cobaltstrike | 7d206cf59a34197b5be9a9bd4daa7f222800effa594bc79dc585f70b5ad44e46

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-01-2025 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

04837a31a57dfe057050a277327d9f33
SHA1

46e53a3e0328f4a4a4d8d562c179ae8fc3705f5a
SHA256

7d206cf59a34197b5be9a9bd4daa7f222800effa594bc79dc585f70b5ad44e46
SHA512

12f3933520c542b7c6ccbaff066a892de35b832278c6e84d83cc9629e12dc5d03187e5f7fea4a3a2f1792ac0927efb4e74fe9fca8134bac2cf6acf62ffb5a5d3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b86-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-106.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-64.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016689-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-16.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e4-14.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2168-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/files/0x00080000000164de-11.dat	xmrig
behavioral1/memory/2328-28-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2168-70-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b86-37.dat	xmrig
behavioral1/memory/2952-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1948-82-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2716-93-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2904-98-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-108.dat	xmrig
behavioral1/files/0x0005000000019237-160.dat	xmrig
behavioral1/memory/2168-1398-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1020-1064-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1864-838-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/1948-578-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2952-387-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-193.dat	xmrig
behavioral1/files/0x000500000001927a-183.dat	xmrig
behavioral1/files/0x0005000000019299-187.dat	xmrig
behavioral1/files/0x0005000000019261-173.dat	xmrig
behavioral1/files/0x0005000000019274-177.dat	xmrig
behavioral1/files/0x000500000001924f-165.dat	xmrig
behavioral1/files/0x0006000000019056-152.dat	xmrig
behavioral1/files/0x0006000000018d83-142.dat	xmrig
behavioral1/files/0x0006000000018be7-132.dat	xmrig
behavioral1/files/0x0005000000019203-157.dat	xmrig
behavioral1/files/0x0006000000018fdf-147.dat	xmrig
behavioral1/files/0x0006000000018d7b-137.dat	xmrig
behavioral1/files/0x000500000001871c-123.dat	xmrig
behavioral1/files/0x0005000000018745-126.dat	xmrig
behavioral1/files/0x000500000001870c-115.dat	xmrig
behavioral1/files/0x0005000000018697-106.dat	xmrig
behavioral1/memory/1020-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-97.dat	xmrig
behavioral1/memory/1864-92-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-89.dat	xmrig
behavioral1/memory/2880-83-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-80.dat	xmrig
behavioral1/memory/2888-76-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2904-58-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-54.dat	xmrig
behavioral1/files/0x0007000000016c89-49.dat	xmrig
behavioral1/files/0x0007000000016ca0-46.dat	xmrig
behavioral1/memory/2716-41-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2168-38-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2944-71-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2652-69-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-64.dat	xmrig
behavioral1/files/0x0009000000016cf0-63.dat	xmrig
behavioral1/memory/2168-62-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2880-34-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016689-32.dat	xmrig
behavioral1/memory/1288-27-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2984-24-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2528-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-16.dat	xmrig
behavioral1/files/0x00080000000162e4-14.dat	xmrig
behavioral1/memory/2880-3988-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2944-3989-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2904-3990-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2984-3992-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2652-3994-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1864-3999-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1288	OifWKnj.exe
2528	aEaRlPF.exe
2984	bFuhrTD.exe
2328	JGkiONk.exe
2880	XojzKdt.exe
2716	KPjbPuz.exe
2904	ztnNcsu.exe
2944	CUunqXz.exe
2652	AygZfpP.exe
2888	ZBWwvfn.exe
2952	dkTFobj.exe
1948	XINDgJA.exe
1864	VOhqZfM.exe
1020	oYzbHpX.exe
2820	sIGKZli.exe
784	zYvupCw.exe
264	aZRqsxi.exe
2804	VDiSXaJ.exe
1816	RJaxVyz.exe
1056	GVujjWp.exe
2164	VNIaBzZ.exe
1980	MqKTxpF.exe
1764	CqpZnoQ.exe
2956	aOwlkWb.exe
1936	RpYifCc.exe
1296	VCCxvVt.exe
2456	mqYHejh.exe
3008	LWOmZHO.exe
544	bewjGnq.exe
1644	xgqLgtP.exe
1272	ekDHZXo.exe
660	QbIqHIM.exe
1376	UZOjMKK.exe
1284	AGnZwyb.exe
1236	xJMDgeL.exe
916	FIdMHFa.exe
2492	yFqPKzv.exe
2268	JVJnLUg.exe
1588	tlJHBDC.exe
1156	FxFTIHF.exe
2108	UlsOemY.exe
2304	RIMgMXp.exe
2204	cDGYNgE.exe
2104	XYjSrqa.exe
884	FNmHipl.exe
848	CorcUhp.exe
2916	kiQaRdg.exe
2272	ScMTltd.exe
1580	pRmqObB.exe
772	HRzADaX.exe
2340	fMhPNkz.exe
2748	aoPlheY.exe
2860	jOrWrfI.exe
488	HADBlqv.exe
1684	woawPwo.exe
1700	qVqbkzT.exe
2476	ezDsBgI.exe
2020	XunnGdG.exe
680	TgcOGdT.exe
2512	hDMIGIL.exe
2928	qQWvNRQ.exe
1408	azUDFqf.exe
2976	czVmxhB.exe
1820	aurgaic.exe

Loads dropped DLL 64 IoCs

pid	Process
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/files/0x00080000000164de-11.dat	upx
behavioral1/memory/2328-28-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2168-70-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0007000000016b86-37.dat	upx
behavioral1/memory/2952-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1948-82-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2716-93-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2904-98-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0005000000018706-108.dat	upx
behavioral1/files/0x0005000000019237-160.dat	upx
behavioral1/memory/1020-1064-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1864-838-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/1948-578-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2952-387-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000192a1-193.dat	upx
behavioral1/files/0x000500000001927a-183.dat	upx
behavioral1/files/0x0005000000019299-187.dat	upx
behavioral1/files/0x0005000000019261-173.dat	upx
behavioral1/files/0x0005000000019274-177.dat	upx
behavioral1/files/0x000500000001924f-165.dat	upx
behavioral1/files/0x0006000000019056-152.dat	upx
behavioral1/files/0x0006000000018d83-142.dat	upx
behavioral1/files/0x0006000000018be7-132.dat	upx
behavioral1/files/0x0005000000019203-157.dat	upx
behavioral1/files/0x0006000000018fdf-147.dat	upx
behavioral1/files/0x0006000000018d7b-137.dat	upx
behavioral1/files/0x000500000001871c-123.dat	upx
behavioral1/files/0x0005000000018745-126.dat	upx
behavioral1/files/0x000500000001870c-115.dat	upx
behavioral1/files/0x0005000000018697-106.dat	upx
behavioral1/memory/1020-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000d000000018683-97.dat	upx
behavioral1/memory/1864-92-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-89.dat	upx
behavioral1/memory/2880-83-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-80.dat	upx
behavioral1/memory/2888-76-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2904-58-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-54.dat	upx
behavioral1/files/0x0007000000016c89-49.dat	upx
behavioral1/files/0x0007000000016ca0-46.dat	upx
behavioral1/memory/2716-41-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2944-71-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2652-69-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0006000000017570-64.dat	upx
behavioral1/files/0x0009000000016cf0-63.dat	upx
behavioral1/memory/2880-34-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0008000000016689-32.dat	upx
behavioral1/memory/1288-27-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2984-24-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2528-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000016399-16.dat	upx
behavioral1/files/0x00080000000162e4-14.dat	upx
behavioral1/memory/2880-3988-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2944-3989-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2904-3990-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2984-3992-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2652-3994-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1864-3999-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/1288-4016-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2952-4018-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2328-4034-0x000000013F510000-0x000000013F864000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jplyIYU.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxNtoJV.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqaULrB.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taSTJGb.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RujGPAH.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVqGBmG.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPVCxyE.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KubWaPu.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbaPIgV.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVCqMxJ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaJaixd.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVeJYkO.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnwgxQz.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evptCjJ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdlHjhV.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMAyaAv.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avqbgoc.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrRzYke.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IImFbtC.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmmMuIK.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONCHyGM.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHmUwKN.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGQITdu.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXwqRiV.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XojzKdt.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCmTbQt.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPUjUSv.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnhxcQF.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKQqIIz.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDHBmLu.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jitrNzH.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGkiONk.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msKzzwO.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INvWIqL.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCuYSbY.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpYlDhJ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiYfruZ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJQDuSl.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lASXfHt.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkdZdun.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSbqCUu.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjkJTsb.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRlKQqU.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlsOemY.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYereRs.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tastXZe.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mccSTTg.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMBbJcV.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBWwvfn.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGnZwyb.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCZbTas.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDtteRJ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wipvpRJ.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzCpPkr.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znVzCkb.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOFkpGs.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFLuiCD.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhKEBaR.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJfbwJm.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrMtoOh.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVfMPlk.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFaGMip.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auKCGOe.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpmAgZe.exe	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2528	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 2528	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 2528	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 1288	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 1288	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 1288	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2984	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2984	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2984	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 2328	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2328	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2328	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 2880	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2880	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2880	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2716	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2716	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2716	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2904	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2904	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2904	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2888	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2888	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2888	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2944	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2944	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2944	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2952	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2952	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2952	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2652	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 2652	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 2652	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 1948	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 1948	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 1948	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 1864	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 1864	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 1864	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 1020	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 1020	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 1020	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 2820	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 2820	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 2820	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 264	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 264	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 264	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 784	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 784	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 784	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 2804	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 2804	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 2804	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 1816	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 1816	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 1816	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 1056	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 1056	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 1056	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 2164	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 2164	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 2164	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 1980	2168	2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-30_04837a31a57dfe057050a277327d9f33_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\System\aEaRlPF.exe
  C:\Windows\System\aEaRlPF.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\OifWKnj.exe
  C:\Windows\System\OifWKnj.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\bFuhrTD.exe
  C:\Windows\System\bFuhrTD.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\JGkiONk.exe
  C:\Windows\System\JGkiONk.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\XojzKdt.exe
  C:\Windows\System\XojzKdt.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\KPjbPuz.exe
  C:\Windows\System\KPjbPuz.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ztnNcsu.exe
  C:\Windows\System\ztnNcsu.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ZBWwvfn.exe
  C:\Windows\System\ZBWwvfn.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\CUunqXz.exe
  C:\Windows\System\CUunqXz.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dkTFobj.exe
  C:\Windows\System\dkTFobj.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\AygZfpP.exe
  C:\Windows\System\AygZfpP.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XINDgJA.exe
  C:\Windows\System\XINDgJA.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\VOhqZfM.exe
  C:\Windows\System\VOhqZfM.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\oYzbHpX.exe
  C:\Windows\System\oYzbHpX.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sIGKZli.exe
  C:\Windows\System\sIGKZli.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\aZRqsxi.exe
  C:\Windows\System\aZRqsxi.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\zYvupCw.exe
  C:\Windows\System\zYvupCw.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\VDiSXaJ.exe
  C:\Windows\System\VDiSXaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\RJaxVyz.exe
  C:\Windows\System\RJaxVyz.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\GVujjWp.exe
  C:\Windows\System\GVujjWp.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\VNIaBzZ.exe
  C:\Windows\System\VNIaBzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\MqKTxpF.exe
  C:\Windows\System\MqKTxpF.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\CqpZnoQ.exe
  C:\Windows\System\CqpZnoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\aOwlkWb.exe
  C:\Windows\System\aOwlkWb.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RpYifCc.exe
  C:\Windows\System\RpYifCc.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\mqYHejh.exe
  C:\Windows\System\mqYHejh.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\VCCxvVt.exe
  C:\Windows\System\VCCxvVt.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\LWOmZHO.exe
  C:\Windows\System\LWOmZHO.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bewjGnq.exe
  C:\Windows\System\bewjGnq.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\xgqLgtP.exe
  C:\Windows\System\xgqLgtP.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ekDHZXo.exe
  C:\Windows\System\ekDHZXo.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\QbIqHIM.exe
  C:\Windows\System\QbIqHIM.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\UZOjMKK.exe
  C:\Windows\System\UZOjMKK.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\AGnZwyb.exe
  C:\Windows\System\AGnZwyb.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\xJMDgeL.exe
  C:\Windows\System\xJMDgeL.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\FIdMHFa.exe
  C:\Windows\System\FIdMHFa.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\yFqPKzv.exe
  C:\Windows\System\yFqPKzv.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\JVJnLUg.exe
  C:\Windows\System\JVJnLUg.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\tlJHBDC.exe
  C:\Windows\System\tlJHBDC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FxFTIHF.exe
  C:\Windows\System\FxFTIHF.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\UlsOemY.exe
  C:\Windows\System\UlsOemY.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\RIMgMXp.exe
  C:\Windows\System\RIMgMXp.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\cDGYNgE.exe
  C:\Windows\System\cDGYNgE.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XYjSrqa.exe
  C:\Windows\System\XYjSrqa.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\FNmHipl.exe
  C:\Windows\System\FNmHipl.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\CorcUhp.exe
  C:\Windows\System\CorcUhp.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\kiQaRdg.exe
  C:\Windows\System\kiQaRdg.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ScMTltd.exe
  C:\Windows\System\ScMTltd.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\pRmqObB.exe
  C:\Windows\System\pRmqObB.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\HRzADaX.exe
  C:\Windows\System\HRzADaX.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\fMhPNkz.exe
  C:\Windows\System\fMhPNkz.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\aoPlheY.exe
  C:\Windows\System\aoPlheY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\jOrWrfI.exe
  C:\Windows\System\jOrWrfI.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\HADBlqv.exe
  C:\Windows\System\HADBlqv.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\woawPwo.exe
  C:\Windows\System\woawPwo.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\qVqbkzT.exe
  C:\Windows\System\qVqbkzT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ezDsBgI.exe
  C:\Windows\System\ezDsBgI.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\TgcOGdT.exe
  C:\Windows\System\TgcOGdT.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\XunnGdG.exe
  C:\Windows\System\XunnGdG.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\hDMIGIL.exe
  C:\Windows\System\hDMIGIL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\qQWvNRQ.exe
  C:\Windows\System\qQWvNRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\czVmxhB.exe
  C:\Windows\System\czVmxhB.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\azUDFqf.exe
  C:\Windows\System\azUDFqf.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\aurgaic.exe
  C:\Windows\System\aurgaic.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\znVzCkb.exe
  C:\Windows\System\znVzCkb.exe
  2⤵
  PID:2940
- C:\Windows\System\SIOrstA.exe
  C:\Windows\System\SIOrstA.exe
  2⤵
  PID:2136
- C:\Windows\System\GGPYGRM.exe
  C:\Windows\System\GGPYGRM.exe
  2⤵
  PID:1356
- C:\Windows\System\dfAFYLq.exe
  C:\Windows\System\dfAFYLq.exe
  2⤵
  PID:2028
- C:\Windows\System\EgtZHAJ.exe
  C:\Windows\System\EgtZHAJ.exe
  2⤵
  PID:2644
- C:\Windows\System\RwideRr.exe
  C:\Windows\System\RwideRr.exe
  2⤵
  PID:1276
- C:\Windows\System\CtNjsTe.exe
  C:\Windows\System\CtNjsTe.exe
  2⤵
  PID:908
- C:\Windows\System\DlDsurK.exe
  C:\Windows\System\DlDsurK.exe
  2⤵
  PID:2496
- C:\Windows\System\bFaALsk.exe
  C:\Windows\System\bFaALsk.exe
  2⤵
  PID:2472
- C:\Windows\System\ZaxwmcQ.exe
  C:\Windows\System\ZaxwmcQ.exe
  2⤵
  PID:700
- C:\Windows\System\ORUFwwY.exe
  C:\Windows\System\ORUFwwY.exe
  2⤵
  PID:564
- C:\Windows\System\vAmSCFJ.exe
  C:\Windows\System\vAmSCFJ.exe
  2⤵
  PID:2180
- C:\Windows\System\YfRkIlG.exe
  C:\Windows\System\YfRkIlG.exe
  2⤵
  PID:1616
- C:\Windows\System\KubWaPu.exe
  C:\Windows\System\KubWaPu.exe
  2⤵
  PID:896
- C:\Windows\System\KQAkKyK.exe
  C:\Windows\System\KQAkKyK.exe
  2⤵
  PID:1040
- C:\Windows\System\lVeJYkO.exe
  C:\Windows\System\lVeJYkO.exe
  2⤵
  PID:1600
- C:\Windows\System\qiCcBGd.exe
  C:\Windows\System\qiCcBGd.exe
  2⤵
  PID:2524
- C:\Windows\System\ZIAXYUH.exe
  C:\Windows\System\ZIAXYUH.exe
  2⤵
  PID:2908
- C:\Windows\System\efUjxKs.exe
  C:\Windows\System\efUjxKs.exe
  2⤵
  PID:2636
- C:\Windows\System\izYowdr.exe
  C:\Windows\System\izYowdr.exe
  2⤵
  PID:2216
- C:\Windows\System\xysYMgA.exe
  C:\Windows\System\xysYMgA.exe
  2⤵
  PID:1656
- C:\Windows\System\pOFkpGs.exe
  C:\Windows\System\pOFkpGs.exe
  2⤵
  PID:1032
- C:\Windows\System\tJkzkrT.exe
  C:\Windows\System\tJkzkrT.exe
  2⤵
  PID:2432
- C:\Windows\System\ttLJmir.exe
  C:\Windows\System\ttLJmir.exe
  2⤵
  PID:2356
- C:\Windows\System\KqtAJrd.exe
  C:\Windows\System\KqtAJrd.exe
  2⤵
  PID:3020
- C:\Windows\System\LsBITJk.exe
  C:\Windows\System\LsBITJk.exe
  2⤵
  PID:2576
- C:\Windows\System\hlhCQAU.exe
  C:\Windows\System\hlhCQAU.exe
  2⤵
  PID:2380
- C:\Windows\System\SuTOcvS.exe
  C:\Windows\System\SuTOcvS.exe
  2⤵
  PID:1292
- C:\Windows\System\CGTxQUN.exe
  C:\Windows\System\CGTxQUN.exe
  2⤵
  PID:3076
- C:\Windows\System\eOyDwzJ.exe
  C:\Windows\System\eOyDwzJ.exe
  2⤵
  PID:3096
- C:\Windows\System\OjkJTsb.exe
  C:\Windows\System\OjkJTsb.exe
  2⤵
  PID:3116
- C:\Windows\System\mRCUdlw.exe
  C:\Windows\System\mRCUdlw.exe
  2⤵
  PID:3136
- C:\Windows\System\jjyDTbj.exe
  C:\Windows\System\jjyDTbj.exe
  2⤵
  PID:3160
- C:\Windows\System\fkdoCeA.exe
  C:\Windows\System\fkdoCeA.exe
  2⤵
  PID:3180
- C:\Windows\System\TKUtaOV.exe
  C:\Windows\System\TKUtaOV.exe
  2⤵
  PID:3200
- C:\Windows\System\PYyZEPb.exe
  C:\Windows\System\PYyZEPb.exe
  2⤵
  PID:3220
- C:\Windows\System\svqaZGh.exe
  C:\Windows\System\svqaZGh.exe
  2⤵
  PID:3240
- C:\Windows\System\dOKCZzH.exe
  C:\Windows\System\dOKCZzH.exe
  2⤵
  PID:3260
- C:\Windows\System\QJLttcO.exe
  C:\Windows\System\QJLttcO.exe
  2⤵
  PID:3280
- C:\Windows\System\mRICTUE.exe
  C:\Windows\System\mRICTUE.exe
  2⤵
  PID:3300
- C:\Windows\System\RYwLfBS.exe
  C:\Windows\System\RYwLfBS.exe
  2⤵
  PID:3320
- C:\Windows\System\xoTAbgc.exe
  C:\Windows\System\xoTAbgc.exe
  2⤵
  PID:3340
- C:\Windows\System\jEPMISL.exe
  C:\Windows\System\jEPMISL.exe
  2⤵
  PID:3360
- C:\Windows\System\vSsByQY.exe
  C:\Windows\System\vSsByQY.exe
  2⤵
  PID:3380
- C:\Windows\System\byuoowc.exe
  C:\Windows\System\byuoowc.exe
  2⤵
  PID:3400
- C:\Windows\System\scuTrpx.exe
  C:\Windows\System\scuTrpx.exe
  2⤵
  PID:3420
- C:\Windows\System\LhIuxbA.exe
  C:\Windows\System\LhIuxbA.exe
  2⤵
  PID:3440
- C:\Windows\System\ltuqGLs.exe
  C:\Windows\System\ltuqGLs.exe
  2⤵
  PID:3460
- C:\Windows\System\CyXjOMB.exe
  C:\Windows\System\CyXjOMB.exe
  2⤵
  PID:3480
- C:\Windows\System\NOcwYux.exe
  C:\Windows\System\NOcwYux.exe
  2⤵
  PID:3500
- C:\Windows\System\fOeQouX.exe
  C:\Windows\System\fOeQouX.exe
  2⤵
  PID:3520
- C:\Windows\System\EpmAgZe.exe
  C:\Windows\System\EpmAgZe.exe
  2⤵
  PID:3540
- C:\Windows\System\sCclnoK.exe
  C:\Windows\System\sCclnoK.exe
  2⤵
  PID:3560
- C:\Windows\System\hkMYvPw.exe
  C:\Windows\System\hkMYvPw.exe
  2⤵
  PID:3580
- C:\Windows\System\uhpWFRg.exe
  C:\Windows\System\uhpWFRg.exe
  2⤵
  PID:3600
- C:\Windows\System\jEpLagD.exe
  C:\Windows\System\jEpLagD.exe
  2⤵
  PID:3620
- C:\Windows\System\WNxqzYG.exe
  C:\Windows\System\WNxqzYG.exe
  2⤵
  PID:3640
- C:\Windows\System\JNTUBak.exe
  C:\Windows\System\JNTUBak.exe
  2⤵
  PID:3660
- C:\Windows\System\zLDxFXs.exe
  C:\Windows\System\zLDxFXs.exe
  2⤵
  PID:3680
- C:\Windows\System\ApGEmCw.exe
  C:\Windows\System\ApGEmCw.exe
  2⤵
  PID:3700
- C:\Windows\System\MAwMmgo.exe
  C:\Windows\System\MAwMmgo.exe
  2⤵
  PID:3720
- C:\Windows\System\NDieuaA.exe
  C:\Windows\System\NDieuaA.exe
  2⤵
  PID:3740
- C:\Windows\System\LUMXBfV.exe
  C:\Windows\System\LUMXBfV.exe
  2⤵
  PID:3760
- C:\Windows\System\taSTJGb.exe
  C:\Windows\System\taSTJGb.exe
  2⤵
  PID:3780
- C:\Windows\System\vpjqDhE.exe
  C:\Windows\System\vpjqDhE.exe
  2⤵
  PID:3800
- C:\Windows\System\XSHluaV.exe
  C:\Windows\System\XSHluaV.exe
  2⤵
  PID:3820
- C:\Windows\System\TIihEiF.exe
  C:\Windows\System\TIihEiF.exe
  2⤵
  PID:3840
- C:\Windows\System\tLnnQhK.exe
  C:\Windows\System\tLnnQhK.exe
  2⤵
  PID:3860
- C:\Windows\System\uoyJXNB.exe
  C:\Windows\System\uoyJXNB.exe
  2⤵
  PID:3880
- C:\Windows\System\zhFtfQd.exe
  C:\Windows\System\zhFtfQd.exe
  2⤵
  PID:3900
- C:\Windows\System\VbDwpjX.exe
  C:\Windows\System\VbDwpjX.exe
  2⤵
  PID:3920
- C:\Windows\System\KRlKQqU.exe
  C:\Windows\System\KRlKQqU.exe
  2⤵
  PID:3940
- C:\Windows\System\IFvVwJb.exe
  C:\Windows\System\IFvVwJb.exe
  2⤵
  PID:3960
- C:\Windows\System\CxVRnHB.exe
  C:\Windows\System\CxVRnHB.exe
  2⤵
  PID:3980
- C:\Windows\System\KkSilFh.exe
  C:\Windows\System\KkSilFh.exe
  2⤵
  PID:4000
- C:\Windows\System\PIrVlpv.exe
  C:\Windows\System\PIrVlpv.exe
  2⤵
  PID:4020
- C:\Windows\System\dzsXeuF.exe
  C:\Windows\System\dzsXeuF.exe
  2⤵
  PID:4040
- C:\Windows\System\PMyIlmu.exe
  C:\Windows\System\PMyIlmu.exe
  2⤵
  PID:4060
- C:\Windows\System\TKdGZQl.exe
  C:\Windows\System\TKdGZQl.exe
  2⤵
  PID:4080
- C:\Windows\System\aRxZfBG.exe
  C:\Windows\System\aRxZfBG.exe
  2⤵
  PID:2988
- C:\Windows\System\kOhifaE.exe
  C:\Windows\System\kOhifaE.exe
  2⤵
  PID:2140
- C:\Windows\System\DJLSAsJ.exe
  C:\Windows\System\DJLSAsJ.exe
  2⤵
  PID:2484
- C:\Windows\System\ZisastY.exe
  C:\Windows\System\ZisastY.exe
  2⤵
  PID:1680
- C:\Windows\System\xfZtqhs.exe
  C:\Windows\System\xfZtqhs.exe
  2⤵
  PID:2088
- C:\Windows\System\uBPfCMB.exe
  C:\Windows\System\uBPfCMB.exe
  2⤵
  PID:2848
- C:\Windows\System\wpYlDhJ.exe
  C:\Windows\System\wpYlDhJ.exe
  2⤵
  PID:2640
- C:\Windows\System\uvudGfY.exe
  C:\Windows\System\uvudGfY.exe
  2⤵
  PID:1340
- C:\Windows\System\YxUczpK.exe
  C:\Windows\System\YxUczpK.exe
  2⤵
  PID:2824
- C:\Windows\System\NCiKsRY.exe
  C:\Windows\System\NCiKsRY.exe
  2⤵
  PID:1988
- C:\Windows\System\dehiAFw.exe
  C:\Windows\System\dehiAFw.exe
  2⤵
  PID:1724
- C:\Windows\System\GpvJYaU.exe
  C:\Windows\System\GpvJYaU.exe
  2⤵
  PID:844
- C:\Windows\System\YmhmNYx.exe
  C:\Windows\System\YmhmNYx.exe
  2⤵
  PID:1696
- C:\Windows\System\Xmohldl.exe
  C:\Windows\System\Xmohldl.exe
  2⤵
  PID:2368
- C:\Windows\System\zHLjlxM.exe
  C:\Windows\System\zHLjlxM.exe
  2⤵
  PID:3128
- C:\Windows\System\FYereRs.exe
  C:\Windows\System\FYereRs.exe
  2⤵
  PID:3176
- C:\Windows\System\SnLQpFo.exe
  C:\Windows\System\SnLQpFo.exe
  2⤵
  PID:3212
- C:\Windows\System\pZPnzNC.exe
  C:\Windows\System\pZPnzNC.exe
  2⤵
  PID:3236
- C:\Windows\System\aOmJvES.exe
  C:\Windows\System\aOmJvES.exe
  2⤵
  PID:3296
- C:\Windows\System\ykuEDVG.exe
  C:\Windows\System\ykuEDVG.exe
  2⤵
  PID:3328
- C:\Windows\System\DjoZTSm.exe
  C:\Windows\System\DjoZTSm.exe
  2⤵
  PID:3348
- C:\Windows\System\jtPHaWD.exe
  C:\Windows\System\jtPHaWD.exe
  2⤵
  PID:3372
- C:\Windows\System\hJnskrh.exe
  C:\Windows\System\hJnskrh.exe
  2⤵
  PID:3396
- C:\Windows\System\iVBeiid.exe
  C:\Windows\System\iVBeiid.exe
  2⤵
  PID:3432
- C:\Windows\System\DdOvZRH.exe
  C:\Windows\System\DdOvZRH.exe
  2⤵
  PID:3476
- C:\Windows\System\ZdZwSJr.exe
  C:\Windows\System\ZdZwSJr.exe
  2⤵
  PID:3528
- C:\Windows\System\nBBeRWA.exe
  C:\Windows\System\nBBeRWA.exe
  2⤵
  PID:3548
- C:\Windows\System\Pyhiqme.exe
  C:\Windows\System\Pyhiqme.exe
  2⤵
  PID:3572
- C:\Windows\System\OzNDqPP.exe
  C:\Windows\System\OzNDqPP.exe
  2⤵
  PID:3616
- C:\Windows\System\ejPWqeX.exe
  C:\Windows\System\ejPWqeX.exe
  2⤵
  PID:3648
- C:\Windows\System\FeydQZm.exe
  C:\Windows\System\FeydQZm.exe
  2⤵
  PID:3676
- C:\Windows\System\avICqVd.exe
  C:\Windows\System\avICqVd.exe
  2⤵
  PID:3736
- C:\Windows\System\KcSrWfa.exe
  C:\Windows\System\KcSrWfa.exe
  2⤵
  PID:3748
- C:\Windows\System\BuIvmdv.exe
  C:\Windows\System\BuIvmdv.exe
  2⤵
  PID:3772
- C:\Windows\System\NICpkrD.exe
  C:\Windows\System\NICpkrD.exe
  2⤵
  PID:3792
- C:\Windows\System\gttiLaX.exe
  C:\Windows\System\gttiLaX.exe
  2⤵
  PID:3848
- C:\Windows\System\cZWOtNR.exe
  C:\Windows\System\cZWOtNR.exe
  2⤵
  PID:3876
- C:\Windows\System\KeMNzoE.exe
  C:\Windows\System\KeMNzoE.exe
  2⤵
  PID:3872
- C:\Windows\System\OCZbTas.exe
  C:\Windows\System\OCZbTas.exe
  2⤵
  PID:3928
- C:\Windows\System\zssIrAa.exe
  C:\Windows\System\zssIrAa.exe
  2⤵
  PID:3948
- C:\Windows\System\VPRESoW.exe
  C:\Windows\System\VPRESoW.exe
  2⤵
  PID:3992
- C:\Windows\System\NOysfwW.exe
  C:\Windows\System\NOysfwW.exe
  2⤵
  PID:4032
- C:\Windows\System\QdAnTJi.exe
  C:\Windows\System\QdAnTJi.exe
  2⤵
  PID:4088
- C:\Windows\System\NptUOYx.exe
  C:\Windows\System\NptUOYx.exe
  2⤵
  PID:4092
- C:\Windows\System\tRsYXVr.exe
  C:\Windows\System\tRsYXVr.exe
  2⤵
  PID:1732
- C:\Windows\System\wswrzWs.exe
  C:\Windows\System\wswrzWs.exe
  2⤵
  PID:2688
- C:\Windows\System\YpilXit.exe
  C:\Windows\System\YpilXit.exe
  2⤵
  PID:1704
- C:\Windows\System\MFPqnJd.exe
  C:\Windows\System\MFPqnJd.exe
  2⤵
  PID:2092
- C:\Windows\System\xiYfruZ.exe
  C:\Windows\System\xiYfruZ.exe
  2⤵
  PID:1632
- C:\Windows\System\LGiIazy.exe
  C:\Windows\System\LGiIazy.exe
  2⤵
  PID:2676
- C:\Windows\System\ddyszpO.exe
  C:\Windows\System\ddyszpO.exe
  2⤵
  PID:1584
- C:\Windows\System\sPnrZmL.exe
  C:\Windows\System\sPnrZmL.exe
  2⤵
  PID:1088
- C:\Windows\System\jyXORYk.exe
  C:\Windows\System\jyXORYk.exe
  2⤵
  PID:1920
- C:\Windows\System\xkFfbNB.exe
  C:\Windows\System\xkFfbNB.exe
  2⤵
  PID:3132
- C:\Windows\System\TjkOxDW.exe
  C:\Windows\System\TjkOxDW.exe
  2⤵
  PID:3172
- C:\Windows\System\XkldjbL.exe
  C:\Windows\System\XkldjbL.exe
  2⤵
  PID:3228
- C:\Windows\System\eiqlpkL.exe
  C:\Windows\System\eiqlpkL.exe
  2⤵
  PID:3268
- C:\Windows\System\EkbyHsZ.exe
  C:\Windows\System\EkbyHsZ.exe
  2⤵
  PID:3308
- C:\Windows\System\AgvzWxL.exe
  C:\Windows\System\AgvzWxL.exe
  2⤵
  PID:3512
- C:\Windows\System\SRmxkRa.exe
  C:\Windows\System\SRmxkRa.exe
  2⤵
  PID:3596
- C:\Windows\System\pGsotec.exe
  C:\Windows\System\pGsotec.exe
  2⤵
  PID:3716
- C:\Windows\System\rJMtTVI.exe
  C:\Windows\System\rJMtTVI.exe
  2⤵
  PID:3816
- C:\Windows\System\UsKOeZl.exe
  C:\Windows\System\UsKOeZl.exe
  2⤵
  PID:3912
- C:\Windows\System\EHLfxTF.exe
  C:\Windows\System\EHLfxTF.exe
  2⤵
  PID:4056
- C:\Windows\System\TWSjBRD.exe
  C:\Windows\System\TWSjBRD.exe
  2⤵
  PID:1516
- C:\Windows\System\dCkcLDp.exe
  C:\Windows\System\dCkcLDp.exe
  2⤵
  PID:3556
- C:\Windows\System\ZvdGALr.exe
  C:\Windows\System\ZvdGALr.exe
  2⤵
  PID:3636
- C:\Windows\System\VFJjRfJ.exe
  C:\Windows\System\VFJjRfJ.exe
  2⤵
  PID:3248
- C:\Windows\System\TLvdhtq.exe
  C:\Windows\System\TLvdhtq.exe
  2⤵
  PID:3488
- C:\Windows\System\xbDUjPx.exe
  C:\Windows\System\xbDUjPx.exe
  2⤵
  PID:3668
- C:\Windows\System\Hyziprk.exe
  C:\Windows\System\Hyziprk.exe
  2⤵
  PID:3768
- C:\Windows\System\LwpHdXH.exe
  C:\Windows\System\LwpHdXH.exe
  2⤵
  PID:3892
- C:\Windows\System\RhHrfeK.exe
  C:\Windows\System\RhHrfeK.exe
  2⤵
  PID:3972
- C:\Windows\System\AYsMAAJ.exe
  C:\Windows\System\AYsMAAJ.exe
  2⤵
  PID:2012
- C:\Windows\System\RujGPAH.exe
  C:\Windows\System\RujGPAH.exe
  2⤵
  PID:4112
- C:\Windows\System\YFWNsaz.exe
  C:\Windows\System\YFWNsaz.exe
  2⤵
  PID:4128
- C:\Windows\System\ZzPVCBp.exe
  C:\Windows\System\ZzPVCBp.exe
  2⤵
  PID:4152
- C:\Windows\System\JKvrhbB.exe
  C:\Windows\System\JKvrhbB.exe
  2⤵
  PID:4172
- C:\Windows\System\yzAaHpu.exe
  C:\Windows\System\yzAaHpu.exe
  2⤵
  PID:4204
- C:\Windows\System\IzwJTbD.exe
  C:\Windows\System\IzwJTbD.exe
  2⤵
  PID:4220
- C:\Windows\System\HGaFxvp.exe
  C:\Windows\System\HGaFxvp.exe
  2⤵
  PID:4240
- C:\Windows\System\FAcnErg.exe
  C:\Windows\System\FAcnErg.exe
  2⤵
  PID:4260
- C:\Windows\System\bJAjYdX.exe
  C:\Windows\System\bJAjYdX.exe
  2⤵
  PID:4280
- C:\Windows\System\qvqigGI.exe
  C:\Windows\System\qvqigGI.exe
  2⤵
  PID:4300
- C:\Windows\System\fdKxyZU.exe
  C:\Windows\System\fdKxyZU.exe
  2⤵
  PID:4324
- C:\Windows\System\HcPBfKe.exe
  C:\Windows\System\HcPBfKe.exe
  2⤵
  PID:4340
- C:\Windows\System\zfQHRHQ.exe
  C:\Windows\System\zfQHRHQ.exe
  2⤵
  PID:4356
- C:\Windows\System\gPbuFZl.exe
  C:\Windows\System\gPbuFZl.exe
  2⤵
  PID:4372
- C:\Windows\System\CPCxljN.exe
  C:\Windows\System\CPCxljN.exe
  2⤵
  PID:4392
- C:\Windows\System\JhKEBaR.exe
  C:\Windows\System\JhKEBaR.exe
  2⤵
  PID:4416
- C:\Windows\System\aecpvIL.exe
  C:\Windows\System\aecpvIL.exe
  2⤵
  PID:4432
- C:\Windows\System\ccKqPZK.exe
  C:\Windows\System\ccKqPZK.exe
  2⤵
  PID:4448
- C:\Windows\System\EWmKayJ.exe
  C:\Windows\System\EWmKayJ.exe
  2⤵
  PID:4464
- C:\Windows\System\yprOqSe.exe
  C:\Windows\System\yprOqSe.exe
  2⤵
  PID:4484
- C:\Windows\System\xcmvZfC.exe
  C:\Windows\System\xcmvZfC.exe
  2⤵
  PID:4500
- C:\Windows\System\wLPxdEd.exe
  C:\Windows\System\wLPxdEd.exe
  2⤵
  PID:4516
- C:\Windows\System\ZvNaGyZ.exe
  C:\Windows\System\ZvNaGyZ.exe
  2⤵
  PID:4532
- C:\Windows\System\gtBWUqD.exe
  C:\Windows\System\gtBWUqD.exe
  2⤵
  PID:4552
- C:\Windows\System\fufUbQl.exe
  C:\Windows\System\fufUbQl.exe
  2⤵
  PID:4572
- C:\Windows\System\aRqhgws.exe
  C:\Windows\System\aRqhgws.exe
  2⤵
  PID:4604
- C:\Windows\System\UAuETlz.exe
  C:\Windows\System\UAuETlz.exe
  2⤵
  PID:4648
- C:\Windows\System\BrRbOeS.exe
  C:\Windows\System\BrRbOeS.exe
  2⤵
  PID:4668
- C:\Windows\System\ePOdQRO.exe
  C:\Windows\System\ePOdQRO.exe
  2⤵
  PID:4688
- C:\Windows\System\oubGHun.exe
  C:\Windows\System\oubGHun.exe
  2⤵
  PID:4712
- C:\Windows\System\UEvWSHu.exe
  C:\Windows\System\UEvWSHu.exe
  2⤵
  PID:4732
- C:\Windows\System\vCEpzlQ.exe
  C:\Windows\System\vCEpzlQ.exe
  2⤵
  PID:4752
- C:\Windows\System\kLnIMzv.exe
  C:\Windows\System\kLnIMzv.exe
  2⤵
  PID:4772
- C:\Windows\System\TMmqnUC.exe
  C:\Windows\System\TMmqnUC.exe
  2⤵
  PID:4792
- C:\Windows\System\CoKPZcZ.exe
  C:\Windows\System\CoKPZcZ.exe
  2⤵
  PID:4812
- C:\Windows\System\kZeseGM.exe
  C:\Windows\System\kZeseGM.exe
  2⤵
  PID:4832
- C:\Windows\System\bKnkCoQ.exe
  C:\Windows\System\bKnkCoQ.exe
  2⤵
  PID:4852
- C:\Windows\System\sPHOiLL.exe
  C:\Windows\System\sPHOiLL.exe
  2⤵
  PID:4872
- C:\Windows\System\DHkRMLU.exe
  C:\Windows\System\DHkRMLU.exe
  2⤵
  PID:4892
- C:\Windows\System\ZVVpSyn.exe
  C:\Windows\System\ZVVpSyn.exe
  2⤵
  PID:4912
- C:\Windows\System\EUMGWvf.exe
  C:\Windows\System\EUMGWvf.exe
  2⤵
  PID:4932
- C:\Windows\System\zezjhwU.exe
  C:\Windows\System\zezjhwU.exe
  2⤵
  PID:4952
- C:\Windows\System\YjHEToo.exe
  C:\Windows\System\YjHEToo.exe
  2⤵
  PID:4972
- C:\Windows\System\OdGmlop.exe
  C:\Windows\System\OdGmlop.exe
  2⤵
  PID:4992
- C:\Windows\System\LljKoUY.exe
  C:\Windows\System\LljKoUY.exe
  2⤵
  PID:5012
- C:\Windows\System\IjzVOgZ.exe
  C:\Windows\System\IjzVOgZ.exe
  2⤵
  PID:5032
- C:\Windows\System\HAtOesK.exe
  C:\Windows\System\HAtOesK.exe
  2⤵
  PID:5052
- C:\Windows\System\DxUCHTg.exe
  C:\Windows\System\DxUCHTg.exe
  2⤵
  PID:5072
- C:\Windows\System\HPokRuw.exe
  C:\Windows\System\HPokRuw.exe
  2⤵
  PID:5092
- C:\Windows\System\YhDBnfM.exe
  C:\Windows\System\YhDBnfM.exe
  2⤵
  PID:5112
- C:\Windows\System\HXlSuYz.exe
  C:\Windows\System\HXlSuYz.exe
  2⤵
  PID:3316
- C:\Windows\System\JLXXvLf.exe
  C:\Windows\System\JLXXvLf.exe
  2⤵
  PID:3996
- C:\Windows\System\EuCYIsV.exe
  C:\Windows\System\EuCYIsV.exe
  2⤵
  PID:3536
- C:\Windows\System\gbNoKKs.exe
  C:\Windows\System\gbNoKKs.exe
  2⤵
  PID:3112
- C:\Windows\System\CjlWebE.exe
  C:\Windows\System\CjlWebE.exe
  2⤵
  PID:988
- C:\Windows\System\JPzWvNo.exe
  C:\Windows\System\JPzWvNo.exe
  2⤵
  PID:4072
- C:\Windows\System\teFvGJe.exe
  C:\Windows\System\teFvGJe.exe
  2⤵
  PID:3388
- C:\Windows\System\ZFJlCbB.exe
  C:\Windows\System\ZFJlCbB.exe
  2⤵
  PID:3352
- C:\Windows\System\wIBtNOT.exe
  C:\Windows\System\wIBtNOT.exe
  2⤵
  PID:3496
- C:\Windows\System\tbaPIgV.exe
  C:\Windows\System\tbaPIgV.exe
  2⤵
  PID:3776
- C:\Windows\System\JieGwjd.exe
  C:\Windows\System\JieGwjd.exe
  2⤵
  PID:4108
- C:\Windows\System\SvYYust.exe
  C:\Windows\System\SvYYust.exe
  2⤵
  PID:4180
- C:\Windows\System\SRkhGam.exe
  C:\Windows\System\SRkhGam.exe
  2⤵
  PID:3552
- C:\Windows\System\yluFlfc.exe
  C:\Windows\System\yluFlfc.exe
  2⤵
  PID:3256
- C:\Windows\System\NGLMyNT.exe
  C:\Windows\System\NGLMyNT.exe
  2⤵
  PID:1152
- C:\Windows\System\jaUXyZG.exe
  C:\Windows\System\jaUXyZG.exe
  2⤵
  PID:4276
- C:\Windows\System\JwiMxiv.exe
  C:\Windows\System\JwiMxiv.exe
  2⤵
  PID:4312
- C:\Windows\System\QHcKQpB.exe
  C:\Windows\System\QHcKQpB.exe
  2⤵
  PID:4388
- C:\Windows\System\sJBITkn.exe
  C:\Windows\System\sJBITkn.exe
  2⤵
  PID:4124
- C:\Windows\System\pVCqMxJ.exe
  C:\Windows\System\pVCqMxJ.exe
  2⤵
  PID:4212
- C:\Windows\System\BqrwAYq.exe
  C:\Windows\System\BqrwAYq.exe
  2⤵
  PID:4288
- C:\Windows\System\pTdWLaf.exe
  C:\Windows\System\pTdWLaf.exe
  2⤵
  PID:4332
- C:\Windows\System\RtJrHwM.exe
  C:\Windows\System\RtJrHwM.exe
  2⤵
  PID:4496
- C:\Windows\System\LmNtPtl.exe
  C:\Windows\System\LmNtPtl.exe
  2⤵
  PID:4568
- C:\Windows\System\GighGpX.exe
  C:\Windows\System\GighGpX.exe
  2⤵
  PID:4544
- C:\Windows\System\sciaAEs.exe
  C:\Windows\System\sciaAEs.exe
  2⤵
  PID:4596
- C:\Windows\System\VEBJyXq.exe
  C:\Windows\System\VEBJyXq.exe
  2⤵
  PID:4508
- C:\Windows\System\QAJeBIY.exe
  C:\Windows\System\QAJeBIY.exe
  2⤵
  PID:4404
- C:\Windows\System\yRfFxhk.exe
  C:\Windows\System\yRfFxhk.exe
  2⤵
  PID:4624
- C:\Windows\System\zwOYdvW.exe
  C:\Windows\System\zwOYdvW.exe
  2⤵
  PID:4640
- C:\Windows\System\KAiejcD.exe
  C:\Windows\System\KAiejcD.exe
  2⤵
  PID:4684
- C:\Windows\System\zctLUnR.exe
  C:\Windows\System\zctLUnR.exe
  2⤵
  PID:4720
- C:\Windows\System\BsnkMCp.exe
  C:\Windows\System\BsnkMCp.exe
  2⤵
  PID:4768
- C:\Windows\System\ADIwyFF.exe
  C:\Windows\System\ADIwyFF.exe
  2⤵
  PID:4788
- C:\Windows\System\YDelABj.exe
  C:\Windows\System\YDelABj.exe
  2⤵
  PID:4820
- C:\Windows\System\mObEdQr.exe
  C:\Windows\System\mObEdQr.exe
  2⤵
  PID:4844
- C:\Windows\System\IzRaMnb.exe
  C:\Windows\System\IzRaMnb.exe
  2⤵
  PID:4888
- C:\Windows\System\iqeWHIx.exe
  C:\Windows\System\iqeWHIx.exe
  2⤵
  PID:4908
- C:\Windows\System\xVuwRDI.exe
  C:\Windows\System\xVuwRDI.exe
  2⤵
  PID:4948
- C:\Windows\System\iOZjIlx.exe
  C:\Windows\System\iOZjIlx.exe
  2⤵
  PID:5000
- C:\Windows\System\DxmCVnj.exe
  C:\Windows\System\DxmCVnj.exe
  2⤵
  PID:5004
- C:\Windows\System\NVRXAvt.exe
  C:\Windows\System\NVRXAvt.exe
  2⤵
  PID:5024
- C:\Windows\System\WezLqxn.exe
  C:\Windows\System\WezLqxn.exe
  2⤵
  PID:5068
- C:\Windows\System\XiOjEyd.exe
  C:\Windows\System\XiOjEyd.exe
  2⤵
  PID:5104
- C:\Windows\System\wRjLBYa.exe
  C:\Windows\System\wRjLBYa.exe
  2⤵
  PID:4008
- C:\Windows\System\UYuuBiE.exe
  C:\Windows\System\UYuuBiE.exe
  2⤵
  PID:3332
- C:\Windows\System\FxcepIp.exe
  C:\Windows\System\FxcepIp.exe
  2⤵
  PID:2800
- C:\Windows\System\TPYpPSE.exe
  C:\Windows\System\TPYpPSE.exe
  2⤵
  PID:2344
- C:\Windows\System\WiBBMEA.exe
  C:\Windows\System\WiBBMEA.exe
  2⤵
  PID:1796
- C:\Windows\System\CuWKlZQ.exe
  C:\Windows\System\CuWKlZQ.exe
  2⤵
  PID:3968
- C:\Windows\System\dJQDuSl.exe
  C:\Windows\System\dJQDuSl.exe
  2⤵
  PID:4140
- C:\Windows\System\jhzceqo.exe
  C:\Windows\System\jhzceqo.exe
  2⤵
  PID:3492
- C:\Windows\System\VVWdZzi.exe
  C:\Windows\System\VVWdZzi.exe
  2⤵
  PID:3868
- C:\Windows\System\jjwuHRR.exe
  C:\Windows\System\jjwuHRR.exe
  2⤵
  PID:4316
- C:\Windows\System\RIzwVcl.exe
  C:\Windows\System\RIzwVcl.exe
  2⤵
  PID:3828
- C:\Windows\System\qhclwZy.exe
  C:\Windows\System\qhclwZy.exe
  2⤵
  PID:4252
- C:\Windows\System\lXPVqMz.exe
  C:\Windows\System\lXPVqMz.exe
  2⤵
  PID:4456
- C:\Windows\System\ofBTHZi.exe
  C:\Windows\System\ofBTHZi.exe
  2⤵
  PID:4412
- C:\Windows\System\btaGIRd.exe
  C:\Windows\System\btaGIRd.exe
  2⤵
  PID:4584
- C:\Windows\System\cttJqds.exe
  C:\Windows\System\cttJqds.exe
  2⤵
  PID:4600
- C:\Windows\System\yeOdNDt.exe
  C:\Windows\System\yeOdNDt.exe
  2⤵
  PID:4620
- C:\Windows\System\FpZGwuy.exe
  C:\Windows\System\FpZGwuy.exe
  2⤵
  PID:4664
- C:\Windows\System\IImFbtC.exe
  C:\Windows\System\IImFbtC.exe
  2⤵
  PID:4760
- C:\Windows\System\XXMMNgN.exe
  C:\Windows\System\XXMMNgN.exe
  2⤵
  PID:4800
- C:\Windows\System\bOPXlKM.exe
  C:\Windows\System\bOPXlKM.exe
  2⤵
  PID:4868
- C:\Windows\System\ZVLEzve.exe
  C:\Windows\System\ZVLEzve.exe
  2⤵
  PID:4232
- C:\Windows\System\OPGOzUA.exe
  C:\Windows\System\OPGOzUA.exe
  2⤵
  PID:4940
- C:\Windows\System\mJrpwqx.exe
  C:\Windows\System\mJrpwqx.exe
  2⤵
  PID:4980
- C:\Windows\System\uBjXegc.exe
  C:\Windows\System\uBjXegc.exe
  2⤵
  PID:5088
- C:\Windows\System\JUSjobd.exe
  C:\Windows\System\JUSjobd.exe
  2⤵
  PID:5108
- C:\Windows\System\ipraEtU.exe
  C:\Windows\System\ipraEtU.exe
  2⤵
  PID:3796
- C:\Windows\System\vGweixm.exe
  C:\Windows\System\vGweixm.exe
  2⤵
  PID:3168
- C:\Windows\System\cBPIrjS.exe
  C:\Windows\System\cBPIrjS.exe
  2⤵
  PID:3412
- C:\Windows\System\SCmTbQt.exe
  C:\Windows\System\SCmTbQt.exe
  2⤵
  PID:5132
- C:\Windows\System\OJdRBLQ.exe
  C:\Windows\System\OJdRBLQ.exe
  2⤵
  PID:5152
- C:\Windows\System\BRbJLKE.exe
  C:\Windows\System\BRbJLKE.exe
  2⤵
  PID:5172
- C:\Windows\System\xHoMVxu.exe
  C:\Windows\System\xHoMVxu.exe
  2⤵
  PID:5192
- C:\Windows\System\zMoevKJ.exe
  C:\Windows\System\zMoevKJ.exe
  2⤵
  PID:5212
- C:\Windows\System\jadzwFm.exe
  C:\Windows\System\jadzwFm.exe
  2⤵
  PID:5232
- C:\Windows\System\XkPrcnm.exe
  C:\Windows\System\XkPrcnm.exe
  2⤵
  PID:5252
- C:\Windows\System\hvwrMVw.exe
  C:\Windows\System\hvwrMVw.exe
  2⤵
  PID:5272
- C:\Windows\System\BFfXClx.exe
  C:\Windows\System\BFfXClx.exe
  2⤵
  PID:5292
- C:\Windows\System\ymaPHlp.exe
  C:\Windows\System\ymaPHlp.exe
  2⤵
  PID:5312
- C:\Windows\System\mCXaCoM.exe
  C:\Windows\System\mCXaCoM.exe
  2⤵
  PID:5332
- C:\Windows\System\kmmMuIK.exe
  C:\Windows\System\kmmMuIK.exe
  2⤵
  PID:5352
- C:\Windows\System\VYadLKJ.exe
  C:\Windows\System\VYadLKJ.exe
  2⤵
  PID:5372
- C:\Windows\System\QRnhZye.exe
  C:\Windows\System\QRnhZye.exe
  2⤵
  PID:5392
- C:\Windows\System\BiKZSrT.exe
  C:\Windows\System\BiKZSrT.exe
  2⤵
  PID:5412
- C:\Windows\System\AxqkUGs.exe
  C:\Windows\System\AxqkUGs.exe
  2⤵
  PID:5432
- C:\Windows\System\msKzzwO.exe
  C:\Windows\System\msKzzwO.exe
  2⤵
  PID:5452
- C:\Windows\System\NnqGdsi.exe
  C:\Windows\System\NnqGdsi.exe
  2⤵
  PID:5472
- C:\Windows\System\EzzGmwB.exe
  C:\Windows\System\EzzGmwB.exe
  2⤵
  PID:5492
- C:\Windows\System\nfYPFdP.exe
  C:\Windows\System\nfYPFdP.exe
  2⤵
  PID:5512
- C:\Windows\System\FhXcDpV.exe
  C:\Windows\System\FhXcDpV.exe
  2⤵
  PID:5532
- C:\Windows\System\bjJVLCS.exe
  C:\Windows\System\bjJVLCS.exe
  2⤵
  PID:5552
- C:\Windows\System\CfuqTLp.exe
  C:\Windows\System\CfuqTLp.exe
  2⤵
  PID:5572
- C:\Windows\System\BVUdHDf.exe
  C:\Windows\System\BVUdHDf.exe
  2⤵
  PID:5592
- C:\Windows\System\KSAXBLA.exe
  C:\Windows\System\KSAXBLA.exe
  2⤵
  PID:5612
- C:\Windows\System\eaiefPX.exe
  C:\Windows\System\eaiefPX.exe
  2⤵
  PID:5632
- C:\Windows\System\mUvfJQL.exe
  C:\Windows\System\mUvfJQL.exe
  2⤵
  PID:5652
- C:\Windows\System\onbsykG.exe
  C:\Windows\System\onbsykG.exe
  2⤵
  PID:5672
- C:\Windows\System\bybcDrp.exe
  C:\Windows\System\bybcDrp.exe
  2⤵
  PID:5692
- C:\Windows\System\cInmKIu.exe
  C:\Windows\System\cInmKIu.exe
  2⤵
  PID:5712
- C:\Windows\System\SryuchJ.exe
  C:\Windows\System\SryuchJ.exe
  2⤵
  PID:5732
- C:\Windows\System\BxSHlYp.exe
  C:\Windows\System\BxSHlYp.exe
  2⤵
  PID:5752
- C:\Windows\System\KPTMhab.exe
  C:\Windows\System\KPTMhab.exe
  2⤵
  PID:5772
- C:\Windows\System\UAAVlVh.exe
  C:\Windows\System\UAAVlVh.exe
  2⤵
  PID:5792
- C:\Windows\System\SJVkLum.exe
  C:\Windows\System\SJVkLum.exe
  2⤵
  PID:5812
- C:\Windows\System\NjORqcK.exe
  C:\Windows\System\NjORqcK.exe
  2⤵
  PID:5832
- C:\Windows\System\NRQDkMq.exe
  C:\Windows\System\NRQDkMq.exe
  2⤵
  PID:5852
- C:\Windows\System\LgHqcDn.exe
  C:\Windows\System\LgHqcDn.exe
  2⤵
  PID:5872
- C:\Windows\System\QnVlfjN.exe
  C:\Windows\System\QnVlfjN.exe
  2⤵
  PID:5892
- C:\Windows\System\pqvYZxa.exe
  C:\Windows\System\pqvYZxa.exe
  2⤵
  PID:5912
- C:\Windows\System\hYAxjqo.exe
  C:\Windows\System\hYAxjqo.exe
  2⤵
  PID:5932
- C:\Windows\System\SXNJqlt.exe
  C:\Windows\System\SXNJqlt.exe
  2⤵
  PID:5952
- C:\Windows\System\ZtPHbRO.exe
  C:\Windows\System\ZtPHbRO.exe
  2⤵
  PID:5972
- C:\Windows\System\JAWCIWx.exe
  C:\Windows\System\JAWCIWx.exe
  2⤵
  PID:5992
- C:\Windows\System\LbAzNhG.exe
  C:\Windows\System\LbAzNhG.exe
  2⤵
  PID:6012
- C:\Windows\System\PtxBPbS.exe
  C:\Windows\System\PtxBPbS.exe
  2⤵
  PID:6032
- C:\Windows\System\zWYNWhk.exe
  C:\Windows\System\zWYNWhk.exe
  2⤵
  PID:6052
- C:\Windows\System\ttjKCdX.exe
  C:\Windows\System\ttjKCdX.exe
  2⤵
  PID:6072
- C:\Windows\System\yVTyAZC.exe
  C:\Windows\System\yVTyAZC.exe
  2⤵
  PID:6092
- C:\Windows\System\lgKBSKM.exe
  C:\Windows\System\lgKBSKM.exe
  2⤵
  PID:6112
- C:\Windows\System\bOvVknm.exe
  C:\Windows\System\bOvVknm.exe
  2⤵
  PID:6132
- C:\Windows\System\hhdtwgo.exe
  C:\Windows\System\hhdtwgo.exe
  2⤵
  PID:4104
- C:\Windows\System\TDSZKnO.exe
  C:\Windows\System\TDSZKnO.exe
  2⤵
  PID:3576
- C:\Windows\System\NZDdZbk.exe
  C:\Windows\System\NZDdZbk.exe
  2⤵
  PID:4236
- C:\Windows\System\vRaoGET.exe
  C:\Windows\System\vRaoGET.exe
  2⤵
  PID:3916
- C:\Windows\System\LwYpUtD.exe
  C:\Windows\System\LwYpUtD.exe
  2⤵
  PID:4296
- C:\Windows\System\iguKhqp.exe
  C:\Windows\System\iguKhqp.exe
  2⤵
  PID:4476
- C:\Windows\System\cDeDLxB.exe
  C:\Windows\System\cDeDLxB.exe
  2⤵
  PID:4512
- C:\Windows\System\cuBicOQ.exe
  C:\Windows\System\cuBicOQ.exe
  2⤵
  PID:4724
- C:\Windows\System\XorutHB.exe
  C:\Windows\System\XorutHB.exe
  2⤵
  PID:4740
- C:\Windows\System\HnNPnHV.exe
  C:\Windows\System\HnNPnHV.exe
  2⤵
  PID:4840
- C:\Windows\System\sIfnRsT.exe
  C:\Windows\System\sIfnRsT.exe
  2⤵
  PID:4960
- C:\Windows\System\uQEflub.exe
  C:\Windows\System\uQEflub.exe
  2⤵
  PID:5048
- C:\Windows\System\wolDJeL.exe
  C:\Windows\System\wolDJeL.exe
  2⤵
  PID:3592
- C:\Windows\System\kvVBSHa.exe
  C:\Windows\System\kvVBSHa.exe
  2⤵
  PID:3428
- C:\Windows\System\qDxxuMl.exe
  C:\Windows\System\qDxxuMl.exe
  2⤵
  PID:5128
- C:\Windows\System\bVreKYK.exe
  C:\Windows\System\bVreKYK.exe
  2⤵
  PID:5168
- C:\Windows\System\BBGhSGW.exe
  C:\Windows\System\BBGhSGW.exe
  2⤵
  PID:5208
- C:\Windows\System\nWyyabY.exe
  C:\Windows\System\nWyyabY.exe
  2⤵
  PID:5240
- C:\Windows\System\GXlwZXK.exe
  C:\Windows\System\GXlwZXK.exe
  2⤵
  PID:5244
- C:\Windows\System\dKNwkXJ.exe
  C:\Windows\System\dKNwkXJ.exe
  2⤵
  PID:5308
- C:\Windows\System\XVqZxUK.exe
  C:\Windows\System\XVqZxUK.exe
  2⤵
  PID:5340
- C:\Windows\System\KXdJnMS.exe
  C:\Windows\System\KXdJnMS.exe
  2⤵
  PID:5368
- C:\Windows\System\bBDBMmd.exe
  C:\Windows\System\bBDBMmd.exe
  2⤵
  PID:4824
- C:\Windows\System\FumvGEm.exe
  C:\Windows\System\FumvGEm.exe
  2⤵
  PID:5424
- C:\Windows\System\gTHbHmj.exe
  C:\Windows\System\gTHbHmj.exe
  2⤵
  PID:5448
- C:\Windows\System\HQoYPuV.exe
  C:\Windows\System\HQoYPuV.exe
  2⤵
  PID:5508
- C:\Windows\System\wCIAvXH.exe
  C:\Windows\System\wCIAvXH.exe
  2⤵
  PID:5544
- C:\Windows\System\QfYTMAh.exe
  C:\Windows\System\QfYTMAh.exe
  2⤵
  PID:5568
- C:\Windows\System\qPQbHPY.exe
  C:\Windows\System\qPQbHPY.exe
  2⤵
  PID:5600
- C:\Windows\System\NIgnRkx.exe
  C:\Windows\System\NIgnRkx.exe
  2⤵
  PID:5624
- C:\Windows\System\NlQXxeU.exe
  C:\Windows\System\NlQXxeU.exe
  2⤵
  PID:5668
- C:\Windows\System\jplyIYU.exe
  C:\Windows\System\jplyIYU.exe
  2⤵
  PID:5700
- C:\Windows\System\xKuCrUz.exe
  C:\Windows\System\xKuCrUz.exe
  2⤵
  PID:5720
- C:\Windows\System\aZoHNbi.exe
  C:\Windows\System\aZoHNbi.exe
  2⤵
  PID:5768
- C:\Windows\System\ViXtlXW.exe
  C:\Windows\System\ViXtlXW.exe
  2⤵
  PID:5820
- C:\Windows\System\LIarSeQ.exe
  C:\Windows\System\LIarSeQ.exe
  2⤵
  PID:5808
- C:\Windows\System\RcGSDYj.exe
  C:\Windows\System\RcGSDYj.exe
  2⤵
  PID:5848
- C:\Windows\System\WZuUjYP.exe
  C:\Windows\System\WZuUjYP.exe
  2⤵
  PID:5880
- C:\Windows\System\AbOjMKZ.exe
  C:\Windows\System\AbOjMKZ.exe
  2⤵
  PID:5940
- C:\Windows\System\NwzZHlJ.exe
  C:\Windows\System\NwzZHlJ.exe
  2⤵
  PID:5944
- C:\Windows\System\SYQkDPl.exe
  C:\Windows\System\SYQkDPl.exe
  2⤵
  PID:5964
- C:\Windows\System\nAMvMCE.exe
  C:\Windows\System\nAMvMCE.exe
  2⤵
  PID:6008
- C:\Windows\System\dxTCnNF.exe
  C:\Windows\System\dxTCnNF.exe
  2⤵
  PID:6048
- C:\Windows\System\wtNKiwa.exe
  C:\Windows\System\wtNKiwa.exe
  2⤵
  PID:6084
- C:\Windows\System\ObeoGjB.exe
  C:\Windows\System\ObeoGjB.exe
  2⤵
  PID:6120
- C:\Windows\System\ZumXNkC.exe
  C:\Windows\System\ZumXNkC.exe
  2⤵
  PID:3144
- C:\Windows\System\qNqmted.exe
  C:\Windows\System\qNqmted.exe
  2⤵
  PID:3092
- C:\Windows\System\nLQUCGc.exe
  C:\Windows\System\nLQUCGc.exe
  2⤵
  PID:4428
- C:\Windows\System\MNjYPmm.exe
  C:\Windows\System\MNjYPmm.exe
  2⤵
  PID:4564
- C:\Windows\System\BBKHAvL.exe
  C:\Windows\System\BBKHAvL.exe
  2⤵
  PID:4744
- C:\Windows\System\PrMkfRl.exe
  C:\Windows\System\PrMkfRl.exe
  2⤵
  PID:4920
- C:\Windows\System\qoAfBbP.exe
  C:\Windows\System\qoAfBbP.exe
  2⤵
  PID:4928
- C:\Windows\System\nNGyGSp.exe
  C:\Windows\System\nNGyGSp.exe
  2⤵
  PID:3436
- C:\Windows\System\pPBaril.exe
  C:\Windows\System\pPBaril.exe
  2⤵
  PID:3608
- C:\Windows\System\HYnXRUC.exe
  C:\Windows\System\HYnXRUC.exe
  2⤵
  PID:5144
- C:\Windows\System\qYnpFlf.exe
  C:\Windows\System\qYnpFlf.exe
  2⤵
  PID:5204
- C:\Windows\System\WrElLAk.exe
  C:\Windows\System\WrElLAk.exe
  2⤵
  PID:5268
- C:\Windows\System\XWPrNtV.exe
  C:\Windows\System\XWPrNtV.exe
  2⤵
  PID:5328
- C:\Windows\System\RipjBVg.exe
  C:\Windows\System\RipjBVg.exe
  2⤵
  PID:5388
- C:\Windows\System\JauSgHa.exe
  C:\Windows\System\JauSgHa.exe
  2⤵
  PID:5468
- C:\Windows\System\LaXnPLW.exe
  C:\Windows\System\LaXnPLW.exe
  2⤵
  PID:5504
- C:\Windows\System\qYymMkH.exe
  C:\Windows\System\qYymMkH.exe
  2⤵
  PID:5580
- C:\Windows\System\ehxMAod.exe
  C:\Windows\System\ehxMAod.exe
  2⤵
  PID:5524
- C:\Windows\System\uFuICiT.exe
  C:\Windows\System\uFuICiT.exe
  2⤵
  PID:5628
- C:\Windows\System\WQSjCEz.exe
  C:\Windows\System\WQSjCEz.exe
  2⤵
  PID:5688
- C:\Windows\System\HRHNpbE.exe
  C:\Windows\System\HRHNpbE.exe
  2⤵
  PID:5784
- C:\Windows\System\MeOmBHa.exe
  C:\Windows\System\MeOmBHa.exe
  2⤵
  PID:5828
- C:\Windows\System\toqRSqx.exe
  C:\Windows\System\toqRSqx.exe
  2⤵
  PID:5860
- C:\Windows\System\OJpWtAI.exe
  C:\Windows\System\OJpWtAI.exe
  2⤵
  PID:5864
- C:\Windows\System\FEDFLIN.exe
  C:\Windows\System\FEDFLIN.exe
  2⤵
  PID:5980
- C:\Windows\System\VyOoBfk.exe
  C:\Windows\System\VyOoBfk.exe
  2⤵
  PID:6024
- C:\Windows\System\FhnSQHl.exe
  C:\Windows\System\FhnSQHl.exe
  2⤵
  PID:6088
- C:\Windows\System\hDwKotC.exe
  C:\Windows\System\hDwKotC.exe
  2⤵
  PID:6124
- C:\Windows\System\NRwIuWa.exe
  C:\Windows\System\NRwIuWa.exe
  2⤵
  PID:4188
- C:\Windows\System\LJCGRqd.exe
  C:\Windows\System\LJCGRqd.exe
  2⤵
  PID:4528
- C:\Windows\System\DqCPrSA.exe
  C:\Windows\System\DqCPrSA.exe
  2⤵
  PID:6160
- C:\Windows\System\GKEmtIS.exe
  C:\Windows\System\GKEmtIS.exe
  2⤵
  PID:6180
- C:\Windows\System\PwSxjwf.exe
  C:\Windows\System\PwSxjwf.exe
  2⤵
  PID:6200
- C:\Windows\System\pfoUtpF.exe
  C:\Windows\System\pfoUtpF.exe
  2⤵
  PID:6224
- C:\Windows\System\RgWGmnx.exe
  C:\Windows\System\RgWGmnx.exe
  2⤵
  PID:6244
- C:\Windows\System\yrNnHRP.exe
  C:\Windows\System\yrNnHRP.exe
  2⤵
  PID:6268
- C:\Windows\System\irkOzMC.exe
  C:\Windows\System\irkOzMC.exe
  2⤵
  PID:6292
- C:\Windows\System\aBQKRNi.exe
  C:\Windows\System\aBQKRNi.exe
  2⤵
  PID:6312
- C:\Windows\System\zVxbomR.exe
  C:\Windows\System\zVxbomR.exe
  2⤵
  PID:6332
- C:\Windows\System\FVdXfDD.exe
  C:\Windows\System\FVdXfDD.exe
  2⤵
  PID:6352
- C:\Windows\System\tastXZe.exe
  C:\Windows\System\tastXZe.exe
  2⤵
  PID:6372
- C:\Windows\System\mwkiTPc.exe
  C:\Windows\System\mwkiTPc.exe
  2⤵
  PID:6400
- C:\Windows\System\UEAWvAq.exe
  C:\Windows\System\UEAWvAq.exe
  2⤵
  PID:6420
- C:\Windows\System\JUyGjTg.exe
  C:\Windows\System\JUyGjTg.exe
  2⤵
  PID:6440
- C:\Windows\System\kWZilXH.exe
  C:\Windows\System\kWZilXH.exe
  2⤵
  PID:6464
- C:\Windows\System\SkjhkyN.exe
  C:\Windows\System\SkjhkyN.exe
  2⤵
  PID:6484
- C:\Windows\System\VAdHNUz.exe
  C:\Windows\System\VAdHNUz.exe
  2⤵
  PID:6504
- C:\Windows\System\WXOaXFm.exe
  C:\Windows\System\WXOaXFm.exe
  2⤵
  PID:6524
- C:\Windows\System\RGZsLaM.exe
  C:\Windows\System\RGZsLaM.exe
  2⤵
  PID:6544
- C:\Windows\System\MGhsiVI.exe
  C:\Windows\System\MGhsiVI.exe
  2⤵
  PID:6564
- C:\Windows\System\RKQVDdV.exe
  C:\Windows\System\RKQVDdV.exe
  2⤵
  PID:6584
- C:\Windows\System\YiuKgNW.exe
  C:\Windows\System\YiuKgNW.exe
  2⤵
  PID:6604
- C:\Windows\System\CniKxHB.exe
  C:\Windows\System\CniKxHB.exe
  2⤵
  PID:6624
- C:\Windows\System\ICTzrLm.exe
  C:\Windows\System\ICTzrLm.exe
  2⤵
  PID:6644
- C:\Windows\System\ttjtbUQ.exe
  C:\Windows\System\ttjtbUQ.exe
  2⤵
  PID:6664
- C:\Windows\System\HazjBtR.exe
  C:\Windows\System\HazjBtR.exe
  2⤵
  PID:6688
- C:\Windows\System\DNSOkrj.exe
  C:\Windows\System\DNSOkrj.exe
  2⤵
  PID:6708
- C:\Windows\System\dHTIeyR.exe
  C:\Windows\System\dHTIeyR.exe
  2⤵
  PID:6728
- C:\Windows\System\oLXnueR.exe
  C:\Windows\System\oLXnueR.exe
  2⤵
  PID:6748
- C:\Windows\System\EVrxjkg.exe
  C:\Windows\System\EVrxjkg.exe
  2⤵
  PID:6768
- C:\Windows\System\eFexGKc.exe
  C:\Windows\System\eFexGKc.exe
  2⤵
  PID:6788
- C:\Windows\System\GJYzigw.exe
  C:\Windows\System\GJYzigw.exe
  2⤵
  PID:6808
- C:\Windows\System\XrDZARX.exe
  C:\Windows\System\XrDZARX.exe
  2⤵
  PID:6828
- C:\Windows\System\OMykQeX.exe
  C:\Windows\System\OMykQeX.exe
  2⤵
  PID:6848
- C:\Windows\System\FZQDIJA.exe
  C:\Windows\System\FZQDIJA.exe
  2⤵
  PID:6868
- C:\Windows\System\DEvauwE.exe
  C:\Windows\System\DEvauwE.exe
  2⤵
  PID:6888
- C:\Windows\System\YfEICMl.exe
  C:\Windows\System\YfEICMl.exe
  2⤵
  PID:6908
- C:\Windows\System\nQthoHn.exe
  C:\Windows\System\nQthoHn.exe
  2⤵
  PID:6928
- C:\Windows\System\ELgjRuR.exe
  C:\Windows\System\ELgjRuR.exe
  2⤵
  PID:6948
- C:\Windows\System\LPUjUSv.exe
  C:\Windows\System\LPUjUSv.exe
  2⤵
  PID:6968
- C:\Windows\System\VFRjStt.exe
  C:\Windows\System\VFRjStt.exe
  2⤵
  PID:6988
- C:\Windows\System\xnwgxQz.exe
  C:\Windows\System\xnwgxQz.exe
  2⤵
  PID:7008
- C:\Windows\System\eSrtzxh.exe
  C:\Windows\System\eSrtzxh.exe
  2⤵
  PID:7028
- C:\Windows\System\WoYgsUS.exe
  C:\Windows\System\WoYgsUS.exe
  2⤵
  PID:7052
- C:\Windows\System\LJfbwJm.exe
  C:\Windows\System\LJfbwJm.exe
  2⤵
  PID:7072
- C:\Windows\System\sbIygcL.exe
  C:\Windows\System\sbIygcL.exe
  2⤵
  PID:7092
- C:\Windows\System\igWnRDu.exe
  C:\Windows\System\igWnRDu.exe
  2⤵
  PID:7112
- C:\Windows\System\NcqXduu.exe
  C:\Windows\System\NcqXduu.exe
  2⤵
  PID:7132
- C:\Windows\System\YEeQADo.exe
  C:\Windows\System\YEeQADo.exe
  2⤵
  PID:7152
- C:\Windows\System\hKMnihD.exe
  C:\Windows\System\hKMnihD.exe
  2⤵
  PID:4588
- C:\Windows\System\bIMUnpE.exe
  C:\Windows\System\bIMUnpE.exe
  2⤵
  PID:2656
- C:\Windows\System\TNVnILk.exe
  C:\Windows\System\TNVnILk.exe
  2⤵
  PID:4988
- C:\Windows\System\HLMzuKt.exe
  C:\Windows\System\HLMzuKt.exe
  2⤵
  PID:5040
- C:\Windows\System\QQJLTLv.exe
  C:\Windows\System\QQJLTLv.exe
  2⤵
  PID:5184
- C:\Windows\System\zQwXOpI.exe
  C:\Windows\System\zQwXOpI.exe
  2⤵
  PID:5324
- C:\Windows\System\wQTpUTE.exe
  C:\Windows\System\wQTpUTE.exe
  2⤵
  PID:5380
- C:\Windows\System\LLpsZLS.exe
  C:\Windows\System\LLpsZLS.exe
  2⤵
  PID:5464
- C:\Windows\System\gMvinQH.exe
  C:\Windows\System\gMvinQH.exe
  2⤵
  PID:5548
- C:\Windows\System\UVKvnsg.exe
  C:\Windows\System\UVKvnsg.exe
  2⤵
  PID:5704
- C:\Windows\System\BjrwHZt.exe
  C:\Windows\System\BjrwHZt.exe
  2⤵
  PID:5764
- C:\Windows\System\dDtteRJ.exe
  C:\Windows\System\dDtteRJ.exe
  2⤵
  PID:2764
- C:\Windows\System\srAQROr.exe
  C:\Windows\System\srAQROr.exe
  2⤵
  PID:5884
- C:\Windows\System\yJAXbWq.exe
  C:\Windows\System\yJAXbWq.exe
  2⤵
  PID:5988
- C:\Windows\System\bOmGQGU.exe
  C:\Windows\System\bOmGQGU.exe
  2⤵
  PID:6108
- C:\Windows\System\UIfIBJZ.exe
  C:\Windows\System\UIfIBJZ.exe
  2⤵
  PID:4164
- C:\Windows\System\ECekdME.exe
  C:\Windows\System\ECekdME.exe
  2⤵
  PID:4268
- C:\Windows\System\PaVeowH.exe
  C:\Windows\System\PaVeowH.exe
  2⤵
  PID:6172
- C:\Windows\System\TtUGVDz.exe
  C:\Windows\System\TtUGVDz.exe
  2⤵
  PID:6216
- C:\Windows\System\ZCGyTLr.exe
  C:\Windows\System\ZCGyTLr.exe
  2⤵
  PID:6264
- C:\Windows\System\warjSYD.exe
  C:\Windows\System\warjSYD.exe
  2⤵
  PID:6308
- C:\Windows\System\FHWeFZx.exe
  C:\Windows\System\FHWeFZx.exe
  2⤵
  PID:6360
- C:\Windows\System\HHUWckq.exe
  C:\Windows\System\HHUWckq.exe
  2⤵
  PID:6344
- C:\Windows\System\XUrPzYR.exe
  C:\Windows\System\XUrPzYR.exe
  2⤵
  PID:6384
- C:\Windows\System\ukkYCcC.exe
  C:\Windows\System\ukkYCcC.exe
  2⤵
  PID:6432
- C:\Windows\System\QOinDBf.exe
  C:\Windows\System\QOinDBf.exe
  2⤵
  PID:6480
- C:\Windows\System\JYiETKJ.exe
  C:\Windows\System\JYiETKJ.exe
  2⤵
  PID:6512
- C:\Windows\System\iRWWpRb.exe
  C:\Windows\System\iRWWpRb.exe
  2⤵
  PID:6516
- C:\Windows\System\AmHYfuG.exe
  C:\Windows\System\AmHYfuG.exe
  2⤵
  PID:6556
- C:\Windows\System\BXfwsQz.exe
  C:\Windows\System\BXfwsQz.exe
  2⤵
  PID:2316
- C:\Windows\System\oWgYcAT.exe
  C:\Windows\System\oWgYcAT.exe
  2⤵
  PID:6652
- C:\Windows\System\WKURhqB.exe
  C:\Windows\System\WKURhqB.exe
  2⤵
  PID:6672
- C:\Windows\System\pKFYUHS.exe
  C:\Windows\System\pKFYUHS.exe
  2⤵
  PID:6680
- C:\Windows\System\zAHOTCC.exe
  C:\Windows\System\zAHOTCC.exe
  2⤵
  PID:6724
- C:\Windows\System\alLhIUO.exe
  C:\Windows\System\alLhIUO.exe
  2⤵
  PID:6764
- C:\Windows\System\mVegHvR.exe
  C:\Windows\System\mVegHvR.exe
  2⤵
  PID:6780
- C:\Windows\System\laQhBJN.exe
  C:\Windows\System\laQhBJN.exe
  2⤵
  PID:6804
- C:\Windows\System\tobQWCe.exe
  C:\Windows\System\tobQWCe.exe
  2⤵
  PID:2856
- C:\Windows\System\YutTUii.exe
  C:\Windows\System\YutTUii.exe
  2⤵
  PID:2128
- C:\Windows\System\winJoAo.exe
  C:\Windows\System\winJoAo.exe
  2⤵
  PID:6904
- C:\Windows\System\xLtjLUS.exe
  C:\Windows\System\xLtjLUS.exe
  2⤵
  PID:6936
- C:\Windows\System\hqYegsi.exe
  C:\Windows\System\hqYegsi.exe
  2⤵
  PID:6956
- C:\Windows\System\cVrIZLL.exe
  C:\Windows\System\cVrIZLL.exe
  2⤵
  PID:6980
- C:\Windows\System\SQoEKMD.exe
  C:\Windows\System\SQoEKMD.exe
  2⤵
  PID:7024
- C:\Windows\System\IYskGwH.exe
  C:\Windows\System\IYskGwH.exe
  2⤵
  PID:7040
- C:\Windows\System\UVzThfb.exe
  C:\Windows\System\UVzThfb.exe
  2⤵
  PID:7088
- C:\Windows\System\ZDIaJBP.exe
  C:\Windows\System\ZDIaJBP.exe
  2⤵
  PID:7128
- C:\Windows\System\qGyYNpU.exe
  C:\Windows\System\qGyYNpU.exe
  2⤵
  PID:4444
- C:\Windows\System\tEDEkOg.exe
  C:\Windows\System\tEDEkOg.exe
  2⤵
  PID:4028
- C:\Windows\System\hWNVXkr.exe
  C:\Windows\System\hWNVXkr.exe
  2⤵
  PID:5140
- C:\Windows\System\iKlblGt.exe
  C:\Windows\System\iKlblGt.exe
  2⤵
  PID:5188
- C:\Windows\System\cqAwcps.exe
  C:\Windows\System\cqAwcps.exe
  2⤵
  PID:5288
- C:\Windows\System\kXusPbz.exe
  C:\Windows\System\kXusPbz.exe
  2⤵
  PID:5680
- C:\Windows\System\xDPeLWu.exe
  C:\Windows\System\xDPeLWu.exe
  2⤵
  PID:900
- C:\Windows\System\tIBIRVB.exe
  C:\Windows\System\tIBIRVB.exe
  2⤵
  PID:5740
- C:\Windows\System\hfgwXmn.exe
  C:\Windows\System\hfgwXmn.exe
  2⤵
  PID:5908
- C:\Windows\System\RDfJkif.exe
  C:\Windows\System\RDfJkif.exe
  2⤵
  PID:6028
- C:\Windows\System\YScSCya.exe
  C:\Windows\System\YScSCya.exe
  2⤵
  PID:1756
- C:\Windows\System\xqZFYps.exe
  C:\Windows\System\xqZFYps.exe
  2⤵
  PID:6196
- C:\Windows\System\ilgwNLX.exe
  C:\Windows\System\ilgwNLX.exe
  2⤵
  PID:6208
- C:\Windows\System\TXXQZXb.exe
  C:\Windows\System\TXXQZXb.exe
  2⤵
  PID:6280
- C:\Windows\System\IoqPfEN.exe
  C:\Windows\System\IoqPfEN.exe
  2⤵
  PID:6340
- C:\Windows\System\uKbAYJA.exe
  C:\Windows\System\uKbAYJA.exe
  2⤵
  PID:6428
- C:\Windows\System\gmgxkDa.exe
  C:\Windows\System\gmgxkDa.exe
  2⤵
  PID:2680
- C:\Windows\System\GokHJwW.exe
  C:\Windows\System\GokHJwW.exe
  2⤵
  PID:6540
- C:\Windows\System\dMTnBRk.exe
  C:\Windows\System\dMTnBRk.exe
  2⤵
  PID:6612
- C:\Windows\System\essVMPR.exe
  C:\Windows\System\essVMPR.exe
  2⤵
  PID:6596
- C:\Windows\System\sMbyriV.exe
  C:\Windows\System\sMbyriV.exe
  2⤵
  PID:6744
- C:\Windows\System\TdbkngW.exe
  C:\Windows\System\TdbkngW.exe
  2⤵
  PID:6760
- C:\Windows\System\mTeOHne.exe
  C:\Windows\System\mTeOHne.exe
  2⤵
  PID:2868
- C:\Windows\System\trapDIy.exe
  C:\Windows\System\trapDIy.exe
  2⤵
  PID:6820
- C:\Windows\System\vbNJXbg.exe
  C:\Windows\System\vbNJXbg.exe
  2⤵
  PID:6864
- C:\Windows\System\BaJaixd.exe
  C:\Windows\System\BaJaixd.exe
  2⤵
  PID:6916
- C:\Windows\System\xOPxPnY.exe
  C:\Windows\System\xOPxPnY.exe
  2⤵
  PID:7004
- C:\Windows\System\tqrIjEk.exe
  C:\Windows\System\tqrIjEk.exe
  2⤵
  PID:2852
- C:\Windows\System\xcopELu.exe
  C:\Windows\System\xcopELu.exe
  2⤵
  PID:7080
- C:\Windows\System\kraoumZ.exe
  C:\Windows\System\kraoumZ.exe
  2⤵
  PID:7160
- C:\Windows\System\NAcblzT.exe
  C:\Windows\System\NAcblzT.exe
  2⤵
  PID:4632
- C:\Windows\System\gnNMKJH.exe
  C:\Windows\System\gnNMKJH.exe
  2⤵
  PID:304
- C:\Windows\System\OktChKm.exe
  C:\Windows\System\OktChKm.exe
  2⤵
  PID:5360
- C:\Windows\System\tNtmrof.exe
  C:\Windows\System\tNtmrof.exe
  2⤵
  PID:5660
- C:\Windows\System\wUeFMDI.exe
  C:\Windows\System\wUeFMDI.exe
  2⤵
  PID:5748
- C:\Windows\System\ZCnYmGW.exe
  C:\Windows\System\ZCnYmGW.exe
  2⤵
  PID:1992
- C:\Windows\System\MalOpPL.exe
  C:\Windows\System\MalOpPL.exe
  2⤵
  PID:3728
- C:\Windows\System\PSvgVlE.exe
  C:\Windows\System\PSvgVlE.exe
  2⤵
  PID:6176
- C:\Windows\System\OpVRXET.exe
  C:\Windows\System\OpVRXET.exe
  2⤵
  PID:6348
- C:\Windows\System\lubofHS.exe
  C:\Windows\System\lubofHS.exe
  2⤵
  PID:6452
- C:\Windows\System\slTdFYp.exe
  C:\Windows\System\slTdFYp.exe
  2⤵
  PID:1660
- C:\Windows\System\OhqdykP.exe
  C:\Windows\System\OhqdykP.exe
  2⤵
  PID:6592
- C:\Windows\System\dyOKyEf.exe
  C:\Windows\System\dyOKyEf.exe
  2⤵
  PID:6716
- C:\Windows\System\HUbdMxr.exe
  C:\Windows\System\HUbdMxr.exe
  2⤵
  PID:6684
- C:\Windows\System\roFBACb.exe
  C:\Windows\System\roFBACb.exe
  2⤵
  PID:6736
- C:\Windows\System\stPbZFL.exe
  C:\Windows\System\stPbZFL.exe
  2⤵
  PID:6824
- C:\Windows\System\QrMtoOh.exe
  C:\Windows\System\QrMtoOh.exe
  2⤵
  PID:6876
- C:\Windows\System\IhnAzkt.exe
  C:\Windows\System\IhnAzkt.exe
  2⤵
  PID:7100
- C:\Windows\System\RYBMIrj.exe
  C:\Windows\System\RYBMIrj.exe
  2⤵
  PID:796
- C:\Windows\System\IwnWurY.exe
  C:\Windows\System\IwnWurY.exe
  2⤵
  PID:7144
- C:\Windows\System\yKsuTVJ.exe
  C:\Windows\System\yKsuTVJ.exe
  2⤵
  PID:7188
- C:\Windows\System\zLZRoIy.exe
  C:\Windows\System\zLZRoIy.exe
  2⤵
  PID:7208
- C:\Windows\System\efxmMxW.exe
  C:\Windows\System\efxmMxW.exe
  2⤵
  PID:7228
- C:\Windows\System\OjBNYot.exe
  C:\Windows\System\OjBNYot.exe
  2⤵
  PID:7244
- C:\Windows\System\UYwLQvR.exe
  C:\Windows\System\UYwLQvR.exe
  2⤵
  PID:7264
- C:\Windows\System\OHZkgnf.exe
  C:\Windows\System\OHZkgnf.exe
  2⤵
  PID:7288
- C:\Windows\System\spQnojs.exe
  C:\Windows\System\spQnojs.exe
  2⤵
  PID:7308
- C:\Windows\System\qqjniDs.exe
  C:\Windows\System\qqjniDs.exe
  2⤵
  PID:7328
- C:\Windows\System\UkYggZq.exe
  C:\Windows\System\UkYggZq.exe
  2⤵
  PID:7348
- C:\Windows\System\naccNAY.exe
  C:\Windows\System\naccNAY.exe
  2⤵
  PID:7368
- C:\Windows\System\TEMSkXg.exe
  C:\Windows\System\TEMSkXg.exe
  2⤵
  PID:7388
- C:\Windows\System\ZGDQMbX.exe
  C:\Windows\System\ZGDQMbX.exe
  2⤵
  PID:7408
- C:\Windows\System\xrJMGcY.exe
  C:\Windows\System\xrJMGcY.exe
  2⤵
  PID:7428
- C:\Windows\System\xtZPnZG.exe
  C:\Windows\System\xtZPnZG.exe
  2⤵
  PID:7448
- C:\Windows\System\vmouRni.exe
  C:\Windows\System\vmouRni.exe
  2⤵
  PID:7468
- C:\Windows\System\navYwmO.exe
  C:\Windows\System\navYwmO.exe
  2⤵
  PID:7488
- C:\Windows\System\jCvFguG.exe
  C:\Windows\System\jCvFguG.exe
  2⤵
  PID:7508
- C:\Windows\System\JvrnMhM.exe
  C:\Windows\System\JvrnMhM.exe
  2⤵
  PID:7528
- C:\Windows\System\jMXvfgV.exe
  C:\Windows\System\jMXvfgV.exe
  2⤵
  PID:7548
- C:\Windows\System\hrVsBdo.exe
  C:\Windows\System\hrVsBdo.exe
  2⤵
  PID:7568
- C:\Windows\System\evptCjJ.exe
  C:\Windows\System\evptCjJ.exe
  2⤵
  PID:7588
- C:\Windows\System\fNpPxeL.exe
  C:\Windows\System\fNpPxeL.exe
  2⤵
  PID:7608
- C:\Windows\System\HdlHjhV.exe
  C:\Windows\System\HdlHjhV.exe
  2⤵
  PID:7628
- C:\Windows\System\VeOKtCN.exe
  C:\Windows\System\VeOKtCN.exe
  2⤵
  PID:7648
- C:\Windows\System\TLTcJOL.exe
  C:\Windows\System\TLTcJOL.exe
  2⤵
  PID:7668
- C:\Windows\System\GaHiVej.exe
  C:\Windows\System\GaHiVej.exe
  2⤵
  PID:7688
- C:\Windows\System\pAYBusK.exe
  C:\Windows\System\pAYBusK.exe
  2⤵
  PID:7708
- C:\Windows\System\bsToZIu.exe
  C:\Windows\System\bsToZIu.exe
  2⤵
  PID:7728
- C:\Windows\System\pfuaFfD.exe
  C:\Windows\System\pfuaFfD.exe
  2⤵
  PID:7748
- C:\Windows\System\oJFvjjO.exe
  C:\Windows\System\oJFvjjO.exe
  2⤵
  PID:7768
- C:\Windows\System\ZZMKPld.exe
  C:\Windows\System\ZZMKPld.exe
  2⤵
  PID:7788
- C:\Windows\System\jthLiXD.exe
  C:\Windows\System\jthLiXD.exe
  2⤵
  PID:7808
- C:\Windows\System\IJpIGwt.exe
  C:\Windows\System\IJpIGwt.exe
  2⤵
  PID:7828
- C:\Windows\System\NlUvubV.exe
  C:\Windows\System\NlUvubV.exe
  2⤵
  PID:7848
- C:\Windows\System\IHiANyo.exe
  C:\Windows\System\IHiANyo.exe
  2⤵
  PID:7868
- C:\Windows\System\XiOzGsS.exe
  C:\Windows\System\XiOzGsS.exe
  2⤵
  PID:7884
- C:\Windows\System\LsHwqWz.exe
  C:\Windows\System\LsHwqWz.exe
  2⤵
  PID:7908
- C:\Windows\System\bbPnJtc.exe
  C:\Windows\System\bbPnJtc.exe
  2⤵
  PID:7928
- C:\Windows\System\fswfdFL.exe
  C:\Windows\System\fswfdFL.exe
  2⤵
  PID:7952
- C:\Windows\System\OznuKaU.exe
  C:\Windows\System\OznuKaU.exe
  2⤵
  PID:7972
- C:\Windows\System\uMjyedI.exe
  C:\Windows\System\uMjyedI.exe
  2⤵
  PID:7988
- C:\Windows\System\rpATzLy.exe
  C:\Windows\System\rpATzLy.exe
  2⤵
  PID:8008
- C:\Windows\System\rcSnMWi.exe
  C:\Windows\System\rcSnMWi.exe
  2⤵
  PID:8032
- C:\Windows\System\eFWxSQu.exe
  C:\Windows\System\eFWxSQu.exe
  2⤵
  PID:8052
- C:\Windows\System\IhTKgBb.exe
  C:\Windows\System\IhTKgBb.exe
  2⤵
  PID:8072
- C:\Windows\System\nqxbPSq.exe
  C:\Windows\System\nqxbPSq.exe
  2⤵
  PID:8092
- C:\Windows\System\igGLphP.exe
  C:\Windows\System\igGLphP.exe
  2⤵
  PID:8112
- C:\Windows\System\NjzHugx.exe
  C:\Windows\System\NjzHugx.exe
  2⤵
  PID:8132
- C:\Windows\System\LfeVPAR.exe
  C:\Windows\System\LfeVPAR.exe
  2⤵
  PID:8152
- C:\Windows\System\tCPuEho.exe
  C:\Windows\System\tCPuEho.exe
  2⤵
  PID:8172
- C:\Windows\System\PNpBIsJ.exe
  C:\Windows\System\PNpBIsJ.exe
  2⤵
  PID:4764
- C:\Windows\System\DLFoLcw.exe
  C:\Windows\System\DLFoLcw.exe
  2⤵
  PID:5060
- C:\Windows\System\XVXcDDT.exe
  C:\Windows\System\XVXcDDT.exe
  2⤵
  PID:5900
- C:\Windows\System\YuLzAQf.exe
  C:\Windows\System\YuLzAQf.exe
  2⤵
  PID:1908
- C:\Windows\System\iFJdHfh.exe
  C:\Windows\System\iFJdHfh.exe
  2⤵
  PID:6276
- C:\Windows\System\VaZegee.exe
  C:\Windows\System\VaZegee.exe
  2⤵
  PID:6188
- C:\Windows\System\nLjDnpc.exe
  C:\Windows\System\nLjDnpc.exe
  2⤵
  PID:6492
- C:\Windows\System\xNZZWsg.exe
  C:\Windows\System\xNZZWsg.exe
  2⤵
  PID:2248
- C:\Windows\System\nanMMhF.exe
  C:\Windows\System\nanMMhF.exe
  2⤵
  PID:6776
- C:\Windows\System\IgIXXNA.exe
  C:\Windows\System\IgIXXNA.exe
  2⤵
  PID:6796
- C:\Windows\System\bxuuOde.exe
  C:\Windows\System\bxuuOde.exe
  2⤵
  PID:6880
- C:\Windows\System\gIYuZbr.exe
  C:\Windows\System\gIYuZbr.exe
  2⤵
  PID:7000
- C:\Windows\System\BHJMzyK.exe
  C:\Windows\System\BHJMzyK.exe
  2⤵
  PID:7184
- C:\Windows\System\GQSPlaY.exe
  C:\Windows\System\GQSPlaY.exe
  2⤵
  PID:7200
- C:\Windows\System\FpzYiDc.exe
  C:\Windows\System\FpzYiDc.exe
  2⤵
  PID:7256
- C:\Windows\System\oUvokQl.exe
  C:\Windows\System\oUvokQl.exe
  2⤵
  PID:7272
- C:\Windows\System\RssgTMe.exe
  C:\Windows\System\RssgTMe.exe
  2⤵
  PID:7316
- C:\Windows\System\NtryDhl.exe
  C:\Windows\System\NtryDhl.exe
  2⤵
  PID:7340
- C:\Windows\System\VKKMnom.exe
  C:\Windows\System\VKKMnom.exe
  2⤵
  PID:7376
- C:\Windows\System\INvWIqL.exe
  C:\Windows\System\INvWIqL.exe
  2⤵
  PID:7404
- C:\Windows\System\BIQqXYs.exe
  C:\Windows\System\BIQqXYs.exe
  2⤵
  PID:7456
- C:\Windows\System\SIFrXCR.exe
  C:\Windows\System\SIFrXCR.exe
  2⤵
  PID:7476
- C:\Windows\System\cGPPKbi.exe
  C:\Windows\System\cGPPKbi.exe
  2⤵
  PID:7500
- C:\Windows\System\FKAHaRm.exe
  C:\Windows\System\FKAHaRm.exe
  2⤵
  PID:7544
- C:\Windows\System\SfNuCKP.exe
  C:\Windows\System\SfNuCKP.exe
  2⤵
  PID:7556
- C:\Windows\System\nuwqKwK.exe
  C:\Windows\System\nuwqKwK.exe
  2⤵
  PID:7596
- C:\Windows\System\aonRPib.exe
  C:\Windows\System\aonRPib.exe
  2⤵
  PID:7644
- C:\Windows\System\qnhxcQF.exe
  C:\Windows\System\qnhxcQF.exe
  2⤵
  PID:7696
- C:\Windows\System\NScBIAb.exe
  C:\Windows\System\NScBIAb.exe
  2⤵
  PID:7700
- C:\Windows\System\xHEvyHj.exe
  C:\Windows\System\xHEvyHj.exe
  2⤵
  PID:7724
- C:\Windows\System\aIPSpWp.exe
  C:\Windows\System\aIPSpWp.exe
  2⤵
  PID:7756
- C:\Windows\System\EmNaJlh.exe
  C:\Windows\System\EmNaJlh.exe
  2⤵
  PID:7824
- C:\Windows\System\lQrCWPM.exe
  C:\Windows\System\lQrCWPM.exe
  2⤵
  PID:7864
- C:\Windows\System\QsHmnSV.exe
  C:\Windows\System\QsHmnSV.exe
  2⤵
  PID:7900
- C:\Windows\System\LpUULYC.exe
  C:\Windows\System\LpUULYC.exe
  2⤵
  PID:7948
- C:\Windows\System\LzPXULq.exe
  C:\Windows\System\LzPXULq.exe
  2⤵
  PID:7980
- C:\Windows\System\tsYQFXv.exe
  C:\Windows\System\tsYQFXv.exe
  2⤵
  PID:8016
- C:\Windows\System\PAtunJZ.exe
  C:\Windows\System\PAtunJZ.exe
  2⤵
  PID:8004
- C:\Windows\System\AMMUWFb.exe
  C:\Windows\System\AMMUWFb.exe
  2⤵
  PID:8040
- C:\Windows\System\fJxuccd.exe
  C:\Windows\System\fJxuccd.exe
  2⤵
  PID:8108
- C:\Windows\System\SVdqlXj.exe
  C:\Windows\System\SVdqlXj.exe
  2⤵
  PID:8148
- C:\Windows\System\oZuFNAK.exe
  C:\Windows\System\oZuFNAK.exe
  2⤵
  PID:8180
- C:\Windows\System\eUuthOq.exe
  C:\Windows\System\eUuthOq.exe
  2⤵
  PID:8184
- C:\Windows\System\kRxkhXQ.exe
  C:\Windows\System\kRxkhXQ.exe
  2⤵
  PID:5528
- C:\Windows\System\PYHuZar.exe
  C:\Windows\System\PYHuZar.exe
  2⤵
  PID:6156
- C:\Windows\System\qNGiADm.exe
  C:\Windows\System\qNGiADm.exe
  2⤵
  PID:6388
- C:\Windows\System\hTdLvdP.exe
  C:\Windows\System\hTdLvdP.exe
  2⤵
  PID:2872
- C:\Windows\System\jpEpZbS.exe
  C:\Windows\System\jpEpZbS.exe
  2⤵
  PID:4380
- C:\Windows\System\jFMuEsk.exe
  C:\Windows\System\jFMuEsk.exe
  2⤵
  PID:7104
- C:\Windows\System\IQEDIzm.exe
  C:\Windows\System\IQEDIzm.exe
  2⤵
  PID:7064
- C:\Windows\System\srBpZFN.exe
  C:\Windows\System\srBpZFN.exe
  2⤵
  PID:7252
- C:\Windows\System\STqmyYz.exe
  C:\Windows\System\STqmyYz.exe
  2⤵
  PID:7296
- C:\Windows\System\tRprStd.exe
  C:\Windows\System\tRprStd.exe
  2⤵
  PID:7344
- C:\Windows\System\xGtebEC.exe
  C:\Windows\System\xGtebEC.exe
  2⤵
  PID:7380
- C:\Windows\System\RuIEQJw.exe
  C:\Windows\System\RuIEQJw.exe
  2⤵
  PID:7416
- C:\Windows\System\JtNTFLN.exe
  C:\Windows\System\JtNTFLN.exe
  2⤵
  PID:7444
- C:\Windows\System\tVpSVKX.exe
  C:\Windows\System\tVpSVKX.exe
  2⤵
  PID:7536
- C:\Windows\System\hqosdQQ.exe
  C:\Windows\System\hqosdQQ.exe
  2⤵
  PID:7560
- C:\Windows\System\imntkPZ.exe
  C:\Windows\System\imntkPZ.exe
  2⤵
  PID:7656
- C:\Windows\System\iNsQQfR.exe
  C:\Windows\System\iNsQQfR.exe
  2⤵
  PID:7664
- C:\Windows\System\iolhQMd.exe
  C:\Windows\System\iolhQMd.exe
  2⤵
  PID:7744
- C:\Windows\System\sHGQyyB.exe
  C:\Windows\System\sHGQyyB.exe
  2⤵
  PID:7816
- C:\Windows\System\mrnDGgL.exe
  C:\Windows\System\mrnDGgL.exe
  2⤵
  PID:7840
- C:\Windows\System\FVfMPlk.exe
  C:\Windows\System\FVfMPlk.exe
  2⤵
  PID:7924
- C:\Windows\System\wipvpRJ.exe
  C:\Windows\System\wipvpRJ.exe
  2⤵
  PID:8028
- C:\Windows\System\JQtEkrh.exe
  C:\Windows\System\JQtEkrh.exe
  2⤵
  PID:8064
- C:\Windows\System\aFaGMip.exe
  C:\Windows\System\aFaGMip.exe
  2⤵
  PID:8104
- C:\Windows\System\lmiYRkz.exe
  C:\Windows\System\lmiYRkz.exe
  2⤵
  PID:8124
- C:\Windows\System\NbyefEF.exe
  C:\Windows\System\NbyefEF.exe
  2⤵
  PID:6520
- C:\Windows\System\PMAyaAv.exe
  C:\Windows\System\PMAyaAv.exe
  2⤵
  PID:5644
- C:\Windows\System\WJDZAtB.exe
  C:\Windows\System\WJDZAtB.exe
  2⤵
  PID:6304
- C:\Windows\System\ZivBJAb.exe
  C:\Windows\System\ZivBJAb.exe
  2⤵
  PID:7196
- C:\Windows\System\XSOKxfa.exe
  C:\Windows\System\XSOKxfa.exe
  2⤵
  PID:7940
- C:\Windows\System\eEwunFW.exe
  C:\Windows\System\eEwunFW.exe
  2⤵
  PID:4708
- C:\Windows\System\duMLMlI.exe
  C:\Windows\System\duMLMlI.exe
  2⤵
  PID:7280
- C:\Windows\System\WUzJCRN.exe
  C:\Windows\System\WUzJCRN.exe
  2⤵
  PID:7524
- C:\Windows\System\avqbgoc.exe
  C:\Windows\System\avqbgoc.exe
  2⤵
  PID:7460
- C:\Windows\System\HbdcpLa.exe
  C:\Windows\System\HbdcpLa.exe
  2⤵
  PID:7580
- C:\Windows\System\mFYgwcg.exe
  C:\Windows\System\mFYgwcg.exe
  2⤵
  PID:7780
- C:\Windows\System\LfdUBRx.exe
  C:\Windows\System\LfdUBRx.exe
  2⤵
  PID:7920
- C:\Windows\System\YPXGPoA.exe
  C:\Windows\System\YPXGPoA.exe
  2⤵
  PID:7760
- C:\Windows\System\wvItpRs.exe
  C:\Windows\System\wvItpRs.exe
  2⤵
  PID:8000
- C:\Windows\System\RTMKMBi.exe
  C:\Windows\System\RTMKMBi.exe
  2⤵
  PID:5924
- C:\Windows\System\srojGds.exe
  C:\Windows\System\srojGds.exe
  2⤵
  PID:8080
- C:\Windows\System\jryDNok.exe
  C:\Windows\System\jryDNok.exe
  2⤵
  PID:8212
- C:\Windows\System\BsnSFLY.exe
  C:\Windows\System\BsnSFLY.exe
  2⤵
  PID:8232
- C:\Windows\System\BMzAUBG.exe
  C:\Windows\System\BMzAUBG.exe
  2⤵
  PID:8252
- C:\Windows\System\GIBiJIH.exe
  C:\Windows\System\GIBiJIH.exe
  2⤵
  PID:8272
- C:\Windows\System\qMuHqGn.exe
  C:\Windows\System\qMuHqGn.exe
  2⤵
  PID:8292
- C:\Windows\System\euHKiQW.exe
  C:\Windows\System\euHKiQW.exe
  2⤵
  PID:8312
- C:\Windows\System\iXFSKIs.exe
  C:\Windows\System\iXFSKIs.exe
  2⤵
  PID:8336
- C:\Windows\System\IefRoaw.exe
  C:\Windows\System\IefRoaw.exe
  2⤵
  PID:8352
- C:\Windows\System\pLyeHcx.exe
  C:\Windows\System\pLyeHcx.exe
  2⤵
  PID:8376
- C:\Windows\System\yTRWIwW.exe
  C:\Windows\System\yTRWIwW.exe
  2⤵
  PID:8392
- C:\Windows\System\bmidZVR.exe
  C:\Windows\System\bmidZVR.exe
  2⤵
  PID:8416
- C:\Windows\System\pkDiThI.exe
  C:\Windows\System\pkDiThI.exe
  2⤵
  PID:8436
- C:\Windows\System\qHPxnPN.exe
  C:\Windows\System\qHPxnPN.exe
  2⤵
  PID:8456
- C:\Windows\System\kOeuXqJ.exe
  C:\Windows\System\kOeuXqJ.exe
  2⤵
  PID:8476
- C:\Windows\System\epimweZ.exe
  C:\Windows\System\epimweZ.exe
  2⤵
  PID:8492
- C:\Windows\System\sSCgqek.exe
  C:\Windows\System\sSCgqek.exe
  2⤵
  PID:8512
- C:\Windows\System\FQimfUF.exe
  C:\Windows\System\FQimfUF.exe
  2⤵
  PID:8536
- C:\Windows\System\BYECaKY.exe
  C:\Windows\System\BYECaKY.exe
  2⤵
  PID:8556
- C:\Windows\System\VGDNamU.exe
  C:\Windows\System\VGDNamU.exe
  2⤵
  PID:8580
- C:\Windows\System\PfXesSO.exe
  C:\Windows\System\PfXesSO.exe
  2⤵
  PID:8600
- C:\Windows\System\XVqGBmG.exe
  C:\Windows\System\XVqGBmG.exe
  2⤵
  PID:8620
- C:\Windows\System\iwzoXDF.exe
  C:\Windows\System\iwzoXDF.exe
  2⤵
  PID:8640
- C:\Windows\System\RpiEyhg.exe
  C:\Windows\System\RpiEyhg.exe
  2⤵
  PID:8660
- C:\Windows\System\EtfOteu.exe
  C:\Windows\System\EtfOteu.exe
  2⤵
  PID:8680
- C:\Windows\System\rsfTity.exe
  C:\Windows\System\rsfTity.exe
  2⤵
  PID:8700
- C:\Windows\System\MXftboH.exe
  C:\Windows\System\MXftboH.exe
  2⤵
  PID:8720
- C:\Windows\System\etfHOEg.exe
  C:\Windows\System\etfHOEg.exe
  2⤵
  PID:8740
- C:\Windows\System\YDwmVtu.exe
  C:\Windows\System\YDwmVtu.exe
  2⤵
  PID:8760
- C:\Windows\System\JqjjYCL.exe
  C:\Windows\System\JqjjYCL.exe
  2⤵
  PID:8780
- C:\Windows\System\SfcVKYB.exe
  C:\Windows\System\SfcVKYB.exe
  2⤵
  PID:8796
- C:\Windows\System\AazuOVe.exe
  C:\Windows\System\AazuOVe.exe
  2⤵
  PID:8812
- C:\Windows\System\evgIKhl.exe
  C:\Windows\System\evgIKhl.exe
  2⤵
  PID:8828
- C:\Windows\System\QjgJtxD.exe
  C:\Windows\System\QjgJtxD.exe
  2⤵
  PID:8844
- C:\Windows\System\UUbVxni.exe
  C:\Windows\System\UUbVxni.exe
  2⤵
  PID:8860
- C:\Windows\System\VNggywI.exe
  C:\Windows\System\VNggywI.exe
  2⤵
  PID:8876
- C:\Windows\System\VRKuAoH.exe
  C:\Windows\System\VRKuAoH.exe
  2⤵
  PID:8892
- C:\Windows\System\lSnwfij.exe
  C:\Windows\System\lSnwfij.exe
  2⤵
  PID:8912
- C:\Windows\System\ohVMPoJ.exe
  C:\Windows\System\ohVMPoJ.exe
  2⤵
  PID:8932
- C:\Windows\System\YsTrFSV.exe
  C:\Windows\System\YsTrFSV.exe
  2⤵
  PID:8948
- C:\Windows\System\bENbHxZ.exe
  C:\Windows\System\bENbHxZ.exe
  2⤵
  PID:8964
- C:\Windows\System\cdKwBRj.exe
  C:\Windows\System\cdKwBRj.exe
  2⤵
  PID:8980
- C:\Windows\System\WGRZIsa.exe
  C:\Windows\System\WGRZIsa.exe
  2⤵
  PID:9004
- C:\Windows\System\bjzfvSg.exe
  C:\Windows\System\bjzfvSg.exe
  2⤵
  PID:9020
- C:\Windows\System\sCcZTdO.exe
  C:\Windows\System\sCcZTdO.exe
  2⤵
  PID:9044
- C:\Windows\System\ZitiePE.exe
  C:\Windows\System\ZitiePE.exe
  2⤵
  PID:9060
- C:\Windows\System\XGILYwi.exe
  C:\Windows\System\XGILYwi.exe
  2⤵
  PID:9080
- C:\Windows\System\NCdIOmN.exe
  C:\Windows\System\NCdIOmN.exe
  2⤵
  PID:9096
- C:\Windows\System\WDXrsWg.exe
  C:\Windows\System\WDXrsWg.exe
  2⤵
  PID:9112
- C:\Windows\System\BlwlOgC.exe
  C:\Windows\System\BlwlOgC.exe
  2⤵
  PID:9128
- C:\Windows\System\xCnaefL.exe
  C:\Windows\System\xCnaefL.exe
  2⤵
  PID:9144
- C:\Windows\System\eLxyAji.exe
  C:\Windows\System\eLxyAji.exe
  2⤵
  PID:9160
- C:\Windows\System\AtdNVlU.exe
  C:\Windows\System\AtdNVlU.exe
  2⤵
  PID:9204
- C:\Windows\System\JeRgPXg.exe
  C:\Windows\System\JeRgPXg.exe
  2⤵
  PID:7320
- C:\Windows\System\NBKBLyE.exe
  C:\Windows\System\NBKBLyE.exe
  2⤵
  PID:7240
- C:\Windows\System\KpCHXcl.exe
  C:\Windows\System\KpCHXcl.exe
  2⤵
  PID:7364
- C:\Windows\System\ptZKuGH.exe
  C:\Windows\System\ptZKuGH.exe
  2⤵
  PID:2544
- C:\Windows\System\snGHBZf.exe
  C:\Windows\System\snGHBZf.exe
  2⤵
  PID:2796
- C:\Windows\System\HlQBXUi.exe
  C:\Windows\System\HlQBXUi.exe
  2⤵
  PID:7968
- C:\Windows\System\cqDlBLH.exe
  C:\Windows\System\cqDlBLH.exe
  2⤵
  PID:7704
- C:\Windows\System\SRjjojw.exe
  C:\Windows\System\SRjjojw.exe
  2⤵
  PID:8100
- C:\Windows\System\RlWvnoX.exe
  C:\Windows\System\RlWvnoX.exe
  2⤵
  PID:8084
- C:\Windows\System\VWTiuMo.exe
  C:\Windows\System\VWTiuMo.exe
  2⤵
  PID:8204
- C:\Windows\System\NHJfVsU.exe
  C:\Windows\System\NHJfVsU.exe
  2⤵
  PID:8248
- C:\Windows\System\diKtwqw.exe
  C:\Windows\System\diKtwqw.exe
  2⤵
  PID:8224
- C:\Windows\System\HXWVmDx.exe
  C:\Windows\System\HXWVmDx.exe
  2⤵
  PID:8288
- C:\Windows\System\HkBdkAl.exe
  C:\Windows\System\HkBdkAl.exe
  2⤵
  PID:8300
- C:\Windows\System\vwSXNde.exe
  C:\Windows\System\vwSXNde.exe
  2⤵
  PID:8344
- C:\Windows\System\aJmRofF.exe
  C:\Windows\System\aJmRofF.exe
  2⤵
  PID:8400
- C:\Windows\System\koyXGDO.exe
  C:\Windows\System\koyXGDO.exe
  2⤵
  PID:8404
- C:\Windows\System\bbVLaLy.exe
  C:\Windows\System\bbVLaLy.exe
  2⤵
  PID:8448
- C:\Windows\System\ItTaygH.exe
  C:\Windows\System\ItTaygH.exe
  2⤵
  PID:8472
- C:\Windows\System\vKrmDuD.exe
  C:\Windows\System\vKrmDuD.exe
  2⤵
  PID:8532
- C:\Windows\System\psmcwGG.exe
  C:\Windows\System\psmcwGG.exe
  2⤵
  PID:8612
- C:\Windows\System\RVutYLn.exe
  C:\Windows\System\RVutYLn.exe
  2⤵
  PID:8652
- C:\Windows\System\sgaeAXI.exe
  C:\Windows\System\sgaeAXI.exe
  2⤵
  PID:8728
- C:\Windows\System\VIJJNal.exe
  C:\Windows\System\VIJJNal.exe
  2⤵
  PID:8712
- C:\Windows\System\etjLlvo.exe
  C:\Windows\System\etjLlvo.exe
  2⤵
  PID:8748
- C:\Windows\System\SUHzngy.exe
  C:\Windows\System\SUHzngy.exe
  2⤵
  PID:8808
- C:\Windows\System\gglczom.exe
  C:\Windows\System\gglczom.exe
  2⤵
  PID:8872
- C:\Windows\System\CVpoQPr.exe
  C:\Windows\System\CVpoQPr.exe
  2⤵
  PID:8976
- C:\Windows\System\lotGAzc.exe
  C:\Windows\System\lotGAzc.exe
  2⤵
  PID:8960
- C:\Windows\System\GObaWDk.exe
  C:\Windows\System\GObaWDk.exe
  2⤵
  PID:9012
- C:\Windows\System\AEosSBW.exe
  C:\Windows\System\AEosSBW.exe
  2⤵
  PID:9028
- C:\Windows\System\mwpKoZU.exe
  C:\Windows\System\mwpKoZU.exe
  2⤵
  PID:9056
- C:\Windows\System\nMDqemj.exe
  C:\Windows\System\nMDqemj.exe
  2⤵
  PID:9076
- C:\Windows\System\SbGJMUZ.exe
  C:\Windows\System\SbGJMUZ.exe
  2⤵
  PID:9108
- C:\Windows\System\gzWCsur.exe
  C:\Windows\System\gzWCsur.exe
  2⤵
  PID:9152
- C:\Windows\System\JCMSRsd.exe
  C:\Windows\System\JCMSRsd.exe
  2⤵
  PID:9176
- C:\Windows\System\EJGOGzQ.exe
  C:\Windows\System\EJGOGzQ.exe
  2⤵
  PID:9188
- C:\Windows\System\akQHzKf.exe
  C:\Windows\System\akQHzKf.exe
  2⤵
  PID:9200
- C:\Windows\System\RQrJpzF.exe
  C:\Windows\System\RQrJpzF.exe
  2⤵
  PID:3216
- C:\Windows\System\sYZzibM.exe
  C:\Windows\System\sYZzibM.exe
  2⤵
  PID:6964
- C:\Windows\System\udTcNMM.exe
  C:\Windows\System\udTcNMM.exe
  2⤵
  PID:8128
- C:\Windows\System\SGqFuIt.exe
  C:\Windows\System\SGqFuIt.exe
  2⤵
  PID:4700
- C:\Windows\System\wqUvMWs.exe
  C:\Windows\System\wqUvMWs.exe
  2⤵
  PID:6636
- C:\Windows\System\INTCtOM.exe
  C:\Windows\System\INTCtOM.exe
  2⤵
  PID:7600
- C:\Windows\System\EdJkQLG.exe
  C:\Windows\System\EdJkQLG.exe
  2⤵
  PID:7964
- C:\Windows\System\ukhXZSs.exe
  C:\Windows\System\ukhXZSs.exe
  2⤵
  PID:7936
- C:\Windows\System\mtmZKRo.exe
  C:\Windows\System\mtmZKRo.exe
  2⤵
  PID:8200
- C:\Windows\System\dzjEYtG.exe
  C:\Windows\System\dzjEYtG.exe
  2⤵
  PID:8240
- C:\Windows\System\pFueHvV.exe
  C:\Windows\System\pFueHvV.exe
  2⤵
  PID:1968
- C:\Windows\System\RsHeMWP.exe
  C:\Windows\System\RsHeMWP.exe
  2⤵
  PID:8332
- C:\Windows\System\EyrNHdw.exe
  C:\Windows\System\EyrNHdw.exe
  2⤵
  PID:8408
- C:\Windows\System\VAoHOLo.exe
  C:\Windows\System\VAoHOLo.exe
  2⤵
  PID:1084
- C:\Windows\System\bLlFeAw.exe
  C:\Windows\System\bLlFeAw.exe
  2⤵
  PID:8444
- C:\Windows\System\HDgqaCK.exe
  C:\Windows\System\HDgqaCK.exe
  2⤵
  PID:8428
- C:\Windows\System\tYJsTjx.exe
  C:\Windows\System\tYJsTjx.exe
  2⤵
  PID:4308
- C:\Windows\System\VaYZxyH.exe
  C:\Windows\System\VaYZxyH.exe
  2⤵
  PID:3004
- C:\Windows\System\dhlwpuo.exe
  C:\Windows\System\dhlwpuo.exe
  2⤵
  PID:5968
- C:\Windows\System\rQoLQfj.exe
  C:\Windows\System\rQoLQfj.exe
  2⤵
  PID:2144
- C:\Windows\System\XPEauPf.exe
  C:\Windows\System\XPEauPf.exe
  2⤵
  PID:600
- C:\Windows\System\lASXfHt.exe
  C:\Windows\System\lASXfHt.exe
  2⤵
  PID:2996
- C:\Windows\System\WXVihXW.exe
  C:\Windows\System\WXVihXW.exe
  2⤵
  PID:8576
- C:\Windows\System\tqnWLqA.exe
  C:\Windows\System\tqnWLqA.exe
  2⤵
  PID:2784
- C:\Windows\System\XyCjjcL.exe
  C:\Windows\System\XyCjjcL.exe
  2⤵
  PID:2744
- C:\Windows\System\vXnAGCQ.exe
  C:\Windows\System\vXnAGCQ.exe
  2⤵
  PID:8668
- C:\Windows\System\mccSTTg.exe
  C:\Windows\System\mccSTTg.exe
  2⤵
  PID:572
- C:\Windows\System\ZGyziDl.exe
  C:\Windows\System\ZGyziDl.exe
  2⤵
  PID:1136
- C:\Windows\System\ujUjUdQ.exe
  C:\Windows\System\ujUjUdQ.exe
  2⤵
  PID:2900
- C:\Windows\System\laNBqtG.exe
  C:\Windows\System\laNBqtG.exe
  2⤵
  PID:8772
- C:\Windows\System\HkrwZQy.exe
  C:\Windows\System\HkrwZQy.exe
  2⤵
  PID:8792
- C:\Windows\System\GpHxFZh.exe
  C:\Windows\System\GpHxFZh.exe
  2⤵
  PID:1856
- C:\Windows\System\bzsYakW.exe
  C:\Windows\System\bzsYakW.exe
  2⤵
  PID:8840
- C:\Windows\System\PxNtoJV.exe
  C:\Windows\System\PxNtoJV.exe
  2⤵
  PID:2696
- C:\Windows\System\CpNURVh.exe
  C:\Windows\System\CpNURVh.exe
  2⤵
  PID:6300
- C:\Windows\System\bmAhmpo.exe
  C:\Windows\System\bmAhmpo.exe
  2⤵
  PID:8304
- C:\Windows\System\sprHYLX.exe
  C:\Windows\System\sprHYLX.exe
  2⤵
  PID:3156
- C:\Windows\System\vuXEIdd.exe
  C:\Windows\System\vuXEIdd.exe
  2⤵
  PID:8168
- C:\Windows\System\TgUdHcx.exe
  C:\Windows\System\TgUdHcx.exe
  2⤵
  PID:8348
- C:\Windows\System\AlLcIhg.exe
  C:\Windows\System\AlLcIhg.exe
  2⤵
  PID:8368
- C:\Windows\System\rMzfpoq.exe
  C:\Windows\System\rMzfpoq.exe
  2⤵
  PID:2816
- C:\Windows\System\Wgbztyq.exe
  C:\Windows\System\Wgbztyq.exe
  2⤵
  PID:2176
- C:\Windows\System\NebuoQX.exe
  C:\Windows\System\NebuoQX.exe
  2⤵
  PID:1368
- C:\Windows\System\AUkyxMB.exe
  C:\Windows\System\AUkyxMB.exe
  2⤵
  PID:8552
- C:\Windows\System\iShmnzc.exe
  C:\Windows\System\iShmnzc.exe
  2⤵
  PID:8608
- C:\Windows\System\DPNNdYr.exe
  C:\Windows\System\DPNNdYr.exe
  2⤵
  PID:8616
- C:\Windows\System\aSYItXY.exe
  C:\Windows\System\aSYItXY.exe
  2⤵
  PID:8752
- C:\Windows\System\QWLPpKa.exe
  C:\Windows\System\QWLPpKa.exe
  2⤵
  PID:2428
- C:\Windows\System\WYFcuLn.exe
  C:\Windows\System\WYFcuLn.exe
  2⤵
  PID:8776
- C:\Windows\System\JrgvSHY.exe
  C:\Windows\System\JrgvSHY.exe
  2⤵
  PID:1560
- C:\Windows\System\OVMgYgy.exe
  C:\Windows\System\OVMgYgy.exe
  2⤵
  PID:8888
- C:\Windows\System\UuLSCRw.exe
  C:\Windows\System\UuLSCRw.exe
  2⤵
  PID:8904
- C:\Windows\System\yykaPfx.exe
  C:\Windows\System\yykaPfx.exe
  2⤵
  PID:2612
- C:\Windows\System\mlZlQMt.exe
  C:\Windows\System\mlZlQMt.exe
  2⤵
  PID:9104
- C:\Windows\System\vpbfwha.exe
  C:\Windows\System\vpbfwha.exe
  2⤵
  PID:9192
- C:\Windows\System\eMCajYv.exe
  C:\Windows\System\eMCajYv.exe
  2⤵
  PID:8412
- C:\Windows\System\UXjYRMv.exe
  C:\Windows\System\UXjYRMv.exe
  2⤵
  PID:7844
- C:\Windows\System\YXzJWZQ.exe
  C:\Windows\System\YXzJWZQ.exe
  2⤵
  PID:8432
- C:\Windows\System\GJsVQuj.exe
  C:\Windows\System\GJsVQuj.exe
  2⤵
  PID:8268
- C:\Windows\System\vmXzJAl.exe
  C:\Windows\System\vmXzJAl.exe
  2⤵
  PID:3016
- C:\Windows\System\FFucnXV.exe
  C:\Windows\System\FFucnXV.exe
  2⤵
  PID:1396
- C:\Windows\System\EMXLgAr.exe
  C:\Windows\System\EMXLgAr.exe
  2⤵
  PID:8768
- C:\Windows\System\VGeyJHf.exe
  C:\Windows\System\VGeyJHf.exe
  2⤵
  PID:8884
- C:\Windows\System\jHFZkMg.exe
  C:\Windows\System\jHFZkMg.exe
  2⤵
  PID:2424
- C:\Windows\System\QDCJTkP.exe
  C:\Windows\System\QDCJTkP.exe
  2⤵
  PID:6068
- C:\Windows\System\vUpnVtr.exe
  C:\Windows\System\vUpnVtr.exe
  2⤵
  PID:8992
- C:\Windows\System\SXmVMnr.exe
  C:\Windows\System\SXmVMnr.exe
  2⤵
  PID:9052
- C:\Windows\System\auKCGOe.exe
  C:\Windows\System\auKCGOe.exe
  2⤵
  PID:7164
- C:\Windows\System\yOewHbp.exe
  C:\Windows\System\yOewHbp.exe
  2⤵
  PID:6656
- C:\Windows\System\KDNjbBv.exe
  C:\Windows\System\KDNjbBv.exe
  2⤵
  PID:2728
- C:\Windows\System\lUAdqHU.exe
  C:\Windows\System\lUAdqHU.exe
  2⤵
  PID:7420
- C:\Windows\System\unEqVmo.exe
  C:\Windows\System\unEqVmo.exe
  2⤵
  PID:3068
- C:\Windows\System\IRJEJZk.exe
  C:\Windows\System\IRJEJZk.exe
  2⤵
  PID:2076
- C:\Windows\System\EEoeOvc.exe
  C:\Windows\System\EEoeOvc.exe
  2⤵
  PID:1556
- C:\Windows\System\MrhTnph.exe
  C:\Windows\System\MrhTnph.exe
  2⤵
  PID:9220
- C:\Windows\System\DjkGACF.exe
  C:\Windows\System\DjkGACF.exe
  2⤵
  PID:9240
- C:\Windows\System\MukbbFA.exe
  C:\Windows\System\MukbbFA.exe
  2⤵
  PID:9256
- C:\Windows\System\UtihMPE.exe
  C:\Windows\System\UtihMPE.exe
  2⤵
  PID:9272
- C:\Windows\System\nquYeSG.exe
  C:\Windows\System\nquYeSG.exe
  2⤵
  PID:9288
- C:\Windows\System\YTfypVg.exe
  C:\Windows\System\YTfypVg.exe
  2⤵
  PID:9304
- C:\Windows\System\YmkXfHH.exe
  C:\Windows\System\YmkXfHH.exe
  2⤵
  PID:9320
- C:\Windows\System\HwYynQx.exe
  C:\Windows\System\HwYynQx.exe
  2⤵
  PID:9336
- C:\Windows\System\kvyNERn.exe
  C:\Windows\System\kvyNERn.exe
  2⤵
  PID:9352
- C:\Windows\System\cPLIalc.exe
  C:\Windows\System\cPLIalc.exe
  2⤵
  PID:9368
- C:\Windows\System\sqfTCwQ.exe
  C:\Windows\System\sqfTCwQ.exe
  2⤵
  PID:9384
- C:\Windows\System\JCgZpaV.exe
  C:\Windows\System\JCgZpaV.exe
  2⤵
  PID:9404
- C:\Windows\System\BTjQLof.exe
  C:\Windows\System\BTjQLof.exe
  2⤵
  PID:9420
- C:\Windows\System\xJCxICo.exe
  C:\Windows\System\xJCxICo.exe
  2⤵
  PID:9436
- C:\Windows\System\udInaYt.exe
  C:\Windows\System\udInaYt.exe
  2⤵
  PID:9452
- C:\Windows\System\RMBbJcV.exe
  C:\Windows\System\RMBbJcV.exe
  2⤵
  PID:9468
- C:\Windows\System\LAvfcbD.exe
  C:\Windows\System\LAvfcbD.exe
  2⤵
  PID:9484
- C:\Windows\System\GwcmsKj.exe
  C:\Windows\System\GwcmsKj.exe
  2⤵
  PID:9508
- C:\Windows\System\FIvnaKo.exe
  C:\Windows\System\FIvnaKo.exe
  2⤵
  PID:9524
- C:\Windows\System\ucmhFyF.exe
  C:\Windows\System\ucmhFyF.exe
  2⤵
  PID:9540
- C:\Windows\System\LGvkcSV.exe
  C:\Windows\System\LGvkcSV.exe
  2⤵
  PID:9556
- C:\Windows\System\kzapFwR.exe
  C:\Windows\System\kzapFwR.exe
  2⤵
  PID:9572
- C:\Windows\System\MFQkRla.exe
  C:\Windows\System\MFQkRla.exe
  2⤵
  PID:9588
- C:\Windows\System\sQIMhgs.exe
  C:\Windows\System\sQIMhgs.exe
  2⤵
  PID:9604
- C:\Windows\System\eAVMcXG.exe
  C:\Windows\System\eAVMcXG.exe
  2⤵
  PID:9620
- C:\Windows\System\CazxdtZ.exe
  C:\Windows\System\CazxdtZ.exe
  2⤵
  PID:9636
- C:\Windows\System\mOBgLet.exe
  C:\Windows\System\mOBgLet.exe
  2⤵
  PID:9652
- C:\Windows\System\eatCAvy.exe
  C:\Windows\System\eatCAvy.exe
  2⤵
  PID:9668
- C:\Windows\System\RyYjmcu.exe
  C:\Windows\System\RyYjmcu.exe
  2⤵
  PID:9684
- C:\Windows\System\oqmudvR.exe
  C:\Windows\System\oqmudvR.exe
  2⤵
  PID:9700
- C:\Windows\System\soSpYJu.exe
  C:\Windows\System\soSpYJu.exe
  2⤵
  PID:9716
- C:\Windows\System\QyQdvOJ.exe
  C:\Windows\System\QyQdvOJ.exe
  2⤵
  PID:9732
- C:\Windows\System\WHRlTOy.exe
  C:\Windows\System\WHRlTOy.exe
  2⤵
  PID:9748
- C:\Windows\System\WqWbrcR.exe
  C:\Windows\System\WqWbrcR.exe
  2⤵
  PID:9764
- C:\Windows\System\fpDtVQf.exe
  C:\Windows\System\fpDtVQf.exe
  2⤵
  PID:9780
- C:\Windows\System\BUNarqW.exe
  C:\Windows\System\BUNarqW.exe
  2⤵
  PID:9796
- C:\Windows\System\RFYWErG.exe
  C:\Windows\System\RFYWErG.exe
  2⤵
  PID:9816
- C:\Windows\System\GdUBndv.exe
  C:\Windows\System\GdUBndv.exe
  2⤵
  PID:9836
- C:\Windows\System\OraDXOP.exe
  C:\Windows\System\OraDXOP.exe
  2⤵
  PID:9852
- C:\Windows\System\vpmVzZy.exe
  C:\Windows\System\vpmVzZy.exe
  2⤵
  PID:9868
- C:\Windows\System\wXUaFGm.exe
  C:\Windows\System\wXUaFGm.exe
  2⤵
  PID:9884
- C:\Windows\System\nWsWwcl.exe
  C:\Windows\System\nWsWwcl.exe
  2⤵
  PID:9948
- C:\Windows\System\LfjTofD.exe
  C:\Windows\System\LfjTofD.exe
  2⤵
  PID:9968
- C:\Windows\System\KJfwHTk.exe
  C:\Windows\System\KJfwHTk.exe
  2⤵
  PID:9984
- C:\Windows\System\CnzmsGp.exe
  C:\Windows\System\CnzmsGp.exe
  2⤵
  PID:10000
- C:\Windows\System\FkqpqnP.exe
  C:\Windows\System\FkqpqnP.exe
  2⤵
  PID:10064
- C:\Windows\System\pDVfKpI.exe
  C:\Windows\System\pDVfKpI.exe
  2⤵
  PID:10084
- C:\Windows\System\pBNklhX.exe
  C:\Windows\System\pBNklhX.exe
  2⤵
  PID:10100
- C:\Windows\System\BRFgvDs.exe
  C:\Windows\System\BRFgvDs.exe
  2⤵
  PID:10128
- C:\Windows\System\YuqvNOR.exe
  C:\Windows\System\YuqvNOR.exe
  2⤵
  PID:10144
- C:\Windows\System\CxiNsMV.exe
  C:\Windows\System\CxiNsMV.exe
  2⤵
  PID:10164
- C:\Windows\System\ESzePru.exe
  C:\Windows\System\ESzePru.exe
  2⤵
  PID:10180
- C:\Windows\System\wcFYwvq.exe
  C:\Windows\System\wcFYwvq.exe
  2⤵
  PID:10196
- C:\Windows\System\ONCHyGM.exe
  C:\Windows\System\ONCHyGM.exe
  2⤵
  PID:10212
- C:\Windows\System\VbiWMfM.exe
  C:\Windows\System\VbiWMfM.exe
  2⤵
  PID:10228
- C:\Windows\System\qmBPMwd.exe
  C:\Windows\System\qmBPMwd.exe
  2⤵
  PID:1736
- C:\Windows\System\lPhVzzk.exe
  C:\Windows\System\lPhVzzk.exe
  2⤵
  PID:3012
- C:\Windows\System\IGANVPW.exe
  C:\Windows\System\IGANVPW.exe
  2⤵
  PID:9280
- C:\Windows\System\vEhUnVI.exe
  C:\Windows\System\vEhUnVI.exe
  2⤵
  PID:9232
- C:\Windows\System\eFthwWO.exe
  C:\Windows\System\eFthwWO.exe
  2⤵
  PID:7584
- C:\Windows\System\rsZrPjT.exe
  C:\Windows\System\rsZrPjT.exe
  2⤵
  PID:8956
- C:\Windows\System\OFWQPiu.exe
  C:\Windows\System\OFWQPiu.exe
  2⤵
  PID:2508
- C:\Windows\System\PyTxQkt.exe
  C:\Windows\System\PyTxQkt.exe
  2⤵
  PID:8804
- C:\Windows\System\eHNcodU.exe
  C:\Windows\System\eHNcodU.exe
  2⤵
  PID:9344
- C:\Windows\System\aPtcMLD.exe
  C:\Windows\System\aPtcMLD.exe
  2⤵
  PID:9412
- C:\Windows\System\SMGUkRv.exe
  C:\Windows\System\SMGUkRv.exe
  2⤵
  PID:9328
- C:\Windows\System\GJcEMeG.exe
  C:\Windows\System\GJcEMeG.exe
  2⤵
  PID:9392
- C:\Windows\System\YuVsVZj.exe
  C:\Windows\System\YuVsVZj.exe
  2⤵
  PID:9444
- C:\Windows\System\wdSdeXY.exe
  C:\Windows\System\wdSdeXY.exe
  2⤵
  PID:9480
- C:\Windows\System\cOqRihN.exe
  C:\Windows\System\cOqRihN.exe
  2⤵
  PID:9520
- C:\Windows\System\YcaAyZs.exe
  C:\Windows\System\YcaAyZs.exe
  2⤵
  PID:9552
- C:\Windows\System\DBVeLmG.exe
  C:\Windows\System\DBVeLmG.exe
  2⤵
  PID:9496
- C:\Windows\System\WrmuZhz.exe
  C:\Windows\System\WrmuZhz.exe
  2⤵
  PID:9564
- C:\Windows\System\KqgMkqV.exe
  C:\Windows\System\KqgMkqV.exe
  2⤵
  PID:9612
- C:\Windows\System\pMesPee.exe
  C:\Windows\System\pMesPee.exe
  2⤵
  PID:9676
- C:\Windows\System\iJDASsW.exe
  C:\Windows\System\iJDASsW.exe
  2⤵
  PID:9632
- C:\Windows\System\IeccocQ.exe
  C:\Windows\System\IeccocQ.exe
  2⤵
  PID:9696
- C:\Windows\System\rqaULrB.exe
  C:\Windows\System\rqaULrB.exe
  2⤵
  PID:9744
- C:\Windows\System\plVsvaK.exe
  C:\Windows\System\plVsvaK.exe
  2⤵
  PID:9756
- C:\Windows\System\VXPuAPl.exe
  C:\Windows\System\VXPuAPl.exe
  2⤵
  PID:9724
- C:\Windows\System\PbGMRBk.exe
  C:\Windows\System\PbGMRBk.exe
  2⤵
  PID:9844
- C:\Windows\System\ZugHSoV.exe
  C:\Windows\System\ZugHSoV.exe
  2⤵
  PID:9860
- C:\Windows\System\QPROFkL.exe
  C:\Windows\System\QPROFkL.exe
  2⤵
  PID:9880
- C:\Windows\System\dDSzqPH.exe
  C:\Windows\System\dDSzqPH.exe
  2⤵
  PID:9900
- C:\Windows\System\hkBEOSQ.exe
  C:\Windows\System\hkBEOSQ.exe
  2⤵
  PID:9916
- C:\Windows\System\ltpUmvQ.exe
  C:\Windows\System\ltpUmvQ.exe
  2⤵
  PID:9936
- C:\Windows\System\ZrBmHgq.exe
  C:\Windows\System\ZrBmHgq.exe
  2⤵
  PID:9992
- C:\Windows\System\oiypHLh.exe
  C:\Windows\System\oiypHLh.exe
  2⤵
  PID:10016
- C:\Windows\System\FKMkcdg.exe
  C:\Windows\System\FKMkcdg.exe
  2⤵
  PID:10092
- C:\Windows\System\raljYbt.exe
  C:\Windows\System\raljYbt.exe
  2⤵
  PID:10124
- C:\Windows\System\HZUsMKl.exe
  C:\Windows\System\HZUsMKl.exe
  2⤵
  PID:10236
- C:\Windows\System\yzCpPkr.exe
  C:\Windows\System\yzCpPkr.exe
  2⤵
  PID:9264
- C:\Windows\System\goneVjD.exe
  C:\Windows\System\goneVjD.exe
  2⤵
  PID:9236
- C:\Windows\System\Yxczjqw.exe
  C:\Windows\System\Yxczjqw.exe
  2⤵
  PID:9380
- C:\Windows\System\pNvoyBf.exe
  C:\Windows\System\pNvoyBf.exe
  2⤵
  PID:9300
- C:\Windows\System\WPmfJbG.exe
  C:\Windows\System\WPmfJbG.exe
  2⤵
  PID:9504
- C:\Windows\System\BjicHML.exe
  C:\Windows\System\BjicHML.exe
  2⤵
  PID:9648
- C:\Windows\System\qJytEqF.exe
  C:\Windows\System\qJytEqF.exe
  2⤵
  PID:2808
- C:\Windows\System\IsOQwRJ.exe
  C:\Windows\System\IsOQwRJ.exe
  2⤵
  PID:9708
- C:\Windows\System\rBUMPVO.exe
  C:\Windows\System\rBUMPVO.exe
  2⤵
  PID:9532
- C:\Windows\System\NsGFrxM.exe
  C:\Windows\System\NsGFrxM.exe
  2⤵
  PID:9788
- C:\Windows\System\IPmmWRq.exe
  C:\Windows\System\IPmmWRq.exe
  2⤵
  PID:9904
- C:\Windows\System\HAxNnwv.exe
  C:\Windows\System\HAxNnwv.exe
  2⤵
  PID:9956
- C:\Windows\System\ZdZLNEN.exe
  C:\Windows\System\ZdZLNEN.exe
  2⤵
  PID:10020
- C:\Windows\System\mxIzikb.exe
  C:\Windows\System\mxIzikb.exe
  2⤵
  PID:9228
- C:\Windows\System\QdIBhWC.exe
  C:\Windows\System\QdIBhWC.exe
  2⤵
  PID:10044
- C:\Windows\System\qqTwCnu.exe
  C:\Windows\System\qqTwCnu.exe
  2⤵
  PID:1008
- C:\Windows\System\zKvECsf.exe
  C:\Windows\System\zKvECsf.exe
  2⤵
  PID:10120
- C:\Windows\System\CBNTWpI.exe
  C:\Windows\System\CBNTWpI.exe
  2⤵
  PID:10140
- C:\Windows\System\vDSbhim.exe
  C:\Windows\System\vDSbhim.exe
  2⤵
  PID:10172
- C:\Windows\System\rPUHDda.exe
  C:\Windows\System\rPUHDda.exe
  2⤵
  PID:10220
- C:\Windows\System\JFLuiCD.exe
  C:\Windows\System\JFLuiCD.exe
  2⤵
  PID:1872
- C:\Windows\System\ubqjLcQ.exe
  C:\Windows\System\ubqjLcQ.exe
  2⤵
  PID:9312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AygZfpP.exe

Filesize
6.0MB

MD5
06efb32bee8ad24973ab368e38e817d2

SHA1
cdc5b0c03f354d30fbecc61c196d0a26d9813239

SHA256
b0f4d14b9b4e626a4c1cef5ac6029f02ef15afca3eed0965aaee54df52026b6a

SHA512
7df43adce25dcfde3ce14a52b6e5c28479227fbb3ab38e06fe6279f9c07c4c86805f1a367468507b049c1f791189744b467fad1218c182766f509e5a89f942cc

Download Submit
C:\Windows\system\CUunqXz.exe

Filesize
6.0MB

MD5
c03388d3e76dd4c25922f02035998585

SHA1
7a1314889a75cf7d6015f19dae8ce134f78ba951

SHA256
2baace55c50223710cf462ffe28d82900a64f20cc13c409e1da54116b1f8132d

SHA512
bcdb31ccba9760cc4b8efb5c4bc394b88084e1a4cbdbf6f47b23882924e53ab6d5ad2f27113391d46aac3b78838f37e06d1e0b2700c9f24a3b550e4176ef608f

Download Submit
C:\Windows\system\CqpZnoQ.exe

Filesize
6.0MB

MD5
98c6a4c363b0725455cfa7cc7f86c598

SHA1
9d46cc161a0b73f3874745b4a60871c3386e605f

SHA256
53e76ab1a10b7e4726905cf4dd4be0fb98818ad309bcbdefc4dec430c15e1ed0

SHA512
46ccd73792fc0828595ef7d9ab55464f9be430da3dab8af4282491196d46fb25fa07b88fb549c6e345a1c1f858182dc0aec0eb7b9e1a537a7e39afecfd869181

Download Submit
C:\Windows\system\GVujjWp.exe

Filesize
6.0MB

MD5
6fd1d13f1a8ea6a5d67a8e477e871131

SHA1
ca1c2d56335601ed6d1e87c85897f894e1266ec2

SHA256
ef248730c76bf66cccf47de23081f81ffa94329e69006ebc53a16bc4a2c242d9

SHA512
70e327a7bed292a82c827dbe02908a808ca1f1411d65e551fbfb5eeb183512b48377edf59b591fd97d8c4010e7f2530482089baa8761e3479c44fe94eadae98a

Download Submit
C:\Windows\system\JGkiONk.exe

Filesize
6.0MB

MD5
efd797d9af7af3686edf18e19144ce1e

SHA1
e4c02a41c19f34e781787ab91e145886c31e0531

SHA256
2af04c5d450996c339a8ab88ddccdf1b60c10b09ce21d37807f0fb6e0ef17f24

SHA512
cd5c5d77ccb4e80132a3ba8074b4fe22b0209e86825e9188b6a8dd2ba01476cf0774d17fdb7cc8aa878709dd9b2b133d161288fbfff8a9fbca1c6ad62af0ba18

Download Submit
C:\Windows\system\KPjbPuz.exe

Filesize
6.0MB

MD5
6463288164bc584e768e07abd5447ea0

SHA1
bc288a01b25f501df0c5eb0bfba2b1838791485a

SHA256
4c32d90b6c3190718b107e538011d9a9472bcf5a5ff458b04117d48518559d18

SHA512
69e49f4e1b46bcd9d7c80cff00b493593736b84b2c7ec0c502f365e5871093d498eede92b7ba1e5067ea71a5490afd41533b5337a64ea9ffa336a335ec62cc70

Download Submit
C:\Windows\system\LWOmZHO.exe

Filesize
6.0MB

MD5
143228983efe1789ce1ad8e18109c865

SHA1
22b074b11af8244acdfba751a0b11cb3112abe91

SHA256
5cab428002fd935cfa0ce114ac4a543a02d440c52a4fef7b228d263daf5bbffe

SHA512
5d36b339cc02aced10715fc2633143e4ea7a7569c54f18ef4ac83da6173924b08fa653c3e8c4a901c236ed631aef3ce1824f3613581612dfc47cb067acb402e7

Download Submit
C:\Windows\system\MqKTxpF.exe

Filesize
6.0MB

MD5
3eed50f993841596db34f39f7507d823

SHA1
3866b73954e2fbb68163814f0c25dae4454a0608

SHA256
448fdb01a753a406a189f5f3ddc27bc95dc706cf3ab8a2f0d4856bf6e2c686b7

SHA512
c1e4715042c2e71e6430334fa7c31b4d756cd4c043eb4d67d4b14527afa1f2aa3cd77540e0e789aee8ea30da9f475be769e509ca95e6efa750c024b0ecc31820

Download Submit
C:\Windows\system\OifWKnj.exe

Filesize
6.0MB

MD5
cc36af0e5e49bdc4a81e725a2e500b69

SHA1
b9b85c162d42da3ac9a3afa08e8df25556ac42e5

SHA256
98e9ec76bcbd517afb770cde129f7f6a77fee96addb28648a6968c2b7d7466e1

SHA512
6bbbc2b9acc94b170e21bc9880d5a8e672b1c64cf34ffb5a772695bd1550643d59dee3884fef1bffaea010d75eba3b665fcbf63aec9644f7ef322277b5f8f215

Download Submit
C:\Windows\system\QbIqHIM.exe

Filesize
6.0MB

MD5
8012de805d8d26f926a33dcc7a4a3aa8

SHA1
844b5b75894f9aa31803b0d019913fd14e2d3eb0

SHA256
050d47478c5f47beb7d2df9871f4b0baba447c97a05dc5e1a61b100d4478aeb7

SHA512
50cf0f9cfdda2cf1a6320a2487811f18cf13d696521b47ac8b3df1f8fffcd4d6ac8da6be43a295c38acbfd6d7c20007d36e8037a193df7bc24d4d3c6dcca6cf2

Download Submit
C:\Windows\system\RJaxVyz.exe

Filesize
6.0MB

MD5
ec9c7089313e02f807878af35aeb1999

SHA1
be06f3eb477a049f7757f97a2c74bafe8e9b229e

SHA256
0f87a634729fa36def829bef99d6cf6d44bb2bf5069ce61a049c4ca860e40136

SHA512
4f0184d51fab3d2690fcb19235f93c9bda6a46c7bfb45e6fd68b39f6c889c46cc6e8c35bef06a822ba0965a60ad00c20ed411efdb72d09ac436a716049ba6071

Download Submit
C:\Windows\system\RpYifCc.exe

Filesize
6.0MB

MD5
895f51dfbb4c78ae3234f9f6bfb8bdc9

SHA1
8f651af6d6056fa9cda7273b9e99e2bc42485c85

SHA256
d6a3c0398e77eba7851d4e912f24f107e56e8f09076883238a304fa5835d3600

SHA512
8cad0918e4ea46e81603c6bb834a782b84bef33694faba55b68a73830f241ba91e12f0fe665fc4b666392d46dbbf8440adf99878f172337ed2844cfa34ff2322

Download Submit
C:\Windows\system\VCCxvVt.exe

Filesize
6.0MB

MD5
b100d43d8183ff2011f7efacd6f0435e

SHA1
78d58dffdb63c1b9ee669e2063104a97da9d4483

SHA256
dc8523f44ff5e961a9b8c11e6aaa1e9e229cd1fa86268cb86bb23eb30195e52d

SHA512
8cdd9098cafed4db850ac8c3334c9767cb3317a04ef81b0412b4746440fbb32bc7b28d4fea3f1d3e9a220ce4f633258ec4e196a963c3562b618422d0167ce221

Download Submit
C:\Windows\system\VDiSXaJ.exe

Filesize
6.0MB

MD5
da5094e1805e9a98b6b6025cfec45d0b

SHA1
cbd6407bb3f26895762cc6e8907c73893890f9a6

SHA256
ab3a5be3c4de02414151e7ad40201af95941cafefca2118acb70200477353a26

SHA512
9dc9f86e858c2a37188fddea5e22bf9cf9d7534b7ab282ea3c2318a8fc625a3433297e8fd6c96490c34d5958a26f26c1d486b0319d010b6c04457ca346427c54

Download Submit
C:\Windows\system\VNIaBzZ.exe

Filesize
6.0MB

MD5
e999d4a4998764a27cafa26e9f647295

SHA1
156c9d97fa3ac2451091f020bdcccb3819163e5a

SHA256
a2ed3cc0042c8b80038f579651f6aec0e6609bbe38543d6db73bf83e8ca93f68

SHA512
addbf6452a36ab01ca308736cf3a954fb5254ab10a3cfbf506169baf176c9f9718dbd8cc496d69f09830fd20d62224aa505bd1f2e714b36eaf668b4e599b103b

Download Submit
C:\Windows\system\VOhqZfM.exe

Filesize
6.0MB

MD5
4cf000c112dcc234ff1448d518c9bb32

SHA1
ad5defed592300d113d6d1ae198ded21e3285e4d

SHA256
cd124d72a633ebdd70ba7ac645bfc5328ce0f22ede3e0f55a2159cdeb85d01c1

SHA512
2955a6f633d25c3e884bf2bd0493f1e1d96f0a5cd7dabd5b11818b348dca5af763fa671483845eaf5fb8231a19de9852f544bcd539893bcc18aae505633eb8a0

Download Submit
C:\Windows\system\XINDgJA.exe

Filesize
6.0MB

MD5
5d34e12a80d09f76a0e78389abbb1696

SHA1
02996c462c658372c02b98f707e1a244f2f7be42

SHA256
236763b702d1f60b29a3ed5f8cd5718acb7bd560154dcaa3b3a7ad0b493b58a3

SHA512
c2f64c6c394d44ac626c4eb45c4b377e6af1574efd29a705461f6283d821e92789334374969212eae6f974179df89021f4df56e446df1e1f913c9fe9bcdc90f8

Download Submit
C:\Windows\system\XojzKdt.exe

Filesize
6.0MB

MD5
0f8a759be9ef2d40b81fbbc7abd4b9ca

SHA1
08243e88a01c79223a158ee5622998c826405990

SHA256
e3c23e9f44d4bc82cfca474c38b31b7ea644b3fe71ec7d81a9c4bb294016b088

SHA512
9aa156f7f1c49c30c807fcc5bd6f8cf8d3626b25dd8ec3f17ce9937a9fe669a20e67d8be5237e53cb5e0dd2f28fc185ee3a2a8b650f7610aff1fcddc6d4f8e46

Download Submit
C:\Windows\system\aOwlkWb.exe

Filesize
6.0MB

MD5
5d13abc69a74ba2ff5b9dc6096b4c798

SHA1
c74f960cc155d48384f5761c18255890e78ede25

SHA256
0a7b4aa8f19334c4b311e0cdede529ab0eaa52bca1a52f9b6f5416907e0a6ad6

SHA512
ab6bb2ab84313b4c1c91f8625ab13bc80823a16289f5a88b7d2777b15038788c5e18904706ede6346d52758f7a314c39213b50f0825405d137309a0bf91e0ebc

Download Submit
C:\Windows\system\bFuhrTD.exe

Filesize
6.0MB

MD5
d76fef240577166fd1a3e702835cc0d4

SHA1
12285320a3d9c3beb2dc8b5cb40989d8eab45970

SHA256
545b0c612a6409c5cf425b0d7479cbf54cf2444a1e45faaed0f47e7a5cc4b74d

SHA512
ca3a71ed4e34991c8ac0ae53ab886470a4cca77d4c328e33656f112cb8e5af00cca1fcff26c82db77833405874aeafde512a2f911aae56e1b0fa5b5095d332b0

Download Submit
C:\Windows\system\bewjGnq.exe

Filesize
6.0MB

MD5
57423a602e27132d9fff11d6b1341166

SHA1
1bcb2da519373c2eebb8ae3f93dc8171f438bb77

SHA256
6bd238546153813ea3964095b3437b7bfb7dea02f10f5586cdcd52c30f05617d

SHA512
2559bbb644c48a1296b9effc3aad845bd659f0a497fe2d4cb7fa727ef19ab5b880ab0ac0d6e299ec447e1be80a1dfbcbff5c272590a21238b56bd48bf1c5ced0

Download Submit
C:\Windows\system\ekDHZXo.exe

Filesize
6.0MB

MD5
1a2cab84198acb1826599dbcaf2c0030

SHA1
19d870b541775f2068ba22363dbac04db5267054

SHA256
0c50df969614a74ec6c534874fa46687273f976a64cdec6171473fd3c73bc403

SHA512
70c92e6cfceab3428a153ff9052b2c12a4cb9c63d1ca25b2e9c49730f4eeb9e9681c00c4c5cf73b0d2d8d878f8976991aded94e6bfa367fe01926bf558beb6bc

Download Submit
C:\Windows\system\oYzbHpX.exe

Filesize
6.0MB

MD5
1d43a92d8dacdbbf48d7739bd503462a

SHA1
08027c878c175a96426aaaae1326801343a9a7a5

SHA256
c27555ec3603739e23ff4f19afd84054c1087f991b700272414f51d50a93921b

SHA512
a4424e5c46fe0142bf211fcedf0ece884fff579ee1df771fe637441305303aa0d86e1296c8e4c38b29d05531c037ad417ad3da5b1408f559ccf56323bd30e207

Download Submit
C:\Windows\system\sIGKZli.exe

Filesize
6.0MB

MD5
f8a3add6fd781803970bc002e44518bb

SHA1
0051234e85c43c10365f40ed0c38fbe6d785a28e

SHA256
cdcf296df509209dfecfb4828a28ecbec5588c6a655975e85fdcc98e5743c162

SHA512
0650f6a8c37594c2de02280a24bbc52f9843d24fabadf633f4c2d1a97061d30821cd6f8baa114e0770318b6ef120cfe2a8a3716ac56406b0ac3f7bf066340a18

Download Submit
C:\Windows\system\xgqLgtP.exe

Filesize
6.0MB

MD5
02185a5301d41c39a3773eefbaa6796e

SHA1
e6a50bfb572a51360a02c002753d757956dd38d3

SHA256
a212549dbc1c71d8c4ce63adb429e4366c1af6ffb6fd3f534d4b5748bacfdbf3

SHA512
25bd59ff2f8fce38cf1f9656160aa9e8686fb80ec277aa813274ca03824f90d1073d478c75681ecf4420d445779f5691d67cbfd446067fa9b9b8a022056f3e9b

Download Submit
C:\Windows\system\zYvupCw.exe

Filesize
6.0MB

MD5
cecab607c1273e795aa59e136c1150de

SHA1
f604d01c31079bc783700acc9c2fa190dbcce48f

SHA256
61ed2036fca8893b0993c195d4be73b2c045ba100ff044f13a7b6e14e5a2707b

SHA512
6c8778f51c33039c003056dc29693abba60b5ac31f288dc87d6b63232fc3b646073dc3a14277c4a6066a9a94cc3006288bd672e69cb8d5de058498e6924c0976

Download Submit
C:\Windows\system\ztnNcsu.exe

Filesize
6.0MB

MD5
5a2418ce207a02656d94bc5866cdc179

SHA1
99af7ba7dcaa906ce785400da1bc8b94e57daad7

SHA256
4ea9744ec4a060134ca80dc97c9653e00761d618c893507fbab5baf2d47f05c7

SHA512
7d225019b6123af96cb93c5e52d6cd05e418281043e2053053ce9ed754b82593936e97a74c1bf1cdac1c28ae204934d8cff008bfcf3b1d7c4083fbd622875580

Download Submit
\Windows\system\ZBWwvfn.exe

Filesize
6.0MB

MD5
eb66ba69630fd4216d176dd4a4ebc8eb

SHA1
ee662a2ed2eb892015322da33fbf1d4ef8f4f63f

SHA256
927d4a97346ade03aecbfcefa8d6f0bb777f36eb0ccb7ed747c5833f06fe9388

SHA512
fe08bac1fde07d8279fccd8e56b120a1fcc573a67f7835fb1490f5e68c5fe4e69d3c623ccc162285a589df7bf8362ddae7d9ae6c25d7a5387b0d52bd8409a6e3

Download Submit
\Windows\system\aEaRlPF.exe

Filesize
6.0MB

MD5
f61f9fa7ffab20885778d946d2f8cbef

SHA1
3de93f4ee8c4fd4dd6c673c57691936b4716e25d

SHA256
b1cfa8380bad733ccaa25180cc4be86da59b42376b9388c41188ce0bb23b306b

SHA512
68a8fd0228c732b23c7bfd6d277b8282ac14639bab43f9f3711a46cd459cb1b2881cae077c30f0964f6b80e140c3cb0edfeb2f050ac484d21a932420d6e58cb1

Download Submit
\Windows\system\aZRqsxi.exe

Filesize
6.0MB

MD5
5a11d43ef2472ab7f2f4eb46850abcf7

SHA1
a1d87ee289b525497ce00d620a4f418c07dd49aa

SHA256
a8f7ee342b58d709706ce7be5060c9aadb51c84e6e1e1859d2d746d8235b814a

SHA512
a505307e2f2caa3e25ad746abe39e2df6bc527933a9cace9e02e748570ca4231007566c05f1e1c4ac457cf8fbcc0648d15873f11da60311cb05a517c2c742fe2

Download Submit
\Windows\system\dkTFobj.exe

Filesize
6.0MB

MD5
3a5b00ea49d59e6434b743f44141b14e

SHA1
3ec82133457f32d515a303166f5750abb2739250

SHA256
5a16e496e60c971e2073c76a6d19ccf4244ae66c5818376597f26f1830bfd4a9

SHA512
ddc948201bdcb15c8a5dceb401fdae012028849099624a7ec48dfe5d49a42bf6ba8387080d1d6cef3008a792a01cd1c69d2d28e22e40b0ad9c9e7f295126e773

Download Submit
\Windows\system\mqYHejh.exe

Filesize
6.0MB

MD5
692f5598dc6389bc12387f8ba5cefd13

SHA1
c5762b7bf9879e271cd83100905d3a25857d381c

SHA256
99ca327c6d62fb56ad49e7c9c76e7c7f56d62ea576662ff4247d90bb36025f72

SHA512
c5f6becb0dc2427991f62299008abf55ac4916ae6619987d1f98c82641eedebcaf14d0a2e2a1a3d424f3118ed278dd68936548d332f8f8748c0d9ebbd0c4d443

Download Submit
memory/1020-4039-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-1064-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-100-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-4016-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-27-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-92-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1864-3999-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1864-838-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1948-578-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-82-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-4036-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1398-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-75-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2168-81-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2168-91-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2168-114-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-12-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-0-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-50-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2168-26-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1063-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-99-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-38-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2168-577-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2168-33-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-70-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-67-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2168-66-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2168-62-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2168-101-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2328-28-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2328-4034-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2528-23-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-69-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3994-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-93-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2716-41-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4033-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2880-34-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-83-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3988-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-76-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4035-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3990-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2904-58-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2904-98-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2944-71-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3989-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4018-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2952-387-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2952-77-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3992-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-24-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download