cobaltstrike | f97d55fb08db907fe58c917a124d7fd352903b499dfda8d6a7ebada7472c1f35

Analysis

max time kernel
144s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

94a178d4b111afe03ec594b84783e8ce
SHA1

1a297359fe495306242b0992bc44cfa215fb7c3f
SHA256

f97d55fb08db907fe58c917a124d7fd352903b499dfda8d6a7ebada7472c1f35
SHA512

9e0eeb450859abe541f3b7309486a5e50962f157bf09561d7317468ee109dfe68d638eb23a3eeddf10e0d3ab2b081e2e3fb42b45c9c88ed2c0e93f28cfe228e2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000122d0-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-8.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186dd-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018718-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018710-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018766-52.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932d-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2284-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000122d0-3.dat	xmrig
behavioral1/files/0x00070000000186ca-8.dat	xmrig
behavioral1/files/0x00060000000186d9-15.dat	xmrig
behavioral1/memory/2216-20-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2308-22-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/1740-21-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186dd-23.dat	xmrig
behavioral1/memory/2884-36-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2284-38-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000018718-37.dat	xmrig
behavioral1/memory/2772-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018710-33.dat	xmrig
behavioral1/memory/2284-42-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2752-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2804-53-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019608-71.dat	xmrig
behavioral1/files/0x000500000001960a-78.dat	xmrig
behavioral1/files/0x0005000000019c34-115.dat	xmrig
behavioral1/files/0x0005000000019c3c-119.dat	xmrig
behavioral1/files/0x0005000000019cca-135.dat	xmrig
behavioral1/memory/2636-422-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/1680-884-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/352-883-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-174.dat	xmrig
behavioral1/files/0x000500000001a307-170.dat	xmrig
behavioral1/files/0x000500000001a09e-166.dat	xmrig
behavioral1/files/0x000500000001a07e-162.dat	xmrig
behavioral1/files/0x000500000001a075-158.dat	xmrig
behavioral1/files/0x0005000000019f94-154.dat	xmrig
behavioral1/files/0x0005000000019d8e-143.dat	xmrig
behavioral1/files/0x0005000000019dbf-141.dat	xmrig
behavioral1/files/0x0005000000019c57-128.dat	xmrig
behavioral1/files/0x0005000000019f8a-147.dat	xmrig
behavioral1/files/0x0005000000019926-109.dat	xmrig
behavioral1/memory/352-99-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-97.dat	xmrig
behavioral1/files/0x0005000000019667-95.dat	xmrig
behavioral1/files/0x0005000000019cba-134.dat	xmrig
behavioral1/files/0x0005000000019c3e-124.dat	xmrig
behavioral1/files/0x000500000001961c-88.dat	xmrig
behavioral1/memory/2284-108-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2752-83-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2468-82-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2804-107-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-105.dat	xmrig
behavioral1/memory/1680-103-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-86.dat	xmrig
behavioral1/memory/2704-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2636-67-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019606-64.dat	xmrig
behavioral1/memory/2792-61-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018766-52.dat	xmrig
behavioral1/files/0x000600000001932d-57.dat	xmrig
behavioral1/memory/2308-2864-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/1740-2866-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2216-2896-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2772-2895-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2884-2900-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2752-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2804-2983-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2792-3002-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2636-3017-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2468-3018-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1740	IBcpLcg.exe
2308	WbKaMPM.exe
2216	dhfAJbF.exe
2772	thtIWKT.exe
2884	eYFoVXL.exe
2752	xDuWYCY.exe
2804	YyTAtWf.exe
2792	ypUxqGq.exe
2636	GRxNeJD.exe
2704	NJZJdam.exe
2468	pVYqwRd.exe
352	zwlCkvx.exe
1680	XyJiMEt.exe
2696	CjOFqLH.exe
2012	SdlwQvq.exe
1220	KhXrORo.exe
3016	Gzmasla.exe
2040	GTcZVFy.exe
2908	BECzCBu.exe
2588	fSxvjfv.exe
2020	MZAWtGY.exe
1660	ANFOFkc.exe
1436	RabxZOn.exe
1756	PzVjhiU.exe
1180	jxPCVhR.exe
3068	miolylA.exe
2056	eYkdulT.exe
2556	yVVtBOv.exe
2076	AhPbQoc.exe
1300	NTZaCyw.exe
2188	EUyUzKI.exe
408	PtjeSFy.exe
1924	PqLBEMG.exe
952	oFXSVeg.exe
1076	TdVSpoQ.exe
1824	mvcQOgf.exe
372	NHPijiO.exe
2708	vTfRJTn.exe
1768	edZcWYl.exe
984	phBZxWb.exe
1016	WFgoEDV.exe
1060	rMZJeUQ.exe
616	dYkiQjD.exe
544	PssLVHg.exe
1572	mocLQTr.exe
2312	eIwNefl.exe
1980	fjEQuRg.exe
2360	ADLlKQW.exe
2100	EMVXcpY.exe
2240	RDyEZQN.exe
780	HArCPGr.exe
1976	bqvjDgf.exe
2252	SYpSIPD.exe
2712	cxYNQSp.exe
764	MmjWgiF.exe
1084	aHvMOLC.exe
1064	gNLKlHq.exe
1724	CaIWkRe.exe
1992	abwsPeS.exe
2172	vsNFSbq.exe
1712	pAhzbvo.exe
1616	ZobGEJG.exe
2192	DjuRfIM.exe
576	NibHWoU.exe

Loads dropped DLL 64 IoCs

pid	Process
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000a0000000122d0-3.dat	upx
behavioral1/files/0x00070000000186ca-8.dat	upx
behavioral1/files/0x00060000000186d9-15.dat	upx
behavioral1/memory/2216-20-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2308-22-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1740-21-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00060000000186dd-23.dat	upx
behavioral1/memory/2884-36-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0007000000018718-37.dat	upx
behavioral1/memory/2772-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0006000000018710-33.dat	upx
behavioral1/memory/2284-42-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2752-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2804-53-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0005000000019608-71.dat	upx
behavioral1/files/0x000500000001960a-78.dat	upx
behavioral1/files/0x0005000000019c34-115.dat	upx
behavioral1/files/0x0005000000019c3c-119.dat	upx
behavioral1/files/0x0005000000019cca-135.dat	upx
behavioral1/memory/2636-422-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/1680-884-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/352-883-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001a359-174.dat	upx
behavioral1/files/0x000500000001a307-170.dat	upx
behavioral1/files/0x000500000001a09e-166.dat	upx
behavioral1/files/0x000500000001a07e-162.dat	upx
behavioral1/files/0x000500000001a075-158.dat	upx
behavioral1/files/0x0005000000019f94-154.dat	upx
behavioral1/files/0x0005000000019d8e-143.dat	upx
behavioral1/files/0x0005000000019dbf-141.dat	upx
behavioral1/files/0x0005000000019c57-128.dat	upx
behavioral1/files/0x0005000000019f8a-147.dat	upx
behavioral1/files/0x0005000000019926-109.dat	upx
behavioral1/memory/352-99-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001961e-97.dat	upx
behavioral1/files/0x0005000000019667-95.dat	upx
behavioral1/files/0x0005000000019cba-134.dat	upx
behavioral1/files/0x0005000000019c3e-124.dat	upx
behavioral1/files/0x000500000001961c-88.dat	upx
behavioral1/memory/2752-83-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2468-82-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2804-107-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-105.dat	upx
behavioral1/memory/1680-103-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-86.dat	upx
behavioral1/memory/2704-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2636-67-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019606-64.dat	upx
behavioral1/memory/2792-61-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0007000000018766-52.dat	upx
behavioral1/files/0x000600000001932d-57.dat	upx
behavioral1/memory/2308-2864-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1740-2866-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2216-2896-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2772-2895-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2884-2900-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2752-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2804-2983-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2792-3002-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2636-3017-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2468-3018-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2704-3036-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/352-3053-0x000000013F640000-0x000000013F994000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JKxIoUj.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywJEptk.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSomSCM.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTscldV.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIyMoNS.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdHOrKs.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnThQdO.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfcJBDl.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COXcbMf.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLNwsYG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZzdgKc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzloOSI.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMMlNMG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeVYpvP.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMZjqTp.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXwtuuc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqBpPSE.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsVcrRf.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuCmogE.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMosYdb.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMUvdyH.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGzVHet.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjjMXIU.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmcGfhH.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwYARDY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMTLXDh.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQQjcId.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcDCyDu.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRpQwow.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOGTncc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPzbrBN.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnasRxl.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDDfpOj.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXZXOGA.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snHcKGO.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkWdiQY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAUeBid.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrIFRbE.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLYxWEa.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynTrDsG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKeTTer.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwoCMJN.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxoNZVj.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEFhdNq.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANFOFkc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXDCOZZ.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BymRHmi.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnXLEpX.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKVKsQm.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLQWjGc.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvKevAI.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXxLltr.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFVWjON.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcZZptf.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfOvxTG.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHRNYvH.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reISJaa.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmVdLon.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJXisxb.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfTsRvT.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUOrTUP.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSrIjEu.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMagwmR.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZAWtGY.exe	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1740	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 1740	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 1740	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 2308	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2308	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2308	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2216	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 2216	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 2216	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 2772	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 2772	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 2772	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 2884	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 2884	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 2884	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 2752	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 2752	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 2752	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 2804	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2804	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2804	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2792	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2792	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2792	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2636	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2636	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2636	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2704	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2704	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2704	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2468	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 2468	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 2468	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 352	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 352	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 352	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 1220	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 1220	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 1220	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 1680	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 1680	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 1680	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 3016	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 3016	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 3016	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 2696	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 2696	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 2696	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 2908	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 2908	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 2908	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 2012	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 2012	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 2012	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 2588	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2284 wrote to memory of 2588	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2284 wrote to memory of 2588	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2284 wrote to memory of 2040	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2284 wrote to memory of 2040	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2284 wrote to memory of 2040	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2284 wrote to memory of 1756	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2284 wrote to memory of 1756	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2284 wrote to memory of 1756	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2284 wrote to memory of 2020	2284	2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_94a178d4b111afe03ec594b84783e8ce_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\System\IBcpLcg.exe
  C:\Windows\System\IBcpLcg.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\WbKaMPM.exe
  C:\Windows\System\WbKaMPM.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\dhfAJbF.exe
  C:\Windows\System\dhfAJbF.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\thtIWKT.exe
  C:\Windows\System\thtIWKT.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\eYFoVXL.exe
  C:\Windows\System\eYFoVXL.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\xDuWYCY.exe
  C:\Windows\System\xDuWYCY.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\YyTAtWf.exe
  C:\Windows\System\YyTAtWf.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ypUxqGq.exe
  C:\Windows\System\ypUxqGq.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GRxNeJD.exe
  C:\Windows\System\GRxNeJD.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\NJZJdam.exe
  C:\Windows\System\NJZJdam.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pVYqwRd.exe
  C:\Windows\System\pVYqwRd.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\zwlCkvx.exe
  C:\Windows\System\zwlCkvx.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\KhXrORo.exe
  C:\Windows\System\KhXrORo.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\XyJiMEt.exe
  C:\Windows\System\XyJiMEt.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\Gzmasla.exe
  C:\Windows\System\Gzmasla.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\CjOFqLH.exe
  C:\Windows\System\CjOFqLH.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\BECzCBu.exe
  C:\Windows\System\BECzCBu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SdlwQvq.exe
  C:\Windows\System\SdlwQvq.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fSxvjfv.exe
  C:\Windows\System\fSxvjfv.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\GTcZVFy.exe
  C:\Windows\System\GTcZVFy.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\PzVjhiU.exe
  C:\Windows\System\PzVjhiU.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\MZAWtGY.exe
  C:\Windows\System\MZAWtGY.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\jxPCVhR.exe
  C:\Windows\System\jxPCVhR.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\ANFOFkc.exe
  C:\Windows\System\ANFOFkc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\miolylA.exe
  C:\Windows\System\miolylA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\RabxZOn.exe
  C:\Windows\System\RabxZOn.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\eYkdulT.exe
  C:\Windows\System\eYkdulT.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\yVVtBOv.exe
  C:\Windows\System\yVVtBOv.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\AhPbQoc.exe
  C:\Windows\System\AhPbQoc.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\NTZaCyw.exe
  C:\Windows\System\NTZaCyw.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\EUyUzKI.exe
  C:\Windows\System\EUyUzKI.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\PtjeSFy.exe
  C:\Windows\System\PtjeSFy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\PqLBEMG.exe
  C:\Windows\System\PqLBEMG.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\oFXSVeg.exe
  C:\Windows\System\oFXSVeg.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\TdVSpoQ.exe
  C:\Windows\System\TdVSpoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\mvcQOgf.exe
  C:\Windows\System\mvcQOgf.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\NHPijiO.exe
  C:\Windows\System\NHPijiO.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\vTfRJTn.exe
  C:\Windows\System\vTfRJTn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\edZcWYl.exe
  C:\Windows\System\edZcWYl.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\phBZxWb.exe
  C:\Windows\System\phBZxWb.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\rMZJeUQ.exe
  C:\Windows\System\rMZJeUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\WFgoEDV.exe
  C:\Windows\System\WFgoEDV.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\dYkiQjD.exe
  C:\Windows\System\dYkiQjD.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\PssLVHg.exe
  C:\Windows\System\PssLVHg.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\mocLQTr.exe
  C:\Windows\System\mocLQTr.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\eIwNefl.exe
  C:\Windows\System\eIwNefl.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ADLlKQW.exe
  C:\Windows\System\ADLlKQW.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\fjEQuRg.exe
  C:\Windows\System\fjEQuRg.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\EMVXcpY.exe
  C:\Windows\System\EMVXcpY.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\RDyEZQN.exe
  C:\Windows\System\RDyEZQN.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\HArCPGr.exe
  C:\Windows\System\HArCPGr.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\bqvjDgf.exe
  C:\Windows\System\bqvjDgf.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\cxYNQSp.exe
  C:\Windows\System\cxYNQSp.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SYpSIPD.exe
  C:\Windows\System\SYpSIPD.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\aHvMOLC.exe
  C:\Windows\System\aHvMOLC.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MmjWgiF.exe
  C:\Windows\System\MmjWgiF.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\abwsPeS.exe
  C:\Windows\System\abwsPeS.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\gNLKlHq.exe
  C:\Windows\System\gNLKlHq.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\vsNFSbq.exe
  C:\Windows\System\vsNFSbq.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\CaIWkRe.exe
  C:\Windows\System\CaIWkRe.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\pAhzbvo.exe
  C:\Windows\System\pAhzbvo.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\ZobGEJG.exe
  C:\Windows\System\ZobGEJG.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\NibHWoU.exe
  C:\Windows\System\NibHWoU.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\DjuRfIM.exe
  C:\Windows\System\DjuRfIM.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\RViTgdx.exe
  C:\Windows\System\RViTgdx.exe
  2⤵
  PID:1484
- C:\Windows\System\WrMoLxY.exe
  C:\Windows\System\WrMoLxY.exe
  2⤵
  PID:2780
- C:\Windows\System\hfrJZhB.exe
  C:\Windows\System\hfrJZhB.exe
  2⤵
  PID:2952
- C:\Windows\System\DNXbqcE.exe
  C:\Windows\System\DNXbqcE.exe
  2⤵
  PID:2720
- C:\Windows\System\GZYCtAq.exe
  C:\Windows\System\GZYCtAq.exe
  2⤵
  PID:1444
- C:\Windows\System\htlrOcn.exe
  C:\Windows\System\htlrOcn.exe
  2⤵
  PID:2964
- C:\Windows\System\iRmGZJP.exe
  C:\Windows\System\iRmGZJP.exe
  2⤵
  PID:2768
- C:\Windows\System\tRCzCBm.exe
  C:\Windows\System\tRCzCBm.exe
  2⤵
  PID:2684
- C:\Windows\System\JXbIvon.exe
  C:\Windows\System\JXbIvon.exe
  2⤵
  PID:1632
- C:\Windows\System\owCcZUO.exe
  C:\Windows\System\owCcZUO.exe
  2⤵
  PID:3008
- C:\Windows\System\PeJvOrS.exe
  C:\Windows\System\PeJvOrS.exe
  2⤵
  PID:2512
- C:\Windows\System\CRTecXT.exe
  C:\Windows\System\CRTecXT.exe
  2⤵
  PID:1896
- C:\Windows\System\BIClzcT.exe
  C:\Windows\System\BIClzcT.exe
  2⤵
  PID:2036
- C:\Windows\System\kFtwkEP.exe
  C:\Windows\System\kFtwkEP.exe
  2⤵
  PID:2688
- C:\Windows\System\PKDoaBB.exe
  C:\Windows\System\PKDoaBB.exe
  2⤵
  PID:3012
- C:\Windows\System\tcMRDEb.exe
  C:\Windows\System\tcMRDEb.exe
  2⤵
  PID:1876
- C:\Windows\System\HgqYoMJ.exe
  C:\Windows\System\HgqYoMJ.exe
  2⤵
  PID:3056
- C:\Windows\System\WbBoZWc.exe
  C:\Windows\System\WbBoZWc.exe
  2⤵
  PID:1952
- C:\Windows\System\iJZdKnz.exe
  C:\Windows\System\iJZdKnz.exe
  2⤵
  PID:2848
- C:\Windows\System\iFpOXOL.exe
  C:\Windows\System\iFpOXOL.exe
  2⤵
  PID:644
- C:\Windows\System\jppSdzx.exe
  C:\Windows\System\jppSdzx.exe
  2⤵
  PID:1628
- C:\Windows\System\dHQfcOu.exe
  C:\Windows\System\dHQfcOu.exe
  2⤵
  PID:2516
- C:\Windows\System\JNRJXjN.exe
  C:\Windows\System\JNRJXjN.exe
  2⤵
  PID:1948
- C:\Windows\System\kvhyGgn.exe
  C:\Windows\System\kvhyGgn.exe
  2⤵
  PID:1500
- C:\Windows\System\ZkIJwDU.exe
  C:\Windows\System\ZkIJwDU.exe
  2⤵
  PID:1544
- C:\Windows\System\evrvYea.exe
  C:\Windows\System\evrvYea.exe
  2⤵
  PID:1812
- C:\Windows\System\FHgiHAE.exe
  C:\Windows\System\FHgiHAE.exe
  2⤵
  PID:1104
- C:\Windows\System\eiprTxs.exe
  C:\Windows\System\eiprTxs.exe
  2⤵
  PID:1592
- C:\Windows\System\UGJnzcG.exe
  C:\Windows\System\UGJnzcG.exe
  2⤵
  PID:1308
- C:\Windows\System\PKwswds.exe
  C:\Windows\System\PKwswds.exe
  2⤵
  PID:1408
- C:\Windows\System\luRpxEw.exe
  C:\Windows\System\luRpxEw.exe
  2⤵
  PID:580
- C:\Windows\System\xeJIThP.exe
  C:\Windows\System\xeJIThP.exe
  2⤵
  PID:2044
- C:\Windows\System\TTCUwGJ.exe
  C:\Windows\System\TTCUwGJ.exe
  2⤵
  PID:2400
- C:\Windows\System\cTPjprS.exe
  C:\Windows\System\cTPjprS.exe
  2⤵
  PID:2292
- C:\Windows\System\HpuNEZP.exe
  C:\Windows\System\HpuNEZP.exe
  2⤵
  PID:1612
- C:\Windows\System\yZuFZop.exe
  C:\Windows\System\yZuFZop.exe
  2⤵
  PID:740
- C:\Windows\System\mwitJce.exe
  C:\Windows\System\mwitJce.exe
  2⤵
  PID:2184
- C:\Windows\System\WOKcurQ.exe
  C:\Windows\System\WOKcurQ.exe
  2⤵
  PID:2812
- C:\Windows\System\UsjunDC.exe
  C:\Windows\System\UsjunDC.exe
  2⤵
  PID:2624
- C:\Windows\System\wvhZJVG.exe
  C:\Windows\System\wvhZJVG.exe
  2⤵
  PID:2656
- C:\Windows\System\mpWEofZ.exe
  C:\Windows\System\mpWEofZ.exe
  2⤵
  PID:2920
- C:\Windows\System\TkyrHOp.exe
  C:\Windows\System\TkyrHOp.exe
  2⤵
  PID:1664
- C:\Windows\System\vclcwWd.exe
  C:\Windows\System\vclcwWd.exe
  2⤵
  PID:1512
- C:\Windows\System\rkpbeLq.exe
  C:\Windows\System\rkpbeLq.exe
  2⤵
  PID:1028
- C:\Windows\System\gUFHqtd.exe
  C:\Windows\System\gUFHqtd.exe
  2⤵
  PID:1448
- C:\Windows\System\SqwWzrX.exe
  C:\Windows\System\SqwWzrX.exe
  2⤵
  PID:3088
- C:\Windows\System\TfZwzai.exe
  C:\Windows\System\TfZwzai.exe
  2⤵
  PID:3104
- C:\Windows\System\DrVhmPV.exe
  C:\Windows\System\DrVhmPV.exe
  2⤵
  PID:3120
- C:\Windows\System\YAhGJCV.exe
  C:\Windows\System\YAhGJCV.exe
  2⤵
  PID:3136
- C:\Windows\System\pjHjWly.exe
  C:\Windows\System\pjHjWly.exe
  2⤵
  PID:3152
- C:\Windows\System\KYdGOiS.exe
  C:\Windows\System\KYdGOiS.exe
  2⤵
  PID:3176
- C:\Windows\System\tYBxEQZ.exe
  C:\Windows\System\tYBxEQZ.exe
  2⤵
  PID:3224
- C:\Windows\System\tXMZWAC.exe
  C:\Windows\System\tXMZWAC.exe
  2⤵
  PID:3272
- C:\Windows\System\lvNUZdy.exe
  C:\Windows\System\lvNUZdy.exe
  2⤵
  PID:3324
- C:\Windows\System\NvoyBSl.exe
  C:\Windows\System\NvoyBSl.exe
  2⤵
  PID:3372
- C:\Windows\System\EGMUlFe.exe
  C:\Windows\System\EGMUlFe.exe
  2⤵
  PID:3404
- C:\Windows\System\aUHoTcp.exe
  C:\Windows\System\aUHoTcp.exe
  2⤵
  PID:3452
- C:\Windows\System\aSwhmjO.exe
  C:\Windows\System\aSwhmjO.exe
  2⤵
  PID:3488
- C:\Windows\System\zwJOlrs.exe
  C:\Windows\System\zwJOlrs.exe
  2⤵
  PID:3508
- C:\Windows\System\bKEvXPf.exe
  C:\Windows\System\bKEvXPf.exe
  2⤵
  PID:3524
- C:\Windows\System\gCEqKTY.exe
  C:\Windows\System\gCEqKTY.exe
  2⤵
  PID:3544
- C:\Windows\System\qOhIqkj.exe
  C:\Windows\System\qOhIqkj.exe
  2⤵
  PID:3616
- C:\Windows\System\wBLWDty.exe
  C:\Windows\System\wBLWDty.exe
  2⤵
  PID:3848
- C:\Windows\System\ekcrSFa.exe
  C:\Windows\System\ekcrSFa.exe
  2⤵
  PID:3864
- C:\Windows\System\UIGgEFy.exe
  C:\Windows\System\UIGgEFy.exe
  2⤵
  PID:3880
- C:\Windows\System\xzezrpm.exe
  C:\Windows\System\xzezrpm.exe
  2⤵
  PID:3896
- C:\Windows\System\lReHJpO.exe
  C:\Windows\System\lReHJpO.exe
  2⤵
  PID:3916
- C:\Windows\System\ETCGXdA.exe
  C:\Windows\System\ETCGXdA.exe
  2⤵
  PID:3932
- C:\Windows\System\NqwlJDP.exe
  C:\Windows\System\NqwlJDP.exe
  2⤵
  PID:3956
- C:\Windows\System\yKsvKqy.exe
  C:\Windows\System\yKsvKqy.exe
  2⤵
  PID:3980
- C:\Windows\System\sjXTMtU.exe
  C:\Windows\System\sjXTMtU.exe
  2⤵
  PID:4000
- C:\Windows\System\UdHOrKs.exe
  C:\Windows\System\UdHOrKs.exe
  2⤵
  PID:4032
- C:\Windows\System\TemTyAY.exe
  C:\Windows\System\TemTyAY.exe
  2⤵
  PID:4052
- C:\Windows\System\iXrJqEz.exe
  C:\Windows\System\iXrJqEz.exe
  2⤵
  PID:4072
- C:\Windows\System\vGtGVDB.exe
  C:\Windows\System\vGtGVDB.exe
  2⤵
  PID:4092
- C:\Windows\System\aVHCmrk.exe
  C:\Windows\System\aVHCmrk.exe
  2⤵
  PID:2316
- C:\Windows\System\vqxkySp.exe
  C:\Windows\System\vqxkySp.exe
  2⤵
  PID:2440
- C:\Windows\System\QWfJroh.exe
  C:\Windows\System\QWfJroh.exe
  2⤵
  PID:2328
- C:\Windows\System\AwRBSxm.exe
  C:\Windows\System\AwRBSxm.exe
  2⤵
  PID:2732
- C:\Windows\System\qgczFGA.exe
  C:\Windows\System\qgczFGA.exe
  2⤵
  PID:1624
- C:\Windows\System\FdvJcuD.exe
  C:\Windows\System\FdvJcuD.exe
  2⤵
  PID:1656
- C:\Windows\System\FhoCGSw.exe
  C:\Windows\System\FhoCGSw.exe
  2⤵
  PID:2536
- C:\Windows\System\cTwvFCl.exe
  C:\Windows\System\cTwvFCl.exe
  2⤵
  PID:2572
- C:\Windows\System\qIrWIkT.exe
  C:\Windows\System\qIrWIkT.exe
  2⤵
  PID:2096
- C:\Windows\System\ZXxLltr.exe
  C:\Windows\System\ZXxLltr.exe
  2⤵
  PID:2128
- C:\Windows\System\KkNLteu.exe
  C:\Windows\System\KkNLteu.exe
  2⤵
  PID:3236
- C:\Windows\System\tjAzAOs.exe
  C:\Windows\System\tjAzAOs.exe
  2⤵
  PID:3340
- C:\Windows\System\rZlPApf.exe
  C:\Windows\System\rZlPApf.exe
  2⤵
  PID:3360
- C:\Windows\System\RdNMEST.exe
  C:\Windows\System\RdNMEST.exe
  2⤵
  PID:3416
- C:\Windows\System\ZVzDDzL.exe
  C:\Windows\System\ZVzDDzL.exe
  2⤵
  PID:3436
- C:\Windows\System\qzcsYei.exe
  C:\Windows\System\qzcsYei.exe
  2⤵
  PID:1376
- C:\Windows\System\IKULbEA.exe
  C:\Windows\System\IKULbEA.exe
  2⤵
  PID:2344
- C:\Windows\System\auKILGO.exe
  C:\Windows\System\auKILGO.exe
  2⤵
  PID:2244
- C:\Windows\System\xUxOQsh.exe
  C:\Windows\System\xUxOQsh.exe
  2⤵
  PID:3540
- C:\Windows\System\arhaOys.exe
  C:\Windows\System\arhaOys.exe
  2⤵
  PID:3636
- C:\Windows\System\qjSGJcu.exe
  C:\Windows\System\qjSGJcu.exe
  2⤵
  PID:3652
- C:\Windows\System\fOaSsdc.exe
  C:\Windows\System\fOaSsdc.exe
  2⤵
  PID:3676
- C:\Windows\System\ZdasFmP.exe
  C:\Windows\System\ZdasFmP.exe
  2⤵
  PID:3692
- C:\Windows\System\OWjmdZP.exe
  C:\Windows\System\OWjmdZP.exe
  2⤵
  PID:3144
- C:\Windows\System\SkWdiQY.exe
  C:\Windows\System\SkWdiQY.exe
  2⤵
  PID:3200
- C:\Windows\System\ulxlYVY.exe
  C:\Windows\System\ulxlYVY.exe
  2⤵
  PID:3280
- C:\Windows\System\RsbKSHB.exe
  C:\Windows\System\RsbKSHB.exe
  2⤵
  PID:3300
- C:\Windows\System\OonCEPO.exe
  C:\Windows\System\OonCEPO.exe
  2⤵
  PID:3316
- C:\Windows\System\qZMiqZu.exe
  C:\Windows\System\qZMiqZu.exe
  2⤵
  PID:3400
- C:\Windows\System\dQAeUfx.exe
  C:\Windows\System\dQAeUfx.exe
  2⤵
  PID:3476
- C:\Windows\System\WbvIHnv.exe
  C:\Windows\System\WbvIHnv.exe
  2⤵
  PID:3520
- C:\Windows\System\ptFslzh.exe
  C:\Windows\System\ptFslzh.exe
  2⤵
  PID:3708
- C:\Windows\System\EKouevD.exe
  C:\Windows\System\EKouevD.exe
  2⤵
  PID:3116
- C:\Windows\System\GpqxhqF.exe
  C:\Windows\System\GpqxhqF.exe
  2⤵
  PID:3044
- C:\Windows\System\TCtDfTQ.exe
  C:\Windows\System\TCtDfTQ.exe
  2⤵
  PID:3732
- C:\Windows\System\ORAqasu.exe
  C:\Windows\System\ORAqasu.exe
  2⤵
  PID:3756
- C:\Windows\System\BHqLxvj.exe
  C:\Windows\System\BHqLxvj.exe
  2⤵
  PID:3772
- C:\Windows\System\kHjYlyN.exe
  C:\Windows\System\kHjYlyN.exe
  2⤵
  PID:3792
- C:\Windows\System\jrILXlh.exe
  C:\Windows\System\jrILXlh.exe
  2⤵
  PID:3808
- C:\Windows\System\EdWXacH.exe
  C:\Windows\System\EdWXacH.exe
  2⤵
  PID:3824
- C:\Windows\System\bpwHksD.exe
  C:\Windows\System\bpwHksD.exe
  2⤵
  PID:3844
- C:\Windows\System\VOkvNUy.exe
  C:\Windows\System\VOkvNUy.exe
  2⤵
  PID:3908
- C:\Windows\System\wcXaGbh.exe
  C:\Windows\System\wcXaGbh.exe
  2⤵
  PID:3952
- C:\Windows\System\hQGXzcs.exe
  C:\Windows\System\hQGXzcs.exe
  2⤵
  PID:3996
- C:\Windows\System\CWawYGS.exe
  C:\Windows\System\CWawYGS.exe
  2⤵
  PID:3928
- C:\Windows\System\ujvvlfA.exe
  C:\Windows\System\ujvvlfA.exe
  2⤵
  PID:4016
- C:\Windows\System\OUfhsuA.exe
  C:\Windows\System\OUfhsuA.exe
  2⤵
  PID:4048
- C:\Windows\System\WMosYdb.exe
  C:\Windows\System\WMosYdb.exe
  2⤵
  PID:4068
- C:\Windows\System\odxzszT.exe
  C:\Windows\System\odxzszT.exe
  2⤵
  PID:1276
- C:\Windows\System\OdjFdYb.exe
  C:\Windows\System\OdjFdYb.exe
  2⤵
  PID:1080
- C:\Windows\System\JTMOocb.exe
  C:\Windows\System\JTMOocb.exe
  2⤵
  PID:2340
- C:\Windows\System\jHPcnFD.exe
  C:\Windows\System\jHPcnFD.exe
  2⤵
  PID:3132
- C:\Windows\System\EyJqSlC.exe
  C:\Windows\System\EyJqSlC.exe
  2⤵
  PID:3172
- C:\Windows\System\yYLsbaG.exe
  C:\Windows\System\yYLsbaG.exe
  2⤵
  PID:3240
- C:\Windows\System\GMzbjft.exe
  C:\Windows\System\GMzbjft.exe
  2⤵
  PID:3256
- C:\Windows\System\rItqhgh.exe
  C:\Windows\System\rItqhgh.exe
  2⤵
  PID:3248
- C:\Windows\System\bDyQMHs.exe
  C:\Windows\System\bDyQMHs.exe
  2⤵
  PID:3448
- C:\Windows\System\mUyqKZh.exe
  C:\Windows\System\mUyqKZh.exe
  2⤵
  PID:3352
- C:\Windows\System\gsejxVk.exe
  C:\Windows\System\gsejxVk.exe
  2⤵
  PID:1136
- C:\Windows\System\TDmHSEX.exe
  C:\Windows\System\TDmHSEX.exe
  2⤵
  PID:3532
- C:\Windows\System\RVoigls.exe
  C:\Windows\System\RVoigls.exe
  2⤵
  PID:3664
- C:\Windows\System\nwPoPzs.exe
  C:\Windows\System\nwPoPzs.exe
  2⤵
  PID:3212
- C:\Windows\System\atseUGe.exe
  C:\Windows\System\atseUGe.exe
  2⤵
  PID:3464
- C:\Windows\System\tvSVJtB.exe
  C:\Windows\System\tvSVJtB.exe
  2⤵
  PID:3084
- C:\Windows\System\raYpYri.exe
  C:\Windows\System\raYpYri.exe
  2⤵
  PID:3688
- C:\Windows\System\MhYnYmf.exe
  C:\Windows\System\MhYnYmf.exe
  2⤵
  PID:3196
- C:\Windows\System\WRzdYEy.exe
  C:\Windows\System\WRzdYEy.exe
  2⤵
  PID:3292
- C:\Windows\System\qHmhtCQ.exe
  C:\Windows\System\qHmhtCQ.exe
  2⤵
  PID:3752
- C:\Windows\System\hUFJzXc.exe
  C:\Windows\System\hUFJzXc.exe
  2⤵
  PID:3484
- C:\Windows\System\MZmlnRZ.exe
  C:\Windows\System\MZmlnRZ.exe
  2⤵
  PID:3876
- C:\Windows\System\XTjMjxh.exe
  C:\Windows\System\XTjMjxh.exe
  2⤵
  PID:3728
- C:\Windows\System\hqjjBzM.exe
  C:\Windows\System\hqjjBzM.exe
  2⤵
  PID:3988
- C:\Windows\System\yCHdDyH.exe
  C:\Windows\System\yCHdDyH.exe
  2⤵
  PID:4080
- C:\Windows\System\NaZtHir.exe
  C:\Windows\System\NaZtHir.exe
  2⤵
  PID:3832
- C:\Windows\System\girKAXf.exe
  C:\Windows\System\girKAXf.exe
  2⤵
  PID:3836
- C:\Windows\System\twxkTYr.exe
  C:\Windows\System\twxkTYr.exe
  2⤵
  PID:1964
- C:\Windows\System\pLsePJp.exe
  C:\Windows\System\pLsePJp.exe
  2⤵
  PID:4028
- C:\Windows\System\OTdTUoF.exe
  C:\Windows\System\OTdTUoF.exe
  2⤵
  PID:3948
- C:\Windows\System\TjbDvzJ.exe
  C:\Windows\System\TjbDvzJ.exe
  2⤵
  PID:2528
- C:\Windows\System\rbXfxRa.exe
  C:\Windows\System\rbXfxRa.exe
  2⤵
  PID:3096
- C:\Windows\System\pwUTirE.exe
  C:\Windows\System\pwUTirE.exe
  2⤵
  PID:3268
- C:\Windows\System\wHjCLvn.exe
  C:\Windows\System\wHjCLvn.exe
  2⤵
  PID:3412
- C:\Windows\System\zvTfHTV.exe
  C:\Windows\System\zvTfHTV.exe
  2⤵
  PID:3164
- C:\Windows\System\ESORhwT.exe
  C:\Windows\System\ESORhwT.exe
  2⤵
  PID:3496
- C:\Windows\System\ZkAerYz.exe
  C:\Windows\System\ZkAerYz.exe
  2⤵
  PID:3568
- C:\Windows\System\koRAVgG.exe
  C:\Windows\System\koRAVgG.exe
  2⤵
  PID:3080
- C:\Windows\System\KPpvqDY.exe
  C:\Windows\System\KPpvqDY.exe
  2⤵
  PID:3816
- C:\Windows\System\vyEYGiJ.exe
  C:\Windows\System\vyEYGiJ.exe
  2⤵
  PID:4104
- C:\Windows\System\nJPBuAJ.exe
  C:\Windows\System\nJPBuAJ.exe
  2⤵
  PID:4124
- C:\Windows\System\IavyzLn.exe
  C:\Windows\System\IavyzLn.exe
  2⤵
  PID:4140
- C:\Windows\System\FHdbcgx.exe
  C:\Windows\System\FHdbcgx.exe
  2⤵
  PID:4164
- C:\Windows\System\KLMurmx.exe
  C:\Windows\System\KLMurmx.exe
  2⤵
  PID:4184
- C:\Windows\System\mPndATx.exe
  C:\Windows\System\mPndATx.exe
  2⤵
  PID:4200
- C:\Windows\System\VcznzCM.exe
  C:\Windows\System\VcznzCM.exe
  2⤵
  PID:4224
- C:\Windows\System\bmPqjyL.exe
  C:\Windows\System\bmPqjyL.exe
  2⤵
  PID:4244
- C:\Windows\System\sWKkXWS.exe
  C:\Windows\System\sWKkXWS.exe
  2⤵
  PID:4264
- C:\Windows\System\lLAVAjY.exe
  C:\Windows\System\lLAVAjY.exe
  2⤵
  PID:4316
- C:\Windows\System\KqbrgpP.exe
  C:\Windows\System\KqbrgpP.exe
  2⤵
  PID:4332
- C:\Windows\System\JsLXhrR.exe
  C:\Windows\System\JsLXhrR.exe
  2⤵
  PID:4348
- C:\Windows\System\KiJAYSV.exe
  C:\Windows\System\KiJAYSV.exe
  2⤵
  PID:4368
- C:\Windows\System\qXayeUL.exe
  C:\Windows\System\qXayeUL.exe
  2⤵
  PID:4384
- C:\Windows\System\dkXuojl.exe
  C:\Windows\System\dkXuojl.exe
  2⤵
  PID:4400
- C:\Windows\System\IvBlhbx.exe
  C:\Windows\System\IvBlhbx.exe
  2⤵
  PID:4428
- C:\Windows\System\wZzheEt.exe
  C:\Windows\System\wZzheEt.exe
  2⤵
  PID:4448
- C:\Windows\System\moZYLfh.exe
  C:\Windows\System\moZYLfh.exe
  2⤵
  PID:4480
- C:\Windows\System\LIbtNqW.exe
  C:\Windows\System\LIbtNqW.exe
  2⤵
  PID:4496
- C:\Windows\System\sEmHJKH.exe
  C:\Windows\System\sEmHJKH.exe
  2⤵
  PID:4516
- C:\Windows\System\NzmEQXn.exe
  C:\Windows\System\NzmEQXn.exe
  2⤵
  PID:4540
- C:\Windows\System\QSHNSUW.exe
  C:\Windows\System\QSHNSUW.exe
  2⤵
  PID:4556
- C:\Windows\System\vNqlFiz.exe
  C:\Windows\System\vNqlFiz.exe
  2⤵
  PID:4572
- C:\Windows\System\GCvuePT.exe
  C:\Windows\System\GCvuePT.exe
  2⤵
  PID:4596
- C:\Windows\System\sgXAguU.exe
  C:\Windows\System\sgXAguU.exe
  2⤵
  PID:4612
- C:\Windows\System\TqwOMmf.exe
  C:\Windows\System\TqwOMmf.exe
  2⤵
  PID:4628
- C:\Windows\System\fAaemPX.exe
  C:\Windows\System\fAaemPX.exe
  2⤵
  PID:4644
- C:\Windows\System\YqRGMPX.exe
  C:\Windows\System\YqRGMPX.exe
  2⤵
  PID:4660
- C:\Windows\System\krGBitt.exe
  C:\Windows\System\krGBitt.exe
  2⤵
  PID:4676
- C:\Windows\System\JLOaraL.exe
  C:\Windows\System\JLOaraL.exe
  2⤵
  PID:4704
- C:\Windows\System\qaDLgXy.exe
  C:\Windows\System\qaDLgXy.exe
  2⤵
  PID:4724
- C:\Windows\System\NoXlwnR.exe
  C:\Windows\System\NoXlwnR.exe
  2⤵
  PID:4744
- C:\Windows\System\LKAbzsq.exe
  C:\Windows\System\LKAbzsq.exe
  2⤵
  PID:4764
- C:\Windows\System\SahQfRA.exe
  C:\Windows\System\SahQfRA.exe
  2⤵
  PID:4784
- C:\Windows\System\BFQDYMR.exe
  C:\Windows\System\BFQDYMR.exe
  2⤵
  PID:4804
- C:\Windows\System\uhptbjK.exe
  C:\Windows\System\uhptbjK.exe
  2⤵
  PID:4836
- C:\Windows\System\mZyfqkj.exe
  C:\Windows\System\mZyfqkj.exe
  2⤵
  PID:4868
- C:\Windows\System\pFtvODB.exe
  C:\Windows\System\pFtvODB.exe
  2⤵
  PID:4888
- C:\Windows\System\ncFJQbH.exe
  C:\Windows\System\ncFJQbH.exe
  2⤵
  PID:4916
- C:\Windows\System\FVAsXKj.exe
  C:\Windows\System\FVAsXKj.exe
  2⤵
  PID:4936
- C:\Windows\System\eEpKtVE.exe
  C:\Windows\System\eEpKtVE.exe
  2⤵
  PID:4956
- C:\Windows\System\YpwnnzW.exe
  C:\Windows\System\YpwnnzW.exe
  2⤵
  PID:4976
- C:\Windows\System\fXDkgMg.exe
  C:\Windows\System\fXDkgMg.exe
  2⤵
  PID:4996
- C:\Windows\System\kHhUDYD.exe
  C:\Windows\System\kHhUDYD.exe
  2⤵
  PID:5016
- C:\Windows\System\sNjcSeV.exe
  C:\Windows\System\sNjcSeV.exe
  2⤵
  PID:5036
- C:\Windows\System\EhJJmGk.exe
  C:\Windows\System\EhJJmGk.exe
  2⤵
  PID:5056
- C:\Windows\System\ArCExYD.exe
  C:\Windows\System\ArCExYD.exe
  2⤵
  PID:5076
- C:\Windows\System\rCSUNuo.exe
  C:\Windows\System\rCSUNuo.exe
  2⤵
  PID:5096
- C:\Windows\System\sUCDlTh.exe
  C:\Windows\System\sUCDlTh.exe
  2⤵
  PID:5116
- C:\Windows\System\bylkNwu.exe
  C:\Windows\System\bylkNwu.exe
  2⤵
  PID:3968
- C:\Windows\System\Zossshk.exe
  C:\Windows\System\Zossshk.exe
  2⤵
  PID:3976
- C:\Windows\System\aeUUvvj.exe
  C:\Windows\System\aeUUvvj.exe
  2⤵
  PID:3252
- C:\Windows\System\FKEApXV.exe
  C:\Windows\System\FKEApXV.exe
  2⤵
  PID:3500
- C:\Windows\System\qyeVKTp.exe
  C:\Windows\System\qyeVKTp.exe
  2⤵
  PID:3216
- C:\Windows\System\vYukJbI.exe
  C:\Windows\System\vYukJbI.exe
  2⤵
  PID:3648
- C:\Windows\System\LVeRIhp.exe
  C:\Windows\System\LVeRIhp.exe
  2⤵
  PID:3856
- C:\Windows\System\eXGXMTo.exe
  C:\Windows\System\eXGXMTo.exe
  2⤵
  PID:3744
- C:\Windows\System\QkNKnGo.exe
  C:\Windows\System\QkNKnGo.exe
  2⤵
  PID:3888
- C:\Windows\System\oXjZDtS.exe
  C:\Windows\System\oXjZDtS.exe
  2⤵
  PID:3740
- C:\Windows\System\qBbzMmt.exe
  C:\Windows\System\qBbzMmt.exe
  2⤵
  PID:3596
- C:\Windows\System\yHawjnz.exe
  C:\Windows\System\yHawjnz.exe
  2⤵
  PID:4172
- C:\Windows\System\PKZbKiF.exe
  C:\Windows\System\PKZbKiF.exe
  2⤵
  PID:4252
- C:\Windows\System\qDFkOPL.exe
  C:\Windows\System\qDFkOPL.exe
  2⤵
  PID:760
- C:\Windows\System\ltXDDbE.exe
  C:\Windows\System\ltXDDbE.exe
  2⤵
  PID:3396
- C:\Windows\System\LHBLzaZ.exe
  C:\Windows\System\LHBLzaZ.exe
  2⤵
  PID:4116
- C:\Windows\System\AhWfsEr.exe
  C:\Windows\System\AhWfsEr.exe
  2⤵
  PID:4356
- C:\Windows\System\lsRkvcM.exe
  C:\Windows\System\lsRkvcM.exe
  2⤵
  PID:4436
- C:\Windows\System\mphTFMt.exe
  C:\Windows\System\mphTFMt.exe
  2⤵
  PID:4156
- C:\Windows\System\hxTNciB.exe
  C:\Windows\System\hxTNciB.exe
  2⤵
  PID:4232
- C:\Windows\System\lOeJGYZ.exe
  C:\Windows\System\lOeJGYZ.exe
  2⤵
  PID:3332
- C:\Windows\System\qnpLNyY.exe
  C:\Windows\System\qnpLNyY.exe
  2⤵
  PID:3424
- C:\Windows\System\rFfNLHp.exe
  C:\Windows\System\rFfNLHp.exe
  2⤵
  PID:4288
- C:\Windows\System\TjdtCzd.exe
  C:\Windows\System\TjdtCzd.exe
  2⤵
  PID:4300
- C:\Windows\System\OJiOFfx.exe
  C:\Windows\System\OJiOFfx.exe
  2⤵
  PID:4524
- C:\Windows\System\EOHPAeq.exe
  C:\Windows\System\EOHPAeq.exe
  2⤵
  PID:4564
- C:\Windows\System\vRYKyLa.exe
  C:\Windows\System\vRYKyLa.exe
  2⤵
  PID:4608
- C:\Windows\System\PoEgldo.exe
  C:\Windows\System\PoEgldo.exe
  2⤵
  PID:4420
- C:\Windows\System\qAeeTcM.exe
  C:\Windows\System\qAeeTcM.exe
  2⤵
  PID:4636
- C:\Windows\System\TbEOpkA.exe
  C:\Windows\System\TbEOpkA.exe
  2⤵
  PID:4460
- C:\Windows\System\UXivgPD.exe
  C:\Windows\System\UXivgPD.exe
  2⤵
  PID:4720
- C:\Windows\System\mGzVHet.exe
  C:\Windows\System\mGzVHet.exe
  2⤵
  PID:4508
- C:\Windows\System\SBjAMgK.exe
  C:\Windows\System\SBjAMgK.exe
  2⤵
  PID:4716
- C:\Windows\System\nCeMNeU.exe
  C:\Windows\System\nCeMNeU.exe
  2⤵
  PID:4588
- C:\Windows\System\lVULaUJ.exe
  C:\Windows\System\lVULaUJ.exe
  2⤵
  PID:3312
- C:\Windows\System\ShUkPCd.exe
  C:\Windows\System\ShUkPCd.exe
  2⤵
  PID:4796
- C:\Windows\System\LOrrKRN.exe
  C:\Windows\System\LOrrKRN.exe
  2⤵
  PID:4692
- C:\Windows\System\FgVSMEp.exe
  C:\Windows\System\FgVSMEp.exe
  2⤵
  PID:4736
- C:\Windows\System\rQSIJCo.exe
  C:\Windows\System\rQSIJCo.exe
  2⤵
  PID:4812
- C:\Windows\System\AoSotxC.exe
  C:\Windows\System\AoSotxC.exe
  2⤵
  PID:4864
- C:\Windows\System\xVwVLJK.exe
  C:\Windows\System\xVwVLJK.exe
  2⤵
  PID:4904
- C:\Windows\System\qaYkXBV.exe
  C:\Windows\System\qaYkXBV.exe
  2⤵
  PID:4924
- C:\Windows\System\jXwKXWK.exe
  C:\Windows\System\jXwKXWK.exe
  2⤵
  PID:4992
- C:\Windows\System\kKiWjmx.exe
  C:\Windows\System\kKiWjmx.exe
  2⤵
  PID:5084
- C:\Windows\System\kFXbsuu.exe
  C:\Windows\System\kFXbsuu.exe
  2⤵
  PID:5104
- C:\Windows\System\SbTdMEd.exe
  C:\Windows\System\SbTdMEd.exe
  2⤵
  PID:4040
- C:\Windows\System\cYgjCas.exe
  C:\Windows\System\cYgjCas.exe
  2⤵
  PID:2904
- C:\Windows\System\zdSowfU.exe
  C:\Windows\System\zdSowfU.exe
  2⤵
  PID:3100
- C:\Windows\System\CuNEJzD.exe
  C:\Windows\System\CuNEJzD.exe
  2⤵
  PID:3632
- C:\Windows\System\AXqamuP.exe
  C:\Windows\System\AXqamuP.exe
  2⤵
  PID:3644
- C:\Windows\System\tAtPHiE.exe
  C:\Windows\System\tAtPHiE.exe
  2⤵
  PID:3380
- C:\Windows\System\rhcBdwS.exe
  C:\Windows\System\rhcBdwS.exe
  2⤵
  PID:4136
- C:\Windows\System\nNqVtik.exe
  C:\Windows\System\nNqVtik.exe
  2⤵
  PID:2784
- C:\Windows\System\sOyJHfy.exe
  C:\Windows\System\sOyJHfy.exe
  2⤵
  PID:4064
- C:\Windows\System\ewYsCZp.exe
  C:\Windows\System\ewYsCZp.exe
  2⤵
  PID:4364
- C:\Windows\System\GNBEuXP.exe
  C:\Windows\System\GNBEuXP.exe
  2⤵
  PID:4196
- C:\Windows\System\SLUsevT.exe
  C:\Windows\System\SLUsevT.exe
  2⤵
  PID:4276
- C:\Windows\System\JGJbYkK.exe
  C:\Windows\System\JGJbYkK.exe
  2⤵
  PID:4408
- C:\Windows\System\DisfKRz.exe
  C:\Windows\System\DisfKRz.exe
  2⤵
  PID:4376
- C:\Windows\System\LcDCyDu.exe
  C:\Windows\System\LcDCyDu.exe
  2⤵
  PID:4504
- C:\Windows\System\JpcFRvL.exe
  C:\Windows\System\JpcFRvL.exe
  2⤵
  PID:3720
- C:\Windows\System\QzkGyXZ.exe
  C:\Windows\System\QzkGyXZ.exe
  2⤵
  PID:4624
- C:\Windows\System\KUIZYRt.exe
  C:\Windows\System\KUIZYRt.exe
  2⤵
  PID:4844
- C:\Windows\System\WvEVSgQ.exe
  C:\Windows\System\WvEVSgQ.exe
  2⤵
  PID:4832
- C:\Windows\System\RUEydCp.exe
  C:\Windows\System\RUEydCp.exe
  2⤵
  PID:2396
- C:\Windows\System\fzfgjyz.exe
  C:\Windows\System\fzfgjyz.exe
  2⤵
  PID:4988
- C:\Windows\System\ZNuyUsC.exe
  C:\Windows\System\ZNuyUsC.exe
  2⤵
  PID:5028
- C:\Windows\System\XrJnWmr.exe
  C:\Windows\System\XrJnWmr.exe
  2⤵
  PID:5064
- C:\Windows\System\lgFqSrC.exe
  C:\Windows\System\lgFqSrC.exe
  2⤵
  PID:5068
- C:\Windows\System\tioVuie.exe
  C:\Windows\System\tioVuie.exe
  2⤵
  PID:3504
- C:\Windows\System\uDdYFtb.exe
  C:\Windows\System\uDdYFtb.exe
  2⤵
  PID:3716
- C:\Windows\System\znMgbjb.exe
  C:\Windows\System\znMgbjb.exe
  2⤵
  PID:4192
- C:\Windows\System\vGArvar.exe
  C:\Windows\System\vGArvar.exe
  2⤵
  PID:4472
- C:\Windows\System\KAfSpef.exe
  C:\Windows\System\KAfSpef.exe
  2⤵
  PID:5124
- C:\Windows\System\uZwmMGA.exe
  C:\Windows\System\uZwmMGA.exe
  2⤵
  PID:5140
- C:\Windows\System\SyKSYyx.exe
  C:\Windows\System\SyKSYyx.exe
  2⤵
  PID:5156
- C:\Windows\System\YchdGjM.exe
  C:\Windows\System\YchdGjM.exe
  2⤵
  PID:5172
- C:\Windows\System\MxeEZCk.exe
  C:\Windows\System\MxeEZCk.exe
  2⤵
  PID:5188
- C:\Windows\System\ycNxJQt.exe
  C:\Windows\System\ycNxJQt.exe
  2⤵
  PID:5204
- C:\Windows\System\CoRfykC.exe
  C:\Windows\System\CoRfykC.exe
  2⤵
  PID:5220
- C:\Windows\System\manINkg.exe
  C:\Windows\System\manINkg.exe
  2⤵
  PID:5236
- C:\Windows\System\FdXEoSG.exe
  C:\Windows\System\FdXEoSG.exe
  2⤵
  PID:5252
- C:\Windows\System\rxeulxc.exe
  C:\Windows\System\rxeulxc.exe
  2⤵
  PID:5268
- C:\Windows\System\WMUvdyH.exe
  C:\Windows\System\WMUvdyH.exe
  2⤵
  PID:5284
- C:\Windows\System\jIElFWL.exe
  C:\Windows\System\jIElFWL.exe
  2⤵
  PID:5300
- C:\Windows\System\fNgfhCX.exe
  C:\Windows\System\fNgfhCX.exe
  2⤵
  PID:5316
- C:\Windows\System\yUDhhTQ.exe
  C:\Windows\System\yUDhhTQ.exe
  2⤵
  PID:5332
- C:\Windows\System\EEdkViu.exe
  C:\Windows\System\EEdkViu.exe
  2⤵
  PID:5348
- C:\Windows\System\NiWHxcZ.exe
  C:\Windows\System\NiWHxcZ.exe
  2⤵
  PID:5368
- C:\Windows\System\tnXLEpX.exe
  C:\Windows\System\tnXLEpX.exe
  2⤵
  PID:5384
- C:\Windows\System\qDBbioi.exe
  C:\Windows\System\qDBbioi.exe
  2⤵
  PID:5400
- C:\Windows\System\klowYoz.exe
  C:\Windows\System\klowYoz.exe
  2⤵
  PID:5416
- C:\Windows\System\wZJTpXX.exe
  C:\Windows\System\wZJTpXX.exe
  2⤵
  PID:5432
- C:\Windows\System\KUPuQRo.exe
  C:\Windows\System\KUPuQRo.exe
  2⤵
  PID:5448
- C:\Windows\System\SouWrJK.exe
  C:\Windows\System\SouWrJK.exe
  2⤵
  PID:5464
- C:\Windows\System\bXPFQHT.exe
  C:\Windows\System\bXPFQHT.exe
  2⤵
  PID:5480
- C:\Windows\System\SUXAsoj.exe
  C:\Windows\System\SUXAsoj.exe
  2⤵
  PID:5500
- C:\Windows\System\vNZFask.exe
  C:\Windows\System\vNZFask.exe
  2⤵
  PID:5516
- C:\Windows\System\KByyPDb.exe
  C:\Windows\System\KByyPDb.exe
  2⤵
  PID:5532
- C:\Windows\System\UZjXhdf.exe
  C:\Windows\System\UZjXhdf.exe
  2⤵
  PID:5548
- C:\Windows\System\uXDCOZZ.exe
  C:\Windows\System\uXDCOZZ.exe
  2⤵
  PID:5564
- C:\Windows\System\XaXqqjD.exe
  C:\Windows\System\XaXqqjD.exe
  2⤵
  PID:5580
- C:\Windows\System\QjtgsfG.exe
  C:\Windows\System\QjtgsfG.exe
  2⤵
  PID:5596
- C:\Windows\System\TIcGuyC.exe
  C:\Windows\System\TIcGuyC.exe
  2⤵
  PID:5612
- C:\Windows\System\BWmScFq.exe
  C:\Windows\System\BWmScFq.exe
  2⤵
  PID:5628
- C:\Windows\System\cVGrMds.exe
  C:\Windows\System\cVGrMds.exe
  2⤵
  PID:5644
- C:\Windows\System\nysFUxu.exe
  C:\Windows\System\nysFUxu.exe
  2⤵
  PID:5660
- C:\Windows\System\WyEljGi.exe
  C:\Windows\System\WyEljGi.exe
  2⤵
  PID:5680
- C:\Windows\System\mePqWDT.exe
  C:\Windows\System\mePqWDT.exe
  2⤵
  PID:5696
- C:\Windows\System\SaCCapM.exe
  C:\Windows\System\SaCCapM.exe
  2⤵
  PID:5712
- C:\Windows\System\pZAjkis.exe
  C:\Windows\System\pZAjkis.exe
  2⤵
  PID:5728
- C:\Windows\System\AQcrXUw.exe
  C:\Windows\System\AQcrXUw.exe
  2⤵
  PID:5744
- C:\Windows\System\upyjRlC.exe
  C:\Windows\System\upyjRlC.exe
  2⤵
  PID:5760
- C:\Windows\System\tsMWJNW.exe
  C:\Windows\System\tsMWJNW.exe
  2⤵
  PID:5776
- C:\Windows\System\sZXIGZx.exe
  C:\Windows\System\sZXIGZx.exe
  2⤵
  PID:5792
- C:\Windows\System\rgUvfUh.exe
  C:\Windows\System\rgUvfUh.exe
  2⤵
  PID:5808
- C:\Windows\System\UqexsAh.exe
  C:\Windows\System\UqexsAh.exe
  2⤵
  PID:5824
- C:\Windows\System\NeUMUrB.exe
  C:\Windows\System\NeUMUrB.exe
  2⤵
  PID:5840
- C:\Windows\System\eTscldV.exe
  C:\Windows\System\eTscldV.exe
  2⤵
  PID:5856
- C:\Windows\System\lKELLgx.exe
  C:\Windows\System\lKELLgx.exe
  2⤵
  PID:5876
- C:\Windows\System\BfbAfsP.exe
  C:\Windows\System\BfbAfsP.exe
  2⤵
  PID:5892
- C:\Windows\System\SRDiBam.exe
  C:\Windows\System\SRDiBam.exe
  2⤵
  PID:5908
- C:\Windows\System\uQwczJT.exe
  C:\Windows\System\uQwczJT.exe
  2⤵
  PID:5924
- C:\Windows\System\uSsrkbW.exe
  C:\Windows\System\uSsrkbW.exe
  2⤵
  PID:5940
- C:\Windows\System\cKHvmeu.exe
  C:\Windows\System\cKHvmeu.exe
  2⤵
  PID:5956
- C:\Windows\System\VGEzdSF.exe
  C:\Windows\System\VGEzdSF.exe
  2⤵
  PID:5972
- C:\Windows\System\YzWfoer.exe
  C:\Windows\System\YzWfoer.exe
  2⤵
  PID:5988
- C:\Windows\System\OeqkczQ.exe
  C:\Windows\System\OeqkczQ.exe
  2⤵
  PID:6004
- C:\Windows\System\sMdCYcs.exe
  C:\Windows\System\sMdCYcs.exe
  2⤵
  PID:6020
- C:\Windows\System\rZxlWyc.exe
  C:\Windows\System\rZxlWyc.exe
  2⤵
  PID:6036
- C:\Windows\System\hZBDTNy.exe
  C:\Windows\System\hZBDTNy.exe
  2⤵
  PID:6064
- C:\Windows\System\hibOZNJ.exe
  C:\Windows\System\hibOZNJ.exe
  2⤵
  PID:6080
- C:\Windows\System\anrTWlZ.exe
  C:\Windows\System\anrTWlZ.exe
  2⤵
  PID:6100
- C:\Windows\System\UPlZpJU.exe
  C:\Windows\System\UPlZpJU.exe
  2⤵
  PID:5280
- C:\Windows\System\UOIIvjG.exe
  C:\Windows\System\UOIIvjG.exe
  2⤵
  PID:5376
- C:\Windows\System\TDOWGxg.exe
  C:\Windows\System\TDOWGxg.exe
  2⤵
  PID:6076
- C:\Windows\System\zudgKlG.exe
  C:\Windows\System\zudgKlG.exe
  2⤵
  PID:2900
- C:\Windows\System\XxPjmNt.exe
  C:\Windows\System\XxPjmNt.exe
  2⤵
  PID:4604
- C:\Windows\System\fPXhjlb.exe
  C:\Windows\System\fPXhjlb.exe
  2⤵
  PID:4292
- C:\Windows\System\VgZbXEY.exe
  C:\Windows\System\VgZbXEY.exe
  2⤵
  PID:4328
- C:\Windows\System\LFRcKem.exe
  C:\Windows\System\LFRcKem.exe
  2⤵
  PID:4896
- C:\Windows\System\DxJLXtR.exe
  C:\Windows\System\DxJLXtR.exe
  2⤵
  PID:4684
- C:\Windows\System\DLbTsoA.exe
  C:\Windows\System\DLbTsoA.exe
  2⤵
  PID:4548
- C:\Windows\System\LRpQwow.exe
  C:\Windows\System\LRpQwow.exe
  2⤵
  PID:6124
- C:\Windows\System\BCFldEQ.exe
  C:\Windows\System\BCFldEQ.exe
  2⤵
  PID:6140
- C:\Windows\System\DnFQRvS.exe
  C:\Windows\System\DnFQRvS.exe
  2⤵
  PID:5044
- C:\Windows\System\FsVcrRf.exe
  C:\Windows\System\FsVcrRf.exe
  2⤵
  PID:2224
- C:\Windows\System\nhDpLOy.exe
  C:\Windows\System\nhDpLOy.exe
  2⤵
  PID:4852
- C:\Windows\System\vfOvxTG.exe
  C:\Windows\System\vfOvxTG.exe
  2⤵
  PID:2944
- C:\Windows\System\MMFJgGB.exe
  C:\Windows\System\MMFJgGB.exe
  2⤵
  PID:5244
- C:\Windows\System\DkzCTgB.exe
  C:\Windows\System\DkzCTgB.exe
  2⤵
  PID:5088
- C:\Windows\System\UBgPsYI.exe
  C:\Windows\System\UBgPsYI.exe
  2⤵
  PID:5360
- C:\Windows\System\wpbvLUh.exe
  C:\Windows\System\wpbvLUh.exe
  2⤵
  PID:6052
- C:\Windows\System\VEjFtnq.exe
  C:\Windows\System\VEjFtnq.exe
  2⤵
  PID:5312
- C:\Windows\System\CwpdMcK.exe
  C:\Windows\System\CwpdMcK.exe
  2⤵
  PID:6016
- C:\Windows\System\GYCPmWl.exe
  C:\Windows\System\GYCPmWl.exe
  2⤵
  PID:5948
- C:\Windows\System\RGQtbTk.exe
  C:\Windows\System\RGQtbTk.exe
  2⤵
  PID:5852
- C:\Windows\System\lsIInzi.exe
  C:\Windows\System\lsIInzi.exe
  2⤵
  PID:5784
- C:\Windows\System\nJhHvxU.exe
  C:\Windows\System\nJhHvxU.exe
  2⤵
  PID:5720
- C:\Windows\System\HMDCexa.exe
  C:\Windows\System\HMDCexa.exe
  2⤵
  PID:5592
- C:\Windows\System\TZFCWws.exe
  C:\Windows\System\TZFCWws.exe
  2⤵
  PID:5528
- C:\Windows\System\lMrHngS.exe
  C:\Windows\System\lMrHngS.exe
  2⤵
  PID:5456
- C:\Windows\System\MePwmSU.exe
  C:\Windows\System\MePwmSU.exe
  2⤵
  PID:5364
- C:\Windows\System\WrMpygk.exe
  C:\Windows\System\WrMpygk.exe
  2⤵
  PID:5292
- C:\Windows\System\XvHmzCP.exe
  C:\Windows\System\XvHmzCP.exe
  2⤵
  PID:5196
- C:\Windows\System\OyWFPag.exe
  C:\Windows\System\OyWFPag.exe
  2⤵
  PID:4456
- C:\Windows\System\TJjMcmr.exe
  C:\Windows\System\TJjMcmr.exe
  2⤵
  PID:5072
- C:\Windows\System\cUCJcBk.exe
  C:\Windows\System\cUCJcBk.exe
  2⤵
  PID:4656
- C:\Windows\System\JuCmogE.exe
  C:\Windows\System\JuCmogE.exe
  2⤵
  PID:4752
- C:\Windows\System\ocXPTCt.exe
  C:\Windows\System\ocXPTCt.exe
  2⤵
  PID:3208
- C:\Windows\System\UrqmAho.exe
  C:\Windows\System\UrqmAho.exe
  2⤵
  PID:5412
- C:\Windows\System\oYDcOvq.exe
  C:\Windows\System\oYDcOvq.exe
  2⤵
  PID:5540
- C:\Windows\System\uQTqVHx.exe
  C:\Windows\System\uQTqVHx.exe
  2⤵
  PID:5604
- C:\Windows\System\fKeTTer.exe
  C:\Windows\System\fKeTTer.exe
  2⤵
  PID:5668
- C:\Windows\System\ANDQLld.exe
  C:\Windows\System\ANDQLld.exe
  2⤵
  PID:5708
- C:\Windows\System\NHaHODm.exe
  C:\Windows\System\NHaHODm.exe
  2⤵
  PID:5800
- C:\Windows\System\XOhBREQ.exe
  C:\Windows\System\XOhBREQ.exe
  2⤵
  PID:5868
- C:\Windows\System\wyRbBnf.exe
  C:\Windows\System\wyRbBnf.exe
  2⤵
  PID:5932
- C:\Windows\System\gQfYEDW.exe
  C:\Windows\System\gQfYEDW.exe
  2⤵
  PID:5996
- C:\Windows\System\ZkVoLEb.exe
  C:\Windows\System\ZkVoLEb.exe
  2⤵
  PID:6072
- C:\Windows\System\gCRtUMT.exe
  C:\Windows\System\gCRtUMT.exe
  2⤵
  PID:4340
- C:\Windows\System\TRfqknj.exe
  C:\Windows\System\TRfqknj.exe
  2⤵
  PID:4772
- C:\Windows\System\FOrmGMf.exe
  C:\Windows\System\FOrmGMf.exe
  2⤵
  PID:2320
- C:\Windows\System\GHPHVOI.exe
  C:\Windows\System\GHPHVOI.exe
  2⤵
  PID:4284
- C:\Windows\System\QczriNO.exe
  C:\Windows\System\QczriNO.exe
  2⤵
  PID:3392
- C:\Windows\System\BQUayvT.exe
  C:\Windows\System\BQUayvT.exe
  2⤵
  PID:4396
- C:\Windows\System\ibvhqKr.exe
  C:\Windows\System\ibvhqKr.exe
  2⤵
  PID:4652
- C:\Windows\System\jCDsewu.exe
  C:\Windows\System\jCDsewu.exe
  2⤵
  PID:5180
- C:\Windows\System\DzKWagg.exe
  C:\Windows\System\DzKWagg.exe
  2⤵
  PID:6088
- C:\Windows\System\GWqLDuW.exe
  C:\Windows\System\GWqLDuW.exe
  2⤵
  PID:6112
- C:\Windows\System\UJLSYlv.exe
  C:\Windows\System\UJLSYlv.exe
  2⤵
  PID:5952
- C:\Windows\System\CVPQGtC.exe
  C:\Windows\System\CVPQGtC.exe
  2⤵
  PID:3296
- C:\Windows\System\rbXyOnH.exe
  C:\Windows\System\rbXyOnH.exe
  2⤵
  PID:5752
- C:\Windows\System\HsLHSPS.exe
  C:\Windows\System\HsLHSPS.exe
  2⤵
  PID:5620
- C:\Windows\System\NsjeeCR.exe
  C:\Windows\System\NsjeeCR.exe
  2⤵
  PID:5488
- C:\Windows\System\TnuXbYS.exe
  C:\Windows\System\TnuXbYS.exe
  2⤵
  PID:5164
- C:\Windows\System\jFUqrai.exe
  C:\Windows\System\jFUqrai.exe
  2⤵
  PID:5424
- C:\Windows\System\HmqgDcV.exe
  C:\Windows\System\HmqgDcV.exe
  2⤵
  PID:5200
- C:\Windows\System\MwWxdnn.exe
  C:\Windows\System\MwWxdnn.exe
  2⤵
  PID:1120
- C:\Windows\System\CPguqpq.exe
  C:\Windows\System\CPguqpq.exe
  2⤵
  PID:5472
- C:\Windows\System\LYsszRZ.exe
  C:\Windows\System\LYsszRZ.exe
  2⤵
  PID:692
- C:\Windows\System\HymmBWZ.exe
  C:\Windows\System\HymmBWZ.exe
  2⤵
  PID:5640
- C:\Windows\System\EIoCsZy.exe
  C:\Windows\System\EIoCsZy.exe
  2⤵
  PID:2832
- C:\Windows\System\aXxQlni.exe
  C:\Windows\System\aXxQlni.exe
  2⤵
  PID:5904
- C:\Windows\System\lHRwDXh.exe
  C:\Windows\System\lHRwDXh.exe
  2⤵
  PID:5704
- C:\Windows\System\bLGtzFm.exe
  C:\Windows\System\bLGtzFm.exe
  2⤵
  PID:5836
- C:\Windows\System\WBACDJE.exe
  C:\Windows\System\WBACDJE.exe
  2⤵
  PID:4928
- C:\Windows\System\fmEWcul.exe
  C:\Windows\System\fmEWcul.exe
  2⤵
  PID:4492
- C:\Windows\System\oUBNUEx.exe
  C:\Windows\System\oUBNUEx.exe
  2⤵
  PID:4308
- C:\Windows\System\wxyGnmw.exe
  C:\Windows\System\wxyGnmw.exe
  2⤵
  PID:4760
- C:\Windows\System\jUaGAGK.exe
  C:\Windows\System\jUaGAGK.exe
  2⤵
  PID:1000
- C:\Windows\System\FVfNlyc.exe
  C:\Windows\System\FVfNlyc.exe
  2⤵
  PID:5820
- C:\Windows\System\eJvjhij.exe
  C:\Windows\System\eJvjhij.exe
  2⤵
  PID:5816
- C:\Windows\System\LlDXNOP.exe
  C:\Windows\System\LlDXNOP.exe
  2⤵
  PID:6044
- C:\Windows\System\PjeMFwH.exe
  C:\Windows\System\PjeMFwH.exe
  2⤵
  PID:5916
- C:\Windows\System\muWYJrs.exe
  C:\Windows\System\muWYJrs.exe
  2⤵
  PID:5228
- C:\Windows\System\TyOJUBQ.exe
  C:\Windows\System\TyOJUBQ.exe
  2⤵
  PID:2208
- C:\Windows\System\UZicfey.exe
  C:\Windows\System\UZicfey.exe
  2⤵
  PID:4884
- C:\Windows\System\KPKVZdx.exe
  C:\Windows\System\KPKVZdx.exe
  2⤵
  PID:3308
- C:\Windows\System\cxiNXxb.exe
  C:\Windows\System\cxiNXxb.exe
  2⤵
  PID:5408
- C:\Windows\System\drfVyxe.exe
  C:\Windows\System\drfVyxe.exe
  2⤵
  PID:4152
- C:\Windows\System\oZGCwEN.exe
  C:\Windows\System\oZGCwEN.exe
  2⤵
  PID:6156
- C:\Windows\System\fVIFHTi.exe
  C:\Windows\System\fVIFHTi.exe
  2⤵
  PID:6172
- C:\Windows\System\WNqdpmS.exe
  C:\Windows\System\WNqdpmS.exe
  2⤵
  PID:6196
- C:\Windows\System\IVQEjsU.exe
  C:\Windows\System\IVQEjsU.exe
  2⤵
  PID:6216
- C:\Windows\System\xPdxBvR.exe
  C:\Windows\System\xPdxBvR.exe
  2⤵
  PID:6236
- C:\Windows\System\bKVFzwk.exe
  C:\Windows\System\bKVFzwk.exe
  2⤵
  PID:6256
- C:\Windows\System\ZbKiRLt.exe
  C:\Windows\System\ZbKiRLt.exe
  2⤵
  PID:6296
- C:\Windows\System\moWQcNO.exe
  C:\Windows\System\moWQcNO.exe
  2⤵
  PID:6312
- C:\Windows\System\acGEGlt.exe
  C:\Windows\System\acGEGlt.exe
  2⤵
  PID:6332
- C:\Windows\System\VoFiRjY.exe
  C:\Windows\System\VoFiRjY.exe
  2⤵
  PID:6352
- C:\Windows\System\kcfRCiT.exe
  C:\Windows\System\kcfRCiT.exe
  2⤵
  PID:6372
- C:\Windows\System\ajTeXsX.exe
  C:\Windows\System\ajTeXsX.exe
  2⤵
  PID:6392
- C:\Windows\System\nvoIdqc.exe
  C:\Windows\System\nvoIdqc.exe
  2⤵
  PID:6408
- C:\Windows\System\JaBjPNj.exe
  C:\Windows\System\JaBjPNj.exe
  2⤵
  PID:6424
- C:\Windows\System\zpYazYm.exe
  C:\Windows\System\zpYazYm.exe
  2⤵
  PID:6444
- C:\Windows\System\SGLOkRt.exe
  C:\Windows\System\SGLOkRt.exe
  2⤵
  PID:6464
- C:\Windows\System\hZnCXUV.exe
  C:\Windows\System\hZnCXUV.exe
  2⤵
  PID:6480
- C:\Windows\System\fmCmzyA.exe
  C:\Windows\System\fmCmzyA.exe
  2⤵
  PID:6500
- C:\Windows\System\ACTTuwt.exe
  C:\Windows\System\ACTTuwt.exe
  2⤵
  PID:6520
- C:\Windows\System\wlSnGSa.exe
  C:\Windows\System\wlSnGSa.exe
  2⤵
  PID:6556
- C:\Windows\System\KoKNZna.exe
  C:\Windows\System\KoKNZna.exe
  2⤵
  PID:6576
- C:\Windows\System\JqhvIKb.exe
  C:\Windows\System\JqhvIKb.exe
  2⤵
  PID:6596
- C:\Windows\System\bXksOUt.exe
  C:\Windows\System\bXksOUt.exe
  2⤵
  PID:6616
- C:\Windows\System\CndLcaO.exe
  C:\Windows\System\CndLcaO.exe
  2⤵
  PID:6636
- C:\Windows\System\KxUDPrl.exe
  C:\Windows\System\KxUDPrl.exe
  2⤵
  PID:6656
- C:\Windows\System\GSClWBi.exe
  C:\Windows\System\GSClWBi.exe
  2⤵
  PID:6676
- C:\Windows\System\xxdhkPA.exe
  C:\Windows\System\xxdhkPA.exe
  2⤵
  PID:6700
- C:\Windows\System\EwtqFRy.exe
  C:\Windows\System\EwtqFRy.exe
  2⤵
  PID:6720
- C:\Windows\System\LftkMFW.exe
  C:\Windows\System\LftkMFW.exe
  2⤵
  PID:6740
- C:\Windows\System\uZnsdSq.exe
  C:\Windows\System\uZnsdSq.exe
  2⤵
  PID:6760
- C:\Windows\System\bMDjydi.exe
  C:\Windows\System\bMDjydi.exe
  2⤵
  PID:6780
- C:\Windows\System\DIlWUnP.exe
  C:\Windows\System\DIlWUnP.exe
  2⤵
  PID:6800
- C:\Windows\System\IhJarhe.exe
  C:\Windows\System\IhJarhe.exe
  2⤵
  PID:6820
- C:\Windows\System\nAUeBid.exe
  C:\Windows\System\nAUeBid.exe
  2⤵
  PID:6840
- C:\Windows\System\PMMlNMG.exe
  C:\Windows\System\PMMlNMG.exe
  2⤵
  PID:6860
- C:\Windows\System\CzIVKBV.exe
  C:\Windows\System\CzIVKBV.exe
  2⤵
  PID:6880
- C:\Windows\System\wzNyazK.exe
  C:\Windows\System\wzNyazK.exe
  2⤵
  PID:6900
- C:\Windows\System\WFapWjv.exe
  C:\Windows\System\WFapWjv.exe
  2⤵
  PID:6920
- C:\Windows\System\quYEXDP.exe
  C:\Windows\System\quYEXDP.exe
  2⤵
  PID:6940
- C:\Windows\System\xwJeJIw.exe
  C:\Windows\System\xwJeJIw.exe
  2⤵
  PID:6960
- C:\Windows\System\rHSynnW.exe
  C:\Windows\System\rHSynnW.exe
  2⤵
  PID:6980
- C:\Windows\System\rnEfolS.exe
  C:\Windows\System\rnEfolS.exe
  2⤵
  PID:7000
- C:\Windows\System\XbdunzG.exe
  C:\Windows\System\XbdunzG.exe
  2⤵
  PID:7020
- C:\Windows\System\wNcUPZj.exe
  C:\Windows\System\wNcUPZj.exe
  2⤵
  PID:7036
- C:\Windows\System\dLNeoBu.exe
  C:\Windows\System\dLNeoBu.exe
  2⤵
  PID:7060
- C:\Windows\System\NiObAdc.exe
  C:\Windows\System\NiObAdc.exe
  2⤵
  PID:7080
- C:\Windows\System\TlTbNqT.exe
  C:\Windows\System\TlTbNqT.exe
  2⤵
  PID:7100
- C:\Windows\System\ZdUNESl.exe
  C:\Windows\System\ZdUNESl.exe
  2⤵
  PID:7120
- C:\Windows\System\zzlSWMm.exe
  C:\Windows\System\zzlSWMm.exe
  2⤵
  PID:7140
- C:\Windows\System\rsVXjZa.exe
  C:\Windows\System\rsVXjZa.exe
  2⤵
  PID:7156
- C:\Windows\System\tDbOESH.exe
  C:\Windows\System\tDbOESH.exe
  2⤵
  PID:2860
- C:\Windows\System\AoPzwpB.exe
  C:\Windows\System\AoPzwpB.exe
  2⤵
  PID:4780
- C:\Windows\System\MTqceTA.exe
  C:\Windows\System\MTqceTA.exe
  2⤵
  PID:6060
- C:\Windows\System\GesrTjp.exe
  C:\Windows\System\GesrTjp.exe
  2⤵
  PID:5572
- C:\Windows\System\jiYkhOq.exe
  C:\Windows\System\jiYkhOq.exe
  2⤵
  PID:5676
- C:\Windows\System\YMZjqTp.exe
  C:\Windows\System\YMZjqTp.exe
  2⤵
  PID:4344
- C:\Windows\System\mZvkxSV.exe
  C:\Windows\System\mZvkxSV.exe
  2⤵
  PID:5004
- C:\Windows\System\abcUBmf.exe
  C:\Windows\System\abcUBmf.exe
  2⤵
  PID:6152
- C:\Windows\System\LMYGilR.exe
  C:\Windows\System\LMYGilR.exe
  2⤵
  PID:6184
- C:\Windows\System\rBjXYmj.exe
  C:\Windows\System\rBjXYmj.exe
  2⤵
  PID:6120
- C:\Windows\System\lKVMlog.exe
  C:\Windows\System\lKVMlog.exe
  2⤵
  PID:5184
- C:\Windows\System\HvxEpSB.exe
  C:\Windows\System\HvxEpSB.exe
  2⤵
  PID:6224
- C:\Windows\System\coTGyMg.exe
  C:\Windows\System\coTGyMg.exe
  2⤵
  PID:6272
- C:\Windows\System\rsxBWqW.exe
  C:\Windows\System\rsxBWqW.exe
  2⤵
  PID:6244
- C:\Windows\System\NtCzQlz.exe
  C:\Windows\System\NtCzQlz.exe
  2⤵
  PID:6204
- C:\Windows\System\VmLLkHv.exe
  C:\Windows\System\VmLLkHv.exe
  2⤵
  PID:5232
- C:\Windows\System\fmltMYh.exe
  C:\Windows\System\fmltMYh.exe
  2⤵
  PID:6284
- C:\Windows\System\ymZcfFk.exe
  C:\Windows\System\ymZcfFk.exe
  2⤵
  PID:6368
- C:\Windows\System\YmbFkLm.exe
  C:\Windows\System\YmbFkLm.exe
  2⤵
  PID:2692
- C:\Windows\System\SQZqzEN.exe
  C:\Windows\System\SQZqzEN.exe
  2⤵
  PID:2748
- C:\Windows\System\gFCGCmy.exe
  C:\Windows\System\gFCGCmy.exe
  2⤵
  PID:4176
- C:\Windows\System\spBWyDL.exe
  C:\Windows\System\spBWyDL.exe
  2⤵
  PID:6512
- C:\Windows\System\CIdNEle.exe
  C:\Windows\System\CIdNEle.exe
  2⤵
  PID:6496
- C:\Windows\System\NOTgyyI.exe
  C:\Windows\System\NOTgyyI.exe
  2⤵
  PID:6452
- C:\Windows\System\HBxiplw.exe
  C:\Windows\System\HBxiplw.exe
  2⤵
  PID:6540
- C:\Windows\System\LiKdkgR.exe
  C:\Windows\System\LiKdkgR.exe
  2⤵
  PID:6568
- C:\Windows\System\dLlWdAU.exe
  C:\Windows\System\dLlWdAU.exe
  2⤵
  PID:6592
- C:\Windows\System\jUSXsZt.exe
  C:\Windows\System\jUSXsZt.exe
  2⤵
  PID:6648
- C:\Windows\System\iryzPlF.exe
  C:\Windows\System\iryzPlF.exe
  2⤵
  PID:5212
- C:\Windows\System\HIyMoNS.exe
  C:\Windows\System\HIyMoNS.exe
  2⤵
  PID:6688
- C:\Windows\System\QznxdBP.exe
  C:\Windows\System\QznxdBP.exe
  2⤵
  PID:6732
- C:\Windows\System\UHVRzpV.exe
  C:\Windows\System\UHVRzpV.exe
  2⤵
  PID:6756
- C:\Windows\System\KZEqmXi.exe
  C:\Windows\System\KZEqmXi.exe
  2⤵
  PID:6816
- C:\Windows\System\CmUXmxw.exe
  C:\Windows\System\CmUXmxw.exe
  2⤵
  PID:6856
- C:\Windows\System\DmSclRW.exe
  C:\Windows\System\DmSclRW.exe
  2⤵
  PID:6868
- C:\Windows\System\GxINrdr.exe
  C:\Windows\System\GxINrdr.exe
  2⤵
  PID:6872
- C:\Windows\System\pDkHvET.exe
  C:\Windows\System\pDkHvET.exe
  2⤵
  PID:6912
- C:\Windows\System\bEXKGyc.exe
  C:\Windows\System\bEXKGyc.exe
  2⤵
  PID:6976
- C:\Windows\System\tsXYlXH.exe
  C:\Windows\System\tsXYlXH.exe
  2⤵
  PID:7012
- C:\Windows\System\qmBZYQi.exe
  C:\Windows\System\qmBZYQi.exe
  2⤵
  PID:7044
- C:\Windows\System\QWvzfaD.exe
  C:\Windows\System\QWvzfaD.exe
  2⤵
  PID:7052
- C:\Windows\System\xKgjaqJ.exe
  C:\Windows\System\xKgjaqJ.exe
  2⤵
  PID:7072
- C:\Windows\System\nXiGHSb.exe
  C:\Windows\System\nXiGHSb.exe
  2⤵
  PID:7108
- C:\Windows\System\gVgrOnh.exe
  C:\Windows\System\gVgrOnh.exe
  2⤵
  PID:7164
- C:\Windows\System\xMlmIqx.exe
  C:\Windows\System\xMlmIqx.exe
  2⤵
  PID:5864
- C:\Windows\System\TBjXmJc.exe
  C:\Windows\System\TBjXmJc.exe
  2⤵
  PID:6132
- C:\Windows\System\zplVGJq.exe
  C:\Windows\System\zplVGJq.exe
  2⤵
  PID:5344
- C:\Windows\System\BvRkOOI.exe
  C:\Windows\System\BvRkOOI.exe
  2⤵
  PID:1584
- C:\Windows\System\kTNEFOf.exe
  C:\Windows\System\kTNEFOf.exe
  2⤵
  PID:2872
- C:\Windows\System\DiVwREi.exe
  C:\Windows\System\DiVwREi.exe
  2⤵
  PID:6148
- C:\Windows\System\hOGTncc.exe
  C:\Windows\System\hOGTncc.exe
  2⤵
  PID:2852
- C:\Windows\System\zUmvSkh.exe
  C:\Windows\System\zUmvSkh.exe
  2⤵
  PID:1752
- C:\Windows\System\inSkyHf.exe
  C:\Windows\System\inSkyHf.exe
  2⤵
  PID:6228
- C:\Windows\System\DrmDXlo.exe
  C:\Windows\System\DrmDXlo.exe
  2⤵
  PID:6208
- C:\Windows\System\vWLnrOC.exe
  C:\Windows\System\vWLnrOC.exe
  2⤵
  PID:6164
- C:\Windows\System\lGlykCe.exe
  C:\Windows\System\lGlykCe.exe
  2⤵
  PID:6288
- C:\Windows\System\nYSMUXk.exe
  C:\Windows\System\nYSMUXk.exe
  2⤵
  PID:6360
- C:\Windows\System\uUKKOdB.exe
  C:\Windows\System\uUKKOdB.exe
  2⤵
  PID:6400
- C:\Windows\System\rVwWkWl.exe
  C:\Windows\System\rVwWkWl.exe
  2⤵
  PID:6508
- C:\Windows\System\QPSueZy.exe
  C:\Windows\System\QPSueZy.exe
  2⤵
  PID:6416
- C:\Windows\System\stSpApg.exe
  C:\Windows\System\stSpApg.exe
  2⤵
  PID:6584
- C:\Windows\System\gXfsjvk.exe
  C:\Windows\System\gXfsjvk.exe
  2⤵
  PID:6552
- C:\Windows\System\gFFfMYW.exe
  C:\Windows\System\gFFfMYW.exe
  2⤵
  PID:860
- C:\Windows\System\DzakDnC.exe
  C:\Windows\System\DzakDnC.exe
  2⤵
  PID:6628
- C:\Windows\System\WsqyJEm.exe
  C:\Windows\System\WsqyJEm.exe
  2⤵
  PID:6712
- C:\Windows\System\cKuxQmY.exe
  C:\Windows\System\cKuxQmY.exe
  2⤵
  PID:348
- C:\Windows\System\CxOQleB.exe
  C:\Windows\System\CxOQleB.exe
  2⤵
  PID:6772
- C:\Windows\System\WHcaBZb.exe
  C:\Windows\System\WHcaBZb.exe
  2⤵
  PID:6788
- C:\Windows\System\aeYXIiT.exe
  C:\Windows\System\aeYXIiT.exe
  2⤵
  PID:6792
- C:\Windows\System\YLJUvGe.exe
  C:\Windows\System\YLJUvGe.exe
  2⤵
  PID:6896
- C:\Windows\System\tawwUOL.exe
  C:\Windows\System\tawwUOL.exe
  2⤵
  PID:2060
- C:\Windows\System\raHkYqo.exe
  C:\Windows\System\raHkYqo.exe
  2⤵
  PID:2288
- C:\Windows\System\HhGpfJw.exe
  C:\Windows\System\HhGpfJw.exe
  2⤵
  PID:6696
- C:\Windows\System\IChBaDW.exe
  C:\Windows\System\IChBaDW.exe
  2⤵
  PID:6992
- C:\Windows\System\dgTNUzo.exe
  C:\Windows\System\dgTNUzo.exe
  2⤵
  PID:2992
- C:\Windows\System\gjBKXrD.exe
  C:\Windows\System\gjBKXrD.exe
  2⤵
  PID:5832
- C:\Windows\System\DZZKMXd.exe
  C:\Windows\System\DZZKMXd.exe
  2⤵
  PID:1172
- C:\Windows\System\YxvvuMo.exe
  C:\Windows\System\YxvvuMo.exe
  2⤵
  PID:5276
- C:\Windows\System\CyHXSnA.exe
  C:\Windows\System\CyHXSnA.exe
  2⤵
  PID:5636
- C:\Windows\System\ejuLeqd.exe
  C:\Windows\System\ejuLeqd.exe
  2⤵
  PID:4964
- C:\Windows\System\bLAWYhN.exe
  C:\Windows\System\bLAWYhN.exe
  2⤵
  PID:5984
- C:\Windows\System\ZeoEFyT.exe
  C:\Windows\System\ZeoEFyT.exe
  2⤵
  PID:1100
- C:\Windows\System\SVMLjOQ.exe
  C:\Windows\System\SVMLjOQ.exe
  2⤵
  PID:5496
- C:\Windows\System\GoGpmLZ.exe
  C:\Windows\System\GoGpmLZ.exe
  2⤵
  PID:6292
- C:\Windows\System\UBoJLNa.exe
  C:\Windows\System\UBoJLNa.exe
  2⤵
  PID:6532
- C:\Windows\System\pugmNai.exe
  C:\Windows\System\pugmNai.exe
  2⤵
  PID:6348
- C:\Windows\System\fKVKsQm.exe
  C:\Windows\System\fKVKsQm.exe
  2⤵
  PID:6608
- C:\Windows\System\sdgkEgJ.exe
  C:\Windows\System\sdgkEgJ.exe
  2⤵
  PID:6564
- C:\Windows\System\AhpQJqe.exe
  C:\Windows\System\AhpQJqe.exe
  2⤵
  PID:6728
- C:\Windows\System\RQjzsUe.exe
  C:\Windows\System\RQjzsUe.exe
  2⤵
  PID:6776
- C:\Windows\System\uOJCBZm.exe
  C:\Windows\System\uOJCBZm.exe
  2⤵
  PID:6748
- C:\Windows\System\CLlTMla.exe
  C:\Windows\System\CLlTMla.exe
  2⤵
  PID:6876
- C:\Windows\System\CoqTdao.exe
  C:\Windows\System\CoqTdao.exe
  2⤵
  PID:6916
- C:\Windows\System\EHxXIzF.exe
  C:\Windows\System\EHxXIzF.exe
  2⤵
  PID:7008
- C:\Windows\System\vCvHGPh.exe
  C:\Windows\System\vCvHGPh.exe
  2⤵
  PID:7032
- C:\Windows\System\fIoBYOY.exe
  C:\Windows\System\fIoBYOY.exe
  2⤵
  PID:1684
- C:\Windows\System\GwgtPtA.exe
  C:\Windows\System\GwgtPtA.exe
  2⤵
  PID:5392
- C:\Windows\System\NloXFIF.exe
  C:\Windows\System\NloXFIF.exe
  2⤵
  PID:2460
- C:\Windows\System\HcysPmQ.exe
  C:\Windows\System\HcysPmQ.exe
  2⤵
  PID:5512
- C:\Windows\System\IrgzodT.exe
  C:\Windows\System\IrgzodT.exe
  2⤵
  PID:6212
- C:\Windows\System\YCLpjRs.exe
  C:\Windows\System\YCLpjRs.exe
  2⤵
  PID:6308
- C:\Windows\System\PROqDIX.exe
  C:\Windows\System\PROqDIX.exe
  2⤵
  PID:3572
- C:\Windows\System\tBPjxoQ.exe
  C:\Windows\System\tBPjxoQ.exe
  2⤵
  PID:6612
- C:\Windows\System\tJnyiNR.exe
  C:\Windows\System\tJnyiNR.exe
  2⤵
  PID:6460
- C:\Windows\System\REFnTbC.exe
  C:\Windows\System\REFnTbC.exe
  2⤵
  PID:6832
- C:\Windows\System\qeVYpvP.exe
  C:\Windows\System\qeVYpvP.exe
  2⤵
  PID:7136
- C:\Windows\System\eCiGKUl.exe
  C:\Windows\System\eCiGKUl.exe
  2⤵
  PID:6956
- C:\Windows\System\tLDBhAo.exe
  C:\Windows\System\tLDBhAo.exe
  2⤵
  PID:7076
- C:\Windows\System\XXUkFfA.exe
  C:\Windows\System\XXUkFfA.exe
  2⤵
  PID:6180
- C:\Windows\System\xydxAIu.exe
  C:\Windows\System\xydxAIu.exe
  2⤵
  PID:2672
- C:\Windows\System\agMOEEm.exe
  C:\Windows\System\agMOEEm.exe
  2⤵
  PID:5688
- C:\Windows\System\hiOOcTd.exe
  C:\Windows\System\hiOOcTd.exe
  2⤵
  PID:2016
- C:\Windows\System\bDtnBWy.exe
  C:\Windows\System\bDtnBWy.exe
  2⤵
  PID:2552
- C:\Windows\System\kqdtTzH.exe
  C:\Windows\System\kqdtTzH.exe
  2⤵
  PID:6928
- C:\Windows\System\YhfEhsD.exe
  C:\Windows\System\YhfEhsD.exe
  2⤵
  PID:6472
- C:\Windows\System\tFEMoZr.exe
  C:\Windows\System\tFEMoZr.exe
  2⤵
  PID:2932
- C:\Windows\System\CvfPcOv.exe
  C:\Windows\System\CvfPcOv.exe
  2⤵
  PID:1252
- C:\Windows\System\vWvGCrR.exe
  C:\Windows\System\vWvGCrR.exe
  2⤵
  PID:6456
- C:\Windows\System\Ivmboay.exe
  C:\Windows\System\Ivmboay.exe
  2⤵
  PID:6344
- C:\Windows\System\FgCmcMw.exe
  C:\Windows\System\FgCmcMw.exe
  2⤵
  PID:7180
- C:\Windows\System\qFrvvuD.exe
  C:\Windows\System\qFrvvuD.exe
  2⤵
  PID:7204
- C:\Windows\System\solHjlu.exe
  C:\Windows\System\solHjlu.exe
  2⤵
  PID:7220
- C:\Windows\System\yuygsNS.exe
  C:\Windows\System\yuygsNS.exe
  2⤵
  PID:7240
- C:\Windows\System\rVEhMRP.exe
  C:\Windows\System\rVEhMRP.exe
  2⤵
  PID:7256
- C:\Windows\System\mmLnaYx.exe
  C:\Windows\System\mmLnaYx.exe
  2⤵
  PID:7280
- C:\Windows\System\mOqnxCb.exe
  C:\Windows\System\mOqnxCb.exe
  2⤵
  PID:7300
- C:\Windows\System\lpLWQrV.exe
  C:\Windows\System\lpLWQrV.exe
  2⤵
  PID:7324
- C:\Windows\System\Giajwbn.exe
  C:\Windows\System\Giajwbn.exe
  2⤵
  PID:7344
- C:\Windows\System\ayooyRs.exe
  C:\Windows\System\ayooyRs.exe
  2⤵
  PID:7364
- C:\Windows\System\tGjDaaH.exe
  C:\Windows\System\tGjDaaH.exe
  2⤵
  PID:7384
- C:\Windows\System\inWlgnf.exe
  C:\Windows\System\inWlgnf.exe
  2⤵
  PID:7408
- C:\Windows\System\ipFByic.exe
  C:\Windows\System\ipFByic.exe
  2⤵
  PID:7428
- C:\Windows\System\RwRxtrk.exe
  C:\Windows\System\RwRxtrk.exe
  2⤵
  PID:7448
- C:\Windows\System\XGeTpHT.exe
  C:\Windows\System\XGeTpHT.exe
  2⤵
  PID:7472
- C:\Windows\System\qWXzmXg.exe
  C:\Windows\System\qWXzmXg.exe
  2⤵
  PID:7488
- C:\Windows\System\rWlGJcs.exe
  C:\Windows\System\rWlGJcs.exe
  2⤵
  PID:7512
- C:\Windows\System\FfcJBDl.exe
  C:\Windows\System\FfcJBDl.exe
  2⤵
  PID:7532
- C:\Windows\System\SlEZvYY.exe
  C:\Windows\System\SlEZvYY.exe
  2⤵
  PID:7552
- C:\Windows\System\fpRssVV.exe
  C:\Windows\System\fpRssVV.exe
  2⤵
  PID:7572
- C:\Windows\System\CMzcAQu.exe
  C:\Windows\System\CMzcAQu.exe
  2⤵
  PID:7592
- C:\Windows\System\whiOgPW.exe
  C:\Windows\System\whiOgPW.exe
  2⤵
  PID:7616
- C:\Windows\System\HCsqfNj.exe
  C:\Windows\System\HCsqfNj.exe
  2⤵
  PID:7636
- C:\Windows\System\vKmmPFe.exe
  C:\Windows\System\vKmmPFe.exe
  2⤵
  PID:7656
- C:\Windows\System\aMoYwaR.exe
  C:\Windows\System\aMoYwaR.exe
  2⤵
  PID:7672
- C:\Windows\System\NBakYsf.exe
  C:\Windows\System\NBakYsf.exe
  2⤵
  PID:7696
- C:\Windows\System\cwQzizW.exe
  C:\Windows\System\cwQzizW.exe
  2⤵
  PID:7716
- C:\Windows\System\jQIJznw.exe
  C:\Windows\System\jQIJznw.exe
  2⤵
  PID:7736
- C:\Windows\System\GyhIjuA.exe
  C:\Windows\System\GyhIjuA.exe
  2⤵
  PID:7752
- C:\Windows\System\lQTciZC.exe
  C:\Windows\System\lQTciZC.exe
  2⤵
  PID:7776
- C:\Windows\System\tbiLIMq.exe
  C:\Windows\System\tbiLIMq.exe
  2⤵
  PID:7792
- C:\Windows\System\AyGerYu.exe
  C:\Windows\System\AyGerYu.exe
  2⤵
  PID:7808
- C:\Windows\System\dwpFXnf.exe
  C:\Windows\System\dwpFXnf.exe
  2⤵
  PID:7832
- C:\Windows\System\AeWsxeK.exe
  C:\Windows\System\AeWsxeK.exe
  2⤵
  PID:7852
- C:\Windows\System\rYRMyso.exe
  C:\Windows\System\rYRMyso.exe
  2⤵
  PID:7868
- C:\Windows\System\dalqOLm.exe
  C:\Windows\System\dalqOLm.exe
  2⤵
  PID:7888
- C:\Windows\System\pZatCVo.exe
  C:\Windows\System\pZatCVo.exe
  2⤵
  PID:7904
- C:\Windows\System\GPUqrMP.exe
  C:\Windows\System\GPUqrMP.exe
  2⤵
  PID:7924
- C:\Windows\System\PBvXFzO.exe
  C:\Windows\System\PBvXFzO.exe
  2⤵
  PID:7940
- C:\Windows\System\fHSIWla.exe
  C:\Windows\System\fHSIWla.exe
  2⤵
  PID:7976
- C:\Windows\System\pxWzNFM.exe
  C:\Windows\System\pxWzNFM.exe
  2⤵
  PID:7992
- C:\Windows\System\FgRdlcg.exe
  C:\Windows\System\FgRdlcg.exe
  2⤵
  PID:8008
- C:\Windows\System\BymRHmi.exe
  C:\Windows\System\BymRHmi.exe
  2⤵
  PID:8024
- C:\Windows\System\VKSGNAv.exe
  C:\Windows\System\VKSGNAv.exe
  2⤵
  PID:8044
- C:\Windows\System\nDTfQwz.exe
  C:\Windows\System\nDTfQwz.exe
  2⤵
  PID:8064
- C:\Windows\System\UTaOeZd.exe
  C:\Windows\System\UTaOeZd.exe
  2⤵
  PID:8080
- C:\Windows\System\xicrqMf.exe
  C:\Windows\System\xicrqMf.exe
  2⤵
  PID:8104
- C:\Windows\System\WjdmPsB.exe
  C:\Windows\System\WjdmPsB.exe
  2⤵
  PID:8120
- C:\Windows\System\yZhghQV.exe
  C:\Windows\System\yZhghQV.exe
  2⤵
  PID:8136
- C:\Windows\System\YiqznGs.exe
  C:\Windows\System\YiqznGs.exe
  2⤵
  PID:8152
- C:\Windows\System\DVHgjIx.exe
  C:\Windows\System\DVHgjIx.exe
  2⤵
  PID:8172
- C:\Windows\System\sKqfaRl.exe
  C:\Windows\System\sKqfaRl.exe
  2⤵
  PID:8188
- C:\Windows\System\swgiXNC.exe
  C:\Windows\System\swgiXNC.exe
  2⤵
  PID:108
- C:\Windows\System\KnSlhND.exe
  C:\Windows\System\KnSlhND.exe
  2⤵
  PID:6644
- C:\Windows\System\KAWZDun.exe
  C:\Windows\System\KAWZDun.exe
  2⤵
  PID:7152
- C:\Windows\System\qVsTkgZ.exe
  C:\Windows\System\qVsTkgZ.exe
  2⤵
  PID:7200
- C:\Windows\System\wJNKiPz.exe
  C:\Windows\System\wJNKiPz.exe
  2⤵
  PID:7228
- C:\Windows\System\NKdcCwy.exe
  C:\Windows\System\NKdcCwy.exe
  2⤵
  PID:7272
- C:\Windows\System\FJGZnOY.exe
  C:\Windows\System\FJGZnOY.exe
  2⤵
  PID:7248
- C:\Windows\System\etUjvyQ.exe
  C:\Windows\System\etUjvyQ.exe
  2⤵
  PID:7320
- C:\Windows\System\gYgphSM.exe
  C:\Windows\System\gYgphSM.exe
  2⤵
  PID:4952
- C:\Windows\System\vwRtcCr.exe
  C:\Windows\System\vwRtcCr.exe
  2⤵
  PID:7376
- C:\Windows\System\GZzNmcc.exe
  C:\Windows\System\GZzNmcc.exe
  2⤵
  PID:7416
- C:\Windows\System\aDOrhlO.exe
  C:\Windows\System\aDOrhlO.exe
  2⤵
  PID:7484
- C:\Windows\System\MXTkBVD.exe
  C:\Windows\System\MXTkBVD.exe
  2⤵
  PID:7520
- C:\Windows\System\XlvzNOk.exe
  C:\Windows\System\XlvzNOk.exe
  2⤵
  PID:7504
- C:\Windows\System\TnqwXtj.exe
  C:\Windows\System\TnqwXtj.exe
  2⤵
  PID:1828
- C:\Windows\System\BUoMleI.exe
  C:\Windows\System\BUoMleI.exe
  2⤵
  PID:7564
- C:\Windows\System\ayrTDNQ.exe
  C:\Windows\System\ayrTDNQ.exe
  2⤵
  PID:7600
- C:\Windows\System\lmOYjAu.exe
  C:\Windows\System\lmOYjAu.exe
  2⤵
  PID:7644
- C:\Windows\System\KEkIxLN.exe
  C:\Windows\System\KEkIxLN.exe
  2⤵
  PID:7648
- C:\Windows\System\DoqZLjk.exe
  C:\Windows\System\DoqZLjk.exe
  2⤵
  PID:7692
- C:\Windows\System\YpKraqG.exe
  C:\Windows\System\YpKraqG.exe
  2⤵
  PID:1708
- C:\Windows\System\YryHofy.exe
  C:\Windows\System\YryHofy.exe
  2⤵
  PID:7724
- C:\Windows\System\flNzrju.exe
  C:\Windows\System\flNzrju.exe
  2⤵
  PID:7744
- C:\Windows\System\ieqPBbY.exe
  C:\Windows\System\ieqPBbY.exe
  2⤵
  PID:1728
- C:\Windows\System\jmprGXe.exe
  C:\Windows\System\jmprGXe.exe
  2⤵
  PID:2164
- C:\Windows\System\RYDiZIN.exe
  C:\Windows\System\RYDiZIN.exe
  2⤵
  PID:7772
- C:\Windows\System\gximUub.exe
  C:\Windows\System\gximUub.exe
  2⤵
  PID:7788
- C:\Windows\System\SoklegU.exe
  C:\Windows\System\SoklegU.exe
  2⤵
  PID:7820
- C:\Windows\System\CSCxqQJ.exe
  C:\Windows\System\CSCxqQJ.exe
  2⤵
  PID:7936
- C:\Windows\System\WtxewTj.exe
  C:\Windows\System\WtxewTj.exe
  2⤵
  PID:7880
- C:\Windows\System\kimcuBG.exe
  C:\Windows\System\kimcuBG.exe
  2⤵
  PID:7968
- C:\Windows\System\obbXslP.exe
  C:\Windows\System\obbXslP.exe
  2⤵
  PID:7956
- C:\Windows\System\tLThPRs.exe
  C:\Windows\System\tLThPRs.exe
  2⤵
  PID:7988
- C:\Windows\System\xaAsPaG.exe
  C:\Windows\System\xaAsPaG.exe
  2⤵
  PID:8052
- C:\Windows\System\pgyeJsQ.exe
  C:\Windows\System\pgyeJsQ.exe
  2⤵
  PID:8100
- C:\Windows\System\FUHJaXf.exe
  C:\Windows\System\FUHJaXf.exe
  2⤵
  PID:8164
- C:\Windows\System\UeanXBi.exe
  C:\Windows\System\UeanXBi.exe
  2⤵
  PID:376
- C:\Windows\System\KGAvihe.exe
  C:\Windows\System\KGAvihe.exe
  2⤵
  PID:7176
- C:\Windows\System\ojKdxIV.exe
  C:\Windows\System\ojKdxIV.exe
  2⤵
  PID:7296
- C:\Windows\System\WPxYImy.exe
  C:\Windows\System\WPxYImy.exe
  2⤵
  PID:7312
- C:\Windows\System\nTJOjhP.exe
  C:\Windows\System\nTJOjhP.exe
  2⤵
  PID:8072
- C:\Windows\System\yQkqXVG.exe
  C:\Windows\System\yQkqXVG.exe
  2⤵
  PID:7440
- C:\Windows\System\rQQIQsI.exe
  C:\Windows\System\rQQIQsI.exe
  2⤵
  PID:8180
- C:\Windows\System\WlRRRjq.exe
  C:\Windows\System\WlRRRjq.exe
  2⤵
  PID:7192
- C:\Windows\System\hPlPKRH.exe
  C:\Windows\System\hPlPKRH.exe
  2⤵
  PID:7360
- C:\Windows\System\zXGYavU.exe
  C:\Windows\System\zXGYavU.exe
  2⤵
  PID:7336
- C:\Windows\System\TGhIrYY.exe
  C:\Windows\System\TGhIrYY.exe
  2⤵
  PID:7396
- C:\Windows\System\KNJUnDP.exe
  C:\Windows\System\KNJUnDP.exe
  2⤵
  PID:7372
- C:\Windows\System\xtgnbtp.exe
  C:\Windows\System\xtgnbtp.exe
  2⤵
  PID:7584
- C:\Windows\System\HIEYOxR.exe
  C:\Windows\System\HIEYOxR.exe
  2⤵
  PID:7712
- C:\Windows\System\RDNlDmA.exe
  C:\Windows\System\RDNlDmA.exe
  2⤵
  PID:8040
- C:\Windows\System\fTSwwnj.exe
  C:\Windows\System\fTSwwnj.exe
  2⤵
  PID:7392
- C:\Windows\System\KizlHeG.exe
  C:\Windows\System\KizlHeG.exe
  2⤵
  PID:7628
- C:\Windows\System\HEAOzKW.exe
  C:\Windows\System\HEAOzKW.exe
  2⤵
  PID:2484
- C:\Windows\System\VetHDlD.exe
  C:\Windows\System\VetHDlD.exe
  2⤵
  PID:7816
- C:\Windows\System\OlFBwww.exe
  C:\Windows\System\OlFBwww.exe
  2⤵
  PID:7864
- C:\Windows\System\OYbTrbq.exe
  C:\Windows\System\OYbTrbq.exe
  2⤵
  PID:7932
- C:\Windows\System\VyEzrat.exe
  C:\Windows\System\VyEzrat.exe
  2⤵
  PID:7884
- C:\Windows\System\ZveFNeO.exe
  C:\Windows\System\ZveFNeO.exe
  2⤵
  PID:8116
- C:\Windows\System\fAVXUdW.exe
  C:\Windows\System\fAVXUdW.exe
  2⤵
  PID:7500
- C:\Windows\System\iJaYkFn.exe
  C:\Windows\System\iJaYkFn.exe
  2⤵
  PID:7496
- C:\Windows\System\LTjtsTf.exe
  C:\Windows\System\LTjtsTf.exe
  2⤵
  PID:7604
- C:\Windows\System\GtoykSP.exe
  C:\Windows\System\GtoykSP.exe
  2⤵
  PID:4820
- C:\Windows\System\cxRVjgL.exe
  C:\Windows\System\cxRVjgL.exe
  2⤵
  PID:3020
- C:\Windows\System\PuzPMfY.exe
  C:\Windows\System\PuzPMfY.exe
  2⤵
  PID:7828
- C:\Windows\System\taoxjeB.exe
  C:\Windows\System\taoxjeB.exe
  2⤵
  PID:8160
- C:\Windows\System\tZTBXSU.exe
  C:\Windows\System\tZTBXSU.exe
  2⤵
  PID:7232
- C:\Windows\System\WAVvfof.exe
  C:\Windows\System\WAVvfof.exe
  2⤵
  PID:7468
- C:\Windows\System\tJlHKhQ.exe
  C:\Windows\System\tJlHKhQ.exe
  2⤵
  PID:2816
- C:\Windows\System\tSddbAp.exe
  C:\Windows\System\tSddbAp.exe
  2⤵
  PID:7588
- C:\Windows\System\vCsJatx.exe
  C:\Windows\System\vCsJatx.exe
  2⤵
  PID:7900
- C:\Windows\System\qkADCeH.exe
  C:\Windows\System\qkADCeH.exe
  2⤵
  PID:7824
- C:\Windows\System\AiVIEYt.exe
  C:\Windows\System\AiVIEYt.exe
  2⤵
  PID:2960
- C:\Windows\System\VsFKHpa.exe
  C:\Windows\System\VsFKHpa.exe
  2⤵
  PID:7424
- C:\Windows\System\TQmJiLh.exe
  C:\Windows\System\TQmJiLh.exe
  2⤵
  PID:7288
- C:\Windows\System\QkoljtW.exe
  C:\Windows\System\QkoljtW.exe
  2⤵
  PID:7920
- C:\Windows\System\KinrbkI.exe
  C:\Windows\System\KinrbkI.exe
  2⤵
  PID:7948
- C:\Windows\System\bOXUQpa.exe
  C:\Windows\System\bOXUQpa.exe
  2⤵
  PID:7524
- C:\Windows\System\ywJEptk.exe
  C:\Windows\System\ywJEptk.exe
  2⤵
  PID:8020
- C:\Windows\System\hyZkrCQ.exe
  C:\Windows\System\hyZkrCQ.exe
  2⤵
  PID:7728
- C:\Windows\System\ydUQuFV.exe
  C:\Windows\System\ydUQuFV.exe
  2⤵
  PID:8000
- C:\Windows\System\FQiXmny.exe
  C:\Windows\System\FQiXmny.exe
  2⤵
  PID:7896
- C:\Windows\System\dLuylDg.exe
  C:\Windows\System\dLuylDg.exe
  2⤵
  PID:8112
- C:\Windows\System\uovmRfT.exe
  C:\Windows\System\uovmRfT.exe
  2⤵
  PID:8148
- C:\Windows\System\MFagBuu.exe
  C:\Windows\System\MFagBuu.exe
  2⤵
  PID:1900
- C:\Windows\System\VFDDPoH.exe
  C:\Windows\System\VFDDPoH.exe
  2⤵
  PID:3052
- C:\Windows\System\FFFafcg.exe
  C:\Windows\System\FFFafcg.exe
  2⤵
  PID:7444
- C:\Windows\System\UIVaqwp.exe
  C:\Windows\System\UIVaqwp.exe
  2⤵
  PID:7664
- C:\Windows\System\UpZdQhf.exe
  C:\Windows\System\UpZdQhf.exe
  2⤵
  PID:7580
- C:\Windows\System\GCHGYwZ.exe
  C:\Windows\System\GCHGYwZ.exe
  2⤵
  PID:8096
- C:\Windows\System\olVnYsA.exe
  C:\Windows\System\olVnYsA.exe
  2⤵
  PID:8204
- C:\Windows\System\QsfycsN.exe
  C:\Windows\System\QsfycsN.exe
  2⤵
  PID:8220
- C:\Windows\System\PqjVQOv.exe
  C:\Windows\System\PqjVQOv.exe
  2⤵
  PID:8248
- C:\Windows\System\OGJIQNn.exe
  C:\Windows\System\OGJIQNn.exe
  2⤵
  PID:8296
- C:\Windows\System\GmxbouM.exe
  C:\Windows\System\GmxbouM.exe
  2⤵
  PID:8320
- C:\Windows\System\jlgQlfk.exe
  C:\Windows\System\jlgQlfk.exe
  2⤵
  PID:8336
- C:\Windows\System\ZostNyd.exe
  C:\Windows\System\ZostNyd.exe
  2⤵
  PID:8352
- C:\Windows\System\mGjKpmm.exe
  C:\Windows\System\mGjKpmm.exe
  2⤵
  PID:8372
- C:\Windows\System\SNqrnJr.exe
  C:\Windows\System\SNqrnJr.exe
  2⤵
  PID:8400
- C:\Windows\System\gYWetVT.exe
  C:\Windows\System\gYWetVT.exe
  2⤵
  PID:8416
- C:\Windows\System\QPTSjyp.exe
  C:\Windows\System\QPTSjyp.exe
  2⤵
  PID:8432
- C:\Windows\System\FgRrjFH.exe
  C:\Windows\System\FgRrjFH.exe
  2⤵
  PID:8448
- C:\Windows\System\YdJqMlv.exe
  C:\Windows\System\YdJqMlv.exe
  2⤵
  PID:8464
- C:\Windows\System\rvRtNvt.exe
  C:\Windows\System\rvRtNvt.exe
  2⤵
  PID:8480
- C:\Windows\System\dxozCxi.exe
  C:\Windows\System\dxozCxi.exe
  2⤵
  PID:8496
- C:\Windows\System\grfeAYp.exe
  C:\Windows\System\grfeAYp.exe
  2⤵
  PID:8512
- C:\Windows\System\geizkGr.exe
  C:\Windows\System\geizkGr.exe
  2⤵
  PID:8528
- C:\Windows\System\Zlezpnh.exe
  C:\Windows\System\Zlezpnh.exe
  2⤵
  PID:8544
- C:\Windows\System\setGqNt.exe
  C:\Windows\System\setGqNt.exe
  2⤵
  PID:8560
- C:\Windows\System\oINaYTj.exe
  C:\Windows\System\oINaYTj.exe
  2⤵
  PID:8576
- C:\Windows\System\iqKzXQt.exe
  C:\Windows\System\iqKzXQt.exe
  2⤵
  PID:8592
- C:\Windows\System\GpczdWR.exe
  C:\Windows\System\GpczdWR.exe
  2⤵
  PID:8608
- C:\Windows\System\WPzbrBN.exe
  C:\Windows\System\WPzbrBN.exe
  2⤵
  PID:8628
- C:\Windows\System\xjxFprH.exe
  C:\Windows\System\xjxFprH.exe
  2⤵
  PID:8644
- C:\Windows\System\pGLnCiU.exe
  C:\Windows\System\pGLnCiU.exe
  2⤵
  PID:8660
- C:\Windows\System\IAYrdpz.exe
  C:\Windows\System\IAYrdpz.exe
  2⤵
  PID:8676
- C:\Windows\System\dMRJqJt.exe
  C:\Windows\System\dMRJqJt.exe
  2⤵
  PID:8692
- C:\Windows\System\bzIhGqx.exe
  C:\Windows\System\bzIhGqx.exe
  2⤵
  PID:8708
- C:\Windows\System\ZbCAeAr.exe
  C:\Windows\System\ZbCAeAr.exe
  2⤵
  PID:8724
- C:\Windows\System\hPQYHHv.exe
  C:\Windows\System\hPQYHHv.exe
  2⤵
  PID:8740
- C:\Windows\System\ugwdgvM.exe
  C:\Windows\System\ugwdgvM.exe
  2⤵
  PID:8760
- C:\Windows\System\ufDqHrJ.exe
  C:\Windows\System\ufDqHrJ.exe
  2⤵
  PID:8776
- C:\Windows\System\ZxjMUny.exe
  C:\Windows\System\ZxjMUny.exe
  2⤵
  PID:8792
- C:\Windows\System\FYCUYqK.exe
  C:\Windows\System\FYCUYqK.exe
  2⤵
  PID:8808
- C:\Windows\System\QifcYAi.exe
  C:\Windows\System\QifcYAi.exe
  2⤵
  PID:8824
- C:\Windows\System\bhEMeqk.exe
  C:\Windows\System\bhEMeqk.exe
  2⤵
  PID:8840
- C:\Windows\System\xsFlHzk.exe
  C:\Windows\System\xsFlHzk.exe
  2⤵
  PID:8856
- C:\Windows\System\XxEQMBa.exe
  C:\Windows\System\XxEQMBa.exe
  2⤵
  PID:8872
- C:\Windows\System\mSbePwB.exe
  C:\Windows\System\mSbePwB.exe
  2⤵
  PID:8888
- C:\Windows\System\JKxIoUj.exe
  C:\Windows\System\JKxIoUj.exe
  2⤵
  PID:8904
- C:\Windows\System\PHEjoMI.exe
  C:\Windows\System\PHEjoMI.exe
  2⤵
  PID:8920
- C:\Windows\System\DVsisou.exe
  C:\Windows\System\DVsisou.exe
  2⤵
  PID:8936
- C:\Windows\System\pQwtypF.exe
  C:\Windows\System\pQwtypF.exe
  2⤵
  PID:8952
- C:\Windows\System\UaIUJKA.exe
  C:\Windows\System\UaIUJKA.exe
  2⤵
  PID:8968
- C:\Windows\System\uhNsjIx.exe
  C:\Windows\System\uhNsjIx.exe
  2⤵
  PID:8984
- C:\Windows\System\VooYVgz.exe
  C:\Windows\System\VooYVgz.exe
  2⤵
  PID:9000
- C:\Windows\System\UJceClK.exe
  C:\Windows\System\UJceClK.exe
  2⤵
  PID:9016
- C:\Windows\System\PBmCdJN.exe
  C:\Windows\System\PBmCdJN.exe
  2⤵
  PID:9032
- C:\Windows\System\DUOrTUP.exe
  C:\Windows\System\DUOrTUP.exe
  2⤵
  PID:9048
- C:\Windows\System\fYcXdVd.exe
  C:\Windows\System\fYcXdVd.exe
  2⤵
  PID:9064
- C:\Windows\System\eabGNVf.exe
  C:\Windows\System\eabGNVf.exe
  2⤵
  PID:9080
- C:\Windows\System\mjuGECr.exe
  C:\Windows\System\mjuGECr.exe
  2⤵
  PID:9096
- C:\Windows\System\rztqmaY.exe
  C:\Windows\System\rztqmaY.exe
  2⤵
  PID:8236
- C:\Windows\System\hHWhVEy.exe
  C:\Windows\System\hHWhVEy.exe
  2⤵
  PID:7016
- C:\Windows\System\neacLpB.exe
  C:\Windows\System\neacLpB.exe
  2⤵
  PID:8316
- C:\Windows\System\FZUeHjd.exe
  C:\Windows\System\FZUeHjd.exe
  2⤵
  PID:8344
- C:\Windows\System\HNABlcd.exe
  C:\Windows\System\HNABlcd.exe
  2⤵
  PID:8368
- C:\Windows\System\VDdDFXR.exe
  C:\Windows\System\VDdDFXR.exe
  2⤵
  PID:8396
- C:\Windows\System\WUdekUV.exe
  C:\Windows\System\WUdekUV.exe
  2⤵
  PID:8476
- C:\Windows\System\VjJEiPV.exe
  C:\Windows\System\VjJEiPV.exe
  2⤵
  PID:8412
- C:\Windows\System\gInBtSa.exe
  C:\Windows\System\gInBtSa.exe
  2⤵
  PID:8460
- C:\Windows\System\IzUPXYp.exe
  C:\Windows\System\IzUPXYp.exe
  2⤵
  PID:8588
- C:\Windows\System\SuYVIKP.exe
  C:\Windows\System\SuYVIKP.exe
  2⤵
  PID:8552
- C:\Windows\System\ECllBJV.exe
  C:\Windows\System\ECllBJV.exe
  2⤵
  PID:8684
- C:\Windows\System\vModbof.exe
  C:\Windows\System\vModbof.exe
  2⤵
  PID:8788
- C:\Windows\System\WCHOBpV.exe
  C:\Windows\System\WCHOBpV.exe
  2⤵
  PID:8748
- C:\Windows\System\jjoeSnj.exe
  C:\Windows\System\jjoeSnj.exe
  2⤵
  PID:8848
- C:\Windows\System\wpSYshp.exe
  C:\Windows\System\wpSYshp.exe
  2⤵
  PID:8912
- C:\Windows\System\mLhElIl.exe
  C:\Windows\System\mLhElIl.exe
  2⤵
  PID:8640
- C:\Windows\System\CyRtqXi.exe
  C:\Windows\System\CyRtqXi.exe
  2⤵
  PID:8600
- C:\Windows\System\tgbbCkH.exe
  C:\Windows\System\tgbbCkH.exe
  2⤵
  PID:8668
- C:\Windows\System\BAdfphC.exe
  C:\Windows\System\BAdfphC.exe
  2⤵
  PID:8736
- C:\Windows\System\RXLNmwj.exe
  C:\Windows\System\RXLNmwj.exe
  2⤵
  PID:8312
- C:\Windows\System\YWKHJjz.exe
  C:\Windows\System\YWKHJjz.exe
  2⤵
  PID:8864
- C:\Windows\System\UoISflt.exe
  C:\Windows\System\UoISflt.exe
  2⤵
  PID:8928
- C:\Windows\System\UWywiat.exe
  C:\Windows\System\UWywiat.exe
  2⤵
  PID:8960
- C:\Windows\System\JaGmoaV.exe
  C:\Windows\System\JaGmoaV.exe
  2⤵
  PID:9056
- C:\Windows\System\sisaOCO.exe
  C:\Windows\System\sisaOCO.exe
  2⤵
  PID:9060
- C:\Windows\System\nGTnPpF.exe
  C:\Windows\System\nGTnPpF.exe
  2⤵
  PID:9040
- C:\Windows\System\DrnGCQQ.exe
  C:\Windows\System\DrnGCQQ.exe
  2⤵
  PID:9112
- C:\Windows\System\nfnIGSg.exe
  C:\Windows\System\nfnIGSg.exe
  2⤵
  PID:9120
- C:\Windows\System\MwhQADE.exe
  C:\Windows\System\MwhQADE.exe
  2⤵
  PID:9144
- C:\Windows\System\GJNHfDR.exe
  C:\Windows\System\GJNHfDR.exe
  2⤵
  PID:9184
- C:\Windows\System\wxBZexs.exe
  C:\Windows\System\wxBZexs.exe
  2⤵
  PID:9172
- C:\Windows\System\PkFNatR.exe
  C:\Windows\System\PkFNatR.exe
  2⤵
  PID:9200
- C:\Windows\System\JZXTwzW.exe
  C:\Windows\System\JZXTwzW.exe
  2⤵
  PID:8200
- C:\Windows\System\LDVnByJ.exe
  C:\Windows\System\LDVnByJ.exe
  2⤵
  PID:8228
- C:\Windows\System\IdviNMF.exe
  C:\Windows\System\IdviNMF.exe
  2⤵
  PID:8004
- C:\Windows\System\IVwnEFi.exe
  C:\Windows\System\IVwnEFi.exe
  2⤵
  PID:8264
- C:\Windows\System\pAnSczr.exe
  C:\Windows\System\pAnSczr.exe
  2⤵
  PID:8280
- C:\Windows\System\Hluptje.exe
  C:\Windows\System\Hluptje.exe
  2⤵
  PID:8292
- C:\Windows\System\yrypyHi.exe
  C:\Windows\System\yrypyHi.exe
  2⤵
  PID:8364
- C:\Windows\System\OvgEzQD.exe
  C:\Windows\System\OvgEzQD.exe
  2⤵
  PID:8584
- C:\Windows\System\bqbBHUH.exe
  C:\Windows\System\bqbBHUH.exe
  2⤵
  PID:8716
- C:\Windows\System\izgLYzP.exe
  C:\Windows\System\izgLYzP.exe
  2⤵
  PID:8944
- C:\Windows\System\kHfpNsd.exe
  C:\Windows\System\kHfpNsd.exe
  2⤵
  PID:8636
- C:\Windows\System\bWopxGb.exe
  C:\Windows\System\bWopxGb.exe
  2⤵
  PID:8948
- C:\Windows\System\TJdMfPN.exe
  C:\Windows\System\TJdMfPN.exe
  2⤵
  PID:9124
- C:\Windows\System\ZKYqhej.exe
  C:\Windows\System\ZKYqhej.exe
  2⤵
  PID:9196
- C:\Windows\System\fYIQdfW.exe
  C:\Windows\System\fYIQdfW.exe
  2⤵
  PID:8980
- C:\Windows\System\IUlSZUx.exe
  C:\Windows\System\IUlSZUx.exe
  2⤵
  PID:8256
- C:\Windows\System\AxDAdBD.exe
  C:\Windows\System\AxDAdBD.exe
  2⤵
  PID:8288
- C:\Windows\System\zJYtJNO.exe
  C:\Windows\System\zJYtJNO.exe
  2⤵
  PID:9136
- C:\Windows\System\RxXuUOw.exe
  C:\Windows\System\RxXuUOw.exe
  2⤵
  PID:8836
- C:\Windows\System\zBceJUp.exe
  C:\Windows\System\zBceJUp.exe
  2⤵
  PID:9044
- C:\Windows\System\JARksYg.exe
  C:\Windows\System\JARksYg.exe
  2⤵
  PID:9204
- C:\Windows\System\cEPMSzF.exe
  C:\Windows\System\cEPMSzF.exe
  2⤵
  PID:8360
- C:\Windows\System\hFHwwzi.exe
  C:\Windows\System\hFHwwzi.exe
  2⤵
  PID:8488
- C:\Windows\System\WyzVTXN.exe
  C:\Windows\System\WyzVTXN.exe
  2⤵
  PID:8620
- C:\Windows\System\jbPKxYo.exe
  C:\Windows\System\jbPKxYo.exe
  2⤵
  PID:8772
- C:\Windows\System\EXpYKDC.exe
  C:\Windows\System\EXpYKDC.exe
  2⤵
  PID:9076
- C:\Windows\System\WdpqxJE.exe
  C:\Windows\System\WdpqxJE.exe
  2⤵
  PID:8212
- C:\Windows\System\qjpmgQT.exe
  C:\Windows\System\qjpmgQT.exe
  2⤵
  PID:9176
- C:\Windows\System\bmNDJxn.exe
  C:\Windows\System\bmNDJxn.exe
  2⤵
  PID:8832
- C:\Windows\System\gpnLIsb.exe
  C:\Windows\System\gpnLIsb.exe
  2⤵
  PID:9012
- C:\Windows\System\PYFdxEU.exe
  C:\Windows\System\PYFdxEU.exe
  2⤵
  PID:9164
- C:\Windows\System\TcncGWc.exe
  C:\Windows\System\TcncGWc.exe
  2⤵
  PID:8092
- C:\Windows\System\XtTwEHt.exe
  C:\Windows\System\XtTwEHt.exe
  2⤵
  PID:8536
- C:\Windows\System\tVGTjiF.exe
  C:\Windows\System\tVGTjiF.exe
  2⤵
  PID:8388
- C:\Windows\System\SfXIHLp.exe
  C:\Windows\System\SfXIHLp.exe
  2⤵
  PID:8704
- C:\Windows\System\vUFxHIf.exe
  C:\Windows\System\vUFxHIf.exe
  2⤵
  PID:8428
- C:\Windows\System\ZTmXcAf.exe
  C:\Windows\System\ZTmXcAf.exe
  2⤵
  PID:9072
- C:\Windows\System\oIfqPdU.exe
  C:\Windows\System\oIfqPdU.exe
  2⤵
  PID:9224
- C:\Windows\System\LFxqmoZ.exe
  C:\Windows\System\LFxqmoZ.exe
  2⤵
  PID:9240
- C:\Windows\System\IsOGmTU.exe
  C:\Windows\System\IsOGmTU.exe
  2⤵
  PID:9256
- C:\Windows\System\shawymm.exe
  C:\Windows\System\shawymm.exe
  2⤵
  PID:9272
- C:\Windows\System\JRIoDsD.exe
  C:\Windows\System\JRIoDsD.exe
  2⤵
  PID:9288
- C:\Windows\System\ixxXhWJ.exe
  C:\Windows\System\ixxXhWJ.exe
  2⤵
  PID:9304
- C:\Windows\System\cEjEshT.exe
  C:\Windows\System\cEjEshT.exe
  2⤵
  PID:9320
- C:\Windows\System\xbsKlKg.exe
  C:\Windows\System\xbsKlKg.exe
  2⤵
  PID:9336
- C:\Windows\System\VLlwlZh.exe
  C:\Windows\System\VLlwlZh.exe
  2⤵
  PID:9352
- C:\Windows\System\FzyEEYU.exe
  C:\Windows\System\FzyEEYU.exe
  2⤵
  PID:9368
- C:\Windows\System\RTcFQZS.exe
  C:\Windows\System\RTcFQZS.exe
  2⤵
  PID:9384
- C:\Windows\System\nEGwpqR.exe
  C:\Windows\System\nEGwpqR.exe
  2⤵
  PID:9400
- C:\Windows\System\xqfyNRr.exe
  C:\Windows\System\xqfyNRr.exe
  2⤵
  PID:9420
- C:\Windows\System\LfoCcJh.exe
  C:\Windows\System\LfoCcJh.exe
  2⤵
  PID:9440
- C:\Windows\System\HJLBlpF.exe
  C:\Windows\System\HJLBlpF.exe
  2⤵
  PID:9460
- C:\Windows\System\wenaVVr.exe
  C:\Windows\System\wenaVVr.exe
  2⤵
  PID:9476
- C:\Windows\System\SGVsQGH.exe
  C:\Windows\System\SGVsQGH.exe
  2⤵
  PID:9592
- C:\Windows\System\ZMffNBd.exe
  C:\Windows\System\ZMffNBd.exe
  2⤵
  PID:9612
- C:\Windows\System\PkdSwXz.exe
  C:\Windows\System\PkdSwXz.exe
  2⤵
  PID:9688
- C:\Windows\System\mOMBNTx.exe
  C:\Windows\System\mOMBNTx.exe
  2⤵
  PID:9756
- C:\Windows\System\CYluXVn.exe
  C:\Windows\System\CYluXVn.exe
  2⤵
  PID:9776
- C:\Windows\System\OCVxIge.exe
  C:\Windows\System\OCVxIge.exe
  2⤵
  PID:9804
- C:\Windows\System\hdXVXkn.exe
  C:\Windows\System\hdXVXkn.exe
  2⤵
  PID:9828
- C:\Windows\System\wBxVJDv.exe
  C:\Windows\System\wBxVJDv.exe
  2⤵
  PID:9844
- C:\Windows\System\CNAgUPG.exe
  C:\Windows\System\CNAgUPG.exe
  2⤵
  PID:9860
- C:\Windows\System\iazxRhz.exe
  C:\Windows\System\iazxRhz.exe
  2⤵
  PID:9876
- C:\Windows\System\okeDPJh.exe
  C:\Windows\System\okeDPJh.exe
  2⤵
  PID:9896
- C:\Windows\System\zFpojyc.exe
  C:\Windows\System\zFpojyc.exe
  2⤵
  PID:9912
- C:\Windows\System\xJfOGip.exe
  C:\Windows\System\xJfOGip.exe
  2⤵
  PID:9932
- C:\Windows\System\fswiNWO.exe
  C:\Windows\System\fswiNWO.exe
  2⤵
  PID:9952
- C:\Windows\System\pIdnsKJ.exe
  C:\Windows\System\pIdnsKJ.exe
  2⤵
  PID:9972
- C:\Windows\System\kKkjeVH.exe
  C:\Windows\System\kKkjeVH.exe
  2⤵
  PID:9992
- C:\Windows\System\kjuHdWs.exe
  C:\Windows\System\kjuHdWs.exe
  2⤵
  PID:10032
- C:\Windows\System\YDhxKrp.exe
  C:\Windows\System\YDhxKrp.exe
  2⤵
  PID:10048
- C:\Windows\System\gFVnnvC.exe
  C:\Windows\System\gFVnnvC.exe
  2⤵
  PID:10064
- C:\Windows\System\XRVHDHN.exe
  C:\Windows\System\XRVHDHN.exe
  2⤵
  PID:10088
- C:\Windows\System\fjUEjfB.exe
  C:\Windows\System\fjUEjfB.exe
  2⤵
  PID:10104
- C:\Windows\System\uEdDLhw.exe
  C:\Windows\System\uEdDLhw.exe
  2⤵
  PID:10124
- C:\Windows\System\nMFuiuO.exe
  C:\Windows\System\nMFuiuO.exe
  2⤵
  PID:10140
- C:\Windows\System\WQFLEYh.exe
  C:\Windows\System\WQFLEYh.exe
  2⤵
  PID:10156
- C:\Windows\System\FGsoaax.exe
  C:\Windows\System\FGsoaax.exe
  2⤵
  PID:10184
- C:\Windows\System\NGIVUnu.exe
  C:\Windows\System\NGIVUnu.exe
  2⤵
  PID:10208
- C:\Windows\System\NvKuayC.exe
  C:\Windows\System\NvKuayC.exe
  2⤵
  PID:9160
- C:\Windows\System\UNCqQux.exe
  C:\Windows\System\UNCqQux.exe
  2⤵
  PID:9236
- C:\Windows\System\UKommHD.exe
  C:\Windows\System\UKommHD.exe
  2⤵
  PID:2724
- C:\Windows\System\LSTMCDN.exe
  C:\Windows\System\LSTMCDN.exe
  2⤵
  PID:8216
- C:\Windows\System\nbMaDbb.exe
  C:\Windows\System\nbMaDbb.exe
  2⤵
  PID:9284
- C:\Windows\System\TxshPpJ.exe
  C:\Windows\System\TxshPpJ.exe
  2⤵
  PID:9344
- C:\Windows\System\pvGEvDm.exe
  C:\Windows\System\pvGEvDm.exe
  2⤵
  PID:9220
- C:\Windows\System\ZpiRzht.exe
  C:\Windows\System\ZpiRzht.exe
  2⤵
  PID:9412
- C:\Windows\System\KyyiOGQ.exe
  C:\Windows\System\KyyiOGQ.exe
  2⤵
  PID:9468
- C:\Windows\System\nPaiGng.exe
  C:\Windows\System\nPaiGng.exe
  2⤵
  PID:9488
- C:\Windows\System\RXvRSRe.exe
  C:\Windows\System\RXvRSRe.exe
  2⤵
  PID:9512
- C:\Windows\System\OXiQwBy.exe
  C:\Windows\System\OXiQwBy.exe
  2⤵
  PID:9536
- C:\Windows\System\XbPpmRQ.exe
  C:\Windows\System\XbPpmRQ.exe
  2⤵
  PID:9552
- C:\Windows\System\TpALERi.exe
  C:\Windows\System\TpALERi.exe
  2⤵
  PID:8800
- C:\Windows\System\aUGVfVl.exe
  C:\Windows\System\aUGVfVl.exe
  2⤵
  PID:9588
- C:\Windows\System\uiMiWaw.exe
  C:\Windows\System\uiMiWaw.exe
  2⤵
  PID:9604
- C:\Windows\System\VIihkHw.exe
  C:\Windows\System\VIihkHw.exe
  2⤵
  PID:9672
- C:\Windows\System\gDLYkdy.exe
  C:\Windows\System\gDLYkdy.exe
  2⤵
  PID:9696
- C:\Windows\System\rSsaZqN.exe
  C:\Windows\System\rSsaZqN.exe
  2⤵
  PID:9720
- C:\Windows\System\XYkyums.exe
  C:\Windows\System\XYkyums.exe
  2⤵
  PID:9736
- C:\Windows\System\yfmWJCX.exe
  C:\Windows\System\yfmWJCX.exe
  2⤵
  PID:9752
- C:\Windows\System\eybetYk.exe
  C:\Windows\System\eybetYk.exe
  2⤵
  PID:9784
- C:\Windows\System\UHKmwYW.exe
  C:\Windows\System\UHKmwYW.exe
  2⤵
  PID:9788
- C:\Windows\System\gDCWuPW.exe
  C:\Windows\System\gDCWuPW.exe
  2⤵
  PID:9840
- C:\Windows\System\IXznJMJ.exe
  C:\Windows\System\IXznJMJ.exe
  2⤵
  PID:9892
- C:\Windows\System\iQkLMKV.exe
  C:\Windows\System\iQkLMKV.exe
  2⤵
  PID:9960
- C:\Windows\System\NzhjZKf.exe
  C:\Windows\System\NzhjZKf.exe
  2⤵
  PID:9968
- C:\Windows\System\ctSYDHg.exe
  C:\Windows\System\ctSYDHg.exe
  2⤵
  PID:9908
- C:\Windows\System\YnasRxl.exe
  C:\Windows\System\YnasRxl.exe
  2⤵
  PID:9944
- C:\Windows\System\kJjpgTf.exe
  C:\Windows\System\kJjpgTf.exe
  2⤵
  PID:10028
- C:\Windows\System\uDhrRWM.exe
  C:\Windows\System\uDhrRWM.exe
  2⤵
  PID:10076
- C:\Windows\System\oRpSmcx.exe
  C:\Windows\System\oRpSmcx.exe
  2⤵
  PID:10136
- C:\Windows\System\iRQNybq.exe
  C:\Windows\System\iRQNybq.exe
  2⤵
  PID:10168
- C:\Windows\System\mDmYLuf.exe
  C:\Windows\System\mDmYLuf.exe
  2⤵
  PID:10192
- C:\Windows\System\uRJnXrg.exe
  C:\Windows\System\uRJnXrg.exe
  2⤵
  PID:9500
- C:\Windows\System\fNAhuFA.exe
  C:\Windows\System\fNAhuFA.exe
  2⤵
  PID:10232
- C:\Windows\System\LvbhBJQ.exe
  C:\Windows\System\LvbhBJQ.exe
  2⤵
  PID:9312
- C:\Windows\System\ohSdPru.exe
  C:\Windows\System\ohSdPru.exe
  2⤵
  PID:9408
- C:\Windows\System\yQBHJlX.exe
  C:\Windows\System\yQBHJlX.exe
  2⤵
  PID:9520
- C:\Windows\System\QmTCEPj.exe
  C:\Windows\System\QmTCEPj.exe
  2⤵
  PID:9448
- C:\Windows\System\ZwNQOFA.exe
  C:\Windows\System\ZwNQOFA.exe
  2⤵
  PID:9548
- C:\Windows\System\winFwbV.exe
  C:\Windows\System\winFwbV.exe
  2⤵
  PID:9584
- C:\Windows\System\uRgQmUY.exe
  C:\Windows\System\uRgQmUY.exe
  2⤵
  PID:9620
- C:\Windows\System\SLwvQIs.exe
  C:\Windows\System\SLwvQIs.exe
  2⤵
  PID:9764
- C:\Windows\System\JOYDeZn.exe
  C:\Windows\System\JOYDeZn.exe
  2⤵
  PID:9796
- C:\Windows\System\cESAtrd.exe
  C:\Windows\System\cESAtrd.exe
  2⤵
  PID:9884
- C:\Windows\System\UobvKdZ.exe
  C:\Windows\System\UobvKdZ.exe
  2⤵
  PID:9904
- C:\Windows\System\jzKCQLb.exe
  C:\Windows\System\jzKCQLb.exe
  2⤵
  PID:10172
- C:\Windows\System\GjwoeqE.exe
  C:\Windows\System\GjwoeqE.exe
  2⤵
  PID:9684
- C:\Windows\System\HtrCjfz.exe
  C:\Windows\System\HtrCjfz.exe
  2⤵
  PID:9772
- C:\Windows\System\PdEkCjF.exe
  C:\Windows\System\PdEkCjF.exe
  2⤵
  PID:9836
- C:\Windows\System\mCVwLUe.exe
  C:\Windows\System\mCVwLUe.exe
  2⤵
  PID:9868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANFOFkc.exe

Filesize
6.0MB

MD5
99075f432a7fc020d2aa7a90b34c512c

SHA1
5af156a471825da321a531a255a640a957eb0090

SHA256
5ad77ef3597eb1096bdfd0aa2cebb5a1b7f650647ad7e66c6ee5532e57c6d07c

SHA512
fe6f56463d76414de57303c83be3789873552a711342425c30a7f89c6690d0ab5f8f5ee399ed7a54b2fdd43ae9341687962899c39bf447db204cdb25c9dfe807

Download Submit
C:\Windows\system\AhPbQoc.exe

Filesize
6.0MB

MD5
02a772bffc4b6fb00439a804ceb21c3b

SHA1
8f37e7288508e31bb9b95a34dc02618d33c0237a

SHA256
0911687a09f6769b9cfe285fcc23b34502406b56845c2c7234d2597c6b8abe49

SHA512
f232a134e2c0275ce174a6f5c7b922d992f7663225f6f3784bef6a09d02cbed583955af681ec6d73cda594b3711945bbdcac90aa959681a1f38dfa7de4a4eb7c

Download Submit
C:\Windows\system\CjOFqLH.exe

Filesize
6.0MB

MD5
6edff472ed83c0123b702c3a44828167

SHA1
03ae50df166174f1653740ed5a7542eec7586810

SHA256
bc194a1a8bc70a269f6f05da9fb9bb12fafdeb09a3e00a42a8e41f019cd832fe

SHA512
2e8500ca197f51230a239a21d3678d8bea631940ccd154a75e6403bff2f8f1fbfe45f022bcb659943ea5889e62543dda6cfb73d76bcae5d7497762f852e4979a

Download Submit
C:\Windows\system\EUyUzKI.exe

Filesize
6.0MB

MD5
1f404a233e2277301a5459f0ff88fdad

SHA1
e3c18b8d7cd7bcc463206a318d962ecff724d140

SHA256
58ac6e3f4436cc185d4a7f545b3c68e6f36dcdd2be1cd2f9f79014a13d19c9ad

SHA512
42c518c6b0d63d367a1ae88bde0913189ecf7502c6a91ecd1f7de8c4075835f0f11e14d569927b521494e738c5556a03ff42e7661c1aa0da18aaf479d8dccaa4

Download Submit
C:\Windows\system\GRxNeJD.exe

Filesize
6.0MB

MD5
2ff65d41d4e17e70199e7ac330025908

SHA1
eb13beafaa5ce28fe2f20592da14d1a28b2c3256

SHA256
700828b55ece208e2a7e04546fceb49988254fc6b40a4b9f96ac873db6ed3271

SHA512
76748bb1b1bf5e9b86a402ff05c439522664ede9116fc5d8a6c84e77c5d9b5938152df5b6941d5313e42cd8942286fbb42aebea30735d1d0bee1fd695fb11a3a

Download Submit
C:\Windows\system\GTcZVFy.exe

Filesize
6.0MB

MD5
7ae11e33fc258f47e5055f193b4856d2

SHA1
408087d0340f81a6aca842b50908d11c1c36fadd

SHA256
e54649ce57b4788f6a9b102769f6f57845934121a0debd7a332436cbfdfeb1d9

SHA512
f07fd5040f884b3e0c4d9678d2aa65d03e850e2e793b54d46308f6eb126c5e51cdb5f9f12df3eab8a461a7a3b2b66a0affefba0d6c008c492bf9e902faa2dd8c

Download Submit
C:\Windows\system\MZAWtGY.exe

Filesize
6.0MB

MD5
9fc577f9f31e9fa85ac60dace91a7d66

SHA1
33d7216f4a2ee5af1ec19f2f5b8461b5cf4f4466

SHA256
14e0cb58da2164409382a6c97546425bcf8714258e0b6174bbdcb8092f861ea4

SHA512
e17e3104af93062b165cfc6b1ff3405ac0a55049eb0b2d450a35ec0d9a01f8af67e8ec1f578a0d4deb843202a9690a936589549a4a93bdedbe5f777984bd3040

Download Submit
C:\Windows\system\NJZJdam.exe

Filesize
6.0MB

MD5
f917b8ecd170002da597e114622e8890

SHA1
9034bb1a5a2e9de8f3c7bc9b138ae34f6f31eed9

SHA256
36392fd516de81c76f0bd59b104d03f5f284820a61b6b9ee2d5b518f15e368ad

SHA512
acc44940fc2061dde67deb3755b0978b5ea93f3f257619acd5053ea0a24be0695cb0fcf6e435dc9c11ed6d10d83345aa72b28cfa0cadb78e67e8504857283000

Download Submit
C:\Windows\system\NTZaCyw.exe

Filesize
6.0MB

MD5
e393b20b07361ec37a77ad9d9b003cd6

SHA1
1c83e3d8e13f7af5d8bc5d46b9902a2b24965c7f

SHA256
20d6ab2c127bd08f1c0d4776c59e4b11625e86379b6fa2b4ccb0767520f16090

SHA512
aa0142fbd991e31500ab72f43c009f1598231d81b135f04f450e2109d52f9a7ca2e26f8c3035bd0f1697c7a6f9c25bd02b12c8e755a2ac6fb4ec3330e7b3ff14

Download Submit
C:\Windows\system\PtjeSFy.exe

Filesize
6.0MB

MD5
09e4861db99c54916177998e8f31468c

SHA1
a9a92f8557c5e07062223beb8b8c39592fee31be

SHA256
152eb3cbef7bfb649fca5b7110bcc8f3e17afd7e00c89d9a774be3ff09865016

SHA512
66ef82245b08eaa12fb83871b3fed243a916e2db109e1936f66d14f9b660aa7c670fe52dfee2984964330a1ca763155134ae8e4d9c554ded455e5f9b3631a941

Download Submit
C:\Windows\system\RabxZOn.exe

Filesize
6.0MB

MD5
29ea5adc80eceebb77cee78691f8ce81

SHA1
b385b1432e1e6ecd4e5c8008d64fba572758572b

SHA256
f48561fc0cda9d950edf311c5fd51dcb93376ff6b6cec0790858fe012a9c8fc9

SHA512
7dd9eda4a83aa9ffb4d5e571ffbf28a1a42ef237700586df35269a1eeeede6d9e4ef6bb74381f919e3d5faef5d27ed8a300bc1a672eae698b5e258094327ddff

Download Submit
C:\Windows\system\SdlwQvq.exe

Filesize
6.0MB

MD5
9c5e5678b0f1a621d81e5e8064b4cebf

SHA1
2a6b4a5791e999eb0331b351132fadbf8264b873

SHA256
5ffe41e55e0a29b20f24b57f987e9942797b05944208d311b787ac52071aa488

SHA512
b6399cd04f38d1df013ad10eea703c8ab56532c31bb2b11f1379a36a71da2c4a9e5c800f987ac8fd5a49038b74eee740affd9c075d497722bb7dc61304403671

Download Submit
C:\Windows\system\XyJiMEt.exe

Filesize
6.0MB

MD5
95facf84c8ffca9c66112c94139d14e6

SHA1
ea551e368eddc5ed91b140419e2f86147fab4bc0

SHA256
f3e415241b723ca91c488f9af47244a20009f558f4ccdc7c938a65b2a72d6e85

SHA512
fec84c00df0831753762cbafe93708c681cbbd05ea96eb49bdfdf07fa9e334d9769c216c402569008b121e14762482ba29cfbad10a74e90ea308b8e58d7b5ba5

Download Submit
C:\Windows\system\YyTAtWf.exe

Filesize
6.0MB

MD5
f12a92ac1a4ef246f6abd634b7284934

SHA1
5165be905b7fa0d3afb4092844fd927496bf78f5

SHA256
30ea9e915b5137cb80c8089a8c506f9d4e5db7aa17647b5921bed4b12ab29920

SHA512
47652946cbcebd82f0009a82d3e118b6943fea930c686ecc0e2a2643532e935a2212fe1963d78f90a7c06599c22940fd7cb3d6104d39f68139859c4109acd6aa

Download Submit
C:\Windows\system\dhfAJbF.exe

Filesize
6.0MB

MD5
47bc0a5b7e5e92c570a9de10a271199f

SHA1
20b7a80b8c55b248c6ba2d04aab7d7eea01ce6d3

SHA256
e629a1f73a4ad314b820f491bbe2acf8cab19cd5360c3f33eed5500a11061486

SHA512
501da33e24b17ab28db76a825c6cb8a4ff37fb84dfc5be97e234667bd308bffbb9c238e1e6492fed60d547693e07f58ce0b42811e0ab51046fb9cd6fd1f48ec2

Download Submit
C:\Windows\system\eYFoVXL.exe

Filesize
6.0MB

MD5
aac0cebf85156adebb7b7590c1f5cd84

SHA1
0e479af2fe63b0d2186932bd4e5919dc64ed5e3b

SHA256
68f9edbebb101c35f2d746d2a61189d7e977cf9ee7d19ebdd3bad72a93cb402a

SHA512
51f73b2260c623d43ce80827935f847e17e9bfe0bf42ad25aeb0ec046f8b019fa57c6448c0a339a5f1eafb2934daf565667212e5bef1f148ec59f7bfca1c9a63

Download Submit
C:\Windows\system\eYkdulT.exe

Filesize
6.0MB

MD5
35a48859fdf7bbbd2329862b84a8866a

SHA1
3ac1c261c3bcaeb92dd400043d10a1df35fa7509

SHA256
f8c3469ededd5249f364bfd54fc3d6a05c502d7024582255e23767e62132a91e

SHA512
65ac9b02aad97deb3b799b28b8a16a424eb59cb31aaff7a84045c2d337c55bd9ecaed1d84c5c8444055b2e2f95ccd4af08fc30567b1096477306e82f93ed7338

Download Submit
C:\Windows\system\pVYqwRd.exe

Filesize
6.0MB

MD5
f1920e53e40876e4dbb883fa0c076555

SHA1
88fa3dc480acb6c117743917b90c9761a8d68bf1

SHA256
22b7786fdb2f01b0e140b8521548dabc65d91bb5f86469648fa1e4df40020424

SHA512
0342d317565e3ab73f7d48335561477bc4bc005f7010b529dbc1fbcf1566db8ab0d6686a443e8ec7301bd646f95c4532ff81f2288562d5eb183e800330e8753d

Download Submit
C:\Windows\system\yVVtBOv.exe

Filesize
6.0MB

MD5
b00bd667928abe7bd88ea846f7b75d71

SHA1
7357cc86e2f9bbe64f556c60e8d882ec26e65e59

SHA256
ca4adf1766baf0809072b90bf13b1bef8cf8dd1e6bf45249d304f6ec5b9c8dd8

SHA512
5f8be578e77bf0c427aaca9f97ace751e725da3ef82bdb37a32083df4e4d08fd82b457383d2666592bac5748e1baa3a8242908e5aec595e7d0cc633d6709c34b

Download Submit
C:\Windows\system\ypUxqGq.exe

Filesize
6.0MB

MD5
26e8533fbd5b9c2e73563b5c296f9a3a

SHA1
0fc421209f64677f0144e5dbfea8754313153a67

SHA256
37a7b4ab39aa46f605fb7ad9cda17e36bd3e1b63a3e6d610522c027f857ffdcc

SHA512
518d9ac7f4fe64053db5bd896381941ef79b013e0df048088c1780b0e66db301879e4cc11cbb63417247a24f6b45ed0164a7ebe65dfc55f3c0b7706b52933e35

Download Submit
C:\Windows\system\zwlCkvx.exe

Filesize
6.0MB

MD5
54534ae3cbe3708fae60bcd936ed972c

SHA1
83df62f4ada81264d6ff9a4c91756ae59742ba78

SHA256
f25b68567f642092a0a127adb09e08686a0c8479fcb18d13bd016249927f0f47

SHA512
ed975f9344dc1bb78cdf60483408b8fe0ed53de244cfa8742fd99cd0de01816c4611f937ede345c414f838173e157cc530f49e67c8fbf98a328b23aff9a3f241

Download Submit
\Windows\system\BECzCBu.exe

Filesize
6.0MB

MD5
5cf38b5cc9e365bc88bf5b482f51c78c

SHA1
860e99d1ecc4897a252c155f7511004d2e76edad

SHA256
be31d64e28bf60e39d3d3e19f42abd442f2728a3de420c6086bdb8a48570daf3

SHA512
43fcdd255a15f13c2967f777b8005234691ded9b8c33df3153cfc41d319fd2138cec5f7940f640a54b5548063738797a5b8420d96d2cfe747271c30c8dd23362

Download Submit
\Windows\system\Gzmasla.exe

Filesize
6.0MB

MD5
54a3821ef68908e54dac4bd7158ae9ac

SHA1
b7968c5ca801401acc677040474f3d109426112d

SHA256
a1def78617e06f6437d8f87c61f7d4d7dc0f6b13e5d18a60d537d6861077ee15

SHA512
72662447d72e9489fd4d0e2f11b1c4798cbe3bca3b2ed63c036e56732bb321587515a3fa6744d88ef79d2a8786fe3d94842e69e86a50a2828bf652dd6dc55dd3

Download Submit
\Windows\system\IBcpLcg.exe

Filesize
6.0MB

MD5
ae61bbe6b46c13b8702f9ea973c78011

SHA1
939ae29ae263e529f58c48a80c2a6ecfa81ae41a

SHA256
5eec93d94c0fa2917056c83f497f1cf8b2932de01245563658b6a3eef518f8d3

SHA512
0747dada27bb105884dcddc2a805ee8967e5d7bc8148e380e231b1c67b36401ec95fde65f7b7ad479e70b8a4e1846801a625f4747dbf93e59d4ea5d0a90ddba2

Download Submit
\Windows\system\KhXrORo.exe

Filesize
6.0MB

MD5
34a32a69e3c75f70460fb988ce615ab9

SHA1
e7569adb24bfad667b41f221c13bc5ba44e1529d

SHA256
99800f1cfa4bd9172e473b877ab61042eac826962c99eb4ab25c9a32b7307194

SHA512
88a170f3af5c3015e23e75f61e4561157f5a03af97a565827d03af84e0d5044816d3da65e72a9fdc431b3181d1817acf0e84880f01dd425d4eb670c4ee41b64d

Download Submit
\Windows\system\PzVjhiU.exe

Filesize
6.0MB

MD5
02453f2038c9c62e445b9ae1588650c2

SHA1
d9abd856d98a005e1ecd0310a7d389ec69426e81

SHA256
6b790e333cdbdee5e9c770c7df5c5a189dc14a39ce190c500c0c071e74c49d14

SHA512
7e267056da0c23bb535e87a62d232639fcaf12aa0df027b59c1530f03c04bbaada7b15a860706ae99c6aa7b261c7629a399db1d310d8d3bc997f0391920a3dfb

Download Submit
\Windows\system\WbKaMPM.exe

Filesize
6.0MB

MD5
f33246ada2024dc7074ba141a6191995

SHA1
9938812418a3cd938b0bc5966553158e20b3a91d

SHA256
4e213397e6728a8a3967928e87ea93a9923b45b38117932376940a53e12e5eb7

SHA512
4f7191035f8de4c10ab92fe2653e4efcb108872af3fce90b3c301c884179bf55367e97ed54b0d91866eed2aeb1ea0476129494432a7fd8a3ba985d7178e5af08

Download Submit
\Windows\system\fSxvjfv.exe

Filesize
6.0MB

MD5
5b5ae16cfe444cf63e0779e7eddf9164

SHA1
4350c7892a93f63de4179e384df873317f2bac91

SHA256
5650b74eb89e13987f10c2f9da5f9d640b0d410a38ad90ff774230ceb44bf47e

SHA512
c24cfdeb0c35046678c824691b8888c0c238b26e7f3430838595ef615226a51558b97c481dae46f6ecd6a4ce2117c1fa5652dd4394b8517d27ccba0a5b381d96

Download Submit
\Windows\system\jxPCVhR.exe

Filesize
6.0MB

MD5
695488e121f28e0c676cc66356535e29

SHA1
ee44b02f5edffa7c08636f99fdd68f83cf9c7fa6

SHA256
32b3e7ab791cb5383722723667bedc51d23c06c7f2fe1aa24e93e431990d6dab

SHA512
edfb2783b74247973ea6cbef768a864e2c1513e2c68e58944a8b05f8b1b4decfba4a71b720b160f006841aa2feca3f765da00d6505ec8b282afbde7f474f1fec

Download Submit
\Windows\system\miolylA.exe

Filesize
6.0MB

MD5
38dd906347904ab44cc12ec03d04a994

SHA1
f1062072f887aa17f7f00fb1ed94eab5afea7faf

SHA256
ac6854f2af7bbb10b10cfe9d96d3f75c81ce1a4ba2c92a465f5572e266345f23

SHA512
0819510223bbdeb823518c6c7f51b9d960887ee57b93a3b79e1425c409f4016f3a64d007f6fdae5c40bf7bd321b901ca5599d4d5c7416235b09670cea581f20a

Download Submit
\Windows\system\thtIWKT.exe

Filesize
6.0MB

MD5
e86358420481c410eba46dd7c108e496

SHA1
fe82e56bca005a5c273aa16c49d89d321df6bff4

SHA256
4545e91183c30c9ac8eadc5a9238dd8c415f19032aa35b381e20ddf109900f31

SHA512
ae1b2a1b9473fd9702cfaf7ed20334f7ab323df467a182537f15833cb08368e1f1187999c049f12a164fe242aa0cfc22feb5c9b3d1030540056338a5cea8aec9

Download Submit
\Windows\system\xDuWYCY.exe

Filesize
6.0MB

MD5
7a1ed63d88ebbc19c1fd704d31cb8784

SHA1
646c3d02c49899ff0a3ab28f10d6eb373716619e

SHA256
df4da34c1617fef98b1cdb909f495b7f51a567d6ec68481df0684b1385cffe44

SHA512
cfec4d110cd59f783927273012cd7bd70fe3f1048f2a6f170531ca36cbe8c2b3ce32cd17aca0f3472833477a32c0595ed15aa496e0beeb24324d779a46bf92b3

Download Submit
memory/352-3053-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/352-99-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/352-883-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1680-884-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-103-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3233-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-2866-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-21-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2896-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-20-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2284-882-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2284-38-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2284-112-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2284-567-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-784-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-35-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2284-18-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-42-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-50-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-108-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1042-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-60-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-81-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-51-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-106-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-421-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-47-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2284-94-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2284-214-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-46-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-74-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-0-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-66-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-17-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2864-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-22-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2468-82-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3018-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2636-67-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3017-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2636-422-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3036-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-83-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2966-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2895-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-29-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3002-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-61-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2983-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-107-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-53-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2900-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2884-36-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download