cobaltstrike | 4e44abea7e65fd828fce17bd39d1eaf32b777a681b397bec2f60ef7f65630c21

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

21fa717d7904402cf5dfd52a80398185
SHA1

840184211bde01f6715eb9bf19aec77be8fdae70
SHA256

4e44abea7e65fd828fce17bd39d1eaf32b777a681b397bec2f60ef7f65630c21
SHA512

24d8c6c122bda44dc4485c0f1b8eb381484e18095ba435292b9c188a66938ec39cffd896cd6fa8e46ed7eabd76904d0d7925608ad35bb91869ec692ed267554c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016307-9.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001658c-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016aa9-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c84-45.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000015f81-57.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-71.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c62-69.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-66.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-161.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-157.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-153.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-137.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-119.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-113.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/files/0x00080000000161f6-13.dat	xmrig
behavioral1/memory/2820-14-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2748-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016307-9.dat	xmrig
behavioral1/files/0x000800000001658c-22.dat	xmrig
behavioral1/memory/2796-27-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000016aa9-32.dat	xmrig
behavioral1/files/0x0008000000016c84-45.dat	xmrig
behavioral1/files/0x0036000000015f81-57.dat	xmrig
behavioral1/memory/3068-61-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3068-39-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173da-71.dat	xmrig
behavioral1/files/0x0007000000016c62-69.dat	xmrig
behavioral1/files/0x0007000000016855-66.dat	xmrig
behavioral1/memory/3068-65-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2820-64-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-62.dat	xmrig
behavioral1/memory/2668-52-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2768-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/3068-38-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2756-21-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/3068-56-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2748-46-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/3068-23-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fc-80.dat	xmrig
behavioral1/files/0x00060000000173f4-84.dat	xmrig
behavioral1/memory/2656-82-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-89.dat	xmrig
behavioral1/files/0x0005000000018792-134.dat	xmrig
behavioral1/files/0x00050000000191ff-163.dat	xmrig
behavioral1/memory/2768-273-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2796-272-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0005000000019256-177.dat	xmrig
behavioral1/files/0x0005000000019244-173.dat	xmrig
behavioral1/files/0x000500000001922c-169.dat	xmrig
behavioral1/files/0x00050000000191d4-161.dat	xmrig
behavioral1/files/0x00060000000190e0-157.dat	xmrig
behavioral1/files/0x00060000000190ce-153.dat	xmrig
behavioral1/files/0x000600000001903b-149.dat	xmrig
behavioral1/files/0x0006000000018f53-145.dat	xmrig
behavioral1/files/0x0006000000018c26-141.dat	xmrig
behavioral1/files/0x0006000000018c1a-137.dat	xmrig
behavioral1/files/0x000d00000001866e-133.dat	xmrig
behavioral1/files/0x0006000000017525-132.dat	xmrig
behavioral1/memory/2700-130-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/3068-129-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/3068-128-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2756-127-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2884-126-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2624-125-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000018687-119.dat	xmrig
behavioral1/files/0x0014000000018663-115.dat	xmrig
behavioral1/files/0x00060000000174a2-114.dat	xmrig
behavioral1/files/0x0006000000017472-113.dat	xmrig
behavioral1/memory/2296-98-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2668-3253-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2748-3536-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2196-3546-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2796-3578-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2756-3579-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2820-3580-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2668-3582-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	VqdTbfH.exe
2820	YjKBmPa.exe
2756	mjhIEit.exe
2796	gQiKcDF.exe
2768	xIznhyJ.exe
2668	WHpiHeD.exe
2196	grsaEXD.exe
2624	yOkUuCk.exe
2656	kNobDQf.exe
2296	CpAAHyM.exe
2884	tdxOWKF.exe
2700	JjzHAUA.exe
2852	oKGozbN.exe
2352	dVxbfNk.exe
2896	vOjhLBV.exe
2664	Vksfzjw.exe
2520	wfFLLPM.exe
316	gNJoEHw.exe
1972	riPWJlj.exe
2344	JsnOpDy.exe
660	WXfDdcs.exe
1900	QVfSnqh.exe
1556	dLLTCmZ.exe
544	RczAGOf.exe
908	AtpwKfA.exe
3020	QkSZkkp.exe
2456	OVTVJtP.exe
2236	WnQhOBz.exe
2792	Jsuzacq.exe
2176	nXYguRI.exe
748	HWNCiqr.exe
1080	qrIWQzZ.exe
2448	iZFSXNI.exe
1964	KZkTNNo.exe
448	GElNvta.exe
1076	EqRTmcb.exe
1232	kThJDnL.exe
1348	vreUwyJ.exe
800	IRXoOWr.exe
1696	TEWtJlv.exe
1536	RdzpTbj.exe
1784	yfEUqGX.exe
1756	qHjeVBE.exe
2400	JtkOOGD.exe
2376	bTImUSt.exe
892	lnCmMxU.exe
628	ZhCNppp.exe
560	gRFLCxL.exe
2528	MPrtHjJ.exe
692	fSuWWDE.exe
2868	MUtLlPd.exe
2548	dcfwoHX.exe
2300	TGueHgR.exe
988	VdqydAh.exe
2392	ntlsyDh.exe
2200	EdNnEJA.exe
2096	PVpAcBU.exe
872	AVnsGZC.exe
1520	psaXNSz.exe
868	iADaDnm.exe
2208	GjtRDqc.exe
2080	ONOKrGO.exe
1568	vLVKEbU.exe
1592	dRVhlyC.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/files/0x00080000000161f6-13.dat	upx
behavioral1/memory/2820-14-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2748-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0008000000016307-9.dat	upx
behavioral1/files/0x000800000001658c-22.dat	upx
behavioral1/memory/2796-27-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0007000000016aa9-32.dat	upx
behavioral1/files/0x0008000000016c84-45.dat	upx
behavioral1/files/0x0036000000015f81-57.dat	upx
behavioral1/memory/3068-61-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00080000000173da-71.dat	upx
behavioral1/files/0x0007000000016c62-69.dat	upx
behavioral1/files/0x0007000000016855-66.dat	upx
behavioral1/memory/3068-65-0x00000000023C0000-0x0000000002714000-memory.dmp	upx
behavioral1/memory/2820-64-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000173f1-62.dat	upx
behavioral1/memory/2668-52-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2768-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/3068-38-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2756-21-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/3068-56-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2748-46-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-80.dat	upx
behavioral1/files/0x00060000000173f4-84.dat	upx
behavioral1/memory/2656-82-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0006000000017487-89.dat	upx
behavioral1/files/0x0005000000018792-134.dat	upx
behavioral1/files/0x00050000000191ff-163.dat	upx
behavioral1/memory/2768-273-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2796-272-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0005000000019256-177.dat	upx
behavioral1/files/0x0005000000019244-173.dat	upx
behavioral1/files/0x000500000001922c-169.dat	upx
behavioral1/files/0x00050000000191d4-161.dat	upx
behavioral1/files/0x00060000000190e0-157.dat	upx
behavioral1/files/0x00060000000190ce-153.dat	upx
behavioral1/files/0x000600000001903b-149.dat	upx
behavioral1/files/0x0006000000018f53-145.dat	upx
behavioral1/files/0x0006000000018c26-141.dat	upx
behavioral1/files/0x0006000000018c1a-137.dat	upx
behavioral1/files/0x000d00000001866e-133.dat	upx
behavioral1/files/0x0006000000017525-132.dat	upx
behavioral1/memory/2700-130-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2756-127-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2884-126-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2624-125-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000018687-119.dat	upx
behavioral1/files/0x0014000000018663-115.dat	upx
behavioral1/files/0x00060000000174a2-114.dat	upx
behavioral1/files/0x0006000000017472-113.dat	upx
behavioral1/memory/2296-98-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2668-3253-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2748-3536-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2196-3546-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2796-3578-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2756-3579-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2820-3580-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2668-3582-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2196-3588-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2624-3595-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2768-3589-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2296-3599-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rgjACYq.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUwRVqq.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVEZsXR.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNihjvR.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypvzExk.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLRSbYG.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEAudEx.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKLlqjf.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHjeVBE.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCMUMSY.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYSFhyU.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEpeCla.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeotAxn.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUYieTM.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUbiYPR.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TycQVyK.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULiNxxN.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPXIDFC.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcVDxkW.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUiKVQN.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scGZKlQ.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsfRZJS.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEJwKQq.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONOKrGO.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFeDGQC.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDSypxM.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYHKIXy.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTEAtte.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieoamNt.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meZBcUZ.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrLsnmY.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsXxTIF.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOZIxZm.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdSJHHn.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGnNVsH.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnKufTE.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddysIum.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZyWitm.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bprdCqY.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZcpeoY.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZAvSRQ.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvgIaAY.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSTQjxe.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSMuKDh.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjcncWn.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnYRqRX.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfTmXQl.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxLtjBw.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPTixuf.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXYguRI.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsRPITV.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcDfdYw.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKnHTrL.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDWFaCx.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWNrlNA.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wREsUuO.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnCmMxU.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqaZFrS.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAbGhgK.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVgKVHW.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMJSyax.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXjaGoT.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeoBMvT.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUHQBQm.exe	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2748	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2748	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2748	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2820	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2820	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2820	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2756	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2756	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2756	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2796	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2796	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2796	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2624	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2624	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2624	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2768	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2768	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2768	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2656	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2656	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2656	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2668	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2668	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2668	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2296	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2296	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2296	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2196	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2196	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2196	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2884	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2884	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2884	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2700	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2700	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2700	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2520	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2520	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2520	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2852	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2852	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2852	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 316	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 316	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 316	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 2352	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2352	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2352	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 1972	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 1972	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 1972	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2896	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2896	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2896	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2344	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2344	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2344	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2664	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2664	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2664	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 660	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 660	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 660	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1900	3068	2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_21fa717d7904402cf5dfd52a80398185_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\VqdTbfH.exe
  C:\Windows\System\VqdTbfH.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\YjKBmPa.exe
  C:\Windows\System\YjKBmPa.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\mjhIEit.exe
  C:\Windows\System\mjhIEit.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\gQiKcDF.exe
  C:\Windows\System\gQiKcDF.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\yOkUuCk.exe
  C:\Windows\System\yOkUuCk.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\xIznhyJ.exe
  C:\Windows\System\xIznhyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\kNobDQf.exe
  C:\Windows\System\kNobDQf.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\WHpiHeD.exe
  C:\Windows\System\WHpiHeD.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\CpAAHyM.exe
  C:\Windows\System\CpAAHyM.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\grsaEXD.exe
  C:\Windows\System\grsaEXD.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\tdxOWKF.exe
  C:\Windows\System\tdxOWKF.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\JjzHAUA.exe
  C:\Windows\System\JjzHAUA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\wfFLLPM.exe
  C:\Windows\System\wfFLLPM.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\oKGozbN.exe
  C:\Windows\System\oKGozbN.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\gNJoEHw.exe
  C:\Windows\System\gNJoEHw.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\dVxbfNk.exe
  C:\Windows\System\dVxbfNk.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\riPWJlj.exe
  C:\Windows\System\riPWJlj.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\vOjhLBV.exe
  C:\Windows\System\vOjhLBV.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\JsnOpDy.exe
  C:\Windows\System\JsnOpDy.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\Vksfzjw.exe
  C:\Windows\System\Vksfzjw.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\WXfDdcs.exe
  C:\Windows\System\WXfDdcs.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\QVfSnqh.exe
  C:\Windows\System\QVfSnqh.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\dLLTCmZ.exe
  C:\Windows\System\dLLTCmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\RczAGOf.exe
  C:\Windows\System\RczAGOf.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\AtpwKfA.exe
  C:\Windows\System\AtpwKfA.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\QkSZkkp.exe
  C:\Windows\System\QkSZkkp.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\OVTVJtP.exe
  C:\Windows\System\OVTVJtP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\WnQhOBz.exe
  C:\Windows\System\WnQhOBz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\Jsuzacq.exe
  C:\Windows\System\Jsuzacq.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\nXYguRI.exe
  C:\Windows\System\nXYguRI.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\HWNCiqr.exe
  C:\Windows\System\HWNCiqr.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\qrIWQzZ.exe
  C:\Windows\System\qrIWQzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\iZFSXNI.exe
  C:\Windows\System\iZFSXNI.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\KZkTNNo.exe
  C:\Windows\System\KZkTNNo.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\GElNvta.exe
  C:\Windows\System\GElNvta.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\EqRTmcb.exe
  C:\Windows\System\EqRTmcb.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\kThJDnL.exe
  C:\Windows\System\kThJDnL.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\vreUwyJ.exe
  C:\Windows\System\vreUwyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\IRXoOWr.exe
  C:\Windows\System\IRXoOWr.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\TEWtJlv.exe
  C:\Windows\System\TEWtJlv.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\RdzpTbj.exe
  C:\Windows\System\RdzpTbj.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\yfEUqGX.exe
  C:\Windows\System\yfEUqGX.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\qHjeVBE.exe
  C:\Windows\System\qHjeVBE.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\JtkOOGD.exe
  C:\Windows\System\JtkOOGD.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\bTImUSt.exe
  C:\Windows\System\bTImUSt.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\lnCmMxU.exe
  C:\Windows\System\lnCmMxU.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ZhCNppp.exe
  C:\Windows\System\ZhCNppp.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\gRFLCxL.exe
  C:\Windows\System\gRFLCxL.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\MPrtHjJ.exe
  C:\Windows\System\MPrtHjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\fSuWWDE.exe
  C:\Windows\System\fSuWWDE.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\MUtLlPd.exe
  C:\Windows\System\MUtLlPd.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\dcfwoHX.exe
  C:\Windows\System\dcfwoHX.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\TGueHgR.exe
  C:\Windows\System\TGueHgR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\VdqydAh.exe
  C:\Windows\System\VdqydAh.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\ntlsyDh.exe
  C:\Windows\System\ntlsyDh.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\EdNnEJA.exe
  C:\Windows\System\EdNnEJA.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\PVpAcBU.exe
  C:\Windows\System\PVpAcBU.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\AVnsGZC.exe
  C:\Windows\System\AVnsGZC.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\psaXNSz.exe
  C:\Windows\System\psaXNSz.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\iADaDnm.exe
  C:\Windows\System\iADaDnm.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\GjtRDqc.exe
  C:\Windows\System\GjtRDqc.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\ONOKrGO.exe
  C:\Windows\System\ONOKrGO.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\vLVKEbU.exe
  C:\Windows\System\vLVKEbU.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\dRVhlyC.exe
  C:\Windows\System\dRVhlyC.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\fgnGPiP.exe
  C:\Windows\System\fgnGPiP.exe
  2⤵
  PID:2160
- C:\Windows\System\ExRsqYw.exe
  C:\Windows\System\ExRsqYw.exe
  2⤵
  PID:2800
- C:\Windows\System\LnkwzRe.exe
  C:\Windows\System\LnkwzRe.exe
  2⤵
  PID:2856
- C:\Windows\System\xHQEQam.exe
  C:\Windows\System\xHQEQam.exe
  2⤵
  PID:2824
- C:\Windows\System\JiwbTPD.exe
  C:\Windows\System\JiwbTPD.exe
  2⤵
  PID:2020
- C:\Windows\System\cGnNVsH.exe
  C:\Windows\System\cGnNVsH.exe
  2⤵
  PID:2876
- C:\Windows\System\DIOLFlN.exe
  C:\Windows\System\DIOLFlN.exe
  2⤵
  PID:2620
- C:\Windows\System\HmUFDvw.exe
  C:\Windows\System\HmUFDvw.exe
  2⤵
  PID:2272
- C:\Windows\System\ZaJkbDQ.exe
  C:\Windows\System\ZaJkbDQ.exe
  2⤵
  PID:2100
- C:\Windows\System\wGfhuXW.exe
  C:\Windows\System\wGfhuXW.exe
  2⤵
  PID:2804
- C:\Windows\System\aaxwMbQ.exe
  C:\Windows\System\aaxwMbQ.exe
  2⤵
  PID:2724
- C:\Windows\System\MZSkxUr.exe
  C:\Windows\System\MZSkxUr.exe
  2⤵
  PID:296
- C:\Windows\System\TOtQSKA.exe
  C:\Windows\System\TOtQSKA.exe
  2⤵
  PID:2596
- C:\Windows\System\vvhdGme.exe
  C:\Windows\System\vvhdGme.exe
  2⤵
  PID:1720
- C:\Windows\System\LqSzEQx.exe
  C:\Windows\System\LqSzEQx.exe
  2⤵
  PID:2812
- C:\Windows\System\NcYTzHl.exe
  C:\Windows\System\NcYTzHl.exe
  2⤵
  PID:1572
- C:\Windows\System\PRbCTcb.exe
  C:\Windows\System\PRbCTcb.exe
  2⤵
  PID:2988
- C:\Windows\System\RnAAZjf.exe
  C:\Windows\System\RnAAZjf.exe
  2⤵
  PID:2224
- C:\Windows\System\JZvbRCF.exe
  C:\Windows\System\JZvbRCF.exe
  2⤵
  PID:2452
- C:\Windows\System\kJuvPvK.exe
  C:\Windows\System\kJuvPvK.exe
  2⤵
  PID:1788
- C:\Windows\System\ixcljiR.exe
  C:\Windows\System\ixcljiR.exe
  2⤵
  PID:1928
- C:\Windows\System\NIJEJby.exe
  C:\Windows\System\NIJEJby.exe
  2⤵
  PID:2504
- C:\Windows\System\jfWtTHP.exe
  C:\Windows\System\jfWtTHP.exe
  2⤵
  PID:1492
- C:\Windows\System\APZzkhc.exe
  C:\Windows\System\APZzkhc.exe
  2⤵
  PID:2124
- C:\Windows\System\KUiKVQN.exe
  C:\Windows\System\KUiKVQN.exe
  2⤵
  PID:484
- C:\Windows\System\PDVkkGF.exe
  C:\Windows\System\PDVkkGF.exe
  2⤵
  PID:1268
- C:\Windows\System\maDsroC.exe
  C:\Windows\System\maDsroC.exe
  2⤵
  PID:2052
- C:\Windows\System\fibQqMp.exe
  C:\Windows\System\fibQqMp.exe
  2⤵
  PID:1768
- C:\Windows\System\anBYsrG.exe
  C:\Windows\System\anBYsrG.exe
  2⤵
  PID:2436
- C:\Windows\System\lBprkoB.exe
  C:\Windows\System\lBprkoB.exe
  2⤵
  PID:2464
- C:\Windows\System\vToVYKf.exe
  C:\Windows\System\vToVYKf.exe
  2⤵
  PID:904
- C:\Windows\System\fwQteto.exe
  C:\Windows\System\fwQteto.exe
  2⤵
  PID:2432
- C:\Windows\System\RyKdYld.exe
  C:\Windows\System\RyKdYld.exe
  2⤵
  PID:1624
- C:\Windows\System\IfLTHnr.exe
  C:\Windows\System\IfLTHnr.exe
  2⤵
  PID:956
- C:\Windows\System\YcwlApI.exe
  C:\Windows\System\YcwlApI.exe
  2⤵
  PID:1764
- C:\Windows\System\BLZpDyf.exe
  C:\Windows\System\BLZpDyf.exe
  2⤵
  PID:1664
- C:\Windows\System\ylGeAnJ.exe
  C:\Windows\System\ylGeAnJ.exe
  2⤵
  PID:1652
- C:\Windows\System\iYUuGET.exe
  C:\Windows\System\iYUuGET.exe
  2⤵
  PID:844
- C:\Windows\System\NByeImr.exe
  C:\Windows\System\NByeImr.exe
  2⤵
  PID:2212
- C:\Windows\System\yABhbsl.exe
  C:\Windows\System\yABhbsl.exe
  2⤵
  PID:1052
- C:\Windows\System\zUumWJh.exe
  C:\Windows\System\zUumWJh.exe
  2⤵
  PID:1044
- C:\Windows\System\hExlYxR.exe
  C:\Windows\System\hExlYxR.exe
  2⤵
  PID:1844
- C:\Windows\System\KVtcHJq.exe
  C:\Windows\System\KVtcHJq.exe
  2⤵
  PID:2072
- C:\Windows\System\XQQBnXn.exe
  C:\Windows\System\XQQBnXn.exe
  2⤵
  PID:1736
- C:\Windows\System\TTEAtte.exe
  C:\Windows\System\TTEAtte.exe
  2⤵
  PID:2240
- C:\Windows\System\fpFEGiT.exe
  C:\Windows\System\fpFEGiT.exe
  2⤵
  PID:1588
- C:\Windows\System\gIKOKWx.exe
  C:\Windows\System\gIKOKWx.exe
  2⤵
  PID:1692
- C:\Windows\System\YyNOzGm.exe
  C:\Windows\System\YyNOzGm.exe
  2⤵
  PID:2904
- C:\Windows\System\scGZKlQ.exe
  C:\Windows\System\scGZKlQ.exe
  2⤵
  PID:2716
- C:\Windows\System\GbHSOiP.exe
  C:\Windows\System\GbHSOiP.exe
  2⤵
  PID:2264
- C:\Windows\System\BNZUjPh.exe
  C:\Windows\System\BNZUjPh.exe
  2⤵
  PID:1804
- C:\Windows\System\NoEYxnV.exe
  C:\Windows\System\NoEYxnV.exe
  2⤵
  PID:2636
- C:\Windows\System\ieoamNt.exe
  C:\Windows\System\ieoamNt.exe
  2⤵
  PID:3004
- C:\Windows\System\irnEweO.exe
  C:\Windows\System\irnEweO.exe
  2⤵
  PID:2740
- C:\Windows\System\nqwbKCt.exe
  C:\Windows\System\nqwbKCt.exe
  2⤵
  PID:2112
- C:\Windows\System\JLnuApS.exe
  C:\Windows\System\JLnuApS.exe
  2⤵
  PID:2488
- C:\Windows\System\HCbeqQz.exe
  C:\Windows\System\HCbeqQz.exe
  2⤵
  PID:2312
- C:\Windows\System\dmblLip.exe
  C:\Windows\System\dmblLip.exe
  2⤵
  PID:2888
- C:\Windows\System\NfgAHpl.exe
  C:\Windows\System\NfgAHpl.exe
  2⤵
  PID:2908
- C:\Windows\System\NtqfOJH.exe
  C:\Windows\System\NtqfOJH.exe
  2⤵
  PID:2952
- C:\Windows\System\ACYSDvY.exe
  C:\Windows\System\ACYSDvY.exe
  2⤵
  PID:580
- C:\Windows\System\GsRPITV.exe
  C:\Windows\System\GsRPITV.exe
  2⤵
  PID:2248
- C:\Windows\System\nPPgPWn.exe
  C:\Windows\System\nPPgPWn.exe
  2⤵
  PID:2184
- C:\Windows\System\RXPyLPk.exe
  C:\Windows\System\RXPyLPk.exe
  2⤵
  PID:332
- C:\Windows\System\CbGJqRY.exe
  C:\Windows\System\CbGJqRY.exe
  2⤵
  PID:1356
- C:\Windows\System\zwngSbA.exe
  C:\Windows\System\zwngSbA.exe
  2⤵
  PID:2192
- C:\Windows\System\GTSZjyt.exe
  C:\Windows\System\GTSZjyt.exe
  2⤵
  PID:356
- C:\Windows\System\CPAxnFL.exe
  C:\Windows\System\CPAxnFL.exe
  2⤵
  PID:3032
- C:\Windows\System\TqyThSw.exe
  C:\Windows\System\TqyThSw.exe
  2⤵
  PID:268
- C:\Windows\System\sKQSEjh.exe
  C:\Windows\System\sKQSEjh.exe
  2⤵
  PID:1600
- C:\Windows\System\PUrrSDf.exe
  C:\Windows\System\PUrrSDf.exe
  2⤵
  PID:2832
- C:\Windows\System\bKGqvXi.exe
  C:\Windows\System\bKGqvXi.exe
  2⤵
  PID:2616
- C:\Windows\System\uSMuKDh.exe
  C:\Windows\System\uSMuKDh.exe
  2⤵
  PID:2892
- C:\Windows\System\TimVMhP.exe
  C:\Windows\System\TimVMhP.exe
  2⤵
  PID:2720
- C:\Windows\System\OuSYDap.exe
  C:\Windows\System\OuSYDap.exe
  2⤵
  PID:1904
- C:\Windows\System\wZDVdEN.exe
  C:\Windows\System\wZDVdEN.exe
  2⤵
  PID:2880
- C:\Windows\System\oaxSKSK.exe
  C:\Windows\System\oaxSKSK.exe
  2⤵
  PID:2964
- C:\Windows\System\zHsZQxX.exe
  C:\Windows\System\zHsZQxX.exe
  2⤵
  PID:3000
- C:\Windows\System\yclwjoF.exe
  C:\Windows\System\yclwjoF.exe
  2⤵
  PID:1848
- C:\Windows\System\YGCRtuv.exe
  C:\Windows\System\YGCRtuv.exe
  2⤵
  PID:1544
- C:\Windows\System\PJMdQaO.exe
  C:\Windows\System\PJMdQaO.exe
  2⤵
  PID:1284
- C:\Windows\System\CwKcDwz.exe
  C:\Windows\System\CwKcDwz.exe
  2⤵
  PID:3052
- C:\Windows\System\nWWmwOx.exe
  C:\Windows\System\nWWmwOx.exe
  2⤵
  PID:2840
- C:\Windows\System\Uxyjyzr.exe
  C:\Windows\System\Uxyjyzr.exe
  2⤵
  PID:3088
- C:\Windows\System\AbIbCWl.exe
  C:\Windows\System\AbIbCWl.exe
  2⤵
  PID:3104
- C:\Windows\System\aUoqulS.exe
  C:\Windows\System\aUoqulS.exe
  2⤵
  PID:3120
- C:\Windows\System\hxBCDdV.exe
  C:\Windows\System\hxBCDdV.exe
  2⤵
  PID:3136
- C:\Windows\System\aumHCGm.exe
  C:\Windows\System\aumHCGm.exe
  2⤵
  PID:3152
- C:\Windows\System\EydeCJe.exe
  C:\Windows\System\EydeCJe.exe
  2⤵
  PID:3168
- C:\Windows\System\ATXkBuu.exe
  C:\Windows\System\ATXkBuu.exe
  2⤵
  PID:3184
- C:\Windows\System\hbzQZyT.exe
  C:\Windows\System\hbzQZyT.exe
  2⤵
  PID:3200
- C:\Windows\System\RgYuYcr.exe
  C:\Windows\System\RgYuYcr.exe
  2⤵
  PID:3216
- C:\Windows\System\BpjFuxb.exe
  C:\Windows\System\BpjFuxb.exe
  2⤵
  PID:3232
- C:\Windows\System\TCdtAPe.exe
  C:\Windows\System\TCdtAPe.exe
  2⤵
  PID:3248
- C:\Windows\System\YKxPAZp.exe
  C:\Windows\System\YKxPAZp.exe
  2⤵
  PID:3264
- C:\Windows\System\DowkEFt.exe
  C:\Windows\System\DowkEFt.exe
  2⤵
  PID:3280
- C:\Windows\System\MJwHFwd.exe
  C:\Windows\System\MJwHFwd.exe
  2⤵
  PID:3296
- C:\Windows\System\AmZIZDQ.exe
  C:\Windows\System\AmZIZDQ.exe
  2⤵
  PID:3312
- C:\Windows\System\MgSvmbc.exe
  C:\Windows\System\MgSvmbc.exe
  2⤵
  PID:3328
- C:\Windows\System\OfQVXZs.exe
  C:\Windows\System\OfQVXZs.exe
  2⤵
  PID:3344
- C:\Windows\System\XvXNKhs.exe
  C:\Windows\System\XvXNKhs.exe
  2⤵
  PID:3360
- C:\Windows\System\aUYieTM.exe
  C:\Windows\System\aUYieTM.exe
  2⤵
  PID:3376
- C:\Windows\System\wLAiAdX.exe
  C:\Windows\System\wLAiAdX.exe
  2⤵
  PID:3392
- C:\Windows\System\rcDfdYw.exe
  C:\Windows\System\rcDfdYw.exe
  2⤵
  PID:3408
- C:\Windows\System\lRyncUH.exe
  C:\Windows\System\lRyncUH.exe
  2⤵
  PID:3424
- C:\Windows\System\fCtraWg.exe
  C:\Windows\System\fCtraWg.exe
  2⤵
  PID:3440
- C:\Windows\System\qcPGHTl.exe
  C:\Windows\System\qcPGHTl.exe
  2⤵
  PID:3456
- C:\Windows\System\VZanmVk.exe
  C:\Windows\System\VZanmVk.exe
  2⤵
  PID:3472
- C:\Windows\System\ubLmkDw.exe
  C:\Windows\System\ubLmkDw.exe
  2⤵
  PID:3488
- C:\Windows\System\Ntayzba.exe
  C:\Windows\System\Ntayzba.exe
  2⤵
  PID:3504
- C:\Windows\System\rebHmbt.exe
  C:\Windows\System\rebHmbt.exe
  2⤵
  PID:3520
- C:\Windows\System\KSZCxYo.exe
  C:\Windows\System\KSZCxYo.exe
  2⤵
  PID:3536
- C:\Windows\System\MnusgzL.exe
  C:\Windows\System\MnusgzL.exe
  2⤵
  PID:3552
- C:\Windows\System\gFEyDkH.exe
  C:\Windows\System\gFEyDkH.exe
  2⤵
  PID:3568
- C:\Windows\System\FCEDJpC.exe
  C:\Windows\System\FCEDJpC.exe
  2⤵
  PID:3584
- C:\Windows\System\ZeXzRfq.exe
  C:\Windows\System\ZeXzRfq.exe
  2⤵
  PID:3600
- C:\Windows\System\syjXxYz.exe
  C:\Windows\System\syjXxYz.exe
  2⤵
  PID:3616
- C:\Windows\System\bntdSUz.exe
  C:\Windows\System\bntdSUz.exe
  2⤵
  PID:3632
- C:\Windows\System\LNBCVuo.exe
  C:\Windows\System\LNBCVuo.exe
  2⤵
  PID:3648
- C:\Windows\System\XuQKFzA.exe
  C:\Windows\System\XuQKFzA.exe
  2⤵
  PID:3664
- C:\Windows\System\woGUuDB.exe
  C:\Windows\System\woGUuDB.exe
  2⤵
  PID:3680
- C:\Windows\System\WIUocdk.exe
  C:\Windows\System\WIUocdk.exe
  2⤵
  PID:3696
- C:\Windows\System\uCyPeZF.exe
  C:\Windows\System\uCyPeZF.exe
  2⤵
  PID:3712
- C:\Windows\System\mwvzMGP.exe
  C:\Windows\System\mwvzMGP.exe
  2⤵
  PID:3728
- C:\Windows\System\ddysIum.exe
  C:\Windows\System\ddysIum.exe
  2⤵
  PID:3744
- C:\Windows\System\XGFSgEQ.exe
  C:\Windows\System\XGFSgEQ.exe
  2⤵
  PID:3760
- C:\Windows\System\ENLaJeS.exe
  C:\Windows\System\ENLaJeS.exe
  2⤵
  PID:3776
- C:\Windows\System\UWdYWan.exe
  C:\Windows\System\UWdYWan.exe
  2⤵
  PID:3792
- C:\Windows\System\mhTKIRs.exe
  C:\Windows\System\mhTKIRs.exe
  2⤵
  PID:3808
- C:\Windows\System\ZmxCWUu.exe
  C:\Windows\System\ZmxCWUu.exe
  2⤵
  PID:3824
- C:\Windows\System\HDwfnJZ.exe
  C:\Windows\System\HDwfnJZ.exe
  2⤵
  PID:3840
- C:\Windows\System\rulhQgH.exe
  C:\Windows\System\rulhQgH.exe
  2⤵
  PID:3856
- C:\Windows\System\rKZArkm.exe
  C:\Windows\System\rKZArkm.exe
  2⤵
  PID:3872
- C:\Windows\System\hZyWitm.exe
  C:\Windows\System\hZyWitm.exe
  2⤵
  PID:3888
- C:\Windows\System\rflRydo.exe
  C:\Windows\System\rflRydo.exe
  2⤵
  PID:3904
- C:\Windows\System\OOUDDdi.exe
  C:\Windows\System\OOUDDdi.exe
  2⤵
  PID:3920
- C:\Windows\System\LkNofQZ.exe
  C:\Windows\System\LkNofQZ.exe
  2⤵
  PID:3936
- C:\Windows\System\oCIKigB.exe
  C:\Windows\System\oCIKigB.exe
  2⤵
  PID:3952
- C:\Windows\System\NntprUT.exe
  C:\Windows\System\NntprUT.exe
  2⤵
  PID:3968
- C:\Windows\System\JfqYjIP.exe
  C:\Windows\System\JfqYjIP.exe
  2⤵
  PID:3984
- C:\Windows\System\paoFfEx.exe
  C:\Windows\System\paoFfEx.exe
  2⤵
  PID:4000
- C:\Windows\System\AAmIcUQ.exe
  C:\Windows\System\AAmIcUQ.exe
  2⤵
  PID:4016
- C:\Windows\System\idlccNw.exe
  C:\Windows\System\idlccNw.exe
  2⤵
  PID:4032
- C:\Windows\System\CRbrnor.exe
  C:\Windows\System\CRbrnor.exe
  2⤵
  PID:4048
- C:\Windows\System\UbYgzxA.exe
  C:\Windows\System\UbYgzxA.exe
  2⤵
  PID:4064
- C:\Windows\System\tGKkunY.exe
  C:\Windows\System\tGKkunY.exe
  2⤵
  PID:4080
- C:\Windows\System\FzdRVlf.exe
  C:\Windows\System\FzdRVlf.exe
  2⤵
  PID:1728
- C:\Windows\System\tSXeHTN.exe
  C:\Windows\System\tSXeHTN.exe
  2⤵
  PID:2652
- C:\Windows\System\RxxHuIx.exe
  C:\Windows\System\RxxHuIx.exe
  2⤵
  PID:840
- C:\Windows\System\HftClWX.exe
  C:\Windows\System\HftClWX.exe
  2⤵
  PID:2428
- C:\Windows\System\jWjKBuy.exe
  C:\Windows\System\jWjKBuy.exe
  2⤵
  PID:3028
- C:\Windows\System\WRjABRR.exe
  C:\Windows\System\WRjABRR.exe
  2⤵
  PID:2564
- C:\Windows\System\ntdOSha.exe
  C:\Windows\System\ntdOSha.exe
  2⤵
  PID:3084
- C:\Windows\System\wrdVbEU.exe
  C:\Windows\System\wrdVbEU.exe
  2⤵
  PID:3112
- C:\Windows\System\ykbNwGq.exe
  C:\Windows\System\ykbNwGq.exe
  2⤵
  PID:3164
- C:\Windows\System\XAaEmgR.exe
  C:\Windows\System\XAaEmgR.exe
  2⤵
  PID:3176
- C:\Windows\System\jgBoFhq.exe
  C:\Windows\System\jgBoFhq.exe
  2⤵
  PID:3228
- C:\Windows\System\SpWGTSP.exe
  C:\Windows\System\SpWGTSP.exe
  2⤵
  PID:3240
- C:\Windows\System\BkTwTZM.exe
  C:\Windows\System\BkTwTZM.exe
  2⤵
  PID:3292
- C:\Windows\System\NdHZrnz.exe
  C:\Windows\System\NdHZrnz.exe
  2⤵
  PID:3352
- C:\Windows\System\sBAtIoI.exe
  C:\Windows\System\sBAtIoI.exe
  2⤵
  PID:3340
- C:\Windows\System\TwXmUxf.exe
  C:\Windows\System\TwXmUxf.exe
  2⤵
  PID:3368
- C:\Windows\System\DYwZVcZ.exe
  C:\Windows\System\DYwZVcZ.exe
  2⤵
  PID:3400
- C:\Windows\System\oBgBWZY.exe
  C:\Windows\System\oBgBWZY.exe
  2⤵
  PID:3432
- C:\Windows\System\GRzttSW.exe
  C:\Windows\System\GRzttSW.exe
  2⤵
  PID:3468
- C:\Windows\System\vZBahuW.exe
  C:\Windows\System\vZBahuW.exe
  2⤵
  PID:3516
- C:\Windows\System\uOrKbBW.exe
  C:\Windows\System\uOrKbBW.exe
  2⤵
  PID:3548
- C:\Windows\System\XghVcLt.exe
  C:\Windows\System\XghVcLt.exe
  2⤵
  PID:3564
- C:\Windows\System\xUbiYPR.exe
  C:\Windows\System\xUbiYPR.exe
  2⤵
  PID:3612
- C:\Windows\System\TEJHtdZ.exe
  C:\Windows\System\TEJHtdZ.exe
  2⤵
  PID:3628
- C:\Windows\System\jHlqDEy.exe
  C:\Windows\System\jHlqDEy.exe
  2⤵
  PID:3656
- C:\Windows\System\cQVMcnT.exe
  C:\Windows\System\cQVMcnT.exe
  2⤵
  PID:3708
- C:\Windows\System\AvSGTyJ.exe
  C:\Windows\System\AvSGTyJ.exe
  2⤵
  PID:3724
- C:\Windows\System\AfsGKQJ.exe
  C:\Windows\System\AfsGKQJ.exe
  2⤵
  PID:3772
- C:\Windows\System\faWzkUw.exe
  C:\Windows\System\faWzkUw.exe
  2⤵
  PID:3788
- C:\Windows\System\jfBPLFr.exe
  C:\Windows\System\jfBPLFr.exe
  2⤵
  PID:3820
- C:\Windows\System\VxZqpGu.exe
  C:\Windows\System\VxZqpGu.exe
  2⤵
  PID:3852
- C:\Windows\System\JfBTMod.exe
  C:\Windows\System\JfBTMod.exe
  2⤵
  PID:3900
- C:\Windows\System\PfDPAIE.exe
  C:\Windows\System\PfDPAIE.exe
  2⤵
  PID:3932
- C:\Windows\System\zvnWYXj.exe
  C:\Windows\System\zvnWYXj.exe
  2⤵
  PID:3948
- C:\Windows\System\AaNhhFD.exe
  C:\Windows\System\AaNhhFD.exe
  2⤵
  PID:3996
- C:\Windows\System\JxMCrVb.exe
  C:\Windows\System\JxMCrVb.exe
  2⤵
  PID:4056
- C:\Windows\System\cHzzXKP.exe
  C:\Windows\System\cHzzXKP.exe
  2⤵
  PID:4040
- C:\Windows\System\ZlAYugB.exe
  C:\Windows\System\ZlAYugB.exe
  2⤵
  PID:4092
- C:\Windows\System\NMguRdD.exe
  C:\Windows\System\NMguRdD.exe
  2⤵
  PID:2156
- C:\Windows\System\JmwgOLu.exe
  C:\Windows\System\JmwgOLu.exe
  2⤵
  PID:2492
- C:\Windows\System\nxzfVEW.exe
  C:\Windows\System\nxzfVEW.exe
  2⤵
  PID:2380
- C:\Windows\System\OISCtcX.exe
  C:\Windows\System\OISCtcX.exe
  2⤵
  PID:3132
- C:\Windows\System\QksbBvS.exe
  C:\Windows\System\QksbBvS.exe
  2⤵
  PID:3208
- C:\Windows\System\QiHwGVS.exe
  C:\Windows\System\QiHwGVS.exe
  2⤵
  PID:3260
- C:\Windows\System\hesrNCE.exe
  C:\Windows\System\hesrNCE.exe
  2⤵
  PID:3308
- C:\Windows\System\ilGHFch.exe
  C:\Windows\System\ilGHFch.exe
  2⤵
  PID:3420
- C:\Windows\System\mNKvMpj.exe
  C:\Windows\System\mNKvMpj.exe
  2⤵
  PID:3448
- C:\Windows\System\NdjBIzR.exe
  C:\Windows\System\NdjBIzR.exe
  2⤵
  PID:3496
- C:\Windows\System\bMGqcfr.exe
  C:\Windows\System\bMGqcfr.exe
  2⤵
  PID:3580
- C:\Windows\System\lbAARTr.exe
  C:\Windows\System\lbAARTr.exe
  2⤵
  PID:3660
- C:\Windows\System\eOvnGDa.exe
  C:\Windows\System\eOvnGDa.exe
  2⤵
  PID:3704
- C:\Windows\System\mlmBmQL.exe
  C:\Windows\System\mlmBmQL.exe
  2⤵
  PID:3756
- C:\Windows\System\xwZuIqZ.exe
  C:\Windows\System\xwZuIqZ.exe
  2⤵
  PID:3864
- C:\Windows\System\PmlygxY.exe
  C:\Windows\System\PmlygxY.exe
  2⤵
  PID:3884
- C:\Windows\System\wsItrRB.exe
  C:\Windows\System\wsItrRB.exe
  2⤵
  PID:3976
- C:\Windows\System\Atuolip.exe
  C:\Windows\System\Atuolip.exe
  2⤵
  PID:4024
- C:\Windows\System\asljPrr.exe
  C:\Windows\System\asljPrr.exe
  2⤵
  PID:4076
- C:\Windows\System\SUizNYJ.exe
  C:\Windows\System\SUizNYJ.exe
  2⤵
  PID:1944
- C:\Windows\System\nKqyEFG.exe
  C:\Windows\System\nKqyEFG.exe
  2⤵
  PID:3192
- C:\Windows\System\lDRyybo.exe
  C:\Windows\System\lDRyybo.exe
  2⤵
  PID:3256
- C:\Windows\System\zYaEAiM.exe
  C:\Windows\System\zYaEAiM.exe
  2⤵
  PID:3372
- C:\Windows\System\SANrVQZ.exe
  C:\Windows\System\SANrVQZ.exe
  2⤵
  PID:3608
- C:\Windows\System\twRhdvb.exe
  C:\Windows\System\twRhdvb.exe
  2⤵
  PID:348
- C:\Windows\System\rXjaGoT.exe
  C:\Windows\System\rXjaGoT.exe
  2⤵
  PID:2912
- C:\Windows\System\EoQBaem.exe
  C:\Windows\System\EoQBaem.exe
  2⤵
  PID:1084
- C:\Windows\System\GtPPvER.exe
  C:\Windows\System\GtPPvER.exe
  2⤵
  PID:3784
- C:\Windows\System\sjgcqso.exe
  C:\Windows\System\sjgcqso.exe
  2⤵
  PID:1352
- C:\Windows\System\JoXSzQL.exe
  C:\Windows\System\JoXSzQL.exe
  2⤵
  PID:3964
- C:\Windows\System\jIiVKsr.exe
  C:\Windows\System\jIiVKsr.exe
  2⤵
  PID:4060
- C:\Windows\System\ZMUmknP.exe
  C:\Windows\System\ZMUmknP.exe
  2⤵
  PID:3128
- C:\Windows\System\vCnkUed.exe
  C:\Windows\System\vCnkUed.exe
  2⤵
  PID:3144
- C:\Windows\System\KjfjdMR.exe
  C:\Windows\System\KjfjdMR.exe
  2⤵
  PID:3528
- C:\Windows\System\yFjbwoq.exe
  C:\Windows\System\yFjbwoq.exe
  2⤵
  PID:2932
- C:\Windows\System\vWVUpov.exe
  C:\Windows\System\vWVUpov.exe
  2⤵
  PID:3740
- C:\Windows\System\DzTLAHi.exe
  C:\Windows\System\DzTLAHi.exe
  2⤵
  PID:4108
- C:\Windows\System\RyoOsxn.exe
  C:\Windows\System\RyoOsxn.exe
  2⤵
  PID:4124
- C:\Windows\System\mjLVctS.exe
  C:\Windows\System\mjLVctS.exe
  2⤵
  PID:4140
- C:\Windows\System\GFXPzYj.exe
  C:\Windows\System\GFXPzYj.exe
  2⤵
  PID:4156
- C:\Windows\System\ExZJxPo.exe
  C:\Windows\System\ExZJxPo.exe
  2⤵
  PID:4172
- C:\Windows\System\InQFoqr.exe
  C:\Windows\System\InQFoqr.exe
  2⤵
  PID:4188
- C:\Windows\System\MJShgCE.exe
  C:\Windows\System\MJShgCE.exe
  2⤵
  PID:4204
- C:\Windows\System\vlRTsUU.exe
  C:\Windows\System\vlRTsUU.exe
  2⤵
  PID:4220
- C:\Windows\System\sTneIQY.exe
  C:\Windows\System\sTneIQY.exe
  2⤵
  PID:4236
- C:\Windows\System\wFsQbpy.exe
  C:\Windows\System\wFsQbpy.exe
  2⤵
  PID:4252
- C:\Windows\System\CszpBVl.exe
  C:\Windows\System\CszpBVl.exe
  2⤵
  PID:4268
- C:\Windows\System\SsCMwcY.exe
  C:\Windows\System\SsCMwcY.exe
  2⤵
  PID:4284
- C:\Windows\System\QZjAAif.exe
  C:\Windows\System\QZjAAif.exe
  2⤵
  PID:4300
- C:\Windows\System\jOFwsiU.exe
  C:\Windows\System\jOFwsiU.exe
  2⤵
  PID:4316
- C:\Windows\System\oySuvSx.exe
  C:\Windows\System\oySuvSx.exe
  2⤵
  PID:4332
- C:\Windows\System\HGmtNJv.exe
  C:\Windows\System\HGmtNJv.exe
  2⤵
  PID:4348
- C:\Windows\System\AXdvzMa.exe
  C:\Windows\System\AXdvzMa.exe
  2⤵
  PID:4364
- C:\Windows\System\MoUygRf.exe
  C:\Windows\System\MoUygRf.exe
  2⤵
  PID:4380
- C:\Windows\System\IUGOmlD.exe
  C:\Windows\System\IUGOmlD.exe
  2⤵
  PID:4396
- C:\Windows\System\yYUNKcj.exe
  C:\Windows\System\yYUNKcj.exe
  2⤵
  PID:4412
- C:\Windows\System\jsMnwhc.exe
  C:\Windows\System\jsMnwhc.exe
  2⤵
  PID:4428
- C:\Windows\System\UMJSyax.exe
  C:\Windows\System\UMJSyax.exe
  2⤵
  PID:4444
- C:\Windows\System\khBcDrJ.exe
  C:\Windows\System\khBcDrJ.exe
  2⤵
  PID:4460
- C:\Windows\System\kdRLRoA.exe
  C:\Windows\System\kdRLRoA.exe
  2⤵
  PID:4476
- C:\Windows\System\SmTNRAU.exe
  C:\Windows\System\SmTNRAU.exe
  2⤵
  PID:4492
- C:\Windows\System\YpqdWDn.exe
  C:\Windows\System\YpqdWDn.exe
  2⤵
  PID:4508
- C:\Windows\System\aCfYDaK.exe
  C:\Windows\System\aCfYDaK.exe
  2⤵
  PID:4524
- C:\Windows\System\lAVSPeD.exe
  C:\Windows\System\lAVSPeD.exe
  2⤵
  PID:4540
- C:\Windows\System\fzaCboA.exe
  C:\Windows\System\fzaCboA.exe
  2⤵
  PID:4556
- C:\Windows\System\jsbxRSN.exe
  C:\Windows\System\jsbxRSN.exe
  2⤵
  PID:4572
- C:\Windows\System\KANPZiS.exe
  C:\Windows\System\KANPZiS.exe
  2⤵
  PID:4588
- C:\Windows\System\gTjgkWm.exe
  C:\Windows\System\gTjgkWm.exe
  2⤵
  PID:4604
- C:\Windows\System\iDlUbiv.exe
  C:\Windows\System\iDlUbiv.exe
  2⤵
  PID:4620
- C:\Windows\System\moqCzuo.exe
  C:\Windows\System\moqCzuo.exe
  2⤵
  PID:4636
- C:\Windows\System\rYHKIXy.exe
  C:\Windows\System\rYHKIXy.exe
  2⤵
  PID:4652
- C:\Windows\System\mbrcBrI.exe
  C:\Windows\System\mbrcBrI.exe
  2⤵
  PID:4668
- C:\Windows\System\jXSjnwq.exe
  C:\Windows\System\jXSjnwq.exe
  2⤵
  PID:4684
- C:\Windows\System\IIwIOlu.exe
  C:\Windows\System\IIwIOlu.exe
  2⤵
  PID:4700
- C:\Windows\System\ysoiKeT.exe
  C:\Windows\System\ysoiKeT.exe
  2⤵
  PID:4716
- C:\Windows\System\wyYmPzi.exe
  C:\Windows\System\wyYmPzi.exe
  2⤵
  PID:4732
- C:\Windows\System\jSQSOpI.exe
  C:\Windows\System\jSQSOpI.exe
  2⤵
  PID:4748
- C:\Windows\System\fwgfJDk.exe
  C:\Windows\System\fwgfJDk.exe
  2⤵
  PID:4764
- C:\Windows\System\ufOPpsu.exe
  C:\Windows\System\ufOPpsu.exe
  2⤵
  PID:4780
- C:\Windows\System\LSHSmbL.exe
  C:\Windows\System\LSHSmbL.exe
  2⤵
  PID:4796
- C:\Windows\System\GSMtyOI.exe
  C:\Windows\System\GSMtyOI.exe
  2⤵
  PID:4812
- C:\Windows\System\fNTXxWG.exe
  C:\Windows\System\fNTXxWG.exe
  2⤵
  PID:4828
- C:\Windows\System\GVQiEJB.exe
  C:\Windows\System\GVQiEJB.exe
  2⤵
  PID:4844
- C:\Windows\System\XegJAMq.exe
  C:\Windows\System\XegJAMq.exe
  2⤵
  PID:4860
- C:\Windows\System\xqhTOLp.exe
  C:\Windows\System\xqhTOLp.exe
  2⤵
  PID:4876
- C:\Windows\System\rlOPQKs.exe
  C:\Windows\System\rlOPQKs.exe
  2⤵
  PID:4892
- C:\Windows\System\AFeDGQC.exe
  C:\Windows\System\AFeDGQC.exe
  2⤵
  PID:4908
- C:\Windows\System\RryIQeg.exe
  C:\Windows\System\RryIQeg.exe
  2⤵
  PID:4924
- C:\Windows\System\TavGxWx.exe
  C:\Windows\System\TavGxWx.exe
  2⤵
  PID:4940
- C:\Windows\System\gtHuSLX.exe
  C:\Windows\System\gtHuSLX.exe
  2⤵
  PID:4956
- C:\Windows\System\nmevQBz.exe
  C:\Windows\System\nmevQBz.exe
  2⤵
  PID:4972
- C:\Windows\System\QfXdJce.exe
  C:\Windows\System\QfXdJce.exe
  2⤵
  PID:4988
- C:\Windows\System\KBIRjSY.exe
  C:\Windows\System\KBIRjSY.exe
  2⤵
  PID:5004
- C:\Windows\System\cPUJDaq.exe
  C:\Windows\System\cPUJDaq.exe
  2⤵
  PID:5020
- C:\Windows\System\rFzvuys.exe
  C:\Windows\System\rFzvuys.exe
  2⤵
  PID:5036
- C:\Windows\System\Kfkdkah.exe
  C:\Windows\System\Kfkdkah.exe
  2⤵
  PID:5052
- C:\Windows\System\jqiuaQE.exe
  C:\Windows\System\jqiuaQE.exe
  2⤵
  PID:5068
- C:\Windows\System\rXgLkfC.exe
  C:\Windows\System\rXgLkfC.exe
  2⤵
  PID:5084
- C:\Windows\System\QWaLEMo.exe
  C:\Windows\System\QWaLEMo.exe
  2⤵
  PID:5100
- C:\Windows\System\WGbUUUk.exe
  C:\Windows\System\WGbUUUk.exe
  2⤵
  PID:5116
- C:\Windows\System\CCgAlvY.exe
  C:\Windows\System\CCgAlvY.exe
  2⤵
  PID:2680
- C:\Windows\System\ZJkhlQy.exe
  C:\Windows\System\ZJkhlQy.exe
  2⤵
  PID:3512
- C:\Windows\System\VdZcgmg.exe
  C:\Windows\System\VdZcgmg.exe
  2⤵
  PID:3768
- C:\Windows\System\ayVaPyN.exe
  C:\Windows\System\ayVaPyN.exe
  2⤵
  PID:4116
- C:\Windows\System\taAUVDf.exe
  C:\Windows\System\taAUVDf.exe
  2⤵
  PID:4148
- C:\Windows\System\JKVCcIN.exe
  C:\Windows\System\JKVCcIN.exe
  2⤵
  PID:4180
- C:\Windows\System\MZTaMPA.exe
  C:\Windows\System\MZTaMPA.exe
  2⤵
  PID:4212
- C:\Windows\System\ifxxkPX.exe
  C:\Windows\System\ifxxkPX.exe
  2⤵
  PID:4244
- C:\Windows\System\NOmEMlp.exe
  C:\Windows\System\NOmEMlp.exe
  2⤵
  PID:4276
- C:\Windows\System\muBSTET.exe
  C:\Windows\System\muBSTET.exe
  2⤵
  PID:4308
- C:\Windows\System\qFZDJVD.exe
  C:\Windows\System\qFZDJVD.exe
  2⤵
  PID:4340
- C:\Windows\System\vAHgkno.exe
  C:\Windows\System\vAHgkno.exe
  2⤵
  PID:4372
- C:\Windows\System\tIgapJA.exe
  C:\Windows\System\tIgapJA.exe
  2⤵
  PID:4404
- C:\Windows\System\IkgJwpQ.exe
  C:\Windows\System\IkgJwpQ.exe
  2⤵
  PID:4452
- C:\Windows\System\PVDwxHi.exe
  C:\Windows\System\PVDwxHi.exe
  2⤵
  PID:4468
- C:\Windows\System\fpdcoHu.exe
  C:\Windows\System\fpdcoHu.exe
  2⤵
  PID:4504
- C:\Windows\System\fTDxzvy.exe
  C:\Windows\System\fTDxzvy.exe
  2⤵
  PID:4548
- C:\Windows\System\EnmZBOI.exe
  C:\Windows\System\EnmZBOI.exe
  2⤵
  PID:4552
- C:\Windows\System\awkhRWC.exe
  C:\Windows\System\awkhRWC.exe
  2⤵
  PID:4584
- C:\Windows\System\NcWNFdh.exe
  C:\Windows\System\NcWNFdh.exe
  2⤵
  PID:4616
- C:\Windows\System\xKyDuAG.exe
  C:\Windows\System\xKyDuAG.exe
  2⤵
  PID:4648
- C:\Windows\System\uadmtGe.exe
  C:\Windows\System\uadmtGe.exe
  2⤵
  PID:4680
- C:\Windows\System\sOTSADG.exe
  C:\Windows\System\sOTSADG.exe
  2⤵
  PID:4712
- C:\Windows\System\GSJIMYM.exe
  C:\Windows\System\GSJIMYM.exe
  2⤵
  PID:4744
- C:\Windows\System\wnYRqRX.exe
  C:\Windows\System\wnYRqRX.exe
  2⤵
  PID:4760
- C:\Windows\System\bbRckpG.exe
  C:\Windows\System\bbRckpG.exe
  2⤵
  PID:4792
- C:\Windows\System\AIlIquU.exe
  C:\Windows\System\AIlIquU.exe
  2⤵
  PID:4824
- C:\Windows\System\IfJaiXW.exe
  C:\Windows\System\IfJaiXW.exe
  2⤵
  PID:4868
- C:\Windows\System\agHBgkt.exe
  C:\Windows\System\agHBgkt.exe
  2⤵
  PID:4888
- C:\Windows\System\EiaHkYt.exe
  C:\Windows\System\EiaHkYt.exe
  2⤵
  PID:4932
- C:\Windows\System\gvSJBVq.exe
  C:\Windows\System\gvSJBVq.exe
  2⤵
  PID:4964
- C:\Windows\System\uNhFOdJ.exe
  C:\Windows\System\uNhFOdJ.exe
  2⤵
  PID:4996
- C:\Windows\System\uqaZFrS.exe
  C:\Windows\System\uqaZFrS.exe
  2⤵
  PID:5028
- C:\Windows\System\QsLzOXG.exe
  C:\Windows\System\QsLzOXG.exe
  2⤵
  PID:5048
- C:\Windows\System\GBQWFXg.exe
  C:\Windows\System\GBQWFXg.exe
  2⤵
  PID:5092
- C:\Windows\System\BScZmRg.exe
  C:\Windows\System\BScZmRg.exe
  2⤵
  PID:5112
- C:\Windows\System\wEAudEx.exe
  C:\Windows\System\wEAudEx.exe
  2⤵
  PID:2116
- C:\Windows\System\meZBcUZ.exe
  C:\Windows\System\meZBcUZ.exe
  2⤵
  PID:4136
- C:\Windows\System\TENgAkQ.exe
  C:\Windows\System\TENgAkQ.exe
  2⤵
  PID:4196
- C:\Windows\System\wLWMJGO.exe
  C:\Windows\System\wLWMJGO.exe
  2⤵
  PID:4232
- C:\Windows\System\nnybSRn.exe
  C:\Windows\System\nnybSRn.exe
  2⤵
  PID:4296
- C:\Windows\System\yYXRWWo.exe
  C:\Windows\System\yYXRWWo.exe
  2⤵
  PID:4360
- C:\Windows\System\pkZfgKK.exe
  C:\Windows\System\pkZfgKK.exe
  2⤵
  PID:4440
- C:\Windows\System\lWMHpzV.exe
  C:\Windows\System\lWMHpzV.exe
  2⤵
  PID:4488
- C:\Windows\System\BSmAjTj.exe
  C:\Windows\System\BSmAjTj.exe
  2⤵
  PID:320
- C:\Windows\System\Eusfmwt.exe
  C:\Windows\System\Eusfmwt.exe
  2⤵
  PID:4600
- C:\Windows\System\szTzitM.exe
  C:\Windows\System\szTzitM.exe
  2⤵
  PID:4664
- C:\Windows\System\ifbqbgL.exe
  C:\Windows\System\ifbqbgL.exe
  2⤵
  PID:2916
- C:\Windows\System\ZqfmRIt.exe
  C:\Windows\System\ZqfmRIt.exe
  2⤵
  PID:4820
- C:\Windows\System\iNQAUpr.exe
  C:\Windows\System\iNQAUpr.exe
  2⤵
  PID:4872
- C:\Windows\System\qseYDBJ.exe
  C:\Windows\System\qseYDBJ.exe
  2⤵
  PID:4936
- C:\Windows\System\qhmdAaB.exe
  C:\Windows\System\qhmdAaB.exe
  2⤵
  PID:4980
- C:\Windows\System\pbkSxNb.exe
  C:\Windows\System\pbkSxNb.exe
  2⤵
  PID:5044
- C:\Windows\System\vfTmXQl.exe
  C:\Windows\System\vfTmXQl.exe
  2⤵
  PID:4072
- C:\Windows\System\UTUeGvu.exe
  C:\Windows\System\UTUeGvu.exe
  2⤵
  PID:2968
- C:\Windows\System\vzatiQa.exe
  C:\Windows\System\vzatiQa.exe
  2⤵
  PID:4216
- C:\Windows\System\LALEIay.exe
  C:\Windows\System\LALEIay.exe
  2⤵
  PID:4312
- C:\Windows\System\vwZHHEV.exe
  C:\Windows\System\vwZHHEV.exe
  2⤵
  PID:4376
- C:\Windows\System\rIFVIAk.exe
  C:\Windows\System\rIFVIAk.exe
  2⤵
  PID:1912
- C:\Windows\System\uWPZBwG.exe
  C:\Windows\System\uWPZBwG.exe
  2⤵
  PID:4612
- C:\Windows\System\MosjZRL.exe
  C:\Windows\System\MosjZRL.exe
  2⤵
  PID:4740
- C:\Windows\System\rfBoQgG.exe
  C:\Windows\System\rfBoQgG.exe
  2⤵
  PID:4884
- C:\Windows\System\NrkfkHA.exe
  C:\Windows\System\NrkfkHA.exe
  2⤵
  PID:4948
- C:\Windows\System\PEKXZgN.exe
  C:\Windows\System\PEKXZgN.exe
  2⤵
  PID:5132
- C:\Windows\System\sVtepdk.exe
  C:\Windows\System\sVtepdk.exe
  2⤵
  PID:5148
- C:\Windows\System\KmmbbDG.exe
  C:\Windows\System\KmmbbDG.exe
  2⤵
  PID:5164
- C:\Windows\System\koQLPyB.exe
  C:\Windows\System\koQLPyB.exe
  2⤵
  PID:5180
- C:\Windows\System\wzImUfJ.exe
  C:\Windows\System\wzImUfJ.exe
  2⤵
  PID:5196
- C:\Windows\System\vNdzYjZ.exe
  C:\Windows\System\vNdzYjZ.exe
  2⤵
  PID:5212
- C:\Windows\System\AVyPRBs.exe
  C:\Windows\System\AVyPRBs.exe
  2⤵
  PID:5228
- C:\Windows\System\TycQVyK.exe
  C:\Windows\System\TycQVyK.exe
  2⤵
  PID:5244
- C:\Windows\System\KnNauja.exe
  C:\Windows\System\KnNauja.exe
  2⤵
  PID:5260
- C:\Windows\System\wUmcRsn.exe
  C:\Windows\System\wUmcRsn.exe
  2⤵
  PID:5276
- C:\Windows\System\dGHXGzv.exe
  C:\Windows\System\dGHXGzv.exe
  2⤵
  PID:5292
- C:\Windows\System\vbdVIFO.exe
  C:\Windows\System\vbdVIFO.exe
  2⤵
  PID:5308
- C:\Windows\System\eUkmNli.exe
  C:\Windows\System\eUkmNli.exe
  2⤵
  PID:5324
- C:\Windows\System\KJKbmYt.exe
  C:\Windows\System\KJKbmYt.exe
  2⤵
  PID:5340
- C:\Windows\System\NCjsVuW.exe
  C:\Windows\System\NCjsVuW.exe
  2⤵
  PID:5356
- C:\Windows\System\lJMbreA.exe
  C:\Windows\System\lJMbreA.exe
  2⤵
  PID:5372
- C:\Windows\System\zLJDqKk.exe
  C:\Windows\System\zLJDqKk.exe
  2⤵
  PID:5388
- C:\Windows\System\szlQURj.exe
  C:\Windows\System\szlQURj.exe
  2⤵
  PID:5404
- C:\Windows\System\JvZTEEy.exe
  C:\Windows\System\JvZTEEy.exe
  2⤵
  PID:5420
- C:\Windows\System\suwWIAg.exe
  C:\Windows\System\suwWIAg.exe
  2⤵
  PID:5436
- C:\Windows\System\haZpFVp.exe
  C:\Windows\System\haZpFVp.exe
  2⤵
  PID:5452
- C:\Windows\System\IeFGGff.exe
  C:\Windows\System\IeFGGff.exe
  2⤵
  PID:5468
- C:\Windows\System\WUxeoYl.exe
  C:\Windows\System\WUxeoYl.exe
  2⤵
  PID:5484
- C:\Windows\System\qIdNMBK.exe
  C:\Windows\System\qIdNMBK.exe
  2⤵
  PID:5500
- C:\Windows\System\BpSTrdI.exe
  C:\Windows\System\BpSTrdI.exe
  2⤵
  PID:5516
- C:\Windows\System\UvJvwYI.exe
  C:\Windows\System\UvJvwYI.exe
  2⤵
  PID:5532
- C:\Windows\System\eXlpcgR.exe
  C:\Windows\System\eXlpcgR.exe
  2⤵
  PID:5548
- C:\Windows\System\jcYnXyS.exe
  C:\Windows\System\jcYnXyS.exe
  2⤵
  PID:5564
- C:\Windows\System\JrgHZGw.exe
  C:\Windows\System\JrgHZGw.exe
  2⤵
  PID:5580
- C:\Windows\System\JLpUvvi.exe
  C:\Windows\System\JLpUvvi.exe
  2⤵
  PID:5600
- C:\Windows\System\TQxiALM.exe
  C:\Windows\System\TQxiALM.exe
  2⤵
  PID:5616
- C:\Windows\System\MHKdeSR.exe
  C:\Windows\System\MHKdeSR.exe
  2⤵
  PID:5632
- C:\Windows\System\dUVluXr.exe
  C:\Windows\System\dUVluXr.exe
  2⤵
  PID:5648
- C:\Windows\System\JVXrwGC.exe
  C:\Windows\System\JVXrwGC.exe
  2⤵
  PID:5664
- C:\Windows\System\vHlSsdz.exe
  C:\Windows\System\vHlSsdz.exe
  2⤵
  PID:5680
- C:\Windows\System\dsykVPR.exe
  C:\Windows\System\dsykVPR.exe
  2⤵
  PID:5696
- C:\Windows\System\ChkEXJi.exe
  C:\Windows\System\ChkEXJi.exe
  2⤵
  PID:5712
- C:\Windows\System\aCzgFQz.exe
  C:\Windows\System\aCzgFQz.exe
  2⤵
  PID:5728
- C:\Windows\System\aVtrgKJ.exe
  C:\Windows\System\aVtrgKJ.exe
  2⤵
  PID:5744
- C:\Windows\System\Hddqzor.exe
  C:\Windows\System\Hddqzor.exe
  2⤵
  PID:5760
- C:\Windows\System\ALOAFmE.exe
  C:\Windows\System\ALOAFmE.exe
  2⤵
  PID:5776
- C:\Windows\System\yXqJvas.exe
  C:\Windows\System\yXqJvas.exe
  2⤵
  PID:5792
- C:\Windows\System\EzwNmdo.exe
  C:\Windows\System\EzwNmdo.exe
  2⤵
  PID:5808
- C:\Windows\System\YEpBipW.exe
  C:\Windows\System\YEpBipW.exe
  2⤵
  PID:5824
- C:\Windows\System\KeotAxn.exe
  C:\Windows\System\KeotAxn.exe
  2⤵
  PID:5840
- C:\Windows\System\IhdqyZW.exe
  C:\Windows\System\IhdqyZW.exe
  2⤵
  PID:5856
- C:\Windows\System\zWFZHRG.exe
  C:\Windows\System\zWFZHRG.exe
  2⤵
  PID:5872
- C:\Windows\System\RERMQjt.exe
  C:\Windows\System\RERMQjt.exe
  2⤵
  PID:5888
- C:\Windows\System\degaQEn.exe
  C:\Windows\System\degaQEn.exe
  2⤵
  PID:5904
- C:\Windows\System\cGkBoXn.exe
  C:\Windows\System\cGkBoXn.exe
  2⤵
  PID:5920
- C:\Windows\System\tTEbnxv.exe
  C:\Windows\System\tTEbnxv.exe
  2⤵
  PID:5936
- C:\Windows\System\ISdhvuL.exe
  C:\Windows\System\ISdhvuL.exe
  2⤵
  PID:5952
- C:\Windows\System\alywcJo.exe
  C:\Windows\System\alywcJo.exe
  2⤵
  PID:5968
- C:\Windows\System\dyqpKMA.exe
  C:\Windows\System\dyqpKMA.exe
  2⤵
  PID:5984
- C:\Windows\System\FJOnsDh.exe
  C:\Windows\System\FJOnsDh.exe
  2⤵
  PID:6000
- C:\Windows\System\zVSVlqe.exe
  C:\Windows\System\zVSVlqe.exe
  2⤵
  PID:6016
- C:\Windows\System\GwSgKVB.exe
  C:\Windows\System\GwSgKVB.exe
  2⤵
  PID:6032
- C:\Windows\System\OmaFCsB.exe
  C:\Windows\System\OmaFCsB.exe
  2⤵
  PID:6048
- C:\Windows\System\wsZBMrA.exe
  C:\Windows\System\wsZBMrA.exe
  2⤵
  PID:6084
- C:\Windows\System\IQluJOg.exe
  C:\Windows\System\IQluJOg.exe
  2⤵
  PID:6104
- C:\Windows\System\BdrXCsU.exe
  C:\Windows\System\BdrXCsU.exe
  2⤵
  PID:6124
- C:\Windows\System\awCnIiC.exe
  C:\Windows\System\awCnIiC.exe
  2⤵
  PID:6140
- C:\Windows\System\CPepYnH.exe
  C:\Windows\System\CPepYnH.exe
  2⤵
  PID:5108
- C:\Windows\System\BpDBWTd.exe
  C:\Windows\System\BpDBWTd.exe
  2⤵
  PID:2000
- C:\Windows\System\IcShFdR.exe
  C:\Windows\System\IcShFdR.exe
  2⤵
  PID:4472
- C:\Windows\System\FxphHuh.exe
  C:\Windows\System\FxphHuh.exe
  2⤵
  PID:4632
- C:\Windows\System\gahBlLZ.exe
  C:\Windows\System\gahBlLZ.exe
  2⤵
  PID:2776
- C:\Windows\System\TidIQHC.exe
  C:\Windows\System\TidIQHC.exe
  2⤵
  PID:5140
- C:\Windows\System\RdaMOyC.exe
  C:\Windows\System\RdaMOyC.exe
  2⤵
  PID:5156
- C:\Windows\System\CCLFyjP.exe
  C:\Windows\System\CCLFyjP.exe
  2⤵
  PID:5204
- C:\Windows\System\xAyefkd.exe
  C:\Windows\System\xAyefkd.exe
  2⤵
  PID:5236
- C:\Windows\System\QeRrOLK.exe
  C:\Windows\System\QeRrOLK.exe
  2⤵
  PID:5268
- C:\Windows\System\GikKUWA.exe
  C:\Windows\System\GikKUWA.exe
  2⤵
  PID:5300
- C:\Windows\System\GboIuBD.exe
  C:\Windows\System\GboIuBD.exe
  2⤵
  PID:5320
- C:\Windows\System\owHPXqL.exe
  C:\Windows\System\owHPXqL.exe
  2⤵
  PID:5352
- C:\Windows\System\oDCRBNX.exe
  C:\Windows\System\oDCRBNX.exe
  2⤵
  PID:5384
- C:\Windows\System\FZYpCkx.exe
  C:\Windows\System\FZYpCkx.exe
  2⤵
  PID:5416
- C:\Windows\System\EFHHpwl.exe
  C:\Windows\System\EFHHpwl.exe
  2⤵
  PID:5448
- C:\Windows\System\QhGAXhN.exe
  C:\Windows\System\QhGAXhN.exe
  2⤵
  PID:5480
- C:\Windows\System\pEkzpTj.exe
  C:\Windows\System\pEkzpTj.exe
  2⤵
  PID:5512
- C:\Windows\System\JPXAKYv.exe
  C:\Windows\System\JPXAKYv.exe
  2⤵
  PID:1100
- C:\Windows\System\ULiNxxN.exe
  C:\Windows\System\ULiNxxN.exe
  2⤵
  PID:5572
- C:\Windows\System\jeGUWtm.exe
  C:\Windows\System\jeGUWtm.exe
  2⤵
  PID:5596
- C:\Windows\System\uvtulVe.exe
  C:\Windows\System\uvtulVe.exe
  2⤵
  PID:5628
- C:\Windows\System\FnznCqr.exe
  C:\Windows\System\FnznCqr.exe
  2⤵
  PID:5656
- C:\Windows\System\AUCBxWU.exe
  C:\Windows\System\AUCBxWU.exe
  2⤵
  PID:5688
- C:\Windows\System\SqQsrNh.exe
  C:\Windows\System\SqQsrNh.exe
  2⤵
  PID:5704
- C:\Windows\System\bCbWOan.exe
  C:\Windows\System\bCbWOan.exe
  2⤵
  PID:5736
- C:\Windows\System\hShaYZP.exe
  C:\Windows\System\hShaYZP.exe
  2⤵
  PID:5768
- C:\Windows\System\qAWuKGu.exe
  C:\Windows\System\qAWuKGu.exe
  2⤵
  PID:1152
- C:\Windows\System\jOYSTuM.exe
  C:\Windows\System\jOYSTuM.exe
  2⤵
  PID:5804
- C:\Windows\System\XylNLWc.exe
  C:\Windows\System\XylNLWc.exe
  2⤵
  PID:1312
- C:\Windows\System\VCLtAjn.exe
  C:\Windows\System\VCLtAjn.exe
  2⤵
  PID:2332
- C:\Windows\System\xMsxQWG.exe
  C:\Windows\System\xMsxQWG.exe
  2⤵
  PID:5852
- C:\Windows\System\EfrSEtM.exe
  C:\Windows\System\EfrSEtM.exe
  2⤵
  PID:5864
- C:\Windows\System\HOOxcad.exe
  C:\Windows\System\HOOxcad.exe
  2⤵
  PID:5868
- C:\Windows\System\UJqdBlC.exe
  C:\Windows\System\UJqdBlC.exe
  2⤵
  PID:5900
- C:\Windows\System\flTLcok.exe
  C:\Windows\System\flTLcok.exe
  2⤵
  PID:1748
- C:\Windows\System\zvGVZuo.exe
  C:\Windows\System\zvGVZuo.exe
  2⤵
  PID:5944
- C:\Windows\System\JRKdQwq.exe
  C:\Windows\System\JRKdQwq.exe
  2⤵
  PID:5964
- C:\Windows\System\HBwAxjS.exe
  C:\Windows\System\HBwAxjS.exe
  2⤵
  PID:5980
- C:\Windows\System\FuwNHQF.exe
  C:\Windows\System\FuwNHQF.exe
  2⤵
  PID:1800
- C:\Windows\System\BRdDwmf.exe
  C:\Windows\System\BRdDwmf.exe
  2⤵
  PID:6012
- C:\Windows\System\KaaSyOz.exe
  C:\Windows\System\KaaSyOz.exe
  2⤵
  PID:6040
- C:\Windows\System\gYDQLtb.exe
  C:\Windows\System\gYDQLtb.exe
  2⤵
  PID:6028
- C:\Windows\System\TQvsRiH.exe
  C:\Windows\System\TQvsRiH.exe
  2⤵
  PID:3012
- C:\Windows\System\cwfhdVH.exe
  C:\Windows\System\cwfhdVH.exe
  2⤵
  PID:2468
- C:\Windows\System\sNYfTfi.exe
  C:\Windows\System\sNYfTfi.exe
  2⤵
  PID:6120
- C:\Windows\System\GzkBjZb.exe
  C:\Windows\System\GzkBjZb.exe
  2⤵
  PID:5076
- C:\Windows\System\kRKUJaw.exe
  C:\Windows\System\kRKUJaw.exe
  2⤵
  PID:4580
- C:\Windows\System\OKJDcbU.exe
  C:\Windows\System\OKJDcbU.exe
  2⤵
  PID:4344
- C:\Windows\System\RKnHTrL.exe
  C:\Windows\System\RKnHTrL.exe
  2⤵
  PID:5144
- C:\Windows\System\wnLBchT.exe
  C:\Windows\System\wnLBchT.exe
  2⤵
  PID:5252
- C:\Windows\System\tLNacQG.exe
  C:\Windows\System\tLNacQG.exe
  2⤵
  PID:5272
- C:\Windows\System\hXCaEod.exe
  C:\Windows\System\hXCaEod.exe
  2⤵
  PID:5380
- C:\Windows\System\PtJJZUp.exe
  C:\Windows\System\PtJJZUp.exe
  2⤵
  PID:5508
- C:\Windows\System\JcadVJc.exe
  C:\Windows\System\JcadVJc.exe
  2⤵
  PID:5476
- C:\Windows\System\JfRHPzl.exe
  C:\Windows\System\JfRHPzl.exe
  2⤵
  PID:1504
- C:\Windows\System\dXZSWRu.exe
  C:\Windows\System\dXZSWRu.exe
  2⤵
  PID:5772
- C:\Windows\System\lyHGFkg.exe
  C:\Windows\System\lyHGFkg.exe
  2⤵
  PID:2012
- C:\Windows\System\SQIuoSp.exe
  C:\Windows\System\SQIuoSp.exe
  2⤵
  PID:2144
- C:\Windows\System\ANQmRxa.exe
  C:\Windows\System\ANQmRxa.exe
  2⤵
  PID:352
- C:\Windows\System\EVuJdlz.exe
  C:\Windows\System\EVuJdlz.exe
  2⤵
  PID:5896
- C:\Windows\System\arzhUBP.exe
  C:\Windows\System\arzhUBP.exe
  2⤵
  PID:1328
- C:\Windows\System\qlCFMWo.exe
  C:\Windows\System\qlCFMWo.exe
  2⤵
  PID:2016
- C:\Windows\System\UmPGVcg.exe
  C:\Windows\System\UmPGVcg.exe
  2⤵
  PID:6024
- C:\Windows\System\HYqANXq.exe
  C:\Windows\System\HYqANXq.exe
  2⤵
  PID:6100
- C:\Windows\System\bCMUMSY.exe
  C:\Windows\System\bCMUMSY.exe
  2⤵
  PID:5176
- C:\Windows\System\KLQKHJF.exe
  C:\Windows\System\KLQKHJF.exe
  2⤵
  PID:1564
- C:\Windows\System\ogFJpAE.exe
  C:\Windows\System\ogFJpAE.exe
  2⤵
  PID:6136
- C:\Windows\System\aTSRdGY.exe
  C:\Windows\System\aTSRdGY.exe
  2⤵
  PID:5208
- C:\Windows\System\zeoBMvT.exe
  C:\Windows\System\zeoBMvT.exe
  2⤵
  PID:5496
- C:\Windows\System\kuQWALE.exe
  C:\Windows\System\kuQWALE.exe
  2⤵
  PID:688
- C:\Windows\System\lOvlWMF.exe
  C:\Windows\System\lOvlWMF.exe
  2⤵
  PID:5588
- C:\Windows\System\ZDSypxM.exe
  C:\Windows\System\ZDSypxM.exe
  2⤵
  PID:1440
- C:\Windows\System\MbFvkqP.exe
  C:\Windows\System\MbFvkqP.exe
  2⤵
  PID:5644
- C:\Windows\System\LSkJTen.exe
  C:\Windows\System\LSkJTen.exe
  2⤵
  PID:2920
- C:\Windows\System\LWriMws.exe
  C:\Windows\System\LWriMws.exe
  2⤵
  PID:1496
- C:\Windows\System\YYIqHlW.exe
  C:\Windows\System\YYIqHlW.exe
  2⤵
  PID:2324
- C:\Windows\System\SmBsFWV.exe
  C:\Windows\System\SmBsFWV.exe
  2⤵
  PID:5316
- C:\Windows\System\ydApMVO.exe
  C:\Windows\System\ydApMVO.exe
  2⤵
  PID:5740
- C:\Windows\System\eCglerp.exe
  C:\Windows\System\eCglerp.exe
  2⤵
  PID:4536
- C:\Windows\System\VfcRBnH.exe
  C:\Windows\System\VfcRBnH.exe
  2⤵
  PID:5444
- C:\Windows\System\IoTAwGp.exe
  C:\Windows\System\IoTAwGp.exe
  2⤵
  PID:5848
- C:\Windows\System\XVfBFKx.exe
  C:\Windows\System\XVfBFKx.exe
  2⤵
  PID:4248
- C:\Windows\System\vcTafLq.exe
  C:\Windows\System\vcTafLq.exe
  2⤵
  PID:5992
- C:\Windows\System\JnERPjn.exe
  C:\Windows\System\JnERPjn.exe
  2⤵
  PID:1340
- C:\Windows\System\WhAKAnE.exe
  C:\Windows\System\WhAKAnE.exe
  2⤵
  PID:6148
- C:\Windows\System\ToQKzWO.exe
  C:\Windows\System\ToQKzWO.exe
  2⤵
  PID:6168
- C:\Windows\System\IMIifdd.exe
  C:\Windows\System\IMIifdd.exe
  2⤵
  PID:6184
- C:\Windows\System\vkPTwvH.exe
  C:\Windows\System\vkPTwvH.exe
  2⤵
  PID:6200
- C:\Windows\System\vfUzUUu.exe
  C:\Windows\System\vfUzUUu.exe
  2⤵
  PID:6216
- C:\Windows\System\ZdecLGu.exe
  C:\Windows\System\ZdecLGu.exe
  2⤵
  PID:6240
- C:\Windows\System\kxmxdpK.exe
  C:\Windows\System\kxmxdpK.exe
  2⤵
  PID:6256
- C:\Windows\System\sSHyhci.exe
  C:\Windows\System\sSHyhci.exe
  2⤵
  PID:6272
- C:\Windows\System\XWXeObN.exe
  C:\Windows\System\XWXeObN.exe
  2⤵
  PID:6288
- C:\Windows\System\AOuwMuH.exe
  C:\Windows\System\AOuwMuH.exe
  2⤵
  PID:6304
- C:\Windows\System\qfyeFWu.exe
  C:\Windows\System\qfyeFWu.exe
  2⤵
  PID:6320
- C:\Windows\System\NVFoylt.exe
  C:\Windows\System\NVFoylt.exe
  2⤵
  PID:6336
- C:\Windows\System\NGSGyXH.exe
  C:\Windows\System\NGSGyXH.exe
  2⤵
  PID:6352
- C:\Windows\System\gFhrfgv.exe
  C:\Windows\System\gFhrfgv.exe
  2⤵
  PID:6368
- C:\Windows\System\DkXYAHQ.exe
  C:\Windows\System\DkXYAHQ.exe
  2⤵
  PID:6384
- C:\Windows\System\vmHjsMw.exe
  C:\Windows\System\vmHjsMw.exe
  2⤵
  PID:6400
- C:\Windows\System\KsfRZJS.exe
  C:\Windows\System\KsfRZJS.exe
  2⤵
  PID:6416
- C:\Windows\System\NgYBvPE.exe
  C:\Windows\System\NgYBvPE.exe
  2⤵
  PID:6432
- C:\Windows\System\gNXdZBP.exe
  C:\Windows\System\gNXdZBP.exe
  2⤵
  PID:6448
- C:\Windows\System\Soxbowr.exe
  C:\Windows\System\Soxbowr.exe
  2⤵
  PID:6468
- C:\Windows\System\HPtHiqp.exe
  C:\Windows\System\HPtHiqp.exe
  2⤵
  PID:6484
- C:\Windows\System\SoyTsJZ.exe
  C:\Windows\System\SoyTsJZ.exe
  2⤵
  PID:6500
- C:\Windows\System\vRjsbhD.exe
  C:\Windows\System\vRjsbhD.exe
  2⤵
  PID:6516
- C:\Windows\System\IbzHqsv.exe
  C:\Windows\System\IbzHqsv.exe
  2⤵
  PID:6532
- C:\Windows\System\gZzYHRV.exe
  C:\Windows\System\gZzYHRV.exe
  2⤵
  PID:6548
- C:\Windows\System\QocNccF.exe
  C:\Windows\System\QocNccF.exe
  2⤵
  PID:6564
- C:\Windows\System\FEJwKQq.exe
  C:\Windows\System\FEJwKQq.exe
  2⤵
  PID:6580
- C:\Windows\System\HzFDfYo.exe
  C:\Windows\System\HzFDfYo.exe
  2⤵
  PID:6596
- C:\Windows\System\XnhKGJb.exe
  C:\Windows\System\XnhKGJb.exe
  2⤵
  PID:6612
- C:\Windows\System\IOzAitb.exe
  C:\Windows\System\IOzAitb.exe
  2⤵
  PID:6628
- C:\Windows\System\FbCAoPQ.exe
  C:\Windows\System\FbCAoPQ.exe
  2⤵
  PID:6644
- C:\Windows\System\upRAYUI.exe
  C:\Windows\System\upRAYUI.exe
  2⤵
  PID:6660
- C:\Windows\System\TrPZOSC.exe
  C:\Windows\System\TrPZOSC.exe
  2⤵
  PID:6676
- C:\Windows\System\HTZyHYS.exe
  C:\Windows\System\HTZyHYS.exe
  2⤵
  PID:6692
- C:\Windows\System\pWCcavt.exe
  C:\Windows\System\pWCcavt.exe
  2⤵
  PID:6708
- C:\Windows\System\UmwVlkx.exe
  C:\Windows\System\UmwVlkx.exe
  2⤵
  PID:6724
- C:\Windows\System\OcEAtvA.exe
  C:\Windows\System\OcEAtvA.exe
  2⤵
  PID:6740
- C:\Windows\System\GCXwZHY.exe
  C:\Windows\System\GCXwZHY.exe
  2⤵
  PID:6756
- C:\Windows\System\dEWIcIx.exe
  C:\Windows\System\dEWIcIx.exe
  2⤵
  PID:6776
- C:\Windows\System\lVEZsXR.exe
  C:\Windows\System\lVEZsXR.exe
  2⤵
  PID:6792
- C:\Windows\System\ZYWYqXy.exe
  C:\Windows\System\ZYWYqXy.exe
  2⤵
  PID:6808
- C:\Windows\System\uksFmKB.exe
  C:\Windows\System\uksFmKB.exe
  2⤵
  PID:6824
- C:\Windows\System\fmFAgxi.exe
  C:\Windows\System\fmFAgxi.exe
  2⤵
  PID:6840
- C:\Windows\System\qYuIeOe.exe
  C:\Windows\System\qYuIeOe.exe
  2⤵
  PID:6856
- C:\Windows\System\skeQOmg.exe
  C:\Windows\System\skeQOmg.exe
  2⤵
  PID:6872
- C:\Windows\System\crwCkGF.exe
  C:\Windows\System\crwCkGF.exe
  2⤵
  PID:6888
- C:\Windows\System\NgNPLFd.exe
  C:\Windows\System\NgNPLFd.exe
  2⤵
  PID:6904
- C:\Windows\System\sjpBrWK.exe
  C:\Windows\System\sjpBrWK.exe
  2⤵
  PID:6920
- C:\Windows\System\AIgtToH.exe
  C:\Windows\System\AIgtToH.exe
  2⤵
  PID:6936
- C:\Windows\System\CbdWTSB.exe
  C:\Windows\System\CbdWTSB.exe
  2⤵
  PID:6952
- C:\Windows\System\UwQlRkD.exe
  C:\Windows\System\UwQlRkD.exe
  2⤵
  PID:6968
- C:\Windows\System\oGGLMAY.exe
  C:\Windows\System\oGGLMAY.exe
  2⤵
  PID:6984
- C:\Windows\System\qUAMCTC.exe
  C:\Windows\System\qUAMCTC.exe
  2⤵
  PID:7000
- C:\Windows\System\BtGgmeo.exe
  C:\Windows\System\BtGgmeo.exe
  2⤵
  PID:7016
- C:\Windows\System\aIsEWdP.exe
  C:\Windows\System\aIsEWdP.exe
  2⤵
  PID:7032
- C:\Windows\System\IizYmpl.exe
  C:\Windows\System\IizYmpl.exe
  2⤵
  PID:7048
- C:\Windows\System\FCuPAGG.exe
  C:\Windows\System\FCuPAGG.exe
  2⤵
  PID:7064
- C:\Windows\System\hazaLlx.exe
  C:\Windows\System\hazaLlx.exe
  2⤵
  PID:7080
- C:\Windows\System\dOcMLXN.exe
  C:\Windows\System\dOcMLXN.exe
  2⤵
  PID:7096
- C:\Windows\System\iCZMHqF.exe
  C:\Windows\System\iCZMHqF.exe
  2⤵
  PID:7112
- C:\Windows\System\GsjaQfb.exe
  C:\Windows\System\GsjaQfb.exe
  2⤵
  PID:7128
- C:\Windows\System\xJolONi.exe
  C:\Windows\System\xJolONi.exe
  2⤵
  PID:7144
- C:\Windows\System\oNoJCPc.exe
  C:\Windows\System\oNoJCPc.exe
  2⤵
  PID:7160
- C:\Windows\System\EjkUGNP.exe
  C:\Windows\System\EjkUGNP.exe
  2⤵
  PID:5336
- C:\Windows\System\yKxhXRd.exe
  C:\Windows\System\yKxhXRd.exe
  2⤵
  PID:6192
- C:\Windows\System\IdVxNHO.exe
  C:\Windows\System\IdVxNHO.exe
  2⤵
  PID:6224
- C:\Windows\System\ECQzXBF.exe
  C:\Windows\System\ECQzXBF.exe
  2⤵
  PID:6264
- C:\Windows\System\QvNklEL.exe
  C:\Windows\System\QvNklEL.exe
  2⤵
  PID:6280
- C:\Windows\System\lNECudG.exe
  C:\Windows\System\lNECudG.exe
  2⤵
  PID:6412
- C:\Windows\System\WWshFDF.exe
  C:\Windows\System\WWshFDF.exe
  2⤵
  PID:6332
- C:\Windows\System\caymRfD.exe
  C:\Windows\System\caymRfD.exe
  2⤵
  PID:6396
- C:\Windows\System\hRFNdnA.exe
  C:\Windows\System\hRFNdnA.exe
  2⤵
  PID:6348
- C:\Windows\System\IYTbrzq.exe
  C:\Windows\System\IYTbrzq.exe
  2⤵
  PID:6456
- C:\Windows\System\hBBAJTN.exe
  C:\Windows\System\hBBAJTN.exe
  2⤵
  PID:6492
- C:\Windows\System\bIVaYda.exe
  C:\Windows\System\bIVaYda.exe
  2⤵
  PID:6508
- C:\Windows\System\EIXifDM.exe
  C:\Windows\System\EIXifDM.exe
  2⤵
  PID:6544
- C:\Windows\System\hJdlxHy.exe
  C:\Windows\System\hJdlxHy.exe
  2⤵
  PID:6560
- C:\Windows\System\FSRRrPl.exe
  C:\Windows\System\FSRRrPl.exe
  2⤵
  PID:6604
- C:\Windows\System\WMzuZRR.exe
  C:\Windows\System\WMzuZRR.exe
  2⤵
  PID:6652
- C:\Windows\System\IqvlOKU.exe
  C:\Windows\System\IqvlOKU.exe
  2⤵
  PID:6656
- C:\Windows\System\HtiJJVa.exe
  C:\Windows\System\HtiJJVa.exe
  2⤵
  PID:6684
- C:\Windows\System\bfbbuBT.exe
  C:\Windows\System\bfbbuBT.exe
  2⤵
  PID:6748
- C:\Windows\System\kaDRpFQ.exe
  C:\Windows\System\kaDRpFQ.exe
  2⤵
  PID:6764
- C:\Windows\System\mvQgZsI.exe
  C:\Windows\System\mvQgZsI.exe
  2⤵
  PID:6784
- C:\Windows\System\DoRRvYt.exe
  C:\Windows\System\DoRRvYt.exe
  2⤵
  PID:6848
- C:\Windows\System\UZjxEtO.exe
  C:\Windows\System\UZjxEtO.exe
  2⤵
  PID:6864
- C:\Windows\System\lJTVSFN.exe
  C:\Windows\System\lJTVSFN.exe
  2⤵
  PID:6832
- C:\Windows\System\JsZZigR.exe
  C:\Windows\System\JsZZigR.exe
  2⤵
  PID:6916
- C:\Windows\System\NmJMVwo.exe
  C:\Windows\System\NmJMVwo.exe
  2⤵
  PID:6948
- C:\Windows\System\JEXehlh.exe
  C:\Windows\System\JEXehlh.exe
  2⤵
  PID:7040
- C:\Windows\System\ykVMpZL.exe
  C:\Windows\System\ykVMpZL.exe
  2⤵
  PID:6992
- C:\Windows\System\qbxkSqi.exe
  C:\Windows\System\qbxkSqi.exe
  2⤵
  PID:7072
- C:\Windows\System\ktKvOVh.exe
  C:\Windows\System\ktKvOVh.exe
  2⤵
  PID:6960
- C:\Windows\System\FvZdXCW.exe
  C:\Windows\System\FvZdXCW.exe
  2⤵
  PID:7136
- C:\Windows\System\MUHQBQm.exe
  C:\Windows\System\MUHQBQm.exe
  2⤵
  PID:7140
- C:\Windows\System\DdWVWAu.exe
  C:\Windows\System\DdWVWAu.exe
  2⤵
  PID:6132
- C:\Windows\System\XzGvyAn.exe
  C:\Windows\System\XzGvyAn.exe
  2⤵
  PID:6196
- C:\Windows\System\DXcQFQi.exe
  C:\Windows\System\DXcQFQi.exe
  2⤵
  PID:6268
- C:\Windows\System\uDFkYWt.exe
  C:\Windows\System\uDFkYWt.exe
  2⤵
  PID:6344
- C:\Windows\System\yoWysGt.exe
  C:\Windows\System\yoWysGt.exe
  2⤵
  PID:6528
- C:\Windows\System\SukMuJp.exe
  C:\Windows\System\SukMuJp.exe
  2⤵
  PID:6640
- C:\Windows\System\gjYpEkG.exe
  C:\Windows\System\gjYpEkG.exe
  2⤵
  PID:6716
- C:\Windows\System\QLgQosZ.exe
  C:\Windows\System\QLgQosZ.exe
  2⤵
  PID:6880
- C:\Windows\System\TPhvpaW.exe
  C:\Windows\System\TPhvpaW.exe
  2⤵
  PID:6476
- C:\Windows\System\AUnWvel.exe
  C:\Windows\System\AUnWvel.exe
  2⤵
  PID:6896
- C:\Windows\System\loryNAw.exe
  C:\Windows\System\loryNAw.exe
  2⤵
  PID:7024
- C:\Windows\System\qUVGbjr.exe
  C:\Windows\System\qUVGbjr.exe
  2⤵
  PID:6816
- C:\Windows\System\ZlBlNYc.exe
  C:\Windows\System\ZlBlNYc.exe
  2⤵
  PID:6800
- C:\Windows\System\oWXxWdf.exe
  C:\Windows\System\oWXxWdf.exe
  2⤵
  PID:6944
- C:\Windows\System\HOxFILc.exe
  C:\Windows\System\HOxFILc.exe
  2⤵
  PID:6164
- C:\Windows\System\JgkNmgf.exe
  C:\Windows\System\JgkNmgf.exe
  2⤵
  PID:7060
- C:\Windows\System\XVdLkOM.exe
  C:\Windows\System\XVdLkOM.exe
  2⤵
  PID:6252
- C:\Windows\System\alhcEtD.exe
  C:\Windows\System\alhcEtD.exe
  2⤵
  PID:6464
- C:\Windows\System\zVSCKji.exe
  C:\Windows\System\zVSCKji.exe
  2⤵
  PID:6524
- C:\Windows\System\QfHwOEI.exe
  C:\Windows\System\QfHwOEI.exe
  2⤵
  PID:6180
- C:\Windows\System\pelBDNi.exe
  C:\Windows\System\pelBDNi.exe
  2⤵
  PID:7172
- C:\Windows\System\oFIXJGf.exe
  C:\Windows\System\oFIXJGf.exe
  2⤵
  PID:7188
- C:\Windows\System\LxhRXei.exe
  C:\Windows\System\LxhRXei.exe
  2⤵
  PID:7204
- C:\Windows\System\sTCQVgY.exe
  C:\Windows\System\sTCQVgY.exe
  2⤵
  PID:7220
- C:\Windows\System\JOgarow.exe
  C:\Windows\System\JOgarow.exe
  2⤵
  PID:7236
- C:\Windows\System\oNkdlre.exe
  C:\Windows\System\oNkdlre.exe
  2⤵
  PID:7252
- C:\Windows\System\QXfguHZ.exe
  C:\Windows\System\QXfguHZ.exe
  2⤵
  PID:7272
- C:\Windows\System\tEtVmvM.exe
  C:\Windows\System\tEtVmvM.exe
  2⤵
  PID:7288
- C:\Windows\System\FAXXSIS.exe
  C:\Windows\System\FAXXSIS.exe
  2⤵
  PID:7304
- C:\Windows\System\yTKqAvc.exe
  C:\Windows\System\yTKqAvc.exe
  2⤵
  PID:7320
- C:\Windows\System\oHPErsX.exe
  C:\Windows\System\oHPErsX.exe
  2⤵
  PID:7336
- C:\Windows\System\QZwlhSH.exe
  C:\Windows\System\QZwlhSH.exe
  2⤵
  PID:7352
- C:\Windows\System\HwyPISP.exe
  C:\Windows\System\HwyPISP.exe
  2⤵
  PID:7368
- C:\Windows\System\GBPjrXa.exe
  C:\Windows\System\GBPjrXa.exe
  2⤵
  PID:7384
- C:\Windows\System\zPWikHZ.exe
  C:\Windows\System\zPWikHZ.exe
  2⤵
  PID:7400
- C:\Windows\System\Wyhnukd.exe
  C:\Windows\System\Wyhnukd.exe
  2⤵
  PID:7416
- C:\Windows\System\bprdCqY.exe
  C:\Windows\System\bprdCqY.exe
  2⤵
  PID:7432
- C:\Windows\System\mHQShcg.exe
  C:\Windows\System\mHQShcg.exe
  2⤵
  PID:7448
- C:\Windows\System\vJEiWUD.exe
  C:\Windows\System\vJEiWUD.exe
  2⤵
  PID:7464
- C:\Windows\System\ePNZtDy.exe
  C:\Windows\System\ePNZtDy.exe
  2⤵
  PID:7480
- C:\Windows\System\ImYfYlx.exe
  C:\Windows\System\ImYfYlx.exe
  2⤵
  PID:7496
- C:\Windows\System\lstWvkL.exe
  C:\Windows\System\lstWvkL.exe
  2⤵
  PID:7512
- C:\Windows\System\plPaDCx.exe
  C:\Windows\System\plPaDCx.exe
  2⤵
  PID:7528
- C:\Windows\System\IrlFdBJ.exe
  C:\Windows\System\IrlFdBJ.exe
  2⤵
  PID:7544
- C:\Windows\System\Fjgmmkl.exe
  C:\Windows\System\Fjgmmkl.exe
  2⤵
  PID:7560
- C:\Windows\System\EJUEMhT.exe
  C:\Windows\System\EJUEMhT.exe
  2⤵
  PID:7576
- C:\Windows\System\ayoqOGC.exe
  C:\Windows\System\ayoqOGC.exe
  2⤵
  PID:7592
- C:\Windows\System\MPCJblc.exe
  C:\Windows\System\MPCJblc.exe
  2⤵
  PID:7608
- C:\Windows\System\qZcpeoY.exe
  C:\Windows\System\qZcpeoY.exe
  2⤵
  PID:7624
- C:\Windows\System\wEisoWO.exe
  C:\Windows\System\wEisoWO.exe
  2⤵
  PID:7640
- C:\Windows\System\rHOOKlk.exe
  C:\Windows\System\rHOOKlk.exe
  2⤵
  PID:7656
- C:\Windows\System\dxtgwup.exe
  C:\Windows\System\dxtgwup.exe
  2⤵
  PID:7672
- C:\Windows\System\NHvrLaT.exe
  C:\Windows\System\NHvrLaT.exe
  2⤵
  PID:7688
- C:\Windows\System\NpMYEhv.exe
  C:\Windows\System\NpMYEhv.exe
  2⤵
  PID:7704
- C:\Windows\System\upNOPpn.exe
  C:\Windows\System\upNOPpn.exe
  2⤵
  PID:7720
- C:\Windows\System\CXuAJvY.exe
  C:\Windows\System\CXuAJvY.exe
  2⤵
  PID:7736
- C:\Windows\System\WEJWtLI.exe
  C:\Windows\System\WEJWtLI.exe
  2⤵
  PID:7752
- C:\Windows\System\OmUcVby.exe
  C:\Windows\System\OmUcVby.exe
  2⤵
  PID:7768
- C:\Windows\System\ZpWVefO.exe
  C:\Windows\System\ZpWVefO.exe
  2⤵
  PID:7784
- C:\Windows\System\cbTSsfk.exe
  C:\Windows\System\cbTSsfk.exe
  2⤵
  PID:7800
- C:\Windows\System\pUUWNPh.exe
  C:\Windows\System\pUUWNPh.exe
  2⤵
  PID:7816
- C:\Windows\System\UnXdzzg.exe
  C:\Windows\System\UnXdzzg.exe
  2⤵
  PID:7832
- C:\Windows\System\eiBKOfR.exe
  C:\Windows\System\eiBKOfR.exe
  2⤵
  PID:7848
- C:\Windows\System\ZxnEbgT.exe
  C:\Windows\System\ZxnEbgT.exe
  2⤵
  PID:7864
- C:\Windows\System\gzIVoQX.exe
  C:\Windows\System\gzIVoQX.exe
  2⤵
  PID:7880
- C:\Windows\System\UYLIIyg.exe
  C:\Windows\System\UYLIIyg.exe
  2⤵
  PID:7896
- C:\Windows\System\lifAoTv.exe
  C:\Windows\System\lifAoTv.exe
  2⤵
  PID:7912
- C:\Windows\System\UnlXwqd.exe
  C:\Windows\System\UnlXwqd.exe
  2⤵
  PID:7928
- C:\Windows\System\CbwUEyI.exe
  C:\Windows\System\CbwUEyI.exe
  2⤵
  PID:7944
- C:\Windows\System\glAAIRk.exe
  C:\Windows\System\glAAIRk.exe
  2⤵
  PID:7960
- C:\Windows\System\NpaEzlU.exe
  C:\Windows\System\NpaEzlU.exe
  2⤵
  PID:7976
- C:\Windows\System\CuNIRzD.exe
  C:\Windows\System\CuNIRzD.exe
  2⤵
  PID:7992
- C:\Windows\System\mWPxCZs.exe
  C:\Windows\System\mWPxCZs.exe
  2⤵
  PID:8008
- C:\Windows\System\UFZTCNf.exe
  C:\Windows\System\UFZTCNf.exe
  2⤵
  PID:8024
- C:\Windows\System\iYwINMQ.exe
  C:\Windows\System\iYwINMQ.exe
  2⤵
  PID:8040
- C:\Windows\System\apSaDVo.exe
  C:\Windows\System\apSaDVo.exe
  2⤵
  PID:8056
- C:\Windows\System\SSUkzPA.exe
  C:\Windows\System\SSUkzPA.exe
  2⤵
  PID:8072
- C:\Windows\System\CEArpey.exe
  C:\Windows\System\CEArpey.exe
  2⤵
  PID:8088
- C:\Windows\System\KzIASvX.exe
  C:\Windows\System\KzIASvX.exe
  2⤵
  PID:8104
- C:\Windows\System\sHrlWNL.exe
  C:\Windows\System\sHrlWNL.exe
  2⤵
  PID:8120
- C:\Windows\System\rYHNESx.exe
  C:\Windows\System\rYHNESx.exe
  2⤵
  PID:8136
- C:\Windows\System\ofFnkej.exe
  C:\Windows\System\ofFnkej.exe
  2⤵
  PID:8152
- C:\Windows\System\qWWUCCa.exe
  C:\Windows\System\qWWUCCa.exe
  2⤵
  PID:8168
- C:\Windows\System\lZAvSRQ.exe
  C:\Windows\System\lZAvSRQ.exe
  2⤵
  PID:8184
- C:\Windows\System\dBswPcW.exe
  C:\Windows\System\dBswPcW.exe
  2⤵
  PID:6700
- C:\Windows\System\nCLqZwB.exe
  C:\Windows\System\nCLqZwB.exe
  2⤵
  PID:6732
- C:\Windows\System\igeaHmL.exe
  C:\Windows\System\igeaHmL.exe
  2⤵
  PID:6572
- C:\Windows\System\JTbpRqW.exe
  C:\Windows\System\JTbpRqW.exe
  2⤵
  PID:6836
- C:\Windows\System\DRTebsC.exe
  C:\Windows\System\DRTebsC.exe
  2⤵
  PID:7200
- C:\Windows\System\ciMmtjG.exe
  C:\Windows\System\ciMmtjG.exe
  2⤵
  PID:7108
- C:\Windows\System\AEFvGLH.exe
  C:\Windows\System\AEFvGLH.exe
  2⤵
  PID:7012
- C:\Windows\System\xMkJzzj.exe
  C:\Windows\System\xMkJzzj.exe
  2⤵
  PID:7232
- C:\Windows\System\SvgIaAY.exe
  C:\Windows\System\SvgIaAY.exe
  2⤵
  PID:7248
- C:\Windows\System\tLZmpsK.exe
  C:\Windows\System\tLZmpsK.exe
  2⤵
  PID:7300
- C:\Windows\System\QILfGbw.exe
  C:\Windows\System\QILfGbw.exe
  2⤵
  PID:7364
- C:\Windows\System\bekBKSw.exe
  C:\Windows\System\bekBKSw.exe
  2⤵
  PID:7428
- C:\Windows\System\fbtsVkC.exe
  C:\Windows\System\fbtsVkC.exe
  2⤵
  PID:7492
- C:\Windows\System\POLUPBm.exe
  C:\Windows\System\POLUPBm.exe
  2⤵
  PID:7524
- C:\Windows\System\ZxLtjBw.exe
  C:\Windows\System\ZxLtjBw.exe
  2⤵
  PID:7440
- C:\Windows\System\ExNmUAJ.exe
  C:\Windows\System\ExNmUAJ.exe
  2⤵
  PID:7588
- C:\Windows\System\cAFHQrn.exe
  C:\Windows\System\cAFHQrn.exe
  2⤵
  PID:7540
- C:\Windows\System\Nmsvppw.exe
  C:\Windows\System\Nmsvppw.exe
  2⤵
  PID:7312
- C:\Windows\System\VqFVidB.exe
  C:\Windows\System\VqFVidB.exe
  2⤵
  PID:7348
- C:\Windows\System\PgEoOFb.exe
  C:\Windows\System\PgEoOFb.exe
  2⤵
  PID:7632
- C:\Windows\System\eNdtGkm.exe
  C:\Windows\System\eNdtGkm.exe
  2⤵
  PID:7620
- C:\Windows\System\fuQtWtf.exe
  C:\Windows\System\fuQtWtf.exe
  2⤵
  PID:7684
- C:\Windows\System\wdcEJDy.exe
  C:\Windows\System\wdcEJDy.exe
  2⤵
  PID:7744
- C:\Windows\System\HRzndBU.exe
  C:\Windows\System\HRzndBU.exe
  2⤵
  PID:7732
- C:\Windows\System\dGJrBaE.exe
  C:\Windows\System\dGJrBaE.exe
  2⤵
  PID:7764
- C:\Windows\System\CNjhppd.exe
  C:\Windows\System\CNjhppd.exe
  2⤵
  PID:7840
- C:\Windows\System\QsrCvwn.exe
  C:\Windows\System\QsrCvwn.exe
  2⤵
  PID:7828
- C:\Windows\System\UHlhJvR.exe
  C:\Windows\System\UHlhJvR.exe
  2⤵
  PID:7860
- C:\Windows\System\Aurciuv.exe
  C:\Windows\System\Aurciuv.exe
  2⤵
  PID:7904
- C:\Windows\System\HuNVJbt.exe
  C:\Windows\System\HuNVJbt.exe
  2⤵
  PID:7968
- C:\Windows\System\JLsTOLS.exe
  C:\Windows\System\JLsTOLS.exe
  2⤵
  PID:7920
- C:\Windows\System\myhlBuW.exe
  C:\Windows\System\myhlBuW.exe
  2⤵
  PID:7952
- C:\Windows\System\iiWXpnH.exe
  C:\Windows\System\iiWXpnH.exe
  2⤵
  PID:6772
- C:\Windows\System\aODQePa.exe
  C:\Windows\System\aODQePa.exe
  2⤵
  PID:8068
- C:\Windows\System\tDBqsRs.exe
  C:\Windows\System\tDBqsRs.exe
  2⤵
  PID:8048
- C:\Windows\System\qgxbFYF.exe
  C:\Windows\System\qgxbFYF.exe
  2⤵
  PID:8128
- C:\Windows\System\klGWWPS.exe
  C:\Windows\System\klGWWPS.exe
  2⤵
  PID:8144
- C:\Windows\System\JcNuQFg.exe
  C:\Windows\System\JcNuQFg.exe
  2⤵
  PID:7268
- C:\Windows\System\LmNlxch.exe
  C:\Windows\System\LmNlxch.exe
  2⤵
  PID:8176
- C:\Windows\System\LMvoIpt.exe
  C:\Windows\System\LMvoIpt.exe
  2⤵
  PID:6408
- C:\Windows\System\GNbpOKq.exe
  C:\Windows\System\GNbpOKq.exe
  2⤵
  PID:4788
- C:\Windows\System\iNHMwsJ.exe
  C:\Windows\System\iNHMwsJ.exe
  2⤵
  PID:6932
- C:\Windows\System\EImukok.exe
  C:\Windows\System\EImukok.exe
  2⤵
  PID:7460
- C:\Windows\System\ZKvpNpd.exe
  C:\Windows\System\ZKvpNpd.exe
  2⤵
  PID:7508
- C:\Windows\System\fscQrIM.exe
  C:\Windows\System\fscQrIM.exe
  2⤵
  PID:7264
- C:\Windows\System\FAqVFMw.exe
  C:\Windows\System\FAqVFMw.exe
  2⤵
  PID:7284
- C:\Windows\System\myBtAwS.exe
  C:\Windows\System\myBtAwS.exe
  2⤵
  PID:7476
- C:\Windows\System\SMzSPCp.exe
  C:\Windows\System\SMzSPCp.exe
  2⤵
  PID:7648
- C:\Windows\System\lhOfwoj.exe
  C:\Windows\System\lhOfwoj.exe
  2⤵
  PID:7760
- C:\Windows\System\RDUxirg.exe
  C:\Windows\System\RDUxirg.exe
  2⤵
  PID:7680
- C:\Windows\System\IpXvzGO.exe
  C:\Windows\System\IpXvzGO.exe
  2⤵
  PID:7824
- C:\Windows\System\CpKSeoO.exe
  C:\Windows\System\CpKSeoO.exe
  2⤵
  PID:7876
- C:\Windows\System\JEWaFgh.exe
  C:\Windows\System\JEWaFgh.exe
  2⤵
  PID:7812
- C:\Windows\System\kUtrcbV.exe
  C:\Windows\System\kUtrcbV.exe
  2⤵
  PID:8020
- C:\Windows\System\iISDJPf.exe
  C:\Windows\System\iISDJPf.exe
  2⤵
  PID:8132
- C:\Windows\System\HTZWvnx.exe
  C:\Windows\System\HTZWvnx.exe
  2⤵
  PID:8164
- C:\Windows\System\xanzXwB.exe
  C:\Windows\System\xanzXwB.exe
  2⤵
  PID:8016
- C:\Windows\System\HyYXyNg.exe
  C:\Windows\System\HyYXyNg.exe
  2⤵
  PID:6316
- C:\Windows\System\HSxZXoh.exe
  C:\Windows\System\HSxZXoh.exe
  2⤵
  PID:6884
- C:\Windows\System\ivehDAk.exe
  C:\Windows\System\ivehDAk.exe
  2⤵
  PID:7396
- C:\Windows\System\gizmTWu.exe
  C:\Windows\System\gizmTWu.exe
  2⤵
  PID:7380
- C:\Windows\System\mESwyza.exe
  C:\Windows\System\mESwyza.exe
  2⤵
  PID:7212
- C:\Windows\System\ccLzTAz.exe
  C:\Windows\System\ccLzTAz.exe
  2⤵
  PID:7472
- C:\Windows\System\flLYoWB.exe
  C:\Windows\System\flLYoWB.exe
  2⤵
  PID:7728
- C:\Windows\System\whykwKz.exe
  C:\Windows\System\whykwKz.exe
  2⤵
  PID:8100
- C:\Windows\System\CwVvJnZ.exe
  C:\Windows\System\CwVvJnZ.exe
  2⤵
  PID:6428
- C:\Windows\System\FRVZdfg.exe
  C:\Windows\System\FRVZdfg.exe
  2⤵
  PID:7156
- C:\Windows\System\MecDdZe.exe
  C:\Windows\System\MecDdZe.exe
  2⤵
  PID:7360
- C:\Windows\System\ytCeGMw.exe
  C:\Windows\System\ytCeGMw.exe
  2⤵
  PID:7228
- C:\Windows\System\spWCzoW.exe
  C:\Windows\System\spWCzoW.exe
  2⤵
  PID:7940
- C:\Windows\System\sNQnmZD.exe
  C:\Windows\System\sNQnmZD.exe
  2⤵
  PID:7988
- C:\Windows\System\OmYQzbC.exe
  C:\Windows\System\OmYQzbC.exe
  2⤵
  PID:7584
- C:\Windows\System\KCIlHmX.exe
  C:\Windows\System\KCIlHmX.exe
  2⤵
  PID:8204
- C:\Windows\System\yDrMXAa.exe
  C:\Windows\System\yDrMXAa.exe
  2⤵
  PID:8220
- C:\Windows\System\weJMzuE.exe
  C:\Windows\System\weJMzuE.exe
  2⤵
  PID:8236
- C:\Windows\System\ETDPaBD.exe
  C:\Windows\System\ETDPaBD.exe
  2⤵
  PID:8252
- C:\Windows\System\gtWdobB.exe
  C:\Windows\System\gtWdobB.exe
  2⤵
  PID:8268
- C:\Windows\System\hBAQZHO.exe
  C:\Windows\System\hBAQZHO.exe
  2⤵
  PID:8284
- C:\Windows\System\iSTQjxe.exe
  C:\Windows\System\iSTQjxe.exe
  2⤵
  PID:8300
- C:\Windows\System\WxVEMjw.exe
  C:\Windows\System\WxVEMjw.exe
  2⤵
  PID:8316
- C:\Windows\System\FHSrviU.exe
  C:\Windows\System\FHSrviU.exe
  2⤵
  PID:8332
- C:\Windows\System\voENugJ.exe
  C:\Windows\System\voENugJ.exe
  2⤵
  PID:8348
- C:\Windows\System\IGgXkrP.exe
  C:\Windows\System\IGgXkrP.exe
  2⤵
  PID:8364
- C:\Windows\System\jxTsAZF.exe
  C:\Windows\System\jxTsAZF.exe
  2⤵
  PID:8380
- C:\Windows\System\eKLlqjf.exe
  C:\Windows\System\eKLlqjf.exe
  2⤵
  PID:8396
- C:\Windows\System\KzNPDVb.exe
  C:\Windows\System\KzNPDVb.exe
  2⤵
  PID:8412
- C:\Windows\System\dpWUbvN.exe
  C:\Windows\System\dpWUbvN.exe
  2⤵
  PID:8428
- C:\Windows\System\WMLcEdG.exe
  C:\Windows\System\WMLcEdG.exe
  2⤵
  PID:8444
- C:\Windows\System\kFOltSA.exe
  C:\Windows\System\kFOltSA.exe
  2⤵
  PID:8460
- C:\Windows\System\GBtbJfN.exe
  C:\Windows\System\GBtbJfN.exe
  2⤵
  PID:8476
- C:\Windows\System\GsBZLkb.exe
  C:\Windows\System\GsBZLkb.exe
  2⤵
  PID:8496
- C:\Windows\System\nPbSErv.exe
  C:\Windows\System\nPbSErv.exe
  2⤵
  PID:8512
- C:\Windows\System\TxDDjIu.exe
  C:\Windows\System\TxDDjIu.exe
  2⤵
  PID:8528
- C:\Windows\System\KlNeoxA.exe
  C:\Windows\System\KlNeoxA.exe
  2⤵
  PID:8544
- C:\Windows\System\qbmwTUW.exe
  C:\Windows\System\qbmwTUW.exe
  2⤵
  PID:8560
- C:\Windows\System\UNmGdPe.exe
  C:\Windows\System\UNmGdPe.exe
  2⤵
  PID:8576
- C:\Windows\System\mCEUMJd.exe
  C:\Windows\System\mCEUMJd.exe
  2⤵
  PID:8592
- C:\Windows\System\yzJBpYC.exe
  C:\Windows\System\yzJBpYC.exe
  2⤵
  PID:8608
- C:\Windows\System\FPyZMCB.exe
  C:\Windows\System\FPyZMCB.exe
  2⤵
  PID:8624
- C:\Windows\System\ZpksOWI.exe
  C:\Windows\System\ZpksOWI.exe
  2⤵
  PID:8640
- C:\Windows\System\jBVlizX.exe
  C:\Windows\System\jBVlizX.exe
  2⤵
  PID:8656
- C:\Windows\System\rgjACYq.exe
  C:\Windows\System\rgjACYq.exe
  2⤵
  PID:8676
- C:\Windows\System\wPzWLzF.exe
  C:\Windows\System\wPzWLzF.exe
  2⤵
  PID:8692
- C:\Windows\System\OzwNofR.exe
  C:\Windows\System\OzwNofR.exe
  2⤵
  PID:8708
- C:\Windows\System\VWlJiHY.exe
  C:\Windows\System\VWlJiHY.exe
  2⤵
  PID:8724
- C:\Windows\System\iLHAanw.exe
  C:\Windows\System\iLHAanw.exe
  2⤵
  PID:8740
- C:\Windows\System\bvtpldu.exe
  C:\Windows\System\bvtpldu.exe
  2⤵
  PID:8756
- C:\Windows\System\LPmIUFs.exe
  C:\Windows\System\LPmIUFs.exe
  2⤵
  PID:8772
- C:\Windows\System\eGWnGYh.exe
  C:\Windows\System\eGWnGYh.exe
  2⤵
  PID:8788
- C:\Windows\System\HSGdwKc.exe
  C:\Windows\System\HSGdwKc.exe
  2⤵
  PID:8804
- C:\Windows\System\iGbqAza.exe
  C:\Windows\System\iGbqAza.exe
  2⤵
  PID:8820
- C:\Windows\System\RgvoERY.exe
  C:\Windows\System\RgvoERY.exe
  2⤵
  PID:8836
- C:\Windows\System\XcvvpcZ.exe
  C:\Windows\System\XcvvpcZ.exe
  2⤵
  PID:8852
- C:\Windows\System\IVbUFfG.exe
  C:\Windows\System\IVbUFfG.exe
  2⤵
  PID:8868
- C:\Windows\System\TABdHPr.exe
  C:\Windows\System\TABdHPr.exe
  2⤵
  PID:8884
- C:\Windows\System\tAftozr.exe
  C:\Windows\System\tAftozr.exe
  2⤵
  PID:8900
- C:\Windows\System\VVziGHt.exe
  C:\Windows\System\VVziGHt.exe
  2⤵
  PID:8916
- C:\Windows\System\xmPPoeL.exe
  C:\Windows\System\xmPPoeL.exe
  2⤵
  PID:8932
- C:\Windows\System\AgjbejC.exe
  C:\Windows\System\AgjbejC.exe
  2⤵
  PID:8948
- C:\Windows\System\ooBxpVl.exe
  C:\Windows\System\ooBxpVl.exe
  2⤵
  PID:8964
- C:\Windows\System\DIFDnAY.exe
  C:\Windows\System\DIFDnAY.exe
  2⤵
  PID:8980
- C:\Windows\System\akcvXyb.exe
  C:\Windows\System\akcvXyb.exe
  2⤵
  PID:8996
- C:\Windows\System\vjruuGL.exe
  C:\Windows\System\vjruuGL.exe
  2⤵
  PID:9012
- C:\Windows\System\SHMbodr.exe
  C:\Windows\System\SHMbodr.exe
  2⤵
  PID:9028
- C:\Windows\System\BjUKYiH.exe
  C:\Windows\System\BjUKYiH.exe
  2⤵
  PID:9044
- C:\Windows\System\WORkLwF.exe
  C:\Windows\System\WORkLwF.exe
  2⤵
  PID:9060
- C:\Windows\System\FaifgTa.exe
  C:\Windows\System\FaifgTa.exe
  2⤵
  PID:9076
- C:\Windows\System\xHHkWrN.exe
  C:\Windows\System\xHHkWrN.exe
  2⤵
  PID:9092
- C:\Windows\System\lhIBppS.exe
  C:\Windows\System\lhIBppS.exe
  2⤵
  PID:9108
- C:\Windows\System\ztHZipW.exe
  C:\Windows\System\ztHZipW.exe
  2⤵
  PID:9124
- C:\Windows\System\JYRIGXw.exe
  C:\Windows\System\JYRIGXw.exe
  2⤵
  PID:9140
- C:\Windows\System\BRsWCDL.exe
  C:\Windows\System\BRsWCDL.exe
  2⤵
  PID:9156
- C:\Windows\System\EkspjAp.exe
  C:\Windows\System\EkspjAp.exe
  2⤵
  PID:9172
- C:\Windows\System\muBhVJS.exe
  C:\Windows\System\muBhVJS.exe
  2⤵
  PID:9188
- C:\Windows\System\qieZktE.exe
  C:\Windows\System\qieZktE.exe
  2⤵
  PID:9208
- C:\Windows\System\DKmzKPY.exe
  C:\Windows\System\DKmzKPY.exe
  2⤵
  PID:8196
- C:\Windows\System\FdJMgKx.exe
  C:\Windows\System\FdJMgKx.exe
  2⤵
  PID:7572
- C:\Windows\System\yMZCNxr.exe
  C:\Windows\System\yMZCNxr.exe
  2⤵
  PID:8216
- C:\Windows\System\pXRAXhY.exe
  C:\Windows\System\pXRAXhY.exe
  2⤵
  PID:8280
- C:\Windows\System\HsKWPBg.exe
  C:\Windows\System\HsKWPBg.exe
  2⤵
  PID:8376
- C:\Windows\System\NcQByVU.exe
  C:\Windows\System\NcQByVU.exe
  2⤵
  PID:8312
- C:\Windows\System\UCjHKZG.exe
  C:\Windows\System\UCjHKZG.exe
  2⤵
  PID:8360
- C:\Windows\System\tMrErDV.exe
  C:\Windows\System\tMrErDV.exe
  2⤵
  PID:8260
- C:\Windows\System\SYIdbPz.exe
  C:\Windows\System\SYIdbPz.exe
  2⤵
  PID:8292
- C:\Windows\System\zxTrDnm.exe
  C:\Windows\System\zxTrDnm.exe
  2⤵
  PID:8452
- C:\Windows\System\sifsnVQ.exe
  C:\Windows\System\sifsnVQ.exe
  2⤵
  PID:8468
- C:\Windows\System\TnVhwsA.exe
  C:\Windows\System\TnVhwsA.exe
  2⤵
  PID:8524
- C:\Windows\System\xeheePF.exe
  C:\Windows\System\xeheePF.exe
  2⤵
  PID:8508
- C:\Windows\System\atXxtSX.exe
  C:\Windows\System\atXxtSX.exe
  2⤵
  PID:8584
- C:\Windows\System\xCojfSq.exe
  C:\Windows\System\xCojfSq.exe
  2⤵
  PID:8604
- C:\Windows\System\phiwTkK.exe
  C:\Windows\System\phiwTkK.exe
  2⤵
  PID:8616
- C:\Windows\System\ByMUSdY.exe
  C:\Windows\System\ByMUSdY.exe
  2⤵
  PID:8668
- C:\Windows\System\WUOUppZ.exe
  C:\Windows\System\WUOUppZ.exe
  2⤵
  PID:8704
- C:\Windows\System\YxTuvbT.exe
  C:\Windows\System\YxTuvbT.exe
  2⤵
  PID:8768
- C:\Windows\System\KuYfyDr.exe
  C:\Windows\System\KuYfyDr.exe
  2⤵
  PID:8832
- C:\Windows\System\IIZYfNf.exe
  C:\Windows\System\IIZYfNf.exe
  2⤵
  PID:8748
- C:\Windows\System\CWVVsWd.exe
  C:\Windows\System\CWVVsWd.exe
  2⤵
  PID:8780
- C:\Windows\System\RnqCDmD.exe
  C:\Windows\System\RnqCDmD.exe
  2⤵
  PID:8844
- C:\Windows\System\afATNnr.exe
  C:\Windows\System\afATNnr.exe
  2⤵
  PID:8912
- C:\Windows\System\qCtOfYd.exe
  C:\Windows\System\qCtOfYd.exe
  2⤵
  PID:8976
- C:\Windows\System\FWOuMWB.exe
  C:\Windows\System\FWOuMWB.exe
  2⤵
  PID:8864
- C:\Windows\System\wJXPgvk.exe
  C:\Windows\System\wJXPgvk.exe
  2⤵
  PID:8848
- C:\Windows\System\iVtfeiF.exe
  C:\Windows\System\iVtfeiF.exe
  2⤵
  PID:8956
- C:\Windows\System\OSWuvng.exe
  C:\Windows\System\OSWuvng.exe
  2⤵
  PID:9024
- C:\Windows\System\yOpkMrB.exe
  C:\Windows\System\yOpkMrB.exe
  2⤵
  PID:9136
- C:\Windows\System\XiXsPLz.exe
  C:\Windows\System\XiXsPLz.exe
  2⤵
  PID:9204
- C:\Windows\System\TQBUDwn.exe
  C:\Windows\System\TQBUDwn.exe
  2⤵
  PID:9120
- C:\Windows\System\dtLOeBR.exe
  C:\Windows\System\dtLOeBR.exe
  2⤵
  PID:9184
- C:\Windows\System\zLXCouk.exe
  C:\Windows\System\zLXCouk.exe
  2⤵
  PID:7664
- C:\Windows\System\yVDudbU.exe
  C:\Windows\System\yVDudbU.exe
  2⤵
  PID:8244
- C:\Windows\System\GNCfZCQ.exe
  C:\Windows\System\GNCfZCQ.exe
  2⤵
  PID:8036
- C:\Windows\System\EwlzkjO.exe
  C:\Windows\System\EwlzkjO.exe
  2⤵
  PID:8356
- C:\Windows\System\FDZQjNm.exe
  C:\Windows\System\FDZQjNm.exe
  2⤵
  PID:8420
- C:\Windows\System\OHwTugP.exe
  C:\Windows\System\OHwTugP.exe
  2⤵
  PID:8440
- C:\Windows\System\luFllkM.exe
  C:\Windows\System\luFllkM.exe
  2⤵
  PID:8540
- C:\Windows\System\ZCAwhNC.exe
  C:\Windows\System\ZCAwhNC.exe
  2⤵
  PID:8588
- C:\Windows\System\zrLsnmY.exe
  C:\Windows\System\zrLsnmY.exe
  2⤵
  PID:8700
- C:\Windows\System\uwSkAtq.exe
  C:\Windows\System\uwSkAtq.exe
  2⤵
  PID:8892
- C:\Windows\System\WhIrJts.exe
  C:\Windows\System\WhIrJts.exe
  2⤵
  PID:8716
- C:\Windows\System\XontSNG.exe
  C:\Windows\System\XontSNG.exe
  2⤵
  PID:8880
- C:\Windows\System\JDWFaCx.exe
  C:\Windows\System\JDWFaCx.exe
  2⤵
  PID:9008
- C:\Windows\System\maqRneQ.exe
  C:\Windows\System\maqRneQ.exe
  2⤵
  PID:8928
- C:\Windows\System\VEAgMSI.exe
  C:\Windows\System\VEAgMSI.exe
  2⤵
  PID:8992
- C:\Windows\System\iHAHybJ.exe
  C:\Windows\System\iHAHybJ.exe
  2⤵
  PID:9148
- C:\Windows\System\wJLFjmE.exe
  C:\Windows\System\wJLFjmE.exe
  2⤵
  PID:8000
- C:\Windows\System\YaQxpOv.exe
  C:\Windows\System\YaQxpOv.exe
  2⤵
  PID:8404
- C:\Windows\System\tuPawrh.exe
  C:\Windows\System\tuPawrh.exe
  2⤵
  PID:8344
- C:\Windows\System\VUauqgs.exe
  C:\Windows\System\VUauqgs.exe
  2⤵
  PID:8520
- C:\Windows\System\TlSmnnw.exe
  C:\Windows\System\TlSmnnw.exe
  2⤵
  PID:8556
- C:\Windows\System\dnNIvWb.exe
  C:\Windows\System\dnNIvWb.exe
  2⤵
  PID:8800
- C:\Windows\System\oEqoClG.exe
  C:\Windows\System\oEqoClG.exe
  2⤵
  PID:8944
- C:\Windows\System\UEcAWUM.exe
  C:\Windows\System\UEcAWUM.exe
  2⤵
  PID:8816
- C:\Windows\System\JxuoXHm.exe
  C:\Windows\System\JxuoXHm.exe
  2⤵
  PID:9180
- C:\Windows\System\qTBAAxt.exe
  C:\Windows\System\qTBAAxt.exe
  2⤵
  PID:8340
- C:\Windows\System\GpXmKbY.exe
  C:\Windows\System\GpXmKbY.exe
  2⤵
  PID:9052
- C:\Windows\System\apZPEnS.exe
  C:\Windows\System\apZPEnS.exe
  2⤵
  PID:8296
- C:\Windows\System\IxPrDAa.exe
  C:\Windows\System\IxPrDAa.exe
  2⤵
  PID:8988
- C:\Windows\System\HVhjYuV.exe
  C:\Windows\System\HVhjYuV.exe
  2⤵
  PID:9196
- C:\Windows\System\XbXXxnH.exe
  C:\Windows\System\XbXXxnH.exe
  2⤵
  PID:8324
- C:\Windows\System\tICxcrJ.exe
  C:\Windows\System\tICxcrJ.exe
  2⤵
  PID:9164
- C:\Windows\System\jEhkKcP.exe
  C:\Windows\System\jEhkKcP.exe
  2⤵
  PID:8812
- C:\Windows\System\lIGmARm.exe
  C:\Windows\System\lIGmARm.exe
  2⤵
  PID:9232
- C:\Windows\System\DZugGEs.exe
  C:\Windows\System\DZugGEs.exe
  2⤵
  PID:9248
- C:\Windows\System\SmJrJMq.exe
  C:\Windows\System\SmJrJMq.exe
  2⤵
  PID:9264
- C:\Windows\System\buNYmTO.exe
  C:\Windows\System\buNYmTO.exe
  2⤵
  PID:9280
- C:\Windows\System\bJMBhfx.exe
  C:\Windows\System\bJMBhfx.exe
  2⤵
  PID:9300
- C:\Windows\System\DGqaMDO.exe
  C:\Windows\System\DGqaMDO.exe
  2⤵
  PID:9316
- C:\Windows\System\yRkJJrx.exe
  C:\Windows\System\yRkJJrx.exe
  2⤵
  PID:9332
- C:\Windows\System\hsYJzXO.exe
  C:\Windows\System\hsYJzXO.exe
  2⤵
  PID:9348
- C:\Windows\System\DpaIpEY.exe
  C:\Windows\System\DpaIpEY.exe
  2⤵
  PID:9364
- C:\Windows\System\DbfKEul.exe
  C:\Windows\System\DbfKEul.exe
  2⤵
  PID:9384
- C:\Windows\System\ekPIMIS.exe
  C:\Windows\System\ekPIMIS.exe
  2⤵
  PID:9404
- C:\Windows\System\TipzOpT.exe
  C:\Windows\System\TipzOpT.exe
  2⤵
  PID:9420
- C:\Windows\System\FaoHVEJ.exe
  C:\Windows\System\FaoHVEJ.exe
  2⤵
  PID:9860
- C:\Windows\System\vubaOoY.exe
  C:\Windows\System\vubaOoY.exe
  2⤵
  PID:992
- C:\Windows\System\eqzMemK.exe
  C:\Windows\System\eqzMemK.exe
  2⤵
  PID:9412
- C:\Windows\System\qTakuOx.exe
  C:\Windows\System\qTakuOx.exe
  2⤵
  PID:9436
- C:\Windows\System\mmYiVJf.exe
  C:\Windows\System\mmYiVJf.exe
  2⤵
  PID:9452
- C:\Windows\System\tSFlMiG.exe
  C:\Windows\System\tSFlMiG.exe
  2⤵
  PID:9472
- C:\Windows\System\UEDEPad.exe
  C:\Windows\System\UEDEPad.exe
  2⤵
  PID:9492
- C:\Windows\System\iKAWDND.exe
  C:\Windows\System\iKAWDND.exe
  2⤵
  PID:9312
- C:\Windows\System\CTxFELx.exe
  C:\Windows\System\CTxFELx.exe
  2⤵
  PID:9808
- C:\Windows\System\dPBLLbf.exe
  C:\Windows\System\dPBLLbf.exe
  2⤵
  PID:9872
- C:\Windows\System\pBJZUNV.exe
  C:\Windows\System\pBJZUNV.exe
  2⤵
  PID:9900
- C:\Windows\System\SWvhIlG.exe
  C:\Windows\System\SWvhIlG.exe
  2⤵
  PID:9224
- C:\Windows\System\daFLQUs.exe
  C:\Windows\System\daFLQUs.exe
  2⤵
  PID:9372
- C:\Windows\System\nNihjvR.exe
  C:\Windows\System\nNihjvR.exe
  2⤵
  PID:9464
- C:\Windows\System\dUwRVqq.exe
  C:\Windows\System\dUwRVqq.exe
  2⤵
  PID:9712
- C:\Windows\System\yKvZZfW.exe
  C:\Windows\System\yKvZZfW.exe
  2⤵
  PID:9524
- C:\Windows\System\DvswyDw.exe
  C:\Windows\System\DvswyDw.exe
  2⤵
  PID:9556
- C:\Windows\System\lKCLHkf.exe
  C:\Windows\System\lKCLHkf.exe
  2⤵
  PID:10076
- C:\Windows\System\CsXxTIF.exe
  C:\Windows\System\CsXxTIF.exe
  2⤵
  PID:9908
- C:\Windows\System\QVFNuza.exe
  C:\Windows\System\QVFNuza.exe
  2⤵
  PID:10120
- C:\Windows\System\UQOcICu.exe
  C:\Windows\System\UQOcICu.exe
  2⤵
  PID:10136
- C:\Windows\System\OlUIDEV.exe
  C:\Windows\System\OlUIDEV.exe
  2⤵
  PID:10168
- C:\Windows\System\AhDAoWM.exe
  C:\Windows\System\AhDAoWM.exe
  2⤵
  PID:10188
- C:\Windows\System\imOlrRe.exe
  C:\Windows\System\imOlrRe.exe
  2⤵
  PID:10204
- C:\Windows\System\mtQNrbn.exe
  C:\Windows\System\mtQNrbn.exe
  2⤵
  PID:10104
- C:\Windows\System\SeKRqvk.exe
  C:\Windows\System\SeKRqvk.exe
  2⤵
  PID:8636
- C:\Windows\System\xdTMDtd.exe
  C:\Windows\System\xdTMDtd.exe
  2⤵
  PID:9272
- C:\Windows\System\yikLCyA.exe
  C:\Windows\System\yikLCyA.exe
  2⤵
  PID:9432
- C:\Windows\System\vSlZwuv.exe
  C:\Windows\System\vSlZwuv.exe
  2⤵
  PID:9256
- C:\Windows\System\SjVrlCR.exe
  C:\Windows\System\SjVrlCR.exe
  2⤵
  PID:9260
- C:\Windows\System\DPnCBgO.exe
  C:\Windows\System\DPnCBgO.exe
  2⤵
  PID:9496
- C:\Windows\System\KPrrVRR.exe
  C:\Windows\System\KPrrVRR.exe
  2⤵
  PID:9460
- C:\Windows\System\xwbvNNZ.exe
  C:\Windows\System\xwbvNNZ.exe
  2⤵
  PID:9480
- C:\Windows\System\xZcbeTr.exe
  C:\Windows\System\xZcbeTr.exe
  2⤵
  PID:9600
- C:\Windows\System\ovTgxJg.exe
  C:\Windows\System\ovTgxJg.exe
  2⤵
  PID:9540
- C:\Windows\System\HOZIxZm.exe
  C:\Windows\System\HOZIxZm.exe
  2⤵
  PID:9548
- C:\Windows\System\JpPPTPO.exe
  C:\Windows\System\JpPPTPO.exe
  2⤵
  PID:9576
- C:\Windows\System\XPBpZUm.exe
  C:\Windows\System\XPBpZUm.exe
  2⤵
  PID:9632
- C:\Windows\System\KUQKUeG.exe
  C:\Windows\System\KUQKUeG.exe
  2⤵
  PID:9652
- C:\Windows\System\llLYWnQ.exe
  C:\Windows\System\llLYWnQ.exe
  2⤵
  PID:9676
- C:\Windows\System\mmnrBDt.exe
  C:\Windows\System\mmnrBDt.exe
  2⤵
  PID:9668
- C:\Windows\System\lWNrlNA.exe
  C:\Windows\System\lWNrlNA.exe
  2⤵
  PID:9724
- C:\Windows\System\rWEnMVf.exe
  C:\Windows\System\rWEnMVf.exe
  2⤵
  PID:9744
- C:\Windows\System\zVDUWvA.exe
  C:\Windows\System\zVDUWvA.exe
  2⤵
  PID:9772
- C:\Windows\System\ZQnIyPW.exe
  C:\Windows\System\ZQnIyPW.exe
  2⤵
  PID:9768
- C:\Windows\System\gNefwsL.exe
  C:\Windows\System\gNefwsL.exe
  2⤵
  PID:9836
- C:\Windows\System\loEgKpf.exe
  C:\Windows\System\loEgKpf.exe
  2⤵
  PID:9896
- C:\Windows\System\MHEEJxX.exe
  C:\Windows\System\MHEEJxX.exe
  2⤵
  PID:9852
- C:\Windows\System\yLogbYA.exe
  C:\Windows\System\yLogbYA.exe
  2⤵
  PID:9840
- C:\Windows\System\iMxjcDz.exe
  C:\Windows\System\iMxjcDz.exe
  2⤵
  PID:10000
- C:\Windows\System\UMzKwfj.exe
  C:\Windows\System\UMzKwfj.exe
  2⤵
  PID:9956
- C:\Windows\System\LkQxEEA.exe
  C:\Windows\System\LkQxEEA.exe
  2⤵
  PID:9944
- C:\Windows\System\uMIjkDX.exe
  C:\Windows\System\uMIjkDX.exe
  2⤵
  PID:9984
- C:\Windows\System\pepvnYT.exe
  C:\Windows\System\pepvnYT.exe
  2⤵
  PID:9992
- C:\Windows\System\njwUQtJ.exe
  C:\Windows\System\njwUQtJ.exe
  2⤵
  PID:10040
- C:\Windows\System\JOeWhic.exe
  C:\Windows\System\JOeWhic.exe
  2⤵
  PID:10064
- C:\Windows\System\jySXXWI.exe
  C:\Windows\System\jySXXWI.exe
  2⤵
  PID:10080
- C:\Windows\System\TVBoiNo.exe
  C:\Windows\System\TVBoiNo.exe
  2⤵
  PID:9356
- C:\Windows\System\msiFtbo.exe
  C:\Windows\System\msiFtbo.exe
  2⤵
  PID:10116
- C:\Windows\System\VkEcown.exe
  C:\Windows\System\VkEcown.exe
  2⤵
  PID:10164
- C:\Windows\System\tIEVjiW.exe
  C:\Windows\System\tIEVjiW.exe
  2⤵
  PID:10200
- C:\Windows\System\MpfaOXl.exe
  C:\Windows\System\MpfaOXl.exe
  2⤵
  PID:8652
- C:\Windows\System\uGZIYiR.exe
  C:\Windows\System\uGZIYiR.exe
  2⤵
  PID:9360
- C:\Windows\System\USEFaZP.exe
  C:\Windows\System\USEFaZP.exe
  2⤵
  PID:9324
- C:\Windows\System\aFZvyhA.exe
  C:\Windows\System\aFZvyhA.exe
  2⤵
  PID:9508
- C:\Windows\System\gObBPqM.exe
  C:\Windows\System\gObBPqM.exe
  2⤵
  PID:9596
- C:\Windows\System\yAwrgqX.exe
  C:\Windows\System\yAwrgqX.exe
  2⤵
  PID:9636
- C:\Windows\System\RmlVLVa.exe
  C:\Windows\System\RmlVLVa.exe
  2⤵
  PID:9644
- C:\Windows\System\mmVYAiU.exe
  C:\Windows\System\mmVYAiU.exe
  2⤵
  PID:9688
- C:\Windows\System\ClbxUBh.exe
  C:\Windows\System\ClbxUBh.exe
  2⤵
  PID:9748
- C:\Windows\System\vAAkYQU.exe
  C:\Windows\System\vAAkYQU.exe
  2⤵
  PID:9816
- C:\Windows\System\fnmGsLN.exe
  C:\Windows\System\fnmGsLN.exe
  2⤵
  PID:9784
- C:\Windows\System\LASUApv.exe
  C:\Windows\System\LASUApv.exe
  2⤵
  PID:9812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtpwKfA.exe

Filesize
6.0MB

MD5
d2cbc106ead0737f16a7083ef1dbe18e

SHA1
9aa35484532f955a55706d25a71779e36398fba3

SHA256
47f64e5fbb64b0dead5c34b878349df18d052918457dc00f2e0babfec872ae75

SHA512
5d8f911917cf2a4e77ded04e6ad009d9bb05e5cf8cea624f4d5a0ca4d761ab5c3ee8b20ca8fd1973e0d05a2681abb03f56c4e984151673c06542a05251edf632

Download Submit
C:\Windows\system\CpAAHyM.exe

Filesize
6.0MB

MD5
6c2f54fcaa93069fe6ec5912a46ef023

SHA1
ae305369e34e01202ad38c412639a8371a5f13f7

SHA256
5fb30dfa1c0fd1cbcdf01553fa71674a94c2db3a8efcf34e3ff9cfd7c46191be

SHA512
298ada401835e843b343e79b3bf922b49ed4f04f5ff0afe31d1765e202fa4bd63f2a46d1c7d95d536cbb4acd16253160ff698d4cb63d3865adc1be38e1e80ce1

Download Submit
C:\Windows\system\HWNCiqr.exe

Filesize
6.0MB

MD5
0081812837bb42a37e3bc9e554bfdf4d

SHA1
47de6e5b5702cfe22c3d2434056b649707840bd7

SHA256
ec4d9a24fda54fdef183409ae6379c6bfbb6b8bf98bae818c44253c88d104fac

SHA512
ef4064e6763aab0e90a34cd5211e54e0a3386d66c4cf2fd27f32f33630a0420c3fa6e6763bfe6372e0f0e45a2d196766991d5186f3bb41cf67ff76747feb9503

Download Submit
C:\Windows\system\JjzHAUA.exe

Filesize
6.0MB

MD5
47d2626a5dd3c9afc5a843faf8746793

SHA1
28129a2238003dbcfd716ea017a38b84605fe835

SHA256
b33554b2d5fcb0d3832917be80558df321c8aab50beb5e7e945019ed2f1e2778

SHA512
00330e4609a2283406362b68956cade8aef79809f22d2d23a19e1fd1ab79c18a7162ae1434396bc4b9d0dbfd6a6b261e6927036994c997b85f3b19fbfe8e87b8

Download Submit
C:\Windows\system\JsnOpDy.exe

Filesize
6.0MB

MD5
94352b2bb81c71e23da9c31ba64f25e0

SHA1
9a13fb0580099a8797c7da10dbfb50d10662600f

SHA256
39838598a6bb21e6d8b05b5df4bd0127c3ee5f6733e2e432f1be8b46ebdef6fa

SHA512
22383d1ae61b34973f1fe809457d099e18ee6a19594c2f8986ff3af96ea54f16c005d53d185f0e592972c332151bd82a87db60666665fabccf5b75d7dd966bdf

Download Submit
C:\Windows\system\OVTVJtP.exe

Filesize
6.0MB

MD5
e02ce8a7ba3d32b891a68a2ea4faaeba

SHA1
00573d98fa2677f18304ec50c14268222ae5be10

SHA256
a66c19125e9eb6820e0444210c043700c39c2c7b9fb5df883724e93b8ef9b2d1

SHA512
58d3e7c3497e42d279124b776930ad4ef470540b138cdd4f9f9a5e1804b1345092c3c8634255ac01e8ca1858191f02a6a78f6f30fc9d373107ef7254b50b3ee6

Download Submit
C:\Windows\system\QVfSnqh.exe

Filesize
6.0MB

MD5
fc4a7cef7f1fad89ba118a7cf711ce28

SHA1
d812eba7dc17737ac2073cf85ce8f624370d6be4

SHA256
e6ec89b1981178daddce26b10f3e28b9cce8d150c3d60e659c1dc8dd78192f4b

SHA512
d61fc7835159a50467a6caad4e4eb9ceda5852131fba6ee3d5fa0050b5a1dd614ca24a05c01edede2dc0eaa093fdf1d98b2d2572f1c0e28843ff65a7102f0261

Download Submit
C:\Windows\system\QkSZkkp.exe

Filesize
6.0MB

MD5
acb27975c309c111e692d8e262a1f023

SHA1
5513806897744eca37aff92d341afe9b8a0122b4

SHA256
77a0fbf44a08ccbad862a73026c5573264e5d3d31908b1757930e9334558bbb0

SHA512
489453f648511b824246ebd17e372df4b458fdf3c941ceec2c8c0f1ca2e76f12b599e8d3335ff5728da3f9099e039597960df6ecbcd94029530a22a28470535d

Download Submit
C:\Windows\system\RczAGOf.exe

Filesize
6.0MB

MD5
39e6814dce456225d56288c27f3a770b

SHA1
e7c45c612c73bbc81ab86cb3935b42a23b927de2

SHA256
475410157c6fdb6a37c11147969cd40116436a15adb41f65845c47f9e82c1e9e

SHA512
ef410d38029154cd1d1536c388bf0a2b1210e9fd521e4a69ff82ed0684b33a59203ef852719ab7776c61391d7890d9128261d508a66b2bcbcf7abbed1d51358b

Download Submit
C:\Windows\system\Vksfzjw.exe

Filesize
6.0MB

MD5
2b8aa3dfc0473f2d63dd6d117717f7d5

SHA1
45008bf1af1d28fed9306392d95a189daf4580ce

SHA256
44a6b3ec903c9cbd66fb21fc31857de8218a6e3bff1e9df103feced2281be250

SHA512
7a59b1cc9f0a574774bd7641fc6e34f10eb2fc7bbdb97728f798833665570b4ea36bc272e45778fe895240c2a288e51e42818027d3d27b7c5e7162eb87e9b0e8

Download Submit
C:\Windows\system\WXfDdcs.exe

Filesize
6.0MB

MD5
969789276734fd44a0d1ed969efed24c

SHA1
1bbdaff985983076d108f67c1ab6b763956f5a79

SHA256
b9644c173e79302931a9ed40c8fb1356743a92248835a4703fa8b25148ddc38a

SHA512
629ddb459a4f3800b800f3e05261c6b65756dbda59fb8d5244165b433a732ab343ed0f027b14885cb9cdbde58be5366f7f2b647a41caca1f07c70bc4d72ac95c

Download Submit
C:\Windows\system\WnQhOBz.exe

Filesize
6.0MB

MD5
e6d1e31f385d9474b26e47ba9b8a52a0

SHA1
e9941452ccb744cf17181f039c8776e28381e922

SHA256
3d1b3443a62107d5b53f293ff16be4a0eaf296e57ddbc47e566fe96b6bb95fb3

SHA512
e3d99e2db97e8f7c23bbf288b9e9151281f5fed2378118eeb3609be1498bbeff53bf66a8bed6e9cc0aca862057ce0351afd2f46cd57b000b9ec1689d573f91db

Download Submit
C:\Windows\system\YjKBmPa.exe

Filesize
6.0MB

MD5
2e67c9226e5379d64a3116dee84f02d8

SHA1
fa0f0446cb6da6a22bf2b2c3dcc3a91f3685bb00

SHA256
d957adac56415f5e5dc20f06c75b6d0adfc686d9b1e36808925ce592e24266f2

SHA512
ed5be6f6fec2b58ecdae3df7b513c15ac760cd90eb0d625f8e3384547c83f578fefc1a962ba37d085853c36cdd1a17b301ce1da483a67e82b437785f9e904267

Download Submit
C:\Windows\system\dLLTCmZ.exe

Filesize
6.0MB

MD5
edd091210c60e156cf1a85b7f58a67a6

SHA1
a3f16a5639e335b9e17fa3c970fee61000f1c352

SHA256
1f625989c736103fe3137565f5b6c1d4bb2193313a25244b60dcac5b0fe299fa

SHA512
3e6c8f5b60489547e12035ff993e92a4378007c7954512f4e6f89933b947641ccfd8a8fe0fbd036476e1424cd374b312db37857f4914ac119f739ac35cc0a5ba

Download Submit
C:\Windows\system\dVxbfNk.exe

Filesize
6.0MB

MD5
1863efb41417fd05643b9b332e91cb5f

SHA1
018fa514f4abd543fc6adbb00d4fef6ee1488630

SHA256
057335f53dcb6c2bdf27a0e296b4ad2f2e769a0c9807848e584fb8217b0529b4

SHA512
cc64e92756682357293d858303721c2743ee3362e33ce42366af608274d75e1721d5faaf845f1afe678a74a80f5159e4b9393dfda412e3ebf882d1abf4b1cda2

Download Submit
C:\Windows\system\kNobDQf.exe

Filesize
6.0MB

MD5
4ae5529fd1fa112d69ca5b3a0f568b77

SHA1
dbcfa12dbf1af98ded4e20b0a889b65be395f0ae

SHA256
70475df24c6723cf80f078013c72dc425a1435acb517b82e7a4e8376eea97811

SHA512
7d878fe7da7bc2d8f811be4ac91a4aff6ebd94437df7cd8a2f44843f393203346597ebffc3d128bfc2e8dd0c8932a1496cfa1904bbdbdc50c0a8075ad2649da4

Download Submit
C:\Windows\system\mjhIEit.exe

Filesize
6.0MB

MD5
bb8b81feca84f7f7e97830279b8d18d7

SHA1
1ca2f36b2b200aa823c2a2c81e8f4efac6106d9f

SHA256
041ac7091133724656c25098ddb6cddecdbae7a8abae4da42dd1c22976407c9f

SHA512
4496177350173cdd575f3c8709b197bbc40a37f936b75c71ba29cd58cf54161e8b2fa2590b3a8e23e47fb94a859ccb59f48c5bf0931132fdf59b860ea6f5ff9c

Download Submit
C:\Windows\system\nXYguRI.exe

Filesize
6.0MB

MD5
41c2780728249b0f1c9a7d2a7c8116ac

SHA1
445ed469dcd1db960ddf9687344d1ca2037e0bdb

SHA256
78bc3bd575bb2ff733d3aaeebe1acdbfab4f6189a25e3ef5165d99a7b6e6756c

SHA512
1b298196ac9b2767aa00a8ac2debcc3dccbaa65c39828b3a002f7cde17189e271bc377c2401232e9ed08e0daf0780be55682b270bf16effd1d950dc780d30090

Download Submit
C:\Windows\system\oKGozbN.exe

Filesize
6.0MB

MD5
368dc7f195f6309bb2248dc89fc47ec5

SHA1
cc49b66e6d40ed4e3088547f6ed38248d5970761

SHA256
f3265947b8c79ccc3e84a2cadb64d9a9c73a954532a6094169eec10a886aa8ee

SHA512
0660975de8c9753a4ce8edf162a5c1fd72c1c8ccccdd6fc95c3e311079db2047d5364bf23f179f508c8d40b1d9dd29a17300ed214df352e041fa80f24e1e3518

Download Submit
C:\Windows\system\qrIWQzZ.exe

Filesize
6.0MB

MD5
6d732cc2cd4bdd05e39ed31ab0553790

SHA1
2dbd88aa51e8d0b30c5bcc7cd3f3577c53157f43

SHA256
b75b5e3ce0b3f517a4345184c374ea629b7f224641db6e53f531bd2b93ba57ed

SHA512
bede0a5c153926af7219b8197d5f55be7c963c99dbf6c3609af00a400fcf4aa231500c0e40919f32c10e850076ea6d621dc1543ddd647071f85b90392d52d46c

Download Submit
C:\Windows\system\riPWJlj.exe

Filesize
6.0MB

MD5
99cf72433d8baf12c88b1c63f4e29e3d

SHA1
ea67dbc3aa5cabf83c4732ef599f7649e9dec589

SHA256
2b1d55d7721d724e4bf3589459198d1a68ca80b1fb0d0452edbe29e6089e7bc2

SHA512
52fc9e328169e6fbb3b66f33436e33cd48d9317f20bcaab9442fa8b66ecbc90c2ebdac0ee024df3f3d206b7a01a4d3a96661b58abe7d134dc5712351ecb3d1f9

Download Submit
C:\Windows\system\vOjhLBV.exe

Filesize
6.0MB

MD5
afedf1b860fdf88d3efbd0adcb85d504

SHA1
5b3dd5d5a2d0702e9151744fe9ddcf2302fd528b

SHA256
d84b4d6f90515bf425abc661af666fa9f9cb68ff2109f953b734085bd292966e

SHA512
d6bc9ffdc8a12982d3c5ec43279de9a0b30493b84ab3cdce8de547f0cb6acd3775be331b9a6ff731671de61a62ed02ff8403735c6d96b581b9c7b2a37158590d

Download Submit
C:\Windows\system\yOkUuCk.exe

Filesize
6.0MB

MD5
c97855d129b03cda3a94f8cf42b2c14f

SHA1
b1ef6aee6be5bc2ab4f0c03db7fbeb8c4ea89966

SHA256
9884fbba218386d57af4629884f7d3dc38263c43d8f80e48ab4e97c1e4053425

SHA512
916f71b2c2c4c8d57dfc2282e0e75e2d87cd6590b648cc5a3c85aebe721d17ab355d5a2888efbbb72f0fe7fe3f3dcb591086359d0baea2cb6ed0619e18e76062

Download Submit
\Windows\system\Jsuzacq.exe

Filesize
6.0MB

MD5
48dd059e7737cb8db827af5b1d693f81

SHA1
e85a687d341333eb2a9cb16b4d46d1e843ea34df

SHA256
5401295dfacf07b625cdbb2626d9b0c64859dfedb2d67b2b15fb7fa90adfb987

SHA512
8a0570d872e7643ec6a759673094c0020f0c2d4050a764e2b10448b1c8d84caf754e21346d239c3fe12067f6eaf6b8a591c89fa0b81465c035d1ba42bdf39d44

Download Submit
\Windows\system\VqdTbfH.exe

Filesize
6.0MB

MD5
e8b24b891c785b8df6cce98b4191e5a1

SHA1
8ba12b9f6da620f9a7ce68d4b2fd514679689acd

SHA256
bcfd115100d3a7ab7fd666d63ed781595a18c72a25c82a59ad674cb534f0be8d

SHA512
486e4e6d87a8d8402aa73614679507442c1e519292da6d3a96bd3def10f5e6437d4be6d332811d09b72bcf0e09f46b7dafc7481908c6ac074997329037c6fd1c

Download Submit
\Windows\system\WHpiHeD.exe

Filesize
6.0MB

MD5
d1b2dbb45fd68ad0fe9bf9c39358bad9

SHA1
9a7167ac119d0d25940547acad317387de17f595

SHA256
a0f73ba73b561b0c1eee97fe39ad584f7bbc2dc11911524dffa0e1a2a8025726

SHA512
41cd5dee9080045576f93b4b20986d6ea66277c543ab65f8eb1301b426e6b7365bfe04b19d43cc431fec35b775465a3409931ea1af2ad0cdd8e1e15e6d3bf17d

Download Submit
\Windows\system\gNJoEHw.exe

Filesize
6.0MB

MD5
0c434298706d717767ae8eb5709580a6

SHA1
2f1b1dfa4285c70d2d708f773a971e06db5479ee

SHA256
6ce1cf47e20955cebd8089c2e36620e334b07818a704070b61daf324cd2efbea

SHA512
0b4c4b9ba30f6aa7e5a50dbf8cc88325084d4de88570b05b352d711dcb86842cf9dd35d40edd16e42a96b9132589ef0fc6e175514d6cf8daed028fa31132493a

Download Submit
\Windows\system\gQiKcDF.exe

Filesize
6.0MB

MD5
1aa9897ab4f032d411b0480e01d738b9

SHA1
ca44721727f57737c1c26f17e332d82add5fe97f

SHA256
f3913002501d007a8a0e44e0dba9ceeadd854881fdb110c4c3ea3694d6e2616a

SHA512
2996abe7f3b181bdfc691cacfea5eea5807a8e63120888bc003686ff9db98f3e6583ad7e9220d0298b5dcf6d4ef69fbdf07c9eab45e935e8f9c615f9f2607344

Download Submit
\Windows\system\grsaEXD.exe

Filesize
6.0MB

MD5
8b2e2649afd685dbc7051bbe5e046e9b

SHA1
9ec8a5e818294fdcb60629e8340aada68a8d66ce

SHA256
f17493c01fe6cef80fe29a4176fa83e4c6cccd4ec57924d674c0d3fedf832279

SHA512
38380a2763cc6d4fd3eae21ea415fb8c5f5449979b480f944e28d728bf43c920a990bff394c47d345e34fd2fcc815af29843c059824e88bc5e938ab33dcd7597

Download Submit
\Windows\system\tdxOWKF.exe

Filesize
6.0MB

MD5
5d31cb90e7a5c90134a297a3ae728aab

SHA1
67b7372447eaaa015c990a5102220cbda8e55bfe

SHA256
51ee994091eeddff5250acf0794f81afc562bae0f642255eb1749883746da8af

SHA512
74108d246612b6c37f6d24fb26212aba76443de3c827f89aa8f570f39bdc91b06bef785e4308177c533b5deac52ad0eb06625796aa989bd899a656a6415c2de0

Download Submit
\Windows\system\wfFLLPM.exe

Filesize
6.0MB

MD5
0472199be748cdbf611289a2dd339119

SHA1
77a1cacf33611b50fb60e993cb663df8377106fc

SHA256
0d90f0b247ddb9628161478cf0d56850d6ef7dd1bdfa1e6cea2bea827f49e555

SHA512
f0d301c5bc2889b4065e3a560bc311475781d24cd1dd747da74d1b72340964be5465cf73b9dacba8c6ac8550397e7b940ea83b907e473c28bdfb49cf161f9c97

Download Submit
\Windows\system\xIznhyJ.exe

Filesize
6.0MB

MD5
a12e5e47bd35aad34fe11867b2e94e68

SHA1
6a8dd76fc0a5e3ff2fe20c47e6e57ed6ec260fdd

SHA256
2057a4de24558e8250e4b4bb1bda5d2e10e61bc8e81116a03912c710fc544751

SHA512
13d6379e7a0862899233f4650ea8c460ce16dea5d6e70912ffb6b8445265ff41c31dcdddb71f76dc3a32c810a88ddf053b314d0b5fc52493499afbd85b9843e9

Download Submit
memory/2196-3588-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3546-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3599-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-98-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3595-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2624-125-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2656-82-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3609-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2668-52-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3253-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3582-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2700-130-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3536-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-46-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-10-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3579-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-127-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-21-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3589-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-44-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-273-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-272-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3578-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2796-27-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3580-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-14-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-64-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4071-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-126-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-58-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3543-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-65-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-61-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-111-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-120-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3002-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3151-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3152-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-123-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-128-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-16-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3549-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-39-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-129-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-0-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3068-38-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3068-31-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/3068-56-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-12-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-49-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3068-23-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3068-3613-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3681-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3686-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/3068-108-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download