cobaltstrike | 94d26648d2ae7e1ec8282a181ec5eb2f17d84353d8a5335e431ca95f298a910e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8232367da9db34e588d226f59587c8d3
SHA1

2bf0aa2ffc37d8abbb246c17a471bfeb5182666e
SHA256

94d26648d2ae7e1ec8282a181ec5eb2f17d84353d8a5335e431ca95f298a910e
SHA512

7ccf4fc15eda50544853200c734125a04bee653e8da2fe1217b3d84474695514b37095be209e6df3902ada271766daf246c34a472e6ef9954deed32fa671782b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUk:T+q56utgpPF8u/7k

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001628b-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164b1-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016875-41.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000015f25-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-201.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-190.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-130.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-88.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c80-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b47-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016650-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2804-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/memory/2804-6-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000800000001610d-8.dat	xmrig
behavioral1/memory/2784-14-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000800000001628b-10.dat	xmrig
behavioral1/memory/2820-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00080000000164b1-22.dat	xmrig
behavioral1/memory/2684-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016875-41.dat	xmrig
behavioral1/memory/2680-43-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2916-42-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2476-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2712-60-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x002d000000015f25-70.dat	xmrig
behavioral1/memory/2476-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2092-82-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-120.dat	xmrig
behavioral1/files/0x00050000000186e7-135.dat	xmrig
behavioral1/files/0x00050000000186f4-151.dat	xmrig
behavioral1/memory/604-740-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2992-603-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2572-438-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2092-283-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-201.dat	xmrig
behavioral1/files/0x0005000000019250-196.dat	xmrig
behavioral1/files/0x0005000000019246-190.dat	xmrig
behavioral1/files/0x0006000000018c16-186.dat	xmrig
behavioral1/files/0x0006000000018b4e-181.dat	xmrig
behavioral1/files/0x00050000000187a8-176.dat	xmrig
behavioral1/files/0x000500000001878e-171.dat	xmrig
behavioral1/files/0x0005000000018744-166.dat	xmrig
behavioral1/files/0x0005000000018739-161.dat	xmrig
behavioral1/files/0x0005000000018704-156.dat	xmrig
behavioral1/memory/1900-148-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-145.dat	xmrig
behavioral1/files/0x00050000000186ed-140.dat	xmrig
behavioral1/files/0x0005000000018686-130.dat	xmrig
behavioral1/files/0x000600000001755b-125.dat	xmrig
behavioral1/files/0x0006000000017497-115.dat	xmrig
behavioral1/memory/604-108-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2488-107-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017049-106.dat	xmrig
behavioral1/memory/2992-99-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2712-98-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ecf-97.dat	xmrig
behavioral1/memory/2680-81-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dea-80.dat	xmrig
behavioral1/memory/2572-90-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df3-88.dat	xmrig
behavioral1/memory/2488-68-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/1900-76-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2944-75-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2684-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d9f-66.dat	xmrig
behavioral1/memory/2820-59-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c80-58.dat	xmrig
behavioral1/memory/2784-51-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b47-50.dat	xmrig
behavioral1/memory/2944-36-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2804-35-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000016650-34.dat	xmrig
behavioral1/memory/2916-2907-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2784-2908-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2916	dXJWCBw.exe
2784	IYvnLnX.exe
2820	goKlUAY.exe
2684	qwBafrn.exe
2944	moePXgp.exe
2680	tmczFMT.exe
2476	VOZnKVz.exe
2712	GfZisxw.exe
2488	RWnSlhe.exe
1900	xjvXWLV.exe
2092	OzGhNoh.exe
2572	ctUKIoz.exe
2992	vhapZuP.exe
604	yyIzOzI.exe
620	JgqDatV.exe
2068	gumHrHv.exe
588	hPwJThg.exe
1932	jNlVsMF.exe
1728	ysBETjX.exe
2632	yEYFGUQ.exe
1864	hZxVdpv.exe
2424	dAHawab.exe
2264	XULhsHk.exe
2144	mQgNATx.exe
1784	rWqBTRZ.exe
2204	BpZcFOU.exe
2036	BqhLMHz.exe
1012	TtFkxxA.exe
408	qLbnmwK.exe
2052	UmTjDwO.exe
2560	SnGuiiV.exe
2100	NmRuLVj.exe
1004	oCxUTDs.exe
1288	xJDEIyv.exe
1276	mJazQuA.exe
1192	mpQAMos.exe
1648	pMalgKb.exe
1644	dfSwZOx.exe
276	sWmENZv.exe
2332	VJGTKsF.exe
1608	ltmvnlY.exe
2600	mjVStAy.exe
1656	zokqwIJ.exe
1872	fkNEANa.exe
2288	JkcMCAh.exe
2620	hCMKoKy.exe
2392	LlmEjpd.exe
1444	mRqAZlR.exe
2580	mfSIxNd.exe
2384	UdPSkWQ.exe
1536	OQvvLKN.exe
2928	Zvpqycb.exe
2140	CgnnTOX.exe
2796	PetUkOX.exe
2832	HRDUmNg.exe
2864	yoSCZyU.exe
2484	ScSNSaM.exe
2056	UxtCPRP.exe
1440	CcbleIF.exe
1952	TlNrKRR.exe
888	ddaHalh.exe
2540	PbETzXT.exe
1968	jlsUEse.exe
2520	BYgzCSc.exe

Loads dropped DLL 64 IoCs

pid	Process
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/memory/2804-6-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000800000001610d-8.dat	upx
behavioral1/memory/2784-14-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x000800000001628b-10.dat	upx
behavioral1/memory/2820-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00080000000164b1-22.dat	upx
behavioral1/memory/2684-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0007000000016875-41.dat	upx
behavioral1/memory/2680-43-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2916-42-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2476-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2712-60-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x002d000000015f25-70.dat	upx
behavioral1/memory/2476-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2092-82-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x000600000001749c-120.dat	upx
behavioral1/files/0x00050000000186e7-135.dat	upx
behavioral1/files/0x00050000000186f4-151.dat	upx
behavioral1/memory/604-740-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2992-603-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2572-438-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2092-283-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x0005000000019269-201.dat	upx
behavioral1/files/0x0005000000019250-196.dat	upx
behavioral1/files/0x0005000000019246-190.dat	upx
behavioral1/files/0x0006000000018c16-186.dat	upx
behavioral1/files/0x0006000000018b4e-181.dat	upx
behavioral1/files/0x00050000000187a8-176.dat	upx
behavioral1/files/0x000500000001878e-171.dat	upx
behavioral1/files/0x0005000000018744-166.dat	upx
behavioral1/files/0x0005000000018739-161.dat	upx
behavioral1/files/0x0005000000018704-156.dat	upx
behavioral1/memory/1900-148-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00050000000186f1-145.dat	upx
behavioral1/files/0x00050000000186ed-140.dat	upx
behavioral1/files/0x0005000000018686-130.dat	upx
behavioral1/files/0x000600000001755b-125.dat	upx
behavioral1/files/0x0006000000017497-115.dat	upx
behavioral1/memory/604-108-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2488-107-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0006000000017049-106.dat	upx
behavioral1/memory/2992-99-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2712-98-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0006000000016ecf-97.dat	upx
behavioral1/memory/2680-81-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000016dea-80.dat	upx
behavioral1/memory/2572-90-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0006000000016df3-88.dat	upx
behavioral1/memory/2488-68-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/1900-76-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2944-75-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2684-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0008000000016d9f-66.dat	upx
behavioral1/memory/2820-59-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0009000000016c80-58.dat	upx
behavioral1/memory/2784-51-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0007000000016b47-50.dat	upx
behavioral1/memory/2944-36-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2804-35-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000016650-34.dat	upx
behavioral1/memory/2916-2907-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2784-2908-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XjFiGOq.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPlSQxV.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYtieZW.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajTzsDe.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJYfOQO.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYgsMgu.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSMVRAM.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMiHdkw.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdNxtzT.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLLCCJH.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoJdFpm.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXFTPsf.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LokbRJg.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOrHRdy.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UortXXE.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTmWCGk.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQLyHpp.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZtTFCU.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtkrofB.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwRGpdZ.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glLzrsb.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chrkNfv.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOnsKVu.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxreRMs.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyonfPt.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEnSwet.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crzqnSf.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjQGwRu.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUVDgoT.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BceVtBl.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abmdzXh.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaaXIfX.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIdfcmm.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QusiSgX.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEtYvDX.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eotobdz.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stuzqKp.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsEpUBq.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFZpRbF.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRyUrlG.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zokqwIJ.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqAdYrL.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiHOphV.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bybEGko.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUeZKvV.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGxiJxY.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwDdXfp.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjJIBzs.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBOeIAF.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsVlcKw.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWNunnx.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcQjFRj.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlNTHSL.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLvLKrz.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koLSmTg.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgHepSI.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIPLXgW.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQDtZZO.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVjDIDP.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efeRiQn.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXzAdEb.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvHTKGS.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utzklNQ.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmzQUZT.exe	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2916	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 2916	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 2916	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2804 wrote to memory of 2784	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2784	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2784	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2804 wrote to memory of 2820	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2820	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2820	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2804 wrote to memory of 2684	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2684	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2684	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2804 wrote to memory of 2944	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2944	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2944	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2804 wrote to memory of 2680	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2680	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2680	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2804 wrote to memory of 2476	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2476	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2476	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2804 wrote to memory of 2712	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2712	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2712	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2804 wrote to memory of 2488	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 2488	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 2488	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2804 wrote to memory of 1900	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 1900	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 1900	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2804 wrote to memory of 2092	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2092	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2092	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2804 wrote to memory of 2572	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 2572	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 2572	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2804 wrote to memory of 2992	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 2992	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 2992	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2804 wrote to memory of 604	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 604	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 604	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2804 wrote to memory of 620	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 620	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 620	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2804 wrote to memory of 2068	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 2068	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 2068	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2804 wrote to memory of 588	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 588	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 588	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2804 wrote to memory of 1932	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 1932	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 1932	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2804 wrote to memory of 1728	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 1728	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 1728	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2804 wrote to memory of 2632	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2804 wrote to memory of 2632	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2804 wrote to memory of 2632	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2804 wrote to memory of 1864	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2804 wrote to memory of 1864	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2804 wrote to memory of 1864	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2804 wrote to memory of 2424	2804	2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_8232367da9db34e588d226f59587c8d3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\System\dXJWCBw.exe
  C:\Windows\System\dXJWCBw.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\IYvnLnX.exe
  C:\Windows\System\IYvnLnX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\goKlUAY.exe
  C:\Windows\System\goKlUAY.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qwBafrn.exe
  C:\Windows\System\qwBafrn.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\moePXgp.exe
  C:\Windows\System\moePXgp.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\tmczFMT.exe
  C:\Windows\System\tmczFMT.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VOZnKVz.exe
  C:\Windows\System\VOZnKVz.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\GfZisxw.exe
  C:\Windows\System\GfZisxw.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RWnSlhe.exe
  C:\Windows\System\RWnSlhe.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\xjvXWLV.exe
  C:\Windows\System\xjvXWLV.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\OzGhNoh.exe
  C:\Windows\System\OzGhNoh.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\ctUKIoz.exe
  C:\Windows\System\ctUKIoz.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\vhapZuP.exe
  C:\Windows\System\vhapZuP.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\yyIzOzI.exe
  C:\Windows\System\yyIzOzI.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\JgqDatV.exe
  C:\Windows\System\JgqDatV.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\gumHrHv.exe
  C:\Windows\System\gumHrHv.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hPwJThg.exe
  C:\Windows\System\hPwJThg.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\jNlVsMF.exe
  C:\Windows\System\jNlVsMF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ysBETjX.exe
  C:\Windows\System\ysBETjX.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\yEYFGUQ.exe
  C:\Windows\System\yEYFGUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\hZxVdpv.exe
  C:\Windows\System\hZxVdpv.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\dAHawab.exe
  C:\Windows\System\dAHawab.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XULhsHk.exe
  C:\Windows\System\XULhsHk.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\mQgNATx.exe
  C:\Windows\System\mQgNATx.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\rWqBTRZ.exe
  C:\Windows\System\rWqBTRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\BpZcFOU.exe
  C:\Windows\System\BpZcFOU.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\BqhLMHz.exe
  C:\Windows\System\BqhLMHz.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\TtFkxxA.exe
  C:\Windows\System\TtFkxxA.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\qLbnmwK.exe
  C:\Windows\System\qLbnmwK.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\UmTjDwO.exe
  C:\Windows\System\UmTjDwO.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\SnGuiiV.exe
  C:\Windows\System\SnGuiiV.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NmRuLVj.exe
  C:\Windows\System\NmRuLVj.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\oCxUTDs.exe
  C:\Windows\System\oCxUTDs.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\xJDEIyv.exe
  C:\Windows\System\xJDEIyv.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\mJazQuA.exe
  C:\Windows\System\mJazQuA.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\mpQAMos.exe
  C:\Windows\System\mpQAMos.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\pMalgKb.exe
  C:\Windows\System\pMalgKb.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\dfSwZOx.exe
  C:\Windows\System\dfSwZOx.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\sWmENZv.exe
  C:\Windows\System\sWmENZv.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\VJGTKsF.exe
  C:\Windows\System\VJGTKsF.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ltmvnlY.exe
  C:\Windows\System\ltmvnlY.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mjVStAy.exe
  C:\Windows\System\mjVStAy.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\zokqwIJ.exe
  C:\Windows\System\zokqwIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\fkNEANa.exe
  C:\Windows\System\fkNEANa.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\JkcMCAh.exe
  C:\Windows\System\JkcMCAh.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\hCMKoKy.exe
  C:\Windows\System\hCMKoKy.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\LlmEjpd.exe
  C:\Windows\System\LlmEjpd.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\mRqAZlR.exe
  C:\Windows\System\mRqAZlR.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\mfSIxNd.exe
  C:\Windows\System\mfSIxNd.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\UdPSkWQ.exe
  C:\Windows\System\UdPSkWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\OQvvLKN.exe
  C:\Windows\System\OQvvLKN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\Zvpqycb.exe
  C:\Windows\System\Zvpqycb.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CgnnTOX.exe
  C:\Windows\System\CgnnTOX.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\PetUkOX.exe
  C:\Windows\System\PetUkOX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\HRDUmNg.exe
  C:\Windows\System\HRDUmNg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\yoSCZyU.exe
  C:\Windows\System\yoSCZyU.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ScSNSaM.exe
  C:\Windows\System\ScSNSaM.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\UxtCPRP.exe
  C:\Windows\System\UxtCPRP.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\TlNrKRR.exe
  C:\Windows\System\TlNrKRR.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\CcbleIF.exe
  C:\Windows\System\CcbleIF.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ddaHalh.exe
  C:\Windows\System\ddaHalh.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\PbETzXT.exe
  C:\Windows\System\PbETzXT.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\jlsUEse.exe
  C:\Windows\System\jlsUEse.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\BYgzCSc.exe
  C:\Windows\System\BYgzCSc.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\MQpdfCD.exe
  C:\Windows\System\MQpdfCD.exe
  2⤵
  PID:2460
- C:\Windows\System\kUzHvZM.exe
  C:\Windows\System\kUzHvZM.exe
  2⤵
  PID:2364
- C:\Windows\System\bwqPKFE.exe
  C:\Windows\System\bwqPKFE.exe
  2⤵
  PID:716
- C:\Windows\System\EaeesuI.exe
  C:\Windows\System\EaeesuI.exe
  2⤵
  PID:1116
- C:\Windows\System\VpsEXUY.exe
  C:\Windows\System\VpsEXUY.exe
  2⤵
  PID:1424
- C:\Windows\System\GTqtuun.exe
  C:\Windows\System\GTqtuun.exe
  2⤵
  PID:1104
- C:\Windows\System\bMkPhlZ.exe
  C:\Windows\System\bMkPhlZ.exe
  2⤵
  PID:1484
- C:\Windows\System\wWgPZpo.exe
  C:\Windows\System\wWgPZpo.exe
  2⤵
  PID:1280
- C:\Windows\System\gLUoIEq.exe
  C:\Windows\System\gLUoIEq.exe
  2⤵
  PID:836
- C:\Windows\System\PVwoiyM.exe
  C:\Windows\System\PVwoiyM.exe
  2⤵
  PID:1664
- C:\Windows\System\tXEjciw.exe
  C:\Windows\System\tXEjciw.exe
  2⤵
  PID:972
- C:\Windows\System\chrkNfv.exe
  C:\Windows\System\chrkNfv.exe
  2⤵
  PID:568
- C:\Windows\System\lGFiaOH.exe
  C:\Windows\System\lGFiaOH.exe
  2⤵
  PID:2412
- C:\Windows\System\WGFlcQZ.exe
  C:\Windows\System\WGFlcQZ.exe
  2⤵
  PID:1020
- C:\Windows\System\ZLzHFkH.exe
  C:\Windows\System\ZLzHFkH.exe
  2⤵
  PID:2552
- C:\Windows\System\zruTMzU.exe
  C:\Windows\System\zruTMzU.exe
  2⤵
  PID:1216
- C:\Windows\System\TwpgzYX.exe
  C:\Windows\System\TwpgzYX.exe
  2⤵
  PID:2848
- C:\Windows\System\SMmfzWs.exe
  C:\Windows\System\SMmfzWs.exe
  2⤵
  PID:1544
- C:\Windows\System\CUvbGHe.exe
  C:\Windows\System\CUvbGHe.exe
  2⤵
  PID:2752
- C:\Windows\System\EMvsVwz.exe
  C:\Windows\System\EMvsVwz.exe
  2⤵
  PID:2852
- C:\Windows\System\bsdDEhh.exe
  C:\Windows\System\bsdDEhh.exe
  2⤵
  PID:2708
- C:\Windows\System\QFZIwuM.exe
  C:\Windows\System\QFZIwuM.exe
  2⤵
  PID:2536
- C:\Windows\System\NuDzvmY.exe
  C:\Windows\System\NuDzvmY.exe
  2⤵
  PID:1208
- C:\Windows\System\fWztxhy.exe
  C:\Windows\System\fWztxhy.exe
  2⤵
  PID:2480
- C:\Windows\System\JfcLvXq.exe
  C:\Windows\System\JfcLvXq.exe
  2⤵
  PID:1748
- C:\Windows\System\bKHwygA.exe
  C:\Windows\System\bKHwygA.exe
  2⤵
  PID:2428
- C:\Windows\System\QOBxAcU.exe
  C:\Windows\System\QOBxAcU.exe
  2⤵
  PID:2472
- C:\Windows\System\fvZLHoR.exe
  C:\Windows\System\fvZLHoR.exe
  2⤵
  PID:284
- C:\Windows\System\DiqzXZf.exe
  C:\Windows\System\DiqzXZf.exe
  2⤵
  PID:1592
- C:\Windows\System\bLKCpqT.exe
  C:\Windows\System\bLKCpqT.exe
  2⤵
  PID:1976
- C:\Windows\System\RiEmNXD.exe
  C:\Windows\System\RiEmNXD.exe
  2⤵
  PID:968
- C:\Windows\System\rmVoWOE.exe
  C:\Windows\System\rmVoWOE.exe
  2⤵
  PID:1668
- C:\Windows\System\pkYmhvR.exe
  C:\Windows\System\pkYmhvR.exe
  2⤵
  PID:872
- C:\Windows\System\lJizAXd.exe
  C:\Windows\System\lJizAXd.exe
  2⤵
  PID:2456
- C:\Windows\System\uUQBSns.exe
  C:\Windows\System\uUQBSns.exe
  2⤵
  PID:2284
- C:\Windows\System\jZvvmdT.exe
  C:\Windows\System\jZvvmdT.exe
  2⤵
  PID:3076
- C:\Windows\System\XjgTLsg.exe
  C:\Windows\System\XjgTLsg.exe
  2⤵
  PID:3096
- C:\Windows\System\VKBIibd.exe
  C:\Windows\System\VKBIibd.exe
  2⤵
  PID:3116
- C:\Windows\System\kfMsyKm.exe
  C:\Windows\System\kfMsyKm.exe
  2⤵
  PID:3136
- C:\Windows\System\vPkUcVF.exe
  C:\Windows\System\vPkUcVF.exe
  2⤵
  PID:3156
- C:\Windows\System\ldrIgMA.exe
  C:\Windows\System\ldrIgMA.exe
  2⤵
  PID:3176
- C:\Windows\System\nJLwMqm.exe
  C:\Windows\System\nJLwMqm.exe
  2⤵
  PID:3196
- C:\Windows\System\UePCiAG.exe
  C:\Windows\System\UePCiAG.exe
  2⤵
  PID:3216
- C:\Windows\System\AVIeQmu.exe
  C:\Windows\System\AVIeQmu.exe
  2⤵
  PID:3236
- C:\Windows\System\IlpIRtp.exe
  C:\Windows\System\IlpIRtp.exe
  2⤵
  PID:3256
- C:\Windows\System\qeOholU.exe
  C:\Windows\System\qeOholU.exe
  2⤵
  PID:3276
- C:\Windows\System\zilTHvq.exe
  C:\Windows\System\zilTHvq.exe
  2⤵
  PID:3296
- C:\Windows\System\DoHaabs.exe
  C:\Windows\System\DoHaabs.exe
  2⤵
  PID:3316
- C:\Windows\System\TyomGEn.exe
  C:\Windows\System\TyomGEn.exe
  2⤵
  PID:3336
- C:\Windows\System\TbijkIS.exe
  C:\Windows\System\TbijkIS.exe
  2⤵
  PID:3356
- C:\Windows\System\jrANTOQ.exe
  C:\Windows\System\jrANTOQ.exe
  2⤵
  PID:3380
- C:\Windows\System\vFCrJnJ.exe
  C:\Windows\System\vFCrJnJ.exe
  2⤵
  PID:3400
- C:\Windows\System\KUQTpUs.exe
  C:\Windows\System\KUQTpUs.exe
  2⤵
  PID:3420
- C:\Windows\System\dNxhkaa.exe
  C:\Windows\System\dNxhkaa.exe
  2⤵
  PID:3440
- C:\Windows\System\qATmTKM.exe
  C:\Windows\System\qATmTKM.exe
  2⤵
  PID:3460
- C:\Windows\System\ylIWTTR.exe
  C:\Windows\System\ylIWTTR.exe
  2⤵
  PID:3480
- C:\Windows\System\xVkAYFa.exe
  C:\Windows\System\xVkAYFa.exe
  2⤵
  PID:3504
- C:\Windows\System\MTcsLpx.exe
  C:\Windows\System\MTcsLpx.exe
  2⤵
  PID:3524
- C:\Windows\System\lWJbpAI.exe
  C:\Windows\System\lWJbpAI.exe
  2⤵
  PID:3544
- C:\Windows\System\eqPQiku.exe
  C:\Windows\System\eqPQiku.exe
  2⤵
  PID:3564
- C:\Windows\System\isMuNTv.exe
  C:\Windows\System\isMuNTv.exe
  2⤵
  PID:3584
- C:\Windows\System\oceknRC.exe
  C:\Windows\System\oceknRC.exe
  2⤵
  PID:3604
- C:\Windows\System\pOXnDAP.exe
  C:\Windows\System\pOXnDAP.exe
  2⤵
  PID:3624
- C:\Windows\System\BwAudQb.exe
  C:\Windows\System\BwAudQb.exe
  2⤵
  PID:3640
- C:\Windows\System\dMtuFiL.exe
  C:\Windows\System\dMtuFiL.exe
  2⤵
  PID:3664
- C:\Windows\System\ofApNSp.exe
  C:\Windows\System\ofApNSp.exe
  2⤵
  PID:3684
- C:\Windows\System\LWHwpmw.exe
  C:\Windows\System\LWHwpmw.exe
  2⤵
  PID:3704
- C:\Windows\System\VjHDmPm.exe
  C:\Windows\System\VjHDmPm.exe
  2⤵
  PID:3724
- C:\Windows\System\NZTkeMW.exe
  C:\Windows\System\NZTkeMW.exe
  2⤵
  PID:3744
- C:\Windows\System\uQgfXJC.exe
  C:\Windows\System\uQgfXJC.exe
  2⤵
  PID:3764
- C:\Windows\System\wtLAlzC.exe
  C:\Windows\System\wtLAlzC.exe
  2⤵
  PID:3784
- C:\Windows\System\aktgYak.exe
  C:\Windows\System\aktgYak.exe
  2⤵
  PID:3804
- C:\Windows\System\tnVKAor.exe
  C:\Windows\System\tnVKAor.exe
  2⤵
  PID:3824
- C:\Windows\System\SEvXxKK.exe
  C:\Windows\System\SEvXxKK.exe
  2⤵
  PID:3844
- C:\Windows\System\glMZKFr.exe
  C:\Windows\System\glMZKFr.exe
  2⤵
  PID:3868
- C:\Windows\System\SaWCblY.exe
  C:\Windows\System\SaWCblY.exe
  2⤵
  PID:3888
- C:\Windows\System\MZdNSHb.exe
  C:\Windows\System\MZdNSHb.exe
  2⤵
  PID:3908
- C:\Windows\System\RyiZfIv.exe
  C:\Windows\System\RyiZfIv.exe
  2⤵
  PID:3928
- C:\Windows\System\YywUtJe.exe
  C:\Windows\System\YywUtJe.exe
  2⤵
  PID:3948
- C:\Windows\System\rzADTHU.exe
  C:\Windows\System\rzADTHU.exe
  2⤵
  PID:3968
- C:\Windows\System\OFxxcGI.exe
  C:\Windows\System\OFxxcGI.exe
  2⤵
  PID:3988
- C:\Windows\System\RhocBZG.exe
  C:\Windows\System\RhocBZG.exe
  2⤵
  PID:4008
- C:\Windows\System\LSewkXB.exe
  C:\Windows\System\LSewkXB.exe
  2⤵
  PID:4028
- C:\Windows\System\GLaHghc.exe
  C:\Windows\System\GLaHghc.exe
  2⤵
  PID:4048
- C:\Windows\System\ZioFuZH.exe
  C:\Windows\System\ZioFuZH.exe
  2⤵
  PID:4068
- C:\Windows\System\SCuzYgq.exe
  C:\Windows\System\SCuzYgq.exe
  2⤵
  PID:4088
- C:\Windows\System\eJXRPYx.exe
  C:\Windows\System\eJXRPYx.exe
  2⤵
  PID:1884
- C:\Windows\System\ISNwAaT.exe
  C:\Windows\System\ISNwAaT.exe
  2⤵
  PID:2104
- C:\Windows\System\GFVjLnt.exe
  C:\Windows\System\GFVjLnt.exe
  2⤵
  PID:1372
- C:\Windows\System\utzklNQ.exe
  C:\Windows\System\utzklNQ.exe
  2⤵
  PID:1980
- C:\Windows\System\cQCLeIl.exe
  C:\Windows\System\cQCLeIl.exe
  2⤵
  PID:2596
- C:\Windows\System\IhNilxQ.exe
  C:\Windows\System\IhNilxQ.exe
  2⤵
  PID:3004
- C:\Windows\System\agjlbHg.exe
  C:\Windows\System\agjlbHg.exe
  2⤵
  PID:2116
- C:\Windows\System\lAcjnhn.exe
  C:\Windows\System\lAcjnhn.exe
  2⤵
  PID:1108
- C:\Windows\System\zuRvAjL.exe
  C:\Windows\System\zuRvAjL.exe
  2⤵
  PID:1660
- C:\Windows\System\tzRhhKs.exe
  C:\Windows\System\tzRhhKs.exe
  2⤵
  PID:2608
- C:\Windows\System\GLlFLiE.exe
  C:\Windows\System\GLlFLiE.exe
  2⤵
  PID:2380
- C:\Windows\System\lPOhItW.exe
  C:\Windows\System\lPOhItW.exe
  2⤵
  PID:3088
- C:\Windows\System\uJRZvIc.exe
  C:\Windows\System\uJRZvIc.exe
  2⤵
  PID:3104
- C:\Windows\System\vttOtap.exe
  C:\Windows\System\vttOtap.exe
  2⤵
  PID:3164
- C:\Windows\System\RgwVWGo.exe
  C:\Windows\System\RgwVWGo.exe
  2⤵
  PID:3212
- C:\Windows\System\ctRqjCO.exe
  C:\Windows\System\ctRqjCO.exe
  2⤵
  PID:3252
- C:\Windows\System\CpPmYNz.exe
  C:\Windows\System\CpPmYNz.exe
  2⤵
  PID:3284
- C:\Windows\System\FsDgRpx.exe
  C:\Windows\System\FsDgRpx.exe
  2⤵
  PID:3324
- C:\Windows\System\MKHrHOO.exe
  C:\Windows\System\MKHrHOO.exe
  2⤵
  PID:3344
- C:\Windows\System\MaXRiQn.exe
  C:\Windows\System\MaXRiQn.exe
  2⤵
  PID:3376
- C:\Windows\System\SVEJvta.exe
  C:\Windows\System\SVEJvta.exe
  2⤵
  PID:3412
- C:\Windows\System\MSfVAUg.exe
  C:\Windows\System\MSfVAUg.exe
  2⤵
  PID:3432
- C:\Windows\System\nDIcmaB.exe
  C:\Windows\System\nDIcmaB.exe
  2⤵
  PID:3468
- C:\Windows\System\SCbpBGT.exe
  C:\Windows\System\SCbpBGT.exe
  2⤵
  PID:3496
- C:\Windows\System\JrgKjHo.exe
  C:\Windows\System\JrgKjHo.exe
  2⤵
  PID:3536
- C:\Windows\System\eVJiZVS.exe
  C:\Windows\System\eVJiZVS.exe
  2⤵
  PID:3572
- C:\Windows\System\eFeVDFH.exe
  C:\Windows\System\eFeVDFH.exe
  2⤵
  PID:3592
- C:\Windows\System\vjrAjzj.exe
  C:\Windows\System\vjrAjzj.exe
  2⤵
  PID:3596
- C:\Windows\System\UdaTyOL.exe
  C:\Windows\System\UdaTyOL.exe
  2⤵
  PID:3660
- C:\Windows\System\QLHVAzl.exe
  C:\Windows\System\QLHVAzl.exe
  2⤵
  PID:3680
- C:\Windows\System\raTiWfI.exe
  C:\Windows\System\raTiWfI.exe
  2⤵
  PID:3716
- C:\Windows\System\jgICdDs.exe
  C:\Windows\System\jgICdDs.exe
  2⤵
  PID:3776
- C:\Windows\System\ICWABwD.exe
  C:\Windows\System\ICWABwD.exe
  2⤵
  PID:3812
- C:\Windows\System\wkMlAdx.exe
  C:\Windows\System\wkMlAdx.exe
  2⤵
  PID:3832
- C:\Windows\System\IHhEfqu.exe
  C:\Windows\System\IHhEfqu.exe
  2⤵
  PID:3860
- C:\Windows\System\Nnlhhpz.exe
  C:\Windows\System\Nnlhhpz.exe
  2⤵
  PID:3884
- C:\Windows\System\KgDKzuK.exe
  C:\Windows\System\KgDKzuK.exe
  2⤵
  PID:3940
- C:\Windows\System\RkfZTaJ.exe
  C:\Windows\System\RkfZTaJ.exe
  2⤵
  PID:3980
- C:\Windows\System\lhHwZtT.exe
  C:\Windows\System\lhHwZtT.exe
  2⤵
  PID:4004
- C:\Windows\System\nKEpEmS.exe
  C:\Windows\System\nKEpEmS.exe
  2⤵
  PID:4056
- C:\Windows\System\HgufqrN.exe
  C:\Windows\System\HgufqrN.exe
  2⤵
  PID:4076
- C:\Windows\System\ZXlpWjJ.exe
  C:\Windows\System\ZXlpWjJ.exe
  2⤵
  PID:4080
- C:\Windows\System\VNNvXXx.exe
  C:\Windows\System\VNNvXXx.exe
  2⤵
  PID:2732
- C:\Windows\System\xEkPtoW.exe
  C:\Windows\System\xEkPtoW.exe
  2⤵
  PID:2124
- C:\Windows\System\rRqssXf.exe
  C:\Windows\System\rRqssXf.exe
  2⤵
  PID:304
- C:\Windows\System\sxTFVei.exe
  C:\Windows\System\sxTFVei.exe
  2⤵
  PID:2420
- C:\Windows\System\ufLbvcc.exe
  C:\Windows\System\ufLbvcc.exe
  2⤵
  PID:1232
- C:\Windows\System\sKNzRzt.exe
  C:\Windows\System\sKNzRzt.exe
  2⤵
  PID:3084
- C:\Windows\System\gOlmprP.exe
  C:\Windows\System\gOlmprP.exe
  2⤵
  PID:3132
- C:\Windows\System\offYHHg.exe
  C:\Windows\System\offYHHg.exe
  2⤵
  PID:3152
- C:\Windows\System\RMdRFey.exe
  C:\Windows\System\RMdRFey.exe
  2⤵
  PID:3224
- C:\Windows\System\xmfaGSI.exe
  C:\Windows\System\xmfaGSI.exe
  2⤵
  PID:3308
- C:\Windows\System\sJFhnMh.exe
  C:\Windows\System\sJFhnMh.exe
  2⤵
  PID:3304
- C:\Windows\System\nDFqCde.exe
  C:\Windows\System\nDFqCde.exe
  2⤵
  PID:3368
- C:\Windows\System\AXzAdEb.exe
  C:\Windows\System\AXzAdEb.exe
  2⤵
  PID:3396
- C:\Windows\System\eGTqqaj.exe
  C:\Windows\System\eGTqqaj.exe
  2⤵
  PID:3472
- C:\Windows\System\mBViVwT.exe
  C:\Windows\System\mBViVwT.exe
  2⤵
  PID:3556
- C:\Windows\System\DaXRyUc.exe
  C:\Windows\System\DaXRyUc.exe
  2⤵
  PID:3656
- C:\Windows\System\liITyOC.exe
  C:\Windows\System\liITyOC.exe
  2⤵
  PID:3696
- C:\Windows\System\JxzUdfn.exe
  C:\Windows\System\JxzUdfn.exe
  2⤵
  PID:3792
- C:\Windows\System\QLElgbH.exe
  C:\Windows\System\QLElgbH.exe
  2⤵
  PID:2788
- C:\Windows\System\BnwgEBj.exe
  C:\Windows\System\BnwgEBj.exe
  2⤵
  PID:3856
- C:\Windows\System\sVjaWtF.exe
  C:\Windows\System\sVjaWtF.exe
  2⤵
  PID:3900
- C:\Windows\System\HsPTpNz.exe
  C:\Windows\System\HsPTpNz.exe
  2⤵
  PID:3956
- C:\Windows\System\ZXmQroZ.exe
  C:\Windows\System\ZXmQroZ.exe
  2⤵
  PID:4040
- C:\Windows\System\uAgzGgf.exe
  C:\Windows\System\uAgzGgf.exe
  2⤵
  PID:1912
- C:\Windows\System\WXTPcdR.exe
  C:\Windows\System\WXTPcdR.exe
  2⤵
  PID:2912
- C:\Windows\System\NeVSbfA.exe
  C:\Windows\System\NeVSbfA.exe
  2⤵
  PID:2232
- C:\Windows\System\gUIXcRN.exe
  C:\Windows\System\gUIXcRN.exe
  2⤵
  PID:288
- C:\Windows\System\FfZjkVM.exe
  C:\Windows\System\FfZjkVM.exe
  2⤵
  PID:1988
- C:\Windows\System\cotCVRc.exe
  C:\Windows\System\cotCVRc.exe
  2⤵
  PID:1540
- C:\Windows\System\WZmtrHM.exe
  C:\Windows\System\WZmtrHM.exe
  2⤵
  PID:3192
- C:\Windows\System\stGtrso.exe
  C:\Windows\System\stGtrso.exe
  2⤵
  PID:3264
- C:\Windows\System\jHANeOw.exe
  C:\Windows\System\jHANeOw.exe
  2⤵
  PID:3428
- C:\Windows\System\pCbthmx.exe
  C:\Windows\System\pCbthmx.exe
  2⤵
  PID:3520
- C:\Windows\System\TqBiOqO.exe
  C:\Windows\System\TqBiOqO.exe
  2⤵
  PID:3476
- C:\Windows\System\uEqtTBP.exe
  C:\Windows\System\uEqtTBP.exe
  2⤵
  PID:3648
- C:\Windows\System\mQsHoEo.exe
  C:\Windows\System\mQsHoEo.exe
  2⤵
  PID:3732
- C:\Windows\System\krFlGJf.exe
  C:\Windows\System\krFlGJf.exe
  2⤵
  PID:4112
- C:\Windows\System\NlcgBbU.exe
  C:\Windows\System\NlcgBbU.exe
  2⤵
  PID:4132
- C:\Windows\System\zyhpPmK.exe
  C:\Windows\System\zyhpPmK.exe
  2⤵
  PID:4152
- C:\Windows\System\obJLZGs.exe
  C:\Windows\System\obJLZGs.exe
  2⤵
  PID:4172
- C:\Windows\System\hvHTKGS.exe
  C:\Windows\System\hvHTKGS.exe
  2⤵
  PID:4192
- C:\Windows\System\ZNsKaNu.exe
  C:\Windows\System\ZNsKaNu.exe
  2⤵
  PID:4212
- C:\Windows\System\EWSvDCm.exe
  C:\Windows\System\EWSvDCm.exe
  2⤵
  PID:4232
- C:\Windows\System\mDJJNZL.exe
  C:\Windows\System\mDJJNZL.exe
  2⤵
  PID:4252
- C:\Windows\System\DkZKWrV.exe
  C:\Windows\System\DkZKWrV.exe
  2⤵
  PID:4276
- C:\Windows\System\AKQHaJf.exe
  C:\Windows\System\AKQHaJf.exe
  2⤵
  PID:4296
- C:\Windows\System\nInfYZX.exe
  C:\Windows\System\nInfYZX.exe
  2⤵
  PID:4316
- C:\Windows\System\gUJuyUk.exe
  C:\Windows\System\gUJuyUk.exe
  2⤵
  PID:4336
- C:\Windows\System\YQnxlsk.exe
  C:\Windows\System\YQnxlsk.exe
  2⤵
  PID:4356
- C:\Windows\System\citIRaZ.exe
  C:\Windows\System\citIRaZ.exe
  2⤵
  PID:4376
- C:\Windows\System\VMyPfap.exe
  C:\Windows\System\VMyPfap.exe
  2⤵
  PID:4400
- C:\Windows\System\LMbkNyS.exe
  C:\Windows\System\LMbkNyS.exe
  2⤵
  PID:4420
- C:\Windows\System\IvUsxRH.exe
  C:\Windows\System\IvUsxRH.exe
  2⤵
  PID:4440
- C:\Windows\System\joPhSmL.exe
  C:\Windows\System\joPhSmL.exe
  2⤵
  PID:4456
- C:\Windows\System\pNlMItn.exe
  C:\Windows\System\pNlMItn.exe
  2⤵
  PID:4480
- C:\Windows\System\GdKLbPt.exe
  C:\Windows\System\GdKLbPt.exe
  2⤵
  PID:4500
- C:\Windows\System\lZyhCBr.exe
  C:\Windows\System\lZyhCBr.exe
  2⤵
  PID:4520
- C:\Windows\System\rqntelZ.exe
  C:\Windows\System\rqntelZ.exe
  2⤵
  PID:4540
- C:\Windows\System\BBaUgpI.exe
  C:\Windows\System\BBaUgpI.exe
  2⤵
  PID:4560
- C:\Windows\System\vGLeMya.exe
  C:\Windows\System\vGLeMya.exe
  2⤵
  PID:4580
- C:\Windows\System\IkUNJrc.exe
  C:\Windows\System\IkUNJrc.exe
  2⤵
  PID:4600
- C:\Windows\System\pTqUWcQ.exe
  C:\Windows\System\pTqUWcQ.exe
  2⤵
  PID:4620
- C:\Windows\System\ipVbaAR.exe
  C:\Windows\System\ipVbaAR.exe
  2⤵
  PID:4640
- C:\Windows\System\SopaXdD.exe
  C:\Windows\System\SopaXdD.exe
  2⤵
  PID:4656
- C:\Windows\System\LyoJSHx.exe
  C:\Windows\System\LyoJSHx.exe
  2⤵
  PID:4680
- C:\Windows\System\HHhflNu.exe
  C:\Windows\System\HHhflNu.exe
  2⤵
  PID:4700
- C:\Windows\System\cnibxcb.exe
  C:\Windows\System\cnibxcb.exe
  2⤵
  PID:4720
- C:\Windows\System\yHzdAjY.exe
  C:\Windows\System\yHzdAjY.exe
  2⤵
  PID:4740
- C:\Windows\System\snVhfsq.exe
  C:\Windows\System\snVhfsq.exe
  2⤵
  PID:4760
- C:\Windows\System\oruUUHj.exe
  C:\Windows\System\oruUUHj.exe
  2⤵
  PID:4780
- C:\Windows\System\KIaJeeb.exe
  C:\Windows\System\KIaJeeb.exe
  2⤵
  PID:4800
- C:\Windows\System\MhcvIon.exe
  C:\Windows\System\MhcvIon.exe
  2⤵
  PID:4820
- C:\Windows\System\URdRuHf.exe
  C:\Windows\System\URdRuHf.exe
  2⤵
  PID:4840
- C:\Windows\System\JSdQWqd.exe
  C:\Windows\System\JSdQWqd.exe
  2⤵
  PID:4860
- C:\Windows\System\VAIpGLP.exe
  C:\Windows\System\VAIpGLP.exe
  2⤵
  PID:4880
- C:\Windows\System\aUzaJaG.exe
  C:\Windows\System\aUzaJaG.exe
  2⤵
  PID:4900
- C:\Windows\System\oaPaKRK.exe
  C:\Windows\System\oaPaKRK.exe
  2⤵
  PID:4920
- C:\Windows\System\CuYsSCQ.exe
  C:\Windows\System\CuYsSCQ.exe
  2⤵
  PID:4936
- C:\Windows\System\rcKxWad.exe
  C:\Windows\System\rcKxWad.exe
  2⤵
  PID:4960
- C:\Windows\System\VSvznFw.exe
  C:\Windows\System\VSvznFw.exe
  2⤵
  PID:4980
- C:\Windows\System\qvLpAti.exe
  C:\Windows\System\qvLpAti.exe
  2⤵
  PID:5000
- C:\Windows\System\WKtIciM.exe
  C:\Windows\System\WKtIciM.exe
  2⤵
  PID:5020
- C:\Windows\System\CJfpnfF.exe
  C:\Windows\System\CJfpnfF.exe
  2⤵
  PID:5044
- C:\Windows\System\grWdtrH.exe
  C:\Windows\System\grWdtrH.exe
  2⤵
  PID:5064
- C:\Windows\System\QLZSEKj.exe
  C:\Windows\System\QLZSEKj.exe
  2⤵
  PID:5084
- C:\Windows\System\CZYIbkw.exe
  C:\Windows\System\CZYIbkw.exe
  2⤵
  PID:5104
- C:\Windows\System\jmcBsxC.exe
  C:\Windows\System\jmcBsxC.exe
  2⤵
  PID:3816
- C:\Windows\System\gIwYuOf.exe
  C:\Windows\System\gIwYuOf.exe
  2⤵
  PID:3904
- C:\Windows\System\QMsBNlL.exe
  C:\Windows\System\QMsBNlL.exe
  2⤵
  PID:3960
- C:\Windows\System\FekgURI.exe
  C:\Windows\System\FekgURI.exe
  2⤵
  PID:4084
- C:\Windows\System\pWhzzGw.exe
  C:\Windows\System\pWhzzGw.exe
  2⤵
  PID:2368
- C:\Windows\System\ANodzWN.exe
  C:\Windows\System\ANodzWN.exe
  2⤵
  PID:1716
- C:\Windows\System\kjFzqjB.exe
  C:\Windows\System\kjFzqjB.exe
  2⤵
  PID:3128
- C:\Windows\System\lPLBDyr.exe
  C:\Windows\System\lPLBDyr.exe
  2⤵
  PID:3328
- C:\Windows\System\nIaNXMb.exe
  C:\Windows\System\nIaNXMb.exe
  2⤵
  PID:3144
- C:\Windows\System\HxsUtXw.exe
  C:\Windows\System\HxsUtXw.exe
  2⤵
  PID:3500
- C:\Windows\System\jdAmRpA.exe
  C:\Windows\System\jdAmRpA.exe
  2⤵
  PID:3580
- C:\Windows\System\lckKCMC.exe
  C:\Windows\System\lckKCMC.exe
  2⤵
  PID:3752
- C:\Windows\System\DZJPWfq.exe
  C:\Windows\System\DZJPWfq.exe
  2⤵
  PID:4120
- C:\Windows\System\vchRLgk.exe
  C:\Windows\System\vchRLgk.exe
  2⤵
  PID:4188
- C:\Windows\System\swIZuXb.exe
  C:\Windows\System\swIZuXb.exe
  2⤵
  PID:4220
- C:\Windows\System\hRyIUCU.exe
  C:\Windows\System\hRyIUCU.exe
  2⤵
  PID:4240
- C:\Windows\System\iIaEmum.exe
  C:\Windows\System\iIaEmum.exe
  2⤵
  PID:4264
- C:\Windows\System\LroWXPb.exe
  C:\Windows\System\LroWXPb.exe
  2⤵
  PID:4288
- C:\Windows\System\hzbAhHL.exe
  C:\Windows\System\hzbAhHL.exe
  2⤵
  PID:4324
- C:\Windows\System\jyWZhLi.exe
  C:\Windows\System\jyWZhLi.exe
  2⤵
  PID:4388
- C:\Windows\System\TCBAKzO.exe
  C:\Windows\System\TCBAKzO.exe
  2⤵
  PID:4416
- C:\Windows\System\nQvSHkY.exe
  C:\Windows\System\nQvSHkY.exe
  2⤵
  PID:4468
- C:\Windows\System\cvcvxoA.exe
  C:\Windows\System\cvcvxoA.exe
  2⤵
  PID:4476
- C:\Windows\System\tmwBdCJ.exe
  C:\Windows\System\tmwBdCJ.exe
  2⤵
  PID:4496
- C:\Windows\System\SOBAVSd.exe
  C:\Windows\System\SOBAVSd.exe
  2⤵
  PID:4532
- C:\Windows\System\kuOpXOB.exe
  C:\Windows\System\kuOpXOB.exe
  2⤵
  PID:4588
- C:\Windows\System\kTMfPZb.exe
  C:\Windows\System\kTMfPZb.exe
  2⤵
  PID:4628
- C:\Windows\System\FyOrZwy.exe
  C:\Windows\System\FyOrZwy.exe
  2⤵
  PID:4612
- C:\Windows\System\QyIjfGj.exe
  C:\Windows\System\QyIjfGj.exe
  2⤵
  PID:4668
- C:\Windows\System\RyCAxzd.exe
  C:\Windows\System\RyCAxzd.exe
  2⤵
  PID:4712
- C:\Windows\System\CyiOnnD.exe
  C:\Windows\System\CyiOnnD.exe
  2⤵
  PID:4748
- C:\Windows\System\VAGFgYv.exe
  C:\Windows\System\VAGFgYv.exe
  2⤵
  PID:4788
- C:\Windows\System\ofvebYR.exe
  C:\Windows\System\ofvebYR.exe
  2⤵
  PID:4808
- C:\Windows\System\ptystlt.exe
  C:\Windows\System\ptystlt.exe
  2⤵
  PID:4836
- C:\Windows\System\AmjTmWq.exe
  C:\Windows\System\AmjTmWq.exe
  2⤵
  PID:4872
- C:\Windows\System\JOnsKVu.exe
  C:\Windows\System\JOnsKVu.exe
  2⤵
  PID:4892
- C:\Windows\System\ApMtLwh.exe
  C:\Windows\System\ApMtLwh.exe
  2⤵
  PID:4944
- C:\Windows\System\gMWJpkR.exe
  C:\Windows\System\gMWJpkR.exe
  2⤵
  PID:4972
- C:\Windows\System\IZftDVY.exe
  C:\Windows\System\IZftDVY.exe
  2⤵
  PID:5008
- C:\Windows\System\iUHoIpg.exe
  C:\Windows\System\iUHoIpg.exe
  2⤵
  PID:5040
- C:\Windows\System\dGDZTrT.exe
  C:\Windows\System\dGDZTrT.exe
  2⤵
  PID:5080
- C:\Windows\System\UTibmcY.exe
  C:\Windows\System\UTibmcY.exe
  2⤵
  PID:5096
- C:\Windows\System\ocDFZBq.exe
  C:\Windows\System\ocDFZBq.exe
  2⤵
  PID:4020
- C:\Windows\System\dALnKHu.exe
  C:\Windows\System\dALnKHu.exe
  2⤵
  PID:4036
- C:\Windows\System\ZsohdZN.exe
  C:\Windows\System\ZsohdZN.exe
  2⤵
  PID:5036
- C:\Windows\System\mVnFhWw.exe
  C:\Windows\System\mVnFhWw.exe
  2⤵
  PID:2328
- C:\Windows\System\SmFGCxb.exe
  C:\Windows\System\SmFGCxb.exe
  2⤵
  PID:3448
- C:\Windows\System\LhqSzNq.exe
  C:\Windows\System\LhqSzNq.exe
  2⤵
  PID:3632
- C:\Windows\System\DuYyPmU.exe
  C:\Windows\System\DuYyPmU.exe
  2⤵
  PID:4104
- C:\Windows\System\bdpJnsx.exe
  C:\Windows\System\bdpJnsx.exe
  2⤵
  PID:4124
- C:\Windows\System\JuNvQOx.exe
  C:\Windows\System\JuNvQOx.exe
  2⤵
  PID:4164
- C:\Windows\System\Fcwpkyr.exe
  C:\Windows\System\Fcwpkyr.exe
  2⤵
  PID:4272
- C:\Windows\System\WBNQcyY.exe
  C:\Windows\System\WBNQcyY.exe
  2⤵
  PID:4344
- C:\Windows\System\AphcNmg.exe
  C:\Windows\System\AphcNmg.exe
  2⤵
  PID:4384
- C:\Windows\System\lMQimaF.exe
  C:\Windows\System\lMQimaF.exe
  2⤵
  PID:4412
- C:\Windows\System\orQnGkv.exe
  C:\Windows\System\orQnGkv.exe
  2⤵
  PID:4512
- C:\Windows\System\mYeJwxx.exe
  C:\Windows\System\mYeJwxx.exe
  2⤵
  PID:4528
- C:\Windows\System\KcOHKJg.exe
  C:\Windows\System\KcOHKJg.exe
  2⤵
  PID:4572
- C:\Windows\System\iUSBKVM.exe
  C:\Windows\System\iUSBKVM.exe
  2⤵
  PID:5128
- C:\Windows\System\vGMnWxN.exe
  C:\Windows\System\vGMnWxN.exe
  2⤵
  PID:5148
- C:\Windows\System\pazIILz.exe
  C:\Windows\System\pazIILz.exe
  2⤵
  PID:5168
- C:\Windows\System\hrgIaDN.exe
  C:\Windows\System\hrgIaDN.exe
  2⤵
  PID:5188
- C:\Windows\System\YHMBqaQ.exe
  C:\Windows\System\YHMBqaQ.exe
  2⤵
  PID:5208
- C:\Windows\System\UDArlwE.exe
  C:\Windows\System\UDArlwE.exe
  2⤵
  PID:5232
- C:\Windows\System\MBHHRNg.exe
  C:\Windows\System\MBHHRNg.exe
  2⤵
  PID:5252
- C:\Windows\System\PXjpSgX.exe
  C:\Windows\System\PXjpSgX.exe
  2⤵
  PID:5272
- C:\Windows\System\RucYLTz.exe
  C:\Windows\System\RucYLTz.exe
  2⤵
  PID:5292
- C:\Windows\System\OTxxXfX.exe
  C:\Windows\System\OTxxXfX.exe
  2⤵
  PID:5312
- C:\Windows\System\qifJCnM.exe
  C:\Windows\System\qifJCnM.exe
  2⤵
  PID:5332
- C:\Windows\System\iHzoThg.exe
  C:\Windows\System\iHzoThg.exe
  2⤵
  PID:5352
- C:\Windows\System\YjnfNZU.exe
  C:\Windows\System\YjnfNZU.exe
  2⤵
  PID:5372
- C:\Windows\System\nEAZzov.exe
  C:\Windows\System\nEAZzov.exe
  2⤵
  PID:5392
- C:\Windows\System\okOVQyT.exe
  C:\Windows\System\okOVQyT.exe
  2⤵
  PID:5412
- C:\Windows\System\WlSbMgj.exe
  C:\Windows\System\WlSbMgj.exe
  2⤵
  PID:5432
- C:\Windows\System\XpBoMyU.exe
  C:\Windows\System\XpBoMyU.exe
  2⤵
  PID:5452
- C:\Windows\System\jcWiJSK.exe
  C:\Windows\System\jcWiJSK.exe
  2⤵
  PID:5472
- C:\Windows\System\dUehfsQ.exe
  C:\Windows\System\dUehfsQ.exe
  2⤵
  PID:5492
- C:\Windows\System\bYzcACK.exe
  C:\Windows\System\bYzcACK.exe
  2⤵
  PID:5512
- C:\Windows\System\pkMgMFu.exe
  C:\Windows\System\pkMgMFu.exe
  2⤵
  PID:5532
- C:\Windows\System\kshUUbe.exe
  C:\Windows\System\kshUUbe.exe
  2⤵
  PID:5552
- C:\Windows\System\BGjRJbA.exe
  C:\Windows\System\BGjRJbA.exe
  2⤵
  PID:5572
- C:\Windows\System\kiMTwwZ.exe
  C:\Windows\System\kiMTwwZ.exe
  2⤵
  PID:5592
- C:\Windows\System\bgTCSLu.exe
  C:\Windows\System\bgTCSLu.exe
  2⤵
  PID:5612
- C:\Windows\System\yZHEPmZ.exe
  C:\Windows\System\yZHEPmZ.exe
  2⤵
  PID:5632
- C:\Windows\System\OQHxTYZ.exe
  C:\Windows\System\OQHxTYZ.exe
  2⤵
  PID:5652
- C:\Windows\System\qptNdZT.exe
  C:\Windows\System\qptNdZT.exe
  2⤵
  PID:5672
- C:\Windows\System\JHoUiNy.exe
  C:\Windows\System\JHoUiNy.exe
  2⤵
  PID:5692
- C:\Windows\System\VDctrlJ.exe
  C:\Windows\System\VDctrlJ.exe
  2⤵
  PID:5712
- C:\Windows\System\FzXvDQw.exe
  C:\Windows\System\FzXvDQw.exe
  2⤵
  PID:5732
- C:\Windows\System\ElRgKNj.exe
  C:\Windows\System\ElRgKNj.exe
  2⤵
  PID:5752
- C:\Windows\System\fORxawj.exe
  C:\Windows\System\fORxawj.exe
  2⤵
  PID:5772
- C:\Windows\System\yJvicTj.exe
  C:\Windows\System\yJvicTj.exe
  2⤵
  PID:5792
- C:\Windows\System\fWPJeCU.exe
  C:\Windows\System\fWPJeCU.exe
  2⤵
  PID:5812
- C:\Windows\System\pwGhjWS.exe
  C:\Windows\System\pwGhjWS.exe
  2⤵
  PID:5832
- C:\Windows\System\ZnOGQul.exe
  C:\Windows\System\ZnOGQul.exe
  2⤵
  PID:5852
- C:\Windows\System\bPwKHwx.exe
  C:\Windows\System\bPwKHwx.exe
  2⤵
  PID:5872
- C:\Windows\System\eSmwPlo.exe
  C:\Windows\System\eSmwPlo.exe
  2⤵
  PID:5892
- C:\Windows\System\sWvQpzg.exe
  C:\Windows\System\sWvQpzg.exe
  2⤵
  PID:5912
- C:\Windows\System\mlPzWpS.exe
  C:\Windows\System\mlPzWpS.exe
  2⤵
  PID:5936
- C:\Windows\System\MxxqRZP.exe
  C:\Windows\System\MxxqRZP.exe
  2⤵
  PID:5956
- C:\Windows\System\IKGhZrD.exe
  C:\Windows\System\IKGhZrD.exe
  2⤵
  PID:5976
- C:\Windows\System\rigQkFZ.exe
  C:\Windows\System\rigQkFZ.exe
  2⤵
  PID:5996
- C:\Windows\System\gQbYswb.exe
  C:\Windows\System\gQbYswb.exe
  2⤵
  PID:6016
- C:\Windows\System\liQUPzp.exe
  C:\Windows\System\liQUPzp.exe
  2⤵
  PID:6036
- C:\Windows\System\aYgsMgu.exe
  C:\Windows\System\aYgsMgu.exe
  2⤵
  PID:6060
- C:\Windows\System\OcMbTvJ.exe
  C:\Windows\System\OcMbTvJ.exe
  2⤵
  PID:6080
- C:\Windows\System\QFeuSRd.exe
  C:\Windows\System\QFeuSRd.exe
  2⤵
  PID:6100
- C:\Windows\System\IffyzdC.exe
  C:\Windows\System\IffyzdC.exe
  2⤵
  PID:6120
- C:\Windows\System\beUXHLD.exe
  C:\Windows\System\beUXHLD.exe
  2⤵
  PID:6140
- C:\Windows\System\JHaXRYZ.exe
  C:\Windows\System\JHaXRYZ.exe
  2⤵
  PID:4672
- C:\Windows\System\AymXfRY.exe
  C:\Windows\System\AymXfRY.exe
  2⤵
  PID:4696
- C:\Windows\System\pTCKiiS.exe
  C:\Windows\System\pTCKiiS.exe
  2⤵
  PID:4732
- C:\Windows\System\jTFrJFH.exe
  C:\Windows\System\jTFrJFH.exe
  2⤵
  PID:4856
- C:\Windows\System\EzBKFSE.exe
  C:\Windows\System\EzBKFSE.exe
  2⤵
  PID:4896
- C:\Windows\System\tPEeGXZ.exe
  C:\Windows\System\tPEeGXZ.exe
  2⤵
  PID:4956
- C:\Windows\System\yEGNSib.exe
  C:\Windows\System\yEGNSib.exe
  2⤵
  PID:4996
- C:\Windows\System\grTOwVF.exe
  C:\Windows\System\grTOwVF.exe
  2⤵
  PID:5072
- C:\Windows\System\pLqzGQA.exe
  C:\Windows\System\pLqzGQA.exe
  2⤵
  PID:5112
- C:\Windows\System\TsvjscL.exe
  C:\Windows\System\TsvjscL.exe
  2⤵
  PID:2532
- C:\Windows\System\JzAHzhb.exe
  C:\Windows\System\JzAHzhb.exe
  2⤵
  PID:1488
- C:\Windows\System\jUCzGvz.exe
  C:\Windows\System\jUCzGvz.exe
  2⤵
  PID:3492
- C:\Windows\System\NFFXIGP.exe
  C:\Windows\System\NFFXIGP.exe
  2⤵
  PID:3560
- C:\Windows\System\QdxqeTL.exe
  C:\Windows\System\QdxqeTL.exe
  2⤵
  PID:4148
- C:\Windows\System\lTcgqoy.exe
  C:\Windows\System\lTcgqoy.exe
  2⤵
  PID:4312
- C:\Windows\System\EtJacco.exe
  C:\Windows\System\EtJacco.exe
  2⤵
  PID:4408
- C:\Windows\System\ZfZckhk.exe
  C:\Windows\System\ZfZckhk.exe
  2⤵
  PID:4448
- C:\Windows\System\FFtHCno.exe
  C:\Windows\System\FFtHCno.exe
  2⤵
  PID:4472
- C:\Windows\System\VBUqkjZ.exe
  C:\Windows\System\VBUqkjZ.exe
  2⤵
  PID:4636
- C:\Windows\System\jTwJXQg.exe
  C:\Windows\System\jTwJXQg.exe
  2⤵
  PID:5140
- C:\Windows\System\bPGNbyq.exe
  C:\Windows\System\bPGNbyq.exe
  2⤵
  PID:5196
- C:\Windows\System\IlcMmoE.exe
  C:\Windows\System\IlcMmoE.exe
  2⤵
  PID:5248
- C:\Windows\System\DPzRMmJ.exe
  C:\Windows\System\DPzRMmJ.exe
  2⤵
  PID:5260
- C:\Windows\System\goOrTEu.exe
  C:\Windows\System\goOrTEu.exe
  2⤵
  PID:5284
- C:\Windows\System\WWRRcvp.exe
  C:\Windows\System\WWRRcvp.exe
  2⤵
  PID:5328
- C:\Windows\System\ZByVLgM.exe
  C:\Windows\System\ZByVLgM.exe
  2⤵
  PID:5368
- C:\Windows\System\QWVqcsR.exe
  C:\Windows\System\QWVqcsR.exe
  2⤵
  PID:5388
- C:\Windows\System\xDanqDp.exe
  C:\Windows\System\xDanqDp.exe
  2⤵
  PID:5428
- C:\Windows\System\DvVUVdu.exe
  C:\Windows\System\DvVUVdu.exe
  2⤵
  PID:5460
- C:\Windows\System\mwJTJlx.exe
  C:\Windows\System\mwJTJlx.exe
  2⤵
  PID:5484
- C:\Windows\System\KDdoDkZ.exe
  C:\Windows\System\KDdoDkZ.exe
  2⤵
  PID:5520
- C:\Windows\System\DNxayhL.exe
  C:\Windows\System\DNxayhL.exe
  2⤵
  PID:5560
- C:\Windows\System\poYIZby.exe
  C:\Windows\System\poYIZby.exe
  2⤵
  PID:5580
- C:\Windows\System\WNXigIs.exe
  C:\Windows\System\WNXigIs.exe
  2⤵
  PID:5604
- C:\Windows\System\RUbawiy.exe
  C:\Windows\System\RUbawiy.exe
  2⤵
  PID:5648
- C:\Windows\System\CPgTibM.exe
  C:\Windows\System\CPgTibM.exe
  2⤵
  PID:5664
- C:\Windows\System\ETHAHZM.exe
  C:\Windows\System\ETHAHZM.exe
  2⤵
  PID:5728
- C:\Windows\System\YyGVedP.exe
  C:\Windows\System\YyGVedP.exe
  2⤵
  PID:5748
- C:\Windows\System\Kqpekwb.exe
  C:\Windows\System\Kqpekwb.exe
  2⤵
  PID:5800
- C:\Windows\System\XMOUjtk.exe
  C:\Windows\System\XMOUjtk.exe
  2⤵
  PID:5828
- C:\Windows\System\gzqsEUX.exe
  C:\Windows\System\gzqsEUX.exe
  2⤵
  PID:5860
- C:\Windows\System\vmVDleJ.exe
  C:\Windows\System\vmVDleJ.exe
  2⤵
  PID:5884
- C:\Windows\System\jwQhTrq.exe
  C:\Windows\System\jwQhTrq.exe
  2⤵
  PID:5932
- C:\Windows\System\JVhjKtM.exe
  C:\Windows\System\JVhjKtM.exe
  2⤵
  PID:5948
- C:\Windows\System\IfOZXkr.exe
  C:\Windows\System\IfOZXkr.exe
  2⤵
  PID:5992
- C:\Windows\System\ZithKKJ.exe
  C:\Windows\System\ZithKKJ.exe
  2⤵
  PID:6024
- C:\Windows\System\VNzvBir.exe
  C:\Windows\System\VNzvBir.exe
  2⤵
  PID:6052
- C:\Windows\System\aXkTjbV.exe
  C:\Windows\System\aXkTjbV.exe
  2⤵
  PID:6088
- C:\Windows\System\MWRYVfo.exe
  C:\Windows\System\MWRYVfo.exe
  2⤵
  PID:6112
- C:\Windows\System\UCgOnsQ.exe
  C:\Windows\System\UCgOnsQ.exe
  2⤵
  PID:4676
- C:\Windows\System\inKceip.exe
  C:\Windows\System\inKceip.exe
  2⤵
  PID:4768
- C:\Windows\System\ydrDTYh.exe
  C:\Windows\System\ydrDTYh.exe
  2⤵
  PID:4812
- C:\Windows\System\YStMQFs.exe
  C:\Windows\System\YStMQFs.exe
  2⤵
  PID:4868
- C:\Windows\System\DDnrjHE.exe
  C:\Windows\System\DDnrjHE.exe
  2⤵
  PID:4968
- C:\Windows\System\wuwUiVb.exe
  C:\Windows\System\wuwUiVb.exe
  2⤵
  PID:5092
- C:\Windows\System\sJPchLz.exe
  C:\Windows\System\sJPchLz.exe
  2⤵
  PID:3820
- C:\Windows\System\oVCNLPa.exe
  C:\Windows\System\oVCNLPa.exe
  2⤵
  PID:3996
- C:\Windows\System\BSVKDaO.exe
  C:\Windows\System\BSVKDaO.exe
  2⤵
  PID:4168
- C:\Windows\System\PUESDwU.exe
  C:\Windows\System\PUESDwU.exe
  2⤵
  PID:4260
- C:\Windows\System\heuRCDf.exe
  C:\Windows\System\heuRCDf.exe
  2⤵
  PID:3672
- C:\Windows\System\VvYyXuy.exe
  C:\Windows\System\VvYyXuy.exe
  2⤵
  PID:4576
- C:\Windows\System\KKkoLTd.exe
  C:\Windows\System\KKkoLTd.exe
  2⤵
  PID:5144
- C:\Windows\System\boBcafB.exe
  C:\Windows\System\boBcafB.exe
  2⤵
  PID:5240
- C:\Windows\System\qOFjAwx.exe
  C:\Windows\System\qOFjAwx.exe
  2⤵
  PID:5244
- C:\Windows\System\DhFFTsj.exe
  C:\Windows\System\DhFFTsj.exe
  2⤵
  PID:5304
- C:\Windows\System\cpVqPqk.exe
  C:\Windows\System\cpVqPqk.exe
  2⤵
  PID:5400
- C:\Windows\System\mtGubAU.exe
  C:\Windows\System\mtGubAU.exe
  2⤵
  PID:5424
- C:\Windows\System\VhNuHGj.exe
  C:\Windows\System\VhNuHGj.exe
  2⤵
  PID:5464
- C:\Windows\System\JDqKSbl.exe
  C:\Windows\System\JDqKSbl.exe
  2⤵
  PID:2688
- C:\Windows\System\LEblKCm.exe
  C:\Windows\System\LEblKCm.exe
  2⤵
  PID:5588
- C:\Windows\System\UaUNNLw.exe
  C:\Windows\System\UaUNNLw.exe
  2⤵
  PID:5624
- C:\Windows\System\iUnHTwe.exe
  C:\Windows\System\iUnHTwe.exe
  2⤵
  PID:5680
- C:\Windows\System\sgIvzEN.exe
  C:\Windows\System\sgIvzEN.exe
  2⤵
  PID:5720
- C:\Windows\System\pmTWplC.exe
  C:\Windows\System\pmTWplC.exe
  2⤵
  PID:5780
- C:\Windows\System\skXUtjG.exe
  C:\Windows\System\skXUtjG.exe
  2⤵
  PID:5864
- C:\Windows\System\rPllJuW.exe
  C:\Windows\System\rPllJuW.exe
  2⤵
  PID:5908
- C:\Windows\System\bjDWljN.exe
  C:\Windows\System\bjDWljN.exe
  2⤵
  PID:5952
- C:\Windows\System\hbXpGYQ.exe
  C:\Windows\System\hbXpGYQ.exe
  2⤵
  PID:5988
- C:\Windows\System\MHDpBTe.exe
  C:\Windows\System\MHDpBTe.exe
  2⤵
  PID:6032
- C:\Windows\System\IWlnrsV.exe
  C:\Windows\System\IWlnrsV.exe
  2⤵
  PID:6108
- C:\Windows\System\rvWlWFN.exe
  C:\Windows\System\rvWlWFN.exe
  2⤵
  PID:4692
- C:\Windows\System\eBDMQHh.exe
  C:\Windows\System\eBDMQHh.exe
  2⤵
  PID:4852
- C:\Windows\System\MTwDUAT.exe
  C:\Windows\System\MTwDUAT.exe
  2⤵
  PID:2828
- C:\Windows\System\ZOeheUu.exe
  C:\Windows\System\ZOeheUu.exe
  2⤵
  PID:1752
- C:\Windows\System\HCcwUQl.exe
  C:\Windows\System\HCcwUQl.exe
  2⤵
  PID:6156
- C:\Windows\System\OvgpVKv.exe
  C:\Windows\System\OvgpVKv.exe
  2⤵
  PID:6176
- C:\Windows\System\RZvQxoE.exe
  C:\Windows\System\RZvQxoE.exe
  2⤵
  PID:6196
- C:\Windows\System\jpUUTqh.exe
  C:\Windows\System\jpUUTqh.exe
  2⤵
  PID:6216
- C:\Windows\System\tQXitqE.exe
  C:\Windows\System\tQXitqE.exe
  2⤵
  PID:6236
- C:\Windows\System\KGDTcKT.exe
  C:\Windows\System\KGDTcKT.exe
  2⤵
  PID:6260
- C:\Windows\System\DnFZqeJ.exe
  C:\Windows\System\DnFZqeJ.exe
  2⤵
  PID:6280
- C:\Windows\System\kzhOEdN.exe
  C:\Windows\System\kzhOEdN.exe
  2⤵
  PID:6300
- C:\Windows\System\AbmtIud.exe
  C:\Windows\System\AbmtIud.exe
  2⤵
  PID:6320
- C:\Windows\System\AcpgmuF.exe
  C:\Windows\System\AcpgmuF.exe
  2⤵
  PID:6340
- C:\Windows\System\CDBCEWM.exe
  C:\Windows\System\CDBCEWM.exe
  2⤵
  PID:6360
- C:\Windows\System\eVFSpfw.exe
  C:\Windows\System\eVFSpfw.exe
  2⤵
  PID:6380
- C:\Windows\System\nNVmaqk.exe
  C:\Windows\System\nNVmaqk.exe
  2⤵
  PID:6400
- C:\Windows\System\TFabLXm.exe
  C:\Windows\System\TFabLXm.exe
  2⤵
  PID:6420
- C:\Windows\System\NsIxgkr.exe
  C:\Windows\System\NsIxgkr.exe
  2⤵
  PID:6440
- C:\Windows\System\RlxbCpR.exe
  C:\Windows\System\RlxbCpR.exe
  2⤵
  PID:6460
- C:\Windows\System\eLXIVmB.exe
  C:\Windows\System\eLXIVmB.exe
  2⤵
  PID:6480
- C:\Windows\System\kThOItB.exe
  C:\Windows\System\kThOItB.exe
  2⤵
  PID:6500
- C:\Windows\System\SVkOTOV.exe
  C:\Windows\System\SVkOTOV.exe
  2⤵
  PID:6520
- C:\Windows\System\XqOPdua.exe
  C:\Windows\System\XqOPdua.exe
  2⤵
  PID:6540
- C:\Windows\System\REfRbth.exe
  C:\Windows\System\REfRbth.exe
  2⤵
  PID:6560
- C:\Windows\System\hrIKQcK.exe
  C:\Windows\System\hrIKQcK.exe
  2⤵
  PID:6580
- C:\Windows\System\cIvTjqt.exe
  C:\Windows\System\cIvTjqt.exe
  2⤵
  PID:6600
- C:\Windows\System\VPekJEe.exe
  C:\Windows\System\VPekJEe.exe
  2⤵
  PID:6620
- C:\Windows\System\WTsZzPY.exe
  C:\Windows\System\WTsZzPY.exe
  2⤵
  PID:6640
- C:\Windows\System\xJxOyJd.exe
  C:\Windows\System\xJxOyJd.exe
  2⤵
  PID:6660
- C:\Windows\System\fkwHJGr.exe
  C:\Windows\System\fkwHJGr.exe
  2⤵
  PID:6680
- C:\Windows\System\OTPcLEq.exe
  C:\Windows\System\OTPcLEq.exe
  2⤵
  PID:6700
- C:\Windows\System\WBrfYew.exe
  C:\Windows\System\WBrfYew.exe
  2⤵
  PID:6720
- C:\Windows\System\EXThRTy.exe
  C:\Windows\System\EXThRTy.exe
  2⤵
  PID:6740
- C:\Windows\System\ZzDTOyH.exe
  C:\Windows\System\ZzDTOyH.exe
  2⤵
  PID:6760
- C:\Windows\System\GMxkQKf.exe
  C:\Windows\System\GMxkQKf.exe
  2⤵
  PID:6780
- C:\Windows\System\JHKWiLq.exe
  C:\Windows\System\JHKWiLq.exe
  2⤵
  PID:6800
- C:\Windows\System\XNDRReg.exe
  C:\Windows\System\XNDRReg.exe
  2⤵
  PID:6824
- C:\Windows\System\IgplBOr.exe
  C:\Windows\System\IgplBOr.exe
  2⤵
  PID:6844
- C:\Windows\System\FzRTwSk.exe
  C:\Windows\System\FzRTwSk.exe
  2⤵
  PID:6864
- C:\Windows\System\ZfkvOMK.exe
  C:\Windows\System\ZfkvOMK.exe
  2⤵
  PID:6884
- C:\Windows\System\jBxARBB.exe
  C:\Windows\System\jBxARBB.exe
  2⤵
  PID:6904
- C:\Windows\System\olcCPvg.exe
  C:\Windows\System\olcCPvg.exe
  2⤵
  PID:6924
- C:\Windows\System\TLXCYgm.exe
  C:\Windows\System\TLXCYgm.exe
  2⤵
  PID:6944
- C:\Windows\System\MISxGRS.exe
  C:\Windows\System\MISxGRS.exe
  2⤵
  PID:6964
- C:\Windows\System\PQijQDv.exe
  C:\Windows\System\PQijQDv.exe
  2⤵
  PID:6984
- C:\Windows\System\XTZiwZs.exe
  C:\Windows\System\XTZiwZs.exe
  2⤵
  PID:7004
- C:\Windows\System\lBQLAar.exe
  C:\Windows\System\lBQLAar.exe
  2⤵
  PID:7024
- C:\Windows\System\QjHJARg.exe
  C:\Windows\System\QjHJARg.exe
  2⤵
  PID:7044
- C:\Windows\System\QZKNyzw.exe
  C:\Windows\System\QZKNyzw.exe
  2⤵
  PID:7064
- C:\Windows\System\BbJcEVA.exe
  C:\Windows\System\BbJcEVA.exe
  2⤵
  PID:7084
- C:\Windows\System\WEKaXQV.exe
  C:\Windows\System\WEKaXQV.exe
  2⤵
  PID:7104
- C:\Windows\System\rGlRdAT.exe
  C:\Windows\System\rGlRdAT.exe
  2⤵
  PID:7124
- C:\Windows\System\QaqCRbF.exe
  C:\Windows\System\QaqCRbF.exe
  2⤵
  PID:7144
- C:\Windows\System\WLdbALs.exe
  C:\Windows\System\WLdbALs.exe
  2⤵
  PID:7164
- C:\Windows\System\GLkfRki.exe
  C:\Windows\System\GLkfRki.exe
  2⤵
  PID:4100
- C:\Windows\System\qqAdYrL.exe
  C:\Windows\System\qqAdYrL.exe
  2⤵
  PID:4224
- C:\Windows\System\IqZwBjr.exe
  C:\Windows\System\IqZwBjr.exe
  2⤵
  PID:5124
- C:\Windows\System\bhWnXwd.exe
  C:\Windows\System\bhWnXwd.exe
  2⤵
  PID:5228
- C:\Windows\System\GXoNBYX.exe
  C:\Windows\System\GXoNBYX.exe
  2⤵
  PID:5364
- C:\Windows\System\nkSkJQj.exe
  C:\Windows\System\nkSkJQj.exe
  2⤵
  PID:5384
- C:\Windows\System\ZElUeiv.exe
  C:\Windows\System\ZElUeiv.exe
  2⤵
  PID:5444
- C:\Windows\System\jBChKqO.exe
  C:\Windows\System\jBChKqO.exe
  2⤵
  PID:5564
- C:\Windows\System\NhKEMxd.exe
  C:\Windows\System\NhKEMxd.exe
  2⤵
  PID:5668
- C:\Windows\System\svCTJvc.exe
  C:\Windows\System\svCTJvc.exe
  2⤵
  PID:5684
- C:\Windows\System\QbjhmIF.exe
  C:\Windows\System\QbjhmIF.exe
  2⤵
  PID:5824
- C:\Windows\System\aRnFoLc.exe
  C:\Windows\System\aRnFoLc.exe
  2⤵
  PID:5944
- C:\Windows\System\tWjytCx.exe
  C:\Windows\System\tWjytCx.exe
  2⤵
  PID:6012
- C:\Windows\System\crzqnSf.exe
  C:\Windows\System\crzqnSf.exe
  2⤵
  PID:6028
- C:\Windows\System\PRQXRfj.exe
  C:\Windows\System\PRQXRfj.exe
  2⤵
  PID:4708
- C:\Windows\System\gdNiozW.exe
  C:\Windows\System\gdNiozW.exe
  2⤵
  PID:4916
- C:\Windows\System\ezqUFrT.exe
  C:\Windows\System\ezqUFrT.exe
  2⤵
  PID:5012
- C:\Windows\System\HbZRzEs.exe
  C:\Windows\System\HbZRzEs.exe
  2⤵
  PID:6148
- C:\Windows\System\QANAvVx.exe
  C:\Windows\System\QANAvVx.exe
  2⤵
  PID:6204
- C:\Windows\System\pVFxVuy.exe
  C:\Windows\System\pVFxVuy.exe
  2⤵
  PID:6244
- C:\Windows\System\BjYGaFK.exe
  C:\Windows\System\BjYGaFK.exe
  2⤵
  PID:6288
- C:\Windows\System\atklKvP.exe
  C:\Windows\System\atklKvP.exe
  2⤵
  PID:2756
- C:\Windows\System\QjtNAxG.exe
  C:\Windows\System\QjtNAxG.exe
  2⤵
  PID:6332
- C:\Windows\System\idLzPBv.exe
  C:\Windows\System\idLzPBv.exe
  2⤵
  PID:6352
- C:\Windows\System\aSzdOZS.exe
  C:\Windows\System\aSzdOZS.exe
  2⤵
  PID:1588
- C:\Windows\System\aNRgxvr.exe
  C:\Windows\System\aNRgxvr.exe
  2⤵
  PID:6412
- C:\Windows\System\pKQndiI.exe
  C:\Windows\System\pKQndiI.exe
  2⤵
  PID:6448
- C:\Windows\System\DMdhejl.exe
  C:\Windows\System\DMdhejl.exe
  2⤵
  PID:6472
- C:\Windows\System\fQNbcZU.exe
  C:\Windows\System\fQNbcZU.exe
  2⤵
  PID:6508
- C:\Windows\System\AUwXusH.exe
  C:\Windows\System\AUwXusH.exe
  2⤵
  PID:6532
- C:\Windows\System\PQPvOnp.exe
  C:\Windows\System\PQPvOnp.exe
  2⤵
  PID:6556
- C:\Windows\System\GLVCwVb.exe
  C:\Windows\System\GLVCwVb.exe
  2⤵
  PID:6616
- C:\Windows\System\xShNqcM.exe
  C:\Windows\System\xShNqcM.exe
  2⤵
  PID:6628
- C:\Windows\System\sWgbLJM.exe
  C:\Windows\System\sWgbLJM.exe
  2⤵
  PID:6632
- C:\Windows\System\MXtMROI.exe
  C:\Windows\System\MXtMROI.exe
  2⤵
  PID:6688
- C:\Windows\System\ERKyncG.exe
  C:\Windows\System\ERKyncG.exe
  2⤵
  PID:6716
- C:\Windows\System\jhXrZQi.exe
  C:\Windows\System\jhXrZQi.exe
  2⤵
  PID:6748
- C:\Windows\System\QcgpOWM.exe
  C:\Windows\System\QcgpOWM.exe
  2⤵
  PID:6772
- C:\Windows\System\MZJPfne.exe
  C:\Windows\System\MZJPfne.exe
  2⤵
  PID:6792
- C:\Windows\System\jFeXMtG.exe
  C:\Windows\System\jFeXMtG.exe
  2⤵
  PID:6860
- C:\Windows\System\HpLsCkC.exe
  C:\Windows\System\HpLsCkC.exe
  2⤵
  PID:6892
- C:\Windows\System\ejuYXTh.exe
  C:\Windows\System\ejuYXTh.exe
  2⤵
  PID:6920
- C:\Windows\System\cucDyWg.exe
  C:\Windows\System\cucDyWg.exe
  2⤵
  PID:6952
- C:\Windows\System\CsALeIy.exe
  C:\Windows\System\CsALeIy.exe
  2⤵
  PID:6976
- C:\Windows\System\nvOZuBw.exe
  C:\Windows\System\nvOZuBw.exe
  2⤵
  PID:7020
- C:\Windows\System\CnAwmCA.exe
  C:\Windows\System\CnAwmCA.exe
  2⤵
  PID:7060
- C:\Windows\System\hzuzbAZ.exe
  C:\Windows\System\hzuzbAZ.exe
  2⤵
  PID:7092
- C:\Windows\System\dRAYAPn.exe
  C:\Windows\System\dRAYAPn.exe
  2⤵
  PID:7120
- C:\Windows\System\HOYUWBI.exe
  C:\Windows\System\HOYUWBI.exe
  2⤵
  PID:7140
- C:\Windows\System\wqeSfDb.exe
  C:\Windows\System\wqeSfDb.exe
  2⤵
  PID:7156
- C:\Windows\System\pvGJiPE.exe
  C:\Windows\System\pvGJiPE.exe
  2⤵
  PID:4364
- C:\Windows\System\zjQGwRu.exe
  C:\Windows\System\zjQGwRu.exe
  2⤵
  PID:5280
- C:\Windows\System\cFwZHoi.exe
  C:\Windows\System\cFwZHoi.exe
  2⤵
  PID:5308
- C:\Windows\System\ofVmgYC.exe
  C:\Windows\System\ofVmgYC.exe
  2⤵
  PID:5488
- C:\Windows\System\DinbuVn.exe
  C:\Windows\System\DinbuVn.exe
  2⤵
  PID:5528
- C:\Windows\System\ktCSUgK.exe
  C:\Windows\System\ktCSUgK.exe
  2⤵
  PID:5704
- C:\Windows\System\pBJOOns.exe
  C:\Windows\System\pBJOOns.exe
  2⤵
  PID:5880
- C:\Windows\System\XWySPll.exe
  C:\Windows\System\XWySPll.exe
  2⤵
  PID:2988
- C:\Windows\System\wwwzjwA.exe
  C:\Windows\System\wwwzjwA.exe
  2⤵
  PID:3056
- C:\Windows\System\DVYCxHG.exe
  C:\Windows\System\DVYCxHG.exe
  2⤵
  PID:5804
- C:\Windows\System\hudzSpx.exe
  C:\Windows\System\hudzSpx.exe
  2⤵
  PID:6248
- C:\Windows\System\VOFsLxU.exe
  C:\Windows\System\VOFsLxU.exe
  2⤵
  PID:6356
- C:\Windows\System\cDAYmim.exe
  C:\Windows\System\cDAYmim.exe
  2⤵
  PID:6392
- C:\Windows\System\lZfcJgT.exe
  C:\Windows\System\lZfcJgT.exe
  2⤵
  PID:6416
- C:\Windows\System\ZlznVbe.exe
  C:\Windows\System\ZlznVbe.exe
  2⤵
  PID:6452
- C:\Windows\System\HQhjHTk.exe
  C:\Windows\System\HQhjHTk.exe
  2⤵
  PID:6492
- C:\Windows\System\zJZhTdJ.exe
  C:\Windows\System\zJZhTdJ.exe
  2⤵
  PID:6528
- C:\Windows\System\IutCCib.exe
  C:\Windows\System\IutCCib.exe
  2⤵
  PID:6612
- C:\Windows\System\EXKWZES.exe
  C:\Windows\System\EXKWZES.exe
  2⤵
  PID:2624
- C:\Windows\System\Tzjpjhh.exe
  C:\Windows\System\Tzjpjhh.exe
  2⤵
  PID:6668
- C:\Windows\System\zaqEoLP.exe
  C:\Windows\System\zaqEoLP.exe
  2⤵
  PID:6732
- C:\Windows\System\rFogiyp.exe
  C:\Windows\System\rFogiyp.exe
  2⤵
  PID:6796
- C:\Windows\System\WOJXkut.exe
  C:\Windows\System\WOJXkut.exe
  2⤵
  PID:6832
- C:\Windows\System\soSStfM.exe
  C:\Windows\System\soSStfM.exe
  2⤵
  PID:6872
- C:\Windows\System\fLlUtdY.exe
  C:\Windows\System\fLlUtdY.exe
  2⤵
  PID:6936
- C:\Windows\System\CTCgQAl.exe
  C:\Windows\System\CTCgQAl.exe
  2⤵
  PID:6956
- C:\Windows\System\YBUUNDK.exe
  C:\Windows\System\YBUUNDK.exe
  2⤵
  PID:7056
- C:\Windows\System\KpQjJFF.exe
  C:\Windows\System\KpQjJFF.exe
  2⤵
  PID:572
- C:\Windows\System\PEHamql.exe
  C:\Windows\System\PEHamql.exe
  2⤵
  PID:7096
- C:\Windows\System\fDhjNlP.exe
  C:\Windows\System\fDhjNlP.exe
  2⤵
  PID:7160
- C:\Windows\System\qYXfaZh.exe
  C:\Windows\System\qYXfaZh.exe
  2⤵
  PID:4452
- C:\Windows\System\LOiQBAm.exe
  C:\Windows\System\LOiQBAm.exe
  2⤵
  PID:5380
- C:\Windows\System\mRRZpgw.exe
  C:\Windows\System\mRRZpgw.exe
  2⤵
  PID:5784
- C:\Windows\System\CfFxcEh.exe
  C:\Windows\System\CfFxcEh.exe
  2⤵
  PID:5904
- C:\Windows\System\FPWvycp.exe
  C:\Windows\System\FPWvycp.exe
  2⤵
  PID:4832
- C:\Windows\System\QipYnMB.exe
  C:\Windows\System\QipYnMB.exe
  2⤵
  PID:4228
- C:\Windows\System\LvAMaOs.exe
  C:\Windows\System\LvAMaOs.exe
  2⤵
  PID:6184
- C:\Windows\System\jSPboDZ.exe
  C:\Windows\System\jSPboDZ.exe
  2⤵
  PID:1228
- C:\Windows\System\aKOcJaP.exe
  C:\Windows\System\aKOcJaP.exe
  2⤵
  PID:560
- C:\Windows\System\VFJwTFb.exe
  C:\Windows\System\VFJwTFb.exe
  2⤵
  PID:3760
- C:\Windows\System\wuTbGhK.exe
  C:\Windows\System\wuTbGhK.exe
  2⤵
  PID:2108
- C:\Windows\System\QNGGXRq.exe
  C:\Windows\System\QNGGXRq.exe
  2⤵
  PID:6208
- C:\Windows\System\IykYmfQ.exe
  C:\Windows\System\IykYmfQ.exe
  2⤵
  PID:1524
- C:\Windows\System\HrDdZxo.exe
  C:\Windows\System\HrDdZxo.exe
  2⤵
  PID:3032
- C:\Windows\System\oudqBEr.exe
  C:\Windows\System\oudqBEr.exe
  2⤵
  PID:6164
- C:\Windows\System\MOMhpsR.exe
  C:\Windows\System\MOMhpsR.exe
  2⤵
  PID:2496
- C:\Windows\System\TEcGKGi.exe
  C:\Windows\System\TEcGKGi.exe
  2⤵
  PID:2296
- C:\Windows\System\qDgOoOy.exe
  C:\Windows\System\qDgOoOy.exe
  2⤵
  PID:2076
- C:\Windows\System\EUkVcLp.exe
  C:\Windows\System\EUkVcLp.exe
  2⤵
  PID:1708
- C:\Windows\System\yCASdEI.exe
  C:\Windows\System\yCASdEI.exe
  2⤵
  PID:2224
- C:\Windows\System\gjDaRYT.exe
  C:\Windows\System\gjDaRYT.exe
  2⤵
  PID:2416
- C:\Windows\System\KcGsbhQ.exe
  C:\Windows\System\KcGsbhQ.exe
  2⤵
  PID:6468
- C:\Windows\System\CpcuBLd.exe
  C:\Windows\System\CpcuBLd.exe
  2⤵
  PID:1812
- C:\Windows\System\bsfqNAN.exe
  C:\Windows\System\bsfqNAN.exe
  2⤵
  PID:2060
- C:\Windows\System\IydbHlu.exe
  C:\Windows\System\IydbHlu.exe
  2⤵
  PID:6596
- C:\Windows\System\ViMCXvQ.exe
  C:\Windows\System\ViMCXvQ.exe
  2⤵
  PID:6652
- C:\Windows\System\treApNZ.exe
  C:\Windows\System\treApNZ.exe
  2⤵
  PID:6692
- C:\Windows\System\iAtFjgH.exe
  C:\Windows\System\iAtFjgH.exe
  2⤵
  PID:1928
- C:\Windows\System\gaKYYrx.exe
  C:\Windows\System\gaKYYrx.exe
  2⤵
  PID:832
- C:\Windows\System\UNbVVMS.exe
  C:\Windows\System\UNbVVMS.exe
  2⤵
  PID:7012
- C:\Windows\System\BWJfmco.exe
  C:\Windows\System\BWJfmco.exe
  2⤵
  PID:6996
- C:\Windows\System\uIQPpfu.exe
  C:\Windows\System\uIQPpfu.exe
  2⤵
  PID:7032
- C:\Windows\System\ZomRSBf.exe
  C:\Windows\System\ZomRSBf.exe
  2⤵
  PID:7072
- C:\Windows\System\lhfLbkt.exe
  C:\Windows\System\lhfLbkt.exe
  2⤵
  PID:5204
- C:\Windows\System\sPNIdKS.exe
  C:\Windows\System\sPNIdKS.exe
  2⤵
  PID:5628
- C:\Windows\System\BRzfRcO.exe
  C:\Windows\System\BRzfRcO.exe
  2⤵
  PID:6132
- C:\Windows\System\EYgUXJg.exe
  C:\Windows\System\EYgUXJg.exe
  2⤵
  PID:2064
- C:\Windows\System\dFOWIjC.exe
  C:\Windows\System\dFOWIjC.exe
  2⤵
  PID:2976
- C:\Windows\System\pLcEhRh.exe
  C:\Windows\System\pLcEhRh.exe
  2⤵
  PID:2112
- C:\Windows\System\NsMeDGo.exe
  C:\Windows\System\NsMeDGo.exe
  2⤵
  PID:2516
- C:\Windows\System\uAnojJZ.exe
  C:\Windows\System\uAnojJZ.exe
  2⤵
  PID:4248
- C:\Windows\System\sYLUqXt.exe
  C:\Windows\System\sYLUqXt.exe
  2⤵
  PID:2528
- C:\Windows\System\WVobDxL.exe
  C:\Windows\System\WVobDxL.exe
  2⤵
  PID:1100
- C:\Windows\System\bTrGcwJ.exe
  C:\Windows\System\bTrGcwJ.exe
  2⤵
  PID:600
- C:\Windows\System\LEZJXAK.exe
  C:\Windows\System\LEZJXAK.exe
  2⤵
  PID:6232
- C:\Windows\System\ccztQjJ.exe
  C:\Windows\System\ccztQjJ.exe
  2⤵
  PID:6432
- C:\Windows\System\eNeTPww.exe
  C:\Windows\System\eNeTPww.exe
  2⤵
  PID:6496
- C:\Windows\System\daOJsxj.exe
  C:\Windows\System\daOJsxj.exe
  2⤵
  PID:900
- C:\Windows\System\KIYJETZ.exe
  C:\Windows\System\KIYJETZ.exe
  2⤵
  PID:1576
- C:\Windows\System\StJvyJy.exe
  C:\Windows\System\StJvyJy.exe
  2⤵
  PID:6592
- C:\Windows\System\jVeOEiG.exe
  C:\Windows\System\jVeOEiG.exe
  2⤵
  PID:6768
- C:\Windows\System\zDLfKve.exe
  C:\Windows\System\zDLfKve.exe
  2⤵
  PID:7040
- C:\Windows\System\YXlrCeW.exe
  C:\Windows\System\YXlrCeW.exe
  2⤵
  PID:4392
- C:\Windows\System\AollQrL.exe
  C:\Windows\System\AollQrL.exe
  2⤵
  PID:2260
- C:\Windows\System\MYTuCOZ.exe
  C:\Windows\System\MYTuCOZ.exe
  2⤵
  PID:6192
- C:\Windows\System\vfLnFpQ.exe
  C:\Windows\System\vfLnFpQ.exe
  2⤵
  PID:2692
- C:\Windows\System\ftqizTl.exe
  C:\Windows\System\ftqizTl.exe
  2⤵
  PID:2984
- C:\Windows\System\uZKDmSe.exe
  C:\Windows\System\uZKDmSe.exe
  2⤵
  PID:2896
- C:\Windows\System\GeMjYGv.exe
  C:\Windows\System\GeMjYGv.exe
  2⤵
  PID:6576
- C:\Windows\System\ppgoCgt.exe
  C:\Windows\System\ppgoCgt.exe
  2⤵
  PID:1264
- C:\Windows\System\CsAAmdl.exe
  C:\Windows\System\CsAAmdl.exe
  2⤵
  PID:6008
- C:\Windows\System\MzaUNvP.exe
  C:\Windows\System\MzaUNvP.exe
  2⤵
  PID:2240
- C:\Windows\System\gqlrXfd.exe
  C:\Windows\System\gqlrXfd.exe
  2⤵
  PID:1888
- C:\Windows\System\rLmoyIs.exe
  C:\Windows\System\rLmoyIs.exe
  2⤵
  PID:6912
- C:\Windows\System\jzViqWu.exe
  C:\Windows\System\jzViqWu.exe
  2⤵
  PID:6436
- C:\Windows\System\KwvRFyJ.exe
  C:\Windows\System\KwvRFyJ.exe
  2⤵
  PID:3408
- C:\Windows\System\yQzYarK.exe
  C:\Windows\System\yQzYarK.exe
  2⤵
  PID:2500
- C:\Windows\System\NVgvMsd.exe
  C:\Windows\System\NVgvMsd.exe
  2⤵
  PID:6068
- C:\Windows\System\YHkBaMC.exe
  C:\Windows\System\YHkBaMC.exe
  2⤵
  PID:6388
- C:\Windows\System\XAOmWBG.exe
  C:\Windows\System\XAOmWBG.exe
  2⤵
  PID:6932
- C:\Windows\System\drHIVuk.exe
  C:\Windows\System\drHIVuk.exe
  2⤵
  PID:2128
- C:\Windows\System\NBhyhqP.exe
  C:\Windows\System\NBhyhqP.exe
  2⤵
  PID:4368
- C:\Windows\System\zwXNPUP.exe
  C:\Windows\System\zwXNPUP.exe
  2⤵
  PID:7180
- C:\Windows\System\iCVkfGa.exe
  C:\Windows\System\iCVkfGa.exe
  2⤵
  PID:7196
- C:\Windows\System\UsIRRgT.exe
  C:\Windows\System\UsIRRgT.exe
  2⤵
  PID:7212
- C:\Windows\System\YZKFaRY.exe
  C:\Windows\System\YZKFaRY.exe
  2⤵
  PID:7228
- C:\Windows\System\bUYvJDm.exe
  C:\Windows\System\bUYvJDm.exe
  2⤵
  PID:7244
- C:\Windows\System\OhMqHTg.exe
  C:\Windows\System\OhMqHTg.exe
  2⤵
  PID:7300
- C:\Windows\System\PvXhkOe.exe
  C:\Windows\System\PvXhkOe.exe
  2⤵
  PID:7332
- C:\Windows\System\mQVkTqK.exe
  C:\Windows\System\mQVkTqK.exe
  2⤵
  PID:7348
- C:\Windows\System\mwaqkbQ.exe
  C:\Windows\System\mwaqkbQ.exe
  2⤵
  PID:7364
- C:\Windows\System\ntgOFWc.exe
  C:\Windows\System\ntgOFWc.exe
  2⤵
  PID:7380
- C:\Windows\System\wbUdyNO.exe
  C:\Windows\System\wbUdyNO.exe
  2⤵
  PID:7404
- C:\Windows\System\jfmvutY.exe
  C:\Windows\System\jfmvutY.exe
  2⤵
  PID:7420
- C:\Windows\System\IJPCuZy.exe
  C:\Windows\System\IJPCuZy.exe
  2⤵
  PID:7436
- C:\Windows\System\BfZirBH.exe
  C:\Windows\System\BfZirBH.exe
  2⤵
  PID:7452
- C:\Windows\System\KMHKnFK.exe
  C:\Windows\System\KMHKnFK.exe
  2⤵
  PID:7468
- C:\Windows\System\EJJMBoc.exe
  C:\Windows\System\EJJMBoc.exe
  2⤵
  PID:7488
- C:\Windows\System\zwkhLua.exe
  C:\Windows\System\zwkhLua.exe
  2⤵
  PID:7504
- C:\Windows\System\DgJlskB.exe
  C:\Windows\System\DgJlskB.exe
  2⤵
  PID:7532
- C:\Windows\System\TXWALky.exe
  C:\Windows\System\TXWALky.exe
  2⤵
  PID:7556
- C:\Windows\System\UoZQpHB.exe
  C:\Windows\System\UoZQpHB.exe
  2⤵
  PID:7572
- C:\Windows\System\PSqUTSx.exe
  C:\Windows\System\PSqUTSx.exe
  2⤵
  PID:7608
- C:\Windows\System\mlAlTTM.exe
  C:\Windows\System\mlAlTTM.exe
  2⤵
  PID:7628
- C:\Windows\System\AxEcBOp.exe
  C:\Windows\System\AxEcBOp.exe
  2⤵
  PID:7644
- C:\Windows\System\ImuhoEx.exe
  C:\Windows\System\ImuhoEx.exe
  2⤵
  PID:7668
- C:\Windows\System\EwIFZle.exe
  C:\Windows\System\EwIFZle.exe
  2⤵
  PID:7716
- C:\Windows\System\xsTwNjR.exe
  C:\Windows\System\xsTwNjR.exe
  2⤵
  PID:7732
- C:\Windows\System\QlOHjNL.exe
  C:\Windows\System\QlOHjNL.exe
  2⤵
  PID:7748
- C:\Windows\System\lrSOPVb.exe
  C:\Windows\System\lrSOPVb.exe
  2⤵
  PID:7768
- C:\Windows\System\yukJrhb.exe
  C:\Windows\System\yukJrhb.exe
  2⤵
  PID:7788
- C:\Windows\System\KQVmvLp.exe
  C:\Windows\System\KQVmvLp.exe
  2⤵
  PID:7812
- C:\Windows\System\uxVrsUY.exe
  C:\Windows\System\uxVrsUY.exe
  2⤵
  PID:7828
- C:\Windows\System\nWBAhJq.exe
  C:\Windows\System\nWBAhJq.exe
  2⤵
  PID:7844
- C:\Windows\System\vpDlujd.exe
  C:\Windows\System\vpDlujd.exe
  2⤵
  PID:7860
- C:\Windows\System\tbtUqPy.exe
  C:\Windows\System\tbtUqPy.exe
  2⤵
  PID:7876
- C:\Windows\System\HoujhiC.exe
  C:\Windows\System\HoujhiC.exe
  2⤵
  PID:7892
- C:\Windows\System\SGRnHzy.exe
  C:\Windows\System\SGRnHzy.exe
  2⤵
  PID:7908
- C:\Windows\System\gLAsMih.exe
  C:\Windows\System\gLAsMih.exe
  2⤵
  PID:7932
- C:\Windows\System\ExzCLBt.exe
  C:\Windows\System\ExzCLBt.exe
  2⤵
  PID:7956
- C:\Windows\System\vevcpDg.exe
  C:\Windows\System\vevcpDg.exe
  2⤵
  PID:7972
- C:\Windows\System\dRQRqtC.exe
  C:\Windows\System\dRQRqtC.exe
  2⤵
  PID:8016
- C:\Windows\System\Hlmnyrh.exe
  C:\Windows\System\Hlmnyrh.exe
  2⤵
  PID:8032
- C:\Windows\System\sforFit.exe
  C:\Windows\System\sforFit.exe
  2⤵
  PID:8048
- C:\Windows\System\cfxWDIi.exe
  C:\Windows\System\cfxWDIi.exe
  2⤵
  PID:8064
- C:\Windows\System\JkxkCeD.exe
  C:\Windows\System\JkxkCeD.exe
  2⤵
  PID:8080
- C:\Windows\System\rrOGbbc.exe
  C:\Windows\System\rrOGbbc.exe
  2⤵
  PID:8096
- C:\Windows\System\uHxdjsE.exe
  C:\Windows\System\uHxdjsE.exe
  2⤵
  PID:8116
- C:\Windows\System\IeUEMXs.exe
  C:\Windows\System\IeUEMXs.exe
  2⤵
  PID:8136
- C:\Windows\System\ULAUihX.exe
  C:\Windows\System\ULAUihX.exe
  2⤵
  PID:8160
- C:\Windows\System\WjYIsEU.exe
  C:\Windows\System\WjYIsEU.exe
  2⤵
  PID:8176
- C:\Windows\System\vBBIWbm.exe
  C:\Windows\System\vBBIWbm.exe
  2⤵
  PID:7172
- C:\Windows\System\euBVdzS.exe
  C:\Windows\System\euBVdzS.exe
  2⤵
  PID:592
- C:\Windows\System\zkbtERO.exe
  C:\Windows\System\zkbtERO.exe
  2⤵
  PID:6648
- C:\Windows\System\uwkoLWd.exe
  C:\Windows\System\uwkoLWd.exe
  2⤵
  PID:904
- C:\Windows\System\vKKbYas.exe
  C:\Windows\System\vKKbYas.exe
  2⤵
  PID:7260
- C:\Windows\System\BRwkZaf.exe
  C:\Windows\System\BRwkZaf.exe
  2⤵
  PID:7272
- C:\Windows\System\jtkrofB.exe
  C:\Windows\System\jtkrofB.exe
  2⤵
  PID:7316
- C:\Windows\System\IUVDgoT.exe
  C:\Windows\System\IUVDgoT.exe
  2⤵
  PID:7268
- C:\Windows\System\HXMvcqe.exe
  C:\Windows\System\HXMvcqe.exe
  2⤵
  PID:7312
- C:\Windows\System\hNSqVOH.exe
  C:\Windows\System\hNSqVOH.exe
  2⤵
  PID:7356
- C:\Windows\System\bkvacPT.exe
  C:\Windows\System\bkvacPT.exe
  2⤵
  PID:7396
- C:\Windows\System\NPecirE.exe
  C:\Windows\System\NPecirE.exe
  2⤵
  PID:7416
- C:\Windows\System\PRGnMPH.exe
  C:\Windows\System\PRGnMPH.exe
  2⤵
  PID:7512
- C:\Windows\System\ZjiplHW.exe
  C:\Windows\System\ZjiplHW.exe
  2⤵
  PID:7460
- C:\Windows\System\zNMAggt.exe
  C:\Windows\System\zNMAggt.exe
  2⤵
  PID:7540
- C:\Windows\System\JkuuMyT.exe
  C:\Windows\System\JkuuMyT.exe
  2⤵
  PID:7496
- C:\Windows\System\ZLUurWK.exe
  C:\Windows\System\ZLUurWK.exe
  2⤵
  PID:7592
- C:\Windows\System\IEGLfHc.exe
  C:\Windows\System\IEGLfHc.exe
  2⤵
  PID:7616
- C:\Windows\System\eNKkFXL.exe
  C:\Windows\System\eNKkFXL.exe
  2⤵
  PID:7676
- C:\Windows\System\trrbgZO.exe
  C:\Windows\System\trrbgZO.exe
  2⤵
  PID:7664
- C:\Windows\System\Wlrmkxk.exe
  C:\Windows\System\Wlrmkxk.exe
  2⤵
  PID:7724
- C:\Windows\System\JRQeIXL.exe
  C:\Windows\System\JRQeIXL.exe
  2⤵
  PID:7740
- C:\Windows\System\YQDtZZO.exe
  C:\Windows\System\YQDtZZO.exe
  2⤵
  PID:7800
- C:\Windows\System\RnVNxtg.exe
  C:\Windows\System\RnVNxtg.exe
  2⤵
  PID:7820
- C:\Windows\System\SvPDnHp.exe
  C:\Windows\System\SvPDnHp.exe
  2⤵
  PID:7868
- C:\Windows\System\xlCYjjO.exe
  C:\Windows\System\xlCYjjO.exe
  2⤵
  PID:7884
- C:\Windows\System\mdwSVxZ.exe
  C:\Windows\System\mdwSVxZ.exe
  2⤵
  PID:7980
- C:\Windows\System\OXrkEIT.exe
  C:\Windows\System\OXrkEIT.exe
  2⤵
  PID:7988
- C:\Windows\System\FvSaiYK.exe
  C:\Windows\System\FvSaiYK.exe
  2⤵
  PID:8004
- C:\Windows\System\BElcxtM.exe
  C:\Windows\System\BElcxtM.exe
  2⤵
  PID:8076
- C:\Windows\System\xNwhQkD.exe
  C:\Windows\System\xNwhQkD.exe
  2⤵
  PID:8024
- C:\Windows\System\RtVupzZ.exe
  C:\Windows\System\RtVupzZ.exe
  2⤵
  PID:8092
- C:\Windows\System\jrOtZUg.exe
  C:\Windows\System\jrOtZUg.exe
  2⤵
  PID:8168
- C:\Windows\System\RIQczsL.exe
  C:\Windows\System\RIQczsL.exe
  2⤵
  PID:6808
- C:\Windows\System\VRlXfrR.exe
  C:\Windows\System\VRlXfrR.exe
  2⤵
  PID:7240
- C:\Windows\System\IxKJzEq.exe
  C:\Windows\System\IxKJzEq.exe
  2⤵
  PID:7112
- C:\Windows\System\RwrELyJ.exe
  C:\Windows\System\RwrELyJ.exe
  2⤵
  PID:7224
- C:\Windows\System\ebmWpSb.exe
  C:\Windows\System\ebmWpSb.exe
  2⤵
  PID:7288
- C:\Windows\System\HVRuCRE.exe
  C:\Windows\System\HVRuCRE.exe
  2⤵
  PID:7308
- C:\Windows\System\PihIWFR.exe
  C:\Windows\System\PihIWFR.exe
  2⤵
  PID:7344
- C:\Windows\System\snYWTgD.exe
  C:\Windows\System\snYWTgD.exe
  2⤵
  PID:7372
- C:\Windows\System\UlEVPsx.exe
  C:\Windows\System\UlEVPsx.exe
  2⤵
  PID:7292
- C:\Windows\System\saVlKFu.exe
  C:\Windows\System\saVlKFu.exe
  2⤵
  PID:7600
- C:\Windows\System\rMfLMfY.exe
  C:\Windows\System\rMfLMfY.exe
  2⤵
  PID:7448
- C:\Windows\System\sGBlUyU.exe
  C:\Windows\System\sGBlUyU.exe
  2⤵
  PID:7528
- C:\Windows\System\erpasIk.exe
  C:\Windows\System\erpasIk.exe
  2⤵
  PID:7588
- C:\Windows\System\ROfSxkP.exe
  C:\Windows\System\ROfSxkP.exe
  2⤵
  PID:7728
- C:\Windows\System\NAsZgSd.exe
  C:\Windows\System\NAsZgSd.exe
  2⤵
  PID:7776
- C:\Windows\System\DSSMayp.exe
  C:\Windows\System\DSSMayp.exe
  2⤵
  PID:7900
- C:\Windows\System\mVJPyLk.exe
  C:\Windows\System\mVJPyLk.exe
  2⤵
  PID:7836
- C:\Windows\System\EkTFiww.exe
  C:\Windows\System\EkTFiww.exe
  2⤵
  PID:7948
- C:\Windows\System\rZLEGxB.exe
  C:\Windows\System\rZLEGxB.exe
  2⤵
  PID:7984
- C:\Windows\System\kAcSdzR.exe
  C:\Windows\System\kAcSdzR.exe
  2⤵
  PID:8000
- C:\Windows\System\qUMtfpm.exe
  C:\Windows\System\qUMtfpm.exe
  2⤵
  PID:8112
- C:\Windows\System\utGYjeQ.exe
  C:\Windows\System\utGYjeQ.exe
  2⤵
  PID:8156
- C:\Windows\System\dRikufz.exe
  C:\Windows\System\dRikufz.exe
  2⤵
  PID:7660
- C:\Windows\System\QxcFuFb.exe
  C:\Windows\System\QxcFuFb.exe
  2⤵
  PID:3864
- C:\Windows\System\NMWACmz.exe
  C:\Windows\System\NMWACmz.exe
  2⤵
  PID:5848
- C:\Windows\System\iRTfzXV.exe
  C:\Windows\System\iRTfzXV.exe
  2⤵
  PID:7328
- C:\Windows\System\gcQjFRj.exe
  C:\Windows\System\gcQjFRj.exe
  2⤵
  PID:7604
- C:\Windows\System\MRrfxux.exe
  C:\Windows\System\MRrfxux.exe
  2⤵
  PID:7544
- C:\Windows\System\OUUcLmJ.exe
  C:\Windows\System\OUUcLmJ.exe
  2⤵
  PID:7580
- C:\Windows\System\CGGRmVl.exe
  C:\Windows\System\CGGRmVl.exe
  2⤵
  PID:7564
- C:\Windows\System\xqApvZP.exe
  C:\Windows\System\xqApvZP.exe
  2⤵
  PID:7640
- C:\Windows\System\nqIDAFz.exe
  C:\Windows\System\nqIDAFz.exe
  2⤵
  PID:8044
- C:\Windows\System\HRgOxZl.exe
  C:\Windows\System\HRgOxZl.exe
  2⤵
  PID:7780
- C:\Windows\System\LHMzGJd.exe
  C:\Windows\System\LHMzGJd.exe
  2⤵
  PID:8148
- C:\Windows\System\hPIeFdH.exe
  C:\Windows\System\hPIeFdH.exe
  2⤵
  PID:7264
- C:\Windows\System\GzISBFZ.exe
  C:\Windows\System\GzISBFZ.exe
  2⤵
  PID:7484
- C:\Windows\System\oIOjXPx.exe
  C:\Windows\System\oIOjXPx.exe
  2⤵
  PID:7236
- C:\Windows\System\UaxSGiq.exe
  C:\Windows\System\UaxSGiq.exe
  2⤵
  PID:7944
- C:\Windows\System\eLmEliU.exe
  C:\Windows\System\eLmEliU.exe
  2⤵
  PID:7808
- C:\Windows\System\gKQWpxl.exe
  C:\Windows\System\gKQWpxl.exe
  2⤵
  PID:7256
- C:\Windows\System\CEXgXhY.exe
  C:\Windows\System\CEXgXhY.exe
  2⤵
  PID:7500
- C:\Windows\System\zGhvZbz.exe
  C:\Windows\System\zGhvZbz.exe
  2⤵
  PID:7852
- C:\Windows\System\lUERUYo.exe
  C:\Windows\System\lUERUYo.exe
  2⤵
  PID:8056
- C:\Windows\System\nYjjdAM.exe
  C:\Windows\System\nYjjdAM.exe
  2⤵
  PID:7804
- C:\Windows\System\gnwPRDu.exe
  C:\Windows\System\gnwPRDu.exe
  2⤵
  PID:6428
- C:\Windows\System\eYJBRja.exe
  C:\Windows\System\eYJBRja.exe
  2⤵
  PID:7636
- C:\Windows\System\HGuRotP.exe
  C:\Windows\System\HGuRotP.exe
  2⤵
  PID:8152
- C:\Windows\System\XcbNoDL.exe
  C:\Windows\System\XcbNoDL.exe
  2⤵
  PID:7176
- C:\Windows\System\xySLrfs.exe
  C:\Windows\System\xySLrfs.exe
  2⤵
  PID:7680
- C:\Windows\System\zOSFBrY.exe
  C:\Windows\System\zOSFBrY.exe
  2⤵
  PID:7376
- C:\Windows\System\ORRYIWb.exe
  C:\Windows\System\ORRYIWb.exe
  2⤵
  PID:7996
- C:\Windows\System\abzSjbg.exe
  C:\Windows\System\abzSjbg.exe
  2⤵
  PID:7280
- C:\Windows\System\KHxQJJx.exe
  C:\Windows\System\KHxQJJx.exe
  2⤵
  PID:7840
- C:\Windows\System\LeyNtAj.exe
  C:\Windows\System\LeyNtAj.exe
  2⤵
  PID:7320
- C:\Windows\System\BTeHwbR.exe
  C:\Windows\System\BTeHwbR.exe
  2⤵
  PID:8212
- C:\Windows\System\omWBWbD.exe
  C:\Windows\System\omWBWbD.exe
  2⤵
  PID:8240
- C:\Windows\System\bJtGfJO.exe
  C:\Windows\System\bJtGfJO.exe
  2⤵
  PID:8256
- C:\Windows\System\gihpwUV.exe
  C:\Windows\System\gihpwUV.exe
  2⤵
  PID:8272
- C:\Windows\System\mlCrmxJ.exe
  C:\Windows\System\mlCrmxJ.exe
  2⤵
  PID:8288
- C:\Windows\System\FdZzTMk.exe
  C:\Windows\System\FdZzTMk.exe
  2⤵
  PID:8324
- C:\Windows\System\GRPWhfY.exe
  C:\Windows\System\GRPWhfY.exe
  2⤵
  PID:8340
- C:\Windows\System\nSxZBwx.exe
  C:\Windows\System\nSxZBwx.exe
  2⤵
  PID:8360
- C:\Windows\System\AfUzesc.exe
  C:\Windows\System\AfUzesc.exe
  2⤵
  PID:8380
- C:\Windows\System\SaPujiw.exe
  C:\Windows\System\SaPujiw.exe
  2⤵
  PID:8408
- C:\Windows\System\sIgieDT.exe
  C:\Windows\System\sIgieDT.exe
  2⤵
  PID:8424
- C:\Windows\System\RJMoCOW.exe
  C:\Windows\System\RJMoCOW.exe
  2⤵
  PID:8444
- C:\Windows\System\ddGDHUp.exe
  C:\Windows\System\ddGDHUp.exe
  2⤵
  PID:8464
- C:\Windows\System\ZQQaeFS.exe
  C:\Windows\System\ZQQaeFS.exe
  2⤵
  PID:8480
- C:\Windows\System\LOnKWsD.exe
  C:\Windows\System\LOnKWsD.exe
  2⤵
  PID:8496
- C:\Windows\System\iPaGrOi.exe
  C:\Windows\System\iPaGrOi.exe
  2⤵
  PID:8512
- C:\Windows\System\wmnSzBE.exe
  C:\Windows\System\wmnSzBE.exe
  2⤵
  PID:8528
- C:\Windows\System\yGUuiwn.exe
  C:\Windows\System\yGUuiwn.exe
  2⤵
  PID:8544
- C:\Windows\System\szUayTq.exe
  C:\Windows\System\szUayTq.exe
  2⤵
  PID:8564
- C:\Windows\System\qUnKZSi.exe
  C:\Windows\System\qUnKZSi.exe
  2⤵
  PID:8580
- C:\Windows\System\KuDaFvD.exe
  C:\Windows\System\KuDaFvD.exe
  2⤵
  PID:8608
- C:\Windows\System\vmbnkCm.exe
  C:\Windows\System\vmbnkCm.exe
  2⤵
  PID:8628
- C:\Windows\System\kSVXdDC.exe
  C:\Windows\System\kSVXdDC.exe
  2⤵
  PID:8668
- C:\Windows\System\tMWLcfk.exe
  C:\Windows\System\tMWLcfk.exe
  2⤵
  PID:8684
- C:\Windows\System\zNHAVkl.exe
  C:\Windows\System\zNHAVkl.exe
  2⤵
  PID:8700
- C:\Windows\System\FBTdfSB.exe
  C:\Windows\System\FBTdfSB.exe
  2⤵
  PID:8720
- C:\Windows\System\ZQtZaxe.exe
  C:\Windows\System\ZQtZaxe.exe
  2⤵
  PID:8740
- C:\Windows\System\gHIgeXM.exe
  C:\Windows\System\gHIgeXM.exe
  2⤵
  PID:8756
- C:\Windows\System\JMtNoTj.exe
  C:\Windows\System\JMtNoTj.exe
  2⤵
  PID:8776
- C:\Windows\System\BdvVaNh.exe
  C:\Windows\System\BdvVaNh.exe
  2⤵
  PID:8792
- C:\Windows\System\VutImlF.exe
  C:\Windows\System\VutImlF.exe
  2⤵
  PID:8812
- C:\Windows\System\kkzWvcq.exe
  C:\Windows\System\kkzWvcq.exe
  2⤵
  PID:8828
- C:\Windows\System\TScoJDS.exe
  C:\Windows\System\TScoJDS.exe
  2⤵
  PID:8872
- C:\Windows\System\TAmsbuJ.exe
  C:\Windows\System\TAmsbuJ.exe
  2⤵
  PID:8888
- C:\Windows\System\DfwiiNa.exe
  C:\Windows\System\DfwiiNa.exe
  2⤵
  PID:8904
- C:\Windows\System\FPwjsSh.exe
  C:\Windows\System\FPwjsSh.exe
  2⤵
  PID:8932
- C:\Windows\System\wURAQJU.exe
  C:\Windows\System\wURAQJU.exe
  2⤵
  PID:8948
- C:\Windows\System\SUeZKvV.exe
  C:\Windows\System\SUeZKvV.exe
  2⤵
  PID:8964
- C:\Windows\System\WakNXgQ.exe
  C:\Windows\System\WakNXgQ.exe
  2⤵
  PID:8984
- C:\Windows\System\QeKkRIf.exe
  C:\Windows\System\QeKkRIf.exe
  2⤵
  PID:9016
- C:\Windows\System\QgZxiuO.exe
  C:\Windows\System\QgZxiuO.exe
  2⤵
  PID:9032
- C:\Windows\System\FzPjeuO.exe
  C:\Windows\System\FzPjeuO.exe
  2⤵
  PID:9048
- C:\Windows\System\wCcCXub.exe
  C:\Windows\System\wCcCXub.exe
  2⤵
  PID:9064
- C:\Windows\System\exaSSSt.exe
  C:\Windows\System\exaSSSt.exe
  2⤵
  PID:9080
- C:\Windows\System\PvbIQOv.exe
  C:\Windows\System\PvbIQOv.exe
  2⤵
  PID:9108
- C:\Windows\System\CSXgJwi.exe
  C:\Windows\System\CSXgJwi.exe
  2⤵
  PID:9132
- C:\Windows\System\KfbfGKq.exe
  C:\Windows\System\KfbfGKq.exe
  2⤵
  PID:9152
- C:\Windows\System\KcPsedi.exe
  C:\Windows\System\KcPsedi.exe
  2⤵
  PID:9168
- C:\Windows\System\YMZzccs.exe
  C:\Windows\System\YMZzccs.exe
  2⤵
  PID:9188
- C:\Windows\System\OaoWGBJ.exe
  C:\Windows\System\OaoWGBJ.exe
  2⤵
  PID:9204
- C:\Windows\System\XyKtnAZ.exe
  C:\Windows\System\XyKtnAZ.exe
  2⤵
  PID:8204
- C:\Windows\System\uonUamA.exe
  C:\Windows\System\uonUamA.exe
  2⤵
  PID:8232
- C:\Windows\System\scIitTp.exe
  C:\Windows\System\scIitTp.exe
  2⤵
  PID:8268
- C:\Windows\System\AhSnsKk.exe
  C:\Windows\System\AhSnsKk.exe
  2⤵
  PID:8332
- C:\Windows\System\tPdOCNf.exe
  C:\Windows\System\tPdOCNf.exe
  2⤵
  PID:8356
- C:\Windows\System\JpHCdyW.exe
  C:\Windows\System\JpHCdyW.exe
  2⤵
  PID:8228
- C:\Windows\System\GGkMKTD.exe
  C:\Windows\System\GGkMKTD.exe
  2⤵
  PID:8420
- C:\Windows\System\cBFlFSq.exe
  C:\Windows\System\cBFlFSq.exe
  2⤵
  PID:8456
- C:\Windows\System\STLLSCo.exe
  C:\Windows\System\STLLSCo.exe
  2⤵
  PID:8472
- C:\Windows\System\fXdSpJn.exe
  C:\Windows\System\fXdSpJn.exe
  2⤵
  PID:8492
- C:\Windows\System\lYHZNca.exe
  C:\Windows\System\lYHZNca.exe
  2⤵
  PID:8476
- C:\Windows\System\sqkslpQ.exe
  C:\Windows\System\sqkslpQ.exe
  2⤵
  PID:8596
- C:\Windows\System\ehRbiGV.exe
  C:\Windows\System\ehRbiGV.exe
  2⤵
  PID:8624
- C:\Windows\System\TmIRkQD.exe
  C:\Windows\System\TmIRkQD.exe
  2⤵
  PID:8656
- C:\Windows\System\qOgBrhd.exe
  C:\Windows\System\qOgBrhd.exe
  2⤵
  PID:8680
- C:\Windows\System\QoJdFpm.exe
  C:\Windows\System\QoJdFpm.exe
  2⤵
  PID:8716
- C:\Windows\System\dPuIlYu.exe
  C:\Windows\System\dPuIlYu.exe
  2⤵
  PID:8800
- C:\Windows\System\dUGugoZ.exe
  C:\Windows\System\dUGugoZ.exe
  2⤵
  PID:8748
- C:\Windows\System\WwRGpdZ.exe
  C:\Windows\System\WwRGpdZ.exe
  2⤵
  PID:8840
- C:\Windows\System\ySxaLET.exe
  C:\Windows\System\ySxaLET.exe
  2⤵
  PID:8868
- C:\Windows\System\etVudQN.exe
  C:\Windows\System\etVudQN.exe
  2⤵
  PID:8400
- C:\Windows\System\yqMgZfq.exe
  C:\Windows\System\yqMgZfq.exe
  2⤵
  PID:8940
- C:\Windows\System\YwgyyCG.exe
  C:\Windows\System\YwgyyCG.exe
  2⤵
  PID:8960
- C:\Windows\System\sdjsmid.exe
  C:\Windows\System\sdjsmid.exe
  2⤵
  PID:9004
- C:\Windows\System\cWgskXL.exe
  C:\Windows\System\cWgskXL.exe
  2⤵
  PID:9028
- C:\Windows\System\HOYSybO.exe
  C:\Windows\System\HOYSybO.exe
  2⤵
  PID:9092
- C:\Windows\System\sZZeMiR.exe
  C:\Windows\System\sZZeMiR.exe
  2⤵
  PID:9120
- C:\Windows\System\BamfkQK.exe
  C:\Windows\System\BamfkQK.exe
  2⤵
  PID:9124
- C:\Windows\System\iBpWLRs.exe
  C:\Windows\System\iBpWLRs.exe
  2⤵
  PID:9184
- C:\Windows\System\CalqnPs.exe
  C:\Windows\System\CalqnPs.exe
  2⤵
  PID:9212
- C:\Windows\System\ssTvdFm.exe
  C:\Windows\System\ssTvdFm.exe
  2⤵
  PID:8264
- C:\Windows\System\exXXRJI.exe
  C:\Windows\System\exXXRJI.exe
  2⤵
  PID:8300
- C:\Windows\System\CoBvgDy.exe
  C:\Windows\System\CoBvgDy.exe
  2⤵
  PID:8352
- C:\Windows\System\SHNcFqp.exe
  C:\Windows\System\SHNcFqp.exe
  2⤵
  PID:8388
- C:\Windows\System\UZBiTZD.exe
  C:\Windows\System\UZBiTZD.exe
  2⤵
  PID:8440
- C:\Windows\System\WcvgWCk.exe
  C:\Windows\System\WcvgWCk.exe
  2⤵
  PID:8520
- C:\Windows\System\EIpgCUe.exe
  C:\Windows\System\EIpgCUe.exe
  2⤵
  PID:8552
- C:\Windows\System\QQDnGNt.exe
  C:\Windows\System\QQDnGNt.exe
  2⤵
  PID:8648
- C:\Windows\System\uhMeReY.exe
  C:\Windows\System\uhMeReY.exe
  2⤵
  PID:8712
- C:\Windows\System\RAHQVAD.exe
  C:\Windows\System\RAHQVAD.exe
  2⤵
  PID:8808
- C:\Windows\System\pmciMyM.exe
  C:\Windows\System\pmciMyM.exe
  2⤵
  PID:8784
- C:\Windows\System\DOZkbxS.exe
  C:\Windows\System\DOZkbxS.exe
  2⤵
  PID:8824
- C:\Windows\System\KHvEruv.exe
  C:\Windows\System\KHvEruv.exe
  2⤵
  PID:8884
- C:\Windows\System\Ssnfdjc.exe
  C:\Windows\System\Ssnfdjc.exe
  2⤵
  PID:8972
- C:\Windows\System\BMhzRiG.exe
  C:\Windows\System\BMhzRiG.exe
  2⤵
  PID:9012
- C:\Windows\System\GyRXphM.exe
  C:\Windows\System\GyRXphM.exe
  2⤵
  PID:9060
- C:\Windows\System\SCfjqbc.exe
  C:\Windows\System\SCfjqbc.exe
  2⤵
  PID:9164
- C:\Windows\System\ZmlUMtu.exe
  C:\Windows\System\ZmlUMtu.exe
  2⤵
  PID:8200
- C:\Windows\System\dQUHeba.exe
  C:\Windows\System\dQUHeba.exe
  2⤵
  PID:8284
- C:\Windows\System\HkZRWkC.exe
  C:\Windows\System\HkZRWkC.exe
  2⤵
  PID:8416
- C:\Windows\System\LNeyHgb.exe
  C:\Windows\System\LNeyHgb.exe
  2⤵
  PID:8588
- C:\Windows\System\qGfCZRx.exe
  C:\Windows\System\qGfCZRx.exe
  2⤵
  PID:8504
- C:\Windows\System\qBnnzno.exe
  C:\Windows\System\qBnnzno.exe
  2⤵
  PID:8676
- C:\Windows\System\jlfDigQ.exe
  C:\Windows\System\jlfDigQ.exe
  2⤵
  PID:8920
- C:\Windows\System\BspwTkk.exe
  C:\Windows\System\BspwTkk.exe
  2⤵
  PID:9176
- C:\Windows\System\WYZUxlS.exe
  C:\Windows\System\WYZUxlS.exe
  2⤵
  PID:9180
- C:\Windows\System\SBGVYMo.exe
  C:\Windows\System\SBGVYMo.exe
  2⤵
  PID:9144
- C:\Windows\System\csrjiST.exe
  C:\Windows\System\csrjiST.exe
  2⤵
  PID:8392
- C:\Windows\System\PnSIvNo.exe
  C:\Windows\System\PnSIvNo.exe
  2⤵
  PID:8560
- C:\Windows\System\vUwVoTi.exe
  C:\Windows\System\vUwVoTi.exe
  2⤵
  PID:8820
- C:\Windows\System\bukAuUU.exe
  C:\Windows\System\bukAuUU.exe
  2⤵
  PID:8736
- C:\Windows\System\sFyVVsN.exe
  C:\Windows\System\sFyVVsN.exe
  2⤵
  PID:8304
- C:\Windows\System\zfpymuw.exe
  C:\Windows\System\zfpymuw.exe
  2⤵
  PID:9116
- C:\Windows\System\glLzrsb.exe
  C:\Windows\System\glLzrsb.exe
  2⤵
  PID:8620
- C:\Windows\System\JJaYCXp.exe
  C:\Windows\System\JJaYCXp.exe
  2⤵
  PID:8692
- C:\Windows\System\wrZeRjv.exe
  C:\Windows\System\wrZeRjv.exe
  2⤵
  PID:8376
- C:\Windows\System\VBltwYk.exe
  C:\Windows\System\VBltwYk.exe
  2⤵
  PID:8992
- C:\Windows\System\dUWxecQ.exe
  C:\Windows\System\dUWxecQ.exe
  2⤵
  PID:9076
- C:\Windows\System\ZYXeclJ.exe
  C:\Windows\System\ZYXeclJ.exe
  2⤵
  PID:8752
- C:\Windows\System\qkDRYVj.exe
  C:\Windows\System\qkDRYVj.exe
  2⤵
  PID:9228
- C:\Windows\System\lEIWqBO.exe
  C:\Windows\System\lEIWqBO.exe
  2⤵
  PID:9256
- C:\Windows\System\cOrWPML.exe
  C:\Windows\System\cOrWPML.exe
  2⤵
  PID:9296
- C:\Windows\System\cZPysOc.exe
  C:\Windows\System\cZPysOc.exe
  2⤵
  PID:9316
- C:\Windows\System\VEwleOr.exe
  C:\Windows\System\VEwleOr.exe
  2⤵
  PID:9332
- C:\Windows\System\zDpVyBi.exe
  C:\Windows\System\zDpVyBi.exe
  2⤵
  PID:9356
- C:\Windows\System\dpDGFXj.exe
  C:\Windows\System\dpDGFXj.exe
  2⤵
  PID:9416
- C:\Windows\System\cbBwAlv.exe
  C:\Windows\System\cbBwAlv.exe
  2⤵
  PID:9432
- C:\Windows\System\sILMVPa.exe
  C:\Windows\System\sILMVPa.exe
  2⤵
  PID:9452
- C:\Windows\System\bLcRXTd.exe
  C:\Windows\System\bLcRXTd.exe
  2⤵
  PID:9468
- C:\Windows\System\DmLdVtY.exe
  C:\Windows\System\DmLdVtY.exe
  2⤵
  PID:9492
- C:\Windows\System\MeNxdSZ.exe
  C:\Windows\System\MeNxdSZ.exe
  2⤵
  PID:9520
- C:\Windows\System\cFXUsOg.exe
  C:\Windows\System\cFXUsOg.exe
  2⤵
  PID:9536
- C:\Windows\System\gTLfhLe.exe
  C:\Windows\System\gTLfhLe.exe
  2⤵
  PID:9560
- C:\Windows\System\IQeIagA.exe
  C:\Windows\System\IQeIagA.exe
  2⤵
  PID:9580
- C:\Windows\System\xNaeiKs.exe
  C:\Windows\System\xNaeiKs.exe
  2⤵
  PID:9596
- C:\Windows\System\tzkGPcs.exe
  C:\Windows\System\tzkGPcs.exe
  2⤵
  PID:9624
- C:\Windows\System\BfilIro.exe
  C:\Windows\System\BfilIro.exe
  2⤵
  PID:9640
- C:\Windows\System\AUrkloQ.exe
  C:\Windows\System\AUrkloQ.exe
  2⤵
  PID:9656
- C:\Windows\System\ciLlEui.exe
  C:\Windows\System\ciLlEui.exe
  2⤵
  PID:9676
- C:\Windows\System\IfmRidK.exe
  C:\Windows\System\IfmRidK.exe
  2⤵
  PID:9692
- C:\Windows\System\tdvCpKT.exe
  C:\Windows\System\tdvCpKT.exe
  2⤵
  PID:9708
- C:\Windows\System\SztMgTa.exe
  C:\Windows\System\SztMgTa.exe
  2⤵
  PID:9724
- C:\Windows\System\kVifhrn.exe
  C:\Windows\System\kVifhrn.exe
  2⤵
  PID:9740
- C:\Windows\System\HEhglxl.exe
  C:\Windows\System\HEhglxl.exe
  2⤵
  PID:9756
- C:\Windows\System\uloQjFM.exe
  C:\Windows\System\uloQjFM.exe
  2⤵
  PID:9772
- C:\Windows\System\AlrVFRm.exe
  C:\Windows\System\AlrVFRm.exe
  2⤵
  PID:9788
- C:\Windows\System\gWIqVGK.exe
  C:\Windows\System\gWIqVGK.exe
  2⤵
  PID:9812
- C:\Windows\System\VlDXCQc.exe
  C:\Windows\System\VlDXCQc.exe
  2⤵
  PID:9852
- C:\Windows\System\xQMzexF.exe
  C:\Windows\System\xQMzexF.exe
  2⤵
  PID:9868
- C:\Windows\System\eEAcAmG.exe
  C:\Windows\System\eEAcAmG.exe
  2⤵
  PID:9896
- C:\Windows\System\kmMbILg.exe
  C:\Windows\System\kmMbILg.exe
  2⤵
  PID:9920
- C:\Windows\System\dWSiutF.exe
  C:\Windows\System\dWSiutF.exe
  2⤵
  PID:9940
- C:\Windows\System\KiigvZn.exe
  C:\Windows\System\KiigvZn.exe
  2⤵
  PID:9960
- C:\Windows\System\QbzgbNj.exe
  C:\Windows\System\QbzgbNj.exe
  2⤵
  PID:9976
- C:\Windows\System\lJAPdIG.exe
  C:\Windows\System\lJAPdIG.exe
  2⤵
  PID:9996
- C:\Windows\System\BBOeIAF.exe
  C:\Windows\System\BBOeIAF.exe
  2⤵
  PID:10020
- C:\Windows\System\JWprzgk.exe
  C:\Windows\System\JWprzgk.exe
  2⤵
  PID:10036
- C:\Windows\System\FdhUThf.exe
  C:\Windows\System\FdhUThf.exe
  2⤵
  PID:10064
- C:\Windows\System\NCpAlqc.exe
  C:\Windows\System\NCpAlqc.exe
  2⤵
  PID:10084
- C:\Windows\System\BhNHhyV.exe
  C:\Windows\System\BhNHhyV.exe
  2⤵
  PID:10100
- C:\Windows\System\NcIFaXB.exe
  C:\Windows\System\NcIFaXB.exe
  2⤵
  PID:10116
- C:\Windows\System\mMTBeyc.exe
  C:\Windows\System\mMTBeyc.exe
  2⤵
  PID:10132
- C:\Windows\System\pLBXoFt.exe
  C:\Windows\System\pLBXoFt.exe
  2⤵
  PID:10152
- C:\Windows\System\gyJrlvi.exe
  C:\Windows\System\gyJrlvi.exe
  2⤵
  PID:10180
- C:\Windows\System\MCeCrVf.exe
  C:\Windows\System\MCeCrVf.exe
  2⤵
  PID:10200
- C:\Windows\System\qNetjPp.exe
  C:\Windows\System\qNetjPp.exe
  2⤵
  PID:10216
- C:\Windows\System\ILymoha.exe
  C:\Windows\System\ILymoha.exe
  2⤵
  PID:10236
- C:\Windows\System\XWrROhR.exe
  C:\Windows\System\XWrROhR.exe
  2⤵
  PID:8644
- C:\Windows\System\hdZmDxy.exe
  C:\Windows\System\hdZmDxy.exe
  2⤵
  PID:9264
- C:\Windows\System\ZVnyZKM.exe
  C:\Windows\System\ZVnyZKM.exe
  2⤵
  PID:8224
- C:\Windows\System\Byxbgai.exe
  C:\Windows\System\Byxbgai.exe
  2⤵
  PID:9340
- C:\Windows\System\snPhSIL.exe
  C:\Windows\System\snPhSIL.exe
  2⤵
  PID:9368
- C:\Windows\System\KTRpTuK.exe
  C:\Windows\System\KTRpTuK.exe
  2⤵
  PID:9288
- C:\Windows\System\wgOdyKm.exe
  C:\Windows\System\wgOdyKm.exe
  2⤵
  PID:9312
- C:\Windows\System\iRROODA.exe
  C:\Windows\System\iRROODA.exe
  2⤵
  PID:9440
- C:\Windows\System\XbrZCMx.exe
  C:\Windows\System\XbrZCMx.exe
  2⤵
  PID:9388
- C:\Windows\System\blQwXhU.exe
  C:\Windows\System\blQwXhU.exe
  2⤵
  PID:9484
- C:\Windows\System\EtCCeEi.exe
  C:\Windows\System\EtCCeEi.exe
  2⤵
  PID:9512
- C:\Windows\System\zLorMTJ.exe
  C:\Windows\System\zLorMTJ.exe
  2⤵
  PID:9528
- C:\Windows\System\AGeCcGQ.exe
  C:\Windows\System\AGeCcGQ.exe
  2⤵
  PID:9548
- C:\Windows\System\FmVBXDB.exe
  C:\Windows\System\FmVBXDB.exe
  2⤵
  PID:9572
- C:\Windows\System\TpEvreX.exe
  C:\Windows\System\TpEvreX.exe
  2⤵
  PID:9636
- C:\Windows\System\Qkokavy.exe
  C:\Windows\System\Qkokavy.exe
  2⤵
  PID:9688
- C:\Windows\System\yyRAqoz.exe
  C:\Windows\System\yyRAqoz.exe
  2⤵
  PID:9752
- C:\Windows\System\tdRPyEZ.exe
  C:\Windows\System\tdRPyEZ.exe
  2⤵
  PID:9780
- C:\Windows\System\urFJGcm.exe
  C:\Windows\System\urFJGcm.exe
  2⤵
  PID:9820
- C:\Windows\System\TmzQUZT.exe
  C:\Windows\System\TmzQUZT.exe
  2⤵
  PID:9836
- C:\Windows\System\utLtgcF.exe
  C:\Windows\System\utLtgcF.exe
  2⤵
  PID:9880
- C:\Windows\System\EurlQzB.exe
  C:\Windows\System\EurlQzB.exe
  2⤵
  PID:9892
- C:\Windows\System\wJsDEte.exe
  C:\Windows\System\wJsDEte.exe
  2⤵
  PID:9912
- C:\Windows\System\FFxluei.exe
  C:\Windows\System\FFxluei.exe
  2⤵
  PID:10004
- C:\Windows\System\VErBJSd.exe
  C:\Windows\System\VErBJSd.exe
  2⤵
  PID:9984
- C:\Windows\System\dGqNbSJ.exe
  C:\Windows\System\dGqNbSJ.exe
  2⤵
  PID:10028
- C:\Windows\System\xxZPFrn.exe
  C:\Windows\System\xxZPFrn.exe
  2⤵
  PID:10056
- C:\Windows\System\TJVwxFg.exe
  C:\Windows\System\TJVwxFg.exe
  2⤵
  PID:10048
- C:\Windows\System\qLjiFPg.exe
  C:\Windows\System\qLjiFPg.exe
  2⤵
  PID:10128
- C:\Windows\System\IlpBlaG.exe
  C:\Windows\System\IlpBlaG.exe
  2⤵
  PID:10112
- C:\Windows\System\SxOqLYi.exe
  C:\Windows\System\SxOqLYi.exe
  2⤵
  PID:8404
- C:\Windows\System\mODwPzl.exe
  C:\Windows\System\mODwPzl.exe
  2⤵
  PID:10196
- C:\Windows\System\hHKogwZ.exe
  C:\Windows\System\hHKogwZ.exe
  2⤵
  PID:9236
- C:\Windows\System\qAiDVtq.exe
  C:\Windows\System\qAiDVtq.exe
  2⤵
  PID:9240
- C:\Windows\System\bQzYksV.exe
  C:\Windows\System\bQzYksV.exe
  2⤵
  PID:9304
- C:\Windows\System\NsfMLaO.exe
  C:\Windows\System\NsfMLaO.exe
  2⤵
  PID:9424
- C:\Windows\System\vkhtjOR.exe
  C:\Windows\System\vkhtjOR.exe
  2⤵
  PID:9372
- C:\Windows\System\dlCoflS.exe
  C:\Windows\System\dlCoflS.exe
  2⤵
  PID:9544
- C:\Windows\System\oCzjqSS.exe
  C:\Windows\System\oCzjqSS.exe
  2⤵
  PID:9392
- C:\Windows\System\IwnKQgY.exe
  C:\Windows\System\IwnKQgY.exe
  2⤵
  PID:9444
- C:\Windows\System\gYPiZKH.exe
  C:\Windows\System\gYPiZKH.exe
  2⤵
  PID:9616
- C:\Windows\System\gfTTPVJ.exe
  C:\Windows\System\gfTTPVJ.exe
  2⤵
  PID:9620
- C:\Windows\System\CEdfiaT.exe
  C:\Windows\System\CEdfiaT.exe
  2⤵
  PID:9720
- C:\Windows\System\SvdNPKm.exe
  C:\Windows\System\SvdNPKm.exe
  2⤵
  PID:9748
- C:\Windows\System\fcATbwO.exe
  C:\Windows\System\fcATbwO.exe
  2⤵
  PID:9732
- C:\Windows\System\sfSuizQ.exe
  C:\Windows\System\sfSuizQ.exe
  2⤵
  PID:9704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BpZcFOU.exe

Filesize
6.0MB

MD5
7727a454038a1da3502f8dd4cb22906d

SHA1
d4762efa66109de6f02cdae682aaac646a2d0c04

SHA256
e1105c0cef9519f7b9c227b6376e0e8b7603e4c7f72413ba8e5e10d8f01bee77

SHA512
51a7c24118a588acc2fdc49e4802c4c8838141e4775fc54a20e7accb48d59c12715eea3a7531f4d568549859188d707a0fb14f6f45c28fdd02e4a36784661e79

Download Submit
C:\Windows\system\BqhLMHz.exe

Filesize
6.0MB

MD5
cb620e8b7edc197b79309721d4b0e2d7

SHA1
135dfd1381507bbee3ac4fee88a31be50fa7bdec

SHA256
40b5deb2f8a2b4e563f31b6d9da1d660a85f8cf6dba6e7d1517c0df05da9e269

SHA512
22f4e9e1a47e3688c0fec8a7216c408e70127b135541d8358464401db6d8e22b749d0177bce254fd2a3ba03fe561c423a1aecbebce8654b3579b1263fc6623b4

Download Submit
C:\Windows\system\GfZisxw.exe

Filesize
6.0MB

MD5
8199a74599dd1c72900857f73fe61b9d

SHA1
d2bb4ed0f93002b234ad5204b27feb4ec45ee514

SHA256
7ef47b6d0a604071761579e73ae212e5977b249b54f49821cf967241a89c4595

SHA512
672ad8838d103ac4ff0254600c14d54f73fd0ca1acf6957149732009fa8538548fccdfb2a0d7324da867ce97beeccc265e76d66968aa775b8ccedec31f748bfd

Download Submit
C:\Windows\system\JgqDatV.exe

Filesize
6.0MB

MD5
82b7746fc7245ba124de3e998e7597ac

SHA1
98abf67c3c927bf26a794d71496adb81eecfee68

SHA256
7d4d98156e044d90b3f051985107d0754b0f172518dbffec98fe0a8a06a17972

SHA512
77989e4f6c30433edf3a0a23c055b0f7936607727377336eefcf5bbc1f758d84957c01fdca2168a08410fda3165fb5d56668fbc35138ccacbf5970d542ae7120

Download Submit
C:\Windows\system\NmRuLVj.exe

Filesize
6.0MB

MD5
d14ed5327857ad7d0d2cfda5060d946b

SHA1
f8e130fafb0947ecafa1ba3ced28fc4c42d7f9cc

SHA256
abc0da882d0fc2e2b81185ccc8b9f5c99d30fdeae997838e048e309ace6fbd58

SHA512
b60693bd46487894ce23b0a6b2717a44b1ddfecadc15614b2e43dfa9db762bfa59960ef2ec5f248430f47e97e410d469b6373a3b9d977dd5edb53eaa6aa52e63

Download Submit
C:\Windows\system\OzGhNoh.exe

Filesize
6.0MB

MD5
9e12424297fe2c27efc03dd821b58d2f

SHA1
e7773622ac086f569509a7aff9548a14621eb0e2

SHA256
6579b393a1e96574cc929883b3ef2560740fca4cccda4ddf03a9089ee2c8a4ac

SHA512
8a8f56909947ea4c60746d35760ed23081d3486b386222d1b7da8f577902ae5b9a732ac6972baf78c3a0c948a92e81cb36c9f8138efdf2d4ef8022116a69cf8b

Download Submit
C:\Windows\system\RWnSlhe.exe

Filesize
6.0MB

MD5
06b00747120c986546ad9b14ffe7b650

SHA1
a6d6a9d6a06e9fff381d3becbeb5bb6b2d38e391

SHA256
d31e57700fd1e1019aab4f2fe7bcf73a12a5fbecc098dda047bb588ece191ff8

SHA512
8edacad83321946c2fd197387efaab66067ee9722cea4b1b1fa51c2ab81e08482f973d4dd0f68c93e8ca6ad6a11b8c91fcb49f49ff45f5c968b7724ef1ca56b9

Download Submit
C:\Windows\system\SnGuiiV.exe

Filesize
6.0MB

MD5
102346c786dd12da4a0a053ce2d97818

SHA1
f0a7c88f86ad8b72a6184dd48ec15a97a2eba8d9

SHA256
015759632828b2ccdfdf9f71cb1efe95d90ed1db0d45a61e9c4d55b6ea9583ff

SHA512
6a372aa8be6b6a7e8ce56947a73710ee6d1437c85da7b5d1ef8281d5e95133233cbbef222589b4a58476cad5472ccfc895bd8b7ba4422cb503003f2b3ae430ef

Download Submit
C:\Windows\system\TtFkxxA.exe

Filesize
6.0MB

MD5
67831988243304fc6ae49936a2fcbb0f

SHA1
e731cb18809fc975c7b6fa628e3de352aa654a86

SHA256
a5f70dfb0803b928b189526b65be6a8f573a7bef3014f8ffd299350574bf517c

SHA512
099ff1913d1b0c06d849aca2b63d9509fdafb7265bfca042fb1bb2dcf6f39b82496cd9005a7144459be09ce80834d3acefcd5650c744c2006e206285573ca9fe

Download Submit
C:\Windows\system\UmTjDwO.exe

Filesize
6.0MB

MD5
4fe2b594b3f3147d042324c9effb8f90

SHA1
e27c9f265c9e7e0685dacbddbbf4724a5b8e2aa8

SHA256
c2ec374501d65f915953b0b44559bb7e4aa46f2dcdc86e084e3c325375bdd402

SHA512
36a79f7a02214f4fdb80520bad5e60120ef7d713071dc8600902732bcac197209a1be2098ec5cbd46a9f906b88a1f77f07a099b6c1ec087cf6c315e6c974a773

Download Submit
C:\Windows\system\VOZnKVz.exe

Filesize
6.0MB

MD5
1d8c0bd6dc30fb03852f1d6eca84a357

SHA1
bfdc812931af72cf6260d0b3b5c07873bfc3becd

SHA256
4647b8f590a666d36c6e8589ff8bc4e7f3f26161f33cb9e34ad0e18837c24eaa

SHA512
5830fe8100dc7df23f42e41c40cb5d8e7e33472c07178a48b967c3025a600672efac5a18dfb66bb087eda8f05912c480a3fe9d5f67f67444c77ac012ac4a681f

Download Submit
C:\Windows\system\XULhsHk.exe

Filesize
6.0MB

MD5
2ecb568ae6ed1b98db0d129a5b5d575a

SHA1
e308df516bfdba1533ec362dc436df87893b6240

SHA256
ac7c57134b0f5f1ee853aac91c798d3cb0ee2bf74f8c91ad6f6a57e13effac12

SHA512
e5c6b422394854262f144273aad4cef586318af834c60960a5f021346751247107b2c57ec147111709d8d272122680a24d5186fed5d9cbb4b8dd346556d27ad5

Download Submit
C:\Windows\system\ctUKIoz.exe

Filesize
6.0MB

MD5
25a9975dde982f133b4fdc1fd35f811e

SHA1
9d703587b69df054fc7cc71589e3f22e9906b735

SHA256
b3c9d05539fd75563b1e326d4008c54c3882e176ae33dad9eaa950533492d2dd

SHA512
65ba02668e8b2c7c5b1266097722742f170d115306febea895beb2472db84d8b853e0ed048d4f3da27cbfb92c80c94987f393a6e4e149d928520fd5d12110577

Download Submit
C:\Windows\system\dAHawab.exe

Filesize
6.0MB

MD5
5ea48f069ce0702d3c6fda07e53de3ee

SHA1
f03a01e44babd50dfd15209964be29534e097108

SHA256
3166834649d2ec7aa4efaac2c4529fcac5dfe593e9cbe2d29e0f6b66ecbfd324

SHA512
45cd7887278cba1f0b790bd93b5699e43e0f0059ef28a209e54e198c745b76be862ac8f39503ac9c6ad87c38f2d5eaef16a42474743617b7fa76debe634b511a

Download Submit
C:\Windows\system\goKlUAY.exe

Filesize
6.0MB

MD5
b7edaaa0e03a137c394e525f9d07897a

SHA1
78b970229d93be2756a41c9a9708758b025d5cdd

SHA256
4508f5b010e922806721c24e282c50721b05794b08209d040b54dc4320e554a6

SHA512
a9ba99732cd4f387491f4701e7f9a893ddd07bc17fe25fc770ae1a44c7055ee1d45b474f49c7641653677e8e49f2bbb4e105f38b4d9a8d74df81220e81e2a682

Download Submit
C:\Windows\system\gumHrHv.exe

Filesize
6.0MB

MD5
6c6f61f2d01833297a87a51ab1fbccc7

SHA1
c3d22984af722346c8839cbc7804aed99f042825

SHA256
4574f0fa3cdc195327730bdd97ed7db4491a9ee22533ac82389abfdf2b456eaa

SHA512
625e4cf8e097b4b3956e941491b85f38d0ea4005914c144ad5347e7d5ae883061e6ec8e42801ea6b7b7674f15048880d4369cd3f99c774b2fc93f7b3f2011455

Download Submit
C:\Windows\system\hPwJThg.exe

Filesize
6.0MB

MD5
26e985fc9ccc1b82778e34642cbd7669

SHA1
bddf16edaf6bb8122557988b603dc83a8de79338

SHA256
50ea717b4407a16b640a46009f327def35ee1015c2bb8a7cc42f3c4b5c406cc2

SHA512
1b284c845ca3d9af41f7b7f69b07a33751adcfabea737b601584f990310b5181ff83c93f09b008d31ff4f60a1e3f17889f3a2bcc723ed058fceff43982007612

Download Submit
C:\Windows\system\hZxVdpv.exe

Filesize
6.0MB

MD5
5a5b32f5a3e9381d121c15cc9566a19c

SHA1
8216291e0dd51fc4f90fdea4fab152688db0c9ed

SHA256
80ea2e7c74da5010430cfa523af3090858951edf4d75e9b9a19ff0213401e628

SHA512
5c87e0bdc3807f014db506f56eca6a4c4cfd50b260e6f221f41b926e39752150776da1c832b682f7fa7be22a47871409550bfa4bdaf22534fc1c79f1289056a7

Download Submit
C:\Windows\system\jNlVsMF.exe

Filesize
6.0MB

MD5
5465853e6a35a34bc7987afabe82b3e0

SHA1
b3a4022129600469582001cf9e0f0c9aaf4d87c6

SHA256
97c0e3f68f616ee849907ec86adb638031326e4a332adfd552988d3b0d1eca8b

SHA512
6ec9c8d3c3b2cfc1bca8458e2cf9542162bcb8f6f8a8b44c5dab48acbcc487b2c0736b29d3850fdbba6e7bf5629fb03c1f03a283ec035aa023a2aaf5f8decdd4

Download Submit
C:\Windows\system\mQgNATx.exe

Filesize
6.0MB

MD5
8751b8ffd69cb178925e3620058801cd

SHA1
f20a8dcd74ac32c84cc4881e59d01e94b0a61717

SHA256
85f56df0f50300b42ddc54ca7f00bfda87b33f38ed6c17846000543bdc859a82

SHA512
d0b3a08c558a1973ee58f0342f1cd2efb383c483477b2d06b467318628c6eb67286947176085e69aab674a64e1b69096ca57798f7d45a82ce14b973e08096ada

Download Submit
C:\Windows\system\moePXgp.exe

Filesize
6.0MB

MD5
02cf7b5afc7901678955f8224050a10c

SHA1
5273b4d1200eb5caad2f0aa7ef402e848094f24b

SHA256
72b18749166b462a9de6556a06a5b31d645dbd0547bd10d759dcc3a25a848eb5

SHA512
005d91e7151067a53f8bb86b8e7c16e522b40c6bebe0b0599d404e301f54779bbb22ada5587f19f270e3855439f167d4bc7f4a73f7395b88fc36ae64821fd406

Download Submit
C:\Windows\system\qLbnmwK.exe

Filesize
6.0MB

MD5
2e49a43a441e2b716bf898b60ea28389

SHA1
62a716c7f3a5b292621598d1a2413d04b1445649

SHA256
d358bd0bf68f3b12ce0b36dc9f9abc46ecd7b035280cdb9156cf6c41c0635765

SHA512
27ee83c0e378ed8f2ff3710414a6ffad8a565aa6036dcdd90931bc4d605203b5243d66949103f6147271874be0f9160a0ce24a232ad0036afc0a8f7bea47e1eb

Download Submit
C:\Windows\system\rWqBTRZ.exe

Filesize
6.0MB

MD5
d2dfc9460afc060ebdb2fbd3a2f42981

SHA1
68748f6024ecec9174aec72f7108a53d7a821920

SHA256
c131058c3047b5e88ee8ca9a4af79dc7814f4a474ee8695921ee170215f03e88

SHA512
f723e4c35223beb85122a448eaca16dd936f857f82e196e2859c7d07e048ff41e464e0cd11e6a1f33ae36f04b6b79483e311c1edf9a8b9fbbb9ae1e9ff5c569f

Download Submit
C:\Windows\system\tmczFMT.exe

Filesize
6.0MB

MD5
643a669d183a632d302e2a3d971ba0f7

SHA1
bb61503f2b36dad2041b410872215685f0b33322

SHA256
4100f334f4ee9e22759c4d06a5458ef95843825cf7f9f79e1e83cde6ba4da17e

SHA512
2fad94696f240f994d57f3a16be37057c27a95bcb61d4056616355d9dd01e51a1d830c5f2eeb451a308df9ab4050061a45e2a5abb1bb269738f2289faef3db48

Download Submit
C:\Windows\system\utsxZqv.exe

Filesize
8B

MD5
9ad69e0ebe497209f718916a315af89d

SHA1
8edad88ba9b841ed6f9456db6ed10ee5d4807789

SHA256
eeb058204a1713fb5701ea5113c161f0177a2ba00fdd3396af7056389bbffbf5

SHA512
b87077f37324501f858ffc77dceae9955962b2d552a92a05324721131d5bd79c3853abc8cf60da7812533488623878f15dfed29ed377c1bf89e41ce5bc443b2f

Download Submit
C:\Windows\system\vhapZuP.exe

Filesize
6.0MB

MD5
efd40c9483eaa76e8bb88c0e3cd37948

SHA1
3ccea1dc36ec686c008691688fc83f52dedb4176

SHA256
72e87de41500aa13af951ce5b52230d8a960a6f61d7a0ff8e21fcbb859bbaf35

SHA512
4bbaff7de49f2bb94220a331ac34a954129bbe126fe2007e80e688866d0219cf3fd511291be811a21bd73e23a236724354b85b096e6a27bdd32e34643e4f3e00

Download Submit
C:\Windows\system\yEYFGUQ.exe

Filesize
6.0MB

MD5
1565359f7aece8695cf9b63ac63f36c8

SHA1
70f74c5ba86c219269564ef013368c2655bb22cc

SHA256
3f6a55d8be7fa512950feb76a93aed5d513006196210b60ad191b4b1e3e75f36

SHA512
953eb2754a65ecec08d1d620712122dbdc3f7db6f25bd67d879cf2fb84d7a99ede154c74a1786a55925c83d97aea483ecf152f7016bd52ece5debe2a03d7e690

Download Submit
C:\Windows\system\ysBETjX.exe

Filesize
6.0MB

MD5
35c87c1ea134f95028c26e37a8efad81

SHA1
482f744a7e34566c50bc45affc0b36b0ee3ace89

SHA256
3bcc011e69cdf9edc090621d6a836a7b221179693aed0eb74518077e6002c97e

SHA512
bcffd42f1724f3e2850fbc7a08c9adc613d94c9f91ad50ac16a423abfc28178143d8a43c60325c2454b4fd69d8e766df03d06c8a9acdc3978f1ea39bb19f2f53

Download Submit
C:\Windows\system\yyIzOzI.exe

Filesize
6.0MB

MD5
b2b88def269ddc3e9b5406a34663f271

SHA1
2a9dd971c152579255581f79ed8cce78d3bdeac9

SHA256
626e291de464edc1db23332ee7a5679ffd11342dbcd734bcd2ab6238872d05cd

SHA512
645b2d06878cf49ee226dd34ffa8d533a068d0de32a11b26b881f23695012b73d603f5664501094aed0144d226c1813a4524599f668ef7f6984193ba98da9f8c

Download Submit
\Windows\system\IYvnLnX.exe

Filesize
6.0MB

MD5
84220047adba1498001424f5b210b393

SHA1
213727207a3bd5229f0c2d826f491a6633bda633

SHA256
b7882d9f7d416101c6fea5350d216d598fc72de2d9a06fd7206ff26fb5dfa695

SHA512
1566e6ede48aaa03847ac4022a78f68080b193a07de3eadfb92850a868c9ba1823fd9801ba284966b54eb5840cde2ae72ffdfa65244c459a5b358c071e8fe42c

Download Submit
\Windows\system\dXJWCBw.exe

Filesize
6.0MB

MD5
4984c32b20d27ed54106a5ab348d2890

SHA1
50910237a363812ba8ef77c4a596c8f36bf13116

SHA256
93d98c49ef17e4bb5243599c79cf01619591b868d85dfa925cdf67f86b0063f2

SHA512
d66d9b90c24464851a2262b3540c5b9594db4de808bb2954dd52d2dc67347f19806e46bef7946b0b9c33d63726e2aa247025d9f14b156adf1cc11288d0c93d8a

Download Submit
\Windows\system\qwBafrn.exe

Filesize
6.0MB

MD5
4d4a98123c1390b44aabbc9419c64280

SHA1
883123160f5d696cb28a81ddf803d2c4c1b375ab

SHA256
775f984eded5e3d1bce2fb66f6d724cedc6bf91f88873fecc8da9cd9f3b150c5

SHA512
ffa34bd1cdee1b61e666277306dd2449a6304835aec4cc5f35209469ff0203b33b4822eb6eb6f776d884af06e002bb441227e059cf9e6dbd16f63db5b44ea00c

Download Submit
\Windows\system\xjvXWLV.exe

Filesize
6.0MB

MD5
ba2a9633a1886c7ffaf31ddda8307d55

SHA1
9d1c8dda1b0412d26e7ac13d44ce75a43bc3794d

SHA256
db7acfb9e569d4964f57af2755bd6979800e623916b90487d47edcd32a34bc34

SHA512
3793e6b7ddea4c4ff11c26de2c6a91652f9f253d6979aa7f05b3d32a546845d33c75a86284934b5e06fe839b2bcff5ed387c18f3c4f910a5e5c6fd7835300eb9

Download Submit
memory/604-740-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/604-108-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/604-2936-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1900-148-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2926-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1900-76-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2092-283-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2092-82-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2092-2927-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2476-2931-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2476-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2476-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2488-2925-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-68-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-107-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2928-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2572-90-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2572-438-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2918-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2680-81-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2680-43-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2910-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-98-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2932-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2712-60-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2908-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2784-51-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2784-14-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2804-113-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2804-31-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-94-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2804-71-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2804-95-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-6-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-63-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-12-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-104-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2804-55-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2804-112-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2804-0-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2804-47-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-23-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-35-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2804-348-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2804-86-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-39-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-19-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2804-103-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-524-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-694-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2804-818-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2909-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2820-21-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2820-59-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2907-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-42-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2914-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2944-36-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2944-75-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2992-603-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2929-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-99-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download