cobaltstrike | b18f8846bd3ace77ed9e6fb92db6049559a1647e04946e496aa7035b8afc431e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c9244a587465f55c37937f30c19167e4
SHA1

2b43696cb8fcf59fa220a0c412b2c273c2b68830
SHA256

b18f8846bd3ace77ed9e6fb92db6049559a1647e04946e496aa7035b8afc431e
SHA512

720b4afa9d1c8d6b15fb4ff16c572dd4e3b45283475b9e286742d1b9bd277c4da931ae01578167530b9603156fb38dbd68043edde5243fac12e7aa403f251ba9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf8-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d33-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c81-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-43.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b17-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db3-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019408-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aea-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aec-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-118.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225a-6.dat	xmrig
behavioral1/memory/2876-9-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c89-13.dat	xmrig
behavioral1/memory/2792-24-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf8-19.dat	xmrig
behavioral1/memory/2816-35-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2376-33-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d33-31.dat	xmrig
behavioral1/memory/2428-30-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2456-29-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c81-16.dat	xmrig
behavioral1/files/0x0007000000016d46-39.dat	xmrig
behavioral1/memory/2376-37-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2608-40-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4a-43.dat	xmrig
behavioral1/files/0x0009000000016b17-50.dat	xmrig
behavioral1/memory/2376-48-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2656-57-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2624-54-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db3-61.dat	xmrig
behavioral1/memory/2632-64-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019408-65.dat	xmrig
behavioral1/memory/2456-71-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2792-68-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/3008-73-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1768-80-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2608-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/684-88-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2376-86-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-85.dat	xmrig
behavioral1/files/0x0005000000019494-77.dat	xmrig
behavioral1/files/0x00050000000194b4-92.dat	xmrig
behavioral1/memory/1832-95-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-102.dat	xmrig
behavioral1/files/0x0005000000019501-131.dat	xmrig
behavioral1/files/0x0005000000019625-176.dat	xmrig
behavioral1/files/0x0005000000019aea-186.dat	xmrig
behavioral1/memory/2376-505-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/1832-846-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019aec-192.dat	xmrig
behavioral1/files/0x00050000000197c1-181.dat	xmrig
behavioral1/files/0x0005000000019624-172.dat	xmrig
behavioral1/files/0x000500000001961f-166.dat	xmrig
behavioral1/files/0x0005000000019589-156.dat	xmrig
behavioral1/files/0x000500000001961b-161.dat	xmrig
behavioral1/files/0x000500000001953a-146.dat	xmrig
behavioral1/files/0x000500000001957c-151.dat	xmrig
behavioral1/files/0x0005000000019515-141.dat	xmrig
behavioral1/files/0x0005000000019503-137.dat	xmrig
behavioral1/files/0x00050000000194f6-126.dat	xmrig
behavioral1/files/0x00050000000194ea-123.dat	xmrig
behavioral1/memory/2376-109-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2376-108-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-106.dat	xmrig
behavioral1/files/0x00050000000194da-99.dat	xmrig
behavioral1/files/0x00050000000194f2-118.dat	xmrig
behavioral1/memory/2876-3999-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2792-4000-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2428-4001-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2456-4002-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2816-4003-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2608-4004-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2624-4005-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2876	zklTsPR.exe
2792	BRiTcvh.exe
2456	HVhzhfm.exe
2428	ZEdPfBP.exe
2816	hfCYYbY.exe
2608	oOGEOIs.exe
2624	VjjHRcC.exe
2656	wPrAIpi.exe
2632	NHtBHHa.exe
3008	tPBmXwx.exe
1768	nqgXHLr.exe
684	YyrfVZk.exe
1832	wnuNeoz.exe
1912	hFgiSAw.exe
3020	RvZIEcX.exe
3016	xXIZjby.exe
2052	WasZxmU.exe
2348	ZNsahvW.exe
1996	goOmhbD.exe
1324	RTEkzJT.exe
1512	wFhaBtn.exe
1736	LNlXBEk.exe
2124	vZpxTaA.exe
600	mnBRVDW.exe
2584	WLmobjn.exe
2120	PpzGnVn.exe
2304	dTgytpT.exe
956	tLpEasF.exe
1640	mvvLTgm.exe
2040	wEjGWjK.exe
2492	kpzLrzG.exe
1852	zhWCyeE.exe
480	yjbDtLE.exe
844	LhXgJAv.exe
1020	TeeZoBw.exe
1276	JZAaBpF.exe
1952	XRpFfvh.exe
1272	ItEIYfz.exe
912	glCIbFi.exe
2244	dBeXEvb.exe
3068	riPAVEG.exe
548	FMSjYYl.exe
2568	oPmdJYw.exe
2088	TNVlwPk.exe
2560	eEapoZx.exe
2168	PVGQeXi.exe
2468	CdsWDuj.exe
2072	mCuUPNK.exe
3032	fjyfwmx.exe
1044	VjUBYqB.exe
2104	gPoFFxc.exe
2508	jHYRBEM.exe
1596	GqxWiam.exe
1600	ykDRwrb.exe
2684	nJKHRnD.exe
2832	AagQAuD.exe
2804	zYMmGig.exe
2516	gkddApE.exe
1988	wPPzbvm.exe
2604	YQviDhi.exe
3024	lfnEZip.exe
1492	Hevierf.exe
892	brrlWyS.exe
2736	DwcbCsR.exe

Loads dropped DLL 64 IoCs

pid	Process
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-6.dat	upx
behavioral1/memory/2876-9-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0008000000016c89-13.dat	upx
behavioral1/memory/2792-24-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0008000000016cf8-19.dat	upx
behavioral1/memory/2816-35-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0007000000016d33-31.dat	upx
behavioral1/memory/2428-30-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2456-29-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0008000000016c81-16.dat	upx
behavioral1/files/0x0007000000016d46-39.dat	upx
behavioral1/memory/2608-40-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-43.dat	upx
behavioral1/files/0x0009000000016b17-50.dat	upx
behavioral1/memory/2376-48-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2656-57-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2624-54-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0009000000016db3-61.dat	upx
behavioral1/memory/2632-64-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0006000000019408-65.dat	upx
behavioral1/memory/2456-71-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2792-68-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/3008-73-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1768-80-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2608-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/684-88-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-85.dat	upx
behavioral1/files/0x0005000000019494-77.dat	upx
behavioral1/files/0x00050000000194b4-92.dat	upx
behavioral1/memory/1832-95-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-102.dat	upx
behavioral1/files/0x0005000000019501-131.dat	upx
behavioral1/files/0x0005000000019625-176.dat	upx
behavioral1/files/0x0005000000019aea-186.dat	upx
behavioral1/memory/1832-846-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0005000000019aec-192.dat	upx
behavioral1/files/0x00050000000197c1-181.dat	upx
behavioral1/files/0x0005000000019624-172.dat	upx
behavioral1/files/0x000500000001961f-166.dat	upx
behavioral1/files/0x0005000000019589-156.dat	upx
behavioral1/files/0x000500000001961b-161.dat	upx
behavioral1/files/0x000500000001953a-146.dat	upx
behavioral1/files/0x000500000001957c-151.dat	upx
behavioral1/files/0x0005000000019515-141.dat	upx
behavioral1/files/0x0005000000019503-137.dat	upx
behavioral1/files/0x00050000000194f6-126.dat	upx
behavioral1/files/0x00050000000194ea-123.dat	upx
behavioral1/memory/2376-109-0x00000000022C0000-0x0000000002614000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-106.dat	upx
behavioral1/files/0x00050000000194da-99.dat	upx
behavioral1/files/0x00050000000194f2-118.dat	upx
behavioral1/memory/2876-3999-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2792-4000-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2428-4001-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2456-4002-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2816-4003-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2608-4004-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2624-4005-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2656-4006-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2632-4007-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/3008-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1768-4009-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/684-4010-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GqxWiam.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goiyTVC.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCkZBGO.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjvPeqN.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXICeEl.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMARGFo.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLoiqKG.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHYRBEM.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSupBFU.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJnRWSF.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEWDVnM.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQBqBAC.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWssqNk.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urBWpBO.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXVzpCy.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWGOjNr.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhMuFPS.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFsSEGM.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRppNmc.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGkCFBD.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJebqKg.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgwRLxF.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQTzAem.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezJNTeP.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnJwEpS.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAjlUUL.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qToDqTE.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soEiIfC.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeyLDdG.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjbDtLE.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRxIqxu.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaGFcyB.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZAXAWx.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGPqPUj.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOhifYG.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfdfuNQ.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqNIbxs.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNynicf.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imyJVww.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpzGnVn.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvvLTgm.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEapeZi.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMOnMzh.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wltHmdv.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIkCzGp.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVLfnRh.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngibuNC.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHvKWVG.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAkreIw.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvdeFrb.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNLhTOq.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIYSvBq.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqMREAl.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOHEjZd.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiynAeA.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLcMLzW.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhILQed.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkyZiHD.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhHIPIG.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwkzxBm.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADXMehW.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxhLmRS.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMnQmsp.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOlUBYX.exe	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2876	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2876	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2876	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2792	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2792	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2792	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2428	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2428	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2428	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2456	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2456	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2456	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2816	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2816	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2816	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2608	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2608	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2608	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2624	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2624	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2624	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2656	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2656	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2656	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2632	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2632	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2632	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 3008	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 3008	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 3008	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 1768	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 1768	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 1768	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 684	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 684	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 684	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1832	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1832	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1832	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 1912	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 1912	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 1912	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2052	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2052	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2052	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 3020	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 3020	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 3020	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 2348	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2348	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2348	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 3016	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 3016	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 3016	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 1996	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1996	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1996	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1324	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1324	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1324	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1512	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1512	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1512	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1736	2376	2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_c9244a587465f55c37937f30c19167e4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\System\zklTsPR.exe
  C:\Windows\System\zklTsPR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BRiTcvh.exe
  C:\Windows\System\BRiTcvh.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\ZEdPfBP.exe
  C:\Windows\System\ZEdPfBP.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\HVhzhfm.exe
  C:\Windows\System\HVhzhfm.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\hfCYYbY.exe
  C:\Windows\System\hfCYYbY.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\oOGEOIs.exe
  C:\Windows\System\oOGEOIs.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\VjjHRcC.exe
  C:\Windows\System\VjjHRcC.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\wPrAIpi.exe
  C:\Windows\System\wPrAIpi.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\NHtBHHa.exe
  C:\Windows\System\NHtBHHa.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\tPBmXwx.exe
  C:\Windows\System\tPBmXwx.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\nqgXHLr.exe
  C:\Windows\System\nqgXHLr.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\YyrfVZk.exe
  C:\Windows\System\YyrfVZk.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\wnuNeoz.exe
  C:\Windows\System\wnuNeoz.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\hFgiSAw.exe
  C:\Windows\System\hFgiSAw.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\WasZxmU.exe
  C:\Windows\System\WasZxmU.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\RvZIEcX.exe
  C:\Windows\System\RvZIEcX.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\ZNsahvW.exe
  C:\Windows\System\ZNsahvW.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\xXIZjby.exe
  C:\Windows\System\xXIZjby.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\goOmhbD.exe
  C:\Windows\System\goOmhbD.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\RTEkzJT.exe
  C:\Windows\System\RTEkzJT.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\wFhaBtn.exe
  C:\Windows\System\wFhaBtn.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\LNlXBEk.exe
  C:\Windows\System\LNlXBEk.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\vZpxTaA.exe
  C:\Windows\System\vZpxTaA.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\mnBRVDW.exe
  C:\Windows\System\mnBRVDW.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\WLmobjn.exe
  C:\Windows\System\WLmobjn.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\PpzGnVn.exe
  C:\Windows\System\PpzGnVn.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\dTgytpT.exe
  C:\Windows\System\dTgytpT.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\tLpEasF.exe
  C:\Windows\System\tLpEasF.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\mvvLTgm.exe
  C:\Windows\System\mvvLTgm.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\wEjGWjK.exe
  C:\Windows\System\wEjGWjK.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\kpzLrzG.exe
  C:\Windows\System\kpzLrzG.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\zhWCyeE.exe
  C:\Windows\System\zhWCyeE.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\yjbDtLE.exe
  C:\Windows\System\yjbDtLE.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\LhXgJAv.exe
  C:\Windows\System\LhXgJAv.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\TeeZoBw.exe
  C:\Windows\System\TeeZoBw.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\JZAaBpF.exe
  C:\Windows\System\JZAaBpF.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\XRpFfvh.exe
  C:\Windows\System\XRpFfvh.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\ItEIYfz.exe
  C:\Windows\System\ItEIYfz.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\glCIbFi.exe
  C:\Windows\System\glCIbFi.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\dBeXEvb.exe
  C:\Windows\System\dBeXEvb.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\riPAVEG.exe
  C:\Windows\System\riPAVEG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\FMSjYYl.exe
  C:\Windows\System\FMSjYYl.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\oPmdJYw.exe
  C:\Windows\System\oPmdJYw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\TNVlwPk.exe
  C:\Windows\System\TNVlwPk.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\eEapoZx.exe
  C:\Windows\System\eEapoZx.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PVGQeXi.exe
  C:\Windows\System\PVGQeXi.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CdsWDuj.exe
  C:\Windows\System\CdsWDuj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\mCuUPNK.exe
  C:\Windows\System\mCuUPNK.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\fjyfwmx.exe
  C:\Windows\System\fjyfwmx.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VjUBYqB.exe
  C:\Windows\System\VjUBYqB.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\gPoFFxc.exe
  C:\Windows\System\gPoFFxc.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\jHYRBEM.exe
  C:\Windows\System\jHYRBEM.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\GqxWiam.exe
  C:\Windows\System\GqxWiam.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\ykDRwrb.exe
  C:\Windows\System\ykDRwrb.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\nJKHRnD.exe
  C:\Windows\System\nJKHRnD.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\AagQAuD.exe
  C:\Windows\System\AagQAuD.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\zYMmGig.exe
  C:\Windows\System\zYMmGig.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gkddApE.exe
  C:\Windows\System\gkddApE.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\wPPzbvm.exe
  C:\Windows\System\wPPzbvm.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\YQviDhi.exe
  C:\Windows\System\YQviDhi.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\lfnEZip.exe
  C:\Windows\System\lfnEZip.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\Hevierf.exe
  C:\Windows\System\Hevierf.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\brrlWyS.exe
  C:\Windows\System\brrlWyS.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\DwcbCsR.exe
  C:\Windows\System\DwcbCsR.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\TqqTZrn.exe
  C:\Windows\System\TqqTZrn.exe
  2⤵
  PID:1424
- C:\Windows\System\tKgGeEW.exe
  C:\Windows\System\tKgGeEW.exe
  2⤵
  PID:2588
- C:\Windows\System\JpRgAMt.exe
  C:\Windows\System\JpRgAMt.exe
  2⤵
  PID:1516
- C:\Windows\System\SwbAQFl.exe
  C:\Windows\System\SwbAQFl.exe
  2⤵
  PID:2884
- C:\Windows\System\IjPjiOO.exe
  C:\Windows\System\IjPjiOO.exe
  2⤵
  PID:1156
- C:\Windows\System\XEyPBbT.exe
  C:\Windows\System\XEyPBbT.exe
  2⤵
  PID:2004
- C:\Windows\System\gQZngOm.exe
  C:\Windows\System\gQZngOm.exe
  2⤵
  PID:2580
- C:\Windows\System\MfUJuKw.exe
  C:\Windows\System\MfUJuKw.exe
  2⤵
  PID:2612
- C:\Windows\System\xiynAeA.exe
  C:\Windows\System\xiynAeA.exe
  2⤵
  PID:1028
- C:\Windows\System\FvaOiFH.exe
  C:\Windows\System\FvaOiFH.exe
  2⤵
  PID:1644
- C:\Windows\System\PRxIqxu.exe
  C:\Windows\System\PRxIqxu.exe
  2⤵
  PID:2572
- C:\Windows\System\ZSupBFU.exe
  C:\Windows\System\ZSupBFU.exe
  2⤵
  PID:544
- C:\Windows\System\AZrDapO.exe
  C:\Windows\System\AZrDapO.exe
  2⤵
  PID:696
- C:\Windows\System\goiyTVC.exe
  C:\Windows\System\goiyTVC.exe
  2⤵
  PID:616
- C:\Windows\System\IBHAOJu.exe
  C:\Windows\System\IBHAOJu.exe
  2⤵
  PID:1540
- C:\Windows\System\QwFLHHM.exe
  C:\Windows\System\QwFLHHM.exe
  2⤵
  PID:776
- C:\Windows\System\lirObpm.exe
  C:\Windows\System\lirObpm.exe
  2⤵
  PID:2620
- C:\Windows\System\rDsZmRW.exe
  C:\Windows\System\rDsZmRW.exe
  2⤵
  PID:792
- C:\Windows\System\OtOPYhd.exe
  C:\Windows\System\OtOPYhd.exe
  2⤵
  PID:2108
- C:\Windows\System\iLibdLD.exe
  C:\Windows\System\iLibdLD.exe
  2⤵
  PID:2392
- C:\Windows\System\oGPqPUj.exe
  C:\Windows\System\oGPqPUj.exe
  2⤵
  PID:648
- C:\Windows\System\DzjPARZ.exe
  C:\Windows\System\DzjPARZ.exe
  2⤵
  PID:1032
- C:\Windows\System\XldBozY.exe
  C:\Windows\System\XldBozY.exe
  2⤵
  PID:372
- C:\Windows\System\yOnpwtt.exe
  C:\Windows\System\yOnpwtt.exe
  2⤵
  PID:1040
- C:\Windows\System\vXBehVc.exe
  C:\Windows\System\vXBehVc.exe
  2⤵
  PID:2528
- C:\Windows\System\RMPNtQh.exe
  C:\Windows\System\RMPNtQh.exe
  2⤵
  PID:2404
- C:\Windows\System\TxweTNW.exe
  C:\Windows\System\TxweTNW.exe
  2⤵
  PID:2800
- C:\Windows\System\grfTMch.exe
  C:\Windows\System\grfTMch.exe
  2⤵
  PID:2868
- C:\Windows\System\SbCQIpP.exe
  C:\Windows\System\SbCQIpP.exe
  2⤵
  PID:2928
- C:\Windows\System\kHMPZvL.exe
  C:\Windows\System\kHMPZvL.exe
  2⤵
  PID:2880
- C:\Windows\System\uQoKUnP.exe
  C:\Windows\System\uQoKUnP.exe
  2⤵
  PID:2932
- C:\Windows\System\tPzPhVu.exe
  C:\Windows\System\tPzPhVu.exe
  2⤵
  PID:2728
- C:\Windows\System\YKWtVlE.exe
  C:\Windows\System\YKWtVlE.exe
  2⤵
  PID:1316
- C:\Windows\System\vJSdDwH.exe
  C:\Windows\System\vJSdDwH.exe
  2⤵
  PID:1036
- C:\Windows\System\WBQkoDk.exe
  C:\Windows\System\WBQkoDk.exe
  2⤵
  PID:2904
- C:\Windows\System\GFzxfxq.exe
  C:\Windows\System\GFzxfxq.exe
  2⤵
  PID:2420
- C:\Windows\System\cyFhXbY.exe
  C:\Windows\System\cyFhXbY.exe
  2⤵
  PID:2132
- C:\Windows\System\hYRNKIA.exe
  C:\Windows\System\hYRNKIA.exe
  2⤵
  PID:2956
- C:\Windows\System\HwbjUbC.exe
  C:\Windows\System\HwbjUbC.exe
  2⤵
  PID:880
- C:\Windows\System\EcxGOLr.exe
  C:\Windows\System\EcxGOLr.exe
  2⤵
  PID:1844
- C:\Windows\System\ExvSnbT.exe
  C:\Windows\System\ExvSnbT.exe
  2⤵
  PID:3044
- C:\Windows\System\OIkHyWH.exe
  C:\Windows\System\OIkHyWH.exe
  2⤵
  PID:492
- C:\Windows\System\CyfHrgA.exe
  C:\Windows\System\CyfHrgA.exe
  2⤵
  PID:316
- C:\Windows\System\pMrjZXZ.exe
  C:\Windows\System\pMrjZXZ.exe
  2⤵
  PID:2440
- C:\Windows\System\hwpSYVD.exe
  C:\Windows\System\hwpSYVD.exe
  2⤵
  PID:2092
- C:\Windows\System\WqUMEcX.exe
  C:\Windows\System\WqUMEcX.exe
  2⤵
  PID:1484
- C:\Windows\System\iCwfbXg.exe
  C:\Windows\System\iCwfbXg.exe
  2⤵
  PID:2532
- C:\Windows\System\qnRUAZk.exe
  C:\Windows\System\qnRUAZk.exe
  2⤵
  PID:3064
- C:\Windows\System\tWWxxLe.exe
  C:\Windows\System\tWWxxLe.exe
  2⤵
  PID:1704
- C:\Windows\System\CNOVHKA.exe
  C:\Windows\System\CNOVHKA.exe
  2⤵
  PID:2768
- C:\Windows\System\Oymslmh.exe
  C:\Windows\System\Oymslmh.exe
  2⤵
  PID:2268
- C:\Windows\System\DQKROol.exe
  C:\Windows\System\DQKROol.exe
  2⤵
  PID:2772
- C:\Windows\System\ngibuNC.exe
  C:\Windows\System\ngibuNC.exe
  2⤵
  PID:2764
- C:\Windows\System\wCVGGru.exe
  C:\Windows\System\wCVGGru.exe
  2⤵
  PID:1984
- C:\Windows\System\flRHfUW.exe
  C:\Windows\System\flRHfUW.exe
  2⤵
  PID:1292
- C:\Windows\System\wCEKMPx.exe
  C:\Windows\System\wCEKMPx.exe
  2⤵
  PID:2000
- C:\Windows\System\RDiVykQ.exe
  C:\Windows\System\RDiVykQ.exe
  2⤵
  PID:2648
- C:\Windows\System\jnJwEpS.exe
  C:\Windows\System\jnJwEpS.exe
  2⤵
  PID:1624
- C:\Windows\System\XRfEnYN.exe
  C:\Windows\System\XRfEnYN.exe
  2⤵
  PID:440
- C:\Windows\System\LHkkFoR.exe
  C:\Windows\System\LHkkFoR.exe
  2⤵
  PID:2480
- C:\Windows\System\hpAjGnd.exe
  C:\Windows\System\hpAjGnd.exe
  2⤵
  PID:2356
- C:\Windows\System\nULumrj.exe
  C:\Windows\System\nULumrj.exe
  2⤵
  PID:996
- C:\Windows\System\EUsNSxQ.exe
  C:\Windows\System\EUsNSxQ.exe
  2⤵
  PID:1592
- C:\Windows\System\CqpsbEc.exe
  C:\Windows\System\CqpsbEc.exe
  2⤵
  PID:2680
- C:\Windows\System\nRRWFLZ.exe
  C:\Windows\System\nRRWFLZ.exe
  2⤵
  PID:1304
- C:\Windows\System\NgNhBMm.exe
  C:\Windows\System\NgNhBMm.exe
  2⤵
  PID:2760
- C:\Windows\System\vCEaZRB.exe
  C:\Windows\System\vCEaZRB.exe
  2⤵
  PID:532
- C:\Windows\System\qwHkWjQ.exe
  C:\Windows\System\qwHkWjQ.exe
  2⤵
  PID:236
- C:\Windows\System\DQTzAem.exe
  C:\Windows\System\DQTzAem.exe
  2⤵
  PID:1280
- C:\Windows\System\zQsWmzu.exe
  C:\Windows\System\zQsWmzu.exe
  2⤵
  PID:1764
- C:\Windows\System\DiouGAf.exe
  C:\Windows\System\DiouGAf.exe
  2⤵
  PID:1188
- C:\Windows\System\OXtzgym.exe
  C:\Windows\System\OXtzgym.exe
  2⤵
  PID:2820
- C:\Windows\System\yTkofFF.exe
  C:\Windows\System\yTkofFF.exe
  2⤵
  PID:3028
- C:\Windows\System\bvjaicy.exe
  C:\Windows\System\bvjaicy.exe
  2⤵
  PID:2672
- C:\Windows\System\uQCqeZf.exe
  C:\Windows\System\uQCqeZf.exe
  2⤵
  PID:2740
- C:\Windows\System\zPTmnah.exe
  C:\Windows\System\zPTmnah.exe
  2⤵
  PID:636
- C:\Windows\System\WHvKWVG.exe
  C:\Windows\System\WHvKWVG.exe
  2⤵
  PID:2328
- C:\Windows\System\cQGpWSL.exe
  C:\Windows\System\cQGpWSL.exe
  2⤵
  PID:308
- C:\Windows\System\OHgHFks.exe
  C:\Windows\System\OHgHFks.exe
  2⤵
  PID:1992
- C:\Windows\System\NMUgmIW.exe
  C:\Windows\System\NMUgmIW.exe
  2⤵
  PID:748
- C:\Windows\System\CqvdgHq.exe
  C:\Windows\System\CqvdgHq.exe
  2⤵
  PID:1648
- C:\Windows\System\LmTbaNk.exe
  C:\Windows\System\LmTbaNk.exe
  2⤵
  PID:2080
- C:\Windows\System\EepBRkV.exe
  C:\Windows\System\EepBRkV.exe
  2⤵
  PID:3088
- C:\Windows\System\MttBRhK.exe
  C:\Windows\System\MttBRhK.exe
  2⤵
  PID:3116
- C:\Windows\System\OAkreIw.exe
  C:\Windows\System\OAkreIw.exe
  2⤵
  PID:3140
- C:\Windows\System\fGCpyrJ.exe
  C:\Windows\System\fGCpyrJ.exe
  2⤵
  PID:3156
- C:\Windows\System\zAjlUUL.exe
  C:\Windows\System\zAjlUUL.exe
  2⤵
  PID:3172
- C:\Windows\System\OkCRMJn.exe
  C:\Windows\System\OkCRMJn.exe
  2⤵
  PID:3188
- C:\Windows\System\RxqUqzY.exe
  C:\Windows\System\RxqUqzY.exe
  2⤵
  PID:3212
- C:\Windows\System\tjzNjFr.exe
  C:\Windows\System\tjzNjFr.exe
  2⤵
  PID:3228
- C:\Windows\System\gfMwVfb.exe
  C:\Windows\System\gfMwVfb.exe
  2⤵
  PID:3244
- C:\Windows\System\TmqNAXE.exe
  C:\Windows\System\TmqNAXE.exe
  2⤵
  PID:3272
- C:\Windows\System\lvQeqJi.exe
  C:\Windows\System\lvQeqJi.exe
  2⤵
  PID:3288
- C:\Windows\System\BoKHqrb.exe
  C:\Windows\System\BoKHqrb.exe
  2⤵
  PID:3312
- C:\Windows\System\YWSwYEr.exe
  C:\Windows\System\YWSwYEr.exe
  2⤵
  PID:3328
- C:\Windows\System\CYzJltm.exe
  C:\Windows\System\CYzJltm.exe
  2⤵
  PID:3344
- C:\Windows\System\yvdeFrb.exe
  C:\Windows\System\yvdeFrb.exe
  2⤵
  PID:3364
- C:\Windows\System\ywBzKvd.exe
  C:\Windows\System\ywBzKvd.exe
  2⤵
  PID:3388
- C:\Windows\System\EkyZiHD.exe
  C:\Windows\System\EkyZiHD.exe
  2⤵
  PID:3416
- C:\Windows\System\omHmgNb.exe
  C:\Windows\System\omHmgNb.exe
  2⤵
  PID:3436
- C:\Windows\System\ATthABF.exe
  C:\Windows\System\ATthABF.exe
  2⤵
  PID:3452
- C:\Windows\System\EBfCWeR.exe
  C:\Windows\System\EBfCWeR.exe
  2⤵
  PID:3472
- C:\Windows\System\SBFuTFL.exe
  C:\Windows\System\SBFuTFL.exe
  2⤵
  PID:3488
- C:\Windows\System\uazjdux.exe
  C:\Windows\System\uazjdux.exe
  2⤵
  PID:3504
- C:\Windows\System\xFsSEGM.exe
  C:\Windows\System\xFsSEGM.exe
  2⤵
  PID:3520
- C:\Windows\System\GsUgYnn.exe
  C:\Windows\System\GsUgYnn.exe
  2⤵
  PID:3536
- C:\Windows\System\CSwRxBu.exe
  C:\Windows\System\CSwRxBu.exe
  2⤵
  PID:3552
- C:\Windows\System\XknfUsF.exe
  C:\Windows\System\XknfUsF.exe
  2⤵
  PID:3596
- C:\Windows\System\SITcJQS.exe
  C:\Windows\System\SITcJQS.exe
  2⤵
  PID:3616
- C:\Windows\System\GSuzpiJ.exe
  C:\Windows\System\GSuzpiJ.exe
  2⤵
  PID:3632
- C:\Windows\System\XhmTdgk.exe
  C:\Windows\System\XhmTdgk.exe
  2⤵
  PID:3648
- C:\Windows\System\YQdKOvT.exe
  C:\Windows\System\YQdKOvT.exe
  2⤵
  PID:3664
- C:\Windows\System\vezmdXA.exe
  C:\Windows\System\vezmdXA.exe
  2⤵
  PID:3680
- C:\Windows\System\BuvpzhE.exe
  C:\Windows\System\BuvpzhE.exe
  2⤵
  PID:3704
- C:\Windows\System\TVXlaEI.exe
  C:\Windows\System\TVXlaEI.exe
  2⤵
  PID:3736
- C:\Windows\System\THupism.exe
  C:\Windows\System\THupism.exe
  2⤵
  PID:3756
- C:\Windows\System\mWzZLXF.exe
  C:\Windows\System\mWzZLXF.exe
  2⤵
  PID:3772
- C:\Windows\System\uHJKUOE.exe
  C:\Windows\System\uHJKUOE.exe
  2⤵
  PID:3792
- C:\Windows\System\Azuytih.exe
  C:\Windows\System\Azuytih.exe
  2⤵
  PID:3816
- C:\Windows\System\rzYGUaV.exe
  C:\Windows\System\rzYGUaV.exe
  2⤵
  PID:3840
- C:\Windows\System\YAdeQiI.exe
  C:\Windows\System\YAdeQiI.exe
  2⤵
  PID:3860
- C:\Windows\System\JHtJJrN.exe
  C:\Windows\System\JHtJJrN.exe
  2⤵
  PID:3876
- C:\Windows\System\VfnWIHW.exe
  C:\Windows\System\VfnWIHW.exe
  2⤵
  PID:3896
- C:\Windows\System\yAGBTYh.exe
  C:\Windows\System\yAGBTYh.exe
  2⤵
  PID:3912
- C:\Windows\System\roAfcKb.exe
  C:\Windows\System\roAfcKb.exe
  2⤵
  PID:3928
- C:\Windows\System\hAoSgUH.exe
  C:\Windows\System\hAoSgUH.exe
  2⤵
  PID:3944
- C:\Windows\System\YqjdtYG.exe
  C:\Windows\System\YqjdtYG.exe
  2⤵
  PID:3968
- C:\Windows\System\YjRnxeY.exe
  C:\Windows\System\YjRnxeY.exe
  2⤵
  PID:3992
- C:\Windows\System\cvilYgC.exe
  C:\Windows\System\cvilYgC.exe
  2⤵
  PID:4008
- C:\Windows\System\PJumkJv.exe
  C:\Windows\System\PJumkJv.exe
  2⤵
  PID:4028
- C:\Windows\System\cHIZXwW.exe
  C:\Windows\System\cHIZXwW.exe
  2⤵
  PID:4044
- C:\Windows\System\aHULWxj.exe
  C:\Windows\System\aHULWxj.exe
  2⤵
  PID:4060
- C:\Windows\System\opLMDtU.exe
  C:\Windows\System\opLMDtU.exe
  2⤵
  PID:4076
- C:\Windows\System\PKLIamk.exe
  C:\Windows\System\PKLIamk.exe
  2⤵
  PID:3084
- C:\Windows\System\THFzbqT.exe
  C:\Windows\System\THFzbqT.exe
  2⤵
  PID:1220
- C:\Windows\System\LcZeIHX.exe
  C:\Windows\System\LcZeIHX.exe
  2⤵
  PID:2780
- C:\Windows\System\kjRcdMu.exe
  C:\Windows\System\kjRcdMu.exe
  2⤵
  PID:1228
- C:\Windows\System\QjMUTKz.exe
  C:\Windows\System\QjMUTKz.exe
  2⤵
  PID:2596
- C:\Windows\System\MLyJvQC.exe
  C:\Windows\System\MLyJvQC.exe
  2⤵
  PID:3124
- C:\Windows\System\uLmycKt.exe
  C:\Windows\System\uLmycKt.exe
  2⤵
  PID:3164
- C:\Windows\System\HVjvvqc.exe
  C:\Windows\System\HVjvvqc.exe
  2⤵
  PID:3208
- C:\Windows\System\ALQkoYo.exe
  C:\Windows\System\ALQkoYo.exe
  2⤵
  PID:3236
- C:\Windows\System\ZHuUzHe.exe
  C:\Windows\System\ZHuUzHe.exe
  2⤵
  PID:2724
- C:\Windows\System\wFzGeHW.exe
  C:\Windows\System\wFzGeHW.exe
  2⤵
  PID:3320
- C:\Windows\System\PvtEcaN.exe
  C:\Windows\System\PvtEcaN.exe
  2⤵
  PID:3356
- C:\Windows\System\taquXLH.exe
  C:\Windows\System\taquXLH.exe
  2⤵
  PID:3396
- C:\Windows\System\rLcweSC.exe
  C:\Windows\System\rLcweSC.exe
  2⤵
  PID:3296
- C:\Windows\System\flqFkjx.exe
  C:\Windows\System\flqFkjx.exe
  2⤵
  PID:3380
- C:\Windows\System\bitBOSz.exe
  C:\Windows\System\bitBOSz.exe
  2⤵
  PID:3468
- C:\Windows\System\zEifPhu.exe
  C:\Windows\System\zEifPhu.exe
  2⤵
  PID:3532
- C:\Windows\System\tZSbqFy.exe
  C:\Windows\System\tZSbqFy.exe
  2⤵
  PID:3516
- C:\Windows\System\fukXYDp.exe
  C:\Windows\System\fukXYDp.exe
  2⤵
  PID:3428
- C:\Windows\System\MFMJJBM.exe
  C:\Windows\System\MFMJJBM.exe
  2⤵
  PID:3568
- C:\Windows\System\XKrRCwc.exe
  C:\Windows\System\XKrRCwc.exe
  2⤵
  PID:3588
- C:\Windows\System\bBreUMB.exe
  C:\Windows\System\bBreUMB.exe
  2⤵
  PID:2912
- C:\Windows\System\CmPqGKD.exe
  C:\Windows\System\CmPqGKD.exe
  2⤵
  PID:3720
- C:\Windows\System\WLekoPz.exe
  C:\Windows\System\WLekoPz.exe
  2⤵
  PID:3656
- C:\Windows\System\CjynBUb.exe
  C:\Windows\System\CjynBUb.exe
  2⤵
  PID:3764
- C:\Windows\System\rddBKhy.exe
  C:\Windows\System\rddBKhy.exe
  2⤵
  PID:3768
- C:\Windows\System\lazEdIn.exe
  C:\Windows\System\lazEdIn.exe
  2⤵
  PID:3788
- C:\Windows\System\BWvynau.exe
  C:\Windows\System\BWvynau.exe
  2⤵
  PID:3824
- C:\Windows\System\zwMWeDF.exe
  C:\Windows\System\zwMWeDF.exe
  2⤵
  PID:3884
- C:\Windows\System\FfPGERf.exe
  C:\Windows\System\FfPGERf.exe
  2⤵
  PID:3952
- C:\Windows\System\PaGzgGY.exe
  C:\Windows\System\PaGzgGY.exe
  2⤵
  PID:3908
- C:\Windows\System\zMNzWpT.exe
  C:\Windows\System\zMNzWpT.exe
  2⤵
  PID:3868
- C:\Windows\System\uYXFWsF.exe
  C:\Windows\System\uYXFWsF.exe
  2⤵
  PID:3940
- C:\Windows\System\LlEDdfO.exe
  C:\Windows\System\LlEDdfO.exe
  2⤵
  PID:3984
- C:\Windows\System\eRppNmc.exe
  C:\Windows\System\eRppNmc.exe
  2⤵
  PID:4024
- C:\Windows\System\DAPKPpx.exe
  C:\Windows\System\DAPKPpx.exe
  2⤵
  PID:2776
- C:\Windows\System\EcFCrmN.exe
  C:\Windows\System\EcFCrmN.exe
  2⤵
  PID:3076
- C:\Windows\System\FlIpMFp.exe
  C:\Windows\System\FlIpMFp.exe
  2⤵
  PID:2452
- C:\Windows\System\KzcLPEd.exe
  C:\Windows\System\KzcLPEd.exe
  2⤵
  PID:4092
- C:\Windows\System\XsxHGIT.exe
  C:\Windows\System\XsxHGIT.exe
  2⤵
  PID:3196
- C:\Windows\System\PDbVgvZ.exe
  C:\Windows\System\PDbVgvZ.exe
  2⤵
  PID:3152
- C:\Windows\System\EixSDRb.exe
  C:\Windows\System\EixSDRb.exe
  2⤵
  PID:3148
- C:\Windows\System\BcokcLX.exe
  C:\Windows\System\BcokcLX.exe
  2⤵
  PID:3260
- C:\Windows\System\DxOuoQl.exe
  C:\Windows\System\DxOuoQl.exe
  2⤵
  PID:3280
- C:\Windows\System\vszPgLa.exe
  C:\Windows\System\vszPgLa.exe
  2⤵
  PID:3252
- C:\Windows\System\SwMebxo.exe
  C:\Windows\System\SwMebxo.exe
  2⤵
  PID:3304
- C:\Windows\System\YEITwBD.exe
  C:\Windows\System\YEITwBD.exe
  2⤵
  PID:3336
- C:\Windows\System\ckAwZuA.exe
  C:\Windows\System\ckAwZuA.exe
  2⤵
  PID:2484
- C:\Windows\System\NCONsCC.exe
  C:\Windows\System\NCONsCC.exe
  2⤵
  PID:3640
- C:\Windows\System\BDUgkng.exe
  C:\Windows\System\BDUgkng.exe
  2⤵
  PID:3712
- C:\Windows\System\YHoCZrr.exe
  C:\Windows\System\YHoCZrr.exe
  2⤵
  PID:3728
- C:\Windows\System\PHXHpcM.exe
  C:\Windows\System\PHXHpcM.exe
  2⤵
  PID:3748
- C:\Windows\System\hKwaKHe.exe
  C:\Windows\System\hKwaKHe.exe
  2⤵
  PID:3784
- C:\Windows\System\SWWZtAV.exe
  C:\Windows\System\SWWZtAV.exe
  2⤵
  PID:4004
- C:\Windows\System\LvaWPzr.exe
  C:\Windows\System\LvaWPzr.exe
  2⤵
  PID:3964
- C:\Windows\System\sacxCre.exe
  C:\Windows\System\sacxCre.exe
  2⤵
  PID:4016
- C:\Windows\System\ifzNxEX.exe
  C:\Windows\System\ifzNxEX.exe
  2⤵
  PID:3104
- C:\Windows\System\tfgYXzz.exe
  C:\Windows\System\tfgYXzz.exe
  2⤵
  PID:1840
- C:\Windows\System\UhxaIRi.exe
  C:\Windows\System\UhxaIRi.exe
  2⤵
  PID:1472
- C:\Windows\System\yTcfhEr.exe
  C:\Windows\System\yTcfhEr.exe
  2⤵
  PID:3100
- C:\Windows\System\TbvUQBx.exe
  C:\Windows\System\TbvUQBx.exe
  2⤵
  PID:3412
- C:\Windows\System\YIWRtdF.exe
  C:\Windows\System\YIWRtdF.exe
  2⤵
  PID:3256
- C:\Windows\System\nIPxFPq.exe
  C:\Windows\System\nIPxFPq.exe
  2⤵
  PID:3340
- C:\Windows\System\YWCefaL.exe
  C:\Windows\System\YWCefaL.exe
  2⤵
  PID:3448
- C:\Windows\System\NCkZBGO.exe
  C:\Windows\System\NCkZBGO.exe
  2⤵
  PID:3424
- C:\Windows\System\kRnMOJO.exe
  C:\Windows\System\kRnMOJO.exe
  2⤵
  PID:3548
- C:\Windows\System\XMoDwHZ.exe
  C:\Windows\System\XMoDwHZ.exe
  2⤵
  PID:1712
- C:\Windows\System\qQGMNgH.exe
  C:\Windows\System\qQGMNgH.exe
  2⤵
  PID:3484
- C:\Windows\System\gMYLkOK.exe
  C:\Windows\System\gMYLkOK.exe
  2⤵
  PID:3628
- C:\Windows\System\YjuiMtK.exe
  C:\Windows\System\YjuiMtK.exe
  2⤵
  PID:3920
- C:\Windows\System\NteKwLZ.exe
  C:\Windows\System\NteKwLZ.exe
  2⤵
  PID:1688
- C:\Windows\System\OUzoBGA.exe
  C:\Windows\System\OUzoBGA.exe
  2⤵
  PID:4072
- C:\Windows\System\FfDhddR.exe
  C:\Windows\System\FfDhddR.exe
  2⤵
  PID:3108
- C:\Windows\System\kuuhMej.exe
  C:\Windows\System\kuuhMej.exe
  2⤵
  PID:4084
- C:\Windows\System\ieKVXgn.exe
  C:\Windows\System\ieKVXgn.exe
  2⤵
  PID:3384
- C:\Windows\System\QrtRaYE.exe
  C:\Windows\System\QrtRaYE.exe
  2⤵
  PID:404
- C:\Windows\System\XBIWcXc.exe
  C:\Windows\System\XBIWcXc.exe
  2⤵
  PID:1520
- C:\Windows\System\GIPAzRK.exe
  C:\Windows\System\GIPAzRK.exe
  2⤵
  PID:2208
- C:\Windows\System\mQxNqRH.exe
  C:\Windows\System\mQxNqRH.exe
  2⤵
  PID:3528
- C:\Windows\System\ioNRxjI.exe
  C:\Windows\System\ioNRxjI.exe
  2⤵
  PID:3300
- C:\Windows\System\RoEomvS.exe
  C:\Windows\System\RoEomvS.exe
  2⤵
  PID:3752
- C:\Windows\System\udrhDmk.exe
  C:\Windows\System\udrhDmk.exe
  2⤵
  PID:1948
- C:\Windows\System\btBaZvS.exe
  C:\Windows\System\btBaZvS.exe
  2⤵
  PID:3856
- C:\Windows\System\gDcirLg.exe
  C:\Windows\System\gDcirLg.exe
  2⤵
  PID:2664
- C:\Windows\System\pCyPFFZ.exe
  C:\Windows\System\pCyPFFZ.exe
  2⤵
  PID:4036
- C:\Windows\System\ZUyCryA.exe
  C:\Windows\System\ZUyCryA.exe
  2⤵
  PID:3572
- C:\Windows\System\vApGcKO.exe
  C:\Windows\System\vApGcKO.exe
  2⤵
  PID:4100
- C:\Windows\System\SIgQjwd.exe
  C:\Windows\System\SIgQjwd.exe
  2⤵
  PID:4116
- C:\Windows\System\sYMpwdv.exe
  C:\Windows\System\sYMpwdv.exe
  2⤵
  PID:4132
- C:\Windows\System\jDHekSa.exe
  C:\Windows\System\jDHekSa.exe
  2⤵
  PID:4152
- C:\Windows\System\jUrYyNi.exe
  C:\Windows\System\jUrYyNi.exe
  2⤵
  PID:4200
- C:\Windows\System\BrCijwt.exe
  C:\Windows\System\BrCijwt.exe
  2⤵
  PID:4216
- C:\Windows\System\fHqbeSP.exe
  C:\Windows\System\fHqbeSP.exe
  2⤵
  PID:4248
- C:\Windows\System\MvrtXRQ.exe
  C:\Windows\System\MvrtXRQ.exe
  2⤵
  PID:4264
- C:\Windows\System\WceGeCo.exe
  C:\Windows\System\WceGeCo.exe
  2⤵
  PID:4280
- C:\Windows\System\sZcWUvf.exe
  C:\Windows\System\sZcWUvf.exe
  2⤵
  PID:4296
- C:\Windows\System\aydkYKp.exe
  C:\Windows\System\aydkYKp.exe
  2⤵
  PID:4312
- C:\Windows\System\IjCAyuq.exe
  C:\Windows\System\IjCAyuq.exe
  2⤵
  PID:4328
- C:\Windows\System\ZTSEhNB.exe
  C:\Windows\System\ZTSEhNB.exe
  2⤵
  PID:4344
- C:\Windows\System\akXJwUi.exe
  C:\Windows\System\akXJwUi.exe
  2⤵
  PID:4388
- C:\Windows\System\BdFVDic.exe
  C:\Windows\System\BdFVDic.exe
  2⤵
  PID:4404
- C:\Windows\System\fBAeDrL.exe
  C:\Windows\System\fBAeDrL.exe
  2⤵
  PID:4424
- C:\Windows\System\SIPCAto.exe
  C:\Windows\System\SIPCAto.exe
  2⤵
  PID:4444
- C:\Windows\System\ZkqHoXK.exe
  C:\Windows\System\ZkqHoXK.exe
  2⤵
  PID:4464
- C:\Windows\System\gnNSqti.exe
  C:\Windows\System\gnNSqti.exe
  2⤵
  PID:4480
- C:\Windows\System\dhWouGO.exe
  C:\Windows\System\dhWouGO.exe
  2⤵
  PID:4508
- C:\Windows\System\ppPLLai.exe
  C:\Windows\System\ppPLLai.exe
  2⤵
  PID:4524
- C:\Windows\System\zditBIJ.exe
  C:\Windows\System\zditBIJ.exe
  2⤵
  PID:4540
- C:\Windows\System\MukhCOi.exe
  C:\Windows\System\MukhCOi.exe
  2⤵
  PID:4556
- C:\Windows\System\zTRplMe.exe
  C:\Windows\System\zTRplMe.exe
  2⤵
  PID:4580
- C:\Windows\System\hMAoJBz.exe
  C:\Windows\System\hMAoJBz.exe
  2⤵
  PID:4600
- C:\Windows\System\JeEUTQW.exe
  C:\Windows\System\JeEUTQW.exe
  2⤵
  PID:4628
- C:\Windows\System\pKJfWKk.exe
  C:\Windows\System\pKJfWKk.exe
  2⤵
  PID:4644
- C:\Windows\System\rNnGLsO.exe
  C:\Windows\System\rNnGLsO.exe
  2⤵
  PID:4660
- C:\Windows\System\jkXnmzC.exe
  C:\Windows\System\jkXnmzC.exe
  2⤵
  PID:4676
- C:\Windows\System\DEmmYXP.exe
  C:\Windows\System\DEmmYXP.exe
  2⤵
  PID:4692
- C:\Windows\System\fiXNoWN.exe
  C:\Windows\System\fiXNoWN.exe
  2⤵
  PID:4708
- C:\Windows\System\REVxbcW.exe
  C:\Windows\System\REVxbcW.exe
  2⤵
  PID:4744
- C:\Windows\System\vZbNNji.exe
  C:\Windows\System\vZbNNji.exe
  2⤵
  PID:4764
- C:\Windows\System\HsvbxyX.exe
  C:\Windows\System\HsvbxyX.exe
  2⤵
  PID:4780
- C:\Windows\System\VjUfZpu.exe
  C:\Windows\System\VjUfZpu.exe
  2⤵
  PID:4796
- C:\Windows\System\zWWGYKl.exe
  C:\Windows\System\zWWGYKl.exe
  2⤵
  PID:4824
- C:\Windows\System\InlnrTm.exe
  C:\Windows\System\InlnrTm.exe
  2⤵
  PID:4840
- C:\Windows\System\ASAoBRI.exe
  C:\Windows\System\ASAoBRI.exe
  2⤵
  PID:4860
- C:\Windows\System\DBfzdTx.exe
  C:\Windows\System\DBfzdTx.exe
  2⤵
  PID:4880
- C:\Windows\System\baFKshF.exe
  C:\Windows\System\baFKshF.exe
  2⤵
  PID:4896
- C:\Windows\System\gjMnjKo.exe
  C:\Windows\System\gjMnjKo.exe
  2⤵
  PID:4912
- C:\Windows\System\LTNWwmU.exe
  C:\Windows\System\LTNWwmU.exe
  2⤵
  PID:4932
- C:\Windows\System\WkCBKOw.exe
  C:\Windows\System\WkCBKOw.exe
  2⤵
  PID:4960
- C:\Windows\System\RWHdonh.exe
  C:\Windows\System\RWHdonh.exe
  2⤵
  PID:4976
- C:\Windows\System\BpntYlx.exe
  C:\Windows\System\BpntYlx.exe
  2⤵
  PID:5008
- C:\Windows\System\hUWGEPz.exe
  C:\Windows\System\hUWGEPz.exe
  2⤵
  PID:5024
- C:\Windows\System\OcEiWfa.exe
  C:\Windows\System\OcEiWfa.exe
  2⤵
  PID:5040
- C:\Windows\System\reWnuUA.exe
  C:\Windows\System\reWnuUA.exe
  2⤵
  PID:5060
- C:\Windows\System\hpzgOXU.exe
  C:\Windows\System\hpzgOXU.exe
  2⤵
  PID:5076
- C:\Windows\System\cWGvDbF.exe
  C:\Windows\System\cWGvDbF.exe
  2⤵
  PID:5092
- C:\Windows\System\HucGcnR.exe
  C:\Windows\System\HucGcnR.exe
  2⤵
  PID:3688
- C:\Windows\System\YWERnpQ.exe
  C:\Windows\System\YWERnpQ.exe
  2⤵
  PID:1908
- C:\Windows\System\PnlNQsP.exe
  C:\Windows\System\PnlNQsP.exe
  2⤵
  PID:1328
- C:\Windows\System\ehWmCva.exe
  C:\Windows\System\ehWmCva.exe
  2⤵
  PID:4148
- C:\Windows\System\ipasGaj.exe
  C:\Windows\System\ipasGaj.exe
  2⤵
  PID:4160
- C:\Windows\System\XitCZvr.exe
  C:\Windows\System\XitCZvr.exe
  2⤵
  PID:4168
- C:\Windows\System\NUNUyAd.exe
  C:\Windows\System\NUNUyAd.exe
  2⤵
  PID:4172
- C:\Windows\System\VGZtqqa.exe
  C:\Windows\System\VGZtqqa.exe
  2⤵
  PID:4180
- C:\Windows\System\eKsskhB.exe
  C:\Windows\System\eKsskhB.exe
  2⤵
  PID:4124
- C:\Windows\System\NOhifYG.exe
  C:\Windows\System\NOhifYG.exe
  2⤵
  PID:4188
- C:\Windows\System\igSyDSo.exe
  C:\Windows\System\igSyDSo.exe
  2⤵
  PID:4244
- C:\Windows\System\oviZkKL.exe
  C:\Windows\System\oviZkKL.exe
  2⤵
  PID:4292
- C:\Windows\System\NBlHNMN.exe
  C:\Windows\System\NBlHNMN.exe
  2⤵
  PID:4356
- C:\Windows\System\WfxrzGu.exe
  C:\Windows\System\WfxrzGu.exe
  2⤵
  PID:4276
- C:\Windows\System\YpqNYeM.exe
  C:\Windows\System\YpqNYeM.exe
  2⤵
  PID:4372
- C:\Windows\System\RctpCWI.exe
  C:\Windows\System\RctpCWI.exe
  2⤵
  PID:4360
- C:\Windows\System\HfLHFBu.exe
  C:\Windows\System\HfLHFBu.exe
  2⤵
  PID:4436
- C:\Windows\System\nXepnkQ.exe
  C:\Windows\System\nXepnkQ.exe
  2⤵
  PID:4460
- C:\Windows\System\vGimfkT.exe
  C:\Windows\System\vGimfkT.exe
  2⤵
  PID:1476
- C:\Windows\System\FHjwLXr.exe
  C:\Windows\System\FHjwLXr.exe
  2⤵
  PID:576
- C:\Windows\System\eLcMLzW.exe
  C:\Windows\System\eLcMLzW.exe
  2⤵
  PID:4552
- C:\Windows\System\puvwOjc.exe
  C:\Windows\System\puvwOjc.exe
  2⤵
  PID:1752
- C:\Windows\System\Ggfhzrg.exe
  C:\Windows\System\Ggfhzrg.exe
  2⤵
  PID:4568
- C:\Windows\System\sSjqrnp.exe
  C:\Windows\System\sSjqrnp.exe
  2⤵
  PID:4588
- C:\Windows\System\mtYhoMc.exe
  C:\Windows\System\mtYhoMc.exe
  2⤵
  PID:4612
- C:\Windows\System\NbZXRgh.exe
  C:\Windows\System\NbZXRgh.exe
  2⤵
  PID:4652
- C:\Windows\System\zCjMyGA.exe
  C:\Windows\System\zCjMyGA.exe
  2⤵
  PID:4724
- C:\Windows\System\hDxPlkC.exe
  C:\Windows\System\hDxPlkC.exe
  2⤵
  PID:4740
- C:\Windows\System\hKBGrht.exe
  C:\Windows\System\hKBGrht.exe
  2⤵
  PID:4636
- C:\Windows\System\LgnwULR.exe
  C:\Windows\System\LgnwULR.exe
  2⤵
  PID:4756
- C:\Windows\System\iLzYTSj.exe
  C:\Windows\System\iLzYTSj.exe
  2⤵
  PID:4804
- C:\Windows\System\zhHIPIG.exe
  C:\Windows\System\zhHIPIG.exe
  2⤵
  PID:1804
- C:\Windows\System\uVxmzPK.exe
  C:\Windows\System\uVxmzPK.exe
  2⤵
  PID:4852
- C:\Windows\System\sLcKRLV.exe
  C:\Windows\System\sLcKRLV.exe
  2⤵
  PID:4920
- C:\Windows\System\ruFsLOO.exe
  C:\Windows\System\ruFsLOO.exe
  2⤵
  PID:2464
- C:\Windows\System\fwkzxBm.exe
  C:\Windows\System\fwkzxBm.exe
  2⤵
  PID:4956
- C:\Windows\System\jsktcjf.exe
  C:\Windows\System\jsktcjf.exe
  2⤵
  PID:4952
- C:\Windows\System\gbtBIRG.exe
  C:\Windows\System\gbtBIRG.exe
  2⤵
  PID:4772
- C:\Windows\System\TBEVFyK.exe
  C:\Windows\System\TBEVFyK.exe
  2⤵
  PID:5052
- C:\Windows\System\BwMJaUd.exe
  C:\Windows\System\BwMJaUd.exe
  2⤵
  PID:1848
- C:\Windows\System\dhKJzCh.exe
  C:\Windows\System\dhKJzCh.exe
  2⤵
  PID:4996
- C:\Windows\System\uqNSUqE.exe
  C:\Windows\System\uqNSUqE.exe
  2⤵
  PID:1368
- C:\Windows\System\BRGGwMj.exe
  C:\Windows\System\BRGGwMj.exe
  2⤵
  PID:4140
- C:\Windows\System\zEapeZi.exe
  C:\Windows\System\zEapeZi.exe
  2⤵
  PID:5112
- C:\Windows\System\JJWVqid.exe
  C:\Windows\System\JJWVqid.exe
  2⤵
  PID:3500
- C:\Windows\System\XLTTNVY.exe
  C:\Windows\System\XLTTNVY.exe
  2⤵
  PID:2128
- C:\Windows\System\BcOAbjA.exe
  C:\Windows\System\BcOAbjA.exe
  2⤵
  PID:3408
- C:\Windows\System\tTKPRnV.exe
  C:\Windows\System\tTKPRnV.exe
  2⤵
  PID:3696
- C:\Windows\System\ABCUnuq.exe
  C:\Windows\System\ABCUnuq.exe
  2⤵
  PID:3564
- C:\Windows\System\yjeHbSB.exe
  C:\Windows\System\yjeHbSB.exe
  2⤵
  PID:4240
- C:\Windows\System\dhARPDQ.exe
  C:\Windows\System\dhARPDQ.exe
  2⤵
  PID:4260
- C:\Windows\System\aSufQGA.exe
  C:\Windows\System\aSufQGA.exe
  2⤵
  PID:4456
- C:\Windows\System\ATnfGvv.exe
  C:\Windows\System\ATnfGvv.exe
  2⤵
  PID:2148
- C:\Windows\System\wjnYwOX.exe
  C:\Windows\System\wjnYwOX.exe
  2⤵
  PID:4624
- C:\Windows\System\KsOzzku.exe
  C:\Windows\System\KsOzzku.exe
  2⤵
  PID:4752
- C:\Windows\System\ggAmlfq.exe
  C:\Windows\System\ggAmlfq.exe
  2⤵
  PID:4820
- C:\Windows\System\lVecWWh.exe
  C:\Windows\System\lVecWWh.exe
  2⤵
  PID:4888
- C:\Windows\System\zpxYRic.exe
  C:\Windows\System\zpxYRic.exe
  2⤵
  PID:4520
- C:\Windows\System\OeuftxC.exe
  C:\Windows\System\OeuftxC.exe
  2⤵
  PID:4596
- C:\Windows\System\pKPMCnj.exe
  C:\Windows\System\pKPMCnj.exe
  2⤵
  PID:4876
- C:\Windows\System\HNLzRDE.exe
  C:\Windows\System\HNLzRDE.exe
  2⤵
  PID:1932
- C:\Windows\System\RSlGINz.exe
  C:\Windows\System\RSlGINz.exe
  2⤵
  PID:4848
- C:\Windows\System\tXDpnwD.exe
  C:\Windows\System\tXDpnwD.exe
  2⤵
  PID:4944
- C:\Windows\System\tplXezE.exe
  C:\Windows\System\tplXezE.exe
  2⤵
  PID:4972
- C:\Windows\System\JbHmmhp.exe
  C:\Windows\System\JbHmmhp.exe
  2⤵
  PID:5000
- C:\Windows\System\FMnwkYF.exe
  C:\Windows\System\FMnwkYF.exe
  2⤵
  PID:4108
- C:\Windows\System\vMfCKRP.exe
  C:\Windows\System\vMfCKRP.exe
  2⤵
  PID:1724
- C:\Windows\System\tkRxtyY.exe
  C:\Windows\System\tkRxtyY.exe
  2⤵
  PID:4352
- C:\Windows\System\tdUOQSz.exe
  C:\Windows\System\tdUOQSz.exe
  2⤵
  PID:4416
- C:\Windows\System\KbnYInR.exe
  C:\Windows\System\KbnYInR.exe
  2⤵
  PID:4420
- C:\Windows\System\qjjjpLb.exe
  C:\Windows\System\qjjjpLb.exe
  2⤵
  PID:4608
- C:\Windows\System\ppZHTfG.exe
  C:\Windows\System\ppZHTfG.exe
  2⤵
  PID:5100
- C:\Windows\System\VCKzYvs.exe
  C:\Windows\System\VCKzYvs.exe
  2⤵
  PID:4192
- C:\Windows\System\IpdKxqg.exe
  C:\Windows\System\IpdKxqg.exe
  2⤵
  PID:2948
- C:\Windows\System\IjnDhWQ.exe
  C:\Windows\System\IjnDhWQ.exe
  2⤵
  PID:4788
- C:\Windows\System\QilvPQm.exe
  C:\Windows\System\QilvPQm.exe
  2⤵
  PID:4872
- C:\Windows\System\LhfTSem.exe
  C:\Windows\System\LhfTSem.exe
  2⤵
  PID:5048
- C:\Windows\System\dVjtEtF.exe
  C:\Windows\System\dVjtEtF.exe
  2⤵
  PID:3268
- C:\Windows\System\lDHrmWO.exe
  C:\Windows\System\lDHrmWO.exe
  2⤵
  PID:4320
- C:\Windows\System\qxufqeK.exe
  C:\Windows\System\qxufqeK.exe
  2⤵
  PID:5132
- C:\Windows\System\yhILQed.exe
  C:\Windows\System\yhILQed.exe
  2⤵
  PID:5148
- C:\Windows\System\EROcCZD.exe
  C:\Windows\System\EROcCZD.exe
  2⤵
  PID:5164
- C:\Windows\System\qMNAJZR.exe
  C:\Windows\System\qMNAJZR.exe
  2⤵
  PID:5184
- C:\Windows\System\eEJWUOF.exe
  C:\Windows\System\eEJWUOF.exe
  2⤵
  PID:5228
- C:\Windows\System\DfiPtSC.exe
  C:\Windows\System\DfiPtSC.exe
  2⤵
  PID:5308
- C:\Windows\System\GqnJisg.exe
  C:\Windows\System\GqnJisg.exe
  2⤵
  PID:5324
- C:\Windows\System\muqHnHw.exe
  C:\Windows\System\muqHnHw.exe
  2⤵
  PID:5368
- C:\Windows\System\GfdfuNQ.exe
  C:\Windows\System\GfdfuNQ.exe
  2⤵
  PID:5388
- C:\Windows\System\qPViTqb.exe
  C:\Windows\System\qPViTqb.exe
  2⤵
  PID:5408
- C:\Windows\System\LVNGbfP.exe
  C:\Windows\System\LVNGbfP.exe
  2⤵
  PID:5424
- C:\Windows\System\PVUerJg.exe
  C:\Windows\System\PVUerJg.exe
  2⤵
  PID:5448
- C:\Windows\System\RchUoLZ.exe
  C:\Windows\System\RchUoLZ.exe
  2⤵
  PID:5468
- C:\Windows\System\vCsvkec.exe
  C:\Windows\System\vCsvkec.exe
  2⤵
  PID:5484
- C:\Windows\System\SwSskJa.exe
  C:\Windows\System\SwSskJa.exe
  2⤵
  PID:5504
- C:\Windows\System\DoRdVLO.exe
  C:\Windows\System\DoRdVLO.exe
  2⤵
  PID:5524
- C:\Windows\System\XlsnuzH.exe
  C:\Windows\System\XlsnuzH.exe
  2⤵
  PID:5544
- C:\Windows\System\gVOKCZu.exe
  C:\Windows\System\gVOKCZu.exe
  2⤵
  PID:5560
- C:\Windows\System\DisGOdv.exe
  C:\Windows\System\DisGOdv.exe
  2⤵
  PID:5576
- C:\Windows\System\DUPWrpf.exe
  C:\Windows\System\DUPWrpf.exe
  2⤵
  PID:5592
- C:\Windows\System\cNstfaV.exe
  C:\Windows\System\cNstfaV.exe
  2⤵
  PID:5612
- C:\Windows\System\RWzCyXn.exe
  C:\Windows\System\RWzCyXn.exe
  2⤵
  PID:5628
- C:\Windows\System\behaXEP.exe
  C:\Windows\System\behaXEP.exe
  2⤵
  PID:5668
- C:\Windows\System\uNLhTOq.exe
  C:\Windows\System\uNLhTOq.exe
  2⤵
  PID:5684
- C:\Windows\System\jvnsuqy.exe
  C:\Windows\System\jvnsuqy.exe
  2⤵
  PID:5700
- C:\Windows\System\KOwBPeK.exe
  C:\Windows\System\KOwBPeK.exe
  2⤵
  PID:5728
- C:\Windows\System\tEwOPji.exe
  C:\Windows\System\tEwOPji.exe
  2⤵
  PID:5744
- C:\Windows\System\GWtlDAC.exe
  C:\Windows\System\GWtlDAC.exe
  2⤵
  PID:5780
- C:\Windows\System\MtszzYd.exe
  C:\Windows\System\MtszzYd.exe
  2⤵
  PID:5796
- C:\Windows\System\tVElpsn.exe
  C:\Windows\System\tVElpsn.exe
  2⤵
  PID:5812
- C:\Windows\System\gShJMRQ.exe
  C:\Windows\System\gShJMRQ.exe
  2⤵
  PID:5832
- C:\Windows\System\neCmuPJ.exe
  C:\Windows\System\neCmuPJ.exe
  2⤵
  PID:5856
- C:\Windows\System\udFLyvh.exe
  C:\Windows\System\udFLyvh.exe
  2⤵
  PID:5876
- C:\Windows\System\jGSMMrQ.exe
  C:\Windows\System\jGSMMrQ.exe
  2⤵
  PID:5896
- C:\Windows\System\tiTgUld.exe
  C:\Windows\System\tiTgUld.exe
  2⤵
  PID:5912
- C:\Windows\System\WLjszdf.exe
  C:\Windows\System\WLjszdf.exe
  2⤵
  PID:5928
- C:\Windows\System\OkpThHg.exe
  C:\Windows\System\OkpThHg.exe
  2⤵
  PID:5944
- C:\Windows\System\ZdiEMBX.exe
  C:\Windows\System\ZdiEMBX.exe
  2⤵
  PID:5960
- C:\Windows\System\DJFUQiL.exe
  C:\Windows\System\DJFUQiL.exe
  2⤵
  PID:5976
- C:\Windows\System\JDWCmjP.exe
  C:\Windows\System\JDWCmjP.exe
  2⤵
  PID:6000
- C:\Windows\System\rumouKO.exe
  C:\Windows\System\rumouKO.exe
  2⤵
  PID:6020
- C:\Windows\System\cnYHILe.exe
  C:\Windows\System\cnYHILe.exe
  2⤵
  PID:6040
- C:\Windows\System\ySlCIQH.exe
  C:\Windows\System\ySlCIQH.exe
  2⤵
  PID:6060
- C:\Windows\System\djhXfXp.exe
  C:\Windows\System\djhXfXp.exe
  2⤵
  PID:6076
- C:\Windows\System\RyZUeuG.exe
  C:\Windows\System\RyZUeuG.exe
  2⤵
  PID:6092
- C:\Windows\System\vWGakNT.exe
  C:\Windows\System\vWGakNT.exe
  2⤵
  PID:6108
- C:\Windows\System\tqMewIo.exe
  C:\Windows\System\tqMewIo.exe
  2⤵
  PID:4908
- C:\Windows\System\GnEyidt.exe
  C:\Windows\System\GnEyidt.exe
  2⤵
  PID:4224
- C:\Windows\System\cLkQiVQ.exe
  C:\Windows\System\cLkQiVQ.exe
  2⤵
  PID:1152
- C:\Windows\System\UyrlmTt.exe
  C:\Windows\System\UyrlmTt.exe
  2⤵
  PID:5128
- C:\Windows\System\OZcitAt.exe
  C:\Windows\System\OZcitAt.exe
  2⤵
  PID:4236
- C:\Windows\System\hxtwltW.exe
  C:\Windows\System\hxtwltW.exe
  2⤵
  PID:4380
- C:\Windows\System\VyuEPJy.exe
  C:\Windows\System\VyuEPJy.exe
  2⤵
  PID:3048
- C:\Windows\System\KVlJjZV.exe
  C:\Windows\System\KVlJjZV.exe
  2⤵
  PID:4776
- C:\Windows\System\hFRIYtl.exe
  C:\Windows\System\hFRIYtl.exe
  2⤵
  PID:5144
- C:\Windows\System\fgycblA.exe
  C:\Windows\System\fgycblA.exe
  2⤵
  PID:4532
- C:\Windows\System\BjoOVGj.exe
  C:\Windows\System\BjoOVGj.exe
  2⤵
  PID:4412
- C:\Windows\System\gEZJzJH.exe
  C:\Windows\System\gEZJzJH.exe
  2⤵
  PID:4760
- C:\Windows\System\nHbZeTB.exe
  C:\Windows\System\nHbZeTB.exe
  2⤵
  PID:5216
- C:\Windows\System\UegxEpx.exe
  C:\Windows\System\UegxEpx.exe
  2⤵
  PID:5256
- C:\Windows\System\SuGhpnU.exe
  C:\Windows\System\SuGhpnU.exe
  2⤵
  PID:5276
- C:\Windows\System\hBFovpJ.exe
  C:\Windows\System\hBFovpJ.exe
  2⤵
  PID:5304
- C:\Windows\System\rUBQBdt.exe
  C:\Windows\System\rUBQBdt.exe
  2⤵
  PID:5416
- C:\Windows\System\AwfhDuj.exe
  C:\Windows\System\AwfhDuj.exe
  2⤵
  PID:5464
- C:\Windows\System\ydKzXRB.exe
  C:\Windows\System\ydKzXRB.exe
  2⤵
  PID:5532
- C:\Windows\System\uRPjejH.exe
  C:\Windows\System\uRPjejH.exe
  2⤵
  PID:5568
- C:\Windows\System\xJZGTqR.exe
  C:\Windows\System\xJZGTqR.exe
  2⤵
  PID:5480
- C:\Windows\System\InUcgAN.exe
  C:\Windows\System\InUcgAN.exe
  2⤵
  PID:5648
- C:\Windows\System\ErtGpNr.exe
  C:\Windows\System\ErtGpNr.exe
  2⤵
  PID:5352
- C:\Windows\System\brffffR.exe
  C:\Windows\System\brffffR.exe
  2⤵
  PID:5336
- C:\Windows\System\hlbXzHD.exe
  C:\Windows\System\hlbXzHD.exe
  2⤵
  PID:5740
- C:\Windows\System\HqLoxYP.exe
  C:\Windows\System\HqLoxYP.exe
  2⤵
  PID:5432
- C:\Windows\System\TJnRWSF.exe
  C:\Windows\System\TJnRWSF.exe
  2⤵
  PID:5552
- C:\Windows\System\oKfStge.exe
  C:\Windows\System\oKfStge.exe
  2⤵
  PID:5752
- C:\Windows\System\GBfkQyK.exe
  C:\Windows\System\GBfkQyK.exe
  2⤵
  PID:5768
- C:\Windows\System\mkVYdHG.exe
  C:\Windows\System\mkVYdHG.exe
  2⤵
  PID:5776
- C:\Windows\System\drLgdfR.exe
  C:\Windows\System\drLgdfR.exe
  2⤵
  PID:5820
- C:\Windows\System\UbDyBRo.exe
  C:\Windows\System\UbDyBRo.exe
  2⤵
  PID:5808
- C:\Windows\System\boVQqZf.exe
  C:\Windows\System\boVQqZf.exe
  2⤵
  PID:5868
- C:\Windows\System\ErFdmgg.exe
  C:\Windows\System\ErFdmgg.exe
  2⤵
  PID:5968
- C:\Windows\System\xKQKSoL.exe
  C:\Windows\System\xKQKSoL.exe
  2⤵
  PID:6016
- C:\Windows\System\zrpMYPF.exe
  C:\Windows\System\zrpMYPF.exe
  2⤵
  PID:6084
- C:\Windows\System\ykOChqF.exe
  C:\Windows\System\ykOChqF.exe
  2⤵
  PID:6124
- C:\Windows\System\jFgtgxf.exe
  C:\Windows\System\jFgtgxf.exe
  2⤵
  PID:6140
- C:\Windows\System\acxRNXJ.exe
  C:\Windows\System\acxRNXJ.exe
  2⤵
  PID:4516
- C:\Windows\System\lEqECIb.exe
  C:\Windows\System\lEqECIb.exe
  2⤵
  PID:5988
- C:\Windows\System\IigdDpS.exe
  C:\Windows\System\IigdDpS.exe
  2⤵
  PID:5116
- C:\Windows\System\NDrsYTF.exe
  C:\Windows\System\NDrsYTF.exe
  2⤵
  PID:4212
- C:\Windows\System\PJyLSiI.exe
  C:\Windows\System\PJyLSiI.exe
  2⤵
  PID:5884
- C:\Windows\System\fCUdBvz.exe
  C:\Windows\System\fCUdBvz.exe
  2⤵
  PID:5924
- C:\Windows\System\dVkNiNP.exe
  C:\Windows\System\dVkNiNP.exe
  2⤵
  PID:4688
- C:\Windows\System\WrTGqOS.exe
  C:\Windows\System\WrTGqOS.exe
  2⤵
  PID:4592
- C:\Windows\System\qdEMiDn.exe
  C:\Windows\System\qdEMiDn.exe
  2⤵
  PID:4492
- C:\Windows\System\fxGzBFb.exe
  C:\Windows\System\fxGzBFb.exe
  2⤵
  PID:4968
- C:\Windows\System\ftXdHHp.exe
  C:\Windows\System\ftXdHHp.exe
  2⤵
  PID:4988
- C:\Windows\System\Zxkvdvv.exe
  C:\Windows\System\Zxkvdvv.exe
  2⤵
  PID:5280
- C:\Windows\System\hAzhqMv.exe
  C:\Windows\System\hAzhqMv.exe
  2⤵
  PID:5380
- C:\Windows\System\oRLoPoW.exe
  C:\Windows\System\oRLoPoW.exe
  2⤵
  PID:5460
- C:\Windows\System\BTGXVRx.exe
  C:\Windows\System\BTGXVRx.exe
  2⤵
  PID:5608
- C:\Windows\System\ZGtsQyj.exe
  C:\Windows\System\ZGtsQyj.exe
  2⤵
  PID:5344
- C:\Windows\System\CZCNhcf.exe
  C:\Windows\System\CZCNhcf.exe
  2⤵
  PID:5516
- C:\Windows\System\cvpOOJU.exe
  C:\Windows\System\cvpOOJU.exe
  2⤵
  PID:5584
- C:\Windows\System\KHmExro.exe
  C:\Windows\System\KHmExro.exe
  2⤵
  PID:5476
- C:\Windows\System\NQUJUSw.exe
  C:\Windows\System\NQUJUSw.exe
  2⤵
  PID:5760
- C:\Windows\System\OPoDpQY.exe
  C:\Windows\System\OPoDpQY.exe
  2⤵
  PID:5788
- C:\Windows\System\zYzQpfW.exe
  C:\Windows\System\zYzQpfW.exe
  2⤵
  PID:5712
- C:\Windows\System\ZVioOvt.exe
  C:\Windows\System\ZVioOvt.exe
  2⤵
  PID:5852
- C:\Windows\System\AATIRzC.exe
  C:\Windows\System\AATIRzC.exe
  2⤵
  PID:6012
- C:\Windows\System\ScJQJeZ.exe
  C:\Windows\System\ScJQJeZ.exe
  2⤵
  PID:5956
- C:\Windows\System\FPpRIqM.exe
  C:\Windows\System\FPpRIqM.exe
  2⤵
  PID:6056
- C:\Windows\System\IGaaPVv.exe
  C:\Windows\System\IGaaPVv.exe
  2⤵
  PID:6072
- C:\Windows\System\QJmuxmL.exe
  C:\Windows\System\QJmuxmL.exe
  2⤵
  PID:5140
- C:\Windows\System\OyeauVb.exe
  C:\Windows\System\OyeauVb.exe
  2⤵
  PID:4564
- C:\Windows\System\TgtXyJk.exe
  C:\Windows\System\TgtXyJk.exe
  2⤵
  PID:5320
- C:\Windows\System\AMOnMzh.exe
  C:\Windows\System\AMOnMzh.exe
  2⤵
  PID:5272
- C:\Windows\System\hbqYQjm.exe
  C:\Windows\System\hbqYQjm.exe
  2⤵
  PID:5940
- C:\Windows\System\VjoSwUT.exe
  C:\Windows\System\VjoSwUT.exe
  2⤵
  PID:4164
- C:\Windows\System\ytmqKRh.exe
  C:\Windows\System\ytmqKRh.exe
  2⤵
  PID:5376
- C:\Windows\System\yymRsWv.exe
  C:\Windows\System\yymRsWv.exe
  2⤵
  PID:5300
- C:\Windows\System\IerITUp.exe
  C:\Windows\System\IerITUp.exe
  2⤵
  PID:5396
- C:\Windows\System\DeDeMvT.exe
  C:\Windows\System\DeDeMvT.exe
  2⤵
  PID:5332
- C:\Windows\System\soqKdXJ.exe
  C:\Windows\System\soqKdXJ.exe
  2⤵
  PID:5624
- C:\Windows\System\ADXMehW.exe
  C:\Windows\System\ADXMehW.exe
  2⤵
  PID:5200
- C:\Windows\System\PBYMQCA.exe
  C:\Windows\System\PBYMQCA.exe
  2⤵
  PID:4256
- C:\Windows\System\UhFlCui.exe
  C:\Windows\System\UhFlCui.exe
  2⤵
  PID:5892
- C:\Windows\System\kFfjRXJ.exe
  C:\Windows\System\kFfjRXJ.exe
  2⤵
  PID:5316
- C:\Windows\System\kDmAnAT.exe
  C:\Windows\System\kDmAnAT.exe
  2⤵
  PID:5840
- C:\Windows\System\DLwxvms.exe
  C:\Windows\System\DLwxvms.exe
  2⤵
  PID:5268
- C:\Windows\System\hGinwNp.exe
  C:\Windows\System\hGinwNp.exe
  2⤵
  PID:6104
- C:\Windows\System\bOTejAV.exe
  C:\Windows\System\bOTejAV.exe
  2⤵
  PID:5804
- C:\Windows\System\DbcjCAf.exe
  C:\Windows\System\DbcjCAf.exe
  2⤵
  PID:4620
- C:\Windows\System\EBWBnya.exe
  C:\Windows\System\EBWBnya.exe
  2⤵
  PID:5496
- C:\Windows\System\qlvKoQM.exe
  C:\Windows\System\qlvKoQM.exe
  2⤵
  PID:5364
- C:\Windows\System\pXgIxuQ.exe
  C:\Windows\System\pXgIxuQ.exe
  2⤵
  PID:572
- C:\Windows\System\KROqAon.exe
  C:\Windows\System\KROqAon.exe
  2⤵
  PID:6032
- C:\Windows\System\RFulyJu.exe
  C:\Windows\System\RFulyJu.exe
  2⤵
  PID:4432
- C:\Windows\System\zqNIbxs.exe
  C:\Windows\System\zqNIbxs.exe
  2⤵
  PID:5644
- C:\Windows\System\KYAZVzU.exe
  C:\Windows\System\KYAZVzU.exe
  2⤵
  PID:5708
- C:\Windows\System\iHfRnFc.exe
  C:\Windows\System\iHfRnFc.exe
  2⤵
  PID:6156
- C:\Windows\System\jbxwcad.exe
  C:\Windows\System\jbxwcad.exe
  2⤵
  PID:6184
- C:\Windows\System\GEGcCLM.exe
  C:\Windows\System\GEGcCLM.exe
  2⤵
  PID:6200
- C:\Windows\System\XsJyTme.exe
  C:\Windows\System\XsJyTme.exe
  2⤵
  PID:6228
- C:\Windows\System\rwbFgbb.exe
  C:\Windows\System\rwbFgbb.exe
  2⤵
  PID:6244
- C:\Windows\System\mdvcWZi.exe
  C:\Windows\System\mdvcWZi.exe
  2⤵
  PID:6260
- C:\Windows\System\qToDqTE.exe
  C:\Windows\System\qToDqTE.exe
  2⤵
  PID:6296
- C:\Windows\System\jjCWAZg.exe
  C:\Windows\System\jjCWAZg.exe
  2⤵
  PID:6316
- C:\Windows\System\HERdoUj.exe
  C:\Windows\System\HERdoUj.exe
  2⤵
  PID:6340
- C:\Windows\System\BeilikQ.exe
  C:\Windows\System\BeilikQ.exe
  2⤵
  PID:6360
- C:\Windows\System\BVclsgI.exe
  C:\Windows\System\BVclsgI.exe
  2⤵
  PID:6384
- C:\Windows\System\geBHmgR.exe
  C:\Windows\System\geBHmgR.exe
  2⤵
  PID:6400
- C:\Windows\System\NefAfgv.exe
  C:\Windows\System\NefAfgv.exe
  2⤵
  PID:6416
- C:\Windows\System\RvJGrww.exe
  C:\Windows\System\RvJGrww.exe
  2⤵
  PID:6432
- C:\Windows\System\HYNcjYg.exe
  C:\Windows\System\HYNcjYg.exe
  2⤵
  PID:6448
- C:\Windows\System\pnegafH.exe
  C:\Windows\System\pnegafH.exe
  2⤵
  PID:6464
- C:\Windows\System\KQKyKTY.exe
  C:\Windows\System\KQKyKTY.exe
  2⤵
  PID:6480
- C:\Windows\System\QoRgiVs.exe
  C:\Windows\System\QoRgiVs.exe
  2⤵
  PID:6500
- C:\Windows\System\YOdEMBd.exe
  C:\Windows\System\YOdEMBd.exe
  2⤵
  PID:6524
- C:\Windows\System\QtICxIg.exe
  C:\Windows\System\QtICxIg.exe
  2⤵
  PID:6544
- C:\Windows\System\RgMmIec.exe
  C:\Windows\System\RgMmIec.exe
  2⤵
  PID:6568
- C:\Windows\System\UzYzyHT.exe
  C:\Windows\System\UzYzyHT.exe
  2⤵
  PID:6592
- C:\Windows\System\XnRMgIP.exe
  C:\Windows\System\XnRMgIP.exe
  2⤵
  PID:6612
- C:\Windows\System\ABWiFxA.exe
  C:\Windows\System\ABWiFxA.exe
  2⤵
  PID:6632
- C:\Windows\System\BKrpYEZ.exe
  C:\Windows\System\BKrpYEZ.exe
  2⤵
  PID:6660
- C:\Windows\System\WoDpCom.exe
  C:\Windows\System\WoDpCom.exe
  2⤵
  PID:6680
- C:\Windows\System\SIYSvBq.exe
  C:\Windows\System\SIYSvBq.exe
  2⤵
  PID:6704
- C:\Windows\System\WRAGZbK.exe
  C:\Windows\System\WRAGZbK.exe
  2⤵
  PID:6720
- C:\Windows\System\KgLOvvv.exe
  C:\Windows\System\KgLOvvv.exe
  2⤵
  PID:6740
- C:\Windows\System\BsLPkVs.exe
  C:\Windows\System\BsLPkVs.exe
  2⤵
  PID:6756
- C:\Windows\System\rFaSMkE.exe
  C:\Windows\System\rFaSMkE.exe
  2⤵
  PID:6772
- C:\Windows\System\bLANhPD.exe
  C:\Windows\System\bLANhPD.exe
  2⤵
  PID:6788
- C:\Windows\System\laApfSu.exe
  C:\Windows\System\laApfSu.exe
  2⤵
  PID:6812
- C:\Windows\System\ARRzYuc.exe
  C:\Windows\System\ARRzYuc.exe
  2⤵
  PID:6832
- C:\Windows\System\jsnrvmQ.exe
  C:\Windows\System\jsnrvmQ.exe
  2⤵
  PID:6848
- C:\Windows\System\OUIdAoH.exe
  C:\Windows\System\OUIdAoH.exe
  2⤵
  PID:6864
- C:\Windows\System\GuJdAYb.exe
  C:\Windows\System\GuJdAYb.exe
  2⤵
  PID:6896
- C:\Windows\System\CaqphEN.exe
  C:\Windows\System\CaqphEN.exe
  2⤵
  PID:6912
- C:\Windows\System\GRwhroG.exe
  C:\Windows\System\GRwhroG.exe
  2⤵
  PID:6936
- C:\Windows\System\rLwozjr.exe
  C:\Windows\System\rLwozjr.exe
  2⤵
  PID:6952
- C:\Windows\System\bEWDVnM.exe
  C:\Windows\System\bEWDVnM.exe
  2⤵
  PID:6968
- C:\Windows\System\lEDYkTo.exe
  C:\Windows\System\lEDYkTo.exe
  2⤵
  PID:6984
- C:\Windows\System\CFvbjzg.exe
  C:\Windows\System\CFvbjzg.exe
  2⤵
  PID:7000
- C:\Windows\System\IiLwXAe.exe
  C:\Windows\System\IiLwXAe.exe
  2⤵
  PID:7016
- C:\Windows\System\NoTHwQm.exe
  C:\Windows\System\NoTHwQm.exe
  2⤵
  PID:7032
- C:\Windows\System\inqUSjZ.exe
  C:\Windows\System\inqUSjZ.exe
  2⤵
  PID:7048
- C:\Windows\System\rwhfTKX.exe
  C:\Windows\System\rwhfTKX.exe
  2⤵
  PID:7064
- C:\Windows\System\YaEyFqP.exe
  C:\Windows\System\YaEyFqP.exe
  2⤵
  PID:7080
- C:\Windows\System\lAwNMzD.exe
  C:\Windows\System\lAwNMzD.exe
  2⤵
  PID:7096
- C:\Windows\System\IwXFEhp.exe
  C:\Windows\System\IwXFEhp.exe
  2⤵
  PID:7120
- C:\Windows\System\OSpNFdU.exe
  C:\Windows\System\OSpNFdU.exe
  2⤵
  PID:7164
- C:\Windows\System\DVwekzk.exe
  C:\Windows\System\DVwekzk.exe
  2⤵
  PID:6152
- C:\Windows\System\DmjBKJr.exe
  C:\Windows\System\DmjBKJr.exe
  2⤵
  PID:5716
- C:\Windows\System\ycydJiN.exe
  C:\Windows\System\ycydJiN.exe
  2⤵
  PID:5984
- C:\Windows\System\WjmBCAb.exe
  C:\Windows\System\WjmBCAb.exe
  2⤵
  PID:6176
- C:\Windows\System\UCRYOaX.exe
  C:\Windows\System\UCRYOaX.exe
  2⤵
  PID:6136
- C:\Windows\System\mQOXZKQ.exe
  C:\Windows\System\mQOXZKQ.exe
  2⤵
  PID:6284
- C:\Windows\System\HYMSXVF.exe
  C:\Windows\System\HYMSXVF.exe
  2⤵
  PID:5500
- C:\Windows\System\RdihaPF.exe
  C:\Windows\System\RdihaPF.exe
  2⤵
  PID:6256
- C:\Windows\System\KQBqBAC.exe
  C:\Windows\System\KQBqBAC.exe
  2⤵
  PID:6220
- C:\Windows\System\GhlWqqt.exe
  C:\Windows\System\GhlWqqt.exe
  2⤵
  PID:6336
- C:\Windows\System\DBWEGWo.exe
  C:\Windows\System\DBWEGWo.exe
  2⤵
  PID:6312
- C:\Windows\System\FATRYhc.exe
  C:\Windows\System\FATRYhc.exe
  2⤵
  PID:6368
- C:\Windows\System\wApzQJq.exe
  C:\Windows\System\wApzQJq.exe
  2⤵
  PID:6408
- C:\Windows\System\GDpiZMl.exe
  C:\Windows\System\GDpiZMl.exe
  2⤵
  PID:6472
- C:\Windows\System\bqcJbjy.exe
  C:\Windows\System\bqcJbjy.exe
  2⤵
  PID:6520
- C:\Windows\System\gziiMLm.exe
  C:\Windows\System\gziiMLm.exe
  2⤵
  PID:6600
- C:\Windows\System\hJUrqGC.exe
  C:\Windows\System\hJUrqGC.exe
  2⤵
  PID:6424
- C:\Windows\System\aklsvII.exe
  C:\Windows\System\aklsvII.exe
  2⤵
  PID:6488
- C:\Windows\System\tgWPsyc.exe
  C:\Windows\System\tgWPsyc.exe
  2⤵
  PID:6492
- C:\Windows\System\CYURrIO.exe
  C:\Windows\System\CYURrIO.exe
  2⤵
  PID:6692
- C:\Windows\System\USMnbjT.exe
  C:\Windows\System\USMnbjT.exe
  2⤵
  PID:6732
- C:\Windows\System\IGietJY.exe
  C:\Windows\System\IGietJY.exe
  2⤵
  PID:6796
- C:\Windows\System\tMKWUxe.exe
  C:\Windows\System\tMKWUxe.exe
  2⤵
  PID:6840
- C:\Windows\System\EBFrXVv.exe
  C:\Windows\System\EBFrXVv.exe
  2⤵
  PID:6752
- C:\Windows\System\OkjgOKJ.exe
  C:\Windows\System\OkjgOKJ.exe
  2⤵
  PID:6860
- C:\Windows\System\DaGFcyB.exe
  C:\Windows\System\DaGFcyB.exe
  2⤵
  PID:6880
- C:\Windows\System\NxhLmRS.exe
  C:\Windows\System\NxhLmRS.exe
  2⤵
  PID:6948
- C:\Windows\System\NPjhIIh.exe
  C:\Windows\System\NPjhIIh.exe
  2⤵
  PID:6892
- C:\Windows\System\kqZSGkz.exe
  C:\Windows\System\kqZSGkz.exe
  2⤵
  PID:6932
- C:\Windows\System\DJCfaFI.exe
  C:\Windows\System\DJCfaFI.exe
  2⤵
  PID:7104
- C:\Windows\System\kRDfCrT.exe
  C:\Windows\System\kRDfCrT.exe
  2⤵
  PID:7056
- C:\Windows\System\PydYQYi.exe
  C:\Windows\System\PydYQYi.exe
  2⤵
  PID:6992
- C:\Windows\System\wltHmdv.exe
  C:\Windows\System\wltHmdv.exe
  2⤵
  PID:7132
- C:\Windows\System\FDFYxQx.exe
  C:\Windows\System\FDFYxQx.exe
  2⤵
  PID:7160
- C:\Windows\System\YvqOSno.exe
  C:\Windows\System\YvqOSno.exe
  2⤵
  PID:6272
- C:\Windows\System\HCeYGaY.exe
  C:\Windows\System\HCeYGaY.exe
  2⤵
  PID:5904
- C:\Windows\System\eUDImGm.exe
  C:\Windows\System\eUDImGm.exe
  2⤵
  PID:6276
- C:\Windows\System\mohTNoY.exe
  C:\Windows\System\mohTNoY.exe
  2⤵
  PID:6304
- C:\Windows\System\bjRogVt.exe
  C:\Windows\System\bjRogVt.exe
  2⤵
  PID:6168
- C:\Windows\System\oZAXAWx.exe
  C:\Windows\System\oZAXAWx.exe
  2⤵
  PID:6252
- C:\Windows\System\CwunpQP.exe
  C:\Windows\System\CwunpQP.exe
  2⤵
  PID:6348
- C:\Windows\System\CmjJFFI.exe
  C:\Windows\System\CmjJFFI.exe
  2⤵
  PID:6560
- C:\Windows\System\FREQvYh.exe
  C:\Windows\System\FREQvYh.exe
  2⤵
  PID:6456
- C:\Windows\System\SHPjXGM.exe
  C:\Windows\System\SHPjXGM.exe
  2⤵
  PID:6620
- C:\Windows\System\MYbEXoy.exe
  C:\Windows\System\MYbEXoy.exe
  2⤵
  PID:6588
- C:\Windows\System\lWssqNk.exe
  C:\Windows\System\lWssqNk.exe
  2⤵
  PID:6580
- C:\Windows\System\YfSqQmw.exe
  C:\Windows\System\YfSqQmw.exe
  2⤵
  PID:6676
- C:\Windows\System\ZezJPKS.exe
  C:\Windows\System\ZezJPKS.exe
  2⤵
  PID:6536
- C:\Windows\System\ZJujFAX.exe
  C:\Windows\System\ZJujFAX.exe
  2⤵
  PID:6904
- C:\Windows\System\qmWAtWJ.exe
  C:\Windows\System\qmWAtWJ.exe
  2⤵
  PID:7072
- C:\Windows\System\BkwXZxz.exe
  C:\Windows\System\BkwXZxz.exe
  2⤵
  PID:6712
- C:\Windows\System\mMJWkgo.exe
  C:\Windows\System\mMJWkgo.exe
  2⤵
  PID:7028
- C:\Windows\System\UEpBEBN.exe
  C:\Windows\System\UEpBEBN.exe
  2⤵
  PID:7140
- C:\Windows\System\qDcnqTT.exe
  C:\Windows\System\qDcnqTT.exe
  2⤵
  PID:6908
- C:\Windows\System\vGkCFBD.exe
  C:\Windows\System\vGkCFBD.exe
  2⤵
  PID:7012
- C:\Windows\System\XhhsFqt.exe
  C:\Windows\System\XhhsFqt.exe
  2⤵
  PID:7156
- C:\Windows\System\pKDjEJw.exe
  C:\Windows\System\pKDjEJw.exe
  2⤵
  PID:6216
- C:\Windows\System\PKLuCZz.exe
  C:\Windows\System\PKLuCZz.exe
  2⤵
  PID:6444
- C:\Windows\System\xSaafqF.exe
  C:\Windows\System\xSaafqF.exe
  2⤵
  PID:6564
- C:\Windows\System\yLzqmvm.exe
  C:\Windows\System\yLzqmvm.exe
  2⤵
  PID:6308
- C:\Windows\System\xjUCIIZ.exe
  C:\Windows\System\xjUCIIZ.exe
  2⤵
  PID:6672
- C:\Windows\System\qAeChhz.exe
  C:\Windows\System\qAeChhz.exe
  2⤵
  PID:6640
- C:\Windows\System\UsvyNuT.exe
  C:\Windows\System\UsvyNuT.exe
  2⤵
  PID:6372
- C:\Windows\System\BMnQmsp.exe
  C:\Windows\System\BMnQmsp.exe
  2⤵
  PID:7112
- C:\Windows\System\wZRPLBH.exe
  C:\Windows\System\wZRPLBH.exe
  2⤵
  PID:7024
- C:\Windows\System\FuAspEw.exe
  C:\Windows\System\FuAspEw.exe
  2⤵
  PID:6844
- C:\Windows\System\OfyYiPR.exe
  C:\Windows\System\OfyYiPR.exe
  2⤵
  PID:7128
- C:\Windows\System\yQJfdBH.exe
  C:\Windows\System\yQJfdBH.exe
  2⤵
  PID:5520
- C:\Windows\System\akwtknl.exe
  C:\Windows\System\akwtknl.exe
  2⤵
  PID:5444
- C:\Windows\System\CytSFgR.exe
  C:\Windows\System\CytSFgR.exe
  2⤵
  PID:6380
- C:\Windows\System\NWyNYfa.exe
  C:\Windows\System\NWyNYfa.exe
  2⤵
  PID:6356
- C:\Windows\System\RjvPeqN.exe
  C:\Windows\System\RjvPeqN.exe
  2⤵
  PID:6856
- C:\Windows\System\ekdhlrN.exe
  C:\Windows\System\ekdhlrN.exe
  2⤵
  PID:7092
- C:\Windows\System\xNnIIzY.exe
  C:\Windows\System\xNnIIzY.exe
  2⤵
  PID:7144
- C:\Windows\System\yAHeUXe.exe
  C:\Windows\System\yAHeUXe.exe
  2⤵
  PID:6824
- C:\Windows\System\uScyOwa.exe
  C:\Windows\System\uScyOwa.exe
  2⤵
  PID:6196
- C:\Windows\System\POpcOoU.exe
  C:\Windows\System\POpcOoU.exe
  2⤵
  PID:6996
- C:\Windows\System\Sawdlbi.exe
  C:\Windows\System\Sawdlbi.exe
  2⤵
  PID:6508
- C:\Windows\System\WSTCrLB.exe
  C:\Windows\System\WSTCrLB.exe
  2⤵
  PID:6584
- C:\Windows\System\eVVcCrQ.exe
  C:\Windows\System\eVVcCrQ.exe
  2⤵
  PID:7176
- C:\Windows\System\KaJldLz.exe
  C:\Windows\System\KaJldLz.exe
  2⤵
  PID:7196
- C:\Windows\System\QRfMOSv.exe
  C:\Windows\System\QRfMOSv.exe
  2⤵
  PID:7212
- C:\Windows\System\MSWlkkh.exe
  C:\Windows\System\MSWlkkh.exe
  2⤵
  PID:7232
- C:\Windows\System\dhXwJbj.exe
  C:\Windows\System\dhXwJbj.exe
  2⤵
  PID:7248
- C:\Windows\System\ZCgjxWp.exe
  C:\Windows\System\ZCgjxWp.exe
  2⤵
  PID:7268
- C:\Windows\System\diYTwLJ.exe
  C:\Windows\System\diYTwLJ.exe
  2⤵
  PID:7284
- C:\Windows\System\tGXcjQW.exe
  C:\Windows\System\tGXcjQW.exe
  2⤵
  PID:7300
- C:\Windows\System\PqfdoHR.exe
  C:\Windows\System\PqfdoHR.exe
  2⤵
  PID:7320
- C:\Windows\System\ezJNTeP.exe
  C:\Windows\System\ezJNTeP.exe
  2⤵
  PID:7336
- C:\Windows\System\RCgWClt.exe
  C:\Windows\System\RCgWClt.exe
  2⤵
  PID:7360
- C:\Windows\System\aJSTSGA.exe
  C:\Windows\System\aJSTSGA.exe
  2⤵
  PID:7384
- C:\Windows\System\pBxQSrh.exe
  C:\Windows\System\pBxQSrh.exe
  2⤵
  PID:7428
- C:\Windows\System\zsybIUS.exe
  C:\Windows\System\zsybIUS.exe
  2⤵
  PID:7448
- C:\Windows\System\VQswATU.exe
  C:\Windows\System\VQswATU.exe
  2⤵
  PID:7464
- C:\Windows\System\ovQLTwE.exe
  C:\Windows\System\ovQLTwE.exe
  2⤵
  PID:7488
- C:\Windows\System\SgJGHIr.exe
  C:\Windows\System\SgJGHIr.exe
  2⤵
  PID:7512
- C:\Windows\System\KRlAbIs.exe
  C:\Windows\System\KRlAbIs.exe
  2⤵
  PID:7528
- C:\Windows\System\UilvucP.exe
  C:\Windows\System\UilvucP.exe
  2⤵
  PID:7556
- C:\Windows\System\hWlNwEE.exe
  C:\Windows\System\hWlNwEE.exe
  2⤵
  PID:7572
- C:\Windows\System\axjWRSG.exe
  C:\Windows\System\axjWRSG.exe
  2⤵
  PID:7588
- C:\Windows\System\wOlUBYX.exe
  C:\Windows\System\wOlUBYX.exe
  2⤵
  PID:7612
- C:\Windows\System\oLNwVMD.exe
  C:\Windows\System\oLNwVMD.exe
  2⤵
  PID:7628
- C:\Windows\System\SqmvXvf.exe
  C:\Windows\System\SqmvXvf.exe
  2⤵
  PID:7652
- C:\Windows\System\FYGWYPX.exe
  C:\Windows\System\FYGWYPX.exe
  2⤵
  PID:7676
- C:\Windows\System\JKssNWp.exe
  C:\Windows\System\JKssNWp.exe
  2⤵
  PID:7692
- C:\Windows\System\gJUoAli.exe
  C:\Windows\System\gJUoAli.exe
  2⤵
  PID:7716
- C:\Windows\System\fdjYMDw.exe
  C:\Windows\System\fdjYMDw.exe
  2⤵
  PID:7732
- C:\Windows\System\kZAJvmf.exe
  C:\Windows\System\kZAJvmf.exe
  2⤵
  PID:7752
- C:\Windows\System\ybTXURm.exe
  C:\Windows\System\ybTXURm.exe
  2⤵
  PID:7772
- C:\Windows\System\SnODkwp.exe
  C:\Windows\System\SnODkwp.exe
  2⤵
  PID:7788
- C:\Windows\System\OMnmsdd.exe
  C:\Windows\System\OMnmsdd.exe
  2⤵
  PID:7804
- C:\Windows\System\MLIDKOM.exe
  C:\Windows\System\MLIDKOM.exe
  2⤵
  PID:7820
- C:\Windows\System\QivxnLR.exe
  C:\Windows\System\QivxnLR.exe
  2⤵
  PID:7836
- C:\Windows\System\ILQUGSd.exe
  C:\Windows\System\ILQUGSd.exe
  2⤵
  PID:7860
- C:\Windows\System\pVogzrY.exe
  C:\Windows\System\pVogzrY.exe
  2⤵
  PID:7876
- C:\Windows\System\fHaPOeL.exe
  C:\Windows\System\fHaPOeL.exe
  2⤵
  PID:7892
- C:\Windows\System\lwIoTwb.exe
  C:\Windows\System\lwIoTwb.exe
  2⤵
  PID:7912
- C:\Windows\System\iknVsnm.exe
  C:\Windows\System\iknVsnm.exe
  2⤵
  PID:7928
- C:\Windows\System\nEEBixw.exe
  C:\Windows\System\nEEBixw.exe
  2⤵
  PID:7944
- C:\Windows\System\VIonlap.exe
  C:\Windows\System\VIonlap.exe
  2⤵
  PID:7988
- C:\Windows\System\dHffJcB.exe
  C:\Windows\System\dHffJcB.exe
  2⤵
  PID:8008
- C:\Windows\System\soEiIfC.exe
  C:\Windows\System\soEiIfC.exe
  2⤵
  PID:8024
- C:\Windows\System\FEwwnGd.exe
  C:\Windows\System\FEwwnGd.exe
  2⤵
  PID:8040
- C:\Windows\System\YuJNrHO.exe
  C:\Windows\System\YuJNrHO.exe
  2⤵
  PID:8056
- C:\Windows\System\LdKMiLu.exe
  C:\Windows\System\LdKMiLu.exe
  2⤵
  PID:8076
- C:\Windows\System\kGnJYfP.exe
  C:\Windows\System\kGnJYfP.exe
  2⤵
  PID:8092
- C:\Windows\System\DbmluNH.exe
  C:\Windows\System\DbmluNH.exe
  2⤵
  PID:8116
- C:\Windows\System\NxLqbXa.exe
  C:\Windows\System\NxLqbXa.exe
  2⤵
  PID:8144
- C:\Windows\System\YZiVrhI.exe
  C:\Windows\System\YZiVrhI.exe
  2⤵
  PID:8164
- C:\Windows\System\dNUHQtn.exe
  C:\Windows\System\dNUHQtn.exe
  2⤵
  PID:8184
- C:\Windows\System\jkUySPZ.exe
  C:\Windows\System\jkUySPZ.exe
  2⤵
  PID:5240
- C:\Windows\System\gxwPIYl.exe
  C:\Windows\System\gxwPIYl.exe
  2⤵
  PID:7240
- C:\Windows\System\MspVZRp.exe
  C:\Windows\System\MspVZRp.exe
  2⤵
  PID:7280
- C:\Windows\System\FDqMltF.exe
  C:\Windows\System\FDqMltF.exe
  2⤵
  PID:7316
- C:\Windows\System\dBvJNuY.exe
  C:\Windows\System\dBvJNuY.exe
  2⤵
  PID:6768
- C:\Windows\System\FPZspWN.exe
  C:\Windows\System\FPZspWN.exe
  2⤵
  PID:7256
- C:\Windows\System\YVEpqxi.exe
  C:\Windows\System\YVEpqxi.exe
  2⤵
  PID:7332
- C:\Windows\System\jpxCjfF.exe
  C:\Windows\System\jpxCjfF.exe
  2⤵
  PID:6280
- C:\Windows\System\eQXEdxg.exe
  C:\Windows\System\eQXEdxg.exe
  2⤵
  PID:7396
- C:\Windows\System\NAAtANh.exe
  C:\Windows\System\NAAtANh.exe
  2⤵
  PID:7408
- C:\Windows\System\ryetmbZ.exe
  C:\Windows\System\ryetmbZ.exe
  2⤵
  PID:7456
- C:\Windows\System\USwPZiP.exe
  C:\Windows\System\USwPZiP.exe
  2⤵
  PID:7508
- C:\Windows\System\bdmRIJR.exe
  C:\Windows\System\bdmRIJR.exe
  2⤵
  PID:7544
- C:\Windows\System\VcEdODy.exe
  C:\Windows\System\VcEdODy.exe
  2⤵
  PID:7440
- C:\Windows\System\CofQVPB.exe
  C:\Windows\System\CofQVPB.exe
  2⤵
  PID:7524
- C:\Windows\System\IRAZSnc.exe
  C:\Windows\System\IRAZSnc.exe
  2⤵
  PID:7620
- C:\Windows\System\oqcNAZm.exe
  C:\Windows\System\oqcNAZm.exe
  2⤵
  PID:7564
- C:\Windows\System\yaeAztM.exe
  C:\Windows\System\yaeAztM.exe
  2⤵
  PID:7672
- C:\Windows\System\iFNGhEb.exe
  C:\Windows\System\iFNGhEb.exe
  2⤵
  PID:7740
- C:\Windows\System\joMoetR.exe
  C:\Windows\System\joMoetR.exe
  2⤵
  PID:7644
- C:\Windows\System\LfzLWOs.exe
  C:\Windows\System\LfzLWOs.exe
  2⤵
  PID:7796
- C:\Windows\System\QKnegAn.exe
  C:\Windows\System\QKnegAn.exe
  2⤵
  PID:7780
- C:\Windows\System\BVHcNoa.exe
  C:\Windows\System\BVHcNoa.exe
  2⤵
  PID:7852
- C:\Windows\System\dyaBEna.exe
  C:\Windows\System\dyaBEna.exe
  2⤵
  PID:7888
- C:\Windows\System\AXICeEl.exe
  C:\Windows\System\AXICeEl.exe
  2⤵
  PID:7908
- C:\Windows\System\IEaMZbZ.exe
  C:\Windows\System\IEaMZbZ.exe
  2⤵
  PID:7960
- C:\Windows\System\XIcvdZN.exe
  C:\Windows\System\XIcvdZN.exe
  2⤵
  PID:7972
- C:\Windows\System\MlvbFtI.exe
  C:\Windows\System\MlvbFtI.exe
  2⤵
  PID:8048
- C:\Windows\System\aMkUlef.exe
  C:\Windows\System\aMkUlef.exe
  2⤵
  PID:8004
- C:\Windows\System\isQIVHc.exe
  C:\Windows\System\isQIVHc.exe
  2⤵
  PID:8084
- C:\Windows\System\guyaBNq.exe
  C:\Windows\System\guyaBNq.exe
  2⤵
  PID:8132
- C:\Windows\System\qqJnczz.exe
  C:\Windows\System\qqJnczz.exe
  2⤵
  PID:8128
- C:\Windows\System\imVeNAc.exe
  C:\Windows\System\imVeNAc.exe
  2⤵
  PID:8180
- C:\Windows\System\AUsUFMe.exe
  C:\Windows\System\AUsUFMe.exe
  2⤵
  PID:7208
- C:\Windows\System\ntlADhU.exe
  C:\Windows\System\ntlADhU.exe
  2⤵
  PID:7224
- C:\Windows\System\qpbwoAF.exe
  C:\Windows\System\qpbwoAF.exe
  2⤵
  PID:8160
- C:\Windows\System\vYHYnMq.exe
  C:\Windows\System\vYHYnMq.exe
  2⤵
  PID:6332
- C:\Windows\System\IdRpWJZ.exe
  C:\Windows\System\IdRpWJZ.exe
  2⤵
  PID:7264
- C:\Windows\System\fBKjafE.exe
  C:\Windows\System\fBKjafE.exe
  2⤵
  PID:7192
- C:\Windows\System\dvYVTgq.exe
  C:\Windows\System\dvYVTgq.exe
  2⤵
  PID:4336
- C:\Windows\System\tTTDkbU.exe
  C:\Windows\System\tTTDkbU.exe
  2⤵
  PID:7496
- C:\Windows\System\hjwNQAv.exe
  C:\Windows\System\hjwNQAv.exe
  2⤵
  PID:7552
- C:\Windows\System\gYxdMhd.exe
  C:\Windows\System\gYxdMhd.exe
  2⤵
  PID:7728
- C:\Windows\System\LLuxogR.exe
  C:\Windows\System\LLuxogR.exe
  2⤵
  PID:7536
- C:\Windows\System\KmIERaB.exe
  C:\Windows\System\KmIERaB.exe
  2⤵
  PID:7640
- C:\Windows\System\bVijfaS.exe
  C:\Windows\System\bVijfaS.exe
  2⤵
  PID:7708
- C:\Windows\System\YvghpjI.exe
  C:\Windows\System\YvghpjI.exe
  2⤵
  PID:7812
- C:\Windows\System\GrtRhLu.exe
  C:\Windows\System\GrtRhLu.exe
  2⤵
  PID:7884
- C:\Windows\System\hQdgvgI.exe
  C:\Windows\System\hQdgvgI.exe
  2⤵
  PID:8016
- C:\Windows\System\QKzaNjr.exe
  C:\Windows\System\QKzaNjr.exe
  2⤵
  PID:8068
- C:\Windows\System\rqYrwrJ.exe
  C:\Windows\System\rqYrwrJ.exe
  2⤵
  PID:7244
- C:\Windows\System\uogrqLs.exe
  C:\Windows\System\uogrqLs.exe
  2⤵
  PID:7276
- C:\Windows\System\jhoAbfy.exe
  C:\Windows\System\jhoAbfy.exe
  2⤵
  PID:8000
- C:\Windows\System\ksVCktJ.exe
  C:\Windows\System\ksVCktJ.exe
  2⤵
  PID:8088
- C:\Windows\System\HLmgPVL.exe
  C:\Windows\System\HLmgPVL.exe
  2⤵
  PID:6516
- C:\Windows\System\cjfDWUa.exe
  C:\Windows\System\cjfDWUa.exe
  2⤵
  PID:7292
- C:\Windows\System\BHfhmxh.exe
  C:\Windows\System\BHfhmxh.exe
  2⤵
  PID:7380
- C:\Windows\System\NNWxQhn.exe
  C:\Windows\System\NNWxQhn.exe
  2⤵
  PID:7608
- C:\Windows\System\VuNWqav.exe
  C:\Windows\System\VuNWqav.exe
  2⤵
  PID:7872
- C:\Windows\System\rzsoiCn.exe
  C:\Windows\System\rzsoiCn.exe
  2⤵
  PID:7868
- C:\Windows\System\gDAhoWp.exe
  C:\Windows\System\gDAhoWp.exe
  2⤵
  PID:6964
- C:\Windows\System\udgTGyi.exe
  C:\Windows\System\udgTGyi.exe
  2⤵
  PID:8064
- C:\Windows\System\eeiYXDv.exe
  C:\Windows\System\eeiYXDv.exe
  2⤵
  PID:7684
- C:\Windows\System\YFAQxhk.exe
  C:\Windows\System\YFAQxhk.exe
  2⤵
  PID:7220
- C:\Windows\System\YTULgsh.exe
  C:\Windows\System\YTULgsh.exe
  2⤵
  PID:7420
- C:\Windows\System\ZjjgUhg.exe
  C:\Windows\System\ZjjgUhg.exe
  2⤵
  PID:7980
- C:\Windows\System\gLUVwmK.exe
  C:\Windows\System\gLUVwmK.exe
  2⤵
  PID:7540
- C:\Windows\System\uxsyfAK.exe
  C:\Windows\System\uxsyfAK.exe
  2⤵
  PID:1556
- C:\Windows\System\wQArToM.exe
  C:\Windows\System\wQArToM.exe
  2⤵
  PID:7968
- C:\Windows\System\OlxBLdB.exe
  C:\Windows\System\OlxBLdB.exe
  2⤵
  PID:8100
- C:\Windows\System\likGDAA.exe
  C:\Windows\System\likGDAA.exe
  2⤵
  PID:7584
- C:\Windows\System\jRvmjwU.exe
  C:\Windows\System\jRvmjwU.exe
  2⤵
  PID:7184
- C:\Windows\System\OnnNcGN.exe
  C:\Windows\System\OnnNcGN.exe
  2⤵
  PID:7404
- C:\Windows\System\AOIBPxu.exe
  C:\Windows\System\AOIBPxu.exe
  2⤵
  PID:8208
- C:\Windows\System\sQoMhlS.exe
  C:\Windows\System\sQoMhlS.exe
  2⤵
  PID:8224
- C:\Windows\System\WNndqlc.exe
  C:\Windows\System\WNndqlc.exe
  2⤵
  PID:8244
- C:\Windows\System\vpdlVhj.exe
  C:\Windows\System\vpdlVhj.exe
  2⤵
  PID:8260
- C:\Windows\System\VOKhVkE.exe
  C:\Windows\System\VOKhVkE.exe
  2⤵
  PID:8280
- C:\Windows\System\UdUsOlm.exe
  C:\Windows\System\UdUsOlm.exe
  2⤵
  PID:8300
- C:\Windows\System\yWNvOOO.exe
  C:\Windows\System\yWNvOOO.exe
  2⤵
  PID:8316
- C:\Windows\System\lAolKHO.exe
  C:\Windows\System\lAolKHO.exe
  2⤵
  PID:8332
- C:\Windows\System\NMARGFo.exe
  C:\Windows\System\NMARGFo.exe
  2⤵
  PID:8348
- C:\Windows\System\suwIUHs.exe
  C:\Windows\System\suwIUHs.exe
  2⤵
  PID:8372
- C:\Windows\System\WwunjES.exe
  C:\Windows\System\WwunjES.exe
  2⤵
  PID:8388
- C:\Windows\System\HhmsWNv.exe
  C:\Windows\System\HhmsWNv.exe
  2⤵
  PID:8408
- C:\Windows\System\ZnReKSl.exe
  C:\Windows\System\ZnReKSl.exe
  2⤵
  PID:8432
- C:\Windows\System\TAUrHEf.exe
  C:\Windows\System\TAUrHEf.exe
  2⤵
  PID:8452
- C:\Windows\System\gawFrLp.exe
  C:\Windows\System\gawFrLp.exe
  2⤵
  PID:8468
- C:\Windows\System\qvJtUln.exe
  C:\Windows\System\qvJtUln.exe
  2⤵
  PID:8488
- C:\Windows\System\WUcBsmM.exe
  C:\Windows\System\WUcBsmM.exe
  2⤵
  PID:8504
- C:\Windows\System\YFouZyU.exe
  C:\Windows\System\YFouZyU.exe
  2⤵
  PID:8528
- C:\Windows\System\XgUhwYH.exe
  C:\Windows\System\XgUhwYH.exe
  2⤵
  PID:8544
- C:\Windows\System\ieFHbKk.exe
  C:\Windows\System\ieFHbKk.exe
  2⤵
  PID:8560
- C:\Windows\System\LSzIGWR.exe
  C:\Windows\System\LSzIGWR.exe
  2⤵
  PID:8588
- C:\Windows\System\nymKMIG.exe
  C:\Windows\System\nymKMIG.exe
  2⤵
  PID:8648
- C:\Windows\System\ClBgXXI.exe
  C:\Windows\System\ClBgXXI.exe
  2⤵
  PID:8664
- C:\Windows\System\DckfZNf.exe
  C:\Windows\System\DckfZNf.exe
  2⤵
  PID:8680
- C:\Windows\System\QIoPJwY.exe
  C:\Windows\System\QIoPJwY.exe
  2⤵
  PID:8696
- C:\Windows\System\iaiXcHE.exe
  C:\Windows\System\iaiXcHE.exe
  2⤵
  PID:8728
- C:\Windows\System\JNynicf.exe
  C:\Windows\System\JNynicf.exe
  2⤵
  PID:8748
- C:\Windows\System\XbcyjPD.exe
  C:\Windows\System\XbcyjPD.exe
  2⤵
  PID:8768
- C:\Windows\System\boKPvzm.exe
  C:\Windows\System\boKPvzm.exe
  2⤵
  PID:8784
- C:\Windows\System\njzjQxJ.exe
  C:\Windows\System\njzjQxJ.exe
  2⤵
  PID:8800
- C:\Windows\System\QFrsbkf.exe
  C:\Windows\System\QFrsbkf.exe
  2⤵
  PID:8820
- C:\Windows\System\nDRtXSH.exe
  C:\Windows\System\nDRtXSH.exe
  2⤵
  PID:8840
- C:\Windows\System\ZpURKUl.exe
  C:\Windows\System\ZpURKUl.exe
  2⤵
  PID:8856
- C:\Windows\System\CbEiaSz.exe
  C:\Windows\System\CbEiaSz.exe
  2⤵
  PID:8872
- C:\Windows\System\KlfSbvC.exe
  C:\Windows\System\KlfSbvC.exe
  2⤵
  PID:8892
- C:\Windows\System\qTYCblV.exe
  C:\Windows\System\qTYCblV.exe
  2⤵
  PID:8916
- C:\Windows\System\vanyPTn.exe
  C:\Windows\System\vanyPTn.exe
  2⤵
  PID:8932
- C:\Windows\System\wBRSEKh.exe
  C:\Windows\System\wBRSEKh.exe
  2⤵
  PID:8948
- C:\Windows\System\GoNIPvt.exe
  C:\Windows\System\GoNIPvt.exe
  2⤵
  PID:8968
- C:\Windows\System\utnEfSN.exe
  C:\Windows\System\utnEfSN.exe
  2⤵
  PID:8984
- C:\Windows\System\HCraAKi.exe
  C:\Windows\System\HCraAKi.exe
  2⤵
  PID:9008
- C:\Windows\System\GmGtpJO.exe
  C:\Windows\System\GmGtpJO.exe
  2⤵
  PID:9024
- C:\Windows\System\HFrUqHy.exe
  C:\Windows\System\HFrUqHy.exe
  2⤵
  PID:9040
- C:\Windows\System\UzLtqgH.exe
  C:\Windows\System\UzLtqgH.exe
  2⤵
  PID:9056
- C:\Windows\System\rXzHhdg.exe
  C:\Windows\System\rXzHhdg.exe
  2⤵
  PID:9088
- C:\Windows\System\EIhKaNy.exe
  C:\Windows\System\EIhKaNy.exe
  2⤵
  PID:9104
- C:\Windows\System\yJvOuzY.exe
  C:\Windows\System\yJvOuzY.exe
  2⤵
  PID:9120
- C:\Windows\System\FwYJnsQ.exe
  C:\Windows\System\FwYJnsQ.exe
  2⤵
  PID:9136
- C:\Windows\System\MQPHNAv.exe
  C:\Windows\System\MQPHNAv.exe
  2⤵
  PID:9156
- C:\Windows\System\YtubVpk.exe
  C:\Windows\System\YtubVpk.exe
  2⤵
  PID:9172
- C:\Windows\System\mVEKfcG.exe
  C:\Windows\System\mVEKfcG.exe
  2⤵
  PID:9196
- C:\Windows\System\oTWyvmY.exe
  C:\Windows\System\oTWyvmY.exe
  2⤵
  PID:8288
- C:\Windows\System\PCbfsGj.exe
  C:\Windows\System\PCbfsGj.exe
  2⤵
  PID:7844
- C:\Windows\System\fiukszs.exe
  C:\Windows\System\fiukszs.exe
  2⤵
  PID:8440
- C:\Windows\System\GMEqyOS.exe
  C:\Windows\System\GMEqyOS.exe
  2⤵
  PID:7604
- C:\Windows\System\OpJnFJE.exe
  C:\Windows\System\OpJnFJE.exe
  2⤵
  PID:8308
- C:\Windows\System\RoFukcc.exe
  C:\Windows\System\RoFukcc.exe
  2⤵
  PID:7768
- C:\Windows\System\bzAnGQS.exe
  C:\Windows\System\bzAnGQS.exe
  2⤵
  PID:8416
- C:\Windows\System\TGoGcSt.exe
  C:\Windows\System\TGoGcSt.exe
  2⤵
  PID:8516
- C:\Windows\System\GTYJuYC.exe
  C:\Windows\System\GTYJuYC.exe
  2⤵
  PID:8240
- C:\Windows\System\ntTQTZl.exe
  C:\Windows\System\ntTQTZl.exe
  2⤵
  PID:8464
- C:\Windows\System\liflNSk.exe
  C:\Windows\System\liflNSk.exe
  2⤵
  PID:8552
- C:\Windows\System\hmsDvnI.exe
  C:\Windows\System\hmsDvnI.exe
  2⤵
  PID:7828
- C:\Windows\System\LgeZCTO.exe
  C:\Windows\System\LgeZCTO.exe
  2⤵
  PID:8600
- C:\Windows\System\wIkCzGp.exe
  C:\Windows\System\wIkCzGp.exe
  2⤵
  PID:8616
- C:\Windows\System\VptXWwK.exe
  C:\Windows\System\VptXWwK.exe
  2⤵
  PID:8636
- C:\Windows\System\ourSXJs.exe
  C:\Windows\System\ourSXJs.exe
  2⤵
  PID:8672
- C:\Windows\System\CRvrnTP.exe
  C:\Windows\System\CRvrnTP.exe
  2⤵
  PID:8712
- C:\Windows\System\tKFICkN.exe
  C:\Windows\System\tKFICkN.exe
  2⤵
  PID:8692
- C:\Windows\System\IflivQc.exe
  C:\Windows\System\IflivQc.exe
  2⤵
  PID:8832
- C:\Windows\System\EumiUzV.exe
  C:\Windows\System\EumiUzV.exe
  2⤵
  PID:8904
- C:\Windows\System\mICEKlr.exe
  C:\Windows\System\mICEKlr.exe
  2⤵
  PID:8780
- C:\Windows\System\cNyXaWB.exe
  C:\Windows\System\cNyXaWB.exe
  2⤵
  PID:8888
- C:\Windows\System\XplJOWO.exe
  C:\Windows\System\XplJOWO.exe
  2⤵
  PID:8976
- C:\Windows\System\NqexjGd.exe
  C:\Windows\System\NqexjGd.exe
  2⤵
  PID:9096
- C:\Windows\System\qHGNTfc.exe
  C:\Windows\System\qHGNTfc.exe
  2⤵
  PID:8956
- C:\Windows\System\SnQpLvO.exe
  C:\Windows\System\SnQpLvO.exe
  2⤵
  PID:8996
- C:\Windows\System\DLxEHXV.exe
  C:\Windows\System\DLxEHXV.exe
  2⤵
  PID:9128
- C:\Windows\System\tbxWGFa.exe
  C:\Windows\System\tbxWGFa.exe
  2⤵
  PID:9072
- C:\Windows\System\pizeUjz.exe
  C:\Windows\System\pizeUjz.exe
  2⤵
  PID:9152
- C:\Windows\System\uPEnQTs.exe
  C:\Windows\System\uPEnQTs.exe
  2⤵
  PID:9180
- C:\Windows\System\ZhSRrTW.exe
  C:\Windows\System\ZhSRrTW.exe
  2⤵
  PID:9208
- C:\Windows\System\mhWHeeK.exe
  C:\Windows\System\mhWHeeK.exe
  2⤵
  PID:8252
- C:\Windows\System\mMtCCVl.exe
  C:\Windows\System\mMtCCVl.exe
  2⤵
  PID:8364
- C:\Windows\System\hnlYcGU.exe
  C:\Windows\System\hnlYcGU.exe
  2⤵
  PID:8448
- C:\Windows\System\xjVrsFz.exe
  C:\Windows\System\xjVrsFz.exe
  2⤵
  PID:7848
- C:\Windows\System\dFsyiVf.exe
  C:\Windows\System\dFsyiVf.exe
  2⤵
  PID:8340
- C:\Windows\System\mZcHDeW.exe
  C:\Windows\System\mZcHDeW.exe
  2⤵
  PID:8204
- C:\Windows\System\jjYABqA.exe
  C:\Windows\System\jjYABqA.exe
  2⤵
  PID:8424
- C:\Windows\System\uSlxndw.exe
  C:\Windows\System\uSlxndw.exe
  2⤵
  PID:8628
- C:\Windows\System\FCzxOIV.exe
  C:\Windows\System\FCzxOIV.exe
  2⤵
  PID:8708
- C:\Windows\System\mqMREAl.exe
  C:\Windows\System\mqMREAl.exe
  2⤵
  PID:8760
- C:\Windows\System\PNsMHcs.exe
  C:\Windows\System\PNsMHcs.exe
  2⤵
  PID:8792
- C:\Windows\System\GqcUOik.exe
  C:\Windows\System\GqcUOik.exe
  2⤵
  PID:8720
- C:\Windows\System\asKrwmy.exe
  C:\Windows\System\asKrwmy.exe
  2⤵
  PID:8900
- C:\Windows\System\eBcTMee.exe
  C:\Windows\System\eBcTMee.exe
  2⤵
  PID:8848
- C:\Windows\System\nngTsmV.exe
  C:\Windows\System\nngTsmV.exe
  2⤵
  PID:8944
- C:\Windows\System\edBnHEy.exe
  C:\Windows\System\edBnHEy.exe
  2⤵
  PID:8928
- C:\Windows\System\ltCfJPd.exe
  C:\Windows\System\ltCfJPd.exe
  2⤵
  PID:9036
- C:\Windows\System\fhwaVCw.exe
  C:\Windows\System\fhwaVCw.exe
  2⤵
  PID:9204
- C:\Windows\System\oldJCnE.exe
  C:\Windows\System\oldJCnE.exe
  2⤵
  PID:9112
- C:\Windows\System\ljeUAjA.exe
  C:\Windows\System\ljeUAjA.exe
  2⤵
  PID:9212
- C:\Windows\System\gRGUjlO.exe
  C:\Windows\System\gRGUjlO.exe
  2⤵
  PID:8036
- C:\Windows\System\ggEOEMo.exe
  C:\Windows\System\ggEOEMo.exe
  2⤵
  PID:8400
- C:\Windows\System\EZfKQzS.exe
  C:\Windows\System\EZfKQzS.exe
  2⤵
  PID:8396
- C:\Windows\System\dsWOccL.exe
  C:\Windows\System\dsWOccL.exe
  2⤵
  PID:8384
- C:\Windows\System\pcfnFXP.exe
  C:\Windows\System\pcfnFXP.exe
  2⤵
  PID:8500
- C:\Windows\System\pyeoFGY.exe
  C:\Windows\System\pyeoFGY.exe
  2⤵
  PID:8632
- C:\Windows\System\jkbcKpr.exe
  C:\Windows\System\jkbcKpr.exe
  2⤵
  PID:8828
- C:\Windows\System\wRwmlyM.exe
  C:\Windows\System\wRwmlyM.exe
  2⤵
  PID:8656
- C:\Windows\System\eMChBQT.exe
  C:\Windows\System\eMChBQT.exe
  2⤵
  PID:9020
- C:\Windows\System\DUTorMq.exe
  C:\Windows\System\DUTorMq.exe
  2⤵
  PID:9080
- C:\Windows\System\WEwaHCH.exe
  C:\Windows\System\WEwaHCH.exe
  2⤵
  PID:9144
- C:\Windows\System\TGkHaMg.exe
  C:\Windows\System\TGkHaMg.exe
  2⤵
  PID:6212
- C:\Windows\System\epVXCDt.exe
  C:\Windows\System\epVXCDt.exe
  2⤵
  PID:7520
- C:\Windows\System\fCsIirZ.exe
  C:\Windows\System\fCsIirZ.exe
  2⤵
  PID:8216
- C:\Windows\System\JZHzACG.exe
  C:\Windows\System\JZHzACG.exe
  2⤵
  PID:8816
- C:\Windows\System\jzxWquq.exe
  C:\Windows\System\jzxWquq.exe
  2⤵
  PID:8812
- C:\Windows\System\KUXhsZW.exe
  C:\Windows\System\KUXhsZW.exe
  2⤵
  PID:8612
- C:\Windows\System\BscmNlT.exe
  C:\Windows\System\BscmNlT.exe
  2⤵
  PID:8404
- C:\Windows\System\bKbZNKz.exe
  C:\Windows\System\bKbZNKz.exe
  2⤵
  PID:9148
- C:\Windows\System\sqyBLCO.exe
  C:\Windows\System\sqyBLCO.exe
  2⤵
  PID:8460
- C:\Windows\System\BFeKDkV.exe
  C:\Windows\System\BFeKDkV.exe
  2⤵
  PID:8232
- C:\Windows\System\uqsgNet.exe
  C:\Windows\System\uqsgNet.exe
  2⤵
  PID:8764
- C:\Windows\System\FwmqWJk.exe
  C:\Windows\System\FwmqWJk.exe
  2⤵
  PID:9048
- C:\Windows\System\zXdRjeC.exe
  C:\Windows\System\zXdRjeC.exe
  2⤵
  PID:8512
- C:\Windows\System\riFEMRe.exe
  C:\Windows\System\riFEMRe.exe
  2⤵
  PID:7348
- C:\Windows\System\ljOXeZq.exe
  C:\Windows\System\ljOXeZq.exe
  2⤵
  PID:8868
- C:\Windows\System\gigYXpJ.exe
  C:\Windows\System\gigYXpJ.exe
  2⤵
  PID:9116
- C:\Windows\System\iLPNvMO.exe
  C:\Windows\System\iLPNvMO.exe
  2⤵
  PID:9220
- C:\Windows\System\DRoOOkz.exe
  C:\Windows\System\DRoOOkz.exe
  2⤵
  PID:9236
- C:\Windows\System\vRQJJXk.exe
  C:\Windows\System\vRQJJXk.exe
  2⤵
  PID:9256
- C:\Windows\System\WQuCWVp.exe
  C:\Windows\System\WQuCWVp.exe
  2⤵
  PID:9292
- C:\Windows\System\rdJUxOz.exe
  C:\Windows\System\rdJUxOz.exe
  2⤵
  PID:9312
- C:\Windows\System\vTeyxWD.exe
  C:\Windows\System\vTeyxWD.exe
  2⤵
  PID:9328
- C:\Windows\System\IiFyVrW.exe
  C:\Windows\System\IiFyVrW.exe
  2⤵
  PID:9348
- C:\Windows\System\VXQzWqM.exe
  C:\Windows\System\VXQzWqM.exe
  2⤵
  PID:9368
- C:\Windows\System\LGLSmRu.exe
  C:\Windows\System\LGLSmRu.exe
  2⤵
  PID:9388
- C:\Windows\System\hrDHNkF.exe
  C:\Windows\System\hrDHNkF.exe
  2⤵
  PID:9408
- C:\Windows\System\MmhUgWP.exe
  C:\Windows\System\MmhUgWP.exe
  2⤵
  PID:9428
- C:\Windows\System\pRUgylv.exe
  C:\Windows\System\pRUgylv.exe
  2⤵
  PID:9444
- C:\Windows\System\eGCuGnV.exe
  C:\Windows\System\eGCuGnV.exe
  2⤵
  PID:9464
- C:\Windows\System\djlIbhI.exe
  C:\Windows\System\djlIbhI.exe
  2⤵
  PID:9484
- C:\Windows\System\piOTcAQ.exe
  C:\Windows\System\piOTcAQ.exe
  2⤵
  PID:9508
- C:\Windows\System\NeNDomh.exe
  C:\Windows\System\NeNDomh.exe
  2⤵
  PID:9528
- C:\Windows\System\fnRKAYo.exe
  C:\Windows\System\fnRKAYo.exe
  2⤵
  PID:9548
- C:\Windows\System\DpKzvdd.exe
  C:\Windows\System\DpKzvdd.exe
  2⤵
  PID:9564
- C:\Windows\System\bGIrqFN.exe
  C:\Windows\System\bGIrqFN.exe
  2⤵
  PID:9580
- C:\Windows\System\jVQraBM.exe
  C:\Windows\System\jVQraBM.exe
  2⤵
  PID:9600
- C:\Windows\System\KMcVMJW.exe
  C:\Windows\System\KMcVMJW.exe
  2⤵
  PID:9620
- C:\Windows\System\LVTKOaQ.exe
  C:\Windows\System\LVTKOaQ.exe
  2⤵
  PID:9644
- C:\Windows\System\pLRuobN.exe
  C:\Windows\System\pLRuobN.exe
  2⤵
  PID:9672
- C:\Windows\System\VncWLbN.exe
  C:\Windows\System\VncWLbN.exe
  2⤵
  PID:9692
- C:\Windows\System\nfKCdPk.exe
  C:\Windows\System\nfKCdPk.exe
  2⤵
  PID:9724
- C:\Windows\System\lfFaoFC.exe
  C:\Windows\System\lfFaoFC.exe
  2⤵
  PID:9740
- C:\Windows\System\wSIFBrF.exe
  C:\Windows\System\wSIFBrF.exe
  2⤵
  PID:9756
- C:\Windows\System\PdYwBaM.exe
  C:\Windows\System\PdYwBaM.exe
  2⤵
  PID:9772
- C:\Windows\System\PZYSdhp.exe
  C:\Windows\System\PZYSdhp.exe
  2⤵
  PID:9788
- C:\Windows\System\PuRTlXv.exe
  C:\Windows\System\PuRTlXv.exe
  2⤵
  PID:9808
- C:\Windows\System\qdNrANw.exe
  C:\Windows\System\qdNrANw.exe
  2⤵
  PID:9828
- C:\Windows\System\jSrZeDO.exe
  C:\Windows\System\jSrZeDO.exe
  2⤵
  PID:9860
- C:\Windows\System\CUAyKJT.exe
  C:\Windows\System\CUAyKJT.exe
  2⤵
  PID:9880
- C:\Windows\System\IbSGtqR.exe
  C:\Windows\System\IbSGtqR.exe
  2⤵
  PID:9900
- C:\Windows\System\MTcLURY.exe
  C:\Windows\System\MTcLURY.exe
  2⤵
  PID:9916
- C:\Windows\System\NuwDTAt.exe
  C:\Windows\System\NuwDTAt.exe
  2⤵
  PID:9940
- C:\Windows\System\SkSzUip.exe
  C:\Windows\System\SkSzUip.exe
  2⤵
  PID:9956
- C:\Windows\System\VGOMjlg.exe
  C:\Windows\System\VGOMjlg.exe
  2⤵
  PID:9972
- C:\Windows\System\udCcpic.exe
  C:\Windows\System\udCcpic.exe
  2⤵
  PID:10000
- C:\Windows\System\ldWgAuj.exe
  C:\Windows\System\ldWgAuj.exe
  2⤵
  PID:10016
- C:\Windows\System\NEXaJrM.exe
  C:\Windows\System\NEXaJrM.exe
  2⤵
  PID:10032
- C:\Windows\System\XuZrKgx.exe
  C:\Windows\System\XuZrKgx.exe
  2⤵
  PID:10056
- C:\Windows\System\kMFLMPs.exe
  C:\Windows\System\kMFLMPs.exe
  2⤵
  PID:10072
- C:\Windows\System\DHEUlBe.exe
  C:\Windows\System\DHEUlBe.exe
  2⤵
  PID:10088
- C:\Windows\System\uCOWBGH.exe
  C:\Windows\System\uCOWBGH.exe
  2⤵
  PID:10112
- C:\Windows\System\WCoquHQ.exe
  C:\Windows\System\WCoquHQ.exe
  2⤵
  PID:10140
- C:\Windows\System\JmIziYw.exe
  C:\Windows\System\JmIziYw.exe
  2⤵
  PID:10164
- C:\Windows\System\CLoiqKG.exe
  C:\Windows\System\CLoiqKG.exe
  2⤵
  PID:10184
- C:\Windows\System\oZsiXTM.exe
  C:\Windows\System\oZsiXTM.exe
  2⤵
  PID:10204
- C:\Windows\System\XokjMFX.exe
  C:\Windows\System\XokjMFX.exe
  2⤵
  PID:10220
- C:\Windows\System\Ueezifv.exe
  C:\Windows\System\Ueezifv.exe
  2⤵
  PID:8540
- C:\Windows\System\bXNxjNS.exe
  C:\Windows\System\bXNxjNS.exe
  2⤵
  PID:9004
- C:\Windows\System\xEMYYuO.exe
  C:\Windows\System\xEMYYuO.exe
  2⤵
  PID:9272
- C:\Windows\System\BAKBOzo.exe
  C:\Windows\System\BAKBOzo.exe
  2⤵
  PID:9288
- C:\Windows\System\MmglHyd.exe
  C:\Windows\System\MmglHyd.exe
  2⤵
  PID:9336
- C:\Windows\System\YTUmPNT.exe
  C:\Windows\System\YTUmPNT.exe
  2⤵
  PID:9356
- C:\Windows\System\RqOmyQy.exe
  C:\Windows\System\RqOmyQy.exe
  2⤵
  PID:9380
- C:\Windows\System\ketdFLg.exe
  C:\Windows\System\ketdFLg.exe
  2⤵
  PID:9420
- C:\Windows\System\gVQRJfK.exe
  C:\Windows\System\gVQRJfK.exe
  2⤵
  PID:9492
- C:\Windows\System\sQfwktC.exe
  C:\Windows\System\sQfwktC.exe
  2⤵
  PID:9540
- C:\Windows\System\gIsZqQN.exe
  C:\Windows\System\gIsZqQN.exe
  2⤵
  PID:9612
- C:\Windows\System\XXtfGJt.exe
  C:\Windows\System\XXtfGJt.exe
  2⤵
  PID:9436
- C:\Windows\System\jRwOaze.exe
  C:\Windows\System\jRwOaze.exe
  2⤵
  PID:9472
- C:\Windows\System\qZjnYHT.exe
  C:\Windows\System\qZjnYHT.exe
  2⤵
  PID:9560
- C:\Windows\System\dsuKBnK.exe
  C:\Windows\System\dsuKBnK.exe
  2⤵
  PID:9596
- C:\Windows\System\PCDorkW.exe
  C:\Windows\System\PCDorkW.exe
  2⤵
  PID:9704
- C:\Windows\System\vxiooRv.exe
  C:\Windows\System\vxiooRv.exe
  2⤵
  PID:9732
- C:\Windows\System\YoIDNZy.exe
  C:\Windows\System\YoIDNZy.exe
  2⤵
  PID:9784
- C:\Windows\System\JeRYkSw.exe
  C:\Windows\System\JeRYkSw.exe
  2⤵
  PID:9768
- C:\Windows\System\GoJfsva.exe
  C:\Windows\System\GoJfsva.exe
  2⤵
  PID:9796
- C:\Windows\System\yeyLDdG.exe
  C:\Windows\System\yeyLDdG.exe
  2⤵
  PID:9856
- C:\Windows\System\IoZPfAE.exe
  C:\Windows\System\IoZPfAE.exe
  2⤵
  PID:9872
- C:\Windows\System\blvplYn.exe
  C:\Windows\System\blvplYn.exe
  2⤵
  PID:9924
- C:\Windows\System\uVZbdfA.exe
  C:\Windows\System\uVZbdfA.exe
  2⤵
  PID:9936
- C:\Windows\System\YIXwqwz.exe
  C:\Windows\System\YIXwqwz.exe
  2⤵
  PID:9988
- C:\Windows\System\LVbFYTQ.exe
  C:\Windows\System\LVbFYTQ.exe
  2⤵
  PID:10024
- C:\Windows\System\vFqpCmz.exe
  C:\Windows\System\vFqpCmz.exe
  2⤵
  PID:10044
- C:\Windows\System\wgujrnU.exe
  C:\Windows\System\wgujrnU.exe
  2⤵
  PID:10080
- C:\Windows\System\FJXTCCE.exe
  C:\Windows\System\FJXTCCE.exe
  2⤵
  PID:10052
- C:\Windows\System\fClzJPd.exe
  C:\Windows\System\fClzJPd.exe
  2⤵
  PID:10152
- C:\Windows\System\NQyHvWG.exe
  C:\Windows\System\NQyHvWG.exe
  2⤵
  PID:10180
- C:\Windows\System\gXTTqon.exe
  C:\Windows\System\gXTTqon.exe
  2⤵
  PID:10216
- C:\Windows\System\IkoFGwW.exe
  C:\Windows\System\IkoFGwW.exe
  2⤵
  PID:9248
- C:\Windows\System\lSBVupT.exe
  C:\Windows\System\lSBVupT.exe
  2⤵
  PID:8964
- C:\Windows\System\qYLYELS.exe
  C:\Windows\System\qYLYELS.exe
  2⤵
  PID:9264
- C:\Windows\System\jxeiLxC.exe
  C:\Windows\System\jxeiLxC.exe
  2⤵
  PID:9376
- C:\Windows\System\kosMrcj.exe
  C:\Windows\System\kosMrcj.exe
  2⤵
  PID:9416
- C:\Windows\System\ZrXFxpE.exe
  C:\Windows\System\ZrXFxpE.exe
  2⤵
  PID:9456
- C:\Windows\System\QnFfyVn.exe
  C:\Windows\System\QnFfyVn.exe
  2⤵
  PID:9616
- C:\Windows\System\GpVnWNv.exe
  C:\Windows\System\GpVnWNv.exe
  2⤵
  PID:9664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BRiTcvh.exe

Filesize
6.0MB

MD5
342287d08c0c3fed49f21a28a9cef8a8

SHA1
4bac831da94953cd967d1bb8db057f11d54a050f

SHA256
d21dcee1305f9a381c02e1ee412307d3581e0ba5810a64013be58581f3e48aca

SHA512
3b04e7a0e581a747ad16bb11190ad766bd1cc1f34a12c92e3a7d23ce2123b9fa47acf27717245c17db26f8fcc80c65c93458ecb01cfbbd4a0e6b04c16ee6d359

Download Submit
C:\Windows\system\HVhzhfm.exe

Filesize
6.0MB

MD5
02df76a328a5b2815341cc2bc434f903

SHA1
515b8ef39d475868df1d7f24dc74c8759f59b7e1

SHA256
bdbbc5607b7ebf368bea4602a2d57f4bd7a739326de6ee331fb6fcc4b5b689cc

SHA512
752e58675c059e67d60c148664607c536f94aebcd074bf0b9e2830a554bbc751999adc2005c2523ed911459ad6e0bd40b8c003de515d75b5194de5ed0148b7d6

Download Submit
C:\Windows\system\LNlXBEk.exe

Filesize
6.0MB

MD5
9bf1d51ce00d597b54832e661665bf92

SHA1
f180dfa026a2440b680044260aebdb28bc93e7ab

SHA256
d6e0bac3ac8d3259a94303dd21b4175d5f69a1e1dda72bb1ce5d753c3a3c15e9

SHA512
5d9ed5dcc78eb9feac6c29f603b9b16528b06da834b47b422e639e47c62bf8221aa5dd94fab07a96e1e9d29d12eb560960b03924952843eab05da631d25fd043

Download Submit
C:\Windows\system\NHtBHHa.exe

Filesize
6.0MB

MD5
3e06b0273dc81d7d92f5af288583103d

SHA1
871bec2b6a6a7249a8fc54661058905fd3c6422b

SHA256
dc804992ded07efc4d5cbaefe66a851d43059ea7683f47676221f2cc7e7b8a03

SHA512
85a605add1022b89dae702517b692131b0efcc1a55db4d6f988c765e34c9ba47109df64184252e6fe6341ef49a914f86f97629bdce9176e6e9d1947db288e9da

Download Submit
C:\Windows\system\PpzGnVn.exe

Filesize
6.0MB

MD5
c761acfd880aedb3a5f3563cc623299e

SHA1
068ab49c84f1d3bee41712084328b7ff60325590

SHA256
057c33528595d733228d37a7c5c2b33e849e00a1e2761166d5a7dbd983556b70

SHA512
976b774da22282532174fa2ba9ad252f67463188af80347aa989e2687ecc67c5e1a2bee1cbfc8b502332fe8fe1bff422242efba7d75bc99d8cbf87af99ca210f

Download Submit
C:\Windows\system\RTEkzJT.exe

Filesize
6.0MB

MD5
6db6335264fcff8b21d0a707315296f1

SHA1
611b97501d69f56aaeb52f2aa0c388bb8aa13f02

SHA256
d9d770e87d63eec8b2df4d7efb7e51c9ee5b2816969058dbf1078d041bfa6042

SHA512
5e12258dc70ee703da176f1ec31fee297d9504d8ea59c11c7af6d93298c7251da05d6478b32f9068e2a0f2ac78b10de26e6d7ad069e2cea453b6d1b839a0a2b4

Download Submit
C:\Windows\system\WLmobjn.exe

Filesize
6.0MB

MD5
6562cc63cd8dbb95127d167e0ed5ca9f

SHA1
221e654faef6796e6eefc669fb934ff8ecb5602a

SHA256
5db069fadfecd9cb6b7ffe2fd6ea0baafe2e0de72f1f33333f67e0f48366eb5d

SHA512
1d54c2262c9e633ab60147e5d944ef6883b3f2f24d1b486df5e9faef88e1cb372b9dd151aa01a459dd63b9a08c0bd6f94ba1943db3e99487b5aa7274de019034

Download Submit
C:\Windows\system\YyrfVZk.exe

Filesize
6.0MB

MD5
84232b2bae91333311cdd6e48e1ed58d

SHA1
981a6194c7ee496d8483c7c84407a1569cdd9d01

SHA256
c05ce336e2ac04bc8f5a9f884d497dc1831d9ac48a956b3b3f610752565da94a

SHA512
ecb66dfc676dad5bca04b66167eb9f5baf47b3553cea79d064c6bc2d39a4f45a46f3abb08b2433ccd9d330bb324c5d95937912a59bd987e84ed434471a6d515a

Download Submit
C:\Windows\system\ZNsahvW.exe

Filesize
6.0MB

MD5
ee1e806e3c1f9a27e523cd796db8b77f

SHA1
e1526006dd6dc1b2b74fce9f0c7e851b0d576fc4

SHA256
1cd2857d8b339c6827d97189563fca7f5fe7778ccb007aafac10bded3768a16c

SHA512
bed53bf79ca1331839283f90798a03484f256ceeeddf0bcc5684b2317bc620e776d0c464af0c29b69120c3b8e2375629e4ed1f8b92b016235e1b0e90a60578ab

Download Submit
C:\Windows\system\dTgytpT.exe

Filesize
6.0MB

MD5
e7596c6cbead8721de1fea99b11ee2f4

SHA1
06f97f033909aa07c98f22cdc2b3f535be2b918f

SHA256
ca08ec1ae739591a01752c44b7d8201ccccd0466ffdb5e4dde408ef7d624de86

SHA512
a32c2a32fe514db5f356e67cc06821b9edb6901c6a9c51c6fa3c65e4465be3ebfe8bb059809a84635eee4ae5a16961cdb8e8e6addd9854795ac190a9f4500d27

Download Submit
C:\Windows\system\goOmhbD.exe

Filesize
6.0MB

MD5
3a44324be3892ddd7e573b2b1e00afe8

SHA1
87625ae64aa80f561bcfb7325104f40c4947b915

SHA256
238708ca00e070138a1e853d7c8ffa6173213ccd52bdfa08e9d8dfda377e4ebe

SHA512
43d1664189504ca98cab3c409c4b02417b9029616dd9e4a98ab49e07219dbb8ad39c67644cb4a6fdd4c228df0608d1bce6bf777ec7f7e8596d85562d94bbdded

Download Submit
C:\Windows\system\hFgiSAw.exe

Filesize
6.0MB

MD5
81708efa1ff4f22b96930195875235ef

SHA1
5002ab8236dc023be093fc9ebf79302682409106

SHA256
8fd735cfa28d536f77aa80410aac68cf24e15c5ec97b5d40e49161aad579f543

SHA512
b57a452faa4b0f3fc636525369e8f255adcb6f948e73c2125a3097c4361c8bb20b8b115e361d288c921a24e5e7955838588b387f6b607309df955d5a247c9a84

Download Submit
C:\Windows\system\hfCYYbY.exe

Filesize
6.0MB

MD5
95cb2d07efa362463cbd22d1e4424880

SHA1
ff7ae02d633a88968d8412390047743626d2a941

SHA256
ff771ed693095b1115efef8612ab834e4602cd971438ee6a2dea5a8edcd475cf

SHA512
3c0ce90adefb68ff0239e15bd4858c84b77ae35fdeeda90ee83521f3a21f7b7e3400eccf7f6a956ab2976c215f270296841277ae97ccad1314e8435f9dfd34b4

Download Submit
C:\Windows\system\kpzLrzG.exe

Filesize
6.0MB

MD5
26ae901ce94904ec03c91c1fb8aeceaf

SHA1
bf73fc91eb748e868872d3d737be7c3233c85dcf

SHA256
420055a59d175765a2560d114b0eba33549a5d4d0ab84c30ac3fb3711dea2c82

SHA512
83e80b86d848209eaa44ab2035be7272310d5ca4750f4de3749090e68307c21ab7be0161838933c50a07e5cff7c274553e7e944aeb11de8189a3d3031bfa9b68

Download Submit
C:\Windows\system\mnBRVDW.exe

Filesize
6.0MB

MD5
83439a7e5c00ad52cd54d13d77aea3c4

SHA1
17cb1bb9e95509d14ce9c9eea821bae74b7557a7

SHA256
8ab515555843a5aee934804096954f4d7c36377c9bc05075f2ef8c8df362f3c2

SHA512
4da902a16cec49751ddf3fedf71da187f6d61cc36f35b4b03a2ffa769a07ffc13fbca04ec331ce88739ce5169d75c48e6bf8fb178deaa0596d16ae8f5b335052

Download Submit
C:\Windows\system\mvvLTgm.exe

Filesize
6.0MB

MD5
fc004590e7f1f0520ba5f35ec5d9e649

SHA1
ba7b3e2063eedb17eaf9855a6f98c1d972b60a99

SHA256
ebc042628457027e570d32b995f6c762685fdaab666bd9072cc0799dd2ed66e2

SHA512
1441f34e2dd1d0545e500745e93a762aafd7c8c813ed3b60d8c3f1d449677b61f9b118d1dcb4207906b641690d67f656283541acef648cc3cf4933c5bf253038

Download Submit
C:\Windows\system\nqgXHLr.exe

Filesize
6.0MB

MD5
61f19f08b9d069b6c52dfc12424f8e5b

SHA1
9167dbd448a6aef76d3d8544f9f1d4e61ec0bd4f

SHA256
9aa3c3bcfeb9acde3452f8c7415050f799b1a104e1529907f047e0219e135e83

SHA512
7be5d7ebbb58ba2e7719b130df81c3e720714e0ab60a23650bc9b8d714b124b0453253217aae20eb0e47ea76b844332314e563a1c3b19ff6c8d9318dedc18e16

Download Submit
C:\Windows\system\oOGEOIs.exe

Filesize
6.0MB

MD5
59e9cc5512e0b29191ab3d013140863a

SHA1
77fe6ea713e518ca9309abf70b9c8b5a9434d768

SHA256
ee799d6312d9437657575261295056fc78f8f28f1924b49184541ae1262ffdf2

SHA512
d6d94d32591e122c56a48f8c29c651eb7bca06f926d6449d1da9deeec8f98a4ab6ad5df9b36308542ac064d4403651b2b01c4d79be82ca74f976b55f6ee14d49

Download Submit
C:\Windows\system\tLpEasF.exe

Filesize
6.0MB

MD5
9d7acfb8cec369e16f272ccfac6eed16

SHA1
f2086ad7c8c87a20aa837a79eb8811c98ea80010

SHA256
9f6e95419ea3d7f3356d8334bf9ff2f89bb9fdd646ce5a9b69227c788b523faa

SHA512
e8c7b066d92b38cfbc8c2d670b544f03bbe5f793aca306227a21dcc1b9f00f688b9fa29d42afc156086ba3855294a583e54b27b7788a18ba1138a426e82069bf

Download Submit
C:\Windows\system\vZpxTaA.exe

Filesize
6.0MB

MD5
99408a2b9938dec9bc722809160fc558

SHA1
37cb47950b867563d49a6fc46d5c78a75aebd993

SHA256
63428909740149bc3e1f3b47f09856a669d9a2415b93892424bb00c252e96512

SHA512
6da4beb9090921fd614df7e8f890e5c551e87f6f89e3d563c3711bdcc01722eb7aeb87cf001355f3877cbb004eca6c2573e56ffa8b67a18c0bf8322ab42d08d9

Download Submit
C:\Windows\system\wEjGWjK.exe

Filesize
6.0MB

MD5
96db866618911306f43fc360b5dbd1d8

SHA1
3a5ad7696935f4f0554e8645d5fa98a7f78fe0ea

SHA256
dde707f9be6098e1f348a298a0d2cd80179a7c3dc3d8be2c77020ce7ce969b96

SHA512
da7f2e34f7b033b68068ee9d3ae2f176512174f963bce5a2cf7a46115436e43a83f4518ffc987b9bb7db2e3da02fa9502bc0238ef703f1ad7610f6524479d404

Download Submit
C:\Windows\system\wFhaBtn.exe

Filesize
6.0MB

MD5
448a17dd97fa486d7af7430ffab7beb4

SHA1
b63ce1bfc691bbac6e43cef232662d54fa4ea80b

SHA256
44efd99029ede4666f1f71763f9e7d72f53c52c572220acd7a067491ab94792c

SHA512
bf883c85e579f743174ce3e96cb7f95d5523d6bd8802037b131279ce9205c896ef4555ab03fa7009448d71fe8feccbfef1cb7ed2f166932080f247da6766af23

Download Submit
C:\Windows\system\wnuNeoz.exe

Filesize
6.0MB

MD5
97b017346c8a9839d503cdd51e3dfd81

SHA1
5b7596c84cc9531f78ebda66d97557d99e26c84d

SHA256
b007e39f22321b7f83f8733d3ad0a47aca048fe339aad7bd4721d85b4f24c868

SHA512
af4c74610a412f3cc3acf181f7dbdb90f822a2bdc3c9ac17cfa493ca316ea95ae627202549c6e473eb064aaab53a1f05a88418dbc57526f8a3bc0453d36aa74b

Download Submit
C:\Windows\system\xXIZjby.exe

Filesize
6.0MB

MD5
d16e73de03e18cfbfb223295406b5a5b

SHA1
090a77ae7c938af3f7d45310b3f44b969820dfe4

SHA256
7df36d2b69c8d27bf6477ee8c7d83ff08be4dc8a91de81b668315a3db608f055

SHA512
b19ef02f2a03fffbacfbfca6701aae627af244853911db9b078d5e5a08af804c09e3c02bec015711f6e30132a6f741274f6ea3826760e9c3a957c4004973d159

Download Submit
C:\Windows\system\zhWCyeE.exe

Filesize
6.0MB

MD5
a8c7fd7356fad0f952579c1da3241c44

SHA1
9e789f1401393bef292964e909b095de2ee67d4a

SHA256
4072fa28190beafbb651e21f6a50a1193bba6023494f677af31a62475d4c7b06

SHA512
87c9dc7458fd54ad206afb348516163e9fdd9c39195568e20dbe104f6a489f10148785e918d49ac7c4ba4696965560c65bab0cf72c2484d689c61646351e6fe0

Download Submit
C:\Windows\system\zklTsPR.exe

Filesize
6.0MB

MD5
a917e24daf7f244ce603f799b274b347

SHA1
a0e93b884d3c40a91cb30cc97b93f4450ca46c40

SHA256
14f4356b9dfb11dbd068429030b8d047e469f1cea90bca1024779d773f0bdb60

SHA512
152689f57e5ef22401790b9c2ee7f5e9b8b37bcc309769b72a985a98ea3047bc1b3afb46d9e7998f424b4224241c1b3157d8b4ff43a0dca902f3cd3eaa6569e5

Download Submit
\Windows\system\RvZIEcX.exe

Filesize
6.0MB

MD5
cecc7ef42467d9078d759fe4976f5294

SHA1
8c099faacceb570684d77870b01d9608223bfe7e

SHA256
d9e9a558b6ff6c8133b820b78daa46ff975b628384ff826eed21a4137c79452c

SHA512
6eb0f2628e5c9770b29564785456289362f2ce90c7afbdbfa8f4a230c8ec38561fb1bffe846638c771a0bad98c9870f6e1d0c26142cb8f686061cac832bbca2f

Download Submit
\Windows\system\VjjHRcC.exe

Filesize
6.0MB

MD5
1b590250d9755f7bf6816639bae693d3

SHA1
4902d52984e8da342a514866e26e0f5adb927ef8

SHA256
d2dd2bb6f3e4189c7461821afb831c334558bcf89be1b1b5de5c5ce286479cdf

SHA512
c892a5a1ca26993d62ecfe2f2195f61af5320f2823be48719d0e10ed7e8864d9b0affae4eeedf974629466d71ce490ccbabb8380e57fa00de9274dfbb79c1456

Download Submit
\Windows\system\WasZxmU.exe

Filesize
6.0MB

MD5
7cd9b21d19b66fdd62b30779d0f2bfdb

SHA1
b05fc6d5648b8db46d72385a299391c67e9627ff

SHA256
e38be98f5508a805ae857f7461329f6d230b4ea40dd3fafe7f2023f497251315

SHA512
a299e660a2c32ff28ebed921fd84e4963240828287b23e932dcef7b11121f3c96d3e57555fae130fd466ea654774ddc9bcb8093d7a84cd1970d7815e8fe8c6da

Download Submit
\Windows\system\ZEdPfBP.exe

Filesize
6.0MB

MD5
f1ddc8888e778fadcccbf29436e7512e

SHA1
83d9b641a4f257de87ea02aed4c50a42e46afad6

SHA256
71b766e5a5a0fbde2a81a658f5f150f2e906d95ff301efb8488f0097e936c53a

SHA512
61c1673d986afa7dc099c069a08a9bb5bff3641b368c3bd35902b3a609fc956aba0440fbd124b568914b8741baae07894ad5d447d95d9bb82793f29089e4ebcb

Download Submit
\Windows\system\tPBmXwx.exe

Filesize
6.0MB

MD5
bf4c084ca05aab5e8bcc2254a26dcb7b

SHA1
db681bf2e0b30e48405c8ed1f82eda4ad9e28e78

SHA256
d98b15cbd158f90cbc15a22854db447b88d60e62d756e272467a20ed0773cccb

SHA512
5b43869106f73a5a82770f19e6ba79aa63ae330c313923eebee665bbdec5370dcff71bb595e85dd7f890ebd1cffdaed22de3cd44f938481946852846c49daded

Download Submit
\Windows\system\wPrAIpi.exe

Filesize
6.0MB

MD5
35a92752083d287802cae9f6b72e7eff

SHA1
e5f2dd3fc319d7dc6a6a697820599b85097bd1b3

SHA256
dc1407e5ce28f61f5b3b1b28f7fac60ce7174d287186cc6ea6da21cfe18ad8a1

SHA512
8a1f72b2ab824eb241ea50bc0576e40e60c2ba5b20bd049d4c10320fc47af4917787d9c2bb32877e985a8b8376b01ad9c519eaf804f17aa42155ea892475c815

Download Submit
memory/684-4010-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/684-88-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1768-4009-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1768-80-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1832-846-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-4011-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-95-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-86-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-33-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2376-48-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-90-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-56-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-117-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2376-70-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2376-44-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2376-505-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-847-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-79-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1367-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-108-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2376-37-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-109-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-8-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-34-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-63-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-30-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4001-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-4002-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2456-71-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2456-29-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4004-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-40-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-54-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4005-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-64-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4007-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4006-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-57-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-68-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4000-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-24-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4003-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-35-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3999-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2876-9-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3008-73-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download