cobaltstrike | 6b0a002b830dd4ac57290991eb0747e0f500ee52feb7dd86827b9921eacca8c8

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e38f5bf8d32bd1f5316b66231207d8ff
SHA1

181804b1a5677db45fd86ed8140f2e5673e0f902
SHA256

6b0a002b830dd4ac57290991eb0747e0f500ee52feb7dd86827b9921eacca8c8
SHA512

265008b8d99481bc3c662fed5d51d64b7bd7e452d0036574efb4280afbaca43ba941c7abaf8d72f65ea1ae6fb467e92c6b6a8fa97366f3621c4fbebbb8f9855d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226b-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001662e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c7b-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016855-15.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cd1-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-186.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016307-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-152.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-147.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-145.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-59.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eca-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c84-26.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-138.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-136.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-110.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c62-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-69.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/1848-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226b-3.dat	xmrig
behavioral1/files/0x000800000001662e-8.dat	xmrig
behavioral1/files/0x0007000000016c7b-23.dat	xmrig
behavioral1/memory/1716-18-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016855-15.dat	xmrig
behavioral1/files/0x0009000000016cd1-33.dat	xmrig
behavioral1/memory/2812-60-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1848-578-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2432-960-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2984-959-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1716-815-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-186.dat	xmrig
behavioral1/files/0x0009000000016307-176.dat	xmrig
behavioral1/files/0x0005000000019256-180.dat	xmrig
behavioral1/files/0x0005000000019244-172.dat	xmrig
behavioral1/files/0x000500000001922c-153.dat	xmrig
behavioral1/files/0x00050000000191d4-152.dat	xmrig
behavioral1/files/0x00060000000190ce-151.dat	xmrig
behavioral1/files/0x0006000000018f53-150.dat	xmrig
behavioral1/files/0x0006000000018c1a-148.dat	xmrig
behavioral1/files/0x0005000000018687-147.dat	xmrig
behavioral1/files/0x0014000000018663-146.dat	xmrig
behavioral1/files/0x00060000000174a2-145.dat	xmrig
behavioral1/memory/2836-133-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x000d00000001866e-96.dat	xmrig
behavioral1/memory/2432-95-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0006000000017525-86.dat	xmrig
behavioral1/files/0x00060000000173fc-59.dat	xmrig
behavioral1/files/0x00060000000173f1-56.dat	xmrig
behavioral1/files/0x0006000000017472-55.dat	xmrig
behavioral1/files/0x00060000000173f4-48.dat	xmrig
behavioral1/files/0x0007000000016eca-37.dat	xmrig
behavioral1/memory/2396-32-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1732-28-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c84-26.dat	xmrig
behavioral1/files/0x00050000000191ff-138.dat	xmrig
behavioral1/files/0x00060000000190e0-136.dat	xmrig
behavioral1/files/0x000600000001903b-127.dat	xmrig
behavioral1/files/0x0006000000018c26-112.dat	xmrig
behavioral1/files/0x0005000000018792-110.dat	xmrig
behavioral1/memory/2684-101-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2648-91-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1848-73-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c62-71.dat	xmrig
behavioral1/memory/1828-70-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-69.dat	xmrig
behavioral1/memory/2832-68-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2984-67-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1848-64-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2396-3999-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1732-4002-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2812-4001-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1828-4000-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2984-3998-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2648-3997-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2832-3996-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2432-3995-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2836-3994-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2684-4010-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1716-4009-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	qYlZqMY.exe
1716	ugUCrRZ.exe
1732	AvzFuQe.exe
1828	zWDDdvg.exe
2812	pxSSFNW.exe
2984	MKDCsXN.exe
2832	vwdbDrg.exe
2648	iAlMPOR.exe
2684	jgEOHVm.exe
2432	ovyMdhs.exe
2836	lopdFHX.exe
2828	BKaiaEY.exe
1536	QuvqsiN.exe
2692	EyzjKxz.exe
1676	quadrtN.exe
1996	wLTHEdA.exe
2736	aRmcCaM.exe
2724	PSxDjAc.exe
2896	UJUhXYB.exe
2756	agWmdlh.exe
3060	INFrqLw.exe
1884	SqPDsPo.exe
1560	MMxCtHx.exe
2940	izfOnyQ.exe
2680	iQVJrUm.exe
2356	eFQfDVy.exe
1364	GZuznzB.exe
540	xZcgRJB.exe
1136	ZldCJPb.exe
1184	HkNJCcJ.exe
1352	snSKDoa.exe
1752	ZJDiwlI.exe
464	vdxiBfg.exe
1844	DuykuGw.exe
1940	ZmMstSL.exe
1604	LefFPTJ.exe
612	rAucIrI.exe
2476	JvsWmOJ.exe
2124	gBYlkMa.exe
2104	xkBsFkZ.exe
2424	dBtptOj.exe
2420	jAwLJUQ.exe
2008	xHcSsuU.exe
2412	HujRtSO.exe
2296	uEKEnZO.exe
556	ARXIqPN.exe
884	hzckUYc.exe
1856	VhxdwjZ.exe
872	MgBswKf.exe
2416	pGkGmad.exe
2004	LfpoJQj.exe
1556	pkNpWWc.exe
2372	ZEgUIRm.exe
2972	ddAaHlq.exe
2400	vcoenfs.exe
2996	YjwurBL.exe
2876	lfIaMvX.exe
2288	uoaSMOS.exe
1512	eoEgHOF.exe
1964	nikRziG.exe
2588	OePlZmJ.exe
1948	FAJwSlY.exe
632	dtTsAPq.exe
1840	gvilpoN.exe

Loads dropped DLL 64 IoCs

pid	Process
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1848-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000c00000001226b-3.dat	upx
behavioral1/files/0x000800000001662e-8.dat	upx
behavioral1/files/0x0007000000016c7b-23.dat	upx
behavioral1/memory/1716-18-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0008000000016855-15.dat	upx
behavioral1/files/0x0009000000016cd1-33.dat	upx
behavioral1/memory/2812-60-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1848-578-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2432-960-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2984-959-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1716-815-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0005000000019259-186.dat	upx
behavioral1/files/0x0009000000016307-176.dat	upx
behavioral1/files/0x0005000000019256-180.dat	upx
behavioral1/files/0x0005000000019244-172.dat	upx
behavioral1/files/0x000500000001922c-153.dat	upx
behavioral1/files/0x00050000000191d4-152.dat	upx
behavioral1/files/0x00060000000190ce-151.dat	upx
behavioral1/files/0x0006000000018f53-150.dat	upx
behavioral1/files/0x0006000000018c1a-148.dat	upx
behavioral1/files/0x0005000000018687-147.dat	upx
behavioral1/files/0x0014000000018663-146.dat	upx
behavioral1/files/0x00060000000174a2-145.dat	upx
behavioral1/memory/2836-133-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x000d00000001866e-96.dat	upx
behavioral1/memory/2432-95-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0006000000017525-86.dat	upx
behavioral1/files/0x00060000000173fc-59.dat	upx
behavioral1/files/0x00060000000173f1-56.dat	upx
behavioral1/files/0x0006000000017472-55.dat	upx
behavioral1/files/0x00060000000173f4-48.dat	upx
behavioral1/files/0x0007000000016eca-37.dat	upx
behavioral1/memory/2396-32-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1732-28-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0007000000016c84-26.dat	upx
behavioral1/files/0x00050000000191ff-138.dat	upx
behavioral1/files/0x00060000000190e0-136.dat	upx
behavioral1/files/0x000600000001903b-127.dat	upx
behavioral1/files/0x0006000000018c26-112.dat	upx
behavioral1/files/0x0005000000018792-110.dat	upx
behavioral1/memory/2684-101-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2648-91-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000016c62-71.dat	upx
behavioral1/memory/1828-70-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0006000000017487-69.dat	upx
behavioral1/memory/2832-68-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2984-67-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2396-3999-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1732-4002-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2812-4001-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1828-4000-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2984-3998-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2648-3997-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2832-3996-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2432-3995-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2836-3994-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2684-4010-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/1716-4009-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VwrmrAo.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCVDprM.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHdxAZd.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xILURra.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHmEYky.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdXTVIB.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXnJTRV.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJsQZIj.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPWaDta.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYtNtFa.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqKKgxd.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNEgSSW.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgCrCkH.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmoTmwm.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnKJLzC.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLIRkPQ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvtTemk.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eykGeiY.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLWDJBe.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYGtnNI.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAabfGk.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYbhMco.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTFAMPl.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysYHTtu.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCUkBlJ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtAeIOF.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqPTEzH.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFuqEFK.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOdmIuF.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxCreVm.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOhLpil.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpjxjoL.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlmdYky.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jypGkFi.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHwsHjc.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXSBTBr.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsaUTfJ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myZDUmD.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpjFpEJ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyvDhRZ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBTvaoe.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmQSzcT.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRiCgXx.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGCxLjE.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOjhliM.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydEleaW.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUUOLyc.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugUCrRZ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqYmlFG.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaVSEXI.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJjPLeq.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFCYkMD.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSzhQAN.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLZgQlR.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDWBUhD.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLMLdrl.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpzJULA.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krsUSyv.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPxhKbo.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWNUDDp.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVpIlKN.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkSwHAZ.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvbgLTe.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJGMSDR.exe	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2396	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1848 wrote to memory of 2396	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1848 wrote to memory of 2396	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1848 wrote to memory of 1716	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1848 wrote to memory of 1716	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1848 wrote to memory of 1716	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1848 wrote to memory of 1732	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1848 wrote to memory of 1732	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1848 wrote to memory of 1732	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1848 wrote to memory of 2684	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1848 wrote to memory of 2684	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1848 wrote to memory of 2684	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1848 wrote to memory of 1828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1848 wrote to memory of 1828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1848 wrote to memory of 1828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1848 wrote to memory of 2736	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1848 wrote to memory of 2736	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1848 wrote to memory of 2736	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1848 wrote to memory of 2812	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1848 wrote to memory of 2812	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1848 wrote to memory of 2812	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1848 wrote to memory of 2724	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1848 wrote to memory of 2724	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1848 wrote to memory of 2724	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1848 wrote to memory of 2984	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1848 wrote to memory of 2984	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1848 wrote to memory of 2984	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1848 wrote to memory of 2896	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1848 wrote to memory of 2896	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1848 wrote to memory of 2896	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1848 wrote to memory of 2832	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1848 wrote to memory of 2832	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1848 wrote to memory of 2832	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1848 wrote to memory of 2756	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1848 wrote to memory of 2756	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1848 wrote to memory of 2756	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1848 wrote to memory of 2648	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1848 wrote to memory of 2648	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1848 wrote to memory of 2648	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1848 wrote to memory of 3060	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1848 wrote to memory of 3060	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1848 wrote to memory of 3060	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1848 wrote to memory of 2432	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1848 wrote to memory of 2432	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1848 wrote to memory of 2432	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1848 wrote to memory of 1884	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1848 wrote to memory of 1884	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1848 wrote to memory of 1884	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1848 wrote to memory of 2836	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1848 wrote to memory of 2836	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1848 wrote to memory of 2836	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1848 wrote to memory of 1560	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1848 wrote to memory of 1560	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1848 wrote to memory of 1560	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1848 wrote to memory of 2828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1848 wrote to memory of 2828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1848 wrote to memory of 2828	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1848 wrote to memory of 2940	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1848 wrote to memory of 2940	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1848 wrote to memory of 2940	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1848 wrote to memory of 1536	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1848 wrote to memory of 1536	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1848 wrote to memory of 1536	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1848 wrote to memory of 2680	1848	2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_e38f5bf8d32bd1f5316b66231207d8ff_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\System\qYlZqMY.exe
  C:\Windows\System\qYlZqMY.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ugUCrRZ.exe
  C:\Windows\System\ugUCrRZ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\AvzFuQe.exe
  C:\Windows\System\AvzFuQe.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\jgEOHVm.exe
  C:\Windows\System\jgEOHVm.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\zWDDdvg.exe
  C:\Windows\System\zWDDdvg.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\aRmcCaM.exe
  C:\Windows\System\aRmcCaM.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\pxSSFNW.exe
  C:\Windows\System\pxSSFNW.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\PSxDjAc.exe
  C:\Windows\System\PSxDjAc.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\MKDCsXN.exe
  C:\Windows\System\MKDCsXN.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\UJUhXYB.exe
  C:\Windows\System\UJUhXYB.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\vwdbDrg.exe
  C:\Windows\System\vwdbDrg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\agWmdlh.exe
  C:\Windows\System\agWmdlh.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\iAlMPOR.exe
  C:\Windows\System\iAlMPOR.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\INFrqLw.exe
  C:\Windows\System\INFrqLw.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ovyMdhs.exe
  C:\Windows\System\ovyMdhs.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\SqPDsPo.exe
  C:\Windows\System\SqPDsPo.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\lopdFHX.exe
  C:\Windows\System\lopdFHX.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MMxCtHx.exe
  C:\Windows\System\MMxCtHx.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\BKaiaEY.exe
  C:\Windows\System\BKaiaEY.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\izfOnyQ.exe
  C:\Windows\System\izfOnyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QuvqsiN.exe
  C:\Windows\System\QuvqsiN.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\iQVJrUm.exe
  C:\Windows\System\iQVJrUm.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\EyzjKxz.exe
  C:\Windows\System\EyzjKxz.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\eFQfDVy.exe
  C:\Windows\System\eFQfDVy.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\quadrtN.exe
  C:\Windows\System\quadrtN.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\GZuznzB.exe
  C:\Windows\System\GZuznzB.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\wLTHEdA.exe
  C:\Windows\System\wLTHEdA.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\xZcgRJB.exe
  C:\Windows\System\xZcgRJB.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\ZldCJPb.exe
  C:\Windows\System\ZldCJPb.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\HkNJCcJ.exe
  C:\Windows\System\HkNJCcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\snSKDoa.exe
  C:\Windows\System\snSKDoa.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ZJDiwlI.exe
  C:\Windows\System\ZJDiwlI.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vdxiBfg.exe
  C:\Windows\System\vdxiBfg.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\DuykuGw.exe
  C:\Windows\System\DuykuGw.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\ZmMstSL.exe
  C:\Windows\System\ZmMstSL.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\LefFPTJ.exe
  C:\Windows\System\LefFPTJ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\rAucIrI.exe
  C:\Windows\System\rAucIrI.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\JvsWmOJ.exe
  C:\Windows\System\JvsWmOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\gBYlkMa.exe
  C:\Windows\System\gBYlkMa.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xkBsFkZ.exe
  C:\Windows\System\xkBsFkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\dBtptOj.exe
  C:\Windows\System\dBtptOj.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\jAwLJUQ.exe
  C:\Windows\System\jAwLJUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\xHcSsuU.exe
  C:\Windows\System\xHcSsuU.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\HujRtSO.exe
  C:\Windows\System\HujRtSO.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\uEKEnZO.exe
  C:\Windows\System\uEKEnZO.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\ARXIqPN.exe
  C:\Windows\System\ARXIqPN.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\hzckUYc.exe
  C:\Windows\System\hzckUYc.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\VhxdwjZ.exe
  C:\Windows\System\VhxdwjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\MgBswKf.exe
  C:\Windows\System\MgBswKf.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\pGkGmad.exe
  C:\Windows\System\pGkGmad.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\LfpoJQj.exe
  C:\Windows\System\LfpoJQj.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ZEgUIRm.exe
  C:\Windows\System\ZEgUIRm.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\pkNpWWc.exe
  C:\Windows\System\pkNpWWc.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\vcoenfs.exe
  C:\Windows\System\vcoenfs.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ddAaHlq.exe
  C:\Windows\System\ddAaHlq.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\YjwurBL.exe
  C:\Windows\System\YjwurBL.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\lfIaMvX.exe
  C:\Windows\System\lfIaMvX.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OePlZmJ.exe
  C:\Windows\System\OePlZmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\uoaSMOS.exe
  C:\Windows\System\uoaSMOS.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\FAJwSlY.exe
  C:\Windows\System\FAJwSlY.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\eoEgHOF.exe
  C:\Windows\System\eoEgHOF.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\gvilpoN.exe
  C:\Windows\System\gvilpoN.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\nikRziG.exe
  C:\Windows\System\nikRziG.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\iDHhQeM.exe
  C:\Windows\System\iDHhQeM.exe
  2⤵
  PID:2616
- C:\Windows\System\dtTsAPq.exe
  C:\Windows\System\dtTsAPq.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\wBnQXrK.exe
  C:\Windows\System\wBnQXrK.exe
  2⤵
  PID:2908
- C:\Windows\System\YuXcOzX.exe
  C:\Windows\System\YuXcOzX.exe
  2⤵
  PID:1452
- C:\Windows\System\IFLLsGP.exe
  C:\Windows\System\IFLLsGP.exe
  2⤵
  PID:1600
- C:\Windows\System\LZveCBn.exe
  C:\Windows\System\LZveCBn.exe
  2⤵
  PID:1372
- C:\Windows\System\JzhzYCV.exe
  C:\Windows\System\JzhzYCV.exe
  2⤵
  PID:2804
- C:\Windows\System\Anzenwr.exe
  C:\Windows\System\Anzenwr.exe
  2⤵
  PID:440
- C:\Windows\System\jlRIToH.exe
  C:\Windows\System\jlRIToH.exe
  2⤵
  PID:2688
- C:\Windows\System\AAtoUoY.exe
  C:\Windows\System\AAtoUoY.exe
  2⤵
  PID:1824
- C:\Windows\System\cxvGHbP.exe
  C:\Windows\System\cxvGHbP.exe
  2⤵
  PID:1872
- C:\Windows\System\PVkRNmj.exe
  C:\Windows\System\PVkRNmj.exe
  2⤵
  PID:892
- C:\Windows\System\QechlkE.exe
  C:\Windows\System\QechlkE.exe
  2⤵
  PID:2328
- C:\Windows\System\QQiRoyd.exe
  C:\Windows\System\QQiRoyd.exe
  2⤵
  PID:1852
- C:\Windows\System\yQPUctJ.exe
  C:\Windows\System\yQPUctJ.exe
  2⤵
  PID:1692
- C:\Windows\System\xAGhKFf.exe
  C:\Windows\System\xAGhKFf.exe
  2⤵
  PID:1492
- C:\Windows\System\nqOYLEP.exe
  C:\Windows\System\nqOYLEP.exe
  2⤵
  PID:1920
- C:\Windows\System\mJKPxrs.exe
  C:\Windows\System\mJKPxrs.exe
  2⤵
  PID:2052
- C:\Windows\System\tOsZXWS.exe
  C:\Windows\System\tOsZXWS.exe
  2⤵
  PID:1936
- C:\Windows\System\tlMhrla.exe
  C:\Windows\System\tlMhrla.exe
  2⤵
  PID:1596
- C:\Windows\System\aZwfQnf.exe
  C:\Windows\System\aZwfQnf.exe
  2⤵
  PID:1680
- C:\Windows\System\BSmmGXH.exe
  C:\Windows\System\BSmmGXH.exe
  2⤵
  PID:2676
- C:\Windows\System\bNXDCpr.exe
  C:\Windows\System\bNXDCpr.exe
  2⤵
  PID:2612
- C:\Windows\System\jPYgHzt.exe
  C:\Windows\System\jPYgHzt.exe
  2⤵
  PID:2540
- C:\Windows\System\YKXqNVs.exe
  C:\Windows\System\YKXqNVs.exe
  2⤵
  PID:2628
- C:\Windows\System\gBQsWBH.exe
  C:\Windows\System\gBQsWBH.exe
  2⤵
  PID:1984
- C:\Windows\System\SnqSPrn.exe
  C:\Windows\System\SnqSPrn.exe
  2⤵
  PID:1240
- C:\Windows\System\nDRLioQ.exe
  C:\Windows\System\nDRLioQ.exe
  2⤵
  PID:1644
- C:\Windows\System\SmRfgbF.exe
  C:\Windows\System\SmRfgbF.exe
  2⤵
  PID:1516
- C:\Windows\System\uSSBxLQ.exe
  C:\Windows\System\uSSBxLQ.exe
  2⤵
  PID:2240
- C:\Windows\System\UmfeIwy.exe
  C:\Windows\System\UmfeIwy.exe
  2⤵
  PID:2816
- C:\Windows\System\uDQjDZo.exe
  C:\Windows\System\uDQjDZo.exe
  2⤵
  PID:3000
- C:\Windows\System\slhfxJC.exe
  C:\Windows\System\slhfxJC.exe
  2⤵
  PID:1648
- C:\Windows\System\wTTJBjj.exe
  C:\Windows\System\wTTJBjj.exe
  2⤵
  PID:3016
- C:\Windows\System\LMqAyXf.exe
  C:\Windows\System\LMqAyXf.exe
  2⤵
  PID:1420
- C:\Windows\System\QbBlNAq.exe
  C:\Windows\System\QbBlNAq.exe
  2⤵
  PID:1288
- C:\Windows\System\pGeaWOc.exe
  C:\Windows\System\pGeaWOc.exe
  2⤵
  PID:3084
- C:\Windows\System\AOqrSaU.exe
  C:\Windows\System\AOqrSaU.exe
  2⤵
  PID:3108
- C:\Windows\System\VhrmaTw.exe
  C:\Windows\System\VhrmaTw.exe
  2⤵
  PID:3128
- C:\Windows\System\fNLEiDO.exe
  C:\Windows\System\fNLEiDO.exe
  2⤵
  PID:3148
- C:\Windows\System\ocpKpZG.exe
  C:\Windows\System\ocpKpZG.exe
  2⤵
  PID:3168
- C:\Windows\System\seZGFHA.exe
  C:\Windows\System\seZGFHA.exe
  2⤵
  PID:3188
- C:\Windows\System\sTCOzOB.exe
  C:\Windows\System\sTCOzOB.exe
  2⤵
  PID:3212
- C:\Windows\System\pLlDzgr.exe
  C:\Windows\System\pLlDzgr.exe
  2⤵
  PID:3232
- C:\Windows\System\cSCPxZg.exe
  C:\Windows\System\cSCPxZg.exe
  2⤵
  PID:3252
- C:\Windows\System\QZcaYXI.exe
  C:\Windows\System\QZcaYXI.exe
  2⤵
  PID:3272
- C:\Windows\System\VJTjoIV.exe
  C:\Windows\System\VJTjoIV.exe
  2⤵
  PID:3288
- C:\Windows\System\DUYjYZk.exe
  C:\Windows\System\DUYjYZk.exe
  2⤵
  PID:3308
- C:\Windows\System\jzbldQQ.exe
  C:\Windows\System\jzbldQQ.exe
  2⤵
  PID:3328
- C:\Windows\System\bVWXGPl.exe
  C:\Windows\System\bVWXGPl.exe
  2⤵
  PID:3348
- C:\Windows\System\zdgbwTE.exe
  C:\Windows\System\zdgbwTE.exe
  2⤵
  PID:3364
- C:\Windows\System\OabtZjr.exe
  C:\Windows\System\OabtZjr.exe
  2⤵
  PID:3388
- C:\Windows\System\bBcTETi.exe
  C:\Windows\System\bBcTETi.exe
  2⤵
  PID:3404
- C:\Windows\System\LzfIlsW.exe
  C:\Windows\System\LzfIlsW.exe
  2⤵
  PID:3420
- C:\Windows\System\xFaFIOG.exe
  C:\Windows\System\xFaFIOG.exe
  2⤵
  PID:3436
- C:\Windows\System\GlvJIWC.exe
  C:\Windows\System\GlvJIWC.exe
  2⤵
  PID:3456
- C:\Windows\System\ldsehXw.exe
  C:\Windows\System\ldsehXw.exe
  2⤵
  PID:3472
- C:\Windows\System\mcgbjaB.exe
  C:\Windows\System\mcgbjaB.exe
  2⤵
  PID:3496
- C:\Windows\System\RnOXaGD.exe
  C:\Windows\System\RnOXaGD.exe
  2⤵
  PID:3520
- C:\Windows\System\SHgmmyV.exe
  C:\Windows\System\SHgmmyV.exe
  2⤵
  PID:3552
- C:\Windows\System\xscataX.exe
  C:\Windows\System\xscataX.exe
  2⤵
  PID:3572
- C:\Windows\System\lHtIydH.exe
  C:\Windows\System\lHtIydH.exe
  2⤵
  PID:3588
- C:\Windows\System\LjydubJ.exe
  C:\Windows\System\LjydubJ.exe
  2⤵
  PID:3608
- C:\Windows\System\PyvDhRZ.exe
  C:\Windows\System\PyvDhRZ.exe
  2⤵
  PID:3628
- C:\Windows\System\heQmneR.exe
  C:\Windows\System\heQmneR.exe
  2⤵
  PID:3648
- C:\Windows\System\svlYfoq.exe
  C:\Windows\System\svlYfoq.exe
  2⤵
  PID:3668
- C:\Windows\System\zcEtymX.exe
  C:\Windows\System\zcEtymX.exe
  2⤵
  PID:3692
- C:\Windows\System\VMZrxPH.exe
  C:\Windows\System\VMZrxPH.exe
  2⤵
  PID:3712
- C:\Windows\System\nmDkSeX.exe
  C:\Windows\System\nmDkSeX.exe
  2⤵
  PID:3732
- C:\Windows\System\sLlIWMK.exe
  C:\Windows\System\sLlIWMK.exe
  2⤵
  PID:3748
- C:\Windows\System\mdXTVIB.exe
  C:\Windows\System\mdXTVIB.exe
  2⤵
  PID:3768
- C:\Windows\System\OwIvlBm.exe
  C:\Windows\System\OwIvlBm.exe
  2⤵
  PID:3788
- C:\Windows\System\YKaLOcO.exe
  C:\Windows\System\YKaLOcO.exe
  2⤵
  PID:3812
- C:\Windows\System\ZLbbQPA.exe
  C:\Windows\System\ZLbbQPA.exe
  2⤵
  PID:3828
- C:\Windows\System\hOthauI.exe
  C:\Windows\System\hOthauI.exe
  2⤵
  PID:3848
- C:\Windows\System\PVUZitt.exe
  C:\Windows\System\PVUZitt.exe
  2⤵
  PID:3868
- C:\Windows\System\QzFBSVW.exe
  C:\Windows\System\QzFBSVW.exe
  2⤵
  PID:3888
- C:\Windows\System\svhwczq.exe
  C:\Windows\System\svhwczq.exe
  2⤵
  PID:3912
- C:\Windows\System\aulqrFI.exe
  C:\Windows\System\aulqrFI.exe
  2⤵
  PID:3932
- C:\Windows\System\BRxkVnw.exe
  C:\Windows\System\BRxkVnw.exe
  2⤵
  PID:3952
- C:\Windows\System\lnwoOhZ.exe
  C:\Windows\System\lnwoOhZ.exe
  2⤵
  PID:3972
- C:\Windows\System\ulqCmCv.exe
  C:\Windows\System\ulqCmCv.exe
  2⤵
  PID:3992
- C:\Windows\System\WrcYhxy.exe
  C:\Windows\System\WrcYhxy.exe
  2⤵
  PID:4012
- C:\Windows\System\WmLPTWh.exe
  C:\Windows\System\WmLPTWh.exe
  2⤵
  PID:4028
- C:\Windows\System\eykGeiY.exe
  C:\Windows\System\eykGeiY.exe
  2⤵
  PID:4052
- C:\Windows\System\PUvBnUZ.exe
  C:\Windows\System\PUvBnUZ.exe
  2⤵
  PID:4072
- C:\Windows\System\qyYnGVF.exe
  C:\Windows\System\qyYnGVF.exe
  2⤵
  PID:4092
- C:\Windows\System\nhdJMyE.exe
  C:\Windows\System\nhdJMyE.exe
  2⤵
  PID:3024
- C:\Windows\System\ntvzyoO.exe
  C:\Windows\System\ntvzyoO.exe
  2⤵
  PID:2728
- C:\Windows\System\wQdzNfQ.exe
  C:\Windows\System\wQdzNfQ.exe
  2⤵
  PID:1860
- C:\Windows\System\BDwIRTZ.exe
  C:\Windows\System\BDwIRTZ.exe
  2⤵
  PID:668
- C:\Windows\System\eZWqKsb.exe
  C:\Windows\System\eZWqKsb.exe
  2⤵
  PID:2744
- C:\Windows\System\hIWIQLL.exe
  C:\Windows\System\hIWIQLL.exe
  2⤵
  PID:2500
- C:\Windows\System\sOdSHEg.exe
  C:\Windows\System\sOdSHEg.exe
  2⤵
  PID:2268
- C:\Windows\System\TJtVVmG.exe
  C:\Windows\System\TJtVVmG.exe
  2⤵
  PID:3040
- C:\Windows\System\IXXtbNx.exe
  C:\Windows\System\IXXtbNx.exe
  2⤵
  PID:2304
- C:\Windows\System\jDhYdhb.exe
  C:\Windows\System\jDhYdhb.exe
  2⤵
  PID:3012
- C:\Windows\System\chguutT.exe
  C:\Windows\System\chguutT.exe
  2⤵
  PID:1956
- C:\Windows\System\xIoKkkZ.exe
  C:\Windows\System\xIoKkkZ.exe
  2⤵
  PID:2448
- C:\Windows\System\vxIpTdc.exe
  C:\Windows\System\vxIpTdc.exe
  2⤵
  PID:3120
- C:\Windows\System\iLtcKiw.exe
  C:\Windows\System\iLtcKiw.exe
  2⤵
  PID:3196
- C:\Windows\System\dHGlGQT.exe
  C:\Windows\System\dHGlGQT.exe
  2⤵
  PID:3092
- C:\Windows\System\gXFWSyw.exe
  C:\Windows\System\gXFWSyw.exe
  2⤵
  PID:3140
- C:\Windows\System\lFmopfX.exe
  C:\Windows\System\lFmopfX.exe
  2⤵
  PID:3176
- C:\Windows\System\LfLvXLm.exe
  C:\Windows\System\LfLvXLm.exe
  2⤵
  PID:3228
- C:\Windows\System\JzgsJuL.exe
  C:\Windows\System\JzgsJuL.exe
  2⤵
  PID:3268
- C:\Windows\System\hXSqrha.exe
  C:\Windows\System\hXSqrha.exe
  2⤵
  PID:3316
- C:\Windows\System\NqsLRTV.exe
  C:\Windows\System\NqsLRTV.exe
  2⤵
  PID:3340
- C:\Windows\System\ohpduRg.exe
  C:\Windows\System\ohpduRg.exe
  2⤵
  PID:3432
- C:\Windows\System\dxkLXyO.exe
  C:\Windows\System\dxkLXyO.exe
  2⤵
  PID:3380
- C:\Windows\System\BOSIfnK.exe
  C:\Windows\System\BOSIfnK.exe
  2⤵
  PID:3480
- C:\Windows\System\saHqEEB.exe
  C:\Windows\System\saHqEEB.exe
  2⤵
  PID:3416
- C:\Windows\System\RwbMxhy.exe
  C:\Windows\System\RwbMxhy.exe
  2⤵
  PID:3536
- C:\Windows\System\EierRPl.exe
  C:\Windows\System\EierRPl.exe
  2⤵
  PID:3564
- C:\Windows\System\rDhYlEm.exe
  C:\Windows\System\rDhYlEm.exe
  2⤵
  PID:3584
- C:\Windows\System\GFgQkrP.exe
  C:\Windows\System\GFgQkrP.exe
  2⤵
  PID:3624
- C:\Windows\System\LrQqzbb.exe
  C:\Windows\System\LrQqzbb.exe
  2⤵
  PID:3688
- C:\Windows\System\GkmbIRE.exe
  C:\Windows\System\GkmbIRE.exe
  2⤵
  PID:3664
- C:\Windows\System\OnvNruR.exe
  C:\Windows\System\OnvNruR.exe
  2⤵
  PID:3760
- C:\Windows\System\yRGJSBo.exe
  C:\Windows\System\yRGJSBo.exe
  2⤵
  PID:3700
- C:\Windows\System\SxpZCpA.exe
  C:\Windows\System\SxpZCpA.exe
  2⤵
  PID:3780
- C:\Windows\System\ShXNfrQ.exe
  C:\Windows\System\ShXNfrQ.exe
  2⤵
  PID:3836
- C:\Windows\System\CWbZiit.exe
  C:\Windows\System\CWbZiit.exe
  2⤵
  PID:3864
- C:\Windows\System\pUbRQep.exe
  C:\Windows\System\pUbRQep.exe
  2⤵
  PID:3920
- C:\Windows\System\vfLFNFH.exe
  C:\Windows\System\vfLFNFH.exe
  2⤵
  PID:3964
- C:\Windows\System\JcsrkoG.exe
  C:\Windows\System\JcsrkoG.exe
  2⤵
  PID:3900
- C:\Windows\System\eYxKpgP.exe
  C:\Windows\System\eYxKpgP.exe
  2⤵
  PID:3944
- C:\Windows\System\eGpNfFu.exe
  C:\Windows\System\eGpNfFu.exe
  2⤵
  PID:4036
- C:\Windows\System\JvHGwiL.exe
  C:\Windows\System\JvHGwiL.exe
  2⤵
  PID:4040
- C:\Windows\System\RRSFWrz.exe
  C:\Windows\System\RRSFWrz.exe
  2⤵
  PID:2596
- C:\Windows\System\LBOhrCD.exe
  C:\Windows\System\LBOhrCD.exe
  2⤵
  PID:2524
- C:\Windows\System\DPxczWP.exe
  C:\Windows\System\DPxczWP.exe
  2⤵
  PID:1756
- C:\Windows\System\KiOrULw.exe
  C:\Windows\System\KiOrULw.exe
  2⤵
  PID:2444
- C:\Windows\System\GOdmIuF.exe
  C:\Windows\System\GOdmIuF.exe
  2⤵
  PID:1092
- C:\Windows\System\XAtsYcS.exe
  C:\Windows\System\XAtsYcS.exe
  2⤵
  PID:1304
- C:\Windows\System\jypGkFi.exe
  C:\Windows\System\jypGkFi.exe
  2⤵
  PID:1488
- C:\Windows\System\pWpKzjk.exe
  C:\Windows\System\pWpKzjk.exe
  2⤵
  PID:2576
- C:\Windows\System\WCUkBlJ.exe
  C:\Windows\System\WCUkBlJ.exe
  2⤵
  PID:3116
- C:\Windows\System\HBkILNV.exe
  C:\Windows\System\HBkILNV.exe
  2⤵
  PID:3104
- C:\Windows\System\wDVVNDL.exe
  C:\Windows\System\wDVVNDL.exe
  2⤵
  PID:3304
- C:\Windows\System\oRCzDNh.exe
  C:\Windows\System\oRCzDNh.exe
  2⤵
  PID:3396
- C:\Windows\System\IbuHfcm.exe
  C:\Windows\System\IbuHfcm.exe
  2⤵
  PID:3508
- C:\Windows\System\VBuhSag.exe
  C:\Windows\System\VBuhSag.exe
  2⤵
  PID:3344
- C:\Windows\System\vSwgjPv.exe
  C:\Windows\System\vSwgjPv.exe
  2⤵
  PID:3548
- C:\Windows\System\UyqjWWg.exe
  C:\Windows\System\UyqjWWg.exe
  2⤵
  PID:3492
- C:\Windows\System\MSyDnCU.exe
  C:\Windows\System\MSyDnCU.exe
  2⤵
  PID:3540
- C:\Windows\System\PxaKFom.exe
  C:\Windows\System\PxaKFom.exe
  2⤵
  PID:3728
- C:\Windows\System\sdYxlQr.exe
  C:\Windows\System\sdYxlQr.exe
  2⤵
  PID:3708
- C:\Windows\System\DYEGIbH.exe
  C:\Windows\System\DYEGIbH.exe
  2⤵
  PID:3616
- C:\Windows\System\WxdjzyT.exe
  C:\Windows\System\WxdjzyT.exe
  2⤵
  PID:3744
- C:\Windows\System\sYBDara.exe
  C:\Windows\System\sYBDara.exe
  2⤵
  PID:3860
- C:\Windows\System\vjCYeMs.exe
  C:\Windows\System\vjCYeMs.exe
  2⤵
  PID:3968
- C:\Windows\System\CSyAisQ.exe
  C:\Windows\System\CSyAisQ.exe
  2⤵
  PID:3820
- C:\Windows\System\DnuUtXq.exe
  C:\Windows\System\DnuUtXq.exe
  2⤵
  PID:4024
- C:\Windows\System\yNbqXrv.exe
  C:\Windows\System\yNbqXrv.exe
  2⤵
  PID:2176
- C:\Windows\System\OpExFQC.exe
  C:\Windows\System\OpExFQC.exe
  2⤵
  PID:2204
- C:\Windows\System\jJHShZO.exe
  C:\Windows\System\jJHShZO.exe
  2⤵
  PID:4100
- C:\Windows\System\mhJeodw.exe
  C:\Windows\System\mhJeodw.exe
  2⤵
  PID:4116
- C:\Windows\System\scuZMue.exe
  C:\Windows\System\scuZMue.exe
  2⤵
  PID:4140
- C:\Windows\System\wXcswKf.exe
  C:\Windows\System\wXcswKf.exe
  2⤵
  PID:4168
- C:\Windows\System\DDasjhQ.exe
  C:\Windows\System\DDasjhQ.exe
  2⤵
  PID:4200
- C:\Windows\System\qHhbflZ.exe
  C:\Windows\System\qHhbflZ.exe
  2⤵
  PID:4232
- C:\Windows\System\SazwFOb.exe
  C:\Windows\System\SazwFOb.exe
  2⤵
  PID:4252
- C:\Windows\System\bWUkwLC.exe
  C:\Windows\System\bWUkwLC.exe
  2⤵
  PID:4272
- C:\Windows\System\GQwHqVq.exe
  C:\Windows\System\GQwHqVq.exe
  2⤵
  PID:4288
- C:\Windows\System\jxFqGXK.exe
  C:\Windows\System\jxFqGXK.exe
  2⤵
  PID:4304
- C:\Windows\System\CajIvnG.exe
  C:\Windows\System\CajIvnG.exe
  2⤵
  PID:4324
- C:\Windows\System\dtJhwmO.exe
  C:\Windows\System\dtJhwmO.exe
  2⤵
  PID:4348
- C:\Windows\System\OTrcHFO.exe
  C:\Windows\System\OTrcHFO.exe
  2⤵
  PID:4372
- C:\Windows\System\NsjnfyD.exe
  C:\Windows\System\NsjnfyD.exe
  2⤵
  PID:4392
- C:\Windows\System\WSYAmof.exe
  C:\Windows\System\WSYAmof.exe
  2⤵
  PID:4408
- C:\Windows\System\zPIzBWH.exe
  C:\Windows\System\zPIzBWH.exe
  2⤵
  PID:4424
- C:\Windows\System\LhrJAoC.exe
  C:\Windows\System\LhrJAoC.exe
  2⤵
  PID:4440
- C:\Windows\System\HWqLRNo.exe
  C:\Windows\System\HWqLRNo.exe
  2⤵
  PID:4460
- C:\Windows\System\rPBCfHy.exe
  C:\Windows\System\rPBCfHy.exe
  2⤵
  PID:4476
- C:\Windows\System\ojBquhR.exe
  C:\Windows\System\ojBquhR.exe
  2⤵
  PID:4492
- C:\Windows\System\wvlbbCw.exe
  C:\Windows\System\wvlbbCw.exe
  2⤵
  PID:4508
- C:\Windows\System\MLWDJBe.exe
  C:\Windows\System\MLWDJBe.exe
  2⤵
  PID:4524
- C:\Windows\System\zyYXBGw.exe
  C:\Windows\System\zyYXBGw.exe
  2⤵
  PID:4544
- C:\Windows\System\mRVPSSr.exe
  C:\Windows\System\mRVPSSr.exe
  2⤵
  PID:4580
- C:\Windows\System\upImslG.exe
  C:\Windows\System\upImslG.exe
  2⤵
  PID:4624
- C:\Windows\System\lDflpPy.exe
  C:\Windows\System\lDflpPy.exe
  2⤵
  PID:4640
- C:\Windows\System\FUktmhi.exe
  C:\Windows\System\FUktmhi.exe
  2⤵
  PID:4660
- C:\Windows\System\RpgqFmE.exe
  C:\Windows\System\RpgqFmE.exe
  2⤵
  PID:4680
- C:\Windows\System\kPkvNLQ.exe
  C:\Windows\System\kPkvNLQ.exe
  2⤵
  PID:4696
- C:\Windows\System\sGGQPDt.exe
  C:\Windows\System\sGGQPDt.exe
  2⤵
  PID:4712
- C:\Windows\System\KrZOgKr.exe
  C:\Windows\System\KrZOgKr.exe
  2⤵
  PID:4728
- C:\Windows\System\KLQDgyM.exe
  C:\Windows\System\KLQDgyM.exe
  2⤵
  PID:4752
- C:\Windows\System\JXZNiKN.exe
  C:\Windows\System\JXZNiKN.exe
  2⤵
  PID:4776
- C:\Windows\System\tnxpEXX.exe
  C:\Windows\System\tnxpEXX.exe
  2⤵
  PID:4800
- C:\Windows\System\rhwkfwv.exe
  C:\Windows\System\rhwkfwv.exe
  2⤵
  PID:4820
- C:\Windows\System\TGmZLsd.exe
  C:\Windows\System\TGmZLsd.exe
  2⤵
  PID:4840
- C:\Windows\System\xmDVYyw.exe
  C:\Windows\System\xmDVYyw.exe
  2⤵
  PID:4856
- C:\Windows\System\QLrcqUy.exe
  C:\Windows\System\QLrcqUy.exe
  2⤵
  PID:4872
- C:\Windows\System\fYKEstf.exe
  C:\Windows\System\fYKEstf.exe
  2⤵
  PID:4888
- C:\Windows\System\FxWZPqr.exe
  C:\Windows\System\FxWZPqr.exe
  2⤵
  PID:4908
- C:\Windows\System\jboSyHC.exe
  C:\Windows\System\jboSyHC.exe
  2⤵
  PID:4932
- C:\Windows\System\MEqWkNE.exe
  C:\Windows\System\MEqWkNE.exe
  2⤵
  PID:4964
- C:\Windows\System\yKDCnnM.exe
  C:\Windows\System\yKDCnnM.exe
  2⤵
  PID:4984
- C:\Windows\System\LUFWsCI.exe
  C:\Windows\System\LUFWsCI.exe
  2⤵
  PID:5000
- C:\Windows\System\rjxMrDp.exe
  C:\Windows\System\rjxMrDp.exe
  2⤵
  PID:5016
- C:\Windows\System\ZFVxCxV.exe
  C:\Windows\System\ZFVxCxV.exe
  2⤵
  PID:5032
- C:\Windows\System\wjoaQoN.exe
  C:\Windows\System\wjoaQoN.exe
  2⤵
  PID:5052
- C:\Windows\System\BWosLyF.exe
  C:\Windows\System\BWosLyF.exe
  2⤵
  PID:5072
- C:\Windows\System\aqqVNKx.exe
  C:\Windows\System\aqqVNKx.exe
  2⤵
  PID:5096
- C:\Windows\System\cWQFgBa.exe
  C:\Windows\System\cWQFgBa.exe
  2⤵
  PID:5116
- C:\Windows\System\LUvWKqe.exe
  C:\Windows\System\LUvWKqe.exe
  2⤵
  PID:3984
- C:\Windows\System\cLvVThD.exe
  C:\Windows\System\cLvVThD.exe
  2⤵
  PID:4080
- C:\Windows\System\DwDxmXl.exe
  C:\Windows\System\DwDxmXl.exe
  2⤵
  PID:4088
- C:\Windows\System\ubSUFVW.exe
  C:\Windows\System\ubSUFVW.exe
  2⤵
  PID:3488
- C:\Windows\System\JSifcQa.exe
  C:\Windows\System\JSifcQa.exe
  2⤵
  PID:3636
- C:\Windows\System\rTXNySI.exe
  C:\Windows\System\rTXNySI.exe
  2⤵
  PID:2552
- C:\Windows\System\AOUDPaT.exe
  C:\Windows\System\AOUDPaT.exe
  2⤵
  PID:3804
- C:\Windows\System\GDwFdQg.exe
  C:\Windows\System\GDwFdQg.exe
  2⤵
  PID:2912
- C:\Windows\System\JdSAweU.exe
  C:\Windows\System\JdSAweU.exe
  2⤵
  PID:3300
- C:\Windows\System\dRGkRgG.exe
  C:\Windows\System\dRGkRgG.exe
  2⤵
  PID:2180
- C:\Windows\System\jRePZgy.exe
  C:\Windows\System\jRePZgy.exe
  2⤵
  PID:4124
- C:\Windows\System\ZiXWOBx.exe
  C:\Windows\System\ZiXWOBx.exe
  2⤵
  PID:3284
- C:\Windows\System\nZcSqLo.exe
  C:\Windows\System\nZcSqLo.exe
  2⤵
  PID:3512
- C:\Windows\System\LvHOmzJ.exe
  C:\Windows\System\LvHOmzJ.exe
  2⤵
  PID:3940
- C:\Windows\System\YLHxyJX.exe
  C:\Windows\System\YLHxyJX.exe
  2⤵
  PID:4188
- C:\Windows\System\IxiycaQ.exe
  C:\Windows\System\IxiycaQ.exe
  2⤵
  PID:4248
- C:\Windows\System\VXnJTRV.exe
  C:\Windows\System\VXnJTRV.exe
  2⤵
  PID:4312
- C:\Windows\System\PACAOWC.exe
  C:\Windows\System\PACAOWC.exe
  2⤵
  PID:4364
- C:\Windows\System\ndtChGJ.exe
  C:\Windows\System\ndtChGJ.exe
  2⤵
  PID:4112
- C:\Windows\System\zlCWhsR.exe
  C:\Windows\System\zlCWhsR.exe
  2⤵
  PID:3908
- C:\Windows\System\RWAYcTN.exe
  C:\Windows\System\RWAYcTN.exe
  2⤵
  PID:3656
- C:\Windows\System\cFCnoIr.exe
  C:\Windows\System\cFCnoIr.exe
  2⤵
  PID:4224
- C:\Windows\System\MpPDPWJ.exe
  C:\Windows\System\MpPDPWJ.exe
  2⤵
  PID:4400
- C:\Windows\System\uWNSXBk.exe
  C:\Windows\System\uWNSXBk.exe
  2⤵
  PID:4540
- C:\Windows\System\yIFbAjl.exe
  C:\Windows\System\yIFbAjl.exe
  2⤵
  PID:4388
- C:\Windows\System\ApLHsOX.exe
  C:\Windows\System\ApLHsOX.exe
  2⤵
  PID:4520
- C:\Windows\System\rGYTGzF.exe
  C:\Windows\System\rGYTGzF.exe
  2⤵
  PID:4604
- C:\Windows\System\LKyrMZd.exe
  C:\Windows\System\LKyrMZd.exe
  2⤵
  PID:4484
- C:\Windows\System\peUhUjD.exe
  C:\Windows\System\peUhUjD.exe
  2⤵
  PID:4380
- C:\Windows\System\cZyVpNZ.exe
  C:\Windows\System\cZyVpNZ.exe
  2⤵
  PID:4616
- C:\Windows\System\kxCreVm.exe
  C:\Windows\System\kxCreVm.exe
  2⤵
  PID:4688
- C:\Windows\System\SiRrdUy.exe
  C:\Windows\System\SiRrdUy.exe
  2⤵
  PID:4764
- C:\Windows\System\wYkFjqz.exe
  C:\Windows\System\wYkFjqz.exe
  2⤵
  PID:4768
- C:\Windows\System\jkskzYW.exe
  C:\Windows\System\jkskzYW.exe
  2⤵
  PID:4676
- C:\Windows\System\gDgcAoa.exe
  C:\Windows\System\gDgcAoa.exe
  2⤵
  PID:4748
- C:\Windows\System\GUVytMJ.exe
  C:\Windows\System\GUVytMJ.exe
  2⤵
  PID:4704
- C:\Windows\System\bQkhHvx.exe
  C:\Windows\System\bQkhHvx.exe
  2⤵
  PID:4784
- C:\Windows\System\rPxCWCa.exe
  C:\Windows\System\rPxCWCa.exe
  2⤵
  PID:4920
- C:\Windows\System\orrotFf.exe
  C:\Windows\System\orrotFf.exe
  2⤵
  PID:4976
- C:\Windows\System\BAFCghr.exe
  C:\Windows\System\BAFCghr.exe
  2⤵
  PID:4792
- C:\Windows\System\XSgXpmx.exe
  C:\Windows\System\XSgXpmx.exe
  2⤵
  PID:3240
- C:\Windows\System\flGNQlt.exe
  C:\Windows\System\flGNQlt.exe
  2⤵
  PID:3200
- C:\Windows\System\mwRwLtj.exe
  C:\Windows\System\mwRwLtj.exe
  2⤵
  PID:3528
- C:\Windows\System\BIZBAEf.exe
  C:\Windows\System\BIZBAEf.exe
  2⤵
  PID:4280
- C:\Windows\System\EblKhmE.exe
  C:\Windows\System\EblKhmE.exe
  2⤵
  PID:4284
- C:\Windows\System\zZiUnOm.exe
  C:\Windows\System\zZiUnOm.exe
  2⤵
  PID:4832
- C:\Windows\System\IHfHbxd.exe
  C:\Windows\System\IHfHbxd.exe
  2⤵
  PID:4952
- C:\Windows\System\PtAeIOF.exe
  C:\Windows\System\PtAeIOF.exe
  2⤵
  PID:5024
- C:\Windows\System\KqLkzpc.exe
  C:\Windows\System\KqLkzpc.exe
  2⤵
  PID:4156
- C:\Windows\System\vbPWTAC.exe
  C:\Windows\System\vbPWTAC.exe
  2⤵
  PID:3928
- C:\Windows\System\ZEskCrQ.exe
  C:\Windows\System\ZEskCrQ.exe
  2⤵
  PID:3428
- C:\Windows\System\WBTvaoe.exe
  C:\Windows\System\WBTvaoe.exe
  2⤵
  PID:3980
- C:\Windows\System\sZgSOAu.exe
  C:\Windows\System\sZgSOAu.exe
  2⤵
  PID:924
- C:\Windows\System\oZJRSmm.exe
  C:\Windows\System\oZJRSmm.exe
  2⤵
  PID:4296
- C:\Windows\System\igDvphS.exe
  C:\Windows\System\igDvphS.exe
  2⤵
  PID:4600
- C:\Windows\System\vQRmnMC.exe
  C:\Windows\System\vQRmnMC.exe
  2⤵
  PID:4416
- C:\Windows\System\nRVBTLc.exe
  C:\Windows\System\nRVBTLc.exe
  2⤵
  PID:1320
- C:\Windows\System\FflicCX.exe
  C:\Windows\System\FflicCX.exe
  2⤵
  PID:4316
- C:\Windows\System\hfwxJEG.exe
  C:\Windows\System\hfwxJEG.exe
  2⤵
  PID:3444
- C:\Windows\System\zheMljW.exe
  C:\Windows\System\zheMljW.exe
  2⤵
  PID:4432
- C:\Windows\System\LjWCmDB.exe
  C:\Windows\System\LjWCmDB.exe
  2⤵
  PID:4504
- C:\Windows\System\IYxyDlb.exe
  C:\Windows\System\IYxyDlb.exe
  2⤵
  PID:4652
- C:\Windows\System\CYGxfiz.exe
  C:\Windows\System\CYGxfiz.exe
  2⤵
  PID:4636
- C:\Windows\System\lDoCkSJ.exe
  C:\Windows\System\lDoCkSJ.exe
  2⤵
  PID:4884
- C:\Windows\System\LvYgeMa.exe
  C:\Windows\System\LvYgeMa.exe
  2⤵
  PID:4724
- C:\Windows\System\UJlTrpZ.exe
  C:\Windows\System\UJlTrpZ.exe
  2⤵
  PID:5048
- C:\Windows\System\joROMIr.exe
  C:\Windows\System\joROMIr.exe
  2⤵
  PID:3164
- C:\Windows\System\hsJrsOG.exe
  C:\Windows\System\hsJrsOG.exe
  2⤵
  PID:4916
- C:\Windows\System\IJzrJLR.exe
  C:\Windows\System\IJzrJLR.exe
  2⤵
  PID:4720
- C:\Windows\System\CKzRebJ.exe
  C:\Windows\System\CKzRebJ.exe
  2⤵
  PID:2348
- C:\Windows\System\TUbpaHs.exe
  C:\Windows\System\TUbpaHs.exe
  2⤵
  PID:2384
- C:\Windows\System\WrWFaOF.exe
  C:\Windows\System\WrWFaOF.exe
  2⤵
  PID:4944
- C:\Windows\System\MLiLagT.exe
  C:\Windows\System\MLiLagT.exe
  2⤵
  PID:4368
- C:\Windows\System\iLOdVDi.exe
  C:\Windows\System\iLOdVDi.exe
  2⤵
  PID:5112
- C:\Windows\System\PCnmiwb.exe
  C:\Windows\System\PCnmiwb.exe
  2⤵
  PID:5108
- C:\Windows\System\xmEZPuH.exe
  C:\Windows\System\xmEZPuH.exe
  2⤵
  PID:4996
- C:\Windows\System\tkziBbR.exe
  C:\Windows\System\tkziBbR.exe
  2⤵
  PID:4340
- C:\Windows\System\VwZfbEX.exe
  C:\Windows\System\VwZfbEX.exe
  2⤵
  PID:3764
- C:\Windows\System\vtTkjDG.exe
  C:\Windows\System\vtTkjDG.exe
  2⤵
  PID:3604
- C:\Windows\System\QLZBDXj.exe
  C:\Windows\System\QLZBDXj.exe
  2⤵
  PID:4468
- C:\Windows\System\vSsHvJF.exe
  C:\Windows\System\vSsHvJF.exe
  2⤵
  PID:5136
- C:\Windows\System\EMPSckY.exe
  C:\Windows\System\EMPSckY.exe
  2⤵
  PID:5152
- C:\Windows\System\EGpUEWt.exe
  C:\Windows\System\EGpUEWt.exe
  2⤵
  PID:5168
- C:\Windows\System\uPqKwou.exe
  C:\Windows\System\uPqKwou.exe
  2⤵
  PID:5192
- C:\Windows\System\ksrUWAG.exe
  C:\Windows\System\ksrUWAG.exe
  2⤵
  PID:5244
- C:\Windows\System\JOmQWKc.exe
  C:\Windows\System\JOmQWKc.exe
  2⤵
  PID:5264
- C:\Windows\System\xGJppwW.exe
  C:\Windows\System\xGJppwW.exe
  2⤵
  PID:5280
- C:\Windows\System\xxfaMoC.exe
  C:\Windows\System\xxfaMoC.exe
  2⤵
  PID:5300
- C:\Windows\System\RLCmyIa.exe
  C:\Windows\System\RLCmyIa.exe
  2⤵
  PID:5316
- C:\Windows\System\BZsLMtB.exe
  C:\Windows\System\BZsLMtB.exe
  2⤵
  PID:5348
- C:\Windows\System\XLPicNE.exe
  C:\Windows\System\XLPicNE.exe
  2⤵
  PID:5368
- C:\Windows\System\MfRcTuN.exe
  C:\Windows\System\MfRcTuN.exe
  2⤵
  PID:5388
- C:\Windows\System\UldmoWn.exe
  C:\Windows\System\UldmoWn.exe
  2⤵
  PID:5408
- C:\Windows\System\fuKfWoy.exe
  C:\Windows\System\fuKfWoy.exe
  2⤵
  PID:5428
- C:\Windows\System\MxvJVvC.exe
  C:\Windows\System\MxvJVvC.exe
  2⤵
  PID:5448
- C:\Windows\System\eQBdkfv.exe
  C:\Windows\System\eQBdkfv.exe
  2⤵
  PID:5468
- C:\Windows\System\AdbBIvd.exe
  C:\Windows\System\AdbBIvd.exe
  2⤵
  PID:5484
- C:\Windows\System\zeeDudp.exe
  C:\Windows\System\zeeDudp.exe
  2⤵
  PID:5504
- C:\Windows\System\kmpVHdv.exe
  C:\Windows\System\kmpVHdv.exe
  2⤵
  PID:5524
- C:\Windows\System\zlNVyie.exe
  C:\Windows\System\zlNVyie.exe
  2⤵
  PID:5540
- C:\Windows\System\BweLbMC.exe
  C:\Windows\System\BweLbMC.exe
  2⤵
  PID:5560
- C:\Windows\System\wYOXZWp.exe
  C:\Windows\System\wYOXZWp.exe
  2⤵
  PID:5584
- C:\Windows\System\FFCmDQq.exe
  C:\Windows\System\FFCmDQq.exe
  2⤵
  PID:5608
- C:\Windows\System\BQxCiPw.exe
  C:\Windows\System\BQxCiPw.exe
  2⤵
  PID:5624
- C:\Windows\System\oYEntFC.exe
  C:\Windows\System\oYEntFC.exe
  2⤵
  PID:5644
- C:\Windows\System\jNYkDqf.exe
  C:\Windows\System\jNYkDqf.exe
  2⤵
  PID:5664
- C:\Windows\System\tGEdffe.exe
  C:\Windows\System\tGEdffe.exe
  2⤵
  PID:5688
- C:\Windows\System\xZnbyDz.exe
  C:\Windows\System\xZnbyDz.exe
  2⤵
  PID:5708
- C:\Windows\System\KQqKxOV.exe
  C:\Windows\System\KQqKxOV.exe
  2⤵
  PID:5728
- C:\Windows\System\wwicFiw.exe
  C:\Windows\System\wwicFiw.exe
  2⤵
  PID:5748
- C:\Windows\System\TbRVhvC.exe
  C:\Windows\System\TbRVhvC.exe
  2⤵
  PID:5764
- C:\Windows\System\MYASNpm.exe
  C:\Windows\System\MYASNpm.exe
  2⤵
  PID:5780
- C:\Windows\System\kjFsvJv.exe
  C:\Windows\System\kjFsvJv.exe
  2⤵
  PID:5804
- C:\Windows\System\qLsEDTE.exe
  C:\Windows\System\qLsEDTE.exe
  2⤵
  PID:5824
- C:\Windows\System\fHEVLvU.exe
  C:\Windows\System\fHEVLvU.exe
  2⤵
  PID:5848
- C:\Windows\System\XzfsXdU.exe
  C:\Windows\System\XzfsXdU.exe
  2⤵
  PID:5868
- C:\Windows\System\xkwTgUB.exe
  C:\Windows\System\xkwTgUB.exe
  2⤵
  PID:5888
- C:\Windows\System\ALZIoKN.exe
  C:\Windows\System\ALZIoKN.exe
  2⤵
  PID:5908
- C:\Windows\System\YOxFJho.exe
  C:\Windows\System\YOxFJho.exe
  2⤵
  PID:5928
- C:\Windows\System\HCyRVfL.exe
  C:\Windows\System\HCyRVfL.exe
  2⤵
  PID:5948
- C:\Windows\System\coeKPOG.exe
  C:\Windows\System\coeKPOG.exe
  2⤵
  PID:5968
- C:\Windows\System\KlVUFgo.exe
  C:\Windows\System\KlVUFgo.exe
  2⤵
  PID:5988
- C:\Windows\System\BBLJGEb.exe
  C:\Windows\System\BBLJGEb.exe
  2⤵
  PID:6008
- C:\Windows\System\bouEXjU.exe
  C:\Windows\System\bouEXjU.exe
  2⤵
  PID:6028
- C:\Windows\System\exWnEKx.exe
  C:\Windows\System\exWnEKx.exe
  2⤵
  PID:6048
- C:\Windows\System\ikYzakU.exe
  C:\Windows\System\ikYzakU.exe
  2⤵
  PID:6068
- C:\Windows\System\BSCSzYv.exe
  C:\Windows\System\BSCSzYv.exe
  2⤵
  PID:6084
- C:\Windows\System\vSNaynU.exe
  C:\Windows\System\vSNaynU.exe
  2⤵
  PID:6104
- C:\Windows\System\qmQSzcT.exe
  C:\Windows\System\qmQSzcT.exe
  2⤵
  PID:6128
- C:\Windows\System\azSywfV.exe
  C:\Windows\System\azSywfV.exe
  2⤵
  PID:4500
- C:\Windows\System\HaJqtOw.exe
  C:\Windows\System\HaJqtOw.exe
  2⤵
  PID:4980
- C:\Windows\System\UhYPjdb.exe
  C:\Windows\System\UhYPjdb.exe
  2⤵
  PID:2484
- C:\Windows\System\YmOedjg.exe
  C:\Windows\System\YmOedjg.exe
  2⤵
  PID:2840
- C:\Windows\System\RAdvIJi.exe
  C:\Windows\System\RAdvIJi.exe
  2⤵
  PID:4220
- C:\Windows\System\pyWoifH.exe
  C:\Windows\System\pyWoifH.exe
  2⤵
  PID:4708
- C:\Windows\System\imdZBkW.exe
  C:\Windows\System\imdZBkW.exe
  2⤵
  PID:4668
- C:\Windows\System\OlmfQUE.exe
  C:\Windows\System\OlmfQUE.exe
  2⤵
  PID:4744
- C:\Windows\System\RCVDprM.exe
  C:\Windows\System\RCVDprM.exe
  2⤵
  PID:4904
- C:\Windows\System\leGgyhQ.exe
  C:\Windows\System\leGgyhQ.exe
  2⤵
  PID:3904
- C:\Windows\System\sFcptQm.exe
  C:\Windows\System\sFcptQm.exe
  2⤵
  PID:3468
- C:\Windows\System\XoflyTK.exe
  C:\Windows\System\XoflyTK.exe
  2⤵
  PID:4184
- C:\Windows\System\DanLZQl.exe
  C:\Windows\System\DanLZQl.exe
  2⤵
  PID:5160
- C:\Windows\System\hvWVOIC.exe
  C:\Windows\System\hvWVOIC.exe
  2⤵
  PID:5208
- C:\Windows\System\cAKSYom.exe
  C:\Windows\System\cAKSYom.exe
  2⤵
  PID:5228
- C:\Windows\System\hxMqzkS.exe
  C:\Windows\System\hxMqzkS.exe
  2⤵
  PID:5180
- C:\Windows\System\ElkIXri.exe
  C:\Windows\System\ElkIXri.exe
  2⤵
  PID:5064
- C:\Windows\System\WUsBzKh.exe
  C:\Windows\System\WUsBzKh.exe
  2⤵
  PID:4596
- C:\Windows\System\cNuzjjx.exe
  C:\Windows\System\cNuzjjx.exe
  2⤵
  PID:5144
- C:\Windows\System\IVTXHSj.exe
  C:\Windows\System\IVTXHSj.exe
  2⤵
  PID:5272
- C:\Windows\System\jlPRXId.exe
  C:\Windows\System\jlPRXId.exe
  2⤵
  PID:2604
- C:\Windows\System\ETKnndt.exe
  C:\Windows\System\ETKnndt.exe
  2⤵
  PID:5324
- C:\Windows\System\JeWYbrr.exe
  C:\Windows\System\JeWYbrr.exe
  2⤵
  PID:5344
- C:\Windows\System\PyDTRwF.exe
  C:\Windows\System\PyDTRwF.exe
  2⤵
  PID:1256
- C:\Windows\System\ROSnmyF.exe
  C:\Windows\System\ROSnmyF.exe
  2⤵
  PID:5380
- C:\Windows\System\huMjgzL.exe
  C:\Windows\System\huMjgzL.exe
  2⤵
  PID:2656
- C:\Windows\System\UoXDaxK.exe
  C:\Windows\System\UoXDaxK.exe
  2⤵
  PID:5420
- C:\Windows\System\PKjpOyH.exe
  C:\Windows\System\PKjpOyH.exe
  2⤵
  PID:1652
- C:\Windows\System\mNrTbvv.exe
  C:\Windows\System\mNrTbvv.exe
  2⤵
  PID:5492
- C:\Windows\System\eNFEkgh.exe
  C:\Windows\System\eNFEkgh.exe
  2⤵
  PID:5552
- C:\Windows\System\eEQvqic.exe
  C:\Windows\System\eEQvqic.exe
  2⤵
  PID:5536
- C:\Windows\System\qOhLpil.exe
  C:\Windows\System\qOhLpil.exe
  2⤵
  PID:5596
- C:\Windows\System\fjnaNYN.exe
  C:\Windows\System\fjnaNYN.exe
  2⤵
  PID:5600
- C:\Windows\System\NnUpVbE.exe
  C:\Windows\System\NnUpVbE.exe
  2⤵
  PID:5660
- C:\Windows\System\nirJzmE.exe
  C:\Windows\System\nirJzmE.exe
  2⤵
  PID:5700
- C:\Windows\System\SuWETiT.exe
  C:\Windows\System\SuWETiT.exe
  2⤵
  PID:5736
- C:\Windows\System\ualjuug.exe
  C:\Windows\System\ualjuug.exe
  2⤵
  PID:5800
- C:\Windows\System\ccRiNIa.exe
  C:\Windows\System\ccRiNIa.exe
  2⤵
  PID:5836
- C:\Windows\System\qlHJjJw.exe
  C:\Windows\System\qlHJjJw.exe
  2⤵
  PID:5776
- C:\Windows\System\LSArWeY.exe
  C:\Windows\System\LSArWeY.exe
  2⤵
  PID:5856
- C:\Windows\System\FqBNsOL.exe
  C:\Windows\System\FqBNsOL.exe
  2⤵
  PID:5864
- C:\Windows\System\dCgkGxp.exe
  C:\Windows\System\dCgkGxp.exe
  2⤵
  PID:5960
- C:\Windows\System\rHdxAZd.exe
  C:\Windows\System\rHdxAZd.exe
  2⤵
  PID:5936
- C:\Windows\System\hTdkgup.exe
  C:\Windows\System\hTdkgup.exe
  2⤵
  PID:6044
- C:\Windows\System\bCsodCa.exe
  C:\Windows\System\bCsodCa.exe
  2⤵
  PID:6112
- C:\Windows\System\QLyZcuV.exe
  C:\Windows\System\QLyZcuV.exe
  2⤵
  PID:4048
- C:\Windows\System\iCxtacC.exe
  C:\Windows\System\iCxtacC.exe
  2⤵
  PID:6020
- C:\Windows\System\VofCrCj.exe
  C:\Windows\System\VofCrCj.exe
  2⤵
  PID:6100
- C:\Windows\System\HUZnwQv.exe
  C:\Windows\System\HUZnwQv.exe
  2⤵
  PID:5068
- C:\Windows\System\dhxinUY.exe
  C:\Windows\System\dhxinUY.exe
  2⤵
  PID:4940
- C:\Windows\System\mxjRJhQ.exe
  C:\Windows\System\mxjRJhQ.exe
  2⤵
  PID:5232
- C:\Windows\System\XKloIbk.exe
  C:\Windows\System\XKloIbk.exe
  2⤵
  PID:5188
- C:\Windows\System\ATfWAGE.exe
  C:\Windows\System\ATfWAGE.exe
  2⤵
  PID:5296
- C:\Windows\System\lPqUCzo.exe
  C:\Windows\System\lPqUCzo.exe
  2⤵
  PID:5400
- C:\Windows\System\jaQzqOh.exe
  C:\Windows\System\jaQzqOh.exe
  2⤵
  PID:5496
- C:\Windows\System\eXyDYOi.exe
  C:\Windows\System\eXyDYOi.exe
  2⤵
  PID:5640
- C:\Windows\System\xngTHsT.exe
  C:\Windows\System\xngTHsT.exe
  2⤵
  PID:5684
- C:\Windows\System\gFdUiQY.exe
  C:\Windows\System\gFdUiQY.exe
  2⤵
  PID:5756
- C:\Windows\System\KQyVvJA.exe
  C:\Windows\System\KQyVvJA.exe
  2⤵
  PID:4620
- C:\Windows\System\utEmANA.exe
  C:\Windows\System\utEmANA.exe
  2⤵
  PID:4816
- C:\Windows\System\yyorMQc.exe
  C:\Windows\System\yyorMQc.exe
  2⤵
  PID:5816
- C:\Windows\System\LIBUqcw.exe
  C:\Windows\System\LIBUqcw.exe
  2⤵
  PID:5252
- C:\Windows\System\WnMdHAa.exe
  C:\Windows\System\WnMdHAa.exe
  2⤵
  PID:5308
- C:\Windows\System\zdsmxeS.exe
  C:\Windows\System\zdsmxeS.exe
  2⤵
  PID:5224
- C:\Windows\System\nocXtAm.exe
  C:\Windows\System\nocXtAm.exe
  2⤵
  PID:5356
- C:\Windows\System\RGKFYfZ.exe
  C:\Windows\System\RGKFYfZ.exe
  2⤵
  PID:5964
- C:\Windows\System\tLSMnWa.exe
  C:\Windows\System\tLSMnWa.exe
  2⤵
  PID:6000
- C:\Windows\System\QpKogGr.exe
  C:\Windows\System\QpKogGr.exe
  2⤵
  PID:5704
- C:\Windows\System\yXddBLG.exe
  C:\Windows\System\yXddBLG.exe
  2⤵
  PID:5920
- C:\Windows\System\JVwUTEk.exe
  C:\Windows\System\JVwUTEk.exe
  2⤵
  PID:5464
- C:\Windows\System\kaRMEWa.exe
  C:\Windows\System\kaRMEWa.exe
  2⤵
  PID:5744
- C:\Windows\System\OfqbrnX.exe
  C:\Windows\System\OfqbrnX.exe
  2⤵
  PID:5576
- C:\Windows\System\jssiFGP.exe
  C:\Windows\System\jssiFGP.exe
  2⤵
  PID:6116
- C:\Windows\System\TzfJcVU.exe
  C:\Windows\System\TzfJcVU.exe
  2⤵
  PID:4384
- C:\Windows\System\WJIHgdC.exe
  C:\Windows\System\WJIHgdC.exe
  2⤵
  PID:6092
- C:\Windows\System\yPFPmke.exe
  C:\Windows\System\yPFPmke.exe
  2⤵
  PID:6024
- C:\Windows\System\djsqXYT.exe
  C:\Windows\System\djsqXYT.exe
  2⤵
  PID:4852
- C:\Windows\System\JpBUBmk.exe
  C:\Windows\System\JpBUBmk.exe
  2⤵
  PID:3532
- C:\Windows\System\oqBbPBY.exe
  C:\Windows\System\oqBbPBY.exe
  2⤵
  PID:5404
- C:\Windows\System\tAAHsxm.exe
  C:\Windows\System\tAAHsxm.exe
  2⤵
  PID:5572
- C:\Windows\System\zRIozFz.exe
  C:\Windows\System\zRIozFz.exe
  2⤵
  PID:5680
- C:\Windows\System\cpbGwTB.exe
  C:\Windows\System\cpbGwTB.exe
  2⤵
  PID:5656
- C:\Windows\System\lLJxfvN.exe
  C:\Windows\System\lLJxfvN.exe
  2⤵
  PID:6140
- C:\Windows\System\MfxFesD.exe
  C:\Windows\System\MfxFesD.exe
  2⤵
  PID:5820
- C:\Windows\System\haSoKmB.exe
  C:\Windows\System\haSoKmB.exe
  2⤵
  PID:6156
- C:\Windows\System\idEfykx.exe
  C:\Windows\System\idEfykx.exe
  2⤵
  PID:6176
- C:\Windows\System\NVTOBeA.exe
  C:\Windows\System\NVTOBeA.exe
  2⤵
  PID:6196
- C:\Windows\System\XpTNUCN.exe
  C:\Windows\System\XpTNUCN.exe
  2⤵
  PID:6216
- C:\Windows\System\oabRkFC.exe
  C:\Windows\System\oabRkFC.exe
  2⤵
  PID:6236
- C:\Windows\System\vnuUneN.exe
  C:\Windows\System\vnuUneN.exe
  2⤵
  PID:6256
- C:\Windows\System\mCYKyqV.exe
  C:\Windows\System\mCYKyqV.exe
  2⤵
  PID:6276
- C:\Windows\System\fREogpu.exe
  C:\Windows\System\fREogpu.exe
  2⤵
  PID:6296
- C:\Windows\System\yTqfWSj.exe
  C:\Windows\System\yTqfWSj.exe
  2⤵
  PID:6316
- C:\Windows\System\cFCwBoh.exe
  C:\Windows\System\cFCwBoh.exe
  2⤵
  PID:6336
- C:\Windows\System\bScnKac.exe
  C:\Windows\System\bScnKac.exe
  2⤵
  PID:6356
- C:\Windows\System\mHCpXkP.exe
  C:\Windows\System\mHCpXkP.exe
  2⤵
  PID:6376
- C:\Windows\System\ZpMXVqj.exe
  C:\Windows\System\ZpMXVqj.exe
  2⤵
  PID:6396
- C:\Windows\System\KGcohUJ.exe
  C:\Windows\System\KGcohUJ.exe
  2⤵
  PID:6416
- C:\Windows\System\FHynNtk.exe
  C:\Windows\System\FHynNtk.exe
  2⤵
  PID:6436
- C:\Windows\System\piXIhkk.exe
  C:\Windows\System\piXIhkk.exe
  2⤵
  PID:6456
- C:\Windows\System\xHdPCeG.exe
  C:\Windows\System\xHdPCeG.exe
  2⤵
  PID:6476
- C:\Windows\System\NqPTEzH.exe
  C:\Windows\System\NqPTEzH.exe
  2⤵
  PID:6496
- C:\Windows\System\bljUXvs.exe
  C:\Windows\System\bljUXvs.exe
  2⤵
  PID:6516
- C:\Windows\System\xozMHuD.exe
  C:\Windows\System\xozMHuD.exe
  2⤵
  PID:6536
- C:\Windows\System\DOiXtTB.exe
  C:\Windows\System\DOiXtTB.exe
  2⤵
  PID:6556
- C:\Windows\System\pVxDMwT.exe
  C:\Windows\System\pVxDMwT.exe
  2⤵
  PID:6576
- C:\Windows\System\cULRHJk.exe
  C:\Windows\System\cULRHJk.exe
  2⤵
  PID:6596
- C:\Windows\System\oZeNdTB.exe
  C:\Windows\System\oZeNdTB.exe
  2⤵
  PID:6616
- C:\Windows\System\eBrSLio.exe
  C:\Windows\System\eBrSLio.exe
  2⤵
  PID:6636
- C:\Windows\System\EfnmfQW.exe
  C:\Windows\System\EfnmfQW.exe
  2⤵
  PID:6656
- C:\Windows\System\ZKpYJoL.exe
  C:\Windows\System\ZKpYJoL.exe
  2⤵
  PID:6676
- C:\Windows\System\sllFQyG.exe
  C:\Windows\System\sllFQyG.exe
  2⤵
  PID:6696
- C:\Windows\System\DtVTqDJ.exe
  C:\Windows\System\DtVTqDJ.exe
  2⤵
  PID:6716
- C:\Windows\System\nwvNhoY.exe
  C:\Windows\System\nwvNhoY.exe
  2⤵
  PID:6736
- C:\Windows\System\IsaUTfJ.exe
  C:\Windows\System\IsaUTfJ.exe
  2⤵
  PID:6756
- C:\Windows\System\mpLjezi.exe
  C:\Windows\System\mpLjezi.exe
  2⤵
  PID:6776
- C:\Windows\System\cJjPLeq.exe
  C:\Windows\System\cJjPLeq.exe
  2⤵
  PID:6796
- C:\Windows\System\oIrEHfB.exe
  C:\Windows\System\oIrEHfB.exe
  2⤵
  PID:6816
- C:\Windows\System\joQoFtG.exe
  C:\Windows\System\joQoFtG.exe
  2⤵
  PID:6836
- C:\Windows\System\IayqVtj.exe
  C:\Windows\System\IayqVtj.exe
  2⤵
  PID:6860
- C:\Windows\System\Lqrvpuz.exe
  C:\Windows\System\Lqrvpuz.exe
  2⤵
  PID:6880
- C:\Windows\System\JrMPYlc.exe
  C:\Windows\System\JrMPYlc.exe
  2⤵
  PID:6900
- C:\Windows\System\UTVHXpC.exe
  C:\Windows\System\UTVHXpC.exe
  2⤵
  PID:6920
- C:\Windows\System\nHrUmNH.exe
  C:\Windows\System\nHrUmNH.exe
  2⤵
  PID:6940
- C:\Windows\System\efGjYDh.exe
  C:\Windows\System\efGjYDh.exe
  2⤵
  PID:6960
- C:\Windows\System\UrwDveA.exe
  C:\Windows\System\UrwDveA.exe
  2⤵
  PID:6980
- C:\Windows\System\VeZfXuc.exe
  C:\Windows\System\VeZfXuc.exe
  2⤵
  PID:7000
- C:\Windows\System\jYrzgnP.exe
  C:\Windows\System\jYrzgnP.exe
  2⤵
  PID:7020
- C:\Windows\System\CyZATXE.exe
  C:\Windows\System\CyZATXE.exe
  2⤵
  PID:7040
- C:\Windows\System\uQdQmtd.exe
  C:\Windows\System\uQdQmtd.exe
  2⤵
  PID:7060
- C:\Windows\System\dUpWTif.exe
  C:\Windows\System\dUpWTif.exe
  2⤵
  PID:7080
- C:\Windows\System\heUeVah.exe
  C:\Windows\System\heUeVah.exe
  2⤵
  PID:7100
- C:\Windows\System\XVOiYlC.exe
  C:\Windows\System\XVOiYlC.exe
  2⤵
  PID:7120
- C:\Windows\System\grmqwYj.exe
  C:\Windows\System\grmqwYj.exe
  2⤵
  PID:7140
- C:\Windows\System\dhbqgsG.exe
  C:\Windows\System\dhbqgsG.exe
  2⤵
  PID:7160
- C:\Windows\System\RFRlbvo.exe
  C:\Windows\System\RFRlbvo.exe
  2⤵
  PID:2880
- C:\Windows\System\UPDPvqP.exe
  C:\Windows\System\UPDPvqP.exe
  2⤵
  PID:5364
- C:\Windows\System\pDWdpyA.exe
  C:\Windows\System\pDWdpyA.exe
  2⤵
  PID:5696
- C:\Windows\System\yxfdDYo.exe
  C:\Windows\System\yxfdDYo.exe
  2⤵
  PID:5880
- C:\Windows\System\GDwsUki.exe
  C:\Windows\System\GDwsUki.exe
  2⤵
  PID:1004
- C:\Windows\System\ImqYfEw.exe
  C:\Windows\System\ImqYfEw.exe
  2⤵
  PID:5772
- C:\Windows\System\EHcLsbf.exe
  C:\Windows\System\EHcLsbf.exe
  2⤵
  PID:6080
- C:\Windows\System\KvxjiPS.exe
  C:\Windows\System\KvxjiPS.exe
  2⤵
  PID:4516
- C:\Windows\System\sHDYRDP.exe
  C:\Windows\System\sHDYRDP.exe
  2⤵
  PID:4864
- C:\Windows\System\cewNbep.exe
  C:\Windows\System\cewNbep.exe
  2⤵
  PID:5312
- C:\Windows\System\vTZJPkA.exe
  C:\Windows\System\vTZJPkA.exe
  2⤵
  PID:3056
- C:\Windows\System\IWcxcKb.exe
  C:\Windows\System\IWcxcKb.exe
  2⤵
  PID:5620
- C:\Windows\System\RIAusdL.exe
  C:\Windows\System\RIAusdL.exe
  2⤵
  PID:4880
- C:\Windows\System\JRPToMB.exe
  C:\Windows\System\JRPToMB.exe
  2⤵
  PID:6152
- C:\Windows\System\rmJXpSv.exe
  C:\Windows\System\rmJXpSv.exe
  2⤵
  PID:6184
- C:\Windows\System\GaaiVuh.exe
  C:\Windows\System\GaaiVuh.exe
  2⤵
  PID:6224
- C:\Windows\System\ioTlMFH.exe
  C:\Windows\System\ioTlMFH.exe
  2⤵
  PID:6248
- C:\Windows\System\dHfveSR.exe
  C:\Windows\System\dHfveSR.exe
  2⤵
  PID:6268
- C:\Windows\System\aCqgxwH.exe
  C:\Windows\System\aCqgxwH.exe
  2⤵
  PID:6328
- C:\Windows\System\zouruGm.exe
  C:\Windows\System\zouruGm.exe
  2⤵
  PID:6348
- C:\Windows\System\UCFiAxJ.exe
  C:\Windows\System\UCFiAxJ.exe
  2⤵
  PID:6404
- C:\Windows\System\murucOI.exe
  C:\Windows\System\murucOI.exe
  2⤵
  PID:6444
- C:\Windows\System\PZGyRhX.exe
  C:\Windows\System\PZGyRhX.exe
  2⤵
  PID:6448
- C:\Windows\System\wbtXtlw.exe
  C:\Windows\System\wbtXtlw.exe
  2⤵
  PID:6472
- C:\Windows\System\WxgVezO.exe
  C:\Windows\System\WxgVezO.exe
  2⤵
  PID:6512
- C:\Windows\System\SDVVleC.exe
  C:\Windows\System\SDVVleC.exe
  2⤵
  PID:6552
- C:\Windows\System\dTSepqt.exe
  C:\Windows\System\dTSepqt.exe
  2⤵
  PID:6604
- C:\Windows\System\KRItcRa.exe
  C:\Windows\System\KRItcRa.exe
  2⤵
  PID:6624
- C:\Windows\System\wwSXZSI.exe
  C:\Windows\System\wwSXZSI.exe
  2⤵
  PID:6648
- C:\Windows\System\YSrRBiw.exe
  C:\Windows\System\YSrRBiw.exe
  2⤵
  PID:6692
- C:\Windows\System\edFdYPf.exe
  C:\Windows\System\edFdYPf.exe
  2⤵
  PID:6712
- C:\Windows\System\avYxZxA.exe
  C:\Windows\System\avYxZxA.exe
  2⤵
  PID:6752
- C:\Windows\System\ROyzRnx.exe
  C:\Windows\System\ROyzRnx.exe
  2⤵
  PID:6804
- C:\Windows\System\vzPWyzh.exe
  C:\Windows\System\vzPWyzh.exe
  2⤵
  PID:2516
- C:\Windows\System\ySkEcel.exe
  C:\Windows\System\ySkEcel.exe
  2⤵
  PID:6848
- C:\Windows\System\MGoSzfd.exe
  C:\Windows\System\MGoSzfd.exe
  2⤵
  PID:6872
- C:\Windows\System\UdQykbZ.exe
  C:\Windows\System\UdQykbZ.exe
  2⤵
  PID:6912
- C:\Windows\System\lXAAlDF.exe
  C:\Windows\System\lXAAlDF.exe
  2⤵
  PID:6976
- C:\Windows\System\qHwsHjc.exe
  C:\Windows\System\qHwsHjc.exe
  2⤵
  PID:6996
- C:\Windows\System\Nveeabi.exe
  C:\Windows\System\Nveeabi.exe
  2⤵
  PID:7028
- C:\Windows\System\ijGxisd.exe
  C:\Windows\System\ijGxisd.exe
  2⤵
  PID:7052
- C:\Windows\System\heUABwo.exe
  C:\Windows\System\heUABwo.exe
  2⤵
  PID:7072
- C:\Windows\System\PyIIOpX.exe
  C:\Windows\System\PyIIOpX.exe
  2⤵
  PID:7116
- C:\Windows\System\laBISqk.exe
  C:\Windows\System\laBISqk.exe
  2⤵
  PID:7148
- C:\Windows\System\JLvSLDY.exe
  C:\Windows\System\JLvSLDY.exe
  2⤵
  PID:5240
- C:\Windows\System\eKRksGz.exe
  C:\Windows\System\eKRksGz.exe
  2⤵
  PID:6076
- C:\Windows\System\KOQJRtX.exe
  C:\Windows\System\KOQJRtX.exe
  2⤵
  PID:5424
- C:\Windows\System\JoBQLsG.exe
  C:\Windows\System\JoBQLsG.exe
  2⤵
  PID:5724
- C:\Windows\System\UhiuwiV.exe
  C:\Windows\System\UhiuwiV.exe
  2⤵
  PID:3076
- C:\Windows\System\PRRNrmd.exe
  C:\Windows\System\PRRNrmd.exe
  2⤵
  PID:5200
- C:\Windows\System\GElspZA.exe
  C:\Windows\System\GElspZA.exe
  2⤵
  PID:5832
- C:\Windows\System\ofxCoXx.exe
  C:\Windows\System\ofxCoXx.exe
  2⤵
  PID:5044
- C:\Windows\System\kvjpstS.exe
  C:\Windows\System\kvjpstS.exe
  2⤵
  PID:6168
- C:\Windows\System\PJhJfPI.exe
  C:\Windows\System\PJhJfPI.exe
  2⤵
  PID:6208
- C:\Windows\System\TdGzQTE.exe
  C:\Windows\System\TdGzQTE.exe
  2⤵
  PID:1616
- C:\Windows\System\xILURra.exe
  C:\Windows\System\xILURra.exe
  2⤵
  PID:6384
- C:\Windows\System\moDiDxB.exe
  C:\Windows\System\moDiDxB.exe
  2⤵
  PID:6432
- C:\Windows\System\FgtbSfV.exe
  C:\Windows\System\FgtbSfV.exe
  2⤵
  PID:6388
- C:\Windows\System\JoiSOnV.exe
  C:\Windows\System\JoiSOnV.exe
  2⤵
  PID:6524
- C:\Windows\System\riSRIvt.exe
  C:\Windows\System\riSRIvt.exe
  2⤵
  PID:6564
- C:\Windows\System\KZMiBuL.exe
  C:\Windows\System\KZMiBuL.exe
  2⤵
  PID:6652
- C:\Windows\System\AJhrici.exe
  C:\Windows\System\AJhrici.exe
  2⤵
  PID:6704
- C:\Windows\System\qiQceaf.exe
  C:\Windows\System\qiQceaf.exe
  2⤵
  PID:6772
- C:\Windows\System\wenfMqN.exe
  C:\Windows\System\wenfMqN.exe
  2⤵
  PID:6744
- C:\Windows\System\HbEIbRS.exe
  C:\Windows\System\HbEIbRS.exe
  2⤵
  PID:6832
- C:\Windows\System\LSRsode.exe
  C:\Windows\System\LSRsode.exe
  2⤵
  PID:2312
- C:\Windows\System\MtGBZis.exe
  C:\Windows\System\MtGBZis.exe
  2⤵
  PID:6928
- C:\Windows\System\pYGtnNI.exe
  C:\Windows\System\pYGtnNI.exe
  2⤵
  PID:1952
- C:\Windows\System\KGaMdFS.exe
  C:\Windows\System\KGaMdFS.exe
  2⤵
  PID:6972
- C:\Windows\System\EPaiVtR.exe
  C:\Windows\System\EPaiVtR.exe
  2⤵
  PID:7008
- C:\Windows\System\aqeDtic.exe
  C:\Windows\System\aqeDtic.exe
  2⤵
  PID:7092
- C:\Windows\System\PiHajYs.exe
  C:\Windows\System\PiHajYs.exe
  2⤵
  PID:7088
- C:\Windows\System\lvCiMgl.exe
  C:\Windows\System\lvCiMgl.exe
  2⤵
  PID:4068
- C:\Windows\System\sHnGgEF.exe
  C:\Windows\System\sHnGgEF.exe
  2⤵
  PID:5376
- C:\Windows\System\vUsbhZD.exe
  C:\Windows\System\vUsbhZD.exe
  2⤵
  PID:5580
- C:\Windows\System\GAbFpnr.exe
  C:\Windows\System\GAbFpnr.exe
  2⤵
  PID:4632
- C:\Windows\System\iTNvAvX.exe
  C:\Windows\System\iTNvAvX.exe
  2⤵
  PID:5984
- C:\Windows\System\ADVJdXt.exe
  C:\Windows\System\ADVJdXt.exe
  2⤵
  PID:5456
- C:\Windows\System\aYFJplS.exe
  C:\Windows\System\aYFJplS.exe
  2⤵
  PID:6304
- C:\Windows\System\EqKKgxd.exe
  C:\Windows\System\EqKKgxd.exe
  2⤵
  PID:6264
- C:\Windows\System\bDPRszS.exe
  C:\Windows\System\bDPRszS.exe
  2⤵
  PID:6352
- C:\Windows\System\lXsjRJC.exe
  C:\Windows\System\lXsjRJC.exe
  2⤵
  PID:6492
- C:\Windows\System\dTrHBHp.exe
  C:\Windows\System\dTrHBHp.exe
  2⤵
  PID:6572
- C:\Windows\System\qGCxLjE.exe
  C:\Windows\System\qGCxLjE.exe
  2⤵
  PID:6684
- C:\Windows\System\lmhHicT.exe
  C:\Windows\System\lmhHicT.exe
  2⤵
  PID:2784
- C:\Windows\System\DTZcMpb.exe
  C:\Windows\System\DTZcMpb.exe
  2⤵
  PID:6916
- C:\Windows\System\miHdHQr.exe
  C:\Windows\System\miHdHQr.exe
  2⤵
  PID:2620
- C:\Windows\System\upYufxr.exe
  C:\Windows\System\upYufxr.exe
  2⤵
  PID:6948
- C:\Windows\System\EasaBNL.exe
  C:\Windows\System\EasaBNL.exe
  2⤵
  PID:2864
- C:\Windows\System\CJiFaHn.exe
  C:\Windows\System\CJiFaHn.exe
  2⤵
  PID:7188
- C:\Windows\System\rLtHXMp.exe
  C:\Windows\System\rLtHXMp.exe
  2⤵
  PID:7208
- C:\Windows\System\KPplfTx.exe
  C:\Windows\System\KPplfTx.exe
  2⤵
  PID:7228
- C:\Windows\System\kNSBoLT.exe
  C:\Windows\System\kNSBoLT.exe
  2⤵
  PID:7248
- C:\Windows\System\cfHzDKB.exe
  C:\Windows\System\cfHzDKB.exe
  2⤵
  PID:7268
- C:\Windows\System\VXOwYWw.exe
  C:\Windows\System\VXOwYWw.exe
  2⤵
  PID:7288
- C:\Windows\System\hfOaJnH.exe
  C:\Windows\System\hfOaJnH.exe
  2⤵
  PID:7308
- C:\Windows\System\AEdCETf.exe
  C:\Windows\System\AEdCETf.exe
  2⤵
  PID:7328
- C:\Windows\System\pQXSFhu.exe
  C:\Windows\System\pQXSFhu.exe
  2⤵
  PID:7348
- C:\Windows\System\AVhZPhq.exe
  C:\Windows\System\AVhZPhq.exe
  2⤵
  PID:7368
- C:\Windows\System\SgBkPzQ.exe
  C:\Windows\System\SgBkPzQ.exe
  2⤵
  PID:7388
- C:\Windows\System\czEOqEg.exe
  C:\Windows\System\czEOqEg.exe
  2⤵
  PID:7408
- C:\Windows\System\pPjpxDh.exe
  C:\Windows\System\pPjpxDh.exe
  2⤵
  PID:7428
- C:\Windows\System\jEYfYFY.exe
  C:\Windows\System\jEYfYFY.exe
  2⤵
  PID:7448
- C:\Windows\System\RjkCvvS.exe
  C:\Windows\System\RjkCvvS.exe
  2⤵
  PID:7468
- C:\Windows\System\bsbSFAP.exe
  C:\Windows\System\bsbSFAP.exe
  2⤵
  PID:7488
- C:\Windows\System\mrULEoQ.exe
  C:\Windows\System\mrULEoQ.exe
  2⤵
  PID:7508
- C:\Windows\System\XGNCdyx.exe
  C:\Windows\System\XGNCdyx.exe
  2⤵
  PID:7528
- C:\Windows\System\sdLRVwp.exe
  C:\Windows\System\sdLRVwp.exe
  2⤵
  PID:7548
- C:\Windows\System\BvlcnLd.exe
  C:\Windows\System\BvlcnLd.exe
  2⤵
  PID:7568
- C:\Windows\System\ckcbgeF.exe
  C:\Windows\System\ckcbgeF.exe
  2⤵
  PID:7588
- C:\Windows\System\joYAHds.exe
  C:\Windows\System\joYAHds.exe
  2⤵
  PID:7608
- C:\Windows\System\vPQcnkf.exe
  C:\Windows\System\vPQcnkf.exe
  2⤵
  PID:7628
- C:\Windows\System\ToyDStO.exe
  C:\Windows\System\ToyDStO.exe
  2⤵
  PID:7648
- C:\Windows\System\fXPvzQl.exe
  C:\Windows\System\fXPvzQl.exe
  2⤵
  PID:7668
- C:\Windows\System\gaDhhOL.exe
  C:\Windows\System\gaDhhOL.exe
  2⤵
  PID:7688
- C:\Windows\System\bjXvdYe.exe
  C:\Windows\System\bjXvdYe.exe
  2⤵
  PID:7704
- C:\Windows\System\dqGyMsw.exe
  C:\Windows\System\dqGyMsw.exe
  2⤵
  PID:7732
- C:\Windows\System\YhWHteg.exe
  C:\Windows\System\YhWHteg.exe
  2⤵
  PID:7752
- C:\Windows\System\sHEImFm.exe
  C:\Windows\System\sHEImFm.exe
  2⤵
  PID:7772
- C:\Windows\System\ZnrJihA.exe
  C:\Windows\System\ZnrJihA.exe
  2⤵
  PID:7792
- C:\Windows\System\LPNBGKx.exe
  C:\Windows\System\LPNBGKx.exe
  2⤵
  PID:7812
- C:\Windows\System\ZmyrJmH.exe
  C:\Windows\System\ZmyrJmH.exe
  2⤵
  PID:7832
- C:\Windows\System\oDkSVZU.exe
  C:\Windows\System\oDkSVZU.exe
  2⤵
  PID:7852
- C:\Windows\System\ETExaqR.exe
  C:\Windows\System\ETExaqR.exe
  2⤵
  PID:7872
- C:\Windows\System\gTBWLGg.exe
  C:\Windows\System\gTBWLGg.exe
  2⤵
  PID:7892
- C:\Windows\System\mbpCXSx.exe
  C:\Windows\System\mbpCXSx.exe
  2⤵
  PID:7912
- C:\Windows\System\uVpIlKN.exe
  C:\Windows\System\uVpIlKN.exe
  2⤵
  PID:7932
- C:\Windows\System\nhVTqVZ.exe
  C:\Windows\System\nhVTqVZ.exe
  2⤵
  PID:7952
- C:\Windows\System\gBiQYui.exe
  C:\Windows\System\gBiQYui.exe
  2⤵
  PID:7968
- C:\Windows\System\dErLzSO.exe
  C:\Windows\System\dErLzSO.exe
  2⤵
  PID:7988
- C:\Windows\System\ABrLDfv.exe
  C:\Windows\System\ABrLDfv.exe
  2⤵
  PID:8012
- C:\Windows\System\TgJZrgp.exe
  C:\Windows\System\TgJZrgp.exe
  2⤵
  PID:8032
- C:\Windows\System\nDMLtuh.exe
  C:\Windows\System\nDMLtuh.exe
  2⤵
  PID:8052
- C:\Windows\System\FeburGF.exe
  C:\Windows\System\FeburGF.exe
  2⤵
  PID:8072
- C:\Windows\System\mksxtbP.exe
  C:\Windows\System\mksxtbP.exe
  2⤵
  PID:8092
- C:\Windows\System\KPSdKyR.exe
  C:\Windows\System\KPSdKyR.exe
  2⤵
  PID:8112
- C:\Windows\System\VadmCch.exe
  C:\Windows\System\VadmCch.exe
  2⤵
  PID:8132
- C:\Windows\System\awOqRIG.exe
  C:\Windows\System\awOqRIG.exe
  2⤵
  PID:8148
- C:\Windows\System\nDsVOay.exe
  C:\Windows\System\nDsVOay.exe
  2⤵
  PID:8168
- C:\Windows\System\PDdzPOx.exe
  C:\Windows\System\PDdzPOx.exe
  2⤵
  PID:7056
- C:\Windows\System\ZUIWcVa.exe
  C:\Windows\System\ZUIWcVa.exe
  2⤵
  PID:1480
- C:\Windows\System\ZqxSRNA.exe
  C:\Windows\System\ZqxSRNA.exe
  2⤵
  PID:5924
- C:\Windows\System\oilMGig.exe
  C:\Windows\System\oilMGig.exe
  2⤵
  PID:1744
- C:\Windows\System\GvQpqRi.exe
  C:\Windows\System\GvQpqRi.exe
  2⤵
  PID:5592
- C:\Windows\System\PTnKSwD.exe
  C:\Windows\System\PTnKSwD.exe
  2⤵
  PID:6272
- C:\Windows\System\kAXUVXo.exe
  C:\Windows\System\kAXUVXo.exe
  2⤵
  PID:6308
- C:\Windows\System\FbzpEiK.exe
  C:\Windows\System\FbzpEiK.exe
  2⤵
  PID:6588
- C:\Windows\System\lQXwtjo.exe
  C:\Windows\System\lQXwtjo.exe
  2⤵
  PID:6612
- C:\Windows\System\DDCPAMh.exe
  C:\Windows\System\DDCPAMh.exe
  2⤵
  PID:6828
- C:\Windows\System\pPAFXlj.exe
  C:\Windows\System\pPAFXlj.exe
  2⤵
  PID:7036
- C:\Windows\System\bOjhliM.exe
  C:\Windows\System\bOjhliM.exe
  2⤵
  PID:7176
- C:\Windows\System\dWNoPhD.exe
  C:\Windows\System\dWNoPhD.exe
  2⤵
  PID:7200
- C:\Windows\System\schnpEq.exe
  C:\Windows\System\schnpEq.exe
  2⤵
  PID:7224
- C:\Windows\System\oDCFbfS.exe
  C:\Windows\System\oDCFbfS.exe
  2⤵
  PID:7276
- C:\Windows\System\jAabfGk.exe
  C:\Windows\System\jAabfGk.exe
  2⤵
  PID:7304
- C:\Windows\System\scaWjsK.exe
  C:\Windows\System\scaWjsK.exe
  2⤵
  PID:7356
- C:\Windows\System\snIGKym.exe
  C:\Windows\System\snIGKym.exe
  2⤵
  PID:7340
- C:\Windows\System\MqkwDHm.exe
  C:\Windows\System\MqkwDHm.exe
  2⤵
  PID:7400
- C:\Windows\System\GiXspXe.exe
  C:\Windows\System\GiXspXe.exe
  2⤵
  PID:7420
- C:\Windows\System\cpiJBia.exe
  C:\Windows\System\cpiJBia.exe
  2⤵
  PID:7464
- C:\Windows\System\ubDLjcQ.exe
  C:\Windows\System\ubDLjcQ.exe
  2⤵
  PID:7516
- C:\Windows\System\qYDHMgN.exe
  C:\Windows\System\qYDHMgN.exe
  2⤵
  PID:7564
- C:\Windows\System\uOAdVQr.exe
  C:\Windows\System\uOAdVQr.exe
  2⤵
  PID:7596
- C:\Windows\System\zGNLYhA.exe
  C:\Windows\System\zGNLYhA.exe
  2⤵
  PID:7600
- C:\Windows\System\tXSBTBr.exe
  C:\Windows\System\tXSBTBr.exe
  2⤵
  PID:7624
- C:\Windows\System\qdvJLAh.exe
  C:\Windows\System\qdvJLAh.exe
  2⤵
  PID:7680
- C:\Windows\System\PcETJFG.exe
  C:\Windows\System\PcETJFG.exe
  2⤵
  PID:7724
- C:\Windows\System\SaBaajh.exe
  C:\Windows\System\SaBaajh.exe
  2⤵
  PID:7748
- C:\Windows\System\uKfcwGC.exe
  C:\Windows\System\uKfcwGC.exe
  2⤵
  PID:7780
- C:\Windows\System\ygHqPhG.exe
  C:\Windows\System\ygHqPhG.exe
  2⤵
  PID:7848
- C:\Windows\System\nAhbkbA.exe
  C:\Windows\System\nAhbkbA.exe
  2⤵
  PID:1972
- C:\Windows\System\KcZfptf.exe
  C:\Windows\System\KcZfptf.exe
  2⤵
  PID:7880
- C:\Windows\System\RRZVmTL.exe
  C:\Windows\System\RRZVmTL.exe
  2⤵
  PID:7908
- C:\Windows\System\CJoqrHi.exe
  C:\Windows\System\CJoqrHi.exe
  2⤵
  PID:7940
- C:\Windows\System\qmoTmwm.exe
  C:\Windows\System\qmoTmwm.exe
  2⤵
  PID:7996
- C:\Windows\System\hwBWebe.exe
  C:\Windows\System\hwBWebe.exe
  2⤵
  PID:7984
- C:\Windows\System\wMFlCWY.exe
  C:\Windows\System\wMFlCWY.exe
  2⤵
  PID:8044
- C:\Windows\System\dWtmTFK.exe
  C:\Windows\System\dWtmTFK.exe
  2⤵
  PID:8064
- C:\Windows\System\KiTZHzC.exe
  C:\Windows\System\KiTZHzC.exe
  2⤵
  PID:8108
- C:\Windows\System\wDmIXvl.exe
  C:\Windows\System\wDmIXvl.exe
  2⤵
  PID:8156
- C:\Windows\System\UOamOsm.exe
  C:\Windows\System\UOamOsm.exe
  2⤵
  PID:8144
- C:\Windows\System\eUIABeL.exe
  C:\Windows\System\eUIABeL.exe
  2⤵
  PID:7152
- C:\Windows\System\JqqmkWC.exe
  C:\Windows\System\JqqmkWC.exe
  2⤵
  PID:3208
- C:\Windows\System\SNRNSfh.exe
  C:\Windows\System\SNRNSfh.exe
  2⤵
  PID:2968
- C:\Windows\System\TPoFnse.exe
  C:\Windows\System\TPoFnse.exe
  2⤵
  PID:316
- C:\Windows\System\pApshPm.exe
  C:\Windows\System\pApshPm.exe
  2⤵
  PID:6568
- C:\Windows\System\njMybns.exe
  C:\Windows\System\njMybns.exe
  2⤵
  PID:6672
- C:\Windows\System\PlBfowr.exe
  C:\Windows\System\PlBfowr.exe
  2⤵
  PID:6876
- C:\Windows\System\jqAtZCt.exe
  C:\Windows\System\jqAtZCt.exe
  2⤵
  PID:7236
- C:\Windows\System\dLbkyZQ.exe
  C:\Windows\System\dLbkyZQ.exe
  2⤵
  PID:7244
- C:\Windows\System\JACBAsg.exe
  C:\Windows\System\JACBAsg.exe
  2⤵
  PID:7316
- C:\Windows\System\HqsuirT.exe
  C:\Windows\System\HqsuirT.exe
  2⤵
  PID:7324
- C:\Windows\System\PUUyuFj.exe
  C:\Windows\System\PUUyuFj.exe
  2⤵
  PID:7404
- C:\Windows\System\KPVvyVb.exe
  C:\Windows\System\KPVvyVb.exe
  2⤵
  PID:7456
- C:\Windows\System\FjvMEQq.exe
  C:\Windows\System\FjvMEQq.exe
  2⤵
  PID:7504
- C:\Windows\System\DsPLpRU.exe
  C:\Windows\System\DsPLpRU.exe
  2⤵
  PID:7540
- C:\Windows\System\gyNeDbI.exe
  C:\Windows\System\gyNeDbI.exe
  2⤵
  PID:7604
- C:\Windows\System\Gzmmzyt.exe
  C:\Windows\System\Gzmmzyt.exe
  2⤵
  PID:7660
- C:\Windows\System\lLuAfyM.exe
  C:\Windows\System\lLuAfyM.exe
  2⤵
  PID:7760
- C:\Windows\System\JebSJMC.exe
  C:\Windows\System\JebSJMC.exe
  2⤵
  PID:7788
- C:\Windows\System\vWTPmNP.exe
  C:\Windows\System\vWTPmNP.exe
  2⤵
  PID:7784
- C:\Windows\System\feVmbnd.exe
  C:\Windows\System\feVmbnd.exe
  2⤵
  PID:7868
- C:\Windows\System\fsniCnY.exe
  C:\Windows\System\fsniCnY.exe
  2⤵
  PID:7928
- C:\Windows\System\imzNxbr.exe
  C:\Windows\System\imzNxbr.exe
  2⤵
  PID:7980
- C:\Windows\System\rXUZRUF.exe
  C:\Windows\System\rXUZRUF.exe
  2⤵
  PID:8100
- C:\Windows\System\RMKmyUf.exe
  C:\Windows\System\RMKmyUf.exe
  2⤵
  PID:8128
- C:\Windows\System\JkdIDOS.exe
  C:\Windows\System\JkdIDOS.exe
  2⤵
  PID:8124
- C:\Windows\System\JXzjawR.exe
  C:\Windows\System\JXzjawR.exe
  2⤵
  PID:8188
- C:\Windows\System\WmytbiO.exe
  C:\Windows\System\WmytbiO.exe
  2⤵
  PID:5204
- C:\Windows\System\ZtLGVCs.exe
  C:\Windows\System\ZtLGVCs.exe
  2⤵
  PID:2216
- C:\Windows\System\KpjvWVL.exe
  C:\Windows\System\KpjvWVL.exe
  2⤵
  PID:6392
- C:\Windows\System\NCbQjwh.exe
  C:\Windows\System\NCbQjwh.exe
  2⤵
  PID:2860
- C:\Windows\System\SvtOfMn.exe
  C:\Windows\System\SvtOfMn.exe
  2⤵
  PID:7180
- C:\Windows\System\vFuqEFK.exe
  C:\Windows\System\vFuqEFK.exe
  2⤵
  PID:7240
- C:\Windows\System\WPOOXVC.exe
  C:\Windows\System\WPOOXVC.exe
  2⤵
  PID:7256
- C:\Windows\System\gBQCiEq.exe
  C:\Windows\System\gBQCiEq.exe
  2⤵
  PID:7476
- C:\Windows\System\sqRWWqO.exe
  C:\Windows\System\sqRWWqO.exe
  2⤵
  PID:7584
- C:\Windows\System\NtxCxFT.exe
  C:\Windows\System\NtxCxFT.exe
  2⤵
  PID:7644
- C:\Windows\System\bYNDSgz.exe
  C:\Windows\System\bYNDSgz.exe
  2⤵
  PID:7656
- C:\Windows\System\VCHQojQ.exe
  C:\Windows\System\VCHQojQ.exe
  2⤵
  PID:7716
- C:\Windows\System\doEWPwt.exe
  C:\Windows\System\doEWPwt.exe
  2⤵
  PID:7924
- C:\Windows\System\hLrMpHn.exe
  C:\Windows\System\hLrMpHn.exe
  2⤵
  PID:3064
- C:\Windows\System\ydEleaW.exe
  C:\Windows\System\ydEleaW.exe
  2⤵
  PID:8008
- C:\Windows\System\UpQgrpR.exe
  C:\Windows\System\UpQgrpR.exe
  2⤵
  PID:8060
- C:\Windows\System\GtpVLEq.exe
  C:\Windows\System\GtpVLEq.exe
  2⤵
  PID:5980
- C:\Windows\System\iZCmzHd.exe
  C:\Windows\System\iZCmzHd.exe
  2⤵
  PID:6724
- C:\Windows\System\JRQcJbc.exe
  C:\Windows\System\JRQcJbc.exe
  2⤵
  PID:2580
- C:\Windows\System\SwBABxO.exe
  C:\Windows\System\SwBABxO.exe
  2⤵
  PID:7172
- C:\Windows\System\rNpPrOW.exe
  C:\Windows\System\rNpPrOW.exe
  2⤵
  PID:7320
- C:\Windows\System\QKtIIpx.exe
  C:\Windows\System\QKtIIpx.exe
  2⤵
  PID:7264
- C:\Windows\System\lRrEjHx.exe
  C:\Windows\System\lRrEjHx.exe
  2⤵
  PID:7712
- C:\Windows\System\XSiBHvE.exe
  C:\Windows\System\XSiBHvE.exe
  2⤵
  PID:7676
- C:\Windows\System\ksvLwHC.exe
  C:\Windows\System\ksvLwHC.exe
  2⤵
  PID:1252
- C:\Windows\System\JtxHgJi.exe
  C:\Windows\System\JtxHgJi.exe
  2⤵
  PID:8200
- C:\Windows\System\YsqIQku.exe
  C:\Windows\System\YsqIQku.exe
  2⤵
  PID:8224
- C:\Windows\System\Pmnievz.exe
  C:\Windows\System\Pmnievz.exe
  2⤵
  PID:8244
- C:\Windows\System\KtOJHvj.exe
  C:\Windows\System\KtOJHvj.exe
  2⤵
  PID:8264
- C:\Windows\System\WEuosMa.exe
  C:\Windows\System\WEuosMa.exe
  2⤵
  PID:8284
- C:\Windows\System\EIcACNZ.exe
  C:\Windows\System\EIcACNZ.exe
  2⤵
  PID:8304
- C:\Windows\System\xOfEEjy.exe
  C:\Windows\System\xOfEEjy.exe
  2⤵
  PID:8324
- C:\Windows\System\krsUSyv.exe
  C:\Windows\System\krsUSyv.exe
  2⤵
  PID:8344
- C:\Windows\System\xBunrDQ.exe
  C:\Windows\System\xBunrDQ.exe
  2⤵
  PID:8360
- C:\Windows\System\ppYXMEh.exe
  C:\Windows\System\ppYXMEh.exe
  2⤵
  PID:8380
- C:\Windows\System\MHQHCPx.exe
  C:\Windows\System\MHQHCPx.exe
  2⤵
  PID:8404
- C:\Windows\System\jtPAfMv.exe
  C:\Windows\System\jtPAfMv.exe
  2⤵
  PID:8424
- C:\Windows\System\dNpYIqO.exe
  C:\Windows\System\dNpYIqO.exe
  2⤵
  PID:8444
- C:\Windows\System\gtjejcA.exe
  C:\Windows\System\gtjejcA.exe
  2⤵
  PID:8464
- C:\Windows\System\fZAjQlx.exe
  C:\Windows\System\fZAjQlx.exe
  2⤵
  PID:8488
- C:\Windows\System\qDKznJh.exe
  C:\Windows\System\qDKznJh.exe
  2⤵
  PID:8508
- C:\Windows\System\zbhKxGk.exe
  C:\Windows\System\zbhKxGk.exe
  2⤵
  PID:8528
- C:\Windows\System\culBkZu.exe
  C:\Windows\System\culBkZu.exe
  2⤵
  PID:8548
- C:\Windows\System\ivyNrUG.exe
  C:\Windows\System\ivyNrUG.exe
  2⤵
  PID:8568
- C:\Windows\System\iIQHcyC.exe
  C:\Windows\System\iIQHcyC.exe
  2⤵
  PID:8588
- C:\Windows\System\UxjewrP.exe
  C:\Windows\System\UxjewrP.exe
  2⤵
  PID:8608
- C:\Windows\System\WXiSwQd.exe
  C:\Windows\System\WXiSwQd.exe
  2⤵
  PID:8624
- C:\Windows\System\rNEgSSW.exe
  C:\Windows\System\rNEgSSW.exe
  2⤵
  PID:8640
- C:\Windows\System\YbeQEWO.exe
  C:\Windows\System\YbeQEWO.exe
  2⤵
  PID:8656
- C:\Windows\System\RzScaaK.exe
  C:\Windows\System\RzScaaK.exe
  2⤵
  PID:8676
- C:\Windows\System\enMZXlR.exe
  C:\Windows\System\enMZXlR.exe
  2⤵
  PID:8692
- C:\Windows\System\OBtSKoh.exe
  C:\Windows\System\OBtSKoh.exe
  2⤵
  PID:8708
- C:\Windows\System\SDbHQwm.exe
  C:\Windows\System\SDbHQwm.exe
  2⤵
  PID:8728
- C:\Windows\System\wSXYhbJ.exe
  C:\Windows\System\wSXYhbJ.exe
  2⤵
  PID:8748
- C:\Windows\System\jiPLZDd.exe
  C:\Windows\System\jiPLZDd.exe
  2⤵
  PID:8768
- C:\Windows\System\xYCPBCz.exe
  C:\Windows\System\xYCPBCz.exe
  2⤵
  PID:8784
- C:\Windows\System\dahwSYf.exe
  C:\Windows\System\dahwSYf.exe
  2⤵
  PID:8804
- C:\Windows\System\HnYDaHa.exe
  C:\Windows\System\HnYDaHa.exe
  2⤵
  PID:8828
- C:\Windows\System\RzLRYcV.exe
  C:\Windows\System\RzLRYcV.exe
  2⤵
  PID:8880
- C:\Windows\System\chRZYvg.exe
  C:\Windows\System\chRZYvg.exe
  2⤵
  PID:8896
- C:\Windows\System\jYyHmys.exe
  C:\Windows\System\jYyHmys.exe
  2⤵
  PID:8912
- C:\Windows\System\fUxOPKx.exe
  C:\Windows\System\fUxOPKx.exe
  2⤵
  PID:8944
- C:\Windows\System\UCVhdoL.exe
  C:\Windows\System\UCVhdoL.exe
  2⤵
  PID:8960
- C:\Windows\System\lBsQhIc.exe
  C:\Windows\System\lBsQhIc.exe
  2⤵
  PID:9048
- C:\Windows\System\HiUtmKr.exe
  C:\Windows\System\HiUtmKr.exe
  2⤵
  PID:9064
- C:\Windows\System\VSKxaou.exe
  C:\Windows\System\VSKxaou.exe
  2⤵
  PID:9084
- C:\Windows\System\XgCrCkH.exe
  C:\Windows\System\XgCrCkH.exe
  2⤵
  PID:9100
- C:\Windows\System\lMrZaYw.exe
  C:\Windows\System\lMrZaYw.exe
  2⤵
  PID:9120
- C:\Windows\System\BABomgk.exe
  C:\Windows\System\BABomgk.exe
  2⤵
  PID:9136
- C:\Windows\System\qlZxNRo.exe
  C:\Windows\System\qlZxNRo.exe
  2⤵
  PID:9152
- C:\Windows\System\MUBUnXT.exe
  C:\Windows\System\MUBUnXT.exe
  2⤵
  PID:9168
- C:\Windows\System\IhAuwQQ.exe
  C:\Windows\System\IhAuwQQ.exe
  2⤵
  PID:9192
- C:\Windows\System\uXRbDqQ.exe
  C:\Windows\System\uXRbDqQ.exe
  2⤵
  PID:9208
- C:\Windows\System\UQBtUCt.exe
  C:\Windows\System\UQBtUCt.exe
  2⤵
  PID:8040
- C:\Windows\System\vadxICu.exe
  C:\Windows\System\vadxICu.exe
  2⤵
  PID:8068
- C:\Windows\System\NIELlkE.exe
  C:\Windows\System\NIELlkE.exe
  2⤵
  PID:8184
- C:\Windows\System\fSximaI.exe
  C:\Windows\System\fSximaI.exe
  2⤵
  PID:5520
- C:\Windows\System\TavLDoL.exe
  C:\Windows\System\TavLDoL.exe
  2⤵
  PID:6784
- C:\Windows\System\FIkgscs.exe
  C:\Windows\System\FIkgscs.exe
  2⤵
  PID:7384
- C:\Windows\System\NPcKPHf.exe
  C:\Windows\System\NPcKPHf.exe
  2⤵
  PID:7424
- C:\Windows\System\ZwDAUWS.exe
  C:\Windows\System\ZwDAUWS.exe
  2⤵
  PID:7520
- C:\Windows\System\FTZpnjr.exe
  C:\Windows\System\FTZpnjr.exe
  2⤵
  PID:7524
- C:\Windows\System\oGmfYas.exe
  C:\Windows\System\oGmfYas.exe
  2⤵
  PID:4576
- C:\Windows\System\ByxlzfO.exe
  C:\Windows\System\ByxlzfO.exe
  2⤵
  PID:7804
- C:\Windows\System\StCkhnI.exe
  C:\Windows\System\StCkhnI.exe
  2⤵
  PID:2844
- C:\Windows\System\OEYqEKR.exe
  C:\Windows\System\OEYqEKR.exe
  2⤵
  PID:8236
- C:\Windows\System\SeKSRgi.exe
  C:\Windows\System\SeKSRgi.exe
  2⤵
  PID:8300
- C:\Windows\System\toOTvvq.exe
  C:\Windows\System\toOTvvq.exe
  2⤵
  PID:8340
- C:\Windows\System\dabTEZw.exe
  C:\Windows\System\dabTEZw.exe
  2⤵
  PID:8316
- C:\Windows\System\aDgxRSM.exe
  C:\Windows\System\aDgxRSM.exe
  2⤵
  PID:8372
- C:\Windows\System\myZDUmD.exe
  C:\Windows\System\myZDUmD.exe
  2⤵
  PID:2136
- C:\Windows\System\aeBmYzs.exe
  C:\Windows\System\aeBmYzs.exe
  2⤵
  PID:8416
- C:\Windows\System\UfpxuMw.exe
  C:\Windows\System\UfpxuMw.exe
  2⤵
  PID:8432
- C:\Windows\System\yFCYkMD.exe
  C:\Windows\System\yFCYkMD.exe
  2⤵
  PID:576
- C:\Windows\System\cyHlifn.exe
  C:\Windows\System\cyHlifn.exe
  2⤵
  PID:1640
- C:\Windows\System\JrjRszV.exe
  C:\Windows\System\JrjRszV.exe
  2⤵
  PID:8636
- C:\Windows\System\EFLlNQd.exe
  C:\Windows\System\EFLlNQd.exe
  2⤵
  PID:8688
- C:\Windows\System\UeTNUJf.exe
  C:\Windows\System\UeTNUJf.exe
  2⤵
  PID:8736
- C:\Windows\System\TMlXNeH.exe
  C:\Windows\System\TMlXNeH.exe
  2⤵
  PID:1148
- C:\Windows\System\iGfWPMA.exe
  C:\Windows\System\iGfWPMA.exe
  2⤵
  PID:8756
- C:\Windows\System\IEyXKyk.exe
  C:\Windows\System\IEyXKyk.exe
  2⤵
  PID:8792
- C:\Windows\System\dMYTWZP.exe
  C:\Windows\System\dMYTWZP.exe
  2⤵
  PID:8820
- C:\Windows\System\KXRZVXS.exe
  C:\Windows\System\KXRZVXS.exe
  2⤵
  PID:2956
- C:\Windows\System\vnrlZAC.exe
  C:\Windows\System\vnrlZAC.exe
  2⤵
  PID:980
- C:\Windows\System\oVENOnq.exe
  C:\Windows\System\oVENOnq.exe
  2⤵
  PID:1812
- C:\Windows\System\xnIzLoh.exe
  C:\Windows\System\xnIzLoh.exe
  2⤵
  PID:2076
- C:\Windows\System\CpuFyWr.exe
  C:\Windows\System\CpuFyWr.exe
  2⤵
  PID:1044
- C:\Windows\System\CYfQnrq.exe
  C:\Windows\System\CYfQnrq.exe
  2⤵
  PID:2092
- C:\Windows\System\sWAitSx.exe
  C:\Windows\System\sWAitSx.exe
  2⤵
  PID:2820
- C:\Windows\System\nuGWges.exe
  C:\Windows\System\nuGWges.exe
  2⤵
  PID:8876
- C:\Windows\System\ArXanBs.exe
  C:\Windows\System\ArXanBs.exe
  2⤵
  PID:8928
- C:\Windows\System\kFTwntW.exe
  C:\Windows\System\kFTwntW.exe
  2⤵
  PID:8940
- C:\Windows\System\yiDmuhz.exe
  C:\Windows\System\yiDmuhz.exe
  2⤵
  PID:8904
- C:\Windows\System\EFudheb.exe
  C:\Windows\System\EFudheb.exe
  2⤵
  PID:8988
- C:\Windows\System\jdaKher.exe
  C:\Windows\System\jdaKher.exe
  2⤵
  PID:9044
- C:\Windows\System\JCGIvBk.exe
  C:\Windows\System\JCGIvBk.exe
  2⤵
  PID:9060
- C:\Windows\System\yrJyiAB.exe
  C:\Windows\System\yrJyiAB.exe
  2⤵
  PID:9108
- C:\Windows\System\HdEAIqx.exe
  C:\Windows\System\HdEAIqx.exe
  2⤵
  PID:9144
- C:\Windows\System\djeOhQX.exe
  C:\Windows\System\djeOhQX.exe
  2⤵
  PID:9204
- C:\Windows\System\RyaDSOA.exe
  C:\Windows\System\RyaDSOA.exe
  2⤵
  PID:9188
- C:\Windows\System\BsCtpmQ.exe
  C:\Windows\System\BsCtpmQ.exe
  2⤵
  PID:2696
- C:\Windows\System\HpUIAlb.exe
  C:\Windows\System\HpUIAlb.exe
  2⤵
  PID:6232
- C:\Windows\System\lgSCcAS.exe
  C:\Windows\System\lgSCcAS.exe
  2⤵
  PID:6728
- C:\Windows\System\nHGrJUO.exe
  C:\Windows\System\nHGrJUO.exe
  2⤵
  PID:7900
- C:\Windows\System\liCkmJn.exe
  C:\Windows\System\liCkmJn.exe
  2⤵
  PID:2592
- C:\Windows\System\lwMccLZ.exe
  C:\Windows\System\lwMccLZ.exe
  2⤵
  PID:8240
- C:\Windows\System\tpjxjoL.exe
  C:\Windows\System\tpjxjoL.exe
  2⤵
  PID:8260
- C:\Windows\System\PqySppt.exe
  C:\Windows\System\PqySppt.exe
  2⤵
  PID:2520
- C:\Windows\System\zQBCAYJ.exe
  C:\Windows\System\zQBCAYJ.exe
  2⤵
  PID:8376
- C:\Windows\System\lKyDBHD.exe
  C:\Windows\System\lKyDBHD.exe
  2⤵
  PID:568
- C:\Windows\System\PmGcaiF.exe
  C:\Windows\System\PmGcaiF.exe
  2⤵
  PID:8396
- C:\Windows\System\dkLCrNN.exe
  C:\Windows\System\dkLCrNN.exe
  2⤵
  PID:8472
- C:\Windows\System\SThUbVv.exe
  C:\Windows\System\SThUbVv.exe
  2⤵
  PID:8500
- C:\Windows\System\ttMnOLR.exe
  C:\Windows\System\ttMnOLR.exe
  2⤵
  PID:8564
- C:\Windows\System\YEJNshW.exe
  C:\Windows\System\YEJNshW.exe
  2⤵
  PID:1864
- C:\Windows\System\uJsQZIj.exe
  C:\Windows\System\uJsQZIj.exe
  2⤵
  PID:8616
- C:\Windows\System\uWYFkYE.exe
  C:\Windows\System\uWYFkYE.exe
  2⤵
  PID:8648
- C:\Windows\System\gSvLYVk.exe
  C:\Windows\System\gSvLYVk.exe
  2⤵
  PID:8704
- C:\Windows\System\LSEzzjq.exe
  C:\Windows\System\LSEzzjq.exe
  2⤵
  PID:1260
- C:\Windows\System\xfEkfdu.exe
  C:\Windows\System\xfEkfdu.exe
  2⤵
  PID:2480
- C:\Windows\System\JUxBWhb.exe
  C:\Windows\System\JUxBWhb.exe
  2⤵
  PID:8856
- C:\Windows\System\rjMnjDY.exe
  C:\Windows\System\rjMnjDY.exe
  2⤵
  PID:2764
- C:\Windows\System\KYhbmug.exe
  C:\Windows\System\KYhbmug.exe
  2⤵
  PID:1712
- C:\Windows\System\rnAsFOT.exe
  C:\Windows\System\rnAsFOT.exe
  2⤵
  PID:8996
- C:\Windows\System\yIkKIdf.exe
  C:\Windows\System\yIkKIdf.exe
  2⤵
  PID:9000
- C:\Windows\System\sdNYJBA.exe
  C:\Windows\System\sdNYJBA.exe
  2⤵
  PID:9116
- C:\Windows\System\FFYQqcD.exe
  C:\Windows\System\FFYQqcD.exe
  2⤵
  PID:1508
- C:\Windows\System\VLIEykS.exe
  C:\Windows\System\VLIEykS.exe
  2⤵
  PID:8420
- C:\Windows\System\wodwHvg.exe
  C:\Windows\System\wodwHvg.exe
  2⤵
  PID:8232
- C:\Windows\System\uvlyQyo.exe
  C:\Windows\System\uvlyQyo.exe
  2⤵
  PID:4572
- C:\Windows\System\UpfQOXI.exe
  C:\Windows\System\UpfQOXI.exe
  2⤵
  PID:8436
- C:\Windows\System\EwihBCY.exe
  C:\Windows\System\EwihBCY.exe
  2⤵
  PID:8516
- C:\Windows\System\hQNQKWj.exe
  C:\Windows\System\hQNQKWj.exe
  2⤵
  PID:8684
- C:\Windows\System\kPxhKbo.exe
  C:\Windows\System\kPxhKbo.exe
  2⤵
  PID:8556
- C:\Windows\System\sJGMWGj.exe
  C:\Windows\System\sJGMWGj.exe
  2⤵
  PID:8824
- C:\Windows\System\jcRztgw.exe
  C:\Windows\System\jcRztgw.exe
  2⤵
  PID:4208
- C:\Windows\System\yQgouFz.exe
  C:\Windows\System\yQgouFz.exe
  2⤵
  PID:1528
- C:\Windows\System\nkSwHAZ.exe
  C:\Windows\System\nkSwHAZ.exe
  2⤵
  PID:2704
- C:\Windows\System\hmZZvXU.exe
  C:\Windows\System\hmZZvXU.exe
  2⤵
  PID:2036
- C:\Windows\System\kLIxwfz.exe
  C:\Windows\System\kLIxwfz.exe
  2⤵
  PID:9096
- C:\Windows\System\WQbczXD.exe
  C:\Windows\System\WQbczXD.exe
  2⤵
  PID:8936
- C:\Windows\System\txcrmWt.exe
  C:\Windows\System\txcrmWt.exe
  2⤵
  PID:8892
- C:\Windows\System\IMOEpPS.exe
  C:\Windows\System\IMOEpPS.exe
  2⤵
  PID:8020
- C:\Windows\System\uAbbqJB.exe
  C:\Windows\System\uAbbqJB.exe
  2⤵
  PID:8024
- C:\Windows\System\kpKdeuj.exe
  C:\Windows\System\kpKdeuj.exe
  2⤵
  PID:8196
- C:\Windows\System\FDREfII.exe
  C:\Windows\System\FDREfII.exe
  2⤵
  PID:8620
- C:\Windows\System\Mjkmshy.exe
  C:\Windows\System\Mjkmshy.exe
  2⤵
  PID:1028
- C:\Windows\System\zXllXBA.exe
  C:\Windows\System\zXllXBA.exe
  2⤵
  PID:8332
- C:\Windows\System\rkLVATf.exe
  C:\Windows\System\rkLVATf.exe
  2⤵
  PID:8720
- C:\Windows\System\yaxVgir.exe
  C:\Windows\System\yaxVgir.exe
  2⤵
  PID:8776
- C:\Windows\System\WXKarKZ.exe
  C:\Windows\System\WXKarKZ.exe
  2⤵
  PID:8504
- C:\Windows\System\rOyAUjq.exe
  C:\Windows\System\rOyAUjq.exe
  2⤵
  PID:8852
- C:\Windows\System\lonaYdj.exe
  C:\Windows\System\lonaYdj.exe
  2⤵
  PID:8888
- C:\Windows\System\pBGGZuo.exe
  C:\Windows\System\pBGGZuo.exe
  2⤵
  PID:8596
- C:\Windows\System\uKrTcYt.exe
  C:\Windows\System\uKrTcYt.exe
  2⤵
  PID:2664
- C:\Windows\System\HkooeGB.exe
  C:\Windows\System\HkooeGB.exe
  2⤵
  PID:9184
- C:\Windows\System\TpTdnSt.exe
  C:\Windows\System\TpTdnSt.exe
  2⤵
  PID:1552
- C:\Windows\System\WKOIKzx.exe
  C:\Windows\System\WKOIKzx.exe
  2⤵
  PID:8368
- C:\Windows\System\ftLnQxH.exe
  C:\Windows\System\ftLnQxH.exe
  2⤵
  PID:8352
- C:\Windows\System\pEfEJSW.exe
  C:\Windows\System\pEfEJSW.exe
  2⤵
  PID:1624
- C:\Windows\System\tLxnayf.exe
  C:\Windows\System\tLxnayf.exe
  2⤵
  PID:8952
- C:\Windows\System\yExSzkC.exe
  C:\Windows\System\yExSzkC.exe
  2⤵
  PID:8976
- C:\Windows\System\SBYBvCn.exe
  C:\Windows\System\SBYBvCn.exe
  2⤵
  PID:1292
- C:\Windows\System\TeXUsxO.exe
  C:\Windows\System\TeXUsxO.exe
  2⤵
  PID:9228
- C:\Windows\System\OSHNBfo.exe
  C:\Windows\System\OSHNBfo.exe
  2⤵
  PID:9244
- C:\Windows\System\SsfmkfE.exe
  C:\Windows\System\SsfmkfE.exe
  2⤵
  PID:9264
- C:\Windows\System\UPbIYwu.exe
  C:\Windows\System\UPbIYwu.exe
  2⤵
  PID:9280
- C:\Windows\System\khzfyXs.exe
  C:\Windows\System\khzfyXs.exe
  2⤵
  PID:9296
- C:\Windows\System\kmMeEoJ.exe
  C:\Windows\System\kmMeEoJ.exe
  2⤵
  PID:9312
- C:\Windows\System\yimTblI.exe
  C:\Windows\System\yimTblI.exe
  2⤵
  PID:9328
- C:\Windows\System\mLzUXku.exe
  C:\Windows\System\mLzUXku.exe
  2⤵
  PID:9376
- C:\Windows\System\FWsEIJw.exe
  C:\Windows\System\FWsEIJw.exe
  2⤵
  PID:9404
- C:\Windows\System\chXLmJm.exe
  C:\Windows\System\chXLmJm.exe
  2⤵
  PID:9420
- C:\Windows\System\UqPZGCv.exe
  C:\Windows\System\UqPZGCv.exe
  2⤵
  PID:9436
- C:\Windows\System\stlrOSz.exe
  C:\Windows\System\stlrOSz.exe
  2⤵
  PID:9460
- C:\Windows\System\GavajNx.exe
  C:\Windows\System\GavajNx.exe
  2⤵
  PID:9504
- C:\Windows\System\uvQBVZw.exe
  C:\Windows\System\uvQBVZw.exe
  2⤵
  PID:9532
- C:\Windows\System\tOmrLNo.exe
  C:\Windows\System\tOmrLNo.exe
  2⤵
  PID:9572
- C:\Windows\System\mpJEWtY.exe
  C:\Windows\System\mpJEWtY.exe
  2⤵
  PID:9588
- C:\Windows\System\VwrmrAo.exe
  C:\Windows\System\VwrmrAo.exe
  2⤵
  PID:9604
- C:\Windows\System\DlmdYky.exe
  C:\Windows\System\DlmdYky.exe
  2⤵
  PID:9624
- C:\Windows\System\OvbgLTe.exe
  C:\Windows\System\OvbgLTe.exe
  2⤵
  PID:9644
- C:\Windows\System\gBQQZsd.exe
  C:\Windows\System\gBQQZsd.exe
  2⤵
  PID:9660
- C:\Windows\System\wKdmQbs.exe
  C:\Windows\System\wKdmQbs.exe
  2⤵
  PID:9684
- C:\Windows\System\cXtWNSr.exe
  C:\Windows\System\cXtWNSr.exe
  2⤵
  PID:9708
- C:\Windows\System\vrAEyIF.exe
  C:\Windows\System\vrAEyIF.exe
  2⤵
  PID:9728
- C:\Windows\System\EqckQVC.exe
  C:\Windows\System\EqckQVC.exe
  2⤵
  PID:9752
- C:\Windows\System\nCZxvky.exe
  C:\Windows\System\nCZxvky.exe
  2⤵
  PID:9784
- C:\Windows\System\dJevNVc.exe
  C:\Windows\System\dJevNVc.exe
  2⤵
  PID:9804
- C:\Windows\System\FvqQhkA.exe
  C:\Windows\System\FvqQhkA.exe
  2⤵
  PID:9824
- C:\Windows\System\xLPIFed.exe
  C:\Windows\System\xLPIFed.exe
  2⤵
  PID:9848
- C:\Windows\System\QMgzxqn.exe
  C:\Windows\System\QMgzxqn.exe
  2⤵
  PID:9864
- C:\Windows\System\srgQYYP.exe
  C:\Windows\System\srgQYYP.exe
  2⤵
  PID:9892
- C:\Windows\System\QAniYHY.exe
  C:\Windows\System\QAniYHY.exe
  2⤵
  PID:9908
- C:\Windows\System\PnKJLzC.exe
  C:\Windows\System\PnKJLzC.exe
  2⤵
  PID:9928
- C:\Windows\System\OWVfXsy.exe
  C:\Windows\System\OWVfXsy.exe
  2⤵
  PID:9952
- C:\Windows\System\omDQEIH.exe
  C:\Windows\System\omDQEIH.exe
  2⤵
  PID:9976
- C:\Windows\System\XFrDWBV.exe
  C:\Windows\System\XFrDWBV.exe
  2⤵
  PID:9996
- C:\Windows\System\YYqbEuI.exe
  C:\Windows\System\YYqbEuI.exe
  2⤵
  PID:10012
- C:\Windows\System\iqncqNX.exe
  C:\Windows\System\iqncqNX.exe
  2⤵
  PID:10032
- C:\Windows\System\HBfMcqK.exe
  C:\Windows\System\HBfMcqK.exe
  2⤵
  PID:10048
- C:\Windows\System\VOZIAby.exe
  C:\Windows\System\VOZIAby.exe
  2⤵
  PID:10072
- C:\Windows\System\iPUUoni.exe
  C:\Windows\System\iPUUoni.exe
  2⤵
  PID:10092
- C:\Windows\System\gPqwyMI.exe
  C:\Windows\System\gPqwyMI.exe
  2⤵
  PID:10116
- C:\Windows\System\GPMYBQy.exe
  C:\Windows\System\GPMYBQy.exe
  2⤵
  PID:10136
- C:\Windows\System\GynbKHq.exe
  C:\Windows\System\GynbKHq.exe
  2⤵
  PID:10152
- C:\Windows\System\QhHCZuU.exe
  C:\Windows\System\QhHCZuU.exe
  2⤵
  PID:10176
- C:\Windows\System\XtCTvRK.exe
  C:\Windows\System\XtCTvRK.exe
  2⤵
  PID:10192
- C:\Windows\System\gsjipug.exe
  C:\Windows\System\gsjipug.exe
  2⤵
  PID:10212
- C:\Windows\System\wyhrrdm.exe
  C:\Windows\System\wyhrrdm.exe
  2⤵
  PID:10232
- C:\Windows\System\AtQyeAN.exe
  C:\Windows\System\AtQyeAN.exe
  2⤵
  PID:1456
- C:\Windows\System\xDxqGYo.exe
  C:\Windows\System\xDxqGYo.exe
  2⤵
  PID:9288
- C:\Windows\System\NOhyqUl.exe
  C:\Windows\System\NOhyqUl.exe
  2⤵
  PID:9236
- C:\Windows\System\UvsVJFJ.exe
  C:\Windows\System\UvsVJFJ.exe
  2⤵
  PID:9320
- C:\Windows\System\IWhXXoR.exe
  C:\Windows\System\IWhXXoR.exe
  2⤵
  PID:9348
- C:\Windows\System\IOwDnoe.exe
  C:\Windows\System\IOwDnoe.exe
  2⤵
  PID:8956
- C:\Windows\System\WZTByAM.exe
  C:\Windows\System\WZTByAM.exe
  2⤵
  PID:9384
- C:\Windows\System\XIWTXlK.exe
  C:\Windows\System\XIWTXlK.exe
  2⤵
  PID:9428
- C:\Windows\System\MEAqLXa.exe
  C:\Windows\System\MEAqLXa.exe
  2⤵
  PID:9456
- C:\Windows\System\tvZCGhV.exe
  C:\Windows\System\tvZCGhV.exe
  2⤵
  PID:9480
- C:\Windows\System\SBjNxWG.exe
  C:\Windows\System\SBjNxWG.exe
  2⤵
  PID:9488
- C:\Windows\System\JscOSce.exe
  C:\Windows\System\JscOSce.exe
  2⤵
  PID:9528
- C:\Windows\System\qGMJLLF.exe
  C:\Windows\System\qGMJLLF.exe
  2⤵
  PID:9556
- C:\Windows\System\xfuDyDT.exe
  C:\Windows\System\xfuDyDT.exe
  2⤵
  PID:9580
- C:\Windows\System\xNGPsTy.exe
  C:\Windows\System\xNGPsTy.exe
  2⤵
  PID:9612
- C:\Windows\System\XHZiLbF.exe
  C:\Windows\System\XHZiLbF.exe
  2⤵
  PID:9652
- C:\Windows\System\YoAzoBG.exe
  C:\Windows\System\YoAzoBG.exe
  2⤵
  PID:9676
- C:\Windows\System\MSIlyjD.exe
  C:\Windows\System\MSIlyjD.exe
  2⤵
  PID:9696
- C:\Windows\System\SExmxKF.exe
  C:\Windows\System\SExmxKF.exe
  2⤵
  PID:9740
- C:\Windows\System\piooClc.exe
  C:\Windows\System\piooClc.exe
  2⤵
  PID:9720
- C:\Windows\System\FvDDlFw.exe
  C:\Windows\System\FvDDlFw.exe
  2⤵
  PID:9764
- C:\Windows\System\FEKiPGi.exe
  C:\Windows\System\FEKiPGi.exe
  2⤵
  PID:9800
- C:\Windows\System\bwMORvm.exe
  C:\Windows\System\bwMORvm.exe
  2⤵
  PID:9840
- C:\Windows\System\tIdMjlu.exe
  C:\Windows\System\tIdMjlu.exe
  2⤵
  PID:9876
- C:\Windows\System\nHJDmcc.exe
  C:\Windows\System\nHJDmcc.exe
  2⤵
  PID:9936
- C:\Windows\System\PGirpkd.exe
  C:\Windows\System\PGirpkd.exe
  2⤵
  PID:9960
- C:\Windows\System\IHpGBuc.exe
  C:\Windows\System\IHpGBuc.exe
  2⤵
  PID:9992
- C:\Windows\System\DQuPCVS.exe
  C:\Windows\System\DQuPCVS.exe
  2⤵
  PID:10040
- C:\Windows\System\jIYQDgr.exe
  C:\Windows\System\jIYQDgr.exe
  2⤵
  PID:10056
- C:\Windows\System\rqYmlFG.exe
  C:\Windows\System\rqYmlFG.exe
  2⤵
  PID:10064
- C:\Windows\System\bJgaRKC.exe
  C:\Windows\System\bJgaRKC.exe
  2⤵
  PID:10112
- C:\Windows\System\TvoFQdq.exe
  C:\Windows\System\TvoFQdq.exe
  2⤵
  PID:10128
- C:\Windows\System\jVViwlt.exe
  C:\Windows\System\jVViwlt.exe
  2⤵
  PID:10164
- C:\Windows\System\LyaeuKT.exe
  C:\Windows\System\LyaeuKT.exe
  2⤵
  PID:10228
- C:\Windows\System\eAYXwfd.exe
  C:\Windows\System\eAYXwfd.exe
  2⤵
  PID:9220
- C:\Windows\System\VIgsRyH.exe
  C:\Windows\System\VIgsRyH.exe
  2⤵
  PID:9276
- C:\Windows\System\vHzvRrO.exe
  C:\Windows\System\vHzvRrO.exe
  2⤵
  PID:9344
- C:\Windows\System\brbXvKR.exe
  C:\Windows\System\brbXvKR.exe
  2⤵
  PID:9396
- C:\Windows\System\wZSTyjm.exe
  C:\Windows\System\wZSTyjm.exe
  2⤵
  PID:9520
- C:\Windows\System\NSrSOEH.exe
  C:\Windows\System\NSrSOEH.exe
  2⤵
  PID:9516
- C:\Windows\System\PvoHlsf.exe
  C:\Windows\System\PvoHlsf.exe
  2⤵
  PID:9500
- C:\Windows\System\yRRwNIX.exe
  C:\Windows\System\yRRwNIX.exe
  2⤵
  PID:9548
- C:\Windows\System\YXguTYL.exe
  C:\Windows\System\YXguTYL.exe
  2⤵
  PID:9656
- C:\Windows\System\eLZokYj.exe
  C:\Windows\System\eLZokYj.exe
  2⤵
  PID:9252
- C:\Windows\System\OCSsFTq.exe
  C:\Windows\System\OCSsFTq.exe
  2⤵
  PID:9792
- C:\Windows\System\VuSmXTo.exe
  C:\Windows\System\VuSmXTo.exe
  2⤵
  PID:9872
- C:\Windows\System\UUYMoKt.exe
  C:\Windows\System\UUYMoKt.exe
  2⤵
  PID:9832
- C:\Windows\System\VRhgsNm.exe
  C:\Windows\System\VRhgsNm.exe
  2⤵
  PID:9940
- C:\Windows\System\HEmkjbb.exe
  C:\Windows\System\HEmkjbb.exe
  2⤵
  PID:9904
- C:\Windows\System\CssbpVB.exe
  C:\Windows\System\CssbpVB.exe
  2⤵
  PID:9968
- C:\Windows\System\xEIFXUi.exe
  C:\Windows\System\xEIFXUi.exe
  2⤵
  PID:10024
- C:\Windows\System\PeKEKyp.exe
  C:\Windows\System\PeKEKyp.exe
  2⤵
  PID:10108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AvzFuQe.exe

Filesize
6.0MB

MD5
cf174423da609a22d67d880f588a6af2

SHA1
056065fa6c987bb2b528b658f51cc4eefd0d4e52

SHA256
f3ede09aeb0154416a37170230378b38e9985dec6b00e07619d201b7a07239b4

SHA512
f19a5c56f2290ebaa03e29fb2836e52af7ea58ed1ae97fb3c8b4d7699033130feba8d0ba091f4c91b6fb833395abad75e5d9e113b301a6fff7b829437cc4b0d5

Download Submit
C:\Windows\system\BKaiaEY.exe

Filesize
6.0MB

MD5
36cebac669f9ec88f38a8658ddfb1c9f

SHA1
9cf568b887933e637fc798e8578b8a69caa3b78a

SHA256
c94975380f58fbf4ede7c696b4886bc4d5415210abee04704d7bd860a378d879

SHA512
df6ceb38bc9a83399ac14f51d3e45c9fb4d3e371de8f2eca96c8f88c49ac4894366a0a80037d7661d3f2dfd1ec13911eae027f98a8cac3397bb9c9a0cdb487b0

Download Submit
C:\Windows\system\EyzjKxz.exe

Filesize
6.0MB

MD5
8fb47b7f92428249b51aefe5d793160e

SHA1
5f325a33c2b4cba295b74fbe0e1c0483d7cc2c11

SHA256
62a63b911ff72db9c26a155786eb57eaab35e0bfa6d9b54289d820fc1e3309f0

SHA512
b9ba69f5717c96839ca3a02efb6c67986e63a7b2254a29e94394d832c5268f9f7462a609fb7b2acbf6fe621dcc579267dd6a855b80c93949fe348f68283f7350

Download Submit
C:\Windows\system\GZuznzB.exe

Filesize
6.0MB

MD5
0cdf444c2ca164e4e0a8484c1e780103

SHA1
c49f6d6c6ff984d1751d4fd80ec6f75570a67e7c

SHA256
fa3850ee6e10cdf4123ef58fddae780602bbb1ea21b4069027a07cd65fa9170f

SHA512
ea463d464d20bcb081326f34ba7d197390811e8a95f3dadd3c3f0208cc224e381fbee69cc82068c359904b77165813ef08ad302098ac5957c0180dc1585b0a8b

Download Submit
C:\Windows\system\HkNJCcJ.exe

Filesize
6.0MB

MD5
5332454546d7fdb2af8babbce25368e7

SHA1
6474816800f7dd119d19bfe08a755fa58b1be559

SHA256
b2e22be612ab1d0f13a3c580aef3c7097894b63de91e1d59635ce29d4b9a1dec

SHA512
5d54de40af890d1fa84360c14c994acb8dfd3bb2eb284a1b2280fa46b3e54f8b63e593d52416882e7043482342b186047ddab54c475668405bec150e356903b3

Download Submit
C:\Windows\system\INFrqLw.exe

Filesize
6.0MB

MD5
9e1abdf9da5bf29ce3b924d61806116c

SHA1
db2c1a7fe480e896600f881c2fcd4c8335980175

SHA256
fc0faa95643f42bc48bfb74127811dd01b472cf4363d4c3d93b323eb1dc08806

SHA512
9cfb67e3bc07fcee18190c65dbee40e765199a45e6cc484ad53b8325c91e2ea289142c6aaa53a675c583e835cfb77ae5376a4e4f95ff7f3d4bc3dbf7345558bb

Download Submit
C:\Windows\system\MKDCsXN.exe

Filesize
6.0MB

MD5
20167011e8b44f9598f3322056c8387f

SHA1
4e1acead9043e93307a68daeee1d367768662cf8

SHA256
5c1fcfd3f1e5b3de64895cd847648503187e51b68ac9c884f6412cfdd0611f0a

SHA512
0ce6205e2bcf768dbc9bc2afe4d385073a280d043cd5d19ac6657a5c6cf0213469f2ac92c866b1c3e5e42948fa714ee29c94e84732e8dbeb96240a7336af514c

Download Submit
C:\Windows\system\MMxCtHx.exe

Filesize
6.0MB

MD5
0d8c1da1af8b751f81174f05e62e8d17

SHA1
a83b7b52e98cf46e73507806803179162fafe216

SHA256
cd33a7f1e767b92822e05122d5adb2d8363fa37587ac832f269a6d5c8fc206cb

SHA512
91291c759ebf13d93f570855df6b3a5b3a3d12b61a746933262a3a5bf8e6a53eeb43cc5f66e848f5222edd0ef822a0fe49890817e144c0849176e833e87ea611

Download Submit
C:\Windows\system\QuvqsiN.exe

Filesize
6.0MB

MD5
16533ef12409921b56a06b3ea0213b0e

SHA1
35fcebe6946bdfc44fa0bb89e74e8619da5ba3d2

SHA256
fdb8aa3e1508cb7b56dc40a54add480d66a99aaa3084556d6fbed2abff5f0291

SHA512
9e26df5ef0793fff0f3191e1d30ef643b808a57665a53bec638cb044c84846473cb6ed220429fecfc834e216a954236299514286b8276f4328a196077dadd8e4

Download Submit
C:\Windows\system\SqPDsPo.exe

Filesize
6.0MB

MD5
7e86af024191c19c2ac997e57bb5b5fd

SHA1
735b186ff4c6955254a4dfdb1fc0ba9c1d918f04

SHA256
64b4d291d9c9c447b747db653b055e36ae7e94de564c5fe5e19bf82f648e3890

SHA512
13cebf664549bc89bda28152a41506864a0e081cdeda570dc137d6249665e2897fe8d951b428250f799795f18a0d5e9704d5ae5a05749da023460108723c2c49

Download Submit
C:\Windows\system\ZJDiwlI.exe

Filesize
6.0MB

MD5
23b62137a289b2a7851c5bc82cff00ac

SHA1
eb3e718b3ce53874b4699510ac3ed37a29e1a3e1

SHA256
d0eefebb0dd128665a6de63292a173c9827a6e40e6656c4add7906941c5d2178

SHA512
bab47d53a6e498e2d17d1fd690357f455182ddd4bc9bb747bdbc04b9a59bcb9bdd9c3b457d99ce39b9af8ef152d8762b25e7a2be165208f15337ca1346daecd8

Download Submit
C:\Windows\system\ZldCJPb.exe

Filesize
6.0MB

MD5
eaf1fcba45b9107bc66ba8539ece57d8

SHA1
9f8daeb4b1a071b4ef937e30fbe8359e1c53d64b

SHA256
2a0154e35eac2a54bddea2557e20302aee7a4209683c83a6cb7a8b6b3aa0b104

SHA512
1d39b7fde6b60dc1df266b9f9e8db136d1b8c34227049987ebf3bcd2e08c5bbaab328f6dafc7e0ff5e97c4d7333f1c63c6659ab026c176b3255af595fa8c9811

Download Submit
C:\Windows\system\eFQfDVy.exe

Filesize
6.0MB

MD5
437ad27a9b7a96fdc22d297f4946681a

SHA1
a6c96e86964d80050654dc78e8059e74ba442850

SHA256
9073519bc502daf9f0ef71344cecd6fb70b4058ed41162a1b1a8b267c0888de2

SHA512
847451199265a106d6d8208472ee3fa18f1d1863624aebe912fc997ba7c7bff98e5de13b7456e204f2e86f44cf501ada789417c1ad2c0e5514fcb5724cfc8112

Download Submit
C:\Windows\system\iAlMPOR.exe

Filesize
6.0MB

MD5
8bf55ae48457c322a940d51a8874e5c1

SHA1
f482fd8d50a967afee63e9652dd1f46552eb8eec

SHA256
6e2018d4f35829f56f19c9c4bdf40ea68059ef6e425a0b5d3df0e1fa7dfdc82c

SHA512
d7c688184d48b04ef978fd5ddcb56ef07e852e7952826bed84762aabf375ba8d08223f34af1654f4b063ea013bd889c6961b02f3400953c76c0ecf17e72fc6da

Download Submit
C:\Windows\system\iQVJrUm.exe

Filesize
6.0MB

MD5
6786ad060fbc6b7cdfe829c8b8820658

SHA1
09583773c5efaf7d178ead4fa939a1aa3b6edfb1

SHA256
05ca7abe816037f64e8606ae204427a3716b858ad2e6b0f603baf13f7cb92915

SHA512
668c1dae4a8b860dd02f395dc2eb8da5e58d6d1f44d5d4d30800863fcc1527538b5a2a7640735d3414b8bfda5072417f7174142831fac33e442b08b773aa6f02

Download Submit
C:\Windows\system\izfOnyQ.exe

Filesize
6.0MB

MD5
25e6dca4684af7c461c1d1bceded8ad3

SHA1
58ace3e84a629e405f976f40e3993f92a1f5308e

SHA256
aa684561c2b709307cbfb6f3ddf01d23417bb0af7935f08c5c8d29e82ca889a7

SHA512
a7b94956e879623f6068b02d283cb56a1d18aaaa0899109d42236819daf4770da2c3e9d2b5de2fd87c476c5582c90db701b2ac74d92b16daef21a6f90bccfcdd

Download Submit
C:\Windows\system\jgEOHVm.exe

Filesize
6.0MB

MD5
f6d3aca615381ce78c4652a049a74940

SHA1
baccb8447185b3c2fca03837aa4df4ce4b071e00

SHA256
2c2abc15cb9c780c70642975b37bb2e8a6776d5bffaf60d42e3191d75b8a4671

SHA512
79a39ccf92f2e498b9fa282092034ff2e586451f72d720605c16a5aba30fe2f896a260f351a90994f4a3592c908ec01968a2c92070a141d06b64473da5ea3992

Download Submit
C:\Windows\system\lopdFHX.exe

Filesize
6.0MB

MD5
a52c109d6e633c31273a8df3fd8fd478

SHA1
9ed08617080455a68129da66df3e60e6004294fe

SHA256
9d735887b1a12e212d73d7c21b48e72bd0e5e432adc5160d8ec05dd60db6fe94

SHA512
eb099aaceedcf2f2977cf4bd886efccaab04a87f8bc7d24dd5f032d81206a153e2329b5c4b36f5ecbd54e9d65d95c683cf5bef90d6e495403ce50fac846e7e03

Download Submit
C:\Windows\system\ovyMdhs.exe

Filesize
6.0MB

MD5
6c8b32144398b3950948a5e52f17555c

SHA1
4fd6bf0ebc69172cdff8c4478b6c2a2b74faace1

SHA256
b1e14f3e1b7616de146793a806c027b18f1ad427ceadc20a3c40fd25ba052415

SHA512
910c716affbd32abf98dede239db4bb50645766c66382ec9841f61058fc3396b931f6f51386a06833aff0673bbe734202ddd3880ef67e944910a55e3eafca124

Download Submit
C:\Windows\system\quadrtN.exe

Filesize
6.0MB

MD5
fb66638f462ac8916c392eaf3cf06318

SHA1
ea6559da12d0333b02477baf0004e50072a1a9bc

SHA256
ad8575a8bf2d0a7e00fd569a015f6d4c30bc43ec901e4b665949ee5f776b42af

SHA512
dc82154ad068bb46c385fc8697c8cb49b89ca386ee763a511217b2fca6c4f77d3c6562704d5ede0571aa1c01589bf827ccca4b36736c531d3e70812d7db178a6

Download Submit
C:\Windows\system\snSKDoa.exe

Filesize
6.0MB

MD5
0dff8315f39f0b6cd9ef4ca60980843a

SHA1
0c74b3f277ddac6120e5c794110df9fcd39cad4d

SHA256
1ca0f409ad5eda9ffdecd8a46009d2dc6afbe0ecdb428137b73e1a2f2871d7e4

SHA512
10d8cf83d1d2a6fb79a8a3128d05597a9a82699c39049d97092479a259a4445b27257451d7f8753448dc533cd0f31a85e227e2aaae85c8d041a2c45dec464792

Download Submit
C:\Windows\system\vwdbDrg.exe

Filesize
6.0MB

MD5
b15b89eb869f44ea66c3238809118ffe

SHA1
ca37d2c1d297a0f4ffa87ed0917f7849b0b5c83a

SHA256
a4b9d596401fd4308d375548f0950593abcd8a67cae9f11807419a49d306c5af

SHA512
21bfe85259186586f61614baef2803699e0a813e6903e366c1dfceba53402a75990b574688fcfa05399e003bca090a5c4168d95ee7ce5c053f4fdee50ff7a8f1

Download Submit
C:\Windows\system\wLTHEdA.exe

Filesize
6.0MB

MD5
0e9b033fac5664b74d071ead02e4e210

SHA1
99df493cbe033eb2b181885c2e6b3dee924e675e

SHA256
6d54a7b31abbb6b5b7061a0c30a07a709be6bb752688cf81ec7fcc43914db103

SHA512
d3fbd837a57b16364a61ca1b8c54ecc3b7fa5329f1754d4b94df83a28dfeb78ad4245ab28cf1bcca991dc175f81429c5d5071020976dfd884c52de47d96bba20

Download Submit
C:\Windows\system\xZcgRJB.exe

Filesize
6.0MB

MD5
3436be1863fe4472be9a76999b0f32e4

SHA1
155a7fae89c0d21af364057680dbbe9cf6d370b7

SHA256
3bb6a146f53c522b90093ca8d08459ee6f68ce2d89109d806e9e7d3911fce9f6

SHA512
6775da770bd374b587081066b729c5ad4a4484d3751c9b8db9c1483151057401887285809eb98d9c9904ed3d686f777a2f6f70e3792fc4f475ce23c9a274d48b

Download Submit
\Windows\system\PSxDjAc.exe

Filesize
6.0MB

MD5
3aff2d1fc3a3af6d589a2781867a9bf0

SHA1
8d0108155df17105d883cbd0626e2654071c804d

SHA256
fec4381e139b97a96d7d73a4d9e9d633f2316bedb24ea21969d86b7510683da9

SHA512
634213773ac9c3fc79d705090d8a1834d7ac3b996752a08481e0ea6c1dfcb49d7b0c63af8e5477bf4601a249d1a08bc45370bd0a8eb3bc53641534b528585fe6

Download Submit
\Windows\system\UJUhXYB.exe

Filesize
6.0MB

MD5
9f5413ff83d3471f6bacc6539115b451

SHA1
bf0f3b06d4326b58e8b45749851549a1bdd73cad

SHA256
d5230e2687e4021ad98d321a755d61211026aa9040a1359d66c8c74c47e5d0dd

SHA512
a2ac39258d6ea31647a5877a6943b5f73614b7e554bc2ad10c30c1920dc1a4c06507bde96d83b1b7d053355e98cf98f68b0137959406755fa488fa6f4ffbed43

Download Submit
\Windows\system\aRmcCaM.exe

Filesize
6.0MB

MD5
b8b1f8568cf291400e7dcc05d7f87910

SHA1
4dd1eebdf9d830d9b01b283371d56731a2804618

SHA256
ecd2967eae55212517d1ff029272f875ef0f5a901ddcba56a41993d408b87efd

SHA512
b50335af9e337b13e97965f8a57175466951f8c59988deca0e20f6f8225de9ac5600dc2cdf8bc146ba43b80e531c4994fa526ba0e483eeb8236a69813ba26cd7

Download Submit
\Windows\system\agWmdlh.exe

Filesize
6.0MB

MD5
7533276db6aedf0db8150710a6575ef2

SHA1
4897f76877839796c8ccb29cc10cc60316a8a33c

SHA256
dbbbd4651169ae56aa8f4c017f9f12c171125375485ffe3e87355a8b940883eb

SHA512
1de2972374fda494d7cb81bbb167beac377705588e32e74a6c76be46e89977731198fc23d5c8cd51888dfe152415024c0833d5829471e6d3473572fe3fe4d5db

Download Submit
\Windows\system\pxSSFNW.exe

Filesize
6.0MB

MD5
ed780269239c8610921b4c12e1be2acc

SHA1
104c4e828b31d81b578a35dff9f2a6bfb5c74f59

SHA256
9cfac59fd88444a48fde333e8bfc17df9cdd5d139336940616f49a95eb97012d

SHA512
b7faa4a08d658d5981b98be7210e1c21dfd4a8bd52a33cc64c054b3412cc5a17a5a61f695a668da6735a1c6a4f315c4da7dc1eebbe3907df12b96f51fff48727

Download Submit
\Windows\system\qYlZqMY.exe

Filesize
6.0MB

MD5
72f705598f647bf8cecbcf8660c55b19

SHA1
dbab5590063e93aaf296af06aa22b85f16ecb248

SHA256
a8ba08f73887ccea0b1ece61c023c0de69b8f87a08b44f12752fdcdf963a404c

SHA512
c3bc0880a360d8485b999ece706440e5f64d79b4b1fc30987f243af020448f3b133de2a4901610988657409c89388bdb0fa4b8b4cfa8d448cdcebb01179a3aec

Download Submit
\Windows\system\ugUCrRZ.exe

Filesize
6.0MB

MD5
d500060d49fdf94114e23fa88eabb94e

SHA1
f834797ba86ea73cb829ef03d59ebde24aa87158

SHA256
2f66aa95212c91d54bd9863daa6d56bc56eab64806ff6d37fc8e912c129f87bf

SHA512
bd52a713cdb1b96b5227cc9f6406e74fc83485fbbc8d3e9163d085aa6ed78ca94244c4162a7239b79924a01b370a06e2683186b32865306ab63f1d739e045bdb

Download Submit
\Windows\system\zWDDdvg.exe

Filesize
6.0MB

MD5
a5f41b03f59106d0edb6909ce904aeec

SHA1
2c2e81a00ea78a593841c31097e1711c22d555ca

SHA256
9db8f87b139cf6ade47acead1bc979fbd896f7fffdbdd372dcd16186b62882d7

SHA512
12c84cb447138bddc1b56a8a76f95b5933f72163e002b6c7f4b92164a21744e0269611e6b0bfb8586c778584833664782e91a97e69477b040c96211892fe163b

Download Submit
memory/1716-4009-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-815-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-18-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-28-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1732-4002-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1828-4000-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1828-70-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1848-51-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-80-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1848-691-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-692-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1848-40-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-578-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-105-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1848-30-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1160-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-44-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-20-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1848-119-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-47-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-129-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-77-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1848-121-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1848-958-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-87-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1848-108-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-64-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1848-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1848-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-73-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1848-816-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3999-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-32-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-960-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3995-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2432-95-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3997-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-91-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2684-101-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4010-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2812-60-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4001-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3996-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2832-68-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2836-133-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3994-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2984-959-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3998-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2984-67-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download