cobaltstrike | f74e2a7ef37c2458a838aeb5c44e94a9dda4977c501981a3ae8ceb2c33d39b23

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3ce64dd420603927bd8f668d16eda1d2
SHA1

1e926d97242d685a6812fc2253d825293f725e29
SHA256

f74e2a7ef37c2458a838aeb5c44e94a9dda4977c501981a3ae8ceb2c33d39b23
SHA512

10c033ad0717931c81cf4a49de30e92e8b7ab660f72b5f431d67e3969fcd71ebba66247f0f859c12e619c73c55ae53d51fe405294f26631351f3cca43ca39dd8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f1-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019023-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019350-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b4-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c2-36.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000193e1-41.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001941e-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c59-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc2-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc0-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cb9-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199bf-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2400-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f1-3.dat	xmrig
behavioral1/files/0x0008000000019023-8.dat	xmrig
behavioral1/files/0x000700000001925e-15.dat	xmrig
behavioral1/files/0x0007000000019282-21.dat	xmrig
behavioral1/files/0x0006000000019350-26.dat	xmrig
behavioral1/files/0x00060000000193b4-30.dat	xmrig
behavioral1/files/0x00060000000193c2-36.dat	xmrig
behavioral1/files/0x00090000000193e1-41.dat	xmrig
behavioral1/files/0x000800000001941e-46.dat	xmrig
behavioral1/files/0x0005000000019c57-131.dat	xmrig
behavioral1/files/0x0005000000019c59-141.dat	xmrig
behavioral1/files/0x0005000000019dc2-160.dat	xmrig
behavioral1/files/0x0005000000019dc0-155.dat	xmrig
behavioral1/files/0x0005000000019cb9-150.dat	xmrig
behavioral1/files/0x0005000000019c5b-145.dat	xmrig
behavioral1/files/0x00050000000199bf-128.dat	xmrig
behavioral1/files/0x0005000000019838-120.dat	xmrig
behavioral1/files/0x00050000000198f0-125.dat	xmrig
behavioral1/files/0x00050000000197f8-115.dat	xmrig
behavioral1/files/0x000500000001977d-110.dat	xmrig
behavioral1/files/0x00050000000196b1-105.dat	xmrig
behavioral1/files/0x00050000000196af-100.dat	xmrig
behavioral1/files/0x0005000000019667-95.dat	xmrig
behavioral1/files/0x0005000000019625-90.dat	xmrig
behavioral1/files/0x0005000000019622-81.dat	xmrig
behavioral1/files/0x0005000000019623-85.dat	xmrig
behavioral1/files/0x0005000000019621-76.dat	xmrig
behavioral1/files/0x000500000001961f-70.dat	xmrig
behavioral1/files/0x000500000001961d-66.dat	xmrig
behavioral1/files/0x000500000001961b-60.dat	xmrig
behavioral1/memory/2400-1753-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2208-1752-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2400-1769-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1948-1761-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2400-1793-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2340-1791-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019619-56.dat	xmrig
behavioral1/files/0x0005000000019617-50.dat	xmrig
behavioral1/memory/2144-1886-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2152-2018-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2308-2071-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2400-2072-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2820-2162-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2840-2251-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2948-2302-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2400-2358-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2400-2471-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2944-2470-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2400-3029-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2400-3303-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2144-3875-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2308-3880-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2944-3883-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2208-3882-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2840-3879-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2948-3877-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1948-3876-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2340-3905-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2152-3904-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2820-3903-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2992	YqAeuUk.exe
2208	gJAooqv.exe
1948	oCAMbqP.exe
2340	mngNuwp.exe
2144	VzjdIEM.exe
2152	fyHoexH.exe
2308	xKleSML.exe
2820	CpNSRUG.exe
2840	YfmOZFU.exe
2948	UdWMGUG.exe
2944	mrPdZRb.exe
2880	sKzpIvP.exe
2916	YiLykQt.exe
2780	yhXtLOK.exe
2616	KAeuNez.exe
2664	KhOYOYa.exe
3024	RrODNeR.exe
2228	TbaPpVM.exe
1972	zUnZaET.exe
1140	ZLaFmjE.exe
1704	FqqJmGp.exe
1744	wonJiDi.exe
2012	yXpYVbE.exe
1792	WUAUrgb.exe
2388	JXJKdLv.exe
1648	FDKsLjg.exe
2680	lsAgqbT.exe
2212	kIiRvgO.exe
2848	bIZdXKK.exe
1480	slxONsk.exe
1228	oKCTTVp.exe
1152	GOlxKcw.exe
2912	XYPhcZs.exe
836	irTvxnb.exe
688	vsNRMLa.exe
1240	NWMjejz.exe
1872	oeDwXxP.exe
808	qcUWXeJ.exe
1256	xAXzSPG.exe
2984	GukRSUA.exe
1272	KcJLfRL.exe
956	QTdFGak.exe
1784	TJEwdPy.exe
3064	kCPiiUr.exe
356	bZbINYP.exe
2596	quexKFY.exe
2484	qqWfLin.exe
2264	iltJBWX.exe
592	pFQTHqc.exe
332	CbQNHEy.exe
2360	bqpRfcL.exe
2496	imsZbHJ.exe
1504	mpHshYI.exe
2492	tSqcnwC.exe
2356	uEcqHfZ.exe
1936	mRBXGuz.exe
1600	xSrbwCt.exe
2892	gRGAsSY.exe
2528	SwybBli.exe
796	NycKpst.exe
2932	ZMTQezW.exe
2812	chVYClr.exe
2764	XHNGwNo.exe
2876	qysawvd.exe

Loads dropped DLL 64 IoCs

pid	Process
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2400-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-3.dat	upx
behavioral1/files/0x0008000000019023-8.dat	upx
behavioral1/files/0x000700000001925e-15.dat	upx
behavioral1/files/0x0007000000019282-21.dat	upx
behavioral1/files/0x0006000000019350-26.dat	upx
behavioral1/files/0x00060000000193b4-30.dat	upx
behavioral1/files/0x00060000000193c2-36.dat	upx
behavioral1/files/0x00090000000193e1-41.dat	upx
behavioral1/files/0x000800000001941e-46.dat	upx
behavioral1/files/0x0005000000019c57-131.dat	upx
behavioral1/files/0x0005000000019c59-141.dat	upx
behavioral1/files/0x0005000000019dc2-160.dat	upx
behavioral1/files/0x0005000000019dc0-155.dat	upx
behavioral1/files/0x0005000000019cb9-150.dat	upx
behavioral1/files/0x0005000000019c5b-145.dat	upx
behavioral1/files/0x00050000000199bf-128.dat	upx
behavioral1/files/0x0005000000019838-120.dat	upx
behavioral1/files/0x00050000000198f0-125.dat	upx
behavioral1/files/0x00050000000197f8-115.dat	upx
behavioral1/files/0x000500000001977d-110.dat	upx
behavioral1/files/0x00050000000196b1-105.dat	upx
behavioral1/files/0x00050000000196af-100.dat	upx
behavioral1/files/0x0005000000019667-95.dat	upx
behavioral1/files/0x0005000000019625-90.dat	upx
behavioral1/files/0x0005000000019622-81.dat	upx
behavioral1/files/0x0005000000019623-85.dat	upx
behavioral1/files/0x0005000000019621-76.dat	upx
behavioral1/files/0x000500000001961f-70.dat	upx
behavioral1/files/0x000500000001961d-66.dat	upx
behavioral1/files/0x000500000001961b-60.dat	upx
behavioral1/memory/2208-1752-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1948-1761-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2340-1791-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0005000000019619-56.dat	upx
behavioral1/files/0x0005000000019617-50.dat	upx
behavioral1/memory/2144-1886-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2152-2018-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2308-2071-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2820-2162-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2840-2251-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2948-2302-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2944-2470-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2400-3029-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2144-3875-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2308-3880-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2944-3883-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2208-3882-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2840-3879-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2948-3877-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/1948-3876-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2340-3905-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2152-3904-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2820-3903-0x000000013F100000-0x000000013F454000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KleOWPu.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuHfgkj.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYkDMDy.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGjiZje.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGisKjm.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEvThgv.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYKGrOC.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSjiUmn.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIrSQgW.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUcFLay.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdTqphj.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrBNhAU.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBCjQDx.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWafCgh.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiCeAyT.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwyOwUq.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnwTJXa.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RprTZqQ.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDMqVso.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IficqIX.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIgNilc.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQcRKsL.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxSzSRo.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBgyAfM.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVtGRXO.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sgjmoni.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InNwkSS.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEOTxDN.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYdVKqq.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REagCTy.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oehJWLo.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQmKDBL.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfIGCTs.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAyXNfI.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnEEccg.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqGwznE.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSBdbOh.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyLADjL.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlzZHee.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnQrKln.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlTxkcu.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbADmDy.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GznzDDk.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayXEwjZ.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljUCtkW.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itsIQWM.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdlavuL.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhhpwwG.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVIglab.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCXuVBv.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHhAejV.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOSiqTa.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcHTMAA.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSQlGvh.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbGbkdc.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjdmCCJ.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INsiCMe.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOJRHje.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DskFwDN.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdCTDnR.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIrmKlh.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjSLDSd.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AewAYIu.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUYuhLo.exe	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2992	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 2992	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 2992	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 2208	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 2208	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 2208	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 1948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 1948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 1948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 2340	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 2340	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 2340	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 2144	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2144	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2144	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2152	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2152	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2152	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2308	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2308	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2308	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2820	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2820	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2820	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2840	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2840	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2840	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2948	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2944	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2944	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2944	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2880	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2880	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2880	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2916	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 2916	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 2916	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 2780	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 2780	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 2780	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 2616	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 2616	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 2616	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 2664	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 2664	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 2664	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 3024	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 3024	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 3024	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 2228	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 2228	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 2228	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 1972	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 1972	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 1972	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 1140	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 1140	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 1140	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 1704	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 1704	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 1704	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 1744	2400	2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_3ce64dd420603927bd8f668d16eda1d2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\System\YqAeuUk.exe
  C:\Windows\System\YqAeuUk.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\gJAooqv.exe
  C:\Windows\System\gJAooqv.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\oCAMbqP.exe
  C:\Windows\System\oCAMbqP.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\mngNuwp.exe
  C:\Windows\System\mngNuwp.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\VzjdIEM.exe
  C:\Windows\System\VzjdIEM.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\fyHoexH.exe
  C:\Windows\System\fyHoexH.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xKleSML.exe
  C:\Windows\System\xKleSML.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\CpNSRUG.exe
  C:\Windows\System\CpNSRUG.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\YfmOZFU.exe
  C:\Windows\System\YfmOZFU.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\UdWMGUG.exe
  C:\Windows\System\UdWMGUG.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\mrPdZRb.exe
  C:\Windows\System\mrPdZRb.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\sKzpIvP.exe
  C:\Windows\System\sKzpIvP.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\YiLykQt.exe
  C:\Windows\System\YiLykQt.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\yhXtLOK.exe
  C:\Windows\System\yhXtLOK.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\KAeuNez.exe
  C:\Windows\System\KAeuNez.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KhOYOYa.exe
  C:\Windows\System\KhOYOYa.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\RrODNeR.exe
  C:\Windows\System\RrODNeR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\TbaPpVM.exe
  C:\Windows\System\TbaPpVM.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\zUnZaET.exe
  C:\Windows\System\zUnZaET.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ZLaFmjE.exe
  C:\Windows\System\ZLaFmjE.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\FqqJmGp.exe
  C:\Windows\System\FqqJmGp.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\wonJiDi.exe
  C:\Windows\System\wonJiDi.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\yXpYVbE.exe
  C:\Windows\System\yXpYVbE.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\WUAUrgb.exe
  C:\Windows\System\WUAUrgb.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\JXJKdLv.exe
  C:\Windows\System\JXJKdLv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\lsAgqbT.exe
  C:\Windows\System\lsAgqbT.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\FDKsLjg.exe
  C:\Windows\System\FDKsLjg.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\kIiRvgO.exe
  C:\Windows\System\kIiRvgO.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\bIZdXKK.exe
  C:\Windows\System\bIZdXKK.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\slxONsk.exe
  C:\Windows\System\slxONsk.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\oKCTTVp.exe
  C:\Windows\System\oKCTTVp.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\GOlxKcw.exe
  C:\Windows\System\GOlxKcw.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\XYPhcZs.exe
  C:\Windows\System\XYPhcZs.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\vsNRMLa.exe
  C:\Windows\System\vsNRMLa.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\irTvxnb.exe
  C:\Windows\System\irTvxnb.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\NWMjejz.exe
  C:\Windows\System\NWMjejz.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\oeDwXxP.exe
  C:\Windows\System\oeDwXxP.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\qcUWXeJ.exe
  C:\Windows\System\qcUWXeJ.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\xAXzSPG.exe
  C:\Windows\System\xAXzSPG.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\GukRSUA.exe
  C:\Windows\System\GukRSUA.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\KcJLfRL.exe
  C:\Windows\System\KcJLfRL.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\QTdFGak.exe
  C:\Windows\System\QTdFGak.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\TJEwdPy.exe
  C:\Windows\System\TJEwdPy.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\kCPiiUr.exe
  C:\Windows\System\kCPiiUr.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\bZbINYP.exe
  C:\Windows\System\bZbINYP.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\quexKFY.exe
  C:\Windows\System\quexKFY.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\qqWfLin.exe
  C:\Windows\System\qqWfLin.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\iltJBWX.exe
  C:\Windows\System\iltJBWX.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\pFQTHqc.exe
  C:\Windows\System\pFQTHqc.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\CbQNHEy.exe
  C:\Windows\System\CbQNHEy.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\bqpRfcL.exe
  C:\Windows\System\bqpRfcL.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\imsZbHJ.exe
  C:\Windows\System\imsZbHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\mpHshYI.exe
  C:\Windows\System\mpHshYI.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\tSqcnwC.exe
  C:\Windows\System\tSqcnwC.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\uEcqHfZ.exe
  C:\Windows\System\uEcqHfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\mRBXGuz.exe
  C:\Windows\System\mRBXGuz.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\xSrbwCt.exe
  C:\Windows\System\xSrbwCt.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\gRGAsSY.exe
  C:\Windows\System\gRGAsSY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\SwybBli.exe
  C:\Windows\System\SwybBli.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\NycKpst.exe
  C:\Windows\System\NycKpst.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\ZMTQezW.exe
  C:\Windows\System\ZMTQezW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\chVYClr.exe
  C:\Windows\System\chVYClr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\XHNGwNo.exe
  C:\Windows\System\XHNGwNo.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qysawvd.exe
  C:\Windows\System\qysawvd.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\qyLADjL.exe
  C:\Windows\System\qyLADjL.exe
  2⤵
  PID:2800
- C:\Windows\System\rJroNco.exe
  C:\Windows\System\rJroNco.exe
  2⤵
  PID:2668
- C:\Windows\System\iBrLhtd.exe
  C:\Windows\System\iBrLhtd.exe
  2⤵
  PID:2632
- C:\Windows\System\XMgkqgD.exe
  C:\Windows\System\XMgkqgD.exe
  2⤵
  PID:2732
- C:\Windows\System\IOBAXNH.exe
  C:\Windows\System\IOBAXNH.exe
  2⤵
  PID:1728
- C:\Windows\System\hueYsxF.exe
  C:\Windows\System\hueYsxF.exe
  2⤵
  PID:2344
- C:\Windows\System\sAhrAKr.exe
  C:\Windows\System\sAhrAKr.exe
  2⤵
  PID:1712
- C:\Windows\System\tPTIJfF.exe
  C:\Windows\System\tPTIJfF.exe
  2⤵
  PID:2392
- C:\Windows\System\ZlrGvjK.exe
  C:\Windows\System\ZlrGvjK.exe
  2⤵
  PID:2132
- C:\Windows\System\dYKGrOC.exe
  C:\Windows\System\dYKGrOC.exe
  2⤵
  PID:2920
- C:\Windows\System\QIuIMki.exe
  C:\Windows\System\QIuIMki.exe
  2⤵
  PID:3020
- C:\Windows\System\eEnOPOx.exe
  C:\Windows\System\eEnOPOx.exe
  2⤵
  PID:548
- C:\Windows\System\KqUgXEP.exe
  C:\Windows\System\KqUgXEP.exe
  2⤵
  PID:1092
- C:\Windows\System\PTsmqop.exe
  C:\Windows\System\PTsmqop.exe
  2⤵
  PID:2804
- C:\Windows\System\tmaCDqr.exe
  C:\Windows\System\tmaCDqr.exe
  2⤵
  PID:608
- C:\Windows\System\SsexdtL.exe
  C:\Windows\System\SsexdtL.exe
  2⤵
  PID:2564
- C:\Windows\System\HTIFvrb.exe
  C:\Windows\System\HTIFvrb.exe
  2⤵
  PID:1188
- C:\Windows\System\EuvfQsR.exe
  C:\Windows\System\EuvfQsR.exe
  2⤵
  PID:1244
- C:\Windows\System\tXDdMKn.exe
  C:\Windows\System\tXDdMKn.exe
  2⤵
  PID:964
- C:\Windows\System\RqiHuIb.exe
  C:\Windows\System\RqiHuIb.exe
  2⤵
  PID:940
- C:\Windows\System\xPuaSAr.exe
  C:\Windows\System\xPuaSAr.exe
  2⤵
  PID:768
- C:\Windows\System\MRBlmSX.exe
  C:\Windows\System\MRBlmSX.exe
  2⤵
  PID:2560
- C:\Windows\System\CydyKFk.exe
  C:\Windows\System\CydyKFk.exe
  2⤵
  PID:2124
- C:\Windows\System\CNBhFZy.exe
  C:\Windows\System\CNBhFZy.exe
  2⤵
  PID:1612
- C:\Windows\System\svVjWZI.exe
  C:\Windows\System\svVjWZI.exe
  2⤵
  PID:2084
- C:\Windows\System\TLpeGsH.exe
  C:\Windows\System\TLpeGsH.exe
  2⤵
  PID:2488
- C:\Windows\System\ZUBoJwv.exe
  C:\Windows\System\ZUBoJwv.exe
  2⤵
  PID:2956
- C:\Windows\System\gsdEprX.exe
  C:\Windows\System\gsdEprX.exe
  2⤵
  PID:2988
- C:\Windows\System\KTBfsMf.exe
  C:\Windows\System\KTBfsMf.exe
  2⤵
  PID:2332
- C:\Windows\System\XomtXSb.exe
  C:\Windows\System\XomtXSb.exe
  2⤵
  PID:916
- C:\Windows\System\dkNkqcR.exe
  C:\Windows\System\dkNkqcR.exe
  2⤵
  PID:2756
- C:\Windows\System\eTPwfCT.exe
  C:\Windows\System\eTPwfCT.exe
  2⤵
  PID:2856
- C:\Windows\System\tPRjezA.exe
  C:\Windows\System\tPRjezA.exe
  2⤵
  PID:2728
- C:\Windows\System\XATmjRo.exe
  C:\Windows\System\XATmjRo.exe
  2⤵
  PID:2860
- C:\Windows\System\KleOWPu.exe
  C:\Windows\System\KleOWPu.exe
  2⤵
  PID:236
- C:\Windows\System\CpLpXft.exe
  C:\Windows\System\CpLpXft.exe
  2⤵
  PID:1976
- C:\Windows\System\XjjBuZI.exe
  C:\Windows\System\XjjBuZI.exe
  2⤵
  PID:2376
- C:\Windows\System\tczGKOH.exe
  C:\Windows\System\tczGKOH.exe
  2⤵
  PID:2284
- C:\Windows\System\VnQpzLp.exe
  C:\Windows\System\VnQpzLp.exe
  2⤵
  PID:1400
- C:\Windows\System\KhivElD.exe
  C:\Windows\System\KhivElD.exe
  2⤵
  PID:316
- C:\Windows\System\dDkZxYr.exe
  C:\Windows\System\dDkZxYr.exe
  2⤵
  PID:1700
- C:\Windows\System\TEzyOPP.exe
  C:\Windows\System\TEzyOPP.exe
  2⤵
  PID:1580
- C:\Windows\System\MIJOcpD.exe
  C:\Windows\System\MIJOcpD.exe
  2⤵
  PID:2468
- C:\Windows\System\gVPcYAP.exe
  C:\Windows\System\gVPcYAP.exe
  2⤵
  PID:904
- C:\Windows\System\FGffSli.exe
  C:\Windows\System\FGffSli.exe
  2⤵
  PID:2328
- C:\Windows\System\dwwwQqJ.exe
  C:\Windows\System\dwwwQqJ.exe
  2⤵
  PID:2980
- C:\Windows\System\GTRrGZs.exe
  C:\Windows\System\GTRrGZs.exe
  2⤵
  PID:892
- C:\Windows\System\BWmQIuT.exe
  C:\Windows\System\BWmQIuT.exe
  2⤵
  PID:2232
- C:\Windows\System\kccdPIS.exe
  C:\Windows\System\kccdPIS.exe
  2⤵
  PID:2244
- C:\Windows\System\cWRdMgA.exe
  C:\Windows\System\cWRdMgA.exe
  2⤵
  PID:3060
- C:\Windows\System\ONZOszs.exe
  C:\Windows\System\ONZOszs.exe
  2⤵
  PID:2288
- C:\Windows\System\LcHTMAA.exe
  C:\Windows\System\LcHTMAA.exe
  2⤵
  PID:2748
- C:\Windows\System\lQojlVw.exe
  C:\Windows\System\lQojlVw.exe
  2⤵
  PID:2444
- C:\Windows\System\VCXQRzn.exe
  C:\Windows\System\VCXQRzn.exe
  2⤵
  PID:2036
- C:\Windows\System\IdAWvbH.exe
  C:\Windows\System\IdAWvbH.exe
  2⤵
  PID:1688
- C:\Windows\System\TbOtmEy.exe
  C:\Windows\System\TbOtmEy.exe
  2⤵
  PID:1084
- C:\Windows\System\CWkPoZI.exe
  C:\Windows\System\CWkPoZI.exe
  2⤵
  PID:1660
- C:\Windows\System\CqkpglD.exe
  C:\Windows\System\CqkpglD.exe
  2⤵
  PID:1260
- C:\Windows\System\hAHZMtP.exe
  C:\Windows\System\hAHZMtP.exe
  2⤵
  PID:1808
- C:\Windows\System\IaEailp.exe
  C:\Windows\System\IaEailp.exe
  2⤵
  PID:2460
- C:\Windows\System\xDvrpCQ.exe
  C:\Windows\System\xDvrpCQ.exe
  2⤵
  PID:3076
- C:\Windows\System\lpaIfBX.exe
  C:\Windows\System\lpaIfBX.exe
  2⤵
  PID:3096
- C:\Windows\System\YlKCBgj.exe
  C:\Windows\System\YlKCBgj.exe
  2⤵
  PID:3116
- C:\Windows\System\WSXzVAn.exe
  C:\Windows\System\WSXzVAn.exe
  2⤵
  PID:3136
- C:\Windows\System\ELpdmhu.exe
  C:\Windows\System\ELpdmhu.exe
  2⤵
  PID:3156
- C:\Windows\System\cVBSOHr.exe
  C:\Windows\System\cVBSOHr.exe
  2⤵
  PID:3176
- C:\Windows\System\qjSLDSd.exe
  C:\Windows\System\qjSLDSd.exe
  2⤵
  PID:3196
- C:\Windows\System\xqWmpkF.exe
  C:\Windows\System\xqWmpkF.exe
  2⤵
  PID:3216
- C:\Windows\System\GdeAKVz.exe
  C:\Windows\System\GdeAKVz.exe
  2⤵
  PID:3236
- C:\Windows\System\gVEHpNj.exe
  C:\Windows\System\gVEHpNj.exe
  2⤵
  PID:3256
- C:\Windows\System\GRbCFQL.exe
  C:\Windows\System\GRbCFQL.exe
  2⤵
  PID:3276
- C:\Windows\System\OqoXqla.exe
  C:\Windows\System\OqoXqla.exe
  2⤵
  PID:3296
- C:\Windows\System\CNutIpr.exe
  C:\Windows\System\CNutIpr.exe
  2⤵
  PID:3316
- C:\Windows\System\HXLJouX.exe
  C:\Windows\System\HXLJouX.exe
  2⤵
  PID:3336
- C:\Windows\System\DJxZUlK.exe
  C:\Windows\System\DJxZUlK.exe
  2⤵
  PID:3356
- C:\Windows\System\dMUCVoK.exe
  C:\Windows\System\dMUCVoK.exe
  2⤵
  PID:3376
- C:\Windows\System\BLIMeGT.exe
  C:\Windows\System\BLIMeGT.exe
  2⤵
  PID:3396
- C:\Windows\System\AiCeAyT.exe
  C:\Windows\System\AiCeAyT.exe
  2⤵
  PID:3416
- C:\Windows\System\dewNfxM.exe
  C:\Windows\System\dewNfxM.exe
  2⤵
  PID:3436
- C:\Windows\System\tLpPVlW.exe
  C:\Windows\System\tLpPVlW.exe
  2⤵
  PID:3456
- C:\Windows\System\LqUHIgV.exe
  C:\Windows\System\LqUHIgV.exe
  2⤵
  PID:3476
- C:\Windows\System\Kxsccxr.exe
  C:\Windows\System\Kxsccxr.exe
  2⤵
  PID:3496
- C:\Windows\System\lXPuTXM.exe
  C:\Windows\System\lXPuTXM.exe
  2⤵
  PID:3516
- C:\Windows\System\SrIMIRd.exe
  C:\Windows\System\SrIMIRd.exe
  2⤵
  PID:3536
- C:\Windows\System\EoBYmzm.exe
  C:\Windows\System\EoBYmzm.exe
  2⤵
  PID:3556
- C:\Windows\System\AEJNthv.exe
  C:\Windows\System\AEJNthv.exe
  2⤵
  PID:3576
- C:\Windows\System\LsaLZMg.exe
  C:\Windows\System\LsaLZMg.exe
  2⤵
  PID:3596
- C:\Windows\System\xTxHYgW.exe
  C:\Windows\System\xTxHYgW.exe
  2⤵
  PID:3616
- C:\Windows\System\coAAtbN.exe
  C:\Windows\System\coAAtbN.exe
  2⤵
  PID:3636
- C:\Windows\System\tSVdOWh.exe
  C:\Windows\System\tSVdOWh.exe
  2⤵
  PID:3656
- C:\Windows\System\DSICAsr.exe
  C:\Windows\System\DSICAsr.exe
  2⤵
  PID:3676
- C:\Windows\System\ttZOJmd.exe
  C:\Windows\System\ttZOJmd.exe
  2⤵
  PID:3696
- C:\Windows\System\TvciBfG.exe
  C:\Windows\System\TvciBfG.exe
  2⤵
  PID:3716
- C:\Windows\System\zVsXnIV.exe
  C:\Windows\System\zVsXnIV.exe
  2⤵
  PID:3736
- C:\Windows\System\KFxMACA.exe
  C:\Windows\System\KFxMACA.exe
  2⤵
  PID:3756
- C:\Windows\System\itsIQWM.exe
  C:\Windows\System\itsIQWM.exe
  2⤵
  PID:3776
- C:\Windows\System\XApIDKb.exe
  C:\Windows\System\XApIDKb.exe
  2⤵
  PID:3796
- C:\Windows\System\CTZIDqI.exe
  C:\Windows\System\CTZIDqI.exe
  2⤵
  PID:3816
- C:\Windows\System\QMpziFj.exe
  C:\Windows\System\QMpziFj.exe
  2⤵
  PID:3836
- C:\Windows\System\oLXjTrL.exe
  C:\Windows\System\oLXjTrL.exe
  2⤵
  PID:3856
- C:\Windows\System\QMKbCwo.exe
  C:\Windows\System\QMKbCwo.exe
  2⤵
  PID:3876
- C:\Windows\System\QqDEpmc.exe
  C:\Windows\System\QqDEpmc.exe
  2⤵
  PID:3896
- C:\Windows\System\GtimrnL.exe
  C:\Windows\System\GtimrnL.exe
  2⤵
  PID:3916
- C:\Windows\System\hHHTLEJ.exe
  C:\Windows\System\hHHTLEJ.exe
  2⤵
  PID:3932
- C:\Windows\System\NMAuBsG.exe
  C:\Windows\System\NMAuBsG.exe
  2⤵
  PID:3956
- C:\Windows\System\ZBlXIKj.exe
  C:\Windows\System\ZBlXIKj.exe
  2⤵
  PID:3976
- C:\Windows\System\LYZGtlG.exe
  C:\Windows\System\LYZGtlG.exe
  2⤵
  PID:3996
- C:\Windows\System\VaJepZe.exe
  C:\Windows\System\VaJepZe.exe
  2⤵
  PID:4016
- C:\Windows\System\KmPnIEi.exe
  C:\Windows\System\KmPnIEi.exe
  2⤵
  PID:4036
- C:\Windows\System\ddPphaV.exe
  C:\Windows\System\ddPphaV.exe
  2⤵
  PID:4056
- C:\Windows\System\mLCukBM.exe
  C:\Windows\System\mLCukBM.exe
  2⤵
  PID:4076
- C:\Windows\System\LUrYhdF.exe
  C:\Windows\System\LUrYhdF.exe
  2⤵
  PID:2692
- C:\Windows\System\ghnbJpQ.exe
  C:\Windows\System\ghnbJpQ.exe
  2⤵
  PID:3012
- C:\Windows\System\skuymiT.exe
  C:\Windows\System\skuymiT.exe
  2⤵
  PID:2872
- C:\Windows\System\XdFvlFm.exe
  C:\Windows\System\XdFvlFm.exe
  2⤵
  PID:2020
- C:\Windows\System\sUAvrxv.exe
  C:\Windows\System\sUAvrxv.exe
  2⤵
  PID:636
- C:\Windows\System\LfqQtga.exe
  C:\Windows\System\LfqQtga.exe
  2⤵
  PID:2524
- C:\Windows\System\hgiDZKP.exe
  C:\Windows\System\hgiDZKP.exe
  2⤵
  PID:1020
- C:\Windows\System\zYmUajt.exe
  C:\Windows\System\zYmUajt.exe
  2⤵
  PID:2052
- C:\Windows\System\ApqsztH.exe
  C:\Windows\System\ApqsztH.exe
  2⤵
  PID:3092
- C:\Windows\System\sEYpDxD.exe
  C:\Windows\System\sEYpDxD.exe
  2⤵
  PID:3132
- C:\Windows\System\fAmrITI.exe
  C:\Windows\System\fAmrITI.exe
  2⤵
  PID:3164
- C:\Windows\System\fLDxbgX.exe
  C:\Windows\System\fLDxbgX.exe
  2⤵
  PID:3192
- C:\Windows\System\ThtySiE.exe
  C:\Windows\System\ThtySiE.exe
  2⤵
  PID:3224
- C:\Windows\System\EbmatzQ.exe
  C:\Windows\System\EbmatzQ.exe
  2⤵
  PID:3248
- C:\Windows\System\HwRUfRA.exe
  C:\Windows\System\HwRUfRA.exe
  2⤵
  PID:3292
- C:\Windows\System\VhJaAGq.exe
  C:\Windows\System\VhJaAGq.exe
  2⤵
  PID:3324
- C:\Windows\System\RRyCnzH.exe
  C:\Windows\System\RRyCnzH.exe
  2⤵
  PID:3364
- C:\Windows\System\LjXFgMB.exe
  C:\Windows\System\LjXFgMB.exe
  2⤵
  PID:3392
- C:\Windows\System\sUSAsxr.exe
  C:\Windows\System\sUSAsxr.exe
  2⤵
  PID:3424
- C:\Windows\System\uedIrlz.exe
  C:\Windows\System\uedIrlz.exe
  2⤵
  PID:3448
- C:\Windows\System\jvWkCUm.exe
  C:\Windows\System\jvWkCUm.exe
  2⤵
  PID:3492
- C:\Windows\System\OMLVNuq.exe
  C:\Windows\System\OMLVNuq.exe
  2⤵
  PID:3532
- C:\Windows\System\Qifxxxw.exe
  C:\Windows\System\Qifxxxw.exe
  2⤵
  PID:3572
- C:\Windows\System\mzKoFCj.exe
  C:\Windows\System\mzKoFCj.exe
  2⤵
  PID:3584
- C:\Windows\System\yhuXvZI.exe
  C:\Windows\System\yhuXvZI.exe
  2⤵
  PID:3612
- C:\Windows\System\EfLDQnk.exe
  C:\Windows\System\EfLDQnk.exe
  2⤵
  PID:3652
- C:\Windows\System\xiHwOsS.exe
  C:\Windows\System\xiHwOsS.exe
  2⤵
  PID:3672
- C:\Windows\System\aLXndMb.exe
  C:\Windows\System\aLXndMb.exe
  2⤵
  PID:3704
- C:\Windows\System\EuzpdzX.exe
  C:\Windows\System\EuzpdzX.exe
  2⤵
  PID:3752
- C:\Windows\System\kcktqTo.exe
  C:\Windows\System\kcktqTo.exe
  2⤵
  PID:3768
- C:\Windows\System\yoaFAdO.exe
  C:\Windows\System\yoaFAdO.exe
  2⤵
  PID:3808
- C:\Windows\System\SlXkuwk.exe
  C:\Windows\System\SlXkuwk.exe
  2⤵
  PID:3852
- C:\Windows\System\mzctqfy.exe
  C:\Windows\System\mzctqfy.exe
  2⤵
  PID:3884
- C:\Windows\System\zGBQwyP.exe
  C:\Windows\System\zGBQwyP.exe
  2⤵
  PID:3908
- C:\Windows\System\sUgdslP.exe
  C:\Windows\System\sUgdslP.exe
  2⤵
  PID:3948
- C:\Windows\System\UjuFCtI.exe
  C:\Windows\System\UjuFCtI.exe
  2⤵
  PID:4004
- C:\Windows\System\YHYUdGk.exe
  C:\Windows\System\YHYUdGk.exe
  2⤵
  PID:4044
- C:\Windows\System\JJdfrJm.exe
  C:\Windows\System\JJdfrJm.exe
  2⤵
  PID:4028
- C:\Windows\System\ZdDLHoL.exe
  C:\Windows\System\ZdDLHoL.exe
  2⤵
  PID:4084
- C:\Windows\System\BoNvoCY.exe
  C:\Windows\System\BoNvoCY.exe
  2⤵
  PID:2808
- C:\Windows\System\vdlavuL.exe
  C:\Windows\System\vdlavuL.exe
  2⤵
  PID:2688
- C:\Windows\System\cTMBopq.exe
  C:\Windows\System\cTMBopq.exe
  2⤵
  PID:760
- C:\Windows\System\NutBnnk.exe
  C:\Windows\System\NutBnnk.exe
  2⤵
  PID:776
- C:\Windows\System\ojCUsxR.exe
  C:\Windows\System\ojCUsxR.exe
  2⤵
  PID:2240
- C:\Windows\System\ypMKwtS.exe
  C:\Windows\System\ypMKwtS.exe
  2⤵
  PID:3108
- C:\Windows\System\jXvaIBT.exe
  C:\Windows\System\jXvaIBT.exe
  2⤵
  PID:3168
- C:\Windows\System\fljAWbr.exe
  C:\Windows\System\fljAWbr.exe
  2⤵
  PID:3184
- C:\Windows\System\MEDQhpD.exe
  C:\Windows\System\MEDQhpD.exe
  2⤵
  PID:3252
- C:\Windows\System\cqBlykb.exe
  C:\Windows\System\cqBlykb.exe
  2⤵
  PID:3308
- C:\Windows\System\eDrTugB.exe
  C:\Windows\System\eDrTugB.exe
  2⤵
  PID:3484
- C:\Windows\System\jvGvTVx.exe
  C:\Windows\System\jvGvTVx.exe
  2⤵
  PID:3528
- C:\Windows\System\IyPMUpp.exe
  C:\Windows\System\IyPMUpp.exe
  2⤵
  PID:3452
- C:\Windows\System\fXdkqTg.exe
  C:\Windows\System\fXdkqTg.exe
  2⤵
  PID:3524
- C:\Windows\System\UdlniIV.exe
  C:\Windows\System\UdlniIV.exe
  2⤵
  PID:3728
- C:\Windows\System\YBNlKiJ.exe
  C:\Windows\System\YBNlKiJ.exe
  2⤵
  PID:3788
- C:\Windows\System\IoiJuDY.exe
  C:\Windows\System\IoiJuDY.exe
  2⤵
  PID:3632
- C:\Windows\System\uWcXfIE.exe
  C:\Windows\System\uWcXfIE.exe
  2⤵
  PID:3644
- C:\Windows\System\NnJyUQB.exe
  C:\Windows\System\NnJyUQB.exe
  2⤵
  PID:3748
- C:\Windows\System\ySjJGMg.exe
  C:\Windows\System\ySjJGMg.exe
  2⤵
  PID:3988
- C:\Windows\System\YzVStjq.exe
  C:\Windows\System\YzVStjq.exe
  2⤵
  PID:4068
- C:\Windows\System\utRGBKZ.exe
  C:\Windows\System\utRGBKZ.exe
  2⤵
  PID:3888
- C:\Windows\System\GbDNSGE.exe
  C:\Windows\System\GbDNSGE.exe
  2⤵
  PID:3912
- C:\Windows\System\xYYyxCN.exe
  C:\Windows\System\xYYyxCN.exe
  2⤵
  PID:4024
- C:\Windows\System\HYwAwoP.exe
  C:\Windows\System\HYwAwoP.exe
  2⤵
  PID:2064
- C:\Windows\System\UdsStCo.exe
  C:\Windows\System\UdsStCo.exe
  2⤵
  PID:3352
- C:\Windows\System\QpjniTC.exe
  C:\Windows\System\QpjniTC.exe
  2⤵
  PID:2224
- C:\Windows\System\bIKdAag.exe
  C:\Windows\System\bIKdAag.exe
  2⤵
  PID:1352
- C:\Windows\System\INsiCMe.exe
  C:\Windows\System\INsiCMe.exe
  2⤵
  PID:3268
- C:\Windows\System\RSvTFad.exe
  C:\Windows\System\RSvTFad.exe
  2⤵
  PID:3412
- C:\Windows\System\ormmilm.exe
  C:\Windows\System\ormmilm.exe
  2⤵
  PID:3664
- C:\Windows\System\uITBnSj.exe
  C:\Windows\System\uITBnSj.exe
  2⤵
  PID:3588
- C:\Windows\System\LNquDge.exe
  C:\Windows\System\LNquDge.exe
  2⤵
  PID:3812
- C:\Windows\System\zrCbljq.exe
  C:\Windows\System\zrCbljq.exe
  2⤵
  PID:3952
- C:\Windows\System\fZlLgdC.exe
  C:\Windows\System\fZlLgdC.exe
  2⤵
  PID:4108
- C:\Windows\System\vZYVuzC.exe
  C:\Windows\System\vZYVuzC.exe
  2⤵
  PID:4124
- C:\Windows\System\rifCzAQ.exe
  C:\Windows\System\rifCzAQ.exe
  2⤵
  PID:4156
- C:\Windows\System\aSQUIvD.exe
  C:\Windows\System\aSQUIvD.exe
  2⤵
  PID:4176
- C:\Windows\System\VzsDheW.exe
  C:\Windows\System\VzsDheW.exe
  2⤵
  PID:4208
- C:\Windows\System\ucpWxms.exe
  C:\Windows\System\ucpWxms.exe
  2⤵
  PID:4236
- C:\Windows\System\vPCtuFx.exe
  C:\Windows\System\vPCtuFx.exe
  2⤵
  PID:4252
- C:\Windows\System\mNFKRtk.exe
  C:\Windows\System\mNFKRtk.exe
  2⤵
  PID:4272
- C:\Windows\System\WZUtVvH.exe
  C:\Windows\System\WZUtVvH.exe
  2⤵
  PID:4292
- C:\Windows\System\CZcUTtZ.exe
  C:\Windows\System\CZcUTtZ.exe
  2⤵
  PID:4312
- C:\Windows\System\fNvvGSm.exe
  C:\Windows\System\fNvvGSm.exe
  2⤵
  PID:4336
- C:\Windows\System\qGDMmIM.exe
  C:\Windows\System\qGDMmIM.exe
  2⤵
  PID:4356
- C:\Windows\System\RTMzKGV.exe
  C:\Windows\System\RTMzKGV.exe
  2⤵
  PID:4372
- C:\Windows\System\MtsSgpA.exe
  C:\Windows\System\MtsSgpA.exe
  2⤵
  PID:4392
- C:\Windows\System\CUHOLVS.exe
  C:\Windows\System\CUHOLVS.exe
  2⤵
  PID:4408
- C:\Windows\System\hgagVbw.exe
  C:\Windows\System\hgagVbw.exe
  2⤵
  PID:4428
- C:\Windows\System\zDBNKhM.exe
  C:\Windows\System\zDBNKhM.exe
  2⤵
  PID:4444
- C:\Windows\System\deWmoFy.exe
  C:\Windows\System\deWmoFy.exe
  2⤵
  PID:4468
- C:\Windows\System\vYpmONb.exe
  C:\Windows\System\vYpmONb.exe
  2⤵
  PID:4496
- C:\Windows\System\gvbvoSA.exe
  C:\Windows\System\gvbvoSA.exe
  2⤵
  PID:4512
- C:\Windows\System\thXzLVT.exe
  C:\Windows\System\thXzLVT.exe
  2⤵
  PID:4532
- C:\Windows\System\pAQrrng.exe
  C:\Windows\System\pAQrrng.exe
  2⤵
  PID:4552
- C:\Windows\System\bNcpMwP.exe
  C:\Windows\System\bNcpMwP.exe
  2⤵
  PID:4568
- C:\Windows\System\iLHKjHI.exe
  C:\Windows\System\iLHKjHI.exe
  2⤵
  PID:4592
- C:\Windows\System\TlcwyoM.exe
  C:\Windows\System\TlcwyoM.exe
  2⤵
  PID:4616
- C:\Windows\System\QTFEYew.exe
  C:\Windows\System\QTFEYew.exe
  2⤵
  PID:4632
- C:\Windows\System\WDNAWSM.exe
  C:\Windows\System\WDNAWSM.exe
  2⤵
  PID:4648
- C:\Windows\System\mIdgojC.exe
  C:\Windows\System\mIdgojC.exe
  2⤵
  PID:4664
- C:\Windows\System\IvDUEKk.exe
  C:\Windows\System\IvDUEKk.exe
  2⤵
  PID:4680
- C:\Windows\System\KNaxrzb.exe
  C:\Windows\System\KNaxrzb.exe
  2⤵
  PID:4696
- C:\Windows\System\XiVCkoL.exe
  C:\Windows\System\XiVCkoL.exe
  2⤵
  PID:4716
- C:\Windows\System\ELtzzpn.exe
  C:\Windows\System\ELtzzpn.exe
  2⤵
  PID:4736
- C:\Windows\System\tRSAEbr.exe
  C:\Windows\System\tRSAEbr.exe
  2⤵
  PID:4752
- C:\Windows\System\gBozsuF.exe
  C:\Windows\System\gBozsuF.exe
  2⤵
  PID:4768
- C:\Windows\System\MVvzcdx.exe
  C:\Windows\System\MVvzcdx.exe
  2⤵
  PID:4796
- C:\Windows\System\gTneqAj.exe
  C:\Windows\System\gTneqAj.exe
  2⤵
  PID:4812
- C:\Windows\System\evFcmSl.exe
  C:\Windows\System\evFcmSl.exe
  2⤵
  PID:4832
- C:\Windows\System\biYPUBh.exe
  C:\Windows\System\biYPUBh.exe
  2⤵
  PID:4856
- C:\Windows\System\rlmSkrx.exe
  C:\Windows\System\rlmSkrx.exe
  2⤵
  PID:4880
- C:\Windows\System\QYVXUBn.exe
  C:\Windows\System\QYVXUBn.exe
  2⤵
  PID:4900
- C:\Windows\System\aAmiAvj.exe
  C:\Windows\System\aAmiAvj.exe
  2⤵
  PID:4920
- C:\Windows\System\usPTAKM.exe
  C:\Windows\System\usPTAKM.exe
  2⤵
  PID:4940
- C:\Windows\System\PtJzGvm.exe
  C:\Windows\System\PtJzGvm.exe
  2⤵
  PID:4956
- C:\Windows\System\egBgzrF.exe
  C:\Windows\System\egBgzrF.exe
  2⤵
  PID:4972
- C:\Windows\System\CjwwKvv.exe
  C:\Windows\System\CjwwKvv.exe
  2⤵
  PID:4992
- C:\Windows\System\EPReaWi.exe
  C:\Windows\System\EPReaWi.exe
  2⤵
  PID:5008
- C:\Windows\System\iaQBDcp.exe
  C:\Windows\System\iaQBDcp.exe
  2⤵
  PID:5024
- C:\Windows\System\HRRtjjt.exe
  C:\Windows\System\HRRtjjt.exe
  2⤵
  PID:5040
- C:\Windows\System\KEMNuYb.exe
  C:\Windows\System\KEMNuYb.exe
  2⤵
  PID:5056
- C:\Windows\System\VsshVLk.exe
  C:\Windows\System\VsshVLk.exe
  2⤵
  PID:5072
- C:\Windows\System\ZjlYLvg.exe
  C:\Windows\System\ZjlYLvg.exe
  2⤵
  PID:5088
- C:\Windows\System\ozamXzg.exe
  C:\Windows\System\ozamXzg.exe
  2⤵
  PID:5104
- C:\Windows\System\RsavVZQ.exe
  C:\Windows\System\RsavVZQ.exe
  2⤵
  PID:3940
- C:\Windows\System\itDtDDp.exe
  C:\Windows\System\itDtDDp.exe
  2⤵
  PID:3708
- C:\Windows\System\JkMBDcH.exe
  C:\Windows\System\JkMBDcH.exe
  2⤵
  PID:3208
- C:\Windows\System\fzYBfpA.exe
  C:\Windows\System\fzYBfpA.exe
  2⤵
  PID:3688
- C:\Windows\System\duoTBxr.exe
  C:\Windows\System\duoTBxr.exe
  2⤵
  PID:2508
- C:\Windows\System\UHygzom.exe
  C:\Windows\System\UHygzom.exe
  2⤵
  PID:3112
- C:\Windows\System\iZHOBOj.exe
  C:\Windows\System\iZHOBOj.exe
  2⤵
  PID:3368
- C:\Windows\System\MnTaOAX.exe
  C:\Windows\System\MnTaOAX.exe
  2⤵
  PID:3104
- C:\Windows\System\zGHBQgH.exe
  C:\Windows\System\zGHBQgH.exe
  2⤵
  PID:3828
- C:\Windows\System\cPJDxNu.exe
  C:\Windows\System\cPJDxNu.exe
  2⤵
  PID:3928
- C:\Windows\System\wgbLrUj.exe
  C:\Windows\System\wgbLrUj.exe
  2⤵
  PID:3144
- C:\Windows\System\VJRtzPq.exe
  C:\Windows\System\VJRtzPq.exe
  2⤵
  PID:4164
- C:\Windows\System\GIfMEpo.exe
  C:\Windows\System\GIfMEpo.exe
  2⤵
  PID:4224
- C:\Windows\System\JqBFzty.exe
  C:\Windows\System\JqBFzty.exe
  2⤵
  PID:4140
- C:\Windows\System\WKLgkHK.exe
  C:\Windows\System\WKLgkHK.exe
  2⤵
  PID:4188
- C:\Windows\System\itBqlgN.exe
  C:\Windows\System\itBqlgN.exe
  2⤵
  PID:3804
- C:\Windows\System\ujetTfx.exe
  C:\Windows\System\ujetTfx.exe
  2⤵
  PID:4200
- C:\Windows\System\ZfPwqKD.exe
  C:\Windows\System\ZfPwqKD.exe
  2⤵
  PID:4244
- C:\Windows\System\iXszPcz.exe
  C:\Windows\System\iXszPcz.exe
  2⤵
  PID:4324
- C:\Windows\System\OEjDvgf.exe
  C:\Windows\System\OEjDvgf.exe
  2⤵
  PID:4464
- C:\Windows\System\eOGDcVJ.exe
  C:\Windows\System\eOGDcVJ.exe
  2⤵
  PID:4436
- C:\Windows\System\vxJpizF.exe
  C:\Windows\System\vxJpizF.exe
  2⤵
  PID:4728
- C:\Windows\System\gAxyrhT.exe
  C:\Windows\System\gAxyrhT.exe
  2⤵
  PID:4764
- C:\Windows\System\WjhcAwQ.exe
  C:\Windows\System\WjhcAwQ.exe
  2⤵
  PID:4848
- C:\Windows\System\TLdeLHX.exe
  C:\Windows\System\TLdeLHX.exe
  2⤵
  PID:4892
- C:\Windows\System\tyjWZSd.exe
  C:\Windows\System\tyjWZSd.exe
  2⤵
  PID:4968
- C:\Windows\System\aGKinfN.exe
  C:\Windows\System\aGKinfN.exe
  2⤵
  PID:5068
- C:\Windows\System\fnHKwfy.exe
  C:\Windows\System\fnHKwfy.exe
  2⤵
  PID:3968
- C:\Windows\System\XdVhbXg.exe
  C:\Windows\System\XdVhbXg.exe
  2⤵
  PID:3084
- C:\Windows\System\AFZcXrJ.exe
  C:\Windows\System\AFZcXrJ.exe
  2⤵
  PID:4524
- C:\Windows\System\mSiXkwM.exe
  C:\Windows\System\mSiXkwM.exe
  2⤵
  PID:4604
- C:\Windows\System\cBlYJVI.exe
  C:\Windows\System\cBlYJVI.exe
  2⤵
  PID:4136
- C:\Windows\System\JSjiUmn.exe
  C:\Windows\System\JSjiUmn.exe
  2⤵
  PID:4708
- C:\Windows\System\kSfdBaV.exe
  C:\Windows\System\kSfdBaV.exe
  2⤵
  PID:4328
- C:\Windows\System\BIrSQgW.exe
  C:\Windows\System\BIrSQgW.exe
  2⤵
  PID:4780
- C:\Windows\System\lGZHZYw.exe
  C:\Windows\System\lGZHZYw.exe
  2⤵
  PID:4828
- C:\Windows\System\pVMXreR.exe
  C:\Windows\System\pVMXreR.exe
  2⤵
  PID:4820
- C:\Windows\System\TiMISRQ.exe
  C:\Windows\System\TiMISRQ.exe
  2⤵
  PID:4704
- C:\Windows\System\azcBSsj.exe
  C:\Windows\System\azcBSsj.exe
  2⤵
  PID:4876
- C:\Windows\System\UfsmXoX.exe
  C:\Windows\System\UfsmXoX.exe
  2⤵
  PID:4148
- C:\Windows\System\LsKRCoY.exe
  C:\Windows\System\LsKRCoY.exe
  2⤵
  PID:4304
- C:\Windows\System\wOLaKLa.exe
  C:\Windows\System\wOLaKLa.exe
  2⤵
  PID:4288
- C:\Windows\System\uGXUoDC.exe
  C:\Windows\System\uGXUoDC.exe
  2⤵
  PID:4168
- C:\Windows\System\rlUQYCM.exe
  C:\Windows\System\rlUQYCM.exe
  2⤵
  PID:3468
- C:\Windows\System\eZxSgBj.exe
  C:\Windows\System\eZxSgBj.exe
  2⤵
  PID:4048
- C:\Windows\System\lJbZnbT.exe
  C:\Windows\System\lJbZnbT.exe
  2⤵
  PID:5080
- C:\Windows\System\KLFwFyW.exe
  C:\Windows\System\KLFwFyW.exe
  2⤵
  PID:5016
- C:\Windows\System\GHZFOjn.exe
  C:\Windows\System\GHZFOjn.exe
  2⤵
  PID:4724
- C:\Windows\System\YrvKeoV.exe
  C:\Windows\System\YrvKeoV.exe
  2⤵
  PID:4540
- C:\Windows\System\xyHzcsH.exe
  C:\Windows\System\xyHzcsH.exe
  2⤵
  PID:4580
- C:\Windows\System\SoXQeaX.exe
  C:\Windows\System\SoXQeaX.exe
  2⤵
  PID:4364
- C:\Windows\System\PmxXHDd.exe
  C:\Windows\System\PmxXHDd.exe
  2⤵
  PID:4440
- C:\Windows\System\brXIFeZ.exe
  C:\Windows\System\brXIFeZ.exe
  2⤵
  PID:5100
- C:\Windows\System\FsEQZNs.exe
  C:\Windows\System\FsEQZNs.exe
  2⤵
  PID:4400
- C:\Windows\System\NQObNzb.exe
  C:\Windows\System\NQObNzb.exe
  2⤵
  PID:4492
- C:\Windows\System\SUjUWnJ.exe
  C:\Windows\System\SUjUWnJ.exe
  2⤵
  PID:4260
- C:\Windows\System\ncaRDvU.exe
  C:\Windows\System\ncaRDvU.exe
  2⤵
  PID:4744
- C:\Windows\System\JvCqUTO.exe
  C:\Windows\System\JvCqUTO.exe
  2⤵
  PID:4344
- C:\Windows\System\NVgLncO.exe
  C:\Windows\System\NVgLncO.exe
  2⤵
  PID:4348
- C:\Windows\System\lshUwIL.exe
  C:\Windows\System\lshUwIL.exe
  2⤵
  PID:5004
- C:\Windows\System\svlrach.exe
  C:\Windows\System\svlrach.exe
  2⤵
  PID:4600
- C:\Windows\System\zdBaMxB.exe
  C:\Windows\System\zdBaMxB.exe
  2⤵
  PID:4104
- C:\Windows\System\MLozxFw.exe
  C:\Windows\System\MLozxFw.exe
  2⤵
  PID:5112
- C:\Windows\System\LCJZUYS.exe
  C:\Windows\System\LCJZUYS.exe
  2⤵
  PID:4544
- C:\Windows\System\KWtToft.exe
  C:\Windows\System\KWtToft.exe
  2⤵
  PID:4872
- C:\Windows\System\bEjkYAE.exe
  C:\Windows\System\bEjkYAE.exe
  2⤵
  PID:4656
- C:\Windows\System\rhhpwwG.exe
  C:\Windows\System\rhhpwwG.exe
  2⤵
  PID:4196
- C:\Windows\System\ppkcRGn.exe
  C:\Windows\System\ppkcRGn.exe
  2⤵
  PID:4216
- C:\Windows\System\TKYeorv.exe
  C:\Windows\System\TKYeorv.exe
  2⤵
  PID:4612
- C:\Windows\System\caGdvVG.exe
  C:\Windows\System\caGdvVG.exe
  2⤵
  PID:4132
- C:\Windows\System\wltofae.exe
  C:\Windows\System\wltofae.exe
  2⤵
  PID:4748
- C:\Windows\System\LRZUmhI.exe
  C:\Windows\System\LRZUmhI.exe
  2⤵
  PID:5032
- C:\Windows\System\kRzBXhJ.exe
  C:\Windows\System\kRzBXhJ.exe
  2⤵
  PID:5136
- C:\Windows\System\WbsPlQp.exe
  C:\Windows\System\WbsPlQp.exe
  2⤵
  PID:5152
- C:\Windows\System\RxSzSRo.exe
  C:\Windows\System\RxSzSRo.exe
  2⤵
  PID:5176
- C:\Windows\System\OvJjWKw.exe
  C:\Windows\System\OvJjWKw.exe
  2⤵
  PID:5204
- C:\Windows\System\yMTjLiC.exe
  C:\Windows\System\yMTjLiC.exe
  2⤵
  PID:5220
- C:\Windows\System\JcaqupL.exe
  C:\Windows\System\JcaqupL.exe
  2⤵
  PID:5244
- C:\Windows\System\syufNsC.exe
  C:\Windows\System\syufNsC.exe
  2⤵
  PID:5264
- C:\Windows\System\vKPmEln.exe
  C:\Windows\System\vKPmEln.exe
  2⤵
  PID:5288
- C:\Windows\System\ojkPYLh.exe
  C:\Windows\System\ojkPYLh.exe
  2⤵
  PID:5308
- C:\Windows\System\MLnwinX.exe
  C:\Windows\System\MLnwinX.exe
  2⤵
  PID:5328
- C:\Windows\System\dVQAuTV.exe
  C:\Windows\System\dVQAuTV.exe
  2⤵
  PID:5352
- C:\Windows\System\xkttTGI.exe
  C:\Windows\System\xkttTGI.exe
  2⤵
  PID:5376
- C:\Windows\System\jslhqwf.exe
  C:\Windows\System\jslhqwf.exe
  2⤵
  PID:5396
- C:\Windows\System\flxeOrC.exe
  C:\Windows\System\flxeOrC.exe
  2⤵
  PID:5412
- C:\Windows\System\jPGWIGa.exe
  C:\Windows\System\jPGWIGa.exe
  2⤵
  PID:5432
- C:\Windows\System\muVHhtJ.exe
  C:\Windows\System\muVHhtJ.exe
  2⤵
  PID:5456
- C:\Windows\System\jaViYLq.exe
  C:\Windows\System\jaViYLq.exe
  2⤵
  PID:5476
- C:\Windows\System\OxnNkqt.exe
  C:\Windows\System\OxnNkqt.exe
  2⤵
  PID:5500
- C:\Windows\System\cLSGzec.exe
  C:\Windows\System\cLSGzec.exe
  2⤵
  PID:5520
- C:\Windows\System\PuLKPJJ.exe
  C:\Windows\System\PuLKPJJ.exe
  2⤵
  PID:5536
- C:\Windows\System\PxbhuFE.exe
  C:\Windows\System\PxbhuFE.exe
  2⤵
  PID:5556
- C:\Windows\System\BZYfXws.exe
  C:\Windows\System\BZYfXws.exe
  2⤵
  PID:5580
- C:\Windows\System\sMHUaKK.exe
  C:\Windows\System\sMHUaKK.exe
  2⤵
  PID:5600
- C:\Windows\System\FOZlWII.exe
  C:\Windows\System\FOZlWII.exe
  2⤵
  PID:5616
- C:\Windows\System\nDVCCpl.exe
  C:\Windows\System\nDVCCpl.exe
  2⤵
  PID:5640
- C:\Windows\System\AmJdNZi.exe
  C:\Windows\System\AmJdNZi.exe
  2⤵
  PID:5660
- C:\Windows\System\cJPmXoJ.exe
  C:\Windows\System\cJPmXoJ.exe
  2⤵
  PID:5680
- C:\Windows\System\CaytTNJ.exe
  C:\Windows\System\CaytTNJ.exe
  2⤵
  PID:5696
- C:\Windows\System\vICuTIe.exe
  C:\Windows\System\vICuTIe.exe
  2⤵
  PID:5712
- C:\Windows\System\IuYGkvs.exe
  C:\Windows\System\IuYGkvs.exe
  2⤵
  PID:5740
- C:\Windows\System\Bzyvslv.exe
  C:\Windows\System\Bzyvslv.exe
  2⤵
  PID:5756
- C:\Windows\System\oxNgHyd.exe
  C:\Windows\System\oxNgHyd.exe
  2⤵
  PID:5776
- C:\Windows\System\IGIoFUq.exe
  C:\Windows\System\IGIoFUq.exe
  2⤵
  PID:5796
- C:\Windows\System\CKlWDOB.exe
  C:\Windows\System\CKlWDOB.exe
  2⤵
  PID:5816
- C:\Windows\System\JIrmKlh.exe
  C:\Windows\System\JIrmKlh.exe
  2⤵
  PID:5836
- C:\Windows\System\VPPfZmS.exe
  C:\Windows\System\VPPfZmS.exe
  2⤵
  PID:5856
- C:\Windows\System\hfSEOby.exe
  C:\Windows\System\hfSEOby.exe
  2⤵
  PID:5872
- C:\Windows\System\RIuRVKQ.exe
  C:\Windows\System\RIuRVKQ.exe
  2⤵
  PID:5896
- C:\Windows\System\XUiNDGR.exe
  C:\Windows\System\XUiNDGR.exe
  2⤵
  PID:5916
- C:\Windows\System\xVIglab.exe
  C:\Windows\System\xVIglab.exe
  2⤵
  PID:5940
- C:\Windows\System\UAxdiAe.exe
  C:\Windows\System\UAxdiAe.exe
  2⤵
  PID:5956
- C:\Windows\System\vrodTDs.exe
  C:\Windows\System\vrodTDs.exe
  2⤵
  PID:5976
- C:\Windows\System\hxacPxJ.exe
  C:\Windows\System\hxacPxJ.exe
  2⤵
  PID:5996
- C:\Windows\System\JUBUzkV.exe
  C:\Windows\System\JUBUzkV.exe
  2⤵
  PID:6016
- C:\Windows\System\gwtBApC.exe
  C:\Windows\System\gwtBApC.exe
  2⤵
  PID:6036
- C:\Windows\System\iwgvbme.exe
  C:\Windows\System\iwgvbme.exe
  2⤵
  PID:6052
- C:\Windows\System\WzTMQuD.exe
  C:\Windows\System\WzTMQuD.exe
  2⤵
  PID:6080
- C:\Windows\System\mfeetYS.exe
  C:\Windows\System\mfeetYS.exe
  2⤵
  PID:6100
- C:\Windows\System\jKEoROe.exe
  C:\Windows\System\jKEoROe.exe
  2⤵
  PID:6116
- C:\Windows\System\LutlZXC.exe
  C:\Windows\System\LutlZXC.exe
  2⤵
  PID:6132
- C:\Windows\System\xPVUeFa.exe
  C:\Windows\System\xPVUeFa.exe
  2⤵
  PID:4116
- C:\Windows\System\XjVMdAr.exe
  C:\Windows\System\XjVMdAr.exe
  2⤵
  PID:4952
- C:\Windows\System\OcjwABO.exe
  C:\Windows\System\OcjwABO.exe
  2⤵
  PID:4628
- C:\Windows\System\AvuUkQH.exe
  C:\Windows\System\AvuUkQH.exe
  2⤵
  PID:4964
- C:\Windows\System\BOnHcyd.exe
  C:\Windows\System\BOnHcyd.exe
  2⤵
  PID:4508
- C:\Windows\System\yEmPXZw.exe
  C:\Windows\System\yEmPXZw.exe
  2⤵
  PID:4484
- C:\Windows\System\SvkItro.exe
  C:\Windows\System\SvkItro.exe
  2⤵
  PID:4908
- C:\Windows\System\RFZSckv.exe
  C:\Windows\System\RFZSckv.exe
  2⤵
  PID:3844
- C:\Windows\System\axEpIYs.exe
  C:\Windows\System\axEpIYs.exe
  2⤵
  PID:4776
- C:\Windows\System\pjItUZL.exe
  C:\Windows\System\pjItUZL.exe
  2⤵
  PID:5188
- C:\Windows\System\FIxQoFU.exe
  C:\Windows\System\FIxQoFU.exe
  2⤵
  PID:4388
- C:\Windows\System\TVJnbgX.exe
  C:\Windows\System\TVJnbgX.exe
  2⤵
  PID:5240
- C:\Windows\System\wlfSjcX.exe
  C:\Windows\System\wlfSjcX.exe
  2⤵
  PID:5280
- C:\Windows\System\GysRomx.exe
  C:\Windows\System\GysRomx.exe
  2⤵
  PID:5316
- C:\Windows\System\ZZvSWdi.exe
  C:\Windows\System\ZZvSWdi.exe
  2⤵
  PID:5172
- C:\Windows\System\ZGuTLYE.exe
  C:\Windows\System\ZGuTLYE.exe
  2⤵
  PID:5304
- C:\Windows\System\LkeWTFE.exe
  C:\Windows\System\LkeWTFE.exe
  2⤵
  PID:5212
- C:\Windows\System\FVjmmbv.exe
  C:\Windows\System\FVjmmbv.exe
  2⤵
  PID:5364
- C:\Windows\System\nrxPEWX.exe
  C:\Windows\System\nrxPEWX.exe
  2⤵
  PID:5440
- C:\Windows\System\MhuAJbW.exe
  C:\Windows\System\MhuAJbW.exe
  2⤵
  PID:5388
- C:\Windows\System\kexXPzk.exe
  C:\Windows\System\kexXPzk.exe
  2⤵
  PID:5484
- C:\Windows\System\FFTmjKB.exe
  C:\Windows\System\FFTmjKB.exe
  2⤵
  PID:5496
- C:\Windows\System\qEWYrsY.exe
  C:\Windows\System\qEWYrsY.exe
  2⤵
  PID:5516
- C:\Windows\System\AewAYIu.exe
  C:\Windows\System\AewAYIu.exe
  2⤵
  PID:5564
- C:\Windows\System\mtJMQSj.exe
  C:\Windows\System\mtJMQSj.exe
  2⤵
  PID:5608
- C:\Windows\System\GEGoTJX.exe
  C:\Windows\System\GEGoTJX.exe
  2⤵
  PID:5624
- C:\Windows\System\IcjpGwo.exe
  C:\Windows\System\IcjpGwo.exe
  2⤵
  PID:5652
- C:\Windows\System\VCBlOVh.exe
  C:\Windows\System\VCBlOVh.exe
  2⤵
  PID:5672
- C:\Windows\System\pCbYSWa.exe
  C:\Windows\System\pCbYSWa.exe
  2⤵
  PID:5732
- C:\Windows\System\OjHBldA.exe
  C:\Windows\System\OjHBldA.exe
  2⤵
  PID:5768
- C:\Windows\System\qKIoqxX.exe
  C:\Windows\System\qKIoqxX.exe
  2⤵
  PID:5804
- C:\Windows\System\oSIUbzE.exe
  C:\Windows\System\oSIUbzE.exe
  2⤵
  PID:5824
- C:\Windows\System\NCYVlJm.exe
  C:\Windows\System\NCYVlJm.exe
  2⤵
  PID:5852
- C:\Windows\System\qdqanNi.exe
  C:\Windows\System\qdqanNi.exe
  2⤵
  PID:5884
- C:\Windows\System\zQKAEXM.exe
  C:\Windows\System\zQKAEXM.exe
  2⤵
  PID:5972
- C:\Windows\System\RUWrfam.exe
  C:\Windows\System\RUWrfam.exe
  2⤵
  PID:6008
- C:\Windows\System\VWwDVFK.exe
  C:\Windows\System\VWwDVFK.exe
  2⤵
  PID:6124
- C:\Windows\System\GpGkcjg.exe
  C:\Windows\System\GpGkcjg.exe
  2⤵
  PID:4928
- C:\Windows\System\QRcvcmR.exe
  C:\Windows\System\QRcvcmR.exe
  2⤵
  PID:5868
- C:\Windows\System\wwHEYTD.exe
  C:\Windows\System\wwHEYTD.exe
  2⤵
  PID:5948
- C:\Windows\System\jHNRdAI.exe
  C:\Windows\System\jHNRdAI.exe
  2⤵
  PID:5184
- C:\Windows\System\qGQRWXg.exe
  C:\Windows\System\qGQRWXg.exe
  2⤵
  PID:6032
- C:\Windows\System\thuDluS.exe
  C:\Windows\System\thuDluS.exe
  2⤵
  PID:4072
- C:\Windows\System\IlnoGHH.exe
  C:\Windows\System\IlnoGHH.exe
  2⤵
  PID:6060
- C:\Windows\System\aDMqVso.exe
  C:\Windows\System\aDMqVso.exe
  2⤵
  PID:6076
- C:\Windows\System\jVfpHrh.exe
  C:\Windows\System\jVfpHrh.exe
  2⤵
  PID:5300
- C:\Windows\System\DPpfsTR.exe
  C:\Windows\System\DPpfsTR.exe
  2⤵
  PID:6108
- C:\Windows\System\uwVFTmf.exe
  C:\Windows\System\uwVFTmf.exe
  2⤵
  PID:4584
- C:\Windows\System\dtkPOgz.exe
  C:\Windows\System\dtkPOgz.exe
  2⤵
  PID:6140
- C:\Windows\System\pBSzfcf.exe
  C:\Windows\System\pBSzfcf.exe
  2⤵
  PID:5348
- C:\Windows\System\UuxcXmm.exe
  C:\Windows\System\UuxcXmm.exe
  2⤵
  PID:3036
- C:\Windows\System\wQEZtDF.exe
  C:\Windows\System\wQEZtDF.exe
  2⤵
  PID:5464
- C:\Windows\System\PmWAFMq.exe
  C:\Windows\System\PmWAFMq.exe
  2⤵
  PID:5472
- C:\Windows\System\teFRadq.exe
  C:\Windows\System\teFRadq.exe
  2⤵
  PID:5552
- C:\Windows\System\qYmGzzN.exe
  C:\Windows\System\qYmGzzN.exe
  2⤵
  PID:5408
- C:\Windows\System\NXGWoew.exe
  C:\Windows\System\NXGWoew.exe
  2⤵
  PID:5404
- C:\Windows\System\ipuouEO.exe
  C:\Windows\System\ipuouEO.exe
  2⤵
  PID:5676
- C:\Windows\System\CSglDfa.exe
  C:\Windows\System\CSglDfa.exe
  2⤵
  PID:5568
- C:\Windows\System\dAtxuwz.exe
  C:\Windows\System\dAtxuwz.exe
  2⤵
  PID:2752
- C:\Windows\System\iVUqSRy.exe
  C:\Windows\System\iVUqSRy.exe
  2⤵
  PID:5808
- C:\Windows\System\RDQKUSM.exe
  C:\Windows\System\RDQKUSM.exe
  2⤵
  PID:5752
- C:\Windows\System\XTCAeYt.exe
  C:\Windows\System\XTCAeYt.exe
  2⤵
  PID:5892
- C:\Windows\System\JXOMYvB.exe
  C:\Windows\System\JXOMYvB.exe
  2⤵
  PID:5784
- C:\Windows\System\KWFTZEV.exe
  C:\Windows\System\KWFTZEV.exe
  2⤵
  PID:6048
- C:\Windows\System\JHTQLSP.exe
  C:\Windows\System\JHTQLSP.exe
  2⤵
  PID:2184
- C:\Windows\System\XTAJjNB.exe
  C:\Windows\System\XTAJjNB.exe
  2⤵
  PID:3284
- C:\Windows\System\JEXgSxw.exe
  C:\Windows\System\JEXgSxw.exe
  2⤵
  PID:5020
- C:\Windows\System\XlCDUWM.exe
  C:\Windows\System\XlCDUWM.exe
  2⤵
  PID:5228
- C:\Windows\System\VSKMfEE.exe
  C:\Windows\System\VSKMfEE.exe
  2⤵
  PID:6024
- C:\Windows\System\GQcUJTh.exe
  C:\Windows\System\GQcUJTh.exe
  2⤵
  PID:5132
- C:\Windows\System\EcqWldJ.exe
  C:\Windows\System\EcqWldJ.exe
  2⤵
  PID:4300
- C:\Windows\System\gQwLeFK.exe
  C:\Windows\System\gQwLeFK.exe
  2⤵
  PID:5252
- C:\Windows\System\SrpnfEf.exe
  C:\Windows\System\SrpnfEf.exe
  2⤵
  PID:4192
- C:\Windows\System\ARnLvuM.exe
  C:\Windows\System\ARnLvuM.exe
  2⤵
  PID:4332
- C:\Windows\System\csThofM.exe
  C:\Windows\System\csThofM.exe
  2⤵
  PID:5164
- C:\Windows\System\EJgRgUy.exe
  C:\Windows\System\EJgRgUy.exe
  2⤵
  PID:5392
- C:\Windows\System\HlhxnQK.exe
  C:\Windows\System\HlhxnQK.exe
  2⤵
  PID:2776
- C:\Windows\System\XVCGUEK.exe
  C:\Windows\System\XVCGUEK.exe
  2⤵
  PID:5668
- C:\Windows\System\wNakxSQ.exe
  C:\Windows\System\wNakxSQ.exe
  2⤵
  PID:3028
- C:\Windows\System\ljUCtkW.exe
  C:\Windows\System\ljUCtkW.exe
  2⤵
  PID:5636
- C:\Windows\System\huUovqE.exe
  C:\Windows\System\huUovqE.exe
  2⤵
  PID:5724
- C:\Windows\System\OfqWOlY.exe
  C:\Windows\System\OfqWOlY.exe
  2⤵
  PID:5880
- C:\Windows\System\wwZVMil.exe
  C:\Windows\System\wwZVMil.exe
  2⤵
  PID:5932
- C:\Windows\System\OfiMxfm.exe
  C:\Windows\System\OfiMxfm.exe
  2⤵
  PID:2896
- C:\Windows\System\PivBdIL.exe
  C:\Windows\System\PivBdIL.exe
  2⤵
  PID:3868
- C:\Windows\System\TOJRHje.exe
  C:\Windows\System\TOJRHje.exe
  2⤵
  PID:2260
- C:\Windows\System\uYztqsv.exe
  C:\Windows\System\uYztqsv.exe
  2⤵
  PID:5128
- C:\Windows\System\xPnHVJI.exe
  C:\Windows\System\xPnHVJI.exe
  2⤵
  PID:3008
- C:\Windows\System\mwsogBE.exe
  C:\Windows\System\mwsogBE.exe
  2⤵
  PID:4184
- C:\Windows\System\dhjsbDb.exe
  C:\Windows\System\dhjsbDb.exe
  2⤵
  PID:5168
- C:\Windows\System\GDaRCTF.exe
  C:\Windows\System\GDaRCTF.exe
  2⤵
  PID:5420
- C:\Windows\System\iOpSLJq.exe
  C:\Windows\System\iOpSLJq.exe
  2⤵
  PID:5576
- C:\Windows\System\NhXfork.exe
  C:\Windows\System\NhXfork.exe
  2⤵
  PID:2644
- C:\Windows\System\UKHOfCw.exe
  C:\Windows\System\UKHOfCw.exe
  2⤵
  PID:2316
- C:\Windows\System\ICkCBVR.exe
  C:\Windows\System\ICkCBVR.exe
  2⤵
  PID:5708
- C:\Windows\System\XNgxfrM.exe
  C:\Windows\System\XNgxfrM.exe
  2⤵
  PID:5936
- C:\Windows\System\obvXtwk.exe
  C:\Windows\System\obvXtwk.exe
  2⤵
  PID:6092
- C:\Windows\System\LRaAvPZ.exe
  C:\Windows\System\LRaAvPZ.exe
  2⤵
  PID:5864
- C:\Windows\System\RsLyBqT.exe
  C:\Windows\System\RsLyBqT.exe
  2⤵
  PID:5296
- C:\Windows\System\DskFwDN.exe
  C:\Windows\System\DskFwDN.exe
  2⤵
  PID:2740
- C:\Windows\System\FUYuhLo.exe
  C:\Windows\System\FUYuhLo.exe
  2⤵
  PID:4416
- C:\Windows\System\pNRTqzr.exe
  C:\Windows\System\pNRTqzr.exe
  2⤵
  PID:5424
- C:\Windows\System\gSCOcBO.exe
  C:\Windows\System\gSCOcBO.exe
  2⤵
  PID:1864
- C:\Windows\System\RprTZqQ.exe
  C:\Windows\System\RprTZqQ.exe
  2⤵
  PID:5532
- C:\Windows\System\HYkPFsW.exe
  C:\Windows\System\HYkPFsW.exe
  2⤵
  PID:5964
- C:\Windows\System\oehJWLo.exe
  C:\Windows\System\oehJWLo.exe
  2⤵
  PID:5908
- C:\Windows\System\AofsREt.exe
  C:\Windows\System\AofsREt.exe
  2⤵
  PID:6096
- C:\Windows\System\LVCDVlX.exe
  C:\Windows\System\LVCDVlX.exe
  2⤵
  PID:5064
- C:\Windows\System\ujeyEZf.exe
  C:\Windows\System\ujeyEZf.exe
  2⤵
  PID:4268
- C:\Windows\System\oHngwxe.exe
  C:\Windows\System\oHngwxe.exe
  2⤵
  PID:2536
- C:\Windows\System\WRyIAzO.exe
  C:\Windows\System\WRyIAzO.exe
  2⤵
  PID:2772
- C:\Windows\System\ygjspSF.exe
  C:\Windows\System\ygjspSF.exe
  2⤵
  PID:540
- C:\Windows\System\WzTmxDZ.exe
  C:\Windows\System\WzTmxDZ.exe
  2⤵
  PID:4644
- C:\Windows\System\sIYcuUF.exe
  C:\Windows\System\sIYcuUF.exe
  2⤵
  PID:6156
- C:\Windows\System\zBhQqkY.exe
  C:\Windows\System\zBhQqkY.exe
  2⤵
  PID:6172
- C:\Windows\System\FEOTxDN.exe
  C:\Windows\System\FEOTxDN.exe
  2⤵
  PID:6188
- C:\Windows\System\tILcosU.exe
  C:\Windows\System\tILcosU.exe
  2⤵
  PID:6204
- C:\Windows\System\NoriyBS.exe
  C:\Windows\System\NoriyBS.exe
  2⤵
  PID:6220
- C:\Windows\System\YsrYIvK.exe
  C:\Windows\System\YsrYIvK.exe
  2⤵
  PID:6240
- C:\Windows\System\gphvxlp.exe
  C:\Windows\System\gphvxlp.exe
  2⤵
  PID:6256
- C:\Windows\System\DmgHwbL.exe
  C:\Windows\System\DmgHwbL.exe
  2⤵
  PID:6276
- C:\Windows\System\ZMfIgPV.exe
  C:\Windows\System\ZMfIgPV.exe
  2⤵
  PID:6292
- C:\Windows\System\YFzxirA.exe
  C:\Windows\System\YFzxirA.exe
  2⤵
  PID:6308
- C:\Windows\System\QJUztqg.exe
  C:\Windows\System\QJUztqg.exe
  2⤵
  PID:6324
- C:\Windows\System\nyledlu.exe
  C:\Windows\System\nyledlu.exe
  2⤵
  PID:6340
- C:\Windows\System\hNFEJpR.exe
  C:\Windows\System\hNFEJpR.exe
  2⤵
  PID:6356
- C:\Windows\System\KlzZHee.exe
  C:\Windows\System\KlzZHee.exe
  2⤵
  PID:6388
- C:\Windows\System\NsLkrlM.exe
  C:\Windows\System\NsLkrlM.exe
  2⤵
  PID:6408
- C:\Windows\System\iZEEbDa.exe
  C:\Windows\System\iZEEbDa.exe
  2⤵
  PID:6428
- C:\Windows\System\GWzzeQU.exe
  C:\Windows\System\GWzzeQU.exe
  2⤵
  PID:6444
- C:\Windows\System\dhlsmaN.exe
  C:\Windows\System\dhlsmaN.exe
  2⤵
  PID:6460
- C:\Windows\System\JHmDWGB.exe
  C:\Windows\System\JHmDWGB.exe
  2⤵
  PID:6476
- C:\Windows\System\cDgWnpJ.exe
  C:\Windows\System\cDgWnpJ.exe
  2⤵
  PID:6492
- C:\Windows\System\uOnUqgS.exe
  C:\Windows\System\uOnUqgS.exe
  2⤵
  PID:6508
- C:\Windows\System\FeclbdH.exe
  C:\Windows\System\FeclbdH.exe
  2⤵
  PID:6524
- C:\Windows\System\jCJsrrM.exe
  C:\Windows\System\jCJsrrM.exe
  2⤵
  PID:6540
- C:\Windows\System\ObjxlMo.exe
  C:\Windows\System\ObjxlMo.exe
  2⤵
  PID:6560
- C:\Windows\System\afleHKc.exe
  C:\Windows\System\afleHKc.exe
  2⤵
  PID:6584
- C:\Windows\System\zWfBGNH.exe
  C:\Windows\System\zWfBGNH.exe
  2⤵
  PID:6600
- C:\Windows\System\glHJyfD.exe
  C:\Windows\System\glHJyfD.exe
  2⤵
  PID:6616
- C:\Windows\System\kNSmUKq.exe
  C:\Windows\System\kNSmUKq.exe
  2⤵
  PID:6632
- C:\Windows\System\EaURbqm.exe
  C:\Windows\System\EaURbqm.exe
  2⤵
  PID:6648
- C:\Windows\System\JIBUaij.exe
  C:\Windows\System\JIBUaij.exe
  2⤵
  PID:6664
- C:\Windows\System\lKtspcE.exe
  C:\Windows\System\lKtspcE.exe
  2⤵
  PID:6692
- C:\Windows\System\EdwBFDU.exe
  C:\Windows\System\EdwBFDU.exe
  2⤵
  PID:6708
- C:\Windows\System\jegcjqz.exe
  C:\Windows\System\jegcjqz.exe
  2⤵
  PID:6724
- C:\Windows\System\lHaWjbt.exe
  C:\Windows\System\lHaWjbt.exe
  2⤵
  PID:6744
- C:\Windows\System\XJikxmp.exe
  C:\Windows\System\XJikxmp.exe
  2⤵
  PID:6828
- C:\Windows\System\oexjMzA.exe
  C:\Windows\System\oexjMzA.exe
  2⤵
  PID:6944
- C:\Windows\System\BaIfrlr.exe
  C:\Windows\System\BaIfrlr.exe
  2⤵
  PID:6960
- C:\Windows\System\YpMjBtt.exe
  C:\Windows\System\YpMjBtt.exe
  2⤵
  PID:6976
- C:\Windows\System\zGcJASm.exe
  C:\Windows\System\zGcJASm.exe
  2⤵
  PID:6992
- C:\Windows\System\kcxiPEh.exe
  C:\Windows\System\kcxiPEh.exe
  2⤵
  PID:7008
- C:\Windows\System\gBgyAfM.exe
  C:\Windows\System\gBgyAfM.exe
  2⤵
  PID:7028
- C:\Windows\System\hTOAbWl.exe
  C:\Windows\System\hTOAbWl.exe
  2⤵
  PID:7060
- C:\Windows\System\KfVPBYk.exe
  C:\Windows\System\KfVPBYk.exe
  2⤵
  PID:7076
- C:\Windows\System\MpkvLXH.exe
  C:\Windows\System\MpkvLXH.exe
  2⤵
  PID:7092
- C:\Windows\System\CwomAev.exe
  C:\Windows\System\CwomAev.exe
  2⤵
  PID:7108
- C:\Windows\System\AZPmlLR.exe
  C:\Windows\System\AZPmlLR.exe
  2⤵
  PID:7128
- C:\Windows\System\GjJODgW.exe
  C:\Windows\System\GjJODgW.exe
  2⤵
  PID:7144
- C:\Windows\System\vicoIXx.exe
  C:\Windows\System\vicoIXx.exe
  2⤵
  PID:7164
- C:\Windows\System\jkpHoQp.exe
  C:\Windows\System\jkpHoQp.exe
  2⤵
  PID:2432
- C:\Windows\System\jbKPUJB.exe
  C:\Windows\System\jbKPUJB.exe
  2⤵
  PID:5788
- C:\Windows\System\FImoFKF.exe
  C:\Windows\System\FImoFKF.exe
  2⤵
  PID:2236
- C:\Windows\System\fuYXtKT.exe
  C:\Windows\System\fuYXtKT.exe
  2⤵
  PID:6212
- C:\Windows\System\rsSJCyK.exe
  C:\Windows\System\rsSJCyK.exe
  2⤵
  PID:6284
- C:\Windows\System\qULdraN.exe
  C:\Windows\System\qULdraN.exe
  2⤵
  PID:6436
- C:\Windows\System\PjNdqyE.exe
  C:\Windows\System\PjNdqyE.exe
  2⤵
  PID:6504
- C:\Windows\System\TwRorkX.exe
  C:\Windows\System\TwRorkX.exe
  2⤵
  PID:6556
- C:\Windows\System\VbVLTOO.exe
  C:\Windows\System\VbVLTOO.exe
  2⤵
  PID:6624
- C:\Windows\System\MquwJOR.exe
  C:\Windows\System\MquwJOR.exe
  2⤵
  PID:6732
- C:\Windows\System\QUYgBxs.exe
  C:\Windows\System\QUYgBxs.exe
  2⤵
  PID:1924
- C:\Windows\System\VYTXvtw.exe
  C:\Windows\System\VYTXvtw.exe
  2⤵
  PID:2824
- C:\Windows\System\VLJjVnG.exe
  C:\Windows\System\VLJjVnG.exe
  2⤵
  PID:6676
- C:\Windows\System\nTHKFWI.exe
  C:\Windows\System\nTHKFWI.exe
  2⤵
  PID:2660
- C:\Windows\System\GymFrWf.exe
  C:\Windows\System\GymFrWf.exe
  2⤵
  PID:2708
- C:\Windows\System\rUcFLay.exe
  C:\Windows\System\rUcFLay.exe
  2⤵
  PID:6272
- C:\Windows\System\aOJGhaw.exe
  C:\Windows\System\aOJGhaw.exe
  2⤵
  PID:6420
- C:\Windows\System\fBXfcHz.exe
  C:\Windows\System\fBXfcHz.exe
  2⤵
  PID:6520
- C:\Windows\System\JcbmRoy.exe
  C:\Windows\System\JcbmRoy.exe
  2⤵
  PID:6640
- C:\Windows\System\ZLyxPzo.exe
  C:\Windows\System\ZLyxPzo.exe
  2⤵
  PID:6164
- C:\Windows\System\qwHxFEk.exe
  C:\Windows\System\qwHxFEk.exe
  2⤵
  PID:6368
- C:\Windows\System\UxMviuQ.exe
  C:\Windows\System\UxMviuQ.exe
  2⤵
  PID:6300
- C:\Windows\System\spzyXcx.exe
  C:\Windows\System\spzyXcx.exe
  2⤵
  PID:1988
- C:\Windows\System\gqjpIXs.exe
  C:\Windows\System\gqjpIXs.exe
  2⤵
  PID:6848
- C:\Windows\System\TStAlLh.exe
  C:\Windows\System\TStAlLh.exe
  2⤵
  PID:6868
- C:\Windows\System\jpqjxnA.exe
  C:\Windows\System\jpqjxnA.exe
  2⤵
  PID:6888
- C:\Windows\System\dSvdZyD.exe
  C:\Windows\System\dSvdZyD.exe
  2⤵
  PID:2924
- C:\Windows\System\DapCmab.exe
  C:\Windows\System\DapCmab.exe
  2⤵
  PID:6924
- C:\Windows\System\vmoAoSY.exe
  C:\Windows\System\vmoAoSY.exe
  2⤵
  PID:6968
- C:\Windows\System\mjwwfoV.exe
  C:\Windows\System\mjwwfoV.exe
  2⤵
  PID:7036
- C:\Windows\System\wZTUgiT.exe
  C:\Windows\System\wZTUgiT.exe
  2⤵
  PID:6952
- C:\Windows\System\jFCjBsR.exe
  C:\Windows\System\jFCjBsR.exe
  2⤵
  PID:7020
- C:\Windows\System\TGCHxyB.exe
  C:\Windows\System\TGCHxyB.exe
  2⤵
  PID:7100
- C:\Windows\System\lRcKsmZ.exe
  C:\Windows\System\lRcKsmZ.exe
  2⤵
  PID:5844
- C:\Windows\System\KpNYTUd.exe
  C:\Windows\System\KpNYTUd.exe
  2⤵
  PID:2404
- C:\Windows\System\pXVpHXf.exe
  C:\Windows\System\pXVpHXf.exe
  2⤵
  PID:7116
- C:\Windows\System\ACNEReP.exe
  C:\Windows\System\ACNEReP.exe
  2⤵
  PID:6352
- C:\Windows\System\RMRlxDe.exe
  C:\Windows\System\RMRlxDe.exe
  2⤵
  PID:6396
- C:\Windows\System\DVELWci.exe
  C:\Windows\System\DVELWci.exe
  2⤵
  PID:6148
- C:\Windows\System\PRTutwK.exe
  C:\Windows\System\PRTutwK.exe
  2⤵
  PID:6592
- C:\Windows\System\PdgTsTs.exe
  C:\Windows\System\PdgTsTs.exe
  2⤵
  PID:6740
- C:\Windows\System\bqlUzoC.exe
  C:\Windows\System\bqlUzoC.exe
  2⤵
  PID:6644
- C:\Windows\System\DUljssi.exe
  C:\Windows\System\DUljssi.exe
  2⤵
  PID:2220
- C:\Windows\System\gSnMFuD.exe
  C:\Windows\System\gSnMFuD.exe
  2⤵
  PID:6404
- C:\Windows\System\xNVsFcm.exe
  C:\Windows\System\xNVsFcm.exe
  2⤵
  PID:1696
- C:\Windows\System\poIouzY.exe
  C:\Windows\System\poIouzY.exe
  2⤵
  PID:6904
- C:\Windows\System\KnXBLwe.exe
  C:\Windows\System\KnXBLwe.exe
  2⤵
  PID:6376
- C:\Windows\System\XrCaaUX.exe
  C:\Windows\System\XrCaaUX.exe
  2⤵
  PID:6612
- C:\Windows\System\Wxpzwho.exe
  C:\Windows\System\Wxpzwho.exe
  2⤵
  PID:6264
- C:\Windows\System\cRxWcUe.exe
  C:\Windows\System\cRxWcUe.exe
  2⤵
  PID:6516
- C:\Windows\System\KfZtqCF.exe
  C:\Windows\System\KfZtqCF.exe
  2⤵
  PID:6304
- C:\Windows\System\YuHfgkj.exe
  C:\Windows\System\YuHfgkj.exe
  2⤵
  PID:1788
- C:\Windows\System\JrlotCM.exe
  C:\Windows\System\JrlotCM.exe
  2⤵
  PID:6908
- C:\Windows\System\eZgWZNY.exe
  C:\Windows\System\eZgWZNY.exe
  2⤵
  PID:6940
- C:\Windows\System\dvuueDE.exe
  C:\Windows\System\dvuueDE.exe
  2⤵
  PID:7072
- C:\Windows\System\dvbgVrp.exe
  C:\Windows\System\dvbgVrp.exe
  2⤵
  PID:7120
- C:\Windows\System\phwIatY.exe
  C:\Windows\System\phwIatY.exe
  2⤵
  PID:6316
- C:\Windows\System\MCgOYqh.exe
  C:\Windows\System\MCgOYqh.exe
  2⤵
  PID:6736
- C:\Windows\System\AQgRnYw.exe
  C:\Windows\System\AQgRnYw.exe
  2⤵
  PID:6552
- C:\Windows\System\uQUkeZA.exe
  C:\Windows\System\uQUkeZA.exe
  2⤵
  PID:7160
- C:\Windows\System\QzyaMDa.exe
  C:\Windows\System\QzyaMDa.exe
  2⤵
  PID:1736
- C:\Windows\System\LBlzlkv.exe
  C:\Windows\System\LBlzlkv.exe
  2⤵
  PID:7040
- C:\Windows\System\ePvGlNF.exe
  C:\Windows\System\ePvGlNF.exe
  2⤵
  PID:2464
- C:\Windows\System\nHfMCSu.exe
  C:\Windows\System\nHfMCSu.exe
  2⤵
  PID:6932
- C:\Windows\System\eoHfeGm.exe
  C:\Windows\System\eoHfeGm.exe
  2⤵
  PID:6500
- C:\Windows\System\NcqfCTs.exe
  C:\Windows\System\NcqfCTs.exe
  2⤵
  PID:6252
- C:\Windows\System\MMTncXQ.exe
  C:\Windows\System\MMTncXQ.exe
  2⤵
  PID:6872
- C:\Windows\System\oJMZKcE.exe
  C:\Windows\System\oJMZKcE.exe
  2⤵
  PID:1944
- C:\Windows\System\DpQCMSZ.exe
  C:\Windows\System\DpQCMSZ.exe
  2⤵
  PID:6884
- C:\Windows\System\nhJaAte.exe
  C:\Windows\System\nhJaAte.exe
  2⤵
  PID:6988
- C:\Windows\System\ZUVSERX.exe
  C:\Windows\System\ZUVSERX.exe
  2⤵
  PID:7140
- C:\Windows\System\gZIlplB.exe
  C:\Windows\System\gZIlplB.exe
  2⤵
  PID:868
- C:\Windows\System\tLNqYmO.exe
  C:\Windows\System\tLNqYmO.exe
  2⤵
  PID:6660
- C:\Windows\System\oRTqfRM.exe
  C:\Windows\System\oRTqfRM.exe
  2⤵
  PID:6452
- C:\Windows\System\YASOeXb.exe
  C:\Windows\System\YASOeXb.exe
  2⤵
  PID:6332
- C:\Windows\System\ygTNXGv.exe
  C:\Windows\System\ygTNXGv.exe
  2⤵
  PID:6720
- C:\Windows\System\bZYJsBC.exe
  C:\Windows\System\bZYJsBC.exe
  2⤵
  PID:6936
- C:\Windows\System\mJoVejI.exe
  C:\Windows\System\mJoVejI.exe
  2⤵
  PID:7176
- C:\Windows\System\XmTiGSY.exe
  C:\Windows\System\XmTiGSY.exe
  2⤵
  PID:7192
- C:\Windows\System\BfKrIZj.exe
  C:\Windows\System\BfKrIZj.exe
  2⤵
  PID:7212
- C:\Windows\System\KZDZdaR.exe
  C:\Windows\System\KZDZdaR.exe
  2⤵
  PID:7228
- C:\Windows\System\sLKhwid.exe
  C:\Windows\System\sLKhwid.exe
  2⤵
  PID:7248
- C:\Windows\System\Xwsmfgx.exe
  C:\Windows\System\Xwsmfgx.exe
  2⤵
  PID:7268
- C:\Windows\System\ZdCTDnR.exe
  C:\Windows\System\ZdCTDnR.exe
  2⤵
  PID:7288
- C:\Windows\System\cDZIigT.exe
  C:\Windows\System\cDZIigT.exe
  2⤵
  PID:7304
- C:\Windows\System\CKcvIjI.exe
  C:\Windows\System\CKcvIjI.exe
  2⤵
  PID:7324
- C:\Windows\System\FLmlJPo.exe
  C:\Windows\System\FLmlJPo.exe
  2⤵
  PID:7356
- C:\Windows\System\DkYqPug.exe
  C:\Windows\System\DkYqPug.exe
  2⤵
  PID:7392
- C:\Windows\System\fJEhjUj.exe
  C:\Windows\System\fJEhjUj.exe
  2⤵
  PID:7436
- C:\Windows\System\CzrVXaw.exe
  C:\Windows\System\CzrVXaw.exe
  2⤵
  PID:7452
- C:\Windows\System\IficqIX.exe
  C:\Windows\System\IficqIX.exe
  2⤵
  PID:7468
- C:\Windows\System\KBArsxg.exe
  C:\Windows\System\KBArsxg.exe
  2⤵
  PID:7488
- C:\Windows\System\KduvcPe.exe
  C:\Windows\System\KduvcPe.exe
  2⤵
  PID:7504
- C:\Windows\System\QloPHDy.exe
  C:\Windows\System\QloPHDy.exe
  2⤵
  PID:7520
- C:\Windows\System\VMNPXzZ.exe
  C:\Windows\System\VMNPXzZ.exe
  2⤵
  PID:7536
- C:\Windows\System\ZQhoelU.exe
  C:\Windows\System\ZQhoelU.exe
  2⤵
  PID:7556
- C:\Windows\System\bqoTlFA.exe
  C:\Windows\System\bqoTlFA.exe
  2⤵
  PID:7572
- C:\Windows\System\WzNYmLN.exe
  C:\Windows\System\WzNYmLN.exe
  2⤵
  PID:7588
- C:\Windows\System\JfAmeke.exe
  C:\Windows\System\JfAmeke.exe
  2⤵
  PID:7604
- C:\Windows\System\tnHqFQT.exe
  C:\Windows\System\tnHqFQT.exe
  2⤵
  PID:7652
- C:\Windows\System\lAEuvHv.exe
  C:\Windows\System\lAEuvHv.exe
  2⤵
  PID:7668
- C:\Windows\System\vVWqMsw.exe
  C:\Windows\System\vVWqMsw.exe
  2⤵
  PID:7700
- C:\Windows\System\wzYhIhn.exe
  C:\Windows\System\wzYhIhn.exe
  2⤵
  PID:7716
- C:\Windows\System\AGwOLFH.exe
  C:\Windows\System\AGwOLFH.exe
  2⤵
  PID:7732
- C:\Windows\System\uoeMBHr.exe
  C:\Windows\System\uoeMBHr.exe
  2⤵
  PID:7748
- C:\Windows\System\ctQCGWV.exe
  C:\Windows\System\ctQCGWV.exe
  2⤵
  PID:7768
- C:\Windows\System\IonxvnG.exe
  C:\Windows\System\IonxvnG.exe
  2⤵
  PID:7788
- C:\Windows\System\nPwLzcr.exe
  C:\Windows\System\nPwLzcr.exe
  2⤵
  PID:7804
- C:\Windows\System\DaCNqyF.exe
  C:\Windows\System\DaCNqyF.exe
  2⤵
  PID:7820
- C:\Windows\System\sYeScrr.exe
  C:\Windows\System\sYeScrr.exe
  2⤵
  PID:7836
- C:\Windows\System\PGzBkAz.exe
  C:\Windows\System\PGzBkAz.exe
  2⤵
  PID:7852
- C:\Windows\System\wTdZWSm.exe
  C:\Windows\System\wTdZWSm.exe
  2⤵
  PID:7872
- C:\Windows\System\XXKSWTF.exe
  C:\Windows\System\XXKSWTF.exe
  2⤵
  PID:7892
- C:\Windows\System\DwFqYFi.exe
  C:\Windows\System\DwFqYFi.exe
  2⤵
  PID:7912
- C:\Windows\System\kVMYAJW.exe
  C:\Windows\System\kVMYAJW.exe
  2⤵
  PID:7928
- C:\Windows\System\LnoDAkn.exe
  C:\Windows\System\LnoDAkn.exe
  2⤵
  PID:7952
- C:\Windows\System\tDvFRwg.exe
  C:\Windows\System\tDvFRwg.exe
  2⤵
  PID:7972
- C:\Windows\System\FKgXebJ.exe
  C:\Windows\System\FKgXebJ.exe
  2⤵
  PID:7988
- C:\Windows\System\QmOKThZ.exe
  C:\Windows\System\QmOKThZ.exe
  2⤵
  PID:8004
- C:\Windows\System\goDoqXN.exe
  C:\Windows\System\goDoqXN.exe
  2⤵
  PID:8040
- C:\Windows\System\lCgAxGg.exe
  C:\Windows\System\lCgAxGg.exe
  2⤵
  PID:8060
- C:\Windows\System\EnMnnhF.exe
  C:\Windows\System\EnMnnhF.exe
  2⤵
  PID:8080
- C:\Windows\System\pJeFKnZ.exe
  C:\Windows\System\pJeFKnZ.exe
  2⤵
  PID:8120
- C:\Windows\System\usHirhD.exe
  C:\Windows\System\usHirhD.exe
  2⤵
  PID:8136
- C:\Windows\System\QdLguYo.exe
  C:\Windows\System\QdLguYo.exe
  2⤵
  PID:8152
- C:\Windows\System\IGvkFWa.exe
  C:\Windows\System\IGvkFWa.exe
  2⤵
  PID:8168
- C:\Windows\System\bQvdKeT.exe
  C:\Windows\System\bQvdKeT.exe
  2⤵
  PID:8184
- C:\Windows\System\rnQrKln.exe
  C:\Windows\System\rnQrKln.exe
  2⤵
  PID:2724
- C:\Windows\System\HwlAEfi.exe
  C:\Windows\System\HwlAEfi.exe
  2⤵
  PID:7224
- C:\Windows\System\EDzaHGN.exe
  C:\Windows\System\EDzaHGN.exe
  2⤵
  PID:7296
- C:\Windows\System\DAUMuKU.exe
  C:\Windows\System\DAUMuKU.exe
  2⤵
  PID:2396
- C:\Windows\System\rnzQskD.exe
  C:\Windows\System\rnzQskD.exe
  2⤵
  PID:2192
- C:\Windows\System\jFUWmeH.exe
  C:\Windows\System\jFUWmeH.exe
  2⤵
  PID:6248
- C:\Windows\System\TnyUhPI.exe
  C:\Windows\System\TnyUhPI.exe
  2⤵
  PID:6656
- C:\Windows\System\cfyiasH.exe
  C:\Windows\System\cfyiasH.exe
  2⤵
  PID:7208
- C:\Windows\System\CckAVtW.exe
  C:\Windows\System\CckAVtW.exe
  2⤵
  PID:7276
- C:\Windows\System\LAdepBH.exe
  C:\Windows\System\LAdepBH.exe
  2⤵
  PID:7316
- C:\Windows\System\BeJEHYi.exe
  C:\Windows\System\BeJEHYi.exe
  2⤵
  PID:7352
- C:\Windows\System\SsjETXc.exe
  C:\Windows\System\SsjETXc.exe
  2⤵
  PID:7408
- C:\Windows\System\StAMDdn.exe
  C:\Windows\System\StAMDdn.exe
  2⤵
  PID:7424
- C:\Windows\System\xtJLmLl.exe
  C:\Windows\System\xtJLmLl.exe
  2⤵
  PID:7368
- C:\Windows\System\cvUeYeW.exe
  C:\Windows\System\cvUeYeW.exe
  2⤵
  PID:7384
- C:\Windows\System\xcqttSx.exe
  C:\Windows\System\xcqttSx.exe
  2⤵
  PID:7476
- C:\Windows\System\gMKkHhk.exe
  C:\Windows\System\gMKkHhk.exe
  2⤵
  PID:7564
- C:\Windows\System\pwUSdQI.exe
  C:\Windows\System\pwUSdQI.exe
  2⤵
  PID:7552
- C:\Windows\System\hcsSEZn.exe
  C:\Windows\System\hcsSEZn.exe
  2⤵
  PID:7568
- C:\Windows\System\oMBvxVV.exe
  C:\Windows\System\oMBvxVV.exe
  2⤵
  PID:7628
- C:\Windows\System\TjFTsOo.exe
  C:\Windows\System\TjFTsOo.exe
  2⤵
  PID:7644
- C:\Windows\System\uoUSecd.exe
  C:\Windows\System\uoUSecd.exe
  2⤵
  PID:7688
- C:\Windows\System\XDMQnKO.exe
  C:\Windows\System\XDMQnKO.exe
  2⤵
  PID:7696
- C:\Windows\System\CwuLdHj.exe
  C:\Windows\System\CwuLdHj.exe
  2⤵
  PID:7780
- C:\Windows\System\RIzOhiE.exe
  C:\Windows\System\RIzOhiE.exe
  2⤵
  PID:7844
- C:\Windows\System\GAdEuLr.exe
  C:\Windows\System\GAdEuLr.exe
  2⤵
  PID:7760
- C:\Windows\System\mvGqreI.exe
  C:\Windows\System\mvGqreI.exe
  2⤵
  PID:7828
- C:\Windows\System\uYoknnB.exe
  C:\Windows\System\uYoknnB.exe
  2⤵
  PID:7868
- C:\Windows\System\nxYGaCU.exe
  C:\Windows\System\nxYGaCU.exe
  2⤵
  PID:7936
- C:\Windows\System\uBNNUUV.exe
  C:\Windows\System\uBNNUUV.exe
  2⤵
  PID:7964
- C:\Windows\System\sDszwpI.exe
  C:\Windows\System\sDszwpI.exe
  2⤵
  PID:7920
- C:\Windows\System\lIIuFwP.exe
  C:\Windows\System\lIIuFwP.exe
  2⤵
  PID:8112
- C:\Windows\System\EgGlOur.exe
  C:\Windows\System\EgGlOur.exe
  2⤵
  PID:7188
- C:\Windows\System\FVqlSjY.exe
  C:\Windows\System\FVqlSjY.exe
  2⤵
  PID:7156
- C:\Windows\System\oLAxqsV.exe
  C:\Windows\System\oLAxqsV.exe
  2⤵
  PID:7984
- C:\Windows\System\SxrChqx.exe
  C:\Windows\System\SxrChqx.exe
  2⤵
  PID:8024
- C:\Windows\System\AAkfXLo.exe
  C:\Windows\System\AAkfXLo.exe
  2⤵
  PID:8068
- C:\Windows\System\cosgYhL.exe
  C:\Windows\System\cosgYhL.exe
  2⤵
  PID:8132
- C:\Windows\System\svDkbaH.exe
  C:\Windows\System\svDkbaH.exe
  2⤵
  PID:6576
- C:\Windows\System\RLSnlfl.exe
  C:\Windows\System\RLSnlfl.exe
  2⤵
  PID:7264
- C:\Windows\System\GEjlJRM.exe
  C:\Windows\System\GEjlJRM.exe
  2⤵
  PID:7240
- C:\Windows\System\TXwPLJb.exe
  C:\Windows\System\TXwPLJb.exe
  2⤵
  PID:6608
- C:\Windows\System\lZNYAxv.exe
  C:\Windows\System\lZNYAxv.exe
  2⤵
  PID:1572
- C:\Windows\System\ckEQOln.exe
  C:\Windows\System\ckEQOln.exe
  2⤵
  PID:7460
- C:\Windows\System\wrsyehU.exe
  C:\Windows\System\wrsyehU.exe
  2⤵
  PID:7544
- C:\Windows\System\qFmOJUR.exe
  C:\Windows\System\qFmOJUR.exe
  2⤵
  PID:7600
- C:\Windows\System\KZotSlU.exe
  C:\Windows\System\KZotSlU.exe
  2⤵
  PID:7684
- C:\Windows\System\dYQsQgU.exe
  C:\Windows\System\dYQsQgU.exe
  2⤵
  PID:7728
- C:\Windows\System\FtJExLU.exe
  C:\Windows\System\FtJExLU.exe
  2⤵
  PID:7612
- C:\Windows\System\LuHfxSx.exe
  C:\Windows\System\LuHfxSx.exe
  2⤵
  PID:7692
- C:\Windows\System\nibZjeZ.exe
  C:\Windows\System\nibZjeZ.exe
  2⤵
  PID:7816
- C:\Windows\System\gQTkqut.exe
  C:\Windows\System\gQTkqut.exe
  2⤵
  PID:7880
- C:\Windows\System\APZRVxV.exe
  C:\Windows\System\APZRVxV.exe
  2⤵
  PID:7884
- C:\Windows\System\pFDIgaM.exe
  C:\Windows\System\pFDIgaM.exe
  2⤵
  PID:8048
- C:\Windows\System\sDQhMbD.exe
  C:\Windows\System\sDQhMbD.exe
  2⤵
  PID:8176
- C:\Windows\System\LMjSKKO.exe
  C:\Windows\System\LMjSKKO.exe
  2⤵
  PID:7940
- C:\Windows\System\TvBQcOt.exe
  C:\Windows\System\TvBQcOt.exe
  2⤵
  PID:8056
- C:\Windows\System\ryIxgcb.exe
  C:\Windows\System\ryIxgcb.exe
  2⤵
  PID:8100
- C:\Windows\System\RmRgAJU.exe
  C:\Windows\System\RmRgAJU.exe
  2⤵
  PID:8180
- C:\Windows\System\NyxFGAk.exe
  C:\Windows\System\NyxFGAk.exe
  2⤵
  PID:8076
- C:\Windows\System\xAaJTvH.exe
  C:\Windows\System\xAaJTvH.exe
  2⤵
  PID:6896
- C:\Windows\System\URtKfKv.exe
  C:\Windows\System\URtKfKv.exe
  2⤵
  PID:6184
- C:\Windows\System\ImFgjvb.exe
  C:\Windows\System\ImFgjvb.exe
  2⤵
  PID:7496
- C:\Windows\System\cwpHlIZ.exe
  C:\Windows\System\cwpHlIZ.exe
  2⤵
  PID:6916
- C:\Windows\System\gouKyww.exe
  C:\Windows\System\gouKyww.exe
  2⤵
  PID:7528
- C:\Windows\System\bDnOfen.exe
  C:\Windows\System\bDnOfen.exe
  2⤵
  PID:7512
- C:\Windows\System\YgbhONj.exe
  C:\Windows\System\YgbhONj.exe
  2⤵
  PID:7376
- C:\Windows\System\EBAmegJ.exe
  C:\Windows\System\EBAmegJ.exe
  2⤵
  PID:7620
- C:\Windows\System\Jqmgumb.exe
  C:\Windows\System\Jqmgumb.exe
  2⤵
  PID:7640
- C:\Windows\System\cqZhlSl.exe
  C:\Windows\System\cqZhlSl.exe
  2⤵
  PID:7800
- C:\Windows\System\FhGfuOo.exe
  C:\Windows\System\FhGfuOo.exe
  2⤵
  PID:8052
- C:\Windows\System\AIpNOsu.exe
  C:\Windows\System\AIpNOsu.exe
  2⤵
  PID:7584
- C:\Windows\System\kCaTTeq.exe
  C:\Windows\System\kCaTTeq.exe
  2⤵
  PID:7996
- C:\Windows\System\EstfTqG.exe
  C:\Windows\System\EstfTqG.exe
  2⤵
  PID:8092
- C:\Windows\System\HeJxHKE.exe
  C:\Windows\System\HeJxHKE.exe
  2⤵
  PID:7404
- C:\Windows\System\kIZsdBX.exe
  C:\Windows\System\kIZsdBX.exe
  2⤵
  PID:8128
- C:\Windows\System\RmkJcrR.exe
  C:\Windows\System\RmkJcrR.exe
  2⤵
  PID:6336
- C:\Windows\System\AvLjWNc.exe
  C:\Windows\System\AvLjWNc.exe
  2⤵
  PID:7184
- C:\Windows\System\JlETOHl.exe
  C:\Windows\System\JlETOHl.exe
  2⤵
  PID:7444
- C:\Windows\System\LxqAeey.exe
  C:\Windows\System\LxqAeey.exe
  2⤵
  PID:7284
- C:\Windows\System\rXDhocc.exe
  C:\Windows\System\rXDhocc.exe
  2⤵
  PID:7664
- C:\Windows\System\abZHOkE.exe
  C:\Windows\System\abZHOkE.exe
  2⤵
  PID:6920
- C:\Windows\System\TqiquUY.exe
  C:\Windows\System\TqiquUY.exe
  2⤵
  PID:7448
- C:\Windows\System\QQmKDBL.exe
  C:\Windows\System\QQmKDBL.exe
  2⤵
  PID:7944
- C:\Windows\System\HmIPBOt.exe
  C:\Windows\System\HmIPBOt.exe
  2⤵
  PID:8204
- C:\Windows\System\ZvxPkUa.exe
  C:\Windows\System\ZvxPkUa.exe
  2⤵
  PID:8220
- C:\Windows\System\jkrWvvx.exe
  C:\Windows\System\jkrWvvx.exe
  2⤵
  PID:8236
- C:\Windows\System\jywAPWe.exe
  C:\Windows\System\jywAPWe.exe
  2⤵
  PID:8252
- C:\Windows\System\BCXuVBv.exe
  C:\Windows\System\BCXuVBv.exe
  2⤵
  PID:8268
- C:\Windows\System\fiDLVgQ.exe
  C:\Windows\System\fiDLVgQ.exe
  2⤵
  PID:8284
- C:\Windows\System\DBuGOiL.exe
  C:\Windows\System\DBuGOiL.exe
  2⤵
  PID:8300
- C:\Windows\System\LVThFph.exe
  C:\Windows\System\LVThFph.exe
  2⤵
  PID:8316
- C:\Windows\System\cVOCSFJ.exe
  C:\Windows\System\cVOCSFJ.exe
  2⤵
  PID:8332
- C:\Windows\System\iEOmOBi.exe
  C:\Windows\System\iEOmOBi.exe
  2⤵
  PID:8348
- C:\Windows\System\kpgBuEb.exe
  C:\Windows\System\kpgBuEb.exe
  2⤵
  PID:8364
- C:\Windows\System\vHYneRI.exe
  C:\Windows\System\vHYneRI.exe
  2⤵
  PID:8380
- C:\Windows\System\rHVdhsh.exe
  C:\Windows\System\rHVdhsh.exe
  2⤵
  PID:8396
- C:\Windows\System\TBMwjHG.exe
  C:\Windows\System\TBMwjHG.exe
  2⤵
  PID:8412
- C:\Windows\System\GdcVAJI.exe
  C:\Windows\System\GdcVAJI.exe
  2⤵
  PID:8432
- C:\Windows\System\fTpOtrp.exe
  C:\Windows\System\fTpOtrp.exe
  2⤵
  PID:8448
- C:\Windows\System\lIQeRYU.exe
  C:\Windows\System\lIQeRYU.exe
  2⤵
  PID:8472
- C:\Windows\System\TfPFnzX.exe
  C:\Windows\System\TfPFnzX.exe
  2⤵
  PID:8488
- C:\Windows\System\DhvArrL.exe
  C:\Windows\System\DhvArrL.exe
  2⤵
  PID:8504
- C:\Windows\System\PVGwIUp.exe
  C:\Windows\System\PVGwIUp.exe
  2⤵
  PID:8520
- C:\Windows\System\FdEblqQ.exe
  C:\Windows\System\FdEblqQ.exe
  2⤵
  PID:8668
- C:\Windows\System\vZNKKtp.exe
  C:\Windows\System\vZNKKtp.exe
  2⤵
  PID:8752
- C:\Windows\System\bwgpIYZ.exe
  C:\Windows\System\bwgpIYZ.exe
  2⤵
  PID:8768
- C:\Windows\System\qphlyMr.exe
  C:\Windows\System\qphlyMr.exe
  2⤵
  PID:8788
- C:\Windows\System\swQUhwW.exe
  C:\Windows\System\swQUhwW.exe
  2⤵
  PID:8804
- C:\Windows\System\xXvKbaL.exe
  C:\Windows\System\xXvKbaL.exe
  2⤵
  PID:8820
- C:\Windows\System\qtSYJaC.exe
  C:\Windows\System\qtSYJaC.exe
  2⤵
  PID:8836
- C:\Windows\System\AzPemks.exe
  C:\Windows\System\AzPemks.exe
  2⤵
  PID:8852
- C:\Windows\System\yxPiuQO.exe
  C:\Windows\System\yxPiuQO.exe
  2⤵
  PID:8868
- C:\Windows\System\eVUdZPS.exe
  C:\Windows\System\eVUdZPS.exe
  2⤵
  PID:8884
- C:\Windows\System\vZWKUjU.exe
  C:\Windows\System\vZWKUjU.exe
  2⤵
  PID:8900
- C:\Windows\System\PuFJlUm.exe
  C:\Windows\System\PuFJlUm.exe
  2⤵
  PID:8916
- C:\Windows\System\cYxAjpA.exe
  C:\Windows\System\cYxAjpA.exe
  2⤵
  PID:8932
- C:\Windows\System\qFBCGss.exe
  C:\Windows\System\qFBCGss.exe
  2⤵
  PID:8948
- C:\Windows\System\ZUnrOpT.exe
  C:\Windows\System\ZUnrOpT.exe
  2⤵
  PID:8964
- C:\Windows\System\nTWQAAP.exe
  C:\Windows\System\nTWQAAP.exe
  2⤵
  PID:8980
- C:\Windows\System\nsIzSyQ.exe
  C:\Windows\System\nsIzSyQ.exe
  2⤵
  PID:8996
- C:\Windows\System\srXbDwD.exe
  C:\Windows\System\srXbDwD.exe
  2⤵
  PID:9012
- C:\Windows\System\ubcPoNj.exe
  C:\Windows\System\ubcPoNj.exe
  2⤵
  PID:9032
- C:\Windows\System\vbKfGTN.exe
  C:\Windows\System\vbKfGTN.exe
  2⤵
  PID:9048
- C:\Windows\System\nINVBDB.exe
  C:\Windows\System\nINVBDB.exe
  2⤵
  PID:9064
- C:\Windows\System\cfIGCTs.exe
  C:\Windows\System\cfIGCTs.exe
  2⤵
  PID:9080
- C:\Windows\System\bCXQFxJ.exe
  C:\Windows\System\bCXQFxJ.exe
  2⤵
  PID:9096
- C:\Windows\System\uyRkDBq.exe
  C:\Windows\System\uyRkDBq.exe
  2⤵
  PID:9112
- C:\Windows\System\qwVUbsQ.exe
  C:\Windows\System\qwVUbsQ.exe
  2⤵
  PID:9128
- C:\Windows\System\VHQuKXF.exe
  C:\Windows\System\VHQuKXF.exe
  2⤵
  PID:9144
- C:\Windows\System\BvMGcAI.exe
  C:\Windows\System\BvMGcAI.exe
  2⤵
  PID:9160
- C:\Windows\System\cFtJaro.exe
  C:\Windows\System\cFtJaro.exe
  2⤵
  PID:9180
- C:\Windows\System\KYchwCJ.exe
  C:\Windows\System\KYchwCJ.exe
  2⤵
  PID:9196
- C:\Windows\System\hqUzIqy.exe
  C:\Windows\System\hqUzIqy.exe
  2⤵
  PID:9212
- C:\Windows\System\iLaPRMx.exe
  C:\Windows\System\iLaPRMx.exe
  2⤵
  PID:8228
- C:\Windows\System\QbNbkzE.exe
  C:\Windows\System\QbNbkzE.exe
  2⤵
  PID:8108
- C:\Windows\System\fFyRJPa.exe
  C:\Windows\System\fFyRJPa.exe
  2⤵
  PID:8216
- C:\Windows\System\YFAJeZn.exe
  C:\Windows\System\YFAJeZn.exe
  2⤵
  PID:8280
- C:\Windows\System\NUyilZS.exe
  C:\Windows\System\NUyilZS.exe
  2⤵
  PID:8344
- C:\Windows\System\jpdVHKH.exe
  C:\Windows\System\jpdVHKH.exe
  2⤵
  PID:7152
- C:\Windows\System\ijjTGrc.exe
  C:\Windows\System\ijjTGrc.exe
  2⤵
  PID:8360
- C:\Windows\System\AMvbCjH.exe
  C:\Windows\System\AMvbCjH.exe
  2⤵
  PID:7960
- C:\Windows\System\IgzpqmG.exe
  C:\Windows\System\IgzpqmG.exe
  2⤵
  PID:8292
- C:\Windows\System\yzsSymO.exe
  C:\Windows\System\yzsSymO.exe
  2⤵
  PID:8356
- C:\Windows\System\ioSYhoA.exe
  C:\Windows\System\ioSYhoA.exe
  2⤵
  PID:8420
- C:\Windows\System\jWNOczm.exe
  C:\Windows\System\jWNOczm.exe
  2⤵
  PID:8540
- C:\Windows\System\urbpKHB.exe
  C:\Windows\System\urbpKHB.exe
  2⤵
  PID:8628
- C:\Windows\System\mheluDi.exe
  C:\Windows\System\mheluDi.exe
  2⤵
  PID:8648
- C:\Windows\System\bxmJDRH.exe
  C:\Windows\System\bxmJDRH.exe
  2⤵
  PID:8664
- C:\Windows\System\lwnvWoc.exe
  C:\Windows\System\lwnvWoc.exe
  2⤵
  PID:8704
- C:\Windows\System\aVexgOi.exe
  C:\Windows\System\aVexgOi.exe
  2⤵
  PID:8732
- C:\Windows\System\WPcoded.exe
  C:\Windows\System\WPcoded.exe
  2⤵
  PID:8764
- C:\Windows\System\NKVQEFH.exe
  C:\Windows\System\NKVQEFH.exe
  2⤵
  PID:8832
- C:\Windows\System\YZkDtcT.exe
  C:\Windows\System\YZkDtcT.exe
  2⤵
  PID:8784
- C:\Windows\System\UdYVLKl.exe
  C:\Windows\System\UdYVLKl.exe
  2⤵
  PID:8876
- C:\Windows\System\fKkEQtT.exe
  C:\Windows\System\fKkEQtT.exe
  2⤵
  PID:8940
- C:\Windows\System\ylNbxeI.exe
  C:\Windows\System\ylNbxeI.exe
  2⤵
  PID:9008
- C:\Windows\System\bFkCrGA.exe
  C:\Windows\System\bFkCrGA.exe
  2⤵
  PID:9020
- C:\Windows\System\aAHowGZ.exe
  C:\Windows\System\aAHowGZ.exe
  2⤵
  PID:8992
- C:\Windows\System\tlKAhni.exe
  C:\Windows\System\tlKAhni.exe
  2⤵
  PID:9072
- C:\Windows\System\PzeFddz.exe
  C:\Windows\System\PzeFddz.exe
  2⤵
  PID:9192
- C:\Windows\System\WWdUpFt.exe
  C:\Windows\System\WWdUpFt.exe
  2⤵
  PID:9152
- C:\Windows\System\ZpqsdSP.exe
  C:\Windows\System\ZpqsdSP.exe
  2⤵
  PID:8340
- C:\Windows\System\yKXMNNj.exe
  C:\Windows\System\yKXMNNj.exe
  2⤵
  PID:8264
- C:\Windows\System\xlZSYcY.exe
  C:\Windows\System\xlZSYcY.exe
  2⤵
  PID:8404
- C:\Windows\System\OvuxZlK.exe
  C:\Windows\System\OvuxZlK.exe
  2⤵
  PID:7724
- C:\Windows\System\BMPcUGG.exe
  C:\Windows\System\BMPcUGG.exe
  2⤵
  PID:7904
- C:\Windows\System\exXUeOC.exe
  C:\Windows\System\exXUeOC.exe
  2⤵
  PID:8464
- C:\Windows\System\QUXEfXs.exe
  C:\Windows\System\QUXEfXs.exe
  2⤵
  PID:8528
- C:\Windows\System\KAyXNfI.exe
  C:\Windows\System\KAyXNfI.exe
  2⤵
  PID:8548
- C:\Windows\System\GpIQILn.exe
  C:\Windows\System\GpIQILn.exe
  2⤵
  PID:8564
- C:\Windows\System\PZOCPKf.exe
  C:\Windows\System\PZOCPKf.exe
  2⤵
  PID:8584
- C:\Windows\System\mFzKNoO.exe
  C:\Windows\System\mFzKNoO.exe
  2⤵
  PID:8604
- C:\Windows\System\pKudfQC.exe
  C:\Windows\System\pKudfQC.exe
  2⤵
  PID:8620
- C:\Windows\System\YlTxkcu.exe
  C:\Windows\System\YlTxkcu.exe
  2⤵
  PID:8036
- C:\Windows\System\zhYQPdI.exe
  C:\Windows\System\zhYQPdI.exe
  2⤵
  PID:8460
- C:\Windows\System\ADfvRmk.exe
  C:\Windows\System\ADfvRmk.exe
  2⤵
  PID:8712
- C:\Windows\System\ogsJtvJ.exe
  C:\Windows\System\ogsJtvJ.exe
  2⤵
  PID:8692
- C:\Windows\System\YrInYIj.exe
  C:\Windows\System\YrInYIj.exe
  2⤵
  PID:8800
- C:\Windows\System\VZHDcWE.exe
  C:\Windows\System\VZHDcWE.exe
  2⤵
  PID:8896
- C:\Windows\System\TRNUhrW.exe
  C:\Windows\System\TRNUhrW.exe
  2⤵
  PID:8816
- C:\Windows\System\UHkMrOX.exe
  C:\Windows\System\UHkMrOX.exe
  2⤵
  PID:8912
- C:\Windows\System\dSGHVlx.exe
  C:\Windows\System\dSGHVlx.exe
  2⤵
  PID:8956
- C:\Windows\System\gdTqphj.exe
  C:\Windows\System\gdTqphj.exe
  2⤵
  PID:8600
- C:\Windows\System\PHZJqyP.exe
  C:\Windows\System\PHZJqyP.exe
  2⤵
  PID:9176
- C:\Windows\System\jUeCULF.exe
  C:\Windows\System\jUeCULF.exe
  2⤵
  PID:7200
- C:\Windows\System\rDBqnpK.exe
  C:\Windows\System\rDBqnpK.exe
  2⤵
  PID:7004
- C:\Windows\System\zcAKrYX.exe
  C:\Windows\System\zcAKrYX.exe
  2⤵
  PID:8248
- C:\Windows\System\jkXTndF.exe
  C:\Windows\System\jkXTndF.exe
  2⤵
  PID:8512
- C:\Windows\System\FXWSgoO.exe
  C:\Windows\System\FXWSgoO.exe
  2⤵
  PID:8532
- C:\Windows\System\QDohvmh.exe
  C:\Windows\System\QDohvmh.exe
  2⤵
  PID:8560
- C:\Windows\System\AaOcILv.exe
  C:\Windows\System\AaOcILv.exe
  2⤵
  PID:8636
- C:\Windows\System\cNiYvfr.exe
  C:\Windows\System\cNiYvfr.exe
  2⤵
  PID:8656
- C:\Windows\System\uoFmGmV.exe
  C:\Windows\System\uoFmGmV.exe
  2⤵
  PID:8724
- C:\Windows\System\qsKPQwJ.exe
  C:\Windows\System\qsKPQwJ.exe
  2⤵
  PID:8864
- C:\Windows\System\qmAuCpt.exe
  C:\Windows\System\qmAuCpt.exe
  2⤵
  PID:8844
- C:\Windows\System\pbOUoRp.exe
  C:\Windows\System\pbOUoRp.exe
  2⤵
  PID:9056
- C:\Windows\System\XbxZlKb.exe
  C:\Windows\System\XbxZlKb.exe
  2⤵
  PID:9060
- C:\Windows\System\FimckkU.exe
  C:\Windows\System\FimckkU.exe
  2⤵
  PID:8988
- C:\Windows\System\lIvBmLS.exe
  C:\Windows\System\lIvBmLS.exe
  2⤵
  PID:8312
- C:\Windows\System\TXHZRra.exe
  C:\Windows\System\TXHZRra.exe
  2⤵
  PID:8468
- C:\Windows\System\mWXMiWR.exe
  C:\Windows\System\mWXMiWR.exe
  2⤵
  PID:6152
- C:\Windows\System\QrBNhAU.exe
  C:\Windows\System\QrBNhAU.exe
  2⤵
  PID:9024
- C:\Windows\System\CNqIOwB.exe
  C:\Windows\System\CNqIOwB.exe
  2⤵
  PID:8428
- C:\Windows\System\aIrhcFV.exe
  C:\Windows\System\aIrhcFV.exe
  2⤵
  PID:8612
- C:\Windows\System\sDFZTeJ.exe
  C:\Windows\System\sDFZTeJ.exe
  2⤵
  PID:8760
- C:\Windows\System\ymOdJvI.exe
  C:\Windows\System\ymOdJvI.exe
  2⤵
  PID:8924
- C:\Windows\System\qYkDMDy.exe
  C:\Windows\System\qYkDMDy.exe
  2⤵
  PID:9040
- C:\Windows\System\bHPvsTH.exe
  C:\Windows\System\bHPvsTH.exe
  2⤵
  PID:8596
- C:\Windows\System\NxxuOnu.exe
  C:\Windows\System\NxxuOnu.exe
  2⤵
  PID:8408
- C:\Windows\System\ROZwlKG.exe
  C:\Windows\System\ROZwlKG.exe
  2⤵
  PID:9124
- C:\Windows\System\vGxSaPf.exe
  C:\Windows\System\vGxSaPf.exe
  2⤵
  PID:8700
- C:\Windows\System\BckruWL.exe
  C:\Windows\System\BckruWL.exe
  2⤵
  PID:8580
- C:\Windows\System\xDTiBEJ.exe
  C:\Windows\System\xDTiBEJ.exe
  2⤵
  PID:2276
- C:\Windows\System\nKZmpnQ.exe
  C:\Windows\System\nKZmpnQ.exe
  2⤵
  PID:9208
- C:\Windows\System\xlBzdmb.exe
  C:\Windows\System\xlBzdmb.exe
  2⤵
  PID:9088
- C:\Windows\System\ycxKVxx.exe
  C:\Windows\System\ycxKVxx.exe
  2⤵
  PID:8456
- C:\Windows\System\fIgNilc.exe
  C:\Windows\System\fIgNilc.exe
  2⤵
  PID:9236
- C:\Windows\System\bjUvYek.exe
  C:\Windows\System\bjUvYek.exe
  2⤵
  PID:9280
- C:\Windows\System\ZoeTjXC.exe
  C:\Windows\System\ZoeTjXC.exe
  2⤵
  PID:9300
- C:\Windows\System\chbBSlM.exe
  C:\Windows\System\chbBSlM.exe
  2⤵
  PID:9316
- C:\Windows\System\EAcSioF.exe
  C:\Windows\System\EAcSioF.exe
  2⤵
  PID:9336
- C:\Windows\System\TeiEvuP.exe
  C:\Windows\System\TeiEvuP.exe
  2⤵
  PID:9352
- C:\Windows\System\IomsHUy.exe
  C:\Windows\System\IomsHUy.exe
  2⤵
  PID:9368
- C:\Windows\System\UCUzZfk.exe
  C:\Windows\System\UCUzZfk.exe
  2⤵
  PID:9384
- C:\Windows\System\RSitPtK.exe
  C:\Windows\System\RSitPtK.exe
  2⤵
  PID:9400
- C:\Windows\System\sAhXlEq.exe
  C:\Windows\System\sAhXlEq.exe
  2⤵
  PID:9416
- C:\Windows\System\rdsnqGu.exe
  C:\Windows\System\rdsnqGu.exe
  2⤵
  PID:9432
- C:\Windows\System\wmkvkRX.exe
  C:\Windows\System\wmkvkRX.exe
  2⤵
  PID:9448
- C:\Windows\System\zqIIJYp.exe
  C:\Windows\System\zqIIJYp.exe
  2⤵
  PID:9464
- C:\Windows\System\WGjiZje.exe
  C:\Windows\System\WGjiZje.exe
  2⤵
  PID:9480
- C:\Windows\System\tneHnIy.exe
  C:\Windows\System\tneHnIy.exe
  2⤵
  PID:9496
- C:\Windows\System\wEDZcIk.exe
  C:\Windows\System\wEDZcIk.exe
  2⤵
  PID:9512
- C:\Windows\System\YnedxfN.exe
  C:\Windows\System\YnedxfN.exe
  2⤵
  PID:9536
- C:\Windows\System\dYuDpSc.exe
  C:\Windows\System\dYuDpSc.exe
  2⤵
  PID:9552
- C:\Windows\System\PJeJoJC.exe
  C:\Windows\System\PJeJoJC.exe
  2⤵
  PID:9568
- C:\Windows\System\PCSBCns.exe
  C:\Windows\System\PCSBCns.exe
  2⤵
  PID:9584
- C:\Windows\System\mgvDCLU.exe
  C:\Windows\System\mgvDCLU.exe
  2⤵
  PID:9600
- C:\Windows\System\qiUIcUn.exe
  C:\Windows\System\qiUIcUn.exe
  2⤵
  PID:9616
- C:\Windows\System\LcKcbBE.exe
  C:\Windows\System\LcKcbBE.exe
  2⤵
  PID:9632
- C:\Windows\System\nYRrIMR.exe
  C:\Windows\System\nYRrIMR.exe
  2⤵
  PID:9648
- C:\Windows\System\UUExlNF.exe
  C:\Windows\System\UUExlNF.exe
  2⤵
  PID:9664
- C:\Windows\System\xjinCNm.exe
  C:\Windows\System\xjinCNm.exe
  2⤵
  PID:9680
- C:\Windows\System\ZXkWYpw.exe
  C:\Windows\System\ZXkWYpw.exe
  2⤵
  PID:9696
- C:\Windows\System\IWZdsGc.exe
  C:\Windows\System\IWZdsGc.exe
  2⤵
  PID:9712
- C:\Windows\System\zDtRSUN.exe
  C:\Windows\System\zDtRSUN.exe
  2⤵
  PID:9728
- C:\Windows\System\jnEEccg.exe
  C:\Windows\System\jnEEccg.exe
  2⤵
  PID:9744
- C:\Windows\System\VURfsXP.exe
  C:\Windows\System\VURfsXP.exe
  2⤵
  PID:9760
- C:\Windows\System\YVHHRaB.exe
  C:\Windows\System\YVHHRaB.exe
  2⤵
  PID:9776
- C:\Windows\System\pVUmJIQ.exe
  C:\Windows\System\pVUmJIQ.exe
  2⤵
  PID:9796
- C:\Windows\System\ekrHFpc.exe
  C:\Windows\System\ekrHFpc.exe
  2⤵
  PID:9812
- C:\Windows\System\vClWULT.exe
  C:\Windows\System\vClWULT.exe
  2⤵
  PID:9828
- C:\Windows\System\OYdVKqq.exe
  C:\Windows\System\OYdVKqq.exe
  2⤵
  PID:9848
- C:\Windows\System\jJYJZeu.exe
  C:\Windows\System\jJYJZeu.exe
  2⤵
  PID:9896
- C:\Windows\System\YfkvmND.exe
  C:\Windows\System\YfkvmND.exe
  2⤵
  PID:9932
- C:\Windows\System\zJwPPUs.exe
  C:\Windows\System\zJwPPUs.exe
  2⤵
  PID:10012
- C:\Windows\System\DFdQKzW.exe
  C:\Windows\System\DFdQKzW.exe
  2⤵
  PID:10036
- C:\Windows\System\WsGsbrz.exe
  C:\Windows\System\WsGsbrz.exe
  2⤵
  PID:10060
- C:\Windows\System\LgTHPLN.exe
  C:\Windows\System\LgTHPLN.exe
  2⤵
  PID:10076
- C:\Windows\System\HagbAUL.exe
  C:\Windows\System\HagbAUL.exe
  2⤵
  PID:10100
- C:\Windows\System\vCszQlK.exe
  C:\Windows\System\vCszQlK.exe
  2⤵
  PID:10116
- C:\Windows\System\ubjVNiE.exe
  C:\Windows\System\ubjVNiE.exe
  2⤵
  PID:10144
- C:\Windows\System\LkNDPmV.exe
  C:\Windows\System\LkNDPmV.exe
  2⤵
  PID:10164
- C:\Windows\System\SfHtJzg.exe
  C:\Windows\System\SfHtJzg.exe
  2⤵
  PID:10184
- C:\Windows\System\zzWBjwq.exe
  C:\Windows\System\zzWBjwq.exe
  2⤵
  PID:10204
- C:\Windows\System\jjhpWdR.exe
  C:\Windows\System\jjhpWdR.exe
  2⤵
  PID:10224
- C:\Windows\System\MBCjQDx.exe
  C:\Windows\System\MBCjQDx.exe
  2⤵
  PID:7812
- C:\Windows\System\jJOzZtc.exe
  C:\Windows\System\jJOzZtc.exe
  2⤵
  PID:7864
- C:\Windows\System\IdSFnZM.exe
  C:\Windows\System\IdSFnZM.exe
  2⤵
  PID:9256
- C:\Windows\System\pzATgID.exe
  C:\Windows\System\pzATgID.exe
  2⤵
  PID:9260
- C:\Windows\System\nhcayDd.exe
  C:\Windows\System\nhcayDd.exe
  2⤵
  PID:9288
- C:\Windows\System\qDpDNka.exe
  C:\Windows\System\qDpDNka.exe
  2⤵
  PID:9344
- C:\Windows\System\wlNExjX.exe
  C:\Windows\System\wlNExjX.exe
  2⤵
  PID:9332
- C:\Windows\System\jMUaVKf.exe
  C:\Windows\System\jMUaVKf.exe
  2⤵
  PID:9424
- C:\Windows\System\BfspLRq.exe
  C:\Windows\System\BfspLRq.exe
  2⤵
  PID:9456
- C:\Windows\System\bGRrzqS.exe
  C:\Windows\System\bGRrzqS.exe
  2⤵
  PID:9472
- C:\Windows\System\JLFbFdJ.exe
  C:\Windows\System\JLFbFdJ.exe
  2⤵
  PID:9440
- C:\Windows\System\KwBBQgh.exe
  C:\Windows\System\KwBBQgh.exe
  2⤵
  PID:9508
- C:\Windows\System\qEzHKjA.exe
  C:\Windows\System\qEzHKjA.exe
  2⤵
  PID:9612
- C:\Windows\System\QqpFPeN.exe
  C:\Windows\System\QqpFPeN.exe
  2⤵
  PID:9628
- C:\Windows\System\HNGzelw.exe
  C:\Windows\System\HNGzelw.exe
  2⤵
  PID:9692
- C:\Windows\System\sbpgzhG.exe
  C:\Windows\System\sbpgzhG.exe
  2⤵
  PID:9756
- C:\Windows\System\dQdMayS.exe
  C:\Windows\System\dQdMayS.exe
  2⤵
  PID:9784
- C:\Windows\System\BRzsjwH.exe
  C:\Windows\System\BRzsjwH.exe
  2⤵
  PID:9804
- C:\Windows\System\kNdsznO.exe
  C:\Windows\System\kNdsznO.exe
  2⤵
  PID:9872
- C:\Windows\System\GSKsQeC.exe
  C:\Windows\System\GSKsQeC.exe
  2⤵
  PID:9888
- C:\Windows\System\WJAtSUI.exe
  C:\Windows\System\WJAtSUI.exe
  2⤵
  PID:9920
- C:\Windows\System\bRQXcOD.exe
  C:\Windows\System\bRQXcOD.exe
  2⤵
  PID:9952
- C:\Windows\System\hTfwrlZ.exe
  C:\Windows\System\hTfwrlZ.exe
  2⤵
  PID:9980
- C:\Windows\System\qWafCgh.exe
  C:\Windows\System\qWafCgh.exe
  2⤵
  PID:10020
- C:\Windows\System\AYOQnZE.exe
  C:\Windows\System\AYOQnZE.exe
  2⤵
  PID:10024
- C:\Windows\System\AbGbkdc.exe
  C:\Windows\System\AbGbkdc.exe
  2⤵
  PID:10028
- C:\Windows\System\NXAFMFH.exe
  C:\Windows\System\NXAFMFH.exe
  2⤵
  PID:10072
- C:\Windows\System\YzDWACP.exe
  C:\Windows\System\YzDWACP.exe
  2⤵
  PID:10160
- C:\Windows\System\pgqlPyz.exe
  C:\Windows\System\pgqlPyz.exe
  2⤵
  PID:10140
- C:\Windows\System\wIuZuCd.exe
  C:\Windows\System\wIuZuCd.exe
  2⤵
  PID:10196
- C:\Windows\System\QHwsYxb.exe
  C:\Windows\System\QHwsYxb.exe
  2⤵
  PID:9228
- C:\Windows\System\saiAJFc.exe
  C:\Windows\System\saiAJFc.exe
  2⤵
  PID:9296
- C:\Windows\System\xFKlehF.exe
  C:\Windows\System\xFKlehF.exe
  2⤵
  PID:10232
- C:\Windows\System\FGOpejq.exe
  C:\Windows\System\FGOpejq.exe
  2⤵
  PID:9272
- C:\Windows\System\fMhWnsX.exe
  C:\Windows\System\fMhWnsX.exe
  2⤵
  PID:9328
- C:\Windows\System\rEBUUBF.exe
  C:\Windows\System\rEBUUBF.exe
  2⤵
  PID:9360
- C:\Windows\System\KnwTJXa.exe
  C:\Windows\System\KnwTJXa.exe
  2⤵
  PID:9504
- C:\Windows\System\XGKIlKD.exe
  C:\Windows\System\XGKIlKD.exe
  2⤵
  PID:9752
- C:\Windows\System\SSkuoyC.exe
  C:\Windows\System\SSkuoyC.exe
  2⤵
  PID:9524
- C:\Windows\System\WznqKco.exe
  C:\Windows\System\WznqKco.exe
  2⤵
  PID:9608
- C:\Windows\System\vFnqfnI.exe
  C:\Windows\System\vFnqfnI.exe
  2⤵
  PID:9644
- C:\Windows\System\ECaCRGK.exe
  C:\Windows\System\ECaCRGK.exe
  2⤵
  PID:9460
- C:\Windows\System\IXNgsEV.exe
  C:\Windows\System\IXNgsEV.exe
  2⤵
  PID:9860
- C:\Windows\System\GSDpPvE.exe
  C:\Windows\System\GSDpPvE.exe
  2⤵
  PID:9856
- C:\Windows\System\kYOXAoB.exe
  C:\Windows\System\kYOXAoB.exe
  2⤵
  PID:9960
- C:\Windows\System\DCJPuhb.exe
  C:\Windows\System\DCJPuhb.exe
  2⤵
  PID:9972
- C:\Windows\System\aQPjTiE.exe
  C:\Windows\System\aQPjTiE.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CpNSRUG.exe

Filesize
6.0MB

MD5
b763885601f982c383747930d5c4921e

SHA1
4cef3c8a8f6009e364f1bf46c7fd343649bfb600

SHA256
ab23a41782f2db229f64494f440e034ab754b614aee9d72d7cdf62f9617f63e1

SHA512
9a61f4246cc1173d0c75a7805dbec2a79872c6f3243f2c4a8809e07f132733e2069c5ed8b8213d275da2c249b8da5acd5734942d29b59e143e75657bb034c444

Download Submit
C:\Windows\system\FqqJmGp.exe

Filesize
6.0MB

MD5
b0a4c92927978a5086d7a51bffc0fcae

SHA1
d385aa9d9dbdb5afecda33fec8b9c9f20622e8f7

SHA256
bb02ced49336d8e44c0e7d40b0cbbe55436c984a922b037ec154422b2ffe021f

SHA512
758a900d4186cd54032fa8ac06d6557d08b11d1b65fc8841d0a31597f0b08a75952c532f0d292124e03c4023ff90e69f6296d85a0e70af3a7c32c1d28519cf8d

Download Submit
C:\Windows\system\GOlxKcw.exe

Filesize
6.0MB

MD5
c1e6cbac2d9dece280bf090812e6df57

SHA1
d98e68a195db0c2787eb2ccc77ae8f7bbeac6269

SHA256
efda4971b6174824f06af82cd248871611cf4dd7e273958caabd788ef6fd5382

SHA512
e4b6c2a4bf28f7aad9fb2bcd6f0bfee774670d6990953405c5206e15eae9b940dde4e9fb393eac7b11424093d61ac3bfdd124eae269878db0934d7f9714e71e0

Download Submit
C:\Windows\system\JXJKdLv.exe

Filesize
6.0MB

MD5
2bfbd2cfa989357c26873f20ffaf351b

SHA1
f986a301f784085e86fda0a1e5707eb8e2daa7d1

SHA256
ca6078d1f22d36ef1321fa5195043f612ee9dc763856580959d7e8b49c9d395d

SHA512
cca7c9de0dd3c89cd107365d8c967d1cd5ce339fed903458635b5787f36966f6709d49e38b59dc853efc901df985ae18950485a93d6dea0317b5cd053328ffa5

Download Submit
C:\Windows\system\KAeuNez.exe

Filesize
6.0MB

MD5
6c99945e831b78a677af327641edcd34

SHA1
2a19d70243fd2bf13c4fb8a37ff616fddbb0a6e0

SHA256
de4f754a7c7540ccec46e26e6df7f658f2b23effa71f02062302a4929e6bcf3b

SHA512
07f34813f4186bcee19251cf8f4e9ea5e8a01aa89f2f68d8112c0f5f8bb4f8bea62cacff1e6a91dafcb008381904cbc6433b54c822c06403911ca3972451f0ed

Download Submit
C:\Windows\system\KhOYOYa.exe

Filesize
6.0MB

MD5
2e494b4fc1c2641b745981e3031147cc

SHA1
85fb3e5e5f13ab1d4b81e00c31c7e459799917d7

SHA256
04c8127ad6cbef1e84c03903ce0c25d924e1d9e7835941e640f175757806790d

SHA512
f98df24b04f2affaba06ecd84d973cbb4e1aa0b3743d661a6a299d04f0893358f01049f218778c858400ecc6d84f096b6e2c4870e5b24c6e49b5dec6696ac711

Download Submit
C:\Windows\system\RrODNeR.exe

Filesize
6.0MB

MD5
a45b96e6e31fe600d4d3ae1da96441be

SHA1
8933f0c32e8e0f80b9e15f2869f6414c60485436

SHA256
d62bb552aae758e53c6ae8615c5694b75ef7fa9cb21384f8915648a3e1c06ecd

SHA512
d2ba9b00a31ba57abf2dceae11ce0650ea6db481c5d5beb603edae29ca0be8d7181bb48b8ab0d19103ec0bfbc86a9c2023c5de23aba9112261ae7c84317936fc

Download Submit
C:\Windows\system\TbaPpVM.exe

Filesize
6.0MB

MD5
81749ad3b340d28d8f34cf4761be7cd9

SHA1
80115a4af9c21dca55dcb6bb12030bdf1720c143

SHA256
46cb5ff66972618c2e55be03a34150d2c9f500e3177375b35dcfdaf08c1e4ba7

SHA512
ab054f94f3726fbf5a204f65573a10eb9fd271f9b6b786f8648ccd81fde2f7fd337f56834dc52ec6ca1a8d9290fe88aaf9965fe27fdc7f093c72f36495a8c56d

Download Submit
C:\Windows\system\UdWMGUG.exe

Filesize
6.0MB

MD5
6a52d0b2b191a48bcd91c9d89a77ea35

SHA1
38effdf6e3d41306873ceaaffc045a60213b6f2b

SHA256
c553cbb6ae83103931400a5e480b6352f2f7c3ee83c077734f24aece9ba7fb89

SHA512
d52ff2a02ec5bda6ba9081a41db2ea86804b9984f9b34f71efbf6d21254e7f971cdb7bdbc07f04d80346de978e6530104e0e901ac75cb039283f93b6807d8fce

Download Submit
C:\Windows\system\VzjdIEM.exe

Filesize
6.0MB

MD5
256649bc19d2959321e051ba24d4121d

SHA1
a2f2ca3578563a42bdd468d63de4d7ada8a610c6

SHA256
988ffc11a0bfa7a8185681a9e0343916882a69a99888700e0ebeeba677d45c8c

SHA512
924e48d8ed7870cd9fe1e6dd9c50fa73b8925b38e2a3e3df19fb43952184409e5353a610442a015982ab82a5300f14eca6c8166771de8c88a259ac9dbd8e3022

Download Submit
C:\Windows\system\WUAUrgb.exe

Filesize
6.0MB

MD5
58e448e420c97eb6809a2c6451dbc600

SHA1
2e426202c429804134231b7ac1f1979037aac174

SHA256
46eba059736673afff64075c53411c4234747d9406d3dc41a0b62679f7c316c4

SHA512
d52c15b2cc2dbcbe640713c2fbdfd5b7e602a1542ec2a6bdda27469be3ae7424d5bc545693de1aeb5995a5a26f5cf7b9b086734d57b3f1574e5ca866ddde1935

Download Submit
C:\Windows\system\YfmOZFU.exe

Filesize
6.0MB

MD5
223a424e547dbd70c421bdb1d86d0b7f

SHA1
f1f890c002580c107b66248bc4e497653380a6d4

SHA256
528ce28018f55ebe1f24a638928c02a89c22ff6befe0d221858bffb0b3a17151

SHA512
d1d1c3d25472496389bf202309310355f08a12720a52452a82b0cdfbb45b7c6dc056147d6fee1129cc209d118c5cd97e339100d855affcf4bbbff0920f862da5

Download Submit
C:\Windows\system\YiLykQt.exe

Filesize
6.0MB

MD5
eab96c74560082918c5efedac8a3837e

SHA1
bae2aff1606d4f3fa7061e56c3d110be6afaa508

SHA256
c6f812521d7ef9a82a70ad334661476a7fff8925e22f7e905e4b6d88f3d670d2

SHA512
dac4c957068962e1f318b760587bddd6c981f50a5ef8e671d92cac2257c2a053222b8fed2ad1350cb62e397a02c5ebee3e1b6a21f26d95b8c5cc25ccf8d7ac16

Download Submit
C:\Windows\system\ZLaFmjE.exe

Filesize
6.0MB

MD5
17a9120362f22e81694ae9a65f51049a

SHA1
6047505f2d822b89a425c8b2632992fe777482dd

SHA256
c878277519e64045d24f41432747aaf51d39820adab21b5a65466d9f27c4486b

SHA512
d4d88f00188095fc568b161258be8b97d90d201e1f15a597ad97d49775a8d731ffae76bd068c9d15ad1ac2465e1f580f463337f7e9aa89e92d8731b89fc2b393

Download Submit
C:\Windows\system\bIZdXKK.exe

Filesize
6.0MB

MD5
b7d636c90283e1c509b49eadfe07c874

SHA1
907137136118270528a8514eafdae5507a6a6ff2

SHA256
0b89b98233750e7f8bfeb5d48ba84906ab36c78a9adfb35d88340ecb6aacfad4

SHA512
1ac0f133357f91defadd644712b4e565a8d92414d18a30fe320bd848dbf2c465856c4311dc43c8d1c33d59053420c990c9e32bf59fce04327067e924005b11c6

Download Submit
C:\Windows\system\fyHoexH.exe

Filesize
6.0MB

MD5
69851e1f61750206358cfb22482cc6a2

SHA1
7c0c1a614f6a647006b1071a995eb33376902fb8

SHA256
070d6d4272a0cbf71bf758d1e4e4cb61a15f942c36a9a000aba37026396d01cf

SHA512
4523292e920fa5cd1cd4089a91d6332d07b36278ae53af84faceecce46b65f9882d93d2b5fe97f34adc465af92b73c599fcd9c1d52505066e0e163ea2fc9353d

Download Submit
C:\Windows\system\kIiRvgO.exe

Filesize
6.0MB

MD5
ffad051fefcf5a3345ba2199a7260ca1

SHA1
27eed4f9a1d67e9f17794963c14782315e7a79d3

SHA256
f5ad76e76b0c3c12d2531fd9b8f98fc4d7bb4f7b68c6095035653d3b9dcbb835

SHA512
797b25d52530944c9e7046de5158ca4de6857c80064bc800cf1c3214514a8d5831befb0de7d5f71952c55a2d4cc78692091704d870c1613bc4c37d3cb50b3f17

Download Submit
C:\Windows\system\mngNuwp.exe

Filesize
6.0MB

MD5
6d7cf128afe37f6430bb1a0772602f56

SHA1
23fce1b3f9f51a16297903fcbb5e006ea3a8b7b7

SHA256
379183dab0779e1c43c68296d3073a6da6c0072f684efecded4a69f32c2d2496

SHA512
25761af846b3d6e9398809cab20ddadd6c972f568ebd305cd712b93b0896291df0208e27b304614bdd8f4934f9101969b4da162e92cb039e3c219ec7af9b1873

Download Submit
C:\Windows\system\mrPdZRb.exe

Filesize
6.0MB

MD5
1c1185541207824d83ba52cac78dd3eb

SHA1
55f1077e50df4e3997529790955c6bec9d7621b6

SHA256
a35d802585d685748ced38a48f6d79ffa4900e48825cb1d5cacfb1ef287d7e0f

SHA512
6d94f29c4f162c9284a2da49e2283b87d6c55561d4721d39c30ea5900297c0378b898068e7ab0ef5caceab93e4e1d77c6cd72fd351043d5dd0a07924cc162b12

Download Submit
C:\Windows\system\oCAMbqP.exe

Filesize
6.0MB

MD5
84ff941a4306feea2da08ab7e91219f2

SHA1
6ee285220a33b560ec1910418283e8580568e56b

SHA256
9466998609dd8f7848a33b8b76c0b2eb1ffe0b4a3f52f6f4467577a507d82977

SHA512
4b6bb42cb6b7860b1f6fae5e68cc0814b8ba5333ff9f97dcb5866c874bdc3ee32fc71515dfa40364adce28de5691ae1f3884e23358a6d762f904dbaf382b790c

Download Submit
C:\Windows\system\oKCTTVp.exe

Filesize
6.0MB

MD5
6e96134744946942f004a23da0d56f79

SHA1
621d010421db5dfd0dcbfb3f514ef1a044a7f485

SHA256
1afef0049d20836fb2f537777c043c0c7c9aa6eaee3653fb0eed4b5dc61cbc4a

SHA512
96ae83f1318030721da75ecbf184a872aac1600c706af5a8815f677ab818456622e919b4225baac32396774e40382141e4850157501718460ed8352364fb014c

Download Submit
C:\Windows\system\sKzpIvP.exe

Filesize
6.0MB

MD5
e9a67eddc7dc22cf187be4619973eb10

SHA1
a24c32845e72f38d8b7cfd2331a0f791a42d1f5e

SHA256
55d32336a97d1815d8901665e73734c0f4fa1c606221de00036d1f6d3dd6f533

SHA512
3dbb32b5cde165aa9a34a0fbaacdbcd05f5811a7b48234a6c3013ab8357805f82bc73bbee47ad5e8e536cf0f3f5f483f179972e73673710e19c19f0fffe8f2d3

Download Submit
C:\Windows\system\slxONsk.exe

Filesize
6.0MB

MD5
eaef39ea603460c478fac5ba39d8e3e5

SHA1
3e8a1ddcc9fe92f95f9a8dff0308dd1e5488397a

SHA256
1e68c50329b79bc04359a6d09382b904210f185134192cefa0d26be29063274d

SHA512
8331112f9d807b18aef44efb49c08dfbee1d9c6938b3b8933e662ea689c0b6ca010300564a467ad7f645c35fbf3f084a8d1ca611bd66d53d6a8e28ddc9927803

Download Submit
C:\Windows\system\wonJiDi.exe

Filesize
6.0MB

MD5
ecffcaa6a3f227ad4f176de20d38ff05

SHA1
c23081ef923b9168253fd3627ea2f4dda0a2438c

SHA256
251ee9525c269136a5b9afee31155afb59922373687a364ea79a04ed138cebf3

SHA512
fd58970b5a0cf1332996d4cd6073dacc31e90e261cc729c95f47763ce277ca717da1d9cff0d2f3f0338036846d766e2e68c94f7d32cd63e6a9eaa8f0970a29d5

Download Submit
C:\Windows\system\xKleSML.exe

Filesize
6.0MB

MD5
680af993f4b5a6213c0c653b82ec4667

SHA1
b9577a3d7b4c84ee5f612b7d15d57f476ec5d137

SHA256
f93d98aaedba5fb5035cb9abc36f53d4d98dc1cd5ee7462e2748f40c9df1c0ad

SHA512
086c054ad1bdad48dd8d76c22ad0317495bb8bcc0406f1213f49399bd1e64a806361125cab5f1dd2198d7d335ce67c786147d3be34cb54dd62589480e55a56de

Download Submit
C:\Windows\system\yXpYVbE.exe

Filesize
6.0MB

MD5
f9bebce335946cc23e4e10c4b3184d52

SHA1
63767a6cdda668851df1bbb5f9677c2804349dc9

SHA256
9e71ca1d2c15b3cfd286e91b8400567a02d63660c7aab63a8a787c964535c646

SHA512
9403da71b27395c5dff479ab0f1aba45d60a09102d47b976894af7eebd3083f9c99580898064f09fdf596553968ba52eaffc7cc3ec3766a5c41214f042f7d4cf

Download Submit
C:\Windows\system\yhXtLOK.exe

Filesize
6.0MB

MD5
c66ddb15e3bd4389773d633fbb489f72

SHA1
cb0b2149dce3cdddbdb17b906adffb7231e6c5d4

SHA256
1357a4ce285d7bf358f86bb8afa2e6da15a313c20ed9ddab4fa6918ee2db7e13

SHA512
e8aaa79ca345dd3a207c747a2d0ce4e45beb38ee39cf91f0c393af802d893d1103fd6e0b62b396b30d19b3f63be03afab523756128e1005a5a6a43f2a38c1dfe

Download Submit
C:\Windows\system\zUnZaET.exe

Filesize
6.0MB

MD5
cb02a13ccf2237f819b5e689fe96dec5

SHA1
c18c3ca0cfacb0a348cbd608fbc856860f9f983a

SHA256
0e5aa09442a8bf5ab77568184c6690bbf37b3c3fff53852506cdd27d3ef5c148

SHA512
a0441d188ebb535138b6fc801b37043e40f1c522453f5bf7792b77e5c746eefad2aad22f8172ae6afb047ccdb4748afb3c53b6883d5a7cf8485f11a2b21f0657

Download Submit
\Windows\system\FDKsLjg.exe

Filesize
6.0MB

MD5
10e4d2be1f40c114624fe069c0ca95be

SHA1
7eea56da530ab29470c884e5465702eff8f813b1

SHA256
b98ccaea41ff0a0be4df1de4bc8bc7ba0b8d5b9aafb17440ee205407f8dd40d4

SHA512
8e2ffbc2385a1d1b4279eda12af48b2e634ab546748d129c8e990eb303a618063aa7d70da8d5119b81e9569145634482adee4dec71e72fc9cd1adf465db6d216

Download Submit
\Windows\system\YqAeuUk.exe

Filesize
6.0MB

MD5
0e5c783c5773df2f68cb8f872b21d393

SHA1
37a733f2b119e5ed572fe2e81d56214ba2ca1167

SHA256
e32cd5b2834011aa2eeb4dc5a760059b686f650d2fc70e5a5bfbe46830e0ea60

SHA512
bfb749ad6e7c649c512b60451763ebc171c03c69fb5597ae65e2c2a378e7d38f800861d9878d7c2b5a3d5ea77150073634edec812763981ee6bcb5c4802010a9

Download Submit
\Windows\system\gJAooqv.exe

Filesize
6.0MB

MD5
038ee569fa7288f38ed97e2798e757ad

SHA1
e73560b98f24904343517c6c9af7951d0490b340

SHA256
dc15355ab1c53eaeea5ccf1df9e7f099af159f63c01fdc9bd06955f02aabf28b

SHA512
05b05334caf215618c01e67bd56332a78e8ecd1105863e2d6968793fe6b25a60b30b9dba963f42e6f70665234e2cc97ca2b1ecff3f464390ef94ce999ece3f18

Download Submit
\Windows\system\lsAgqbT.exe

Filesize
6.0MB

MD5
77abc0db641e9f3b6cef70619bd53d1e

SHA1
a66e1530d415de749e1ef298bc10be101740fa06

SHA256
d66c9295cb20d4b943f72c59963733ff72b44347ec08c9d2741af48fe8ed796f

SHA512
02f78f1231e703903929d2913cb60cca0a17ed85c8f3b66640c9bd80f6c85a4ce9c379204a62a64729ca3aa22bdf3a63833abb43f05608e8d31f8b2d6304b0ec

Download Submit
memory/1948-3876-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-1761-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3875-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1886-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3904-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2018-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3882-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1752-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3880-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2071-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1791-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3905-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2252-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3294-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2163-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1753-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2019-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1769-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1793-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2358-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2471-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3029-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3081-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3187-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3197-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3213-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2400-2072-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3292-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3249-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3238-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3303-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3357-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3366-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1890-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2820-2162-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3903-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3879-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2251-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3883-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2470-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3877-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2302-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download