cobaltstrike | d776363e21c05a35086c301db4538c70b46e8be8425c4cf9069db91c3649dfae

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d11280c5d34fb186b57b83df919829dc
SHA1

a96b6d840fccabd4bd3a44b61f9b3b22a7c9f0fc
SHA256

d776363e21c05a35086c301db4538c70b46e8be8425c4cf9069db91c3649dfae
SHA512

f5be335d93e2f80b8dc80a8798ba3b43a9c46ae63e6698936bcc697c2ec440bb91f05df9e0eb877124c27c131ca8a6274c72e3dd95bb220e60b21644881ea8e8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001226b-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f81-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164c8-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-38.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001662e-48.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016855-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-94.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-195.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-192.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-185.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-154.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-158.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-135.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-140.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-129.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-119.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-109.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-86.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000015db1-77.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2260-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000d00000001226b-6.dat	xmrig
behavioral1/files/0x000800000001612f-12.dat	xmrig
behavioral1/files/0x0008000000015f81-11.dat	xmrig
behavioral1/memory/2260-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2764-22-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016307-24.dat	xmrig
behavioral1/files/0x00070000000164c8-33.dat	xmrig
behavioral1/memory/2704-35-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000700000001658c-38.dat	xmrig
behavioral1/files/0x000900000001662e-48.dat	xmrig
behavioral1/files/0x0008000000016855-55.dat	xmrig
behavioral1/memory/3052-65-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2704-68-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd7-67.dat	xmrig
behavioral1/memory/2780-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1260-83-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eca-94.dat	xmrig
behavioral1/memory/3052-103-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2240-1101-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2504-690-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00060000000190e0-195.dat	xmrig
behavioral1/files/0x00060000000190ce-192.dat	xmrig
behavioral1/files/0x000600000001903b-185.dat	xmrig
behavioral1/files/0x0006000000018f53-180.dat	xmrig
behavioral1/files/0x0006000000018c26-175.dat	xmrig
behavioral1/files/0x0006000000018c1a-169.dat	xmrig
behavioral1/files/0x0005000000018792-165.dat	xmrig
behavioral1/files/0x0006000000017525-154.dat	xmrig
behavioral1/files/0x000d00000001866e-149.dat	xmrig
behavioral1/files/0x0005000000018687-158.dat	xmrig
behavioral1/files/0x0014000000018663-148.dat	xmrig
behavioral1/files/0x0006000000017487-135.dat	xmrig
behavioral1/files/0x00060000000174a2-140.dat	xmrig
behavioral1/files/0x00060000000173fc-125.dat	xmrig
behavioral1/files/0x0006000000017472-129.dat	xmrig
behavioral1/files/0x00060000000173f1-115.dat	xmrig
behavioral1/files/0x00060000000173f4-119.dat	xmrig
behavioral1/files/0x00060000000173da-109.dat	xmrig
behavioral1/memory/2260-107-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2240-104-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000600000001706d-101.dat	xmrig
behavioral1/memory/1348-98-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2140-97-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2260-91-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2504-87-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ea4-86.dat	xmrig
behavioral1/memory/2696-81-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/960-74-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0033000000015db1-77.dat	xmrig
behavioral1/memory/2140-57-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd1-61.dat	xmrig
behavioral1/memory/2552-51-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2260-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2696-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2780-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2972-21-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2748-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2260-16-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2780-4172-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1348-4200-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1260-4199-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2140-4237-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2504-4230-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	cvnuHNV.exe
2748	pUHelFF.exe
2972	yKJPFMU.exe
2780	QGTZdYl.exe
2704	ojqzYmG.exe
2696	QLfDEYn.exe
2552	FDXTRBo.exe
2140	BbktQMb.exe
3052	GABvxHq.exe
960	CBPRogN.exe
1260	XIvYjAA.exe
2504	XTzNdzX.exe
1348	DbzcZUX.exe
2240	AezaALJ.exe
484	BdzYECf.exe
2212	HZlUKWF.exe
2768	FcRerng.exe
1072	TtRuBlR.exe
552	MoCijSe.exe
1660	kzXSdmh.exe
2180	KbashQk.exe
1920	ZQfFzFy.exe
1924	yBLHcxm.exe
2056	netsIgU.exe
2360	uQnWtxu.exe
1092	nahbDdf.exe
1284	SqTyoxp.exe
976	DPXASFS.exe
1856	atPflsR.exe
3016	fINFXMH.exe
1288	icMDakH.exe
2028	OGvICSL.exe
588	ExjUSWv.exe
1612	DUIvKhI.exe
2856	vqqmfkW.exe
1768	CPzHfHy.exe
2032	TFGvaoT.exe
2136	ZNDRpmx.exe
1512	kampcXu.exe
2436	gJYIHee.exe
1296	dueRgOY.exe
2400	JzhvVIh.exe
3012	SELuuVN.exe
696	depgOlT.exe
1644	AJLrMWe.exe
1240	BpdIiBb.exe
1776	LcIJABr.exe
2408	ApsTDzb.exe
2272	fZqBrAM.exe
896	WWglrsA.exe
992	ohebWyw.exe
2480	tLtOxeZ.exe
1576	SHZrSjQ.exe
2744	AIseNsi.exe
2808	jcIzJKb.exe
1352	biJyBTU.exe
2348	yOxQPIq.exe
1496	ZlHXzMR.exe
1032	pvkGdqw.exe
2940	oPbfJZr.exe
2128	OFYkOkM.exe
1980	orIQJvW.exe
2600	CdWZnEy.exe
1252	EbXQFtb.exe

Loads dropped DLL 64 IoCs

pid	Process
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2260-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000d00000001226b-6.dat	upx
behavioral1/files/0x000800000001612f-12.dat	upx
behavioral1/files/0x0008000000015f81-11.dat	upx
behavioral1/memory/2764-22-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0007000000016307-24.dat	upx
behavioral1/files/0x00070000000164c8-33.dat	upx
behavioral1/memory/2704-35-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000700000001658c-38.dat	upx
behavioral1/files/0x000900000001662e-48.dat	upx
behavioral1/files/0x0008000000016855-55.dat	upx
behavioral1/memory/3052-65-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2704-68-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0006000000016dd7-67.dat	upx
behavioral1/memory/2780-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1260-83-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0006000000016eca-94.dat	upx
behavioral1/memory/3052-103-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2240-1101-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2504-690-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00060000000190e0-195.dat	upx
behavioral1/files/0x00060000000190ce-192.dat	upx
behavioral1/files/0x000600000001903b-185.dat	upx
behavioral1/files/0x0006000000018f53-180.dat	upx
behavioral1/files/0x0006000000018c26-175.dat	upx
behavioral1/files/0x0006000000018c1a-169.dat	upx
behavioral1/files/0x0005000000018792-165.dat	upx
behavioral1/files/0x0006000000017525-154.dat	upx
behavioral1/files/0x000d00000001866e-149.dat	upx
behavioral1/files/0x0005000000018687-158.dat	upx
behavioral1/files/0x0014000000018663-148.dat	upx
behavioral1/files/0x0006000000017487-135.dat	upx
behavioral1/files/0x00060000000174a2-140.dat	upx
behavioral1/files/0x00060000000173fc-125.dat	upx
behavioral1/files/0x0006000000017472-129.dat	upx
behavioral1/files/0x00060000000173f1-115.dat	upx
behavioral1/files/0x00060000000173f4-119.dat	upx
behavioral1/files/0x00060000000173da-109.dat	upx
behavioral1/memory/2260-107-0x0000000002230000-0x0000000002584000-memory.dmp	upx
behavioral1/memory/2240-104-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000600000001706d-101.dat	upx
behavioral1/memory/1348-98-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2140-97-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2260-91-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2504-87-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0006000000016ea4-86.dat	upx
behavioral1/memory/2696-81-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/960-74-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0033000000015db1-77.dat	upx
behavioral1/memory/2140-57-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0006000000016dd1-61.dat	upx
behavioral1/memory/2552-51-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2260-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2696-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2780-29-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2972-21-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2748-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2780-4172-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1348-4200-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1260-4199-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2140-4237-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2504-4230-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2696-4354-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2240-4420-0x000000013F300000-0x000000013F654000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EPJYGGY.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKrdVzF.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmnbvns.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFHLDVx.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrwEAOr.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGCdQzA.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdvDLBe.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\leMrDdB.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFGBWtQ.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQvJlIM.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWWvxGJ.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUDnIHh.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OslFpvh.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCIUbtu.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soVSsak.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baeOeoM.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXPgcLL.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxyYzYy.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhpncfn.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PygkieY.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbjxcRS.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYysnxN.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Skloitk.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rikhkXr.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkmybXC.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDcBGuv.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwwGLIq.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIsvpPT.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjMXJPB.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKrUVQq.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVukeQU.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alHtMXl.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jveEdxe.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHHlxSH.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZQRLIa.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZQvVuQ.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIKHXRF.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgIRqvl.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQiSCsK.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIoQkhF.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWglrsA.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgOPMqb.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmAtFQV.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IayJlzS.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcBPrJg.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMkxinp.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiqOzpf.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIVHKNJ.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqgRaeQ.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juZaDTU.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZnmRKc.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poRAjtg.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBgDVhv.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMIxWkR.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpsWmZV.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoTKszC.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQdRiqD.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOebxkg.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFSZGtk.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWOEWtF.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnLYztu.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONujaaF.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khoLVam.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAQvEgp.exe	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2764	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2764	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2764	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2748	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2748	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2748	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2972	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2972	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2972	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2780	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 2780	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 2780	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 2704	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 2704	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 2704	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 2696	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2696	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2696	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2140	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 2140	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 2140	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 3052	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 3052	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 3052	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 960	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 960	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 960	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 1260	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 1260	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 1260	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 2504	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 2504	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 2504	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 1348	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 1348	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 1348	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 2240	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 2240	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 2240	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 484	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 484	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 484	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 2212	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 2212	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 2212	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 2768	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 2768	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 2768	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 1072	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 1072	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 1072	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 552	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 1660	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 1660	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 1660	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 2180	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 2180	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 2180	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 1924	2260	2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_d11280c5d34fb186b57b83df919829dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\System\cvnuHNV.exe
  C:\Windows\System\cvnuHNV.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\pUHelFF.exe
  C:\Windows\System\pUHelFF.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\yKJPFMU.exe
  C:\Windows\System\yKJPFMU.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\QGTZdYl.exe
  C:\Windows\System\QGTZdYl.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ojqzYmG.exe
  C:\Windows\System\ojqzYmG.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QLfDEYn.exe
  C:\Windows\System\QLfDEYn.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\FDXTRBo.exe
  C:\Windows\System\FDXTRBo.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\BbktQMb.exe
  C:\Windows\System\BbktQMb.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\GABvxHq.exe
  C:\Windows\System\GABvxHq.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\CBPRogN.exe
  C:\Windows\System\CBPRogN.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\XIvYjAA.exe
  C:\Windows\System\XIvYjAA.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\XTzNdzX.exe
  C:\Windows\System\XTzNdzX.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\DbzcZUX.exe
  C:\Windows\System\DbzcZUX.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\AezaALJ.exe
  C:\Windows\System\AezaALJ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\BdzYECf.exe
  C:\Windows\System\BdzYECf.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\HZlUKWF.exe
  C:\Windows\System\HZlUKWF.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\FcRerng.exe
  C:\Windows\System\FcRerng.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\TtRuBlR.exe
  C:\Windows\System\TtRuBlR.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\MoCijSe.exe
  C:\Windows\System\MoCijSe.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\kzXSdmh.exe
  C:\Windows\System\kzXSdmh.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\KbashQk.exe
  C:\Windows\System\KbashQk.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\yBLHcxm.exe
  C:\Windows\System\yBLHcxm.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ZQfFzFy.exe
  C:\Windows\System\ZQfFzFy.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\uQnWtxu.exe
  C:\Windows\System\uQnWtxu.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\netsIgU.exe
  C:\Windows\System\netsIgU.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\nahbDdf.exe
  C:\Windows\System\nahbDdf.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\SqTyoxp.exe
  C:\Windows\System\SqTyoxp.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\DPXASFS.exe
  C:\Windows\System\DPXASFS.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\atPflsR.exe
  C:\Windows\System\atPflsR.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\fINFXMH.exe
  C:\Windows\System\fINFXMH.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\icMDakH.exe
  C:\Windows\System\icMDakH.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\OGvICSL.exe
  C:\Windows\System\OGvICSL.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ExjUSWv.exe
  C:\Windows\System\ExjUSWv.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\DUIvKhI.exe
  C:\Windows\System\DUIvKhI.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\vqqmfkW.exe
  C:\Windows\System\vqqmfkW.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\CPzHfHy.exe
  C:\Windows\System\CPzHfHy.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\TFGvaoT.exe
  C:\Windows\System\TFGvaoT.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\ZNDRpmx.exe
  C:\Windows\System\ZNDRpmx.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\kampcXu.exe
  C:\Windows\System\kampcXu.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\gJYIHee.exe
  C:\Windows\System\gJYIHee.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\dueRgOY.exe
  C:\Windows\System\dueRgOY.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\JzhvVIh.exe
  C:\Windows\System\JzhvVIh.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\SELuuVN.exe
  C:\Windows\System\SELuuVN.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\AJLrMWe.exe
  C:\Windows\System\AJLrMWe.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\depgOlT.exe
  C:\Windows\System\depgOlT.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\LcIJABr.exe
  C:\Windows\System\LcIJABr.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\BpdIiBb.exe
  C:\Windows\System\BpdIiBb.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\ApsTDzb.exe
  C:\Windows\System\ApsTDzb.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\fZqBrAM.exe
  C:\Windows\System\fZqBrAM.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\WWglrsA.exe
  C:\Windows\System\WWglrsA.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\ohebWyw.exe
  C:\Windows\System\ohebWyw.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\tLtOxeZ.exe
  C:\Windows\System\tLtOxeZ.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\SHZrSjQ.exe
  C:\Windows\System\SHZrSjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\AIseNsi.exe
  C:\Windows\System\AIseNsi.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\jcIzJKb.exe
  C:\Windows\System\jcIzJKb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\biJyBTU.exe
  C:\Windows\System\biJyBTU.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\yOxQPIq.exe
  C:\Windows\System\yOxQPIq.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZlHXzMR.exe
  C:\Windows\System\ZlHXzMR.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\pvkGdqw.exe
  C:\Windows\System\pvkGdqw.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\oPbfJZr.exe
  C:\Windows\System\oPbfJZr.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\OFYkOkM.exe
  C:\Windows\System\OFYkOkM.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\EbXQFtb.exe
  C:\Windows\System\EbXQFtb.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\orIQJvW.exe
  C:\Windows\System\orIQJvW.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\EgQunbk.exe
  C:\Windows\System\EgQunbk.exe
  2⤵
  PID:2900
- C:\Windows\System\CdWZnEy.exe
  C:\Windows\System\CdWZnEy.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ZqCRooP.exe
  C:\Windows\System\ZqCRooP.exe
  2⤵
  PID:2040
- C:\Windows\System\JntMHyk.exe
  C:\Windows\System\JntMHyk.exe
  2⤵
  PID:2192
- C:\Windows\System\MNmvgok.exe
  C:\Windows\System\MNmvgok.exe
  2⤵
  PID:2196
- C:\Windows\System\YwHNkdM.exe
  C:\Windows\System\YwHNkdM.exe
  2⤵
  PID:2332
- C:\Windows\System\KEVugqE.exe
  C:\Windows\System\KEVugqE.exe
  2⤵
  PID:2088
- C:\Windows\System\fOvZiiV.exe
  C:\Windows\System\fOvZiiV.exe
  2⤵
  PID:1628
- C:\Windows\System\BXLAvKq.exe
  C:\Windows\System\BXLAvKq.exe
  2⤵
  PID:912
- C:\Windows\System\mmnbvns.exe
  C:\Windows\System\mmnbvns.exe
  2⤵
  PID:2052
- C:\Windows\System\MEcNQrm.exe
  C:\Windows\System\MEcNQrm.exe
  2⤵
  PID:1820
- C:\Windows\System\vNYPGMa.exe
  C:\Windows\System\vNYPGMa.exe
  2⤵
  PID:1764
- C:\Windows\System\gTtiBvm.exe
  C:\Windows\System\gTtiBvm.exe
  2⤵
  PID:1984
- C:\Windows\System\vbZwwhm.exe
  C:\Windows\System\vbZwwhm.exe
  2⤵
  PID:892
- C:\Windows\System\odcEouC.exe
  C:\Windows\System\odcEouC.exe
  2⤵
  PID:2304
- C:\Windows\System\sSZBCMX.exe
  C:\Windows\System\sSZBCMX.exe
  2⤵
  PID:2816
- C:\Windows\System\iLnPfDz.exe
  C:\Windows\System\iLnPfDz.exe
  2⤵
  PID:2152
- C:\Windows\System\wJgRYZT.exe
  C:\Windows\System\wJgRYZT.exe
  2⤵
  PID:700
- C:\Windows\System\farxwMQ.exe
  C:\Windows\System\farxwMQ.exe
  2⤵
  PID:3000
- C:\Windows\System\BGfyxhA.exe
  C:\Windows\System\BGfyxhA.exe
  2⤵
  PID:2952
- C:\Windows\System\EydjvjJ.exe
  C:\Windows\System\EydjvjJ.exe
  2⤵
  PID:1836
- C:\Windows\System\amFtWWJ.exe
  C:\Windows\System\amFtWWJ.exe
  2⤵
  PID:1604
- C:\Windows\System\ZYKtATt.exe
  C:\Windows\System\ZYKtATt.exe
  2⤵
  PID:1592
- C:\Windows\System\GLwsiju.exe
  C:\Windows\System\GLwsiju.exe
  2⤵
  PID:2604
- C:\Windows\System\HbtZOHd.exe
  C:\Windows\System\HbtZOHd.exe
  2⤵
  PID:2560
- C:\Windows\System\SXExbdC.exe
  C:\Windows\System\SXExbdC.exe
  2⤵
  PID:1304
- C:\Windows\System\GaBYjtm.exe
  C:\Windows\System\GaBYjtm.exe
  2⤵
  PID:1704
- C:\Windows\System\wbELKCx.exe
  C:\Windows\System\wbELKCx.exe
  2⤵
  PID:2220
- C:\Windows\System\LqfOcZV.exe
  C:\Windows\System\LqfOcZV.exe
  2⤵
  PID:2916
- C:\Windows\System\vYDbDMk.exe
  C:\Windows\System\vYDbDMk.exe
  2⤵
  PID:2012
- C:\Windows\System\hXrRpMP.exe
  C:\Windows\System\hXrRpMP.exe
  2⤵
  PID:2188
- C:\Windows\System\zkywUdh.exe
  C:\Windows\System\zkywUdh.exe
  2⤵
  PID:2064
- C:\Windows\System\pWWvxGJ.exe
  C:\Windows\System\pWWvxGJ.exe
  2⤵
  PID:1748
- C:\Windows\System\zTwhggX.exe
  C:\Windows\System\zTwhggX.exe
  2⤵
  PID:848
- C:\Windows\System\OFqlNyj.exe
  C:\Windows\System\OFqlNyj.exe
  2⤵
  PID:1552
- C:\Windows\System\xjqiAOt.exe
  C:\Windows\System\xjqiAOt.exe
  2⤵
  PID:1556
- C:\Windows\System\PZwndcc.exe
  C:\Windows\System\PZwndcc.exe
  2⤵
  PID:2428
- C:\Windows\System\UotZrXv.exe
  C:\Windows\System\UotZrXv.exe
  2⤵
  PID:2364
- C:\Windows\System\AAHJfFk.exe
  C:\Windows\System\AAHJfFk.exe
  2⤵
  PID:2268
- C:\Windows\System\amCbrTY.exe
  C:\Windows\System\amCbrTY.exe
  2⤵
  PID:904
- C:\Windows\System\jVKZuRE.exe
  C:\Windows\System\jVKZuRE.exe
  2⤵
  PID:1580
- C:\Windows\System\NZcUzFv.exe
  C:\Windows\System\NZcUzFv.exe
  2⤵
  PID:1608
- C:\Windows\System\EdCTXLk.exe
  C:\Windows\System\EdCTXLk.exe
  2⤵
  PID:2784
- C:\Windows\System\DgRLegB.exe
  C:\Windows\System\DgRLegB.exe
  2⤵
  PID:2872
- C:\Windows\System\RmGkBEb.exe
  C:\Windows\System\RmGkBEb.exe
  2⤵
  PID:3088
- C:\Windows\System\BehuRPp.exe
  C:\Windows\System\BehuRPp.exe
  2⤵
  PID:3108
- C:\Windows\System\uRJvFXM.exe
  C:\Windows\System\uRJvFXM.exe
  2⤵
  PID:3128
- C:\Windows\System\yqtSavu.exe
  C:\Windows\System\yqtSavu.exe
  2⤵
  PID:3148
- C:\Windows\System\ZNkIusI.exe
  C:\Windows\System\ZNkIusI.exe
  2⤵
  PID:3168
- C:\Windows\System\gNKVGeq.exe
  C:\Windows\System\gNKVGeq.exe
  2⤵
  PID:3188
- C:\Windows\System\JCZLAUb.exe
  C:\Windows\System\JCZLAUb.exe
  2⤵
  PID:3208
- C:\Windows\System\wcDZQab.exe
  C:\Windows\System\wcDZQab.exe
  2⤵
  PID:3228
- C:\Windows\System\KNpBhQM.exe
  C:\Windows\System\KNpBhQM.exe
  2⤵
  PID:3248
- C:\Windows\System\OsVwtFY.exe
  C:\Windows\System\OsVwtFY.exe
  2⤵
  PID:3268
- C:\Windows\System\pbIaYtI.exe
  C:\Windows\System\pbIaYtI.exe
  2⤵
  PID:3288
- C:\Windows\System\YMVicus.exe
  C:\Windows\System\YMVicus.exe
  2⤵
  PID:3308
- C:\Windows\System\POiMyxX.exe
  C:\Windows\System\POiMyxX.exe
  2⤵
  PID:3328
- C:\Windows\System\RBVgysN.exe
  C:\Windows\System\RBVgysN.exe
  2⤵
  PID:3348
- C:\Windows\System\lPwBlXS.exe
  C:\Windows\System\lPwBlXS.exe
  2⤵
  PID:3368
- C:\Windows\System\jveEdxe.exe
  C:\Windows\System\jveEdxe.exe
  2⤵
  PID:3384
- C:\Windows\System\oknhUEf.exe
  C:\Windows\System\oknhUEf.exe
  2⤵
  PID:3400
- C:\Windows\System\qgOPMqb.exe
  C:\Windows\System\qgOPMqb.exe
  2⤵
  PID:3420
- C:\Windows\System\SvRHjbM.exe
  C:\Windows\System\SvRHjbM.exe
  2⤵
  PID:3436
- C:\Windows\System\PGLzuAb.exe
  C:\Windows\System\PGLzuAb.exe
  2⤵
  PID:3452
- C:\Windows\System\sCBygLd.exe
  C:\Windows\System\sCBygLd.exe
  2⤵
  PID:3492
- C:\Windows\System\WOsocjm.exe
  C:\Windows\System\WOsocjm.exe
  2⤵
  PID:3508
- C:\Windows\System\ijohzau.exe
  C:\Windows\System\ijohzau.exe
  2⤵
  PID:3532
- C:\Windows\System\lpcfAGr.exe
  C:\Windows\System\lpcfAGr.exe
  2⤵
  PID:3548
- C:\Windows\System\nmSaIpd.exe
  C:\Windows\System\nmSaIpd.exe
  2⤵
  PID:3572
- C:\Windows\System\iSDsnDy.exe
  C:\Windows\System\iSDsnDy.exe
  2⤵
  PID:3588
- C:\Windows\System\jHYoNxD.exe
  C:\Windows\System\jHYoNxD.exe
  2⤵
  PID:3608
- C:\Windows\System\BLPPxoE.exe
  C:\Windows\System\BLPPxoE.exe
  2⤵
  PID:3628
- C:\Windows\System\TURkoaZ.exe
  C:\Windows\System\TURkoaZ.exe
  2⤵
  PID:3648
- C:\Windows\System\KPGqqBJ.exe
  C:\Windows\System\KPGqqBJ.exe
  2⤵
  PID:3672
- C:\Windows\System\PUnycKH.exe
  C:\Windows\System\PUnycKH.exe
  2⤵
  PID:3692
- C:\Windows\System\hLnUPKL.exe
  C:\Windows\System\hLnUPKL.exe
  2⤵
  PID:3708
- C:\Windows\System\FqoDzjU.exe
  C:\Windows\System\FqoDzjU.exe
  2⤵
  PID:3732
- C:\Windows\System\lnUAbsV.exe
  C:\Windows\System\lnUAbsV.exe
  2⤵
  PID:3748
- C:\Windows\System\OPqSGSt.exe
  C:\Windows\System\OPqSGSt.exe
  2⤵
  PID:3772
- C:\Windows\System\eVPtsaR.exe
  C:\Windows\System\eVPtsaR.exe
  2⤵
  PID:3792
- C:\Windows\System\bCHUwoy.exe
  C:\Windows\System\bCHUwoy.exe
  2⤵
  PID:3812
- C:\Windows\System\HMCTFTh.exe
  C:\Windows\System\HMCTFTh.exe
  2⤵
  PID:3828
- C:\Windows\System\NfbmxdQ.exe
  C:\Windows\System\NfbmxdQ.exe
  2⤵
  PID:3848
- C:\Windows\System\IuyHjjT.exe
  C:\Windows\System\IuyHjjT.exe
  2⤵
  PID:3872
- C:\Windows\System\GoKjtZr.exe
  C:\Windows\System\GoKjtZr.exe
  2⤵
  PID:3892
- C:\Windows\System\rmnwjbD.exe
  C:\Windows\System\rmnwjbD.exe
  2⤵
  PID:3912
- C:\Windows\System\sBIghRD.exe
  C:\Windows\System\sBIghRD.exe
  2⤵
  PID:3932
- C:\Windows\System\jIKHXRF.exe
  C:\Windows\System\jIKHXRF.exe
  2⤵
  PID:3952
- C:\Windows\System\ZnJmLLp.exe
  C:\Windows\System\ZnJmLLp.exe
  2⤵
  PID:3972
- C:\Windows\System\ocXJIHl.exe
  C:\Windows\System\ocXJIHl.exe
  2⤵
  PID:3992
- C:\Windows\System\fSjHDgx.exe
  C:\Windows\System\fSjHDgx.exe
  2⤵
  PID:4012
- C:\Windows\System\bFGhLlk.exe
  C:\Windows\System\bFGhLlk.exe
  2⤵
  PID:4032
- C:\Windows\System\XdvDLBe.exe
  C:\Windows\System\XdvDLBe.exe
  2⤵
  PID:4052
- C:\Windows\System\CsZccTk.exe
  C:\Windows\System\CsZccTk.exe
  2⤵
  PID:4072
- C:\Windows\System\OhxzQcS.exe
  C:\Windows\System\OhxzQcS.exe
  2⤵
  PID:4092
- C:\Windows\System\LOoVjSO.exe
  C:\Windows\System\LOoVjSO.exe
  2⤵
  PID:2852
- C:\Windows\System\xbsTzRQ.exe
  C:\Windows\System\xbsTzRQ.exe
  2⤵
  PID:2844
- C:\Windows\System\yrsNMEG.exe
  C:\Windows\System\yrsNMEG.exe
  2⤵
  PID:2172
- C:\Windows\System\CMfcfIh.exe
  C:\Windows\System\CMfcfIh.exe
  2⤵
  PID:1652
- C:\Windows\System\oCITBgl.exe
  C:\Windows\System\oCITBgl.exe
  2⤵
  PID:1648
- C:\Windows\System\DRubvFo.exe
  C:\Windows\System\DRubvFo.exe
  2⤵
  PID:2516
- C:\Windows\System\ikOpvdj.exe
  C:\Windows\System\ikOpvdj.exe
  2⤵
  PID:1388
- C:\Windows\System\HLIZGYq.exe
  C:\Windows\System\HLIZGYq.exe
  2⤵
  PID:1004
- C:\Windows\System\TZeJmnw.exe
  C:\Windows\System\TZeJmnw.exe
  2⤵
  PID:2884
- C:\Windows\System\fWrFDbn.exe
  C:\Windows\System\fWrFDbn.exe
  2⤵
  PID:1048
- C:\Windows\System\QzfLqAQ.exe
  C:\Windows\System\QzfLqAQ.exe
  2⤵
  PID:1600
- C:\Windows\System\rLeBoYT.exe
  C:\Windows\System\rLeBoYT.exe
  2⤵
  PID:3104
- C:\Windows\System\dIqlJaR.exe
  C:\Windows\System\dIqlJaR.exe
  2⤵
  PID:3144
- C:\Windows\System\NKlsnfe.exe
  C:\Windows\System\NKlsnfe.exe
  2⤵
  PID:3160
- C:\Windows\System\pvoGHYQ.exe
  C:\Windows\System\pvoGHYQ.exe
  2⤵
  PID:3236
- C:\Windows\System\UMypMFU.exe
  C:\Windows\System\UMypMFU.exe
  2⤵
  PID:3184
- C:\Windows\System\SkRlUpL.exe
  C:\Windows\System\SkRlUpL.exe
  2⤵
  PID:3220
- C:\Windows\System\yJpdYrU.exe
  C:\Windows\System\yJpdYrU.exe
  2⤵
  PID:3300
- C:\Windows\System\EnPdqcn.exe
  C:\Windows\System\EnPdqcn.exe
  2⤵
  PID:3356
- C:\Windows\System\VwYGtLD.exe
  C:\Windows\System\VwYGtLD.exe
  2⤵
  PID:3396
- C:\Windows\System\VrxlFBx.exe
  C:\Windows\System\VrxlFBx.exe
  2⤵
  PID:3468
- C:\Windows\System\qrBviaR.exe
  C:\Windows\System\qrBviaR.exe
  2⤵
  PID:3408
- C:\Windows\System\jKTQDVI.exe
  C:\Windows\System\jKTQDVI.exe
  2⤵
  PID:3448
- C:\Windows\System\ZktiMEp.exe
  C:\Windows\System\ZktiMEp.exe
  2⤵
  PID:3504
- C:\Windows\System\giGgtuw.exe
  C:\Windows\System\giGgtuw.exe
  2⤵
  PID:3564
- C:\Windows\System\HqJoqDz.exe
  C:\Windows\System\HqJoqDz.exe
  2⤵
  PID:3596
- C:\Windows\System\GLkoXfW.exe
  C:\Windows\System\GLkoXfW.exe
  2⤵
  PID:3620
- C:\Windows\System\SOzkGGz.exe
  C:\Windows\System\SOzkGGz.exe
  2⤵
  PID:3656
- C:\Windows\System\vvdPQUc.exe
  C:\Windows\System\vvdPQUc.exe
  2⤵
  PID:3684
- C:\Windows\System\EEvybzx.exe
  C:\Windows\System\EEvybzx.exe
  2⤵
  PID:3700
- C:\Windows\System\vIzChGv.exe
  C:\Windows\System\vIzChGv.exe
  2⤵
  PID:3768
- C:\Windows\System\uqPKLqE.exe
  C:\Windows\System\uqPKLqE.exe
  2⤵
  PID:3808
- C:\Windows\System\YoYhEan.exe
  C:\Windows\System\YoYhEan.exe
  2⤵
  PID:3820
- C:\Windows\System\pFHLDVx.exe
  C:\Windows\System\pFHLDVx.exe
  2⤵
  PID:3856
- C:\Windows\System\qhTSrXD.exe
  C:\Windows\System\qhTSrXD.exe
  2⤵
  PID:3888
- C:\Windows\System\AeEHdit.exe
  C:\Windows\System\AeEHdit.exe
  2⤵
  PID:3924
- C:\Windows\System\mAxrrlD.exe
  C:\Windows\System\mAxrrlD.exe
  2⤵
  PID:3940
- C:\Windows\System\ZaKwufk.exe
  C:\Windows\System\ZaKwufk.exe
  2⤵
  PID:4008
- C:\Windows\System\pchhxoY.exe
  C:\Windows\System\pchhxoY.exe
  2⤵
  PID:4048
- C:\Windows\System\vkiaTtI.exe
  C:\Windows\System\vkiaTtI.exe
  2⤵
  PID:4024
- C:\Windows\System\iPPhVHp.exe
  C:\Windows\System\iPPhVHp.exe
  2⤵
  PID:4084
- C:\Windows\System\RxJDRJz.exe
  C:\Windows\System\RxJDRJz.exe
  2⤵
  PID:2892
- C:\Windows\System\EisJzTD.exe
  C:\Windows\System\EisJzTD.exe
  2⤵
  PID:2084
- C:\Windows\System\gpctvqk.exe
  C:\Windows\System\gpctvqk.exe
  2⤵
  PID:2368
- C:\Windows\System\ntlHrzd.exe
  C:\Windows\System\ntlHrzd.exe
  2⤵
  PID:1316
- C:\Windows\System\VcbfihM.exe
  C:\Windows\System\VcbfihM.exe
  2⤵
  PID:2004
- C:\Windows\System\BMlvwSr.exe
  C:\Windows\System\BMlvwSr.exe
  2⤵
  PID:3076
- C:\Windows\System\EgfHtHO.exe
  C:\Windows\System\EgfHtHO.exe
  2⤵
  PID:3164
- C:\Windows\System\kvNRoBV.exe
  C:\Windows\System\kvNRoBV.exe
  2⤵
  PID:3176
- C:\Windows\System\mFlXrfo.exe
  C:\Windows\System\mFlXrfo.exe
  2⤵
  PID:3280
- C:\Windows\System\ECFxYyB.exe
  C:\Windows\System\ECFxYyB.exe
  2⤵
  PID:3136
- C:\Windows\System\PhZcCVg.exe
  C:\Windows\System\PhZcCVg.exe
  2⤵
  PID:3340
- C:\Windows\System\LxftfkO.exe
  C:\Windows\System\LxftfkO.exe
  2⤵
  PID:3336
- C:\Windows\System\opAnZYq.exe
  C:\Windows\System\opAnZYq.exe
  2⤵
  PID:3480
- C:\Windows\System\VeWYaTK.exe
  C:\Windows\System\VeWYaTK.exe
  2⤵
  PID:3516
- C:\Windows\System\uiDdPzG.exe
  C:\Windows\System\uiDdPzG.exe
  2⤵
  PID:3520
- C:\Windows\System\PQzFQzB.exe
  C:\Windows\System\PQzFQzB.exe
  2⤵
  PID:3636
- C:\Windows\System\czzpfFV.exe
  C:\Windows\System\czzpfFV.exe
  2⤵
  PID:3716
- C:\Windows\System\JLPwVJr.exe
  C:\Windows\System\JLPwVJr.exe
  2⤵
  PID:3724
- C:\Windows\System\cbAbZdM.exe
  C:\Windows\System\cbAbZdM.exe
  2⤵
  PID:3800
- C:\Windows\System\fIbVjSw.exe
  C:\Windows\System\fIbVjSw.exe
  2⤵
  PID:3788
- C:\Windows\System\aunBjnS.exe
  C:\Windows\System\aunBjnS.exe
  2⤵
  PID:3860
- C:\Windows\System\NEdTBJk.exe
  C:\Windows\System\NEdTBJk.exe
  2⤵
  PID:4000
- C:\Windows\System\eRICEZu.exe
  C:\Windows\System\eRICEZu.exe
  2⤵
  PID:3980
- C:\Windows\System\SnSFTcF.exe
  C:\Windows\System\SnSFTcF.exe
  2⤵
  PID:4028
- C:\Windows\System\TUYNAza.exe
  C:\Windows\System\TUYNAza.exe
  2⤵
  PID:4088
- C:\Windows\System\zBVZRoS.exe
  C:\Windows\System\zBVZRoS.exe
  2⤵
  PID:2168
- C:\Windows\System\OWOFgmQ.exe
  C:\Windows\System\OWOFgmQ.exe
  2⤵
  PID:2724
- C:\Windows\System\sVPeogt.exe
  C:\Windows\System\sVPeogt.exe
  2⤵
  PID:3096
- C:\Windows\System\vcgvDbe.exe
  C:\Windows\System\vcgvDbe.exe
  2⤵
  PID:2068
- C:\Windows\System\iVlzPRn.exe
  C:\Windows\System\iVlzPRn.exe
  2⤵
  PID:3296
- C:\Windows\System\MQwJDwf.exe
  C:\Windows\System\MQwJDwf.exe
  2⤵
  PID:3324
- C:\Windows\System\giLSnMC.exe
  C:\Windows\System\giLSnMC.exe
  2⤵
  PID:3460
- C:\Windows\System\xkmybXC.exe
  C:\Windows\System\xkmybXC.exe
  2⤵
  PID:3484
- C:\Windows\System\CEJmLlI.exe
  C:\Windows\System\CEJmLlI.exe
  2⤵
  PID:2712
- C:\Windows\System\MmQlZMK.exe
  C:\Windows\System\MmQlZMK.exe
  2⤵
  PID:2648
- C:\Windows\System\kYwMnGc.exe
  C:\Windows\System\kYwMnGc.exe
  2⤵
  PID:3668
- C:\Windows\System\BdEIXrC.exe
  C:\Windows\System\BdEIXrC.exe
  2⤵
  PID:3756
- C:\Windows\System\rMMvIzX.exe
  C:\Windows\System\rMMvIzX.exe
  2⤵
  PID:3804
- C:\Windows\System\daYCvYT.exe
  C:\Windows\System\daYCvYT.exe
  2⤵
  PID:3960
- C:\Windows\System\tqVDiwS.exe
  C:\Windows\System\tqVDiwS.exe
  2⤵
  PID:1544
- C:\Windows\System\NbsNBux.exe
  C:\Windows\System\NbsNBux.exe
  2⤵
  PID:4112
- C:\Windows\System\zBkhfXu.exe
  C:\Windows\System\zBkhfXu.exe
  2⤵
  PID:4132
- C:\Windows\System\PKGPCob.exe
  C:\Windows\System\PKGPCob.exe
  2⤵
  PID:4152
- C:\Windows\System\vvlXVrE.exe
  C:\Windows\System\vvlXVrE.exe
  2⤵
  PID:4172
- C:\Windows\System\RGpFdZs.exe
  C:\Windows\System\RGpFdZs.exe
  2⤵
  PID:4192
- C:\Windows\System\ylMdowQ.exe
  C:\Windows\System\ylMdowQ.exe
  2⤵
  PID:4212
- C:\Windows\System\BbRyczv.exe
  C:\Windows\System\BbRyczv.exe
  2⤵
  PID:4232
- C:\Windows\System\PrIeTDZ.exe
  C:\Windows\System\PrIeTDZ.exe
  2⤵
  PID:4252
- C:\Windows\System\FHHlxSH.exe
  C:\Windows\System\FHHlxSH.exe
  2⤵
  PID:4272
- C:\Windows\System\bDcHJUl.exe
  C:\Windows\System\bDcHJUl.exe
  2⤵
  PID:4292
- C:\Windows\System\oSphGyM.exe
  C:\Windows\System\oSphGyM.exe
  2⤵
  PID:4312
- C:\Windows\System\XYnwmRV.exe
  C:\Windows\System\XYnwmRV.exe
  2⤵
  PID:4332
- C:\Windows\System\mHnLUON.exe
  C:\Windows\System\mHnLUON.exe
  2⤵
  PID:4352
- C:\Windows\System\pYiggBH.exe
  C:\Windows\System\pYiggBH.exe
  2⤵
  PID:4372
- C:\Windows\System\iMOIAxN.exe
  C:\Windows\System\iMOIAxN.exe
  2⤵
  PID:4392
- C:\Windows\System\NIQvewA.exe
  C:\Windows\System\NIQvewA.exe
  2⤵
  PID:4412
- C:\Windows\System\PUsCaOO.exe
  C:\Windows\System\PUsCaOO.exe
  2⤵
  PID:4432
- C:\Windows\System\xPKMOTr.exe
  C:\Windows\System\xPKMOTr.exe
  2⤵
  PID:4452
- C:\Windows\System\MhmmmZU.exe
  C:\Windows\System\MhmmmZU.exe
  2⤵
  PID:4472
- C:\Windows\System\QDcBGuv.exe
  C:\Windows\System\QDcBGuv.exe
  2⤵
  PID:4492
- C:\Windows\System\eQSpARW.exe
  C:\Windows\System\eQSpARW.exe
  2⤵
  PID:4512
- C:\Windows\System\xrVDSQG.exe
  C:\Windows\System\xrVDSQG.exe
  2⤵
  PID:4532
- C:\Windows\System\GBhzyJT.exe
  C:\Windows\System\GBhzyJT.exe
  2⤵
  PID:4552
- C:\Windows\System\GigCeGM.exe
  C:\Windows\System\GigCeGM.exe
  2⤵
  PID:4572
- C:\Windows\System\ZzDqBey.exe
  C:\Windows\System\ZzDqBey.exe
  2⤵
  PID:4592
- C:\Windows\System\Bsrnsen.exe
  C:\Windows\System\Bsrnsen.exe
  2⤵
  PID:4612
- C:\Windows\System\xPLqVCN.exe
  C:\Windows\System\xPLqVCN.exe
  2⤵
  PID:4632
- C:\Windows\System\bYkTPLT.exe
  C:\Windows\System\bYkTPLT.exe
  2⤵
  PID:4652
- C:\Windows\System\gAvPGOC.exe
  C:\Windows\System\gAvPGOC.exe
  2⤵
  PID:4672
- C:\Windows\System\pSpONbm.exe
  C:\Windows\System\pSpONbm.exe
  2⤵
  PID:4692
- C:\Windows\System\sjMIhJV.exe
  C:\Windows\System\sjMIhJV.exe
  2⤵
  PID:4712
- C:\Windows\System\UgfVhkf.exe
  C:\Windows\System\UgfVhkf.exe
  2⤵
  PID:4732
- C:\Windows\System\BEubqIn.exe
  C:\Windows\System\BEubqIn.exe
  2⤵
  PID:4752
- C:\Windows\System\lzkHDpX.exe
  C:\Windows\System\lzkHDpX.exe
  2⤵
  PID:4772
- C:\Windows\System\rXWYZbU.exe
  C:\Windows\System\rXWYZbU.exe
  2⤵
  PID:4792
- C:\Windows\System\kmryDXR.exe
  C:\Windows\System\kmryDXR.exe
  2⤵
  PID:4812
- C:\Windows\System\lQGjWvE.exe
  C:\Windows\System\lQGjWvE.exe
  2⤵
  PID:4832
- C:\Windows\System\wzcWZxU.exe
  C:\Windows\System\wzcWZxU.exe
  2⤵
  PID:4852
- C:\Windows\System\XQRzPyg.exe
  C:\Windows\System\XQRzPyg.exe
  2⤵
  PID:4872
- C:\Windows\System\FSAbKyo.exe
  C:\Windows\System\FSAbKyo.exe
  2⤵
  PID:4892
- C:\Windows\System\AQgRVid.exe
  C:\Windows\System\AQgRVid.exe
  2⤵
  PID:4912
- C:\Windows\System\lIjIkUL.exe
  C:\Windows\System\lIjIkUL.exe
  2⤵
  PID:4932
- C:\Windows\System\LNqNjZn.exe
  C:\Windows\System\LNqNjZn.exe
  2⤵
  PID:4952
- C:\Windows\System\APmHfKM.exe
  C:\Windows\System\APmHfKM.exe
  2⤵
  PID:4972
- C:\Windows\System\AyzxgpT.exe
  C:\Windows\System\AyzxgpT.exe
  2⤵
  PID:4992
- C:\Windows\System\SxXjENY.exe
  C:\Windows\System\SxXjENY.exe
  2⤵
  PID:5012
- C:\Windows\System\yciMqXx.exe
  C:\Windows\System\yciMqXx.exe
  2⤵
  PID:5032
- C:\Windows\System\NqophDl.exe
  C:\Windows\System\NqophDl.exe
  2⤵
  PID:5052
- C:\Windows\System\dOONhDF.exe
  C:\Windows\System\dOONhDF.exe
  2⤵
  PID:5068
- C:\Windows\System\TyWFfsd.exe
  C:\Windows\System\TyWFfsd.exe
  2⤵
  PID:5088
- C:\Windows\System\AODrpqD.exe
  C:\Windows\System\AODrpqD.exe
  2⤵
  PID:5112
- C:\Windows\System\hQhLrjp.exe
  C:\Windows\System\hQhLrjp.exe
  2⤵
  PID:2608
- C:\Windows\System\BOaPMpj.exe
  C:\Windows\System\BOaPMpj.exe
  2⤵
  PID:2488
- C:\Windows\System\SyOaVww.exe
  C:\Windows\System\SyOaVww.exe
  2⤵
  PID:3084
- C:\Windows\System\hzdkVgt.exe
  C:\Windows\System\hzdkVgt.exe
  2⤵
  PID:3304
- C:\Windows\System\PiPTgpP.exe
  C:\Windows\System\PiPTgpP.exe
  2⤵
  PID:3392
- C:\Windows\System\fmHcDGV.exe
  C:\Windows\System\fmHcDGV.exe
  2⤵
  PID:3524
- C:\Windows\System\LDkMtSd.exe
  C:\Windows\System\LDkMtSd.exe
  2⤵
  PID:2968
- C:\Windows\System\mmcuQbl.exe
  C:\Windows\System\mmcuQbl.exe
  2⤵
  PID:3584
- C:\Windows\System\lmBNgps.exe
  C:\Windows\System\lmBNgps.exe
  2⤵
  PID:2692
- C:\Windows\System\knjADnR.exe
  C:\Windows\System\knjADnR.exe
  2⤵
  PID:4100
- C:\Windows\System\aSzuwBe.exe
  C:\Windows\System\aSzuwBe.exe
  2⤵
  PID:4128
- C:\Windows\System\VzFHkgD.exe
  C:\Windows\System\VzFHkgD.exe
  2⤵
  PID:4168
- C:\Windows\System\rSGdSoE.exe
  C:\Windows\System\rSGdSoE.exe
  2⤵
  PID:4184
- C:\Windows\System\FVWudHK.exe
  C:\Windows\System\FVWudHK.exe
  2⤵
  PID:4224
- C:\Windows\System\RAFJlrz.exe
  C:\Windows\System\RAFJlrz.exe
  2⤵
  PID:4264
- C:\Windows\System\xAySZMX.exe
  C:\Windows\System\xAySZMX.exe
  2⤵
  PID:4288
- C:\Windows\System\acsqNoo.exe
  C:\Windows\System\acsqNoo.exe
  2⤵
  PID:4320
- C:\Windows\System\nFVyIto.exe
  C:\Windows\System\nFVyIto.exe
  2⤵
  PID:4360
- C:\Windows\System\msSwphc.exe
  C:\Windows\System\msSwphc.exe
  2⤵
  PID:4384
- C:\Windows\System\fBqxKuw.exe
  C:\Windows\System\fBqxKuw.exe
  2⤵
  PID:4428
- C:\Windows\System\xTJwKtB.exe
  C:\Windows\System\xTJwKtB.exe
  2⤵
  PID:4448
- C:\Windows\System\TsWczJf.exe
  C:\Windows\System\TsWczJf.exe
  2⤵
  PID:4500
- C:\Windows\System\bmcKIdm.exe
  C:\Windows\System\bmcKIdm.exe
  2⤵
  PID:4528
- C:\Windows\System\fRMMZSV.exe
  C:\Windows\System\fRMMZSV.exe
  2⤵
  PID:4560
- C:\Windows\System\JxrbXsj.exe
  C:\Windows\System\JxrbXsj.exe
  2⤵
  PID:4584
- C:\Windows\System\DIToJLM.exe
  C:\Windows\System\DIToJLM.exe
  2⤵
  PID:4620
- C:\Windows\System\IJbDPez.exe
  C:\Windows\System\IJbDPez.exe
  2⤵
  PID:4648
- C:\Windows\System\RUYCiZN.exe
  C:\Windows\System\RUYCiZN.exe
  2⤵
  PID:4664
- C:\Windows\System\tWgVCvg.exe
  C:\Windows\System\tWgVCvg.exe
  2⤵
  PID:4708
- C:\Windows\System\KxXWwSD.exe
  C:\Windows\System\KxXWwSD.exe
  2⤵
  PID:4744
- C:\Windows\System\LnphDwE.exe
  C:\Windows\System\LnphDwE.exe
  2⤵
  PID:4780
- C:\Windows\System\ExOHqCD.exe
  C:\Windows\System\ExOHqCD.exe
  2⤵
  PID:4828
- C:\Windows\System\kjBgpib.exe
  C:\Windows\System\kjBgpib.exe
  2⤵
  PID:4864
- C:\Windows\System\KmqfwHx.exe
  C:\Windows\System\KmqfwHx.exe
  2⤵
  PID:4888
- C:\Windows\System\WuPfqiw.exe
  C:\Windows\System\WuPfqiw.exe
  2⤵
  PID:4904
- C:\Windows\System\cMwcuWE.exe
  C:\Windows\System\cMwcuWE.exe
  2⤵
  PID:4924
- C:\Windows\System\RLIeJlS.exe
  C:\Windows\System\RLIeJlS.exe
  2⤵
  PID:4964
- C:\Windows\System\ytPIwCd.exe
  C:\Windows\System\ytPIwCd.exe
  2⤵
  PID:5008
- C:\Windows\System\qIytmRe.exe
  C:\Windows\System\qIytmRe.exe
  2⤵
  PID:5104
- C:\Windows\System\PNAkOci.exe
  C:\Windows\System\PNAkOci.exe
  2⤵
  PID:5040
- C:\Windows\System\AsWJuRF.exe
  C:\Windows\System\AsWJuRF.exe
  2⤵
  PID:3224
- C:\Windows\System\zOeuzlS.exe
  C:\Windows\System\zOeuzlS.exe
  2⤵
  PID:1952
- C:\Windows\System\WcOYJWK.exe
  C:\Windows\System\WcOYJWK.exe
  2⤵
  PID:2540
- C:\Windows\System\EtuNKjb.exe
  C:\Windows\System\EtuNKjb.exe
  2⤵
  PID:3600
- C:\Windows\System\EbNFXUc.exe
  C:\Windows\System\EbNFXUc.exe
  2⤵
  PID:3948
- C:\Windows\System\xZQRLIa.exe
  C:\Windows\System\xZQRLIa.exe
  2⤵
  PID:3360
- C:\Windows\System\xGrEQdL.exe
  C:\Windows\System\xGrEQdL.exe
  2⤵
  PID:3580
- C:\Windows\System\gSJqAZM.exe
  C:\Windows\System\gSJqAZM.exe
  2⤵
  PID:4208
- C:\Windows\System\OXcfmJo.exe
  C:\Windows\System\OXcfmJo.exe
  2⤵
  PID:4188
- C:\Windows\System\BasWcns.exe
  C:\Windows\System\BasWcns.exe
  2⤵
  PID:4348
- C:\Windows\System\YpnKfhC.exe
  C:\Windows\System\YpnKfhC.exe
  2⤵
  PID:4268
- C:\Windows\System\HqUwbOA.exe
  C:\Windows\System\HqUwbOA.exe
  2⤵
  PID:4380
- C:\Windows\System\XPilCKV.exe
  C:\Windows\System\XPilCKV.exe
  2⤵
  PID:4460
- C:\Windows\System\SSuDfOx.exe
  C:\Windows\System\SSuDfOx.exe
  2⤵
  PID:4544
- C:\Windows\System\dNPPTbq.exe
  C:\Windows\System\dNPPTbq.exe
  2⤵
  PID:4608
- C:\Windows\System\KrHtsky.exe
  C:\Windows\System\KrHtsky.exe
  2⤵
  PID:4784
- C:\Windows\System\yzTidBU.exe
  C:\Windows\System\yzTidBU.exe
  2⤵
  PID:4768
- C:\Windows\System\dEbeDYz.exe
  C:\Windows\System\dEbeDYz.exe
  2⤵
  PID:4568
- C:\Windows\System\TWHpHAw.exe
  C:\Windows\System\TWHpHAw.exe
  2⤵
  PID:4688
- C:\Windows\System\NWpSIde.exe
  C:\Windows\System\NWpSIde.exe
  2⤵
  PID:4824
- C:\Windows\System\qEboLKA.exe
  C:\Windows\System\qEboLKA.exe
  2⤵
  PID:4944
- C:\Windows\System\JEOacqU.exe
  C:\Windows\System\JEOacqU.exe
  2⤵
  PID:2620
- C:\Windows\System\rGbwCyR.exe
  C:\Windows\System\rGbwCyR.exe
  2⤵
  PID:4968
- C:\Windows\System\gOazEVm.exe
  C:\Windows\System\gOazEVm.exe
  2⤵
  PID:5000
- C:\Windows\System\LgVxUUt.exe
  C:\Windows\System\LgVxUUt.exe
  2⤵
  PID:5064
- C:\Windows\System\bzserkx.exe
  C:\Windows\System\bzserkx.exe
  2⤵
  PID:5076
- C:\Windows\System\EcBPrJg.exe
  C:\Windows\System\EcBPrJg.exe
  2⤵
  PID:2536
- C:\Windows\System\pBirXZd.exe
  C:\Windows\System\pBirXZd.exe
  2⤵
  PID:1788
- C:\Windows\System\KFIcXLR.exe
  C:\Windows\System\KFIcXLR.exe
  2⤵
  PID:4068
- C:\Windows\System\PZqhCfA.exe
  C:\Windows\System\PZqhCfA.exe
  2⤵
  PID:4120
- C:\Windows\System\PdzWcDt.exe
  C:\Windows\System\PdzWcDt.exe
  2⤵
  PID:4340
- C:\Windows\System\JzGhPJV.exe
  C:\Windows\System\JzGhPJV.exe
  2⤵
  PID:4668
- C:\Windows\System\CcHIoXc.exe
  C:\Windows\System\CcHIoXc.exe
  2⤵
  PID:648
- C:\Windows\System\ZbPPJYO.exe
  C:\Windows\System\ZbPPJYO.exe
  2⤵
  PID:4420
- C:\Windows\System\esEePFF.exe
  C:\Windows\System\esEePFF.exe
  2⤵
  PID:4468
- C:\Windows\System\VOfzdUh.exe
  C:\Windows\System\VOfzdUh.exe
  2⤵
  PID:2624
- C:\Windows\System\spqCekj.exe
  C:\Windows\System\spqCekj.exe
  2⤵
  PID:4760
- C:\Windows\System\GUlBkGj.exe
  C:\Windows\System\GUlBkGj.exe
  2⤵
  PID:4860
- C:\Windows\System\rTqEcsf.exe
  C:\Windows\System\rTqEcsf.exe
  2⤵
  PID:4868
- C:\Windows\System\oEXzfer.exe
  C:\Windows\System\oEXzfer.exe
  2⤵
  PID:3040
- C:\Windows\System\bxcerjP.exe
  C:\Windows\System\bxcerjP.exe
  2⤵
  PID:5136
- C:\Windows\System\VexHQlE.exe
  C:\Windows\System\VexHQlE.exe
  2⤵
  PID:5156
- C:\Windows\System\LMXggZh.exe
  C:\Windows\System\LMXggZh.exe
  2⤵
  PID:5184
- C:\Windows\System\pmXUFuz.exe
  C:\Windows\System\pmXUFuz.exe
  2⤵
  PID:5200
- C:\Windows\System\LNPmCrn.exe
  C:\Windows\System\LNPmCrn.exe
  2⤵
  PID:5224
- C:\Windows\System\reYJByv.exe
  C:\Windows\System\reYJByv.exe
  2⤵
  PID:5248
- C:\Windows\System\GMwptbl.exe
  C:\Windows\System\GMwptbl.exe
  2⤵
  PID:5272
- C:\Windows\System\QquQEkO.exe
  C:\Windows\System\QquQEkO.exe
  2⤵
  PID:5308
- C:\Windows\System\kEZnrCN.exe
  C:\Windows\System\kEZnrCN.exe
  2⤵
  PID:5324
- C:\Windows\System\cXUkUow.exe
  C:\Windows\System\cXUkUow.exe
  2⤵
  PID:5344
- C:\Windows\System\ojKgaeL.exe
  C:\Windows\System\ojKgaeL.exe
  2⤵
  PID:5364
- C:\Windows\System\MHnTdSD.exe
  C:\Windows\System\MHnTdSD.exe
  2⤵
  PID:5384
- C:\Windows\System\IMpOLzO.exe
  C:\Windows\System\IMpOLzO.exe
  2⤵
  PID:5400
- C:\Windows\System\OFgkdMU.exe
  C:\Windows\System\OFgkdMU.exe
  2⤵
  PID:5420
- C:\Windows\System\EnwismU.exe
  C:\Windows\System\EnwismU.exe
  2⤵
  PID:5436
- C:\Windows\System\mJUOJWq.exe
  C:\Windows\System\mJUOJWq.exe
  2⤵
  PID:5456
- C:\Windows\System\lLotetM.exe
  C:\Windows\System\lLotetM.exe
  2⤵
  PID:5472
- C:\Windows\System\hVKsdrX.exe
  C:\Windows\System\hVKsdrX.exe
  2⤵
  PID:5492
- C:\Windows\System\IiMhVSX.exe
  C:\Windows\System\IiMhVSX.exe
  2⤵
  PID:5512
- C:\Windows\System\uFvFonE.exe
  C:\Windows\System\uFvFonE.exe
  2⤵
  PID:5536
- C:\Windows\System\jHFjgit.exe
  C:\Windows\System\jHFjgit.exe
  2⤵
  PID:5556
- C:\Windows\System\sMlfDdp.exe
  C:\Windows\System\sMlfDdp.exe
  2⤵
  PID:5576
- C:\Windows\System\eUhfatX.exe
  C:\Windows\System\eUhfatX.exe
  2⤵
  PID:5604
- C:\Windows\System\TcPLXZU.exe
  C:\Windows\System\TcPLXZU.exe
  2⤵
  PID:5620
- C:\Windows\System\SwBdEGv.exe
  C:\Windows\System\SwBdEGv.exe
  2⤵
  PID:5640
- C:\Windows\System\MIBuJwE.exe
  C:\Windows\System\MIBuJwE.exe
  2⤵
  PID:5656
- C:\Windows\System\ZzSvALd.exe
  C:\Windows\System\ZzSvALd.exe
  2⤵
  PID:5676
- C:\Windows\System\LaMGhNi.exe
  C:\Windows\System\LaMGhNi.exe
  2⤵
  PID:5692
- C:\Windows\System\XxEEbdS.exe
  C:\Windows\System\XxEEbdS.exe
  2⤵
  PID:5712
- C:\Windows\System\XmNlUHB.exe
  C:\Windows\System\XmNlUHB.exe
  2⤵
  PID:5728
- C:\Windows\System\LIGJOuW.exe
  C:\Windows\System\LIGJOuW.exe
  2⤵
  PID:5764
- C:\Windows\System\quBhisU.exe
  C:\Windows\System\quBhisU.exe
  2⤵
  PID:5784
- C:\Windows\System\lcsHkhH.exe
  C:\Windows\System\lcsHkhH.exe
  2⤵
  PID:5804
- C:\Windows\System\oendTDW.exe
  C:\Windows\System\oendTDW.exe
  2⤵
  PID:5820
- C:\Windows\System\dnhPEVJ.exe
  C:\Windows\System\dnhPEVJ.exe
  2⤵
  PID:5836
- C:\Windows\System\eqPQFTe.exe
  C:\Windows\System\eqPQFTe.exe
  2⤵
  PID:5860
- C:\Windows\System\cSUiCrU.exe
  C:\Windows\System\cSUiCrU.exe
  2⤵
  PID:5880
- C:\Windows\System\oMzqstF.exe
  C:\Windows\System\oMzqstF.exe
  2⤵
  PID:5896
- C:\Windows\System\LDLdMDW.exe
  C:\Windows\System\LDLdMDW.exe
  2⤵
  PID:5912
- C:\Windows\System\LueyghG.exe
  C:\Windows\System\LueyghG.exe
  2⤵
  PID:5928
- C:\Windows\System\xTaPTDg.exe
  C:\Windows\System\xTaPTDg.exe
  2⤵
  PID:5944
- C:\Windows\System\ZBEaazU.exe
  C:\Windows\System\ZBEaazU.exe
  2⤵
  PID:5960
- C:\Windows\System\iwRIQhc.exe
  C:\Windows\System\iwRIQhc.exe
  2⤵
  PID:5976
- C:\Windows\System\uaLzgEl.exe
  C:\Windows\System\uaLzgEl.exe
  2⤵
  PID:5992
- C:\Windows\System\bplTDmR.exe
  C:\Windows\System\bplTDmR.exe
  2⤵
  PID:6008
- C:\Windows\System\GcIRDsr.exe
  C:\Windows\System\GcIRDsr.exe
  2⤵
  PID:6024
- C:\Windows\System\CVFjKkw.exe
  C:\Windows\System\CVFjKkw.exe
  2⤵
  PID:6040
- C:\Windows\System\QrgtDiJ.exe
  C:\Windows\System\QrgtDiJ.exe
  2⤵
  PID:6056
- C:\Windows\System\qdYNxsq.exe
  C:\Windows\System\qdYNxsq.exe
  2⤵
  PID:6072
- C:\Windows\System\gmCNmja.exe
  C:\Windows\System\gmCNmja.exe
  2⤵
  PID:6088
- C:\Windows\System\SymekRZ.exe
  C:\Windows\System\SymekRZ.exe
  2⤵
  PID:6132
- C:\Windows\System\XavurbI.exe
  C:\Windows\System\XavurbI.exe
  2⤵
  PID:4540
- C:\Windows\System\ISpIfKO.exe
  C:\Windows\System\ISpIfKO.exe
  2⤵
  PID:4728
- C:\Windows\System\fMzXDkr.exe
  C:\Windows\System\fMzXDkr.exe
  2⤵
  PID:4480
- C:\Windows\System\WhOLgFX.exe
  C:\Windows\System\WhOLgFX.exe
  2⤵
  PID:4844
- C:\Windows\System\xorWpJc.exe
  C:\Windows\System\xorWpJc.exe
  2⤵
  PID:4908
- C:\Windows\System\dCUMQLc.exe
  C:\Windows\System\dCUMQLc.exe
  2⤵
  PID:1636
- C:\Windows\System\KFKmndG.exe
  C:\Windows\System\KFKmndG.exe
  2⤵
  PID:5148
- C:\Windows\System\XQOcKIw.exe
  C:\Windows\System\XQOcKIw.exe
  2⤵
  PID:3260
- C:\Windows\System\HEJwsli.exe
  C:\Windows\System\HEJwsli.exe
  2⤵
  PID:5108
- C:\Windows\System\tCPTAdd.exe
  C:\Windows\System\tCPTAdd.exe
  2⤵
  PID:4324
- C:\Windows\System\MDPxPoQ.exe
  C:\Windows\System\MDPxPoQ.exe
  2⤵
  PID:5240
- C:\Windows\System\HIwaJNI.exe
  C:\Windows\System\HIwaJNI.exe
  2⤵
  PID:4644
- C:\Windows\System\VUnhBjr.exe
  C:\Windows\System\VUnhBjr.exe
  2⤵
  PID:5280
- C:\Windows\System\YDLZFcO.exe
  C:\Windows\System\YDLZFcO.exe
  2⤵
  PID:5172
- C:\Windows\System\FeNEWVd.exe
  C:\Windows\System\FeNEWVd.exe
  2⤵
  PID:5332
- C:\Windows\System\Vxmqvwt.exe
  C:\Windows\System\Vxmqvwt.exe
  2⤵
  PID:5256
- C:\Windows\System\dSEKaPE.exe
  C:\Windows\System\dSEKaPE.exe
  2⤵
  PID:5336
- C:\Windows\System\PqZLrWv.exe
  C:\Windows\System\PqZLrWv.exe
  2⤵
  PID:5408
- C:\Windows\System\EsrzZGw.exe
  C:\Windows\System\EsrzZGw.exe
  2⤵
  PID:2688
- C:\Windows\System\IIsXGFr.exe
  C:\Windows\System\IIsXGFr.exe
  2⤵
  PID:5128
- C:\Windows\System\FPOypZE.exe
  C:\Windows\System\FPOypZE.exe
  2⤵
  PID:5360
- C:\Windows\System\YeaAyrj.exe
  C:\Windows\System\YeaAyrj.exe
  2⤵
  PID:5488
- C:\Windows\System\oGsoohv.exe
  C:\Windows\System\oGsoohv.exe
  2⤵
  PID:5648
- C:\Windows\System\SKgOrVf.exe
  C:\Windows\System\SKgOrVf.exe
  2⤵
  PID:5720
- C:\Windows\System\RVikxnD.exe
  C:\Windows\System\RVikxnD.exe
  2⤵
  PID:5776
- C:\Windows\System\ykFzRfm.exe
  C:\Windows\System\ykFzRfm.exe
  2⤵
  PID:5852
- C:\Windows\System\bbEgOdh.exe
  C:\Windows\System\bbEgOdh.exe
  2⤵
  PID:5892
- C:\Windows\System\IwwGLIq.exe
  C:\Windows\System\IwwGLIq.exe
  2⤵
  PID:5544
- C:\Windows\System\leMrDdB.exe
  C:\Windows\System\leMrDdB.exe
  2⤵
  PID:5500
- C:\Windows\System\DFxQqTw.exe
  C:\Windows\System\DFxQqTw.exe
  2⤵
  PID:5596
- C:\Windows\System\fcSgGPb.exe
  C:\Windows\System\fcSgGPb.exe
  2⤵
  PID:5668
- C:\Windows\System\znOMkSJ.exe
  C:\Windows\System\znOMkSJ.exe
  2⤵
  PID:5708
- C:\Windows\System\GZCZith.exe
  C:\Windows\System\GZCZith.exe
  2⤵
  PID:4040
- C:\Windows\System\AuGbcfL.exe
  C:\Windows\System\AuGbcfL.exe
  2⤵
  PID:4308
- C:\Windows\System\IMJwIbE.exe
  C:\Windows\System\IMJwIbE.exe
  2⤵
  PID:4948
- C:\Windows\System\ZtIkORK.exe
  C:\Windows\System\ZtIkORK.exe
  2⤵
  PID:4984
- C:\Windows\System\ELwJucB.exe
  C:\Windows\System\ELwJucB.exe
  2⤵
  PID:5232
- C:\Windows\System\NNjyllB.exe
  C:\Windows\System\NNjyllB.exe
  2⤵
  PID:5584
- C:\Windows\System\IQhEIEQ.exe
  C:\Windows\System\IQhEIEQ.exe
  2⤵
  PID:5736
- C:\Windows\System\QDcMWgo.exe
  C:\Windows\System\QDcMWgo.exe
  2⤵
  PID:5752
- C:\Windows\System\JRtyoBs.exe
  C:\Windows\System\JRtyoBs.exe
  2⤵
  PID:2108
- C:\Windows\System\hmWSvCH.exe
  C:\Windows\System\hmWSvCH.exe
  2⤵
  PID:4504
- C:\Windows\System\lTEqMVo.exe
  C:\Windows\System\lTEqMVo.exe
  2⤵
  PID:5444
- C:\Windows\System\iUOpBLC.exe
  C:\Windows\System\iUOpBLC.exe
  2⤵
  PID:6100
- C:\Windows\System\pKwifvE.exe
  C:\Windows\System\pKwifvE.exe
  2⤵
  PID:6124
- C:\Windows\System\pOeoVYP.exe
  C:\Windows\System\pOeoVYP.exe
  2⤵
  PID:6032
- C:\Windows\System\mRVrPsD.exe
  C:\Windows\System\mRVrPsD.exe
  2⤵
  PID:5940
- C:\Windows\System\Audmobr.exe
  C:\Windows\System\Audmobr.exe
  2⤵
  PID:5868
- C:\Windows\System\spSxcom.exe
  C:\Windows\System\spSxcom.exe
  2⤵
  PID:5528
- C:\Windows\System\gdKjEYx.exe
  C:\Windows\System\gdKjEYx.exe
  2⤵
  PID:5392
- C:\Windows\System\YTeTwWe.exe
  C:\Windows\System\YTeTwWe.exe
  2⤵
  PID:5428
- C:\Windows\System\lNrTaMk.exe
  C:\Windows\System\lNrTaMk.exe
  2⤵
  PID:5848
- C:\Windows\System\RmDpzZV.exe
  C:\Windows\System\RmDpzZV.exe
  2⤵
  PID:5132
- C:\Windows\System\ygAmUvQ.exe
  C:\Windows\System\ygAmUvQ.exe
  2⤵
  PID:5380
- C:\Windows\System\EBEljPo.exe
  C:\Windows\System\EBEljPo.exe
  2⤵
  PID:5288
- C:\Windows\System\WTmmBpx.exe
  C:\Windows\System\WTmmBpx.exe
  2⤵
  PID:5196
- C:\Windows\System\DFaYozC.exe
  C:\Windows\System\DFaYozC.exe
  2⤵
  PID:2792
- C:\Windows\System\mUYtbSQ.exe
  C:\Windows\System\mUYtbSQ.exe
  2⤵
  PID:5484
- C:\Windows\System\APwqlIe.exe
  C:\Windows\System\APwqlIe.exe
  2⤵
  PID:6016
- C:\Windows\System\cuuFveJ.exe
  C:\Windows\System\cuuFveJ.exe
  2⤵
  PID:6020
- C:\Windows\System\FIbcRHJ.exe
  C:\Windows\System\FIbcRHJ.exe
  2⤵
  PID:6080
- C:\Windows\System\eawaBbO.exe
  C:\Windows\System\eawaBbO.exe
  2⤵
  PID:5432
- C:\Windows\System\wvFruIx.exe
  C:\Windows\System\wvFruIx.exe
  2⤵
  PID:4244
- C:\Windows\System\iJamMsx.exe
  C:\Windows\System\iJamMsx.exe
  2⤵
  PID:5984
- C:\Windows\System\BmkIgZg.exe
  C:\Windows\System\BmkIgZg.exe
  2⤵
  PID:3544
- C:\Windows\System\BWdMoJk.exe
  C:\Windows\System\BWdMoJk.exe
  2⤵
  PID:5876
- C:\Windows\System\psWaUaD.exe
  C:\Windows\System\psWaUaD.exe
  2⤵
  PID:5972
- C:\Windows\System\FkVotcv.exe
  C:\Windows\System\FkVotcv.exe
  2⤵
  PID:5356
- C:\Windows\System\KddQmvM.exe
  C:\Windows\System\KddQmvM.exe
  2⤵
  PID:5164
- C:\Windows\System\gdXeqVw.exe
  C:\Windows\System\gdXeqVw.exe
  2⤵
  PID:3688
- C:\Windows\System\WbCJLfj.exe
  C:\Windows\System\WbCJLfj.exe
  2⤵
  PID:576
- C:\Windows\System\NEDwviA.exe
  C:\Windows\System\NEDwviA.exe
  2⤵
  PID:5748
- C:\Windows\System\BtOUgPk.exe
  C:\Windows\System\BtOUgPk.exe
  2⤵
  PID:5300
- C:\Windows\System\MGjLjXE.exe
  C:\Windows\System\MGjLjXE.exe
  2⤵
  PID:5464
- C:\Windows\System\HDTrxVR.exe
  C:\Windows\System\HDTrxVR.exe
  2⤵
  PID:864
- C:\Windows\System\rQdRiqD.exe
  C:\Windows\System\rQdRiqD.exe
  2⤵
  PID:6068
- C:\Windows\System\yoFUlTv.exe
  C:\Windows\System\yoFUlTv.exe
  2⤵
  PID:6140
- C:\Windows\System\fScFBpq.exe
  C:\Windows\System\fScFBpq.exe
  2⤵
  PID:2528
- C:\Windows\System\tcOAtrc.exe
  C:\Windows\System\tcOAtrc.exe
  2⤵
  PID:6112
- C:\Windows\System\cSnatFe.exe
  C:\Windows\System\cSnatFe.exe
  2⤵
  PID:540
- C:\Windows\System\NMZIDlP.exe
  C:\Windows\System\NMZIDlP.exe
  2⤵
  PID:3216
- C:\Windows\System\fmfYatZ.exe
  C:\Windows\System\fmfYatZ.exe
  2⤵
  PID:5616
- C:\Windows\System\yoZbJUA.exe
  C:\Windows\System\yoZbJUA.exe
  2⤵
  PID:1040
- C:\Windows\System\RfcpowO.exe
  C:\Windows\System\RfcpowO.exe
  2⤵
  PID:1976
- C:\Windows\System\EtUumcZ.exe
  C:\Windows\System\EtUumcZ.exe
  2⤵
  PID:3928
- C:\Windows\System\BuIAQqa.exe
  C:\Windows\System\BuIAQqa.exe
  2⤵
  PID:5760
- C:\Windows\System\nbpTpfw.exe
  C:\Windows\System\nbpTpfw.exe
  2⤵
  PID:5316
- C:\Windows\System\QJLuzeQ.exe
  C:\Windows\System\QJLuzeQ.exe
  2⤵
  PID:5144
- C:\Windows\System\dlxNyZt.exe
  C:\Windows\System\dlxNyZt.exe
  2⤵
  PID:4808
- C:\Windows\System\nOebxkg.exe
  C:\Windows\System\nOebxkg.exe
  2⤵
  PID:6052
- C:\Windows\System\WZhOhsu.exe
  C:\Windows\System\WZhOhsu.exe
  2⤵
  PID:2356
- C:\Windows\System\MxTfjPe.exe
  C:\Windows\System\MxTfjPe.exe
  2⤵
  PID:5872
- C:\Windows\System\xUHVoDU.exe
  C:\Windows\System\xUHVoDU.exe
  2⤵
  PID:600
- C:\Windows\System\pakImbl.exe
  C:\Windows\System\pakImbl.exe
  2⤵
  PID:5988
- C:\Windows\System\NVnEVvQ.exe
  C:\Windows\System\NVnEVvQ.exe
  2⤵
  PID:5084
- C:\Windows\System\jcCVNoM.exe
  C:\Windows\System\jcCVNoM.exe
  2⤵
  PID:6116
- C:\Windows\System\uAJZifB.exe
  C:\Windows\System\uAJZifB.exe
  2⤵
  PID:6120
- C:\Windows\System\JXHCCgu.exe
  C:\Windows\System\JXHCCgu.exe
  2⤵
  PID:5416
- C:\Windows\System\gFbeEjz.exe
  C:\Windows\System\gFbeEjz.exe
  2⤵
  PID:6148
- C:\Windows\System\HCLBwSv.exe
  C:\Windows\System\HCLBwSv.exe
  2⤵
  PID:6192
- C:\Windows\System\NrwEAOr.exe
  C:\Windows\System\NrwEAOr.exe
  2⤵
  PID:6212
- C:\Windows\System\afXxRPr.exe
  C:\Windows\System\afXxRPr.exe
  2⤵
  PID:6228
- C:\Windows\System\kmtfcoa.exe
  C:\Windows\System\kmtfcoa.exe
  2⤵
  PID:6252
- C:\Windows\System\RjUrnbw.exe
  C:\Windows\System\RjUrnbw.exe
  2⤵
  PID:6272
- C:\Windows\System\bjPRYNn.exe
  C:\Windows\System\bjPRYNn.exe
  2⤵
  PID:6300
- C:\Windows\System\WBNZdIi.exe
  C:\Windows\System\WBNZdIi.exe
  2⤵
  PID:6320
- C:\Windows\System\NRkdDxf.exe
  C:\Windows\System\NRkdDxf.exe
  2⤵
  PID:6336
- C:\Windows\System\bPBppxc.exe
  C:\Windows\System\bPBppxc.exe
  2⤵
  PID:6352
- C:\Windows\System\JjpgbEQ.exe
  C:\Windows\System\JjpgbEQ.exe
  2⤵
  PID:6368
- C:\Windows\System\uFVjlWa.exe
  C:\Windows\System\uFVjlWa.exe
  2⤵
  PID:6384
- C:\Windows\System\rnvWsid.exe
  C:\Windows\System\rnvWsid.exe
  2⤵
  PID:6400
- C:\Windows\System\ABfyYLe.exe
  C:\Windows\System\ABfyYLe.exe
  2⤵
  PID:6416
- C:\Windows\System\pOdkcyU.exe
  C:\Windows\System\pOdkcyU.exe
  2⤵
  PID:6432
- C:\Windows\System\bpYoPqQ.exe
  C:\Windows\System\bpYoPqQ.exe
  2⤵
  PID:6448
- C:\Windows\System\oaiSEhm.exe
  C:\Windows\System\oaiSEhm.exe
  2⤵
  PID:6468
- C:\Windows\System\etnBxVB.exe
  C:\Windows\System\etnBxVB.exe
  2⤵
  PID:6484
- C:\Windows\System\QiqhKMV.exe
  C:\Windows\System\QiqhKMV.exe
  2⤵
  PID:6500
- C:\Windows\System\TubGsSY.exe
  C:\Windows\System\TubGsSY.exe
  2⤵
  PID:6516
- C:\Windows\System\jXVxETS.exe
  C:\Windows\System\jXVxETS.exe
  2⤵
  PID:6532
- C:\Windows\System\LmAtFQV.exe
  C:\Windows\System\LmAtFQV.exe
  2⤵
  PID:6548
- C:\Windows\System\zOpUmDN.exe
  C:\Windows\System\zOpUmDN.exe
  2⤵
  PID:6564
- C:\Windows\System\JiTIhrG.exe
  C:\Windows\System\JiTIhrG.exe
  2⤵
  PID:6580
- C:\Windows\System\fIrIiyR.exe
  C:\Windows\System\fIrIiyR.exe
  2⤵
  PID:6596
- C:\Windows\System\ANjLORQ.exe
  C:\Windows\System\ANjLORQ.exe
  2⤵
  PID:6612
- C:\Windows\System\sSBtuhg.exe
  C:\Windows\System\sSBtuhg.exe
  2⤵
  PID:6628
- C:\Windows\System\wMeCsAD.exe
  C:\Windows\System\wMeCsAD.exe
  2⤵
  PID:6644
- C:\Windows\System\TEvdEZa.exe
  C:\Windows\System\TEvdEZa.exe
  2⤵
  PID:6660
- C:\Windows\System\DpfEXtS.exe
  C:\Windows\System\DpfEXtS.exe
  2⤵
  PID:6676
- C:\Windows\System\LoRybgv.exe
  C:\Windows\System\LoRybgv.exe
  2⤵
  PID:6692
- C:\Windows\System\xlOfWdR.exe
  C:\Windows\System\xlOfWdR.exe
  2⤵
  PID:6708
- C:\Windows\System\QVwrQIS.exe
  C:\Windows\System\QVwrQIS.exe
  2⤵
  PID:6724
- C:\Windows\System\OOBFMwZ.exe
  C:\Windows\System\OOBFMwZ.exe
  2⤵
  PID:6740
- C:\Windows\System\FcmAGMz.exe
  C:\Windows\System\FcmAGMz.exe
  2⤵
  PID:6756
- C:\Windows\System\BpQSQLN.exe
  C:\Windows\System\BpQSQLN.exe
  2⤵
  PID:6772
- C:\Windows\System\GnaTwWm.exe
  C:\Windows\System\GnaTwWm.exe
  2⤵
  PID:6788
- C:\Windows\System\NYKBwOb.exe
  C:\Windows\System\NYKBwOb.exe
  2⤵
  PID:6804
- C:\Windows\System\WIwjhlV.exe
  C:\Windows\System\WIwjhlV.exe
  2⤵
  PID:6820
- C:\Windows\System\joMHHRe.exe
  C:\Windows\System\joMHHRe.exe
  2⤵
  PID:6836
- C:\Windows\System\wvlntki.exe
  C:\Windows\System\wvlntki.exe
  2⤵
  PID:6852
- C:\Windows\System\dqqXxhR.exe
  C:\Windows\System\dqqXxhR.exe
  2⤵
  PID:6868
- C:\Windows\System\BZdlFRY.exe
  C:\Windows\System\BZdlFRY.exe
  2⤵
  PID:6884
- C:\Windows\System\TdrGRMd.exe
  C:\Windows\System\TdrGRMd.exe
  2⤵
  PID:6900
- C:\Windows\System\MFaIAxm.exe
  C:\Windows\System\MFaIAxm.exe
  2⤵
  PID:6916
- C:\Windows\System\QQOPyFL.exe
  C:\Windows\System\QQOPyFL.exe
  2⤵
  PID:6932
- C:\Windows\System\YFXuyHM.exe
  C:\Windows\System\YFXuyHM.exe
  2⤵
  PID:6948
- C:\Windows\System\GAdUFBa.exe
  C:\Windows\System\GAdUFBa.exe
  2⤵
  PID:6964
- C:\Windows\System\pnBxEFM.exe
  C:\Windows\System\pnBxEFM.exe
  2⤵
  PID:6980
- C:\Windows\System\CosrsYw.exe
  C:\Windows\System\CosrsYw.exe
  2⤵
  PID:6996
- C:\Windows\System\TwkjeKL.exe
  C:\Windows\System\TwkjeKL.exe
  2⤵
  PID:7012
- C:\Windows\System\HusRmgs.exe
  C:\Windows\System\HusRmgs.exe
  2⤵
  PID:7028
- C:\Windows\System\hKOKvWL.exe
  C:\Windows\System\hKOKvWL.exe
  2⤵
  PID:7044
- C:\Windows\System\EYhMXWw.exe
  C:\Windows\System\EYhMXWw.exe
  2⤵
  PID:7060
- C:\Windows\System\JAEeYnq.exe
  C:\Windows\System\JAEeYnq.exe
  2⤵
  PID:7076
- C:\Windows\System\gknvJlZ.exe
  C:\Windows\System\gknvJlZ.exe
  2⤵
  PID:7092
- C:\Windows\System\iclBjKv.exe
  C:\Windows\System\iclBjKv.exe
  2⤵
  PID:7108
- C:\Windows\System\eUHGgOQ.exe
  C:\Windows\System\eUHGgOQ.exe
  2⤵
  PID:7124
- C:\Windows\System\uaQEJrw.exe
  C:\Windows\System\uaQEJrw.exe
  2⤵
  PID:7140
- C:\Windows\System\yVGyUJN.exe
  C:\Windows\System\yVGyUJN.exe
  2⤵
  PID:7156
- C:\Windows\System\FwnUCUY.exe
  C:\Windows\System\FwnUCUY.exe
  2⤵
  PID:1700
- C:\Windows\System\pWJIiQz.exe
  C:\Windows\System\pWJIiQz.exe
  2⤵
  PID:5452
- C:\Windows\System\gZkpXLP.exe
  C:\Windows\System\gZkpXLP.exe
  2⤵
  PID:4520
- C:\Windows\System\wHgCRfE.exe
  C:\Windows\System\wHgCRfE.exe
  2⤵
  PID:2556
- C:\Windows\System\OmQiYtT.exe
  C:\Windows\System\OmQiYtT.exe
  2⤵
  PID:2008
- C:\Windows\System\EBiNPUy.exe
  C:\Windows\System\EBiNPUy.exe
  2⤵
  PID:5568
- C:\Windows\System\wYuMmTZ.exe
  C:\Windows\System\wYuMmTZ.exe
  2⤵
  PID:4148
- C:\Windows\System\jBNNMIt.exe
  C:\Windows\System\jBNNMIt.exe
  2⤵
  PID:6208
- C:\Windows\System\PXhJipv.exe
  C:\Windows\System\PXhJipv.exe
  2⤵
  PID:6244
- C:\Windows\System\HzWTDVf.exe
  C:\Windows\System\HzWTDVf.exe
  2⤵
  PID:5796
- C:\Windows\System\vzuZCtR.exe
  C:\Windows\System\vzuZCtR.exe
  2⤵
  PID:6164
- C:\Windows\System\WLsrPOC.exe
  C:\Windows\System\WLsrPOC.exe
  2⤵
  PID:6172
- C:\Windows\System\OELtiYS.exe
  C:\Windows\System\OELtiYS.exe
  2⤵
  PID:6188
- C:\Windows\System\zhhRKIp.exe
  C:\Windows\System\zhhRKIp.exe
  2⤵
  PID:6264
- C:\Windows\System\OsAMyAF.exe
  C:\Windows\System\OsAMyAF.exe
  2⤵
  PID:6292
- C:\Windows\System\cpsntiO.exe
  C:\Windows\System\cpsntiO.exe
  2⤵
  PID:1300
- C:\Windows\System\rbWHGEK.exe
  C:\Windows\System\rbWHGEK.exe
  2⤵
  PID:6360
- C:\Windows\System\IFroymR.exe
  C:\Windows\System\IFroymR.exe
  2⤵
  PID:6424
- C:\Windows\System\GXBwdIk.exe
  C:\Windows\System\GXBwdIk.exe
  2⤵
  PID:6464
- C:\Windows\System\GxyYzYy.exe
  C:\Windows\System\GxyYzYy.exe
  2⤵
  PID:6528
- C:\Windows\System\WbazmYj.exe
  C:\Windows\System\WbazmYj.exe
  2⤵
  PID:6312
- C:\Windows\System\SobLJfr.exe
  C:\Windows\System\SobLJfr.exe
  2⤵
  PID:6560
- C:\Windows\System\JjTnjtc.exe
  C:\Windows\System\JjTnjtc.exe
  2⤵
  PID:6540
- C:\Windows\System\yAVkDHd.exe
  C:\Windows\System\yAVkDHd.exe
  2⤵
  PID:6380
- C:\Windows\System\MQKErEq.exe
  C:\Windows\System\MQKErEq.exe
  2⤵
  PID:6544
- C:\Windows\System\NWVNYNW.exe
  C:\Windows\System\NWVNYNW.exe
  2⤵
  PID:6796
- C:\Windows\System\uCUhtIz.exe
  C:\Windows\System\uCUhtIz.exe
  2⤵
  PID:6844
- C:\Windows\System\rveaMdF.exe
  C:\Windows\System\rveaMdF.exe
  2⤵
  PID:6876
- C:\Windows\System\DFbEyEE.exe
  C:\Windows\System\DFbEyEE.exe
  2⤵
  PID:6860
- C:\Windows\System\lcFlxpJ.exe
  C:\Windows\System\lcFlxpJ.exe
  2⤵
  PID:6912
- C:\Windows\System\PRIvOvg.exe
  C:\Windows\System\PRIvOvg.exe
  2⤵
  PID:6944
- C:\Windows\System\KPDCuog.exe
  C:\Windows\System\KPDCuog.exe
  2⤵
  PID:6956
- C:\Windows\System\lLamCyR.exe
  C:\Windows\System\lLamCyR.exe
  2⤵
  PID:6960
- C:\Windows\System\VZzvNRb.exe
  C:\Windows\System\VZzvNRb.exe
  2⤵
  PID:7036
- C:\Windows\System\rxHHCsw.exe
  C:\Windows\System\rxHHCsw.exe
  2⤵
  PID:7072
- C:\Windows\System\sCoOChU.exe
  C:\Windows\System\sCoOChU.exe
  2⤵
  PID:7020
- C:\Windows\System\USoewce.exe
  C:\Windows\System\USoewce.exe
  2⤵
  PID:7088
- C:\Windows\System\rqoGHUB.exe
  C:\Windows\System\rqoGHUB.exe
  2⤵
  PID:3988
- C:\Windows\System\AjAdZcD.exe
  C:\Windows\System\AjAdZcD.exe
  2⤵
  PID:5772
- C:\Windows\System\fuXPtnZ.exe
  C:\Windows\System\fuXPtnZ.exe
  2⤵
  PID:7152
- C:\Windows\System\cFSZGtk.exe
  C:\Windows\System\cFSZGtk.exe
  2⤵
  PID:2432
- C:\Windows\System\dJsgoFr.exe
  C:\Windows\System\dJsgoFr.exe
  2⤵
  PID:1916
- C:\Windows\System\aqTGfUI.exe
  C:\Windows\System\aqTGfUI.exe
  2⤵
  PID:6240
- C:\Windows\System\ZuJbpse.exe
  C:\Windows\System\ZuJbpse.exe
  2⤵
  PID:6156
- C:\Windows\System\xcVwdmD.exe
  C:\Windows\System\xcVwdmD.exe
  2⤵
  PID:6288
- C:\Windows\System\PbkQpcR.exe
  C:\Windows\System\PbkQpcR.exe
  2⤵
  PID:6556
- C:\Windows\System\JLzcMGU.exe
  C:\Windows\System\JLzcMGU.exe
  2⤵
  PID:6576
- C:\Windows\System\fRctgpx.exe
  C:\Windows\System\fRctgpx.exe
  2⤵
  PID:2824
- C:\Windows\System\KZvTxkV.exe
  C:\Windows\System\KZvTxkV.exe
  2⤵
  PID:2656
- C:\Windows\System\pijGOcg.exe
  C:\Windows\System\pijGOcg.exe
  2⤵
  PID:6260
- C:\Windows\System\ecgHZSo.exe
  C:\Windows\System\ecgHZSo.exe
  2⤵
  PID:6392
- C:\Windows\System\IJroSGs.exe
  C:\Windows\System\IJroSGs.exe
  2⤵
  PID:6348
- C:\Windows\System\GkvcGxJ.exe
  C:\Windows\System\GkvcGxJ.exe
  2⤵
  PID:6480
- C:\Windows\System\pUtEloc.exe
  C:\Windows\System\pUtEloc.exe
  2⤵
  PID:6608
- C:\Windows\System\kTOClOd.exe
  C:\Windows\System\kTOClOd.exe
  2⤵
  PID:6684
- C:\Windows\System\eSrsOBT.exe
  C:\Windows\System\eSrsOBT.exe
  2⤵
  PID:6640
- C:\Windows\System\WYzVXSM.exe
  C:\Windows\System\WYzVXSM.exe
  2⤵
  PID:2860
- C:\Windows\System\wQRDdxh.exe
  C:\Windows\System\wQRDdxh.exe
  2⤵
  PID:6752
- C:\Windows\System\kRfeUeM.exe
  C:\Windows\System\kRfeUeM.exe
  2⤵
  PID:6764
- C:\Windows\System\XLEHKPT.exe
  C:\Windows\System\XLEHKPT.exe
  2⤵
  PID:6816
- C:\Windows\System\KPildnh.exe
  C:\Windows\System\KPildnh.exe
  2⤵
  PID:6940
- C:\Windows\System\cZamWOM.exe
  C:\Windows\System\cZamWOM.exe
  2⤵
  PID:808
- C:\Windows\System\MtaaZJD.exe
  C:\Windows\System\MtaaZJD.exe
  2⤵
  PID:7068
- C:\Windows\System\bsyaqOO.exe
  C:\Windows\System\bsyaqOO.exe
  2⤵
  PID:6864
- C:\Windows\System\lbsInCb.exe
  C:\Windows\System\lbsInCb.exe
  2⤵
  PID:6924
- C:\Windows\System\EByUKna.exe
  C:\Windows\System\EByUKna.exe
  2⤵
  PID:5060
- C:\Windows\System\uFUkJbf.exe
  C:\Windows\System\uFUkJbf.exe
  2⤵
  PID:2232
- C:\Windows\System\vZVVNNw.exe
  C:\Windows\System\vZVVNNw.exe
  2⤵
  PID:1852
- C:\Windows\System\UHDAziv.exe
  C:\Windows\System\UHDAziv.exe
  2⤵
  PID:6184
- C:\Windows\System\YrmCnrz.exe
  C:\Windows\System\YrmCnrz.exe
  2⤵
  PID:6620
- C:\Windows\System\ABtvLua.exe
  C:\Windows\System\ABtvLua.exe
  2⤵
  PID:2100
- C:\Windows\System\KYxzfHY.exe
  C:\Windows\System\KYxzfHY.exe
  2⤵
  PID:6456
- C:\Windows\System\VbFahja.exe
  C:\Windows\System\VbFahja.exe
  2⤵
  PID:5956
- C:\Windows\System\OVLkbxf.exe
  C:\Windows\System\OVLkbxf.exe
  2⤵
  PID:1736
- C:\Windows\System\SGcYFul.exe
  C:\Windows\System\SGcYFul.exe
  2⤵
  PID:6508
- C:\Windows\System\CgXorWt.exe
  C:\Windows\System\CgXorWt.exe
  2⤵
  PID:6344
- C:\Windows\System\wIdzbVu.exe
  C:\Windows\System\wIdzbVu.exe
  2⤵
  PID:6700
- C:\Windows\System\ihVIBzM.exe
  C:\Windows\System\ihVIBzM.exe
  2⤵
  PID:1264
- C:\Windows\System\ZGmyFOC.exe
  C:\Windows\System\ZGmyFOC.exe
  2⤵
  PID:2832
- C:\Windows\System\wRodHxq.exe
  C:\Windows\System\wRodHxq.exe
  2⤵
  PID:7164
- C:\Windows\System\LyBpKvY.exe
  C:\Windows\System\LyBpKvY.exe
  2⤵
  PID:1572
- C:\Windows\System\WWKMgUQ.exe
  C:\Windows\System\WWKMgUQ.exe
  2⤵
  PID:1372
- C:\Windows\System\FRATDbT.exe
  C:\Windows\System\FRATDbT.exe
  2⤵
  PID:5744
- C:\Windows\System\zXsoEjV.exe
  C:\Windows\System\zXsoEjV.exe
  2⤵
  PID:6768
- C:\Windows\System\RTnpIIw.exe
  C:\Windows\System\RTnpIIw.exe
  2⤵
  PID:7104
- C:\Windows\System\NhQArGc.exe
  C:\Windows\System\NhQArGc.exe
  2⤵
  PID:5632
- C:\Windows\System\GwmrwVI.exe
  C:\Windows\System\GwmrwVI.exe
  2⤵
  PID:2728
- C:\Windows\System\WjMXJPB.exe
  C:\Windows\System\WjMXJPB.exe
  2⤵
  PID:1732
- C:\Windows\System\ZfjOPuw.exe
  C:\Windows\System\ZfjOPuw.exe
  2⤵
  PID:6440
- C:\Windows\System\FjYDGVz.exe
  C:\Windows\System\FjYDGVz.exe
  2⤵
  PID:444
- C:\Windows\System\hRMQBtS.exe
  C:\Windows\System\hRMQBtS.exe
  2⤵
  PID:6656
- C:\Windows\System\AuZXEHv.exe
  C:\Windows\System\AuZXEHv.exe
  2⤵
  PID:6800
- C:\Windows\System\AyOVhYc.exe
  C:\Windows\System\AyOVhYc.exe
  2⤵
  PID:6704
- C:\Windows\System\kkviulV.exe
  C:\Windows\System\kkviulV.exe
  2⤵
  PID:7176
- C:\Windows\System\oISLNHz.exe
  C:\Windows\System\oISLNHz.exe
  2⤵
  PID:7192
- C:\Windows\System\WGCdQzA.exe
  C:\Windows\System\WGCdQzA.exe
  2⤵
  PID:7208
- C:\Windows\System\OoZMWoa.exe
  C:\Windows\System\OoZMWoa.exe
  2⤵
  PID:7224
- C:\Windows\System\ESpsbHo.exe
  C:\Windows\System\ESpsbHo.exe
  2⤵
  PID:7256
- C:\Windows\System\SsQsqEL.exe
  C:\Windows\System\SsQsqEL.exe
  2⤵
  PID:7276
- C:\Windows\System\iJlpiTh.exe
  C:\Windows\System\iJlpiTh.exe
  2⤵
  PID:7292
- C:\Windows\System\tcdaKqF.exe
  C:\Windows\System\tcdaKqF.exe
  2⤵
  PID:7308
- C:\Windows\System\nZPVUxg.exe
  C:\Windows\System\nZPVUxg.exe
  2⤵
  PID:7324
- C:\Windows\System\dGdknvv.exe
  C:\Windows\System\dGdknvv.exe
  2⤵
  PID:7340
- C:\Windows\System\mbQGdui.exe
  C:\Windows\System\mbQGdui.exe
  2⤵
  PID:7356
- C:\Windows\System\BiqCJlQ.exe
  C:\Windows\System\BiqCJlQ.exe
  2⤵
  PID:7372
- C:\Windows\System\zvXELfz.exe
  C:\Windows\System\zvXELfz.exe
  2⤵
  PID:7388
- C:\Windows\System\NSJdTgt.exe
  C:\Windows\System\NSJdTgt.exe
  2⤵
  PID:7404
- C:\Windows\System\htamDjY.exe
  C:\Windows\System\htamDjY.exe
  2⤵
  PID:7420
- C:\Windows\System\AeLvMrR.exe
  C:\Windows\System\AeLvMrR.exe
  2⤵
  PID:7436
- C:\Windows\System\kCihybv.exe
  C:\Windows\System\kCihybv.exe
  2⤵
  PID:7452
- C:\Windows\System\CJElGOl.exe
  C:\Windows\System\CJElGOl.exe
  2⤵
  PID:7468
- C:\Windows\System\dpXWKKd.exe
  C:\Windows\System\dpXWKKd.exe
  2⤵
  PID:7484
- C:\Windows\System\rDcrgbr.exe
  C:\Windows\System\rDcrgbr.exe
  2⤵
  PID:7500
- C:\Windows\System\UheShVF.exe
  C:\Windows\System\UheShVF.exe
  2⤵
  PID:7516
- C:\Windows\System\rWOEWtF.exe
  C:\Windows\System\rWOEWtF.exe
  2⤵
  PID:7532
- C:\Windows\System\RENMTzt.exe
  C:\Windows\System\RENMTzt.exe
  2⤵
  PID:7548
- C:\Windows\System\LhgFrbe.exe
  C:\Windows\System\LhgFrbe.exe
  2⤵
  PID:7564
- C:\Windows\System\snFRDNp.exe
  C:\Windows\System\snFRDNp.exe
  2⤵
  PID:7580
- C:\Windows\System\GGvWvSH.exe
  C:\Windows\System\GGvWvSH.exe
  2⤵
  PID:7596
- C:\Windows\System\CEEseAp.exe
  C:\Windows\System\CEEseAp.exe
  2⤵
  PID:7612
- C:\Windows\System\yZcPTCD.exe
  C:\Windows\System\yZcPTCD.exe
  2⤵
  PID:7628
- C:\Windows\System\GJPYjSW.exe
  C:\Windows\System\GJPYjSW.exe
  2⤵
  PID:7660
- C:\Windows\System\pRWJYCp.exe
  C:\Windows\System\pRWJYCp.exe
  2⤵
  PID:7676
- C:\Windows\System\yOtCpOw.exe
  C:\Windows\System\yOtCpOw.exe
  2⤵
  PID:7692
- C:\Windows\System\oDmjyia.exe
  C:\Windows\System\oDmjyia.exe
  2⤵
  PID:7708
- C:\Windows\System\MxSFBvb.exe
  C:\Windows\System\MxSFBvb.exe
  2⤵
  PID:7724
- C:\Windows\System\vVndHWn.exe
  C:\Windows\System\vVndHWn.exe
  2⤵
  PID:7740
- C:\Windows\System\NfDzjaL.exe
  C:\Windows\System\NfDzjaL.exe
  2⤵
  PID:7756
- C:\Windows\System\gcxPBQv.exe
  C:\Windows\System\gcxPBQv.exe
  2⤵
  PID:7772
- C:\Windows\System\fsJewll.exe
  C:\Windows\System\fsJewll.exe
  2⤵
  PID:7788
- C:\Windows\System\DUDnIHh.exe
  C:\Windows\System\DUDnIHh.exe
  2⤵
  PID:7804
- C:\Windows\System\hiPnyBi.exe
  C:\Windows\System\hiPnyBi.exe
  2⤵
  PID:7820
- C:\Windows\System\kJHzxGG.exe
  C:\Windows\System\kJHzxGG.exe
  2⤵
  PID:7836
- C:\Windows\System\ATNhICT.exe
  C:\Windows\System\ATNhICT.exe
  2⤵
  PID:7852
- C:\Windows\System\iXrLHMU.exe
  C:\Windows\System\iXrLHMU.exe
  2⤵
  PID:7868
- C:\Windows\System\dTLXgFn.exe
  C:\Windows\System\dTLXgFn.exe
  2⤵
  PID:7884
- C:\Windows\System\SmJAgxK.exe
  C:\Windows\System\SmJAgxK.exe
  2⤵
  PID:7900
- C:\Windows\System\KHZIBcb.exe
  C:\Windows\System\KHZIBcb.exe
  2⤵
  PID:7916
- C:\Windows\System\RkmKtEn.exe
  C:\Windows\System\RkmKtEn.exe
  2⤵
  PID:7932
- C:\Windows\System\wzGeYpn.exe
  C:\Windows\System\wzGeYpn.exe
  2⤵
  PID:7948
- C:\Windows\System\zgQvgxt.exe
  C:\Windows\System\zgQvgxt.exe
  2⤵
  PID:7964
- C:\Windows\System\dAkDsXN.exe
  C:\Windows\System\dAkDsXN.exe
  2⤵
  PID:7980
- C:\Windows\System\BtpBuLC.exe
  C:\Windows\System\BtpBuLC.exe
  2⤵
  PID:7996
- C:\Windows\System\IayJlzS.exe
  C:\Windows\System\IayJlzS.exe
  2⤵
  PID:8012
- C:\Windows\System\WAcqyDJ.exe
  C:\Windows\System\WAcqyDJ.exe
  2⤵
  PID:8028
- C:\Windows\System\FjeBElP.exe
  C:\Windows\System\FjeBElP.exe
  2⤵
  PID:8048
- C:\Windows\System\UOcKGzP.exe
  C:\Windows\System\UOcKGzP.exe
  2⤵
  PID:8064
- C:\Windows\System\osSLzvv.exe
  C:\Windows\System\osSLzvv.exe
  2⤵
  PID:8080
- C:\Windows\System\BdqwYQE.exe
  C:\Windows\System\BdqwYQE.exe
  2⤵
  PID:8096
- C:\Windows\System\bhQAZVz.exe
  C:\Windows\System\bhQAZVz.exe
  2⤵
  PID:8112
- C:\Windows\System\oOUwzUA.exe
  C:\Windows\System\oOUwzUA.exe
  2⤵
  PID:8128
- C:\Windows\System\fnOQWey.exe
  C:\Windows\System\fnOQWey.exe
  2⤵
  PID:8144
- C:\Windows\System\dOIMUVV.exe
  C:\Windows\System\dOIMUVV.exe
  2⤵
  PID:8160
- C:\Windows\System\RYNXkgL.exe
  C:\Windows\System\RYNXkgL.exe
  2⤵
  PID:8176
- C:\Windows\System\CGTYKXE.exe
  C:\Windows\System\CGTYKXE.exe
  2⤵
  PID:6652
- C:\Windows\System\ZQkkxiq.exe
  C:\Windows\System\ZQkkxiq.exe
  2⤵
  PID:2112
- C:\Windows\System\OcXoXqU.exe
  C:\Windows\System\OcXoXqU.exe
  2⤵
  PID:7148
- C:\Windows\System\KsxDIWi.exe
  C:\Windows\System\KsxDIWi.exe
  2⤵
  PID:7216
- C:\Windows\System\WQWVPtn.exe
  C:\Windows\System\WQWVPtn.exe
  2⤵
  PID:6224
- C:\Windows\System\fiDRIwp.exe
  C:\Windows\System\fiDRIwp.exe
  2⤵
  PID:6720
- C:\Windows\System\jlcNbbl.exe
  C:\Windows\System\jlcNbbl.exe
  2⤵
  PID:7200
- C:\Windows\System\ZPZzjQp.exe
  C:\Windows\System\ZPZzjQp.exe
  2⤵
  PID:5264
- C:\Windows\System\VKihAxY.exe
  C:\Windows\System\VKihAxY.exe
  2⤵
  PID:2520
- C:\Windows\System\nAejUAo.exe
  C:\Windows\System\nAejUAo.exe
  2⤵
  PID:1688
- C:\Windows\System\sLZcnbh.exe
  C:\Windows\System\sLZcnbh.exe
  2⤵
  PID:836
- C:\Windows\System\eTrtNaM.exe
  C:\Windows\System\eTrtNaM.exe
  2⤵
  PID:7268
- C:\Windows\System\feslFsj.exe
  C:\Windows\System\feslFsj.exe
  2⤵
  PID:7332
- C:\Windows\System\bNPeMPb.exe
  C:\Windows\System\bNPeMPb.exe
  2⤵
  PID:7396
- C:\Windows\System\CaaXumq.exe
  C:\Windows\System\CaaXumq.exe
  2⤵
  PID:7460
- C:\Windows\System\ZpIihfH.exe
  C:\Windows\System\ZpIihfH.exe
  2⤵
  PID:7524
- C:\Windows\System\fZbzDoI.exe
  C:\Windows\System\fZbzDoI.exe
  2⤵
  PID:7588
- C:\Windows\System\dQvlOQk.exe
  C:\Windows\System\dQvlOQk.exe
  2⤵
  PID:7284
- C:\Windows\System\PcnjuyD.exe
  C:\Windows\System\PcnjuyD.exe
  2⤵
  PID:7348
- C:\Windows\System\UBUiwvr.exe
  C:\Windows\System\UBUiwvr.exe
  2⤵
  PID:7412
- C:\Windows\System\soWHXse.exe
  C:\Windows\System\soWHXse.exe
  2⤵
  PID:7476
- C:\Windows\System\lOENoYt.exe
  C:\Windows\System\lOENoYt.exe
  2⤵
  PID:7540
- C:\Windows\System\rskFDHz.exe
  C:\Windows\System\rskFDHz.exe
  2⤵
  PID:7604
- C:\Windows\System\jNokzFK.exe
  C:\Windows\System\jNokzFK.exe
  2⤵
  PID:1404
- C:\Windows\System\MvrAIBB.exe
  C:\Windows\System\MvrAIBB.exe
  2⤵
  PID:7704
- C:\Windows\System\dyoLiNj.exe
  C:\Windows\System\dyoLiNj.exe
  2⤵
  PID:7768
- C:\Windows\System\KTejjgb.exe
  C:\Windows\System\KTejjgb.exe
  2⤵
  PID:7832
- C:\Windows\System\eICmOvR.exe
  C:\Windows\System\eICmOvR.exe
  2⤵
  PID:7896
- C:\Windows\System\xHVwQTJ.exe
  C:\Windows\System\xHVwQTJ.exe
  2⤵
  PID:7960
- C:\Windows\System\YZnmRKc.exe
  C:\Windows\System\YZnmRKc.exe
  2⤵
  PID:2904
- C:\Windows\System\FJhxlLB.exe
  C:\Windows\System\FJhxlLB.exe
  2⤵
  PID:7688
- C:\Windows\System\ZDqXkeP.exe
  C:\Windows\System\ZDqXkeP.exe
  2⤵
  PID:7752
- C:\Windows\System\qEugOOD.exe
  C:\Windows\System\qEugOOD.exe
  2⤵
  PID:7844
- C:\Windows\System\AzSBBly.exe
  C:\Windows\System\AzSBBly.exe
  2⤵
  PID:7908
- C:\Windows\System\DjILusY.exe
  C:\Windows\System\DjILusY.exe
  2⤵
  PID:7944
- C:\Windows\System\kQiIiwD.exe
  C:\Windows\System\kQiIiwD.exe
  2⤵
  PID:8008
- C:\Windows\System\UludJCL.exe
  C:\Windows\System\UludJCL.exe
  2⤵
  PID:8072
- C:\Windows\System\oXHuvhk.exe
  C:\Windows\System\oXHuvhk.exe
  2⤵
  PID:8124
- C:\Windows\System\KPShJHB.exe
  C:\Windows\System\KPShJHB.exe
  2⤵
  PID:6048
- C:\Windows\System\sQiWKeU.exe
  C:\Windows\System\sQiWKeU.exe
  2⤵
  PID:8188
- C:\Windows\System\HZPxIEZ.exe
  C:\Windows\System\HZPxIEZ.exe
  2⤵
  PID:7184
- C:\Windows\System\aCINwZu.exe
  C:\Windows\System\aCINwZu.exe
  2⤵
  PID:6332
- C:\Windows\System\ZYyUWFe.exe
  C:\Windows\System\ZYyUWFe.exe
  2⤵
  PID:7172
- C:\Windows\System\SmJZXJc.exe
  C:\Windows\System\SmJZXJc.exe
  2⤵
  PID:7264
- C:\Windows\System\shnMOgn.exe
  C:\Windows\System\shnMOgn.exe
  2⤵
  PID:7368
- C:\Windows\System\ybccVmp.exe
  C:\Windows\System\ybccVmp.exe
  2⤵
  PID:7620
- C:\Windows\System\OXVUpol.exe
  C:\Windows\System\OXVUpol.exe
  2⤵
  PID:2316
- C:\Windows\System\IKphXRr.exe
  C:\Windows\System\IKphXRr.exe
  2⤵
  PID:2036
- C:\Windows\System\vwIYmrT.exe
  C:\Windows\System\vwIYmrT.exe
  2⤵
  PID:7560
- C:\Windows\System\ORJWGOy.exe
  C:\Windows\System\ORJWGOy.exe
  2⤵
  PID:1744
- C:\Windows\System\QEFwPol.exe
  C:\Windows\System\QEFwPol.exe
  2⤵
  PID:7384
- C:\Windows\System\jdMeJII.exe
  C:\Windows\System\jdMeJII.exe
  2⤵
  PID:7512
- C:\Windows\System\lIrCfyb.exe
  C:\Windows\System\lIrCfyb.exe
  2⤵
  PID:7736
- C:\Windows\System\aHGyqLm.exe
  C:\Windows\System\aHGyqLm.exe
  2⤵
  PID:7892
- C:\Windows\System\ncmucLs.exe
  C:\Windows\System\ncmucLs.exe
  2⤵
  PID:7748
- C:\Windows\System\OFgskoK.exe
  C:\Windows\System\OFgskoK.exe
  2⤵
  PID:8004
- C:\Windows\System\CCAcHTy.exe
  C:\Windows\System\CCAcHTy.exe
  2⤵
  PID:8184
- C:\Windows\System\AfVKKTv.exe
  C:\Windows\System\AfVKKTv.exe
  2⤵
  PID:8168
- C:\Windows\System\WbvloyN.exe
  C:\Windows\System\WbvloyN.exe
  2⤵
  PID:1780
- C:\Windows\System\ckdFJdM.exe
  C:\Windows\System\ckdFJdM.exe
  2⤵
  PID:7608
- C:\Windows\System\YdDnqZR.exe
  C:\Windows\System\YdDnqZR.exe
  2⤵
  PID:8040
- C:\Windows\System\NnezHrD.exe
  C:\Windows\System\NnezHrD.exe
  2⤵
  PID:1996
- C:\Windows\System\sKNCKIr.exe
  C:\Windows\System\sKNCKIr.exe
  2⤵
  PID:7828
- C:\Windows\System\TisgUVA.exe
  C:\Windows\System\TisgUVA.exe
  2⤵
  PID:8092
- C:\Windows\System\emivJiv.exe
  C:\Windows\System\emivJiv.exe
  2⤵
  PID:7496
- C:\Windows\System\YoTFUWc.exe
  C:\Windows\System\YoTFUWc.exe
  2⤵
  PID:1524
- C:\Windows\System\SHphNgH.exe
  C:\Windows\System\SHphNgH.exe
  2⤵
  PID:7864
- C:\Windows\System\PuHnrge.exe
  C:\Windows\System\PuHnrge.exe
  2⤵
  PID:7380
- C:\Windows\System\BcUtpKD.exe
  C:\Windows\System\BcUtpKD.exe
  2⤵
  PID:6204
- C:\Windows\System\hjFSEoy.exe
  C:\Windows\System\hjFSEoy.exe
  2⤵
  PID:928
- C:\Windows\System\uvzNhOv.exe
  C:\Windows\System\uvzNhOv.exe
  2⤵
  PID:8020
- C:\Windows\System\auDzfEe.exe
  C:\Windows\System\auDzfEe.exe
  2⤵
  PID:7008
- C:\Windows\System\KuHRrSP.exe
  C:\Windows\System\KuHRrSP.exe
  2⤵
  PID:7940
- C:\Windows\System\IFARCTR.exe
  C:\Windows\System\IFARCTR.exe
  2⤵
  PID:7432
- C:\Windows\System\zyzUYXV.exe
  C:\Windows\System\zyzUYXV.exe
  2⤵
  PID:2344
- C:\Windows\System\IjrkMQT.exe
  C:\Windows\System\IjrkMQT.exe
  2⤵
  PID:8196
- C:\Windows\System\qvhXRIX.exe
  C:\Windows\System\qvhXRIX.exe
  2⤵
  PID:8212
- C:\Windows\System\wfxMOjP.exe
  C:\Windows\System\wfxMOjP.exe
  2⤵
  PID:8228
- C:\Windows\System\mQacXHR.exe
  C:\Windows\System\mQacXHR.exe
  2⤵
  PID:8244
- C:\Windows\System\dIASKKn.exe
  C:\Windows\System\dIASKKn.exe
  2⤵
  PID:8260
- C:\Windows\System\QHiNhld.exe
  C:\Windows\System\QHiNhld.exe
  2⤵
  PID:8276
- C:\Windows\System\BZQkLEH.exe
  C:\Windows\System\BZQkLEH.exe
  2⤵
  PID:8292
- C:\Windows\System\IjqdPMk.exe
  C:\Windows\System\IjqdPMk.exe
  2⤵
  PID:8308
- C:\Windows\System\YaSrzYp.exe
  C:\Windows\System\YaSrzYp.exe
  2⤵
  PID:8324
- C:\Windows\System\sorjzFP.exe
  C:\Windows\System\sorjzFP.exe
  2⤵
  PID:8340
- C:\Windows\System\BoIxMWh.exe
  C:\Windows\System\BoIxMWh.exe
  2⤵
  PID:8356
- C:\Windows\System\OPysDvx.exe
  C:\Windows\System\OPysDvx.exe
  2⤵
  PID:8372
- C:\Windows\System\EhIQIbn.exe
  C:\Windows\System\EhIQIbn.exe
  2⤵
  PID:8388
- C:\Windows\System\niZFLJb.exe
  C:\Windows\System\niZFLJb.exe
  2⤵
  PID:8404
- C:\Windows\System\MLOKyYM.exe
  C:\Windows\System\MLOKyYM.exe
  2⤵
  PID:8420
- C:\Windows\System\ClizTno.exe
  C:\Windows\System\ClizTno.exe
  2⤵
  PID:8436
- C:\Windows\System\mUbGWlk.exe
  C:\Windows\System\mUbGWlk.exe
  2⤵
  PID:8452
- C:\Windows\System\BIqsZgD.exe
  C:\Windows\System\BIqsZgD.exe
  2⤵
  PID:8468
- C:\Windows\System\XUYpLXz.exe
  C:\Windows\System\XUYpLXz.exe
  2⤵
  PID:8484
- C:\Windows\System\MnmHYYA.exe
  C:\Windows\System\MnmHYYA.exe
  2⤵
  PID:8500
- C:\Windows\System\xZxjgRE.exe
  C:\Windows\System\xZxjgRE.exe
  2⤵
  PID:8516
- C:\Windows\System\alxLZvQ.exe
  C:\Windows\System\alxLZvQ.exe
  2⤵
  PID:8536
- C:\Windows\System\tPXgetn.exe
  C:\Windows\System\tPXgetn.exe
  2⤵
  PID:8552
- C:\Windows\System\XwAdtpa.exe
  C:\Windows\System\XwAdtpa.exe
  2⤵
  PID:8568
- C:\Windows\System\vCqavCK.exe
  C:\Windows\System\vCqavCK.exe
  2⤵
  PID:8584
- C:\Windows\System\ZOTziJz.exe
  C:\Windows\System\ZOTziJz.exe
  2⤵
  PID:8600
- C:\Windows\System\psZWqmp.exe
  C:\Windows\System\psZWqmp.exe
  2⤵
  PID:8616
- C:\Windows\System\bpjIhfu.exe
  C:\Windows\System\bpjIhfu.exe
  2⤵
  PID:8632
- C:\Windows\System\mIdPwtP.exe
  C:\Windows\System\mIdPwtP.exe
  2⤵
  PID:8652
- C:\Windows\System\ORjsViX.exe
  C:\Windows\System\ORjsViX.exe
  2⤵
  PID:8668
- C:\Windows\System\aYejDuh.exe
  C:\Windows\System\aYejDuh.exe
  2⤵
  PID:8684
- C:\Windows\System\zQXSmOS.exe
  C:\Windows\System\zQXSmOS.exe
  2⤵
  PID:8700
- C:\Windows\System\EPJYGGY.exe
  C:\Windows\System\EPJYGGY.exe
  2⤵
  PID:8716
- C:\Windows\System\bEhrEzZ.exe
  C:\Windows\System\bEhrEzZ.exe
  2⤵
  PID:8732
- C:\Windows\System\UMaXodk.exe
  C:\Windows\System\UMaXodk.exe
  2⤵
  PID:8748
- C:\Windows\System\JbtdjXy.exe
  C:\Windows\System\JbtdjXy.exe
  2⤵
  PID:8764
- C:\Windows\System\yVwDchj.exe
  C:\Windows\System\yVwDchj.exe
  2⤵
  PID:8780
- C:\Windows\System\IPvKUCK.exe
  C:\Windows\System\IPvKUCK.exe
  2⤵
  PID:8796
- C:\Windows\System\KVRzlfL.exe
  C:\Windows\System\KVRzlfL.exe
  2⤵
  PID:8812
- C:\Windows\System\pWdLuZx.exe
  C:\Windows\System\pWdLuZx.exe
  2⤵
  PID:8828
- C:\Windows\System\rpUEPJJ.exe
  C:\Windows\System\rpUEPJJ.exe
  2⤵
  PID:8844
- C:\Windows\System\nwCprsA.exe
  C:\Windows\System\nwCprsA.exe
  2⤵
  PID:8860
- C:\Windows\System\VVFVCaG.exe
  C:\Windows\System\VVFVCaG.exe
  2⤵
  PID:8876
- C:\Windows\System\MHKyTEx.exe
  C:\Windows\System\MHKyTEx.exe
  2⤵
  PID:8892
- C:\Windows\System\XAFATKh.exe
  C:\Windows\System\XAFATKh.exe
  2⤵
  PID:8908
- C:\Windows\System\XZreogv.exe
  C:\Windows\System\XZreogv.exe
  2⤵
  PID:8924
- C:\Windows\System\CxQFfwM.exe
  C:\Windows\System\CxQFfwM.exe
  2⤵
  PID:8940
- C:\Windows\System\gpzoffC.exe
  C:\Windows\System\gpzoffC.exe
  2⤵
  PID:8956
- C:\Windows\System\xlyZZxX.exe
  C:\Windows\System\xlyZZxX.exe
  2⤵
  PID:8972
- C:\Windows\System\VAtnkFp.exe
  C:\Windows\System\VAtnkFp.exe
  2⤵
  PID:8988
- C:\Windows\System\UoIUOTk.exe
  C:\Windows\System\UoIUOTk.exe
  2⤵
  PID:9008
- C:\Windows\System\uiPsZLY.exe
  C:\Windows\System\uiPsZLY.exe
  2⤵
  PID:9024
- C:\Windows\System\ZIBTIVC.exe
  C:\Windows\System\ZIBTIVC.exe
  2⤵
  PID:9040
- C:\Windows\System\SlaSsVJ.exe
  C:\Windows\System\SlaSsVJ.exe
  2⤵
  PID:9056
- C:\Windows\System\SrKlfSs.exe
  C:\Windows\System\SrKlfSs.exe
  2⤵
  PID:9072
- C:\Windows\System\fXXTZYD.exe
  C:\Windows\System\fXXTZYD.exe
  2⤵
  PID:9088
- C:\Windows\System\oTBsrSL.exe
  C:\Windows\System\oTBsrSL.exe
  2⤵
  PID:9104
- C:\Windows\System\RRIJpKz.exe
  C:\Windows\System\RRIJpKz.exe
  2⤵
  PID:9120
- C:\Windows\System\IYjOKKc.exe
  C:\Windows\System\IYjOKKc.exe
  2⤵
  PID:9136
- C:\Windows\System\VNaVEme.exe
  C:\Windows\System\VNaVEme.exe
  2⤵
  PID:9152
- C:\Windows\System\dgjdNbc.exe
  C:\Windows\System\dgjdNbc.exe
  2⤵
  PID:9168
- C:\Windows\System\PKZhbId.exe
  C:\Windows\System\PKZhbId.exe
  2⤵
  PID:9184
- C:\Windows\System\jsJPqGx.exe
  C:\Windows\System\jsJPqGx.exe
  2⤵
  PID:9200
- C:\Windows\System\Eqvlwup.exe
  C:\Windows\System\Eqvlwup.exe
  2⤵
  PID:7800
- C:\Windows\System\dGLTQfr.exe
  C:\Windows\System\dGLTQfr.exe
  2⤵
  PID:8220
- C:\Windows\System\yZQvVuQ.exe
  C:\Windows\System\yZQvVuQ.exe
  2⤵
  PID:7880
- C:\Windows\System\TyoUglE.exe
  C:\Windows\System\TyoUglE.exe
  2⤵
  PID:8268
- C:\Windows\System\wxqYaZQ.exe
  C:\Windows\System\wxqYaZQ.exe
  2⤵
  PID:8056
- C:\Windows\System\mMqgzHH.exe
  C:\Windows\System\mMqgzHH.exe
  2⤵
  PID:7976
- C:\Windows\System\FPYnriR.exe
  C:\Windows\System\FPYnriR.exe
  2⤵
  PID:8240
- C:\Windows\System\rhKedSz.exe
  C:\Windows\System\rhKedSz.exe
  2⤵
  PID:8316
- C:\Windows\System\yfaRgNe.exe
  C:\Windows\System\yfaRgNe.exe
  2⤵
  PID:8400
- C:\Windows\System\qREHgOd.exe
  C:\Windows\System\qREHgOd.exe
  2⤵
  PID:8464
- C:\Windows\System\QMRYKMw.exe
  C:\Windows\System\QMRYKMw.exe
  2⤵
  PID:8352
- C:\Windows\System\ueSiDGV.exe
  C:\Windows\System\ueSiDGV.exe
  2⤵
  PID:8412
- C:\Windows\System\NlHmFId.exe
  C:\Windows\System\NlHmFId.exe
  2⤵
  PID:8476
- C:\Windows\System\CutZhcZ.exe
  C:\Windows\System\CutZhcZ.exe
  2⤵
  PID:8532
- C:\Windows\System\KcPQPbz.exe
  C:\Windows\System\KcPQPbz.exe
  2⤵
  PID:8596
- C:\Windows\System\SuRYTTH.exe
  C:\Windows\System\SuRYTTH.exe
  2⤵
  PID:8624
- C:\Windows\System\aEJtBBF.exe
  C:\Windows\System\aEJtBBF.exe
  2⤵
  PID:8608
- C:\Windows\System\WijGvPI.exe
  C:\Windows\System\WijGvPI.exe
  2⤵
  PID:8644
- C:\Windows\System\XZMNInZ.exe
  C:\Windows\System\XZMNInZ.exe
  2⤵
  PID:8676
- C:\Windows\System\qvHGcuW.exe
  C:\Windows\System\qvHGcuW.exe
  2⤵
  PID:8664
- C:\Windows\System\BnvsPOm.exe
  C:\Windows\System\BnvsPOm.exe
  2⤵
  PID:8728
- C:\Windows\System\TwRpbWh.exe
  C:\Windows\System\TwRpbWh.exe
  2⤵
  PID:8792
- C:\Windows\System\qJlCxgf.exe
  C:\Windows\System\qJlCxgf.exe
  2⤵
  PID:8776
- C:\Windows\System\ZZZaAJu.exe
  C:\Windows\System\ZZZaAJu.exe
  2⤵
  PID:8836
- C:\Windows\System\gOCofYM.exe
  C:\Windows\System\gOCofYM.exe
  2⤵
  PID:8820
- C:\Windows\System\WmykmpS.exe
  C:\Windows\System\WmykmpS.exe
  2⤵
  PID:8936
- C:\Windows\System\gbrHaiD.exe
  C:\Windows\System\gbrHaiD.exe
  2⤵
  PID:8920
- C:\Windows\System\jWtgMmm.exe
  C:\Windows\System\jWtgMmm.exe
  2⤵
  PID:9032
- C:\Windows\System\rywmPjk.exe
  C:\Windows\System\rywmPjk.exe
  2⤵
  PID:9096
- C:\Windows\System\VWKSoev.exe
  C:\Windows\System\VWKSoev.exe
  2⤵
  PID:9132
- C:\Windows\System\VwjxPML.exe
  C:\Windows\System\VwjxPML.exe
  2⤵
  PID:9196
- C:\Windows\System\xBDIoTV.exe
  C:\Windows\System\xBDIoTV.exe
  2⤵
  PID:8888
- C:\Windows\System\SkaGxej.exe
  C:\Windows\System\SkaGxej.exe
  2⤵
  PID:8948
- C:\Windows\System\dglCOvN.exe
  C:\Windows\System\dglCOvN.exe
  2⤵
  PID:9048
- C:\Windows\System\QcioNFz.exe
  C:\Windows\System\QcioNFz.exe
  2⤵
  PID:9084
- C:\Windows\System\DpLwXPH.exe
  C:\Windows\System\DpLwXPH.exe
  2⤵
  PID:8252
- C:\Windows\System\UFiJGwR.exe
  C:\Windows\System\UFiJGwR.exe
  2⤵
  PID:8336
- C:\Windows\System\ClhrsUT.exe
  C:\Windows\System\ClhrsUT.exe
  2⤵
  PID:8384
- C:\Windows\System\fterPpu.exe
  C:\Windows\System\fterPpu.exe
  2⤵
  PID:8448
- C:\Windows\System\iwgfhhH.exe
  C:\Windows\System\iwgfhhH.exe
  2⤵
  PID:8496
- C:\Windows\System\zkyzoVh.exe
  C:\Windows\System\zkyzoVh.exe
  2⤵
  PID:8696
- C:\Windows\System\nYdKieI.exe
  C:\Windows\System\nYdKieI.exe
  2⤵
  PID:8648
- C:\Windows\System\mNcVmdh.exe
  C:\Windows\System\mNcVmdh.exe
  2⤵
  PID:8756
- C:\Windows\System\JQKldby.exe
  C:\Windows\System\JQKldby.exe
  2⤵
  PID:8868
- C:\Windows\System\QYhqDxc.exe
  C:\Windows\System\QYhqDxc.exe
  2⤵
  PID:8824
- C:\Windows\System\VTIONaN.exe
  C:\Windows\System\VTIONaN.exe
  2⤵
  PID:8884
- C:\Windows\System\PCLQTNS.exe
  C:\Windows\System\PCLQTNS.exe
  2⤵
  PID:7508
- C:\Windows\System\wueHgZQ.exe
  C:\Windows\System\wueHgZQ.exe
  2⤵
  PID:9080
- C:\Windows\System\MZFJBuM.exe
  C:\Windows\System\MZFJBuM.exe
  2⤵
  PID:9144
- C:\Windows\System\wFTwHPF.exe
  C:\Windows\System\wFTwHPF.exe
  2⤵
  PID:7624
- C:\Windows\System\jgRiBfV.exe
  C:\Windows\System\jgRiBfV.exe
  2⤵
  PID:8300
- C:\Windows\System\lZAtdBZ.exe
  C:\Windows\System\lZAtdBZ.exe
  2⤵
  PID:8156
- C:\Windows\System\TYkpCwm.exe
  C:\Windows\System\TYkpCwm.exe
  2⤵
  PID:8380
- C:\Windows\System\xPscunH.exe
  C:\Windows\System\xPscunH.exe
  2⤵
  PID:8564
- C:\Windows\System\NqqQQBV.exe
  C:\Windows\System\NqqQQBV.exe
  2⤵
  PID:8592
- C:\Windows\System\ApGFEXC.exe
  C:\Windows\System\ApGFEXC.exe
  2⤵
  PID:8932
- C:\Windows\System\gTOLtmT.exe
  C:\Windows\System\gTOLtmT.exe
  2⤵
  PID:8348
- C:\Windows\System\MqLnYxD.exe
  C:\Windows\System\MqLnYxD.exe
  2⤵
  PID:9164
- C:\Windows\System\uzSYhpX.exe
  C:\Windows\System\uzSYhpX.exe
  2⤵
  PID:9000
- C:\Windows\System\IaiXwDF.exe
  C:\Windows\System\IaiXwDF.exe
  2⤵
  PID:9176
- C:\Windows\System\vVxplXU.exe
  C:\Windows\System\vVxplXU.exe
  2⤵
  PID:8396
- C:\Windows\System\MQRBLgR.exe
  C:\Windows\System\MQRBLgR.exe
  2⤵
  PID:8872
- C:\Windows\System\TjPgvXE.exe
  C:\Windows\System\TjPgvXE.exe
  2⤵
  PID:8808
- C:\Windows\System\GnLYztu.exe
  C:\Windows\System\GnLYztu.exe
  2⤵
  PID:8788
- C:\Windows\System\hGVcabm.exe
  C:\Windows\System\hGVcabm.exe
  2⤵
  PID:9052
- C:\Windows\System\aUzCZKG.exe
  C:\Windows\System\aUzCZKG.exe
  2⤵
  PID:8524
- C:\Windows\System\DzOZoro.exe
  C:\Windows\System\DzOZoro.exe
  2⤵
  PID:8724
- C:\Windows\System\CdONcit.exe
  C:\Windows\System\CdONcit.exe
  2⤵
  PID:8044
- C:\Windows\System\atbIhDc.exe
  C:\Windows\System\atbIhDc.exe
  2⤵
  PID:8444
- C:\Windows\System\goWvyHX.exe
  C:\Windows\System\goWvyHX.exe
  2⤵
  PID:9232
- C:\Windows\System\gGzQLIC.exe
  C:\Windows\System\gGzQLIC.exe
  2⤵
  PID:9248
- C:\Windows\System\AvLAUAC.exe
  C:\Windows\System\AvLAUAC.exe
  2⤵
  PID:9264
- C:\Windows\System\VHRKPsk.exe
  C:\Windows\System\VHRKPsk.exe
  2⤵
  PID:9280
- C:\Windows\System\DTmqpIT.exe
  C:\Windows\System\DTmqpIT.exe
  2⤵
  PID:9296
- C:\Windows\System\qNiThvV.exe
  C:\Windows\System\qNiThvV.exe
  2⤵
  PID:9312
- C:\Windows\System\FNVuqRm.exe
  C:\Windows\System\FNVuqRm.exe
  2⤵
  PID:9328
- C:\Windows\System\yKQHvKf.exe
  C:\Windows\System\yKQHvKf.exe
  2⤵
  PID:9344
- C:\Windows\System\RQlIEsm.exe
  C:\Windows\System\RQlIEsm.exe
  2⤵
  PID:9360
- C:\Windows\System\XwRkAMR.exe
  C:\Windows\System\XwRkAMR.exe
  2⤵
  PID:9376
- C:\Windows\System\oUQKeDM.exe
  C:\Windows\System\oUQKeDM.exe
  2⤵
  PID:9392
- C:\Windows\System\gEqYvCy.exe
  C:\Windows\System\gEqYvCy.exe
  2⤵
  PID:9408
- C:\Windows\System\ergJhfi.exe
  C:\Windows\System\ergJhfi.exe
  2⤵
  PID:9424
- C:\Windows\System\poRAjtg.exe
  C:\Windows\System\poRAjtg.exe
  2⤵
  PID:9440
- C:\Windows\System\zLIlYUt.exe
  C:\Windows\System\zLIlYUt.exe
  2⤵
  PID:9456
- C:\Windows\System\eLhpoAF.exe
  C:\Windows\System\eLhpoAF.exe
  2⤵
  PID:9476
- C:\Windows\System\RbzMxJS.exe
  C:\Windows\System\RbzMxJS.exe
  2⤵
  PID:9492
- C:\Windows\System\EQZMeDU.exe
  C:\Windows\System\EQZMeDU.exe
  2⤵
  PID:9508
- C:\Windows\System\guqgfLL.exe
  C:\Windows\System\guqgfLL.exe
  2⤵
  PID:9532
- C:\Windows\System\TVKlIOq.exe
  C:\Windows\System\TVKlIOq.exe
  2⤵
  PID:9548
- C:\Windows\System\LZnymYV.exe
  C:\Windows\System\LZnymYV.exe
  2⤵
  PID:9564
- C:\Windows\System\wxQJdSn.exe
  C:\Windows\System\wxQJdSn.exe
  2⤵
  PID:9580
- C:\Windows\System\lQEcGMc.exe
  C:\Windows\System\lQEcGMc.exe
  2⤵
  PID:9596
- C:\Windows\System\DBlTOwZ.exe
  C:\Windows\System\DBlTOwZ.exe
  2⤵
  PID:9612
- C:\Windows\System\iHxKjDq.exe
  C:\Windows\System\iHxKjDq.exe
  2⤵
  PID:9628
- C:\Windows\System\WJjbzPK.exe
  C:\Windows\System\WJjbzPK.exe
  2⤵
  PID:9648
- C:\Windows\System\nNFlVJA.exe
  C:\Windows\System\nNFlVJA.exe
  2⤵
  PID:9680
- C:\Windows\System\SNUEnYf.exe
  C:\Windows\System\SNUEnYf.exe
  2⤵
  PID:9696
- C:\Windows\System\sORxsQB.exe
  C:\Windows\System\sORxsQB.exe
  2⤵
  PID:9712
- C:\Windows\System\uRsemlG.exe
  C:\Windows\System\uRsemlG.exe
  2⤵
  PID:9728
- C:\Windows\System\XbCiJHH.exe
  C:\Windows\System\XbCiJHH.exe
  2⤵
  PID:9744
- C:\Windows\System\NiSlrMP.exe
  C:\Windows\System\NiSlrMP.exe
  2⤵
  PID:9760
- C:\Windows\System\ulkFrZv.exe
  C:\Windows\System\ulkFrZv.exe
  2⤵
  PID:9776
- C:\Windows\System\XplAoed.exe
  C:\Windows\System\XplAoed.exe
  2⤵
  PID:9792
- C:\Windows\System\lSUfvrY.exe
  C:\Windows\System\lSUfvrY.exe
  2⤵
  PID:9808
- C:\Windows\System\TaaSxLJ.exe
  C:\Windows\System\TaaSxLJ.exe
  2⤵
  PID:9824
- C:\Windows\System\OihnGNK.exe
  C:\Windows\System\OihnGNK.exe
  2⤵
  PID:9840
- C:\Windows\System\OeIrUNv.exe
  C:\Windows\System\OeIrUNv.exe
  2⤵
  PID:9856
- C:\Windows\System\CbkLnPD.exe
  C:\Windows\System\CbkLnPD.exe
  2⤵
  PID:9872
- C:\Windows\System\bsIyMXF.exe
  C:\Windows\System\bsIyMXF.exe
  2⤵
  PID:9888
- C:\Windows\System\BPNWWNR.exe
  C:\Windows\System\BPNWWNR.exe
  2⤵
  PID:9908
- C:\Windows\System\CeTdDov.exe
  C:\Windows\System\CeTdDov.exe
  2⤵
  PID:9924
- C:\Windows\System\xpRNDDn.exe
  C:\Windows\System\xpRNDDn.exe
  2⤵
  PID:9940
- C:\Windows\System\QBAXeMN.exe
  C:\Windows\System\QBAXeMN.exe
  2⤵
  PID:9960
- C:\Windows\System\zjUXWks.exe
  C:\Windows\System\zjUXWks.exe
  2⤵
  PID:9976
- C:\Windows\System\OYOllUS.exe
  C:\Windows\System\OYOllUS.exe
  2⤵
  PID:9992
- C:\Windows\System\GrnFXam.exe
  C:\Windows\System\GrnFXam.exe
  2⤵
  PID:10008
- C:\Windows\System\LoKhHMn.exe
  C:\Windows\System\LoKhHMn.exe
  2⤵
  PID:10024
- C:\Windows\System\uvyyoAk.exe
  C:\Windows\System\uvyyoAk.exe
  2⤵
  PID:10040
- C:\Windows\System\HqmKOVr.exe
  C:\Windows\System\HqmKOVr.exe
  2⤵
  PID:10056
- C:\Windows\System\tBFZpQi.exe
  C:\Windows\System\tBFZpQi.exe
  2⤵
  PID:10072
- C:\Windows\System\TkDZUTP.exe
  C:\Windows\System\TkDZUTP.exe
  2⤵
  PID:10088
- C:\Windows\System\XsFLiVJ.exe
  C:\Windows\System\XsFLiVJ.exe
  2⤵
  PID:10108
- C:\Windows\System\VqLkAuH.exe
  C:\Windows\System\VqLkAuH.exe
  2⤵
  PID:10128
- C:\Windows\System\eMHRtLu.exe
  C:\Windows\System\eMHRtLu.exe
  2⤵
  PID:10144
- C:\Windows\System\kkcIisc.exe
  C:\Windows\System\kkcIisc.exe
  2⤵
  PID:10160
- C:\Windows\System\pomygnL.exe
  C:\Windows\System\pomygnL.exe
  2⤵
  PID:10176
- C:\Windows\System\CQtsCmS.exe
  C:\Windows\System\CQtsCmS.exe
  2⤵
  PID:10192
- C:\Windows\System\UAVFZSO.exe
  C:\Windows\System\UAVFZSO.exe
  2⤵
  PID:10208
- C:\Windows\System\AbCpkOG.exe
  C:\Windows\System\AbCpkOG.exe
  2⤵
  PID:10224
- C:\Windows\System\tMLwveP.exe
  C:\Windows\System\tMLwveP.exe
  2⤵
  PID:1624
- C:\Windows\System\phhIynt.exe
  C:\Windows\System\phhIynt.exe
  2⤵
  PID:8968
- C:\Windows\System\ziKIYur.exe
  C:\Windows\System\ziKIYur.exe
  2⤵
  PID:9256
- C:\Windows\System\XjYESCq.exe
  C:\Windows\System\XjYESCq.exe
  2⤵
  PID:8332
- C:\Windows\System\XpTPVuc.exe
  C:\Windows\System\XpTPVuc.exe
  2⤵
  PID:9240
- C:\Windows\System\DfuRYPO.exe
  C:\Windows\System\DfuRYPO.exe
  2⤵
  PID:9260
- C:\Windows\System\lEZuHKO.exe
  C:\Windows\System\lEZuHKO.exe
  2⤵
  PID:9324
- C:\Windows\System\lcWVCWa.exe
  C:\Windows\System\lcWVCWa.exe
  2⤵
  PID:9400
- C:\Windows\System\soVSsak.exe
  C:\Windows\System\soVSsak.exe
  2⤵
  PID:9388
- C:\Windows\System\cHZUiHm.exe
  C:\Windows\System\cHZUiHm.exe
  2⤵
  PID:9448
- C:\Windows\System\ghzfsim.exe
  C:\Windows\System\ghzfsim.exe
  2⤵
  PID:9484
- C:\Windows\System\DOBNjgf.exe
  C:\Windows\System\DOBNjgf.exe
  2⤵
  PID:9488
- C:\Windows\System\VCbljSw.exe
  C:\Windows\System\VCbljSw.exe
  2⤵
  PID:9544
- C:\Windows\System\wrPvqLl.exe
  C:\Windows\System\wrPvqLl.exe
  2⤵
  PID:9556
- C:\Windows\System\NIzUVrD.exe
  C:\Windows\System\NIzUVrD.exe
  2⤵
  PID:9608
- C:\Windows\System\AkddrZs.exe
  C:\Windows\System\AkddrZs.exe
  2⤵
  PID:9620
- C:\Windows\System\gfiIdzb.exe
  C:\Windows\System\gfiIdzb.exe
  2⤵
  PID:9668
- C:\Windows\System\pOYtUBv.exe
  C:\Windows\System\pOYtUBv.exe
  2⤵
  PID:9880
- C:\Windows\System\dfLRcgU.exe
  C:\Windows\System\dfLRcgU.exe
  2⤵
  PID:9740
- C:\Windows\System\WVrdewT.exe
  C:\Windows\System\WVrdewT.exe
  2⤵
  PID:9832
- C:\Windows\System\NjQVbMo.exe
  C:\Windows\System\NjQVbMo.exe
  2⤵
  PID:9864
- C:\Windows\System\JlNWsdL.exe
  C:\Windows\System\JlNWsdL.exe
  2⤵
  PID:9904
- C:\Windows\System\yikJHMO.exe
  C:\Windows\System\yikJHMO.exe
  2⤵
  PID:9948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AezaALJ.exe

Filesize
6.0MB

MD5
a6e1bae365647192852907c4d53251e0

SHA1
c3400de5cdb427dd109401449ba9e35bbe329bc1

SHA256
165cbb5f5c14bae14d5b34b93f8197a9ac68e7855a9bf559ca69a9e675c40bd9

SHA512
68e32d250c373b50dcd59ba9d937a7e03f46276e822fad3a03d4bcd8380b44956ed37e2d7ce8ffe46ab30ab26e51b1f8c187a86acb4d7fcbf84e5cc409a30b28

Download Submit
C:\Windows\system\BbktQMb.exe

Filesize
6.0MB

MD5
e6147e9b7dc5bb8e903e21bb07b0d011

SHA1
55cc685eda4f000693f28fa02efcc634b2e57be7

SHA256
d0912660637e08b07d4f7d717af8a355a3f8207f8dd79118793b127a9c874e5c

SHA512
c21aad8bc2b11d925752ea926b2213f4287952adfd7de94dd70f8c87ee76357fe49028fad254678abe28f57c21b15febb85d4a6da235f6f36e78a7dbedc7bb63

Download Submit
C:\Windows\system\BdzYECf.exe

Filesize
6.0MB

MD5
cb34df8da34557f3e86edf79c6208f5b

SHA1
0003dc1c77119f8081668cd69291f350b421b205

SHA256
0573c3c4ee675ef21a9ad67959fbe6ea7bd3bef59b3efc1916967c7347b289d8

SHA512
47e5f48c68d87e0f5774e669507d2a7c0fbf460677208c3ad0f459aea7897e7acc314166fccc9f75c8a1e22b38ba9c0be5df4a0d4d50abcfaf8a591d888b1eda

Download Submit
C:\Windows\system\DPXASFS.exe

Filesize
6.0MB

MD5
65da99c2144cdeec458d703c9154cfcf

SHA1
a6deb6a964aeb98aa973b254f9bf0bcb70cf292f

SHA256
631fe8b8b0fb3f5406eb3d0fd1f7ca96f8bf8d17d73d92cf5f2d328f40aa55c1

SHA512
493d4f4d932be213b08030da0b2da3ea5f469f59bb45eafb58ded347e4249787c5ef0f9c0a29c473b2192af3ebabb10253fe036150101e7c60afe2da0fdf9a28

Download Submit
C:\Windows\system\DbzcZUX.exe

Filesize
6.0MB

MD5
393d7b9faec3d2fd89555a5d56c7ca63

SHA1
116e81f1556862b087f6d56b3eefc837dc19f8cb

SHA256
04582308abe5999eb742da64da37937a946fcf87fbc137590575af60e09acfde

SHA512
bbfc191b5b0f7c00cbad705658b8b838d33c1c0da3cb279d7871930c0036acd7c10d98415853ba0ac8fe6cb4a901682e13745c87350d209157160a2dac4dd07f

Download Submit
C:\Windows\system\FDXTRBo.exe

Filesize
6.0MB

MD5
c52bc5f3e386e55d018d07166f960057

SHA1
3946aa2b8dbfe05b123b9f089a20232ae7cf22d2

SHA256
82d35d647d299d6ff816e33137df625eb30d4ea8e636fbb9df02b8fc48ce6269

SHA512
59623f1fd0e581089e8d3a9e4f81f03e61835570ebc13131a701b964a737c4fd4cf5f30092f48200954476e684676d71c118ae22246601ab3d4794329cf8787a

Download Submit
C:\Windows\system\FcRerng.exe

Filesize
6.0MB

MD5
ba0c57448ac61249a0f093858892f31a

SHA1
3878143d6156fc5f2c3ca542dcd38a39d6fba607

SHA256
e0f6927632e502069685faf8ac2d421bc76418b6224b00c6d71376d19d7c34c0

SHA512
341a1f3ddc3a9d4bbef6812c1c098d64f659f02d6fd5a698813bbbc4f2a234983b61863aed91445257ffd257763ad4add742984f690f1f64c834973eaae52fbe

Download Submit
C:\Windows\system\GABvxHq.exe

Filesize
6.0MB

MD5
e104da34cdf6906f96d0a8aa1ca47c93

SHA1
941147515bd05182def7eb90f9841a3f22ecec10

SHA256
ccbcc7f2364c12db33eaa7722b5e0278a7a303a1be7518aefcf61bb4241b87ac

SHA512
62fdfc8030e952c0636a337484e5ea65ce11ff4df6069583167dc438c00be9bd2c635928528cf192ca37134a62369b1e81d03ece1f1d6a1c83dc5a67659ff7fe

Download Submit
C:\Windows\system\HZlUKWF.exe

Filesize
6.0MB

MD5
7c1e399d881c9eec7fa8223b62b17fe9

SHA1
69d5f00b912d02c85666052046d63fefdb32a5c5

SHA256
ab6992fd9b72e5da1de2f311ddf2ab5e3f21232c82cc922dcc74ba4e147e4112

SHA512
ae53931f3595731c70ceb83c27591ca312e511afdf60e4757d2615f4ee04b76eb19f5b48d8e54b523a781bc3a892d8be14e6541c8048fa2de2d2f6f396977eed

Download Submit
C:\Windows\system\KbashQk.exe

Filesize
6.0MB

MD5
937173c2d39c71454ea0dd268535ee25

SHA1
bf2a7b8f69095006d707fa54ab9d91b6047c92db

SHA256
47cf98cd8336afb8fb61a8f9073cf2b0c17bd2244f3b3d9bcc7f39cc50ab3674

SHA512
62c1d9933db328951951f83cf05d5c2c54900fdd3756fbdaf0ee16feb7effe0d6eb4090bc096fa53ef0e0e23b31a340964be17febba2b3d7c09d836dcbb7af6f

Download Submit
C:\Windows\system\MoCijSe.exe

Filesize
6.0MB

MD5
2eae72a59ae2655f48b234757d1948f8

SHA1
663cbeea1ca2fcc390cd9b12b10e2240e21c8975

SHA256
be8b41a76069088663bf54e70d8bb7a0e42cd3c7584b5e853d095dfa54be87c5

SHA512
99d79aa05232ab968a3301eda93286e376e3ac1b2dfb17396de77e55f0fd48d2728f20ef9c253b0b17b11f2e574d697754d2021ab37377dfc1b12f71f47ced60

Download Submit
C:\Windows\system\OGvICSL.exe

Filesize
6.0MB

MD5
a9d69dc139cc313ba6f365797855cdbb

SHA1
a5bce1bdc64e331b2cb3bf54e5690018a2db4275

SHA256
4463e0f716dbf9fa63ecdfd894cdb2f7e56f6887e8479193818d42a7d4723b09

SHA512
20e816e47b5d1fc34592ffc7996c042be51412080222e36bffbd88ebf15aeef19b0ad05b1c311d21b0477d959c9c8d27efb39dd7730037dc5b5bb626542c7dab

Download Submit
C:\Windows\system\QLfDEYn.exe

Filesize
6.0MB

MD5
c348c7b7c480856408f24f11cebe90e6

SHA1
0b8e4a1e86bd10904c3c3ea631b75b5bd6caa23f

SHA256
047f36745e0c3bc8a8ac1919981a64e4718808c5047796fd24c1bdb343592c7d

SHA512
e85d3b6a7e978955ca683baf30b1697bd86b853482dbad2299bbb0837687ddad8af2c17dac79e359f986f68a85daebb99749b2f963e220eabe9f523bc89199a9

Download Submit
C:\Windows\system\SqTyoxp.exe

Filesize
6.0MB

MD5
449925e76d232d76dae3a35e1bd27dac

SHA1
02614d9581ee221e0d63eeec297a835312a650b2

SHA256
f9ff10db57ff48995ce06b278ef29cdbf741a47142f73df89b16803ca0806a15

SHA512
0181f5626c076658538ae4160c58d6b61d112dde3c81ddfb76947db46dce4922face95e7da191e8729570973a34ee1b50b582cffb6fdc0af475e61e54993ec88

Download Submit
C:\Windows\system\TtRuBlR.exe

Filesize
6.0MB

MD5
dc581668374d3c063b01f8e7ff90972c

SHA1
af390ed1519eeca6ad8533248d0149d477ca64dc

SHA256
077ff1386dc4661780918529d8174c4b084ac73dc07850147e91a76b68895f01

SHA512
7aa12e2885933931fe1087cce0b4eb72085bef0b932d89e19974fbd6d393f9b30119984c034ecf0ee055a803479161558ac33602f8e3ae70e255327d2568f2ae

Download Submit
C:\Windows\system\XIvYjAA.exe

Filesize
6.0MB

MD5
c126a86cf431c8a3cb7353428fe00ad7

SHA1
04a7b4e88d0989e82a84dd8a427e9bcbd1bab0b2

SHA256
c6e0b81a29a4ae50184a0ec16d87127e944c97335491bc811a182a3a2375b07d

SHA512
ca4c022fec604a6cc31a7fbcffab832ef2a5e818b8c1497e2482ab7b72c310624096e6e2b01c39be8dc014f979d6ce02486b418bc87474fa4bf67738124cc140

Download Submit
C:\Windows\system\XTzNdzX.exe

Filesize
6.0MB

MD5
a1c708f5ab49a1c645c6261c615016dc

SHA1
ff0bfdbf5c1a60f8a18dc4e6e1bc8ff509608c1b

SHA256
c41c3ad1c79db7d1be248581dbc8417cb62e9303a80d59e89152ad3c4cb845d6

SHA512
27d61340afe17d40ae41d8ba8cf7566b7ca0163b5a7a006d8193110e7ab46a5d2bf7b3b78a6ab1f9961ebb7a74fe466033a163a46f054552d504ace4ec4873c0

Download Submit
C:\Windows\system\ZQfFzFy.exe

Filesize
6.0MB

MD5
5f7ac18dc17d457b3d9291b8e7299397

SHA1
e72352c0e2930f47de13c200aed3a13854e3e592

SHA256
1be50bdfc9c8c6c7adf50ec80307a4797dc56cf750bb438ddd1e5ef614f8cb4c

SHA512
bc312f3fbc44c87148caed15c272c7dc6299b24df30ef479b3c0477f392c6ca6c3d26b8bd6b05b350dc53e4c8a51698e3d28c9af04551e0f1314238fbcd6ac18

Download Submit
C:\Windows\system\atPflsR.exe

Filesize
6.0MB

MD5
0973326a6171912f14139a575eac0c29

SHA1
226f24663a719459e89c3a1f8630040ba5b4f963

SHA256
a87dbb52df673f96b51e0b94d6c5734fb7775f4c974a0d5e1e99f993a12908b7

SHA512
b9d7d8e8296cf17b94f7ccee7f4cd121fdc39cb9284e116eaf785f4f2ff92c335f9f095e808fde9671f60df0b4dbfa65230d6e15efbc98df8b77fc57d9ce81b2

Download Submit
C:\Windows\system\cvnuHNV.exe

Filesize
6.0MB

MD5
223a1e5a306f55973fec0dd972644c8f

SHA1
12e05ffc88a42ca095ee34d39a9db9ff495dfee5

SHA256
8729d470293df07db846cb28b33f1623be00885354e8d6e351d19f60f2dd9263

SHA512
b8c90b70552f2767fc8be0e8affabed17cdb16d6f117a9a53a7471b7cec263b6642c6ef3304489c982673a8202d0634f48cf5604e710c47193c9b0d29f96438b

Download Submit
C:\Windows\system\fINFXMH.exe

Filesize
6.0MB

MD5
3f7dfdc009830f375d9863075d005171

SHA1
ae2e0054c9042af8d8bc286b999490b5f00356f9

SHA256
294afe5c11633ba852c3ca4b6c8a4bd222c1a2a3b83d785374636c052b2af5c0

SHA512
374bac34b94d079694570716d7df1d791aa57e3abf1f1a3fe73c315b48662f1ec887bc8f2d1d2e1f3fb284886c150eb0aa005bf63a7609bead40d5e664a71387

Download Submit
C:\Windows\system\icMDakH.exe

Filesize
6.0MB

MD5
5267725ad46f69f2507b030a6e34b062

SHA1
9cf3e3adc38afe4a9116470e6e3c52e78e5f55f7

SHA256
ddf62a91792ad517ff628f280abd4c82854cf7eb41684f57b49ac02d076c7a91

SHA512
b768417c57f9354522c0c7e3676aadccea4b81b02bfdd5bd03724ba4f0039b0f73dbac52bf922ef430d7a73770316d839a52fdf62c19247801f052b3a89a0fac

Download Submit
C:\Windows\system\kzXSdmh.exe

Filesize
6.0MB

MD5
4fbc87ecf8d4010a23503227553e749d

SHA1
366ca0538f4c6583bf10e42a0be7f2a61d890a53

SHA256
99f5ea6c79dddc46de0cd886480830c869bae2a12b39467669ccbd62cc9f628d

SHA512
aee143f083178ed98c686223463ef482289cf0a41ed6d24c8960740c8f622f5e541ca79fe0845c361c07650072576489ab55de05ccb3be809918c33405aaf67c

Download Submit
C:\Windows\system\nahbDdf.exe

Filesize
6.0MB

MD5
c4c39d84bc7154bb3db190eac35e66f0

SHA1
c8c75a09f27bb97cb74b59b59671f26359f3da96

SHA256
81ad3d7abe1f8c4d21a72bbcfc83c5bdfa39c1090e577d72db73aa45e809c0bb

SHA512
6fe9133c5bd6182fcc89b6ea69f6cefcec226babfea8ccd8e9a45be75c45e907459a3795884a34e6c67446fb7fe1168568856dd83348d20d8f96eecc9c4ac685

Download Submit
C:\Windows\system\netsIgU.exe

Filesize
6.0MB

MD5
a15cc2f76320b039eefa2d0a5fcb5188

SHA1
f862f55e7658903302a788ace30c1868fb2b50af

SHA256
e4e1791c40d8cb21bf1a9e2c5896b48d208d160e42cc6e482bbd7f455d3d4040

SHA512
d37c4e32c978d386dd9b429d65b849b7b7eb68aa1ee1e325470d7656d8bafb6f16d762b91477e2f3bfd5a6683da1f0ad1117d05761a6766cdfb7cf30e537ba20

Download Submit
C:\Windows\system\ojqzYmG.exe

Filesize
6.0MB

MD5
8aa185cd8f94da4ecb3198b22ae2ab11

SHA1
2703bf1bcd4e41d7b3c3ca72d0e2b65647b17b1d

SHA256
add89d7c905e2a7582ef1ba7da33a08ddc903a3ce23ae299b3637ad576b3071c

SHA512
b80af8886b39298e27d8b074fbcacad9ac4280230b963195168fc026232ddb85e3cb75f5f757f5ab39c4015195a9c7b417ea4ddeb4c582fe59cfce3ad6cd7e03

Download Submit
C:\Windows\system\pUHelFF.exe

Filesize
6.0MB

MD5
03e9ab82bf346ff341373bc601cd47cd

SHA1
96c5dc6ac0f2a62c5dde5cae399f8c8643910590

SHA256
2f2770346652542dc69e0b14daa4e2178d9ffb2ca224aedeab2e8a0ba5ab53f2

SHA512
35e5071d3029470ba8d7ab1920414326726cf0b39b6a6157b5053e1d1c0c9686c1d89aaca4d010479e7579ef106caf736e5d155059827028a1a6675a24a27a0a

Download Submit
C:\Windows\system\yBLHcxm.exe

Filesize
6.0MB

MD5
76466cb2a38c0919be66d229236dc0d3

SHA1
24383f0f303c24866dd019a365caa3e3ec4d1dd1

SHA256
85b1fadfde338655662d53064bac96d13d967292a8f0669d79a59d434557dbb2

SHA512
cb85bc2ab9e78159a6f87ed81a1fb93e7a08d834b4687589e7a7b00f7d2a69f3791eaeca2727ffba021d3b994588f3faf83c8f79ab0e82a7398f4f476c1c02d9

Download Submit
\Windows\system\CBPRogN.exe

Filesize
6.0MB

MD5
16b38f57e4075bcb131ca3e49d8aa74c

SHA1
0f6f1b369c6fe5a0ecf2b7da192634c5473806de

SHA256
0e1d1c2ca873e51b83dfd0cad37d160b73ec6a04d0cb73c2c3a2d94343287c41

SHA512
e360967a00c2c4f6ec6ea8f0f29fcc83579fcf8894da820bf9c49c917c3826bc23f9f10cc942731c56db4213e04f67108b7f51fb28f7716641510091022b1080

Download Submit
\Windows\system\QGTZdYl.exe

Filesize
6.0MB

MD5
e51a666a3b77cceb4aee707ded052006

SHA1
13ec86e08a0260d6ddaf42e6ce65699acf843382

SHA256
ce0bfbe309d8f3e7d8175903324b6998213cf31bbbf556cce094c002bc42fa02

SHA512
6dfc999bccf236773c60fc64d0720e3237728d24a03db59d8150b097e68cf2dd21ee0fd5c8717f31c86f770d58c5b5b295048104e45f8c13cd9ef490bf66a871

Download Submit
\Windows\system\uQnWtxu.exe

Filesize
6.0MB

MD5
a109968e071435108962a9bb25a17f40

SHA1
c773edbd35f7b6300e0fbb8b564a4f015d9866fa

SHA256
8b68caff9a7a52e1a70bc58f09b392a98ee17b7609f737d49ef76fb5f2162555

SHA512
a4e5e70a7d6cbdce4b442c50a2cb40d51dab06ea56219856d59dc430b1920ac31439577ceb3553fdc832b4ff6ec9ebe9eecbf94ec833353b6bbbe283f75d85d7

Download Submit
\Windows\system\yKJPFMU.exe

Filesize
6.0MB

MD5
0f482c1f85ac82b14117419781293fea

SHA1
f90c4f44f227a703a4d16f70c1f120985e4c2eab

SHA256
e1607743775cd0722b3ca37440d51c431aa50e5a9c7766f8ff8a6a17b7788cc8

SHA512
994bc87017c712acf268243d87c19dc3fdfc462f605bed2c6f5ab165bea0a37e4ba4e1aa1131cc8ac87dfaf1efc3109826114cec3d17f3155ee711353c49e47f

Download Submit
memory/960-74-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/960-4423-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-4199-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1260-83-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1348-4200-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1348-98-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2140-97-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2140-4237-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2140-57-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2240-4420-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1101-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2240-104-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1230-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-82-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2260-107-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-577-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-102-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2260-34-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2260-99-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1034-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-0-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-91-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2260-41-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2260-28-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-84-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-23-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-483-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2260-16-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2260-64-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2260-20-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-69-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2260-52-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2260-50-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-4230-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2504-87-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2504-690-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4198-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2552-51-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2696-42-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4354-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2696-81-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2704-68-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2704-35-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2748-19-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4419-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-22-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4194-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4172-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-29-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-63-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-21-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4193-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-65-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/3052-103-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/3052-4192-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download