cobaltstrike | b3f2e8194d63bb37f2a869485f3e27e2ccb16bc691b42804c0009180013824e6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

51161acdef63bce87e150c26f3df94ad
SHA1

8529accb5e1123e86d4e92ab700d4ede210dcc10
SHA256

b3f2e8194d63bb37f2a869485f3e27e2ccb16bc691b42804c0009180013824e6
SHA512

af656f2cc32c47b799450de05a054e37384a665f6fd43493e428508956f48e19dffa717eef2587ae05fdc3aedd4d6878c994005dcb701087acffa88e211cb70e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012261-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b17-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c81-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf8-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d33-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d11-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d46-48.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-71.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016652-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-93.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016bfc-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x000d000000012261-3.dat	xmrig
behavioral1/memory/2380-6-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2012-9-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0009000000016b17-10.dat	xmrig
behavioral1/memory/2856-16-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c81-21.dat	xmrig
behavioral1/memory/2096-30-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf8-33.dat	xmrig
behavioral1/memory/2164-49-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d33-55.dat	xmrig
behavioral1/memory/2780-58-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2380-56-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2944-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d11-41.dat	xmrig
behavioral1/memory/1884-40-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2148-51-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d46-48.dat	xmrig
behavioral1/files/0x0008000000016d4a-59.dat	xmrig
behavioral1/files/0x00050000000193f8-71.dat	xmrig
behavioral1/files/0x0009000000016652-78.dat	xmrig
behavioral1/memory/2856-75-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2632-83-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2096-82-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2628-73-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2624-64-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2012-68-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-84.dat	xmrig
behavioral1/memory/644-90-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2380-111-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ea-130.dat	xmrig
behavioral1/files/0x00050000000197c1-195.dat	xmrig
behavioral1/memory/2380-783-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2944-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2628-457-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2624-257-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-190.dat	xmrig
behavioral1/files/0x0005000000019624-185.dat	xmrig
behavioral1/files/0x000500000001961f-180.dat	xmrig
behavioral1/files/0x0005000000019589-171.dat	xmrig
behavioral1/files/0x000500000001961b-174.dat	xmrig
behavioral1/files/0x000500000001953a-161.dat	xmrig
behavioral1/files/0x0005000000019503-151.dat	xmrig
behavioral1/files/0x000500000001957c-164.dat	xmrig
behavioral1/files/0x0005000000019515-154.dat	xmrig
behavioral1/files/0x00050000000194f6-140.dat	xmrig
behavioral1/files/0x0005000000019501-144.dat	xmrig
behavioral1/files/0x00050000000194f2-135.dat	xmrig
behavioral1/files/0x00050000000194da-120.dat	xmrig
behavioral1/files/0x00050000000194e2-125.dat	xmrig
behavioral1/memory/1664-103-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-102.dat	xmrig
behavioral1/files/0x00050000000194b4-101.dat	xmrig
behavioral1/memory/1520-114-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-112.dat	xmrig
behavioral1/memory/2780-109-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2380-99-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-93.dat	xmrig
behavioral1/files/0x0008000000016bfc-20.dat	xmrig
behavioral1/memory/2012-3991-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2856-3992-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2096-3994-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1884-3993-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2164-3995-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2012	TnVpsTy.exe
2856	DFnttDS.exe
1884	wXYnmgY.exe
2096	eCljnxd.exe
2164	JzSlBPf.exe
2148	lbMTdky.exe
2944	whHfjEI.exe
2780	HqIBRhZ.exe
2624	hEVVIuw.exe
2628	gqilDwL.exe
2632	iAOSCRZ.exe
644	obfeFBX.exe
1664	nNgdNCX.exe
1520	wfOnrJt.exe
3048	pkCZxrS.exe
1484	HvlVrpL.exe
2432	bNxszIj.exe
1892	jcKWXeN.exe
2648	lBfQkyz.exe
2916	vCGiJQx.exe
1436	yWBCcJh.exe
1284	XOCXnNC.exe
288	XxVhwRm.exe
2212	dSQLqGs.exe
1844	WXHPYVC.exe
2020	xQCEqMt.exe
820	LwOPCDF.exe
2236	QbBCnAd.exe
1064	tmFBSvP.exe
276	qhxLsaO.exe
2568	XWFCADV.exe
2188	zhLxDuY.exe
972	pszrxPt.exe
912	WeJejzw.exe
1212	drJfTZt.exe
1648	SakZtyR.exe
1564	GjWAzUU.exe
1744	qMWCjTg.exe
1708	TfXKqGy.exe
1732	TJxWkKh.exe
968	rKzkUbk.exe
2296	JZBVUHe.exe
3056	sJYvAWg.exe
2924	yMXEoDZ.exe
2504	jGgiGzl.exe
1056	YzBZWCr.exe
2152	aTSmQZL.exe
1536	nLWFydr.exe
2992	KSJYDEc.exe
896	cZdkJqj.exe
2536	yVTyOkZ.exe
2920	hXspneU.exe
1620	BveABvy.exe
2528	RqzlonB.exe
2668	KEtgkQQ.exe
2548	PGmncEp.exe
2716	jBeCZfN.exe
2812	fbDyhUD.exe
2836	PuEijNo.exe
2612	SwiPTGK.exe
2604	IHmzUvF.exe
2588	EjCHnlS.exe
1116	buUmIOV.exe
2676	ShApjFg.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x000d000000012261-3.dat	upx
behavioral1/memory/2012-9-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0009000000016b17-10.dat	upx
behavioral1/memory/2856-16-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000016c81-21.dat	upx
behavioral1/memory/2096-30-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000016cf8-33.dat	upx
behavioral1/memory/2164-49-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0007000000016d33-55.dat	upx
behavioral1/memory/2780-58-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2380-56-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2944-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d11-41.dat	upx
behavioral1/memory/1884-40-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2148-51-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0009000000016d46-48.dat	upx
behavioral1/files/0x0008000000016d4a-59.dat	upx
behavioral1/files/0x00050000000193f8-71.dat	upx
behavioral1/files/0x0009000000016652-78.dat	upx
behavioral1/memory/2856-75-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2632-83-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2096-82-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2628-73-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2624-64-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2012-68-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-84.dat	upx
behavioral1/memory/644-90-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00050000000194ea-130.dat	upx
behavioral1/files/0x00050000000197c1-195.dat	upx
behavioral1/memory/2944-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2628-457-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2624-257-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0005000000019625-190.dat	upx
behavioral1/files/0x0005000000019624-185.dat	upx
behavioral1/files/0x000500000001961f-180.dat	upx
behavioral1/files/0x0005000000019589-171.dat	upx
behavioral1/files/0x000500000001961b-174.dat	upx
behavioral1/files/0x000500000001953a-161.dat	upx
behavioral1/files/0x0005000000019503-151.dat	upx
behavioral1/files/0x000500000001957c-164.dat	upx
behavioral1/files/0x0005000000019515-154.dat	upx
behavioral1/files/0x00050000000194f6-140.dat	upx
behavioral1/files/0x0005000000019501-144.dat	upx
behavioral1/files/0x00050000000194f2-135.dat	upx
behavioral1/files/0x00050000000194da-120.dat	upx
behavioral1/files/0x00050000000194e2-125.dat	upx
behavioral1/memory/1664-103-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-102.dat	upx
behavioral1/files/0x00050000000194b4-101.dat	upx
behavioral1/memory/1520-114-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-112.dat	upx
behavioral1/memory/2780-109-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0005000000019494-93.dat	upx
behavioral1/files/0x0008000000016bfc-20.dat	upx
behavioral1/memory/2012-3991-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2856-3992-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2096-3994-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1884-3993-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2164-3995-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2148-3996-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2944-3997-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2780-3998-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2624-3999-0x000000013F020000-0x000000013F374000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CUuBJoY.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hegjxza.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWfzVbQ.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPGgfTF.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRXpdEe.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZgqHan.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJBxhJC.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJWaEOO.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHvPVsy.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPiAbDr.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgsUaNQ.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOoDQWU.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdHxgTP.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBtuUan.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqilDwL.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSJYDEc.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnIkfDX.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnIuzsb.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvgotUQ.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUfdPAh.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjVOsfA.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HplkILk.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byyGPmc.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShqmdNb.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVItajO.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJxWkKh.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqraOiG.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AonQSst.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkvSOVT.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNlDfYe.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndsvEIc.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muyZoMf.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVrwDTK.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekreiRw.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoQveos.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkjZTdq.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjWAzUU.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIWKtEO.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqsfhvq.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqbhqzF.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRgkYBA.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSVXamM.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNeQizX.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJnVDrf.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfxNcuC.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmlYqcS.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBhcThz.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnVpsTy.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCdAqha.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAifeND.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEEtLyG.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqLguHS.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffKrNEi.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waIiZUM.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmlbRFi.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAPFvrR.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpIezMl.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYHWeOO.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNlPNCY.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXspneU.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrcbtWq.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdaMKna.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPtXWTM.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdhHVzt.exe	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2012	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2012	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2012	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2856	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2856	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2856	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 1884	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 1884	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 1884	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2096	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2096	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2096	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2164	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2164	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2164	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2148	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2148	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2148	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2780	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2780	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2780	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2944	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2944	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2944	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2624	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2624	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2624	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2628	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2628	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2628	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2632	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2632	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2632	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 644	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 644	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 644	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 1664	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1664	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1664	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1520	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1520	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1520	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1484	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1484	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1484	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 3048	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 3048	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 3048	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2432	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2432	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2432	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1892	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1892	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1892	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2648	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2648	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2648	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2916	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 2916	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 2916	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1436	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1436	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1436	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1284	2380	2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_51161acdef63bce87e150c26f3df94ad_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\TnVpsTy.exe
  C:\Windows\System\TnVpsTy.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\DFnttDS.exe
  C:\Windows\System\DFnttDS.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\wXYnmgY.exe
  C:\Windows\System\wXYnmgY.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\eCljnxd.exe
  C:\Windows\System\eCljnxd.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\JzSlBPf.exe
  C:\Windows\System\JzSlBPf.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\lbMTdky.exe
  C:\Windows\System\lbMTdky.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\HqIBRhZ.exe
  C:\Windows\System\HqIBRhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\whHfjEI.exe
  C:\Windows\System\whHfjEI.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\hEVVIuw.exe
  C:\Windows\System\hEVVIuw.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\gqilDwL.exe
  C:\Windows\System\gqilDwL.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\iAOSCRZ.exe
  C:\Windows\System\iAOSCRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\obfeFBX.exe
  C:\Windows\System\obfeFBX.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\nNgdNCX.exe
  C:\Windows\System\nNgdNCX.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\wfOnrJt.exe
  C:\Windows\System\wfOnrJt.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\HvlVrpL.exe
  C:\Windows\System\HvlVrpL.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\pkCZxrS.exe
  C:\Windows\System\pkCZxrS.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\bNxszIj.exe
  C:\Windows\System\bNxszIj.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\jcKWXeN.exe
  C:\Windows\System\jcKWXeN.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\lBfQkyz.exe
  C:\Windows\System\lBfQkyz.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\vCGiJQx.exe
  C:\Windows\System\vCGiJQx.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\yWBCcJh.exe
  C:\Windows\System\yWBCcJh.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\XOCXnNC.exe
  C:\Windows\System\XOCXnNC.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\XxVhwRm.exe
  C:\Windows\System\XxVhwRm.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\dSQLqGs.exe
  C:\Windows\System\dSQLqGs.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\WXHPYVC.exe
  C:\Windows\System\WXHPYVC.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\xQCEqMt.exe
  C:\Windows\System\xQCEqMt.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\LwOPCDF.exe
  C:\Windows\System\LwOPCDF.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\QbBCnAd.exe
  C:\Windows\System\QbBCnAd.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\tmFBSvP.exe
  C:\Windows\System\tmFBSvP.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\qhxLsaO.exe
  C:\Windows\System\qhxLsaO.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\XWFCADV.exe
  C:\Windows\System\XWFCADV.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\zhLxDuY.exe
  C:\Windows\System\zhLxDuY.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\pszrxPt.exe
  C:\Windows\System\pszrxPt.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\WeJejzw.exe
  C:\Windows\System\WeJejzw.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\drJfTZt.exe
  C:\Windows\System\drJfTZt.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\SakZtyR.exe
  C:\Windows\System\SakZtyR.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GjWAzUU.exe
  C:\Windows\System\GjWAzUU.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\qMWCjTg.exe
  C:\Windows\System\qMWCjTg.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\TfXKqGy.exe
  C:\Windows\System\TfXKqGy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\TJxWkKh.exe
  C:\Windows\System\TJxWkKh.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\rKzkUbk.exe
  C:\Windows\System\rKzkUbk.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\JZBVUHe.exe
  C:\Windows\System\JZBVUHe.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\sJYvAWg.exe
  C:\Windows\System\sJYvAWg.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\yMXEoDZ.exe
  C:\Windows\System\yMXEoDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\jGgiGzl.exe
  C:\Windows\System\jGgiGzl.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\YzBZWCr.exe
  C:\Windows\System\YzBZWCr.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\aTSmQZL.exe
  C:\Windows\System\aTSmQZL.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\nLWFydr.exe
  C:\Windows\System\nLWFydr.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\KSJYDEc.exe
  C:\Windows\System\KSJYDEc.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\cZdkJqj.exe
  C:\Windows\System\cZdkJqj.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\yVTyOkZ.exe
  C:\Windows\System\yVTyOkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\hXspneU.exe
  C:\Windows\System\hXspneU.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\BveABvy.exe
  C:\Windows\System\BveABvy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\RqzlonB.exe
  C:\Windows\System\RqzlonB.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\KEtgkQQ.exe
  C:\Windows\System\KEtgkQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\PGmncEp.exe
  C:\Windows\System\PGmncEp.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\jBeCZfN.exe
  C:\Windows\System\jBeCZfN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\fbDyhUD.exe
  C:\Windows\System\fbDyhUD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\PuEijNo.exe
  C:\Windows\System\PuEijNo.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\SwiPTGK.exe
  C:\Windows\System\SwiPTGK.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\IHmzUvF.exe
  C:\Windows\System\IHmzUvF.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\EjCHnlS.exe
  C:\Windows\System\EjCHnlS.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\buUmIOV.exe
  C:\Windows\System\buUmIOV.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\ShApjFg.exe
  C:\Windows\System\ShApjFg.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\uFxrFMP.exe
  C:\Windows\System\uFxrFMP.exe
  2⤵
  PID:2908
- C:\Windows\System\DIWKtEO.exe
  C:\Windows\System\DIWKtEO.exe
  2⤵
  PID:1432
- C:\Windows\System\hgyPIUb.exe
  C:\Windows\System\hgyPIUb.exe
  2⤵
  PID:1896
- C:\Windows\System\yOwfxbU.exe
  C:\Windows\System\yOwfxbU.exe
  2⤵
  PID:2280
- C:\Windows\System\kjUqMRN.exe
  C:\Windows\System\kjUqMRN.exe
  2⤵
  PID:552
- C:\Windows\System\vRBRUCh.exe
  C:\Windows\System\vRBRUCh.exe
  2⤵
  PID:356
- C:\Windows\System\XHNhpml.exe
  C:\Windows\System\XHNhpml.exe
  2⤵
  PID:320
- C:\Windows\System\LgYWNbO.exe
  C:\Windows\System\LgYWNbO.exe
  2⤵
  PID:844
- C:\Windows\System\RhHMjeb.exe
  C:\Windows\System\RhHMjeb.exe
  2⤵
  PID:2572
- C:\Windows\System\RRzdaEA.exe
  C:\Windows\System\RRzdaEA.exe
  2⤵
  PID:1140
- C:\Windows\System\rhtKuaY.exe
  C:\Windows\System\rhtKuaY.exe
  2⤵
  PID:496
- C:\Windows\System\LgfxowE.exe
  C:\Windows\System\LgfxowE.exe
  2⤵
  PID:1632
- C:\Windows\System\CUuBJoY.exe
  C:\Windows\System\CUuBJoY.exe
  2⤵
  PID:1360
- C:\Windows\System\FYxkKkh.exe
  C:\Windows\System\FYxkKkh.exe
  2⤵
  PID:1548
- C:\Windows\System\yNeQizX.exe
  C:\Windows\System\yNeQizX.exe
  2⤵
  PID:1724
- C:\Windows\System\EXCnkZq.exe
  C:\Windows\System\EXCnkZq.exe
  2⤵
  PID:3068
- C:\Windows\System\TQSuwGp.exe
  C:\Windows\System\TQSuwGp.exe
  2⤵
  PID:1756
- C:\Windows\System\yIdrRFk.exe
  C:\Windows\System\yIdrRFk.exe
  2⤵
  PID:1500
- C:\Windows\System\olPeWma.exe
  C:\Windows\System\olPeWma.exe
  2⤵
  PID:1496
- C:\Windows\System\WyYBJWf.exe
  C:\Windows\System\WyYBJWf.exe
  2⤵
  PID:2312
- C:\Windows\System\LSieQAR.exe
  C:\Windows\System\LSieQAR.exe
  2⤵
  PID:2976
- C:\Windows\System\SsVVKrd.exe
  C:\Windows\System\SsVVKrd.exe
  2⤵
  PID:1580
- C:\Windows\System\RYgbfca.exe
  C:\Windows\System\RYgbfca.exe
  2⤵
  PID:1168
- C:\Windows\System\sXkjCfE.exe
  C:\Windows\System\sXkjCfE.exe
  2⤵
  PID:2692
- C:\Windows\System\PpcnMMu.exe
  C:\Windows\System\PpcnMMu.exe
  2⤵
  PID:2704
- C:\Windows\System\iBLOsPV.exe
  C:\Windows\System\iBLOsPV.exe
  2⤵
  PID:2752
- C:\Windows\System\mBOBpoo.exe
  C:\Windows\System\mBOBpoo.exe
  2⤵
  PID:2712
- C:\Windows\System\ZCYFLOG.exe
  C:\Windows\System\ZCYFLOG.exe
  2⤵
  PID:2768
- C:\Windows\System\nDvCsfP.exe
  C:\Windows\System\nDvCsfP.exe
  2⤵
  PID:3008
- C:\Windows\System\mDOJAgb.exe
  C:\Windows\System\mDOJAgb.exe
  2⤵
  PID:2000
- C:\Windows\System\LlvdvOE.exe
  C:\Windows\System\LlvdvOE.exe
  2⤵
  PID:1324
- C:\Windows\System\scCfelp.exe
  C:\Windows\System\scCfelp.exe
  2⤵
  PID:1672
- C:\Windows\System\UJcvwFo.exe
  C:\Windows\System\UJcvwFo.exe
  2⤵
  PID:1320
- C:\Windows\System\HWdOhaK.exe
  C:\Windows\System\HWdOhaK.exe
  2⤵
  PID:1148
- C:\Windows\System\fRpmPcS.exe
  C:\Windows\System\fRpmPcS.exe
  2⤵
  PID:1352
- C:\Windows\System\lakoole.exe
  C:\Windows\System\lakoole.exe
  2⤵
  PID:2972
- C:\Windows\System\nqraOiG.exe
  C:\Windows\System\nqraOiG.exe
  2⤵
  PID:1800
- C:\Windows\System\VeYqDNh.exe
  C:\Windows\System\VeYqDNh.exe
  2⤵
  PID:112
- C:\Windows\System\aSyrRdB.exe
  C:\Windows\System\aSyrRdB.exe
  2⤵
  PID:2080
- C:\Windows\System\gyEUxzu.exe
  C:\Windows\System\gyEUxzu.exe
  2⤵
  PID:1004
- C:\Windows\System\glxbuHK.exe
  C:\Windows\System\glxbuHK.exe
  2⤵
  PID:2356
- C:\Windows\System\lupebUA.exe
  C:\Windows\System\lupebUA.exe
  2⤵
  PID:1040
- C:\Windows\System\BpnsgvE.exe
  C:\Windows\System\BpnsgvE.exe
  2⤵
  PID:1612
- C:\Windows\System\PPTrWhB.exe
  C:\Windows\System\PPTrWhB.exe
  2⤵
  PID:3004
- C:\Windows\System\LjnBhvd.exe
  C:\Windows\System\LjnBhvd.exe
  2⤵
  PID:2584
- C:\Windows\System\MtqHtkX.exe
  C:\Windows\System\MtqHtkX.exe
  2⤵
  PID:2240
- C:\Windows\System\kVErYXc.exe
  C:\Windows\System\kVErYXc.exe
  2⤵
  PID:2904
- C:\Windows\System\oUJosDI.exe
  C:\Windows\System\oUJosDI.exe
  2⤵
  PID:700
- C:\Windows\System\mozdyXi.exe
  C:\Windows\System\mozdyXi.exe
  2⤵
  PID:1292
- C:\Windows\System\tuhdtmk.exe
  C:\Windows\System\tuhdtmk.exe
  2⤵
  PID:484
- C:\Windows\System\xGocmHn.exe
  C:\Windows\System\xGocmHn.exe
  2⤵
  PID:1356
- C:\Windows\System\seLiXNX.exe
  C:\Windows\System\seLiXNX.exe
  2⤵
  PID:1740
- C:\Windows\System\JOGJVim.exe
  C:\Windows\System\JOGJVim.exe
  2⤵
  PID:1052
- C:\Windows\System\hNCpvOa.exe
  C:\Windows\System\hNCpvOa.exe
  2⤵
  PID:2100
- C:\Windows\System\CJHyHps.exe
  C:\Windows\System\CJHyHps.exe
  2⤵
  PID:2184
- C:\Windows\System\vsZWmuI.exe
  C:\Windows\System\vsZWmuI.exe
  2⤵
  PID:2120
- C:\Windows\System\ndpfsdp.exe
  C:\Windows\System\ndpfsdp.exe
  2⤵
  PID:2068
- C:\Windows\System\PmYNXDs.exe
  C:\Windows\System\PmYNXDs.exe
  2⤵
  PID:2400
- C:\Windows\System\UBspmRT.exe
  C:\Windows\System\UBspmRT.exe
  2⤵
  PID:2952
- C:\Windows\System\RQUYebH.exe
  C:\Windows\System\RQUYebH.exe
  2⤵
  PID:2372
- C:\Windows\System\jttXYZE.exe
  C:\Windows\System\jttXYZE.exe
  2⤵
  PID:2552
- C:\Windows\System\WihuiGG.exe
  C:\Windows\System\WihuiGG.exe
  2⤵
  PID:468
- C:\Windows\System\LFDMgqe.exe
  C:\Windows\System\LFDMgqe.exe
  2⤵
  PID:2964
- C:\Windows\System\eXyreEH.exe
  C:\Windows\System\eXyreEH.exe
  2⤵
  PID:2688
- C:\Windows\System\BCDOFGI.exe
  C:\Windows\System\BCDOFGI.exe
  2⤵
  PID:1540
- C:\Windows\System\dowaKJM.exe
  C:\Windows\System\dowaKJM.exe
  2⤵
  PID:1268
- C:\Windows\System\XSbFioX.exe
  C:\Windows\System\XSbFioX.exe
  2⤵
  PID:2044
- C:\Windows\System\BecwKbH.exe
  C:\Windows\System\BecwKbH.exe
  2⤵
  PID:1812
- C:\Windows\System\MQplXbA.exe
  C:\Windows\System\MQplXbA.exe
  2⤵
  PID:1048
- C:\Windows\System\eOUDldI.exe
  C:\Windows\System\eOUDldI.exe
  2⤵
  PID:3076
- C:\Windows\System\QATmOME.exe
  C:\Windows\System\QATmOME.exe
  2⤵
  PID:3100
- C:\Windows\System\xOAsHut.exe
  C:\Windows\System\xOAsHut.exe
  2⤵
  PID:3116
- C:\Windows\System\sFPnhUl.exe
  C:\Windows\System\sFPnhUl.exe
  2⤵
  PID:3140
- C:\Windows\System\VNaclRu.exe
  C:\Windows\System\VNaclRu.exe
  2⤵
  PID:3156
- C:\Windows\System\HxUlqYE.exe
  C:\Windows\System\HxUlqYE.exe
  2⤵
  PID:3176
- C:\Windows\System\qcOIKaw.exe
  C:\Windows\System\qcOIKaw.exe
  2⤵
  PID:3196
- C:\Windows\System\ahnUNWT.exe
  C:\Windows\System\ahnUNWT.exe
  2⤵
  PID:3216
- C:\Windows\System\zchiDyg.exe
  C:\Windows\System\zchiDyg.exe
  2⤵
  PID:3236
- C:\Windows\System\JnYonat.exe
  C:\Windows\System\JnYonat.exe
  2⤵
  PID:3256
- C:\Windows\System\AnZbGzs.exe
  C:\Windows\System\AnZbGzs.exe
  2⤵
  PID:3276
- C:\Windows\System\DOxdAKN.exe
  C:\Windows\System\DOxdAKN.exe
  2⤵
  PID:3300
- C:\Windows\System\PmmUITL.exe
  C:\Windows\System\PmmUITL.exe
  2⤵
  PID:3320
- C:\Windows\System\keKvcGa.exe
  C:\Windows\System\keKvcGa.exe
  2⤵
  PID:3340
- C:\Windows\System\UkYQvaP.exe
  C:\Windows\System\UkYQvaP.exe
  2⤵
  PID:3360
- C:\Windows\System\KryNkyp.exe
  C:\Windows\System\KryNkyp.exe
  2⤵
  PID:3380
- C:\Windows\System\qTJzewv.exe
  C:\Windows\System\qTJzewv.exe
  2⤵
  PID:3396
- C:\Windows\System\MfAtGAu.exe
  C:\Windows\System\MfAtGAu.exe
  2⤵
  PID:3420
- C:\Windows\System\pGcFenG.exe
  C:\Windows\System\pGcFenG.exe
  2⤵
  PID:3440
- C:\Windows\System\lYWESgx.exe
  C:\Windows\System\lYWESgx.exe
  2⤵
  PID:3460
- C:\Windows\System\ijfPOfH.exe
  C:\Windows\System\ijfPOfH.exe
  2⤵
  PID:3480
- C:\Windows\System\muSNVAv.exe
  C:\Windows\System\muSNVAv.exe
  2⤵
  PID:3500
- C:\Windows\System\aMgCdmr.exe
  C:\Windows\System\aMgCdmr.exe
  2⤵
  PID:3520
- C:\Windows\System\HdcNnvQ.exe
  C:\Windows\System\HdcNnvQ.exe
  2⤵
  PID:3544
- C:\Windows\System\GRYsCAf.exe
  C:\Windows\System\GRYsCAf.exe
  2⤵
  PID:3564
- C:\Windows\System\LYvhvzn.exe
  C:\Windows\System\LYvhvzn.exe
  2⤵
  PID:3584
- C:\Windows\System\jhwTmUY.exe
  C:\Windows\System\jhwTmUY.exe
  2⤵
  PID:3604
- C:\Windows\System\XquAVUe.exe
  C:\Windows\System\XquAVUe.exe
  2⤵
  PID:3624
- C:\Windows\System\dDxNfEL.exe
  C:\Windows\System\dDxNfEL.exe
  2⤵
  PID:3644
- C:\Windows\System\qwgDXaB.exe
  C:\Windows\System\qwgDXaB.exe
  2⤵
  PID:3664
- C:\Windows\System\QalPWmn.exe
  C:\Windows\System\QalPWmn.exe
  2⤵
  PID:3684
- C:\Windows\System\idMbtUi.exe
  C:\Windows\System\idMbtUi.exe
  2⤵
  PID:3704
- C:\Windows\System\LrPPVJu.exe
  C:\Windows\System\LrPPVJu.exe
  2⤵
  PID:3724
- C:\Windows\System\sVXUyyg.exe
  C:\Windows\System\sVXUyyg.exe
  2⤵
  PID:3744
- C:\Windows\System\SgJhhfU.exe
  C:\Windows\System\SgJhhfU.exe
  2⤵
  PID:3764
- C:\Windows\System\JPvPLfc.exe
  C:\Windows\System\JPvPLfc.exe
  2⤵
  PID:3784
- C:\Windows\System\PBAHSsr.exe
  C:\Windows\System\PBAHSsr.exe
  2⤵
  PID:3804
- C:\Windows\System\TzGcsER.exe
  C:\Windows\System\TzGcsER.exe
  2⤵
  PID:3824
- C:\Windows\System\otvHTBQ.exe
  C:\Windows\System\otvHTBQ.exe
  2⤵
  PID:3844
- C:\Windows\System\ogiXLva.exe
  C:\Windows\System\ogiXLva.exe
  2⤵
  PID:3864
- C:\Windows\System\sjhFZJZ.exe
  C:\Windows\System\sjhFZJZ.exe
  2⤵
  PID:3884
- C:\Windows\System\bbrlynQ.exe
  C:\Windows\System\bbrlynQ.exe
  2⤵
  PID:3904
- C:\Windows\System\AvImDpW.exe
  C:\Windows\System\AvImDpW.exe
  2⤵
  PID:3924
- C:\Windows\System\iOGuacM.exe
  C:\Windows\System\iOGuacM.exe
  2⤵
  PID:3944
- C:\Windows\System\fdIIJHa.exe
  C:\Windows\System\fdIIJHa.exe
  2⤵
  PID:3964
- C:\Windows\System\jVhkapl.exe
  C:\Windows\System\jVhkapl.exe
  2⤵
  PID:3984
- C:\Windows\System\GIjjeVZ.exe
  C:\Windows\System\GIjjeVZ.exe
  2⤵
  PID:4004
- C:\Windows\System\XiFmZhL.exe
  C:\Windows\System\XiFmZhL.exe
  2⤵
  PID:4028
- C:\Windows\System\JPCSFIK.exe
  C:\Windows\System\JPCSFIK.exe
  2⤵
  PID:4048
- C:\Windows\System\XRCggMX.exe
  C:\Windows\System\XRCggMX.exe
  2⤵
  PID:4068
- C:\Windows\System\RQiAwpY.exe
  C:\Windows\System\RQiAwpY.exe
  2⤵
  PID:4084
- C:\Windows\System\KdawJUn.exe
  C:\Windows\System\KdawJUn.exe
  2⤵
  PID:2880
- C:\Windows\System\aAADpOq.exe
  C:\Windows\System\aAADpOq.exe
  2⤵
  PID:1720
- C:\Windows\System\vFbiNRH.exe
  C:\Windows\System\vFbiNRH.exe
  2⤵
  PID:2896
- C:\Windows\System\QcusneL.exe
  C:\Windows\System\QcusneL.exe
  2⤵
  PID:3136
- C:\Windows\System\QAMicXr.exe
  C:\Windows\System\QAMicXr.exe
  2⤵
  PID:2776
- C:\Windows\System\AWqtHZC.exe
  C:\Windows\System\AWqtHZC.exe
  2⤵
  PID:564
- C:\Windows\System\foDmdcq.exe
  C:\Windows\System\foDmdcq.exe
  2⤵
  PID:3244
- C:\Windows\System\QevRiDW.exe
  C:\Windows\System\QevRiDW.exe
  2⤵
  PID:3152
- C:\Windows\System\VXdePro.exe
  C:\Windows\System\VXdePro.exe
  2⤵
  PID:3292
- C:\Windows\System\MCdAqha.exe
  C:\Windows\System\MCdAqha.exe
  2⤵
  PID:3268
- C:\Windows\System\waIiZUM.exe
  C:\Windows\System\waIiZUM.exe
  2⤵
  PID:3332
- C:\Windows\System\oFdGYRN.exe
  C:\Windows\System\oFdGYRN.exe
  2⤵
  PID:3376
- C:\Windows\System\PPRXqtY.exe
  C:\Windows\System\PPRXqtY.exe
  2⤵
  PID:3352
- C:\Windows\System\VUzuYdm.exe
  C:\Windows\System\VUzuYdm.exe
  2⤵
  PID:3412
- C:\Windows\System\oMicafK.exe
  C:\Windows\System\oMicafK.exe
  2⤵
  PID:3392
- C:\Windows\System\AonQSst.exe
  C:\Windows\System\AonQSst.exe
  2⤵
  PID:3488
- C:\Windows\System\kRUMwEj.exe
  C:\Windows\System\kRUMwEj.exe
  2⤵
  PID:3476
- C:\Windows\System\uGBSpBS.exe
  C:\Windows\System\uGBSpBS.exe
  2⤵
  PID:3512
- C:\Windows\System\ZtBuntN.exe
  C:\Windows\System\ZtBuntN.exe
  2⤵
  PID:3556
- C:\Windows\System\xgpQZgz.exe
  C:\Windows\System\xgpQZgz.exe
  2⤵
  PID:3592
- C:\Windows\System\FYMONMC.exe
  C:\Windows\System\FYMONMC.exe
  2⤵
  PID:3652
- C:\Windows\System\NfKhfRK.exe
  C:\Windows\System\NfKhfRK.exe
  2⤵
  PID:3656
- C:\Windows\System\YVUoKDb.exe
  C:\Windows\System\YVUoKDb.exe
  2⤵
  PID:3696
- C:\Windows\System\nVbKpdq.exe
  C:\Windows\System\nVbKpdq.exe
  2⤵
  PID:3720
- C:\Windows\System\rjBFpkh.exe
  C:\Windows\System\rjBFpkh.exe
  2⤵
  PID:3772
- C:\Windows\System\nODjyBs.exe
  C:\Windows\System\nODjyBs.exe
  2⤵
  PID:3812
- C:\Windows\System\SyVmHeo.exe
  C:\Windows\System\SyVmHeo.exe
  2⤵
  PID:3796
- C:\Windows\System\KnIkfDX.exe
  C:\Windows\System\KnIkfDX.exe
  2⤵
  PID:3836
- C:\Windows\System\vTxboBm.exe
  C:\Windows\System\vTxboBm.exe
  2⤵
  PID:3880
- C:\Windows\System\WBmeACV.exe
  C:\Windows\System\WBmeACV.exe
  2⤵
  PID:3932
- C:\Windows\System\XhtXCCR.exe
  C:\Windows\System\XhtXCCR.exe
  2⤵
  PID:3936
- C:\Windows\System\EiLGnwI.exe
  C:\Windows\System\EiLGnwI.exe
  2⤵
  PID:3976
- C:\Windows\System\uxZaezv.exe
  C:\Windows\System\uxZaezv.exe
  2⤵
  PID:4020
- C:\Windows\System\snnKceq.exe
  C:\Windows\System\snnKceq.exe
  2⤵
  PID:3992
- C:\Windows\System\YOYkAAo.exe
  C:\Windows\System\YOYkAAo.exe
  2⤵
  PID:2620
- C:\Windows\System\fyOTpjT.exe
  C:\Windows\System\fyOTpjT.exe
  2⤵
  PID:4092
- C:\Windows\System\tBYsNim.exe
  C:\Windows\System\tBYsNim.exe
  2⤵
  PID:3088
- C:\Windows\System\KurYmtW.exe
  C:\Windows\System\KurYmtW.exe
  2⤵
  PID:1512
- C:\Windows\System\TvXGyZY.exe
  C:\Windows\System\TvXGyZY.exe
  2⤵
  PID:2608
- C:\Windows\System\UDNpyuo.exe
  C:\Windows\System\UDNpyuo.exe
  2⤵
  PID:1428
- C:\Windows\System\ubJCMxg.exe
  C:\Windows\System\ubJCMxg.exe
  2⤵
  PID:3148
- C:\Windows\System\uSgzqLc.exe
  C:\Windows\System\uSgzqLc.exe
  2⤵
  PID:2816
- C:\Windows\System\EBLIXXY.exe
  C:\Windows\System\EBLIXXY.exe
  2⤵
  PID:3456
- C:\Windows\System\QFOjZhK.exe
  C:\Windows\System\QFOjZhK.exe
  2⤵
  PID:3316
- C:\Windows\System\ILgmcxb.exe
  C:\Windows\System\ILgmcxb.exe
  2⤵
  PID:3468
- C:\Windows\System\ukvIJah.exe
  C:\Windows\System\ukvIJah.exe
  2⤵
  PID:3432
- C:\Windows\System\fbwuYQS.exe
  C:\Windows\System\fbwuYQS.exe
  2⤵
  PID:3508
- C:\Windows\System\fXKNZnO.exe
  C:\Windows\System\fXKNZnO.exe
  2⤵
  PID:3576
- C:\Windows\System\bYSQmKN.exe
  C:\Windows\System\bYSQmKN.exe
  2⤵
  PID:1764
- C:\Windows\System\MNCdNQD.exe
  C:\Windows\System\MNCdNQD.exe
  2⤵
  PID:3680
- C:\Windows\System\UTDPZJr.exe
  C:\Windows\System\UTDPZJr.exe
  2⤵
  PID:3712
- C:\Windows\System\tHxXBTb.exe
  C:\Windows\System\tHxXBTb.exe
  2⤵
  PID:3776
- C:\Windows\System\oUwApCk.exe
  C:\Windows\System\oUwApCk.exe
  2⤵
  PID:3820
- C:\Windows\System\IwkAUGL.exe
  C:\Windows\System\IwkAUGL.exe
  2⤵
  PID:3872
- C:\Windows\System\etfEfBf.exe
  C:\Windows\System\etfEfBf.exe
  2⤵
  PID:3912
- C:\Windows\System\FcuCBfh.exe
  C:\Windows\System\FcuCBfh.exe
  2⤵
  PID:3896
- C:\Windows\System\bPCslaN.exe
  C:\Windows\System\bPCslaN.exe
  2⤵
  PID:3972
- C:\Windows\System\fVfnmDC.exe
  C:\Windows\System\fVfnmDC.exe
  2⤵
  PID:2596
- C:\Windows\System\Gxdbeex.exe
  C:\Windows\System\Gxdbeex.exe
  2⤵
  PID:2016
- C:\Windows\System\gnguMsi.exe
  C:\Windows\System\gnguMsi.exe
  2⤵
  PID:2872
- C:\Windows\System\bQgoNfN.exe
  C:\Windows\System\bQgoNfN.exe
  2⤵
  PID:3188
- C:\Windows\System\IJrXEyR.exe
  C:\Windows\System\IJrXEyR.exe
  2⤵
  PID:3264
- C:\Windows\System\UaqzThu.exe
  C:\Windows\System\UaqzThu.exe
  2⤵
  PID:2760
- C:\Windows\System\RJyAXbR.exe
  C:\Windows\System\RJyAXbR.exe
  2⤵
  PID:2672
- C:\Windows\System\KNXBAld.exe
  C:\Windows\System\KNXBAld.exe
  2⤵
  PID:3580
- C:\Windows\System\TqHHYBW.exe
  C:\Windows\System\TqHHYBW.exe
  2⤵
  PID:2720
- C:\Windows\System\BvlXdVA.exe
  C:\Windows\System\BvlXdVA.exe
  2⤵
  PID:3620
- C:\Windows\System\TkCGuCy.exe
  C:\Windows\System\TkCGuCy.exe
  2⤵
  PID:3752
- C:\Windows\System\blVLJgI.exe
  C:\Windows\System\blVLJgI.exe
  2⤵
  PID:4012
- C:\Windows\System\epEFulI.exe
  C:\Windows\System\epEFulI.exe
  2⤵
  PID:2220
- C:\Windows\System\vewZFzd.exe
  C:\Windows\System\vewZFzd.exe
  2⤵
  PID:2060
- C:\Windows\System\hLYpVVz.exe
  C:\Windows\System\hLYpVVz.exe
  2⤵
  PID:4016
- C:\Windows\System\krBqopS.exe
  C:\Windows\System\krBqopS.exe
  2⤵
  PID:2852
- C:\Windows\System\eCJNLxi.exe
  C:\Windows\System\eCJNLxi.exe
  2⤵
  PID:2644
- C:\Windows\System\fsMFHwG.exe
  C:\Windows\System\fsMFHwG.exe
  2⤵
  PID:3224
- C:\Windows\System\IVcEJVC.exe
  C:\Windows\System\IVcEJVC.exe
  2⤵
  PID:3408
- C:\Windows\System\zrcbtWq.exe
  C:\Windows\System\zrcbtWq.exe
  2⤵
  PID:3232
- C:\Windows\System\DpARRDD.exe
  C:\Windows\System\DpARRDD.exe
  2⤵
  PID:3632
- C:\Windows\System\ddeSAQH.exe
  C:\Windows\System\ddeSAQH.exe
  2⤵
  PID:2740
- C:\Windows\System\KdVHkWP.exe
  C:\Windows\System\KdVHkWP.exe
  2⤵
  PID:2600
- C:\Windows\System\bJGlehD.exe
  C:\Windows\System\bJGlehD.exe
  2⤵
  PID:3172
- C:\Windows\System\JZjSEAK.exe
  C:\Windows\System\JZjSEAK.exe
  2⤵
  PID:3192
- C:\Windows\System\lAOSnSY.exe
  C:\Windows\System\lAOSnSY.exe
  2⤵
  PID:2328
- C:\Windows\System\hcxVnNd.exe
  C:\Windows\System\hcxVnNd.exe
  2⤵
  PID:3816
- C:\Windows\System\GkvSOVT.exe
  C:\Windows\System\GkvSOVT.exe
  2⤵
  PID:4076
- C:\Windows\System\zGwUIZo.exe
  C:\Windows\System\zGwUIZo.exe
  2⤵
  PID:1668
- C:\Windows\System\TKYtHdk.exe
  C:\Windows\System\TKYtHdk.exe
  2⤵
  PID:3328
- C:\Windows\System\bAMcUGm.exe
  C:\Windows\System\bAMcUGm.exe
  2⤵
  PID:3096
- C:\Windows\System\sFtJlHj.exe
  C:\Windows\System\sFtJlHj.exe
  2⤵
  PID:3368
- C:\Windows\System\YTjcRfq.exe
  C:\Windows\System\YTjcRfq.exe
  2⤵
  PID:3916
- C:\Windows\System\DDaEtJW.exe
  C:\Windows\System\DDaEtJW.exe
  2⤵
  PID:4056
- C:\Windows\System\xsqolCO.exe
  C:\Windows\System\xsqolCO.exe
  2⤵
  PID:4104
- C:\Windows\System\vzbDsXx.exe
  C:\Windows\System\vzbDsXx.exe
  2⤵
  PID:4120
- C:\Windows\System\ZLwyhNh.exe
  C:\Windows\System\ZLwyhNh.exe
  2⤵
  PID:4136
- C:\Windows\System\BPzXkRH.exe
  C:\Windows\System\BPzXkRH.exe
  2⤵
  PID:4152
- C:\Windows\System\lklWzkw.exe
  C:\Windows\System\lklWzkw.exe
  2⤵
  PID:4168
- C:\Windows\System\UvFUgKl.exe
  C:\Windows\System\UvFUgKl.exe
  2⤵
  PID:4184
- C:\Windows\System\oNlDfYe.exe
  C:\Windows\System\oNlDfYe.exe
  2⤵
  PID:4200
- C:\Windows\System\hTKScIy.exe
  C:\Windows\System\hTKScIy.exe
  2⤵
  PID:4216
- C:\Windows\System\VIIhbiW.exe
  C:\Windows\System\VIIhbiW.exe
  2⤵
  PID:4232
- C:\Windows\System\KXLQvdd.exe
  C:\Windows\System\KXLQvdd.exe
  2⤵
  PID:4248
- C:\Windows\System\WbbxUAo.exe
  C:\Windows\System\WbbxUAo.exe
  2⤵
  PID:4264
- C:\Windows\System\rddPrpp.exe
  C:\Windows\System\rddPrpp.exe
  2⤵
  PID:4280
- C:\Windows\System\LXRHtkR.exe
  C:\Windows\System\LXRHtkR.exe
  2⤵
  PID:4296
- C:\Windows\System\mXhxKYk.exe
  C:\Windows\System\mXhxKYk.exe
  2⤵
  PID:4312
- C:\Windows\System\VTZfowa.exe
  C:\Windows\System\VTZfowa.exe
  2⤵
  PID:4328
- C:\Windows\System\EDgmoVl.exe
  C:\Windows\System\EDgmoVl.exe
  2⤵
  PID:4344
- C:\Windows\System\LoVAfBB.exe
  C:\Windows\System\LoVAfBB.exe
  2⤵
  PID:4360
- C:\Windows\System\MWDEDSl.exe
  C:\Windows\System\MWDEDSl.exe
  2⤵
  PID:4376
- C:\Windows\System\VJpanBj.exe
  C:\Windows\System\VJpanBj.exe
  2⤵
  PID:4392
- C:\Windows\System\eRXpdEe.exe
  C:\Windows\System\eRXpdEe.exe
  2⤵
  PID:4448
- C:\Windows\System\BVGHqny.exe
  C:\Windows\System\BVGHqny.exe
  2⤵
  PID:4480
- C:\Windows\System\diuBuqR.exe
  C:\Windows\System\diuBuqR.exe
  2⤵
  PID:4500
- C:\Windows\System\ynrnhPc.exe
  C:\Windows\System\ynrnhPc.exe
  2⤵
  PID:4516
- C:\Windows\System\zorMCCm.exe
  C:\Windows\System\zorMCCm.exe
  2⤵
  PID:4544
- C:\Windows\System\HYAsOuh.exe
  C:\Windows\System\HYAsOuh.exe
  2⤵
  PID:4564
- C:\Windows\System\eRhzItT.exe
  C:\Windows\System\eRhzItT.exe
  2⤵
  PID:4584
- C:\Windows\System\oBlwkyQ.exe
  C:\Windows\System\oBlwkyQ.exe
  2⤵
  PID:4600
- C:\Windows\System\tOsjJwF.exe
  C:\Windows\System\tOsjJwF.exe
  2⤵
  PID:4616
- C:\Windows\System\xSjRUEW.exe
  C:\Windows\System\xSjRUEW.exe
  2⤵
  PID:4632
- C:\Windows\System\LAfHaWC.exe
  C:\Windows\System\LAfHaWC.exe
  2⤵
  PID:4648
- C:\Windows\System\enYUqiG.exe
  C:\Windows\System\enYUqiG.exe
  2⤵
  PID:4664
- C:\Windows\System\wTIEDDK.exe
  C:\Windows\System\wTIEDDK.exe
  2⤵
  PID:4680
- C:\Windows\System\XMGQvfW.exe
  C:\Windows\System\XMGQvfW.exe
  2⤵
  PID:4696
- C:\Windows\System\OQOuNYE.exe
  C:\Windows\System\OQOuNYE.exe
  2⤵
  PID:4712
- C:\Windows\System\kXGFeXL.exe
  C:\Windows\System\kXGFeXL.exe
  2⤵
  PID:4728
- C:\Windows\System\gGejRbf.exe
  C:\Windows\System\gGejRbf.exe
  2⤵
  PID:4748
- C:\Windows\System\kPKvttI.exe
  C:\Windows\System\kPKvttI.exe
  2⤵
  PID:4764
- C:\Windows\System\GMqsRnW.exe
  C:\Windows\System\GMqsRnW.exe
  2⤵
  PID:4780
- C:\Windows\System\ivdeavi.exe
  C:\Windows\System\ivdeavi.exe
  2⤵
  PID:4796
- C:\Windows\System\ETualpO.exe
  C:\Windows\System\ETualpO.exe
  2⤵
  PID:4812
- C:\Windows\System\TkkIbLp.exe
  C:\Windows\System\TkkIbLp.exe
  2⤵
  PID:4840
- C:\Windows\System\wnWfdJV.exe
  C:\Windows\System\wnWfdJV.exe
  2⤵
  PID:4860
- C:\Windows\System\Qsrqsne.exe
  C:\Windows\System\Qsrqsne.exe
  2⤵
  PID:4876
- C:\Windows\System\ToqJbDf.exe
  C:\Windows\System\ToqJbDf.exe
  2⤵
  PID:4892
- C:\Windows\System\fWfzVbQ.exe
  C:\Windows\System\fWfzVbQ.exe
  2⤵
  PID:4908
- C:\Windows\System\EzNLqUs.exe
  C:\Windows\System\EzNLqUs.exe
  2⤵
  PID:4924
- C:\Windows\System\mMUBzon.exe
  C:\Windows\System\mMUBzon.exe
  2⤵
  PID:4940
- C:\Windows\System\obLXKjt.exe
  C:\Windows\System\obLXKjt.exe
  2⤵
  PID:4956
- C:\Windows\System\rDPTIea.exe
  C:\Windows\System\rDPTIea.exe
  2⤵
  PID:4972
- C:\Windows\System\KxneRyg.exe
  C:\Windows\System\KxneRyg.exe
  2⤵
  PID:4988
- C:\Windows\System\KBKlkLr.exe
  C:\Windows\System\KBKlkLr.exe
  2⤵
  PID:5004
- C:\Windows\System\SoTVwbH.exe
  C:\Windows\System\SoTVwbH.exe
  2⤵
  PID:5020
- C:\Windows\System\GnzVTMV.exe
  C:\Windows\System\GnzVTMV.exe
  2⤵
  PID:5056
- C:\Windows\System\bElCSYX.exe
  C:\Windows\System\bElCSYX.exe
  2⤵
  PID:5072
- C:\Windows\System\zWsEHMs.exe
  C:\Windows\System\zWsEHMs.exe
  2⤵
  PID:5088
- C:\Windows\System\jAOFUOM.exe
  C:\Windows\System\jAOFUOM.exe
  2⤵
  PID:5104
- C:\Windows\System\wjCGHLa.exe
  C:\Windows\System\wjCGHLa.exe
  2⤵
  PID:1408
- C:\Windows\System\Aeacuix.exe
  C:\Windows\System\Aeacuix.exe
  2⤵
  PID:4116
- C:\Windows\System\qdvwkkJ.exe
  C:\Windows\System\qdvwkkJ.exe
  2⤵
  PID:4180
- C:\Windows\System\irSDPWQ.exe
  C:\Windows\System\irSDPWQ.exe
  2⤵
  PID:4244
- C:\Windows\System\KNZsWbr.exe
  C:\Windows\System\KNZsWbr.exe
  2⤵
  PID:4308
- C:\Windows\System\QGTSTYp.exe
  C:\Windows\System\QGTSTYp.exe
  2⤵
  PID:4372
- C:\Windows\System\IeqRLVJ.exe
  C:\Windows\System\IeqRLVJ.exe
  2⤵
  PID:1984
- C:\Windows\System\VlbFgUC.exe
  C:\Windows\System\VlbFgUC.exe
  2⤵
  PID:4352
- C:\Windows\System\jOZZZnc.exe
  C:\Windows\System\jOZZZnc.exe
  2⤵
  PID:4292
- C:\Windows\System\cWEyAwh.exe
  C:\Windows\System\cWEyAwh.exe
  2⤵
  PID:4228
- C:\Windows\System\VZvaITl.exe
  C:\Windows\System\VZvaITl.exe
  2⤵
  PID:4160
- C:\Windows\System\wxHnRWU.exe
  C:\Windows\System\wxHnRWU.exe
  2⤵
  PID:4164
- C:\Windows\System\FPyUoHR.exe
  C:\Windows\System\FPyUoHR.exe
  2⤵
  PID:4424
- C:\Windows\System\qYiWMgd.exe
  C:\Windows\System\qYiWMgd.exe
  2⤵
  PID:4444
- C:\Windows\System\WgjkpWP.exe
  C:\Windows\System\WgjkpWP.exe
  2⤵
  PID:4492
- C:\Windows\System\TdPewbp.exe
  C:\Windows\System\TdPewbp.exe
  2⤵
  PID:4532
- C:\Windows\System\qNwzvGM.exe
  C:\Windows\System\qNwzvGM.exe
  2⤵
  PID:4580
- C:\Windows\System\YKGfyMl.exe
  C:\Windows\System\YKGfyMl.exe
  2⤵
  PID:4608
- C:\Windows\System\yUpasJS.exe
  C:\Windows\System\yUpasJS.exe
  2⤵
  PID:4512
- C:\Windows\System\XjEVaKc.exe
  C:\Windows\System\XjEVaKc.exe
  2⤵
  PID:4596
- C:\Windows\System\UsUyxOI.exe
  C:\Windows\System\UsUyxOI.exe
  2⤵
  PID:4624
- C:\Windows\System\lHGUhRA.exe
  C:\Windows\System\lHGUhRA.exe
  2⤵
  PID:5096
- C:\Windows\System\mxayTWp.exe
  C:\Windows\System\mxayTWp.exe
  2⤵
  PID:3108
- C:\Windows\System\PHAwgOH.exe
  C:\Windows\System\PHAwgOH.exe
  2⤵
  PID:4212
- C:\Windows\System\vmRpzHO.exe
  C:\Windows\System\vmRpzHO.exe
  2⤵
  PID:4340
- C:\Windows\System\uTFICuo.exe
  C:\Windows\System\uTFICuo.exe
  2⤵
  PID:4304
- C:\Windows\System\QxjkUyF.exe
  C:\Windows\System\QxjkUyF.exe
  2⤵
  PID:2680
- C:\Windows\System\Jfzoode.exe
  C:\Windows\System\Jfzoode.exe
  2⤵
  PID:4256
- C:\Windows\System\ScUQzLH.exe
  C:\Windows\System\ScUQzLH.exe
  2⤵
  PID:4428
- C:\Windows\System\HPkLFYI.exe
  C:\Windows\System\HPkLFYI.exe
  2⤵
  PID:1608
- C:\Windows\System\fLcnQyK.exe
  C:\Windows\System\fLcnQyK.exe
  2⤵
  PID:3288
- C:\Windows\System\UbTUDmW.exe
  C:\Windows\System\UbTUDmW.exe
  2⤵
  PID:4540
- C:\Windows\System\AZgONbi.exe
  C:\Windows\System\AZgONbi.exe
  2⤵
  PID:4672
- C:\Windows\System\ugxNuMA.exe
  C:\Windows\System\ugxNuMA.exe
  2⤵
  PID:4660
- C:\Windows\System\AijIrLx.exe
  C:\Windows\System\AijIrLx.exe
  2⤵
  PID:4744
- C:\Windows\System\pXSvxxz.exe
  C:\Windows\System\pXSvxxz.exe
  2⤵
  PID:4848
- C:\Windows\System\fCTPfIH.exe
  C:\Windows\System\fCTPfIH.exe
  2⤵
  PID:4788
- C:\Windows\System\IhymdMV.exe
  C:\Windows\System\IhymdMV.exe
  2⤵
  PID:4948
- C:\Windows\System\GjtzjWY.exe
  C:\Windows\System\GjtzjWY.exe
  2⤵
  PID:4792
- C:\Windows\System\ruqgrso.exe
  C:\Windows\System\ruqgrso.exe
  2⤵
  PID:5016
- C:\Windows\System\WOxocdS.exe
  C:\Windows\System\WOxocdS.exe
  2⤵
  PID:4900
- C:\Windows\System\CRqaJic.exe
  C:\Windows\System\CRqaJic.exe
  2⤵
  PID:4996
- C:\Windows\System\EIaUGlc.exe
  C:\Windows\System\EIaUGlc.exe
  2⤵
  PID:5036
- C:\Windows\System\xFNfYXA.exe
  C:\Windows\System\xFNfYXA.exe
  2⤵
  PID:4556
- C:\Windows\System\sAMVUCv.exe
  C:\Windows\System\sAMVUCv.exe
  2⤵
  PID:4112
- C:\Windows\System\pTKzNgO.exe
  C:\Windows\System\pTKzNgO.exe
  2⤵
  PID:4276
- C:\Windows\System\HZTQYhg.exe
  C:\Windows\System\HZTQYhg.exe
  2⤵
  PID:4576
- C:\Windows\System\CoHjwYG.exe
  C:\Windows\System\CoHjwYG.exe
  2⤵
  PID:4460
- C:\Windows\System\ejCLrbL.exe
  C:\Windows\System\ejCLrbL.exe
  2⤵
  PID:4560
- C:\Windows\System\sMKKimM.exe
  C:\Windows\System\sMKKimM.exe
  2⤵
  PID:4736
- C:\Windows\System\DPTcXKz.exe
  C:\Windows\System\DPTcXKz.exe
  2⤵
  PID:4288
- C:\Windows\System\zOKlbuA.exe
  C:\Windows\System\zOKlbuA.exe
  2⤵
  PID:4804
- C:\Windows\System\PyiMtNX.exe
  C:\Windows\System\PyiMtNX.exe
  2⤵
  PID:2724
- C:\Windows\System\vCbQKBK.exe
  C:\Windows\System\vCbQKBK.exe
  2⤵
  PID:4720
- C:\Windows\System\xzrLcwx.exe
  C:\Windows\System\xzrLcwx.exe
  2⤵
  PID:4872
- C:\Windows\System\fsVcMJa.exe
  C:\Windows\System\fsVcMJa.exe
  2⤵
  PID:4968
- C:\Windows\System\PNwbRVZ.exe
  C:\Windows\System\PNwbRVZ.exe
  2⤵
  PID:5128
- C:\Windows\System\DpQwcTg.exe
  C:\Windows\System\DpQwcTg.exe
  2⤵
  PID:5156
- C:\Windows\System\yxRqZti.exe
  C:\Windows\System\yxRqZti.exe
  2⤵
  PID:5180
- C:\Windows\System\vQGleTD.exe
  C:\Windows\System\vQGleTD.exe
  2⤵
  PID:5196
- C:\Windows\System\UbbttBp.exe
  C:\Windows\System\UbbttBp.exe
  2⤵
  PID:5212
- C:\Windows\System\DbdMEhS.exe
  C:\Windows\System\DbdMEhS.exe
  2⤵
  PID:5232
- C:\Windows\System\PZgqHan.exe
  C:\Windows\System\PZgqHan.exe
  2⤵
  PID:5260
- C:\Windows\System\zyFGhqo.exe
  C:\Windows\System\zyFGhqo.exe
  2⤵
  PID:5276
- C:\Windows\System\UKBwNDj.exe
  C:\Windows\System\UKBwNDj.exe
  2⤵
  PID:5292
- C:\Windows\System\FKXanHg.exe
  C:\Windows\System\FKXanHg.exe
  2⤵
  PID:5308
- C:\Windows\System\kLDUaQk.exe
  C:\Windows\System\kLDUaQk.exe
  2⤵
  PID:5324
- C:\Windows\System\RAxNkLf.exe
  C:\Windows\System\RAxNkLf.exe
  2⤵
  PID:5340
- C:\Windows\System\HkIjBnF.exe
  C:\Windows\System\HkIjBnF.exe
  2⤵
  PID:5376
- C:\Windows\System\NmiLrPe.exe
  C:\Windows\System\NmiLrPe.exe
  2⤵
  PID:5396
- C:\Windows\System\lSMsiyG.exe
  C:\Windows\System\lSMsiyG.exe
  2⤵
  PID:5432
- C:\Windows\System\auzgiza.exe
  C:\Windows\System\auzgiza.exe
  2⤵
  PID:5452
- C:\Windows\System\mTxDEtZ.exe
  C:\Windows\System\mTxDEtZ.exe
  2⤵
  PID:5468
- C:\Windows\System\TSVrVVO.exe
  C:\Windows\System\TSVrVVO.exe
  2⤵
  PID:5488
- C:\Windows\System\WmHbhWA.exe
  C:\Windows\System\WmHbhWA.exe
  2⤵
  PID:5504
- C:\Windows\System\PWzvjBQ.exe
  C:\Windows\System\PWzvjBQ.exe
  2⤵
  PID:5520
- C:\Windows\System\CkqhNiL.exe
  C:\Windows\System\CkqhNiL.exe
  2⤵
  PID:5580
- C:\Windows\System\kZdyjnc.exe
  C:\Windows\System\kZdyjnc.exe
  2⤵
  PID:5612
- C:\Windows\System\iNYrkcd.exe
  C:\Windows\System\iNYrkcd.exe
  2⤵
  PID:5632
- C:\Windows\System\IhmFjKZ.exe
  C:\Windows\System\IhmFjKZ.exe
  2⤵
  PID:5648
- C:\Windows\System\AGJuGsJ.exe
  C:\Windows\System\AGJuGsJ.exe
  2⤵
  PID:5664
- C:\Windows\System\EvTBRHC.exe
  C:\Windows\System\EvTBRHC.exe
  2⤵
  PID:5680
- C:\Windows\System\mgcXLPq.exe
  C:\Windows\System\mgcXLPq.exe
  2⤵
  PID:5700
- C:\Windows\System\sQEwLWD.exe
  C:\Windows\System\sQEwLWD.exe
  2⤵
  PID:5728
- C:\Windows\System\cTORZAr.exe
  C:\Windows\System\cTORZAr.exe
  2⤵
  PID:5744
- C:\Windows\System\lakDKOS.exe
  C:\Windows\System\lakDKOS.exe
  2⤵
  PID:5772
- C:\Windows\System\NdaMKna.exe
  C:\Windows\System\NdaMKna.exe
  2⤵
  PID:5792
- C:\Windows\System\zNUfFea.exe
  C:\Windows\System\zNUfFea.exe
  2⤵
  PID:5820
- C:\Windows\System\nEXDNbv.exe
  C:\Windows\System\nEXDNbv.exe
  2⤵
  PID:5836
- C:\Windows\System\yKqrqLc.exe
  C:\Windows\System\yKqrqLc.exe
  2⤵
  PID:5852
- C:\Windows\System\TljbSwW.exe
  C:\Windows\System\TljbSwW.exe
  2⤵
  PID:5872
- C:\Windows\System\cgAHVZh.exe
  C:\Windows\System\cgAHVZh.exe
  2⤵
  PID:5896
- C:\Windows\System\xUWIrSC.exe
  C:\Windows\System\xUWIrSC.exe
  2⤵
  PID:5912
- C:\Windows\System\tLLOSrP.exe
  C:\Windows\System\tLLOSrP.exe
  2⤵
  PID:5928
- C:\Windows\System\CYjpYtC.exe
  C:\Windows\System\CYjpYtC.exe
  2⤵
  PID:5944
- C:\Windows\System\ssaCjqj.exe
  C:\Windows\System\ssaCjqj.exe
  2⤵
  PID:5964
- C:\Windows\System\mihUSyG.exe
  C:\Windows\System\mihUSyG.exe
  2⤵
  PID:5988
- C:\Windows\System\gcgCpmZ.exe
  C:\Windows\System\gcgCpmZ.exe
  2⤵
  PID:6004
- C:\Windows\System\dedpkiM.exe
  C:\Windows\System\dedpkiM.exe
  2⤵
  PID:6020
- C:\Windows\System\MnRMkgL.exe
  C:\Windows\System\MnRMkgL.exe
  2⤵
  PID:6036
- C:\Windows\System\vfiPqpW.exe
  C:\Windows\System\vfiPqpW.exe
  2⤵
  PID:6076
- C:\Windows\System\wppGanD.exe
  C:\Windows\System\wppGanD.exe
  2⤵
  PID:6092
- C:\Windows\System\lsFakRz.exe
  C:\Windows\System\lsFakRz.exe
  2⤵
  PID:6112
- C:\Windows\System\FronoRE.exe
  C:\Windows\System\FronoRE.exe
  2⤵
  PID:6140
- C:\Windows\System\RLCEcwc.exe
  C:\Windows\System\RLCEcwc.exe
  2⤵
  PID:4688
- C:\Windows\System\FUGNWrW.exe
  C:\Windows\System\FUGNWrW.exe
  2⤵
  PID:1852
- C:\Windows\System\BVmrQZV.exe
  C:\Windows\System\BVmrQZV.exe
  2⤵
  PID:4468
- C:\Windows\System\DgsUaNQ.exe
  C:\Windows\System\DgsUaNQ.exe
  2⤵
  PID:4952
- C:\Windows\System\XdmBHfI.exe
  C:\Windows\System\XdmBHfI.exe
  2⤵
  PID:5144
- C:\Windows\System\JlfPflJ.exe
  C:\Windows\System\JlfPflJ.exe
  2⤵
  PID:4524
- C:\Windows\System\aVrwDTK.exe
  C:\Windows\System\aVrwDTK.exe
  2⤵
  PID:4888
- C:\Windows\System\eMaDEiO.exe
  C:\Windows\System\eMaDEiO.exe
  2⤵
  PID:5124
- C:\Windows\System\mCxykAP.exe
  C:\Windows\System\mCxykAP.exe
  2⤵
  PID:5032
- C:\Windows\System\NZVDrCc.exe
  C:\Windows\System\NZVDrCc.exe
  2⤵
  PID:5228
- C:\Windows\System\VtISUsL.exe
  C:\Windows\System\VtISUsL.exe
  2⤵
  PID:5176
- C:\Windows\System\YfiiBSJ.exe
  C:\Windows\System\YfiiBSJ.exe
  2⤵
  PID:5244
- C:\Windows\System\SkQEJCn.exe
  C:\Windows\System\SkQEJCn.exe
  2⤵
  PID:5288
- C:\Windows\System\TmCWxkG.exe
  C:\Windows\System\TmCWxkG.exe
  2⤵
  PID:5164
- C:\Windows\System\NzAwFmw.exe
  C:\Windows\System\NzAwFmw.exe
  2⤵
  PID:5348
- C:\Windows\System\JauLfYT.exe
  C:\Windows\System\JauLfYT.exe
  2⤵
  PID:5360
- C:\Windows\System\LryjcZA.exe
  C:\Windows\System\LryjcZA.exe
  2⤵
  PID:5408
- C:\Windows\System\OGNwMzN.exe
  C:\Windows\System\OGNwMzN.exe
  2⤵
  PID:5424
- C:\Windows\System\lFxvVss.exe
  C:\Windows\System\lFxvVss.exe
  2⤵
  PID:5416
- C:\Windows\System\UrhBKlB.exe
  C:\Windows\System\UrhBKlB.exe
  2⤵
  PID:5476
- C:\Windows\System\YYDAouu.exe
  C:\Windows\System\YYDAouu.exe
  2⤵
  PID:5460
- C:\Windows\System\PBCnUHH.exe
  C:\Windows\System\PBCnUHH.exe
  2⤵
  PID:5536
- C:\Windows\System\kVPujZv.exe
  C:\Windows\System\kVPujZv.exe
  2⤵
  PID:5548
- C:\Windows\System\GdcWaRe.exe
  C:\Windows\System\GdcWaRe.exe
  2⤵
  PID:5556
- C:\Windows\System\DFBeFUm.exe
  C:\Windows\System\DFBeFUm.exe
  2⤵
  PID:5588
- C:\Windows\System\kvItYXc.exe
  C:\Windows\System\kvItYXc.exe
  2⤵
  PID:5604
- C:\Windows\System\mNpiyVr.exe
  C:\Windows\System\mNpiyVr.exe
  2⤵
  PID:5672
- C:\Windows\System\xMoQkvp.exe
  C:\Windows\System\xMoQkvp.exe
  2⤵
  PID:5676
- C:\Windows\System\mYrolIQ.exe
  C:\Windows\System\mYrolIQ.exe
  2⤵
  PID:5724
- C:\Windows\System\OSOOFPq.exe
  C:\Windows\System\OSOOFPq.exe
  2⤵
  PID:5764
- C:\Windows\System\xwypVGr.exe
  C:\Windows\System\xwypVGr.exe
  2⤵
  PID:5692
- C:\Windows\System\lURSpxA.exe
  C:\Windows\System\lURSpxA.exe
  2⤵
  PID:5800
- C:\Windows\System\hQGJMhl.exe
  C:\Windows\System\hQGJMhl.exe
  2⤵
  PID:5784
- C:\Windows\System\hEUTRiE.exe
  C:\Windows\System\hEUTRiE.exe
  2⤵
  PID:5940
- C:\Windows\System\aCkMUCK.exe
  C:\Windows\System\aCkMUCK.exe
  2⤵
  PID:6000
- C:\Windows\System\jzFlMan.exe
  C:\Windows\System\jzFlMan.exe
  2⤵
  PID:6032
- C:\Windows\System\qvtAWFC.exe
  C:\Windows\System\qvtAWFC.exe
  2⤵
  PID:6016
- C:\Windows\System\StseMzP.exe
  C:\Windows\System\StseMzP.exe
  2⤵
  PID:6056
- C:\Windows\System\EQQUOiA.exe
  C:\Windows\System\EQQUOiA.exe
  2⤵
  PID:6072
- C:\Windows\System\vHNGzwy.exe
  C:\Windows\System\vHNGzwy.exe
  2⤵
  PID:6108
- C:\Windows\System\tyDGqwZ.exe
  C:\Windows\System\tyDGqwZ.exe
  2⤵
  PID:6136
- C:\Windows\System\PCQGLhR.exe
  C:\Windows\System\PCQGLhR.exe
  2⤵
  PID:4536
- C:\Windows\System\bkXCvza.exe
  C:\Windows\System\bkXCvza.exe
  2⤵
  PID:4592
- C:\Windows\System\YeJnmPx.exe
  C:\Windows\System\YeJnmPx.exe
  2⤵
  PID:4832
- C:\Windows\System\dswGZFv.exe
  C:\Windows\System\dswGZFv.exe
  2⤵
  PID:4456
- C:\Windows\System\JdnQGaQ.exe
  C:\Windows\System\JdnQGaQ.exe
  2⤵
  PID:5140
- C:\Windows\System\Lmtwtnw.exe
  C:\Windows\System\Lmtwtnw.exe
  2⤵
  PID:5084
- C:\Windows\System\VoaeSOy.exe
  C:\Windows\System\VoaeSOy.exe
  2⤵
  PID:5272
- C:\Windows\System\fqxxRIj.exe
  C:\Windows\System\fqxxRIj.exe
  2⤵
  PID:5304
- C:\Windows\System\YqeRxKF.exe
  C:\Windows\System\YqeRxKF.exe
  2⤵
  PID:5440
- C:\Windows\System\mtXTash.exe
  C:\Windows\System\mtXTash.exe
  2⤵
  PID:5532
- C:\Windows\System\jBeYwxn.exe
  C:\Windows\System\jBeYwxn.exe
  2⤵
  PID:5624
- C:\Windows\System\SisWwNZ.exe
  C:\Windows\System\SisWwNZ.exe
  2⤵
  PID:5740
- C:\Windows\System\fsetlcw.exe
  C:\Windows\System\fsetlcw.exe
  2⤵
  PID:5384
- C:\Windows\System\PfSPzjC.exe
  C:\Windows\System\PfSPzjC.exe
  2⤵
  PID:5708
- C:\Windows\System\hCfnUBq.exe
  C:\Windows\System\hCfnUBq.exe
  2⤵
  PID:5812
- C:\Windows\System\YTHLlCt.exe
  C:\Windows\System\YTHLlCt.exe
  2⤵
  PID:2376
- C:\Windows\System\ImrhIsk.exe
  C:\Windows\System\ImrhIsk.exe
  2⤵
  PID:5368
- C:\Windows\System\BKZavqG.exe
  C:\Windows\System\BKZavqG.exe
  2⤵
  PID:2840
- C:\Windows\System\TDSJdon.exe
  C:\Windows\System\TDSJdon.exe
  2⤵
  PID:5832
- C:\Windows\System\hCEqJoR.exe
  C:\Windows\System\hCEqJoR.exe
  2⤵
  PID:5864
- C:\Windows\System\hpyKBct.exe
  C:\Windows\System\hpyKBct.exe
  2⤵
  PID:5924
- C:\Windows\System\WLsilrb.exe
  C:\Windows\System\WLsilrb.exe
  2⤵
  PID:5936
- C:\Windows\System\dmYMNFA.exe
  C:\Windows\System\dmYMNFA.exe
  2⤵
  PID:5980
- C:\Windows\System\kXIoRom.exe
  C:\Windows\System\kXIoRom.exe
  2⤵
  PID:5560
- C:\Windows\System\ZEWSKHU.exe
  C:\Windows\System\ZEWSKHU.exe
  2⤵
  PID:4856
- C:\Windows\System\NOoDQWU.exe
  C:\Windows\System\NOoDQWU.exe
  2⤵
  PID:4964
- C:\Windows\System\IPAqBAb.exe
  C:\Windows\System\IPAqBAb.exe
  2⤵
  PID:6128
- C:\Windows\System\vFfMysl.exe
  C:\Windows\System\vFfMysl.exe
  2⤵
  PID:5512
- C:\Windows\System\GLRHypv.exe
  C:\Windows\System\GLRHypv.exe
  2⤵
  PID:5828
- C:\Windows\System\QOrLegG.exe
  C:\Windows\System\QOrLegG.exe
  2⤵
  PID:5868
- C:\Windows\System\scBSBwM.exe
  C:\Windows\System\scBSBwM.exe
  2⤵
  PID:3208
- C:\Windows\System\GsSWAyP.exe
  C:\Windows\System\GsSWAyP.exe
  2⤵
  PID:4808
- C:\Windows\System\ZVbjjip.exe
  C:\Windows\System\ZVbjjip.exe
  2⤵
  PID:5848
- C:\Windows\System\kzigwOD.exe
  C:\Windows\System\kzigwOD.exe
  2⤵
  PID:2316
- C:\Windows\System\AUYfSwo.exe
  C:\Windows\System\AUYfSwo.exe
  2⤵
  PID:6052
- C:\Windows\System\iPtXWTM.exe
  C:\Windows\System\iPtXWTM.exe
  2⤵
  PID:5268
- C:\Windows\System\TxKkicV.exe
  C:\Windows\System\TxKkicV.exe
  2⤵
  PID:5716
- C:\Windows\System\biJniVo.exe
  C:\Windows\System\biJniVo.exe
  2⤵
  PID:5600
- C:\Windows\System\crWRSeW.exe
  C:\Windows\System\crWRSeW.exe
  2⤵
  PID:5420
- C:\Windows\System\vdhHVzt.exe
  C:\Windows\System\vdhHVzt.exe
  2⤵
  PID:2828
- C:\Windows\System\TlpjXWu.exe
  C:\Windows\System\TlpjXWu.exe
  2⤵
  PID:5192
- C:\Windows\System\MBehHdp.exe
  C:\Windows\System\MBehHdp.exe
  2⤵
  PID:6120
- C:\Windows\System\SVqJcVT.exe
  C:\Windows\System\SVqJcVT.exe
  2⤵
  PID:5412
- C:\Windows\System\qrRtniw.exe
  C:\Windows\System\qrRtniw.exe
  2⤵
  PID:5480
- C:\Windows\System\HjwiibM.exe
  C:\Windows\System\HjwiibM.exe
  2⤵
  PID:5920
- C:\Windows\System\AXNMKrk.exe
  C:\Windows\System\AXNMKrk.exe
  2⤵
  PID:5332
- C:\Windows\System\OWlsDsZ.exe
  C:\Windows\System\OWlsDsZ.exe
  2⤵
  PID:6028
- C:\Windows\System\TfhJHbF.exe
  C:\Windows\System\TfhJHbF.exe
  2⤵
  PID:5364
- C:\Windows\System\amwERTV.exe
  C:\Windows\System\amwERTV.exe
  2⤵
  PID:5392
- C:\Windows\System\dbLrQwh.exe
  C:\Windows\System\dbLrQwh.exe
  2⤵
  PID:3036
- C:\Windows\System\MElIyMK.exe
  C:\Windows\System\MElIyMK.exe
  2⤵
  PID:6168
- C:\Windows\System\vCNgMPR.exe
  C:\Windows\System\vCNgMPR.exe
  2⤵
  PID:6212
- C:\Windows\System\buEUFVN.exe
  C:\Windows\System\buEUFVN.exe
  2⤵
  PID:6228
- C:\Windows\System\vgSBcHd.exe
  C:\Windows\System\vgSBcHd.exe
  2⤵
  PID:6248
- C:\Windows\System\urvrMDT.exe
  C:\Windows\System\urvrMDT.exe
  2⤵
  PID:6264
- C:\Windows\System\EEgsHKs.exe
  C:\Windows\System\EEgsHKs.exe
  2⤵
  PID:6280
- C:\Windows\System\VDryWvL.exe
  C:\Windows\System\VDryWvL.exe
  2⤵
  PID:6296
- C:\Windows\System\iTrqVAf.exe
  C:\Windows\System\iTrqVAf.exe
  2⤵
  PID:6312
- C:\Windows\System\yAwTLMm.exe
  C:\Windows\System\yAwTLMm.exe
  2⤵
  PID:6328
- C:\Windows\System\fDkvPoK.exe
  C:\Windows\System\fDkvPoK.exe
  2⤵
  PID:6344
- C:\Windows\System\AhZCOal.exe
  C:\Windows\System\AhZCOal.exe
  2⤵
  PID:6360
- C:\Windows\System\xIblJbJ.exe
  C:\Windows\System\xIblJbJ.exe
  2⤵
  PID:6380
- C:\Windows\System\kTgDkiV.exe
  C:\Windows\System\kTgDkiV.exe
  2⤵
  PID:6396
- C:\Windows\System\PWKKRlF.exe
  C:\Windows\System\PWKKRlF.exe
  2⤵
  PID:6412
- C:\Windows\System\kakNGyw.exe
  C:\Windows\System\kakNGyw.exe
  2⤵
  PID:6428
- C:\Windows\System\IYkNqdl.exe
  C:\Windows\System\IYkNqdl.exe
  2⤵
  PID:6492
- C:\Windows\System\JSvuTZO.exe
  C:\Windows\System\JSvuTZO.exe
  2⤵
  PID:6508
- C:\Windows\System\FWQWOlB.exe
  C:\Windows\System\FWQWOlB.exe
  2⤵
  PID:6524
- C:\Windows\System\hIclUbl.exe
  C:\Windows\System\hIclUbl.exe
  2⤵
  PID:6540
- C:\Windows\System\exjfQLm.exe
  C:\Windows\System\exjfQLm.exe
  2⤵
  PID:6560
- C:\Windows\System\yFAPTmn.exe
  C:\Windows\System\yFAPTmn.exe
  2⤵
  PID:6576
- C:\Windows\System\LoFNTDC.exe
  C:\Windows\System\LoFNTDC.exe
  2⤵
  PID:6592
- C:\Windows\System\gXBFROI.exe
  C:\Windows\System\gXBFROI.exe
  2⤵
  PID:6608
- C:\Windows\System\ywtLpJw.exe
  C:\Windows\System\ywtLpJw.exe
  2⤵
  PID:6624
- C:\Windows\System\rpxtWcs.exe
  C:\Windows\System\rpxtWcs.exe
  2⤵
  PID:6640
- C:\Windows\System\qqsfhvq.exe
  C:\Windows\System\qqsfhvq.exe
  2⤵
  PID:6656
- C:\Windows\System\ZnbALLZ.exe
  C:\Windows\System\ZnbALLZ.exe
  2⤵
  PID:6680
- C:\Windows\System\SYszjpI.exe
  C:\Windows\System\SYszjpI.exe
  2⤵
  PID:6696
- C:\Windows\System\xSYTGoB.exe
  C:\Windows\System\xSYTGoB.exe
  2⤵
  PID:6712
- C:\Windows\System\NbbueTH.exe
  C:\Windows\System\NbbueTH.exe
  2⤵
  PID:6728
- C:\Windows\System\GWsLHiU.exe
  C:\Windows\System\GWsLHiU.exe
  2⤵
  PID:6748
- C:\Windows\System\KdTFsQA.exe
  C:\Windows\System\KdTFsQA.exe
  2⤵
  PID:6768
- C:\Windows\System\nfLfwOi.exe
  C:\Windows\System\nfLfwOi.exe
  2⤵
  PID:6784
- C:\Windows\System\JHhHlsK.exe
  C:\Windows\System\JHhHlsK.exe
  2⤵
  PID:6800
- C:\Windows\System\eBALWbS.exe
  C:\Windows\System\eBALWbS.exe
  2⤵
  PID:6816
- C:\Windows\System\xISyuhE.exe
  C:\Windows\System\xISyuhE.exe
  2⤵
  PID:6832
- C:\Windows\System\nOgcCMK.exe
  C:\Windows\System\nOgcCMK.exe
  2⤵
  PID:6856
- C:\Windows\System\PQuSJyX.exe
  C:\Windows\System\PQuSJyX.exe
  2⤵
  PID:6872
- C:\Windows\System\gvwufME.exe
  C:\Windows\System\gvwufME.exe
  2⤵
  PID:6888
- C:\Windows\System\NaHnqND.exe
  C:\Windows\System\NaHnqND.exe
  2⤵
  PID:6908
- C:\Windows\System\tFNkbNx.exe
  C:\Windows\System\tFNkbNx.exe
  2⤵
  PID:6928
- C:\Windows\System\GGjJtoU.exe
  C:\Windows\System\GGjJtoU.exe
  2⤵
  PID:6948
- C:\Windows\System\KlEkMuE.exe
  C:\Windows\System\KlEkMuE.exe
  2⤵
  PID:6968
- C:\Windows\System\jpdRpdD.exe
  C:\Windows\System\jpdRpdD.exe
  2⤵
  PID:6984
- C:\Windows\System\IiiYZCP.exe
  C:\Windows\System\IiiYZCP.exe
  2⤵
  PID:7056
- C:\Windows\System\xOnDiyG.exe
  C:\Windows\System\xOnDiyG.exe
  2⤵
  PID:7076
- C:\Windows\System\TGxdIxv.exe
  C:\Windows\System\TGxdIxv.exe
  2⤵
  PID:7092
- C:\Windows\System\ucNrizx.exe
  C:\Windows\System\ucNrizx.exe
  2⤵
  PID:7108
- C:\Windows\System\pdHxgTP.exe
  C:\Windows\System\pdHxgTP.exe
  2⤵
  PID:7124
- C:\Windows\System\lwVoaPa.exe
  C:\Windows\System\lwVoaPa.exe
  2⤵
  PID:7152
- C:\Windows\System\DrDEJac.exe
  C:\Windows\System\DrDEJac.exe
  2⤵
  PID:5208
- C:\Windows\System\ohpKjPG.exe
  C:\Windows\System\ohpKjPG.exe
  2⤵
  PID:5768
- C:\Windows\System\WQZNtbi.exe
  C:\Windows\System\WQZNtbi.exe
  2⤵
  PID:2592
- C:\Windows\System\XetBQPS.exe
  C:\Windows\System\XetBQPS.exe
  2⤵
  PID:6100
- C:\Windows\System\LFgRPBt.exe
  C:\Windows\System\LFgRPBt.exe
  2⤵
  PID:6204
- C:\Windows\System\AoUserm.exe
  C:\Windows\System\AoUserm.exe
  2⤵
  PID:4836
- C:\Windows\System\bQTrhOI.exe
  C:\Windows\System\bQTrhOI.exe
  2⤵
  PID:6160
- C:\Windows\System\OzLmuCv.exe
  C:\Windows\System\OzLmuCv.exe
  2⤵
  PID:6276
- C:\Windows\System\fpQvLAl.exe
  C:\Windows\System\fpQvLAl.exe
  2⤵
  PID:6320
- C:\Windows\System\WCnpGtu.exe
  C:\Windows\System\WCnpGtu.exe
  2⤵
  PID:6392
- C:\Windows\System\BNBpwPm.exe
  C:\Windows\System\BNBpwPm.exe
  2⤵
  PID:6452
- C:\Windows\System\vJnVDrf.exe
  C:\Windows\System\vJnVDrf.exe
  2⤵
  PID:6308
- C:\Windows\System\hqzVaGM.exe
  C:\Windows\System\hqzVaGM.exe
  2⤵
  PID:6368
- C:\Windows\System\YIjCApa.exe
  C:\Windows\System\YIjCApa.exe
  2⤵
  PID:6444
- C:\Windows\System\knfQmrr.exe
  C:\Windows\System\knfQmrr.exe
  2⤵
  PID:6480
- C:\Windows\System\vSqvjne.exe
  C:\Windows\System\vSqvjne.exe
  2⤵
  PID:6500
- C:\Windows\System\QJeIsUT.exe
  C:\Windows\System\QJeIsUT.exe
  2⤵
  PID:6652
- C:\Windows\System\XRSoHrR.exe
  C:\Windows\System\XRSoHrR.exe
  2⤵
  PID:6824
- C:\Windows\System\JgNuDsb.exe
  C:\Windows\System\JgNuDsb.exe
  2⤵
  PID:6896
- C:\Windows\System\HpvkUdr.exe
  C:\Windows\System\HpvkUdr.exe
  2⤵
  PID:6944
- C:\Windows\System\nMYTTzX.exe
  C:\Windows\System\nMYTTzX.exe
  2⤵
  PID:6688
- C:\Windows\System\rPSBggj.exe
  C:\Windows\System\rPSBggj.exe
  2⤵
  PID:6764
- C:\Windows\System\ZcohsPb.exe
  C:\Windows\System\ZcohsPb.exe
  2⤵
  PID:6632
- C:\Windows\System\jZlDcyH.exe
  C:\Windows\System\jZlDcyH.exe
  2⤵
  PID:6676
- C:\Windows\System\iwjnjFe.exe
  C:\Windows\System\iwjnjFe.exe
  2⤵
  PID:6740
- C:\Windows\System\PpFDIjG.exe
  C:\Windows\System\PpFDIjG.exe
  2⤵
  PID:7048
- C:\Windows\System\DcVxcsQ.exe
  C:\Windows\System\DcVxcsQ.exe
  2⤵
  PID:6852
- C:\Windows\System\taWTmcv.exe
  C:\Windows\System\taWTmcv.exe
  2⤵
  PID:6920
- C:\Windows\System\bsTfFAh.exe
  C:\Windows\System\bsTfFAh.exe
  2⤵
  PID:7000
- C:\Windows\System\QnWIzYr.exe
  C:\Windows\System\QnWIzYr.exe
  2⤵
  PID:7016
- C:\Windows\System\tXrPTlO.exe
  C:\Windows\System\tXrPTlO.exe
  2⤵
  PID:7032
- C:\Windows\System\fOwwitU.exe
  C:\Windows\System\fOwwitU.exe
  2⤵
  PID:7064
- C:\Windows\System\NCyKUqx.exe
  C:\Windows\System\NCyKUqx.exe
  2⤵
  PID:7088
- C:\Windows\System\cepELrC.exe
  C:\Windows\System\cepELrC.exe
  2⤵
  PID:5640
- C:\Windows\System\IQlbgFG.exe
  C:\Windows\System\IQlbgFG.exe
  2⤵
  PID:6192
- C:\Windows\System\HkpkYPp.exe
  C:\Windows\System\HkpkYPp.exe
  2⤵
  PID:7148
- C:\Windows\System\HjUQNVX.exe
  C:\Windows\System\HjUQNVX.exe
  2⤵
  PID:5172
- C:\Windows\System\xzEgydu.exe
  C:\Windows\System\xzEgydu.exe
  2⤵
  PID:7104
- C:\Windows\System\eNhXhMt.exe
  C:\Windows\System\eNhXhMt.exe
  2⤵
  PID:6236
- C:\Windows\System\LPfuTZz.exe
  C:\Windows\System\LPfuTZz.exe
  2⤵
  PID:6292
- C:\Windows\System\vHJBeLs.exe
  C:\Windows\System\vHJBeLs.exe
  2⤵
  PID:6424
- C:\Windows\System\TylpDvr.exe
  C:\Windows\System\TylpDvr.exe
  2⤵
  PID:6460
- C:\Windows\System\SYMWvae.exe
  C:\Windows\System\SYMWvae.exe
  2⤵
  PID:6516
- C:\Windows\System\zejKqHg.exe
  C:\Windows\System\zejKqHg.exe
  2⤵
  PID:6648
- C:\Windows\System\XHdrSjV.exe
  C:\Windows\System\XHdrSjV.exe
  2⤵
  PID:6220
- C:\Windows\System\XIdToEF.exe
  C:\Windows\System\XIdToEF.exe
  2⤵
  PID:6440
- C:\Windows\System\PWWmdSY.exe
  C:\Windows\System\PWWmdSY.exe
  2⤵
  PID:6488
- C:\Windows\System\gFyTcfE.exe
  C:\Windows\System\gFyTcfE.exe
  2⤵
  PID:6464
- C:\Windows\System\rMXdybu.exe
  C:\Windows\System\rMXdybu.exe
  2⤵
  PID:6620
- C:\Windows\System\qWDAjnW.exe
  C:\Windows\System\qWDAjnW.exe
  2⤵
  PID:6104
- C:\Windows\System\XcWOPwI.exe
  C:\Windows\System\XcWOPwI.exe
  2⤵
  PID:6672
- C:\Windows\System\KfeTTCT.exe
  C:\Windows\System\KfeTTCT.exe
  2⤵
  PID:1860
- C:\Windows\System\NCVIscl.exe
  C:\Windows\System\NCVIscl.exe
  2⤵
  PID:6964
- C:\Windows\System\umrMOJx.exe
  C:\Windows\System\umrMOJx.exe
  2⤵
  PID:7040
- C:\Windows\System\LLQHbnS.exe
  C:\Windows\System\LLQHbnS.exe
  2⤵
  PID:7068
- C:\Windows\System\bBKVkQI.exe
  C:\Windows\System\bBKVkQI.exe
  2⤵
  PID:7120
- C:\Windows\System\yfslsYJ.exe
  C:\Windows\System\yfslsYJ.exe
  2⤵
  PID:5608
- C:\Windows\System\NdbBYVh.exe
  C:\Windows\System\NdbBYVh.exe
  2⤵
  PID:3740
- C:\Windows\System\WODgpkL.exe
  C:\Windows\System\WODgpkL.exe
  2⤵
  PID:5888
- C:\Windows\System\VrygSEc.exe
  C:\Windows\System\VrygSEc.exe
  2⤵
  PID:6180
- C:\Windows\System\fVxyCNe.exe
  C:\Windows\System\fVxyCNe.exe
  2⤵
  PID:6288
- C:\Windows\System\pRibNxG.exe
  C:\Windows\System\pRibNxG.exe
  2⤵
  PID:6336
- C:\Windows\System\iljsoQB.exe
  C:\Windows\System\iljsoQB.exe
  2⤵
  PID:1976
- C:\Windows\System\GbNfKbd.exe
  C:\Windows\System\GbNfKbd.exe
  2⤵
  PID:6588
- C:\Windows\System\vNdoqKx.exe
  C:\Windows\System\vNdoqKx.exe
  2⤵
  PID:2832
- C:\Windows\System\WfcqgVY.exe
  C:\Windows\System\WfcqgVY.exe
  2⤵
  PID:6796
- C:\Windows\System\asYUAEn.exe
  C:\Windows\System\asYUAEn.exe
  2⤵
  PID:6940
- C:\Windows\System\HvWTmQG.exe
  C:\Windows\System\HvWTmQG.exe
  2⤵
  PID:6884
- C:\Windows\System\ArqlzsG.exe
  C:\Windows\System\ArqlzsG.exe
  2⤵
  PID:7044
- C:\Windows\System\besHgvh.exe
  C:\Windows\System\besHgvh.exe
  2⤵
  PID:6996
- C:\Windows\System\kdGRzlQ.exe
  C:\Windows\System\kdGRzlQ.exe
  2⤵
  PID:6916
- C:\Windows\System\JqQkeiv.exe
  C:\Windows\System\JqQkeiv.exe
  2⤵
  PID:7140
- C:\Windows\System\YuwPVgg.exe
  C:\Windows\System\YuwPVgg.exe
  2⤵
  PID:7136
- C:\Windows\System\iXLRGyi.exe
  C:\Windows\System\iXLRGyi.exe
  2⤵
  PID:2256
- C:\Windows\System\KJVFqSv.exe
  C:\Windows\System\KJVFqSv.exe
  2⤵
  PID:6864
- C:\Windows\System\nHapuOI.exe
  C:\Windows\System\nHapuOI.exe
  2⤵
  PID:2868
- C:\Windows\System\jFKJPdL.exe
  C:\Windows\System\jFKJPdL.exe
  2⤵
  PID:6960
- C:\Windows\System\jtYlXwH.exe
  C:\Windows\System\jtYlXwH.exe
  2⤵
  PID:7164
- C:\Windows\System\kTDNgHW.exe
  C:\Windows\System\kTDNgHW.exe
  2⤵
  PID:6352
- C:\Windows\System\Yficreh.exe
  C:\Windows\System\Yficreh.exe
  2⤵
  PID:6708
- C:\Windows\System\JEBUwxZ.exe
  C:\Windows\System\JEBUwxZ.exe
  2⤵
  PID:6584
- C:\Windows\System\dEEtLyG.exe
  C:\Windows\System\dEEtLyG.exe
  2⤵
  PID:6260
- C:\Windows\System\CLFgWOw.exe
  C:\Windows\System\CLFgWOw.exe
  2⤵
  PID:6604
- C:\Windows\System\qkYQbyo.exe
  C:\Windows\System\qkYQbyo.exe
  2⤵
  PID:7024
- C:\Windows\System\fGZXYup.exe
  C:\Windows\System\fGZXYup.exe
  2⤵
  PID:5804
- C:\Windows\System\XmHlpRT.exe
  C:\Windows\System\XmHlpRT.exe
  2⤵
  PID:6476
- C:\Windows\System\pctQHpU.exe
  C:\Windows\System\pctQHpU.exe
  2⤵
  PID:6156
- C:\Windows\System\FNSjBvG.exe
  C:\Windows\System\FNSjBvG.exe
  2⤵
  PID:7180
- C:\Windows\System\dUuVavC.exe
  C:\Windows\System\dUuVavC.exe
  2⤵
  PID:7220
- C:\Windows\System\ABHFHoZ.exe
  C:\Windows\System\ABHFHoZ.exe
  2⤵
  PID:7240
- C:\Windows\System\AqtngVp.exe
  C:\Windows\System\AqtngVp.exe
  2⤵
  PID:7260
- C:\Windows\System\HOnpRxt.exe
  C:\Windows\System\HOnpRxt.exe
  2⤵
  PID:7288
- C:\Windows\System\UwNHZIa.exe
  C:\Windows\System\UwNHZIa.exe
  2⤵
  PID:7308
- C:\Windows\System\ZOVZKBo.exe
  C:\Windows\System\ZOVZKBo.exe
  2⤵
  PID:7328
- C:\Windows\System\CPLYhDq.exe
  C:\Windows\System\CPLYhDq.exe
  2⤵
  PID:7344
- C:\Windows\System\bYPJTJz.exe
  C:\Windows\System\bYPJTJz.exe
  2⤵
  PID:7364
- C:\Windows\System\VsoIqyU.exe
  C:\Windows\System\VsoIqyU.exe
  2⤵
  PID:7380
- C:\Windows\System\sgtgPvf.exe
  C:\Windows\System\sgtgPvf.exe
  2⤵
  PID:7400
- C:\Windows\System\ZolOJEB.exe
  C:\Windows\System\ZolOJEB.exe
  2⤵
  PID:7420
- C:\Windows\System\zNzBOZK.exe
  C:\Windows\System\zNzBOZK.exe
  2⤵
  PID:7436
- C:\Windows\System\LYqJdfc.exe
  C:\Windows\System\LYqJdfc.exe
  2⤵
  PID:7452
- C:\Windows\System\tGsVlxX.exe
  C:\Windows\System\tGsVlxX.exe
  2⤵
  PID:7472
- C:\Windows\System\GVrtDNI.exe
  C:\Windows\System\GVrtDNI.exe
  2⤵
  PID:7496
- C:\Windows\System\rCucAWC.exe
  C:\Windows\System\rCucAWC.exe
  2⤵
  PID:7516
- C:\Windows\System\KKFqUhH.exe
  C:\Windows\System\KKFqUhH.exe
  2⤵
  PID:7532
- C:\Windows\System\WaRargn.exe
  C:\Windows\System\WaRargn.exe
  2⤵
  PID:7556
- C:\Windows\System\GPXfYRg.exe
  C:\Windows\System\GPXfYRg.exe
  2⤵
  PID:7580
- C:\Windows\System\VylDzAd.exe
  C:\Windows\System\VylDzAd.exe
  2⤵
  PID:7604
- C:\Windows\System\BWNGZgD.exe
  C:\Windows\System\BWNGZgD.exe
  2⤵
  PID:7624
- C:\Windows\System\ADwjxlU.exe
  C:\Windows\System\ADwjxlU.exe
  2⤵
  PID:7644
- C:\Windows\System\Ppmdobt.exe
  C:\Windows\System\Ppmdobt.exe
  2⤵
  PID:7660
- C:\Windows\System\UJtOEaj.exe
  C:\Windows\System\UJtOEaj.exe
  2⤵
  PID:7688
- C:\Windows\System\MnbTnds.exe
  C:\Windows\System\MnbTnds.exe
  2⤵
  PID:7708
- C:\Windows\System\ZFzFJcB.exe
  C:\Windows\System\ZFzFJcB.exe
  2⤵
  PID:7728
- C:\Windows\System\GccnUuI.exe
  C:\Windows\System\GccnUuI.exe
  2⤵
  PID:7748
- C:\Windows\System\tfrirwm.exe
  C:\Windows\System\tfrirwm.exe
  2⤵
  PID:7764
- C:\Windows\System\IMVCtnf.exe
  C:\Windows\System\IMVCtnf.exe
  2⤵
  PID:7784
- C:\Windows\System\LdBeRYS.exe
  C:\Windows\System\LdBeRYS.exe
  2⤵
  PID:7804
- C:\Windows\System\chQaGfa.exe
  C:\Windows\System\chQaGfa.exe
  2⤵
  PID:7820
- C:\Windows\System\yFkczjZ.exe
  C:\Windows\System\yFkczjZ.exe
  2⤵
  PID:7836
- C:\Windows\System\DgSrKdw.exe
  C:\Windows\System\DgSrKdw.exe
  2⤵
  PID:7868
- C:\Windows\System\hkkAzuA.exe
  C:\Windows\System\hkkAzuA.exe
  2⤵
  PID:7888
- C:\Windows\System\ekreiRw.exe
  C:\Windows\System\ekreiRw.exe
  2⤵
  PID:7904
- C:\Windows\System\WpKKUvS.exe
  C:\Windows\System\WpKKUvS.exe
  2⤵
  PID:7920
- C:\Windows\System\ttpaXju.exe
  C:\Windows\System\ttpaXju.exe
  2⤵
  PID:7948
- C:\Windows\System\AyUsPgH.exe
  C:\Windows\System\AyUsPgH.exe
  2⤵
  PID:7968
- C:\Windows\System\rhMjXmC.exe
  C:\Windows\System\rhMjXmC.exe
  2⤵
  PID:7984
- C:\Windows\System\tAHKffu.exe
  C:\Windows\System\tAHKffu.exe
  2⤵
  PID:8000
- C:\Windows\System\fHQQxXq.exe
  C:\Windows\System\fHQQxXq.exe
  2⤵
  PID:8020
- C:\Windows\System\PKyqeaM.exe
  C:\Windows\System\PKyqeaM.exe
  2⤵
  PID:8040
- C:\Windows\System\TZFGfFp.exe
  C:\Windows\System\TZFGfFp.exe
  2⤵
  PID:8056
- C:\Windows\System\oXcmtTd.exe
  C:\Windows\System\oXcmtTd.exe
  2⤵
  PID:8072
- C:\Windows\System\ATfgHOn.exe
  C:\Windows\System\ATfgHOn.exe
  2⤵
  PID:8088
- C:\Windows\System\ndsvEIc.exe
  C:\Windows\System\ndsvEIc.exe
  2⤵
  PID:8108
- C:\Windows\System\GHyPUVr.exe
  C:\Windows\System\GHyPUVr.exe
  2⤵
  PID:8132
- C:\Windows\System\ZWkSlyo.exe
  C:\Windows\System\ZWkSlyo.exe
  2⤵
  PID:8148
- C:\Windows\System\ETWdOIm.exe
  C:\Windows\System\ETWdOIm.exe
  2⤵
  PID:8164
- C:\Windows\System\dqLguHS.exe
  C:\Windows\System\dqLguHS.exe
  2⤵
  PID:8184
- C:\Windows\System\EfszLoB.exe
  C:\Windows\System\EfszLoB.exe
  2⤵
  PID:6436
- C:\Windows\System\TknyOFQ.exe
  C:\Windows\System\TknyOFQ.exe
  2⤵
  PID:6552
- C:\Windows\System\eYXXcUM.exe
  C:\Windows\System\eYXXcUM.exe
  2⤵
  PID:6844
- C:\Windows\System\GSqZHga.exe
  C:\Windows\System\GSqZHga.exe
  2⤵
  PID:7192
- C:\Windows\System\QxzSYJx.exe
  C:\Windows\System\QxzSYJx.exe
  2⤵
  PID:7208
- C:\Windows\System\cKJAWwo.exe
  C:\Windows\System\cKJAWwo.exe
  2⤵
  PID:1336
- C:\Windows\System\eTqEDQt.exe
  C:\Windows\System\eTqEDQt.exe
  2⤵
  PID:7256
- C:\Windows\System\mhGWmOk.exe
  C:\Windows\System\mhGWmOk.exe
  2⤵
  PID:3540
- C:\Windows\System\ejgcRKP.exe
  C:\Windows\System\ejgcRKP.exe
  2⤵
  PID:7324
- C:\Windows\System\eIdxAkB.exe
  C:\Windows\System\eIdxAkB.exe
  2⤵
  PID:7408
- C:\Windows\System\dGhVNyz.exe
  C:\Windows\System\dGhVNyz.exe
  2⤵
  PID:7444
- C:\Windows\System\UChhpYt.exe
  C:\Windows\System\UChhpYt.exe
  2⤵
  PID:7484
- C:\Windows\System\xDHsEfE.exe
  C:\Windows\System\xDHsEfE.exe
  2⤵
  PID:7432
- C:\Windows\System\peeFPlx.exe
  C:\Windows\System\peeFPlx.exe
  2⤵
  PID:7460
- C:\Windows\System\LmmAfid.exe
  C:\Windows\System\LmmAfid.exe
  2⤵
  PID:7528
- C:\Windows\System\vqbhqzF.exe
  C:\Windows\System\vqbhqzF.exe
  2⤵
  PID:7568
- C:\Windows\System\IHVbJKG.exe
  C:\Windows\System\IHVbJKG.exe
  2⤵
  PID:7544
- C:\Windows\System\lhKfCHW.exe
  C:\Windows\System\lhKfCHW.exe
  2⤵
  PID:7616
- C:\Windows\System\vduqApl.exe
  C:\Windows\System\vduqApl.exe
  2⤵
  PID:7640
- C:\Windows\System\qstpPDU.exe
  C:\Windows\System\qstpPDU.exe
  2⤵
  PID:7672
- C:\Windows\System\baVBYCs.exe
  C:\Windows\System\baVBYCs.exe
  2⤵
  PID:7592
- C:\Windows\System\BLBxLlM.exe
  C:\Windows\System\BLBxLlM.exe
  2⤵
  PID:448
- C:\Windows\System\OOEXedG.exe
  C:\Windows\System\OOEXedG.exe
  2⤵
  PID:7704
- C:\Windows\System\NItXiqF.exe
  C:\Windows\System\NItXiqF.exe
  2⤵
  PID:7776
- C:\Windows\System\MGwzOTS.exe
  C:\Windows\System\MGwzOTS.exe
  2⤵
  PID:7760
- C:\Windows\System\IFOmfZe.exe
  C:\Windows\System\IFOmfZe.exe
  2⤵
  PID:7860
- C:\Windows\System\OyaZFSu.exe
  C:\Windows\System\OyaZFSu.exe
  2⤵
  PID:2684
- C:\Windows\System\lUFcWsA.exe
  C:\Windows\System\lUFcWsA.exe
  2⤵
  PID:7884
- C:\Windows\System\iwpUvBX.exe
  C:\Windows\System\iwpUvBX.exe
  2⤵
  PID:8008
- C:\Windows\System\Unzlxki.exe
  C:\Windows\System\Unzlxki.exe
  2⤵
  PID:7960
- C:\Windows\System\MBFfLpF.exe
  C:\Windows\System\MBFfLpF.exe
  2⤵
  PID:7992
- C:\Windows\System\frsmAhI.exe
  C:\Windows\System\frsmAhI.exe
  2⤵
  PID:1988
- C:\Windows\System\Ybuqiaz.exe
  C:\Windows\System\Ybuqiaz.exe
  2⤵
  PID:8128
- C:\Windows\System\EtUIHCs.exe
  C:\Windows\System\EtUIHCs.exe
  2⤵
  PID:1804
- C:\Windows\System\SvQUcoC.exe
  C:\Windows\System\SvQUcoC.exe
  2⤵
  PID:8180
- C:\Windows\System\RlpbVAL.exe
  C:\Windows\System\RlpbVAL.exe
  2⤵
  PID:7216
- C:\Windows\System\XfvsNuJ.exe
  C:\Windows\System\XfvsNuJ.exe
  2⤵
  PID:7188
- C:\Windows\System\nLIzHgw.exe
  C:\Windows\System\nLIzHgw.exe
  2⤵
  PID:8100
- C:\Windows\System\eFgqvNb.exe
  C:\Windows\System\eFgqvNb.exe
  2⤵
  PID:8172
- C:\Windows\System\XrKceKW.exe
  C:\Windows\System\XrKceKW.exe
  2⤵
  PID:7296
- C:\Windows\System\ydpzdJZ.exe
  C:\Windows\System\ydpzdJZ.exe
  2⤵
  PID:7300
- C:\Windows\System\VuZlVvg.exe
  C:\Windows\System\VuZlVvg.exe
  2⤵
  PID:3452
- C:\Windows\System\NHxNOOG.exe
  C:\Windows\System\NHxNOOG.exe
  2⤵
  PID:1344
- C:\Windows\System\sgXMRfe.exe
  C:\Windows\System\sgXMRfe.exe
  2⤵
  PID:7356
- C:\Windows\System\aKkeWtx.exe
  C:\Windows\System\aKkeWtx.exe
  2⤵
  PID:7576
- C:\Windows\System\PrilHHD.exe
  C:\Windows\System\PrilHHD.exe
  2⤵
  PID:7588
- C:\Windows\System\TEMOOLL.exe
  C:\Windows\System\TEMOOLL.exe
  2⤵
  PID:7756
- C:\Windows\System\bXQtCtd.exe
  C:\Windows\System\bXQtCtd.exe
  2⤵
  PID:7512
- C:\Windows\System\RfaYOKX.exe
  C:\Windows\System\RfaYOKX.exe
  2⤵
  PID:7508
- C:\Windows\System\yVLQQAG.exe
  C:\Windows\System\yVLQQAG.exe
  2⤵
  PID:7668
- C:\Windows\System\tDYsICM.exe
  C:\Windows\System\tDYsICM.exe
  2⤵
  PID:7896
- C:\Windows\System\LCCtDCj.exe
  C:\Windows\System\LCCtDCj.exe
  2⤵
  PID:7916
- C:\Windows\System\ogePgOe.exe
  C:\Windows\System\ogePgOe.exe
  2⤵
  PID:7932
- C:\Windows\System\WeErAiH.exe
  C:\Windows\System\WeErAiH.exe
  2⤵
  PID:8120
- C:\Windows\System\wENVuiW.exe
  C:\Windows\System\wENVuiW.exe
  2⤵
  PID:316
- C:\Windows\System\WvLYnfA.exe
  C:\Windows\System\WvLYnfA.exe
  2⤵
  PID:8084
- C:\Windows\System\bTujOuo.exe
  C:\Windows\System\bTujOuo.exe
  2⤵
  PID:2824
- C:\Windows\System\QjcFvrf.exe
  C:\Windows\System\QjcFvrf.exe
  2⤵
  PID:8064
- C:\Windows\System\dtwhjtl.exe
  C:\Windows\System\dtwhjtl.exe
  2⤵
  PID:2284
- C:\Windows\System\zfiXCcC.exe
  C:\Windows\System\zfiXCcC.exe
  2⤵
  PID:2884
- C:\Windows\System\IwvrPYV.exe
  C:\Windows\System\IwvrPYV.exe
  2⤵
  PID:7392
- C:\Windows\System\oPHmdJP.exe
  C:\Windows\System\oPHmdJP.exe
  2⤵
  PID:6244
- C:\Windows\System\NjVOsfA.exe
  C:\Windows\System\NjVOsfA.exe
  2⤵
  PID:7272
- C:\Windows\System\dmyFvYw.exe
  C:\Windows\System\dmyFvYw.exe
  2⤵
  PID:7632
- C:\Windows\System\JbKsZFR.exe
  C:\Windows\System\JbKsZFR.exe
  2⤵
  PID:7336
- C:\Windows\System\jYYMxDr.exe
  C:\Windows\System\jYYMxDr.exe
  2⤵
  PID:7524
- C:\Windows\System\oSnIGKR.exe
  C:\Windows\System\oSnIGKR.exe
  2⤵
  PID:7656
- C:\Windows\System\hGFJOhM.exe
  C:\Windows\System\hGFJOhM.exe
  2⤵
  PID:7800
- C:\Windows\System\sYZwScv.exe
  C:\Windows\System\sYZwScv.exe
  2⤵
  PID:2252
- C:\Windows\System\tWLHGyV.exe
  C:\Windows\System\tWLHGyV.exe
  2⤵
  PID:8116
- C:\Windows\System\gJImbEl.exe
  C:\Windows\System\gJImbEl.exe
  2⤵
  PID:6776
- C:\Windows\System\crTYKIb.exe
  C:\Windows\System\crTYKIb.exe
  2⤵
  PID:8080
- C:\Windows\System\rZbfdPq.exe
  C:\Windows\System\rZbfdPq.exe
  2⤵
  PID:7376
- C:\Windows\System\FCMGLwl.exe
  C:\Windows\System\FCMGLwl.exe
  2⤵
  PID:7812
- C:\Windows\System\VkoSmFX.exe
  C:\Windows\System\VkoSmFX.exe
  2⤵
  PID:7416
- C:\Windows\System\tgoRrBn.exe
  C:\Windows\System\tgoRrBn.exe
  2⤵
  PID:7696
- C:\Windows\System\VmXAfkX.exe
  C:\Windows\System\VmXAfkX.exe
  2⤵
  PID:7744
- C:\Windows\System\UBZOcCu.exe
  C:\Windows\System\UBZOcCu.exe
  2⤵
  PID:7844
- C:\Windows\System\etzzXDf.exe
  C:\Windows\System\etzzXDf.exe
  2⤵
  PID:7856
- C:\Windows\System\gozsKzt.exe
  C:\Windows\System\gozsKzt.exe
  2⤵
  PID:2276
- C:\Windows\System\pRPlBrt.exe
  C:\Windows\System\pRPlBrt.exe
  2⤵
  PID:8052
- C:\Windows\System\jfdtdnS.exe
  C:\Windows\System\jfdtdnS.exe
  2⤵
  PID:7636
- C:\Windows\System\cbeUrFZ.exe
  C:\Windows\System\cbeUrFZ.exe
  2⤵
  PID:7200
- C:\Windows\System\ruLrinr.exe
  C:\Windows\System\ruLrinr.exe
  2⤵
  PID:1252
- C:\Windows\System\cWQkWnC.exe
  C:\Windows\System\cWQkWnC.exe
  2⤵
  PID:616
- C:\Windows\System\VwKLgkq.exe
  C:\Windows\System\VwKLgkq.exe
  2⤵
  PID:1532
- C:\Windows\System\eTJuMQU.exe
  C:\Windows\System\eTJuMQU.exe
  2⤵
  PID:7772
- C:\Windows\System\RCwgyBp.exe
  C:\Windows\System\RCwgyBp.exe
  2⤵
  PID:1712
- C:\Windows\System\RVuqYJj.exe
  C:\Windows\System\RVuqYJj.exe
  2⤵
  PID:8208
- C:\Windows\System\wRWHxaG.exe
  C:\Windows\System\wRWHxaG.exe
  2⤵
  PID:8228
- C:\Windows\System\TyaUdbd.exe
  C:\Windows\System\TyaUdbd.exe
  2⤵
  PID:8248
- C:\Windows\System\NmTilUb.exe
  C:\Windows\System\NmTilUb.exe
  2⤵
  PID:8264
- C:\Windows\System\xrRLMCJ.exe
  C:\Windows\System\xrRLMCJ.exe
  2⤵
  PID:8280
- C:\Windows\System\kpUMjhj.exe
  C:\Windows\System\kpUMjhj.exe
  2⤵
  PID:8296
- C:\Windows\System\DXeihaa.exe
  C:\Windows\System\DXeihaa.exe
  2⤵
  PID:8312
- C:\Windows\System\PKPEQdi.exe
  C:\Windows\System\PKPEQdi.exe
  2⤵
  PID:8364
- C:\Windows\System\MqrhwAP.exe
  C:\Windows\System\MqrhwAP.exe
  2⤵
  PID:8380
- C:\Windows\System\mnfScPf.exe
  C:\Windows\System\mnfScPf.exe
  2⤵
  PID:8396
- C:\Windows\System\stCkUga.exe
  C:\Windows\System\stCkUga.exe
  2⤵
  PID:8412
- C:\Windows\System\OfmLCER.exe
  C:\Windows\System\OfmLCER.exe
  2⤵
  PID:8440
- C:\Windows\System\jqZJgqB.exe
  C:\Windows\System\jqZJgqB.exe
  2⤵
  PID:8468
- C:\Windows\System\AaKLPaZ.exe
  C:\Windows\System\AaKLPaZ.exe
  2⤵
  PID:8488
- C:\Windows\System\jLiiNCo.exe
  C:\Windows\System\jLiiNCo.exe
  2⤵
  PID:8508
- C:\Windows\System\eSZSgez.exe
  C:\Windows\System\eSZSgez.exe
  2⤵
  PID:8528
- C:\Windows\System\VYVNjbz.exe
  C:\Windows\System\VYVNjbz.exe
  2⤵
  PID:8552
- C:\Windows\System\oZtNJbW.exe
  C:\Windows\System\oZtNJbW.exe
  2⤵
  PID:8568
- C:\Windows\System\sDcgzFy.exe
  C:\Windows\System\sDcgzFy.exe
  2⤵
  PID:8592
- C:\Windows\System\gLvzMVd.exe
  C:\Windows\System\gLvzMVd.exe
  2⤵
  PID:8608
- C:\Windows\System\EfOfYIU.exe
  C:\Windows\System\EfOfYIU.exe
  2⤵
  PID:8628
- C:\Windows\System\KzuhqhC.exe
  C:\Windows\System\KzuhqhC.exe
  2⤵
  PID:8644
- C:\Windows\System\UNouhCh.exe
  C:\Windows\System\UNouhCh.exe
  2⤵
  PID:8660
- C:\Windows\System\HFHJyNa.exe
  C:\Windows\System\HFHJyNa.exe
  2⤵
  PID:8676
- C:\Windows\System\ZIIcjWG.exe
  C:\Windows\System\ZIIcjWG.exe
  2⤵
  PID:8692
- C:\Windows\System\iWZzOfS.exe
  C:\Windows\System\iWZzOfS.exe
  2⤵
  PID:8708
- C:\Windows\System\AitVSsK.exe
  C:\Windows\System\AitVSsK.exe
  2⤵
  PID:8728
- C:\Windows\System\jCOnCsS.exe
  C:\Windows\System\jCOnCsS.exe
  2⤵
  PID:8772
- C:\Windows\System\JzhfboR.exe
  C:\Windows\System\JzhfboR.exe
  2⤵
  PID:8792
- C:\Windows\System\yFlaBRa.exe
  C:\Windows\System\yFlaBRa.exe
  2⤵
  PID:8808
- C:\Windows\System\EpqjlPp.exe
  C:\Windows\System\EpqjlPp.exe
  2⤵
  PID:8828
- C:\Windows\System\jFnoRPi.exe
  C:\Windows\System\jFnoRPi.exe
  2⤵
  PID:8844
- C:\Windows\System\JHSyqyc.exe
  C:\Windows\System\JHSyqyc.exe
  2⤵
  PID:8860
- C:\Windows\System\dPAxvpo.exe
  C:\Windows\System\dPAxvpo.exe
  2⤵
  PID:8884
- C:\Windows\System\hUzZLml.exe
  C:\Windows\System\hUzZLml.exe
  2⤵
  PID:8904
- C:\Windows\System\LghJaML.exe
  C:\Windows\System\LghJaML.exe
  2⤵
  PID:8924
- C:\Windows\System\GVZKwTi.exe
  C:\Windows\System\GVZKwTi.exe
  2⤵
  PID:8944
- C:\Windows\System\BSlQsry.exe
  C:\Windows\System\BSlQsry.exe
  2⤵
  PID:8960
- C:\Windows\System\KcRxtjs.exe
  C:\Windows\System\KcRxtjs.exe
  2⤵
  PID:8976
- C:\Windows\System\QUEUnwj.exe
  C:\Windows\System\QUEUnwj.exe
  2⤵
  PID:8992
- C:\Windows\System\cQCoLrl.exe
  C:\Windows\System\cQCoLrl.exe
  2⤵
  PID:9008
- C:\Windows\System\khCqOup.exe
  C:\Windows\System\khCqOup.exe
  2⤵
  PID:9032
- C:\Windows\System\YVXIroE.exe
  C:\Windows\System\YVXIroE.exe
  2⤵
  PID:9056
- C:\Windows\System\EWBmqRO.exe
  C:\Windows\System\EWBmqRO.exe
  2⤵
  PID:9096
- C:\Windows\System\IibDLGz.exe
  C:\Windows\System\IibDLGz.exe
  2⤵
  PID:9116
- C:\Windows\System\xYBISYT.exe
  C:\Windows\System\xYBISYT.exe
  2⤵
  PID:9132
- C:\Windows\System\dbHMmWz.exe
  C:\Windows\System\dbHMmWz.exe
  2⤵
  PID:9152
- C:\Windows\System\NHPFhLX.exe
  C:\Windows\System\NHPFhLX.exe
  2⤵
  PID:9172
- C:\Windows\System\rVAtkfr.exe
  C:\Windows\System\rVAtkfr.exe
  2⤵
  PID:9188
- C:\Windows\System\tRgkYBA.exe
  C:\Windows\System\tRgkYBA.exe
  2⤵
  PID:9204
- C:\Windows\System\nIbGXbn.exe
  C:\Windows\System\nIbGXbn.exe
  2⤵
  PID:2192
- C:\Windows\System\argOazQ.exe
  C:\Windows\System\argOazQ.exe
  2⤵
  PID:8256
- C:\Windows\System\sZvhRiR.exe
  C:\Windows\System\sZvhRiR.exe
  2⤵
  PID:1008
- C:\Windows\System\gmLRSCg.exe
  C:\Windows\System\gmLRSCg.exe
  2⤵
  PID:8236
- C:\Windows\System\JjxOshB.exe
  C:\Windows\System\JjxOshB.exe
  2⤵
  PID:8276
- C:\Windows\System\vZBdVaf.exe
  C:\Windows\System\vZBdVaf.exe
  2⤵
  PID:8332
- C:\Windows\System\JQNPSHN.exe
  C:\Windows\System\JQNPSHN.exe
  2⤵
  PID:8352
- C:\Windows\System\SlWVjZx.exe
  C:\Windows\System\SlWVjZx.exe
  2⤵
  PID:8360
- C:\Windows\System\nYtkHRr.exe
  C:\Windows\System\nYtkHRr.exe
  2⤵
  PID:8420
- C:\Windows\System\ZgNtLxe.exe
  C:\Windows\System\ZgNtLxe.exe
  2⤵
  PID:8432
- C:\Windows\System\dYHWeOO.exe
  C:\Windows\System\dYHWeOO.exe
  2⤵
  PID:8460
- C:\Windows\System\ceysxzi.exe
  C:\Windows\System\ceysxzi.exe
  2⤵
  PID:8476
- C:\Windows\System\TocOdmE.exe
  C:\Windows\System\TocOdmE.exe
  2⤵
  PID:8500
- C:\Windows\System\nJuUNXV.exe
  C:\Windows\System\nJuUNXV.exe
  2⤵
  PID:8516
- C:\Windows\System\IOIhBbq.exe
  C:\Windows\System\IOIhBbq.exe
  2⤵
  PID:8540
- C:\Windows\System\ldndiRh.exe
  C:\Windows\System\ldndiRh.exe
  2⤵
  PID:8544
- C:\Windows\System\NcVOZdJ.exe
  C:\Windows\System\NcVOZdJ.exe
  2⤵
  PID:8620
- C:\Windows\System\xvameNm.exe
  C:\Windows\System\xvameNm.exe
  2⤵
  PID:8656
- C:\Windows\System\JSZYUMp.exe
  C:\Windows\System\JSZYUMp.exe
  2⤵
  PID:8688
- C:\Windows\System\SZoCMhR.exe
  C:\Windows\System\SZoCMhR.exe
  2⤵
  PID:8740
- C:\Windows\System\WJpxhBq.exe
  C:\Windows\System\WJpxhBq.exe
  2⤵
  PID:8768
- C:\Windows\System\gvslUhN.exe
  C:\Windows\System\gvslUhN.exe
  2⤵
  PID:8840
- C:\Windows\System\miAGtZQ.exe
  C:\Windows\System\miAGtZQ.exe
  2⤵
  PID:8788
- C:\Windows\System\gRsZolt.exe
  C:\Windows\System\gRsZolt.exe
  2⤵
  PID:8916
- C:\Windows\System\tVTzkUc.exe
  C:\Windows\System\tVTzkUc.exe
  2⤵
  PID:8932
- C:\Windows\System\LJdlier.exe
  C:\Windows\System\LJdlier.exe
  2⤵
  PID:8984
- C:\Windows\System\XzYOaMH.exe
  C:\Windows\System\XzYOaMH.exe
  2⤵
  PID:9000
- C:\Windows\System\eLPVvAr.exe
  C:\Windows\System\eLPVvAr.exe
  2⤵
  PID:9068
- C:\Windows\System\Bduylgk.exe
  C:\Windows\System\Bduylgk.exe
  2⤵
  PID:9004
- C:\Windows\System\YyibWWu.exe
  C:\Windows\System\YyibWWu.exe
  2⤵
  PID:9080
- C:\Windows\System\VcQekZu.exe
  C:\Windows\System\VcQekZu.exe
  2⤵
  PID:760
- C:\Windows\System\wfxNcuC.exe
  C:\Windows\System\wfxNcuC.exe
  2⤵
  PID:9108
- C:\Windows\System\epChRjL.exe
  C:\Windows\System\epChRjL.exe
  2⤵
  PID:9164
- C:\Windows\System\iRnjhob.exe
  C:\Windows\System\iRnjhob.exe
  2⤵
  PID:7680
- C:\Windows\System\yTVARFF.exe
  C:\Windows\System\yTVARFF.exe
  2⤵
  PID:9148
- C:\Windows\System\MgWEycr.exe
  C:\Windows\System\MgWEycr.exe
  2⤵
  PID:2088
- C:\Windows\System\BIRaxDu.exe
  C:\Windows\System\BIRaxDu.exe
  2⤵
  PID:8244
- C:\Windows\System\hgJEtQB.exe
  C:\Windows\System\hgJEtQB.exe
  2⤵
  PID:2108
- C:\Windows\System\UeemIOe.exe
  C:\Windows\System\UeemIOe.exe
  2⤵
  PID:8344
- C:\Windows\System\LCwbjXY.exe
  C:\Windows\System\LCwbjXY.exe
  2⤵
  PID:8428
- C:\Windows\System\gkuhHJK.exe
  C:\Windows\System\gkuhHJK.exe
  2⤵
  PID:8348
- C:\Windows\System\qNzFOxf.exe
  C:\Windows\System\qNzFOxf.exe
  2⤵
  PID:8580
- C:\Windows\System\muyZoMf.exe
  C:\Windows\System\muyZoMf.exe
  2⤵
  PID:8392
- C:\Windows\System\HmlYqcS.exe
  C:\Windows\System\HmlYqcS.exe
  2⤵
  PID:8640
- C:\Windows\System\NShdXhv.exe
  C:\Windows\System\NShdXhv.exe
  2⤵
  PID:8668
- C:\Windows\System\epjnzQV.exe
  C:\Windows\System\epjnzQV.exe
  2⤵
  PID:8804
- C:\Windows\System\mZVvdpB.exe
  C:\Windows\System\mZVvdpB.exe
  2⤵
  PID:8624
- C:\Windows\System\tieldlc.exe
  C:\Windows\System\tieldlc.exe
  2⤵
  PID:8704
- C:\Windows\System\HAyUUbR.exe
  C:\Windows\System\HAyUUbR.exe
  2⤵
  PID:8940
- C:\Windows\System\LOFKRDH.exe
  C:\Windows\System\LOFKRDH.exe
  2⤵
  PID:8952
- C:\Windows\System\kRZLbxC.exe
  C:\Windows\System\kRZLbxC.exe
  2⤵
  PID:9028
- C:\Windows\System\YzPqMaP.exe
  C:\Windows\System\YzPqMaP.exe
  2⤵
  PID:9076
- C:\Windows\System\LPSoEEE.exe
  C:\Windows\System\LPSoEEE.exe
  2⤵
  PID:9104
- C:\Windows\System\ALVrkYy.exe
  C:\Windows\System\ALVrkYy.exe
  2⤵
  PID:2728
- C:\Windows\System\ebDiAHD.exe
  C:\Windows\System\ebDiAHD.exe
  2⤵
  PID:7204
- C:\Windows\System\QlKxpTG.exe
  C:\Windows\System\QlKxpTG.exe
  2⤵
  PID:9140
- C:\Windows\System\KFCyVBM.exe
  C:\Windows\System\KFCyVBM.exe
  2⤵
  PID:8240
- C:\Windows\System\LpmbJyj.exe
  C:\Windows\System\LpmbJyj.exe
  2⤵
  PID:8464
- C:\Windows\System\IPreltc.exe
  C:\Windows\System\IPreltc.exe
  2⤵
  PID:8720
- C:\Windows\System\DEFkWKm.exe
  C:\Windows\System\DEFkWKm.exe
  2⤵
  PID:8548
- C:\Windows\System\TBbyrlV.exe
  C:\Windows\System\TBbyrlV.exe
  2⤵
  PID:8724
- C:\Windows\System\LweVBdc.exe
  C:\Windows\System\LweVBdc.exe
  2⤵
  PID:8800
- C:\Windows\System\NOFNYyY.exe
  C:\Windows\System\NOFNYyY.exe
  2⤵
  PID:8784
- C:\Windows\System\FzdHsZu.exe
  C:\Windows\System\FzdHsZu.exe
  2⤵
  PID:8900
- C:\Windows\System\oFMcphJ.exe
  C:\Windows\System\oFMcphJ.exe
  2⤵
  PID:9016
- C:\Windows\System\HplkILk.exe
  C:\Windows\System\HplkILk.exe
  2⤵
  PID:9196
- C:\Windows\System\dXtjgyC.exe
  C:\Windows\System\dXtjgyC.exe
  2⤵
  PID:9180
- C:\Windows\System\GIMzvKv.exe
  C:\Windows\System\GIMzvKv.exe
  2⤵
  PID:8320
- C:\Windows\System\gFozHtx.exe
  C:\Windows\System\gFozHtx.exe
  2⤵
  PID:2416
- C:\Windows\System\ALPhFtX.exe
  C:\Windows\System\ALPhFtX.exe
  2⤵
  PID:8456
- C:\Windows\System\zZiSXne.exe
  C:\Windows\System\zZiSXne.exe
  2⤵
  PID:8480
- C:\Windows\System\onIlucT.exe
  C:\Windows\System\onIlucT.exe
  2⤵
  PID:8920
- C:\Windows\System\luwHLQR.exe
  C:\Windows\System\luwHLQR.exe
  2⤵
  PID:9084
- C:\Windows\System\CdRQiYL.exe
  C:\Windows\System\CdRQiYL.exe
  2⤵
  PID:9072
- C:\Windows\System\njgqEai.exe
  C:\Windows\System\njgqEai.exe
  2⤵
  PID:9128
- C:\Windows\System\ciVXmlO.exe
  C:\Windows\System\ciVXmlO.exe
  2⤵
  PID:8304
- C:\Windows\System\LAvLfZI.exe
  C:\Windows\System\LAvLfZI.exe
  2⤵
  PID:8700
- C:\Windows\System\kGjTxFr.exe
  C:\Windows\System\kGjTxFr.exe
  2⤵
  PID:8868
- C:\Windows\System\GZgOHtO.exe
  C:\Windows\System\GZgOHtO.exe
  2⤵
  PID:8336
- C:\Windows\System\KYtMVyO.exe
  C:\Windows\System\KYtMVyO.exe
  2⤵
  PID:8636
- C:\Windows\System\KEECeyS.exe
  C:\Windows\System\KEECeyS.exe
  2⤵
  PID:8892
- C:\Windows\System\hMTGWZb.exe
  C:\Windows\System\hMTGWZb.exe
  2⤵
  PID:8560
- C:\Windows\System\lQrInkF.exe
  C:\Windows\System\lQrInkF.exe
  2⤵
  PID:9200
- C:\Windows\System\yPffOtY.exe
  C:\Windows\System\yPffOtY.exe
  2⤵
  PID:9244
- C:\Windows\System\JPEwnpi.exe
  C:\Windows\System\JPEwnpi.exe
  2⤵
  PID:9260
- C:\Windows\System\oJBxhJC.exe
  C:\Windows\System\oJBxhJC.exe
  2⤵
  PID:9280
- C:\Windows\System\fLXJfuv.exe
  C:\Windows\System\fLXJfuv.exe
  2⤵
  PID:9296
- C:\Windows\System\LzfQGUG.exe
  C:\Windows\System\LzfQGUG.exe
  2⤵
  PID:9320
- C:\Windows\System\kuPNzzO.exe
  C:\Windows\System\kuPNzzO.exe
  2⤵
  PID:9340
- C:\Windows\System\RWhOEiv.exe
  C:\Windows\System\RWhOEiv.exe
  2⤵
  PID:9356
- C:\Windows\System\fxATdEN.exe
  C:\Windows\System\fxATdEN.exe
  2⤵
  PID:9384
- C:\Windows\System\zmrLLFT.exe
  C:\Windows\System\zmrLLFT.exe
  2⤵
  PID:9404
- C:\Windows\System\ziuHjxv.exe
  C:\Windows\System\ziuHjxv.exe
  2⤵
  PID:9420
- C:\Windows\System\YRPuIiG.exe
  C:\Windows\System\YRPuIiG.exe
  2⤵
  PID:9448
- C:\Windows\System\ITSaOaq.exe
  C:\Windows\System\ITSaOaq.exe
  2⤵
  PID:9468
- C:\Windows\System\cJWaEOO.exe
  C:\Windows\System\cJWaEOO.exe
  2⤵
  PID:9488
- C:\Windows\System\lNSkmhm.exe
  C:\Windows\System\lNSkmhm.exe
  2⤵
  PID:9504
- C:\Windows\System\rPBLEht.exe
  C:\Windows\System\rPBLEht.exe
  2⤵
  PID:9528
- C:\Windows\System\wDamXIW.exe
  C:\Windows\System\wDamXIW.exe
  2⤵
  PID:9552
- C:\Windows\System\DfhZqOc.exe
  C:\Windows\System\DfhZqOc.exe
  2⤵
  PID:9576
- C:\Windows\System\GIPWQqG.exe
  C:\Windows\System\GIPWQqG.exe
  2⤵
  PID:9600
- C:\Windows\System\ZpzFtmZ.exe
  C:\Windows\System\ZpzFtmZ.exe
  2⤵
  PID:9616
- C:\Windows\System\huOTZeA.exe
  C:\Windows\System\huOTZeA.exe
  2⤵
  PID:9636
- C:\Windows\System\LmlbRFi.exe
  C:\Windows\System\LmlbRFi.exe
  2⤵
  PID:9660
- C:\Windows\System\reGbdST.exe
  C:\Windows\System\reGbdST.exe
  2⤵
  PID:9676
- C:\Windows\System\psmocPV.exe
  C:\Windows\System\psmocPV.exe
  2⤵
  PID:9692
- C:\Windows\System\fgDaThU.exe
  C:\Windows\System\fgDaThU.exe
  2⤵
  PID:9708
- C:\Windows\System\zFUJzar.exe
  C:\Windows\System\zFUJzar.exe
  2⤵
  PID:9740
- C:\Windows\System\qalIyxQ.exe
  C:\Windows\System\qalIyxQ.exe
  2⤵
  PID:9756
- C:\Windows\System\oTdNhnB.exe
  C:\Windows\System\oTdNhnB.exe
  2⤵
  PID:9776
- C:\Windows\System\stjYFRs.exe
  C:\Windows\System\stjYFRs.exe
  2⤵
  PID:9800
- C:\Windows\System\CNcaxGI.exe
  C:\Windows\System\CNcaxGI.exe
  2⤵
  PID:9820
- C:\Windows\System\reLqQsz.exe
  C:\Windows\System\reLqQsz.exe
  2⤵
  PID:9836
- C:\Windows\System\fqCRdvi.exe
  C:\Windows\System\fqCRdvi.exe
  2⤵
  PID:9856
- C:\Windows\System\OBJAUMq.exe
  C:\Windows\System\OBJAUMq.exe
  2⤵
  PID:9880
- C:\Windows\System\xBLNQop.exe
  C:\Windows\System\xBLNQop.exe
  2⤵
  PID:9900
- C:\Windows\System\cXwQBvr.exe
  C:\Windows\System\cXwQBvr.exe
  2⤵
  PID:9916
- C:\Windows\System\vwRUwXL.exe
  C:\Windows\System\vwRUwXL.exe
  2⤵
  PID:9936
- C:\Windows\System\xDenOMK.exe
  C:\Windows\System\xDenOMK.exe
  2⤵
  PID:9956
- C:\Windows\System\NYXhWBX.exe
  C:\Windows\System\NYXhWBX.exe
  2⤵
  PID:9972
- C:\Windows\System\ufIbLiJ.exe
  C:\Windows\System\ufIbLiJ.exe
  2⤵
  PID:9988
- C:\Windows\System\LQtKqcH.exe
  C:\Windows\System\LQtKqcH.exe
  2⤵
  PID:10004
- C:\Windows\System\hskeeZr.exe
  C:\Windows\System\hskeeZr.exe
  2⤵
  PID:10020
- C:\Windows\System\bRVWarS.exe
  C:\Windows\System\bRVWarS.exe
  2⤵
  PID:10052
- C:\Windows\System\tWEZCXG.exe
  C:\Windows\System\tWEZCXG.exe
  2⤵
  PID:10068
- C:\Windows\System\gbBIJPe.exe
  C:\Windows\System\gbBIJPe.exe
  2⤵
  PID:10084
- C:\Windows\System\cBhcThz.exe
  C:\Windows\System\cBhcThz.exe
  2⤵
  PID:10104
- C:\Windows\System\xNnCJdD.exe
  C:\Windows\System\xNnCJdD.exe
  2⤵
  PID:10120
- C:\Windows\System\mDVFOfA.exe
  C:\Windows\System\mDVFOfA.exe
  2⤵
  PID:10136
- C:\Windows\System\ATLDAdz.exe
  C:\Windows\System\ATLDAdz.exe
  2⤵
  PID:10156
- C:\Windows\System\FVEhKDa.exe
  C:\Windows\System\FVEhKDa.exe
  2⤵
  PID:10180
- C:\Windows\System\LDUHJGH.exe
  C:\Windows\System\LDUHJGH.exe
  2⤵
  PID:10208
- C:\Windows\System\zqpolvN.exe
  C:\Windows\System\zqpolvN.exe
  2⤵
  PID:10236
- C:\Windows\System\XSwoZjP.exe
  C:\Windows\System\XSwoZjP.exe
  2⤵
  PID:2136
- C:\Windows\System\fQqlUms.exe
  C:\Windows\System\fQqlUms.exe
  2⤵
  PID:9252
- C:\Windows\System\rtPpAcw.exe
  C:\Windows\System\rtPpAcw.exe
  2⤵
  PID:9276
- C:\Windows\System\dJyJnvs.exe
  C:\Windows\System\dJyJnvs.exe
  2⤵
  PID:9312
- C:\Windows\System\wquPkdQ.exe
  C:\Windows\System\wquPkdQ.exe
  2⤵
  PID:9336
- C:\Windows\System\QBXiwUB.exe
  C:\Windows\System\QBXiwUB.exe
  2⤵
  PID:9352
- C:\Windows\System\zgcZvDX.exe
  C:\Windows\System\zgcZvDX.exe
  2⤵
  PID:9392
- C:\Windows\System\koHEIhL.exe
  C:\Windows\System\koHEIhL.exe
  2⤵
  PID:9428
- C:\Windows\System\WYfgVDd.exe
  C:\Windows\System\WYfgVDd.exe
  2⤵
  PID:9444
- C:\Windows\System\RBAdluP.exe
  C:\Windows\System\RBAdluP.exe
  2⤵
  PID:9476
- C:\Windows\System\XWoECgn.exe
  C:\Windows\System\XWoECgn.exe
  2⤵
  PID:9512
- C:\Windows\System\iNNsvnU.exe
  C:\Windows\System\iNNsvnU.exe
  2⤵
  PID:9548
- C:\Windows\System\dhlGzmc.exe
  C:\Windows\System\dhlGzmc.exe
  2⤵
  PID:9632
- C:\Windows\System\iGaqjSY.exe
  C:\Windows\System\iGaqjSY.exe
  2⤵
  PID:9652
- C:\Windows\System\kGduUpA.exe
  C:\Windows\System\kGduUpA.exe
  2⤵
  PID:9700
- C:\Windows\System\godMjjQ.exe
  C:\Windows\System\godMjjQ.exe
  2⤵
  PID:9732
- C:\Windows\System\StpDmEn.exe
  C:\Windows\System\StpDmEn.exe
  2⤵
  PID:9752
- C:\Windows\System\VnSfhmq.exe
  C:\Windows\System\VnSfhmq.exe
  2⤵
  PID:9784
- C:\Windows\System\WtOniZO.exe
  C:\Windows\System\WtOniZO.exe
  2⤵
  PID:9812
- C:\Windows\System\aBnRrOi.exe
  C:\Windows\System\aBnRrOi.exe
  2⤵
  PID:9848
- C:\Windows\System\CjilcHW.exe
  C:\Windows\System\CjilcHW.exe
  2⤵
  PID:9892
- C:\Windows\System\cyWqnxt.exe
  C:\Windows\System\cyWqnxt.exe
  2⤵
  PID:9932
- C:\Windows\System\byyGPmc.exe
  C:\Windows\System\byyGPmc.exe
  2⤵
  PID:9948
- C:\Windows\System\tnYInXa.exe
  C:\Windows\System\tnYInXa.exe
  2⤵
  PID:10060
- C:\Windows\System\BNzIuqD.exe
  C:\Windows\System\BNzIuqD.exe
  2⤵
  PID:10000
- C:\Windows\System\FmEAIzn.exe
  C:\Windows\System\FmEAIzn.exe
  2⤵
  PID:10048
- C:\Windows\System\UDJgLbB.exe
  C:\Windows\System\UDJgLbB.exe
  2⤵
  PID:10148
- C:\Windows\System\XrTPkLx.exe
  C:\Windows\System\XrTPkLx.exe
  2⤵
  PID:10168
- C:\Windows\System\AwcIhft.exe
  C:\Windows\System\AwcIhft.exe
  2⤵
  PID:10172
- C:\Windows\System\ODrFkoO.exe
  C:\Windows\System\ODrFkoO.exe
  2⤵
  PID:10216
- C:\Windows\System\pwjNWvP.exe
  C:\Windows\System\pwjNWvP.exe
  2⤵
  PID:9224
- C:\Windows\System\fnefUnB.exe
  C:\Windows\System\fnefUnB.exe
  2⤵
  PID:10232
- C:\Windows\System\PHHxIkN.exe
  C:\Windows\System\PHHxIkN.exe
  2⤵
  PID:8404
- C:\Windows\System\IAifeND.exe
  C:\Windows\System\IAifeND.exe
  2⤵
  PID:9332
- C:\Windows\System\oZOwKNv.exe
  C:\Windows\System\oZOwKNv.exe
  2⤵
  PID:9440
- C:\Windows\System\jPGgfTF.exe
  C:\Windows\System\jPGgfTF.exe
  2⤵
  PID:9396
- C:\Windows\System\lzJcRzF.exe
  C:\Windows\System\lzJcRzF.exe
  2⤵
  PID:9524
- C:\Windows\System\NuWNAjx.exe
  C:\Windows\System\NuWNAjx.exe
  2⤵
  PID:9416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HqIBRhZ.exe

Filesize
6.0MB

MD5
a556dede059db77350f5e49691896a5b

SHA1
cc46184bce21ab6e69e4b92c4183a508d690daaf

SHA256
c582dd7ad8c628a06b66a4d1fd4bebebf5262bd7ca199520400ff23467199696

SHA512
6547a2ab55feac76c044924dcbca6d081ef101e40c3d2cd757188f4a22b2111fff10fdbb3656f232231d941f4719934ec6b2ec5cfbc13d1cb2a8dd4dac33e58b

Download Submit
C:\Windows\system\JzSlBPf.exe

Filesize
6.0MB

MD5
fb0da161e28fa24dbc27c48ffe48e296

SHA1
5773d133c0e52486d554bdbc6f22e242222682cb

SHA256
2f6813786b915d067a0eef3c91f5a76f8af42496a5709c5317adde6a261a0690

SHA512
b93c77cdb7e2c029b6a6d68a4d5e418081eb477dbd795ec3c86e2d71db372ee9565ad629efe5639d80f3e6eb75f71be094ff71e259d2329525af372d3d8b5799

Download Submit
C:\Windows\system\LwOPCDF.exe

Filesize
6.0MB

MD5
0704fe772516c3784728498406b87829

SHA1
8ce0552b5da96b90da5df81471ee9330a6e28f10

SHA256
474e45bbc473c6f8fb82afe7a1ee69f2dcfd4d47c5e05814953cf5d27ae1cfd3

SHA512
b2783ea7290bf8118e322607d86119b7bd64c4481a6fd2c02f5f485ba65119a0707e81213fc56f6ba5f350efa30a0727291519ca0c238ed4693e630ed2d09806

Download Submit
C:\Windows\system\QbBCnAd.exe

Filesize
6.0MB

MD5
99f5151d7fc2b67cec4e89b7bb725d22

SHA1
de3d338541f6e6c93ddb8734a21742e6b934993b

SHA256
67a9932003c39aa731a4f2da364b0472aeb0c59e3f2912ac34c9d427ebcf6b4b

SHA512
14ace1d9de90397a8cbe758d8554b55f938599d9f786f5d29551ecb8bc121fc9135a7498755ec29e278656b97503b705f8045cd2da4c5a0544c296b6cf540fb3

Download Submit
C:\Windows\system\WXHPYVC.exe

Filesize
6.0MB

MD5
5d83910b05d3df7937d62f0ccb5948b1

SHA1
05d3f2640445db6d24b77475c4f86c42a90af050

SHA256
290543be3803f706ca3689a18cd2fd3ac34576224de617432e2f60be9d92a277

SHA512
7aaa315a75a4888e4b0d5fe91edab6e4737ac1662b1dc3ccadfe26a09656cef587f312810e54cae84db24bc3556b0b934d09e99ee48b71d72f7b675c9369ea75

Download Submit
C:\Windows\system\XOCXnNC.exe

Filesize
6.0MB

MD5
115a3338745955eb14eabfe984d9c68e

SHA1
0e89176ae882bd7555b7ba1419ce11c27063e22a

SHA256
e784ad9f759f8e69b7df1cb745beb267b4e07a63d797d776c636cb89d232bfee

SHA512
9ca0bf15c38c4ab494902de72f71e07204ab1f79233779adb11116c2feb6933a96a9134859a1261829296f4c7a0032e7f80c0a5f834041aec46a97fc370c7dbb

Download Submit
C:\Windows\system\XWFCADV.exe

Filesize
6.0MB

MD5
0b11dd354fe266364a6ebad97c26a285

SHA1
0336709c631860cd97fb87636a78b1a94dee1a04

SHA256
615a300561b9d01f77ac3a5e67a40ba151888eb0cb577b7048bb5ab5b35c7a5e

SHA512
40e416e1c7a4a3ab6c5508ef1b7d0193e2e7b14226590f3eb46566b6782790e0564221a5a76cb3a67bc4e69d33d2b6d264cfc8f9acd5155bfb8441e42f29026c

Download Submit
C:\Windows\system\XxVhwRm.exe

Filesize
6.0MB

MD5
f1d5b4157af538043db3b7a84a8e7fc8

SHA1
405699634531785cb0fb61dcb6e56f1f87ac705a

SHA256
8c785a8ef5462eb68311f2f350da3d58ed0aacb87e63686024472d5e53ee7ab4

SHA512
87c9d04f2ee0b0c25ccdc7510477da4ddba7360b417224a20a27a2d7b542bac1588b4647b3c0e43e89e3d9be27ee53e5f91ce0e4ed3e72d9f2c76c97232a4991

Download Submit
C:\Windows\system\bNxszIj.exe

Filesize
6.0MB

MD5
4b2719668af7065ac0345f3637d3b767

SHA1
55b3d99b8eca1b8e1ea8b417d41a4b4b0ab301c0

SHA256
cced6444b8d11b6427af602834c0fcba35423e738e29da9a9871284174244567

SHA512
111e3465734521ed8de9f7bb8f75dd6c32c82d0cfb089c6f5a918bf7cd1be7b1721f728bc9b22dbc59d347b87336eb27cdb475ccecc6e6edd9765680c77bf00b

Download Submit
C:\Windows\system\dSQLqGs.exe

Filesize
6.0MB

MD5
d7864100c03b0c9de3659297275c7cfa

SHA1
c45c5137cb6f4ef8f7090d79ac2a58fa41e69f02

SHA256
509eb5a4d17d4a33ecb946003ff37911bbfb43a0978fcbc38a18f2640bf25695

SHA512
e3c81dc6d3632e91d7f0556201e572c4618a8b0642bf719f8c562ee8200d8dd207299d875a52d1552ec2230623a12bbcc86cdd89b057c7188b66e0c8b07ab5ec

Download Submit
C:\Windows\system\gqilDwL.exe

Filesize
6.0MB

MD5
5fc136d74fe15b3102fe0867e3b28ac8

SHA1
5e49a458c99881a27d263c450a4f480bf80745f6

SHA256
99bb2d1fa36d3eb1ab07c446499cc97eca20bfd3dca8781e7321d4344bfd1f35

SHA512
9c66187eb0e7a0044dbb0402b4c3ca216b8f2a5c90847ec13993aa64a940cb3332f63bd2effe02b8d335c150821f808abbebf9639c664068a009cd91a13a0139

Download Submit
C:\Windows\system\iAOSCRZ.exe

Filesize
6.0MB

MD5
c6fda46b21a28ac64bfcdd4e75a0c53d

SHA1
8ff36e125eda491d40acbf158299bc8628237aad

SHA256
285f07062d059b4a1a7ec22877eb3f02724c594a321c8b4b166b8afb54855ea3

SHA512
7fc832bee5a3dbe6fc91bc85de5b5a40ee65d0d3f54e98f907e6ea8350c2ebb64c56b1559dde28beb8c8bea58fd6a748f3d9ca5b23338883e2201bf5a128665b

Download Submit
C:\Windows\system\jcKWXeN.exe

Filesize
6.0MB

MD5
ce43835792924671c82c0eeb0d7161a8

SHA1
0cff04e5a8e4a86a66adf8a3ecfb47588759eb18

SHA256
f673d3b9df55644d654398404fedb294fe1bb9b729931e61c12a585b4a88520e

SHA512
2c826e8675dde78d62703d0faa71f8b1c15a17bcf15501f785f0ac3cebdcea22a1d7ec705066b21fc6b575da5f61065a482628ceeb8fd31845f3abe34ede0b30

Download Submit
C:\Windows\system\lBfQkyz.exe

Filesize
6.0MB

MD5
5befe474b8722571eff3acbf9cf57c1b

SHA1
7b1d0c5c8092cc976b01838822860a8049f56fed

SHA256
ba0441508a5cd84ff0e67508f6ab2c42ea58880b5b47d32cd804e5b2d13e44c6

SHA512
28c1dcf1315a694b55ff8666293656f55a900c5eeec9256cf9cd8fefec826350628904e596c23308bcb036df0f65418d3c088fd16939ad407e7f31e38c16371d

Download Submit
C:\Windows\system\lbMTdky.exe

Filesize
6.0MB

MD5
c047aceb04b941646599a2a3012cbba0

SHA1
6e6b8fb3c326b67d9b766f9ce2d47a213d4339a4

SHA256
c5a98e9a5c838b0005b4abcc86b5111c4e43361c98cc3c9b2df40d99b79b9bc3

SHA512
cbaeb8de8aaccd9d44ea648f5a5440a13271b556b3ff0ccebdbc099a88cef97e7db9d54a85fb855eff293ffe75f28a159cdf6a17bf5a582c7461464b0663f598

Download Submit
C:\Windows\system\nNgdNCX.exe

Filesize
6.0MB

MD5
b345117663a2b68aa8bfa852bdd77db4

SHA1
5615cac3f686935f654a5be7598174e5333503ba

SHA256
ae6dc56872c6c19c2ba083215c5c12c44964a66d938464dd18f00475e8a30034

SHA512
ff52ecd525dec5ab0e8c0a72960a5d783bdbe7dc26fe49e6552a18187f767ce5a5571a2eb3637d812e17cf2af3cbf25bee963b69682d76c2f61809427c201bf4

Download Submit
C:\Windows\system\pkCZxrS.exe

Filesize
6.0MB

MD5
d9d9595df7b97494b1cc4ef70561eddf

SHA1
1a792d3dbac1318c7c6d4f55a250a9c376f42e48

SHA256
dc4c90731a4c88ab4becfb12e532edd3e666908e58da67bab289aae9e066de9b

SHA512
b7c0f897484740c6e377baa2e1247a119784fbc20de841418a31cf67db2e6cd3580ff89749315b8841ae655028cc5c764097cf971b49183acf38811210f0c402

Download Submit
C:\Windows\system\qhxLsaO.exe

Filesize
6.0MB

MD5
4e3b912663b41c566c66e61f2b4c98c4

SHA1
ee8a9e1fa40c84d3e4f23d07018077be47afea1f

SHA256
2b737e66b1fb6820e1c0faf91de78c65dd61baff07ce658cd33ce23e0051c0c4

SHA512
d09043d53e268f52901fbf96387938c0baee45be69cecc12e7bf051d27558b61684c11a136ee8cd1d17d1292bc5be4d8744428b5c547321537b0e6d5ecc743c1

Download Submit
C:\Windows\system\tmFBSvP.exe

Filesize
6.0MB

MD5
704c814185bd5ee644285b27a9dfd7e3

SHA1
cafffe34d5daf3084a2250e56e6df8762e90e310

SHA256
19441da72c6943ca558e4ec629b3b9c628d9f7c819e417280d1d68ec95681060

SHA512
5df4ede2f4fa2b6c978c2f0b4a4d1ee5e7ddc8ac728fb3a21344c072cdc2f263ac841882f4d3caac02214faa7f25705d4989ac9857b20ce9b5f3a744102694dd

Download Submit
C:\Windows\system\vCGiJQx.exe

Filesize
6.0MB

MD5
2f2619248812c37df190a5efef87b325

SHA1
81f521233d1910226bf9d02f243adc00ce4e2f9f

SHA256
7236ab2d002e956c676618beb9ffc8329eb74eb8bc4bccf2b621a12e5869e927

SHA512
1f32b1bbaaf25389213b92414399af60dfc90662c2f691eddbb7cccff1ef684d450edcf5626a12dc78cb1fc4116c6c9b09556c34a0a87ba9bccd5d8f6e897f25

Download Submit
C:\Windows\system\wXYnmgY.exe

Filesize
6.0MB

MD5
9ff2095a80515dbfd64b13cf1e65828c

SHA1
bdbc34fc873e55ab5faff3377cc5b52687e6bfe7

SHA256
6bba12a40ac7594f466c4d783c85f6b3c49e5a3099d0f251f23e190257da329e

SHA512
bfb1f8dba5fdfc832b51ef3c50ab88a85f695c433fdd539f88c651797affc084a84bd9374b000925ff3798e154817939d4acd2350ef55c8554d6b7ad0877147d

Download Submit
C:\Windows\system\wfOnrJt.exe

Filesize
6.0MB

MD5
d8cc46e2084b4697dd638a7b038f9019

SHA1
dd84906385b40be660b2df5483e3fd9b0c07d643

SHA256
7e818a344060119f8c1873e38145a1b3bc24655a487b66651ebaad2efec62fa9

SHA512
4359fc6e535c4050fa5a7987247ef960fcded7a3b4907d7f2f7234d4b746863e9f7352b33820a1a9674572f4c00ddddc983a8cb77a03f574beb4bba7b03b9875

Download Submit
C:\Windows\system\whHfjEI.exe

Filesize
6.0MB

MD5
9c998919c8b54ac7f227ab2cf8fadc54

SHA1
a5e1e3c06e21b9a87f4ef5409bfca45bf5931d08

SHA256
bda25c3701afdb880e2f912bb42e70d889b8c965a10fa35f920685abff6bc094

SHA512
7d2f0193715a2363ef6b96a48e0537f7ecba9334d7dafc14f3966ddf0d5cd5553c83320e83428c6b4c9a970db9a068e8053690be5eea6b9e34189ab9fd47ca2e

Download Submit
C:\Windows\system\xQCEqMt.exe

Filesize
6.0MB

MD5
adfef1ed049292eb472bc0ccbb6594ff

SHA1
49fe0012c8067b050f91ba46a3be22b936d56ed3

SHA256
bb00b401c14c553d063841e5bb880b9f2695de95b4ff8e125b422ac5cfcdea4d

SHA512
e05e5e785d804302da81d2cb018a1062372ef709fe0fd9b3e21e92944b35466ab78da43b4842be17d99afd369df4c437713402c52ea16b340f53635b8fe876f2

Download Submit
C:\Windows\system\yWBCcJh.exe

Filesize
6.0MB

MD5
81a97cfd74877aa01017351bc85fe9b6

SHA1
d322f5d99ff483cb6a622be41e8668f8d19a9e62

SHA256
390a4ce7dc32c49235e12138313c1edd68565c3a8320501f8567e24ce952b50d

SHA512
844e5a7612d3e12b4ac0d289c0e4e308ca4087719e6080029a530ed8b780ff7d73e80afb0e4274fc90c8d3f2950d3857323e9a12083146267e0ca9ed60f6267d

Download Submit
C:\Windows\system\zhLxDuY.exe

Filesize
6.0MB

MD5
e07ee95e7e7287271eae5b669f88bcd3

SHA1
ad22fd693536a8378957734e0f6fe0e27a8e4732

SHA256
bdc5c0f81789289a06d25113c5f2d63551ff27e7a6037de877a208459a851515

SHA512
3f6e82345964f6ce0005d3fb036ae69f6a15a1b819538415768957038c8fb90448a7f32e66aa9021c927593af5fe2c7acc9637635d7318d447232ccce81ad457

Download Submit
\Windows\system\DFnttDS.exe

Filesize
6.0MB

MD5
88ba9607104744fc13353a6751281358

SHA1
64dbc046f51491247b01be2744a3922ccd0e01a3

SHA256
6cb703bfe89933eaa46462a489d5fe0c4b09098878a5566f3da4319112a47a2a

SHA512
32f9b3229d26d5bd7d2cbb212059222b646b19a3cabfa129db08bc5445e5bab088c49a39c40f7657e44696b1f98c32618c6da9c15b767ee5f2eb6ed416e59e4a

Download Submit
\Windows\system\HvlVrpL.exe

Filesize
6.0MB

MD5
e8cf91c412f2adf355b2678528d26db4

SHA1
3a7fe7e0b8cea48195c9ec76babf6c6a15bfb331

SHA256
42c307010f6223eb48b56b6d19db5068524f7c3dc36fb48293e43c9462b03360

SHA512
baef833deeba756c43242ebe76c0aebd8493972acfa777546c803ae53bda15c4d01c89a61b59d773d153836abdbea1db9d894041a4483846879f38ddc7c7e57c

Download Submit
\Windows\system\TnVpsTy.exe

Filesize
6.0MB

MD5
24bc1e727b706f1e816e6b5e652b6897

SHA1
fb4dad76c9706d35627f1ffb4cde3a1dc9581c17

SHA256
272761c5d33e7c0fc12652febaef2505629992528e671bead968ebe9d8c22672

SHA512
96b1f157fbccbef38598dbe00aee357c9ed2b7d718d406987c79d5d7a3227bac83048833615afc4c863cb91011d6e9f7187bfb74e09b3adce6b8a5176a05b387

Download Submit
\Windows\system\eCljnxd.exe

Filesize
6.0MB

MD5
2df0b1ebfa990a0f8a87b5f51458ddb3

SHA1
aa7809b39663c8b5990eaa5fed8527d8aef6e1e4

SHA256
68d647c4327da216f873158ab757b38039deb746877e8f44e9981da6dc4e0e81

SHA512
9bbef48083cae1c74ecf1d9f02d179221335fcbc1f13982dab5aa974c4a70437e4de80849e14026669d428fb3e4f8ea9597a4c30fe33f2c4824eb3c06f49d2c6

Download Submit
\Windows\system\hEVVIuw.exe

Filesize
6.0MB

MD5
8771a135de5dc92d6774edfd6816ea65

SHA1
abf8ecef4993b61bb525c96074227921d649a7d8

SHA256
3c514fd81a07c5158aa5438bc5794865dc778018b396235831b196aa9c0dd166

SHA512
a56a22670ed45c05fa58d30a9bb98f7a5b565899d9217a493ae807a696f89107c4c1c21dbc1698e33667dfd7c6fc69cdbe0f3e7beb3cf99e393b0494320ca0e6

Download Submit
\Windows\system\obfeFBX.exe

Filesize
6.0MB

MD5
01a20c35dfdd064af597ab20144d9597

SHA1
0acfe05425643919fbc9e3591cf984812e7eb057

SHA256
48c9fe73a0e0fd5884d450dac6e9bc668b0200b0e7d0a4839c6b63bb3068b8bb

SHA512
158129687609b77e242969d9abd11e2c45d69eef6671affe8c6657647262dcaa12306df4398b35d302f783e48e33d55459d84b98d9e9ad9bd1db899d599d5c05

Download Submit
memory/644-4002-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/644-90-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-114-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-4004-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-4003-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1664-103-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1884-3993-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1884-40-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3991-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2012-9-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2012-68-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2096-82-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3994-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2096-30-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3996-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2148-51-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3995-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2164-49-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2380-28-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-111-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-63-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-72-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-50-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2380-80-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-6-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-87-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-56-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2380-42-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2380-52-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-60-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1536-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-783-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-46-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2380-115-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2380-13-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-572-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-99-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1325-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-64-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3999-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2624-257-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2628-73-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2628-457-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4000-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4001-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-83-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3998-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2780-109-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2780-58-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3992-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-16-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-75-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3997-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-54-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download