cobaltstrike | 50cc557c06cd77b47fab29302920f369ae99683c42a26caa79039ba260edf105

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

06883c2893318b9f9699e00953169cee
SHA1

0c45b4f2d25d52e8a2ab31f376d9a161001c0f02
SHA256

50cc557c06cd77b47fab29302920f369ae99683c42a26caa79039ba260edf105
SHA512

6a5952e1f87ff43162b428240b1a90e05cfcb8c700545ad5085f9a4e59eb6aa51640915dde3fbe651227d332647410d92b6850be2c12e420452e4cec3a8e328f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d5-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d04-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d5a-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d5-3.dat	xmrig
behavioral1/files/0x0009000000016d04-11.dat	xmrig
behavioral1/memory/2244-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1724-10-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d5a-9.dat	xmrig
behavioral1/files/0x0007000000016d71-22.dat	xmrig
behavioral1/memory/2260-20-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2776-27-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e1d-28.dat	xmrig
behavioral1/memory/2852-36-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2904-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1724-38-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2244-41-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2208-43-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000017342-44.dat	xmrig
behavioral1/files/0x0007000000016f45-40.dat	xmrig
behavioral1/memory/2596-51-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0009000000017355-52.dat	xmrig
behavioral1/memory/2260-55-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019080-56.dat	xmrig
behavioral1/memory/2612-67-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2708-63-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2776-62-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2904-61-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2904-59-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2648-71-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-79.dat	xmrig
behavioral1/files/0x00050000000195c8-99.dat	xmrig
behavioral1/files/0x00050000000195c4-74.dat	xmrig
behavioral1/files/0x00050000000195c7-111.dat	xmrig
behavioral1/files/0x0005000000019bec-148.dat	xmrig
behavioral1/files/0x0005000000019cd5-169.dat	xmrig
behavioral1/files/0x0005000000019d5c-179.dat	xmrig
behavioral1/memory/2648-502-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2800-540-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2708-309-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2904-234-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-189.dat	xmrig
behavioral1/files/0x0005000000019d69-184.dat	xmrig
behavioral1/files/0x0005000000019cfc-174.dat	xmrig
behavioral1/files/0x0005000000019c0b-164.dat	xmrig
behavioral1/files/0x0005000000019bf0-155.dat	xmrig
behavioral1/files/0x0005000000019bf2-158.dat	xmrig
behavioral1/files/0x0005000000019931-145.dat	xmrig
behavioral1/files/0x00050000000196a0-138.dat	xmrig
behavioral1/files/0x0005000000019665-134.dat	xmrig
behavioral1/files/0x00050000000195ce-122.dat	xmrig
behavioral1/files/0x00050000000195e0-120.dat	xmrig
behavioral1/files/0x0005000000019624-127.dat	xmrig
behavioral1/memory/2904-109-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2504-107-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x00050000000195cc-106.dat	xmrig
behavioral1/memory/2532-97-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ca-92.dat	xmrig
behavioral1/memory/2208-78-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d0-115.dat	xmrig
behavioral1/memory/2800-82-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-70.dat	xmrig
behavioral1/memory/1724-3591-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2244-3592-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2260-3594-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2776-3739-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2852-3742-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1724	BbWlQLx.exe
2244	eHakewN.exe
2260	OtEddiY.exe
2776	WovTlJm.exe
2852	RDyJtsX.exe
2208	mecStPd.exe
2596	LUemmUJ.exe
2708	RjDAdOo.exe
2612	ctrVQNI.exe
2648	JynBrKd.exe
2800	iFOfuzL.exe
2532	OTjLWCn.exe
2504	jeoxXkV.exe
2760	SIVvTEM.exe
2660	vvsCSrc.exe
1968	GAysPKQ.exe
2564	gOWIYzz.exe
1688	CRQsHjP.exe
1712	VwTNeDz.exe
1448	qtHrefX.exe
2316	upuMmAr.exe
1800	SaFLmhP.exe
1996	IxMlOOr.exe
1320	HLqNjLh.exe
1608	HBmVmYo.exe
1580	MuavxRp.exe
2728	IkDyhil.exe
2812	jDCddWj.exe
2360	VshCQJl.exe
2076	UCGamKV.exe
2920	ffjjmNk.exe
1504	aqnBMmw.exe
2832	QzuWQaa.exe
2700	mgIhfhb.exe
700	bsKUdgu.exe
1172	oAeuSfJ.exe
980	pzFmDGc.exe
1312	qFBfUxk.exe
1980	qXahmUG.exe
2140	aYVsAve.exe
1088	LQDrWOs.exe
1772	UdoxKYs.exe
1160	hjIUQQr.exe
2192	jngGdDT.exe
912	loAHKqf.exe
752	mFedCHZ.exe
348	iTNJbGl.exe
3052	mNByCYk.exe
3012	mVHtVSW.exe
1508	TtmCGKW.exe
3048	tinrlhR.exe
2152	ddeVliM.exe
1704	lswBDkh.exe
884	ciRjbLD.exe
2196	gFWztSE.exe
292	lfRyQPm.exe
1548	nsNqmEK.exe
1680	EHwuSFo.exe
2432	RILtloZ.exe
1672	uVKqpwY.exe
1244	UYKoWzw.exe
2068	yOhjFKF.exe
2616	ihgsDko.exe
2688	FepgdZl.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-3.dat	upx
behavioral1/files/0x0009000000016d04-11.dat	upx
behavioral1/memory/2244-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1724-10-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0008000000016d5a-9.dat	upx
behavioral1/files/0x0007000000016d71-22.dat	upx
behavioral1/memory/2260-20-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2776-27-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000016e1d-28.dat	upx
behavioral1/memory/2852-36-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2904-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1724-38-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2244-41-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2208-43-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000017342-44.dat	upx
behavioral1/files/0x0007000000016f45-40.dat	upx
behavioral1/memory/2596-51-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0009000000017355-52.dat	upx
behavioral1/memory/2260-55-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000019080-56.dat	upx
behavioral1/memory/2612-67-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2708-63-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2776-62-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2648-71-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-79.dat	upx
behavioral1/files/0x00050000000195c8-99.dat	upx
behavioral1/files/0x00050000000195c4-74.dat	upx
behavioral1/files/0x00050000000195c7-111.dat	upx
behavioral1/files/0x0005000000019bec-148.dat	upx
behavioral1/files/0x0005000000019cd5-169.dat	upx
behavioral1/files/0x0005000000019d5c-179.dat	upx
behavioral1/memory/2648-502-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2800-540-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2708-309-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-189.dat	upx
behavioral1/files/0x0005000000019d69-184.dat	upx
behavioral1/files/0x0005000000019cfc-174.dat	upx
behavioral1/files/0x0005000000019c0b-164.dat	upx
behavioral1/files/0x0005000000019bf0-155.dat	upx
behavioral1/files/0x0005000000019bf2-158.dat	upx
behavioral1/files/0x0005000000019931-145.dat	upx
behavioral1/files/0x00050000000196a0-138.dat	upx
behavioral1/files/0x0005000000019665-134.dat	upx
behavioral1/files/0x00050000000195ce-122.dat	upx
behavioral1/files/0x00050000000195e0-120.dat	upx
behavioral1/files/0x0005000000019624-127.dat	upx
behavioral1/memory/2504-107-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x00050000000195cc-106.dat	upx
behavioral1/memory/2532-97-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x00050000000195ca-92.dat	upx
behavioral1/memory/2208-78-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x00050000000195d0-115.dat	upx
behavioral1/memory/2800-82-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-70.dat	upx
behavioral1/memory/1724-3591-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2244-3592-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2260-3594-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2776-3739-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2852-3742-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2208-3763-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2596-3786-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2708-3796-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2532-3804-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uhbsTwH.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqsGZVQ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpCQpxn.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SucoyUq.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIfrsgb.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHEDnSR.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZsIpvJ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFvquNy.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nujPncs.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUehMMB.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmmevqw.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoarQzY.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwjmcqb.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEcDdrF.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSnFBrY.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsCdEst.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EABFTUK.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zShtusM.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbRqpjA.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrXixQB.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RROoyXQ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGjxLWf.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgjdhCA.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzqZdZb.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwTNeDz.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQqIZYD.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZSypfQ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOPeVtw.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TokjwKN.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFYAaDM.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPvPfve.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKWTLcD.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scKMPMT.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbzUAAW.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrCsOuB.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDGysKU.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVyhABZ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIzGDNu.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoTxjeJ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNKFiCT.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqirvbZ.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNiqdCE.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOjpRvk.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFhjgBb.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRRQsjH.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpZCfTj.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rifqmqa.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoPBVxa.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkHHbLp.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmkpQpM.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stwKInP.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFgYvfS.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqzDDFv.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqQTbmo.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrGRGDU.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjoOOoi.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFuBxBU.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRNdFqz.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQVAeHH.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLTfLdg.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFCbAyb.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrBRUZW.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDNMbqU.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRQsHjP.exe	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1724	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 1724	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 1724	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 2244	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2244	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2244	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2260	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2260	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2260	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2776	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2776	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2776	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2852	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2852	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2852	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2208	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2208	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2208	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2596	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2596	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2596	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2708	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2708	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2708	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2612	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2612	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2612	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2648	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2648	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2648	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2800	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2800	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2800	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2532	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2532	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2532	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2660	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2660	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2660	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2504	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2504	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2504	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2564	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2564	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2564	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2760	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2760	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2760	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 1688	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 1688	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 1688	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 1968	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 1968	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 1968	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 1448	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 1448	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 1448	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 1712	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 1712	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 1712	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2316	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 2316	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 2316	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 1800	2904	2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_06883c2893318b9f9699e00953169cee_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\BbWlQLx.exe
  C:\Windows\System\BbWlQLx.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\eHakewN.exe
  C:\Windows\System\eHakewN.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\OtEddiY.exe
  C:\Windows\System\OtEddiY.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\WovTlJm.exe
  C:\Windows\System\WovTlJm.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\RDyJtsX.exe
  C:\Windows\System\RDyJtsX.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\mecStPd.exe
  C:\Windows\System\mecStPd.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\LUemmUJ.exe
  C:\Windows\System\LUemmUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\RjDAdOo.exe
  C:\Windows\System\RjDAdOo.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ctrVQNI.exe
  C:\Windows\System\ctrVQNI.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JynBrKd.exe
  C:\Windows\System\JynBrKd.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\iFOfuzL.exe
  C:\Windows\System\iFOfuzL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\OTjLWCn.exe
  C:\Windows\System\OTjLWCn.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\vvsCSrc.exe
  C:\Windows\System\vvsCSrc.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\jeoxXkV.exe
  C:\Windows\System\jeoxXkV.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\gOWIYzz.exe
  C:\Windows\System\gOWIYzz.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\SIVvTEM.exe
  C:\Windows\System\SIVvTEM.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\CRQsHjP.exe
  C:\Windows\System\CRQsHjP.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\GAysPKQ.exe
  C:\Windows\System\GAysPKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\qtHrefX.exe
  C:\Windows\System\qtHrefX.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\VwTNeDz.exe
  C:\Windows\System\VwTNeDz.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\upuMmAr.exe
  C:\Windows\System\upuMmAr.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\SaFLmhP.exe
  C:\Windows\System\SaFLmhP.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\IxMlOOr.exe
  C:\Windows\System\IxMlOOr.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\HLqNjLh.exe
  C:\Windows\System\HLqNjLh.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\HBmVmYo.exe
  C:\Windows\System\HBmVmYo.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\MuavxRp.exe
  C:\Windows\System\MuavxRp.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\IkDyhil.exe
  C:\Windows\System\IkDyhil.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\jDCddWj.exe
  C:\Windows\System\jDCddWj.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\VshCQJl.exe
  C:\Windows\System\VshCQJl.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\UCGamKV.exe
  C:\Windows\System\UCGamKV.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ffjjmNk.exe
  C:\Windows\System\ffjjmNk.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\aqnBMmw.exe
  C:\Windows\System\aqnBMmw.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\QzuWQaa.exe
  C:\Windows\System\QzuWQaa.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\mgIhfhb.exe
  C:\Windows\System\mgIhfhb.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\bsKUdgu.exe
  C:\Windows\System\bsKUdgu.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\oAeuSfJ.exe
  C:\Windows\System\oAeuSfJ.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\pzFmDGc.exe
  C:\Windows\System\pzFmDGc.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\qFBfUxk.exe
  C:\Windows\System\qFBfUxk.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\qXahmUG.exe
  C:\Windows\System\qXahmUG.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\aYVsAve.exe
  C:\Windows\System\aYVsAve.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\LQDrWOs.exe
  C:\Windows\System\LQDrWOs.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\UdoxKYs.exe
  C:\Windows\System\UdoxKYs.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\hjIUQQr.exe
  C:\Windows\System\hjIUQQr.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\jngGdDT.exe
  C:\Windows\System\jngGdDT.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\loAHKqf.exe
  C:\Windows\System\loAHKqf.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\mFedCHZ.exe
  C:\Windows\System\mFedCHZ.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\iTNJbGl.exe
  C:\Windows\System\iTNJbGl.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\mNByCYk.exe
  C:\Windows\System\mNByCYk.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mVHtVSW.exe
  C:\Windows\System\mVHtVSW.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\TtmCGKW.exe
  C:\Windows\System\TtmCGKW.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\tinrlhR.exe
  C:\Windows\System\tinrlhR.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ddeVliM.exe
  C:\Windows\System\ddeVliM.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\lswBDkh.exe
  C:\Windows\System\lswBDkh.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ciRjbLD.exe
  C:\Windows\System\ciRjbLD.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\gFWztSE.exe
  C:\Windows\System\gFWztSE.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\lfRyQPm.exe
  C:\Windows\System\lfRyQPm.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\nsNqmEK.exe
  C:\Windows\System\nsNqmEK.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\EHwuSFo.exe
  C:\Windows\System\EHwuSFo.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\RILtloZ.exe
  C:\Windows\System\RILtloZ.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\uVKqpwY.exe
  C:\Windows\System\uVKqpwY.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\UYKoWzw.exe
  C:\Windows\System\UYKoWzw.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\yOhjFKF.exe
  C:\Windows\System\yOhjFKF.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ihgsDko.exe
  C:\Windows\System\ihgsDko.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\FepgdZl.exe
  C:\Windows\System\FepgdZl.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\fAJgECr.exe
  C:\Windows\System\fAJgECr.exe
  2⤵
  PID:2644
- C:\Windows\System\uuuhZia.exe
  C:\Windows\System\uuuhZia.exe
  2⤵
  PID:2808
- C:\Windows\System\nwLdOBv.exe
  C:\Windows\System\nwLdOBv.exe
  2⤵
  PID:2520
- C:\Windows\System\BsoWLGX.exe
  C:\Windows\System\BsoWLGX.exe
  2⤵
  PID:1056
- C:\Windows\System\YHOpgGU.exe
  C:\Windows\System\YHOpgGU.exe
  2⤵
  PID:2744
- C:\Windows\System\vmRTMcT.exe
  C:\Windows\System\vmRTMcT.exe
  2⤵
  PID:1272
- C:\Windows\System\EmtSozC.exe
  C:\Windows\System\EmtSozC.exe
  2⤵
  PID:808
- C:\Windows\System\YLpMqNR.exe
  C:\Windows\System\YLpMqNR.exe
  2⤵
  PID:284
- C:\Windows\System\avCOdBg.exe
  C:\Windows\System\avCOdBg.exe
  2⤵
  PID:1960
- C:\Windows\System\HSFdfrA.exe
  C:\Windows\System\HSFdfrA.exe
  2⤵
  PID:1916
- C:\Windows\System\yBhCdiB.exe
  C:\Windows\System\yBhCdiB.exe
  2⤵
  PID:1752
- C:\Windows\System\HweEySU.exe
  C:\Windows\System\HweEySU.exe
  2⤵
  PID:2040
- C:\Windows\System\DKbIDrz.exe
  C:\Windows\System\DKbIDrz.exe
  2⤵
  PID:2836
- C:\Windows\System\orwWvAp.exe
  C:\Windows\System\orwWvAp.exe
  2⤵
  PID:304
- C:\Windows\System\tAYUNkN.exe
  C:\Windows\System\tAYUNkN.exe
  2⤵
  PID:1720
- C:\Windows\System\XepEGMB.exe
  C:\Windows\System\XepEGMB.exe
  2⤵
  PID:916
- C:\Windows\System\gNbYUXF.exe
  C:\Windows\System\gNbYUXF.exe
  2⤵
  PID:264
- C:\Windows\System\HMuZkjR.exe
  C:\Windows\System\HMuZkjR.exe
  2⤵
  PID:2724
- C:\Windows\System\KoYgCcl.exe
  C:\Windows\System\KoYgCcl.exe
  2⤵
  PID:1856
- C:\Windows\System\eRKDaHi.exe
  C:\Windows\System\eRKDaHi.exe
  2⤵
  PID:1324
- C:\Windows\System\RNdKGAH.exe
  C:\Windows\System\RNdKGAH.exe
  2⤵
  PID:1764
- C:\Windows\System\TxiNLHx.exe
  C:\Windows\System\TxiNLHx.exe
  2⤵
  PID:904
- C:\Windows\System\cgnbFcF.exe
  C:\Windows\System\cgnbFcF.exe
  2⤵
  PID:640
- C:\Windows\System\TYTZaye.exe
  C:\Windows\System\TYTZaye.exe
  2⤵
  PID:2124
- C:\Windows\System\SXGVBCS.exe
  C:\Windows\System\SXGVBCS.exe
  2⤵
  PID:1644
- C:\Windows\System\HAdrkzR.exe
  C:\Windows\System\HAdrkzR.exe
  2⤵
  PID:564
- C:\Windows\System\SijESWx.exe
  C:\Windows\System\SijESWx.exe
  2⤵
  PID:3028
- C:\Windows\System\qDSoWUx.exe
  C:\Windows\System\qDSoWUx.exe
  2⤵
  PID:1740
- C:\Windows\System\KTxfvhs.exe
  C:\Windows\System\KTxfvhs.exe
  2⤵
  PID:756
- C:\Windows\System\qSnycdO.exe
  C:\Windows\System\qSnycdO.exe
  2⤵
  PID:1572
- C:\Windows\System\doIksDv.exe
  C:\Windows\System\doIksDv.exe
  2⤵
  PID:1576
- C:\Windows\System\zEFEeBx.exe
  C:\Windows\System\zEFEeBx.exe
  2⤵
  PID:1236
- C:\Windows\System\sIfWEGf.exe
  C:\Windows\System\sIfWEGf.exe
  2⤵
  PID:1284
- C:\Windows\System\qAqPAkU.exe
  C:\Windows\System\qAqPAkU.exe
  2⤵
  PID:2704
- C:\Windows\System\MlTcPNB.exe
  C:\Windows\System\MlTcPNB.exe
  2⤵
  PID:2748
- C:\Windows\System\JPplzAY.exe
  C:\Windows\System\JPplzAY.exe
  2⤵
  PID:2456
- C:\Windows\System\NlKxlLr.exe
  C:\Windows\System\NlKxlLr.exe
  2⤵
  PID:2264
- C:\Windows\System\itfPEXV.exe
  C:\Windows\System\itfPEXV.exe
  2⤵
  PID:2500
- C:\Windows\System\VPsThlo.exe
  C:\Windows\System\VPsThlo.exe
  2⤵
  PID:1300
- C:\Windows\System\xpZBHba.exe
  C:\Windows\System\xpZBHba.exe
  2⤵
  PID:1972
- C:\Windows\System\OMqCBoF.exe
  C:\Windows\System\OMqCBoF.exe
  2⤵
  PID:2144
- C:\Windows\System\LnTtypY.exe
  C:\Windows\System\LnTtypY.exe
  2⤵
  PID:2096
- C:\Windows\System\nKctySi.exe
  C:\Windows\System\nKctySi.exe
  2⤵
  PID:1152
- C:\Windows\System\FaDZLpg.exe
  C:\Windows\System\FaDZLpg.exe
  2⤵
  PID:2304
- C:\Windows\System\qvGKpbp.exe
  C:\Windows\System\qvGKpbp.exe
  2⤵
  PID:1308
- C:\Windows\System\gPSNQaB.exe
  C:\Windows\System\gPSNQaB.exe
  2⤵
  PID:956
- C:\Windows\System\xxLuQQm.exe
  C:\Windows\System\xxLuQQm.exe
  2⤵
  PID:612
- C:\Windows\System\kRNybrX.exe
  C:\Windows\System\kRNybrX.exe
  2⤵
  PID:1128
- C:\Windows\System\nRnBuSG.exe
  C:\Windows\System\nRnBuSG.exe
  2⤵
  PID:1956
- C:\Windows\System\AaUEURb.exe
  C:\Windows\System\AaUEURb.exe
  2⤵
  PID:1616
- C:\Windows\System\tZKJVYb.exe
  C:\Windows\System\tZKJVYb.exe
  2⤵
  PID:2212
- C:\Windows\System\RZbzsyV.exe
  C:\Windows\System\RZbzsyV.exe
  2⤵
  PID:2324
- C:\Windows\System\OXDjiwn.exe
  C:\Windows\System\OXDjiwn.exe
  2⤵
  PID:2340
- C:\Windows\System\otLtomA.exe
  C:\Windows\System\otLtomA.exe
  2⤵
  PID:2404
- C:\Windows\System\MtosfuT.exe
  C:\Windows\System\MtosfuT.exe
  2⤵
  PID:2256
- C:\Windows\System\udFKYbG.exe
  C:\Windows\System\udFKYbG.exe
  2⤵
  PID:2568
- C:\Windows\System\fTETwYw.exe
  C:\Windows\System\fTETwYw.exe
  2⤵
  PID:1920
- C:\Windows\System\pAkqQyB.exe
  C:\Windows\System\pAkqQyB.exe
  2⤵
  PID:1708
- C:\Windows\System\VxETdfW.exe
  C:\Windows\System\VxETdfW.exe
  2⤵
  PID:2112
- C:\Windows\System\hbaXExn.exe
  C:\Windows\System\hbaXExn.exe
  2⤵
  PID:1512
- C:\Windows\System\iIsjOoi.exe
  C:\Windows\System\iIsjOoi.exe
  2⤵
  PID:1912
- C:\Windows\System\ZPqddrG.exe
  C:\Windows\System\ZPqddrG.exe
  2⤵
  PID:844
- C:\Windows\System\qVKVhjN.exe
  C:\Windows\System\qVKVhjN.exe
  2⤵
  PID:3064
- C:\Windows\System\fWsabTH.exe
  C:\Windows\System\fWsabTH.exe
  2⤵
  PID:532
- C:\Windows\System\xdXbcaB.exe
  C:\Windows\System\xdXbcaB.exe
  2⤵
  PID:2092
- C:\Windows\System\iOajSut.exe
  C:\Windows\System\iOajSut.exe
  2⤵
  PID:2236
- C:\Windows\System\EhHuwgW.exe
  C:\Windows\System\EhHuwgW.exe
  2⤵
  PID:2376
- C:\Windows\System\pzRtXfE.exe
  C:\Windows\System\pzRtXfE.exe
  2⤵
  PID:2284
- C:\Windows\System\uTbqBTI.exe
  C:\Windows\System\uTbqBTI.exe
  2⤵
  PID:2056
- C:\Windows\System\BGloXSO.exe
  C:\Windows\System\BGloXSO.exe
  2⤵
  PID:1048
- C:\Windows\System\ckiTBfA.exe
  C:\Windows\System\ckiTBfA.exe
  2⤵
  PID:2892
- C:\Windows\System\wUGyqzQ.exe
  C:\Windows\System\wUGyqzQ.exe
  2⤵
  PID:1952
- C:\Windows\System\OwZsrBR.exe
  C:\Windows\System\OwZsrBR.exe
  2⤵
  PID:2772
- C:\Windows\System\sCcsKrQ.exe
  C:\Windows\System\sCcsKrQ.exe
  2⤵
  PID:2364
- C:\Windows\System\mKNiOcS.exe
  C:\Windows\System\mKNiOcS.exe
  2⤵
  PID:2232
- C:\Windows\System\BwpBycW.exe
  C:\Windows\System\BwpBycW.exe
  2⤵
  PID:880
- C:\Windows\System\EdIrWiA.exe
  C:\Windows\System\EdIrWiA.exe
  2⤵
  PID:2120
- C:\Windows\System\XeLJWua.exe
  C:\Windows\System\XeLJWua.exe
  2⤵
  PID:2104
- C:\Windows\System\nxEpFmo.exe
  C:\Windows\System\nxEpFmo.exe
  2⤵
  PID:1648
- C:\Windows\System\vdFrSHJ.exe
  C:\Windows\System\vdFrSHJ.exe
  2⤵
  PID:3088
- C:\Windows\System\foQVGcg.exe
  C:\Windows\System\foQVGcg.exe
  2⤵
  PID:3108
- C:\Windows\System\zijfqEC.exe
  C:\Windows\System\zijfqEC.exe
  2⤵
  PID:3128
- C:\Windows\System\mkqPDxy.exe
  C:\Windows\System\mkqPDxy.exe
  2⤵
  PID:3148
- C:\Windows\System\AlktNzm.exe
  C:\Windows\System\AlktNzm.exe
  2⤵
  PID:3200
- C:\Windows\System\fyBGgUH.exe
  C:\Windows\System\fyBGgUH.exe
  2⤵
  PID:3216
- C:\Windows\System\eftnzex.exe
  C:\Windows\System\eftnzex.exe
  2⤵
  PID:3236
- C:\Windows\System\BFlplCE.exe
  C:\Windows\System\BFlplCE.exe
  2⤵
  PID:3252
- C:\Windows\System\wrNCXMG.exe
  C:\Windows\System\wrNCXMG.exe
  2⤵
  PID:3280
- C:\Windows\System\zAhtdxA.exe
  C:\Windows\System\zAhtdxA.exe
  2⤵
  PID:3296
- C:\Windows\System\uDJGNww.exe
  C:\Windows\System\uDJGNww.exe
  2⤵
  PID:3312
- C:\Windows\System\gpEORYM.exe
  C:\Windows\System\gpEORYM.exe
  2⤵
  PID:3336
- C:\Windows\System\GLVygAM.exe
  C:\Windows\System\GLVygAM.exe
  2⤵
  PID:3360
- C:\Windows\System\nwNPfwy.exe
  C:\Windows\System\nwNPfwy.exe
  2⤵
  PID:3380
- C:\Windows\System\yhjydNN.exe
  C:\Windows\System\yhjydNN.exe
  2⤵
  PID:3400
- C:\Windows\System\ALvmCrO.exe
  C:\Windows\System\ALvmCrO.exe
  2⤵
  PID:3420
- C:\Windows\System\fMkenPw.exe
  C:\Windows\System\fMkenPw.exe
  2⤵
  PID:3436
- C:\Windows\System\yASJUar.exe
  C:\Windows\System\yASJUar.exe
  2⤵
  PID:3464
- C:\Windows\System\KJZjFDn.exe
  C:\Windows\System\KJZjFDn.exe
  2⤵
  PID:3484
- C:\Windows\System\RGdvpyS.exe
  C:\Windows\System\RGdvpyS.exe
  2⤵
  PID:3504
- C:\Windows\System\UaTEYyP.exe
  C:\Windows\System\UaTEYyP.exe
  2⤵
  PID:3520
- C:\Windows\System\yFPVxQw.exe
  C:\Windows\System\yFPVxQw.exe
  2⤵
  PID:3536
- C:\Windows\System\AwoEPtf.exe
  C:\Windows\System\AwoEPtf.exe
  2⤵
  PID:3556
- C:\Windows\System\amVJEwW.exe
  C:\Windows\System\amVJEwW.exe
  2⤵
  PID:3580
- C:\Windows\System\QqtEnLA.exe
  C:\Windows\System\QqtEnLA.exe
  2⤵
  PID:3600
- C:\Windows\System\OfnaVTy.exe
  C:\Windows\System\OfnaVTy.exe
  2⤵
  PID:3624
- C:\Windows\System\FfiiHxK.exe
  C:\Windows\System\FfiiHxK.exe
  2⤵
  PID:3644
- C:\Windows\System\xhQRhEM.exe
  C:\Windows\System\xhQRhEM.exe
  2⤵
  PID:3660
- C:\Windows\System\sTgQElG.exe
  C:\Windows\System\sTgQElG.exe
  2⤵
  PID:3676
- C:\Windows\System\ePYLhIy.exe
  C:\Windows\System\ePYLhIy.exe
  2⤵
  PID:3700
- C:\Windows\System\rAsphaf.exe
  C:\Windows\System\rAsphaf.exe
  2⤵
  PID:3716
- C:\Windows\System\vhFCtzL.exe
  C:\Windows\System\vhFCtzL.exe
  2⤵
  PID:3732
- C:\Windows\System\SPtImCs.exe
  C:\Windows\System\SPtImCs.exe
  2⤵
  PID:3748
- C:\Windows\System\lPSOzQn.exe
  C:\Windows\System\lPSOzQn.exe
  2⤵
  PID:3764
- C:\Windows\System\QMCrDfS.exe
  C:\Windows\System\QMCrDfS.exe
  2⤵
  PID:3780
- C:\Windows\System\RSXBDqP.exe
  C:\Windows\System\RSXBDqP.exe
  2⤵
  PID:3796
- C:\Windows\System\yZSFwLH.exe
  C:\Windows\System\yZSFwLH.exe
  2⤵
  PID:3812
- C:\Windows\System\yWMWiQM.exe
  C:\Windows\System\yWMWiQM.exe
  2⤵
  PID:3836
- C:\Windows\System\KyvHkmu.exe
  C:\Windows\System\KyvHkmu.exe
  2⤵
  PID:3876
- C:\Windows\System\qACAoTy.exe
  C:\Windows\System\qACAoTy.exe
  2⤵
  PID:3896
- C:\Windows\System\aVdVdTi.exe
  C:\Windows\System\aVdVdTi.exe
  2⤵
  PID:3916
- C:\Windows\System\ROvVVtL.exe
  C:\Windows\System\ROvVVtL.exe
  2⤵
  PID:3944
- C:\Windows\System\NGBgMnt.exe
  C:\Windows\System\NGBgMnt.exe
  2⤵
  PID:3960
- C:\Windows\System\hudLLRi.exe
  C:\Windows\System\hudLLRi.exe
  2⤵
  PID:3976
- C:\Windows\System\aMMDwXm.exe
  C:\Windows\System\aMMDwXm.exe
  2⤵
  PID:3992
- C:\Windows\System\nujPncs.exe
  C:\Windows\System\nujPncs.exe
  2⤵
  PID:4012
- C:\Windows\System\uQpnodJ.exe
  C:\Windows\System\uQpnodJ.exe
  2⤵
  PID:4044
- C:\Windows\System\wAbbKwC.exe
  C:\Windows\System\wAbbKwC.exe
  2⤵
  PID:4060
- C:\Windows\System\FkHvCJs.exe
  C:\Windows\System\FkHvCJs.exe
  2⤵
  PID:4076
- C:\Windows\System\mwbbUjA.exe
  C:\Windows\System\mwbbUjA.exe
  2⤵
  PID:4092
- C:\Windows\System\RozQZeg.exe
  C:\Windows\System\RozQZeg.exe
  2⤵
  PID:2524
- C:\Windows\System\NrDCzim.exe
  C:\Windows\System\NrDCzim.exe
  2⤵
  PID:2428
- C:\Windows\System\XWfEEVO.exe
  C:\Windows\System\XWfEEVO.exe
  2⤵
  PID:2592
- C:\Windows\System\xJFGwnS.exe
  C:\Windows\System\xJFGwnS.exe
  2⤵
  PID:1104
- C:\Windows\System\eMfVOVa.exe
  C:\Windows\System\eMfVOVa.exe
  2⤵
  PID:2248
- C:\Windows\System\RtOrWkj.exe
  C:\Windows\System\RtOrWkj.exe
  2⤵
  PID:1144
- C:\Windows\System\zzpmqEO.exe
  C:\Windows\System\zzpmqEO.exe
  2⤵
  PID:3116
- C:\Windows\System\nZCagXT.exe
  C:\Windows\System\nZCagXT.exe
  2⤵
  PID:2580
- C:\Windows\System\YgccKWE.exe
  C:\Windows\System\YgccKWE.exe
  2⤵
  PID:2816
- C:\Windows\System\yAmpgNh.exe
  C:\Windows\System\yAmpgNh.exe
  2⤵
  PID:2496
- C:\Windows\System\NnGZBmc.exe
  C:\Windows\System\NnGZBmc.exe
  2⤵
  PID:2948
- C:\Windows\System\YCUVvAc.exe
  C:\Windows\System\YCUVvAc.exe
  2⤵
  PID:2676
- C:\Windows\System\jRBrVsY.exe
  C:\Windows\System\jRBrVsY.exe
  2⤵
  PID:3208
- C:\Windows\System\nlKKWWj.exe
  C:\Windows\System\nlKKWWj.exe
  2⤵
  PID:3224
- C:\Windows\System\vqOBwNH.exe
  C:\Windows\System\vqOBwNH.exe
  2⤵
  PID:3032
- C:\Windows\System\weEZqvX.exe
  C:\Windows\System\weEZqvX.exe
  2⤵
  PID:3332
- C:\Windows\System\jhYsCvF.exe
  C:\Windows\System\jhYsCvF.exe
  2⤵
  PID:2752
- C:\Windows\System\SucoyUq.exe
  C:\Windows\System\SucoyUq.exe
  2⤵
  PID:3308
- C:\Windows\System\xIEfMxi.exe
  C:\Windows\System\xIEfMxi.exe
  2⤵
  PID:3448
- C:\Windows\System\uImVnPB.exe
  C:\Windows\System\uImVnPB.exe
  2⤵
  PID:3352
- C:\Windows\System\HhvJiLs.exe
  C:\Windows\System\HhvJiLs.exe
  2⤵
  PID:3348
- C:\Windows\System\PaCsQeE.exe
  C:\Windows\System\PaCsQeE.exe
  2⤵
  PID:3500
- C:\Windows\System\oyIOtNx.exe
  C:\Windows\System\oyIOtNx.exe
  2⤵
  PID:2540
- C:\Windows\System\aBqRkpT.exe
  C:\Windows\System\aBqRkpT.exe
  2⤵
  PID:3512
- C:\Windows\System\obiXDgR.exe
  C:\Windows\System\obiXDgR.exe
  2⤵
  PID:3544
- C:\Windows\System\qlChuCV.exe
  C:\Windows\System\qlChuCV.exe
  2⤵
  PID:3620
- C:\Windows\System\DpjhNUU.exe
  C:\Windows\System\DpjhNUU.exe
  2⤵
  PID:812
- C:\Windows\System\QWmgxab.exe
  C:\Windows\System\QWmgxab.exe
  2⤵
  PID:2412
- C:\Windows\System\gklnKWX.exe
  C:\Windows\System\gklnKWX.exe
  2⤵
  PID:3684
- C:\Windows\System\UmNAvUe.exe
  C:\Windows\System\UmNAvUe.exe
  2⤵
  PID:3724
- C:\Windows\System\aQESVNG.exe
  C:\Windows\System\aQESVNG.exe
  2⤵
  PID:3788
- C:\Windows\System\xKLtcIV.exe
  C:\Windows\System\xKLtcIV.exe
  2⤵
  PID:3828
- C:\Windows\System\ZLYdpIo.exe
  C:\Windows\System\ZLYdpIo.exe
  2⤵
  PID:3804
- C:\Windows\System\GxkEyRW.exe
  C:\Windows\System\GxkEyRW.exe
  2⤵
  PID:3744
- C:\Windows\System\RYPbkNw.exe
  C:\Windows\System\RYPbkNw.exe
  2⤵
  PID:3872
- C:\Windows\System\ONNQnbI.exe
  C:\Windows\System\ONNQnbI.exe
  2⤵
  PID:3940
- C:\Windows\System\vCYlxxl.exe
  C:\Windows\System\vCYlxxl.exe
  2⤵
  PID:2044
- C:\Windows\System\IEAkvAZ.exe
  C:\Windows\System\IEAkvAZ.exe
  2⤵
  PID:3952
- C:\Windows\System\DlGRkCd.exe
  C:\Windows\System\DlGRkCd.exe
  2⤵
  PID:3956
- C:\Windows\System\ghriLfA.exe
  C:\Windows\System\ghriLfA.exe
  2⤵
  PID:4032
- C:\Windows\System\gPWOGEW.exe
  C:\Windows\System\gPWOGEW.exe
  2⤵
  PID:4056
- C:\Windows\System\WGtfnsJ.exe
  C:\Windows\System\WGtfnsJ.exe
  2⤵
  PID:2448
- C:\Windows\System\RfYWZCx.exe
  C:\Windows\System\RfYWZCx.exe
  2⤵
  PID:3156
- C:\Windows\System\NQgmWAp.exe
  C:\Windows\System\NQgmWAp.exe
  2⤵
  PID:4068
- C:\Windows\System\ksBFSwV.exe
  C:\Windows\System\ksBFSwV.exe
  2⤵
  PID:3104
- C:\Windows\System\uRwXNXF.exe
  C:\Windows\System\uRwXNXF.exe
  2⤵
  PID:3080
- C:\Windows\System\wOqUroM.exe
  C:\Windows\System\wOqUroM.exe
  2⤵
  PID:4072
- C:\Windows\System\ExbLzHk.exe
  C:\Windows\System\ExbLzHk.exe
  2⤵
  PID:1844
- C:\Windows\System\EUehMMB.exe
  C:\Windows\System\EUehMMB.exe
  2⤵
  PID:1716
- C:\Windows\System\pUrQbbu.exe
  C:\Windows\System\pUrQbbu.exe
  2⤵
  PID:3188
- C:\Windows\System\VjEjftS.exe
  C:\Windows\System\VjEjftS.exe
  2⤵
  PID:3196
- C:\Windows\System\KTBrgur.exe
  C:\Windows\System\KTBrgur.exe
  2⤵
  PID:3324
- C:\Windows\System\eDDdPfc.exe
  C:\Windows\System\eDDdPfc.exe
  2⤵
  PID:3344
- C:\Windows\System\BuaBlRi.exe
  C:\Windows\System\BuaBlRi.exe
  2⤵
  PID:3376
- C:\Windows\System\dxWSUZn.exe
  C:\Windows\System\dxWSUZn.exe
  2⤵
  PID:2512
- C:\Windows\System\JUErVTK.exe
  C:\Windows\System\JUErVTK.exe
  2⤵
  PID:3532
- C:\Windows\System\SoiMJbD.exe
  C:\Windows\System\SoiMJbD.exe
  2⤵
  PID:1356
- C:\Windows\System\UJnWHjg.exe
  C:\Windows\System\UJnWHjg.exe
  2⤵
  PID:2952
- C:\Windows\System\VdBcyTK.exe
  C:\Windows\System\VdBcyTK.exe
  2⤵
  PID:3696
- C:\Windows\System\gciqGwQ.exe
  C:\Windows\System\gciqGwQ.exe
  2⤵
  PID:3712
- C:\Windows\System\IErtCRQ.exe
  C:\Windows\System\IErtCRQ.exe
  2⤵
  PID:3672
- C:\Windows\System\MGLlTNI.exe
  C:\Windows\System\MGLlTNI.exe
  2⤵
  PID:3656
- C:\Windows\System\qMAurGP.exe
  C:\Windows\System\qMAurGP.exe
  2⤵
  PID:3516
- C:\Windows\System\YfuLIdM.exe
  C:\Windows\System\YfuLIdM.exe
  2⤵
  PID:3844
- C:\Windows\System\YLggFRh.exe
  C:\Windows\System\YLggFRh.exe
  2⤵
  PID:3932
- C:\Windows\System\SPwMUfC.exe
  C:\Windows\System\SPwMUfC.exe
  2⤵
  PID:1692
- C:\Windows\System\mvlLYpN.exe
  C:\Windows\System\mvlLYpN.exe
  2⤵
  PID:3912
- C:\Windows\System\uIfkZiP.exe
  C:\Windows\System\uIfkZiP.exe
  2⤵
  PID:4008
- C:\Windows\System\MecaQmD.exe
  C:\Windows\System\MecaQmD.exe
  2⤵
  PID:1184
- C:\Windows\System\sJpEDTW.exe
  C:\Windows\System\sJpEDTW.exe
  2⤵
  PID:3140
- C:\Windows\System\eicRxMe.exe
  C:\Windows\System\eicRxMe.exe
  2⤵
  PID:2628
- C:\Windows\System\qNpcYtS.exe
  C:\Windows\System\qNpcYtS.exe
  2⤵
  PID:4036
- C:\Windows\System\EbozQtS.exe
  C:\Windows\System\EbozQtS.exe
  2⤵
  PID:2968
- C:\Windows\System\pnTaAZT.exe
  C:\Windows\System\pnTaAZT.exe
  2⤵
  PID:2372
- C:\Windows\System\bhlmHGX.exe
  C:\Windows\System\bhlmHGX.exe
  2⤵
  PID:3160
- C:\Windows\System\vbiRuSC.exe
  C:\Windows\System\vbiRuSC.exe
  2⤵
  PID:3372
- C:\Windows\System\JKZRMMC.exe
  C:\Windows\System\JKZRMMC.exe
  2⤵
  PID:3480
- C:\Windows\System\RwvXGvz.exe
  C:\Windows\System\RwvXGvz.exe
  2⤵
  PID:1408
- C:\Windows\System\mDHwrzE.exe
  C:\Windows\System\mDHwrzE.exe
  2⤵
  PID:3392
- C:\Windows\System\eETqnWP.exe
  C:\Windows\System\eETqnWP.exe
  2⤵
  PID:1932
- C:\Windows\System\fxpKAii.exe
  C:\Windows\System\fxpKAii.exe
  2⤵
  PID:3856
- C:\Windows\System\eMTgPfU.exe
  C:\Windows\System\eMTgPfU.exe
  2⤵
  PID:1948
- C:\Windows\System\iWYFngT.exe
  C:\Windows\System\iWYFngT.exe
  2⤵
  PID:3776
- C:\Windows\System\vHvdMlG.exe
  C:\Windows\System\vHvdMlG.exe
  2⤵
  PID:3852
- C:\Windows\System\mBXjOlF.exe
  C:\Windows\System\mBXjOlF.exe
  2⤵
  PID:2804
- C:\Windows\System\EKFLquZ.exe
  C:\Windows\System\EKFLquZ.exe
  2⤵
  PID:2204
- C:\Windows\System\THXAZZG.exe
  C:\Windows\System\THXAZZG.exe
  2⤵
  PID:3144
- C:\Windows\System\mISVumj.exe
  C:\Windows\System\mISVumj.exe
  2⤵
  PID:2936
- C:\Windows\System\Kdkyjvg.exe
  C:\Windows\System\Kdkyjvg.exe
  2⤵
  PID:2452
- C:\Windows\System\rWleFvg.exe
  C:\Windows\System\rWleFvg.exe
  2⤵
  PID:2604
- C:\Windows\System\fLDYVWE.exe
  C:\Windows\System\fLDYVWE.exe
  2⤵
  PID:2148
- C:\Windows\System\pJMkdfG.exe
  C:\Windows\System\pJMkdfG.exe
  2⤵
  PID:3320
- C:\Windows\System\vlaXqwX.exe
  C:\Windows\System\vlaXqwX.exe
  2⤵
  PID:3292
- C:\Windows\System\uwGqMea.exe
  C:\Windows\System\uwGqMea.exe
  2⤵
  PID:3460
- C:\Windows\System\SGBQxRj.exe
  C:\Windows\System\SGBQxRj.exe
  2⤵
  PID:3756
- C:\Windows\System\KJEFbTL.exe
  C:\Windows\System\KJEFbTL.exe
  2⤵
  PID:2624
- C:\Windows\System\keUJiAR.exe
  C:\Windows\System\keUJiAR.exe
  2⤵
  PID:676
- C:\Windows\System\GRrWEkZ.exe
  C:\Windows\System\GRrWEkZ.exe
  2⤵
  PID:3288
- C:\Windows\System\DQKiHxd.exe
  C:\Windows\System\DQKiHxd.exe
  2⤵
  PID:3576
- C:\Windows\System\eGfSeaS.exe
  C:\Windows\System\eGfSeaS.exe
  2⤵
  PID:4052
- C:\Windows\System\InyerqQ.exe
  C:\Windows\System\InyerqQ.exe
  2⤵
  PID:2956
- C:\Windows\System\XuOvWhp.exe
  C:\Windows\System\XuOvWhp.exe
  2⤵
  PID:3632
- C:\Windows\System\WdjprAJ.exe
  C:\Windows\System\WdjprAJ.exe
  2⤵
  PID:3860
- C:\Windows\System\cLeaeVj.exe
  C:\Windows\System\cLeaeVj.exe
  2⤵
  PID:3824
- C:\Windows\System\SBvnmCW.exe
  C:\Windows\System\SBvnmCW.exe
  2⤵
  PID:4004
- C:\Windows\System\vXfiqIo.exe
  C:\Windows\System\vXfiqIo.exe
  2⤵
  PID:4112
- C:\Windows\System\UXnhNss.exe
  C:\Windows\System\UXnhNss.exe
  2⤵
  PID:4128
- C:\Windows\System\BXfrpqL.exe
  C:\Windows\System\BXfrpqL.exe
  2⤵
  PID:4156
- C:\Windows\System\fXBymGX.exe
  C:\Windows\System\fXBymGX.exe
  2⤵
  PID:4180
- C:\Windows\System\GrXckJb.exe
  C:\Windows\System\GrXckJb.exe
  2⤵
  PID:4196
- C:\Windows\System\FaITNxO.exe
  C:\Windows\System\FaITNxO.exe
  2⤵
  PID:4212
- C:\Windows\System\tuvLYXC.exe
  C:\Windows\System\tuvLYXC.exe
  2⤵
  PID:4228
- C:\Windows\System\sIaMuUG.exe
  C:\Windows\System\sIaMuUG.exe
  2⤵
  PID:4264
- C:\Windows\System\ErFIVQr.exe
  C:\Windows\System\ErFIVQr.exe
  2⤵
  PID:4304
- C:\Windows\System\ZxoZONh.exe
  C:\Windows\System\ZxoZONh.exe
  2⤵
  PID:4328
- C:\Windows\System\ysmPcct.exe
  C:\Windows\System\ysmPcct.exe
  2⤵
  PID:4344
- C:\Windows\System\rbgDCRn.exe
  C:\Windows\System\rbgDCRn.exe
  2⤵
  PID:4360
- C:\Windows\System\OwolNFz.exe
  C:\Windows\System\OwolNFz.exe
  2⤵
  PID:4376
- C:\Windows\System\dSnFBrY.exe
  C:\Windows\System\dSnFBrY.exe
  2⤵
  PID:4392
- C:\Windows\System\CtnZyTC.exe
  C:\Windows\System\CtnZyTC.exe
  2⤵
  PID:4408
- C:\Windows\System\iskKklM.exe
  C:\Windows\System\iskKklM.exe
  2⤵
  PID:4424
- C:\Windows\System\jJKqQHB.exe
  C:\Windows\System\jJKqQHB.exe
  2⤵
  PID:4460
- C:\Windows\System\RIEFtnC.exe
  C:\Windows\System\RIEFtnC.exe
  2⤵
  PID:4492
- C:\Windows\System\wUCiXvq.exe
  C:\Windows\System\wUCiXvq.exe
  2⤵
  PID:4508
- C:\Windows\System\prnodiw.exe
  C:\Windows\System\prnodiw.exe
  2⤵
  PID:4532
- C:\Windows\System\VExbgIr.exe
  C:\Windows\System\VExbgIr.exe
  2⤵
  PID:4548
- C:\Windows\System\oooHmKp.exe
  C:\Windows\System\oooHmKp.exe
  2⤵
  PID:4564
- C:\Windows\System\bsgbzpo.exe
  C:\Windows\System\bsgbzpo.exe
  2⤵
  PID:4580
- C:\Windows\System\LqWhTbk.exe
  C:\Windows\System\LqWhTbk.exe
  2⤵
  PID:4596
- C:\Windows\System\CXqkXXo.exe
  C:\Windows\System\CXqkXXo.exe
  2⤵
  PID:4632
- C:\Windows\System\XMZCjKk.exe
  C:\Windows\System\XMZCjKk.exe
  2⤵
  PID:4648
- C:\Windows\System\scKMPMT.exe
  C:\Windows\System\scKMPMT.exe
  2⤵
  PID:4664
- C:\Windows\System\rOzTKfI.exe
  C:\Windows\System\rOzTKfI.exe
  2⤵
  PID:4688
- C:\Windows\System\tsaozSm.exe
  C:\Windows\System\tsaozSm.exe
  2⤵
  PID:4704
- C:\Windows\System\oDrpFwB.exe
  C:\Windows\System\oDrpFwB.exe
  2⤵
  PID:4724
- C:\Windows\System\HnXCsJF.exe
  C:\Windows\System\HnXCsJF.exe
  2⤵
  PID:4744
- C:\Windows\System\AENYHHa.exe
  C:\Windows\System\AENYHHa.exe
  2⤵
  PID:4764
- C:\Windows\System\oXhteZI.exe
  C:\Windows\System\oXhteZI.exe
  2⤵
  PID:4788
- C:\Windows\System\naLDeiP.exe
  C:\Windows\System\naLDeiP.exe
  2⤵
  PID:4804
- C:\Windows\System\WuMfCuU.exe
  C:\Windows\System\WuMfCuU.exe
  2⤵
  PID:4824
- C:\Windows\System\pXJryZl.exe
  C:\Windows\System\pXJryZl.exe
  2⤵
  PID:4844
- C:\Windows\System\hGrYNVU.exe
  C:\Windows\System\hGrYNVU.exe
  2⤵
  PID:4860
- C:\Windows\System\RuFxAfU.exe
  C:\Windows\System\RuFxAfU.exe
  2⤵
  PID:4876
- C:\Windows\System\WgQLCDb.exe
  C:\Windows\System\WgQLCDb.exe
  2⤵
  PID:4896
- C:\Windows\System\febvvYX.exe
  C:\Windows\System\febvvYX.exe
  2⤵
  PID:4912
- C:\Windows\System\RwTxJpR.exe
  C:\Windows\System\RwTxJpR.exe
  2⤵
  PID:4928
- C:\Windows\System\mQhIqIw.exe
  C:\Windows\System\mQhIqIw.exe
  2⤵
  PID:4960
- C:\Windows\System\ZrhsaSl.exe
  C:\Windows\System\ZrhsaSl.exe
  2⤵
  PID:4976
- C:\Windows\System\aUaZpnq.exe
  C:\Windows\System\aUaZpnq.exe
  2⤵
  PID:5008
- C:\Windows\System\WQvxRMO.exe
  C:\Windows\System\WQvxRMO.exe
  2⤵
  PID:5032
- C:\Windows\System\StvUCIN.exe
  C:\Windows\System\StvUCIN.exe
  2⤵
  PID:5048
- C:\Windows\System\MfdRswX.exe
  C:\Windows\System\MfdRswX.exe
  2⤵
  PID:5064
- C:\Windows\System\YbGQNmH.exe
  C:\Windows\System\YbGQNmH.exe
  2⤵
  PID:5080
- C:\Windows\System\DBUSxvv.exe
  C:\Windows\System\DBUSxvv.exe
  2⤵
  PID:5096
- C:\Windows\System\vIqvJxp.exe
  C:\Windows\System\vIqvJxp.exe
  2⤵
  PID:5112
- C:\Windows\System\JFatvLY.exe
  C:\Windows\System\JFatvLY.exe
  2⤵
  PID:2216
- C:\Windows\System\IGOfajT.exe
  C:\Windows\System\IGOfajT.exe
  2⤵
  PID:1804
- C:\Windows\System\yRiIYBr.exe
  C:\Windows\System\yRiIYBr.exe
  2⤵
  PID:4108
- C:\Windows\System\AlqIyMe.exe
  C:\Windows\System\AlqIyMe.exe
  2⤵
  PID:4152
- C:\Windows\System\YGCVePh.exe
  C:\Windows\System\YGCVePh.exe
  2⤵
  PID:4220
- C:\Windows\System\WPEvMAD.exe
  C:\Windows\System\WPEvMAD.exe
  2⤵
  PID:4176
- C:\Windows\System\iBnDrVn.exe
  C:\Windows\System\iBnDrVn.exe
  2⤵
  PID:2796
- C:\Windows\System\XgzCjjD.exe
  C:\Windows\System\XgzCjjD.exe
  2⤵
  PID:3572
- C:\Windows\System\RNyJDgv.exe
  C:\Windows\System\RNyJDgv.exe
  2⤵
  PID:4240
- C:\Windows\System\afDMFEz.exe
  C:\Windows\System\afDMFEz.exe
  2⤵
  PID:4296
- C:\Windows\System\ALnJIPN.exe
  C:\Windows\System\ALnJIPN.exe
  2⤵
  PID:4320
- C:\Windows\System\gbtOgtD.exe
  C:\Windows\System\gbtOgtD.exe
  2⤵
  PID:4384
- C:\Windows\System\ujcaQHf.exe
  C:\Windows\System\ujcaQHf.exe
  2⤵
  PID:4436
- C:\Windows\System\jYkHVXM.exe
  C:\Windows\System\jYkHVXM.exe
  2⤵
  PID:4452
- C:\Windows\System\HadAeji.exe
  C:\Windows\System\HadAeji.exe
  2⤵
  PID:4472
- C:\Windows\System\syVhRnM.exe
  C:\Windows\System\syVhRnM.exe
  2⤵
  PID:4484
- C:\Windows\System\ACoeKgA.exe
  C:\Windows\System\ACoeKgA.exe
  2⤵
  PID:4540
- C:\Windows\System\buIKypq.exe
  C:\Windows\System\buIKypq.exe
  2⤵
  PID:4604
- C:\Windows\System\JpktQLG.exe
  C:\Windows\System\JpktQLG.exe
  2⤵
  PID:4592
- C:\Windows\System\ermDgpL.exe
  C:\Windows\System\ermDgpL.exe
  2⤵
  PID:4620
- C:\Windows\System\IGugnRp.exe
  C:\Windows\System\IGugnRp.exe
  2⤵
  PID:4656
- C:\Windows\System\vSimqwl.exe
  C:\Windows\System\vSimqwl.exe
  2⤵
  PID:4700
- C:\Windows\System\PvHPsDT.exe
  C:\Windows\System\PvHPsDT.exe
  2⤵
  PID:4720
- C:\Windows\System\oqvQUhd.exe
  C:\Windows\System\oqvQUhd.exe
  2⤵
  PID:4740
- C:\Windows\System\FXpttAt.exe
  C:\Windows\System\FXpttAt.exe
  2⤵
  PID:4796
- C:\Windows\System\mSNZhov.exe
  C:\Windows\System\mSNZhov.exe
  2⤵
  PID:4892
- C:\Windows\System\pUtWVxc.exe
  C:\Windows\System\pUtWVxc.exe
  2⤵
  PID:4868
- C:\Windows\System\kllejEj.exe
  C:\Windows\System\kllejEj.exe
  2⤵
  PID:4908
- C:\Windows\System\hdVPmEa.exe
  C:\Windows\System\hdVPmEa.exe
  2⤵
  PID:4972
- C:\Windows\System\tNuDtDA.exe
  C:\Windows\System\tNuDtDA.exe
  2⤵
  PID:4944
- C:\Windows\System\lGpBnTl.exe
  C:\Windows\System\lGpBnTl.exe
  2⤵
  PID:4992
- C:\Windows\System\imaWbMH.exe
  C:\Windows\System\imaWbMH.exe
  2⤵
  PID:5024
- C:\Windows\System\cIXdlor.exe
  C:\Windows\System\cIXdlor.exe
  2⤵
  PID:4104
- C:\Windows\System\ediqPLE.exe
  C:\Windows\System\ediqPLE.exe
  2⤵
  PID:5092
- C:\Windows\System\LISFcMS.exe
  C:\Windows\System\LISFcMS.exe
  2⤵
  PID:664
- C:\Windows\System\oJeeKBe.exe
  C:\Windows\System\oJeeKBe.exe
  2⤵
  PID:4192
- C:\Windows\System\dBwfBRB.exe
  C:\Windows\System\dBwfBRB.exe
  2⤵
  PID:4204
- C:\Windows\System\hLtUKUm.exe
  C:\Windows\System\hLtUKUm.exe
  2⤵
  PID:4236
- C:\Windows\System\VAQywWN.exe
  C:\Windows\System\VAQywWN.exe
  2⤵
  PID:4340
- C:\Windows\System\GHolSkg.exe
  C:\Windows\System\GHolSkg.exe
  2⤵
  PID:4352
- C:\Windows\System\JhNfeVh.exe
  C:\Windows\System\JhNfeVh.exe
  2⤵
  PID:4172
- C:\Windows\System\VWZAMqR.exe
  C:\Windows\System\VWZAMqR.exe
  2⤵
  PID:2620
- C:\Windows\System\zmKBrjr.exe
  C:\Windows\System\zmKBrjr.exe
  2⤵
  PID:4300
- C:\Windows\System\GdUwyTP.exe
  C:\Windows\System\GdUwyTP.exe
  2⤵
  PID:4468
- C:\Windows\System\ZNIIwqJ.exe
  C:\Windows\System\ZNIIwqJ.exe
  2⤵
  PID:4572
- C:\Windows\System\jhjuEDi.exe
  C:\Windows\System\jhjuEDi.exe
  2⤵
  PID:4616
- C:\Windows\System\KQbemjP.exe
  C:\Windows\System\KQbemjP.exe
  2⤵
  PID:4640
- C:\Windows\System\EmcdMwz.exe
  C:\Windows\System\EmcdMwz.exe
  2⤵
  PID:4776
- C:\Windows\System\RmXMvGn.exe
  C:\Windows\System\RmXMvGn.exe
  2⤵
  PID:4812
- C:\Windows\System\uPCCkbs.exe
  C:\Windows\System\uPCCkbs.exe
  2⤵
  PID:4784
- C:\Windows\System\qsCdEst.exe
  C:\Windows\System\qsCdEst.exe
  2⤵
  PID:4736
- C:\Windows\System\olExSvy.exe
  C:\Windows\System\olExSvy.exe
  2⤵
  PID:4760
- C:\Windows\System\MQUgeVI.exe
  C:\Windows\System\MQUgeVI.exe
  2⤵
  PID:4832
- C:\Windows\System\OESKwlF.exe
  C:\Windows\System\OESKwlF.exe
  2⤵
  PID:4988
- C:\Windows\System\zhDxluQ.exe
  C:\Windows\System\zhDxluQ.exe
  2⤵
  PID:4840
- C:\Windows\System\bMyygdu.exe
  C:\Windows\System\bMyygdu.exe
  2⤵
  PID:4948
- C:\Windows\System\GMMRuan.exe
  C:\Windows\System\GMMRuan.exe
  2⤵
  PID:5060
- C:\Windows\System\zrILDzE.exe
  C:\Windows\System\zrILDzE.exe
  2⤵
  PID:5044
- C:\Windows\System\dCAcWXT.exe
  C:\Windows\System\dCAcWXT.exe
  2⤵
  PID:4276
- C:\Windows\System\xobylGE.exe
  C:\Windows\System\xobylGE.exe
  2⤵
  PID:4164
- C:\Windows\System\gAvNWTc.exe
  C:\Windows\System\gAvNWTc.exe
  2⤵
  PID:3164
- C:\Windows\System\hTpbAbg.exe
  C:\Windows\System\hTpbAbg.exe
  2⤵
  PID:4372
- C:\Windows\System\AEDfLeo.exe
  C:\Windows\System\AEDfLeo.exe
  2⤵
  PID:4628
- C:\Windows\System\uIHLNxO.exe
  C:\Windows\System\uIHLNxO.exe
  2⤵
  PID:4696
- C:\Windows\System\JKtxCWQ.exe
  C:\Windows\System\JKtxCWQ.exe
  2⤵
  PID:3124
- C:\Windows\System\DuYQCfH.exe
  C:\Windows\System\DuYQCfH.exe
  2⤵
  PID:4316
- C:\Windows\System\gZoOwiw.exe
  C:\Windows\System\gZoOwiw.exe
  2⤵
  PID:4260
- C:\Windows\System\nNAqxrw.exe
  C:\Windows\System\nNAqxrw.exe
  2⤵
  PID:4516
- C:\Windows\System\UOoFQME.exe
  C:\Windows\System\UOoFQME.exe
  2⤵
  PID:4732
- C:\Windows\System\MktotLd.exe
  C:\Windows\System\MktotLd.exe
  2⤵
  PID:5076
- C:\Windows\System\xcMPcuX.exe
  C:\Windows\System\xcMPcuX.exe
  2⤵
  PID:4556
- C:\Windows\System\AwnhKJd.exe
  C:\Windows\System\AwnhKJd.exe
  2⤵
  PID:4852
- C:\Windows\System\kciadhO.exe
  C:\Windows\System\kciadhO.exe
  2⤵
  PID:3172
- C:\Windows\System\efmpTjj.exe
  C:\Windows\System\efmpTjj.exe
  2⤵
  PID:4756
- C:\Windows\System\nKCQGuO.exe
  C:\Windows\System\nKCQGuO.exe
  2⤵
  PID:4672
- C:\Windows\System\SRoarhs.exe
  C:\Windows\System\SRoarhs.exe
  2⤵
  PID:3068
- C:\Windows\System\JGILemr.exe
  C:\Windows\System\JGILemr.exe
  2⤵
  PID:4712
- C:\Windows\System\xrWFgnE.exe
  C:\Windows\System\xrWFgnE.exe
  2⤵
  PID:5124
- C:\Windows\System\AKAUopj.exe
  C:\Windows\System\AKAUopj.exe
  2⤵
  PID:5140
- C:\Windows\System\qLhsRkN.exe
  C:\Windows\System\qLhsRkN.exe
  2⤵
  PID:5200
- C:\Windows\System\zqZwtuz.exe
  C:\Windows\System\zqZwtuz.exe
  2⤵
  PID:5224
- C:\Windows\System\drMTmOC.exe
  C:\Windows\System\drMTmOC.exe
  2⤵
  PID:5240
- C:\Windows\System\oyMajPm.exe
  C:\Windows\System\oyMajPm.exe
  2⤵
  PID:5260
- C:\Windows\System\GJNCSNa.exe
  C:\Windows\System\GJNCSNa.exe
  2⤵
  PID:5284
- C:\Windows\System\lpzZLDE.exe
  C:\Windows\System\lpzZLDE.exe
  2⤵
  PID:5300
- C:\Windows\System\iEfaUuP.exe
  C:\Windows\System\iEfaUuP.exe
  2⤵
  PID:5320
- C:\Windows\System\VoZXAGO.exe
  C:\Windows\System\VoZXAGO.exe
  2⤵
  PID:5336
- C:\Windows\System\syJGyDp.exe
  C:\Windows\System\syJGyDp.exe
  2⤵
  PID:5352
- C:\Windows\System\UfbpcIp.exe
  C:\Windows\System\UfbpcIp.exe
  2⤵
  PID:5372
- C:\Windows\System\uUQTvVv.exe
  C:\Windows\System\uUQTvVv.exe
  2⤵
  PID:5388
- C:\Windows\System\pgNftqu.exe
  C:\Windows\System\pgNftqu.exe
  2⤵
  PID:5412
- C:\Windows\System\DYIVbUI.exe
  C:\Windows\System\DYIVbUI.exe
  2⤵
  PID:5432
- C:\Windows\System\hAiyhFk.exe
  C:\Windows\System\hAiyhFk.exe
  2⤵
  PID:5464
- C:\Windows\System\gXlxDhy.exe
  C:\Windows\System\gXlxDhy.exe
  2⤵
  PID:5480
- C:\Windows\System\LQpxAST.exe
  C:\Windows\System\LQpxAST.exe
  2⤵
  PID:5496
- C:\Windows\System\aUHYQnB.exe
  C:\Windows\System\aUHYQnB.exe
  2⤵
  PID:5524
- C:\Windows\System\XGAqNxD.exe
  C:\Windows\System\XGAqNxD.exe
  2⤵
  PID:5544
- C:\Windows\System\uPMZMat.exe
  C:\Windows\System\uPMZMat.exe
  2⤵
  PID:5560
- C:\Windows\System\vQhXYUK.exe
  C:\Windows\System\vQhXYUK.exe
  2⤵
  PID:5576
- C:\Windows\System\RokPAfl.exe
  C:\Windows\System\RokPAfl.exe
  2⤵
  PID:5592
- C:\Windows\System\bFbTjbz.exe
  C:\Windows\System\bFbTjbz.exe
  2⤵
  PID:5628
- C:\Windows\System\ndgeQcD.exe
  C:\Windows\System\ndgeQcD.exe
  2⤵
  PID:5644
- C:\Windows\System\tLCSaBI.exe
  C:\Windows\System\tLCSaBI.exe
  2⤵
  PID:5660
- C:\Windows\System\GyJdJXJ.exe
  C:\Windows\System\GyJdJXJ.exe
  2⤵
  PID:5676
- C:\Windows\System\OLdHYKW.exe
  C:\Windows\System\OLdHYKW.exe
  2⤵
  PID:5700
- C:\Windows\System\HNKatNc.exe
  C:\Windows\System\HNKatNc.exe
  2⤵
  PID:5716
- C:\Windows\System\GjAObBs.exe
  C:\Windows\System\GjAObBs.exe
  2⤵
  PID:5732
- C:\Windows\System\XXNRWkD.exe
  C:\Windows\System\XXNRWkD.exe
  2⤵
  PID:5760
- C:\Windows\System\RqDaoQB.exe
  C:\Windows\System\RqDaoQB.exe
  2⤵
  PID:5776
- C:\Windows\System\GrlTeXc.exe
  C:\Windows\System\GrlTeXc.exe
  2⤵
  PID:5800
- C:\Windows\System\sHuhPEp.exe
  C:\Windows\System\sHuhPEp.exe
  2⤵
  PID:5816
- C:\Windows\System\TpLCFvY.exe
  C:\Windows\System\TpLCFvY.exe
  2⤵
  PID:5832
- C:\Windows\System\cnaSzEq.exe
  C:\Windows\System\cnaSzEq.exe
  2⤵
  PID:5848
- C:\Windows\System\JWKtReg.exe
  C:\Windows\System\JWKtReg.exe
  2⤵
  PID:5876
- C:\Windows\System\swjeDEr.exe
  C:\Windows\System\swjeDEr.exe
  2⤵
  PID:5892
- C:\Windows\System\miDXzur.exe
  C:\Windows\System\miDXzur.exe
  2⤵
  PID:5908
- C:\Windows\System\PSSVdwa.exe
  C:\Windows\System\PSSVdwa.exe
  2⤵
  PID:5928
- C:\Windows\System\pTafGRT.exe
  C:\Windows\System\pTafGRT.exe
  2⤵
  PID:5952
- C:\Windows\System\lPcSCeq.exe
  C:\Windows\System\lPcSCeq.exe
  2⤵
  PID:5976
- C:\Windows\System\azlZGHF.exe
  C:\Windows\System\azlZGHF.exe
  2⤵
  PID:5996
- C:\Windows\System\bHLEgxr.exe
  C:\Windows\System\bHLEgxr.exe
  2⤵
  PID:6012
- C:\Windows\System\mdcCFkm.exe
  C:\Windows\System\mdcCFkm.exe
  2⤵
  PID:6044
- C:\Windows\System\uATjobi.exe
  C:\Windows\System\uATjobi.exe
  2⤵
  PID:6072
- C:\Windows\System\kcsWuYx.exe
  C:\Windows\System\kcsWuYx.exe
  2⤵
  PID:6092
- C:\Windows\System\JNfVnvd.exe
  C:\Windows\System\JNfVnvd.exe
  2⤵
  PID:6112
- C:\Windows\System\ewElxQL.exe
  C:\Windows\System\ewElxQL.exe
  2⤵
  PID:6128
- C:\Windows\System\ApoTmdv.exe
  C:\Windows\System\ApoTmdv.exe
  2⤵
  PID:5056
- C:\Windows\System\KfTaRqg.exe
  C:\Windows\System\KfTaRqg.exe
  2⤵
  PID:4040
- C:\Windows\System\cMIzSFY.exe
  C:\Windows\System\cMIzSFY.exe
  2⤵
  PID:5136
- C:\Windows\System\nIRthwp.exe
  C:\Windows\System\nIRthwp.exe
  2⤵
  PID:4248
- C:\Windows\System\zkZYwby.exe
  C:\Windows\System\zkZYwby.exe
  2⤵
  PID:4208
- C:\Windows\System\NiiKigJ.exe
  C:\Windows\System\NiiKigJ.exe
  2⤵
  PID:5168
- C:\Windows\System\aeItmKs.exe
  C:\Windows\System\aeItmKs.exe
  2⤵
  PID:5196
- C:\Windows\System\efXuDYh.exe
  C:\Windows\System\efXuDYh.exe
  2⤵
  PID:5220
- C:\Windows\System\AjtMfGZ.exe
  C:\Windows\System\AjtMfGZ.exe
  2⤵
  PID:5268
- C:\Windows\System\bmKBRoc.exe
  C:\Windows\System\bmKBRoc.exe
  2⤵
  PID:5292
- C:\Windows\System\fNCtZhZ.exe
  C:\Windows\System\fNCtZhZ.exe
  2⤵
  PID:5368
- C:\Windows\System\IRYegkA.exe
  C:\Windows\System\IRYegkA.exe
  2⤵
  PID:5440
- C:\Windows\System\IBMPrbo.exe
  C:\Windows\System\IBMPrbo.exe
  2⤵
  PID:5456
- C:\Windows\System\fsXIboA.exe
  C:\Windows\System\fsXIboA.exe
  2⤵
  PID:5312
- C:\Windows\System\hxufzzf.exe
  C:\Windows\System\hxufzzf.exe
  2⤵
  PID:5380
- C:\Windows\System\RocVSjf.exe
  C:\Windows\System\RocVSjf.exe
  2⤵
  PID:5424
- C:\Windows\System\vrjDkGO.exe
  C:\Windows\System\vrjDkGO.exe
  2⤵
  PID:5536
- C:\Windows\System\essjgFm.exe
  C:\Windows\System\essjgFm.exe
  2⤵
  PID:1676
- C:\Windows\System\dIHvROV.exe
  C:\Windows\System\dIHvROV.exe
  2⤵
  PID:5604
- C:\Windows\System\dsgwJkv.exe
  C:\Windows\System\dsgwJkv.exe
  2⤵
  PID:5692
- C:\Windows\System\COSwdEq.exe
  C:\Windows\System\COSwdEq.exe
  2⤵
  PID:5672
- C:\Windows\System\SERjhbJ.exe
  C:\Windows\System\SERjhbJ.exe
  2⤵
  PID:5636
- C:\Windows\System\bvLziPk.exe
  C:\Windows\System\bvLziPk.exe
  2⤵
  PID:5712
- C:\Windows\System\FEdMTwI.exe
  C:\Windows\System\FEdMTwI.exe
  2⤵
  PID:5844
- C:\Windows\System\THxWWAv.exe
  C:\Windows\System\THxWWAv.exe
  2⤵
  PID:5824
- C:\Windows\System\RhxJTaS.exe
  C:\Windows\System\RhxJTaS.exe
  2⤵
  PID:5968
- C:\Windows\System\mUzrRPv.exe
  C:\Windows\System\mUzrRPv.exe
  2⤵
  PID:6008
- C:\Windows\System\oVWSdWj.exe
  C:\Windows\System\oVWSdWj.exe
  2⤵
  PID:5792
- C:\Windows\System\TiYYIxJ.exe
  C:\Windows\System\TiYYIxJ.exe
  2⤵
  PID:5860
- C:\Windows\System\RFQSdPh.exe
  C:\Windows\System\RFQSdPh.exe
  2⤵
  PID:5948
- C:\Windows\System\jDlwRcN.exe
  C:\Windows\System\jDlwRcN.exe
  2⤵
  PID:6020
- C:\Windows\System\HXhinJP.exe
  C:\Windows\System\HXhinJP.exe
  2⤵
  PID:5872
- C:\Windows\System\xQyAKok.exe
  C:\Windows\System\xQyAKok.exe
  2⤵
  PID:6056
- C:\Windows\System\rZHlanP.exe
  C:\Windows\System\rZHlanP.exe
  2⤵
  PID:6120
- C:\Windows\System\fNyFate.exe
  C:\Windows\System\fNyFate.exe
  2⤵
  PID:4984
- C:\Windows\System\LPMEVim.exe
  C:\Windows\System\LPMEVim.exe
  2⤵
  PID:6100
- C:\Windows\System\VnzxbKa.exe
  C:\Windows\System\VnzxbKa.exe
  2⤵
  PID:5040
- C:\Windows\System\ZTjbLUT.exe
  C:\Windows\System\ZTjbLUT.exe
  2⤵
  PID:5184
- C:\Windows\System\kEUTdCp.exe
  C:\Windows\System\kEUTdCp.exe
  2⤵
  PID:5328
- C:\Windows\System\YNsxebP.exe
  C:\Windows\System\YNsxebP.exe
  2⤵
  PID:5216
- C:\Windows\System\ATiIxai.exe
  C:\Windows\System\ATiIxai.exe
  2⤵
  PID:5360
- C:\Windows\System\gQRdULy.exe
  C:\Windows\System\gQRdULy.exe
  2⤵
  PID:5332
- C:\Windows\System\GWWWnSG.exe
  C:\Windows\System\GWWWnSG.exe
  2⤵
  PID:5472
- C:\Windows\System\gPJfOaP.exe
  C:\Windows\System\gPJfOaP.exe
  2⤵
  PID:5520
- C:\Windows\System\oIVLSsm.exe
  C:\Windows\System\oIVLSsm.exe
  2⤵
  PID:5452
- C:\Windows\System\FrunuRy.exe
  C:\Windows\System\FrunuRy.exe
  2⤵
  PID:2084
- C:\Windows\System\KrFFPjO.exe
  C:\Windows\System\KrFFPjO.exe
  2⤵
  PID:5620
- C:\Windows\System\pzgmmCE.exe
  C:\Windows\System\pzgmmCE.exe
  2⤵
  PID:5684
- C:\Windows\System\KmuSRNi.exe
  C:\Windows\System\KmuSRNi.exe
  2⤵
  PID:5812
- C:\Windows\System\rwhfmjy.exe
  C:\Windows\System\rwhfmjy.exe
  2⤵
  PID:5788
- C:\Windows\System\OFCbAyb.exe
  C:\Windows\System\OFCbAyb.exe
  2⤵
  PID:5900
- C:\Windows\System\lkRwiSF.exe
  C:\Windows\System\lkRwiSF.exe
  2⤵
  PID:4884
- C:\Windows\System\hkifxxG.exe
  C:\Windows\System\hkifxxG.exe
  2⤵
  PID:5748
- C:\Windows\System\MIfrsgb.exe
  C:\Windows\System\MIfrsgb.exe
  2⤵
  PID:6040
- C:\Windows\System\QUPCgEg.exe
  C:\Windows\System\QUPCgEg.exe
  2⤵
  PID:4188
- C:\Windows\System\PYSOSYP.exe
  C:\Windows\System\PYSOSYP.exe
  2⤵
  PID:5180
- C:\Windows\System\nReyxOS.exe
  C:\Windows\System\nReyxOS.exe
  2⤵
  PID:5408
- C:\Windows\System\SuyfznA.exe
  C:\Windows\System\SuyfznA.exe
  2⤵
  PID:5532
- C:\Windows\System\rCrtnAG.exe
  C:\Windows\System\rCrtnAG.exe
  2⤵
  PID:6080
- C:\Windows\System\HOXYPOe.exe
  C:\Windows\System\HOXYPOe.exe
  2⤵
  PID:5256
- C:\Windows\System\REomxwB.exe
  C:\Windows\System\REomxwB.exe
  2⤵
  PID:5808
- C:\Windows\System\OaqZotI.exe
  C:\Windows\System\OaqZotI.exe
  2⤵
  PID:6108
- C:\Windows\System\IlliQds.exe
  C:\Windows\System\IlliQds.exe
  2⤵
  PID:5864
- C:\Windows\System\DtckAYd.exe
  C:\Windows\System\DtckAYd.exe
  2⤵
  PID:5772
- C:\Windows\System\LbQNHOB.exe
  C:\Windows\System\LbQNHOB.exe
  2⤵
  PID:1544
- C:\Windows\System\odiBANT.exe
  C:\Windows\System\odiBANT.exe
  2⤵
  PID:1776
- C:\Windows\System\noQfdrV.exe
  C:\Windows\System\noQfdrV.exe
  2⤵
  PID:5404
- C:\Windows\System\FmtGwTC.exe
  C:\Windows\System\FmtGwTC.exe
  2⤵
  PID:5840
- C:\Windows\System\fHEDnSR.exe
  C:\Windows\System\fHEDnSR.exe
  2⤵
  PID:5344
- C:\Windows\System\jEFdgZQ.exe
  C:\Windows\System\jEFdgZQ.exe
  2⤵
  PID:5600
- C:\Windows\System\lwHlMBx.exe
  C:\Windows\System\lwHlMBx.exe
  2⤵
  PID:5208
- C:\Windows\System\rrpviRU.exe
  C:\Windows\System\rrpviRU.exe
  2⤵
  PID:5148
- C:\Windows\System\njqTkpi.exe
  C:\Windows\System\njqTkpi.exe
  2⤵
  PID:1836
- C:\Windows\System\YPPtDpv.exe
  C:\Windows\System\YPPtDpv.exe
  2⤵
  PID:5640
- C:\Windows\System\VzDjrEl.exe
  C:\Windows\System\VzDjrEl.exe
  2⤵
  PID:5624
- C:\Windows\System\LfxkQxd.exe
  C:\Windows\System\LfxkQxd.exe
  2⤵
  PID:6152
- C:\Windows\System\qPYjscy.exe
  C:\Windows\System\qPYjscy.exe
  2⤵
  PID:6176
- C:\Windows\System\AVvgFrW.exe
  C:\Windows\System\AVvgFrW.exe
  2⤵
  PID:6196
- C:\Windows\System\XDkMQhF.exe
  C:\Windows\System\XDkMQhF.exe
  2⤵
  PID:6216
- C:\Windows\System\urjbNVd.exe
  C:\Windows\System\urjbNVd.exe
  2⤵
  PID:6232
- C:\Windows\System\XFbTuqQ.exe
  C:\Windows\System\XFbTuqQ.exe
  2⤵
  PID:6268
- C:\Windows\System\rgBfvgY.exe
  C:\Windows\System\rgBfvgY.exe
  2⤵
  PID:6284
- C:\Windows\System\fnBtXVt.exe
  C:\Windows\System\fnBtXVt.exe
  2⤵
  PID:6300
- C:\Windows\System\WMaIsyw.exe
  C:\Windows\System\WMaIsyw.exe
  2⤵
  PID:6316
- C:\Windows\System\ldnpodn.exe
  C:\Windows\System\ldnpodn.exe
  2⤵
  PID:6332
- C:\Windows\System\SZNaqpG.exe
  C:\Windows\System\SZNaqpG.exe
  2⤵
  PID:6348
- C:\Windows\System\qZBIQPN.exe
  C:\Windows\System\qZBIQPN.exe
  2⤵
  PID:6368
- C:\Windows\System\XFwcAtv.exe
  C:\Windows\System\XFwcAtv.exe
  2⤵
  PID:6388
- C:\Windows\System\dukXWwn.exe
  C:\Windows\System\dukXWwn.exe
  2⤵
  PID:6404
- C:\Windows\System\QTksNqA.exe
  C:\Windows\System\QTksNqA.exe
  2⤵
  PID:6420
- C:\Windows\System\UqzDDFv.exe
  C:\Windows\System\UqzDDFv.exe
  2⤵
  PID:6436
- C:\Windows\System\sKqdXht.exe
  C:\Windows\System\sKqdXht.exe
  2⤵
  PID:6456
- C:\Windows\System\Xgxpjto.exe
  C:\Windows\System\Xgxpjto.exe
  2⤵
  PID:6472
- C:\Windows\System\bvgeUFY.exe
  C:\Windows\System\bvgeUFY.exe
  2⤵
  PID:6488
- C:\Windows\System\DEHfXsw.exe
  C:\Windows\System\DEHfXsw.exe
  2⤵
  PID:6536
- C:\Windows\System\tPFoYkO.exe
  C:\Windows\System\tPFoYkO.exe
  2⤵
  PID:6556
- C:\Windows\System\mILdWdv.exe
  C:\Windows\System\mILdWdv.exe
  2⤵
  PID:6584
- C:\Windows\System\ZVFjjke.exe
  C:\Windows\System\ZVFjjke.exe
  2⤵
  PID:6600
- C:\Windows\System\exMyWhH.exe
  C:\Windows\System\exMyWhH.exe
  2⤵
  PID:6628
- C:\Windows\System\dTvzKnF.exe
  C:\Windows\System\dTvzKnF.exe
  2⤵
  PID:6644
- C:\Windows\System\ZJgEnSn.exe
  C:\Windows\System\ZJgEnSn.exe
  2⤵
  PID:6664
- C:\Windows\System\Ysmscov.exe
  C:\Windows\System\Ysmscov.exe
  2⤵
  PID:6680
- C:\Windows\System\qqQTbmo.exe
  C:\Windows\System\qqQTbmo.exe
  2⤵
  PID:6704
- C:\Windows\System\Zlxzfud.exe
  C:\Windows\System\Zlxzfud.exe
  2⤵
  PID:6720
- C:\Windows\System\KfeJrHf.exe
  C:\Windows\System\KfeJrHf.exe
  2⤵
  PID:6744
- C:\Windows\System\wJfteAU.exe
  C:\Windows\System\wJfteAU.exe
  2⤵
  PID:6764
- C:\Windows\System\SDTifcE.exe
  C:\Windows\System\SDTifcE.exe
  2⤵
  PID:6780
- C:\Windows\System\SkXJXcC.exe
  C:\Windows\System\SkXJXcC.exe
  2⤵
  PID:6796
- C:\Windows\System\DEFNxwg.exe
  C:\Windows\System\DEFNxwg.exe
  2⤵
  PID:6812
- C:\Windows\System\ptQctpI.exe
  C:\Windows\System\ptQctpI.exe
  2⤵
  PID:6832
- C:\Windows\System\JuKbagc.exe
  C:\Windows\System\JuKbagc.exe
  2⤵
  PID:6848
- C:\Windows\System\DgnksMv.exe
  C:\Windows\System\DgnksMv.exe
  2⤵
  PID:6864
- C:\Windows\System\jrCaVZB.exe
  C:\Windows\System\jrCaVZB.exe
  2⤵
  PID:6884
- C:\Windows\System\hWOpvEQ.exe
  C:\Windows\System\hWOpvEQ.exe
  2⤵
  PID:6900
- C:\Windows\System\MRTVCTH.exe
  C:\Windows\System\MRTVCTH.exe
  2⤵
  PID:6916
- C:\Windows\System\vmLuPkW.exe
  C:\Windows\System\vmLuPkW.exe
  2⤵
  PID:6932
- C:\Windows\System\HCtxLEZ.exe
  C:\Windows\System\HCtxLEZ.exe
  2⤵
  PID:6980
- C:\Windows\System\VzfZAZN.exe
  C:\Windows\System\VzfZAZN.exe
  2⤵
  PID:7000
- C:\Windows\System\ahvLWJX.exe
  C:\Windows\System\ahvLWJX.exe
  2⤵
  PID:7016
- C:\Windows\System\ZJHbcie.exe
  C:\Windows\System\ZJHbcie.exe
  2⤵
  PID:7032
- C:\Windows\System\VKMYOsy.exe
  C:\Windows\System\VKMYOsy.exe
  2⤵
  PID:7056
- C:\Windows\System\gEqioDM.exe
  C:\Windows\System\gEqioDM.exe
  2⤵
  PID:7076
- C:\Windows\System\bfToIVs.exe
  C:\Windows\System\bfToIVs.exe
  2⤵
  PID:7096
- C:\Windows\System\eOlHIGd.exe
  C:\Windows\System\eOlHIGd.exe
  2⤵
  PID:7112
- C:\Windows\System\ZrVuWPs.exe
  C:\Windows\System\ZrVuWPs.exe
  2⤵
  PID:7136
- C:\Windows\System\HsMREED.exe
  C:\Windows\System\HsMREED.exe
  2⤵
  PID:7156
- C:\Windows\System\gwPCZjm.exe
  C:\Windows\System\gwPCZjm.exe
  2⤵
  PID:5964
- C:\Windows\System\vAUaAOi.exe
  C:\Windows\System\vAUaAOi.exe
  2⤵
  PID:6168
- C:\Windows\System\uCeBqPK.exe
  C:\Windows\System\uCeBqPK.exe
  2⤵
  PID:5276
- C:\Windows\System\DPfZmYC.exe
  C:\Windows\System\DPfZmYC.exe
  2⤵
  PID:6256
- C:\Windows\System\KMxVpXe.exe
  C:\Windows\System\KMxVpXe.exe
  2⤵
  PID:5988
- C:\Windows\System\YkHHbLp.exe
  C:\Windows\System\YkHHbLp.exe
  2⤵
  PID:6264
- C:\Windows\System\SseFOGB.exe
  C:\Windows\System\SseFOGB.exe
  2⤵
  PID:6328
- C:\Windows\System\IrBRUZW.exe
  C:\Windows\System\IrBRUZW.exe
  2⤵
  PID:6396
- C:\Windows\System\aOklWWO.exe
  C:\Windows\System\aOklWWO.exe
  2⤵
  PID:6276
- C:\Windows\System\ADYmvBJ.exe
  C:\Windows\System\ADYmvBJ.exe
  2⤵
  PID:6376
- C:\Windows\System\JItpKPu.exe
  C:\Windows\System\JItpKPu.exe
  2⤵
  PID:6444
- C:\Windows\System\KATUZrv.exe
  C:\Windows\System\KATUZrv.exe
  2⤵
  PID:6504
- C:\Windows\System\bqtrDuF.exe
  C:\Windows\System\bqtrDuF.exe
  2⤵
  PID:6524
- C:\Windows\System\UYguJYj.exe
  C:\Windows\System\UYguJYj.exe
  2⤵
  PID:6340
- C:\Windows\System\mwAaVzR.exe
  C:\Windows\System\mwAaVzR.exe
  2⤵
  PID:6580
- C:\Windows\System\RqrecUT.exe
  C:\Windows\System\RqrecUT.exe
  2⤵
  PID:6616
- C:\Windows\System\PMwEEQz.exe
  C:\Windows\System\PMwEEQz.exe
  2⤵
  PID:6548
- C:\Windows\System\aaHspPm.exe
  C:\Windows\System\aaHspPm.exe
  2⤵
  PID:6688
- C:\Windows\System\mUIaRFZ.exe
  C:\Windows\System\mUIaRFZ.exe
  2⤵
  PID:3184
- C:\Windows\System\xIRaSTK.exe
  C:\Windows\System\xIRaSTK.exe
  2⤵
  PID:6740
- C:\Windows\System\YLAsSUc.exe
  C:\Windows\System\YLAsSUc.exe
  2⤵
  PID:6804
- C:\Windows\System\NvDRPSV.exe
  C:\Windows\System\NvDRPSV.exe
  2⤵
  PID:6676
- C:\Windows\System\WbfTlct.exe
  C:\Windows\System\WbfTlct.exe
  2⤵
  PID:1696
- C:\Windows\System\pemfsNN.exe
  C:\Windows\System\pemfsNN.exe
  2⤵
  PID:6908
- C:\Windows\System\cRCdrNW.exe
  C:\Windows\System\cRCdrNW.exe
  2⤵
  PID:6952
- C:\Windows\System\VYnnXwd.exe
  C:\Windows\System\VYnnXwd.exe
  2⤵
  PID:6856
- C:\Windows\System\ebNCUUm.exe
  C:\Windows\System\ebNCUUm.exe
  2⤵
  PID:6964
- C:\Windows\System\BMevtrS.exe
  C:\Windows\System\BMevtrS.exe
  2⤵
  PID:7012
- C:\Windows\System\CxgpXuC.exe
  C:\Windows\System\CxgpXuC.exe
  2⤵
  PID:6988
- C:\Windows\System\NFhjgBb.exe
  C:\Windows\System\NFhjgBb.exe
  2⤵
  PID:6992
- C:\Windows\System\wtxDpmU.exe
  C:\Windows\System\wtxDpmU.exe
  2⤵
  PID:7120
- C:\Windows\System\MKwjEuV.exe
  C:\Windows\System\MKwjEuV.exe
  2⤵
  PID:7164
- C:\Windows\System\QhwNyxz.exe
  C:\Windows\System\QhwNyxz.exe
  2⤵
  PID:7024
- C:\Windows\System\npWdLHE.exe
  C:\Windows\System\npWdLHE.exe
  2⤵
  PID:5696
- C:\Windows\System\vSBwbde.exe
  C:\Windows\System\vSBwbde.exe
  2⤵
  PID:6240
- C:\Windows\System\Nwpkjuq.exe
  C:\Windows\System\Nwpkjuq.exe
  2⤵
  PID:6212
- C:\Windows\System\ECzFSTO.exe
  C:\Windows\System\ECzFSTO.exe
  2⤵
  PID:6260
- C:\Windows\System\StsyXJE.exe
  C:\Windows\System\StsyXJE.exe
  2⤵
  PID:6224
- C:\Windows\System\mejyFyZ.exe
  C:\Windows\System\mejyFyZ.exe
  2⤵
  PID:6464
- C:\Windows\System\bmKwbUe.exe
  C:\Windows\System\bmKwbUe.exe
  2⤵
  PID:2136
- C:\Windows\System\uHnEMXr.exe
  C:\Windows\System\uHnEMXr.exe
  2⤵
  PID:3192
- C:\Windows\System\WWmLpER.exe
  C:\Windows\System\WWmLpER.exe
  2⤵
  PID:6412
- C:\Windows\System\gBrndja.exe
  C:\Windows\System\gBrndja.exe
  2⤵
  PID:6452
- C:\Windows\System\FJdAgOq.exe
  C:\Windows\System\FJdAgOq.exe
  2⤵
  PID:6576
- C:\Windows\System\moRxZGZ.exe
  C:\Windows\System\moRxZGZ.exe
  2⤵
  PID:6484
- C:\Windows\System\OhEfTTK.exe
  C:\Windows\System\OhEfTTK.exe
  2⤵
  PID:6612
- C:\Windows\System\facifBz.exe
  C:\Windows\System\facifBz.exe
  2⤵
  PID:6592
- C:\Windows\System\SXfIdQI.exe
  C:\Windows\System\SXfIdQI.exe
  2⤵
  PID:6672
- C:\Windows\System\WMBKwZa.exe
  C:\Windows\System\WMBKwZa.exe
  2⤵
  PID:6772
- C:\Windows\System\lpbrcWp.exe
  C:\Windows\System\lpbrcWp.exe
  2⤵
  PID:6760
- C:\Windows\System\IBDPHEX.exe
  C:\Windows\System\IBDPHEX.exe
  2⤵
  PID:6956
- C:\Windows\System\gmVToSj.exe
  C:\Windows\System\gmVToSj.exe
  2⤵
  PID:6928
- C:\Windows\System\FVAeKHV.exe
  C:\Windows\System\FVAeKHV.exe
  2⤵
  PID:6716
- C:\Windows\System\jObtrKM.exe
  C:\Windows\System\jObtrKM.exe
  2⤵
  PID:7104
- C:\Windows\System\mwumZDx.exe
  C:\Windows\System\mwumZDx.exe
  2⤵
  PID:7128
- C:\Windows\System\KHVZBNC.exe
  C:\Windows\System\KHVZBNC.exe
  2⤵
  PID:7144
- C:\Windows\System\DdtpVTb.exe
  C:\Windows\System\DdtpVTb.exe
  2⤵
  PID:6972
- C:\Windows\System\jQEHUrH.exe
  C:\Windows\System\jQEHUrH.exe
  2⤵
  PID:6252
- C:\Windows\System\eLHUgSI.exe
  C:\Windows\System\eLHUgSI.exe
  2⤵
  PID:6244
- C:\Windows\System\ndFtNpt.exe
  C:\Windows\System\ndFtNpt.exe
  2⤵
  PID:7088
- C:\Windows\System\aJcFzCF.exe
  C:\Windows\System\aJcFzCF.exe
  2⤵
  PID:7244
- C:\Windows\System\OlhaNmC.exe
  C:\Windows\System\OlhaNmC.exe
  2⤵
  PID:7260
- C:\Windows\System\XGcNKyo.exe
  C:\Windows\System\XGcNKyo.exe
  2⤵
  PID:7284
- C:\Windows\System\pvzUNjr.exe
  C:\Windows\System\pvzUNjr.exe
  2⤵
  PID:7300
- C:\Windows\System\fOzHtza.exe
  C:\Windows\System\fOzHtza.exe
  2⤵
  PID:7316
- C:\Windows\System\noCemoZ.exe
  C:\Windows\System\noCemoZ.exe
  2⤵
  PID:7336
- C:\Windows\System\lKwnKKq.exe
  C:\Windows\System\lKwnKKq.exe
  2⤵
  PID:7356
- C:\Windows\System\QjXxFAO.exe
  C:\Windows\System\QjXxFAO.exe
  2⤵
  PID:7372
- C:\Windows\System\UKnCaHV.exe
  C:\Windows\System\UKnCaHV.exe
  2⤵
  PID:7388
- C:\Windows\System\lEsMBvQ.exe
  C:\Windows\System\lEsMBvQ.exe
  2⤵
  PID:7404
- C:\Windows\System\upzUIyF.exe
  C:\Windows\System\upzUIyF.exe
  2⤵
  PID:7420
- C:\Windows\System\pwhQFIW.exe
  C:\Windows\System\pwhQFIW.exe
  2⤵
  PID:7464
- C:\Windows\System\dDkmfww.exe
  C:\Windows\System\dDkmfww.exe
  2⤵
  PID:7480
- C:\Windows\System\YxzmadF.exe
  C:\Windows\System\YxzmadF.exe
  2⤵
  PID:7500
- C:\Windows\System\frsAiph.exe
  C:\Windows\System\frsAiph.exe
  2⤵
  PID:7516
- C:\Windows\System\qoJIKeM.exe
  C:\Windows\System\qoJIKeM.exe
  2⤵
  PID:7532
- C:\Windows\System\EmPtgEP.exe
  C:\Windows\System\EmPtgEP.exe
  2⤵
  PID:7548
- C:\Windows\System\rYmAJbp.exe
  C:\Windows\System\rYmAJbp.exe
  2⤵
  PID:7568
- C:\Windows\System\bRZxtyw.exe
  C:\Windows\System\bRZxtyw.exe
  2⤵
  PID:7588
- C:\Windows\System\pNAyBVz.exe
  C:\Windows\System\pNAyBVz.exe
  2⤵
  PID:7604
- C:\Windows\System\NcGxlgJ.exe
  C:\Windows\System\NcGxlgJ.exe
  2⤵
  PID:7620
- C:\Windows\System\COnmbIV.exe
  C:\Windows\System\COnmbIV.exe
  2⤵
  PID:7636
- C:\Windows\System\ttJeFoo.exe
  C:\Windows\System\ttJeFoo.exe
  2⤵
  PID:7656
- C:\Windows\System\GujmEsR.exe
  C:\Windows\System\GujmEsR.exe
  2⤵
  PID:7676
- C:\Windows\System\iUHujZi.exe
  C:\Windows\System\iUHujZi.exe
  2⤵
  PID:7692
- C:\Windows\System\VZbbRTo.exe
  C:\Windows\System\VZbbRTo.exe
  2⤵
  PID:7708
- C:\Windows\System\wZFMfwT.exe
  C:\Windows\System\wZFMfwT.exe
  2⤵
  PID:7724
- C:\Windows\System\MtbCkpP.exe
  C:\Windows\System\MtbCkpP.exe
  2⤵
  PID:7740
- C:\Windows\System\jlSzIYg.exe
  C:\Windows\System\jlSzIYg.exe
  2⤵
  PID:7760
- C:\Windows\System\ujGnDfW.exe
  C:\Windows\System\ujGnDfW.exe
  2⤵
  PID:7788
- C:\Windows\System\zlSTHEP.exe
  C:\Windows\System\zlSTHEP.exe
  2⤵
  PID:7808
- C:\Windows\System\nRauapp.exe
  C:\Windows\System\nRauapp.exe
  2⤵
  PID:7840
- C:\Windows\System\siRFweY.exe
  C:\Windows\System\siRFweY.exe
  2⤵
  PID:7860
- C:\Windows\System\AkyShWZ.exe
  C:\Windows\System\AkyShWZ.exe
  2⤵
  PID:7876
- C:\Windows\System\PlXoosF.exe
  C:\Windows\System\PlXoosF.exe
  2⤵
  PID:7912
- C:\Windows\System\NqirvbZ.exe
  C:\Windows\System\NqirvbZ.exe
  2⤵
  PID:7928
- C:\Windows\System\ThDAgIL.exe
  C:\Windows\System\ThDAgIL.exe
  2⤵
  PID:7944
- C:\Windows\System\xfnsUcl.exe
  C:\Windows\System\xfnsUcl.exe
  2⤵
  PID:7960
- C:\Windows\System\AsHVOgm.exe
  C:\Windows\System\AsHVOgm.exe
  2⤵
  PID:7976
- C:\Windows\System\nGQyfZS.exe
  C:\Windows\System\nGQyfZS.exe
  2⤵
  PID:7992
- C:\Windows\System\iQfvtsV.exe
  C:\Windows\System\iQfvtsV.exe
  2⤵
  PID:8008
- C:\Windows\System\EbQJTZX.exe
  C:\Windows\System\EbQJTZX.exe
  2⤵
  PID:8024
- C:\Windows\System\hOptYjH.exe
  C:\Windows\System\hOptYjH.exe
  2⤵
  PID:8040
- C:\Windows\System\GtvhnGk.exe
  C:\Windows\System\GtvhnGk.exe
  2⤵
  PID:8056
- C:\Windows\System\fYMgZdb.exe
  C:\Windows\System\fYMgZdb.exe
  2⤵
  PID:8072
- C:\Windows\System\rpgtcEZ.exe
  C:\Windows\System\rpgtcEZ.exe
  2⤵
  PID:8144
- C:\Windows\System\SEsQOWE.exe
  C:\Windows\System\SEsQOWE.exe
  2⤵
  PID:8160
- C:\Windows\System\vssQtCx.exe
  C:\Windows\System\vssQtCx.exe
  2⤵
  PID:8176
- C:\Windows\System\JDfaJnI.exe
  C:\Windows\System\JDfaJnI.exe
  2⤵
  PID:3232
- C:\Windows\System\nAfhegD.exe
  C:\Windows\System\nAfhegD.exe
  2⤵
  PID:6468
- C:\Windows\System\OIFfazb.exe
  C:\Windows\System\OIFfazb.exe
  2⤵
  PID:6384
- C:\Windows\System\OObVTOn.exe
  C:\Windows\System\OObVTOn.exe
  2⤵
  PID:6696
- C:\Windows\System\wKXdart.exe
  C:\Windows\System\wKXdart.exe
  2⤵
  PID:6892
- C:\Windows\System\bcsppCt.exe
  C:\Windows\System\bcsppCt.exe
  2⤵
  PID:6428
- C:\Windows\System\UYZHLef.exe
  C:\Windows\System\UYZHLef.exe
  2⤵
  PID:7064
- C:\Windows\System\SazcQVa.exe
  C:\Windows\System\SazcQVa.exe
  2⤵
  PID:6248
- C:\Windows\System\KXedgCS.exe
  C:\Windows\System\KXedgCS.exe
  2⤵
  PID:7028
- C:\Windows\System\wWmZniT.exe
  C:\Windows\System\wWmZniT.exe
  2⤵
  PID:6296
- C:\Windows\System\ztVwuAy.exe
  C:\Windows\System\ztVwuAy.exe
  2⤵
  PID:7192
- C:\Windows\System\TciDcRd.exe
  C:\Windows\System\TciDcRd.exe
  2⤵
  PID:7208
- C:\Windows\System\ooiHGrj.exe
  C:\Windows\System\ooiHGrj.exe
  2⤵
  PID:7220
- C:\Windows\System\MQqIZYD.exe
  C:\Windows\System\MQqIZYD.exe
  2⤵
  PID:7236
- C:\Windows\System\ylCKUOY.exe
  C:\Windows\System\ylCKUOY.exe
  2⤵
  PID:6840
- C:\Windows\System\ghrEdPO.exe
  C:\Windows\System\ghrEdPO.exe
  2⤵
  PID:7172
- C:\Windows\System\uweZbSc.exe
  C:\Windows\System\uweZbSc.exe
  2⤵
  PID:7276
- C:\Windows\System\Ajwpqga.exe
  C:\Windows\System\Ajwpqga.exe
  2⤵
  PID:7308
- C:\Windows\System\jnCMubJ.exe
  C:\Windows\System\jnCMubJ.exe
  2⤵
  PID:7348
- C:\Windows\System\GYztZxH.exe
  C:\Windows\System\GYztZxH.exe
  2⤵
  PID:7396
- C:\Windows\System\uklcxsy.exe
  C:\Windows\System\uklcxsy.exe
  2⤵
  PID:7384
- C:\Windows\System\qmLsdiw.exe
  C:\Windows\System\qmLsdiw.exe
  2⤵
  PID:1940
- C:\Windows\System\orDPcZw.exe
  C:\Windows\System\orDPcZw.exe
  2⤵
  PID:7540
- C:\Windows\System\DjdpriT.exe
  C:\Windows\System\DjdpriT.exe
  2⤵
  PID:7612
- C:\Windows\System\CxFghem.exe
  C:\Windows\System\CxFghem.exe
  2⤵
  PID:7716
- C:\Windows\System\EvvlfFQ.exe
  C:\Windows\System\EvvlfFQ.exe
  2⤵
  PID:7756
- C:\Windows\System\npyDfsV.exe
  C:\Windows\System\npyDfsV.exe
  2⤵
  PID:7804
- C:\Windows\System\apWxNOJ.exe
  C:\Windows\System\apWxNOJ.exe
  2⤵
  PID:7672
- C:\Windows\System\NDfqHSO.exe
  C:\Windows\System\NDfqHSO.exe
  2⤵
  PID:7888
- C:\Windows\System\phwpbfM.exe
  C:\Windows\System\phwpbfM.exe
  2⤵
  PID:7736
- C:\Windows\System\BKvmzNa.exe
  C:\Windows\System\BKvmzNa.exe
  2⤵
  PID:7780
- C:\Windows\System\YiqxTSu.exe
  C:\Windows\System\YiqxTSu.exe
  2⤵
  PID:7528
- C:\Windows\System\NHGdeVA.exe
  C:\Windows\System\NHGdeVA.exe
  2⤵
  PID:7828
- C:\Windows\System\LnemIEg.exe
  C:\Windows\System\LnemIEg.exe
  2⤵
  PID:7632
- C:\Windows\System\CIuVRXw.exe
  C:\Windows\System\CIuVRXw.exe
  2⤵
  PID:7940
- C:\Windows\System\FFmAPJZ.exe
  C:\Windows\System\FFmAPJZ.exe
  2⤵
  PID:8032
- C:\Windows\System\wPYqYlQ.exe
  C:\Windows\System\wPYqYlQ.exe
  2⤵
  PID:7988
- C:\Windows\System\xQsDPMK.exe
  C:\Windows\System\xQsDPMK.exe
  2⤵
  PID:8080
- C:\Windows\System\HaDVMyd.exe
  C:\Windows\System\HaDVMyd.exe
  2⤵
  PID:7492
- C:\Windows\System\YztmKCl.exe
  C:\Windows\System\YztmKCl.exe
  2⤵
  PID:7628
- C:\Windows\System\OmEmRiG.exe
  C:\Windows\System\OmEmRiG.exe
  2⤵
  PID:8112
- C:\Windows\System\USdsvCy.exe
  C:\Windows\System\USdsvCy.exe
  2⤵
  PID:8132
- C:\Windows\System\cBGWsyW.exe
  C:\Windows\System\cBGWsyW.exe
  2⤵
  PID:8084
- C:\Windows\System\PVFEFgw.exe
  C:\Windows\System\PVFEFgw.exe
  2⤵
  PID:8156
- C:\Windows\System\nYgwegH.exe
  C:\Windows\System\nYgwegH.exe
  2⤵
  PID:6776
- C:\Windows\System\fHzylJR.exe
  C:\Windows\System\fHzylJR.exe
  2⤵
  PID:6792
- C:\Windows\System\wsoeoKD.exe
  C:\Windows\System\wsoeoKD.exe
  2⤵
  PID:6564
- C:\Windows\System\LccNKct.exe
  C:\Windows\System\LccNKct.exe
  2⤵
  PID:7052
- C:\Windows\System\FjHAHaI.exe
  C:\Windows\System\FjHAHaI.exe
  2⤵
  PID:6948
- C:\Windows\System\VGaBlQl.exe
  C:\Windows\System\VGaBlQl.exe
  2⤵
  PID:7184
- C:\Windows\System\HIkuhru.exe
  C:\Windows\System\HIkuhru.exe
  2⤵
  PID:6184
- C:\Windows\System\iLLBjCw.exe
  C:\Windows\System\iLLBjCw.exe
  2⤵
  PID:7344
- C:\Windows\System\UXhHOnT.exe
  C:\Windows\System\UXhHOnT.exe
  2⤵
  PID:7328
- C:\Windows\System\KHyhihl.exe
  C:\Windows\System\KHyhihl.exe
  2⤵
  PID:7444
- C:\Windows\System\IgngTqa.exe
  C:\Windows\System\IgngTqa.exe
  2⤵
  PID:7200
- C:\Windows\System\bnisbpD.exe
  C:\Windows\System\bnisbpD.exe
  2⤵
  PID:7280
- C:\Windows\System\QYzeNxG.exe
  C:\Windows\System\QYzeNxG.exe
  2⤵
  PID:7416
- C:\Windows\System\HsXISpD.exe
  C:\Windows\System\HsXISpD.exe
  2⤵
  PID:7508
- C:\Windows\System\xJisaOy.exe
  C:\Windows\System\xJisaOy.exe
  2⤵
  PID:7584
- C:\Windows\System\NREJlQp.exe
  C:\Windows\System\NREJlQp.exe
  2⤵
  PID:7796
- C:\Windows\System\ePAVVoc.exe
  C:\Windows\System\ePAVVoc.exe
  2⤵
  PID:7704
- C:\Windows\System\GkyFtQG.exe
  C:\Windows\System\GkyFtQG.exe
  2⤵
  PID:7768
- C:\Windows\System\cFarUgc.exe
  C:\Windows\System\cFarUgc.exe
  2⤵
  PID:7564
- C:\Windows\System\MSzlyyx.exe
  C:\Windows\System\MSzlyyx.exe
  2⤵
  PID:7956
- C:\Windows\System\UfvNDoS.exe
  C:\Windows\System\UfvNDoS.exe
  2⤵
  PID:7496
- C:\Windows\System\WvpXOZc.exe
  C:\Windows\System\WvpXOZc.exe
  2⤵
  PID:8188
- C:\Windows\System\RlwRXTz.exe
  C:\Windows\System\RlwRXTz.exe
  2⤵
  PID:8168
- C:\Windows\System\VPvoyQU.exe
  C:\Windows\System\VPvoyQU.exe
  2⤵
  PID:7952
- C:\Windows\System\wigkUDY.exe
  C:\Windows\System\wigkUDY.exe
  2⤵
  PID:7836
- C:\Windows\System\okxgTxY.exe
  C:\Windows\System\okxgTxY.exe
  2⤵
  PID:2220
- C:\Windows\System\gsjtwfK.exe
  C:\Windows\System\gsjtwfK.exe
  2⤵
  PID:6732
- C:\Windows\System\xtEqHSe.exe
  C:\Windows\System\xtEqHSe.exe
  2⤵
  PID:7820
- C:\Windows\System\XVcWHZa.exe
  C:\Windows\System\XVcWHZa.exe
  2⤵
  PID:6756
- C:\Windows\System\nsLcLrO.exe
  C:\Windows\System\nsLcLrO.exe
  2⤵
  PID:7368
- C:\Windows\System\OlEWfOv.exe
  C:\Windows\System\OlEWfOv.exe
  2⤵
  PID:7440
- C:\Windows\System\ffRswrD.exe
  C:\Windows\System\ffRswrD.exe
  2⤵
  PID:7124
- C:\Windows\System\EfCEgLU.exe
  C:\Windows\System\EfCEgLU.exe
  2⤵
  PID:7580
- C:\Windows\System\ttdQDEO.exe
  C:\Windows\System\ttdQDEO.exe
  2⤵
  PID:7688
- C:\Windows\System\blOTueX.exe
  C:\Windows\System\blOTueX.exe
  2⤵
  PID:7896
- C:\Windows\System\vAHDNPI.exe
  C:\Windows\System\vAHDNPI.exe
  2⤵
  PID:7752
- C:\Windows\System\YMFKltB.exe
  C:\Windows\System\YMFKltB.exe
  2⤵
  PID:7936
- C:\Windows\System\zMuUCSI.exe
  C:\Windows\System\zMuUCSI.exe
  2⤵
  PID:7816
- C:\Windows\System\gcKQCgD.exe
  C:\Windows\System\gcKQCgD.exe
  2⤵
  PID:8068
- C:\Windows\System\iiTkpON.exe
  C:\Windows\System\iiTkpON.exe
  2⤵
  PID:8048
- C:\Windows\System\QUyhNaW.exe
  C:\Windows\System\QUyhNaW.exe
  2⤵
  PID:8120
- C:\Windows\System\dwCUySo.exe
  C:\Windows\System\dwCUySo.exe
  2⤵
  PID:7044
- C:\Windows\System\emKRsro.exe
  C:\Windows\System\emKRsro.exe
  2⤵
  PID:6312
- C:\Windows\System\PujpUhc.exe
  C:\Windows\System\PujpUhc.exe
  2⤵
  PID:7256
- C:\Windows\System\fVXheoz.exe
  C:\Windows\System\fVXheoz.exe
  2⤵
  PID:7456
- C:\Windows\System\wKlSdQo.exe
  C:\Windows\System\wKlSdQo.exe
  2⤵
  PID:7228
- C:\Windows\System\LbUZwrX.exe
  C:\Windows\System\LbUZwrX.exe
  2⤵
  PID:7512
- C:\Windows\System\ycUkdUD.exe
  C:\Windows\System\ycUkdUD.exe
  2⤵
  PID:7856
- C:\Windows\System\vWIjzqR.exe
  C:\Windows\System\vWIjzqR.exe
  2⤵
  PID:7848
- C:\Windows\System\AxQDZMZ.exe
  C:\Windows\System\AxQDZMZ.exe
  2⤵
  PID:8092
- C:\Windows\System\enLymxq.exe
  C:\Windows\System\enLymxq.exe
  2⤵
  PID:8004
- C:\Windows\System\HYyFMrQ.exe
  C:\Windows\System\HYyFMrQ.exe
  2⤵
  PID:7428
- C:\Windows\System\idpjbsH.exe
  C:\Windows\System\idpjbsH.exe
  2⤵
  PID:7292
- C:\Windows\System\lRGkTKw.exe
  C:\Windows\System\lRGkTKw.exe
  2⤵
  PID:2176
- C:\Windows\System\PnkMkJM.exe
  C:\Windows\System\PnkMkJM.exe
  2⤵
  PID:7380
- C:\Windows\System\wSkpIoO.exe
  C:\Windows\System\wSkpIoO.exe
  2⤵
  PID:7180
- C:\Windows\System\tFTHcDo.exe
  C:\Windows\System\tFTHcDo.exe
  2⤵
  PID:7436
- C:\Windows\System\EiGVhHH.exe
  C:\Windows\System\EiGVhHH.exe
  2⤵
  PID:6068
- C:\Windows\System\ZVFugCW.exe
  C:\Windows\System\ZVFugCW.exe
  2⤵
  PID:2492
- C:\Windows\System\MwcifxS.exe
  C:\Windows\System\MwcifxS.exe
  2⤵
  PID:7560
- C:\Windows\System\fRoMmKx.exe
  C:\Windows\System\fRoMmKx.exe
  2⤵
  PID:7600
- C:\Windows\System\LaNtchO.exe
  C:\Windows\System\LaNtchO.exe
  2⤵
  PID:8204
- C:\Windows\System\mVmARYp.exe
  C:\Windows\System\mVmARYp.exe
  2⤵
  PID:8232
- C:\Windows\System\VSIPgGn.exe
  C:\Windows\System\VSIPgGn.exe
  2⤵
  PID:8248
- C:\Windows\System\exVurtO.exe
  C:\Windows\System\exVurtO.exe
  2⤵
  PID:8264
- C:\Windows\System\stwKInP.exe
  C:\Windows\System\stwKInP.exe
  2⤵
  PID:8284
- C:\Windows\System\gMiXyTJ.exe
  C:\Windows\System\gMiXyTJ.exe
  2⤵
  PID:8304
- C:\Windows\System\RjeEyJV.exe
  C:\Windows\System\RjeEyJV.exe
  2⤵
  PID:8324
- C:\Windows\System\deGEscL.exe
  C:\Windows\System\deGEscL.exe
  2⤵
  PID:8340
- C:\Windows\System\zjRMxHB.exe
  C:\Windows\System\zjRMxHB.exe
  2⤵
  PID:8360
- C:\Windows\System\FHcbTDE.exe
  C:\Windows\System\FHcbTDE.exe
  2⤵
  PID:8400
- C:\Windows\System\GZqVMJq.exe
  C:\Windows\System\GZqVMJq.exe
  2⤵
  PID:8416
- C:\Windows\System\CBNOHws.exe
  C:\Windows\System\CBNOHws.exe
  2⤵
  PID:8432
- C:\Windows\System\bQsEGFD.exe
  C:\Windows\System\bQsEGFD.exe
  2⤵
  PID:8448
- C:\Windows\System\YVOyVQo.exe
  C:\Windows\System\YVOyVQo.exe
  2⤵
  PID:8472
- C:\Windows\System\gXbCyaF.exe
  C:\Windows\System\gXbCyaF.exe
  2⤵
  PID:8488
- C:\Windows\System\pEYcqUV.exe
  C:\Windows\System\pEYcqUV.exe
  2⤵
  PID:8504
- C:\Windows\System\ogRzqXA.exe
  C:\Windows\System\ogRzqXA.exe
  2⤵
  PID:8524
- C:\Windows\System\bMJnvFG.exe
  C:\Windows\System\bMJnvFG.exe
  2⤵
  PID:8544
- C:\Windows\System\jyKzZlw.exe
  C:\Windows\System\jyKzZlw.exe
  2⤵
  PID:8560
- C:\Windows\System\HKLedId.exe
  C:\Windows\System\HKLedId.exe
  2⤵
  PID:8576
- C:\Windows\System\WRJDITr.exe
  C:\Windows\System\WRJDITr.exe
  2⤵
  PID:8600
- C:\Windows\System\FGgnkZX.exe
  C:\Windows\System\FGgnkZX.exe
  2⤵
  PID:8640
- C:\Windows\System\eUkRCMd.exe
  C:\Windows\System\eUkRCMd.exe
  2⤵
  PID:8660
- C:\Windows\System\LTOqivb.exe
  C:\Windows\System\LTOqivb.exe
  2⤵
  PID:8676
- C:\Windows\System\TsBVZwi.exe
  C:\Windows\System\TsBVZwi.exe
  2⤵
  PID:8704
- C:\Windows\System\bZOXhXQ.exe
  C:\Windows\System\bZOXhXQ.exe
  2⤵
  PID:8720
- C:\Windows\System\xkzqrEg.exe
  C:\Windows\System\xkzqrEg.exe
  2⤵
  PID:8740
- C:\Windows\System\eqPDFUE.exe
  C:\Windows\System\eqPDFUE.exe
  2⤵
  PID:8756
- C:\Windows\System\dSPmkcC.exe
  C:\Windows\System\dSPmkcC.exe
  2⤵
  PID:8780
- C:\Windows\System\YxmwjXY.exe
  C:\Windows\System\YxmwjXY.exe
  2⤵
  PID:8804
- C:\Windows\System\lzLMnUX.exe
  C:\Windows\System\lzLMnUX.exe
  2⤵
  PID:8820
- C:\Windows\System\nFYVcuo.exe
  C:\Windows\System\nFYVcuo.exe
  2⤵
  PID:8840
- C:\Windows\System\YWPXSla.exe
  C:\Windows\System\YWPXSla.exe
  2⤵
  PID:8856
- C:\Windows\System\zhoEoBV.exe
  C:\Windows\System\zhoEoBV.exe
  2⤵
  PID:8876
- C:\Windows\System\fukumRA.exe
  C:\Windows\System\fukumRA.exe
  2⤵
  PID:8892
- C:\Windows\System\VgomUVx.exe
  C:\Windows\System\VgomUVx.exe
  2⤵
  PID:8908
- C:\Windows\System\xLgVfmb.exe
  C:\Windows\System\xLgVfmb.exe
  2⤵
  PID:8924
- C:\Windows\System\fNHhhNB.exe
  C:\Windows\System\fNHhhNB.exe
  2⤵
  PID:8940
- C:\Windows\System\MSybUkz.exe
  C:\Windows\System\MSybUkz.exe
  2⤵
  PID:8980
- C:\Windows\System\zFvmovK.exe
  C:\Windows\System\zFvmovK.exe
  2⤵
  PID:9004
- C:\Windows\System\AFmPmma.exe
  C:\Windows\System\AFmPmma.exe
  2⤵
  PID:9020
- C:\Windows\System\nMdYxnp.exe
  C:\Windows\System\nMdYxnp.exe
  2⤵
  PID:9036
- C:\Windows\System\HxIpgze.exe
  C:\Windows\System\HxIpgze.exe
  2⤵
  PID:9052
- C:\Windows\System\PIGCcBU.exe
  C:\Windows\System\PIGCcBU.exe
  2⤵
  PID:9068
- C:\Windows\System\MjVmJBn.exe
  C:\Windows\System\MjVmJBn.exe
  2⤵
  PID:9092
- C:\Windows\System\nJWaJIA.exe
  C:\Windows\System\nJWaJIA.exe
  2⤵
  PID:9120
- C:\Windows\System\JwKJZlu.exe
  C:\Windows\System\JwKJZlu.exe
  2⤵
  PID:9136
- C:\Windows\System\tmjDlxt.exe
  C:\Windows\System\tmjDlxt.exe
  2⤵
  PID:9160
- C:\Windows\System\SjmEKxF.exe
  C:\Windows\System\SjmEKxF.exe
  2⤵
  PID:9196
- C:\Windows\System\PRgYuQI.exe
  C:\Windows\System\PRgYuQI.exe
  2⤵
  PID:9212
- C:\Windows\System\CoWlQwz.exe
  C:\Windows\System\CoWlQwz.exe
  2⤵
  PID:8064
- C:\Windows\System\aoYoXjU.exe
  C:\Windows\System\aoYoXjU.exe
  2⤵
  PID:7476
- C:\Windows\System\kieisxZ.exe
  C:\Windows\System\kieisxZ.exe
  2⤵
  PID:8200
- C:\Windows\System\jpYQSQk.exe
  C:\Windows\System\jpYQSQk.exe
  2⤵
  PID:8244
- C:\Windows\System\oxIVdtG.exe
  C:\Windows\System\oxIVdtG.exe
  2⤵
  PID:8332
- C:\Windows\System\ipKHEnl.exe
  C:\Windows\System\ipKHEnl.exe
  2⤵
  PID:8272
- C:\Windows\System\IOXKqNw.exe
  C:\Windows\System\IOXKqNw.exe
  2⤵
  PID:8376
- C:\Windows\System\FUmgwce.exe
  C:\Windows\System\FUmgwce.exe
  2⤵
  PID:8396
- C:\Windows\System\nwzDNCR.exe
  C:\Windows\System\nwzDNCR.exe
  2⤵
  PID:8460
- C:\Windows\System\feiwHiV.exe
  C:\Windows\System\feiwHiV.exe
  2⤵
  PID:8412
- C:\Windows\System\mWcOcta.exe
  C:\Windows\System\mWcOcta.exe
  2⤵
  PID:8532
- C:\Windows\System\WZZdxOl.exe
  C:\Windows\System\WZZdxOl.exe
  2⤵
  PID:8520
- C:\Windows\System\JcHGJVT.exe
  C:\Windows\System\JcHGJVT.exe
  2⤵
  PID:8552
- C:\Windows\System\bhStcdq.exe
  C:\Windows\System\bhStcdq.exe
  2⤵
  PID:8592
- C:\Windows\System\VpJbBxS.exe
  C:\Windows\System\VpJbBxS.exe
  2⤵
  PID:8620
- C:\Windows\System\ZsgmRQZ.exe
  C:\Windows\System\ZsgmRQZ.exe
  2⤵
  PID:8656
- C:\Windows\System\jonZxDp.exe
  C:\Windows\System\jonZxDp.exe
  2⤵
  PID:8688
- C:\Windows\System\dOQMEny.exe
  C:\Windows\System\dOQMEny.exe
  2⤵
  PID:8732
- C:\Windows\System\QzdZNTA.exe
  C:\Windows\System\QzdZNTA.exe
  2⤵
  PID:8736
- C:\Windows\System\ElZDaYq.exe
  C:\Windows\System\ElZDaYq.exe
  2⤵
  PID:8788
- C:\Windows\System\cRWchCC.exe
  C:\Windows\System\cRWchCC.exe
  2⤵
  PID:8828
- C:\Windows\System\ZptTmWV.exe
  C:\Windows\System\ZptTmWV.exe
  2⤵
  PID:8904
- C:\Windows\System\fHzwNXt.exe
  C:\Windows\System\fHzwNXt.exe
  2⤵
  PID:8936
- C:\Windows\System\JketAgS.exe
  C:\Windows\System\JketAgS.exe
  2⤵
  PID:8964
- C:\Windows\System\SFhjMTy.exe
  C:\Windows\System\SFhjMTy.exe
  2⤵
  PID:8972
- C:\Windows\System\eHgVkpi.exe
  C:\Windows\System\eHgVkpi.exe
  2⤵
  PID:9032
- C:\Windows\System\TyYGXkP.exe
  C:\Windows\System\TyYGXkP.exe
  2⤵
  PID:9060
- C:\Windows\System\LDvphwQ.exe
  C:\Windows\System\LDvphwQ.exe
  2⤵
  PID:9108
- C:\Windows\System\irSgpZv.exe
  C:\Windows\System\irSgpZv.exe
  2⤵
  PID:9088
- C:\Windows\System\eeerRfb.exe
  C:\Windows\System\eeerRfb.exe
  2⤵
  PID:9148
- C:\Windows\System\DHprZSZ.exe
  C:\Windows\System\DHprZSZ.exe
  2⤵
  PID:9176
- C:\Windows\System\rxnGxua.exe
  C:\Windows\System\rxnGxua.exe
  2⤵
  PID:9208
- C:\Windows\System\pMMDWZl.exe
  C:\Windows\System\pMMDWZl.exe
  2⤵
  PID:8220
- C:\Windows\System\pMILtyT.exe
  C:\Windows\System\pMILtyT.exe
  2⤵
  PID:7664
- C:\Windows\System\BTBbNVe.exe
  C:\Windows\System\BTBbNVe.exe
  2⤵
  PID:8292
- C:\Windows\System\dMDeJJl.exe
  C:\Windows\System\dMDeJJl.exe
  2⤵
  PID:8316
- C:\Windows\System\toopbLm.exe
  C:\Windows\System\toopbLm.exe
  2⤵
  PID:8424
- C:\Windows\System\xpLxGhi.exe
  C:\Windows\System\xpLxGhi.exe
  2⤵
  PID:8512
- C:\Windows\System\RloXvDR.exe
  C:\Windows\System\RloXvDR.exe
  2⤵
  PID:8612
- C:\Windows\System\qUHFttO.exe
  C:\Windows\System\qUHFttO.exe
  2⤵
  PID:8648
- C:\Windows\System\IHthGoT.exe
  C:\Windows\System\IHthGoT.exe
  2⤵
  PID:8712
- C:\Windows\System\BNNWueR.exe
  C:\Windows\System\BNNWueR.exe
  2⤵
  PID:8776
- C:\Windows\System\doqGSWW.exe
  C:\Windows\System\doqGSWW.exe
  2⤵
  PID:8764
- C:\Windows\System\IEBjXjg.exe
  C:\Windows\System\IEBjXjg.exe
  2⤵
  PID:8792
- C:\Windows\System\vtlHxyQ.exe
  C:\Windows\System\vtlHxyQ.exe
  2⤵
  PID:8836
- C:\Windows\System\jKLnnbJ.exe
  C:\Windows\System\jKLnnbJ.exe
  2⤵
  PID:8884
- C:\Windows\System\yXurRsS.exe
  C:\Windows\System\yXurRsS.exe
  2⤵
  PID:8996
- C:\Windows\System\BTIGMVb.exe
  C:\Windows\System\BTIGMVb.exe
  2⤵
  PID:9016
- C:\Windows\System\jHvryav.exe
  C:\Windows\System\jHvryav.exe
  2⤵
  PID:9076
- C:\Windows\System\ftVYFEn.exe
  C:\Windows\System\ftVYFEn.exe
  2⤵
  PID:9128
- C:\Windows\System\BiwhRwf.exe
  C:\Windows\System\BiwhRwf.exe
  2⤵
  PID:9168
- C:\Windows\System\qzEWiHl.exe
  C:\Windows\System\qzEWiHl.exe
  2⤵
  PID:8280
- C:\Windows\System\mTbKzCu.exe
  C:\Windows\System\mTbKzCu.exe
  2⤵
  PID:7232
- C:\Windows\System\BHPMOAZ.exe
  C:\Windows\System\BHPMOAZ.exe
  2⤵
  PID:8348
- C:\Windows\System\bMYSyzN.exe
  C:\Windows\System\bMYSyzN.exe
  2⤵
  PID:8464
- C:\Windows\System\MLyMAjE.exe
  C:\Windows\System\MLyMAjE.exe
  2⤵
  PID:8444
- C:\Windows\System\iJFwQqt.exe
  C:\Windows\System\iJFwQqt.exe
  2⤵
  PID:8392
- C:\Windows\System\jCkrPZe.exe
  C:\Windows\System\jCkrPZe.exe
  2⤵
  PID:8668
- C:\Windows\System\qApvZMV.exe
  C:\Windows\System\qApvZMV.exe
  2⤵
  PID:8816
- C:\Windows\System\BmHUTES.exe
  C:\Windows\System\BmHUTES.exe
  2⤵
  PID:8988
- C:\Windows\System\oVZdSqM.exe
  C:\Windows\System\oVZdSqM.exe
  2⤵
  PID:9204
- C:\Windows\System\dsOwJGP.exe
  C:\Windows\System\dsOwJGP.exe
  2⤵
  PID:8976
- C:\Windows\System\WARtaGP.exe
  C:\Windows\System\WARtaGP.exe
  2⤵
  PID:9100
- C:\Windows\System\WHLQjFf.exe
  C:\Windows\System\WHLQjFf.exe
  2⤵
  PID:8320
- C:\Windows\System\CUZQAHy.exe
  C:\Windows\System\CUZQAHy.exe
  2⤵
  PID:8480
- C:\Windows\System\PxuZDBp.exe
  C:\Windows\System\PxuZDBp.exe
  2⤵
  PID:8700
- C:\Windows\System\fxgzBcz.exe
  C:\Windows\System\fxgzBcz.exe
  2⤵
  PID:8540
- C:\Windows\System\YkSkFRR.exe
  C:\Windows\System\YkSkFRR.exe
  2⤵
  PID:8960
- C:\Windows\System\qltqZBm.exe
  C:\Windows\System\qltqZBm.exe
  2⤵
  PID:9192
- C:\Windows\System\ahSVghV.exe
  C:\Windows\System\ahSVghV.exe
  2⤵
  PID:8212
- C:\Windows\System\xSMgVdx.exe
  C:\Windows\System\xSMgVdx.exe
  2⤵
  PID:8596
- C:\Windows\System\RBKMmUA.exe
  C:\Windows\System\RBKMmUA.exe
  2⤵
  PID:5924
- C:\Windows\System\akDgBnj.exe
  C:\Windows\System\akDgBnj.exe
  2⤵
  PID:8848
- C:\Windows\System\PnbJtbu.exe
  C:\Windows\System\PnbJtbu.exe
  2⤵
  PID:8296
- C:\Windows\System\JXjdhaH.exe
  C:\Windows\System\JXjdhaH.exe
  2⤵
  PID:8608
- C:\Windows\System\oWIWkZi.exe
  C:\Windows\System\oWIWkZi.exe
  2⤵
  PID:8672
- C:\Windows\System\AqESVHA.exe
  C:\Windows\System\AqESVHA.exe
  2⤵
  PID:8240
- C:\Windows\System\DvkHDnb.exe
  C:\Windows\System\DvkHDnb.exe
  2⤵
  PID:8568
- C:\Windows\System\csnMmnz.exe
  C:\Windows\System\csnMmnz.exe
  2⤵
  PID:8628
- C:\Windows\System\yKdgVEy.exe
  C:\Windows\System\yKdgVEy.exe
  2⤵
  PID:8932
- C:\Windows\System\YTTUUAm.exe
  C:\Windows\System\YTTUUAm.exe
  2⤵
  PID:9224
- C:\Windows\System\PiiykrO.exe
  C:\Windows\System\PiiykrO.exe
  2⤵
  PID:9244
- C:\Windows\System\AXjGoCr.exe
  C:\Windows\System\AXjGoCr.exe
  2⤵
  PID:9268
- C:\Windows\System\DrNFojO.exe
  C:\Windows\System\DrNFojO.exe
  2⤵
  PID:9284
- C:\Windows\System\lONrANb.exe
  C:\Windows\System\lONrANb.exe
  2⤵
  PID:9308
- C:\Windows\System\deVAaud.exe
  C:\Windows\System\deVAaud.exe
  2⤵
  PID:9324
- C:\Windows\System\wmDjUZG.exe
  C:\Windows\System\wmDjUZG.exe
  2⤵
  PID:9348
- C:\Windows\System\qMbjtjR.exe
  C:\Windows\System\qMbjtjR.exe
  2⤵
  PID:9368
- C:\Windows\System\yxhbcIM.exe
  C:\Windows\System\yxhbcIM.exe
  2⤵
  PID:9388
- C:\Windows\System\HbOJMUg.exe
  C:\Windows\System\HbOJMUg.exe
  2⤵
  PID:9408
- C:\Windows\System\IhIpOey.exe
  C:\Windows\System\IhIpOey.exe
  2⤵
  PID:9424
- C:\Windows\System\DGfHjow.exe
  C:\Windows\System\DGfHjow.exe
  2⤵
  PID:9444
- C:\Windows\System\bRwPQUe.exe
  C:\Windows\System\bRwPQUe.exe
  2⤵
  PID:9464
- C:\Windows\System\TVcFCBU.exe
  C:\Windows\System\TVcFCBU.exe
  2⤵
  PID:9484
- C:\Windows\System\vqXbXdP.exe
  C:\Windows\System\vqXbXdP.exe
  2⤵
  PID:9504
- C:\Windows\System\sKjBxYH.exe
  C:\Windows\System\sKjBxYH.exe
  2⤵
  PID:9524
- C:\Windows\System\iAXuNwB.exe
  C:\Windows\System\iAXuNwB.exe
  2⤵
  PID:9544
- C:\Windows\System\pRgAgVe.exe
  C:\Windows\System\pRgAgVe.exe
  2⤵
  PID:9564
- C:\Windows\System\kmmevqw.exe
  C:\Windows\System\kmmevqw.exe
  2⤵
  PID:9588
- C:\Windows\System\mIbcgMd.exe
  C:\Windows\System\mIbcgMd.exe
  2⤵
  PID:9608
- C:\Windows\System\zouyGfk.exe
  C:\Windows\System\zouyGfk.exe
  2⤵
  PID:9624
- C:\Windows\System\LtUPZfA.exe
  C:\Windows\System\LtUPZfA.exe
  2⤵
  PID:9640
- C:\Windows\System\hhOlqgM.exe
  C:\Windows\System\hhOlqgM.exe
  2⤵
  PID:9668
- C:\Windows\System\fTHrmcg.exe
  C:\Windows\System\fTHrmcg.exe
  2⤵
  PID:9684
- C:\Windows\System\OzLzKfE.exe
  C:\Windows\System\OzLzKfE.exe
  2⤵
  PID:9704
- C:\Windows\System\azJhulW.exe
  C:\Windows\System\azJhulW.exe
  2⤵
  PID:9720
- C:\Windows\System\lzFElfh.exe
  C:\Windows\System\lzFElfh.exe
  2⤵
  PID:9736
- C:\Windows\System\bvaHRJL.exe
  C:\Windows\System\bvaHRJL.exe
  2⤵
  PID:9752
- C:\Windows\System\HRdNkCa.exe
  C:\Windows\System\HRdNkCa.exe
  2⤵
  PID:9784
- C:\Windows\System\uIQuraU.exe
  C:\Windows\System\uIQuraU.exe
  2⤵
  PID:9804
- C:\Windows\System\WTHbzkE.exe
  C:\Windows\System\WTHbzkE.exe
  2⤵
  PID:9828
- C:\Windows\System\okGgkCe.exe
  C:\Windows\System\okGgkCe.exe
  2⤵
  PID:9848
- C:\Windows\System\OJoFDdR.exe
  C:\Windows\System\OJoFDdR.exe
  2⤵
  PID:9864
- C:\Windows\System\MQxKJou.exe
  C:\Windows\System\MQxKJou.exe
  2⤵
  PID:9888
- C:\Windows\System\BCgnFhF.exe
  C:\Windows\System\BCgnFhF.exe
  2⤵
  PID:9912
- C:\Windows\System\WuGMsII.exe
  C:\Windows\System\WuGMsII.exe
  2⤵
  PID:9928
- C:\Windows\System\pYLKuyG.exe
  C:\Windows\System\pYLKuyG.exe
  2⤵
  PID:9944
- C:\Windows\System\LbzUAAW.exe
  C:\Windows\System\LbzUAAW.exe
  2⤵
  PID:9976
- C:\Windows\System\PzKaZxg.exe
  C:\Windows\System\PzKaZxg.exe
  2⤵
  PID:9992
- C:\Windows\System\SBrUKQH.exe
  C:\Windows\System\SBrUKQH.exe
  2⤵
  PID:10008
- C:\Windows\System\myrlJxX.exe
  C:\Windows\System\myrlJxX.exe
  2⤵
  PID:10024
- C:\Windows\System\NUuBBqk.exe
  C:\Windows\System\NUuBBqk.exe
  2⤵
  PID:10040
- C:\Windows\System\UixJrtG.exe
  C:\Windows\System\UixJrtG.exe
  2⤵
  PID:10064
- C:\Windows\System\JYExMQe.exe
  C:\Windows\System\JYExMQe.exe
  2⤵
  PID:10084
- C:\Windows\System\VhWtHUn.exe
  C:\Windows\System\VhWtHUn.exe
  2⤵
  PID:10100
- C:\Windows\System\OXvLWBn.exe
  C:\Windows\System\OXvLWBn.exe
  2⤵
  PID:10136
- C:\Windows\System\DcrzDAF.exe
  C:\Windows\System\DcrzDAF.exe
  2⤵
  PID:10152
- C:\Windows\System\arVjcbW.exe
  C:\Windows\System\arVjcbW.exe
  2⤵
  PID:10168
- C:\Windows\System\leUZhKc.exe
  C:\Windows\System\leUZhKc.exe
  2⤵
  PID:10196
- C:\Windows\System\CGgOmwm.exe
  C:\Windows\System\CGgOmwm.exe
  2⤵
  PID:10212
- C:\Windows\System\xoarQzY.exe
  C:\Windows\System\xoarQzY.exe
  2⤵
  PID:10228
- C:\Windows\System\AEUSVWt.exe
  C:\Windows\System\AEUSVWt.exe
  2⤵
  PID:8872
- C:\Windows\System\GFdmcpR.exe
  C:\Windows\System\GFdmcpR.exe
  2⤵
  PID:9236
- C:\Windows\System\KXoyVqR.exe
  C:\Windows\System\KXoyVqR.exe
  2⤵
  PID:9304
- C:\Windows\System\oyPvjzL.exe
  C:\Windows\System\oyPvjzL.exe
  2⤵
  PID:9320
- C:\Windows\System\TtdQpue.exe
  C:\Windows\System\TtdQpue.exe
  2⤵
  PID:9364
- C:\Windows\System\wkfDmXE.exe
  C:\Windows\System\wkfDmXE.exe
  2⤵
  PID:9396
- C:\Windows\System\VmbXoYr.exe
  C:\Windows\System\VmbXoYr.exe
  2⤵
  PID:9432
- C:\Windows\System\aNDqvHD.exe
  C:\Windows\System\aNDqvHD.exe
  2⤵
  PID:9460
- C:\Windows\System\IgRRVjK.exe
  C:\Windows\System\IgRRVjK.exe
  2⤵
  PID:9492
- C:\Windows\System\MgsHGpK.exe
  C:\Windows\System\MgsHGpK.exe
  2⤵
  PID:9520
- C:\Windows\System\upjTYER.exe
  C:\Windows\System\upjTYER.exe
  2⤵
  PID:9536
- C:\Windows\System\oWjeGuA.exe
  C:\Windows\System\oWjeGuA.exe
  2⤵
  PID:9580
- C:\Windows\System\IfoKVen.exe
  C:\Windows\System\IfoKVen.exe
  2⤵
  PID:9620
- C:\Windows\System\ZDsacTR.exe
  C:\Windows\System\ZDsacTR.exe
  2⤵
  PID:9652
- C:\Windows\System\aCTIgnv.exe
  C:\Windows\System\aCTIgnv.exe
  2⤵
  PID:9712
- C:\Windows\System\QsWJwJh.exe
  C:\Windows\System\QsWJwJh.exe
  2⤵
  PID:9728
- C:\Windows\System\eDNMbqU.exe
  C:\Windows\System\eDNMbqU.exe
  2⤵
  PID:9772
- C:\Windows\System\LqyjSdh.exe
  C:\Windows\System\LqyjSdh.exe
  2⤵
  PID:9764
- C:\Windows\System\hUyHQSw.exe
  C:\Windows\System\hUyHQSw.exe
  2⤵
  PID:9812
- C:\Windows\System\TspLHLo.exe
  C:\Windows\System\TspLHLo.exe
  2⤵
  PID:9836
- C:\Windows\System\BgqVtax.exe
  C:\Windows\System\BgqVtax.exe
  2⤵
  PID:9856
- C:\Windows\System\VDpqPAW.exe
  C:\Windows\System\VDpqPAW.exe
  2⤵
  PID:9940
- C:\Windows\System\uybwBUT.exe
  C:\Windows\System\uybwBUT.exe
  2⤵
  PID:9964
- C:\Windows\System\fOYjzHI.exe
  C:\Windows\System\fOYjzHI.exe
  2⤵
  PID:10004
- C:\Windows\System\xuNHWPJ.exe
  C:\Windows\System\xuNHWPJ.exe
  2⤵
  PID:10020
- C:\Windows\System\VzYhyxR.exe
  C:\Windows\System\VzYhyxR.exe
  2⤵
  PID:10060
- C:\Windows\System\TgjdhCA.exe
  C:\Windows\System\TgjdhCA.exe
  2⤵
  PID:10108
- C:\Windows\System\NrIyZii.exe
  C:\Windows\System\NrIyZii.exe
  2⤵
  PID:10120
- C:\Windows\System\PWChKfw.exe
  C:\Windows\System\PWChKfw.exe
  2⤵
  PID:10164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CRQsHjP.exe

Filesize
6.0MB

MD5
8bae7f49808fb328029e0e06f4054b8e

SHA1
5369a5da2c5813265b47f2d6eaf111ddf76ccf94

SHA256
a4f9a9725c1664194c6385672436bbde598fa81468192fa7905ab401fddd0201

SHA512
7db9997b46ba0c1ddaa9990fb91fbedc103a0fd35215456a0ee4ce6475103716e157b999f8a9116dc88342ea3f84a34ce6b1bb3da8f5423685c9e1c6df81f0b5

Download Submit
C:\Windows\system\GAysPKQ.exe

Filesize
6.0MB

MD5
d134e4b879493655382668113f5f0ed8

SHA1
68f8aded6d52f9d83defa521fa7cc8709114c693

SHA256
e7a101de49830dfda632415baee79e1b8c7ef270d1cbb5c5072e2f653a442222

SHA512
ad21bf31a8fc1a60d6e61af6dbfad0f54ae1dedb57ea874d1a00cb379f49239b553fb241a573b7151a46acf9e97205ae11c2293dd8d6c2d960eb6f55dafbea9c

Download Submit
C:\Windows\system\HBmVmYo.exe

Filesize
6.0MB

MD5
61a922b2d6ba4a116181694586c3809a

SHA1
0c77d1816f0a1de8fdda3bb0294e8aecf814aa52

SHA256
c39240b3427b462f80f91dc6d2fb71af0d9f6e59748138a9eebeb1dedfd38f4f

SHA512
fc6b21876c9e792ac24d82bf029bde86689197623d8049b2bdab21de7b162c5ff12dd2a8f7ef6dd38721f62158b873bf5624de2b16734fd5f46e84947af9e28a

Download Submit
C:\Windows\system\HLqNjLh.exe

Filesize
6.0MB

MD5
638601ee377d53c931c759f84c43c178

SHA1
f118c58d73a0126baaa3a67f54eea739c3788af5

SHA256
ba518c9f34bae6a8c1ec896dd54b7f82e8ea250192474c895a719e8626fe7aa5

SHA512
fb0b71785d561dc0b77fa0dfe5a8bd5bf5c8fb81c8c0ea1466e7627a6780231a54ea2c503eca9a2f8ba42d6df0ae27913c995bfa4063882bac7e6b616c0521e3

Download Submit
C:\Windows\system\IkDyhil.exe

Filesize
6.0MB

MD5
e12761e61aaf996cd5e2cc13bcf7a733

SHA1
f4227a73fac0c7a19a2aa2870c43fecc59e76793

SHA256
ec80ff0bb7a5579ceb518fa08c16d854e7d62bd319559d9a7825cf54fa61fb36

SHA512
4138aadc8c0ea00f69f0e744018b8c43da617f665a3d5d8eebcb157cd2c9a75ed46db6ff941b6273d29d391b41a45ec4934258c4b2e75661a0ee986795ec944f

Download Submit
C:\Windows\system\IxMlOOr.exe

Filesize
6.0MB

MD5
81b622dd4b8a2c6e30d87a9d3def099b

SHA1
de56e8ba159d38c22e1a575427636615e69f4542

SHA256
0b5ea034e871164bc300e539db8f3f06ed145a3e865fbf3282264184c8ee6440

SHA512
3eb0e7f1c04ddc491c47c02b837ac3bfa768200fd74e2b15aff5cdaae1dad686b2f355dc9889526ed4f7722ce074aaed6fdbf504afeec4a92ad1b3116f7c4591

Download Submit
C:\Windows\system\JynBrKd.exe

Filesize
6.0MB

MD5
3a23c89e9bbf108222a82ca42b0af4ee

SHA1
c423f6cd179b115557199f926df9b842dc39988d

SHA256
be2d6176ccea6512d9e44068dcec4c9a7348d21804e13560ddbb2c9738982964

SHA512
d0bc6eba28012c1837e3de032f87d4af79fd5cb52a91b20fb25c5c3cb8d3e2175d21831e171ce47da76f28d268a3a1b20df38b84213729aca51990b725221b8e

Download Submit
C:\Windows\system\MuavxRp.exe

Filesize
6.0MB

MD5
59311de0c30d04271daafaea8252a8fa

SHA1
ebf36a6a86909e694912361d13cba1d9810b3d1d

SHA256
6acf8e4d72ccec9efb97ac7ffc49b4102566488bafac398b74b8c1b6361c14d0

SHA512
f9fc56a3bd892bd7290b75c5452ceee24a44654318b902b118e0e30dde4d8800f347f9f3770cd446e99993799197cf96cd3202e201e37b955bff7c6516d6b775

Download Submit
C:\Windows\system\OtEddiY.exe

Filesize
6.0MB

MD5
27cbe91718b7dee426a6d1bcb042e3f8

SHA1
86db44a9927ff183d021c72c8d584829939076b4

SHA256
00420587ed131b4a60257e0b23c41826e43cd0f9f52e5c3f9bde9c7239343101

SHA512
7a677e622615116157d621708bb737c987b2ec506bf27b9759165d08c8d9a9acab80b2a3ae3833ba67c15d37845e6e3d7705e3384801b4053806dcbf08e771fa

Download Submit
C:\Windows\system\SIVvTEM.exe

Filesize
6.0MB

MD5
08af1c6e67876881dce3f265f993024d

SHA1
cf21b8c76138aef61efce5768a9a6b97c298b43b

SHA256
4961c5905316bcdaa4835f85fb3686f65fabfb4a64100937fe6a50d3caeb1334

SHA512
b6abac5391ba4a396e0eba33c8906b97ef3066e1b7b17096bab7b3c89df5952bdea3e93e72acdab9ac8a33dcab94945523590d8544e63b30bce1388b443db81e

Download Submit
C:\Windows\system\SaFLmhP.exe

Filesize
6.0MB

MD5
b67f31ad9ff6d03048a8f30b054a26ec

SHA1
84334798a4bd3f2a3ec9f241f03248ad8e727f49

SHA256
05d00370adaaf4079bf51de9b61f4d4825152949deb294d47e667bc8b773221d

SHA512
82ac3bdca22d230bf358e65f6e9b6e8a97f867af6deba323a3bed4b8d5082a52c1025a99d7b724a8c1c9bfd42fbcf25fd2ee13b8c478ca84b5584840194ed845

Download Submit
C:\Windows\system\UCGamKV.exe

Filesize
6.0MB

MD5
ac90afade8c1d6ed05472339e51c629f

SHA1
d10a308796d0e6c980b7c6b4e945ee844b9ed17f

SHA256
9e851ac0d41018da21a27a98554060109afddd46253de5019bbb3a10df297b3a

SHA512
ac00d66dd6bebfd95c67a6c79664017812516101f644c6362d393e827d7e904efeffc97abc8a108b9f75b17c7dd43240dcc1ca3417d782c03a0bb6621dd8a9d0

Download Submit
C:\Windows\system\VshCQJl.exe

Filesize
6.0MB

MD5
3a2c6e70c8522c517a6189600a07f858

SHA1
6c834770348cd5423910a9160c0ae0da9ea1c23a

SHA256
51b18a8f1303fcec0e64fe7e8c6d579eaa2392910ef03d4017c0857f99c95d1e

SHA512
ae4ee2ee4f150918ebdb5cf872bebb070e2dc36cf84ea0f8245b3b447bc64fb0309a9970a156cb7eafed815edcae9aa766f7eafc758a7f83301c66fb7234e295

Download Submit
C:\Windows\system\VwTNeDz.exe

Filesize
6.0MB

MD5
2624079aa78f373fcd28ff09f0794847

SHA1
243eeb2c4571b6f49b0679a94f3b74f1270d7ed1

SHA256
e5ce8f700e2eca5a7f1337480834fd94fa82d04363a9a844521bd8c6ba364d40

SHA512
7a3b97fa6b054c850bc13ea500aa3e2efff3009ee0c60284b23a4318ce8f40deedbf13407d456b250ea24ee17a7149cac00b3fdaac2655f33d0d1d8d6b2965be

Download Submit
C:\Windows\system\aqnBMmw.exe

Filesize
6.0MB

MD5
97d3dfab8ee5469830147e1c4120acdc

SHA1
f03b4f7520114f99be82838d331ef4cb2c178b7d

SHA256
cb768ad945714ff65411b8c8fbf7350e6fcefec9ad5ce3bb38887bf7a4e7c65f

SHA512
69cb073dfa0bc1c746563c5b656283a30cc6fdbd2531d6f652aeb0659ec65a75033d8e106193d8d9a0d68feed44e0e4a566d4067c610ef1e1e086a3501dbd5b5

Download Submit
C:\Windows\system\eHakewN.exe

Filesize
6.0MB

MD5
3c9ac731643cc63b98724d73741faf49

SHA1
a9a33c38b6c375d03ec800c5af030b071c4ad42f

SHA256
fc2590b2c4e720905bb581c817f81a291332b4ebbd652f243d1e4074ef0ce91d

SHA512
1655a9e084fc37db64498605ba63a911fc3c8bddcfda285ea0a6baa287f139471b1ad44058102d7d3b9b0cbf7969827847f1c7325d217ac4286078200d292009

Download Submit
C:\Windows\system\ffjjmNk.exe

Filesize
6.0MB

MD5
b9db8c02cacb328a2dad2924073abdf6

SHA1
57b18797e9b87d7f89f56e24202b92c5a1574e46

SHA256
a81b9a3b4b320305e57ebaf63bcdb72cbdf61d272c07838060fc2502c32e7a3a

SHA512
b1aabca9b1888842276abc736d5a8e10fc3cbfe47bf17a39769dd15a9e93b082a642226e0d11214d8490090fd76b2e9828e470a362febc8dbda25ed19ed5983d

Download Submit
C:\Windows\system\jDCddWj.exe

Filesize
6.0MB

MD5
27058227db9e1c8d14df2a6ec6f13444

SHA1
141c3947b5bf0b6ac6489dfbcf5587b8ade9865d

SHA256
d8d9cec46debaf0637503863be1a73db6f42b5d8a8bd71fec03bb18f4e7d74a4

SHA512
83a73e52237e3ead1c6eb01ff0aa40ee2f63cf84759fc56e05f6f5f74ef758383abd935e788045d7a04653288ecdaf580d85a6f7cc109e8758db6f79efc96cf3

Download Submit
C:\Windows\system\jeoxXkV.exe

Filesize
6.0MB

MD5
7dc3b96f5b1f1d6439acc0a1ad953672

SHA1
4a4064d9d991e20fbcc99c2e64ccdc9f889e87f8

SHA256
a99ae8d5f844662afb13567ec022893a9adb8bf2e7756829d407ee4ed5beff78

SHA512
9dcfbd77bba505b98915d88ce1831c5c480b9f7e5c1b3c11b93ddef6c50f13bb2513ec9893300f8869983a3f9bc2193a5d3c71b16b34a0ba94ff97ff93ef5fb3

Download Submit
C:\Windows\system\mecStPd.exe

Filesize
6.0MB

MD5
d983cace902b7ce83f63c8f4121e9a79

SHA1
e373ef1cda9846c7fc7122f3dc7eadf3fc79a208

SHA256
4d2be04fd94a9e5da9ff3b8eebfbf4194d9f7743bca6af32ec613a948553d8db

SHA512
309906bab5c27de37fd7cdde39227e0224547ce1ef7a24241d0621a92c4ebea818739731e04aedc5f384c3f4e4554a856e48a7b6478f798f0aa1aca32f32ff42

Download Submit
C:\Windows\system\myCcmLt.exe

Filesize
8B

MD5
5f3987f425069731d6d57d95b1dd1e4f

SHA1
ef1830cb916d681d6c7250bbce47eae8b431f1c6

SHA256
d9cb7c4fa97ee6d81e71c7885a13637e4f679a390a346793a84c1ae34e1fba0d

SHA512
18abb26bd449e1711cdbcb3e3b32a63842e97cf90682a8b2fe2eb573f546432bc8a63385fbf66b0b09a783d53f0ed8fd47420409b582f52328d3b7c80f7d197e

Download Submit
C:\Windows\system\upuMmAr.exe

Filesize
6.0MB

MD5
97892fabc4bfa174a60b703eb45180b3

SHA1
fd059ccce27cd9865d0e5257230eefd133d8123a

SHA256
4f134e2d15d93a5677ff76603ce0e592100eb1328e2f9417190e957e24373dd7

SHA512
04a444a7b06d11174723793a33e8f679174aae5a0a077596abb41cb082a9793c7299a43364689377f25bd18370a020e5abf9e237a8b85334bddda3d2960b3a18

Download Submit
C:\Windows\system\vvsCSrc.exe

Filesize
6.0MB

MD5
907874dbccd4f0a4c2c1c3baba5d481b

SHA1
6a40a0a6e7b9dd56d5994093d2c2a0f8c33867ce

SHA256
e600cb2d9bff43e1daece5840d2f0d1bb2cedf238b9a048e31605faaf35b4567

SHA512
d0386365a88d7262814cc75eefabe6f38e732cb0c264701c6f5f7dbe49951933faa099c12a3721f68dd0d41b17321ff9188352510f43b340aff3d123a19f728f

Download Submit
\Windows\system\BbWlQLx.exe

Filesize
6.0MB

MD5
ec2cc2cfc3166f8cd8bec84336faba8b

SHA1
9d30547de5d171e25661b593f88d1dd9466bcf1c

SHA256
e875da0755276e699712df9702d98ef6874fb79f7df2312db5e2175ae569c459

SHA512
9931d43a93c8b2a418d18d45b03cb73f6c8bd06043c8799aca68987908abf9a97d8e78d59a7ef59df16177852437dc56a6e245fb9e7f51b7f1d9b46d701a74fd

Download Submit
\Windows\system\LUemmUJ.exe

Filesize
6.0MB

MD5
838c732f2b92c0e203971fff6c798393

SHA1
74cd36887ef31b13ccbdfef047334c0b1778b2da

SHA256
d7ffeb711ac18068e1c31c3b0ed18c876ce9950f737fa3a84ba7489a66531c04

SHA512
5b604b36d049507a10a710d812d183eac6d32286d3c09e9c04698218ef6936345d9f1178c2ed82307a8b6ccdc29371ba22c27a07e2c3913b636da08b7e5119c2

Download Submit
\Windows\system\OTjLWCn.exe

Filesize
6.0MB

MD5
2d5de1d11d38b793d6ca364ed57955ff

SHA1
d71fd125e6135fe89848a4bbcbac2a013e836ff0

SHA256
15c663dd05c5d7a7ecc4da253b264ebb28e3df07a4b6f60659b0283d5189e9d0

SHA512
8e2e772243291798b863be4d629275a6baa10bfed6b0e2f2de6be72ddfdf2c98269f70b9288e02e7f8fd359e1b717a8d59d6ce233f4668ce8a6d3c19882d70d9

Download Submit
\Windows\system\RDyJtsX.exe

Filesize
6.0MB

MD5
b59fa46a15b71c842f21481d7651d672

SHA1
0a2839758019f1c0df14ec0ff43a2f4e3c31f9f0

SHA256
d52cbbd1f74ca65d05dea83ec19cfacdc324ba876a6aff7533c74e625971784e

SHA512
e1495491fdae225a87481ff5c10e4e2b6e90495eff02020ebc54a01fd906c2a86875ceb7606314a1b19872a3f0c00c3943398eaeaef7ab2b0d720d3b506f0776

Download Submit
\Windows\system\RjDAdOo.exe

Filesize
6.0MB

MD5
6de68cd1281cd102a0ead620308cf4f8

SHA1
4357c745341bfe1079078c85fabdcc056b0e9d61

SHA256
7fef39533ae6884fef94963cf4d4d9c2255e67a8230424aa0711f27f3258c9e1

SHA512
46f523f6b4d6bfc7f164d9ca7d06b71ed80cf6f8f4391dc7f7821bca0c27af986051f5f0dcbdabe6a70379e6fae3d89fedd6f3a3687bd745df259e9fee89ca8b

Download Submit
\Windows\system\WovTlJm.exe

Filesize
6.0MB

MD5
f2887e7aa952872c5c9c8554d55104a8

SHA1
8dc15eaaf2f0c93565124d85a5e8f3af7e3ee8a1

SHA256
65e782035558e354f9014264c0cd54d25f42f403d9b9b79c09b687c2228c5546

SHA512
b587e58c827843e92d2ac4bd478d5847e44dc893f8ba0fdc8cee80e6a08677758d9bf039bd4e528332c1f5344c20ba027c75f882c9c240cebcf4d8c0d344dc61

Download Submit
\Windows\system\ctrVQNI.exe

Filesize
6.0MB

MD5
ed49eb9df2468583901955f61623c988

SHA1
eb56df7062d506887f9fd7b9870ed7a0b291d5b2

SHA256
e61064ed725898e12bf18f195f4cd8d0f1d05980de44013bf8895eb47e88924d

SHA512
e93eb3141bab09c0dace1f761a19c0841a61db249fae92aeab4f063bc6eeaf617e64dce7adfbf7b4da606eee78e87c823cb1c9a01a2665e053aacad6d46d716e

Download Submit
\Windows\system\gOWIYzz.exe

Filesize
6.0MB

MD5
fe90d83dc88c48437124330518edde71

SHA1
cf9dc4a40a882ea13e1912ea1befe683bdff3d80

SHA256
f712c0d3f22f6d8e54dca4bfcddb31be095aa7b6b500bb52946183143565cec2

SHA512
a89da290349c51fbe7fedf0f780c3b72c8d8c75809fa66d547d1330929b7a498bcbf5d85ce7027c4808a0d4fbd9b06011f4cb03456186527871940e7782105b0

Download Submit
\Windows\system\iFOfuzL.exe

Filesize
6.0MB

MD5
315fe22edfb3c0562ef4c92c71f86001

SHA1
a234ab107a408c3d3f35cf420b2bf3cb333711b8

SHA256
440fe7a49ecc85f2e497f870c62e3b537ae5feae45de3506098f20d7043f425b

SHA512
59801cc27919db9e4cac041f30e0bc452e9422f386062655c843121b1746d4dcdc666e560a6e8fd814860fcf6638e737952318733ef33ea1798a1219e999315c

Download Submit
\Windows\system\qtHrefX.exe

Filesize
6.0MB

MD5
cad7fb4c9636dca316f99d08f3a93ec2

SHA1
6cbac3f4801881436d6e78e3e02407810689fbf1

SHA256
cc776a05c1fea8495eefe15b7a3900ec9887ef78ca4c86d574bb5e88417daffb

SHA512
c9d5bab1047e9ad6d3269f1706a548ac96ee7d2a630b34e54d2e2cd686ec737a8e4ddfc322d0c952d436336ea7fb456936f5e11d554913d34d67e1c089a867ff

Download Submit
memory/1724-38-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1724-3591-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1724-10-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2208-78-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2208-43-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3763-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2244-41-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3592-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-14-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-55-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3594-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-20-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-107-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3811-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2532-97-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3804-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2596-51-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3786-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3807-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2612-67-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2648-502-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3800-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2648-71-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2708-63-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2708-309-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3796-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2776-62-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2776-27-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3739-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2800-82-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2800-540-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3823-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3742-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-36-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-59-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2904-100-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-33-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2904-45-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-23-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-95-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2904-109-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2904-61-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2904-234-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2904-91-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-104-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-547-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-15-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-541-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download