cobaltstrike | 60fdfd8ea72617e7ffa3d654310ed1390032cb9f27682ad50a7423ea2ca20b6d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

230140b1bc502c257c1524cc6bae919a
SHA1

6e7b69cab788bf27008fd2ca2c039a0f4fcddee2
SHA256

60fdfd8ea72617e7ffa3d654310ed1390032cb9f27682ad50a7423ea2ca20b6d
SHA512

0857d9a7352f738785bf5a5233ec08488a1cab0fe937ffbdec3360ac9c001bc093dc1e4376932333d584405269dc1f803a382da4c36bcbf910ba200d685ed945
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000015d89-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ec4-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f7b-28.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001604c-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001610d-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016332-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-109.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-191.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-189.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-194.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-172.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d54-55.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001628b-54.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2840-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x000e000000015d89-13.dat	xmrig
behavioral1/files/0x0008000000015ec4-12.dat	xmrig
behavioral1/memory/2756-8-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2788-21-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f7b-28.dat	xmrig
behavioral1/memory/2868-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2840-27-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2892-26-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000700000001604c-33.dat	xmrig
behavioral1/memory/2624-37-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000700000001610d-40.dat	xmrig
behavioral1/files/0x0007000000016332-48.dat	xmrig
behavioral1/memory/2316-95-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016df3-109.dat	xmrig
behavioral1/files/0x000600000001749c-125.dat	xmrig
behavioral1/files/0x0005000000018686-133.dat	xmrig
behavioral1/files/0x00050000000186f1-157.dat	xmrig
behavioral1/files/0x0005000000018739-168.dat	xmrig
behavioral1/memory/2840-438-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1780-437-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2120-440-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2268-443-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2332-444-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2316-442-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2632-441-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000500000001878e-191.dat	xmrig
behavioral1/files/0x0006000000018b4e-189.dat	xmrig
behavioral1/files/0x0006000000018c16-194.dat	xmrig
behavioral1/files/0x00050000000187a8-186.dat	xmrig
behavioral1/memory/1032-184-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f4-163.dat	xmrig
behavioral1/files/0x0005000000018744-175.dat	xmrig
behavioral1/files/0x00050000000186ed-153.dat	xmrig
behavioral1/files/0x0005000000018704-172.dat	xmrig
behavioral1/files/0x000600000001755b-129.dat	xmrig
behavioral1/files/0x0006000000017497-121.dat	xmrig
behavioral1/files/0x0006000000017049-117.dat	xmrig
behavioral1/files/0x0006000000016ecf-113.dat	xmrig
behavioral1/files/0x0006000000016dea-105.dat	xmrig
behavioral1/files/0x0006000000016de8-101.dat	xmrig
behavioral1/memory/2332-97-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2268-96-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2632-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2868-93-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-92.dat	xmrig
behavioral1/files/0x0006000000016d6f-91.dat	xmrig
behavioral1/files/0x0006000000016d67-90.dat	xmrig
behavioral1/memory/2120-88-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d77-84.dat	xmrig
behavioral1/memory/1780-83-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2840-75-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2756-67-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1032-43-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6b-71.dat	xmrig
behavioral1/memory/2788-69-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2840-62-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/332-61-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2520-60-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2840-57-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d54-55.dat	xmrig
behavioral1/files/0x000700000001628b-54.dat	xmrig
behavioral1/memory/2840-47-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2756	sDLoNcU.exe
2788	pksyuRi.exe
2892	CtKrDsh.exe
2868	rXGfEvS.exe
2624	SwXHJFA.exe
1032	etAGizO.exe
2520	epbiZfw.exe
332	NgOhpEb.exe
1780	UJcloEQ.exe
2120	WEwuode.exe
2632	IZnhdBf.exe
2316	zGaJJVp.exe
2268	NLAdcHO.exe
2332	qnhGeUU.exe
2384	QHFkuQD.exe
1312	CqbYOZc.exe
2968	cwGetDm.exe
2948	YZJFeNt.exe
2696	ZXPoHLB.exe
3028	cbgXKPr.exe
3016	gZnnWfS.exe
3000	NYULCVO.exe
2072	wQqjsxU.exe
2356	ELIEcyl.exe
1624	kDIZgrC.exe
1216	lbXdJkv.exe
908	tobyZFJ.exe
2320	XtuQCTK.exe
2548	vzIEQQI.exe
1696	vHgyiCN.exe
1536	klBegHD.exe
1352	XoMpIIU.exe
2576	omhaycf.exe
1968	uAhzBzA.exe
1540	HIzRIes.exe
1984	jhxlzrU.exe
904	svIvUlN.exe
936	ecRFxiP.exe
1748	yZNoYox.exe
2540	EdYPvMU.exe
2376	EqLkMxY.exe
1744	btZljAR.exe
2272	xQMUIlx.exe
1812	gcqJoLQ.exe
2444	wYdQbeM.exe
884	uoHBVSf.exe
1636	qPPHcAh.exe
2300	RKdXkcg.exe
868	hYtKAPA.exe
2380	FaiqtfA.exe
1596	xApDfwp.exe
3060	pnlbVFr.exe
1604	QvaxFMT.exe
2668	MHsChIF.exe
2680	qrYwSBQ.exe
1476	UFvvskj.exe
2956	EgkkkrX.exe
2424	kddNozu.exe
316	vQDAisH.exe
380	UJaYKkL.exe
2904	tmlWrWF.exe
2404	othnJce.exe
2312	EDPooyV.exe
2308	SflgpUZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2840-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x000e000000015d89-13.dat	upx
behavioral1/files/0x0008000000015ec4-12.dat	upx
behavioral1/memory/2756-8-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2788-21-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0008000000015f7b-28.dat	upx
behavioral1/memory/2868-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2892-26-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000700000001604c-33.dat	upx
behavioral1/memory/2624-37-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000700000001610d-40.dat	upx
behavioral1/files/0x0007000000016332-48.dat	upx
behavioral1/memory/2316-95-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0006000000016df3-109.dat	upx
behavioral1/files/0x000600000001749c-125.dat	upx
behavioral1/files/0x0005000000018686-133.dat	upx
behavioral1/files/0x00050000000186f1-157.dat	upx
behavioral1/files/0x0005000000018739-168.dat	upx
behavioral1/memory/1780-437-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2120-440-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2268-443-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2332-444-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2316-442-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2632-441-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000500000001878e-191.dat	upx
behavioral1/files/0x0006000000018b4e-189.dat	upx
behavioral1/files/0x0006000000018c16-194.dat	upx
behavioral1/files/0x00050000000187a8-186.dat	upx
behavioral1/memory/1032-184-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x00050000000186f4-163.dat	upx
behavioral1/files/0x0005000000018744-175.dat	upx
behavioral1/files/0x00050000000186ed-153.dat	upx
behavioral1/files/0x0005000000018704-172.dat	upx
behavioral1/files/0x000600000001755b-129.dat	upx
behavioral1/files/0x0006000000017497-121.dat	upx
behavioral1/files/0x0006000000017049-117.dat	upx
behavioral1/files/0x0006000000016ecf-113.dat	upx
behavioral1/files/0x0006000000016dea-105.dat	upx
behavioral1/files/0x0006000000016de8-101.dat	upx
behavioral1/memory/2332-97-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2268-96-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2632-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2868-93-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-92.dat	upx
behavioral1/files/0x0006000000016d6f-91.dat	upx
behavioral1/files/0x0006000000016d67-90.dat	upx
behavioral1/memory/2120-88-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0006000000016d77-84.dat	upx
behavioral1/memory/1780-83-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2756-67-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/1032-43-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0006000000016d6b-71.dat	upx
behavioral1/memory/2788-69-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/332-61-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2520-60-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0008000000016d54-55.dat	upx
behavioral1/files/0x000700000001628b-54.dat	upx
behavioral1/memory/2840-47-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2788-3378-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2868-3399-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2756-3420-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2892-3418-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1032-3436-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wgjFhWK.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtExSXl.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFYiQXt.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCtmLGr.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CteBgIH.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwKTdhC.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIEzUSU.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IopAyel.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNbGleT.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXqneUx.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwXHJFA.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrxJtxm.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWtryzB.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUcCBpk.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoKbWCG.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSIzeQM.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RApTJBE.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\facjbwR.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIQVUeS.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMqSzay.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StQdlqN.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxqTIFz.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysULeRo.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVODJgI.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsOawYC.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOFgqHU.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXzamhc.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbijxBq.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecRFxiP.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQUPkpB.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSBfzpH.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENJKXVG.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAFDpCt.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQzWOBW.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQoKvuG.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtckFyK.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\metbbLr.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBBDMNU.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhsJBpC.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWbhift.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzBBYUE.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNdbfVw.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZmjAAF.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnRfiUP.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvIotEy.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDIZgrC.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOwZIZZ.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZTxZsw.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDjFiOy.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvogwxI.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipkrVdX.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPOtmbU.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjyZDLB.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhRVdnQ.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvmmATi.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhWWBVR.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDEOqek.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZAaQKx.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCaaVdl.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhEVXmz.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOTAZql.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqZMTtg.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCCYmSF.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oicloWw.exe	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2756	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2840 wrote to memory of 2756	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2840 wrote to memory of 2756	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2840 wrote to memory of 2788	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2840 wrote to memory of 2788	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2840 wrote to memory of 2788	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2840 wrote to memory of 2892	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2840 wrote to memory of 2892	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2840 wrote to memory of 2892	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2840 wrote to memory of 2868	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2840 wrote to memory of 2868	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2840 wrote to memory of 2868	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2840 wrote to memory of 2624	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2840 wrote to memory of 2624	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2840 wrote to memory of 2624	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2840 wrote to memory of 1032	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2840 wrote to memory of 1032	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2840 wrote to memory of 1032	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2840 wrote to memory of 2520	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2840 wrote to memory of 2520	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2840 wrote to memory of 2520	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2840 wrote to memory of 2632	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2840 wrote to memory of 2632	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2840 wrote to memory of 2632	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2840 wrote to memory of 332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2840 wrote to memory of 332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2840 wrote to memory of 332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2840 wrote to memory of 2316	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2840 wrote to memory of 2316	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2840 wrote to memory of 2316	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2840 wrote to memory of 1780	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2840 wrote to memory of 1780	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2840 wrote to memory of 1780	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2840 wrote to memory of 2268	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2840 wrote to memory of 2268	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2840 wrote to memory of 2268	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2840 wrote to memory of 2120	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2840 wrote to memory of 2120	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2840 wrote to memory of 2120	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2840 wrote to memory of 2332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2840 wrote to memory of 2332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2840 wrote to memory of 2332	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2840 wrote to memory of 2384	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2840 wrote to memory of 2384	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2840 wrote to memory of 2384	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2840 wrote to memory of 1312	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2840 wrote to memory of 1312	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2840 wrote to memory of 1312	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2840 wrote to memory of 2968	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2840 wrote to memory of 2968	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2840 wrote to memory of 2968	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2840 wrote to memory of 2948	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2840 wrote to memory of 2948	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2840 wrote to memory of 2948	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2840 wrote to memory of 2696	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2840 wrote to memory of 2696	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2840 wrote to memory of 2696	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2840 wrote to memory of 3028	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2840 wrote to memory of 3028	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2840 wrote to memory of 3028	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2840 wrote to memory of 3016	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2840 wrote to memory of 3016	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2840 wrote to memory of 3016	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2840 wrote to memory of 3000	2840	2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_230140b1bc502c257c1524cc6bae919a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\System\sDLoNcU.exe
  C:\Windows\System\sDLoNcU.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\pksyuRi.exe
  C:\Windows\System\pksyuRi.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\CtKrDsh.exe
  C:\Windows\System\CtKrDsh.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rXGfEvS.exe
  C:\Windows\System\rXGfEvS.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\SwXHJFA.exe
  C:\Windows\System\SwXHJFA.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\etAGizO.exe
  C:\Windows\System\etAGizO.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\epbiZfw.exe
  C:\Windows\System\epbiZfw.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\IZnhdBf.exe
  C:\Windows\System\IZnhdBf.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\NgOhpEb.exe
  C:\Windows\System\NgOhpEb.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\zGaJJVp.exe
  C:\Windows\System\zGaJJVp.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UJcloEQ.exe
  C:\Windows\System\UJcloEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\NLAdcHO.exe
  C:\Windows\System\NLAdcHO.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\WEwuode.exe
  C:\Windows\System\WEwuode.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\qnhGeUU.exe
  C:\Windows\System\qnhGeUU.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\QHFkuQD.exe
  C:\Windows\System\QHFkuQD.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\CqbYOZc.exe
  C:\Windows\System\CqbYOZc.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\cwGetDm.exe
  C:\Windows\System\cwGetDm.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\YZJFeNt.exe
  C:\Windows\System\YZJFeNt.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\ZXPoHLB.exe
  C:\Windows\System\ZXPoHLB.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\cbgXKPr.exe
  C:\Windows\System\cbgXKPr.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\gZnnWfS.exe
  C:\Windows\System\gZnnWfS.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\NYULCVO.exe
  C:\Windows\System\NYULCVO.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\wQqjsxU.exe
  C:\Windows\System\wQqjsxU.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ELIEcyl.exe
  C:\Windows\System\ELIEcyl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\kDIZgrC.exe
  C:\Windows\System\kDIZgrC.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\lbXdJkv.exe
  C:\Windows\System\lbXdJkv.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\tobyZFJ.exe
  C:\Windows\System\tobyZFJ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\vzIEQQI.exe
  C:\Windows\System\vzIEQQI.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XtuQCTK.exe
  C:\Windows\System\XtuQCTK.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\klBegHD.exe
  C:\Windows\System\klBegHD.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\vHgyiCN.exe
  C:\Windows\System\vHgyiCN.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\omhaycf.exe
  C:\Windows\System\omhaycf.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XoMpIIU.exe
  C:\Windows\System\XoMpIIU.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\HIzRIes.exe
  C:\Windows\System\HIzRIes.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\uAhzBzA.exe
  C:\Windows\System\uAhzBzA.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\jhxlzrU.exe
  C:\Windows\System\jhxlzrU.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\svIvUlN.exe
  C:\Windows\System\svIvUlN.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\ecRFxiP.exe
  C:\Windows\System\ecRFxiP.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\yZNoYox.exe
  C:\Windows\System\yZNoYox.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\EqLkMxY.exe
  C:\Windows\System\EqLkMxY.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\EdYPvMU.exe
  C:\Windows\System\EdYPvMU.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\btZljAR.exe
  C:\Windows\System\btZljAR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\xQMUIlx.exe
  C:\Windows\System\xQMUIlx.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\wYdQbeM.exe
  C:\Windows\System\wYdQbeM.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\gcqJoLQ.exe
  C:\Windows\System\gcqJoLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\qPPHcAh.exe
  C:\Windows\System\qPPHcAh.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\uoHBVSf.exe
  C:\Windows\System\uoHBVSf.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\hYtKAPA.exe
  C:\Windows\System\hYtKAPA.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\RKdXkcg.exe
  C:\Windows\System\RKdXkcg.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\FaiqtfA.exe
  C:\Windows\System\FaiqtfA.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\xApDfwp.exe
  C:\Windows\System\xApDfwp.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\QvaxFMT.exe
  C:\Windows\System\QvaxFMT.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\pnlbVFr.exe
  C:\Windows\System\pnlbVFr.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\MHsChIF.exe
  C:\Windows\System\MHsChIF.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\qrYwSBQ.exe
  C:\Windows\System\qrYwSBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\kddNozu.exe
  C:\Windows\System\kddNozu.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\UFvvskj.exe
  C:\Windows\System\UFvvskj.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\vQDAisH.exe
  C:\Windows\System\vQDAisH.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\EgkkkrX.exe
  C:\Windows\System\EgkkkrX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\UJaYKkL.exe
  C:\Windows\System\UJaYKkL.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\tmlWrWF.exe
  C:\Windows\System\tmlWrWF.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\rQOZeqi.exe
  C:\Windows\System\rQOZeqi.exe
  2⤵
  PID:2284
- C:\Windows\System\othnJce.exe
  C:\Windows\System\othnJce.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mOwZIZZ.exe
  C:\Windows\System\mOwZIZZ.exe
  2⤵
  PID:664
- C:\Windows\System\EDPooyV.exe
  C:\Windows\System\EDPooyV.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ZiymOml.exe
  C:\Windows\System\ZiymOml.exe
  2⤵
  PID:2460
- C:\Windows\System\SflgpUZ.exe
  C:\Windows\System\SflgpUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\hxxvKAi.exe
  C:\Windows\System\hxxvKAi.exe
  2⤵
  PID:2524
- C:\Windows\System\CNFvdjH.exe
  C:\Windows\System\CNFvdjH.exe
  2⤵
  PID:1784
- C:\Windows\System\RhRVdnQ.exe
  C:\Windows\System\RhRVdnQ.exe
  2⤵
  PID:2080
- C:\Windows\System\bulWBBe.exe
  C:\Windows\System\bulWBBe.exe
  2⤵
  PID:2708
- C:\Windows\System\fgFiDRO.exe
  C:\Windows\System\fgFiDRO.exe
  2⤵
  PID:1752
- C:\Windows\System\adpSrHn.exe
  C:\Windows\System\adpSrHn.exe
  2⤵
  PID:468
- C:\Windows\System\tsmdRHe.exe
  C:\Windows\System\tsmdRHe.exe
  2⤵
  PID:760
- C:\Windows\System\SNBHWXd.exe
  C:\Windows\System\SNBHWXd.exe
  2⤵
  PID:2136
- C:\Windows\System\pGHrTKT.exe
  C:\Windows\System\pGHrTKT.exe
  2⤵
  PID:916
- C:\Windows\System\facjbwR.exe
  C:\Windows\System\facjbwR.exe
  2⤵
  PID:1648
- C:\Windows\System\NtUOjng.exe
  C:\Windows\System\NtUOjng.exe
  2⤵
  PID:1228
- C:\Windows\System\UOUQDsZ.exe
  C:\Windows\System\UOUQDsZ.exe
  2⤵
  PID:2516
- C:\Windows\System\xSNwlxp.exe
  C:\Windows\System\xSNwlxp.exe
  2⤵
  PID:1932
- C:\Windows\System\CbRrFZx.exe
  C:\Windows\System\CbRrFZx.exe
  2⤵
  PID:2500
- C:\Windows\System\ZipTWuQ.exe
  C:\Windows\System\ZipTWuQ.exe
  2⤵
  PID:2496
- C:\Windows\System\YGCesVH.exe
  C:\Windows\System\YGCesVH.exe
  2⤵
  PID:2472
- C:\Windows\System\sOtjfSm.exe
  C:\Windows\System\sOtjfSm.exe
  2⤵
  PID:2528
- C:\Windows\System\csaBNEE.exe
  C:\Windows\System\csaBNEE.exe
  2⤵
  PID:2660
- C:\Windows\System\zWkwfwz.exe
  C:\Windows\System\zWkwfwz.exe
  2⤵
  PID:1012
- C:\Windows\System\ElNmaId.exe
  C:\Windows\System\ElNmaId.exe
  2⤵
  PID:1084
- C:\Windows\System\VODjiLv.exe
  C:\Windows\System\VODjiLv.exe
  2⤵
  PID:1040
- C:\Windows\System\lTjKsGl.exe
  C:\Windows\System\lTjKsGl.exe
  2⤵
  PID:2848
- C:\Windows\System\aePQhvF.exe
  C:\Windows\System\aePQhvF.exe
  2⤵
  PID:2648
- C:\Windows\System\OMPcDxk.exe
  C:\Windows\System\OMPcDxk.exe
  2⤵
  PID:2468
- C:\Windows\System\raLWuzs.exe
  C:\Windows\System\raLWuzs.exe
  2⤵
  PID:2676
- C:\Windows\System\NOTAZql.exe
  C:\Windows\System\NOTAZql.exe
  2⤵
  PID:2960
- C:\Windows\System\TYkhznK.exe
  C:\Windows\System\TYkhznK.exe
  2⤵
  PID:1716
- C:\Windows\System\WVTMYOt.exe
  C:\Windows\System\WVTMYOt.exe
  2⤵
  PID:3080
- C:\Windows\System\YHoIYIM.exe
  C:\Windows\System\YHoIYIM.exe
  2⤵
  PID:3096
- C:\Windows\System\eQMjcbz.exe
  C:\Windows\System\eQMjcbz.exe
  2⤵
  PID:3112
- C:\Windows\System\PuaQiyK.exe
  C:\Windows\System\PuaQiyK.exe
  2⤵
  PID:3128
- C:\Windows\System\DvOzdhu.exe
  C:\Windows\System\DvOzdhu.exe
  2⤵
  PID:3144
- C:\Windows\System\Syhaxtp.exe
  C:\Windows\System\Syhaxtp.exe
  2⤵
  PID:3164
- C:\Windows\System\XjuogrE.exe
  C:\Windows\System\XjuogrE.exe
  2⤵
  PID:3180
- C:\Windows\System\CIfmxnv.exe
  C:\Windows\System\CIfmxnv.exe
  2⤵
  PID:3208
- C:\Windows\System\UIeMLdO.exe
  C:\Windows\System\UIeMLdO.exe
  2⤵
  PID:3224
- C:\Windows\System\RKaMDfN.exe
  C:\Windows\System\RKaMDfN.exe
  2⤵
  PID:3240
- C:\Windows\System\GHGIQBs.exe
  C:\Windows\System\GHGIQBs.exe
  2⤵
  PID:3256
- C:\Windows\System\NfhKzCv.exe
  C:\Windows\System\NfhKzCv.exe
  2⤵
  PID:3272
- C:\Windows\System\WTFodHf.exe
  C:\Windows\System\WTFodHf.exe
  2⤵
  PID:3288
- C:\Windows\System\ihafKUG.exe
  C:\Windows\System\ihafKUG.exe
  2⤵
  PID:3308
- C:\Windows\System\lbKdUwd.exe
  C:\Windows\System\lbKdUwd.exe
  2⤵
  PID:3336
- C:\Windows\System\Mvpnvyt.exe
  C:\Windows\System\Mvpnvyt.exe
  2⤵
  PID:3352
- C:\Windows\System\JTrXnLj.exe
  C:\Windows\System\JTrXnLj.exe
  2⤵
  PID:3404
- C:\Windows\System\vKeArjv.exe
  C:\Windows\System\vKeArjv.exe
  2⤵
  PID:3424
- C:\Windows\System\EBZmtGx.exe
  C:\Windows\System\EBZmtGx.exe
  2⤵
  PID:3440
- C:\Windows\System\YcfYLie.exe
  C:\Windows\System\YcfYLie.exe
  2⤵
  PID:3504
- C:\Windows\System\GwmAJEC.exe
  C:\Windows\System\GwmAJEC.exe
  2⤵
  PID:3524
- C:\Windows\System\YlgvjoY.exe
  C:\Windows\System\YlgvjoY.exe
  2⤵
  PID:3540
- C:\Windows\System\IdYilqd.exe
  C:\Windows\System\IdYilqd.exe
  2⤵
  PID:3556
- C:\Windows\System\HFEpjVP.exe
  C:\Windows\System\HFEpjVP.exe
  2⤵
  PID:3580
- C:\Windows\System\RyprQjY.exe
  C:\Windows\System\RyprQjY.exe
  2⤵
  PID:3596
- C:\Windows\System\uxqTIFz.exe
  C:\Windows\System\uxqTIFz.exe
  2⤵
  PID:3620
- C:\Windows\System\DjVQjyO.exe
  C:\Windows\System\DjVQjyO.exe
  2⤵
  PID:3636
- C:\Windows\System\jpudLTC.exe
  C:\Windows\System\jpudLTC.exe
  2⤵
  PID:3652
- C:\Windows\System\gHYvfaa.exe
  C:\Windows\System\gHYvfaa.exe
  2⤵
  PID:3668
- C:\Windows\System\ZSTCvOT.exe
  C:\Windows\System\ZSTCvOT.exe
  2⤵
  PID:3684
- C:\Windows\System\HPwRUDb.exe
  C:\Windows\System\HPwRUDb.exe
  2⤵
  PID:3700
- C:\Windows\System\hwkckJx.exe
  C:\Windows\System\hwkckJx.exe
  2⤵
  PID:3720
- C:\Windows\System\nbEDkRw.exe
  C:\Windows\System\nbEDkRw.exe
  2⤵
  PID:3740
- C:\Windows\System\xSuwuIm.exe
  C:\Windows\System\xSuwuIm.exe
  2⤵
  PID:3760
- C:\Windows\System\zzModCq.exe
  C:\Windows\System\zzModCq.exe
  2⤵
  PID:3780
- C:\Windows\System\bBLtyMp.exe
  C:\Windows\System\bBLtyMp.exe
  2⤵
  PID:3800
- C:\Windows\System\BmbTkcP.exe
  C:\Windows\System\BmbTkcP.exe
  2⤵
  PID:3820
- C:\Windows\System\QWCbNXM.exe
  C:\Windows\System\QWCbNXM.exe
  2⤵
  PID:3840
- C:\Windows\System\bfWexhf.exe
  C:\Windows\System\bfWexhf.exe
  2⤵
  PID:3860
- C:\Windows\System\skXIWxu.exe
  C:\Windows\System\skXIWxu.exe
  2⤵
  PID:3880
- C:\Windows\System\HKMHQtX.exe
  C:\Windows\System\HKMHQtX.exe
  2⤵
  PID:3900
- C:\Windows\System\VBKxRdx.exe
  C:\Windows\System\VBKxRdx.exe
  2⤵
  PID:3916
- C:\Windows\System\KhdoGbD.exe
  C:\Windows\System\KhdoGbD.exe
  2⤵
  PID:3932
- C:\Windows\System\ukqPpZA.exe
  C:\Windows\System\ukqPpZA.exe
  2⤵
  PID:3948
- C:\Windows\System\GqZMTtg.exe
  C:\Windows\System\GqZMTtg.exe
  2⤵
  PID:3972
- C:\Windows\System\oByLMTE.exe
  C:\Windows\System\oByLMTE.exe
  2⤵
  PID:3988
- C:\Windows\System\xRKqJnB.exe
  C:\Windows\System\xRKqJnB.exe
  2⤵
  PID:4008
- C:\Windows\System\xABeBJU.exe
  C:\Windows\System\xABeBJU.exe
  2⤵
  PID:4024
- C:\Windows\System\LYRJKjj.exe
  C:\Windows\System\LYRJKjj.exe
  2⤵
  PID:4040
- C:\Windows\System\bfiPMRk.exe
  C:\Windows\System\bfiPMRk.exe
  2⤵
  PID:4056
- C:\Windows\System\lKJJwsE.exe
  C:\Windows\System\lKJJwsE.exe
  2⤵
  PID:4072
- C:\Windows\System\BRwUaDx.exe
  C:\Windows\System\BRwUaDx.exe
  2⤵
  PID:4088
- C:\Windows\System\KHMGEzP.exe
  C:\Windows\System\KHMGEzP.exe
  2⤵
  PID:2144
- C:\Windows\System\vkbfyGp.exe
  C:\Windows\System\vkbfyGp.exe
  2⤵
  PID:1372
- C:\Windows\System\udcFsQz.exe
  C:\Windows\System\udcFsQz.exe
  2⤵
  PID:1964
- C:\Windows\System\KAFVema.exe
  C:\Windows\System\KAFVema.exe
  2⤵
  PID:2200
- C:\Windows\System\hFAKjos.exe
  C:\Windows\System\hFAKjos.exe
  2⤵
  PID:2636
- C:\Windows\System\oqKhQvT.exe
  C:\Windows\System\oqKhQvT.exe
  2⤵
  PID:2292
- C:\Windows\System\OrcDKDP.exe
  C:\Windows\System\OrcDKDP.exe
  2⤵
  PID:1280
- C:\Windows\System\lSVLySl.exe
  C:\Windows\System\lSVLySl.exe
  2⤵
  PID:1608
- C:\Windows\System\UJypOEE.exe
  C:\Windows\System\UJypOEE.exe
  2⤵
  PID:2884
- C:\Windows\System\vJyQGNw.exe
  C:\Windows\System\vJyQGNw.exe
  2⤵
  PID:2716
- C:\Windows\System\thHWvca.exe
  C:\Windows\System\thHWvca.exe
  2⤵
  PID:2440
- C:\Windows\System\vCJkxBw.exe
  C:\Windows\System\vCJkxBw.exe
  2⤵
  PID:1612
- C:\Windows\System\BHLbdHE.exe
  C:\Windows\System\BHLbdHE.exe
  2⤵
  PID:696
- C:\Windows\System\GzhoevS.exe
  C:\Windows\System\GzhoevS.exe
  2⤵
  PID:1260
- C:\Windows\System\OACNKQy.exe
  C:\Windows\System\OACNKQy.exe
  2⤵
  PID:3092
- C:\Windows\System\XnxyQZw.exe
  C:\Windows\System\XnxyQZw.exe
  2⤵
  PID:3152
- C:\Windows\System\mXtldii.exe
  C:\Windows\System\mXtldii.exe
  2⤵
  PID:3192
- C:\Windows\System\VbSNSRV.exe
  C:\Windows\System\VbSNSRV.exe
  2⤵
  PID:3232
- C:\Windows\System\PULsJEQ.exe
  C:\Windows\System\PULsJEQ.exe
  2⤵
  PID:1868
- C:\Windows\System\xfZcwOy.exe
  C:\Windows\System\xfZcwOy.exe
  2⤵
  PID:3064
- C:\Windows\System\byDBYjL.exe
  C:\Windows\System\byDBYjL.exe
  2⤵
  PID:2616
- C:\Windows\System\wMsaTJj.exe
  C:\Windows\System\wMsaTJj.exe
  2⤵
  PID:3300
- C:\Windows\System\VplOWgf.exe
  C:\Windows\System\VplOWgf.exe
  2⤵
  PID:3320
- C:\Windows\System\UdIGToZ.exe
  C:\Windows\System\UdIGToZ.exe
  2⤵
  PID:3076
- C:\Windows\System\ODleDsv.exe
  C:\Windows\System\ODleDsv.exe
  2⤵
  PID:3248
- C:\Windows\System\whcHfsC.exe
  C:\Windows\System\whcHfsC.exe
  2⤵
  PID:3172
- C:\Windows\System\tzqoNgw.exe
  C:\Windows\System\tzqoNgw.exe
  2⤵
  PID:3104
- C:\Windows\System\hbAHxug.exe
  C:\Windows\System\hbAHxug.exe
  2⤵
  PID:3360
- C:\Windows\System\iqYqLze.exe
  C:\Windows\System\iqYqLze.exe
  2⤵
  PID:3376
- C:\Windows\System\MGTgWra.exe
  C:\Windows\System\MGTgWra.exe
  2⤵
  PID:3392
- C:\Windows\System\mbyfZzp.exe
  C:\Windows\System\mbyfZzp.exe
  2⤵
  PID:3448
- C:\Windows\System\YXTEedx.exe
  C:\Windows\System\YXTEedx.exe
  2⤵
  PID:3056
- C:\Windows\System\dKSHAXw.exe
  C:\Windows\System\dKSHAXw.exe
  2⤵
  PID:2748
- C:\Windows\System\DiyiDJo.exe
  C:\Windows\System\DiyiDJo.exe
  2⤵
  PID:1488
- C:\Windows\System\JpqcEed.exe
  C:\Windows\System\JpqcEed.exe
  2⤵
  PID:2628
- C:\Windows\System\JjSJzzA.exe
  C:\Windows\System\JjSJzzA.exe
  2⤵
  PID:1520
- C:\Windows\System\YYnrgeH.exe
  C:\Windows\System\YYnrgeH.exe
  2⤵
  PID:1308
- C:\Windows\System\yaWwcbm.exe
  C:\Windows\System\yaWwcbm.exe
  2⤵
  PID:2108
- C:\Windows\System\mlMtMlw.exe
  C:\Windows\System\mlMtMlw.exe
  2⤵
  PID:2672
- C:\Windows\System\pIQVUeS.exe
  C:\Windows\System\pIQVUeS.exe
  2⤵
  PID:2816
- C:\Windows\System\CnjhBhD.exe
  C:\Windows\System\CnjhBhD.exe
  2⤵
  PID:1700
- C:\Windows\System\TnhEWKm.exe
  C:\Windows\System\TnhEWKm.exe
  2⤵
  PID:2736
- C:\Windows\System\UvmmATi.exe
  C:\Windows\System\UvmmATi.exe
  2⤵
  PID:3500
- C:\Windows\System\OIjUBSG.exe
  C:\Windows\System\OIjUBSG.exe
  2⤵
  PID:1204
- C:\Windows\System\CsRESgl.exe
  C:\Windows\System\CsRESgl.exe
  2⤵
  PID:3568
- C:\Windows\System\mgMuEPl.exe
  C:\Windows\System\mgMuEPl.exe
  2⤵
  PID:3644
- C:\Windows\System\bnGMcQC.exe
  C:\Windows\System\bnGMcQC.exe
  2⤵
  PID:3808
- C:\Windows\System\LazOOcn.exe
  C:\Windows\System\LazOOcn.exe
  2⤵
  PID:4000
- C:\Windows\System\FbdNqPx.exe
  C:\Windows\System\FbdNqPx.exe
  2⤵
  PID:3908
- C:\Windows\System\jqcvzUu.exe
  C:\Windows\System\jqcvzUu.exe
  2⤵
  PID:4064
- C:\Windows\System\OjrjamE.exe
  C:\Windows\System\OjrjamE.exe
  2⤵
  PID:1652
- C:\Windows\System\QbyUWBX.exe
  C:\Windows\System\QbyUWBX.exe
  2⤵
  PID:3964
- C:\Windows\System\QKMkUbX.exe
  C:\Windows\System\QKMkUbX.exe
  2⤵
  PID:4020
- C:\Windows\System\dTqjfBe.exe
  C:\Windows\System\dTqjfBe.exe
  2⤵
  PID:4084
- C:\Windows\System\bcnWYdV.exe
  C:\Windows\System\bcnWYdV.exe
  2⤵
  PID:2432
- C:\Windows\System\QmxAtSb.exe
  C:\Windows\System\QmxAtSb.exe
  2⤵
  PID:532
- C:\Windows\System\dhlUtKE.exe
  C:\Windows\System\dhlUtKE.exe
  2⤵
  PID:1808
- C:\Windows\System\cbzjouU.exe
  C:\Windows\System\cbzjouU.exe
  2⤵
  PID:2364
- C:\Windows\System\tOowYJu.exe
  C:\Windows\System\tOowYJu.exe
  2⤵
  PID:1668
- C:\Windows\System\hyCbusW.exe
  C:\Windows\System\hyCbusW.exe
  2⤵
  PID:972
- C:\Windows\System\sXrSTjr.exe
  C:\Windows\System\sXrSTjr.exe
  2⤵
  PID:2112
- C:\Windows\System\XdOcrxk.exe
  C:\Windows\System\XdOcrxk.exe
  2⤵
  PID:3024
- C:\Windows\System\MtSccll.exe
  C:\Windows\System\MtSccll.exe
  2⤵
  PID:612
- C:\Windows\System\DqOQKQG.exe
  C:\Windows\System\DqOQKQG.exe
  2⤵
  PID:3328
- C:\Windows\System\CteBgIH.exe
  C:\Windows\System\CteBgIH.exe
  2⤵
  PID:3412
- C:\Windows\System\HFeUjMq.exe
  C:\Windows\System\HFeUjMq.exe
  2⤵
  PID:1112
- C:\Windows\System\KspsIsj.exe
  C:\Windows\System\KspsIsj.exe
  2⤵
  PID:3268
- C:\Windows\System\gKovfRh.exe
  C:\Windows\System\gKovfRh.exe
  2⤵
  PID:1108
- C:\Windows\System\qxVzaWX.exe
  C:\Windows\System\qxVzaWX.exe
  2⤵
  PID:3280
- C:\Windows\System\NoExaOg.exe
  C:\Windows\System\NoExaOg.exe
  2⤵
  PID:632
- C:\Windows\System\jrewqJY.exe
  C:\Windows\System\jrewqJY.exe
  2⤵
  PID:1856
- C:\Windows\System\yQbDzYp.exe
  C:\Windows\System\yQbDzYp.exe
  2⤵
  PID:2704
- C:\Windows\System\GpFgBeF.exe
  C:\Windows\System\GpFgBeF.exe
  2⤵
  PID:1552
- C:\Windows\System\GznLYbC.exe
  C:\Windows\System\GznLYbC.exe
  2⤵
  PID:1616
- C:\Windows\System\fdzKibX.exe
  C:\Windows\System\fdzKibX.exe
  2⤵
  PID:1704
- C:\Windows\System\Hgnogkt.exe
  C:\Windows\System\Hgnogkt.exe
  2⤵
  PID:2976
- C:\Windows\System\oUwyPrK.exe
  C:\Windows\System\oUwyPrK.exe
  2⤵
  PID:2852
- C:\Windows\System\GwKTdhC.exe
  C:\Windows\System\GwKTdhC.exe
  2⤵
  PID:2692
- C:\Windows\System\ujIAeKz.exe
  C:\Windows\System\ujIAeKz.exe
  2⤵
  PID:3536
- C:\Windows\System\AQrHbjE.exe
  C:\Windows\System\AQrHbjE.exe
  2⤵
  PID:3460
- C:\Windows\System\sNZnmTb.exe
  C:\Windows\System\sNZnmTb.exe
  2⤵
  PID:2220
- C:\Windows\System\cIEzUSU.exe
  C:\Windows\System\cIEzUSU.exe
  2⤵
  PID:2664
- C:\Windows\System\GfDLhBW.exe
  C:\Windows\System\GfDLhBW.exe
  2⤵
  PID:1660
- C:\Windows\System\NZheICk.exe
  C:\Windows\System\NZheICk.exe
  2⤵
  PID:3604
- C:\Windows\System\eYOjLwi.exe
  C:\Windows\System\eYOjLwi.exe
  2⤵
  PID:3616
- C:\Windows\System\gHSPDWK.exe
  C:\Windows\System\gHSPDWK.exe
  2⤵
  PID:2944
- C:\Windows\System\QLYdvVZ.exe
  C:\Windows\System\QLYdvVZ.exe
  2⤵
  PID:3660
- C:\Windows\System\aCnhzZd.exe
  C:\Windows\System\aCnhzZd.exe
  2⤵
  PID:3692
- C:\Windows\System\bRZTtyX.exe
  C:\Windows\System\bRZTtyX.exe
  2⤵
  PID:3748
- C:\Windows\System\NpLfFFt.exe
  C:\Windows\System\NpLfFFt.exe
  2⤵
  PID:3772
- C:\Windows\System\ilxlCpk.exe
  C:\Windows\System\ilxlCpk.exe
  2⤵
  PID:3812
- C:\Windows\System\jTQFZAq.exe
  C:\Windows\System\jTQFZAq.exe
  2⤵
  PID:3888
- C:\Windows\System\CwOddfI.exe
  C:\Windows\System\CwOddfI.exe
  2⤵
  PID:3956
- C:\Windows\System\fbGvlXn.exe
  C:\Windows\System\fbGvlXn.exe
  2⤵
  PID:1988
- C:\Windows\System\ZWbEqAk.exe
  C:\Windows\System\ZWbEqAk.exe
  2⤵
  PID:4036
- C:\Windows\System\jVzwsAx.exe
  C:\Windows\System\jVzwsAx.exe
  2⤵
  PID:1500
- C:\Windows\System\yNZBKKg.exe
  C:\Windows\System\yNZBKKg.exe
  2⤵
  PID:1940
- C:\Windows\System\rcmZuYL.exe
  C:\Windows\System\rcmZuYL.exe
  2⤵
  PID:2128
- C:\Windows\System\UiekMiu.exe
  C:\Windows\System\UiekMiu.exe
  2⤵
  PID:2916
- C:\Windows\System\wdVZBTM.exe
  C:\Windows\System\wdVZBTM.exe
  2⤵
  PID:2064
- C:\Windows\System\HCCYmSF.exe
  C:\Windows\System\HCCYmSF.exe
  2⤵
  PID:3020
- C:\Windows\System\wVOUgol.exe
  C:\Windows\System\wVOUgol.exe
  2⤵
  PID:3296
- C:\Windows\System\xGgHzjp.exe
  C:\Windows\System\xGgHzjp.exe
  2⤵
  PID:3264
- C:\Windows\System\yZxLZIH.exe
  C:\Windows\System\yZxLZIH.exe
  2⤵
  PID:3004
- C:\Windows\System\WyhGUrc.exe
  C:\Windows\System\WyhGUrc.exe
  2⤵
  PID:3456
- C:\Windows\System\VvJQrEU.exe
  C:\Windows\System\VvJQrEU.exe
  2⤵
  PID:3516
- C:\Windows\System\jECmBXO.exe
  C:\Windows\System\jECmBXO.exe
  2⤵
  PID:2928
- C:\Windows\System\IMYhjMz.exe
  C:\Windows\System\IMYhjMz.exe
  2⤵
  PID:3468
- C:\Windows\System\ZhOaJIZ.exe
  C:\Windows\System\ZhOaJIZ.exe
  2⤵
  PID:3204
- C:\Windows\System\SMwSXah.exe
  C:\Windows\System\SMwSXah.exe
  2⤵
  PID:992
- C:\Windows\System\jiJxNHt.exe
  C:\Windows\System\jiJxNHt.exe
  2⤵
  PID:1332
- C:\Windows\System\tVbJqVR.exe
  C:\Windows\System\tVbJqVR.exe
  2⤵
  PID:2912
- C:\Windows\System\syRuxGR.exe
  C:\Windows\System\syRuxGR.exe
  2⤵
  PID:3492
- C:\Windows\System\KnCRHaT.exe
  C:\Windows\System\KnCRHaT.exe
  2⤵
  PID:2212
- C:\Windows\System\AZerWDa.exe
  C:\Windows\System\AZerWDa.exe
  2⤵
  PID:3676
- C:\Windows\System\YNqlbuz.exe
  C:\Windows\System\YNqlbuz.exe
  2⤵
  PID:2688
- C:\Windows\System\FSiOeua.exe
  C:\Windows\System\FSiOeua.exe
  2⤵
  PID:3728
- C:\Windows\System\KsZTpYz.exe
  C:\Windows\System\KsZTpYz.exe
  2⤵
  PID:3944
- C:\Windows\System\MstxvVH.exe
  C:\Windows\System\MstxvVH.exe
  2⤵
  PID:3928
- C:\Windows\System\xxmIJon.exe
  C:\Windows\System\xxmIJon.exe
  2⤵
  PID:1684
- C:\Windows\System\qiAGuTN.exe
  C:\Windows\System\qiAGuTN.exe
  2⤵
  PID:3476
- C:\Windows\System\URYPyqz.exe
  C:\Windows\System\URYPyqz.exe
  2⤵
  PID:3924
- C:\Windows\System\oBcIDHR.exe
  C:\Windows\System\oBcIDHR.exe
  2⤵
  PID:3188
- C:\Windows\System\JfFIlMY.exe
  C:\Windows\System\JfFIlMY.exe
  2⤵
  PID:2164
- C:\Windows\System\olOkCYT.exe
  C:\Windows\System\olOkCYT.exe
  2⤵
  PID:3200
- C:\Windows\System\stNwLlt.exe
  C:\Windows\System\stNwLlt.exe
  2⤵
  PID:3452
- C:\Windows\System\DbVPbMS.exe
  C:\Windows\System\DbVPbMS.exe
  2⤵
  PID:3716
- C:\Windows\System\ewTHbwp.exe
  C:\Windows\System\ewTHbwp.exe
  2⤵
  PID:3416
- C:\Windows\System\AhWWBVR.exe
  C:\Windows\System\AhWWBVR.exe
  2⤵
  PID:2296
- C:\Windows\System\kmmhfAj.exe
  C:\Windows\System\kmmhfAj.exe
  2⤵
  PID:3480
- C:\Windows\System\AwpaoAM.exe
  C:\Windows\System\AwpaoAM.exe
  2⤵
  PID:3996
- C:\Windows\System\fjfOyVD.exe
  C:\Windows\System\fjfOyVD.exe
  2⤵
  PID:3940
- C:\Windows\System\TtLgveF.exe
  C:\Windows\System\TtLgveF.exe
  2⤵
  PID:3628
- C:\Windows\System\oUkZYVi.exe
  C:\Windows\System\oUkZYVi.exe
  2⤵
  PID:2684
- C:\Windows\System\AygWgNx.exe
  C:\Windows\System\AygWgNx.exe
  2⤵
  PID:1472
- C:\Windows\System\lIXDBSH.exe
  C:\Windows\System\lIXDBSH.exe
  2⤵
  PID:3108
- C:\Windows\System\lGmGrYU.exe
  C:\Windows\System\lGmGrYU.exe
  2⤵
  PID:1912
- C:\Windows\System\WBtvYUs.exe
  C:\Windows\System\WBtvYUs.exe
  2⤵
  PID:3788
- C:\Windows\System\DrxJtxm.exe
  C:\Windows\System\DrxJtxm.exe
  2⤵
  PID:3588
- C:\Windows\System\fBWpGxF.exe
  C:\Windows\System\fBWpGxF.exe
  2⤵
  PID:1736
- C:\Windows\System\sVOyYsk.exe
  C:\Windows\System\sVOyYsk.exe
  2⤵
  PID:4100
- C:\Windows\System\dWaxjUe.exe
  C:\Windows\System\dWaxjUe.exe
  2⤵
  PID:4136
- C:\Windows\System\ByMHgqY.exe
  C:\Windows\System\ByMHgqY.exe
  2⤵
  PID:4152
- C:\Windows\System\XgYOddR.exe
  C:\Windows\System\XgYOddR.exe
  2⤵
  PID:4168
- C:\Windows\System\EkfHSAx.exe
  C:\Windows\System\EkfHSAx.exe
  2⤵
  PID:4184
- C:\Windows\System\zEXjNRf.exe
  C:\Windows\System\zEXjNRf.exe
  2⤵
  PID:4204
- C:\Windows\System\CYygiOg.exe
  C:\Windows\System\CYygiOg.exe
  2⤵
  PID:4220
- C:\Windows\System\ZzWRDIi.exe
  C:\Windows\System\ZzWRDIi.exe
  2⤵
  PID:4240
- C:\Windows\System\pBuZFKB.exe
  C:\Windows\System\pBuZFKB.exe
  2⤵
  PID:4256
- C:\Windows\System\LIqDTzC.exe
  C:\Windows\System\LIqDTzC.exe
  2⤵
  PID:4272
- C:\Windows\System\HQCclzq.exe
  C:\Windows\System\HQCclzq.exe
  2⤵
  PID:4288
- C:\Windows\System\eQoKvuG.exe
  C:\Windows\System\eQoKvuG.exe
  2⤵
  PID:4304
- C:\Windows\System\nAXKGfh.exe
  C:\Windows\System\nAXKGfh.exe
  2⤵
  PID:4320
- C:\Windows\System\rRvsuUY.exe
  C:\Windows\System\rRvsuUY.exe
  2⤵
  PID:4336
- C:\Windows\System\OYkRfhN.exe
  C:\Windows\System\OYkRfhN.exe
  2⤵
  PID:4352
- C:\Windows\System\lKpOfoP.exe
  C:\Windows\System\lKpOfoP.exe
  2⤵
  PID:4368
- C:\Windows\System\aFyFhiR.exe
  C:\Windows\System\aFyFhiR.exe
  2⤵
  PID:4384
- C:\Windows\System\kaNwRaY.exe
  C:\Windows\System\kaNwRaY.exe
  2⤵
  PID:4400
- C:\Windows\System\EYeByUD.exe
  C:\Windows\System\EYeByUD.exe
  2⤵
  PID:4416
- C:\Windows\System\sICByCO.exe
  C:\Windows\System\sICByCO.exe
  2⤵
  PID:4432
- C:\Windows\System\hGuuxNY.exe
  C:\Windows\System\hGuuxNY.exe
  2⤵
  PID:4448
- C:\Windows\System\MReQaol.exe
  C:\Windows\System\MReQaol.exe
  2⤵
  PID:4464
- C:\Windows\System\RtKvbWL.exe
  C:\Windows\System\RtKvbWL.exe
  2⤵
  PID:4480
- C:\Windows\System\zmtOhAE.exe
  C:\Windows\System\zmtOhAE.exe
  2⤵
  PID:4496
- C:\Windows\System\ivbWiRH.exe
  C:\Windows\System\ivbWiRH.exe
  2⤵
  PID:4512
- C:\Windows\System\ZxoDoFi.exe
  C:\Windows\System\ZxoDoFi.exe
  2⤵
  PID:4528
- C:\Windows\System\QTKJQhx.exe
  C:\Windows\System\QTKJQhx.exe
  2⤵
  PID:4544
- C:\Windows\System\IopAyel.exe
  C:\Windows\System\IopAyel.exe
  2⤵
  PID:4564
- C:\Windows\System\RFSxvRH.exe
  C:\Windows\System\RFSxvRH.exe
  2⤵
  PID:4584
- C:\Windows\System\LeBcrLe.exe
  C:\Windows\System\LeBcrLe.exe
  2⤵
  PID:4600
- C:\Windows\System\VHWwmrf.exe
  C:\Windows\System\VHWwmrf.exe
  2⤵
  PID:4620
- C:\Windows\System\qfdikkf.exe
  C:\Windows\System\qfdikkf.exe
  2⤵
  PID:4640
- C:\Windows\System\AGJEbuo.exe
  C:\Windows\System\AGJEbuo.exe
  2⤵
  PID:4656
- C:\Windows\System\HRwBpAO.exe
  C:\Windows\System\HRwBpAO.exe
  2⤵
  PID:4672
- C:\Windows\System\KNRHQsf.exe
  C:\Windows\System\KNRHQsf.exe
  2⤵
  PID:4688
- C:\Windows\System\eFFczVs.exe
  C:\Windows\System\eFFczVs.exe
  2⤵
  PID:4704
- C:\Windows\System\EqdFnlZ.exe
  C:\Windows\System\EqdFnlZ.exe
  2⤵
  PID:4720
- C:\Windows\System\FDWPUKf.exe
  C:\Windows\System\FDWPUKf.exe
  2⤵
  PID:4740
- C:\Windows\System\ssNSXzN.exe
  C:\Windows\System\ssNSXzN.exe
  2⤵
  PID:4756
- C:\Windows\System\TLkqrde.exe
  C:\Windows\System\TLkqrde.exe
  2⤵
  PID:4772
- C:\Windows\System\yxURfnQ.exe
  C:\Windows\System\yxURfnQ.exe
  2⤵
  PID:4788
- C:\Windows\System\uBLOzry.exe
  C:\Windows\System\uBLOzry.exe
  2⤵
  PID:4804
- C:\Windows\System\KPNhpWU.exe
  C:\Windows\System\KPNhpWU.exe
  2⤵
  PID:4820
- C:\Windows\System\kivCpQM.exe
  C:\Windows\System\kivCpQM.exe
  2⤵
  PID:4836
- C:\Windows\System\gQCjQoD.exe
  C:\Windows\System\gQCjQoD.exe
  2⤵
  PID:4852
- C:\Windows\System\AivBWId.exe
  C:\Windows\System\AivBWId.exe
  2⤵
  PID:4868
- C:\Windows\System\ttUEilM.exe
  C:\Windows\System\ttUEilM.exe
  2⤵
  PID:4884
- C:\Windows\System\xxZrCXA.exe
  C:\Windows\System\xxZrCXA.exe
  2⤵
  PID:4900
- C:\Windows\System\oqSGnIO.exe
  C:\Windows\System\oqSGnIO.exe
  2⤵
  PID:4916
- C:\Windows\System\QnTbuAs.exe
  C:\Windows\System\QnTbuAs.exe
  2⤵
  PID:4932
- C:\Windows\System\tkkXoUe.exe
  C:\Windows\System\tkkXoUe.exe
  2⤵
  PID:4948
- C:\Windows\System\EIjsfQp.exe
  C:\Windows\System\EIjsfQp.exe
  2⤵
  PID:4964
- C:\Windows\System\VTOiiGs.exe
  C:\Windows\System\VTOiiGs.exe
  2⤵
  PID:4980
- C:\Windows\System\gTjfghL.exe
  C:\Windows\System\gTjfghL.exe
  2⤵
  PID:4996
- C:\Windows\System\kxJKzTX.exe
  C:\Windows\System\kxJKzTX.exe
  2⤵
  PID:5012
- C:\Windows\System\KAUODLf.exe
  C:\Windows\System\KAUODLf.exe
  2⤵
  PID:5028
- C:\Windows\System\ssiWajC.exe
  C:\Windows\System\ssiWajC.exe
  2⤵
  PID:5044
- C:\Windows\System\GRIiuIV.exe
  C:\Windows\System\GRIiuIV.exe
  2⤵
  PID:5060
- C:\Windows\System\VVcBwXE.exe
  C:\Windows\System\VVcBwXE.exe
  2⤵
  PID:5076
- C:\Windows\System\bRbliAd.exe
  C:\Windows\System\bRbliAd.exe
  2⤵
  PID:5092
- C:\Windows\System\yATnWSX.exe
  C:\Windows\System\yATnWSX.exe
  2⤵
  PID:5108
- C:\Windows\System\inwnXmt.exe
  C:\Windows\System\inwnXmt.exe
  2⤵
  PID:2536
- C:\Windows\System\NjLvkay.exe
  C:\Windows\System\NjLvkay.exe
  2⤵
  PID:2532
- C:\Windows\System\nyGetEt.exe
  C:\Windows\System\nyGetEt.exe
  2⤵
  PID:4108
- C:\Windows\System\LhiDKCh.exe
  C:\Windows\System\LhiDKCh.exe
  2⤵
  PID:4176
- C:\Windows\System\hqJdlOw.exe
  C:\Windows\System\hqJdlOw.exe
  2⤵
  PID:4252
- C:\Windows\System\hZRwJYn.exe
  C:\Windows\System\hZRwJYn.exe
  2⤵
  PID:4344
- C:\Windows\System\BNAvYLn.exe
  C:\Windows\System\BNAvYLn.exe
  2⤵
  PID:4444
- C:\Windows\System\yWYxTcx.exe
  C:\Windows\System\yWYxTcx.exe
  2⤵
  PID:4504
- C:\Windows\System\ODQXQCM.exe
  C:\Windows\System\ODQXQCM.exe
  2⤵
  PID:4124
- C:\Windows\System\FWAYiOo.exe
  C:\Windows\System\FWAYiOo.exe
  2⤵
  PID:4232
- C:\Windows\System\ANUljIr.exe
  C:\Windows\System\ANUljIr.exe
  2⤵
  PID:4200
- C:\Windows\System\QuUclVr.exe
  C:\Windows\System\QuUclVr.exe
  2⤵
  PID:4300
- C:\Windows\System\ozCSEcU.exe
  C:\Windows\System\ozCSEcU.exe
  2⤵
  PID:4364
- C:\Windows\System\zlIoSMX.exe
  C:\Windows\System\zlIoSMX.exe
  2⤵
  PID:4540
- C:\Windows\System\oPlGUyT.exe
  C:\Windows\System\oPlGUyT.exe
  2⤵
  PID:4608
- C:\Windows\System\hdoZIzb.exe
  C:\Windows\System\hdoZIzb.exe
  2⤵
  PID:4488
- C:\Windows\System\dhsJBpC.exe
  C:\Windows\System\dhsJBpC.exe
  2⤵
  PID:4552
- C:\Windows\System\sZtwQMX.exe
  C:\Windows\System\sZtwQMX.exe
  2⤵
  PID:4596
- C:\Windows\System\PqfJnNn.exe
  C:\Windows\System\PqfJnNn.exe
  2⤵
  PID:4628
- C:\Windows\System\enSOHGR.exe
  C:\Windows\System\enSOHGR.exe
  2⤵
  PID:4696
- C:\Windows\System\DrTQkhP.exe
  C:\Windows\System\DrTQkhP.exe
  2⤵
  PID:4736
- C:\Windows\System\rxiIUZM.exe
  C:\Windows\System\rxiIUZM.exe
  2⤵
  PID:4652
- C:\Windows\System\XkzCREs.exe
  C:\Windows\System\XkzCREs.exe
  2⤵
  PID:4780
- C:\Windows\System\DEwhzzW.exe
  C:\Windows\System\DEwhzzW.exe
  2⤵
  PID:4848
- C:\Windows\System\ElwVFun.exe
  C:\Windows\System\ElwVFun.exe
  2⤵
  PID:4844
- C:\Windows\System\NVRYbVq.exe
  C:\Windows\System\NVRYbVq.exe
  2⤵
  PID:4976
- C:\Windows\System\hXPsLTO.exe
  C:\Windows\System\hXPsLTO.exe
  2⤵
  PID:5040
- C:\Windows\System\VQoogpX.exe
  C:\Windows\System\VQoogpX.exe
  2⤵
  PID:5072
- C:\Windows\System\XDRgUSs.exe
  C:\Windows\System\XDRgUSs.exe
  2⤵
  PID:4764
- C:\Windows\System\DIkQsOE.exe
  C:\Windows\System\DIkQsOE.exe
  2⤵
  PID:4928
- C:\Windows\System\doVPgTg.exe
  C:\Windows\System\doVPgTg.exe
  2⤵
  PID:5088
- C:\Windows\System\djenuPL.exe
  C:\Windows\System\djenuPL.exe
  2⤵
  PID:4800
- C:\Windows\System\tOXdQgK.exe
  C:\Windows\System\tOXdQgK.exe
  2⤵
  PID:5116
- C:\Windows\System\wMqSzay.exe
  C:\Windows\System\wMqSzay.exe
  2⤵
  PID:4988
- C:\Windows\System\VSsnWJi.exe
  C:\Windows\System\VSsnWJi.exe
  2⤵
  PID:5056
- C:\Windows\System\EuVvKNu.exe
  C:\Windows\System\EuVvKNu.exe
  2⤵
  PID:4144
- C:\Windows\System\DAmbUKs.exe
  C:\Windows\System\DAmbUKs.exe
  2⤵
  PID:4216
- C:\Windows\System\jnSJyWd.exe
  C:\Windows\System\jnSJyWd.exe
  2⤵
  PID:4316
- C:\Windows\System\kPPFAoB.exe
  C:\Windows\System\kPPFAoB.exe
  2⤵
  PID:3484
- C:\Windows\System\jMcDyjb.exe
  C:\Windows\System\jMcDyjb.exe
  2⤵
  PID:4508
- C:\Windows\System\lOzZUoC.exe
  C:\Windows\System\lOzZUoC.exe
  2⤵
  PID:4560
- C:\Windows\System\ilrvobp.exe
  C:\Windows\System\ilrvobp.exe
  2⤵
  PID:4684
- C:\Windows\System\fVOAwZQ.exe
  C:\Windows\System\fVOAwZQ.exe
  2⤵
  PID:4408
- C:\Windows\System\DIAkalV.exe
  C:\Windows\System\DIAkalV.exe
  2⤵
  PID:4332
- C:\Windows\System\YtckFyK.exe
  C:\Windows\System\YtckFyK.exe
  2⤵
  PID:4520
- C:\Windows\System\rtOVRFk.exe
  C:\Windows\System\rtOVRFk.exe
  2⤵
  PID:4648
- C:\Windows\System\NsszOtn.exe
  C:\Windows\System\NsszOtn.exe
  2⤵
  PID:4784
- C:\Windows\System\pUXPmle.exe
  C:\Windows\System\pUXPmle.exe
  2⤵
  PID:4880
- C:\Windows\System\AYPacPS.exe
  C:\Windows\System\AYPacPS.exe
  2⤵
  PID:4768
- C:\Windows\System\UHXVhet.exe
  C:\Windows\System\UHXVhet.exe
  2⤵
  PID:4832
- C:\Windows\System\tZNFFuM.exe
  C:\Windows\System\tZNFFuM.exe
  2⤵
  PID:4892
- C:\Windows\System\RzTtuAs.exe
  C:\Windows\System\RzTtuAs.exe
  2⤵
  PID:4016
- C:\Windows\System\KWwQOTb.exe
  C:\Windows\System\KWwQOTb.exe
  2⤵
  PID:5020
- C:\Windows\System\taZzrWV.exe
  C:\Windows\System\taZzrWV.exe
  2⤵
  PID:4248
- C:\Windows\System\gdaHEgx.exe
  C:\Windows\System\gdaHEgx.exe
  2⤵
  PID:4296
- C:\Windows\System\jSMcSWc.exe
  C:\Windows\System\jSMcSWc.exe
  2⤵
  PID:4440
- C:\Windows\System\EPxiYMi.exe
  C:\Windows\System\EPxiYMi.exe
  2⤵
  PID:4132
- C:\Windows\System\bxHNPuS.exe
  C:\Windows\System\bxHNPuS.exe
  2⤵
  PID:4460
- C:\Windows\System\Ztqmyrf.exe
  C:\Windows\System\Ztqmyrf.exe
  2⤵
  PID:4580
- C:\Windows\System\xLWEHmi.exe
  C:\Windows\System\xLWEHmi.exe
  2⤵
  PID:4816
- C:\Windows\System\lgXrBSd.exe
  C:\Windows\System\lgXrBSd.exe
  2⤵
  PID:4960
- C:\Windows\System\ajBoLOP.exe
  C:\Windows\System\ajBoLOP.exe
  2⤵
  PID:4728
- C:\Windows\System\mEuuHRZ.exe
  C:\Windows\System\mEuuHRZ.exe
  2⤵
  PID:4716
- C:\Windows\System\xNrOxDT.exe
  C:\Windows\System\xNrOxDT.exe
  2⤵
  PID:4312
- C:\Windows\System\eYoIfCd.exe
  C:\Windows\System\eYoIfCd.exe
  2⤵
  PID:4376
- C:\Windows\System\awHkHbz.exe
  C:\Windows\System\awHkHbz.exe
  2⤵
  PID:4380
- C:\Windows\System\nHDwDEz.exe
  C:\Windows\System\nHDwDEz.exe
  2⤵
  PID:4812
- C:\Windows\System\iRuQvzU.exe
  C:\Windows\System\iRuQvzU.exe
  2⤵
  PID:4212
- C:\Windows\System\QIzsALe.exe
  C:\Windows\System\QIzsALe.exe
  2⤵
  PID:5128
- C:\Windows\System\uvDAHjG.exe
  C:\Windows\System\uvDAHjG.exe
  2⤵
  PID:5144
- C:\Windows\System\MgrwyRq.exe
  C:\Windows\System\MgrwyRq.exe
  2⤵
  PID:5160
- C:\Windows\System\FQUPkpB.exe
  C:\Windows\System\FQUPkpB.exe
  2⤵
  PID:5176
- C:\Windows\System\KzhsNgR.exe
  C:\Windows\System\KzhsNgR.exe
  2⤵
  PID:5192
- C:\Windows\System\qNdXHGF.exe
  C:\Windows\System\qNdXHGF.exe
  2⤵
  PID:5208
- C:\Windows\System\oHrVCVq.exe
  C:\Windows\System\oHrVCVq.exe
  2⤵
  PID:5272
- C:\Windows\System\jPSImLL.exe
  C:\Windows\System\jPSImLL.exe
  2⤵
  PID:5296
- C:\Windows\System\fvlbEQO.exe
  C:\Windows\System\fvlbEQO.exe
  2⤵
  PID:5316
- C:\Windows\System\GFfsZhS.exe
  C:\Windows\System\GFfsZhS.exe
  2⤵
  PID:5332
- C:\Windows\System\sRccErG.exe
  C:\Windows\System\sRccErG.exe
  2⤵
  PID:5352
- C:\Windows\System\RcJVmkn.exe
  C:\Windows\System\RcJVmkn.exe
  2⤵
  PID:5368
- C:\Windows\System\PczUSXH.exe
  C:\Windows\System\PczUSXH.exe
  2⤵
  PID:5384
- C:\Windows\System\kwVttPS.exe
  C:\Windows\System\kwVttPS.exe
  2⤵
  PID:5400
- C:\Windows\System\eYnQhgb.exe
  C:\Windows\System\eYnQhgb.exe
  2⤵
  PID:5416
- C:\Windows\System\LEogjMV.exe
  C:\Windows\System\LEogjMV.exe
  2⤵
  PID:5008
- C:\Windows\System\MRknIYf.exe
  C:\Windows\System\MRknIYf.exe
  2⤵
  PID:4712
- C:\Windows\System\SOsusTZ.exe
  C:\Windows\System\SOsusTZ.exe
  2⤵
  PID:4396
- C:\Windows\System\cqskoJk.exe
  C:\Windows\System\cqskoJk.exe
  2⤵
  PID:5232
- C:\Windows\System\ysULeRo.exe
  C:\Windows\System\ysULeRo.exe
  2⤵
  PID:5248
- C:\Windows\System\cRPWBWn.exe
  C:\Windows\System\cRPWBWn.exe
  2⤵
  PID:5280
- C:\Windows\System\agDxfwv.exe
  C:\Windows\System\agDxfwv.exe
  2⤵
  PID:5392
- C:\Windows\System\QbBHTgc.exe
  C:\Windows\System\QbBHTgc.exe
  2⤵
  PID:5364
- C:\Windows\System\gZPTMmv.exe
  C:\Windows\System\gZPTMmv.exe
  2⤵
  PID:5308
- C:\Windows\System\Urmrtya.exe
  C:\Windows\System\Urmrtya.exe
  2⤵
  PID:1576
- C:\Windows\System\jkoUhse.exe
  C:\Windows\System\jkoUhse.exe
  2⤵
  PID:5492
- C:\Windows\System\LZTxZsw.exe
  C:\Windows\System\LZTxZsw.exe
  2⤵
  PID:5600
- C:\Windows\System\PmFPRwc.exe
  C:\Windows\System\PmFPRwc.exe
  2⤵
  PID:5596
- C:\Windows\System\bZZqsDK.exe
  C:\Windows\System\bZZqsDK.exe
  2⤵
  PID:5624
- C:\Windows\System\KOcRopV.exe
  C:\Windows\System\KOcRopV.exe
  2⤵
  PID:5640
- C:\Windows\System\nhwtbds.exe
  C:\Windows\System\nhwtbds.exe
  2⤵
  PID:5660
- C:\Windows\System\LeyPQuX.exe
  C:\Windows\System\LeyPQuX.exe
  2⤵
  PID:5676
- C:\Windows\System\IBAHmTj.exe
  C:\Windows\System\IBAHmTj.exe
  2⤵
  PID:5700
- C:\Windows\System\jhtEROt.exe
  C:\Windows\System\jhtEROt.exe
  2⤵
  PID:5724
- C:\Windows\System\pLPoAID.exe
  C:\Windows\System\pLPoAID.exe
  2⤵
  PID:5744
- C:\Windows\System\MTWotxG.exe
  C:\Windows\System\MTWotxG.exe
  2⤵
  PID:5756
- C:\Windows\System\EBVELDQ.exe
  C:\Windows\System\EBVELDQ.exe
  2⤵
  PID:5772
- C:\Windows\System\yzMHxjq.exe
  C:\Windows\System\yzMHxjq.exe
  2⤵
  PID:5788
- C:\Windows\System\rquzkrl.exe
  C:\Windows\System\rquzkrl.exe
  2⤵
  PID:5808
- C:\Windows\System\hHRsmdW.exe
  C:\Windows\System\hHRsmdW.exe
  2⤵
  PID:5824
- C:\Windows\System\gmYJwMz.exe
  C:\Windows\System\gmYJwMz.exe
  2⤵
  PID:5844
- C:\Windows\System\szYyTlL.exe
  C:\Windows\System\szYyTlL.exe
  2⤵
  PID:5892
- C:\Windows\System\QkHjOtC.exe
  C:\Windows\System\QkHjOtC.exe
  2⤵
  PID:5924
- C:\Windows\System\ABrtNdi.exe
  C:\Windows\System\ABrtNdi.exe
  2⤵
  PID:5928
- C:\Windows\System\gMoZgYn.exe
  C:\Windows\System\gMoZgYn.exe
  2⤵
  PID:5936
- C:\Windows\System\NnFScXa.exe
  C:\Windows\System\NnFScXa.exe
  2⤵
  PID:5964
- C:\Windows\System\FyIJTEf.exe
  C:\Windows\System\FyIJTEf.exe
  2⤵
  PID:5984
- C:\Windows\System\xYhlnbl.exe
  C:\Windows\System\xYhlnbl.exe
  2⤵
  PID:6000
- C:\Windows\System\Dfdsmpw.exe
  C:\Windows\System\Dfdsmpw.exe
  2⤵
  PID:6016
- C:\Windows\System\cuHVAxz.exe
  C:\Windows\System\cuHVAxz.exe
  2⤵
  PID:6044
- C:\Windows\System\WYNltvD.exe
  C:\Windows\System\WYNltvD.exe
  2⤵
  PID:6072
- C:\Windows\System\ELeyfNK.exe
  C:\Windows\System\ELeyfNK.exe
  2⤵
  PID:6092
- C:\Windows\System\lDxZlgc.exe
  C:\Windows\System\lDxZlgc.exe
  2⤵
  PID:6112
- C:\Windows\System\jSBfzpH.exe
  C:\Windows\System\jSBfzpH.exe
  2⤵
  PID:6096
- C:\Windows\System\YhcHrpr.exe
  C:\Windows\System\YhcHrpr.exe
  2⤵
  PID:6032
- C:\Windows\System\yxLfTmh.exe
  C:\Windows\System\yxLfTmh.exe
  2⤵
  PID:6136
- C:\Windows\System\bkKqvgD.exe
  C:\Windows\System\bkKqvgD.exe
  2⤵
  PID:5152
- C:\Windows\System\AefMPrx.exe
  C:\Windows\System\AefMPrx.exe
  2⤵
  PID:5260
- C:\Windows\System\McMFlCi.exe
  C:\Windows\System\McMFlCi.exe
  2⤵
  PID:5140
- C:\Windows\System\LTCHtop.exe
  C:\Windows\System\LTCHtop.exe
  2⤵
  PID:5216
- C:\Windows\System\fEWOyAI.exe
  C:\Windows\System\fEWOyAI.exe
  2⤵
  PID:5156
- C:\Windows\System\gXnruQV.exe
  C:\Windows\System\gXnruQV.exe
  2⤵
  PID:5292
- C:\Windows\System\YEZLnGR.exe
  C:\Windows\System\YEZLnGR.exe
  2⤵
  PID:5408
- C:\Windows\System\qpIeSBr.exe
  C:\Windows\System\qpIeSBr.exe
  2⤵
  PID:5504
- C:\Windows\System\ojVazRa.exe
  C:\Windows\System\ojVazRa.exe
  2⤵
  PID:5424
- C:\Windows\System\iZKWMUo.exe
  C:\Windows\System\iZKWMUo.exe
  2⤵
  PID:5452
- C:\Windows\System\yQtqRqC.exe
  C:\Windows\System\yQtqRqC.exe
  2⤵
  PID:5464
- C:\Windows\System\AdwCdcq.exe
  C:\Windows\System\AdwCdcq.exe
  2⤵
  PID:5484
- C:\Windows\System\NKYZsgx.exe
  C:\Windows\System\NKYZsgx.exe
  2⤵
  PID:5532
- C:\Windows\System\lDOsEKH.exe
  C:\Windows\System\lDOsEKH.exe
  2⤵
  PID:5572
- C:\Windows\System\ZgDizkF.exe
  C:\Windows\System\ZgDizkF.exe
  2⤵
  PID:5580
- C:\Windows\System\rzlwWBb.exe
  C:\Windows\System\rzlwWBb.exe
  2⤵
  PID:5552
- C:\Windows\System\YNPetYm.exe
  C:\Windows\System\YNPetYm.exe
  2⤵
  PID:5636
- C:\Windows\System\SlkqOBF.exe
  C:\Windows\System\SlkqOBF.exe
  2⤵
  PID:5680
- C:\Windows\System\mHjZteT.exe
  C:\Windows\System\mHjZteT.exe
  2⤵
  PID:5684
- C:\Windows\System\XElhpgA.exe
  C:\Windows\System\XElhpgA.exe
  2⤵
  PID:5748
- C:\Windows\System\Guaapnz.exe
  C:\Windows\System\Guaapnz.exe
  2⤵
  PID:5812
- C:\Windows\System\iYBFKGa.exe
  C:\Windows\System\iYBFKGa.exe
  2⤵
  PID:5708
- C:\Windows\System\UHrkagR.exe
  C:\Windows\System\UHrkagR.exe
  2⤵
  PID:5740
- C:\Windows\System\rAzimbc.exe
  C:\Windows\System\rAzimbc.exe
  2⤵
  PID:5800
- C:\Windows\System\XtsYISs.exe
  C:\Windows\System\XtsYISs.exe
  2⤵
  PID:5860
- C:\Windows\System\RbKuSUs.exe
  C:\Windows\System\RbKuSUs.exe
  2⤵
  PID:5872
- C:\Windows\System\jCUqfOY.exe
  C:\Windows\System\jCUqfOY.exe
  2⤵
  PID:5864
- C:\Windows\System\YeDkVbE.exe
  C:\Windows\System\YeDkVbE.exe
  2⤵
  PID:5916
- C:\Windows\System\tZDTQTL.exe
  C:\Windows\System\tZDTQTL.exe
  2⤵
  PID:5960
- C:\Windows\System\CToDjOE.exe
  C:\Windows\System\CToDjOE.exe
  2⤵
  PID:6040
- C:\Windows\System\wDEOqek.exe
  C:\Windows\System\wDEOqek.exe
  2⤵
  PID:6124
- C:\Windows\System\QBOqbKS.exe
  C:\Windows\System\QBOqbKS.exe
  2⤵
  PID:5904
- C:\Windows\System\iEmuNOq.exe
  C:\Windows\System\iEmuNOq.exe
  2⤵
  PID:5200
- C:\Windows\System\KYsQtET.exe
  C:\Windows\System\KYsQtET.exe
  2⤵
  PID:5284
- C:\Windows\System\ENJKXVG.exe
  C:\Windows\System\ENJKXVG.exe
  2⤵
  PID:5444
- C:\Windows\System\gPgCAwG.exe
  C:\Windows\System\gPgCAwG.exe
  2⤵
  PID:5480
- C:\Windows\System\NHFcCzJ.exe
  C:\Windows\System\NHFcCzJ.exe
  2⤵
  PID:5536
- C:\Windows\System\FZNkpIO.exe
  C:\Windows\System\FZNkpIO.exe
  2⤵
  PID:5976
- C:\Windows\System\xLwAyxi.exe
  C:\Windows\System\xLwAyxi.exe
  2⤵
  PID:6068
- C:\Windows\System\zGAfgxU.exe
  C:\Windows\System\zGAfgxU.exe
  2⤵
  PID:6028
- C:\Windows\System\MLNexUs.exe
  C:\Windows\System\MLNexUs.exe
  2⤵
  PID:4956
- C:\Windows\System\fnZIrsk.exe
  C:\Windows\System\fnZIrsk.exe
  2⤵
  PID:5224
- C:\Windows\System\zkfmRXN.exe
  C:\Windows\System\zkfmRXN.exe
  2⤵
  PID:5344
- C:\Windows\System\bMfDEyq.exe
  C:\Windows\System\bMfDEyq.exe
  2⤵
  PID:5124
- C:\Windows\System\UQtkXHW.exe
  C:\Windows\System\UQtkXHW.exe
  2⤵
  PID:5564
- C:\Windows\System\IwgSuSZ.exe
  C:\Windows\System\IwgSuSZ.exe
  2⤵
  PID:5240
- C:\Windows\System\sPzeqfy.exe
  C:\Windows\System\sPzeqfy.exe
  2⤵
  PID:5644
- C:\Windows\System\WdbIJfh.exe
  C:\Windows\System\WdbIJfh.exe
  2⤵
  PID:5848
- C:\Windows\System\XAoMmNu.exe
  C:\Windows\System\XAoMmNu.exe
  2⤵
  PID:5856
- C:\Windows\System\etLbjbR.exe
  C:\Windows\System\etLbjbR.exe
  2⤵
  PID:5592
- C:\Windows\System\SepVHsT.exe
  C:\Windows\System\SepVHsT.exe
  2⤵
  PID:5652
- C:\Windows\System\hkmaDgs.exe
  C:\Windows\System\hkmaDgs.exe
  2⤵
  PID:6048
- C:\Windows\System\AtSMujG.exe
  C:\Windows\System\AtSMujG.exe
  2⤵
  PID:5780
- C:\Windows\System\cMadfYl.exe
  C:\Windows\System\cMadfYl.exe
  2⤵
  PID:5836
- C:\Windows\System\KWbhift.exe
  C:\Windows\System\KWbhift.exe
  2⤵
  PID:5952
- C:\Windows\System\eAMBbzx.exe
  C:\Windows\System\eAMBbzx.exe
  2⤵
  PID:4860
- C:\Windows\System\VOFTZnp.exe
  C:\Windows\System\VOFTZnp.exe
  2⤵
  PID:1568
- C:\Windows\System\nnWerGZ.exe
  C:\Windows\System\nnWerGZ.exe
  2⤵
  PID:6084
- C:\Windows\System\LxiGaCW.exe
  C:\Windows\System\LxiGaCW.exe
  2⤵
  PID:6064
- C:\Windows\System\ypDlAhE.exe
  C:\Windows\System\ypDlAhE.exe
  2⤵
  PID:344
- C:\Windows\System\BPBNxaN.exe
  C:\Windows\System\BPBNxaN.exe
  2⤵
  PID:5612
- C:\Windows\System\GUuzDfd.exe
  C:\Windows\System\GUuzDfd.exe
  2⤵
  PID:5920
- C:\Windows\System\zdxAbcJ.exe
  C:\Windows\System\zdxAbcJ.exe
  2⤵
  PID:5524
- C:\Windows\System\MvZDosQ.exe
  C:\Windows\System\MvZDosQ.exe
  2⤵
  PID:5460
- C:\Windows\System\jKTTqmN.exe
  C:\Windows\System\jKTTqmN.exe
  2⤵
  PID:5256
- C:\Windows\System\pDjFiOy.exe
  C:\Windows\System\pDjFiOy.exe
  2⤵
  PID:6104
- C:\Windows\System\giZfKuw.exe
  C:\Windows\System\giZfKuw.exe
  2⤵
  PID:3036
- C:\Windows\System\XqwswRM.exe
  C:\Windows\System\XqwswRM.exe
  2⤵
  PID:5852
- C:\Windows\System\HlAUfjz.exe
  C:\Windows\System\HlAUfjz.exe
  2⤵
  PID:5656
- C:\Windows\System\pcalypY.exe
  C:\Windows\System\pcalypY.exe
  2⤵
  PID:5900
- C:\Windows\System\QAVuBuS.exe
  C:\Windows\System\QAVuBuS.exe
  2⤵
  PID:6148
- C:\Windows\System\SgeJHUp.exe
  C:\Windows\System\SgeJHUp.exe
  2⤵
  PID:6164
- C:\Windows\System\TMBCiyL.exe
  C:\Windows\System\TMBCiyL.exe
  2⤵
  PID:6180
- C:\Windows\System\yaKvmKR.exe
  C:\Windows\System\yaKvmKR.exe
  2⤵
  PID:6196
- C:\Windows\System\SfOYoKs.exe
  C:\Windows\System\SfOYoKs.exe
  2⤵
  PID:6212
- C:\Windows\System\kKHBGXZ.exe
  C:\Windows\System\kKHBGXZ.exe
  2⤵
  PID:6228
- C:\Windows\System\xggPGxY.exe
  C:\Windows\System\xggPGxY.exe
  2⤵
  PID:6244
- C:\Windows\System\aSRkhJi.exe
  C:\Windows\System\aSRkhJi.exe
  2⤵
  PID:6260
- C:\Windows\System\pdkkWFv.exe
  C:\Windows\System\pdkkWFv.exe
  2⤵
  PID:6276
- C:\Windows\System\SDCBUKr.exe
  C:\Windows\System\SDCBUKr.exe
  2⤵
  PID:6292
- C:\Windows\System\cwIkJgT.exe
  C:\Windows\System\cwIkJgT.exe
  2⤵
  PID:6308
- C:\Windows\System\httzVZL.exe
  C:\Windows\System\httzVZL.exe
  2⤵
  PID:6324
- C:\Windows\System\GYlpRCY.exe
  C:\Windows\System\GYlpRCY.exe
  2⤵
  PID:6340
- C:\Windows\System\vebTrPK.exe
  C:\Windows\System\vebTrPK.exe
  2⤵
  PID:6356
- C:\Windows\System\MwLqvwi.exe
  C:\Windows\System\MwLqvwi.exe
  2⤵
  PID:6372
- C:\Windows\System\muQnrAs.exe
  C:\Windows\System\muQnrAs.exe
  2⤵
  PID:6388
- C:\Windows\System\zopkwWP.exe
  C:\Windows\System\zopkwWP.exe
  2⤵
  PID:6404
- C:\Windows\System\sovYaMt.exe
  C:\Windows\System\sovYaMt.exe
  2⤵
  PID:6420
- C:\Windows\System\EmXUjsf.exe
  C:\Windows\System\EmXUjsf.exe
  2⤵
  PID:6436
- C:\Windows\System\NzqSqKH.exe
  C:\Windows\System\NzqSqKH.exe
  2⤵
  PID:6452
- C:\Windows\System\dATqGHG.exe
  C:\Windows\System\dATqGHG.exe
  2⤵
  PID:6468
- C:\Windows\System\TZmjAAF.exe
  C:\Windows\System\TZmjAAF.exe
  2⤵
  PID:6484
- C:\Windows\System\StQdlqN.exe
  C:\Windows\System\StQdlqN.exe
  2⤵
  PID:6500
- C:\Windows\System\vpFZzcu.exe
  C:\Windows\System\vpFZzcu.exe
  2⤵
  PID:6516
- C:\Windows\System\nXxBKOo.exe
  C:\Windows\System\nXxBKOo.exe
  2⤵
  PID:6532
- C:\Windows\System\fJHirzL.exe
  C:\Windows\System\fJHirzL.exe
  2⤵
  PID:6548
- C:\Windows\System\rjpfahr.exe
  C:\Windows\System\rjpfahr.exe
  2⤵
  PID:6564
- C:\Windows\System\iYOtetk.exe
  C:\Windows\System\iYOtetk.exe
  2⤵
  PID:6580
- C:\Windows\System\rdCdQlk.exe
  C:\Windows\System\rdCdQlk.exe
  2⤵
  PID:6596
- C:\Windows\System\HNRAAda.exe
  C:\Windows\System\HNRAAda.exe
  2⤵
  PID:6612
- C:\Windows\System\otCWVNm.exe
  C:\Windows\System\otCWVNm.exe
  2⤵
  PID:6628
- C:\Windows\System\XXCVviz.exe
  C:\Windows\System\XXCVviz.exe
  2⤵
  PID:6644
- C:\Windows\System\oNWMHoa.exe
  C:\Windows\System\oNWMHoa.exe
  2⤵
  PID:6660
- C:\Windows\System\bhPkqlD.exe
  C:\Windows\System\bhPkqlD.exe
  2⤵
  PID:6676
- C:\Windows\System\uPxfURR.exe
  C:\Windows\System\uPxfURR.exe
  2⤵
  PID:6692
- C:\Windows\System\nAhAGXn.exe
  C:\Windows\System\nAhAGXn.exe
  2⤵
  PID:6708
- C:\Windows\System\gbCvOpR.exe
  C:\Windows\System\gbCvOpR.exe
  2⤵
  PID:6724
- C:\Windows\System\pzrZbrb.exe
  C:\Windows\System\pzrZbrb.exe
  2⤵
  PID:6740
- C:\Windows\System\EalUByy.exe
  C:\Windows\System\EalUByy.exe
  2⤵
  PID:6756
- C:\Windows\System\EZfTrJl.exe
  C:\Windows\System\EZfTrJl.exe
  2⤵
  PID:6772
- C:\Windows\System\QMpCegB.exe
  C:\Windows\System\QMpCegB.exe
  2⤵
  PID:6788
- C:\Windows\System\QfCqLOI.exe
  C:\Windows\System\QfCqLOI.exe
  2⤵
  PID:6804
- C:\Windows\System\fJXBJTB.exe
  C:\Windows\System\fJXBJTB.exe
  2⤵
  PID:6820
- C:\Windows\System\MTDdNfe.exe
  C:\Windows\System\MTDdNfe.exe
  2⤵
  PID:6836
- C:\Windows\System\hpTuYzN.exe
  C:\Windows\System\hpTuYzN.exe
  2⤵
  PID:6852
- C:\Windows\System\BNNpdsK.exe
  C:\Windows\System\BNNpdsK.exe
  2⤵
  PID:6868
- C:\Windows\System\VhdUrXN.exe
  C:\Windows\System\VhdUrXN.exe
  2⤵
  PID:6884
- C:\Windows\System\tzezncR.exe
  C:\Windows\System\tzezncR.exe
  2⤵
  PID:6900
- C:\Windows\System\uejtUgW.exe
  C:\Windows\System\uejtUgW.exe
  2⤵
  PID:6916
- C:\Windows\System\jsFyEtw.exe
  C:\Windows\System\jsFyEtw.exe
  2⤵
  PID:6932
- C:\Windows\System\BCrkhAA.exe
  C:\Windows\System\BCrkhAA.exe
  2⤵
  PID:6948
- C:\Windows\System\fHOpQBl.exe
  C:\Windows\System\fHOpQBl.exe
  2⤵
  PID:6964
- C:\Windows\System\pzvubgn.exe
  C:\Windows\System\pzvubgn.exe
  2⤵
  PID:6980
- C:\Windows\System\LmrchYn.exe
  C:\Windows\System\LmrchYn.exe
  2⤵
  PID:6996
- C:\Windows\System\yePdPyB.exe
  C:\Windows\System\yePdPyB.exe
  2⤵
  PID:7012
- C:\Windows\System\nQuWbpg.exe
  C:\Windows\System\nQuWbpg.exe
  2⤵
  PID:7028
- C:\Windows\System\rsOawYC.exe
  C:\Windows\System\rsOawYC.exe
  2⤵
  PID:7044
- C:\Windows\System\pxsXUgN.exe
  C:\Windows\System\pxsXUgN.exe
  2⤵
  PID:7060
- C:\Windows\System\ZaPsZnp.exe
  C:\Windows\System\ZaPsZnp.exe
  2⤵
  PID:7076
- C:\Windows\System\zBPayGW.exe
  C:\Windows\System\zBPayGW.exe
  2⤵
  PID:7092
- C:\Windows\System\RmanwWz.exe
  C:\Windows\System\RmanwWz.exe
  2⤵
  PID:7108
- C:\Windows\System\ozBbbdE.exe
  C:\Windows\System\ozBbbdE.exe
  2⤵
  PID:7124
- C:\Windows\System\fJwHSbo.exe
  C:\Windows\System\fJwHSbo.exe
  2⤵
  PID:7140
- C:\Windows\System\TGcFlJg.exe
  C:\Windows\System\TGcFlJg.exe
  2⤵
  PID:7156
- C:\Windows\System\pXxSlLG.exe
  C:\Windows\System\pXxSlLG.exe
  2⤵
  PID:6088
- C:\Windows\System\iHOgaRC.exe
  C:\Windows\System\iHOgaRC.exe
  2⤵
  PID:5956
- C:\Windows\System\AjkxByJ.exe
  C:\Windows\System\AjkxByJ.exe
  2⤵
  PID:5340
- C:\Windows\System\XzTOTaC.exe
  C:\Windows\System\XzTOTaC.exe
  2⤵
  PID:5244
- C:\Windows\System\IWXwXHa.exe
  C:\Windows\System\IWXwXHa.exe
  2⤵
  PID:6172
- C:\Windows\System\eGoaLuV.exe
  C:\Windows\System\eGoaLuV.exe
  2⤵
  PID:6252
- C:\Windows\System\YGRCRoG.exe
  C:\Windows\System\YGRCRoG.exe
  2⤵
  PID:6256
- C:\Windows\System\VOwSjUS.exe
  C:\Windows\System\VOwSjUS.exe
  2⤵
  PID:6240
- C:\Windows\System\RRHOrTo.exe
  C:\Windows\System\RRHOrTo.exe
  2⤵
  PID:6300
- C:\Windows\System\yHAuQIt.exe
  C:\Windows\System\yHAuQIt.exe
  2⤵
  PID:6352
- C:\Windows\System\FJgFKLB.exe
  C:\Windows\System\FJgFKLB.exe
  2⤵
  PID:6416
- C:\Windows\System\ZsYSnYT.exe
  C:\Windows\System\ZsYSnYT.exe
  2⤵
  PID:6364
- C:\Windows\System\VCizytS.exe
  C:\Windows\System\VCizytS.exe
  2⤵
  PID:6512
- C:\Windows\System\GJhMlKN.exe
  C:\Windows\System\GJhMlKN.exe
  2⤵
  PID:6368
- C:\Windows\System\XqtWWHM.exe
  C:\Windows\System\XqtWWHM.exe
  2⤵
  PID:6576
- C:\Windows\System\Rqaklmu.exe
  C:\Windows\System\Rqaklmu.exe
  2⤵
  PID:6460
- C:\Windows\System\FmARpRg.exe
  C:\Windows\System\FmARpRg.exe
  2⤵
  PID:6496
- C:\Windows\System\ZIEYVOC.exe
  C:\Windows\System\ZIEYVOC.exe
  2⤵
  PID:6640
- C:\Windows\System\UdxCnpi.exe
  C:\Windows\System\UdxCnpi.exe
  2⤵
  PID:6592
- C:\Windows\System\obebglV.exe
  C:\Windows\System\obebglV.exe
  2⤵
  PID:6736
- C:\Windows\System\gDZtdrF.exe
  C:\Windows\System\gDZtdrF.exe
  2⤵
  PID:6704
- C:\Windows\System\levZsBX.exe
  C:\Windows\System\levZsBX.exe
  2⤵
  PID:6652
- C:\Windows\System\uMWgEaD.exe
  C:\Windows\System\uMWgEaD.exe
  2⤵
  PID:6720
- C:\Windows\System\nUclPqi.exe
  C:\Windows\System\nUclPqi.exe
  2⤵
  PID:6800
- C:\Windows\System\SeTWBjj.exe
  C:\Windows\System\SeTWBjj.exe
  2⤵
  PID:6864
- C:\Windows\System\PUtLyxJ.exe
  C:\Windows\System\PUtLyxJ.exe
  2⤵
  PID:6924
- C:\Windows\System\GnjCjAe.exe
  C:\Windows\System\GnjCjAe.exe
  2⤵
  PID:6844
- C:\Windows\System\GnRfiUP.exe
  C:\Windows\System\GnRfiUP.exe
  2⤵
  PID:6912
- C:\Windows\System\IEBHWBE.exe
  C:\Windows\System\IEBHWBE.exe
  2⤵
  PID:6988
- C:\Windows\System\UZCorJm.exe
  C:\Windows\System\UZCorJm.exe
  2⤵
  PID:6972
- C:\Windows\System\yLMKzxb.exe
  C:\Windows\System\yLMKzxb.exe
  2⤵
  PID:7056
- C:\Windows\System\zGJJYse.exe
  C:\Windows\System\zGJJYse.exe
  2⤵
  PID:6976
- C:\Windows\System\DuaMyIi.exe
  C:\Windows\System\DuaMyIi.exe
  2⤵
  PID:7068
- C:\Windows\System\zfvZWLu.exe
  C:\Windows\System\zfvZWLu.exe
  2⤵
  PID:7132
- C:\Windows\System\ukAbjpM.exe
  C:\Windows\System\ukAbjpM.exe
  2⤵
  PID:7152
- C:\Windows\System\EJjlQIt.exe
  C:\Windows\System\EJjlQIt.exe
  2⤵
  PID:6188
- C:\Windows\System\XEAPLHi.exe
  C:\Windows\System\XEAPLHi.exe
  2⤵
  PID:952
- C:\Windows\System\UzPdeUO.exe
  C:\Windows\System\UzPdeUO.exe
  2⤵
  PID:6224
- C:\Windows\System\HcidyKq.exe
  C:\Windows\System\HcidyKq.exe
  2⤵
  PID:6348
- C:\Windows\System\idtGUch.exe
  C:\Windows\System\idtGUch.exe
  2⤵
  PID:6572
- C:\Windows\System\EYUSQfs.exe
  C:\Windows\System\EYUSQfs.exe
  2⤵
  PID:6288
- C:\Windows\System\xgGHOna.exe
  C:\Windows\System\xgGHOna.exe
  2⤵
  PID:6528
- C:\Windows\System\CTMlkYa.exe
  C:\Windows\System\CTMlkYa.exe
  2⤵
  PID:6480
- C:\Windows\System\xIEcWwb.exe
  C:\Windows\System\xIEcWwb.exe
  2⤵
  PID:6700
- C:\Windows\System\OOfiBSA.exe
  C:\Windows\System\OOfiBSA.exe
  2⤵
  PID:6624
- C:\Windows\System\eHqTMDe.exe
  C:\Windows\System\eHqTMDe.exe
  2⤵
  PID:6492
- C:\Windows\System\itWAtJL.exe
  C:\Windows\System\itWAtJL.exe
  2⤵
  PID:6560
- C:\Windows\System\AHavKXX.exe
  C:\Windows\System\AHavKXX.exe
  2⤵
  PID:6796
- C:\Windows\System\jJEjzGz.exe
  C:\Windows\System\jJEjzGz.exe
  2⤵
  PID:6784
- C:\Windows\System\ogLgUsT.exe
  C:\Windows\System\ogLgUsT.exe
  2⤵
  PID:6816
- C:\Windows\System\IsZAyaA.exe
  C:\Windows\System\IsZAyaA.exe
  2⤵
  PID:7088
- C:\Windows\System\CTnkrlU.exe
  C:\Windows\System\CTnkrlU.exe
  2⤵
  PID:7104
- C:\Windows\System\iTjMMaE.exe
  C:\Windows\System\iTjMMaE.exe
  2⤵
  PID:7036
- C:\Windows\System\qbexDGQ.exe
  C:\Windows\System\qbexDGQ.exe
  2⤵
  PID:7136
- C:\Windows\System\vZiaPHo.exe
  C:\Windows\System\vZiaPHo.exe
  2⤵
  PID:6220
- C:\Windows\System\RqpPMSw.exe
  C:\Windows\System\RqpPMSw.exe
  2⤵
  PID:5440
- C:\Windows\System\OPoBcvP.exe
  C:\Windows\System\OPoBcvP.exe
  2⤵
  PID:6332
- C:\Windows\System\vmVslBW.exe
  C:\Windows\System\vmVslBW.exe
  2⤵
  PID:6508
- C:\Windows\System\FHTCsUC.exe
  C:\Windows\System\FHTCsUC.exe
  2⤵
  PID:1924
- C:\Windows\System\RKtMNgN.exe
  C:\Windows\System\RKtMNgN.exe
  2⤵
  PID:6880
- C:\Windows\System\iDNrCqf.exe
  C:\Windows\System\iDNrCqf.exe
  2⤵
  PID:6956
- C:\Windows\System\IKtZLtx.exe
  C:\Windows\System\IKtZLtx.exe
  2⤵
  PID:1860
- C:\Windows\System\IAImrel.exe
  C:\Windows\System\IAImrel.exe
  2⤵
  PID:1292
- C:\Windows\System\MORIdsG.exe
  C:\Windows\System\MORIdsG.exe
  2⤵
  PID:7004
- C:\Windows\System\dLneTad.exe
  C:\Windows\System\dLneTad.exe
  2⤵
  PID:6636
- C:\Windows\System\KqXUbwa.exe
  C:\Windows\System\KqXUbwa.exe
  2⤵
  PID:6752
- C:\Windows\System\PfDKMig.exe
  C:\Windows\System\PfDKMig.exe
  2⤵
  PID:6272
- C:\Windows\System\fAKdOcR.exe
  C:\Windows\System\fAKdOcR.exe
  2⤵
  PID:6892
- C:\Windows\System\QDOfKru.exe
  C:\Windows\System\QDOfKru.exe
  2⤵
  PID:6944
- C:\Windows\System\SvNOYZi.exe
  C:\Windows\System\SvNOYZi.exe
  2⤵
  PID:7180
- C:\Windows\System\AcXdvxz.exe
  C:\Windows\System\AcXdvxz.exe
  2⤵
  PID:7196
- C:\Windows\System\jtOfIGb.exe
  C:\Windows\System\jtOfIGb.exe
  2⤵
  PID:7216
- C:\Windows\System\OZnoCWd.exe
  C:\Windows\System\OZnoCWd.exe
  2⤵
  PID:7232
- C:\Windows\System\eqmMfwa.exe
  C:\Windows\System\eqmMfwa.exe
  2⤵
  PID:7248
- C:\Windows\System\ZknFTiI.exe
  C:\Windows\System\ZknFTiI.exe
  2⤵
  PID:7264
- C:\Windows\System\dnQlasj.exe
  C:\Windows\System\dnQlasj.exe
  2⤵
  PID:7280
- C:\Windows\System\COKEzkK.exe
  C:\Windows\System\COKEzkK.exe
  2⤵
  PID:7296
- C:\Windows\System\eaybolt.exe
  C:\Windows\System\eaybolt.exe
  2⤵
  PID:7312
- C:\Windows\System\NcoKYEh.exe
  C:\Windows\System\NcoKYEh.exe
  2⤵
  PID:7328
- C:\Windows\System\VfLsnUq.exe
  C:\Windows\System\VfLsnUq.exe
  2⤵
  PID:7344
- C:\Windows\System\gHITYTQ.exe
  C:\Windows\System\gHITYTQ.exe
  2⤵
  PID:7360
- C:\Windows\System\CoKbWCG.exe
  C:\Windows\System\CoKbWCG.exe
  2⤵
  PID:7376
- C:\Windows\System\xOzQciG.exe
  C:\Windows\System\xOzQciG.exe
  2⤵
  PID:7392
- C:\Windows\System\wDAUVeO.exe
  C:\Windows\System\wDAUVeO.exe
  2⤵
  PID:7408
- C:\Windows\System\SUPWATx.exe
  C:\Windows\System\SUPWATx.exe
  2⤵
  PID:7424
- C:\Windows\System\hxsBbli.exe
  C:\Windows\System\hxsBbli.exe
  2⤵
  PID:7440
- C:\Windows\System\TDBwJRo.exe
  C:\Windows\System\TDBwJRo.exe
  2⤵
  PID:7456
- C:\Windows\System\ZAfkcnO.exe
  C:\Windows\System\ZAfkcnO.exe
  2⤵
  PID:7472
- C:\Windows\System\yVWneLB.exe
  C:\Windows\System\yVWneLB.exe
  2⤵
  PID:7488
- C:\Windows\System\rPoAvpd.exe
  C:\Windows\System\rPoAvpd.exe
  2⤵
  PID:7504
- C:\Windows\System\PVUcLbZ.exe
  C:\Windows\System\PVUcLbZ.exe
  2⤵
  PID:7520
- C:\Windows\System\FOBJspG.exe
  C:\Windows\System\FOBJspG.exe
  2⤵
  PID:7536
- C:\Windows\System\TkYHkJl.exe
  C:\Windows\System\TkYHkJl.exe
  2⤵
  PID:7552
- C:\Windows\System\DmWDLVr.exe
  C:\Windows\System\DmWDLVr.exe
  2⤵
  PID:7568
- C:\Windows\System\VdAFAqk.exe
  C:\Windows\System\VdAFAqk.exe
  2⤵
  PID:7584
- C:\Windows\System\Rqgnuei.exe
  C:\Windows\System\Rqgnuei.exe
  2⤵
  PID:7600
- C:\Windows\System\JQGZXJI.exe
  C:\Windows\System\JQGZXJI.exe
  2⤵
  PID:7616
- C:\Windows\System\XKNjxnQ.exe
  C:\Windows\System\XKNjxnQ.exe
  2⤵
  PID:7632
- C:\Windows\System\couSuhD.exe
  C:\Windows\System\couSuhD.exe
  2⤵
  PID:7648
- C:\Windows\System\tFurEum.exe
  C:\Windows\System\tFurEum.exe
  2⤵
  PID:7664
- C:\Windows\System\syhRVZt.exe
  C:\Windows\System\syhRVZt.exe
  2⤵
  PID:7680
- C:\Windows\System\aNZsGVt.exe
  C:\Windows\System\aNZsGVt.exe
  2⤵
  PID:7696
- C:\Windows\System\LexfILx.exe
  C:\Windows\System\LexfILx.exe
  2⤵
  PID:7712
- C:\Windows\System\HmCFaOD.exe
  C:\Windows\System\HmCFaOD.exe
  2⤵
  PID:7728
- C:\Windows\System\xMgPNcS.exe
  C:\Windows\System\xMgPNcS.exe
  2⤵
  PID:7744
- C:\Windows\System\zZsuTKL.exe
  C:\Windows\System\zZsuTKL.exe
  2⤵
  PID:7760
- C:\Windows\System\qSdUXMX.exe
  C:\Windows\System\qSdUXMX.exe
  2⤵
  PID:7776
- C:\Windows\System\jZSDsLS.exe
  C:\Windows\System\jZSDsLS.exe
  2⤵
  PID:7792
- C:\Windows\System\iJTcSNg.exe
  C:\Windows\System\iJTcSNg.exe
  2⤵
  PID:7808
- C:\Windows\System\OnXACRz.exe
  C:\Windows\System\OnXACRz.exe
  2⤵
  PID:7824
- C:\Windows\System\awHZSBv.exe
  C:\Windows\System\awHZSBv.exe
  2⤵
  PID:7840
- C:\Windows\System\WJcKmft.exe
  C:\Windows\System\WJcKmft.exe
  2⤵
  PID:7856
- C:\Windows\System\wgjFhWK.exe
  C:\Windows\System\wgjFhWK.exe
  2⤵
  PID:7872
- C:\Windows\System\FDNyWFU.exe
  C:\Windows\System\FDNyWFU.exe
  2⤵
  PID:7888
- C:\Windows\System\snKuiCR.exe
  C:\Windows\System\snKuiCR.exe
  2⤵
  PID:7904
- C:\Windows\System\eGJXFDL.exe
  C:\Windows\System\eGJXFDL.exe
  2⤵
  PID:7920
- C:\Windows\System\chmNxQm.exe
  C:\Windows\System\chmNxQm.exe
  2⤵
  PID:7936
- C:\Windows\System\bjoRwNK.exe
  C:\Windows\System\bjoRwNK.exe
  2⤵
  PID:7952
- C:\Windows\System\AEBIhmX.exe
  C:\Windows\System\AEBIhmX.exe
  2⤵
  PID:7968
- C:\Windows\System\auPTAUJ.exe
  C:\Windows\System\auPTAUJ.exe
  2⤵
  PID:7984
- C:\Windows\System\KGbUCnu.exe
  C:\Windows\System\KGbUCnu.exe
  2⤵
  PID:8000
- C:\Windows\System\NjbqVQB.exe
  C:\Windows\System\NjbqVQB.exe
  2⤵
  PID:8016
- C:\Windows\System\biJEiZA.exe
  C:\Windows\System\biJEiZA.exe
  2⤵
  PID:8032
- C:\Windows\System\fuPuuLD.exe
  C:\Windows\System\fuPuuLD.exe
  2⤵
  PID:8048
- C:\Windows\System\oicloWw.exe
  C:\Windows\System\oicloWw.exe
  2⤵
  PID:8064
- C:\Windows\System\KawdzMj.exe
  C:\Windows\System\KawdzMj.exe
  2⤵
  PID:8080
- C:\Windows\System\tIyemuU.exe
  C:\Windows\System\tIyemuU.exe
  2⤵
  PID:8096
- C:\Windows\System\vTOVAIw.exe
  C:\Windows\System\vTOVAIw.exe
  2⤵
  PID:8112
- C:\Windows\System\WZurneT.exe
  C:\Windows\System\WZurneT.exe
  2⤵
  PID:8128
- C:\Windows\System\ygZcjwG.exe
  C:\Windows\System\ygZcjwG.exe
  2⤵
  PID:8144
- C:\Windows\System\Mxpbzil.exe
  C:\Windows\System\Mxpbzil.exe
  2⤵
  PID:8160
- C:\Windows\System\wYZZrnz.exe
  C:\Windows\System\wYZZrnz.exe
  2⤵
  PID:8176
- C:\Windows\System\CKFcyWb.exe
  C:\Windows\System\CKFcyWb.exe
  2⤵
  PID:6780
- C:\Windows\System\JOFgqHU.exe
  C:\Windows\System\JOFgqHU.exe
  2⤵
  PID:7120
- C:\Windows\System\gaSdXUj.exe
  C:\Windows\System\gaSdXUj.exe
  2⤵
  PID:7176
- C:\Windows\System\aILfqge.exe
  C:\Windows\System\aILfqge.exe
  2⤵
  PID:5136
- C:\Windows\System\OcTcsgU.exe
  C:\Windows\System\OcTcsgU.exe
  2⤵
  PID:7188
- C:\Windows\System\qlmbzhX.exe
  C:\Windows\System\qlmbzhX.exe
  2⤵
  PID:7276
- C:\Windows\System\SZmrsQI.exe
  C:\Windows\System\SZmrsQI.exe
  2⤵
  PID:7224
- C:\Windows\System\JJtwUya.exe
  C:\Windows\System\JJtwUya.exe
  2⤵
  PID:7324
- C:\Windows\System\YfyPEKa.exe
  C:\Windows\System\YfyPEKa.exe
  2⤵
  PID:7308
- C:\Windows\System\ZlPJPHX.exe
  C:\Windows\System\ZlPJPHX.exe
  2⤵
  PID:7368
- C:\Windows\System\cJswnyi.exe
  C:\Windows\System\cJswnyi.exe
  2⤵
  PID:7384
- C:\Windows\System\EpbikpH.exe
  C:\Windows\System\EpbikpH.exe
  2⤵
  PID:7468
- C:\Windows\System\nAVhcRT.exe
  C:\Windows\System\nAVhcRT.exe
  2⤵
  PID:7388
- C:\Windows\System\bTloVAJ.exe
  C:\Windows\System\bTloVAJ.exe
  2⤵
  PID:7480
- C:\Windows\System\BccXUvI.exe
  C:\Windows\System\BccXUvI.exe
  2⤵
  PID:7500
- C:\Windows\System\EKrGbZL.exe
  C:\Windows\System\EKrGbZL.exe
  2⤵
  PID:7564
- C:\Windows\System\hCDSzqC.exe
  C:\Windows\System\hCDSzqC.exe
  2⤵
  PID:7548
- C:\Windows\System\vVQIytq.exe
  C:\Windows\System\vVQIytq.exe
  2⤵
  PID:7640
- C:\Windows\System\cJKkcoE.exe
  C:\Windows\System\cJKkcoE.exe
  2⤵
  PID:7752
- C:\Windows\System\dzBBYUE.exe
  C:\Windows\System\dzBBYUE.exe
  2⤵
  PID:8012
- C:\Windows\System\ezikNbS.exe
  C:\Windows\System\ezikNbS.exe
  2⤵
  PID:8108
- C:\Windows\System\KSQuKno.exe
  C:\Windows\System\KSQuKno.exe
  2⤵
  PID:8172
- C:\Windows\System\nVkxFBW.exe
  C:\Windows\System\nVkxFBW.exe
  2⤵
  PID:7720
- C:\Windows\System\dkLokrw.exe
  C:\Windows\System\dkLokrw.exe
  2⤵
  PID:7772
- C:\Windows\System\MmDSCoX.exe
  C:\Windows\System\MmDSCoX.exe
  2⤵
  PID:7852
- C:\Windows\System\gWBBOwi.exe
  C:\Windows\System\gWBBOwi.exe
  2⤵
  PID:7884
- C:\Windows\System\kKwGedj.exe
  C:\Windows\System\kKwGedj.exe
  2⤵
  PID:7916
- C:\Windows\System\pISQUrn.exe
  C:\Windows\System\pISQUrn.exe
  2⤵
  PID:7900
- C:\Windows\System\oYPaHkC.exe
  C:\Windows\System\oYPaHkC.exe
  2⤵
  PID:7960
- C:\Windows\System\jUzCRsZ.exe
  C:\Windows\System\jUzCRsZ.exe
  2⤵
  PID:7996
- C:\Windows\System\QkMsqNY.exe
  C:\Windows\System\QkMsqNY.exe
  2⤵
  PID:8060
- C:\Windows\System\tJOtCrC.exe
  C:\Windows\System\tJOtCrC.exe
  2⤵
  PID:8152
- C:\Windows\System\UWVmiGg.exe
  C:\Windows\System\UWVmiGg.exe
  2⤵
  PID:8088
- C:\Windows\System\VBTexly.exe
  C:\Windows\System\VBTexly.exe
  2⤵
  PID:8124
- C:\Windows\System\jPNpZqK.exe
  C:\Windows\System\jPNpZqK.exe
  2⤵
  PID:7980
- C:\Windows\System\loTGnUq.exe
  C:\Windows\System\loTGnUq.exe
  2⤵
  PID:7352
- C:\Windows\System\KDhlXaD.exe
  C:\Windows\System\KDhlXaD.exe
  2⤵
  PID:7724
- C:\Windows\System\tOCFmWX.exe
  C:\Windows\System\tOCFmWX.exe
  2⤵
  PID:7816
- C:\Windows\System\JbBiWFa.exe
  C:\Windows\System\JbBiWFa.exe
  2⤵
  PID:5512
- C:\Windows\System\VRibtUJ.exe
  C:\Windows\System\VRibtUJ.exe
  2⤵
  PID:7084
- C:\Windows\System\gFaprfB.exe
  C:\Windows\System\gFaprfB.exe
  2⤵
  PID:7704
- C:\Windows\System\PVCrxDB.exe
  C:\Windows\System\PVCrxDB.exe
  2⤵
  PID:7788
- C:\Windows\System\zvOatqz.exe
  C:\Windows\System\zvOatqz.exe
  2⤵
  PID:8168
- C:\Windows\System\etmfGyU.exe
  C:\Windows\System\etmfGyU.exe
  2⤵
  PID:7212
- C:\Windows\System\tjrfdwd.exe
  C:\Windows\System\tjrfdwd.exe
  2⤵
  PID:7416
- C:\Windows\System\GitxWYp.exe
  C:\Windows\System\GitxWYp.exe
  2⤵
  PID:7560
- C:\Windows\System\fZLHCLP.exe
  C:\Windows\System\fZLHCLP.exe
  2⤵
  PID:7628
- C:\Windows\System\ChREBfl.exe
  C:\Windows\System\ChREBfl.exe
  2⤵
  PID:7644
- C:\Windows\System\lccAmNe.exe
  C:\Windows\System\lccAmNe.exe
  2⤵
  PID:7404
- C:\Windows\System\GMCneLE.exe
  C:\Windows\System\GMCneLE.exe
  2⤵
  PID:7320
- C:\Windows\System\ZiSTlzx.exe
  C:\Windows\System\ZiSTlzx.exe
  2⤵
  PID:8056
- C:\Windows\System\uHIqVwr.exe
  C:\Windows\System\uHIqVwr.exe
  2⤵
  PID:7304
- C:\Windows\System\ZoUkqQh.exe
  C:\Windows\System\ZoUkqQh.exe
  2⤵
  PID:7204
- C:\Windows\System\rQtovBw.exe
  C:\Windows\System\rQtovBw.exe
  2⤵
  PID:8136
- C:\Windows\System\njbUWRn.exe
  C:\Windows\System\njbUWRn.exe
  2⤵
  PID:7836
- C:\Windows\System\NHjKCgh.exe
  C:\Windows\System\NHjKCgh.exe
  2⤵
  PID:6608
- C:\Windows\System\kHxJSdj.exe
  C:\Windows\System\kHxJSdj.exe
  2⤵
  PID:7932
- C:\Windows\System\XwbgOfa.exe
  C:\Windows\System\XwbgOfa.exe
  2⤵
  PID:7736
- C:\Windows\System\metbbLr.exe
  C:\Windows\System\metbbLr.exe
  2⤵
  PID:7576
- C:\Windows\System\ZWpyQLI.exe
  C:\Windows\System\ZWpyQLI.exe
  2⤵
  PID:7436
- C:\Windows\System\rMeFKUd.exe
  C:\Windows\System\rMeFKUd.exe
  2⤵
  PID:8120
- C:\Windows\System\SdkVoOs.exe
  C:\Windows\System\SdkVoOs.exe
  2⤵
  PID:8196
- C:\Windows\System\YhCRqta.exe
  C:\Windows\System\YhCRqta.exe
  2⤵
  PID:8220
- C:\Windows\System\hMeBmAZ.exe
  C:\Windows\System\hMeBmAZ.exe
  2⤵
  PID:8240
- C:\Windows\System\SvnsZRl.exe
  C:\Windows\System\SvnsZRl.exe
  2⤵
  PID:8268
- C:\Windows\System\ijxtnRP.exe
  C:\Windows\System\ijxtnRP.exe
  2⤵
  PID:8292
- C:\Windows\System\RPySAcG.exe
  C:\Windows\System\RPySAcG.exe
  2⤵
  PID:8312
- C:\Windows\System\sqrdHqZ.exe
  C:\Windows\System\sqrdHqZ.exe
  2⤵
  PID:8340
- C:\Windows\System\PgZgHbD.exe
  C:\Windows\System\PgZgHbD.exe
  2⤵
  PID:8360
- C:\Windows\System\iAvqSIO.exe
  C:\Windows\System\iAvqSIO.exe
  2⤵
  PID:8380
- C:\Windows\System\ujPchCZ.exe
  C:\Windows\System\ujPchCZ.exe
  2⤵
  PID:8400
- C:\Windows\System\BPbhXZp.exe
  C:\Windows\System\BPbhXZp.exe
  2⤵
  PID:8420
- C:\Windows\System\ZOUBxUM.exe
  C:\Windows\System\ZOUBxUM.exe
  2⤵
  PID:8440
- C:\Windows\System\NOOJidV.exe
  C:\Windows\System\NOOJidV.exe
  2⤵
  PID:8460
- C:\Windows\System\rKFZFGl.exe
  C:\Windows\System\rKFZFGl.exe
  2⤵
  PID:8476
- C:\Windows\System\sWWjSqB.exe
  C:\Windows\System\sWWjSqB.exe
  2⤵
  PID:8492
- C:\Windows\System\WIvoLOd.exe
  C:\Windows\System\WIvoLOd.exe
  2⤵
  PID:8508
- C:\Windows\System\BNqpWMM.exe
  C:\Windows\System\BNqpWMM.exe
  2⤵
  PID:8528
- C:\Windows\System\DwvyIvL.exe
  C:\Windows\System\DwvyIvL.exe
  2⤵
  PID:8544
- C:\Windows\System\MhjRQpi.exe
  C:\Windows\System\MhjRQpi.exe
  2⤵
  PID:8564
- C:\Windows\System\nKzxzBk.exe
  C:\Windows\System\nKzxzBk.exe
  2⤵
  PID:8580
- C:\Windows\System\nXzamhc.exe
  C:\Windows\System\nXzamhc.exe
  2⤵
  PID:8608
- C:\Windows\System\GbjpZak.exe
  C:\Windows\System\GbjpZak.exe
  2⤵
  PID:8624
- C:\Windows\System\fuNdVsj.exe
  C:\Windows\System\fuNdVsj.exe
  2⤵
  PID:8640
- C:\Windows\System\RpnmqKS.exe
  C:\Windows\System\RpnmqKS.exe
  2⤵
  PID:8656
- C:\Windows\System\iBWMvSi.exe
  C:\Windows\System\iBWMvSi.exe
  2⤵
  PID:8696
- C:\Windows\System\EPzZeHr.exe
  C:\Windows\System\EPzZeHr.exe
  2⤵
  PID:8716
- C:\Windows\System\uWtryzB.exe
  C:\Windows\System\uWtryzB.exe
  2⤵
  PID:8744
- C:\Windows\System\bxkkATi.exe
  C:\Windows\System\bxkkATi.exe
  2⤵
  PID:8764
- C:\Windows\System\LyfRinG.exe
  C:\Windows\System\LyfRinG.exe
  2⤵
  PID:8784
- C:\Windows\System\vyRzalR.exe
  C:\Windows\System\vyRzalR.exe
  2⤵
  PID:8800
- C:\Windows\System\jMHjSES.exe
  C:\Windows\System\jMHjSES.exe
  2⤵
  PID:8816
- C:\Windows\System\rNqowhX.exe
  C:\Windows\System\rNqowhX.exe
  2⤵
  PID:8840
- C:\Windows\System\bRXFQTR.exe
  C:\Windows\System\bRXFQTR.exe
  2⤵
  PID:8860
- C:\Windows\System\TvIotEy.exe
  C:\Windows\System\TvIotEy.exe
  2⤵
  PID:8884
- C:\Windows\System\qJkPfYB.exe
  C:\Windows\System\qJkPfYB.exe
  2⤵
  PID:8908
- C:\Windows\System\lnVpzvY.exe
  C:\Windows\System\lnVpzvY.exe
  2⤵
  PID:8928
- C:\Windows\System\vyLytoz.exe
  C:\Windows\System\vyLytoz.exe
  2⤵
  PID:8948
- C:\Windows\System\AYSgUHP.exe
  C:\Windows\System\AYSgUHP.exe
  2⤵
  PID:8968
- C:\Windows\System\KNONhRa.exe
  C:\Windows\System\KNONhRa.exe
  2⤵
  PID:8988
- C:\Windows\System\LufLEKj.exe
  C:\Windows\System\LufLEKj.exe
  2⤵
  PID:9012
- C:\Windows\System\rauYQPi.exe
  C:\Windows\System\rauYQPi.exe
  2⤵
  PID:9036
- C:\Windows\System\eWsihJa.exe
  C:\Windows\System\eWsihJa.exe
  2⤵
  PID:9060
- C:\Windows\System\wlvQbmC.exe
  C:\Windows\System\wlvQbmC.exe
  2⤵
  PID:9076
- C:\Windows\System\AvogwxI.exe
  C:\Windows\System\AvogwxI.exe
  2⤵
  PID:9092
- C:\Windows\System\LIVRItQ.exe
  C:\Windows\System\LIVRItQ.exe
  2⤵
  PID:9108
- C:\Windows\System\UpCFyYv.exe
  C:\Windows\System\UpCFyYv.exe
  2⤵
  PID:9124
- C:\Windows\System\nObwyVl.exe
  C:\Windows\System\nObwyVl.exe
  2⤵
  PID:9144
- C:\Windows\System\yFvGbvr.exe
  C:\Windows\System\yFvGbvr.exe
  2⤵
  PID:9160
- C:\Windows\System\rtqUQYR.exe
  C:\Windows\System\rtqUQYR.exe
  2⤵
  PID:9176
- C:\Windows\System\QziXvfO.exe
  C:\Windows\System\QziXvfO.exe
  2⤵
  PID:9192
- C:\Windows\System\ukZhOUG.exe
  C:\Windows\System\ukZhOUG.exe
  2⤵
  PID:9208
- C:\Windows\System\kQpekij.exe
  C:\Windows\System\kQpekij.exe
  2⤵
  PID:8228
- C:\Windows\System\rSmgXYM.exe
  C:\Windows\System\rSmgXYM.exe
  2⤵
  PID:8280
- C:\Windows\System\aENyEBt.exe
  C:\Windows\System\aENyEBt.exe
  2⤵
  PID:8328
- C:\Windows\System\nRgzpdP.exe
  C:\Windows\System\nRgzpdP.exe
  2⤵
  PID:8368
- C:\Windows\System\hKKwIEP.exe
  C:\Windows\System\hKKwIEP.exe
  2⤵
  PID:8416
- C:\Windows\System\FkxXXjO.exe
  C:\Windows\System\FkxXXjO.exe
  2⤵
  PID:8484
- C:\Windows\System\ipkrVdX.exe
  C:\Windows\System\ipkrVdX.exe
  2⤵
  PID:8520
- C:\Windows\System\DiYZXvN.exe
  C:\Windows\System\DiYZXvN.exe
  2⤵
  PID:8592
- C:\Windows\System\eduQRzf.exe
  C:\Windows\System\eduQRzf.exe
  2⤵
  PID:8632
- C:\Windows\System\VMlRmaK.exe
  C:\Windows\System\VMlRmaK.exe
  2⤵
  PID:8680
- C:\Windows\System\TtFtXWJ.exe
  C:\Windows\System\TtFtXWJ.exe
  2⤵
  PID:8248
- C:\Windows\System\gnIwUpZ.exe
  C:\Windows\System\gnIwUpZ.exe
  2⤵
  PID:448
- C:\Windows\System\gCjzLYV.exe
  C:\Windows\System\gCjzLYV.exe
  2⤵
  PID:8104
- C:\Windows\System\ybMfgeW.exe
  C:\Windows\System\ybMfgeW.exe
  2⤵
  PID:8204
- C:\Windows\System\FaarekJ.exe
  C:\Windows\System\FaarekJ.exe
  2⤵
  PID:8252
- C:\Windows\System\KcAjMby.exe
  C:\Windows\System\KcAjMby.exe
  2⤵
  PID:8300
- C:\Windows\System\FdIXBUg.exe
  C:\Windows\System\FdIXBUg.exe
  2⤵
  PID:8352
- C:\Windows\System\dRXtdqH.exe
  C:\Windows\System\dRXtdqH.exe
  2⤵
  PID:8432
- C:\Windows\System\lXkjYFF.exe
  C:\Windows\System\lXkjYFF.exe
  2⤵
  PID:8504
- C:\Windows\System\YZaeVba.exe
  C:\Windows\System\YZaeVba.exe
  2⤵
  PID:8616
- C:\Windows\System\YncIhfY.exe
  C:\Windows\System\YncIhfY.exe
  2⤵
  PID:8692
- C:\Windows\System\SOamSIZ.exe
  C:\Windows\System\SOamSIZ.exe
  2⤵
  PID:8724
- C:\Windows\System\gSIzeQM.exe
  C:\Windows\System\gSIzeQM.exe
  2⤵
  PID:8712
- C:\Windows\System\pZOeFSm.exe
  C:\Windows\System\pZOeFSm.exe
  2⤵
  PID:8808
- C:\Windows\System\gfuivpb.exe
  C:\Windows\System\gfuivpb.exe
  2⤵
  PID:8836
- C:\Windows\System\kAItpzF.exe
  C:\Windows\System\kAItpzF.exe
  2⤵
  PID:8904
- C:\Windows\System\GezIpUY.exe
  C:\Windows\System\GezIpUY.exe
  2⤵
  PID:8980
- C:\Windows\System\HoAWQmc.exe
  C:\Windows\System\HoAWQmc.exe
  2⤵
  PID:9068
- C:\Windows\System\hIvPtsa.exe
  C:\Windows\System\hIvPtsa.exe
  2⤵
  PID:9104
- C:\Windows\System\yErbxRN.exe
  C:\Windows\System\yErbxRN.exe
  2⤵
  PID:8868
- C:\Windows\System\rmqDVvG.exe
  C:\Windows\System\rmqDVvG.exe
  2⤵
  PID:9132
- C:\Windows\System\QncwzrE.exe
  C:\Windows\System\QncwzrE.exe
  2⤵
  PID:9168
- C:\Windows\System\jfeuGgn.exe
  C:\Windows\System\jfeuGgn.exe
  2⤵
  PID:8916
- C:\Windows\System\emFuSYa.exe
  C:\Windows\System\emFuSYa.exe
  2⤵
  PID:8964
- C:\Windows\System\bdqqVpO.exe
  C:\Windows\System\bdqqVpO.exe
  2⤵
  PID:9008
- C:\Windows\System\gAFcqND.exe
  C:\Windows\System\gAFcqND.exe
  2⤵
  PID:8236
- C:\Windows\System\JfRxlWK.exe
  C:\Windows\System\JfRxlWK.exe
  2⤵
  PID:9184
- C:\Windows\System\jXgnCzc.exe
  C:\Windows\System\jXgnCzc.exe
  2⤵
  PID:9116
- C:\Windows\System\ECuXzpO.exe
  C:\Windows\System\ECuXzpO.exe
  2⤵
  PID:8560
- C:\Windows\System\ackHnUB.exe
  C:\Windows\System\ackHnUB.exe
  2⤵
  PID:8664
- C:\Windows\System\paAxPVq.exe
  C:\Windows\System\paAxPVq.exe
  2⤵
  PID:9152
- C:\Windows\System\whIsONb.exe
  C:\Windows\System\whIsONb.exe
  2⤵
  PID:8288
- C:\Windows\System\aXUEpfr.exe
  C:\Windows\System\aXUEpfr.exe
  2⤵
  PID:8524
- C:\Windows\System\XerZccZ.exe
  C:\Windows\System\XerZccZ.exe
  2⤵
  PID:7592
- C:\Windows\System\vBVbIUj.exe
  C:\Windows\System\vBVbIUj.exe
  2⤵
  PID:7448
- C:\Windows\System\cewRYrE.exe
  C:\Windows\System\cewRYrE.exe
  2⤵
  PID:8264
- C:\Windows\System\jDQilfB.exe
  C:\Windows\System\jDQilfB.exe
  2⤵
  PID:8396
- C:\Windows\System\XxyXJov.exe
  C:\Windows\System\XxyXJov.exe
  2⤵
  PID:8216
- C:\Windows\System\RKTTBQK.exe
  C:\Windows\System\RKTTBQK.exe
  2⤵
  PID:8212
- C:\Windows\System\nJfxZzi.exe
  C:\Windows\System\nJfxZzi.exe
  2⤵
  PID:8728
- C:\Windows\System\MVgrdmv.exe
  C:\Windows\System\MVgrdmv.exe
  2⤵
  PID:8772
- C:\Windows\System\RTlAfCk.exe
  C:\Windows\System\RTlAfCk.exe
  2⤵
  PID:8500
- C:\Windows\System\LxnKara.exe
  C:\Windows\System\LxnKara.exe
  2⤵
  PID:8652
- C:\Windows\System\xObpwjo.exe
  C:\Windows\System\xObpwjo.exe
  2⤵
  PID:8900
- C:\Windows\System\pnToEEL.exe
  C:\Windows\System\pnToEEL.exe
  2⤵
  PID:9028
- C:\Windows\System\mkslIyv.exe
  C:\Windows\System\mkslIyv.exe
  2⤵
  PID:8876
- C:\Windows\System\WCRehCz.exe
  C:\Windows\System\WCRehCz.exe
  2⤵
  PID:9032
- C:\Windows\System\JJThDPc.exe
  C:\Windows\System\JJThDPc.exe
  2⤵
  PID:8960
- C:\Windows\System\NYqzNxV.exe
  C:\Windows\System\NYqzNxV.exe
  2⤵
  PID:8320
- C:\Windows\System\zFHqmjy.exe
  C:\Windows\System\zFHqmjy.exe
  2⤵
  PID:9048
- C:\Windows\System\vbNajgL.exe
  C:\Windows\System\vbNajgL.exe
  2⤵
  PID:9084
- C:\Windows\System\RzspEyE.exe
  C:\Windows\System\RzspEyE.exe
  2⤵
  PID:8388
- C:\Windows\System\fYQtjbH.exe
  C:\Windows\System\fYQtjbH.exe
  2⤵
  PID:8572
- C:\Windows\System\SqzKaXi.exe
  C:\Windows\System\SqzKaXi.exe
  2⤵
  PID:8336
- C:\Windows\System\JfVfafh.exe
  C:\Windows\System\JfVfafh.exe
  2⤵
  PID:7676
- C:\Windows\System\THyrpxG.exe
  C:\Windows\System\THyrpxG.exe
  2⤵
  PID:7372
- C:\Windows\System\sVAVoBt.exe
  C:\Windows\System\sVAVoBt.exe
  2⤵
  PID:8488
- C:\Windows\System\WmYzeFb.exe
  C:\Windows\System\WmYzeFb.exe
  2⤵
  PID:8028
- C:\Windows\System\hkkVMIE.exe
  C:\Windows\System\hkkVMIE.exe
  2⤵
  PID:8648
- C:\Windows\System\bUuOWLL.exe
  C:\Windows\System\bUuOWLL.exe
  2⤵
  PID:9088
- C:\Windows\System\epYgMUk.exe
  C:\Windows\System\epYgMUk.exe
  2⤵
  PID:8704
- C:\Windows\System\CyWyyrV.exe
  C:\Windows\System\CyWyyrV.exe
  2⤵
  PID:8924
- C:\Windows\System\vVmezlP.exe
  C:\Windows\System\vVmezlP.exe
  2⤵
  PID:8676
- C:\Windows\System\NNddesE.exe
  C:\Windows\System\NNddesE.exe
  2⤵
  PID:8856
- C:\Windows\System\YLmLovG.exe
  C:\Windows\System\YLmLovG.exe
  2⤵
  PID:8600
- C:\Windows\System\FpRKQHj.exe
  C:\Windows\System\FpRKQHj.exe
  2⤵
  PID:8428
- C:\Windows\System\ukRKltl.exe
  C:\Windows\System\ukRKltl.exe
  2⤵
  PID:8880
- C:\Windows\System\zQmNpXX.exe
  C:\Windows\System\zQmNpXX.exe
  2⤵
  PID:9056
- C:\Windows\System\tNtjSrQ.exe
  C:\Windows\System\tNtjSrQ.exe
  2⤵
  PID:8412
- C:\Windows\System\jPnAHvt.exe
  C:\Windows\System\jPnAHvt.exe
  2⤵
  PID:9232
- C:\Windows\System\Bpgwcbg.exe
  C:\Windows\System\Bpgwcbg.exe
  2⤵
  PID:9264
- C:\Windows\System\FcIvbnc.exe
  C:\Windows\System\FcIvbnc.exe
  2⤵
  PID:9292
- C:\Windows\System\hUWRCZv.exe
  C:\Windows\System\hUWRCZv.exe
  2⤵
  PID:9308
- C:\Windows\System\GuAqPog.exe
  C:\Windows\System\GuAqPog.exe
  2⤵
  PID:9324
- C:\Windows\System\ZJgycmB.exe
  C:\Windows\System\ZJgycmB.exe
  2⤵
  PID:9416
- C:\Windows\System\SLRDZbH.exe
  C:\Windows\System\SLRDZbH.exe
  2⤵
  PID:9480
- C:\Windows\System\UXMJklT.exe
  C:\Windows\System\UXMJklT.exe
  2⤵
  PID:9496
- C:\Windows\System\CbijxBq.exe
  C:\Windows\System\CbijxBq.exe
  2⤵
  PID:9512
- C:\Windows\System\NRTNcOL.exe
  C:\Windows\System\NRTNcOL.exe
  2⤵
  PID:9528
- C:\Windows\System\tLmakIu.exe
  C:\Windows\System\tLmakIu.exe
  2⤵
  PID:9544
- C:\Windows\System\BubfnzK.exe
  C:\Windows\System\BubfnzK.exe
  2⤵
  PID:9560
- C:\Windows\System\kgGEuCU.exe
  C:\Windows\System\kgGEuCU.exe
  2⤵
  PID:9576
- C:\Windows\System\osPjMYm.exe
  C:\Windows\System\osPjMYm.exe
  2⤵
  PID:9592
- C:\Windows\System\UquFinm.exe
  C:\Windows\System\UquFinm.exe
  2⤵
  PID:9612
- C:\Windows\System\pdcqamb.exe
  C:\Windows\System\pdcqamb.exe
  2⤵
  PID:9628
- C:\Windows\System\AtCIUfa.exe
  C:\Windows\System\AtCIUfa.exe
  2⤵
  PID:9648
- C:\Windows\System\NHPuSOP.exe
  C:\Windows\System\NHPuSOP.exe
  2⤵
  PID:9744
- C:\Windows\System\SfmRGvy.exe
  C:\Windows\System\SfmRGvy.exe
  2⤵
  PID:9848
- C:\Windows\System\IGKwOuT.exe
  C:\Windows\System\IGKwOuT.exe
  2⤵
  PID:9956
- C:\Windows\System\CTMNHYs.exe
  C:\Windows\System\CTMNHYs.exe
  2⤵
  PID:9972
- C:\Windows\System\tlkYSPI.exe
  C:\Windows\System\tlkYSPI.exe
  2⤵
  PID:9992
- C:\Windows\System\TggLPWJ.exe
  C:\Windows\System\TggLPWJ.exe
  2⤵
  PID:10020
- C:\Windows\System\RinzoCm.exe
  C:\Windows\System\RinzoCm.exe
  2⤵
  PID:10040
- C:\Windows\System\iBNERzM.exe
  C:\Windows\System\iBNERzM.exe
  2⤵
  PID:10092
- C:\Windows\System\ltskRPD.exe
  C:\Windows\System\ltskRPD.exe
  2⤵
  PID:10116
- C:\Windows\System\AtExSXl.exe
  C:\Windows\System\AtExSXl.exe
  2⤵
  PID:10136
- C:\Windows\System\lCMXljz.exe
  C:\Windows\System\lCMXljz.exe
  2⤵
  PID:10152
- C:\Windows\System\qtmaKIS.exe
  C:\Windows\System\qtmaKIS.exe
  2⤵
  PID:10168
- C:\Windows\System\eoSmakq.exe
  C:\Windows\System\eoSmakq.exe
  2⤵
  PID:10184
- C:\Windows\System\gHaqHpO.exe
  C:\Windows\System\gHaqHpO.exe
  2⤵
  PID:10200
- C:\Windows\System\OQCwYlu.exe
  C:\Windows\System\OQCwYlu.exe
  2⤵
  PID:10216
- C:\Windows\System\RApTJBE.exe
  C:\Windows\System\RApTJBE.exe
  2⤵
  PID:10232
- C:\Windows\System\qWZrjUZ.exe
  C:\Windows\System\qWZrjUZ.exe
  2⤵
  PID:8604
- C:\Windows\System\hCeeIqu.exe
  C:\Windows\System\hCeeIqu.exe
  2⤵
  PID:9240
- C:\Windows\System\cprkQKP.exe
  C:\Windows\System\cprkQKP.exe
  2⤵
  PID:8456
- C:\Windows\System\CWrQpfi.exe
  C:\Windows\System\CWrQpfi.exe
  2⤵
  PID:9304
- C:\Windows\System\VzIGrSt.exe
  C:\Windows\System\VzIGrSt.exe
  2⤵
  PID:8308
- C:\Windows\System\cqIWOEC.exe
  C:\Windows\System\cqIWOEC.exe
  2⤵
  PID:9276
- C:\Windows\System\eFYiQXt.exe
  C:\Windows\System\eFYiQXt.exe
  2⤵
  PID:9316
- C:\Windows\System\YgrnbQT.exe
  C:\Windows\System\YgrnbQT.exe
  2⤵
  PID:9356
- C:\Windows\System\iDCPLXg.exe
  C:\Windows\System\iDCPLXg.exe
  2⤵
  PID:9352
- C:\Windows\System\RLQgiYp.exe
  C:\Windows\System\RLQgiYp.exe
  2⤵
  PID:9388
- C:\Windows\System\CiUrynS.exe
  C:\Windows\System\CiUrynS.exe
  2⤵
  PID:9380
- C:\Windows\System\VBucuVt.exe
  C:\Windows\System\VBucuVt.exe
  2⤵
  PID:9440
- C:\Windows\System\pcAqenz.exe
  C:\Windows\System\pcAqenz.exe
  2⤵
  PID:9456
- C:\Windows\System\KIAhWBC.exe
  C:\Windows\System\KIAhWBC.exe
  2⤵
  PID:9508
- C:\Windows\System\gqKKcCw.exe
  C:\Windows\System\gqKKcCw.exe
  2⤵
  PID:9472
- C:\Windows\System\mUFQEfl.exe
  C:\Windows\System\mUFQEfl.exe
  2⤵
  PID:9488
- C:\Windows\System\gHBizLY.exe
  C:\Windows\System\gHBizLY.exe
  2⤵
  PID:9588
- C:\Windows\System\sVBKbyk.exe
  C:\Windows\System\sVBKbyk.exe
  2⤵
  PID:9572
- C:\Windows\System\hOMqDvM.exe
  C:\Windows\System\hOMqDvM.exe
  2⤵
  PID:9636
- C:\Windows\System\wkfpHIp.exe
  C:\Windows\System\wkfpHIp.exe
  2⤵
  PID:9672
- C:\Windows\System\VtUzGnk.exe
  C:\Windows\System\VtUzGnk.exe
  2⤵
  PID:9708
- C:\Windows\System\yzFKiks.exe
  C:\Windows\System\yzFKiks.exe
  2⤵
  PID:9732
- C:\Windows\System\VSjcoLb.exe
  C:\Windows\System\VSjcoLb.exe
  2⤵
  PID:9764
- C:\Windows\System\oBBDMNU.exe
  C:\Windows\System\oBBDMNU.exe
  2⤵
  PID:9776
- C:\Windows\System\mvxeSbJ.exe
  C:\Windows\System\mvxeSbJ.exe
  2⤵
  PID:9820
- C:\Windows\System\ggNkLCK.exe
  C:\Windows\System\ggNkLCK.exe
  2⤵
  PID:9812
- C:\Windows\System\pxtRYei.exe
  C:\Windows\System\pxtRYei.exe
  2⤵
  PID:9780
- C:\Windows\System\BhWatZO.exe
  C:\Windows\System\BhWatZO.exe
  2⤵
  PID:9896
- C:\Windows\System\DZsSSUM.exe
  C:\Windows\System\DZsSSUM.exe
  2⤵
  PID:9928
- C:\Windows\System\nhUsZKb.exe
  C:\Windows\System\nhUsZKb.exe
  2⤵
  PID:10076
- C:\Windows\System\uRbphVh.exe
  C:\Windows\System\uRbphVh.exe
  2⤵
  PID:10212
- C:\Windows\System\oibzpJM.exe
  C:\Windows\System\oibzpJM.exe
  2⤵
  PID:10192
- C:\Windows\System\oyzEwdZ.exe
  C:\Windows\System\oyzEwdZ.exe
  2⤵
  PID:9400
- C:\Windows\System\BWlcFYD.exe
  C:\Windows\System\BWlcFYD.exe
  2⤵
  PID:10196
- C:\Windows\System\ewyzfxI.exe
  C:\Windows\System\ewyzfxI.exe
  2⤵
  PID:9428
- C:\Windows\System\WQuolsX.exe
  C:\Windows\System\WQuolsX.exe
  2⤵
  PID:9476
- C:\Windows\System\ebNsiSV.exe
  C:\Windows\System\ebNsiSV.exe
  2⤵
  PID:9860
- C:\Windows\System\iJFoufg.exe
  C:\Windows\System\iJFoufg.exe
  2⤵
  PID:9904
- C:\Windows\System\fSnaRKs.exe
  C:\Windows\System\fSnaRKs.exe
  2⤵
  PID:9452
- C:\Windows\System\OcMhbJG.exe
  C:\Windows\System\OcMhbJG.exe
  2⤵
  PID:9384
- C:\Windows\System\kZOnyDU.exe
  C:\Windows\System\kZOnyDU.exe
  2⤵
  PID:9556
- C:\Windows\System\YJzjTxT.exe
  C:\Windows\System\YJzjTxT.exe
  2⤵
  PID:9644
- C:\Windows\System\dWjzkcT.exe
  C:\Windows\System\dWjzkcT.exe
  2⤵
  PID:9664
- C:\Windows\System\fBKhVOa.exe
  C:\Windows\System\fBKhVOa.exe
  2⤵
  PID:9736
- C:\Windows\System\ofpAZhy.exe
  C:\Windows\System\ofpAZhy.exe
  2⤵
  PID:9768
- C:\Windows\System\ZfagxkV.exe
  C:\Windows\System\ZfagxkV.exe
  2⤵
  PID:9804
- C:\Windows\System\NCRUimZ.exe
  C:\Windows\System\NCRUimZ.exe
  2⤵
  PID:9876
- C:\Windows\System\MPtsfgD.exe
  C:\Windows\System\MPtsfgD.exe
  2⤵
  PID:9668
- C:\Windows\System\yMQheYN.exe
  C:\Windows\System\yMQheYN.exe
  2⤵
  PID:9856
- C:\Windows\System\xmeiimj.exe
  C:\Windows\System\xmeiimj.exe
  2⤵
  PID:9964
- C:\Windows\System\SfHSSAU.exe
  C:\Windows\System\SfHSSAU.exe
  2⤵
  PID:9892
- C:\Windows\System\vsfBUEW.exe
  C:\Windows\System\vsfBUEW.exe
  2⤵
  PID:10012
- C:\Windows\System\xexUxvK.exe
  C:\Windows\System\xexUxvK.exe
  2⤵
  PID:10104
- C:\Windows\System\zlVPmuY.exe
  C:\Windows\System\zlVPmuY.exe
  2⤵
  PID:10032
- C:\Windows\System\JowTGff.exe
  C:\Windows\System\JowTGff.exe
  2⤵
  PID:10072
- C:\Windows\System\jODRGkj.exe
  C:\Windows\System\jODRGkj.exe
  2⤵
  PID:8956
- C:\Windows\System\WlGNoJp.exe
  C:\Windows\System\WlGNoJp.exe
  2⤵
  PID:9260
- C:\Windows\System\xWYKnVo.exe
  C:\Windows\System\xWYKnVo.exe
  2⤵
  PID:10124
- C:\Windows\System\MqduAAb.exe
  C:\Windows\System\MqduAAb.exe
  2⤵
  PID:8824
- C:\Windows\System\meNGgwz.exe
  C:\Windows\System\meNGgwz.exe
  2⤵
  PID:9336
- C:\Windows\System\RfQSuqF.exe
  C:\Windows\System\RfQSuqF.exe
  2⤵
  PID:9680
- C:\Windows\System\hMVjkho.exe
  C:\Windows\System\hMVjkho.exe
  2⤵
  PID:9492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CqbYOZc.exe

Filesize
6.0MB

MD5
f1d7b97a85f273d81da6aa96b6e65ad4

SHA1
f4f941277f927b25d395bc51a9943bb3e8134a54

SHA256
5a7932979481cba48b6eb1dda6c7551d519e429df32e5594d4467892849b726a

SHA512
ea8ff8907e956ef3e666ffb66a89c22e3c52cb85adb949a3e8966884fe31b6181acf6fd530d45991612731c182fce2d49e529c417a312a0371c0e321733ca9fd

Download Submit
C:\Windows\system\CtKrDsh.exe

Filesize
6.0MB

MD5
b5b4f1d882d4638ba754aaaf6c37567d

SHA1
1121cfad76b7c8d4e0a4e1a78a39f34d34418704

SHA256
40c45a082a7cd90f18551b22325f14cb47f086b696d2319a0991f27e64c260f1

SHA512
0b831bdcd1ee1751fd82bff50b63481e6ed7a47aca772f40bf4b9521eddfcbf14c4fb9dffef6c1d7e567cd5278d793f8cf67d4c89fb7f12668c8f91de1fdb2d8

Download Submit
C:\Windows\system\ELIEcyl.exe

Filesize
6.0MB

MD5
24f71c21f859cfa2db7a18851dca4dee

SHA1
0706d4b5e90bafe2d8cf5e8bf9d5069e301717cf

SHA256
1c47c27612bc34cdc3b6b708486ec6710e60df90caf8fa72e901434d49e0878c

SHA512
52515fcce8ec7cd23e7d2ab4e2d3bd76d81bdd4966cc18c75945c2ed5f7a86cdcab908dda2538c63c4a5df5ac01d84c98dd53a7c7c129874fc2c2ad192fbca39

Download Submit
C:\Windows\system\NLAdcHO.exe

Filesize
6.0MB

MD5
c06cd0dd826b4b8c42809e2f7cd3d2e7

SHA1
0bd74ca059bb1e568108a5f78b8a739c4898b26a

SHA256
3f157376183555705a52af54d01c571026e810f3b501a38973b9c2f9143ee6cc

SHA512
9801198c8e182d476f9e2adc0fd86509258abb13f1b86de0574814720838d62cb4120bcee666d87f79f09ea2c46f3cb7376df126f116d18d95afc06d63f1c853

Download Submit
C:\Windows\system\NYULCVO.exe

Filesize
6.0MB

MD5
8db9bc16570b4f49cac0b68fffbecd69

SHA1
13d68f0b9f383e47df5d3ef63d34c4aba4e6cf5b

SHA256
c7bfb8d124c1e657e83397ce978e357cd2f8f85ed64d1a7bfb91e64f352bd00d

SHA512
338065aa0a58ac6b20675b6c5865b9ba85857fe3f45c69e4368b680b46e533db63eb059dfea80df2685c04fba0d24debd01900f004d8a13fe1b3a8ca603cde16

Download Submit
C:\Windows\system\NgOhpEb.exe

Filesize
6.0MB

MD5
ebce1b56a731670ad87aeafc73d8037b

SHA1
a1df3d3b557e6c4f814ff9e1bdb8f8d262b883ed

SHA256
044e70a11c261e7839463c837dc13cc6d0be199892e3f3f54596da80cf36eb47

SHA512
404261d8b4896e7ef1e2018137ed652cab932bde196aad13ec8e6aa2db71350023250dc43d40fe30b4ada6a094eeb7e759611bb07e6fc9429464b55b7a5d36da

Download Submit
C:\Windows\system\QHFkuQD.exe

Filesize
6.0MB

MD5
6c22d14804b50f6eb4b03d516d645ed8

SHA1
a1388b9b1b10161ec694ae10f405b14c8ff9e7c6

SHA256
ba931f50b9bea4d999b116587a8a6e34022224d0c0e8ed267d8b21c3302ca22b

SHA512
1f833963076f91e740ae6d9006c5c29c712f9f8ff0117ea2490028641932d13adf291d52444146bc08af5881815a2b9277d54f4232f63db4e3ede3600d4376f7

Download Submit
C:\Windows\system\SwXHJFA.exe

Filesize
6.0MB

MD5
5919eb1608431800406a9e5d34af3ea6

SHA1
47f25f9a4a6f92caefea63804e40ed2c61cd310c

SHA256
264ea62612f856b3fa1e0065a4badd9bfe29da2cf161f6af729e19b3ad69b1ec

SHA512
9f300dc9ca172a4b3a397c995d3d53c2e1a61cf294dac49223931429206b1eabc23274097fff70214e79f122f7709e4a3e45b172cb6e0e2e1b17faae19cd8f90

Download Submit
C:\Windows\system\UJcloEQ.exe

Filesize
6.0MB

MD5
aa62b2f57ec63467f3f40207e291d764

SHA1
9ea059cf7857cf081413dec80f653d673957400e

SHA256
7ae1e01c6126f5b81ea2262c5ae71cdc423a0e4856898375d5f76bdabb56e6d9

SHA512
82343a9ff1ead135847d3ae06d85850a40152c66abbace23131c13680e23e6ddf933a19c58e18b7768482021501d8d03214e9cb441624266661b341596937c24

Download Submit
C:\Windows\system\WEwuode.exe

Filesize
6.0MB

MD5
414e5dcd6265cfa1399819e3820eaac1

SHA1
385cff0da48acabde32c7d1957bb0ce05809396f

SHA256
5a93275cf0e9f102247f15645dba793191ae18a87d61ce4dd928a6e7c64e55c2

SHA512
cbb752e4e5d6d54dda5d77dc3673e4814ec2cb961896abc09c311cb6e1bcfbdc7c3deb635753d73a3331338b4d612d90ad9e8c17a424fc9f8c7d17bc6d40fe28

Download Submit
C:\Windows\system\XtuQCTK.exe

Filesize
6.0MB

MD5
1839a4ce62ef98cb8c3a4172bddf9745

SHA1
24f28b668d11b1df1ebc19fa347289ed932fb5f5

SHA256
6126dde1d4499920485102ff5d9740ac7a976ee26fae235d851c8aa5876a0e08

SHA512
1b89527b0e8bce924af42f072ff375e82d09bab746bb7b66d5c644167dc1fd44980a9b36d628ef7863f1bd223935fe8e6a3bfef5a5b2321aac57d1867b72a0b7

Download Submit
C:\Windows\system\YZJFeNt.exe

Filesize
6.0MB

MD5
d44fc7fbed65d366d52bd2db90f48cf1

SHA1
fe483f5cf35d7e6b5e29ce065baa9fac63d56cb6

SHA256
0dd5aa0903429d9834d15f8699b09dc7eb07411bb5c9a3ce34966fe997ab56eb

SHA512
8f3632669b3f13064f30a81d9093768582c64eace057fe0f85766079c92af780c5d4df06b79a691fdc0a11daac57d25e380297dbd174c3d104928ff32f121905

Download Submit
C:\Windows\system\ZXPoHLB.exe

Filesize
6.0MB

MD5
b13cf9f84601fb86f56477326c1fa4cc

SHA1
d09a3c94283c7c18783ca5fb03a2a9ca3261a3a9

SHA256
e9cc59373f29bf22e9389500efa6775432dcb5fb3fb23f0033d2b1d3050d7854

SHA512
2cf682a57626d5167629e1e08fb11d1f9e4f6b3c9c33a0a052e9f2e7c99e4ff41549145c37744cf6272ab59e8d9cb443ebb566a0761984394de8e0cac60f5e79

Download Submit
C:\Windows\system\cbgXKPr.exe

Filesize
6.0MB

MD5
f340f84b49aacaeb37436d42132ff799

SHA1
596b97a640fb918268d1c1b0834e597bd4e42897

SHA256
a26606cf97013fb02ca582e4215c837e797f7a4dad53d28ad3ca6d72aeb10dc5

SHA512
bbec44137c0744c7c3dacb2dc5ae00eddc42fb0fb3133d92fd001f0750c5e03dc48945537d60722ae5a4cbaa85f44d6af4e0664173a6787fb59add8553206779

Download Submit
C:\Windows\system\cwGetDm.exe

Filesize
6.0MB

MD5
86d1164327f470fcd8b258f707a5eec7

SHA1
66a7eaae39403ece982828e19045677db0ad9ec6

SHA256
19781c91ddc862c48f298cb0515fec3e1956bc8dbf2ed82e9d1bce538f8e2d91

SHA512
28848d29c2e0313a1c798203d624fe69b3da8984da436c74b96dd41cf82499ea194cc1afcfea9a1fe1dd9e4034b4777ce156f19cc768ec5a4535cec87fe0b4b3

Download Submit
C:\Windows\system\epbiZfw.exe

Filesize
6.0MB

MD5
7bba6f0f97431956416dec93ac21e7cf

SHA1
0654f65d38b794a3f9e4ea025c3705945fe663a2

SHA256
29a46b5cd39ce7f8177ba1221de6488b40069347535723576e11bbe1fd29f83b

SHA512
0e88dbae5f27b027875a2909736b6585bea0a6733a1bc7b5b9adfc7bdfb6f86a91eeb9554cf18f213ad450d6761adcb98fbf22dd60f2a8b2589538f3f58d2da5

Download Submit
C:\Windows\system\etAGizO.exe

Filesize
6.0MB

MD5
e7a5d8a56e0f577d1a944806458111f5

SHA1
59fa9d9e434f0b01a371a4ec10b9ac765d691895

SHA256
54defff9f0a3deb0e3eb777bdb44e8675505e5ecb8de7777442c997ef202158a

SHA512
9dbdce2742b7a295baadb3ac10c017e5dea1faf60bc83ba01ea71d2aea53a05b4d0bf1410a82951b7c7ef2b6008811a6f6f8fe3c04bc30158e5a9cb38d1965ff

Download Submit
C:\Windows\system\gZnnWfS.exe

Filesize
6.0MB

MD5
2dee0625516c1a79904fdcaf8f95bca7

SHA1
b444853d5a35fae8899ca499104b55c0327b0380

SHA256
a00705108c5c03d7de0516fa223601cc433c44395e4d311dd094d68ca554ea29

SHA512
032694b681e273220a4e239fb3b1c2a2d082fad089f5a3c3eb0f46ab2465f985ba35b15ee5e2112f85e8b463761916daa07d3db73354c0f53b6d04814d69b931

Download Submit
C:\Windows\system\kDIZgrC.exe

Filesize
6.0MB

MD5
916544519a86184a6e5ac5e1531fe89f

SHA1
3e8ea025c41da1250faac7e002add9f3477767d4

SHA256
909a5beea73a27606ade26980de4b697196c8cefe3b9feb5c0b026006c52d59f

SHA512
7a95022aa90d8c615eddbeab2af4ea01c438fe7f5e68796534ea8d04dad0dcacc68355202cb6943484b24c01688921178dad6583b95c9706e9175671bb56531b

Download Submit
C:\Windows\system\klBegHD.exe

Filesize
6.0MB

MD5
3b4b053ce7abe8743edca4549c13c168

SHA1
87d756adfbbd9260891a1675ada3ff15c680a7b4

SHA256
54762cff34f96901037a2bea0042c53c2cb2713d8432debf0f6d7177c4b93aa6

SHA512
a15fc44fdbc25db6e6b56888fcc720887cfe30bfcbd3318562563451ecf3550409c0005bd482d10169ac5ffe3aaed4b4471b5ca392108f50247be60d0728e5ea

Download Submit
C:\Windows\system\lbXdJkv.exe

Filesize
6.0MB

MD5
e41a137d66ef099f4bafec09315c6d07

SHA1
9a42efa7e0b2b7f2fd4c36108153b697bd829acb

SHA256
c185c1a23b4e7471f09e3bf8e89de371a8846651488401f8cb8faa17649a976b

SHA512
ff2ae529d53e2262bf8fe3fdbb662a97843a097cbcaae6ae5610811881eec2d5b0e46bf395a78d3b725a1ab8795f12512bccb0eb3e5dbeb1a4713d20477b9d5e

Download Submit
C:\Windows\system\pksyuRi.exe

Filesize
6.0MB

MD5
1f48bf5567c536e9186d4c294eef56c2

SHA1
1adfbc07b2c79035afd7fa39d76eed9ddd1563e5

SHA256
03b5b60510667a5b99de0f3acbabae8bd96a7e278594f1e9e6d916eb39a97fab

SHA512
07ecb86ad11683c42fef184fdea7b611618a035a0808b79668a9ef21438770fd88dc9bdd64ed811dab1195f28de700104f485582ae8a2075a339a6422102a803

Download Submit
C:\Windows\system\qnhGeUU.exe

Filesize
6.0MB

MD5
a5c529445d00185f90561de2f1aef102

SHA1
f2a8a44dd3000de0f6ef94929e8f028c3e0fcc7c

SHA256
bd067f848aa33b91b04dae5a8e9aba072cd1510c62e17bd2351e3404910738ba

SHA512
5b84a72f6fc0310030a660addef6da16b0617f56553aa86624ca52b2b9187f8516f7f7ecdcfb7697e02bd610f4b7e36d14a61bad882727e57d8b2c0e8d0e32f2

Download Submit
C:\Windows\system\rXGfEvS.exe

Filesize
6.0MB

MD5
b2073ed90fd91f3297cfbc5944ee736a

SHA1
305b03adcd9bd6cd15c009a62594bf0309f7e44b

SHA256
4c3d33336ef3d8d90cb85e7c6169330a6e0585f5cea697233cc42319c4106e89

SHA512
64071ddf678609fc3b90f278440e6802f979b550a24db40a1d38bbcce4c8e3c299f153ba571750fd812ffc71e36a26ac5fca7bbe91226d6f0e8bb54ad29b05f3

Download Submit
C:\Windows\system\tobyZFJ.exe

Filesize
6.0MB

MD5
246dec641150a726d912c20db47d7fe2

SHA1
7f15c8602f2a718fad5c4738f6b5f31701850f2b

SHA256
97943efdc65cb0fc927bdd0e581d17cf6602767fff1b112c43d1bd59d465d181

SHA512
9a7025494a00de936a12f799caae7fd7006eb25c456e64a8681b35b146f197a17a92933d441d77605e8591d36acd02e90a83d3813d3dbae31b48281fc9583bf9

Download Submit
C:\Windows\system\vHgyiCN.exe

Filesize
6.0MB

MD5
32ec81ef1aadab038e58f0394901ee02

SHA1
85493a2b49e70542534b3737f2bbcf862ecbe76f

SHA256
d9ba84a3507a36c61867d1e33a52b747fde13fb20301c00c5cd4d479015eac3f

SHA512
089b7f7060265d077a7224fef1b76f97d71f2c409ce6b7838bfe9db4327b77e106125d0ec0e1d3a6f0ea56a253fe1619d246ea0ca08c470ba7da5400e2831f36

Download Submit
C:\Windows\system\wQqjsxU.exe

Filesize
6.0MB

MD5
8e8816ee6d15360246e380e1bc6bf446

SHA1
34e27e9624ae1c3f5fbcefa1030ed452afcb476b

SHA256
a95274b95e62eb904066f93683911e139b10e0bf6bc57a071c6fd6e06e289bb5

SHA512
c07edce9f1020faab68b48c1a1fb881d5119d0f1e71d9f0fe775e09192a7c2a3275776fb6adb8554c0f3a647421621544e9e86bea5465f93a2f1f1157be384a0

Download Submit
C:\Windows\system\zGaJJVp.exe

Filesize
6.0MB

MD5
accd1235b3a8d2a42d25ce09e28cdd01

SHA1
fee3e6a79f77640123e7a064e1555d3a83cc7ed6

SHA256
e0de4316d0c6f2891f267ff10d7f8070cf39d683b24901df347fe8729a9ea7c8

SHA512
49ba5e1e547b2687878289192e03002f9902c0264af08b16f5ce63464189c5bd03902ff6bd1f5aa30d4e2876f9a5147443c287775a00f11a5f8ed70b2d1bcc3b

Download Submit
\Windows\system\IZnhdBf.exe

Filesize
6.0MB

MD5
a04c521aea0f8676e9f5b1c327362fab

SHA1
8049fb75e0f048839eacb3a50619a44e241aed8e

SHA256
8e20a2e920bc81f1721adf51d4c173c816e87b52e24cdd179266400136602252

SHA512
cb87e8d5b788885269d6a1d4d22ceb21708faf6117211aa33f77c0a8a2a9458f2b35412a6f88091f14082ed97a24e5581e80a12612ff66bf0c45b19cf78f70bd

Download Submit
\Windows\system\XoMpIIU.exe

Filesize
6.0MB

MD5
f746f6e98ce2116680bc709146d12eec

SHA1
68dfc36338a0d2c9830d568cfbeb1f0ff681bc82

SHA256
34105b95725f7638f6a30872d02253bd024403807dee4c0389e74c6bba32879c

SHA512
6e81241b09613d327cfe367fb8dac6b4b41d239a6485975a41219155cde4f990188cfb7cdd5a26355c70dffe44e4f90f477c732240a5bf9db3c4a8d3a7908394

Download Submit
\Windows\system\omhaycf.exe

Filesize
6.0MB

MD5
b596d30c2d17fb495d23919fd9303dd4

SHA1
792968bd308c4add155e3d8109633b7d8b52ca8c

SHA256
e507195c54397a9299cee60c54136986622d4e204cb1d196326ab5004c25183b

SHA512
878ca804f286c822a01588683fd639a03a16caf6257eefad2abab20d6f40c29b2f8eb033c55d77d27d11258cf9f8791e36b77a5691d7a5ed0299e4bae79fb409

Download Submit
\Windows\system\sDLoNcU.exe

Filesize
6.0MB

MD5
c1b50408b07cbe638dd2563a1a3c6c69

SHA1
2d14c3be9b2ef655ad24998d12b9bcb8e3892045

SHA256
c805a777da2fbf344d3ad7c74eba9e3e37a8827d6537b877f165048882bb7d67

SHA512
809e4740df2d42af87352839521a8e2bd82e96733598eba6c7ba5fdd726e2e519fc7c705876e3e9528014bf6a0832baf7d8eb2a050d2bb23e44718f9da816195

Download Submit
\Windows\system\vzIEQQI.exe

Filesize
6.0MB

MD5
c5add39cce3c89bd25563c9270f08eaf

SHA1
669e210be2310f40ad21d2e5fc4a750d819af075

SHA256
d6dd1b3b09409c3cdc931045a8c833acd499cb9fb8e18de54cd91c53933d1bb3

SHA512
325da37ffb3448df11e40280420a5d1324509bcef6222a5db1156e0c156af2234699a1a7af13a2bf39d234f2d99736439b4565c36122263aef0e043bc8acedbb

Download Submit
memory/332-61-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/332-3483-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1032-43-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1032-3436-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1032-184-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1780-437-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1780-3489-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1780-83-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2120-440-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3486-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-88-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3492-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-443-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-96-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3514-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-442-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-95-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-444-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2332-97-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3485-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2520-60-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3487-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3446-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2624-37-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2632-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3513-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2632-441-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-8-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2756-67-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3420-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2788-69-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2788-21-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3378-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2840-436-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2840-102-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-435-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2840-57-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2840-438-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-47-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-36-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-25-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2840-17-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-42-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-87-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2840-439-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-7-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2840-86-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-75-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2840-27-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2840-62-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2840-85-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-29-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3399-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-93-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-26-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3418-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download