cobaltstrike | 53e0c5fcec6fc62a4ae4e7ce43082c118e1c0841e804827a3beb2c9956e3c93e

Analysis

max time kernel
130s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

66697b0ff671e039174c9d343fd1b621
SHA1

e2b7ef243eecd5cbb1bcede384f87575aac8b0bd
SHA256

53e0c5fcec6fc62a4ae4e7ce43082c118e1c0841e804827a3beb2c9956e3c93e
SHA512

5798ed13497285afcb87690d022e56bb39ade26b1707f53d588477108b7d2874db6c80133185b51107260b4a5b65ea7b50a7f712d9ddfbaf62336bdced4013b2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-55.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001930d-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-70.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-45.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001923e-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bdd-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2428-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-3.dat	xmrig
behavioral1/memory/2604-9-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2428-8-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x0007000000018780-10.dat	xmrig
behavioral1/files/0x000700000001921d-19.dat	xmrig
behavioral1/memory/2524-27-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2960-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019242-40.dat	xmrig
behavioral1/memory/2952-85-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3012-99-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019659-158.dat	xmrig
behavioral1/memory/2428-1336-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/860-1068-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2992-812-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2696-583-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2724-582-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2428-580-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c50-193.dat	xmrig
behavioral1/files/0x0005000000019c34-184.dat	xmrig
behavioral1/files/0x0005000000019c36-188.dat	xmrig
behavioral1/files/0x0005000000019c32-177.dat	xmrig
behavioral1/files/0x0005000000019999-173.dat	xmrig
behavioral1/files/0x00050000000196ed-168.dat	xmrig
behavioral1/files/0x000500000001969b-163.dat	xmrig
behavioral1/files/0x0005000000019615-153.dat	xmrig
behavioral1/files/0x0005000000019603-144.dat	xmrig
behavioral1/files/0x0005000000019605-148.dat	xmrig
behavioral1/files/0x00050000000195ff-133.dat	xmrig
behavioral1/files/0x0005000000019601-138.dat	xmrig
behavioral1/files/0x00050000000195fe-129.dat	xmrig
behavioral1/files/0x00050000000195fd-124.dat	xmrig
behavioral1/files/0x00050000000195fb-118.dat	xmrig
behavioral1/files/0x00050000000195f9-114.dat	xmrig
behavioral1/memory/2428-109-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2212-108-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2428-107-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-105.dat	xmrig
behavioral1/memory/860-98-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c0-97.dat	xmrig
behavioral1/files/0x000500000001955c-62.dat	xmrig
behavioral1/memory/2872-94-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2920-93-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2992-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2960-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e6-55.dat	xmrig
behavioral1/files/0x000800000001930d-49.dat	xmrig
behavioral1/memory/2696-84-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2724-79-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2508-75-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2524-74-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/3012-41-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2428-38-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019581-72.dat	xmrig
behavioral1/files/0x0005000000019551-71.dat	xmrig
behavioral1/files/0x00050000000194e4-70.dat	xmrig
behavioral1/memory/2212-48-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2428-47-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2528-46-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000600000001925b-45.dat	xmrig
behavioral1/files/0x000600000001923e-33.dat	xmrig
behavioral1/memory/2508-29-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0008000000018bdd-25.dat	xmrig
behavioral1/memory/2528-18-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2604	jtmLtiI.exe
2528	EiNNJTa.exe
2524	mRsEMrz.exe
2508	clUYKvV.exe
2960	vVmWaIB.exe
3012	rIqcgJc.exe
2212	znwzboQ.exe
2952	TkIcjtM.exe
2724	hjcfMWN.exe
2696	jvisUiX.exe
2992	kubNKIW.exe
2920	RNaSkdI.exe
2872	CGVtgwv.exe
860	DJdHyfp.exe
1072	MpJYQIh.exe
1864	uOyVCzT.exe
276	smjfsHh.exe
1244	xOaGvkc.exe
1936	YMQUfoH.exe
2768	wvLwFRs.exe
2684	cghzvQP.exe
1376	safkDyR.exe
2788	OBcFZQt.exe
2916	nTaXLAp.exe
2796	Hevoaya.exe
2240	hlMdJWR.exe
1152	jeGNMNH.exe
2452	jepHMtF.exe
2276	LfOQIAH.exe
2196	DGDAhEp.exe
684	EbzDgSq.exe
948	xbDyIFG.exe
296	VABnYfC.exe
608	SoPmhpV.exe
1852	eQKRiYx.exe
880	TVdIpjO.exe
904	kQAMJiA.exe
1468	jbccalh.exe
944	FXDIYUc.exe
1572	CDIujdc.exe
2576	pGkopKE.exe
2224	JkZeQUy.exe
2780	ViTwXwO.exe
2360	rKTELka.exe
468	tNyrBbj.exe
916	cRWOzzF.exe
896	opnSeWJ.exe
1220	gERvKmS.exe
540	sgKuHgR.exe
2396	HhpFCfP.exe
2068	CkPkNwr.exe
1536	WyMbRyj.exe
2624	PbCSeep.exe
2332	uOtDQCH.exe
332	BgaBZsZ.exe
2704	EbQyHmh.exe
2984	DAVIpOn.exe
2348	SWFZcdF.exe
2860	sXmKauO.exe
668	qfAEvrA.exe
2976	REjZjFc.exe
1408	YRvCFsp.exe
1732	GtawaVj.exe
1076	pvRpQkD.exe

Loads dropped DLL 64 IoCs

pid	Process
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/memory/2604-9-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x0007000000018780-10.dat	upx
behavioral1/files/0x000700000001921d-19.dat	upx
behavioral1/memory/2524-27-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2960-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0006000000019242-40.dat	upx
behavioral1/memory/2952-85-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/3012-99-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000019659-158.dat	upx
behavioral1/memory/860-1068-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2992-812-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2696-583-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2724-582-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019c50-193.dat	upx
behavioral1/files/0x0005000000019c34-184.dat	upx
behavioral1/files/0x0005000000019c36-188.dat	upx
behavioral1/files/0x0005000000019c32-177.dat	upx
behavioral1/files/0x0005000000019999-173.dat	upx
behavioral1/files/0x00050000000196ed-168.dat	upx
behavioral1/files/0x000500000001969b-163.dat	upx
behavioral1/files/0x0005000000019615-153.dat	upx
behavioral1/files/0x0005000000019603-144.dat	upx
behavioral1/files/0x0005000000019605-148.dat	upx
behavioral1/files/0x00050000000195ff-133.dat	upx
behavioral1/files/0x0005000000019601-138.dat	upx
behavioral1/files/0x00050000000195fe-129.dat	upx
behavioral1/files/0x00050000000195fd-124.dat	upx
behavioral1/files/0x00050000000195fb-118.dat	upx
behavioral1/files/0x00050000000195f9-114.dat	upx
behavioral1/memory/2212-108-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-105.dat	upx
behavioral1/memory/860-98-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00050000000195c0-97.dat	upx
behavioral1/files/0x000500000001955c-62.dat	upx
behavioral1/memory/2872-94-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2920-93-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2992-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2960-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x00050000000194e6-55.dat	upx
behavioral1/files/0x000800000001930d-49.dat	upx
behavioral1/memory/2696-84-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2724-79-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2508-75-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2524-74-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/3012-41-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2428-38-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0005000000019581-72.dat	upx
behavioral1/files/0x0005000000019551-71.dat	upx
behavioral1/files/0x00050000000194e4-70.dat	upx
behavioral1/memory/2212-48-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2528-46-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000600000001925b-45.dat	upx
behavioral1/files/0x000600000001923e-33.dat	upx
behavioral1/memory/2508-29-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0008000000018bdd-25.dat	upx
behavioral1/memory/2528-18-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2604-3460-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2724-3463-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2524-3464-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/860-3487-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2212-3495-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2872-3705-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ablNFrx.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efwHaQE.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeKHOLD.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beXolEN.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCwqixn.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXzjknP.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlMdJWR.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNuVtiw.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alOqffx.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcoRBlZ.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hurKkKz.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPceezS.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMICDsI.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbYKrzV.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEJCRSJ.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZshfaU.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwqotte.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYRQsyN.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoOXRrO.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBghEDe.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlkhNbZ.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXuixYj.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdfNDbJ.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzAqnKn.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyuykYN.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\safkDyR.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqMWhgr.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPcBSgK.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNwqTKy.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqCXFie.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZTcMBf.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMrmLJm.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLSHWko.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzQSUFH.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\autVSRD.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsejjgc.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGYuEVb.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaoHTHF.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkWrrJp.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdukwjk.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGDAhEp.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODwtXhC.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuCKhrD.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAJUcZX.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWpjRZq.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkrWXxj.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntGilBg.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtsPVFq.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZRJihA.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZRcVOR.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoewKFg.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HavSWZh.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRHyaQt.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIwJPXs.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alLgPyW.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOvrwOn.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSGqtts.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQxwBOE.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiCyQbz.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XalpqhL.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTsmnBo.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjDuhef.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSfjvOA.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDVQmLP.exe	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2604	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2604	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2604	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2428 wrote to memory of 2528	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2528	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2528	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2428 wrote to memory of 2524	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2524	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2524	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2428 wrote to memory of 2508	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2508	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2508	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2428 wrote to memory of 2960	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 2960	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 2960	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2428 wrote to memory of 3012	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 3012	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 3012	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2428 wrote to memory of 2212	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2212	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2212	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2428 wrote to memory of 2992	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2992	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2992	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2428 wrote to memory of 2952	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2952	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2952	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2428 wrote to memory of 2920	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2920	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2920	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2428 wrote to memory of 2724	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2724	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2724	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2428 wrote to memory of 2872	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2872	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2872	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2428 wrote to memory of 2696	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2696	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 2696	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2428 wrote to memory of 860	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 860	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 860	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2428 wrote to memory of 1072	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 1072	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 1072	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2428 wrote to memory of 1864	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 1864	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 1864	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2428 wrote to memory of 276	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 276	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 276	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2428 wrote to memory of 1244	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 1244	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 1244	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2428 wrote to memory of 1936	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 1936	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 1936	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2428 wrote to memory of 2768	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 2768	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 2768	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2428 wrote to memory of 2684	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 2684	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 2684	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2428 wrote to memory of 1376	2428	2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_66697b0ff671e039174c9d343fd1b621_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\System\jtmLtiI.exe
  C:\Windows\System\jtmLtiI.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\EiNNJTa.exe
  C:\Windows\System\EiNNJTa.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\mRsEMrz.exe
  C:\Windows\System\mRsEMrz.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\clUYKvV.exe
  C:\Windows\System\clUYKvV.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vVmWaIB.exe
  C:\Windows\System\vVmWaIB.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\rIqcgJc.exe
  C:\Windows\System\rIqcgJc.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\znwzboQ.exe
  C:\Windows\System\znwzboQ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\kubNKIW.exe
  C:\Windows\System\kubNKIW.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\TkIcjtM.exe
  C:\Windows\System\TkIcjtM.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\RNaSkdI.exe
  C:\Windows\System\RNaSkdI.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\hjcfMWN.exe
  C:\Windows\System\hjcfMWN.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\CGVtgwv.exe
  C:\Windows\System\CGVtgwv.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\jvisUiX.exe
  C:\Windows\System\jvisUiX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DJdHyfp.exe
  C:\Windows\System\DJdHyfp.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\MpJYQIh.exe
  C:\Windows\System\MpJYQIh.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\uOyVCzT.exe
  C:\Windows\System\uOyVCzT.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\smjfsHh.exe
  C:\Windows\System\smjfsHh.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\xOaGvkc.exe
  C:\Windows\System\xOaGvkc.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\YMQUfoH.exe
  C:\Windows\System\YMQUfoH.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\wvLwFRs.exe
  C:\Windows\System\wvLwFRs.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\cghzvQP.exe
  C:\Windows\System\cghzvQP.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\safkDyR.exe
  C:\Windows\System\safkDyR.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\OBcFZQt.exe
  C:\Windows\System\OBcFZQt.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\nTaXLAp.exe
  C:\Windows\System\nTaXLAp.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\Hevoaya.exe
  C:\Windows\System\Hevoaya.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\hlMdJWR.exe
  C:\Windows\System\hlMdJWR.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\jeGNMNH.exe
  C:\Windows\System\jeGNMNH.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\jepHMtF.exe
  C:\Windows\System\jepHMtF.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\LfOQIAH.exe
  C:\Windows\System\LfOQIAH.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\DGDAhEp.exe
  C:\Windows\System\DGDAhEp.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\EbzDgSq.exe
  C:\Windows\System\EbzDgSq.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\xbDyIFG.exe
  C:\Windows\System\xbDyIFG.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VABnYfC.exe
  C:\Windows\System\VABnYfC.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\SoPmhpV.exe
  C:\Windows\System\SoPmhpV.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\eQKRiYx.exe
  C:\Windows\System\eQKRiYx.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\TVdIpjO.exe
  C:\Windows\System\TVdIpjO.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\kQAMJiA.exe
  C:\Windows\System\kQAMJiA.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\jbccalh.exe
  C:\Windows\System\jbccalh.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\FXDIYUc.exe
  C:\Windows\System\FXDIYUc.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\CDIujdc.exe
  C:\Windows\System\CDIujdc.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\pGkopKE.exe
  C:\Windows\System\pGkopKE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\JkZeQUy.exe
  C:\Windows\System\JkZeQUy.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ViTwXwO.exe
  C:\Windows\System\ViTwXwO.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\rKTELka.exe
  C:\Windows\System\rKTELka.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\tNyrBbj.exe
  C:\Windows\System\tNyrBbj.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\cRWOzzF.exe
  C:\Windows\System\cRWOzzF.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\opnSeWJ.exe
  C:\Windows\System\opnSeWJ.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\gERvKmS.exe
  C:\Windows\System\gERvKmS.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\sgKuHgR.exe
  C:\Windows\System\sgKuHgR.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\HhpFCfP.exe
  C:\Windows\System\HhpFCfP.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\CkPkNwr.exe
  C:\Windows\System\CkPkNwr.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\WyMbRyj.exe
  C:\Windows\System\WyMbRyj.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\PbCSeep.exe
  C:\Windows\System\PbCSeep.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\uOtDQCH.exe
  C:\Windows\System\uOtDQCH.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BgaBZsZ.exe
  C:\Windows\System\BgaBZsZ.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\EbQyHmh.exe
  C:\Windows\System\EbQyHmh.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\DAVIpOn.exe
  C:\Windows\System\DAVIpOn.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\SWFZcdF.exe
  C:\Windows\System\SWFZcdF.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\sXmKauO.exe
  C:\Windows\System\sXmKauO.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\qfAEvrA.exe
  C:\Windows\System\qfAEvrA.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\REjZjFc.exe
  C:\Windows\System\REjZjFc.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\YRvCFsp.exe
  C:\Windows\System\YRvCFsp.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\GtawaVj.exe
  C:\Windows\System\GtawaVj.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\pvRpQkD.exe
  C:\Windows\System\pvRpQkD.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\ImhuUYH.exe
  C:\Windows\System\ImhuUYH.exe
  2⤵
  PID:356
- C:\Windows\System\NXHEMiC.exe
  C:\Windows\System\NXHEMiC.exe
  2⤵
  PID:1840
- C:\Windows\System\MAqzipW.exe
  C:\Windows\System\MAqzipW.exe
  2⤵
  PID:2896
- C:\Windows\System\PeTJtMZ.exe
  C:\Windows\System\PeTJtMZ.exe
  2⤵
  PID:2088
- C:\Windows\System\ZcQtVuO.exe
  C:\Windows\System\ZcQtVuO.exe
  2⤵
  PID:1584
- C:\Windows\System\FnHvYJw.exe
  C:\Windows\System\FnHvYJw.exe
  2⤵
  PID:2904
- C:\Windows\System\EQHmija.exe
  C:\Windows\System\EQHmija.exe
  2⤵
  PID:1876
- C:\Windows\System\WCViksn.exe
  C:\Windows\System\WCViksn.exe
  2⤵
  PID:2184
- C:\Windows\System\cqXqMpf.exe
  C:\Windows\System\cqXqMpf.exe
  2⤵
  PID:984
- C:\Windows\System\vsUXLAQ.exe
  C:\Windows\System\vsUXLAQ.exe
  2⤵
  PID:1012
- C:\Windows\System\KgoELEN.exe
  C:\Windows\System\KgoELEN.exe
  2⤵
  PID:1464
- C:\Windows\System\TIlRKwi.exe
  C:\Windows\System\TIlRKwi.exe
  2⤵
  PID:1920
- C:\Windows\System\jLJErya.exe
  C:\Windows\System\jLJErya.exe
  2⤵
  PID:2136
- C:\Windows\System\DECYztB.exe
  C:\Windows\System\DECYztB.exe
  2⤵
  PID:1248
- C:\Windows\System\nBGFLLl.exe
  C:\Windows\System\nBGFLLl.exe
  2⤵
  PID:812
- C:\Windows\System\eSwyFct.exe
  C:\Windows\System\eSwyFct.exe
  2⤵
  PID:2468
- C:\Windows\System\feZEpno.exe
  C:\Windows\System\feZEpno.exe
  2⤵
  PID:2076
- C:\Windows\System\UNESVnH.exe
  C:\Windows\System\UNESVnH.exe
  2⤵
  PID:1752
- C:\Windows\System\mzvPWJD.exe
  C:\Windows\System\mzvPWJD.exe
  2⤵
  PID:2080
- C:\Windows\System\DxmuxSi.exe
  C:\Windows\System\DxmuxSi.exe
  2⤵
  PID:1644
- C:\Windows\System\zQmbjsH.exe
  C:\Windows\System\zQmbjsH.exe
  2⤵
  PID:2968
- C:\Windows\System\vbHmxYJ.exe
  C:\Windows\System\vbHmxYJ.exe
  2⤵
  PID:2472
- C:\Windows\System\NTLtHJs.exe
  C:\Windows\System\NTLtHJs.exe
  2⤵
  PID:2820
- C:\Windows\System\LUIycsr.exe
  C:\Windows\System\LUIycsr.exe
  2⤵
  PID:2748
- C:\Windows\System\vMrmLJm.exe
  C:\Windows\System\vMrmLJm.exe
  2⤵
  PID:1904
- C:\Windows\System\Tfzhfym.exe
  C:\Windows\System\Tfzhfym.exe
  2⤵
  PID:2004
- C:\Windows\System\DlqRHER.exe
  C:\Windows\System\DlqRHER.exe
  2⤵
  PID:1684
- C:\Windows\System\XUlTJnD.exe
  C:\Windows\System\XUlTJnD.exe
  2⤵
  PID:1020
- C:\Windows\System\FEcGyIt.exe
  C:\Windows\System\FEcGyIt.exe
  2⤵
  PID:3044
- C:\Windows\System\yFvKtUh.exe
  C:\Windows\System\yFvKtUh.exe
  2⤵
  PID:2228
- C:\Windows\System\QWDrBXD.exe
  C:\Windows\System\QWDrBXD.exe
  2⤵
  PID:3092
- C:\Windows\System\KfMEQhK.exe
  C:\Windows\System\KfMEQhK.exe
  2⤵
  PID:3112
- C:\Windows\System\zBMilyy.exe
  C:\Windows\System\zBMilyy.exe
  2⤵
  PID:3132
- C:\Windows\System\VTlCnPW.exe
  C:\Windows\System\VTlCnPW.exe
  2⤵
  PID:3152
- C:\Windows\System\qEJOXNV.exe
  C:\Windows\System\qEJOXNV.exe
  2⤵
  PID:3172
- C:\Windows\System\kebByKj.exe
  C:\Windows\System\kebByKj.exe
  2⤵
  PID:3192
- C:\Windows\System\yipONEx.exe
  C:\Windows\System\yipONEx.exe
  2⤵
  PID:3212
- C:\Windows\System\mKBUQSC.exe
  C:\Windows\System\mKBUQSC.exe
  2⤵
  PID:3232
- C:\Windows\System\yGYGIBl.exe
  C:\Windows\System\yGYGIBl.exe
  2⤵
  PID:3252
- C:\Windows\System\mMXdtcb.exe
  C:\Windows\System\mMXdtcb.exe
  2⤵
  PID:3272
- C:\Windows\System\RWdIGum.exe
  C:\Windows\System\RWdIGum.exe
  2⤵
  PID:3292
- C:\Windows\System\sOWSAgi.exe
  C:\Windows\System\sOWSAgi.exe
  2⤵
  PID:3312
- C:\Windows\System\fmSckii.exe
  C:\Windows\System\fmSckii.exe
  2⤵
  PID:3332
- C:\Windows\System\raxmuLr.exe
  C:\Windows\System\raxmuLr.exe
  2⤵
  PID:3352
- C:\Windows\System\rquJLxj.exe
  C:\Windows\System\rquJLxj.exe
  2⤵
  PID:3372
- C:\Windows\System\IaMOIcc.exe
  C:\Windows\System\IaMOIcc.exe
  2⤵
  PID:3392
- C:\Windows\System\MlsETSW.exe
  C:\Windows\System\MlsETSW.exe
  2⤵
  PID:3412
- C:\Windows\System\FeKHOLD.exe
  C:\Windows\System\FeKHOLD.exe
  2⤵
  PID:3432
- C:\Windows\System\ooEoPhw.exe
  C:\Windows\System\ooEoPhw.exe
  2⤵
  PID:3452
- C:\Windows\System\QsrnPxE.exe
  C:\Windows\System\QsrnPxE.exe
  2⤵
  PID:3472
- C:\Windows\System\isMQDfp.exe
  C:\Windows\System\isMQDfp.exe
  2⤵
  PID:3492
- C:\Windows\System\jUPZjwl.exe
  C:\Windows\System\jUPZjwl.exe
  2⤵
  PID:3512
- C:\Windows\System\KOxNXrV.exe
  C:\Windows\System\KOxNXrV.exe
  2⤵
  PID:3532
- C:\Windows\System\bQZOtFL.exe
  C:\Windows\System\bQZOtFL.exe
  2⤵
  PID:3552
- C:\Windows\System\kMSUHgO.exe
  C:\Windows\System\kMSUHgO.exe
  2⤵
  PID:3572
- C:\Windows\System\PSWnXtf.exe
  C:\Windows\System\PSWnXtf.exe
  2⤵
  PID:3592
- C:\Windows\System\GxytpYa.exe
  C:\Windows\System\GxytpYa.exe
  2⤵
  PID:3612
- C:\Windows\System\EXOAnBp.exe
  C:\Windows\System\EXOAnBp.exe
  2⤵
  PID:3632
- C:\Windows\System\pRtSPFH.exe
  C:\Windows\System\pRtSPFH.exe
  2⤵
  PID:3652
- C:\Windows\System\tPGeRVS.exe
  C:\Windows\System\tPGeRVS.exe
  2⤵
  PID:3672
- C:\Windows\System\RbytUsI.exe
  C:\Windows\System\RbytUsI.exe
  2⤵
  PID:3692
- C:\Windows\System\mWxfdAM.exe
  C:\Windows\System\mWxfdAM.exe
  2⤵
  PID:3712
- C:\Windows\System\LNuVtiw.exe
  C:\Windows\System\LNuVtiw.exe
  2⤵
  PID:3732
- C:\Windows\System\WqMWhgr.exe
  C:\Windows\System\WqMWhgr.exe
  2⤵
  PID:3752
- C:\Windows\System\ILwdYVk.exe
  C:\Windows\System\ILwdYVk.exe
  2⤵
  PID:3772
- C:\Windows\System\eTuVJex.exe
  C:\Windows\System\eTuVJex.exe
  2⤵
  PID:3792
- C:\Windows\System\KlWhigj.exe
  C:\Windows\System\KlWhigj.exe
  2⤵
  PID:3812
- C:\Windows\System\RYtDJAv.exe
  C:\Windows\System\RYtDJAv.exe
  2⤵
  PID:3832
- C:\Windows\System\IpfbmIa.exe
  C:\Windows\System\IpfbmIa.exe
  2⤵
  PID:3852
- C:\Windows\System\RCIvMUe.exe
  C:\Windows\System\RCIvMUe.exe
  2⤵
  PID:3872
- C:\Windows\System\nJWHyYq.exe
  C:\Windows\System\nJWHyYq.exe
  2⤵
  PID:3892
- C:\Windows\System\CgZmKME.exe
  C:\Windows\System\CgZmKME.exe
  2⤵
  PID:3912
- C:\Windows\System\gdXpisV.exe
  C:\Windows\System\gdXpisV.exe
  2⤵
  PID:3932
- C:\Windows\System\eGwTkDc.exe
  C:\Windows\System\eGwTkDc.exe
  2⤵
  PID:3952
- C:\Windows\System\EbRwVyF.exe
  C:\Windows\System\EbRwVyF.exe
  2⤵
  PID:3972
- C:\Windows\System\eeBpxxJ.exe
  C:\Windows\System\eeBpxxJ.exe
  2⤵
  PID:3992
- C:\Windows\System\gdurpng.exe
  C:\Windows\System\gdurpng.exe
  2⤵
  PID:4012
- C:\Windows\System\GnmjsZK.exe
  C:\Windows\System\GnmjsZK.exe
  2⤵
  PID:4032
- C:\Windows\System\oyDPHgY.exe
  C:\Windows\System\oyDPHgY.exe
  2⤵
  PID:4052
- C:\Windows\System\CMcqJee.exe
  C:\Windows\System\CMcqJee.exe
  2⤵
  PID:4076
- C:\Windows\System\wmHzHJN.exe
  C:\Windows\System\wmHzHJN.exe
  2⤵
  PID:2104
- C:\Windows\System\TmypMDe.exe
  C:\Windows\System\TmypMDe.exe
  2⤵
  PID:912
- C:\Windows\System\VfEYHWn.exe
  C:\Windows\System\VfEYHWn.exe
  2⤵
  PID:808
- C:\Windows\System\xcoRBlZ.exe
  C:\Windows\System\xcoRBlZ.exe
  2⤵
  PID:1704
- C:\Windows\System\HZMtNRX.exe
  C:\Windows\System\HZMtNRX.exe
  2⤵
  PID:2592
- C:\Windows\System\ptvWLdi.exe
  C:\Windows\System\ptvWLdi.exe
  2⤵
  PID:2380
- C:\Windows\System\AAdKKBQ.exe
  C:\Windows\System\AAdKKBQ.exe
  2⤵
  PID:2880
- C:\Windows\System\NcvckYT.exe
  C:\Windows\System\NcvckYT.exe
  2⤵
  PID:780
- C:\Windows\System\xvaBMTE.exe
  C:\Windows\System\xvaBMTE.exe
  2⤵
  PID:2168
- C:\Windows\System\ZvfLgGv.exe
  C:\Windows\System\ZvfLgGv.exe
  2⤵
  PID:888
- C:\Windows\System\kXoQVHa.exe
  C:\Windows\System\kXoQVHa.exe
  2⤵
  PID:2800
- C:\Windows\System\RatwEIb.exe
  C:\Windows\System\RatwEIb.exe
  2⤵
  PID:2912
- C:\Windows\System\EEkmCAj.exe
  C:\Windows\System\EEkmCAj.exe
  2⤵
  PID:2036
- C:\Windows\System\TAQNBLb.exe
  C:\Windows\System\TAQNBLb.exe
  2⤵
  PID:1856
- C:\Windows\System\nezxDeV.exe
  C:\Windows\System\nezxDeV.exe
  2⤵
  PID:2424
- C:\Windows\System\blalyNS.exe
  C:\Windows\System\blalyNS.exe
  2⤵
  PID:3100
- C:\Windows\System\EXveoMU.exe
  C:\Windows\System\EXveoMU.exe
  2⤵
  PID:3148
- C:\Windows\System\NHGVEAn.exe
  C:\Windows\System\NHGVEAn.exe
  2⤵
  PID:3180
- C:\Windows\System\nqZlLGx.exe
  C:\Windows\System\nqZlLGx.exe
  2⤵
  PID:3204
- C:\Windows\System\DLcDszG.exe
  C:\Windows\System\DLcDszG.exe
  2⤵
  PID:3248
- C:\Windows\System\VybszeO.exe
  C:\Windows\System\VybszeO.exe
  2⤵
  PID:3280
- C:\Windows\System\gMqVCKg.exe
  C:\Windows\System\gMqVCKg.exe
  2⤵
  PID:3304
- C:\Windows\System\lVMmohs.exe
  C:\Windows\System\lVMmohs.exe
  2⤵
  PID:3348
- C:\Windows\System\ojkaeKm.exe
  C:\Windows\System\ojkaeKm.exe
  2⤵
  PID:3380
- C:\Windows\System\IvCBkYf.exe
  C:\Windows\System\IvCBkYf.exe
  2⤵
  PID:3408
- C:\Windows\System\LXVGHrR.exe
  C:\Windows\System\LXVGHrR.exe
  2⤵
  PID:3448
- C:\Windows\System\JkqkLgG.exe
  C:\Windows\System\JkqkLgG.exe
  2⤵
  PID:3480
- C:\Windows\System\NSaCJsh.exe
  C:\Windows\System\NSaCJsh.exe
  2⤵
  PID:3504
- C:\Windows\System\qFTKkHD.exe
  C:\Windows\System\qFTKkHD.exe
  2⤵
  PID:3544
- C:\Windows\System\CLSHWko.exe
  C:\Windows\System\CLSHWko.exe
  2⤵
  PID:3584
- C:\Windows\System\PCFPFxS.exe
  C:\Windows\System\PCFPFxS.exe
  2⤵
  PID:3604
- C:\Windows\System\WndTkJE.exe
  C:\Windows\System\WndTkJE.exe
  2⤵
  PID:3644
- C:\Windows\System\joGXHoe.exe
  C:\Windows\System\joGXHoe.exe
  2⤵
  PID:3700
- C:\Windows\System\iKWryCd.exe
  C:\Windows\System\iKWryCd.exe
  2⤵
  PID:3720
- C:\Windows\System\jhtzbCq.exe
  C:\Windows\System\jhtzbCq.exe
  2⤵
  PID:3744
- C:\Windows\System\CPSBRJx.exe
  C:\Windows\System\CPSBRJx.exe
  2⤵
  PID:3788
- C:\Windows\System\GWyrzsA.exe
  C:\Windows\System\GWyrzsA.exe
  2⤵
  PID:3828
- C:\Windows\System\CKFSVWp.exe
  C:\Windows\System\CKFSVWp.exe
  2⤵
  PID:3804
- C:\Windows\System\GjbwHTi.exe
  C:\Windows\System\GjbwHTi.exe
  2⤵
  PID:3900
- C:\Windows\System\zWeumTC.exe
  C:\Windows\System\zWeumTC.exe
  2⤵
  PID:3920
- C:\Windows\System\fFPjqtX.exe
  C:\Windows\System\fFPjqtX.exe
  2⤵
  PID:3944
- C:\Windows\System\XfZHOpG.exe
  C:\Windows\System\XfZHOpG.exe
  2⤵
  PID:3984
- C:\Windows\System\CCCQelY.exe
  C:\Windows\System\CCCQelY.exe
  2⤵
  PID:4020
- C:\Windows\System\KXjqoAp.exe
  C:\Windows\System\KXjqoAp.exe
  2⤵
  PID:4044
- C:\Windows\System\PPjDfCz.exe
  C:\Windows\System\PPjDfCz.exe
  2⤵
  PID:4092
- C:\Windows\System\fXvYiqo.exe
  C:\Windows\System\fXvYiqo.exe
  2⤵
  PID:2248
- C:\Windows\System\rVlLqiD.exe
  C:\Windows\System\rVlLqiD.exe
  2⤵
  PID:1424
- C:\Windows\System\IAVbcpL.exe
  C:\Windows\System\IAVbcpL.exe
  2⤵
  PID:324
- C:\Windows\System\KEDuxfT.exe
  C:\Windows\System\KEDuxfT.exe
  2⤵
  PID:1720
- C:\Windows\System\MwXRxNT.exe
  C:\Windows\System\MwXRxNT.exe
  2⤵
  PID:2616
- C:\Windows\System\RsTOJbV.exe
  C:\Windows\System\RsTOJbV.exe
  2⤵
  PID:2884
- C:\Windows\System\ChWSRae.exe
  C:\Windows\System\ChWSRae.exe
  2⤵
  PID:1776
- C:\Windows\System\fscIlmD.exe
  C:\Windows\System\fscIlmD.exe
  2⤵
  PID:1240
- C:\Windows\System\gVllBhh.exe
  C:\Windows\System\gVllBhh.exe
  2⤵
  PID:3080
- C:\Windows\System\WjApGrw.exe
  C:\Windows\System\WjApGrw.exe
  2⤵
  PID:3108
- C:\Windows\System\FEDdNBQ.exe
  C:\Windows\System\FEDdNBQ.exe
  2⤵
  PID:3200
- C:\Windows\System\WXpRJmE.exe
  C:\Windows\System\WXpRJmE.exe
  2⤵
  PID:3264
- C:\Windows\System\OueeInP.exe
  C:\Windows\System\OueeInP.exe
  2⤵
  PID:3328
- C:\Windows\System\eksjyEx.exe
  C:\Windows\System\eksjyEx.exe
  2⤵
  PID:3368
- C:\Windows\System\wkMLhVL.exe
  C:\Windows\System\wkMLhVL.exe
  2⤵
  PID:3424
- C:\Windows\System\WlkhNbZ.exe
  C:\Windows\System\WlkhNbZ.exe
  2⤵
  PID:3484
- C:\Windows\System\raCzWLp.exe
  C:\Windows\System\raCzWLp.exe
  2⤵
  PID:3568
- C:\Windows\System\wSXffEU.exe
  C:\Windows\System\wSXffEU.exe
  2⤵
  PID:4108
- C:\Windows\System\ncdqpTH.exe
  C:\Windows\System\ncdqpTH.exe
  2⤵
  PID:4128
- C:\Windows\System\wvZDadb.exe
  C:\Windows\System\wvZDadb.exe
  2⤵
  PID:4148
- C:\Windows\System\PFTkHSh.exe
  C:\Windows\System\PFTkHSh.exe
  2⤵
  PID:4168
- C:\Windows\System\YyrVbnC.exe
  C:\Windows\System\YyrVbnC.exe
  2⤵
  PID:4188
- C:\Windows\System\paHNFzm.exe
  C:\Windows\System\paHNFzm.exe
  2⤵
  PID:4208
- C:\Windows\System\fNfDDCe.exe
  C:\Windows\System\fNfDDCe.exe
  2⤵
  PID:4228
- C:\Windows\System\yjfvibB.exe
  C:\Windows\System\yjfvibB.exe
  2⤵
  PID:4248
- C:\Windows\System\BhTIuGi.exe
  C:\Windows\System\BhTIuGi.exe
  2⤵
  PID:4272
- C:\Windows\System\XRYRGBc.exe
  C:\Windows\System\XRYRGBc.exe
  2⤵
  PID:4292
- C:\Windows\System\dVtBxTQ.exe
  C:\Windows\System\dVtBxTQ.exe
  2⤵
  PID:4312
- C:\Windows\System\gaNdgfb.exe
  C:\Windows\System\gaNdgfb.exe
  2⤵
  PID:4332
- C:\Windows\System\eufSdGS.exe
  C:\Windows\System\eufSdGS.exe
  2⤵
  PID:4352
- C:\Windows\System\BkcCrqx.exe
  C:\Windows\System\BkcCrqx.exe
  2⤵
  PID:4372
- C:\Windows\System\cemKMNB.exe
  C:\Windows\System\cemKMNB.exe
  2⤵
  PID:4392
- C:\Windows\System\vrvtqEW.exe
  C:\Windows\System\vrvtqEW.exe
  2⤵
  PID:4412
- C:\Windows\System\lZmYJPA.exe
  C:\Windows\System\lZmYJPA.exe
  2⤵
  PID:4432
- C:\Windows\System\aKRFLim.exe
  C:\Windows\System\aKRFLim.exe
  2⤵
  PID:4452
- C:\Windows\System\gYVAvvE.exe
  C:\Windows\System\gYVAvvE.exe
  2⤵
  PID:4472
- C:\Windows\System\tGvfzSP.exe
  C:\Windows\System\tGvfzSP.exe
  2⤵
  PID:4492
- C:\Windows\System\xavYZjQ.exe
  C:\Windows\System\xavYZjQ.exe
  2⤵
  PID:4512
- C:\Windows\System\FxyTrmC.exe
  C:\Windows\System\FxyTrmC.exe
  2⤵
  PID:4532
- C:\Windows\System\JpnkAQS.exe
  C:\Windows\System\JpnkAQS.exe
  2⤵
  PID:4552
- C:\Windows\System\ATWvpwh.exe
  C:\Windows\System\ATWvpwh.exe
  2⤵
  PID:4572
- C:\Windows\System\GRUqRbZ.exe
  C:\Windows\System\GRUqRbZ.exe
  2⤵
  PID:4592
- C:\Windows\System\yweHRwc.exe
  C:\Windows\System\yweHRwc.exe
  2⤵
  PID:4612
- C:\Windows\System\xHLsrMF.exe
  C:\Windows\System\xHLsrMF.exe
  2⤵
  PID:4632
- C:\Windows\System\zfhEkSs.exe
  C:\Windows\System\zfhEkSs.exe
  2⤵
  PID:4652
- C:\Windows\System\nEITtqa.exe
  C:\Windows\System\nEITtqa.exe
  2⤵
  PID:4672
- C:\Windows\System\qmrydXW.exe
  C:\Windows\System\qmrydXW.exe
  2⤵
  PID:4692
- C:\Windows\System\OGmVTaq.exe
  C:\Windows\System\OGmVTaq.exe
  2⤵
  PID:4716
- C:\Windows\System\bJEKMhF.exe
  C:\Windows\System\bJEKMhF.exe
  2⤵
  PID:4736
- C:\Windows\System\AHhbslT.exe
  C:\Windows\System\AHhbslT.exe
  2⤵
  PID:4756
- C:\Windows\System\rvRioaV.exe
  C:\Windows\System\rvRioaV.exe
  2⤵
  PID:4776
- C:\Windows\System\UpDIQlk.exe
  C:\Windows\System\UpDIQlk.exe
  2⤵
  PID:4796
- C:\Windows\System\kSQfkMF.exe
  C:\Windows\System\kSQfkMF.exe
  2⤵
  PID:4816
- C:\Windows\System\wdhmSdT.exe
  C:\Windows\System\wdhmSdT.exe
  2⤵
  PID:4836
- C:\Windows\System\IpwOkvX.exe
  C:\Windows\System\IpwOkvX.exe
  2⤵
  PID:4856
- C:\Windows\System\rFcZxtD.exe
  C:\Windows\System\rFcZxtD.exe
  2⤵
  PID:4876
- C:\Windows\System\ckMArCl.exe
  C:\Windows\System\ckMArCl.exe
  2⤵
  PID:4896
- C:\Windows\System\KDyoPzq.exe
  C:\Windows\System\KDyoPzq.exe
  2⤵
  PID:4916
- C:\Windows\System\fFcBENo.exe
  C:\Windows\System\fFcBENo.exe
  2⤵
  PID:4936
- C:\Windows\System\rWzRogO.exe
  C:\Windows\System\rWzRogO.exe
  2⤵
  PID:4956
- C:\Windows\System\ywKkPWW.exe
  C:\Windows\System\ywKkPWW.exe
  2⤵
  PID:4976
- C:\Windows\System\UMICDsI.exe
  C:\Windows\System\UMICDsI.exe
  2⤵
  PID:4996
- C:\Windows\System\Gnkmbml.exe
  C:\Windows\System\Gnkmbml.exe
  2⤵
  PID:5016
- C:\Windows\System\FKJUFcr.exe
  C:\Windows\System\FKJUFcr.exe
  2⤵
  PID:5036
- C:\Windows\System\DpdPbFO.exe
  C:\Windows\System\DpdPbFO.exe
  2⤵
  PID:5056
- C:\Windows\System\CYcmOUf.exe
  C:\Windows\System\CYcmOUf.exe
  2⤵
  PID:5080
- C:\Windows\System\HPPbrJH.exe
  C:\Windows\System\HPPbrJH.exe
  2⤵
  PID:5100
- C:\Windows\System\vmBgGAf.exe
  C:\Windows\System\vmBgGAf.exe
  2⤵
  PID:3564
- C:\Windows\System\DIaJrte.exe
  C:\Windows\System\DIaJrte.exe
  2⤵
  PID:3608
- C:\Windows\System\lVFTHKa.exe
  C:\Windows\System\lVFTHKa.exe
  2⤵
  PID:3684
- C:\Windows\System\xKziuGs.exe
  C:\Windows\System\xKziuGs.exe
  2⤵
  PID:3760
- C:\Windows\System\WFjgbAT.exe
  C:\Windows\System\WFjgbAT.exe
  2⤵
  PID:3820
- C:\Windows\System\hopnPPW.exe
  C:\Windows\System\hopnPPW.exe
  2⤵
  PID:3848
- C:\Windows\System\DYawPUL.exe
  C:\Windows\System\DYawPUL.exe
  2⤵
  PID:3904
- C:\Windows\System\SuuIEts.exe
  C:\Windows\System\SuuIEts.exe
  2⤵
  PID:3924
- C:\Windows\System\aqQiYZl.exe
  C:\Windows\System\aqQiYZl.exe
  2⤵
  PID:4024
- C:\Windows\System\XQdNfSy.exe
  C:\Windows\System\XQdNfSy.exe
  2⤵
  PID:4064
- C:\Windows\System\NnRqdvI.exe
  C:\Windows\System\NnRqdvI.exe
  2⤵
  PID:840
- C:\Windows\System\EmrSqoy.exe
  C:\Windows\System\EmrSqoy.exe
  2⤵
  PID:2116
- C:\Windows\System\UgbaDTO.exe
  C:\Windows\System\UgbaDTO.exe
  2⤵
  PID:2384
- C:\Windows\System\YmZMYoN.exe
  C:\Windows\System\YmZMYoN.exe
  2⤵
  PID:2864
- C:\Windows\System\XvzrMRu.exe
  C:\Windows\System\XvzrMRu.exe
  2⤵
  PID:112
- C:\Windows\System\lWMsuFL.exe
  C:\Windows\System\lWMsuFL.exe
  2⤵
  PID:3104
- C:\Windows\System\rDacaYe.exe
  C:\Windows\System\rDacaYe.exe
  2⤵
  PID:3284
- C:\Windows\System\cChFoKP.exe
  C:\Windows\System\cChFoKP.exe
  2⤵
  PID:3324
- C:\Windows\System\orvpZAt.exe
  C:\Windows\System\orvpZAt.exe
  2⤵
  PID:3420
- C:\Windows\System\YgRPPnl.exe
  C:\Windows\System\YgRPPnl.exe
  2⤵
  PID:3468
- C:\Windows\System\ETgYisd.exe
  C:\Windows\System\ETgYisd.exe
  2⤵
  PID:4124
- C:\Windows\System\xhOJavt.exe
  C:\Windows\System\xhOJavt.exe
  2⤵
  PID:4156
- C:\Windows\System\pTlASCa.exe
  C:\Windows\System\pTlASCa.exe
  2⤵
  PID:4184
- C:\Windows\System\FJKhjZY.exe
  C:\Windows\System\FJKhjZY.exe
  2⤵
  PID:4216
- C:\Windows\System\NMDzEYt.exe
  C:\Windows\System\NMDzEYt.exe
  2⤵
  PID:4240
- C:\Windows\System\cjAmynT.exe
  C:\Windows\System\cjAmynT.exe
  2⤵
  PID:4288
- C:\Windows\System\EIkzACL.exe
  C:\Windows\System\EIkzACL.exe
  2⤵
  PID:4320
- C:\Windows\System\ASfayDh.exe
  C:\Windows\System\ASfayDh.exe
  2⤵
  PID:4360
- C:\Windows\System\ENxdOtq.exe
  C:\Windows\System\ENxdOtq.exe
  2⤵
  PID:4400
- C:\Windows\System\WDrfkfL.exe
  C:\Windows\System\WDrfkfL.exe
  2⤵
  PID:4420
- C:\Windows\System\FxlvFGR.exe
  C:\Windows\System\FxlvFGR.exe
  2⤵
  PID:4444
- C:\Windows\System\ldLELfF.exe
  C:\Windows\System\ldLELfF.exe
  2⤵
  PID:4488
- C:\Windows\System\HavSWZh.exe
  C:\Windows\System\HavSWZh.exe
  2⤵
  PID:4520
- C:\Windows\System\OWTwRcf.exe
  C:\Windows\System\OWTwRcf.exe
  2⤵
  PID:4568
- C:\Windows\System\fBeaWkD.exe
  C:\Windows\System\fBeaWkD.exe
  2⤵
  PID:4588
- C:\Windows\System\mOncnTQ.exe
  C:\Windows\System\mOncnTQ.exe
  2⤵
  PID:4620
- C:\Windows\System\xhtwPmu.exe
  C:\Windows\System\xhtwPmu.exe
  2⤵
  PID:4644
- C:\Windows\System\fXuixYj.exe
  C:\Windows\System\fXuixYj.exe
  2⤵
  PID:4688
- C:\Windows\System\fNoIWEz.exe
  C:\Windows\System\fNoIWEz.exe
  2⤵
  PID:4724
- C:\Windows\System\JbqfuPS.exe
  C:\Windows\System\JbqfuPS.exe
  2⤵
  PID:4764
- C:\Windows\System\tIrofXU.exe
  C:\Windows\System\tIrofXU.exe
  2⤵
  PID:4792
- C:\Windows\System\sorCkSz.exe
  C:\Windows\System\sorCkSz.exe
  2⤵
  PID:4844
- C:\Windows\System\HecpitN.exe
  C:\Windows\System\HecpitN.exe
  2⤵
  PID:4864
- C:\Windows\System\CPoUKoH.exe
  C:\Windows\System\CPoUKoH.exe
  2⤵
  PID:4888
- C:\Windows\System\beXolEN.exe
  C:\Windows\System\beXolEN.exe
  2⤵
  PID:4932
- C:\Windows\System\aetZiAB.exe
  C:\Windows\System\aetZiAB.exe
  2⤵
  PID:4948
- C:\Windows\System\MYhoPAx.exe
  C:\Windows\System\MYhoPAx.exe
  2⤵
  PID:5004
- C:\Windows\System\xQvQDop.exe
  C:\Windows\System\xQvQDop.exe
  2⤵
  PID:5032
- C:\Windows\System\cxUhuVt.exe
  C:\Windows\System\cxUhuVt.exe
  2⤵
  PID:5064
- C:\Windows\System\ztCaEyt.exe
  C:\Windows\System\ztCaEyt.exe
  2⤵
  PID:5092
- C:\Windows\System\PDaMUMk.exe
  C:\Windows\System\PDaMUMk.exe
  2⤵
  PID:3648
- C:\Windows\System\oIakAsK.exe
  C:\Windows\System\oIakAsK.exe
  2⤵
  PID:3724
- C:\Windows\System\oKMpqqa.exe
  C:\Windows\System\oKMpqqa.exe
  2⤵
  PID:3860
- C:\Windows\System\sGHqtPG.exe
  C:\Windows\System\sGHqtPG.exe
  2⤵
  PID:3884
- C:\Windows\System\ZWeeDqd.exe
  C:\Windows\System\ZWeeDqd.exe
  2⤵
  PID:4000
- C:\Windows\System\AqLuEca.exe
  C:\Windows\System\AqLuEca.exe
  2⤵
  PID:4072
- C:\Windows\System\ODwtXhC.exe
  C:\Windows\System\ODwtXhC.exe
  2⤵
  PID:1108
- C:\Windows\System\KsolaDm.exe
  C:\Windows\System\KsolaDm.exe
  2⤵
  PID:1212
- C:\Windows\System\nxEiALM.exe
  C:\Windows\System\nxEiALM.exe
  2⤵
  PID:2668
- C:\Windows\System\wYkEDSo.exe
  C:\Windows\System\wYkEDSo.exe
  2⤵
  PID:3240
- C:\Windows\System\TzBNCLl.exe
  C:\Windows\System\TzBNCLl.exe
  2⤵
  PID:3364
- C:\Windows\System\RmCPpfe.exe
  C:\Windows\System\RmCPpfe.exe
  2⤵
  PID:3528
- C:\Windows\System\wAnTcRZ.exe
  C:\Windows\System\wAnTcRZ.exe
  2⤵
  PID:4144
- C:\Windows\System\mVkiQGe.exe
  C:\Windows\System\mVkiQGe.exe
  2⤵
  PID:4180
- C:\Windows\System\fPvCgvd.exe
  C:\Windows\System\fPvCgvd.exe
  2⤵
  PID:4224
- C:\Windows\System\CayEhBk.exe
  C:\Windows\System\CayEhBk.exe
  2⤵
  PID:4304
- C:\Windows\System\lNCWHaH.exe
  C:\Windows\System\lNCWHaH.exe
  2⤵
  PID:4380
- C:\Windows\System\LkQfsBS.exe
  C:\Windows\System\LkQfsBS.exe
  2⤵
  PID:4440
- C:\Windows\System\zEUzkCa.exe
  C:\Windows\System\zEUzkCa.exe
  2⤵
  PID:4424
- C:\Windows\System\BrpPxAZ.exe
  C:\Windows\System\BrpPxAZ.exe
  2⤵
  PID:4508
- C:\Windows\System\mqrNBPw.exe
  C:\Windows\System\mqrNBPw.exe
  2⤵
  PID:4580
- C:\Windows\System\zSuNRCw.exe
  C:\Windows\System\zSuNRCw.exe
  2⤵
  PID:4664
- C:\Windows\System\RBOIjiT.exe
  C:\Windows\System\RBOIjiT.exe
  2⤵
  PID:4704
- C:\Windows\System\kBJesKA.exe
  C:\Windows\System\kBJesKA.exe
  2⤵
  PID:4748
- C:\Windows\System\pFMfLlf.exe
  C:\Windows\System\pFMfLlf.exe
  2⤵
  PID:4768
- C:\Windows\System\DsSGzoK.exe
  C:\Windows\System\DsSGzoK.exe
  2⤵
  PID:4892
- C:\Windows\System\SIVTBcv.exe
  C:\Windows\System\SIVTBcv.exe
  2⤵
  PID:4944
- C:\Windows\System\mRYeban.exe
  C:\Windows\System\mRYeban.exe
  2⤵
  PID:4992
- C:\Windows\System\gQrZGtJ.exe
  C:\Windows\System\gQrZGtJ.exe
  2⤵
  PID:5048
- C:\Windows\System\HDxKvvb.exe
  C:\Windows\System\HDxKvvb.exe
  2⤵
  PID:5116
- C:\Windows\System\QAzaqIA.exe
  C:\Windows\System\QAzaqIA.exe
  2⤵
  PID:5140
- C:\Windows\System\pWRKMOZ.exe
  C:\Windows\System\pWRKMOZ.exe
  2⤵
  PID:5160
- C:\Windows\System\titkaBw.exe
  C:\Windows\System\titkaBw.exe
  2⤵
  PID:5180
- C:\Windows\System\GPvNEUd.exe
  C:\Windows\System\GPvNEUd.exe
  2⤵
  PID:5204
- C:\Windows\System\SDzEFBv.exe
  C:\Windows\System\SDzEFBv.exe
  2⤵
  PID:5224
- C:\Windows\System\KkJAKyP.exe
  C:\Windows\System\KkJAKyP.exe
  2⤵
  PID:5244
- C:\Windows\System\LZKMbAv.exe
  C:\Windows\System\LZKMbAv.exe
  2⤵
  PID:5264
- C:\Windows\System\pXeQDuz.exe
  C:\Windows\System\pXeQDuz.exe
  2⤵
  PID:5284
- C:\Windows\System\eDpVuMI.exe
  C:\Windows\System\eDpVuMI.exe
  2⤵
  PID:5304
- C:\Windows\System\cBtvDMq.exe
  C:\Windows\System\cBtvDMq.exe
  2⤵
  PID:5324
- C:\Windows\System\LQbHqtW.exe
  C:\Windows\System\LQbHqtW.exe
  2⤵
  PID:5344
- C:\Windows\System\egFCuay.exe
  C:\Windows\System\egFCuay.exe
  2⤵
  PID:5364
- C:\Windows\System\BHGMuGO.exe
  C:\Windows\System\BHGMuGO.exe
  2⤵
  PID:5384
- C:\Windows\System\TymtmEe.exe
  C:\Windows\System\TymtmEe.exe
  2⤵
  PID:5404
- C:\Windows\System\EFHIMjc.exe
  C:\Windows\System\EFHIMjc.exe
  2⤵
  PID:5424
- C:\Windows\System\IZSfhQw.exe
  C:\Windows\System\IZSfhQw.exe
  2⤵
  PID:5444
- C:\Windows\System\YfdFWZg.exe
  C:\Windows\System\YfdFWZg.exe
  2⤵
  PID:5464
- C:\Windows\System\AlYoSdH.exe
  C:\Windows\System\AlYoSdH.exe
  2⤵
  PID:5484
- C:\Windows\System\xpQLWGi.exe
  C:\Windows\System\xpQLWGi.exe
  2⤵
  PID:5504
- C:\Windows\System\BUjJnXP.exe
  C:\Windows\System\BUjJnXP.exe
  2⤵
  PID:5524
- C:\Windows\System\ZvkzxVJ.exe
  C:\Windows\System\ZvkzxVJ.exe
  2⤵
  PID:5544
- C:\Windows\System\wueDOGy.exe
  C:\Windows\System\wueDOGy.exe
  2⤵
  PID:5564
- C:\Windows\System\eoDLwKf.exe
  C:\Windows\System\eoDLwKf.exe
  2⤵
  PID:5584
- C:\Windows\System\IkrWXxj.exe
  C:\Windows\System\IkrWXxj.exe
  2⤵
  PID:5604
- C:\Windows\System\DdfNDbJ.exe
  C:\Windows\System\DdfNDbJ.exe
  2⤵
  PID:5624
- C:\Windows\System\KzXzjmm.exe
  C:\Windows\System\KzXzjmm.exe
  2⤵
  PID:5644
- C:\Windows\System\vrJuNbw.exe
  C:\Windows\System\vrJuNbw.exe
  2⤵
  PID:5664
- C:\Windows\System\EbAyATD.exe
  C:\Windows\System\EbAyATD.exe
  2⤵
  PID:5684
- C:\Windows\System\gHNaGrY.exe
  C:\Windows\System\gHNaGrY.exe
  2⤵
  PID:5704
- C:\Windows\System\cLuOmaa.exe
  C:\Windows\System\cLuOmaa.exe
  2⤵
  PID:5724
- C:\Windows\System\ORgaTpx.exe
  C:\Windows\System\ORgaTpx.exe
  2⤵
  PID:5744
- C:\Windows\System\gzyOhuJ.exe
  C:\Windows\System\gzyOhuJ.exe
  2⤵
  PID:5764
- C:\Windows\System\vyxkUSP.exe
  C:\Windows\System\vyxkUSP.exe
  2⤵
  PID:5784
- C:\Windows\System\fBnUYIV.exe
  C:\Windows\System\fBnUYIV.exe
  2⤵
  PID:5804
- C:\Windows\System\eTsEsHF.exe
  C:\Windows\System\eTsEsHF.exe
  2⤵
  PID:5824
- C:\Windows\System\PKvHovD.exe
  C:\Windows\System\PKvHovD.exe
  2⤵
  PID:5844
- C:\Windows\System\ipWZOoU.exe
  C:\Windows\System\ipWZOoU.exe
  2⤵
  PID:5864
- C:\Windows\System\vBeWjzd.exe
  C:\Windows\System\vBeWjzd.exe
  2⤵
  PID:5884
- C:\Windows\System\maBFtrZ.exe
  C:\Windows\System\maBFtrZ.exe
  2⤵
  PID:5904
- C:\Windows\System\WkkjDKA.exe
  C:\Windows\System\WkkjDKA.exe
  2⤵
  PID:5924
- C:\Windows\System\HoXnSDv.exe
  C:\Windows\System\HoXnSDv.exe
  2⤵
  PID:5944
- C:\Windows\System\TasotzF.exe
  C:\Windows\System\TasotzF.exe
  2⤵
  PID:5964
- C:\Windows\System\eguuXXQ.exe
  C:\Windows\System\eguuXXQ.exe
  2⤵
  PID:5984
- C:\Windows\System\VEYjQwT.exe
  C:\Windows\System\VEYjQwT.exe
  2⤵
  PID:6004
- C:\Windows\System\iWDpxWw.exe
  C:\Windows\System\iWDpxWw.exe
  2⤵
  PID:6024
- C:\Windows\System\dQjsXvT.exe
  C:\Windows\System\dQjsXvT.exe
  2⤵
  PID:6044
- C:\Windows\System\MwdUODF.exe
  C:\Windows\System\MwdUODF.exe
  2⤵
  PID:6064
- C:\Windows\System\mlOELfc.exe
  C:\Windows\System\mlOELfc.exe
  2⤵
  PID:6084
- C:\Windows\System\JBRaawZ.exe
  C:\Windows\System\JBRaawZ.exe
  2⤵
  PID:6108
- C:\Windows\System\mlMyYhp.exe
  C:\Windows\System\mlMyYhp.exe
  2⤵
  PID:6128
- C:\Windows\System\WOgsitT.exe
  C:\Windows\System\WOgsitT.exe
  2⤵
  PID:3708
- C:\Windows\System\QCwqixn.exe
  C:\Windows\System\QCwqixn.exe
  2⤵
  PID:3800
- C:\Windows\System\oCGiXhl.exe
  C:\Windows\System\oCGiXhl.exe
  2⤵
  PID:3948
- C:\Windows\System\QXVcAvh.exe
  C:\Windows\System\QXVcAvh.exe
  2⤵
  PID:4008
- C:\Windows\System\JsoeHUW.exe
  C:\Windows\System\JsoeHUW.exe
  2⤵
  PID:1748
- C:\Windows\System\hhpegKs.exe
  C:\Windows\System\hhpegKs.exe
  2⤵
  PID:3160
- C:\Windows\System\bwEwQuL.exe
  C:\Windows\System\bwEwQuL.exe
  2⤵
  PID:3460
- C:\Windows\System\CvUiQaT.exe
  C:\Windows\System\CvUiQaT.exe
  2⤵
  PID:4100
- C:\Windows\System\lELQYoS.exe
  C:\Windows\System\lELQYoS.exe
  2⤵
  PID:4204
- C:\Windows\System\JzIIBmp.exe
  C:\Windows\System\JzIIBmp.exe
  2⤵
  PID:4264
- C:\Windows\System\WzQSUFH.exe
  C:\Windows\System\WzQSUFH.exe
  2⤵
  PID:4388
- C:\Windows\System\nhnZDvX.exe
  C:\Windows\System\nhnZDvX.exe
  2⤵
  PID:4448
- C:\Windows\System\UBqsULK.exe
  C:\Windows\System\UBqsULK.exe
  2⤵
  PID:4584
- C:\Windows\System\idbXWhC.exe
  C:\Windows\System\idbXWhC.exe
  2⤵
  PID:4700
- C:\Windows\System\MkTWiXL.exe
  C:\Windows\System\MkTWiXL.exe
  2⤵
  PID:4804
- C:\Windows\System\zraRLmm.exe
  C:\Windows\System\zraRLmm.exe
  2⤵
  PID:4848
- C:\Windows\System\mjInKeG.exe
  C:\Windows\System\mjInKeG.exe
  2⤵
  PID:4924
- C:\Windows\System\KOQZjwS.exe
  C:\Windows\System\KOQZjwS.exe
  2⤵
  PID:5028
- C:\Windows\System\sxMbeGd.exe
  C:\Windows\System\sxMbeGd.exe
  2⤵
  PID:5148
- C:\Windows\System\rGLArqD.exe
  C:\Windows\System\rGLArqD.exe
  2⤵
  PID:5176
- C:\Windows\System\YrnKMYa.exe
  C:\Windows\System\YrnKMYa.exe
  2⤵
  PID:5212
- C:\Windows\System\cTEjlCD.exe
  C:\Windows\System\cTEjlCD.exe
  2⤵
  PID:5216
- C:\Windows\System\HCzVCGU.exe
  C:\Windows\System\HCzVCGU.exe
  2⤵
  PID:5276
- C:\Windows\System\FyYerJJ.exe
  C:\Windows\System\FyYerJJ.exe
  2⤵
  PID:5320
- C:\Windows\System\DuQHSNC.exe
  C:\Windows\System\DuQHSNC.exe
  2⤵
  PID:5360
- C:\Windows\System\qvTQDzs.exe
  C:\Windows\System\qvTQDzs.exe
  2⤵
  PID:5380
- C:\Windows\System\nfQFwqH.exe
  C:\Windows\System\nfQFwqH.exe
  2⤵
  PID:5432
- C:\Windows\System\PWUJNfK.exe
  C:\Windows\System\PWUJNfK.exe
  2⤵
  PID:5472
- C:\Windows\System\FhdSBjg.exe
  C:\Windows\System\FhdSBjg.exe
  2⤵
  PID:5476
- C:\Windows\System\cUPAWdf.exe
  C:\Windows\System\cUPAWdf.exe
  2⤵
  PID:5496
- C:\Windows\System\XJWWzLE.exe
  C:\Windows\System\XJWWzLE.exe
  2⤵
  PID:5536
- C:\Windows\System\CCPENgO.exe
  C:\Windows\System\CCPENgO.exe
  2⤵
  PID:5576
- C:\Windows\System\NgebAng.exe
  C:\Windows\System\NgebAng.exe
  2⤵
  PID:5632
- C:\Windows\System\jiboPMY.exe
  C:\Windows\System\jiboPMY.exe
  2⤵
  PID:5652
- C:\Windows\System\zklhCPc.exe
  C:\Windows\System\zklhCPc.exe
  2⤵
  PID:5676
- C:\Windows\System\cBJQzur.exe
  C:\Windows\System\cBJQzur.exe
  2⤵
  PID:5696
- C:\Windows\System\PEyLPSc.exe
  C:\Windows\System\PEyLPSc.exe
  2⤵
  PID:5736
- C:\Windows\System\MUGopAt.exe
  C:\Windows\System\MUGopAt.exe
  2⤵
  PID:5792
- C:\Windows\System\hCDODOM.exe
  C:\Windows\System\hCDODOM.exe
  2⤵
  PID:5820
- C:\Windows\System\ENIXYVc.exe
  C:\Windows\System\ENIXYVc.exe
  2⤵
  PID:5852
- C:\Windows\System\cNwqTKy.exe
  C:\Windows\System\cNwqTKy.exe
  2⤵
  PID:5876
- C:\Windows\System\doIOCdE.exe
  C:\Windows\System\doIOCdE.exe
  2⤵
  PID:5920
- C:\Windows\System\pbdDhxa.exe
  C:\Windows\System\pbdDhxa.exe
  2⤵
  PID:5952
- C:\Windows\System\lpHUShk.exe
  C:\Windows\System\lpHUShk.exe
  2⤵
  PID:5980
- C:\Windows\System\IqfhQYb.exe
  C:\Windows\System\IqfhQYb.exe
  2⤵
  PID:6040
- C:\Windows\System\LFbSygw.exe
  C:\Windows\System\LFbSygw.exe
  2⤵
  PID:6052
- C:\Windows\System\szhUbSP.exe
  C:\Windows\System\szhUbSP.exe
  2⤵
  PID:6076
- C:\Windows\System\vgtZxKk.exe
  C:\Windows\System\vgtZxKk.exe
  2⤵
  PID:6124
- C:\Windows\System\BdUgfHh.exe
  C:\Windows\System\BdUgfHh.exe
  2⤵
  PID:3740
- C:\Windows\System\UBknRgq.exe
  C:\Windows\System\UBknRgq.exe
  2⤵
  PID:3988
- C:\Windows\System\kSxcMRe.exe
  C:\Windows\System\kSxcMRe.exe
  2⤵
  PID:1488
- C:\Windows\System\VfoDXwC.exe
  C:\Windows\System\VfoDXwC.exe
  2⤵
  PID:3360
- C:\Windows\System\bGsmyyT.exe
  C:\Windows\System\bGsmyyT.exe
  2⤵
  PID:4116
- C:\Windows\System\gFzHFFd.exe
  C:\Windows\System\gFzHFFd.exe
  2⤵
  PID:4220
- C:\Windows\System\rdDpCVu.exe
  C:\Windows\System\rdDpCVu.exe
  2⤵
  PID:4504
- C:\Windows\System\AmSLmAM.exe
  C:\Windows\System\AmSLmAM.exe
  2⤵
  PID:4648
- C:\Windows\System\KBxZgHv.exe
  C:\Windows\System\KBxZgHv.exe
  2⤵
  PID:4828
- C:\Windows\System\ZNADhgx.exe
  C:\Windows\System\ZNADhgx.exe
  2⤵
  PID:4908
- C:\Windows\System\KHmEfcW.exe
  C:\Windows\System\KHmEfcW.exe
  2⤵
  PID:5068
- C:\Windows\System\dBXayJC.exe
  C:\Windows\System\dBXayJC.exe
  2⤵
  PID:5152
- C:\Windows\System\vcTHdHS.exe
  C:\Windows\System\vcTHdHS.exe
  2⤵
  PID:5220
- C:\Windows\System\XDNtRQL.exe
  C:\Windows\System\XDNtRQL.exe
  2⤵
  PID:5292
- C:\Windows\System\CnGIRvW.exe
  C:\Windows\System\CnGIRvW.exe
  2⤵
  PID:5332
- C:\Windows\System\zDEfbVO.exe
  C:\Windows\System\zDEfbVO.exe
  2⤵
  PID:5412
- C:\Windows\System\EOnyQwn.exe
  C:\Windows\System\EOnyQwn.exe
  2⤵
  PID:5460
- C:\Windows\System\roMlpEh.exe
  C:\Windows\System\roMlpEh.exe
  2⤵
  PID:5500
- C:\Windows\System\mRRLFbk.exe
  C:\Windows\System\mRRLFbk.exe
  2⤵
  PID:5580
- C:\Windows\System\xSAKLVn.exe
  C:\Windows\System\xSAKLVn.exe
  2⤵
  PID:5616
- C:\Windows\System\FexVvgr.exe
  C:\Windows\System\FexVvgr.exe
  2⤵
  PID:5656
- C:\Windows\System\PtEmOHn.exe
  C:\Windows\System\PtEmOHn.exe
  2⤵
  PID:5752
- C:\Windows\System\AnxAFjx.exe
  C:\Windows\System\AnxAFjx.exe
  2⤵
  PID:5776
- C:\Windows\System\EcYSqRJ.exe
  C:\Windows\System\EcYSqRJ.exe
  2⤵
  PID:5840
- C:\Windows\System\WehsrWM.exe
  C:\Windows\System\WehsrWM.exe
  2⤵
  PID:6160
- C:\Windows\System\BpdCLPV.exe
  C:\Windows\System\BpdCLPV.exe
  2⤵
  PID:6180
- C:\Windows\System\ubcxDpb.exe
  C:\Windows\System\ubcxDpb.exe
  2⤵
  PID:6200
- C:\Windows\System\bRlCPFZ.exe
  C:\Windows\System\bRlCPFZ.exe
  2⤵
  PID:6220
- C:\Windows\System\uTZQzPJ.exe
  C:\Windows\System\uTZQzPJ.exe
  2⤵
  PID:6240
- C:\Windows\System\OqPrgHW.exe
  C:\Windows\System\OqPrgHW.exe
  2⤵
  PID:6260
- C:\Windows\System\LFjKUXj.exe
  C:\Windows\System\LFjKUXj.exe
  2⤵
  PID:6280
- C:\Windows\System\KvloYCb.exe
  C:\Windows\System\KvloYCb.exe
  2⤵
  PID:6300
- C:\Windows\System\XmZosQs.exe
  C:\Windows\System\XmZosQs.exe
  2⤵
  PID:6320
- C:\Windows\System\hhtiKmC.exe
  C:\Windows\System\hhtiKmC.exe
  2⤵
  PID:6340
- C:\Windows\System\fhSqtIz.exe
  C:\Windows\System\fhSqtIz.exe
  2⤵
  PID:6360
- C:\Windows\System\qYZlVhp.exe
  C:\Windows\System\qYZlVhp.exe
  2⤵
  PID:6380
- C:\Windows\System\fhcBPNf.exe
  C:\Windows\System\fhcBPNf.exe
  2⤵
  PID:6400
- C:\Windows\System\VtXwqjW.exe
  C:\Windows\System\VtXwqjW.exe
  2⤵
  PID:6420
- C:\Windows\System\GdouGCC.exe
  C:\Windows\System\GdouGCC.exe
  2⤵
  PID:6440
- C:\Windows\System\LdgAZaA.exe
  C:\Windows\System\LdgAZaA.exe
  2⤵
  PID:6460
- C:\Windows\System\HCCpdVF.exe
  C:\Windows\System\HCCpdVF.exe
  2⤵
  PID:6480
- C:\Windows\System\xKNuhyh.exe
  C:\Windows\System\xKNuhyh.exe
  2⤵
  PID:6500
- C:\Windows\System\BRMVVDD.exe
  C:\Windows\System\BRMVVDD.exe
  2⤵
  PID:6520
- C:\Windows\System\aKvlQMg.exe
  C:\Windows\System\aKvlQMg.exe
  2⤵
  PID:6540
- C:\Windows\System\JavFmoW.exe
  C:\Windows\System\JavFmoW.exe
  2⤵
  PID:6560
- C:\Windows\System\hxlFJWp.exe
  C:\Windows\System\hxlFJWp.exe
  2⤵
  PID:6580
- C:\Windows\System\BjHghvi.exe
  C:\Windows\System\BjHghvi.exe
  2⤵
  PID:6600
- C:\Windows\System\hhzOPOJ.exe
  C:\Windows\System\hhzOPOJ.exe
  2⤵
  PID:6620
- C:\Windows\System\NUTmVRx.exe
  C:\Windows\System\NUTmVRx.exe
  2⤵
  PID:6640
- C:\Windows\System\koHoJAH.exe
  C:\Windows\System\koHoJAH.exe
  2⤵
  PID:6660
- C:\Windows\System\FTTKVGD.exe
  C:\Windows\System\FTTKVGD.exe
  2⤵
  PID:6680
- C:\Windows\System\bVwfdkK.exe
  C:\Windows\System\bVwfdkK.exe
  2⤵
  PID:6700
- C:\Windows\System\DkAkCxn.exe
  C:\Windows\System\DkAkCxn.exe
  2⤵
  PID:6720
- C:\Windows\System\FpnWfbZ.exe
  C:\Windows\System\FpnWfbZ.exe
  2⤵
  PID:6740
- C:\Windows\System\gDiCgat.exe
  C:\Windows\System\gDiCgat.exe
  2⤵
  PID:6760
- C:\Windows\System\uQPDQxx.exe
  C:\Windows\System\uQPDQxx.exe
  2⤵
  PID:6780
- C:\Windows\System\RGcxMFY.exe
  C:\Windows\System\RGcxMFY.exe
  2⤵
  PID:6800
- C:\Windows\System\VMbzAsD.exe
  C:\Windows\System\VMbzAsD.exe
  2⤵
  PID:6820
- C:\Windows\System\vMmTvMo.exe
  C:\Windows\System\vMmTvMo.exe
  2⤵
  PID:6840
- C:\Windows\System\EznjKDg.exe
  C:\Windows\System\EznjKDg.exe
  2⤵
  PID:6860
- C:\Windows\System\rzyOlpj.exe
  C:\Windows\System\rzyOlpj.exe
  2⤵
  PID:6880
- C:\Windows\System\bQuZdmX.exe
  C:\Windows\System\bQuZdmX.exe
  2⤵
  PID:6900
- C:\Windows\System\wMxBfXk.exe
  C:\Windows\System\wMxBfXk.exe
  2⤵
  PID:6920
- C:\Windows\System\kUhWmoj.exe
  C:\Windows\System\kUhWmoj.exe
  2⤵
  PID:6940
- C:\Windows\System\JRCLlKI.exe
  C:\Windows\System\JRCLlKI.exe
  2⤵
  PID:6960
- C:\Windows\System\NIZVGfC.exe
  C:\Windows\System\NIZVGfC.exe
  2⤵
  PID:6980
- C:\Windows\System\LZGZRPw.exe
  C:\Windows\System\LZGZRPw.exe
  2⤵
  PID:7000
- C:\Windows\System\hCaEzso.exe
  C:\Windows\System\hCaEzso.exe
  2⤵
  PID:7020
- C:\Windows\System\NuerZrq.exe
  C:\Windows\System\NuerZrq.exe
  2⤵
  PID:7040
- C:\Windows\System\XlDyVgl.exe
  C:\Windows\System\XlDyVgl.exe
  2⤵
  PID:7060
- C:\Windows\System\BuuIqQv.exe
  C:\Windows\System\BuuIqQv.exe
  2⤵
  PID:7080
- C:\Windows\System\tYdllBu.exe
  C:\Windows\System\tYdllBu.exe
  2⤵
  PID:7100
- C:\Windows\System\uNuvRji.exe
  C:\Windows\System\uNuvRji.exe
  2⤵
  PID:7120
- C:\Windows\System\rZshfaU.exe
  C:\Windows\System\rZshfaU.exe
  2⤵
  PID:7140
- C:\Windows\System\XebyIzM.exe
  C:\Windows\System\XebyIzM.exe
  2⤵
  PID:7160
- C:\Windows\System\GTTmuGH.exe
  C:\Windows\System\GTTmuGH.exe
  2⤵
  PID:5912
- C:\Windows\System\EVNagaB.exe
  C:\Windows\System\EVNagaB.exe
  2⤵
  PID:5956
- C:\Windows\System\UTqRyFh.exe
  C:\Windows\System\UTqRyFh.exe
  2⤵
  PID:5976
- C:\Windows\System\BdjGhYV.exe
  C:\Windows\System\BdjGhYV.exe
  2⤵
  PID:6056
- C:\Windows\System\IMdrwtL.exe
  C:\Windows\System\IMdrwtL.exe
  2⤵
  PID:3620
- C:\Windows\System\WgpvMwL.exe
  C:\Windows\System\WgpvMwL.exe
  2⤵
  PID:4040
- C:\Windows\System\JSkihAc.exe
  C:\Windows\System\JSkihAc.exe
  2⤵
  PID:2440
- C:\Windows\System\InjESSn.exe
  C:\Windows\System\InjESSn.exe
  2⤵
  PID:4244
- C:\Windows\System\BezVfcL.exe
  C:\Windows\System\BezVfcL.exe
  2⤵
  PID:4524
- C:\Windows\System\NMZQGFs.exe
  C:\Windows\System\NMZQGFs.exe
  2⤵
  PID:4744
- C:\Windows\System\KwGMHUV.exe
  C:\Windows\System\KwGMHUV.exe
  2⤵
  PID:5052
- C:\Windows\System\HaCSObI.exe
  C:\Windows\System\HaCSObI.exe
  2⤵
  PID:5192
- C:\Windows\System\jWlZoVS.exe
  C:\Windows\System\jWlZoVS.exe
  2⤵
  PID:5280
- C:\Windows\System\Aukbldm.exe
  C:\Windows\System\Aukbldm.exe
  2⤵
  PID:5376
- C:\Windows\System\AMXGiVa.exe
  C:\Windows\System\AMXGiVa.exe
  2⤵
  PID:5440
- C:\Windows\System\uOvrwOn.exe
  C:\Windows\System\uOvrwOn.exe
  2⤵
  PID:5556
- C:\Windows\System\GQPHkac.exe
  C:\Windows\System\GQPHkac.exe
  2⤵
  PID:5540
- C:\Windows\System\vsLpmdd.exe
  C:\Windows\System\vsLpmdd.exe
  2⤵
  PID:5660
- C:\Windows\System\aosikVc.exe
  C:\Windows\System\aosikVc.exe
  2⤵
  PID:5836
- C:\Windows\System\IejIGGh.exe
  C:\Windows\System\IejIGGh.exe
  2⤵
  PID:6168
- C:\Windows\System\ZAdiUzM.exe
  C:\Windows\System\ZAdiUzM.exe
  2⤵
  PID:6196
- C:\Windows\System\eTkBxWW.exe
  C:\Windows\System\eTkBxWW.exe
  2⤵
  PID:6228
- C:\Windows\System\rchoOif.exe
  C:\Windows\System\rchoOif.exe
  2⤵
  PID:6252
- C:\Windows\System\afxbYac.exe
  C:\Windows\System\afxbYac.exe
  2⤵
  PID:6296
- C:\Windows\System\THfsHKw.exe
  C:\Windows\System\THfsHKw.exe
  2⤵
  PID:6312
- C:\Windows\System\RLQhJSx.exe
  C:\Windows\System\RLQhJSx.exe
  2⤵
  PID:6368
- C:\Windows\System\SlEVuQQ.exe
  C:\Windows\System\SlEVuQQ.exe
  2⤵
  PID:6408
- C:\Windows\System\sYJorRy.exe
  C:\Windows\System\sYJorRy.exe
  2⤵
  PID:6428
- C:\Windows\System\BzyKynH.exe
  C:\Windows\System\BzyKynH.exe
  2⤵
  PID:6452
- C:\Windows\System\rFxvTVY.exe
  C:\Windows\System\rFxvTVY.exe
  2⤵
  PID:6472
- C:\Windows\System\rUGyjzj.exe
  C:\Windows\System\rUGyjzj.exe
  2⤵
  PID:6512
- C:\Windows\System\zmepxEa.exe
  C:\Windows\System\zmepxEa.exe
  2⤵
  PID:6552
- C:\Windows\System\TlRfwHD.exe
  C:\Windows\System\TlRfwHD.exe
  2⤵
  PID:6596
- C:\Windows\System\gyNaPYy.exe
  C:\Windows\System\gyNaPYy.exe
  2⤵
  PID:6628
- C:\Windows\System\nNpFfTa.exe
  C:\Windows\System\nNpFfTa.exe
  2⤵
  PID:6652
- C:\Windows\System\iZsibeC.exe
  C:\Windows\System\iZsibeC.exe
  2⤵
  PID:6696
- C:\Windows\System\QSBoTQM.exe
  C:\Windows\System\QSBoTQM.exe
  2⤵
  PID:6712
- C:\Windows\System\trBUBOD.exe
  C:\Windows\System\trBUBOD.exe
  2⤵
  PID:6748
- C:\Windows\System\bynanRc.exe
  C:\Windows\System\bynanRc.exe
  2⤵
  PID:6808
- C:\Windows\System\vbDOfUx.exe
  C:\Windows\System\vbDOfUx.exe
  2⤵
  PID:6828
- C:\Windows\System\cwLCDIS.exe
  C:\Windows\System\cwLCDIS.exe
  2⤵
  PID:6852
- C:\Windows\System\ykeiaBH.exe
  C:\Windows\System\ykeiaBH.exe
  2⤵
  PID:6896
- C:\Windows\System\ilFaXuK.exe
  C:\Windows\System\ilFaXuK.exe
  2⤵
  PID:6928
- C:\Windows\System\fkdCCRn.exe
  C:\Windows\System\fkdCCRn.exe
  2⤵
  PID:6952
- C:\Windows\System\eqDVuZH.exe
  C:\Windows\System\eqDVuZH.exe
  2⤵
  PID:6996
- C:\Windows\System\PhuELcd.exe
  C:\Windows\System\PhuELcd.exe
  2⤵
  PID:7036
- C:\Windows\System\rFbRwGb.exe
  C:\Windows\System\rFbRwGb.exe
  2⤵
  PID:7068
- C:\Windows\System\qUpvXHd.exe
  C:\Windows\System\qUpvXHd.exe
  2⤵
  PID:7092
- C:\Windows\System\eFfvDny.exe
  C:\Windows\System\eFfvDny.exe
  2⤵
  PID:7136
- C:\Windows\System\uBUDzow.exe
  C:\Windows\System\uBUDzow.exe
  2⤵
  PID:5872
- C:\Windows\System\cayEbAK.exe
  C:\Windows\System\cayEbAK.exe
  2⤵
  PID:5940
- C:\Windows\System\HlkTDHn.exe
  C:\Windows\System\HlkTDHn.exe
  2⤵
  PID:6080
- C:\Windows\System\ufmRhmJ.exe
  C:\Windows\System\ufmRhmJ.exe
  2⤵
  PID:3868
- C:\Windows\System\WIaxVaw.exe
  C:\Windows\System\WIaxVaw.exe
  2⤵
  PID:1884
- C:\Windows\System\PbVXxUY.exe
  C:\Windows\System\PbVXxUY.exe
  2⤵
  PID:4340
- C:\Windows\System\DqUCNNl.exe
  C:\Windows\System\DqUCNNl.exe
  2⤵
  PID:5024
- C:\Windows\System\IIUTXiY.exe
  C:\Windows\System\IIUTXiY.exe
  2⤵
  PID:5168
- C:\Windows\System\vOgdkGr.exe
  C:\Windows\System\vOgdkGr.exe
  2⤵
  PID:5392
- C:\Windows\System\WSUFkXm.exe
  C:\Windows\System\WSUFkXm.exe
  2⤵
  PID:2536
- C:\Windows\System\ufIdzVe.exe
  C:\Windows\System\ufIdzVe.exe
  2⤵
  PID:5596
- C:\Windows\System\MgWaDeh.exe
  C:\Windows\System\MgWaDeh.exe
  2⤵
  PID:5720
- C:\Windows\System\zyMAXXp.exe
  C:\Windows\System\zyMAXXp.exe
  2⤵
  PID:6188
- C:\Windows\System\QOvnJWB.exe
  C:\Windows\System\QOvnJWB.exe
  2⤵
  PID:6256
- C:\Windows\System\UwhLXqx.exe
  C:\Windows\System\UwhLXqx.exe
  2⤵
  PID:6288
- C:\Windows\System\vRHyaQt.exe
  C:\Windows\System\vRHyaQt.exe
  2⤵
  PID:6328
- C:\Windows\System\AdyPMvB.exe
  C:\Windows\System\AdyPMvB.exe
  2⤵
  PID:6372
- C:\Windows\System\RCNwJjm.exe
  C:\Windows\System\RCNwJjm.exe
  2⤵
  PID:6456
- C:\Windows\System\APfNtHp.exe
  C:\Windows\System\APfNtHp.exe
  2⤵
  PID:6476
- C:\Windows\System\hurKkKz.exe
  C:\Windows\System\hurKkKz.exe
  2⤵
  PID:6576
- C:\Windows\System\NzQnfMO.exe
  C:\Windows\System\NzQnfMO.exe
  2⤵
  PID:6648
- C:\Windows\System\mQPoNft.exe
  C:\Windows\System\mQPoNft.exe
  2⤵
  PID:6708
- C:\Windows\System\fThkdlJ.exe
  C:\Windows\System\fThkdlJ.exe
  2⤵
  PID:6728
- C:\Windows\System\kFVaYJU.exe
  C:\Windows\System\kFVaYJU.exe
  2⤵
  PID:6776
- C:\Windows\System\vOBVWtY.exe
  C:\Windows\System\vOBVWtY.exe
  2⤵
  PID:6832
- C:\Windows\System\WhROzlv.exe
  C:\Windows\System\WhROzlv.exe
  2⤵
  PID:6908
- C:\Windows\System\hZKtVZZ.exe
  C:\Windows\System\hZKtVZZ.exe
  2⤵
  PID:6956
- C:\Windows\System\qnQbbCn.exe
  C:\Windows\System\qnQbbCn.exe
  2⤵
  PID:7016
- C:\Windows\System\iYllaAb.exe
  C:\Windows\System\iYllaAb.exe
  2⤵
  PID:7056
- C:\Windows\System\KrIqVeN.exe
  C:\Windows\System\KrIqVeN.exe
  2⤵
  PID:7072
- C:\Windows\System\cbeogXy.exe
  C:\Windows\System\cbeogXy.exe
  2⤵
  PID:7156
- C:\Windows\System\TEFqJdQ.exe
  C:\Windows\System\TEFqJdQ.exe
  2⤵
  PID:5996
- C:\Windows\System\PFlXetP.exe
  C:\Windows\System\PFlXetP.exe
  2⤵
  PID:7184
- C:\Windows\System\ztIsfkj.exe
  C:\Windows\System\ztIsfkj.exe
  2⤵
  PID:7204
- C:\Windows\System\sfOuorB.exe
  C:\Windows\System\sfOuorB.exe
  2⤵
  PID:7224
- C:\Windows\System\hMXbmnQ.exe
  C:\Windows\System\hMXbmnQ.exe
  2⤵
  PID:7244
- C:\Windows\System\ZvIEZXL.exe
  C:\Windows\System\ZvIEZXL.exe
  2⤵
  PID:7264
- C:\Windows\System\HTlLyZV.exe
  C:\Windows\System\HTlLyZV.exe
  2⤵
  PID:7284
- C:\Windows\System\SPjEVsh.exe
  C:\Windows\System\SPjEVsh.exe
  2⤵
  PID:7304
- C:\Windows\System\MOILeVo.exe
  C:\Windows\System\MOILeVo.exe
  2⤵
  PID:7324
- C:\Windows\System\OlEOdYl.exe
  C:\Windows\System\OlEOdYl.exe
  2⤵
  PID:7344
- C:\Windows\System\QzjJkRe.exe
  C:\Windows\System\QzjJkRe.exe
  2⤵
  PID:7364
- C:\Windows\System\QzxrktD.exe
  C:\Windows\System\QzxrktD.exe
  2⤵
  PID:7384
- C:\Windows\System\TCePBYp.exe
  C:\Windows\System\TCePBYp.exe
  2⤵
  PID:7404
- C:\Windows\System\xZewTNC.exe
  C:\Windows\System\xZewTNC.exe
  2⤵
  PID:7424
- C:\Windows\System\PLPzOSC.exe
  C:\Windows\System\PLPzOSC.exe
  2⤵
  PID:7444
- C:\Windows\System\bshHAFV.exe
  C:\Windows\System\bshHAFV.exe
  2⤵
  PID:7464
- C:\Windows\System\ntGilBg.exe
  C:\Windows\System\ntGilBg.exe
  2⤵
  PID:7484
- C:\Windows\System\FeSfmCf.exe
  C:\Windows\System\FeSfmCf.exe
  2⤵
  PID:7508
- C:\Windows\System\dSGYoAw.exe
  C:\Windows\System\dSGYoAw.exe
  2⤵
  PID:7528
- C:\Windows\System\uvoOpyf.exe
  C:\Windows\System\uvoOpyf.exe
  2⤵
  PID:7548
- C:\Windows\System\gSUpeOG.exe
  C:\Windows\System\gSUpeOG.exe
  2⤵
  PID:7568
- C:\Windows\System\mwlWvMw.exe
  C:\Windows\System\mwlWvMw.exe
  2⤵
  PID:7588
- C:\Windows\System\hwqotte.exe
  C:\Windows\System\hwqotte.exe
  2⤵
  PID:7608
- C:\Windows\System\mWtlkjn.exe
  C:\Windows\System\mWtlkjn.exe
  2⤵
  PID:7628
- C:\Windows\System\woxPaHg.exe
  C:\Windows\System\woxPaHg.exe
  2⤵
  PID:7644
- C:\Windows\System\kFoFvMa.exe
  C:\Windows\System\kFoFvMa.exe
  2⤵
  PID:7668
- C:\Windows\System\cnlimda.exe
  C:\Windows\System\cnlimda.exe
  2⤵
  PID:7688
- C:\Windows\System\cWzPNGq.exe
  C:\Windows\System\cWzPNGq.exe
  2⤵
  PID:7708
- C:\Windows\System\tWpmPug.exe
  C:\Windows\System\tWpmPug.exe
  2⤵
  PID:7728
- C:\Windows\System\dqWptjT.exe
  C:\Windows\System\dqWptjT.exe
  2⤵
  PID:7744
- C:\Windows\System\ceJdvmV.exe
  C:\Windows\System\ceJdvmV.exe
  2⤵
  PID:7768
- C:\Windows\System\GSSNSOC.exe
  C:\Windows\System\GSSNSOC.exe
  2⤵
  PID:7788
- C:\Windows\System\GfKkRFe.exe
  C:\Windows\System\GfKkRFe.exe
  2⤵
  PID:7808
- C:\Windows\System\PWGmFxy.exe
  C:\Windows\System\PWGmFxy.exe
  2⤵
  PID:7828
- C:\Windows\System\pKAmfvQ.exe
  C:\Windows\System\pKAmfvQ.exe
  2⤵
  PID:7852
- C:\Windows\System\gaHWAZw.exe
  C:\Windows\System\gaHWAZw.exe
  2⤵
  PID:7872
- C:\Windows\System\UMNQrds.exe
  C:\Windows\System\UMNQrds.exe
  2⤵
  PID:7892
- C:\Windows\System\rILywyH.exe
  C:\Windows\System\rILywyH.exe
  2⤵
  PID:7912
- C:\Windows\System\RStvHAH.exe
  C:\Windows\System\RStvHAH.exe
  2⤵
  PID:7932
- C:\Windows\System\XSJPLbu.exe
  C:\Windows\System\XSJPLbu.exe
  2⤵
  PID:7952
- C:\Windows\System\ODJUUSR.exe
  C:\Windows\System\ODJUUSR.exe
  2⤵
  PID:7972
- C:\Windows\System\vbCFUTC.exe
  C:\Windows\System\vbCFUTC.exe
  2⤵
  PID:7992
- C:\Windows\System\KBwepqW.exe
  C:\Windows\System\KBwepqW.exe
  2⤵
  PID:8012
- C:\Windows\System\ClripFe.exe
  C:\Windows\System\ClripFe.exe
  2⤵
  PID:8032
- C:\Windows\System\rnovEju.exe
  C:\Windows\System\rnovEju.exe
  2⤵
  PID:8052
- C:\Windows\System\JlQlhfP.exe
  C:\Windows\System\JlQlhfP.exe
  2⤵
  PID:8072
- C:\Windows\System\LjhaAQb.exe
  C:\Windows\System\LjhaAQb.exe
  2⤵
  PID:8092
- C:\Windows\System\NPhbVxa.exe
  C:\Windows\System\NPhbVxa.exe
  2⤵
  PID:8112
- C:\Windows\System\WXWHLNZ.exe
  C:\Windows\System\WXWHLNZ.exe
  2⤵
  PID:8132
- C:\Windows\System\LafZwtj.exe
  C:\Windows\System\LafZwtj.exe
  2⤵
  PID:8152
- C:\Windows\System\oGZbLMT.exe
  C:\Windows\System\oGZbLMT.exe
  2⤵
  PID:8172
- C:\Windows\System\cVveTNj.exe
  C:\Windows\System\cVveTNj.exe
  2⤵
  PID:3668
- C:\Windows\System\cSQRiyD.exe
  C:\Windows\System\cSQRiyD.exe
  2⤵
  PID:3084
- C:\Windows\System\JVQGdkN.exe
  C:\Windows\System\JVQGdkN.exe
  2⤵
  PID:4624
- C:\Windows\System\ZiOCqAo.exe
  C:\Windows\System\ZiOCqAo.exe
  2⤵
  PID:5396
- C:\Windows\System\WpiyLwn.exe
  C:\Windows\System\WpiyLwn.exe
  2⤵
  PID:5600
- C:\Windows\System\BdTbRBj.exe
  C:\Windows\System\BdTbRBj.exe
  2⤵
  PID:5796
- C:\Windows\System\ocULjjd.exe
  C:\Windows\System\ocULjjd.exe
  2⤵
  PID:6156
- C:\Windows\System\ikqMVuh.exe
  C:\Windows\System\ikqMVuh.exe
  2⤵
  PID:6232
- C:\Windows\System\ptbJfdf.exe
  C:\Windows\System\ptbJfdf.exe
  2⤵
  PID:6388
- C:\Windows\System\TGdECSA.exe
  C:\Windows\System\TGdECSA.exe
  2⤵
  PID:6508
- C:\Windows\System\ZcYaVkw.exe
  C:\Windows\System\ZcYaVkw.exe
  2⤵
  PID:6548
- C:\Windows\System\euIImRa.exe
  C:\Windows\System\euIImRa.exe
  2⤵
  PID:2560
- C:\Windows\System\VWQsyhZ.exe
  C:\Windows\System\VWQsyhZ.exe
  2⤵
  PID:6732
- C:\Windows\System\DQmmfmr.exe
  C:\Windows\System\DQmmfmr.exe
  2⤵
  PID:6888
- C:\Windows\System\RXLODIq.exe
  C:\Windows\System\RXLODIq.exe
  2⤵
  PID:6932
- C:\Windows\System\BoUdZaR.exe
  C:\Windows\System\BoUdZaR.exe
  2⤵
  PID:7012
- C:\Windows\System\GkJeXaH.exe
  C:\Windows\System\GkJeXaH.exe
  2⤵
  PID:5932
- C:\Windows\System\OujnXLs.exe
  C:\Windows\System\OujnXLs.exe
  2⤵
  PID:6072
- C:\Windows\System\FMmzXNU.exe
  C:\Windows\System\FMmzXNU.exe
  2⤵
  PID:7200
- C:\Windows\System\uiFjjBO.exe
  C:\Windows\System\uiFjjBO.exe
  2⤵
  PID:7220
- C:\Windows\System\rCunoWW.exe
  C:\Windows\System\rCunoWW.exe
  2⤵
  PID:7280
- C:\Windows\System\HBxYiya.exe
  C:\Windows\System\HBxYiya.exe
  2⤵
  PID:7296
- C:\Windows\System\NTHYhgC.exe
  C:\Windows\System\NTHYhgC.exe
  2⤵
  PID:7352
- C:\Windows\System\mILwcHM.exe
  C:\Windows\System\mILwcHM.exe
  2⤵
  PID:7372
- C:\Windows\System\frlrmUy.exe
  C:\Windows\System\frlrmUy.exe
  2⤵
  PID:7376
- C:\Windows\System\HjDKHpq.exe
  C:\Windows\System\HjDKHpq.exe
  2⤵
  PID:7416
- C:\Windows\System\jgtkKxM.exe
  C:\Windows\System\jgtkKxM.exe
  2⤵
  PID:7456
- C:\Windows\System\yWvFFQT.exe
  C:\Windows\System\yWvFFQT.exe
  2⤵
  PID:7500
- C:\Windows\System\LxCpFDk.exe
  C:\Windows\System\LxCpFDk.exe
  2⤵
  PID:7556
- C:\Windows\System\deLCaoj.exe
  C:\Windows\System\deLCaoj.exe
  2⤵
  PID:7560
- C:\Windows\System\hnGWoCK.exe
  C:\Windows\System\hnGWoCK.exe
  2⤵
  PID:7604
- C:\Windows\System\rRhOPip.exe
  C:\Windows\System\rRhOPip.exe
  2⤵
  PID:7620
- C:\Windows\System\MtsPVFq.exe
  C:\Windows\System\MtsPVFq.exe
  2⤵
  PID:7656
- C:\Windows\System\RvOpUtw.exe
  C:\Windows\System\RvOpUtw.exe
  2⤵
  PID:7704
- C:\Windows\System\YjyGIGR.exe
  C:\Windows\System\YjyGIGR.exe
  2⤵
  PID:7736
- C:\Windows\System\NOgvEnN.exe
  C:\Windows\System\NOgvEnN.exe
  2⤵
  PID:7756
- C:\Windows\System\WboIbKg.exe
  C:\Windows\System\WboIbKg.exe
  2⤵
  PID:7804
- C:\Windows\System\boLVqrQ.exe
  C:\Windows\System\boLVqrQ.exe
  2⤵
  PID:7848
- C:\Windows\System\IdqqMNd.exe
  C:\Windows\System\IdqqMNd.exe
  2⤵
  PID:7864
- C:\Windows\System\XrDUjhy.exe
  C:\Windows\System\XrDUjhy.exe
  2⤵
  PID:7928
- C:\Windows\System\oHBaQhU.exe
  C:\Windows\System\oHBaQhU.exe
  2⤵
  PID:7940
- C:\Windows\System\uUNHfKM.exe
  C:\Windows\System\uUNHfKM.exe
  2⤵
  PID:7948
- C:\Windows\System\QpraxOc.exe
  C:\Windows\System\QpraxOc.exe
  2⤵
  PID:8000
- C:\Windows\System\cbsloUt.exe
  C:\Windows\System\cbsloUt.exe
  2⤵
  PID:8048
- C:\Windows\System\OSkXcOr.exe
  C:\Windows\System\OSkXcOr.exe
  2⤵
  PID:8068
- C:\Windows\System\BtVPYJr.exe
  C:\Windows\System\BtVPYJr.exe
  2⤵
  PID:8084
- C:\Windows\System\GAUuIxT.exe
  C:\Windows\System\GAUuIxT.exe
  2⤵
  PID:8124
- C:\Windows\System\DwUqalu.exe
  C:\Windows\System\DwUqalu.exe
  2⤵
  PID:8168
- C:\Windows\System\XHCaihC.exe
  C:\Windows\System\XHCaihC.exe
  2⤵
  PID:3844
- C:\Windows\System\jHuWrPR.exe
  C:\Windows\System\jHuWrPR.exe
  2⤵
  PID:5128
- C:\Windows\System\hPmHCil.exe
  C:\Windows\System\hPmHCil.exe
  2⤵
  PID:5732
- C:\Windows\System\dOpzPxc.exe
  C:\Windows\System\dOpzPxc.exe
  2⤵
  PID:6276
- C:\Windows\System\IciCAda.exe
  C:\Windows\System\IciCAda.exe
  2⤵
  PID:6216
- C:\Windows\System\KSBVioY.exe
  C:\Windows\System\KSBVioY.exe
  2⤵
  PID:6496
- C:\Windows\System\KzvaMvO.exe
  C:\Windows\System\KzvaMvO.exe
  2⤵
  PID:6416
- C:\Windows\System\DzlCZyF.exe
  C:\Windows\System\DzlCZyF.exe
  2⤵
  PID:6848
- C:\Windows\System\UmtRzaP.exe
  C:\Windows\System\UmtRzaP.exe
  2⤵
  PID:7008
- C:\Windows\System\fLUejRE.exe
  C:\Windows\System\fLUejRE.exe
  2⤵
  PID:6716
- C:\Windows\System\nHCghPd.exe
  C:\Windows\System\nHCghPd.exe
  2⤵
  PID:7128
- C:\Windows\System\CsQHclH.exe
  C:\Windows\System\CsQHclH.exe
  2⤵
  PID:7212
- C:\Windows\System\kBDaRZz.exe
  C:\Windows\System\kBDaRZz.exe
  2⤵
  PID:7300
- C:\Windows\System\Ahxatfu.exe
  C:\Windows\System\Ahxatfu.exe
  2⤵
  PID:7180
- C:\Windows\System\omXomif.exe
  C:\Windows\System\omXomif.exe
  2⤵
  PID:7356
- C:\Windows\System\LcflwSM.exe
  C:\Windows\System\LcflwSM.exe
  2⤵
  PID:7420
- C:\Windows\System\gXPfAtT.exe
  C:\Windows\System\gXPfAtT.exe
  2⤵
  PID:7476
- C:\Windows\System\LVqKLHr.exe
  C:\Windows\System\LVqKLHr.exe
  2⤵
  PID:7396
- C:\Windows\System\hSOQxgj.exe
  C:\Windows\System\hSOQxgj.exe
  2⤵
  PID:7536
- C:\Windows\System\mgNaQvN.exe
  C:\Windows\System\mgNaQvN.exe
  2⤵
  PID:7636
- C:\Windows\System\yxkwzXk.exe
  C:\Windows\System\yxkwzXk.exe
  2⤵
  PID:7680
- C:\Windows\System\BdxWrHz.exe
  C:\Windows\System\BdxWrHz.exe
  2⤵
  PID:7716
- C:\Windows\System\jfEWJPX.exe
  C:\Windows\System\jfEWJPX.exe
  2⤵
  PID:7824
- C:\Windows\System\nZowqkX.exe
  C:\Windows\System\nZowqkX.exe
  2⤵
  PID:7888
- C:\Windows\System\EoemDzX.exe
  C:\Windows\System\EoemDzX.exe
  2⤵
  PID:7860
- C:\Windows\System\HHAkjWg.exe
  C:\Windows\System\HHAkjWg.exe
  2⤵
  PID:7868
- C:\Windows\System\MKECKLZ.exe
  C:\Windows\System\MKECKLZ.exe
  2⤵
  PID:7964
- C:\Windows\System\hxYHeyl.exe
  C:\Windows\System\hxYHeyl.exe
  2⤵
  PID:8020
- C:\Windows\System\crfbEOc.exe
  C:\Windows\System\crfbEOc.exe
  2⤵
  PID:7980
- C:\Windows\System\lVzbCWG.exe
  C:\Windows\System\lVzbCWG.exe
  2⤵
  PID:8120
- C:\Windows\System\edpegQn.exe
  C:\Windows\System\edpegQn.exe
  2⤵
  PID:4104
- C:\Windows\System\rtfWtNj.exe
  C:\Windows\System\rtfWtNj.exe
  2⤵
  PID:6436
- C:\Windows\System\rCfbrbi.exe
  C:\Windows\System\rCfbrbi.exe
  2⤵
  PID:8180
- C:\Windows\System\HGhjzMr.exe
  C:\Windows\System\HGhjzMr.exe
  2⤵
  PID:6792
- C:\Windows\System\RQSxkXA.exe
  C:\Windows\System\RQSxkXA.exe
  2⤵
  PID:4952
- C:\Windows\System\LZZcVwX.exe
  C:\Windows\System\LZZcVwX.exe
  2⤵
  PID:5316
- C:\Windows\System\YzOyuYu.exe
  C:\Windows\System\YzOyuYu.exe
  2⤵
  PID:2552
- C:\Windows\System\oIyamFe.exe
  C:\Windows\System\oIyamFe.exe
  2⤵
  PID:6572
- C:\Windows\System\fqSvmDF.exe
  C:\Windows\System\fqSvmDF.exe
  2⤵
  PID:7176
- C:\Windows\System\ZiteAod.exe
  C:\Windows\System\ZiteAod.exe
  2⤵
  PID:7516
- C:\Windows\System\ZuRMVgq.exe
  C:\Windows\System\ZuRMVgq.exe
  2⤵
  PID:2436
- C:\Windows\System\HbaNwvr.exe
  C:\Windows\System\HbaNwvr.exe
  2⤵
  PID:7596
- C:\Windows\System\hkaXXxq.exe
  C:\Windows\System\hkaXXxq.exe
  2⤵
  PID:7652
- C:\Windows\System\fdTIJzu.exe
  C:\Windows\System\fdTIJzu.exe
  2⤵
  PID:7820
- C:\Windows\System\bvtqZkn.exe
  C:\Windows\System\bvtqZkn.exe
  2⤵
  PID:8004
- C:\Windows\System\yWoDomH.exe
  C:\Windows\System\yWoDomH.exe
  2⤵
  PID:7440
- C:\Windows\System\goLxQEr.exe
  C:\Windows\System\goLxQEr.exe
  2⤵
  PID:7316
- C:\Windows\System\DPujBwR.exe
  C:\Windows\System\DPujBwR.exe
  2⤵
  PID:7452
- C:\Windows\System\kTvWVla.exe
  C:\Windows\System\kTvWVla.exe
  2⤵
  PID:748
- C:\Windows\System\izIQcER.exe
  C:\Windows\System\izIQcER.exe
  2⤵
  PID:7816
- C:\Windows\System\jsZKUYx.exe
  C:\Windows\System\jsZKUYx.exe
  2⤵
  PID:3008
- C:\Windows\System\EcPYQvG.exe
  C:\Windows\System\EcPYQvG.exe
  2⤵
  PID:2772
- C:\Windows\System\vexpxJt.exe
  C:\Windows\System\vexpxJt.exe
  2⤵
  PID:2972
- C:\Windows\System\QAwwqCV.exe
  C:\Windows\System\QAwwqCV.exe
  2⤵
  PID:8144
- C:\Windows\System\KBfreAj.exe
  C:\Windows\System\KBfreAj.exe
  2⤵
  PID:2764
- C:\Windows\System\eNWivkd.exe
  C:\Windows\System\eNWivkd.exe
  2⤵
  PID:2856
- C:\Windows\System\utjtoGP.exe
  C:\Windows\System\utjtoGP.exe
  2⤵
  PID:7148
- C:\Windows\System\DAevtCM.exe
  C:\Windows\System\DAevtCM.exe
  2⤵
  PID:8148
- C:\Windows\System\EuGOcNA.exe
  C:\Windows\System\EuGOcNA.exe
  2⤵
  PID:7172
- C:\Windows\System\OcuudIO.exe
  C:\Windows\System\OcuudIO.exe
  2⤵
  PID:7460
- C:\Windows\System\zIUDVNz.exe
  C:\Windows\System\zIUDVNz.exe
  2⤵
  PID:5780
- C:\Windows\System\TbYKrzV.exe
  C:\Windows\System\TbYKrzV.exe
  2⤵
  PID:7968
- C:\Windows\System\NCNzQKg.exe
  C:\Windows\System\NCNzQKg.exe
  2⤵
  PID:6912
- C:\Windows\System\hEFaYwr.exe
  C:\Windows\System\hEFaYwr.exe
  2⤵
  PID:6788
- C:\Windows\System\WkFwkLq.exe
  C:\Windows\System\WkFwkLq.exe
  2⤵
  PID:2812
- C:\Windows\System\SwMqSuH.exe
  C:\Windows\System\SwMqSuH.exe
  2⤵
  PID:5272
- C:\Windows\System\YnKaiGE.exe
  C:\Windows\System\YnKaiGE.exe
  2⤵
  PID:5900
- C:\Windows\System\cRYNLxj.exe
  C:\Windows\System\cRYNLxj.exe
  2⤵
  PID:8204
- C:\Windows\System\CTeEHLq.exe
  C:\Windows\System\CTeEHLq.exe
  2⤵
  PID:8224
- C:\Windows\System\pBmjYsx.exe
  C:\Windows\System\pBmjYsx.exe
  2⤵
  PID:8244
- C:\Windows\System\fjQcBAs.exe
  C:\Windows\System\fjQcBAs.exe
  2⤵
  PID:8264
- C:\Windows\System\MCXmMNd.exe
  C:\Windows\System\MCXmMNd.exe
  2⤵
  PID:8280
- C:\Windows\System\JsypemL.exe
  C:\Windows\System\JsypemL.exe
  2⤵
  PID:8304
- C:\Windows\System\raqxJWJ.exe
  C:\Windows\System\raqxJWJ.exe
  2⤵
  PID:8364
- C:\Windows\System\OrlfgHW.exe
  C:\Windows\System\OrlfgHW.exe
  2⤵
  PID:8436
- C:\Windows\System\ytOVQDt.exe
  C:\Windows\System\ytOVQDt.exe
  2⤵
  PID:8452
- C:\Windows\System\iwSdwIT.exe
  C:\Windows\System\iwSdwIT.exe
  2⤵
  PID:8468
- C:\Windows\System\svEurQK.exe
  C:\Windows\System\svEurQK.exe
  2⤵
  PID:8484
- C:\Windows\System\EjgRrlE.exe
  C:\Windows\System\EjgRrlE.exe
  2⤵
  PID:8500
- C:\Windows\System\uNzBHTg.exe
  C:\Windows\System\uNzBHTg.exe
  2⤵
  PID:8516
- C:\Windows\System\yuSuSWU.exe
  C:\Windows\System\yuSuSWU.exe
  2⤵
  PID:8532
- C:\Windows\System\OFFbToW.exe
  C:\Windows\System\OFFbToW.exe
  2⤵
  PID:8548
- C:\Windows\System\OsCVYgd.exe
  C:\Windows\System\OsCVYgd.exe
  2⤵
  PID:8564
- C:\Windows\System\HDbAaQj.exe
  C:\Windows\System\HDbAaQj.exe
  2⤵
  PID:8580
- C:\Windows\System\DPUiWyl.exe
  C:\Windows\System\DPUiWyl.exe
  2⤵
  PID:8596
- C:\Windows\System\HpmBuid.exe
  C:\Windows\System\HpmBuid.exe
  2⤵
  PID:8612
- C:\Windows\System\tBeSPNo.exe
  C:\Windows\System\tBeSPNo.exe
  2⤵
  PID:8628
- C:\Windows\System\Iswfllo.exe
  C:\Windows\System\Iswfllo.exe
  2⤵
  PID:8644
- C:\Windows\System\FgGAjXZ.exe
  C:\Windows\System\FgGAjXZ.exe
  2⤵
  PID:8660
- C:\Windows\System\dCEXDLE.exe
  C:\Windows\System\dCEXDLE.exe
  2⤵
  PID:8676
- C:\Windows\System\kWBJzyB.exe
  C:\Windows\System\kWBJzyB.exe
  2⤵
  PID:8692
- C:\Windows\System\aIYnQlZ.exe
  C:\Windows\System\aIYnQlZ.exe
  2⤵
  PID:8708
- C:\Windows\System\PuEtTbC.exe
  C:\Windows\System\PuEtTbC.exe
  2⤵
  PID:8724
- C:\Windows\System\yhAxCbw.exe
  C:\Windows\System\yhAxCbw.exe
  2⤵
  PID:8740
- C:\Windows\System\iSaYanO.exe
  C:\Windows\System\iSaYanO.exe
  2⤵
  PID:8756
- C:\Windows\System\icfFszA.exe
  C:\Windows\System\icfFszA.exe
  2⤵
  PID:8772
- C:\Windows\System\XjSdXKT.exe
  C:\Windows\System\XjSdXKT.exe
  2⤵
  PID:8788
- C:\Windows\System\dUIxxFD.exe
  C:\Windows\System\dUIxxFD.exe
  2⤵
  PID:8804
- C:\Windows\System\OZzuDaw.exe
  C:\Windows\System\OZzuDaw.exe
  2⤵
  PID:8820
- C:\Windows\System\DdYDHcb.exe
  C:\Windows\System\DdYDHcb.exe
  2⤵
  PID:8836
- C:\Windows\System\eFcsXKy.exe
  C:\Windows\System\eFcsXKy.exe
  2⤵
  PID:8852
- C:\Windows\System\YnqNOmc.exe
  C:\Windows\System\YnqNOmc.exe
  2⤵
  PID:8868
- C:\Windows\System\cAtLvTm.exe
  C:\Windows\System\cAtLvTm.exe
  2⤵
  PID:8884
- C:\Windows\System\pHkzyhT.exe
  C:\Windows\System\pHkzyhT.exe
  2⤵
  PID:8900
- C:\Windows\System\hesTgPl.exe
  C:\Windows\System\hesTgPl.exe
  2⤵
  PID:8916
- C:\Windows\System\nEvfzkk.exe
  C:\Windows\System\nEvfzkk.exe
  2⤵
  PID:8932
- C:\Windows\System\pnohfSz.exe
  C:\Windows\System\pnohfSz.exe
  2⤵
  PID:8948
- C:\Windows\System\PNHJiJP.exe
  C:\Windows\System\PNHJiJP.exe
  2⤵
  PID:8968
- C:\Windows\System\RsZmXpd.exe
  C:\Windows\System\RsZmXpd.exe
  2⤵
  PID:8984
- C:\Windows\System\OOcqveh.exe
  C:\Windows\System\OOcqveh.exe
  2⤵
  PID:9000
- C:\Windows\System\JZCiwYB.exe
  C:\Windows\System\JZCiwYB.exe
  2⤵
  PID:9016
- C:\Windows\System\ujNPKhy.exe
  C:\Windows\System\ujNPKhy.exe
  2⤵
  PID:9032
- C:\Windows\System\oSiJJEU.exe
  C:\Windows\System\oSiJJEU.exe
  2⤵
  PID:9072
- C:\Windows\System\cwdmjby.exe
  C:\Windows\System\cwdmjby.exe
  2⤵
  PID:9096
- C:\Windows\System\aUhtayd.exe
  C:\Windows\System\aUhtayd.exe
  2⤵
  PID:9112
- C:\Windows\System\iDlWttF.exe
  C:\Windows\System\iDlWttF.exe
  2⤵
  PID:9128
- C:\Windows\System\wEAOtlW.exe
  C:\Windows\System\wEAOtlW.exe
  2⤵
  PID:9144
- C:\Windows\System\cgmUHnw.exe
  C:\Windows\System\cgmUHnw.exe
  2⤵
  PID:9160
- C:\Windows\System\AyLeYVW.exe
  C:\Windows\System\AyLeYVW.exe
  2⤵
  PID:9176
- C:\Windows\System\NZfTyLo.exe
  C:\Windows\System\NZfTyLo.exe
  2⤵
  PID:9192
- C:\Windows\System\zSgyQun.exe
  C:\Windows\System\zSgyQun.exe
  2⤵
  PID:9208
- C:\Windows\System\BWNuuzQ.exe
  C:\Windows\System\BWNuuzQ.exe
  2⤵
  PID:7684
- C:\Windows\System\lZaVWZY.exe
  C:\Windows\System\lZaVWZY.exe
  2⤵
  PID:7660
- C:\Windows\System\bSrtjWt.exe
  C:\Windows\System\bSrtjWt.exe
  2⤵
  PID:1088
- C:\Windows\System\QdargdD.exe
  C:\Windows\System\QdargdD.exe
  2⤵
  PID:2336
- C:\Windows\System\HCuXWEW.exe
  C:\Windows\System\HCuXWEW.exe
  2⤵
  PID:4480
- C:\Windows\System\dbqNAGk.exe
  C:\Windows\System\dbqNAGk.exe
  2⤵
  PID:7432
- C:\Windows\System\EmQCMbB.exe
  C:\Windows\System\EmQCMbB.exe
  2⤵
  PID:8232
- C:\Windows\System\LOjSOUb.exe
  C:\Windows\System\LOjSOUb.exe
  2⤵
  PID:7720
- C:\Windows\System\mTsmnBo.exe
  C:\Windows\System\mTsmnBo.exe
  2⤵
  PID:2252
- C:\Windows\System\TOIVdSZ.exe
  C:\Windows\System\TOIVdSZ.exe
  2⤵
  PID:8272
- C:\Windows\System\NlPgbDn.exe
  C:\Windows\System\NlPgbDn.exe
  2⤵
  PID:8276
- C:\Windows\System\QtDqRxG.exe
  C:\Windows\System\QtDqRxG.exe
  2⤵
  PID:8024
- C:\Windows\System\GAGfbnr.exe
  C:\Windows\System\GAGfbnr.exe
  2⤵
  PID:8296
- C:\Windows\System\vYBDPwP.exe
  C:\Windows\System\vYBDPwP.exe
  2⤵
  PID:6816
- C:\Windows\System\yQAhdZb.exe
  C:\Windows\System\yQAhdZb.exe
  2⤵
  PID:8216
- C:\Windows\System\xxvWWwQ.exe
  C:\Windows\System\xxvWWwQ.exe
  2⤵
  PID:8356
- C:\Windows\System\QDhOCge.exe
  C:\Windows\System\QDhOCge.exe
  2⤵
  PID:3140
- C:\Windows\System\VdGlBUr.exe
  C:\Windows\System\VdGlBUr.exe
  2⤵
  PID:4712
- C:\Windows\System\GfrUdwA.exe
  C:\Windows\System\GfrUdwA.exe
  2⤵
  PID:2620
- C:\Windows\System\mmzyWgb.exe
  C:\Windows\System\mmzyWgb.exe
  2⤵
  PID:2948
- C:\Windows\System\XyKHarG.exe
  C:\Windows\System\XyKHarG.exe
  2⤵
  PID:2956
- C:\Windows\System\ngDCWKX.exe
  C:\Windows\System\ngDCWKX.exe
  2⤵
  PID:2728
- C:\Windows\System\HsgppFJ.exe
  C:\Windows\System\HsgppFJ.exe
  2⤵
  PID:2744
- C:\Windows\System\eENGxer.exe
  C:\Windows\System\eENGxer.exe
  2⤵
  PID:2816
- C:\Windows\System\zAvuRsp.exe
  C:\Windows\System\zAvuRsp.exe
  2⤵
  PID:1888
- C:\Windows\System\DknRFYz.exe
  C:\Windows\System\DknRFYz.exe
  2⤵
  PID:8444
- C:\Windows\System\utQKJfK.exe
  C:\Windows\System\utQKJfK.exe
  2⤵
  PID:1744
- C:\Windows\System\gIJqIxh.exe
  C:\Windows\System\gIJqIxh.exe
  2⤵
  PID:8492
- C:\Windows\System\NRbShYJ.exe
  C:\Windows\System\NRbShYJ.exe
  2⤵
  PID:8556
- C:\Windows\System\asFXaFq.exe
  C:\Windows\System\asFXaFq.exe
  2⤵
  PID:1784
- C:\Windows\System\alOqffx.exe
  C:\Windows\System\alOqffx.exe
  2⤵
  PID:8620
- C:\Windows\System\WsRXMml.exe
  C:\Windows\System\WsRXMml.exe
  2⤵
  PID:8656
- C:\Windows\System\PjlaNbg.exe
  C:\Windows\System\PjlaNbg.exe
  2⤵
  PID:8576
- C:\Windows\System\hMRIaix.exe
  C:\Windows\System\hMRIaix.exe
  2⤵
  PID:856
- C:\Windows\System\eYwAavS.exe
  C:\Windows\System\eYwAavS.exe
  2⤵
  PID:8752
- C:\Windows\System\XQKuKds.exe
  C:\Windows\System\XQKuKds.exe
  2⤵
  PID:8736
- C:\Windows\System\CBUwSKP.exe
  C:\Windows\System\CBUwSKP.exe
  2⤵
  PID:1312
- C:\Windows\System\QQWGRHi.exe
  C:\Windows\System\QQWGRHi.exe
  2⤵
  PID:9188
- C:\Windows\System\huAMeGF.exe
  C:\Windows\System\huAMeGF.exe
  2⤵
  PID:3000
- C:\Windows\System\NpTkwgt.exe
  C:\Windows\System\NpTkwgt.exe
  2⤵
  PID:7472
- C:\Windows\System\rwIzqmZ.exe
  C:\Windows\System\rwIzqmZ.exe
  2⤵
  PID:1092
- C:\Windows\System\bhpyNgw.exe
  C:\Windows\System\bhpyNgw.exe
  2⤵
  PID:1608
- C:\Windows\System\aYaWSTU.exe
  C:\Windows\System\aYaWSTU.exe
  2⤵
  PID:8292
- C:\Windows\System\hGIRKcd.exe
  C:\Windows\System\hGIRKcd.exe
  2⤵
  PID:6532
- C:\Windows\System\fSiVsmj.exe
  C:\Windows\System\fSiVsmj.exe
  2⤵
  PID:8352
- C:\Windows\System\TTTtBmo.exe
  C:\Windows\System\TTTtBmo.exe
  2⤵
  PID:3124
- C:\Windows\System\FupXCLH.exe
  C:\Windows\System\FupXCLH.exe
  2⤵
  PID:2600
- C:\Windows\System\waDaQcM.exe
  C:\Windows\System\waDaQcM.exe
  2⤵
  PID:2996
- C:\Windows\System\VwJRRWl.exe
  C:\Windows\System\VwJRRWl.exe
  2⤵
  PID:2836
- C:\Windows\System\cwEGiCE.exe
  C:\Windows\System\cwEGiCE.exe
  2⤵
  PID:8524
- C:\Windows\System\mcayXBd.exe
  C:\Windows\System\mcayXBd.exe
  2⤵
  PID:1736
- C:\Windows\System\bLfhszW.exe
  C:\Windows\System\bLfhszW.exe
  2⤵
  PID:8652
- C:\Windows\System\QbcRSUN.exe
  C:\Windows\System\QbcRSUN.exe
  2⤵
  PID:8512
- C:\Windows\System\FGGQtus.exe
  C:\Windows\System\FGGQtus.exe
  2⤵
  PID:8668
- C:\Windows\System\nNtHdzh.exe
  C:\Windows\System\nNtHdzh.exe
  2⤵
  PID:2924
- C:\Windows\System\KQBpmpo.exe
  C:\Windows\System\KQBpmpo.exe
  2⤵
  PID:1112
- C:\Windows\System\vQTbEpT.exe
  C:\Windows\System\vQTbEpT.exe
  2⤵
  PID:8672
- C:\Windows\System\FpAXGxc.exe
  C:\Windows\System\FpAXGxc.exe
  2⤵
  PID:8704
- C:\Windows\System\WauYOOi.exe
  C:\Windows\System\WauYOOi.exe
  2⤵
  PID:8832
- C:\Windows\System\RPkigsL.exe
  C:\Windows\System\RPkigsL.exe
  2⤵
  PID:8828
- C:\Windows\System\SoKOQKk.exe
  C:\Windows\System\SoKOQKk.exe
  2⤵
  PID:8896
- C:\Windows\System\LLHmzIz.exe
  C:\Windows\System\LLHmzIz.exe
  2⤵
  PID:8928
- C:\Windows\System\ijxHDjS.exe
  C:\Windows\System\ijxHDjS.exe
  2⤵
  PID:8816
- C:\Windows\System\eQhsdPN.exe
  C:\Windows\System\eQhsdPN.exe
  2⤵
  PID:8880
- C:\Windows\System\vuNAesD.exe
  C:\Windows\System\vuNAesD.exe
  2⤵
  PID:8944
- C:\Windows\System\mbQnSRE.exe
  C:\Windows\System\mbQnSRE.exe
  2⤵
  PID:8768
- C:\Windows\System\ablNFrx.exe
  C:\Windows\System\ablNFrx.exe
  2⤵
  PID:9040
- C:\Windows\System\eXJChIv.exe
  C:\Windows\System\eXJChIv.exe
  2⤵
  PID:1600
- C:\Windows\System\yooYTSE.exe
  C:\Windows\System\yooYTSE.exe
  2⤵
  PID:9024
- C:\Windows\System\hFqENoF.exe
  C:\Windows\System\hFqENoF.exe
  2⤵
  PID:9120
- C:\Windows\System\QOwcjaF.exe
  C:\Windows\System\QOwcjaF.exe
  2⤵
  PID:9108
- C:\Windows\System\iokyuWb.exe
  C:\Windows\System\iokyuWb.exe
  2⤵
  PID:1792
- C:\Windows\System\HkBGYcE.exe
  C:\Windows\System\HkBGYcE.exe
  2⤵
  PID:1692
- C:\Windows\System\zjPiKbL.exe
  C:\Windows\System\zjPiKbL.exe
  2⤵
  PID:7780
- C:\Windows\System\BYRQsyN.exe
  C:\Windows\System\BYRQsyN.exe
  2⤵
  PID:7332
- C:\Windows\System\vtliCPN.exe
  C:\Windows\System\vtliCPN.exe
  2⤵
  PID:6988
- C:\Windows\System\uURrfXn.exe
  C:\Windows\System\uURrfXn.exe
  2⤵
  PID:8344
- C:\Windows\System\pVpXROZ.exe
  C:\Windows\System\pVpXROZ.exe
  2⤵
  PID:2840
- C:\Windows\System\NIirVce.exe
  C:\Windows\System\NIirVce.exe
  2⤵
  PID:8480
- C:\Windows\System\rLAQqsG.exe
  C:\Windows\System\rLAQqsG.exe
  2⤵
  PID:8732
- C:\Windows\System\RhGnNWy.exe
  C:\Windows\System\RhGnNWy.exe
  2⤵
  PID:8940
- C:\Windows\System\mBNlBMQ.exe
  C:\Windows\System\mBNlBMQ.exe
  2⤵
  PID:9012
- C:\Windows\System\gokcPXR.exe
  C:\Windows\System\gokcPXR.exe
  2⤵
  PID:8876
- C:\Windows\System\aGuzOPu.exe
  C:\Windows\System\aGuzOPu.exe
  2⤵
  PID:9092
- C:\Windows\System\VkUlGAJ.exe
  C:\Windows\System\VkUlGAJ.exe
  2⤵
  PID:2312
- C:\Windows\System\AlPkNKs.exe
  C:\Windows\System\AlPkNKs.exe
  2⤵
  PID:1716
- C:\Windows\System\oxjEKnE.exe
  C:\Windows\System\oxjEKnE.exe
  2⤵
  PID:2940
- C:\Windows\System\SvjLhYH.exe
  C:\Windows\System\SvjLhYH.exe
  2⤵
  PID:8108
- C:\Windows\System\ohypaxw.exe
  C:\Windows\System\ohypaxw.exe
  2⤵
  PID:3028
- C:\Windows\System\RniVFtx.exe
  C:\Windows\System\RniVFtx.exe
  2⤵
  PID:8588
- C:\Windows\System\DwmZkhQ.exe
  C:\Windows\System\DwmZkhQ.exe
  2⤵
  PID:1232
- C:\Windows\System\myQJJFy.exe
  C:\Windows\System\myQJJFy.exe
  2⤵
  PID:8688
- C:\Windows\System\oaocBYm.exe
  C:\Windows\System\oaocBYm.exe
  2⤵
  PID:8864
- C:\Windows\System\JXzxtPl.exe
  C:\Windows\System\JXzxtPl.exe
  2⤵
  PID:1224
- C:\Windows\System\JYNXzYB.exe
  C:\Windows\System\JYNXzYB.exe
  2⤵
  PID:8252
- C:\Windows\System\VcsvdSK.exe
  C:\Windows\System\VcsvdSK.exe
  2⤵
  PID:2656
- C:\Windows\System\WnNzmEb.exe
  C:\Windows\System\WnNzmEb.exe
  2⤵
  PID:656
- C:\Windows\System\SFOyTNx.exe
  C:\Windows\System\SFOyTNx.exe
  2⤵
  PID:8924
- C:\Windows\System\xzzGNOO.exe
  C:\Windows\System\xzzGNOO.exe
  2⤵
  PID:2204
- C:\Windows\System\zfCbmTx.exe
  C:\Windows\System\zfCbmTx.exe
  2⤵
  PID:8956
- C:\Windows\System\MqAIKAQ.exe
  C:\Windows\System\MqAIKAQ.exe
  2⤵
  PID:876
- C:\Windows\System\BHCOsyw.exe
  C:\Windows\System\BHCOsyw.exe
  2⤵
  PID:8720
- C:\Windows\System\ZxoSmNK.exe
  C:\Windows\System\ZxoSmNK.exe
  2⤵
  PID:9200
- C:\Windows\System\ayFoevt.exe
  C:\Windows\System\ayFoevt.exe
  2⤵
  PID:8960
- C:\Windows\System\OHaDtvo.exe
  C:\Windows\System\OHaDtvo.exe
  2⤵
  PID:8912
- C:\Windows\System\lnqVqKj.exe
  C:\Windows\System\lnqVqKj.exe
  2⤵
  PID:1996
- C:\Windows\System\DYZXOYT.exe
  C:\Windows\System\DYZXOYT.exe
  2⤵
  PID:1404
- C:\Windows\System\kBuNgPF.exe
  C:\Windows\System\kBuNgPF.exe
  2⤵
  PID:9168
- C:\Windows\System\QRJyOfT.exe
  C:\Windows\System\QRJyOfT.exe
  2⤵
  PID:7988
- C:\Windows\System\JqNEHbo.exe
  C:\Windows\System\JqNEHbo.exe
  2⤵
  PID:8260
- C:\Windows\System\enkbqlH.exe
  C:\Windows\System\enkbqlH.exe
  2⤵
  PID:1436
- C:\Windows\System\SuirQve.exe
  C:\Windows\System\SuirQve.exe
  2⤵
  PID:8160
- C:\Windows\System\eSIJOYd.exe
  C:\Windows\System\eSIJOYd.exe
  2⤵
  PID:2824
- C:\Windows\System\dzlXvvQ.exe
  C:\Windows\System\dzlXvvQ.exe
  2⤵
  PID:8996
- C:\Windows\System\nftxZrt.exe
  C:\Windows\System\nftxZrt.exe
  2⤵
  PID:8348
- C:\Windows\System\loSwndk.exe
  C:\Windows\System\loSwndk.exe
  2⤵
  PID:9272
- C:\Windows\System\dfwSBoO.exe
  C:\Windows\System\dfwSBoO.exe
  2⤵
  PID:9300
- C:\Windows\System\DHVHmWe.exe
  C:\Windows\System\DHVHmWe.exe
  2⤵
  PID:9316
- C:\Windows\System\ogSpHpV.exe
  C:\Windows\System\ogSpHpV.exe
  2⤵
  PID:9332
- C:\Windows\System\CDzjEMF.exe
  C:\Windows\System\CDzjEMF.exe
  2⤵
  PID:9348
- C:\Windows\System\KyfkxIr.exe
  C:\Windows\System\KyfkxIr.exe
  2⤵
  PID:9364
- C:\Windows\System\qpPwmrU.exe
  C:\Windows\System\qpPwmrU.exe
  2⤵
  PID:9380
- C:\Windows\System\tcbknYQ.exe
  C:\Windows\System\tcbknYQ.exe
  2⤵
  PID:9400
- C:\Windows\System\MVWxCMv.exe
  C:\Windows\System\MVWxCMv.exe
  2⤵
  PID:9420
- C:\Windows\System\jVHkqHX.exe
  C:\Windows\System\jVHkqHX.exe
  2⤵
  PID:9436
- C:\Windows\System\CsHXTah.exe
  C:\Windows\System\CsHXTah.exe
  2⤵
  PID:9452
- C:\Windows\System\HACuzLd.exe
  C:\Windows\System\HACuzLd.exe
  2⤵
  PID:9468
- C:\Windows\System\USBvHDh.exe
  C:\Windows\System\USBvHDh.exe
  2⤵
  PID:9484
- C:\Windows\System\SJnlUhS.exe
  C:\Windows\System\SJnlUhS.exe
  2⤵
  PID:9500
- C:\Windows\System\biYUFUT.exe
  C:\Windows\System\biYUFUT.exe
  2⤵
  PID:9544
- C:\Windows\System\YQaxktD.exe
  C:\Windows\System\YQaxktD.exe
  2⤵
  PID:9576
- C:\Windows\System\hYWMZwa.exe
  C:\Windows\System\hYWMZwa.exe
  2⤵
  PID:9600
- C:\Windows\System\kzSnYPf.exe
  C:\Windows\System\kzSnYPf.exe
  2⤵
  PID:9616
- C:\Windows\System\vcCJTXY.exe
  C:\Windows\System\vcCJTXY.exe
  2⤵
  PID:9632
- C:\Windows\System\gZmhIte.exe
  C:\Windows\System\gZmhIte.exe
  2⤵
  PID:9656
- C:\Windows\System\xxJPODz.exe
  C:\Windows\System\xxJPODz.exe
  2⤵
  PID:9672
- C:\Windows\System\sYIUinQ.exe
  C:\Windows\System\sYIUinQ.exe
  2⤵
  PID:9692
- C:\Windows\System\felTKDU.exe
  C:\Windows\System\felTKDU.exe
  2⤵
  PID:9712
- C:\Windows\System\fgwVOgR.exe
  C:\Windows\System\fgwVOgR.exe
  2⤵
  PID:9728
- C:\Windows\System\zvaCVOA.exe
  C:\Windows\System\zvaCVOA.exe
  2⤵
  PID:9744
- C:\Windows\System\ljVVTug.exe
  C:\Windows\System\ljVVTug.exe
  2⤵
  PID:9760
- C:\Windows\System\nGMQcaD.exe
  C:\Windows\System\nGMQcaD.exe
  2⤵
  PID:9776
- C:\Windows\System\waRAcMM.exe
  C:\Windows\System\waRAcMM.exe
  2⤵
  PID:9792
- C:\Windows\System\IFprjaO.exe
  C:\Windows\System\IFprjaO.exe
  2⤵
  PID:9812
- C:\Windows\System\MaUfHTO.exe
  C:\Windows\System\MaUfHTO.exe
  2⤵
  PID:9832
- C:\Windows\System\evdholY.exe
  C:\Windows\System\evdholY.exe
  2⤵
  PID:9848
- C:\Windows\System\IyxZxsX.exe
  C:\Windows\System\IyxZxsX.exe
  2⤵
  PID:9892
- C:\Windows\System\PoOXRrO.exe
  C:\Windows\System\PoOXRrO.exe
  2⤵
  PID:9916
- C:\Windows\System\tPtUunx.exe
  C:\Windows\System\tPtUunx.exe
  2⤵
  PID:9944
- C:\Windows\System\PCmAJXG.exe
  C:\Windows\System\PCmAJXG.exe
  2⤵
  PID:9960
- C:\Windows\System\BAvKBFg.exe
  C:\Windows\System\BAvKBFg.exe
  2⤵
  PID:9984
- C:\Windows\System\cedlJkC.exe
  C:\Windows\System\cedlJkC.exe
  2⤵
  PID:10000
- C:\Windows\System\VIinxrm.exe
  C:\Windows\System\VIinxrm.exe
  2⤵
  PID:10016
- C:\Windows\System\EzDrIJJ.exe
  C:\Windows\System\EzDrIJJ.exe
  2⤵
  PID:10032
- C:\Windows\System\sjfWwYv.exe
  C:\Windows\System\sjfWwYv.exe
  2⤵
  PID:10048
- C:\Windows\System\xnRIsEN.exe
  C:\Windows\System\xnRIsEN.exe
  2⤵
  PID:10064
- C:\Windows\System\HWELBPl.exe
  C:\Windows\System\HWELBPl.exe
  2⤵
  PID:10080
- C:\Windows\System\nuwpNsi.exe
  C:\Windows\System\nuwpNsi.exe
  2⤵
  PID:10100
- C:\Windows\System\EKiEfiN.exe
  C:\Windows\System\EKiEfiN.exe
  2⤵
  PID:10136
- C:\Windows\System\ScqtLpc.exe
  C:\Windows\System\ScqtLpc.exe
  2⤵
  PID:10156
- C:\Windows\System\ZsWsNZm.exe
  C:\Windows\System\ZsWsNZm.exe
  2⤵
  PID:10188
- C:\Windows\System\QwMuMFw.exe
  C:\Windows\System\QwMuMFw.exe
  2⤵
  PID:10204
- C:\Windows\System\WjBGosa.exe
  C:\Windows\System\WjBGosa.exe
  2⤵
  PID:10224
- C:\Windows\System\gZIXaoi.exe
  C:\Windows\System\gZIXaoi.exe
  2⤵
  PID:3120
- C:\Windows\System\pfzaDIK.exe
  C:\Windows\System\pfzaDIK.exe
  2⤵
  PID:9240
- C:\Windows\System\clOnMLw.exe
  C:\Windows\System\clOnMLw.exe
  2⤵
  PID:9256
- C:\Windows\System\GioedYi.exe
  C:\Windows\System\GioedYi.exe
  2⤵
  PID:9284
- C:\Windows\System\mMOagJW.exe
  C:\Windows\System\mMOagJW.exe
  2⤵
  PID:9308
- C:\Windows\System\ujGbPYW.exe
  C:\Windows\System\ujGbPYW.exe
  2⤵
  PID:9372
- C:\Windows\System\YgAQxxi.exe
  C:\Windows\System\YgAQxxi.exe
  2⤵
  PID:9356
- C:\Windows\System\fAyZyHH.exe
  C:\Windows\System\fAyZyHH.exe
  2⤵
  PID:9476
- C:\Windows\System\cSpUdJb.exe
  C:\Windows\System\cSpUdJb.exe
  2⤵
  PID:9388
- C:\Windows\System\AhcEoHa.exe
  C:\Windows\System\AhcEoHa.exe
  2⤵
  PID:9428
- C:\Windows\System\qZbDyae.exe
  C:\Windows\System\qZbDyae.exe
  2⤵
  PID:9508
- C:\Windows\System\XCMRQfT.exe
  C:\Windows\System\XCMRQfT.exe
  2⤵
  PID:9432
- C:\Windows\System\iCIRZUN.exe
  C:\Windows\System\iCIRZUN.exe
  2⤵
  PID:9536
- C:\Windows\System\VaaAppF.exe
  C:\Windows\System\VaaAppF.exe
  2⤵
  PID:9560
- C:\Windows\System\ycwuLoc.exe
  C:\Windows\System\ycwuLoc.exe
  2⤵
  PID:9588
- C:\Windows\System\rjAoXXO.exe
  C:\Windows\System\rjAoXXO.exe
  2⤵
  PID:9612
- C:\Windows\System\gHLByHd.exe
  C:\Windows\System\gHLByHd.exe
  2⤵
  PID:9644
- C:\Windows\System\NUrrOWR.exe
  C:\Windows\System\NUrrOWR.exe
  2⤵
  PID:8408
- C:\Windows\System\AkUzgNh.exe
  C:\Windows\System\AkUzgNh.exe
  2⤵
  PID:9752
- C:\Windows\System\GHarPDs.exe
  C:\Windows\System\GHarPDs.exe
  2⤵
  PID:9860
- C:\Windows\System\uyVmHVg.exe
  C:\Windows\System\uyVmHVg.exe
  2⤵
  PID:9820
- C:\Windows\System\CaYQbYf.exe
  C:\Windows\System\CaYQbYf.exe
  2⤵
  PID:9704
- C:\Windows\System\PaVUoeG.exe
  C:\Windows\System\PaVUoeG.exe
  2⤵
  PID:9840
- C:\Windows\System\DfUxKpA.exe
  C:\Windows\System\DfUxKpA.exe
  2⤵
  PID:9900
- C:\Windows\System\LctTCfK.exe
  C:\Windows\System\LctTCfK.exe
  2⤵
  PID:9876
- C:\Windows\System\TFbotui.exe
  C:\Windows\System\TFbotui.exe
  2⤵
  PID:9940
- C:\Windows\System\rJjRTJN.exe
  C:\Windows\System\rJjRTJN.exe
  2⤵
  PID:10116
- C:\Windows\System\BfzpeHe.exe
  C:\Windows\System\BfzpeHe.exe
  2⤵
  PID:10124
- C:\Windows\System\lAavpUH.exe
  C:\Windows\System\lAavpUH.exe
  2⤵
  PID:10088
- C:\Windows\System\apPBxph.exe
  C:\Windows\System\apPBxph.exe
  2⤵
  PID:10184
- C:\Windows\System\ZMiwrAi.exe
  C:\Windows\System\ZMiwrAi.exe
  2⤵
  PID:10200
- C:\Windows\System\kSOHMuX.exe
  C:\Windows\System\kSOHMuX.exe
  2⤵
  PID:10220
- C:\Windows\System\kmAWckh.exe
  C:\Windows\System\kmAWckh.exe
  2⤵
  PID:9232
- C:\Windows\System\oqbThex.exe
  C:\Windows\System\oqbThex.exe
  2⤵
  PID:9224
- C:\Windows\System\wSGqtts.exe
  C:\Windows\System\wSGqtts.exe
  2⤵
  PID:9280
- C:\Windows\System\tGOCYQK.exe
  C:\Windows\System\tGOCYQK.exe
  2⤵
  PID:9460
- C:\Windows\System\qXatieu.exe
  C:\Windows\System\qXatieu.exe
  2⤵
  PID:9328
- C:\Windows\System\ehNFYOg.exe
  C:\Windows\System\ehNFYOg.exe
  2⤵
  PID:9492
- C:\Windows\System\APMPdUx.exe
  C:\Windows\System\APMPdUx.exe
  2⤵
  PID:9464
- C:\Windows\System\xglcRNS.exe
  C:\Windows\System\xglcRNS.exe
  2⤵
  PID:9568
- C:\Windows\System\njfNrdP.exe
  C:\Windows\System\njfNrdP.exe
  2⤵
  PID:9828
- C:\Windows\System\OeQEYjg.exe
  C:\Windows\System\OeQEYjg.exe
  2⤵
  PID:9624
- C:\Windows\System\yHkOLsg.exe
  C:\Windows\System\yHkOLsg.exe
  2⤵
  PID:9824
- C:\Windows\System\oWGERIy.exe
  C:\Windows\System\oWGERIy.exe
  2⤵
  PID:9804
- C:\Windows\System\rYZgwCo.exe
  C:\Windows\System\rYZgwCo.exe
  2⤵
  PID:9868
- C:\Windows\System\yatWcxR.exe
  C:\Windows\System\yatWcxR.exe
  2⤵
  PID:9908
- C:\Windows\System\UTndFyk.exe
  C:\Windows\System\UTndFyk.exe
  2⤵
  PID:9968
- C:\Windows\System\cfKjsHc.exe
  C:\Windows\System\cfKjsHc.exe
  2⤵
  PID:9980
- C:\Windows\System\QFIWqLk.exe
  C:\Windows\System\QFIWqLk.exe
  2⤵
  PID:10072
- C:\Windows\System\geWUetC.exe
  C:\Windows\System\geWUetC.exe
  2⤵
  PID:10056
- C:\Windows\System\eMEZpzO.exe
  C:\Windows\System\eMEZpzO.exe
  2⤵
  PID:10028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DGDAhEp.exe

Filesize
6.0MB

MD5
23b6a0a904b65350c86df81697310441

SHA1
d1eca47425e8116107e7a1c3cb20998c05679ab7

SHA256
154a72d8e630ffed2ca9e94af544bc95d5d0fc0581031610f26c9217c15dcd3b

SHA512
4952986575444c4f87f34f2b21778371c5fdb362dd4a85094e720cee9648daed02398ec2f2f0330cb409c54535309c64bbd9a17a0e7898339699578afde4db65

Download Submit
C:\Windows\system\DJdHyfp.exe

Filesize
6.0MB

MD5
e1449f7934a8dafede3b233ed3ac7dcb

SHA1
32904487539ef130216267eeedfc8dbe2ce4c2ac

SHA256
cb81cb70d44db848ac1c37dfa19cbe4528250582f20dbd63f1eb5769cc7d8cd0

SHA512
f6713c33e0b942e3c3ee67c87fabce2bcf98ae0817f202cb7e8853a919d6ff66134fc64ca857571360e790431880b561c4f44958cae4771d12d69a08f236d5da

Download Submit
C:\Windows\system\EbzDgSq.exe

Filesize
6.0MB

MD5
2f1c9f197b7f85baabcb475913c1fce2

SHA1
42ad48a5f6d75bd710d88325f1f56448cb405401

SHA256
de8be4248073a2340f8c93f1a5af65917edb111c758b1b2132d9c91400aaaf21

SHA512
5081ead0c0639af74635549f4bebb9eeaa2d7fda4ff7d11d3d0f6ded1e2234226c10ffd9f0b18e6a2477348a269fb1dac6baf68399f8b7dcddea21d1e567a896

Download Submit
C:\Windows\system\Hevoaya.exe

Filesize
6.0MB

MD5
84a2ddb683aa475a278eb73a5b9fa8ad

SHA1
fd3bc3d2b866a17318bda39890698f1a68f40ae1

SHA256
d0e23fa224a1064e7c9c3aff13845c8a1f9b983db148cb7400a5b0aa9c39cb93

SHA512
c07f83a9117151b089bdb12bb8e9d3d8fa82871b094a47606335a0ff7e00acc0f72af5bd15a0a1a92df20bad7eae880d237cc5d2f2e23f301cdc734502744af7

Download Submit
C:\Windows\system\LfOQIAH.exe

Filesize
6.0MB

MD5
e93790abe5e545ac84f1a99888c8214b

SHA1
e7bc12fa503de9d2948a52a00d869316a5d57896

SHA256
52ccb2d405027639eaad3e6e5d989e394e3e41181df0411adf7b2c7b87f60cf3

SHA512
6ae7d7baebf4952ed6274166b989e657dc19121afcc5d9316b0a521624f3e851601da9b188d530d8cd5a767a9e340ef8bfc7a82475e0c92f5d07f7b10b01c8c5

Download Submit
C:\Windows\system\MpJYQIh.exe

Filesize
6.0MB

MD5
7be0527986ff2876b9c625389d007c52

SHA1
f00da2573077a9203c27d271cf773db06906f8c2

SHA256
fcb2693231dd682b819b12ff41ab1a4ae36a45f3ba78f4346e83c3df6844d27a

SHA512
0970ed6c6129a74b459672e0b282dfb9413971eb3d0c460a3f2ff29c71d1971579647e0dc712e0e1b9a91715a135755e64d776967629954a51590543f16c6015

Download Submit
C:\Windows\system\OBcFZQt.exe

Filesize
6.0MB

MD5
8c563eafb138bc23a8b2ad872c381a35

SHA1
8119e5c0119350040b9abf9df477ee4b31015580

SHA256
50a1a25b101b45551d0091a0988f09f7df5a1e4e1bcd5bac1fff1e55fc799844

SHA512
781de02c519370db8d768688ca8053e24ee8ac3387753cff3a4bebf5db4fb432d2b3d2f68e2694499310b8e4b456c40ae260b62db4a5b9335074c762ab689a37

Download Submit
C:\Windows\system\TkIcjtM.exe

Filesize
6.0MB

MD5
fd0f3a60aaf3eb50c02c1b23600437ec

SHA1
2aa15dd0947619ee0fa9a3bf5a82bb85d6e3d121

SHA256
8dea3504cc9c925eecca974578444d52be5690ebb32a4e3e4f3e942a679b4fc0

SHA512
091ef29cb4c76194a5fa0bb591b7dbf3e4c4d7fc4b37b3d1f77d77b20264109e7ef6e8a8dfd684d0fff9675df48852def80b7b9a9d5c8e987a6c41765e22a0cf

Download Submit
C:\Windows\system\YMQUfoH.exe

Filesize
6.0MB

MD5
1aa70e4ad180ac01489422198fd7b843

SHA1
21e24fe3bed846f0fab3b75b594d242a5657274f

SHA256
012789d8db650bf1826581813d3100921529c47ba7ea9712fb6aa385bbd4245b

SHA512
9be06ae5e61a5979f50193de9de09da6e576eb2dfa47dbe2dc2ec9b43842e33bf5ed2e841548e38ec1bcb8035fd9e5b185255a15e9f166f8c302847e6d68c471

Download Submit
C:\Windows\system\cghzvQP.exe

Filesize
6.0MB

MD5
fa133e48663cc82b30198311f952e8c3

SHA1
10068e5f7c66e7373207176d9a7453f3bdff76a5

SHA256
3d22fa65c2418bcdb94aba08e1f173676f3ac3744c8dd398749517dfeb075e66

SHA512
4c4f39ac713082663245392c828c3eff17afea6e88d686c24b6b9349bd98149526ad1dc266e8dd35e9d4aa15538cfc4ca08e3b6d928384d6dc445293bc498f21

Download Submit
C:\Windows\system\hjcfMWN.exe

Filesize
6.0MB

MD5
08f36e0f3b89fb86a9aa78f8241c8ba8

SHA1
562167b1af4bf6df00f4ee45fb89c040a0567738

SHA256
920ab62590bb8e1e54b6be573d7bb20fbf008c3760126fd2aad048cf2025c992

SHA512
3bb83c45a0498201df91a1bead1ac2ad8f225c33b7693db2517ff89cf4848a0d4770d7c71e98eee8b89cdf8fbf61dc2d181be2bb9aa8ed79c63fb0b43a3d1ae8

Download Submit
C:\Windows\system\hlMdJWR.exe

Filesize
6.0MB

MD5
fba7b89e2c20a9fd36ad7a491c110d40

SHA1
6be65d61a7deaa34f65a73fe73b9edde0846dd06

SHA256
3b66965f7be3707385dbc58123a92295b085f5245cae864ff560b602725658ac

SHA512
44345d1da83e8e05ddfab9c338ba4463f0d5909449bab2a88eb178db4faa1aca6d70526f294a59e08f6b210a3edddbd7eb748003dfeaa9ef9ffabcc12d73d6e2

Download Submit
C:\Windows\system\jeGNMNH.exe

Filesize
6.0MB

MD5
1caf87e4fdf9df08bfa4ac77837f1e9f

SHA1
7eb1ea06970a1850e955658122230d318770cb17

SHA256
8dc34cda837cfcc1cdcca28f6d929ae1f9c474f66165da71084436c7995abf8e

SHA512
102145056e7692f0b2b08459ef31025d84cad900bc32ac1009e4dd056d10e5d15075f0bc9c3f5a5ec31087cf405b0df8aecdb8666472d3fd34fb3836e20af324

Download Submit
C:\Windows\system\jepHMtF.exe

Filesize
6.0MB

MD5
e39dec79b0a77d5247662e6f8a40a467

SHA1
3ed0d14c33e4b105c61f0833e4427870c2545a37

SHA256
5a6dd8a2b20f50f1e19fd54d7f3acd003045164fbd21a70ee25c37cfe01d2aa1

SHA512
3abe11970cea0b5dd222536be55095270718bb078f20234338c49270a171176cd64a3842ab14f8539fa9a9f8891c6927a568f2e513c35eee34b89219d88010cb

Download Submit
C:\Windows\system\jvisUiX.exe

Filesize
6.0MB

MD5
96e37926e17edec1c9de2d9fbdcb3f6c

SHA1
3fb6e3b00d792530ccfc01a3975127eea47bf106

SHA256
52a2ed883aab315032c3c6fe477dd6a3757c87b36e3be1778839b75d1ae45df6

SHA512
1d633f2b283bb1aa01e73b298829355de299172c291f93c845fc7a7fa1139e860acf25c6a3b8ca3e7bd704e9ca1d66eb117daf9484473c6ffbf93e8e811c15cb

Download Submit
C:\Windows\system\mRsEMrz.exe

Filesize
6.0MB

MD5
d3fc072440c6c0bc6dc94567e3821e3e

SHA1
ee9262aae057b8c8f61a4632eb17bb62c613ecdd

SHA256
798e93b627278fdc2ef309eb9e21365fa1ac7c594e27ac6f373f0ab891f0b1e8

SHA512
4c27a8e2803db8180b83b1fdc07800b46ffe3d1a0a8ab7449c09e09e52168156ec3a904a610f878e92326f1129383ffa08ba07dc421b98e194ed6d803a18dbca

Download Submit
C:\Windows\system\nTaXLAp.exe

Filesize
6.0MB

MD5
d59ffa8cff2344d3b0bc51deb7d8668b

SHA1
4ea7a9bca08cbc8641f11244d217b2e01aa52218

SHA256
0329549ae22571f19863b45e5b12a0a96464a5e1aa549c190075e18d3534ddae

SHA512
3a2b28b73d7cf070e5a0fab5d18480893ae9611d0da81b9cc5af4023baf5f37c0e77ccd91d7e76164b6dca195e5f0d605229f59cf828428e29662782a22b6371

Download Submit
C:\Windows\system\rIqcgJc.exe

Filesize
6.0MB

MD5
ba51684c182e1514fa9f740b52edcd79

SHA1
c89bd4d2807be588b175ee056e2ec89e23eecd10

SHA256
3e881300d832a2759bbeb065cd124d7b1f238c2f94bed89bfbbe1c06bb7860f5

SHA512
d7309914f931cbfebb54c8966e94cac17409fdf2315061c61a4c69c28d77266781c91515d416579cdcac7424035886418ef49d7110175ff8c0f766c25faaf54f

Download Submit
C:\Windows\system\safkDyR.exe

Filesize
6.0MB

MD5
1a3334922b2f64ce3efeae68ea900051

SHA1
4b37f9b5ccf51a4c8d31c5eb6a4c8b3990e9dbdc

SHA256
fe6a7ddc71683e84f88ad3bca31c823c298bfec46a253b1d1571c326ca124bdd

SHA512
61611ba9fed18295b1cd58bbdf36df2188d93d0bf61fd6dce1917684efc6abf1753e1d37a735b83e18b6304f71bea7a46ad013d1f2ad6814824be352a3e0c1da

Download Submit
C:\Windows\system\smjfsHh.exe

Filesize
6.0MB

MD5
87c32888a0d6ec051d3977d24340e434

SHA1
899555868ac532e8618ecaa05f30d90bb80690e7

SHA256
7d545dd3d5a88cc531f6c692e6b03f47bbc5a365fb82011ba8b226c4539fece3

SHA512
83d2d706dddce425878ed78b8251f2f20dc31f860752b914c62582028d8eac1ccd4e40d41d71d90ec6f10838ac38e4b288f456aeb8cadb5073400cd34f10720d

Download Submit
C:\Windows\system\uOyVCzT.exe

Filesize
6.0MB

MD5
8fddf69e4e4920f9d9ebf10f65a19bdf

SHA1
a89b9b52ff1d91db643df769739037f0ebaa20a6

SHA256
d3fee20ed07bef116d8f12c0d10b68d942e44673a3da50ecdf76e42fd2ea3f18

SHA512
f578f2ccadfc423a1021163060eda484478947352e9d5ff043d334c92385086577a877ac4224374b50ee8f3b8ab8834c6a15fcd6fa6036ad54b87a4dc310bd18

Download Submit
C:\Windows\system\vVmWaIB.exe

Filesize
6.0MB

MD5
8ad30c2f1e074a7967a3d95bf1b73d2c

SHA1
6ead276783b71890a9cbcc60852dc7923a951592

SHA256
bc8c89399ef86dba91d0e367dafa8f1e80a686c2fdf5977680d1229b9d564505

SHA512
a1847bdbfb23aff05706ec1348aed6040410b0f840d3d9fb4652daf579e89e42023dd3cfe95cdb7f3711507b1b90d50fc7e354b1c99b48f09610abac7aaae5cb

Download Submit
C:\Windows\system\wvLwFRs.exe

Filesize
6.0MB

MD5
076243afd3b6658b2e36773d1058636d

SHA1
73eaadb5774d990c751cc4f59e52d40d4303f41c

SHA256
fa1f73f8dd1de9be2059b4335a89a4221b2d7a413e6812dc6e261c223b493462

SHA512
61aa1d28721e03130ecc4453c6667cf42c4744b77ac2728f07aecd6b35211d32f36c7f6782ba1c169231a13ab4a1ec675cd9c8ba2b8f90c5b260fbbc0c6f9a13

Download Submit
C:\Windows\system\xOaGvkc.exe

Filesize
6.0MB

MD5
275820b79ad49a646431d74bff65f3c2

SHA1
e0ff1945eee458919e7a91225078b90665a89a55

SHA256
d659a922e346101d5eadf974ba09c1a6b5833eb4748c141e71273871f0457fef

SHA512
1a5a97373cd91e6663f70bfac8668c668bad02774e2b67bc781b6dc79ed573f155c125099790ae8cdb527b2b1c34be1aeb24165a891583206bc8d99b53b24c5e

Download Submit
C:\Windows\system\xbDyIFG.exe

Filesize
6.0MB

MD5
34d1899cc68cd9623eeab64bbc6e3be0

SHA1
43becd1283f79116eeb336db7d5749aa7c6fe7b6

SHA256
1221badb6eaf02239de2cd1d8db283107c5ae13943b0901647a9bfa2e1a4e2e0

SHA512
a3465dfce84f2090c49a71ae3d16a9706465f72c9e45cb673e03bcb9a28c8aaaca4d13647fad3f819d14ef57d67888dfe834a140a6fdf8b60e83ecca27529076

Download Submit
C:\Windows\system\znwzboQ.exe

Filesize
6.0MB

MD5
2d7f377b1f3e733cad3671314833796b

SHA1
0020dd5149e2d43615b52d3a9ac9bf78fb1cead1

SHA256
5f75e5a8f1a5d4eabd2056b78c639ec655c5a4b1f11b774ef78d15e4e76511b5

SHA512
a866bee5928f5f5e841f311811340bc2cf8b6c9571c611ae1b4714f1a115c48da6d98f8c4e75100eb62321e28e0cd1ab8d2f7fde9f0959d29e956467f6930eae

Download Submit
\Windows\system\CGVtgwv.exe

Filesize
6.0MB

MD5
c9e3a34556cb0a4517fe894c9b94cd9a

SHA1
4effb70b910430be153641ec3e17fbab59d8e0cc

SHA256
410eeb3fc0c8ffac8a6b378d3853e8b04db2e07042c3cd8479379bcd723da7a6

SHA512
bf4ab4acab6590c9e00cd9ae73d1c361f70ceb5c41c602c427e5037d05af7ac06eaec9cd2098c130513e1f25a40868fca4d0456fb88696d34145a85724a2ae64

Download Submit
\Windows\system\EiNNJTa.exe

Filesize
6.0MB

MD5
227e6d5a95cc8a78e80158ddbee84aef

SHA1
971686ed724b508ae652177c54e08dd153ffda5f

SHA256
d57aad88ba8a3e8ecaf9d2222635c8cf907dcfa3db0b5de57c7ab038def9c217

SHA512
2b7edb63a29544627c9c851c4debeae73e7fb1e3ab0eba4ad3351d12347ec19159a6ba3ec231c1d5d46bfacddcf85bc10d42476d4c7d74f60358f797b9d0e280

Download Submit
\Windows\system\RNaSkdI.exe

Filesize
6.0MB

MD5
960c01497d01f34ce2b51df86b44728e

SHA1
8550341757f9e6c82baa0a5c4408e9dab4345253

SHA256
b8afc2fba31756a41048a9e10bcf7a729be2bc3b4f71495d987f516be3d9e8cf

SHA512
a01151533c9b8f99787f1b23d24e9794c227479e527e99d639336d41564cfaf1a867ea155947c80c12195246c50df4da8f15ddd0eded963aa58c3da105a49516

Download Submit
\Windows\system\clUYKvV.exe

Filesize
6.0MB

MD5
cae3998853813d44a81ca3750311c514

SHA1
71ab0bbb6cad18909d33f6852e9d7ae6e869e06a

SHA256
76561c80a2a40a56a73cbd441ca46b2342ec275e7f639c330137ff73d7e03dae

SHA512
b090c078af1467cc8f2c41b7c180e7a94e284fc10c6d26a7126c1b3dc710d405d7e6d0a8b2ad3d6b28436f5905f92c0e766efe942fee1848fa99a798b3a41f5a

Download Submit
\Windows\system\jtmLtiI.exe

Filesize
6.0MB

MD5
dbf2c212c6b3b19966b16131d7d0d4a7

SHA1
bc2becf8b095c98d0637ecd594950a877de8a121

SHA256
5fa987b35376368acd39e8960ae5b4346911616c63c5643629dec3652de63c64

SHA512
496b31993ca8b217e72d79a6adbe4a4ad3cc0b1b1277b565fac4c6483dedbfbcb10614a357d6cef302488ee055b80669acf14adb6bcab802fe9ae944d4be0829

Download Submit
\Windows\system\kubNKIW.exe

Filesize
6.0MB

MD5
d788389fe8de30215f02d81ec99ba64d

SHA1
ea0887ccc1caebaa236a1c1b3095de432df2ec0a

SHA256
b6fe916284adcd784ced6257f11e96494c950d0f9906125baae3c371e8b195f0

SHA512
93e8aa2adcf9cf71fc09f00162354466bd21b2af7e683450de7a6bebf49913d77db95368a0c6b91648c2302179353bb009d326b7b99f1de1e61f38296b91665a

Download Submit
memory/860-98-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/860-1068-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/860-3487-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2212-108-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-48-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3495-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-581-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-34-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-580-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-107-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2428-14-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2428-23-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-24-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2428-8-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2428-47-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-109-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1336-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2428-339-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-63-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-38-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-77-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-76-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-73-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2508-75-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3513-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2508-29-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3464-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-27-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-74-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-46-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3483-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2528-18-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3460-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2604-9-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2696-583-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3468-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2696-84-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2724-582-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-79-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3463-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-94-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3705-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-93-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3569-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2952-85-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3507-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3496-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-35-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3545-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-812-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3571-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-99-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-41-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download