cobaltstrike | 172d613a157ab79a34018c47acad843250bcd0f21af83a599b729c54d03b26ba

Analysis

max time kernel
150s
max time network
130s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f0bc6ebe7e745d63b4bcef19c16af845
SHA1

26a7d0668ed92c3f3b8ba0776ec2de20b2338876
SHA256

172d613a157ab79a34018c47acad843250bcd0f21af83a599b729c54d03b26ba
SHA512

2fd306807b9752388ae8e593ac01b7e14a2f7f0ea255461de7a91d39baffc916cae1eaff2f883eee7d14b29474a5d2437b387ef78cbf48918a5f094581fbaa1b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c23-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-38.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756b-42.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-56.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/files/0x0009000000016c23-8.dat	xmrig
behavioral1/files/0x0007000000016cab-15.dat	xmrig
behavioral1/memory/2368-17-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd8-27.dat	xmrig
behavioral1/files/0x0007000000016ccc-23.dat	xmrig
behavioral1/files/0x0009000000016ce0-32.dat	xmrig
behavioral1/files/0x0008000000016ce9-38.dat	xmrig
behavioral1/files/0x000800000001756b-42.dat	xmrig
behavioral1/files/0x00050000000194a3-52.dat	xmrig
behavioral1/files/0x00050000000194ef-62.dat	xmrig
behavioral1/files/0x000500000001950f-67.dat	xmrig
behavioral1/files/0x0005000000019547-77.dat	xmrig
behavioral1/files/0x00050000000195a7-87.dat	xmrig
behavioral1/files/0x00050000000195a9-93.dat	xmrig
behavioral1/files/0x00050000000195b1-113.dat	xmrig
behavioral1/files/0x00050000000195c6-155.dat	xmrig
behavioral1/files/0x00050000000195c1-138.dat	xmrig
behavioral1/files/0x00050000000195c7-157.dat	xmrig
behavioral1/memory/2600-1787-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-148.dat	xmrig
behavioral1/files/0x000500000001960c-162.dat	xmrig
behavioral1/files/0x00050000000195bb-131.dat	xmrig
behavioral1/files/0x00050000000195b5-130.dat	xmrig
behavioral1/files/0x00050000000195c3-144.dat	xmrig
behavioral1/files/0x00050000000195bd-135.dat	xmrig
behavioral1/files/0x00050000000195b7-125.dat	xmrig
behavioral1/files/0x00050000000195ad-103.dat	xmrig
behavioral1/files/0x00050000000195b3-117.dat	xmrig
behavioral1/files/0x00050000000195af-106.dat	xmrig
behavioral1/files/0x00050000000195ab-97.dat	xmrig
behavioral1/files/0x000500000001957c-82.dat	xmrig
behavioral1/files/0x0005000000019515-72.dat	xmrig
behavioral1/files/0x00050000000194eb-56.dat	xmrig
behavioral1/files/0x0009000000016ace-47.dat	xmrig
behavioral1/memory/1320-1795-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2448-1820-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2600-1829-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1284-1861-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2212-1862-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2092-1865-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2004-1878-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2952-1877-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2788-1870-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2936-1869-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2900-1868-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2812-1867-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2656-1939-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2692-1915-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2368-1910-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2368-4054-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2368-4088-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2368-4108-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2368-4099-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1284	erZwuYV.exe
2600	grgFluY.exe
1320	jiIFcRN.exe
2448	ZJiOaAW.exe
2092	yJOKPPY.exe
2212	NaxhZZG.exe
2900	gfTlMwt.exe
2936	OqwvyTn.exe
2788	bzrLfSZ.exe
2812	yruWrZU.exe
2952	IucxyxH.exe
2692	jjlCiKJ.exe
2004	gnwXpAL.exe
2656	xNmkGIw.exe
2696	PHZBlWu.exe
2616	dMjXQsz.exe
2412	fOgaVsD.exe
2344	cfwyiHq.exe
1352	TUCmAYb.exe
1036	ENsUmXU.exe
788	jfmTgJK.exe
564	ljgFaud.exe
1784	OJYGzqc.exe
1488	xJReDPb.exe
2640	RyhpVDp.exe
1808	vQQVKPK.exe
2752	YNeLkur.exe
3044	zGakWsC.exe
2040	RCNvlVv.exe
2516	uJPeUOO.exe
2748	gSsquUh.exe
2856	JWRUGZG.exe
936	viuEDbe.exe
2360	tYXTxOz.exe
2200	tCjzQBN.exe
3024	csytDCX.exe
2256	nYysCJp.exe
584	FEvqrTm.exe
1496	orYgpcL.exe
1392	RrrgtAx.exe
1788	WLlwGEd.exe
1872	FOEQPHB.exe
1756	pdhxeCc.exe
1692	GpMkAbA.exe
1164	kvxTLSz.exe
1672	iXrgXBO.exe
1504	YuNByqX.exe
268	IFumjYK.exe
760	pLRJyFw.exe
2240	FtxnSYA.exe
2288	cWVsBYL.exe
272	zLjdjlF.exe
276	NYmnTfE.exe
676	evkrsiV.exe
2252	RotnPrK.exe
2476	GjaVJdu.exe
2736	ItUjKZA.exe
1236	qnfIXwD.exe
1564	WXPEiaf.exe
2732	zDPHcNu.exe
1268	KZvXKIK.exe
2464	gSBkaUA.exe
1560	eeDSGfb.exe
2532	SFRESvu.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/files/0x0009000000016c23-8.dat	upx
behavioral1/files/0x0007000000016cab-15.dat	upx
behavioral1/files/0x0007000000016cd8-27.dat	upx
behavioral1/files/0x0007000000016ccc-23.dat	upx
behavioral1/files/0x0009000000016ce0-32.dat	upx
behavioral1/files/0x0008000000016ce9-38.dat	upx
behavioral1/files/0x000800000001756b-42.dat	upx
behavioral1/files/0x00050000000194a3-52.dat	upx
behavioral1/files/0x00050000000194ef-62.dat	upx
behavioral1/files/0x000500000001950f-67.dat	upx
behavioral1/files/0x0005000000019547-77.dat	upx
behavioral1/files/0x00050000000195a7-87.dat	upx
behavioral1/files/0x00050000000195a9-93.dat	upx
behavioral1/files/0x00050000000195b1-113.dat	upx
behavioral1/files/0x00050000000195c6-155.dat	upx
behavioral1/files/0x00050000000195c1-138.dat	upx
behavioral1/files/0x00050000000195c7-157.dat	upx
behavioral1/memory/2600-1787-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-148.dat	upx
behavioral1/files/0x000500000001960c-162.dat	upx
behavioral1/files/0x00050000000195bb-131.dat	upx
behavioral1/files/0x00050000000195b5-130.dat	upx
behavioral1/files/0x00050000000195c3-144.dat	upx
behavioral1/files/0x00050000000195bd-135.dat	upx
behavioral1/files/0x00050000000195b7-125.dat	upx
behavioral1/files/0x00050000000195ad-103.dat	upx
behavioral1/files/0x00050000000195b3-117.dat	upx
behavioral1/files/0x00050000000195af-106.dat	upx
behavioral1/files/0x00050000000195ab-97.dat	upx
behavioral1/files/0x000500000001957c-82.dat	upx
behavioral1/files/0x0005000000019515-72.dat	upx
behavioral1/files/0x00050000000194eb-56.dat	upx
behavioral1/files/0x0009000000016ace-47.dat	upx
behavioral1/memory/1320-1795-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2448-1820-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2600-1829-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1284-1861-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2212-1862-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2092-1865-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2004-1878-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2952-1877-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2788-1870-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2936-1869-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2900-1868-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2812-1867-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2656-1939-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2692-1915-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2368-4054-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iusvXgQ.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uENnOAg.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAENWJO.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSBkaUA.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSlmXWN.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzejpfN.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZSxoKN.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvCiyas.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvngcDk.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyhpVDp.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjNePUY.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRHphCT.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoCfYEu.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqcoVNO.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfqINEe.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsbhmUP.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFYSnLM.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbfKEuT.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESiEFtN.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryAKyOC.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGCfNDx.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJcJuNj.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtsYIUr.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFqFlak.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbQUubP.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDTEzdX.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOKnRDV.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIGHkcS.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qldefRc.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXQwnHo.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfjKHTY.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkptrsn.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkrlWmK.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbuJVsY.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCaIPlR.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ymlrlxz.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taRYGum.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHjEejP.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwVmkMa.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpqTVgI.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpBPhxG.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZYPTtt.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTRgViO.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNhdTtL.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\theUHPB.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IifpHzu.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElVNaiU.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZBnwLV.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXxRpaS.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OelHVQj.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHydlYu.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvXUjcU.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbrAYNe.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBAYnmK.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JehNigc.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVVoxRG.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrxKRIl.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dghxijt.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXRVfqX.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvFykwx.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uowoPGc.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhVUqhb.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiHygOI.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbiUKef.exe	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1284	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1284	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1284	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2600	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2600	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2600	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 1320	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 1320	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 1320	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2448	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2448	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2448	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2092	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2092	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2092	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2212	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2212	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2212	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2900	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2900	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2900	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2936	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2936	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2936	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2812	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2812	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2812	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2952	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2952	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2952	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2692	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2692	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2692	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2004	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2004	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2004	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2656	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2656	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2656	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2696	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2696	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2696	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2616	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2616	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2616	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2412	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2412	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2412	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2344	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2344	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2344	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 1352	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1352	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1352	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1036	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 1036	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 1036	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 788	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 564	2368	2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_f0bc6ebe7e745d63b4bcef19c16af845_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\erZwuYV.exe
  C:\Windows\System\erZwuYV.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\grgFluY.exe
  C:\Windows\System\grgFluY.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\jiIFcRN.exe
  C:\Windows\System\jiIFcRN.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ZJiOaAW.exe
  C:\Windows\System\ZJiOaAW.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\yJOKPPY.exe
  C:\Windows\System\yJOKPPY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NaxhZZG.exe
  C:\Windows\System\NaxhZZG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\gfTlMwt.exe
  C:\Windows\System\gfTlMwt.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\OqwvyTn.exe
  C:\Windows\System\OqwvyTn.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\bzrLfSZ.exe
  C:\Windows\System\bzrLfSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\yruWrZU.exe
  C:\Windows\System\yruWrZU.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\IucxyxH.exe
  C:\Windows\System\IucxyxH.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\jjlCiKJ.exe
  C:\Windows\System\jjlCiKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\gnwXpAL.exe
  C:\Windows\System\gnwXpAL.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\xNmkGIw.exe
  C:\Windows\System\xNmkGIw.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\PHZBlWu.exe
  C:\Windows\System\PHZBlWu.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\dMjXQsz.exe
  C:\Windows\System\dMjXQsz.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\fOgaVsD.exe
  C:\Windows\System\fOgaVsD.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\cfwyiHq.exe
  C:\Windows\System\cfwyiHq.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\TUCmAYb.exe
  C:\Windows\System\TUCmAYb.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ENsUmXU.exe
  C:\Windows\System\ENsUmXU.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\jfmTgJK.exe
  C:\Windows\System\jfmTgJK.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\ljgFaud.exe
  C:\Windows\System\ljgFaud.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\OJYGzqc.exe
  C:\Windows\System\OJYGzqc.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\RyhpVDp.exe
  C:\Windows\System\RyhpVDp.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\xJReDPb.exe
  C:\Windows\System\xJReDPb.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\vQQVKPK.exe
  C:\Windows\System\vQQVKPK.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\YNeLkur.exe
  C:\Windows\System\YNeLkur.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\RCNvlVv.exe
  C:\Windows\System\RCNvlVv.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\zGakWsC.exe
  C:\Windows\System\zGakWsC.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\JWRUGZG.exe
  C:\Windows\System\JWRUGZG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\uJPeUOO.exe
  C:\Windows\System\uJPeUOO.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\tYXTxOz.exe
  C:\Windows\System\tYXTxOz.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\gSsquUh.exe
  C:\Windows\System\gSsquUh.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\csytDCX.exe
  C:\Windows\System\csytDCX.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\viuEDbe.exe
  C:\Windows\System\viuEDbe.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\nYysCJp.exe
  C:\Windows\System\nYysCJp.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\tCjzQBN.exe
  C:\Windows\System\tCjzQBN.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\FEvqrTm.exe
  C:\Windows\System\FEvqrTm.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\orYgpcL.exe
  C:\Windows\System\orYgpcL.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\WLlwGEd.exe
  C:\Windows\System\WLlwGEd.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\RrrgtAx.exe
  C:\Windows\System\RrrgtAx.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\FOEQPHB.exe
  C:\Windows\System\FOEQPHB.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\pdhxeCc.exe
  C:\Windows\System\pdhxeCc.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\kvxTLSz.exe
  C:\Windows\System\kvxTLSz.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\GpMkAbA.exe
  C:\Windows\System\GpMkAbA.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\iXrgXBO.exe
  C:\Windows\System\iXrgXBO.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\YuNByqX.exe
  C:\Windows\System\YuNByqX.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\IFumjYK.exe
  C:\Windows\System\IFumjYK.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\pLRJyFw.exe
  C:\Windows\System\pLRJyFw.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\FtxnSYA.exe
  C:\Windows\System\FtxnSYA.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\cWVsBYL.exe
  C:\Windows\System\cWVsBYL.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\zLjdjlF.exe
  C:\Windows\System\zLjdjlF.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\NYmnTfE.exe
  C:\Windows\System\NYmnTfE.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\evkrsiV.exe
  C:\Windows\System\evkrsiV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\RotnPrK.exe
  C:\Windows\System\RotnPrK.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\GjaVJdu.exe
  C:\Windows\System\GjaVJdu.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ItUjKZA.exe
  C:\Windows\System\ItUjKZA.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\qnfIXwD.exe
  C:\Windows\System\qnfIXwD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\WXPEiaf.exe
  C:\Windows\System\WXPEiaf.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\zDPHcNu.exe
  C:\Windows\System\zDPHcNu.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\KZvXKIK.exe
  C:\Windows\System\KZvXKIK.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\eeDSGfb.exe
  C:\Windows\System\eeDSGfb.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\gSBkaUA.exe
  C:\Windows\System\gSBkaUA.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\SFRESvu.exe
  C:\Windows\System\SFRESvu.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\IJRDpjD.exe
  C:\Windows\System\IJRDpjD.exe
  2⤵
  PID:2796
- C:\Windows\System\UvFykwx.exe
  C:\Windows\System\UvFykwx.exe
  2⤵
  PID:2776
- C:\Windows\System\xxmpJQJ.exe
  C:\Windows\System\xxmpJQJ.exe
  2⤵
  PID:2768
- C:\Windows\System\PwHFIkD.exe
  C:\Windows\System\PwHFIkD.exe
  2⤵
  PID:2800
- C:\Windows\System\HxixXsw.exe
  C:\Windows\System\HxixXsw.exe
  2⤵
  PID:2816
- C:\Windows\System\oOTunhQ.exe
  C:\Windows\System\oOTunhQ.exe
  2⤵
  PID:2820
- C:\Windows\System\gvBmAiz.exe
  C:\Windows\System\gvBmAiz.exe
  2⤵
  PID:2636
- C:\Windows\System\mkptrsn.exe
  C:\Windows\System\mkptrsn.exe
  2⤵
  PID:2832
- C:\Windows\System\aBWlveh.exe
  C:\Windows\System\aBWlveh.exe
  2⤵
  PID:624
- C:\Windows\System\nRpcsPy.exe
  C:\Windows\System\nRpcsPy.exe
  2⤵
  PID:2560
- C:\Windows\System\ESatRVB.exe
  C:\Windows\System\ESatRVB.exe
  2⤵
  PID:1656
- C:\Windows\System\HAspmIu.exe
  C:\Windows\System\HAspmIu.exe
  2⤵
  PID:1992
- C:\Windows\System\zfnSGAJ.exe
  C:\Windows\System\zfnSGAJ.exe
  2⤵
  PID:3052
- C:\Windows\System\fDTEzdX.exe
  C:\Windows\System\fDTEzdX.exe
  2⤵
  PID:1780
- C:\Windows\System\SEovcgI.exe
  C:\Windows\System\SEovcgI.exe
  2⤵
  PID:3048
- C:\Windows\System\OpJXhQs.exe
  C:\Windows\System\OpJXhQs.exe
  2⤵
  PID:2852
- C:\Windows\System\Qympkjw.exe
  C:\Windows\System\Qympkjw.exe
  2⤵
  PID:2184
- C:\Windows\System\vAQpWcb.exe
  C:\Windows\System\vAQpWcb.exe
  2⤵
  PID:916
- C:\Windows\System\bxNCHUE.exe
  C:\Windows\System\bxNCHUE.exe
  2⤵
  PID:1816
- C:\Windows\System\nYZeClK.exe
  C:\Windows\System\nYZeClK.exe
  2⤵
  PID:1004
- C:\Windows\System\AqZcHju.exe
  C:\Windows\System\AqZcHju.exe
  2⤵
  PID:2624
- C:\Windows\System\blwmHSW.exe
  C:\Windows\System\blwmHSW.exe
  2⤵
  PID:2008
- C:\Windows\System\msxcvBe.exe
  C:\Windows\System\msxcvBe.exe
  2⤵
  PID:2428
- C:\Windows\System\aIBWOYJ.exe
  C:\Windows\System\aIBWOYJ.exe
  2⤵
  PID:2140
- C:\Windows\System\cZYJIBf.exe
  C:\Windows\System\cZYJIBf.exe
  2⤵
  PID:680
- C:\Windows\System\kwYSHuE.exe
  C:\Windows\System\kwYSHuE.exe
  2⤵
  PID:1144
- C:\Windows\System\VuTDwVG.exe
  C:\Windows\System\VuTDwVG.exe
  2⤵
  PID:2116
- C:\Windows\System\pJHLfoo.exe
  C:\Windows\System\pJHLfoo.exe
  2⤵
  PID:2712
- C:\Windows\System\KyltYrE.exe
  C:\Windows\System\KyltYrE.exe
  2⤵
  PID:2504
- C:\Windows\System\YOWewLV.exe
  C:\Windows\System\YOWewLV.exe
  2⤵
  PID:2036
- C:\Windows\System\MLFdysf.exe
  C:\Windows\System\MLFdysf.exe
  2⤵
  PID:1568
- C:\Windows\System\skwZldG.exe
  C:\Windows\System\skwZldG.exe
  2⤵
  PID:1936
- C:\Windows\System\nWPTbWH.exe
  C:\Windows\System\nWPTbWH.exe
  2⤵
  PID:2272
- C:\Windows\System\yqvVlfd.exe
  C:\Windows\System\yqvVlfd.exe
  2⤵
  PID:1572
- C:\Windows\System\SDwjKCb.exe
  C:\Windows\System\SDwjKCb.exe
  2⤵
  PID:2564
- C:\Windows\System\RRaqujy.exe
  C:\Windows\System\RRaqujy.exe
  2⤵
  PID:2972
- C:\Windows\System\LGKApDp.exe
  C:\Windows\System\LGKApDp.exe
  2⤵
  PID:2728
- C:\Windows\System\QNtduOI.exe
  C:\Windows\System\QNtduOI.exe
  2⤵
  PID:2652
- C:\Windows\System\qDCJMCH.exe
  C:\Windows\System\qDCJMCH.exe
  2⤵
  PID:2804
- C:\Windows\System\wPZthxa.exe
  C:\Windows\System\wPZthxa.exe
  2⤵
  PID:1388
- C:\Windows\System\uMQXAFk.exe
  C:\Windows\System\uMQXAFk.exe
  2⤵
  PID:1256
- C:\Windows\System\FAyfoPa.exe
  C:\Windows\System\FAyfoPa.exe
  2⤵
  PID:932
- C:\Windows\System\NqJCqsN.exe
  C:\Windows\System\NqJCqsN.exe
  2⤵
  PID:2860
- C:\Windows\System\HwVmkMa.exe
  C:\Windows\System\HwVmkMa.exe
  2⤵
  PID:1708
- C:\Windows\System\qIsuEfM.exe
  C:\Windows\System\qIsuEfM.exe
  2⤵
  PID:772
- C:\Windows\System\vcKooOj.exe
  C:\Windows\System\vcKooOj.exe
  2⤵
  PID:3008
- C:\Windows\System\jZwSSLd.exe
  C:\Windows\System\jZwSSLd.exe
  2⤵
  PID:1748
- C:\Windows\System\sCbXsON.exe
  C:\Windows\System\sCbXsON.exe
  2⤵
  PID:2544
- C:\Windows\System\bhKFLvF.exe
  C:\Windows\System\bhKFLvF.exe
  2⤵
  PID:648
- C:\Windows\System\rgSSQoq.exe
  C:\Windows\System\rgSSQoq.exe
  2⤵
  PID:1888
- C:\Windows\System\SWdrHIi.exe
  C:\Windows\System\SWdrHIi.exe
  2⤵
  PID:2228
- C:\Windows\System\DPwYFKc.exe
  C:\Windows\System\DPwYFKc.exe
  2⤵
  PID:1852
- C:\Windows\System\iTzpYLj.exe
  C:\Windows\System\iTzpYLj.exe
  2⤵
  PID:1680
- C:\Windows\System\BScCDYT.exe
  C:\Windows\System\BScCDYT.exe
  2⤵
  PID:2940
- C:\Windows\System\IifpHzu.exe
  C:\Windows\System\IifpHzu.exe
  2⤵
  PID:1980
- C:\Windows\System\FjWsxhz.exe
  C:\Windows\System\FjWsxhz.exe
  2⤵
  PID:2892
- C:\Windows\System\KpZmnoT.exe
  C:\Windows\System\KpZmnoT.exe
  2⤵
  PID:1008
- C:\Windows\System\ILxmuAI.exe
  C:\Windows\System\ILxmuAI.exe
  2⤵
  PID:2868
- C:\Windows\System\TRLgLAN.exe
  C:\Windows\System\TRLgLAN.exe
  2⤵
  PID:2480
- C:\Windows\System\WmePOgl.exe
  C:\Windows\System\WmePOgl.exe
  2⤵
  PID:2836
- C:\Windows\System\LMWvHOF.exe
  C:\Windows\System\LMWvHOF.exe
  2⤵
  PID:264
- C:\Windows\System\LChPLtJ.exe
  C:\Windows\System\LChPLtJ.exe
  2⤵
  PID:2680
- C:\Windows\System\zCrpSoZ.exe
  C:\Windows\System\zCrpSoZ.exe
  2⤵
  PID:3084
- C:\Windows\System\FqQPzvk.exe
  C:\Windows\System\FqQPzvk.exe
  2⤵
  PID:3100
- C:\Windows\System\oPTxwfJ.exe
  C:\Windows\System\oPTxwfJ.exe
  2⤵
  PID:3120
- C:\Windows\System\vZjZJNU.exe
  C:\Windows\System\vZjZJNU.exe
  2⤵
  PID:3148
- C:\Windows\System\qFYSnLM.exe
  C:\Windows\System\qFYSnLM.exe
  2⤵
  PID:3164
- C:\Windows\System\yCDNWSs.exe
  C:\Windows\System\yCDNWSs.exe
  2⤵
  PID:3184
- C:\Windows\System\BdrXFUw.exe
  C:\Windows\System\BdrXFUw.exe
  2⤵
  PID:3200
- C:\Windows\System\kdIgnaO.exe
  C:\Windows\System\kdIgnaO.exe
  2⤵
  PID:3220
- C:\Windows\System\CnMjbdZ.exe
  C:\Windows\System\CnMjbdZ.exe
  2⤵
  PID:3236
- C:\Windows\System\HXCMVRq.exe
  C:\Windows\System\HXCMVRq.exe
  2⤵
  PID:3252
- C:\Windows\System\ihcEWse.exe
  C:\Windows\System\ihcEWse.exe
  2⤵
  PID:3292
- C:\Windows\System\PwNkOhR.exe
  C:\Windows\System\PwNkOhR.exe
  2⤵
  PID:3308
- C:\Windows\System\cIEjNoi.exe
  C:\Windows\System\cIEjNoi.exe
  2⤵
  PID:3328
- C:\Windows\System\kUOknzD.exe
  C:\Windows\System\kUOknzD.exe
  2⤵
  PID:3344
- C:\Windows\System\BkTLFzF.exe
  C:\Windows\System\BkTLFzF.exe
  2⤵
  PID:3360
- C:\Windows\System\jzDJULT.exe
  C:\Windows\System\jzDJULT.exe
  2⤵
  PID:3376
- C:\Windows\System\WYOmKfW.exe
  C:\Windows\System\WYOmKfW.exe
  2⤵
  PID:3412
- C:\Windows\System\qMYBsIj.exe
  C:\Windows\System\qMYBsIj.exe
  2⤵
  PID:3432
- C:\Windows\System\zKqnXMa.exe
  C:\Windows\System\zKqnXMa.exe
  2⤵
  PID:3452
- C:\Windows\System\rNgmHbq.exe
  C:\Windows\System\rNgmHbq.exe
  2⤵
  PID:3472
- C:\Windows\System\WEsALjt.exe
  C:\Windows\System\WEsALjt.exe
  2⤵
  PID:3488
- C:\Windows\System\UFuIuFx.exe
  C:\Windows\System\UFuIuFx.exe
  2⤵
  PID:3508
- C:\Windows\System\QuwQgxk.exe
  C:\Windows\System\QuwQgxk.exe
  2⤵
  PID:3524
- C:\Windows\System\rVkYcEr.exe
  C:\Windows\System\rVkYcEr.exe
  2⤵
  PID:3544
- C:\Windows\System\MqNfHtw.exe
  C:\Windows\System\MqNfHtw.exe
  2⤵
  PID:3564
- C:\Windows\System\uXlgQEw.exe
  C:\Windows\System\uXlgQEw.exe
  2⤵
  PID:3580
- C:\Windows\System\VgyZgQM.exe
  C:\Windows\System\VgyZgQM.exe
  2⤵
  PID:3604
- C:\Windows\System\ZgMyGPl.exe
  C:\Windows\System\ZgMyGPl.exe
  2⤵
  PID:3628
- C:\Windows\System\pVKEyRL.exe
  C:\Windows\System\pVKEyRL.exe
  2⤵
  PID:3652
- C:\Windows\System\awYHUgx.exe
  C:\Windows\System\awYHUgx.exe
  2⤵
  PID:3672
- C:\Windows\System\JTPlHpY.exe
  C:\Windows\System\JTPlHpY.exe
  2⤵
  PID:3688
- C:\Windows\System\IqZfZal.exe
  C:\Windows\System\IqZfZal.exe
  2⤵
  PID:3712
- C:\Windows\System\oVGswPp.exe
  C:\Windows\System\oVGswPp.exe
  2⤵
  PID:3732
- C:\Windows\System\sRlJHiA.exe
  C:\Windows\System\sRlJHiA.exe
  2⤵
  PID:3748
- C:\Windows\System\PtsDQgG.exe
  C:\Windows\System\PtsDQgG.exe
  2⤵
  PID:3768
- C:\Windows\System\zGFuVEC.exe
  C:\Windows\System\zGFuVEC.exe
  2⤵
  PID:3788
- C:\Windows\System\eanvXFz.exe
  C:\Windows\System\eanvXFz.exe
  2⤵
  PID:3808
- C:\Windows\System\dgGsOfs.exe
  C:\Windows\System\dgGsOfs.exe
  2⤵
  PID:3824
- C:\Windows\System\QftCPFE.exe
  C:\Windows\System\QftCPFE.exe
  2⤵
  PID:3844
- C:\Windows\System\dSVBUtv.exe
  C:\Windows\System\dSVBUtv.exe
  2⤵
  PID:3872
- C:\Windows\System\XmrKTJk.exe
  C:\Windows\System\XmrKTJk.exe
  2⤵
  PID:3888
- C:\Windows\System\uUXYWVz.exe
  C:\Windows\System\uUXYWVz.exe
  2⤵
  PID:3908
- C:\Windows\System\tvXJkEv.exe
  C:\Windows\System\tvXJkEv.exe
  2⤵
  PID:3928
- C:\Windows\System\lIQMXux.exe
  C:\Windows\System\lIQMXux.exe
  2⤵
  PID:3948
- C:\Windows\System\doNRzNN.exe
  C:\Windows\System\doNRzNN.exe
  2⤵
  PID:3968
- C:\Windows\System\frMxAAV.exe
  C:\Windows\System\frMxAAV.exe
  2⤵
  PID:3992
- C:\Windows\System\TLYGiyK.exe
  C:\Windows\System\TLYGiyK.exe
  2⤵
  PID:4008
- C:\Windows\System\qEPpkpd.exe
  C:\Windows\System\qEPpkpd.exe
  2⤵
  PID:4028
- C:\Windows\System\MzFTGYQ.exe
  C:\Windows\System\MzFTGYQ.exe
  2⤵
  PID:4052
- C:\Windows\System\pRJeEDM.exe
  C:\Windows\System\pRJeEDM.exe
  2⤵
  PID:4068
- C:\Windows\System\rxeWoyP.exe
  C:\Windows\System\rxeWoyP.exe
  2⤵
  PID:4088
- C:\Windows\System\kQbWIju.exe
  C:\Windows\System\kQbWIju.exe
  2⤵
  PID:2932
- C:\Windows\System\nzAwKjI.exe
  C:\Windows\System\nzAwKjI.exe
  2⤵
  PID:2088
- C:\Windows\System\hWIkXtW.exe
  C:\Windows\System\hWIkXtW.exe
  2⤵
  PID:1996
- C:\Windows\System\WcohJSR.exe
  C:\Windows\System\WcohJSR.exe
  2⤵
  PID:2064
- C:\Windows\System\horyVYh.exe
  C:\Windows\System\horyVYh.exe
  2⤵
  PID:3092
- C:\Windows\System\dgcgnLO.exe
  C:\Windows\System\dgcgnLO.exe
  2⤵
  PID:3060
- C:\Windows\System\yVXRjMn.exe
  C:\Windows\System\yVXRjMn.exe
  2⤵
  PID:1032
- C:\Windows\System\JXcZnXG.exe
  C:\Windows\System\JXcZnXG.exe
  2⤵
  PID:832
- C:\Windows\System\UkjyqHU.exe
  C:\Windows\System\UkjyqHU.exe
  2⤵
  PID:2384
- C:\Windows\System\PVErNAJ.exe
  C:\Windows\System\PVErNAJ.exe
  2⤵
  PID:3076
- C:\Windows\System\GMtTPhp.exe
  C:\Windows\System\GMtTPhp.exe
  2⤵
  PID:3140
- C:\Windows\System\rflipwP.exe
  C:\Windows\System\rflipwP.exe
  2⤵
  PID:3180
- C:\Windows\System\upGBtln.exe
  C:\Windows\System\upGBtln.exe
  2⤵
  PID:3112
- C:\Windows\System\nOvCamr.exe
  C:\Windows\System\nOvCamr.exe
  2⤵
  PID:3212
- C:\Windows\System\MUzbOqZ.exe
  C:\Windows\System\MUzbOqZ.exe
  2⤵
  PID:3232
- C:\Windows\System\JATcasg.exe
  C:\Windows\System\JATcasg.exe
  2⤵
  PID:3276
- C:\Windows\System\KXpmoAi.exe
  C:\Windows\System\KXpmoAi.exe
  2⤵
  PID:3304
- C:\Windows\System\EaXqGIV.exe
  C:\Windows\System\EaXqGIV.exe
  2⤵
  PID:3372
- C:\Windows\System\fzeVcAu.exe
  C:\Windows\System\fzeVcAu.exe
  2⤵
  PID:3324
- C:\Windows\System\ObtCUae.exe
  C:\Windows\System\ObtCUae.exe
  2⤵
  PID:3392
- C:\Windows\System\mnDZEMR.exe
  C:\Windows\System\mnDZEMR.exe
  2⤵
  PID:3468
- C:\Windows\System\ByrMuEE.exe
  C:\Windows\System\ByrMuEE.exe
  2⤵
  PID:3532
- C:\Windows\System\rvsuBdg.exe
  C:\Windows\System\rvsuBdg.exe
  2⤵
  PID:3440
- C:\Windows\System\rwRyBLb.exe
  C:\Windows\System\rwRyBLb.exe
  2⤵
  PID:3576
- C:\Windows\System\DYmyxuA.exe
  C:\Windows\System\DYmyxuA.exe
  2⤵
  PID:3620
- C:\Windows\System\PrTbDmh.exe
  C:\Windows\System\PrTbDmh.exe
  2⤵
  PID:3520
- C:\Windows\System\bvSPSzl.exe
  C:\Windows\System\bvSPSzl.exe
  2⤵
  PID:3660
- C:\Windows\System\HuLbueZ.exe
  C:\Windows\System\HuLbueZ.exe
  2⤵
  PID:3648
- C:\Windows\System\kvZFweH.exe
  C:\Windows\System\kvZFweH.exe
  2⤵
  PID:3704
- C:\Windows\System\TYrBbWW.exe
  C:\Windows\System\TYrBbWW.exe
  2⤵
  PID:3684
- C:\Windows\System\mnMmcWw.exe
  C:\Windows\System\mnMmcWw.exe
  2⤵
  PID:3784
- C:\Windows\System\goqChhg.exe
  C:\Windows\System\goqChhg.exe
  2⤵
  PID:3852
- C:\Windows\System\msiaWib.exe
  C:\Windows\System\msiaWib.exe
  2⤵
  PID:3860
- C:\Windows\System\dvZQJGQ.exe
  C:\Windows\System\dvZQJGQ.exe
  2⤵
  PID:3836
- C:\Windows\System\qydmJiY.exe
  C:\Windows\System\qydmJiY.exe
  2⤵
  PID:3884
- C:\Windows\System\cKPFXJt.exe
  C:\Windows\System\cKPFXJt.exe
  2⤵
  PID:3940
- C:\Windows\System\UFWhcqW.exe
  C:\Windows\System\UFWhcqW.exe
  2⤵
  PID:3980
- C:\Windows\System\YIDNTuT.exe
  C:\Windows\System\YIDNTuT.exe
  2⤵
  PID:3920
- C:\Windows\System\qrywsaR.exe
  C:\Windows\System\qrywsaR.exe
  2⤵
  PID:4064
- C:\Windows\System\rKaUQRl.exe
  C:\Windows\System\rKaUQRl.exe
  2⤵
  PID:4040
- C:\Windows\System\iusvXgQ.exe
  C:\Windows\System\iusvXgQ.exe
  2⤵
  PID:2112
- C:\Windows\System\SFBsJHD.exe
  C:\Windows\System\SFBsJHD.exe
  2⤵
  PID:4080
- C:\Windows\System\uWQIFhr.exe
  C:\Windows\System\uWQIFhr.exe
  2⤵
  PID:1520
- C:\Windows\System\vZzHYuL.exe
  C:\Windows\System\vZzHYuL.exe
  2⤵
  PID:2224
- C:\Windows\System\RcnEKuG.exe
  C:\Windows\System\RcnEKuG.exe
  2⤵
  PID:1584
- C:\Windows\System\dzhTGrT.exe
  C:\Windows\System\dzhTGrT.exe
  2⤵
  PID:1824
- C:\Windows\System\XkDHHyo.exe
  C:\Windows\System\XkDHHyo.exe
  2⤵
  PID:1624
- C:\Windows\System\tPsQwId.exe
  C:\Windows\System\tPsQwId.exe
  2⤵
  PID:3132
- C:\Windows\System\wzrDqHZ.exe
  C:\Windows\System\wzrDqHZ.exe
  2⤵
  PID:3176
- C:\Windows\System\wxmOBiW.exe
  C:\Windows\System\wxmOBiW.exe
  2⤵
  PID:3284
- C:\Windows\System\LPYytAi.exe
  C:\Windows\System\LPYytAi.exe
  2⤵
  PID:3300
- C:\Windows\System\xttjPFi.exe
  C:\Windows\System\xttjPFi.exe
  2⤵
  PID:3428
- C:\Windows\System\YZvRuSa.exe
  C:\Windows\System\YZvRuSa.exe
  2⤵
  PID:3352
- C:\Windows\System\htHwKiZ.exe
  C:\Windows\System\htHwKiZ.exe
  2⤵
  PID:3536
- C:\Windows\System\AnNRBBN.exe
  C:\Windows\System\AnNRBBN.exe
  2⤵
  PID:3612
- C:\Windows\System\lyVgfnD.exe
  C:\Windows\System\lyVgfnD.exe
  2⤵
  PID:3596
- C:\Windows\System\YpjLfFP.exe
  C:\Windows\System\YpjLfFP.exe
  2⤵
  PID:3552
- C:\Windows\System\IjmSatQ.exe
  C:\Windows\System\IjmSatQ.exe
  2⤵
  PID:3644
- C:\Windows\System\IeVYjIq.exe
  C:\Windows\System\IeVYjIq.exe
  2⤵
  PID:3724
- C:\Windows\System\PUNEpUq.exe
  C:\Windows\System\PUNEpUq.exe
  2⤵
  PID:3904
- C:\Windows\System\STLJgMk.exe
  C:\Windows\System\STLJgMk.exe
  2⤵
  PID:3900
- C:\Windows\System\vYpwpSP.exe
  C:\Windows\System\vYpwpSP.exe
  2⤵
  PID:3800
- C:\Windows\System\kxrMxgM.exe
  C:\Windows\System\kxrMxgM.exe
  2⤵
  PID:3944
- C:\Windows\System\dZxLEOa.exe
  C:\Windows\System\dZxLEOa.exe
  2⤵
  PID:4000
- C:\Windows\System\wBFdKxB.exe
  C:\Windows\System\wBFdKxB.exe
  2⤵
  PID:2180
- C:\Windows\System\UBNjzJU.exe
  C:\Windows\System\UBNjzJU.exe
  2⤵
  PID:2388
- C:\Windows\System\wZSkFwS.exe
  C:\Windows\System\wZSkFwS.exe
  2⤵
  PID:1640
- C:\Windows\System\NVGnhQN.exe
  C:\Windows\System\NVGnhQN.exe
  2⤵
  PID:888
- C:\Windows\System\zdkWoNj.exe
  C:\Windows\System\zdkWoNj.exe
  2⤵
  PID:2128
- C:\Windows\System\vZMCbZg.exe
  C:\Windows\System\vZMCbZg.exe
  2⤵
  PID:3192
- C:\Windows\System\gcYpCOd.exe
  C:\Windows\System\gcYpCOd.exe
  2⤵
  PID:3216
- C:\Windows\System\aRFFvYi.exe
  C:\Windows\System\aRFFvYi.exe
  2⤵
  PID:3420
- C:\Windows\System\RCWFHSa.exe
  C:\Windows\System\RCWFHSa.exe
  2⤵
  PID:3556
- C:\Windows\System\fBhQSsQ.exe
  C:\Windows\System\fBhQSsQ.exe
  2⤵
  PID:3540
- C:\Windows\System\EmSUnmd.exe
  C:\Windows\System\EmSUnmd.exe
  2⤵
  PID:3448
- C:\Windows\System\TIRbddv.exe
  C:\Windows\System\TIRbddv.exe
  2⤵
  PID:3668
- C:\Windows\System\qbFKiCi.exe
  C:\Windows\System\qbFKiCi.exe
  2⤵
  PID:3820
- C:\Windows\System\xQtPxoO.exe
  C:\Windows\System\xQtPxoO.exe
  2⤵
  PID:4104
- C:\Windows\System\vXjaGsx.exe
  C:\Windows\System\vXjaGsx.exe
  2⤵
  PID:4124
- C:\Windows\System\cbmrknI.exe
  C:\Windows\System\cbmrknI.exe
  2⤵
  PID:4144
- C:\Windows\System\ljgVsXm.exe
  C:\Windows\System\ljgVsXm.exe
  2⤵
  PID:4164
- C:\Windows\System\MMLYTdF.exe
  C:\Windows\System\MMLYTdF.exe
  2⤵
  PID:4184
- C:\Windows\System\FHPBpgd.exe
  C:\Windows\System\FHPBpgd.exe
  2⤵
  PID:4204
- C:\Windows\System\uqroNwz.exe
  C:\Windows\System\uqroNwz.exe
  2⤵
  PID:4224
- C:\Windows\System\NwxXgrt.exe
  C:\Windows\System\NwxXgrt.exe
  2⤵
  PID:4252
- C:\Windows\System\ergZQRz.exe
  C:\Windows\System\ergZQRz.exe
  2⤵
  PID:4272
- C:\Windows\System\iAfaeEY.exe
  C:\Windows\System\iAfaeEY.exe
  2⤵
  PID:4296
- C:\Windows\System\rOUlgYl.exe
  C:\Windows\System\rOUlgYl.exe
  2⤵
  PID:4316
- C:\Windows\System\aSTOSTl.exe
  C:\Windows\System\aSTOSTl.exe
  2⤵
  PID:4332
- C:\Windows\System\mWWZXsr.exe
  C:\Windows\System\mWWZXsr.exe
  2⤵
  PID:4360
- C:\Windows\System\ftFDyoX.exe
  C:\Windows\System\ftFDyoX.exe
  2⤵
  PID:4380
- C:\Windows\System\JhIAYzO.exe
  C:\Windows\System\JhIAYzO.exe
  2⤵
  PID:4400
- C:\Windows\System\rOuGwmk.exe
  C:\Windows\System\rOuGwmk.exe
  2⤵
  PID:4420
- C:\Windows\System\DqmkMLN.exe
  C:\Windows\System\DqmkMLN.exe
  2⤵
  PID:4440
- C:\Windows\System\erEYCQo.exe
  C:\Windows\System\erEYCQo.exe
  2⤵
  PID:4460
- C:\Windows\System\mOTBTgH.exe
  C:\Windows\System\mOTBTgH.exe
  2⤵
  PID:4480
- C:\Windows\System\QosDPkT.exe
  C:\Windows\System\QosDPkT.exe
  2⤵
  PID:4508
- C:\Windows\System\YgBqZLB.exe
  C:\Windows\System\YgBqZLB.exe
  2⤵
  PID:4528
- C:\Windows\System\GynUNwg.exe
  C:\Windows\System\GynUNwg.exe
  2⤵
  PID:4548
- C:\Windows\System\vUMMjNl.exe
  C:\Windows\System\vUMMjNl.exe
  2⤵
  PID:4568
- C:\Windows\System\bMWLAKd.exe
  C:\Windows\System\bMWLAKd.exe
  2⤵
  PID:4596
- C:\Windows\System\xsXDuUn.exe
  C:\Windows\System\xsXDuUn.exe
  2⤵
  PID:4616
- C:\Windows\System\NUkTqQF.exe
  C:\Windows\System\NUkTqQF.exe
  2⤵
  PID:4636
- C:\Windows\System\brdYomc.exe
  C:\Windows\System\brdYomc.exe
  2⤵
  PID:4660
- C:\Windows\System\KVujasy.exe
  C:\Windows\System\KVujasy.exe
  2⤵
  PID:4676
- C:\Windows\System\NusKmMO.exe
  C:\Windows\System\NusKmMO.exe
  2⤵
  PID:4700
- C:\Windows\System\aHCoNMy.exe
  C:\Windows\System\aHCoNMy.exe
  2⤵
  PID:4716
- C:\Windows\System\cxzXnLo.exe
  C:\Windows\System\cxzXnLo.exe
  2⤵
  PID:4740
- C:\Windows\System\lKUOPcf.exe
  C:\Windows\System\lKUOPcf.exe
  2⤵
  PID:4756
- C:\Windows\System\UPnCjgO.exe
  C:\Windows\System\UPnCjgO.exe
  2⤵
  PID:4780
- C:\Windows\System\lkBLwij.exe
  C:\Windows\System\lkBLwij.exe
  2⤵
  PID:4804
- C:\Windows\System\JImVgpd.exe
  C:\Windows\System\JImVgpd.exe
  2⤵
  PID:4824
- C:\Windows\System\tBOVRCr.exe
  C:\Windows\System\tBOVRCr.exe
  2⤵
  PID:4844
- C:\Windows\System\PGqTNaf.exe
  C:\Windows\System\PGqTNaf.exe
  2⤵
  PID:4864
- C:\Windows\System\mwwMwrp.exe
  C:\Windows\System\mwwMwrp.exe
  2⤵
  PID:4884
- C:\Windows\System\RweeBIO.exe
  C:\Windows\System\RweeBIO.exe
  2⤵
  PID:4904
- C:\Windows\System\QYkJIAe.exe
  C:\Windows\System\QYkJIAe.exe
  2⤵
  PID:4920
- C:\Windows\System\NmtFcvn.exe
  C:\Windows\System\NmtFcvn.exe
  2⤵
  PID:4944
- C:\Windows\System\FqsUFgf.exe
  C:\Windows\System\FqsUFgf.exe
  2⤵
  PID:4964
- C:\Windows\System\sgyeJAX.exe
  C:\Windows\System\sgyeJAX.exe
  2⤵
  PID:4988
- C:\Windows\System\bHGktjr.exe
  C:\Windows\System\bHGktjr.exe
  2⤵
  PID:5008
- C:\Windows\System\zPwNSkF.exe
  C:\Windows\System\zPwNSkF.exe
  2⤵
  PID:5028
- C:\Windows\System\IopHbya.exe
  C:\Windows\System\IopHbya.exe
  2⤵
  PID:5048
- C:\Windows\System\ehmJudt.exe
  C:\Windows\System\ehmJudt.exe
  2⤵
  PID:5068
- C:\Windows\System\UmlCvhX.exe
  C:\Windows\System\UmlCvhX.exe
  2⤵
  PID:5092
- C:\Windows\System\PwvtEek.exe
  C:\Windows\System\PwvtEek.exe
  2⤵
  PID:5112
- C:\Windows\System\ciRfUHA.exe
  C:\Windows\System\ciRfUHA.exe
  2⤵
  PID:3988
- C:\Windows\System\gkuQIrt.exe
  C:\Windows\System\gkuQIrt.exe
  2⤵
  PID:4044
- C:\Windows\System\FUrRhSq.exe
  C:\Windows\System\FUrRhSq.exe
  2⤵
  PID:800
- C:\Windows\System\UIKVJCD.exe
  C:\Windows\System\UIKVJCD.exe
  2⤵
  PID:2276
- C:\Windows\System\sOXJGwW.exe
  C:\Windows\System\sOXJGwW.exe
  2⤵
  PID:3264
- C:\Windows\System\hYdAahY.exe
  C:\Windows\System\hYdAahY.exe
  2⤵
  PID:3156
- C:\Windows\System\PewOpvq.exe
  C:\Windows\System\PewOpvq.exe
  2⤵
  PID:3572
- C:\Windows\System\XFykCAu.exe
  C:\Windows\System\XFykCAu.exe
  2⤵
  PID:3356
- C:\Windows\System\pcyqKgG.exe
  C:\Windows\System\pcyqKgG.exe
  2⤵
  PID:3708
- C:\Windows\System\hKppHWi.exe
  C:\Windows\System\hKppHWi.exe
  2⤵
  PID:4100
- C:\Windows\System\JZKSXDf.exe
  C:\Windows\System\JZKSXDf.exe
  2⤵
  PID:4120
- C:\Windows\System\nfHPUbG.exe
  C:\Windows\System\nfHPUbG.exe
  2⤵
  PID:4176
- C:\Windows\System\cKmUfVq.exe
  C:\Windows\System\cKmUfVq.exe
  2⤵
  PID:4220
- C:\Windows\System\PSCmqsS.exe
  C:\Windows\System\PSCmqsS.exe
  2⤵
  PID:4260
- C:\Windows\System\UczUmoR.exe
  C:\Windows\System\UczUmoR.exe
  2⤵
  PID:4280
- C:\Windows\System\NyWEswh.exe
  C:\Windows\System\NyWEswh.exe
  2⤵
  PID:4340
- C:\Windows\System\xbgoEVr.exe
  C:\Windows\System\xbgoEVr.exe
  2⤵
  PID:4344
- C:\Windows\System\VeQOquU.exe
  C:\Windows\System\VeQOquU.exe
  2⤵
  PID:4392
- C:\Windows\System\HTzCuiJ.exe
  C:\Windows\System\HTzCuiJ.exe
  2⤵
  PID:4408
- C:\Windows\System\xQjMuZz.exe
  C:\Windows\System\xQjMuZz.exe
  2⤵
  PID:4456
- C:\Windows\System\aizZuxc.exe
  C:\Windows\System\aizZuxc.exe
  2⤵
  PID:4472
- C:\Windows\System\StmIvxm.exe
  C:\Windows\System\StmIvxm.exe
  2⤵
  PID:4492
- C:\Windows\System\qNVpoDl.exe
  C:\Windows\System\qNVpoDl.exe
  2⤵
  PID:4540
- C:\Windows\System\dcMvWsv.exe
  C:\Windows\System\dcMvWsv.exe
  2⤵
  PID:4580
- C:\Windows\System\ZWuoJrj.exe
  C:\Windows\System\ZWuoJrj.exe
  2⤵
  PID:4684
- C:\Windows\System\EgiMiRA.exe
  C:\Windows\System\EgiMiRA.exe
  2⤵
  PID:4696
- C:\Windows\System\pAYYtCx.exe
  C:\Windows\System\pAYYtCx.exe
  2⤵
  PID:4724
- C:\Windows\System\hPKiAVc.exe
  C:\Windows\System\hPKiAVc.exe
  2⤵
  PID:4764
- C:\Windows\System\BKymBiT.exe
  C:\Windows\System\BKymBiT.exe
  2⤵
  PID:4748
- C:\Windows\System\GxGPgcD.exe
  C:\Windows\System\GxGPgcD.exe
  2⤵
  PID:4796
- C:\Windows\System\vsyabwK.exe
  C:\Windows\System\vsyabwK.exe
  2⤵
  PID:4840
- C:\Windows\System\IIUndRa.exe
  C:\Windows\System\IIUndRa.exe
  2⤵
  PID:4892
- C:\Windows\System\ylhRmVX.exe
  C:\Windows\System\ylhRmVX.exe
  2⤵
  PID:4940
- C:\Windows\System\OmUQdPj.exe
  C:\Windows\System\OmUQdPj.exe
  2⤵
  PID:4976
- C:\Windows\System\epqvBgC.exe
  C:\Windows\System\epqvBgC.exe
  2⤵
  PID:5016
- C:\Windows\System\WxrHmUh.exe
  C:\Windows\System\WxrHmUh.exe
  2⤵
  PID:5000
- C:\Windows\System\XdnOYPk.exe
  C:\Windows\System\XdnOYPk.exe
  2⤵
  PID:5040
- C:\Windows\System\qkteRYT.exe
  C:\Windows\System\qkteRYT.exe
  2⤵
  PID:4004
- C:\Windows\System\buFBQec.exe
  C:\Windows\System\buFBQec.exe
  2⤵
  PID:4020
- C:\Windows\System\ogzidsT.exe
  C:\Windows\System\ogzidsT.exe
  2⤵
  PID:3924
- C:\Windows\System\IWmXepr.exe
  C:\Windows\System\IWmXepr.exe
  2⤵
  PID:2764
- C:\Windows\System\kIXrfNW.exe
  C:\Windows\System\kIXrfNW.exe
  2⤵
  PID:3172
- C:\Windows\System\SpMlGze.exe
  C:\Windows\System\SpMlGze.exe
  2⤵
  PID:1876
- C:\Windows\System\FssWlwf.exe
  C:\Windows\System\FssWlwf.exe
  2⤵
  PID:3744
- C:\Windows\System\NnjQpnR.exe
  C:\Windows\System\NnjQpnR.exe
  2⤵
  PID:3616
- C:\Windows\System\KtgNfmZ.exe
  C:\Windows\System\KtgNfmZ.exe
  2⤵
  PID:4232
- C:\Windows\System\JTfMzmh.exe
  C:\Windows\System\JTfMzmh.exe
  2⤵
  PID:4196
- C:\Windows\System\kqXlgTu.exe
  C:\Windows\System\kqXlgTu.exe
  2⤵
  PID:4264
- C:\Windows\System\wRghLxY.exe
  C:\Windows\System\wRghLxY.exe
  2⤵
  PID:4368
- C:\Windows\System\fpgezjm.exe
  C:\Windows\System\fpgezjm.exe
  2⤵
  PID:4416
- C:\Windows\System\pNWpiTT.exe
  C:\Windows\System\pNWpiTT.exe
  2⤵
  PID:4496
- C:\Windows\System\BwCqber.exe
  C:\Windows\System\BwCqber.exe
  2⤵
  PID:4604
- C:\Windows\System\HJrSfaV.exe
  C:\Windows\System\HJrSfaV.exe
  2⤵
  PID:4560
- C:\Windows\System\RJnXkHV.exe
  C:\Windows\System\RJnXkHV.exe
  2⤵
  PID:4652
- C:\Windows\System\WKUhmvj.exe
  C:\Windows\System\WKUhmvj.exe
  2⤵
  PID:4712
- C:\Windows\System\GqKnOOp.exe
  C:\Windows\System\GqKnOOp.exe
  2⤵
  PID:4812
- C:\Windows\System\ibjFHdn.exe
  C:\Windows\System\ibjFHdn.exe
  2⤵
  PID:4876
- C:\Windows\System\PhZlwSQ.exe
  C:\Windows\System\PhZlwSQ.exe
  2⤵
  PID:4896
- C:\Windows\System\WaefNUK.exe
  C:\Windows\System\WaefNUK.exe
  2⤵
  PID:4912
- C:\Windows\System\BhSTIGx.exe
  C:\Windows\System\BhSTIGx.exe
  2⤵
  PID:4960
- C:\Windows\System\kBsnyok.exe
  C:\Windows\System\kBsnyok.exe
  2⤵
  PID:5036
- C:\Windows\System\dEkohVj.exe
  C:\Windows\System\dEkohVj.exe
  2⤵
  PID:1252
- C:\Windows\System\XbmTjnf.exe
  C:\Windows\System\XbmTjnf.exe
  2⤵
  PID:4024
- C:\Windows\System\RLIjLaE.exe
  C:\Windows\System\RLIjLaE.exe
  2⤵
  PID:3136
- C:\Windows\System\jIhRQFW.exe
  C:\Windows\System\jIhRQFW.exe
  2⤵
  PID:3404
- C:\Windows\System\xLipbRB.exe
  C:\Windows\System\xLipbRB.exe
  2⤵
  PID:4172
- C:\Windows\System\FLCMSXv.exe
  C:\Windows\System\FLCMSXv.exe
  2⤵
  PID:4240
- C:\Windows\System\MMQcpKU.exe
  C:\Windows\System\MMQcpKU.exe
  2⤵
  PID:4432
- C:\Windows\System\XLjBiyX.exe
  C:\Windows\System\XLjBiyX.exe
  2⤵
  PID:4476
- C:\Windows\System\QsUihJh.exe
  C:\Windows\System\QsUihJh.exe
  2⤵
  PID:4624
- C:\Windows\System\wySqvjK.exe
  C:\Windows\System\wySqvjK.exe
  2⤵
  PID:4628
- C:\Windows\System\dpqTVgI.exe
  C:\Windows\System\dpqTVgI.exe
  2⤵
  PID:1800
- C:\Windows\System\OpxChJW.exe
  C:\Windows\System\OpxChJW.exe
  2⤵
  PID:4192
- C:\Windows\System\VRMECxI.exe
  C:\Windows\System\VRMECxI.exe
  2⤵
  PID:5020
- C:\Windows\System\lqGlYEn.exe
  C:\Windows\System\lqGlYEn.exe
  2⤵
  PID:4984
- C:\Windows\System\qFJIvFL.exe
  C:\Windows\System\qFJIvFL.exe
  2⤵
  PID:5104
- C:\Windows\System\FyANfpw.exe
  C:\Windows\System\FyANfpw.exe
  2⤵
  PID:3764
- C:\Windows\System\aNrrWHk.exe
  C:\Windows\System\aNrrWHk.exe
  2⤵
  PID:2304
- C:\Windows\System\sJbuGvu.exe
  C:\Windows\System\sJbuGvu.exe
  2⤵
  PID:5128
- C:\Windows\System\KXmtCRJ.exe
  C:\Windows\System\KXmtCRJ.exe
  2⤵
  PID:5148
- C:\Windows\System\AECbsFo.exe
  C:\Windows\System\AECbsFo.exe
  2⤵
  PID:5168
- C:\Windows\System\jMFlnXl.exe
  C:\Windows\System\jMFlnXl.exe
  2⤵
  PID:5192
- C:\Windows\System\FJvNNfT.exe
  C:\Windows\System\FJvNNfT.exe
  2⤵
  PID:5212
- C:\Windows\System\lkoCXoQ.exe
  C:\Windows\System\lkoCXoQ.exe
  2⤵
  PID:5232
- C:\Windows\System\PptOvWA.exe
  C:\Windows\System\PptOvWA.exe
  2⤵
  PID:5256
- C:\Windows\System\ePxmnxt.exe
  C:\Windows\System\ePxmnxt.exe
  2⤵
  PID:5276
- C:\Windows\System\ZclDXBq.exe
  C:\Windows\System\ZclDXBq.exe
  2⤵
  PID:5296
- C:\Windows\System\hImsAPg.exe
  C:\Windows\System\hImsAPg.exe
  2⤵
  PID:5316
- C:\Windows\System\wxBNKQg.exe
  C:\Windows\System\wxBNKQg.exe
  2⤵
  PID:5336
- C:\Windows\System\OkTysXb.exe
  C:\Windows\System\OkTysXb.exe
  2⤵
  PID:5356
- C:\Windows\System\bgDNhAH.exe
  C:\Windows\System\bgDNhAH.exe
  2⤵
  PID:5376
- C:\Windows\System\TFfkzsn.exe
  C:\Windows\System\TFfkzsn.exe
  2⤵
  PID:5396
- C:\Windows\System\FDWicxq.exe
  C:\Windows\System\FDWicxq.exe
  2⤵
  PID:5416
- C:\Windows\System\XzsVOQW.exe
  C:\Windows\System\XzsVOQW.exe
  2⤵
  PID:5436
- C:\Windows\System\SlQfuqU.exe
  C:\Windows\System\SlQfuqU.exe
  2⤵
  PID:5456
- C:\Windows\System\KsgnKEP.exe
  C:\Windows\System\KsgnKEP.exe
  2⤵
  PID:5472
- C:\Windows\System\Qbfwjdl.exe
  C:\Windows\System\Qbfwjdl.exe
  2⤵
  PID:5496
- C:\Windows\System\cmzzCUz.exe
  C:\Windows\System\cmzzCUz.exe
  2⤵
  PID:5520
- C:\Windows\System\wrBxRBE.exe
  C:\Windows\System\wrBxRBE.exe
  2⤵
  PID:5540
- C:\Windows\System\UkZdpEQ.exe
  C:\Windows\System\UkZdpEQ.exe
  2⤵
  PID:5560
- C:\Windows\System\qbuZCba.exe
  C:\Windows\System\qbuZCba.exe
  2⤵
  PID:5580
- C:\Windows\System\NUOGdqL.exe
  C:\Windows\System\NUOGdqL.exe
  2⤵
  PID:5600
- C:\Windows\System\tQfnzcg.exe
  C:\Windows\System\tQfnzcg.exe
  2⤵
  PID:5620
- C:\Windows\System\JTVIoAw.exe
  C:\Windows\System\JTVIoAw.exe
  2⤵
  PID:5640
- C:\Windows\System\PWxebJI.exe
  C:\Windows\System\PWxebJI.exe
  2⤵
  PID:5664
- C:\Windows\System\zPvDGUq.exe
  C:\Windows\System\zPvDGUq.exe
  2⤵
  PID:5684
- C:\Windows\System\piyFUFN.exe
  C:\Windows\System\piyFUFN.exe
  2⤵
  PID:5700
- C:\Windows\System\grdIdML.exe
  C:\Windows\System\grdIdML.exe
  2⤵
  PID:5724
- C:\Windows\System\ZfTJBQd.exe
  C:\Windows\System\ZfTJBQd.exe
  2⤵
  PID:5744
- C:\Windows\System\fnutNNH.exe
  C:\Windows\System\fnutNNH.exe
  2⤵
  PID:5764
- C:\Windows\System\AaFObWv.exe
  C:\Windows\System\AaFObWv.exe
  2⤵
  PID:5784
- C:\Windows\System\OVaxgya.exe
  C:\Windows\System\OVaxgya.exe
  2⤵
  PID:5804
- C:\Windows\System\tScpAiJ.exe
  C:\Windows\System\tScpAiJ.exe
  2⤵
  PID:5828
- C:\Windows\System\dgrjuGn.exe
  C:\Windows\System\dgrjuGn.exe
  2⤵
  PID:5844
- C:\Windows\System\YBzzUkm.exe
  C:\Windows\System\YBzzUkm.exe
  2⤵
  PID:5868
- C:\Windows\System\jrcHaVN.exe
  C:\Windows\System\jrcHaVN.exe
  2⤵
  PID:5888
- C:\Windows\System\KpRFtih.exe
  C:\Windows\System\KpRFtih.exe
  2⤵
  PID:5908
- C:\Windows\System\pOdqBFe.exe
  C:\Windows\System\pOdqBFe.exe
  2⤵
  PID:5924
- C:\Windows\System\OLHtDzE.exe
  C:\Windows\System\OLHtDzE.exe
  2⤵
  PID:5948
- C:\Windows\System\xauMMys.exe
  C:\Windows\System\xauMMys.exe
  2⤵
  PID:5968
- C:\Windows\System\HRowvmu.exe
  C:\Windows\System\HRowvmu.exe
  2⤵
  PID:5988
- C:\Windows\System\lxLUthu.exe
  C:\Windows\System\lxLUthu.exe
  2⤵
  PID:6008
- C:\Windows\System\BWXBaEc.exe
  C:\Windows\System\BWXBaEc.exe
  2⤵
  PID:6028
- C:\Windows\System\LDBWEXj.exe
  C:\Windows\System\LDBWEXj.exe
  2⤵
  PID:6048
- C:\Windows\System\nZhbcsq.exe
  C:\Windows\System\nZhbcsq.exe
  2⤵
  PID:6072
- C:\Windows\System\ssXMJQg.exe
  C:\Windows\System\ssXMJQg.exe
  2⤵
  PID:6092
- C:\Windows\System\UcdIqKM.exe
  C:\Windows\System\UcdIqKM.exe
  2⤵
  PID:6112
- C:\Windows\System\IFAwdgC.exe
  C:\Windows\System\IFAwdgC.exe
  2⤵
  PID:6132
- C:\Windows\System\OnIZeXP.exe
  C:\Windows\System\OnIZeXP.exe
  2⤵
  PID:3592
- C:\Windows\System\LsYKyYB.exe
  C:\Windows\System\LsYKyYB.exe
  2⤵
  PID:4524
- C:\Windows\System\YgBZlel.exe
  C:\Windows\System\YgBZlel.exe
  2⤵
  PID:4612
- C:\Windows\System\gSmCTyg.exe
  C:\Windows\System\gSmCTyg.exe
  2⤵
  PID:4788
- C:\Windows\System\LyVRXFI.exe
  C:\Windows\System\LyVRXFI.exe
  2⤵
  PID:4708
- C:\Windows\System\atoXZBt.exe
  C:\Windows\System\atoXZBt.exe
  2⤵
  PID:5004
- C:\Windows\System\HAYiobz.exe
  C:\Windows\System\HAYiobz.exe
  2⤵
  PID:2744
- C:\Windows\System\QrymvRP.exe
  C:\Windows\System\QrymvRP.exe
  2⤵
  PID:5136
- C:\Windows\System\PnQgpgV.exe
  C:\Windows\System\PnQgpgV.exe
  2⤵
  PID:5144
- C:\Windows\System\vwiwJqV.exe
  C:\Windows\System\vwiwJqV.exe
  2⤵
  PID:5184
- C:\Windows\System\ArLSWwl.exe
  C:\Windows\System\ArLSWwl.exe
  2⤵
  PID:5204
- C:\Windows\System\xdkvMCm.exe
  C:\Windows\System\xdkvMCm.exe
  2⤵
  PID:5248
- C:\Windows\System\wVZVfKG.exe
  C:\Windows\System\wVZVfKG.exe
  2⤵
  PID:5312
- C:\Windows\System\NSkCqaE.exe
  C:\Windows\System\NSkCqaE.exe
  2⤵
  PID:5332
- C:\Windows\System\FYzAyHO.exe
  C:\Windows\System\FYzAyHO.exe
  2⤵
  PID:5364
- C:\Windows\System\JPQrNvd.exe
  C:\Windows\System\JPQrNvd.exe
  2⤵
  PID:5388
- C:\Windows\System\xToImQP.exe
  C:\Windows\System\xToImQP.exe
  2⤵
  PID:5408
- C:\Windows\System\jtsYIUr.exe
  C:\Windows\System\jtsYIUr.exe
  2⤵
  PID:236
- C:\Windows\System\bUUTGzk.exe
  C:\Windows\System\bUUTGzk.exe
  2⤵
  PID:5504
- C:\Windows\System\sSVeVPQ.exe
  C:\Windows\System\sSVeVPQ.exe
  2⤵
  PID:5488
- C:\Windows\System\PCaOXlU.exe
  C:\Windows\System\PCaOXlU.exe
  2⤵
  PID:5556
- C:\Windows\System\ihdnpNd.exe
  C:\Windows\System\ihdnpNd.exe
  2⤵
  PID:5588
- C:\Windows\System\hnOZeEs.exe
  C:\Windows\System\hnOZeEs.exe
  2⤵
  PID:5628
- C:\Windows\System\Twnuqjh.exe
  C:\Windows\System\Twnuqjh.exe
  2⤵
  PID:5672
- C:\Windows\System\upePglE.exe
  C:\Windows\System\upePglE.exe
  2⤵
  PID:5708
- C:\Windows\System\TgSdePn.exe
  C:\Windows\System\TgSdePn.exe
  2⤵
  PID:5712
- C:\Windows\System\GVyvvuY.exe
  C:\Windows\System\GVyvvuY.exe
  2⤵
  PID:5736
- C:\Windows\System\NEERbHJ.exe
  C:\Windows\System\NEERbHJ.exe
  2⤵
  PID:5800
- C:\Windows\System\GDdlepL.exe
  C:\Windows\System\GDdlepL.exe
  2⤵
  PID:5836
- C:\Windows\System\MNTphHk.exe
  C:\Windows\System\MNTphHk.exe
  2⤵
  PID:5852
- C:\Windows\System\pNZYteP.exe
  C:\Windows\System\pNZYteP.exe
  2⤵
  PID:5880
- C:\Windows\System\vgjmCRd.exe
  C:\Windows\System\vgjmCRd.exe
  2⤵
  PID:5900
- C:\Windows\System\nLtRucl.exe
  C:\Windows\System\nLtRucl.exe
  2⤵
  PID:5964
- C:\Windows\System\vRhajOP.exe
  C:\Windows\System\vRhajOP.exe
  2⤵
  PID:5984
- C:\Windows\System\JehNigc.exe
  C:\Windows\System\JehNigc.exe
  2⤵
  PID:6044
- C:\Windows\System\ZkHieHJ.exe
  C:\Windows\System\ZkHieHJ.exe
  2⤵
  PID:6024
- C:\Windows\System\XQgrIsL.exe
  C:\Windows\System\XQgrIsL.exe
  2⤵
  PID:6056
- C:\Windows\System\jdVriPn.exe
  C:\Windows\System\jdVriPn.exe
  2⤵
  PID:6108
- C:\Windows\System\dAsSWDZ.exe
  C:\Windows\System\dAsSWDZ.exe
  2⤵
  PID:4372
- C:\Windows\System\TdVraye.exe
  C:\Windows\System\TdVraye.exe
  2⤵
  PID:4564
- C:\Windows\System\RLFHiZY.exe
  C:\Windows\System\RLFHiZY.exe
  2⤵
  PID:1796
- C:\Windows\System\MmiHllK.exe
  C:\Windows\System\MmiHllK.exe
  2⤵
  PID:4200
- C:\Windows\System\QctLPTP.exe
  C:\Windows\System\QctLPTP.exe
  2⤵
  PID:5176
- C:\Windows\System\TMjYnLd.exe
  C:\Windows\System\TMjYnLd.exe
  2⤵
  PID:5240
- C:\Windows\System\zJtaQFO.exe
  C:\Windows\System\zJtaQFO.exe
  2⤵
  PID:5288
- C:\Windows\System\XOIPFOd.exe
  C:\Windows\System\XOIPFOd.exe
  2⤵
  PID:5268
- C:\Windows\System\Mthwbju.exe
  C:\Windows\System\Mthwbju.exe
  2⤵
  PID:5368
- C:\Windows\System\eOwQkLb.exe
  C:\Windows\System\eOwQkLb.exe
  2⤵
  PID:2396
- C:\Windows\System\fZcwenP.exe
  C:\Windows\System\fZcwenP.exe
  2⤵
  PID:5468
- C:\Windows\System\GbyglyZ.exe
  C:\Windows\System\GbyglyZ.exe
  2⤵
  PID:5516
- C:\Windows\System\wOngUUU.exe
  C:\Windows\System\wOngUUU.exe
  2⤵
  PID:5536
- C:\Windows\System\QclCXbS.exe
  C:\Windows\System\QclCXbS.exe
  2⤵
  PID:5632
- C:\Windows\System\qwRPzwW.exe
  C:\Windows\System\qwRPzwW.exe
  2⤵
  PID:5484
- C:\Windows\System\IJjgIOm.exe
  C:\Windows\System\IJjgIOm.exe
  2⤵
  PID:5772
- C:\Windows\System\rvclMEu.exe
  C:\Windows\System\rvclMEu.exe
  2⤵
  PID:5780
- C:\Windows\System\GBgapLg.exe
  C:\Windows\System\GBgapLg.exe
  2⤵
  PID:5876
- C:\Windows\System\XkQCQCT.exe
  C:\Windows\System\XkQCQCT.exe
  2⤵
  PID:5864
- C:\Windows\System\YJIDHFs.exe
  C:\Windows\System\YJIDHFs.exe
  2⤵
  PID:5936
- C:\Windows\System\TAIQJzI.exe
  C:\Windows\System\TAIQJzI.exe
  2⤵
  PID:5944
- C:\Windows\System\UTZcNII.exe
  C:\Windows\System\UTZcNII.exe
  2⤵
  PID:6016
- C:\Windows\System\DgNuCFp.exe
  C:\Windows\System\DgNuCFp.exe
  2⤵
  PID:6100
- C:\Windows\System\jdirPXP.exe
  C:\Windows\System\jdirPXP.exe
  2⤵
  PID:4352
- C:\Windows\System\WwABcah.exe
  C:\Windows\System\WwABcah.exe
  2⤵
  PID:5080
- C:\Windows\System\VCGuTLQ.exe
  C:\Windows\System\VCGuTLQ.exe
  2⤵
  PID:5160
- C:\Windows\System\IHhbCgG.exe
  C:\Windows\System\IHhbCgG.exe
  2⤵
  PID:4956
- C:\Windows\System\rpBPhxG.exe
  C:\Windows\System\rpBPhxG.exe
  2⤵
  PID:5292
- C:\Windows\System\kSFIFNf.exe
  C:\Windows\System\kSFIFNf.exe
  2⤵
  PID:5428
- C:\Windows\System\zMxOmAz.exe
  C:\Windows\System\zMxOmAz.exe
  2⤵
  PID:5452
- C:\Windows\System\Eximaxq.exe
  C:\Windows\System\Eximaxq.exe
  2⤵
  PID:5252
- C:\Windows\System\YSMKrzg.exe
  C:\Windows\System\YSMKrzg.exe
  2⤵
  PID:5532
- C:\Windows\System\zinSRoA.exe
  C:\Windows\System\zinSRoA.exe
  2⤵
  PID:5676
- C:\Windows\System\ppXsRXv.exe
  C:\Windows\System\ppXsRXv.exe
  2⤵
  PID:5732
- C:\Windows\System\bSAIKXJ.exe
  C:\Windows\System\bSAIKXJ.exe
  2⤵
  PID:5904
- C:\Windows\System\uXOkLPc.exe
  C:\Windows\System\uXOkLPc.exe
  2⤵
  PID:1972
- C:\Windows\System\bGBlbqy.exe
  C:\Windows\System\bGBlbqy.exe
  2⤵
  PID:6080
- C:\Windows\System\wCIUDSQ.exe
  C:\Windows\System\wCIUDSQ.exe
  2⤵
  PID:6060
- C:\Windows\System\djUeyQt.exe
  C:\Windows\System\djUeyQt.exe
  2⤵
  PID:4732
- C:\Windows\System\TLPfRDS.exe
  C:\Windows\System\TLPfRDS.exe
  2⤵
  PID:5064
- C:\Windows\System\EjQqFxg.exe
  C:\Windows\System\EjQqFxg.exe
  2⤵
  PID:3368
- C:\Windows\System\taRYGum.exe
  C:\Windows\System\taRYGum.exe
  2⤵
  PID:5244
- C:\Windows\System\KSqwZTx.exe
  C:\Windows\System\KSqwZTx.exe
  2⤵
  PID:5392
- C:\Windows\System\wOKnRDV.exe
  C:\Windows\System\wOKnRDV.exe
  2⤵
  PID:5648
- C:\Windows\System\sUpfVXj.exe
  C:\Windows\System\sUpfVXj.exe
  2⤵
  PID:5792
- C:\Windows\System\XdLkUwK.exe
  C:\Windows\System\XdLkUwK.exe
  2⤵
  PID:2196
- C:\Windows\System\ozujTGq.exe
  C:\Windows\System\ozujTGq.exe
  2⤵
  PID:6160
- C:\Windows\System\NkmdYvh.exe
  C:\Windows\System\NkmdYvh.exe
  2⤵
  PID:6180
- C:\Windows\System\LYTUpvm.exe
  C:\Windows\System\LYTUpvm.exe
  2⤵
  PID:6200
- C:\Windows\System\GSKQPpX.exe
  C:\Windows\System\GSKQPpX.exe
  2⤵
  PID:6220
- C:\Windows\System\YfXAgUL.exe
  C:\Windows\System\YfXAgUL.exe
  2⤵
  PID:6240
- C:\Windows\System\xjYAHPo.exe
  C:\Windows\System\xjYAHPo.exe
  2⤵
  PID:6260
- C:\Windows\System\APtEriL.exe
  C:\Windows\System\APtEriL.exe
  2⤵
  PID:6276
- C:\Windows\System\SceAmRp.exe
  C:\Windows\System\SceAmRp.exe
  2⤵
  PID:6292
- C:\Windows\System\tJmZEDk.exe
  C:\Windows\System\tJmZEDk.exe
  2⤵
  PID:6316
- C:\Windows\System\cFnfmpM.exe
  C:\Windows\System\cFnfmpM.exe
  2⤵
  PID:6336
- C:\Windows\System\bYFtfiT.exe
  C:\Windows\System\bYFtfiT.exe
  2⤵
  PID:6360
- C:\Windows\System\IXduJOP.exe
  C:\Windows\System\IXduJOP.exe
  2⤵
  PID:6380
- C:\Windows\System\ZgEAamA.exe
  C:\Windows\System\ZgEAamA.exe
  2⤵
  PID:6400
- C:\Windows\System\oXdpwhJ.exe
  C:\Windows\System\oXdpwhJ.exe
  2⤵
  PID:6420
- C:\Windows\System\XWybFCq.exe
  C:\Windows\System\XWybFCq.exe
  2⤵
  PID:6440
- C:\Windows\System\qJzhQxe.exe
  C:\Windows\System\qJzhQxe.exe
  2⤵
  PID:6460
- C:\Windows\System\yFAGauG.exe
  C:\Windows\System\yFAGauG.exe
  2⤵
  PID:6476
- C:\Windows\System\VEDPdfN.exe
  C:\Windows\System\VEDPdfN.exe
  2⤵
  PID:6500
- C:\Windows\System\eHzEkfK.exe
  C:\Windows\System\eHzEkfK.exe
  2⤵
  PID:6524
- C:\Windows\System\HeAuAlc.exe
  C:\Windows\System\HeAuAlc.exe
  2⤵
  PID:6544
- C:\Windows\System\zUZKOvy.exe
  C:\Windows\System\zUZKOvy.exe
  2⤵
  PID:6564
- C:\Windows\System\ifDHPfX.exe
  C:\Windows\System\ifDHPfX.exe
  2⤵
  PID:6584
- C:\Windows\System\njtnYff.exe
  C:\Windows\System\njtnYff.exe
  2⤵
  PID:6604
- C:\Windows\System\ZFtmXYy.exe
  C:\Windows\System\ZFtmXYy.exe
  2⤵
  PID:6624
- C:\Windows\System\uLGDDwj.exe
  C:\Windows\System\uLGDDwj.exe
  2⤵
  PID:6640
- C:\Windows\System\YuujyfJ.exe
  C:\Windows\System\YuujyfJ.exe
  2⤵
  PID:6664
- C:\Windows\System\azwWCBG.exe
  C:\Windows\System\azwWCBG.exe
  2⤵
  PID:6684
- C:\Windows\System\fLAIEQM.exe
  C:\Windows\System\fLAIEQM.exe
  2⤵
  PID:6704
- C:\Windows\System\cSxEmvp.exe
  C:\Windows\System\cSxEmvp.exe
  2⤵
  PID:6724
- C:\Windows\System\YZPOEbw.exe
  C:\Windows\System\YZPOEbw.exe
  2⤵
  PID:6744
- C:\Windows\System\ftZvpvI.exe
  C:\Windows\System\ftZvpvI.exe
  2⤵
  PID:6760
- C:\Windows\System\JFcbtbG.exe
  C:\Windows\System\JFcbtbG.exe
  2⤵
  PID:6776
- C:\Windows\System\sCEGNPb.exe
  C:\Windows\System\sCEGNPb.exe
  2⤵
  PID:6800
- C:\Windows\System\TVCTkdh.exe
  C:\Windows\System\TVCTkdh.exe
  2⤵
  PID:6824
- C:\Windows\System\qmXNsCV.exe
  C:\Windows\System\qmXNsCV.exe
  2⤵
  PID:6844
- C:\Windows\System\IDJkadY.exe
  C:\Windows\System\IDJkadY.exe
  2⤵
  PID:6864
- C:\Windows\System\PoqtvCX.exe
  C:\Windows\System\PoqtvCX.exe
  2⤵
  PID:6880
- C:\Windows\System\FDXGsyT.exe
  C:\Windows\System\FDXGsyT.exe
  2⤵
  PID:6904
- C:\Windows\System\YqaadlD.exe
  C:\Windows\System\YqaadlD.exe
  2⤵
  PID:6924
- C:\Windows\System\usFEkfo.exe
  C:\Windows\System\usFEkfo.exe
  2⤵
  PID:6944
- C:\Windows\System\ZeLGMfs.exe
  C:\Windows\System\ZeLGMfs.exe
  2⤵
  PID:6968
- C:\Windows\System\NwGYfYI.exe
  C:\Windows\System\NwGYfYI.exe
  2⤵
  PID:6988
- C:\Windows\System\rTQmSLv.exe
  C:\Windows\System\rTQmSLv.exe
  2⤵
  PID:7008
- C:\Windows\System\UXbvlLG.exe
  C:\Windows\System\UXbvlLG.exe
  2⤵
  PID:7028
- C:\Windows\System\GZODHEQ.exe
  C:\Windows\System\GZODHEQ.exe
  2⤵
  PID:7048
- C:\Windows\System\dApZvqY.exe
  C:\Windows\System\dApZvqY.exe
  2⤵
  PID:7068
- C:\Windows\System\yNOOPPb.exe
  C:\Windows\System\yNOOPPb.exe
  2⤵
  PID:7088
- C:\Windows\System\uowoPGc.exe
  C:\Windows\System\uowoPGc.exe
  2⤵
  PID:7108
- C:\Windows\System\TLeGSdN.exe
  C:\Windows\System\TLeGSdN.exe
  2⤵
  PID:7124
- C:\Windows\System\KaWXftV.exe
  C:\Windows\System\KaWXftV.exe
  2⤵
  PID:7148
- C:\Windows\System\NzejpfN.exe
  C:\Windows\System\NzejpfN.exe
  2⤵
  PID:5860
- C:\Windows\System\odATrvs.exe
  C:\Windows\System\odATrvs.exe
  2⤵
  PID:5976
- C:\Windows\System\ymkaFBh.exe
  C:\Windows\System\ymkaFBh.exe
  2⤵
  PID:6140
- C:\Windows\System\TkFIJdf.exe
  C:\Windows\System\TkFIJdf.exe
  2⤵
  PID:5200
- C:\Windows\System\JWTmMMG.exe
  C:\Windows\System\JWTmMMG.exe
  2⤵
  PID:5480
- C:\Windows\System\uAIbbWo.exe
  C:\Windows\System\uAIbbWo.exe
  2⤵
  PID:5820
- C:\Windows\System\XIbLQQA.exe
  C:\Windows\System\XIbLQQA.exe
  2⤵
  PID:5656
- C:\Windows\System\lBCPJDg.exe
  C:\Windows\System\lBCPJDg.exe
  2⤵
  PID:6172
- C:\Windows\System\lIxUUDe.exe
  C:\Windows\System\lIxUUDe.exe
  2⤵
  PID:6152
- C:\Windows\System\LMleMSw.exe
  C:\Windows\System\LMleMSw.exe
  2⤵
  PID:2716
- C:\Windows\System\PHydlYu.exe
  C:\Windows\System\PHydlYu.exe
  2⤵
  PID:6328
- C:\Windows\System\bhiDRzw.exe
  C:\Windows\System\bhiDRzw.exe
  2⤵
  PID:6348
- C:\Windows\System\AprAFVE.exe
  C:\Windows\System\AprAFVE.exe
  2⤵
  PID:6372
- C:\Windows\System\iRycSBv.exe
  C:\Windows\System\iRycSBv.exe
  2⤵
  PID:6396
- C:\Windows\System\GbYcuvX.exe
  C:\Windows\System\GbYcuvX.exe
  2⤵
  PID:6392
- C:\Windows\System\TEzGNxS.exe
  C:\Windows\System\TEzGNxS.exe
  2⤵
  PID:6492
- C:\Windows\System\zFqWrkB.exe
  C:\Windows\System\zFqWrkB.exe
  2⤵
  PID:6488
- C:\Windows\System\XXVynTO.exe
  C:\Windows\System\XXVynTO.exe
  2⤵
  PID:6536
- C:\Windows\System\KWwmqbk.exe
  C:\Windows\System\KWwmqbk.exe
  2⤵
  PID:1648
- C:\Windows\System\shYwkhh.exe
  C:\Windows\System\shYwkhh.exe
  2⤵
  PID:6552
- C:\Windows\System\dGirAmG.exe
  C:\Windows\System\dGirAmG.exe
  2⤵
  PID:6596
- C:\Windows\System\zaNQdWs.exe
  C:\Windows\System\zaNQdWs.exe
  2⤵
  PID:6652
- C:\Windows\System\Wfiluet.exe
  C:\Windows\System\Wfiluet.exe
  2⤵
  PID:6696
- C:\Windows\System\EOnbUOH.exe
  C:\Windows\System\EOnbUOH.exe
  2⤵
  PID:2808
- C:\Windows\System\mbTyZkH.exe
  C:\Windows\System\mbTyZkH.exe
  2⤵
  PID:6740
- C:\Windows\System\UhluBdO.exe
  C:\Windows\System\UhluBdO.exe
  2⤵
  PID:6772
- C:\Windows\System\baDVAYR.exe
  C:\Windows\System\baDVAYR.exe
  2⤵
  PID:6820
- C:\Windows\System\GAAlMlf.exe
  C:\Windows\System\GAAlMlf.exe
  2⤵
  PID:6784
- C:\Windows\System\LAjnqbI.exe
  C:\Windows\System\LAjnqbI.exe
  2⤵
  PID:6852
- C:\Windows\System\vnOSoHQ.exe
  C:\Windows\System\vnOSoHQ.exe
  2⤵
  PID:6836
- C:\Windows\System\CAvAPWQ.exe
  C:\Windows\System\CAvAPWQ.exe
  2⤵
  PID:6900
- C:\Windows\System\rAHBpux.exe
  C:\Windows\System\rAHBpux.exe
  2⤵
  PID:6876
- C:\Windows\System\hugSuwg.exe
  C:\Windows\System\hugSuwg.exe
  2⤵
  PID:7024
- C:\Windows\System\MymJaxj.exe
  C:\Windows\System\MymJaxj.exe
  2⤵
  PID:7056
- C:\Windows\System\VTaHIJz.exe
  C:\Windows\System\VTaHIJz.exe
  2⤵
  PID:7104
- C:\Windows\System\KgHEJGQ.exe
  C:\Windows\System\KgHEJGQ.exe
  2⤵
  PID:7084
- C:\Windows\System\WbVBXLi.exe
  C:\Windows\System\WbVBXLi.exe
  2⤵
  PID:7144
- C:\Windows\System\bYbrEBO.exe
  C:\Windows\System\bYbrEBO.exe
  2⤵
  PID:2664
- C:\Windows\System\nLSsekJ.exe
  C:\Windows\System\nLSsekJ.exe
  2⤵
  PID:5940
- C:\Windows\System\DrOCBPr.exe
  C:\Windows\System\DrOCBPr.exe
  2⤵
  PID:4832
- C:\Windows\System\lVeMlQn.exe
  C:\Windows\System\lVeMlQn.exe
  2⤵
  PID:1700
- C:\Windows\System\ivXrXzW.exe
  C:\Windows\System\ivXrXzW.exe
  2⤵
  PID:5352
- C:\Windows\System\hPfTbmh.exe
  C:\Windows\System\hPfTbmh.exe
  2⤵
  PID:1764
- C:\Windows\System\cazLGKj.exe
  C:\Windows\System\cazLGKj.exe
  2⤵
  PID:6156
- C:\Windows\System\JZbTAVT.exe
  C:\Windows\System\JZbTAVT.exe
  2⤵
  PID:6268
- C:\Windows\System\KIXLeQM.exe
  C:\Windows\System\KIXLeQM.exe
  2⤵
  PID:6356
- C:\Windows\System\TQGEyKi.exe
  C:\Windows\System\TQGEyKi.exe
  2⤵
  PID:6388
- C:\Windows\System\KmytONi.exe
  C:\Windows\System\KmytONi.exe
  2⤵
  PID:6452
- C:\Windows\System\SBKGcKc.exe
  C:\Windows\System\SBKGcKc.exe
  2⤵
  PID:6620
- C:\Windows\System\QExSWQh.exe
  C:\Windows\System\QExSWQh.exe
  2⤵
  PID:6512
- C:\Windows\System\SJTXLQy.exe
  C:\Windows\System\SJTXLQy.exe
  2⤵
  PID:6556
- C:\Windows\System\nxsdlZu.exe
  C:\Windows\System\nxsdlZu.exe
  2⤵
  PID:6732
- C:\Windows\System\qWNeLOM.exe
  C:\Windows\System\qWNeLOM.exe
  2⤵
  PID:6672
- C:\Windows\System\TueKdWS.exe
  C:\Windows\System\TueKdWS.exe
  2⤵
  PID:6756
- C:\Windows\System\MMdCayk.exe
  C:\Windows\System\MMdCayk.exe
  2⤵
  PID:6792
- C:\Windows\System\fTWvYNp.exe
  C:\Windows\System\fTWvYNp.exe
  2⤵
  PID:6896
- C:\Windows\System\ERszARC.exe
  C:\Windows\System\ERszARC.exe
  2⤵
  PID:6860
- C:\Windows\System\EHnBKAh.exe
  C:\Windows\System\EHnBKAh.exe
  2⤵
  PID:2556
- C:\Windows\System\wzclaGJ.exe
  C:\Windows\System\wzclaGJ.exe
  2⤵
  PID:7000
- C:\Windows\System\MTDKthm.exe
  C:\Windows\System\MTDKthm.exe
  2⤵
  PID:7120
- C:\Windows\System\plTpHUh.exe
  C:\Windows\System\plTpHUh.exe
  2⤵
  PID:6000
- C:\Windows\System\JJdbdnE.exe
  C:\Windows\System\JJdbdnE.exe
  2⤵
  PID:7132
- C:\Windows\System\YIwrZgY.exe
  C:\Windows\System\YIwrZgY.exe
  2⤵
  PID:2508
- C:\Windows\System\sqfmQSZ.exe
  C:\Windows\System\sqfmQSZ.exe
  2⤵
  PID:6120
- C:\Windows\System\BsHvVTA.exe
  C:\Windows\System\BsHvVTA.exe
  2⤵
  PID:1040
- C:\Windows\System\IJLOAnV.exe
  C:\Windows\System\IJLOAnV.exe
  2⤵
  PID:6196
- C:\Windows\System\qkhyaqr.exe
  C:\Windows\System\qkhyaqr.exe
  2⤵
  PID:6252
- C:\Windows\System\ekOdbxy.exe
  C:\Windows\System\ekOdbxy.exe
  2⤵
  PID:6436
- C:\Windows\System\svxxYto.exe
  C:\Windows\System\svxxYto.exe
  2⤵
  PID:6408
- C:\Windows\System\QXtNdcH.exe
  C:\Windows\System\QXtNdcH.exe
  2⤵
  PID:1116
- C:\Windows\System\CUjczsg.exe
  C:\Windows\System\CUjczsg.exe
  2⤵
  PID:6612
- C:\Windows\System\ndZBnDA.exe
  C:\Windows\System\ndZBnDA.exe
  2⤵
  PID:2136
- C:\Windows\System\XVkeTfo.exe
  C:\Windows\System\XVkeTfo.exe
  2⤵
  PID:7044
- C:\Windows\System\PWXYxYn.exe
  C:\Windows\System\PWXYxYn.exe
  2⤵
  PID:6176
- C:\Windows\System\UdZJrZN.exe
  C:\Windows\System\UdZJrZN.exe
  2⤵
  PID:5696
- C:\Windows\System\oYhWxQP.exe
  C:\Windows\System\oYhWxQP.exe
  2⤵
  PID:6656
- C:\Windows\System\BEugrfQ.exe
  C:\Windows\System\BEugrfQ.exe
  2⤵
  PID:2248
- C:\Windows\System\VupnVML.exe
  C:\Windows\System\VupnVML.exe
  2⤵
  PID:6796
- C:\Windows\System\mCBUpFu.exe
  C:\Windows\System\mCBUpFu.exe
  2⤵
  PID:2540
- C:\Windows\System\KWdgMxr.exe
  C:\Windows\System\KWdgMxr.exe
  2⤵
  PID:7076
- C:\Windows\System\AZrJBCl.exe
  C:\Windows\System\AZrJBCl.exe
  2⤵
  PID:1196
- C:\Windows\System\WcxETjV.exe
  C:\Windows\System\WcxETjV.exe
  2⤵
  PID:6768
- C:\Windows\System\LNfPNJY.exe
  C:\Windows\System\LNfPNJY.exe
  2⤵
  PID:7160
- C:\Windows\System\JqrrZYD.exe
  C:\Windows\System\JqrrZYD.exe
  2⤵
  PID:7036
- C:\Windows\System\qerkPdP.exe
  C:\Windows\System\qerkPdP.exe
  2⤵
  PID:6916
- C:\Windows\System\oIUUzzC.exe
  C:\Windows\System\oIUUzzC.exe
  2⤵
  PID:6300
- C:\Windows\System\YIoFjJb.exe
  C:\Windows\System\YIoFjJb.exe
  2⤵
  PID:1484
- C:\Windows\System\AEUdMuV.exe
  C:\Windows\System\AEUdMuV.exe
  2⤵
  PID:4544
- C:\Windows\System\qAPQTDE.exe
  C:\Windows\System\qAPQTDE.exe
  2⤵
  PID:6468
- C:\Windows\System\pPIxskR.exe
  C:\Windows\System\pPIxskR.exe
  2⤵
  PID:2968
- C:\Windows\System\tVvAYEB.exe
  C:\Windows\System\tVvAYEB.exe
  2⤵
  PID:2076
- C:\Windows\System\qwiIHul.exe
  C:\Windows\System\qwiIHul.exe
  2⤵
  PID:2340
- C:\Windows\System\YXEGsQX.exe
  C:\Windows\System\YXEGsQX.exe
  2⤵
  PID:6532
- C:\Windows\System\cffNBzF.exe
  C:\Windows\System\cffNBzF.exe
  2⤵
  PID:7040
- C:\Windows\System\LLlzALs.exe
  C:\Windows\System\LLlzALs.exe
  2⤵
  PID:3020
- C:\Windows\System\QsDdnxo.exe
  C:\Windows\System\QsDdnxo.exe
  2⤵
  PID:6324
- C:\Windows\System\uYRVMHD.exe
  C:\Windows\System\uYRVMHD.exe
  2⤵
  PID:6216
- C:\Windows\System\fmncbGC.exe
  C:\Windows\System\fmncbGC.exe
  2⤵
  PID:1964
- C:\Windows\System\KXbnUBS.exe
  C:\Windows\System\KXbnUBS.exe
  2⤵
  PID:6716
- C:\Windows\System\boScuaG.exe
  C:\Windows\System\boScuaG.exe
  2⤵
  PID:6192
- C:\Windows\System\kpySjhf.exe
  C:\Windows\System\kpySjhf.exe
  2⤵
  PID:7100
- C:\Windows\System\hrndTNY.exe
  C:\Windows\System\hrndTNY.exe
  2⤵
  PID:7176
- C:\Windows\System\JfcZUJv.exe
  C:\Windows\System\JfcZUJv.exe
  2⤵
  PID:7192
- C:\Windows\System\fViLlyR.exe
  C:\Windows\System\fViLlyR.exe
  2⤵
  PID:7208
- C:\Windows\System\SdquzIr.exe
  C:\Windows\System\SdquzIr.exe
  2⤵
  PID:7224
- C:\Windows\System\uCdPCLF.exe
  C:\Windows\System\uCdPCLF.exe
  2⤵
  PID:7240
- C:\Windows\System\xhVUqhb.exe
  C:\Windows\System\xhVUqhb.exe
  2⤵
  PID:7256
- C:\Windows\System\aGxBTFi.exe
  C:\Windows\System\aGxBTFi.exe
  2⤵
  PID:7272
- C:\Windows\System\jCOuZPt.exe
  C:\Windows\System\jCOuZPt.exe
  2⤵
  PID:7288
- C:\Windows\System\OTmkDbl.exe
  C:\Windows\System\OTmkDbl.exe
  2⤵
  PID:7304
- C:\Windows\System\IUGTLbg.exe
  C:\Windows\System\IUGTLbg.exe
  2⤵
  PID:7320
- C:\Windows\System\YcyINXK.exe
  C:\Windows\System\YcyINXK.exe
  2⤵
  PID:7336
- C:\Windows\System\IiHygOI.exe
  C:\Windows\System\IiHygOI.exe
  2⤵
  PID:7352
- C:\Windows\System\pMLcGoL.exe
  C:\Windows\System\pMLcGoL.exe
  2⤵
  PID:7368
- C:\Windows\System\hPOftVn.exe
  C:\Windows\System\hPOftVn.exe
  2⤵
  PID:7388
- C:\Windows\System\fORZhsK.exe
  C:\Windows\System\fORZhsK.exe
  2⤵
  PID:7404
- C:\Windows\System\DLsQHLU.exe
  C:\Windows\System\DLsQHLU.exe
  2⤵
  PID:7420
- C:\Windows\System\HVruDEP.exe
  C:\Windows\System\HVruDEP.exe
  2⤵
  PID:7436
- C:\Windows\System\NUkCvzI.exe
  C:\Windows\System\NUkCvzI.exe
  2⤵
  PID:7452
- C:\Windows\System\kXHMnlw.exe
  C:\Windows\System\kXHMnlw.exe
  2⤵
  PID:7468
- C:\Windows\System\AmOsFJx.exe
  C:\Windows\System\AmOsFJx.exe
  2⤵
  PID:7484
- C:\Windows\System\ahpLCyx.exe
  C:\Windows\System\ahpLCyx.exe
  2⤵
  PID:7500
- C:\Windows\System\FjWaaFk.exe
  C:\Windows\System\FjWaaFk.exe
  2⤵
  PID:7516
- C:\Windows\System\ddwcjZl.exe
  C:\Windows\System\ddwcjZl.exe
  2⤵
  PID:7532
- C:\Windows\System\vaeSgsy.exe
  C:\Windows\System\vaeSgsy.exe
  2⤵
  PID:7548
- C:\Windows\System\LaxKanb.exe
  C:\Windows\System\LaxKanb.exe
  2⤵
  PID:7564
- C:\Windows\System\fchgYbo.exe
  C:\Windows\System\fchgYbo.exe
  2⤵
  PID:7580
- C:\Windows\System\JHSfrmY.exe
  C:\Windows\System\JHSfrmY.exe
  2⤵
  PID:7596
- C:\Windows\System\nveEwAb.exe
  C:\Windows\System\nveEwAb.exe
  2⤵
  PID:7612
- C:\Windows\System\Oopitlq.exe
  C:\Windows\System\Oopitlq.exe
  2⤵
  PID:7628
- C:\Windows\System\FCvNluU.exe
  C:\Windows\System\FCvNluU.exe
  2⤵
  PID:7644
- C:\Windows\System\OQetQOr.exe
  C:\Windows\System\OQetQOr.exe
  2⤵
  PID:7660
- C:\Windows\System\dxBvFOx.exe
  C:\Windows\System\dxBvFOx.exe
  2⤵
  PID:7676
- C:\Windows\System\tYnoRKV.exe
  C:\Windows\System\tYnoRKV.exe
  2⤵
  PID:7692
- C:\Windows\System\ogntJip.exe
  C:\Windows\System\ogntJip.exe
  2⤵
  PID:7708
- C:\Windows\System\UKCkmxa.exe
  C:\Windows\System\UKCkmxa.exe
  2⤵
  PID:7724
- C:\Windows\System\vVSxdDw.exe
  C:\Windows\System\vVSxdDw.exe
  2⤵
  PID:7740
- C:\Windows\System\QGYaRKm.exe
  C:\Windows\System\QGYaRKm.exe
  2⤵
  PID:7756
- C:\Windows\System\wUWbjZP.exe
  C:\Windows\System\wUWbjZP.exe
  2⤵
  PID:7772
- C:\Windows\System\ihGeYOY.exe
  C:\Windows\System\ihGeYOY.exe
  2⤵
  PID:7788
- C:\Windows\System\pfReXwz.exe
  C:\Windows\System\pfReXwz.exe
  2⤵
  PID:7804
- C:\Windows\System\TcJchjB.exe
  C:\Windows\System\TcJchjB.exe
  2⤵
  PID:7820
- C:\Windows\System\YQgJotF.exe
  C:\Windows\System\YQgJotF.exe
  2⤵
  PID:7836
- C:\Windows\System\gsglwxO.exe
  C:\Windows\System\gsglwxO.exe
  2⤵
  PID:7852
- C:\Windows\System\egInqtZ.exe
  C:\Windows\System\egInqtZ.exe
  2⤵
  PID:7868
- C:\Windows\System\OctWXUx.exe
  C:\Windows\System\OctWXUx.exe
  2⤵
  PID:7888
- C:\Windows\System\kaimSKq.exe
  C:\Windows\System\kaimSKq.exe
  2⤵
  PID:7904
- C:\Windows\System\cbxSxoR.exe
  C:\Windows\System\cbxSxoR.exe
  2⤵
  PID:7920
- C:\Windows\System\HYgTXXO.exe
  C:\Windows\System\HYgTXXO.exe
  2⤵
  PID:7936
- C:\Windows\System\kAYdame.exe
  C:\Windows\System\kAYdame.exe
  2⤵
  PID:7952
- C:\Windows\System\ksVpwWm.exe
  C:\Windows\System\ksVpwWm.exe
  2⤵
  PID:7968
- C:\Windows\System\XPJdCCt.exe
  C:\Windows\System\XPJdCCt.exe
  2⤵
  PID:7984
- C:\Windows\System\dBHhgXN.exe
  C:\Windows\System\dBHhgXN.exe
  2⤵
  PID:8000
- C:\Windows\System\AHJNulx.exe
  C:\Windows\System\AHJNulx.exe
  2⤵
  PID:8016
- C:\Windows\System\GpMxxgf.exe
  C:\Windows\System\GpMxxgf.exe
  2⤵
  PID:8032
- C:\Windows\System\EcqsfxZ.exe
  C:\Windows\System\EcqsfxZ.exe
  2⤵
  PID:8048
- C:\Windows\System\TyfSEka.exe
  C:\Windows\System\TyfSEka.exe
  2⤵
  PID:8064
- C:\Windows\System\MvEiMfx.exe
  C:\Windows\System\MvEiMfx.exe
  2⤵
  PID:8080
- C:\Windows\System\GdtOZcY.exe
  C:\Windows\System\GdtOZcY.exe
  2⤵
  PID:8096
- C:\Windows\System\VOYQfuC.exe
  C:\Windows\System\VOYQfuC.exe
  2⤵
  PID:8112
- C:\Windows\System\cZAcReS.exe
  C:\Windows\System\cZAcReS.exe
  2⤵
  PID:8128
- C:\Windows\System\cAqvsAa.exe
  C:\Windows\System\cAqvsAa.exe
  2⤵
  PID:8144
- C:\Windows\System\XBlwZBJ.exe
  C:\Windows\System\XBlwZBJ.exe
  2⤵
  PID:8160
- C:\Windows\System\SvXUjcU.exe
  C:\Windows\System\SvXUjcU.exe
  2⤵
  PID:8176
- C:\Windows\System\tjIotnn.exe
  C:\Windows\System\tjIotnn.exe
  2⤵
  PID:6516
- C:\Windows\System\eYvuXpV.exe
  C:\Windows\System\eYvuXpV.exe
  2⤵
  PID:6312
- C:\Windows\System\iulqurC.exe
  C:\Windows\System\iulqurC.exe
  2⤵
  PID:2032
- C:\Windows\System\GkqlIkd.exe
  C:\Windows\System\GkqlIkd.exe
  2⤵
  PID:1148
- C:\Windows\System\BxFxhtV.exe
  C:\Windows\System\BxFxhtV.exe
  2⤵
  PID:1960
- C:\Windows\System\IMdzwYA.exe
  C:\Windows\System\IMdzwYA.exe
  2⤵
  PID:6676
- C:\Windows\System\RpsvzuV.exe
  C:\Windows\System\RpsvzuV.exe
  2⤵
  PID:7220
- C:\Windows\System\VJWyQaH.exe
  C:\Windows\System\VJWyQaH.exe
  2⤵
  PID:7204
- C:\Windows\System\hkqvIHh.exe
  C:\Windows\System\hkqvIHh.exe
  2⤵
  PID:7280
- C:\Windows\System\KIfMrhM.exe
  C:\Windows\System\KIfMrhM.exe
  2⤵
  PID:7376
- C:\Windows\System\LglCoNY.exe
  C:\Windows\System\LglCoNY.exe
  2⤵
  PID:7264
- C:\Windows\System\BzPCSUs.exe
  C:\Windows\System\BzPCSUs.exe
  2⤵
  PID:7332
- C:\Windows\System\gDeDbUs.exe
  C:\Windows\System\gDeDbUs.exe
  2⤵
  PID:7416
- C:\Windows\System\UvLOSuV.exe
  C:\Windows\System\UvLOSuV.exe
  2⤵
  PID:7432
- C:\Windows\System\gfNJBqv.exe
  C:\Windows\System\gfNJBqv.exe
  2⤵
  PID:7508
- C:\Windows\System\kJMcFtb.exe
  C:\Windows\System\kJMcFtb.exe
  2⤵
  PID:7524
- C:\Windows\System\zZYgcGT.exe
  C:\Windows\System\zZYgcGT.exe
  2⤵
  PID:7544
- C:\Windows\System\flNwbxj.exe
  C:\Windows\System\flNwbxj.exe
  2⤵
  PID:7604
- C:\Windows\System\UEPbTEm.exe
  C:\Windows\System\UEPbTEm.exe
  2⤵
  PID:7572
- C:\Windows\System\RRZwIAJ.exe
  C:\Windows\System\RRZwIAJ.exe
  2⤵
  PID:7588
- C:\Windows\System\hqKqGhA.exe
  C:\Windows\System\hqKqGhA.exe
  2⤵
  PID:7620
- C:\Windows\System\ifWVfFS.exe
  C:\Windows\System\ifWVfFS.exe
  2⤵
  PID:7732
- C:\Windows\System\SQBsMqW.exe
  C:\Windows\System\SQBsMqW.exe
  2⤵
  PID:7684
- C:\Windows\System\HGgqIWR.exe
  C:\Windows\System\HGgqIWR.exe
  2⤵
  PID:7828
- C:\Windows\System\hoMuXrK.exe
  C:\Windows\System\hoMuXrK.exe
  2⤵
  PID:7720
- C:\Windows\System\tZjanCQ.exe
  C:\Windows\System\tZjanCQ.exe
  2⤵
  PID:7896
- C:\Windows\System\DIFRWfF.exe
  C:\Windows\System\DIFRWfF.exe
  2⤵
  PID:7960
- C:\Windows\System\FuVPXlB.exe
  C:\Windows\System\FuVPXlB.exe
  2⤵
  PID:7812
- C:\Windows\System\uptxAaW.exe
  C:\Windows\System\uptxAaW.exe
  2⤵
  PID:7976
- C:\Windows\System\uqJNOfd.exe
  C:\Windows\System\uqJNOfd.exe
  2⤵
  PID:7784
- C:\Windows\System\fWJJROA.exe
  C:\Windows\System\fWJJROA.exe
  2⤵
  PID:8056
- C:\Windows\System\gKhaJkX.exe
  C:\Windows\System\gKhaJkX.exe
  2⤵
  PID:7816
- C:\Windows\System\vgxmslo.exe
  C:\Windows\System\vgxmslo.exe
  2⤵
  PID:8072
- C:\Windows\System\CphqeeN.exe
  C:\Windows\System\CphqeeN.exe
  2⤵
  PID:8076
- C:\Windows\System\jStHqFm.exe
  C:\Windows\System\jStHqFm.exe
  2⤵
  PID:8104
- C:\Windows\System\dkHqHPU.exe
  C:\Windows\System\dkHqHPU.exe
  2⤵
  PID:8136
- C:\Windows\System\dEmbLJQ.exe
  C:\Windows\System\dEmbLJQ.exe
  2⤵
  PID:8172
- C:\Windows\System\DePoqal.exe
  C:\Windows\System\DePoqal.exe
  2⤵
  PID:2864
- C:\Windows\System\UYjDNQY.exe
  C:\Windows\System\UYjDNQY.exe
  2⤵
  PID:7188
- C:\Windows\System\OanePdw.exe
  C:\Windows\System\OanePdw.exe
  2⤵
  PID:7348
- C:\Windows\System\lYFCUAB.exe
  C:\Windows\System\lYFCUAB.exe
  2⤵
  PID:7480
- C:\Windows\System\ZPWGoxq.exe
  C:\Windows\System\ZPWGoxq.exe
  2⤵
  PID:2432
- C:\Windows\System\YFjGatd.exe
  C:\Windows\System\YFjGatd.exe
  2⤵
  PID:2440
- C:\Windows\System\dAHQCMs.exe
  C:\Windows\System\dAHQCMs.exe
  2⤵
  PID:7300
- C:\Windows\System\TqTKTWZ.exe
  C:\Windows\System\TqTKTWZ.exe
  2⤵
  PID:7540
- C:\Windows\System\oSnszam.exe
  C:\Windows\System\oSnszam.exe
  2⤵
  PID:7328
- C:\Windows\System\VcNjpSX.exe
  C:\Windows\System\VcNjpSX.exe
  2⤵
  PID:7704
- C:\Windows\System\wuJeVVY.exe
  C:\Windows\System\wuJeVVY.exe
  2⤵
  PID:7800
- C:\Windows\System\DuWAuoo.exe
  C:\Windows\System\DuWAuoo.exe
  2⤵
  PID:7900
- C:\Windows\System\MAIsvJt.exe
  C:\Windows\System\MAIsvJt.exe
  2⤵
  PID:7380
- C:\Windows\System\dMZKwkC.exe
  C:\Windows\System\dMZKwkC.exe
  2⤵
  PID:7860
- C:\Windows\System\KfvoBQY.exe
  C:\Windows\System\KfvoBQY.exe
  2⤵
  PID:8092
- C:\Windows\System\BhtHYcH.exe
  C:\Windows\System\BhtHYcH.exe
  2⤵
  PID:6960
- C:\Windows\System\MCKqYfa.exe
  C:\Windows\System\MCKqYfa.exe
  2⤵
  PID:7864
- C:\Windows\System\CDJNIPR.exe
  C:\Windows\System\CDJNIPR.exe
  2⤵
  PID:8088
- C:\Windows\System\TWpMCMx.exe
  C:\Windows\System\TWpMCMx.exe
  2⤵
  PID:7476
- C:\Windows\System\nTClOaD.exe
  C:\Windows\System\nTClOaD.exe
  2⤵
  PID:7948
- C:\Windows\System\XpOhoBM.exe
  C:\Windows\System\XpOhoBM.exe
  2⤵
  PID:7428
- C:\Windows\System\nCsZpnF.exe
  C:\Windows\System\nCsZpnF.exe
  2⤵
  PID:7556
- C:\Windows\System\mpdQgbz.exe
  C:\Windows\System\mpdQgbz.exe
  2⤵
  PID:7284
- C:\Windows\System\IxdWyOq.exe
  C:\Windows\System\IxdWyOq.exe
  2⤵
  PID:7764
- C:\Windows\System\amEXkjb.exe
  C:\Windows\System\amEXkjb.exe
  2⤵
  PID:7576
- C:\Windows\System\DvoQIoB.exe
  C:\Windows\System\DvoQIoB.exe
  2⤵
  PID:8156
- C:\Windows\System\XdjFcOM.exe
  C:\Windows\System\XdjFcOM.exe
  2⤵
  PID:8120
- C:\Windows\System\KryNtwG.exe
  C:\Windows\System\KryNtwG.exe
  2⤵
  PID:7768
- C:\Windows\System\TSndBvx.exe
  C:\Windows\System\TSndBvx.exe
  2⤵
  PID:7344
- C:\Windows\System\rAYPTGC.exe
  C:\Windows\System\rAYPTGC.exe
  2⤵
  PID:7736
- C:\Windows\System\BdnOjav.exe
  C:\Windows\System\BdnOjav.exe
  2⤵
  PID:7360
- C:\Windows\System\BXTjbkL.exe
  C:\Windows\System\BXTjbkL.exe
  2⤵
  PID:7884
- C:\Windows\System\IhgHSas.exe
  C:\Windows\System\IhgHSas.exe
  2⤵
  PID:7668
- C:\Windows\System\pWocpvk.exe
  C:\Windows\System\pWocpvk.exe
  2⤵
  PID:7944
- C:\Windows\System\ZvFgVoo.exe
  C:\Windows\System\ZvFgVoo.exe
  2⤵
  PID:7980
- C:\Windows\System\DzavAzM.exe
  C:\Windows\System\DzavAzM.exe
  2⤵
  PID:8208
- C:\Windows\System\mGXawGL.exe
  C:\Windows\System\mGXawGL.exe
  2⤵
  PID:8224
- C:\Windows\System\DiSFYUE.exe
  C:\Windows\System\DiSFYUE.exe
  2⤵
  PID:8240
- C:\Windows\System\DYUGVNR.exe
  C:\Windows\System\DYUGVNR.exe
  2⤵
  PID:8260
- C:\Windows\System\NfhAODZ.exe
  C:\Windows\System\NfhAODZ.exe
  2⤵
  PID:8276
- C:\Windows\System\RBHdJsk.exe
  C:\Windows\System\RBHdJsk.exe
  2⤵
  PID:8292
- C:\Windows\System\aXRtuWd.exe
  C:\Windows\System\aXRtuWd.exe
  2⤵
  PID:8308
- C:\Windows\System\skNshOc.exe
  C:\Windows\System\skNshOc.exe
  2⤵
  PID:8324
- C:\Windows\System\bUUuXRl.exe
  C:\Windows\System\bUUuXRl.exe
  2⤵
  PID:8344
- C:\Windows\System\fioMsFt.exe
  C:\Windows\System\fioMsFt.exe
  2⤵
  PID:8360
- C:\Windows\System\QrUbQnH.exe
  C:\Windows\System\QrUbQnH.exe
  2⤵
  PID:8376
- C:\Windows\System\VUvdWuG.exe
  C:\Windows\System\VUvdWuG.exe
  2⤵
  PID:8392
- C:\Windows\System\oyCsDjB.exe
  C:\Windows\System\oyCsDjB.exe
  2⤵
  PID:8412
- C:\Windows\System\LohLXKX.exe
  C:\Windows\System\LohLXKX.exe
  2⤵
  PID:8428
- C:\Windows\System\buNhser.exe
  C:\Windows\System\buNhser.exe
  2⤵
  PID:8448
- C:\Windows\System\PWqvFUh.exe
  C:\Windows\System\PWqvFUh.exe
  2⤵
  PID:8488
- C:\Windows\System\enDoftB.exe
  C:\Windows\System\enDoftB.exe
  2⤵
  PID:8504
- C:\Windows\System\CqNUjME.exe
  C:\Windows\System\CqNUjME.exe
  2⤵
  PID:8532
- C:\Windows\System\cCHucJi.exe
  C:\Windows\System\cCHucJi.exe
  2⤵
  PID:8556
- C:\Windows\System\udFkZHU.exe
  C:\Windows\System\udFkZHU.exe
  2⤵
  PID:8576
- C:\Windows\System\KzpxSlu.exe
  C:\Windows\System\KzpxSlu.exe
  2⤵
  PID:8592
- C:\Windows\System\HLgESfk.exe
  C:\Windows\System\HLgESfk.exe
  2⤵
  PID:8608
- C:\Windows\System\KTIYOAu.exe
  C:\Windows\System\KTIYOAu.exe
  2⤵
  PID:8624
- C:\Windows\System\IoGWVfZ.exe
  C:\Windows\System\IoGWVfZ.exe
  2⤵
  PID:8648
- C:\Windows\System\YExogcW.exe
  C:\Windows\System\YExogcW.exe
  2⤵
  PID:8664
- C:\Windows\System\DYkaBaU.exe
  C:\Windows\System\DYkaBaU.exe
  2⤵
  PID:8680
- C:\Windows\System\vUyQEkY.exe
  C:\Windows\System\vUyQEkY.exe
  2⤵
  PID:8696
- C:\Windows\System\xXQqlcD.exe
  C:\Windows\System\xXQqlcD.exe
  2⤵
  PID:8712
- C:\Windows\System\kiRStMY.exe
  C:\Windows\System\kiRStMY.exe
  2⤵
  PID:8728
- C:\Windows\System\IhdWOyG.exe
  C:\Windows\System\IhdWOyG.exe
  2⤵
  PID:8744
- C:\Windows\System\PxldAWv.exe
  C:\Windows\System\PxldAWv.exe
  2⤵
  PID:8760
- C:\Windows\System\DiOySee.exe
  C:\Windows\System\DiOySee.exe
  2⤵
  PID:8776
- C:\Windows\System\kxdMDTt.exe
  C:\Windows\System\kxdMDTt.exe
  2⤵
  PID:8792
- C:\Windows\System\GkbLjeK.exe
  C:\Windows\System\GkbLjeK.exe
  2⤵
  PID:8808
- C:\Windows\System\hRzsgzB.exe
  C:\Windows\System\hRzsgzB.exe
  2⤵
  PID:8824
- C:\Windows\System\eVDtuiw.exe
  C:\Windows\System\eVDtuiw.exe
  2⤵
  PID:8840
- C:\Windows\System\xAABATb.exe
  C:\Windows\System\xAABATb.exe
  2⤵
  PID:8860
- C:\Windows\System\rcIvaRj.exe
  C:\Windows\System\rcIvaRj.exe
  2⤵
  PID:8876
- C:\Windows\System\VXdmdJX.exe
  C:\Windows\System\VXdmdJX.exe
  2⤵
  PID:8892
- C:\Windows\System\epkyEEc.exe
  C:\Windows\System\epkyEEc.exe
  2⤵
  PID:8908
- C:\Windows\System\buRLBQR.exe
  C:\Windows\System\buRLBQR.exe
  2⤵
  PID:8924
- C:\Windows\System\MmpNVqr.exe
  C:\Windows\System\MmpNVqr.exe
  2⤵
  PID:8940
- C:\Windows\System\UqLWVbe.exe
  C:\Windows\System\UqLWVbe.exe
  2⤵
  PID:8956
- C:\Windows\System\YguAuqi.exe
  C:\Windows\System\YguAuqi.exe
  2⤵
  PID:8976
- C:\Windows\System\qAFQZqi.exe
  C:\Windows\System\qAFQZqi.exe
  2⤵
  PID:8992
- C:\Windows\System\qtgiCyQ.exe
  C:\Windows\System\qtgiCyQ.exe
  2⤵
  PID:9008
- C:\Windows\System\vRrLUgI.exe
  C:\Windows\System\vRrLUgI.exe
  2⤵
  PID:9024
- C:\Windows\System\cMTsAVR.exe
  C:\Windows\System\cMTsAVR.exe
  2⤵
  PID:9044
- C:\Windows\System\axxexsn.exe
  C:\Windows\System\axxexsn.exe
  2⤵
  PID:9100
- C:\Windows\System\OEcnLPR.exe
  C:\Windows\System\OEcnLPR.exe
  2⤵
  PID:9116
- C:\Windows\System\iKdUlHz.exe
  C:\Windows\System\iKdUlHz.exe
  2⤵
  PID:9132
- C:\Windows\System\Wmfjnbq.exe
  C:\Windows\System\Wmfjnbq.exe
  2⤵
  PID:9148
- C:\Windows\System\NcpZfcj.exe
  C:\Windows\System\NcpZfcj.exe
  2⤵
  PID:9164
- C:\Windows\System\yqIGkcw.exe
  C:\Windows\System\yqIGkcw.exe
  2⤵
  PID:9180
- C:\Windows\System\DKDhkix.exe
  C:\Windows\System\DKDhkix.exe
  2⤵
  PID:9212
- C:\Windows\System\qPeCgSv.exe
  C:\Windows\System\qPeCgSv.exe
  2⤵
  PID:8200
- C:\Windows\System\jMlouor.exe
  C:\Windows\System\jMlouor.exe
  2⤵
  PID:8204
- C:\Windows\System\vRcixAP.exe
  C:\Windows\System\vRcixAP.exe
  2⤵
  PID:8300
- C:\Windows\System\TtWJAbO.exe
  C:\Windows\System\TtWJAbO.exe
  2⤵
  PID:7796
- C:\Windows\System\HuJNlOE.exe
  C:\Windows\System\HuJNlOE.exe
  2⤵
  PID:8216
- C:\Windows\System\bZvOMzO.exe
  C:\Windows\System\bZvOMzO.exe
  2⤵
  PID:8336
- C:\Windows\System\lihIMex.exe
  C:\Windows\System\lihIMex.exe
  2⤵
  PID:8372
- C:\Windows\System\QvMfVqz.exe
  C:\Windows\System\QvMfVqz.exe
  2⤵
  PID:8384
- C:\Windows\System\olrqKfm.exe
  C:\Windows\System\olrqKfm.exe
  2⤵
  PID:8424
- C:\Windows\System\AHHMpZR.exe
  C:\Windows\System\AHHMpZR.exe
  2⤵
  PID:8480
- C:\Windows\System\tNBSiLH.exe
  C:\Windows\System\tNBSiLH.exe
  2⤵
  PID:8540
- C:\Windows\System\REOhHRE.exe
  C:\Windows\System\REOhHRE.exe
  2⤵
  PID:8512
- C:\Windows\System\IpGAtwB.exe
  C:\Windows\System\IpGAtwB.exe
  2⤵
  PID:8476
- C:\Windows\System\YWVxtzL.exe
  C:\Windows\System\YWVxtzL.exe
  2⤵
  PID:8528
- C:\Windows\System\DXtPUMX.exe
  C:\Windows\System\DXtPUMX.exe
  2⤵
  PID:8572
- C:\Windows\System\UBJLdUm.exe
  C:\Windows\System\UBJLdUm.exe
  2⤵
  PID:8568
- C:\Windows\System\AqenYtG.exe
  C:\Windows\System\AqenYtG.exe
  2⤵
  PID:8644
- C:\Windows\System\HIpyYLh.exe
  C:\Windows\System\HIpyYLh.exe
  2⤵
  PID:8692
- C:\Windows\System\SAHDwsi.exe
  C:\Windows\System\SAHDwsi.exe
  2⤵
  PID:8708
- C:\Windows\System\qBbYEOa.exe
  C:\Windows\System\qBbYEOa.exe
  2⤵
  PID:8740
- C:\Windows\System\CgOZCno.exe
  C:\Windows\System\CgOZCno.exe
  2⤵
  PID:8752
- C:\Windows\System\AAwRTyi.exe
  C:\Windows\System\AAwRTyi.exe
  2⤵
  PID:8800
- C:\Windows\System\mwLZKbx.exe
  C:\Windows\System\mwLZKbx.exe
  2⤵
  PID:8852
- C:\Windows\System\LtxjRiu.exe
  C:\Windows\System\LtxjRiu.exe
  2⤵
  PID:8920
- C:\Windows\System\dtbmFHS.exe
  C:\Windows\System\dtbmFHS.exe
  2⤵
  PID:8872
- C:\Windows\System\fcXLJny.exe
  C:\Windows\System\fcXLJny.exe
  2⤵
  PID:8988
- C:\Windows\System\XLTloSP.exe
  C:\Windows\System\XLTloSP.exe
  2⤵
  PID:8900
- C:\Windows\System\Qcocubj.exe
  C:\Windows\System\Qcocubj.exe
  2⤵
  PID:8964
- C:\Windows\System\aGNEBdb.exe
  C:\Windows\System\aGNEBdb.exe
  2⤵
  PID:9004
- C:\Windows\System\lkBOhNT.exe
  C:\Windows\System\lkBOhNT.exe
  2⤵
  PID:9088
- C:\Windows\System\ZLWcqgD.exe
  C:\Windows\System\ZLWcqgD.exe
  2⤵
  PID:9072
- C:\Windows\System\TRggOqr.exe
  C:\Windows\System\TRggOqr.exe
  2⤵
  PID:9092
- C:\Windows\System\ZdePNzz.exe
  C:\Windows\System\ZdePNzz.exe
  2⤵
  PID:9112
- C:\Windows\System\pCGwipv.exe
  C:\Windows\System\pCGwipv.exe
  2⤵
  PID:9160
- C:\Windows\System\DrgQeNK.exe
  C:\Windows\System\DrgQeNK.exe
  2⤵
  PID:9140
- C:\Windows\System\KoFKYdP.exe
  C:\Windows\System\KoFKYdP.exe
  2⤵
  PID:9192
- C:\Windows\System\VfqINEe.exe
  C:\Windows\System\VfqINEe.exe
  2⤵
  PID:8320
- C:\Windows\System\YUaFWAN.exe
  C:\Windows\System\YUaFWAN.exe
  2⤵
  PID:8248
- C:\Windows\System\KfiYZIu.exe
  C:\Windows\System\KfiYZIu.exe
  2⤵
  PID:7296
- C:\Windows\System\CUbRlTJ.exe
  C:\Windows\System\CUbRlTJ.exe
  2⤵
  PID:8356
- C:\Windows\System\DNXSojk.exe
  C:\Windows\System\DNXSojk.exe
  2⤵
  PID:8368
- C:\Windows\System\rgaFnNI.exe
  C:\Windows\System\rgaFnNI.exe
  2⤵
  PID:8548
- C:\Windows\System\vJZGpGQ.exe
  C:\Windows\System\vJZGpGQ.exe
  2⤵
  PID:8484
- C:\Windows\System\PYvdOum.exe
  C:\Windows\System\PYvdOum.exe
  2⤵
  PID:8600
- C:\Windows\System\TrzsvLf.exe
  C:\Windows\System\TrzsvLf.exe
  2⤵
  PID:8688
- C:\Windows\System\RMkccml.exe
  C:\Windows\System\RMkccml.exe
  2⤵
  PID:8464
- C:\Windows\System\MxbKJpQ.exe
  C:\Windows\System\MxbKJpQ.exe
  2⤵
  PID:8656
- C:\Windows\System\MoSbOPO.exe
  C:\Windows\System\MoSbOPO.exe
  2⤵
  PID:8784
- C:\Windows\System\OSqNDXY.exe
  C:\Windows\System\OSqNDXY.exe
  2⤵
  PID:8952
- C:\Windows\System\TuUgHcQ.exe
  C:\Windows\System\TuUgHcQ.exe
  2⤵
  PID:9020
- C:\Windows\System\zhvVZnj.exe
  C:\Windows\System\zhvVZnj.exe
  2⤵
  PID:9036
- C:\Windows\System\lPYXEAT.exe
  C:\Windows\System\lPYXEAT.exe
  2⤵
  PID:9000
- C:\Windows\System\quRbZbO.exe
  C:\Windows\System\quRbZbO.exe
  2⤵
  PID:9124
- C:\Windows\System\dqdWVuZ.exe
  C:\Windows\System\dqdWVuZ.exe
  2⤵
  PID:9188
- C:\Windows\System\aneWMue.exe
  C:\Windows\System\aneWMue.exe
  2⤵
  PID:8232
- C:\Windows\System\TlGSjlH.exe
  C:\Windows\System\TlGSjlH.exe
  2⤵
  PID:8352
- C:\Windows\System\rxDsfDi.exe
  C:\Windows\System\rxDsfDi.exe
  2⤵
  PID:8884
- C:\Windows\System\FMdheJB.exe
  C:\Windows\System\FMdheJB.exe
  2⤵
  PID:8588
- C:\Windows\System\BPfSfEp.exe
  C:\Windows\System\BPfSfEp.exe
  2⤵
  PID:8724
- C:\Windows\System\eddIEkF.exe
  C:\Windows\System\eddIEkF.exe
  2⤵
  PID:8772
- C:\Windows\System\dPmXvSs.exe
  C:\Windows\System\dPmXvSs.exe
  2⤵
  PID:1052
- C:\Windows\System\EeYtrjw.exe
  C:\Windows\System\EeYtrjw.exe
  2⤵
  PID:8968
- C:\Windows\System\wyfuodu.exe
  C:\Windows\System\wyfuodu.exe
  2⤵
  PID:2604
- C:\Windows\System\XnvNmjH.exe
  C:\Windows\System\XnvNmjH.exe
  2⤵
  PID:2760
- C:\Windows\System\GPrbsKQ.exe
  C:\Windows\System\GPrbsKQ.exe
  2⤵
  PID:7560
- C:\Windows\System\EGNJxXf.exe
  C:\Windows\System\EGNJxXf.exe
  2⤵
  PID:8256
- C:\Windows\System\fZuBWtI.exe
  C:\Windows\System\fZuBWtI.exe
  2⤵
  PID:2372
- C:\Windows\System\AlHftAz.exe
  C:\Windows\System\AlHftAz.exe
  2⤵
  PID:8456
- C:\Windows\System\RVsvkuc.exe
  C:\Windows\System\RVsvkuc.exe
  2⤵
  PID:8848
- C:\Windows\System\juSphgu.exe
  C:\Windows\System\juSphgu.exe
  2⤵
  PID:948
- C:\Windows\System\MZhQRCG.exe
  C:\Windows\System\MZhQRCG.exe
  2⤵
  PID:8520
- C:\Windows\System\ziskLNY.exe
  C:\Windows\System\ziskLNY.exe
  2⤵
  PID:6980
- C:\Windows\System\wxwgWvQ.exe
  C:\Windows\System\wxwgWvQ.exe
  2⤵
  PID:8444
- C:\Windows\System\QRgzUPR.exe
  C:\Windows\System\QRgzUPR.exe
  2⤵
  PID:9068
- C:\Windows\System\kxXMHzP.exe
  C:\Windows\System\kxXMHzP.exe
  2⤵
  PID:9220
- C:\Windows\System\INlAPmt.exe
  C:\Windows\System\INlAPmt.exe
  2⤵
  PID:9264
- C:\Windows\System\dMVIbzb.exe
  C:\Windows\System\dMVIbzb.exe
  2⤵
  PID:9288
- C:\Windows\System\QslyXYl.exe
  C:\Windows\System\QslyXYl.exe
  2⤵
  PID:9320
- C:\Windows\System\bQNyftb.exe
  C:\Windows\System\bQNyftb.exe
  2⤵
  PID:9388
- C:\Windows\System\yUentqS.exe
  C:\Windows\System\yUentqS.exe
  2⤵
  PID:9408
- C:\Windows\System\fUgnLNl.exe
  C:\Windows\System\fUgnLNl.exe
  2⤵
  PID:9424
- C:\Windows\System\udbdWkj.exe
  C:\Windows\System\udbdWkj.exe
  2⤵
  PID:9444
- C:\Windows\System\dUHTYnO.exe
  C:\Windows\System\dUHTYnO.exe
  2⤵
  PID:9460
- C:\Windows\System\BKewXrR.exe
  C:\Windows\System\BKewXrR.exe
  2⤵
  PID:9476
- C:\Windows\System\KpqyTMi.exe
  C:\Windows\System\KpqyTMi.exe
  2⤵
  PID:9492
- C:\Windows\System\GewnvSn.exe
  C:\Windows\System\GewnvSn.exe
  2⤵
  PID:9508
- C:\Windows\System\uwkYCSf.exe
  C:\Windows\System\uwkYCSf.exe
  2⤵
  PID:9524
- C:\Windows\System\KxaAYQQ.exe
  C:\Windows\System\KxaAYQQ.exe
  2⤵
  PID:9540
- C:\Windows\System\tbKAtQf.exe
  C:\Windows\System\tbKAtQf.exe
  2⤵
  PID:9556
- C:\Windows\System\IOwlBnW.exe
  C:\Windows\System\IOwlBnW.exe
  2⤵
  PID:9572
- C:\Windows\System\ktXHDOw.exe
  C:\Windows\System\ktXHDOw.exe
  2⤵
  PID:9588
- C:\Windows\System\hVfBTja.exe
  C:\Windows\System\hVfBTja.exe
  2⤵
  PID:9604
- C:\Windows\System\pUiJWhE.exe
  C:\Windows\System\pUiJWhE.exe
  2⤵
  PID:9624
- C:\Windows\System\kXTkPmV.exe
  C:\Windows\System\kXTkPmV.exe
  2⤵
  PID:9640
- C:\Windows\System\qbiUKef.exe
  C:\Windows\System\qbiUKef.exe
  2⤵
  PID:9660
- C:\Windows\System\hUcDrOi.exe
  C:\Windows\System\hUcDrOi.exe
  2⤵
  PID:9676
- C:\Windows\System\MxBwpMS.exe
  C:\Windows\System\MxBwpMS.exe
  2⤵
  PID:9692
- C:\Windows\System\BUMWmWm.exe
  C:\Windows\System\BUMWmWm.exe
  2⤵
  PID:9708
- C:\Windows\System\XcMAQDK.exe
  C:\Windows\System\XcMAQDK.exe
  2⤵
  PID:9724
- C:\Windows\System\mYbPFvi.exe
  C:\Windows\System\mYbPFvi.exe
  2⤵
  PID:9740
- C:\Windows\System\NUdJzDH.exe
  C:\Windows\System\NUdJzDH.exe
  2⤵
  PID:9756
- C:\Windows\System\nUvryOv.exe
  C:\Windows\System\nUvryOv.exe
  2⤵
  PID:9772
- C:\Windows\System\qwurUfc.exe
  C:\Windows\System\qwurUfc.exe
  2⤵
  PID:9788
- C:\Windows\System\hvScfot.exe
  C:\Windows\System\hvScfot.exe
  2⤵
  PID:9808
- C:\Windows\System\PXPWOim.exe
  C:\Windows\System\PXPWOim.exe
  2⤵
  PID:9828
- C:\Windows\System\lccXlXR.exe
  C:\Windows\System\lccXlXR.exe
  2⤵
  PID:9844
- C:\Windows\System\woHPkBZ.exe
  C:\Windows\System\woHPkBZ.exe
  2⤵
  PID:9860
- C:\Windows\System\gHJeryv.exe
  C:\Windows\System\gHJeryv.exe
  2⤵
  PID:9880
- C:\Windows\System\USotCHR.exe
  C:\Windows\System\USotCHR.exe
  2⤵
  PID:9904
- C:\Windows\System\qUrDspj.exe
  C:\Windows\System\qUrDspj.exe
  2⤵
  PID:9920
- C:\Windows\System\fuFsTzX.exe
  C:\Windows\System\fuFsTzX.exe
  2⤵
  PID:9936
- C:\Windows\System\oxbTuFn.exe
  C:\Windows\System\oxbTuFn.exe
  2⤵
  PID:9952
- C:\Windows\System\zHyhCEx.exe
  C:\Windows\System\zHyhCEx.exe
  2⤵
  PID:9972
- C:\Windows\System\ukcwKiy.exe
  C:\Windows\System\ukcwKiy.exe
  2⤵
  PID:9988
- C:\Windows\System\eBJLKHu.exe
  C:\Windows\System\eBJLKHu.exe
  2⤵
  PID:10004
- C:\Windows\System\XoEMQRY.exe
  C:\Windows\System\XoEMQRY.exe
  2⤵
  PID:10020
- C:\Windows\System\EeRUNbN.exe
  C:\Windows\System\EeRUNbN.exe
  2⤵
  PID:10036
- C:\Windows\System\mrqYRyd.exe
  C:\Windows\System\mrqYRyd.exe
  2⤵
  PID:10052
- C:\Windows\System\nXuztXQ.exe
  C:\Windows\System\nXuztXQ.exe
  2⤵
  PID:10068
- C:\Windows\System\WStcKyQ.exe
  C:\Windows\System\WStcKyQ.exe
  2⤵
  PID:10084
- C:\Windows\System\rlFYcyE.exe
  C:\Windows\System\rlFYcyE.exe
  2⤵
  PID:10100
- C:\Windows\System\PAOSkRS.exe
  C:\Windows\System\PAOSkRS.exe
  2⤵
  PID:10116
- C:\Windows\System\ocbwgQb.exe
  C:\Windows\System\ocbwgQb.exe
  2⤵
  PID:10132
- C:\Windows\System\kjUrPXX.exe
  C:\Windows\System\kjUrPXX.exe
  2⤵
  PID:10148
- C:\Windows\System\dZpWpko.exe
  C:\Windows\System\dZpWpko.exe
  2⤵
  PID:10164
- C:\Windows\System\dbuszDi.exe
  C:\Windows\System\dbuszDi.exe
  2⤵
  PID:10180
- C:\Windows\System\blIRLEg.exe
  C:\Windows\System\blIRLEg.exe
  2⤵
  PID:10196
- C:\Windows\System\aQHfCLE.exe
  C:\Windows\System\aQHfCLE.exe
  2⤵
  PID:10212
- C:\Windows\System\HyvosQR.exe
  C:\Windows\System\HyvosQR.exe
  2⤵
  PID:10228
- C:\Windows\System\MVVoxRG.exe
  C:\Windows\System\MVVoxRG.exe
  2⤵
  PID:596
- C:\Windows\System\LPVqRpn.exe
  C:\Windows\System\LPVqRpn.exe
  2⤵
  PID:9228
- C:\Windows\System\HJywdfA.exe
  C:\Windows\System\HJywdfA.exe
  2⤵
  PID:8936
- C:\Windows\System\SdLWoEH.exe
  C:\Windows\System\SdLWoEH.exe
  2⤵
  PID:9236
- C:\Windows\System\YacImem.exe
  C:\Windows\System\YacImem.exe
  2⤵
  PID:9260
- C:\Windows\System\NsMJWwM.exe
  C:\Windows\System\NsMJWwM.exe
  2⤵
  PID:9308
- C:\Windows\System\leisWbg.exe
  C:\Windows\System\leisWbg.exe
  2⤵
  PID:9396
- C:\Windows\System\tdADeoP.exe
  C:\Windows\System\tdADeoP.exe
  2⤵
  PID:9204
- C:\Windows\System\pbuJVsY.exe
  C:\Windows\System\pbuJVsY.exe
  2⤵
  PID:9108
- C:\Windows\System\miWgJet.exe
  C:\Windows\System\miWgJet.exe
  2⤵
  PID:9284
- C:\Windows\System\OBiASBP.exe
  C:\Windows\System\OBiASBP.exe
  2⤵
  PID:9384
- C:\Windows\System\ZPJnPRI.exe
  C:\Windows\System\ZPJnPRI.exe
  2⤵
  PID:9400
- C:\Windows\System\CpLzsGs.exe
  C:\Windows\System\CpLzsGs.exe
  2⤵
  PID:9356
- C:\Windows\System\BnFVVLI.exe
  C:\Windows\System\BnFVVLI.exe
  2⤵
  PID:9372
- C:\Windows\System\LUcmrTI.exe
  C:\Windows\System\LUcmrTI.exe
  2⤵
  PID:9468
- C:\Windows\System\LESTVeo.exe
  C:\Windows\System\LESTVeo.exe
  2⤵
  PID:9416
- C:\Windows\System\xYddqEx.exe
  C:\Windows\System\xYddqEx.exe
  2⤵
  PID:9536
- C:\Windows\System\AZUKTAI.exe
  C:\Windows\System\AZUKTAI.exe
  2⤵
  PID:9600
- C:\Windows\System\aejJOVZ.exe
  C:\Windows\System\aejJOVZ.exe
  2⤵
  PID:9636
- C:\Windows\System\tnOKyrm.exe
  C:\Windows\System\tnOKyrm.exe
  2⤵
  PID:9548
- C:\Windows\System\VyDNiHC.exe
  C:\Windows\System\VyDNiHC.exe
  2⤵
  PID:9612
- C:\Windows\System\wWbmxSy.exe
  C:\Windows\System\wWbmxSy.exe
  2⤵
  PID:9700
- C:\Windows\System\mfkPJac.exe
  C:\Windows\System\mfkPJac.exe
  2⤵
  PID:9656
- C:\Windows\System\SpgOZRl.exe
  C:\Windows\System\SpgOZRl.exe
  2⤵
  PID:9716
- C:\Windows\System\ogVVKPo.exe
  C:\Windows\System\ogVVKPo.exe
  2⤵
  PID:9768
- C:\Windows\System\IZbADyX.exe
  C:\Windows\System\IZbADyX.exe
  2⤵
  PID:9780
- C:\Windows\System\jolXsQN.exe
  C:\Windows\System\jolXsQN.exe
  2⤵
  PID:9836
- C:\Windows\System\cbvxdRo.exe
  C:\Windows\System\cbvxdRo.exe
  2⤵
  PID:952
- C:\Windows\System\KqQFIdf.exe
  C:\Windows\System\KqQFIdf.exe
  2⤵
  PID:908
- C:\Windows\System\UFBvJuA.exe
  C:\Windows\System\UFBvJuA.exe
  2⤵
  PID:9852
- C:\Windows\System\espAFGg.exe
  C:\Windows\System\espAFGg.exe
  2⤵
  PID:9916
- C:\Windows\System\gAKxAmV.exe
  C:\Windows\System\gAKxAmV.exe
  2⤵
  PID:9960
- C:\Windows\System\VoTinWo.exe
  C:\Windows\System\VoTinWo.exe
  2⤵
  PID:9984
- C:\Windows\System\vCFyrJZ.exe
  C:\Windows\System\vCFyrJZ.exe
  2⤵
  PID:9440
- C:\Windows\System\jDDdNja.exe
  C:\Windows\System\jDDdNja.exe
  2⤵
  PID:10044
- C:\Windows\System\MiMzXtT.exe
  C:\Windows\System\MiMzXtT.exe
  2⤵
  PID:10076
- C:\Windows\System\jAWuPUN.exe
  C:\Windows\System\jAWuPUN.exe
  2⤵
  PID:10108
- C:\Windows\System\HkYxXnK.exe
  C:\Windows\System\HkYxXnK.exe
  2⤵
  PID:10144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ENsUmXU.exe

Filesize
6.0MB

MD5
f8cb87d001279a50c948722cbb94bbf5

SHA1
ee8c4bdba7e80c441316f5cce45c46239682caf2

SHA256
3c7ab1587dbdf6c07c34c491e6c5fe4a43d38352f7d8720fa836127e83a9880a

SHA512
cc6266426167f22be6640c0ccf027b7eceb421ffc188b446edfa90ba9cd406f18160dcff792d33c1f9e97386d9adb8143e847ef605c5cfd337f6ac354e9b1a64

Download Submit
C:\Windows\system\IucxyxH.exe

Filesize
6.0MB

MD5
e614c9f889306c3387fb7f9cc018ffa3

SHA1
4b2d56f608b28324601b83d2443951ef7cca7961

SHA256
8a2b6067323cc441c03f08e70ae2e65075ca565e9d5af6d2ce34efbe51bc36c4

SHA512
891fe9e5e347eddf8d0d7ea833594116f0803fbbdb42d1bcc3402de4cff86754e4c1fe758d93719efaacbd00f0d2e96ee4239087542c2934d8630643aeead3b9

Download Submit
C:\Windows\system\NaxhZZG.exe

Filesize
6.0MB

MD5
88eccd723803f58de059efd36066ddf1

SHA1
96458d21db519693f6887932a5060635489d74a5

SHA256
94631bde81be411560629abc85f77b3ddd7812865d1bfb2f67e0d9219cea3f03

SHA512
923d8d43f07758ebf536e18d7d9158d41894907612e63ec654361db437913ce3ad99834c6ce51c3f5bbae0d47210b7315898977f1dae276e872eb1698b42f586

Download Submit
C:\Windows\system\OJYGzqc.exe

Filesize
6.0MB

MD5
4e35a6789a50e43a7a35ce7559cd3742

SHA1
e6843689ec636096b829945ca97d082a898bfcff

SHA256
e6abae886d929b3ee5dec9480e10a2ab2ae5c0dffefe97956dbb32b27afe69a0

SHA512
f415c3b5fd231574edf6efaad7edbd915e8a3fae5444ba9f307cf35d21578f6430997200552d2b958d50cf912bf42d73b13ead075559abe11e87742385670341

Download Submit
C:\Windows\system\OqwvyTn.exe

Filesize
6.0MB

MD5
686918409c0273e01582d324c96d1302

SHA1
d68421d2eed019a492c15e4543812f51a6586f74

SHA256
e470e12fc2955ac74badcbb5beabb86598803e09207c4d76327897a5165e45ff

SHA512
9448f49bb3bcd277435f407e836c96c2fb9d5f164dc7480627c62b9e44b0fd58654134c9f0a78f5de27fcd254c6a7b37dd3aed0c43c8d9ff0a3fd7acc50c2fed

Download Submit
C:\Windows\system\PHZBlWu.exe

Filesize
6.0MB

MD5
ab0db3f8948a967d94b54a648fac9978

SHA1
a30e595731759575bd4158a7ec15ebfe86e118b5

SHA256
c5a1b9181990a95f5da8279175ced565bfd83f124f43b245b7797e6c32077d93

SHA512
2206004c68c142f3bf18f9621c55c2906b78e840ccda2707f928d96e665bd346b12a95a137c087309f3b5b036a7a72739db365621d4a01232dcde7b47a3bc179

Download Submit
C:\Windows\system\RyhpVDp.exe

Filesize
6.0MB

MD5
65c08b6fa697ee218c7aa9053d3d7968

SHA1
588023cf0901c1e32b43af4d93c54cb0db184c74

SHA256
467bb4c492ac0eb189c0d8a39839f136664991358cadbc7b8d4b2567bfb95931

SHA512
165a47bed6c2ea9e64502fac119bc86c977c0266649b323d107ec404c5530eac568dcefe842123bdbc66640ad7cb60f1aa126390b5b5eabc3b35930b2ba768ba

Download Submit
C:\Windows\system\TUCmAYb.exe

Filesize
6.0MB

MD5
fc2659cbf9fbce892b3067e3e9df54e9

SHA1
a2ab1854964f0b23af2f86c91014af2005edb757

SHA256
74f828fe3b54a01364d33e7085886eab477e7056854d561ad4fb5249cfbdac57

SHA512
24fc94acbb400c9b1610cac7e8250a0d2a878415a767ac9a8103fa881d9e28496956e78881f1cd3214c3c0f5bb871c12c59bbe3ca85626eaaff0c513e6ed6ff1

Download Submit
C:\Windows\system\YNeLkur.exe

Filesize
6.0MB

MD5
d0da658b52097ff7cee8aac43f71f904

SHA1
4165a9d39b90a957d9be204fd836c6ef2561506c

SHA256
c010e8868dbc27d08e883599cae2f3e21abbf91129bab7c4212fd7d2f3620c3d

SHA512
e8c9d6d3122ebf807a986d50446b598d60dba0cde31598c5518a0ed9ccf627c7dd67bc19671829f3309c7e3b1b8a795e60265fc1dd734579e0ba6bb0df6f4b2d

Download Submit
C:\Windows\system\ZJiOaAW.exe

Filesize
6.0MB

MD5
c74f8a31b73ae20a874234000ce1e173

SHA1
bbec12ba3b409a1beb2bd265eeed9b066254bbb2

SHA256
de24f20a4538aca59b5e2dda2193fb7b31c1de9cf862592ca45c55423f69679f

SHA512
9c7365182892a255be4b85a10a1ad47d3bc2d28ac78818f0c24f76f2b12b49a97ee99949915ec693fff2f586193ab6a1ca2ceed4f634e999ad2de5d08e33fcda

Download Submit
C:\Windows\system\bzrLfSZ.exe

Filesize
6.0MB

MD5
72331f46dde443deac7fc119d2a85818

SHA1
f75c5c574edf85fc4152289efeca556e53674660

SHA256
77dec46168cd5dcfd5a13e67b7dc83926ec93ec19834bf6753e15c096403d302

SHA512
d07991452d1d8f78f23cfaea0d9cfd37f61d476b07d8762163a1377dbaf9b0963ef2ca72240ed9f2ba9ad81bad577698b70357d365faf5519633aaa3f0356a3f

Download Submit
C:\Windows\system\cfwyiHq.exe

Filesize
6.0MB

MD5
1da7f6fd0e657c5e198c042d9419eef9

SHA1
32c05b621fb457b4cfd62ef12a564ce83b3089ab

SHA256
97d0333248a7fe15376a178078f11b13e8c4df4e298520127a2c167ab0b58c8d

SHA512
22f1a33997eff381f6951bdbcccf0977e86be7d816c9b87182e3a20807b573472886e7794a5c4ec31ca2fc32e13882c567018cb05150c3def8c8239b88f18468

Download Submit
C:\Windows\system\dMjXQsz.exe

Filesize
6.0MB

MD5
58b0b7de0e61979eb7cec7ac4a480d2d

SHA1
2cf1954a05d8216e758a214634a1c7e7ba3563a9

SHA256
92851a3f104dca1412d1e439773fdc43e1bd2e58a97c92a4b24ad5be8298dffe

SHA512
450c68a94762e5e398f6e10c441abb93486533412581a991b8d75f33694bb4341a861c4e8ec896c55690de769d3bfd211373d17be517ee4e1a618138e0678e70

Download Submit
C:\Windows\system\fOgaVsD.exe

Filesize
6.0MB

MD5
ee750bfd1cdbba1a573a95c77078ea5b

SHA1
f76ae5ea8f7dc9f0a726ea86563f6b09e9bb7411

SHA256
7bd076e2f2372a7d6c6210d728762c860a0e4295e91525a3b384779ac8de8aeb

SHA512
a428daf8fdfdcc59a69295f882803bcc82b6a36bc4d7d623ff85d42970e1db3c934a9cf559b97cbf6aa8d8129f9e50c11c428e06349148f88714c3b2d2c330fe

Download Submit
C:\Windows\system\gSsquUh.exe

Filesize
6.0MB

MD5
09a52b90268579de91a3f9167ce7cab0

SHA1
44d50ed9db105f9e2cca76b03de2db9b481105b2

SHA256
b858e5ce27050401601216e11390e99be340eeeafa7db7ab44b243e2a50139ed

SHA512
e780913e9828a9fe7d43956adf921c1044a9b16a24bd5421e236d97b58e4d854ffe7a7fa70940afd594297adf6a5b0e66bee9633734e04df24e53be0f8e45a3e

Download Submit
C:\Windows\system\gfTlMwt.exe

Filesize
6.0MB

MD5
487cf475f24b13b0c1b340ff40d778f3

SHA1
2490c7dfa07bef7518fe22c84666635b977701e9

SHA256
23261cd676102a406687ea0fec662a7e795ccee997c9ad2d1521e356d81e975e

SHA512
56af74ed5e84ccf384d701b0eb7e11bcf3975cd60d0b68f27b649d59cbf034b87e3b175770c6abd51de2e7a2f6928e4ff665f955d9074dd2f0636362b3bea336

Download Submit
C:\Windows\system\gnwXpAL.exe

Filesize
6.0MB

MD5
0d1e36dba3a57d0a8a2b5f96b6837d58

SHA1
b2df675c6eb7f282c4c916331ed284720b791a95

SHA256
8ca2652f151a987bcc454ebfa571ec0d73154a9497faa79e21834e57b03ff926

SHA512
383e1911fe396086f3e14fcf9cb5ce55c30068688675066fdd0e6f89068faa14ca1d7850f982e9f359017680bcd709ab3dab44edfd783763d10d83abc06f2356

Download Submit
C:\Windows\system\jfmTgJK.exe

Filesize
6.0MB

MD5
def40759af28ac7183a2935365545e23

SHA1
e3d44f4d8d8bc02ddc5b67da60ecfc8079254e3e

SHA256
07db7ce948dd83739b76865900e8d184a48f5d57e668009cd5e3b25629f50d2c

SHA512
9571b8404bbb47ee6e53527203b47a8d8bc11d020f44fe0adb36f1c0ed1d2fefc9c2294898238466c60d25405a428d6da6d3896055462123699ba7ee1da7e03b

Download Submit
C:\Windows\system\jiIFcRN.exe

Filesize
6.0MB

MD5
7ced260a7f31e72015d69aebc8317ccd

SHA1
ff5a5eaeadb478e4d3689a279cfcc42fb1f6b2d1

SHA256
0812dd99a41f1114c8cc33670a7025aa576860acdfd76ac962eede0022155214

SHA512
5dd1a97f4429210dd6beaa93e8f3b41c65100c2c51f60e38abffb3682659bf2564f17cc612dfd15d87fb7dec3ba2b9f9c2ed9ca017875ab27b4e585129722f07

Download Submit
C:\Windows\system\jjlCiKJ.exe

Filesize
6.0MB

MD5
bab67e49387179611a68ef42b6fd2572

SHA1
c22c4dc21f748b747fdacfd3e6c6f66e0f23932b

SHA256
7b918e77622342ceb87f9a6663950a99df99765c85c873a601761713967afde7

SHA512
3ec720a60c200d15a200287962dca139eb04039446ccaf134b27f544d8816ab326632cc91015ee28b766770a163a00819310c37e960915f6e26b2af6f0e8dc05

Download Submit
C:\Windows\system\ljgFaud.exe

Filesize
6.0MB

MD5
161c0be81b91e0bb4652ee599ae08fb9

SHA1
7e0784eec1a119e87c763b58be5157888ec071a9

SHA256
be7016b713496696ec6862a393a2d85cba2f4c8282a952fcb061c16ac39fda75

SHA512
4520aeccc45a52b010c11d2ca336a9334462d505fa31a3a4e1069dd9284e328e5dfe9bd03de1088fdfdc4032428b7ccf168d2183e2ea99d2c6ffd833675cebc9

Download Submit
C:\Windows\system\uJPeUOO.exe

Filesize
6.0MB

MD5
ebb52311329465c870a9dc1e0c9eca4f

SHA1
6b913219ea7fa442fafeec3faed2e9a4f344a144

SHA256
3b429aed4bddfed50687f6c6e1251ac12fe471504ca26640d43e593989afef40

SHA512
d7e9047fddd8bf6968f9d2ad77624683af7f889596c0a6b9dcb7db29b0394a761853446bd5becac8553b5634fbe471fe0a780a80a8fa633e498d323575ed18d9

Download Submit
C:\Windows\system\vQQVKPK.exe

Filesize
6.0MB

MD5
5e22f5c3a4267e2553c5545d86045b47

SHA1
e17d9d9ef93ccc4594dc5a639c1b1d70d548baf6

SHA256
2a957e51f55d2eeaadbf9407a92eb005f339404bf8bb01ca42b90c6d21d55a51

SHA512
94b606b8d1baeb8b4d38f8363b0022f2b921a628a3e0278231bdb11b82c70138aaf31e984624bb432c50a3fcf17c0d83ee2603cf9df48231e20fa476e78f5395

Download Submit
C:\Windows\system\xJReDPb.exe

Filesize
6.0MB

MD5
80628d5a0795185ef8f5682601ade7b7

SHA1
d3eeb06dc7cc4f59c605b8391d886a72ec978e8b

SHA256
2507d38602e26dbdd98480c50be7b9e84e1dd251d43f8456b326ffe53766afe3

SHA512
5a3282caf47b550db4445efec76fe81f54b0d8b58b482d9f00e82a3e7e31c1184e0e1aff1a67f5eb26f4b41df7ac9a7c74f586f735a9ea28e72a9554ef469165

Download Submit
C:\Windows\system\xNmkGIw.exe

Filesize
6.0MB

MD5
dc36cbffd5945bc3a9a850909d51083b

SHA1
abd8fb8a02876f7b6e62b4512904bd50251dea5c

SHA256
015fedbaa6227b23a39ca8f5ca3109dba17420ed24159be8d6012e2aa3e1792d

SHA512
fa48e7e2859bd59081e652948910d969aed02f954e691003adba488d49d40e28ae8a11c2b94df09b7b25e153d766aba1a91406be52186786a2decda71edc9a07

Download Submit
C:\Windows\system\yJOKPPY.exe

Filesize
6.0MB

MD5
8958f64c2118e7b64a145962afc346da

SHA1
111f39dade3c4bfc279c39ca987a19d2e56b99a5

SHA256
6d79e1b4750d6d1b4b8a2dc4fed92782c23a41987131a7cee8a2313a9924fd42

SHA512
197520333a3f5d47de9ff5791f3ffae933633ff3ba33ee64a0c2fc87410826ba1c2820a53809a7801f82d8ac33b41c1509a3ca793a43a3ee064eedbb0c655dc0

Download Submit
C:\Windows\system\yruWrZU.exe

Filesize
6.0MB

MD5
a32e9fd2f2077f86a0c780f6d7b1ded0

SHA1
304601bcf0c23eac1ae45e92c979b4d6cc5bbca3

SHA256
b468f2daec4e78c6b56de1f9417e09baa1da35bc263eb0bf4430bcf37a53f4aa

SHA512
dd4be67f577fcf357be000b71698a9ccbe31b1efac636115c7a6c66e51f98ab4ea6ed894179326ed4781808670955ac79bf5ed6154017f8f674fe39e97ec8a39

Download Submit
C:\Windows\system\zGakWsC.exe

Filesize
6.0MB

MD5
48838a59927e62cef4bd13ffeac1f929

SHA1
4cbbab0c4a202e6c803027ac5f54797e4c88ff91

SHA256
e38375045cbc92b2bf2d90ac462e2407d2a87cd9c6c353efbc8f02269565a305

SHA512
df4830af045443cb97987301473beb367bddef4b75bcbdb822835bfd55d45d428782eca6e9891182f924259a305d3aae17b5de94cd12685998ad12b544fcf5c7

Download Submit
\Windows\system\JWRUGZG.exe

Filesize
6.0MB

MD5
31b61744972a6bfefa0ea954c6a30bfd

SHA1
7525337a49e9fa20fd16aa2db656ab53e173889c

SHA256
eeafe7e3a6e3480be0625224cec8fbe7736039546932b9de5107d63004e72bc5

SHA512
de1e7bbd4e86f05318c26704fe7dcf9b8b5d25296bc69d2c7927d91b4326f48b27866fcaec2d31f028c1d415f0caea9d995a485aa79efd262ad45ec177ae9c18

Download Submit
\Windows\system\RCNvlVv.exe

Filesize
6.0MB

MD5
e898347929117aab6b2d7ab71fa48d33

SHA1
f3f788ebc02b3e7b0ef627dc76adbb0ccf0adeb5

SHA256
bc80aca8054b1fdf3f153d813c96a15b00306ac3e846e7ed41cc94a4720d4bf5

SHA512
853679ae49080a1e060b42a182ef5064daa98270131a038afdc8f1e052f0ac434b71180af2f4d9e93b2a628dd6385d3e87f459dc5720e38478312eafd4ca2da1

Download Submit
\Windows\system\erZwuYV.exe

Filesize
6.0MB

MD5
76278f02c423bb8c78a2ce3384d1e8ab

SHA1
16178aac203ad0942afb9eefc76c187f18349169

SHA256
275b46fd16ad6dfb7a94202dd6dfb398a0fd48da9099981410690f95cc063ea4

SHA512
d4a24bf73fcf08a0c710d94d6aa460db8a1cacc99c5b655262805a65f999df808934d9f372f7de3a2ff866bc591865b71b93eacd9311a7318a3c57691c538d0c

Download Submit
\Windows\system\grgFluY.exe

Filesize
6.0MB

MD5
0862701655cb7285d1c6e86c0b4e457f

SHA1
e1afcc8b5bfaf2faa4ca21a4bebe231f7ff828d9

SHA256
a8fa013db5880a67b87c9d97eec0fdfe1c54a7d4f87dad9756495067d4a9854f

SHA512
51d44f8c4d3ae7c40d79cfa2ca6c0f7038f1a83da906e453bc417593ef16e1d8cb4b9e1cdb505af344bfa634d264873cd04f197b16840f841383a57d7055e1d4

Download Submit
\Windows\system\tYXTxOz.exe

Filesize
6.0MB

MD5
ea7691c4b9c498c8ff06fb09608e3087

SHA1
2f8a15f3c3938a4c5fa875e74052544d47d630eb

SHA256
698c132e95daf096c3277ed4511b54150904f232de410678cfaba5a1605d4554

SHA512
e0a36d07c7a485602e2ec7203e633b0a53ec2f4f98af81e17b29756a68327da67ff5dcd69b0b61dfe6ccd366a01500e177aecc43472b1b22156be415e97fe73e

Download Submit
memory/1284-1861-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1320-1795-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1320-4085-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1878-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1865-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1862-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1904-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4098-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4113-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1792-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4099-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2368-22-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1897-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2368-17-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4103-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4104-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4105-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4106-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4107-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1898-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1911-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4108-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4110-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1910-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1908-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1907-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1906-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1903-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1902-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1901-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1900-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4054-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4062-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2368-4088-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4092-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4111-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1820-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1787-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1829-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1939-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1915-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1870-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1867-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1868-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1869-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1877-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download