cobaltstrike | 4495f2d09f9df1b64518b7a7876605b4d50e01814ebf3e0af0200becf8c51715

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

78f54e17e69e8561e8d511b7da460126
SHA1

da980c491396f186de1de1ce2847a0bfa755e9a5
SHA256

4495f2d09f9df1b64518b7a7876605b4d50e01814ebf3e0af0200becf8c51715
SHA512

399b063b93d9529208b5600c99e968c375de8381551e1b7d2f4fa2e9b7492c4be59acbe14e5eb8069ba364afb1e9a3904123e90b3e004359f915f67f62fd1d21
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012270-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018683-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2520-0-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000b000000012270-6.dat	xmrig
behavioral1/files/0x00080000000174b4-11.dat	xmrig
behavioral1/files/0x0007000000017570-12.dat	xmrig
behavioral1/files/0x00070000000175f1-21.dat	xmrig
behavioral1/files/0x0011000000018683-30.dat	xmrig
behavioral1/files/0x0008000000018697-36.dat	xmrig
behavioral1/files/0x0006000000019261-40.dat	xmrig
behavioral1/files/0x0005000000019299-55.dat	xmrig
behavioral1/files/0x0005000000019354-65.dat	xmrig
behavioral1/files/0x00050000000194d5-125.dat	xmrig
behavioral1/files/0x00050000000194e1-130.dat	xmrig
behavioral1/files/0x0005000000019502-135.dat	xmrig
behavioral1/memory/2100-2207-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000500000001952b-160.dat	xmrig
behavioral1/files/0x0005000000019520-154.dat	xmrig
behavioral1/files/0x0005000000019518-150.dat	xmrig
behavioral1/files/0x0005000000019510-145.dat	xmrig
behavioral1/files/0x0005000000019508-140.dat	xmrig
behavioral1/files/0x00050000000194c3-120.dat	xmrig
behavioral1/files/0x00050000000194ad-115.dat	xmrig
behavioral1/files/0x0005000000019428-110.dat	xmrig
behavioral1/files/0x0005000000019426-105.dat	xmrig
behavioral1/files/0x00050000000193f9-100.dat	xmrig
behavioral1/files/0x00050000000193dc-95.dat	xmrig
behavioral1/files/0x00050000000193d0-90.dat	xmrig
behavioral1/files/0x00050000000193cc-85.dat	xmrig
behavioral1/files/0x000500000001939f-80.dat	xmrig
behavioral1/files/0x000500000001938e-75.dat	xmrig
behavioral1/files/0x0005000000019358-70.dat	xmrig
behavioral1/files/0x00050000000192a1-60.dat	xmrig
behavioral1/files/0x000500000001927a-50.dat	xmrig
behavioral1/files/0x0005000000019274-45.dat	xmrig
behavioral1/files/0x00070000000175f7-26.dat	xmrig
behavioral1/memory/2312-2318-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2520-2329-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2548-2475-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/280-2557-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2280-2563-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2836-2626-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2880-2638-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2720-2672-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/284-2681-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2520-2689-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2892-2687-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2620-2691-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2672-2801-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2592-2791-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2764-2751-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2520-3590-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2520-3848-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2620-4025-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2764-4028-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2720-4069-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/280-4061-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2592-4016-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/284-4008-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2672-4010-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2100-3996-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2880-4004-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2548-4003-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2280-4001-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2100	Ntogxqh.exe
2312	kZceSDZ.exe
2548	VfNTlAK.exe
280	SFcOpkZ.exe
2280	fXcBilu.exe
2836	zyQLwTm.exe
2880	MgKeSVN.exe
2720	BuGWmqx.exe
284	SshbiGe.exe
2892	suwVKPw.exe
2620	YQGMpuL.exe
2764	PwxecOg.exe
2592	otZcGJA.exe
2672	ZvLJndS.exe
2156	oQQltra.exe
1232	PehuNWH.exe
568	DYCcGFM.exe
1616	aZAgSJc.exe
2876	HYGiqrK.exe
2788	OEbUsqb.exe
768	BgZWHNF.exe
972	kSPRIZd.exe
1928	EYIvQaa.exe
2004	ywaELxo.exe
1716	emhrynV.exe
2980	lAkZDqe.exe
3000	EQWuvqi.exe
1672	FWIJhLk.exe
1432	neTabZs.exe
1740	EZyQkHT.exe
3044	uqcbhVe.exe
400	KwAXYON.exe
668	eTqjBvv.exe
272	tonucvB.exe
1812	OLBWhNV.exe
1776	mnIgDqC.exe
3040	EPKbBfN.exe
1560	mtjZKVT.exe
1540	kCwYFIX.exe
760	NnhGgGn.exe
2424	LyYpmQv.exe
2476	quDGZew.exe
2260	YXVJPBC.exe
2092	NJLdyic.exe
2976	cCWfbrO.exe
2364	pRJdkuc.exe
968	XgslnBm.exe
2112	TwEEGpe.exe
1748	vHAijkP.exe
2444	sznEfdn.exe
1500	EikHoxd.exe
2368	uddalIF.exe
2572	eWNfXGG.exe
1144	KHOSoNv.exe
2172	bskxYpy.exe
2780	AolGhVP.exe
3028	XUdDFFf.exe
2848	JcYzWzS.exe
2816	GQypyHm.exe
2888	jGHlhIF.exe
2864	JOikIbD.exe
2356	TOXUNDg.exe
1924	cTdOhsy.exe
2020	wZtRwOz.exe

Loads dropped DLL 64 IoCs

pid	Process
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000b000000012270-6.dat	upx
behavioral1/files/0x00080000000174b4-11.dat	upx
behavioral1/files/0x0007000000017570-12.dat	upx
behavioral1/files/0x00070000000175f1-21.dat	upx
behavioral1/files/0x0011000000018683-30.dat	upx
behavioral1/files/0x0008000000018697-36.dat	upx
behavioral1/files/0x0006000000019261-40.dat	upx
behavioral1/files/0x0005000000019299-55.dat	upx
behavioral1/files/0x0005000000019354-65.dat	upx
behavioral1/files/0x00050000000194d5-125.dat	upx
behavioral1/files/0x00050000000194e1-130.dat	upx
behavioral1/files/0x0005000000019502-135.dat	upx
behavioral1/memory/2100-2207-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000500000001952b-160.dat	upx
behavioral1/files/0x0005000000019520-154.dat	upx
behavioral1/files/0x0005000000019518-150.dat	upx
behavioral1/files/0x0005000000019510-145.dat	upx
behavioral1/files/0x0005000000019508-140.dat	upx
behavioral1/files/0x00050000000194c3-120.dat	upx
behavioral1/files/0x00050000000194ad-115.dat	upx
behavioral1/files/0x0005000000019428-110.dat	upx
behavioral1/files/0x0005000000019426-105.dat	upx
behavioral1/files/0x00050000000193f9-100.dat	upx
behavioral1/files/0x00050000000193dc-95.dat	upx
behavioral1/files/0x00050000000193d0-90.dat	upx
behavioral1/files/0x00050000000193cc-85.dat	upx
behavioral1/files/0x000500000001939f-80.dat	upx
behavioral1/files/0x000500000001938e-75.dat	upx
behavioral1/files/0x0005000000019358-70.dat	upx
behavioral1/files/0x00050000000192a1-60.dat	upx
behavioral1/files/0x000500000001927a-50.dat	upx
behavioral1/files/0x0005000000019274-45.dat	upx
behavioral1/files/0x00070000000175f7-26.dat	upx
behavioral1/memory/2312-2318-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2548-2475-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/280-2557-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2280-2563-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2836-2626-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2880-2638-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2720-2672-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/284-2681-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2892-2687-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2620-2691-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2672-2801-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2592-2791-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2764-2751-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2520-3590-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2620-4025-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2764-4028-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2720-4069-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/280-4061-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2592-4016-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/284-4008-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2672-4010-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2100-3996-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2880-4004-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2548-4003-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2280-4001-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dRShbSO.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyREWVu.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNKFsQa.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfeuGEv.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrpLaQO.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjAfyBy.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpNZEwZ.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMNKbrc.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkHhpCa.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WywHDLP.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfribum.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uowMNGN.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTDHzuT.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqCkXUB.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzIodiN.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnTWEul.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeIafcf.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlpjngR.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzGhfBM.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkzdZcL.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnUnVXS.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSkoaIz.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUmUOQv.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCDEoFf.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaeqKQq.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtqQNOl.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wymWUZh.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFZJIiU.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCCtwRm.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJHevBJ.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERjmZmU.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkeOaMR.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxRGilO.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbRJvQs.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGHlhIF.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHbXXtE.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceJeuOl.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqnAbFi.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbkmVMX.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvrNbNL.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jicxMEW.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuSbAoq.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYchbCL.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZnHmXT.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnblGbR.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCqzFJh.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkcNhQp.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahVwnBj.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfhzwWJ.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxqsHjq.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiFKWno.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNsdUcU.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVZaQve.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jffuhoL.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATMzUuI.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMnoWmu.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTdezRn.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQQltra.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNriZlK.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huOyhpT.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNlbxAB.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBbkxSQ.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAycxdx.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsFpyky.exe	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2100	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2100	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2100	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2520 wrote to memory of 2312	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2312	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2312	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2520 wrote to memory of 2548	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2548	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 2548	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2520 wrote to memory of 280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2520 wrote to memory of 2280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2280	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2520 wrote to memory of 2836	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2836	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2836	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2520 wrote to memory of 2880	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2880	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2880	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2520 wrote to memory of 2720	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2720	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 2720	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2520 wrote to memory of 284	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 284	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 284	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2520 wrote to memory of 2892	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2892	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2892	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2520 wrote to memory of 2620	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2620	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2620	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2520 wrote to memory of 2764	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2764	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2764	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2520 wrote to memory of 2592	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2592	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2592	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2520 wrote to memory of 2672	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2672	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2672	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2520 wrote to memory of 2156	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 2156	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 2156	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2520 wrote to memory of 1232	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 1232	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 1232	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2520 wrote to memory of 568	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 568	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 568	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2520 wrote to memory of 1616	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 1616	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 1616	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2520 wrote to memory of 2876	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 2876	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 2876	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2520 wrote to memory of 2788	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 2788	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 2788	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2520 wrote to memory of 768	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 768	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 768	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2520 wrote to memory of 972	2520	2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_78f54e17e69e8561e8d511b7da460126_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\System\Ntogxqh.exe
  C:\Windows\System\Ntogxqh.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\kZceSDZ.exe
  C:\Windows\System\kZceSDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\VfNTlAK.exe
  C:\Windows\System\VfNTlAK.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\SFcOpkZ.exe
  C:\Windows\System\SFcOpkZ.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\fXcBilu.exe
  C:\Windows\System\fXcBilu.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\zyQLwTm.exe
  C:\Windows\System\zyQLwTm.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MgKeSVN.exe
  C:\Windows\System\MgKeSVN.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\BuGWmqx.exe
  C:\Windows\System\BuGWmqx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\SshbiGe.exe
  C:\Windows\System\SshbiGe.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\suwVKPw.exe
  C:\Windows\System\suwVKPw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YQGMpuL.exe
  C:\Windows\System\YQGMpuL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\PwxecOg.exe
  C:\Windows\System\PwxecOg.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\otZcGJA.exe
  C:\Windows\System\otZcGJA.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ZvLJndS.exe
  C:\Windows\System\ZvLJndS.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\oQQltra.exe
  C:\Windows\System\oQQltra.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\PehuNWH.exe
  C:\Windows\System\PehuNWH.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\DYCcGFM.exe
  C:\Windows\System\DYCcGFM.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\aZAgSJc.exe
  C:\Windows\System\aZAgSJc.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\HYGiqrK.exe
  C:\Windows\System\HYGiqrK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OEbUsqb.exe
  C:\Windows\System\OEbUsqb.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BgZWHNF.exe
  C:\Windows\System\BgZWHNF.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\kSPRIZd.exe
  C:\Windows\System\kSPRIZd.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\EYIvQaa.exe
  C:\Windows\System\EYIvQaa.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ywaELxo.exe
  C:\Windows\System\ywaELxo.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\emhrynV.exe
  C:\Windows\System\emhrynV.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\lAkZDqe.exe
  C:\Windows\System\lAkZDqe.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\EQWuvqi.exe
  C:\Windows\System\EQWuvqi.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\FWIJhLk.exe
  C:\Windows\System\FWIJhLk.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\neTabZs.exe
  C:\Windows\System\neTabZs.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\EZyQkHT.exe
  C:\Windows\System\EZyQkHT.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\uqcbhVe.exe
  C:\Windows\System\uqcbhVe.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\KwAXYON.exe
  C:\Windows\System\KwAXYON.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\eTqjBvv.exe
  C:\Windows\System\eTqjBvv.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\tonucvB.exe
  C:\Windows\System\tonucvB.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\OLBWhNV.exe
  C:\Windows\System\OLBWhNV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\mnIgDqC.exe
  C:\Windows\System\mnIgDqC.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\EPKbBfN.exe
  C:\Windows\System\EPKbBfN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\mtjZKVT.exe
  C:\Windows\System\mtjZKVT.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\kCwYFIX.exe
  C:\Windows\System\kCwYFIX.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\NnhGgGn.exe
  C:\Windows\System\NnhGgGn.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\LyYpmQv.exe
  C:\Windows\System\LyYpmQv.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\quDGZew.exe
  C:\Windows\System\quDGZew.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\YXVJPBC.exe
  C:\Windows\System\YXVJPBC.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\NJLdyic.exe
  C:\Windows\System\NJLdyic.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\cCWfbrO.exe
  C:\Windows\System\cCWfbrO.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\pRJdkuc.exe
  C:\Windows\System\pRJdkuc.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\XgslnBm.exe
  C:\Windows\System\XgslnBm.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\TwEEGpe.exe
  C:\Windows\System\TwEEGpe.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\vHAijkP.exe
  C:\Windows\System\vHAijkP.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\EikHoxd.exe
  C:\Windows\System\EikHoxd.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\sznEfdn.exe
  C:\Windows\System\sznEfdn.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\uddalIF.exe
  C:\Windows\System\uddalIF.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\eWNfXGG.exe
  C:\Windows\System\eWNfXGG.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\KHOSoNv.exe
  C:\Windows\System\KHOSoNv.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\bskxYpy.exe
  C:\Windows\System\bskxYpy.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\AolGhVP.exe
  C:\Windows\System\AolGhVP.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\XUdDFFf.exe
  C:\Windows\System\XUdDFFf.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\JcYzWzS.exe
  C:\Windows\System\JcYzWzS.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GQypyHm.exe
  C:\Windows\System\GQypyHm.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\jGHlhIF.exe
  C:\Windows\System\jGHlhIF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\JOikIbD.exe
  C:\Windows\System\JOikIbD.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\TOXUNDg.exe
  C:\Windows\System\TOXUNDg.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\cTdOhsy.exe
  C:\Windows\System\cTdOhsy.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\VjRUCka.exe
  C:\Windows\System\VjRUCka.exe
  2⤵
  PID:2600
- C:\Windows\System\wZtRwOz.exe
  C:\Windows\System\wZtRwOz.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FBYQgAf.exe
  C:\Windows\System\FBYQgAf.exe
  2⤵
  PID:784
- C:\Windows\System\hJWgOrX.exe
  C:\Windows\System\hJWgOrX.exe
  2⤵
  PID:1488
- C:\Windows\System\Oteuyuh.exe
  C:\Windows\System\Oteuyuh.exe
  2⤵
  PID:2800
- C:\Windows\System\wggAgth.exe
  C:\Windows\System\wggAgth.exe
  2⤵
  PID:2124
- C:\Windows\System\hQHSpsi.exe
  C:\Windows\System\hQHSpsi.exe
  2⤵
  PID:2992
- C:\Windows\System\cCCtwRm.exe
  C:\Windows\System\cCCtwRm.exe
  2⤵
  PID:2404
- C:\Windows\System\oNriZlK.exe
  C:\Windows\System\oNriZlK.exe
  2⤵
  PID:448
- C:\Windows\System\mUCAcgA.exe
  C:\Windows\System\mUCAcgA.exe
  2⤵
  PID:2052
- C:\Windows\System\dQVfuKP.exe
  C:\Windows\System\dQVfuKP.exe
  2⤵
  PID:644
- C:\Windows\System\gPFMtXv.exe
  C:\Windows\System\gPFMtXv.exe
  2⤵
  PID:816
- C:\Windows\System\SfpCTgd.exe
  C:\Windows\System\SfpCTgd.exe
  2⤵
  PID:1808
- C:\Windows\System\pGOBWGz.exe
  C:\Windows\System\pGOBWGz.exe
  2⤵
  PID:1844
- C:\Windows\System\zINDvSN.exe
  C:\Windows\System\zINDvSN.exe
  2⤵
  PID:656
- C:\Windows\System\EpxScWd.exe
  C:\Windows\System\EpxScWd.exe
  2⤵
  PID:3052
- C:\Windows\System\NkmyVRZ.exe
  C:\Windows\System\NkmyVRZ.exe
  2⤵
  PID:2400
- C:\Windows\System\qdRGPsh.exe
  C:\Windows\System\qdRGPsh.exe
  2⤵
  PID:2524
- C:\Windows\System\sUfqSAi.exe
  C:\Windows\System\sUfqSAi.exe
  2⤵
  PID:2196
- C:\Windows\System\PjgIHpM.exe
  C:\Windows\System\PjgIHpM.exe
  2⤵
  PID:1944
- C:\Windows\System\huOyhpT.exe
  C:\Windows\System\huOyhpT.exe
  2⤵
  PID:296
- C:\Windows\System\DjAfyBy.exe
  C:\Windows\System\DjAfyBy.exe
  2⤵
  PID:2488
- C:\Windows\System\vtEVjNU.exe
  C:\Windows\System\vtEVjNU.exe
  2⤵
  PID:1608
- C:\Windows\System\nQjYFeO.exe
  C:\Windows\System\nQjYFeO.exe
  2⤵
  PID:2176
- C:\Windows\System\naKaRGl.exe
  C:\Windows\System\naKaRGl.exe
  2⤵
  PID:1644
- C:\Windows\System\MoZWbwL.exe
  C:\Windows\System\MoZWbwL.exe
  2⤵
  PID:1612
- C:\Windows\System\QFVvGsh.exe
  C:\Windows\System\QFVvGsh.exe
  2⤵
  PID:2824
- C:\Windows\System\rPlaeOm.exe
  C:\Windows\System\rPlaeOm.exe
  2⤵
  PID:2616
- C:\Windows\System\ebsKWFt.exe
  C:\Windows\System\ebsKWFt.exe
  2⤵
  PID:2732
- C:\Windows\System\GVwutgr.exe
  C:\Windows\System\GVwutgr.exe
  2⤵
  PID:2868
- C:\Windows\System\FkQDmkq.exe
  C:\Windows\System\FkQDmkq.exe
  2⤵
  PID:332
- C:\Windows\System\frndiaf.exe
  C:\Windows\System\frndiaf.exe
  2⤵
  PID:320
- C:\Windows\System\czDaFFl.exe
  C:\Windows\System\czDaFFl.exe
  2⤵
  PID:1424
- C:\Windows\System\xvmcxPR.exe
  C:\Windows\System\xvmcxPR.exe
  2⤵
  PID:2948
- C:\Windows\System\zcPJdJA.exe
  C:\Windows\System\zcPJdJA.exe
  2⤵
  PID:2984
- C:\Windows\System\jJmHcxA.exe
  C:\Windows\System\jJmHcxA.exe
  2⤵
  PID:1548
- C:\Windows\System\vyyHmYi.exe
  C:\Windows\System\vyyHmYi.exe
  2⤵
  PID:2268
- C:\Windows\System\AOEdbaa.exe
  C:\Windows\System\AOEdbaa.exe
  2⤵
  PID:1916
- C:\Windows\System\gfdjAVG.exe
  C:\Windows\System\gfdjAVG.exe
  2⤵
  PID:1772
- C:\Windows\System\LVcByyS.exe
  C:\Windows\System\LVcByyS.exe
  2⤵
  PID:1512
- C:\Windows\System\NCWyxGq.exe
  C:\Windows\System\NCWyxGq.exe
  2⤵
  PID:1576
- C:\Windows\System\VDSAIvL.exe
  C:\Windows\System\VDSAIvL.exe
  2⤵
  PID:348
- C:\Windows\System\iNlbxAB.exe
  C:\Windows\System\iNlbxAB.exe
  2⤵
  PID:2624
- C:\Windows\System\YXOIfdZ.exe
  C:\Windows\System\YXOIfdZ.exe
  2⤵
  PID:1260
- C:\Windows\System\aVwOIzH.exe
  C:\Windows\System\aVwOIzH.exe
  2⤵
  PID:840
- C:\Windows\System\DnvhpZD.exe
  C:\Windows\System\DnvhpZD.exe
  2⤵
  PID:492
- C:\Windows\System\tgXVTpB.exe
  C:\Windows\System\tgXVTpB.exe
  2⤵
  PID:2724
- C:\Windows\System\UXElYzE.exe
  C:\Windows\System\UXElYzE.exe
  2⤵
  PID:2484
- C:\Windows\System\ILjXqDv.exe
  C:\Windows\System\ILjXqDv.exe
  2⤵
  PID:1856
- C:\Windows\System\YMGLtfY.exe
  C:\Windows\System\YMGLtfY.exe
  2⤵
  PID:1668
- C:\Windows\System\EWLhzdf.exe
  C:\Windows\System\EWLhzdf.exe
  2⤵
  PID:2000
- C:\Windows\System\cGNzSoC.exe
  C:\Windows\System\cGNzSoC.exe
  2⤵
  PID:3092
- C:\Windows\System\iCKAwrh.exe
  C:\Windows\System\iCKAwrh.exe
  2⤵
  PID:3112
- C:\Windows\System\HnJfKGF.exe
  C:\Windows\System\HnJfKGF.exe
  2⤵
  PID:3132
- C:\Windows\System\NIihQVZ.exe
  C:\Windows\System\NIihQVZ.exe
  2⤵
  PID:3152
- C:\Windows\System\YZggXWp.exe
  C:\Windows\System\YZggXWp.exe
  2⤵
  PID:3172
- C:\Windows\System\aGppFXl.exe
  C:\Windows\System\aGppFXl.exe
  2⤵
  PID:3192
- C:\Windows\System\UvacRxz.exe
  C:\Windows\System\UvacRxz.exe
  2⤵
  PID:3212
- C:\Windows\System\vwKEhUk.exe
  C:\Windows\System\vwKEhUk.exe
  2⤵
  PID:3228
- C:\Windows\System\BMXDRal.exe
  C:\Windows\System\BMXDRal.exe
  2⤵
  PID:3244
- C:\Windows\System\nQrAKZM.exe
  C:\Windows\System\nQrAKZM.exe
  2⤵
  PID:3260
- C:\Windows\System\FFBMwTz.exe
  C:\Windows\System\FFBMwTz.exe
  2⤵
  PID:3276
- C:\Windows\System\KNBpfut.exe
  C:\Windows\System\KNBpfut.exe
  2⤵
  PID:3300
- C:\Windows\System\yvbAHKn.exe
  C:\Windows\System\yvbAHKn.exe
  2⤵
  PID:3324
- C:\Windows\System\zJKZUah.exe
  C:\Windows\System\zJKZUah.exe
  2⤵
  PID:3340
- C:\Windows\System\jogumyZ.exe
  C:\Windows\System\jogumyZ.exe
  2⤵
  PID:3356
- C:\Windows\System\xOwoDDH.exe
  C:\Windows\System\xOwoDDH.exe
  2⤵
  PID:3380
- C:\Windows\System\bLLiDgG.exe
  C:\Windows\System\bLLiDgG.exe
  2⤵
  PID:3400
- C:\Windows\System\LeSNHws.exe
  C:\Windows\System\LeSNHws.exe
  2⤵
  PID:3424
- C:\Windows\System\gpkcSbp.exe
  C:\Windows\System\gpkcSbp.exe
  2⤵
  PID:3456
- C:\Windows\System\XkAAoVV.exe
  C:\Windows\System\XkAAoVV.exe
  2⤵
  PID:3476
- C:\Windows\System\WTerUUu.exe
  C:\Windows\System\WTerUUu.exe
  2⤵
  PID:3492
- C:\Windows\System\tMcKUxl.exe
  C:\Windows\System\tMcKUxl.exe
  2⤵
  PID:3516
- C:\Windows\System\CXVJtVC.exe
  C:\Windows\System\CXVJtVC.exe
  2⤵
  PID:3532
- C:\Windows\System\UiFauAX.exe
  C:\Windows\System\UiFauAX.exe
  2⤵
  PID:3556
- C:\Windows\System\QxQEFSg.exe
  C:\Windows\System\QxQEFSg.exe
  2⤵
  PID:3576
- C:\Windows\System\dBrUNDy.exe
  C:\Windows\System\dBrUNDy.exe
  2⤵
  PID:3592
- C:\Windows\System\BODvmNE.exe
  C:\Windows\System\BODvmNE.exe
  2⤵
  PID:3612
- C:\Windows\System\JokUBHk.exe
  C:\Windows\System\JokUBHk.exe
  2⤵
  PID:3636
- C:\Windows\System\lrvKKhH.exe
  C:\Windows\System\lrvKKhH.exe
  2⤵
  PID:3652
- C:\Windows\System\NyjkuGc.exe
  C:\Windows\System\NyjkuGc.exe
  2⤵
  PID:3668
- C:\Windows\System\vsODuji.exe
  C:\Windows\System\vsODuji.exe
  2⤵
  PID:3688
- C:\Windows\System\OsqBPIV.exe
  C:\Windows\System\OsqBPIV.exe
  2⤵
  PID:3716
- C:\Windows\System\IqyTcmZ.exe
  C:\Windows\System\IqyTcmZ.exe
  2⤵
  PID:3736
- C:\Windows\System\sXSMBsz.exe
  C:\Windows\System\sXSMBsz.exe
  2⤵
  PID:3756
- C:\Windows\System\AGSaNwo.exe
  C:\Windows\System\AGSaNwo.exe
  2⤵
  PID:3776
- C:\Windows\System\ieXnEEm.exe
  C:\Windows\System\ieXnEEm.exe
  2⤵
  PID:3792
- C:\Windows\System\jiDsoJW.exe
  C:\Windows\System\jiDsoJW.exe
  2⤵
  PID:3812
- C:\Windows\System\CsOWWID.exe
  C:\Windows\System\CsOWWID.exe
  2⤵
  PID:3832
- C:\Windows\System\HYbILmF.exe
  C:\Windows\System\HYbILmF.exe
  2⤵
  PID:3852
- C:\Windows\System\avVSxQF.exe
  C:\Windows\System\avVSxQF.exe
  2⤵
  PID:3868
- C:\Windows\System\BZnHmXT.exe
  C:\Windows\System\BZnHmXT.exe
  2⤵
  PID:3884
- C:\Windows\System\QqZvDUi.exe
  C:\Windows\System\QqZvDUi.exe
  2⤵
  PID:3900
- C:\Windows\System\nZvjjsb.exe
  C:\Windows\System\nZvjjsb.exe
  2⤵
  PID:3936
- C:\Windows\System\mJHevBJ.exe
  C:\Windows\System\mJHevBJ.exe
  2⤵
  PID:3956
- C:\Windows\System\RqZmVUR.exe
  C:\Windows\System\RqZmVUR.exe
  2⤵
  PID:3976
- C:\Windows\System\mDaifra.exe
  C:\Windows\System\mDaifra.exe
  2⤵
  PID:3996
- C:\Windows\System\pQPgnbe.exe
  C:\Windows\System\pQPgnbe.exe
  2⤵
  PID:4016
- C:\Windows\System\MRDByZM.exe
  C:\Windows\System\MRDByZM.exe
  2⤵
  PID:4032
- C:\Windows\System\bDOWPHg.exe
  C:\Windows\System\bDOWPHg.exe
  2⤵
  PID:4056
- C:\Windows\System\wnASUeF.exe
  C:\Windows\System\wnASUeF.exe
  2⤵
  PID:4076
- C:\Windows\System\rlywVTd.exe
  C:\Windows\System\rlywVTd.exe
  2⤵
  PID:4092
- C:\Windows\System\LuEZpqK.exe
  C:\Windows\System\LuEZpqK.exe
  2⤵
  PID:2416
- C:\Windows\System\TPJcCPU.exe
  C:\Windows\System\TPJcCPU.exe
  2⤵
  PID:1240
- C:\Windows\System\ERurvkS.exe
  C:\Windows\System\ERurvkS.exe
  2⤵
  PID:1296
- C:\Windows\System\MPCWAvj.exe
  C:\Windows\System\MPCWAvj.exe
  2⤵
  PID:2296
- C:\Windows\System\ApTEGNU.exe
  C:\Windows\System\ApTEGNU.exe
  2⤵
  PID:1696
- C:\Windows\System\rcHPETh.exe
  C:\Windows\System\rcHPETh.exe
  2⤵
  PID:1764
- C:\Windows\System\EPiORAe.exe
  C:\Windows\System\EPiORAe.exe
  2⤵
  PID:3100
- C:\Windows\System\YUwzAxR.exe
  C:\Windows\System\YUwzAxR.exe
  2⤵
  PID:3148
- C:\Windows\System\jAMPNMF.exe
  C:\Windows\System\jAMPNMF.exe
  2⤵
  PID:2744
- C:\Windows\System\dRShbSO.exe
  C:\Windows\System\dRShbSO.exe
  2⤵
  PID:3180
- C:\Windows\System\MnGkMzo.exe
  C:\Windows\System\MnGkMzo.exe
  2⤵
  PID:3224
- C:\Windows\System\gWWoZjY.exe
  C:\Windows\System\gWWoZjY.exe
  2⤵
  PID:3088
- C:\Windows\System\KteJazz.exe
  C:\Windows\System\KteJazz.exe
  2⤵
  PID:3124
- C:\Windows\System\vpqjOSo.exe
  C:\Windows\System\vpqjOSo.exe
  2⤵
  PID:3200
- C:\Windows\System\SNimZip.exe
  C:\Windows\System\SNimZip.exe
  2⤵
  PID:3208
- C:\Windows\System\LEdUGwf.exe
  C:\Windows\System\LEdUGwf.exe
  2⤵
  PID:3240
- C:\Windows\System\ZoozrgD.exe
  C:\Windows\System\ZoozrgD.exe
  2⤵
  PID:3412
- C:\Windows\System\yEVBaUm.exe
  C:\Windows\System\yEVBaUm.exe
  2⤵
  PID:3352
- C:\Windows\System\mQNWpWw.exe
  C:\Windows\System\mQNWpWw.exe
  2⤵
  PID:3432
- C:\Windows\System\JQlcQQT.exe
  C:\Windows\System\JQlcQQT.exe
  2⤵
  PID:3448
- C:\Windows\System\JIcuRgE.exe
  C:\Windows\System\JIcuRgE.exe
  2⤵
  PID:3504
- C:\Windows\System\ClznhON.exe
  C:\Windows\System\ClznhON.exe
  2⤵
  PID:3488
- C:\Windows\System\OsduNSX.exe
  C:\Windows\System\OsduNSX.exe
  2⤵
  PID:3528
- C:\Windows\System\wFtuVpA.exe
  C:\Windows\System\wFtuVpA.exe
  2⤵
  PID:3620
- C:\Windows\System\lbVSzxO.exe
  C:\Windows\System\lbVSzxO.exe
  2⤵
  PID:3660
- C:\Windows\System\oBTcAMc.exe
  C:\Windows\System\oBTcAMc.exe
  2⤵
  PID:3604
- C:\Windows\System\kKmLuTV.exe
  C:\Windows\System\kKmLuTV.exe
  2⤵
  PID:3696
- C:\Windows\System\fcoduuy.exe
  C:\Windows\System\fcoduuy.exe
  2⤵
  PID:3744
- C:\Windows\System\zKcECQs.exe
  C:\Windows\System\zKcECQs.exe
  2⤵
  PID:3820
- C:\Windows\System\AJYQdbT.exe
  C:\Windows\System\AJYQdbT.exe
  2⤵
  PID:3764
- C:\Windows\System\YKcnyGz.exe
  C:\Windows\System\YKcnyGz.exe
  2⤵
  PID:3828
- C:\Windows\System\mCkhhvy.exe
  C:\Windows\System\mCkhhvy.exe
  2⤵
  PID:3892
- C:\Windows\System\SzKBiik.exe
  C:\Windows\System\SzKBiik.exe
  2⤵
  PID:3876
- C:\Windows\System\UWdAPcO.exe
  C:\Windows\System\UWdAPcO.exe
  2⤵
  PID:3924
- C:\Windows\System\dztocgW.exe
  C:\Windows\System\dztocgW.exe
  2⤵
  PID:3952
- C:\Windows\System\wAtIlfD.exe
  C:\Windows\System\wAtIlfD.exe
  2⤵
  PID:3972
- C:\Windows\System\GcNyDwV.exe
  C:\Windows\System\GcNyDwV.exe
  2⤵
  PID:4012
- C:\Windows\System\NIKOqcv.exe
  C:\Windows\System\NIKOqcv.exe
  2⤵
  PID:4040
- C:\Windows\System\VYyelib.exe
  C:\Windows\System\VYyelib.exe
  2⤵
  PID:288
- C:\Windows\System\wDnejCn.exe
  C:\Windows\System\wDnejCn.exe
  2⤵
  PID:2820
- C:\Windows\System\dhGcOgu.exe
  C:\Windows\System\dhGcOgu.exe
  2⤵
  PID:540
- C:\Windows\System\yowWnbt.exe
  C:\Windows\System\yowWnbt.exe
  2⤵
  PID:2472
- C:\Windows\System\UDrevtd.exe
  C:\Windows\System\UDrevtd.exe
  2⤵
  PID:1956
- C:\Windows\System\IxxnjLy.exe
  C:\Windows\System\IxxnjLy.exe
  2⤵
  PID:2348
- C:\Windows\System\KXFZEnK.exe
  C:\Windows\System\KXFZEnK.exe
  2⤵
  PID:3220
- C:\Windows\System\FdnHSND.exe
  C:\Windows\System\FdnHSND.exe
  2⤵
  PID:2216
- C:\Windows\System\tpdlQXX.exe
  C:\Windows\System\tpdlQXX.exe
  2⤵
  PID:3364
- C:\Windows\System\zdPZdll.exe
  C:\Windows\System\zdPZdll.exe
  2⤵
  PID:3168
- C:\Windows\System\qNsdUcU.exe
  C:\Windows\System\qNsdUcU.exe
  2⤵
  PID:3376
- C:\Windows\System\fihDRpK.exe
  C:\Windows\System\fihDRpK.exe
  2⤵
  PID:3396
- C:\Windows\System\kGCnpoz.exe
  C:\Windows\System\kGCnpoz.exe
  2⤵
  PID:3472
- C:\Windows\System\WnHGtUi.exe
  C:\Windows\System\WnHGtUi.exe
  2⤵
  PID:3444
- C:\Windows\System\LpMCmnr.exe
  C:\Windows\System\LpMCmnr.exe
  2⤵
  PID:3624
- C:\Windows\System\tUJhiny.exe
  C:\Windows\System\tUJhiny.exe
  2⤵
  PID:3572
- C:\Windows\System\GbjKqHj.exe
  C:\Windows\System\GbjKqHj.exe
  2⤵
  PID:3676
- C:\Windows\System\EJPtWna.exe
  C:\Windows\System\EJPtWna.exe
  2⤵
  PID:3600
- C:\Windows\System\DcXAiuT.exe
  C:\Windows\System\DcXAiuT.exe
  2⤵
  PID:3800
- C:\Windows\System\jfribum.exe
  C:\Windows\System\jfribum.exe
  2⤵
  PID:3860
- C:\Windows\System\ibkyqmO.exe
  C:\Windows\System\ibkyqmO.exe
  2⤵
  PID:3932
- C:\Windows\System\JcjPxoP.exe
  C:\Windows\System\JcjPxoP.exe
  2⤵
  PID:3920
- C:\Windows\System\saHaPUu.exe
  C:\Windows\System\saHaPUu.exe
  2⤵
  PID:3964
- C:\Windows\System\hlPBvzx.exe
  C:\Windows\System\hlPBvzx.exe
  2⤵
  PID:4044
- C:\Windows\System\lNNbFxP.exe
  C:\Windows\System\lNNbFxP.exe
  2⤵
  PID:864
- C:\Windows\System\ZQzwcft.exe
  C:\Windows\System\ZQzwcft.exe
  2⤵
  PID:1388
- C:\Windows\System\WzhxRrg.exe
  C:\Windows\System\WzhxRrg.exe
  2⤵
  PID:108
- C:\Windows\System\nndXkpJ.exe
  C:\Windows\System\nndXkpJ.exe
  2⤵
  PID:3184
- C:\Windows\System\dMHRVsT.exe
  C:\Windows\System\dMHRVsT.exe
  2⤵
  PID:3120
- C:\Windows\System\UpPTTuS.exe
  C:\Windows\System\UpPTTuS.exe
  2⤵
  PID:3268
- C:\Windows\System\JlpjngR.exe
  C:\Windows\System\JlpjngR.exe
  2⤵
  PID:3160
- C:\Windows\System\QdPvpgK.exe
  C:\Windows\System\QdPvpgK.exe
  2⤵
  PID:3552
- C:\Windows\System\SoGRJJE.exe
  C:\Windows\System\SoGRJJE.exe
  2⤵
  PID:3584
- C:\Windows\System\sYUHPfg.exe
  C:\Windows\System\sYUHPfg.exe
  2⤵
  PID:3704
- C:\Windows\System\wDeptPZ.exe
  C:\Windows\System\wDeptPZ.exe
  2⤵
  PID:3748
- C:\Windows\System\iUNARFE.exe
  C:\Windows\System\iUNARFE.exe
  2⤵
  PID:3804
- C:\Windows\System\jzApJpw.exe
  C:\Windows\System\jzApJpw.exe
  2⤵
  PID:3908
- C:\Windows\System\CKbIEGg.exe
  C:\Windows\System\CKbIEGg.exe
  2⤵
  PID:3916
- C:\Windows\System\klMNWGN.exe
  C:\Windows\System\klMNWGN.exe
  2⤵
  PID:4028
- C:\Windows\System\Jwcviun.exe
  C:\Windows\System\Jwcviun.exe
  2⤵
  PID:1080
- C:\Windows\System\mzTGhdN.exe
  C:\Windows\System\mzTGhdN.exe
  2⤵
  PID:3500
- C:\Windows\System\xVVqaYu.exe
  C:\Windows\System\xVVqaYu.exe
  2⤵
  PID:4112
- C:\Windows\System\yurZgMV.exe
  C:\Windows\System\yurZgMV.exe
  2⤵
  PID:4132
- C:\Windows\System\xFTSHpg.exe
  C:\Windows\System\xFTSHpg.exe
  2⤵
  PID:4148
- C:\Windows\System\aKkfiXl.exe
  C:\Windows\System\aKkfiXl.exe
  2⤵
  PID:4168
- C:\Windows\System\vzaHJcm.exe
  C:\Windows\System\vzaHJcm.exe
  2⤵
  PID:4188
- C:\Windows\System\cweRudx.exe
  C:\Windows\System\cweRudx.exe
  2⤵
  PID:4204
- C:\Windows\System\WCDbxxD.exe
  C:\Windows\System\WCDbxxD.exe
  2⤵
  PID:4224
- C:\Windows\System\DyAfHLJ.exe
  C:\Windows\System\DyAfHLJ.exe
  2⤵
  PID:4252
- C:\Windows\System\ihgZLMD.exe
  C:\Windows\System\ihgZLMD.exe
  2⤵
  PID:4268
- C:\Windows\System\JfuRGJx.exe
  C:\Windows\System\JfuRGJx.exe
  2⤵
  PID:4288
- C:\Windows\System\PFtYfWp.exe
  C:\Windows\System\PFtYfWp.exe
  2⤵
  PID:4308
- C:\Windows\System\PMmHBtn.exe
  C:\Windows\System\PMmHBtn.exe
  2⤵
  PID:4328
- C:\Windows\System\onKcwzj.exe
  C:\Windows\System\onKcwzj.exe
  2⤵
  PID:4348
- C:\Windows\System\UvryWQz.exe
  C:\Windows\System\UvryWQz.exe
  2⤵
  PID:4368
- C:\Windows\System\PXUAHsO.exe
  C:\Windows\System\PXUAHsO.exe
  2⤵
  PID:4388
- C:\Windows\System\iMvQYtB.exe
  C:\Windows\System\iMvQYtB.exe
  2⤵
  PID:4412
- C:\Windows\System\YPjXEqG.exe
  C:\Windows\System\YPjXEqG.exe
  2⤵
  PID:4432
- C:\Windows\System\yEqVbDf.exe
  C:\Windows\System\yEqVbDf.exe
  2⤵
  PID:4448
- C:\Windows\System\iCRwNfV.exe
  C:\Windows\System\iCRwNfV.exe
  2⤵
  PID:4464
- C:\Windows\System\YqBjNZd.exe
  C:\Windows\System\YqBjNZd.exe
  2⤵
  PID:4484
- C:\Windows\System\dHbXXtE.exe
  C:\Windows\System\dHbXXtE.exe
  2⤵
  PID:4504
- C:\Windows\System\eaIblyx.exe
  C:\Windows\System\eaIblyx.exe
  2⤵
  PID:4520
- C:\Windows\System\GvQxQvn.exe
  C:\Windows\System\GvQxQvn.exe
  2⤵
  PID:4540
- C:\Windows\System\yCjDMxz.exe
  C:\Windows\System\yCjDMxz.exe
  2⤵
  PID:4560
- C:\Windows\System\xAfuxFg.exe
  C:\Windows\System\xAfuxFg.exe
  2⤵
  PID:4592
- C:\Windows\System\JpILVlo.exe
  C:\Windows\System\JpILVlo.exe
  2⤵
  PID:4608
- C:\Windows\System\MDioKeb.exe
  C:\Windows\System\MDioKeb.exe
  2⤵
  PID:4628
- C:\Windows\System\uNLWpKD.exe
  C:\Windows\System\uNLWpKD.exe
  2⤵
  PID:4648
- C:\Windows\System\itZPAyi.exe
  C:\Windows\System\itZPAyi.exe
  2⤵
  PID:4664
- C:\Windows\System\wHbKikw.exe
  C:\Windows\System\wHbKikw.exe
  2⤵
  PID:4680
- C:\Windows\System\wwcctOL.exe
  C:\Windows\System\wwcctOL.exe
  2⤵
  PID:4700
- C:\Windows\System\CqIhZrD.exe
  C:\Windows\System\CqIhZrD.exe
  2⤵
  PID:4716
- C:\Windows\System\BUVmOkK.exe
  C:\Windows\System\BUVmOkK.exe
  2⤵
  PID:4740
- C:\Windows\System\rimyrcW.exe
  C:\Windows\System\rimyrcW.exe
  2⤵
  PID:4768
- C:\Windows\System\EkEVmxV.exe
  C:\Windows\System\EkEVmxV.exe
  2⤵
  PID:4792
- C:\Windows\System\MkNSAHZ.exe
  C:\Windows\System\MkNSAHZ.exe
  2⤵
  PID:4812
- C:\Windows\System\qzteSBX.exe
  C:\Windows\System\qzteSBX.exe
  2⤵
  PID:4832
- C:\Windows\System\ufMgXzH.exe
  C:\Windows\System\ufMgXzH.exe
  2⤵
  PID:4852
- C:\Windows\System\hvrNbNL.exe
  C:\Windows\System\hvrNbNL.exe
  2⤵
  PID:4872
- C:\Windows\System\BSwRPKT.exe
  C:\Windows\System\BSwRPKT.exe
  2⤵
  PID:4892
- C:\Windows\System\zEaJWsV.exe
  C:\Windows\System\zEaJWsV.exe
  2⤵
  PID:4912
- C:\Windows\System\FpNZEwZ.exe
  C:\Windows\System\FpNZEwZ.exe
  2⤵
  PID:4932
- C:\Windows\System\KfUOkcy.exe
  C:\Windows\System\KfUOkcy.exe
  2⤵
  PID:4952
- C:\Windows\System\InaFNQK.exe
  C:\Windows\System\InaFNQK.exe
  2⤵
  PID:4972
- C:\Windows\System\aCjRNUg.exe
  C:\Windows\System\aCjRNUg.exe
  2⤵
  PID:4992
- C:\Windows\System\SSahGMm.exe
  C:\Windows\System\SSahGMm.exe
  2⤵
  PID:5012
- C:\Windows\System\SXHqUGg.exe
  C:\Windows\System\SXHqUGg.exe
  2⤵
  PID:5032
- C:\Windows\System\vvnkwje.exe
  C:\Windows\System\vvnkwje.exe
  2⤵
  PID:5052
- C:\Windows\System\iLZQsws.exe
  C:\Windows\System\iLZQsws.exe
  2⤵
  PID:5072
- C:\Windows\System\qzwRPcz.exe
  C:\Windows\System\qzwRPcz.exe
  2⤵
  PID:5092
- C:\Windows\System\gFuthPC.exe
  C:\Windows\System\gFuthPC.exe
  2⤵
  PID:5112
- C:\Windows\System\xvTpYWK.exe
  C:\Windows\System\xvTpYWK.exe
  2⤵
  PID:2596
- C:\Windows\System\AFpIEqx.exe
  C:\Windows\System\AFpIEqx.exe
  2⤵
  PID:3708
- C:\Windows\System\ZNqDFRL.exe
  C:\Windows\System\ZNqDFRL.exe
  2⤵
  PID:3644
- C:\Windows\System\UyKdPup.exe
  C:\Windows\System\UyKdPup.exe
  2⤵
  PID:3732
- C:\Windows\System\ZSUEHWO.exe
  C:\Windows\System\ZSUEHWO.exe
  2⤵
  PID:1280
- C:\Windows\System\XVAgLkF.exe
  C:\Windows\System\XVAgLkF.exe
  2⤵
  PID:3256
- C:\Windows\System\ijJmUmB.exe
  C:\Windows\System\ijJmUmB.exe
  2⤵
  PID:4120
- C:\Windows\System\QaeqKQq.exe
  C:\Windows\System\QaeqKQq.exe
  2⤵
  PID:3164
- C:\Windows\System\wLNrgFJ.exe
  C:\Windows\System\wLNrgFJ.exe
  2⤵
  PID:4164
- C:\Windows\System\gpfrqGo.exe
  C:\Windows\System\gpfrqGo.exe
  2⤵
  PID:4236
- C:\Windows\System\vpKridw.exe
  C:\Windows\System\vpKridw.exe
  2⤵
  PID:4244
- C:\Windows\System\ynVdHYf.exe
  C:\Windows\System\ynVdHYf.exe
  2⤵
  PID:4180
- C:\Windows\System\sOZCgNE.exe
  C:\Windows\System\sOZCgNE.exe
  2⤵
  PID:4220
- C:\Windows\System\eeQZTte.exe
  C:\Windows\System\eeQZTte.exe
  2⤵
  PID:4324
- C:\Windows\System\jicxMEW.exe
  C:\Windows\System\jicxMEW.exe
  2⤵
  PID:4400
- C:\Windows\System\kswRafd.exe
  C:\Windows\System\kswRafd.exe
  2⤵
  PID:4440
- C:\Windows\System\vQDWzPo.exe
  C:\Windows\System\vQDWzPo.exe
  2⤵
  PID:4512
- C:\Windows\System\xpshyYZ.exe
  C:\Windows\System\xpshyYZ.exe
  2⤵
  PID:4376
- C:\Windows\System\zEHtDtv.exe
  C:\Windows\System\zEHtDtv.exe
  2⤵
  PID:4548
- C:\Windows\System\xfWJjyP.exe
  C:\Windows\System\xfWJjyP.exe
  2⤵
  PID:4496
- C:\Windows\System\QGNLoQP.exe
  C:\Windows\System\QGNLoQP.exe
  2⤵
  PID:4456
- C:\Windows\System\OgThJKw.exe
  C:\Windows\System\OgThJKw.exe
  2⤵
  PID:4600
- C:\Windows\System\BGREfMZ.exe
  C:\Windows\System\BGREfMZ.exe
  2⤵
  PID:4644
- C:\Windows\System\GUYfqwJ.exe
  C:\Windows\System\GUYfqwJ.exe
  2⤵
  PID:4676
- C:\Windows\System\hOOHxuD.exe
  C:\Windows\System\hOOHxuD.exe
  2⤵
  PID:4696
- C:\Windows\System\VgOiCET.exe
  C:\Windows\System\VgOiCET.exe
  2⤵
  PID:4616
- C:\Windows\System\ggGBPBk.exe
  C:\Windows\System\ggGBPBk.exe
  2⤵
  PID:4736
- C:\Windows\System\tFTayEq.exe
  C:\Windows\System\tFTayEq.exe
  2⤵
  PID:4800
- C:\Windows\System\AgxYMvg.exe
  C:\Windows\System\AgxYMvg.exe
  2⤵
  PID:4808
- C:\Windows\System\vYurMWX.exe
  C:\Windows\System\vYurMWX.exe
  2⤵
  PID:4848
- C:\Windows\System\KezFbAR.exe
  C:\Windows\System\KezFbAR.exe
  2⤵
  PID:4860
- C:\Windows\System\pBPMhXU.exe
  C:\Windows\System\pBPMhXU.exe
  2⤵
  PID:4928
- C:\Windows\System\NBdfLZh.exe
  C:\Windows\System\NBdfLZh.exe
  2⤵
  PID:4940
- C:\Windows\System\EcGBozx.exe
  C:\Windows\System\EcGBozx.exe
  2⤵
  PID:4980
- C:\Windows\System\Vwvisyu.exe
  C:\Windows\System\Vwvisyu.exe
  2⤵
  PID:5004
- C:\Windows\System\RqpJfZV.exe
  C:\Windows\System\RqpJfZV.exe
  2⤵
  PID:5044
- C:\Windows\System\PtFPxUb.exe
  C:\Windows\System\PtFPxUb.exe
  2⤵
  PID:5064
- C:\Windows\System\RZfovXu.exe
  C:\Windows\System\RZfovXu.exe
  2⤵
  PID:3284
- C:\Windows\System\RCpOfvp.exe
  C:\Windows\System\RCpOfvp.exe
  2⤵
  PID:3468
- C:\Windows\System\rwySAhM.exe
  C:\Windows\System\rwySAhM.exe
  2⤵
  PID:3440
- C:\Windows\System\nvzXUtD.exe
  C:\Windows\System\nvzXUtD.exe
  2⤵
  PID:3840
- C:\Windows\System\QSfdTWR.exe
  C:\Windows\System\QSfdTWR.exe
  2⤵
  PID:3336
- C:\Windows\System\hzNAprs.exe
  C:\Windows\System\hzNAprs.exe
  2⤵
  PID:580
- C:\Windows\System\ajFTcJU.exe
  C:\Windows\System\ajFTcJU.exe
  2⤵
  PID:4232
- C:\Windows\System\DUmwJya.exe
  C:\Windows\System\DUmwJya.exe
  2⤵
  PID:4280
- C:\Windows\System\tLCYrRK.exe
  C:\Windows\System\tLCYrRK.exe
  2⤵
  PID:4260
- C:\Windows\System\FRuCwsP.exe
  C:\Windows\System\FRuCwsP.exe
  2⤵
  PID:4360
- C:\Windows\System\NNGqhUs.exe
  C:\Windows\System\NNGqhUs.exe
  2⤵
  PID:4480
- C:\Windows\System\XWzpDwR.exe
  C:\Windows\System\XWzpDwR.exe
  2⤵
  PID:4344
- C:\Windows\System\DxrSpXc.exe
  C:\Windows\System\DxrSpXc.exe
  2⤵
  PID:4424
- C:\Windows\System\YZvLEKl.exe
  C:\Windows\System\YZvLEKl.exe
  2⤵
  PID:4492
- C:\Windows\System\uGtVYhK.exe
  C:\Windows\System\uGtVYhK.exe
  2⤵
  PID:4584
- C:\Windows\System\QTlTnSy.exe
  C:\Windows\System\QTlTnSy.exe
  2⤵
  PID:4624
- C:\Windows\System\EYEWTDv.exe
  C:\Windows\System\EYEWTDv.exe
  2⤵
  PID:4656
- C:\Windows\System\gQViZpO.exe
  C:\Windows\System\gQViZpO.exe
  2⤵
  PID:4780
- C:\Windows\System\KkiYUqm.exe
  C:\Windows\System\KkiYUqm.exe
  2⤵
  PID:4840
- C:\Windows\System\NzToNjJ.exe
  C:\Windows\System\NzToNjJ.exe
  2⤵
  PID:4920
- C:\Windows\System\QmOivlg.exe
  C:\Windows\System\QmOivlg.exe
  2⤵
  PID:4944
- C:\Windows\System\zvwEhjQ.exe
  C:\Windows\System\zvwEhjQ.exe
  2⤵
  PID:4968
- C:\Windows\System\BtqQNOl.exe
  C:\Windows\System\BtqQNOl.exe
  2⤵
  PID:5028
- C:\Windows\System\CaDIlVY.exe
  C:\Windows\System\CaDIlVY.exe
  2⤵
  PID:3140
- C:\Windows\System\JytPoQc.exe
  C:\Windows\System\JytPoQc.exe
  2⤵
  PID:688
- C:\Windows\System\OtQgPVJ.exe
  C:\Windows\System\OtQgPVJ.exe
  2⤵
  PID:4052
- C:\Windows\System\ydUOxBP.exe
  C:\Windows\System\ydUOxBP.exe
  2⤵
  PID:3844
- C:\Windows\System\sbXxYGf.exe
  C:\Windows\System\sbXxYGf.exe
  2⤵
  PID:4196
- C:\Windows\System\tbGntOI.exe
  C:\Windows\System\tbGntOI.exe
  2⤵
  PID:4396
- C:\Windows\System\oVfkEhD.exe
  C:\Windows\System\oVfkEhD.exe
  2⤵
  PID:4404
- C:\Windows\System\ibmPSzW.exe
  C:\Windows\System\ibmPSzW.exe
  2⤵
  PID:5128
- C:\Windows\System\FTLxjwA.exe
  C:\Windows\System\FTLxjwA.exe
  2⤵
  PID:5152
- C:\Windows\System\Mmgmkew.exe
  C:\Windows\System\Mmgmkew.exe
  2⤵
  PID:5172
- C:\Windows\System\JuGOZuk.exe
  C:\Windows\System\JuGOZuk.exe
  2⤵
  PID:5192
- C:\Windows\System\bmwLRXv.exe
  C:\Windows\System\bmwLRXv.exe
  2⤵
  PID:5208
- C:\Windows\System\InPbPbU.exe
  C:\Windows\System\InPbPbU.exe
  2⤵
  PID:5232
- C:\Windows\System\eZzJyOP.exe
  C:\Windows\System\eZzJyOP.exe
  2⤵
  PID:5252
- C:\Windows\System\GtnarxV.exe
  C:\Windows\System\GtnarxV.exe
  2⤵
  PID:5272
- C:\Windows\System\BrRkkou.exe
  C:\Windows\System\BrRkkou.exe
  2⤵
  PID:5292
- C:\Windows\System\JgGodsv.exe
  C:\Windows\System\JgGodsv.exe
  2⤵
  PID:5312
- C:\Windows\System\CPuGpip.exe
  C:\Windows\System\CPuGpip.exe
  2⤵
  PID:5332
- C:\Windows\System\MhPxqUf.exe
  C:\Windows\System\MhPxqUf.exe
  2⤵
  PID:5352
- C:\Windows\System\jmCgsdu.exe
  C:\Windows\System\jmCgsdu.exe
  2⤵
  PID:5372
- C:\Windows\System\MLmChlw.exe
  C:\Windows\System\MLmChlw.exe
  2⤵
  PID:5392
- C:\Windows\System\swkaMUT.exe
  C:\Windows\System\swkaMUT.exe
  2⤵
  PID:5408
- C:\Windows\System\wMHKpLQ.exe
  C:\Windows\System\wMHKpLQ.exe
  2⤵
  PID:5432
- C:\Windows\System\igOQkxg.exe
  C:\Windows\System\igOQkxg.exe
  2⤵
  PID:5452
- C:\Windows\System\mdQjkOJ.exe
  C:\Windows\System\mdQjkOJ.exe
  2⤵
  PID:5472
- C:\Windows\System\dkxCkrO.exe
  C:\Windows\System\dkxCkrO.exe
  2⤵
  PID:5492
- C:\Windows\System\qKNaHrs.exe
  C:\Windows\System\qKNaHrs.exe
  2⤵
  PID:5512
- C:\Windows\System\WYFdSyd.exe
  C:\Windows\System\WYFdSyd.exe
  2⤵
  PID:5532
- C:\Windows\System\xotpldI.exe
  C:\Windows\System\xotpldI.exe
  2⤵
  PID:5552
- C:\Windows\System\jffuhoL.exe
  C:\Windows\System\jffuhoL.exe
  2⤵
  PID:5568
- C:\Windows\System\ilolApC.exe
  C:\Windows\System\ilolApC.exe
  2⤵
  PID:5596
- C:\Windows\System\qHLwedX.exe
  C:\Windows\System\qHLwedX.exe
  2⤵
  PID:5616
- C:\Windows\System\MXHATCJ.exe
  C:\Windows\System\MXHATCJ.exe
  2⤵
  PID:5636
- C:\Windows\System\mJhnBdS.exe
  C:\Windows\System\mJhnBdS.exe
  2⤵
  PID:5656
- C:\Windows\System\TbCzdlz.exe
  C:\Windows\System\TbCzdlz.exe
  2⤵
  PID:5676
- C:\Windows\System\ViaCEzf.exe
  C:\Windows\System\ViaCEzf.exe
  2⤵
  PID:5696
- C:\Windows\System\agYkZKa.exe
  C:\Windows\System\agYkZKa.exe
  2⤵
  PID:5716
- C:\Windows\System\frbmrht.exe
  C:\Windows\System\frbmrht.exe
  2⤵
  PID:5736
- C:\Windows\System\HyaZzck.exe
  C:\Windows\System\HyaZzck.exe
  2⤵
  PID:5756
- C:\Windows\System\LxnmpEB.exe
  C:\Windows\System\LxnmpEB.exe
  2⤵
  PID:5776
- C:\Windows\System\NvJuxky.exe
  C:\Windows\System\NvJuxky.exe
  2⤵
  PID:5796
- C:\Windows\System\HCeCKaN.exe
  C:\Windows\System\HCeCKaN.exe
  2⤵
  PID:5816
- C:\Windows\System\zKjPQAC.exe
  C:\Windows\System\zKjPQAC.exe
  2⤵
  PID:5836
- C:\Windows\System\aXLaAFR.exe
  C:\Windows\System\aXLaAFR.exe
  2⤵
  PID:5856
- C:\Windows\System\qFmxgSB.exe
  C:\Windows\System\qFmxgSB.exe
  2⤵
  PID:5876
- C:\Windows\System\jOTTIGA.exe
  C:\Windows\System\jOTTIGA.exe
  2⤵
  PID:5896
- C:\Windows\System\hHKHVlO.exe
  C:\Windows\System\hHKHVlO.exe
  2⤵
  PID:5916
- C:\Windows\System\ieRWUSL.exe
  C:\Windows\System\ieRWUSL.exe
  2⤵
  PID:5936
- C:\Windows\System\GFRqYqI.exe
  C:\Windows\System\GFRqYqI.exe
  2⤵
  PID:5956
- C:\Windows\System\AiSrxEf.exe
  C:\Windows\System\AiSrxEf.exe
  2⤵
  PID:5976
- C:\Windows\System\nqPdgJg.exe
  C:\Windows\System\nqPdgJg.exe
  2⤵
  PID:5996
- C:\Windows\System\rnUTiYD.exe
  C:\Windows\System\rnUTiYD.exe
  2⤵
  PID:6016
- C:\Windows\System\ZliZjyW.exe
  C:\Windows\System\ZliZjyW.exe
  2⤵
  PID:6036
- C:\Windows\System\wuEtHqU.exe
  C:\Windows\System\wuEtHqU.exe
  2⤵
  PID:6056
- C:\Windows\System\EMNKbrc.exe
  C:\Windows\System\EMNKbrc.exe
  2⤵
  PID:6076
- C:\Windows\System\nViWbve.exe
  C:\Windows\System\nViWbve.exe
  2⤵
  PID:6096
- C:\Windows\System\wyREWVu.exe
  C:\Windows\System\wyREWVu.exe
  2⤵
  PID:6116
- C:\Windows\System\wxerIoO.exe
  C:\Windows\System\wxerIoO.exe
  2⤵
  PID:6136
- C:\Windows\System\XCOVZfT.exe
  C:\Windows\System\XCOVZfT.exe
  2⤵
  PID:2164
- C:\Windows\System\CwJxiAu.exe
  C:\Windows\System\CwJxiAu.exe
  2⤵
  PID:4692
- C:\Windows\System\lPwIqdl.exe
  C:\Windows\System\lPwIqdl.exe
  2⤵
  PID:4760
- C:\Windows\System\mQmToqM.exe
  C:\Windows\System\mQmToqM.exe
  2⤵
  PID:4756
- C:\Windows\System\iUHpEkL.exe
  C:\Windows\System\iUHpEkL.exe
  2⤵
  PID:4820
- C:\Windows\System\boVPLdk.exe
  C:\Windows\System\boVPLdk.exe
  2⤵
  PID:4984
- C:\Windows\System\xzlvist.exe
  C:\Windows\System\xzlvist.exe
  2⤵
  PID:3348
- C:\Windows\System\SVmOtRF.exe
  C:\Windows\System\SVmOtRF.exe
  2⤵
  PID:3392
- C:\Windows\System\EJCGnqP.exe
  C:\Windows\System\EJCGnqP.exe
  2⤵
  PID:3524
- C:\Windows\System\sbIGPfE.exe
  C:\Windows\System\sbIGPfE.exe
  2⤵
  PID:2320
- C:\Windows\System\WuSbAoq.exe
  C:\Windows\System\WuSbAoq.exe
  2⤵
  PID:4472
- C:\Windows\System\mzsuHKe.exe
  C:\Windows\System\mzsuHKe.exe
  2⤵
  PID:5148
- C:\Windows\System\JKAOPux.exe
  C:\Windows\System\JKAOPux.exe
  2⤵
  PID:5180
- C:\Windows\System\HQQXtxE.exe
  C:\Windows\System\HQQXtxE.exe
  2⤵
  PID:5216
- C:\Windows\System\FaYyDVZ.exe
  C:\Windows\System\FaYyDVZ.exe
  2⤵
  PID:5204
- C:\Windows\System\obTlBbt.exe
  C:\Windows\System\obTlBbt.exe
  2⤵
  PID:5244
- C:\Windows\System\JjhJJxv.exe
  C:\Windows\System\JjhJJxv.exe
  2⤵
  PID:5284
- C:\Windows\System\XdpzWab.exe
  C:\Windows\System\XdpzWab.exe
  2⤵
  PID:5348
- C:\Windows\System\WfEnfbQ.exe
  C:\Windows\System\WfEnfbQ.exe
  2⤵
  PID:5380
- C:\Windows\System\aMKSJma.exe
  C:\Windows\System\aMKSJma.exe
  2⤵
  PID:5364
- C:\Windows\System\DdRylPv.exe
  C:\Windows\System\DdRylPv.exe
  2⤵
  PID:5420
- C:\Windows\System\GeRMaSJ.exe
  C:\Windows\System\GeRMaSJ.exe
  2⤵
  PID:5444
- C:\Windows\System\UEISREV.exe
  C:\Windows\System\UEISREV.exe
  2⤵
  PID:5484
- C:\Windows\System\QUdzTwl.exe
  C:\Windows\System\QUdzTwl.exe
  2⤵
  PID:5544
- C:\Windows\System\jdHEfhM.exe
  C:\Windows\System\jdHEfhM.exe
  2⤵
  PID:5592
- C:\Windows\System\wSNuBbW.exe
  C:\Windows\System\wSNuBbW.exe
  2⤵
  PID:5612
- C:\Windows\System\bdUTjRK.exe
  C:\Windows\System\bdUTjRK.exe
  2⤵
  PID:5644
- C:\Windows\System\oypSqcV.exe
  C:\Windows\System\oypSqcV.exe
  2⤵
  PID:5648
- C:\Windows\System\kAAMAGW.exe
  C:\Windows\System\kAAMAGW.exe
  2⤵
  PID:5692
- C:\Windows\System\KhBYrev.exe
  C:\Windows\System\KhBYrev.exe
  2⤵
  PID:5752
- C:\Windows\System\ANQdGrO.exe
  C:\Windows\System\ANQdGrO.exe
  2⤵
  PID:5764
- C:\Windows\System\yxnBLFq.exe
  C:\Windows\System\yxnBLFq.exe
  2⤵
  PID:5824
- C:\Windows\System\cMMrCnX.exe
  C:\Windows\System\cMMrCnX.exe
  2⤵
  PID:5864
- C:\Windows\System\jDnyOQh.exe
  C:\Windows\System\jDnyOQh.exe
  2⤵
  PID:5848
- C:\Windows\System\sfUcOCD.exe
  C:\Windows\System\sfUcOCD.exe
  2⤵
  PID:5892
- C:\Windows\System\dNaqcZX.exe
  C:\Windows\System\dNaqcZX.exe
  2⤵
  PID:5932
- C:\Windows\System\bSzmiLC.exe
  C:\Windows\System\bSzmiLC.exe
  2⤵
  PID:5964
- C:\Windows\System\deWjadK.exe
  C:\Windows\System\deWjadK.exe
  2⤵
  PID:6004
- C:\Windows\System\rPnzFkX.exe
  C:\Windows\System\rPnzFkX.exe
  2⤵
  PID:6028
- C:\Windows\System\jCDZCiG.exe
  C:\Windows\System\jCDZCiG.exe
  2⤵
  PID:6052
- C:\Windows\System\FyXRqSY.exe
  C:\Windows\System\FyXRqSY.exe
  2⤵
  PID:6112
- C:\Windows\System\minYZTF.exe
  C:\Windows\System\minYZTF.exe
  2⤵
  PID:6132
- C:\Windows\System\wYnCjNa.exe
  C:\Windows\System\wYnCjNa.exe
  2⤵
  PID:4636
- C:\Windows\System\HkOeNXJ.exe
  C:\Windows\System\HkOeNXJ.exe
  2⤵
  PID:4620
- C:\Windows\System\owsWGRp.exe
  C:\Windows\System\owsWGRp.exe
  2⤵
  PID:4864
- C:\Windows\System\DkHhpCa.exe
  C:\Windows\System\DkHhpCa.exe
  2⤵
  PID:5000
- C:\Windows\System\srbBQHF.exe
  C:\Windows\System\srbBQHF.exe
  2⤵
  PID:3568
- C:\Windows\System\cnBaiAW.exe
  C:\Windows\System\cnBaiAW.exe
  2⤵
  PID:4212
- C:\Windows\System\wcWwbGr.exe
  C:\Windows\System\wcWwbGr.exe
  2⤵
  PID:5124
- C:\Windows\System\OYqOTUO.exe
  C:\Windows\System\OYqOTUO.exe
  2⤵
  PID:5228
- C:\Windows\System\svNAMGc.exe
  C:\Windows\System\svNAMGc.exe
  2⤵
  PID:5224
- C:\Windows\System\XnUYUKn.exe
  C:\Windows\System\XnUYUKn.exe
  2⤵
  PID:5288
- C:\Windows\System\oHLwxoV.exe
  C:\Windows\System\oHLwxoV.exe
  2⤵
  PID:5340
- C:\Windows\System\pulHMNs.exe
  C:\Windows\System\pulHMNs.exe
  2⤵
  PID:5404
- C:\Windows\System\pUWMtSb.exe
  C:\Windows\System\pUWMtSb.exe
  2⤵
  PID:5508
- C:\Windows\System\WSaXPpO.exe
  C:\Windows\System\WSaXPpO.exe
  2⤵
  PID:5524
- C:\Windows\System\JmGEOdk.exe
  C:\Windows\System\JmGEOdk.exe
  2⤵
  PID:5580
- C:\Windows\System\pgZWCsx.exe
  C:\Windows\System\pgZWCsx.exe
  2⤵
  PID:5628
- C:\Windows\System\tDUDgbQ.exe
  C:\Windows\System\tDUDgbQ.exe
  2⤵
  PID:5672
- C:\Windows\System\iFqXYcs.exe
  C:\Windows\System\iFqXYcs.exe
  2⤵
  PID:5792
- C:\Windows\System\LmjLNyJ.exe
  C:\Windows\System\LmjLNyJ.exe
  2⤵
  PID:5832
- C:\Windows\System\yFilRrr.exe
  C:\Windows\System\yFilRrr.exe
  2⤵
  PID:5872
- C:\Windows\System\poKMXsF.exe
  C:\Windows\System\poKMXsF.exe
  2⤵
  PID:5884
- C:\Windows\System\nFIGGom.exe
  C:\Windows\System\nFIGGom.exe
  2⤵
  PID:1828
- C:\Windows\System\DxdQKwE.exe
  C:\Windows\System\DxdQKwE.exe
  2⤵
  PID:5992
- C:\Windows\System\vxTmzTF.exe
  C:\Windows\System\vxTmzTF.exe
  2⤵
  PID:6084
- C:\Windows\System\rvNJXNW.exe
  C:\Windows\System\rvNJXNW.exe
  2⤵
  PID:6108
- C:\Windows\System\FdDusjY.exe
  C:\Windows\System\FdDusjY.exe
  2⤵
  PID:4552
- C:\Windows\System\YecuUbr.exe
  C:\Windows\System\YecuUbr.exe
  2⤵
  PID:4732
- C:\Windows\System\UiEuiyY.exe
  C:\Windows\System\UiEuiyY.exe
  2⤵
  PID:3848
- C:\Windows\System\RDQaIfW.exe
  C:\Windows\System\RDQaIfW.exe
  2⤵
  PID:4248
- C:\Windows\System\jFyGbpU.exe
  C:\Windows\System\jFyGbpU.exe
  2⤵
  PID:5136
- C:\Windows\System\ZHRHxsE.exe
  C:\Windows\System\ZHRHxsE.exe
  2⤵
  PID:5360
- C:\Windows\System\HzGhfBM.exe
  C:\Windows\System\HzGhfBM.exe
  2⤵
  PID:5384
- C:\Windows\System\utdGdpC.exe
  C:\Windows\System\utdGdpC.exe
  2⤵
  PID:5468
- C:\Windows\System\AZzUlPc.exe
  C:\Windows\System\AZzUlPc.exe
  2⤵
  PID:5520
- C:\Windows\System\USABbVc.exe
  C:\Windows\System\USABbVc.exe
  2⤵
  PID:5604
- C:\Windows\System\zBbkxSQ.exe
  C:\Windows\System\zBbkxSQ.exe
  2⤵
  PID:5724
- C:\Windows\System\mnLmhma.exe
  C:\Windows\System\mnLmhma.exe
  2⤵
  PID:5868
- C:\Windows\System\GBudvGH.exe
  C:\Windows\System\GBudvGH.exe
  2⤵
  PID:6152
- C:\Windows\System\pqiMctC.exe
  C:\Windows\System\pqiMctC.exe
  2⤵
  PID:6172
- C:\Windows\System\fFODvuk.exe
  C:\Windows\System\fFODvuk.exe
  2⤵
  PID:6192
- C:\Windows\System\jnYFDWD.exe
  C:\Windows\System\jnYFDWD.exe
  2⤵
  PID:6212
- C:\Windows\System\aJaniyk.exe
  C:\Windows\System\aJaniyk.exe
  2⤵
  PID:6232
- C:\Windows\System\zVJPnET.exe
  C:\Windows\System\zVJPnET.exe
  2⤵
  PID:6252
- C:\Windows\System\vKlCVjf.exe
  C:\Windows\System\vKlCVjf.exe
  2⤵
  PID:6272
- C:\Windows\System\vaXPsMs.exe
  C:\Windows\System\vaXPsMs.exe
  2⤵
  PID:6292
- C:\Windows\System\xyjiFAK.exe
  C:\Windows\System\xyjiFAK.exe
  2⤵
  PID:6312
- C:\Windows\System\OwZinpw.exe
  C:\Windows\System\OwZinpw.exe
  2⤵
  PID:6332
- C:\Windows\System\BHqjxta.exe
  C:\Windows\System\BHqjxta.exe
  2⤵
  PID:6352
- C:\Windows\System\wQCNefR.exe
  C:\Windows\System\wQCNefR.exe
  2⤵
  PID:6372
- C:\Windows\System\AqASCEP.exe
  C:\Windows\System\AqASCEP.exe
  2⤵
  PID:6392
- C:\Windows\System\ehYgzEx.exe
  C:\Windows\System\ehYgzEx.exe
  2⤵
  PID:6412
- C:\Windows\System\IHbdGOT.exe
  C:\Windows\System\IHbdGOT.exe
  2⤵
  PID:6432
- C:\Windows\System\nHCrKJn.exe
  C:\Windows\System\nHCrKJn.exe
  2⤵
  PID:6452
- C:\Windows\System\ahVwnBj.exe
  C:\Windows\System\ahVwnBj.exe
  2⤵
  PID:6472
- C:\Windows\System\OJDfbHq.exe
  C:\Windows\System\OJDfbHq.exe
  2⤵
  PID:6492
- C:\Windows\System\ccwuAHE.exe
  C:\Windows\System\ccwuAHE.exe
  2⤵
  PID:6512
- C:\Windows\System\SlHYgBT.exe
  C:\Windows\System\SlHYgBT.exe
  2⤵
  PID:6532
- C:\Windows\System\scKOxqy.exe
  C:\Windows\System\scKOxqy.exe
  2⤵
  PID:6552
- C:\Windows\System\KjYtITf.exe
  C:\Windows\System\KjYtITf.exe
  2⤵
  PID:6572
- C:\Windows\System\nIZsHDT.exe
  C:\Windows\System\nIZsHDT.exe
  2⤵
  PID:6592
- C:\Windows\System\YGpAxjY.exe
  C:\Windows\System\YGpAxjY.exe
  2⤵
  PID:6612
- C:\Windows\System\echIAQw.exe
  C:\Windows\System\echIAQw.exe
  2⤵
  PID:6632
- C:\Windows\System\TjByloe.exe
  C:\Windows\System\TjByloe.exe
  2⤵
  PID:6652
- C:\Windows\System\TDVlJXj.exe
  C:\Windows\System\TDVlJXj.exe
  2⤵
  PID:6672
- C:\Windows\System\WTSybHS.exe
  C:\Windows\System\WTSybHS.exe
  2⤵
  PID:6692
- C:\Windows\System\zPzGqZl.exe
  C:\Windows\System\zPzGqZl.exe
  2⤵
  PID:6712
- C:\Windows\System\HfiMzrf.exe
  C:\Windows\System\HfiMzrf.exe
  2⤵
  PID:6732
- C:\Windows\System\uowMNGN.exe
  C:\Windows\System\uowMNGN.exe
  2⤵
  PID:6752
- C:\Windows\System\bdyilzM.exe
  C:\Windows\System\bdyilzM.exe
  2⤵
  PID:6772
- C:\Windows\System\MckbqMt.exe
  C:\Windows\System\MckbqMt.exe
  2⤵
  PID:6792
- C:\Windows\System\HoHcNjf.exe
  C:\Windows\System\HoHcNjf.exe
  2⤵
  PID:6812
- C:\Windows\System\Czyppjm.exe
  C:\Windows\System\Czyppjm.exe
  2⤵
  PID:6832
- C:\Windows\System\YGvpwXt.exe
  C:\Windows\System\YGvpwXt.exe
  2⤵
  PID:6852
- C:\Windows\System\vbLPLmR.exe
  C:\Windows\System\vbLPLmR.exe
  2⤵
  PID:6872
- C:\Windows\System\toESliW.exe
  C:\Windows\System\toESliW.exe
  2⤵
  PID:6896
- C:\Windows\System\XOZFFvu.exe
  C:\Windows\System\XOZFFvu.exe
  2⤵
  PID:6916
- C:\Windows\System\kpkgxCc.exe
  C:\Windows\System\kpkgxCc.exe
  2⤵
  PID:6936
- C:\Windows\System\SdOQKpu.exe
  C:\Windows\System\SdOQKpu.exe
  2⤵
  PID:6956
- C:\Windows\System\NnjVjpk.exe
  C:\Windows\System\NnjVjpk.exe
  2⤵
  PID:6976
- C:\Windows\System\FffJNhX.exe
  C:\Windows\System\FffJNhX.exe
  2⤵
  PID:6996
- C:\Windows\System\ceJeuOl.exe
  C:\Windows\System\ceJeuOl.exe
  2⤵
  PID:7016
- C:\Windows\System\xiaEPaH.exe
  C:\Windows\System\xiaEPaH.exe
  2⤵
  PID:7036
- C:\Windows\System\JNldBrP.exe
  C:\Windows\System\JNldBrP.exe
  2⤵
  PID:7056
- C:\Windows\System\sIjlxCi.exe
  C:\Windows\System\sIjlxCi.exe
  2⤵
  PID:7076
- C:\Windows\System\mztXjEP.exe
  C:\Windows\System\mztXjEP.exe
  2⤵
  PID:7096
- C:\Windows\System\AdOCEFV.exe
  C:\Windows\System\AdOCEFV.exe
  2⤵
  PID:7116
- C:\Windows\System\IfqBPaA.exe
  C:\Windows\System\IfqBPaA.exe
  2⤵
  PID:7136
- C:\Windows\System\llWGOxw.exe
  C:\Windows\System\llWGOxw.exe
  2⤵
  PID:7156
- C:\Windows\System\ZQlcxPy.exe
  C:\Windows\System\ZQlcxPy.exe
  2⤵
  PID:5988
- C:\Windows\System\QPLlPEz.exe
  C:\Windows\System\QPLlPEz.exe
  2⤵
  PID:6092
- C:\Windows\System\JHuNhMa.exe
  C:\Windows\System\JHuNhMa.exe
  2⤵
  PID:4428
- C:\Windows\System\HVXspRJ.exe
  C:\Windows\System\HVXspRJ.exe
  2⤵
  PID:4588
- C:\Windows\System\yYIvKCj.exe
  C:\Windows\System\yYIvKCj.exe
  2⤵
  PID:4104
- C:\Windows\System\iMuPBHJ.exe
  C:\Windows\System\iMuPBHJ.exe
  2⤵
  PID:5308
- C:\Windows\System\wvyoGFR.exe
  C:\Windows\System\wvyoGFR.exe
  2⤵
  PID:5428
- C:\Windows\System\exJTPro.exe
  C:\Windows\System\exJTPro.exe
  2⤵
  PID:5564
- C:\Windows\System\IRrOTTg.exe
  C:\Windows\System\IRrOTTg.exe
  2⤵
  PID:5708
- C:\Windows\System\jyEERnV.exe
  C:\Windows\System\jyEERnV.exe
  2⤵
  PID:5804
- C:\Windows\System\HjzNMbx.exe
  C:\Windows\System\HjzNMbx.exe
  2⤵
  PID:6168
- C:\Windows\System\ZbhGCJO.exe
  C:\Windows\System\ZbhGCJO.exe
  2⤵
  PID:6184
- C:\Windows\System\TSLFxkL.exe
  C:\Windows\System\TSLFxkL.exe
  2⤵
  PID:6228
- C:\Windows\System\nGMaOPG.exe
  C:\Windows\System\nGMaOPG.exe
  2⤵
  PID:6268
- C:\Windows\System\OnMxVpg.exe
  C:\Windows\System\OnMxVpg.exe
  2⤵
  PID:6300
- C:\Windows\System\PPmxGBk.exe
  C:\Windows\System\PPmxGBk.exe
  2⤵
  PID:6324
- C:\Windows\System\nEFAIaa.exe
  C:\Windows\System\nEFAIaa.exe
  2⤵
  PID:6344
- C:\Windows\System\mEgCriy.exe
  C:\Windows\System\mEgCriy.exe
  2⤵
  PID:6384
- C:\Windows\System\ZimNOCR.exe
  C:\Windows\System\ZimNOCR.exe
  2⤵
  PID:6428
- C:\Windows\System\aVQgERW.exe
  C:\Windows\System\aVQgERW.exe
  2⤵
  PID:6468
- C:\Windows\System\rqcftDp.exe
  C:\Windows\System\rqcftDp.exe
  2⤵
  PID:6500
- C:\Windows\System\lkMNdXV.exe
  C:\Windows\System\lkMNdXV.exe
  2⤵
  PID:6524
- C:\Windows\System\dUwDBqs.exe
  C:\Windows\System\dUwDBqs.exe
  2⤵
  PID:6568
- C:\Windows\System\SjFzfTq.exe
  C:\Windows\System\SjFzfTq.exe
  2⤵
  PID:6584
- C:\Windows\System\JGzQSrO.exe
  C:\Windows\System\JGzQSrO.exe
  2⤵
  PID:6640
- C:\Windows\System\ZsdYZFw.exe
  C:\Windows\System\ZsdYZFw.exe
  2⤵
  PID:6680
- C:\Windows\System\nqnAbFi.exe
  C:\Windows\System\nqnAbFi.exe
  2⤵
  PID:6700
- C:\Windows\System\JMNLCHt.exe
  C:\Windows\System\JMNLCHt.exe
  2⤵
  PID:6724
- C:\Windows\System\fMOoWKr.exe
  C:\Windows\System\fMOoWKr.exe
  2⤵
  PID:6760
- C:\Windows\System\FNKFsQa.exe
  C:\Windows\System\FNKFsQa.exe
  2⤵
  PID:6808
- C:\Windows\System\BQlinSI.exe
  C:\Windows\System\BQlinSI.exe
  2⤵
  PID:6828
- C:\Windows\System\aatBEFP.exe
  C:\Windows\System\aatBEFP.exe
  2⤵
  PID:6880
- C:\Windows\System\HzVByKB.exe
  C:\Windows\System\HzVByKB.exe
  2⤵
  PID:6904
- C:\Windows\System\QVoYVAx.exe
  C:\Windows\System\QVoYVAx.exe
  2⤵
  PID:6928
- C:\Windows\System\MhOcXpO.exe
  C:\Windows\System\MhOcXpO.exe
  2⤵
  PID:6948
- C:\Windows\System\cjXWcDS.exe
  C:\Windows\System\cjXWcDS.exe
  2⤵
  PID:6988
- C:\Windows\System\dKVBEyc.exe
  C:\Windows\System\dKVBEyc.exe
  2⤵
  PID:7032
- C:\Windows\System\dyfsOBj.exe
  C:\Windows\System\dyfsOBj.exe
  2⤵
  PID:7092
- C:\Windows\System\paxBzBu.exe
  C:\Windows\System\paxBzBu.exe
  2⤵
  PID:7124
- C:\Windows\System\UCqhEQN.exe
  C:\Windows\System\UCqhEQN.exe
  2⤵
  PID:7144
- C:\Windows\System\hDASTGJ.exe
  C:\Windows\System\hDASTGJ.exe
  2⤵
  PID:7148
- C:\Windows\System\UJxAdUA.exe
  C:\Windows\System\UJxAdUA.exe
  2⤵
  PID:6008
- C:\Windows\System\wKcKggK.exe
  C:\Windows\System\wKcKggK.exe
  2⤵
  PID:5104
- C:\Windows\System\szoZuUR.exe
  C:\Windows\System\szoZuUR.exe
  2⤵
  PID:5280
- C:\Windows\System\DRLyBDS.exe
  C:\Windows\System\DRLyBDS.exe
  2⤵
  PID:5684
- C:\Windows\System\PaycXeC.exe
  C:\Windows\System\PaycXeC.exe
  2⤵
  PID:5576
- C:\Windows\System\OzmbKlb.exe
  C:\Windows\System\OzmbKlb.exe
  2⤵
  PID:6148
- C:\Windows\System\bZEjNDl.exe
  C:\Windows\System\bZEjNDl.exe
  2⤵
  PID:6240
- C:\Windows\System\LgdSOjL.exe
  C:\Windows\System\LgdSOjL.exe
  2⤵
  PID:6284
- C:\Windows\System\klUadun.exe
  C:\Windows\System\klUadun.exe
  2⤵
  PID:6360
- C:\Windows\System\ogYYTVE.exe
  C:\Windows\System\ogYYTVE.exe
  2⤵
  PID:6304
- C:\Windows\System\rdQgrSC.exe
  C:\Windows\System\rdQgrSC.exe
  2⤵
  PID:6400
- C:\Windows\System\MgMosdK.exe
  C:\Windows\System\MgMosdK.exe
  2⤵
  PID:6488
- C:\Windows\System\FpBCqeE.exe
  C:\Windows\System\FpBCqeE.exe
  2⤵
  PID:6544
- C:\Windows\System\kfpuDeE.exe
  C:\Windows\System\kfpuDeE.exe
  2⤵
  PID:6620
- C:\Windows\System\lAGeaFI.exe
  C:\Windows\System\lAGeaFI.exe
  2⤵
  PID:6648
- C:\Windows\System\qZrRQQn.exe
  C:\Windows\System\qZrRQQn.exe
  2⤵
  PID:6664
- C:\Windows\System\odPwKBu.exe
  C:\Windows\System\odPwKBu.exe
  2⤵
  PID:6704
- C:\Windows\System\xffgJOz.exe
  C:\Windows\System\xffgJOz.exe
  2⤵
  PID:6764
- C:\Windows\System\sTqlduT.exe
  C:\Windows\System\sTqlduT.exe
  2⤵
  PID:6848
- C:\Windows\System\gNlBmUu.exe
  C:\Windows\System\gNlBmUu.exe
  2⤵
  PID:6964
- C:\Windows\System\UqTYrdV.exe
  C:\Windows\System\UqTYrdV.exe
  2⤵
  PID:6972
- C:\Windows\System\BDEuOcQ.exe
  C:\Windows\System\BDEuOcQ.exe
  2⤵
  PID:7004
- C:\Windows\System\PbWlUof.exe
  C:\Windows\System\PbWlUof.exe
  2⤵
  PID:2104
- C:\Windows\System\kcBkPUL.exe
  C:\Windows\System\kcBkPUL.exe
  2⤵
  PID:7152
- C:\Windows\System\QrwPAle.exe
  C:\Windows\System\QrwPAle.exe
  2⤵
  PID:6064
- C:\Windows\System\UwHxXTG.exe
  C:\Windows\System\UwHxXTG.exe
  2⤵
  PID:5928
- C:\Windows\System\tsRuJyZ.exe
  C:\Windows\System\tsRuJyZ.exe
  2⤵
  PID:5908
- C:\Windows\System\XgbjqZs.exe
  C:\Windows\System\XgbjqZs.exe
  2⤵
  PID:5168
- C:\Windows\System\DMZCUjL.exe
  C:\Windows\System\DMZCUjL.exe
  2⤵
  PID:6288
- C:\Windows\System\bBJLVHq.exe
  C:\Windows\System\bBJLVHq.exe
  2⤵
  PID:6320
- C:\Windows\System\uSyJhZL.exe
  C:\Windows\System\uSyJhZL.exe
  2⤵
  PID:6424
- C:\Windows\System\NpdXhwT.exe
  C:\Windows\System\NpdXhwT.exe
  2⤵
  PID:6420
- C:\Windows\System\WwvMcAO.exe
  C:\Windows\System\WwvMcAO.exe
  2⤵
  PID:6444
- C:\Windows\System\vbrzBHj.exe
  C:\Windows\System\vbrzBHj.exe
  2⤵
  PID:6588
- C:\Windows\System\aEfRneB.exe
  C:\Windows\System\aEfRneB.exe
  2⤵
  PID:6744
- C:\Windows\System\RPZLZir.exe
  C:\Windows\System\RPZLZir.exe
  2⤵
  PID:1528
- C:\Windows\System\DnyVlyk.exe
  C:\Windows\System\DnyVlyk.exe
  2⤵
  PID:2704
- C:\Windows\System\nCrClVu.exe
  C:\Windows\System\nCrClVu.exe
  2⤵
  PID:6984
- C:\Windows\System\ZEPTrND.exe
  C:\Windows\System\ZEPTrND.exe
  2⤵
  PID:7084
- C:\Windows\System\JEskCxb.exe
  C:\Windows\System\JEskCxb.exe
  2⤵
  PID:5344
- C:\Windows\System\PhzZhGM.exe
  C:\Windows\System\PhzZhGM.exe
  2⤵
  PID:5744
- C:\Windows\System\SmiUmfw.exe
  C:\Windows\System\SmiUmfw.exe
  2⤵
  PID:7180
- C:\Windows\System\TpXgUGn.exe
  C:\Windows\System\TpXgUGn.exe
  2⤵
  PID:7200
- C:\Windows\System\jkTbpEP.exe
  C:\Windows\System\jkTbpEP.exe
  2⤵
  PID:7220
- C:\Windows\System\LpdmJTy.exe
  C:\Windows\System\LpdmJTy.exe
  2⤵
  PID:7240
- C:\Windows\System\CvlbOes.exe
  C:\Windows\System\CvlbOes.exe
  2⤵
  PID:7260
- C:\Windows\System\MlSWPCB.exe
  C:\Windows\System\MlSWPCB.exe
  2⤵
  PID:7276
- C:\Windows\System\IhIFTJN.exe
  C:\Windows\System\IhIFTJN.exe
  2⤵
  PID:7296
- C:\Windows\System\WkLmOdR.exe
  C:\Windows\System\WkLmOdR.exe
  2⤵
  PID:7320
- C:\Windows\System\TKLqvbh.exe
  C:\Windows\System\TKLqvbh.exe
  2⤵
  PID:7340
- C:\Windows\System\lCnPKTR.exe
  C:\Windows\System\lCnPKTR.exe
  2⤵
  PID:7364
- C:\Windows\System\nHjzTYf.exe
  C:\Windows\System\nHjzTYf.exe
  2⤵
  PID:7384
- C:\Windows\System\aWTfNgL.exe
  C:\Windows\System\aWTfNgL.exe
  2⤵
  PID:7404
- C:\Windows\System\dskZpid.exe
  C:\Windows\System\dskZpid.exe
  2⤵
  PID:7424
- C:\Windows\System\osZEsAZ.exe
  C:\Windows\System\osZEsAZ.exe
  2⤵
  PID:7444
- C:\Windows\System\hGeHNNN.exe
  C:\Windows\System\hGeHNNN.exe
  2⤵
  PID:7464
- C:\Windows\System\gJMpvBw.exe
  C:\Windows\System\gJMpvBw.exe
  2⤵
  PID:7484
- C:\Windows\System\hOHZHBr.exe
  C:\Windows\System\hOHZHBr.exe
  2⤵
  PID:7500
- C:\Windows\System\TSZMGRe.exe
  C:\Windows\System\TSZMGRe.exe
  2⤵
  PID:7520
- C:\Windows\System\CRiJxJd.exe
  C:\Windows\System\CRiJxJd.exe
  2⤵
  PID:7536
- C:\Windows\System\KXIxRMR.exe
  C:\Windows\System\KXIxRMR.exe
  2⤵
  PID:7560
- C:\Windows\System\xIuALfL.exe
  C:\Windows\System\xIuALfL.exe
  2⤵
  PID:7576
- C:\Windows\System\rgrMBMW.exe
  C:\Windows\System\rgrMBMW.exe
  2⤵
  PID:7600
- C:\Windows\System\MvWorUR.exe
  C:\Windows\System\MvWorUR.exe
  2⤵
  PID:7624
- C:\Windows\System\WYchbCL.exe
  C:\Windows\System\WYchbCL.exe
  2⤵
  PID:7644
- C:\Windows\System\UEtmdbn.exe
  C:\Windows\System\UEtmdbn.exe
  2⤵
  PID:7664
- C:\Windows\System\YHPSMcH.exe
  C:\Windows\System\YHPSMcH.exe
  2⤵
  PID:7684
- C:\Windows\System\joeqceU.exe
  C:\Windows\System\joeqceU.exe
  2⤵
  PID:7704
- C:\Windows\System\ATMzUuI.exe
  C:\Windows\System\ATMzUuI.exe
  2⤵
  PID:7724
- C:\Windows\System\afrtZXD.exe
  C:\Windows\System\afrtZXD.exe
  2⤵
  PID:7740
- C:\Windows\System\JkosAfN.exe
  C:\Windows\System\JkosAfN.exe
  2⤵
  PID:7764
- C:\Windows\System\JDDFchf.exe
  C:\Windows\System\JDDFchf.exe
  2⤵
  PID:7784
- C:\Windows\System\ddCNJOd.exe
  C:\Windows\System\ddCNJOd.exe
  2⤵
  PID:7804
- C:\Windows\System\DFcwsXN.exe
  C:\Windows\System\DFcwsXN.exe
  2⤵
  PID:7824
- C:\Windows\System\SVHwpko.exe
  C:\Windows\System\SVHwpko.exe
  2⤵
  PID:7844
- C:\Windows\System\xGaHROb.exe
  C:\Windows\System\xGaHROb.exe
  2⤵
  PID:7864
- C:\Windows\System\rJsKiSX.exe
  C:\Windows\System\rJsKiSX.exe
  2⤵
  PID:7884
- C:\Windows\System\VlJydfj.exe
  C:\Windows\System\VlJydfj.exe
  2⤵
  PID:7904
- C:\Windows\System\VbHXyOt.exe
  C:\Windows\System\VbHXyOt.exe
  2⤵
  PID:7928
- C:\Windows\System\KkLGbru.exe
  C:\Windows\System\KkLGbru.exe
  2⤵
  PID:7944
- C:\Windows\System\YufrePp.exe
  C:\Windows\System\YufrePp.exe
  2⤵
  PID:7968
- C:\Windows\System\cqkZyHF.exe
  C:\Windows\System\cqkZyHF.exe
  2⤵
  PID:7988
- C:\Windows\System\XrmPBpK.exe
  C:\Windows\System\XrmPBpK.exe
  2⤵
  PID:8008
- C:\Windows\System\fZLfjIz.exe
  C:\Windows\System\fZLfjIz.exe
  2⤵
  PID:8028
- C:\Windows\System\XGAiHee.exe
  C:\Windows\System\XGAiHee.exe
  2⤵
  PID:8048
- C:\Windows\System\nZoKgqI.exe
  C:\Windows\System\nZoKgqI.exe
  2⤵
  PID:8068
- C:\Windows\System\mvQfUaZ.exe
  C:\Windows\System\mvQfUaZ.exe
  2⤵
  PID:8088
- C:\Windows\System\qFZZuut.exe
  C:\Windows\System\qFZZuut.exe
  2⤵
  PID:8108
- C:\Windows\System\weuEMLc.exe
  C:\Windows\System\weuEMLc.exe
  2⤵
  PID:8128
- C:\Windows\System\uOkXdEH.exe
  C:\Windows\System\uOkXdEH.exe
  2⤵
  PID:8148
- C:\Windows\System\yXLRdpK.exe
  C:\Windows\System\yXLRdpK.exe
  2⤵
  PID:8168
- C:\Windows\System\JyXLtIU.exe
  C:\Windows\System\JyXLtIU.exe
  2⤵
  PID:8188
- C:\Windows\System\MIMirlD.exe
  C:\Windows\System\MIMirlD.exe
  2⤵
  PID:6368
- C:\Windows\System\DudKnRq.exe
  C:\Windows\System\DudKnRq.exe
  2⤵
  PID:6560
- C:\Windows\System\ToNSCQe.exe
  C:\Windows\System\ToNSCQe.exe
  2⤵
  PID:6224
- C:\Windows\System\lhPdUjw.exe
  C:\Windows\System\lhPdUjw.exe
  2⤵
  PID:6708
- C:\Windows\System\uRobRoP.exe
  C:\Windows\System\uRobRoP.exe
  2⤵
  PID:7044
- C:\Windows\System\PgeVvIL.exe
  C:\Windows\System\PgeVvIL.exe
  2⤵
  PID:6608
- C:\Windows\System\eSkBlZe.exe
  C:\Windows\System\eSkBlZe.exe
  2⤵
  PID:6800
- C:\Windows\System\wTMgiwG.exe
  C:\Windows\System\wTMgiwG.exe
  2⤵
  PID:7068
- C:\Windows\System\VtYkxfz.exe
  C:\Windows\System\VtYkxfz.exe
  2⤵
  PID:7208
- C:\Windows\System\BEMZHpv.exe
  C:\Windows\System\BEMZHpv.exe
  2⤵
  PID:7128
- C:\Windows\System\HWhYopq.exe
  C:\Windows\System\HWhYopq.exe
  2⤵
  PID:7192
- C:\Windows\System\ehAZomG.exe
  C:\Windows\System\ehAZomG.exe
  2⤵
  PID:7292
- C:\Windows\System\FYMOPmR.exe
  C:\Windows\System\FYMOPmR.exe
  2⤵
  PID:7272
- C:\Windows\System\KjKVyGl.exe
  C:\Windows\System\KjKVyGl.exe
  2⤵
  PID:7372
- C:\Windows\System\bdSQlcd.exe
  C:\Windows\System\bdSQlcd.exe
  2⤵
  PID:7304
- C:\Windows\System\ApvlPsk.exe
  C:\Windows\System\ApvlPsk.exe
  2⤵
  PID:7416
- C:\Windows\System\kLWMFao.exe
  C:\Windows\System\kLWMFao.exe
  2⤵
  PID:7452
- C:\Windows\System\ewYmyHL.exe
  C:\Windows\System\ewYmyHL.exe
  2⤵
  PID:7440
- C:\Windows\System\vlgpnck.exe
  C:\Windows\System\vlgpnck.exe
  2⤵
  PID:7476
- C:\Windows\System\JwpKwxG.exe
  C:\Windows\System\JwpKwxG.exe
  2⤵
  PID:7512
- C:\Windows\System\UWzHmOa.exe
  C:\Windows\System\UWzHmOa.exe
  2⤵
  PID:7548
- C:\Windows\System\FHuZQPJ.exe
  C:\Windows\System\FHuZQPJ.exe
  2⤵
  PID:7612
- C:\Windows\System\noAzDBG.exe
  C:\Windows\System\noAzDBG.exe
  2⤵
  PID:7652
- C:\Windows\System\YcaiYuv.exe
  C:\Windows\System\YcaiYuv.exe
  2⤵
  PID:7692
- C:\Windows\System\eyAFHjJ.exe
  C:\Windows\System\eyAFHjJ.exe
  2⤵
  PID:7676
- C:\Windows\System\VLxibSX.exe
  C:\Windows\System\VLxibSX.exe
  2⤵
  PID:7732
- C:\Windows\System\rveZazD.exe
  C:\Windows\System\rveZazD.exe
  2⤵
  PID:7748
- C:\Windows\System\DZozoef.exe
  C:\Windows\System\DZozoef.exe
  2⤵
  PID:7760
- C:\Windows\System\JPNioyy.exe
  C:\Windows\System\JPNioyy.exe
  2⤵
  PID:7800
- C:\Windows\System\YsnDzci.exe
  C:\Windows\System\YsnDzci.exe
  2⤵
  PID:7832
- C:\Windows\System\FBqEphQ.exe
  C:\Windows\System\FBqEphQ.exe
  2⤵
  PID:7840
- C:\Windows\System\gStERts.exe
  C:\Windows\System\gStERts.exe
  2⤵
  PID:7892
- C:\Windows\System\hJJbJqT.exe
  C:\Windows\System\hJJbJqT.exe
  2⤵
  PID:2284
- C:\Windows\System\FDeqjRr.exe
  C:\Windows\System\FDeqjRr.exe
  2⤵
  PID:7916
- C:\Windows\System\mAHqhFr.exe
  C:\Windows\System\mAHqhFr.exe
  2⤵
  PID:8016
- C:\Windows\System\ZXIzoEb.exe
  C:\Windows\System\ZXIzoEb.exe
  2⤵
  PID:8004
- C:\Windows\System\wymWUZh.exe
  C:\Windows\System\wymWUZh.exe
  2⤵
  PID:8056
- C:\Windows\System\LPOvLsK.exe
  C:\Windows\System\LPOvLsK.exe
  2⤵
  PID:8040
- C:\Windows\System\nzuVaOz.exe
  C:\Windows\System\nzuVaOz.exe
  2⤵
  PID:808
- C:\Windows\System\EMSBJWy.exe
  C:\Windows\System\EMSBJWy.exe
  2⤵
  PID:8140
- C:\Windows\System\LpRAakg.exe
  C:\Windows\System\LpRAakg.exe
  2⤵
  PID:1980
- C:\Windows\System\iRBuTZC.exe
  C:\Windows\System\iRBuTZC.exe
  2⤵
  PID:2860
- C:\Windows\System\bKOluHk.exe
  C:\Windows\System\bKOluHk.exe
  2⤵
  PID:8160
- C:\Windows\System\xmAwCJR.exe
  C:\Windows\System\xmAwCJR.exe
  2⤵
  PID:4748
- C:\Windows\System\vERqfvS.exe
  C:\Windows\System\vERqfvS.exe
  2⤵
  PID:6244
- C:\Windows\System\EdzlLPi.exe
  C:\Windows\System\EdzlLPi.exe
  2⤵
  PID:7104
- C:\Windows\System\vVpFkYf.exe
  C:\Windows\System\vVpFkYf.exe
  2⤵
  PID:1728
- C:\Windows\System\yFZJIiU.exe
  C:\Windows\System\yFZJIiU.exe
  2⤵
  PID:6892
- C:\Windows\System\nlvCTPF.exe
  C:\Windows\System\nlvCTPF.exe
  2⤵
  PID:6844
- C:\Windows\System\GNalOQS.exe
  C:\Windows\System\GNalOQS.exe
  2⤵
  PID:7212
- C:\Windows\System\CEerVuK.exe
  C:\Windows\System\CEerVuK.exe
  2⤵
  PID:7176
- C:\Windows\System\xHoEOwL.exe
  C:\Windows\System\xHoEOwL.exe
  2⤵
  PID:7312
- C:\Windows\System\oBrpFqT.exe
  C:\Windows\System\oBrpFqT.exe
  2⤵
  PID:7352
- C:\Windows\System\hZoOnDE.exe
  C:\Windows\System\hZoOnDE.exe
  2⤵
  PID:7392
- C:\Windows\System\pDVTWmG.exe
  C:\Windows\System\pDVTWmG.exe
  2⤵
  PID:7492
- C:\Windows\System\OrTHnMh.exe
  C:\Windows\System\OrTHnMh.exe
  2⤵
  PID:2272
- C:\Windows\System\gTcBjid.exe
  C:\Windows\System\gTcBjid.exe
  2⤵
  PID:7572
- C:\Windows\System\idhtdQb.exe
  C:\Windows\System\idhtdQb.exe
  2⤵
  PID:7616
- C:\Windows\System\VGAQkxj.exe
  C:\Windows\System\VGAQkxj.exe
  2⤵
  PID:7632
- C:\Windows\System\jWcCqah.exe
  C:\Windows\System\jWcCqah.exe
  2⤵
  PID:2408
- C:\Windows\System\uraEKwW.exe
  C:\Windows\System\uraEKwW.exe
  2⤵
  PID:7696
- C:\Windows\System\rokVXkK.exe
  C:\Windows\System\rokVXkK.exe
  2⤵
  PID:7796
- C:\Windows\System\RWYCumw.exe
  C:\Windows\System\RWYCumw.exe
  2⤵
  PID:7736
- C:\Windows\System\kmwuKvH.exe
  C:\Windows\System\kmwuKvH.exe
  2⤵
  PID:7820
- C:\Windows\System\ywSTzGF.exe
  C:\Windows\System\ywSTzGF.exe
  2⤵
  PID:2716
- C:\Windows\System\bonjrPq.exe
  C:\Windows\System\bonjrPq.exe
  2⤵
  PID:7856
- C:\Windows\System\kxJRhqx.exe
  C:\Windows\System\kxJRhqx.exe
  2⤵
  PID:2648
- C:\Windows\System\QVsFYci.exe
  C:\Windows\System\QVsFYci.exe
  2⤵
  PID:7996
- C:\Windows\System\zUCCdZP.exe
  C:\Windows\System\zUCCdZP.exe
  2⤵
  PID:7936
- C:\Windows\System\ZFwJKQp.exe
  C:\Windows\System\ZFwJKQp.exe
  2⤵
  PID:1476
- C:\Windows\System\cMlfvzt.exe
  C:\Windows\System\cMlfvzt.exe
  2⤵
  PID:1584
- C:\Windows\System\ncdIPCe.exe
  C:\Windows\System\ncdIPCe.exe
  2⤵
  PID:8084
- C:\Windows\System\GnJNRin.exe
  C:\Windows\System\GnJNRin.exe
  2⤵
  PID:3048
- C:\Windows\System\MPDwAxY.exe
  C:\Windows\System\MPDwAxY.exe
  2⤵
  PID:1988
- C:\Windows\System\RfxjDVR.exe
  C:\Windows\System\RfxjDVR.exe
  2⤵
  PID:948
- C:\Windows\System\WyLfHdv.exe
  C:\Windows\System\WyLfHdv.exe
  2⤵
  PID:8176
- C:\Windows\System\rxmjLjy.exe
  C:\Windows\System\rxmjLjy.exe
  2⤵
  PID:8164
- C:\Windows\System\IUlmPnU.exe
  C:\Windows\System\IUlmPnU.exe
  2⤵
  PID:6908
- C:\Windows\System\GlIGeRZ.exe
  C:\Windows\System\GlIGeRZ.exe
  2⤵
  PID:2132
- C:\Windows\System\OftWUEg.exe
  C:\Windows\System\OftWUEg.exe
  2⤵
  PID:1156
- C:\Windows\System\UBfjvLw.exe
  C:\Windows\System\UBfjvLw.exe
  2⤵
  PID:7112
- C:\Windows\System\cPgBEka.exe
  C:\Windows\System\cPgBEka.exe
  2⤵
  PID:7284
- C:\Windows\System\iMjOVTT.exe
  C:\Windows\System\iMjOVTT.exe
  2⤵
  PID:7316
- C:\Windows\System\xDVBJsA.exe
  C:\Windows\System\xDVBJsA.exe
  2⤵
  PID:7432
- C:\Windows\System\DbMThnC.exe
  C:\Windows\System\DbMThnC.exe
  2⤵
  PID:7568
- C:\Windows\System\qUwBuOT.exe
  C:\Windows\System\qUwBuOT.exe
  2⤵
  PID:7496
- C:\Windows\System\gFVhgJJ.exe
  C:\Windows\System\gFVhgJJ.exe
  2⤵
  PID:7532
- C:\Windows\System\lnaxnkW.exe
  C:\Windows\System\lnaxnkW.exe
  2⤵
  PID:7588
- C:\Windows\System\dTEtusF.exe
  C:\Windows\System\dTEtusF.exe
  2⤵
  PID:7656
- C:\Windows\System\ScbXirc.exe
  C:\Windows\System\ScbXirc.exe
  2⤵
  PID:2336
- C:\Windows\System\fYQeSux.exe
  C:\Windows\System\fYQeSux.exe
  2⤵
  PID:7964
- C:\Windows\System\DfhzwWJ.exe
  C:\Windows\System\DfhzwWJ.exe
  2⤵
  PID:2784
- C:\Windows\System\XfoxosM.exe
  C:\Windows\System\XfoxosM.exe
  2⤵
  PID:7920
- C:\Windows\System\eKXdYgC.exe
  C:\Windows\System\eKXdYgC.exe
  2⤵
  PID:7976
- C:\Windows\System\BkzdZcL.exe
  C:\Windows\System\BkzdZcL.exe
  2⤵
  PID:2928
- C:\Windows\System\jJRvQgo.exe
  C:\Windows\System\jJRvQgo.exe
  2⤵
  PID:8156
- C:\Windows\System\zHxHBtk.exe
  C:\Windows\System\zHxHBtk.exe
  2⤵
  PID:8180
- C:\Windows\System\hdacpXv.exe
  C:\Windows\System\hdacpXv.exe
  2⤵
  PID:7472
- C:\Windows\System\pZkHoNv.exe
  C:\Windows\System\pZkHoNv.exe
  2⤵
  PID:7752
- C:\Windows\System\xvRjeCK.exe
  C:\Windows\System\xvRjeCK.exe
  2⤵
  PID:7592
- C:\Windows\System\nqhefoj.exe
  C:\Windows\System\nqhefoj.exe
  2⤵
  PID:8120
- C:\Windows\System\Ryiuabb.exe
  C:\Windows\System\Ryiuabb.exe
  2⤵
  PID:2952
- C:\Windows\System\FeJlEvM.exe
  C:\Windows\System\FeJlEvM.exe
  2⤵
  PID:7876
- C:\Windows\System\yvwzBCn.exe
  C:\Windows\System\yvwzBCn.exe
  2⤵
  PID:7332
- C:\Windows\System\BbuZVVF.exe
  C:\Windows\System\BbuZVVF.exe
  2⤵
  PID:7896
- C:\Windows\System\neoLbzR.exe
  C:\Windows\System\neoLbzR.exe
  2⤵
  PID:2664
- C:\Windows\System\mCBwiLu.exe
  C:\Windows\System\mCBwiLu.exe
  2⤵
  PID:7608
- C:\Windows\System\cNJVJXA.exe
  C:\Windows\System\cNJVJXA.exe
  2⤵
  PID:7956
- C:\Windows\System\eAbKlDP.exe
  C:\Windows\System\eAbKlDP.exe
  2⤵
  PID:1572
- C:\Windows\System\TuqTeVu.exe
  C:\Windows\System\TuqTeVu.exe
  2⤵
  PID:2752
- C:\Windows\System\fpnHnZU.exe
  C:\Windows\System\fpnHnZU.exe
  2⤵
  PID:2936
- C:\Windows\System\YbWCXuI.exe
  C:\Windows\System\YbWCXuI.exe
  2⤵
  PID:6404
- C:\Windows\System\aNZAMPb.exe
  C:\Windows\System\aNZAMPb.exe
  2⤵
  PID:7188
- C:\Windows\System\MvaTRlp.exe
  C:\Windows\System\MvaTRlp.exe
  2⤵
  PID:1936
- C:\Windows\System\oITyivO.exe
  C:\Windows\System\oITyivO.exe
  2⤵
  PID:8200
- C:\Windows\System\SeIAqUy.exe
  C:\Windows\System\SeIAqUy.exe
  2⤵
  PID:8216
- C:\Windows\System\pvaTjhV.exe
  C:\Windows\System\pvaTjhV.exe
  2⤵
  PID:8232
- C:\Windows\System\NUFdZgp.exe
  C:\Windows\System\NUFdZgp.exe
  2⤵
  PID:8248
- C:\Windows\System\tfIDIJM.exe
  C:\Windows\System\tfIDIJM.exe
  2⤵
  PID:8264
- C:\Windows\System\uDUzhcu.exe
  C:\Windows\System\uDUzhcu.exe
  2⤵
  PID:8284
- C:\Windows\System\wAsCkUG.exe
  C:\Windows\System\wAsCkUG.exe
  2⤵
  PID:8300
- C:\Windows\System\hLpHcWN.exe
  C:\Windows\System\hLpHcWN.exe
  2⤵
  PID:8324
- C:\Windows\System\xWOUBkF.exe
  C:\Windows\System\xWOUBkF.exe
  2⤵
  PID:8344
- C:\Windows\System\jyHqKJr.exe
  C:\Windows\System\jyHqKJr.exe
  2⤵
  PID:8360
- C:\Windows\System\gaUPLSQ.exe
  C:\Windows\System\gaUPLSQ.exe
  2⤵
  PID:8376
- C:\Windows\System\yZoMnpH.exe
  C:\Windows\System\yZoMnpH.exe
  2⤵
  PID:8392
- C:\Windows\System\uddvUaM.exe
  C:\Windows\System\uddvUaM.exe
  2⤵
  PID:8408
- C:\Windows\System\rEknGjb.exe
  C:\Windows\System\rEknGjb.exe
  2⤵
  PID:8424
- C:\Windows\System\EgxAsIg.exe
  C:\Windows\System\EgxAsIg.exe
  2⤵
  PID:8440
- C:\Windows\System\cdLYWdx.exe
  C:\Windows\System\cdLYWdx.exe
  2⤵
  PID:8456
- C:\Windows\System\CETEjpz.exe
  C:\Windows\System\CETEjpz.exe
  2⤵
  PID:8504
- C:\Windows\System\ZJlpwPb.exe
  C:\Windows\System\ZJlpwPb.exe
  2⤵
  PID:8524
- C:\Windows\System\wdyrHWD.exe
  C:\Windows\System\wdyrHWD.exe
  2⤵
  PID:8540
- C:\Windows\System\mOjGtWA.exe
  C:\Windows\System\mOjGtWA.exe
  2⤵
  PID:8556
- C:\Windows\System\xGiZqGN.exe
  C:\Windows\System\xGiZqGN.exe
  2⤵
  PID:8572
- C:\Windows\System\DIYUuAV.exe
  C:\Windows\System\DIYUuAV.exe
  2⤵
  PID:8588
- C:\Windows\System\uBebCgp.exe
  C:\Windows\System\uBebCgp.exe
  2⤵
  PID:8604
- C:\Windows\System\rVYGAth.exe
  C:\Windows\System\rVYGAth.exe
  2⤵
  PID:8624
- C:\Windows\System\gSnGEVA.exe
  C:\Windows\System\gSnGEVA.exe
  2⤵
  PID:8644
- C:\Windows\System\MfamOOR.exe
  C:\Windows\System\MfamOOR.exe
  2⤵
  PID:8680
- C:\Windows\System\Kdfnhsv.exe
  C:\Windows\System\Kdfnhsv.exe
  2⤵
  PID:8696
- C:\Windows\System\loQVUqY.exe
  C:\Windows\System\loQVUqY.exe
  2⤵
  PID:8712
- C:\Windows\System\AuqxUYT.exe
  C:\Windows\System\AuqxUYT.exe
  2⤵
  PID:8728
- C:\Windows\System\wYJnckE.exe
  C:\Windows\System\wYJnckE.exe
  2⤵
  PID:8744
- C:\Windows\System\eznXQCG.exe
  C:\Windows\System\eznXQCG.exe
  2⤵
  PID:8760
- C:\Windows\System\iEqqZJU.exe
  C:\Windows\System\iEqqZJU.exe
  2⤵
  PID:8776
- C:\Windows\System\OYhPRGN.exe
  C:\Windows\System\OYhPRGN.exe
  2⤵
  PID:8792
- C:\Windows\System\kStdktL.exe
  C:\Windows\System\kStdktL.exe
  2⤵
  PID:8808
- C:\Windows\System\CtnySYm.exe
  C:\Windows\System\CtnySYm.exe
  2⤵
  PID:8824
- C:\Windows\System\RBGioOT.exe
  C:\Windows\System\RBGioOT.exe
  2⤵
  PID:8844
- C:\Windows\System\HnqUTTm.exe
  C:\Windows\System\HnqUTTm.exe
  2⤵
  PID:8860
- C:\Windows\System\kIUydSx.exe
  C:\Windows\System\kIUydSx.exe
  2⤵
  PID:8884
- C:\Windows\System\KQgHdTz.exe
  C:\Windows\System\KQgHdTz.exe
  2⤵
  PID:8900
- C:\Windows\System\fcLCxXg.exe
  C:\Windows\System\fcLCxXg.exe
  2⤵
  PID:8920
- C:\Windows\System\vjweJhC.exe
  C:\Windows\System\vjweJhC.exe
  2⤵
  PID:9000
- C:\Windows\System\WuZBoHK.exe
  C:\Windows\System\WuZBoHK.exe
  2⤵
  PID:9016
- C:\Windows\System\ddNwyNW.exe
  C:\Windows\System\ddNwyNW.exe
  2⤵
  PID:9032
- C:\Windows\System\vnfBmTT.exe
  C:\Windows\System\vnfBmTT.exe
  2⤵
  PID:9076
- C:\Windows\System\kbwLxUc.exe
  C:\Windows\System\kbwLxUc.exe
  2⤵
  PID:9092
- C:\Windows\System\jCzwdrX.exe
  C:\Windows\System\jCzwdrX.exe
  2⤵
  PID:9140
- C:\Windows\System\IChvafm.exe
  C:\Windows\System\IChvafm.exe
  2⤵
  PID:9184
- C:\Windows\System\nAVAZdu.exe
  C:\Windows\System\nAVAZdu.exe
  2⤵
  PID:9200
- C:\Windows\System\pNPglCz.exe
  C:\Windows\System\pNPglCz.exe
  2⤵
  PID:2044
- C:\Windows\System\bTmItGj.exe
  C:\Windows\System\bTmItGj.exe
  2⤵
  PID:6932
- C:\Windows\System\SoNJxPp.exe
  C:\Windows\System\SoNJxPp.exe
  2⤵
  PID:8212
- C:\Windows\System\FdKZSYB.exe
  C:\Windows\System\FdKZSYB.exe
  2⤵
  PID:8276
- C:\Windows\System\JaEewBv.exe
  C:\Windows\System\JaEewBv.exe
  2⤵
  PID:7620
- C:\Windows\System\obMcXPI.exe
  C:\Windows\System\obMcXPI.exe
  2⤵
  PID:8336
- C:\Windows\System\ClbXULw.exe
  C:\Windows\System\ClbXULw.exe
  2⤵
  PID:8400
- C:\Windows\System\BpOuKSo.exe
  C:\Windows\System\BpOuKSo.exe
  2⤵
  PID:8316
- C:\Windows\System\BkpjJvx.exe
  C:\Windows\System\BkpjJvx.exe
  2⤵
  PID:8384
- C:\Windows\System\twprdrV.exe
  C:\Windows\System\twprdrV.exe
  2⤵
  PID:8196
- C:\Windows\System\dLSOZgv.exe
  C:\Windows\System\dLSOZgv.exe
  2⤵
  PID:1072
- C:\Windows\System\BbFSqNT.exe
  C:\Windows\System\BbFSqNT.exe
  2⤵
  PID:8292
- C:\Windows\System\SydfMNi.exe
  C:\Windows\System\SydfMNi.exe
  2⤵
  PID:7228
- C:\Windows\System\LSouAvg.exe
  C:\Windows\System\LSouAvg.exe
  2⤵
  PID:8532
- C:\Windows\System\LhvLjdQ.exe
  C:\Windows\System\LhvLjdQ.exe
  2⤵
  PID:8600
- C:\Windows\System\CPSoTaz.exe
  C:\Windows\System\CPSoTaz.exe
  2⤵
  PID:8652
- C:\Windows\System\WVNkaAm.exe
  C:\Windows\System\WVNkaAm.exe
  2⤵
  PID:8664
- C:\Windows\System\OhcMbGj.exe
  C:\Windows\System\OhcMbGj.exe
  2⤵
  PID:8708
- C:\Windows\System\DCqMcgv.exe
  C:\Windows\System\DCqMcgv.exe
  2⤵
  PID:8772
- C:\Windows\System\gnNcEUT.exe
  C:\Windows\System\gnNcEUT.exe
  2⤵
  PID:8868
- C:\Windows\System\kviEPeT.exe
  C:\Windows\System\kviEPeT.exe
  2⤵
  PID:8816
- C:\Windows\System\iBvyaEb.exe
  C:\Windows\System\iBvyaEb.exe
  2⤵
  PID:8788
- C:\Windows\System\ndMohwg.exe
  C:\Windows\System\ndMohwg.exe
  2⤵
  PID:8692
- C:\Windows\System\cDxsZpE.exe
  C:\Windows\System\cDxsZpE.exe
  2⤵
  PID:8484
- C:\Windows\System\mkdXiPq.exe
  C:\Windows\System\mkdXiPq.exe
  2⤵
  PID:8992
- C:\Windows\System\VvhmnOu.exe
  C:\Windows\System\VvhmnOu.exe
  2⤵
  PID:9012
- C:\Windows\System\mnblGbR.exe
  C:\Windows\System\mnblGbR.exe
  2⤵
  PID:8968
- C:\Windows\System\IrwNXpW.exe
  C:\Windows\System\IrwNXpW.exe
  2⤵
  PID:9100
- C:\Windows\System\XkdWKvG.exe
  C:\Windows\System\XkdWKvG.exe
  2⤵
  PID:9124
- C:\Windows\System\DEgEVey.exe
  C:\Windows\System\DEgEVey.exe
  2⤵
  PID:8948
- C:\Windows\System\IAycxdx.exe
  C:\Windows\System\IAycxdx.exe
  2⤵
  PID:9192
- C:\Windows\System\iQcsErU.exe
  C:\Windows\System\iQcsErU.exe
  2⤵
  PID:8104
- C:\Windows\System\YxzOjkp.exe
  C:\Windows\System\YxzOjkp.exe
  2⤵
  PID:7680
- C:\Windows\System\pBabFsZ.exe
  C:\Windows\System\pBabFsZ.exe
  2⤵
  PID:8260
- C:\Windows\System\GwbHsjS.exe
  C:\Windows\System\GwbHsjS.exe
  2⤵
  PID:8308
- C:\Windows\System\xEJoxzh.exe
  C:\Windows\System\xEJoxzh.exe
  2⤵
  PID:8368
- C:\Windows\System\JAylOEj.exe
  C:\Windows\System\JAylOEj.exe
  2⤵
  PID:8356
- C:\Windows\System\UlYismk.exe
  C:\Windows\System\UlYismk.exe
  2⤵
  PID:8416
- C:\Windows\System\MzWeUXh.exe
  C:\Windows\System\MzWeUXh.exe
  2⤵
  PID:8496
- C:\Windows\System\bxuPWZJ.exe
  C:\Windows\System\bxuPWZJ.exe
  2⤵
  PID:8552
- C:\Windows\System\ozfBARa.exe
  C:\Windows\System\ozfBARa.exe
  2⤵
  PID:8632
- C:\Windows\System\pYAzmVp.exe
  C:\Windows\System\pYAzmVp.exe
  2⤵
  PID:8740
- C:\Windows\System\aSEOqUP.exe
  C:\Windows\System\aSEOqUP.exe
  2⤵
  PID:8880
- C:\Windows\System\BdKxPnS.exe
  C:\Windows\System\BdKxPnS.exe
  2⤵
  PID:8536
- C:\Windows\System\sSgNKdi.exe
  C:\Windows\System\sSgNKdi.exe
  2⤵
  PID:8820
- C:\Windows\System\vfyvixw.exe
  C:\Windows\System\vfyvixw.exe
  2⤵
  PID:8912
- C:\Windows\System\HufZrLZ.exe
  C:\Windows\System\HufZrLZ.exe
  2⤵
  PID:8932
- C:\Windows\System\pwaDsmm.exe
  C:\Windows\System\pwaDsmm.exe
  2⤵
  PID:8952
- C:\Windows\System\nvvHlJu.exe
  C:\Windows\System\nvvHlJu.exe
  2⤵
  PID:9008
- C:\Windows\System\lWgBvrc.exe
  C:\Windows\System\lWgBvrc.exe
  2⤵
  PID:9072
- C:\Windows\System\yasYGFF.exe
  C:\Windows\System\yasYGFF.exe
  2⤵
  PID:9168
- C:\Windows\System\vPQQbpo.exe
  C:\Windows\System\vPQQbpo.exe
  2⤵
  PID:9152
- C:\Windows\System\ZZGgNPw.exe
  C:\Windows\System\ZZGgNPw.exe
  2⤵
  PID:9208
- C:\Windows\System\yvsetFo.exe
  C:\Windows\System\yvsetFo.exe
  2⤵
  PID:8420
- C:\Windows\System\ipvpJYO.exe
  C:\Windows\System\ipvpJYO.exe
  2⤵
  PID:8876
- C:\Windows\System\hNoZqTY.exe
  C:\Windows\System\hNoZqTY.exe
  2⤵
  PID:8960
- C:\Windows\System\sFWtzcP.exe
  C:\Windows\System\sFWtzcP.exe
  2⤵
  PID:8224
- C:\Windows\System\gNqsajk.exe
  C:\Windows\System\gNqsajk.exe
  2⤵
  PID:9116
- C:\Windows\System\gdTCfDn.exe
  C:\Windows\System\gdTCfDn.exe
  2⤵
  PID:8616
- C:\Windows\System\iBjaUIa.exe
  C:\Windows\System\iBjaUIa.exe
  2⤵
  PID:8548
- C:\Windows\System\GnRPpbr.exe
  C:\Windows\System\GnRPpbr.exe
  2⤵
  PID:9052
- C:\Windows\System\DlfIxjy.exe
  C:\Windows\System\DlfIxjy.exe
  2⤵
  PID:9132
- C:\Windows\System\QcZVwSp.exe
  C:\Windows\System\QcZVwSp.exe
  2⤵
  PID:3944
- C:\Windows\System\ZaZLwrh.exe
  C:\Windows\System\ZaZLwrh.exe
  2⤵
  PID:8804
- C:\Windows\System\OTfXBXD.exe
  C:\Windows\System\OTfXBXD.exe
  2⤵
  PID:8976
- C:\Windows\System\cEyiEBu.exe
  C:\Windows\System\cEyiEBu.exe
  2⤵
  PID:8488
- C:\Windows\System\bcLHaGO.exe
  C:\Windows\System\bcLHaGO.exe
  2⤵
  PID:8908
- C:\Windows\System\QZGhiTk.exe
  C:\Windows\System\QZGhiTk.exe
  2⤵
  PID:8984
- C:\Windows\System\EDuUUeE.exe
  C:\Windows\System\EDuUUeE.exe
  2⤵
  PID:9084
- C:\Windows\System\PWVwIXo.exe
  C:\Windows\System\PWVwIXo.exe
  2⤵
  PID:8676
- C:\Windows\System\GrHjAUd.exe
  C:\Windows\System\GrHjAUd.exe
  2⤵
  PID:8404
- C:\Windows\System\fqxRoIK.exe
  C:\Windows\System\fqxRoIK.exe
  2⤵
  PID:8832
- C:\Windows\System\dsLMCDT.exe
  C:\Windows\System\dsLMCDT.exe
  2⤵
  PID:9108
- C:\Windows\System\unOeRBw.exe
  C:\Windows\System\unOeRBw.exe
  2⤵
  PID:8584
- C:\Windows\System\JPqAjdP.exe
  C:\Windows\System\JPqAjdP.exe
  2⤵
  PID:8988
- C:\Windows\System\OMsrWfJ.exe
  C:\Windows\System\OMsrWfJ.exe
  2⤵
  PID:9040
- C:\Windows\System\YuajQMO.exe
  C:\Windows\System\YuajQMO.exe
  2⤵
  PID:9236
- C:\Windows\System\WEslrjE.exe
  C:\Windows\System\WEslrjE.exe
  2⤵
  PID:9260
- C:\Windows\System\XdVelaC.exe
  C:\Windows\System\XdVelaC.exe
  2⤵
  PID:9280
- C:\Windows\System\xuZwUPJ.exe
  C:\Windows\System\xuZwUPJ.exe
  2⤵
  PID:9304
- C:\Windows\System\BFtSRdW.exe
  C:\Windows\System\BFtSRdW.exe
  2⤵
  PID:9340
- C:\Windows\System\pobdktR.exe
  C:\Windows\System\pobdktR.exe
  2⤵
  PID:9356
- C:\Windows\System\dgjXTjM.exe
  C:\Windows\System\dgjXTjM.exe
  2⤵
  PID:9372
- C:\Windows\System\eHQdXeL.exe
  C:\Windows\System\eHQdXeL.exe
  2⤵
  PID:9388
- C:\Windows\System\FPETeZQ.exe
  C:\Windows\System\FPETeZQ.exe
  2⤵
  PID:9404
- C:\Windows\System\XSEviRT.exe
  C:\Windows\System\XSEviRT.exe
  2⤵
  PID:9420
- C:\Windows\System\kCXCjOg.exe
  C:\Windows\System\kCXCjOg.exe
  2⤵
  PID:9436
- C:\Windows\System\JhwlWjq.exe
  C:\Windows\System\JhwlWjq.exe
  2⤵
  PID:9452
- C:\Windows\System\vJZiBrX.exe
  C:\Windows\System\vJZiBrX.exe
  2⤵
  PID:9468
- C:\Windows\System\eVfvVsn.exe
  C:\Windows\System\eVfvVsn.exe
  2⤵
  PID:9484
- C:\Windows\System\JaYKlha.exe
  C:\Windows\System\JaYKlha.exe
  2⤵
  PID:9500
- C:\Windows\System\cZvezvu.exe
  C:\Windows\System\cZvezvu.exe
  2⤵
  PID:9520
- C:\Windows\System\mriWVHO.exe
  C:\Windows\System\mriWVHO.exe
  2⤵
  PID:9540
- C:\Windows\System\zWLwGqg.exe
  C:\Windows\System\zWLwGqg.exe
  2⤵
  PID:9564
- C:\Windows\System\vVQonHr.exe
  C:\Windows\System\vVQonHr.exe
  2⤵
  PID:9580
- C:\Windows\System\govbNdH.exe
  C:\Windows\System\govbNdH.exe
  2⤵
  PID:9616
- C:\Windows\System\zMAPnnW.exe
  C:\Windows\System\zMAPnnW.exe
  2⤵
  PID:9636
- C:\Windows\System\PuWJqjk.exe
  C:\Windows\System\PuWJqjk.exe
  2⤵
  PID:9660
- C:\Windows\System\kpmnwUl.exe
  C:\Windows\System\kpmnwUl.exe
  2⤵
  PID:9680
- C:\Windows\System\MlCvxNH.exe
  C:\Windows\System\MlCvxNH.exe
  2⤵
  PID:9704
- C:\Windows\System\XuKpWzS.exe
  C:\Windows\System\XuKpWzS.exe
  2⤵
  PID:9720
- C:\Windows\System\dlScQVm.exe
  C:\Windows\System\dlScQVm.exe
  2⤵
  PID:9740
- C:\Windows\System\gFyCWRy.exe
  C:\Windows\System\gFyCWRy.exe
  2⤵
  PID:9760
- C:\Windows\System\oLaHLWd.exe
  C:\Windows\System\oLaHLWd.exe
  2⤵
  PID:9780
- C:\Windows\System\RCAunFv.exe
  C:\Windows\System\RCAunFv.exe
  2⤵
  PID:9800
- C:\Windows\System\UxqsHjq.exe
  C:\Windows\System\UxqsHjq.exe
  2⤵
  PID:9816
- C:\Windows\System\aaMsexr.exe
  C:\Windows\System\aaMsexr.exe
  2⤵
  PID:9836
- C:\Windows\System\LetFRyF.exe
  C:\Windows\System\LetFRyF.exe
  2⤵
  PID:9852
- C:\Windows\System\KatWxVv.exe
  C:\Windows\System\KatWxVv.exe
  2⤵
  PID:9872
- C:\Windows\System\XHNizOg.exe
  C:\Windows\System\XHNizOg.exe
  2⤵
  PID:9888
- C:\Windows\System\GYOziOS.exe
  C:\Windows\System\GYOziOS.exe
  2⤵
  PID:9904
- C:\Windows\System\kpjzSgw.exe
  C:\Windows\System\kpjzSgw.exe
  2⤵
  PID:9924
- C:\Windows\System\cDIpegw.exe
  C:\Windows\System\cDIpegw.exe
  2⤵
  PID:9940
- C:\Windows\System\JBIPOIb.exe
  C:\Windows\System\JBIPOIb.exe
  2⤵
  PID:10004
- C:\Windows\System\nIuNwqM.exe
  C:\Windows\System\nIuNwqM.exe
  2⤵
  PID:10024
- C:\Windows\System\MAxrPWX.exe
  C:\Windows\System\MAxrPWX.exe
  2⤵
  PID:10040
- C:\Windows\System\CgKxJVI.exe
  C:\Windows\System\CgKxJVI.exe
  2⤵
  PID:10056
- C:\Windows\System\iVZaQve.exe
  C:\Windows\System\iVZaQve.exe
  2⤵
  PID:10072
- C:\Windows\System\ASCMlLv.exe
  C:\Windows\System\ASCMlLv.exe
  2⤵
  PID:10088
- C:\Windows\System\cIsnpgk.exe
  C:\Windows\System\cIsnpgk.exe
  2⤵
  PID:10104
- C:\Windows\System\GRmHcfQ.exe
  C:\Windows\System\GRmHcfQ.exe
  2⤵
  PID:10120
- C:\Windows\System\AFKcwFY.exe
  C:\Windows\System\AFKcwFY.exe
  2⤵
  PID:10136
- C:\Windows\System\jDDTrdU.exe
  C:\Windows\System\jDDTrdU.exe
  2⤵
  PID:10152
- C:\Windows\System\wwmhHTj.exe
  C:\Windows\System\wwmhHTj.exe
  2⤵
  PID:10168
- C:\Windows\System\iGZLaUz.exe
  C:\Windows\System\iGZLaUz.exe
  2⤵
  PID:10184
- C:\Windows\System\fPQYoLM.exe
  C:\Windows\System\fPQYoLM.exe
  2⤵
  PID:10200
- C:\Windows\System\qSkoaIz.exe
  C:\Windows\System\qSkoaIz.exe
  2⤵
  PID:10216
- C:\Windows\System\jKqSuRH.exe
  C:\Windows\System\jKqSuRH.exe
  2⤵
  PID:10232
- C:\Windows\System\sgxyksW.exe
  C:\Windows\System\sgxyksW.exe
  2⤵
  PID:8476
- C:\Windows\System\soeZPNK.exe
  C:\Windows\System\soeZPNK.exe
  2⤵
  PID:9224
- C:\Windows\System\PeHUxRj.exe
  C:\Windows\System\PeHUxRj.exe
  2⤵
  PID:9276
- C:\Windows\System\BwxrDom.exe
  C:\Windows\System\BwxrDom.exe
  2⤵
  PID:7328
- C:\Windows\System\JLccwxm.exe
  C:\Windows\System\JLccwxm.exe
  2⤵
  PID:9352
- C:\Windows\System\WLsLovY.exe
  C:\Windows\System\WLsLovY.exe
  2⤵
  PID:9416
- C:\Windows\System\YJPrZrn.exe
  C:\Windows\System\YJPrZrn.exe
  2⤵
  PID:9396
- C:\Windows\System\GJZLIvs.exe
  C:\Windows\System\GJZLIvs.exe
  2⤵
  PID:9548
- C:\Windows\System\OCflijM.exe
  C:\Windows\System\OCflijM.exe
  2⤵
  PID:9400
- C:\Windows\System\UmtiKWc.exe
  C:\Windows\System\UmtiKWc.exe
  2⤵
  PID:9464
- C:\Windows\System\ayZGEWX.exe
  C:\Windows\System\ayZGEWX.exe
  2⤵
  PID:9532
- C:\Windows\System\CpGQzkq.exe
  C:\Windows\System\CpGQzkq.exe
  2⤵
  PID:9560
- C:\Windows\System\snrdyYA.exe
  C:\Windows\System\snrdyYA.exe
  2⤵
  PID:9604
- C:\Windows\System\aUmUOQv.exe
  C:\Windows\System\aUmUOQv.exe
  2⤵
  PID:9648
- C:\Windows\System\yeSHdAC.exe
  C:\Windows\System\yeSHdAC.exe
  2⤵
  PID:9696
- C:\Windows\System\FuFPjUm.exe
  C:\Windows\System\FuFPjUm.exe
  2⤵
  PID:9768
- C:\Windows\System\xaiKuCZ.exe
  C:\Windows\System\xaiKuCZ.exe
  2⤵
  PID:9844
- C:\Windows\System\iYmMKzc.exe
  C:\Windows\System\iYmMKzc.exe
  2⤵
  PID:9884
- C:\Windows\System\YzWmZaJ.exe
  C:\Windows\System\YzWmZaJ.exe
  2⤵
  PID:9920
- C:\Windows\System\KaYXDSh.exe
  C:\Windows\System\KaYXDSh.exe
  2⤵
  PID:9960
- C:\Windows\System\hriSGqf.exe
  C:\Windows\System\hriSGqf.exe
  2⤵
  PID:9624
- C:\Windows\System\VcOdAxj.exe
  C:\Windows\System\VcOdAxj.exe
  2⤵
  PID:9712
- C:\Windows\System\EzeyCWO.exe
  C:\Windows\System\EzeyCWO.exe
  2⤵
  PID:9792
- C:\Windows\System\KKAQFSs.exe
  C:\Windows\System\KKAQFSs.exe
  2⤵
  PID:9832
- C:\Windows\System\tIULTmn.exe
  C:\Windows\System\tIULTmn.exe
  2⤵
  PID:9896
- C:\Windows\System\lWBJXdi.exe
  C:\Windows\System\lWBJXdi.exe
  2⤵
  PID:9996
- C:\Windows\System\ZPrPJnv.exe
  C:\Windows\System\ZPrPJnv.exe
  2⤵
  PID:10096
- C:\Windows\System\HgGZUHr.exe
  C:\Windows\System\HgGZUHr.exe
  2⤵
  PID:10020
- C:\Windows\System\LHezJxb.exe
  C:\Windows\System\LHezJxb.exe
  2⤵
  PID:10160
- C:\Windows\System\kDHwySm.exe
  C:\Windows\System\kDHwySm.exe
  2⤵
  PID:10196
- C:\Windows\System\UlVJeQb.exe
  C:\Windows\System\UlVJeQb.exe
  2⤵
  PID:9088
- C:\Windows\System\brXlIvB.exe
  C:\Windows\System\brXlIvB.exe
  2⤵
  PID:8208
- C:\Windows\System\bZWXcSH.exe
  C:\Windows\System\bZWXcSH.exe
  2⤵
  PID:10148
- C:\Windows\System\QqmJIVZ.exe
  C:\Windows\System\QqmJIVZ.exe
  2⤵
  PID:8452
- C:\Windows\System\zEbWLhU.exe
  C:\Windows\System\zEbWLhU.exe
  2⤵
  PID:8596
- C:\Windows\System\QeTTmhz.exe
  C:\Windows\System\QeTTmhz.exe
  2⤵
  PID:9348
- C:\Windows\System\zVyLzJn.exe
  C:\Windows\System\zVyLzJn.exe
  2⤵
  PID:9028
- C:\Windows\System\nbWFnfM.exe
  C:\Windows\System\nbWFnfM.exe
  2⤵
  PID:9516
- C:\Windows\System\wTuzxVi.exe
  C:\Windows\System\wTuzxVi.exe
  2⤵
  PID:9612
- C:\Windows\System\pTzjjTN.exe
  C:\Windows\System\pTzjjTN.exe
  2⤵
  PID:9736
- C:\Windows\System\WHCCYBJ.exe
  C:\Windows\System\WHCCYBJ.exe
  2⤵
  PID:9956
- C:\Windows\System\miAHwOF.exe
  C:\Windows\System\miAHwOF.exe
  2⤵
  PID:9672
- C:\Windows\System\HwpWpSW.exe
  C:\Windows\System\HwpWpSW.exe
  2⤵
  PID:9336
- C:\Windows\System\zAiwFsG.exe
  C:\Windows\System\zAiwFsG.exe
  2⤵
  PID:9688
- C:\Windows\System\wfdklSV.exe
  C:\Windows\System\wfdklSV.exe
  2⤵
  PID:9968
- C:\Windows\System\TCqoDCf.exe
  C:\Windows\System\TCqoDCf.exe
  2⤵
  PID:9752
- C:\Windows\System\sDVXCrR.exe
  C:\Windows\System\sDVXCrR.exe
  2⤵
  PID:9868
- C:\Windows\System\wpqOnBJ.exe
  C:\Windows\System\wpqOnBJ.exe
  2⤵
  PID:9992
- C:\Windows\System\iSqMrfl.exe
  C:\Windows\System\iSqMrfl.exe
  2⤵
  PID:10192
- C:\Windows\System\AJiGCTU.exe
  C:\Windows\System\AJiGCTU.exe
  2⤵
  PID:10132
- C:\Windows\System\EdyeFjv.exe
  C:\Windows\System\EdyeFjv.exe
  2⤵
  PID:10112
- C:\Windows\System\TZuwXdA.exe
  C:\Windows\System\TZuwXdA.exe
  2⤵
  PID:8856
- C:\Windows\System\iihTpZV.exe
  C:\Windows\System\iihTpZV.exe
  2⤵
  PID:9288
- C:\Windows\System\yIQkyKX.exe
  C:\Windows\System\yIQkyKX.exe
  2⤵
  PID:9212
- C:\Windows\System\ZsFpyky.exe
  C:\Windows\System\ZsFpyky.exe
  2⤵
  PID:10084
- C:\Windows\System\XOsgwMg.exe
  C:\Windows\System\XOsgwMg.exe
  2⤵
  PID:2432
- C:\Windows\System\AybcTnk.exe
  C:\Windows\System\AybcTnk.exe
  2⤵
  PID:9256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BgZWHNF.exe

Filesize
6.0MB

MD5
58afc9fecc09736b9d3a773eabc89ffa

SHA1
8b6ed638a93ee31a13021ff74e3a77a11af04e89

SHA256
c900a8dd0c1de06078ee87bb50017fc1735e7bf924da86a740c462e5293e9aa1

SHA512
b015c938041a3fa485a498c99d02e89f1ce47b036b2dfeea1e993bdbfc327a2d62a1943411629da73b58d24ad16757401e752035a4a3ae8f65896c9d6b9e34a8

Download Submit
C:\Windows\system\BuGWmqx.exe

Filesize
6.0MB

MD5
e5501b3b09f89df20e9214f3bdecb28a

SHA1
b7a4951307b5a0686932c787a58af09c694ea032

SHA256
bb88ee4ea802f4ac804de0147faca7c3f438813c58fe1795054ad1709851c650

SHA512
7f32db289ff1e734c7ffed3092abe4cdf454d983e85feccb86691a172d4927dca39341ff704946d8a7b833ef29a1e91f3f588647ea6129a445c1ac73b93a3f3b

Download Submit
C:\Windows\system\DYCcGFM.exe

Filesize
6.0MB

MD5
08e013544600274b4d060e3621b98ede

SHA1
f661f8f3098a0357b04147baed587bcbd0756bf9

SHA256
7f7a91d387369a9694e86e5538166be5071a269c7c1b533b2934d8371398790c

SHA512
215138e2784f36463fc27d8a289121f2f8162c999052d6ec521599c82014aafdc4490cdfd2ef0bed60938d061732312b6ce63792208f8e8897974fa27f00b2cc

Download Submit
C:\Windows\system\EQWuvqi.exe

Filesize
6.0MB

MD5
4b40503a24f4b90a0bb9c66c04368c72

SHA1
fc5af5bc208640e80a241f02234f90659b1bb329

SHA256
072f059aa12ca6fdf6d8a698b9772a2443ac29de5e9e21e6bd9ad21e855b5829

SHA512
7fbea74d67b61edd55cf235f9a3f8198f915f273d7df3cb03c98f638212c9e5c089c4428e1c50170333c1f88cd60bd53797b500982e4493a0fc6c7d42f5029cd

Download Submit
C:\Windows\system\EYIvQaa.exe

Filesize
6.0MB

MD5
9cd6a886411efe6b02c8522baeace9f8

SHA1
3657014a521c05a135f1f3aaf3c9f979f3109cb4

SHA256
c9c781b73c5dda3bc2f6e2ab2e450dccdfa54a846499a5f2e740a885079f0cdd

SHA512
a3fdbdfd9680693896a1c54f4b396ccecba76f6bee61da230fc012a59bc6b3f41c8fcd3ec31040843e39d3c883bdec114bbd74e6190d573880cd0fdd60d444ce

Download Submit
C:\Windows\system\EZyQkHT.exe

Filesize
6.0MB

MD5
f16b2d2b55fa0ea2b06101c6c6b0ac3d

SHA1
06cd4077a864ef0aeca2044c306c7170b05b6c23

SHA256
f3f3b98ab10b4053e028ebb56e1af9adc28aeeb0eab41e0f9ce22414a069d4e5

SHA512
311f796c5717fa00917c6fb73cb970cbe25c17346e4a3f51d8621629608b41ffdac7769321de7085d046e28f9333c795372272cb3d3a1f963774b02e75b403ab

Download Submit
C:\Windows\system\FWIJhLk.exe

Filesize
6.0MB

MD5
c1a25f9514d5825fb7494ce6da0c83e7

SHA1
ec3f72e1fb104259273f8ba992360221f95c205d

SHA256
a7984a946d8b9ad4b8b457c0b7f04e2f82918c96e5a8b732e3aae1ce76362b44

SHA512
ae8efa984d6bd750ccda9dffe74ccbce60d064ef1d981dd4b52fc3209d9e6a23fe38fd27a83a2c76d2a8fbde905a4a5702a2d0c3be7c2971a6a8b1f7e0074720

Download Submit
C:\Windows\system\HYGiqrK.exe

Filesize
6.0MB

MD5
423cf7e74be14ab136a29c578f0bcc3d

SHA1
70bef3c2eb8288c79135111c4b582b98cbfcdc24

SHA256
3e4bbab0f6d523161f28cc707180302a839274536a655a9c3e804fe8fafbfe69

SHA512
73a9b81d13b513c8ca7a889c3df5d44ee92858bb3649d32826b4cee7a845aa838466645845999be59cd6b8cb41de344103d39b9520bc7f06702820eadd5813e5

Download Submit
C:\Windows\system\KwAXYON.exe

Filesize
6.0MB

MD5
30e95c02535a99f2dbda2a16189c4bc8

SHA1
d2f8dfc12e6d4fb64e609f82f5a2202197d729cc

SHA256
52d3d0c10758bc88ccfcbf9c565eb2187b4643f68ecb1dd0391ee9767375228a

SHA512
0b831e3cfd643f441a945feee381763e9a68780624c84ceb9823d57e51873f24f7242ae6d842c52366e369d83dcdd9095a0cae8913f6b3cd500746e73e44df3e

Download Submit
C:\Windows\system\MgKeSVN.exe

Filesize
6.0MB

MD5
a7e0880520201485b51aecb34dbbad3e

SHA1
daa3f6732a878f0c45f3ff42a715a615b9a46e42

SHA256
18cdb92eeabc962e0e5fd0e5ef4645f3b2942be5c80c2fa8d8d7303c5fc546f1

SHA512
474e72a50b283448754343c4bfddf78651095ae9af7551e0074b6ec3d9cdbb7838d81c0467e2c8588ee71dd1409a69dd6ac14796f6543c65cfbf13487803edcf

Download Submit
C:\Windows\system\Ntogxqh.exe

Filesize
6.0MB

MD5
de831d4650632915a69580b3049cc8ba

SHA1
145e3e330c7ba2c3700ad1924ab9a580838801be

SHA256
9fe961f23ec3cb78ef3f2db8aabf09715fb0a873cb17888b4f7521d5df3e9f2e

SHA512
0f6223949217bed48d7e09c52ece9a8de7761bd60caff02d4584d696389e323b18e81aca9c4e8fcc6ddb48ae798c59983e2ce57d485d68ea7d00d9e3a18e1a2a

Download Submit
C:\Windows\system\OEbUsqb.exe

Filesize
6.0MB

MD5
4955ad49a3d78328c792fb4a0606173a

SHA1
da75f31950ec1d387f286a143e9995b84c810254

SHA256
4d703a64498ad72f926b524ed70f8ce1dcf97b444c53fe074bcae37a083384f7

SHA512
9f18cd82cbd2f5a14895b5b58ae3bf39d7b073031fadae2028cf5c6d3a50a200ee585c671ce74a1242179d74cb2e2b308efce984638508e3ba7426ab3c305a28

Download Submit
C:\Windows\system\PehuNWH.exe

Filesize
6.0MB

MD5
ba26178fe1fd657ae1205490cd4fbd65

SHA1
06931ff0573d8bcc0083548a2a03c3cf85c76ebe

SHA256
354e9b15cef2a7292506a18d62737af6ef65beaf437ec47ac467269c71ceb4bf

SHA512
77d24ed80a64225d4b070e4eabf50af35cb1b398fc4a98d9e4240167aab607d85ffcef4d15df8bf6ba410a58e21550a616d724b10b66fd98f451a92b8e77cb85

Download Submit
C:\Windows\system\PwxecOg.exe

Filesize
6.0MB

MD5
c704de882567af9b3ffb74bf5b6bcf63

SHA1
f0e812f0924b747edb87955d13d0b5410ef4b0d4

SHA256
644228753a63a50c200e18367e7a3b66b688465aee946423d680278c12c5a06b

SHA512
581fb5b659c22fa62c6820efb41720a23a5b4cab79cb0e4ec6723f55c1f5db5684788846f8691238d81215ec26ea77b507dcfa5fe59ae5582dd585f0de3f117c

Download Submit
C:\Windows\system\SFcOpkZ.exe

Filesize
6.0MB

MD5
ef2692798af1f2dc58816a28d56f15c0

SHA1
47be31ab21b8c339fe43637fd2274573a96ad30d

SHA256
ef435a30b64bb6fe368da9469ef7ee7429b2a9656063927c8f7141156ed3c937

SHA512
dbc7d93c7438c2ef6b2de06ff398169fe5cc6c2e8fd0623bcdd4b394f0e35d3188833769442ea58739cd358d8d4f18e0c10e9344512aa9bc818a08f012b92c0b

Download Submit
C:\Windows\system\SshbiGe.exe

Filesize
6.0MB

MD5
d6fedc26c88832265a594945b39ee144

SHA1
8bdbf51aa30c7c9a9ea1ecd05012c9d1204324c6

SHA256
b07d54a272490829d1a34ca4c7d7d2e7d5a968214b3707ce7ce7d806eb6afeac

SHA512
b3df2b5528807ed79ef08557557e7793e3d9d4ba75e27e770e378cd4d9ae6781088af1be18df2990d63945c552b8b6587d31affa6dc04bd1e889f2a3c538c5f4

Download Submit
C:\Windows\system\YQGMpuL.exe

Filesize
6.0MB

MD5
56022f441c57984c9fdf976c9319708b

SHA1
fd58759da40bea141020cfdade8504b46551beb8

SHA256
6f4b103f8cfde02135bbdd3de70090eee77657ef798de22499bea82d533b40a7

SHA512
037e64e73d34271e6f6dfbbfd93d0f083f75257f054d078c5b1a8360baf1eaef56d20182bbac7b96662ac2c18f2a15747855e5d6462c3d144ca581664938bbd9

Download Submit
C:\Windows\system\ZvLJndS.exe

Filesize
6.0MB

MD5
cdd81369869828edec875d8c6ad38736

SHA1
90daeed9bc3267f0dd04a94d4b121c7b965f0d23

SHA256
a69eec5eea1675882897726f58154c4bf00088b5987ddf488ef409df8d774f20

SHA512
29605c82b9bea34598f7522ee5544a6d7a8d6ab6eb4e0f3d3195f7f2df1085677e43501d058dfea7b3f245248dddf9deea90a410e23803e782e37a580808edff

Download Submit
C:\Windows\system\aZAgSJc.exe

Filesize
6.0MB

MD5
64d237f7cd3c5baf219c7691e8b12761

SHA1
f5ebcd796586ec1084813863fa2521925001a8e1

SHA256
acc035a6431d5f39566318997b310995dbd05e6efe68028f32058cd860cb8780

SHA512
1ad598173e543bf828bb10ca7929f38a5a30b2003f2df67909b68cb5bc30cc38653ca693dd5f62d37de5e7125e437d1f65fd36c6df4b414466f3091d93967a32

Download Submit
C:\Windows\system\emhrynV.exe

Filesize
6.0MB

MD5
9163a605919cb30e06d8b6c21addb260

SHA1
4d0077cc906dc4ef84f3acb48a2fd4ff4314c31c

SHA256
ce079d8db88891a1bdff1a65313867be78d80faa978aa7940afc9020e972084c

SHA512
e122eaeb660e9c00d35ff89c59a609d6cd554b82770ad0ccd65d03f879e75af02b5be2cbc6465ac7bb1d5ac3a12360b7ef0b29f8defc73bada57ebc1b4090f4f

Download Submit
C:\Windows\system\fXcBilu.exe

Filesize
6.0MB

MD5
b8ce6437fa1bcc8dd6dbe74fb1f1d7a8

SHA1
b644b66ce7022f0f88721e06130781dcabd985c2

SHA256
7f6b075e3f62888d733e73e50d6c556229b8567cb9fe15cf663b15aae3eed0a4

SHA512
f60325ac1ede4bbefe691294e3d53467fbe91115f56c74550fe644d972a81964ec61523950cc364a2c86eb3d515295b4c2082d8d0636d2a51f5be02bdf571eac

Download Submit
C:\Windows\system\kSPRIZd.exe

Filesize
6.0MB

MD5
afad63f461a396bc9b9a80144b650ab8

SHA1
77fc5ddc16028cd6c60ce0c42582d94b48f105b1

SHA256
c77526435ae011d78d557ad2fbc1a5ff545b206b735eec94b329244f9d3a80ba

SHA512
bd5e2053210662dc9f0573f3ee3ba07e44a828c8ff14a30c3a2661c7a45de741dc84ddd5a420417375485a4d0c33789d205ea438eef8a7158167534811a7de60

Download Submit
C:\Windows\system\kZceSDZ.exe

Filesize
6.0MB

MD5
b2838d0e9c855bd6a559ddeb43f98aa1

SHA1
da3779dce82019b76af464b36e8f9c38782c4cf1

SHA256
ffa15e4ad8c38272e458fb086100ef6566aee0eb50b5cfabaa883393dd56bfc2

SHA512
9e4db9c5968ab77ad4cbde3de11004531fdca228d87e6e39b2781e7cff14829fc7bae88ac066c9a330859ec2bcdcd84e528dcda4915cbc4e252b5b0210ef6b72

Download Submit
C:\Windows\system\lAkZDqe.exe

Filesize
6.0MB

MD5
971d72f71c740d61320a16990b608426

SHA1
a61ccfcd16157b29954ff49ce3461d62dfc5f40a

SHA256
a14e801541a75c31d45725f28d39ebc7aa6d5eb3ebe1b687dd4b2bf7df28c752

SHA512
190d49d4782cc1520f14f2a4b0b64de38712cbcce4f650a02f23131388a3bc8a51413bb3c438bd00f40b336a88bc359357052c586707ecfecdbeb83419a21a94

Download Submit
C:\Windows\system\neTabZs.exe

Filesize
6.0MB

MD5
3b250104ba8cf1605d7497963f63c4d3

SHA1
17345ceb07142a65e9eb1147b3d215dded3bcfd5

SHA256
b8c8c09edd2b1853f581da30be4b8cd754675e852f4d9f2a0800818e5cdc3fa9

SHA512
cbc27f4ab5937d043266290a66dcb12bddd1345d880c772fde01e98b2c03691b9da626f6908d90fa310bbc9b295a74b6c77ea3fb63d9a9ddb4d41f3bac284c6f

Download Submit
C:\Windows\system\oQQltra.exe

Filesize
6.0MB

MD5
bb1dd27ed38f80e4f020b87f1fd1ee2c

SHA1
37e64d7cb6c6e740ab432def06d02210ee90bb09

SHA256
6e4fa60c9f53d769beb64611e950073e293af111c6389de64635e1ac01a96b72

SHA512
b50429c9876d8b1cb0543384ea208e16a02ba35fd9908290f439b2bbb28b55aa2c915c3def3ca2158b343747a0da0a804dce3a159dc1b741da2e939dcb230599

Download Submit
C:\Windows\system\otZcGJA.exe

Filesize
6.0MB

MD5
de6f9af7254f9236c0757ff828251cd6

SHA1
fe9f8941ba3d8fbb6f7ebcbbb87ec97975cdfb8c

SHA256
bf20fcd8609bb42747101db562274b39cf15a375b13cfe60c7bef9e7f86e5822

SHA512
40ed5f14bab10754b352099edf280b5a0087124fa3951a9bd173a6f6cce4a96809420c485cadc49cd43cee2d0d6d4f747bb9d22df9ff2d35a0044b128f1fa090

Download Submit
C:\Windows\system\suwVKPw.exe

Filesize
6.0MB

MD5
af7ae1b0a884ef34067a304e107d08b3

SHA1
94f942903814fd552e5fb7625d69476e66163bfa

SHA256
04820455cc15389a1f90bf1d1abe6821db26f5b30f96b3b8cc5d0b58f2870c9e

SHA512
f1bc819b08f7aaefcf031c4250a1bc4ccfd44d766ddceae8ab85edc42889cd1a799d39d0204b18f6340f803bd022334760fea04179859152605878499560e36e

Download Submit
C:\Windows\system\uqcbhVe.exe

Filesize
6.0MB

MD5
33c76f6dbe99b3edc8dbbd1fec296fc5

SHA1
2e949406e8a39db10174fb4bfbc1461b2fb19a05

SHA256
0322d8157e355037c267679f2c8c4f2f5d87b0c22a877b572746871d3d6d38e9

SHA512
e8e0d884f97b44fd126c3d874d834b478150e5952795067b690938ba495cc18ad385175f17c2f8a3c18e839d684000c96733edfd3de76220d51c1ec9ad67cd92

Download Submit
C:\Windows\system\ywaELxo.exe

Filesize
6.0MB

MD5
29971c65aa276c286acc16702a33523b

SHA1
d150feafc0b0c00d33ecb55101d485d50802b127

SHA256
8698bf258dea5149754001e4fbc31c203472166018dfef94ade8f074900f42b2

SHA512
049a6572dc092841b75bbb53edeee2a85b400208d1afdd80a50d827a061e51574742ab3d870a14e11c9c69217525c2f0fd6f34d3d9499842be257551f7c44376

Download Submit
C:\Windows\system\zyQLwTm.exe

Filesize
6.0MB

MD5
71960b75b553c8d82e494bc508c2022e

SHA1
d8b9013a14a78b20cbaf9e0edfa24d1b6a66f31c

SHA256
0ef5eabe5192c3c3f861875dc07d95e3493e8d7562fb35e69938e9c1dbcdda6b

SHA512
e2cd1b5f7ae384ed20a0701a6d825e5bc1e6f76029fb5ce8ccaf6fd104196a1cb9a46155dcd9494aaec70b76428b8c2ccad01f77e5750f5aa88000c567a3add3

Download Submit
\Windows\system\VfNTlAK.exe

Filesize
6.0MB

MD5
8d81700eab85db53ba72ad5c82ec610f

SHA1
72145880edc96f7c53e63239351cee4f278b4c18

SHA256
976bc465eb82c95aa78dbc1384f937b0547a44f7e2ec44cea399a6f7e55793a7

SHA512
61ed3f51d0c33322233b89a0f65589ddff24e15b13696dc6bcdfedb286de3897694bcfa71af449ba41582b9adc2dd9a064581e50e385b4d1ceffb15d46d3c562

Download Submit
memory/280-2557-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/280-4061-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/284-2681-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/284-4008-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3996-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2207-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2280-4001-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2280-2563-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2318-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3875-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3976-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2627-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2520-2329-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2639-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4092-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2675-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2558-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2689-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2544-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2683-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2614-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2693-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2793-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2803-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3986-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3901-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2833-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2762-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3886-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3590-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3591-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3849-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3844-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-0-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3883-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3867-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3855-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3848-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3839-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4003-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2548-2475-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4016-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2791-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2620-2691-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4025-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2801-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4010-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2672-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4069-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2751-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4028-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2626-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2638-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4004-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2687-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download