:\Windows\System\dlQgEje.exe
  C:\Windows\System\dlQgEje.exe
  2⤵
  PID:4608
- C:\Windows\System\VCvnFoj.exe
  C:\Windows\System\VCvnFoj.exe
  2⤵
  PID:4640
- C:\Windows\System\KKPPJAu.exe
  C:\Windows\System\KKPPJAu.exe
  2⤵
  PID:4672
- C:\Windows\System\VJhUbaQ.exe
  C:\Windows\System\VJhUbaQ.exe
  2⤵
  PID:4704
- C:\Windows\System\sSPhlDk.exe
  C:\Windows\System\sSPhlDk.exe
  2⤵
  PID:4724
- C:\Windows\System\DZGDRdn.exe
  C:\Windows\System\DZGDRdn.exe
  2⤵
  PID:4768
- C:\Windows\System\dLOHIXL.exe
  C:\Windows\System\dLOHIXL.exe
  2⤵
  PID:4788
- C:\Windows\System\gKMQXps.exe
  C:\Windows\System\gKMQXps.exe
  2⤵
  PID:4832
- C:\Windows\System\vlRnfdk.exe
  C:\Windows\System\vlRnfdk.exe
  2⤵
  PID:4864
- C:\Windows\System\glOSVYo.exe
  C:\Windows\System\glOSVYo.exe
  2⤵
  PID:4900
- C:\Windows\System\dCtHrtU.exe
  C:\Windows\System\dCtHrtU.exe
  2⤵
  PID:4928
- C:\Windows\System\QnoFnUL.exe
  C:\Windows\System\QnoFnUL.exe
  2⤵
  PID:4948
- C:\Windows\System\oUSuznW.exe
  C:\Windows\System\oUSuznW.exe
  2⤵
  PID:4980
- C:\Windows\System\hfyHQds.exe
  C:\Windows\System\hfyHQds.exe
  2⤵
  PID:5008
- C:\Windows\System\OoOmhzE.exe
  C:\Windows\System\OoOmhzE.exe
  2⤵
  PID:5040
- C:\Windows\System\wjddlbi.exe
  C:\Windows\System\wjddlbi.exe
  2⤵
  PID:5072
- C:\Windows\System\XexoWid.exe
  C:\Windows\System\XexoWid.exe
  2⤵
  PID:5104
- C:\Windows\System\exAppAc.exe
  C:\Windows\System\exAppAc.exe
  2⤵
  PID:3440
- C:\Windows\System\uhAvdhU.exe
  C:\Windows\System\uhAvdhU.exe
  2⤵
  PID:4176
- C:\Windows\System\HbQOkxA.exe
  C:\Windows\System\HbQOkxA.exe
  2⤵
  PID:4232
- C:\Windows\System\IqJxTtv.exe
  C:\Windows\System\IqJxTtv.exe
  2⤵
  PID:4328
- C:\Windows\System\NMmNAcq.exe
  C:\Windows\System\NMmNAcq.exe
  2⤵
  PID:4400
- C:\Windows\System\OvVLAVh.exe
  C:\Windows\System\OvVLAVh.exe
  2⤵
  PID:4464
- C:\Windows\System\eyaHJmG.exe
  C:\Windows\System\eyaHJmG.exe
  2⤵
  PID:2720
- C:\Windows\System\qBwgEeB.exe
  C:\Windows\System\qBwgEeB.exe
  2⤵
  PID:4532
- C:\Windows\System\zZyfxCF.exe
  C:\Windows\System\zZyfxCF.exe
  2⤵
  PID:4628
- C:\Windows\System\iqwNwHy.exe
  C:\Windows\System\iqwNwHy.exe
  2⤵
  PID:4692
- C:\Windows\System\ItBwREM.exe
  C:\Windows\System\ItBwREM.exe
  2⤵
  PID:4756
- C:\Windows\System\WREPVZh.exe
  C:\Windows\System\WREPVZh.exe
  2⤵
  PID:4820
- C:\Windows\System\hyVFfGW.exe
  C:\Windows\System\hyVFfGW.exe
  2⤵
  PID:4852
- C:\Windows\System\xKENdbL.exe
  C:\Windows\System\xKENdbL.exe
  2⤵
  PID:4916
- C:\Windows\System\KevdltA.exe
  C:\Windows\System\KevdltA.exe
  2⤵
  PID:2700
- C:\Windows\System\CBnwkiO.exe
  C:\Windows\System\CBnwkiO.exe
  2⤵
  PID:5044
- C:\Windows\System\POycQNi.exe
  C:\Windows\System\POycQNi.exe
  2⤵
  PID:3092
- C:\Windows\System\WZjYatS.exe
  C:\Windows\System\WZjYatS.exe
  2⤵
  PID:2716
- C:\Windows\System\kOdfZBy.exe
  C:\Windows\System\kOdfZBy.exe
  2⤵
  PID:4288
- C:\Windows\System\qhBEWmr.exe
  C:\Windows\System\qhBEWmr.exe
  2⤵
  PID:4496
- C:\Windows\System\rEHtMqF.exe
  C:\Windows\System\rEHtMqF.exe
  2⤵
  PID:4500
- C:\Windows\System\aubWiTc.exe
  C:\Windows\System\aubWiTc.exe
  2⤵
  PID:4624
- C:\Windows\System\zLbIOKU.exe
  C:\Windows\System\zLbIOKU.exe
  2⤵
  PID:4660
- C:\Windows\System\mAkqngZ.exe
  C:\Windows\System\mAkqngZ.exe
  2⤵
  PID:4896
- C:\Windows\System\gjtqkDF.exe
  C:\Windows\System\gjtqkDF.exe
  2⤵
  PID:4960
- C:\Windows\System\juLGTYu.exe
  C:\Windows\System\juLGTYu.exe
  2⤵
  PID:5024
- C:\Windows\System\iYLErMl.exe
  C:\Windows\System\iYLErMl.exe
  2⤵
  PID:4216
- C:\Windows\System\ZsCLQDk.exe
  C:\Windows\System\ZsCLQDk.exe
  2⤵
  PID:2732
- C:\Windows\System\QYkPWWH.exe
  C:\Windows\System\QYkPWWH.exe
  2⤵
  PID:4720
- C:\Windows\System\anwNAyN.exe
  C:\Windows\System\anwNAyN.exe
  2⤵
  PID:2980
- C:\Windows\System\AddIjsW.exe
  C:\Windows\System\AddIjsW.exe
  2⤵
  PID:2580
- C:\Windows\System\bBNgkmr.exe
  C:\Windows\System\bBNgkmr.exe
  2⤵
  PID:3940
- C:\Windows\System\iKHGchQ.exe
  C:\Windows\System\iKHGchQ.exe
  2⤵
  PID:5124
- C:\Windows\System\QqfTQCz.exe
  C:\Windows\System\QqfTQCz.exe
  2⤵
  PID:5140
- C:\Windows\System\BBcaEDg.exe
  C:\Windows\System\BBcaEDg.exe
  2⤵
  PID:5156
- C:\Windows\System\wVcnYPf.exe
  C:\Windows\System\wVcnYPf.exe
  2⤵
  PID:5172
- C:\Windows\System\uFZVzGr.exe
  C:\Windows\System\uFZVzGr.exe
  2⤵
  PID:5188
- C:\Windows\System\LLIyNIP.exe
  C:\Windows\System\LLIyNIP.exe
  2⤵
  PID:5204
- C:\Windows\System\drrCryW.exe
  C:\Windows\System\drrCryW.exe
  2⤵
  PID:5220
- C:\Windows\System\uDktsFV.exe
  C:\Windows\System\uDktsFV.exe
  2⤵
  PID:5236
- C:\Windows\System\AHWegzc.exe
  C:\Windows\System\AHWegzc.exe
  2⤵
  PID:5252
- C:\Windows\System\XldBich.exe
  C:\Windows\System\XldBich.exe
  2⤵
  PID:5268
- C:\Windows\System\cPDaPHW.exe
  C:\Windows\System\cPDaPHW.exe
  2⤵
  PID:5284
- C:\Windows\System\zGHslMQ.exe
  C:\Windows\System\zGHslMQ.exe
  2⤵
  PID:5300
- C:\Windows\System\EmvvkPz.exe
  C:\Windows\System\EmvvkPz.exe
  2⤵
  PID:5316
- C:\Windows\System\fGLohxT.exe
  C:\Windows\System\fGLohxT.exe
  2⤵
  PID:5332
- C:\Windows\System\wMQqzte.exe
  C:\Windows\System\wMQqzte.exe
  2⤵
  PID:5348
- C:\Windows\System\NyiSzSd.exe
  C:\Windows\System\NyiSzSd.exe
  2⤵
  PID:5364
- C:\Windows\System\ciSnFGQ.exe
  C:\Windows\System\ciSnFGQ.exe
  2⤵
  PID:5380
- C:\Windows\System\jESLYDz.exe
  C:\Windows\System\jESLYDz.exe
  2⤵
  PID:5396
- C:\Windows\System\vPcKaTi.exe
  C:\Windows\System\vPcKaTi.exe
  2⤵
  PID:5412
- C:\Windows\System\aqbIGNw.exe
  C:\Windows\System\aqbIGNw.exe
  2⤵
  PID:5428
- C:\Windows\System\uYxtAmO.exe
  C:\Windows\System\uYxtAmO.exe
  2⤵
  PID:5444
- C:\Windows\System\jQyJrmT.exe
  C:\Windows\System\jQyJrmT.exe
  2⤵
  PID:5460
- C:\Windows\System\hzKURgQ.exe
  C:\Windows\System\hzKURgQ.exe
  2⤵
  PID:5476
- C:\Windows\System\Zvldrzf.exe
  C:\Windows\System\Zvldrzf.exe
  2⤵
  PID:5492
- C:\Windows\System\NuGxFPn.exe
  C:\Windows\System\NuGxFPn.exe
  2⤵
  PID:5508
- C:\Windows\System\syBYrNL.exe
  C:\Windows\System\syBYrNL.exe
  2⤵
  PID:5524
- C:\Windows\System\zaPDWWT.exe
  C:\Windows\System\zaPDWWT.exe
  2⤵
  PID:5540
- C:\Windows\System\WtYvzlX.exe
  C:\Windows\System\WtYvzlX.exe
  2⤵
  PID:5556
- C:\Windows\System\OErJRRe.exe
  C:\Windows\System\OErJRRe.exe
  2⤵
  PID:5572
- C:\Windows\System\IVqxWlt.exe
  C:\Windows\System\IVqxWlt.exe
  2⤵
  PID:5588
- C:\Windows\System\WBtXIpN.exe
  C:\Windows\System\WBtXIpN.exe
  2⤵
  PID:5604
- C:\Windows\System\DrOHbsF.exe
  C:\Windows\System\DrOHbsF.exe
  2⤵
  PID:5624
- C:\Windows\System\GtkTzkp.exe
  C:\Windows\System\GtkTzkp.exe
  2⤵
  PID:5640
- C:\Windows\System\CEkCJuP.exe
  C:\Windows\System\CEkCJuP.exe
  2⤵
  PID:5656
- C:\Windows\System\kfMUBaH.exe
  C:\Windows\System\kfMUBaH.exe
  2⤵
  PID:5672
- C:\Windows\System\XgZfnyc.exe
  C:\Windows\System\XgZfnyc.exe
  2⤵
  PID:5688
- C:\Windows\System\zuWedIJ.exe
  C:\Windows\System\zuWedIJ.exe
  2⤵
  PID:5704
- C:\Windows\System\jfoCEIt.exe
  C:\Windows\System\jfoCEIt.exe
  2⤵
  PID:5720
- C:\Windows\System\tmkYUgo.exe
  C:\Windows\System\tmkYUgo.exe
  2⤵
  PID:5736
- C:\Windows\System\QOZVuKE.exe
  C:\Windows\System\QOZVuKE.exe
  2⤵
  PID:5752
- C:\Windows\System\QgZIwMC.exe
  C:\Windows\System\QgZIwMC.exe
  2⤵
  PID:5768
- C:\Windows\System\BsWmiSJ.exe
  C:\Windows\System\BsWmiSJ.exe
  2⤵
  PID:5784
- C:\Windows\System\NRwIRnP.exe
  C:\Windows\System\NRwIRnP.exe
  2⤵
  PID:5800
- C:\Windows\System\LWkSDsX.exe
  C:\Windows\System\LWkSDsX.exe
  2⤵
  PID:5884
- C:\Windows\System\gKZLIKy.exe
  C:\Windows\System\gKZLIKy.exe
  2⤵
  PID:5904
- C:\Windows\System\ljUKzFM.exe
  C:\Windows\System\ljUKzFM.exe
  2⤵
  PID:6036
- C:\Windows\System\RuDtLhN.exe
  C:\Windows\System\RuDtLhN.exe
  2⤵
  PID:6052
- C:\Windows\System\RDBBhSi.exe
  C:\Windows\System\RDBBhSi.exe
  2⤵
  PID:6068
- C:\Windows\System\oJuCzEd.exe
  C:\Windows\System\oJuCzEd.exe
  2⤵
  PID:6084
- C:\Windows\System\qLNXRqy.exe
  C:\Windows\System\qLNXRqy.exe
  2⤵
  PID:6100
- C:\Windows\System\qudOSOv.exe
  C:\Windows\System\qudOSOv.exe
  2⤵
  PID:6116
- C:\Windows\System\wmGsbPM.exe
  C:\Windows\System\wmGsbPM.exe
  2⤵
  PID:6132
- C:\Windows\System\qRnjZeW.exe
  C:\Windows\System\qRnjZeW.exe
  2⤵
  PID:2588
- C:\Windows\System\ajYTbno.exe
  C:\Windows\System\ajYTbno.exe
  2⤵
  PID:4800
- C:\Windows\System\RPbaHOL.exe
  C:\Windows\System\RPbaHOL.exe
  2⤵
  PID:4136
- C:\Windows\System\RJVUtxe.exe
  C:\Windows\System\RJVUtxe.exe
  2⤵
  PID:5132
- C:\Windows\System\MONhwpy.exe
  C:\Windows\System\MONhwpy.exe
  2⤵
  PID:664
- C:\Windows\System\PoMoJgn.exe
  C:\Windows\System\PoMoJgn.exe
  2⤵
  PID:5212
- C:\Windows\System\zzBdyux.exe
  C:\Windows\System\zzBdyux.exe
  2⤵
  PID:5216
- C:\Windows\System\gwdGaBU.exe
  C:\Windows\System\gwdGaBU.exe
  2⤵
  PID:5260
- C:\Windows\System\QCoEnwe.exe
  C:\Windows\System\QCoEnwe.exe
  2⤵
  PID:5292
- C:\Windows\System\nCDRhvQ.exe
  C:\Windows\System\nCDRhvQ.exe
  2⤵
  PID:5324
- C:\Windows\System\lvNiSMO.exe
  C:\Windows\System\lvNiSMO.exe
  2⤵
  PID:332
- C:\Windows\System\CaVRdZQ.exe
  C:\Windows\System\CaVRdZQ.exe
  2⤵
  PID:5372
- C:\Windows\System\zmhGhNU.exe
  C:\Windows\System\zmhGhNU.exe
  2⤵
  PID:2964
- C:\Windows\System\ahicEBb.exe
  C:\Windows\System\ahicEBb.exe
  2⤵
  PID:5408
- C:\Windows\System\eLNMift.exe
  C:\Windows\System\eLNMift.exe
  2⤵
  PID:5424
- C:\Windows\System\ebQdcWl.exe
  C:\Windows\System\ebQdcWl.exe
  2⤵
  PID:5456
- C:\Windows\System\slTjqBg.exe
  C:\Windows\System\slTjqBg.exe
  2⤵
  PID:5500
- C:\Windows\System\diqrrrl.exe
  C:\Windows\System\diqrrrl.exe
  2⤵
  PID:5520
- C:\Windows\System\ByHgcNP.exe
  C:\Windows\System\ByHgcNP.exe
  2⤵
  PID:5564
- C:\Windows\System\wSHDQth.exe
  C:\Windows\System\wSHDQth.exe
  2⤵
  PID:5568
- C:\Windows\System\twsDIve.exe
  C:\Windows\System\twsDIve.exe
  2⤵
  PID:1036
- C:\Windows\System\KSYbCbS.exe
  C:\Windows\System\KSYbCbS.exe
  2⤵
  PID:5632
- C:\Windows\System\PcZRuIa.exe
  C:\Windows\System\PcZRuIa.exe
  2⤵
  PID:2740
- C:\Windows\System\OaBJyox.exe
  C:\Windows\System\OaBJyox.exe
  2⤵
  PID:5668
- C:\Windows\System\VqmRAFH.exe
  C:\Windows\System\VqmRAFH.exe
  2⤵
  PID:5684
- C:\Windows\System\fIwlgtl.exe
  C:\Windows\System\fIwlgtl.exe
  2⤵
  PID:5728
- C:\Windows\System\igvXhvY.exe
  C:\Windows\System\igvXhvY.exe
  2⤵
  PID:5748
- C:\Windows\System\aNfpADF.exe
  C:\Windows\System\aNfpADF.exe
  2⤵
  PID:5776
- C:\Windows\System\XsIjqSG.exe
  C:\Windows\System\XsIjqSG.exe
  2⤵
  PID:2940
- C:\Windows\System\qiIlimo.exe
  C:\Windows\System\qiIlimo.exe
  2⤵
  PID:5808
- C:\Windows\System\SVxOogF.exe
  C:\Windows\System\SVxOogF.exe
  2⤵
  PID:1736
- C:\Windows\System\PgAPwge.exe
  C:\Windows\System\PgAPwge.exe
  2⤵
  PID:3960
- C:\Windows\System\hkqUHxZ.exe
  C:\Windows\System\hkqUHxZ.exe
  2⤵
  PID:4016
- C:\Windows\System\VIWknjq.exe
  C:\Windows\System\VIWknjq.exe
  2⤵
  PID:1712
- C:\Windows\System\grAdNTt.exe
  C:\Windows\System\grAdNTt.exe
  2⤵
  PID:4364
- C:\Windows\System\pSvDeHW.exe
  C:\Windows\System\pSvDeHW.exe
  2⤵
  PID:3280
- C:\Windows\System\IaSnOHt.exe
  C:\Windows\System\IaSnOHt.exe
  2⤵
  PID:4252
- C:\Windows\System\FeQiPQS.exe
  C:\Windows\System\FeQiPQS.exe
  2⤵
  PID:4308
- C:\Windows\System\eGMjsCT.exe
  C:\Windows\System\eGMjsCT.exe
  2⤵
  PID:2928
- C:\Windows\System\bopgczv.exe
  C:\Windows\System\bopgczv.exe
  2⤵
  PID:5912
- C:\Windows\System\FNnRnxh.exe
  C:\Windows\System\FNnRnxh.exe
  2⤵
  PID:5920
- C:\Windows\System\kVtkNAN.exe
  C:\Windows\System\kVtkNAN.exe
  2⤵
  PID:5936
- C:\Windows\System\StJlgzK.exe
  C:\Windows\System\StJlgzK.exe
  2⤵
  PID:5952
- C:\Windows\System\wgKSoZW.exe
  C:\Windows\System\wgKSoZW.exe
  2⤵
  PID:5964
- C:\Windows\System\wIZQHNg.exe
  C:\Windows\System\wIZQHNg.exe
  2⤵
  PID:5980
- C:\Windows\System\OzRuEOD.exe
  C:\Windows\System\OzRuEOD.exe
  2⤵
  PID:6020
- C:\Windows\System\CEXqRFe.exe
  C:\Windows\System\CEXqRFe.exe
  2⤵
  PID:6004
- C:\Windows\System\JowJgHX.exe
  C:\Windows\System\JowJgHX.exe
  2⤵
  PID:6032
- C:\Windows\System\KQJpdZk.exe
  C:\Windows\System\KQJpdZk.exe
  2⤵
  PID:6048
- C:\Windows\System\yagIgnK.exe
  C:\Windows\System\yagIgnK.exe
  2⤵
  PID:4596
- C:\Windows\System\eQCcEnw.exe
  C:\Windows\System\eQCcEnw.exe
  2⤵
  PID:5180
- C:\Windows\System\LXtrXlm.exe
  C:\Windows\System\LXtrXlm.exe
  2⤵
  PID:5276
- C:\Windows\System\EugOoNN.exe
  C:\Windows\System\EugOoNN.exe
  2⤵
  PID:536
- C:\Windows\System\ELBcILY.exe
  C:\Windows\System\ELBcILY.exe
  2⤵
  PID:2648
- C:\Windows\System\DyeqAdS.exe
  C:\Windows\System\DyeqAdS.exe
  2⤵
  PID:6060
- C:\Windows\System\gKTRSnr.exe
  C:\Windows\System\gKTRSnr.exe
  2⤵
  PID:572
- C:\Windows\System\XmfQgZm.exe
  C:\Windows\System\XmfQgZm.exe
  2⤵
  PID:5148
- C:\Windows\System\YiRyLDT.exe
  C:\Windows\System\YiRyLDT.exe
  2⤵
  PID:4688
- C:\Windows\System\iPGWiaL.exe
  C:\Windows\System\iPGWiaL.exe
  2⤵
  PID:1584
- C:\Windows\System\ImhzCAP.exe
  C:\Windows\System\ImhzCAP.exe
  2⤵
  PID:5636
- C:\Windows\System\JGCsmnP.exe
  C:\Windows\System\JGCsmnP.exe
  2⤵
  PID:5552
- C:\Windows\System\LtxUPuv.exe
  C:\Windows\System\LtxUPuv.exe
  2⤵
  PID:5700
- C:\Windows\System\RzviZuQ.exe
  C:\Windows\System\RzviZuQ.exe
  2⤵
  PID:1580
- C:\Windows\System\oBWfqRu.exe
  C:\Windows\System\oBWfqRu.exe
  2⤵
  PID:5764
- C:\Windows\System\LjdTxlP.exe
  C:\Windows\System\LjdTxlP.exe
  2⤵
  PID:4144
- C:\Windows\System\JWGnGwC.exe
  C:\Windows\System\JWGnGwC.exe
  2⤵
  PID:2448
- C:\Windows\System\WWXwtlb.exe
  C:\Windows\System\WWXwtlb.exe
  2⤵
  PID:2796
- C:\Windows\System\hvArFVb.exe
  C:\Windows\System\hvArFVb.exe
  2⤵
  PID:1648
- C:\Windows\System\bbJnqHQ.exe
  C:\Windows\System\bbJnqHQ.exe
  2⤵
  PID:5944
- C:\Windows\System\MecLeuI.exe
  C:\Windows\System\MecLeuI.exe
  2⤵
  PID:5972
- C:\Windows\System\hrdzTUN.exe
  C:\Windows\System\hrdzTUN.exe
  2⤵
  PID:6008
- C:\Windows\System\aXFxegn.exe
  C:\Windows\System\aXFxegn.exe
  2⤵
  PID:6044
- C:\Windows\System\eUXygAh.exe
  C:\Windows\System\eUXygAh.exe
  2⤵
  PID:6112
- C:\Windows\System\rXjDcEp.exe
  C:\Windows\System\rXjDcEp.exe
  2⤵
  PID:5328
- C:\Windows\System\RZVfXBA.exe
  C:\Windows\System\RZVfXBA.exe
  2⤵
  PID:5440
- C:\Windows\System\msjLcXZ.exe
  C:\Windows\System\msjLcXZ.exe
  2⤵
  PID:2264
- C:\Windows\System\bwnqXeG.exe
  C:\Windows\System\bwnqXeG.exe
  2⤵
  PID:5312
- C:\Windows\System\qsHXyyX.exe
  C:\Windows\System\qsHXyyX.exe
  2⤵
  PID:5516
- C:\Windows\System\FqBLohq.exe
  C:\Windows\System\FqBLohq.exe
  2⤵
  PID:2616
- C:\Windows\System\bcDvKhR.exe
  C:\Windows\System\bcDvKhR.exe
  2⤵
  PID:5664
- C:\Windows\System\ohGzfqd.exe
  C:\Windows\System\ohGzfqd.exe
  2⤵
  PID:1812
- C:\Windows\System\aYsDave.exe
  C:\Windows\System\aYsDave.exe
  2⤵
  PID:2052
- C:\Windows\System\QjLuDoW.exe
  C:\Windows\System\QjLuDoW.exe
  2⤵
  PID:1052
- C:\Windows\System\LmISmnS.exe
  C:\Windows\System\LmISmnS.exe
  2⤵
  PID:1660
- C:\Windows\System\xnMMlzu.exe
  C:\Windows\System\xnMMlzu.exe
  2⤵
  PID:6012
- C:\Windows\System\DvhtAUb.exe
  C:\Windows\System\DvhtAUb.exe
  2⤵
  PID:5960
- C:\Windows\System\vxuJRjV.exe
  C:\Windows\System\vxuJRjV.exe
  2⤵
  PID:4360
- C:\Windows\System\MtzCUgt.exe
  C:\Windows\System\MtzCUgt.exe
  2⤵
  PID:5420
- C:\Windows\System\WznYXlT.exe
  C:\Windows\System\WznYXlT.exe
  2⤵
  PID:6124
- C:\Windows\System\VdUUkny.exe
  C:\Windows\System\VdUUkny.exe
  2⤵
  PID:6152
- C:\Windows\System\PHbjlCD.exe
  C:\Windows\System\PHbjlCD.exe
  2⤵
  PID:6168
- C:\Windows\System\YDaKhTi.exe
  C:\Windows\System\YDaKhTi.exe
  2⤵
  PID:6184
- C:\Windows\System\RMiWgyb.exe
  C:\Windows\System\RMiWgyb.exe
  2⤵
  PID:6200
- C:\Windows\System\RxLEwzY.exe
  C:\Windows\System\RxLEwzY.exe
  2⤵
  PID:6224
- C:\Windows\System\lkIXNjE.exe
  C:\Windows\System\lkIXNjE.exe
  2⤵
  PID:6256
- C:\Windows\System\bpZuYgy.exe
  C:\Windows\System\bpZuYgy.exe
  2⤵
  PID:6272
- C:\Windows\System\qMVNYLU.exe
  C:\Windows\System\qMVNYLU.exe
  2⤵
  PID:6288
- C:\Windows\System\eShiZov.exe
  C:\Windows\System\eShiZov.exe
  2⤵
  PID:6308
- C:\Windows\System\vputKYZ.exe
  C:\Windows\System\vputKYZ.exe
  2⤵
  PID:6324
- C:\Windows\System\pqEsgqJ.exe
  C:\Windows\System\pqEsgqJ.exe
  2⤵
  PID:6340
- C:\Windows\System\XxGxwHN.exe
  C:\Windows\System\XxGxwHN.exe
  2⤵
  PID:6356
- C:\Windows\System\aMMfShB.exe
  C:\Windows\System\aMMfShB.exe
  2⤵
  PID:6372
- C:\Windows\System\HzDQBBn.exe
  C:\Windows\System\HzDQBBn.exe
  2⤵
  PID:6388
- C:\Windows\System\SmHsSyJ.exe
  C:\Windows\System\SmHsSyJ.exe
  2⤵
  PID:6420
- C:\Windows\System\hckDHig.exe
  C:\Windows\System\hckDHig.exe
  2⤵
  PID:6436
- C:\Windows\System\wYNPwLD.exe
  C:\Windows\System\wYNPwLD.exe
  2⤵
  PID:6452
- C:\Windows\System\ioSqdmJ.exe
  C:\Windows\System\ioSqdmJ.exe
  2⤵
  PID:6468
- C:\Windows\System\ryTgvks.exe
  C:\Windows\System\ryTgvks.exe
  2⤵
  PID:6484
- C:\Windows\System\eZxGPyF.exe
  C:\Windows\System\eZxGPyF.exe
  2⤵
  PID:6504
- C:\Windows\System\cjVgWoz.exe
  C:\Windows\System\cjVgWoz.exe
  2⤵
  PID:6524
- C:\Windows\System\NNrnsbJ.exe
  C:\Windows\System\NNrnsbJ.exe
  2⤵
  PID:6540
- C:\Windows\System\KuUDjJY.exe
  C:\Windows\System\KuUDjJY.exe
  2⤵
  PID:6556
- C:\Windows\System\GKGlFKT.exe
  C:\Windows\System\GKGlFKT.exe
  2⤵
  PID:6572
- C:\Windows\System\trkCmfB.exe
  C:\Windows\System\trkCmfB.exe
  2⤵
  PID:6596
- C:\Windows\System\DUEExjq.exe
  C:\Windows\System\DUEExjq.exe
  2⤵
  PID:6640
- C:\Windows\System\WVjXPjt.exe
  C:\Windows\System\WVjXPjt.exe
  2⤵
  PID:6660
- C:\Windows\System\vGnPWga.exe
  C:\Windows\System\vGnPWga.exe
  2⤵
  PID:6676
- C:\Windows\System\hqjsQzX.exe
  C:\Windows\System\hqjsQzX.exe
  2⤵
  PID:6692
- C:\Windows\System\SASqixl.exe
  C:\Windows\System\SASqixl.exe
  2⤵
  PID:6708
- C:\Windows\System\LFvwjst.exe
  C:\Windows\System\LFvwjst.exe
  2⤵
  PID:6724
- C:\Windows\System\HYfZPWK.exe
  C:\Windows\System\HYfZPWK.exe
  2⤵
  PID:6740
- C:\Windows\System\ixlhgXx.exe
  C:\Windows\System\ixlhgXx.exe
  2⤵
  PID:6756
- C:\Windows\System\TEyazvI.exe
  C:\Windows\System\TEyazvI.exe
  2⤵
  PID:6772
- C:\Windows\System\BtqWnmv.exe
  C:\Windows\System\BtqWnmv.exe
  2⤵
  PID:6792
- C:\Windows\System\MOrpvgT.exe
  C:\Windows\System\MOrpvgT.exe
  2⤵
  PID:6808
- C:\Windows\System\NAkKgUs.exe
  C:\Windows\System\NAkKgUs.exe
  2⤵
  PID:6824
- C:\Windows\System\KlQYckB.exe
  C:\Windows\System\KlQYckB.exe
  2⤵
  PID:6840
- C:\Windows\System\krXRGHb.exe
  C:\Windows\System\krXRGHb.exe
  2⤵
  PID:6856
- C:\Windows\System\cyBBUag.exe
  C:\Windows\System\cyBBUag.exe
  2⤵
  PID:6872
- C:\Windows\System\IwgPTJF.exe
  C:\Windows\System\IwgPTJF.exe
  2⤵
  PID:6888
- C:\Windows\System\bjTagKS.exe
  C:\Windows\System\bjTagKS.exe
  2⤵
  PID:6904
- C:\Windows\System\GlqZFvk.exe
  C:\Windows\System\GlqZFvk.exe
  2⤵
  PID:6920
- C:\Windows\System\CHZRkxp.exe
  C:\Windows\System\CHZRkxp.exe
  2⤵
  PID:6936
- C:\Windows\System\qaFQmfB.exe
  C:\Windows\System\qaFQmfB.exe
  2⤵
  PID:6952
- C:\Windows\System\wYrjowp.exe
  C:\Windows\System\wYrjowp.exe
  2⤵
  PID:6968
- C:\Windows\System\ssQHafs.exe
  C:\Windows\System\ssQHafs.exe
  2⤵
  PID:6984
- C:\Windows\System\wKEfUTM.exe
  C:\Windows\System\wKEfUTM.exe
  2⤵
  PID:7000
- C:\Windows\System\OXnysls.exe
  C:\Windows\System\OXnysls.exe
  2⤵
  PID:7016
- C:\Windows\System\pFOEQro.exe
  C:\Windows\System\pFOEQro.exe
  2⤵
  PID:7032
- C:\Windows\System\DiQQjky.exe
  C:\Windows\System\DiQQjky.exe
  2⤵
  PID:7052
- C:\Windows\System\CYmZisO.exe
  C:\Windows\System\CYmZisO.exe
  2⤵
  PID:7068
- C:\Windows\System\OQKkEaa.exe
  C:\Windows\System\OQKkEaa.exe
  2⤵
  PID:7088
- C:\Windows\System\ImCxoiz.exe
  C:\Windows\System\ImCxoiz.exe
  2⤵
  PID:7124
- C:\Windows\System\EAzhhOg.exe
  C:\Windows\System\EAzhhOg.exe
  2⤵
  PID:2184
- C:\Windows\System\wyAUQeT.exe
  C:\Windows\System\wyAUQeT.exe
  2⤵
  PID:6160
- C:\Windows\System\LltTnkg.exe
  C:\Windows\System\LltTnkg.exe
  2⤵
  PID:5168
- C:\Windows\System\abEwmQI.exe
  C:\Windows\System\abEwmQI.exe
  2⤵
  PID:6196
- C:\Windows\System\YqzKkYf.exe
  C:\Windows\System\YqzKkYf.exe
  2⤵
  PID:5232
- C:\Windows\System\ANnpvUY.exe
  C:\Windows\System\ANnpvUY.exe
  2⤵
  PID:4304
- C:\Windows\System\AMMWqng.exe
  C:\Windows\System\AMMWqng.exe
  2⤵
  PID:5092
- C:\Windows\System\hzhEewU.exe
  C:\Windows\System\hzhEewU.exe
  2⤵
  PID:6176
- C:\Windows\System\lbsKjca.exe
  C:\Windows\System\lbsKjca.exe
  2⤵
  PID:6240
- C:\Windows\System\Rlbkmkz.exe
  C:\Windows\System\Rlbkmkz.exe
  2⤵
  PID:6280
- C:\Windows\System\LdVMKMc.exe
  C:\Windows\System\LdVMKMc.exe
  2⤵
  PID:6348
- C:\Windows\System\rxSXuyF.exe
  C:\Windows\System\rxSXuyF.exe
  2⤵
  PID:6428
- C:\Windows\System\HPzkYde.exe
  C:\Windows\System\HPzkYde.exe
  2⤵
  PID:6296
- C:\Windows\System\KsRNzuu.exe
  C:\Windows\System\KsRNzuu.exe
  2⤵
  PID:6336
- C:\Windows\System\CQstdCt.exe
  C:\Windows\System\CQstdCt.exe
  2⤵
  PID:6492
- C:\Windows\System\iYhdWNH.exe
  C:\Windows\System\iYhdWNH.exe
  2⤵
  PID:6412
- C:\Windows\System\rEeEENk.exe
  C:\Windows\System\rEeEENk.exe
  2⤵
  PID:6476
- C:\Windows\System\kBiIRHf.exe
  C:\Windows\System\kBiIRHf.exe
  2⤵
  PID:6536
- C:\Windows\System\GcpPfVS.exe
  C:\Windows\System\GcpPfVS.exe
  2⤵
  PID:6552
- C:\Windows\System\JqFgslr.exe
  C:\Windows\System\JqFgslr.exe
  2⤵
  PID:6632
- C:\Windows\System\LSOyJLA.exe
  C:\Windows\System\LSOyJLA.exe
  2⤵
  PID:6656
- C:\Windows\System\oyOrzkO.exe
  C:\Windows\System\oyOrzkO.exe
  2⤵
  PID:6672
- C:\Windows\System\ppfFnVk.exe
  C:\Windows\System\ppfFnVk.exe
  2⤵
  PID:6716
- C:\Windows\System\VEYuBuo.exe
  C:\Windows\System\VEYuBuo.exe
  2⤵
  PID:6752
- C:\Windows\System\JbVIdmJ.exe
  C:\Windows\System\JbVIdmJ.exe
  2⤵
  PID:6836
- C:\Windows\System\XfQKqXD.exe
  C:\Windows\System\XfQKqXD.exe
  2⤵
  PID:6800
- C:\Windows\System\KVshNXX.exe
  C:\Windows\System\KVshNXX.exe
  2⤵
  PID:6868
- C:\Windows\System\hhaPcyu.exe
  C:\Windows\System\hhaPcyu.exe
  2⤵
  PID:6896
- C:\Windows\System\uRmLdqN.exe
  C:\Windows\System\uRmLdqN.exe
  2⤵
  PID:6912
- C:\Windows\System\LNyXhkA.exe
  C:\Windows\System\LNyXhkA.exe
  2⤵
  PID:6960
- C:\Windows\System\bkLvcKm.exe
  C:\Windows\System\bkLvcKm.exe
  2⤵
  PID:7024
- C:\Windows\System\BbGZGfA.exe
  C:\Windows\System\BbGZGfA.exe
  2⤵
  PID:7040
- C:\Windows\System\GzAMaMU.exe
  C:\Windows\System\GzAMaMU.exe
  2⤵
  PID:7076
- C:\Windows\System\PtFTLRH.exe
  C:\Windows\System\PtFTLRH.exe
  2⤵
  PID:7080
- C:\Windows\System\HboEdMT.exe
  C:\Windows\System\HboEdMT.exe
  2⤵
  PID:7104
- C:\Windows\System\iEqTvDr.exe
  C:\Windows\System\iEqTvDr.exe
  2⤵
  PID:7132
- C:\Windows\System\nAfAync.exe
  C:\Windows\System\nAfAync.exe
  2⤵
  PID:7160
- C:\Windows\System\CJWUAzd.exe
  C:\Windows\System\CJWUAzd.exe
  2⤵
  PID:6148
- C:\Windows\System\zaPxciG.exe
  C:\Windows\System\zaPxciG.exe
  2⤵
  PID:3056
- C:\Windows\System\KmPDDQV.exe
  C:\Windows\System\KmPDDQV.exe
  2⤵
  PID:6252
- C:\Windows\System\eyvGspC.exe
  C:\Windows\System\eyvGspC.exe
  2⤵
  PID:6212
- C:\Windows\System\VqllhOO.exe
  C:\Windows\System\VqllhOO.exe
  2⤵
  PID:6404
- C:\Windows\System\IyWoqnA.exe
  C:\Windows\System\IyWoqnA.exe
  2⤵
  PID:6500
- C:\Windows\System\zftBwtf.exe
  C:\Windows\System\zftBwtf.exe
  2⤵
  PID:6584
- C:\Windows\System\XZOsOtT.exe
  C:\Windows\System\XZOsOtT.exe
  2⤵
  PID:6464
- C:\Windows\System\LRXKFRB.exe
  C:\Windows\System\LRXKFRB.exe
  2⤵
  PID:6444
- C:\Windows\System\QMpqtJZ.exe
  C:\Windows\System\QMpqtJZ.exe
  2⤵
  PID:6548
- C:\Windows\System\DPaTepe.exe
  C:\Windows\System\DPaTepe.exe
  2⤵
  PID:6612
- C:\Windows\System\TIwTSOu.exe
  C:\Windows\System\TIwTSOu.exe
  2⤵
  PID:6648
- C:\Windows\System\uZENHmt.exe
  C:\Windows\System\uZENHmt.exe
  2⤵
  PID:6700
- C:\Windows\System\GZWekrn.exe
  C:\Windows\System\GZWekrn.exe
  2⤵
  PID:6768
- C:\Windows\System\ursXZPH.exe
  C:\Windows\System\ursXZPH.exe
  2⤵
  PID:6832
- C:\Windows\System\cvZzEkx.exe
  C:\Windows\System\cvZzEkx.exe
  2⤵
  PID:6880
- C:\Windows\System\fqKzEIA.exe
  C:\Windows\System\fqKzEIA.exe
  2⤵
  PID:7008
- C:\Windows\System\xaZnBGS.exe
  C:\Windows\System\xaZnBGS.exe
  2⤵
  PID:6976
- C:\Windows\System\FWLhQjW.exe
  C:\Windows\System\FWLhQjW.exe
  2⤵
  PID:6992
- C:\Windows\System\MgoxoLn.exe
  C:\Windows\System\MgoxoLn.exe
  2⤵
  PID:7112
- C:\Windows\System\gRqQWBT.exe
  C:\Windows\System\gRqQWBT.exe
  2⤵
  PID:7140
- C:\Windows\System\QxOUVDh.exe
  C:\Windows\System\QxOUVDh.exe
  2⤵
  PID:5356
- C:\Windows\System\gTLhHNX.exe
  C:\Windows\System\gTLhHNX.exe
  2⤵
  PID:2116
- C:\Windows\System\ZFeNJvY.exe
  C:\Windows\System\ZFeNJvY.exe
  2⤵
  PID:5932
- C:\Windows\System\NIgYuao.exe
  C:\Windows\System\NIgYuao.exe
  2⤵
  PID:1732
- C:\Windows\System\wZjKxcS.exe
  C:\Windows\System\wZjKxcS.exe
  2⤵
  PID:6320
- C:\Windows\System\NqOcMeI.exe
  C:\Windows\System\NqOcMeI.exe
  2⤵
  PID:6512
- C:\Windows\System\zTMeeXs.exe
  C:\Windows\System\zTMeeXs.exe
  2⤵
  PID:6684
- C:\Windows\System\aosTIMQ.exe
  C:\Windows\System\aosTIMQ.exe
  2⤵
  PID:6944
- C:\Windows\System\SYISkpx.exe
  C:\Windows\System\SYISkpx.exe
  2⤵
  PID:6720
- C:\Windows\System\fucdDAD.exe
  C:\Windows\System\fucdDAD.exe
  2⤵
  PID:6668
- C:\Windows\System\BPoBcrk.exe
  C:\Windows\System\BPoBcrk.exe
  2⤵
  PID:6448
- C:\Windows\System\KlyKGRt.exe
  C:\Windows\System\KlyKGRt.exe
  2⤵
  PID:6532
- C:\Windows\System\WKZQAJB.exe
  C:\Windows\System\WKZQAJB.exe
  2⤵
  PID:3052
- C:\Windows\System\siKQbhM.exe
  C:\Windows\System\siKQbhM.exe
  2⤵
  PID:6248
- C:\Windows\System\hkSmPaS.exe
  C:\Windows\System\hkSmPaS.exe
  2⤵
  PID:5880
- C:\Windows\System\xHAzwRz.exe
  C:\Windows\System\xHAzwRz.exe
  2⤵
  PID:6216
- C:\Windows\System\UHKLQDd.exe
  C:\Windows\System\UHKLQDd.exe
  2⤵
  PID:6568
- C:\Windows\System\LJqOcOx.exe
  C:\Windows\System\LJqOcOx.exe
  2⤵
  PID:6652
- C:\Windows\System\kDWZHOu.exe
  C:\Windows\System\kDWZHOu.exe
  2⤵
  PID:6980
- C:\Windows\System\qmzsIHX.exe
  C:\Windows\System\qmzsIHX.exe
  2⤵
  PID:5620
- C:\Windows\System\QYcMAwO.exe
  C:\Windows\System\QYcMAwO.exe
  2⤵
  PID:6332
- C:\Windows\System\wUhCpZj.exe
  C:\Windows\System\wUhCpZj.exe
  2⤵
  PID:6496
- C:\Windows\System\ROnSNuY.exe
  C:\Windows\System\ROnSNuY.exe
  2⤵
  PID:6128
- C:\Windows\System\ffyQJKj.exe
  C:\Windows\System\ffyQJKj.exe
  2⤵
  PID:7184
- C:\Windows\System\izhQfzP.exe
  C:\Windows\System\izhQfzP.exe
  2⤵
  PID:7200
- C:\Windows\System\aZHnraH.exe
  C:\Windows\System\aZHnraH.exe
  2⤵
  PID:7216
- C:\Windows\System\WLTtunX.exe
  C:\Windows\System\WLTtunX.exe
  2⤵
  PID:7236
- C:\Windows\System\pebRzei.exe
  C:\Windows\System\pebRzei.exe
  2⤵
  PID:7252
- C:\Windows\System\wXbkowc.exe
  C:\Windows\System\wXbkowc.exe
  2⤵
  PID:7268
- C:\Windows\System\QKUTpWc.exe
  C:\Windows\System\QKUTpWc.exe
  2⤵
  PID:7284
- C:\Windows\System\sivIenz.exe
  C:\Windows\System\sivIenz.exe
  2⤵
  PID:7300
- C:\Windows\System\deOyNaG.exe
  C:\Windows\System\deOyNaG.exe
  2⤵
  PID:7316
- C:\Windows\System\YhwfanJ.exe
  C:\Windows\System\YhwfanJ.exe
  2⤵
  PID:7332
- C:\Windows\System\ABPHDyy.exe
  C:\Windows\System\ABPHDyy.exe
  2⤵
  PID:7348
- C:\Windows\System\vgsvDXi.exe
  C:\Windows\System\vgsvDXi.exe
  2⤵
  PID:7364
- C:\Windows\System\vwyrvay.exe
  C:\Windows\System\vwyrvay.exe
  2⤵
  PID:7380
- C:\Windows\System\LBzgARH.exe
  C:\Windows\System\LBzgARH.exe
  2⤵
  PID:7396
- C:\Windows\System\DSjJjiT.exe
  C:\Windows\System\DSjJjiT.exe
  2⤵
  PID:7412
- C:\Windows\System\ZPxtjHe.exe
  C:\Windows\System\ZPxtjHe.exe
  2⤵
  PID:7428
- C:\Windows\System\hhGrdPq.exe
  C:\Windows\System\hhGrdPq.exe
  2⤵
  PID:7448
- C:\Windows\System\MZENZtS.exe
  C:\Windows\System\MZENZtS.exe
  2⤵
  PID:7528
- C:\Windows\System\ZuViyHh.exe
  C:\Windows\System\ZuViyHh.exe
  2⤵
  PID:7548
- C:\Windows\System\SrdzcFA.exe
  C:\Windows\System\SrdzcFA.exe
  2⤵
  PID:7564
- C:\Windows\System\Lrmkgnv.exe
  C:\Windows\System\Lrmkgnv.exe
  2⤵
  PID:7580
- C:\Windows\System\auesSAl.exe
  C:\Windows\System\auesSAl.exe
  2⤵
  PID:7596
- C:\Windows\System\PlvqnqY.exe
  C:\Windows\System\PlvqnqY.exe
  2⤵
  PID:7620
- C:\Windows\System\surTzih.exe
  C:\Windows\System\surTzih.exe
  2⤵
  PID:7644
- C:\Windows\System\TdSmqNO.exe
  C:\Windows\System\TdSmqNO.exe
  2⤵
  PID:7660
- C:\Windows\System\BZDHpji.exe
  C:\Windows\System\BZDHpji.exe
  2⤵
  PID:7676
- C:\Windows\System\moZRjck.exe
  C:\Windows\System\moZRjck.exe
  2⤵
  PID:7692
- C:\Windows\System\etxXsQI.exe
  C:\Windows\System\etxXsQI.exe
  2⤵
  PID:7708
- C:\Windows\System\lCAHAaZ.exe
  C:\Windows\System\lCAHAaZ.exe
  2⤵
  PID:7724
- C:\Windows\System\hwvrkUm.exe
  C:\Windows\System\hwvrkUm.exe
  2⤵
  PID:7740
- C:\Windows\System\OVSFrdo.exe
  C:\Windows\System\OVSFrdo.exe
  2⤵
  PID:7756
- C:\Windows\System\pECZMhU.exe
  C:\Windows\System\pECZMhU.exe
  2⤵
  PID:7772
- C:\Windows\System\atAugIr.exe
  C:\Windows\System\atAugIr.exe
  2⤵
  PID:7788
- C:\Windows\System\WkQtWRc.exe
  C:\Windows\System\WkQtWRc.exe
  2⤵
  PID:7804
- C:\Windows\System\VikUCRq.exe
  C:\Windows\System\VikUCRq.exe
  2⤵
  PID:7820
- C:\Windows\System\MyLQinC.exe
  C:\Windows\System\MyLQinC.exe
  2⤵
  PID:7836
- C:\Windows\System\XHigtcl.exe
  C:\Windows\System\XHigtcl.exe
  2⤵
  PID:7852
- C:\Windows\System\ueeMUQI.exe
  C:\Windows\System\ueeMUQI.exe
  2⤵
  PID:7872
- C:\Windows\System\uIacHcS.exe
  C:\Windows\System\uIacHcS.exe
  2⤵
  PID:7888
- C:\Windows\System\MqIuLcc.exe
  C:\Windows\System\MqIuLcc.exe
  2⤵
  PID:7904
- C:\Windows\System\tFnEAei.exe
  C:\Windows\System\tFnEAei.exe
  2⤵
  PID:7920
- C:\Windows\System\eHCyzCE.exe
  C:\Windows\System\eHCyzCE.exe
  2⤵
  PID:7948
- C:\Windows\System\RRvRDnf.exe
  C:\Windows\System\RRvRDnf.exe
  2⤵
  PID:8020
- C:\Windows\System\QdXlWxF.exe
  C:\Windows\System\QdXlWxF.exe
  2⤵
  PID:8188
- C:\Windows\System\uerqcMF.exe
  C:\Windows\System\uerqcMF.exe
  2⤵
  PID:6460
- C:\Windows\System\uTimlVT.exe
  C:\Windows\System\uTimlVT.exe
  2⤵
  PID:7152
- C:\Windows\System\fjMsPUa.exe
  C:\Windows\System\fjMsPUa.exe
  2⤵
  PID:7180
- C:\Windows\System\egYKLcv.exe
  C:\Windows\System\egYKLcv.exe
  2⤵
  PID:7212
- C:\Windows\System\hCOXghh.exe
  C:\Windows\System\hCOXghh.exe
  2⤵
  PID:7276
- C:\Windows\System\JSudXCD.exe
  C:\Windows\System\JSudXCD.exe
  2⤵
  PID:7264
- C:\Windows\System\YjFWBZF.exe
  C:\Windows\System\YjFWBZF.exe
  2⤵
  PID:7296
- C:\Windows\System\YcPlcJe.exe
  C:\Windows\System\YcPlcJe.exe
  2⤵
  PID:7372
- C:\Windows\System\PsyeqvX.exe
  C:\Windows\System\PsyeqvX.exe
  2⤵
  PID:7436
- C:\Windows\System\GBAcUqq.exe
  C:\Windows\System\GBAcUqq.exe
  2⤵
  PID:7424
- C:\Windows\System\LdtVfUf.exe
  C:\Windows\System\LdtVfUf.exe
  2⤵
  PID:7440
- C:\Windows\System\tPkRgzz.exe
  C:\Windows\System\tPkRgzz.exe
  2⤵
  PID:7468
- C:\Windows\System\ravfMOT.exe
  C:\Windows\System\ravfMOT.exe
  2⤵
  PID:7484
- C:\Windows\System\tUfdzlT.exe
  C:\Windows\System\tUfdzlT.exe
  2⤵
  PID:7500
- C:\Windows\System\ZseZQbD.exe
  C:\Windows\System\ZseZQbD.exe
  2⤵
  PID:7516
- C:\Windows\System\hAHXper.exe
  C:\Windows\System\hAHXper.exe
  2⤵
  PID:7560
- C:\Windows\System\CiqCFdO.exe
  C:\Windows\System\CiqCFdO.exe
  2⤵
  PID:7572
- C:\Windows\System\zgScjFD.exe
  C:\Windows\System\zgScjFD.exe
  2⤵
  PID:7556
- C:\Windows\System\opCcnYy.exe
  C:\Windows\System\opCcnYy.exe
  2⤵
  PID:7652
- C:\Windows\System\jLIwoAe.exe
  C:\Windows\System\jLIwoAe.exe
  2⤵
  PID:7636
- C:\Windows\System\TpvaYoK.exe
  C:\Windows\System\TpvaYoK.exe
  2⤵
  PID:7716
- C:\Windows\System\AKOhAea.exe
  C:\Windows\System\AKOhAea.exe
  2⤵
  PID:7784
- C:\Windows\System\KnCOXwl.exe
  C:\Windows\System\KnCOXwl.exe
  2⤵
  PID:7848
- C:\Windows\System\GFxHhey.exe
  C:\Windows\System\GFxHhey.exe
  2⤵
  PID:7884
- C:\Windows\System\tZbKtEw.exe
  C:\Windows\System\tZbKtEw.exe
  2⤵
  PID:7668
- C:\Windows\System\NqWpoun.exe
  C:\Windows\System\NqWpoun.exe
  2⤵
  PID:7768
- C:\Windows\System\MgFZAsN.exe
  C:\Windows\System\MgFZAsN.exe
  2⤵
  PID:7860
- C:\Windows\System\VcNITcb.exe
  C:\Windows\System\VcNITcb.exe
  2⤵
  PID:7796
- C:\Windows\System\MGuBWUJ.exe
  C:\Windows\System\MGuBWUJ.exe
  2⤵
  PID:7704
- C:\Windows\System\tjQFNct.exe
  C:\Windows\System\tjQFNct.exe
  2⤵
  PID:7944
- C:\Windows\System\ZjgnYTr.exe
  C:\Windows\System\ZjgnYTr.exe
  2⤵
  PID:7968
- C:\Windows\System\BoQSkic.exe
  C:\Windows\System\BoQSkic.exe
  2⤵
  PID:7984
- C:\Windows\System\qhjIPde.exe
  C:\Windows\System\qhjIPde.exe
  2⤵
  PID:8000
- C:\Windows\System\pmaPMUv.exe
  C:\Windows\System\pmaPMUv.exe
  2⤵
  PID:8016
- C:\Windows\System\pZOSrEP.exe
  C:\Windows\System\pZOSrEP.exe
  2⤵
  PID:8048
- C:\Windows\System\fllWRrx.exe
  C:\Windows\System\fllWRrx.exe
  2⤵
  PID:8068
- C:\Windows\System\MmdMBvu.exe
  C:\Windows\System\MmdMBvu.exe
  2⤵
  PID:8084
- C:\Windows\System\AiYauno.exe
  C:\Windows\System\AiYauno.exe
  2⤵
  PID:8100
- C:\Windows\System\jmXFjRW.exe
  C:\Windows\System\jmXFjRW.exe
  2⤵
  PID:8116
- C:\Windows\System\pihoVTz.exe
  C:\Windows\System\pihoVTz.exe
  2⤵
  PID:8132
- C:\Windows\System\UTlIwDy.exe
  C:\Windows\System\UTlIwDy.exe
  2⤵
  PID:8152
- C:\Windows\System\ebCkwAA.exe
  C:\Windows\System\ebCkwAA.exe
  2⤵
  PID:8164
- C:\Windows\System\ZhlaPas.exe
  C:\Windows\System\ZhlaPas.exe
  2⤵
  PID:8040
- C:\Windows\System\FYPIuNF.exe
  C:\Windows\System\FYPIuNF.exe
  2⤵
  PID:8184
- C:\Windows\System\Pgddyvy.exe
  C:\Windows\System\Pgddyvy.exe
  2⤵
  PID:6608
- C:\Windows\System\AjUOVpO.exe
  C:\Windows\System\AjUOVpO.exe
  2⤵
  PID:7192
- C:\Windows\System\gstIPnf.exe
  C:\Windows\System\gstIPnf.exe
  2⤵
  PID:7176
- C:\Windows\System\GqZQmBo.exe
  C:\Windows\System\GqZQmBo.exe
  2⤵
  PID:7404
- C:\Windows\System\hCVTEgr.exe
  C:\Windows\System\hCVTEgr.exe
  2⤵
  PID:7420
- C:\Windows\System\SVYCeWf.exe
  C:\Windows\System\SVYCeWf.exe
  2⤵
  PID:7356
- C:\Windows\System\qJdrPDt.exe
  C:\Windows\System\qJdrPDt.exe
  2⤵
  PID:7464
- C:\Windows\System\CCLDMln.exe
  C:\Windows\System\CCLDMln.exe
  2⤵
  PID:7604
- C:\Windows\System\OKfAtZY.exe
  C:\Windows\System\OKfAtZY.exe
  2⤵
  PID:7492
- C:\Windows\System\eliYady.exe
  C:\Windows\System\eliYady.exe
  2⤵
  PID:7540
- C:\Windows\System\GnxtBYf.exe
  C:\Windows\System\GnxtBYf.exe
  2⤵
  PID:7684
- C:\Windows\System\oGTKPFr.exe
  C:\Windows\System\oGTKPFr.exe
  2⤵
  PID:7640
- C:\Windows\System\nPnhDpE.exe
  C:\Windows\System\nPnhDpE.exe
  2⤵
  PID:7992
- C:\Windows\System\HYOpaVR.exe
  C:\Windows\System\HYOpaVR.exe
  2⤵
  PID:6928
- C:\Windows\System\RuaVBUn.exe
  C:\Windows\System\RuaVBUn.exe
  2⤵
  PID:7828
- C:\Windows\System\PjskXSk.exe
  C:\Windows\System\PjskXSk.exe
  2⤵
  PID:7940
- C:\Windows\System\fOnJCph.exe
  C:\Windows\System\fOnJCph.exe
  2⤵
  PID:7964
- C:\Windows\System\mWqfDtN.exe
  C:\Windows\System\mWqfDtN.exe
  2⤵
  PID:8056
- C:\Windows\System\ehUlIrS.exe
  C:\Windows\System\ehUlIrS.exe
  2⤵
  PID:8108
- C:\Windows\System\tNmyjyH.exe
  C:\Windows\System\tNmyjyH.exe
  2⤵
  PID:8128
- C:\Windows\System\DGyouIA.exe
  C:\Windows\System\DGyouIA.exe
  2⤵
  PID:8156
- C:\Windows\System\aNffdBv.exe
  C:\Windows\System\aNffdBv.exe
  2⤵
  PID:7248
- C:\Windows\System\mAgnMtb.exe
  C:\Windows\System\mAgnMtb.exe
  2⤵
  PID:7340
- C:\Windows\System\YQUPFDw.exe
  C:\Windows\System\YQUPFDw.exe
  2⤵
  PID:2568
- C:\Windows\System\RxytehT.exe
  C:\Windows\System\RxytehT.exe
  2⤵
  PID:7460
- C:\Windows\System\qGEffos.exe
  C:\Windows\System\qGEffos.exe
  2⤵
  PID:6932
- C:\Windows\System\rzZDkuY.exe
  C:\Windows\System\rzZDkuY.exe
  2⤵
  PID:7524
- C:\Windows\System\QekenGL.exe
  C:\Windows\System\QekenGL.exe
  2⤵
  PID:7628
- C:\Windows\System\rehKLOo.exe
  C:\Windows\System\rehKLOo.exe
  2⤵
  PID:7816
- C:\Windows\System\TsqNHtY.exe
  C:\Windows\System\TsqNHtY.exe
  2⤵
  PID:7960
- C:\Windows\System\oFuMmtD.exe
  C:\Windows\System\oFuMmtD.exe
  2⤵
  PID:7732
- C:\Windows\System\kheAyOf.exe
  C:\Windows\System\kheAyOf.exe
  2⤵
  PID:7976
- C:\Windows\System\ZCFEwEr.exe
  C:\Windows\System\ZCFEwEr.exe
  2⤵
  PID:2772
- C:\Windows\System\wzYIUpc.exe
  C:\Windows\System\wzYIUpc.exe
  2⤵
  PID:8148
- C:\Windows\System\TFGgIkf.exe
  C:\Windows\System\TFGgIkf.exe
  2⤵
  PID:6704
- C:\Windows\System\ABCaekD.exe
  C:\Windows\System\ABCaekD.exe
  2⤵
  PID:1976
- C:\Windows\System\gqpIwEX.exe
  C:\Windows\System\gqpIwEX.exe
  2⤵
  PID:7632
- C:\Windows\System\DKaShkJ.exe
  C:\Windows\System\DKaShkJ.exe
  2⤵
  PID:7324
- C:\Windows\System\cDKHRSC.exe
  C:\Windows\System\cDKHRSC.exe
  2⤵
  PID:7616
- C:\Windows\System\THOBomm.exe
  C:\Windows\System\THOBomm.exe
  2⤵
  PID:8080
- C:\Windows\System\AwvNKUW.exe
  C:\Windows\System\AwvNKUW.exe
  2⤵
  PID:8180
- C:\Windows\System\lPCymNf.exe
  C:\Windows\System\lPCymNf.exe
  2⤵
  PID:2196
- C:\Windows\System\OENwUbB.exe
  C:\Windows\System\OENwUbB.exe
  2⤵
  PID:7916
- C:\Windows\System\LPmGoka.exe
  C:\Windows\System\LPmGoka.exe
  2⤵
  PID:8012
- C:\Windows\System\gGkWjfR.exe
  C:\Windows\System\gGkWjfR.exe
  2⤵
  PID:7700
- C:\Windows\System\bmTEYuH.exe
  C:\Windows\System\bmTEYuH.exe
  2⤵
  PID:8200
- C:\Windows\System\JjZIhap.exe
  C:\Windows\System\JjZIhap.exe
  2⤵
  PID:8216
- C:\Windows\System\lgnTCKV.exe
  C:\Windows\System\lgnTCKV.exe
  2⤵
  PID:8232
- C:\Windows\System\lzcRLMF.exe
  C:\Windows\System\lzcRLMF.exe
  2⤵
  PID:8248
- C:\Windows\System\xgAilWM.exe
  C:\Windows\System\xgAilWM.exe
  2⤵
  PID:8264
- C:\Windows\System\lctHlRv.exe
  C:\Windows\System\lctHlRv.exe
  2⤵
  PID:8288
- C:\Windows\System\UYKigAu.exe
  C:\Windows\System\UYKigAu.exe
  2⤵
  PID:8308
- C:\Windows\System\khEHMJX.exe
  C:\Windows\System\khEHMJX.exe
  2⤵
  PID:8324
- C:\Windows\System\ztKPnJX.exe
  C:\Windows\System\ztKPnJX.exe
  2⤵
  PID:8340
- C:\Windows\System\BNDJSQq.exe
  C:\Windows\System\BNDJSQq.exe
  2⤵
  PID:8356
- C:\Windows\System\BOBysXP.exe
  C:\Windows\System\BOBysXP.exe
  2⤵
  PID:8372
- C:\Windows\System\BLeXNKJ.exe
  C:\Windows\System\BLeXNKJ.exe
  2⤵
  PID:8388
- C:\Windows\System\Tapqhak.exe
  C:\Windows\System\Tapqhak.exe
  2⤵
  PID:8404
- C:\Windows\System\EmunEjg.exe
  C:\Windows\System\EmunEjg.exe
  2⤵
  PID:8420
- C:\Windows\System\VvQWaPm.exe
  C:\Windows\System\VvQWaPm.exe
  2⤵
  PID:8436
- C:\Windows\System\kiZruEE.exe
  C:\Windows\System\kiZruEE.exe
  2⤵
  PID:8452
- C:\Windows\System\LtILtGI.exe
  C:\Windows\System\LtILtGI.exe
  2⤵
  PID:8468
- C:\Windows\System\VtyEZdU.exe
  C:\Windows\System\VtyEZdU.exe
  2⤵
  PID:8484
- C:\Windows\System\hdflDUg.exe
  C:\Windows\System\hdflDUg.exe
  2⤵
  PID:8500
- C:\Windows\System\sklVyTC.exe
  C:\Windows\System\sklVyTC.exe
  2⤵
  PID:8516
- C:\Windows\System\jAhQWPz.exe
  C:\Windows\System\jAhQWPz.exe
  2⤵
  PID:8532
- C:\Windows\System\hXVKjLE.exe
  C:\Windows\System\hXVKjLE.exe
  2⤵
  PID:8548
- C:\Windows\System\ncjmOgl.exe
  C:\Windows\System\ncjmOgl.exe
  2⤵
  PID:8564
- C:\Windows\System\RtWmtbr.exe
  C:\Windows\System\RtWmtbr.exe
  2⤵
  PID:8580
- C:\Windows\System\puvnAXw.exe
  C:\Windows\System\puvnAXw.exe
  2⤵
  PID:8596
- C:\Windows\System\eFKsyUP.exe
  C:\Windows\System\eFKsyUP.exe
  2⤵
  PID:8612
- C:\Windows\System\eKhQkKw.exe
  C:\Windows\System\eKhQkKw.exe
  2⤵
  PID:8628
- C:\Windows\System\IrjdIFW.exe
  C:\Windows\System\IrjdIFW.exe
  2⤵
  PID:8648
- C:\Windows\System\deJOqgS.exe
  C:\Windows\System\deJOqgS.exe
  2⤵
  PID:8664
- C:\Windows\System\bfZBpzK.exe
  C:\Windows\System\bfZBpzK.exe
  2⤵
  PID:8680
- C:\Windows\System\KPhKoCp.exe
  C:\Windows\System\KPhKoCp.exe
  2⤵
  PID:8696
- C:\Windows\System\xyrduGd.exe
  C:\Windows\System\xyrduGd.exe
  2⤵
  PID:8712
- C:\Windows\System\epcJiML.exe
  C:\Windows\System\epcJiML.exe
  2⤵
  PID:8728
- C:\Windows\System\xGxnDqo.exe
  C:\Windows\System\xGxnDqo.exe
  2⤵
  PID:8744
- C:\Windows\System\QLxYksN.exe
  C:\Windows\System\QLxYksN.exe
  2⤵
  PID:8760
- C:\Windows\System\CDcQWex.exe
  C:\Windows\System\CDcQWex.exe
  2⤵
  PID:8776
- C:\Windows\System\KJzYHJt.exe
  C:\Windows\System\KJzYHJt.exe
  2⤵
  PID:8792
- C:\Windows\System\SXVwCev.exe
  C:\Windows\System\SXVwCev.exe
  2⤵
  PID:8808
- C:\Windows\System\OmbtGtd.exe
  C:\Windows\System\OmbtGtd.exe
  2⤵
  PID:8824
- C:\Windows\System\SBpmCsg.exe
  C:\Windows\System\SBpmCsg.exe
  2⤵
  PID:8840
- C:\Windows\System\rjbWLMH.exe
  C:\Windows\System\rjbWLMH.exe
  2⤵
  PID:8856
- C:\Windows\System\SyLCltJ.exe
  C:\Windows\System\SyLCltJ.exe
  2⤵
  PID:8872
- C:\Windows\System\hStnBNf.exe
  C:\Windows\System\hStnBNf.exe
  2⤵
  PID:8888
- C:\Windows\System\OwcFTbV.exe
  C:\Windows\System\OwcFTbV.exe
  2⤵
  PID:8904
- C:\Windows\System\PdumIjP.exe
  C:\Windows\System\PdumIjP.exe
  2⤵
  PID:8920
- C:\Windows\System\CCGvkNC.exe
  C:\Windows\System\CCGvkNC.exe
  2⤵
  PID:8936
- C:\Windows\System\ZtoRNtV.exe
  C:\Windows\System\ZtoRNtV.exe
  2⤵
  PID:8952
- C:\Windows\System\XSxFaxD.exe
  C:\Windows\System\XSxFaxD.exe
  2⤵
  PID:8968
- C:\Windows\System\cQNsCjZ.exe
  C:\Windows\System\cQNsCjZ.exe
  2⤵
  PID:8984
- C:\Windows\System\OtJRAVL.exe
  C:\Windows\System\OtJRAVL.exe
  2⤵
  PID:9000
- C:\Windows\System\pFFnONZ.exe
  C:\Windows\System\pFFnONZ.exe
  2⤵
  PID:9016
- C:\Windows\System\YOZbfKc.exe
  C:\Windows\System\YOZbfKc.exe
  2⤵
  PID:9032
- C:\Windows\System\ytNmKRb.exe
  C:\Windows\System\ytNmKRb.exe
  2⤵
  PID:9048
- C:\Windows\System\UiCapiq.exe
  C:\Windows\System\UiCapiq.exe
  2⤵
  PID:9064
- C:\Windows\System\AbYbqZk.exe
  C:\Windows\System\AbYbqZk.exe
  2⤵
  PID:9124
- C:\Windows\System\yTYygPm.exe
  C:\Windows\System\yTYygPm.exe
  2⤵
  PID:9148
- C:\Windows\System\InsJCDC.exe
  C:\Windows\System\InsJCDC.exe
  2⤵
  PID:8592
- C:\Windows\System\VBYNGux.exe
  C:\Windows\System\VBYNGux.exe
  2⤵
  PID:8604
- C:\Windows\System\DhLSARp.exe
  C:\Windows\System\DhLSARp.exe
  2⤵
  PID:8964
- C:\Windows\System\aQFOTvS.exe
  C:\Windows\System\aQFOTvS.exe
  2⤵
  PID:9184
- C:\Windows\System\GHymVpH.exe
  C:\Windows\System\GHymVpH.exe
  2⤵
  PID:8352
- C:\Windows\System\onbWWKj.exe
  C:\Windows\System\onbWWKj.exe
  2⤵
  PID:9196
- C:\Windows\System\NOJGuzB.exe
  C:\Windows\System\NOJGuzB.exe
  2⤵
  PID:8032
- C:\Windows\System\GydWDCL.exe
  C:\Windows\System\GydWDCL.exe
  2⤵
  PID:8460
- C:\Windows\System\GiSYOsq.exe
  C:\Windows\System\GiSYOsq.exe
  2⤵
  PID:8224
- C:\Windows\System\rSvlmeq.exe
  C:\Windows\System\rSvlmeq.exe
  2⤵
  PID:8036
- C:\Windows\System\dvdJOQO.exe
  C:\Windows\System\dvdJOQO.exe
  2⤵
  PID:8320
- C:\Windows\System\fcdWnTw.exe
  C:\Windows\System\fcdWnTw.exe
  2⤵
  PID:8496
- C:\Windows\System\hAhDKIo.exe
  C:\Windows\System\hAhDKIo.exe
  2⤵
  PID:8444
- C:\Windows\System\NUeCwHd.exe
  C:\Windows\System\NUeCwHd.exe
  2⤵
  PID:8380
- C:\Windows\System\AmqDzRz.exe
  C:\Windows\System\AmqDzRz.exe
  2⤵
  PID:8544
- C:\Windows\System\WrBXONn.exe
  C:\Windows\System\WrBXONn.exe
  2⤵
  PID:8572
- C:\Windows\System\nQRRNlP.exe
  C:\Windows\System\nQRRNlP.exe
  2⤵
  PID:8676
- C:\Windows\System\aFGSBPu.exe
  C:\Windows\System\aFGSBPu.exe
  2⤵
  PID:8508
- C:\Windows\System\lSmeMJT.exe
  C:\Windows\System\lSmeMJT.exe
  2⤵
  PID:8756
- C:\Windows\System\vxprknB.exe
  C:\Windows\System\vxprknB.exe
  2⤵
  PID:8768
- C:\Windows\System\yoZykRK.exe
  C:\Windows\System\yoZykRK.exe
  2⤵
  PID:8772
- C:\Windows\System\ZgNZjNR.exe
  C:\Windows\System\ZgNZjNR.exe
  2⤵
  PID:9012
- C:\Windows\System\DwwOtGW.exe
  C:\Windows\System\DwwOtGW.exe
  2⤵
  PID:9080
- C:\Windows\System\LYpGltU.exe
  C:\Windows\System\LYpGltU.exe
  2⤵
  PID:9044
- C:\Windows\System\WHVKpEM.exe
  C:\Windows\System\WHVKpEM.exe
  2⤵
  PID:9112
- C:\Windows\System\ZpEAzmY.exe
  C:\Windows\System\ZpEAzmY.exe
  2⤵
  PID:9136
- C:\Windows\System\EVneRXR.exe
  C:\Windows\System\EVneRXR.exe
  2⤵
  PID:9144
- C:\Windows\System\WQIDoNH.exe
  C:\Windows\System\WQIDoNH.exe
  2⤵
  PID:9204
- C:\Windows\System\dfahsdz.exe
  C:\Windows\System\dfahsdz.exe
  2⤵
  PID:8524
- C:\Windows\System\mZFEufE.exe
  C:\Windows\System\mZFEufE.exe
  2⤵
  PID:8240
- C:\Windows\System\uXgOWKC.exe
  C:\Windows\System\uXgOWKC.exe
  2⤵
  PID:1096
- C:\Windows\System\lezykyV.exe
  C:\Windows\System\lezykyV.exe
  2⤵
  PID:8412
- C:\Windows\System\NVwNBLa.exe
  C:\Windows\System\NVwNBLa.exe
  2⤵
  PID:8332
- C:\Windows\System\spUagAN.exe
  C:\Windows\System\spUagAN.exe
  2⤵
  PID:8656
- C:\Windows\System\uqGMFHc.exe
  C:\Windows\System\uqGMFHc.exe
  2⤵
  PID:8704
- C:\Windows\System\nZubTXc.exe
  C:\Windows\System\nZubTXc.exe
  2⤵
  PID:8708
- C:\Windows\System\nNrgUNJ.exe
  C:\Windows\System\nNrgUNJ.exe
  2⤵
  PID:8816
- C:\Windows\System\fSGpGmg.exe
  C:\Windows\System\fSGpGmg.exe
  2⤵
  PID:8736
- C:\Windows\System\hYVbTZW.exe
  C:\Windows\System\hYVbTZW.exe
  2⤵
  PID:8960
- C:\Windows\System\DnAluHR.exe
  C:\Windows\System\DnAluHR.exe
  2⤵
  PID:9056
- C:\Windows\System\hAAOKWh.exe
  C:\Windows\System\hAAOKWh.exe
  2⤵
  PID:9100
- C:\Windows\System\JdWzfch.exe
  C:\Windows\System\JdWzfch.exe
  2⤵
  PID:9192
- C:\Windows\System\qNptOmU.exe
  C:\Windows\System\qNptOmU.exe
  2⤵
  PID:9008
- C:\Windows\System\ycjkNrw.exe
  C:\Windows\System\ycjkNrw.exe
  2⤵
  PID:8528
- C:\Windows\System\daLhhmm.exe
  C:\Windows\System\daLhhmm.exe
  2⤵
  PID:8208
- C:\Windows\System\JQmreLq.exe
  C:\Windows\System\JQmreLq.exe
  2⤵
  PID:8244
- C:\Windows\System\VXKJlPW.exe
  C:\Windows\System\VXKJlPW.exe
  2⤵
  PID:9224
- C:\Windows\System\tnMrGQX.exe
  C:\Windows\System\tnMrGQX.exe
  2⤵
  PID:9240
- C:\Windows\System\xjYjxhM.exe
  C:\Windows\System\xjYjxhM.exe
  2⤵
  PID:9260
- C:\Windows\System\vFzYFje.exe
  C:\Windows\System\vFzYFje.exe
  2⤵
  PID:9280
- C:\Windows\System\VfNOSVY.exe
  C:\Windows\System\VfNOSVY.exe
  2⤵
  PID:9296
- C:\Windows\System\IgNyoMv.exe
  C:\Windows\System\IgNyoMv.exe
  2⤵
  PID:9316
- C:\Windows\System\rrxDqnI.exe
  C:\Windows\System\rrxDqnI.exe
  2⤵
  PID:9336
- C:\Windows\System\EPTbJkq.exe
  C:\Windows\System\EPTbJkq.exe
  2⤵
  PID:9352
- C:\Windows\System\DQJCqrq.exe
  C:\Windows\System\DQJCqrq.exe
  2⤵
  PID:9372
- C:\Windows\System\ZlhAtBU.exe
  C:\Windows\System\ZlhAtBU.exe
  2⤵
  PID:9392
- C:\Windows\System\nNPRzAP.exe
  C:\Windows\System\nNPRzAP.exe
  2⤵
  PID:9408
- C:\Windows\System\hGmUxcL.exe
  C:\Windows\System\hGmUxcL.exe
  2⤵
  PID:9428
- C:\Windows\System\SoPRihR.exe
  C:\Windows\System\SoPRihR.exe
  2⤵
  PID:9444
- C:\Windows\System\JTLcROU.exe
  C:\Windows\System\JTLcROU.exe
  2⤵
  PID:9460
- C:\Windows\System\EOuHJmg.exe
  C:\Windows\System\EOuHJmg.exe
  2⤵
  PID:9492
- C:\Windows\System\XAGcshu.exe
  C:\Windows\System\XAGcshu.exe
  2⤵
  PID:9508
- C:\Windows\System\JKzmSxF.exe
  C:\Windows\System\JKzmSxF.exe
  2⤵
  PID:9524
- C:\Windows\System\SIjTpeE.exe
  C:\Windows\System\SIjTpeE.exe
  2⤵
  PID:9548
- C:\Windows\System\vCEGnbM.exe
  C:\Windows\System\vCEGnbM.exe
  2⤵
  PID:9636
- C:\Windows\System\kEEoeFZ.exe
  C:\Windows\System\kEEoeFZ.exe
  2⤵
  PID:9652
- C:\Windows\System\qtlvaBN.exe
  C:\Windows\System\qtlvaBN.exe
  2⤵
  PID:9672
- C:\Windows\System\OIVBroR.exe
  C:\Windows\System\OIVBroR.exe
  2⤵
  PID:9688
- C:\Windows\System\aBDSWOY.exe
  C:\Windows\System\aBDSWOY.exe
  2⤵
  PID:9704
- C:\Windows\System\ZFGUKuE.exe
  C:\Windows\System\ZFGUKuE.exe
  2⤵
  PID:9736
- C:\Windows\System\tpiQPOh.exe
  C:\Windows\System\tpiQPOh.exe
  2⤵
  PID:9780
- C:\Windows\System\klRqMCb.exe
  C:\Windows\System\klRqMCb.exe
  2⤵
  PID:9800
- C:\Windows\System\PHDSrVC.exe
  C:\Windows\System\PHDSrVC.exe
  2⤵
  PID:9828
- C:\Windows\System\zzbwCwP.exe
  C:\Windows\System\zzbwCwP.exe
  2⤵
  PID:9844
- C:\Windows\System\PhsHqfl.exe
  C:\Windows\System\PhsHqfl.exe
  2⤵
  PID:9860
- C:\Windows\System\pSrpmVU.exe
  C:\Windows\System\pSrpmVU.exe
  2⤵
  PID:9880
- C:\Windows\System\TWFTUTj.exe
  C:\Windows\System\TWFTUTj.exe
  2⤵
  PID:9900
- C:\Windows\System\YrDZsqh.exe
  C:\Windows\System\YrDZsqh.exe
  2⤵
  PID:9920
- C:\Windows\System\tjUCpgN.exe
  C:\Windows\System\tjUCpgN.exe
  2⤵
  PID:9956
- C:\Windows\System\WNuOJep.exe
  C:\Windows\System\WNuOJep.exe
  2⤵
  PID:9972
- C:\Windows\System\nfpQKLg.exe
  C:\Windows\System\nfpQKLg.exe
  2⤵
  PID:9988
- C:\Windows\System\nKkELRC.exe
  C:\Windows\System\nKkELRC.exe
  2⤵
  PID:10004
- C:\Windows\System\pADNVup.exe
  C:\Windows\System\pADNVup.exe
  2⤵
  PID:10020
- C:\Windows\System\JvTuicZ.exe
  C:\Windows\System\JvTuicZ.exe
  2⤵
  PID:10040
- C:\Windows\System\nhaiJtO.exe
  C:\Windows\System\nhaiJtO.exe
  2⤵
  PID:10056
- C:\Windows\System\YQMDrIg.exe
  C:\Windows\System\YQMDrIg.exe
  2⤵
  PID:10072
- C:\Windows\System\JlTIATW.exe
  C:\Windows\System\JlTIATW.exe
  2⤵
  PID:10100
- C:\Windows\System\hUdBBTC.exe
  C:\Windows\System\hUdBBTC.exe
  2⤵
  PID:10132
- C:\Windows\System\xiAMwzY.exe
  C:\Windows\System\xiAMwzY.exe
  2⤵
  PID:10156
- C:\Windows\System\HbodUvs.exe
  C:\Windows\System\HbodUvs.exe
  2⤵
  PID:10172
- C:\Windows\System\XnEeAvM.exe
  C:\Windows\System\XnEeAvM.exe
  2⤵
  PID:10188
- C:\Windows\System\VGVbGTE.exe
  C:\Windows\System\VGVbGTE.exe
  2⤵
  PID:10208
- C:\Windows\System\PJsXkcC.exe
  C:\Windows\System\PJsXkcC.exe
  2⤵
  PID:10224
- C:\Windows\System\RVpSdYN.exe
  C:\Windows\System\RVpSdYN.exe
  2⤵
  PID:9164
- C:\Windows\System\lhuHFzD.exe
  C:\Windows\System\lhuHFzD.exe
  2⤵
  PID:8852
- C:\Windows\System\XqURneK.exe
  C:\Windows\System\XqURneK.exe
  2⤵
  PID:9116
- C:\Windows\System\OrvlBtn.exe
  C:\Windows\System\OrvlBtn.exe
  2⤵
  PID:8348
- C:\Windows\System\HileCGm.exe
  C:\Windows\System\HileCGm.exe
  2⤵
  PID:9344
- C:\Windows\System\ofkRcJJ.exe
  C:\Windows\System\ofkRcJJ.exe
  2⤵
  PID:9416
- C:\Windows\System\rYvyZsG.exe
  C:\Windows\System\rYvyZsG.exe
  2⤵
  PID:8196
- C:\Windows\System\puqyfOB.exe
  C:\Windows\System\puqyfOB.exe
  2⤵
  PID:9252
- C:\Windows\System\efLYsnH.exe
  C:\Windows\System\efLYsnH.exe
  2⤵
  PID:9532
- C:\Windows\System\FaDyWrE.exe
  C:\Windows\System\FaDyWrE.exe
  2⤵
  PID:9288
- C:\Windows\System\cHpNsCK.exe
  C:\Windows\System\cHpNsCK.exe
  2⤵
  PID:9436
- C:\Windows\System\GnzRliq.exe
  C:\Windows\System\GnzRliq.exe
  2⤵
  PID:9476
- C:\Windows\System\jOVprHq.exe
  C:\Windows\System\jOVprHq.exe
  2⤵
  PID:9480
- C:\Windows\System\ieRpWKu.exe
  C:\Windows\System\ieRpWKu.exe
  2⤵
  PID:9516
- C:\Windows\System\AvpaAKo.exe
  C:\Windows\System\AvpaAKo.exe
  2⤵
  PID:9580
- C:\Windows\System\rOTxsHu.exe
  C:\Windows\System\rOTxsHu.exe
  2⤵
  PID:9608
- C:\Windows\System\AogGOcL.exe
  C:\Windows\System\AogGOcL.exe
  2⤵
  PID:9620
- C:\Windows\System\FebLKwY.exe
  C:\Windows\System\FebLKwY.exe
  2⤵
  PID:9660
- C:\Windows\System\fIncwhY.exe
  C:\Windows\System\fIncwhY.exe
  2⤵
  PID:9696
- C:\Windows\System\deEBFwE.exe
  C:\Windows\System\deEBFwE.exe
  2⤵
  PID:9728
- C:\Windows\System\mUZTpIg.exe
  C:\Windows\System\mUZTpIg.exe
  2⤵
  PID:9752
- C:\Windows\System\ZuGmjdL.exe
  C:\Windows\System\ZuGmjdL.exe
  2⤵
  PID:9772
- C:\Windows\System\rlblojQ.exe
  C:\Windows\System\rlblojQ.exe
  2⤵
  PID:9836
- C:\Windows\System\ujQttjL.exe
  C:\Windows\System\ujQttjL.exe
  2⤵
  PID:9872
- C:\Windows\System\trMmcvU.exe
  C:\Windows\System\trMmcvU.exe
  2⤵
  PID:9852
- C:\Windows\System\GANIDsw.exe
  C:\Windows\System\GANIDsw.exe
  2⤵
  PID:9912
- C:\Windows\System\XuZvuZj.exe
  C:\Windows\System\XuZvuZj.exe
  2⤵
  PID:9172
- C:\Windows\System\zWvDcjB.exe
  C:\Windows\System\zWvDcjB.exe
  2⤵
  PID:9964
- C:\Windows\System\yAWYmGP.exe
  C:\Windows\System\yAWYmGP.exe
  2⤵
  PID:9984
- C:\Windows\System\myOzExP.exe
  C:\Windows\System\myOzExP.exe
  2⤵
  PID:10036
- C:\Windows\System\qgniXQd.exe
  C:\Windows\System\qgniXQd.exe
  2⤵
  PID:10048
- C:\Windows\System\dxIspvf.exe
  C:\Windows\System\dxIspvf.exe
  2⤵
  PID:10120
- C:\Windows\System\WuuWYYN.exe
  C:\Windows\System\WuuWYYN.exe
  2⤵
  PID:10092
- C:\Windows\System\vJZuAbu.exe
  C:\Windows\System\vJZuAbu.exe
  2⤵
  PID:10152
- C:\Windows\System\aXqEzTn.exe
  C:\Windows\System\aXqEzTn.exe
  2⤵
  PID:10196
- C:\Windows\System\aROdimx.exe
  C:\Windows\System\aROdimx.exe
  2⤵
  PID:10216
- C:\Windows\System\zoSwxfp.exe
  C:\Windows\System\zoSwxfp.exe
  2⤵
  PID:9084
- C:\Windows\System\owfHdZs.exe
  C:\Windows\System\owfHdZs.exe
  2⤵
  PID:9272
- C:\Windows\System\ydHpXhN.exe
  C:\Windows\System\ydHpXhN.exe
  2⤵
  PID:9312
- C:\Windows\System\FawNHzw.exe
  C:\Windows\System\FawNHzw.exe
  2⤵
  PID:9168
- C:\Windows\System\GNVBLTe.exe
  C:\Windows\System\GNVBLTe.exe
  2⤵
  PID:9500
- C:\Windows\System\VNaoHDB.exe
  C:\Windows\System\VNaoHDB.exe
  2⤵
  PID:9328
- C:\Windows\System\EyyCCrK.exe
  C:\Windows\System\EyyCCrK.exe
  2⤵
  PID:9404
- C:\Windows\System\AgfiERu.exe
  C:\Windows\System\AgfiERu.exe
  2⤵
  PID:9220
- C:\Windows\System\bnRppZZ.exe
  C:\Windows\System\bnRppZZ.exe
  2⤵
  PID:9384
- C:\Windows\System\VVWlUWB.exe
  C:\Windows\System\VVWlUWB.exe
  2⤵
  PID:9488
- C:\Windows\System\FVcmkdM.exe
  C:\Windows\System\FVcmkdM.exe
  2⤵
  PID:9644
- C:\Windows\System\lHZvjrL.exe
  C:\Windows\System\lHZvjrL.exe
  2⤵
  PID:9604
- C:\Windows\System\ZgYvhKP.exe
  C:\Windows\System\ZgYvhKP.exe
  2⤵
  PID:9628
- C:\Windows\System\cGwDeiz.exe
  C:\Windows\System\cGwDeiz.exe
  2⤵
  PID:9668
- C:\Windows\System\WULJCzd.exe
  C:\Windows\System\WULJCzd.exe
  2⤵
  PID:9744
- C:\Windows\System\lUMZKkV.exe
  C:\Windows\System\lUMZKkV.exe
  2⤵
  PID:9760
- C:\Windows\System\qsfMftq.exe
  C:\Windows\System\qsfMftq.exe
  2⤵
  PID:9792
- C:\Windows\System\MVLkUFu.exe
  C:\Windows\System\MVLkUFu.exe
  2⤵
  PID:9892
- C:\Windows\System\hemNgmB.exe
  C:\Windows\System\hemNgmB.exe
  2⤵
  PID:9936
- C:\Windows\System\kdvJStw.exe
  C:\Windows\System\kdvJStw.exe
  2⤵
  PID:9980
- C:\Windows\System\uXrIosR.exe
  C:\Windows\System\uXrIosR.exe
  2⤵
  PID:10016
- C:\Windows\System\JokHyLd.exe
  C:\Windows\System\JokHyLd.exe
  2⤵
  PID:10112
- C:\Windows\System\uPxcLOC.exe
  C:\Windows\System\uPxcLOC.exe
  2⤵
  PID:10084
- C:\Windows\System\masrzOj.exe
  C:\Windows\System\masrzOj.exe
  2⤵
  PID:9088
- C:\Windows\System\WVfMnZk.exe
  C:\Windows\System\WVfMnZk.exe
  2⤵
  PID:9400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EMIblyX.exe

Filesize
6.0MB

MD5
413cbfb18a03ae9cfbdb2f559e393458

SHA1
04cc2afed2a93c12f984fe29aedf04e4dadb189d

SHA256
6b755e37ae2b5234238edbc20b09d776bb6ce6f38f14f59b018465d428b9bd04

SHA512
833b3daca17ea4c4cdb9aaff9afafb4c79d71362da645936ab2a71291a18b92dc3026f7f5e4c7249d9e2bd94f1e3ccbc9c0fb9babc00f5c4183a6509c246de37

Download Submit
C:\Windows\system\EgbTxbi.exe

Filesize
6.0MB

MD5
b8a278e4159053f276331bee00167e2d

SHA1
e42dbf72d2555516377e87421153e893ba0b2b91

SHA256
2a5755622e4c9b694ca1753145b34f56b0cc4bd250e1b952930834b9d13fd36d

SHA512
30d4b7b4152382b43432e568067e689db1880f5c15be2be19b220adaf624cc9fd8e30843a5f9e26151e25a4d12cbf812217c57c82721cdaf4510597935ff649a

Download Submit
C:\Windows\system\FeXfOhf.exe

Filesize
6.0MB

MD5
014cf0c596d9b8c0314b7d5e6e27ce0d

SHA1
43dd53468c53cf86e185e4a2d8f9a5d5a3d9a4d5

SHA256
41bff9087165be238ddcde60b6710749160aed32035448997010cabc1bbf5958

SHA512
33766336f50c79d9e526e28025df0bd39637f466991ef227b59ba8f6c65cfab1c36bd3719b6cc42c364ad99e2a20e6c04d6ae8cbfa3e5ad592191794d98571e9

Download Submit
C:\Windows\system\IvVXqjz.exe

Filesize
6.0MB

MD5
737e726b429489fab57269bf7680b25e

SHA1
dee055e4045441f45794ce0063d31d4b36f916be

SHA256
5cbfe6dcfbdea36b68c8306024ae90cf8fd3ce4aac9726b30efa5ef93525335b

SHA512
e6a9d8d91638bdfe2893d66ecdf98b52082db4be22ef7680d1685d9fecaa0cc15744715848cf1ea3a56892d8730700eb7d5b7b5dff2ea218f5945e602e3e4b49

Download Submit
C:\Windows\system\PCWBFoQ.exe

Filesize
6.0MB

MD5
f313822f809efc18c25de9ddb740836c

SHA1
a3de128d73cad6fe445c35b3b7d8b8fcefc8f360

SHA256
b433819563f3998ad77a8c931b6c7d905de6742b98036822feefe92c133c90bc

SHA512
0321ec2945c7b8a8b3fd469bac1b0c1e9793171915ddb1442749152e7961cb479d8cb94e1c3df5b4c628c1cfbbcbd349488e40a5c9023d9fd8595199af0dc596

Download Submit
C:\Windows\system\QblIorT.exe

Filesize
6.0MB

MD5
fd0c2b75b84900463d5cc744df2ac72d

SHA1
11d38c9de817de614248f084ef3b7f772d07be77

SHA256
c9b02aa2431f55b3a4e5c7c6395e45f60c5ff7a7219c9b4db144ef7630d2a30a

SHA512
e98b749e9089a7af0d5b4405897777242ee581a81e33b4d23f6444c63b3dbcf1247dbdf8e3fecae3afb3906ffef8e6a8e208c877bdfedf2611c863185239126c

Download Submit
C:\Windows\system\QkRxNvu.exe

Filesize
6.0MB

MD5
ce9c5410aa9ee07837d24efe0f258b1b

SHA1
aef2b425ad37ca9f397c1e20db453c0fdf04b984

SHA256
01d7eac168912cc2105da07008615c2c73908d9ef471cd84a65cf74a719275dc

SHA512
73b5ea21b38df76a78f5a96dda5379647da8806bebab6b2985dbf319f88754d131b5cf0b6f3e39c337e633e14b8cd112849ba1a20f8e1fbbf0513688d3c96d83

Download Submit
C:\Windows\system\TbHllqg.exe

Filesize
6.0MB

MD5
f3838a3a053f34850338e6e8eca5de99

SHA1
163f708d56fdc9714fdc8823c3b39ab20f915dcf

SHA256
747ec109949ec0a529218f5a83b3cc93e42a7d45759bccdce5727a5530c6a581

SHA512
07fd52e07ea019517a43665b909372bfc13510cf0afa244cb920adb48c1f4b46f15a7a38c3467c7f943d5b6d2a2dc8eb67502ce4b209c1d295b882fe16e38553

Download Submit
C:\Windows\system\TyHBwWg.exe

Filesize
6.0MB

MD5
cebafbfc8b3adf7523415e903c42c0e0

SHA1
ed2297f45b0537b7fef64209d1442b0585791205

SHA256
a8e8dea70e2c80a171e7bd915d2a79db59b31be418b747b0904c7b0a2545b190

SHA512
1f4f0368987736c92db0197868a4b7a08edf251ac58c0232300e78bb94a71cbbefed40b97d92599d332d034c66f1fc016b06352f3483ca6e62db51ecf46cd225

Download Submit
C:\Windows\system\UatbowI.exe

Filesize
8B

MD5
b707d279ec14722ab3b29eb68971d241

SHA1
a97f585858572898fc91dddffec02bcbf5d5d831

SHA256
352da6f2130ac975a1f6fcf82c14932183659de2236c1c3676ea75834d9e9502

SHA512
8b6f43bfcc77d8fc8ebe8c3787eb3471dc267ad9da6bd5e82463ea0c73e76fd46479ebce76df74cc4cd63db4c0edf2c5423e98b9ffca9e357dd4ce71678c271d

Download Submit
C:\Windows\system\VNYbHJo.exe

Filesize
6.0MB

MD5
9122a774698fd2f1b9082cae47250614

SHA1
96585154124578e0f7d117a7b97c0b0f711b6d7e

SHA256
39ca2f29241d1fe1d5b0c995494bb6712c6af26582bc5b0393b7079065b911d9

SHA512
37c0da9075ae28831ef9619a9d608e3ae58685d12f3e0e4d0f06f50c2a68fbff3e3a507e562c9a4791eb8f71774f4d2b6114f3076b09fced394e38fbd09bb28d

Download Submit
C:\Windows\system\WzeKmAK.exe

Filesize
6.0MB

MD5
6062c269285c6d54428dd300d5f37b76

SHA1
b7bca7152b4557c6459ca9244d84cc18f340df48

SHA256
d453bd7b96adf011f67bc272dfa1006e0f45a88898f70c5545f5513359e35aa7

SHA512
c00ea4c0a453c0177ed494381049e2a898c89f0799310ae14b13d1332251fedf5b0156dcc25f9d75552d53a472c7f1dd01cc6ba4e796af8473ef9d6a732322e5

Download Submit
C:\Windows\system\ZEAINSi.exe

Filesize
6.0MB

MD5
cd95909e49e91f3bd7c35fe7970b5a39

SHA1
cbec6c2e2958143e71a2d7ffd20119dfd40ba006

SHA256
ec7f5b54cd8c2ffe6577689130f77e38b54ca579bf03201c8cadfa875c6a66ca

SHA512
98c57f2abd5e0697d876ec64888a95a8c557825e9420045d5d60dd246d8ad8a6ea4bd9d854c6e3d75dbec5c54bc2a793614c3fd309e0d42c2a2597c8d8350ee7

Download Submit
C:\Windows\system\bRbJwVA.exe

Filesize
6.0MB

MD5
afde1843cb816fe956fafabb4cb4b246

SHA1
74b3a52017b5b28ef33756e08290d0aa0cb34bea

SHA256
779d538f025a28cb52a97c00ccfaa868c9742704c02e8713df233da87d0a2f13

SHA512
872ddfac8df14e20b576742b25794c59f9971d34967142c6b75440e5dae257b0a820e2619b43ce74c00b2d5dca9120c3c1ec938007d30fa399868aaaba81724e

Download Submit
C:\Windows\system\cFFUhSg.exe

Filesize
6.0MB

MD5
3cc0165c819a6ca6803a4783fe8b6e1f

SHA1
59cad312a88b25d6023116b96f02de91846dbc15

SHA256
ff4dbbfa497bc948a2bbeb9b7c648e05ebd34b0ba69700a58fbec5a654573b5e

SHA512
e158eef7e941d3162d2922ca0e11aaffda940d53ff1b68ebf80bae566ec3fa43bafc0dc607330a4d6eaeb4e606a1b9f74e9f21259cde3a54f1d83d7d96bf0a62

Download Submit
C:\Windows\system\hZZLOha.exe

Filesize
6.0MB

MD5
05118a67c2c5d27785c522ca7add8906

SHA1
4a884c15f8fa5b9d342d40a9d30e5dbc004e71d2

SHA256
c60a2fd763195c8216e03bd7836c5d95a0d80d7c830284475fa71dbdd05a039f

SHA512
8d4104dfc847c644770b2df19c507beea14871426f25cbe17c1acd1c76993caea13b37f21f0ba8938a01a00dabb386420a62b92aa4da60ae1a3d0f96d8f04226

Download Submit
C:\Windows\system\lRYQVIi.exe

Filesize
6.0MB

MD5
3dd5cbc5a26d991802934ae28a316b2f

SHA1
5d4acb0c99f7feda874adf7dd4009fc0bb86fb1a

SHA256
7ccf30d6e99d34c9ddd33abd0883b26212826a9f82140a5fa0bf87e1ad87319c

SHA512
25f05c9647e80d45aab82e22967b6db8c34db9e5e1be3b3200124a7035b250d3cd300c7a084c9084a963365d0efde344beec8a98f05a68ff0ed83807b56e55ce

Download Submit
C:\Windows\system\meSONSq.exe

Filesize
6.0MB

MD5
5912ec34404aeba3c18171109d5d4529

SHA1
f47f1253866ae84a2abfdf2f41f279d26348e076

SHA256
abd3a5eea1960d0080e1ce8a13360f14bd8275f55a6cde3df9a09a227afde57f

SHA512
9bece7c6f3e4395d9eab97aa3de2383d6970f23ccdb7ead124052cd136d147ad7d5afe1461907fd49102779b1cb3dd8b1c904ad874389afba0428a61bb97d8e0

Download Submit
C:\Windows\system\nVdwDwB.exe

Filesize
6.0MB

MD5
c7e4b3e9bb54e9b79197c92ec8147198

SHA1
5cbfc4f54b983fe3772dde59f883ab03e30b9412

SHA256
1c788806e622b3da1a8a4a558734925d2665c129168216aa6367364b5b647ace

SHA512
d4ebd57613e5655c8e422d295ac50c798842b36875a65db027e3884f467bce47a0f4eb61e041c14a35d73d7a9702315ca8ed8ede64b903a90fd79d3e23e748a4

Download Submit
C:\Windows\system\trHonXy.exe

Filesize
6.0MB

MD5
db4f38062a25f0acf51da47cfe1eae2f

SHA1
0b7525c4d94819b5ccb9ab5a23e6a1d57ccdb613

SHA256
bc0a6c798e720f88f134d179b0da95e6828bc1cbab74e02021a905d78be2acb2

SHA512
0f0d0ed1b9a1e3e217a204306b9c4dfc338127c075f3a32ef78f169f08131e15c6ab1e2fae664046f7e366b98db60cfadf7c7bfa9139e6a96de22d75b47639f8

Download Submit
C:\Windows\system\uUKVnmR.exe

Filesize
6.0MB

MD5
2e5c0339f1a4c92c797ef99dc186deda

SHA1
9d877fe25acc7990118f39b22417318cee1c44a5

SHA256
2545d51d31c0d20c9ec62d418cbb49c0affedb5980f50121f660db41145a746d

SHA512
bed1b74d657e3ee93d7a0911ca4cf9382f6959c02a82fcfa2b1afdd68d71b14b6e023ca7f7ccb936d1d525b97b473c4e2946ecf207932e2ab059dc9aa8709a17

Download Submit
C:\Windows\system\vdQShAz.exe

Filesize
6.0MB

MD5
3e84f76df2c838e77d8c3374f62a3b71

SHA1
74cf8819f84d54b310535f41d1d2de372c564d3a

SHA256
ecb5ae8285f516e2e34325c070a96a31963f80e2b5224952b6834c743b2198c5

SHA512
739f525d6d0cbe6a1d293d5777219f5ae2f25cafb693def68a9af1bddf7f1ed5b7db81d27d9d58aa8cb551a0fb4b3dc6ff0592fb9d9a6debb80f30e8711b1989

Download Submit
C:\Windows\system\wRRpTzi.exe

Filesize
6.0MB

MD5
c7abfa372172d561e89947f41dbd583a

SHA1
c67861f6e13da3b0f6fc020ac371cb62fbe0a6ae

SHA256
8c8d2d7133bae579f29743d2f1b336ff170ced0dc2b1eb3a346006dbefb0ea2f

SHA512
8db5350303838af9174d5d21cdbff653ef3063d95217e71d844136059e40f5a8adc1cee3e03e80c92d38fe3ec73c14fd794d2666575a1302127b054067c2370e

Download Submit
C:\Windows\system\wtaQdue.exe

Filesize
6.0MB

MD5
b876bb9909e3f8993d733afda0686059

SHA1
1f91b80e097ca84c211dda08f14e8552de992d75

SHA256
386a9ba6b75b00e487bb48947eb2743d969d1a93f015cda41aecf28b32ee4bce

SHA512
7e8115a3b0ab7347c13686fea977b4c7647c2e3c4febc3a21549102758cfa1ffbf6ccff20d192ae66ceaf9d5b4e45918ce83d0733bc2014ebf4856bcc4fbe26d

Download Submit
C:\Windows\system\yPqwqgs.exe

Filesize
6.0MB

MD5
df6c798ec459c61f6ea3c3360f7e9e93

SHA1
3b69bb45680d98482d553a27d8262d263b81d2e6

SHA256
d70030a7994d64bed8b7af06df3f2c7c95c6e61bee89dc4a759e08ab5e613a21

SHA512
1bfb41c2e55fe3d5df16a962241bbc8b53042e5176fc4e9b51493f4694f52da053081a8d3e6a4d6cb63e8665740b6ebedb94d81206a60bd961fbc4edbc8f247b

Download Submit
C:\Windows\system\zsgeWVG.exe

Filesize
6.0MB

MD5
866fbab11af771926f8e1281986f0471

SHA1
3a3a4d9fd5b51cb3231917d520124b3e36a9fed3

SHA256
e73410a4cae96fe19d50c693d666805cd9d90306d876dde2fd40a582908477ca

SHA512
e62086081059e66fa59f1a54056ba1e8afa9f779c64c99e3aae786a67e74156a911e354b5bd229c7a6a118b368538b8a02e91c3a3bc6927c350d03d662123033

Download Submit
\Windows\system\LddbZBB.exe

Filesize
6.0MB

MD5
07854dc4a8e050bf6099fb00f34e82e4

SHA1
9de02fad58ca5eac8a54411356e98394d0e9410d

SHA256
4015a6f9b2aee9628f14693573fb0457654ddc0d98ec33403347139ed1be4def

SHA512
33607694a63b6cb95e321f3c01cc9a165cd247b7a4a823ca7b16c83af4074a2ae81bffbc68eeaba02111c3608f2ddf37d9ee4ed22b159cb449ca79d804c312e9

Download Submit
\Windows\system\NTsrqXV.exe

Filesize
6.0MB

MD5
2d19abbe88af89e7747bd46df7151fbb

SHA1
332534200265953352f63a31e96520d9889ed68e

SHA256
3743f99beca3c8b138f6c8f0528ca6f5c9e3bf48c3b559e089847a6261457534

SHA512
7af2931ef749db41dc9096d8715459474bdfb1a119faf7e00a6c0f0985439a3e718ff8b1578ca8fc89525514f24780c4a3a0b8327cc674f4c98f00b90dae49f3

Download Submit
\Windows\system\SAoMhoc.exe

Filesize
6.0MB

MD5
29da1a3ebaf1a551500ceb290c6ae905

SHA1
9278b9867ff1eb18abdb06ac43953c1bc2609422

SHA256
e9d8fbbf77738c7d64f15a8ecec8b56af89999d900a8f9b604d612d33867ee17

SHA512
c0811b7a15589e3a1c18de9a24b55dbba13fd77c300a631874e6d42be6d6041c64ee20d3bdf151bb4efd4a9a96d942ceb5696ea36188c8e46d4920d127d6926d

Download Submit
\Windows\system\cxNcoKX.exe

Filesize
6.0MB

MD5
b351f571556a927a921835a4416e0f31

SHA1
5a85d74e51652dc9c57bba0214cdc4bf503eccb0

SHA256
9e23ec33bf91b78b43460a280aca36e2341775096d490be57c3f12676be9ce36

SHA512
bf1420662c08f0eeb7f8ae47dbed16fc2ef6881927133ffa0365ec60982d40ed135f6a38b29e0278985bfbfd763792dd5ea73a7f3be7ca402de1dc36dba9e12c

Download Submit
\Windows\system\gWuvUDP.exe

Filesize
6.0MB

MD5
00c29a576f4395adbe6246411da5b2a1

SHA1
bf09a93d1e1ea964793e67a1dbdaddb0d60e48b9

SHA256
f12759d9e37c62aed8719e215cae332fbe8f9ef4e3d554925ef112715bfdc5cf

SHA512
33e5c76f940f7bfd25c505b32ac8a6f7472d964ad15fcc8e85c06282e187b787310a40157adae15be1b4eb738522f435c6a6958f42094b4c9f0de21b269301f1

Download Submit
\Windows\system\kychtSY.exe

Filesize
6.0MB

MD5
a503c93640b409bb023e8cddb4752c64

SHA1
5cdb4e3e9bf1366eb11a0fa5430bbe78d52c12da

SHA256
8168fa91a6d284b810037a607a629452e23b6bda356355c2b2ae0723e63ffc72

SHA512
60c2a11e71b09bd15a73b9b9c6319308b3f015a6db4842b7a3e145f85d6edcbea4992c7368ac1f440de98df2929192541388b2056eb17164893f6435f821b3a9

Download Submit
\Windows\system\znyvCat.exe

Filesize
6.0MB

MD5
93e9becde038d45dccabec16f6176e66

SHA1
c8b0306a85d528d84f8b7897f4c35c3449ba1e61

SHA256
e3fb7cce90c01570aa99b8db96afb6aa5998ac9e376848ce15ec6fcb695fd192

SHA512
c1d38a44f25863beaf0c198d8f833d8f00c06ba4b4b12c718c65becc76ccaf97e784302168f4928d2bce1b157b708ba8475035af556193847d10fcfe209a5f94

Download Submit
memory/796-939-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/796-3588-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/992-3614-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/992-951-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-3585-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1480-909-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1804-3586-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1804-916-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2096-2689-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2096-39-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3578-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2288-952-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1454-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-940-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-953-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-932-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2805-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2288-917-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-954-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-910-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1274-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-902-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-867-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2288-873-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2288-888-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-881-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2288-924-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2815-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2688-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2697-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2840-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2912-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2914-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2819-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2288-0-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2836-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2801-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2808-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2827-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2832-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2824-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3597-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-931-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3583-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-923-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2365-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3580-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-8-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-887-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3579-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2836-40-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3584-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2812-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4804-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2852-901-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3587-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2860-894-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3582-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2896-872-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3581-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2984-880-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download