cobaltstrike | bcd2db23ff31ded238690ab34605f7ff716b7c9c28ff2f40a0cf94b80a3791a7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

99eda496474c3b0ab5536870391e3edf
SHA1

b516d6466162f149444fd0ef81243bb2460ffc1a
SHA256

bcd2db23ff31ded238690ab34605f7ff716b7c9c28ff2f40a0cf94b80a3791a7
SHA512

29befb35cdc12dbd7baaab48f1733b0d3fd6b56f195b039d62d3279c96b385cfd94e096ca4311feaee78b132f69ad451d0e50c3a3dfa42d5339aed54c52b95dc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012259-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-5.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e25-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ae-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001903d-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-72.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160d5-63.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000015d6d-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-134.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-3.dat	xmrig
behavioral1/files/0x0008000000015dc3-5.dat	xmrig
behavioral1/memory/2760-22-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e25-21.dat	xmrig
behavioral1/memory/2884-19-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e47-23.dat	xmrig
behavioral1/memory/2204-29-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-30.dat	xmrig
behavioral1/memory/1956-14-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2828-36-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160ae-37.dat	xmrig
behavioral1/memory/2700-40-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2700-43-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2920-45-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000700000001903d-49.dat	xmrig
behavioral1/files/0x0005000000019234-68.dat	xmrig
behavioral1/memory/1676-67-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-64.dat	xmrig
behavioral1/memory/2760-82-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2124-81-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2172-80-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2700-78-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2672-76-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-72.dat	xmrig
behavioral1/files/0x00070000000160d5-63.dat	xmrig
behavioral1/memory/1744-62-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1956-52-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0027000000015d6d-83.dat	xmrig
behavioral1/memory/2204-86-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1812-90-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2700-87-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-91.dat	xmrig
behavioral1/memory/2828-92-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1280-98-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2700-95-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-102.dat	xmrig
behavioral1/memory/2836-107-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1676-103-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-110.dat	xmrig
behavioral1/files/0x00050000000192f0-116.dat	xmrig
behavioral1/files/0x000500000001932a-123.dat	xmrig
behavioral1/files/0x000500000001933e-128.dat	xmrig
behavioral1/files/0x0005000000019384-136.dat	xmrig
behavioral1/files/0x00050000000193af-148.dat	xmrig
behavioral1/files/0x00050000000193c9-154.dat	xmrig
behavioral1/files/0x00050000000194a7-176.dat	xmrig
behavioral1/files/0x00050000000194d4-188.dat	xmrig
behavioral1/files/0x00050000000194e2-198.dat	xmrig
behavioral1/memory/1812-662-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2700-531-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-193.dat	xmrig
behavioral1/files/0x00050000000194b4-183.dat	xmrig
behavioral1/files/0x0005000000019494-173.dat	xmrig
behavioral1/files/0x0005000000019408-168.dat	xmrig
behavioral1/files/0x00050000000193fa-163.dat	xmrig
behavioral1/files/0x00050000000193f8-159.dat	xmrig
behavioral1/files/0x00050000000193a2-143.dat	xmrig
behavioral1/files/0x0005000000019346-134.dat	xmrig
behavioral1/memory/2884-3826-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2204-3831-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1956-3835-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2760-3837-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1744-3847-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1956	SbHaOkJ.exe
2884	ScRLZhi.exe
2760	nBaSVpb.exe
2204	GJulJkQ.exe
2828	uMGhPJn.exe
2920	gHTWhrB.exe
1744	TzNAdfG.exe
2672	sejgEeZ.exe
1676	OhvBVpP.exe
2172	hJJovml.exe
2124	AlRYxPR.exe
1812	EarKyiT.exe
1280	OOVEMEl.exe
2836	mWoiKQw.exe
2420	YLwpOJE.exe
2424	uPmVmje.exe
1548	GTcxzIK.exe
2704	WVwNqqJ.exe
1312	sQdcucE.exe
832	PfCdEYE.exe
1620	QiCFfEU.exe
2588	iyULDUi.exe
1148	AYxWOaW.exe
2116	RmiPsBt.exe
2224	NKMRvLE.exe
2480	STgxjeW.exe
2128	mStOgmC.exe
348	UylUHQz.exe
752	JewBkIe.exe
820	AvdSdFu.exe
2324	FfitBsn.exe
1612	mdzlEVb.exe
1608	tkxrVBP.exe
1688	wjWlhRp.exe
1524	dkGdioV.exe
1348	DTsupkj.exe
1780	XEBOIcr.exe
1772	GrMFCSG.exe
892	InhBKBh.exe
1164	VxeqrvK.exe
568	FwRAMmI.exe
1568	ibojGOm.exe
2100	BltvwSr.exe
2688	CYbqavh.exe
2516	PtPgcKN.exe
2524	fYlTnBb.exe
2080	eNiWXgL.exe
1852	VzThUcj.exe
876	FGwnoQK.exe
1692	vbGDifi.exe
1284	FbLPVkA.exe
2344	tYeQppR.exe
1728	yMzBiof.exe
2316	RxaWsCw.exe
2732	LtjYlUS.exe
2740	iYcprqD.exe
2856	FuFMkgd.exe
2608	NCfJdPz.exe
1940	ToWDcAm.exe
1196	QdPEnbv.exe
2520	UNIIVeE.exe
2668	EjZoDKA.exe
2944	QDZSFef.exe
2952	GMYogOr.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000b000000012259-3.dat	upx
behavioral1/files/0x0008000000015dc3-5.dat	upx
behavioral1/memory/2760-22-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0008000000015e25-21.dat	upx
behavioral1/memory/2884-19-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0008000000015e47-23.dat	upx
behavioral1/memory/2204-29-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-30.dat	upx
behavioral1/memory/1956-14-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2828-36-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x00070000000160ae-37.dat	upx
behavioral1/memory/2700-43-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2920-45-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000700000001903d-49.dat	upx
behavioral1/files/0x0005000000019234-68.dat	upx
behavioral1/memory/1676-67-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019228-64.dat	upx
behavioral1/memory/2760-82-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2124-81-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2172-80-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2672-76-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000500000001920f-72.dat	upx
behavioral1/files/0x00070000000160d5-63.dat	upx
behavioral1/memory/1744-62-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1956-52-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0027000000015d6d-83.dat	upx
behavioral1/memory/2204-86-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1812-90-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000019241-91.dat	upx
behavioral1/memory/2828-92-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1280-98-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000500000001925c-102.dat	upx
behavioral1/memory/2836-107-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/1676-103-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019273-110.dat	upx
behavioral1/files/0x00050000000192f0-116.dat	upx
behavioral1/files/0x000500000001932a-123.dat	upx
behavioral1/files/0x000500000001933e-128.dat	upx
behavioral1/files/0x0005000000019384-136.dat	upx
behavioral1/files/0x00050000000193af-148.dat	upx
behavioral1/files/0x00050000000193c9-154.dat	upx
behavioral1/files/0x00050000000194a7-176.dat	upx
behavioral1/files/0x00050000000194d4-188.dat	upx
behavioral1/files/0x00050000000194e2-198.dat	upx
behavioral1/memory/1812-662-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x00050000000194da-193.dat	upx
behavioral1/files/0x00050000000194b4-183.dat	upx
behavioral1/files/0x0005000000019494-173.dat	upx
behavioral1/files/0x0005000000019408-168.dat	upx
behavioral1/files/0x00050000000193fa-163.dat	upx
behavioral1/files/0x00050000000193f8-159.dat	upx
behavioral1/files/0x00050000000193a2-143.dat	upx
behavioral1/files/0x0005000000019346-134.dat	upx
behavioral1/memory/2884-3826-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2204-3831-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1956-3835-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2760-3837-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1744-3847-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2920-3850-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1676-3849-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2124-3851-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2172-3855-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2828-3858-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fzsRykD.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWbzkSf.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dABoYtV.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJBWtTW.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsHsQyg.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQMVfRb.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxaHqFg.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaCqldD.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhvZjLe.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmtmDAR.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doyhtRF.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxFquth.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeTAkko.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfdVDhi.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWIgCiG.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeJvHgk.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcCyMzY.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cScOFcd.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLdDrRK.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiAzxox.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfcBBeX.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASJZalu.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjMVSZu.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEiPxoY.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkOYdyN.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsUILCB.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcFfpQl.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKNYRtZ.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAiaaDk.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwlvNua.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfcbVKG.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xkdzwnn.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEiAsQn.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxMOoWB.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdTHupG.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYdCQlt.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLonkBf.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUlLGBC.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCgWTBT.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcbGvlx.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEWpTNJ.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkxYlXh.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHFrgvu.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXbopHo.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOVEMEl.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwRAMmI.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJnoxEB.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJSfxqP.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JycPKmF.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llkkxBY.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgSLsoW.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBJpTOe.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHmgXOJ.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiAhWJF.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLohZsn.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECzMwpt.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRwPPhF.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLQUMrI.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsUwtTX.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luBRUSL.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzHxalH.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UihOoDa.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmOPGQe.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUFNDfV.exe	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 1956	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 1956	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 1956	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 2884	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2884	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2884	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2760	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2760	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2760	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2204	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2204	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2204	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2828	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2828	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2828	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2920	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2920	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2920	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2672	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2672	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2672	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 1744	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 1744	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 1744	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2172	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2172	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2172	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 1676	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 1676	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 1676	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2124	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2124	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2124	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 1812	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 1812	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 1812	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 1280	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 1280	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 1280	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2836	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2836	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2836	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 2420	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 2420	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 2420	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 2424	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 2424	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 2424	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 1548	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 1548	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 1548	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2704	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 2704	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 2704	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 1312	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 1312	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 1312	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 832	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 832	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 832	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 1620	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1620	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1620	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 2588	2700	2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_99eda496474c3b0ab5536870391e3edf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\System\SbHaOkJ.exe
  C:\Windows\System\SbHaOkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ScRLZhi.exe
  C:\Windows\System\ScRLZhi.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\nBaSVpb.exe
  C:\Windows\System\nBaSVpb.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\GJulJkQ.exe
  C:\Windows\System\GJulJkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\uMGhPJn.exe
  C:\Windows\System\uMGhPJn.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\gHTWhrB.exe
  C:\Windows\System\gHTWhrB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\sejgEeZ.exe
  C:\Windows\System\sejgEeZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\TzNAdfG.exe
  C:\Windows\System\TzNAdfG.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\hJJovml.exe
  C:\Windows\System\hJJovml.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\OhvBVpP.exe
  C:\Windows\System\OhvBVpP.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\AlRYxPR.exe
  C:\Windows\System\AlRYxPR.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\EarKyiT.exe
  C:\Windows\System\EarKyiT.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\OOVEMEl.exe
  C:\Windows\System\OOVEMEl.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\mWoiKQw.exe
  C:\Windows\System\mWoiKQw.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\YLwpOJE.exe
  C:\Windows\System\YLwpOJE.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\uPmVmje.exe
  C:\Windows\System\uPmVmje.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\GTcxzIK.exe
  C:\Windows\System\GTcxzIK.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\WVwNqqJ.exe
  C:\Windows\System\WVwNqqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\sQdcucE.exe
  C:\Windows\System\sQdcucE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\PfCdEYE.exe
  C:\Windows\System\PfCdEYE.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\QiCFfEU.exe
  C:\Windows\System\QiCFfEU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\iyULDUi.exe
  C:\Windows\System\iyULDUi.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AYxWOaW.exe
  C:\Windows\System\AYxWOaW.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\RmiPsBt.exe
  C:\Windows\System\RmiPsBt.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\NKMRvLE.exe
  C:\Windows\System\NKMRvLE.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\STgxjeW.exe
  C:\Windows\System\STgxjeW.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\mStOgmC.exe
  C:\Windows\System\mStOgmC.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UylUHQz.exe
  C:\Windows\System\UylUHQz.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\JewBkIe.exe
  C:\Windows\System\JewBkIe.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\AvdSdFu.exe
  C:\Windows\System\AvdSdFu.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\FfitBsn.exe
  C:\Windows\System\FfitBsn.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\mdzlEVb.exe
  C:\Windows\System\mdzlEVb.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\tkxrVBP.exe
  C:\Windows\System\tkxrVBP.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\wjWlhRp.exe
  C:\Windows\System\wjWlhRp.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\dkGdioV.exe
  C:\Windows\System\dkGdioV.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\DTsupkj.exe
  C:\Windows\System\DTsupkj.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\XEBOIcr.exe
  C:\Windows\System\XEBOIcr.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\GrMFCSG.exe
  C:\Windows\System\GrMFCSG.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\InhBKBh.exe
  C:\Windows\System\InhBKBh.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\VxeqrvK.exe
  C:\Windows\System\VxeqrvK.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\FwRAMmI.exe
  C:\Windows\System\FwRAMmI.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\ibojGOm.exe
  C:\Windows\System\ibojGOm.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\BltvwSr.exe
  C:\Windows\System\BltvwSr.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\CYbqavh.exe
  C:\Windows\System\CYbqavh.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\PtPgcKN.exe
  C:\Windows\System\PtPgcKN.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\fYlTnBb.exe
  C:\Windows\System\fYlTnBb.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\eNiWXgL.exe
  C:\Windows\System\eNiWXgL.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\VzThUcj.exe
  C:\Windows\System\VzThUcj.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\FGwnoQK.exe
  C:\Windows\System\FGwnoQK.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\vbGDifi.exe
  C:\Windows\System\vbGDifi.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\FbLPVkA.exe
  C:\Windows\System\FbLPVkA.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\tYeQppR.exe
  C:\Windows\System\tYeQppR.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\yMzBiof.exe
  C:\Windows\System\yMzBiof.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RxaWsCw.exe
  C:\Windows\System\RxaWsCw.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\LtjYlUS.exe
  C:\Windows\System\LtjYlUS.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\iYcprqD.exe
  C:\Windows\System\iYcprqD.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\FuFMkgd.exe
  C:\Windows\System\FuFMkgd.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\NCfJdPz.exe
  C:\Windows\System\NCfJdPz.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ToWDcAm.exe
  C:\Windows\System\ToWDcAm.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\QdPEnbv.exe
  C:\Windows\System\QdPEnbv.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\UNIIVeE.exe
  C:\Windows\System\UNIIVeE.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\EjZoDKA.exe
  C:\Windows\System\EjZoDKA.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\QDZSFef.exe
  C:\Windows\System\QDZSFef.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\GMYogOr.exe
  C:\Windows\System\GMYogOr.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SHrOTaW.exe
  C:\Windows\System\SHrOTaW.exe
  2⤵
  PID:1908
- C:\Windows\System\MCbfoQN.exe
  C:\Windows\System\MCbfoQN.exe
  2⤵
  PID:2616
- C:\Windows\System\aCillpD.exe
  C:\Windows\System\aCillpD.exe
  2⤵
  PID:1944
- C:\Windows\System\FKmZElF.exe
  C:\Windows\System\FKmZElF.exe
  2⤵
  PID:2340
- C:\Windows\System\dSeOHZJ.exe
  C:\Windows\System\dSeOHZJ.exe
  2⤵
  PID:1128
- C:\Windows\System\HNwKPZm.exe
  C:\Windows\System\HNwKPZm.exe
  2⤵
  PID:2964
- C:\Windows\System\oKFvOWs.exe
  C:\Windows\System\oKFvOWs.exe
  2⤵
  PID:356
- C:\Windows\System\clICuPI.exe
  C:\Windows\System\clICuPI.exe
  2⤵
  PID:3004
- C:\Windows\System\QluOBaj.exe
  C:\Windows\System\QluOBaj.exe
  2⤵
  PID:1480
- C:\Windows\System\hximbkH.exe
  C:\Windows\System\hximbkH.exe
  2⤵
  PID:2256
- C:\Windows\System\QzPqVzk.exe
  C:\Windows\System\QzPqVzk.exe
  2⤵
  PID:1732
- C:\Windows\System\GnJnrkV.exe
  C:\Windows\System\GnJnrkV.exe
  2⤵
  PID:2860
- C:\Windows\System\KZSIPyy.exe
  C:\Windows\System\KZSIPyy.exe
  2⤵
  PID:288
- C:\Windows\System\HMFGQOe.exe
  C:\Windows\System\HMFGQOe.exe
  2⤵
  PID:2236
- C:\Windows\System\xDtPmYL.exe
  C:\Windows\System\xDtPmYL.exe
  2⤵
  PID:1112
- C:\Windows\System\gBVqOka.exe
  C:\Windows\System\gBVqOka.exe
  2⤵
  PID:3024
- C:\Windows\System\NhBBvWM.exe
  C:\Windows\System\NhBBvWM.exe
  2⤵
  PID:1520
- C:\Windows\System\IffnUJe.exe
  C:\Windows\System\IffnUJe.exe
  2⤵
  PID:1760
- C:\Windows\System\scPFByP.exe
  C:\Windows\System\scPFByP.exe
  2⤵
  PID:2968
- C:\Windows\System\boAiWrf.exe
  C:\Windows\System\boAiWrf.exe
  2⤵
  PID:2360
- C:\Windows\System\ycWmWLL.exe
  C:\Windows\System\ycWmWLL.exe
  2⤵
  PID:2476
- C:\Windows\System\QeKxdvU.exe
  C:\Windows\System\QeKxdvU.exe
  2⤵
  PID:1892
- C:\Windows\System\wglgYLH.exe
  C:\Windows\System\wglgYLH.exe
  2⤵
  PID:3020
- C:\Windows\System\ShSHOtF.exe
  C:\Windows\System\ShSHOtF.exe
  2⤵
  PID:1008
- C:\Windows\System\DiOfKll.exe
  C:\Windows\System\DiOfKll.exe
  2⤵
  PID:2984
- C:\Windows\System\xoZVeVN.exe
  C:\Windows\System\xoZVeVN.exe
  2⤵
  PID:1684
- C:\Windows\System\nDNaNGw.exe
  C:\Windows\System\nDNaNGw.exe
  2⤵
  PID:2384
- C:\Windows\System\brllCsM.exe
  C:\Windows\System\brllCsM.exe
  2⤵
  PID:2140
- C:\Windows\System\diiCghc.exe
  C:\Windows\System\diiCghc.exe
  2⤵
  PID:2196
- C:\Windows\System\pcbGvlx.exe
  C:\Windows\System\pcbGvlx.exe
  2⤵
  PID:2736
- C:\Windows\System\lBoedsz.exe
  C:\Windows\System\lBoedsz.exe
  2⤵
  PID:2016
- C:\Windows\System\HjnamIH.exe
  C:\Windows\System\HjnamIH.exe
  2⤵
  PID:2060
- C:\Windows\System\tLIXDHh.exe
  C:\Windows\System\tLIXDHh.exe
  2⤵
  PID:2956
- C:\Windows\System\rkIGOOJ.exe
  C:\Windows\System\rkIGOOJ.exe
  2⤵
  PID:2992
- C:\Windows\System\FBtMotu.exe
  C:\Windows\System\FBtMotu.exe
  2⤵
  PID:2184
- C:\Windows\System\NGrKKpH.exe
  C:\Windows\System\NGrKKpH.exe
  2⤵
  PID:1900
- C:\Windows\System\VcCyMzY.exe
  C:\Windows\System\VcCyMzY.exe
  2⤵
  PID:2032
- C:\Windows\System\qIYUavT.exe
  C:\Windows\System\qIYUavT.exe
  2⤵
  PID:2644
- C:\Windows\System\mlEyTqH.exe
  C:\Windows\System\mlEyTqH.exe
  2⤵
  PID:2448
- C:\Windows\System\sThdKQt.exe
  C:\Windows\System\sThdKQt.exe
  2⤵
  PID:564
- C:\Windows\System\SpLLNUM.exe
  C:\Windows\System\SpLLNUM.exe
  2⤵
  PID:1604
- C:\Windows\System\AoVXYMe.exe
  C:\Windows\System\AoVXYMe.exe
  2⤵
  PID:2584
- C:\Windows\System\llkkxBY.exe
  C:\Windows\System\llkkxBY.exe
  2⤵
  PID:1472
- C:\Windows\System\rfaNfIh.exe
  C:\Windows\System\rfaNfIh.exe
  2⤵
  PID:1856
- C:\Windows\System\xAtUGNn.exe
  C:\Windows\System\xAtUGNn.exe
  2⤵
  PID:860
- C:\Windows\System\mqjlQhy.exe
  C:\Windows\System\mqjlQhy.exe
  2⤵
  PID:1756
- C:\Windows\System\LYRYBba.exe
  C:\Windows\System\LYRYBba.exe
  2⤵
  PID:1544
- C:\Windows\System\OfAsczV.exe
  C:\Windows\System\OfAsczV.exe
  2⤵
  PID:1820
- C:\Windows\System\RXbiKrh.exe
  C:\Windows\System\RXbiKrh.exe
  2⤵
  PID:1036
- C:\Windows\System\WtxywPE.exe
  C:\Windows\System\WtxywPE.exe
  2⤵
  PID:2712
- C:\Windows\System\jLhZpIR.exe
  C:\Windows\System\jLhZpIR.exe
  2⤵
  PID:2176
- C:\Windows\System\hQLRrIw.exe
  C:\Windows\System\hQLRrIw.exe
  2⤵
  PID:864
- C:\Windows\System\PVBUahQ.exe
  C:\Windows\System\PVBUahQ.exe
  2⤵
  PID:1584
- C:\Windows\System\UMHwPZL.exe
  C:\Windows\System\UMHwPZL.exe
  2⤵
  PID:2220
- C:\Windows\System\xyTMfAS.exe
  C:\Windows\System\xyTMfAS.exe
  2⤵
  PID:2160
- C:\Windows\System\JDceTWc.exe
  C:\Windows\System\JDceTWc.exe
  2⤵
  PID:1636
- C:\Windows\System\HzRvlsj.exe
  C:\Windows\System\HzRvlsj.exe
  2⤵
  PID:664
- C:\Windows\System\vVykIZq.exe
  C:\Windows\System\vVykIZq.exe
  2⤵
  PID:2008
- C:\Windows\System\rfMmqsX.exe
  C:\Windows\System\rfMmqsX.exe
  2⤵
  PID:764
- C:\Windows\System\dfTCcWS.exe
  C:\Windows\System\dfTCcWS.exe
  2⤵
  PID:2484
- C:\Windows\System\ORqePpi.exe
  C:\Windows\System\ORqePpi.exe
  2⤵
  PID:1644
- C:\Windows\System\vBgtQsm.exe
  C:\Windows\System\vBgtQsm.exe
  2⤵
  PID:540
- C:\Windows\System\kURHzvT.exe
  C:\Windows\System\kURHzvT.exe
  2⤵
  PID:2376
- C:\Windows\System\OIBEzwu.exe
  C:\Windows\System\OIBEzwu.exe
  2⤵
  PID:1396
- C:\Windows\System\TRhKbYX.exe
  C:\Windows\System\TRhKbYX.exe
  2⤵
  PID:2272
- C:\Windows\System\xDhtnua.exe
  C:\Windows\System\xDhtnua.exe
  2⤵
  PID:2708
- C:\Windows\System\LstAKAR.exe
  C:\Windows\System\LstAKAR.exe
  2⤵
  PID:1752
- C:\Windows\System\ElHZrRw.exe
  C:\Windows\System\ElHZrRw.exe
  2⤵
  PID:2328
- C:\Windows\System\nVSMYXW.exe
  C:\Windows\System\nVSMYXW.exe
  2⤵
  PID:680
- C:\Windows\System\TkPEIGg.exe
  C:\Windows\System\TkPEIGg.exe
  2⤵
  PID:2380
- C:\Windows\System\xkxhOOA.exe
  C:\Windows\System\xkxhOOA.exe
  2⤵
  PID:2600
- C:\Windows\System\JbneIFt.exe
  C:\Windows\System\JbneIFt.exe
  2⤵
  PID:3008
- C:\Windows\System\XsdztLa.exe
  C:\Windows\System\XsdztLa.exe
  2⤵
  PID:2464
- C:\Windows\System\KUJgZJO.exe
  C:\Windows\System\KUJgZJO.exe
  2⤵
  PID:2628
- C:\Windows\System\Mqtlqxd.exe
  C:\Windows\System\Mqtlqxd.exe
  2⤵
  PID:2852
- C:\Windows\System\ZCtYQWo.exe
  C:\Windows\System\ZCtYQWo.exe
  2⤵
  PID:1904
- C:\Windows\System\VkHJQzM.exe
  C:\Windows\System\VkHJQzM.exe
  2⤵
  PID:1488
- C:\Windows\System\YDoNURv.exe
  C:\Windows\System\YDoNURv.exe
  2⤵
  PID:2488
- C:\Windows\System\igXIhEC.exe
  C:\Windows\System\igXIhEC.exe
  2⤵
  PID:1952
- C:\Windows\System\gzoriTj.exe
  C:\Windows\System\gzoriTj.exe
  2⤵
  PID:2144
- C:\Windows\System\RdTHupG.exe
  C:\Windows\System\RdTHupG.exe
  2⤵
  PID:948
- C:\Windows\System\cdVKcec.exe
  C:\Windows\System\cdVKcec.exe
  2⤵
  PID:1496
- C:\Windows\System\DZVIXSd.exe
  C:\Windows\System\DZVIXSd.exe
  2⤵
  PID:2412
- C:\Windows\System\znYLirW.exe
  C:\Windows\System\znYLirW.exe
  2⤵
  PID:2864
- C:\Windows\System\HCNoWfL.exe
  C:\Windows\System\HCNoWfL.exe
  2⤵
  PID:2456
- C:\Windows\System\sshXddj.exe
  C:\Windows\System\sshXddj.exe
  2⤵
  PID:2168
- C:\Windows\System\xuJONtF.exe
  C:\Windows\System\xuJONtF.exe
  2⤵
  PID:1784
- C:\Windows\System\mpJcsKb.exe
  C:\Windows\System\mpJcsKb.exe
  2⤵
  PID:2908
- C:\Windows\System\jRyHOfp.exe
  C:\Windows\System\jRyHOfp.exe
  2⤵
  PID:1048
- C:\Windows\System\DuWGpze.exe
  C:\Windows\System\DuWGpze.exe
  2⤵
  PID:1248
- C:\Windows\System\LIYYLxP.exe
  C:\Windows\System\LIYYLxP.exe
  2⤵
  PID:2684
- C:\Windows\System\exymHYt.exe
  C:\Windows\System\exymHYt.exe
  2⤵
  PID:1704
- C:\Windows\System\wesAYFj.exe
  C:\Windows\System\wesAYFj.exe
  2⤵
  PID:2020
- C:\Windows\System\aPrFIud.exe
  C:\Windows\System\aPrFIud.exe
  2⤵
  PID:2036
- C:\Windows\System\tJueTNm.exe
  C:\Windows\System\tJueTNm.exe
  2⤵
  PID:2068
- C:\Windows\System\KZSwCRk.exe
  C:\Windows\System\KZSwCRk.exe
  2⤵
  PID:3088
- C:\Windows\System\zYdCQlt.exe
  C:\Windows\System\zYdCQlt.exe
  2⤵
  PID:3104
- C:\Windows\System\ddihkwH.exe
  C:\Windows\System\ddihkwH.exe
  2⤵
  PID:3120
- C:\Windows\System\fmoMzZh.exe
  C:\Windows\System\fmoMzZh.exe
  2⤵
  PID:3136
- C:\Windows\System\wgbKqVe.exe
  C:\Windows\System\wgbKqVe.exe
  2⤵
  PID:3152
- C:\Windows\System\LIUmNNL.exe
  C:\Windows\System\LIUmNNL.exe
  2⤵
  PID:3168
- C:\Windows\System\SqFTMZA.exe
  C:\Windows\System\SqFTMZA.exe
  2⤵
  PID:3184
- C:\Windows\System\tMotzIg.exe
  C:\Windows\System\tMotzIg.exe
  2⤵
  PID:3200
- C:\Windows\System\GZnmeum.exe
  C:\Windows\System\GZnmeum.exe
  2⤵
  PID:3216
- C:\Windows\System\kJbRAek.exe
  C:\Windows\System\kJbRAek.exe
  2⤵
  PID:3232
- C:\Windows\System\gyWwGAn.exe
  C:\Windows\System\gyWwGAn.exe
  2⤵
  PID:3248
- C:\Windows\System\oSYReiQ.exe
  C:\Windows\System\oSYReiQ.exe
  2⤵
  PID:3264
- C:\Windows\System\oPqXGMm.exe
  C:\Windows\System\oPqXGMm.exe
  2⤵
  PID:3296
- C:\Windows\System\lPKeYGF.exe
  C:\Windows\System\lPKeYGF.exe
  2⤵
  PID:3312
- C:\Windows\System\FzOBIyS.exe
  C:\Windows\System\FzOBIyS.exe
  2⤵
  PID:3332
- C:\Windows\System\hIXZFEE.exe
  C:\Windows\System\hIXZFEE.exe
  2⤵
  PID:3368
- C:\Windows\System\OzNkhVd.exe
  C:\Windows\System\OzNkhVd.exe
  2⤵
  PID:3388
- C:\Windows\System\uasYTWS.exe
  C:\Windows\System\uasYTWS.exe
  2⤵
  PID:3428
- C:\Windows\System\TwMOlZD.exe
  C:\Windows\System\TwMOlZD.exe
  2⤵
  PID:3444
- C:\Windows\System\bAfwGxn.exe
  C:\Windows\System\bAfwGxn.exe
  2⤵
  PID:3460
- C:\Windows\System\xOyhdIG.exe
  C:\Windows\System\xOyhdIG.exe
  2⤵
  PID:3476
- C:\Windows\System\PpCZaVo.exe
  C:\Windows\System\PpCZaVo.exe
  2⤵
  PID:3492
- C:\Windows\System\PlJKwrZ.exe
  C:\Windows\System\PlJKwrZ.exe
  2⤵
  PID:3508
- C:\Windows\System\wRErzwB.exe
  C:\Windows\System\wRErzwB.exe
  2⤵
  PID:3524
- C:\Windows\System\GiXzMsq.exe
  C:\Windows\System\GiXzMsq.exe
  2⤵
  PID:3540
- C:\Windows\System\cCxJdlh.exe
  C:\Windows\System\cCxJdlh.exe
  2⤵
  PID:3576
- C:\Windows\System\NNZHEKV.exe
  C:\Windows\System\NNZHEKV.exe
  2⤵
  PID:3592
- C:\Windows\System\HeqmoZt.exe
  C:\Windows\System\HeqmoZt.exe
  2⤵
  PID:3620
- C:\Windows\System\ePZgpAg.exe
  C:\Windows\System\ePZgpAg.exe
  2⤵
  PID:3640
- C:\Windows\System\adMcamD.exe
  C:\Windows\System\adMcamD.exe
  2⤵
  PID:3660
- C:\Windows\System\rlBJdzX.exe
  C:\Windows\System\rlBJdzX.exe
  2⤵
  PID:3676
- C:\Windows\System\sHHeSkK.exe
  C:\Windows\System\sHHeSkK.exe
  2⤵
  PID:3696
- C:\Windows\System\UcucnoW.exe
  C:\Windows\System\UcucnoW.exe
  2⤵
  PID:3724
- C:\Windows\System\tEYJBWs.exe
  C:\Windows\System\tEYJBWs.exe
  2⤵
  PID:3748
- C:\Windows\System\QEWpTNJ.exe
  C:\Windows\System\QEWpTNJ.exe
  2⤵
  PID:3764
- C:\Windows\System\XJrQfVB.exe
  C:\Windows\System\XJrQfVB.exe
  2⤵
  PID:3784
- C:\Windows\System\zRCAAak.exe
  C:\Windows\System\zRCAAak.exe
  2⤵
  PID:3800
- C:\Windows\System\YHJTNUD.exe
  C:\Windows\System\YHJTNUD.exe
  2⤵
  PID:3816
- C:\Windows\System\gevnXEI.exe
  C:\Windows\System\gevnXEI.exe
  2⤵
  PID:3832
- C:\Windows\System\aZyGFtz.exe
  C:\Windows\System\aZyGFtz.exe
  2⤵
  PID:3848
- C:\Windows\System\Yetvmhu.exe
  C:\Windows\System\Yetvmhu.exe
  2⤵
  PID:3864
- C:\Windows\System\rpdTjzf.exe
  C:\Windows\System\rpdTjzf.exe
  2⤵
  PID:3884
- C:\Windows\System\ecUkEce.exe
  C:\Windows\System\ecUkEce.exe
  2⤵
  PID:3900
- C:\Windows\System\JVGZQRv.exe
  C:\Windows\System\JVGZQRv.exe
  2⤵
  PID:3924
- C:\Windows\System\YEOTvBm.exe
  C:\Windows\System\YEOTvBm.exe
  2⤵
  PID:4048
- C:\Windows\System\rLonkBf.exe
  C:\Windows\System\rLonkBf.exe
  2⤵
  PID:1420
- C:\Windows\System\CtFkXgp.exe
  C:\Windows\System\CtFkXgp.exe
  2⤵
  PID:112
- C:\Windows\System\HXbVOlo.exe
  C:\Windows\System\HXbVOlo.exe
  2⤵
  PID:3116
- C:\Windows\System\bpbmTMS.exe
  C:\Windows\System\bpbmTMS.exe
  2⤵
  PID:3148
- C:\Windows\System\CDHpgkA.exe
  C:\Windows\System\CDHpgkA.exe
  2⤵
  PID:3224
- C:\Windows\System\XwQfUpo.exe
  C:\Windows\System\XwQfUpo.exe
  2⤵
  PID:3340
- C:\Windows\System\MhLfHRr.exe
  C:\Windows\System\MhLfHRr.exe
  2⤵
  PID:3352
- C:\Windows\System\UhBbMvs.exe
  C:\Windows\System\UhBbMvs.exe
  2⤵
  PID:3360
- C:\Windows\System\uFILLWW.exe
  C:\Windows\System\uFILLWW.exe
  2⤵
  PID:3380
- C:\Windows\System\zlKsQYU.exe
  C:\Windows\System\zlKsQYU.exe
  2⤵
  PID:3408
- C:\Windows\System\bGQHYPd.exe
  C:\Windows\System\bGQHYPd.exe
  2⤵
  PID:3452
- C:\Windows\System\RUlLGBC.exe
  C:\Windows\System\RUlLGBC.exe
  2⤵
  PID:3516
- C:\Windows\System\LBTfCBJ.exe
  C:\Windows\System\LBTfCBJ.exe
  2⤵
  PID:3556
- C:\Windows\System\EPSHFWI.exe
  C:\Windows\System\EPSHFWI.exe
  2⤵
  PID:3600
- C:\Windows\System\mJMOiRA.exe
  C:\Windows\System\mJMOiRA.exe
  2⤵
  PID:3616
- C:\Windows\System\xiAhWJF.exe
  C:\Windows\System\xiAhWJF.exe
  2⤵
  PID:3652
- C:\Windows\System\ZnKftLA.exe
  C:\Windows\System\ZnKftLA.exe
  2⤵
  PID:3440
- C:\Windows\System\UMNTnPc.exe
  C:\Windows\System\UMNTnPc.exe
  2⤵
  PID:3532
- C:\Windows\System\ObftQbt.exe
  C:\Windows\System\ObftQbt.exe
  2⤵
  PID:3668
- C:\Windows\System\wzZwuBH.exe
  C:\Windows\System\wzZwuBH.exe
  2⤵
  PID:3716
- C:\Windows\System\ZjvhkDy.exe
  C:\Windows\System\ZjvhkDy.exe
  2⤵
  PID:3740
- C:\Windows\System\CzHxalH.exe
  C:\Windows\System\CzHxalH.exe
  2⤵
  PID:3776
- C:\Windows\System\ArzNuEt.exe
  C:\Windows\System\ArzNuEt.exe
  2⤵
  PID:3708
- C:\Windows\System\IgkMYqR.exe
  C:\Windows\System\IgkMYqR.exe
  2⤵
  PID:3892
- C:\Windows\System\vJBMboj.exe
  C:\Windows\System\vJBMboj.exe
  2⤵
  PID:3824
- C:\Windows\System\nfdUwyd.exe
  C:\Windows\System\nfdUwyd.exe
  2⤵
  PID:3908
- C:\Windows\System\JiSEVKw.exe
  C:\Windows\System\JiSEVKw.exe
  2⤵
  PID:3976
- C:\Windows\System\KAFjPLt.exe
  C:\Windows\System\KAFjPLt.exe
  2⤵
  PID:3996
- C:\Windows\System\WnEjSkM.exe
  C:\Windows\System\WnEjSkM.exe
  2⤵
  PID:4012
- C:\Windows\System\YDraFPq.exe
  C:\Windows\System\YDraFPq.exe
  2⤵
  PID:4064
- C:\Windows\System\ZrXQwZF.exe
  C:\Windows\System\ZrXQwZF.exe
  2⤵
  PID:4080
- C:\Windows\System\OtFAZcm.exe
  C:\Windows\System\OtFAZcm.exe
  2⤵
  PID:4092
- C:\Windows\System\AnXIXiq.exe
  C:\Windows\System\AnXIXiq.exe
  2⤵
  PID:3096
- C:\Windows\System\CxkFajc.exe
  C:\Windows\System\CxkFajc.exe
  2⤵
  PID:3100
- C:\Windows\System\nOlkQUm.exe
  C:\Windows\System\nOlkQUm.exe
  2⤵
  PID:4040
- C:\Windows\System\sMCueJT.exe
  C:\Windows\System\sMCueJT.exe
  2⤵
  PID:3176
- C:\Windows\System\ffrVCRA.exe
  C:\Windows\System\ffrVCRA.exe
  2⤵
  PID:3208
- C:\Windows\System\caCPkiQ.exe
  C:\Windows\System\caCPkiQ.exe
  2⤵
  PID:3260
- C:\Windows\System\SwkJIdq.exe
  C:\Windows\System\SwkJIdq.exe
  2⤵
  PID:3320
- C:\Windows\System\irigxsZ.exe
  C:\Windows\System\irigxsZ.exe
  2⤵
  PID:3356
- C:\Windows\System\uGvfLvx.exe
  C:\Windows\System\uGvfLvx.exe
  2⤵
  PID:3400
- C:\Windows\System\DUQOBqa.exe
  C:\Windows\System\DUQOBqa.exe
  2⤵
  PID:3604
- C:\Windows\System\UOEuesv.exe
  C:\Windows\System\UOEuesv.exe
  2⤵
  PID:3572
- C:\Windows\System\WaqqhlK.exe
  C:\Windows\System\WaqqhlK.exe
  2⤵
  PID:3472
- C:\Windows\System\nUsiMlr.exe
  C:\Windows\System\nUsiMlr.exe
  2⤵
  PID:3488
- C:\Windows\System\YBXPIxT.exe
  C:\Windows\System\YBXPIxT.exe
  2⤵
  PID:3736
- C:\Windows\System\sVvvTJQ.exe
  C:\Windows\System\sVvvTJQ.exe
  2⤵
  PID:3712
- C:\Windows\System\kUgZgrO.exe
  C:\Windows\System\kUgZgrO.exe
  2⤵
  PID:3760
- C:\Windows\System\NSyIRsw.exe
  C:\Windows\System\NSyIRsw.exe
  2⤵
  PID:3932
- C:\Windows\System\vnYFIiT.exe
  C:\Windows\System\vnYFIiT.exe
  2⤵
  PID:3792
- C:\Windows\System\doyhtRF.exe
  C:\Windows\System\doyhtRF.exe
  2⤵
  PID:3880
- C:\Windows\System\tRzOfXU.exe
  C:\Windows\System\tRzOfXU.exe
  2⤵
  PID:3972
- C:\Windows\System\ruxfGQQ.exe
  C:\Windows\System\ruxfGQQ.exe
  2⤵
  PID:3992
- C:\Windows\System\uevxkzF.exe
  C:\Windows\System\uevxkzF.exe
  2⤵
  PID:4072
- C:\Windows\System\JWuOVgC.exe
  C:\Windows\System\JWuOVgC.exe
  2⤵
  PID:3112
- C:\Windows\System\LESiTff.exe
  C:\Windows\System\LESiTff.exe
  2⤵
  PID:1724
- C:\Windows\System\veAvnun.exe
  C:\Windows\System\veAvnun.exe
  2⤵
  PID:4084
- C:\Windows\System\xKNYRtZ.exe
  C:\Windows\System\xKNYRtZ.exe
  2⤵
  PID:3164
- C:\Windows\System\MLhTSxF.exe
  C:\Windows\System\MLhTSxF.exe
  2⤵
  PID:3304
- C:\Windows\System\BUrFFbm.exe
  C:\Windows\System\BUrFFbm.exe
  2⤵
  PID:3280
- C:\Windows\System\IEbWhPt.exe
  C:\Windows\System\IEbWhPt.exe
  2⤵
  PID:2960
- C:\Windows\System\NsitvNk.exe
  C:\Windows\System\NsitvNk.exe
  2⤵
  PID:3420
- C:\Windows\System\atDfWPj.exe
  C:\Windows\System\atDfWPj.exe
  2⤵
  PID:3484
- C:\Windows\System\kzpOIDc.exe
  C:\Windows\System\kzpOIDc.exe
  2⤵
  PID:2804
- C:\Windows\System\QmVWCtx.exe
  C:\Windows\System\QmVWCtx.exe
  2⤵
  PID:3808
- C:\Windows\System\FdTZdbB.exe
  C:\Windows\System\FdTZdbB.exe
  2⤵
  PID:3872
- C:\Windows\System\CBFQedu.exe
  C:\Windows\System\CBFQedu.exe
  2⤵
  PID:4036
- C:\Windows\System\RzSipbK.exe
  C:\Windows\System\RzSipbK.exe
  2⤵
  PID:4028
- C:\Windows\System\brwZNrN.exe
  C:\Windows\System\brwZNrN.exe
  2⤵
  PID:3256
- C:\Windows\System\lWaAlmi.exe
  C:\Windows\System\lWaAlmi.exe
  2⤵
  PID:3684
- C:\Windows\System\sZooyqw.exe
  C:\Windows\System\sZooyqw.exe
  2⤵
  PID:3144
- C:\Windows\System\lUktFPC.exe
  C:\Windows\System\lUktFPC.exe
  2⤵
  PID:3828
- C:\Windows\System\AjTkoTx.exe
  C:\Windows\System\AjTkoTx.exe
  2⤵
  PID:3504
- C:\Windows\System\sbAwamC.exe
  C:\Windows\System\sbAwamC.exe
  2⤵
  PID:3196
- C:\Windows\System\ZMIHLla.exe
  C:\Windows\System\ZMIHLla.exe
  2⤵
  PID:3084
- C:\Windows\System\qAfWefL.exe
  C:\Windows\System\qAfWefL.exe
  2⤵
  PID:3240
- C:\Windows\System\sTrWEoo.exe
  C:\Windows\System\sTrWEoo.exe
  2⤵
  PID:3672
- C:\Windows\System\DhHGxkJ.exe
  C:\Windows\System\DhHGxkJ.exe
  2⤵
  PID:3944
- C:\Windows\System\DGTKNwi.exe
  C:\Windows\System\DGTKNwi.exe
  2⤵
  PID:2352
- C:\Windows\System\ttxjxJk.exe
  C:\Windows\System\ttxjxJk.exe
  2⤵
  PID:1616
- C:\Windows\System\BjEXqrn.exe
  C:\Windows\System\BjEXqrn.exe
  2⤵
  PID:2056
- C:\Windows\System\Pjdohcm.exe
  C:\Windows\System\Pjdohcm.exe
  2⤵
  PID:4100
- C:\Windows\System\rDtvIok.exe
  C:\Windows\System\rDtvIok.exe
  2⤵
  PID:4116
- C:\Windows\System\kJPQeOs.exe
  C:\Windows\System\kJPQeOs.exe
  2⤵
  PID:4140
- C:\Windows\System\HbCKiVa.exe
  C:\Windows\System\HbCKiVa.exe
  2⤵
  PID:4156
- C:\Windows\System\BgwGxIM.exe
  C:\Windows\System\BgwGxIM.exe
  2⤵
  PID:4172
- C:\Windows\System\YhVjyEf.exe
  C:\Windows\System\YhVjyEf.exe
  2⤵
  PID:4216
- C:\Windows\System\hKkeBjM.exe
  C:\Windows\System\hKkeBjM.exe
  2⤵
  PID:4236
- C:\Windows\System\lxFquth.exe
  C:\Windows\System\lxFquth.exe
  2⤵
  PID:4268
- C:\Windows\System\RqSREcp.exe
  C:\Windows\System\RqSREcp.exe
  2⤵
  PID:4284
- C:\Windows\System\BpWCiQR.exe
  C:\Windows\System\BpWCiQR.exe
  2⤵
  PID:4300
- C:\Windows\System\hCHSpyp.exe
  C:\Windows\System\hCHSpyp.exe
  2⤵
  PID:4320
- C:\Windows\System\BLeLzvb.exe
  C:\Windows\System\BLeLzvb.exe
  2⤵
  PID:4336
- C:\Windows\System\GNrNZfb.exe
  C:\Windows\System\GNrNZfb.exe
  2⤵
  PID:4356
- C:\Windows\System\JdSAmDE.exe
  C:\Windows\System\JdSAmDE.exe
  2⤵
  PID:4376
- C:\Windows\System\AiksaVd.exe
  C:\Windows\System\AiksaVd.exe
  2⤵
  PID:4400
- C:\Windows\System\WKvEnjY.exe
  C:\Windows\System\WKvEnjY.exe
  2⤵
  PID:4416
- C:\Windows\System\TyKIrAD.exe
  C:\Windows\System\TyKIrAD.exe
  2⤵
  PID:4432
- C:\Windows\System\VXOjtgD.exe
  C:\Windows\System\VXOjtgD.exe
  2⤵
  PID:4448
- C:\Windows\System\dMWsUrG.exe
  C:\Windows\System\dMWsUrG.exe
  2⤵
  PID:4464
- C:\Windows\System\ozvFgUt.exe
  C:\Windows\System\ozvFgUt.exe
  2⤵
  PID:4488
- C:\Windows\System\jZcBrYy.exe
  C:\Windows\System\jZcBrYy.exe
  2⤵
  PID:4504
- C:\Windows\System\jdpWyjs.exe
  C:\Windows\System\jdpWyjs.exe
  2⤵
  PID:4520
- C:\Windows\System\wZHqrom.exe
  C:\Windows\System\wZHqrom.exe
  2⤵
  PID:4540
- C:\Windows\System\DOEyVrP.exe
  C:\Windows\System\DOEyVrP.exe
  2⤵
  PID:4560
- C:\Windows\System\Yxyajpn.exe
  C:\Windows\System\Yxyajpn.exe
  2⤵
  PID:4620
- C:\Windows\System\RhVobce.exe
  C:\Windows\System\RhVobce.exe
  2⤵
  PID:4652
- C:\Windows\System\dygCCPQ.exe
  C:\Windows\System\dygCCPQ.exe
  2⤵
  PID:4668
- C:\Windows\System\WnMiRBA.exe
  C:\Windows\System\WnMiRBA.exe
  2⤵
  PID:4688
- C:\Windows\System\jwNRhly.exe
  C:\Windows\System\jwNRhly.exe
  2⤵
  PID:4704
- C:\Windows\System\hELCLXm.exe
  C:\Windows\System\hELCLXm.exe
  2⤵
  PID:4720
- C:\Windows\System\yZaVhZY.exe
  C:\Windows\System\yZaVhZY.exe
  2⤵
  PID:4740
- C:\Windows\System\KCzdhFQ.exe
  C:\Windows\System\KCzdhFQ.exe
  2⤵
  PID:4768
- C:\Windows\System\wEkgdJs.exe
  C:\Windows\System\wEkgdJs.exe
  2⤵
  PID:4788
- C:\Windows\System\PzfHWPL.exe
  C:\Windows\System\PzfHWPL.exe
  2⤵
  PID:4804
- C:\Windows\System\xdjtYzY.exe
  C:\Windows\System\xdjtYzY.exe
  2⤵
  PID:4824
- C:\Windows\System\ayXoJag.exe
  C:\Windows\System\ayXoJag.exe
  2⤵
  PID:4848
- C:\Windows\System\TfkCBvf.exe
  C:\Windows\System\TfkCBvf.exe
  2⤵
  PID:4868
- C:\Windows\System\akUVDGY.exe
  C:\Windows\System\akUVDGY.exe
  2⤵
  PID:4888
- C:\Windows\System\gegXBUO.exe
  C:\Windows\System\gegXBUO.exe
  2⤵
  PID:4904
- C:\Windows\System\dICNOyb.exe
  C:\Windows\System\dICNOyb.exe
  2⤵
  PID:4920
- C:\Windows\System\TkxYlXh.exe
  C:\Windows\System\TkxYlXh.exe
  2⤵
  PID:4936
- C:\Windows\System\zwNWfdz.exe
  C:\Windows\System\zwNWfdz.exe
  2⤵
  PID:4952
- C:\Windows\System\CHMRxDH.exe
  C:\Windows\System\CHMRxDH.exe
  2⤵
  PID:4968
- C:\Windows\System\FZOIVAK.exe
  C:\Windows\System\FZOIVAK.exe
  2⤵
  PID:4984
- C:\Windows\System\yYgvzUb.exe
  C:\Windows\System\yYgvzUb.exe
  2⤵
  PID:5004
- C:\Windows\System\JAgFRok.exe
  C:\Windows\System\JAgFRok.exe
  2⤵
  PID:5024
- C:\Windows\System\xtmYVOV.exe
  C:\Windows\System\xtmYVOV.exe
  2⤵
  PID:5048
- C:\Windows\System\bOhKkAE.exe
  C:\Windows\System\bOhKkAE.exe
  2⤵
  PID:5064
- C:\Windows\System\YruBNiS.exe
  C:\Windows\System\YruBNiS.exe
  2⤵
  PID:5080
- C:\Windows\System\dZsbNFr.exe
  C:\Windows\System\dZsbNFr.exe
  2⤵
  PID:5096
- C:\Windows\System\Vusbjoc.exe
  C:\Windows\System\Vusbjoc.exe
  2⤵
  PID:5112
- C:\Windows\System\VifNcTy.exe
  C:\Windows\System\VifNcTy.exe
  2⤵
  PID:3284
- C:\Windows\System\BJfLKqd.exe
  C:\Windows\System\BJfLKqd.exe
  2⤵
  PID:3984
- C:\Windows\System\TidSDYq.exe
  C:\Windows\System\TidSDYq.exe
  2⤵
  PID:3568
- C:\Windows\System\POcnZHU.exe
  C:\Windows\System\POcnZHU.exe
  2⤵
  PID:4108
- C:\Windows\System\JyNdiGf.exe
  C:\Windows\System\JyNdiGf.exe
  2⤵
  PID:4004
- C:\Windows\System\trkvudT.exe
  C:\Windows\System\trkvudT.exe
  2⤵
  PID:3292
- C:\Windows\System\YUqjHXK.exe
  C:\Windows\System\YUqjHXK.exe
  2⤵
  PID:4188
- C:\Windows\System\yrSfiee.exe
  C:\Windows\System\yrSfiee.exe
  2⤵
  PID:4204
- C:\Windows\System\pYQEsyv.exe
  C:\Windows\System\pYQEsyv.exe
  2⤵
  PID:4260
- C:\Windows\System\FzKvjsS.exe
  C:\Windows\System\FzKvjsS.exe
  2⤵
  PID:4292
- C:\Windows\System\iHNHtJa.exe
  C:\Windows\System\iHNHtJa.exe
  2⤵
  PID:4328
- C:\Windows\System\qWnFWKI.exe
  C:\Windows\System\qWnFWKI.exe
  2⤵
  PID:1628
- C:\Windows\System\AfxFAhj.exe
  C:\Windows\System\AfxFAhj.exe
  2⤵
  PID:2560
- C:\Windows\System\qhiIypc.exe
  C:\Windows\System\qhiIypc.exe
  2⤵
  PID:4352
- C:\Windows\System\hRlgeNS.exe
  C:\Windows\System\hRlgeNS.exe
  2⤵
  PID:4412
- C:\Windows\System\PoxtIeb.exe
  C:\Windows\System\PoxtIeb.exe
  2⤵
  PID:4316
- C:\Windows\System\uPcPjvK.exe
  C:\Windows\System\uPcPjvK.exe
  2⤵
  PID:4512
- C:\Windows\System\rqMgQNf.exe
  C:\Windows\System\rqMgQNf.exe
  2⤵
  PID:4556
- C:\Windows\System\unuqbum.exe
  C:\Windows\System\unuqbum.exe
  2⤵
  PID:4388
- C:\Windows\System\SSBeoMr.exe
  C:\Windows\System\SSBeoMr.exe
  2⤵
  PID:4428
- C:\Windows\System\zeGiktZ.exe
  C:\Windows\System\zeGiktZ.exe
  2⤵
  PID:4496
- C:\Windows\System\fHcZCup.exe
  C:\Windows\System\fHcZCup.exe
  2⤵
  PID:4572
- C:\Windows\System\evzrpWZ.exe
  C:\Windows\System\evzrpWZ.exe
  2⤵
  PID:3692
- C:\Windows\System\vBgGfMT.exe
  C:\Windows\System\vBgGfMT.exe
  2⤵
  PID:4664
- C:\Windows\System\cFSrSVS.exe
  C:\Windows\System\cFSrSVS.exe
  2⤵
  PID:4700
- C:\Windows\System\mXWRiFF.exe
  C:\Windows\System\mXWRiFF.exe
  2⤵
  PID:4764
- C:\Windows\System\jSJyhSU.exe
  C:\Windows\System\jSJyhSU.exe
  2⤵
  PID:4780
- C:\Windows\System\XZKYhCA.exe
  C:\Windows\System\XZKYhCA.exe
  2⤵
  PID:4836
- C:\Windows\System\GSTAzXg.exe
  C:\Windows\System\GSTAzXg.exe
  2⤵
  PID:4816
- C:\Windows\System\UhzmSVh.exe
  C:\Windows\System\UhzmSVh.exe
  2⤵
  PID:4876
- C:\Windows\System\cScOFcd.exe
  C:\Windows\System\cScOFcd.exe
  2⤵
  PID:4964
- C:\Windows\System\RFyYmQr.exe
  C:\Windows\System\RFyYmQr.exe
  2⤵
  PID:5044
- C:\Windows\System\LpwhwTh.exe
  C:\Windows\System\LpwhwTh.exe
  2⤵
  PID:3968
- C:\Windows\System\EHZsfIP.exe
  C:\Windows\System\EHZsfIP.exe
  2⤵
  PID:4200
- C:\Windows\System\nlKBJbv.exe
  C:\Windows\System\nlKBJbv.exe
  2⤵
  PID:4916
- C:\Windows\System\KeTAkko.exe
  C:\Windows\System\KeTAkko.exe
  2⤵
  PID:4996
- C:\Windows\System\rbAWvJn.exe
  C:\Windows\System\rbAWvJn.exe
  2⤵
  PID:2980
- C:\Windows\System\CRBsREA.exe
  C:\Windows\System\CRBsREA.exe
  2⤵
  PID:5060
- C:\Windows\System\qSbITQT.exe
  C:\Windows\System\qSbITQT.exe
  2⤵
  PID:3948
- C:\Windows\System\uFbHQEE.exe
  C:\Windows\System\uFbHQEE.exe
  2⤵
  PID:3960
- C:\Windows\System\lBWqpSZ.exe
  C:\Windows\System\lBWqpSZ.exe
  2⤵
  PID:4164
- C:\Windows\System\owvwnkO.exe
  C:\Windows\System\owvwnkO.exe
  2⤵
  PID:4128
- C:\Windows\System\EUMBDXw.exe
  C:\Windows\System\EUMBDXw.exe
  2⤵
  PID:4184
- C:\Windows\System\RbAoqUR.exe
  C:\Windows\System\RbAoqUR.exe
  2⤵
  PID:4248
- C:\Windows\System\yngTZFZ.exe
  C:\Windows\System\yngTZFZ.exe
  2⤵
  PID:2044
- C:\Windows\System\iGSlZcg.exe
  C:\Windows\System\iGSlZcg.exe
  2⤵
  PID:1356
- C:\Windows\System\qliwukV.exe
  C:\Windows\System\qliwukV.exe
  2⤵
  PID:4484
- C:\Windows\System\vubNyuZ.exe
  C:\Windows\System\vubNyuZ.exe
  2⤵
  PID:4460
- C:\Windows\System\FwTwLgb.exe
  C:\Windows\System\FwTwLgb.exe
  2⤵
  PID:4444
- C:\Windows\System\WtYJXJb.exe
  C:\Windows\System\WtYJXJb.exe
  2⤵
  PID:4532
- C:\Windows\System\GNhVmdM.exe
  C:\Windows\System\GNhVmdM.exe
  2⤵
  PID:4568
- C:\Windows\System\SZUjaxc.exe
  C:\Windows\System\SZUjaxc.exe
  2⤵
  PID:4628
- C:\Windows\System\OvYXpFG.exe
  C:\Windows\System\OvYXpFG.exe
  2⤵
  PID:4640
- C:\Windows\System\pIqzhNd.exe
  C:\Windows\System\pIqzhNd.exe
  2⤵
  PID:4796
- C:\Windows\System\avHdVax.exe
  C:\Windows\System\avHdVax.exe
  2⤵
  PID:4716
- C:\Windows\System\ASJZalu.exe
  C:\Windows\System\ASJZalu.exe
  2⤵
  PID:4752
- C:\Windows\System\rcbNocD.exe
  C:\Windows\System\rcbNocD.exe
  2⤵
  PID:4856
- C:\Windows\System\CgiioSw.exe
  C:\Windows\System\CgiioSw.exe
  2⤵
  PID:4884
- C:\Windows\System\LrQFMqY.exe
  C:\Windows\System\LrQFMqY.exe
  2⤵
  PID:4960
- C:\Windows\System\mBEtwVK.exe
  C:\Windows\System\mBEtwVK.exe
  2⤵
  PID:4912
- C:\Windows\System\wRVfyIg.exe
  C:\Windows\System\wRVfyIg.exe
  2⤵
  PID:5076
- C:\Windows\System\MLkBHRO.exe
  C:\Windows\System\MLkBHRO.exe
  2⤵
  PID:2784
- C:\Windows\System\kTZMKCM.exe
  C:\Windows\System\kTZMKCM.exe
  2⤵
  PID:4840
- C:\Windows\System\cAiaaDk.exe
  C:\Windows\System\cAiaaDk.exe
  2⤵
  PID:4832
- C:\Windows\System\QvjoNiW.exe
  C:\Windows\System\QvjoNiW.exe
  2⤵
  PID:1512
- C:\Windows\System\gsBDQre.exe
  C:\Windows\System\gsBDQre.exe
  2⤵
  PID:4228
- C:\Windows\System\MDJdAtq.exe
  C:\Windows\System\MDJdAtq.exe
  2⤵
  PID:4368
- C:\Windows\System\uiKAwjp.exe
  C:\Windows\System\uiKAwjp.exe
  2⤵
  PID:4384
- C:\Windows\System\wNrYgbe.exe
  C:\Windows\System\wNrYgbe.exe
  2⤵
  PID:4212
- C:\Windows\System\yyWJBAj.exe
  C:\Windows\System\yyWJBAj.exe
  2⤵
  PID:3500
- C:\Windows\System\jfdVDhi.exe
  C:\Windows\System\jfdVDhi.exe
  2⤵
  PID:4332
- C:\Windows\System\VzMcmEe.exe
  C:\Windows\System\VzMcmEe.exe
  2⤵
  PID:4552
- C:\Windows\System\HuCtgFm.exe
  C:\Windows\System\HuCtgFm.exe
  2⤵
  PID:4696
- C:\Windows\System\ptWsNyO.exe
  C:\Windows\System\ptWsNyO.exe
  2⤵
  PID:4800
- C:\Windows\System\JBfFtgQ.exe
  C:\Windows\System\JBfFtgQ.exe
  2⤵
  PID:4152
- C:\Windows\System\vOOpNHz.exe
  C:\Windows\System\vOOpNHz.exe
  2⤵
  PID:5092
- C:\Windows\System\xgNAvBZ.exe
  C:\Windows\System\xgNAvBZ.exe
  2⤵
  PID:4896
- C:\Windows\System\iIlzKOa.exe
  C:\Windows\System\iIlzKOa.exe
  2⤵
  PID:5124
- C:\Windows\System\YGSxnfU.exe
  C:\Windows\System\YGSxnfU.exe
  2⤵
  PID:5168
- C:\Windows\System\lmbQSkP.exe
  C:\Windows\System\lmbQSkP.exe
  2⤵
  PID:5192
- C:\Windows\System\OYHmyRx.exe
  C:\Windows\System\OYHmyRx.exe
  2⤵
  PID:5208
- C:\Windows\System\EQMPVYr.exe
  C:\Windows\System\EQMPVYr.exe
  2⤵
  PID:5224
- C:\Windows\System\HcErlXX.exe
  C:\Windows\System\HcErlXX.exe
  2⤵
  PID:5240
- C:\Windows\System\YRfSrRV.exe
  C:\Windows\System\YRfSrRV.exe
  2⤵
  PID:5264
- C:\Windows\System\DHFrgvu.exe
  C:\Windows\System\DHFrgvu.exe
  2⤵
  PID:5280
- C:\Windows\System\uKcIOMZ.exe
  C:\Windows\System\uKcIOMZ.exe
  2⤵
  PID:5296
- C:\Windows\System\MnajrsQ.exe
  C:\Windows\System\MnajrsQ.exe
  2⤵
  PID:5316
- C:\Windows\System\PwhOabv.exe
  C:\Windows\System\PwhOabv.exe
  2⤵
  PID:5356
- C:\Windows\System\MNkKMEl.exe
  C:\Windows\System\MNkKMEl.exe
  2⤵
  PID:5372
- C:\Windows\System\xVGPreR.exe
  C:\Windows\System\xVGPreR.exe
  2⤵
  PID:5388
- C:\Windows\System\skPQNjG.exe
  C:\Windows\System\skPQNjG.exe
  2⤵
  PID:5416
- C:\Windows\System\eptWcPv.exe
  C:\Windows\System\eptWcPv.exe
  2⤵
  PID:5432
- C:\Windows\System\hBueYph.exe
  C:\Windows\System\hBueYph.exe
  2⤵
  PID:5448
- C:\Windows\System\ayBzwev.exe
  C:\Windows\System\ayBzwev.exe
  2⤵
  PID:5468
- C:\Windows\System\ULInUxh.exe
  C:\Windows\System\ULInUxh.exe
  2⤵
  PID:5484
- C:\Windows\System\vFallqO.exe
  C:\Windows\System\vFallqO.exe
  2⤵
  PID:5500
- C:\Windows\System\iwsPzHO.exe
  C:\Windows\System\iwsPzHO.exe
  2⤵
  PID:5532
- C:\Windows\System\VWmMrnU.exe
  C:\Windows\System\VWmMrnU.exe
  2⤵
  PID:5552
- C:\Windows\System\GeOglNz.exe
  C:\Windows\System\GeOglNz.exe
  2⤵
  PID:5568
- C:\Windows\System\dRQcYIN.exe
  C:\Windows\System\dRQcYIN.exe
  2⤵
  PID:5588
- C:\Windows\System\xwvnWRl.exe
  C:\Windows\System\xwvnWRl.exe
  2⤵
  PID:5604
- C:\Windows\System\bqBGxbN.exe
  C:\Windows\System\bqBGxbN.exe
  2⤵
  PID:5620
- C:\Windows\System\jCboGcd.exe
  C:\Windows\System\jCboGcd.exe
  2⤵
  PID:5640
- C:\Windows\System\SJExrTk.exe
  C:\Windows\System\SJExrTk.exe
  2⤵
  PID:5656
- C:\Windows\System\qxdFsbh.exe
  C:\Windows\System\qxdFsbh.exe
  2⤵
  PID:5672
- C:\Windows\System\ctYzlZh.exe
  C:\Windows\System\ctYzlZh.exe
  2⤵
  PID:5692
- C:\Windows\System\ZvQOcRB.exe
  C:\Windows\System\ZvQOcRB.exe
  2⤵
  PID:5708
- C:\Windows\System\hDhKQby.exe
  C:\Windows\System\hDhKQby.exe
  2⤵
  PID:5724
- C:\Windows\System\BbYmaGE.exe
  C:\Windows\System\BbYmaGE.exe
  2⤵
  PID:5748
- C:\Windows\System\UnmCwrA.exe
  C:\Windows\System\UnmCwrA.exe
  2⤵
  PID:5764
- C:\Windows\System\FsegYqb.exe
  C:\Windows\System\FsegYqb.exe
  2⤵
  PID:5780
- C:\Windows\System\QCaeoDo.exe
  C:\Windows\System\QCaeoDo.exe
  2⤵
  PID:5796
- C:\Windows\System\BlBTULf.exe
  C:\Windows\System\BlBTULf.exe
  2⤵
  PID:5812
- C:\Windows\System\QDkxFNA.exe
  C:\Windows\System\QDkxFNA.exe
  2⤵
  PID:5828
- C:\Windows\System\wPudeDO.exe
  C:\Windows\System\wPudeDO.exe
  2⤵
  PID:5868
- C:\Windows\System\sOOTqmq.exe
  C:\Windows\System\sOOTqmq.exe
  2⤵
  PID:5904
- C:\Windows\System\lqGDtOK.exe
  C:\Windows\System\lqGDtOK.exe
  2⤵
  PID:5936
- C:\Windows\System\ESJmizI.exe
  C:\Windows\System\ESJmizI.exe
  2⤵
  PID:5952
- C:\Windows\System\aUfGDWr.exe
  C:\Windows\System\aUfGDWr.exe
  2⤵
  PID:5972
- C:\Windows\System\eVCObha.exe
  C:\Windows\System\eVCObha.exe
  2⤵
  PID:5992
- C:\Windows\System\pdeeZJf.exe
  C:\Windows\System\pdeeZJf.exe
  2⤵
  PID:6008
- C:\Windows\System\gMnaNpr.exe
  C:\Windows\System\gMnaNpr.exe
  2⤵
  PID:6028
- C:\Windows\System\XzEeAqZ.exe
  C:\Windows\System\XzEeAqZ.exe
  2⤵
  PID:6044
- C:\Windows\System\gLohZsn.exe
  C:\Windows\System\gLohZsn.exe
  2⤵
  PID:6060
- C:\Windows\System\lhwSljS.exe
  C:\Windows\System\lhwSljS.exe
  2⤵
  PID:6076
- C:\Windows\System\EJnoxEB.exe
  C:\Windows\System\EJnoxEB.exe
  2⤵
  PID:6096
- C:\Windows\System\sPcByeN.exe
  C:\Windows\System\sPcByeN.exe
  2⤵
  PID:6120
- C:\Windows\System\mvjJxYV.exe
  C:\Windows\System\mvjJxYV.exe
  2⤵
  PID:6136
- C:\Windows\System\PJNeilC.exe
  C:\Windows\System\PJNeilC.exe
  2⤵
  PID:3012
- C:\Windows\System\uPtwvzx.exe
  C:\Windows\System\uPtwvzx.exe
  2⤵
  PID:4588
- C:\Windows\System\YLhuWIn.exe
  C:\Windows\System\YLhuWIn.exe
  2⤵
  PID:4312
- C:\Windows\System\VYqodvO.exe
  C:\Windows\System\VYqodvO.exe
  2⤵
  PID:4264
- C:\Windows\System\uEFYjHG.exe
  C:\Windows\System\uEFYjHG.exe
  2⤵
  PID:4728
- C:\Windows\System\ZTCfajQ.exe
  C:\Windows\System\ZTCfajQ.exe
  2⤵
  PID:4680
- C:\Windows\System\XnajhcZ.exe
  C:\Windows\System\XnajhcZ.exe
  2⤵
  PID:4348
- C:\Windows\System\abhbvQc.exe
  C:\Windows\System\abhbvQc.exe
  2⤵
  PID:5132
- C:\Windows\System\VXiFmrQ.exe
  C:\Windows\System\VXiFmrQ.exe
  2⤵
  PID:5148
- C:\Windows\System\wHFWzST.exe
  C:\Windows\System\wHFWzST.exe
  2⤵
  PID:5176
- C:\Windows\System\uqRgzhr.exe
  C:\Windows\System\uqRgzhr.exe
  2⤵
  PID:5200
- C:\Windows\System\Fngdbkx.exe
  C:\Windows\System\Fngdbkx.exe
  2⤵
  PID:5220
- C:\Windows\System\xpqTHbt.exe
  C:\Windows\System\xpqTHbt.exe
  2⤵
  PID:5308
- C:\Windows\System\PeZuQMQ.exe
  C:\Windows\System\PeZuQMQ.exe
  2⤵
  PID:2216
- C:\Windows\System\bcZlLwq.exe
  C:\Windows\System\bcZlLwq.exe
  2⤵
  PID:5332
- C:\Windows\System\ZZEDoER.exe
  C:\Windows\System\ZZEDoER.exe
  2⤵
  PID:5328
- C:\Windows\System\ybzxokU.exe
  C:\Windows\System\ybzxokU.exe
  2⤵
  PID:5364
- C:\Windows\System\LCsLZVx.exe
  C:\Windows\System\LCsLZVx.exe
  2⤵
  PID:5340
- C:\Windows\System\bOZwilK.exe
  C:\Windows\System\bOZwilK.exe
  2⤵
  PID:5396
- C:\Windows\System\mpvpvOH.exe
  C:\Windows\System\mpvpvOH.exe
  2⤵
  PID:5440
- C:\Windows\System\JURZgrB.exe
  C:\Windows\System\JURZgrB.exe
  2⤵
  PID:5476
- C:\Windows\System\dfGWtuo.exe
  C:\Windows\System\dfGWtuo.exe
  2⤵
  PID:5428
- C:\Windows\System\qJyeczM.exe
  C:\Windows\System\qJyeczM.exe
  2⤵
  PID:5480
- C:\Windows\System\SzBNpwA.exe
  C:\Windows\System\SzBNpwA.exe
  2⤵
  PID:5528
- C:\Windows\System\xQAIVjP.exe
  C:\Windows\System\xQAIVjP.exe
  2⤵
  PID:5636
- C:\Windows\System\nrtKwpH.exe
  C:\Windows\System\nrtKwpH.exe
  2⤵
  PID:5668
- C:\Windows\System\kJkDJjO.exe
  C:\Windows\System\kJkDJjO.exe
  2⤵
  PID:5736
- C:\Windows\System\rAdoEEa.exe
  C:\Windows\System\rAdoEEa.exe
  2⤵
  PID:5776
- C:\Windows\System\fZKJewc.exe
  C:\Windows\System\fZKJewc.exe
  2⤵
  PID:5648
- C:\Windows\System\tSJDhws.exe
  C:\Windows\System\tSJDhws.exe
  2⤵
  PID:5884
- C:\Windows\System\tSlvVqa.exe
  C:\Windows\System\tSlvVqa.exe
  2⤵
  PID:5824
- C:\Windows\System\sKRzZea.exe
  C:\Windows\System\sKRzZea.exe
  2⤵
  PID:5612
- C:\Windows\System\ZOFtVGB.exe
  C:\Windows\System\ZOFtVGB.exe
  2⤵
  PID:5880
- C:\Windows\System\vVnaUkU.exe
  C:\Windows\System\vVnaUkU.exe
  2⤵
  PID:1864
- C:\Windows\System\bfahtJR.exe
  C:\Windows\System\bfahtJR.exe
  2⤵
  PID:6000
- C:\Windows\System\FuGUSYq.exe
  C:\Windows\System\FuGUSYq.exe
  2⤵
  PID:6068
- C:\Windows\System\uFLqlsl.exe
  C:\Windows\System\uFLqlsl.exe
  2⤵
  PID:6112
- C:\Windows\System\ayfTYap.exe
  C:\Windows\System\ayfTYap.exe
  2⤵
  PID:5980
- C:\Windows\System\eLdDrRK.exe
  C:\Windows\System\eLdDrRK.exe
  2⤵
  PID:5016
- C:\Windows\System\dFmxDIv.exe
  C:\Windows\System\dFmxDIv.exe
  2⤵
  PID:5032
- C:\Windows\System\fCuqRnW.exe
  C:\Windows\System\fCuqRnW.exe
  2⤵
  PID:3384
- C:\Windows\System\WlxAPBp.exe
  C:\Windows\System\WlxAPBp.exe
  2⤵
  PID:5988
- C:\Windows\System\KDvzpRb.exe
  C:\Windows\System\KDvzpRb.exe
  2⤵
  PID:6056
- C:\Windows\System\lGDfeWG.exe
  C:\Windows\System\lGDfeWG.exe
  2⤵
  PID:6092
- C:\Windows\System\KYwWcZQ.exe
  C:\Windows\System\KYwWcZQ.exe
  2⤵
  PID:5184
- C:\Windows\System\vKXiFjf.exe
  C:\Windows\System\vKXiFjf.exe
  2⤵
  PID:5260
- C:\Windows\System\gqsjdbV.exe
  C:\Windows\System\gqsjdbV.exe
  2⤵
  PID:5384
- C:\Windows\System\kjpwHip.exe
  C:\Windows\System\kjpwHip.exe
  2⤵
  PID:5492
- C:\Windows\System\OXMdzVJ.exe
  C:\Windows\System\OXMdzVJ.exe
  2⤵
  PID:5600
- C:\Windows\System\VZoBZLH.exe
  C:\Windows\System\VZoBZLH.exe
  2⤵
  PID:5860
- C:\Windows\System\RdzEmuu.exe
  C:\Windows\System\RdzEmuu.exe
  2⤵
  PID:5524
- C:\Windows\System\CCFZMjk.exe
  C:\Windows\System\CCFZMjk.exe
  2⤵
  PID:5516
- C:\Windows\System\TVfLyJE.exe
  C:\Windows\System\TVfLyJE.exe
  2⤵
  PID:5912
- C:\Windows\System\AGCAjlv.exe
  C:\Windows\System\AGCAjlv.exe
  2⤵
  PID:4632
- C:\Windows\System\GrYHzvE.exe
  C:\Windows\System\GrYHzvE.exe
  2⤵
  PID:676
- C:\Windows\System\CsiZsss.exe
  C:\Windows\System\CsiZsss.exe
  2⤵
  PID:5404
- C:\Windows\System\wFChpSn.exe
  C:\Windows\System\wFChpSn.exe
  2⤵
  PID:2076
- C:\Windows\System\BIPvfnD.exe
  C:\Windows\System\BIPvfnD.exe
  2⤵
  PID:5916
- C:\Windows\System\WKIMtpL.exe
  C:\Windows\System\WKIMtpL.exe
  2⤵
  PID:5720
- C:\Windows\System\ePdwhvz.exe
  C:\Windows\System\ePdwhvz.exe
  2⤵
  PID:5896
- C:\Windows\System\jdDhJsS.exe
  C:\Windows\System\jdDhJsS.exe
  2⤵
  PID:1876
- C:\Windows\System\htnmhsI.exe
  C:\Windows\System\htnmhsI.exe
  2⤵
  PID:5944
- C:\Windows\System\ltUVtjB.exe
  C:\Windows\System\ltUVtjB.exe
  2⤵
  PID:5508
- C:\Windows\System\aWgGpwE.exe
  C:\Windows\System\aWgGpwE.exe
  2⤵
  PID:4296
- C:\Windows\System\TWBDVhC.exe
  C:\Windows\System\TWBDVhC.exe
  2⤵
  PID:6108
- C:\Windows\System\SiWeqlN.exe
  C:\Windows\System\SiWeqlN.exe
  2⤵
  PID:5852
- C:\Windows\System\KklroGi.exe
  C:\Windows\System\KklroGi.exe
  2⤵
  PID:5548
- C:\Windows\System\lMgElXT.exe
  C:\Windows\System\lMgElXT.exe
  2⤵
  PID:5848
- C:\Windows\System\DfytbIM.exe
  C:\Windows\System\DfytbIM.exe
  2⤵
  PID:3912
- C:\Windows\System\AxjPeWM.exe
  C:\Windows\System\AxjPeWM.exe
  2⤵
  PID:6052
- C:\Windows\System\IipvJmM.exe
  C:\Windows\System\IipvJmM.exe
  2⤵
  PID:5596
- C:\Windows\System\SLiTZSb.exe
  C:\Windows\System\SLiTZSb.exe
  2⤵
  PID:5348
- C:\Windows\System\xWIgCiG.exe
  C:\Windows\System\xWIgCiG.exe
  2⤵
  PID:2472
- C:\Windows\System\GxgyetS.exe
  C:\Windows\System\GxgyetS.exe
  2⤵
  PID:4660
- C:\Windows\System\xwGoUUc.exe
  C:\Windows\System\xwGoUUc.exe
  2⤵
  PID:5160
- C:\Windows\System\gjKIERc.exe
  C:\Windows\System\gjKIERc.exe
  2⤵
  PID:5460
- C:\Windows\System\ICFMDMO.exe
  C:\Windows\System\ICFMDMO.exe
  2⤵
  PID:5808
- C:\Windows\System\ECzMwpt.exe
  C:\Windows\System\ECzMwpt.exe
  2⤵
  PID:5788
- C:\Windows\System\rJSfxqP.exe
  C:\Windows\System\rJSfxqP.exe
  2⤵
  PID:4928
- C:\Windows\System\MkJkXSs.exe
  C:\Windows\System\MkJkXSs.exe
  2⤵
  PID:5804
- C:\Windows\System\PRhfxnb.exe
  C:\Windows\System\PRhfxnb.exe
  2⤵
  PID:4864
- C:\Windows\System\NcnADYd.exe
  C:\Windows\System\NcnADYd.exe
  2⤵
  PID:5236
- C:\Windows\System\RwlvNua.exe
  C:\Windows\System\RwlvNua.exe
  2⤵
  PID:6036
- C:\Windows\System\VkZjfEU.exe
  C:\Windows\System\VkZjfEU.exe
  2⤵
  PID:4612
- C:\Windows\System\iNYUFYC.exe
  C:\Windows\System\iNYUFYC.exe
  2⤵
  PID:5760
- C:\Windows\System\hDJbzkr.exe
  C:\Windows\System\hDJbzkr.exe
  2⤵
  PID:5744
- C:\Windows\System\MdcdXJz.exe
  C:\Windows\System\MdcdXJz.exe
  2⤵
  PID:5836
- C:\Windows\System\zWhsRMf.exe
  C:\Windows\System\zWhsRMf.exe
  2⤵
  PID:5984
- C:\Windows\System\qUBFcCs.exe
  C:\Windows\System\qUBFcCs.exe
  2⤵
  PID:5188
- C:\Windows\System\PezZuFy.exe
  C:\Windows\System\PezZuFy.exe
  2⤵
  PID:5520
- C:\Windows\System\mfSQWVn.exe
  C:\Windows\System\mfSQWVn.exe
  2⤵
  PID:5932
- C:\Windows\System\DVkwkVk.exe
  C:\Windows\System\DVkwkVk.exe
  2⤵
  PID:6148
- C:\Windows\System\PNwNUyp.exe
  C:\Windows\System\PNwNUyp.exe
  2⤵
  PID:6164
- C:\Windows\System\kbOvIlF.exe
  C:\Windows\System\kbOvIlF.exe
  2⤵
  PID:6180
- C:\Windows\System\CfcbVKG.exe
  C:\Windows\System\CfcbVKG.exe
  2⤵
  PID:6196
- C:\Windows\System\cjwOtFo.exe
  C:\Windows\System\cjwOtFo.exe
  2⤵
  PID:6216
- C:\Windows\System\lWjaxmh.exe
  C:\Windows\System\lWjaxmh.exe
  2⤵
  PID:6232
- C:\Windows\System\hQTtNmN.exe
  C:\Windows\System\hQTtNmN.exe
  2⤵
  PID:6248
- C:\Windows\System\TsGTNvh.exe
  C:\Windows\System\TsGTNvh.exe
  2⤵
  PID:6264
- C:\Windows\System\hJWHnsu.exe
  C:\Windows\System\hJWHnsu.exe
  2⤵
  PID:6280
- C:\Windows\System\SymBFwm.exe
  C:\Windows\System\SymBFwm.exe
  2⤵
  PID:6296
- C:\Windows\System\xsrzdho.exe
  C:\Windows\System\xsrzdho.exe
  2⤵
  PID:6380
- C:\Windows\System\JPViLFD.exe
  C:\Windows\System\JPViLFD.exe
  2⤵
  PID:6396
- C:\Windows\System\uZrJHPz.exe
  C:\Windows\System\uZrJHPz.exe
  2⤵
  PID:6412
- C:\Windows\System\YiAzxox.exe
  C:\Windows\System\YiAzxox.exe
  2⤵
  PID:6428
- C:\Windows\System\Uxpafyu.exe
  C:\Windows\System\Uxpafyu.exe
  2⤵
  PID:6448
- C:\Windows\System\RSrGXLv.exe
  C:\Windows\System\RSrGXLv.exe
  2⤵
  PID:6472
- C:\Windows\System\CWLouhq.exe
  C:\Windows\System\CWLouhq.exe
  2⤵
  PID:6492
- C:\Windows\System\OZMkqbO.exe
  C:\Windows\System\OZMkqbO.exe
  2⤵
  PID:6516
- C:\Windows\System\KLhxJCO.exe
  C:\Windows\System\KLhxJCO.exe
  2⤵
  PID:6532
- C:\Windows\System\MFvRwtW.exe
  C:\Windows\System\MFvRwtW.exe
  2⤵
  PID:6548
- C:\Windows\System\awQsiPf.exe
  C:\Windows\System\awQsiPf.exe
  2⤵
  PID:6564
- C:\Windows\System\XENHVQo.exe
  C:\Windows\System\XENHVQo.exe
  2⤵
  PID:6580
- C:\Windows\System\ofzrkQL.exe
  C:\Windows\System\ofzrkQL.exe
  2⤵
  PID:6596
- C:\Windows\System\ErAHDMz.exe
  C:\Windows\System\ErAHDMz.exe
  2⤵
  PID:6612
- C:\Windows\System\KLVfcwJ.exe
  C:\Windows\System\KLVfcwJ.exe
  2⤵
  PID:6640
- C:\Windows\System\bssZLqT.exe
  C:\Windows\System\bssZLqT.exe
  2⤵
  PID:6676
- C:\Windows\System\oJwNyvW.exe
  C:\Windows\System\oJwNyvW.exe
  2⤵
  PID:6696
- C:\Windows\System\wUnnxbc.exe
  C:\Windows\System\wUnnxbc.exe
  2⤵
  PID:6716
- C:\Windows\System\xDKhDZM.exe
  C:\Windows\System\xDKhDZM.exe
  2⤵
  PID:6732
- C:\Windows\System\gyIATHH.exe
  C:\Windows\System\gyIATHH.exe
  2⤵
  PID:6748
- C:\Windows\System\xUQBSrx.exe
  C:\Windows\System\xUQBSrx.exe
  2⤵
  PID:6764
- C:\Windows\System\HmHjuuv.exe
  C:\Windows\System\HmHjuuv.exe
  2⤵
  PID:6784
- C:\Windows\System\OtQKgiL.exe
  C:\Windows\System\OtQKgiL.exe
  2⤵
  PID:6800
- C:\Windows\System\RRqCGrH.exe
  C:\Windows\System\RRqCGrH.exe
  2⤵
  PID:6816
- C:\Windows\System\Xkdzwnn.exe
  C:\Windows\System\Xkdzwnn.exe
  2⤵
  PID:6832
- C:\Windows\System\DJOAWAl.exe
  C:\Windows\System\DJOAWAl.exe
  2⤵
  PID:6864
- C:\Windows\System\phBLiBV.exe
  C:\Windows\System\phBLiBV.exe
  2⤵
  PID:6880
- C:\Windows\System\EFzoiVl.exe
  C:\Windows\System\EFzoiVl.exe
  2⤵
  PID:6896
- C:\Windows\System\pBaBexv.exe
  C:\Windows\System\pBaBexv.exe
  2⤵
  PID:6912
- C:\Windows\System\fpwxcZC.exe
  C:\Windows\System\fpwxcZC.exe
  2⤵
  PID:6928
- C:\Windows\System\RObOHAH.exe
  C:\Windows\System\RObOHAH.exe
  2⤵
  PID:6948
- C:\Windows\System\qKTfvsE.exe
  C:\Windows\System\qKTfvsE.exe
  2⤵
  PID:6968
- C:\Windows\System\Tatvdif.exe
  C:\Windows\System\Tatvdif.exe
  2⤵
  PID:6992
- C:\Windows\System\ZqtDxFL.exe
  C:\Windows\System\ZqtDxFL.exe
  2⤵
  PID:7016
- C:\Windows\System\UsHsQyg.exe
  C:\Windows\System\UsHsQyg.exe
  2⤵
  PID:7052
- C:\Windows\System\lXfXtxH.exe
  C:\Windows\System\lXfXtxH.exe
  2⤵
  PID:7080
- C:\Windows\System\zwOaCNa.exe
  C:\Windows\System\zwOaCNa.exe
  2⤵
  PID:7096
- C:\Windows\System\MCgWTBT.exe
  C:\Windows\System\MCgWTBT.exe
  2⤵
  PID:7112
- C:\Windows\System\jUfKUmV.exe
  C:\Windows\System\jUfKUmV.exe
  2⤵
  PID:7128
- C:\Windows\System\dHlqfKR.exe
  C:\Windows\System\dHlqfKR.exe
  2⤵
  PID:7160
- C:\Windows\System\KgaUQbW.exe
  C:\Windows\System\KgaUQbW.exe
  2⤵
  PID:628
- C:\Windows\System\YDINKsE.exe
  C:\Windows\System\YDINKsE.exe
  2⤵
  PID:5616
- C:\Windows\System\dfiCXah.exe
  C:\Windows\System\dfiCXah.exe
  2⤵
  PID:5412
- C:\Windows\System\dABoYtV.exe
  C:\Windows\System\dABoYtV.exe
  2⤵
  PID:6188
- C:\Windows\System\RSmjxmK.exe
  C:\Windows\System\RSmjxmK.exe
  2⤵
  PID:6292
- C:\Windows\System\GiCfQVI.exe
  C:\Windows\System\GiCfQVI.exe
  2⤵
  PID:6208
- C:\Windows\System\kkdotlx.exe
  C:\Windows\System\kkdotlx.exe
  2⤵
  PID:5684
- C:\Windows\System\aKrNrtA.exe
  C:\Windows\System\aKrNrtA.exe
  2⤵
  PID:1652
- C:\Windows\System\KYiQbfd.exe
  C:\Windows\System\KYiQbfd.exe
  2⤵
  PID:5968
- C:\Windows\System\MTouRYh.exe
  C:\Windows\System\MTouRYh.exe
  2⤵
  PID:6316
- C:\Windows\System\LpxQCiv.exe
  C:\Windows\System\LpxQCiv.exe
  2⤵
  PID:6372
- C:\Windows\System\AjMVSZu.exe
  C:\Windows\System\AjMVSZu.exe
  2⤵
  PID:6388
- C:\Windows\System\WgBmhwe.exe
  C:\Windows\System\WgBmhwe.exe
  2⤵
  PID:6424
- C:\Windows\System\bhDpYVG.exe
  C:\Windows\System\bhDpYVG.exe
  2⤵
  PID:6508
- C:\Windows\System\BxkwSmK.exe
  C:\Windows\System\BxkwSmK.exe
  2⤵
  PID:6484
- C:\Windows\System\WdXvDzz.exe
  C:\Windows\System\WdXvDzz.exe
  2⤵
  PID:6444
- C:\Windows\System\sbtdOPa.exe
  C:\Windows\System\sbtdOPa.exe
  2⤵
  PID:6576
- C:\Windows\System\UihOoDa.exe
  C:\Windows\System\UihOoDa.exe
  2⤵
  PID:6664
- C:\Windows\System\OsaayWL.exe
  C:\Windows\System\OsaayWL.exe
  2⤵
  PID:6528
- C:\Windows\System\SEzhsWQ.exe
  C:\Windows\System\SEzhsWQ.exe
  2⤵
  PID:6628
- C:\Windows\System\tXnEkjQ.exe
  C:\Windows\System\tXnEkjQ.exe
  2⤵
  PID:6620
- C:\Windows\System\VlpiLrS.exe
  C:\Windows\System\VlpiLrS.exe
  2⤵
  PID:6688
- C:\Windows\System\RCAdrhC.exe
  C:\Windows\System\RCAdrhC.exe
  2⤵
  PID:6744
- C:\Windows\System\dHYyGrU.exe
  C:\Windows\System\dHYyGrU.exe
  2⤵
  PID:6808
- C:\Windows\System\NERitwM.exe
  C:\Windows\System\NERitwM.exe
  2⤵
  PID:6852
- C:\Windows\System\wtKnKWL.exe
  C:\Windows\System\wtKnKWL.exe
  2⤵
  PID:6892
- C:\Windows\System\tOTHYwV.exe
  C:\Windows\System\tOTHYwV.exe
  2⤵
  PID:6960
- C:\Windows\System\iRwPPhF.exe
  C:\Windows\System\iRwPPhF.exe
  2⤵
  PID:6724
- C:\Windows\System\TKBdTlV.exe
  C:\Windows\System\TKBdTlV.exe
  2⤵
  PID:6980
- C:\Windows\System\mqZSSbk.exe
  C:\Windows\System\mqZSSbk.exe
  2⤵
  PID:6760
- C:\Windows\System\MJAHVVW.exe
  C:\Windows\System\MJAHVVW.exe
  2⤵
  PID:6876
- C:\Windows\System\sCMGxCO.exe
  C:\Windows\System\sCMGxCO.exe
  2⤵
  PID:7060
- C:\Windows\System\vaSQwCQ.exe
  C:\Windows\System\vaSQwCQ.exe
  2⤵
  PID:7028
- C:\Windows\System\FToHGbO.exe
  C:\Windows\System\FToHGbO.exe
  2⤵
  PID:6828
- C:\Windows\System\XVGMKqf.exe
  C:\Windows\System\XVGMKqf.exe
  2⤵
  PID:7104
- C:\Windows\System\BOkwdDS.exe
  C:\Windows\System\BOkwdDS.exe
  2⤵
  PID:7152
- C:\Windows\System\SZWyFCJ.exe
  C:\Windows\System\SZWyFCJ.exe
  2⤵
  PID:7144
- C:\Windows\System\GxYbNse.exe
  C:\Windows\System\GxYbNse.exe
  2⤵
  PID:6160
- C:\Windows\System\qnHbcOy.exe
  C:\Windows\System\qnHbcOy.exe
  2⤵
  PID:5252
- C:\Windows\System\WUEABtB.exe
  C:\Windows\System\WUEABtB.exe
  2⤵
  PID:5772
- C:\Windows\System\BxsMweI.exe
  C:\Windows\System\BxsMweI.exe
  2⤵
  PID:6244
- C:\Windows\System\BXHuHQp.exe
  C:\Windows\System\BXHuHQp.exe
  2⤵
  PID:5820
- C:\Windows\System\SyyKeDx.exe
  C:\Windows\System\SyyKeDx.exe
  2⤵
  PID:6348
- C:\Windows\System\UWsuMcC.exe
  C:\Windows\System\UWsuMcC.exe
  2⤵
  PID:6364
- C:\Windows\System\bFUVRpB.exe
  C:\Windows\System\bFUVRpB.exe
  2⤵
  PID:4424
- C:\Windows\System\kyxbgtl.exe
  C:\Windows\System\kyxbgtl.exe
  2⤵
  PID:6740
- C:\Windows\System\NhdPddP.exe
  C:\Windows\System\NhdPddP.exe
  2⤵
  PID:6480
- C:\Windows\System\NJYYTgm.exe
  C:\Windows\System\NJYYTgm.exe
  2⤵
  PID:7088
- C:\Windows\System\pclfhbm.exe
  C:\Windows\System\pclfhbm.exe
  2⤵
  PID:6204
- C:\Windows\System\lfVHixI.exe
  C:\Windows\System\lfVHixI.exe
  2⤵
  PID:6976
- C:\Windows\System\vEReTtD.exe
  C:\Windows\System\vEReTtD.exe
  2⤵
  PID:6360
- C:\Windows\System\tHufvZE.exe
  C:\Windows\System\tHufvZE.exe
  2⤵
  PID:6408
- C:\Windows\System\OAuquvu.exe
  C:\Windows\System\OAuquvu.exe
  2⤵
  PID:6288
- C:\Windows\System\Lynlrax.exe
  C:\Windows\System\Lynlrax.exe
  2⤵
  PID:6592
- C:\Windows\System\myTLEQf.exe
  C:\Windows\System\myTLEQf.exe
  2⤵
  PID:6860
- C:\Windows\System\LmbiYVO.exe
  C:\Windows\System\LmbiYVO.exe
  2⤵
  PID:6332
- C:\Windows\System\TZhRaFG.exe
  C:\Windows\System\TZhRaFG.exe
  2⤵
  PID:6312
- C:\Windows\System\jxDKTYx.exe
  C:\Windows\System\jxDKTYx.exe
  2⤵
  PID:6556
- C:\Windows\System\RAMiHFj.exe
  C:\Windows\System\RAMiHFj.exe
  2⤵
  PID:6344
- C:\Windows\System\haMcjAp.exe
  C:\Windows\System\haMcjAp.exe
  2⤵
  PID:6888
- C:\Windows\System\iGsACPg.exe
  C:\Windows\System\iGsACPg.exe
  2⤵
  PID:7068
- C:\Windows\System\AgIkGZz.exe
  C:\Windows\System\AgIkGZz.exe
  2⤵
  PID:6792
- C:\Windows\System\XEJHmwj.exe
  C:\Windows\System\XEJHmwj.exe
  2⤵
  PID:6712
- C:\Windows\System\FkgxMjx.exe
  C:\Windows\System\FkgxMjx.exe
  2⤵
  PID:6944
- C:\Windows\System\sMMMCQC.exe
  C:\Windows\System\sMMMCQC.exe
  2⤵
  PID:6608
- C:\Windows\System\VUQyqas.exe
  C:\Windows\System\VUQyqas.exe
  2⤵
  PID:7004
- C:\Windows\System\lWyhbkk.exe
  C:\Windows\System\lWyhbkk.exe
  2⤵
  PID:6684
- C:\Windows\System\zqOdykj.exe
  C:\Windows\System\zqOdykj.exe
  2⤵
  PID:6260
- C:\Windows\System\RoReXRJ.exe
  C:\Windows\System\RoReXRJ.exe
  2⤵
  PID:6368
- C:\Windows\System\BEdckKM.exe
  C:\Windows\System\BEdckKM.exe
  2⤵
  PID:5352
- C:\Windows\System\Zzectnq.exe
  C:\Windows\System\Zzectnq.exe
  2⤵
  PID:6672
- C:\Windows\System\gAlqpLA.exe
  C:\Windows\System\gAlqpLA.exe
  2⤵
  PID:1560
- C:\Windows\System\nQJfSZH.exe
  C:\Windows\System\nQJfSZH.exe
  2⤵
  PID:6756
- C:\Windows\System\UEZrWzr.exe
  C:\Windows\System\UEZrWzr.exe
  2⤵
  PID:7024
- C:\Windows\System\CtUZLhF.exe
  C:\Windows\System\CtUZLhF.exe
  2⤵
  PID:6936
- C:\Windows\System\fzsRykD.exe
  C:\Windows\System\fzsRykD.exe
  2⤵
  PID:7076
- C:\Windows\System\AfPIhdB.exe
  C:\Windows\System\AfPIhdB.exe
  2⤵
  PID:6780
- C:\Windows\System\eHXcOLz.exe
  C:\Windows\System\eHXcOLz.exe
  2⤵
  PID:6956
- C:\Windows\System\rmtnDXr.exe
  C:\Windows\System\rmtnDXr.exe
  2⤵
  PID:6240
- C:\Windows\System\nhRdWJL.exe
  C:\Windows\System\nhRdWJL.exe
  2⤵
  PID:6228
- C:\Windows\System\FAiXbsC.exe
  C:\Windows\System\FAiXbsC.exe
  2⤵
  PID:6440
- C:\Windows\System\ikHrVMh.exe
  C:\Windows\System\ikHrVMh.exe
  2⤵
  PID:6656
- C:\Windows\System\LtYjMsk.exe
  C:\Windows\System\LtYjMsk.exe
  2⤵
  PID:7136
- C:\Windows\System\skRQiGL.exe
  C:\Windows\System\skRQiGL.exe
  2⤵
  PID:7176
- C:\Windows\System\IjWRaSk.exe
  C:\Windows\System\IjWRaSk.exe
  2⤵
  PID:7192
- C:\Windows\System\OeoClKZ.exe
  C:\Windows\System\OeoClKZ.exe
  2⤵
  PID:7212
- C:\Windows\System\TWcOleJ.exe
  C:\Windows\System\TWcOleJ.exe
  2⤵
  PID:7228
- C:\Windows\System\yxDDjgJ.exe
  C:\Windows\System\yxDDjgJ.exe
  2⤵
  PID:7256
- C:\Windows\System\WKscMor.exe
  C:\Windows\System\WKscMor.exe
  2⤵
  PID:7276
- C:\Windows\System\MpEnXbH.exe
  C:\Windows\System\MpEnXbH.exe
  2⤵
  PID:7296
- C:\Windows\System\cuslpXp.exe
  C:\Windows\System\cuslpXp.exe
  2⤵
  PID:7316
- C:\Windows\System\ZJSeJmo.exe
  C:\Windows\System\ZJSeJmo.exe
  2⤵
  PID:7332
- C:\Windows\System\BqxqLnC.exe
  C:\Windows\System\BqxqLnC.exe
  2⤵
  PID:7352
- C:\Windows\System\WuUvhWL.exe
  C:\Windows\System\WuUvhWL.exe
  2⤵
  PID:7368
- C:\Windows\System\SyrCCMl.exe
  C:\Windows\System\SyrCCMl.exe
  2⤵
  PID:7392
- C:\Windows\System\hDSOFUH.exe
  C:\Windows\System\hDSOFUH.exe
  2⤵
  PID:7408
- C:\Windows\System\TfcBBeX.exe
  C:\Windows\System\TfcBBeX.exe
  2⤵
  PID:7468
- C:\Windows\System\vPXvfNu.exe
  C:\Windows\System\vPXvfNu.exe
  2⤵
  PID:7484
- C:\Windows\System\uGgizco.exe
  C:\Windows\System\uGgizco.exe
  2⤵
  PID:7504
- C:\Windows\System\MzUTZWH.exe
  C:\Windows\System\MzUTZWH.exe
  2⤵
  PID:7524
- C:\Windows\System\CTwXant.exe
  C:\Windows\System\CTwXant.exe
  2⤵
  PID:7540
- C:\Windows\System\TPHdzqW.exe
  C:\Windows\System\TPHdzqW.exe
  2⤵
  PID:7560
- C:\Windows\System\KhPjuMi.exe
  C:\Windows\System\KhPjuMi.exe
  2⤵
  PID:7580
- C:\Windows\System\IbBkPub.exe
  C:\Windows\System\IbBkPub.exe
  2⤵
  PID:7596
- C:\Windows\System\HgSLsoW.exe
  C:\Windows\System\HgSLsoW.exe
  2⤵
  PID:7620
- C:\Windows\System\cxRYWpp.exe
  C:\Windows\System\cxRYWpp.exe
  2⤵
  PID:7636
- C:\Windows\System\WqJMlYM.exe
  C:\Windows\System\WqJMlYM.exe
  2⤵
  PID:7652
- C:\Windows\System\VPVacRV.exe
  C:\Windows\System\VPVacRV.exe
  2⤵
  PID:7672
- C:\Windows\System\QRUpFBm.exe
  C:\Windows\System\QRUpFBm.exe
  2⤵
  PID:7700
- C:\Windows\System\mKwIias.exe
  C:\Windows\System\mKwIias.exe
  2⤵
  PID:7724
- C:\Windows\System\yvnwxNG.exe
  C:\Windows\System\yvnwxNG.exe
  2⤵
  PID:7744
- C:\Windows\System\ARGPREX.exe
  C:\Windows\System\ARGPREX.exe
  2⤵
  PID:7760
- C:\Windows\System\MXXWlDI.exe
  C:\Windows\System\MXXWlDI.exe
  2⤵
  PID:7792
- C:\Windows\System\HIeswWM.exe
  C:\Windows\System\HIeswWM.exe
  2⤵
  PID:7808
- C:\Windows\System\LjBalfj.exe
  C:\Windows\System\LjBalfj.exe
  2⤵
  PID:7824
- C:\Windows\System\aaCqldD.exe
  C:\Windows\System\aaCqldD.exe
  2⤵
  PID:7844
- C:\Windows\System\mXVjQPQ.exe
  C:\Windows\System\mXVjQPQ.exe
  2⤵
  PID:7860
- C:\Windows\System\uAWGsuU.exe
  C:\Windows\System\uAWGsuU.exe
  2⤵
  PID:7876
- C:\Windows\System\cZCYEpm.exe
  C:\Windows\System\cZCYEpm.exe
  2⤵
  PID:7900
- C:\Windows\System\QNHqWxl.exe
  C:\Windows\System\QNHqWxl.exe
  2⤵
  PID:7920
- C:\Windows\System\MzLHWpx.exe
  C:\Windows\System\MzLHWpx.exe
  2⤵
  PID:7940
- C:\Windows\System\VKaILPP.exe
  C:\Windows\System\VKaILPP.exe
  2⤵
  PID:7956
- C:\Windows\System\dQMVfRb.exe
  C:\Windows\System\dQMVfRb.exe
  2⤵
  PID:7972
- C:\Windows\System\yEnRcoh.exe
  C:\Windows\System\yEnRcoh.exe
  2⤵
  PID:8024
- C:\Windows\System\PpZfzcH.exe
  C:\Windows\System\PpZfzcH.exe
  2⤵
  PID:8040
- C:\Windows\System\sGMMVaR.exe
  C:\Windows\System\sGMMVaR.exe
  2⤵
  PID:8056
- C:\Windows\System\EydQKNo.exe
  C:\Windows\System\EydQKNo.exe
  2⤵
  PID:8072
- C:\Windows\System\LRHNaWT.exe
  C:\Windows\System\LRHNaWT.exe
  2⤵
  PID:8092
- C:\Windows\System\DmjLCqi.exe
  C:\Windows\System\DmjLCqi.exe
  2⤵
  PID:8108
- C:\Windows\System\PjVGcIk.exe
  C:\Windows\System\PjVGcIk.exe
  2⤵
  PID:8124
- C:\Windows\System\oNWJkNc.exe
  C:\Windows\System\oNWJkNc.exe
  2⤵
  PID:8140
- C:\Windows\System\iCGIaXQ.exe
  C:\Windows\System\iCGIaXQ.exe
  2⤵
  PID:8156
- C:\Windows\System\KPzLXXu.exe
  C:\Windows\System\KPzLXXu.exe
  2⤵
  PID:8176
- C:\Windows\System\XHVaxRJ.exe
  C:\Windows\System\XHVaxRJ.exe
  2⤵
  PID:6156
- C:\Windows\System\KUUoNJa.exe
  C:\Windows\System\KUUoNJa.exe
  2⤵
  PID:7204
- C:\Windows\System\hhvZjLe.exe
  C:\Windows\System\hhvZjLe.exe
  2⤵
  PID:7240
- C:\Windows\System\VdJCEEt.exe
  C:\Windows\System\VdJCEEt.exe
  2⤵
  PID:7364
- C:\Windows\System\VCMHBSR.exe
  C:\Windows\System\VCMHBSR.exe
  2⤵
  PID:7308
- C:\Windows\System\DsLAtzt.exe
  C:\Windows\System\DsLAtzt.exe
  2⤵
  PID:7348
- C:\Windows\System\qayDBrQ.exe
  C:\Windows\System\qayDBrQ.exe
  2⤵
  PID:7388
- C:\Windows\System\sVBDZQB.exe
  C:\Windows\System\sVBDZQB.exe
  2⤵
  PID:7220
- C:\Windows\System\AxvolPt.exe
  C:\Windows\System\AxvolPt.exe
  2⤵
  PID:7304
- C:\Windows\System\ilYFWRw.exe
  C:\Windows\System\ilYFWRw.exe
  2⤵
  PID:7420
- C:\Windows\System\nNisWJA.exe
  C:\Windows\System\nNisWJA.exe
  2⤵
  PID:7492
- C:\Windows\System\WgkcSum.exe
  C:\Windows\System\WgkcSum.exe
  2⤵
  PID:7604
- C:\Windows\System\RzvUtOM.exe
  C:\Windows\System\RzvUtOM.exe
  2⤵
  PID:7516
- C:\Windows\System\eCSeSJr.exe
  C:\Windows\System\eCSeSJr.exe
  2⤵
  PID:7520
- C:\Windows\System\GbtbayZ.exe
  C:\Windows\System\GbtbayZ.exe
  2⤵
  PID:7552
- C:\Windows\System\hmOPGQe.exe
  C:\Windows\System\hmOPGQe.exe
  2⤵
  PID:7632
- C:\Windows\System\uveIvyC.exe
  C:\Windows\System\uveIvyC.exe
  2⤵
  PID:7556
- C:\Windows\System\hbNeSih.exe
  C:\Windows\System\hbNeSih.exe
  2⤵
  PID:7768
- C:\Windows\System\VydWFSO.exe
  C:\Windows\System\VydWFSO.exe
  2⤵
  PID:7784
- C:\Windows\System\TfsOhwV.exe
  C:\Windows\System\TfsOhwV.exe
  2⤵
  PID:7720
- C:\Windows\System\NPNbPsn.exe
  C:\Windows\System\NPNbPsn.exe
  2⤵
  PID:7800
- C:\Windows\System\JrkxHlS.exe
  C:\Windows\System\JrkxHlS.exe
  2⤵
  PID:7840
- C:\Windows\System\wHmdgsO.exe
  C:\Windows\System\wHmdgsO.exe
  2⤵
  PID:7928
- C:\Windows\System\KTwvZLU.exe
  C:\Windows\System\KTwvZLU.exe
  2⤵
  PID:7996
- C:\Windows\System\FKilRuc.exe
  C:\Windows\System\FKilRuc.exe
  2⤵
  PID:7912
- C:\Windows\System\xJTwunk.exe
  C:\Windows\System\xJTwunk.exe
  2⤵
  PID:8020
- C:\Windows\System\tlxzhwa.exe
  C:\Windows\System\tlxzhwa.exe
  2⤵
  PID:8064
- C:\Windows\System\NGMWNio.exe
  C:\Windows\System\NGMWNio.exe
  2⤵
  PID:8132
- C:\Windows\System\hdvzPTy.exe
  C:\Windows\System\hdvzPTy.exe
  2⤵
  PID:7172
- C:\Windows\System\YMqcwXr.exe
  C:\Windows\System\YMqcwXr.exe
  2⤵
  PID:7184
- C:\Windows\System\XeuKyVp.exe
  C:\Windows\System\XeuKyVp.exe
  2⤵
  PID:7288
- C:\Windows\System\pymgnlu.exe
  C:\Windows\System\pymgnlu.exe
  2⤵
  PID:7036
- C:\Windows\System\GKXXiaM.exe
  C:\Windows\System\GKXXiaM.exe
  2⤵
  PID:7248
- C:\Windows\System\bhNeOmW.exe
  C:\Windows\System\bhNeOmW.exe
  2⤵
  PID:7292
- C:\Windows\System\kjYlKGQ.exe
  C:\Windows\System\kjYlKGQ.exe
  2⤵
  PID:7452
- C:\Windows\System\xtpCzPT.exe
  C:\Windows\System\xtpCzPT.exe
  2⤵
  PID:7500
- C:\Windows\System\PstudmE.exe
  C:\Windows\System\PstudmE.exe
  2⤵
  PID:7476
- C:\Windows\System\BZoTtDB.exe
  C:\Windows\System\BZoTtDB.exe
  2⤵
  PID:7576
- C:\Windows\System\zbcySSP.exe
  C:\Windows\System\zbcySSP.exe
  2⤵
  PID:7648
- C:\Windows\System\ACvLRvJ.exe
  C:\Windows\System\ACvLRvJ.exe
  2⤵
  PID:7736
- C:\Windows\System\EWyrFRt.exe
  C:\Windows\System\EWyrFRt.exe
  2⤵
  PID:7856
- C:\Windows\System\vEDLMkZ.exe
  C:\Windows\System\vEDLMkZ.exe
  2⤵
  PID:7836
- C:\Windows\System\ZWjrnJl.exe
  C:\Windows\System\ZWjrnJl.exe
  2⤵
  PID:7968
- C:\Windows\System\gMWYHHh.exe
  C:\Windows\System\gMWYHHh.exe
  2⤵
  PID:7948
- C:\Windows\System\nitcxXW.exe
  C:\Windows\System\nitcxXW.exe
  2⤵
  PID:7896
- C:\Windows\System\xaATnjs.exe
  C:\Windows\System\xaATnjs.exe
  2⤵
  PID:7780
- C:\Windows\System\FjJPTNN.exe
  C:\Windows\System\FjJPTNN.exe
  2⤵
  PID:8164
- C:\Windows\System\xncGBFO.exe
  C:\Windows\System\xncGBFO.exe
  2⤵
  PID:7716
- C:\Windows\System\HVUcUnO.exe
  C:\Windows\System\HVUcUnO.exe
  2⤵
  PID:8120
- C:\Windows\System\alGMyeJ.exe
  C:\Windows\System\alGMyeJ.exe
  2⤵
  PID:8188
- C:\Windows\System\fRbgALq.exe
  C:\Windows\System\fRbgALq.exe
  2⤵
  PID:7424
- C:\Windows\System\dCPsFEY.exe
  C:\Windows\System\dCPsFEY.exe
  2⤵
  PID:7432
- C:\Windows\System\QtEximY.exe
  C:\Windows\System\QtEximY.exe
  2⤵
  PID:6500
- C:\Windows\System\bFTKbPh.exe
  C:\Windows\System\bFTKbPh.exe
  2⤵
  PID:7612
- C:\Windows\System\EjjZrLC.exe
  C:\Windows\System\EjjZrLC.exe
  2⤵
  PID:7536
- C:\Windows\System\LoGrVTt.exe
  C:\Windows\System\LoGrVTt.exe
  2⤵
  PID:7692
- C:\Windows\System\WQwYKyw.exe
  C:\Windows\System\WQwYKyw.exe
  2⤵
  PID:7988
- C:\Windows\System\RuWHunV.exe
  C:\Windows\System\RuWHunV.exe
  2⤵
  PID:7756
- C:\Windows\System\wSRXhDn.exe
  C:\Windows\System\wSRXhDn.exe
  2⤵
  PID:8036
- C:\Windows\System\fbzhhcu.exe
  C:\Windows\System\fbzhhcu.exe
  2⤵
  PID:7284
- C:\Windows\System\xRUGEvk.exe
  C:\Windows\System\xRUGEvk.exe
  2⤵
  PID:7344
- C:\Windows\System\KRdvCjq.exe
  C:\Windows\System\KRdvCjq.exe
  2⤵
  PID:7268
- C:\Windows\System\OYmaBWt.exe
  C:\Windows\System\OYmaBWt.exe
  2⤵
  PID:7852
- C:\Windows\System\jpxtnjY.exe
  C:\Windows\System\jpxtnjY.exe
  2⤵
  PID:8012
- C:\Windows\System\ERcxOqo.exe
  C:\Windows\System\ERcxOqo.exe
  2⤵
  PID:7872
- C:\Windows\System\HnNeuKG.exe
  C:\Windows\System\HnNeuKG.exe
  2⤵
  PID:8084
- C:\Windows\System\VnhlPOd.exe
  C:\Windows\System\VnhlPOd.exe
  2⤵
  PID:7572
- C:\Windows\System\kRHTMeu.exe
  C:\Windows\System\kRHTMeu.exe
  2⤵
  PID:7952
- C:\Windows\System\WDkqThW.exe
  C:\Windows\System\WDkqThW.exe
  2⤵
  PID:7816
- C:\Windows\System\DcqcvPy.exe
  C:\Windows\System\DcqcvPy.exe
  2⤵
  PID:6088
- C:\Windows\System\CXClXGE.exe
  C:\Windows\System\CXClXGE.exe
  2⤵
  PID:8008
- C:\Windows\System\LgCoaGG.exe
  C:\Windows\System\LgCoaGG.exe
  2⤵
  PID:8104
- C:\Windows\System\BjLVYFx.exe
  C:\Windows\System\BjLVYFx.exe
  2⤵
  PID:7772
- C:\Windows\System\NXNqMPF.exe
  C:\Windows\System\NXNqMPF.exe
  2⤵
  PID:8216
- C:\Windows\System\GSkpjwL.exe
  C:\Windows\System\GSkpjwL.exe
  2⤵
  PID:8236
- C:\Windows\System\IqUrssG.exe
  C:\Windows\System\IqUrssG.exe
  2⤵
  PID:8260
- C:\Windows\System\tpEUXnr.exe
  C:\Windows\System\tpEUXnr.exe
  2⤵
  PID:8276
- C:\Windows\System\IEXdlkb.exe
  C:\Windows\System\IEXdlkb.exe
  2⤵
  PID:8292
- C:\Windows\System\cryMlCT.exe
  C:\Windows\System\cryMlCT.exe
  2⤵
  PID:8312
- C:\Windows\System\tmYmerR.exe
  C:\Windows\System\tmYmerR.exe
  2⤵
  PID:8328
- C:\Windows\System\UBIijRc.exe
  C:\Windows\System\UBIijRc.exe
  2⤵
  PID:8344
- C:\Windows\System\UHgxqrL.exe
  C:\Windows\System\UHgxqrL.exe
  2⤵
  PID:8440
- C:\Windows\System\IMKCLjW.exe
  C:\Windows\System\IMKCLjW.exe
  2⤵
  PID:8468
- C:\Windows\System\ElbmhbU.exe
  C:\Windows\System\ElbmhbU.exe
  2⤵
  PID:8488
- C:\Windows\System\LHjKNFS.exe
  C:\Windows\System\LHjKNFS.exe
  2⤵
  PID:8504
- C:\Windows\System\cTzeCFw.exe
  C:\Windows\System\cTzeCFw.exe
  2⤵
  PID:8528
- C:\Windows\System\oMTeLJY.exe
  C:\Windows\System\oMTeLJY.exe
  2⤵
  PID:8544
- C:\Windows\System\CcPGfRk.exe
  C:\Windows\System\CcPGfRk.exe
  2⤵
  PID:8568
- C:\Windows\System\XzghOtq.exe
  C:\Windows\System\XzghOtq.exe
  2⤵
  PID:8584
- C:\Windows\System\sWppRjC.exe
  C:\Windows\System\sWppRjC.exe
  2⤵
  PID:8600
- C:\Windows\System\HWLZSiW.exe
  C:\Windows\System\HWLZSiW.exe
  2⤵
  PID:8616
- C:\Windows\System\nExdHim.exe
  C:\Windows\System\nExdHim.exe
  2⤵
  PID:8632
- C:\Windows\System\cpByZWG.exe
  C:\Windows\System\cpByZWG.exe
  2⤵
  PID:8648
- C:\Windows\System\JdrAuNk.exe
  C:\Windows\System\JdrAuNk.exe
  2⤵
  PID:8672
- C:\Windows\System\jbyUjQe.exe
  C:\Windows\System\jbyUjQe.exe
  2⤵
  PID:8692
- C:\Windows\System\DVMOlex.exe
  C:\Windows\System\DVMOlex.exe
  2⤵
  PID:8708
- C:\Windows\System\IEiPxoY.exe
  C:\Windows\System\IEiPxoY.exe
  2⤵
  PID:8724
- C:\Windows\System\lfMYtzy.exe
  C:\Windows\System\lfMYtzy.exe
  2⤵
  PID:8740
- C:\Windows\System\vCEjOvy.exe
  C:\Windows\System\vCEjOvy.exe
  2⤵
  PID:8756
- C:\Windows\System\sYdTQyB.exe
  C:\Windows\System\sYdTQyB.exe
  2⤵
  PID:8772
- C:\Windows\System\KeGyyPv.exe
  C:\Windows\System\KeGyyPv.exe
  2⤵
  PID:8788
- C:\Windows\System\CZeLqcP.exe
  C:\Windows\System\CZeLqcP.exe
  2⤵
  PID:8804
- C:\Windows\System\tZASfMd.exe
  C:\Windows\System\tZASfMd.exe
  2⤵
  PID:8832
- C:\Windows\System\OnSaGYR.exe
  C:\Windows\System\OnSaGYR.exe
  2⤵
  PID:8896
- C:\Windows\System\MnvzdCk.exe
  C:\Windows\System\MnvzdCk.exe
  2⤵
  PID:8916
- C:\Windows\System\wPBWhcD.exe
  C:\Windows\System\wPBWhcD.exe
  2⤵
  PID:8932
- C:\Windows\System\JasgqRh.exe
  C:\Windows\System\JasgqRh.exe
  2⤵
  PID:8956
- C:\Windows\System\QbWCkHz.exe
  C:\Windows\System\QbWCkHz.exe
  2⤵
  PID:8972
- C:\Windows\System\zTBwhVZ.exe
  C:\Windows\System\zTBwhVZ.exe
  2⤵
  PID:8992
- C:\Windows\System\Xabtulj.exe
  C:\Windows\System\Xabtulj.exe
  2⤵
  PID:9008
- C:\Windows\System\AbIATpb.exe
  C:\Windows\System\AbIATpb.exe
  2⤵
  PID:9032
- C:\Windows\System\SSzZQpP.exe
  C:\Windows\System\SSzZQpP.exe
  2⤵
  PID:9048
- C:\Windows\System\SfeXifR.exe
  C:\Windows\System\SfeXifR.exe
  2⤵
  PID:9072
- C:\Windows\System\BkDvvDk.exe
  C:\Windows\System\BkDvvDk.exe
  2⤵
  PID:9088
- C:\Windows\System\QIGijHM.exe
  C:\Windows\System\QIGijHM.exe
  2⤵
  PID:9108
- C:\Windows\System\frEgKwC.exe
  C:\Windows\System\frEgKwC.exe
  2⤵
  PID:9128
- C:\Windows\System\ELmtYRB.exe
  C:\Windows\System\ELmtYRB.exe
  2⤵
  PID:9152
- C:\Windows\System\EifXAIo.exe
  C:\Windows\System\EifXAIo.exe
  2⤵
  PID:9168
- C:\Windows\System\qpFUEOC.exe
  C:\Windows\System\qpFUEOC.exe
  2⤵
  PID:9188
- C:\Windows\System\WDPYjMf.exe
  C:\Windows\System\WDPYjMf.exe
  2⤵
  PID:9204
- C:\Windows\System\fmcOLUN.exe
  C:\Windows\System\fmcOLUN.exe
  2⤵
  PID:7932
- C:\Windows\System\HERavQx.exe
  C:\Windows\System\HERavQx.exe
  2⤵
  PID:8224
- C:\Windows\System\YEHFESw.exe
  C:\Windows\System\YEHFESw.exe
  2⤵
  PID:8256
- C:\Windows\System\PZlufmR.exe
  C:\Windows\System\PZlufmR.exe
  2⤵
  PID:8272
- C:\Windows\System\kYJYwBD.exe
  C:\Windows\System\kYJYwBD.exe
  2⤵
  PID:8308
- C:\Windows\System\aEQJgAF.exe
  C:\Windows\System\aEQJgAF.exe
  2⤵
  PID:8356
- C:\Windows\System\qwRMTey.exe
  C:\Windows\System\qwRMTey.exe
  2⤵
  PID:8048
- C:\Windows\System\Ncbwvws.exe
  C:\Windows\System\Ncbwvws.exe
  2⤵
  PID:8480
- C:\Windows\System\PMnxTJI.exe
  C:\Windows\System\PMnxTJI.exe
  2⤵
  PID:8500
- C:\Windows\System\VgnILki.exe
  C:\Windows\System\VgnILki.exe
  2⤵
  PID:8552
- C:\Windows\System\XRelneW.exe
  C:\Windows\System\XRelneW.exe
  2⤵
  PID:8596
- C:\Windows\System\vLLkXxD.exe
  C:\Windows\System\vLLkXxD.exe
  2⤵
  PID:8660
- C:\Windows\System\sOzkfMX.exe
  C:\Windows\System\sOzkfMX.exe
  2⤵
  PID:8580
- C:\Windows\System\ecIcGeJ.exe
  C:\Windows\System\ecIcGeJ.exe
  2⤵
  PID:8764
- C:\Windows\System\fyXJfmE.exe
  C:\Windows\System\fyXJfmE.exe
  2⤵
  PID:8680
- C:\Windows\System\pfXBHty.exe
  C:\Windows\System\pfXBHty.exe
  2⤵
  PID:8768
- C:\Windows\System\kNXHcde.exe
  C:\Windows\System\kNXHcde.exe
  2⤵
  PID:8820
- C:\Windows\System\BbTPtol.exe
  C:\Windows\System\BbTPtol.exe
  2⤵
  PID:8840
- C:\Windows\System\vqNPkkI.exe
  C:\Windows\System\vqNPkkI.exe
  2⤵
  PID:8856
- C:\Windows\System\jGxGYGt.exe
  C:\Windows\System\jGxGYGt.exe
  2⤵
  PID:8880
- C:\Windows\System\NBDncIp.exe
  C:\Windows\System\NBDncIp.exe
  2⤵
  PID:8940
- C:\Windows\System\pxMOoWB.exe
  C:\Windows\System\pxMOoWB.exe
  2⤵
  PID:8952
- C:\Windows\System\kmUIuCJ.exe
  C:\Windows\System\kmUIuCJ.exe
  2⤵
  PID:9000
- C:\Windows\System\UlvzHcX.exe
  C:\Windows\System\UlvzHcX.exe
  2⤵
  PID:9028
- C:\Windows\System\dbmWruI.exe
  C:\Windows\System\dbmWruI.exe
  2⤵
  PID:9056
- C:\Windows\System\HYgUQYu.exe
  C:\Windows\System\HYgUQYu.exe
  2⤵
  PID:9068
- C:\Windows\System\xujHGSX.exe
  C:\Windows\System\xujHGSX.exe
  2⤵
  PID:9116
- C:\Windows\System\DVPKUzV.exe
  C:\Windows\System\DVPKUzV.exe
  2⤵
  PID:9144
- C:\Windows\System\xZuTjqF.exe
  C:\Windows\System\xZuTjqF.exe
  2⤵
  PID:9176
- C:\Windows\System\nkOYdyN.exe
  C:\Windows\System\nkOYdyN.exe
  2⤵
  PID:8196
- C:\Windows\System\NSpvwLW.exe
  C:\Windows\System\NSpvwLW.exe
  2⤵
  PID:7908
- C:\Windows\System\chGJtJG.exe
  C:\Windows\System\chGJtJG.exe
  2⤵
  PID:8288
- C:\Windows\System\rfFRrGq.exe
  C:\Windows\System\rfFRrGq.exe
  2⤵
  PID:8336
- C:\Windows\System\MFVpSHk.exe
  C:\Windows\System\MFVpSHk.exe
  2⤵
  PID:8476
- C:\Windows\System\QcNoLyJ.exe
  C:\Windows\System\QcNoLyJ.exe
  2⤵
  PID:8324
- C:\Windows\System\tHMUBSH.exe
  C:\Windows\System\tHMUBSH.exe
  2⤵
  PID:8452
- C:\Windows\System\PIQoNgd.exe
  C:\Windows\System\PIQoNgd.exe
  2⤵
  PID:8556
- C:\Windows\System\cqIZVoy.exe
  C:\Windows\System\cqIZVoy.exe
  2⤵
  PID:8716
- C:\Windows\System\DCXhSzu.exe
  C:\Windows\System\DCXhSzu.exe
  2⤵
  PID:8784
- C:\Windows\System\XHReota.exe
  C:\Windows\System\XHReota.exe
  2⤵
  PID:7964
- C:\Windows\System\hLQEpxh.exe
  C:\Windows\System\hLQEpxh.exe
  2⤵
  PID:8852
- C:\Windows\System\jrVePiJ.exe
  C:\Windows\System\jrVePiJ.exe
  2⤵
  PID:8848
- C:\Windows\System\defXejZ.exe
  C:\Windows\System\defXejZ.exe
  2⤵
  PID:8984
- C:\Windows\System\ctorZBZ.exe
  C:\Windows\System\ctorZBZ.exe
  2⤵
  PID:9020
- C:\Windows\System\ySZuSIi.exe
  C:\Windows\System\ySZuSIi.exe
  2⤵
  PID:8888
- C:\Windows\System\ytowAHC.exe
  C:\Windows\System\ytowAHC.exe
  2⤵
  PID:9196
- C:\Windows\System\IyeMrhv.exe
  C:\Windows\System\IyeMrhv.exe
  2⤵
  PID:9148
- C:\Windows\System\LQQOsGP.exe
  C:\Windows\System\LQQOsGP.exe
  2⤵
  PID:7140
- C:\Windows\System\zvdPpqs.exe
  C:\Windows\System\zvdPpqs.exe
  2⤵
  PID:8232
- C:\Windows\System\TfUMlgF.exe
  C:\Windows\System\TfUMlgF.exe
  2⤵
  PID:8340
- C:\Windows\System\wLpiCKn.exe
  C:\Windows\System\wLpiCKn.exe
  2⤵
  PID:8656
- C:\Windows\System\loBCwXo.exe
  C:\Windows\System\loBCwXo.exe
  2⤵
  PID:8564
- C:\Windows\System\DWbzkSf.exe
  C:\Windows\System\DWbzkSf.exe
  2⤵
  PID:8824
- C:\Windows\System\TWWMiek.exe
  C:\Windows\System\TWWMiek.exe
  2⤵
  PID:8876
- C:\Windows\System\DgqMmZM.exe
  C:\Windows\System\DgqMmZM.exe
  2⤵
  PID:8924
- C:\Windows\System\WmtmDAR.exe
  C:\Windows\System\WmtmDAR.exe
  2⤵
  PID:9024
- C:\Windows\System\FcHPAtG.exe
  C:\Windows\System\FcHPAtG.exe
  2⤵
  PID:9104
- C:\Windows\System\FJOdiMy.exe
  C:\Windows\System\FJOdiMy.exe
  2⤵
  PID:8200
- C:\Windows\System\QcdSOJA.exe
  C:\Windows\System\QcdSOJA.exe
  2⤵
  PID:8540
- C:\Windows\System\KDjvagb.exe
  C:\Windows\System\KDjvagb.exe
  2⤵
  PID:8464
- C:\Windows\System\sGTsZQS.exe
  C:\Windows\System\sGTsZQS.exe
  2⤵
  PID:9184
- C:\Windows\System\YHeOhbK.exe
  C:\Windows\System\YHeOhbK.exe
  2⤵
  PID:8612
- C:\Windows\System\ZgIOZit.exe
  C:\Windows\System\ZgIOZit.exe
  2⤵
  PID:988
- C:\Windows\System\YGgymHs.exe
  C:\Windows\System\YGgymHs.exe
  2⤵
  PID:9160
- C:\Windows\System\WxjlwEs.exe
  C:\Windows\System\WxjlwEs.exe
  2⤵
  PID:9080
- C:\Windows\System\BFmTsqB.exe
  C:\Windows\System\BFmTsqB.exe
  2⤵
  PID:9124
- C:\Windows\System\WpNZcnT.exe
  C:\Windows\System\WpNZcnT.exe
  2⤵
  PID:8644
- C:\Windows\System\oiVDwsg.exe
  C:\Windows\System\oiVDwsg.exe
  2⤵
  PID:8536
- C:\Windows\System\EFLpmEe.exe
  C:\Windows\System\EFLpmEe.exe
  2⤵
  PID:9236
- C:\Windows\System\wgrpXva.exe
  C:\Windows\System\wgrpXva.exe
  2⤵
  PID:9252
- C:\Windows\System\vSkNTBm.exe
  C:\Windows\System\vSkNTBm.exe
  2⤵
  PID:9268
- C:\Windows\System\LLgAgpB.exe
  C:\Windows\System\LLgAgpB.exe
  2⤵
  PID:9284
- C:\Windows\System\RyduKLP.exe
  C:\Windows\System\RyduKLP.exe
  2⤵
  PID:9320
- C:\Windows\System\UcmhCXp.exe
  C:\Windows\System\UcmhCXp.exe
  2⤵
  PID:9340
- C:\Windows\System\MTfbDFo.exe
  C:\Windows\System\MTfbDFo.exe
  2⤵
  PID:9356
- C:\Windows\System\XDkkxAU.exe
  C:\Windows\System\XDkkxAU.exe
  2⤵
  PID:9380
- C:\Windows\System\yTOFSjA.exe
  C:\Windows\System\yTOFSjA.exe
  2⤵
  PID:9396
- C:\Windows\System\jgWOSWm.exe
  C:\Windows\System\jgWOSWm.exe
  2⤵
  PID:9420
- C:\Windows\System\YzmFKej.exe
  C:\Windows\System\YzmFKej.exe
  2⤵
  PID:9440
- C:\Windows\System\pivnVPu.exe
  C:\Windows\System\pivnVPu.exe
  2⤵
  PID:9464
- C:\Windows\System\zEmzZwx.exe
  C:\Windows\System\zEmzZwx.exe
  2⤵
  PID:9480
- C:\Windows\System\JpLKAed.exe
  C:\Windows\System\JpLKAed.exe
  2⤵
  PID:9500
- C:\Windows\System\fzheuPO.exe
  C:\Windows\System\fzheuPO.exe
  2⤵
  PID:9516
- C:\Windows\System\egQRQRc.exe
  C:\Windows\System\egQRQRc.exe
  2⤵
  PID:9540
- C:\Windows\System\GrcuAur.exe
  C:\Windows\System\GrcuAur.exe
  2⤵
  PID:9564
- C:\Windows\System\ATZwkhJ.exe
  C:\Windows\System\ATZwkhJ.exe
  2⤵
  PID:9584
- C:\Windows\System\bDRsGfC.exe
  C:\Windows\System\bDRsGfC.exe
  2⤵
  PID:9600
- C:\Windows\System\dtRkkUp.exe
  C:\Windows\System\dtRkkUp.exe
  2⤵
  PID:9624
- C:\Windows\System\VwDuLlG.exe
  C:\Windows\System\VwDuLlG.exe
  2⤵
  PID:9640
- C:\Windows\System\nsaJlJM.exe
  C:\Windows\System\nsaJlJM.exe
  2⤵
  PID:9664
- C:\Windows\System\gwsOOIS.exe
  C:\Windows\System\gwsOOIS.exe
  2⤵
  PID:9680
- C:\Windows\System\yEQRpTf.exe
  C:\Windows\System\yEQRpTf.exe
  2⤵
  PID:9700
- C:\Windows\System\TmnAWHY.exe
  C:\Windows\System\TmnAWHY.exe
  2⤵
  PID:9720
- C:\Windows\System\QpNMlWn.exe
  C:\Windows\System\QpNMlWn.exe
  2⤵
  PID:9744
- C:\Windows\System\eLyCvsg.exe
  C:\Windows\System\eLyCvsg.exe
  2⤵
  PID:9764
- C:\Windows\System\decqYPB.exe
  C:\Windows\System\decqYPB.exe
  2⤵
  PID:9784
- C:\Windows\System\pEOXlJb.exe
  C:\Windows\System\pEOXlJb.exe
  2⤵
  PID:9804
- C:\Windows\System\lTXwOTq.exe
  C:\Windows\System\lTXwOTq.exe
  2⤵
  PID:9820
- C:\Windows\System\oBDopMU.exe
  C:\Windows\System\oBDopMU.exe
  2⤵
  PID:9844
- C:\Windows\System\BFoeECM.exe
  C:\Windows\System\BFoeECM.exe
  2⤵
  PID:9860
- C:\Windows\System\HAZxZPE.exe
  C:\Windows\System\HAZxZPE.exe
  2⤵
  PID:9880
- C:\Windows\System\SAAvEWC.exe
  C:\Windows\System\SAAvEWC.exe
  2⤵
  PID:9900
- C:\Windows\System\MXuaMfS.exe
  C:\Windows\System\MXuaMfS.exe
  2⤵
  PID:9920
- C:\Windows\System\OyOvgyo.exe
  C:\Windows\System\OyOvgyo.exe
  2⤵
  PID:9940
- C:\Windows\System\AaWqePw.exe
  C:\Windows\System\AaWqePw.exe
  2⤵
  PID:9956
- C:\Windows\System\GCPqQgM.exe
  C:\Windows\System\GCPqQgM.exe
  2⤵
  PID:9972
- C:\Windows\System\NSFPHIG.exe
  C:\Windows\System\NSFPHIG.exe
  2⤵
  PID:9992
- C:\Windows\System\wQgLXcS.exe
  C:\Windows\System\wQgLXcS.exe
  2⤵
  PID:10012
- C:\Windows\System\LQuMsFV.exe
  C:\Windows\System\LQuMsFV.exe
  2⤵
  PID:10036
- C:\Windows\System\pxaHqFg.exe
  C:\Windows\System\pxaHqFg.exe
  2⤵
  PID:10052
- C:\Windows\System\bQqVtfF.exe
  C:\Windows\System\bQqVtfF.exe
  2⤵
  PID:10068
- C:\Windows\System\SJuzWbv.exe
  C:\Windows\System\SJuzWbv.exe
  2⤵
  PID:10088
- C:\Windows\System\MYetOvG.exe
  C:\Windows\System\MYetOvG.exe
  2⤵
  PID:10104
- C:\Windows\System\xCZJIwL.exe
  C:\Windows\System\xCZJIwL.exe
  2⤵
  PID:10120
- C:\Windows\System\pzRKCCu.exe
  C:\Windows\System\pzRKCCu.exe
  2⤵
  PID:10136
- C:\Windows\System\CrheXbQ.exe
  C:\Windows\System\CrheXbQ.exe
  2⤵
  PID:10152
- C:\Windows\System\krzRsQQ.exe
  C:\Windows\System\krzRsQQ.exe
  2⤵
  PID:10172
- C:\Windows\System\xttBiUm.exe
  C:\Windows\System\xttBiUm.exe
  2⤵
  PID:10188
- C:\Windows\System\YMZDfet.exe
  C:\Windows\System\YMZDfet.exe
  2⤵
  PID:10208
- C:\Windows\System\oqfYawk.exe
  C:\Windows\System\oqfYawk.exe
  2⤵
  PID:10228
- C:\Windows\System\VucIPFM.exe
  C:\Windows\System\VucIPFM.exe
  2⤵
  PID:8872
- C:\Windows\System\drzGIBE.exe
  C:\Windows\System\drzGIBE.exe
  2⤵
  PID:9200
- C:\Windows\System\ncUzmyl.exe
  C:\Windows\System\ncUzmyl.exe
  2⤵
  PID:9232
- C:\Windows\System\lhHaVcl.exe
  C:\Windows\System\lhHaVcl.exe
  2⤵
  PID:8904
- C:\Windows\System\BgJrAba.exe
  C:\Windows\System\BgJrAba.exe
  2⤵
  PID:9264
- C:\Windows\System\WMQqgMM.exe
  C:\Windows\System\WMQqgMM.exe
  2⤵
  PID:9300
- C:\Windows\System\dSVbfyV.exe
  C:\Windows\System\dSVbfyV.exe
  2⤵
  PID:9316
- C:\Windows\System\QtgtxQW.exe
  C:\Windows\System\QtgtxQW.exe
  2⤵
  PID:9348
- C:\Windows\System\YvSVyic.exe
  C:\Windows\System\YvSVyic.exe
  2⤵
  PID:9368
- C:\Windows\System\kjwoXkQ.exe
  C:\Windows\System\kjwoXkQ.exe
  2⤵
  PID:9412
- C:\Windows\System\jTaBUmI.exe
  C:\Windows\System\jTaBUmI.exe
  2⤵
  PID:9532
- C:\Windows\System\OcWGLnC.exe
  C:\Windows\System\OcWGLnC.exe
  2⤵
  PID:9576
- C:\Windows\System\UJzWiWt.exe
  C:\Windows\System\UJzWiWt.exe
  2⤵
  PID:9612
- C:\Windows\System\pUFNDfV.exe
  C:\Windows\System\pUFNDfV.exe
  2⤵
  PID:9636
- C:\Windows\System\QOGkiUm.exe
  C:\Windows\System\QOGkiUm.exe
  2⤵
  PID:9652
- C:\Windows\System\LqVdGno.exe
  C:\Windows\System\LqVdGno.exe
  2⤵
  PID:9708
- C:\Windows\System\eBvpxaq.exe
  C:\Windows\System\eBvpxaq.exe
  2⤵
  PID:9728
- C:\Windows\System\ftftcxg.exe
  C:\Windows\System\ftftcxg.exe
  2⤵
  PID:9756
- C:\Windows\System\otHKtCk.exe
  C:\Windows\System\otHKtCk.exe
  2⤵
  PID:9792
- C:\Windows\System\nOXLtHc.exe
  C:\Windows\System\nOXLtHc.exe
  2⤵
  PID:9816
- C:\Windows\System\VOspoXo.exe
  C:\Windows\System\VOspoXo.exe
  2⤵
  PID:9852
- C:\Windows\System\HEEJqsQ.exe
  C:\Windows\System\HEEJqsQ.exe
  2⤵
  PID:9876
- C:\Windows\System\dTuEERT.exe
  C:\Windows\System\dTuEERT.exe
  2⤵
  PID:9896
- C:\Windows\System\QFLjYKF.exe
  C:\Windows\System\QFLjYKF.exe
  2⤵
  PID:9936
- C:\Windows\System\fiQTSAi.exe
  C:\Windows\System\fiQTSAi.exe
  2⤵
  PID:9952
- C:\Windows\System\nMBhikE.exe
  C:\Windows\System\nMBhikE.exe
  2⤵
  PID:9984
- C:\Windows\System\CoBOlka.exe
  C:\Windows\System\CoBOlka.exe
  2⤵
  PID:10032
- C:\Windows\System\xgVyBvS.exe
  C:\Windows\System\xgVyBvS.exe
  2⤵
  PID:10080
- C:\Windows\System\rXvXKsk.exe
  C:\Windows\System\rXvXKsk.exe
  2⤵
  PID:9248
- C:\Windows\System\mtlrdSy.exe
  C:\Windows\System\mtlrdSy.exe
  2⤵
  PID:10196
- C:\Windows\System\UtzyFLT.exe
  C:\Windows\System\UtzyFLT.exe
  2⤵
  PID:9280
- C:\Windows\System\pBWzSeW.exe
  C:\Windows\System\pBWzSeW.exe
  2⤵
  PID:9388
- C:\Windows\System\LiEMEux.exe
  C:\Windows\System\LiEMEux.exe
  2⤵
  PID:9308
- C:\Windows\System\bKKCYLy.exe
  C:\Windows\System\bKKCYLy.exe
  2⤵
  PID:10132
- C:\Windows\System\eSYRaLK.exe
  C:\Windows\System\eSYRaLK.exe
  2⤵
  PID:10236
- C:\Windows\System\NRPzBrY.exe
  C:\Windows\System\NRPzBrY.exe
  2⤵
  PID:8908
- C:\Windows\System\LYqYtVW.exe
  C:\Windows\System\LYqYtVW.exe
  2⤵
  PID:9432
- C:\Windows\System\vqLERkK.exe
  C:\Windows\System\vqLERkK.exe
  2⤵
  PID:9472
- C:\Windows\System\gOIxFWJ.exe
  C:\Windows\System\gOIxFWJ.exe
  2⤵
  PID:9508
- C:\Windows\System\QHSUUry.exe
  C:\Windows\System\QHSUUry.exe
  2⤵
  PID:9616
- C:\Windows\System\XcTVQme.exe
  C:\Windows\System\XcTVQme.exe
  2⤵
  PID:9736
- C:\Windows\System\SWincjE.exe
  C:\Windows\System\SWincjE.exe
  2⤵
  PID:9796
- C:\Windows\System\yvgtIBO.exe
  C:\Windows\System\yvgtIBO.exe
  2⤵
  PID:9868
- C:\Windows\System\BFqHjPM.exe
  C:\Windows\System\BFqHjPM.exe
  2⤵
  PID:10004
- C:\Windows\System\YPoBnGO.exe
  C:\Windows\System\YPoBnGO.exe
  2⤵
  PID:9596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AYxWOaW.exe

Filesize
6.0MB

MD5
71aa35910d63d09dc24734c81c67b90d

SHA1
0be949af905d6423496b2a81688e3a0734e5fa33

SHA256
414fcb70f82d84e4d4d1a5efa4663592403ee0bf9597ae3cbdfeef5045ed3f91

SHA512
801584c07821439291ae5d0d6d3cd3a7dbf5fc5327363607cfdae13f7ec5224ef7cdb6329d95b8f69a501d960d9670f5eb991abdb2d1337c8d1248498ddd5d75

Download Submit
C:\Windows\system\AvdSdFu.exe

Filesize
6.0MB

MD5
c1cc7205cb775d3ba69bb18dc1e41795

SHA1
7aaaee1dc0c86d47731c2c1729b2d8059726f5b3

SHA256
a8d7d03ea1c36fb8aa2e24658a0ef17c40392b5c2e14b87b2e287177986e1b2d

SHA512
7ce996ae8f4b6f1c7ee69eba84a2bc4589fcc44582fea4bf472a491dc07b9f2a875cb0145b60b700cdd69577df83e1b3889902aa61adaca9f5802885051fd980

Download Submit
C:\Windows\system\FfitBsn.exe

Filesize
6.0MB

MD5
12fbf387fde335292b7a39cf692014b3

SHA1
160830dbb9156048f7bd241b79f27ab9936e3643

SHA256
5ea76d80e0eb6d5709a71429041417d715438789657df777c812fb6859db77c9

SHA512
e37a4da38bf85a8702695517334051920d3276c41445e67bc0fda4b9009237aa4aa3b43ac4c781275cd2c0b67a3c756f2ed5313071993746dece61f1d98627ef

Download Submit
C:\Windows\system\GTcxzIK.exe

Filesize
6.0MB

MD5
c23d79b1f808071af29d10569ab0a823

SHA1
5e1fac13ad050c9215bcc509e2f4c9670b686381

SHA256
3fe48d314860fe09d179fa31079b80853f1b73d9a9b3cae2312e2a3374f278ba

SHA512
41028fc58326d852eae38a81311807153d7f94a53886dd22b07188a3fa54e8705770ce3d05d6259e19f1f46bdc25700a844e210937e63e71e3f53bf847aeee48

Download Submit
C:\Windows\system\JewBkIe.exe

Filesize
6.0MB

MD5
fbbd1063210931df8514f1760df23d25

SHA1
2cc9c80e14cdbe3663bd5789fab8c99651a3a218

SHA256
1b12fe3427973bfe8790f9833003da8d6ebe5a5dc159d81779db4e89555bbc91

SHA512
e1467e53d3e1aca45155b1913c83fabc66204fb37ba4d7a89a373d84ef8ecd7095d790bbb78af5db59e4c0fb2cc16f521fde28ed6a43ed864d3e40f0f2f81193

Download Submit
C:\Windows\system\NKMRvLE.exe

Filesize
6.0MB

MD5
5aabdbacd33e6c18f4a367759dba469c

SHA1
8eda3df1da9a8300599f35df413fd4439631ef8d

SHA256
9ad252aff53d526b322f989594d467c821210a2a4bdb3c969553aa5079cf4eec

SHA512
9727b2119b06c8193d5bc52611cb38a8057bd09ce85065f62a8dafda0e9cc4c412d3d32a8e97772cbbc56cde7477c2ce060d2f29b44cf5bbd433408bfa4f33b7

Download Submit
C:\Windows\system\OhvBVpP.exe

Filesize
6.0MB

MD5
920b276b7387f62c47b595163cf0ced8

SHA1
e5973298810e4970ec27ede733723befdda8d4ee

SHA256
053710a0f102146bc1c3e19ca9be64b05106dedb7c9c642d7cdeea81818d3ef1

SHA512
044ffce82b49326e46983405a0e5816cfed1f3e480479e7754925bb6ad38dd82e0f7f9cc5adc000f1593050e186f745132bdee20fa259df413e6a2a17211ffd5

Download Submit
C:\Windows\system\QiCFfEU.exe

Filesize
6.0MB

MD5
e3980ba5318deb2d32b8b72cbb67b718

SHA1
1c6c5f663827b53a2445e704330931952867eea2

SHA256
62c96c6bef58459262292821ee8afb6493d229451f68fc7f9a0efe0403ec4d1e

SHA512
a6203eb06dad6e3839183186408743377b2990b175bb782c0635041e39d33de2c50f8c57dd50d69a97000918d4dfd312ca1628c3db6e9faf532bf2b826bc37a0

Download Submit
C:\Windows\system\RmiPsBt.exe

Filesize
6.0MB

MD5
ba7b3600f70bd8f5c901a20dc5d62b94

SHA1
9a1d597823436671a6c17459696f986e5a20ef84

SHA256
4bb0864c6790136e86803929c32c30d48477013f5400aa16b18fadc4199adb5d

SHA512
e0235b9792d86abba47d8a9c8af17b9d55654bba11fb179771ab5edafcbbd1a3ed95415c91f9b3c3f481acf4bf6c82ecb73a52f728aea08592a1cfe4092063c2

Download Submit
C:\Windows\system\STgxjeW.exe

Filesize
6.0MB

MD5
634493ca603894710259b6382312f522

SHA1
554da58eeaf03a42338f31940883b889ac553b0a

SHA256
0c9a7b3922db7bd39dbfe9db9b9c415f4df3a8195dff258f27225fc849862ad5

SHA512
2a4d5928ce55ab23bd3fa247b4e3c71cc182af5109a744b0cf7d924b23b5b8497515bb048a65c0c9dcdfaa539b0a2925cd8d59fc45a43131a5b5bee8cea9c7ad

Download Submit
C:\Windows\system\ScRLZhi.exe

Filesize
6.0MB

MD5
6b5bb39a49028777946001cfba5a0457

SHA1
5684abe4a8e8e72db39ec64d2dcb68af714c343b

SHA256
4a852b5b92dd9116fab7cc8122001fc69dee6ea15a510b889a0f27281d62c127

SHA512
aab2c0fc87fef2ffb2a996c4a6ac7acde869eaebe302f1ebc2865c1cd31b7957bbc1e6e83b66dbabe3f609d4c3838e8421f9305640bbf0b88cb0408e18edfe89

Download Submit
C:\Windows\system\WVwNqqJ.exe

Filesize
6.0MB

MD5
14af17be85dd62151a10b9f49d2a032c

SHA1
18f4f31ecac0e2133bc743a5a08d3b59759b18c3

SHA256
7a0cd3b19941aa9120410b865ffb4d476496732ce0948097e2e5cb260bd93883

SHA512
0beda18bbb7c8a7f78187933a79e40b9c30f41d6679490131c763b2fa2977bf8f786387c337feb840602d122260d063d8416fb8ad2d07e5005addaf6e93fd9ec

Download Submit
C:\Windows\system\YLwpOJE.exe

Filesize
6.0MB

MD5
73287ff63e2086d5be4313e12702738f

SHA1
f1c2d9fcb16253f01cb58aaea907e15f4c3d62cb

SHA256
6efcda87b6ad8a7892459377573a57e530fb9c6bd9e28e408f47e43eb9f5756a

SHA512
c99cd6720dfac96d80d14d382f23ee7f8b006db3edc2142c37c9750a9cc9f5fefa76fe9cc223a4a94abc99a08a595fcd59da9e54fa4cbd6e010092627a6a8346

Download Submit
C:\Windows\system\hJJovml.exe

Filesize
6.0MB

MD5
756101c1899db75cd2985310ec0ebe1e

SHA1
141c72daf87c4ca4e46f3048f999e2680a5c707a

SHA256
aea952ededc0f16a7cec62af6964b1cfa0c86f9b45e6e0ced8222e3bba5ba6f1

SHA512
6fda0c604b5871d5cf0b53a97bff5fe3dfd6c73e221e7307ddd71717440ff185dbd4557781b5374b76114a1696a07e6921eb910266deb0ea0776e37105849359

Download Submit
C:\Windows\system\iyULDUi.exe

Filesize
6.0MB

MD5
9147d173e0a0953b2ccca47ec99a4fd7

SHA1
7797e9630fc37ee63ff40366821a9c329d91546d

SHA256
66afa4367d0cc952195b3614b7f21656baf171c598098a586dee097a827d1e41

SHA512
707c32e258b8487f9f6b495142b35ee5b172a8c5030be448dad456931cc5cb20b96e9f7ae6737033614a439a60f1cd6980726d8b06db0301776809ff9bb14627

Download Submit
C:\Windows\system\mStOgmC.exe

Filesize
6.0MB

MD5
17bceeaa465adba351cb65580ab4450d

SHA1
d2d5ca0238708190aebcce96731c95ef5cbd6fb5

SHA256
b8d3cdb59623bbbbd8d8eb1b98c10a46dd6684bfa4bc1d1ab51af7669c8f5d8e

SHA512
8c8c971a1e2c8157e637b2b5db5b84f2d9e006dc52a008bee8238a7323d9ba520542ca1b4a548e28c98fb88ebd133961f67c1547193c322057847f3961b9043c

Download Submit
C:\Windows\system\mWoiKQw.exe

Filesize
6.0MB

MD5
d98df76ff645311b0ead79321e141585

SHA1
6f891fc996d836a34305943d18e0291097c67aff

SHA256
1e443270bd1bc887ea265f435345360f4d4467f6cc895f361d2a8df9a03246a3

SHA512
e310ddb26f6d5665748ab32806dfdfef0fa98829f8ae4b1c1c265abfdf570ece7c3d7919adc81a32658b770b3f56507865d57019df4f686bb5b960467789ff79

Download Submit
C:\Windows\system\mdzlEVb.exe

Filesize
6.0MB

MD5
96542255fa1fc6abd0bbbb4af997282d

SHA1
399931aac6d1777cf4a75fdd9e5ed97f17d38ddf

SHA256
6f1903775229d1f90e1b365516125ee6564121c20857f9928a160ffa3a8fd87c

SHA512
beedb212538feebd56c4a0ab4508efec07b4ec85b8902eb5a61ed67c98bc8e6d26cff9ae25f8cfb9106aa1b7a46db6a1dfd228a58d91dc7efea02dd80e00ddee

Download Submit
C:\Windows\system\nBaSVpb.exe

Filesize
6.0MB

MD5
1927cf85078ee556848920eb0cf4bcb7

SHA1
8f46d373568474a041ae80b1b823e31fc5002c6e

SHA256
7e32e9e1cd3838867c55ccdab3c6e10adc4a0e61f3591a07d9994649546b4bc7

SHA512
fb784e4f9c988139295f1ce1d1ad565e5b749b87c06f5c3593fa0031cde1db4c4fd519ee891200d61df6d0c849ec98cd3f9208ba1760f2eadc7f703165ec609e

Download Submit
C:\Windows\system\sQdcucE.exe

Filesize
6.0MB

MD5
b06b1517b828baded3a7db6b52beeae1

SHA1
98f796583984504b476873bf1dbee32dd4c8ee23

SHA256
5b3866027227e3f6ed0bc3e461b4b51b227543990fc903889d7e8ab2383e5d8f

SHA512
2d5b97eab46dbb1fccd313bf9aa3f374fac336880715674b1ccc092149839221fa884a54cd03fbb7ac400cead9b5cc710335b03c05c13175160c6ef3d0ae9ed4

Download Submit
C:\Windows\system\sejgEeZ.exe

Filesize
6.0MB

MD5
596b5af1d268f1c08776533b931444f1

SHA1
cea1de4f7dd60c2475d9f044090eef8872c61915

SHA256
22fb13f5e3e2b1e648728d195c6ba5f1b16e6e141a15f97612c62506a42bd5e7

SHA512
7312ccc87127973dd1330bcb51224f3577a365053490952ef5a718a8d76e367952c014407a2e3dbda720eef1dc816684b7f52731480f36daf418532394bf7b59

Download Submit
\Windows\system\AlRYxPR.exe

Filesize
6.0MB

MD5
9f198e847c5ca59d1f4b85b13c67f938

SHA1
e8e8df7438cda3ce8c59032d7b2d9a17736feb91

SHA256
12cf9966bf7360dacdeb4c8f87a8b080454aaad9c1cb9d6fc56f41810ba88015

SHA512
a368c6e7defc8da2c6b1143c5d197ea42c355faf3fedf7bfd691c798c12bb69ec4bb6a42a01eeac66ad60c7ea71b9407fc7d88b996df5ba2dbd4d046f7d8996b

Download Submit
\Windows\system\EarKyiT.exe

Filesize
6.0MB

MD5
aff525cb1725ee3b639be1e1a7592cb7

SHA1
4ce4cffc81dcd205a8a06900f0c0748dccdf7984

SHA256
9f4516b822a99f3b22540f2290caa289059f14b15107677ba0ad9c1bb05fb46e

SHA512
8562e0e7fae80ab2a1c87fcbc2e32731c635c050190bc030ddf0446ba130e7f3c638fe8efb0ed2e8f7134e9583df09021a0426a99199c81d3c1e02cb391cc645

Download Submit
\Windows\system\GJulJkQ.exe

Filesize
6.0MB

MD5
c3c94d5171783e0bd87f0b46eed022be

SHA1
5a53c65cb787350de63d2661ab672cd4ceab9edd

SHA256
7bdd4ee7693ce00d895d96bf8eeabf2db35fe15472694f22a631dbb4eb40aa15

SHA512
546f5b748cda0331267f9e420460842867d7fff6c7827655c18078514cc2cd7aebf9e82d79d08cf7a511006a7506af0ed346399ba39ec40ab644e06a891f4cf1

Download Submit
\Windows\system\OOVEMEl.exe

Filesize
6.0MB

MD5
73ef19ec91eec48f29f9ae2fc0d19bc9

SHA1
65c6e622cde143fbabfb4165b0245ddb7c51e212

SHA256
ade191248482c4409a712196d1ef46c6d4014f719c4df5ad1005c21a971d4428

SHA512
6f7c51bc4b12a89bd3effb19bea0722dea9fc4ba8b4eafc5d85b73cebd8093dca472f647139ec5c22bfa4975a9f68490ff9df33a069690cf967e234432892a1d

Download Submit
\Windows\system\PfCdEYE.exe

Filesize
6.0MB

MD5
b8cc7a76bf47be670fa876a47f49b310

SHA1
11bf31c96bdfcad4dc00f852b3eef24b534ecd7f

SHA256
e5720a129e6c1af22439863b7d7069dc8fadfc145fccf92367d28f9f97315c24

SHA512
7c1b25b69210dd568c77bb91b0a9a5cf24f55e52975d7948cda0f4c6ca5e1719877f156d5ea5ca7182c5fa3e28a6c13862fef912b4d8dcf1adf440e74e7549dd

Download Submit
\Windows\system\SbHaOkJ.exe

Filesize
6.0MB

MD5
d3d2c4ca7380e5c67867adfff5359bd3

SHA1
81818570c0ba2603e5d04873c1e6eafea6415a22

SHA256
d285c0d2dc17829a7e0349001c0b2177950b27e15dcef7a346df17715400a971

SHA512
36443237937c4f4b42d28e2a7b18dc9c2aebc373554a8f40c379b954e44489ac52eb051b9965952ff7f85f073b6e7ffbf949073a7198ccefbe69a2cd882c637b

Download Submit
\Windows\system\TzNAdfG.exe

Filesize
6.0MB

MD5
385edc43d70d3ed1934631ab1152fe25

SHA1
b31f0cc29c6ea1d8eeef2efd114a50c9a81a6094

SHA256
2fd6f8c48d656635d6dbcc00e89501ca1749f2ebbc21862696ed98a9a7cd8924

SHA512
7e4b53ef36bed4a258e4cae7810c13c7a1d7defc1f212307184e25e355fa8a84e910a756e656c1d09b1782599aa5c5889d494c21bccd6b4b551f9513bb8be4af

Download Submit
\Windows\system\UylUHQz.exe

Filesize
6.0MB

MD5
54ead6d10d5dab5844b40e070d3deca1

SHA1
9df58487e0d784c1e72f16f9ec92f1d085635e17

SHA256
ba8af87a9d19630e8a5ab238928790a702a37d34402c65fa4cf7022972391f7c

SHA512
97e6aa02dcfc30ce3e4cbe42a8dbb8c09f70d554feb1a32e951c7eb221e2426195f1017962bf2054ed7ec285903ee01747cd352ef184e890e1d7a0eb854465fa

Download Submit
\Windows\system\gHTWhrB.exe

Filesize
6.0MB

MD5
49d742acf3e52e4c31a23a7b713f95f4

SHA1
bf564b4672c10ce2401311eff22e9ae48b185f81

SHA256
cd19b07d2b068a369458bec3bf04e33084ed288b7a5431a9e3b8d56c88a4b959

SHA512
84f9a502bf5267c1a9bc872538dbf26d9a0aaf290470901e2f7146ec40a22acebf2ab96502c2af4b55f0b00b857fbad7175e03bf40b72c909ca2d5a25eb3fec8

Download Submit
\Windows\system\uMGhPJn.exe

Filesize
6.0MB

MD5
702ac24b7161b66267a97e79ee9494b0

SHA1
706fc26ce692c9f8fb4f75639be5a7f281d9386a

SHA256
0e74cbf270552948d0b0a3849eb5b34643ceb6de87556a1fb7b9dac4d3fa43fd

SHA512
8261816528e554115876828ceaa759268cab8ad557b148da4403f96d56bf4c5134af7521203169291b5d2e258cd3ab9c4ad667430d6da4db0ab8b61802343e27

Download Submit
\Windows\system\uPmVmje.exe

Filesize
6.0MB

MD5
9a9b5b652167859b6fb5ff15921dbc12

SHA1
5da17772df07711bdeffb9f7f6f429ca1348b740

SHA256
22dd136be682c9694a4f05b8b76977cef4966c0ce4834e41bc89bb9e05fff346

SHA512
38df2ffe488991596a5e6f5b4c56fa608c1bcbd3788f14b0b80090fa0939a7396bce7591e84ab37bd006551d9feba7e546f39f9c818af5c1e27060b70eaf7c15

Download Submit
memory/1280-98-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1280-3941-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-103-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1676-67-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1676-3849-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1744-3847-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1744-62-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1812-3882-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-90-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-662-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-52-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3835-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-14-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-3851-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-81-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3855-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2172-80-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3831-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-29-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-86-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-76-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3863-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-95-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-57-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-113-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-114-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-105-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2700-106-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-20-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-87-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-73-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2700-531-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-764-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-75-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-78-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-26-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-71-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2700-115-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-18-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-43-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-40-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1549-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2700-33-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-6-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3837-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-82-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-22-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-36-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3858-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-92-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-107-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4030-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3826-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-19-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3850-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2920-45-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download