cobaltstrike | 4253367a7c8468f1f6c77f2ae70f95a3d36424ebcf2ed929a552f54e1e8ac576

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

65501cd1f95236b0738e7bba782bcf36
SHA1

9c669196aa02da0aa4e81e09d2473733842e6227
SHA256

4253367a7c8468f1f6c77f2ae70f95a3d36424ebcf2ed929a552f54e1e8ac576
SHA512

97153c3c1cef9f17776899991667b3633ac71b11a0fefad53ef067c567dafdd80a58611f28e65b838f90ac0679ba27ef5b940af7d744499566852de9895843d1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012261-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b17-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf8-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c81-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016bfc-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d33-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-112.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016652-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-79.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-115.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d46-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d11-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2168-0-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000d000000012261-3.dat	xmrig
behavioral1/memory/1848-9-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0009000000016b17-10.dat	xmrig
behavioral1/memory/2092-16-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf8-24.dat	xmrig
behavioral1/memory/2312-33-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2164-36-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2228-32-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c81-29.dat	xmrig
behavioral1/files/0x0008000000016bfc-28.dat	xmrig
behavioral1/files/0x0007000000016d33-41.dat	xmrig
behavioral1/memory/2168-39-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2168-64-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f8-70.dat	xmrig
behavioral1/memory/1848-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2468-99-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b4-96.dat	xmrig
behavioral1/files/0x00050000000194f6-138.dat	xmrig
behavioral1/files/0x00050000000194f2-135.dat	xmrig
behavioral1/files/0x0005000000019515-155.dat	xmrig
behavioral1/files/0x000500000001961f-181.dat	xmrig
behavioral1/files/0x0005000000019625-185.dat	xmrig
behavioral1/memory/2164-526-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2596-528-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2820-527-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2760-620-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x00050000000197c1-190.dat	xmrig
behavioral1/files/0x000500000001961b-175.dat	xmrig
behavioral1/files/0x000500000001957c-166.dat	xmrig
behavioral1/files/0x0005000000019589-169.dat	xmrig
behavioral1/files/0x0005000000019501-145.dat	xmrig
behavioral1/files/0x000500000001953a-158.dat	xmrig
behavioral1/files/0x0005000000019503-149.dat	xmrig
behavioral1/files/0x00050000000194d4-123.dat	xmrig
behavioral1/files/0x00050000000194e2-118.dat	xmrig
behavioral1/files/0x00050000000194a7-112.dat	xmrig
behavioral1/files/0x0009000000016652-109.dat	xmrig
behavioral1/files/0x00050000000193fa-108.dat	xmrig
behavioral1/memory/2168-105-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2660-103-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ea-126.dat	xmrig
behavioral1/memory/2092-95-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-89.dat	xmrig
behavioral1/memory/2768-80-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-79.dat	xmrig
behavioral1/files/0x0008000000016d4a-78.dat	xmrig
behavioral1/files/0x00050000000194da-115.dat	xmrig
behavioral1/memory/2760-85-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2596-56-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2780-52-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d46-51.dat	xmrig
behavioral1/memory/2820-49-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2168-46-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d11-45.dat	xmrig
behavioral1/memory/2228-4036-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2780-4037-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2760-4039-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2820-4038-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2164-4040-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2596-4041-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2468-4042-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2768-4044-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2660-4043-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1848	WsCezMy.exe
2092	BLUbBtY.exe
2312	mbPheTB.exe
2228	ODNaLqY.exe
2164	itrsLVi.exe
2820	vtQeqMB.exe
2780	ZkzAGop.exe
2596	WXOLZEd.exe
2768	qSwkTkx.exe
2468	fFuGavk.exe
2760	vVSZrEy.exe
2660	bWHXxPt.exe
1920	CaVAQpb.exe
2332	tuIjiyI.exe
2592	LdEylnX.exe
2636	jKYetLa.exe
2892	UANDdVW.exe
1664	MXUpQrv.exe
700	VVehoSg.exe
3048	pQsSLZw.exe
1976	ppqKKPg.exe
2884	hJnqANL.exe
2896	hVeXNvi.exe
2064	nfxgzjt.exe
1324	JxgJZDV.exe
2084	adoouPD.exe
2252	YRJSDRa.exe
1064	oTGgEGe.exe
2480	zyMtlxN.exe
2568	aDlWnQX.exe
1372	bafAMQP.exe
2988	eNRnmKj.exe
496	ZUwRFxH.exe
2972	XiAuTGm.exe
1376	XgWyRnh.exe
1548	DLwjrWR.exe
2980	jphZXSm.exe
1760	HXEgYxm.exe
748	vBqxmmt.exe
1052	ovQvoCu.exe
2968	DgrzUTk.exe
2112	jkDiJWr.exe
2504	gqGIPuk.exe
2184	bIhpMen.exe
708	YZMwRui.exe
988	hBTnilY.exe
1496	tuoMriX.exe
2404	mjIeulW.exe
1512	ylRKHzP.exe
1168	WvfLFyi.exe
1728	fJCRMiq.exe
1620	GRZxlCN.exe
1624	TqCJjSd.exe
2060	WfLVaGG.exe
2548	cuMfaLM.exe
2716	BHhUTpk.exe
2784	OrDNpyq.exe
2748	BPwnAlK.exe
3020	VlabwYE.exe
2644	WVcZYiL.exe
2688	TbEOpvG.exe
2844	tVvMXMu.exe
2648	rqRnlPf.exe
332	UCCleey.exe

Loads dropped DLL 64 IoCs

pid	Process
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000d000000012261-3.dat	upx
behavioral1/memory/1848-9-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0009000000016b17-10.dat	upx
behavioral1/memory/2092-16-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf8-24.dat	upx
behavioral1/memory/2312-33-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2164-36-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2228-32-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0008000000016c81-29.dat	upx
behavioral1/files/0x0008000000016bfc-28.dat	upx
behavioral1/files/0x0007000000016d33-41.dat	upx
behavioral1/memory/2168-39-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2168-64-0x0000000002480000-0x00000000027D4000-memory.dmp	upx
behavioral1/files/0x00050000000193f8-70.dat	upx
behavioral1/memory/1848-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2468-99-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00050000000194b4-96.dat	upx
behavioral1/files/0x00050000000194f6-138.dat	upx
behavioral1/files/0x00050000000194f2-135.dat	upx
behavioral1/files/0x0005000000019515-155.dat	upx
behavioral1/files/0x000500000001961f-181.dat	upx
behavioral1/files/0x0005000000019625-185.dat	upx
behavioral1/memory/2164-526-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2596-528-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2820-527-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2760-620-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00050000000197c1-190.dat	upx
behavioral1/files/0x000500000001961b-175.dat	upx
behavioral1/files/0x000500000001957c-166.dat	upx
behavioral1/files/0x0005000000019589-169.dat	upx
behavioral1/files/0x0005000000019501-145.dat	upx
behavioral1/files/0x000500000001953a-158.dat	upx
behavioral1/files/0x0005000000019503-149.dat	upx
behavioral1/files/0x00050000000194d4-123.dat	upx
behavioral1/files/0x00050000000194e2-118.dat	upx
behavioral1/files/0x00050000000194a7-112.dat	upx
behavioral1/files/0x0009000000016652-109.dat	upx
behavioral1/files/0x00050000000193fa-108.dat	upx
behavioral1/memory/2660-103-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00050000000194ea-126.dat	upx
behavioral1/memory/2092-95-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x0005000000019494-89.dat	upx
behavioral1/memory/2768-80-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019408-79.dat	upx
behavioral1/files/0x0008000000016d4a-78.dat	upx
behavioral1/files/0x00050000000194da-115.dat	upx
behavioral1/memory/2760-85-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2596-56-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2780-52-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0009000000016d46-51.dat	upx
behavioral1/memory/2820-49-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0007000000016d11-45.dat	upx
behavioral1/memory/2228-4036-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2780-4037-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2760-4039-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2820-4038-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2164-4040-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2596-4041-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2468-4042-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2768-4044-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2660-4043-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fsEXSGM.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSRjxDn.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXzUkgd.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMLCqgI.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjjgyno.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgACoNt.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfXJjXy.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYHHlCf.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qelmwbK.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJdxOwY.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYMgOON.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtZjPMR.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOKdBRB.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIImnMT.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awNcFWb.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkUFfLd.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgfPguW.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XllJduW.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eITNeNk.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFnAdON.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArWYhWk.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPhyyvU.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTGgEGe.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjmooFZ.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdHMWct.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEsRnuN.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MngdzXc.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQFdYxg.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnYIIuW.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXBkFEH.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYKigrA.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhraKnA.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBHTWxt.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvmCEcq.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNQOGLI.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvvAoXj.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUuflzC.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXuNzJT.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrxZtJI.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSLZNfd.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPmrubf.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axVVMNn.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovQvoCu.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIOdTEH.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpHldYf.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmtjShO.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQzZrvi.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bnviqnt.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgmpVrF.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIaGteN.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyFfQYp.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdgulws.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQajmCd.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQenHrw.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elljlho.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVCiiVP.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtGtBuE.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNPbAAb.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfpxRMi.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYFNkdb.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCNZhdh.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGMRULf.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNwxBSS.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKbPBnH.exe	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1848	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 1848	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 1848	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 2092	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2092	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2092	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2312	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2312	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2312	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2228	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2228	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2228	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2164	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2164	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2164	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2780	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2780	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2780	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2820	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2820	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2820	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2596	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2596	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2596	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2468	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2468	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2468	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2768	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2768	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2768	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2332	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 2332	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 2332	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 2760	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 2760	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 2760	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 2592	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 2592	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 2592	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 2660	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 2660	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 2660	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 2636	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 2636	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 2636	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 1920	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 1920	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 1920	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 1664	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 1664	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 1664	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 2892	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 2892	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 2892	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 3048	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 3048	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 3048	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 700	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 700	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 700	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 1976	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 1976	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 1976	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 2884	2168	2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_65501cd1f95236b0738e7bba782bcf36_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\System\WsCezMy.exe
  C:\Windows\System\WsCezMy.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\BLUbBtY.exe
  C:\Windows\System\BLUbBtY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\mbPheTB.exe
  C:\Windows\System\mbPheTB.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ODNaLqY.exe
  C:\Windows\System\ODNaLqY.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\itrsLVi.exe
  C:\Windows\System\itrsLVi.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ZkzAGop.exe
  C:\Windows\System\ZkzAGop.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vtQeqMB.exe
  C:\Windows\System\vtQeqMB.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\WXOLZEd.exe
  C:\Windows\System\WXOLZEd.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\fFuGavk.exe
  C:\Windows\System\fFuGavk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\qSwkTkx.exe
  C:\Windows\System\qSwkTkx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\tuIjiyI.exe
  C:\Windows\System\tuIjiyI.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\vVSZrEy.exe
  C:\Windows\System\vVSZrEy.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\LdEylnX.exe
  C:\Windows\System\LdEylnX.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\bWHXxPt.exe
  C:\Windows\System\bWHXxPt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\jKYetLa.exe
  C:\Windows\System\jKYetLa.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\CaVAQpb.exe
  C:\Windows\System\CaVAQpb.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\MXUpQrv.exe
  C:\Windows\System\MXUpQrv.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\UANDdVW.exe
  C:\Windows\System\UANDdVW.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\pQsSLZw.exe
  C:\Windows\System\pQsSLZw.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\VVehoSg.exe
  C:\Windows\System\VVehoSg.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\ppqKKPg.exe
  C:\Windows\System\ppqKKPg.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\hJnqANL.exe
  C:\Windows\System\hJnqANL.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\hVeXNvi.exe
  C:\Windows\System\hVeXNvi.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nfxgzjt.exe
  C:\Windows\System\nfxgzjt.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\JxgJZDV.exe
  C:\Windows\System\JxgJZDV.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\adoouPD.exe
  C:\Windows\System\adoouPD.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\YRJSDRa.exe
  C:\Windows\System\YRJSDRa.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\oTGgEGe.exe
  C:\Windows\System\oTGgEGe.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\zyMtlxN.exe
  C:\Windows\System\zyMtlxN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\aDlWnQX.exe
  C:\Windows\System\aDlWnQX.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\bafAMQP.exe
  C:\Windows\System\bafAMQP.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\eNRnmKj.exe
  C:\Windows\System\eNRnmKj.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ZUwRFxH.exe
  C:\Windows\System\ZUwRFxH.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\XiAuTGm.exe
  C:\Windows\System\XiAuTGm.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\XgWyRnh.exe
  C:\Windows\System\XgWyRnh.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\DLwjrWR.exe
  C:\Windows\System\DLwjrWR.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\jphZXSm.exe
  C:\Windows\System\jphZXSm.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\HXEgYxm.exe
  C:\Windows\System\HXEgYxm.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\vBqxmmt.exe
  C:\Windows\System\vBqxmmt.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\ovQvoCu.exe
  C:\Windows\System\ovQvoCu.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\DgrzUTk.exe
  C:\Windows\System\DgrzUTk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\jkDiJWr.exe
  C:\Windows\System\jkDiJWr.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\gqGIPuk.exe
  C:\Windows\System\gqGIPuk.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\bIhpMen.exe
  C:\Windows\System\bIhpMen.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\YZMwRui.exe
  C:\Windows\System\YZMwRui.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\hBTnilY.exe
  C:\Windows\System\hBTnilY.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\tuoMriX.exe
  C:\Windows\System\tuoMriX.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\mjIeulW.exe
  C:\Windows\System\mjIeulW.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\ylRKHzP.exe
  C:\Windows\System\ylRKHzP.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\WvfLFyi.exe
  C:\Windows\System\WvfLFyi.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\fJCRMiq.exe
  C:\Windows\System\fJCRMiq.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GRZxlCN.exe
  C:\Windows\System\GRZxlCN.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\TqCJjSd.exe
  C:\Windows\System\TqCJjSd.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\WfLVaGG.exe
  C:\Windows\System\WfLVaGG.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\cuMfaLM.exe
  C:\Windows\System\cuMfaLM.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\BHhUTpk.exe
  C:\Windows\System\BHhUTpk.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\OrDNpyq.exe
  C:\Windows\System\OrDNpyq.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\BPwnAlK.exe
  C:\Windows\System\BPwnAlK.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\WVcZYiL.exe
  C:\Windows\System\WVcZYiL.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\VlabwYE.exe
  C:\Windows\System\VlabwYE.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\tVvMXMu.exe
  C:\Windows\System\tVvMXMu.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\TbEOpvG.exe
  C:\Windows\System\TbEOpvG.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\UCCleey.exe
  C:\Windows\System\UCCleey.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\rqRnlPf.exe
  C:\Windows\System\rqRnlPf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\vKxlmej.exe
  C:\Windows\System\vKxlmej.exe
  2⤵
  PID:1288
- C:\Windows\System\utKYmfh.exe
  C:\Windows\System\utKYmfh.exe
  2⤵
  PID:2292
- C:\Windows\System\xVjpMbc.exe
  C:\Windows\System\xVjpMbc.exe
  2⤵
  PID:1116
- C:\Windows\System\bLepwVp.exe
  C:\Windows\System\bLepwVp.exe
  2⤵
  PID:1272
- C:\Windows\System\NFwDlfU.exe
  C:\Windows\System\NFwDlfU.exe
  2⤵
  PID:320
- C:\Windows\System\slIzoGt.exe
  C:\Windows\System\slIzoGt.exe
  2⤵
  PID:1104
- C:\Windows\System\RrvxvDW.exe
  C:\Windows\System\RrvxvDW.exe
  2⤵
  PID:2956
- C:\Windows\System\adRndmJ.exe
  C:\Windows\System\adRndmJ.exe
  2⤵
  PID:1632
- C:\Windows\System\mucSNnP.exe
  C:\Windows\System\mucSNnP.exe
  2⤵
  PID:972
- C:\Windows\System\yngzchL.exe
  C:\Windows\System\yngzchL.exe
  2⤵
  PID:468
- C:\Windows\System\zwazPaA.exe
  C:\Windows\System\zwazPaA.exe
  2⤵
  PID:1732
- C:\Windows\System\pZCPKal.exe
  C:\Windows\System\pZCPKal.exe
  2⤵
  PID:1012
- C:\Windows\System\AwWlqsW.exe
  C:\Windows\System\AwWlqsW.exe
  2⤵
  PID:2984
- C:\Windows\System\HNndirL.exe
  C:\Windows\System\HNndirL.exe
  2⤵
  PID:2924
- C:\Windows\System\hEQfXjH.exe
  C:\Windows\System\hEQfXjH.exe
  2⤵
  PID:2408
- C:\Windows\System\OoZupeX.exe
  C:\Windows\System\OoZupeX.exe
  2⤵
  PID:2104
- C:\Windows\System\pNzYuwz.exe
  C:\Windows\System\pNzYuwz.exe
  2⤵
  PID:3060
- C:\Windows\System\TqhLHtg.exe
  C:\Windows\System\TqhLHtg.exe
  2⤵
  PID:3044
- C:\Windows\System\QIkkbsW.exe
  C:\Windows\System\QIkkbsW.exe
  2⤵
  PID:2400
- C:\Windows\System\cyFNtXd.exe
  C:\Windows\System\cyFNtXd.exe
  2⤵
  PID:1720
- C:\Windows\System\awNcFWb.exe
  C:\Windows\System\awNcFWb.exe
  2⤵
  PID:2240
- C:\Windows\System\UOwxgsi.exe
  C:\Windows\System\UOwxgsi.exe
  2⤵
  PID:2944
- C:\Windows\System\jbWOWQa.exe
  C:\Windows\System\jbWOWQa.exe
  2⤵
  PID:1824
- C:\Windows\System\ZuvfPna.exe
  C:\Windows\System\ZuvfPna.exe
  2⤵
  PID:2840
- C:\Windows\System\FPAhGww.exe
  C:\Windows\System\FPAhGww.exe
  2⤵
  PID:2232
- C:\Windows\System\pjBMleA.exe
  C:\Windows\System\pjBMleA.exe
  2⤵
  PID:2148
- C:\Windows\System\xlzPeLt.exe
  C:\Windows\System\xlzPeLt.exe
  2⤵
  PID:644
- C:\Windows\System\fDnpbiJ.exe
  C:\Windows\System\fDnpbiJ.exe
  2⤵
  PID:1240
- C:\Windows\System\zyFfQYp.exe
  C:\Windows\System\zyFfQYp.exe
  2⤵
  PID:1148
- C:\Windows\System\GqWEHiy.exe
  C:\Windows\System\GqWEHiy.exe
  2⤵
  PID:784
- C:\Windows\System\wRgYFsP.exe
  C:\Windows\System\wRgYFsP.exe
  2⤵
  PID:1140
- C:\Windows\System\AyqoPzL.exe
  C:\Windows\System\AyqoPzL.exe
  2⤵
  PID:2180
- C:\Windows\System\ZPREHZY.exe
  C:\Windows\System\ZPREHZY.exe
  2⤵
  PID:1784
- C:\Windows\System\vHdYcAP.exe
  C:\Windows\System\vHdYcAP.exe
  2⤵
  PID:1972
- C:\Windows\System\pcVLuCE.exe
  C:\Windows\System\pcVLuCE.exe
  2⤵
  PID:2176
- C:\Windows\System\mJLWHzy.exe
  C:\Windows\System\mJLWHzy.exe
  2⤵
  PID:1600
- C:\Windows\System\QqobrSu.exe
  C:\Windows\System\QqobrSu.exe
  2⤵
  PID:2920
- C:\Windows\System\UaXfKSS.exe
  C:\Windows\System\UaXfKSS.exe
  2⤵
  PID:1056
- C:\Windows\System\ZzFuwyH.exe
  C:\Windows\System\ZzFuwyH.exe
  2⤵
  PID:896
- C:\Windows\System\fNbsIVu.exe
  C:\Windows\System\fNbsIVu.exe
  2⤵
  PID:2528
- C:\Windows\System\ugWwbIh.exe
  C:\Windows\System\ugWwbIh.exe
  2⤵
  PID:1060
- C:\Windows\System\UGBxwNV.exe
  C:\Windows\System\UGBxwNV.exe
  2⤵
  PID:2876
- C:\Windows\System\acSXKcI.exe
  C:\Windows\System\acSXKcI.exe
  2⤵
  PID:2436
- C:\Windows\System\JrxZtJI.exe
  C:\Windows\System\JrxZtJI.exe
  2⤵
  PID:1492
- C:\Windows\System\kzScnzu.exe
  C:\Windows\System\kzScnzu.exe
  2⤵
  PID:2000
- C:\Windows\System\oUPXESk.exe
  C:\Windows\System\oUPXESk.exe
  2⤵
  PID:2272
- C:\Windows\System\hvndcNs.exe
  C:\Windows\System\hvndcNs.exe
  2⤵
  PID:2672
- C:\Windows\System\gtlfNsF.exe
  C:\Windows\System\gtlfNsF.exe
  2⤵
  PID:820
- C:\Windows\System\GVypUXC.exe
  C:\Windows\System\GVypUXC.exe
  2⤵
  PID:1656
- C:\Windows\System\hMTVjNU.exe
  C:\Windows\System\hMTVjNU.exe
  2⤵
  PID:2948
- C:\Windows\System\WUGjAwV.exe
  C:\Windows\System\WUGjAwV.exe
  2⤵
  PID:2300
- C:\Windows\System\TIWClWF.exe
  C:\Windows\System\TIWClWF.exe
  2⤵
  PID:2428
- C:\Windows\System\hOjmgat.exe
  C:\Windows\System\hOjmgat.exe
  2⤵
  PID:1796
- C:\Windows\System\vifEKfZ.exe
  C:\Windows\System\vifEKfZ.exe
  2⤵
  PID:624
- C:\Windows\System\SJlMIIu.exe
  C:\Windows\System\SJlMIIu.exe
  2⤵
  PID:1828
- C:\Windows\System\qtKBIst.exe
  C:\Windows\System\qtKBIst.exe
  2⤵
  PID:1212
- C:\Windows\System\aZLbQJL.exe
  C:\Windows\System\aZLbQJL.exe
  2⤵
  PID:1580
- C:\Windows\System\OaKjBSK.exe
  C:\Windows\System\OaKjBSK.exe
  2⤵
  PID:2356
- C:\Windows\System\QBMVlCk.exe
  C:\Windows\System\QBMVlCk.exe
  2⤵
  PID:3084
- C:\Windows\System\gucLgdw.exe
  C:\Windows\System\gucLgdw.exe
  2⤵
  PID:3104
- C:\Windows\System\ckgXWuO.exe
  C:\Windows\System\ckgXWuO.exe
  2⤵
  PID:3124
- C:\Windows\System\IXKnOqy.exe
  C:\Windows\System\IXKnOqy.exe
  2⤵
  PID:3144
- C:\Windows\System\kSdFeNW.exe
  C:\Windows\System\kSdFeNW.exe
  2⤵
  PID:3164
- C:\Windows\System\qQITlee.exe
  C:\Windows\System\qQITlee.exe
  2⤵
  PID:3180
- C:\Windows\System\VswhHBe.exe
  C:\Windows\System\VswhHBe.exe
  2⤵
  PID:3204
- C:\Windows\System\dYOvTBS.exe
  C:\Windows\System\dYOvTBS.exe
  2⤵
  PID:3224
- C:\Windows\System\aAWTZVQ.exe
  C:\Windows\System\aAWTZVQ.exe
  2⤵
  PID:3244
- C:\Windows\System\oqzKbBA.exe
  C:\Windows\System\oqzKbBA.exe
  2⤵
  PID:3264
- C:\Windows\System\vmUlMFD.exe
  C:\Windows\System\vmUlMFD.exe
  2⤵
  PID:3284
- C:\Windows\System\TqyKxGh.exe
  C:\Windows\System\TqyKxGh.exe
  2⤵
  PID:3304
- C:\Windows\System\almEaTd.exe
  C:\Windows\System\almEaTd.exe
  2⤵
  PID:3324
- C:\Windows\System\QuQmZtK.exe
  C:\Windows\System\QuQmZtK.exe
  2⤵
  PID:3340
- C:\Windows\System\yeMydlu.exe
  C:\Windows\System\yeMydlu.exe
  2⤵
  PID:3364
- C:\Windows\System\QZghtfv.exe
  C:\Windows\System\QZghtfv.exe
  2⤵
  PID:3380
- C:\Windows\System\ePzhcxK.exe
  C:\Windows\System\ePzhcxK.exe
  2⤵
  PID:3404
- C:\Windows\System\fcnBYHj.exe
  C:\Windows\System\fcnBYHj.exe
  2⤵
  PID:3420
- C:\Windows\System\DxAWcaa.exe
  C:\Windows\System\DxAWcaa.exe
  2⤵
  PID:3444
- C:\Windows\System\eHUUkdQ.exe
  C:\Windows\System\eHUUkdQ.exe
  2⤵
  PID:3460
- C:\Windows\System\myuUEEI.exe
  C:\Windows\System\myuUEEI.exe
  2⤵
  PID:3484
- C:\Windows\System\EPArXbD.exe
  C:\Windows\System\EPArXbD.exe
  2⤵
  PID:3500
- C:\Windows\System\narftEB.exe
  C:\Windows\System\narftEB.exe
  2⤵
  PID:3540
- C:\Windows\System\JPkfpYC.exe
  C:\Windows\System\JPkfpYC.exe
  2⤵
  PID:3556
- C:\Windows\System\ixcoLFJ.exe
  C:\Windows\System\ixcoLFJ.exe
  2⤵
  PID:3572
- C:\Windows\System\bDhbVeC.exe
  C:\Windows\System\bDhbVeC.exe
  2⤵
  PID:3588
- C:\Windows\System\upzUULG.exe
  C:\Windows\System\upzUULG.exe
  2⤵
  PID:3604
- C:\Windows\System\DqHzLkY.exe
  C:\Windows\System\DqHzLkY.exe
  2⤵
  PID:3620
- C:\Windows\System\aCoZVlR.exe
  C:\Windows\System\aCoZVlR.exe
  2⤵
  PID:3636
- C:\Windows\System\NvMtUOs.exe
  C:\Windows\System\NvMtUOs.exe
  2⤵
  PID:3652
- C:\Windows\System\xcZxSzH.exe
  C:\Windows\System\xcZxSzH.exe
  2⤵
  PID:3668
- C:\Windows\System\jrIvdxW.exe
  C:\Windows\System\jrIvdxW.exe
  2⤵
  PID:3684
- C:\Windows\System\ReECxRt.exe
  C:\Windows\System\ReECxRt.exe
  2⤵
  PID:3700
- C:\Windows\System\iQiLcwf.exe
  C:\Windows\System\iQiLcwf.exe
  2⤵
  PID:3716
- C:\Windows\System\grOoGnK.exe
  C:\Windows\System\grOoGnK.exe
  2⤵
  PID:3780
- C:\Windows\System\XhsrJpj.exe
  C:\Windows\System\XhsrJpj.exe
  2⤵
  PID:3800
- C:\Windows\System\OzWZAiT.exe
  C:\Windows\System\OzWZAiT.exe
  2⤵
  PID:3824
- C:\Windows\System\AQjjZYM.exe
  C:\Windows\System\AQjjZYM.exe
  2⤵
  PID:3844
- C:\Windows\System\AvvAoXj.exe
  C:\Windows\System\AvvAoXj.exe
  2⤵
  PID:3868
- C:\Windows\System\pVpJtqp.exe
  C:\Windows\System\pVpJtqp.exe
  2⤵
  PID:3884
- C:\Windows\System\lvQenpI.exe
  C:\Windows\System\lvQenpI.exe
  2⤵
  PID:3912
- C:\Windows\System\RmPPFCF.exe
  C:\Windows\System\RmPPFCF.exe
  2⤵
  PID:3928
- C:\Windows\System\rwdkguY.exe
  C:\Windows\System\rwdkguY.exe
  2⤵
  PID:3944
- C:\Windows\System\VsorBhd.exe
  C:\Windows\System\VsorBhd.exe
  2⤵
  PID:3960
- C:\Windows\System\mkurxjE.exe
  C:\Windows\System\mkurxjE.exe
  2⤵
  PID:3976
- C:\Windows\System\ocIsgfX.exe
  C:\Windows\System\ocIsgfX.exe
  2⤵
  PID:4000
- C:\Windows\System\aUuflzC.exe
  C:\Windows\System\aUuflzC.exe
  2⤵
  PID:4016
- C:\Windows\System\LJuiQIr.exe
  C:\Windows\System\LJuiQIr.exe
  2⤵
  PID:4032
- C:\Windows\System\HFBZppY.exe
  C:\Windows\System\HFBZppY.exe
  2⤵
  PID:4048
- C:\Windows\System\LDXVwrX.exe
  C:\Windows\System\LDXVwrX.exe
  2⤵
  PID:4064
- C:\Windows\System\fmMmJVq.exe
  C:\Windows\System\fmMmJVq.exe
  2⤵
  PID:4088
- C:\Windows\System\MappPRX.exe
  C:\Windows\System\MappPRX.exe
  2⤵
  PID:2608
- C:\Windows\System\oXvTXpA.exe
  C:\Windows\System\oXvTXpA.exe
  2⤵
  PID:1488
- C:\Windows\System\ThSbtXE.exe
  C:\Windows\System\ThSbtXE.exe
  2⤵
  PID:3076
- C:\Windows\System\BUBUKCY.exe
  C:\Windows\System\BUBUKCY.exe
  2⤵
  PID:1072
- C:\Windows\System\mnGBRcj.exe
  C:\Windows\System\mnGBRcj.exe
  2⤵
  PID:3100
- C:\Windows\System\akddwdI.exe
  C:\Windows\System\akddwdI.exe
  2⤵
  PID:3132
- C:\Windows\System\EXtgUnh.exe
  C:\Windows\System\EXtgUnh.exe
  2⤵
  PID:3196
- C:\Windows\System\BsaytaX.exe
  C:\Windows\System\BsaytaX.exe
  2⤵
  PID:3176
- C:\Windows\System\IMETcKX.exe
  C:\Windows\System\IMETcKX.exe
  2⤵
  PID:3212
- C:\Windows\System\hbvZMnX.exe
  C:\Windows\System\hbvZMnX.exe
  2⤵
  PID:3252
- C:\Windows\System\pQvVpzU.exe
  C:\Windows\System\pQvVpzU.exe
  2⤵
  PID:3300
- C:\Windows\System\PqIptFj.exe
  C:\Windows\System\PqIptFj.exe
  2⤵
  PID:3296
- C:\Windows\System\JfXJjXy.exe
  C:\Windows\System\JfXJjXy.exe
  2⤵
  PID:3352
- C:\Windows\System\YPiHuVb.exe
  C:\Windows\System\YPiHuVb.exe
  2⤵
  PID:3396
- C:\Windows\System\fmzfOUw.exe
  C:\Windows\System\fmzfOUw.exe
  2⤵
  PID:3392
- C:\Windows\System\wcUVZRQ.exe
  C:\Windows\System\wcUVZRQ.exe
  2⤵
  PID:3432
- C:\Windows\System\dGNxJyR.exe
  C:\Windows\System\dGNxJyR.exe
  2⤵
  PID:2216
- C:\Windows\System\bmOOQhh.exe
  C:\Windows\System\bmOOQhh.exe
  2⤵
  PID:2220
- C:\Windows\System\PXWBoxB.exe
  C:\Windows\System\PXWBoxB.exe
  2⤵
  PID:2616
- C:\Windows\System\jhhFuNp.exe
  C:\Windows\System\jhhFuNp.exe
  2⤵
  PID:2720
- C:\Windows\System\zFKhwHd.exe
  C:\Windows\System\zFKhwHd.exe
  2⤵
  PID:1700
- C:\Windows\System\BlrIWcl.exe
  C:\Windows\System\BlrIWcl.exe
  2⤵
  PID:3536
- C:\Windows\System\ABmyFyf.exe
  C:\Windows\System\ABmyFyf.exe
  2⤵
  PID:3520
- C:\Windows\System\LFfBHaX.exe
  C:\Windows\System\LFfBHaX.exe
  2⤵
  PID:3596
- C:\Windows\System\SeJjfwX.exe
  C:\Windows\System\SeJjfwX.exe
  2⤵
  PID:3616
- C:\Windows\System\Merzcxc.exe
  C:\Windows\System\Merzcxc.exe
  2⤵
  PID:2796
- C:\Windows\System\gQhjRfz.exe
  C:\Windows\System\gQhjRfz.exe
  2⤵
  PID:3728
- C:\Windows\System\RiAznpQ.exe
  C:\Windows\System\RiAznpQ.exe
  2⤵
  PID:3756
- C:\Windows\System\RCbSfLk.exe
  C:\Windows\System\RCbSfLk.exe
  2⤵
  PID:3772
- C:\Windows\System\IREKhIZ.exe
  C:\Windows\System\IREKhIZ.exe
  2⤵
  PID:3680
- C:\Windows\System\tTFDItN.exe
  C:\Windows\System\tTFDItN.exe
  2⤵
  PID:3792
- C:\Windows\System\gXlVibn.exe
  C:\Windows\System\gXlVibn.exe
  2⤵
  PID:3812
- C:\Windows\System\SFWMxht.exe
  C:\Windows\System\SFWMxht.exe
  2⤵
  PID:3880
- C:\Windows\System\QABqKfg.exe
  C:\Windows\System\QABqKfg.exe
  2⤵
  PID:3920
- C:\Windows\System\Ejmmoot.exe
  C:\Windows\System\Ejmmoot.exe
  2⤵
  PID:3940
- C:\Windows\System\NbYaLNn.exe
  C:\Windows\System\NbYaLNn.exe
  2⤵
  PID:3996
- C:\Windows\System\JULwrCW.exe
  C:\Windows\System\JULwrCW.exe
  2⤵
  PID:3972
- C:\Windows\System\qRqvYbm.exe
  C:\Windows\System\qRqvYbm.exe
  2⤵
  PID:4044
- C:\Windows\System\yAuhnNx.exe
  C:\Windows\System\yAuhnNx.exe
  2⤵
  PID:4076
- C:\Windows\System\jAcrfle.exe
  C:\Windows\System\jAcrfle.exe
  2⤵
  PID:1684
- C:\Windows\System\qCeHtGt.exe
  C:\Windows\System\qCeHtGt.exe
  2⤵
  PID:2912
- C:\Windows\System\RwqJqls.exe
  C:\Windows\System\RwqJqls.exe
  2⤵
  PID:3036
- C:\Windows\System\rdgulws.exe
  C:\Windows\System\rdgulws.exe
  2⤵
  PID:2632
- C:\Windows\System\ChnKUUR.exe
  C:\Windows\System\ChnKUUR.exe
  2⤵
  PID:3276
- C:\Windows\System\rNbgswG.exe
  C:\Windows\System\rNbgswG.exe
  2⤵
  PID:3388
- C:\Windows\System\WsgYAWi.exe
  C:\Windows\System\WsgYAWi.exe
  2⤵
  PID:2588
- C:\Windows\System\BYpKfTU.exe
  C:\Windows\System\BYpKfTU.exe
  2⤵
  PID:3376
- C:\Windows\System\gySPhtY.exe
  C:\Windows\System\gySPhtY.exe
  2⤵
  PID:3452
- C:\Windows\System\UYHHlCf.exe
  C:\Windows\System\UYHHlCf.exe
  2⤵
  PID:3356
- C:\Windows\System\HxpaxBe.exe
  C:\Windows\System\HxpaxBe.exe
  2⤵
  PID:3240
- C:\Windows\System\KEbxrYC.exe
  C:\Windows\System\KEbxrYC.exe
  2⤵
  PID:3120
- C:\Windows\System\saORubh.exe
  C:\Windows\System\saORubh.exe
  2⤵
  PID:2828
- C:\Windows\System\uxFkXsZ.exe
  C:\Windows\System\uxFkXsZ.exe
  2⤵
  PID:1068
- C:\Windows\System\jeNxNLS.exe
  C:\Windows\System\jeNxNLS.exe
  2⤵
  PID:1916
- C:\Windows\System\HPFsCCP.exe
  C:\Windows\System\HPFsCCP.exe
  2⤵
  PID:3492
- C:\Windows\System\sYGMFJa.exe
  C:\Windows\System\sYGMFJa.exe
  2⤵
  PID:3580
- C:\Windows\System\GmxAjSb.exe
  C:\Windows\System\GmxAjSb.exe
  2⤵
  PID:3648
- C:\Windows\System\IRDtPZN.exe
  C:\Windows\System\IRDtPZN.exe
  2⤵
  PID:3732
- C:\Windows\System\XZBKMEq.exe
  C:\Windows\System\XZBKMEq.exe
  2⤵
  PID:3820
- C:\Windows\System\hwnmIfl.exe
  C:\Windows\System\hwnmIfl.exe
  2⤵
  PID:3788
- C:\Windows\System\JSDuHnT.exe
  C:\Windows\System\JSDuHnT.exe
  2⤵
  PID:3908
- C:\Windows\System\qvfpYSF.exe
  C:\Windows\System\qvfpYSF.exe
  2⤵
  PID:2328
- C:\Windows\System\tViKlBm.exe
  C:\Windows\System\tViKlBm.exe
  2⤵
  PID:4012
- C:\Windows\System\fsEXSGM.exe
  C:\Windows\System\fsEXSGM.exe
  2⤵
  PID:1252
- C:\Windows\System\IgzbppW.exe
  C:\Windows\System\IgzbppW.exe
  2⤵
  PID:4072
- C:\Windows\System\MbcBBKw.exe
  C:\Windows\System\MbcBBKw.exe
  2⤵
  PID:1744
- C:\Windows\System\YedGBeY.exe
  C:\Windows\System\YedGBeY.exe
  2⤵
  PID:2856
- C:\Windows\System\xLggfdB.exe
  C:\Windows\System\xLggfdB.exe
  2⤵
  PID:3172
- C:\Windows\System\NjoYHis.exe
  C:\Windows\System\NjoYHis.exe
  2⤵
  PID:3272
- C:\Windows\System\JjjBVeN.exe
  C:\Windows\System\JjjBVeN.exe
  2⤵
  PID:3336
- C:\Windows\System\RyJCpWd.exe
  C:\Windows\System\RyJCpWd.exe
  2⤵
  PID:3508
- C:\Windows\System\PXZYmBC.exe
  C:\Windows\System\PXZYmBC.exe
  2⤵
  PID:3052
- C:\Windows\System\FmCzYHY.exe
  C:\Windows\System\FmCzYHY.exe
  2⤵
  PID:3256
- C:\Windows\System\QRFMWjv.exe
  C:\Windows\System\QRFMWjv.exe
  2⤵
  PID:760
- C:\Windows\System\HaDnSSc.exe
  C:\Windows\System\HaDnSSc.exe
  2⤵
  PID:880
- C:\Windows\System\vGbUIKL.exe
  C:\Windows\System\vGbUIKL.exe
  2⤵
  PID:2304
- C:\Windows\System\SVvVVMQ.exe
  C:\Windows\System\SVvVVMQ.exe
  2⤵
  PID:3628
- C:\Windows\System\ymYkjYj.exe
  C:\Windows\System\ymYkjYj.exe
  2⤵
  PID:3816
- C:\Windows\System\qinMHQf.exe
  C:\Windows\System\qinMHQf.exe
  2⤵
  PID:3712
- C:\Windows\System\TCfyonj.exe
  C:\Windows\System\TCfyonj.exe
  2⤵
  PID:3696
- C:\Windows\System\KsoDyIT.exe
  C:\Windows\System\KsoDyIT.exe
  2⤵
  PID:3992
- C:\Windows\System\zawoIkE.exe
  C:\Windows\System\zawoIkE.exe
  2⤵
  PID:3892
- C:\Windows\System\tQIDUve.exe
  C:\Windows\System\tQIDUve.exe
  2⤵
  PID:3440
- C:\Windows\System\VyDbITn.exe
  C:\Windows\System\VyDbITn.exe
  2⤵
  PID:3360
- C:\Windows\System\aURGtMV.exe
  C:\Windows\System\aURGtMV.exe
  2⤵
  PID:3564
- C:\Windows\System\zTYMQCb.exe
  C:\Windows\System\zTYMQCb.exe
  2⤵
  PID:2068
- C:\Windows\System\BjmooFZ.exe
  C:\Windows\System\BjmooFZ.exe
  2⤵
  PID:3744
- C:\Windows\System\hiKNTfd.exe
  C:\Windows\System\hiKNTfd.exe
  2⤵
  PID:2284
- C:\Windows\System\hdtQIzd.exe
  C:\Windows\System\hdtQIzd.exe
  2⤵
  PID:3496
- C:\Windows\System\qjRMXcK.exe
  C:\Windows\System\qjRMXcK.exe
  2⤵
  PID:3764
- C:\Windows\System\hfGbhMD.exe
  C:\Windows\System\hfGbhMD.exe
  2⤵
  PID:3876
- C:\Windows\System\RyKccad.exe
  C:\Windows\System\RyKccad.exe
  2⤵
  PID:3372
- C:\Windows\System\LnhJlkS.exe
  C:\Windows\System\LnhJlkS.exe
  2⤵
  PID:3936
- C:\Windows\System\wgHSGrJ.exe
  C:\Windows\System\wgHSGrJ.exe
  2⤵
  PID:2392
- C:\Windows\System\ceBOCAR.exe
  C:\Windows\System\ceBOCAR.exe
  2⤵
  PID:3472
- C:\Windows\System\UYljngh.exe
  C:\Windows\System\UYljngh.exe
  2⤵
  PID:2628
- C:\Windows\System\WWdswCd.exe
  C:\Windows\System\WWdswCd.exe
  2⤵
  PID:3984
- C:\Windows\System\pmRhrbD.exe
  C:\Windows\System\pmRhrbD.exe
  2⤵
  PID:3768
- C:\Windows\System\flfoCYU.exe
  C:\Windows\System\flfoCYU.exe
  2⤵
  PID:2816
- C:\Windows\System\zguGPHj.exe
  C:\Windows\System\zguGPHj.exe
  2⤵
  PID:1860
- C:\Windows\System\Dfpdmor.exe
  C:\Windows\System\Dfpdmor.exe
  2⤵
  PID:3860
- C:\Windows\System\EaAgkkT.exe
  C:\Windows\System\EaAgkkT.exe
  2⤵
  PID:2700
- C:\Windows\System\VAdTLfg.exe
  C:\Windows\System\VAdTLfg.exe
  2⤵
  PID:3528
- C:\Windows\System\GEMJSyg.exe
  C:\Windows\System\GEMJSyg.exe
  2⤵
  PID:3552
- C:\Windows\System\JiqnQGO.exe
  C:\Windows\System\JiqnQGO.exe
  2⤵
  PID:3136
- C:\Windows\System\gaZRFRa.exe
  C:\Windows\System\gaZRFRa.exe
  2⤵
  PID:3320
- C:\Windows\System\YhraKnA.exe
  C:\Windows\System\YhraKnA.exe
  2⤵
  PID:2724
- C:\Windows\System\nuaYcTG.exe
  C:\Windows\System\nuaYcTG.exe
  2⤵
  PID:4108
- C:\Windows\System\FoVUwGS.exe
  C:\Windows\System\FoVUwGS.exe
  2⤵
  PID:4124
- C:\Windows\System\FFzswvE.exe
  C:\Windows\System\FFzswvE.exe
  2⤵
  PID:4144
- C:\Windows\System\EXeipZE.exe
  C:\Windows\System\EXeipZE.exe
  2⤵
  PID:4160
- C:\Windows\System\CTRxASQ.exe
  C:\Windows\System\CTRxASQ.exe
  2⤵
  PID:4180
- C:\Windows\System\FqMkAJv.exe
  C:\Windows\System\FqMkAJv.exe
  2⤵
  PID:4224
- C:\Windows\System\NSpAIqo.exe
  C:\Windows\System\NSpAIqo.exe
  2⤵
  PID:4244
- C:\Windows\System\qGCyUQd.exe
  C:\Windows\System\qGCyUQd.exe
  2⤵
  PID:4260
- C:\Windows\System\IVfGTID.exe
  C:\Windows\System\IVfGTID.exe
  2⤵
  PID:4276
- C:\Windows\System\svTWERN.exe
  C:\Windows\System\svTWERN.exe
  2⤵
  PID:4292
- C:\Windows\System\YsiGyhl.exe
  C:\Windows\System\YsiGyhl.exe
  2⤵
  PID:4308
- C:\Windows\System\XrzuwUN.exe
  C:\Windows\System\XrzuwUN.exe
  2⤵
  PID:4324
- C:\Windows\System\jCGvHUS.exe
  C:\Windows\System\jCGvHUS.exe
  2⤵
  PID:4356
- C:\Windows\System\AEENDUs.exe
  C:\Windows\System\AEENDUs.exe
  2⤵
  PID:4372
- C:\Windows\System\CKScUSY.exe
  C:\Windows\System\CKScUSY.exe
  2⤵
  PID:4388
- C:\Windows\System\YLaYEah.exe
  C:\Windows\System\YLaYEah.exe
  2⤵
  PID:4404
- C:\Windows\System\lwdtmtc.exe
  C:\Windows\System\lwdtmtc.exe
  2⤵
  PID:4420
- C:\Windows\System\EhmAXJf.exe
  C:\Windows\System\EhmAXJf.exe
  2⤵
  PID:4436
- C:\Windows\System\SLcpDrw.exe
  C:\Windows\System\SLcpDrw.exe
  2⤵
  PID:4460
- C:\Windows\System\AEewIuF.exe
  C:\Windows\System\AEewIuF.exe
  2⤵
  PID:4476
- C:\Windows\System\CDkPoyq.exe
  C:\Windows\System\CDkPoyq.exe
  2⤵
  PID:4520
- C:\Windows\System\EpHldYf.exe
  C:\Windows\System\EpHldYf.exe
  2⤵
  PID:4536
- C:\Windows\System\MqHMxui.exe
  C:\Windows\System\MqHMxui.exe
  2⤵
  PID:4552
- C:\Windows\System\MpQDtgy.exe
  C:\Windows\System\MpQDtgy.exe
  2⤵
  PID:4568
- C:\Windows\System\FiJdiPh.exe
  C:\Windows\System\FiJdiPh.exe
  2⤵
  PID:4588
- C:\Windows\System\SBZOGcN.exe
  C:\Windows\System\SBZOGcN.exe
  2⤵
  PID:4604
- C:\Windows\System\WSRjxDn.exe
  C:\Windows\System\WSRjxDn.exe
  2⤵
  PID:4624
- C:\Windows\System\OsCdQCb.exe
  C:\Windows\System\OsCdQCb.exe
  2⤵
  PID:4640
- C:\Windows\System\kYnNDMi.exe
  C:\Windows\System\kYnNDMi.exe
  2⤵
  PID:4660
- C:\Windows\System\vrRbHaA.exe
  C:\Windows\System\vrRbHaA.exe
  2⤵
  PID:4680
- C:\Windows\System\bahealf.exe
  C:\Windows\System\bahealf.exe
  2⤵
  PID:4720
- C:\Windows\System\aleUzMF.exe
  C:\Windows\System\aleUzMF.exe
  2⤵
  PID:4736
- C:\Windows\System\kPugFSN.exe
  C:\Windows\System\kPugFSN.exe
  2⤵
  PID:4752
- C:\Windows\System\BFLxqcL.exe
  C:\Windows\System\BFLxqcL.exe
  2⤵
  PID:4768
- C:\Windows\System\TEhElGT.exe
  C:\Windows\System\TEhElGT.exe
  2⤵
  PID:4784
- C:\Windows\System\KxZOdeR.exe
  C:\Windows\System\KxZOdeR.exe
  2⤵
  PID:4804
- C:\Windows\System\QVWRfsP.exe
  C:\Windows\System\QVWRfsP.exe
  2⤵
  PID:4852
- C:\Windows\System\LaxySAs.exe
  C:\Windows\System\LaxySAs.exe
  2⤵
  PID:4868
- C:\Windows\System\qxnuKXp.exe
  C:\Windows\System\qxnuKXp.exe
  2⤵
  PID:4884
- C:\Windows\System\jeELcdw.exe
  C:\Windows\System\jeELcdw.exe
  2⤵
  PID:4900
- C:\Windows\System\vWScHrU.exe
  C:\Windows\System\vWScHrU.exe
  2⤵
  PID:4920
- C:\Windows\System\cNPhzBF.exe
  C:\Windows\System\cNPhzBF.exe
  2⤵
  PID:4944
- C:\Windows\System\WLcKFMu.exe
  C:\Windows\System\WLcKFMu.exe
  2⤵
  PID:4960
- C:\Windows\System\bVUaaaG.exe
  C:\Windows\System\bVUaaaG.exe
  2⤵
  PID:4980
- C:\Windows\System\hQEiqQb.exe
  C:\Windows\System\hQEiqQb.exe
  2⤵
  PID:5000
- C:\Windows\System\JNOpDIi.exe
  C:\Windows\System\JNOpDIi.exe
  2⤵
  PID:5020
- C:\Windows\System\wTtpxxT.exe
  C:\Windows\System\wTtpxxT.exe
  2⤵
  PID:5036
- C:\Windows\System\SJllBBf.exe
  C:\Windows\System\SJllBBf.exe
  2⤵
  PID:5052
- C:\Windows\System\ddVyKYC.exe
  C:\Windows\System\ddVyKYC.exe
  2⤵
  PID:5068
- C:\Windows\System\EbajaUS.exe
  C:\Windows\System\EbajaUS.exe
  2⤵
  PID:5084
- C:\Windows\System\OsyJzqy.exe
  C:\Windows\System\OsyJzqy.exe
  2⤵
  PID:5104
- C:\Windows\System\isxiSWl.exe
  C:\Windows\System\isxiSWl.exe
  2⤵
  PID:3796
- C:\Windows\System\NNEQZMw.exe
  C:\Windows\System\NNEQZMw.exe
  2⤵
  PID:1872
- C:\Windows\System\SzpxFxc.exe
  C:\Windows\System\SzpxFxc.exe
  2⤵
  PID:4132
- C:\Windows\System\PHecauh.exe
  C:\Windows\System\PHecauh.exe
  2⤵
  PID:4200
- C:\Windows\System\vpoZQwo.exe
  C:\Windows\System\vpoZQwo.exe
  2⤵
  PID:4208
- C:\Windows\System\pJhbdUj.exe
  C:\Windows\System\pJhbdUj.exe
  2⤵
  PID:4240
- C:\Windows\System\IAWEUCW.exe
  C:\Windows\System\IAWEUCW.exe
  2⤵
  PID:4300
- C:\Windows\System\EgBotsG.exe
  C:\Windows\System\EgBotsG.exe
  2⤵
  PID:4320
- C:\Windows\System\IssmtKi.exe
  C:\Windows\System\IssmtKi.exe
  2⤵
  PID:4336
- C:\Windows\System\sNwxBSS.exe
  C:\Windows\System\sNwxBSS.exe
  2⤵
  PID:4380
- C:\Windows\System\FtscVzZ.exe
  C:\Windows\System\FtscVzZ.exe
  2⤵
  PID:4484
- C:\Windows\System\TvyeqAu.exe
  C:\Windows\System\TvyeqAu.exe
  2⤵
  PID:4456
- C:\Windows\System\vregzZp.exe
  C:\Windows\System\vregzZp.exe
  2⤵
  PID:4504
- C:\Windows\System\TaOeuTS.exe
  C:\Windows\System\TaOeuTS.exe
  2⤵
  PID:4512
- C:\Windows\System\FJKvkEz.exe
  C:\Windows\System\FJKvkEz.exe
  2⤵
  PID:4580
- C:\Windows\System\HfivPDE.exe
  C:\Windows\System\HfivPDE.exe
  2⤵
  PID:4616
- C:\Windows\System\gPsFUfo.exe
  C:\Windows\System\gPsFUfo.exe
  2⤵
  PID:4692
- C:\Windows\System\OprdLws.exe
  C:\Windows\System\OprdLws.exe
  2⤵
  PID:4400
- C:\Windows\System\WIRxQRZ.exe
  C:\Windows\System\WIRxQRZ.exe
  2⤵
  PID:4472
- C:\Windows\System\zbjqWIE.exe
  C:\Windows\System\zbjqWIE.exe
  2⤵
  PID:4704
- C:\Windows\System\IFMxOgF.exe
  C:\Windows\System\IFMxOgF.exe
  2⤵
  PID:4716
- C:\Windows\System\AjkUZqf.exe
  C:\Windows\System\AjkUZqf.exe
  2⤵
  PID:4672
- C:\Windows\System\NexfqpW.exe
  C:\Windows\System\NexfqpW.exe
  2⤵
  PID:4760
- C:\Windows\System\ePNhkrI.exe
  C:\Windows\System\ePNhkrI.exe
  2⤵
  PID:4812
- C:\Windows\System\SLfgpkR.exe
  C:\Windows\System\SLfgpkR.exe
  2⤵
  PID:4916
- C:\Windows\System\gBSkcjn.exe
  C:\Windows\System\gBSkcjn.exe
  2⤵
  PID:4864
- C:\Windows\System\dhsrRAZ.exe
  C:\Windows\System\dhsrRAZ.exe
  2⤵
  PID:4936
- C:\Windows\System\QGOPTkD.exe
  C:\Windows\System\QGOPTkD.exe
  2⤵
  PID:4992
- C:\Windows\System\bTljEDm.exe
  C:\Windows\System\bTljEDm.exe
  2⤵
  PID:5032
- C:\Windows\System\RzBeJQC.exe
  C:\Windows\System\RzBeJQC.exe
  2⤵
  PID:5096
- C:\Windows\System\WhxObvV.exe
  C:\Windows\System\WhxObvV.exe
  2⤵
  PID:3236
- C:\Windows\System\dQMifng.exe
  C:\Windows\System\dQMifng.exe
  2⤵
  PID:4168
- C:\Windows\System\aeXyNsG.exe
  C:\Windows\System\aeXyNsG.exe
  2⤵
  PID:4232
- C:\Windows\System\CLXxLmK.exe
  C:\Windows\System\CLXxLmK.exe
  2⤵
  PID:4344
- C:\Windows\System\NyYkzfP.exe
  C:\Windows\System\NyYkzfP.exe
  2⤵
  PID:4452
- C:\Windows\System\XBfUzfQ.exe
  C:\Windows\System\XBfUzfQ.exe
  2⤵
  PID:4612
- C:\Windows\System\ppGDcFI.exe
  C:\Windows\System\ppGDcFI.exe
  2⤵
  PID:4700
- C:\Windows\System\dsLeUSh.exe
  C:\Windows\System\dsLeUSh.exe
  2⤵
  PID:5080
- C:\Windows\System\RdyiEmI.exe
  C:\Windows\System\RdyiEmI.exe
  2⤵
  PID:5044
- C:\Windows\System\ZAVRmcW.exe
  C:\Windows\System\ZAVRmcW.exe
  2⤵
  PID:856
- C:\Windows\System\bqsslwg.exe
  C:\Windows\System\bqsslwg.exe
  2⤵
  PID:4468
- C:\Windows\System\jfElsWD.exe
  C:\Windows\System\jfElsWD.exe
  2⤵
  PID:3524
- C:\Windows\System\EoxcTaP.exe
  C:\Windows\System\EoxcTaP.exe
  2⤵
  PID:4848
- C:\Windows\System\yQmqpUd.exe
  C:\Windows\System\yQmqpUd.exe
  2⤵
  PID:2848
- C:\Windows\System\wdwXYOL.exe
  C:\Windows\System\wdwXYOL.exe
  2⤵
  PID:4668
- C:\Windows\System\ZbfVEvH.exe
  C:\Windows\System\ZbfVEvH.exe
  2⤵
  PID:4212
- C:\Windows\System\CDpesQv.exe
  C:\Windows\System\CDpesQv.exe
  2⤵
  PID:4412
- C:\Windows\System\JSdqWUV.exe
  C:\Windows\System\JSdqWUV.exe
  2⤵
  PID:4828
- C:\Windows\System\BQXISBS.exe
  C:\Windows\System\BQXISBS.exe
  2⤵
  PID:4952
- C:\Windows\System\oSnPaps.exe
  C:\Windows\System\oSnPaps.exe
  2⤵
  PID:5076
- C:\Windows\System\sEvlrhk.exe
  C:\Windows\System\sEvlrhk.exe
  2⤵
  PID:4368
- C:\Windows\System\uEOAuBu.exe
  C:\Windows\System\uEOAuBu.exe
  2⤵
  PID:4028
- C:\Windows\System\GeMdMuS.exe
  C:\Windows\System\GeMdMuS.exe
  2⤵
  PID:4968
- C:\Windows\System\luiuths.exe
  C:\Windows\System\luiuths.exe
  2⤵
  PID:4396
- C:\Windows\System\Mrgbhqn.exe
  C:\Windows\System\Mrgbhqn.exe
  2⤵
  PID:4116
- C:\Windows\System\gpcjrpL.exe
  C:\Windows\System\gpcjrpL.exe
  2⤵
  PID:2740
- C:\Windows\System\wrGsFpq.exe
  C:\Windows\System\wrGsFpq.exe
  2⤵
  PID:5028
- C:\Windows\System\TgczVIK.exe
  C:\Windows\System\TgczVIK.exe
  2⤵
  PID:4496
- C:\Windows\System\MUFnYfu.exe
  C:\Windows\System\MUFnYfu.exe
  2⤵
  PID:4416
- C:\Windows\System\SXhWNgj.exe
  C:\Windows\System\SXhWNgj.exe
  2⤵
  PID:4256
- C:\Windows\System\IAMqluw.exe
  C:\Windows\System\IAMqluw.exe
  2⤵
  PID:676
- C:\Windows\System\twxRPtl.exe
  C:\Windows\System\twxRPtl.exe
  2⤵
  PID:4192
- C:\Windows\System\fcLwYYK.exe
  C:\Windows\System\fcLwYYK.exe
  2⤵
  PID:5060
- C:\Windows\System\CjACdIo.exe
  C:\Windows\System\CjACdIo.exe
  2⤵
  PID:4780
- C:\Windows\System\kWbycBQ.exe
  C:\Windows\System\kWbycBQ.exe
  2⤵
  PID:2508
- C:\Windows\System\ZZbgQAo.exe
  C:\Windows\System\ZZbgQAo.exe
  2⤵
  PID:4796
- C:\Windows\System\XgfPguW.exe
  C:\Windows\System\XgfPguW.exe
  2⤵
  PID:1356
- C:\Windows\System\toAkbZb.exe
  C:\Windows\System\toAkbZb.exe
  2⤵
  PID:4800
- C:\Windows\System\uWXwiTN.exe
  C:\Windows\System\uWXwiTN.exe
  2⤵
  PID:5048
- C:\Windows\System\vxONVNy.exe
  C:\Windows\System\vxONVNy.exe
  2⤵
  PID:4832
- C:\Windows\System\CLJZLjB.exe
  C:\Windows\System\CLJZLjB.exe
  2⤵
  PID:4656
- C:\Windows\System\ewFuKhZ.exe
  C:\Windows\System\ewFuKhZ.exe
  2⤵
  PID:4912
- C:\Windows\System\fIRelDb.exe
  C:\Windows\System\fIRelDb.exe
  2⤵
  PID:4636
- C:\Windows\System\gdeVFPu.exe
  C:\Windows\System\gdeVFPu.exe
  2⤵
  PID:5128
- C:\Windows\System\kwzddes.exe
  C:\Windows\System\kwzddes.exe
  2⤵
  PID:5144
- C:\Windows\System\yADgCYy.exe
  C:\Windows\System\yADgCYy.exe
  2⤵
  PID:5168
- C:\Windows\System\nyXBtuo.exe
  C:\Windows\System\nyXBtuo.exe
  2⤵
  PID:5220
- C:\Windows\System\klPUWVR.exe
  C:\Windows\System\klPUWVR.exe
  2⤵
  PID:5236
- C:\Windows\System\QPikMyi.exe
  C:\Windows\System\QPikMyi.exe
  2⤵
  PID:5252
- C:\Windows\System\WmnJCPw.exe
  C:\Windows\System\WmnJCPw.exe
  2⤵
  PID:5268
- C:\Windows\System\HRzGacH.exe
  C:\Windows\System\HRzGacH.exe
  2⤵
  PID:5284
- C:\Windows\System\FsckOJS.exe
  C:\Windows\System\FsckOJS.exe
  2⤵
  PID:5300
- C:\Windows\System\QesOrHX.exe
  C:\Windows\System\QesOrHX.exe
  2⤵
  PID:5324
- C:\Windows\System\FgNllwl.exe
  C:\Windows\System\FgNllwl.exe
  2⤵
  PID:5340
- C:\Windows\System\AShDcPP.exe
  C:\Windows\System\AShDcPP.exe
  2⤵
  PID:5356
- C:\Windows\System\wFnPGmT.exe
  C:\Windows\System\wFnPGmT.exe
  2⤵
  PID:5372
- C:\Windows\System\UbSewad.exe
  C:\Windows\System\UbSewad.exe
  2⤵
  PID:5388
- C:\Windows\System\PHMUqEt.exe
  C:\Windows\System\PHMUqEt.exe
  2⤵
  PID:5408
- C:\Windows\System\xSAfIdx.exe
  C:\Windows\System\xSAfIdx.exe
  2⤵
  PID:5428
- C:\Windows\System\rhAzJxt.exe
  C:\Windows\System\rhAzJxt.exe
  2⤵
  PID:5444
- C:\Windows\System\DuNCRpg.exe
  C:\Windows\System\DuNCRpg.exe
  2⤵
  PID:5496
- C:\Windows\System\uWPjUHg.exe
  C:\Windows\System\uWPjUHg.exe
  2⤵
  PID:5520
- C:\Windows\System\gtLKQzo.exe
  C:\Windows\System\gtLKQzo.exe
  2⤵
  PID:5536
- C:\Windows\System\VVJHbuv.exe
  C:\Windows\System\VVJHbuv.exe
  2⤵
  PID:5556
- C:\Windows\System\OXTtXhQ.exe
  C:\Windows\System\OXTtXhQ.exe
  2⤵
  PID:5572
- C:\Windows\System\bzojqng.exe
  C:\Windows\System\bzojqng.exe
  2⤵
  PID:5588
- C:\Windows\System\xsxAgYe.exe
  C:\Windows\System\xsxAgYe.exe
  2⤵
  PID:5604
- C:\Windows\System\ZKZppCX.exe
  C:\Windows\System\ZKZppCX.exe
  2⤵
  PID:5620
- C:\Windows\System\puScrhH.exe
  C:\Windows\System\puScrhH.exe
  2⤵
  PID:5636
- C:\Windows\System\fkXIvNV.exe
  C:\Windows\System\fkXIvNV.exe
  2⤵
  PID:5652
- C:\Windows\System\JXPVFaE.exe
  C:\Windows\System\JXPVFaE.exe
  2⤵
  PID:5668
- C:\Windows\System\eKOUDCP.exe
  C:\Windows\System\eKOUDCP.exe
  2⤵
  PID:5688
- C:\Windows\System\GqFtrrA.exe
  C:\Windows\System\GqFtrrA.exe
  2⤵
  PID:5712
- C:\Windows\System\GbkdLoO.exe
  C:\Windows\System\GbkdLoO.exe
  2⤵
  PID:5728
- C:\Windows\System\pXzUkgd.exe
  C:\Windows\System\pXzUkgd.exe
  2⤵
  PID:5772
- C:\Windows\System\zrQYiUi.exe
  C:\Windows\System\zrQYiUi.exe
  2⤵
  PID:5788
- C:\Windows\System\mhiSGoV.exe
  C:\Windows\System\mhiSGoV.exe
  2⤵
  PID:5804
- C:\Windows\System\lYQCFJu.exe
  C:\Windows\System\lYQCFJu.exe
  2⤵
  PID:5820
- C:\Windows\System\oHlBxbq.exe
  C:\Windows\System\oHlBxbq.exe
  2⤵
  PID:5840
- C:\Windows\System\eWxidhT.exe
  C:\Windows\System\eWxidhT.exe
  2⤵
  PID:5860
- C:\Windows\System\yWDnCTA.exe
  C:\Windows\System\yWDnCTA.exe
  2⤵
  PID:5880
- C:\Windows\System\eHInMuo.exe
  C:\Windows\System\eHInMuo.exe
  2⤵
  PID:5896
- C:\Windows\System\NPPrtau.exe
  C:\Windows\System\NPPrtau.exe
  2⤵
  PID:5912
- C:\Windows\System\dkwzpKy.exe
  C:\Windows\System\dkwzpKy.exe
  2⤵
  PID:5928
- C:\Windows\System\tOfJvLz.exe
  C:\Windows\System\tOfJvLz.exe
  2⤵
  PID:5948
- C:\Windows\System\eKsApIJ.exe
  C:\Windows\System\eKsApIJ.exe
  2⤵
  PID:5968
- C:\Windows\System\jYLGYMX.exe
  C:\Windows\System\jYLGYMX.exe
  2⤵
  PID:5984
- C:\Windows\System\jCjJNsg.exe
  C:\Windows\System\jCjJNsg.exe
  2⤵
  PID:6040
- C:\Windows\System\mDtwKyj.exe
  C:\Windows\System\mDtwKyj.exe
  2⤵
  PID:6056
- C:\Windows\System\bJOHNKc.exe
  C:\Windows\System\bJOHNKc.exe
  2⤵
  PID:6072
- C:\Windows\System\hgBLTpu.exe
  C:\Windows\System\hgBLTpu.exe
  2⤵
  PID:6088
- C:\Windows\System\zpUOxQf.exe
  C:\Windows\System\zpUOxQf.exe
  2⤵
  PID:6112
- C:\Windows\System\AvoCfrl.exe
  C:\Windows\System\AvoCfrl.exe
  2⤵
  PID:6128
- C:\Windows\System\lzmIzBu.exe
  C:\Windows\System\lzmIzBu.exe
  2⤵
  PID:4748
- C:\Windows\System\AoSuZqy.exe
  C:\Windows\System\AoSuZqy.exe
  2⤵
  PID:4332
- C:\Windows\System\JLGsiTr.exe
  C:\Windows\System\JLGsiTr.exe
  2⤵
  PID:4688
- C:\Windows\System\ojujqjz.exe
  C:\Windows\System\ojujqjz.exe
  2⤵
  PID:4176
- C:\Windows\System\MepBmuM.exe
  C:\Windows\System\MepBmuM.exe
  2⤵
  PID:5124
- C:\Windows\System\fEuIkVe.exe
  C:\Windows\System\fEuIkVe.exe
  2⤵
  PID:2916
- C:\Windows\System\HSgmaAq.exe
  C:\Windows\System\HSgmaAq.exe
  2⤵
  PID:5180
- C:\Windows\System\HQtVtkz.exe
  C:\Windows\System\HQtVtkz.exe
  2⤵
  PID:5212
- C:\Windows\System\bIIYSDX.exe
  C:\Windows\System\bIIYSDX.exe
  2⤵
  PID:5232
- C:\Windows\System\rxSeACk.exe
  C:\Windows\System\rxSeACk.exe
  2⤵
  PID:5260
- C:\Windows\System\JUzXkJw.exe
  C:\Windows\System\JUzXkJw.exe
  2⤵
  PID:5336
- C:\Windows\System\iztFuol.exe
  C:\Windows\System\iztFuol.exe
  2⤵
  PID:5436
- C:\Windows\System\GOMUShy.exe
  C:\Windows\System\GOMUShy.exe
  2⤵
  PID:5460
- C:\Windows\System\nHCKrGb.exe
  C:\Windows\System\nHCKrGb.exe
  2⤵
  PID:5312
- C:\Windows\System\uOgqIub.exe
  C:\Windows\System\uOgqIub.exe
  2⤵
  PID:5348
- C:\Windows\System\kvHbifq.exe
  C:\Windows\System\kvHbifq.exe
  2⤵
  PID:5484
- C:\Windows\System\RhWCvqF.exe
  C:\Windows\System\RhWCvqF.exe
  2⤵
  PID:5492
- C:\Windows\System\yLccqEE.exe
  C:\Windows\System\yLccqEE.exe
  2⤵
  PID:5516
- C:\Windows\System\lVpMFAn.exe
  C:\Windows\System\lVpMFAn.exe
  2⤵
  PID:5480
- C:\Windows\System\wvxQMzG.exe
  C:\Windows\System\wvxQMzG.exe
  2⤵
  PID:5580
- C:\Windows\System\MkAReXa.exe
  C:\Windows\System\MkAReXa.exe
  2⤵
  PID:5676
- C:\Windows\System\HsTbqtw.exe
  C:\Windows\System\HsTbqtw.exe
  2⤵
  PID:5724
- C:\Windows\System\lqgyudh.exe
  C:\Windows\System\lqgyudh.exe
  2⤵
  PID:5700
- C:\Windows\System\RjgJfeY.exe
  C:\Windows\System\RjgJfeY.exe
  2⤵
  PID:5736
- C:\Windows\System\PQtNPqk.exe
  C:\Windows\System\PQtNPqk.exe
  2⤵
  PID:5568
- C:\Windows\System\qgNrHCx.exe
  C:\Windows\System\qgNrHCx.exe
  2⤵
  PID:5780
- C:\Windows\System\dieOdAC.exe
  C:\Windows\System\dieOdAC.exe
  2⤵
  PID:5848
- C:\Windows\System\tCZQRqU.exe
  C:\Windows\System\tCZQRqU.exe
  2⤵
  PID:5888
- C:\Windows\System\elOVQBb.exe
  C:\Windows\System\elOVQBb.exe
  2⤵
  PID:5956
- C:\Windows\System\wuqqsMQ.exe
  C:\Windows\System\wuqqsMQ.exe
  2⤵
  PID:5992
- C:\Windows\System\YolenPI.exe
  C:\Windows\System\YolenPI.exe
  2⤵
  PID:6012
- C:\Windows\System\omfhHsH.exe
  C:\Windows\System\omfhHsH.exe
  2⤵
  PID:5872
- C:\Windows\System\hZtjblx.exe
  C:\Windows\System\hZtjblx.exe
  2⤵
  PID:5940
- C:\Windows\System\AEtrVXL.exe
  C:\Windows\System\AEtrVXL.exe
  2⤵
  PID:6028
- C:\Windows\System\VEHsDcT.exe
  C:\Windows\System\VEHsDcT.exe
  2⤵
  PID:6064
- C:\Windows\System\krEYPiE.exe
  C:\Windows\System\krEYPiE.exe
  2⤵
  PID:6052
- C:\Windows\System\eUOmSvO.exe
  C:\Windows\System\eUOmSvO.exe
  2⤵
  PID:6100
- C:\Windows\System\DtJMpFG.exe
  C:\Windows\System\DtJMpFG.exe
  2⤵
  PID:4448
- C:\Windows\System\aFCJrOt.exe
  C:\Windows\System\aFCJrOt.exe
  2⤵
  PID:2572
- C:\Windows\System\lKFFFTa.exe
  C:\Windows\System\lKFFFTa.exe
  2⤵
  PID:5196
- C:\Windows\System\YKdZNZp.exe
  C:\Windows\System\YKdZNZp.exe
  2⤵
  PID:5116
- C:\Windows\System\TvTWJHl.exe
  C:\Windows\System\TvTWJHl.exe
  2⤵
  PID:2500
- C:\Windows\System\eneGcRF.exe
  C:\Windows\System\eneGcRF.exe
  2⤵
  PID:6120
- C:\Windows\System\idEzGMR.exe
  C:\Windows\System\idEzGMR.exe
  2⤵
  PID:1928
- C:\Windows\System\JzvbQXk.exe
  C:\Windows\System\JzvbQXk.exe
  2⤵
  PID:1924
- C:\Windows\System\qMTZOBM.exe
  C:\Windows\System\qMTZOBM.exe
  2⤵
  PID:5396
- C:\Windows\System\OpvoISB.exe
  C:\Windows\System\OpvoISB.exe
  2⤵
  PID:1172
- C:\Windows\System\HRMAjLa.exe
  C:\Windows\System\HRMAjLa.exe
  2⤵
  PID:5416
- C:\Windows\System\NxUSUQP.exe
  C:\Windows\System\NxUSUQP.exe
  2⤵
  PID:5228
- C:\Windows\System\urxenUO.exe
  C:\Windows\System\urxenUO.exe
  2⤵
  PID:5512
- C:\Windows\System\blEDFWP.exe
  C:\Windows\System\blEDFWP.exe
  2⤵
  PID:1436
- C:\Windows\System\bHgyEKr.exe
  C:\Windows\System\bHgyEKr.exe
  2⤵
  PID:5612
- C:\Windows\System\tJXPhsB.exe
  C:\Windows\System\tJXPhsB.exe
  2⤵
  PID:5564
- C:\Windows\System\VBHTWxt.exe
  C:\Windows\System\VBHTWxt.exe
  2⤵
  PID:4676
- C:\Windows\System\sxcisiB.exe
  C:\Windows\System\sxcisiB.exe
  2⤵
  PID:5648
- C:\Windows\System\XfDpUMm.exe
  C:\Windows\System\XfDpUMm.exe
  2⤵
  PID:5628
- C:\Windows\System\aBOwGYc.exe
  C:\Windows\System\aBOwGYc.exe
  2⤵
  PID:5816
- C:\Windows\System\yPVyEAI.exe
  C:\Windows\System\yPVyEAI.exe
  2⤵
  PID:6008
- C:\Windows\System\JKNBHEy.exe
  C:\Windows\System\JKNBHEy.exe
  2⤵
  PID:5868
- C:\Windows\System\GYorsaT.exe
  C:\Windows\System\GYorsaT.exe
  2⤵
  PID:5976
- C:\Windows\System\BmrtzTv.exe
  C:\Windows\System\BmrtzTv.exe
  2⤵
  PID:6016
- C:\Windows\System\HBWDjmg.exe
  C:\Windows\System\HBWDjmg.exe
  2⤵
  PID:4188
- C:\Windows\System\aRfzkox.exe
  C:\Windows\System\aRfzkox.exe
  2⤵
  PID:5192
- C:\Windows\System\MxpqUtD.exe
  C:\Windows\System\MxpqUtD.exe
  2⤵
  PID:5204
- C:\Windows\System\jeRfzPF.exe
  C:\Windows\System\jeRfzPF.exe
  2⤵
  PID:1988
- C:\Windows\System\LWbciiu.exe
  C:\Windows\System\LWbciiu.exe
  2⤵
  PID:6136
- C:\Windows\System\tZEMbeh.exe
  C:\Windows\System\tZEMbeh.exe
  2⤵
  PID:5200
- C:\Windows\System\DjVBpuS.exe
  C:\Windows\System\DjVBpuS.exe
  2⤵
  PID:5332
- C:\Windows\System\goVLQXI.exe
  C:\Windows\System\goVLQXI.exe
  2⤵
  PID:5476
- C:\Windows\System\iRSNzPP.exe
  C:\Windows\System\iRSNzPP.exe
  2⤵
  PID:5684
- C:\Windows\System\jUNuMnk.exe
  C:\Windows\System\jUNuMnk.exe
  2⤵
  PID:5748
- C:\Windows\System\sQtgoEf.exe
  C:\Windows\System\sQtgoEf.exe
  2⤵
  PID:888
- C:\Windows\System\xUsJLOj.exe
  C:\Windows\System\xUsJLOj.exe
  2⤵
  PID:5908
- C:\Windows\System\eSUyGhP.exe
  C:\Windows\System\eSUyGhP.exe
  2⤵
  PID:4928
- C:\Windows\System\cwCNoSq.exe
  C:\Windows\System\cwCNoSq.exe
  2⤵
  PID:2620
- C:\Windows\System\VhXgVJz.exe
  C:\Windows\System\VhXgVJz.exe
  2⤵
  PID:6096
- C:\Windows\System\UOyfLIk.exe
  C:\Windows\System\UOyfLIk.exe
  2⤵
  PID:5856
- C:\Windows\System\iuFTEOa.exe
  C:\Windows\System\iuFTEOa.exe
  2⤵
  PID:5832
- C:\Windows\System\WstKISl.exe
  C:\Windows\System\WstKISl.exe
  2⤵
  PID:2364
- C:\Windows\System\AtUBelP.exe
  C:\Windows\System\AtUBelP.exe
  2⤵
  PID:6104
- C:\Windows\System\JpyFXZQ.exe
  C:\Windows\System\JpyFXZQ.exe
  2⤵
  PID:6140
- C:\Windows\System\bCIeHlp.exe
  C:\Windows\System\bCIeHlp.exe
  2⤵
  PID:5140
- C:\Windows\System\TctAdhg.exe
  C:\Windows\System\TctAdhg.exe
  2⤵
  PID:5464
- C:\Windows\System\bNnGkQv.exe
  C:\Windows\System\bNnGkQv.exe
  2⤵
  PID:1256
- C:\Windows\System\ETAoWmt.exe
  C:\Windows\System\ETAoWmt.exe
  2⤵
  PID:5696
- C:\Windows\System\jqwxMJF.exe
  C:\Windows\System\jqwxMJF.exe
  2⤵
  PID:3016
- C:\Windows\System\vJXbdJp.exe
  C:\Windows\System\vJXbdJp.exe
  2⤵
  PID:6160
- C:\Windows\System\CwMUWjM.exe
  C:\Windows\System\CwMUWjM.exe
  2⤵
  PID:6176
- C:\Windows\System\NoqtSSO.exe
  C:\Windows\System\NoqtSSO.exe
  2⤵
  PID:6192
- C:\Windows\System\vctqZVl.exe
  C:\Windows\System\vctqZVl.exe
  2⤵
  PID:6208
- C:\Windows\System\lwnWmwU.exe
  C:\Windows\System\lwnWmwU.exe
  2⤵
  PID:6224
- C:\Windows\System\gSklzZV.exe
  C:\Windows\System\gSklzZV.exe
  2⤵
  PID:6240
- C:\Windows\System\uhzMCRv.exe
  C:\Windows\System\uhzMCRv.exe
  2⤵
  PID:6268
- C:\Windows\System\wgReHwa.exe
  C:\Windows\System\wgReHwa.exe
  2⤵
  PID:6284
- C:\Windows\System\cAunhwQ.exe
  C:\Windows\System\cAunhwQ.exe
  2⤵
  PID:6352
- C:\Windows\System\uaaYDhA.exe
  C:\Windows\System\uaaYDhA.exe
  2⤵
  PID:6368
- C:\Windows\System\LREkUzd.exe
  C:\Windows\System\LREkUzd.exe
  2⤵
  PID:6384
- C:\Windows\System\RddipXP.exe
  C:\Windows\System\RddipXP.exe
  2⤵
  PID:6400
- C:\Windows\System\FeOiZJi.exe
  C:\Windows\System\FeOiZJi.exe
  2⤵
  PID:6416
- C:\Windows\System\UkUFfLd.exe
  C:\Windows\System\UkUFfLd.exe
  2⤵
  PID:6432
- C:\Windows\System\PGgnmaq.exe
  C:\Windows\System\PGgnmaq.exe
  2⤵
  PID:6464
- C:\Windows\System\WaRMdMI.exe
  C:\Windows\System\WaRMdMI.exe
  2⤵
  PID:6480
- C:\Windows\System\pnGTaNk.exe
  C:\Windows\System\pnGTaNk.exe
  2⤵
  PID:6496
- C:\Windows\System\GatWRUf.exe
  C:\Windows\System\GatWRUf.exe
  2⤵
  PID:6512
- C:\Windows\System\QwoeFnw.exe
  C:\Windows\System\QwoeFnw.exe
  2⤵
  PID:6528
- C:\Windows\System\LxTShwn.exe
  C:\Windows\System\LxTShwn.exe
  2⤵
  PID:6544
- C:\Windows\System\qlTVQxK.exe
  C:\Windows\System\qlTVQxK.exe
  2⤵
  PID:6560
- C:\Windows\System\gCmvJMj.exe
  C:\Windows\System\gCmvJMj.exe
  2⤵
  PID:6616
- C:\Windows\System\TtFcxnW.exe
  C:\Windows\System\TtFcxnW.exe
  2⤵
  PID:6632
- C:\Windows\System\stNSpgn.exe
  C:\Windows\System\stNSpgn.exe
  2⤵
  PID:6648
- C:\Windows\System\jMVMtre.exe
  C:\Windows\System\jMVMtre.exe
  2⤵
  PID:6664
- C:\Windows\System\tpMbJQf.exe
  C:\Windows\System\tpMbJQf.exe
  2⤵
  PID:6684
- C:\Windows\System\MJoQNEX.exe
  C:\Windows\System\MJoQNEX.exe
  2⤵
  PID:6700
- C:\Windows\System\aYFNkdb.exe
  C:\Windows\System\aYFNkdb.exe
  2⤵
  PID:6720
- C:\Windows\System\QEAqanW.exe
  C:\Windows\System\QEAqanW.exe
  2⤵
  PID:6748
- C:\Windows\System\DREQPZm.exe
  C:\Windows\System\DREQPZm.exe
  2⤵
  PID:6772
- C:\Windows\System\ytEpLtu.exe
  C:\Windows\System\ytEpLtu.exe
  2⤵
  PID:6792
- C:\Windows\System\drBfNhU.exe
  C:\Windows\System\drBfNhU.exe
  2⤵
  PID:6808
- C:\Windows\System\SjXMUeS.exe
  C:\Windows\System\SjXMUeS.exe
  2⤵
  PID:6824
- C:\Windows\System\EnkPkKn.exe
  C:\Windows\System\EnkPkKn.exe
  2⤵
  PID:6848
- C:\Windows\System\zKhgYWO.exe
  C:\Windows\System\zKhgYWO.exe
  2⤵
  PID:6864
- C:\Windows\System\IQOIpJe.exe
  C:\Windows\System\IQOIpJe.exe
  2⤵
  PID:6884
- C:\Windows\System\MpFZHLw.exe
  C:\Windows\System\MpFZHLw.exe
  2⤵
  PID:6900
- C:\Windows\System\IzLNmRw.exe
  C:\Windows\System\IzLNmRw.exe
  2⤵
  PID:6916
- C:\Windows\System\BEASdnH.exe
  C:\Windows\System\BEASdnH.exe
  2⤵
  PID:6932
- C:\Windows\System\YaDshWt.exe
  C:\Windows\System\YaDshWt.exe
  2⤵
  PID:6948
- C:\Windows\System\eZpAQXT.exe
  C:\Windows\System\eZpAQXT.exe
  2⤵
  PID:6964
- C:\Windows\System\kznOsMQ.exe
  C:\Windows\System\kznOsMQ.exe
  2⤵
  PID:6984
- C:\Windows\System\JlFPSeq.exe
  C:\Windows\System\JlFPSeq.exe
  2⤵
  PID:7004
- C:\Windows\System\LezRGmH.exe
  C:\Windows\System\LezRGmH.exe
  2⤵
  PID:7024
- C:\Windows\System\VasQmAa.exe
  C:\Windows\System\VasQmAa.exe
  2⤵
  PID:7040
- C:\Windows\System\UNqlLIq.exe
  C:\Windows\System\UNqlLIq.exe
  2⤵
  PID:7056
- C:\Windows\System\HfAMyca.exe
  C:\Windows\System\HfAMyca.exe
  2⤵
  PID:7072
- C:\Windows\System\ZmLQHnX.exe
  C:\Windows\System\ZmLQHnX.exe
  2⤵
  PID:7092
- C:\Windows\System\JJlmbyM.exe
  C:\Windows\System\JJlmbyM.exe
  2⤵
  PID:7120
- C:\Windows\System\QIxHZNz.exe
  C:\Windows\System\QIxHZNz.exe
  2⤵
  PID:7140
- C:\Windows\System\vAenCid.exe
  C:\Windows\System\vAenCid.exe
  2⤵
  PID:7160
- C:\Windows\System\jswRZHY.exe
  C:\Windows\System\jswRZHY.exe
  2⤵
  PID:5740
- C:\Windows\System\aeZZLpi.exe
  C:\Windows\System\aeZZLpi.exe
  2⤵
  PID:4316
- C:\Windows\System\qwIKEhh.exe
  C:\Windows\System\qwIKEhh.exe
  2⤵
  PID:6148
- C:\Windows\System\VvTqUrL.exe
  C:\Windows\System\VvTqUrL.exe
  2⤵
  PID:6216
- C:\Windows\System\KtlJmTg.exe
  C:\Windows\System\KtlJmTg.exe
  2⤵
  PID:6248
- C:\Windows\System\McchMdo.exe
  C:\Windows\System\McchMdo.exe
  2⤵
  PID:6264
- C:\Windows\System\MXGpAhj.exe
  C:\Windows\System\MXGpAhj.exe
  2⤵
  PID:6308
- C:\Windows\System\QlfVlPV.exe
  C:\Windows\System\QlfVlPV.exe
  2⤵
  PID:6084
- C:\Windows\System\KabfdxC.exe
  C:\Windows\System\KabfdxC.exe
  2⤵
  PID:5764
- C:\Windows\System\ACVoYgh.exe
  C:\Windows\System\ACVoYgh.exe
  2⤵
  PID:6344
- C:\Windows\System\EotLwAN.exe
  C:\Windows\System\EotLwAN.exe
  2⤵
  PID:6408
- C:\Windows\System\GvLmmlZ.exe
  C:\Windows\System\GvLmmlZ.exe
  2⤵
  PID:6364
- C:\Windows\System\vECAQat.exe
  C:\Windows\System\vECAQat.exe
  2⤵
  PID:6460
- C:\Windows\System\IySmBda.exe
  C:\Windows\System\IySmBda.exe
  2⤵
  PID:6476
- C:\Windows\System\sFCDHOD.exe
  C:\Windows\System\sFCDHOD.exe
  2⤵
  PID:6492
- C:\Windows\System\fcIigLj.exe
  C:\Windows\System\fcIigLj.exe
  2⤵
  PID:6428
- C:\Windows\System\WygAbjG.exe
  C:\Windows\System\WygAbjG.exe
  2⤵
  PID:6576
- C:\Windows\System\WZpqFBh.exe
  C:\Windows\System\WZpqFBh.exe
  2⤵
  PID:6592
- C:\Windows\System\lgrkdoP.exe
  C:\Windows\System\lgrkdoP.exe
  2⤵
  PID:6656
- C:\Windows\System\lLjGghP.exe
  C:\Windows\System\lLjGghP.exe
  2⤵
  PID:6728
- C:\Windows\System\obRjtzf.exe
  C:\Windows\System\obRjtzf.exe
  2⤵
  PID:6736
- C:\Windows\System\dZRuTtG.exe
  C:\Windows\System\dZRuTtG.exe
  2⤵
  PID:6672
- C:\Windows\System\YSLZNfd.exe
  C:\Windows\System\YSLZNfd.exe
  2⤵
  PID:7000
- C:\Windows\System\OPAWAkI.exe
  C:\Windows\System\OPAWAkI.exe
  2⤵
  PID:6996
- C:\Windows\System\tYRJGmY.exe
  C:\Windows\System\tYRJGmY.exe
  2⤵
  PID:7100
- C:\Windows\System\ZTShxbI.exe
  C:\Windows\System\ZTShxbI.exe
  2⤵
  PID:6760
- C:\Windows\System\KKHNUfg.exe
  C:\Windows\System\KKHNUfg.exe
  2⤵
  PID:6708
- C:\Windows\System\zmtjShO.exe
  C:\Windows\System\zmtjShO.exe
  2⤵
  PID:7116
- C:\Windows\System\JbTgyku.exe
  C:\Windows\System\JbTgyku.exe
  2⤵
  PID:616
- C:\Windows\System\uKZXgcw.exe
  C:\Windows\System\uKZXgcw.exe
  2⤵
  PID:6876
- C:\Windows\System\XOeDguY.exe
  C:\Windows\System\XOeDguY.exe
  2⤵
  PID:5292
- C:\Windows\System\kxsULrO.exe
  C:\Windows\System\kxsULrO.exe
  2⤵
  PID:7048
- C:\Windows\System\FQREuEK.exe
  C:\Windows\System\FQREuEK.exe
  2⤵
  PID:6256
- C:\Windows\System\XllJduW.exe
  C:\Windows\System\XllJduW.exe
  2⤵
  PID:5308
- C:\Windows\System\rkyNcwK.exe
  C:\Windows\System\rkyNcwK.exe
  2⤵
  PID:6236
- C:\Windows\System\GFSwyCi.exe
  C:\Windows\System\GFSwyCi.exe
  2⤵
  PID:5380
- C:\Windows\System\RNTwXwJ.exe
  C:\Windows\System\RNTwXwJ.exe
  2⤵
  PID:6220
- C:\Windows\System\iNOeDsP.exe
  C:\Windows\System\iNOeDsP.exe
  2⤵
  PID:6168
- C:\Windows\System\HxBHWjG.exe
  C:\Windows\System\HxBHWjG.exe
  2⤵
  PID:7052
- C:\Windows\System\wwGxTWq.exe
  C:\Windows\System\wwGxTWq.exe
  2⤵
  PID:7128
- C:\Windows\System\svrXyZy.exe
  C:\Windows\System\svrXyZy.exe
  2⤵
  PID:5924
- C:\Windows\System\SzltCXQ.exe
  C:\Windows\System\SzltCXQ.exe
  2⤵
  PID:6376
- C:\Windows\System\pqrAFbb.exe
  C:\Windows\System\pqrAFbb.exe
  2⤵
  PID:6204
- C:\Windows\System\NitaVJd.exe
  C:\Windows\System\NitaVJd.exe
  2⤵
  PID:6508
- C:\Windows\System\xwMMiPB.exe
  C:\Windows\System\xwMMiPB.exe
  2⤵
  PID:6644
- C:\Windows\System\WONkwSP.exe
  C:\Windows\System\WONkwSP.exe
  2⤵
  PID:6856
- C:\Windows\System\eITNeNk.exe
  C:\Windows\System\eITNeNk.exe
  2⤵
  PID:6624
- C:\Windows\System\DgBldiH.exe
  C:\Windows\System\DgBldiH.exe
  2⤵
  PID:6784
- C:\Windows\System\UmKlFVt.exe
  C:\Windows\System\UmKlFVt.exe
  2⤵
  PID:6444
- C:\Windows\System\OLlGpng.exe
  C:\Windows\System\OLlGpng.exe
  2⤵
  PID:7064
- C:\Windows\System\cActhYb.exe
  C:\Windows\System\cActhYb.exe
  2⤵
  PID:6836
- C:\Windows\System\zQgVbHz.exe
  C:\Windows\System\zQgVbHz.exe
  2⤵
  PID:6184
- C:\Windows\System\quOJZra.exe
  C:\Windows\System\quOJZra.exe
  2⤵
  PID:7136
- C:\Windows\System\NwiiMyr.exe
  C:\Windows\System\NwiiMyr.exe
  2⤵
  PID:7012
- C:\Windows\System\MYSmhRk.exe
  C:\Windows\System\MYSmhRk.exe
  2⤵
  PID:7108
- C:\Windows\System\IIyjGMD.exe
  C:\Windows\System\IIyjGMD.exe
  2⤵
  PID:732
- C:\Windows\System\SXTpLxc.exe
  C:\Windows\System\SXTpLxc.exe
  2⤵
  PID:6316
- C:\Windows\System\BYEtLHa.exe
  C:\Windows\System\BYEtLHa.exe
  2⤵
  PID:6000
- C:\Windows\System\jkXUFnn.exe
  C:\Windows\System\jkXUFnn.exe
  2⤵
  PID:7084
- C:\Windows\System\rEmAcot.exe
  C:\Windows\System\rEmAcot.exe
  2⤵
  PID:6324
- C:\Windows\System\EuJOKki.exe
  C:\Windows\System\EuJOKki.exe
  2⤵
  PID:6452
- C:\Windows\System\FPTERpZ.exe
  C:\Windows\System\FPTERpZ.exe
  2⤵
  PID:6892
- C:\Windows\System\tTPHdgx.exe
  C:\Windows\System\tTPHdgx.exe
  2⤵
  PID:6912
- C:\Windows\System\mvoJAgr.exe
  C:\Windows\System\mvoJAgr.exe
  2⤵
  PID:7148
- C:\Windows\System\iUgPrJO.exe
  C:\Windows\System\iUgPrJO.exe
  2⤵
  PID:6232
- C:\Windows\System\ddWJEJV.exe
  C:\Windows\System\ddWJEJV.exe
  2⤵
  PID:6756
- C:\Windows\System\IdxSrtx.exe
  C:\Windows\System\IdxSrtx.exe
  2⤵
  PID:6588
- C:\Windows\System\nhYDaaX.exe
  C:\Windows\System\nhYDaaX.exe
  2⤵
  PID:6740
- C:\Windows\System\OfSHjzm.exe
  C:\Windows\System\OfSHjzm.exe
  2⤵
  PID:6108
- C:\Windows\System\gmLfkgs.exe
  C:\Windows\System\gmLfkgs.exe
  2⤵
  PID:6816
- C:\Windows\System\wcRxkmq.exe
  C:\Windows\System\wcRxkmq.exe
  2⤵
  PID:6980
- C:\Windows\System\UwRBJpB.exe
  C:\Windows\System\UwRBJpB.exe
  2⤵
  PID:6340
- C:\Windows\System\zAZmTxq.exe
  C:\Windows\System\zAZmTxq.exe
  2⤵
  PID:6472
- C:\Windows\System\VFLGZQJ.exe
  C:\Windows\System\VFLGZQJ.exe
  2⤵
  PID:6156
- C:\Windows\System\elljlho.exe
  C:\Windows\System\elljlho.exe
  2⤵
  PID:6556
- C:\Windows\System\qxBmqHS.exe
  C:\Windows\System\qxBmqHS.exe
  2⤵
  PID:7068
- C:\Windows\System\vVaDqJc.exe
  C:\Windows\System\vVaDqJc.exe
  2⤵
  PID:5508
- C:\Windows\System\LYEjgNU.exe
  C:\Windows\System\LYEjgNU.exe
  2⤵
  PID:6872
- C:\Windows\System\SJWHWTe.exe
  C:\Windows\System\SJWHWTe.exe
  2⤵
  PID:6336
- C:\Windows\System\aHHnEZE.exe
  C:\Windows\System\aHHnEZE.exe
  2⤵
  PID:2088
- C:\Windows\System\aVFcmRY.exe
  C:\Windows\System\aVFcmRY.exe
  2⤵
  PID:6456
- C:\Windows\System\KpVXeUt.exe
  C:\Windows\System\KpVXeUt.exe
  2⤵
  PID:6536
- C:\Windows\System\JnEuwHy.exe
  C:\Windows\System\JnEuwHy.exe
  2⤵
  PID:6992
- C:\Windows\System\XKKriRc.exe
  C:\Windows\System\XKKriRc.exe
  2⤵
  PID:6924
- C:\Windows\System\wRzJguL.exe
  C:\Windows\System\wRzJguL.exe
  2⤵
  PID:6804
- C:\Windows\System\NZQwIOY.exe
  C:\Windows\System\NZQwIOY.exe
  2⤵
  PID:7184
- C:\Windows\System\OdMCaTl.exe
  C:\Windows\System\OdMCaTl.exe
  2⤵
  PID:7200
- C:\Windows\System\EGhEdGC.exe
  C:\Windows\System\EGhEdGC.exe
  2⤵
  PID:7216
- C:\Windows\System\qEgKjFj.exe
  C:\Windows\System\qEgKjFj.exe
  2⤵
  PID:7232
- C:\Windows\System\SQzZrvi.exe
  C:\Windows\System\SQzZrvi.exe
  2⤵
  PID:7248
- C:\Windows\System\fPWjwnr.exe
  C:\Windows\System\fPWjwnr.exe
  2⤵
  PID:7264
- C:\Windows\System\EAZGazr.exe
  C:\Windows\System\EAZGazr.exe
  2⤵
  PID:7280
- C:\Windows\System\cbayann.exe
  C:\Windows\System\cbayann.exe
  2⤵
  PID:7296
- C:\Windows\System\ZjITTuK.exe
  C:\Windows\System\ZjITTuK.exe
  2⤵
  PID:7312
- C:\Windows\System\jhRawGN.exe
  C:\Windows\System\jhRawGN.exe
  2⤵
  PID:7328
- C:\Windows\System\lSWzIkw.exe
  C:\Windows\System\lSWzIkw.exe
  2⤵
  PID:7344
- C:\Windows\System\CcOxeQO.exe
  C:\Windows\System\CcOxeQO.exe
  2⤵
  PID:7360
- C:\Windows\System\MCNZhdh.exe
  C:\Windows\System\MCNZhdh.exe
  2⤵
  PID:7376
- C:\Windows\System\hoerUQC.exe
  C:\Windows\System\hoerUQC.exe
  2⤵
  PID:7392
- C:\Windows\System\ErKbLYv.exe
  C:\Windows\System\ErKbLYv.exe
  2⤵
  PID:7408
- C:\Windows\System\btjDHDG.exe
  C:\Windows\System\btjDHDG.exe
  2⤵
  PID:7424
- C:\Windows\System\UknzFde.exe
  C:\Windows\System\UknzFde.exe
  2⤵
  PID:7440
- C:\Windows\System\VUuTRfB.exe
  C:\Windows\System\VUuTRfB.exe
  2⤵
  PID:7456
- C:\Windows\System\gUsksRQ.exe
  C:\Windows\System\gUsksRQ.exe
  2⤵
  PID:7472
- C:\Windows\System\QEhnMhm.exe
  C:\Windows\System\QEhnMhm.exe
  2⤵
  PID:7488
- C:\Windows\System\PdnAkga.exe
  C:\Windows\System\PdnAkga.exe
  2⤵
  PID:7504
- C:\Windows\System\FvpPQlZ.exe
  C:\Windows\System\FvpPQlZ.exe
  2⤵
  PID:7520
- C:\Windows\System\GhMazyk.exe
  C:\Windows\System\GhMazyk.exe
  2⤵
  PID:7536
- C:\Windows\System\JyYlNPm.exe
  C:\Windows\System\JyYlNPm.exe
  2⤵
  PID:7556
- C:\Windows\System\nHSvjNm.exe
  C:\Windows\System\nHSvjNm.exe
  2⤵
  PID:7572
- C:\Windows\System\MsTfKyY.exe
  C:\Windows\System\MsTfKyY.exe
  2⤵
  PID:7588
- C:\Windows\System\AZjvgIT.exe
  C:\Windows\System\AZjvgIT.exe
  2⤵
  PID:7604
- C:\Windows\System\iuRJOEa.exe
  C:\Windows\System\iuRJOEa.exe
  2⤵
  PID:7620
- C:\Windows\System\ZWTndQg.exe
  C:\Windows\System\ZWTndQg.exe
  2⤵
  PID:7636
- C:\Windows\System\HGlMnbO.exe
  C:\Windows\System\HGlMnbO.exe
  2⤵
  PID:7652
- C:\Windows\System\PuCLtaG.exe
  C:\Windows\System\PuCLtaG.exe
  2⤵
  PID:7668
- C:\Windows\System\oOCfcRa.exe
  C:\Windows\System\oOCfcRa.exe
  2⤵
  PID:7688
- C:\Windows\System\mIbYQIJ.exe
  C:\Windows\System\mIbYQIJ.exe
  2⤵
  PID:7704
- C:\Windows\System\MNqQVUk.exe
  C:\Windows\System\MNqQVUk.exe
  2⤵
  PID:7720
- C:\Windows\System\zKbPBnH.exe
  C:\Windows\System\zKbPBnH.exe
  2⤵
  PID:7736
- C:\Windows\System\fudLEcn.exe
  C:\Windows\System\fudLEcn.exe
  2⤵
  PID:7752
- C:\Windows\System\CdiTSvd.exe
  C:\Windows\System\CdiTSvd.exe
  2⤵
  PID:7768
- C:\Windows\System\hmPSEMZ.exe
  C:\Windows\System\hmPSEMZ.exe
  2⤵
  PID:7784
- C:\Windows\System\mGUqCVF.exe
  C:\Windows\System\mGUqCVF.exe
  2⤵
  PID:7800
- C:\Windows\System\DqMafrw.exe
  C:\Windows\System\DqMafrw.exe
  2⤵
  PID:7820
- C:\Windows\System\DCNgczD.exe
  C:\Windows\System\DCNgczD.exe
  2⤵
  PID:7840
- C:\Windows\System\uKCsmVP.exe
  C:\Windows\System\uKCsmVP.exe
  2⤵
  PID:7856
- C:\Windows\System\MSsUnMw.exe
  C:\Windows\System\MSsUnMw.exe
  2⤵
  PID:7872
- C:\Windows\System\UZrbSTw.exe
  C:\Windows\System\UZrbSTw.exe
  2⤵
  PID:7888
- C:\Windows\System\UrgluvA.exe
  C:\Windows\System\UrgluvA.exe
  2⤵
  PID:7904
- C:\Windows\System\pIoxuBS.exe
  C:\Windows\System\pIoxuBS.exe
  2⤵
  PID:7920
- C:\Windows\System\MuMPfpM.exe
  C:\Windows\System\MuMPfpM.exe
  2⤵
  PID:7936
- C:\Windows\System\OREOSca.exe
  C:\Windows\System\OREOSca.exe
  2⤵
  PID:7952
- C:\Windows\System\mGpLkCq.exe
  C:\Windows\System\mGpLkCq.exe
  2⤵
  PID:7968
- C:\Windows\System\QZJlqNk.exe
  C:\Windows\System\QZJlqNk.exe
  2⤵
  PID:7984
- C:\Windows\System\krsqjKF.exe
  C:\Windows\System\krsqjKF.exe
  2⤵
  PID:8000
- C:\Windows\System\vLGcxhm.exe
  C:\Windows\System\vLGcxhm.exe
  2⤵
  PID:8016
- C:\Windows\System\zjKknin.exe
  C:\Windows\System\zjKknin.exe
  2⤵
  PID:8032
- C:\Windows\System\zEldFwQ.exe
  C:\Windows\System\zEldFwQ.exe
  2⤵
  PID:8048
- C:\Windows\System\gRidels.exe
  C:\Windows\System\gRidels.exe
  2⤵
  PID:8064
- C:\Windows\System\TWCarJC.exe
  C:\Windows\System\TWCarJC.exe
  2⤵
  PID:8080
- C:\Windows\System\cQwbgcz.exe
  C:\Windows\System\cQwbgcz.exe
  2⤵
  PID:8096
- C:\Windows\System\UYeIDZr.exe
  C:\Windows\System\UYeIDZr.exe
  2⤵
  PID:8112
- C:\Windows\System\gyPVKdo.exe
  C:\Windows\System\gyPVKdo.exe
  2⤵
  PID:8128
- C:\Windows\System\JumbFXH.exe
  C:\Windows\System\JumbFXH.exe
  2⤵
  PID:8144
- C:\Windows\System\DFhBuYd.exe
  C:\Windows\System\DFhBuYd.exe
  2⤵
  PID:8160
- C:\Windows\System\qoYCSqC.exe
  C:\Windows\System\qoYCSqC.exe
  2⤵
  PID:8176
- C:\Windows\System\GyZWkkf.exe
  C:\Windows\System\GyZWkkf.exe
  2⤵
  PID:6692
- C:\Windows\System\guNPNwG.exe
  C:\Windows\System\guNPNwG.exe
  2⤵
  PID:7112
- C:\Windows\System\XSqBzmA.exe
  C:\Windows\System\XSqBzmA.exe
  2⤵
  PID:5456
- C:\Windows\System\sIHnlwk.exe
  C:\Windows\System\sIHnlwk.exe
  2⤵
  PID:7208
- C:\Windows\System\LksTtyU.exe
  C:\Windows\System\LksTtyU.exe
  2⤵
  PID:7176
- C:\Windows\System\OSWNoou.exe
  C:\Windows\System\OSWNoou.exe
  2⤵
  PID:7320
- C:\Windows\System\KZFJQIK.exe
  C:\Windows\System\KZFJQIK.exe
  2⤵
  PID:7388
- C:\Windows\System\RprctrU.exe
  C:\Windows\System\RprctrU.exe
  2⤵
  PID:3192
- C:\Windows\System\UHIUShC.exe
  C:\Windows\System\UHIUShC.exe
  2⤵
  PID:7272
- C:\Windows\System\kDKgEHf.exe
  C:\Windows\System\kDKgEHf.exe
  2⤵
  PID:7336
- C:\Windows\System\zJdxOwY.exe
  C:\Windows\System\zJdxOwY.exe
  2⤵
  PID:7404
- C:\Windows\System\MngdzXc.exe
  C:\Windows\System\MngdzXc.exe
  2⤵
  PID:7452
- C:\Windows\System\hDAqeiU.exe
  C:\Windows\System\hDAqeiU.exe
  2⤵
  PID:7512
- C:\Windows\System\ETHJrfA.exe
  C:\Windows\System\ETHJrfA.exe
  2⤵
  PID:7580
- C:\Windows\System\QiBCXej.exe
  C:\Windows\System\QiBCXej.exe
  2⤵
  PID:7644
- C:\Windows\System\hFyLrQY.exe
  C:\Windows\System\hFyLrQY.exe
  2⤵
  PID:7600
- C:\Windows\System\IyRQBHF.exe
  C:\Windows\System\IyRQBHF.exe
  2⤵
  PID:7664
- C:\Windows\System\VdgmdWa.exe
  C:\Windows\System\VdgmdWa.exe
  2⤵
  PID:7500
- C:\Windows\System\jMrPvtG.exe
  C:\Windows\System\jMrPvtG.exe
  2⤵
  PID:7568
- C:\Windows\System\TXJHXNj.exe
  C:\Windows\System\TXJHXNj.exe
  2⤵
  PID:7712
- C:\Windows\System\grczYel.exe
  C:\Windows\System\grczYel.exe
  2⤵
  PID:7776
- C:\Windows\System\jeeTSxC.exe
  C:\Windows\System\jeeTSxC.exe
  2⤵
  PID:7760
- C:\Windows\System\NKzQMra.exe
  C:\Windows\System\NKzQMra.exe
  2⤵
  PID:7808
- C:\Windows\System\rfWpWCz.exe
  C:\Windows\System\rfWpWCz.exe
  2⤵
  PID:7832
- C:\Windows\System\dFnAdON.exe
  C:\Windows\System\dFnAdON.exe
  2⤵
  PID:7896
- C:\Windows\System\ZCVrDoq.exe
  C:\Windows\System\ZCVrDoq.exe
  2⤵
  PID:7916
- C:\Windows\System\nyKgvYu.exe
  C:\Windows\System\nyKgvYu.exe
  2⤵
  PID:7944
- C:\Windows\System\eDPqxJr.exe
  C:\Windows\System\eDPqxJr.exe
  2⤵
  PID:7964
- C:\Windows\System\gZmiVTa.exe
  C:\Windows\System\gZmiVTa.exe
  2⤵
  PID:8028
- C:\Windows\System\pogfqcQ.exe
  C:\Windows\System\pogfqcQ.exe
  2⤵
  PID:8040
- C:\Windows\System\IbOlsDv.exe
  C:\Windows\System\IbOlsDv.exe
  2⤵
  PID:8088
- C:\Windows\System\LOtuRRz.exe
  C:\Windows\System\LOtuRRz.exe
  2⤵
  PID:8072
- C:\Windows\System\quwgMaB.exe
  C:\Windows\System\quwgMaB.exe
  2⤵
  PID:8108
- C:\Windows\System\aerpklV.exe
  C:\Windows\System\aerpklV.exe
  2⤵
  PID:8156
- C:\Windows\System\tWuMAXz.exe
  C:\Windows\System\tWuMAXz.exe
  2⤵
  PID:8172
- C:\Windows\System\QSfpmwO.exe
  C:\Windows\System\QSfpmwO.exe
  2⤵
  PID:7192
- C:\Windows\System\SALBdzp.exe
  C:\Windows\System\SALBdzp.exe
  2⤵
  PID:356
- C:\Windows\System\GffgBmH.exe
  C:\Windows\System\GffgBmH.exe
  2⤵
  PID:7292
- C:\Windows\System\jlMBwxf.exe
  C:\Windows\System\jlMBwxf.exe
  2⤵
  PID:7276
- C:\Windows\System\wQeKDCI.exe
  C:\Windows\System\wQeKDCI.exe
  2⤵
  PID:7308
- C:\Windows\System\bmcfMkm.exe
  C:\Windows\System\bmcfMkm.exe
  2⤵
  PID:7684
- C:\Windows\System\yCFuKkO.exe
  C:\Windows\System\yCFuKkO.exe
  2⤵
  PID:7240
- C:\Windows\System\EbnArZu.exe
  C:\Windows\System\EbnArZu.exe
  2⤵
  PID:7696
- C:\Windows\System\fVGpibf.exe
  C:\Windows\System\fVGpibf.exe
  2⤵
  PID:7612
- C:\Windows\System\ToBoFuY.exe
  C:\Windows\System\ToBoFuY.exe
  2⤵
  PID:7532
- C:\Windows\System\vImWZEE.exe
  C:\Windows\System\vImWZEE.exe
  2⤵
  PID:7796
- C:\Windows\System\GJzGHHu.exe
  C:\Windows\System\GJzGHHu.exe
  2⤵
  PID:7868
- C:\Windows\System\gMLCqgI.exe
  C:\Windows\System\gMLCqgI.exe
  2⤵
  PID:7880
- C:\Windows\System\DweVVDf.exe
  C:\Windows\System\DweVVDf.exe
  2⤵
  PID:8056
- C:\Windows\System\ySMerSq.exe
  C:\Windows\System\ySMerSq.exe
  2⤵
  PID:7864
- C:\Windows\System\XjbmUkw.exe
  C:\Windows\System\XjbmUkw.exe
  2⤵
  PID:8060
- C:\Windows\System\ACXWKWp.exe
  C:\Windows\System\ACXWKWp.exe
  2⤵
  PID:8044
- C:\Windows\System\nqorfwz.exe
  C:\Windows\System\nqorfwz.exe
  2⤵
  PID:6024
- C:\Windows\System\MIzgHwX.exe
  C:\Windows\System\MIzgHwX.exe
  2⤵
  PID:8188
- C:\Windows\System\BAqycqh.exe
  C:\Windows\System\BAqycqh.exe
  2⤵
  PID:2196
- C:\Windows\System\DwMiagy.exe
  C:\Windows\System\DwMiagy.exe
  2⤵
  PID:7256
- C:\Windows\System\FSHGOvP.exe
  C:\Windows\System\FSHGOvP.exe
  2⤵
  PID:7448
- C:\Windows\System\LrgLpfc.exe
  C:\Windows\System\LrgLpfc.exe
  2⤵
  PID:7632
- C:\Windows\System\HlUyMCf.exe
  C:\Windows\System\HlUyMCf.exe
  2⤵
  PID:1816
- C:\Windows\System\KILBuIM.exe
  C:\Windows\System\KILBuIM.exe
  2⤵
  PID:7852
- C:\Windows\System\fcoQmbb.exe
  C:\Windows\System\fcoQmbb.exe
  2⤵
  PID:7884
- C:\Windows\System\GIOdTEH.exe
  C:\Windows\System\GIOdTEH.exe
  2⤵
  PID:8120
- C:\Windows\System\EhuHvyX.exe
  C:\Windows\System\EhuHvyX.exe
  2⤵
  PID:6600
- C:\Windows\System\GHQRRgU.exe
  C:\Windows\System\GHQRRgU.exe
  2⤵
  PID:8200
- C:\Windows\System\DRykPHv.exe
  C:\Windows\System\DRykPHv.exe
  2⤵
  PID:8216
- C:\Windows\System\IghBNbF.exe
  C:\Windows\System\IghBNbF.exe
  2⤵
  PID:8232
- C:\Windows\System\LoPJJSp.exe
  C:\Windows\System\LoPJJSp.exe
  2⤵
  PID:8248
- C:\Windows\System\DzTumnC.exe
  C:\Windows\System\DzTumnC.exe
  2⤵
  PID:8268
- C:\Windows\System\eVLnCvE.exe
  C:\Windows\System\eVLnCvE.exe
  2⤵
  PID:8284
- C:\Windows\System\AanjNuD.exe
  C:\Windows\System\AanjNuD.exe
  2⤵
  PID:8300
- C:\Windows\System\bRIBGLW.exe
  C:\Windows\System\bRIBGLW.exe
  2⤵
  PID:8316
- C:\Windows\System\SYMgOON.exe
  C:\Windows\System\SYMgOON.exe
  2⤵
  PID:8332
- C:\Windows\System\OYGMqHx.exe
  C:\Windows\System\OYGMqHx.exe
  2⤵
  PID:8352
- C:\Windows\System\bSTmske.exe
  C:\Windows\System\bSTmske.exe
  2⤵
  PID:8368
- C:\Windows\System\WtGtBuE.exe
  C:\Windows\System\WtGtBuE.exe
  2⤵
  PID:8384
- C:\Windows\System\ViREsiO.exe
  C:\Windows\System\ViREsiO.exe
  2⤵
  PID:8400
- C:\Windows\System\KjAqrvM.exe
  C:\Windows\System\KjAqrvM.exe
  2⤵
  PID:8424
- C:\Windows\System\hnPzAWG.exe
  C:\Windows\System\hnPzAWG.exe
  2⤵
  PID:8440
- C:\Windows\System\RljrHEM.exe
  C:\Windows\System\RljrHEM.exe
  2⤵
  PID:8456
- C:\Windows\System\noYuqmK.exe
  C:\Windows\System\noYuqmK.exe
  2⤵
  PID:8472
- C:\Windows\System\CDLzysb.exe
  C:\Windows\System\CDLzysb.exe
  2⤵
  PID:8488
- C:\Windows\System\vUpepwp.exe
  C:\Windows\System\vUpepwp.exe
  2⤵
  PID:8504
- C:\Windows\System\dSmVddr.exe
  C:\Windows\System\dSmVddr.exe
  2⤵
  PID:8524
- C:\Windows\System\OmplWwg.exe
  C:\Windows\System\OmplWwg.exe
  2⤵
  PID:8540
- C:\Windows\System\sddTBBd.exe
  C:\Windows\System\sddTBBd.exe
  2⤵
  PID:8556
- C:\Windows\System\zqFokgM.exe
  C:\Windows\System\zqFokgM.exe
  2⤵
  PID:8572
- C:\Windows\System\usnRSHN.exe
  C:\Windows\System\usnRSHN.exe
  2⤵
  PID:8588
- C:\Windows\System\PEfdBYP.exe
  C:\Windows\System\PEfdBYP.exe
  2⤵
  PID:8604
- C:\Windows\System\DsZgspT.exe
  C:\Windows\System\DsZgspT.exe
  2⤵
  PID:8620
- C:\Windows\System\Bnviqnt.exe
  C:\Windows\System\Bnviqnt.exe
  2⤵
  PID:8636
- C:\Windows\System\ZSCJrfH.exe
  C:\Windows\System\ZSCJrfH.exe
  2⤵
  PID:8656
- C:\Windows\System\kuFqdyp.exe
  C:\Windows\System\kuFqdyp.exe
  2⤵
  PID:8672
- C:\Windows\System\plJJhHV.exe
  C:\Windows\System\plJJhHV.exe
  2⤵
  PID:8688
- C:\Windows\System\kPtAzDC.exe
  C:\Windows\System\kPtAzDC.exe
  2⤵
  PID:8704
- C:\Windows\System\rNqYoUt.exe
  C:\Windows\System\rNqYoUt.exe
  2⤵
  PID:8820
- C:\Windows\System\OvUKUTN.exe
  C:\Windows\System\OvUKUTN.exe
  2⤵
  PID:8872
- C:\Windows\System\KHdPKwp.exe
  C:\Windows\System\KHdPKwp.exe
  2⤵
  PID:8908
- C:\Windows\System\QhZgzPn.exe
  C:\Windows\System\QhZgzPn.exe
  2⤵
  PID:8972
- C:\Windows\System\ulpjAMq.exe
  C:\Windows\System\ulpjAMq.exe
  2⤵
  PID:9004
- C:\Windows\System\YnlACmc.exe
  C:\Windows\System\YnlACmc.exe
  2⤵
  PID:9028
- C:\Windows\System\dljKcps.exe
  C:\Windows\System\dljKcps.exe
  2⤵
  PID:9056
- C:\Windows\System\fJTTCkt.exe
  C:\Windows\System\fJTTCkt.exe
  2⤵
  PID:9088
- C:\Windows\System\XxEUHxE.exe
  C:\Windows\System\XxEUHxE.exe
  2⤵
  PID:9116
- C:\Windows\System\KlhFFXA.exe
  C:\Windows\System\KlhFFXA.exe
  2⤵
  PID:9132
- C:\Windows\System\yUMKDoM.exe
  C:\Windows\System\yUMKDoM.exe
  2⤵
  PID:9160
- C:\Windows\System\yJWjPmb.exe
  C:\Windows\System\yJWjPmb.exe
  2⤵
  PID:9180
- C:\Windows\System\eGbRmSG.exe
  C:\Windows\System\eGbRmSG.exe
  2⤵
  PID:9204
- C:\Windows\System\ITXLsLz.exe
  C:\Windows\System\ITXLsLz.exe
  2⤵
  PID:7764
- C:\Windows\System\WPHMZZD.exe
  C:\Windows\System\WPHMZZD.exe
  2⤵
  PID:8228
- C:\Windows\System\hdjYMlp.exe
  C:\Windows\System\hdjYMlp.exe
  2⤵
  PID:7960
- C:\Windows\System\BSsUKkj.exe
  C:\Windows\System\BSsUKkj.exe
  2⤵
  PID:8760
- C:\Windows\System\uORSVrX.exe
  C:\Windows\System\uORSVrX.exe
  2⤵
  PID:9072
- C:\Windows\System\wzAumgO.exe
  C:\Windows\System\wzAumgO.exe
  2⤵
  PID:9128
- C:\Windows\System\WrMiOHt.exe
  C:\Windows\System\WrMiOHt.exe
  2⤵
  PID:7372
- C:\Windows\System\dJHngmY.exe
  C:\Windows\System\dJHngmY.exe
  2⤵
  PID:7748
- C:\Windows\System\latAZQu.exe
  C:\Windows\System\latAZQu.exe
  2⤵
  PID:9108
- C:\Windows\System\kgmpVrF.exe
  C:\Windows\System\kgmpVrF.exe
  2⤵
  PID:9052
- C:\Windows\System\cPiHRba.exe
  C:\Windows\System\cPiHRba.exe
  2⤵
  PID:9000
- C:\Windows\System\eVbVQXC.exe
  C:\Windows\System\eVbVQXC.exe
  2⤵
  PID:8980
- C:\Windows\System\IOemvHg.exe
  C:\Windows\System\IOemvHg.exe
  2⤵
  PID:9148
- C:\Windows\System\XdWSOos.exe
  C:\Windows\System\XdWSOos.exe
  2⤵
  PID:7496
- C:\Windows\System\zjjgyno.exe
  C:\Windows\System\zjjgyno.exe
  2⤵
  PID:8224
- C:\Windows\System\gwPocdh.exe
  C:\Windows\System\gwPocdh.exe
  2⤵
  PID:8312
- C:\Windows\System\cDqzgyX.exe
  C:\Windows\System\cDqzgyX.exe
  2⤵
  PID:8264
- C:\Windows\System\uyCMxXM.exe
  C:\Windows\System\uyCMxXM.exe
  2⤵
  PID:8308
- C:\Windows\System\JAxhOwd.exe
  C:\Windows\System\JAxhOwd.exe
  2⤵
  PID:8448
- C:\Windows\System\NcFeLGJ.exe
  C:\Windows\System\NcFeLGJ.exe
  2⤵
  PID:8420
- C:\Windows\System\rTiTLhC.exe
  C:\Windows\System\rTiTLhC.exe
  2⤵
  PID:8432
- C:\Windows\System\zZLVOaP.exe
  C:\Windows\System\zZLVOaP.exe
  2⤵
  PID:8484
- C:\Windows\System\gFplqbP.exe
  C:\Windows\System\gFplqbP.exe
  2⤵
  PID:8596
- C:\Windows\System\xwnPTKj.exe
  C:\Windows\System\xwnPTKj.exe
  2⤵
  PID:8696
- C:\Windows\System\RBclocg.exe
  C:\Windows\System\RBclocg.exe
  2⤵
  PID:8512
- C:\Windows\System\ZTUviik.exe
  C:\Windows\System\ZTUviik.exe
  2⤵
  PID:1568
- C:\Windows\System\wvHoWIB.exe
  C:\Windows\System\wvHoWIB.exe
  2⤵
  PID:8792
- C:\Windows\System\slhjHjN.exe
  C:\Windows\System\slhjHjN.exe
  2⤵
  PID:8812
- C:\Windows\System\JuAeiFE.exe
  C:\Windows\System\JuAeiFE.exe
  2⤵
  PID:8828
- C:\Windows\System\GCziyEm.exe
  C:\Windows\System\GCziyEm.exe
  2⤵
  PID:8868
- C:\Windows\System\uuRhmzU.exe
  C:\Windows\System\uuRhmzU.exe
  2⤵
  PID:8260
- C:\Windows\System\MCeoIzt.exe
  C:\Windows\System\MCeoIzt.exe
  2⤵
  PID:8892
- C:\Windows\System\bYmorjz.exe
  C:\Windows\System\bYmorjz.exe
  2⤵
  PID:8956
- C:\Windows\System\fPcHuVu.exe
  C:\Windows\System\fPcHuVu.exe
  2⤵
  PID:8580
- C:\Windows\System\vIicJVS.exe
  C:\Windows\System\vIicJVS.exe
  2⤵
  PID:8740
- C:\Windows\System\rQiZZot.exe
  C:\Windows\System\rQiZZot.exe
  2⤵
  PID:9020
- C:\Windows\System\khtzOVy.exe
  C:\Windows\System\khtzOVy.exe
  2⤵
  PID:9080
- C:\Windows\System\GtRVQWo.exe
  C:\Windows\System\GtRVQWo.exe
  2⤵
  PID:7548
- C:\Windows\System\lrkCLfQ.exe
  C:\Windows\System\lrkCLfQ.exe
  2⤵
  PID:9044
- C:\Windows\System\kpHpAQd.exe
  C:\Windows\System\kpHpAQd.exe
  2⤵
  PID:9140
- C:\Windows\System\scrzfaA.exe
  C:\Windows\System\scrzfaA.exe
  2⤵
  PID:9100
- C:\Windows\System\Mfvropk.exe
  C:\Windows\System\Mfvropk.exe
  2⤵
  PID:8988
- C:\Windows\System\CYIhqTD.exe
  C:\Windows\System\CYIhqTD.exe
  2⤵
  PID:8296
- C:\Windows\System\chhnadQ.exe
  C:\Windows\System\chhnadQ.exe
  2⤵
  PID:8212
- C:\Windows\System\xaSwwEc.exe
  C:\Windows\System\xaSwwEc.exe
  2⤵
  PID:8328
- C:\Windows\System\CzuYSYC.exe
  C:\Windows\System\CzuYSYC.exe
  2⤵
  PID:8464
- C:\Windows\System\ujTdEgv.exe
  C:\Windows\System\ujTdEgv.exe
  2⤵
  PID:8568
- C:\Windows\System\SosDTBl.exe
  C:\Windows\System\SosDTBl.exe
  2⤵
  PID:8784
- C:\Windows\System\CFIebIK.exe
  C:\Windows\System\CFIebIK.exe
  2⤵
  PID:8924
- C:\Windows\System\ONipyaC.exe
  C:\Windows\System\ONipyaC.exe
  2⤵
  PID:8936
- C:\Windows\System\AcKMcdq.exe
  C:\Windows\System\AcKMcdq.exe
  2⤵
  PID:8944
- C:\Windows\System\qafDXLL.exe
  C:\Windows\System\qafDXLL.exe
  2⤵
  PID:8768
- C:\Windows\System\TyadCkE.exe
  C:\Windows\System\TyadCkE.exe
  2⤵
  PID:8752
- C:\Windows\System\FeKxBHK.exe
  C:\Windows\System\FeKxBHK.exe
  2⤵
  PID:8948
- C:\Windows\System\CzlcHPo.exe
  C:\Windows\System\CzlcHPo.exe
  2⤵
  PID:8920
- C:\Windows\System\BaeMRuH.exe
  C:\Windows\System\BaeMRuH.exe
  2⤵
  PID:9068
- C:\Windows\System\NHNfMtN.exe
  C:\Windows\System\NHNfMtN.exe
  2⤵
  PID:7484
- C:\Windows\System\oKwdFVx.exe
  C:\Windows\System\oKwdFVx.exe
  2⤵
  PID:9112
- C:\Windows\System\uNnNzmH.exe
  C:\Windows\System\uNnNzmH.exe
  2⤵
  PID:9200
- C:\Windows\System\gxtYhyo.exe
  C:\Windows\System\gxtYhyo.exe
  2⤵
  PID:8340
- C:\Windows\System\uvmCEcq.exe
  C:\Windows\System\uvmCEcq.exe
  2⤵
  PID:8836
- C:\Windows\System\rnjMlfn.exe
  C:\Windows\System\rnjMlfn.exe
  2⤵
  PID:8952
- C:\Windows\System\dcZMyGT.exe
  C:\Windows\System\dcZMyGT.exe
  2⤵
  PID:8552
- C:\Windows\System\naaChfc.exe
  C:\Windows\System\naaChfc.exe
  2⤵
  PID:8748
- C:\Windows\System\VkWRMEG.exe
  C:\Windows\System\VkWRMEG.exe
  2⤵
  PID:8928
- C:\Windows\System\VIatXyV.exe
  C:\Windows\System\VIatXyV.exe
  2⤵
  PID:8940
- C:\Windows\System\YgTgnVU.exe
  C:\Windows\System\YgTgnVU.exe
  2⤵
  PID:9176
- C:\Windows\System\FDpHUrz.exe
  C:\Windows\System\FDpHUrz.exe
  2⤵
  PID:9036
- C:\Windows\System\xRGEBtz.exe
  C:\Windows\System\xRGEBtz.exe
  2⤵
  PID:8964
- C:\Windows\System\rEJagtf.exe
  C:\Windows\System\rEJagtf.exe
  2⤵
  PID:8240
- C:\Windows\System\OkmnvQL.exe
  C:\Windows\System\OkmnvQL.exe
  2⤵
  PID:8852
- C:\Windows\System\qenXEnk.exe
  C:\Windows\System\qenXEnk.exe
  2⤵
  PID:8848
- C:\Windows\System\huJOVkS.exe
  C:\Windows\System\huJOVkS.exe
  2⤵
  PID:8724
- C:\Windows\System\gahYGMm.exe
  C:\Windows\System\gahYGMm.exe
  2⤵
  PID:8244
- C:\Windows\System\ijlpvOR.exe
  C:\Windows\System\ijlpvOR.exe
  2⤵
  PID:9188
- C:\Windows\System\kmhxpau.exe
  C:\Windows\System\kmhxpau.exe
  2⤵
  PID:8684
- C:\Windows\System\PdfUYlI.exe
  C:\Windows\System\PdfUYlI.exe
  2⤵
  PID:8776
- C:\Windows\System\kWhtfxt.exe
  C:\Windows\System\kWhtfxt.exe
  2⤵
  PID:8612
- C:\Windows\System\IXbRJwg.exe
  C:\Windows\System\IXbRJwg.exe
  2⤵
  PID:8360
- C:\Windows\System\rxFUIPL.exe
  C:\Windows\System\rxFUIPL.exe
  2⤵
  PID:8808
- C:\Windows\System\eChaPwi.exe
  C:\Windows\System\eChaPwi.exe
  2⤵
  PID:8396
- C:\Windows\System\BQuAJwa.exe
  C:\Windows\System\BQuAJwa.exe
  2⤵
  PID:9236
- C:\Windows\System\nqvAxRD.exe
  C:\Windows\System\nqvAxRD.exe
  2⤵
  PID:9252
- C:\Windows\System\KbIWUTC.exe
  C:\Windows\System\KbIWUTC.exe
  2⤵
  PID:9268
- C:\Windows\System\LNIHyna.exe
  C:\Windows\System\LNIHyna.exe
  2⤵
  PID:9288
- C:\Windows\System\oumAwkt.exe
  C:\Windows\System\oumAwkt.exe
  2⤵
  PID:9304
- C:\Windows\System\sZXpOKP.exe
  C:\Windows\System\sZXpOKP.exe
  2⤵
  PID:9328
- C:\Windows\System\tGabRFe.exe
  C:\Windows\System\tGabRFe.exe
  2⤵
  PID:9356
- C:\Windows\System\ArWYhWk.exe
  C:\Windows\System\ArWYhWk.exe
  2⤵
  PID:9372
- C:\Windows\System\hPuAQXW.exe
  C:\Windows\System\hPuAQXW.exe
  2⤵
  PID:9392
- C:\Windows\System\rlvfrCD.exe
  C:\Windows\System\rlvfrCD.exe
  2⤵
  PID:9408
- C:\Windows\System\RtqQOGr.exe
  C:\Windows\System\RtqQOGr.exe
  2⤵
  PID:9428
- C:\Windows\System\iRfnvfY.exe
  C:\Windows\System\iRfnvfY.exe
  2⤵
  PID:9460
- C:\Windows\System\MCnATlU.exe
  C:\Windows\System\MCnATlU.exe
  2⤵
  PID:9476
- C:\Windows\System\eQkFPom.exe
  C:\Windows\System\eQkFPom.exe
  2⤵
  PID:9496
- C:\Windows\System\Yqsyvcz.exe
  C:\Windows\System\Yqsyvcz.exe
  2⤵
  PID:9512
- C:\Windows\System\wlZRgNM.exe
  C:\Windows\System\wlZRgNM.exe
  2⤵
  PID:9536
- C:\Windows\System\IDyUXkk.exe
  C:\Windows\System\IDyUXkk.exe
  2⤵
  PID:9552
- C:\Windows\System\AjQbOfP.exe
  C:\Windows\System\AjQbOfP.exe
  2⤵
  PID:9568
- C:\Windows\System\UnWYKOg.exe
  C:\Windows\System\UnWYKOg.exe
  2⤵
  PID:9588
- C:\Windows\System\qPmrubf.exe
  C:\Windows\System\qPmrubf.exe
  2⤵
  PID:9620
- C:\Windows\System\AptqWjB.exe
  C:\Windows\System\AptqWjB.exe
  2⤵
  PID:9636
- C:\Windows\System\wtZjPMR.exe
  C:\Windows\System\wtZjPMR.exe
  2⤵
  PID:9656
- C:\Windows\System\qbtByjp.exe
  C:\Windows\System\qbtByjp.exe
  2⤵
  PID:9672
- C:\Windows\System\rtptHoH.exe
  C:\Windows\System\rtptHoH.exe
  2⤵
  PID:9696
- C:\Windows\System\gpmoivX.exe
  C:\Windows\System\gpmoivX.exe
  2⤵
  PID:9712
- C:\Windows\System\PbfUwJT.exe
  C:\Windows\System\PbfUwJT.exe
  2⤵
  PID:9732
- C:\Windows\System\CNslUFO.exe
  C:\Windows\System\CNslUFO.exe
  2⤵
  PID:9748
- C:\Windows\System\mXBhvVX.exe
  C:\Windows\System\mXBhvVX.exe
  2⤵
  PID:9764
- C:\Windows\System\wBiiVzC.exe
  C:\Windows\System\wBiiVzC.exe
  2⤵
  PID:9784
- C:\Windows\System\COzVIiU.exe
  C:\Windows\System\COzVIiU.exe
  2⤵
  PID:9804
- C:\Windows\System\EImlIzk.exe
  C:\Windows\System\EImlIzk.exe
  2⤵
  PID:9828
- C:\Windows\System\RQRvEcT.exe
  C:\Windows\System\RQRvEcT.exe
  2⤵
  PID:9852
- C:\Windows\System\jRMluOT.exe
  C:\Windows\System\jRMluOT.exe
  2⤵
  PID:9868
- C:\Windows\System\GvySVXL.exe
  C:\Windows\System\GvySVXL.exe
  2⤵
  PID:9896
- C:\Windows\System\RnBncjH.exe
  C:\Windows\System\RnBncjH.exe
  2⤵
  PID:9920
- C:\Windows\System\mPELpxk.exe
  C:\Windows\System\mPELpxk.exe
  2⤵
  PID:9944
- C:\Windows\System\NulyMhx.exe
  C:\Windows\System\NulyMhx.exe
  2⤵
  PID:9960
- C:\Windows\System\BGhICwA.exe
  C:\Windows\System\BGhICwA.exe
  2⤵
  PID:9984
- C:\Windows\System\aMzwZXQ.exe
  C:\Windows\System\aMzwZXQ.exe
  2⤵
  PID:10000
- C:\Windows\System\NCNDEHN.exe
  C:\Windows\System\NCNDEHN.exe
  2⤵
  PID:10016
- C:\Windows\System\TnPIoap.exe
  C:\Windows\System\TnPIoap.exe
  2⤵
  PID:10032
- C:\Windows\System\jvKGdIO.exe
  C:\Windows\System\jvKGdIO.exe
  2⤵
  PID:10056
- C:\Windows\System\dhjUJhI.exe
  C:\Windows\System\dhjUJhI.exe
  2⤵
  PID:10076
- C:\Windows\System\ErGLrIU.exe
  C:\Windows\System\ErGLrIU.exe
  2⤵
  PID:10092
- C:\Windows\System\CIRlEyc.exe
  C:\Windows\System\CIRlEyc.exe
  2⤵
  PID:10108
- C:\Windows\System\xrxfjcp.exe
  C:\Windows\System\xrxfjcp.exe
  2⤵
  PID:10128
- C:\Windows\System\WsVRxEO.exe
  C:\Windows\System\WsVRxEO.exe
  2⤵
  PID:10152
- C:\Windows\System\XKtwenB.exe
  C:\Windows\System\XKtwenB.exe
  2⤵
  PID:10192
- C:\Windows\System\cKfHTwL.exe
  C:\Windows\System\cKfHTwL.exe
  2⤵
  PID:10208
- C:\Windows\System\iDDXuZv.exe
  C:\Windows\System\iDDXuZv.exe
  2⤵
  PID:10224
- C:\Windows\System\McHWvHy.exe
  C:\Windows\System\McHWvHy.exe
  2⤵
  PID:9220
- C:\Windows\System\ynOKNfx.exe
  C:\Windows\System\ynOKNfx.exe
  2⤵
  PID:9232
- C:\Windows\System\wPZsGqV.exe
  C:\Windows\System\wPZsGqV.exe
  2⤵
  PID:9280
- C:\Windows\System\Pcdwfcw.exe
  C:\Windows\System\Pcdwfcw.exe
  2⤵
  PID:9296
- C:\Windows\System\twpSpse.exe
  C:\Windows\System\twpSpse.exe
  2⤵
  PID:8500
- C:\Windows\System\mSmBUac.exe
  C:\Windows\System\mSmBUac.exe
  2⤵
  PID:9348
- C:\Windows\System\cEQLMrC.exe
  C:\Windows\System\cEQLMrC.exe
  2⤵
  PID:9404
- C:\Windows\System\FNeRGQC.exe
  C:\Windows\System\FNeRGQC.exe
  2⤵
  PID:9420
- C:\Windows\System\OSRNsWW.exe
  C:\Windows\System\OSRNsWW.exe
  2⤵
  PID:9468
- C:\Windows\System\RiLFpjF.exe
  C:\Windows\System\RiLFpjF.exe
  2⤵
  PID:9508
- C:\Windows\System\HsKOkKQ.exe
  C:\Windows\System\HsKOkKQ.exe
  2⤵
  PID:9560
- C:\Windows\System\NOoQRTS.exe
  C:\Windows\System\NOoQRTS.exe
  2⤵
  PID:9584
- C:\Windows\System\gwLjJEP.exe
  C:\Windows\System\gwLjJEP.exe
  2⤵
  PID:9600
- C:\Windows\System\dgqpxRY.exe
  C:\Windows\System\dgqpxRY.exe
  2⤵
  PID:9452
- C:\Windows\System\EZKEovy.exe
  C:\Windows\System\EZKEovy.exe
  2⤵
  PID:9632
- C:\Windows\System\axVVMNn.exe
  C:\Windows\System\axVVMNn.exe
  2⤵
  PID:9684
- C:\Windows\System\gqBScea.exe
  C:\Windows\System\gqBScea.exe
  2⤵
  PID:9724
- C:\Windows\System\pAhylcu.exe
  C:\Windows\System\pAhylcu.exe
  2⤵
  PID:9792
- C:\Windows\System\MZlyTmM.exe
  C:\Windows\System\MZlyTmM.exe
  2⤵
  PID:9740
- C:\Windows\System\xReJAxP.exe
  C:\Windows\System\xReJAxP.exe
  2⤵
  PID:9704
- C:\Windows\System\MVFDsLK.exe
  C:\Windows\System\MVFDsLK.exe
  2⤵
  PID:9780
- C:\Windows\System\OEdsZGE.exe
  C:\Windows\System\OEdsZGE.exe
  2⤵
  PID:9848
- C:\Windows\System\EQFdYxg.exe
  C:\Windows\System\EQFdYxg.exe
  2⤵
  PID:9864
- C:\Windows\System\HyxNRfv.exe
  C:\Windows\System\HyxNRfv.exe
  2⤵
  PID:9892
- C:\Windows\System\KUlbDBo.exe
  C:\Windows\System\KUlbDBo.exe
  2⤵
  PID:9912
- C:\Windows\System\FRBGAKx.exe
  C:\Windows\System\FRBGAKx.exe
  2⤵
  PID:9980
- C:\Windows\System\xMjMAhz.exe
  C:\Windows\System\xMjMAhz.exe
  2⤵
  PID:9996
- C:\Windows\System\GDgRNCG.exe
  C:\Windows\System\GDgRNCG.exe
  2⤵
  PID:10084
- C:\Windows\System\maPGiUa.exe
  C:\Windows\System\maPGiUa.exe
  2⤵
  PID:10160
- C:\Windows\System\VOhzXBQ.exe
  C:\Windows\System\VOhzXBQ.exe
  2⤵
  PID:10072
- C:\Windows\System\BeJmyhd.exe
  C:\Windows\System\BeJmyhd.exe
  2⤵
  PID:10204
- C:\Windows\System\jMtBDlY.exe
  C:\Windows\System\jMtBDlY.exe
  2⤵
  PID:9196
- C:\Windows\System\VCPzkBL.exe
  C:\Windows\System\VCPzkBL.exe
  2⤵
  PID:9248
- C:\Windows\System\fPmNald.exe
  C:\Windows\System\fPmNald.exe
  2⤵
  PID:9276
- C:\Windows\System\sXpmAwP.exe
  C:\Windows\System\sXpmAwP.exe
  2⤵
  PID:9260
- C:\Windows\System\mvOleiS.exe
  C:\Windows\System\mvOleiS.exe
  2⤵
  PID:9380
- C:\Windows\System\WBdPxGB.exe
  C:\Windows\System\WBdPxGB.exe
  2⤵
  PID:9456
- C:\Windows\System\mnsldhp.exe
  C:\Windows\System\mnsldhp.exe
  2⤵
  PID:9520
- C:\Windows\System\UqruZDM.exe
  C:\Windows\System\UqruZDM.exe
  2⤵
  PID:9580
- C:\Windows\System\iPQmXjx.exe
  C:\Windows\System\iPQmXjx.exe
  2⤵
  PID:9664
- C:\Windows\System\kZYrJaC.exe
  C:\Windows\System\kZYrJaC.exe
  2⤵
  PID:9888
- C:\Windows\System\AdnBeVK.exe
  C:\Windows\System\AdnBeVK.exe
  2⤵
  PID:9812
- C:\Windows\System\wgKGXqz.exe
  C:\Windows\System\wgKGXqz.exe
  2⤵
  PID:9628
- C:\Windows\System\PqZhmJI.exe
  C:\Windows\System\PqZhmJI.exe
  2⤵
  PID:9932
- C:\Windows\System\oBbNMYB.exe
  C:\Windows\System\oBbNMYB.exe
  2⤵
  PID:9940
- C:\Windows\System\XeWZfZm.exe
  C:\Windows\System\XeWZfZm.exe
  2⤵
  PID:10044
- C:\Windows\System\McIajzX.exe
  C:\Windows\System\McIajzX.exe
  2⤵
  PID:10100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\JxgJZDV.exe

Filesize
6.0MB

MD5
e3233ac798192785c1d6227bc9d44e42

SHA1
8f931d5942837d5f555a2c33092aef96df76dca3

SHA256
36429553b35fdf56d9beb40b5c36755e1536ad45d5ccb1931a443bfa570da57c

SHA512
9323fd3bc406403e707973fd8715454cd8a54294e49222f0c77a7139168875a96ea09e10e95536ce50f85b09482d85592fb9b3033b37ef8221b4d9f85366c6bb

Download Submit
C:\Windows\system\LdEylnX.exe

Filesize
6.0MB

MD5
6f7d2c849ce417281ba63685399c3843

SHA1
ffbc082d68a19d5a07740f6ee92abb0fdd011a92

SHA256
83c868c4cd776ec12725263b7755268ec665b63d3d51491f8ade82e12f414db7

SHA512
836a9bea59d3da7375369a014e49f3eaafce71208f79562618c8d6c15c82cf91efb26c4dc08ba91d6c51629fe5043774159e0b985f60c5c0630fcc7fd72d2fc6

Download Submit
C:\Windows\system\MXUpQrv.exe

Filesize
6.0MB

MD5
ab4cb617d834d1ba8c086c71e8c2e894

SHA1
df8e1594734cbf4fcaf27c91645ca211411fb20a

SHA256
acfe75d0e8f201aeffa95fcd795d6a24b1d5f9efc95b11c4fb44d74b7e5b22e5

SHA512
b2dd226a51387177fc75693c40b6235ff92896432fef776ede6830b5cc1e3759d5a7104d49b0431979ace2c81d31a1fffd2757fd80f8f2e3ad6b0bc6fb826fd0

Download Submit
C:\Windows\system\ODNaLqY.exe

Filesize
6.0MB

MD5
5417f4ea1ca163c3cfe82987cb5174f9

SHA1
cc414d1fa1a28804d1c34d726573ccdd30c721f0

SHA256
f031003adfeb265080f9db4ad659a446f11b2732f51c4ac6e4555d029b4f203f

SHA512
5011ea3ee3b019fea2fc59cf9577a7880268b4bf39278615f27af896b539d56bc5225cb3e127a11431ae105321d3f5f749072fdefc238415b76f5721d1e4a1f7

Download Submit
C:\Windows\system\UANDdVW.exe

Filesize
6.0MB

MD5
c9f5a6b60fd49ed4804c1d90ceb7d282

SHA1
dfaf0f00102ece7464e08d18befa87f8d57e4bb8

SHA256
9d46214a370dcc5ae86961459d0a3eb15dcd59d44f9848f07c4b82827b19392a

SHA512
612f5496dbbd4d26af96a501d14413662f45d225d3d0f85858f00b43d11897588b9a8a610b31c93c32cdac0c525819520c70bf0e5ab5c810bda9923ddf13f12a

Download Submit
C:\Windows\system\VVehoSg.exe

Filesize
6.0MB

MD5
d26368990a867de926548618a9f4959b

SHA1
f9fbc51fb8b96c89709eaee884a39bf380cff087

SHA256
9a1b2a79b2c09c7ca9f2c58e28a90845d188d2cac831da7538714c74c8b3d01f

SHA512
f7c61791aed6f53b6cc92031c5f61e9e1dd4503362a12c8fd5a2137c3035dfc29faefca988c33b841893704d509c9f1d9c9ab0d90cc75b95e34eeda390779dba

Download Submit
C:\Windows\system\WXOLZEd.exe

Filesize
6.0MB

MD5
63bc231857060b7a024be7000c208cd5

SHA1
52070b430661352146d238d90ba0bbcdfe883375

SHA256
cc01f7470822d553c7445169a48c3bbd7396f054ab9d82af596385c14c822301

SHA512
57411b040034ae25ffc9eaa75f250cd1387dc451bf1d55e6ad70008348ad1e03b3eedeb2358fc56c2c5b7b2747124e1ea02ab62c1d7bed3fdb6f4305ff18690c

Download Submit
C:\Windows\system\YRJSDRa.exe

Filesize
6.0MB

MD5
d8b14ad94081ff1eeb1aeee563dc38bd

SHA1
2b311aa27b9dbc22ebefcf1247343433f3507915

SHA256
38862380730af4508749d5e127ac9a1b4142decf481d948fcea1305ea6a8f5dd

SHA512
0c8cd6c000b670c00ff92b88ec1491e852d41dc22382587ef8eb00a5597176dd8422b63c0d6b3d3b8edc3dfa88d0994ea008ed0265ee16214983400d8574ecd2

Download Submit
C:\Windows\system\ZkzAGop.exe

Filesize
6.0MB

MD5
e26fb9da3124812649968b42a937438b

SHA1
d96718d2d3e0238336b59b76c64e1bc3b21e10bb

SHA256
a7bc49435e5c39dbf79b293d62cb36fd3d7ed73c420f262cf2f6c9372ed83efc

SHA512
8f94d391b5e0ecefb2a563383b38da872931e943c74e63a487abc8d64b051da02057fdba01c03b3b0ce601eb128e15d068d4f1f6c70cac7a02e2f097385309af

Download Submit
C:\Windows\system\aDlWnQX.exe

Filesize
6.0MB

MD5
dc972e28180daac5338fdea1383e6eff

SHA1
ada2d394352ab7ae7a4ecdc62becf15f78e8eb43

SHA256
6ba8bdb0ccc01773375f869405e98d711f3f495927cee57792604309918b7cc3

SHA512
00710307aa1d4742a2854268867d69bba597e8ccca263d11b42b516631258bb9bb4c6a050a3a6c979067c8377ba47aaca68bc7d0320236038eefa3e01c24bd6f

Download Submit
C:\Windows\system\adoouPD.exe

Filesize
6.0MB

MD5
23aec1103f15ef14dd9a633c4f8d102f

SHA1
292e7af9d2206247d13366874b38e12b0d32f4e6

SHA256
a747beb9a4c0870f65c5d734813b957df7397be260b8a74ca0e07dc34007b848

SHA512
5ef798a42a6144bb6c68a40914ccbf916fdb417dcf3c49b4f9520d31a3764848e9882168dc7d5bea6dcee243f2f77ecc50091b00e13948c084232a86672ec3a8

Download Submit
C:\Windows\system\bWHXxPt.exe

Filesize
6.0MB

MD5
e21904c5ec3c15afb2a5ee2d2c257f24

SHA1
c5b1e92f8b899c11167f0e7576fece53bbf61469

SHA256
a75279e70248f7ac85f16107c9c2497533b2e77327cfdb8654358853eaee4780

SHA512
af18e2ae0f4e0f793bc4ff533742980f1473dd3816db39d83b28a73d42244b8aa431fd840a4ac055bc4950a540ffb7b95382e45282082e64e7d3e3a175655f83

Download Submit
C:\Windows\system\bafAMQP.exe

Filesize
6.0MB

MD5
068880a593146877a3b138361473ceb5

SHA1
d14cfcd264e6682c5ccb92c7deccbd9b01f3f8b9

SHA256
f69472a6de56071fad2e231bdfa4370f5a82dc1770db1026101de6a7b51f3dba

SHA512
e8199ce4b5f56c51a599e37b9f74beeb15f14c84784e888f70b89049b16f866b39322f04fd785d97c43ba5274b09a715d94440cadc7a94cda2c1e7d432d6a939

Download Submit
C:\Windows\system\eNRnmKj.exe

Filesize
6.0MB

MD5
b4e1bf7a842318a4e3459a8be36af1b7

SHA1
7d324397d54d989e2244eef15544575fb0caac61

SHA256
dc60b6286618b5e46b108f2e31e621041b09d3fd07b1d76697dbfa8815827893

SHA512
c3447c34c4eba1c7da2bf261cdfd9654643f08f36085da5c94cecad14ff175cb90786b21bbc9014ac1a32c3768a0caf152b18167e46e98e87d2eacefe6b96fc4

Download Submit
C:\Windows\system\fFuGavk.exe

Filesize
6.0MB

MD5
97f8cfedeb4471692317b2647e8dd487

SHA1
4e863a2f6719a24daa8b6b7c44cf0e6cf73d3d02

SHA256
95a7eb7649c52a5bcafb79ce145094768a57c030b0039bf7cd3d9184af59bf96

SHA512
60bd0f14a5028e13942009a15f157ad604c93e6bdf4086d79dff20ef56130c25507aeefa7067d72cd6ea1ed26b999da8875784bc8a0ee6de79627110f902ba37

Download Submit
C:\Windows\system\hJnqANL.exe

Filesize
6.0MB

MD5
43adf92a7aa241f3c82f4904f3c7d06a

SHA1
9a6400ea7e36bde47d8822fcbba40eb5e453b3c4

SHA256
302da237725b45070e0d76aab2ca3364d3cc0dbf9aee3d34d8cf78e92a0130a4

SHA512
365c187e6c44a2fb1a92067206199577564195db872cec0b058828c6caaddb0bb651ee6fb925cf618c95dca4833353a7bba330ec879250bcc78768935bc2e49c

Download Submit
C:\Windows\system\hVeXNvi.exe

Filesize
6.0MB

MD5
7e2b1b72a64210dadb1d52cedce51ada

SHA1
84d3bee22db59d380bc464c7416ffa6ab5dfb1e9

SHA256
2f68e54763c2ce19285fcd952b76a87d85701a52ac10f916ec9ddc6908ca5536

SHA512
8b4ce75b88f863b1fa2d092cffb67e85e93bb1e4091c8dd547c2c888c53828013c0a8df3419c3ab7aa6ea6ee93cf3d691147b196fd43c9e46109f75d47917cb8

Download Submit
C:\Windows\system\jKYetLa.exe

Filesize
6.0MB

MD5
3c77d49bbf76568ee71f5d34c26114ef

SHA1
324709d0e82e8d634fc5f1e83878010781416be8

SHA256
6c394a95f140737db755a1cc615830b1dd5889e2e27ce77ea5c23e88d9e57548

SHA512
5ed54708cc2b268197a8c7d7678b26eedd5cf2e3b7f3841094f03a5425c7267d2e039b02309f4cfbff5d7b191f589b9254d34d780e7b466e098810e0a67bc695

Download Submit
C:\Windows\system\mbPheTB.exe

Filesize
6.0MB

MD5
b703394d677d2681d30ba611154c6ff5

SHA1
55940a9ba47724476bfc1606bfc757f1451e50b3

SHA256
98b862e598850d6c7540aab5c521d59f47ab36e770efa2ceaf081eeaa92b533a

SHA512
d93408d61ec8c012051cc9c14868b74f8f2a560afeeae60115c2dac8b842657ad1d66a1f86dd1484434d648f1463511163e0bec9395a2d94ae8e5b390393a847

Download Submit
C:\Windows\system\nfxgzjt.exe

Filesize
6.0MB

MD5
6d6f8ed8dbcd0491db3ef072e9b5a1cd

SHA1
6e0d9a1bed8ae3158d2df79d3d09a49ff8fa2ee0

SHA256
46b08896950cf8b805aab9f6affc62a10621c7e6cf954098aa613b357c77c4cc

SHA512
c934bb470313adcbcdd2972744ddb43c97443c92a354ac8bdc0dff872785806ee5e4ed31a535d856b3102e247b60ec973c1a38301fa64b4bab84a20715a21e4e

Download Submit
C:\Windows\system\oTGgEGe.exe

Filesize
6.0MB

MD5
ba7e3a93d9bd63c37c1affbd049301f2

SHA1
4bdc4009eb8cedffdc4914d88124381fc852884c

SHA256
ee66552686adbd0608482a46511cb650fdd72ae0638499cfbc1c7975d96b8575

SHA512
93481bfd270ef71f98504091715b30124475d2ff7a67a418b5617d29a4c861d01168da90b8525dabee0672a455f0ac61b82cd432602de344175f5566158add07

Download Submit
C:\Windows\system\ppqKKPg.exe

Filesize
6.0MB

MD5
b46e362aa59dec287b6598bd146c4bca

SHA1
0a5e87a8c8ec4574326f7af0c1d68f525e015be7

SHA256
a4554d050b1e4c384a19e4a44efba47098d056e59901dd21cb43a5c78488c5b1

SHA512
4b2cff0cf23914fd6f9b37ee04086cc505c9054d4a60490a206d200c47dac4e6db4de5c919be3c7403e2319ac92127bc7812c28b254dfd1c3efa4d5d6a2aa031

Download Submit
C:\Windows\system\qSwkTkx.exe

Filesize
6.0MB

MD5
23ecc839e46a5591d823b12cd02b89ba

SHA1
89f12583d1e9d69b10945dd4866107b9a03214b1

SHA256
88af42e5e88955a418b68c63b3107d228a814febace305c36a81e4f03b053574

SHA512
4105a1ac6f0584affbae84ee867b44e3bab7485f56afab9e98b2a3b9d654f857553f1466d0fc8de4cb188d8ae60bb05e0c9899eaba8a16aac16a6aa95f2975d3

Download Submit
C:\Windows\system\tuIjiyI.exe

Filesize
6.0MB

MD5
8c80c300f0f69bbc07b68cc8d4284811

SHA1
3551db8698a5efe389cb377fb00f90ed7df8790b

SHA256
d3734d36e21a591bf3b69e006be6159e870ce6cc58d4fab42984b97846389b1d

SHA512
571e759e13dd155401787152ce19d1705276ebdb85143f486ffb9a1d3827e6b7fb8aee6c1934ac74fd9a02ff0a8a51f682862ce310361a6035ea386055bd6e90

Download Submit
C:\Windows\system\vVSZrEy.exe

Filesize
6.0MB

MD5
43d826d087e05232657863a6425699e5

SHA1
100e467b71f5ed99b5f3ef9291610aa9c051f72f

SHA256
b9d6e3e635ab0ecba0dc32ca40688248215c2d8038fbb18bea159b6ea707cde6

SHA512
354e67f8f824ab6a38150ef1f2dfc3adb71143d269dac038bf1f4fc1dbc1ec7bca32e96dba4f883b97a6c0acfd15e06ff44330d4967ee2bcf9c11d26e01978e6

Download Submit
C:\Windows\system\zyMtlxN.exe

Filesize
6.0MB

MD5
0861868795308cf208b81278aa066369

SHA1
ffe0c4ee27a51a92710ed6e400b7b4f99f3422a1

SHA256
c4cfac87b157e1bfb808730cfe5925d17ca1a3216ebf1d49f1a3a99eb9744810

SHA512
a1f6dc718dc45cf121d520540402d7204e6ee95ae714526ce744835547144ca1663e7268ee0f5513e99e96bf59993aeedd7eda06ff026e0a5943209a20dbff17

Download Submit
\Windows\system\BLUbBtY.exe

Filesize
6.0MB

MD5
b23972b608ab49fd426bf45f28326152

SHA1
0b941e07d8873f6b0e4e94bfb6436b861b326f2e

SHA256
fabb60a6616889601a0167c0be667f39404b9825f1194afe10e3f38e3f4b5a7a

SHA512
263dce8a4385d22846faf9edcb74603b750b6f1485df0ba6be44109bed264b09a38afc1914752a7232489c14f622a61c8f3f602a40e1b9337cd4f86b4bd721d6

Download Submit
\Windows\system\CaVAQpb.exe

Filesize
6.0MB

MD5
929c91903ec1b26c683fee9b9d7570fa

SHA1
88187daf638a51eccc729501ef75388fd73980e8

SHA256
9dbe4040bb07cce82aa48e7694b4ff210454a7d3a6e7ae7259ea352b506578a7

SHA512
a9a00f23c1baedf04e7e2fbd238db4b8b02dfb03a4f14fef15fae4caf18884cba6a03ab9e692d39b6797612b6559629ece9e3aeecba7eb6abb7cd2d69e355d2c

Download Submit
\Windows\system\WsCezMy.exe

Filesize
6.0MB

MD5
74781b09b1d9568704102e94a7849d76

SHA1
8ce57e3dac86f246eb4a3d1a2c6c1cd54599a613

SHA256
dd82f969a2669503ea969b6a16df403bacbcb4de1b9888f0f8ddab35224c481e

SHA512
12ddd998822ec279b55b162e5820aa7ec7d0c999df18f6076c8bd416067ec3b934dc2830b7c5d2fe5e3ff3cfab50aceaedb7848182182798ba8d29848c59e6f0

Download Submit
\Windows\system\itrsLVi.exe

Filesize
6.0MB

MD5
00c7fb217d6494e2f3dbc211a216539a

SHA1
c2c0a78076c708df57e860962f0759325afbc9d6

SHA256
f4acaf12a168d19c97f5346cea941debe3185a3cb9d46c33fd191a235fb16212

SHA512
1a3b215c76e84646fb091cc5d2497004aa5ba48bfa99508e7cf303bb4f88dc2f35c410d793756e9db5b95c5a174087f57c7827ac93ec54b2d64b153cbc44b559

Download Submit
\Windows\system\pQsSLZw.exe

Filesize
6.0MB

MD5
7b510b971fd028330343034842c6c4f1

SHA1
46a335463a991d6501b8483a47af0575c092d696

SHA256
9cab388b912951f030b982f32c4312c0c2733a8bb74ef03873a43f96c898aede

SHA512
430eff95d922b04732f5d1d4dad1e34933c66ef6bf99c3c01b6a8febd4c45a40e4a2e08a2107c22ee063489e397244174d4285446ea39bb71a818c565536720b

Download Submit
\Windows\system\vtQeqMB.exe

Filesize
6.0MB

MD5
202df7cc83e8bdc6a8f1b3da5095689d

SHA1
55d438219d690fcbc79ae90c913388a909ea21f4

SHA256
db49e9a617ee9a873dd4d39d5c49ff97a521761411b691ffec58a2034e6e1d23

SHA512
35eba8455eb9129817a7f036925050eeca600452d49f8bfb4737ead83e96a421818bb1e53a299d7833bae202c7cf4782a8333a7ae464f8f30f70fa5da2155036

Download Submit
memory/1848-9-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1848-74-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2092-95-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-16-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-526-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4040-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2164-36-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2168-105-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2168-46-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2168-39-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2168-249-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-13-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2168-614-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-64-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-529-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2168-820-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-27-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-22-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-107-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2168-106-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1017-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-61-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2168-102-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1233-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2168-817-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-92-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2168-90-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-68-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-6-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-0-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2228-4036-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-32-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-33-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-99-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4042-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-56-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-528-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4041-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4043-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-103-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-620-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2760-85-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4039-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2768-80-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4044-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4037-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2780-52-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4038-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2820-527-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2820-49-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download