cobaltstrike | 099820196f53eeb4498231ecc3792fec731cc36ff24c50245ae99f9c09f18cbf

Analysis

max time kernel
126s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8357892611d8166e0b14fd0a955bad47
SHA1

46a0f044f2fbffcc83f4886176e8dc9e8513e0a5
SHA256

099820196f53eeb4498231ecc3792fec731cc36ff24c50245ae99f9c09f18cbf
SHA512

fe24d4d9687a024d1d4134eedbf453e303f29de8c5505366c06d42cc1a627dd0d59dbaf5c9c1cea0c41fdf07e3c3b69a3b21cac5a4c65f91594d2d4309134d38
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012260-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d49-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-22.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016e1d-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f45-30.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-93.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccd-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018634-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012260-3.dat	xmrig
behavioral1/files/0x0008000000016cf0-10.dat	xmrig
behavioral1/files/0x0007000000016d49-14.dat	xmrig
behavioral1/files/0x0007000000016d5a-15.dat	xmrig
behavioral1/files/0x0007000000016d71-22.dat	xmrig
behavioral1/files/0x000a000000016e1d-25.dat	xmrig
behavioral1/files/0x0009000000016f45-30.dat	xmrig
behavioral1/files/0x00050000000195c6-55.dat	xmrig
behavioral1/files/0x00050000000195ca-69.dat	xmrig
behavioral1/files/0x00050000000195d0-81.dat	xmrig
behavioral1/files/0x00050000000195e0-86.dat	xmrig
behavioral1/files/0x0005000000019665-97.dat	xmrig
behavioral1/memory/2512-2298-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2836-2300-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cfc-129.dat	xmrig
behavioral1/files/0x0005000000019cd5-125.dat	xmrig
behavioral1/files/0x0005000000019c0b-121.dat	xmrig
behavioral1/files/0x0005000000019bf0-114.dat	xmrig
behavioral1/files/0x0005000000019bf2-117.dat	xmrig
behavioral1/files/0x0005000000019bec-109.dat	xmrig
behavioral1/files/0x0005000000019931-105.dat	xmrig
behavioral1/files/0x00050000000196a0-101.dat	xmrig
behavioral1/files/0x0005000000019624-93.dat	xmrig
behavioral1/files/0x0009000000016ccd-89.dat	xmrig
behavioral1/files/0x00050000000195cc-74.dat	xmrig
behavioral1/files/0x00050000000195ce-77.dat	xmrig
behavioral1/files/0x00050000000195c8-66.dat	xmrig
behavioral1/files/0x00050000000195c7-61.dat	xmrig
behavioral1/files/0x00050000000195c4-54.dat	xmrig
behavioral1/files/0x00050000000195c2-49.dat	xmrig
behavioral1/files/0x000500000001958b-45.dat	xmrig
behavioral1/files/0x00050000000194e2-41.dat	xmrig
behavioral1/files/0x000500000001948d-37.dat	xmrig
behavioral1/files/0x0007000000018634-33.dat	xmrig
behavioral1/memory/2372-2406-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2068-2422-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2376-3065-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2376-3121-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2068-3684-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2836-3712-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2512-3707-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2372-3670-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2320	NOWQruC.exe
2512	lcYfYPK.exe
2836	GgZtLLZ.exe
2372	kAcEmUc.exe
2068	VTeAJXS.exe
2120	DFvHkIt.exe
2248	uvNBKJU.exe
2012	YTPYkZz.exe
2712	fsXsvCg.exe
2816	MOUtzhw.exe
2720	USQEgUT.exe
2692	FjVwdPr.exe
2768	JyzdBAR.exe
2832	PjsvVgy.exe
2588	dSJnJrw.exe
1916	xXgUAnR.exe
2824	DGHlKrE.exe
2556	dtIQbZI.exe
2624	UwYYxYK.exe
1496	QMHhJXN.exe
1252	SHZNETG.exe
1692	WXxhNWn.exe
1700	JHLyaVN.exe
1808	qIPQszY.exe
1728	ZqEauwp.exe
376	trMubur.exe
1948	uJbApVI.exe
2860	YDDBhVN.exe
1688	hCSdZRU.exe
2660	nXjcqiX.exe
2772	yMiVmaI.exe
2452	QYxajJO.exe
2892	YvsBpHa.exe
2904	ukdiWon.exe
596	KFOzmxL.exe
1480	mdohUjO.exe
264	NMpZoHX.exe
2364	oWcaKKC.exe
2856	zoiWKiB.exe
1072	ZCEHgMp.exe
852	dkFnklr.exe
764	QMAFFdq.exe
956	grRIITv.exe
2460	EaUTgKR.exe
876	uqmTSIg.exe
1640	JrerarY.exe
1824	QPrbNvW.exe
2180	vQVaKgx.exe
2088	LjSaMak.exe
1632	WGlCntJ.exe
1368	lXWOXRi.exe
920	UeQrkUx.exe
2968	AEXNGtV.exe
2696	wViknaZ.exe
488	RtuDoUR.exe
1736	nFsXugy.exe
2436	xhqsjrZ.exe
2244	EZJJPCK.exe
2448	ymdbwBx.exe
2960	AFSbnon.exe
2440	qPxbjTf.exe
1964	sYUlGDs.exe
2400	WGYWSwi.exe
1508	KKzXkMg.exe

Loads dropped DLL 64 IoCs

pid	Process
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000b000000012260-3.dat	upx
behavioral1/files/0x0008000000016cf0-10.dat	upx
behavioral1/files/0x0007000000016d49-14.dat	upx
behavioral1/files/0x0007000000016d5a-15.dat	upx
behavioral1/files/0x0007000000016d71-22.dat	upx
behavioral1/files/0x000a000000016e1d-25.dat	upx
behavioral1/files/0x0009000000016f45-30.dat	upx
behavioral1/files/0x00050000000195c6-55.dat	upx
behavioral1/files/0x00050000000195ca-69.dat	upx
behavioral1/files/0x00050000000195d0-81.dat	upx
behavioral1/files/0x00050000000195e0-86.dat	upx
behavioral1/files/0x0005000000019665-97.dat	upx
behavioral1/memory/2512-2298-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2836-2300-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0005000000019cfc-129.dat	upx
behavioral1/files/0x0005000000019cd5-125.dat	upx
behavioral1/files/0x0005000000019c0b-121.dat	upx
behavioral1/files/0x0005000000019bf0-114.dat	upx
behavioral1/files/0x0005000000019bf2-117.dat	upx
behavioral1/files/0x0005000000019bec-109.dat	upx
behavioral1/files/0x0005000000019931-105.dat	upx
behavioral1/files/0x00050000000196a0-101.dat	upx
behavioral1/files/0x0005000000019624-93.dat	upx
behavioral1/files/0x0009000000016ccd-89.dat	upx
behavioral1/files/0x00050000000195cc-74.dat	upx
behavioral1/files/0x00050000000195ce-77.dat	upx
behavioral1/files/0x00050000000195c8-66.dat	upx
behavioral1/files/0x00050000000195c7-61.dat	upx
behavioral1/files/0x00050000000195c4-54.dat	upx
behavioral1/files/0x00050000000195c2-49.dat	upx
behavioral1/files/0x000500000001958b-45.dat	upx
behavioral1/files/0x00050000000194e2-41.dat	upx
behavioral1/files/0x000500000001948d-37.dat	upx
behavioral1/files/0x0007000000018634-33.dat	upx
behavioral1/memory/2372-2406-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2068-2422-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2376-3065-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2068-3684-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2836-3712-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2512-3707-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2372-3670-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sYUlGDs.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjsGnpQ.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEQduBI.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\turCYhg.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVLGKzU.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EByECbA.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYdBDeH.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRxWciG.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQNksLR.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHMhbIC.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymdbwBx.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkcMNCS.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmVqGpP.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBpjEVK.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqaIiAr.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQLCnnj.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxwNfMP.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVGZyzY.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDpSMJi.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YujfrEc.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNFjmus.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSQcuqb.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFxSRhW.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngPGZoN.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNzenoV.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQABLNW.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amZqety.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUJcfsv.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsYerjN.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGZvBwF.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDaajJk.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGCXHpk.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsgfjhS.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmXgfqv.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWBJiFG.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnWUTsn.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GztrGDz.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCgMCUl.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLLAdoR.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRiidbY.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjfNUAJ.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuvztDj.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhirbnT.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWryNKa.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMpZoHX.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTlzSvR.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNDPaZQ.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsrdBTa.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsNvePM.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQgHngl.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFsXugy.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFNgaqx.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMxKThQ.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqHlaMV.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwGgZoC.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeSkGgW.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDxgmax.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFQyFgl.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbSMPzB.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmOBORg.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSGGJTB.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvURQAJ.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiVonsG.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzFyTLg.exe	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2320	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2320	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2320	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2512	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2512	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2512	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2836	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2836	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2836	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2372	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2372	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2372	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2068	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2068	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2068	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2120	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2120	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2120	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2248	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2248	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2248	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2012	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2012	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2012	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2712	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2712	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2712	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2816	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2816	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2816	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2720	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2720	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2720	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2692	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 2692	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 2692	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 2768	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 2768	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 2768	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 2832	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2832	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2832	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2588	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2588	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2588	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 1916	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 1916	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 1916	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 2824	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2824	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2824	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2556	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 2556	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 2556	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 2624	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 2624	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 2624	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1496	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1496	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1496	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1252	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1252	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1252	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 1692	2376	2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_8357892611d8166e0b14fd0a955bad47_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\System\NOWQruC.exe
  C:\Windows\System\NOWQruC.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\lcYfYPK.exe
  C:\Windows\System\lcYfYPK.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\GgZtLLZ.exe
  C:\Windows\System\GgZtLLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\kAcEmUc.exe
  C:\Windows\System\kAcEmUc.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\VTeAJXS.exe
  C:\Windows\System\VTeAJXS.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\DFvHkIt.exe
  C:\Windows\System\DFvHkIt.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\uvNBKJU.exe
  C:\Windows\System\uvNBKJU.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\YTPYkZz.exe
  C:\Windows\System\YTPYkZz.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fsXsvCg.exe
  C:\Windows\System\fsXsvCg.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\MOUtzhw.exe
  C:\Windows\System\MOUtzhw.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\USQEgUT.exe
  C:\Windows\System\USQEgUT.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\FjVwdPr.exe
  C:\Windows\System\FjVwdPr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\JyzdBAR.exe
  C:\Windows\System\JyzdBAR.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\PjsvVgy.exe
  C:\Windows\System\PjsvVgy.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dSJnJrw.exe
  C:\Windows\System\dSJnJrw.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\xXgUAnR.exe
  C:\Windows\System\xXgUAnR.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\DGHlKrE.exe
  C:\Windows\System\DGHlKrE.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\dtIQbZI.exe
  C:\Windows\System\dtIQbZI.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\UwYYxYK.exe
  C:\Windows\System\UwYYxYK.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\QMHhJXN.exe
  C:\Windows\System\QMHhJXN.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\SHZNETG.exe
  C:\Windows\System\SHZNETG.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\WXxhNWn.exe
  C:\Windows\System\WXxhNWn.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\JHLyaVN.exe
  C:\Windows\System\JHLyaVN.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\qIPQszY.exe
  C:\Windows\System\qIPQszY.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ZqEauwp.exe
  C:\Windows\System\ZqEauwp.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\trMubur.exe
  C:\Windows\System\trMubur.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\uJbApVI.exe
  C:\Windows\System\uJbApVI.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\YDDBhVN.exe
  C:\Windows\System\YDDBhVN.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hCSdZRU.exe
  C:\Windows\System\hCSdZRU.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\nXjcqiX.exe
  C:\Windows\System\nXjcqiX.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\yMiVmaI.exe
  C:\Windows\System\yMiVmaI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\QYxajJO.exe
  C:\Windows\System\QYxajJO.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\YvsBpHa.exe
  C:\Windows\System\YvsBpHa.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ukdiWon.exe
  C:\Windows\System\ukdiWon.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\KFOzmxL.exe
  C:\Windows\System\KFOzmxL.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\mdohUjO.exe
  C:\Windows\System\mdohUjO.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\NMpZoHX.exe
  C:\Windows\System\NMpZoHX.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\oWcaKKC.exe
  C:\Windows\System\oWcaKKC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\zoiWKiB.exe
  C:\Windows\System\zoiWKiB.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZCEHgMp.exe
  C:\Windows\System\ZCEHgMp.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\dkFnklr.exe
  C:\Windows\System\dkFnklr.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\QMAFFdq.exe
  C:\Windows\System\QMAFFdq.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\grRIITv.exe
  C:\Windows\System\grRIITv.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\EaUTgKR.exe
  C:\Windows\System\EaUTgKR.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\uqmTSIg.exe
  C:\Windows\System\uqmTSIg.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\JrerarY.exe
  C:\Windows\System\JrerarY.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\QPrbNvW.exe
  C:\Windows\System\QPrbNvW.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\vQVaKgx.exe
  C:\Windows\System\vQVaKgx.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\LjSaMak.exe
  C:\Windows\System\LjSaMak.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\WGlCntJ.exe
  C:\Windows\System\WGlCntJ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\lXWOXRi.exe
  C:\Windows\System\lXWOXRi.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UeQrkUx.exe
  C:\Windows\System\UeQrkUx.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\AEXNGtV.exe
  C:\Windows\System\AEXNGtV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\wViknaZ.exe
  C:\Windows\System\wViknaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\RtuDoUR.exe
  C:\Windows\System\RtuDoUR.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\nFsXugy.exe
  C:\Windows\System\nFsXugy.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\xhqsjrZ.exe
  C:\Windows\System\xhqsjrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\EZJJPCK.exe
  C:\Windows\System\EZJJPCK.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ymdbwBx.exe
  C:\Windows\System\ymdbwBx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\AFSbnon.exe
  C:\Windows\System\AFSbnon.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\qPxbjTf.exe
  C:\Windows\System\qPxbjTf.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\sYUlGDs.exe
  C:\Windows\System\sYUlGDs.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\WGYWSwi.exe
  C:\Windows\System\WGYWSwi.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\KKzXkMg.exe
  C:\Windows\System\KKzXkMg.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\fRrMkBD.exe
  C:\Windows\System\fRrMkBD.exe
  2⤵
  PID:1504
- C:\Windows\System\PYjpZgJ.exe
  C:\Windows\System\PYjpZgJ.exe
  2⤵
  PID:540
- C:\Windows\System\WJdNqZs.exe
  C:\Windows\System\WJdNqZs.exe
  2⤵
  PID:784
- C:\Windows\System\XToHTBu.exe
  C:\Windows\System\XToHTBu.exe
  2⤵
  PID:1608
- C:\Windows\System\FzyRXwl.exe
  C:\Windows\System\FzyRXwl.exe
  2⤵
  PID:1708
- C:\Windows\System\gdqOwUw.exe
  C:\Windows\System\gdqOwUw.exe
  2⤵
  PID:2348
- C:\Windows\System\ToujZVL.exe
  C:\Windows\System\ToujZVL.exe
  2⤵
  PID:2196
- C:\Windows\System\gTTAmbK.exe
  C:\Windows\System\gTTAmbK.exe
  2⤵
  PID:2344
- C:\Windows\System\ASgBixh.exe
  C:\Windows\System\ASgBixh.exe
  2⤵
  PID:2164
- C:\Windows\System\xqzyMnA.exe
  C:\Windows\System\xqzyMnA.exe
  2⤵
  PID:2584
- C:\Windows\System\zKCvRGM.exe
  C:\Windows\System\zKCvRGM.exe
  2⤵
  PID:2040
- C:\Windows\System\pMmHRjT.exe
  C:\Windows\System\pMmHRjT.exe
  2⤵
  PID:816
- C:\Windows\System\bQfNXhp.exe
  C:\Windows\System\bQfNXhp.exe
  2⤵
  PID:2432
- C:\Windows\System\fIZqdvd.exe
  C:\Windows\System\fIZqdvd.exe
  2⤵
  PID:1108
- C:\Windows\System\HwMTbdc.exe
  C:\Windows\System\HwMTbdc.exe
  2⤵
  PID:2188
- C:\Windows\System\OJoNJgg.exe
  C:\Windows\System\OJoNJgg.exe
  2⤵
  PID:592
- C:\Windows\System\JTjXRHT.exe
  C:\Windows\System\JTjXRHT.exe
  2⤵
  PID:2316
- C:\Windows\System\tFWeixy.exe
  C:\Windows\System\tFWeixy.exe
  2⤵
  PID:2124
- C:\Windows\System\jDkCsWq.exe
  C:\Windows\System\jDkCsWq.exe
  2⤵
  PID:2704
- C:\Windows\System\BcbQxGQ.exe
  C:\Windows\System\BcbQxGQ.exe
  2⤵
  PID:2664
- C:\Windows\System\yemSXGX.exe
  C:\Windows\System\yemSXGX.exe
  2⤵
  PID:1492
- C:\Windows\System\IFhLGTK.exe
  C:\Windows\System\IFhLGTK.exe
  2⤵
  PID:1604
- C:\Windows\System\XQLCnnj.exe
  C:\Windows\System\XQLCnnj.exe
  2⤵
  PID:2596
- C:\Windows\System\TZOhowG.exe
  C:\Windows\System\TZOhowG.exe
  2⤵
  PID:500
- C:\Windows\System\wDwmXoF.exe
  C:\Windows\System\wDwmXoF.exe
  2⤵
  PID:2872
- C:\Windows\System\fwemyIi.exe
  C:\Windows\System\fwemyIi.exe
  2⤵
  PID:2740
- C:\Windows\System\HjZFEbU.exe
  C:\Windows\System\HjZFEbU.exe
  2⤵
  PID:2828
- C:\Windows\System\hQzfzbo.exe
  C:\Windows\System\hQzfzbo.exe
  2⤵
  PID:2908
- C:\Windows\System\cxkCddG.exe
  C:\Windows\System\cxkCddG.exe
  2⤵
  PID:2592
- C:\Windows\System\AgQCknJ.exe
  C:\Windows\System\AgQCknJ.exe
  2⤵
  PID:3016
- C:\Windows\System\lkTAtRy.exe
  C:\Windows\System\lkTAtRy.exe
  2⤵
  PID:1892
- C:\Windows\System\ceqXhUf.exe
  C:\Windows\System\ceqXhUf.exe
  2⤵
  PID:2032
- C:\Windows\System\VFHovKm.exe
  C:\Windows\System\VFHovKm.exe
  2⤵
  PID:1592
- C:\Windows\System\VDvHgli.exe
  C:\Windows\System\VDvHgli.exe
  2⤵
  PID:1624
- C:\Windows\System\OhdyLGe.exe
  C:\Windows\System\OhdyLGe.exe
  2⤵
  PID:640
- C:\Windows\System\IaCWJfv.exe
  C:\Windows\System\IaCWJfv.exe
  2⤵
  PID:1596
- C:\Windows\System\MEOAyOA.exe
  C:\Windows\System\MEOAyOA.exe
  2⤵
  PID:908
- C:\Windows\System\scJcuCA.exe
  C:\Windows\System\scJcuCA.exe
  2⤵
  PID:656
- C:\Windows\System\dRuMDPk.exe
  C:\Windows\System\dRuMDPk.exe
  2⤵
  PID:584
- C:\Windows\System\RKmLDyU.exe
  C:\Windows\System\RKmLDyU.exe
  2⤵
  PID:992
- C:\Windows\System\XyplFtR.exe
  C:\Windows\System\XyplFtR.exe
  2⤵
  PID:1576
- C:\Windows\System\ikZIxBI.exe
  C:\Windows\System\ikZIxBI.exe
  2⤵
  PID:1516
- C:\Windows\System\JQfVJbN.exe
  C:\Windows\System\JQfVJbN.exe
  2⤵
  PID:1200
- C:\Windows\System\UTlzSvR.exe
  C:\Windows\System\UTlzSvR.exe
  2⤵
  PID:1340
- C:\Windows\System\xrZPZRD.exe
  C:\Windows\System\xrZPZRD.exe
  2⤵
  PID:2876
- C:\Windows\System\BkvbAwU.exe
  C:\Windows\System\BkvbAwU.exe
  2⤵
  PID:3020
- C:\Windows\System\VYsKjdx.exe
  C:\Windows\System\VYsKjdx.exe
  2⤵
  PID:1276
- C:\Windows\System\anpNmru.exe
  C:\Windows\System\anpNmru.exe
  2⤵
  PID:3092
- C:\Windows\System\VqLLftK.exe
  C:\Windows\System\VqLLftK.exe
  2⤵
  PID:3112
- C:\Windows\System\WlGYzJn.exe
  C:\Windows\System\WlGYzJn.exe
  2⤵
  PID:3132
- C:\Windows\System\cdWIsUN.exe
  C:\Windows\System\cdWIsUN.exe
  2⤵
  PID:3152
- C:\Windows\System\EcKJEOu.exe
  C:\Windows\System\EcKJEOu.exe
  2⤵
  PID:3172
- C:\Windows\System\qYVQFek.exe
  C:\Windows\System\qYVQFek.exe
  2⤵
  PID:3192
- C:\Windows\System\mkwwYuS.exe
  C:\Windows\System\mkwwYuS.exe
  2⤵
  PID:3212
- C:\Windows\System\xOBobeb.exe
  C:\Windows\System\xOBobeb.exe
  2⤵
  PID:3232
- C:\Windows\System\IRVjSuY.exe
  C:\Windows\System\IRVjSuY.exe
  2⤵
  PID:3252
- C:\Windows\System\xVqlihe.exe
  C:\Windows\System\xVqlihe.exe
  2⤵
  PID:3272
- C:\Windows\System\NLwCljD.exe
  C:\Windows\System\NLwCljD.exe
  2⤵
  PID:3292
- C:\Windows\System\JBzVXxn.exe
  C:\Windows\System\JBzVXxn.exe
  2⤵
  PID:3312
- C:\Windows\System\KxmOHXw.exe
  C:\Windows\System\KxmOHXw.exe
  2⤵
  PID:3332
- C:\Windows\System\VobbBvB.exe
  C:\Windows\System\VobbBvB.exe
  2⤵
  PID:3352
- C:\Windows\System\bkoUuFX.exe
  C:\Windows\System\bkoUuFX.exe
  2⤵
  PID:3372
- C:\Windows\System\Xoertxc.exe
  C:\Windows\System\Xoertxc.exe
  2⤵
  PID:3392
- C:\Windows\System\NhliZRe.exe
  C:\Windows\System\NhliZRe.exe
  2⤵
  PID:3412
- C:\Windows\System\jFYJHKK.exe
  C:\Windows\System\jFYJHKK.exe
  2⤵
  PID:3432
- C:\Windows\System\HpcpwpI.exe
  C:\Windows\System\HpcpwpI.exe
  2⤵
  PID:3452
- C:\Windows\System\WInjteK.exe
  C:\Windows\System\WInjteK.exe
  2⤵
  PID:3472
- C:\Windows\System\YfgbEEC.exe
  C:\Windows\System\YfgbEEC.exe
  2⤵
  PID:3492
- C:\Windows\System\SIDaItT.exe
  C:\Windows\System\SIDaItT.exe
  2⤵
  PID:3512
- C:\Windows\System\UAEjwnq.exe
  C:\Windows\System\UAEjwnq.exe
  2⤵
  PID:3532
- C:\Windows\System\KKbNdnn.exe
  C:\Windows\System\KKbNdnn.exe
  2⤵
  PID:3552
- C:\Windows\System\IOxzmBd.exe
  C:\Windows\System\IOxzmBd.exe
  2⤵
  PID:3572
- C:\Windows\System\DXpbeCU.exe
  C:\Windows\System\DXpbeCU.exe
  2⤵
  PID:3592
- C:\Windows\System\FDQDjdL.exe
  C:\Windows\System\FDQDjdL.exe
  2⤵
  PID:3616
- C:\Windows\System\CAheoAn.exe
  C:\Windows\System\CAheoAn.exe
  2⤵
  PID:3636
- C:\Windows\System\vynThKE.exe
  C:\Windows\System\vynThKE.exe
  2⤵
  PID:3656
- C:\Windows\System\SdlAoCA.exe
  C:\Windows\System\SdlAoCA.exe
  2⤵
  PID:3676
- C:\Windows\System\RSDWRpl.exe
  C:\Windows\System\RSDWRpl.exe
  2⤵
  PID:3696
- C:\Windows\System\IzeAqlm.exe
  C:\Windows\System\IzeAqlm.exe
  2⤵
  PID:3716
- C:\Windows\System\TxZuBRb.exe
  C:\Windows\System\TxZuBRb.exe
  2⤵
  PID:3736
- C:\Windows\System\CoeHgJN.exe
  C:\Windows\System\CoeHgJN.exe
  2⤵
  PID:3756
- C:\Windows\System\JDJUbBo.exe
  C:\Windows\System\JDJUbBo.exe
  2⤵
  PID:3776
- C:\Windows\System\HkrcWNc.exe
  C:\Windows\System\HkrcWNc.exe
  2⤵
  PID:3796
- C:\Windows\System\Brjlycs.exe
  C:\Windows\System\Brjlycs.exe
  2⤵
  PID:3816
- C:\Windows\System\vLtrQWD.exe
  C:\Windows\System\vLtrQWD.exe
  2⤵
  PID:3836
- C:\Windows\System\lbiJHOF.exe
  C:\Windows\System\lbiJHOF.exe
  2⤵
  PID:3856
- C:\Windows\System\wFGoQDe.exe
  C:\Windows\System\wFGoQDe.exe
  2⤵
  PID:3876
- C:\Windows\System\xRhxilv.exe
  C:\Windows\System\xRhxilv.exe
  2⤵
  PID:3896
- C:\Windows\System\toEEdbM.exe
  C:\Windows\System\toEEdbM.exe
  2⤵
  PID:3916
- C:\Windows\System\WXzYAet.exe
  C:\Windows\System\WXzYAet.exe
  2⤵
  PID:3936
- C:\Windows\System\hPnqHNk.exe
  C:\Windows\System\hPnqHNk.exe
  2⤵
  PID:3956
- C:\Windows\System\YEDHRHN.exe
  C:\Windows\System\YEDHRHN.exe
  2⤵
  PID:3976
- C:\Windows\System\wuBaUpY.exe
  C:\Windows\System\wuBaUpY.exe
  2⤵
  PID:3996
- C:\Windows\System\EIQOXOF.exe
  C:\Windows\System\EIQOXOF.exe
  2⤵
  PID:4016
- C:\Windows\System\iRfHFWT.exe
  C:\Windows\System\iRfHFWT.exe
  2⤵
  PID:4036
- C:\Windows\System\BakUhXf.exe
  C:\Windows\System\BakUhXf.exe
  2⤵
  PID:4056
- C:\Windows\System\RKuIqGQ.exe
  C:\Windows\System\RKuIqGQ.exe
  2⤵
  PID:4076
- C:\Windows\System\ELHHZux.exe
  C:\Windows\System\ELHHZux.exe
  2⤵
  PID:2616
- C:\Windows\System\nnWUTsn.exe
  C:\Windows\System\nnWUTsn.exe
  2⤵
  PID:728
- C:\Windows\System\ZUDlLpC.exe
  C:\Windows\System\ZUDlLpC.exe
  2⤵
  PID:1460
- C:\Windows\System\PLwuKCg.exe
  C:\Windows\System\PLwuKCg.exe
  2⤵
  PID:1680
- C:\Windows\System\kyZLqDB.exe
  C:\Windows\System\kyZLqDB.exe
  2⤵
  PID:1176
- C:\Windows\System\GTnjZWp.exe
  C:\Windows\System\GTnjZWp.exe
  2⤵
  PID:1564
- C:\Windows\System\ZrzVAIK.exe
  C:\Windows\System\ZrzVAIK.exe
  2⤵
  PID:2208
- C:\Windows\System\gLCYDYF.exe
  C:\Windows\System\gLCYDYF.exe
  2⤵
  PID:1812
- C:\Windows\System\NPOrLJV.exe
  C:\Windows\System\NPOrLJV.exe
  2⤵
  PID:2716
- C:\Windows\System\LvTNDXT.exe
  C:\Windows\System\LvTNDXT.exe
  2⤵
  PID:296
- C:\Windows\System\kdaEoDU.exe
  C:\Windows\System\kdaEoDU.exe
  2⤵
  PID:1296
- C:\Windows\System\gSymIqO.exe
  C:\Windows\System\gSymIqO.exe
  2⤵
  PID:3080
- C:\Windows\System\pyQwnDd.exe
  C:\Windows\System\pyQwnDd.exe
  2⤵
  PID:3108
- C:\Windows\System\lVAaLcO.exe
  C:\Windows\System\lVAaLcO.exe
  2⤵
  PID:3140
- C:\Windows\System\loLEdOi.exe
  C:\Windows\System\loLEdOi.exe
  2⤵
  PID:3164
- C:\Windows\System\pljqfqq.exe
  C:\Windows\System\pljqfqq.exe
  2⤵
  PID:3208
- C:\Windows\System\fPsNelF.exe
  C:\Windows\System\fPsNelF.exe
  2⤵
  PID:3248
- C:\Windows\System\ghzpHWs.exe
  C:\Windows\System\ghzpHWs.exe
  2⤵
  PID:3280
- C:\Windows\System\wJbEpHG.exe
  C:\Windows\System\wJbEpHG.exe
  2⤵
  PID:3308
- C:\Windows\System\KPgyqYq.exe
  C:\Windows\System\KPgyqYq.exe
  2⤵
  PID:3360
- C:\Windows\System\BUmqlog.exe
  C:\Windows\System\BUmqlog.exe
  2⤵
  PID:3380
- C:\Windows\System\cvpeHTf.exe
  C:\Windows\System\cvpeHTf.exe
  2⤵
  PID:3404
- C:\Windows\System\eInuOLh.exe
  C:\Windows\System\eInuOLh.exe
  2⤵
  PID:3424
- C:\Windows\System\HvSLjId.exe
  C:\Windows\System\HvSLjId.exe
  2⤵
  PID:3488
- C:\Windows\System\KzFyTLg.exe
  C:\Windows\System\KzFyTLg.exe
  2⤵
  PID:3520
- C:\Windows\System\taWLctc.exe
  C:\Windows\System\taWLctc.exe
  2⤵
  PID:3548
- C:\Windows\System\rauKocN.exe
  C:\Windows\System\rauKocN.exe
  2⤵
  PID:3580
- C:\Windows\System\dcWyJLj.exe
  C:\Windows\System\dcWyJLj.exe
  2⤵
  PID:3604
- C:\Windows\System\YdosDVX.exe
  C:\Windows\System\YdosDVX.exe
  2⤵
  PID:3628
- C:\Windows\System\gTUxVlf.exe
  C:\Windows\System\gTUxVlf.exe
  2⤵
  PID:3692
- C:\Windows\System\pNscQGx.exe
  C:\Windows\System\pNscQGx.exe
  2⤵
  PID:3732
- C:\Windows\System\ushcOpz.exe
  C:\Windows\System\ushcOpz.exe
  2⤵
  PID:3752
- C:\Windows\System\SJLNjqH.exe
  C:\Windows\System\SJLNjqH.exe
  2⤵
  PID:3784
- C:\Windows\System\Uljluwz.exe
  C:\Windows\System\Uljluwz.exe
  2⤵
  PID:3808
- C:\Windows\System\YqocqpQ.exe
  C:\Windows\System\YqocqpQ.exe
  2⤵
  PID:3852
- C:\Windows\System\rUKJEDZ.exe
  C:\Windows\System\rUKJEDZ.exe
  2⤵
  PID:3872
- C:\Windows\System\fASMxgZ.exe
  C:\Windows\System\fASMxgZ.exe
  2⤵
  PID:3924
- C:\Windows\System\hYfcJzI.exe
  C:\Windows\System\hYfcJzI.exe
  2⤵
  PID:3964
- C:\Windows\System\dzkBdnY.exe
  C:\Windows\System\dzkBdnY.exe
  2⤵
  PID:3984
- C:\Windows\System\tShGGuc.exe
  C:\Windows\System\tShGGuc.exe
  2⤵
  PID:4008
- C:\Windows\System\WXvvRkh.exe
  C:\Windows\System\WXvvRkh.exe
  2⤵
  PID:4052
- C:\Windows\System\OxeLCbn.exe
  C:\Windows\System\OxeLCbn.exe
  2⤵
  PID:4092
- C:\Windows\System\vnAtefT.exe
  C:\Windows\System\vnAtefT.exe
  2⤵
  PID:2304
- C:\Windows\System\xTwXgIG.exe
  C:\Windows\System\xTwXgIG.exe
  2⤵
  PID:1360
- C:\Windows\System\JAnUflr.exe
  C:\Windows\System\JAnUflr.exe
  2⤵
  PID:1552
- C:\Windows\System\becbpsF.exe
  C:\Windows\System\becbpsF.exe
  2⤵
  PID:2300
- C:\Windows\System\QjbeTCR.exe
  C:\Windows\System\QjbeTCR.exe
  2⤵
  PID:3068
- C:\Windows\System\eawcwNI.exe
  C:\Windows\System\eawcwNI.exe
  2⤵
  PID:2688
- C:\Windows\System\WXucHdV.exe
  C:\Windows\System\WXucHdV.exe
  2⤵
  PID:2224
- C:\Windows\System\bAzgfUz.exe
  C:\Windows\System\bAzgfUz.exe
  2⤵
  PID:3104
- C:\Windows\System\UuWefwO.exe
  C:\Windows\System\UuWefwO.exe
  2⤵
  PID:3200
- C:\Windows\System\BjaiNJn.exe
  C:\Windows\System\BjaiNJn.exe
  2⤵
  PID:3228
- C:\Windows\System\cMSFOor.exe
  C:\Windows\System\cMSFOor.exe
  2⤵
  PID:3268
- C:\Windows\System\wORrewf.exe
  C:\Windows\System\wORrewf.exe
  2⤵
  PID:3348
- C:\Windows\System\TOHkjrx.exe
  C:\Windows\System\TOHkjrx.exe
  2⤵
  PID:3384
- C:\Windows\System\FBjKnQL.exe
  C:\Windows\System\FBjKnQL.exe
  2⤵
  PID:3464
- C:\Windows\System\xBdWhwU.exe
  C:\Windows\System\xBdWhwU.exe
  2⤵
  PID:3504
- C:\Windows\System\HxwNfMP.exe
  C:\Windows\System\HxwNfMP.exe
  2⤵
  PID:3544
- C:\Windows\System\jVWQsaw.exe
  C:\Windows\System\jVWQsaw.exe
  2⤵
  PID:3600
- C:\Windows\System\BAmFlZd.exe
  C:\Windows\System\BAmFlZd.exe
  2⤵
  PID:3684
- C:\Windows\System\uRzCiLm.exe
  C:\Windows\System\uRzCiLm.exe
  2⤵
  PID:3744
- C:\Windows\System\qKrAiwx.exe
  C:\Windows\System\qKrAiwx.exe
  2⤵
  PID:3788
- C:\Windows\System\rnAPMSX.exe
  C:\Windows\System\rnAPMSX.exe
  2⤵
  PID:3864
- C:\Windows\System\rzQVicD.exe
  C:\Windows\System\rzQVicD.exe
  2⤵
  PID:3904
- C:\Windows\System\lyYPxLT.exe
  C:\Windows\System\lyYPxLT.exe
  2⤵
  PID:3908
- C:\Windows\System\svIaRmV.exe
  C:\Windows\System\svIaRmV.exe
  2⤵
  PID:3992
- C:\Windows\System\oRZpBlT.exe
  C:\Windows\System\oRZpBlT.exe
  2⤵
  PID:4088
- C:\Windows\System\TYUTZFj.exe
  C:\Windows\System\TYUTZFj.exe
  2⤵
  PID:1056
- C:\Windows\System\NkNDobO.exe
  C:\Windows\System\NkNDobO.exe
  2⤵
  PID:2260
- C:\Windows\System\emXPTzQ.exe
  C:\Windows\System\emXPTzQ.exe
  2⤵
  PID:2428
- C:\Windows\System\rzczFWx.exe
  C:\Windows\System\rzczFWx.exe
  2⤵
  PID:2888
- C:\Windows\System\PeSkGgW.exe
  C:\Windows\System\PeSkGgW.exe
  2⤵
  PID:3084
- C:\Windows\System\VgegYxl.exe
  C:\Windows\System\VgegYxl.exe
  2⤵
  PID:3320
- C:\Windows\System\xltopoc.exe
  C:\Windows\System\xltopoc.exe
  2⤵
  PID:4108
- C:\Windows\System\mKOSTtw.exe
  C:\Windows\System\mKOSTtw.exe
  2⤵
  PID:4128
- C:\Windows\System\nHcXNjA.exe
  C:\Windows\System\nHcXNjA.exe
  2⤵
  PID:4148
- C:\Windows\System\ivECbYw.exe
  C:\Windows\System\ivECbYw.exe
  2⤵
  PID:4168
- C:\Windows\System\nGAzyZY.exe
  C:\Windows\System\nGAzyZY.exe
  2⤵
  PID:4188
- C:\Windows\System\FXWZKBi.exe
  C:\Windows\System\FXWZKBi.exe
  2⤵
  PID:4208
- C:\Windows\System\ItoBEJU.exe
  C:\Windows\System\ItoBEJU.exe
  2⤵
  PID:4228
- C:\Windows\System\caQVnla.exe
  C:\Windows\System\caQVnla.exe
  2⤵
  PID:4248
- C:\Windows\System\NsilBdq.exe
  C:\Windows\System\NsilBdq.exe
  2⤵
  PID:4268
- C:\Windows\System\CeoQbKj.exe
  C:\Windows\System\CeoQbKj.exe
  2⤵
  PID:4288
- C:\Windows\System\eHdXxJP.exe
  C:\Windows\System\eHdXxJP.exe
  2⤵
  PID:4308
- C:\Windows\System\YgYIkJd.exe
  C:\Windows\System\YgYIkJd.exe
  2⤵
  PID:4328
- C:\Windows\System\xEQdPGB.exe
  C:\Windows\System\xEQdPGB.exe
  2⤵
  PID:4348
- C:\Windows\System\UUQRkwe.exe
  C:\Windows\System\UUQRkwe.exe
  2⤵
  PID:4368
- C:\Windows\System\xkFqHKy.exe
  C:\Windows\System\xkFqHKy.exe
  2⤵
  PID:4388
- C:\Windows\System\IRotavs.exe
  C:\Windows\System\IRotavs.exe
  2⤵
  PID:4408
- C:\Windows\System\uJYkEmx.exe
  C:\Windows\System\uJYkEmx.exe
  2⤵
  PID:4428
- C:\Windows\System\DGZvBwF.exe
  C:\Windows\System\DGZvBwF.exe
  2⤵
  PID:4448
- C:\Windows\System\aaShIoc.exe
  C:\Windows\System\aaShIoc.exe
  2⤵
  PID:4468
- C:\Windows\System\HpfJBoN.exe
  C:\Windows\System\HpfJBoN.exe
  2⤵
  PID:4488
- C:\Windows\System\vCSEOrw.exe
  C:\Windows\System\vCSEOrw.exe
  2⤵
  PID:4508
- C:\Windows\System\ZIhhGLD.exe
  C:\Windows\System\ZIhhGLD.exe
  2⤵
  PID:4528
- C:\Windows\System\gXlTmrV.exe
  C:\Windows\System\gXlTmrV.exe
  2⤵
  PID:4548
- C:\Windows\System\PrzIjHZ.exe
  C:\Windows\System\PrzIjHZ.exe
  2⤵
  PID:4568
- C:\Windows\System\ZwIGNlo.exe
  C:\Windows\System\ZwIGNlo.exe
  2⤵
  PID:4588
- C:\Windows\System\DpfSpRn.exe
  C:\Windows\System\DpfSpRn.exe
  2⤵
  PID:4608
- C:\Windows\System\OCiQmwr.exe
  C:\Windows\System\OCiQmwr.exe
  2⤵
  PID:4628
- C:\Windows\System\kokjSPN.exe
  C:\Windows\System\kokjSPN.exe
  2⤵
  PID:4648
- C:\Windows\System\ZnfJVGP.exe
  C:\Windows\System\ZnfJVGP.exe
  2⤵
  PID:4668
- C:\Windows\System\iGprPae.exe
  C:\Windows\System\iGprPae.exe
  2⤵
  PID:4688
- C:\Windows\System\GolHnDe.exe
  C:\Windows\System\GolHnDe.exe
  2⤵
  PID:4708
- C:\Windows\System\IhbiteA.exe
  C:\Windows\System\IhbiteA.exe
  2⤵
  PID:4728
- C:\Windows\System\rrdcTFK.exe
  C:\Windows\System\rrdcTFK.exe
  2⤵
  PID:4748
- C:\Windows\System\XJkTkWI.exe
  C:\Windows\System\XJkTkWI.exe
  2⤵
  PID:4768
- C:\Windows\System\lXJMaRU.exe
  C:\Windows\System\lXJMaRU.exe
  2⤵
  PID:4792
- C:\Windows\System\odUmETj.exe
  C:\Windows\System\odUmETj.exe
  2⤵
  PID:4812
- C:\Windows\System\FhquZMq.exe
  C:\Windows\System\FhquZMq.exe
  2⤵
  PID:4832
- C:\Windows\System\PozxnfD.exe
  C:\Windows\System\PozxnfD.exe
  2⤵
  PID:4852
- C:\Windows\System\gvSVdvE.exe
  C:\Windows\System\gvSVdvE.exe
  2⤵
  PID:4872
- C:\Windows\System\ciBoJBa.exe
  C:\Windows\System\ciBoJBa.exe
  2⤵
  PID:4892
- C:\Windows\System\YyEUiOx.exe
  C:\Windows\System\YyEUiOx.exe
  2⤵
  PID:4912
- C:\Windows\System\hGtktKS.exe
  C:\Windows\System\hGtktKS.exe
  2⤵
  PID:4932
- C:\Windows\System\jMcpgVy.exe
  C:\Windows\System\jMcpgVy.exe
  2⤵
  PID:4952
- C:\Windows\System\mKNGgrS.exe
  C:\Windows\System\mKNGgrS.exe
  2⤵
  PID:4972
- C:\Windows\System\iPUDdMC.exe
  C:\Windows\System\iPUDdMC.exe
  2⤵
  PID:4992
- C:\Windows\System\lNKOqcW.exe
  C:\Windows\System\lNKOqcW.exe
  2⤵
  PID:5012
- C:\Windows\System\zyGSfTl.exe
  C:\Windows\System\zyGSfTl.exe
  2⤵
  PID:5032
- C:\Windows\System\ZUsnYXK.exe
  C:\Windows\System\ZUsnYXK.exe
  2⤵
  PID:5056
- C:\Windows\System\mtyjDyS.exe
  C:\Windows\System\mtyjDyS.exe
  2⤵
  PID:5076
- C:\Windows\System\rKSGACk.exe
  C:\Windows\System\rKSGACk.exe
  2⤵
  PID:5096
- C:\Windows\System\elyvRWe.exe
  C:\Windows\System\elyvRWe.exe
  2⤵
  PID:5116
- C:\Windows\System\zevUuXZ.exe
  C:\Windows\System\zevUuXZ.exe
  2⤵
  PID:3408
- C:\Windows\System\QDaajJk.exe
  C:\Windows\System\QDaajJk.exe
  2⤵
  PID:3484
- C:\Windows\System\yfWeBpf.exe
  C:\Windows\System\yfWeBpf.exe
  2⤵
  PID:3612
- C:\Windows\System\chmnSRU.exe
  C:\Windows\System\chmnSRU.exe
  2⤵
  PID:3672
- C:\Windows\System\yjvFvUJ.exe
  C:\Windows\System\yjvFvUJ.exe
  2⤵
  PID:3768
- C:\Windows\System\TBAembi.exe
  C:\Windows\System\TBAembi.exe
  2⤵
  PID:3828
- C:\Windows\System\evGhsMF.exe
  C:\Windows\System\evGhsMF.exe
  2⤵
  PID:3972
- C:\Windows\System\XrpfLdT.exe
  C:\Windows\System\XrpfLdT.exe
  2⤵
  PID:4064
- C:\Windows\System\CmcQhVm.exe
  C:\Windows\System\CmcQhVm.exe
  2⤵
  PID:2896
- C:\Windows\System\AMbEODo.exe
  C:\Windows\System\AMbEODo.exe
  2⤵
  PID:2288
- C:\Windows\System\ABswIdG.exe
  C:\Windows\System\ABswIdG.exe
  2⤵
  PID:3148
- C:\Windows\System\aoSxpzd.exe
  C:\Windows\System\aoSxpzd.exe
  2⤵
  PID:3224
- C:\Windows\System\VffRkGZ.exe
  C:\Windows\System\VffRkGZ.exe
  2⤵
  PID:4124
- C:\Windows\System\INhOlMA.exe
  C:\Windows\System\INhOlMA.exe
  2⤵
  PID:4140
- C:\Windows\System\WUipnRZ.exe
  C:\Windows\System\WUipnRZ.exe
  2⤵
  PID:4196
- C:\Windows\System\YrUYUJK.exe
  C:\Windows\System\YrUYUJK.exe
  2⤵
  PID:4224
- C:\Windows\System\btFtDPc.exe
  C:\Windows\System\btFtDPc.exe
  2⤵
  PID:4256
- C:\Windows\System\kPrFTBo.exe
  C:\Windows\System\kPrFTBo.exe
  2⤵
  PID:4280
- C:\Windows\System\uljhucG.exe
  C:\Windows\System\uljhucG.exe
  2⤵
  PID:4324
- C:\Windows\System\GEkRhuf.exe
  C:\Windows\System\GEkRhuf.exe
  2⤵
  PID:4356
- C:\Windows\System\CDpAylv.exe
  C:\Windows\System\CDpAylv.exe
  2⤵
  PID:4384
- C:\Windows\System\Khutewo.exe
  C:\Windows\System\Khutewo.exe
  2⤵
  PID:4416
- C:\Windows\System\CEppVzB.exe
  C:\Windows\System\CEppVzB.exe
  2⤵
  PID:4440
- C:\Windows\System\OKwbYzI.exe
  C:\Windows\System\OKwbYzI.exe
  2⤵
  PID:4484
- C:\Windows\System\VwZHvvC.exe
  C:\Windows\System\VwZHvvC.exe
  2⤵
  PID:4516
- C:\Windows\System\pxvaYHp.exe
  C:\Windows\System\pxvaYHp.exe
  2⤵
  PID:4560
- C:\Windows\System\jOOSMKj.exe
  C:\Windows\System\jOOSMKj.exe
  2⤵
  PID:4584
- C:\Windows\System\cZXHBWQ.exe
  C:\Windows\System\cZXHBWQ.exe
  2⤵
  PID:4624
- C:\Windows\System\aNhcJAY.exe
  C:\Windows\System\aNhcJAY.exe
  2⤵
  PID:4656
- C:\Windows\System\DqzIPCS.exe
  C:\Windows\System\DqzIPCS.exe
  2⤵
  PID:4680
- C:\Windows\System\ZHoanpy.exe
  C:\Windows\System\ZHoanpy.exe
  2⤵
  PID:4700
- C:\Windows\System\cGpDBIV.exe
  C:\Windows\System\cGpDBIV.exe
  2⤵
  PID:4740
- C:\Windows\System\hCCgXYV.exe
  C:\Windows\System\hCCgXYV.exe
  2⤵
  PID:4800
- C:\Windows\System\NtwRQju.exe
  C:\Windows\System\NtwRQju.exe
  2⤵
  PID:4840
- C:\Windows\System\OBvlLlY.exe
  C:\Windows\System\OBvlLlY.exe
  2⤵
  PID:4860
- C:\Windows\System\sDxgmax.exe
  C:\Windows\System\sDxgmax.exe
  2⤵
  PID:4884
- C:\Windows\System\UPVurUf.exe
  C:\Windows\System\UPVurUf.exe
  2⤵
  PID:4904
- C:\Windows\System\cdrCbPl.exe
  C:\Windows\System\cdrCbPl.exe
  2⤵
  PID:4944
- C:\Windows\System\ANlGkmY.exe
  C:\Windows\System\ANlGkmY.exe
  2⤵
  PID:5000
- C:\Windows\System\EGNOjqQ.exe
  C:\Windows\System\EGNOjqQ.exe
  2⤵
  PID:5028
- C:\Windows\System\ogljxEA.exe
  C:\Windows\System\ogljxEA.exe
  2⤵
  PID:5064
- C:\Windows\System\BxjjfSs.exe
  C:\Windows\System\BxjjfSs.exe
  2⤵
  PID:5088
- C:\Windows\System\VzbrLAn.exe
  C:\Windows\System\VzbrLAn.exe
  2⤵
  PID:3344
- C:\Windows\System\yeJJVrq.exe
  C:\Windows\System\yeJJVrq.exe
  2⤵
  PID:3444
- C:\Windows\System\rxlcIZu.exe
  C:\Windows\System\rxlcIZu.exe
  2⤵
  PID:3724
- C:\Windows\System\cYlXqAk.exe
  C:\Windows\System\cYlXqAk.exe
  2⤵
  PID:3832
- C:\Windows\System\trATqXD.exe
  C:\Windows\System\trATqXD.exe
  2⤵
  PID:3988
- C:\Windows\System\Wacdbbm.exe
  C:\Windows\System\Wacdbbm.exe
  2⤵
  PID:448
- C:\Windows\System\avACjjA.exe
  C:\Windows\System\avACjjA.exe
  2⤵
  PID:2080
- C:\Windows\System\SIbfSDt.exe
  C:\Windows\System\SIbfSDt.exe
  2⤵
  PID:3188
- C:\Windows\System\GiFzzsY.exe
  C:\Windows\System\GiFzzsY.exe
  2⤵
  PID:4160
- C:\Windows\System\BlUEzPy.exe
  C:\Windows\System\BlUEzPy.exe
  2⤵
  PID:4216
- C:\Windows\System\yydTaRn.exe
  C:\Windows\System\yydTaRn.exe
  2⤵
  PID:4284
- C:\Windows\System\GZzXwJj.exe
  C:\Windows\System\GZzXwJj.exe
  2⤵
  PID:4300
- C:\Windows\System\ZNYknGD.exe
  C:\Windows\System\ZNYknGD.exe
  2⤵
  PID:4336
- C:\Windows\System\SwbCtlp.exe
  C:\Windows\System\SwbCtlp.exe
  2⤵
  PID:4404
- C:\Windows\System\qdQcHlq.exe
  C:\Windows\System\qdQcHlq.exe
  2⤵
  PID:4464
- C:\Windows\System\QdTEJKK.exe
  C:\Windows\System\QdTEJKK.exe
  2⤵
  PID:4544
- C:\Windows\System\ZXHrgmm.exe
  C:\Windows\System\ZXHrgmm.exe
  2⤵
  PID:4580
- C:\Windows\System\wsZDuck.exe
  C:\Windows\System\wsZDuck.exe
  2⤵
  PID:4644
- C:\Windows\System\KpBjJxE.exe
  C:\Windows\System\KpBjJxE.exe
  2⤵
  PID:4704
- C:\Windows\System\JfyJAJx.exe
  C:\Windows\System\JfyJAJx.exe
  2⤵
  PID:4760
- C:\Windows\System\nzsNABe.exe
  C:\Windows\System\nzsNABe.exe
  2⤵
  PID:4804
- C:\Windows\System\odvEomf.exe
  C:\Windows\System\odvEomf.exe
  2⤵
  PID:4864
- C:\Windows\System\GTJDXVe.exe
  C:\Windows\System\GTJDXVe.exe
  2⤵
  PID:4940
- C:\Windows\System\doqVxNx.exe
  C:\Windows\System\doqVxNx.exe
  2⤵
  PID:4980
- C:\Windows\System\FexwJZi.exe
  C:\Windows\System\FexwJZi.exe
  2⤵
  PID:5004
- C:\Windows\System\cekzGfX.exe
  C:\Windows\System\cekzGfX.exe
  2⤵
  PID:5092
- C:\Windows\System\XCUjrOi.exe
  C:\Windows\System\XCUjrOi.exe
  2⤵
  PID:3540
- C:\Windows\System\ZZqiBBz.exe
  C:\Windows\System\ZZqiBBz.exe
  2⤵
  PID:3912
- C:\Windows\System\vUSXcwd.exe
  C:\Windows\System\vUSXcwd.exe
  2⤵
  PID:4028
- C:\Windows\System\pkcrfxa.exe
  C:\Windows\System\pkcrfxa.exe
  2⤵
  PID:1156
- C:\Windows\System\lIrGoWX.exe
  C:\Windows\System\lIrGoWX.exe
  2⤵
  PID:4144
- C:\Windows\System\AiuiGhB.exe
  C:\Windows\System\AiuiGhB.exe
  2⤵
  PID:4180
- C:\Windows\System\jRdINQM.exe
  C:\Windows\System\jRdINQM.exe
  2⤵
  PID:5128
- C:\Windows\System\SmhPNLV.exe
  C:\Windows\System\SmhPNLV.exe
  2⤵
  PID:5148
- C:\Windows\System\egRwGCd.exe
  C:\Windows\System\egRwGCd.exe
  2⤵
  PID:5168
- C:\Windows\System\XumXXNN.exe
  C:\Windows\System\XumXXNN.exe
  2⤵
  PID:5188
- C:\Windows\System\KGiysTI.exe
  C:\Windows\System\KGiysTI.exe
  2⤵
  PID:5208
- C:\Windows\System\RtyczuM.exe
  C:\Windows\System\RtyczuM.exe
  2⤵
  PID:5228
- C:\Windows\System\ODIJkUK.exe
  C:\Windows\System\ODIJkUK.exe
  2⤵
  PID:5248
- C:\Windows\System\gMSYUiW.exe
  C:\Windows\System\gMSYUiW.exe
  2⤵
  PID:5268
- C:\Windows\System\LQappwB.exe
  C:\Windows\System\LQappwB.exe
  2⤵
  PID:5288
- C:\Windows\System\mknLnZM.exe
  C:\Windows\System\mknLnZM.exe
  2⤵
  PID:5308
- C:\Windows\System\lXkLBln.exe
  C:\Windows\System\lXkLBln.exe
  2⤵
  PID:5328
- C:\Windows\System\gwwLRbO.exe
  C:\Windows\System\gwwLRbO.exe
  2⤵
  PID:5348
- C:\Windows\System\CWijwet.exe
  C:\Windows\System\CWijwet.exe
  2⤵
  PID:5368
- C:\Windows\System\MWpGQxl.exe
  C:\Windows\System\MWpGQxl.exe
  2⤵
  PID:5388
- C:\Windows\System\RUmMqwC.exe
  C:\Windows\System\RUmMqwC.exe
  2⤵
  PID:5408
- C:\Windows\System\nelUCWa.exe
  C:\Windows\System\nelUCWa.exe
  2⤵
  PID:5428
- C:\Windows\System\PjRDEAg.exe
  C:\Windows\System\PjRDEAg.exe
  2⤵
  PID:5448
- C:\Windows\System\remQLRM.exe
  C:\Windows\System\remQLRM.exe
  2⤵
  PID:5468
- C:\Windows\System\ZUPFSoo.exe
  C:\Windows\System\ZUPFSoo.exe
  2⤵
  PID:5488
- C:\Windows\System\FBLzcrC.exe
  C:\Windows\System\FBLzcrC.exe
  2⤵
  PID:5508
- C:\Windows\System\KoDOqVg.exe
  C:\Windows\System\KoDOqVg.exe
  2⤵
  PID:5528
- C:\Windows\System\aBBkVlJ.exe
  C:\Windows\System\aBBkVlJ.exe
  2⤵
  PID:5548
- C:\Windows\System\GztrGDz.exe
  C:\Windows\System\GztrGDz.exe
  2⤵
  PID:5568
- C:\Windows\System\ZYVeaRe.exe
  C:\Windows\System\ZYVeaRe.exe
  2⤵
  PID:5588
- C:\Windows\System\PEztWCJ.exe
  C:\Windows\System\PEztWCJ.exe
  2⤵
  PID:5608
- C:\Windows\System\nmoKTku.exe
  C:\Windows\System\nmoKTku.exe
  2⤵
  PID:5628
- C:\Windows\System\SNETZpc.exe
  C:\Windows\System\SNETZpc.exe
  2⤵
  PID:5648
- C:\Windows\System\fQLRwhC.exe
  C:\Windows\System\fQLRwhC.exe
  2⤵
  PID:5668
- C:\Windows\System\EFAqUCf.exe
  C:\Windows\System\EFAqUCf.exe
  2⤵
  PID:5688
- C:\Windows\System\gJIjKkZ.exe
  C:\Windows\System\gJIjKkZ.exe
  2⤵
  PID:5708
- C:\Windows\System\GUKMTDk.exe
  C:\Windows\System\GUKMTDk.exe
  2⤵
  PID:5728
- C:\Windows\System\fryWppb.exe
  C:\Windows\System\fryWppb.exe
  2⤵
  PID:5748
- C:\Windows\System\TSzfSvh.exe
  C:\Windows\System\TSzfSvh.exe
  2⤵
  PID:5768
- C:\Windows\System\scIDPIn.exe
  C:\Windows\System\scIDPIn.exe
  2⤵
  PID:5792
- C:\Windows\System\SroheDj.exe
  C:\Windows\System\SroheDj.exe
  2⤵
  PID:5812
- C:\Windows\System\yfXWAvy.exe
  C:\Windows\System\yfXWAvy.exe
  2⤵
  PID:5832
- C:\Windows\System\dFwwFCX.exe
  C:\Windows\System\dFwwFCX.exe
  2⤵
  PID:5852
- C:\Windows\System\LvsYrQs.exe
  C:\Windows\System\LvsYrQs.exe
  2⤵
  PID:5872
- C:\Windows\System\jxDzaFf.exe
  C:\Windows\System\jxDzaFf.exe
  2⤵
  PID:5892
- C:\Windows\System\FbEcDbO.exe
  C:\Windows\System\FbEcDbO.exe
  2⤵
  PID:5912
- C:\Windows\System\tXtIBKh.exe
  C:\Windows\System\tXtIBKh.exe
  2⤵
  PID:5932
- C:\Windows\System\FGmtFZe.exe
  C:\Windows\System\FGmtFZe.exe
  2⤵
  PID:5952
- C:\Windows\System\JlzxiWX.exe
  C:\Windows\System\JlzxiWX.exe
  2⤵
  PID:5972
- C:\Windows\System\ErQpdYk.exe
  C:\Windows\System\ErQpdYk.exe
  2⤵
  PID:5996
- C:\Windows\System\MVCBCQG.exe
  C:\Windows\System\MVCBCQG.exe
  2⤵
  PID:6016
- C:\Windows\System\CCQLBFw.exe
  C:\Windows\System\CCQLBFw.exe
  2⤵
  PID:6036
- C:\Windows\System\trvzTRh.exe
  C:\Windows\System\trvzTRh.exe
  2⤵
  PID:6056
- C:\Windows\System\vyZSxfE.exe
  C:\Windows\System\vyZSxfE.exe
  2⤵
  PID:6076
- C:\Windows\System\hXJfUcD.exe
  C:\Windows\System\hXJfUcD.exe
  2⤵
  PID:6096
- C:\Windows\System\MZDVHDl.exe
  C:\Windows\System\MZDVHDl.exe
  2⤵
  PID:6116
- C:\Windows\System\TFQyFgl.exe
  C:\Windows\System\TFQyFgl.exe
  2⤵
  PID:6136
- C:\Windows\System\FQnttsf.exe
  C:\Windows\System\FQnttsf.exe
  2⤵
  PID:4376
- C:\Windows\System\RkjNptN.exe
  C:\Windows\System\RkjNptN.exe
  2⤵
  PID:4400
- C:\Windows\System\OKOllnj.exe
  C:\Windows\System\OKOllnj.exe
  2⤵
  PID:4504
- C:\Windows\System\BwUrccM.exe
  C:\Windows\System\BwUrccM.exe
  2⤵
  PID:4676
- C:\Windows\System\BVIFPmc.exe
  C:\Windows\System\BVIFPmc.exe
  2⤵
  PID:4756
- C:\Windows\System\JuuVEMt.exe
  C:\Windows\System\JuuVEMt.exe
  2⤵
  PID:4844
- C:\Windows\System\KsWrTwT.exe
  C:\Windows\System\KsWrTwT.exe
  2⤵
  PID:4928
- C:\Windows\System\tDmnbHM.exe
  C:\Windows\System\tDmnbHM.exe
  2⤵
  PID:4964
- C:\Windows\System\lrZxEDv.exe
  C:\Windows\System\lrZxEDv.exe
  2⤵
  PID:5112
- C:\Windows\System\CmqKUvm.exe
  C:\Windows\System\CmqKUvm.exe
  2⤵
  PID:3704
- C:\Windows\System\ewtdiRs.exe
  C:\Windows\System\ewtdiRs.exe
  2⤵
  PID:4104
- C:\Windows\System\DOmyvwK.exe
  C:\Windows\System\DOmyvwK.exe
  2⤵
  PID:5048
- C:\Windows\System\sRppOEo.exe
  C:\Windows\System\sRppOEo.exe
  2⤵
  PID:4236
- C:\Windows\System\OQsruGl.exe
  C:\Windows\System\OQsruGl.exe
  2⤵
  PID:5140
- C:\Windows\System\apZGGGP.exe
  C:\Windows\System\apZGGGP.exe
  2⤵
  PID:5184
- C:\Windows\System\vTVHXPs.exe
  C:\Windows\System\vTVHXPs.exe
  2⤵
  PID:5236
- C:\Windows\System\gGkUwat.exe
  C:\Windows\System\gGkUwat.exe
  2⤵
  PID:5256
- C:\Windows\System\jIFbBHN.exe
  C:\Windows\System\jIFbBHN.exe
  2⤵
  PID:5280
- C:\Windows\System\KkJUMgF.exe
  C:\Windows\System\KkJUMgF.exe
  2⤵
  PID:5300
- C:\Windows\System\wNsDRrK.exe
  C:\Windows\System\wNsDRrK.exe
  2⤵
  PID:5344
- C:\Windows\System\TVVAFSB.exe
  C:\Windows\System\TVVAFSB.exe
  2⤵
  PID:5384
- C:\Windows\System\FCuEufk.exe
  C:\Windows\System\FCuEufk.exe
  2⤵
  PID:5424
- C:\Windows\System\tEzqxmf.exe
  C:\Windows\System\tEzqxmf.exe
  2⤵
  PID:5456
- C:\Windows\System\AEBAaCj.exe
  C:\Windows\System\AEBAaCj.exe
  2⤵
  PID:5480
- C:\Windows\System\iNoZLyX.exe
  C:\Windows\System\iNoZLyX.exe
  2⤵
  PID:5500
- C:\Windows\System\UXyebLf.exe
  C:\Windows\System\UXyebLf.exe
  2⤵
  PID:5556
- C:\Windows\System\KBXVUXe.exe
  C:\Windows\System\KBXVUXe.exe
  2⤵
  PID:5584
- C:\Windows\System\PQXibjH.exe
  C:\Windows\System\PQXibjH.exe
  2⤵
  PID:5636
- C:\Windows\System\IovmRcs.exe
  C:\Windows\System\IovmRcs.exe
  2⤵
  PID:5664
- C:\Windows\System\varjOZk.exe
  C:\Windows\System\varjOZk.exe
  2⤵
  PID:5696
- C:\Windows\System\EcEbWxe.exe
  C:\Windows\System\EcEbWxe.exe
  2⤵
  PID:5720
- C:\Windows\System\JYWqJNj.exe
  C:\Windows\System\JYWqJNj.exe
  2⤵
  PID:5740
- C:\Windows\System\rLhFMMe.exe
  C:\Windows\System\rLhFMMe.exe
  2⤵
  PID:5808
- C:\Windows\System\NBJGxjM.exe
  C:\Windows\System\NBJGxjM.exe
  2⤵
  PID:5840
- C:\Windows\System\oZqoAmG.exe
  C:\Windows\System\oZqoAmG.exe
  2⤵
  PID:5880
- C:\Windows\System\acbQugK.exe
  C:\Windows\System\acbQugK.exe
  2⤵
  PID:5908
- C:\Windows\System\FjpdVGo.exe
  C:\Windows\System\FjpdVGo.exe
  2⤵
  PID:5940
- C:\Windows\System\FeJjAsi.exe
  C:\Windows\System\FeJjAsi.exe
  2⤵
  PID:5964
- C:\Windows\System\xqgBYIp.exe
  C:\Windows\System\xqgBYIp.exe
  2⤵
  PID:5992
- C:\Windows\System\ZJNgZft.exe
  C:\Windows\System\ZJNgZft.exe
  2⤵
  PID:6044
- C:\Windows\System\HKZgUTe.exe
  C:\Windows\System\HKZgUTe.exe
  2⤵
  PID:6068
- C:\Windows\System\HlGQhIT.exe
  C:\Windows\System\HlGQhIT.exe
  2⤵
  PID:6112
- C:\Windows\System\MdynZuB.exe
  C:\Windows\System\MdynZuB.exe
  2⤵
  PID:4264
- C:\Windows\System\bJXGHQl.exe
  C:\Windows\System\bJXGHQl.exe
  2⤵
  PID:4476
- C:\Windows\System\PeZWrOz.exe
  C:\Windows\System\PeZWrOz.exe
  2⤵
  PID:4536
- C:\Windows\System\fDMVgSq.exe
  C:\Windows\System\fDMVgSq.exe
  2⤵
  PID:4736
- C:\Windows\System\ULvPyIK.exe
  C:\Windows\System\ULvPyIK.exe
  2⤵
  PID:4880
- C:\Windows\System\qLFySuk.exe
  C:\Windows\System\qLFySuk.exe
  2⤵
  PID:5008
- C:\Windows\System\ooeIlKQ.exe
  C:\Windows\System\ooeIlKQ.exe
  2⤵
  PID:5108
- C:\Windows\System\cPjCATc.exe
  C:\Windows\System\cPjCATc.exe
  2⤵
  PID:4116
- C:\Windows\System\ZKqPVaV.exe
  C:\Windows\System\ZKqPVaV.exe
  2⤵
  PID:5156
- C:\Windows\System\SHatGaD.exe
  C:\Windows\System\SHatGaD.exe
  2⤵
  PID:5176
- C:\Windows\System\SaZjFOI.exe
  C:\Windows\System\SaZjFOI.exe
  2⤵
  PID:5220
- C:\Windows\System\uWOANXG.exe
  C:\Windows\System\uWOANXG.exe
  2⤵
  PID:5264
- C:\Windows\System\nsbKQpv.exe
  C:\Windows\System\nsbKQpv.exe
  2⤵
  PID:5324
- C:\Windows\System\pxymQGH.exe
  C:\Windows\System\pxymQGH.exe
  2⤵
  PID:5376
- C:\Windows\System\TLfikjG.exe
  C:\Windows\System\TLfikjG.exe
  2⤵
  PID:5440
- C:\Windows\System\RJszqUP.exe
  C:\Windows\System\RJszqUP.exe
  2⤵
  PID:5524
- C:\Windows\System\GVnrYlC.exe
  C:\Windows\System\GVnrYlC.exe
  2⤵
  PID:5560
- C:\Windows\System\fVhsMax.exe
  C:\Windows\System\fVhsMax.exe
  2⤵
  PID:5600
- C:\Windows\System\SIbNyNj.exe
  C:\Windows\System\SIbNyNj.exe
  2⤵
  PID:5680
- C:\Windows\System\NFdfYpr.exe
  C:\Windows\System\NFdfYpr.exe
  2⤵
  PID:5744
- C:\Windows\System\SjNgEJL.exe
  C:\Windows\System\SjNgEJL.exe
  2⤵
  PID:5788
- C:\Windows\System\BzlYwvm.exe
  C:\Windows\System\BzlYwvm.exe
  2⤵
  PID:5868
- C:\Windows\System\GWORcXF.exe
  C:\Windows\System\GWORcXF.exe
  2⤵
  PID:5928
- C:\Windows\System\GdpaLMa.exe
  C:\Windows\System\GdpaLMa.exe
  2⤵
  PID:5960
- C:\Windows\System\ltCQRoT.exe
  C:\Windows\System\ltCQRoT.exe
  2⤵
  PID:6012
- C:\Windows\System\pJKFSmc.exe
  C:\Windows\System\pJKFSmc.exe
  2⤵
  PID:6092
- C:\Windows\System\gnfeSxQ.exe
  C:\Windows\System\gnfeSxQ.exe
  2⤵
  PID:4344
- C:\Windows\System\RQAdhYo.exe
  C:\Windows\System\RQAdhYo.exe
  2⤵
  PID:4520
- C:\Windows\System\bmLMFnc.exe
  C:\Windows\System\bmLMFnc.exe
  2⤵
  PID:4744
- C:\Windows\System\EKuvNhk.exe
  C:\Windows\System\EKuvNhk.exe
  2⤵
  PID:3324
- C:\Windows\System\xUuLAKv.exe
  C:\Windows\System\xUuLAKv.exe
  2⤵
  PID:2416
- C:\Windows\System\gwqntgl.exe
  C:\Windows\System\gwqntgl.exe
  2⤵
  PID:4244
- C:\Windows\System\llXvDhS.exe
  C:\Windows\System\llXvDhS.exe
  2⤵
  PID:5200
- C:\Windows\System\PMkPDMW.exe
  C:\Windows\System\PMkPDMW.exe
  2⤵
  PID:5304
- C:\Windows\System\aDImLKV.exe
  C:\Windows\System\aDImLKV.exe
  2⤵
  PID:5400
- C:\Windows\System\SIANtBa.exe
  C:\Windows\System\SIANtBa.exe
  2⤵
  PID:5476
- C:\Windows\System\ArDbHDf.exe
  C:\Windows\System\ArDbHDf.exe
  2⤵
  PID:5616
- C:\Windows\System\dsjlnIT.exe
  C:\Windows\System\dsjlnIT.exe
  2⤵
  PID:5644
- C:\Windows\System\MMJborJ.exe
  C:\Windows\System\MMJborJ.exe
  2⤵
  PID:6160
- C:\Windows\System\wSYmGOg.exe
  C:\Windows\System\wSYmGOg.exe
  2⤵
  PID:6184
- C:\Windows\System\IipOnGa.exe
  C:\Windows\System\IipOnGa.exe
  2⤵
  PID:6204
- C:\Windows\System\hnjtzMX.exe
  C:\Windows\System\hnjtzMX.exe
  2⤵
  PID:6224
- C:\Windows\System\sCLybkq.exe
  C:\Windows\System\sCLybkq.exe
  2⤵
  PID:6244
- C:\Windows\System\fSQWWDn.exe
  C:\Windows\System\fSQWWDn.exe
  2⤵
  PID:6264
- C:\Windows\System\LceVQCL.exe
  C:\Windows\System\LceVQCL.exe
  2⤵
  PID:6284
- C:\Windows\System\MMThlnT.exe
  C:\Windows\System\MMThlnT.exe
  2⤵
  PID:6304
- C:\Windows\System\pAZtXRc.exe
  C:\Windows\System\pAZtXRc.exe
  2⤵
  PID:6324
- C:\Windows\System\wxdrnja.exe
  C:\Windows\System\wxdrnja.exe
  2⤵
  PID:6344
- C:\Windows\System\QyKeeVq.exe
  C:\Windows\System\QyKeeVq.exe
  2⤵
  PID:6364
- C:\Windows\System\YNTZzIy.exe
  C:\Windows\System\YNTZzIy.exe
  2⤵
  PID:6384
- C:\Windows\System\caQKEnB.exe
  C:\Windows\System\caQKEnB.exe
  2⤵
  PID:6404
- C:\Windows\System\gzJqmTT.exe
  C:\Windows\System\gzJqmTT.exe
  2⤵
  PID:6424
- C:\Windows\System\nZdehfB.exe
  C:\Windows\System\nZdehfB.exe
  2⤵
  PID:6444
- C:\Windows\System\RfLNLKa.exe
  C:\Windows\System\RfLNLKa.exe
  2⤵
  PID:6464
- C:\Windows\System\amZqety.exe
  C:\Windows\System\amZqety.exe
  2⤵
  PID:6484
- C:\Windows\System\jrbExyi.exe
  C:\Windows\System\jrbExyi.exe
  2⤵
  PID:6504
- C:\Windows\System\sjdvZDJ.exe
  C:\Windows\System\sjdvZDJ.exe
  2⤵
  PID:6524
- C:\Windows\System\oZpCKPy.exe
  C:\Windows\System\oZpCKPy.exe
  2⤵
  PID:6544
- C:\Windows\System\uvNUksT.exe
  C:\Windows\System\uvNUksT.exe
  2⤵
  PID:6564
- C:\Windows\System\wNkNNdS.exe
  C:\Windows\System\wNkNNdS.exe
  2⤵
  PID:6584
- C:\Windows\System\ZCyVCet.exe
  C:\Windows\System\ZCyVCet.exe
  2⤵
  PID:6604
- C:\Windows\System\IbwPFgC.exe
  C:\Windows\System\IbwPFgC.exe
  2⤵
  PID:6624
- C:\Windows\System\nKBZGmO.exe
  C:\Windows\System\nKBZGmO.exe
  2⤵
  PID:6644
- C:\Windows\System\slbPugB.exe
  C:\Windows\System\slbPugB.exe
  2⤵
  PID:6664
- C:\Windows\System\trhqlUF.exe
  C:\Windows\System\trhqlUF.exe
  2⤵
  PID:6684
- C:\Windows\System\jlvFHsE.exe
  C:\Windows\System\jlvFHsE.exe
  2⤵
  PID:6708
- C:\Windows\System\bNDPaZQ.exe
  C:\Windows\System\bNDPaZQ.exe
  2⤵
  PID:6728
- C:\Windows\System\XeILohS.exe
  C:\Windows\System\XeILohS.exe
  2⤵
  PID:6748
- C:\Windows\System\ACJklyX.exe
  C:\Windows\System\ACJklyX.exe
  2⤵
  PID:6768
- C:\Windows\System\GRkJldZ.exe
  C:\Windows\System\GRkJldZ.exe
  2⤵
  PID:6788
- C:\Windows\System\UTLlcZW.exe
  C:\Windows\System\UTLlcZW.exe
  2⤵
  PID:6808
- C:\Windows\System\yReRYrj.exe
  C:\Windows\System\yReRYrj.exe
  2⤵
  PID:6828
- C:\Windows\System\gPupScJ.exe
  C:\Windows\System\gPupScJ.exe
  2⤵
  PID:6848
- C:\Windows\System\sZZIyEt.exe
  C:\Windows\System\sZZIyEt.exe
  2⤵
  PID:6868
- C:\Windows\System\jOxrkfD.exe
  C:\Windows\System\jOxrkfD.exe
  2⤵
  PID:6888
- C:\Windows\System\OLEAptm.exe
  C:\Windows\System\OLEAptm.exe
  2⤵
  PID:6908
- C:\Windows\System\EivwHAu.exe
  C:\Windows\System\EivwHAu.exe
  2⤵
  PID:6928
- C:\Windows\System\xgjadHz.exe
  C:\Windows\System\xgjadHz.exe
  2⤵
  PID:6948
- C:\Windows\System\yZXqRHG.exe
  C:\Windows\System\yZXqRHG.exe
  2⤵
  PID:6968
- C:\Windows\System\BhZmHjt.exe
  C:\Windows\System\BhZmHjt.exe
  2⤵
  PID:6988
- C:\Windows\System\LvgKiNY.exe
  C:\Windows\System\LvgKiNY.exe
  2⤵
  PID:7008
- C:\Windows\System\PQfRFGq.exe
  C:\Windows\System\PQfRFGq.exe
  2⤵
  PID:7028
- C:\Windows\System\KaMBXdA.exe
  C:\Windows\System\KaMBXdA.exe
  2⤵
  PID:7048
- C:\Windows\System\OsrdBTa.exe
  C:\Windows\System\OsrdBTa.exe
  2⤵
  PID:7068
- C:\Windows\System\nwGZywb.exe
  C:\Windows\System\nwGZywb.exe
  2⤵
  PID:7088
- C:\Windows\System\sCrmSWb.exe
  C:\Windows\System\sCrmSWb.exe
  2⤵
  PID:7108
- C:\Windows\System\bfKgOeO.exe
  C:\Windows\System\bfKgOeO.exe
  2⤵
  PID:7128
- C:\Windows\System\FCjdNNp.exe
  C:\Windows\System\FCjdNNp.exe
  2⤵
  PID:7152
- C:\Windows\System\dbsjvpb.exe
  C:\Windows\System\dbsjvpb.exe
  2⤵
  PID:5756
- C:\Windows\System\lGsbxmF.exe
  C:\Windows\System\lGsbxmF.exe
  2⤵
  PID:5828
- C:\Windows\System\ZwpAaHz.exe
  C:\Windows\System\ZwpAaHz.exe
  2⤵
  PID:5884
- C:\Windows\System\WNUItcS.exe
  C:\Windows\System\WNUItcS.exe
  2⤵
  PID:6048
- C:\Windows\System\SgvjgkQ.exe
  C:\Windows\System\SgvjgkQ.exe
  2⤵
  PID:6128
- C:\Windows\System\DEMShiJ.exe
  C:\Windows\System\DEMShiJ.exe
  2⤵
  PID:4820
- C:\Windows\System\ZPpQssb.exe
  C:\Windows\System\ZPpQssb.exe
  2⤵
  PID:3948
- C:\Windows\System\kCVgvHO.exe
  C:\Windows\System\kCVgvHO.exe
  2⤵
  PID:5124
- C:\Windows\System\kYXMDpM.exe
  C:\Windows\System\kYXMDpM.exe
  2⤵
  PID:5336
- C:\Windows\System\ezCQrLo.exe
  C:\Windows\System\ezCQrLo.exe
  2⤵
  PID:5484
- C:\Windows\System\CqeABWQ.exe
  C:\Windows\System\CqeABWQ.exe
  2⤵
  PID:5540
- C:\Windows\System\qyqHWgy.exe
  C:\Windows\System\qyqHWgy.exe
  2⤵
  PID:6156
- C:\Windows\System\MueMVac.exe
  C:\Windows\System\MueMVac.exe
  2⤵
  PID:6192
- C:\Windows\System\MrfGVxe.exe
  C:\Windows\System\MrfGVxe.exe
  2⤵
  PID:6216
- C:\Windows\System\aJLefso.exe
  C:\Windows\System\aJLefso.exe
  2⤵
  PID:6260
- C:\Windows\System\bILxJGY.exe
  C:\Windows\System\bILxJGY.exe
  2⤵
  PID:6300
- C:\Windows\System\zukfFsT.exe
  C:\Windows\System\zukfFsT.exe
  2⤵
  PID:6320
- C:\Windows\System\MyJRyQG.exe
  C:\Windows\System\MyJRyQG.exe
  2⤵
  PID:6356
- C:\Windows\System\nERQGEE.exe
  C:\Windows\System\nERQGEE.exe
  2⤵
  PID:6400
- C:\Windows\System\TcTbtfF.exe
  C:\Windows\System\TcTbtfF.exe
  2⤵
  PID:6432
- C:\Windows\System\vQQCAjJ.exe
  C:\Windows\System\vQQCAjJ.exe
  2⤵
  PID:6456
- C:\Windows\System\dGDlIXm.exe
  C:\Windows\System\dGDlIXm.exe
  2⤵
  PID:6500
- C:\Windows\System\lRwdikU.exe
  C:\Windows\System\lRwdikU.exe
  2⤵
  PID:6516
- C:\Windows\System\jYtUAIn.exe
  C:\Windows\System\jYtUAIn.exe
  2⤵
  PID:6560
- C:\Windows\System\rpkTLXy.exe
  C:\Windows\System\rpkTLXy.exe
  2⤵
  PID:6592
- C:\Windows\System\wVPdRHG.exe
  C:\Windows\System\wVPdRHG.exe
  2⤵
  PID:6620
- C:\Windows\System\mHiDfdi.exe
  C:\Windows\System\mHiDfdi.exe
  2⤵
  PID:6660
- C:\Windows\System\dKSsZRn.exe
  C:\Windows\System\dKSsZRn.exe
  2⤵
  PID:6676
- C:\Windows\System\yjPjBcS.exe
  C:\Windows\System\yjPjBcS.exe
  2⤵
  PID:6720
- C:\Windows\System\CYSoIbt.exe
  C:\Windows\System\CYSoIbt.exe
  2⤵
  PID:6756
- C:\Windows\System\ZguzTiF.exe
  C:\Windows\System\ZguzTiF.exe
  2⤵
  PID:6796
- C:\Windows\System\IIUXuga.exe
  C:\Windows\System\IIUXuga.exe
  2⤵
  PID:6820
- C:\Windows\System\cwqlRsN.exe
  C:\Windows\System\cwqlRsN.exe
  2⤵
  PID:6864
- C:\Windows\System\VjyMfwF.exe
  C:\Windows\System\VjyMfwF.exe
  2⤵
  PID:6880
- C:\Windows\System\TuhFgZs.exe
  C:\Windows\System\TuhFgZs.exe
  2⤵
  PID:6924
- C:\Windows\System\vLpWQbi.exe
  C:\Windows\System\vLpWQbi.exe
  2⤵
  PID:6964
- C:\Windows\System\oWBGleQ.exe
  C:\Windows\System\oWBGleQ.exe
  2⤵
  PID:6996
- C:\Windows\System\LLIJTSW.exe
  C:\Windows\System\LLIJTSW.exe
  2⤵
  PID:7020
- C:\Windows\System\wLyauEx.exe
  C:\Windows\System\wLyauEx.exe
  2⤵
  PID:7040
- C:\Windows\System\cBUfMCk.exe
  C:\Windows\System\cBUfMCk.exe
  2⤵
  PID:7104
- C:\Windows\System\yMSwtnJ.exe
  C:\Windows\System\yMSwtnJ.exe
  2⤵
  PID:7148
- C:\Windows\System\hmuNrJt.exe
  C:\Windows\System\hmuNrJt.exe
  2⤵
  PID:5724
- C:\Windows\System\dvVpqSE.exe
  C:\Windows\System\dvVpqSE.exe
  2⤵
  PID:5900
- C:\Windows\System\TgdIrMy.exe
  C:\Windows\System\TgdIrMy.exe
  2⤵
  PID:6028
- C:\Windows\System\BMsOlCJ.exe
  C:\Windows\System\BMsOlCJ.exe
  2⤵
  PID:6088
- C:\Windows\System\LCgMCUl.exe
  C:\Windows\System\LCgMCUl.exe
  2⤵
  PID:5160
- C:\Windows\System\HkKuGEP.exe
  C:\Windows\System\HkKuGEP.exe
  2⤵
  PID:5396
- C:\Windows\System\ecoGBMA.exe
  C:\Windows\System\ecoGBMA.exe
  2⤵
  PID:5544
- C:\Windows\System\XWryNKa.exe
  C:\Windows\System\XWryNKa.exe
  2⤵
  PID:6176
- C:\Windows\System\owYwzRJ.exe
  C:\Windows\System\owYwzRJ.exe
  2⤵
  PID:6240
- C:\Windows\System\KZtkzml.exe
  C:\Windows\System\KZtkzml.exe
  2⤵
  PID:6280
- C:\Windows\System\AOxKvra.exe
  C:\Windows\System\AOxKvra.exe
  2⤵
  PID:6360
- C:\Windows\System\PwIEDpf.exe
  C:\Windows\System\PwIEDpf.exe
  2⤵
  PID:6376
- C:\Windows\System\qVatpwC.exe
  C:\Windows\System\qVatpwC.exe
  2⤵
  PID:6460
- C:\Windows\System\uGwGSOT.exe
  C:\Windows\System\uGwGSOT.exe
  2⤵
  PID:6520
- C:\Windows\System\LZrWAnV.exe
  C:\Windows\System\LZrWAnV.exe
  2⤵
  PID:6612
- C:\Windows\System\gUikCty.exe
  C:\Windows\System\gUikCty.exe
  2⤵
  PID:6576
- C:\Windows\System\iadgPhF.exe
  C:\Windows\System\iadgPhF.exe
  2⤵
  PID:6680
- C:\Windows\System\aTljBQn.exe
  C:\Windows\System\aTljBQn.exe
  2⤵
  PID:6716
- C:\Windows\System\UfWTCqh.exe
  C:\Windows\System\UfWTCqh.exe
  2⤵
  PID:6780
- C:\Windows\System\rCPCAmB.exe
  C:\Windows\System\rCPCAmB.exe
  2⤵
  PID:6876
- C:\Windows\System\jwaaClb.exe
  C:\Windows\System\jwaaClb.exe
  2⤵
  PID:6900
- C:\Windows\System\hCACHpP.exe
  C:\Windows\System\hCACHpP.exe
  2⤵
  PID:6940
- C:\Windows\System\XUoQMcp.exe
  C:\Windows\System\XUoQMcp.exe
  2⤵
  PID:6960
- C:\Windows\System\RaXZkaO.exe
  C:\Windows\System\RaXZkaO.exe
  2⤵
  PID:7056
- C:\Windows\System\LPtGAII.exe
  C:\Windows\System\LPtGAII.exe
  2⤵
  PID:7116
- C:\Windows\System\UCvkSCS.exe
  C:\Windows\System\UCvkSCS.exe
  2⤵
  PID:5844
- C:\Windows\System\cHmWfkw.exe
  C:\Windows\System\cHmWfkw.exe
  2⤵
  PID:6024
- C:\Windows\System\pqfXbLx.exe
  C:\Windows\System\pqfXbLx.exe
  2⤵
  PID:6132
- C:\Windows\System\DLLAdoR.exe
  C:\Windows\System\DLLAdoR.exe
  2⤵
  PID:5404
- C:\Windows\System\qfdoWie.exe
  C:\Windows\System\qfdoWie.exe
  2⤵
  PID:6168
- C:\Windows\System\rgkStgE.exe
  C:\Windows\System\rgkStgE.exe
  2⤵
  PID:6340
- C:\Windows\System\nWRQyda.exe
  C:\Windows\System\nWRQyda.exe
  2⤵
  PID:7144
- C:\Windows\System\AOofEvk.exe
  C:\Windows\System\AOofEvk.exe
  2⤵
  PID:6480
- C:\Windows\System\KBAezQc.exe
  C:\Windows\System\KBAezQc.exe
  2⤵
  PID:6172
- C:\Windows\System\zbaDawy.exe
  C:\Windows\System\zbaDawy.exe
  2⤵
  PID:6616
- C:\Windows\System\DlzDfbH.exe
  C:\Windows\System\DlzDfbH.exe
  2⤵
  PID:6724
- C:\Windows\System\gxknSWA.exe
  C:\Windows\System\gxknSWA.exe
  2⤵
  PID:6884
- C:\Windows\System\cPWokJT.exe
  C:\Windows\System\cPWokJT.exe
  2⤵
  PID:6956
- C:\Windows\System\NHtWohF.exe
  C:\Windows\System\NHtWohF.exe
  2⤵
  PID:7188
- C:\Windows\System\bdsAiyP.exe
  C:\Windows\System\bdsAiyP.exe
  2⤵
  PID:7208
- C:\Windows\System\togWNWb.exe
  C:\Windows\System\togWNWb.exe
  2⤵
  PID:7228
- C:\Windows\System\uqzMmCg.exe
  C:\Windows\System\uqzMmCg.exe
  2⤵
  PID:7248
- C:\Windows\System\CEJHCSG.exe
  C:\Windows\System\CEJHCSG.exe
  2⤵
  PID:7268
- C:\Windows\System\CEKcQvo.exe
  C:\Windows\System\CEKcQvo.exe
  2⤵
  PID:7288
- C:\Windows\System\GeVwpIJ.exe
  C:\Windows\System\GeVwpIJ.exe
  2⤵
  PID:7308
- C:\Windows\System\WcsMwEN.exe
  C:\Windows\System\WcsMwEN.exe
  2⤵
  PID:7328
- C:\Windows\System\FOPXNAe.exe
  C:\Windows\System\FOPXNAe.exe
  2⤵
  PID:7348
- C:\Windows\System\jSzSGid.exe
  C:\Windows\System\jSzSGid.exe
  2⤵
  PID:7368
- C:\Windows\System\SGymTcw.exe
  C:\Windows\System\SGymTcw.exe
  2⤵
  PID:7388
- C:\Windows\System\PZWlkAa.exe
  C:\Windows\System\PZWlkAa.exe
  2⤵
  PID:7412
- C:\Windows\System\fDchDwC.exe
  C:\Windows\System\fDchDwC.exe
  2⤵
  PID:7436
- C:\Windows\System\CpDZaXc.exe
  C:\Windows\System\CpDZaXc.exe
  2⤵
  PID:7456
- C:\Windows\System\nvjmkof.exe
  C:\Windows\System\nvjmkof.exe
  2⤵
  PID:7476
- C:\Windows\System\CIpSbHA.exe
  C:\Windows\System\CIpSbHA.exe
  2⤵
  PID:7496
- C:\Windows\System\PRxbXtb.exe
  C:\Windows\System\PRxbXtb.exe
  2⤵
  PID:7516
- C:\Windows\System\ULsabxo.exe
  C:\Windows\System\ULsabxo.exe
  2⤵
  PID:7536
- C:\Windows\System\EIUAMnR.exe
  C:\Windows\System\EIUAMnR.exe
  2⤵
  PID:7556
- C:\Windows\System\WqhnBXy.exe
  C:\Windows\System\WqhnBXy.exe
  2⤵
  PID:7576
- C:\Windows\System\nCAOOlq.exe
  C:\Windows\System\nCAOOlq.exe
  2⤵
  PID:7596
- C:\Windows\System\hevZVUg.exe
  C:\Windows\System\hevZVUg.exe
  2⤵
  PID:7616
- C:\Windows\System\UqGfjES.exe
  C:\Windows\System\UqGfjES.exe
  2⤵
  PID:7632
- C:\Windows\System\NvFuSPE.exe
  C:\Windows\System\NvFuSPE.exe
  2⤵
  PID:7656
- C:\Windows\System\iFNgaqx.exe
  C:\Windows\System\iFNgaqx.exe
  2⤵
  PID:7676
- C:\Windows\System\wjsGnpQ.exe
  C:\Windows\System\wjsGnpQ.exe
  2⤵
  PID:7696
- C:\Windows\System\ieWeJNf.exe
  C:\Windows\System\ieWeJNf.exe
  2⤵
  PID:7716
- C:\Windows\System\pWLsDBZ.exe
  C:\Windows\System\pWLsDBZ.exe
  2⤵
  PID:7736
- C:\Windows\System\dQnAAri.exe
  C:\Windows\System\dQnAAri.exe
  2⤵
  PID:7756
- C:\Windows\System\iHVemNR.exe
  C:\Windows\System\iHVemNR.exe
  2⤵
  PID:7776
- C:\Windows\System\dImePfq.exe
  C:\Windows\System\dImePfq.exe
  2⤵
  PID:7796
- C:\Windows\System\AwPJeDA.exe
  C:\Windows\System\AwPJeDA.exe
  2⤵
  PID:7816
- C:\Windows\System\ZiaLCkP.exe
  C:\Windows\System\ZiaLCkP.exe
  2⤵
  PID:7836
- C:\Windows\System\rbmWsQe.exe
  C:\Windows\System\rbmWsQe.exe
  2⤵
  PID:7856
- C:\Windows\System\PSmVRLX.exe
  C:\Windows\System\PSmVRLX.exe
  2⤵
  PID:7876
- C:\Windows\System\rxQvLnf.exe
  C:\Windows\System\rxQvLnf.exe
  2⤵
  PID:7896
- C:\Windows\System\inTwzNC.exe
  C:\Windows\System\inTwzNC.exe
  2⤵
  PID:7916
- C:\Windows\System\eOIgDnB.exe
  C:\Windows\System\eOIgDnB.exe
  2⤵
  PID:7936
- C:\Windows\System\UQfMDFR.exe
  C:\Windows\System\UQfMDFR.exe
  2⤵
  PID:7956
- C:\Windows\System\zkcMNCS.exe
  C:\Windows\System\zkcMNCS.exe
  2⤵
  PID:7976
- C:\Windows\System\ExLDVSy.exe
  C:\Windows\System\ExLDVSy.exe
  2⤵
  PID:7996
- C:\Windows\System\nCOhkyP.exe
  C:\Windows\System\nCOhkyP.exe
  2⤵
  PID:8016
- C:\Windows\System\kFqjBZu.exe
  C:\Windows\System\kFqjBZu.exe
  2⤵
  PID:8036
- C:\Windows\System\UNOSnhX.exe
  C:\Windows\System\UNOSnhX.exe
  2⤵
  PID:8056
- C:\Windows\System\PzTQhgQ.exe
  C:\Windows\System\PzTQhgQ.exe
  2⤵
  PID:8076
- C:\Windows\System\xMQpLuY.exe
  C:\Windows\System\xMQpLuY.exe
  2⤵
  PID:8096
- C:\Windows\System\LscGVQz.exe
  C:\Windows\System\LscGVQz.exe
  2⤵
  PID:8120
- C:\Windows\System\oPMPeQc.exe
  C:\Windows\System\oPMPeQc.exe
  2⤵
  PID:8140
- C:\Windows\System\wtxtDxX.exe
  C:\Windows\System\wtxtDxX.exe
  2⤵
  PID:8160
- C:\Windows\System\GoFugDl.exe
  C:\Windows\System\GoFugDl.exe
  2⤵
  PID:8180
- C:\Windows\System\ExKLHdB.exe
  C:\Windows\System\ExKLHdB.exe
  2⤵
  PID:6916
- C:\Windows\System\CHYkHAk.exe
  C:\Windows\System\CHYkHAk.exe
  2⤵
  PID:7096
- C:\Windows\System\ywlApAx.exe
  C:\Windows\System\ywlApAx.exe
  2⤵
  PID:7120
- C:\Windows\System\NcDIvxk.exe
  C:\Windows\System\NcDIvxk.exe
  2⤵
  PID:7160
- C:\Windows\System\oBLWOiw.exe
  C:\Windows\System\oBLWOiw.exe
  2⤵
  PID:5204
- C:\Windows\System\EeqTOVZ.exe
  C:\Windows\System\EeqTOVZ.exe
  2⤵
  PID:6236
- C:\Windows\System\dPragjs.exe
  C:\Windows\System\dPragjs.exe
  2⤵
  PID:6312
- C:\Windows\System\EaAbfmz.exe
  C:\Windows\System\EaAbfmz.exe
  2⤵
  PID:6652
- C:\Windows\System\sERryyR.exe
  C:\Windows\System\sERryyR.exe
  2⤵
  PID:6640
- C:\Windows\System\rcuiKhS.exe
  C:\Windows\System\rcuiKhS.exe
  2⤵
  PID:6760
- C:\Windows\System\lufPpfa.exe
  C:\Windows\System\lufPpfa.exe
  2⤵
  PID:7184
- C:\Windows\System\RsNvePM.exe
  C:\Windows\System\RsNvePM.exe
  2⤵
  PID:7216
- C:\Windows\System\LUWqhrO.exe
  C:\Windows\System\LUWqhrO.exe
  2⤵
  PID:7236
- C:\Windows\System\rrvtUud.exe
  C:\Windows\System\rrvtUud.exe
  2⤵
  PID:7304
- C:\Windows\System\Rdbwrtl.exe
  C:\Windows\System\Rdbwrtl.exe
  2⤵
  PID:7300
- C:\Windows\System\PJFMuEb.exe
  C:\Windows\System\PJFMuEb.exe
  2⤵
  PID:7320
- C:\Windows\System\ybBvBJh.exe
  C:\Windows\System\ybBvBJh.exe
  2⤵
  PID:7384
- C:\Windows\System\PvcBimu.exe
  C:\Windows\System\PvcBimu.exe
  2⤵
  PID:7400
- C:\Windows\System\DGLyaTk.exe
  C:\Windows\System\DGLyaTk.exe
  2⤵
  PID:7472
- C:\Windows\System\TwYoltt.exe
  C:\Windows\System\TwYoltt.exe
  2⤵
  PID:7484
- C:\Windows\System\woEqoNI.exe
  C:\Windows\System\woEqoNI.exe
  2⤵
  PID:7544
- C:\Windows\System\fmzOcPg.exe
  C:\Windows\System\fmzOcPg.exe
  2⤵
  PID:7548
- C:\Windows\System\VwKzjFm.exe
  C:\Windows\System\VwKzjFm.exe
  2⤵
  PID:7592
- C:\Windows\System\zufdcQE.exe
  C:\Windows\System\zufdcQE.exe
  2⤵
  PID:7628
- C:\Windows\System\jTlgmDk.exe
  C:\Windows\System\jTlgmDk.exe
  2⤵
  PID:7652
- C:\Windows\System\mrbUBSL.exe
  C:\Windows\System\mrbUBSL.exe
  2⤵
  PID:7692
- C:\Windows\System\iSYeLaw.exe
  C:\Windows\System\iSYeLaw.exe
  2⤵
  PID:7724
- C:\Windows\System\evQkrUI.exe
  C:\Windows\System\evQkrUI.exe
  2⤵
  PID:7748
- C:\Windows\System\NUVEupQ.exe
  C:\Windows\System\NUVEupQ.exe
  2⤵
  PID:7772
- C:\Windows\System\LOCdqAW.exe
  C:\Windows\System\LOCdqAW.exe
  2⤵
  PID:7812
- C:\Windows\System\tTeRhjN.exe
  C:\Windows\System\tTeRhjN.exe
  2⤵
  PID:7864
- C:\Windows\System\uLkLguq.exe
  C:\Windows\System\uLkLguq.exe
  2⤵
  PID:7884
- C:\Windows\System\WesCSwO.exe
  C:\Windows\System\WesCSwO.exe
  2⤵
  PID:7888
- C:\Windows\System\juwOawC.exe
  C:\Windows\System\juwOawC.exe
  2⤵
  PID:7928
- C:\Windows\System\skghvXp.exe
  C:\Windows\System\skghvXp.exe
  2⤵
  PID:7992
- C:\Windows\System\FLlgJhJ.exe
  C:\Windows\System\FLlgJhJ.exe
  2⤵
  PID:8032
- C:\Windows\System\tzGMGut.exe
  C:\Windows\System\tzGMGut.exe
  2⤵
  PID:8052
- C:\Windows\System\XFNwMRT.exe
  C:\Windows\System\XFNwMRT.exe
  2⤵
  PID:8084
- C:\Windows\System\PtKeVUA.exe
  C:\Windows\System\PtKeVUA.exe
  2⤵
  PID:8088
- C:\Windows\System\iMMHDMf.exe
  C:\Windows\System\iMMHDMf.exe
  2⤵
  PID:8152
- C:\Windows\System\KvZFHDT.exe
  C:\Windows\System\KvZFHDT.exe
  2⤵
  PID:8176
- C:\Windows\System\UZABoSH.exe
  C:\Windows\System\UZABoSH.exe
  2⤵
  PID:7044
- C:\Windows\System\TJbnEfW.exe
  C:\Windows\System\TJbnEfW.exe
  2⤵
  PID:6072
- C:\Windows\System\BqjOHBS.exe
  C:\Windows\System\BqjOHBS.exe
  2⤵
  PID:2340
- C:\Windows\System\nJxnJWV.exe
  C:\Windows\System\nJxnJWV.exe
  2⤵
  PID:6252
- C:\Windows\System\RNtHNqk.exe
  C:\Windows\System\RNtHNqk.exe
  2⤵
  PID:6392
- C:\Windows\System\vdUqACf.exe
  C:\Windows\System\vdUqACf.exe
  2⤵
  PID:6784
- C:\Windows\System\raGlYbp.exe
  C:\Windows\System\raGlYbp.exe
  2⤵
  PID:7264
- C:\Windows\System\lhXYnAR.exe
  C:\Windows\System\lhXYnAR.exe
  2⤵
  PID:7284
- C:\Windows\System\gxrmDjI.exe
  C:\Windows\System\gxrmDjI.exe
  2⤵
  PID:7364
- C:\Windows\System\ViuxGLV.exe
  C:\Windows\System\ViuxGLV.exe
  2⤵
  PID:7360
- C:\Windows\System\CpnGVgV.exe
  C:\Windows\System\CpnGVgV.exe
  2⤵
  PID:7444
- C:\Windows\System\ahsZYef.exe
  C:\Windows\System\ahsZYef.exe
  2⤵
  PID:7452
- C:\Windows\System\otJyehy.exe
  C:\Windows\System\otJyehy.exe
  2⤵
  PID:7528
- C:\Windows\System\QeYSrvt.exe
  C:\Windows\System\QeYSrvt.exe
  2⤵
  PID:2096
- C:\Windows\System\ReHqeKs.exe
  C:\Windows\System\ReHqeKs.exe
  2⤵
  PID:7624
- C:\Windows\System\oczIgTN.exe
  C:\Windows\System\oczIgTN.exe
  2⤵
  PID:7684
- C:\Windows\System\VjSpzwh.exe
  C:\Windows\System\VjSpzwh.exe
  2⤵
  PID:7792
- C:\Windows\System\eBuMTKa.exe
  C:\Windows\System\eBuMTKa.exe
  2⤵
  PID:7844
- C:\Windows\System\OyUQugR.exe
  C:\Windows\System\OyUQugR.exe
  2⤵
  PID:7912
- C:\Windows\System\zLHwqDn.exe
  C:\Windows\System\zLHwqDn.exe
  2⤵
  PID:7908
- C:\Windows\System\fKCYbIQ.exe
  C:\Windows\System\fKCYbIQ.exe
  2⤵
  PID:7952
- C:\Windows\System\PHpXzpK.exe
  C:\Windows\System\PHpXzpK.exe
  2⤵
  PID:8004
- C:\Windows\System\LwHOTlY.exe
  C:\Windows\System\LwHOTlY.exe
  2⤵
  PID:1956
- C:\Windows\System\PLLlUHX.exe
  C:\Windows\System\PLLlUHX.exe
  2⤵
  PID:8188
- C:\Windows\System\LNJOBcS.exe
  C:\Windows\System\LNJOBcS.exe
  2⤵
  PID:8148
- C:\Windows\System\dLiwkUq.exe
  C:\Windows\System\dLiwkUq.exe
  2⤵
  PID:6980
- C:\Windows\System\ZqziHkY.exe
  C:\Windows\System\ZqziHkY.exe
  2⤵
  PID:7164
- C:\Windows\System\dQeOjgk.exe
  C:\Windows\System\dQeOjgk.exe
  2⤵
  PID:7176
- C:\Windows\System\nfaOGgv.exe
  C:\Windows\System\nfaOGgv.exe
  2⤵
  PID:7240
- C:\Windows\System\JVJPzQJ.exe
  C:\Windows\System\JVJPzQJ.exe
  2⤵
  PID:7220
- C:\Windows\System\QYdBDeH.exe
  C:\Windows\System\QYdBDeH.exe
  2⤵
  PID:7340
- C:\Windows\System\vrGIsTs.exe
  C:\Windows\System\vrGIsTs.exe
  2⤵
  PID:7420
- C:\Windows\System\UXjPJrh.exe
  C:\Windows\System\UXjPJrh.exe
  2⤵
  PID:7448
- C:\Windows\System\DbGpiyB.exe
  C:\Windows\System\DbGpiyB.exe
  2⤵
  PID:7572
- C:\Windows\System\ifqEyku.exe
  C:\Windows\System\ifqEyku.exe
  2⤵
  PID:7824
- C:\Windows\System\oCnoDtf.exe
  C:\Windows\System\oCnoDtf.exe
  2⤵
  PID:8156
- C:\Windows\System\KOadqso.exe
  C:\Windows\System\KOadqso.exe
  2⤵
  PID:8028
- C:\Windows\System\QkQjQIK.exe
  C:\Windows\System\QkQjQIK.exe
  2⤵
  PID:6984
- C:\Windows\System\vvdXwDC.exe
  C:\Windows\System\vvdXwDC.exe
  2⤵
  PID:7140
- C:\Windows\System\Ztbeqfh.exe
  C:\Windows\System\Ztbeqfh.exe
  2⤵
  PID:7196
- C:\Windows\System\mJpfWZJ.exe
  C:\Windows\System\mJpfWZJ.exe
  2⤵
  PID:7508
- C:\Windows\System\AjcIkvx.exe
  C:\Windows\System\AjcIkvx.exe
  2⤵
  PID:6840
- C:\Windows\System\PUJUWZc.exe
  C:\Windows\System\PUJUWZc.exe
  2⤵
  PID:7644
- C:\Windows\System\iIdzySu.exe
  C:\Windows\System\iIdzySu.exe
  2⤵
  PID:7260
- C:\Windows\System\ohmrXrI.exe
  C:\Windows\System\ohmrXrI.exe
  2⤵
  PID:7712
- C:\Windows\System\cegUChM.exe
  C:\Windows\System\cegUChM.exe
  2⤵
  PID:3044
- C:\Windows\System\IDNHpLy.exe
  C:\Windows\System\IDNHpLy.exe
  2⤵
  PID:1572
- C:\Windows\System\PMIsxFV.exe
  C:\Windows\System\PMIsxFV.exe
  2⤵
  PID:2748
- C:\Windows\System\AmHFKOC.exe
  C:\Windows\System\AmHFKOC.exe
  2⤵
  PID:2728
- C:\Windows\System\RkFRXgW.exe
  C:\Windows\System\RkFRXgW.exe
  2⤵
  PID:7764
- C:\Windows\System\sdEclmO.exe
  C:\Windows\System\sdEclmO.exe
  2⤵
  PID:7872
- C:\Windows\System\kbVwWne.exe
  C:\Windows\System\kbVwWne.exe
  2⤵
  PID:1696
- C:\Windows\System\EuUPrOE.exe
  C:\Windows\System\EuUPrOE.exe
  2⤵
  PID:1236
- C:\Windows\System\OVnbnHq.exe
  C:\Windows\System\OVnbnHq.exe
  2⤵
  PID:1288
- C:\Windows\System\XyOKUbZ.exe
  C:\Windows\System\XyOKUbZ.exe
  2⤵
  PID:1264
- C:\Windows\System\SLlAxYd.exe
  C:\Windows\System\SLlAxYd.exe
  2⤵
  PID:1944
- C:\Windows\System\vCDCgzU.exe
  C:\Windows\System\vCDCgzU.exe
  2⤵
  PID:7804
- C:\Windows\System\ZQyzKdw.exe
  C:\Windows\System\ZQyzKdw.exe
  2⤵
  PID:1284
- C:\Windows\System\gfCtdTY.exe
  C:\Windows\System\gfCtdTY.exe
  2⤵
  PID:2708
- C:\Windows\System\ClPIQIA.exe
  C:\Windows\System\ClPIQIA.exe
  2⤵
  PID:2632
- C:\Windows\System\GJUiAsx.exe
  C:\Windows\System\GJUiAsx.exe
  2⤵
  PID:7408
- C:\Windows\System\rSClFAI.exe
  C:\Windows\System\rSClFAI.exe
  2⤵
  PID:5244
- C:\Windows\System\yrmiXWl.exe
  C:\Windows\System\yrmiXWl.exe
  2⤵
  PID:696
- C:\Windows\System\osvxZfd.exe
  C:\Windows\System\osvxZfd.exe
  2⤵
  PID:7648
- C:\Windows\System\WtBWFOX.exe
  C:\Windows\System\WtBWFOX.exe
  2⤵
  PID:7664
- C:\Windows\System\dxFtvCB.exe
  C:\Windows\System\dxFtvCB.exe
  2⤵
  PID:2628
- C:\Windows\System\vyonRwx.exe
  C:\Windows\System\vyonRwx.exe
  2⤵
  PID:836
- C:\Windows\System\OAjzbuJ.exe
  C:\Windows\System\OAjzbuJ.exe
  2⤵
  PID:2672
- C:\Windows\System\CZUNPCI.exe
  C:\Windows\System\CZUNPCI.exe
  2⤵
  PID:7344
- C:\Windows\System\jkVlulZ.exe
  C:\Windows\System\jkVlulZ.exe
  2⤵
  PID:8104
- C:\Windows\System\wIkYwZJ.exe
  C:\Windows\System\wIkYwZJ.exe
  2⤵
  PID:6220
- C:\Windows\System\tIRvGfK.exe
  C:\Windows\System\tIRvGfK.exe
  2⤵
  PID:2392
- C:\Windows\System\GRufYAW.exe
  C:\Windows\System\GRufYAW.exe
  2⤵
  PID:2788
- C:\Windows\System\QIbVgps.exe
  C:\Windows\System\QIbVgps.exe
  2⤵
  PID:8208
- C:\Windows\System\SnjVyji.exe
  C:\Windows\System\SnjVyji.exe
  2⤵
  PID:8224
- C:\Windows\System\ABAOfDd.exe
  C:\Windows\System\ABAOfDd.exe
  2⤵
  PID:8244
- C:\Windows\System\yPjPLhl.exe
  C:\Windows\System\yPjPLhl.exe
  2⤵
  PID:8264
- C:\Windows\System\aOkNKpy.exe
  C:\Windows\System\aOkNKpy.exe
  2⤵
  PID:8280
- C:\Windows\System\lVGZyzY.exe
  C:\Windows\System\lVGZyzY.exe
  2⤵
  PID:8316
- C:\Windows\System\vrUOsEd.exe
  C:\Windows\System\vrUOsEd.exe
  2⤵
  PID:8380
- C:\Windows\System\kKWynNl.exe
  C:\Windows\System\kKWynNl.exe
  2⤵
  PID:8440
- C:\Windows\System\NGCXHpk.exe
  C:\Windows\System\NGCXHpk.exe
  2⤵
  PID:8456
- C:\Windows\System\pIANiMz.exe
  C:\Windows\System\pIANiMz.exe
  2⤵
  PID:8472
- C:\Windows\System\EHnCSPu.exe
  C:\Windows\System\EHnCSPu.exe
  2⤵
  PID:8488
- C:\Windows\System\WLhHgnk.exe
  C:\Windows\System\WLhHgnk.exe
  2⤵
  PID:8508
- C:\Windows\System\FQyiMew.exe
  C:\Windows\System\FQyiMew.exe
  2⤵
  PID:8544
- C:\Windows\System\imoxwOK.exe
  C:\Windows\System\imoxwOK.exe
  2⤵
  PID:8560
- C:\Windows\System\ZgjjBjn.exe
  C:\Windows\System\ZgjjBjn.exe
  2⤵
  PID:8576
- C:\Windows\System\PnNNvWf.exe
  C:\Windows\System\PnNNvWf.exe
  2⤵
  PID:8592
- C:\Windows\System\UIRUvof.exe
  C:\Windows\System\UIRUvof.exe
  2⤵
  PID:8620
- C:\Windows\System\zVCNEGO.exe
  C:\Windows\System\zVCNEGO.exe
  2⤵
  PID:8640
- C:\Windows\System\jWSJmqn.exe
  C:\Windows\System\jWSJmqn.exe
  2⤵
  PID:8664
- C:\Windows\System\ajDrIyp.exe
  C:\Windows\System\ajDrIyp.exe
  2⤵
  PID:8684
- C:\Windows\System\YfrFXAw.exe
  C:\Windows\System\YfrFXAw.exe
  2⤵
  PID:8700
- C:\Windows\System\mcrCqfw.exe
  C:\Windows\System\mcrCqfw.exe
  2⤵
  PID:8716
- C:\Windows\System\kyWaLaU.exe
  C:\Windows\System\kyWaLaU.exe
  2⤵
  PID:8732
- C:\Windows\System\fakOJnK.exe
  C:\Windows\System\fakOJnK.exe
  2⤵
  PID:8748
- C:\Windows\System\SKTHKWQ.exe
  C:\Windows\System\SKTHKWQ.exe
  2⤵
  PID:8764
- C:\Windows\System\xqbKKoe.exe
  C:\Windows\System\xqbKKoe.exe
  2⤵
  PID:8780
- C:\Windows\System\ZWpCMSB.exe
  C:\Windows\System\ZWpCMSB.exe
  2⤵
  PID:8796
- C:\Windows\System\ifPUHdN.exe
  C:\Windows\System\ifPUHdN.exe
  2⤵
  PID:8812
- C:\Windows\System\JjOXIdY.exe
  C:\Windows\System\JjOXIdY.exe
  2⤵
  PID:8828
- C:\Windows\System\dQFcstV.exe
  C:\Windows\System\dQFcstV.exe
  2⤵
  PID:8848
- C:\Windows\System\ioIrnvS.exe
  C:\Windows\System\ioIrnvS.exe
  2⤵
  PID:8864
- C:\Windows\System\IDpSMJi.exe
  C:\Windows\System\IDpSMJi.exe
  2⤵
  PID:8880
- C:\Windows\System\ulGOpbR.exe
  C:\Windows\System\ulGOpbR.exe
  2⤵
  PID:8896
- C:\Windows\System\qVKpdXU.exe
  C:\Windows\System\qVKpdXU.exe
  2⤵
  PID:8912
- C:\Windows\System\BiDfDvc.exe
  C:\Windows\System\BiDfDvc.exe
  2⤵
  PID:8928
- C:\Windows\System\bHcEhfj.exe
  C:\Windows\System\bHcEhfj.exe
  2⤵
  PID:8944
- C:\Windows\System\SRiidbY.exe
  C:\Windows\System\SRiidbY.exe
  2⤵
  PID:8960
- C:\Windows\System\OzNgsSB.exe
  C:\Windows\System\OzNgsSB.exe
  2⤵
  PID:8976
- C:\Windows\System\pZWohUM.exe
  C:\Windows\System\pZWohUM.exe
  2⤵
  PID:8992
- C:\Windows\System\xobqooS.exe
  C:\Windows\System\xobqooS.exe
  2⤵
  PID:9008
- C:\Windows\System\RbosELA.exe
  C:\Windows\System\RbosELA.exe
  2⤵
  PID:9024
- C:\Windows\System\JjMurYJ.exe
  C:\Windows\System\JjMurYJ.exe
  2⤵
  PID:9040
- C:\Windows\System\cVOzOwr.exe
  C:\Windows\System\cVOzOwr.exe
  2⤵
  PID:9056
- C:\Windows\System\WcUgKbW.exe
  C:\Windows\System\WcUgKbW.exe
  2⤵
  PID:9072
- C:\Windows\System\lifGeGo.exe
  C:\Windows\System\lifGeGo.exe
  2⤵
  PID:9088
- C:\Windows\System\KjhVyFX.exe
  C:\Windows\System\KjhVyFX.exe
  2⤵
  PID:9104
- C:\Windows\System\aBpjEVK.exe
  C:\Windows\System\aBpjEVK.exe
  2⤵
  PID:9120
- C:\Windows\System\GWVMyEH.exe
  C:\Windows\System\GWVMyEH.exe
  2⤵
  PID:9136
- C:\Windows\System\jaxsboj.exe
  C:\Windows\System\jaxsboj.exe
  2⤵
  PID:9152
- C:\Windows\System\NIvDvYJ.exe
  C:\Windows\System\NIvDvYJ.exe
  2⤵
  PID:9168
- C:\Windows\System\AiqjJej.exe
  C:\Windows\System\AiqjJej.exe
  2⤵
  PID:9184
- C:\Windows\System\qfrHAnT.exe
  C:\Windows\System\qfrHAnT.exe
  2⤵
  PID:9200
- C:\Windows\System\FOqVZbO.exe
  C:\Windows\System\FOqVZbO.exe
  2⤵
  PID:1316
- C:\Windows\System\JEZZRhj.exe
  C:\Windows\System\JEZZRhj.exe
  2⤵
  PID:8232
- C:\Windows\System\VpeBwpo.exe
  C:\Windows\System\VpeBwpo.exe
  2⤵
  PID:2952
- C:\Windows\System\mkiFgLl.exe
  C:\Windows\System\mkiFgLl.exe
  2⤵
  PID:8272
- C:\Windows\System\QHsvICb.exe
  C:\Windows\System\QHsvICb.exe
  2⤵
  PID:7784
- C:\Windows\System\LpMmQES.exe
  C:\Windows\System\LpMmQES.exe
  2⤵
  PID:2700
- C:\Windows\System\Gdhevpn.exe
  C:\Windows\System\Gdhevpn.exe
  2⤵
  PID:2756
- C:\Windows\System\pPWibmE.exe
  C:\Windows\System\pPWibmE.exe
  2⤵
  PID:1936
- C:\Windows\System\GmOaqfQ.exe
  C:\Windows\System\GmOaqfQ.exe
  2⤵
  PID:2920
- C:\Windows\System\qnolCcb.exe
  C:\Windows\System\qnolCcb.exe
  2⤵
  PID:8220
- C:\Windows\System\ESaUBkc.exe
  C:\Windows\System\ESaUBkc.exe
  2⤵
  PID:8288
- C:\Windows\System\MBksGAq.exe
  C:\Windows\System\MBksGAq.exe
  2⤵
  PID:8300
- C:\Windows\System\QvuwQgK.exe
  C:\Windows\System\QvuwQgK.exe
  2⤵
  PID:8340
- C:\Windows\System\UOhlZIG.exe
  C:\Windows\System\UOhlZIG.exe
  2⤵
  PID:8356
- C:\Windows\System\YiFOdEr.exe
  C:\Windows\System\YiFOdEr.exe
  2⤵
  PID:8376
- C:\Windows\System\xkAuBJI.exe
  C:\Windows\System\xkAuBJI.exe
  2⤵
  PID:8408
- C:\Windows\System\fHPCmjQ.exe
  C:\Windows\System\fHPCmjQ.exe
  2⤵
  PID:8424
- C:\Windows\System\VdbIMcI.exe
  C:\Windows\System\VdbIMcI.exe
  2⤵
  PID:8396
- C:\Windows\System\sCQNsCW.exe
  C:\Windows\System\sCQNsCW.exe
  2⤵
  PID:8496
- C:\Windows\System\iMpEvwu.exe
  C:\Windows\System\iMpEvwu.exe
  2⤵
  PID:8516
- C:\Windows\System\CoUBGXK.exe
  C:\Windows\System\CoUBGXK.exe
  2⤵
  PID:8240
- C:\Windows\System\PzzvXaj.exe
  C:\Windows\System\PzzvXaj.exe
  2⤵
  PID:8540
- C:\Windows\System\CZpfVCN.exe
  C:\Windows\System\CZpfVCN.exe
  2⤵
  PID:8556
- C:\Windows\System\riBJHnb.exe
  C:\Windows\System\riBJHnb.exe
  2⤵
  PID:8336
- C:\Windows\System\KKFOxaq.exe
  C:\Windows\System\KKFOxaq.exe
  2⤵
  PID:8636
- C:\Windows\System\QiGrnIY.exe
  C:\Windows\System\QiGrnIY.exe
  2⤵
  PID:8648
- C:\Windows\System\ZWTrOmN.exe
  C:\Windows\System\ZWTrOmN.exe
  2⤵
  PID:8888
- C:\Windows\System\ltOQqGh.exe
  C:\Windows\System\ltOQqGh.exe
  2⤵
  PID:8904
- C:\Windows\System\NbhPowH.exe
  C:\Windows\System\NbhPowH.exe
  2⤵
  PID:8952
- C:\Windows\System\vPdpudp.exe
  C:\Windows\System\vPdpudp.exe
  2⤵
  PID:9052
- C:\Windows\System\CGUIshZ.exe
  C:\Windows\System\CGUIshZ.exe
  2⤵
  PID:9116
- C:\Windows\System\SEVIoZz.exe
  C:\Windows\System\SEVIoZz.exe
  2⤵
  PID:9176
- C:\Windows\System\uyNkEWp.exe
  C:\Windows\System\uyNkEWp.exe
  2⤵
  PID:2780
- C:\Windows\System\YujfrEc.exe
  C:\Windows\System\YujfrEc.exe
  2⤵
  PID:7568
- C:\Windows\System\Ixiayzi.exe
  C:\Windows\System\Ixiayzi.exe
  2⤵
  PID:8256
- C:\Windows\System\dewFWap.exe
  C:\Windows\System\dewFWap.exe
  2⤵
  PID:8364
- C:\Windows\System\lDxsNZf.exe
  C:\Windows\System\lDxsNZf.exe
  2⤵
  PID:8504
- C:\Windows\System\XSnVjFA.exe
  C:\Windows\System\XSnVjFA.exe
  2⤵
  PID:9032
- C:\Windows\System\XQgHngl.exe
  C:\Windows\System\XQgHngl.exe
  2⤵
  PID:8464
- C:\Windows\System\elxqDbH.exe
  C:\Windows\System\elxqDbH.exe
  2⤵
  PID:8552
- C:\Windows\System\WOOlOEc.exe
  C:\Windows\System\WOOlOEc.exe
  2⤵
  PID:8536
- C:\Windows\System\nnIOgkM.exe
  C:\Windows\System\nnIOgkM.exe
  2⤵
  PID:8612
- C:\Windows\System\CrdIxCh.exe
  C:\Windows\System\CrdIxCh.exe
  2⤵
  PID:1008
- C:\Windows\System\lVSiGYZ.exe
  C:\Windows\System\lVSiGYZ.exe
  2⤵
  PID:8792
- C:\Windows\System\MGdWJvq.exe
  C:\Windows\System\MGdWJvq.exe
  2⤵
  PID:8680
- C:\Windows\System\vRLcDjy.exe
  C:\Windows\System\vRLcDjy.exe
  2⤵
  PID:8776
- C:\Windows\System\djvuCtJ.exe
  C:\Windows\System\djvuCtJ.exe
  2⤵
  PID:8936
- C:\Windows\System\JDjDljJ.exe
  C:\Windows\System\JDjDljJ.exe
  2⤵
  PID:8168
- C:\Windows\System\isPJRHJ.exe
  C:\Windows\System\isPJRHJ.exe
  2⤵
  PID:8312
- C:\Windows\System\YsTQyRn.exe
  C:\Windows\System\YsTQyRn.exe
  2⤵
  PID:9112
- C:\Windows\System\Wqsyuqk.exe
  C:\Windows\System\Wqsyuqk.exe
  2⤵
  PID:9004
- C:\Windows\System\AWuBDgU.exe
  C:\Windows\System\AWuBDgU.exe
  2⤵
  PID:8204
- C:\Windows\System\uhdqEaV.exe
  C:\Windows\System\uhdqEaV.exe
  2⤵
  PID:9164
- C:\Windows\System\YSfgSfO.exe
  C:\Windows\System\YSfgSfO.exe
  2⤵
  PID:2600
- C:\Windows\System\EUBSQWI.exe
  C:\Windows\System\EUBSQWI.exe
  2⤵
  PID:8292
- C:\Windows\System\BwpQNlr.exe
  C:\Windows\System\BwpQNlr.exe
  2⤵
  PID:8400
- C:\Windows\System\TgijBKr.exe
  C:\Windows\System\TgijBKr.exe
  2⤵
  PID:8604
- C:\Windows\System\JTSLDHc.exe
  C:\Windows\System\JTSLDHc.exe
  2⤵
  PID:8616
- C:\Windows\System\oLgcYlp.exe
  C:\Windows\System\oLgcYlp.exe
  2⤵
  PID:8708
- C:\Windows\System\MuDipTY.exe
  C:\Windows\System\MuDipTY.exe
  2⤵
  PID:8692
- C:\Windows\System\ZeiAkmx.exe
  C:\Windows\System\ZeiAkmx.exe
  2⤵
  PID:8744
- C:\Windows\System\NArJJGb.exe
  C:\Windows\System\NArJJGb.exe
  2⤵
  PID:8824
- C:\Windows\System\rdKpQJV.exe
  C:\Windows\System\rdKpQJV.exe
  2⤵
  PID:8524
- C:\Windows\System\acNIROZ.exe
  C:\Windows\System\acNIROZ.exe
  2⤵
  PID:2128
- C:\Windows\System\yTVXSAV.exe
  C:\Windows\System\yTVXSAV.exe
  2⤵
  PID:9020
- C:\Windows\System\efSrNEx.exe
  C:\Windows\System\efSrNEx.exe
  2⤵
  PID:9000
- C:\Windows\System\ITzfoxx.exe
  C:\Windows\System\ITzfoxx.exe
  2⤵
  PID:9160
- C:\Windows\System\FzypHvB.exe
  C:\Windows\System\FzypHvB.exe
  2⤵
  PID:9132
- C:\Windows\System\QIpPgFK.exe
  C:\Windows\System\QIpPgFK.exe
  2⤵
  PID:2356
- C:\Windows\System\akJGLnI.exe
  C:\Windows\System\akJGLnI.exe
  2⤵
  PID:2532
- C:\Windows\System\mcGUppi.exe
  C:\Windows\System\mcGUppi.exe
  2⤵
  PID:9096
- C:\Windows\System\PrEeqZL.exe
  C:\Windows\System\PrEeqZL.exe
  2⤵
  PID:8788
- C:\Windows\System\kJWIxAB.exe
  C:\Windows\System\kJWIxAB.exe
  2⤵
  PID:9212
- C:\Windows\System\kFxqKKq.exe
  C:\Windows\System\kFxqKKq.exe
  2⤵
  PID:8660
- C:\Windows\System\dlaiJHM.exe
  C:\Windows\System\dlaiJHM.exe
  2⤵
  PID:2796
- C:\Windows\System\MZuLgiL.exe
  C:\Windows\System\MZuLgiL.exe
  2⤵
  PID:9196
- C:\Windows\System\dpfKXOQ.exe
  C:\Windows\System\dpfKXOQ.exe
  2⤵
  PID:8772
- C:\Windows\System\UQseoMG.exe
  C:\Windows\System\UQseoMG.exe
  2⤵
  PID:9128
- C:\Windows\System\UGkdiFw.exe
  C:\Windows\System\UGkdiFw.exe
  2⤵
  PID:8484
- C:\Windows\System\wvplXdS.exe
  C:\Windows\System\wvplXdS.exe
  2⤵
  PID:8696
- C:\Windows\System\jwKUyOU.exe
  C:\Windows\System\jwKUyOU.exe
  2⤵
  PID:9148
- C:\Windows\System\RIViZxc.exe
  C:\Windows\System\RIViZxc.exe
  2⤵
  PID:9220
- C:\Windows\System\gFopFzy.exe
  C:\Windows\System\gFopFzy.exe
  2⤵
  PID:9236
- C:\Windows\System\zqIzMJN.exe
  C:\Windows\System\zqIzMJN.exe
  2⤵
  PID:9252
- C:\Windows\System\jVvGIOL.exe
  C:\Windows\System\jVvGIOL.exe
  2⤵
  PID:9268
- C:\Windows\System\sZnWhWd.exe
  C:\Windows\System\sZnWhWd.exe
  2⤵
  PID:9284
- C:\Windows\System\wKNXeyX.exe
  C:\Windows\System\wKNXeyX.exe
  2⤵
  PID:9304
- C:\Windows\System\YvQjcDm.exe
  C:\Windows\System\YvQjcDm.exe
  2⤵
  PID:9320
- C:\Windows\System\VQhnXwL.exe
  C:\Windows\System\VQhnXwL.exe
  2⤵
  PID:9336
- C:\Windows\System\sRypSVl.exe
  C:\Windows\System\sRypSVl.exe
  2⤵
  PID:9352
- C:\Windows\System\oEKAhrE.exe
  C:\Windows\System\oEKAhrE.exe
  2⤵
  PID:9368
- C:\Windows\System\eYOxRIN.exe
  C:\Windows\System\eYOxRIN.exe
  2⤵
  PID:9384
- C:\Windows\System\xIzZfZn.exe
  C:\Windows\System\xIzZfZn.exe
  2⤵
  PID:9408
- C:\Windows\System\fqjHITq.exe
  C:\Windows\System\fqjHITq.exe
  2⤵
  PID:9428
- C:\Windows\System\tYfmszL.exe
  C:\Windows\System\tYfmszL.exe
  2⤵
  PID:9444
- C:\Windows\System\GfWTLog.exe
  C:\Windows\System\GfWTLog.exe
  2⤵
  PID:9460
- C:\Windows\System\GZqIxtj.exe
  C:\Windows\System\GZqIxtj.exe
  2⤵
  PID:9480
- C:\Windows\System\bedebBT.exe
  C:\Windows\System\bedebBT.exe
  2⤵
  PID:9496
- C:\Windows\System\bJSiGyi.exe
  C:\Windows\System\bJSiGyi.exe
  2⤵
  PID:9516
- C:\Windows\System\dtkhbTB.exe
  C:\Windows\System\dtkhbTB.exe
  2⤵
  PID:9532
- C:\Windows\System\NmxsSBd.exe
  C:\Windows\System\NmxsSBd.exe
  2⤵
  PID:9548
- C:\Windows\System\jdIBZVj.exe
  C:\Windows\System\jdIBZVj.exe
  2⤵
  PID:9572
- C:\Windows\System\CIGTxNe.exe
  C:\Windows\System\CIGTxNe.exe
  2⤵
  PID:9592
- C:\Windows\System\AmEIVZc.exe
  C:\Windows\System\AmEIVZc.exe
  2⤵
  PID:9608
- C:\Windows\System\oZzDwqi.exe
  C:\Windows\System\oZzDwqi.exe
  2⤵
  PID:9624
- C:\Windows\System\VnUKSvO.exe
  C:\Windows\System\VnUKSvO.exe
  2⤵
  PID:9640
- C:\Windows\System\VeRWLGC.exe
  C:\Windows\System\VeRWLGC.exe
  2⤵
  PID:9656
- C:\Windows\System\YIBrMpZ.exe
  C:\Windows\System\YIBrMpZ.exe
  2⤵
  PID:9672
- C:\Windows\System\rNzenoV.exe
  C:\Windows\System\rNzenoV.exe
  2⤵
  PID:9688
- C:\Windows\System\LSPAHlq.exe
  C:\Windows\System\LSPAHlq.exe
  2⤵
  PID:9704
- C:\Windows\System\xeBxIei.exe
  C:\Windows\System\xeBxIei.exe
  2⤵
  PID:9720
- C:\Windows\System\BlDecnM.exe
  C:\Windows\System\BlDecnM.exe
  2⤵
  PID:9736
- C:\Windows\System\FTMaRWr.exe
  C:\Windows\System\FTMaRWr.exe
  2⤵
  PID:9760
- C:\Windows\System\fgKImAk.exe
  C:\Windows\System\fgKImAk.exe
  2⤵
  PID:9776
- C:\Windows\System\hfGMzmy.exe
  C:\Windows\System\hfGMzmy.exe
  2⤵
  PID:9792
- C:\Windows\System\mdJoGyM.exe
  C:\Windows\System\mdJoGyM.exe
  2⤵
  PID:9808
- C:\Windows\System\XsLjDUD.exe
  C:\Windows\System\XsLjDUD.exe
  2⤵
  PID:9824
- C:\Windows\System\qIGACow.exe
  C:\Windows\System\qIGACow.exe
  2⤵
  PID:9840
- C:\Windows\System\QSGHgfA.exe
  C:\Windows\System\QSGHgfA.exe
  2⤵
  PID:9856
- C:\Windows\System\QbcLNvY.exe
  C:\Windows\System\QbcLNvY.exe
  2⤵
  PID:9872
- C:\Windows\System\jKldqFV.exe
  C:\Windows\System\jKldqFV.exe
  2⤵
  PID:9888
- C:\Windows\System\VwNwXkN.exe
  C:\Windows\System\VwNwXkN.exe
  2⤵
  PID:9904
- C:\Windows\System\IZMplDJ.exe
  C:\Windows\System\IZMplDJ.exe
  2⤵
  PID:9928
- C:\Windows\System\oCNGVND.exe
  C:\Windows\System\oCNGVND.exe
  2⤵
  PID:9944
- C:\Windows\System\cchMrJO.exe
  C:\Windows\System\cchMrJO.exe
  2⤵
  PID:9960
- C:\Windows\System\IVQxPvH.exe
  C:\Windows\System\IVQxPvH.exe
  2⤵
  PID:9980
- C:\Windows\System\fqxWRTH.exe
  C:\Windows\System\fqxWRTH.exe
  2⤵
  PID:9996
- C:\Windows\System\uKATSNa.exe
  C:\Windows\System\uKATSNa.exe
  2⤵
  PID:10012
- C:\Windows\System\KwIuMOL.exe
  C:\Windows\System\KwIuMOL.exe
  2⤵
  PID:10032
- C:\Windows\System\nAEIAzO.exe
  C:\Windows\System\nAEIAzO.exe
  2⤵
  PID:10048
- C:\Windows\System\CAlCkns.exe
  C:\Windows\System\CAlCkns.exe
  2⤵
  PID:10068
- C:\Windows\System\TTuWedi.exe
  C:\Windows\System\TTuWedi.exe
  2⤵
  PID:10088
- C:\Windows\System\QKwPXZA.exe
  C:\Windows\System\QKwPXZA.exe
  2⤵
  PID:10104
- C:\Windows\System\gQcHjww.exe
  C:\Windows\System\gQcHjww.exe
  2⤵
  PID:10124
- C:\Windows\System\HpUqihU.exe
  C:\Windows\System\HpUqihU.exe
  2⤵
  PID:10140
- C:\Windows\System\LFRpzxy.exe
  C:\Windows\System\LFRpzxy.exe
  2⤵
  PID:10156
- C:\Windows\System\IFLnmGg.exe
  C:\Windows\System\IFLnmGg.exe
  2⤵
  PID:10172
- C:\Windows\System\LZIpRJg.exe
  C:\Windows\System\LZIpRJg.exe
  2⤵
  PID:10196
- C:\Windows\System\iZCFmVq.exe
  C:\Windows\System\iZCFmVq.exe
  2⤵
  PID:10212
- C:\Windows\System\rVEzTxe.exe
  C:\Windows\System\rVEzTxe.exe
  2⤵
  PID:8328
- C:\Windows\System\OZtjRVq.exe
  C:\Windows\System\OZtjRVq.exe
  2⤵
  PID:8860
- C:\Windows\System\TbqEQxh.exe
  C:\Windows\System\TbqEQxh.exe
  2⤵
  PID:9264
- C:\Windows\System\IvNfRXJ.exe
  C:\Windows\System\IvNfRXJ.exe
  2⤵
  PID:9328
- C:\Windows\System\IklEbdJ.exe
  C:\Windows\System\IklEbdJ.exe
  2⤵
  PID:9064
- C:\Windows\System\NkdjDnK.exe
  C:\Windows\System\NkdjDnK.exe
  2⤵
  PID:9312
- C:\Windows\System\yNtfBeT.exe
  C:\Windows\System\yNtfBeT.exe
  2⤵
  PID:9344
- C:\Windows\System\jlnLXyW.exe
  C:\Windows\System\jlnLXyW.exe
  2⤵
  PID:9364
- C:\Windows\System\mRrkeUt.exe
  C:\Windows\System\mRrkeUt.exe
  2⤵
  PID:9440
- C:\Windows\System\gEErIJs.exe
  C:\Windows\System\gEErIJs.exe
  2⤵
  PID:9504
- C:\Windows\System\rMtqDpQ.exe
  C:\Windows\System\rMtqDpQ.exe
  2⤵
  PID:9420
- C:\Windows\System\bRvayuJ.exe
  C:\Windows\System\bRvayuJ.exe
  2⤵
  PID:9488
- C:\Windows\System\uDIUsLB.exe
  C:\Windows\System\uDIUsLB.exe
  2⤵
  PID:9556
- C:\Windows\System\TzklKjN.exe
  C:\Windows\System\TzklKjN.exe
  2⤵
  PID:9508
- C:\Windows\System\EBTlKPO.exe
  C:\Windows\System\EBTlKPO.exe
  2⤵
  PID:9584
- C:\Windows\System\mOZbIeN.exe
  C:\Windows\System\mOZbIeN.exe
  2⤵
  PID:9616
- C:\Windows\System\JaRMRpa.exe
  C:\Windows\System\JaRMRpa.exe
  2⤵
  PID:9648
- C:\Windows\System\nLDmGuv.exe
  C:\Windows\System\nLDmGuv.exe
  2⤵
  PID:9712
- C:\Windows\System\xpxxjDp.exe
  C:\Windows\System\xpxxjDp.exe
  2⤵
  PID:9728
- C:\Windows\System\xkcrHeB.exe
  C:\Windows\System\xkcrHeB.exe
  2⤵
  PID:9784
- C:\Windows\System\TRAKVfd.exe
  C:\Windows\System\TRAKVfd.exe
  2⤵
  PID:9820
- C:\Windows\System\lMnNfXf.exe
  C:\Windows\System\lMnNfXf.exe
  2⤵
  PID:9884
- C:\Windows\System\yhEtZmm.exe
  C:\Windows\System\yhEtZmm.exe
  2⤵
  PID:9804
- C:\Windows\System\VUJcfsv.exe
  C:\Windows\System\VUJcfsv.exe
  2⤵
  PID:9864
- C:\Windows\System\sJsDBKT.exe
  C:\Windows\System\sJsDBKT.exe
  2⤵
  PID:9920
- C:\Windows\System\eLmzeFD.exe
  C:\Windows\System\eLmzeFD.exe
  2⤵
  PID:9988
- C:\Windows\System\qRTvfzn.exe
  C:\Windows\System\qRTvfzn.exe
  2⤵
  PID:10028
- C:\Windows\System\tKkmWbS.exe
  C:\Windows\System\tKkmWbS.exe
  2⤵
  PID:10044
- C:\Windows\System\NJOoCLM.exe
  C:\Windows\System\NJOoCLM.exe
  2⤵
  PID:10040
- C:\Windows\System\CwLzDNl.exe
  C:\Windows\System\CwLzDNl.exe
  2⤵
  PID:10100
- C:\Windows\System\cmOBORg.exe
  C:\Windows\System\cmOBORg.exe
  2⤵
  PID:10136
- C:\Windows\System\fNFOaUw.exe
  C:\Windows\System\fNFOaUw.exe
  2⤵
  PID:10168
- C:\Windows\System\zmZCTEb.exe
  C:\Windows\System\zmZCTEb.exe
  2⤵
  PID:10184
- C:\Windows\System\iyltkZJ.exe
  C:\Windows\System\iyltkZJ.exe
  2⤵
  PID:8404
- C:\Windows\System\irPFDub.exe
  C:\Windows\System\irPFDub.exe
  2⤵
  PID:9316
- C:\Windows\System\WiUmxwn.exe
  C:\Windows\System\WiUmxwn.exe
  2⤵
  PID:9400
- C:\Windows\System\NluXNrx.exe
  C:\Windows\System\NluXNrx.exe
  2⤵
  PID:9296
- C:\Windows\System\PNFjmus.exe
  C:\Windows\System\PNFjmus.exe
  2⤵
  PID:9392
- C:\Windows\System\fSGGJTB.exe
  C:\Windows\System\fSGGJTB.exe
  2⤵
  PID:9376
- C:\Windows\System\LpTEBMW.exe
  C:\Windows\System\LpTEBMW.exe
  2⤵
  PID:9524
- C:\Windows\System\PnXZWrh.exe
  C:\Windows\System\PnXZWrh.exe
  2⤵
  PID:9560
- C:\Windows\System\JifzVjH.exe
  C:\Windows\System\JifzVjH.exe
  2⤵
  PID:9512
- C:\Windows\System\DLFNaEY.exe
  C:\Windows\System\DLFNaEY.exe
  2⤵
  PID:8972
- C:\Windows\System\xWoMItA.exe
  C:\Windows\System\xWoMItA.exe
  2⤵
  PID:9748
- C:\Windows\System\wfNVNpl.exe
  C:\Windows\System\wfNVNpl.exe
  2⤵
  PID:9880
- C:\Windows\System\zNEQfGv.exe
  C:\Windows\System\zNEQfGv.exe
  2⤵
  PID:9900
- C:\Windows\System\lvpoNCK.exe
  C:\Windows\System\lvpoNCK.exe
  2⤵
  PID:9896
- C:\Windows\System\XbjsarS.exe
  C:\Windows\System\XbjsarS.exe
  2⤵
  PID:9744
- C:\Windows\System\STKjlYv.exe
  C:\Windows\System\STKjlYv.exe
  2⤵
  PID:10020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DFvHkIt.exe

Filesize
6.0MB

MD5
568bb1ddefb4d534ff516fd79c222526

SHA1
b65effa1c09adc08eed35950b8e1a1e3b6f6b985

SHA256
a2aae501310b8294f7b080309654cee76a633ddbdb901d817dce3356acc1e4af

SHA512
eab571c5c99879cd63b1653c39ead03f9d12335c09a3b067167328ceb52d402a51808e77b46d1efe1dd94155ffe301ffdd223b3ff18312efb64609513831cb9c

Download Submit
C:\Windows\system\DGHlKrE.exe

Filesize
6.0MB

MD5
65faa910bcbca44df646598bf208c016

SHA1
6c42908422a8c24e93ddb9cee96a951adc6350ce

SHA256
758cb0c9b77b851ae966e7a4e54d7c9ad246f2a3e8e79f0cde58173dadc529a2

SHA512
f4f34b379853031360cdd710270d7b5da913644025801a5d1ea1e3a12dbed2dbc0892b0c69f6e5e7be64614dc99a7f21b2e5ade9018b61a9f2ef45190f96fd27

Download Submit
C:\Windows\system\FjVwdPr.exe

Filesize
6.0MB

MD5
43467779dfbecbec6f968dc18346c3c0

SHA1
4768c104023b17e906b6cf25711d7de7d4c6f9f7

SHA256
1375add7dc8355d5abd9ce02a3bc8825c1138ade14bf1d9c2a41c319755b4437

SHA512
0ce047bf31762aa6ce3f23dbe2d74417304faac1b6402cd6178c8451f5b937f9bc5f2428337c4b1e7db5f2cb604b56d4b53de3dd34d896d1cbb68484cc86dd08

Download Submit
C:\Windows\system\GgZtLLZ.exe

Filesize
6.0MB

MD5
5451315022a8c511b9eac113dde0cd52

SHA1
2b3750c5e9bd911454d01f6dd5a9b7555a5bcf1c

SHA256
5c07aadb96d5fc69b86a63df596fd33257d2cb375bb587385c500b96001e72d2

SHA512
7a4cf6ff9ba424570e2d7a9b1fe73e8e40fa0948cd6620c7a84758ed64d679e1ed5c4b4dae4028a8ab0e3ee317002804d67cdfc3cd5edcd777b587c96301b96f

Download Submit
C:\Windows\system\JHLyaVN.exe

Filesize
6.0MB

MD5
017d64e4794e9229a853267b8463806f

SHA1
654a54270fa5df81d7b7c9822f95a4806c285a43

SHA256
b14c780784a56f003c59d6a594ce3f4030cad9b0824088f59c4e7e31495f1412

SHA512
bd83a89bc952b4a36a2df9526176f47a9dc842fe045a935d5328b0a2162a8c3cb2417c1fd2227c80abe9b54da0f655ea5bae232fcb22a37bb4d973d8fdfcecbb

Download Submit
C:\Windows\system\JyzdBAR.exe

Filesize
6.0MB

MD5
e74761209f84a22ddf3039680d4e7eeb

SHA1
d9004d395749cde20b19c19cd54ba0d500b54dbc

SHA256
368ec611bdf2c27ad63414ed8e169ce29b836b58fe83745101d3836e7dc4c948

SHA512
8555d677fdade5e46301f875e609050d2eeea59084150e5397af60360400f950b70a38b7c55d490a1a2e9434b0241bd880f74688580dfbad92c6acf8d443b98c

Download Submit
C:\Windows\system\MOUtzhw.exe

Filesize
6.0MB

MD5
9fd6c4387f745543e0043cbb38b9f15a

SHA1
519ec64715cbde7813deab1054560ce8ed621ac0

SHA256
3001ecd35847078ea08591a399dd5239916264915dd7da589592e26acbd3e648

SHA512
6e20446493a6bb0eee0eb1e87ac098ef6d85b6e3a29e212f2105812d2ab09c9053ad56ccfa7f6801eddd5991bdd64fadfd9d8591fec6ebc77f4a8539e21e18a1

Download Submit
C:\Windows\system\QMHhJXN.exe

Filesize
6.0MB

MD5
4d6cea6d868eb8287cf2639d37174afd

SHA1
16eb4323619a660874ee4f0fabbc212f616a096a

SHA256
7ed14c58efa9c4ff482163df46f2b45ae5586a309e9b3c5ff73551707c7839a3

SHA512
00d807e0ebe7e5aa15fc663c9a5150f05f401f25ee9c77a8a90958460b545e1dfa7f47eb4de6ba4800d2e7d8df0827fe60a57a3760271b632ab8241b8bb76dc4

Download Submit
C:\Windows\system\QYxajJO.exe

Filesize
6.0MB

MD5
6848a678ef9a5438266e76b8dd59031f

SHA1
6d9cf295597cd6737be5f867b1a1041e9a46f6f0

SHA256
a3674350f6470fd453f50bdb0729322a7d508cdec09e5b314e63d0aa26214e08

SHA512
b94cc08b72c032c7ccd3a93a5a10e008e3f1570dcd69a371fcdd1ed5cbddf28ef7871c5926848295f13a6a46b73eb3a89a4b9266b197013d719ab9076c69acac

Download Submit
C:\Windows\system\SHZNETG.exe

Filesize
6.0MB

MD5
40e7d783019e23240120246ecc2205a2

SHA1
afb1c00c13066d4aa7940c3c30d3e14c5fc2ef58

SHA256
85e6f5557f2db86c6c36644041eabc851337441c319eaff822b3324564a85bf9

SHA512
b685a63ddd63dbbec2e2353bd9b636b34e7f668bd083dc67d06c307b98d8c633e5d9cea54a23f4bbc4cfbe09a46180d1ac8213f2550d79da2d45277d70441974

Download Submit
C:\Windows\system\USQEgUT.exe

Filesize
6.0MB

MD5
272eba6448ba10ee642119ae33072271

SHA1
016c5841c88de6506088ad0ef63347dbd577e87f

SHA256
076629851cdbb7ad06e7b85aa6177150675249219427541f284bb4355e643983

SHA512
d74eb24dac4d3c961304e2132fe3e96cd0d2bf20b6fa35309323db7a3d0307f9e6c6768c1b590628dd21dda0307837c627d9532b909d703c24de63d56c555a9b

Download Submit
C:\Windows\system\UwYYxYK.exe

Filesize
6.0MB

MD5
434787b10f6d79cb9fbc4a4300bc26be

SHA1
6be893d715858051c6b79236e7931f1b9f0d2105

SHA256
6ba741ee72fad3323f4d369079ad45d5e4b277c54567b35cec8c91ad9b99dbfa

SHA512
2e071b8a66e9a3fde423e22be3a134af72591756bd29fe134c0c360ef9de8b36b55233bb06f25f92affe8061de943acb6bf71a16c8ec2bc7890620f6853d8012

Download Submit
C:\Windows\system\VTeAJXS.exe

Filesize
6.0MB

MD5
a8c4a19b8df8518cc984ea981457d641

SHA1
3b83c34606cbdb94be446cc6415272cd7d63b593

SHA256
556329e7c6a83f329cbd31d558b1da286b0eaedb6aab16c71dee438cd6bf89dd

SHA512
ff2d558ca1b8225436e6a38bc0cb24d9ca77e9de1b347d46125b8e409793047f524da3a3d70d914005118eafe23d0e5d9f0ad483295be6231683a8c14db5d4e9

Download Submit
C:\Windows\system\WXxhNWn.exe

Filesize
6.0MB

MD5
ea43a14e8a1069520da5072b50425ade

SHA1
63a81a864c502fec69bbaa130036a3a3996cdeb6

SHA256
8358fc5b1f6c186d18e2c05c051552ebde77e84791744dfc13a47ca28f4b2ea0

SHA512
486ebce745531a5fbec65f36b2306b7a2f8f0850fa175a305c8c59598102f28781fdfb1eee9a7af60004b344eefe8fe8d8691424e984ae40e4f406f1e3ece370

Download Submit
C:\Windows\system\YDDBhVN.exe

Filesize
6.0MB

MD5
7373be343c2cb59a44c089982d8ad24f

SHA1
ba2f0b6f39bc494afc00dbcd8ebe008277025c70

SHA256
0e43b9e358ec19ce4c707a0456f5ecbed8b1ac33331a7df9a649e08d633d4f60

SHA512
7f6d11c21d97575b0ca8ce8476f85f6f5f6c1e9ab0d18771ab497171700d4d3fc6d6c68a7bf68b1cb348adba445a98ac0a8904abf8a1fb1fcb42f2d519173d0b

Download Submit
C:\Windows\system\YTPYkZz.exe

Filesize
6.0MB

MD5
dd33df3473dafe22060c8a1eb2121d56

SHA1
ea090edbecd9895a6769fdb72933d5bc72112d6f

SHA256
f3e279cd6f2a4299a5b56652f757cb31006bec49e3cf0e54c57e98b347f041ff

SHA512
a81c4c1da4af5cbb650a19217e7bc0733e21931e6ba4796a5561213ce7685c004673f0fc5d1562c2f4e090e3cacf4f4d810c6aa79392f19e5f3a2752976ef4e7

Download Submit
C:\Windows\system\ZqEauwp.exe

Filesize
6.0MB

MD5
e04780c0974a0858a18f6828023fa21e

SHA1
207e5878b8948dd6118b6d543dec21906931f40f

SHA256
4562cadf7a2f0dd9ff2fb0e10a9f31c45d19bdb5c34c1dc0dbf89489b9db3b5f

SHA512
2b3fbc21c652daae664f73d7bb6d1341017daff444cc1f4d3e77b0e181f2af9dc221916d5d18eb6410817ce454f072746e62ee0b9d07d5149407503cf33613f0

Download Submit
C:\Windows\system\dSJnJrw.exe

Filesize
6.0MB

MD5
dfd1d3d108c05ce833c33f1b8240d99c

SHA1
d73c6987b89ff8a29f68c399386ba0828acafdc1

SHA256
753d59c3c51f839d4c5a263320344f48d247aecf25d68b33ebf1e8acb8d27ad4

SHA512
e7ca57f326af2dfbd542fb5f498415895cfe0aeb227b9079a68dd7c4d1d09924e00a7c924bf989e796ef93c2e787761fff4676e5d5af813a9e7e91aa6b59f127

Download Submit
C:\Windows\system\dtIQbZI.exe

Filesize
6.0MB

MD5
e32affe9593f0212f7de9bfa52c2ed21

SHA1
36cdbfa88953217d6d1d1188decaece6d252cb62

SHA256
6fb37b240a6555a1c6133d6a034b2073ddbabba46322a54a57a866dd756666f4

SHA512
0c9bf4aa041738473ad04fad1a6298b3b62c724cfa64d1f9f6006db1df707f86f4789930f90580f5d9bf8150df3be31facc5bfcb7e06ef953161b9ece4f20aba

Download Submit
C:\Windows\system\fsXsvCg.exe

Filesize
6.0MB

MD5
3b1d87b7c39f54bee0adb7d961b41b03

SHA1
e1936677237328964c34ef52c96edea0fea2a929

SHA256
d8b501eab3501250c6651ab89a9258a51217ef1c4dc02d63fc735345c8f33faf

SHA512
4d7f11c5f75ccef88b5d095d9ac1229fce5419b48049fb0695a38c3f1c264651024ea6ebf06dfbe6191f182622adba19e0973ecaf4fa4de1db865f1d81d57efd

Download Submit
C:\Windows\system\hCSdZRU.exe

Filesize
6.0MB

MD5
e0d01e961b7ccbb0dcdb5f8a21559e71

SHA1
22343cbf759a854912cd863c38d5629ed1d0f2ab

SHA256
2cf0f7186972a915e218f87ad046b296be2950d0071bbf31619705d1bc6e90f8

SHA512
d1162bee897f375847b646510561cb3191f20496ad2b3c5f4b45f0dba2adda9d96e3d9e0f848668348ab47782c650e4b0548cc5986a6624616c5e8b657515629

Download Submit
C:\Windows\system\lcYfYPK.exe

Filesize
6.0MB

MD5
9954ab93606df97020af7eeda335a87c

SHA1
0e7d5fb9a657a9e3c0fea5bea3e0b243c8c8cbbf

SHA256
7a9a4a75d95c041a2ff374464c407f90e50ad1a2457fb1be691370e35a26bf99

SHA512
c1524bb1666541cd9c77c8e0228b4b9c3af73d01eca8dc1665f54be99153c53b61fcb615c90a7dad8cd71f629d08135804cbf0044ab1c6e4f13af4124f34fee4

Download Submit
C:\Windows\system\nXjcqiX.exe

Filesize
6.0MB

MD5
a41c5fd3027b2f731bb71a13ce0f6e59

SHA1
a9f63d3dd8a4eadbdc4ab9f05ebfc99403a0f179

SHA256
e869c0279a89e0022b6545dd252354f3a139d6ce62b4fbfe413a10766960225a

SHA512
ca395f87e19ae95a7d299338d14ba505877faa12775153aee4e9d35c9b6b4093bfd6908376474028bd27bf495597e1aec2ffe508972e2774bf18775f0c01a431

Download Submit
C:\Windows\system\qIPQszY.exe

Filesize
6.0MB

MD5
0bbda7cc6854602209b8855f446a3571

SHA1
349661aea82ebf2424c24e6ecae69cff24090ee0

SHA256
3857d2458080767cf37af3d335d3975d47508af6700b40a243d9f116d7d866ad

SHA512
a02455225c2c1319a5c9dc4f6f2c53d6e272eba7859941e43bb25ce78c492e66e98fe25d561008969a131a22c7f214413a6b591a8f1020fb600e6956a11eb083

Download Submit
C:\Windows\system\trMubur.exe

Filesize
6.0MB

MD5
10a1a4ac72869f842b1a3fab29ee0a25

SHA1
6a01fe815583072f50bbb41b379852b97ccddce5

SHA256
e4342c86c3e1244b75ef34c1405fd985bf7bfa68ab023ca7ef69882acd82e2cc

SHA512
49d0a4952cd8f33677cbeccc46ca49fb0fed4b324578975daefcf2c29b0c4651faa9c101ef4942e46b17856b06db3d363156ae522597b099812ee85ab9840901

Download Submit
C:\Windows\system\uJbApVI.exe

Filesize
6.0MB

MD5
19bec79ed784de44c8ac16b5175d93d4

SHA1
386753a79b67f8e5e9c3f2120a085bb98928c09d

SHA256
725b3f04e76edce78a1fb074ba41c64c9b399dd26685501123c4538d7c027fdd

SHA512
f20f0ce8bd1371b8418f59ae878cff8822881c432b4793a46b66bc98e1a87c0c156fbb64b41c10c3ddb645b645eaef0fb1d360e595220af43835d8f63f9f9c21

Download Submit
C:\Windows\system\uvNBKJU.exe

Filesize
6.0MB

MD5
1fc2d3b35d1268d4c4017343c0728e59

SHA1
26774510bdad06ba3ad9406260a0b78c75304000

SHA256
cdb6f178a344db323c3b7cb3a6674212bdc5ae6465f888fd1a1f36eec7e6f8bb

SHA512
bfa1e80104e465b7a203f81a1339674346263365e706bd090daaf076abe4b7d234f22bb4be9d934bb5fe43971753e538286863abe10ee077fa75d44b0ea3fdb5

Download Submit
C:\Windows\system\xXgUAnR.exe

Filesize
6.0MB

MD5
2ad5e981bf42602f0001e5e2876b1f90

SHA1
3573812255399a233500208418b54b869af44c43

SHA256
b499c9c5f195b9b9024a5d417e4356c4f7da6bf44831c9cb29550e2a3c6fbf28

SHA512
50570adb71c8a22046c7ca60df1fa46ea6121989055d03f1ad415c689833ade975d5de6a8ac5047b450f59868d219fc5e7c58a80bbc004cc5c4132f9e0eafb65

Download Submit
C:\Windows\system\yMiVmaI.exe

Filesize
6.0MB

MD5
bcbcb1f157b026cb68e10d438f028f36

SHA1
997538e44e1128006aa74e556c6b1a176c74ff1f

SHA256
e31f04eef7dfce1fddac0d0fafae32b89dce828ae2be7396026fc008c0baee53

SHA512
4204d1979c3763a661f3772b5c140452a21774de871be51f0cb6410e4fab8061b3871c2407ff9ee693a3bd5dee2145f94ff083f669c01a753ebf590d4b943fb3

Download Submit
\Windows\system\NOWQruC.exe

Filesize
6.0MB

MD5
16ed4f1d5c1fef0127e4bdab8f0ed92b

SHA1
52090a9b7d8d7f0317c166f92304869ce881329e

SHA256
b95fc7be67bdb5824395e4209e2b822eb32fa349e79c5450c85137deda6349b1

SHA512
406b45572859423a25a237635be93b8b25b7e6a4d7cf3652ce24fe776a845c06df6e1f4fdb2be1ef8d35552592618c8586349b2d0d670567597718745572d992

Download Submit
\Windows\system\PjsvVgy.exe

Filesize
6.0MB

MD5
6d6bbfde7333921fd6b929c13b1f798f

SHA1
86e61bfcda9d46a1d661a8c99ab65bb3ba72fb5c

SHA256
86296821d81a9a1faa48772620ccd95ea29d581f4dc3ab56c98db3ec510cc0c2

SHA512
e6b1ba2780493d6abecdde639082a3106f7a67685d49dbcf674b20a9a4c1ebd734cb200d83c6379f16d4aa8e3e3393a54c800f1a2ce834be8c512dcf5426bf79

Download Submit
\Windows\system\kAcEmUc.exe

Filesize
6.0MB

MD5
07d3e0b33d8c742b81bdcb4b8833e687

SHA1
ecbb53374c7a5ea3b694d687a8f062e3f983a236

SHA256
229fc508ec6d08c94f79b8d490b86fe0e38999eab282c8b5f95c5cfbd380e7bc

SHA512
b13132d9434c3e1cd567c98e510b01562a14703653dc488297d5ef2fef3434c94f0d2860f1f04f58862949e96d0f8d6f851ac65b54a36ccaabd4311a69daea22

Download Submit
memory/2068-3684-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2422-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3670-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2406-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1-0x0000000000370000-0x0000000000380000-memory.dmp

Filesize
64KB

Download
memory/2376-2301-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2297-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2299-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2416-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3065-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3066-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3130-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3129-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3121-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3128-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3116-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2298-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-3707-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3712-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2300-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download