cobaltstrike | 0d1227e1d1c9799197c246dd19ac28bd5225c868bfc5760eec0d967aaf13516e

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dfb54db076ab79529de3e3f201b916dc
SHA1

3adda9c022ac9ff65d722aee54ae114ee2a55187
SHA256

0d1227e1d1c9799197c246dd19ac28bd5225c868bfc5760eec0d967aaf13516e
SHA512

e3790097d0f3dad03f62c3305e1153356bf98f5a1a42ba9ade26d34dc634c748e2c52992f94d4d5066fa4ede191464376595c9a540a14c4d09ad40a78c829db9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0063000000011c27-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d15-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d30-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d54-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-98.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000016cf6-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-68.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc1-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016da6-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-115.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2652-0-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0063000000011c27-6.dat	xmrig
behavioral1/memory/2752-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2660-15-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d15-7.dat	xmrig
behavioral1/files/0x0008000000016d1f-19.dat	xmrig
behavioral1/memory/2672-21-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d30-25.dat	xmrig
behavioral1/files/0x0007000000016d40-32.dat	xmrig
behavioral1/memory/2896-28-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d54-36.dat	xmrig
behavioral1/memory/2624-40-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-51.dat	xmrig
behavioral1/memory/2632-50-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2032-58-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1620-62-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2652-71-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d9-97.dat	xmrig
behavioral1/memory/1220-105-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-107.dat	xmrig
behavioral1/memory/552-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960a-88.dat	xmrig
behavioral1/files/0x0005000000019537-81.dat	xmrig
behavioral1/memory/2064-102-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2660-99-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-98.dat	xmrig
behavioral1/files/0x0032000000016cf6-78.dat	xmrig
behavioral1/files/0x00050000000194f3-77.dat	xmrig
behavioral1/memory/2336-74-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194bd-68.dat	xmrig
behavioral1/memory/2652-64-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc1-54.dat	xmrig
behavioral1/memory/2748-45-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0007000000016da6-44.dat	xmrig
behavioral1/files/0x0005000000019614-128.dat	xmrig
behavioral1/files/0x0005000000019618-135.dat	xmrig
behavioral1/files/0x00050000000196ac-147.dat	xmrig
behavioral1/files/0x000500000001997c-155.dat	xmrig
behavioral1/files/0x0005000000019c38-164.dat	xmrig
behavioral1/memory/2632-278-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2624-277-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-171.dat	xmrig
behavioral1/files/0x0005000000019c3a-167.dat	xmrig
behavioral1/files/0x0005000000019c36-159.dat	xmrig
behavioral1/files/0x00050000000196e8-151.dat	xmrig
behavioral1/files/0x000500000001966c-143.dat	xmrig
behavioral1/files/0x000500000001962a-139.dat	xmrig
behavioral1/files/0x0005000000019616-131.dat	xmrig
behavioral1/files/0x0005000000019612-123.dat	xmrig
behavioral1/files/0x0005000000019610-120.dat	xmrig
behavioral1/files/0x000500000001960e-115.dat	xmrig
behavioral1/memory/2752-4017-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2672-4018-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2896-4019-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2748-4020-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2624-4021-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2632-4022-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1620-4024-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2032-4023-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2336-4025-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/552-4026-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2064-4027-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1220-4028-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2752	vcOQnOk.exe
2660	TPrgKUf.exe
2672	BuGUezp.exe
2896	qToFQik.exe
2748	BcODObE.exe
2624	wQYIfuE.exe
2632	NVMbOYh.exe
2032	MGzEjmF.exe
1620	SZNBohK.exe
2336	uqpDaph.exe
552	SBrhfDl.exe
2064	iewPmqh.exe
1220	IXjFoTW.exe
1780	DLcdfff.exe
1692	UpsJJYF.exe
2000	jpDmdiq.exe
1608	cINjjpQ.exe
744	UovDMCs.exe
2700	gUwTsOg.exe
324	FxGEfpJ.exe
1992	ISumfkU.exe
480	gCxehPi.exe
1824	SmGVeRX.exe
2092	vBceGvE.exe
2208	qsRiuyJ.exe
2204	YPnxTME.exe
3028	PxqtPLi.exe
2968	xpwKUuu.exe
2212	CttMDfa.exe
1820	oQYHeEG.exe
2856	UryMAmh.exe
1984	JdpfArk.exe
608	JzMtwHQ.exe
1316	AiAcaMn.exe
1592	IjVrUjX.exe
292	qzYsnQp.exe
284	theWjFm.exe
692	XnKRpRH.exe
1640	UCAFRuk.exe
1768	qQzDdQa.exe
2912	CwgvgdQ.exe
3036	GacgczA.exe
1380	LVbAdru.exe
1740	PokrcDq.exe
2492	ssPdnZO.exe
864	inNFMWG.exe
1268	fIXOljh.exe
1744	MQkkfQs.exe
3048	cNDYXJC.exe
2260	qvezLkF.exe
2016	tbFwyIv.exe
1160	pPtCEJI.exe
3052	VaevuhB.exe
1932	PJNdYIl.exe
2932	CoemaDp.exe
2428	cWMvyzD.exe
1324	dIgLGjL.exe
1476	YdCzqEt.exe
1968	cdAPuqm.exe
1760	QCCShQu.exe
988	sRMeKUV.exe
2200	SnRjAKl.exe
2460	qyOcyVW.exe
2452	ihzPVeF.exe

Loads dropped DLL 64 IoCs

pid	Process
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2652-0-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0063000000011c27-6.dat	upx
behavioral1/memory/2752-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2660-15-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d15-7.dat	upx
behavioral1/files/0x0008000000016d1f-19.dat	upx
behavioral1/memory/2672-21-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0008000000016d30-25.dat	upx
behavioral1/files/0x0007000000016d40-32.dat	upx
behavioral1/memory/2896-28-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0007000000016d54-36.dat	upx
behavioral1/memory/2624-40-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019441-51.dat	upx
behavioral1/memory/2632-50-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2032-58-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1620-62-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2652-71-0x00000000023A0000-0x00000000026F4000-memory.dmp	upx
behavioral1/files/0x00050000000195d9-97.dat	upx
behavioral1/memory/1220-105-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000500000001960d-107.dat	upx
behavioral1/memory/552-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x000500000001960a-88.dat	upx
behavioral1/files/0x0005000000019537-81.dat	upx
behavioral1/memory/2064-102-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2660-99-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-98.dat	upx
behavioral1/files/0x0032000000016cf6-78.dat	upx
behavioral1/files/0x00050000000194f3-77.dat	upx
behavioral1/memory/2336-74-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x00050000000194bd-68.dat	upx
behavioral1/memory/2652-64-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0009000000016dc1-54.dat	upx
behavioral1/memory/2748-45-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0007000000016da6-44.dat	upx
behavioral1/files/0x0005000000019614-128.dat	upx
behavioral1/files/0x0005000000019618-135.dat	upx
behavioral1/files/0x00050000000196ac-147.dat	upx
behavioral1/files/0x000500000001997c-155.dat	upx
behavioral1/files/0x0005000000019c38-164.dat	upx
behavioral1/memory/2632-278-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2624-277-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-171.dat	upx
behavioral1/files/0x0005000000019c3a-167.dat	upx
behavioral1/files/0x0005000000019c36-159.dat	upx
behavioral1/files/0x00050000000196e8-151.dat	upx
behavioral1/files/0x000500000001966c-143.dat	upx
behavioral1/files/0x000500000001962a-139.dat	upx
behavioral1/files/0x0005000000019616-131.dat	upx
behavioral1/files/0x0005000000019612-123.dat	upx
behavioral1/files/0x0005000000019610-120.dat	upx
behavioral1/files/0x000500000001960e-115.dat	upx
behavioral1/memory/2752-4017-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2672-4018-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2896-4019-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2748-4020-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2624-4021-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2632-4022-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1620-4024-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2032-4023-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2336-4025-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/552-4026-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2064-4027-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1220-4028-0x000000013FF40000-0x0000000140294000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jWIifHY.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVeRvdB.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yalEsbM.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXTwiTu.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBgwUFT.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKcJLgO.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTmEkLC.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOcMvPx.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PggDXff.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYkvyqy.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzKRBNw.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnnOMFd.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiJiWNG.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PokrcDq.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMwiIRp.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXPEtSG.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCmoUNk.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvgOblF.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpwgGvz.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDUBkBV.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atQFNqG.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAHqAsC.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMQvjhn.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjtMzOT.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqyiZuh.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSEfZlu.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJlBrqD.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzcraPz.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLOothR.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmBGhhj.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxSRneL.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWNclbI.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajfxZkF.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePIbewD.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccIsDDN.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viNFXVX.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBdHWNn.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzyYSEb.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APYkNtN.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMCdKxY.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGWaVYA.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVQjEFD.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUOkCpz.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUEMMKZ.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIejFAJ.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHVwbpX.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvApniH.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seZKLns.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWsdBFz.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEYzSDs.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdkgjZW.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgdvbrq.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGqQTvB.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsRiuyJ.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeatTES.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdtoBLT.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNSqZzL.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maJKGpc.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZzVayq.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrjpCBh.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsqRVMy.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQzDdQa.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbKAvmY.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXQWmsj.exe	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2752	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2652 wrote to memory of 2752	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2652 wrote to memory of 2752	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2652 wrote to memory of 2660	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2652 wrote to memory of 2660	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2652 wrote to memory of 2660	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2652 wrote to memory of 2672	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2652 wrote to memory of 2672	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2652 wrote to memory of 2672	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2652 wrote to memory of 2896	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2652 wrote to memory of 2896	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2652 wrote to memory of 2896	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2652 wrote to memory of 2748	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2652 wrote to memory of 2748	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2652 wrote to memory of 2748	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2652 wrote to memory of 2624	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2652 wrote to memory of 2624	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2652 wrote to memory of 2624	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2652 wrote to memory of 2632	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2652 wrote to memory of 2632	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2652 wrote to memory of 2632	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2652 wrote to memory of 2032	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2652 wrote to memory of 2032	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2652 wrote to memory of 2032	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2652 wrote to memory of 1620	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2652 wrote to memory of 1620	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2652 wrote to memory of 1620	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2652 wrote to memory of 2336	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2652 wrote to memory of 2336	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2652 wrote to memory of 2336	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2652 wrote to memory of 2064	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2652 wrote to memory of 2064	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2652 wrote to memory of 2064	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2652 wrote to memory of 552	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2652 wrote to memory of 552	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2652 wrote to memory of 552	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2652 wrote to memory of 1608	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2652 wrote to memory of 1608	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2652 wrote to memory of 1608	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2652 wrote to memory of 1220	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2652 wrote to memory of 1220	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2652 wrote to memory of 1220	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2652 wrote to memory of 1692	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2652 wrote to memory of 1692	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2652 wrote to memory of 1692	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2652 wrote to memory of 1780	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2652 wrote to memory of 1780	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2652 wrote to memory of 1780	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2652 wrote to memory of 2000	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2652 wrote to memory of 2000	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2652 wrote to memory of 2000	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2652 wrote to memory of 744	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2652 wrote to memory of 744	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2652 wrote to memory of 744	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2652 wrote to memory of 2700	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2652 wrote to memory of 2700	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2652 wrote to memory of 2700	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2652 wrote to memory of 324	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2652 wrote to memory of 324	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2652 wrote to memory of 324	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2652 wrote to memory of 1992	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2652 wrote to memory of 1992	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2652 wrote to memory of 1992	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2652 wrote to memory of 480	2652	2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_dfb54db076ab79529de3e3f201b916dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\System\vcOQnOk.exe
  C:\Windows\System\vcOQnOk.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\TPrgKUf.exe
  C:\Windows\System\TPrgKUf.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\BuGUezp.exe
  C:\Windows\System\BuGUezp.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\qToFQik.exe
  C:\Windows\System\qToFQik.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\BcODObE.exe
  C:\Windows\System\BcODObE.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wQYIfuE.exe
  C:\Windows\System\wQYIfuE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\NVMbOYh.exe
  C:\Windows\System\NVMbOYh.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\MGzEjmF.exe
  C:\Windows\System\MGzEjmF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\SZNBohK.exe
  C:\Windows\System\SZNBohK.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\uqpDaph.exe
  C:\Windows\System\uqpDaph.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\iewPmqh.exe
  C:\Windows\System\iewPmqh.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\SBrhfDl.exe
  C:\Windows\System\SBrhfDl.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\cINjjpQ.exe
  C:\Windows\System\cINjjpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\IXjFoTW.exe
  C:\Windows\System\IXjFoTW.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\UpsJJYF.exe
  C:\Windows\System\UpsJJYF.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\DLcdfff.exe
  C:\Windows\System\DLcdfff.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\jpDmdiq.exe
  C:\Windows\System\jpDmdiq.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\UovDMCs.exe
  C:\Windows\System\UovDMCs.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\gUwTsOg.exe
  C:\Windows\System\gUwTsOg.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\FxGEfpJ.exe
  C:\Windows\System\FxGEfpJ.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ISumfkU.exe
  C:\Windows\System\ISumfkU.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\gCxehPi.exe
  C:\Windows\System\gCxehPi.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\SmGVeRX.exe
  C:\Windows\System\SmGVeRX.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\vBceGvE.exe
  C:\Windows\System\vBceGvE.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\qsRiuyJ.exe
  C:\Windows\System\qsRiuyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YPnxTME.exe
  C:\Windows\System\YPnxTME.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\PxqtPLi.exe
  C:\Windows\System\PxqtPLi.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\xpwKUuu.exe
  C:\Windows\System\xpwKUuu.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\CttMDfa.exe
  C:\Windows\System\CttMDfa.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\oQYHeEG.exe
  C:\Windows\System\oQYHeEG.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\UryMAmh.exe
  C:\Windows\System\UryMAmh.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\JdpfArk.exe
  C:\Windows\System\JdpfArk.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JzMtwHQ.exe
  C:\Windows\System\JzMtwHQ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\AiAcaMn.exe
  C:\Windows\System\AiAcaMn.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\IjVrUjX.exe
  C:\Windows\System\IjVrUjX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qzYsnQp.exe
  C:\Windows\System\qzYsnQp.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\theWjFm.exe
  C:\Windows\System\theWjFm.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\XnKRpRH.exe
  C:\Windows\System\XnKRpRH.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\UCAFRuk.exe
  C:\Windows\System\UCAFRuk.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\qQzDdQa.exe
  C:\Windows\System\qQzDdQa.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\CwgvgdQ.exe
  C:\Windows\System\CwgvgdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\GacgczA.exe
  C:\Windows\System\GacgczA.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\LVbAdru.exe
  C:\Windows\System\LVbAdru.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\PokrcDq.exe
  C:\Windows\System\PokrcDq.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ssPdnZO.exe
  C:\Windows\System\ssPdnZO.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\inNFMWG.exe
  C:\Windows\System\inNFMWG.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\fIXOljh.exe
  C:\Windows\System\fIXOljh.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\MQkkfQs.exe
  C:\Windows\System\MQkkfQs.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\cNDYXJC.exe
  C:\Windows\System\cNDYXJC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\qvezLkF.exe
  C:\Windows\System\qvezLkF.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\tbFwyIv.exe
  C:\Windows\System\tbFwyIv.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\pPtCEJI.exe
  C:\Windows\System\pPtCEJI.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\VaevuhB.exe
  C:\Windows\System\VaevuhB.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\PJNdYIl.exe
  C:\Windows\System\PJNdYIl.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\cWMvyzD.exe
  C:\Windows\System\cWMvyzD.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\CoemaDp.exe
  C:\Windows\System\CoemaDp.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\dIgLGjL.exe
  C:\Windows\System\dIgLGjL.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\YdCzqEt.exe
  C:\Windows\System\YdCzqEt.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\cdAPuqm.exe
  C:\Windows\System\cdAPuqm.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\QCCShQu.exe
  C:\Windows\System\QCCShQu.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\sRMeKUV.exe
  C:\Windows\System\sRMeKUV.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\SnRjAKl.exe
  C:\Windows\System\SnRjAKl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\qyOcyVW.exe
  C:\Windows\System\qyOcyVW.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ihzPVeF.exe
  C:\Windows\System\ihzPVeF.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\cBHbRwq.exe
  C:\Windows\System\cBHbRwq.exe
  2⤵
  PID:2716
- C:\Windows\System\HvoiTsl.exe
  C:\Windows\System\HvoiTsl.exe
  2⤵
  PID:1708
- C:\Windows\System\bTgBMSz.exe
  C:\Windows\System\bTgBMSz.exe
  2⤵
  PID:2664
- C:\Windows\System\CCsbpZd.exe
  C:\Windows\System\CCsbpZd.exe
  2⤵
  PID:2628
- C:\Windows\System\bRlmoCw.exe
  C:\Windows\System\bRlmoCw.exe
  2⤵
  PID:2540
- C:\Windows\System\bcpXSYl.exe
  C:\Windows\System\bcpXSYl.exe
  2⤵
  PID:2564
- C:\Windows\System\xYkvyqy.exe
  C:\Windows\System\xYkvyqy.exe
  2⤵
  PID:2560
- C:\Windows\System\YHlSiLX.exe
  C:\Windows\System\YHlSiLX.exe
  2⤵
  PID:2588
- C:\Windows\System\pzhYZMO.exe
  C:\Windows\System\pzhYZMO.exe
  2⤵
  PID:2776
- C:\Windows\System\CDIQhep.exe
  C:\Windows\System\CDIQhep.exe
  2⤵
  PID:2084
- C:\Windows\System\jJDHxAM.exe
  C:\Windows\System\jJDHxAM.exe
  2⤵
  PID:372
- C:\Windows\System\MtRRztc.exe
  C:\Windows\System\MtRRztc.exe
  2⤵
  PID:1756
- C:\Windows\System\sWsdBFz.exe
  C:\Windows\System\sWsdBFz.exe
  2⤵
  PID:1248
- C:\Windows\System\JWRrpFT.exe
  C:\Windows\System\JWRrpFT.exe
  2⤵
  PID:2324
- C:\Windows\System\obdTPWO.exe
  C:\Windows\System\obdTPWO.exe
  2⤵
  PID:1656
- C:\Windows\System\dpaRcZo.exe
  C:\Windows\System\dpaRcZo.exe
  2⤵
  PID:2836
- C:\Windows\System\JJyrecQ.exe
  C:\Windows\System\JJyrecQ.exe
  2⤵
  PID:2804
- C:\Windows\System\ZkxIpPp.exe
  C:\Windows\System\ZkxIpPp.exe
  2⤵
  PID:2764
- C:\Windows\System\EPwZHrr.exe
  C:\Windows\System\EPwZHrr.exe
  2⤵
  PID:2380
- C:\Windows\System\kFOzCqA.exe
  C:\Windows\System\kFOzCqA.exe
  2⤵
  PID:2308
- C:\Windows\System\tSDUjjR.exe
  C:\Windows\System\tSDUjjR.exe
  2⤵
  PID:2216
- C:\Windows\System\xNQQACH.exe
  C:\Windows\System\xNQQACH.exe
  2⤵
  PID:2172
- C:\Windows\System\UNccTxZ.exe
  C:\Windows\System\UNccTxZ.exe
  2⤵
  PID:2852
- C:\Windows\System\vGnLjpJ.exe
  C:\Windows\System\vGnLjpJ.exe
  2⤵
  PID:2924
- C:\Windows\System\jyYMVer.exe
  C:\Windows\System\jyYMVer.exe
  2⤵
  PID:824
- C:\Windows\System\xaPddvD.exe
  C:\Windows\System\xaPddvD.exe
  2⤵
  PID:2404
- C:\Windows\System\BwzRFqB.exe
  C:\Windows\System\BwzRFqB.exe
  2⤵
  PID:660
- C:\Windows\System\VyJBhtq.exe
  C:\Windows\System\VyJBhtq.exe
  2⤵
  PID:1472
- C:\Windows\System\GfAlAcj.exe
  C:\Windows\System\GfAlAcj.exe
  2⤵
  PID:2320
- C:\Windows\System\MQJZhTJ.exe
  C:\Windows\System\MQJZhTJ.exe
  2⤵
  PID:2864
- C:\Windows\System\iAINmrS.exe
  C:\Windows\System\iAINmrS.exe
  2⤵
  PID:2900
- C:\Windows\System\hGSUrsX.exe
  C:\Windows\System\hGSUrsX.exe
  2⤵
  PID:1228
- C:\Windows\System\ThbGUPo.exe
  C:\Windows\System\ThbGUPo.exe
  2⤵
  PID:2444
- C:\Windows\System\SkceHXZ.exe
  C:\Windows\System\SkceHXZ.exe
  2⤵
  PID:2464
- C:\Windows\System\IJacylJ.exe
  C:\Windows\System\IJacylJ.exe
  2⤵
  PID:2424
- C:\Windows\System\bHdtmJx.exe
  C:\Windows\System\bHdtmJx.exe
  2⤵
  PID:2956
- C:\Windows\System\vKRgGdn.exe
  C:\Windows\System\vKRgGdn.exe
  2⤵
  PID:1704
- C:\Windows\System\PLsbdly.exe
  C:\Windows\System\PLsbdly.exe
  2⤵
  PID:1964
- C:\Windows\System\Skvilht.exe
  C:\Windows\System\Skvilht.exe
  2⤵
  PID:1816
- C:\Windows\System\okshyEk.exe
  C:\Windows\System\okshyEk.exe
  2⤵
  PID:2284
- C:\Windows\System\YEYzSDs.exe
  C:\Windows\System\YEYzSDs.exe
  2⤵
  PID:3004
- C:\Windows\System\iMwiIRp.exe
  C:\Windows\System\iMwiIRp.exe
  2⤵
  PID:1544
- C:\Windows\System\cErvlWn.exe
  C:\Windows\System\cErvlWn.exe
  2⤵
  PID:2708
- C:\Windows\System\YsVEspp.exe
  C:\Windows\System\YsVEspp.exe
  2⤵
  PID:2824
- C:\Windows\System\iIcjUkJ.exe
  C:\Windows\System\iIcjUkJ.exe
  2⤵
  PID:2884
- C:\Windows\System\OFPYmsd.exe
  C:\Windows\System\OFPYmsd.exe
  2⤵
  PID:2996
- C:\Windows\System\ISRsFaE.exe
  C:\Windows\System\ISRsFaE.exe
  2⤵
  PID:2096
- C:\Windows\System\RxjdlHj.exe
  C:\Windows\System\RxjdlHj.exe
  2⤵
  PID:1596
- C:\Windows\System\jmINuVT.exe
  C:\Windows\System\jmINuVT.exe
  2⤵
  PID:1480
- C:\Windows\System\sWqMCTi.exe
  C:\Windows\System\sWqMCTi.exe
  2⤵
  PID:1028
- C:\Windows\System\nYUOgEW.exe
  C:\Windows\System\nYUOgEW.exe
  2⤵
  PID:772
- C:\Windows\System\JwKwRkC.exe
  C:\Windows\System\JwKwRkC.exe
  2⤵
  PID:3056
- C:\Windows\System\CpNnHVc.exe
  C:\Windows\System\CpNnHVc.exe
  2⤵
  PID:2232
- C:\Windows\System\BJNqNwh.exe
  C:\Windows\System\BJNqNwh.exe
  2⤵
  PID:2980
- C:\Windows\System\GMiwDWi.exe
  C:\Windows\System\GMiwDWi.exe
  2⤵
  PID:588
- C:\Windows\System\Ibvburf.exe
  C:\Windows\System\Ibvburf.exe
  2⤵
  PID:888
- C:\Windows\System\dxvOFPh.exe
  C:\Windows\System\dxvOFPh.exe
  2⤵
  PID:920
- C:\Windows\System\ZIrNNwG.exe
  C:\Windows\System\ZIrNNwG.exe
  2⤵
  PID:1700
- C:\Windows\System\ngCueyK.exe
  C:\Windows\System\ngCueyK.exe
  2⤵
  PID:1424
- C:\Windows\System\QyuTOKf.exe
  C:\Windows\System\QyuTOKf.exe
  2⤵
  PID:2264
- C:\Windows\System\KRKYtkS.exe
  C:\Windows\System\KRKYtkS.exe
  2⤵
  PID:2472
- C:\Windows\System\laCCHJU.exe
  C:\Windows\System\laCCHJU.exe
  2⤵
  PID:2140
- C:\Windows\System\RsCEJgd.exe
  C:\Windows\System\RsCEJgd.exe
  2⤵
  PID:1948
- C:\Windows\System\GVJrRFO.exe
  C:\Windows\System\GVJrRFO.exe
  2⤵
  PID:868
- C:\Windows\System\ysUwaWh.exe
  C:\Windows\System\ysUwaWh.exe
  2⤵
  PID:2408
- C:\Windows\System\QwTNHeT.exe
  C:\Windows\System\QwTNHeT.exe
  2⤵
  PID:1624
- C:\Windows\System\NDjytnJ.exe
  C:\Windows\System\NDjytnJ.exe
  2⤵
  PID:2676
- C:\Windows\System\QuDcGsU.exe
  C:\Windows\System\QuDcGsU.exe
  2⤵
  PID:1612
- C:\Windows\System\ppECRSS.exe
  C:\Windows\System\ppECRSS.exe
  2⤵
  PID:2416
- C:\Windows\System\oZdxcev.exe
  C:\Windows\System\oZdxcev.exe
  2⤵
  PID:1500
- C:\Windows\System\HxqWyNj.exe
  C:\Windows\System\HxqWyNj.exe
  2⤵
  PID:1236
- C:\Windows\System\sxNcDWp.exe
  C:\Windows\System\sxNcDWp.exe
  2⤵
  PID:2872
- C:\Windows\System\mmktafj.exe
  C:\Windows\System\mmktafj.exe
  2⤵
  PID:948
- C:\Windows\System\OYwsaJI.exe
  C:\Windows\System\OYwsaJI.exe
  2⤵
  PID:2004
- C:\Windows\System\gYEYaDa.exe
  C:\Windows\System\gYEYaDa.exe
  2⤵
  PID:1812
- C:\Windows\System\wbKAvmY.exe
  C:\Windows\System\wbKAvmY.exe
  2⤵
  PID:1980
- C:\Windows\System\cAUcNHt.exe
  C:\Windows\System\cAUcNHt.exe
  2⤵
  PID:1976
- C:\Windows\System\gXTEynu.exe
  C:\Windows\System\gXTEynu.exe
  2⤵
  PID:2740
- C:\Windows\System\niUAEvX.exe
  C:\Windows\System\niUAEvX.exe
  2⤵
  PID:2988
- C:\Windows\System\aWZhoht.exe
  C:\Windows\System\aWZhoht.exe
  2⤵
  PID:2372
- C:\Windows\System\pnEyoWP.exe
  C:\Windows\System\pnEyoWP.exe
  2⤵
  PID:2928
- C:\Windows\System\JtodXBi.exe
  C:\Windows\System\JtodXBi.exe
  2⤵
  PID:2504
- C:\Windows\System\AZNTULt.exe
  C:\Windows\System\AZNTULt.exe
  2⤵
  PID:876
- C:\Windows\System\RfcspLl.exe
  C:\Windows\System\RfcspLl.exe
  2⤵
  PID:2556
- C:\Windows\System\adWatPt.exe
  C:\Windows\System\adWatPt.exe
  2⤵
  PID:2060
- C:\Windows\System\wRBcLTp.exe
  C:\Windows\System\wRBcLTp.exe
  2⤵
  PID:1036
- C:\Windows\System\ZmCzEoY.exe
  C:\Windows\System\ZmCzEoY.exe
  2⤵
  PID:2644
- C:\Windows\System\vLnRepe.exe
  C:\Windows\System\vLnRepe.exe
  2⤵
  PID:1308
- C:\Windows\System\vJWtzdd.exe
  C:\Windows\System\vJWtzdd.exe
  2⤵
  PID:3080
- C:\Windows\System\aAZqmDi.exe
  C:\Windows\System\aAZqmDi.exe
  2⤵
  PID:3100
- C:\Windows\System\cYZnZXX.exe
  C:\Windows\System\cYZnZXX.exe
  2⤵
  PID:3116
- C:\Windows\System\sRFnizr.exe
  C:\Windows\System\sRFnizr.exe
  2⤵
  PID:3132
- C:\Windows\System\DwgznGB.exe
  C:\Windows\System\DwgznGB.exe
  2⤵
  PID:3148
- C:\Windows\System\ZVeRvdB.exe
  C:\Windows\System\ZVeRvdB.exe
  2⤵
  PID:3164
- C:\Windows\System\mrxYYoo.exe
  C:\Windows\System\mrxYYoo.exe
  2⤵
  PID:3180
- C:\Windows\System\CrtLrrh.exe
  C:\Windows\System\CrtLrrh.exe
  2⤵
  PID:3196
- C:\Windows\System\jRxjrLG.exe
  C:\Windows\System\jRxjrLG.exe
  2⤵
  PID:3212
- C:\Windows\System\MGFRFQT.exe
  C:\Windows\System\MGFRFQT.exe
  2⤵
  PID:3228
- C:\Windows\System\EEPaVhj.exe
  C:\Windows\System\EEPaVhj.exe
  2⤵
  PID:3244
- C:\Windows\System\dUmFRSa.exe
  C:\Windows\System\dUmFRSa.exe
  2⤵
  PID:3260
- C:\Windows\System\JatyEab.exe
  C:\Windows\System\JatyEab.exe
  2⤵
  PID:3276
- C:\Windows\System\eRCgmJT.exe
  C:\Windows\System\eRCgmJT.exe
  2⤵
  PID:3292
- C:\Windows\System\HvdGxLE.exe
  C:\Windows\System\HvdGxLE.exe
  2⤵
  PID:3308
- C:\Windows\System\qbjfuGi.exe
  C:\Windows\System\qbjfuGi.exe
  2⤵
  PID:3324
- C:\Windows\System\tejJHie.exe
  C:\Windows\System\tejJHie.exe
  2⤵
  PID:3340
- C:\Windows\System\ahtGqVu.exe
  C:\Windows\System\ahtGqVu.exe
  2⤵
  PID:3356
- C:\Windows\System\quEDbmz.exe
  C:\Windows\System\quEDbmz.exe
  2⤵
  PID:3372
- C:\Windows\System\jwKUwaJ.exe
  C:\Windows\System\jwKUwaJ.exe
  2⤵
  PID:3388
- C:\Windows\System\pDaWARX.exe
  C:\Windows\System\pDaWARX.exe
  2⤵
  PID:3404
- C:\Windows\System\QIsmTFc.exe
  C:\Windows\System\QIsmTFc.exe
  2⤵
  PID:3424
- C:\Windows\System\sGaIxUQ.exe
  C:\Windows\System\sGaIxUQ.exe
  2⤵
  PID:3444
- C:\Windows\System\HDXwhbB.exe
  C:\Windows\System\HDXwhbB.exe
  2⤵
  PID:3484
- C:\Windows\System\FRknaYl.exe
  C:\Windows\System\FRknaYl.exe
  2⤵
  PID:3532
- C:\Windows\System\DEDiDwq.exe
  C:\Windows\System\DEDiDwq.exe
  2⤵
  PID:3560
- C:\Windows\System\ZcIJMzE.exe
  C:\Windows\System\ZcIJMzE.exe
  2⤵
  PID:3576
- C:\Windows\System\AWOdSrB.exe
  C:\Windows\System\AWOdSrB.exe
  2⤵
  PID:3596
- C:\Windows\System\DcYMmJG.exe
  C:\Windows\System\DcYMmJG.exe
  2⤵
  PID:3612
- C:\Windows\System\luEeZca.exe
  C:\Windows\System\luEeZca.exe
  2⤵
  PID:3628
- C:\Windows\System\NcboMBp.exe
  C:\Windows\System\NcboMBp.exe
  2⤵
  PID:3644
- C:\Windows\System\qqykMaH.exe
  C:\Windows\System\qqykMaH.exe
  2⤵
  PID:3660
- C:\Windows\System\ArEcPSr.exe
  C:\Windows\System\ArEcPSr.exe
  2⤵
  PID:3676
- C:\Windows\System\qhtxzlL.exe
  C:\Windows\System\qhtxzlL.exe
  2⤵
  PID:3692
- C:\Windows\System\ZwkKYsC.exe
  C:\Windows\System\ZwkKYsC.exe
  2⤵
  PID:3708
- C:\Windows\System\FLpqzgM.exe
  C:\Windows\System\FLpqzgM.exe
  2⤵
  PID:3724
- C:\Windows\System\Ngciztr.exe
  C:\Windows\System\Ngciztr.exe
  2⤵
  PID:3740
- C:\Windows\System\hGJkFHJ.exe
  C:\Windows\System\hGJkFHJ.exe
  2⤵
  PID:3756
- C:\Windows\System\mfgvVnG.exe
  C:\Windows\System\mfgvVnG.exe
  2⤵
  PID:3772
- C:\Windows\System\fCgwnkG.exe
  C:\Windows\System\fCgwnkG.exe
  2⤵
  PID:3788
- C:\Windows\System\nEkXMzZ.exe
  C:\Windows\System\nEkXMzZ.exe
  2⤵
  PID:3804
- C:\Windows\System\EYKclZk.exe
  C:\Windows\System\EYKclZk.exe
  2⤵
  PID:3820
- C:\Windows\System\TnzoXui.exe
  C:\Windows\System\TnzoXui.exe
  2⤵
  PID:3848
- C:\Windows\System\kQdIPbD.exe
  C:\Windows\System\kQdIPbD.exe
  2⤵
  PID:3864
- C:\Windows\System\PxRDopI.exe
  C:\Windows\System\PxRDopI.exe
  2⤵
  PID:3880
- C:\Windows\System\EAcBXXi.exe
  C:\Windows\System\EAcBXXi.exe
  2⤵
  PID:3896
- C:\Windows\System\rzgzqre.exe
  C:\Windows\System\rzgzqre.exe
  2⤵
  PID:3912
- C:\Windows\System\cmWTejC.exe
  C:\Windows\System\cmWTejC.exe
  2⤵
  PID:3928
- C:\Windows\System\VOjcMxZ.exe
  C:\Windows\System\VOjcMxZ.exe
  2⤵
  PID:3960
- C:\Windows\System\qBGKBVG.exe
  C:\Windows\System\qBGKBVG.exe
  2⤵
  PID:3980
- C:\Windows\System\ZCRKtgI.exe
  C:\Windows\System\ZCRKtgI.exe
  2⤵
  PID:4004
- C:\Windows\System\GfCtnbN.exe
  C:\Windows\System\GfCtnbN.exe
  2⤵
  PID:4056
- C:\Windows\System\dVtDAvf.exe
  C:\Windows\System\dVtDAvf.exe
  2⤵
  PID:4072
- C:\Windows\System\ZpYrIge.exe
  C:\Windows\System\ZpYrIge.exe
  2⤵
  PID:4088
- C:\Windows\System\XDagGvG.exe
  C:\Windows\System\XDagGvG.exe
  2⤵
  PID:1428
- C:\Windows\System\sbJChaE.exe
  C:\Windows\System\sbJChaE.exe
  2⤵
  PID:3088
- C:\Windows\System\jzOMJXw.exe
  C:\Windows\System\jzOMJXw.exe
  2⤵
  PID:2052
- C:\Windows\System\psrwnhh.exe
  C:\Windows\System\psrwnhh.exe
  2⤵
  PID:2840
- C:\Windows\System\UvUiron.exe
  C:\Windows\System\UvUiron.exe
  2⤵
  PID:3192
- C:\Windows\System\ZOeFIoj.exe
  C:\Windows\System\ZOeFIoj.exe
  2⤵
  PID:3224
- C:\Windows\System\XwaYiQx.exe
  C:\Windows\System\XwaYiQx.exe
  2⤵
  PID:3252
- C:\Windows\System\xDWrhBM.exe
  C:\Windows\System\xDWrhBM.exe
  2⤵
  PID:3304
- C:\Windows\System\btOctGM.exe
  C:\Windows\System\btOctGM.exe
  2⤵
  PID:3320
- C:\Windows\System\LYAXAaC.exe
  C:\Windows\System\LYAXAaC.exe
  2⤵
  PID:2352
- C:\Windows\System\lrzEVEM.exe
  C:\Windows\System\lrzEVEM.exe
  2⤵
  PID:3368
- C:\Windows\System\gBfoABg.exe
  C:\Windows\System\gBfoABg.exe
  2⤵
  PID:3416
- C:\Windows\System\GbQxIpY.exe
  C:\Windows\System\GbQxIpY.exe
  2⤵
  PID:3464
- C:\Windows\System\EFHgEFK.exe
  C:\Windows\System\EFHgEFK.exe
  2⤵
  PID:3420
- C:\Windows\System\LledvSh.exe
  C:\Windows\System\LledvSh.exe
  2⤵
  PID:3556
- C:\Windows\System\pIJMtDb.exe
  C:\Windows\System\pIJMtDb.exe
  2⤵
  PID:3472
- C:\Windows\System\oTtLWtX.exe
  C:\Windows\System\oTtLWtX.exe
  2⤵
  PID:3624
- C:\Windows\System\CXQWmsj.exe
  C:\Windows\System\CXQWmsj.exe
  2⤵
  PID:3492
- C:\Windows\System\YSzibmw.exe
  C:\Windows\System\YSzibmw.exe
  2⤵
  PID:3520
- C:\Windows\System\fELFbGD.exe
  C:\Windows\System\fELFbGD.exe
  2⤵
  PID:3668
- C:\Windows\System\AmGgnqn.exe
  C:\Windows\System\AmGgnqn.exe
  2⤵
  PID:3736
- C:\Windows\System\yalEsbM.exe
  C:\Windows\System\yalEsbM.exe
  2⤵
  PID:3796
- C:\Windows\System\bieREdu.exe
  C:\Windows\System\bieREdu.exe
  2⤵
  PID:3688
- C:\Windows\System\TVCcfMQ.exe
  C:\Windows\System\TVCcfMQ.exe
  2⤵
  PID:3904
- C:\Windows\System\TcjhGgP.exe
  C:\Windows\System\TcjhGgP.exe
  2⤵
  PID:3888
- C:\Windows\System\UBijUiu.exe
  C:\Windows\System\UBijUiu.exe
  2⤵
  PID:3948
- C:\Windows\System\LuZqFUZ.exe
  C:\Windows\System\LuZqFUZ.exe
  2⤵
  PID:3988
- C:\Windows\System\CVvJKSx.exe
  C:\Windows\System\CVvJKSx.exe
  2⤵
  PID:3972
- C:\Windows\System\XAqfskC.exe
  C:\Windows\System\XAqfskC.exe
  2⤵
  PID:4012
- C:\Windows\System\MHGesuC.exe
  C:\Windows\System\MHGesuC.exe
  2⤵
  PID:4032
- C:\Windows\System\zGWaVYA.exe
  C:\Windows\System\zGWaVYA.exe
  2⤵
  PID:4064
- C:\Windows\System\MpVvlWx.exe
  C:\Windows\System\MpVvlWx.exe
  2⤵
  PID:4052
- C:\Windows\System\ZUZDNDF.exe
  C:\Windows\System\ZUZDNDF.exe
  2⤵
  PID:2488
- C:\Windows\System\QUAToxq.exe
  C:\Windows\System\QUAToxq.exe
  2⤵
  PID:3112
- C:\Windows\System\YmzRSzU.exe
  C:\Windows\System\YmzRSzU.exe
  2⤵
  PID:3108
- C:\Windows\System\xiNtXjh.exe
  C:\Windows\System\xiNtXjh.exe
  2⤵
  PID:3144
- C:\Windows\System\kkZMqel.exe
  C:\Windows\System\kkZMqel.exe
  2⤵
  PID:3172
- C:\Windows\System\oKpUDFa.exe
  C:\Windows\System\oKpUDFa.exe
  2⤵
  PID:272
- C:\Windows\System\EfkJIMT.exe
  C:\Windows\System\EfkJIMT.exe
  2⤵
  PID:3236
- C:\Windows\System\ndzIKrw.exe
  C:\Windows\System\ndzIKrw.exe
  2⤵
  PID:3552
- C:\Windows\System\DlTyCsO.exe
  C:\Windows\System\DlTyCsO.exe
  2⤵
  PID:3588
- C:\Windows\System\opOLhCK.exe
  C:\Windows\System\opOLhCK.exe
  2⤵
  PID:3440
- C:\Windows\System\NDhJetf.exe
  C:\Windows\System\NDhJetf.exe
  2⤵
  PID:3640
- C:\Windows\System\TzIRuTq.exe
  C:\Windows\System\TzIRuTq.exe
  2⤵
  PID:1200
- C:\Windows\System\fjTGHPV.exe
  C:\Windows\System\fjTGHPV.exe
  2⤵
  PID:3604
- C:\Windows\System\dioEEmX.exe
  C:\Windows\System\dioEEmX.exe
  2⤵
  PID:3816
- C:\Windows\System\LbINDse.exe
  C:\Windows\System\LbINDse.exe
  2⤵
  PID:3844
- C:\Windows\System\szhUwNb.exe
  C:\Windows\System\szhUwNb.exe
  2⤵
  PID:3768
- C:\Windows\System\KMqgZxf.exe
  C:\Windows\System\KMqgZxf.exe
  2⤵
  PID:3856
- C:\Windows\System\rJEtLSd.exe
  C:\Windows\System\rJEtLSd.exe
  2⤵
  PID:3936
- C:\Windows\System\qmmRSMH.exe
  C:\Windows\System\qmmRSMH.exe
  2⤵
  PID:3924
- C:\Windows\System\Zszshro.exe
  C:\Windows\System\Zszshro.exe
  2⤵
  PID:2228
- C:\Windows\System\lPYbIii.exe
  C:\Windows\System\lPYbIii.exe
  2⤵
  PID:2736
- C:\Windows\System\CDKGgFc.exe
  C:\Windows\System\CDKGgFc.exe
  2⤵
  PID:4084
- C:\Windows\System\FgPsoMl.exe
  C:\Windows\System\FgPsoMl.exe
  2⤵
  PID:3044
- C:\Windows\System\SYOwWgO.exe
  C:\Windows\System\SYOwWgO.exe
  2⤵
  PID:1016
- C:\Windows\System\VfxPfYm.exe
  C:\Windows\System\VfxPfYm.exe
  2⤵
  PID:2792
- C:\Windows\System\dSAaTuu.exe
  C:\Windows\System\dSAaTuu.exe
  2⤵
  PID:2696
- C:\Windows\System\WtoHxaY.exe
  C:\Windows\System\WtoHxaY.exe
  2⤵
  PID:3452
- C:\Windows\System\bpwgGvz.exe
  C:\Windows\System\bpwgGvz.exe
  2⤵
  PID:3400
- C:\Windows\System\bowljLU.exe
  C:\Windows\System\bowljLU.exe
  2⤵
  PID:3592
- C:\Windows\System\eohwrYD.exe
  C:\Windows\System\eohwrYD.exe
  2⤵
  PID:2116
- C:\Windows\System\hKvzAUL.exe
  C:\Windows\System\hKvzAUL.exe
  2⤵
  PID:2088
- C:\Windows\System\IBDBlJb.exe
  C:\Windows\System\IBDBlJb.exe
  2⤵
  PID:3204
- C:\Windows\System\ylciRri.exe
  C:\Windows\System\ylciRri.exe
  2⤵
  PID:3396
- C:\Windows\System\BwufxtX.exe
  C:\Windows\System\BwufxtX.exe
  2⤵
  PID:3128
- C:\Windows\System\nFuBDsJ.exe
  C:\Windows\System\nFuBDsJ.exe
  2⤵
  PID:3352
- C:\Windows\System\eEszCbc.exe
  C:\Windows\System\eEszCbc.exe
  2⤵
  PID:3572
- C:\Windows\System\MhHGZKo.exe
  C:\Windows\System\MhHGZKo.exe
  2⤵
  PID:3528
- C:\Windows\System\uDXDTgO.exe
  C:\Windows\System\uDXDTgO.exe
  2⤵
  PID:3780
- C:\Windows\System\VivoQYU.exe
  C:\Windows\System\VivoQYU.exe
  2⤵
  PID:3956
- C:\Windows\System\UvGhEiN.exe
  C:\Windows\System\UvGhEiN.exe
  2⤵
  PID:3860
- C:\Windows\System\kJyIqlh.exe
  C:\Windows\System\kJyIqlh.exe
  2⤵
  PID:3720
- C:\Windows\System\oAORPVw.exe
  C:\Windows\System\oAORPVw.exe
  2⤵
  PID:3332
- C:\Windows\System\xtvSMbk.exe
  C:\Windows\System\xtvSMbk.exe
  2⤵
  PID:3140
- C:\Windows\System\xmLqVAN.exe
  C:\Windows\System\xmLqVAN.exe
  2⤵
  PID:3996
- C:\Windows\System\xCzDptQ.exe
  C:\Windows\System\xCzDptQ.exe
  2⤵
  PID:4024
- C:\Windows\System\PLKzVCd.exe
  C:\Windows\System\PLKzVCd.exe
  2⤵
  PID:4068
- C:\Windows\System\sGwlyUg.exe
  C:\Windows\System\sGwlyUg.exe
  2⤵
  PID:3764
- C:\Windows\System\roIuoFZ.exe
  C:\Windows\System\roIuoFZ.exe
  2⤵
  PID:3124
- C:\Windows\System\gVQjEFD.exe
  C:\Windows\System\gVQjEFD.exe
  2⤵
  PID:3704
- C:\Windows\System\TupFLOj.exe
  C:\Windows\System\TupFLOj.exe
  2⤵
  PID:3436
- C:\Windows\System\ocDjnNc.exe
  C:\Windows\System\ocDjnNc.exe
  2⤵
  PID:3300
- C:\Windows\System\SialCyj.exe
  C:\Windows\System\SialCyj.exe
  2⤵
  PID:4112
- C:\Windows\System\JPaXvtS.exe
  C:\Windows\System\JPaXvtS.exe
  2⤵
  PID:4140
- C:\Windows\System\VzgSLnT.exe
  C:\Windows\System\VzgSLnT.exe
  2⤵
  PID:4156
- C:\Windows\System\ZthEGax.exe
  C:\Windows\System\ZthEGax.exe
  2⤵
  PID:4172
- C:\Windows\System\NuSmkrf.exe
  C:\Windows\System\NuSmkrf.exe
  2⤵
  PID:4192
- C:\Windows\System\AnjGquU.exe
  C:\Windows\System\AnjGquU.exe
  2⤵
  PID:4208
- C:\Windows\System\TUHmwrO.exe
  C:\Windows\System\TUHmwrO.exe
  2⤵
  PID:4224
- C:\Windows\System\PTyimJM.exe
  C:\Windows\System\PTyimJM.exe
  2⤵
  PID:4240
- C:\Windows\System\HlyOgxM.exe
  C:\Windows\System\HlyOgxM.exe
  2⤵
  PID:4256
- C:\Windows\System\lihcSIw.exe
  C:\Windows\System\lihcSIw.exe
  2⤵
  PID:4272
- C:\Windows\System\LvYbJnN.exe
  C:\Windows\System\LvYbJnN.exe
  2⤵
  PID:4288
- C:\Windows\System\KIXmsYc.exe
  C:\Windows\System\KIXmsYc.exe
  2⤵
  PID:4312
- C:\Windows\System\KsMqiTm.exe
  C:\Windows\System\KsMqiTm.exe
  2⤵
  PID:4328
- C:\Windows\System\BDsQVtA.exe
  C:\Windows\System\BDsQVtA.exe
  2⤵
  PID:4348
- C:\Windows\System\WkpWsRH.exe
  C:\Windows\System\WkpWsRH.exe
  2⤵
  PID:4364
- C:\Windows\System\pAxdOGE.exe
  C:\Windows\System\pAxdOGE.exe
  2⤵
  PID:4380
- C:\Windows\System\crsYZkf.exe
  C:\Windows\System\crsYZkf.exe
  2⤵
  PID:4396
- C:\Windows\System\CnjULYu.exe
  C:\Windows\System\CnjULYu.exe
  2⤵
  PID:4416
- C:\Windows\System\zAoKIPj.exe
  C:\Windows\System\zAoKIPj.exe
  2⤵
  PID:4432
- C:\Windows\System\dVmiDMb.exe
  C:\Windows\System\dVmiDMb.exe
  2⤵
  PID:4448
- C:\Windows\System\wmgBnRz.exe
  C:\Windows\System\wmgBnRz.exe
  2⤵
  PID:4464
- C:\Windows\System\fICjjqg.exe
  C:\Windows\System\fICjjqg.exe
  2⤵
  PID:4480
- C:\Windows\System\jvWibHh.exe
  C:\Windows\System\jvWibHh.exe
  2⤵
  PID:4496
- C:\Windows\System\ExJYIns.exe
  C:\Windows\System\ExJYIns.exe
  2⤵
  PID:4512
- C:\Windows\System\tcEdkYs.exe
  C:\Windows\System\tcEdkYs.exe
  2⤵
  PID:4528
- C:\Windows\System\CZQflMG.exe
  C:\Windows\System\CZQflMG.exe
  2⤵
  PID:4544
- C:\Windows\System\ejptaXj.exe
  C:\Windows\System\ejptaXj.exe
  2⤵
  PID:4560
- C:\Windows\System\CiBRhZB.exe
  C:\Windows\System\CiBRhZB.exe
  2⤵
  PID:4576
- C:\Windows\System\FaTjyry.exe
  C:\Windows\System\FaTjyry.exe
  2⤵
  PID:4592
- C:\Windows\System\vXTwiTu.exe
  C:\Windows\System\vXTwiTu.exe
  2⤵
  PID:4608
- C:\Windows\System\YtpCddP.exe
  C:\Windows\System\YtpCddP.exe
  2⤵
  PID:4624
- C:\Windows\System\TJoeYll.exe
  C:\Windows\System\TJoeYll.exe
  2⤵
  PID:4640
- C:\Windows\System\aDUAgJr.exe
  C:\Windows\System\aDUAgJr.exe
  2⤵
  PID:4656
- C:\Windows\System\nyPOvoN.exe
  C:\Windows\System\nyPOvoN.exe
  2⤵
  PID:4672
- C:\Windows\System\iIiDpPd.exe
  C:\Windows\System\iIiDpPd.exe
  2⤵
  PID:4688
- C:\Windows\System\UYVOvyZ.exe
  C:\Windows\System\UYVOvyZ.exe
  2⤵
  PID:4704
- C:\Windows\System\dWnWRtb.exe
  C:\Windows\System\dWnWRtb.exe
  2⤵
  PID:4720
- C:\Windows\System\aYVyfFT.exe
  C:\Windows\System\aYVyfFT.exe
  2⤵
  PID:4736
- C:\Windows\System\Jizniyy.exe
  C:\Windows\System\Jizniyy.exe
  2⤵
  PID:4752
- C:\Windows\System\mZxUvwl.exe
  C:\Windows\System\mZxUvwl.exe
  2⤵
  PID:4768
- C:\Windows\System\LRAPZvf.exe
  C:\Windows\System\LRAPZvf.exe
  2⤵
  PID:4784
- C:\Windows\System\ZGIoOPs.exe
  C:\Windows\System\ZGIoOPs.exe
  2⤵
  PID:4800
- C:\Windows\System\AInjUAa.exe
  C:\Windows\System\AInjUAa.exe
  2⤵
  PID:4816
- C:\Windows\System\OqSUebD.exe
  C:\Windows\System\OqSUebD.exe
  2⤵
  PID:4832
- C:\Windows\System\dzGSzdq.exe
  C:\Windows\System\dzGSzdq.exe
  2⤵
  PID:4848
- C:\Windows\System\TRMbjLX.exe
  C:\Windows\System\TRMbjLX.exe
  2⤵
  PID:4864
- C:\Windows\System\rwlZuql.exe
  C:\Windows\System\rwlZuql.exe
  2⤵
  PID:4880
- C:\Windows\System\WzKRBNw.exe
  C:\Windows\System\WzKRBNw.exe
  2⤵
  PID:4896
- C:\Windows\System\XrKCfWi.exe
  C:\Windows\System\XrKCfWi.exe
  2⤵
  PID:4912
- C:\Windows\System\JyYKwfr.exe
  C:\Windows\System\JyYKwfr.exe
  2⤵
  PID:4928
- C:\Windows\System\WlfhmYe.exe
  C:\Windows\System\WlfhmYe.exe
  2⤵
  PID:4944
- C:\Windows\System\mAlcddx.exe
  C:\Windows\System\mAlcddx.exe
  2⤵
  PID:4960
- C:\Windows\System\lJlBrqD.exe
  C:\Windows\System\lJlBrqD.exe
  2⤵
  PID:4980
- C:\Windows\System\bnwasrX.exe
  C:\Windows\System\bnwasrX.exe
  2⤵
  PID:5080
- C:\Windows\System\sguAJBe.exe
  C:\Windows\System\sguAJBe.exe
  2⤵
  PID:4356
- C:\Windows\System\jOaHnhi.exe
  C:\Windows\System\jOaHnhi.exe
  2⤵
  PID:4428
- C:\Windows\System\vDUBkBV.exe
  C:\Windows\System\vDUBkBV.exe
  2⤵
  PID:4536
- C:\Windows\System\nltyADX.exe
  C:\Windows\System\nltyADX.exe
  2⤵
  PID:4600
- C:\Windows\System\zSjlzXR.exe
  C:\Windows\System\zSjlzXR.exe
  2⤵
  PID:4524
- C:\Windows\System\BKcsjHq.exe
  C:\Windows\System\BKcsjHq.exe
  2⤵
  PID:4664
- C:\Windows\System\fihqjCd.exe
  C:\Windows\System\fihqjCd.exe
  2⤵
  PID:4488
- C:\Windows\System\SUOneIg.exe
  C:\Windows\System\SUOneIg.exe
  2⤵
  PID:4616
- C:\Windows\System\kVPNbaD.exe
  C:\Windows\System\kVPNbaD.exe
  2⤵
  PID:4728
- C:\Windows\System\SRirvwV.exe
  C:\Windows\System\SRirvwV.exe
  2⤵
  PID:4696
- C:\Windows\System\dHqRzUp.exe
  C:\Windows\System\dHqRzUp.exe
  2⤵
  PID:4776
- C:\Windows\System\FsTnZeF.exe
  C:\Windows\System\FsTnZeF.exe
  2⤵
  PID:4792
- C:\Windows\System\fgmCOTL.exe
  C:\Windows\System\fgmCOTL.exe
  2⤵
  PID:4812
- C:\Windows\System\YkEReAq.exe
  C:\Windows\System\YkEReAq.exe
  2⤵
  PID:4856
- C:\Windows\System\GNJHNSr.exe
  C:\Windows\System\GNJHNSr.exe
  2⤵
  PID:4892
- C:\Windows\System\nDKuSrN.exe
  C:\Windows\System\nDKuSrN.exe
  2⤵
  PID:4908
- C:\Windows\System\lmYnPyJ.exe
  C:\Windows\System\lmYnPyJ.exe
  2⤵
  PID:4956
- C:\Windows\System\qOuEsKd.exe
  C:\Windows\System\qOuEsKd.exe
  2⤵
  PID:4992
- C:\Windows\System\vFSPBCK.exe
  C:\Windows\System\vFSPBCK.exe
  2⤵
  PID:5004
- C:\Windows\System\ijVliZt.exe
  C:\Windows\System\ijVliZt.exe
  2⤵
  PID:5024
- C:\Windows\System\oxurhLl.exe
  C:\Windows\System\oxurhLl.exe
  2⤵
  PID:5040
- C:\Windows\System\ljhnCCr.exe
  C:\Windows\System\ljhnCCr.exe
  2⤵
  PID:5064
- C:\Windows\System\esXAczl.exe
  C:\Windows\System\esXAczl.exe
  2⤵
  PID:5092
- C:\Windows\System\DfvwZSb.exe
  C:\Windows\System\DfvwZSb.exe
  2⤵
  PID:5108
- C:\Windows\System\QktDHne.exe
  C:\Windows\System\QktDHne.exe
  2⤵
  PID:2144
- C:\Windows\System\RwWcKMh.exe
  C:\Windows\System\RwWcKMh.exe
  2⤵
  PID:4132
- C:\Windows\System\XktwhGV.exe
  C:\Windows\System\XktwhGV.exe
  2⤵
  PID:4000
- C:\Windows\System\MaepBnh.exe
  C:\Windows\System\MaepBnh.exe
  2⤵
  PID:4104
- C:\Windows\System\rzdDFtq.exe
  C:\Windows\System\rzdDFtq.exe
  2⤵
  PID:4152
- C:\Windows\System\HnNhxCW.exe
  C:\Windows\System\HnNhxCW.exe
  2⤵
  PID:4232
- C:\Windows\System\iwRIwwT.exe
  C:\Windows\System\iwRIwwT.exe
  2⤵
  PID:4252
- C:\Windows\System\JFsPRcT.exe
  C:\Windows\System\JFsPRcT.exe
  2⤵
  PID:4268
- C:\Windows\System\hxklkPa.exe
  C:\Windows\System\hxklkPa.exe
  2⤵
  PID:4300
- C:\Windows\System\dQHCfRK.exe
  C:\Windows\System\dQHCfRK.exe
  2⤵
  PID:4344
- C:\Windows\System\GxGqEei.exe
  C:\Windows\System\GxGqEei.exe
  2⤵
  PID:4404
- C:\Windows\System\VYiltuP.exe
  C:\Windows\System\VYiltuP.exe
  2⤵
  PID:4320
- C:\Windows\System\KdKAnUw.exe
  C:\Windows\System\KdKAnUw.exe
  2⤵
  PID:2196
- C:\Windows\System\xgjBNPf.exe
  C:\Windows\System\xgjBNPf.exe
  2⤵
  PID:4648
- C:\Windows\System\snAJdIC.exe
  C:\Windows\System\snAJdIC.exe
  2⤵
  PID:4760
- C:\Windows\System\qnLPidm.exe
  C:\Windows\System\qnLPidm.exe
  2⤵
  PID:2860
- C:\Windows\System\xAbNBCo.exe
  C:\Windows\System\xAbNBCo.exe
  2⤵
  PID:4460
- C:\Windows\System\maJKGpc.exe
  C:\Windows\System\maJKGpc.exe
  2⤵
  PID:4748
- C:\Windows\System\mGnJEql.exe
  C:\Windows\System\mGnJEql.exe
  2⤵
  PID:4508
- C:\Windows\System\WZGywrX.exe
  C:\Windows\System\WZGywrX.exe
  2⤵
  PID:4632
- C:\Windows\System\MzSKqJo.exe
  C:\Windows\System\MzSKqJo.exe
  2⤵
  PID:4904
- C:\Windows\System\eKVAlRI.exe
  C:\Windows\System\eKVAlRI.exe
  2⤵
  PID:4940
- C:\Windows\System\XGAuIVS.exe
  C:\Windows\System\XGAuIVS.exe
  2⤵
  PID:5000
- C:\Windows\System\MYwLkSS.exe
  C:\Windows\System\MYwLkSS.exe
  2⤵
  PID:5036
- C:\Windows\System\yWrDHXo.exe
  C:\Windows\System\yWrDHXo.exe
  2⤵
  PID:5060
- C:\Windows\System\gyMrNda.exe
  C:\Windows\System\gyMrNda.exe
  2⤵
  PID:5072
- C:\Windows\System\kdQKycD.exe
  C:\Windows\System\kdQKycD.exe
  2⤵
  PID:2120
- C:\Windows\System\CXlHMNj.exe
  C:\Windows\System\CXlHMNj.exe
  2⤵
  PID:4128
- C:\Windows\System\kQdcMIe.exe
  C:\Windows\System\kQdcMIe.exe
  2⤵
  PID:2192
- C:\Windows\System\DeatTES.exe
  C:\Windows\System\DeatTES.exe
  2⤵
  PID:4148
- C:\Windows\System\VSclxxF.exe
  C:\Windows\System\VSclxxF.exe
  2⤵
  PID:4216
- C:\Windows\System\qOsKlPh.exe
  C:\Windows\System\qOsKlPh.exe
  2⤵
  PID:4220
- C:\Windows\System\lIwjOcm.exe
  C:\Windows\System\lIwjOcm.exe
  2⤵
  PID:4388
- C:\Windows\System\eIlHPxA.exe
  C:\Windows\System\eIlHPxA.exe
  2⤵
  PID:4324
- C:\Windows\System\MKReSnT.exe
  C:\Windows\System\MKReSnT.exe
  2⤵
  PID:2080
- C:\Windows\System\VHGTiwW.exe
  C:\Windows\System\VHGTiwW.exe
  2⤵
  PID:4844
- C:\Windows\System\AhiVBTr.exe
  C:\Windows\System\AhiVBTr.exe
  2⤵
  PID:4136
- C:\Windows\System\IOVAjPu.exe
  C:\Windows\System\IOVAjPu.exe
  2⤵
  PID:4712
- C:\Windows\System\xIgQGKZ.exe
  C:\Windows\System\xIgQGKZ.exe
  2⤵
  PID:4444
- C:\Windows\System\wzybFlP.exe
  C:\Windows\System\wzybFlP.exe
  2⤵
  PID:4456
- C:\Windows\System\hUOARoU.exe
  C:\Windows\System\hUOARoU.exe
  2⤵
  PID:4876
- C:\Windows\System\noNKKXp.exe
  C:\Windows\System\noNKKXp.exe
  2⤵
  PID:5016
- C:\Windows\System\gAGZpQA.exe
  C:\Windows\System\gAGZpQA.exe
  2⤵
  PID:5052
- C:\Windows\System\qPTiNSm.exe
  C:\Windows\System\qPTiNSm.exe
  2⤵
  PID:5076
- C:\Windows\System\avPOAoX.exe
  C:\Windows\System\avPOAoX.exe
  2⤵
  PID:4296
- C:\Windows\System\hmAJCcI.exe
  C:\Windows\System\hmAJCcI.exe
  2⤵
  PID:4744
- C:\Windows\System\BtOVuzR.exe
  C:\Windows\System\BtOVuzR.exe
  2⤵
  PID:3636
- C:\Windows\System\PFMRZMv.exe
  C:\Windows\System\PFMRZMv.exe
  2⤵
  PID:4476
- C:\Windows\System\MseWIkS.exe
  C:\Windows\System\MseWIkS.exe
  2⤵
  PID:1748
- C:\Windows\System\SHxSjuj.exe
  C:\Windows\System\SHxSjuj.exe
  2⤵
  PID:2360
- C:\Windows\System\LzcraPz.exe
  C:\Windows\System\LzcraPz.exe
  2⤵
  PID:4888
- C:\Windows\System\GFJXtEz.exe
  C:\Windows\System\GFJXtEz.exe
  2⤵
  PID:5136
- C:\Windows\System\WkjYqKd.exe
  C:\Windows\System\WkjYqKd.exe
  2⤵
  PID:5152
- C:\Windows\System\qXpBsgr.exe
  C:\Windows\System\qXpBsgr.exe
  2⤵
  PID:5168
- C:\Windows\System\JineOcM.exe
  C:\Windows\System\JineOcM.exe
  2⤵
  PID:5188
- C:\Windows\System\FJRdHzc.exe
  C:\Windows\System\FJRdHzc.exe
  2⤵
  PID:5204
- C:\Windows\System\IjTEfiP.exe
  C:\Windows\System\IjTEfiP.exe
  2⤵
  PID:5220
- C:\Windows\System\DuRJqjH.exe
  C:\Windows\System\DuRJqjH.exe
  2⤵
  PID:5236
- C:\Windows\System\QUnRXcr.exe
  C:\Windows\System\QUnRXcr.exe
  2⤵
  PID:5252
- C:\Windows\System\AIrjVvh.exe
  C:\Windows\System\AIrjVvh.exe
  2⤵
  PID:5268
- C:\Windows\System\sZzVayq.exe
  C:\Windows\System\sZzVayq.exe
  2⤵
  PID:5284
- C:\Windows\System\IFstCZO.exe
  C:\Windows\System\IFstCZO.exe
  2⤵
  PID:5300
- C:\Windows\System\JiMhuTR.exe
  C:\Windows\System\JiMhuTR.exe
  2⤵
  PID:5316
- C:\Windows\System\PiwLioI.exe
  C:\Windows\System\PiwLioI.exe
  2⤵
  PID:5332
- C:\Windows\System\CMhjECN.exe
  C:\Windows\System\CMhjECN.exe
  2⤵
  PID:5348
- C:\Windows\System\LRuqyzn.exe
  C:\Windows\System\LRuqyzn.exe
  2⤵
  PID:5364
- C:\Windows\System\OZTdytV.exe
  C:\Windows\System\OZTdytV.exe
  2⤵
  PID:5380
- C:\Windows\System\XZfCKzz.exe
  C:\Windows\System\XZfCKzz.exe
  2⤵
  PID:5396
- C:\Windows\System\ikuifSp.exe
  C:\Windows\System\ikuifSp.exe
  2⤵
  PID:5412
- C:\Windows\System\plBDYpR.exe
  C:\Windows\System\plBDYpR.exe
  2⤵
  PID:5440
- C:\Windows\System\bwNKJih.exe
  C:\Windows\System\bwNKJih.exe
  2⤵
  PID:5456
- C:\Windows\System\RfOpGpT.exe
  C:\Windows\System\RfOpGpT.exe
  2⤵
  PID:5472
- C:\Windows\System\IWbiPUb.exe
  C:\Windows\System\IWbiPUb.exe
  2⤵
  PID:5488
- C:\Windows\System\IdtHyfG.exe
  C:\Windows\System\IdtHyfG.exe
  2⤵
  PID:5504
- C:\Windows\System\IVUwKNv.exe
  C:\Windows\System\IVUwKNv.exe
  2⤵
  PID:5520
- C:\Windows\System\MmMDHKj.exe
  C:\Windows\System\MmMDHKj.exe
  2⤵
  PID:5536
- C:\Windows\System\ApiOpka.exe
  C:\Windows\System\ApiOpka.exe
  2⤵
  PID:5556
- C:\Windows\System\jyPlrnV.exe
  C:\Windows\System\jyPlrnV.exe
  2⤵
  PID:5572
- C:\Windows\System\hpQFAxn.exe
  C:\Windows\System\hpQFAxn.exe
  2⤵
  PID:5588
- C:\Windows\System\MlKoiiX.exe
  C:\Windows\System\MlKoiiX.exe
  2⤵
  PID:5604
- C:\Windows\System\mDLorEc.exe
  C:\Windows\System\mDLorEc.exe
  2⤵
  PID:5624
- C:\Windows\System\XBJgENx.exe
  C:\Windows\System\XBJgENx.exe
  2⤵
  PID:5640
- C:\Windows\System\zkTLikz.exe
  C:\Windows\System\zkTLikz.exe
  2⤵
  PID:5656
- C:\Windows\System\FsLiXUE.exe
  C:\Windows\System\FsLiXUE.exe
  2⤵
  PID:5672
- C:\Windows\System\MfwUwKg.exe
  C:\Windows\System\MfwUwKg.exe
  2⤵
  PID:5688
- C:\Windows\System\JFXrcaf.exe
  C:\Windows\System\JFXrcaf.exe
  2⤵
  PID:5704
- C:\Windows\System\DXfhjJy.exe
  C:\Windows\System\DXfhjJy.exe
  2⤵
  PID:5720
- C:\Windows\System\BwmTEyp.exe
  C:\Windows\System\BwmTEyp.exe
  2⤵
  PID:5736
- C:\Windows\System\vFxBKLp.exe
  C:\Windows\System\vFxBKLp.exe
  2⤵
  PID:5752
- C:\Windows\System\zWPBnyY.exe
  C:\Windows\System\zWPBnyY.exe
  2⤵
  PID:5768
- C:\Windows\System\VsOSuTN.exe
  C:\Windows\System\VsOSuTN.exe
  2⤵
  PID:5784
- C:\Windows\System\EErgLMN.exe
  C:\Windows\System\EErgLMN.exe
  2⤵
  PID:5800
- C:\Windows\System\LGanZHn.exe
  C:\Windows\System\LGanZHn.exe
  2⤵
  PID:5816
- C:\Windows\System\QWgPKOn.exe
  C:\Windows\System\QWgPKOn.exe
  2⤵
  PID:5832
- C:\Windows\System\jiubPJm.exe
  C:\Windows\System\jiubPJm.exe
  2⤵
  PID:5848
- C:\Windows\System\bGLgUec.exe
  C:\Windows\System\bGLgUec.exe
  2⤵
  PID:5864
- C:\Windows\System\zkRHswO.exe
  C:\Windows\System\zkRHswO.exe
  2⤵
  PID:5880
- C:\Windows\System\hyTUtJp.exe
  C:\Windows\System\hyTUtJp.exe
  2⤵
  PID:5896
- C:\Windows\System\pQFDTFf.exe
  C:\Windows\System\pQFDTFf.exe
  2⤵
  PID:5912
- C:\Windows\System\uQxFBkk.exe
  C:\Windows\System\uQxFBkk.exe
  2⤵
  PID:5928
- C:\Windows\System\ATNzNax.exe
  C:\Windows\System\ATNzNax.exe
  2⤵
  PID:5944
- C:\Windows\System\dYtyUny.exe
  C:\Windows\System\dYtyUny.exe
  2⤵
  PID:5960
- C:\Windows\System\XthVtCV.exe
  C:\Windows\System\XthVtCV.exe
  2⤵
  PID:5976
- C:\Windows\System\TwbWrKc.exe
  C:\Windows\System\TwbWrKc.exe
  2⤵
  PID:5992
- C:\Windows\System\ebYNrnQ.exe
  C:\Windows\System\ebYNrnQ.exe
  2⤵
  PID:6008
- C:\Windows\System\xLOothR.exe
  C:\Windows\System\xLOothR.exe
  2⤵
  PID:6024
- C:\Windows\System\WQVFMda.exe
  C:\Windows\System\WQVFMda.exe
  2⤵
  PID:6040
- C:\Windows\System\ZImbYbM.exe
  C:\Windows\System\ZImbYbM.exe
  2⤵
  PID:6056
- C:\Windows\System\fqmxicF.exe
  C:\Windows\System\fqmxicF.exe
  2⤵
  PID:6072
- C:\Windows\System\aWCeUzR.exe
  C:\Windows\System\aWCeUzR.exe
  2⤵
  PID:6088
- C:\Windows\System\NLOuNcL.exe
  C:\Windows\System\NLOuNcL.exe
  2⤵
  PID:6104
- C:\Windows\System\eswGLzi.exe
  C:\Windows\System\eswGLzi.exe
  2⤵
  PID:6120
- C:\Windows\System\VTSbLHo.exe
  C:\Windows\System\VTSbLHo.exe
  2⤵
  PID:6136
- C:\Windows\System\FyvnHcS.exe
  C:\Windows\System\FyvnHcS.exe
  2⤵
  PID:4204
- C:\Windows\System\KUelUMo.exe
  C:\Windows\System\KUelUMo.exe
  2⤵
  PID:5144
- C:\Windows\System\SqoQvYL.exe
  C:\Windows\System\SqoQvYL.exe
  2⤵
  PID:5132
- C:\Windows\System\DhveRhj.exe
  C:\Windows\System\DhveRhj.exe
  2⤵
  PID:5228
- C:\Windows\System\pFjnIaH.exe
  C:\Windows\System\pFjnIaH.exe
  2⤵
  PID:5264
- C:\Windows\System\CMosnCS.exe
  C:\Windows\System\CMosnCS.exe
  2⤵
  PID:5176
- C:\Windows\System\QpPqoDw.exe
  C:\Windows\System\QpPqoDw.exe
  2⤵
  PID:5292
- C:\Windows\System\aQDGZBs.exe
  C:\Windows\System\aQDGZBs.exe
  2⤵
  PID:5308
- C:\Windows\System\mwvFEsS.exe
  C:\Windows\System\mwvFEsS.exe
  2⤵
  PID:5324
- C:\Windows\System\FbGPQkL.exe
  C:\Windows\System\FbGPQkL.exe
  2⤵
  PID:5388
- C:\Windows\System\KhZVicV.exe
  C:\Windows\System\KhZVicV.exe
  2⤵
  PID:5392
- C:\Windows\System\NGoSTFY.exe
  C:\Windows\System\NGoSTFY.exe
  2⤵
  PID:5424
- C:\Windows\System\jqsnEWH.exe
  C:\Windows\System\jqsnEWH.exe
  2⤵
  PID:5464
- C:\Windows\System\WiJYwOO.exe
  C:\Windows\System\WiJYwOO.exe
  2⤵
  PID:5528
- C:\Windows\System\FSscWRK.exe
  C:\Windows\System\FSscWRK.exe
  2⤵
  PID:5516
- C:\Windows\System\APSJfuG.exe
  C:\Windows\System\APSJfuG.exe
  2⤵
  PID:5596
- C:\Windows\System\KYSuCgz.exe
  C:\Windows\System\KYSuCgz.exe
  2⤵
  PID:5664
- C:\Windows\System\NpxavjF.exe
  C:\Windows\System\NpxavjF.exe
  2⤵
  PID:5668
- C:\Windows\System\yHIQECp.exe
  C:\Windows\System\yHIQECp.exe
  2⤵
  PID:5700
- C:\Windows\System\Tnqkgre.exe
  C:\Windows\System\Tnqkgre.exe
  2⤵
  PID:5584
- C:\Windows\System\yiWLaeD.exe
  C:\Windows\System\yiWLaeD.exe
  2⤵
  PID:5712
- C:\Windows\System\VyYTCwD.exe
  C:\Windows\System\VyYTCwD.exe
  2⤵
  PID:5744
- C:\Windows\System\HniysCU.exe
  C:\Windows\System\HniysCU.exe
  2⤵
  PID:5760
- C:\Windows\System\LfACgar.exe
  C:\Windows\System\LfACgar.exe
  2⤵
  PID:5796
- C:\Windows\System\xHbyZhC.exe
  C:\Windows\System\xHbyZhC.exe
  2⤵
  PID:5860
- C:\Windows\System\uFQnaar.exe
  C:\Windows\System\uFQnaar.exe
  2⤵
  PID:5888
- C:\Windows\System\DLQGAEz.exe
  C:\Windows\System\DLQGAEz.exe
  2⤵
  PID:5776
- C:\Windows\System\MftHHYV.exe
  C:\Windows\System\MftHHYV.exe
  2⤵
  PID:5908
- C:\Windows\System\LLnrggl.exe
  C:\Windows\System\LLnrggl.exe
  2⤵
  PID:5940
- C:\Windows\System\UdkgjZW.exe
  C:\Windows\System\UdkgjZW.exe
  2⤵
  PID:5984
- C:\Windows\System\ccIsDDN.exe
  C:\Windows\System\ccIsDDN.exe
  2⤵
  PID:6048
- C:\Windows\System\zlzYMYg.exe
  C:\Windows\System\zlzYMYg.exe
  2⤵
  PID:6032
- C:\Windows\System\bOdxOxn.exe
  C:\Windows\System\bOdxOxn.exe
  2⤵
  PID:6084
- C:\Windows\System\higZHDj.exe
  C:\Windows\System\higZHDj.exe
  2⤵
  PID:5056
- C:\Windows\System\zetrhnp.exe
  C:\Windows\System\zetrhnp.exe
  2⤵
  PID:6100
- C:\Windows\System\vBiRNLV.exe
  C:\Windows\System\vBiRNLV.exe
  2⤵
  PID:4584
- C:\Windows\System\AjtDhYA.exe
  C:\Windows\System\AjtDhYA.exe
  2⤵
  PID:4828
- C:\Windows\System\eqaCaha.exe
  C:\Windows\System\eqaCaha.exe
  2⤵
  PID:5212
- C:\Windows\System\nfLqxeK.exe
  C:\Windows\System\nfLqxeK.exe
  2⤵
  PID:5260
- C:\Windows\System\LMnjEkW.exe
  C:\Windows\System\LMnjEkW.exe
  2⤵
  PID:5216
- C:\Windows\System\lHlyNWw.exe
  C:\Windows\System\lHlyNWw.exe
  2⤵
  PID:2072
- C:\Windows\System\trhXswv.exe
  C:\Windows\System\trhXswv.exe
  2⤵
  PID:5432
- C:\Windows\System\CMqgtSK.exe
  C:\Windows\System\CMqgtSK.exe
  2⤵
  PID:5360
- C:\Windows\System\jytdqme.exe
  C:\Windows\System\jytdqme.exe
  2⤵
  PID:5496
- C:\Windows\System\RVPBbGM.exe
  C:\Windows\System\RVPBbGM.exe
  2⤵
  PID:5648
- C:\Windows\System\qJyLRMz.exe
  C:\Windows\System\qJyLRMz.exe
  2⤵
  PID:5616
- C:\Windows\System\eLRxGsh.exe
  C:\Windows\System\eLRxGsh.exe
  2⤵
  PID:5580
- C:\Windows\System\pnnOMFd.exe
  C:\Windows\System\pnnOMFd.exe
  2⤵
  PID:5680
- C:\Windows\System\mSUrIAz.exe
  C:\Windows\System\mSUrIAz.exe
  2⤵
  PID:5920
- C:\Windows\System\WGvRSVb.exe
  C:\Windows\System\WGvRSVb.exe
  2⤵
  PID:5844
- C:\Windows\System\XMBLHlt.exe
  C:\Windows\System\XMBLHlt.exe
  2⤵
  PID:5780
- C:\Windows\System\CSSZRds.exe
  C:\Windows\System\CSSZRds.exe
  2⤵
  PID:5792
- C:\Windows\System\LQHUTVN.exe
  C:\Windows\System\LQHUTVN.exe
  2⤵
  PID:6080
- C:\Windows\System\aPhZdWO.exe
  C:\Windows\System\aPhZdWO.exe
  2⤵
  PID:5200
- C:\Windows\System\ULHlFjl.exe
  C:\Windows\System\ULHlFjl.exe
  2⤵
  PID:5548
- C:\Windows\System\bCvCvJP.exe
  C:\Windows\System\bCvCvJP.exe
  2⤵
  PID:2960
- C:\Windows\System\hlnkkGp.exe
  C:\Windows\System\hlnkkGp.exe
  2⤵
  PID:5936
- C:\Windows\System\UcRSlbo.exe
  C:\Windows\System\UcRSlbo.exe
  2⤵
  PID:5128
- C:\Windows\System\oqnMJet.exe
  C:\Windows\System\oqnMJet.exe
  2⤵
  PID:5372
- C:\Windows\System\WDtHAkV.exe
  C:\Windows\System\WDtHAkV.exe
  2⤵
  PID:5568
- C:\Windows\System\cFFsjXh.exe
  C:\Windows\System\cFFsjXh.exe
  2⤵
  PID:5876
- C:\Windows\System\ztJacwW.exe
  C:\Windows\System\ztJacwW.exe
  2⤵
  PID:6000
- C:\Windows\System\OwYtOpH.exe
  C:\Windows\System\OwYtOpH.exe
  2⤵
  PID:5952
- C:\Windows\System\XNLBpgl.exe
  C:\Windows\System\XNLBpgl.exe
  2⤵
  PID:5248
- C:\Windows\System\VLrTIRX.exe
  C:\Windows\System\VLrTIRX.exe
  2⤵
  PID:2768
- C:\Windows\System\GgyzIqo.exe
  C:\Windows\System\GgyzIqo.exe
  2⤵
  PID:5636
- C:\Windows\System\viNFXVX.exe
  C:\Windows\System\viNFXVX.exe
  2⤵
  PID:5408
- C:\Windows\System\zQmORAD.exe
  C:\Windows\System\zQmORAD.exe
  2⤵
  PID:5840
- C:\Windows\System\YnVdvFC.exe
  C:\Windows\System\YnVdvFC.exe
  2⤵
  PID:5684
- C:\Windows\System\urchgvS.exe
  C:\Windows\System\urchgvS.exe
  2⤵
  PID:6116
- C:\Windows\System\yGMWlPp.exe
  C:\Windows\System\yGMWlPp.exe
  2⤵
  PID:6160
- C:\Windows\System\JJMgqUE.exe
  C:\Windows\System\JJMgqUE.exe
  2⤵
  PID:6176
- C:\Windows\System\yoNHucW.exe
  C:\Windows\System\yoNHucW.exe
  2⤵
  PID:6192
- C:\Windows\System\iiJiWNG.exe
  C:\Windows\System\iiJiWNG.exe
  2⤵
  PID:6208
- C:\Windows\System\MllRxeT.exe
  C:\Windows\System\MllRxeT.exe
  2⤵
  PID:6224
- C:\Windows\System\ZsTKHwn.exe
  C:\Windows\System\ZsTKHwn.exe
  2⤵
  PID:6240
- C:\Windows\System\eDZKLZs.exe
  C:\Windows\System\eDZKLZs.exe
  2⤵
  PID:6256
- C:\Windows\System\cvdiqip.exe
  C:\Windows\System\cvdiqip.exe
  2⤵
  PID:6272
- C:\Windows\System\qQwknxV.exe
  C:\Windows\System\qQwknxV.exe
  2⤵
  PID:6288
- C:\Windows\System\WihfIoH.exe
  C:\Windows\System\WihfIoH.exe
  2⤵
  PID:6304
- C:\Windows\System\AFgMHmc.exe
  C:\Windows\System\AFgMHmc.exe
  2⤵
  PID:6320
- C:\Windows\System\EBhwNVY.exe
  C:\Windows\System\EBhwNVY.exe
  2⤵
  PID:6336
- C:\Windows\System\ttPmVGq.exe
  C:\Windows\System\ttPmVGq.exe
  2⤵
  PID:6352
- C:\Windows\System\qnthegw.exe
  C:\Windows\System\qnthegw.exe
  2⤵
  PID:6368
- C:\Windows\System\cfEHeRT.exe
  C:\Windows\System\cfEHeRT.exe
  2⤵
  PID:6384
- C:\Windows\System\iFKHIxH.exe
  C:\Windows\System\iFKHIxH.exe
  2⤵
  PID:6400
- C:\Windows\System\vZGqOnL.exe
  C:\Windows\System\vZGqOnL.exe
  2⤵
  PID:6416
- C:\Windows\System\poxwzCO.exe
  C:\Windows\System\poxwzCO.exe
  2⤵
  PID:6432
- C:\Windows\System\pLDkwKP.exe
  C:\Windows\System\pLDkwKP.exe
  2⤵
  PID:6448
- C:\Windows\System\wMZyMlu.exe
  C:\Windows\System\wMZyMlu.exe
  2⤵
  PID:6464
- C:\Windows\System\ugJZuHd.exe
  C:\Windows\System\ugJZuHd.exe
  2⤵
  PID:6480
- C:\Windows\System\aubyFYa.exe
  C:\Windows\System\aubyFYa.exe
  2⤵
  PID:6500
- C:\Windows\System\GUwJibQ.exe
  C:\Windows\System\GUwJibQ.exe
  2⤵
  PID:6524
- C:\Windows\System\lrjpCBh.exe
  C:\Windows\System\lrjpCBh.exe
  2⤵
  PID:6540
- C:\Windows\System\ZiVXoPk.exe
  C:\Windows\System\ZiVXoPk.exe
  2⤵
  PID:6556
- C:\Windows\System\kTFwGia.exe
  C:\Windows\System\kTFwGia.exe
  2⤵
  PID:6572
- C:\Windows\System\sYbMRUq.exe
  C:\Windows\System\sYbMRUq.exe
  2⤵
  PID:6588
- C:\Windows\System\KUOkCpz.exe
  C:\Windows\System\KUOkCpz.exe
  2⤵
  PID:6604
- C:\Windows\System\ecoFgHI.exe
  C:\Windows\System\ecoFgHI.exe
  2⤵
  PID:6620
- C:\Windows\System\MxngffY.exe
  C:\Windows\System\MxngffY.exe
  2⤵
  PID:6640
- C:\Windows\System\TpsLxIM.exe
  C:\Windows\System\TpsLxIM.exe
  2⤵
  PID:6660
- C:\Windows\System\qrwyacs.exe
  C:\Windows\System\qrwyacs.exe
  2⤵
  PID:6676
- C:\Windows\System\ojkTWSX.exe
  C:\Windows\System\ojkTWSX.exe
  2⤵
  PID:6692
- C:\Windows\System\gTjJzKa.exe
  C:\Windows\System\gTjJzKa.exe
  2⤵
  PID:6708
- C:\Windows\System\dNOObGJ.exe
  C:\Windows\System\dNOObGJ.exe
  2⤵
  PID:6724
- C:\Windows\System\SdVIvWU.exe
  C:\Windows\System\SdVIvWU.exe
  2⤵
  PID:6740
- C:\Windows\System\Mwjqpki.exe
  C:\Windows\System\Mwjqpki.exe
  2⤵
  PID:6756
- C:\Windows\System\SQcqzpK.exe
  C:\Windows\System\SQcqzpK.exe
  2⤵
  PID:6776
- C:\Windows\System\OcGluXZ.exe
  C:\Windows\System\OcGluXZ.exe
  2⤵
  PID:6792
- C:\Windows\System\QVyCLjq.exe
  C:\Windows\System\QVyCLjq.exe
  2⤵
  PID:6808
- C:\Windows\System\PhaohTO.exe
  C:\Windows\System\PhaohTO.exe
  2⤵
  PID:6824
- C:\Windows\System\HSGrukE.exe
  C:\Windows\System\HSGrukE.exe
  2⤵
  PID:6840
- C:\Windows\System\NvUtqYq.exe
  C:\Windows\System\NvUtqYq.exe
  2⤵
  PID:6856
- C:\Windows\System\DIJbPHp.exe
  C:\Windows\System\DIJbPHp.exe
  2⤵
  PID:6872
- C:\Windows\System\MgOCHAe.exe
  C:\Windows\System\MgOCHAe.exe
  2⤵
  PID:6888
- C:\Windows\System\SPPNYnJ.exe
  C:\Windows\System\SPPNYnJ.exe
  2⤵
  PID:6908
- C:\Windows\System\BFFqIgM.exe
  C:\Windows\System\BFFqIgM.exe
  2⤵
  PID:6924
- C:\Windows\System\gXFIkVd.exe
  C:\Windows\System\gXFIkVd.exe
  2⤵
  PID:6940
- C:\Windows\System\DDLevTA.exe
  C:\Windows\System\DDLevTA.exe
  2⤵
  PID:6956
- C:\Windows\System\XFzEpoS.exe
  C:\Windows\System\XFzEpoS.exe
  2⤵
  PID:6972
- C:\Windows\System\QQjzjvY.exe
  C:\Windows\System\QQjzjvY.exe
  2⤵
  PID:6988
- C:\Windows\System\OPLHEus.exe
  C:\Windows\System\OPLHEus.exe
  2⤵
  PID:7004
- C:\Windows\System\jfkJNGY.exe
  C:\Windows\System\jfkJNGY.exe
  2⤵
  PID:7024
- C:\Windows\System\nALwmsy.exe
  C:\Windows\System\nALwmsy.exe
  2⤵
  PID:7040
- C:\Windows\System\JoVGFFo.exe
  C:\Windows\System\JoVGFFo.exe
  2⤵
  PID:2620
- C:\Windows\System\fKcJLgO.exe
  C:\Windows\System\fKcJLgO.exe
  2⤵
  PID:6316
- C:\Windows\System\JaTHtMJ.exe
  C:\Windows\System\JaTHtMJ.exe
  2⤵
  PID:6264
- C:\Windows\System\MXlYxSF.exe
  C:\Windows\System\MXlYxSF.exe
  2⤵
  PID:6296
- C:\Windows\System\YaHiIeo.exe
  C:\Windows\System\YaHiIeo.exe
  2⤵
  PID:6424
- C:\Windows\System\lTKvtHj.exe
  C:\Windows\System\lTKvtHj.exe
  2⤵
  PID:6472
- C:\Windows\System\kNuPOdi.exe
  C:\Windows\System\kNuPOdi.exe
  2⤵
  PID:6508
- C:\Windows\System\lEIURWk.exe
  C:\Windows\System\lEIURWk.exe
  2⤵
  PID:836
- C:\Windows\System\fQhnHSo.exe
  C:\Windows\System\fQhnHSo.exe
  2⤵
  PID:6584
- C:\Windows\System\vRUMiQa.exe
  C:\Windows\System\vRUMiQa.exe
  2⤵
  PID:6488
- C:\Windows\System\yVAxSLX.exe
  C:\Windows\System\yVAxSLX.exe
  2⤵
  PID:6496
- C:\Windows\System\UqaXBiv.exe
  C:\Windows\System\UqaXBiv.exe
  2⤵
  PID:6636
- C:\Windows\System\CdhnMgg.exe
  C:\Windows\System\CdhnMgg.exe
  2⤵
  PID:6600
- C:\Windows\System\zMSJHYc.exe
  C:\Windows\System\zMSJHYc.exe
  2⤵
  PID:6688
- C:\Windows\System\KFmgOZZ.exe
  C:\Windows\System\KFmgOZZ.exe
  2⤵
  PID:6700
- C:\Windows\System\SFxEIHP.exe
  C:\Windows\System\SFxEIHP.exe
  2⤵
  PID:6752
- C:\Windows\System\tcDpOBj.exe
  C:\Windows\System\tcDpOBj.exe
  2⤵
  PID:6768
- C:\Windows\System\ZykicwQ.exe
  C:\Windows\System\ZykicwQ.exe
  2⤵
  PID:6832
- C:\Windows\System\kbqXMlR.exe
  C:\Windows\System\kbqXMlR.exe
  2⤵
  PID:6788
- C:\Windows\System\EFMeLYH.exe
  C:\Windows\System\EFMeLYH.exe
  2⤵
  PID:6880
- C:\Windows\System\cTmKTKF.exe
  C:\Windows\System\cTmKTKF.exe
  2⤵
  PID:6968
- C:\Windows\System\XQqiBam.exe
  C:\Windows\System\XQqiBam.exe
  2⤵
  PID:6996
- C:\Windows\System\UzTKAva.exe
  C:\Windows\System\UzTKAva.exe
  2⤵
  PID:7140
- C:\Windows\System\oFHwgkX.exe
  C:\Windows\System\oFHwgkX.exe
  2⤵
  PID:7164
- C:\Windows\System\ajDkUVr.exe
  C:\Windows\System\ajDkUVr.exe
  2⤵
  PID:2796
- C:\Windows\System\FxrtNio.exe
  C:\Windows\System\FxrtNio.exe
  2⤵
  PID:6168
- C:\Windows\System\ZMhEMLm.exe
  C:\Windows\System\ZMhEMLm.exe
  2⤵
  PID:6188
- C:\Windows\System\pEXaUIs.exe
  C:\Windows\System\pEXaUIs.exe
  2⤵
  PID:6216
- C:\Windows\System\utaQUyu.exe
  C:\Windows\System\utaQUyu.exe
  2⤵
  PID:6280
- C:\Windows\System\ykTOZCE.exe
  C:\Windows\System\ykTOZCE.exe
  2⤵
  PID:6376
- C:\Windows\System\ZtzhmQD.exe
  C:\Windows\System\ZtzhmQD.exe
  2⤵
  PID:6332
- C:\Windows\System\KjIYDrX.exe
  C:\Windows\System\KjIYDrX.exe
  2⤵
  PID:6396
- C:\Windows\System\tFfvvIL.exe
  C:\Windows\System\tFfvvIL.exe
  2⤵
  PID:6552
- C:\Windows\System\RKNpWli.exe
  C:\Windows\System\RKNpWli.exe
  2⤵
  PID:6516
- C:\Windows\System\twecovZ.exe
  C:\Windows\System\twecovZ.exe
  2⤵
  PID:6628
- C:\Windows\System\BQMpXZw.exe
  C:\Windows\System\BQMpXZw.exe
  2⤵
  PID:6668
- C:\Windows\System\QncSzDy.exe
  C:\Windows\System\QncSzDy.exe
  2⤵
  PID:6784
- C:\Windows\System\rVaMDge.exe
  C:\Windows\System\rVaMDge.exe
  2⤵
  PID:6852
- C:\Windows\System\lpYvBdv.exe
  C:\Windows\System\lpYvBdv.exe
  2⤵
  PID:2160
- C:\Windows\System\OWWmxzv.exe
  C:\Windows\System\OWWmxzv.exe
  2⤵
  PID:6952
- C:\Windows\System\qCRcqaU.exe
  C:\Windows\System\qCRcqaU.exe
  2⤵
  PID:6980
- C:\Windows\System\kVlZdTf.exe
  C:\Windows\System\kVlZdTf.exe
  2⤵
  PID:6900
- C:\Windows\System\XUPrnVq.exe
  C:\Windows\System\XUPrnVq.exe
  2⤵
  PID:6964
- C:\Windows\System\ZRbVlzF.exe
  C:\Windows\System\ZRbVlzF.exe
  2⤵
  PID:7048
- C:\Windows\System\DlykNFL.exe
  C:\Windows\System\DlykNFL.exe
  2⤵
  PID:7060
- C:\Windows\System\ALOuheQ.exe
  C:\Windows\System\ALOuheQ.exe
  2⤵
  PID:7072
- C:\Windows\System\DMgYnpR.exe
  C:\Windows\System\DMgYnpR.exe
  2⤵
  PID:7088
- C:\Windows\System\KPiiMzG.exe
  C:\Windows\System\KPiiMzG.exe
  2⤵
  PID:7104
- C:\Windows\System\HbfYfCM.exe
  C:\Windows\System\HbfYfCM.exe
  2⤵
  PID:7120
- C:\Windows\System\sHgQhRG.exe
  C:\Windows\System\sHgQhRG.exe
  2⤵
  PID:7136
- C:\Windows\System\Lhiqktd.exe
  C:\Windows\System\Lhiqktd.exe
  2⤵
  PID:1864
- C:\Windows\System\JQqQGZB.exe
  C:\Windows\System\JQqQGZB.exe
  2⤵
  PID:4988
- C:\Windows\System\KTHKpKS.exe
  C:\Windows\System\KTHKpKS.exe
  2⤵
  PID:1356
- C:\Windows\System\hJNabCb.exe
  C:\Windows\System\hJNabCb.exe
  2⤵
  PID:6804
- C:\Windows\System\lTdVRMx.exe
  C:\Windows\System\lTdVRMx.exe
  2⤵
  PID:7156
- C:\Windows\System\MuSHglb.exe
  C:\Windows\System\MuSHglb.exe
  2⤵
  PID:964
- C:\Windows\System\vBZJPNh.exe
  C:\Windows\System\vBZJPNh.exe
  2⤵
  PID:6656
- C:\Windows\System\sAgFMMo.exe
  C:\Windows\System\sAgFMMo.exe
  2⤵
  PID:6932
- C:\Windows\System\BxtRFrU.exe
  C:\Windows\System\BxtRFrU.exe
  2⤵
  PID:7096
- C:\Windows\System\NPIGVgL.exe
  C:\Windows\System\NPIGVgL.exe
  2⤵
  PID:7132
- C:\Windows\System\RkuxerT.exe
  C:\Windows\System\RkuxerT.exe
  2⤵
  PID:6204
- C:\Windows\System\wqBpOAU.exe
  C:\Windows\System\wqBpOAU.exe
  2⤵
  PID:6328
- C:\Windows\System\HTPgakP.exe
  C:\Windows\System\HTPgakP.exe
  2⤵
  PID:6648
- C:\Windows\System\XozHojc.exe
  C:\Windows\System\XozHojc.exe
  2⤵
  PID:6220
- C:\Windows\System\CSGpAUu.exe
  C:\Windows\System\CSGpAUu.exe
  2⤵
  PID:2584
- C:\Windows\System\OEhzWLn.exe
  C:\Windows\System\OEhzWLn.exe
  2⤵
  PID:6936
- C:\Windows\System\ydZvDag.exe
  C:\Windows\System\ydZvDag.exe
  2⤵
  PID:6916
- C:\Windows\System\tQBvWmI.exe
  C:\Windows\System\tQBvWmI.exe
  2⤵
  PID:7076
- C:\Windows\System\ozyLljv.exe
  C:\Windows\System\ozyLljv.exe
  2⤵
  PID:6492
- C:\Windows\System\MzMjtYC.exe
  C:\Windows\System\MzMjtYC.exe
  2⤵
  PID:7100
- C:\Windows\System\NtlKyVN.exe
  C:\Windows\System\NtlKyVN.exe
  2⤵
  PID:2240
- C:\Windows\System\sWapQAe.exe
  C:\Windows\System\sWapQAe.exe
  2⤵
  PID:2972
- C:\Windows\System\GaeDaYx.exe
  C:\Windows\System\GaeDaYx.exe
  2⤵
  PID:7144
- C:\Windows\System\CUSKLBY.exe
  C:\Windows\System\CUSKLBY.exe
  2⤵
  PID:1468
- C:\Windows\System\YBLSnuT.exe
  C:\Windows\System\YBLSnuT.exe
  2⤵
  PID:6820
- C:\Windows\System\sSWypxm.exe
  C:\Windows\System\sSWypxm.exe
  2⤵
  PID:7020
- C:\Windows\System\vgdvbrq.exe
  C:\Windows\System\vgdvbrq.exe
  2⤵
  PID:1836
- C:\Windows\System\wGHSuZu.exe
  C:\Windows\System\wGHSuZu.exe
  2⤵
  PID:7056
- C:\Windows\System\RxwlpbC.exe
  C:\Windows\System\RxwlpbC.exe
  2⤵
  PID:6800
- C:\Windows\System\CXLRKpA.exe
  C:\Windows\System\CXLRKpA.exe
  2⤵
  PID:5244
- C:\Windows\System\UsHOGvO.exe
  C:\Windows\System\UsHOGvO.exe
  2⤵
  PID:2176
- C:\Windows\System\seSJDDs.exe
  C:\Windows\System\seSJDDs.exe
  2⤵
  PID:7092
- C:\Windows\System\ksMEVNS.exe
  C:\Windows\System\ksMEVNS.exe
  2⤵
  PID:7180
- C:\Windows\System\LHZxECu.exe
  C:\Windows\System\LHZxECu.exe
  2⤵
  PID:7200
- C:\Windows\System\DbLqILY.exe
  C:\Windows\System\DbLqILY.exe
  2⤵
  PID:7216
- C:\Windows\System\rvNlAUj.exe
  C:\Windows\System\rvNlAUj.exe
  2⤵
  PID:7232
- C:\Windows\System\LUAhZSd.exe
  C:\Windows\System\LUAhZSd.exe
  2⤵
  PID:7248
- C:\Windows\System\LscqaAn.exe
  C:\Windows\System\LscqaAn.exe
  2⤵
  PID:7264
- C:\Windows\System\kjjdBjC.exe
  C:\Windows\System\kjjdBjC.exe
  2⤵
  PID:7280
- C:\Windows\System\iQTVnyZ.exe
  C:\Windows\System\iQTVnyZ.exe
  2⤵
  PID:7296
- C:\Windows\System\yxDJGXj.exe
  C:\Windows\System\yxDJGXj.exe
  2⤵
  PID:7312
- C:\Windows\System\IYTVkAx.exe
  C:\Windows\System\IYTVkAx.exe
  2⤵
  PID:7328
- C:\Windows\System\iIlfPiq.exe
  C:\Windows\System\iIlfPiq.exe
  2⤵
  PID:7344
- C:\Windows\System\UKKmvER.exe
  C:\Windows\System\UKKmvER.exe
  2⤵
  PID:7360
- C:\Windows\System\IRjWxff.exe
  C:\Windows\System\IRjWxff.exe
  2⤵
  PID:7376
- C:\Windows\System\JhsQRGy.exe
  C:\Windows\System\JhsQRGy.exe
  2⤵
  PID:7392
- C:\Windows\System\wxXryCA.exe
  C:\Windows\System\wxXryCA.exe
  2⤵
  PID:7408
- C:\Windows\System\WXtURgz.exe
  C:\Windows\System\WXtURgz.exe
  2⤵
  PID:7424
- C:\Windows\System\vhtoxzC.exe
  C:\Windows\System\vhtoxzC.exe
  2⤵
  PID:7440
- C:\Windows\System\rlImyKx.exe
  C:\Windows\System\rlImyKx.exe
  2⤵
  PID:7456
- C:\Windows\System\qBdHWNn.exe
  C:\Windows\System\qBdHWNn.exe
  2⤵
  PID:7472
- C:\Windows\System\tzyYSEb.exe
  C:\Windows\System\tzyYSEb.exe
  2⤵
  PID:7492
- C:\Windows\System\YDFmxFw.exe
  C:\Windows\System\YDFmxFw.exe
  2⤵
  PID:7508
- C:\Windows\System\vhZDnTn.exe
  C:\Windows\System\vhZDnTn.exe
  2⤵
  PID:7524
- C:\Windows\System\ZvGSmBH.exe
  C:\Windows\System\ZvGSmBH.exe
  2⤵
  PID:7540
- C:\Windows\System\tJtOZdj.exe
  C:\Windows\System\tJtOZdj.exe
  2⤵
  PID:7556
- C:\Windows\System\AsqRVMy.exe
  C:\Windows\System\AsqRVMy.exe
  2⤵
  PID:7572
- C:\Windows\System\DfVEJML.exe
  C:\Windows\System\DfVEJML.exe
  2⤵
  PID:7588
- C:\Windows\System\sHVQgIC.exe
  C:\Windows\System\sHVQgIC.exe
  2⤵
  PID:7604
- C:\Windows\System\FBtIdAz.exe
  C:\Windows\System\FBtIdAz.exe
  2⤵
  PID:7620
- C:\Windows\System\djPffnr.exe
  C:\Windows\System\djPffnr.exe
  2⤵
  PID:7636
- C:\Windows\System\BIvcRFM.exe
  C:\Windows\System\BIvcRFM.exe
  2⤵
  PID:7652
- C:\Windows\System\ppRdCTe.exe
  C:\Windows\System\ppRdCTe.exe
  2⤵
  PID:7668
- C:\Windows\System\KmuFUgv.exe
  C:\Windows\System\KmuFUgv.exe
  2⤵
  PID:7692
- C:\Windows\System\VHtavyh.exe
  C:\Windows\System\VHtavyh.exe
  2⤵
  PID:7716
- C:\Windows\System\gWYCNzm.exe
  C:\Windows\System\gWYCNzm.exe
  2⤵
  PID:7736
- C:\Windows\System\inWFoJz.exe
  C:\Windows\System\inWFoJz.exe
  2⤵
  PID:7752
- C:\Windows\System\iuKNgzr.exe
  C:\Windows\System\iuKNgzr.exe
  2⤵
  PID:7768
- C:\Windows\System\amUCBeU.exe
  C:\Windows\System\amUCBeU.exe
  2⤵
  PID:7784
- C:\Windows\System\wmFYArJ.exe
  C:\Windows\System\wmFYArJ.exe
  2⤵
  PID:7800
- C:\Windows\System\axuhJIa.exe
  C:\Windows\System\axuhJIa.exe
  2⤵
  PID:7816
- C:\Windows\System\OcmpnaI.exe
  C:\Windows\System\OcmpnaI.exe
  2⤵
  PID:7832
- C:\Windows\System\pRGnXrG.exe
  C:\Windows\System\pRGnXrG.exe
  2⤵
  PID:7848
- C:\Windows\System\eVapcPQ.exe
  C:\Windows\System\eVapcPQ.exe
  2⤵
  PID:7864
- C:\Windows\System\rWMRGzP.exe
  C:\Windows\System\rWMRGzP.exe
  2⤵
  PID:7880
- C:\Windows\System\CdtoBLT.exe
  C:\Windows\System\CdtoBLT.exe
  2⤵
  PID:7900
- C:\Windows\System\uUPnufG.exe
  C:\Windows\System\uUPnufG.exe
  2⤵
  PID:7916
- C:\Windows\System\wRnxaOn.exe
  C:\Windows\System\wRnxaOn.exe
  2⤵
  PID:7932
- C:\Windows\System\QYZReNL.exe
  C:\Windows\System\QYZReNL.exe
  2⤵
  PID:7948
- C:\Windows\System\yjOTyKi.exe
  C:\Windows\System\yjOTyKi.exe
  2⤵
  PID:7964
- C:\Windows\System\JGyuCrE.exe
  C:\Windows\System\JGyuCrE.exe
  2⤵
  PID:7980
- C:\Windows\System\zNJruoS.exe
  C:\Windows\System\zNJruoS.exe
  2⤵
  PID:8004
- C:\Windows\System\TBdXOLi.exe
  C:\Windows\System\TBdXOLi.exe
  2⤵
  PID:8024
- C:\Windows\System\MZLrPEX.exe
  C:\Windows\System\MZLrPEX.exe
  2⤵
  PID:8040
- C:\Windows\System\mfxFhQG.exe
  C:\Windows\System\mfxFhQG.exe
  2⤵
  PID:8056
- C:\Windows\System\aiOhchB.exe
  C:\Windows\System\aiOhchB.exe
  2⤵
  PID:8072
- C:\Windows\System\xOlTvAZ.exe
  C:\Windows\System\xOlTvAZ.exe
  2⤵
  PID:8088
- C:\Windows\System\QkcrBBO.exe
  C:\Windows\System\QkcrBBO.exe
  2⤵
  PID:8104
- C:\Windows\System\IvxSEcH.exe
  C:\Windows\System\IvxSEcH.exe
  2⤵
  PID:8120
- C:\Windows\System\XderAtj.exe
  C:\Windows\System\XderAtj.exe
  2⤵
  PID:8164
- C:\Windows\System\atQFNqG.exe
  C:\Windows\System\atQFNqG.exe
  2⤵
  PID:8184
- C:\Windows\System\GguWvLC.exe
  C:\Windows\System\GguWvLC.exe
  2⤵
  PID:6580
- C:\Windows\System\HgHqyxW.exe
  C:\Windows\System\HgHqyxW.exe
  2⤵
  PID:7212
- C:\Windows\System\EuAcLSD.exe
  C:\Windows\System\EuAcLSD.exe
  2⤵
  PID:7196
- C:\Windows\System\IIHiUyo.exe
  C:\Windows\System\IIHiUyo.exe
  2⤵
  PID:7244
- C:\Windows\System\JtnrFBS.exe
  C:\Windows\System\JtnrFBS.exe
  2⤵
  PID:7224
- C:\Windows\System\vOhcSQh.exe
  C:\Windows\System\vOhcSQh.exe
  2⤵
  PID:7308
- C:\Windows\System\NJHxoBw.exe
  C:\Windows\System\NJHxoBw.exe
  2⤵
  PID:7368
- C:\Windows\System\zYnQgfk.exe
  C:\Windows\System\zYnQgfk.exe
  2⤵
  PID:7436
- C:\Windows\System\yawhoYP.exe
  C:\Windows\System\yawhoYP.exe
  2⤵
  PID:7464
- C:\Windows\System\KNSqZzL.exe
  C:\Windows\System\KNSqZzL.exe
  2⤵
  PID:7384
- C:\Windows\System\QRtbEHR.exe
  C:\Windows\System\QRtbEHR.exe
  2⤵
  PID:7480
- C:\Windows\System\rTtjzWM.exe
  C:\Windows\System\rTtjzWM.exe
  2⤵
  PID:7504
- C:\Windows\System\FgXstjs.exe
  C:\Windows\System\FgXstjs.exe
  2⤵
  PID:7552
- C:\Windows\System\hEIkVnt.exe
  C:\Windows\System\hEIkVnt.exe
  2⤵
  PID:7596
- C:\Windows\System\HAIwlRd.exe
  C:\Windows\System\HAIwlRd.exe
  2⤵
  PID:7612
- C:\Windows\System\AxSRneL.exe
  C:\Windows\System\AxSRneL.exe
  2⤵
  PID:7660
- C:\Windows\System\jhuvssd.exe
  C:\Windows\System\jhuvssd.exe
  2⤵
  PID:7676
- C:\Windows\System\ghHPSvf.exe
  C:\Windows\System\ghHPSvf.exe
  2⤵
  PID:7688
- C:\Windows\System\pdArjxl.exe
  C:\Windows\System\pdArjxl.exe
  2⤵
  PID:7744
- C:\Windows\System\gJEbead.exe
  C:\Windows\System\gJEbead.exe
  2⤵
  PID:7732
- C:\Windows\System\SdSGcXa.exe
  C:\Windows\System\SdSGcXa.exe
  2⤵
  PID:7808
- C:\Windows\System\kSczuml.exe
  C:\Windows\System\kSczuml.exe
  2⤵
  PID:7872
- C:\Windows\System\oSdtXNN.exe
  C:\Windows\System\oSdtXNN.exe
  2⤵
  PID:7940
- C:\Windows\System\lYBuNct.exe
  C:\Windows\System\lYBuNct.exe
  2⤵
  PID:7760
- C:\Windows\System\KfogTyQ.exe
  C:\Windows\System\KfogTyQ.exe
  2⤵
  PID:7824
- C:\Windows\System\wvrenet.exe
  C:\Windows\System\wvrenet.exe
  2⤵
  PID:7960
- C:\Windows\System\CVsydGl.exe
  C:\Windows\System\CVsydGl.exe
  2⤵
  PID:8000
- C:\Windows\System\ogBIgWp.exe
  C:\Windows\System\ogBIgWp.exe
  2⤵
  PID:8016
- C:\Windows\System\smkGxPZ.exe
  C:\Windows\System\smkGxPZ.exe
  2⤵
  PID:7888
- C:\Windows\System\gxQSibD.exe
  C:\Windows\System\gxQSibD.exe
  2⤵
  PID:8080
- C:\Windows\System\EhQtPso.exe
  C:\Windows\System\EhQtPso.exe
  2⤵
  PID:8068
- C:\Windows\System\yigsGHi.exe
  C:\Windows\System\yigsGHi.exe
  2⤵
  PID:8064
- C:\Windows\System\OqYUHDp.exe
  C:\Windows\System\OqYUHDp.exe
  2⤵
  PID:8136
- C:\Windows\System\wKSStmh.exe
  C:\Windows\System\wKSStmh.exe
  2⤵
  PID:8152
- C:\Windows\System\aqAdTyn.exe
  C:\Windows\System\aqAdTyn.exe
  2⤵
  PID:8176
- C:\Windows\System\uGBCwxI.exe
  C:\Windows\System\uGBCwxI.exe
  2⤵
  PID:8172
- C:\Windows\System\qrzDWlt.exe
  C:\Windows\System\qrzDWlt.exe
  2⤵
  PID:7192
- C:\Windows\System\QmcVGXS.exe
  C:\Windows\System\QmcVGXS.exe
  2⤵
  PID:7288
- C:\Windows\System\OQOIVny.exe
  C:\Windows\System\OQOIVny.exe
  2⤵
  PID:1540
- C:\Windows\System\PmrvCja.exe
  C:\Windows\System\PmrvCja.exe
  2⤵
  PID:7276
- C:\Windows\System\IXDBkuv.exe
  C:\Windows\System\IXDBkuv.exe
  2⤵
  PID:7320
- C:\Windows\System\zRVmXqh.exe
  C:\Windows\System\zRVmXqh.exe
  2⤵
  PID:7500
- C:\Windows\System\Hkbkoop.exe
  C:\Windows\System\Hkbkoop.exe
  2⤵
  PID:7520
- C:\Windows\System\cBclsgl.exe
  C:\Windows\System\cBclsgl.exe
  2⤵
  PID:7584
- C:\Windows\System\ucborAe.exe
  C:\Windows\System\ucborAe.exe
  2⤵
  PID:7776
- C:\Windows\System\mqDsWXo.exe
  C:\Windows\System\mqDsWXo.exe
  2⤵
  PID:7924
- C:\Windows\System\zqJhEeU.exe
  C:\Windows\System\zqJhEeU.exe
  2⤵
  PID:7896
- C:\Windows\System\EWNclbI.exe
  C:\Windows\System\EWNclbI.exe
  2⤵
  PID:8128
- C:\Windows\System\FfaTXrB.exe
  C:\Windows\System\FfaTXrB.exe
  2⤵
  PID:7628
- C:\Windows\System\SXAaAUD.exe
  C:\Windows\System\SXAaAUD.exe
  2⤵
  PID:7728
- C:\Windows\System\gcWpkMw.exe
  C:\Windows\System\gcWpkMw.exe
  2⤵
  PID:7972
- C:\Windows\System\FqYJCMn.exe
  C:\Windows\System\FqYJCMn.exe
  2⤵
  PID:7632
- C:\Windows\System\xpJNdtB.exe
  C:\Windows\System\xpJNdtB.exe
  2⤵
  PID:7988
- C:\Windows\System\fBeoaYJ.exe
  C:\Windows\System\fBeoaYJ.exe
  2⤵
  PID:7256
- C:\Windows\System\QObDEfo.exe
  C:\Windows\System\QObDEfo.exe
  2⤵
  PID:7240
- C:\Windows\System\YlmuLjH.exe
  C:\Windows\System\YlmuLjH.exe
  2⤵
  PID:7388
- C:\Windows\System\kUrQopM.exe
  C:\Windows\System\kUrQopM.exe
  2⤵
  PID:7536
- C:\Windows\System\IuRJGoO.exe
  C:\Windows\System\IuRJGoO.exe
  2⤵
  PID:7708
- C:\Windows\System\GzakBSV.exe
  C:\Windows\System\GzakBSV.exe
  2⤵
  PID:8112
- C:\Windows\System\VjEPGyd.exe
  C:\Windows\System\VjEPGyd.exe
  2⤵
  PID:7856
- C:\Windows\System\MjhCbha.exe
  C:\Windows\System\MjhCbha.exe
  2⤵
  PID:7860
- C:\Windows\System\OrWgCrJ.exe
  C:\Windows\System\OrWgCrJ.exe
  2⤵
  PID:828
- C:\Windows\System\GNEPRUI.exe
  C:\Windows\System\GNEPRUI.exe
  2⤵
  PID:6536
- C:\Windows\System\bvmBMMP.exe
  C:\Windows\System\bvmBMMP.exe
  2⤵
  PID:6476
- C:\Windows\System\PFegOzu.exe
  C:\Windows\System\PFegOzu.exe
  2⤵
  PID:7580
- C:\Windows\System\azTcBml.exe
  C:\Windows\System\azTcBml.exe
  2⤵
  PID:8156
- C:\Windows\System\YAHqAsC.exe
  C:\Windows\System\YAHqAsC.exe
  2⤵
  PID:8200
- C:\Windows\System\kcBQdjx.exe
  C:\Windows\System\kcBQdjx.exe
  2⤵
  PID:8216
- C:\Windows\System\VkQrcOB.exe
  C:\Windows\System\VkQrcOB.exe
  2⤵
  PID:8232
- C:\Windows\System\IixijbY.exe
  C:\Windows\System\IixijbY.exe
  2⤵
  PID:8248
- C:\Windows\System\AjuKdNm.exe
  C:\Windows\System\AjuKdNm.exe
  2⤵
  PID:8264
- C:\Windows\System\lbmVdHB.exe
  C:\Windows\System\lbmVdHB.exe
  2⤵
  PID:8284
- C:\Windows\System\iJUxvtH.exe
  C:\Windows\System\iJUxvtH.exe
  2⤵
  PID:8308
- C:\Windows\System\pJpLKOw.exe
  C:\Windows\System\pJpLKOw.exe
  2⤵
  PID:8328
- C:\Windows\System\gUAmGGP.exe
  C:\Windows\System\gUAmGGP.exe
  2⤵
  PID:8344
- C:\Windows\System\NOfSTHl.exe
  C:\Windows\System\NOfSTHl.exe
  2⤵
  PID:8376
- C:\Windows\System\GaRKvSk.exe
  C:\Windows\System\GaRKvSk.exe
  2⤵
  PID:8396
- C:\Windows\System\posuLin.exe
  C:\Windows\System\posuLin.exe
  2⤵
  PID:8424
- C:\Windows\System\eDSQBvh.exe
  C:\Windows\System\eDSQBvh.exe
  2⤵
  PID:8448
- C:\Windows\System\Qorteuh.exe
  C:\Windows\System\Qorteuh.exe
  2⤵
  PID:8464
- C:\Windows\System\xfvIWxZ.exe
  C:\Windows\System\xfvIWxZ.exe
  2⤵
  PID:8480
- C:\Windows\System\wtVFppi.exe
  C:\Windows\System\wtVFppi.exe
  2⤵
  PID:8496
- C:\Windows\System\gvrxOfq.exe
  C:\Windows\System\gvrxOfq.exe
  2⤵
  PID:8512
- C:\Windows\System\EIejFAJ.exe
  C:\Windows\System\EIejFAJ.exe
  2⤵
  PID:8528
- C:\Windows\System\MKldMNS.exe
  C:\Windows\System\MKldMNS.exe
  2⤵
  PID:8544
- C:\Windows\System\yCmoUNk.exe
  C:\Windows\System\yCmoUNk.exe
  2⤵
  PID:8560
- C:\Windows\System\WnvfCxg.exe
  C:\Windows\System\WnvfCxg.exe
  2⤵
  PID:8576
- C:\Windows\System\bcUcXhd.exe
  C:\Windows\System\bcUcXhd.exe
  2⤵
  PID:8592
- C:\Windows\System\gfuauah.exe
  C:\Windows\System\gfuauah.exe
  2⤵
  PID:8608
- C:\Windows\System\XMveHpV.exe
  C:\Windows\System\XMveHpV.exe
  2⤵
  PID:8624
- C:\Windows\System\LjFPzto.exe
  C:\Windows\System\LjFPzto.exe
  2⤵
  PID:8640
- C:\Windows\System\LklTEsC.exe
  C:\Windows\System\LklTEsC.exe
  2⤵
  PID:8656
- C:\Windows\System\INOcZlT.exe
  C:\Windows\System\INOcZlT.exe
  2⤵
  PID:8672
- C:\Windows\System\xfReXNF.exe
  C:\Windows\System\xfReXNF.exe
  2⤵
  PID:8688
- C:\Windows\System\xqsebxA.exe
  C:\Windows\System\xqsebxA.exe
  2⤵
  PID:8704
- C:\Windows\System\uLdyxun.exe
  C:\Windows\System\uLdyxun.exe
  2⤵
  PID:8720
- C:\Windows\System\oLpXcMa.exe
  C:\Windows\System\oLpXcMa.exe
  2⤵
  PID:8736
- C:\Windows\System\qJbmmYN.exe
  C:\Windows\System\qJbmmYN.exe
  2⤵
  PID:8752
- C:\Windows\System\WWfwQfD.exe
  C:\Windows\System\WWfwQfD.exe
  2⤵
  PID:8772
- C:\Windows\System\AgNonRJ.exe
  C:\Windows\System\AgNonRJ.exe
  2⤵
  PID:8788
- C:\Windows\System\dJnRhDQ.exe
  C:\Windows\System\dJnRhDQ.exe
  2⤵
  PID:8804
- C:\Windows\System\aTpjVgg.exe
  C:\Windows\System\aTpjVgg.exe
  2⤵
  PID:8820
- C:\Windows\System\dZlvYok.exe
  C:\Windows\System\dZlvYok.exe
  2⤵
  PID:8836
- C:\Windows\System\uqcbZkq.exe
  C:\Windows\System\uqcbZkq.exe
  2⤵
  PID:8856
- C:\Windows\System\OTCZVOa.exe
  C:\Windows\System\OTCZVOa.exe
  2⤵
  PID:8872
- C:\Windows\System\kTmEkLC.exe
  C:\Windows\System\kTmEkLC.exe
  2⤵
  PID:8888
- C:\Windows\System\wQQvQtS.exe
  C:\Windows\System\wQQvQtS.exe
  2⤵
  PID:8904
- C:\Windows\System\aALaVeA.exe
  C:\Windows\System\aALaVeA.exe
  2⤵
  PID:8920
- C:\Windows\System\NXPRjKY.exe
  C:\Windows\System\NXPRjKY.exe
  2⤵
  PID:8936
- C:\Windows\System\alXTcWL.exe
  C:\Windows\System\alXTcWL.exe
  2⤵
  PID:8952
- C:\Windows\System\BLNBTcb.exe
  C:\Windows\System\BLNBTcb.exe
  2⤵
  PID:8968
- C:\Windows\System\njRqpWn.exe
  C:\Windows\System\njRqpWn.exe
  2⤵
  PID:8984
- C:\Windows\System\jxffKFy.exe
  C:\Windows\System\jxffKFy.exe
  2⤵
  PID:9000
- C:\Windows\System\ZTOyMDj.exe
  C:\Windows\System\ZTOyMDj.exe
  2⤵
  PID:9016
- C:\Windows\System\FINgfOh.exe
  C:\Windows\System\FINgfOh.exe
  2⤵
  PID:9032
- C:\Windows\System\nvduwlX.exe
  C:\Windows\System\nvduwlX.exe
  2⤵
  PID:9048
- C:\Windows\System\iMoyNTO.exe
  C:\Windows\System\iMoyNTO.exe
  2⤵
  PID:9064
- C:\Windows\System\SpWxZRz.exe
  C:\Windows\System\SpWxZRz.exe
  2⤵
  PID:9084
- C:\Windows\System\ayykRsl.exe
  C:\Windows\System\ayykRsl.exe
  2⤵
  PID:9108
- C:\Windows\System\vueTcOB.exe
  C:\Windows\System\vueTcOB.exe
  2⤵
  PID:9136
- C:\Windows\System\vWJKabf.exe
  C:\Windows\System\vWJKabf.exe
  2⤵
  PID:9152
- C:\Windows\System\VcfdFhW.exe
  C:\Windows\System\VcfdFhW.exe
  2⤵
  PID:9172
- C:\Windows\System\hStBZbm.exe
  C:\Windows\System\hStBZbm.exe
  2⤵
  PID:9192
- C:\Windows\System\wPskfxv.exe
  C:\Windows\System\wPskfxv.exe
  2⤵
  PID:9208
- C:\Windows\System\ujhAdAz.exe
  C:\Windows\System\ujhAdAz.exe
  2⤵
  PID:7448
- C:\Windows\System\zcTVrhA.exe
  C:\Windows\System\zcTVrhA.exe
  2⤵
  PID:6152
- C:\Windows\System\GgKhZkQ.exe
  C:\Windows\System\GgKhZkQ.exe
  2⤵
  PID:8096
- C:\Windows\System\nDztPDw.exe
  C:\Windows\System\nDztPDw.exe
  2⤵
  PID:8208
- C:\Windows\System\tugKsUF.exe
  C:\Windows\System\tugKsUF.exe
  2⤵
  PID:8228
- C:\Windows\System\BVVOTsL.exe
  C:\Windows\System\BVVOTsL.exe
  2⤵
  PID:8280
- C:\Windows\System\WimryZX.exe
  C:\Windows\System\WimryZX.exe
  2⤵
  PID:8352
- C:\Windows\System\jToSDya.exe
  C:\Windows\System\jToSDya.exe
  2⤵
  PID:8364
- C:\Windows\System\GeHSeHM.exe
  C:\Windows\System\GeHSeHM.exe
  2⤵
  PID:8256
- C:\Windows\System\zUEMMKZ.exe
  C:\Windows\System\zUEMMKZ.exe
  2⤵
  PID:8420
- C:\Windows\System\DoqrRwS.exe
  C:\Windows\System\DoqrRwS.exe
  2⤵
  PID:8336
- C:\Windows\System\OwUFGWv.exe
  C:\Windows\System\OwUFGWv.exe
  2⤵
  PID:8392
- C:\Windows\System\efWKocp.exe
  C:\Windows\System\efWKocp.exe
  2⤵
  PID:8444
- C:\Windows\System\pBNVRec.exe
  C:\Windows\System\pBNVRec.exe
  2⤵
  PID:8508
- C:\Windows\System\eEfnIJr.exe
  C:\Windows\System\eEfnIJr.exe
  2⤵
  PID:8572
- C:\Windows\System\UxbFGue.exe
  C:\Windows\System\UxbFGue.exe
  2⤵
  PID:8488
- C:\Windows\System\qxfvtaq.exe
  C:\Windows\System\qxfvtaq.exe
  2⤵
  PID:7488
- C:\Windows\System\MZLvyJr.exe
  C:\Windows\System\MZLvyJr.exe
  2⤵
  PID:8556
- C:\Windows\System\maNZOQr.exe
  C:\Windows\System\maNZOQr.exe
  2⤵
  PID:8620
- C:\Windows\System\ucjEuNo.exe
  C:\Windows\System\ucjEuNo.exe
  2⤵
  PID:8684
- C:\Windows\System\IRqHnwn.exe
  C:\Windows\System\IRqHnwn.exe
  2⤵
  PID:8664
- C:\Windows\System\TgjjuJM.exe
  C:\Windows\System\TgjjuJM.exe
  2⤵
  PID:8632
- C:\Windows\System\kKEdkpg.exe
  C:\Windows\System\kKEdkpg.exe
  2⤵
  PID:8764
- C:\Windows\System\HDdkyXE.exe
  C:\Windows\System\HDdkyXE.exe
  2⤵
  PID:8768
- C:\Windows\System\IPjYUHH.exe
  C:\Windows\System\IPjYUHH.exe
  2⤵
  PID:8784
- C:\Windows\System\OHGTpQN.exe
  C:\Windows\System\OHGTpQN.exe
  2⤵
  PID:8848
- C:\Windows\System\YzXzjue.exe
  C:\Windows\System\YzXzjue.exe
  2⤵
  PID:8912
- C:\Windows\System\wGqQTvB.exe
  C:\Windows\System\wGqQTvB.exe
  2⤵
  PID:8864
- C:\Windows\System\GrKIPAk.exe
  C:\Windows\System\GrKIPAk.exe
  2⤵
  PID:8928
- C:\Windows\System\mQDvNFw.exe
  C:\Windows\System\mQDvNFw.exe
  2⤵
  PID:8960
- C:\Windows\System\vLBMOoY.exe
  C:\Windows\System\vLBMOoY.exe
  2⤵
  PID:8980
- C:\Windows\System\LkiPWFS.exe
  C:\Windows\System\LkiPWFS.exe
  2⤵
  PID:9028
- C:\Windows\System\PKcBlqj.exe
  C:\Windows\System\PKcBlqj.exe
  2⤵
  PID:9076
- C:\Windows\System\MftIBGQ.exe
  C:\Windows\System\MftIBGQ.exe
  2⤵
  PID:9120
- C:\Windows\System\XaeIakr.exe
  C:\Windows\System\XaeIakr.exe
  2⤵
  PID:9056
- C:\Windows\System\duOOAsC.exe
  C:\Windows\System\duOOAsC.exe
  2⤵
  PID:9164
- C:\Windows\System\pMvgyuO.exe
  C:\Windows\System\pMvgyuO.exe
  2⤵
  PID:7568
- C:\Windows\System\JDVfwLp.exe
  C:\Windows\System\JDVfwLp.exe
  2⤵
  PID:8244
- C:\Windows\System\HUyKegl.exe
  C:\Windows\System\HUyKegl.exe
  2⤵
  PID:8320
- C:\Windows\System\yxeepbY.exe
  C:\Windows\System\yxeepbY.exe
  2⤵
  PID:8368
- C:\Windows\System\ZVSVwcB.exe
  C:\Windows\System\ZVSVwcB.exe
  2⤵
  PID:8504
- C:\Windows\System\SiqcMxL.exe
  C:\Windows\System\SiqcMxL.exe
  2⤵
  PID:8652
- C:\Windows\System\IaeDVUm.exe
  C:\Windows\System\IaeDVUm.exe
  2⤵
  PID:8524
- C:\Windows\System\AjrDwBi.exe
  C:\Windows\System\AjrDwBi.exe
  2⤵
  PID:264
- C:\Windows\System\gjaLRgM.exe
  C:\Windows\System\gjaLRgM.exe
  2⤵
  PID:8828
- C:\Windows\System\aBFOmWy.exe
  C:\Windows\System\aBFOmWy.exe
  2⤵
  PID:8900
- C:\Windows\System\yZsIRNA.exe
  C:\Windows\System\yZsIRNA.exe
  2⤵
  PID:2356
- C:\Windows\System\dbjQpOq.exe
  C:\Windows\System\dbjQpOq.exe
  2⤵
  PID:8992
- C:\Windows\System\VPuVnjI.exe
  C:\Windows\System\VPuVnjI.exe
  2⤵
  PID:8600
- C:\Windows\System\oByBLkI.exe
  C:\Windows\System\oByBLkI.exe
  2⤵
  PID:8476
- C:\Windows\System\uoPOIDJ.exe
  C:\Windows\System\uoPOIDJ.exe
  2⤵
  PID:8844
- C:\Windows\System\wmBGhhj.exe
  C:\Windows\System\wmBGhhj.exe
  2⤵
  PID:9024
- C:\Windows\System\maeYYlS.exe
  C:\Windows\System\maeYYlS.exe
  2⤵
  PID:9124
- C:\Windows\System\BqBnGjn.exe
  C:\Windows\System\BqBnGjn.exe
  2⤵
  PID:9128
- C:\Windows\System\Rryiawo.exe
  C:\Windows\System\Rryiawo.exe
  2⤵
  PID:9096
- C:\Windows\System\FwuDgzF.exe
  C:\Windows\System\FwuDgzF.exe
  2⤵
  PID:9200
- C:\Windows\System\NQeONlL.exe
  C:\Windows\System\NQeONlL.exe
  2⤵
  PID:7764
- C:\Windows\System\jHcEQBT.exe
  C:\Windows\System\jHcEQBT.exe
  2⤵
  PID:7516
- C:\Windows\System\siKSvnw.exe
  C:\Windows\System\siKSvnw.exe
  2⤵
  PID:8408
- C:\Windows\System\YdSTJOM.exe
  C:\Windows\System\YdSTJOM.exe
  2⤵
  PID:7912
- C:\Windows\System\rYbMmri.exe
  C:\Windows\System\rYbMmri.exe
  2⤵
  PID:8588
- C:\Windows\System\PaOqKRJ.exe
  C:\Windows\System\PaOqKRJ.exe
  2⤵
  PID:8832
- C:\Windows\System\BnfBhvV.exe
  C:\Windows\System\BnfBhvV.exe
  2⤵
  PID:8296
- C:\Windows\System\AayaqWV.exe
  C:\Windows\System\AayaqWV.exe
  2⤵
  PID:8520
- C:\Windows\System\OosgbAt.exe
  C:\Windows\System\OosgbAt.exe
  2⤵
  PID:8540
- C:\Windows\System\FznUpmX.exe
  C:\Windows\System\FznUpmX.exe
  2⤵
  PID:8884
- C:\Windows\System\tKCvihv.exe
  C:\Windows\System\tKCvihv.exe
  2⤵
  PID:8976
- C:\Windows\System\lcvCltj.exe
  C:\Windows\System\lcvCltj.exe
  2⤵
  PID:7844
- C:\Windows\System\auWtfAn.exe
  C:\Windows\System\auWtfAn.exe
  2⤵
  PID:7840
- C:\Windows\System\HXrRaog.exe
  C:\Windows\System\HXrRaog.exe
  2⤵
  PID:9180
- C:\Windows\System\rvgOblF.exe
  C:\Windows\System\rvgOblF.exe
  2⤵
  PID:8460
- C:\Windows\System\bSgAMnl.exe
  C:\Windows\System\bSgAMnl.exe
  2⤵
  PID:8384
- C:\Windows\System\CMOntYB.exe
  C:\Windows\System\CMOntYB.exe
  2⤵
  PID:9224
- C:\Windows\System\IQWfOgC.exe
  C:\Windows\System\IQWfOgC.exe
  2⤵
  PID:9240
- C:\Windows\System\dNzNngW.exe
  C:\Windows\System\dNzNngW.exe
  2⤵
  PID:9256
- C:\Windows\System\tuGkoJH.exe
  C:\Windows\System\tuGkoJH.exe
  2⤵
  PID:9276
- C:\Windows\System\OMQvjhn.exe
  C:\Windows\System\OMQvjhn.exe
  2⤵
  PID:9292
- C:\Windows\System\UVvnfLQ.exe
  C:\Windows\System\UVvnfLQ.exe
  2⤵
  PID:9312
- C:\Windows\System\GCwEivv.exe
  C:\Windows\System\GCwEivv.exe
  2⤵
  PID:9328
- C:\Windows\System\msYJHCx.exe
  C:\Windows\System\msYJHCx.exe
  2⤵
  PID:9348
- C:\Windows\System\DWQqrlw.exe
  C:\Windows\System\DWQqrlw.exe
  2⤵
  PID:9364
- C:\Windows\System\tNyyUzY.exe
  C:\Windows\System\tNyyUzY.exe
  2⤵
  PID:9380
- C:\Windows\System\qpVeuSx.exe
  C:\Windows\System\qpVeuSx.exe
  2⤵
  PID:9396
- C:\Windows\System\GeGxCQQ.exe
  C:\Windows\System\GeGxCQQ.exe
  2⤵
  PID:9412
- C:\Windows\System\iOZCuEt.exe
  C:\Windows\System\iOZCuEt.exe
  2⤵
  PID:9428
- C:\Windows\System\HjneVWd.exe
  C:\Windows\System\HjneVWd.exe
  2⤵
  PID:9444
- C:\Windows\System\XjtMzOT.exe
  C:\Windows\System\XjtMzOT.exe
  2⤵
  PID:9460
- C:\Windows\System\zKFCSwm.exe
  C:\Windows\System\zKFCSwm.exe
  2⤵
  PID:9476
- C:\Windows\System\CDoxgRy.exe
  C:\Windows\System\CDoxgRy.exe
  2⤵
  PID:9492
- C:\Windows\System\lGrWKaD.exe
  C:\Windows\System\lGrWKaD.exe
  2⤵
  PID:9508
- C:\Windows\System\GSnLLiY.exe
  C:\Windows\System\GSnLLiY.exe
  2⤵
  PID:9524
- C:\Windows\System\umfXazb.exe
  C:\Windows\System\umfXazb.exe
  2⤵
  PID:9540
- C:\Windows\System\MPfbHby.exe
  C:\Windows\System\MPfbHby.exe
  2⤵
  PID:9556
- C:\Windows\System\WLREdHv.exe
  C:\Windows\System\WLREdHv.exe
  2⤵
  PID:9572
- C:\Windows\System\YkxbUaJ.exe
  C:\Windows\System\YkxbUaJ.exe
  2⤵
  PID:9588
- C:\Windows\System\HDEvOuh.exe
  C:\Windows\System\HDEvOuh.exe
  2⤵
  PID:9604
- C:\Windows\System\EcIxZPj.exe
  C:\Windows\System\EcIxZPj.exe
  2⤵
  PID:9620
- C:\Windows\System\qVwZLsZ.exe
  C:\Windows\System\qVwZLsZ.exe
  2⤵
  PID:9636
- C:\Windows\System\BfESiYS.exe
  C:\Windows\System\BfESiYS.exe
  2⤵
  PID:9652
- C:\Windows\System\GiWNXJl.exe
  C:\Windows\System\GiWNXJl.exe
  2⤵
  PID:9668
- C:\Windows\System\LIxhiKq.exe
  C:\Windows\System\LIxhiKq.exe
  2⤵
  PID:10212
- C:\Windows\System\gNIYVDc.exe
  C:\Windows\System\gNIYVDc.exe
  2⤵
  PID:9468
- C:\Windows\System\GffbrQP.exe
  C:\Windows\System\GffbrQP.exe
  2⤵
  PID:9648
- C:\Windows\System\kqZVMiH.exe
  C:\Windows\System\kqZVMiH.exe
  2⤵
  PID:9720
- C:\Windows\System\EPEwfVC.exe
  C:\Windows\System\EPEwfVC.exe
  2⤵
  PID:9796
- C:\Windows\System\QmSzolT.exe
  C:\Windows\System\QmSzolT.exe
  2⤵
  PID:9776
- C:\Windows\System\HLAfwgg.exe
  C:\Windows\System\HLAfwgg.exe
  2⤵
  PID:9868
- C:\Windows\System\MauQwGk.exe
  C:\Windows\System\MauQwGk.exe
  2⤵
  PID:9888
- C:\Windows\System\GOcMvPx.exe
  C:\Windows\System\GOcMvPx.exe
  2⤵
  PID:9976
- C:\Windows\System\sSNsfGZ.exe
  C:\Windows\System\sSNsfGZ.exe
  2⤵
  PID:10228
- C:\Windows\System\nUrXtJw.exe
  C:\Windows\System\nUrXtJw.exe
  2⤵
  PID:8404
- C:\Windows\System\IxVyvvj.exe
  C:\Windows\System\IxVyvvj.exe
  2⤵
  PID:9236
- C:\Windows\System\cZUPEoB.exe
  C:\Windows\System\cZUPEoB.exe
  2⤵
  PID:9708
- C:\Windows\System\EEIGmft.exe
  C:\Windows\System\EEIGmft.exe
  2⤵
  PID:9728
- C:\Windows\System\kgSUewP.exe
  C:\Windows\System\kgSUewP.exe
  2⤵
  PID:9784
- C:\Windows\System\AjTxhoM.exe
  C:\Windows\System\AjTxhoM.exe
  2⤵
  PID:9748
- C:\Windows\System\pzTpcmd.exe
  C:\Windows\System\pzTpcmd.exe
  2⤵
  PID:9816
- C:\Windows\System\tNmhqNW.exe
  C:\Windows\System\tNmhqNW.exe
  2⤵
  PID:9892
- C:\Windows\System\fuaeQhf.exe
  C:\Windows\System\fuaeQhf.exe
  2⤵
  PID:9836
- C:\Windows\System\HRpRLaL.exe
  C:\Windows\System\HRpRLaL.exe
  2⤵
  PID:9852
- C:\Windows\System\yuvBBLu.exe
  C:\Windows\System\yuvBBLu.exe
  2⤵
  PID:9912
- C:\Windows\System\jHGpkRr.exe
  C:\Windows\System\jHGpkRr.exe
  2⤵
  PID:9932
- C:\Windows\System\itzBHbf.exe
  C:\Windows\System\itzBHbf.exe
  2⤵
  PID:9940
- C:\Windows\System\kaNZOwA.exe
  C:\Windows\System\kaNZOwA.exe
  2⤵
  PID:9988
- C:\Windows\System\DVfLZZU.exe
  C:\Windows\System\DVfLZZU.exe
  2⤵
  PID:10000
- C:\Windows\System\YXPEtSG.exe
  C:\Windows\System\YXPEtSG.exe
  2⤵
  PID:10028
- C:\Windows\System\LlcbOro.exe
  C:\Windows\System\LlcbOro.exe
  2⤵
  PID:10044
- C:\Windows\System\oWNYDZq.exe
  C:\Windows\System\oWNYDZq.exe
  2⤵
  PID:10060
- C:\Windows\System\ELCgROw.exe
  C:\Windows\System\ELCgROw.exe
  2⤵
  PID:10072
- C:\Windows\System\CYtbnnA.exe
  C:\Windows\System\CYtbnnA.exe
  2⤵
  PID:10096
- C:\Windows\System\RQPOVEp.exe
  C:\Windows\System\RQPOVEp.exe
  2⤵
  PID:10120
- C:\Windows\System\tHuTwaz.exe
  C:\Windows\System\tHuTwaz.exe
  2⤵
  PID:9272
- C:\Windows\System\MORgRkk.exe
  C:\Windows\System\MORgRkk.exe
  2⤵
  PID:10156
- C:\Windows\System\GsThgRt.exe
  C:\Windows\System\GsThgRt.exe
  2⤵
  PID:10184
- C:\Windows\System\VVeQNdQ.exe
  C:\Windows\System\VVeQNdQ.exe
  2⤵
  PID:10204
- C:\Windows\System\XYFfDlz.exe
  C:\Windows\System\XYFfDlz.exe
  2⤵
  PID:10236
- C:\Windows\System\TBgwUFT.exe
  C:\Windows\System\TBgwUFT.exe
  2⤵
  PID:9232
- C:\Windows\System\zhAWTyd.exe
  C:\Windows\System\zhAWTyd.exe
  2⤵
  PID:9144
- C:\Windows\System\AhBEbVc.exe
  C:\Windows\System\AhBEbVc.exe
  2⤵
  PID:8700
- C:\Windows\System\KeqNRYH.exe
  C:\Windows\System\KeqNRYH.exe
  2⤵
  PID:9288
- C:\Windows\System\Khgugnb.exe
  C:\Windows\System\Khgugnb.exe
  2⤵
  PID:9516
- C:\Windows\System\ssVaXXy.exe
  C:\Windows\System\ssVaXXy.exe
  2⤵
  PID:9408
- C:\Windows\System\UyhfBRd.exe
  C:\Windows\System\UyhfBRd.exe
  2⤵
  PID:9660
- C:\Windows\System\NGuuKIY.exe
  C:\Windows\System\NGuuKIY.exe
  2⤵
  PID:9320
- C:\Windows\System\noYEdAz.exe
  C:\Windows\System\noYEdAz.exe
  2⤵
  PID:9404
- C:\Windows\System\lKDwjan.exe
  C:\Windows\System\lKDwjan.exe
  2⤵
  PID:9452
- C:\Windows\System\tTqQwBS.exe
  C:\Windows\System\tTqQwBS.exe
  2⤵
  PID:9536
- C:\Windows\System\JOcyqSR.exe
  C:\Windows\System\JOcyqSR.exe
  2⤵
  PID:9696
- C:\Windows\System\BjepTzG.exe
  C:\Windows\System\BjepTzG.exe
  2⤵
  PID:9716
- C:\Windows\System\rCwqmlt.exe
  C:\Windows\System\rCwqmlt.exe
  2⤵
  PID:9792
- C:\Windows\System\ghhiOTz.exe
  C:\Windows\System\ghhiOTz.exe
  2⤵
  PID:9764
- C:\Windows\System\PsukjOL.exe
  C:\Windows\System\PsukjOL.exe
  2⤵
  PID:9900
- C:\Windows\System\eQhFUfB.exe
  C:\Windows\System\eQhFUfB.exe
  2⤵
  PID:9844
- C:\Windows\System\CWWjMwG.exe
  C:\Windows\System\CWWjMwG.exe
  2⤵
  PID:9904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BcODObE.exe

Filesize
6.0MB

MD5
ac71c03519d74f205065dd86a5c87f8d

SHA1
9e3223d3e9fe77198def4cc5759b9daccbafbac0

SHA256
91c2dfe1cd686e36b11ac5ec40f363b22272980af7d6f261f1c23ae241a52f94

SHA512
5f274e3c11696c2b252f70a10634548475f436973759f98dcb2760df874ad42fbf5876ee645794151da2f8cbf7a7558ea1601d8358da03db31c8a9d09f11255e

Download Submit
C:\Windows\system\BuGUezp.exe

Filesize
6.0MB

MD5
04000345c7affa906cb3896bc2631bcb

SHA1
8a9e6d833873fb80d6e377254a14c96062a8b6e0

SHA256
431a75354e3244d47ce008df231a6eb5f2709799ef30d77e5628c575624f52e2

SHA512
7a5ac834f7d0e284705e5498cdb8b34d9a6f41ec066718e9152e1d50fbcb47bfa7d771b3c00a12068728ded5c0dee74bdedad8a02e1e5d0cea0123467bbf324b

Download Submit
C:\Windows\system\CttMDfa.exe

Filesize
6.0MB

MD5
c84b1dfb7c768de67502004e4df230a9

SHA1
2cb195d290a5cd7360c6daba303b9e335a548b07

SHA256
7e69b387df7c4c6cbb3f8bd6610e4d928ebc310639a5035d78c026077f168584

SHA512
57df0924e9f34715e0ec5edbaa084b3081115286713e53d33049a1d4a619996ee4ead4084e6b7fa58bccaae9744b0239d04675e01c127905a8197f78e4c4f267

Download Submit
C:\Windows\system\DLcdfff.exe

Filesize
6.0MB

MD5
35e6b95aa1bfd80fb0a4f2b03ca82c2d

SHA1
0e910547be9b6dd8033904c238cad37739e48792

SHA256
0329d9bbe7ab7a69c83201ea9ce4992c159e68905a76617dd25965d2595e91cb

SHA512
38b6ccaf5a778fa84c37fe845facc55e801e030be26d05546cf1dd47eb1c4db7417dc4025423337ff84cd6d4eb88a1d07ae4d367e8b207e1862ea7a095563812

Download Submit
C:\Windows\system\FxGEfpJ.exe

Filesize
6.0MB

MD5
573f50f212484d85698afbc417e1463c

SHA1
e8a6b37e48c52a0888126cde7c1285f27c21ac71

SHA256
182f7e6f519940d7ac4de1b89c5f2f513efc0e08d6a845412372b467a6f7d701

SHA512
59fb18cdfb739117e0b3b8f23f79397338cbc966ad003a8b03e352463882b6d39c680125c751a90232009aa7b8be909e28ed549272c3a254b3e53301b75ce761

Download Submit
C:\Windows\system\ISumfkU.exe

Filesize
6.0MB

MD5
8bf384805a9d299d65a545ee6d19b85b

SHA1
18293195ebefd32a97a4f6f34324930dc72722d4

SHA256
9503525f3274219445a1a0caf965cfabf0b076e360cbed186f7854a8e86e3584

SHA512
ba51fc8d9fb7e120c3e2a176a6e836baeeb4da30afcc09d7011fe1a82fe8fa25211f55bae6727d3f3f65199283bfad1e32f8af4a7f7a4f2633b4282ea611830e

Download Submit
C:\Windows\system\IXjFoTW.exe

Filesize
6.0MB

MD5
4c57424bb3f8c270fb4a5d01048d54e8

SHA1
2820b23dbe68f961ba2432e19067d45b450e5ecb

SHA256
f981602bf11961a9d1ae35167364d98e2af6209e8d76aea1d5d6bac8f5798b20

SHA512
9d01dd37e5c89b7763fe777aca43b4fba984887ad4da7903e39d27af7ca3dcc7b3f727538abb443784ec47e32af7ffb425bc8eaa47617fcb5623b1445fb545c4

Download Submit
C:\Windows\system\JdpfArk.exe

Filesize
6.0MB

MD5
6510448f4c7c3b75e5c2f004c5fc23f8

SHA1
7b2302ba1d10cb6599ba394629d36bd3c05d1d64

SHA256
52ed1975ec537285af6f69f20b8995c11b28a6db180a17afcc8a14167fd812e7

SHA512
ce1a8704d323ae460ec8b6920118d37afc572ead61f9676b12ed433c57524ad28c4b0735276793533eb719c23986031b1784b95984dea14790580bbef27a7dc8

Download Submit
C:\Windows\system\MGzEjmF.exe

Filesize
6.0MB

MD5
ca1c624771f469b061677f560621496c

SHA1
77b8d95bde1b3a8c4401ccbe1321dc788391d700

SHA256
aa2524c255df1a2d1b4982334e573aa37ae40a6bd364b3c9727574f5d2d1b0b4

SHA512
fa208287c01b880f59586402c75079083931c2c2f8e158e0f7226b7214c3354f72aa9815c7529204a50856cea15b5b569853a03ae1a91d49a04510f0c46d72c2

Download Submit
C:\Windows\system\NVMbOYh.exe

Filesize
6.0MB

MD5
c0633d9e59f5f27bc7678fc9a6228e0a

SHA1
e1696acd7bc582cb089b101b8dea9903d55fda34

SHA256
9ea1983da31ac76f1d2dbcb8e6467de1805983847330dd2438c022d4587c1f45

SHA512
04f0e38c0a6d12582ee7a119dbc42898d6f494372edbd4696d369ab365806139347238601ba8d838e51b475f87e7bcf8b4bae4f7cdb0d0af1ca48a9410c32886

Download Submit
C:\Windows\system\PxqtPLi.exe

Filesize
6.0MB

MD5
194c7e373adff8bfbbfc6640a438062a

SHA1
d22a1fec7c469fcd83470a9bd76a9145a54a43d4

SHA256
22cc0b3b156b3cd967fcf9fefbb74fd155f6e98515d42c5d6acda4e5c5c81b0a

SHA512
66df58e850f6f7b30b3dbe681b6be018fa3340c6bbb02ccab4295749123239276f464132a6761e53c434f59e875e6fb3bf7d1356e85402bfff348387b9df65c4

Download Submit
C:\Windows\system\SBrhfDl.exe

Filesize
6.0MB

MD5
2ef60230454313bd5b83818196b700a7

SHA1
a2f7f34b1116ceabc3301f7bf40644ffbb0b34db

SHA256
9547e8388908c4b38d384432b9a712320f3691fbbc8a10f61b159f15a6335fe3

SHA512
5be2d53c6d1b57bcbb1278d1660d248738b686e7fdea19d6075090783ec0793549d81f8fe2e18d339a520f2653134b68893e6ee3ab9782bd19a5b03284bfec30

Download Submit
C:\Windows\system\SmGVeRX.exe

Filesize
6.0MB

MD5
033b0e5184392da52e54cd99ca4be441

SHA1
21dc26813cefa126e7cd18bf1ce9da110c56cccf

SHA256
941a442d8f9ff5ddd402f665201959fafd8a3d9b764774dae93a4b67c307db40

SHA512
91a9dfe10864eaa4e0dfd00325f124a25d79bc322f92e65dacb16766930c38f7a0dfdf07af591c808a93ca4015d0e63840d1224edd15e0a5e7baf0bcac4b306b

Download Submit
C:\Windows\system\UovDMCs.exe

Filesize
6.0MB

MD5
dcf490f1cb31d36b599867b5c1866d47

SHA1
648f35d944d6f90bae349ee28b84dd329c1ebd0e

SHA256
9727ce4272d35989bdf26d1c67ce2552e7da08ebe576a2e2d564c40c3b7bc8b0

SHA512
5c9d51508451e8e07f6e404b3a70d4743ca664f14074bc5cbbc971eed542f944c25a0c9f2973d959037bbbe701029948a7b0c4f62b1a49f3273cb26de58234a7

Download Submit
C:\Windows\system\UryMAmh.exe

Filesize
6.0MB

MD5
10d413ca3fa91f404a92f2ff6e96e60a

SHA1
6663357e477e1df07cc499759c37356c69f47331

SHA256
79658dee5d605be36aec13fe4710c9b432c554c3ae3f89e8cbfea634d0becdf2

SHA512
ecbec6073aacabd7969021a22c8d6e99beb4b326a7f79dbe5519e0560ff2a3c891a69e76fb20096545cde013a8dfa1fcdec4b7c9a167e1bec1511caf8d7e72aa

Download Submit
C:\Windows\system\YPnxTME.exe

Filesize
6.0MB

MD5
52e6574b94b86df3a9e8fa1a42183c34

SHA1
41c49e9b01fbb156ff1ba32f1ee627e532513ffe

SHA256
dd6fad1276d06e363885e1ea8de9e9afd5a56a94fa4aced503de3425be3aa472

SHA512
3836a400aaf46879bfedf9e10325164e5a3537c5022bee41ed2272a6172ba5be8bad211bcf07e68d75fc85e49584a62c084ca2f7886657a211d2ac8e4b09f0c8

Download Submit
C:\Windows\system\gCxehPi.exe

Filesize
6.0MB

MD5
18106d8014a419c2a5edfebf7ee75d11

SHA1
96bb632132c69d5f040b2d333423402e82e3a258

SHA256
246897b27b97e45d4d34a036310a86ee4ac91c953704ca7f0ebf27fe07b4afbd

SHA512
600d619b75abdaf7d863e1f1a1c99b8fa33e348141eb50fa637d578f3653cd82c69a073e266861c42e662079a94829111c94b9b08ac80be2f8e04d274d22f0c7

Download Submit
C:\Windows\system\gUwTsOg.exe

Filesize
6.0MB

MD5
965d87af89cfbce4343b6e70a4668b23

SHA1
fe0d991eca388cc07f31555b31ab65472ebdf181

SHA256
5407329c1647711eed90d12bbb65ee48ea9305abe95f171a3188bbd4f6a58102

SHA512
6d3350338774894f16e84d25cc5a7753b172806e1b4e29ba73acfd3454d3562ed51defdf559b7e715c6b44aa2e41530bd818321e53b1fd6aeaad3dfe1337aab2

Download Submit
C:\Windows\system\iewPmqh.exe

Filesize
6.0MB

MD5
8f27411e6ee620f75551aa8b985f74e3

SHA1
2dcd5e3072d4556ae4a34b47c51c6e1e7ef9dac2

SHA256
e436bcbda75d5a188ba2279c8e3cb18543bea89341111e6c15aa2c99aacf9485

SHA512
5019ffc3df53d885f5e83b8a41ec4d7f45d751947449a224b705dd515c514ab6b197325b5ded7ed72e563bd2319645be335111d1240285aa4e577fa674695807

Download Submit
C:\Windows\system\oQYHeEG.exe

Filesize
6.0MB

MD5
be49154a0c22a935e2ce540671c23c6f

SHA1
0bc061736ae4ac46e5157cd2186b2dffe01b816d

SHA256
c94b2f56648afe54bc4109de3f53e420fbb46eaf04c98c94d7d2471f19cdd256

SHA512
7ad37b162d2d5039fc6ea2b44034bf972c8ec605c157efeaf2952f15b57c101146c832b3ea2cb20ae3c859e222af433ef9ccaf93a1db4276aa338b5ffeb19ce8

Download Submit
C:\Windows\system\qToFQik.exe

Filesize
6.0MB

MD5
4490abec15da84cc69d1288a3c4fae13

SHA1
418d2a16fc000ae38b2ef1a6e10443829f3f9f97

SHA256
40c17c81cba8b75a8e4281be9c3c0de78ecb84adab274f9f17997299f4cd9878

SHA512
a5bb070ceefb0f8f9ad42784cf5cf67b5a13cdda6bcdb5b2658a48eeea93a8a58982b4c96c09ac6e4b445239a82a8008bdb0aa7668ea814aeb08d999bca0bd43

Download Submit
C:\Windows\system\qsRiuyJ.exe

Filesize
6.0MB

MD5
78185934ab85b267961dbb2cffa2569a

SHA1
bca8180a4a20abd64cd5d462a75373f444cd0ed0

SHA256
cf7efd449a6f10f2f51c83286bf9c9fd4cd868f224a0685ca91e0de187d715a8

SHA512
9d2504890d755ce677d0ce68956b7018268291403a55508a3df8d28c0303cfdaf36b8c94dffc64c4a98cc5fcbcd6c1a4e6abc700ee2525bc043ffceca88d63cf

Download Submit
C:\Windows\system\uqpDaph.exe

Filesize
6.0MB

MD5
54d0f04eaa24afba790ed7e1cbbcf19d

SHA1
35bca82eea025863b5cf6c76201ee50a9bc31608

SHA256
67710dbfc322541563d944cc24167c6d2d728f6384482f5e45d32fbb75a3d199

SHA512
c7500e797c91cddb4f30c488a833db15fa84f34c2512cddbf49b20c8b6173cba48f028ca5bfaad40c6632f3a7c8125477d0b06409f11799ae977650ba9c299a3

Download Submit
C:\Windows\system\vBceGvE.exe

Filesize
6.0MB

MD5
caf1dfb9754b73e9279c67cde4857de8

SHA1
d11996bd83b7fdd5a382e16f0950025b8395cbbc

SHA256
a6ae4caf55443c42e6656b3a72e9d70f07bb2910dd62e8b7d16500b0ddb9c58b

SHA512
516e217cd1d360fa5e001b1ef5190ffd0825fd18f4201dcb6ebac822a417bbc7103018b901e6778bbfefd79a4b6b1db8067136d408cc5384e41e336c45bf826b

Download Submit
C:\Windows\system\vcOQnOk.exe

Filesize
6.0MB

MD5
0ddb4d0b2691e8368be6b952fed1bbdf

SHA1
7208d3c8a85706574bb90c81db1bc8eddee22164

SHA256
080df60900bbef6d9511373a9a876f1851d8120991a5c73f48a2b6388dd92828

SHA512
65f1c8fc795c9a6dede4639130051b39feff54d984cc0b725ad005d943471d602580e8883bfbadc5f6d7e9f2813acb9da866d17c725855adbfc6569dd0cf4963

Download Submit
C:\Windows\system\wQYIfuE.exe

Filesize
6.0MB

MD5
536c9d2d65f0383a398fb6e47749357e

SHA1
8f03602edb7db19070a2b25bdde851cd91fe0606

SHA256
5856fae0cbdb6c1c0165120268c0d51963c7fd292ffa8879445a6ecdc725c9c3

SHA512
c703edfa555c1d8ddd05004def2ea8042120c128a3309688f50383efc4007c204cc857cbf0a426faa66ed2f7e7346b391c0bba37b3c14cfa001c65323727379d

Download Submit
C:\Windows\system\xpwKUuu.exe

Filesize
6.0MB

MD5
0b4a4d6b7ba4a5c2fca14701af8a5268

SHA1
7d2681353285cd8639634d79a1ed18706d91df87

SHA256
a50b56fdf1143ea5933ff0feea7cb2ee506ab3ccda90a4db78c6a4078848e374

SHA512
9a10dd1427de249381b20f1aa40a9bcd80f78be6d6d96f6e264005b7c9afe53ca39a335853fdafe0f012259460155b7b1354477c246635738ed60d46879b6ff0

Download Submit
\Windows\system\SZNBohK.exe

Filesize
6.0MB

MD5
80051528dbb89c7005b1b09c940c3d1e

SHA1
bd1b20db3338644cb4c173b616810b989c890abe

SHA256
aed0f560862a652efb1060824be07dd5e96c6654eef5995742b45a37f343600e

SHA512
d28f3b5a89dcd024671186acee9229a884fd9a5c13160677dc9eb4cc3e50160706738f44ec38cc5c031bcf6b589d661b4dc9bacfcf08297c562f7e5b2ec9e23b

Download Submit
\Windows\system\TPrgKUf.exe

Filesize
6.0MB

MD5
79243202d7dbc1c2f789b7359ab896ac

SHA1
2bf017fd48195c50a06b994f901275c721f23d51

SHA256
11ab96ac0de80b8e4cde3f019b76c9e8580ca4ba455ef8421890df891bdc9710

SHA512
f01676a26ba18103f90f3cf6be566a776732fa721c11c83def5640c18183a5573de36b9d1ac7d7fb10e42740444a3cd50284d1e821b42ade4cc3361077e3e011

Download Submit
\Windows\system\UpsJJYF.exe

Filesize
6.0MB

MD5
0e7dc5e7945eb562ae66b0d5ab5d6471

SHA1
58f403fd720df31046b50ac52ed40cd3a0a0bbcf

SHA256
1811b3c7dff6ace9e83ec35cd8e2dcbcdf076d0389302e01970185eb87602ba3

SHA512
eb96d37e73e7de4da792c0cb1d829bf5ff4edadd9bc254019204b2c1eb5c0b6c0fdfb14c71eef7895510fe1704748e1d44e8a8d2d1b6bfb4969f94a343a25915

Download Submit
\Windows\system\cINjjpQ.exe

Filesize
6.0MB

MD5
91ffdc64d3bba5b9439d93a2261383b3

SHA1
e5358c0d65a7725e95460efdfa1acdac33d86dff

SHA256
591cb282131e199f6b5f3f5d67592e5a690fb807e8f304191b8c109cf81b8dce

SHA512
af44e7ea4caba814d1effcfed32cd91b7f18640eff6e31ea43d218eee685569d1f8cdb527e12542ec0872938dcee288e9bca9df36f88ddf1bd25ac2d94ce5616

Download Submit
\Windows\system\jpDmdiq.exe

Filesize
6.0MB

MD5
ac8831ed7ccfb72ce635a449fcabb9ab

SHA1
1599d7070483e509543edd944bc8b339cfacf310

SHA256
2507aae114ecbfc6e04a0a1677b822701076e12ee260f00abd422d427a334811

SHA512
f117445f08617a32750d95a4d0420cce8e606099140d17a4c0551e2c4340f34ccd4c7123ef4ed9c9b5e25760cb632e05bf93dbc724fe753b44ddc96cf768422d

Download Submit
memory/552-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/552-4026-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1220-105-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1220-4028-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1620-62-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-4024-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-58-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-4023-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-4027-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2064-102-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2336-4025-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-74-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-277-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2624-40-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4021-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4022-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-278-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-50-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-60-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-83-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-759-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3056-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2652-600-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-598-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-38-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2652-56-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-64-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-95-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-96-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-10-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-103-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2652-104-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2652-473-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-71-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-0-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-27-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-61-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-15-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-99-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4018-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2672-21-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4020-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2748-45-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4017-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4019-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2896-28-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download