cobaltstrike | fd3493e2de144f933411e458d8b13265d04688201179c4531c0a7c0b7641180a

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2eb3581cc407d94fd7e88424db659e40
SHA1

4176a6922f5ea8854abde25634e964a426a03e39
SHA256

fd3493e2de144f933411e458d8b13265d04688201179c4531c0a7c0b7641180a
SHA512

ba518813c3884501f0a80aa80bf714721b25a5d98fefbaf6d7c917a3ce60602b9468917359487a94a8b2e6ff88b91d7afe6a3ad3a751c4812f23b9990ef95bd6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d68-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca0-31.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-70.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-60.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-92.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2312-7-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-9.dat	xmrig
behavioral1/files/0x0008000000016c89-21.dat	xmrig
behavioral1/memory/2052-13-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b86-11.dat	xmrig
behavioral1/files/0x0007000000016cf0-36.dat	xmrig
behavioral1/memory/1636-37-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2472-25-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2604-62-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1968-32-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d68-73.dat	xmrig
behavioral1/files/0x0005000000018697-66.dat	xmrig
behavioral1/memory/2312-53-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d4c-52.dat	xmrig
behavioral1/memory/3028-43-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-40.dat	xmrig
behavioral1/memory/2472-71-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca0-31.dat	xmrig
behavioral1/memory/2300-30-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-70.dat	xmrig
behavioral1/memory/2052-65-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/1636-63-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2408-61-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-60.dat	xmrig
behavioral1/memory/1636-34-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/1636-81-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/files/0x00080000000164de-84.dat	xmrig
behavioral1/files/0x000500000001870c-88.dat	xmrig
behavioral1/files/0x0005000000018745-96.dat	xmrig
behavioral1/files/0x0006000000018d7b-104.dat	xmrig
behavioral1/files/0x0006000000018fdf-112.dat	xmrig
behavioral1/files/0x0005000000019203-120.dat	xmrig
behavioral1/files/0x00050000000192a1-148.dat	xmrig
behavioral1/files/0x000500000001938e-160.dat	xmrig
behavioral1/files/0x0005000000019358-156.dat	xmrig
behavioral1/files/0x0005000000019354-152.dat	xmrig
behavioral1/files/0x0005000000019299-144.dat	xmrig
behavioral1/files/0x000500000001927a-140.dat	xmrig
behavioral1/files/0x0005000000019274-136.dat	xmrig
behavioral1/files/0x0005000000019261-132.dat	xmrig
behavioral1/files/0x000500000001924f-128.dat	xmrig
behavioral1/files/0x0005000000019237-124.dat	xmrig
behavioral1/files/0x0006000000019056-116.dat	xmrig
behavioral1/files/0x0006000000018d83-108.dat	xmrig
behavioral1/files/0x0006000000018be7-100.dat	xmrig
behavioral1/files/0x000500000001871c-92.dat	xmrig
behavioral1/memory/2996-648-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2708-649-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2692-650-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2684-652-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1636-653-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2608-660-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1636-662-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2416-684-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1968-1042-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3028-1121-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2300-969-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2604-1465-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1636-1784-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2608-1799-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1636-1802-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2684-1787-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2312	uycAdnx.exe
2052	xsFhFRp.exe
2472	uZYdIyn.exe
2300	suiGaFx.exe
1968	KQfaJvM.exe
3028	pMtAiRy.exe
2408	xEEwfGU.exe
2604	UKhSruQ.exe
2416	mkTWsnF.exe
2996	SiVtSws.exe
2708	XfysUih.exe
2692	gFAxNPx.exe
2684	VRGAAdV.exe
2608	IldCqsg.exe
2500	ncEutzk.exe
2540	kbfWszo.exe
2424	IqFWbsK.exe
2980	TSYcDUt.exe
3004	AkoeVUy.exe
2316	PMIbzpT.exe
1316	aPevtnv.exe
1624	HQOBiiU.exe
2320	deXRWDF.exe
1076	SekTiXS.exe
1252	TWbgDdb.exe
1620	FMiclCL.exe
1676	GRbROwi.exe
1940	DFtHwig.exe
308	wcfpVja.exe
2016	AFPrLuL.exe
2824	cmLYZbw.exe
2772	ltvCWrF.exe
2828	zGGcpvp.exe
692	FyJddGh.exe
2832	RnqHLlJ.exe
2116	hlazwNr.exe
2952	yJtfDcj.exe
2844	SvIMUMG.exe
1008	Prbotgd.exe
2160	hDWtDEn.exe
544	tNTgQey.exe
2096	xnLpzjI.exe
776	pmhPcuU.exe
2092	IkzcbJA.exe
796	HLIVHBE.exe
1936	NRWvflL.exe
1360	svqxicU.exe
1884	TltWqKD.exe
640	mLMJwEY.exe
1668	IdLApZK.exe
1356	iWLkItQ.exe
1928	ImPlNBq.exe
288	xwUHWDJ.exe
856	JQVfKKy.exe
1688	RXKyeIa.exe
884	vhgDIpO.exe
2336	rtHcjNk.exe
2928	QnzNERa.exe
1684	uvGBkDS.exe
2148	tgpHHPe.exe
2224	ffkSxPG.exe
560	cDvvAMw.exe
2848	WOFBvoP.exe
1792	iPlMHBf.exe

Loads dropped DLL 64 IoCs

pid	Process
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2312-7-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0008000000016890-9.dat	upx
behavioral1/files/0x0008000000016c89-21.dat	upx
behavioral1/memory/2052-13-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x0008000000016b86-11.dat	upx
behavioral1/files/0x0007000000016cf0-36.dat	upx
behavioral1/memory/1636-37-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2472-25-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2604-62-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1968-32-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0009000000016d68-73.dat	upx
behavioral1/files/0x0005000000018697-66.dat	upx
behavioral1/memory/2312-53-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0007000000016d4c-52.dat	upx
behavioral1/memory/3028-43-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-40.dat	upx
behavioral1/memory/2472-71-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000016ca0-31.dat	upx
behavioral1/memory/2300-30-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0005000000018706-70.dat	upx
behavioral1/memory/2052-65-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2408-61-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000d000000018683-60.dat	upx
behavioral1/memory/1636-81-0x00000000024B0000-0x0000000002804000-memory.dmp	upx
behavioral1/files/0x00080000000164de-84.dat	upx
behavioral1/files/0x000500000001870c-88.dat	upx
behavioral1/files/0x0005000000018745-96.dat	upx
behavioral1/files/0x0006000000018d7b-104.dat	upx
behavioral1/files/0x0006000000018fdf-112.dat	upx
behavioral1/files/0x0005000000019203-120.dat	upx
behavioral1/files/0x00050000000192a1-148.dat	upx
behavioral1/files/0x000500000001938e-160.dat	upx
behavioral1/files/0x0005000000019358-156.dat	upx
behavioral1/files/0x0005000000019354-152.dat	upx
behavioral1/files/0x0005000000019299-144.dat	upx
behavioral1/files/0x000500000001927a-140.dat	upx
behavioral1/files/0x0005000000019274-136.dat	upx
behavioral1/files/0x0005000000019261-132.dat	upx
behavioral1/files/0x000500000001924f-128.dat	upx
behavioral1/files/0x0005000000019237-124.dat	upx
behavioral1/files/0x0006000000019056-116.dat	upx
behavioral1/files/0x0006000000018d83-108.dat	upx
behavioral1/files/0x0006000000018be7-100.dat	upx
behavioral1/files/0x000500000001871c-92.dat	upx
behavioral1/memory/2996-648-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2708-649-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2692-650-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2684-652-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2608-660-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2416-684-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1968-1042-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3028-1121-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2300-969-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2604-1465-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2608-1799-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2684-1787-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2312-2941-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2052-2961-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2472-2980-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/3028-2985-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2408-2989-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2300-2993-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kyIKElu.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIFMNhs.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsjqSlK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciJYaMn.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbzmsbV.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvftBrV.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMMaNIm.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiqgYdz.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsqYnwj.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkOUxSM.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYggrMA.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzcWFfK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaQWpdT.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jreOmGh.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrPjtIV.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOWHaPg.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgaDVZN.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgmDdkF.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWvCxJi.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhXQVvW.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJjOykk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBmhuDi.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niVijmp.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yluvByl.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkoeVUy.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEODSpP.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRZbhDv.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftCIVWg.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTIJVzk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgjQAAm.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIStvsc.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glSwIpt.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onimhDH.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRbROwi.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XObjoNR.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqBSKYx.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMWfxTg.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePfPHqn.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InszZoQ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMqIZFK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejoEUjI.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhUoVVG.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMIbzpT.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWLkItQ.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgGxcrK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnnKrMc.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtdVOkk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tweIYoa.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpaHkeR.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTsFzyd.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLMJwEY.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFFFOqR.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRjEWLA.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHJUXaL.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWWTNgu.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueDZOBB.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUBWnEa.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoZBGwX.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msjgzQK.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbOSeXN.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJeDhRt.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omzlbKu.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsYhLxE.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucKLyuk.exe	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2312	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2312	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2312	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1636 wrote to memory of 2052	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2052	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2052	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1636 wrote to memory of 2300	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2300	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2300	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1636 wrote to memory of 2472	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 2472	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 2472	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1636 wrote to memory of 1968	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 1968	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 1968	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1636 wrote to memory of 3028	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 3028	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 3028	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1636 wrote to memory of 2416	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 2416	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 2416	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1636 wrote to memory of 2408	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2408	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2408	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1636 wrote to memory of 2996	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2996	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2996	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1636 wrote to memory of 2604	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2604	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2604	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1636 wrote to memory of 2708	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2708	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2708	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1636 wrote to memory of 2692	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2692	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2692	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1636 wrote to memory of 2684	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2684	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2684	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1636 wrote to memory of 2608	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2608	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2608	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1636 wrote to memory of 2500	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2500	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2500	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1636 wrote to memory of 2540	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2540	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2540	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1636 wrote to memory of 2424	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2424	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2424	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1636 wrote to memory of 2980	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 2980	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 2980	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1636 wrote to memory of 3004	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 3004	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 3004	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1636 wrote to memory of 2316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 2316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 2316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1636 wrote to memory of 1316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 1316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 1316	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1636 wrote to memory of 1624	1636	2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_2eb3581cc407d94fd7e88424db659e40_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\System\uycAdnx.exe
  C:\Windows\System\uycAdnx.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\xsFhFRp.exe
  C:\Windows\System\xsFhFRp.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\suiGaFx.exe
  C:\Windows\System\suiGaFx.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\uZYdIyn.exe
  C:\Windows\System\uZYdIyn.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\KQfaJvM.exe
  C:\Windows\System\KQfaJvM.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\pMtAiRy.exe
  C:\Windows\System\pMtAiRy.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\mkTWsnF.exe
  C:\Windows\System\mkTWsnF.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xEEwfGU.exe
  C:\Windows\System\xEEwfGU.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SiVtSws.exe
  C:\Windows\System\SiVtSws.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UKhSruQ.exe
  C:\Windows\System\UKhSruQ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\XfysUih.exe
  C:\Windows\System\XfysUih.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\gFAxNPx.exe
  C:\Windows\System\gFAxNPx.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\VRGAAdV.exe
  C:\Windows\System\VRGAAdV.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\IldCqsg.exe
  C:\Windows\System\IldCqsg.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ncEutzk.exe
  C:\Windows\System\ncEutzk.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\kbfWszo.exe
  C:\Windows\System\kbfWszo.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\IqFWbsK.exe
  C:\Windows\System\IqFWbsK.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\TSYcDUt.exe
  C:\Windows\System\TSYcDUt.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\AkoeVUy.exe
  C:\Windows\System\AkoeVUy.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\PMIbzpT.exe
  C:\Windows\System\PMIbzpT.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\aPevtnv.exe
  C:\Windows\System\aPevtnv.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\HQOBiiU.exe
  C:\Windows\System\HQOBiiU.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\deXRWDF.exe
  C:\Windows\System\deXRWDF.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\SekTiXS.exe
  C:\Windows\System\SekTiXS.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\TWbgDdb.exe
  C:\Windows\System\TWbgDdb.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\FMiclCL.exe
  C:\Windows\System\FMiclCL.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GRbROwi.exe
  C:\Windows\System\GRbROwi.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\DFtHwig.exe
  C:\Windows\System\DFtHwig.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\wcfpVja.exe
  C:\Windows\System\wcfpVja.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\AFPrLuL.exe
  C:\Windows\System\AFPrLuL.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\cmLYZbw.exe
  C:\Windows\System\cmLYZbw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ltvCWrF.exe
  C:\Windows\System\ltvCWrF.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\zGGcpvp.exe
  C:\Windows\System\zGGcpvp.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\FyJddGh.exe
  C:\Windows\System\FyJddGh.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\RnqHLlJ.exe
  C:\Windows\System\RnqHLlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\hlazwNr.exe
  C:\Windows\System\hlazwNr.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\yJtfDcj.exe
  C:\Windows\System\yJtfDcj.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SvIMUMG.exe
  C:\Windows\System\SvIMUMG.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\Prbotgd.exe
  C:\Windows\System\Prbotgd.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\hDWtDEn.exe
  C:\Windows\System\hDWtDEn.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\tNTgQey.exe
  C:\Windows\System\tNTgQey.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\xnLpzjI.exe
  C:\Windows\System\xnLpzjI.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\pmhPcuU.exe
  C:\Windows\System\pmhPcuU.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\IkzcbJA.exe
  C:\Windows\System\IkzcbJA.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\HLIVHBE.exe
  C:\Windows\System\HLIVHBE.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\NRWvflL.exe
  C:\Windows\System\NRWvflL.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\svqxicU.exe
  C:\Windows\System\svqxicU.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\TltWqKD.exe
  C:\Windows\System\TltWqKD.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\mLMJwEY.exe
  C:\Windows\System\mLMJwEY.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\IdLApZK.exe
  C:\Windows\System\IdLApZK.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\iWLkItQ.exe
  C:\Windows\System\iWLkItQ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\ImPlNBq.exe
  C:\Windows\System\ImPlNBq.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\xwUHWDJ.exe
  C:\Windows\System\xwUHWDJ.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\JQVfKKy.exe
  C:\Windows\System\JQVfKKy.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\RXKyeIa.exe
  C:\Windows\System\RXKyeIa.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\vhgDIpO.exe
  C:\Windows\System\vhgDIpO.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\rtHcjNk.exe
  C:\Windows\System\rtHcjNk.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\QnzNERa.exe
  C:\Windows\System\QnzNERa.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\uvGBkDS.exe
  C:\Windows\System\uvGBkDS.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\tgpHHPe.exe
  C:\Windows\System\tgpHHPe.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ffkSxPG.exe
  C:\Windows\System\ffkSxPG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\cDvvAMw.exe
  C:\Windows\System\cDvvAMw.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\WOFBvoP.exe
  C:\Windows\System\WOFBvoP.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\iPlMHBf.exe
  C:\Windows\System\iPlMHBf.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\Yaamsgz.exe
  C:\Windows\System\Yaamsgz.exe
  2⤵
  PID:2168
- C:\Windows\System\EGgRVLE.exe
  C:\Windows\System\EGgRVLE.exe
  2⤵
  PID:900
- C:\Windows\System\VldEvqd.exe
  C:\Windows\System\VldEvqd.exe
  2⤵
  PID:2480
- C:\Windows\System\eoRLLSR.exe
  C:\Windows\System\eoRLLSR.exe
  2⤵
  PID:2068
- C:\Windows\System\IWAnRJR.exe
  C:\Windows\System\IWAnRJR.exe
  2⤵
  PID:1804
- C:\Windows\System\OFFFOqR.exe
  C:\Windows\System\OFFFOqR.exe
  2⤵
  PID:1600
- C:\Windows\System\WhTHgZW.exe
  C:\Windows\System\WhTHgZW.exe
  2⤵
  PID:2304
- C:\Windows\System\TVAMKks.exe
  C:\Windows\System\TVAMKks.exe
  2⤵
  PID:2272
- C:\Windows\System\cptJWfA.exe
  C:\Windows\System\cptJWfA.exe
  2⤵
  PID:1460
- C:\Windows\System\EuEpdBV.exe
  C:\Windows\System\EuEpdBV.exe
  2⤵
  PID:1812
- C:\Windows\System\uyWUrGl.exe
  C:\Windows\System\uyWUrGl.exe
  2⤵
  PID:1976
- C:\Windows\System\rFwbXMp.exe
  C:\Windows\System\rFwbXMp.exe
  2⤵
  PID:2636
- C:\Windows\System\xaMGNBK.exe
  C:\Windows\System\xaMGNBK.exe
  2⤵
  PID:2820
- C:\Windows\System\RyaHlhK.exe
  C:\Windows\System\RyaHlhK.exe
  2⤵
  PID:2464
- C:\Windows\System\FoEOocM.exe
  C:\Windows\System\FoEOocM.exe
  2⤵
  PID:3052
- C:\Windows\System\LqfykPS.exe
  C:\Windows\System\LqfykPS.exe
  2⤵
  PID:2792
- C:\Windows\System\tmmrbYY.exe
  C:\Windows\System\tmmrbYY.exe
  2⤵
  PID:1652
- C:\Windows\System\fPiewkw.exe
  C:\Windows\System\fPiewkw.exe
  2⤵
  PID:2932
- C:\Windows\System\DLUDBdw.exe
  C:\Windows\System\DLUDBdw.exe
  2⤵
  PID:2600
- C:\Windows\System\JdCqdGS.exe
  C:\Windows\System\JdCqdGS.exe
  2⤵
  PID:2700
- C:\Windows\System\ATykcEs.exe
  C:\Windows\System\ATykcEs.exe
  2⤵
  PID:3020
- C:\Windows\System\UFVoquS.exe
  C:\Windows\System\UFVoquS.exe
  2⤵
  PID:2524
- C:\Windows\System\BUHFrAv.exe
  C:\Windows\System\BUHFrAv.exe
  2⤵
  PID:2496
- C:\Windows\System\pBwTayi.exe
  C:\Windows\System\pBwTayi.exe
  2⤵
  PID:2616
- C:\Windows\System\ydIThXH.exe
  C:\Windows\System\ydIThXH.exe
  2⤵
  PID:2724
- C:\Windows\System\ybWJxrG.exe
  C:\Windows\System\ybWJxrG.exe
  2⤵
  PID:1580
- C:\Windows\System\DQkrMXT.exe
  C:\Windows\System\DQkrMXT.exe
  2⤵
  PID:1144
- C:\Windows\System\DfZRfvc.exe
  C:\Windows\System\DfZRfvc.exe
  2⤵
  PID:2400
- C:\Windows\System\Eltknls.exe
  C:\Windows\System\Eltknls.exe
  2⤵
  PID:1788
- C:\Windows\System\xUUrwfO.exe
  C:\Windows\System\xUUrwfO.exe
  2⤵
  PID:1944
- C:\Windows\System\CXWfwjY.exe
  C:\Windows\System\CXWfwjY.exe
  2⤵
  PID:1992
- C:\Windows\System\rWldCDy.exe
  C:\Windows\System\rWldCDy.exe
  2⤵
  PID:2564
- C:\Windows\System\HpslfbF.exe
  C:\Windows\System\HpslfbF.exe
  2⤵
  PID:2992
- C:\Windows\System\nwJaRMe.exe
  C:\Windows\System\nwJaRMe.exe
  2⤵
  PID:2596
- C:\Windows\System\IxaVMOz.exe
  C:\Windows\System\IxaVMOz.exe
  2⤵
  PID:2988
- C:\Windows\System\HzmwLMy.exe
  C:\Windows\System\HzmwLMy.exe
  2⤵
  PID:1756
- C:\Windows\System\BYdSZEa.exe
  C:\Windows\System\BYdSZEa.exe
  2⤵
  PID:960
- C:\Windows\System\tGEfXlu.exe
  C:\Windows\System\tGEfXlu.exe
  2⤵
  PID:2144
- C:\Windows\System\PJJuVzJ.exe
  C:\Windows\System\PJJuVzJ.exe
  2⤵
  PID:2892
- C:\Windows\System\zTHomCZ.exe
  C:\Windows\System\zTHomCZ.exe
  2⤵
  PID:1700
- C:\Windows\System\rIGIZud.exe
  C:\Windows\System\rIGIZud.exe
  2⤵
  PID:936
- C:\Windows\System\KUBWnEa.exe
  C:\Windows\System\KUBWnEa.exe
  2⤵
  PID:2060
- C:\Windows\System\BTJgOqB.exe
  C:\Windows\System\BTJgOqB.exe
  2⤵
  PID:1516
- C:\Windows\System\bBafaTv.exe
  C:\Windows\System\bBafaTv.exe
  2⤵
  PID:1396
- C:\Windows\System\NUDTEir.exe
  C:\Windows\System\NUDTEir.exe
  2⤵
  PID:2748
- C:\Windows\System\xDxZMIw.exe
  C:\Windows\System\xDxZMIw.exe
  2⤵
  PID:2372
- C:\Windows\System\QvLATER.exe
  C:\Windows\System\QvLATER.exe
  2⤵
  PID:2676
- C:\Windows\System\rqkDocN.exe
  C:\Windows\System\rqkDocN.exe
  2⤵
  PID:2128
- C:\Windows\System\FmJlHvM.exe
  C:\Windows\System\FmJlHvM.exe
  2⤵
  PID:708
- C:\Windows\System\PBOeqJE.exe
  C:\Windows\System\PBOeqJE.exe
  2⤵
  PID:3048
- C:\Windows\System\YFEocWx.exe
  C:\Windows\System\YFEocWx.exe
  2⤵
  PID:1868
- C:\Windows\System\ExliiWP.exe
  C:\Windows\System\ExliiWP.exe
  2⤵
  PID:1596
- C:\Windows\System\IhDazXL.exe
  C:\Windows\System\IhDazXL.exe
  2⤵
  PID:2280
- C:\Windows\System\gvMVAtO.exe
  C:\Windows\System\gvMVAtO.exe
  2⤵
  PID:1608
- C:\Windows\System\mtYjobQ.exe
  C:\Windows\System\mtYjobQ.exe
  2⤵
  PID:2140
- C:\Windows\System\tfBoQpE.exe
  C:\Windows\System\tfBoQpE.exe
  2⤵
  PID:2956
- C:\Windows\System\mdefits.exe
  C:\Windows\System\mdefits.exe
  2⤵
  PID:2680
- C:\Windows\System\aUesFEB.exe
  C:\Windows\System\aUesFEB.exe
  2⤵
  PID:2188
- C:\Windows\System\HMSxIRo.exe
  C:\Windows\System\HMSxIRo.exe
  2⤵
  PID:2332
- C:\Windows\System\kyIKElu.exe
  C:\Windows\System\kyIKElu.exe
  2⤵
  PID:2704
- C:\Windows\System\yevUvZO.exe
  C:\Windows\System\yevUvZO.exe
  2⤵
  PID:860
- C:\Windows\System\JfOYWDO.exe
  C:\Windows\System\JfOYWDO.exe
  2⤵
  PID:2528
- C:\Windows\System\SSlCZbk.exe
  C:\Windows\System\SSlCZbk.exe
  2⤵
  PID:1380
- C:\Windows\System\ZBbhAEM.exe
  C:\Windows\System\ZBbhAEM.exe
  2⤵
  PID:628
- C:\Windows\System\pzYKOUZ.exe
  C:\Windows\System\pzYKOUZ.exe
  2⤵
  PID:1088
- C:\Windows\System\NoZKhqs.exe
  C:\Windows\System\NoZKhqs.exe
  2⤵
  PID:2836
- C:\Windows\System\XTNecQx.exe
  C:\Windows\System\XTNecQx.exe
  2⤵
  PID:2884
- C:\Windows\System\ecKLdlu.exe
  C:\Windows\System\ecKLdlu.exe
  2⤵
  PID:2852
- C:\Windows\System\ofIdMbM.exe
  C:\Windows\System\ofIdMbM.exe
  2⤵
  PID:2152
- C:\Windows\System\WfRHziK.exe
  C:\Windows\System\WfRHziK.exe
  2⤵
  PID:2652
- C:\Windows\System\KPsexaq.exe
  C:\Windows\System\KPsexaq.exe
  2⤵
  PID:1716
- C:\Windows\System\DELPpzQ.exe
  C:\Windows\System\DELPpzQ.exe
  2⤵
  PID:788
- C:\Windows\System\qUaOpUO.exe
  C:\Windows\System\qUaOpUO.exe
  2⤵
  PID:916
- C:\Windows\System\RFyDqIs.exe
  C:\Windows\System\RFyDqIs.exe
  2⤵
  PID:2900
- C:\Windows\System\DJlMTgm.exe
  C:\Windows\System\DJlMTgm.exe
  2⤵
  PID:1172
- C:\Windows\System\FblYzzf.exe
  C:\Windows\System\FblYzzf.exe
  2⤵
  PID:1432
- C:\Windows\System\eTBUurE.exe
  C:\Windows\System\eTBUurE.exe
  2⤵
  PID:1528
- C:\Windows\System\FdIWCxS.exe
  C:\Windows\System\FdIWCxS.exe
  2⤵
  PID:1828
- C:\Windows\System\gKdAMUP.exe
  C:\Windows\System\gKdAMUP.exe
  2⤵
  PID:2392
- C:\Windows\System\PltBQUc.exe
  C:\Windows\System\PltBQUc.exe
  2⤵
  PID:2580
- C:\Windows\System\OUgOlPp.exe
  C:\Windows\System\OUgOlPp.exe
  2⤵
  PID:2796
- C:\Windows\System\AbjTFAQ.exe
  C:\Windows\System\AbjTFAQ.exe
  2⤵
  PID:2344
- C:\Windows\System\DOeQtia.exe
  C:\Windows\System\DOeQtia.exe
  2⤵
  PID:3032
- C:\Windows\System\XfAaRFo.exe
  C:\Windows\System\XfAaRFo.exe
  2⤵
  PID:1648
- C:\Windows\System\jFQJTvK.exe
  C:\Windows\System\jFQJTvK.exe
  2⤵
  PID:1808
- C:\Windows\System\NnENANa.exe
  C:\Windows\System\NnENANa.exe
  2⤵
  PID:2288
- C:\Windows\System\CbwslpA.exe
  C:\Windows\System\CbwslpA.exe
  2⤵
  PID:2456
- C:\Windows\System\BTGINzq.exe
  C:\Windows\System\BTGINzq.exe
  2⤵
  PID:1872
- C:\Windows\System\YKNwZYG.exe
  C:\Windows\System\YKNwZYG.exe
  2⤵
  PID:2940
- C:\Windows\System\dGUmIxy.exe
  C:\Windows\System\dGUmIxy.exe
  2⤵
  PID:2912
- C:\Windows\System\FqEwJEN.exe
  C:\Windows\System\FqEwJEN.exe
  2⤵
  PID:608
- C:\Windows\System\OiGVdyg.exe
  C:\Windows\System\OiGVdyg.exe
  2⤵
  PID:2080
- C:\Windows\System\GEOvREK.exe
  C:\Windows\System\GEOvREK.exe
  2⤵
  PID:2788
- C:\Windows\System\KQOVObD.exe
  C:\Windows\System\KQOVObD.exe
  2⤵
  PID:2588
- C:\Windows\System\QNCPplO.exe
  C:\Windows\System\QNCPplO.exe
  2⤵
  PID:3080
- C:\Windows\System\TKrgZEk.exe
  C:\Windows\System\TKrgZEk.exe
  2⤵
  PID:3096
- C:\Windows\System\RUPxoLH.exe
  C:\Windows\System\RUPxoLH.exe
  2⤵
  PID:3112
- C:\Windows\System\iNPaRwM.exe
  C:\Windows\System\iNPaRwM.exe
  2⤵
  PID:3128
- C:\Windows\System\FCcLMVK.exe
  C:\Windows\System\FCcLMVK.exe
  2⤵
  PID:3144
- C:\Windows\System\QZsPXDk.exe
  C:\Windows\System\QZsPXDk.exe
  2⤵
  PID:3160
- C:\Windows\System\yDgSGGc.exe
  C:\Windows\System\yDgSGGc.exe
  2⤵
  PID:3176
- C:\Windows\System\PaxVTlc.exe
  C:\Windows\System\PaxVTlc.exe
  2⤵
  PID:3192
- C:\Windows\System\WPYynVt.exe
  C:\Windows\System\WPYynVt.exe
  2⤵
  PID:3208
- C:\Windows\System\dOLoJuU.exe
  C:\Windows\System\dOLoJuU.exe
  2⤵
  PID:3224
- C:\Windows\System\sgFLBZu.exe
  C:\Windows\System\sgFLBZu.exe
  2⤵
  PID:3240
- C:\Windows\System\ZsGOGax.exe
  C:\Windows\System\ZsGOGax.exe
  2⤵
  PID:3256
- C:\Windows\System\Pzrmvmy.exe
  C:\Windows\System\Pzrmvmy.exe
  2⤵
  PID:3272
- C:\Windows\System\gDFFbUt.exe
  C:\Windows\System\gDFFbUt.exe
  2⤵
  PID:3288
- C:\Windows\System\moxwEcs.exe
  C:\Windows\System\moxwEcs.exe
  2⤵
  PID:3304
- C:\Windows\System\lqhpBus.exe
  C:\Windows\System\lqhpBus.exe
  2⤵
  PID:3320
- C:\Windows\System\oPIVGMN.exe
  C:\Windows\System\oPIVGMN.exe
  2⤵
  PID:3336
- C:\Windows\System\YeCQNUk.exe
  C:\Windows\System\YeCQNUk.exe
  2⤵
  PID:3352
- C:\Windows\System\UKvjcOC.exe
  C:\Windows\System\UKvjcOC.exe
  2⤵
  PID:3368
- C:\Windows\System\LBEPvaC.exe
  C:\Windows\System\LBEPvaC.exe
  2⤵
  PID:3384
- C:\Windows\System\sLQtsMB.exe
  C:\Windows\System\sLQtsMB.exe
  2⤵
  PID:3400
- C:\Windows\System\DWvCxJi.exe
  C:\Windows\System\DWvCxJi.exe
  2⤵
  PID:3416
- C:\Windows\System\gBRhsFF.exe
  C:\Windows\System\gBRhsFF.exe
  2⤵
  PID:3432
- C:\Windows\System\WkEpdAY.exe
  C:\Windows\System\WkEpdAY.exe
  2⤵
  PID:3448
- C:\Windows\System\ulTvfZQ.exe
  C:\Windows\System\ulTvfZQ.exe
  2⤵
  PID:3464
- C:\Windows\System\ANZcrlP.exe
  C:\Windows\System\ANZcrlP.exe
  2⤵
  PID:3480
- C:\Windows\System\ROtdGkp.exe
  C:\Windows\System\ROtdGkp.exe
  2⤵
  PID:3496
- C:\Windows\System\mEzWiZN.exe
  C:\Windows\System\mEzWiZN.exe
  2⤵
  PID:3512
- C:\Windows\System\ysdpDsG.exe
  C:\Windows\System\ysdpDsG.exe
  2⤵
  PID:3528
- C:\Windows\System\vSwTOmF.exe
  C:\Windows\System\vSwTOmF.exe
  2⤵
  PID:3544
- C:\Windows\System\btdbtFe.exe
  C:\Windows\System\btdbtFe.exe
  2⤵
  PID:3560
- C:\Windows\System\WHDfJsW.exe
  C:\Windows\System\WHDfJsW.exe
  2⤵
  PID:3576
- C:\Windows\System\erZKMxP.exe
  C:\Windows\System\erZKMxP.exe
  2⤵
  PID:3592
- C:\Windows\System\KrIuusS.exe
  C:\Windows\System\KrIuusS.exe
  2⤵
  PID:3608
- C:\Windows\System\tFkJZMV.exe
  C:\Windows\System\tFkJZMV.exe
  2⤵
  PID:3624
- C:\Windows\System\Pkgfpro.exe
  C:\Windows\System\Pkgfpro.exe
  2⤵
  PID:3640
- C:\Windows\System\LwVItfq.exe
  C:\Windows\System\LwVItfq.exe
  2⤵
  PID:3656
- C:\Windows\System\uqodQXR.exe
  C:\Windows\System\uqodQXR.exe
  2⤵
  PID:3672
- C:\Windows\System\eLqefnL.exe
  C:\Windows\System\eLqefnL.exe
  2⤵
  PID:3688
- C:\Windows\System\DiGAKVl.exe
  C:\Windows\System\DiGAKVl.exe
  2⤵
  PID:3704
- C:\Windows\System\tKtbcWB.exe
  C:\Windows\System\tKtbcWB.exe
  2⤵
  PID:3720
- C:\Windows\System\NHIbHvp.exe
  C:\Windows\System\NHIbHvp.exe
  2⤵
  PID:3736
- C:\Windows\System\DQAStlG.exe
  C:\Windows\System\DQAStlG.exe
  2⤵
  PID:3752
- C:\Windows\System\wqGyPVz.exe
  C:\Windows\System\wqGyPVz.exe
  2⤵
  PID:3768
- C:\Windows\System\hzLLGzn.exe
  C:\Windows\System\hzLLGzn.exe
  2⤵
  PID:3788
- C:\Windows\System\KlXuhWd.exe
  C:\Windows\System\KlXuhWd.exe
  2⤵
  PID:3804
- C:\Windows\System\xzQBzRW.exe
  C:\Windows\System\xzQBzRW.exe
  2⤵
  PID:3820
- C:\Windows\System\tJeDhRt.exe
  C:\Windows\System\tJeDhRt.exe
  2⤵
  PID:3836
- C:\Windows\System\BRGFSfM.exe
  C:\Windows\System\BRGFSfM.exe
  2⤵
  PID:3852
- C:\Windows\System\JKrIfun.exe
  C:\Windows\System\JKrIfun.exe
  2⤵
  PID:3868
- C:\Windows\System\PGTfEVx.exe
  C:\Windows\System\PGTfEVx.exe
  2⤵
  PID:3884
- C:\Windows\System\fbGZWGN.exe
  C:\Windows\System\fbGZWGN.exe
  2⤵
  PID:3900
- C:\Windows\System\BcTdIkl.exe
  C:\Windows\System\BcTdIkl.exe
  2⤵
  PID:3916
- C:\Windows\System\EbbFqQB.exe
  C:\Windows\System\EbbFqQB.exe
  2⤵
  PID:3932
- C:\Windows\System\kbheCzg.exe
  C:\Windows\System\kbheCzg.exe
  2⤵
  PID:3948
- C:\Windows\System\hyIBfHl.exe
  C:\Windows\System\hyIBfHl.exe
  2⤵
  PID:3964
- C:\Windows\System\qoZBGwX.exe
  C:\Windows\System\qoZBGwX.exe
  2⤵
  PID:3980
- C:\Windows\System\fhTJtwz.exe
  C:\Windows\System\fhTJtwz.exe
  2⤵
  PID:3996
- C:\Windows\System\zTDvehj.exe
  C:\Windows\System\zTDvehj.exe
  2⤵
  PID:4012
- C:\Windows\System\WrBWLkO.exe
  C:\Windows\System\WrBWLkO.exe
  2⤵
  PID:4028
- C:\Windows\System\sgaGmtT.exe
  C:\Windows\System\sgaGmtT.exe
  2⤵
  PID:4044
- C:\Windows\System\oewnMQe.exe
  C:\Windows\System\oewnMQe.exe
  2⤵
  PID:4060
- C:\Windows\System\hmVefkc.exe
  C:\Windows\System\hmVefkc.exe
  2⤵
  PID:4076
- C:\Windows\System\LRMeeqj.exe
  C:\Windows\System\LRMeeqj.exe
  2⤵
  PID:4092
- C:\Windows\System\WoHWPnz.exe
  C:\Windows\System\WoHWPnz.exe
  2⤵
  PID:1296
- C:\Windows\System\QhXQVvW.exe
  C:\Windows\System\QhXQVvW.exe
  2⤵
  PID:1988
- C:\Windows\System\cRbqFKd.exe
  C:\Windows\System\cRbqFKd.exe
  2⤵
  PID:1392
- C:\Windows\System\fdcDthn.exe
  C:\Windows\System\fdcDthn.exe
  2⤵
  PID:2212
- C:\Windows\System\ozhZBtB.exe
  C:\Windows\System\ozhZBtB.exe
  2⤵
  PID:2428
- C:\Windows\System\qdyhZJp.exe
  C:\Windows\System\qdyhZJp.exe
  2⤵
  PID:3076
- C:\Windows\System\IIStvsc.exe
  C:\Windows\System\IIStvsc.exe
  2⤵
  PID:3108
- C:\Windows\System\FAShwbB.exe
  C:\Windows\System\FAShwbB.exe
  2⤵
  PID:3140
- C:\Windows\System\xrfdfHv.exe
  C:\Windows\System\xrfdfHv.exe
  2⤵
  PID:3172
- C:\Windows\System\mMeofTH.exe
  C:\Windows\System\mMeofTH.exe
  2⤵
  PID:3204
- C:\Windows\System\Wddnpgm.exe
  C:\Windows\System\Wddnpgm.exe
  2⤵
  PID:3236
- C:\Windows\System\dvSPJlV.exe
  C:\Windows\System\dvSPJlV.exe
  2⤵
  PID:3268
- C:\Windows\System\eXsYkEv.exe
  C:\Windows\System\eXsYkEv.exe
  2⤵
  PID:3300
- C:\Windows\System\ieFYFFS.exe
  C:\Windows\System\ieFYFFS.exe
  2⤵
  PID:3332
- C:\Windows\System\TDGbpnQ.exe
  C:\Windows\System\TDGbpnQ.exe
  2⤵
  PID:3364
- C:\Windows\System\BLCXlnO.exe
  C:\Windows\System\BLCXlnO.exe
  2⤵
  PID:3396
- C:\Windows\System\AFZQfzs.exe
  C:\Windows\System\AFZQfzs.exe
  2⤵
  PID:3428
- C:\Windows\System\rtPKqhD.exe
  C:\Windows\System\rtPKqhD.exe
  2⤵
  PID:3460
- C:\Windows\System\XjqnyID.exe
  C:\Windows\System\XjqnyID.exe
  2⤵
  PID:3492
- C:\Windows\System\QcppbQQ.exe
  C:\Windows\System\QcppbQQ.exe
  2⤵
  PID:3524
- C:\Windows\System\RAjHXDv.exe
  C:\Windows\System\RAjHXDv.exe
  2⤵
  PID:3556
- C:\Windows\System\eojUZfd.exe
  C:\Windows\System\eojUZfd.exe
  2⤵
  PID:3036
- C:\Windows\System\ZoBkhTX.exe
  C:\Windows\System\ZoBkhTX.exe
  2⤵
  PID:3604
- C:\Windows\System\caAkyJQ.exe
  C:\Windows\System\caAkyJQ.exe
  2⤵
  PID:3648
- C:\Windows\System\yyStEmi.exe
  C:\Windows\System\yyStEmi.exe
  2⤵
  PID:3680
- C:\Windows\System\NmbdaQK.exe
  C:\Windows\System\NmbdaQK.exe
  2⤵
  PID:3712
- C:\Windows\System\DkRqBOq.exe
  C:\Windows\System\DkRqBOq.exe
  2⤵
  PID:3732
- C:\Windows\System\kfUVPSZ.exe
  C:\Windows\System\kfUVPSZ.exe
  2⤵
  PID:3776
- C:\Windows\System\rHuAOUN.exe
  C:\Windows\System\rHuAOUN.exe
  2⤵
  PID:3812
- C:\Windows\System\NGQKyqW.exe
  C:\Windows\System\NGQKyqW.exe
  2⤵
  PID:3848
- C:\Windows\System\ljduWNX.exe
  C:\Windows\System\ljduWNX.exe
  2⤵
  PID:3880
- C:\Windows\System\HlbxGpR.exe
  C:\Windows\System\HlbxGpR.exe
  2⤵
  PID:3912
- C:\Windows\System\JRWkRTt.exe
  C:\Windows\System\JRWkRTt.exe
  2⤵
  PID:3944
- C:\Windows\System\okbIWhd.exe
  C:\Windows\System\okbIWhd.exe
  2⤵
  PID:3976
- C:\Windows\System\WdkRtrf.exe
  C:\Windows\System\WdkRtrf.exe
  2⤵
  PID:4008
- C:\Windows\System\bMzLYwt.exe
  C:\Windows\System\bMzLYwt.exe
  2⤵
  PID:4040
- C:\Windows\System\NsfONLs.exe
  C:\Windows\System\NsfONLs.exe
  2⤵
  PID:4072
- C:\Windows\System\lUqKJor.exe
  C:\Windows\System\lUqKJor.exe
  2⤵
  PID:1052
- C:\Windows\System\NCQvVAv.exe
  C:\Windows\System\NCQvVAv.exe
  2⤵
  PID:956
- C:\Windows\System\yiQTWgH.exe
  C:\Windows\System\yiQTWgH.exe
  2⤵
  PID:2292
- C:\Windows\System\fafzxFC.exe
  C:\Windows\System\fafzxFC.exe
  2⤵
  PID:3104
- C:\Windows\System\wJcjpwq.exe
  C:\Windows\System\wJcjpwq.exe
  2⤵
  PID:3168
- C:\Windows\System\IVyHKhR.exe
  C:\Windows\System\IVyHKhR.exe
  2⤵
  PID:3232
- C:\Windows\System\NXxdfnb.exe
  C:\Windows\System\NXxdfnb.exe
  2⤵
  PID:3296
- C:\Windows\System\FrPjtIV.exe
  C:\Windows\System\FrPjtIV.exe
  2⤵
  PID:3360
- C:\Windows\System\XNhDUcc.exe
  C:\Windows\System\XNhDUcc.exe
  2⤵
  PID:3412
- C:\Windows\System\dpDsfRm.exe
  C:\Windows\System\dpDsfRm.exe
  2⤵
  PID:3488
- C:\Windows\System\txxmVvn.exe
  C:\Windows\System\txxmVvn.exe
  2⤵
  PID:3540
- C:\Windows\System\ziQTtWo.exe
  C:\Windows\System\ziQTtWo.exe
  2⤵
  PID:3616
- C:\Windows\System\lSjAKtX.exe
  C:\Windows\System\lSjAKtX.exe
  2⤵
  PID:3636
- C:\Windows\System\LmKeZnH.exe
  C:\Windows\System\LmKeZnH.exe
  2⤵
  PID:3728
- C:\Windows\System\HpEfiZW.exe
  C:\Windows\System\HpEfiZW.exe
  2⤵
  PID:3796
- C:\Windows\System\BhzeDEd.exe
  C:\Windows\System\BhzeDEd.exe
  2⤵
  PID:3896
- C:\Windows\System\BvjahOF.exe
  C:\Windows\System\BvjahOF.exe
  2⤵
  PID:3092
- C:\Windows\System\TMhYlBD.exe
  C:\Windows\System\TMhYlBD.exe
  2⤵
  PID:3220
- C:\Windows\System\AehaQED.exe
  C:\Windows\System\AehaQED.exe
  2⤵
  PID:3476
- C:\Windows\System\GJXwPnV.exe
  C:\Windows\System\GJXwPnV.exe
  2⤵
  PID:4496
- C:\Windows\System\TyOmETJ.exe
  C:\Windows\System\TyOmETJ.exe
  2⤵
  PID:4520
- C:\Windows\System\pKFAZQv.exe
  C:\Windows\System\pKFAZQv.exe
  2⤵
  PID:4536
- C:\Windows\System\kUIHBgf.exe
  C:\Windows\System\kUIHBgf.exe
  2⤵
  PID:4556
- C:\Windows\System\msjgzQK.exe
  C:\Windows\System\msjgzQK.exe
  2⤵
  PID:4580
- C:\Windows\System\KrrLQOq.exe
  C:\Windows\System\KrrLQOq.exe
  2⤵
  PID:4608
- C:\Windows\System\KkOZYFs.exe
  C:\Windows\System\KkOZYFs.exe
  2⤵
  PID:4756
- C:\Windows\System\YjvkUVN.exe
  C:\Windows\System\YjvkUVN.exe
  2⤵
  PID:4832
- C:\Windows\System\YhEvLQW.exe
  C:\Windows\System\YhEvLQW.exe
  2⤵
  PID:4892
- C:\Windows\System\zHtjzWl.exe
  C:\Windows\System\zHtjzWl.exe
  2⤵
  PID:4224
- C:\Windows\System\uQTydNs.exe
  C:\Windows\System\uQTydNs.exe
  2⤵
  PID:4240
- C:\Windows\System\uBYEYbi.exe
  C:\Windows\System\uBYEYbi.exe
  2⤵
  PID:4264
- C:\Windows\System\MfQfcGB.exe
  C:\Windows\System\MfQfcGB.exe
  2⤵
  PID:4284
- C:\Windows\System\emtEUBA.exe
  C:\Windows\System\emtEUBA.exe
  2⤵
  PID:4308
- C:\Windows\System\wpnEDnE.exe
  C:\Windows\System\wpnEDnE.exe
  2⤵
  PID:4328
- C:\Windows\System\XHALfpk.exe
  C:\Windows\System\XHALfpk.exe
  2⤵
  PID:4348
- C:\Windows\System\oALNYzb.exe
  C:\Windows\System\oALNYzb.exe
  2⤵
  PID:4372
- C:\Windows\System\cirUdtq.exe
  C:\Windows\System\cirUdtq.exe
  2⤵
  PID:4392
- C:\Windows\System\TuCSIJk.exe
  C:\Windows\System\TuCSIJk.exe
  2⤵
  PID:4412
- C:\Windows\System\WmMkDWJ.exe
  C:\Windows\System\WmMkDWJ.exe
  2⤵
  PID:4432
- C:\Windows\System\qZPWNXt.exe
  C:\Windows\System\qZPWNXt.exe
  2⤵
  PID:4452
- C:\Windows\System\fmOulAN.exe
  C:\Windows\System\fmOulAN.exe
  2⤵
  PID:4472
- C:\Windows\System\bBOlBze.exe
  C:\Windows\System\bBOlBze.exe
  2⤵
  PID:4368
- C:\Windows\System\sYvDSvY.exe
  C:\Windows\System\sYvDSvY.exe
  2⤵
  PID:4512
- C:\Windows\System\fvIxhEN.exe
  C:\Windows\System\fvIxhEN.exe
  2⤵
  PID:4596
- C:\Windows\System\nrCjein.exe
  C:\Windows\System\nrCjein.exe
  2⤵
  PID:4548
- C:\Windows\System\ByqpGVf.exe
  C:\Windows\System\ByqpGVf.exe
  2⤵
  PID:4644
- C:\Windows\System\nOoHXUQ.exe
  C:\Windows\System\nOoHXUQ.exe
  2⤵
  PID:4664
- C:\Windows\System\jpYsOvV.exe
  C:\Windows\System\jpYsOvV.exe
  2⤵
  PID:4768
- C:\Windows\System\pATHfJB.exe
  C:\Windows\System\pATHfJB.exe
  2⤵
  PID:4696
- C:\Windows\System\NnMAtzr.exe
  C:\Windows\System\NnMAtzr.exe
  2⤵
  PID:4716
- C:\Windows\System\mQltuSv.exe
  C:\Windows\System\mQltuSv.exe
  2⤵
  PID:4736
- C:\Windows\System\xobZDvw.exe
  C:\Windows\System\xobZDvw.exe
  2⤵
  PID:4632
- C:\Windows\System\TzcWFfK.exe
  C:\Windows\System\TzcWFfK.exe
  2⤵
  PID:4796
- C:\Windows\System\MjeAYzd.exe
  C:\Windows\System\MjeAYzd.exe
  2⤵
  PID:4816
- C:\Windows\System\rxCFzpC.exe
  C:\Windows\System\rxCFzpC.exe
  2⤵
  PID:4840
- C:\Windows\System\ttfIUxA.exe
  C:\Windows\System\ttfIUxA.exe
  2⤵
  PID:4860
- C:\Windows\System\vkYrnxO.exe
  C:\Windows\System\vkYrnxO.exe
  2⤵
  PID:4888
- C:\Windows\System\kosFjTh.exe
  C:\Windows\System\kosFjTh.exe
  2⤵
  PID:4928
- C:\Windows\System\DYEhwxL.exe
  C:\Windows\System\DYEhwxL.exe
  2⤵
  PID:4952
- C:\Windows\System\FooYYTu.exe
  C:\Windows\System\FooYYTu.exe
  2⤵
  PID:4972
- C:\Windows\System\svZOzzk.exe
  C:\Windows\System\svZOzzk.exe
  2⤵
  PID:4992
- C:\Windows\System\CdIsUQk.exe
  C:\Windows\System\CdIsUQk.exe
  2⤵
  PID:5012
- C:\Windows\System\hLHMbni.exe
  C:\Windows\System\hLHMbni.exe
  2⤵
  PID:5028
- C:\Windows\System\YzQMQxG.exe
  C:\Windows\System\YzQMQxG.exe
  2⤵
  PID:5048
- C:\Windows\System\zzFgnMb.exe
  C:\Windows\System\zzFgnMb.exe
  2⤵
  PID:5068
- C:\Windows\System\ygHozuj.exe
  C:\Windows\System\ygHozuj.exe
  2⤵
  PID:5088
- C:\Windows\System\aPOJMNY.exe
  C:\Windows\System\aPOJMNY.exe
  2⤵
  PID:5108
- C:\Windows\System\WUhoTLC.exe
  C:\Windows\System\WUhoTLC.exe
  2⤵
  PID:3424
- C:\Windows\System\FCOTHrI.exe
  C:\Windows\System\FCOTHrI.exe
  2⤵
  PID:2668
- C:\Windows\System\hUJDuEr.exe
  C:\Windows\System\hUJDuEr.exe
  2⤵
  PID:3200
- C:\Windows\System\oDOUQuj.exe
  C:\Windows\System\oDOUQuj.exe
  2⤵
  PID:4228
- C:\Windows\System\yPmLndo.exe
  C:\Windows\System\yPmLndo.exe
  2⤵
  PID:4112
- C:\Windows\System\MaQWpdT.exe
  C:\Windows\System\MaQWpdT.exe
  2⤵
  PID:4132
- C:\Windows\System\ALbmXuV.exe
  C:\Windows\System\ALbmXuV.exe
  2⤵
  PID:4156
- C:\Windows\System\YvQLvBg.exe
  C:\Windows\System\YvQLvBg.exe
  2⤵
  PID:4176
- C:\Windows\System\EnHnmbq.exe
  C:\Windows\System\EnHnmbq.exe
  2⤵
  PID:4196
- C:\Windows\System\mKlogRX.exe
  C:\Windows\System\mKlogRX.exe
  2⤵
  PID:4232
- C:\Windows\System\nHaosLw.exe
  C:\Windows\System\nHaosLw.exe
  2⤵
  PID:4276
- C:\Windows\System\BnttChn.exe
  C:\Windows\System\BnttChn.exe
  2⤵
  PID:4316
- C:\Windows\System\DtNbyVl.exe
  C:\Windows\System\DtNbyVl.exe
  2⤵
  PID:2560
- C:\Windows\System\CpjdODH.exe
  C:\Windows\System\CpjdODH.exe
  2⤵
  PID:1384
- C:\Windows\System\XETBrXz.exe
  C:\Windows\System\XETBrXz.exe
  2⤵
  PID:4408
- C:\Windows\System\IouSKUM.exe
  C:\Windows\System\IouSKUM.exe
  2⤵
  PID:4388
- C:\Windows\System\lQZZrVS.exe
  C:\Windows\System\lQZZrVS.exe
  2⤵
  PID:4420
- C:\Windows\System\YllHyPX.exe
  C:\Windows\System\YllHyPX.exe
  2⤵
  PID:1628
- C:\Windows\System\mGEUGvh.exe
  C:\Windows\System\mGEUGvh.exe
  2⤵
  PID:4468
- C:\Windows\System\gEytPZI.exe
  C:\Windows\System\gEytPZI.exe
  2⤵
  PID:2444
- C:\Windows\System\lwGaDLq.exe
  C:\Windows\System\lwGaDLq.exe
  2⤵
  PID:2240
- C:\Windows\System\UlWubrB.exe
  C:\Windows\System\UlWubrB.exe
  2⤵
  PID:1616
- C:\Windows\System\RBHoAvj.exe
  C:\Windows\System\RBHoAvj.exe
  2⤵
  PID:1124
- C:\Windows\System\omzlbKu.exe
  C:\Windows\System\omzlbKu.exe
  2⤵
  PID:4692
- C:\Windows\System\ZKaCIMF.exe
  C:\Windows\System\ZKaCIMF.exe
  2⤵
  PID:4748
- C:\Windows\System\AdbjRLB.exe
  C:\Windows\System\AdbjRLB.exe
  2⤵
  PID:4724
- C:\Windows\System\oTscmOf.exe
  C:\Windows\System\oTscmOf.exe
  2⤵
  PID:4780
- C:\Windows\System\zHmpHzi.exe
  C:\Windows\System\zHmpHzi.exe
  2⤵
  PID:4856
- C:\Windows\System\qlyVoUl.exe
  C:\Windows\System\qlyVoUl.exe
  2⤵
  PID:4916
- C:\Windows\System\DsQlyZu.exe
  C:\Windows\System\DsQlyZu.exe
  2⤵
  PID:4880
- C:\Windows\System\eBKIHMh.exe
  C:\Windows\System\eBKIHMh.exe
  2⤵
  PID:4964
- C:\Windows\System\YuSwUDD.exe
  C:\Windows\System\YuSwUDD.exe
  2⤵
  PID:5000
- C:\Windows\System\aiccfbm.exe
  C:\Windows\System\aiccfbm.exe
  2⤵
  PID:4980
- C:\Windows\System\TSbknIL.exe
  C:\Windows\System\TSbknIL.exe
  2⤵
  PID:5040
- C:\Windows\System\XObjoNR.exe
  C:\Windows\System\XObjoNR.exe
  2⤵
  PID:5116
- C:\Windows\System\CrJKVsN.exe
  C:\Windows\System\CrJKVsN.exe
  2⤵
  PID:3264
- C:\Windows\System\JWWkpHU.exe
  C:\Windows\System\JWWkpHU.exe
  2⤵
  PID:3552
- C:\Windows\System\kArijzr.exe
  C:\Windows\System\kArijzr.exe
  2⤵
  PID:3444
- C:\Windows\System\MbQPJBQ.exe
  C:\Windows\System\MbQPJBQ.exe
  2⤵
  PID:4108
- C:\Windows\System\jHhtJGj.exe
  C:\Windows\System\jHhtJGj.exe
  2⤵
  PID:4124
- C:\Windows\System\CDrNFJA.exe
  C:\Windows\System\CDrNFJA.exe
  2⤵
  PID:4188
- C:\Windows\System\VsYhLxE.exe
  C:\Windows\System\VsYhLxE.exe
  2⤵
  PID:2660
- C:\Windows\System\exeJflN.exe
  C:\Windows\System\exeJflN.exe
  2⤵
  PID:4236
- C:\Windows\System\gsuljAE.exe
  C:\Windows\System\gsuljAE.exe
  2⤵
  PID:4300
- C:\Windows\System\AVAxsJL.exe
  C:\Windows\System\AVAxsJL.exe
  2⤵
  PID:4340
- C:\Windows\System\wULdXmh.exe
  C:\Windows\System\wULdXmh.exe
  2⤵
  PID:2508
- C:\Windows\System\GYCbNQX.exe
  C:\Windows\System\GYCbNQX.exe
  2⤵
  PID:1760
- C:\Windows\System\HYzzXmV.exe
  C:\Windows\System\HYzzXmV.exe
  2⤵
  PID:3696
- C:\Windows\System\UwrnTGb.exe
  C:\Windows\System\UwrnTGb.exe
  2⤵
  PID:1956
- C:\Windows\System\wqAPXPL.exe
  C:\Windows\System\wqAPXPL.exe
  2⤵
  PID:2132
- C:\Windows\System\yvcEucf.exe
  C:\Windows\System\yvcEucf.exe
  2⤵
  PID:2340
- C:\Windows\System\zTkQHVM.exe
  C:\Windows\System\zTkQHVM.exe
  2⤵
  PID:2976
- C:\Windows\System\VKRZqDw.exe
  C:\Windows\System\VKRZqDw.exe
  2⤵
  PID:4484
- C:\Windows\System\lOWHaPg.exe
  C:\Windows\System\lOWHaPg.exe
  2⤵
  PID:4576
- C:\Windows\System\mVyJsyH.exe
  C:\Windows\System\mVyJsyH.exe
  2⤵
  PID:4604
- C:\Windows\System\fzuuQUj.exe
  C:\Windows\System\fzuuQUj.exe
  2⤵
  PID:4660
- C:\Windows\System\TcSSIvO.exe
  C:\Windows\System\TcSSIvO.exe
  2⤵
  PID:2764
- C:\Windows\System\KSWDzmY.exe
  C:\Windows\System\KSWDzmY.exe
  2⤵
  PID:2232
- C:\Windows\System\RTeNrNQ.exe
  C:\Windows\System\RTeNrNQ.exe
  2⤵
  PID:4804
- C:\Windows\System\gtXxmPI.exe
  C:\Windows\System\gtXxmPI.exe
  2⤵
  PID:4904
- C:\Windows\System\cWrzQLI.exe
  C:\Windows\System\cWrzQLI.exe
  2⤵
  PID:5056
- C:\Windows\System\mIVQbom.exe
  C:\Windows\System\mIVQbom.exe
  2⤵
  PID:4808
- C:\Windows\System\QGWONFg.exe
  C:\Windows\System\QGWONFg.exe
  2⤵
  PID:4876
- C:\Windows\System\ZVkcciY.exe
  C:\Windows\System\ZVkcciY.exe
  2⤵
  PID:5060
- C:\Windows\System\kmscKos.exe
  C:\Windows\System\kmscKos.exe
  2⤵
  PID:3520
- C:\Windows\System\DKzbQvP.exe
  C:\Windows\System\DKzbQvP.exe
  2⤵
  PID:4152
- C:\Windows\System\VwsBCiP.exe
  C:\Windows\System\VwsBCiP.exe
  2⤵
  PID:2544
- C:\Windows\System\kiSQrek.exe
  C:\Windows\System\kiSQrek.exe
  2⤵
  PID:4272
- C:\Windows\System\eWnMNDH.exe
  C:\Windows\System\eWnMNDH.exe
  2⤵
  PID:4320
- C:\Windows\System\ZcvnXRs.exe
  C:\Windows\System\ZcvnXRs.exe
  2⤵
  PID:4336
- C:\Windows\System\vwfYSAu.exe
  C:\Windows\System\vwfYSAu.exe
  2⤵
  PID:1952
- C:\Windows\System\fzkqDmP.exe
  C:\Windows\System\fzkqDmP.exe
  2⤵
  PID:1388
- C:\Windows\System\ZNGCVLL.exe
  C:\Windows\System\ZNGCVLL.exe
  2⤵
  PID:2396
- C:\Windows\System\tRjEWLA.exe
  C:\Windows\System\tRjEWLA.exe
  2⤵
  PID:2744
- C:\Windows\System\HFGvgPH.exe
  C:\Windows\System\HFGvgPH.exe
  2⤵
  PID:4764
- C:\Windows\System\BsMnCaZ.exe
  C:\Windows\System\BsMnCaZ.exe
  2⤵
  PID:4744
- C:\Windows\System\CgGxcrK.exe
  C:\Windows\System\CgGxcrK.exe
  2⤵
  PID:3008
- C:\Windows\System\GYcKVww.exe
  C:\Windows\System\GYcKVww.exe
  2⤵
  PID:4460
- C:\Windows\System\BjsDIiL.exe
  C:\Windows\System\BjsDIiL.exe
  2⤵
  PID:5020
- C:\Windows\System\TOMEacj.exe
  C:\Windows\System\TOMEacj.exe
  2⤵
  PID:536
- C:\Windows\System\kAxwkqV.exe
  C:\Windows\System\kAxwkqV.exe
  2⤵
  PID:5096
- C:\Windows\System\bUBcMEW.exe
  C:\Windows\System\bUBcMEW.exe
  2⤵
  PID:3136
- C:\Windows\System\vnQVYpu.exe
  C:\Windows\System\vnQVYpu.exe
  2⤵
  PID:4296
- C:\Windows\System\tDHKZgK.exe
  C:\Windows\System\tDHKZgK.exe
  2⤵
  PID:4480
- C:\Windows\System\tnUYvci.exe
  C:\Windows\System\tnUYvci.exe
  2⤵
  PID:4448
- C:\Windows\System\lcdWHHT.exe
  C:\Windows\System\lcdWHHT.exe
  2⤵
  PID:4812
- C:\Windows\System\JMWfxTg.exe
  C:\Windows\System\JMWfxTg.exe
  2⤵
  PID:4088
- C:\Windows\System\gLToMXO.exe
  C:\Windows\System\gLToMXO.exe
  2⤵
  PID:4252
- C:\Windows\System\FBornkZ.exe
  C:\Windows\System\FBornkZ.exe
  2⤵
  PID:2020
- C:\Windows\System\OxmDfBh.exe
  C:\Windows\System\OxmDfBh.exe
  2⤵
  PID:5024
- C:\Windows\System\VvVIJmw.exe
  C:\Windows\System\VvVIJmw.exe
  2⤵
  PID:5064
- C:\Windows\System\tlfuxvW.exe
  C:\Windows\System\tlfuxvW.exe
  2⤵
  PID:5084
- C:\Windows\System\ezroLnL.exe
  C:\Windows\System\ezroLnL.exe
  2⤵
  PID:3828
- C:\Windows\System\PXstIIG.exe
  C:\Windows\System\PXstIIG.exe
  2⤵
  PID:1056
- C:\Windows\System\dUHDHOe.exe
  C:\Windows\System\dUHDHOe.exe
  2⤵
  PID:4684
- C:\Windows\System\tPpenjX.exe
  C:\Windows\System\tPpenjX.exe
  2⤵
  PID:4384
- C:\Windows\System\MRdoUaY.exe
  C:\Windows\System\MRdoUaY.exe
  2⤵
  PID:3328
- C:\Windows\System\hWtAQQI.exe
  C:\Windows\System\hWtAQQI.exe
  2⤵
  PID:5100
- C:\Windows\System\XORGthR.exe
  C:\Windows\System\XORGthR.exe
  2⤵
  PID:5044
- C:\Windows\System\LAUvTeG.exe
  C:\Windows\System\LAUvTeG.exe
  2⤵
  PID:1208
- C:\Windows\System\NzySZUH.exe
  C:\Windows\System\NzySZUH.exe
  2⤵
  PID:1948
- C:\Windows\System\ciJYaMn.exe
  C:\Windows\System\ciJYaMn.exe
  2⤵
  PID:4828
- C:\Windows\System\WkABccv.exe
  C:\Windows\System\WkABccv.exe
  2⤵
  PID:4960
- C:\Windows\System\SLbGFJC.exe
  C:\Windows\System\SLbGFJC.exe
  2⤵
  PID:5136
- C:\Windows\System\QEODSpP.exe
  C:\Windows\System\QEODSpP.exe
  2⤵
  PID:5156
- C:\Windows\System\VMxfeBR.exe
  C:\Windows\System\VMxfeBR.exe
  2⤵
  PID:5176
- C:\Windows\System\AGGgfwW.exe
  C:\Windows\System\AGGgfwW.exe
  2⤵
  PID:5204
- C:\Windows\System\ucKLyuk.exe
  C:\Windows\System\ucKLyuk.exe
  2⤵
  PID:5220
- C:\Windows\System\eLujiXD.exe
  C:\Windows\System\eLujiXD.exe
  2⤵
  PID:5236
- C:\Windows\System\eFMGMlD.exe
  C:\Windows\System\eFMGMlD.exe
  2⤵
  PID:5252
- C:\Windows\System\IZyXgun.exe
  C:\Windows\System\IZyXgun.exe
  2⤵
  PID:5272
- C:\Windows\System\cuRgiBt.exe
  C:\Windows\System\cuRgiBt.exe
  2⤵
  PID:5296
- C:\Windows\System\zQxDthO.exe
  C:\Windows\System\zQxDthO.exe
  2⤵
  PID:5312
- C:\Windows\System\dkCAFtU.exe
  C:\Windows\System\dkCAFtU.exe
  2⤵
  PID:5332
- C:\Windows\System\XpunRrb.exe
  C:\Windows\System\XpunRrb.exe
  2⤵
  PID:5360
- C:\Windows\System\afIHeKD.exe
  C:\Windows\System\afIHeKD.exe
  2⤵
  PID:5380
- C:\Windows\System\yqbxIac.exe
  C:\Windows\System\yqbxIac.exe
  2⤵
  PID:5396
- C:\Windows\System\OGoovdi.exe
  C:\Windows\System\OGoovdi.exe
  2⤵
  PID:5412
- C:\Windows\System\lkeUgOq.exe
  C:\Windows\System\lkeUgOq.exe
  2⤵
  PID:5428
- C:\Windows\System\qMtqiiq.exe
  C:\Windows\System\qMtqiiq.exe
  2⤵
  PID:5444
- C:\Windows\System\qRFCGas.exe
  C:\Windows\System\qRFCGas.exe
  2⤵
  PID:5464
- C:\Windows\System\BYNFjHg.exe
  C:\Windows\System\BYNFjHg.exe
  2⤵
  PID:5484
- C:\Windows\System\cKLkpJz.exe
  C:\Windows\System\cKLkpJz.exe
  2⤵
  PID:5504
- C:\Windows\System\lqZOYTX.exe
  C:\Windows\System\lqZOYTX.exe
  2⤵
  PID:5520
- C:\Windows\System\jvhtLfw.exe
  C:\Windows\System\jvhtLfw.exe
  2⤵
  PID:5540
- C:\Windows\System\fedHJek.exe
  C:\Windows\System\fedHJek.exe
  2⤵
  PID:5564
- C:\Windows\System\EuWYPWm.exe
  C:\Windows\System\EuWYPWm.exe
  2⤵
  PID:5608
- C:\Windows\System\wgUJdmy.exe
  C:\Windows\System\wgUJdmy.exe
  2⤵
  PID:5624
- C:\Windows\System\VqrlkVq.exe
  C:\Windows\System\VqrlkVq.exe
  2⤵
  PID:5664
- C:\Windows\System\vtTXxfW.exe
  C:\Windows\System\vtTXxfW.exe
  2⤵
  PID:5684
- C:\Windows\System\RcNFtXe.exe
  C:\Windows\System\RcNFtXe.exe
  2⤵
  PID:5704
- C:\Windows\System\SxVnHIh.exe
  C:\Windows\System\SxVnHIh.exe
  2⤵
  PID:5724
- C:\Windows\System\OkHoLnO.exe
  C:\Windows\System\OkHoLnO.exe
  2⤵
  PID:5748
- C:\Windows\System\hnnKrMc.exe
  C:\Windows\System\hnnKrMc.exe
  2⤵
  PID:5764
- C:\Windows\System\xRZbhDv.exe
  C:\Windows\System\xRZbhDv.exe
  2⤵
  PID:5780
- C:\Windows\System\ZLlUoyE.exe
  C:\Windows\System\ZLlUoyE.exe
  2⤵
  PID:5800
- C:\Windows\System\ZlynZrP.exe
  C:\Windows\System\ZlynZrP.exe
  2⤵
  PID:5816
- C:\Windows\System\lXecoJu.exe
  C:\Windows\System\lXecoJu.exe
  2⤵
  PID:5832
- C:\Windows\System\iEDMqeF.exe
  C:\Windows\System\iEDMqeF.exe
  2⤵
  PID:5860
- C:\Windows\System\aoSZtUc.exe
  C:\Windows\System\aoSZtUc.exe
  2⤵
  PID:5876
- C:\Windows\System\TyGeuuc.exe
  C:\Windows\System\TyGeuuc.exe
  2⤵
  PID:5900
- C:\Windows\System\aoNFpfT.exe
  C:\Windows\System\aoNFpfT.exe
  2⤵
  PID:5932
- C:\Windows\System\gWwgyHk.exe
  C:\Windows\System\gWwgyHk.exe
  2⤵
  PID:5952
- C:\Windows\System\FCWgYOx.exe
  C:\Windows\System\FCWgYOx.exe
  2⤵
  PID:5972
- C:\Windows\System\KUAxXDn.exe
  C:\Windows\System\KUAxXDn.exe
  2⤵
  PID:5988
- C:\Windows\System\fuBxueF.exe
  C:\Windows\System\fuBxueF.exe
  2⤵
  PID:6004
- C:\Windows\System\wlUFUCW.exe
  C:\Windows\System\wlUFUCW.exe
  2⤵
  PID:6024
- C:\Windows\System\dtavOjp.exe
  C:\Windows\System\dtavOjp.exe
  2⤵
  PID:6040
- C:\Windows\System\LZdjKuT.exe
  C:\Windows\System\LZdjKuT.exe
  2⤵
  PID:6060
- C:\Windows\System\aRpZYmA.exe
  C:\Windows\System\aRpZYmA.exe
  2⤵
  PID:6076
- C:\Windows\System\DPIzxvJ.exe
  C:\Windows\System\DPIzxvJ.exe
  2⤵
  PID:6092
- C:\Windows\System\bMQVTyA.exe
  C:\Windows\System\bMQVTyA.exe
  2⤵
  PID:6108
- C:\Windows\System\FpDSgGh.exe
  C:\Windows\System\FpDSgGh.exe
  2⤵
  PID:4280
- C:\Windows\System\KBBHhUy.exe
  C:\Windows\System\KBBHhUy.exe
  2⤵
  PID:5148
- C:\Windows\System\qssSFWA.exe
  C:\Windows\System\qssSFWA.exe
  2⤵
  PID:5188
- C:\Windows\System\ABeTvYT.exe
  C:\Windows\System\ABeTvYT.exe
  2⤵
  PID:5132
- C:\Windows\System\TAOWabU.exe
  C:\Windows\System\TAOWabU.exe
  2⤵
  PID:5212
- C:\Windows\System\PotHFel.exe
  C:\Windows\System\PotHFel.exe
  2⤵
  PID:5268
- C:\Windows\System\NqnzSxI.exe
  C:\Windows\System\NqnzSxI.exe
  2⤵
  PID:5216
- C:\Windows\System\ZFZebav.exe
  C:\Windows\System\ZFZebav.exe
  2⤵
  PID:5344
- C:\Windows\System\FpbDecd.exe
  C:\Windows\System\FpbDecd.exe
  2⤵
  PID:5388
- C:\Windows\System\glSwIpt.exe
  C:\Windows\System\glSwIpt.exe
  2⤵
  PID:5492
- C:\Windows\System\DDLLpoj.exe
  C:\Windows\System\DDLLpoj.exe
  2⤵
  PID:5536
- C:\Windows\System\NsGQUqg.exe
  C:\Windows\System\NsGQUqg.exe
  2⤵
  PID:5552
- C:\Windows\System\eTeNUOc.exe
  C:\Windows\System\eTeNUOc.exe
  2⤵
  PID:5320
- C:\Windows\System\IWHYzJC.exe
  C:\Windows\System\IWHYzJC.exe
  2⤵
  PID:5288
- C:\Windows\System\rTwMfzq.exe
  C:\Windows\System\rTwMfzq.exe
  2⤵
  PID:5408
- C:\Windows\System\sjqwDeT.exe
  C:\Windows\System\sjqwDeT.exe
  2⤵
  PID:5512
- C:\Windows\System\mKnKFQs.exe
  C:\Windows\System\mKnKFQs.exe
  2⤵
  PID:5640
- C:\Windows\System\qwMVqvf.exe
  C:\Windows\System\qwMVqvf.exe
  2⤵
  PID:5616
- C:\Windows\System\RMEJXXJ.exe
  C:\Windows\System\RMEJXXJ.exe
  2⤵
  PID:5692
- C:\Windows\System\SnNhBFF.exe
  C:\Windows\System\SnNhBFF.exe
  2⤵
  PID:5736
- C:\Windows\System\htzcgDW.exe
  C:\Windows\System\htzcgDW.exe
  2⤵
  PID:5812
- C:\Windows\System\nkukfkg.exe
  C:\Windows\System\nkukfkg.exe
  2⤵
  PID:5844
- C:\Windows\System\MBlfghY.exe
  C:\Windows\System\MBlfghY.exe
  2⤵
  PID:5792
- C:\Windows\System\EgMTjTI.exe
  C:\Windows\System\EgMTjTI.exe
  2⤵
  PID:5896
- C:\Windows\System\VhrJxbX.exe
  C:\Windows\System\VhrJxbX.exe
  2⤵
  PID:5916
- C:\Windows\System\YaDmLre.exe
  C:\Windows\System\YaDmLre.exe
  2⤵
  PID:5680
- C:\Windows\System\bzQXFNq.exe
  C:\Windows\System\bzQXFNq.exe
  2⤵
  PID:5984
- C:\Windows\System\erzLNcq.exe
  C:\Windows\System\erzLNcq.exe
  2⤵
  PID:6052
- C:\Windows\System\tSTlafW.exe
  C:\Windows\System\tSTlafW.exe
  2⤵
  PID:6036
- C:\Windows\System\LHeQNmF.exe
  C:\Windows\System\LHeQNmF.exe
  2⤵
  PID:5968
- C:\Windows\System\aDJgIjF.exe
  C:\Windows\System\aDJgIjF.exe
  2⤵
  PID:6116
- C:\Windows\System\ZfIUanw.exe
  C:\Windows\System\ZfIUanw.exe
  2⤵
  PID:6140
- C:\Windows\System\sPkQdsU.exe
  C:\Windows\System\sPkQdsU.exe
  2⤵
  PID:304
- C:\Windows\System\mKHLGQJ.exe
  C:\Windows\System\mKHLGQJ.exe
  2⤵
  PID:5196
- C:\Windows\System\vqSFAww.exe
  C:\Windows\System\vqSFAww.exe
  2⤵
  PID:5280
- C:\Windows\System\DeWPKaC.exe
  C:\Windows\System\DeWPKaC.exe
  2⤵
  PID:5496
- C:\Windows\System\TYmgFAg.exe
  C:\Windows\System\TYmgFAg.exe
  2⤵
  PID:5420
- C:\Windows\System\VhWEYQY.exe
  C:\Windows\System\VhWEYQY.exe
  2⤵
  PID:5548
- C:\Windows\System\qyuygDA.exe
  C:\Windows\System\qyuygDA.exe
  2⤵
  PID:5560
- C:\Windows\System\idIBEUe.exe
  C:\Windows\System\idIBEUe.exe
  2⤵
  PID:5576
- C:\Windows\System\rzsBvIx.exe
  C:\Windows\System\rzsBvIx.exe
  2⤵
  PID:5632
- C:\Windows\System\tcifSpy.exe
  C:\Windows\System\tcifSpy.exe
  2⤵
  PID:5772
- C:\Windows\System\FiZnNvs.exe
  C:\Windows\System\FiZnNvs.exe
  2⤵
  PID:5472
- C:\Windows\System\ZqaLaWX.exe
  C:\Windows\System\ZqaLaWX.exe
  2⤵
  PID:5676
- C:\Windows\System\paiAwEb.exe
  C:\Windows\System\paiAwEb.exe
  2⤵
  PID:5828
- C:\Windows\System\NvMbRLm.exe
  C:\Windows\System\NvMbRLm.exe
  2⤵
  PID:5884
- C:\Windows\System\swhJwww.exe
  C:\Windows\System\swhJwww.exe
  2⤵
  PID:5924
- C:\Windows\System\vACzzNV.exe
  C:\Windows\System\vACzzNV.exe
  2⤵
  PID:5948
- C:\Windows\System\NpvGPOd.exe
  C:\Windows\System\NpvGPOd.exe
  2⤵
  PID:6088
- C:\Windows\System\kAFgNBw.exe
  C:\Windows\System\kAFgNBw.exe
  2⤵
  PID:5200
- C:\Windows\System\IcNESke.exe
  C:\Windows\System\IcNESke.exe
  2⤵
  PID:6012
- C:\Windows\System\ZvSHjHk.exe
  C:\Windows\System\ZvSHjHk.exe
  2⤵
  PID:5228
- C:\Windows\System\xEIwbSO.exe
  C:\Windows\System\xEIwbSO.exe
  2⤵
  PID:4532
- C:\Windows\System\xdHmuKt.exe
  C:\Windows\System\xdHmuKt.exe
  2⤵
  PID:5500
- C:\Windows\System\VXiaDpR.exe
  C:\Windows\System\VXiaDpR.exe
  2⤵
  PID:5304
- C:\Windows\System\kfhOjsR.exe
  C:\Windows\System\kfhOjsR.exe
  2⤵
  PID:5928
- C:\Windows\System\AHJUXaL.exe
  C:\Windows\System\AHJUXaL.exe
  2⤵
  PID:5532
- C:\Windows\System\pMTKUll.exe
  C:\Windows\System\pMTKUll.exe
  2⤵
  PID:5788
- C:\Windows\System\ZAVapuk.exe
  C:\Windows\System\ZAVapuk.exe
  2⤵
  PID:5848
- C:\Windows\System\ZOYFjgs.exe
  C:\Windows\System\ZOYFjgs.exe
  2⤵
  PID:5892
- C:\Windows\System\bqAVuNw.exe
  C:\Windows\System\bqAVuNw.exe
  2⤵
  PID:5232
- C:\Windows\System\LCOengH.exe
  C:\Windows\System\LCOengH.exe
  2⤵
  PID:5940
- C:\Windows\System\CdsnRhr.exe
  C:\Windows\System\CdsnRhr.exe
  2⤵
  PID:5356
- C:\Windows\System\qfVMrxx.exe
  C:\Windows\System\qfVMrxx.exe
  2⤵
  PID:5436
- C:\Windows\System\FqnMufL.exe
  C:\Windows\System\FqnMufL.exe
  2⤵
  PID:5744
- C:\Windows\System\YsCjKgD.exe
  C:\Windows\System\YsCjKgD.exe
  2⤵
  PID:6056
- C:\Windows\System\zPKmzhe.exe
  C:\Windows\System\zPKmzhe.exe
  2⤵
  PID:6128
- C:\Windows\System\FhokpLt.exe
  C:\Windows\System\FhokpLt.exe
  2⤵
  PID:5652
- C:\Windows\System\qBMBIUb.exe
  C:\Windows\System\qBMBIUb.exe
  2⤵
  PID:5580
- C:\Windows\System\eRqKroP.exe
  C:\Windows\System\eRqKroP.exe
  2⤵
  PID:5980
- C:\Windows\System\MbePVxj.exe
  C:\Windows\System\MbePVxj.exe
  2⤵
  PID:5328
- C:\Windows\System\KMZlcBp.exe
  C:\Windows\System\KMZlcBp.exe
  2⤵
  PID:5856
- C:\Windows\System\mSykWdY.exe
  C:\Windows\System\mSykWdY.exe
  2⤵
  PID:5372
- C:\Windows\System\oryoxcA.exe
  C:\Windows\System\oryoxcA.exe
  2⤵
  PID:5656
- C:\Windows\System\aOPCROk.exe
  C:\Windows\System\aOPCROk.exe
  2⤵
  PID:5340
- C:\Windows\System\dffKJfv.exe
  C:\Windows\System\dffKJfv.exe
  2⤵
  PID:5808
- C:\Windows\System\yuILbpo.exe
  C:\Windows\System\yuILbpo.exe
  2⤵
  PID:6156
- C:\Windows\System\vXKDdtI.exe
  C:\Windows\System\vXKDdtI.exe
  2⤵
  PID:6172
- C:\Windows\System\FWWTNgu.exe
  C:\Windows\System\FWWTNgu.exe
  2⤵
  PID:6188
- C:\Windows\System\CRaRrDW.exe
  C:\Windows\System\CRaRrDW.exe
  2⤵
  PID:6208
- C:\Windows\System\YWrQWLs.exe
  C:\Windows\System\YWrQWLs.exe
  2⤵
  PID:6224
- C:\Windows\System\tuiPlph.exe
  C:\Windows\System\tuiPlph.exe
  2⤵
  PID:6240
- C:\Windows\System\JfuTGYr.exe
  C:\Windows\System\JfuTGYr.exe
  2⤵
  PID:6296
- C:\Windows\System\cmHfYxv.exe
  C:\Windows\System\cmHfYxv.exe
  2⤵
  PID:6320
- C:\Windows\System\KSWeRjv.exe
  C:\Windows\System\KSWeRjv.exe
  2⤵
  PID:6340
- C:\Windows\System\tQgQjqv.exe
  C:\Windows\System\tQgQjqv.exe
  2⤵
  PID:6356
- C:\Windows\System\Sgvjyxy.exe
  C:\Windows\System\Sgvjyxy.exe
  2⤵
  PID:6372
- C:\Windows\System\oTvMJpK.exe
  C:\Windows\System\oTvMJpK.exe
  2⤵
  PID:6392
- C:\Windows\System\DYGOyor.exe
  C:\Windows\System\DYGOyor.exe
  2⤵
  PID:6412
- C:\Windows\System\FTiHUTk.exe
  C:\Windows\System\FTiHUTk.exe
  2⤵
  PID:6432
- C:\Windows\System\MXIuwXk.exe
  C:\Windows\System\MXIuwXk.exe
  2⤵
  PID:6452
- C:\Windows\System\besKADJ.exe
  C:\Windows\System\besKADJ.exe
  2⤵
  PID:6468
- C:\Windows\System\iUyWHkf.exe
  C:\Windows\System\iUyWHkf.exe
  2⤵
  PID:6496
- C:\Windows\System\DNOOBZo.exe
  C:\Windows\System\DNOOBZo.exe
  2⤵
  PID:6512
- C:\Windows\System\EInjvph.exe
  C:\Windows\System\EInjvph.exe
  2⤵
  PID:6548
- C:\Windows\System\MmUYnAE.exe
  C:\Windows\System\MmUYnAE.exe
  2⤵
  PID:6576
- C:\Windows\System\GvoZCxg.exe
  C:\Windows\System\GvoZCxg.exe
  2⤵
  PID:6596
- C:\Windows\System\YyXaJnr.exe
  C:\Windows\System\YyXaJnr.exe
  2⤵
  PID:6616
- C:\Windows\System\mXJYxXP.exe
  C:\Windows\System\mXJYxXP.exe
  2⤵
  PID:6632
- C:\Windows\System\fuVtzNK.exe
  C:\Windows\System\fuVtzNK.exe
  2⤵
  PID:6652
- C:\Windows\System\wPxCruB.exe
  C:\Windows\System\wPxCruB.exe
  2⤵
  PID:6668
- C:\Windows\System\ONITJBn.exe
  C:\Windows\System\ONITJBn.exe
  2⤵
  PID:6688
- C:\Windows\System\JNAkERb.exe
  C:\Windows\System\JNAkERb.exe
  2⤵
  PID:6704
- C:\Windows\System\EOQbQLu.exe
  C:\Windows\System\EOQbQLu.exe
  2⤵
  PID:6720
- C:\Windows\System\YFRTXPY.exe
  C:\Windows\System\YFRTXPY.exe
  2⤵
  PID:6760
- C:\Windows\System\ZNXYCwC.exe
  C:\Windows\System\ZNXYCwC.exe
  2⤵
  PID:6776
- C:\Windows\System\oRvDbTk.exe
  C:\Windows\System\oRvDbTk.exe
  2⤵
  PID:6804
- C:\Windows\System\yemesSC.exe
  C:\Windows\System\yemesSC.exe
  2⤵
  PID:6824
- C:\Windows\System\ZSnFpKA.exe
  C:\Windows\System\ZSnFpKA.exe
  2⤵
  PID:6848
- C:\Windows\System\cxmPAoL.exe
  C:\Windows\System\cxmPAoL.exe
  2⤵
  PID:6864
- C:\Windows\System\daxEXJK.exe
  C:\Windows\System\daxEXJK.exe
  2⤵
  PID:6884
- C:\Windows\System\ZDIpHfT.exe
  C:\Windows\System\ZDIpHfT.exe
  2⤵
  PID:6904
- C:\Windows\System\gbgvPoi.exe
  C:\Windows\System\gbgvPoi.exe
  2⤵
  PID:6920
- C:\Windows\System\HMCwSOj.exe
  C:\Windows\System\HMCwSOj.exe
  2⤵
  PID:6936
- C:\Windows\System\DGPizxZ.exe
  C:\Windows\System\DGPizxZ.exe
  2⤵
  PID:6952
- C:\Windows\System\RtdVOkk.exe
  C:\Windows\System\RtdVOkk.exe
  2⤵
  PID:6972
- C:\Windows\System\toJSETh.exe
  C:\Windows\System\toJSETh.exe
  2⤵
  PID:6992
- C:\Windows\System\hbOSeXN.exe
  C:\Windows\System\hbOSeXN.exe
  2⤵
  PID:7012
- C:\Windows\System\UAbQHnj.exe
  C:\Windows\System\UAbQHnj.exe
  2⤵
  PID:7028
- C:\Windows\System\qZJuMpE.exe
  C:\Windows\System\qZJuMpE.exe
  2⤵
  PID:7060
- C:\Windows\System\WOCCFIi.exe
  C:\Windows\System\WOCCFIi.exe
  2⤵
  PID:7088
- C:\Windows\System\xQoAZRC.exe
  C:\Windows\System\xQoAZRC.exe
  2⤵
  PID:7104
- C:\Windows\System\xMnisNF.exe
  C:\Windows\System\xMnisNF.exe
  2⤵
  PID:7120
- C:\Windows\System\AOteECI.exe
  C:\Windows\System\AOteECI.exe
  2⤵
  PID:7136
- C:\Windows\System\RiqgYdz.exe
  C:\Windows\System\RiqgYdz.exe
  2⤵
  PID:7160
- C:\Windows\System\vdgBERc.exe
  C:\Windows\System\vdgBERc.exe
  2⤵
  PID:4140
- C:\Windows\System\DbzmsbV.exe
  C:\Windows\System\DbzmsbV.exe
  2⤵
  PID:6204
- C:\Windows\System\kvftBrV.exe
  C:\Windows\System\kvftBrV.exe
  2⤵
  PID:5308
- C:\Windows\System\dsrPCUn.exe
  C:\Windows\System\dsrPCUn.exe
  2⤵
  PID:6220
- C:\Windows\System\bhCzDxp.exe
  C:\Windows\System\bhCzDxp.exe
  2⤵
  PID:6260
- C:\Windows\System\jzKcybD.exe
  C:\Windows\System\jzKcybD.exe
  2⤵
  PID:6276
- C:\Windows\System\IYNiODr.exe
  C:\Windows\System\IYNiODr.exe
  2⤵
  PID:6328
- C:\Windows\System\uUhoaXK.exe
  C:\Windows\System\uUhoaXK.exe
  2⤵
  PID:6368
- C:\Windows\System\FUsALUf.exe
  C:\Windows\System\FUsALUf.exe
  2⤵
  PID:6476
- C:\Windows\System\IHMrbKq.exe
  C:\Windows\System\IHMrbKq.exe
  2⤵
  PID:6520
- C:\Windows\System\Zwyykyp.exe
  C:\Windows\System\Zwyykyp.exe
  2⤵
  PID:6536
- C:\Windows\System\PVxbrWB.exe
  C:\Windows\System\PVxbrWB.exe
  2⤵
  PID:6428
- C:\Windows\System\eQolBji.exe
  C:\Windows\System\eQolBji.exe
  2⤵
  PID:6504
- C:\Windows\System\dBmrwXY.exe
  C:\Windows\System\dBmrwXY.exe
  2⤵
  PID:6352
- C:\Windows\System\nheoBBS.exe
  C:\Windows\System\nheoBBS.exe
  2⤵
  PID:6560
- C:\Windows\System\eTQmipN.exe
  C:\Windows\System\eTQmipN.exe
  2⤵
  PID:6588
- C:\Windows\System\XVqTics.exe
  C:\Windows\System\XVqTics.exe
  2⤵
  PID:6612
- C:\Windows\System\sEGdoma.exe
  C:\Windows\System\sEGdoma.exe
  2⤵
  PID:6684
- C:\Windows\System\PMqUAeE.exe
  C:\Windows\System\PMqUAeE.exe
  2⤵
  PID:6748
- C:\Windows\System\SChslYu.exe
  C:\Windows\System\SChslYu.exe
  2⤵
  PID:6716
- C:\Windows\System\OwmhIkh.exe
  C:\Windows\System\OwmhIkh.exe
  2⤵
  PID:6304
- C:\Windows\System\daoAudM.exe
  C:\Windows\System\daoAudM.exe
  2⤵
  PID:6796
- C:\Windows\System\DgECaGu.exe
  C:\Windows\System\DgECaGu.exe
  2⤵
  PID:6844
- C:\Windows\System\BuFwWpk.exe
  C:\Windows\System\BuFwWpk.exe
  2⤵
  PID:6856
- C:\Windows\System\hQjvtgl.exe
  C:\Windows\System\hQjvtgl.exe
  2⤵
  PID:6912
- C:\Windows\System\yCjLpXs.exe
  C:\Windows\System\yCjLpXs.exe
  2⤵
  PID:6896
- C:\Windows\System\oIjgAZi.exe
  C:\Windows\System\oIjgAZi.exe
  2⤵
  PID:7020
- C:\Windows\System\BEBIZUF.exe
  C:\Windows\System\BEBIZUF.exe
  2⤵
  PID:7004
- C:\Windows\System\crsFlAD.exe
  C:\Windows\System\crsFlAD.exe
  2⤵
  PID:7072
- C:\Windows\System\AcjLkgU.exe
  C:\Windows\System\AcjLkgU.exe
  2⤵
  PID:6932
- C:\Windows\System\PfIyPwl.exe
  C:\Windows\System\PfIyPwl.exe
  2⤵
  PID:7040
- C:\Windows\System\ASTyzva.exe
  C:\Windows\System\ASTyzva.exe
  2⤵
  PID:7144
- C:\Windows\System\DNRufMJ.exe
  C:\Windows\System\DNRufMJ.exe
  2⤵
  PID:7128
- C:\Windows\System\oxzXqQy.exe
  C:\Windows\System\oxzXqQy.exe
  2⤵
  PID:6196
- C:\Windows\System\yqUrpHz.exe
  C:\Windows\System\yqUrpHz.exe
  2⤵
  PID:5908
- C:\Windows\System\DwlDhdi.exe
  C:\Windows\System\DwlDhdi.exe
  2⤵
  PID:6216
- C:\Windows\System\cmGgAGZ.exe
  C:\Windows\System\cmGgAGZ.exe
  2⤵
  PID:6272
- C:\Windows\System\seVezEO.exe
  C:\Windows\System\seVezEO.exe
  2⤵
  PID:6488
- C:\Windows\System\tIXiAJH.exe
  C:\Windows\System\tIXiAJH.exe
  2⤵
  PID:6388
- C:\Windows\System\PCPxJxu.exe
  C:\Windows\System\PCPxJxu.exe
  2⤵
  PID:6624
- C:\Windows\System\vyaIARl.exe
  C:\Windows\System\vyaIARl.exe
  2⤵
  PID:6408
- C:\Windows\System\unFGBhX.exe
  C:\Windows\System\unFGBhX.exe
  2⤵
  PID:6532
- C:\Windows\System\mhWaeAI.exe
  C:\Windows\System\mhWaeAI.exe
  2⤵
  PID:6544
- C:\Windows\System\cgaDVZN.exe
  C:\Windows\System\cgaDVZN.exe
  2⤵
  PID:6728
- C:\Windows\System\tCmAWcU.exe
  C:\Windows\System\tCmAWcU.exe
  2⤵
  PID:6676
- C:\Windows\System\SpxKyFL.exe
  C:\Windows\System\SpxKyFL.exe
  2⤵
  PID:6772
- C:\Windows\System\tytOLSK.exe
  C:\Windows\System\tytOLSK.exe
  2⤵
  PID:6788
- C:\Windows\System\ueDZOBB.exe
  C:\Windows\System\ueDZOBB.exe
  2⤵
  PID:6812
- C:\Windows\System\jXwEJln.exe
  C:\Windows\System\jXwEJln.exe
  2⤵
  PID:6872
- C:\Windows\System\fgmDdkF.exe
  C:\Windows\System\fgmDdkF.exe
  2⤵
  PID:6892
- C:\Windows\System\qqfpJRV.exe
  C:\Windows\System\qqfpJRV.exe
  2⤵
  PID:6968
- C:\Windows\System\gSuqQlS.exe
  C:\Windows\System\gSuqQlS.exe
  2⤵
  PID:7048
- C:\Windows\System\xniYWMv.exe
  C:\Windows\System\xniYWMv.exe
  2⤵
  PID:7148
- C:\Windows\System\pgmqeRT.exe
  C:\Windows\System\pgmqeRT.exe
  2⤵
  PID:6180
- C:\Windows\System\vqzYYiB.exe
  C:\Windows\System\vqzYYiB.exe
  2⤵
  PID:6152
- C:\Windows\System\nIFMNhs.exe
  C:\Windows\System\nIFMNhs.exe
  2⤵
  PID:6364
- C:\Windows\System\DTtbvsl.exe
  C:\Windows\System\DTtbvsl.exe
  2⤵
  PID:6288
- C:\Windows\System\ITSirrO.exe
  C:\Windows\System\ITSirrO.exe
  2⤵
  PID:6832
- C:\Windows\System\vsKdmFa.exe
  C:\Windows\System\vsKdmFa.exe
  2⤵
  PID:6604
- C:\Windows\System\YKvBxSo.exe
  C:\Windows\System\YKvBxSo.exe
  2⤵
  PID:6980
- C:\Windows\System\KrzJFCL.exe
  C:\Windows\System\KrzJFCL.exe
  2⤵
  PID:6964
- C:\Windows\System\wOFIdfI.exe
  C:\Windows\System\wOFIdfI.exe
  2⤵
  PID:6284
- C:\Windows\System\gmgMYZZ.exe
  C:\Windows\System\gmgMYZZ.exe
  2⤵
  PID:6768
- C:\Windows\System\URnSPuJ.exe
  C:\Windows\System\URnSPuJ.exe
  2⤵
  PID:6784
- C:\Windows\System\TVmSOOF.exe
  C:\Windows\System\TVmSOOF.exe
  2⤵
  PID:7152
- C:\Windows\System\qTAqfbY.exe
  C:\Windows\System\qTAqfbY.exe
  2⤵
  PID:6232
- C:\Windows\System\DkKtskn.exe
  C:\Windows\System\DkKtskn.exe
  2⤵
  PID:6072
- C:\Windows\System\gzExEIb.exe
  C:\Windows\System\gzExEIb.exe
  2⤵
  PID:6820
- C:\Windows\System\cCgMfbI.exe
  C:\Windows\System\cCgMfbI.exe
  2⤵
  PID:6168
- C:\Windows\System\bcaNzbj.exe
  C:\Windows\System\bcaNzbj.exe
  2⤵
  PID:6628
- C:\Windows\System\dyEPzYa.exe
  C:\Windows\System\dyEPzYa.exe
  2⤵
  PID:6944
- C:\Windows\System\wWMTgzJ.exe
  C:\Windows\System\wWMTgzJ.exe
  2⤵
  PID:6268
- C:\Windows\System\QjuwoAC.exe
  C:\Windows\System\QjuwoAC.exe
  2⤵
  PID:6528
- C:\Windows\System\KvAzFMq.exe
  C:\Windows\System\KvAzFMq.exe
  2⤵
  PID:6608
- C:\Windows\System\hCblZHt.exe
  C:\Windows\System\hCblZHt.exe
  2⤵
  PID:6312
- C:\Windows\System\LIAYOhW.exe
  C:\Windows\System\LIAYOhW.exe
  2⤵
  PID:7176
- C:\Windows\System\modCUAO.exe
  C:\Windows\System\modCUAO.exe
  2⤵
  PID:7192
- C:\Windows\System\EKvLknu.exe
  C:\Windows\System\EKvLknu.exe
  2⤵
  PID:7216
- C:\Windows\System\DysdJxy.exe
  C:\Windows\System\DysdJxy.exe
  2⤵
  PID:7236
- C:\Windows\System\pFEcQLv.exe
  C:\Windows\System\pFEcQLv.exe
  2⤵
  PID:7260
- C:\Windows\System\tAuafOT.exe
  C:\Windows\System\tAuafOT.exe
  2⤵
  PID:7276
- C:\Windows\System\VhtIhVY.exe
  C:\Windows\System\VhtIhVY.exe
  2⤵
  PID:7304
- C:\Windows\System\ZhPdDph.exe
  C:\Windows\System\ZhPdDph.exe
  2⤵
  PID:7328
- C:\Windows\System\LjPTsBj.exe
  C:\Windows\System\LjPTsBj.exe
  2⤵
  PID:7348
- C:\Windows\System\QlNseNw.exe
  C:\Windows\System\QlNseNw.exe
  2⤵
  PID:7368
- C:\Windows\System\VIXHPhH.exe
  C:\Windows\System\VIXHPhH.exe
  2⤵
  PID:7388
- C:\Windows\System\gEiIYAh.exe
  C:\Windows\System\gEiIYAh.exe
  2⤵
  PID:7416
- C:\Windows\System\yNiaKIu.exe
  C:\Windows\System\yNiaKIu.exe
  2⤵
  PID:7440
- C:\Windows\System\WWXHFgd.exe
  C:\Windows\System\WWXHFgd.exe
  2⤵
  PID:7456
- C:\Windows\System\HrWnnZz.exe
  C:\Windows\System\HrWnnZz.exe
  2⤵
  PID:7472
- C:\Windows\System\vFgNuVt.exe
  C:\Windows\System\vFgNuVt.exe
  2⤵
  PID:7488
- C:\Windows\System\axBZVjC.exe
  C:\Windows\System\axBZVjC.exe
  2⤵
  PID:7504
- C:\Windows\System\AuQyOWb.exe
  C:\Windows\System\AuQyOWb.exe
  2⤵
  PID:7520
- C:\Windows\System\XKAatUf.exe
  C:\Windows\System\XKAatUf.exe
  2⤵
  PID:7536
- C:\Windows\System\jUySoZW.exe
  C:\Windows\System\jUySoZW.exe
  2⤵
  PID:7564
- C:\Windows\System\QXTDnTB.exe
  C:\Windows\System\QXTDnTB.exe
  2⤵
  PID:7604
- C:\Windows\System\TlycmaI.exe
  C:\Windows\System\TlycmaI.exe
  2⤵
  PID:7620
- C:\Windows\System\RNSPxUI.exe
  C:\Windows\System\RNSPxUI.exe
  2⤵
  PID:7656
- C:\Windows\System\AQhvWGc.exe
  C:\Windows\System\AQhvWGc.exe
  2⤵
  PID:7672
- C:\Windows\System\klyIWQS.exe
  C:\Windows\System\klyIWQS.exe
  2⤵
  PID:7688
- C:\Windows\System\eYYSCTY.exe
  C:\Windows\System\eYYSCTY.exe
  2⤵
  PID:7708
- C:\Windows\System\JxRNDxn.exe
  C:\Windows\System\JxRNDxn.exe
  2⤵
  PID:7728
- C:\Windows\System\gecIZKg.exe
  C:\Windows\System\gecIZKg.exe
  2⤵
  PID:7748
- C:\Windows\System\gsfgqNs.exe
  C:\Windows\System\gsfgqNs.exe
  2⤵
  PID:7768
- C:\Windows\System\TcVTscp.exe
  C:\Windows\System\TcVTscp.exe
  2⤵
  PID:7784
- C:\Windows\System\swAsByv.exe
  C:\Windows\System\swAsByv.exe
  2⤵
  PID:7800
- C:\Windows\System\zRnEiMo.exe
  C:\Windows\System\zRnEiMo.exe
  2⤵
  PID:7816
- C:\Windows\System\IAUFFeQ.exe
  C:\Windows\System\IAUFFeQ.exe
  2⤵
  PID:7836
- C:\Windows\System\MipNZqJ.exe
  C:\Windows\System\MipNZqJ.exe
  2⤵
  PID:7884
- C:\Windows\System\tzjCjfp.exe
  C:\Windows\System\tzjCjfp.exe
  2⤵
  PID:7904
- C:\Windows\System\dJqOJQS.exe
  C:\Windows\System\dJqOJQS.exe
  2⤵
  PID:7920
- C:\Windows\System\qIuOGhQ.exe
  C:\Windows\System\qIuOGhQ.exe
  2⤵
  PID:7936
- C:\Windows\System\aLGYcxl.exe
  C:\Windows\System\aLGYcxl.exe
  2⤵
  PID:7960
- C:\Windows\System\zsbWGvp.exe
  C:\Windows\System\zsbWGvp.exe
  2⤵
  PID:7976
- C:\Windows\System\TniLFtJ.exe
  C:\Windows\System\TniLFtJ.exe
  2⤵
  PID:7992
- C:\Windows\System\vKEbbVE.exe
  C:\Windows\System\vKEbbVE.exe
  2⤵
  PID:8016
- C:\Windows\System\USUlCHn.exe
  C:\Windows\System\USUlCHn.exe
  2⤵
  PID:8036
- C:\Windows\System\ScNYSAw.exe
  C:\Windows\System\ScNYSAw.exe
  2⤵
  PID:8052
- C:\Windows\System\zrPnJsO.exe
  C:\Windows\System\zrPnJsO.exe
  2⤵
  PID:8068
- C:\Windows\System\ibjWCFA.exe
  C:\Windows\System\ibjWCFA.exe
  2⤵
  PID:8088
- C:\Windows\System\uXZTRAb.exe
  C:\Windows\System\uXZTRAb.exe
  2⤵
  PID:8108
- C:\Windows\System\ySNAvAd.exe
  C:\Windows\System\ySNAvAd.exe
  2⤵
  PID:8124
- C:\Windows\System\UIrliMK.exe
  C:\Windows\System\UIrliMK.exe
  2⤵
  PID:8148
- C:\Windows\System\dfODmrM.exe
  C:\Windows\System\dfODmrM.exe
  2⤵
  PID:8164
- C:\Windows\System\BWJzqVZ.exe
  C:\Windows\System\BWJzqVZ.exe
  2⤵
  PID:8180
- C:\Windows\System\gEgkABv.exe
  C:\Windows\System\gEgkABv.exe
  2⤵
  PID:6540
- C:\Windows\System\xMGawJG.exe
  C:\Windows\System\xMGawJG.exe
  2⤵
  PID:7116
- C:\Windows\System\wkuJlwB.exe
  C:\Windows\System\wkuJlwB.exe
  2⤵
  PID:7252
- C:\Windows\System\vNlVCxg.exe
  C:\Windows\System\vNlVCxg.exe
  2⤵
  PID:6348
- C:\Windows\System\OWJKpIY.exe
  C:\Windows\System\OWJKpIY.exe
  2⤵
  PID:7272
- C:\Windows\System\EaNONhI.exe
  C:\Windows\System\EaNONhI.exe
  2⤵
  PID:5660
- C:\Windows\System\nXSpzDQ.exe
  C:\Windows\System\nXSpzDQ.exe
  2⤵
  PID:7184
- C:\Windows\System\eXxcbWD.exe
  C:\Windows\System\eXxcbWD.exe
  2⤵
  PID:7376
- C:\Windows\System\TmmfGUV.exe
  C:\Windows\System\TmmfGUV.exe
  2⤵
  PID:7356
- C:\Windows\System\XruBPqh.exe
  C:\Windows\System\XruBPqh.exe
  2⤵
  PID:7428
- C:\Windows\System\QsiyZzx.exe
  C:\Windows\System\QsiyZzx.exe
  2⤵
  PID:7528
- C:\Windows\System\uYJHXGH.exe
  C:\Windows\System\uYJHXGH.exe
  2⤵
  PID:7408
- C:\Windows\System\NxHPHjG.exe
  C:\Windows\System\NxHPHjG.exe
  2⤵
  PID:7512
- C:\Windows\System\IcCunLj.exe
  C:\Windows\System\IcCunLj.exe
  2⤵
  PID:7588
- C:\Windows\System\bhpHTbJ.exe
  C:\Windows\System\bhpHTbJ.exe
  2⤵
  PID:7596
- C:\Windows\System\PXRWwKe.exe
  C:\Windows\System\PXRWwKe.exe
  2⤵
  PID:7644
- C:\Windows\System\WwgcGKr.exe
  C:\Windows\System\WwgcGKr.exe
  2⤵
  PID:7680
- C:\Windows\System\ImIXxtG.exe
  C:\Windows\System\ImIXxtG.exe
  2⤵
  PID:7756
- C:\Windows\System\hhCnGSq.exe
  C:\Windows\System\hhCnGSq.exe
  2⤵
  PID:7796
- C:\Windows\System\oozzXcF.exe
  C:\Windows\System\oozzXcF.exe
  2⤵
  PID:7852
- C:\Windows\System\IdDzLpd.exe
  C:\Windows\System\IdDzLpd.exe
  2⤵
  PID:7740
- C:\Windows\System\xakcXfh.exe
  C:\Windows\System\xakcXfh.exe
  2⤵
  PID:7776
- C:\Windows\System\fGuvqwq.exe
  C:\Windows\System\fGuvqwq.exe
  2⤵
  PID:7844
- C:\Windows\System\QBbioXR.exe
  C:\Windows\System\QBbioXR.exe
  2⤵
  PID:7848
- C:\Windows\System\pafcWnZ.exe
  C:\Windows\System\pafcWnZ.exe
  2⤵
  PID:8000
- C:\Windows\System\LEsTdDQ.exe
  C:\Windows\System\LEsTdDQ.exe
  2⤵
  PID:7944
- C:\Windows\System\goxEHAk.exe
  C:\Windows\System\goxEHAk.exe
  2⤵
  PID:7956
- C:\Windows\System\eCfqaLA.exe
  C:\Windows\System\eCfqaLA.exe
  2⤵
  PID:8084
- C:\Windows\System\iITjsFv.exe
  C:\Windows\System\iITjsFv.exe
  2⤵
  PID:8160
- C:\Windows\System\CsdhRDT.exe
  C:\Windows\System\CsdhRDT.exe
  2⤵
  PID:8104
- C:\Windows\System\fzZkzdC.exe
  C:\Windows\System\fzZkzdC.exe
  2⤵
  PID:8028
- C:\Windows\System\CgkQCBH.exe
  C:\Windows\System\CgkQCBH.exe
  2⤵
  PID:8060
- C:\Windows\System\ORZDITo.exe
  C:\Windows\System\ORZDITo.exe
  2⤵
  PID:7984
- C:\Windows\System\qJjOykk.exe
  C:\Windows\System\qJjOykk.exe
  2⤵
  PID:8172
- C:\Windows\System\FztEjwF.exe
  C:\Windows\System\FztEjwF.exe
  2⤵
  PID:6424
- C:\Windows\System\OGfIfbe.exe
  C:\Windows\System\OGfIfbe.exe
  2⤵
  PID:6448
- C:\Windows\System\BcQnzOZ.exe
  C:\Windows\System\BcQnzOZ.exe
  2⤵
  PID:6756
- C:\Windows\System\qGbWbgR.exe
  C:\Windows\System\qGbWbgR.exe
  2⤵
  PID:7316
- C:\Windows\System\YkgDIfd.exe
  C:\Windows\System\YkgDIfd.exe
  2⤵
  PID:7344
- C:\Windows\System\hqIxElY.exe
  C:\Windows\System\hqIxElY.exe
  2⤵
  PID:7544
- C:\Windows\System\bJOrhEq.exe
  C:\Windows\System\bJOrhEq.exe
  2⤵
  PID:7404
- C:\Windows\System\dTLGxhW.exe
  C:\Windows\System\dTLGxhW.exe
  2⤵
  PID:7652
- C:\Windows\System\bVPgEOa.exe
  C:\Windows\System\bVPgEOa.exe
  2⤵
  PID:7664
- C:\Windows\System\znMsZOg.exe
  C:\Windows\System\znMsZOg.exe
  2⤵
  PID:7704
- C:\Windows\System\UozuIEs.exe
  C:\Windows\System\UozuIEs.exe
  2⤵
  PID:7736
- C:\Windows\System\MaWkzLn.exe
  C:\Windows\System\MaWkzLn.exe
  2⤵
  PID:7808
- C:\Windows\System\ERveXKX.exe
  C:\Windows\System\ERveXKX.exe
  2⤵
  PID:7948
- C:\Windows\System\QNRCMwo.exe
  C:\Windows\System\QNRCMwo.exe
  2⤵
  PID:8156
- C:\Windows\System\DpjJFsF.exe
  C:\Windows\System\DpjJFsF.exe
  2⤵
  PID:8136
- C:\Windows\System\jbueOPG.exe
  C:\Windows\System\jbueOPG.exe
  2⤵
  PID:7900
- C:\Windows\System\vKTrZuG.exe
  C:\Windows\System\vKTrZuG.exe
  2⤵
  PID:8048
- C:\Windows\System\UkpmILy.exe
  C:\Windows\System\UkpmILy.exe
  2⤵
  PID:7244
- C:\Windows\System\cYWBPMF.exe
  C:\Windows\System\cYWBPMF.exe
  2⤵
  PID:7288
- C:\Windows\System\fpObiho.exe
  C:\Windows\System\fpObiho.exe
  2⤵
  PID:7204
- C:\Windows\System\BzrSvsp.exe
  C:\Windows\System\BzrSvsp.exe
  2⤵
  PID:7224
- C:\Windows\System\UPdRSXn.exe
  C:\Windows\System\UPdRSXn.exe
  2⤵
  PID:7468
- C:\Windows\System\IdtgEHP.exe
  C:\Windows\System\IdtgEHP.exe
  2⤵
  PID:7212
- C:\Windows\System\cqStzco.exe
  C:\Windows\System\cqStzco.exe
  2⤵
  PID:7432
- C:\Windows\System\flMMqBR.exe
  C:\Windows\System\flMMqBR.exe
  2⤵
  PID:7764
- C:\Windows\System\UBGtlLv.exe
  C:\Windows\System\UBGtlLv.exe
  2⤵
  PID:7560
- C:\Windows\System\CgpbHnt.exe
  C:\Windows\System\CgpbHnt.exe
  2⤵
  PID:7928
- C:\Windows\System\NZYEYqR.exe
  C:\Windows\System\NZYEYqR.exe
  2⤵
  PID:8120
- C:\Windows\System\NawLdLH.exe
  C:\Windows\System\NawLdLH.exe
  2⤵
  PID:7896
- C:\Windows\System\Cflxelo.exe
  C:\Windows\System\Cflxelo.exe
  2⤵
  PID:1004
- C:\Windows\System\LcfmYxn.exe
  C:\Windows\System\LcfmYxn.exe
  2⤵
  PID:7380
- C:\Windows\System\xOfsHes.exe
  C:\Windows\System\xOfsHes.exe
  2⤵
  PID:8144
- C:\Windows\System\XhkMDEt.exe
  C:\Windows\System\XhkMDEt.exe
  2⤵
  PID:8100
- C:\Windows\System\uccWYYV.exe
  C:\Windows\System\uccWYYV.exe
  2⤵
  PID:7340
- C:\Windows\System\ghTOXSk.exe
  C:\Windows\System\ghTOXSk.exe
  2⤵
  PID:4640
- C:\Windows\System\SRRWAIj.exe
  C:\Windows\System\SRRWAIj.exe
  2⤵
  PID:7668
- C:\Windows\System\pFMrYVh.exe
  C:\Windows\System\pFMrYVh.exe
  2⤵
  PID:7912
- C:\Windows\System\myFxrTj.exe
  C:\Windows\System\myFxrTj.exe
  2⤵
  PID:8012
- C:\Windows\System\OlUwvLm.exe
  C:\Windows\System\OlUwvLm.exe
  2⤵
  PID:7480
- C:\Windows\System\fInHbhS.exe
  C:\Windows\System\fInHbhS.exe
  2⤵
  PID:7232
- C:\Windows\System\RtidSVO.exe
  C:\Windows\System\RtidSVO.exe
  2⤵
  PID:7268
- C:\Windows\System\oKVPLIn.exe
  C:\Windows\System\oKVPLIn.exe
  2⤵
  PID:7424
- C:\Windows\System\GLAAYon.exe
  C:\Windows\System\GLAAYon.exe
  2⤵
  PID:7892
- C:\Windows\System\GEMhfmr.exe
  C:\Windows\System\GEMhfmr.exe
  2⤵
  PID:8076
- C:\Windows\System\vzSNdtG.exe
  C:\Windows\System\vzSNdtG.exe
  2⤵
  PID:7616
- C:\Windows\System\faXDuAn.exe
  C:\Windows\System\faXDuAn.exe
  2⤵
  PID:7640
- C:\Windows\System\UnZAFwy.exe
  C:\Windows\System\UnZAFwy.exe
  2⤵
  PID:7600
- C:\Windows\System\OuHtMuL.exe
  C:\Windows\System\OuHtMuL.exe
  2⤵
  PID:8212
- C:\Windows\System\PkSCgtd.exe
  C:\Windows\System\PkSCgtd.exe
  2⤵
  PID:8236
- C:\Windows\System\CFxtIMB.exe
  C:\Windows\System\CFxtIMB.exe
  2⤵
  PID:8256
- C:\Windows\System\QBQCYbc.exe
  C:\Windows\System\QBQCYbc.exe
  2⤵
  PID:8276
- C:\Windows\System\qsmtRxb.exe
  C:\Windows\System\qsmtRxb.exe
  2⤵
  PID:8300
- C:\Windows\System\ECNxhvk.exe
  C:\Windows\System\ECNxhvk.exe
  2⤵
  PID:8316
- C:\Windows\System\JwbRplO.exe
  C:\Windows\System\JwbRplO.exe
  2⤵
  PID:8348
- C:\Windows\System\UdcPflq.exe
  C:\Windows\System\UdcPflq.exe
  2⤵
  PID:8368
- C:\Windows\System\DUUqqPN.exe
  C:\Windows\System\DUUqqPN.exe
  2⤵
  PID:8384
- C:\Windows\System\ThTaCdv.exe
  C:\Windows\System\ThTaCdv.exe
  2⤵
  PID:8404
- C:\Windows\System\KSYzhqK.exe
  C:\Windows\System\KSYzhqK.exe
  2⤵
  PID:8428
- C:\Windows\System\aTTMGiD.exe
  C:\Windows\System\aTTMGiD.exe
  2⤵
  PID:8444
- C:\Windows\System\lgPqVZf.exe
  C:\Windows\System\lgPqVZf.exe
  2⤵
  PID:8460
- C:\Windows\System\LeXZHPk.exe
  C:\Windows\System\LeXZHPk.exe
  2⤵
  PID:8476
- C:\Windows\System\pBWSmJU.exe
  C:\Windows\System\pBWSmJU.exe
  2⤵
  PID:8492
- C:\Windows\System\dljiFBM.exe
  C:\Windows\System\dljiFBM.exe
  2⤵
  PID:8516
- C:\Windows\System\KITSnkm.exe
  C:\Windows\System\KITSnkm.exe
  2⤵
  PID:8544
- C:\Windows\System\QySRzqh.exe
  C:\Windows\System\QySRzqh.exe
  2⤵
  PID:8572
- C:\Windows\System\dxJzJbL.exe
  C:\Windows\System\dxJzJbL.exe
  2⤵
  PID:8588
- C:\Windows\System\BaMLxxk.exe
  C:\Windows\System\BaMLxxk.exe
  2⤵
  PID:8608
- C:\Windows\System\baZWvJn.exe
  C:\Windows\System\baZWvJn.exe
  2⤵
  PID:8628
- C:\Windows\System\MsqYnwj.exe
  C:\Windows\System\MsqYnwj.exe
  2⤵
  PID:8644
- C:\Windows\System\OfHQZQc.exe
  C:\Windows\System\OfHQZQc.exe
  2⤵
  PID:8660
- C:\Windows\System\UXHrcPk.exe
  C:\Windows\System\UXHrcPk.exe
  2⤵
  PID:8676
- C:\Windows\System\sWRXZZg.exe
  C:\Windows\System\sWRXZZg.exe
  2⤵
  PID:8692
- C:\Windows\System\rKsXYBR.exe
  C:\Windows\System\rKsXYBR.exe
  2⤵
  PID:8708
- C:\Windows\System\XksTpcV.exe
  C:\Windows\System\XksTpcV.exe
  2⤵
  PID:8724
- C:\Windows\System\CPnljrB.exe
  C:\Windows\System\CPnljrB.exe
  2⤵
  PID:8740
- C:\Windows\System\UEVLuKB.exe
  C:\Windows\System\UEVLuKB.exe
  2⤵
  PID:8760
- C:\Windows\System\bzuweNz.exe
  C:\Windows\System\bzuweNz.exe
  2⤵
  PID:8776
- C:\Windows\System\azVTfDP.exe
  C:\Windows\System\azVTfDP.exe
  2⤵
  PID:8792
- C:\Windows\System\dBfaekY.exe
  C:\Windows\System\dBfaekY.exe
  2⤵
  PID:8808
- C:\Windows\System\esBiHvk.exe
  C:\Windows\System\esBiHvk.exe
  2⤵
  PID:8824
- C:\Windows\System\ZfbcRIu.exe
  C:\Windows\System\ZfbcRIu.exe
  2⤵
  PID:8840
- C:\Windows\System\qKByaJa.exe
  C:\Windows\System\qKByaJa.exe
  2⤵
  PID:8856
- C:\Windows\System\UXskcGG.exe
  C:\Windows\System\UXskcGG.exe
  2⤵
  PID:8872
- C:\Windows\System\kIellrt.exe
  C:\Windows\System\kIellrt.exe
  2⤵
  PID:8888
- C:\Windows\System\bdLgBGA.exe
  C:\Windows\System\bdLgBGA.exe
  2⤵
  PID:8904
- C:\Windows\System\nMNSSxl.exe
  C:\Windows\System\nMNSSxl.exe
  2⤵
  PID:8920
- C:\Windows\System\prCewEF.exe
  C:\Windows\System\prCewEF.exe
  2⤵
  PID:8940
- C:\Windows\System\LFjEHRb.exe
  C:\Windows\System\LFjEHRb.exe
  2⤵
  PID:9032
- C:\Windows\System\hqbOlHW.exe
  C:\Windows\System\hqbOlHW.exe
  2⤵
  PID:9052
- C:\Windows\System\NYDoXpy.exe
  C:\Windows\System\NYDoXpy.exe
  2⤵
  PID:9068
- C:\Windows\System\LxBZSmW.exe
  C:\Windows\System\LxBZSmW.exe
  2⤵
  PID:9084
- C:\Windows\System\tweIYoa.exe
  C:\Windows\System\tweIYoa.exe
  2⤵
  PID:9100
- C:\Windows\System\eachRSQ.exe
  C:\Windows\System\eachRSQ.exe
  2⤵
  PID:9128
- C:\Windows\System\oktHdRT.exe
  C:\Windows\System\oktHdRT.exe
  2⤵
  PID:9148
- C:\Windows\System\ZJPjxlL.exe
  C:\Windows\System\ZJPjxlL.exe
  2⤵
  PID:9164
- C:\Windows\System\ujqiulq.exe
  C:\Windows\System\ujqiulq.exe
  2⤵
  PID:9180
- C:\Windows\System\zypbMNl.exe
  C:\Windows\System\zypbMNl.exe
  2⤵
  PID:9196
- C:\Windows\System\VfEObuN.exe
  C:\Windows\System\VfEObuN.exe
  2⤵
  PID:9212
- C:\Windows\System\ozxndZd.exe
  C:\Windows\System\ozxndZd.exe
  2⤵
  PID:8232
- C:\Windows\System\vpaHkeR.exe
  C:\Windows\System\vpaHkeR.exe
  2⤵
  PID:4824
- C:\Windows\System\vLHfaGI.exe
  C:\Windows\System\vLHfaGI.exe
  2⤵
  PID:8252
- C:\Windows\System\skrNyNz.exe
  C:\Windows\System\skrNyNz.exe
  2⤵
  PID:8292
- C:\Windows\System\tFazJlx.exe
  C:\Windows\System\tFazJlx.exe
  2⤵
  PID:8344
- C:\Windows\System\ALqYvxu.exe
  C:\Windows\System\ALqYvxu.exe
  2⤵
  PID:8392
- C:\Windows\System\MwVEmAQ.exe
  C:\Windows\System\MwVEmAQ.exe
  2⤵
  PID:8416
- C:\Windows\System\VxNFyRa.exe
  C:\Windows\System\VxNFyRa.exe
  2⤵
  PID:8436
- C:\Windows\System\IkYIBhh.exe
  C:\Windows\System\IkYIBhh.exe
  2⤵
  PID:8484
- C:\Windows\System\ZMMaNIm.exe
  C:\Windows\System\ZMMaNIm.exe
  2⤵
  PID:8512
- C:\Windows\System\KiIIZWi.exe
  C:\Windows\System\KiIIZWi.exe
  2⤵
  PID:8536
- C:\Windows\System\fHcQdtQ.exe
  C:\Windows\System\fHcQdtQ.exe
  2⤵
  PID:8560
- C:\Windows\System\xjfqeih.exe
  C:\Windows\System\xjfqeih.exe
  2⤵
  PID:8584
- C:\Windows\System\PAFXLth.exe
  C:\Windows\System\PAFXLth.exe
  2⤵
  PID:8668
- C:\Windows\System\aztNxuF.exe
  C:\Windows\System\aztNxuF.exe
  2⤵
  PID:8700
- C:\Windows\System\kcfeqAY.exe
  C:\Windows\System\kcfeqAY.exe
  2⤵
  PID:8620
- C:\Windows\System\ePvCRVr.exe
  C:\Windows\System\ePvCRVr.exe
  2⤵
  PID:8688
- C:\Windows\System\WItAthL.exe
  C:\Windows\System\WItAthL.exe
  2⤵
  PID:8768
- C:\Windows\System\HzJKqpR.exe
  C:\Windows\System\HzJKqpR.exe
  2⤵
  PID:8800
- C:\Windows\System\ICuYLhI.exe
  C:\Windows\System\ICuYLhI.exe
  2⤵
  PID:8836
- C:\Windows\System\mCtNifh.exe
  C:\Windows\System\mCtNifh.exe
  2⤵
  PID:8932
- C:\Windows\System\Zifxzpe.exe
  C:\Windows\System\Zifxzpe.exe
  2⤵
  PID:8884
- C:\Windows\System\tyQJWPX.exe
  C:\Windows\System\tyQJWPX.exe
  2⤵
  PID:8788
- C:\Windows\System\NXaWOgn.exe
  C:\Windows\System\NXaWOgn.exe
  2⤵
  PID:8916
- C:\Windows\System\UaWQOzo.exe
  C:\Windows\System\UaWQOzo.exe
  2⤵
  PID:8960
- C:\Windows\System\fpqCbqS.exe
  C:\Windows\System\fpqCbqS.exe
  2⤵
  PID:8976
- C:\Windows\System\IWowgLx.exe
  C:\Windows\System\IWowgLx.exe
  2⤵
  PID:8992
- C:\Windows\System\etCYxyN.exe
  C:\Windows\System\etCYxyN.exe
  2⤵
  PID:9016
- C:\Windows\System\nzlQkin.exe
  C:\Windows\System\nzlQkin.exe
  2⤵
  PID:9048
- C:\Windows\System\IqiygBx.exe
  C:\Windows\System\IqiygBx.exe
  2⤵
  PID:9064
- C:\Windows\System\ZQWOWJy.exe
  C:\Windows\System\ZQWOWJy.exe
  2⤵
  PID:8224
- C:\Windows\System\ARvPFXj.exe
  C:\Windows\System\ARvPFXj.exe
  2⤵
  PID:7300
- C:\Windows\System\cPCwHQH.exe
  C:\Windows\System\cPCwHQH.exe
  2⤵
  PID:8208
- C:\Windows\System\YzYVANd.exe
  C:\Windows\System\YzYVANd.exe
  2⤵
  PID:8284
- C:\Windows\System\spZXlZc.exe
  C:\Windows\System\spZXlZc.exe
  2⤵
  PID:8364
- C:\Windows\System\IHtSicJ.exe
  C:\Windows\System\IHtSicJ.exe
  2⤵
  PID:8424
- C:\Windows\System\QCCddRN.exe
  C:\Windows\System\QCCddRN.exe
  2⤵
  PID:8504
- C:\Windows\System\sxOlZhj.exe
  C:\Windows\System\sxOlZhj.exe
  2⤵
  PID:8452
- C:\Windows\System\AplqRkR.exe
  C:\Windows\System\AplqRkR.exe
  2⤵
  PID:8532
- C:\Windows\System\yhVJywt.exe
  C:\Windows\System\yhVJywt.exe
  2⤵
  PID:8568
- C:\Windows\System\RJKHmHH.exe
  C:\Windows\System\RJKHmHH.exe
  2⤵
  PID:8684
- C:\Windows\System\UAxHjcm.exe
  C:\Windows\System\UAxHjcm.exe
  2⤵
  PID:8868
- C:\Windows\System\GjGJzbf.exe
  C:\Windows\System\GjGJzbf.exe
  2⤵
  PID:8820
- C:\Windows\System\ukbwZAa.exe
  C:\Windows\System\ukbwZAa.exe
  2⤵
  PID:8752
- C:\Windows\System\uFfUPHB.exe
  C:\Windows\System\uFfUPHB.exe
  2⤵
  PID:8748
- C:\Windows\System\fcSOAIS.exe
  C:\Windows\System\fcSOAIS.exe
  2⤵
  PID:9028
- C:\Windows\System\xDhtQUO.exe
  C:\Windows\System\xDhtQUO.exe
  2⤵
  PID:9004
- C:\Windows\System\ftCIVWg.exe
  C:\Windows\System\ftCIVWg.exe
  2⤵
  PID:9120
- C:\Windows\System\EJcHFZH.exe
  C:\Windows\System\EJcHFZH.exe
  2⤵
  PID:8336
- C:\Windows\System\nsbBeRx.exe
  C:\Windows\System\nsbBeRx.exe
  2⤵
  PID:9204
- C:\Windows\System\phjjdAr.exe
  C:\Windows\System\phjjdAr.exe
  2⤵
  PID:7972
- C:\Windows\System\zzTfxfD.exe
  C:\Windows\System\zzTfxfD.exe
  2⤵
  PID:8196
- C:\Windows\System\VmbLFBN.exe
  C:\Windows\System\VmbLFBN.exe
  2⤵
  PID:8396
- C:\Windows\System\MvsvMDq.exe
  C:\Windows\System\MvsvMDq.exe
  2⤵
  PID:8580
- C:\Windows\System\ZelZkaM.exe
  C:\Windows\System\ZelZkaM.exe
  2⤵
  PID:8604
- C:\Windows\System\OkFGGmM.exe
  C:\Windows\System\OkFGGmM.exe
  2⤵
  PID:8600
- C:\Windows\System\hBPwMOr.exe
  C:\Windows\System\hBPwMOr.exe
  2⤵
  PID:8928
- C:\Windows\System\xzFXpwO.exe
  C:\Windows\System\xzFXpwO.exe
  2⤵
  PID:8984
- C:\Windows\System\RSQRsgd.exe
  C:\Windows\System\RSQRsgd.exe
  2⤵
  PID:8988
- C:\Windows\System\gwWxVPj.exe
  C:\Windows\System\gwWxVPj.exe
  2⤵
  PID:8804
- C:\Windows\System\fzgpcgh.exe
  C:\Windows\System\fzgpcgh.exe
  2⤵
  PID:8968
- C:\Windows\System\kKjRtwJ.exe
  C:\Windows\System\kKjRtwJ.exe
  2⤵
  PID:8244
- C:\Windows\System\kKgyVWH.exe
  C:\Windows\System\kKgyVWH.exe
  2⤵
  PID:8340
- C:\Windows\System\fjhjMPE.exe
  C:\Windows\System\fjhjMPE.exe
  2⤵
  PID:8524
- C:\Windows\System\ZUdLnCz.exe
  C:\Windows\System\ZUdLnCz.exe
  2⤵
  PID:8500
- C:\Windows\System\AbHbGMu.exe
  C:\Windows\System\AbHbGMu.exe
  2⤵
  PID:9060
- C:\Windows\System\oHqtaOS.exe
  C:\Windows\System\oHqtaOS.exe
  2⤵
  PID:9000
- C:\Windows\System\vqQSdnx.exe
  C:\Windows\System\vqQSdnx.exe
  2⤵
  PID:8956
- C:\Windows\System\zmYgUfQ.exe
  C:\Windows\System\zmYgUfQ.exe
  2⤵
  PID:9172
- C:\Windows\System\XKkyWmE.exe
  C:\Windows\System\XKkyWmE.exe
  2⤵
  PID:8248
- C:\Windows\System\IvbgXgK.exe
  C:\Windows\System\IvbgXgK.exe
  2⤵
  PID:9008
- C:\Windows\System\iBKydVr.exe
  C:\Windows\System\iBKydVr.exe
  2⤵
  PID:8756
- C:\Windows\System\NQTtekj.exe
  C:\Windows\System\NQTtekj.exe
  2⤵
  PID:9144
- C:\Windows\System\PWgdEFc.exe
  C:\Windows\System\PWgdEFc.exe
  2⤵
  PID:8864
- C:\Windows\System\VuWSzmZ.exe
  C:\Windows\System\VuWSzmZ.exe
  2⤵
  PID:8656
- C:\Windows\System\NMvBrKS.exe
  C:\Windows\System\NMvBrKS.exe
  2⤵
  PID:8228
- C:\Windows\System\iwSqVSd.exe
  C:\Windows\System\iwSqVSd.exe
  2⤵
  PID:9020
- C:\Windows\System\pGaWSpX.exe
  C:\Windows\System\pGaWSpX.exe
  2⤵
  PID:9208
- C:\Windows\System\zwfkasl.exe
  C:\Windows\System\zwfkasl.exe
  2⤵
  PID:9228
- C:\Windows\System\dretDyt.exe
  C:\Windows\System\dretDyt.exe
  2⤵
  PID:9252
- C:\Windows\System\OFwZtFu.exe
  C:\Windows\System\OFwZtFu.exe
  2⤵
  PID:9276
- C:\Windows\System\lRRxLkv.exe
  C:\Windows\System\lRRxLkv.exe
  2⤵
  PID:9292
- C:\Windows\System\DFClxuN.exe
  C:\Windows\System\DFClxuN.exe
  2⤵
  PID:9312
- C:\Windows\System\pYUzraC.exe
  C:\Windows\System\pYUzraC.exe
  2⤵
  PID:9328
- C:\Windows\System\pfigabO.exe
  C:\Windows\System\pfigabO.exe
  2⤵
  PID:9368
- C:\Windows\System\EzNUDQX.exe
  C:\Windows\System\EzNUDQX.exe
  2⤵
  PID:9388
- C:\Windows\System\Huzjpvv.exe
  C:\Windows\System\Huzjpvv.exe
  2⤵
  PID:9404
- C:\Windows\System\oWgLAdG.exe
  C:\Windows\System\oWgLAdG.exe
  2⤵
  PID:9424
- C:\Windows\System\noPJnme.exe
  C:\Windows\System\noPJnme.exe
  2⤵
  PID:9444
- C:\Windows\System\xLNgvqD.exe
  C:\Windows\System\xLNgvqD.exe
  2⤵
  PID:9460
- C:\Windows\System\rbTZDjE.exe
  C:\Windows\System\rbTZDjE.exe
  2⤵
  PID:9480
- C:\Windows\System\RlZWYhI.exe
  C:\Windows\System\RlZWYhI.exe
  2⤵
  PID:9496
- C:\Windows\System\dlEXUmA.exe
  C:\Windows\System\dlEXUmA.exe
  2⤵
  PID:9516
- C:\Windows\System\bcfqZnM.exe
  C:\Windows\System\bcfqZnM.exe
  2⤵
  PID:9532
- C:\Windows\System\EiVjNts.exe
  C:\Windows\System\EiVjNts.exe
  2⤵
  PID:9548
- C:\Windows\System\WeSSrRZ.exe
  C:\Windows\System\WeSSrRZ.exe
  2⤵
  PID:9564
- C:\Windows\System\sIEwIVH.exe
  C:\Windows\System\sIEwIVH.exe
  2⤵
  PID:9592
- C:\Windows\System\ZdoCXQl.exe
  C:\Windows\System\ZdoCXQl.exe
  2⤵
  PID:9608
- C:\Windows\System\AsZgvdD.exe
  C:\Windows\System\AsZgvdD.exe
  2⤵
  PID:9624
- C:\Windows\System\gyJdneu.exe
  C:\Windows\System\gyJdneu.exe
  2⤵
  PID:9684
- C:\Windows\System\oGpNPqx.exe
  C:\Windows\System\oGpNPqx.exe
  2⤵
  PID:9704
- C:\Windows\System\lYdwcfv.exe
  C:\Windows\System\lYdwcfv.exe
  2⤵
  PID:9724
- C:\Windows\System\oYMKcxq.exe
  C:\Windows\System\oYMKcxq.exe
  2⤵
  PID:9748
- C:\Windows\System\BESJoAs.exe
  C:\Windows\System\BESJoAs.exe
  2⤵
  PID:9784
- C:\Windows\System\yfkaAMu.exe
  C:\Windows\System\yfkaAMu.exe
  2⤵
  PID:9808
- C:\Windows\System\YgVpJxZ.exe
  C:\Windows\System\YgVpJxZ.exe
  2⤵
  PID:9828
- C:\Windows\System\ZrHkZBZ.exe
  C:\Windows\System\ZrHkZBZ.exe
  2⤵
  PID:9848
- C:\Windows\System\nkQxXeb.exe
  C:\Windows\System\nkQxXeb.exe
  2⤵
  PID:9868
- C:\Windows\System\fjQZDlt.exe
  C:\Windows\System\fjQZDlt.exe
  2⤵
  PID:9888
- C:\Windows\System\ivByIPM.exe
  C:\Windows\System\ivByIPM.exe
  2⤵
  PID:9904
- C:\Windows\System\fGOPDcz.exe
  C:\Windows\System\fGOPDcz.exe
  2⤵
  PID:9928
- C:\Windows\System\AtbUGPV.exe
  C:\Windows\System\AtbUGPV.exe
  2⤵
  PID:9948
- C:\Windows\System\DajnBhR.exe
  C:\Windows\System\DajnBhR.exe
  2⤵
  PID:9972
- C:\Windows\System\jepMEOk.exe
  C:\Windows\System\jepMEOk.exe
  2⤵
  PID:9988
- C:\Windows\System\upAZKIX.exe
  C:\Windows\System\upAZKIX.exe
  2⤵
  PID:10004
- C:\Windows\System\oSwoDLR.exe
  C:\Windows\System\oSwoDLR.exe
  2⤵
  PID:10024
- C:\Windows\System\dGlhkJA.exe
  C:\Windows\System\dGlhkJA.exe
  2⤵
  PID:10040
- C:\Windows\System\KHCaMGa.exe
  C:\Windows\System\KHCaMGa.exe
  2⤵
  PID:10060
- C:\Windows\System\vtybfmL.exe
  C:\Windows\System\vtybfmL.exe
  2⤵
  PID:10088
- C:\Windows\System\DxXbgLs.exe
  C:\Windows\System\DxXbgLs.exe
  2⤵
  PID:10108
- C:\Windows\System\qJDjHgl.exe
  C:\Windows\System\qJDjHgl.exe
  2⤵
  PID:10124
- C:\Windows\System\lAJwfsN.exe
  C:\Windows\System\lAJwfsN.exe
  2⤵
  PID:10144
- C:\Windows\System\FYlTbZL.exe
  C:\Windows\System\FYlTbZL.exe
  2⤵
  PID:10164
- C:\Windows\System\ePfPHqn.exe
  C:\Windows\System\ePfPHqn.exe
  2⤵
  PID:10180
- C:\Windows\System\FCVKJyO.exe
  C:\Windows\System\FCVKJyO.exe
  2⤵
  PID:10200
- C:\Windows\System\MSAjLdF.exe
  C:\Windows\System\MSAjLdF.exe
  2⤵
  PID:10216
- C:\Windows\System\TtZaJRZ.exe
  C:\Windows\System\TtZaJRZ.exe
  2⤵
  PID:10236
- C:\Windows\System\BsGTTXV.exe
  C:\Windows\System\BsGTTXV.exe
  2⤵
  PID:8556
- C:\Windows\System\YLrDwLx.exe
  C:\Windows\System\YLrDwLx.exe
  2⤵
  PID:9284
- C:\Windows\System\MlBJelJ.exe
  C:\Windows\System\MlBJelJ.exe
  2⤵
  PID:9304
- C:\Windows\System\GEKpIeW.exe
  C:\Windows\System\GEKpIeW.exe
  2⤵
  PID:9340
- C:\Windows\System\MvwfsLG.exe
  C:\Windows\System\MvwfsLG.exe
  2⤵
  PID:9352
- C:\Windows\System\BFPHCTI.exe
  C:\Windows\System\BFPHCTI.exe
  2⤵
  PID:9412
- C:\Windows\System\XHsVBNS.exe
  C:\Windows\System\XHsVBNS.exe
  2⤵
  PID:9452
- C:\Windows\System\nRrkyix.exe
  C:\Windows\System\nRrkyix.exe
  2⤵
  PID:9472
- C:\Windows\System\vuAdToH.exe
  C:\Windows\System\vuAdToH.exe
  2⤵
  PID:9492
- C:\Windows\System\SXouiwu.exe
  C:\Windows\System\SXouiwu.exe
  2⤵
  PID:9572
- C:\Windows\System\QJhHJKo.exe
  C:\Windows\System\QJhHJKo.exe
  2⤵
  PID:9540
- C:\Windows\System\nnBqSZT.exe
  C:\Windows\System\nnBqSZT.exe
  2⤵
  PID:9600
- C:\Windows\System\ZkFfdEt.exe
  C:\Windows\System\ZkFfdEt.exe
  2⤵
  PID:9660
- C:\Windows\System\fKWoNeB.exe
  C:\Windows\System\fKWoNeB.exe
  2⤵
  PID:9680
- C:\Windows\System\QHZAgWe.exe
  C:\Windows\System\QHZAgWe.exe
  2⤵
  PID:9356
- C:\Windows\System\idTsyvC.exe
  C:\Windows\System\idTsyvC.exe
  2⤵
  PID:9732
- C:\Windows\System\eMprdwh.exe
  C:\Windows\System\eMprdwh.exe
  2⤵
  PID:9796
- C:\Windows\System\ruhFpGP.exe
  C:\Windows\System\ruhFpGP.exe
  2⤵
  PID:9780
- C:\Windows\System\YfVNCXh.exe
  C:\Windows\System\YfVNCXh.exe
  2⤵
  PID:9880
- C:\Windows\System\CAnxZqP.exe
  C:\Windows\System\CAnxZqP.exe
  2⤵
  PID:9656
- C:\Windows\System\EQkSIdN.exe
  C:\Windows\System\EQkSIdN.exe
  2⤵
  PID:9900
- C:\Windows\System\TqROvWv.exe
  C:\Windows\System\TqROvWv.exe
  2⤵
  PID:9956
- C:\Windows\System\tARLjzl.exe
  C:\Windows\System\tARLjzl.exe
  2⤵
  PID:9964
- C:\Windows\System\MEhSHXo.exe
  C:\Windows\System\MEhSHXo.exe
  2⤵
  PID:10000
- C:\Windows\System\bJLSUkr.exe
  C:\Windows\System\bJLSUkr.exe
  2⤵
  PID:10052
- C:\Windows\System\NsPmXDE.exe
  C:\Windows\System\NsPmXDE.exe
  2⤵
  PID:9980
- C:\Windows\System\yCRERVL.exe
  C:\Windows\System\yCRERVL.exe
  2⤵
  PID:10012
- C:\Windows\System\DKysEqK.exe
  C:\Windows\System\DKysEqK.exe
  2⤵
  PID:10100
- C:\Windows\System\xPLYTwS.exe
  C:\Windows\System\xPLYTwS.exe
  2⤵
  PID:10160
- C:\Windows\System\LNUxFGM.exe
  C:\Windows\System\LNUxFGM.exe
  2⤵
  PID:10224
- C:\Windows\System\IsivBKs.exe
  C:\Windows\System\IsivBKs.exe
  2⤵
  PID:9224
- C:\Windows\System\gqexnPm.exe
  C:\Windows\System\gqexnPm.exe
  2⤵
  PID:10136
- C:\Windows\System\UbSWKrC.exe
  C:\Windows\System\UbSWKrC.exe
  2⤵
  PID:10208
- C:\Windows\System\NTIJVzk.exe
  C:\Windows\System\NTIJVzk.exe
  2⤵
  PID:9248
- C:\Windows\System\dcItbOX.exe
  C:\Windows\System\dcItbOX.exe
  2⤵
  PID:9320
- C:\Windows\System\bTmsUow.exe
  C:\Windows\System\bTmsUow.exe
  2⤵
  PID:9468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFPrLuL.exe

Filesize
6.0MB

MD5
1f1618c4dde8ac15b79059b14436f8e9

SHA1
90c83b2e3c9143fc32b55a6b73323bf3c43542af

SHA256
1ce5fff3c28437a60233dc2bb0e6204ebf3f6d2bf2c00bbba0304bdfb7c1c260

SHA512
cade5322b50ec6313464dfb5698bfaba143451aacfcfd54ec45ea0e07566aad04371defed5106ef18824e51b6eac27fc54391809e395e07034c83f20c8edba35

Download Submit
C:\Windows\system\AkoeVUy.exe

Filesize
6.0MB

MD5
462c0ed9f0fa34da110156774ac750b3

SHA1
a30fb155c7a339e1e665aca637190f05d189a98c

SHA256
a087f9d45826fcba0e8feccd2099d0e4742b2fc74497e4da84c23a8a1c5475e4

SHA512
037abd04011f8a0aa3e8791abad949fcc7e80e2ae53de61b6934bb84b73106af5ff3e652f10cc55373ec6346d5b8d5919c4a8035adc63fd8475a3d5abe694402

Download Submit
C:\Windows\system\DFtHwig.exe

Filesize
6.0MB

MD5
e7a701ea2b61b12d00b615a2f610137c

SHA1
6a6388f82244d243a04c616c756e28e399d3c82b

SHA256
202d7c0cc888ab8c5aeaab58e55f3cb6ae2006dac00be3d157a649d204b9266e

SHA512
5448eb282b17a989dab97fda9c6152e50469081eb7d5537f4f90643897b9ca1cf51ac41f2a727cc0ad1605467baa07611e929f8a65b8d613df71a52c9a0b9d35

Download Submit
C:\Windows\system\FMiclCL.exe

Filesize
6.0MB

MD5
27591fcaaf3918b3f42edd33e2be62fa

SHA1
d972bf25825a3970d7807091a83c6ce45645f326

SHA256
45e8c8b8851a389520e90ddc1bd24a0f1583c3bc92bd37420c1424caba2038be

SHA512
c18a53b8697ed006f4663454a1513e861de0edab59a6ccd48e437a77cb3561f943d49c8d3c5e3bb3b43265c11adfa0fc2f1abcfb6d7373b9dc9d3c06cc63df2a

Download Submit
C:\Windows\system\GRbROwi.exe

Filesize
6.0MB

MD5
508f19a266ccbf11451df73b60e22508

SHA1
f61bff04c815d786c26718cee4877b77e9c7c314

SHA256
7e73aac16f4197c18bf678231d12e9159db84b36adbdf7fb02e2f111f508825f

SHA512
80cb6d87b01dfce5cde12ec71ce0f24b19d696379dc83ff9551d3c2ae478e7bc4539e51e6e0bb3c7ac107d6b20697b889e49030b29215ad4b7e1f7e7f96e88d3

Download Submit
C:\Windows\system\HQOBiiU.exe

Filesize
6.0MB

MD5
208e2bcbe93bccd08e77a3e65382a39e

SHA1
1e069d03d919ec52a126787fde108dab5b1fb570

SHA256
9e71eb461b65aee8e4ee418b12f54c85dabb10234b405e51184ff094cc2ff7a8

SHA512
28ce9ec0d82e273a4ac3f07e5953f915ef7adaf2386dbcb9f4033e12691c89d95569120bc200b8ef4760bff74739251c263c354e64dd22d49cbd28d1adbdadab

Download Submit
C:\Windows\system\IldCqsg.exe

Filesize
6.0MB

MD5
428793a1981519c50a1486c4c48739d8

SHA1
b6bf24c53d28c2575566774535cc24d091f38823

SHA256
3bab4d4a8c6ccc4b29dd955c1a4ea3f9bf1b84fe40cf341b9b217be2bbd94c83

SHA512
24967598fee8d8efd4538f81ab12e3b18cc1fe2a708acd33a312f17c32581b5871369689eebb84194201aa9e76d02ae47f2e7bef8a8a0f4824e82f49d0760ddd

Download Submit
C:\Windows\system\IqFWbsK.exe

Filesize
6.0MB

MD5
aae5e056b8f1f46378f894ea60d6149a

SHA1
8550f160246385cf179e7250ae722f985e83a337

SHA256
1eaf470b709e9ea5d73c0b612292df6faafa0870d9127e76f1bfc3547e345ccc

SHA512
c1bf4de76e2496273e2c49a9f0217ada547ae09cc4baa3bd94969d6b7221a123403a8437e3f396a81802551d3dcb52c77eb543308782e780de9ed5c30841c1eb

Download Submit
C:\Windows\system\KQfaJvM.exe

Filesize
6.0MB

MD5
498d760cc4544752823b5ad87734ef4f

SHA1
fa48978185d139c52ae955dc7e2861066ba68921

SHA256
eb79191940ce3c248c3815ed3bec31f0e59a6e87cfd6b051134e2fe7379da5e7

SHA512
b9215d70c65ffb62af3ba7a2c831c4b3a2d87bd6fc15820e273e35a347e1fc6e2c5961a7b08628696cbfa31b5e3f91d67fe1471df08809108b8ffb6d7b803c3a

Download Submit
C:\Windows\system\PMIbzpT.exe

Filesize
6.0MB

MD5
107a04e99a6355b1c5fe86604bb75563

SHA1
92285277bfb83f458238bcb93d8ebf1ae30ac3c8

SHA256
3afb8c4b854e317cf9c79711ef72167d7ae1b13b6c6efc624987775d76863279

SHA512
3e3f32eab12e3f3d5c6fa8ab17944dbbffd20290a37bf287f576184263bd7c8d363f9add69921f6d92e6fac1f52b5537e5043a3c8d9c8e2ae4d43eb990ff2f54

Download Submit
C:\Windows\system\SekTiXS.exe

Filesize
6.0MB

MD5
3951339a73e136cfd2f2bb60cb2725c3

SHA1
0b936a5d9863f9d01b77e0328784bfe47658a055

SHA256
ed9d59ef977610508240f9042418140d8b4c9bf1b332f5da1f0ed650ae1eb3e3

SHA512
7a2a9cd7a9abb781e7f95af7ed2ce5ff504f5caac7202bda12ff1e22c108a56a5f424be717956274d8afbab92abdf7527a6a38e718e8497f19d9c7d62e022260

Download Submit
C:\Windows\system\SiVtSws.exe

Filesize
6.0MB

MD5
17a9c2b718aa857847130a2c860c796b

SHA1
28855ccd1359694948b8ef11cab7e39b39b7fb7d

SHA256
8cf9e25b0e5718ddbfbc9536cf51e7576a17f28263492142fd1ef7d3cf8bb707

SHA512
37e4a8d9c10e2564979c2529fcdb9e86be263558e7a298e14ae01c215be03d195da028fd288873a80adab05d69aa8992b104a2428dcd234a85c9d55082e0404f

Download Submit
C:\Windows\system\TSYcDUt.exe

Filesize
6.0MB

MD5
2406f9b919a2a593f81ca4605387a269

SHA1
5ca0e4dcd9ec359e92597c169aa9729ffbed2481

SHA256
906475bc672629fd092ba994ace7ecfe8eebebe28ab1af087e2742c4be4e2f9c

SHA512
d84dec1ef29e7d0552f8a7ae1f9e4cf65148373cb7c80c7e04f8314df2f7e300587545fcc73371782ca622089826d2f4794dd6ff9f42ac071980e5e85a681207

Download Submit
C:\Windows\system\TWbgDdb.exe

Filesize
6.0MB

MD5
dfc361c636067691c44c4c490a9cfd05

SHA1
749395f3f875cb1e85a22906f24e1544e471f9e8

SHA256
13dc1a633936ee21f64664cda80cc381ab09dba1f5c9c7361edc3b2c632a036a

SHA512
32f4168299fb7ab30f34710f0d57c3d1f1da4ad6814cea57ddcc2c5ff673cda0e1df7b5c47ba7220a6e1dc4c7f1f6fd4360f8fdcdba4a9934e56a47b66b07f3f

Download Submit
C:\Windows\system\UKhSruQ.exe

Filesize
6.0MB

MD5
f69850938031294a82cd26b4a2a37bce

SHA1
909990e193220a83d1958255279bf69378823fad

SHA256
3f6f5083d1bf961e047b405fc29d7401e10600cc7e959da6fcf921927cb32e9d

SHA512
417fec86625414efd8149c8f4b443a30895c9f0e0b81eea54a1b2f8ae6f4a74d48e213da5a621b66269067b860cbec041bef8389682f7a0fb2ddddb5795bc5e7

Download Submit
C:\Windows\system\VRGAAdV.exe

Filesize
6.0MB

MD5
f434f523bfd1f18e8be20a2bb961ce79

SHA1
5f122961d1488c541c5e8488216ca2125c0266a2

SHA256
6fe5e14e8be5fac2370686bd1bebdff84e2040b179f6da6dd48d50380d303061

SHA512
2a4cba7ef91d53aa6dd07013c9d452a543aac5f7f978442f2970d7fec644633de7855b174ed6fb70343034e6f47e782387ef001752ccc4b8b277530904718393

Download Submit
C:\Windows\system\aPevtnv.exe

Filesize
6.0MB

MD5
8e041028dd5834a5d4c190f8e957facd

SHA1
3de1dc5ad64ebc90c026f354996055935d807de4

SHA256
05be777a0607746e288368efb456e5a2ba232adb8fea04d2b5350993fe52308c

SHA512
59379a966aeb15b01e2022e2265b31c7ad8fef2debb5459ae00ab1937dc592f683a1ed80df7c146c43473fda003176ad49ba23bad2bef3a6bc03a24417b095d7

Download Submit
C:\Windows\system\cmLYZbw.exe

Filesize
6.0MB

MD5
83e613c7f3a011a9f7490b9bcf8f2fe9

SHA1
94091386553204778f5530919eba5d97f9e1138f

SHA256
41676650095a2de7f21b857d579252612f80be55bd19d0a68abb800378e8b6b8

SHA512
ed0077fb25133a57147616b1a63be40900963a7c0d5f9db7e7f080c2e630afb0ff21ebcc0cd30bd8822532a4aba2201498aa523674b52cb9fc2db0c6969f8f65

Download Submit
C:\Windows\system\deXRWDF.exe

Filesize
6.0MB

MD5
f6f6eda25d4296d974e022ca4f3d572d

SHA1
1a270d4c96a46a19c2f1c59442cd0429248c6c57

SHA256
734c32b45c41a7e506fb10645f2049383eb721aef6b94fc750b5d12b0383efe9

SHA512
cc1d09fe95aed8497fc900a49fdabb2b61313296e2c386798dc48b7ca34a42dad81826f888964ad0c408c84fe02195243e928fad75afcb4b3dffb78421d80c8d

Download Submit
C:\Windows\system\kbfWszo.exe

Filesize
6.0MB

MD5
2534b842228befe0270a2daa688c226f

SHA1
e766ac959bbf9ea5b7be34cb7e558552b9b2c1c8

SHA256
4217ad3ff4742451cc00897648193e87d29f0580bcb9bed2a8502c07c227b7b5

SHA512
67e86919511dce206c911362f30be1dfe62c28cde8905ca8776fe82d6e7648dd7d46dde47b26d338b4a82645a1e855603716856e0b52cb9038555509cc9284e5

Download Submit
C:\Windows\system\ltvCWrF.exe

Filesize
6.0MB

MD5
7e2d0df613f0a5a745bca608629e3ebb

SHA1
1cecba0b45d323b98de3f41e2ba259f28ddb8e1b

SHA256
24ebfaf0a0520eb290ba6c3145781768bdfdb59cdb304db341c86a8451acafb2

SHA512
a9199d80af162185d29d7f26a534110e4b1a1e20f692a7ba0d453d61e15533d968033b8f4b0e7b9081dceba3738aa8a9bab1f48c4c1a512f2c1113c6e3689fbc

Download Submit
C:\Windows\system\ncEutzk.exe

Filesize
6.0MB

MD5
8f322c4c6741d81c3e50bfd25bbb54c8

SHA1
74c211203092c0f897e26a26f6d7a61e75281567

SHA256
ce3c1bf391eef28f1ce2ff2685a6348e90e537b742bf9f6e88725f881f200b07

SHA512
7d439a35a3b50d245aa6c929914c58e890609dc62df0c178469f6e201c5580d61967e35f80e58233ebb0eb5c3272525b2b9f2a45e5e12adf96ecc0a252cc42ea

Download Submit
C:\Windows\system\pMtAiRy.exe

Filesize
6.0MB

MD5
b03dbd1d676d8468584cefd24d1d5e61

SHA1
871902951433de6e941a71f15a7dec3947e4d99c

SHA256
71406d07a6e45ae343ee53d8000d0e73a692c62be68cae27d9a370836689dc0e

SHA512
ca6cd77863fb1e74829fa3c3e7299ba4de4a522c49e0ebb03cd8c160180967d44e2d3b23cb0626b9f17ba1a03972d8a0b272f84df2dc61f65cc18de5435b24a0

Download Submit
C:\Windows\system\suiGaFx.exe

Filesize
6.0MB

MD5
e2bfcc28885da1fdd18e2cc9dd85633f

SHA1
b15d73fe691eff8b884b20dcb50b1bf6af5bbe60

SHA256
8624c2f701241162e9eada258422825f71fded7314bf8b21595464877adee3f2

SHA512
3a4a69c8e438a192d3ab17b8ae0cc43feeafdb9df27215ec724545c10a87aad622265e4100f0c7dddd0ecd0148197552c3ab05169dc55a68091d3517aaf8b67c

Download Submit
C:\Windows\system\uZYdIyn.exe

Filesize
6.0MB

MD5
a8414b4c2dcdcbc953c18aa5be0b70ba

SHA1
ae7f95cb14a2398d37741049a26cc7053ca15298

SHA256
225e1084e92f0ad61ad3190c550eb91895b03a8b8de651bc13b271f2834f848d

SHA512
b7722cd3664a793485715ebd127c0f16790448554a9a589f3fb102b4df132a237eb5f8d6ae3f1fec47a426867aa47ef3cc6a6a9b2f42ae15ef3ded2b10a91d87

Download Submit
C:\Windows\system\wcfpVja.exe

Filesize
6.0MB

MD5
f3a2fdd8b544289e2ab3e178555ab237

SHA1
434f2e7ac712cb0c06d6b86ef65abd459b28fbc3

SHA256
3f5ea104b1b8bf18c036c6bf67ffd25ef55a966f596d2d996010e84d407787e2

SHA512
1c4da3bc499f5113c13d68d0ec877ea31c9a411ca82d1a48f0d1f375d5cdc92b3a5eff921141fabbad87da3f6388c18b95993af1ef74d59e9f302174673aa764

Download Submit
C:\Windows\system\xEEwfGU.exe

Filesize
6.0MB

MD5
50fbc25f4ca0894e2c825b23c1fb93dc

SHA1
1a39e5c0b87d56511e88cf36d85abe596f1737a0

SHA256
832e364751eb5c1fc568f94ce1076b5c2b9e2f2768be149c8136507d31067371

SHA512
21e6d48ee11e35c3c3263c6b0b84efd952a80c09523f257d63a9394a602be036bf190b65f98073d6622807543ad40a7a2a6db3e58438ed9d610ce78eb947e266

Download Submit
\Windows\system\XfysUih.exe

Filesize
6.0MB

MD5
5c63111d53047a72a39d996fa1341ccb

SHA1
26ff2052b54bd2042bf5e09c64741e4507ec8865

SHA256
61b127d77cac10c60eb30a3c62d04d696e2b52fbabd44ce43cbe7061f3175a65

SHA512
3dc8c277b16751e9e721eb492d59a240298561c8eda34b7f6237c0fa2b944a32bae0e8736a2017626963e6080d63423458c6896fed9d687cc6accf364994652c

Download Submit
\Windows\system\gFAxNPx.exe

Filesize
6.0MB

MD5
6e604b175c7fcfa8a75cefaf16bdbfaa

SHA1
1f3426de22841f10e6910a261fc596480b108f06

SHA256
e2766b36920c6f8d5f0027ffe37a5364ffc1b00ec4a317d91cdcc8f8ff91e054

SHA512
8689219d13d91b5a9a0548e0a4f1f25b3720fa8414ae4a585bd1d85303bed7b254f2411f53a1a8cc415b45c83e8f6765c3a232f9cc17be0e9a4828beb60d9dae

Download Submit
\Windows\system\mkTWsnF.exe

Filesize
6.0MB

MD5
3e77fc6275fc4f99710eaafbc0f9b0ad

SHA1
e51be76a003d4cd18f3b5b5ac635e4a55891ccae

SHA256
43fd38e414f81c34f0dad848e7741bf8db18bca2dfb15a6f8050507707f32a92

SHA512
9c909225c647ef5258becc3e3f34b4b74c4d28843a01d7d1e21d011959b6959036d83ad2501945425d1fd63034eac76cfb44777e31e743c2c085ecfe8923dee3

Download Submit
\Windows\system\uycAdnx.exe

Filesize
6.0MB

MD5
bd00632e83fad6072f78abb1c7b995cd

SHA1
2a3525bf714d41bc7f0cc79890bf101528c3bea3

SHA256
cd51a4f5cc8ef182483d1bf7d591f14c940092edf2f9f06c456ccf494c199682

SHA512
98d9868573c71f62607745f9424393d7a354c45b03cc96533b78acd3c4a6492e84b69787495c98f40602ea8fed01f361249cc1e28a70c7f756b378200e8ff620

Download Submit
\Windows\system\xsFhFRp.exe

Filesize
6.0MB

MD5
f0017adcfb60861405815d845d18e65d

SHA1
0900f329d279499928b3ff184ce581b686a18dd0

SHA256
1adb8ae9bac55ec6191dd5f13a9bbf35d83c423588cb8930c619c4f66aac9c93

SHA512
83f5d89190f919bfb0801cdd1e4669eede26b93aa66e1170052c5965edbc232483cbf3de15c3948c1d5d87a0ddcc3301cf48a9e59e1cf5a8744e0f2767b19579

Download Submit
memory/1636-1468-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1621-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-34-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-48-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1636-661-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1636-63-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-662-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-28-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1123-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1636-653-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1636-0-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1636-81-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1120-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-64-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1859-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1796-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1636-37-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1636-651-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-19-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1802-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1636-1784-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1625-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1968-32-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3002-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1042-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-13-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2961-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2052-65-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2993-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-30-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-969-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2941-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2312-7-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2312-53-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2408-61-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2989-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-684-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3005-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2472-71-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2472-2980-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2472-25-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2604-62-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2999-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2604-1465-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4066-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2608-660-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1799-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1787-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4067-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-652-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4018-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2692-650-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3003-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-649-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2997-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-648-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2985-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3028-43-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1121-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download