cobaltstrike | a768f0dd113f261db98a674f072cb98bd8d2e94d1114dda026ca4c99c5b1111b

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

96004f677b9a1edba5a34ef70f6b528b
SHA1

7ffe44880c93dd884b48866b3c47ad4bc996bbfe
SHA256

a768f0dd113f261db98a674f072cb98bd8d2e94d1114dda026ca4c99c5b1111b
SHA512

5f14915037865afbb694034a2b20e01432129ce66834f876d00a6457258e324caffbdb67fb96a931282c28994f485ed1aeb7364f1f89c7466d1c4ec194295136
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000018334-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195a9-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195ab-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019547-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b5-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b7-49.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195bb-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-70.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bd-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a1-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49f-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-82.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0003000000018334-3.dat	xmrig
behavioral1/memory/2796-15-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2736-12-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00080000000195a9-11.dat	xmrig
behavioral1/memory/2980-22-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195ab-21.dat	xmrig
behavioral1/files/0x00070000000195af-24.dat	xmrig
behavioral1/memory/1916-29-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2920-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0007000000019547-31.dat	xmrig
behavioral1/files/0x00060000000195b5-38.dat	xmrig
behavioral1/memory/2796-39-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2820-44-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2736-35-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2052-46-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2980-47-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b7-49.dat	xmrig
behavioral1/memory/3052-55-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x00080000000195bb-56.dat	xmrig
behavioral1/files/0x000500000001a46f-70.dat	xmrig
behavioral1/memory/1916-71-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/952-75-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2052-74-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bd-76.dat	xmrig
behavioral1/memory/1916-65-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/3068-63-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/684-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2820-68-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a473-85.dat	xmrig
behavioral1/memory/2660-88-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a477-96.dat	xmrig
behavioral1/memory/1020-101-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2936-95-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-109.dat	xmrig
behavioral1/files/0x000500000001a47b-113.dat	xmrig
behavioral1/files/0x000500000001a47d-118.dat	xmrig
behavioral1/files/0x000500000001a480-124.dat	xmrig
behavioral1/files/0x000500000001a488-144.dat	xmrig
behavioral1/files/0x000500000001a491-163.dat	xmrig
behavioral1/files/0x000500000001a4a1-194.dat	xmrig
behavioral1/memory/2988-220-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2660-266-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1020-407-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2936-342-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2796-508-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2980-509-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49f-188.dat	xmrig
behavioral1/files/0x000500000001a49e-184.dat	xmrig
behavioral1/files/0x000500000001a49a-178.dat	xmrig
behavioral1/files/0x000500000001a493-169.dat	xmrig
behavioral1/files/0x000500000001a499-174.dat	xmrig
behavioral1/files/0x000500000001a48f-158.dat	xmrig
behavioral1/files/0x000500000001a48d-154.dat	xmrig
behavioral1/files/0x000500000001a48a-148.dat	xmrig
behavioral1/files/0x000500000001a486-138.dat	xmrig
behavioral1/files/0x000500000001a484-134.dat	xmrig
behavioral1/files/0x000500000001a482-128.dat	xmrig
behavioral1/files/0x000500000001a475-94.dat	xmrig
behavioral1/memory/1916-97-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2988-83-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-82.dat	xmrig
behavioral1/memory/2736-516-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2920-594-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2736	PCQsfZK.exe
2796	YXNLoDD.exe
2980	ITjTlXS.exe
2920	WmrkuNI.exe
2820	NFuDNgz.exe
2052	rSCJwYQ.exe
3052	PeTIvEc.exe
3068	FURZega.exe
952	VzWkINy.exe
684	FsASmXd.exe
2988	vyFSEuO.exe
2660	bSveqFt.exe
2936	lfQFogL.exe
1020	IkmrshE.exe
1380	NIossrb.exe
340	gFvAIQk.exe
2320	SJickNi.exe
1688	ENdwECo.exe
2340	NRGIpOc.exe
600	ggjASIM.exe
2468	WRMOhvQ.exe
2348	ckWsCfG.exe
1412	CePehSQ.exe
2152	wNaJFXr.exe
2312	ZYZHWOM.exe
2120	pPguuLN.exe
1960	EmIKUVt.exe
944	VImEKyc.exe
1600	CYYdsXz.exe
2492	ZtARYhj.exe
1724	UpwLWCw.exe
780	CbreKvB.exe
2436	mcHegsc.exe
1920	PxLnGeg.exe
1716	JUerDFP.exe
1220	fqlPlRj.exe
1720	qZonyli.exe
3024	wDrpaSK.exe
620	UtjOiMj.exe
1404	dBjRpVS.exe
1312	dAXIQMs.exe
3000	RWMXgHh.exe
2512	rUpitJl.exe
1556	MzQJcJI.exe
2008	zEjZKsN.exe
2504	DwhEjEN.exe
2012	azOgtHU.exe
1692	geSMUbP.exe
2532	nyiWmie.exe
2500	McJveos.exe
1588	YYcLobc.exe
1592	sTPfwmd.exe
2812	jEmOUFG.exe
2112	OiUlEdf.exe
2792	EILoXkH.exe
2864	JyprTSd.exe
2800	JjrLVKp.exe
2828	aKFjOBf.exe
2664	OzRnxxO.exe
2560	FeNmFdt.exe
2624	pJlwNhS.exe
2824	ppTLvJE.exe
2536	fcIPdvr.exe
1072	NwENvMs.exe

Loads dropped DLL 64 IoCs

pid	Process
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0003000000018334-3.dat	upx
behavioral1/memory/2796-15-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2736-12-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00080000000195a9-11.dat	upx
behavioral1/memory/2980-22-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00070000000195ab-21.dat	upx
behavioral1/files/0x00070000000195af-24.dat	upx
behavioral1/memory/1916-29-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2920-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0007000000019547-31.dat	upx
behavioral1/files/0x00060000000195b5-38.dat	upx
behavioral1/memory/2796-39-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2820-44-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2736-35-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2052-46-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2980-47-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00060000000195b7-49.dat	upx
behavioral1/memory/3052-55-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x00080000000195bb-56.dat	upx
behavioral1/files/0x000500000001a46f-70.dat	upx
behavioral1/memory/952-75-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2052-74-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x00070000000195bd-76.dat	upx
behavioral1/memory/3068-63-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/684-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2820-68-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x000500000001a473-85.dat	upx
behavioral1/memory/2660-88-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000500000001a477-96.dat	upx
behavioral1/memory/1020-101-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2936-95-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001a479-109.dat	upx
behavioral1/files/0x000500000001a47b-113.dat	upx
behavioral1/files/0x000500000001a47d-118.dat	upx
behavioral1/files/0x000500000001a480-124.dat	upx
behavioral1/files/0x000500000001a488-144.dat	upx
behavioral1/files/0x000500000001a491-163.dat	upx
behavioral1/files/0x000500000001a4a1-194.dat	upx
behavioral1/memory/2988-220-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2660-266-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1020-407-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2936-342-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2796-508-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2980-509-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000500000001a49f-188.dat	upx
behavioral1/files/0x000500000001a49e-184.dat	upx
behavioral1/files/0x000500000001a49a-178.dat	upx
behavioral1/files/0x000500000001a493-169.dat	upx
behavioral1/files/0x000500000001a499-174.dat	upx
behavioral1/files/0x000500000001a48f-158.dat	upx
behavioral1/files/0x000500000001a48d-154.dat	upx
behavioral1/files/0x000500000001a48a-148.dat	upx
behavioral1/files/0x000500000001a486-138.dat	upx
behavioral1/files/0x000500000001a484-134.dat	upx
behavioral1/files/0x000500000001a482-128.dat	upx
behavioral1/files/0x000500000001a475-94.dat	upx
behavioral1/memory/2988-83-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001a471-82.dat	upx
behavioral1/memory/2736-516-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2920-594-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2820-627-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2052-784-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/3052-893-0x000000013F320000-0x000000013F674000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ASOLTJu.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmqdDpp.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COaXDeq.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdUmyty.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAUZTSL.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTNRNHA.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efNsiDp.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlLDxsN.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCPtiaF.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtNtJWS.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBNwTXY.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJLzEKg.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIvASAu.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQEfuDt.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuWAsKr.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvzRbTC.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaegqfC.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYKrTkY.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paROdCM.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkjZnDj.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAdDJxO.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxIBzPb.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkyRhYB.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYZHWOM.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFMHJSk.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDNVUXP.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcbxgGT.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhlYCJt.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTinyBA.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwGfXXf.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiUlEdf.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEzJnTI.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyuQhKo.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlMUPFo.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhLThRN.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpVJnyK.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmvWNEb.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChTJNDT.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSCJwYQ.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvkdPAs.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aouWfbw.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQfrSYR.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYGJkbq.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgjVzBd.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpqErmV.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VshPSjq.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PchUrxe.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNZsnKc.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obQJfON.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeukzBz.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyVhWTv.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUMLYPj.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmkUGyI.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpWYpRC.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZUpjit.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlnoRVL.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyZhjAW.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWpcnhn.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmywqYw.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyDiAgB.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsFKYoO.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfOCjcm.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoeDHHW.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spZqhVe.exe	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2736	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1916 wrote to memory of 2736	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1916 wrote to memory of 2736	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1916 wrote to memory of 2796	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1916 wrote to memory of 2796	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1916 wrote to memory of 2796	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1916 wrote to memory of 2980	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1916 wrote to memory of 2980	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1916 wrote to memory of 2980	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1916 wrote to memory of 2920	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1916 wrote to memory of 2920	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1916 wrote to memory of 2920	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1916 wrote to memory of 2052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1916 wrote to memory of 2052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1916 wrote to memory of 2052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1916 wrote to memory of 2820	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1916 wrote to memory of 2820	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1916 wrote to memory of 2820	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1916 wrote to memory of 3052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1916 wrote to memory of 3052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1916 wrote to memory of 3052	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1916 wrote to memory of 3068	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1916 wrote to memory of 3068	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1916 wrote to memory of 3068	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1916 wrote to memory of 684	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1916 wrote to memory of 684	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1916 wrote to memory of 684	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1916 wrote to memory of 952	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1916 wrote to memory of 952	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1916 wrote to memory of 952	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1916 wrote to memory of 2988	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1916 wrote to memory of 2988	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1916 wrote to memory of 2988	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1916 wrote to memory of 2660	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1916 wrote to memory of 2660	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1916 wrote to memory of 2660	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1916 wrote to memory of 2936	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1916 wrote to memory of 2936	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1916 wrote to memory of 2936	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1916 wrote to memory of 1020	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1916 wrote to memory of 1020	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1916 wrote to memory of 1020	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1916 wrote to memory of 1380	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1916 wrote to memory of 1380	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1916 wrote to memory of 1380	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1916 wrote to memory of 340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1916 wrote to memory of 340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1916 wrote to memory of 340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1916 wrote to memory of 2320	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1916 wrote to memory of 2320	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1916 wrote to memory of 2320	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1916 wrote to memory of 1688	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1916 wrote to memory of 1688	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1916 wrote to memory of 1688	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1916 wrote to memory of 2340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1916 wrote to memory of 2340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1916 wrote to memory of 2340	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1916 wrote to memory of 600	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1916 wrote to memory of 600	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1916 wrote to memory of 600	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1916 wrote to memory of 2468	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1916 wrote to memory of 2468	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1916 wrote to memory of 2468	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1916 wrote to memory of 2348	1916	2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_96004f677b9a1edba5a34ef70f6b528b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\System\PCQsfZK.exe
  C:\Windows\System\PCQsfZK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\YXNLoDD.exe
  C:\Windows\System\YXNLoDD.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ITjTlXS.exe
  C:\Windows\System\ITjTlXS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\WmrkuNI.exe
  C:\Windows\System\WmrkuNI.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rSCJwYQ.exe
  C:\Windows\System\rSCJwYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\NFuDNgz.exe
  C:\Windows\System\NFuDNgz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\PeTIvEc.exe
  C:\Windows\System\PeTIvEc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\FURZega.exe
  C:\Windows\System\FURZega.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\FsASmXd.exe
  C:\Windows\System\FsASmXd.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\VzWkINy.exe
  C:\Windows\System\VzWkINy.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\vyFSEuO.exe
  C:\Windows\System\vyFSEuO.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\bSveqFt.exe
  C:\Windows\System\bSveqFt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\lfQFogL.exe
  C:\Windows\System\lfQFogL.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\IkmrshE.exe
  C:\Windows\System\IkmrshE.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\NIossrb.exe
  C:\Windows\System\NIossrb.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\gFvAIQk.exe
  C:\Windows\System\gFvAIQk.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\SJickNi.exe
  C:\Windows\System\SJickNi.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ENdwECo.exe
  C:\Windows\System\ENdwECo.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\NRGIpOc.exe
  C:\Windows\System\NRGIpOc.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\ggjASIM.exe
  C:\Windows\System\ggjASIM.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\WRMOhvQ.exe
  C:\Windows\System\WRMOhvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ckWsCfG.exe
  C:\Windows\System\ckWsCfG.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\CePehSQ.exe
  C:\Windows\System\CePehSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\wNaJFXr.exe
  C:\Windows\System\wNaJFXr.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ZYZHWOM.exe
  C:\Windows\System\ZYZHWOM.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pPguuLN.exe
  C:\Windows\System\pPguuLN.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\EmIKUVt.exe
  C:\Windows\System\EmIKUVt.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\VImEKyc.exe
  C:\Windows\System\VImEKyc.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\CYYdsXz.exe
  C:\Windows\System\CYYdsXz.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ZtARYhj.exe
  C:\Windows\System\ZtARYhj.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\UpwLWCw.exe
  C:\Windows\System\UpwLWCw.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\CbreKvB.exe
  C:\Windows\System\CbreKvB.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\mcHegsc.exe
  C:\Windows\System\mcHegsc.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\PxLnGeg.exe
  C:\Windows\System\PxLnGeg.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\JUerDFP.exe
  C:\Windows\System\JUerDFP.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\fqlPlRj.exe
  C:\Windows\System\fqlPlRj.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\qZonyli.exe
  C:\Windows\System\qZonyli.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\wDrpaSK.exe
  C:\Windows\System\wDrpaSK.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\UtjOiMj.exe
  C:\Windows\System\UtjOiMj.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\dBjRpVS.exe
  C:\Windows\System\dBjRpVS.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\dAXIQMs.exe
  C:\Windows\System\dAXIQMs.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\RWMXgHh.exe
  C:\Windows\System\RWMXgHh.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\rUpitJl.exe
  C:\Windows\System\rUpitJl.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\MzQJcJI.exe
  C:\Windows\System\MzQJcJI.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zEjZKsN.exe
  C:\Windows\System\zEjZKsN.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\DwhEjEN.exe
  C:\Windows\System\DwhEjEN.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\azOgtHU.exe
  C:\Windows\System\azOgtHU.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\geSMUbP.exe
  C:\Windows\System\geSMUbP.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\nyiWmie.exe
  C:\Windows\System\nyiWmie.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\McJveos.exe
  C:\Windows\System\McJveos.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\YYcLobc.exe
  C:\Windows\System\YYcLobc.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\sTPfwmd.exe
  C:\Windows\System\sTPfwmd.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\jEmOUFG.exe
  C:\Windows\System\jEmOUFG.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\OiUlEdf.exe
  C:\Windows\System\OiUlEdf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\EILoXkH.exe
  C:\Windows\System\EILoXkH.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JyprTSd.exe
  C:\Windows\System\JyprTSd.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\JjrLVKp.exe
  C:\Windows\System\JjrLVKp.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\aKFjOBf.exe
  C:\Windows\System\aKFjOBf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\OzRnxxO.exe
  C:\Windows\System\OzRnxxO.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\FeNmFdt.exe
  C:\Windows\System\FeNmFdt.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\pJlwNhS.exe
  C:\Windows\System\pJlwNhS.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ppTLvJE.exe
  C:\Windows\System\ppTLvJE.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\fcIPdvr.exe
  C:\Windows\System\fcIPdvr.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\NwENvMs.exe
  C:\Windows\System\NwENvMs.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\HuWAsKr.exe
  C:\Windows\System\HuWAsKr.exe
  2⤵
  PID:2644
- C:\Windows\System\lSlKZnG.exe
  C:\Windows\System\lSlKZnG.exe
  2⤵
  PID:2844
- C:\Windows\System\JEmtVIA.exe
  C:\Windows\System\JEmtVIA.exe
  2⤵
  PID:1028
- C:\Windows\System\SVarEbn.exe
  C:\Windows\System\SVarEbn.exe
  2⤵
  PID:1728
- C:\Windows\System\LkSHKCl.exe
  C:\Windows\System\LkSHKCl.exe
  2⤵
  PID:2632
- C:\Windows\System\aCVDuCm.exe
  C:\Windows\System\aCVDuCm.exe
  2⤵
  PID:700
- C:\Windows\System\myNPjKR.exe
  C:\Windows\System\myNPjKR.exe
  2⤵
  PID:776
- C:\Windows\System\vGHFGlk.exe
  C:\Windows\System\vGHFGlk.exe
  2⤵
  PID:548
- C:\Windows\System\FOLvOBw.exe
  C:\Windows\System\FOLvOBw.exe
  2⤵
  PID:1056
- C:\Windows\System\aSIOCTP.exe
  C:\Windows\System\aSIOCTP.exe
  2⤵
  PID:1760
- C:\Windows\System\FvYgqME.exe
  C:\Windows\System\FvYgqME.exe
  2⤵
  PID:2440
- C:\Windows\System\mitEoff.exe
  C:\Windows\System\mitEoff.exe
  2⤵
  PID:2016
- C:\Windows\System\sXukcJH.exe
  C:\Windows\System\sXukcJH.exe
  2⤵
  PID:964
- C:\Windows\System\BelzWaH.exe
  C:\Windows\System\BelzWaH.exe
  2⤵
  PID:1712
- C:\Windows\System\rAiyczP.exe
  C:\Windows\System\rAiyczP.exe
  2⤵
  PID:2324
- C:\Windows\System\EHOBIUz.exe
  C:\Windows\System\EHOBIUz.exe
  2⤵
  PID:1548
- C:\Windows\System\JKVepDN.exe
  C:\Windows\System\JKVepDN.exe
  2⤵
  PID:1964
- C:\Windows\System\hEvudZi.exe
  C:\Windows\System\hEvudZi.exe
  2⤵
  PID:1372
- C:\Windows\System\NblwgbG.exe
  C:\Windows\System\NblwgbG.exe
  2⤵
  PID:3044
- C:\Windows\System\iNhFKYJ.exe
  C:\Windows\System\iNhFKYJ.exe
  2⤵
  PID:3040
- C:\Windows\System\dmIurSr.exe
  C:\Windows\System\dmIurSr.exe
  2⤵
  PID:2968
- C:\Windows\System\gyZhjAW.exe
  C:\Windows\System\gyZhjAW.exe
  2⤵
  PID:108
- C:\Windows\System\uMswtNP.exe
  C:\Windows\System\uMswtNP.exe
  2⤵
  PID:1608
- C:\Windows\System\ytoolDr.exe
  C:\Windows\System\ytoolDr.exe
  2⤵
  PID:892
- C:\Windows\System\mRbqLQZ.exe
  C:\Windows\System\mRbqLQZ.exe
  2⤵
  PID:1996
- C:\Windows\System\KeEmVUV.exe
  C:\Windows\System\KeEmVUV.exe
  2⤵
  PID:2248
- C:\Windows\System\vvgIget.exe
  C:\Windows\System\vvgIget.exe
  2⤵
  PID:1744
- C:\Windows\System\wCBRVMP.exe
  C:\Windows\System\wCBRVMP.exe
  2⤵
  PID:3020
- C:\Windows\System\lvjcgmM.exe
  C:\Windows\System\lvjcgmM.exe
  2⤵
  PID:2976
- C:\Windows\System\aBQnMap.exe
  C:\Windows\System\aBQnMap.exe
  2⤵
  PID:2848
- C:\Windows\System\dqLnatS.exe
  C:\Windows\System\dqLnatS.exe
  2⤵
  PID:2712
- C:\Windows\System\qUOlqAq.exe
  C:\Windows\System\qUOlqAq.exe
  2⤵
  PID:2332
- C:\Windows\System\IkifszS.exe
  C:\Windows\System\IkifszS.exe
  2⤵
  PID:2704
- C:\Windows\System\vGYMbhR.exe
  C:\Windows\System\vGYMbhR.exe
  2⤵
  PID:2924
- C:\Windows\System\tiObuYD.exe
  C:\Windows\System\tiObuYD.exe
  2⤵
  PID:2904
- C:\Windows\System\lIMPZsH.exe
  C:\Windows\System\lIMPZsH.exe
  2⤵
  PID:832
- C:\Windows\System\amGYVrk.exe
  C:\Windows\System\amGYVrk.exe
  2⤵
  PID:2768
- C:\Windows\System\OAaqZxm.exe
  C:\Windows\System\OAaqZxm.exe
  2⤵
  PID:2472
- C:\Windows\System\ijPUWdr.exe
  C:\Windows\System\ijPUWdr.exe
  2⤵
  PID:1184
- C:\Windows\System\OblaIkB.exe
  C:\Windows\System\OblaIkB.exe
  2⤵
  PID:2104
- C:\Windows\System\VUdQQdG.exe
  C:\Windows\System\VUdQQdG.exe
  2⤵
  PID:2140
- C:\Windows\System\ewdhkUy.exe
  C:\Windows\System\ewdhkUy.exe
  2⤵
  PID:1496
- C:\Windows\System\tTKrZHu.exe
  C:\Windows\System\tTKrZHu.exe
  2⤵
  PID:1136
- C:\Windows\System\OVYamOt.exe
  C:\Windows\System\OVYamOt.exe
  2⤵
  PID:1080
- C:\Windows\System\UpVydba.exe
  C:\Windows\System\UpVydba.exe
  2⤵
  PID:2528
- C:\Windows\System\eVKDtUf.exe
  C:\Windows\System\eVKDtUf.exe
  2⤵
  PID:1512
- C:\Windows\System\QzsKAjJ.exe
  C:\Windows\System\QzsKAjJ.exe
  2⤵
  PID:1332
- C:\Windows\System\pQrgNiy.exe
  C:\Windows\System\pQrgNiy.exe
  2⤵
  PID:708
- C:\Windows\System\oveQWIS.exe
  C:\Windows\System\oveQWIS.exe
  2⤵
  PID:3012
- C:\Windows\System\ckHPDpf.exe
  C:\Windows\System\ckHPDpf.exe
  2⤵
  PID:1560
- C:\Windows\System\CfYNtzs.exe
  C:\Windows\System\CfYNtzs.exe
  2⤵
  PID:2700
- C:\Windows\System\whtmeLg.exe
  C:\Windows\System\whtmeLg.exe
  2⤵
  PID:2708
- C:\Windows\System\aTMyzIF.exe
  C:\Windows\System\aTMyzIF.exe
  2⤵
  PID:3064
- C:\Windows\System\kIXwLAM.exe
  C:\Windows\System\kIXwLAM.exe
  2⤵
  PID:872
- C:\Windows\System\PsmpwZl.exe
  C:\Windows\System\PsmpwZl.exe
  2⤵
  PID:1436
- C:\Windows\System\CIAsfMW.exe
  C:\Windows\System\CIAsfMW.exe
  2⤵
  PID:2960
- C:\Windows\System\dFaobXl.exe
  C:\Windows\System\dFaobXl.exe
  2⤵
  PID:2128
- C:\Windows\System\AsUGDyj.exe
  C:\Windows\System\AsUGDyj.exe
  2⤵
  PID:980
- C:\Windows\System\kuBZTda.exe
  C:\Windows\System\kuBZTda.exe
  2⤵
  PID:2136
- C:\Windows\System\LiWRpST.exe
  C:\Windows\System\LiWRpST.exe
  2⤵
  PID:388
- C:\Windows\System\CaFdZWx.exe
  C:\Windows\System\CaFdZWx.exe
  2⤵
  PID:2932
- C:\Windows\System\hUtbfRh.exe
  C:\Windows\System\hUtbfRh.exe
  2⤵
  PID:1940
- C:\Windows\System\RtbbjbR.exe
  C:\Windows\System\RtbbjbR.exe
  2⤵
  PID:2940
- C:\Windows\System\lceUUwz.exe
  C:\Windows\System\lceUUwz.exe
  2⤵
  PID:2964
- C:\Windows\System\aWtymSq.exe
  C:\Windows\System\aWtymSq.exe
  2⤵
  PID:2748
- C:\Windows\System\XrfAMgZ.exe
  C:\Windows\System\XrfAMgZ.exe
  2⤵
  PID:2740
- C:\Windows\System\HjPzzaC.exe
  C:\Windows\System\HjPzzaC.exe
  2⤵
  PID:2868
- C:\Windows\System\BLhHOoP.exe
  C:\Windows\System\BLhHOoP.exe
  2⤵
  PID:1648
- C:\Windows\System\LtjvPAy.exe
  C:\Windows\System\LtjvPAy.exe
  2⤵
  PID:396
- C:\Windows\System\NvzRbTC.exe
  C:\Windows\System\NvzRbTC.exe
  2⤵
  PID:2100
- C:\Windows\System\IagIvyg.exe
  C:\Windows\System\IagIvyg.exe
  2⤵
  PID:2208
- C:\Windows\System\aRGLgCi.exe
  C:\Windows\System\aRGLgCi.exe
  2⤵
  PID:1296
- C:\Windows\System\hoXZWAc.exe
  C:\Windows\System\hoXZWAc.exe
  2⤵
  PID:1148
- C:\Windows\System\LOrYqsw.exe
  C:\Windows\System\LOrYqsw.exe
  2⤵
  PID:2260
- C:\Windows\System\LdMEveh.exe
  C:\Windows\System\LdMEveh.exe
  2⤵
  PID:636
- C:\Windows\System\jqiAiSa.exe
  C:\Windows\System\jqiAiSa.exe
  2⤵
  PID:1616
- C:\Windows\System\Plljjmi.exe
  C:\Windows\System\Plljjmi.exe
  2⤵
  PID:2860
- C:\Windows\System\kRfANVE.exe
  C:\Windows\System\kRfANVE.exe
  2⤵
  PID:1628
- C:\Windows\System\fhoNVQB.exe
  C:\Windows\System\fhoNVQB.exe
  2⤵
  PID:648
- C:\Windows\System\tUqoDfK.exe
  C:\Windows\System\tUqoDfK.exe
  2⤵
  PID:1732
- C:\Windows\System\obQJfON.exe
  C:\Windows\System\obQJfON.exe
  2⤵
  PID:2148
- C:\Windows\System\AhSgSUn.exe
  C:\Windows\System\AhSgSUn.exe
  2⤵
  PID:1120
- C:\Windows\System\NkJPVxo.exe
  C:\Windows\System\NkJPVxo.exe
  2⤵
  PID:2412
- C:\Windows\System\fSKMrCV.exe
  C:\Windows\System\fSKMrCV.exe
  2⤵
  PID:2880
- C:\Windows\System\MZCGLFk.exe
  C:\Windows\System\MZCGLFk.exe
  2⤵
  PID:1364
- C:\Windows\System\bwkIEcQ.exe
  C:\Windows\System\bwkIEcQ.exe
  2⤵
  PID:3036
- C:\Windows\System\QaZTvZg.exe
  C:\Windows\System\QaZTvZg.exe
  2⤵
  PID:1924
- C:\Windows\System\BxxqIaT.exe
  C:\Windows\System\BxxqIaT.exe
  2⤵
  PID:3056
- C:\Windows\System\KNNSNoE.exe
  C:\Windows\System\KNNSNoE.exe
  2⤵
  PID:1248
- C:\Windows\System\gXScocs.exe
  C:\Windows\System\gXScocs.exe
  2⤵
  PID:1764
- C:\Windows\System\ONvFybl.exe
  C:\Windows\System\ONvFybl.exe
  2⤵
  PID:2992
- C:\Windows\System\mIYPdIZ.exe
  C:\Windows\System\mIYPdIZ.exe
  2⤵
  PID:1104
- C:\Windows\System\MNIDXhp.exe
  C:\Windows\System\MNIDXhp.exe
  2⤵
  PID:2240
- C:\Windows\System\qWMrICo.exe
  C:\Windows\System\qWMrICo.exe
  2⤵
  PID:272
- C:\Windows\System\wgGPAqB.exe
  C:\Windows\System\wgGPAqB.exe
  2⤵
  PID:2328
- C:\Windows\System\afuwsdp.exe
  C:\Windows\System\afuwsdp.exe
  2⤵
  PID:2460
- C:\Windows\System\YMItnYa.exe
  C:\Windows\System\YMItnYa.exe
  2⤵
  PID:2376
- C:\Windows\System\XMnvBkC.exe
  C:\Windows\System\XMnvBkC.exe
  2⤵
  PID:2952
- C:\Windows\System\tugtogr.exe
  C:\Windows\System\tugtogr.exe
  2⤵
  PID:908
- C:\Windows\System\dKeHKCj.exe
  C:\Windows\System\dKeHKCj.exe
  2⤵
  PID:1156
- C:\Windows\System\aZDAYxI.exe
  C:\Windows\System\aZDAYxI.exe
  2⤵
  PID:2892
- C:\Windows\System\nWzIQTr.exe
  C:\Windows\System\nWzIQTr.exe
  2⤵
  PID:1784
- C:\Windows\System\zhMTGMY.exe
  C:\Windows\System\zhMTGMY.exe
  2⤵
  PID:1564
- C:\Windows\System\jExitcR.exe
  C:\Windows\System\jExitcR.exe
  2⤵
  PID:2116
- C:\Windows\System\QtmEsvB.exe
  C:\Windows\System\QtmEsvB.exe
  2⤵
  PID:772
- C:\Windows\System\XwPrmKT.exe
  C:\Windows\System\XwPrmKT.exe
  2⤵
  PID:2640
- C:\Windows\System\rMZDHdH.exe
  C:\Windows\System\rMZDHdH.exe
  2⤵
  PID:2236
- C:\Windows\System\uPbxBEu.exe
  C:\Windows\System\uPbxBEu.exe
  2⤵
  PID:2084
- C:\Windows\System\SIpCXiP.exe
  C:\Windows\System\SIpCXiP.exe
  2⤵
  PID:1368
- C:\Windows\System\RBeiwyW.exe
  C:\Windows\System\RBeiwyW.exe
  2⤵
  PID:2652
- C:\Windows\System\uUdGPCg.exe
  C:\Windows\System\uUdGPCg.exe
  2⤵
  PID:1008
- C:\Windows\System\azWAlyY.exe
  C:\Windows\System\azWAlyY.exe
  2⤵
  PID:236
- C:\Windows\System\YsRAmYz.exe
  C:\Windows\System\YsRAmYz.exe
  2⤵
  PID:3088
- C:\Windows\System\hGfWeGp.exe
  C:\Windows\System\hGfWeGp.exe
  2⤵
  PID:3112
- C:\Windows\System\sVNmmSP.exe
  C:\Windows\System\sVNmmSP.exe
  2⤵
  PID:3132
- C:\Windows\System\WyOdRao.exe
  C:\Windows\System\WyOdRao.exe
  2⤵
  PID:3152
- C:\Windows\System\uJZNFby.exe
  C:\Windows\System\uJZNFby.exe
  2⤵
  PID:3176
- C:\Windows\System\kyivKNX.exe
  C:\Windows\System\kyivKNX.exe
  2⤵
  PID:3196
- C:\Windows\System\xsUeBJx.exe
  C:\Windows\System\xsUeBJx.exe
  2⤵
  PID:3220
- C:\Windows\System\bUajVxY.exe
  C:\Windows\System\bUajVxY.exe
  2⤵
  PID:3236
- C:\Windows\System\lUaTBOS.exe
  C:\Windows\System\lUaTBOS.exe
  2⤵
  PID:3256
- C:\Windows\System\CcYonPy.exe
  C:\Windows\System\CcYonPy.exe
  2⤵
  PID:3272
- C:\Windows\System\UcKlnau.exe
  C:\Windows\System\UcKlnau.exe
  2⤵
  PID:3296
- C:\Windows\System\ZSrdxRA.exe
  C:\Windows\System\ZSrdxRA.exe
  2⤵
  PID:3316
- C:\Windows\System\EtKdPrs.exe
  C:\Windows\System\EtKdPrs.exe
  2⤵
  PID:3340
- C:\Windows\System\MiHxXUb.exe
  C:\Windows\System\MiHxXUb.exe
  2⤵
  PID:3356
- C:\Windows\System\OqhEXBp.exe
  C:\Windows\System\OqhEXBp.exe
  2⤵
  PID:3372
- C:\Windows\System\ZfVybtb.exe
  C:\Windows\System\ZfVybtb.exe
  2⤵
  PID:3388
- C:\Windows\System\UfHtocy.exe
  C:\Windows\System\UfHtocy.exe
  2⤵
  PID:3416
- C:\Windows\System\ivvViFU.exe
  C:\Windows\System\ivvViFU.exe
  2⤵
  PID:3432
- C:\Windows\System\tEOTcLk.exe
  C:\Windows\System\tEOTcLk.exe
  2⤵
  PID:3460
- C:\Windows\System\zBHXlyE.exe
  C:\Windows\System\zBHXlyE.exe
  2⤵
  PID:3480
- C:\Windows\System\PTOLTGr.exe
  C:\Windows\System\PTOLTGr.exe
  2⤵
  PID:3496
- C:\Windows\System\jwMwwdU.exe
  C:\Windows\System\jwMwwdU.exe
  2⤵
  PID:3512
- C:\Windows\System\IuOasAU.exe
  C:\Windows\System\IuOasAU.exe
  2⤵
  PID:3532
- C:\Windows\System\dnCFNcD.exe
  C:\Windows\System\dnCFNcD.exe
  2⤵
  PID:3548
- C:\Windows\System\rHaEbGe.exe
  C:\Windows\System\rHaEbGe.exe
  2⤵
  PID:3568
- C:\Windows\System\MJgRWyY.exe
  C:\Windows\System\MJgRWyY.exe
  2⤵
  PID:3588
- C:\Windows\System\CthkesO.exe
  C:\Windows\System\CthkesO.exe
  2⤵
  PID:3608
- C:\Windows\System\bmbFacu.exe
  C:\Windows\System\bmbFacu.exe
  2⤵
  PID:3632
- C:\Windows\System\HGOVEPt.exe
  C:\Windows\System\HGOVEPt.exe
  2⤵
  PID:3656
- C:\Windows\System\FPRGYeC.exe
  C:\Windows\System\FPRGYeC.exe
  2⤵
  PID:3676
- C:\Windows\System\ZRhRPcZ.exe
  C:\Windows\System\ZRhRPcZ.exe
  2⤵
  PID:3696
- C:\Windows\System\nWPbwno.exe
  C:\Windows\System\nWPbwno.exe
  2⤵
  PID:3716
- C:\Windows\System\lsPxdkb.exe
  C:\Windows\System\lsPxdkb.exe
  2⤵
  PID:3740
- C:\Windows\System\rPzBgHD.exe
  C:\Windows\System\rPzBgHD.exe
  2⤵
  PID:3756
- C:\Windows\System\lTwBwXW.exe
  C:\Windows\System\lTwBwXW.exe
  2⤵
  PID:3772
- C:\Windows\System\yIUpIyK.exe
  C:\Windows\System\yIUpIyK.exe
  2⤵
  PID:3788
- C:\Windows\System\YipAXgi.exe
  C:\Windows\System\YipAXgi.exe
  2⤵
  PID:3820
- C:\Windows\System\FuCsOKH.exe
  C:\Windows\System\FuCsOKH.exe
  2⤵
  PID:3836
- C:\Windows\System\VkdjhQr.exe
  C:\Windows\System\VkdjhQr.exe
  2⤵
  PID:3860
- C:\Windows\System\MCHHdJe.exe
  C:\Windows\System\MCHHdJe.exe
  2⤵
  PID:3880
- C:\Windows\System\FSGQjKo.exe
  C:\Windows\System\FSGQjKo.exe
  2⤵
  PID:3896
- C:\Windows\System\XPdaVZH.exe
  C:\Windows\System\XPdaVZH.exe
  2⤵
  PID:3912
- C:\Windows\System\GefeDEp.exe
  C:\Windows\System\GefeDEp.exe
  2⤵
  PID:3936
- C:\Windows\System\nmTeRGs.exe
  C:\Windows\System\nmTeRGs.exe
  2⤵
  PID:3956
- C:\Windows\System\YVGopgi.exe
  C:\Windows\System\YVGopgi.exe
  2⤵
  PID:3980
- C:\Windows\System\wicDMLt.exe
  C:\Windows\System\wicDMLt.exe
  2⤵
  PID:3996
- C:\Windows\System\PBAtxtq.exe
  C:\Windows\System\PBAtxtq.exe
  2⤵
  PID:4016
- C:\Windows\System\HIIhlpl.exe
  C:\Windows\System\HIIhlpl.exe
  2⤵
  PID:4032
- C:\Windows\System\GdZdkPr.exe
  C:\Windows\System\GdZdkPr.exe
  2⤵
  PID:4068
- C:\Windows\System\wgPGDXG.exe
  C:\Windows\System\wgPGDXG.exe
  2⤵
  PID:4084
- C:\Windows\System\lRoAskO.exe
  C:\Windows\System\lRoAskO.exe
  2⤵
  PID:3076
- C:\Windows\System\opIEbNC.exe
  C:\Windows\System\opIEbNC.exe
  2⤵
  PID:2176
- C:\Windows\System\LXEnwDx.exe
  C:\Windows\System\LXEnwDx.exe
  2⤵
  PID:3100
- C:\Windows\System\qHhLQGl.exe
  C:\Windows\System\qHhLQGl.exe
  2⤵
  PID:3128
- C:\Windows\System\bzoMPSf.exe
  C:\Windows\System\bzoMPSf.exe
  2⤵
  PID:3172
- C:\Windows\System\oeiZJzw.exe
  C:\Windows\System\oeiZJzw.exe
  2⤵
  PID:3204
- C:\Windows\System\tdveSQJ.exe
  C:\Windows\System\tdveSQJ.exe
  2⤵
  PID:3252
- C:\Windows\System\dmLjSwr.exe
  C:\Windows\System\dmLjSwr.exe
  2⤵
  PID:3292
- C:\Windows\System\CHBuwDQ.exe
  C:\Windows\System\CHBuwDQ.exe
  2⤵
  PID:932
- C:\Windows\System\tFeAhxu.exe
  C:\Windows\System\tFeAhxu.exe
  2⤵
  PID:3336
- C:\Windows\System\oqLGMVI.exe
  C:\Windows\System\oqLGMVI.exe
  2⤵
  PID:3368
- C:\Windows\System\CeRTQOf.exe
  C:\Windows\System\CeRTQOf.exe
  2⤵
  PID:3408
- C:\Windows\System\eUzXPXk.exe
  C:\Windows\System\eUzXPXk.exe
  2⤵
  PID:3448
- C:\Windows\System\gFeibOj.exe
  C:\Windows\System\gFeibOj.exe
  2⤵
  PID:3428
- C:\Windows\System\iqvMeLl.exe
  C:\Windows\System\iqvMeLl.exe
  2⤵
  PID:3468
- C:\Windows\System\uqZpobw.exe
  C:\Windows\System\uqZpobw.exe
  2⤵
  PID:3528
- C:\Windows\System\DdEeBiH.exe
  C:\Windows\System\DdEeBiH.exe
  2⤵
  PID:3596
- C:\Windows\System\rEzKMLC.exe
  C:\Windows\System\rEzKMLC.exe
  2⤵
  PID:3604
- C:\Windows\System\yNjvBOk.exe
  C:\Windows\System\yNjvBOk.exe
  2⤵
  PID:3620
- C:\Windows\System\ntsnfIb.exe
  C:\Windows\System\ntsnfIb.exe
  2⤵
  PID:3624
- C:\Windows\System\RoiJInS.exe
  C:\Windows\System\RoiJInS.exe
  2⤵
  PID:3668
- C:\Windows\System\pSYaBDp.exe
  C:\Windows\System\pSYaBDp.exe
  2⤵
  PID:3728
- C:\Windows\System\jycfnTF.exe
  C:\Windows\System\jycfnTF.exe
  2⤵
  PID:3752
- C:\Windows\System\pfiVFvl.exe
  C:\Windows\System\pfiVFvl.exe
  2⤵
  PID:3804
- C:\Windows\System\QMFFdnh.exe
  C:\Windows\System\QMFFdnh.exe
  2⤵
  PID:3164
- C:\Windows\System\MHoHyrW.exe
  C:\Windows\System\MHoHyrW.exe
  2⤵
  PID:3892
- C:\Windows\System\OGJEwgv.exe
  C:\Windows\System\OGJEwgv.exe
  2⤵
  PID:3924
- C:\Windows\System\KZsEoUO.exe
  C:\Windows\System\KZsEoUO.exe
  2⤵
  PID:3908
- C:\Windows\System\ScvefVH.exe
  C:\Windows\System\ScvefVH.exe
  2⤵
  PID:3976
- C:\Windows\System\CvmrmaC.exe
  C:\Windows\System\CvmrmaC.exe
  2⤵
  PID:4012
- C:\Windows\System\gvkdPAs.exe
  C:\Windows\System\gvkdPAs.exe
  2⤵
  PID:4056
- C:\Windows\System\CIEGDiy.exe
  C:\Windows\System\CIEGDiy.exe
  2⤵
  PID:3992
- C:\Windows\System\gAKPAld.exe
  C:\Windows\System\gAKPAld.exe
  2⤵
  PID:3080
- C:\Windows\System\vgRBNLE.exe
  C:\Windows\System\vgRBNLE.exe
  2⤵
  PID:972
- C:\Windows\System\xoyGVYL.exe
  C:\Windows\System\xoyGVYL.exe
  2⤵
  PID:3208
- C:\Windows\System\ICBbbeD.exe
  C:\Windows\System\ICBbbeD.exe
  2⤵
  PID:3248
- C:\Windows\System\fuotRRq.exe
  C:\Windows\System\fuotRRq.exe
  2⤵
  PID:3284
- C:\Windows\System\FuZmspY.exe
  C:\Windows\System\FuZmspY.exe
  2⤵
  PID:3348
- C:\Windows\System\otlVJJG.exe
  C:\Windows\System\otlVJJG.exe
  2⤵
  PID:3384
- C:\Windows\System\yenJgcA.exe
  C:\Windows\System\yenJgcA.exe
  2⤵
  PID:3424
- C:\Windows\System\hLUnwiK.exe
  C:\Windows\System\hLUnwiK.exe
  2⤵
  PID:3456
- C:\Windows\System\JXvqenJ.exe
  C:\Windows\System\JXvqenJ.exe
  2⤵
  PID:3564
- C:\Windows\System\YZtePAf.exe
  C:\Windows\System\YZtePAf.exe
  2⤵
  PID:3652
- C:\Windows\System\GiqtIxe.exe
  C:\Windows\System\GiqtIxe.exe
  2⤵
  PID:3628
- C:\Windows\System\jdOHVum.exe
  C:\Windows\System\jdOHVum.exe
  2⤵
  PID:3704
- C:\Windows\System\hXDpcHr.exe
  C:\Windows\System\hXDpcHr.exe
  2⤵
  PID:3920
- C:\Windows\System\NZqKQzi.exe
  C:\Windows\System\NZqKQzi.exe
  2⤵
  PID:3852
- C:\Windows\System\aEiFGWL.exe
  C:\Windows\System\aEiFGWL.exe
  2⤵
  PID:3796
- C:\Windows\System\ScfnOcT.exe
  C:\Windows\System\ScfnOcT.exe
  2⤵
  PID:4004
- C:\Windows\System\YFwaeVV.exe
  C:\Windows\System\YFwaeVV.exe
  2⤵
  PID:4028
- C:\Windows\System\IBiWYfj.exe
  C:\Windows\System\IBiWYfj.exe
  2⤵
  PID:4076
- C:\Windows\System\OVMpIjQ.exe
  C:\Windows\System\OVMpIjQ.exe
  2⤵
  PID:3168
- C:\Windows\System\IWpcnhn.exe
  C:\Windows\System\IWpcnhn.exe
  2⤵
  PID:3544
- C:\Windows\System\gpqchJo.exe
  C:\Windows\System\gpqchJo.exe
  2⤵
  PID:3244
- C:\Windows\System\SWOqFGC.exe
  C:\Windows\System\SWOqFGC.exe
  2⤵
  PID:3268
- C:\Windows\System\KYaiYOC.exe
  C:\Windows\System\KYaiYOC.exe
  2⤵
  PID:3472
- C:\Windows\System\TdVxbJA.exe
  C:\Windows\System\TdVxbJA.exe
  2⤵
  PID:3524
- C:\Windows\System\SwWiaDl.exe
  C:\Windows\System\SwWiaDl.exe
  2⤵
  PID:3640
- C:\Windows\System\JAOZZQq.exe
  C:\Windows\System\JAOZZQq.exe
  2⤵
  PID:3584
- C:\Windows\System\tXAAOvH.exe
  C:\Windows\System\tXAAOvH.exe
  2⤵
  PID:3876
- C:\Windows\System\YjGLsHl.exe
  C:\Windows\System\YjGLsHl.exe
  2⤵
  PID:3868
- C:\Windows\System\MvEqZOb.exe
  C:\Windows\System\MvEqZOb.exe
  2⤵
  PID:3964
- C:\Windows\System\kxDZxUW.exe
  C:\Windows\System\kxDZxUW.exe
  2⤵
  PID:4092
- C:\Windows\System\CDNMHWK.exe
  C:\Windows\System\CDNMHWK.exe
  2⤵
  PID:3120
- C:\Windows\System\HZppHkR.exe
  C:\Windows\System\HZppHkR.exe
  2⤵
  PID:3556
- C:\Windows\System\OHuTRHW.exe
  C:\Windows\System\OHuTRHW.exe
  2⤵
  PID:3228
- C:\Windows\System\UrEuURt.exe
  C:\Windows\System\UrEuURt.exe
  2⤵
  PID:3732
- C:\Windows\System\QkeccQy.exe
  C:\Windows\System\QkeccQy.exe
  2⤵
  PID:3576
- C:\Windows\System\Rtjddpc.exe
  C:\Windows\System\Rtjddpc.exe
  2⤵
  PID:3968
- C:\Windows\System\bLRXMbi.exe
  C:\Windows\System\bLRXMbi.exe
  2⤵
  PID:3312
- C:\Windows\System\BCbVgKg.exe
  C:\Windows\System\BCbVgKg.exe
  2⤵
  PID:3648
- C:\Windows\System\cWsGaWH.exe
  C:\Windows\System\cWsGaWH.exe
  2⤵
  PID:3848
- C:\Windows\System\CdPdvlA.exe
  C:\Windows\System\CdPdvlA.exe
  2⤵
  PID:4116
- C:\Windows\System\HDgMFUj.exe
  C:\Windows\System\HDgMFUj.exe
  2⤵
  PID:4136
- C:\Windows\System\HijYjxw.exe
  C:\Windows\System\HijYjxw.exe
  2⤵
  PID:4152
- C:\Windows\System\pDQEkUq.exe
  C:\Windows\System\pDQEkUq.exe
  2⤵
  PID:4172
- C:\Windows\System\kxnFgZO.exe
  C:\Windows\System\kxnFgZO.exe
  2⤵
  PID:4192
- C:\Windows\System\bFMHJSk.exe
  C:\Windows\System\bFMHJSk.exe
  2⤵
  PID:4228
- C:\Windows\System\IjOCnIK.exe
  C:\Windows\System\IjOCnIK.exe
  2⤵
  PID:4268
- C:\Windows\System\UosKxYK.exe
  C:\Windows\System\UosKxYK.exe
  2⤵
  PID:4284
- C:\Windows\System\TbZpuiy.exe
  C:\Windows\System\TbZpuiy.exe
  2⤵
  PID:4308
- C:\Windows\System\atkUILi.exe
  C:\Windows\System\atkUILi.exe
  2⤵
  PID:4324
- C:\Windows\System\eUTIgRR.exe
  C:\Windows\System\eUTIgRR.exe
  2⤵
  PID:4348
- C:\Windows\System\NjedTpw.exe
  C:\Windows\System\NjedTpw.exe
  2⤵
  PID:4364
- C:\Windows\System\zRAZPeh.exe
  C:\Windows\System\zRAZPeh.exe
  2⤵
  PID:4384
- C:\Windows\System\TGRchYB.exe
  C:\Windows\System\TGRchYB.exe
  2⤵
  PID:4404
- C:\Windows\System\HNDUOuC.exe
  C:\Windows\System\HNDUOuC.exe
  2⤵
  PID:4424
- C:\Windows\System\BvatyEo.exe
  C:\Windows\System\BvatyEo.exe
  2⤵
  PID:4440
- C:\Windows\System\RmlROVo.exe
  C:\Windows\System\RmlROVo.exe
  2⤵
  PID:4468
- C:\Windows\System\vjoeLmV.exe
  C:\Windows\System\vjoeLmV.exe
  2⤵
  PID:4484
- C:\Windows\System\VyWKsed.exe
  C:\Windows\System\VyWKsed.exe
  2⤵
  PID:4508
- C:\Windows\System\CcCkhjr.exe
  C:\Windows\System\CcCkhjr.exe
  2⤵
  PID:4528
- C:\Windows\System\sdFpknP.exe
  C:\Windows\System\sdFpknP.exe
  2⤵
  PID:4544
- C:\Windows\System\sRAzPPx.exe
  C:\Windows\System\sRAzPPx.exe
  2⤵
  PID:4564
- C:\Windows\System\iPduubc.exe
  C:\Windows\System\iPduubc.exe
  2⤵
  PID:4592
- C:\Windows\System\dEzJnTI.exe
  C:\Windows\System\dEzJnTI.exe
  2⤵
  PID:4608
- C:\Windows\System\EFcmGTe.exe
  C:\Windows\System\EFcmGTe.exe
  2⤵
  PID:4624
- C:\Windows\System\yDfNlCZ.exe
  C:\Windows\System\yDfNlCZ.exe
  2⤵
  PID:4640
- C:\Windows\System\iHpHCGL.exe
  C:\Windows\System\iHpHCGL.exe
  2⤵
  PID:4664
- C:\Windows\System\TvisCJV.exe
  C:\Windows\System\TvisCJV.exe
  2⤵
  PID:4684
- C:\Windows\System\EjShPHt.exe
  C:\Windows\System\EjShPHt.exe
  2⤵
  PID:4716
- C:\Windows\System\dQpBiXY.exe
  C:\Windows\System\dQpBiXY.exe
  2⤵
  PID:4732
- C:\Windows\System\LETGHXD.exe
  C:\Windows\System\LETGHXD.exe
  2⤵
  PID:4748
- C:\Windows\System\pZTsAGj.exe
  C:\Windows\System\pZTsAGj.exe
  2⤵
  PID:4764
- C:\Windows\System\hQNFlcu.exe
  C:\Windows\System\hQNFlcu.exe
  2⤵
  PID:4796
- C:\Windows\System\ebsZqJx.exe
  C:\Windows\System\ebsZqJx.exe
  2⤵
  PID:4812
- C:\Windows\System\FZtWCCl.exe
  C:\Windows\System\FZtWCCl.exe
  2⤵
  PID:4832
- C:\Windows\System\YNjdRbc.exe
  C:\Windows\System\YNjdRbc.exe
  2⤵
  PID:4848
- C:\Windows\System\vmvJYal.exe
  C:\Windows\System\vmvJYal.exe
  2⤵
  PID:4868
- C:\Windows\System\MCfimfk.exe
  C:\Windows\System\MCfimfk.exe
  2⤵
  PID:4888
- C:\Windows\System\vrAUwpH.exe
  C:\Windows\System\vrAUwpH.exe
  2⤵
  PID:4908
- C:\Windows\System\ygycuVv.exe
  C:\Windows\System\ygycuVv.exe
  2⤵
  PID:4924
- C:\Windows\System\IjBzLiL.exe
  C:\Windows\System\IjBzLiL.exe
  2⤵
  PID:4940
- C:\Windows\System\lPRIYNp.exe
  C:\Windows\System\lPRIYNp.exe
  2⤵
  PID:4968
- C:\Windows\System\paROdCM.exe
  C:\Windows\System\paROdCM.exe
  2⤵
  PID:4992
- C:\Windows\System\lvabHtL.exe
  C:\Windows\System\lvabHtL.exe
  2⤵
  PID:5008
- C:\Windows\System\axUjugZ.exe
  C:\Windows\System\axUjugZ.exe
  2⤵
  PID:5032
- C:\Windows\System\VSokQdD.exe
  C:\Windows\System\VSokQdD.exe
  2⤵
  PID:5060
- C:\Windows\System\yfPOxoN.exe
  C:\Windows\System\yfPOxoN.exe
  2⤵
  PID:5080
- C:\Windows\System\GYBaWnp.exe
  C:\Windows\System\GYBaWnp.exe
  2⤵
  PID:5096
- C:\Windows\System\gKokaOX.exe
  C:\Windows\System\gKokaOX.exe
  2⤵
  PID:5116
- C:\Windows\System\DjIzsJf.exe
  C:\Windows\System\DjIzsJf.exe
  2⤵
  PID:4108
- C:\Windows\System\HgwtoHC.exe
  C:\Windows\System\HgwtoHC.exe
  2⤵
  PID:4188
- C:\Windows\System\dkTrvtz.exe
  C:\Windows\System\dkTrvtz.exe
  2⤵
  PID:2900
- C:\Windows\System\nIMPfiV.exe
  C:\Windows\System\nIMPfiV.exe
  2⤵
  PID:3192
- C:\Windows\System\GtVOPvm.exe
  C:\Windows\System\GtVOPvm.exe
  2⤵
  PID:4132
- C:\Windows\System\sSgbzgC.exe
  C:\Windows\System\sSgbzgC.exe
  2⤵
  PID:4216
- C:\Windows\System\YPtRayi.exe
  C:\Windows\System\YPtRayi.exe
  2⤵
  PID:4264
- C:\Windows\System\JUsNArk.exe
  C:\Windows\System\JUsNArk.exe
  2⤵
  PID:4204
- C:\Windows\System\OGDjwXs.exe
  C:\Windows\System\OGDjwXs.exe
  2⤵
  PID:4220
- C:\Windows\System\bshfOPt.exe
  C:\Windows\System\bshfOPt.exe
  2⤵
  PID:4304
- C:\Windows\System\VejNuEg.exe
  C:\Windows\System\VejNuEg.exe
  2⤵
  PID:4340
- C:\Windows\System\VfHQHey.exe
  C:\Windows\System\VfHQHey.exe
  2⤵
  PID:4360
- C:\Windows\System\ZemxJeJ.exe
  C:\Windows\System\ZemxJeJ.exe
  2⤵
  PID:4396
- C:\Windows\System\IzYJiHk.exe
  C:\Windows\System\IzYJiHk.exe
  2⤵
  PID:4448
- C:\Windows\System\Lwrpfcq.exe
  C:\Windows\System\Lwrpfcq.exe
  2⤵
  PID:4476
- C:\Windows\System\adbKlLE.exe
  C:\Windows\System\adbKlLE.exe
  2⤵
  PID:4500
- C:\Windows\System\vSKuecG.exe
  C:\Windows\System\vSKuecG.exe
  2⤵
  PID:4520
- C:\Windows\System\OIPqYMo.exe
  C:\Windows\System\OIPqYMo.exe
  2⤵
  PID:4580
- C:\Windows\System\nsLvOVX.exe
  C:\Windows\System\nsLvOVX.exe
  2⤵
  PID:4604
- C:\Windows\System\iBQgZSC.exe
  C:\Windows\System\iBQgZSC.exe
  2⤵
  PID:4656
- C:\Windows\System\azgQAeK.exe
  C:\Windows\System\azgQAeK.exe
  2⤵
  PID:4632
- C:\Windows\System\LZIlhXL.exe
  C:\Windows\System\LZIlhXL.exe
  2⤵
  PID:4680
- C:\Windows\System\aoBLVpn.exe
  C:\Windows\System\aoBLVpn.exe
  2⤵
  PID:4740
- C:\Windows\System\vvfnmyI.exe
  C:\Windows\System\vvfnmyI.exe
  2⤵
  PID:4788
- C:\Windows\System\kvYvZgT.exe
  C:\Windows\System\kvYvZgT.exe
  2⤵
  PID:4804
- C:\Windows\System\sYUYqRl.exe
  C:\Windows\System\sYUYqRl.exe
  2⤵
  PID:4856
- C:\Windows\System\BOMAxxs.exe
  C:\Windows\System\BOMAxxs.exe
  2⤵
  PID:4916
- C:\Windows\System\FldOaoC.exe
  C:\Windows\System\FldOaoC.exe
  2⤵
  PID:4936
- C:\Windows\System\CdLGuOF.exe
  C:\Windows\System\CdLGuOF.exe
  2⤵
  PID:4980
- C:\Windows\System\rUNLuEA.exe
  C:\Windows\System\rUNLuEA.exe
  2⤵
  PID:4948
- C:\Windows\System\lmHdZpu.exe
  C:\Windows\System\lmHdZpu.exe
  2⤵
  PID:4960
- C:\Windows\System\rGAfSKv.exe
  C:\Windows\System\rGAfSKv.exe
  2⤵
  PID:5004
- C:\Windows\System\QYgGBvO.exe
  C:\Windows\System\QYgGBvO.exe
  2⤵
  PID:5076
- C:\Windows\System\pvsEurn.exe
  C:\Windows\System\pvsEurn.exe
  2⤵
  PID:3160
- C:\Windows\System\FXmJUgO.exe
  C:\Windows\System\FXmJUgO.exe
  2⤵
  PID:4144
- C:\Windows\System\lHepZMs.exe
  C:\Windows\System\lHepZMs.exe
  2⤵
  PID:4236
- C:\Windows\System\ymQGaED.exe
  C:\Windows\System\ymQGaED.exe
  2⤵
  PID:4164
- C:\Windows\System\YIekazR.exe
  C:\Windows\System\YIekazR.exe
  2⤵
  PID:4248
- C:\Windows\System\iKvbJpp.exe
  C:\Windows\System\iKvbJpp.exe
  2⤵
  PID:4300
- C:\Windows\System\QlArbZu.exe
  C:\Windows\System\QlArbZu.exe
  2⤵
  PID:4208
- C:\Windows\System\oxsZuLz.exe
  C:\Windows\System\oxsZuLz.exe
  2⤵
  PID:4432
- C:\Windows\System\NAQoBdy.exe
  C:\Windows\System\NAQoBdy.exe
  2⤵
  PID:4332
- C:\Windows\System\dFzClKb.exe
  C:\Windows\System\dFzClKb.exe
  2⤵
  PID:4572
- C:\Windows\System\AvbGeTW.exe
  C:\Windows\System\AvbGeTW.exe
  2⤵
  PID:4376
- C:\Windows\System\PUOAGxM.exe
  C:\Windows\System\PUOAGxM.exe
  2⤵
  PID:4464
- C:\Windows\System\BrBpGvO.exe
  C:\Windows\System\BrBpGvO.exe
  2⤵
  PID:4648
- C:\Windows\System\oKNOLQn.exe
  C:\Windows\System\oKNOLQn.exe
  2⤵
  PID:4676
- C:\Windows\System\qPoqBuG.exe
  C:\Windows\System\qPoqBuG.exe
  2⤵
  PID:4724
- C:\Windows\System\OcLmHFS.exe
  C:\Windows\System\OcLmHFS.exe
  2⤵
  PID:4820
- C:\Windows\System\nkjZnDj.exe
  C:\Windows\System\nkjZnDj.exe
  2⤵
  PID:5024
- C:\Windows\System\mQMLuiH.exe
  C:\Windows\System\mQMLuiH.exe
  2⤵
  PID:4904
- C:\Windows\System\tfDJTMC.exe
  C:\Windows\System\tfDJTMC.exe
  2⤵
  PID:5028
- C:\Windows\System\wTKKnfO.exe
  C:\Windows\System\wTKKnfO.exe
  2⤵
  PID:5000
- C:\Windows\System\cQxcEha.exe
  C:\Windows\System\cQxcEha.exe
  2⤵
  PID:5072
- C:\Windows\System\fZvPJcm.exe
  C:\Windows\System\fZvPJcm.exe
  2⤵
  PID:5108
- C:\Windows\System\rcrzLMA.exe
  C:\Windows\System\rcrzLMA.exe
  2⤵
  PID:3096
- C:\Windows\System\IBNUPUH.exe
  C:\Windows\System\IBNUPUH.exe
  2⤵
  PID:3144
- C:\Windows\System\DexWohE.exe
  C:\Windows\System\DexWohE.exe
  2⤵
  PID:4240
- C:\Windows\System\CucvzFv.exe
  C:\Windows\System\CucvzFv.exe
  2⤵
  PID:4296
- C:\Windows\System\zPvKepc.exe
  C:\Windows\System\zPvKepc.exe
  2⤵
  PID:1892
- C:\Windows\System\CSDKBMJ.exe
  C:\Windows\System\CSDKBMJ.exe
  2⤵
  PID:4336
- C:\Windows\System\FMmLVVT.exe
  C:\Windows\System\FMmLVVT.exe
  2⤵
  PID:4524
- C:\Windows\System\XWtRzYb.exe
  C:\Windows\System\XWtRzYb.exe
  2⤵
  PID:4776
- C:\Windows\System\aRFaXod.exe
  C:\Windows\System\aRFaXod.exe
  2⤵
  PID:4600
- C:\Windows\System\MptlWxf.exe
  C:\Windows\System\MptlWxf.exe
  2⤵
  PID:4920
- C:\Windows\System\tubUOfG.exe
  C:\Windows\System\tubUOfG.exe
  2⤵
  PID:4672
- C:\Windows\System\jJpHidJ.exe
  C:\Windows\System\jJpHidJ.exe
  2⤵
  PID:4932
- C:\Windows\System\uCNQSQn.exe
  C:\Windows\System\uCNQSQn.exe
  2⤵
  PID:2544
- C:\Windows\System\VMMwswU.exe
  C:\Windows\System\VMMwswU.exe
  2⤵
  PID:4976
- C:\Windows\System\OCIBBlc.exe
  C:\Windows\System\OCIBBlc.exe
  2⤵
  PID:4840
- C:\Windows\System\nmqdDpp.exe
  C:\Windows\System\nmqdDpp.exe
  2⤵
  PID:4252
- C:\Windows\System\DYcxQEa.exe
  C:\Windows\System\DYcxQEa.exe
  2⤵
  PID:4416
- C:\Windows\System\phMfDhX.exe
  C:\Windows\System\phMfDhX.exe
  2⤵
  PID:4588
- C:\Windows\System\GoDovic.exe
  C:\Windows\System\GoDovic.exe
  2⤵
  PID:4728
- C:\Windows\System\govcEyv.exe
  C:\Windows\System\govcEyv.exe
  2⤵
  PID:4620
- C:\Windows\System\BOecKGu.exe
  C:\Windows\System\BOecKGu.exe
  2⤵
  PID:4224
- C:\Windows\System\ljEVxqv.exe
  C:\Windows\System\ljEVxqv.exe
  2⤵
  PID:4704
- C:\Windows\System\pYnaFeR.exe
  C:\Windows\System\pYnaFeR.exe
  2⤵
  PID:1664
- C:\Windows\System\CwcjQKZ.exe
  C:\Windows\System\CwcjQKZ.exe
  2⤵
  PID:5020
- C:\Windows\System\HacjONr.exe
  C:\Windows\System\HacjONr.exe
  2⤵
  PID:4112
- C:\Windows\System\mBURDUq.exe
  C:\Windows\System\mBURDUq.exe
  2⤵
  PID:4184
- C:\Windows\System\XomHRsP.exe
  C:\Windows\System\XomHRsP.exe
  2⤵
  PID:3288
- C:\Windows\System\QBWbTXJ.exe
  C:\Windows\System\QBWbTXJ.exe
  2⤵
  PID:4864
- C:\Windows\System\eaIIDdj.exe
  C:\Windows\System\eaIIDdj.exe
  2⤵
  PID:4896
- C:\Windows\System\eLdMHCD.exe
  C:\Windows\System\eLdMHCD.exe
  2⤵
  PID:5112
- C:\Windows\System\FaddoAL.exe
  C:\Windows\System\FaddoAL.exe
  2⤵
  PID:4984
- C:\Windows\System\BeEHHnc.exe
  C:\Windows\System\BeEHHnc.exe
  2⤵
  PID:4696
- C:\Windows\System\wZbMVyu.exe
  C:\Windows\System\wZbMVyu.exe
  2⤵
  PID:4900
- C:\Windows\System\UhoLqsR.exe
  C:\Windows\System\UhoLqsR.exe
  2⤵
  PID:5128
- C:\Windows\System\KzDwKId.exe
  C:\Windows\System\KzDwKId.exe
  2⤵
  PID:5148
- C:\Windows\System\YMBEHWN.exe
  C:\Windows\System\YMBEHWN.exe
  2⤵
  PID:5168
- C:\Windows\System\tmywqYw.exe
  C:\Windows\System\tmywqYw.exe
  2⤵
  PID:5184
- C:\Windows\System\OVXGnUd.exe
  C:\Windows\System\OVXGnUd.exe
  2⤵
  PID:5200
- C:\Windows\System\AfnaSLs.exe
  C:\Windows\System\AfnaSLs.exe
  2⤵
  PID:5216
- C:\Windows\System\CnqvsDw.exe
  C:\Windows\System\CnqvsDw.exe
  2⤵
  PID:5236
- C:\Windows\System\ZYfkobB.exe
  C:\Windows\System\ZYfkobB.exe
  2⤵
  PID:5256
- C:\Windows\System\fUgzkXl.exe
  C:\Windows\System\fUgzkXl.exe
  2⤵
  PID:5280
- C:\Windows\System\hSYoPlc.exe
  C:\Windows\System\hSYoPlc.exe
  2⤵
  PID:5296
- C:\Windows\System\marDmfj.exe
  C:\Windows\System\marDmfj.exe
  2⤵
  PID:5312
- C:\Windows\System\pVrHDie.exe
  C:\Windows\System\pVrHDie.exe
  2⤵
  PID:5336
- C:\Windows\System\RYuVYtN.exe
  C:\Windows\System\RYuVYtN.exe
  2⤵
  PID:5368
- C:\Windows\System\MxCTTeg.exe
  C:\Windows\System\MxCTTeg.exe
  2⤵
  PID:5388
- C:\Windows\System\rtNtJWS.exe
  C:\Windows\System\rtNtJWS.exe
  2⤵
  PID:5408
- C:\Windows\System\dGlcqDW.exe
  C:\Windows\System\dGlcqDW.exe
  2⤵
  PID:5432
- C:\Windows\System\EcUSLOH.exe
  C:\Windows\System\EcUSLOH.exe
  2⤵
  PID:5452
- C:\Windows\System\IzSdvjJ.exe
  C:\Windows\System\IzSdvjJ.exe
  2⤵
  PID:5472
- C:\Windows\System\GDjtlBQ.exe
  C:\Windows\System\GDjtlBQ.exe
  2⤵
  PID:5488
- C:\Windows\System\jUbpxCJ.exe
  C:\Windows\System\jUbpxCJ.exe
  2⤵
  PID:5512
- C:\Windows\System\wCNXGnI.exe
  C:\Windows\System\wCNXGnI.exe
  2⤵
  PID:5528
- C:\Windows\System\lmXwhZW.exe
  C:\Windows\System\lmXwhZW.exe
  2⤵
  PID:5544
- C:\Windows\System\IicTtmt.exe
  C:\Windows\System\IicTtmt.exe
  2⤵
  PID:5560
- C:\Windows\System\XnkCPlB.exe
  C:\Windows\System\XnkCPlB.exe
  2⤵
  PID:5580
- C:\Windows\System\EErTNDx.exe
  C:\Windows\System\EErTNDx.exe
  2⤵
  PID:5596
- C:\Windows\System\JZqTeFM.exe
  C:\Windows\System\JZqTeFM.exe
  2⤵
  PID:5612
- C:\Windows\System\aPMtUgE.exe
  C:\Windows\System\aPMtUgE.exe
  2⤵
  PID:5628
- C:\Windows\System\LYzOjQI.exe
  C:\Windows\System\LYzOjQI.exe
  2⤵
  PID:5644
- C:\Windows\System\IOaJTzi.exe
  C:\Windows\System\IOaJTzi.exe
  2⤵
  PID:5664
- C:\Windows\System\YuPopja.exe
  C:\Windows\System\YuPopja.exe
  2⤵
  PID:5680
- C:\Windows\System\AwzgCox.exe
  C:\Windows\System\AwzgCox.exe
  2⤵
  PID:5700
- C:\Windows\System\CbcKBPI.exe
  C:\Windows\System\CbcKBPI.exe
  2⤵
  PID:5716
- C:\Windows\System\uDEoDcy.exe
  C:\Windows\System\uDEoDcy.exe
  2⤵
  PID:5732
- C:\Windows\System\JrHZFFQ.exe
  C:\Windows\System\JrHZFFQ.exe
  2⤵
  PID:5752
- C:\Windows\System\itdDDwJ.exe
  C:\Windows\System\itdDDwJ.exe
  2⤵
  PID:5772
- C:\Windows\System\KaOnzMJ.exe
  C:\Windows\System\KaOnzMJ.exe
  2⤵
  PID:5796
- C:\Windows\System\UoLQZIy.exe
  C:\Windows\System\UoLQZIy.exe
  2⤵
  PID:5812
- C:\Windows\System\uNyJRvZ.exe
  C:\Windows\System\uNyJRvZ.exe
  2⤵
  PID:5836
- C:\Windows\System\EOXLHBh.exe
  C:\Windows\System\EOXLHBh.exe
  2⤵
  PID:5852
- C:\Windows\System\gnjDKRP.exe
  C:\Windows\System\gnjDKRP.exe
  2⤵
  PID:5876
- C:\Windows\System\PwnBxgA.exe
  C:\Windows\System\PwnBxgA.exe
  2⤵
  PID:5904
- C:\Windows\System\vHsOird.exe
  C:\Windows\System\vHsOird.exe
  2⤵
  PID:5928
- C:\Windows\System\IWDbBbg.exe
  C:\Windows\System\IWDbBbg.exe
  2⤵
  PID:5948
- C:\Windows\System\ycGOvnG.exe
  C:\Windows\System\ycGOvnG.exe
  2⤵
  PID:5968
- C:\Windows\System\QuwTLNe.exe
  C:\Windows\System\QuwTLNe.exe
  2⤵
  PID:5984
- C:\Windows\System\obctoxQ.exe
  C:\Windows\System\obctoxQ.exe
  2⤵
  PID:6000
- C:\Windows\System\XTsgLcc.exe
  C:\Windows\System\XTsgLcc.exe
  2⤵
  PID:6016
- C:\Windows\System\CTmffEY.exe
  C:\Windows\System\CTmffEY.exe
  2⤵
  PID:6032
- C:\Windows\System\iEZdTRQ.exe
  C:\Windows\System\iEZdTRQ.exe
  2⤵
  PID:6048
- C:\Windows\System\FaoPiMH.exe
  C:\Windows\System\FaoPiMH.exe
  2⤵
  PID:6064
- C:\Windows\System\yyrPyCh.exe
  C:\Windows\System\yyrPyCh.exe
  2⤵
  PID:6080
- C:\Windows\System\bRAxiIj.exe
  C:\Windows\System\bRAxiIj.exe
  2⤵
  PID:6096
- C:\Windows\System\VyMhISU.exe
  C:\Windows\System\VyMhISU.exe
  2⤵
  PID:6116
- C:\Windows\System\FRDctvU.exe
  C:\Windows\System\FRDctvU.exe
  2⤵
  PID:6136
- C:\Windows\System\DPGbDsM.exe
  C:\Windows\System\DPGbDsM.exe
  2⤵
  PID:4128
- C:\Windows\System\RqXCCAi.exe
  C:\Windows\System\RqXCCAi.exe
  2⤵
  PID:5136
- C:\Windows\System\ovRgZtw.exe
  C:\Windows\System\ovRgZtw.exe
  2⤵
  PID:4700
- C:\Windows\System\vqCTzgW.exe
  C:\Windows\System\vqCTzgW.exe
  2⤵
  PID:5252
- C:\Windows\System\AeYoRwM.exe
  C:\Windows\System\AeYoRwM.exe
  2⤵
  PID:5292
- C:\Windows\System\UzUCVnm.exe
  C:\Windows\System\UzUCVnm.exe
  2⤵
  PID:5276
- C:\Windows\System\OhouAak.exe
  C:\Windows\System\OhouAak.exe
  2⤵
  PID:5324
- C:\Windows\System\aouWfbw.exe
  C:\Windows\System\aouWfbw.exe
  2⤵
  PID:5344
- C:\Windows\System\tnIyPgN.exe
  C:\Windows\System\tnIyPgN.exe
  2⤵
  PID:5360
- C:\Windows\System\VqEcGKM.exe
  C:\Windows\System\VqEcGKM.exe
  2⤵
  PID:5424
- C:\Windows\System\ffXwgJG.exe
  C:\Windows\System\ffXwgJG.exe
  2⤵
  PID:5440
- C:\Windows\System\YTAaZQZ.exe
  C:\Windows\System\YTAaZQZ.exe
  2⤵
  PID:5496
- C:\Windows\System\NDaNtiz.exe
  C:\Windows\System\NDaNtiz.exe
  2⤵
  PID:5508
- C:\Windows\System\HLuHzTM.exe
  C:\Windows\System\HLuHzTM.exe
  2⤵
  PID:5568
- C:\Windows\System\WEoNiWF.exe
  C:\Windows\System\WEoNiWF.exe
  2⤵
  PID:5608
- C:\Windows\System\ZCUffFi.exe
  C:\Windows\System\ZCUffFi.exe
  2⤵
  PID:5588
- C:\Windows\System\AyTNcQR.exe
  C:\Windows\System\AyTNcQR.exe
  2⤵
  PID:5660
- C:\Windows\System\rxZZtdP.exe
  C:\Windows\System\rxZZtdP.exe
  2⤵
  PID:5708
- C:\Windows\System\epPFzdx.exe
  C:\Windows\System\epPFzdx.exe
  2⤵
  PID:5744
- C:\Windows\System\CkOsjTR.exe
  C:\Windows\System\CkOsjTR.exe
  2⤵
  PID:5808
- C:\Windows\System\HNbbuoh.exe
  C:\Windows\System\HNbbuoh.exe
  2⤵
  PID:5784
- C:\Windows\System\zTgqCXr.exe
  C:\Windows\System\zTgqCXr.exe
  2⤵
  PID:5820
- C:\Windows\System\FFFuxiz.exe
  C:\Windows\System\FFFuxiz.exe
  2⤵
  PID:5844
- C:\Windows\System\SteQASh.exe
  C:\Windows\System\SteQASh.exe
  2⤵
  PID:5892
- C:\Windows\System\ZzQepYj.exe
  C:\Windows\System\ZzQepYj.exe
  2⤵
  PID:5924
- C:\Windows\System\nmoZYBC.exe
  C:\Windows\System\nmoZYBC.exe
  2⤵
  PID:5964
- C:\Windows\System\XzFNNbt.exe
  C:\Windows\System\XzFNNbt.exe
  2⤵
  PID:5980
- C:\Windows\System\EQFgwqY.exe
  C:\Windows\System\EQFgwqY.exe
  2⤵
  PID:5996
- C:\Windows\System\xNfNOWC.exe
  C:\Windows\System\xNfNOWC.exe
  2⤵
  PID:6040
- C:\Windows\System\YVIUZjh.exe
  C:\Windows\System\YVIUZjh.exe
  2⤵
  PID:6128
- C:\Windows\System\fjicrtH.exe
  C:\Windows\System\fjicrtH.exe
  2⤵
  PID:6132
- C:\Windows\System\wBwpltI.exe
  C:\Windows\System\wBwpltI.exe
  2⤵
  PID:5212
- C:\Windows\System\BfljxRI.exe
  C:\Windows\System\BfljxRI.exe
  2⤵
  PID:304
- C:\Windows\System\JSWxzfM.exe
  C:\Windows\System\JSWxzfM.exe
  2⤵
  PID:5164
- C:\Windows\System\JVqdscq.exe
  C:\Windows\System\JVqdscq.exe
  2⤵
  PID:5160
- C:\Windows\System\dNfpETZ.exe
  C:\Windows\System\dNfpETZ.exe
  2⤵
  PID:5320
- C:\Windows\System\BKkhfLO.exe
  C:\Windows\System\BKkhfLO.exe
  2⤵
  PID:5356
- C:\Windows\System\OBuosKj.exe
  C:\Windows\System\OBuosKj.exe
  2⤵
  PID:5404
- C:\Windows\System\MnIrdXL.exe
  C:\Windows\System\MnIrdXL.exe
  2⤵
  PID:5468
- C:\Windows\System\WcQyuPw.exe
  C:\Windows\System\WcQyuPw.exe
  2⤵
  PID:5524
- C:\Windows\System\OacMeII.exe
  C:\Windows\System\OacMeII.exe
  2⤵
  PID:5592
- C:\Windows\System\JtagyBb.exe
  C:\Windows\System\JtagyBb.exe
  2⤵
  PID:5692
- C:\Windows\System\GNIirPk.exe
  C:\Windows\System\GNIirPk.exe
  2⤵
  PID:5920
- C:\Windows\System\gnbrypo.exe
  C:\Windows\System\gnbrypo.exe
  2⤵
  PID:5728
- C:\Windows\System\BgZYkdM.exe
  C:\Windows\System\BgZYkdM.exe
  2⤵
  PID:5848
- C:\Windows\System\cckFYxQ.exe
  C:\Windows\System\cckFYxQ.exe
  2⤵
  PID:5944
- C:\Windows\System\znFZfwY.exe
  C:\Windows\System\znFZfwY.exe
  2⤵
  PID:5868
- C:\Windows\System\WChUDci.exe
  C:\Windows\System\WChUDci.exe
  2⤵
  PID:5916
- C:\Windows\System\GMSwlvy.exe
  C:\Windows\System\GMSwlvy.exe
  2⤵
  PID:6124
- C:\Windows\System\HSXjNzx.exe
  C:\Windows\System\HSXjNzx.exe
  2⤵
  PID:6108
- C:\Windows\System\kfsCdJj.exe
  C:\Windows\System\kfsCdJj.exe
  2⤵
  PID:5244
- C:\Windows\System\faOzRqM.exe
  C:\Windows\System\faOzRqM.exe
  2⤵
  PID:5176
- C:\Windows\System\bzJVRHF.exe
  C:\Windows\System\bzJVRHF.exe
  2⤵
  PID:5352
- C:\Windows\System\OyWtohE.exe
  C:\Windows\System\OyWtohE.exe
  2⤵
  PID:5400
- C:\Windows\System\gKaIdjs.exe
  C:\Windows\System\gKaIdjs.exe
  2⤵
  PID:5552
- C:\Windows\System\vgMOoCy.exe
  C:\Windows\System\vgMOoCy.exe
  2⤵
  PID:5556
- C:\Windows\System\nuteewD.exe
  C:\Windows\System\nuteewD.exe
  2⤵
  PID:5788
- C:\Windows\System\CYudxcl.exe
  C:\Windows\System\CYudxcl.exe
  2⤵
  PID:5912
- C:\Windows\System\aTNIjkv.exe
  C:\Windows\System\aTNIjkv.exe
  2⤵
  PID:5960
- C:\Windows\System\xrquYXZ.exe
  C:\Windows\System\xrquYXZ.exe
  2⤵
  PID:6060
- C:\Windows\System\roOotwr.exe
  C:\Windows\System\roOotwr.exe
  2⤵
  PID:5288
- C:\Windows\System\rvWjqjv.exe
  C:\Windows\System\rvWjqjv.exe
  2⤵
  PID:5572
- C:\Windows\System\KQuEpat.exe
  C:\Windows\System\KQuEpat.exe
  2⤵
  PID:5464
- C:\Windows\System\TKKfKGl.exe
  C:\Windows\System\TKKfKGl.exe
  2⤵
  PID:5768
- C:\Windows\System\EHyXBDa.exe
  C:\Windows\System\EHyXBDa.exe
  2⤵
  PID:5604
- C:\Windows\System\PoExgCt.exe
  C:\Windows\System\PoExgCt.exe
  2⤵
  PID:6076
- C:\Windows\System\YymdgwH.exe
  C:\Windows\System\YymdgwH.exe
  2⤵
  PID:4260
- C:\Windows\System\teQiRMV.exe
  C:\Windows\System\teQiRMV.exe
  2⤵
  PID:5272
- C:\Windows\System\mLOGwCu.exe
  C:\Windows\System\mLOGwCu.exe
  2⤵
  PID:948
- C:\Windows\System\FEDsUSf.exe
  C:\Windows\System\FEDsUSf.exe
  2⤵
  PID:5268
- C:\Windows\System\LxJwImo.exe
  C:\Windows\System\LxJwImo.exe
  2⤵
  PID:5540
- C:\Windows\System\yOfIHoL.exe
  C:\Windows\System\yOfIHoL.exe
  2⤵
  PID:5688
- C:\Windows\System\xpCUWmi.exe
  C:\Windows\System\xpCUWmi.exe
  2⤵
  PID:5864
- C:\Windows\System\XcLEWrJ.exe
  C:\Windows\System\XcLEWrJ.exe
  2⤵
  PID:1972
- C:\Windows\System\FxmSrVg.exe
  C:\Windows\System\FxmSrVg.exe
  2⤵
  PID:2232
- C:\Windows\System\oyWYvDF.exe
  C:\Windows\System\oyWYvDF.exe
  2⤵
  PID:5748
- C:\Windows\System\SOfzBUE.exe
  C:\Windows\System\SOfzBUE.exe
  2⤵
  PID:5348
- C:\Windows\System\BTiMcTB.exe
  C:\Windows\System\BTiMcTB.exe
  2⤵
  PID:2268
- C:\Windows\System\nZHggIk.exe
  C:\Windows\System\nZHggIk.exe
  2⤵
  PID:5196
- C:\Windows\System\IZdoBtd.exe
  C:\Windows\System\IZdoBtd.exe
  2⤵
  PID:6172
- C:\Windows\System\erdxgRa.exe
  C:\Windows\System\erdxgRa.exe
  2⤵
  PID:6256
- C:\Windows\System\zTIQRGd.exe
  C:\Windows\System\zTIQRGd.exe
  2⤵
  PID:6284
- C:\Windows\System\GeukzBz.exe
  C:\Windows\System\GeukzBz.exe
  2⤵
  PID:6300
- C:\Windows\System\QAdDJxO.exe
  C:\Windows\System\QAdDJxO.exe
  2⤵
  PID:6316
- C:\Windows\System\RgvzWzw.exe
  C:\Windows\System\RgvzWzw.exe
  2⤵
  PID:6340
- C:\Windows\System\kFcxRuB.exe
  C:\Windows\System\kFcxRuB.exe
  2⤵
  PID:6356
- C:\Windows\System\xAGfEzI.exe
  C:\Windows\System\xAGfEzI.exe
  2⤵
  PID:6372
- C:\Windows\System\ryWBmJr.exe
  C:\Windows\System\ryWBmJr.exe
  2⤵
  PID:6404
- C:\Windows\System\sACerhv.exe
  C:\Windows\System\sACerhv.exe
  2⤵
  PID:6420
- C:\Windows\System\pYIYpQZ.exe
  C:\Windows\System\pYIYpQZ.exe
  2⤵
  PID:6436
- C:\Windows\System\UDBgcLZ.exe
  C:\Windows\System\UDBgcLZ.exe
  2⤵
  PID:6456
- C:\Windows\System\EfOCjcm.exe
  C:\Windows\System\EfOCjcm.exe
  2⤵
  PID:6472
- C:\Windows\System\XvOXLNF.exe
  C:\Windows\System\XvOXLNF.exe
  2⤵
  PID:6504
- C:\Windows\System\chYJyCT.exe
  C:\Windows\System\chYJyCT.exe
  2⤵
  PID:6520
- C:\Windows\System\OtUwwfS.exe
  C:\Windows\System\OtUwwfS.exe
  2⤵
  PID:6536
- C:\Windows\System\yktfqbw.exe
  C:\Windows\System\yktfqbw.exe
  2⤵
  PID:6564
- C:\Windows\System\qvQfwny.exe
  C:\Windows\System\qvQfwny.exe
  2⤵
  PID:6584
- C:\Windows\System\HXxfeSW.exe
  C:\Windows\System\HXxfeSW.exe
  2⤵
  PID:6604
- C:\Windows\System\JiNRTmw.exe
  C:\Windows\System\JiNRTmw.exe
  2⤵
  PID:6624
- C:\Windows\System\kuiBBly.exe
  C:\Windows\System\kuiBBly.exe
  2⤵
  PID:6644
- C:\Windows\System\mFwuuZG.exe
  C:\Windows\System\mFwuuZG.exe
  2⤵
  PID:6668
- C:\Windows\System\dKtnFmx.exe
  C:\Windows\System\dKtnFmx.exe
  2⤵
  PID:6688
- C:\Windows\System\OjXZvAz.exe
  C:\Windows\System\OjXZvAz.exe
  2⤵
  PID:6704
- C:\Windows\System\TCExYRQ.exe
  C:\Windows\System\TCExYRQ.exe
  2⤵
  PID:6724
- C:\Windows\System\JtCMNTG.exe
  C:\Windows\System\JtCMNTG.exe
  2⤵
  PID:6740
- C:\Windows\System\qkuRJTG.exe
  C:\Windows\System\qkuRJTG.exe
  2⤵
  PID:6760
- C:\Windows\System\tLWRkMn.exe
  C:\Windows\System\tLWRkMn.exe
  2⤵
  PID:6776
- C:\Windows\System\URQwNEH.exe
  C:\Windows\System\URQwNEH.exe
  2⤵
  PID:6808
- C:\Windows\System\TneLGPV.exe
  C:\Windows\System\TneLGPV.exe
  2⤵
  PID:6824
- C:\Windows\System\ZTqoJEs.exe
  C:\Windows\System\ZTqoJEs.exe
  2⤵
  PID:6840
- C:\Windows\System\WBBxIBh.exe
  C:\Windows\System\WBBxIBh.exe
  2⤵
  PID:6856
- C:\Windows\System\wvcotng.exe
  C:\Windows\System\wvcotng.exe
  2⤵
  PID:6880
- C:\Windows\System\YskoVAX.exe
  C:\Windows\System\YskoVAX.exe
  2⤵
  PID:6900
- C:\Windows\System\bcdiysG.exe
  C:\Windows\System\bcdiysG.exe
  2⤵
  PID:6924
- C:\Windows\System\AOMfNcc.exe
  C:\Windows\System\AOMfNcc.exe
  2⤵
  PID:6940
- C:\Windows\System\COaXDeq.exe
  C:\Windows\System\COaXDeq.exe
  2⤵
  PID:6960
- C:\Windows\System\FYXYhdD.exe
  C:\Windows\System\FYXYhdD.exe
  2⤵
  PID:6980
- C:\Windows\System\oQaulVq.exe
  C:\Windows\System\oQaulVq.exe
  2⤵
  PID:7000
- C:\Windows\System\oMycCoR.exe
  C:\Windows\System\oMycCoR.exe
  2⤵
  PID:7020
- C:\Windows\System\ipkQYGp.exe
  C:\Windows\System\ipkQYGp.exe
  2⤵
  PID:7044
- C:\Windows\System\oLHoDQN.exe
  C:\Windows\System\oLHoDQN.exe
  2⤵
  PID:7064
- C:\Windows\System\jzbKtxS.exe
  C:\Windows\System\jzbKtxS.exe
  2⤵
  PID:7080
- C:\Windows\System\NeFQcID.exe
  C:\Windows\System\NeFQcID.exe
  2⤵
  PID:7108
- C:\Windows\System\SZRIZaf.exe
  C:\Windows\System\SZRIZaf.exe
  2⤵
  PID:7124
- C:\Windows\System\mKqSRBA.exe
  C:\Windows\System\mKqSRBA.exe
  2⤵
  PID:7144
- C:\Windows\System\aekCPdL.exe
  C:\Windows\System\aekCPdL.exe
  2⤵
  PID:5504
- C:\Windows\System\DTZJNzK.exe
  C:\Windows\System\DTZJNzK.exe
  2⤵
  PID:2520
- C:\Windows\System\kndAnYw.exe
  C:\Windows\System\kndAnYw.exe
  2⤵
  PID:6168
- C:\Windows\System\pWnyJRU.exe
  C:\Windows\System\pWnyJRU.exe
  2⤵
  PID:6192
- C:\Windows\System\WsKDIRb.exe
  C:\Windows\System\WsKDIRb.exe
  2⤵
  PID:6216
- C:\Windows\System\XdiLPxN.exe
  C:\Windows\System\XdiLPxN.exe
  2⤵
  PID:6248
- C:\Windows\System\bEcwJwD.exe
  C:\Windows\System\bEcwJwD.exe
  2⤵
  PID:6232
- C:\Windows\System\KsDKIrA.exe
  C:\Windows\System\KsDKIrA.exe
  2⤵
  PID:6292
- C:\Windows\System\ZJOcEvZ.exe
  C:\Windows\System\ZJOcEvZ.exe
  2⤵
  PID:6332
- C:\Windows\System\VADtybQ.exe
  C:\Windows\System\VADtybQ.exe
  2⤵
  PID:6384
- C:\Windows\System\wkzYfPf.exe
  C:\Windows\System\wkzYfPf.exe
  2⤵
  PID:6388
- C:\Windows\System\uudtkAe.exe
  C:\Windows\System\uudtkAe.exe
  2⤵
  PID:6428
- C:\Windows\System\WlgmVHi.exe
  C:\Windows\System\WlgmVHi.exe
  2⤵
  PID:6448
- C:\Windows\System\qvNiyjA.exe
  C:\Windows\System\qvNiyjA.exe
  2⤵
  PID:6496
- C:\Windows\System\ADWRvvY.exe
  C:\Windows\System\ADWRvvY.exe
  2⤵
  PID:6548
- C:\Windows\System\MyDiAgB.exe
  C:\Windows\System\MyDiAgB.exe
  2⤵
  PID:6532
- C:\Windows\System\AIqhOxM.exe
  C:\Windows\System\AIqhOxM.exe
  2⤵
  PID:6596
- C:\Windows\System\cUEWcCy.exe
  C:\Windows\System\cUEWcCy.exe
  2⤵
  PID:6640
- C:\Windows\System\WoeDHHW.exe
  C:\Windows\System\WoeDHHW.exe
  2⤵
  PID:6616
- C:\Windows\System\ZyVhWTv.exe
  C:\Windows\System\ZyVhWTv.exe
  2⤵
  PID:6664
- C:\Windows\System\HUozHsG.exe
  C:\Windows\System\HUozHsG.exe
  2⤵
  PID:6684
- C:\Windows\System\qncUTLz.exe
  C:\Windows\System\qncUTLz.exe
  2⤵
  PID:6720
- C:\Windows\System\yaGxuPi.exe
  C:\Windows\System\yaGxuPi.exe
  2⤵
  PID:6736
- C:\Windows\System\DwKNvZC.exe
  C:\Windows\System\DwKNvZC.exe
  2⤵
  PID:6700
- C:\Windows\System\TvMSFzQ.exe
  C:\Windows\System\TvMSFzQ.exe
  2⤵
  PID:6804
- C:\Windows\System\iNVPOll.exe
  C:\Windows\System\iNVPOll.exe
  2⤵
  PID:6816
- C:\Windows\System\Hfhgtqv.exe
  C:\Windows\System\Hfhgtqv.exe
  2⤵
  PID:6912
- C:\Windows\System\Hadlznf.exe
  C:\Windows\System\Hadlznf.exe
  2⤵
  PID:6956
- C:\Windows\System\gJyuwmI.exe
  C:\Windows\System\gJyuwmI.exe
  2⤵
  PID:6988
- C:\Windows\System\wmQVnga.exe
  C:\Windows\System\wmQVnga.exe
  2⤵
  PID:6996
- C:\Windows\System\ZgsIJvE.exe
  C:\Windows\System\ZgsIJvE.exe
  2⤵
  PID:7032
- C:\Windows\System\vxFFZLL.exe
  C:\Windows\System\vxFFZLL.exe
  2⤵
  PID:7072
- C:\Windows\System\iSTbfPn.exe
  C:\Windows\System\iSTbfPn.exe
  2⤵
  PID:7096
- C:\Windows\System\GmQIjpZ.exe
  C:\Windows\System\GmQIjpZ.exe
  2⤵
  PID:7136
- C:\Windows\System\uzZOzAx.exe
  C:\Windows\System\uzZOzAx.exe
  2⤵
  PID:6148
- C:\Windows\System\gFouimE.exe
  C:\Windows\System\gFouimE.exe
  2⤵
  PID:6152
- C:\Windows\System\SniZcBU.exe
  C:\Windows\System\SniZcBU.exe
  2⤵
  PID:6164
- C:\Windows\System\PDDROjA.exe
  C:\Windows\System\PDDROjA.exe
  2⤵
  PID:6228
- C:\Windows\System\VZmRlTa.exe
  C:\Windows\System\VZmRlTa.exe
  2⤵
  PID:6276
- C:\Windows\System\epvfeBc.exe
  C:\Windows\System\epvfeBc.exe
  2⤵
  PID:6396
- C:\Windows\System\OHsXDJE.exe
  C:\Windows\System\OHsXDJE.exe
  2⤵
  PID:6364
- C:\Windows\System\IcguGsD.exe
  C:\Windows\System\IcguGsD.exe
  2⤵
  PID:6468
- C:\Windows\System\iUkNPCl.exe
  C:\Windows\System\iUkNPCl.exe
  2⤵
  PID:6516
- C:\Windows\System\AbXDGfI.exe
  C:\Windows\System\AbXDGfI.exe
  2⤵
  PID:6560
- C:\Windows\System\rKDxzKh.exe
  C:\Windows\System\rKDxzKh.exe
  2⤵
  PID:6572
- C:\Windows\System\zpRxJfH.exe
  C:\Windows\System\zpRxJfH.exe
  2⤵
  PID:1676
- C:\Windows\System\kAKBOMm.exe
  C:\Windows\System\kAKBOMm.exe
  2⤵
  PID:6772
- C:\Windows\System\jqeTQso.exe
  C:\Windows\System\jqeTQso.exe
  2⤵
  PID:6656
- C:\Windows\System\EWjQEOe.exe
  C:\Windows\System\EWjQEOe.exe
  2⤵
  PID:6864
- C:\Windows\System\mVndsBV.exe
  C:\Windows\System\mVndsBV.exe
  2⤵
  PID:6920
- C:\Windows\System\pFylros.exe
  C:\Windows\System\pFylros.exe
  2⤵
  PID:6888
- C:\Windows\System\XyuQhKo.exe
  C:\Windows\System\XyuQhKo.exe
  2⤵
  PID:6992
- C:\Windows\System\fAxMZCr.exe
  C:\Windows\System\fAxMZCr.exe
  2⤵
  PID:7008
- C:\Windows\System\fRgWytL.exe
  C:\Windows\System\fRgWytL.exe
  2⤵
  PID:7092
- C:\Windows\System\bZMjrHE.exe
  C:\Windows\System\bZMjrHE.exe
  2⤵
  PID:7104
- C:\Windows\System\WmkUGyI.exe
  C:\Windows\System\WmkUGyI.exe
  2⤵
  PID:7164
- C:\Windows\System\daqDHfX.exe
  C:\Windows\System\daqDHfX.exe
  2⤵
  PID:6208
- C:\Windows\System\SMvHdKJ.exe
  C:\Windows\System\SMvHdKJ.exe
  2⤵
  PID:6204
- C:\Windows\System\rufTZYB.exe
  C:\Windows\System\rufTZYB.exe
  2⤵
  PID:6368
- C:\Windows\System\dzLAHAr.exe
  C:\Windows\System\dzLAHAr.exe
  2⤵
  PID:6592
- C:\Windows\System\AEGmXtb.exe
  C:\Windows\System\AEGmXtb.exe
  2⤵
  PID:6636
- C:\Windows\System\GKMaGPJ.exe
  C:\Windows\System\GKMaGPJ.exe
  2⤵
  PID:6788
- C:\Windows\System\bFKZMZp.exe
  C:\Windows\System\bFKZMZp.exe
  2⤵
  PID:6752
- C:\Windows\System\vEYBZju.exe
  C:\Windows\System\vEYBZju.exe
  2⤵
  PID:6876
- C:\Windows\System\spZqhVe.exe
  C:\Windows\System\spZqhVe.exe
  2⤵
  PID:6976
- C:\Windows\System\lRyGHDy.exe
  C:\Windows\System\lRyGHDy.exe
  2⤵
  PID:7156
- C:\Windows\System\AZnWcfQ.exe
  C:\Windows\System\AZnWcfQ.exe
  2⤵
  PID:7160
- C:\Windows\System\Evehkkt.exe
  C:\Windows\System\Evehkkt.exe
  2⤵
  PID:6244
- C:\Windows\System\hiKwHMh.exe
  C:\Windows\System\hiKwHMh.exe
  2⤵
  PID:6224
- C:\Windows\System\wYeLDtr.exe
  C:\Windows\System\wYeLDtr.exe
  2⤵
  PID:6412
- C:\Windows\System\iZldIEV.exe
  C:\Windows\System\iZldIEV.exe
  2⤵
  PID:6652
- C:\Windows\System\KywuoGd.exe
  C:\Windows\System\KywuoGd.exe
  2⤵
  PID:2272
- C:\Windows\System\LTposLZ.exe
  C:\Windows\System\LTposLZ.exe
  2⤵
  PID:6872
- C:\Windows\System\TYranHo.exe
  C:\Windows\System\TYranHo.exe
  2⤵
  PID:6936
- C:\Windows\System\BuXAoVt.exe
  C:\Windows\System\BuXAoVt.exe
  2⤵
  PID:6184
- C:\Windows\System\AhKlRaK.exe
  C:\Windows\System\AhKlRaK.exe
  2⤵
  PID:6380
- C:\Windows\System\lwmIOwT.exe
  C:\Windows\System\lwmIOwT.exe
  2⤵
  PID:6576
- C:\Windows\System\xSrymfx.exe
  C:\Windows\System\xSrymfx.exe
  2⤵
  PID:6832
- C:\Windows\System\sassizO.exe
  C:\Windows\System\sassizO.exe
  2⤵
  PID:7120
- C:\Windows\System\edyidCV.exe
  C:\Windows\System\edyidCV.exe
  2⤵
  PID:6464
- C:\Windows\System\DVJAdih.exe
  C:\Windows\System\DVJAdih.exe
  2⤵
  PID:7060
- C:\Windows\System\bdWODVl.exe
  C:\Windows\System\bdWODVl.exe
  2⤵
  PID:6732
- C:\Windows\System\OkmXWfI.exe
  C:\Windows\System\OkmXWfI.exe
  2⤵
  PID:7176
- C:\Windows\System\MXTgiFo.exe
  C:\Windows\System\MXTgiFo.exe
  2⤵
  PID:7192
- C:\Windows\System\TDuZAqv.exe
  C:\Windows\System\TDuZAqv.exe
  2⤵
  PID:7208
- C:\Windows\System\IwOqAPA.exe
  C:\Windows\System\IwOqAPA.exe
  2⤵
  PID:7232
- C:\Windows\System\FyYylFy.exe
  C:\Windows\System\FyYylFy.exe
  2⤵
  PID:7256
- C:\Windows\System\LrJTokV.exe
  C:\Windows\System\LrJTokV.exe
  2⤵
  PID:7272
- C:\Windows\System\lxkwFOu.exe
  C:\Windows\System\lxkwFOu.exe
  2⤵
  PID:7288
- C:\Windows\System\bEliXLS.exe
  C:\Windows\System\bEliXLS.exe
  2⤵
  PID:7304
- C:\Windows\System\uRcIIxw.exe
  C:\Windows\System\uRcIIxw.exe
  2⤵
  PID:7336
- C:\Windows\System\yeZjytv.exe
  C:\Windows\System\yeZjytv.exe
  2⤵
  PID:7352
- C:\Windows\System\jruMuti.exe
  C:\Windows\System\jruMuti.exe
  2⤵
  PID:7372
- C:\Windows\System\jpIvbck.exe
  C:\Windows\System\jpIvbck.exe
  2⤵
  PID:7392
- C:\Windows\System\PsAdRKC.exe
  C:\Windows\System\PsAdRKC.exe
  2⤵
  PID:7416
- C:\Windows\System\mjQdoCK.exe
  C:\Windows\System\mjQdoCK.exe
  2⤵
  PID:7432
- C:\Windows\System\ssSmNGs.exe
  C:\Windows\System\ssSmNGs.exe
  2⤵
  PID:7448
- C:\Windows\System\ukOCBQH.exe
  C:\Windows\System\ukOCBQH.exe
  2⤵
  PID:7472
- C:\Windows\System\NfFmRmY.exe
  C:\Windows\System\NfFmRmY.exe
  2⤵
  PID:7492
- C:\Windows\System\DYiTOUt.exe
  C:\Windows\System\DYiTOUt.exe
  2⤵
  PID:7512
- C:\Windows\System\yMVmlAK.exe
  C:\Windows\System\yMVmlAK.exe
  2⤵
  PID:7528
- C:\Windows\System\YYNPjVO.exe
  C:\Windows\System\YYNPjVO.exe
  2⤵
  PID:7552
- C:\Windows\System\GHMsblW.exe
  C:\Windows\System\GHMsblW.exe
  2⤵
  PID:7572
- C:\Windows\System\dUaGufX.exe
  C:\Windows\System\dUaGufX.exe
  2⤵
  PID:7588
- C:\Windows\System\WAXUaNE.exe
  C:\Windows\System\WAXUaNE.exe
  2⤵
  PID:7612
- C:\Windows\System\KMnJMlO.exe
  C:\Windows\System\KMnJMlO.exe
  2⤵
  PID:7632
- C:\Windows\System\QCIemEg.exe
  C:\Windows\System\QCIemEg.exe
  2⤵
  PID:7652
- C:\Windows\System\UDBVSzC.exe
  C:\Windows\System\UDBVSzC.exe
  2⤵
  PID:7672
- C:\Windows\System\gyngMBv.exe
  C:\Windows\System\gyngMBv.exe
  2⤵
  PID:7692
- C:\Windows\System\TIPiPkF.exe
  C:\Windows\System\TIPiPkF.exe
  2⤵
  PID:7712
- C:\Windows\System\JjLEmQR.exe
  C:\Windows\System\JjLEmQR.exe
  2⤵
  PID:7736
- C:\Windows\System\BBNwTXY.exe
  C:\Windows\System\BBNwTXY.exe
  2⤵
  PID:7752
- C:\Windows\System\aNolrOW.exe
  C:\Windows\System\aNolrOW.exe
  2⤵
  PID:7772
- C:\Windows\System\WnCTCFl.exe
  C:\Windows\System\WnCTCFl.exe
  2⤵
  PID:7796
- C:\Windows\System\JmwsKXJ.exe
  C:\Windows\System\JmwsKXJ.exe
  2⤵
  PID:7816
- C:\Windows\System\zCnymkk.exe
  C:\Windows\System\zCnymkk.exe
  2⤵
  PID:7832
- C:\Windows\System\UtGSDYc.exe
  C:\Windows\System\UtGSDYc.exe
  2⤵
  PID:7848
- C:\Windows\System\ZokCnYb.exe
  C:\Windows\System\ZokCnYb.exe
  2⤵
  PID:7872
- C:\Windows\System\gqLVBzy.exe
  C:\Windows\System\gqLVBzy.exe
  2⤵
  PID:7904
- C:\Windows\System\hPpqkMh.exe
  C:\Windows\System\hPpqkMh.exe
  2⤵
  PID:7920
- C:\Windows\System\IZpiaHJ.exe
  C:\Windows\System\IZpiaHJ.exe
  2⤵
  PID:7940
- C:\Windows\System\TOWmfUK.exe
  C:\Windows\System\TOWmfUK.exe
  2⤵
  PID:7960
- C:\Windows\System\PnmUeAn.exe
  C:\Windows\System\PnmUeAn.exe
  2⤵
  PID:7984
- C:\Windows\System\DcUcVYM.exe
  C:\Windows\System\DcUcVYM.exe
  2⤵
  PID:8004
- C:\Windows\System\KwuRYWz.exe
  C:\Windows\System\KwuRYWz.exe
  2⤵
  PID:8020
- C:\Windows\System\iNHQsjA.exe
  C:\Windows\System\iNHQsjA.exe
  2⤵
  PID:8040
- C:\Windows\System\xQJKqoz.exe
  C:\Windows\System\xQJKqoz.exe
  2⤵
  PID:8060
- C:\Windows\System\gKrFmcq.exe
  C:\Windows\System\gKrFmcq.exe
  2⤵
  PID:8080
- C:\Windows\System\NliMnjS.exe
  C:\Windows\System\NliMnjS.exe
  2⤵
  PID:8108
- C:\Windows\System\gUMLYPj.exe
  C:\Windows\System\gUMLYPj.exe
  2⤵
  PID:8124
- C:\Windows\System\yexADRm.exe
  C:\Windows\System\yexADRm.exe
  2⤵
  PID:8148
- C:\Windows\System\OGPKVff.exe
  C:\Windows\System\OGPKVff.exe
  2⤵
  PID:8168
- C:\Windows\System\tXjBVfH.exe
  C:\Windows\System\tXjBVfH.exe
  2⤵
  PID:8188
- C:\Windows\System\gwSHMnY.exe
  C:\Windows\System\gwSHMnY.exe
  2⤵
  PID:6620
- C:\Windows\System\FPHRtwn.exe
  C:\Windows\System\FPHRtwn.exe
  2⤵
  PID:7184
- C:\Windows\System\oDhwZrf.exe
  C:\Windows\System\oDhwZrf.exe
  2⤵
  PID:7248
- C:\Windows\System\oMbORli.exe
  C:\Windows\System\oMbORli.exe
  2⤵
  PID:7264
- C:\Windows\System\uvABbMv.exe
  C:\Windows\System\uvABbMv.exe
  2⤵
  PID:7284
- C:\Windows\System\AEvKiQR.exe
  C:\Windows\System\AEvKiQR.exe
  2⤵
  PID:7324
- C:\Windows\System\uahRAoB.exe
  C:\Windows\System\uahRAoB.exe
  2⤵
  PID:7368
- C:\Windows\System\FwyliVn.exe
  C:\Windows\System\FwyliVn.exe
  2⤵
  PID:7400
- C:\Windows\System\SQBIytU.exe
  C:\Windows\System\SQBIytU.exe
  2⤵
  PID:7440
- C:\Windows\System\tXzfTHN.exe
  C:\Windows\System\tXzfTHN.exe
  2⤵
  PID:7456
- C:\Windows\System\egGsqWm.exe
  C:\Windows\System\egGsqWm.exe
  2⤵
  PID:7500
- C:\Windows\System\UzQsUtk.exe
  C:\Windows\System\UzQsUtk.exe
  2⤵
  PID:7560
- C:\Windows\System\tgamBjP.exe
  C:\Windows\System\tgamBjP.exe
  2⤵
  PID:7596
- C:\Windows\System\dXOoJdd.exe
  C:\Windows\System\dXOoJdd.exe
  2⤵
  PID:7580
- C:\Windows\System\UzqWVSE.exe
  C:\Windows\System\UzqWVSE.exe
  2⤵
  PID:7644
- C:\Windows\System\gYaSIML.exe
  C:\Windows\System\gYaSIML.exe
  2⤵
  PID:7660
- C:\Windows\System\RqIsChj.exe
  C:\Windows\System\RqIsChj.exe
  2⤵
  PID:7720
- C:\Windows\System\IQtSrLN.exe
  C:\Windows\System\IQtSrLN.exe
  2⤵
  PID:7708
- C:\Windows\System\ZPnDeaR.exe
  C:\Windows\System\ZPnDeaR.exe
  2⤵
  PID:7764
- C:\Windows\System\mYTDKDk.exe
  C:\Windows\System\mYTDKDk.exe
  2⤵
  PID:1568
- C:\Windows\System\WNzQmsu.exe
  C:\Windows\System\WNzQmsu.exe
  2⤵
  PID:7748
- C:\Windows\System\HCrkkub.exe
  C:\Windows\System\HCrkkub.exe
  2⤵
  PID:7880
- C:\Windows\System\fhrEAzm.exe
  C:\Windows\System\fhrEAzm.exe
  2⤵
  PID:7856
- C:\Windows\System\fDjobsN.exe
  C:\Windows\System\fDjobsN.exe
  2⤵
  PID:7860
- C:\Windows\System\MhWuQxl.exe
  C:\Windows\System\MhWuQxl.exe
  2⤵
  PID:7956
- C:\Windows\System\dmpMMVn.exe
  C:\Windows\System\dmpMMVn.exe
  2⤵
  PID:7980
- C:\Windows\System\waGGjwy.exe
  C:\Windows\System\waGGjwy.exe
  2⤵
  PID:8048
- C:\Windows\System\jFJyPXn.exe
  C:\Windows\System\jFJyPXn.exe
  2⤵
  PID:8036
- C:\Windows\System\LddAByN.exe
  C:\Windows\System\LddAByN.exe
  2⤵
  PID:8092
- C:\Windows\System\fWVwUrg.exe
  C:\Windows\System\fWVwUrg.exe
  2⤵
  PID:8100
- C:\Windows\System\OqxgRTa.exe
  C:\Windows\System\OqxgRTa.exe
  2⤵
  PID:8140
- C:\Windows\System\rDNVUXP.exe
  C:\Windows\System\rDNVUXP.exe
  2⤵
  PID:8164
- C:\Windows\System\jqamvyt.exe
  C:\Windows\System\jqamvyt.exe
  2⤵
  PID:7172
- C:\Windows\System\berickR.exe
  C:\Windows\System\berickR.exe
  2⤵
  PID:7228
- C:\Windows\System\eAlvsfY.exe
  C:\Windows\System\eAlvsfY.exe
  2⤵
  PID:7364
- C:\Windows\System\wedflsz.exe
  C:\Windows\System\wedflsz.exe
  2⤵
  PID:7380
- C:\Windows\System\iyjQFqZ.exe
  C:\Windows\System\iyjQFqZ.exe
  2⤵
  PID:7132
- C:\Windows\System\RdsIiNI.exe
  C:\Windows\System\RdsIiNI.exe
  2⤵
  PID:7508
- C:\Windows\System\ZdcicXX.exe
  C:\Windows\System\ZdcicXX.exe
  2⤵
  PID:7524
- C:\Windows\System\GMzfvfB.exe
  C:\Windows\System\GMzfvfB.exe
  2⤵
  PID:7488
- C:\Windows\System\aqhIKfV.exe
  C:\Windows\System\aqhIKfV.exe
  2⤵
  PID:7540
- C:\Windows\System\yHRTdUr.exe
  C:\Windows\System\yHRTdUr.exe
  2⤵
  PID:7700
- C:\Windows\System\PdUmyty.exe
  C:\Windows\System\PdUmyty.exe
  2⤵
  PID:7668
- C:\Windows\System\iNdXafj.exe
  C:\Windows\System\iNdXafj.exe
  2⤵
  PID:7664
- C:\Windows\System\PYeNDmF.exe
  C:\Windows\System\PYeNDmF.exe
  2⤵
  PID:7976
- C:\Windows\System\ToKvqAk.exe
  C:\Windows\System\ToKvqAk.exe
  2⤵
  PID:7728
- C:\Windows\System\TlMUPFo.exe
  C:\Windows\System\TlMUPFo.exe
  2⤵
  PID:7864
- C:\Windows\System\tZkycaw.exe
  C:\Windows\System\tZkycaw.exe
  2⤵
  PID:8016
- C:\Windows\System\xsEHJBk.exe
  C:\Windows\System\xsEHJBk.exe
  2⤵
  PID:8088
- C:\Windows\System\iGwjfrT.exe
  C:\Windows\System\iGwjfrT.exe
  2⤵
  PID:8132
- C:\Windows\System\jhlYCJt.exe
  C:\Windows\System\jhlYCJt.exe
  2⤵
  PID:7204
- C:\Windows\System\avQRuZp.exe
  C:\Windows\System\avQRuZp.exe
  2⤵
  PID:8160
- C:\Windows\System\KGngQZe.exe
  C:\Windows\System\KGngQZe.exe
  2⤵
  PID:7348
- C:\Windows\System\BxkNQuz.exe
  C:\Windows\System\BxkNQuz.exe
  2⤵
  PID:7332
- C:\Windows\System\KQfrSYR.exe
  C:\Windows\System\KQfrSYR.exe
  2⤵
  PID:7480
- C:\Windows\System\AxkjAzX.exe
  C:\Windows\System\AxkjAzX.exe
  2⤵
  PID:7608
- C:\Windows\System\lpqErmV.exe
  C:\Windows\System\lpqErmV.exe
  2⤵
  PID:7804
- C:\Windows\System\YNJhiHw.exe
  C:\Windows\System\YNJhiHw.exe
  2⤵
  PID:7900
- C:\Windows\System\vBpCwGL.exe
  C:\Windows\System\vBpCwGL.exe
  2⤵
  PID:1620
- C:\Windows\System\sAXjtwX.exe
  C:\Windows\System\sAXjtwX.exe
  2⤵
  PID:7936
- C:\Windows\System\DOsGwUK.exe
  C:\Windows\System\DOsGwUK.exe
  2⤵
  PID:7928
- C:\Windows\System\XESQCZx.exe
  C:\Windows\System\XESQCZx.exe
  2⤵
  PID:7932
- C:\Windows\System\yvRaKij.exe
  C:\Windows\System\yvRaKij.exe
  2⤵
  PID:7388
- C:\Windows\System\ClCYGWc.exe
  C:\Windows\System\ClCYGWc.exe
  2⤵
  PID:7684
- C:\Windows\System\DLtgNLS.exe
  C:\Windows\System\DLtgNLS.exe
  2⤵
  PID:7408
- C:\Windows\System\dcwplcI.exe
  C:\Windows\System\dcwplcI.exe
  2⤵
  PID:7808
- C:\Windows\System\UNpHmnn.exe
  C:\Windows\System\UNpHmnn.exe
  2⤵
  PID:7828
- C:\Windows\System\UapJvEx.exe
  C:\Windows\System\UapJvEx.exe
  2⤵
  PID:7744
- C:\Windows\System\OUfnRxG.exe
  C:\Windows\System\OUfnRxG.exe
  2⤵
  PID:8076
- C:\Windows\System\WPaVwSS.exe
  C:\Windows\System\WPaVwSS.exe
  2⤵
  PID:8120
- C:\Windows\System\lBBfGqE.exe
  C:\Windows\System\lBBfGqE.exe
  2⤵
  PID:7320
- C:\Windows\System\ZzvZppb.exe
  C:\Windows\System\ZzvZppb.exe
  2⤵
  PID:7468
- C:\Windows\System\vTPLXGo.exe
  C:\Windows\System\vTPLXGo.exe
  2⤵
  PID:7916
- C:\Windows\System\bmQCkbb.exe
  C:\Windows\System\bmQCkbb.exe
  2⤵
  PID:7428
- C:\Windows\System\tUpaIwN.exe
  C:\Windows\System\tUpaIwN.exe
  2⤵
  PID:7252
- C:\Windows\System\gQncQCA.exe
  C:\Windows\System\gQncQCA.exe
  2⤵
  PID:8200
- C:\Windows\System\FunqpmE.exe
  C:\Windows\System\FunqpmE.exe
  2⤵
  PID:8216
- C:\Windows\System\DrFmRlO.exe
  C:\Windows\System\DrFmRlO.exe
  2⤵
  PID:8232
- C:\Windows\System\RUTzLof.exe
  C:\Windows\System\RUTzLof.exe
  2⤵
  PID:8252
- C:\Windows\System\aPsaWqr.exe
  C:\Windows\System\aPsaWqr.exe
  2⤵
  PID:8296
- C:\Windows\System\wjZcVxr.exe
  C:\Windows\System\wjZcVxr.exe
  2⤵
  PID:8312
- C:\Windows\System\tIWNguE.exe
  C:\Windows\System\tIWNguE.exe
  2⤵
  PID:8336
- C:\Windows\System\LulAZOA.exe
  C:\Windows\System\LulAZOA.exe
  2⤵
  PID:8352
- C:\Windows\System\hvFoAaZ.exe
  C:\Windows\System\hvFoAaZ.exe
  2⤵
  PID:8372
- C:\Windows\System\Mkuxsmh.exe
  C:\Windows\System\Mkuxsmh.exe
  2⤵
  PID:8392
- C:\Windows\System\WPdmIBc.exe
  C:\Windows\System\WPdmIBc.exe
  2⤵
  PID:8412
- C:\Windows\System\gZvUZqN.exe
  C:\Windows\System\gZvUZqN.exe
  2⤵
  PID:8432
- C:\Windows\System\kaegqfC.exe
  C:\Windows\System\kaegqfC.exe
  2⤵
  PID:8456
- C:\Windows\System\sAxSRhD.exe
  C:\Windows\System\sAxSRhD.exe
  2⤵
  PID:8476
- C:\Windows\System\wdJjeUU.exe
  C:\Windows\System\wdJjeUU.exe
  2⤵
  PID:8492
- C:\Windows\System\cookfUM.exe
  C:\Windows\System\cookfUM.exe
  2⤵
  PID:8512
- C:\Windows\System\uuIrWmb.exe
  C:\Windows\System\uuIrWmb.exe
  2⤵
  PID:8536
- C:\Windows\System\wgqtsJu.exe
  C:\Windows\System\wgqtsJu.exe
  2⤵
  PID:8552
- C:\Windows\System\LuYePWP.exe
  C:\Windows\System\LuYePWP.exe
  2⤵
  PID:8572
- C:\Windows\System\mvvUreK.exe
  C:\Windows\System\mvvUreK.exe
  2⤵
  PID:8592
- C:\Windows\System\oJvYWSE.exe
  C:\Windows\System\oJvYWSE.exe
  2⤵
  PID:8612
- C:\Windows\System\xnXClpi.exe
  C:\Windows\System\xnXClpi.exe
  2⤵
  PID:8628
- C:\Windows\System\mQVXLKI.exe
  C:\Windows\System\mQVXLKI.exe
  2⤵
  PID:8648
- C:\Windows\System\SkvIZVb.exe
  C:\Windows\System\SkvIZVb.exe
  2⤵
  PID:8668
- C:\Windows\System\hXaaRZf.exe
  C:\Windows\System\hXaaRZf.exe
  2⤵
  PID:8688
- C:\Windows\System\eydiRTQ.exe
  C:\Windows\System\eydiRTQ.exe
  2⤵
  PID:8708
- C:\Windows\System\QLzTLEP.exe
  C:\Windows\System\QLzTLEP.exe
  2⤵
  PID:8724
- C:\Windows\System\mVtOtwQ.exe
  C:\Windows\System\mVtOtwQ.exe
  2⤵
  PID:8756
- C:\Windows\System\FMaglOH.exe
  C:\Windows\System\FMaglOH.exe
  2⤵
  PID:8772
- C:\Windows\System\EpWYpRC.exe
  C:\Windows\System\EpWYpRC.exe
  2⤵
  PID:8788
- C:\Windows\System\YNgcDNx.exe
  C:\Windows\System\YNgcDNx.exe
  2⤵
  PID:8808
- C:\Windows\System\DUfNuoW.exe
  C:\Windows\System\DUfNuoW.exe
  2⤵
  PID:8836
- C:\Windows\System\VshPSjq.exe
  C:\Windows\System\VshPSjq.exe
  2⤵
  PID:8852
- C:\Windows\System\hmFhDfU.exe
  C:\Windows\System\hmFhDfU.exe
  2⤵
  PID:8868
- C:\Windows\System\IBLsazI.exe
  C:\Windows\System\IBLsazI.exe
  2⤵
  PID:8884
- C:\Windows\System\ECIFKvP.exe
  C:\Windows\System\ECIFKvP.exe
  2⤵
  PID:8900
- C:\Windows\System\nnUyIQI.exe
  C:\Windows\System\nnUyIQI.exe
  2⤵
  PID:8928
- C:\Windows\System\nTLywRM.exe
  C:\Windows\System\nTLywRM.exe
  2⤵
  PID:8956
- C:\Windows\System\AvfwbEI.exe
  C:\Windows\System\AvfwbEI.exe
  2⤵
  PID:8972
- C:\Windows\System\kLBIxgi.exe
  C:\Windows\System\kLBIxgi.exe
  2⤵
  PID:8996
- C:\Windows\System\HKjqOSC.exe
  C:\Windows\System\HKjqOSC.exe
  2⤵
  PID:9012
- C:\Windows\System\Rkdknrl.exe
  C:\Windows\System\Rkdknrl.exe
  2⤵
  PID:9040
- C:\Windows\System\yWCgTnV.exe
  C:\Windows\System\yWCgTnV.exe
  2⤵
  PID:9056
- C:\Windows\System\dVHlyEG.exe
  C:\Windows\System\dVHlyEG.exe
  2⤵
  PID:9072
- C:\Windows\System\nVgAjUb.exe
  C:\Windows\System\nVgAjUb.exe
  2⤵
  PID:9088
- C:\Windows\System\uAQEGXo.exe
  C:\Windows\System\uAQEGXo.exe
  2⤵
  PID:9104
- C:\Windows\System\PUXrJSg.exe
  C:\Windows\System\PUXrJSg.exe
  2⤵
  PID:9124
- C:\Windows\System\kvPNGzO.exe
  C:\Windows\System\kvPNGzO.exe
  2⤵
  PID:9144
- C:\Windows\System\dXTyRSz.exe
  C:\Windows\System\dXTyRSz.exe
  2⤵
  PID:9160
- C:\Windows\System\fSiQGBF.exe
  C:\Windows\System\fSiQGBF.exe
  2⤵
  PID:9200
- C:\Windows\System\vZwBViW.exe
  C:\Windows\System\vZwBViW.exe
  2⤵
  PID:7424
- C:\Windows\System\KWNOUFY.exe
  C:\Windows\System\KWNOUFY.exe
  2⤵
  PID:6868
- C:\Windows\System\niPaFBp.exe
  C:\Windows\System\niPaFBp.exe
  2⤵
  PID:8268
- C:\Windows\System\AewrDIi.exe
  C:\Windows\System\AewrDIi.exe
  2⤵
  PID:8244
- C:\Windows\System\hnODoll.exe
  C:\Windows\System\hnODoll.exe
  2⤵
  PID:8276
- C:\Windows\System\IPJawMQ.exe
  C:\Windows\System\IPJawMQ.exe
  2⤵
  PID:8288
- C:\Windows\System\iLSFJWG.exe
  C:\Windows\System\iLSFJWG.exe
  2⤵
  PID:8308
- C:\Windows\System\KXgpyWo.exe
  C:\Windows\System\KXgpyWo.exe
  2⤵
  PID:8344
- C:\Windows\System\zxxkDOB.exe
  C:\Windows\System\zxxkDOB.exe
  2⤵
  PID:8404
- C:\Windows\System\omnlmwm.exe
  C:\Windows\System\omnlmwm.exe
  2⤵
  PID:8424
- C:\Windows\System\yhawGOq.exe
  C:\Windows\System\yhawGOq.exe
  2⤵
  PID:8448
- C:\Windows\System\SOErFkq.exe
  C:\Windows\System\SOErFkq.exe
  2⤵
  PID:8468
- C:\Windows\System\NveTesA.exe
  C:\Windows\System\NveTesA.exe
  2⤵
  PID:8500
- C:\Windows\System\SXfWmMB.exe
  C:\Windows\System\SXfWmMB.exe
  2⤵
  PID:8564
- C:\Windows\System\qtlGJBt.exe
  C:\Windows\System\qtlGJBt.exe
  2⤵
  PID:8588
- C:\Windows\System\JxGsIlV.exe
  C:\Windows\System\JxGsIlV.exe
  2⤵
  PID:8620
- C:\Windows\System\bvMtGDe.exe
  C:\Windows\System\bvMtGDe.exe
  2⤵
  PID:8684
- C:\Windows\System\Wsxokqb.exe
  C:\Windows\System\Wsxokqb.exe
  2⤵
  PID:8716
- C:\Windows\System\xkfFCdv.exe
  C:\Windows\System\xkfFCdv.exe
  2⤵
  PID:8736
- C:\Windows\System\uMehsYl.exe
  C:\Windows\System\uMehsYl.exe
  2⤵
  PID:8700
- C:\Windows\System\NOSvzoz.exe
  C:\Windows\System\NOSvzoz.exe
  2⤵
  PID:8696
- C:\Windows\System\uaTqcgL.exe
  C:\Windows\System\uaTqcgL.exe
  2⤵
  PID:8816
- C:\Windows\System\PdEBKIL.exe
  C:\Windows\System\PdEBKIL.exe
  2⤵
  PID:8832
- C:\Windows\System\YSPdcMV.exe
  C:\Windows\System\YSPdcMV.exe
  2⤵
  PID:8848
- C:\Windows\System\ZtLSdjS.exe
  C:\Windows\System\ZtLSdjS.exe
  2⤵
  PID:8920
- C:\Windows\System\hQUIowE.exe
  C:\Windows\System\hQUIowE.exe
  2⤵
  PID:8924
- C:\Windows\System\NaSjQuI.exe
  C:\Windows\System\NaSjQuI.exe
  2⤵
  PID:8968
- C:\Windows\System\DIbfHPy.exe
  C:\Windows\System\DIbfHPy.exe
  2⤵
  PID:9008
- C:\Windows\System\MbZdDsl.exe
  C:\Windows\System\MbZdDsl.exe
  2⤵
  PID:9036
- C:\Windows\System\fTtTAaw.exe
  C:\Windows\System\fTtTAaw.exe
  2⤵
  PID:9068
- C:\Windows\System\vQedOcF.exe
  C:\Windows\System\vQedOcF.exe
  2⤵
  PID:9132
- C:\Windows\System\OJFVlgn.exe
  C:\Windows\System\OJFVlgn.exe
  2⤵
  PID:9176
- C:\Windows\System\WmnBDfS.exe
  C:\Windows\System\WmnBDfS.exe
  2⤵
  PID:9196
- C:\Windows\System\uFRjzVH.exe
  C:\Windows\System\uFRjzVH.exe
  2⤵
  PID:9112
- C:\Windows\System\JgquahN.exe
  C:\Windows\System\JgquahN.exe
  2⤵
  PID:8248
- C:\Windows\System\mpUXLml.exe
  C:\Windows\System\mpUXLml.exe
  2⤵
  PID:7996
- C:\Windows\System\YwbHxZX.exe
  C:\Windows\System\YwbHxZX.exe
  2⤵
  PID:8328
- C:\Windows\System\ZfoGcSn.exe
  C:\Windows\System\ZfoGcSn.exe
  2⤵
  PID:8360
- C:\Windows\System\RhovCwg.exe
  C:\Windows\System\RhovCwg.exe
  2⤵
  PID:8408
- C:\Windows\System\OYszbYK.exe
  C:\Windows\System\OYszbYK.exe
  2⤵
  PID:8504
- C:\Windows\System\KWdgstu.exe
  C:\Windows\System\KWdgstu.exe
  2⤵
  PID:8644
- C:\Windows\System\HHgNpEA.exe
  C:\Windows\System\HHgNpEA.exe
  2⤵
  PID:8608
- C:\Windows\System\RqttZVk.exe
  C:\Windows\System\RqttZVk.exe
  2⤵
  PID:8660
- C:\Windows\System\QQfwtgV.exe
  C:\Windows\System\QQfwtgV.exe
  2⤵
  PID:8800
- C:\Windows\System\XlCVLhK.exe
  C:\Windows\System\XlCVLhK.exe
  2⤵
  PID:8864
- C:\Windows\System\JotNjVH.exe
  C:\Windows\System\JotNjVH.exe
  2⤵
  PID:8292
- C:\Windows\System\bEJfzxO.exe
  C:\Windows\System\bEJfzxO.exe
  2⤵
  PID:8636
- C:\Windows\System\rPcNVsf.exe
  C:\Windows\System\rPcNVsf.exe
  2⤵
  PID:9024
- C:\Windows\System\YPAyEJO.exe
  C:\Windows\System\YPAyEJO.exe
  2⤵
  PID:9028
- C:\Windows\System\ycRtcma.exe
  C:\Windows\System\ycRtcma.exe
  2⤵
  PID:8784
- C:\Windows\System\WwSpOvo.exe
  C:\Windows\System\WwSpOvo.exe
  2⤵
  PID:9156
- C:\Windows\System\tHitPOV.exe
  C:\Windows\System\tHitPOV.exe
  2⤵
  PID:9064
- C:\Windows\System\XuncZEJ.exe
  C:\Windows\System\XuncZEJ.exe
  2⤵
  PID:8940
- C:\Windows\System\XVFkxFI.exe
  C:\Windows\System\XVFkxFI.exe
  2⤵
  PID:9188
- C:\Windows\System\SFVkuol.exe
  C:\Windows\System\SFVkuol.exe
  2⤵
  PID:8224
- C:\Windows\System\QZtkdVg.exe
  C:\Windows\System\QZtkdVg.exe
  2⤵
  PID:8212
- C:\Windows\System\uAzMmNE.exe
  C:\Windows\System\uAzMmNE.exe
  2⤵
  PID:7912
- C:\Windows\System\hRxmlBG.exe
  C:\Windows\System\hRxmlBG.exe
  2⤵
  PID:8272
- C:\Windows\System\XjhhEhu.exe
  C:\Windows\System\XjhhEhu.exe
  2⤵
  PID:8532
- C:\Windows\System\yQWSWuB.exe
  C:\Windows\System\yQWSWuB.exe
  2⤵
  PID:8444
- C:\Windows\System\LdjtvSh.exe
  C:\Windows\System\LdjtvSh.exe
  2⤵
  PID:8524
- C:\Windows\System\pGUgteH.exe
  C:\Windows\System\pGUgteH.exe
  2⤵
  PID:8732
- C:\Windows\System\WTjfRHT.exe
  C:\Windows\System\WTjfRHT.exe
  2⤵
  PID:8860
- C:\Windows\System\PsxuTWE.exe
  C:\Windows\System\PsxuTWE.exe
  2⤵
  PID:8952
- C:\Windows\System\xTojJyA.exe
  C:\Windows\System\xTojJyA.exe
  2⤵
  PID:8548
- C:\Windows\System\TzbMmYY.exe
  C:\Windows\System\TzbMmYY.exe
  2⤵
  PID:8824
- C:\Windows\System\hNhwuZx.exe
  C:\Windows\System\hNhwuZx.exe
  2⤵
  PID:8028
- C:\Windows\System\oCbKJxb.exe
  C:\Windows\System\oCbKJxb.exe
  2⤵
  PID:8264
- C:\Windows\System\bIlVRSq.exe
  C:\Windows\System\bIlVRSq.exe
  2⤵
  PID:8892
- C:\Windows\System\RdNjTrD.exe
  C:\Windows\System\RdNjTrD.exe
  2⤵
  PID:8604
- C:\Windows\System\bJLzEKg.exe
  C:\Windows\System\bJLzEKg.exe
  2⤵
  PID:1476
- C:\Windows\System\OAGGNju.exe
  C:\Windows\System\OAGGNju.exe
  2⤵
  PID:8368
- C:\Windows\System\qMAZiMi.exe
  C:\Windows\System\qMAZiMi.exe
  2⤵
  PID:8284
- C:\Windows\System\oZraxnl.exe
  C:\Windows\System\oZraxnl.exe
  2⤵
  PID:8992
- C:\Windows\System\AAnCOIt.exe
  C:\Windows\System\AAnCOIt.exe
  2⤵
  PID:8780
- C:\Windows\System\PchUrxe.exe
  C:\Windows\System\PchUrxe.exe
  2⤵
  PID:9020
- C:\Windows\System\QjKvogR.exe
  C:\Windows\System\QjKvogR.exe
  2⤵
  PID:8580
- C:\Windows\System\KbtThPP.exe
  C:\Windows\System\KbtThPP.exe
  2⤵
  PID:8768
- C:\Windows\System\HLfKuug.exe
  C:\Windows\System\HLfKuug.exe
  2⤵
  PID:8896
- C:\Windows\System\BrHdyYW.exe
  C:\Windows\System\BrHdyYW.exe
  2⤵
  PID:8484
- C:\Windows\System\SzLmLsL.exe
  C:\Windows\System\SzLmLsL.exe
  2⤵
  PID:9220
- C:\Windows\System\YytHTdW.exe
  C:\Windows\System\YytHTdW.exe
  2⤵
  PID:9236
- C:\Windows\System\Mrrkyvm.exe
  C:\Windows\System\Mrrkyvm.exe
  2⤵
  PID:9252
- C:\Windows\System\PaKzDsx.exe
  C:\Windows\System\PaKzDsx.exe
  2⤵
  PID:9268
- C:\Windows\System\zjbBFzW.exe
  C:\Windows\System\zjbBFzW.exe
  2⤵
  PID:9284
- C:\Windows\System\tKRqwcJ.exe
  C:\Windows\System\tKRqwcJ.exe
  2⤵
  PID:9300
- C:\Windows\System\gcyYxnP.exe
  C:\Windows\System\gcyYxnP.exe
  2⤵
  PID:9316
- C:\Windows\System\wSalQHE.exe
  C:\Windows\System\wSalQHE.exe
  2⤵
  PID:9332
- C:\Windows\System\ezYqvue.exe
  C:\Windows\System\ezYqvue.exe
  2⤵
  PID:9348
- C:\Windows\System\IdXGpGu.exe
  C:\Windows\System\IdXGpGu.exe
  2⤵
  PID:9364
- C:\Windows\System\XhFNcFd.exe
  C:\Windows\System\XhFNcFd.exe
  2⤵
  PID:9380
- C:\Windows\System\kMVhVTv.exe
  C:\Windows\System\kMVhVTv.exe
  2⤵
  PID:9396
- C:\Windows\System\AnoSGfp.exe
  C:\Windows\System\AnoSGfp.exe
  2⤵
  PID:9412
- C:\Windows\System\lWSrNWF.exe
  C:\Windows\System\lWSrNWF.exe
  2⤵
  PID:9428
- C:\Windows\System\GtnUiDx.exe
  C:\Windows\System\GtnUiDx.exe
  2⤵
  PID:9444
- C:\Windows\System\BcpQmbk.exe
  C:\Windows\System\BcpQmbk.exe
  2⤵
  PID:9460
- C:\Windows\System\IKOmoCY.exe
  C:\Windows\System\IKOmoCY.exe
  2⤵
  PID:9476
- C:\Windows\System\XFCCaUC.exe
  C:\Windows\System\XFCCaUC.exe
  2⤵
  PID:9492
- C:\Windows\System\nqrDRNt.exe
  C:\Windows\System\nqrDRNt.exe
  2⤵
  PID:9508
- C:\Windows\System\xeBRCFp.exe
  C:\Windows\System\xeBRCFp.exe
  2⤵
  PID:9524
- C:\Windows\System\QuAWFAt.exe
  C:\Windows\System\QuAWFAt.exe
  2⤵
  PID:9540
- C:\Windows\System\iImivUp.exe
  C:\Windows\System\iImivUp.exe
  2⤵
  PID:9556
- C:\Windows\System\jDptnJf.exe
  C:\Windows\System\jDptnJf.exe
  2⤵
  PID:9572
- C:\Windows\System\PcRkMBU.exe
  C:\Windows\System\PcRkMBU.exe
  2⤵
  PID:9588
- C:\Windows\System\TAYZSQk.exe
  C:\Windows\System\TAYZSQk.exe
  2⤵
  PID:9604
- C:\Windows\System\eMgszgs.exe
  C:\Windows\System\eMgszgs.exe
  2⤵
  PID:9620
- C:\Windows\System\dOjlYNl.exe
  C:\Windows\System\dOjlYNl.exe
  2⤵
  PID:9636
- C:\Windows\System\bLYOySe.exe
  C:\Windows\System\bLYOySe.exe
  2⤵
  PID:9652
- C:\Windows\System\CwEhpBv.exe
  C:\Windows\System\CwEhpBv.exe
  2⤵
  PID:9672
- C:\Windows\System\rQzHolG.exe
  C:\Windows\System\rQzHolG.exe
  2⤵
  PID:9688
- C:\Windows\System\LzZhxdE.exe
  C:\Windows\System\LzZhxdE.exe
  2⤵
  PID:9712
- C:\Windows\System\ytecmRS.exe
  C:\Windows\System\ytecmRS.exe
  2⤵
  PID:9728
- C:\Windows\System\qxhdxMW.exe
  C:\Windows\System\qxhdxMW.exe
  2⤵
  PID:9748
- C:\Windows\System\QxEQMEd.exe
  C:\Windows\System\QxEQMEd.exe
  2⤵
  PID:9764
- C:\Windows\System\eiyLqBn.exe
  C:\Windows\System\eiyLqBn.exe
  2⤵
  PID:9780
- C:\Windows\System\gzIyvSP.exe
  C:\Windows\System\gzIyvSP.exe
  2⤵
  PID:9796
- C:\Windows\System\HQNzXFt.exe
  C:\Windows\System\HQNzXFt.exe
  2⤵
  PID:9812
- C:\Windows\System\pzQqZMN.exe
  C:\Windows\System\pzQqZMN.exe
  2⤵
  PID:9832
- C:\Windows\System\cgbfYNV.exe
  C:\Windows\System\cgbfYNV.exe
  2⤵
  PID:9848
- C:\Windows\System\RMPDtEP.exe
  C:\Windows\System\RMPDtEP.exe
  2⤵
  PID:9872
- C:\Windows\System\YqJcCCB.exe
  C:\Windows\System\YqJcCCB.exe
  2⤵
  PID:9888
- C:\Windows\System\tbVKeVK.exe
  C:\Windows\System\tbVKeVK.exe
  2⤵
  PID:9904
- C:\Windows\System\TOUcsal.exe
  C:\Windows\System\TOUcsal.exe
  2⤵
  PID:9924
- C:\Windows\System\lgzBvDP.exe
  C:\Windows\System\lgzBvDP.exe
  2⤵
  PID:9940
- C:\Windows\System\DwAOzVV.exe
  C:\Windows\System\DwAOzVV.exe
  2⤵
  PID:9960
- C:\Windows\System\EFlZEDh.exe
  C:\Windows\System\EFlZEDh.exe
  2⤵
  PID:9976
- C:\Windows\System\JOXJBNe.exe
  C:\Windows\System\JOXJBNe.exe
  2⤵
  PID:10000
- C:\Windows\System\IsSHCrX.exe
  C:\Windows\System\IsSHCrX.exe
  2⤵
  PID:10016
- C:\Windows\System\ahZamBp.exe
  C:\Windows\System\ahZamBp.exe
  2⤵
  PID:10032
- C:\Windows\System\MrSeWXz.exe
  C:\Windows\System\MrSeWXz.exe
  2⤵
  PID:10048
- C:\Windows\System\AVFtTkp.exe
  C:\Windows\System\AVFtTkp.exe
  2⤵
  PID:10064
- C:\Windows\System\XalfBHu.exe
  C:\Windows\System\XalfBHu.exe
  2⤵
  PID:10096
- C:\Windows\System\sXGyVKm.exe
  C:\Windows\System\sXGyVKm.exe
  2⤵
  PID:10112
- C:\Windows\System\mnIlOtI.exe
  C:\Windows\System\mnIlOtI.exe
  2⤵
  PID:10136
- C:\Windows\System\HDABfNM.exe
  C:\Windows\System\HDABfNM.exe
  2⤵
  PID:10152
- C:\Windows\System\IHmZndo.exe
  C:\Windows\System\IHmZndo.exe
  2⤵
  PID:10180
- C:\Windows\System\MPGkqsw.exe
  C:\Windows\System\MPGkqsw.exe
  2⤵
  PID:10204
- C:\Windows\System\tnYuzRC.exe
  C:\Windows\System\tnYuzRC.exe
  2⤵
  PID:10236
- C:\Windows\System\LVtoslA.exe
  C:\Windows\System\LVtoslA.exe
  2⤵
  PID:9244
- C:\Windows\System\zcleavk.exe
  C:\Windows\System\zcleavk.exe
  2⤵
  PID:9280
- C:\Windows\System\gVsnslK.exe
  C:\Windows\System\gVsnslK.exe
  2⤵
  PID:9308
- C:\Windows\System\QHnldbz.exe
  C:\Windows\System\QHnldbz.exe
  2⤵
  PID:9292
- C:\Windows\System\rNYCIdN.exe
  C:\Windows\System\rNYCIdN.exe
  2⤵
  PID:9296
- C:\Windows\System\nqJtmrD.exe
  C:\Windows\System\nqJtmrD.exe
  2⤵
  PID:9388
- C:\Windows\System\DrxbZDt.exe
  C:\Windows\System\DrxbZDt.exe
  2⤵
  PID:9420
- C:\Windows\System\qqDSdjk.exe
  C:\Windows\System\qqDSdjk.exe
  2⤵
  PID:9440
- C:\Windows\System\rgGZcpJ.exe
  C:\Windows\System\rgGZcpJ.exe
  2⤵
  PID:9452
- C:\Windows\System\qkWuffz.exe
  C:\Windows\System\qkWuffz.exe
  2⤵
  PID:9548
- C:\Windows\System\tGlSius.exe
  C:\Windows\System\tGlSius.exe
  2⤵
  PID:9596
- C:\Windows\System\KXCSMek.exe
  C:\Windows\System\KXCSMek.exe
  2⤵
  PID:9616
- C:\Windows\System\XnXrpZM.exe
  C:\Windows\System\XnXrpZM.exe
  2⤵
  PID:9664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CYYdsXz.exe

Filesize
6.0MB

MD5
8bf5a791f527266c3dcf512e9efb01e8

SHA1
f74aee3b85b19d07c07a0421f6bc3f651fdb23e3

SHA256
4e837ff2eb7f7f50aff39dcf19b7c4d5b6c8b8841b28e95d16753a1a66e27986

SHA512
d59ce7bb7f2ff06cfd64cc7010a09e654dcec00df39ecb1e6984eea6003a02e52cac251dbc6fa0b4c2234a0ca5a0bd9952e73cee0f424e2f4331e248ed81b026

Download Submit
C:\Windows\system\CbreKvB.exe

Filesize
6.0MB

MD5
aae03dfe4c3ff56e6687846676fa4596

SHA1
0e2d859c1d9bb38827c99afcbd0fcadc6c7de5e4

SHA256
d2b6b8e54adac5a59a3ab96653354f34ad3ee890e05895c89e96bc7ddd0f4789

SHA512
39cd3fda5eb9d5473e30d404461d0806d30082d92e4749bf6625d29b9d376c5cb28256f227342794ed74f761625ce578b578af2efc0722302e874773988df6ad

Download Submit
C:\Windows\system\CePehSQ.exe

Filesize
6.0MB

MD5
8fa2137fd9e038c12729733679648d50

SHA1
ef4dd2ac3acf40fcaa5c41f1304021a2345c1b68

SHA256
dac745a84e125017c2466bac351beb8af7ffc45022fc40a6b4c0257ca6e64752

SHA512
28717b76882de89104794eb0f06f5ca8811fbf0f990f23c18e3596cfcc209a0158db79d07a4128f79c85b8a653ff5e510e6b928230418f746adffaff0977a098

Download Submit
C:\Windows\system\ENdwECo.exe

Filesize
6.0MB

MD5
49ed6b8b0b60c9188e84e22abc43fc1d

SHA1
eb9bada865f57f1d652185ce1518e2e06e139e9b

SHA256
f9b01a2213bf2e7534ded4a99cc45cfa51b30288d9d33dcdfa2bdd462b835904

SHA512
e2a63b49cae18e82fa8bb1a3bb747ee3aea22f1d49826ce65ea233b793712fe1406254cbd5f6a1c3df573489f04758745a431102f6ce4e4330b7f32d3aa6fb09

Download Submit
C:\Windows\system\EmIKUVt.exe

Filesize
6.0MB

MD5
0966c616c67727954f0b57085828436b

SHA1
397892976f17012d2124a91e9d5d4daf6be46e7d

SHA256
535fe8a3e853bf8ed7ee56f887009c0d7bef4fbe48c2b54bef0cabcb1bf39c98

SHA512
cf5e09fff130970e7895df379121b06546797e0dc7d3e839012f24815e1c4618d89789a3ce58e66b404d93c17e233e86753cf1c7a71ed74ba5baf9584fcf1072

Download Submit
C:\Windows\system\FsASmXd.exe

Filesize
6.0MB

MD5
e524855250fe76bed0f9e69614078997

SHA1
2b45fce8ce145b8246b8dfeb22ce0afb3d9be953

SHA256
c786eb5b1a202c03ffb80c367bb07ab00456709538dde99906cac74427e154c4

SHA512
6dda89a50a4b95734f895659549468a35abd6698be04a35e0d39a8a0276b3d97c1ee61d775982a3d5ed14f073aeff36ce2130ee5757827075e9c4f6ab1986d3c

Download Submit
C:\Windows\system\ITjTlXS.exe

Filesize
6.0MB

MD5
18dbe46f99296ee141b710c0174bff84

SHA1
9f9bf47728260aa304244bc251c694802f441fe5

SHA256
dcd78639288f52c829669ca6e3d1273764cbe05d1d3d0d18900525005138cfb0

SHA512
68350a9990ff78b95a650600166325fa7fcfc885b999064dfaac669e72f9db637c2b413a9bb7716ff1afe044f9e27f3b7674abe0f275c55be7787ed16398565c

Download Submit
C:\Windows\system\NFuDNgz.exe

Filesize
6.0MB

MD5
bc90e0a528241e8fba939f54a1f5c352

SHA1
6a4bd5c91f523424ea620c920f25356c865d2fc8

SHA256
1cfac8a1958392bed27a8e3835b60209825974d0ff3bc1dc469c4c0edcdf6952

SHA512
d58b81a566faf24d91cd2c0964919a2a5e52ad5f802cac6d9f3de29a1cb7e64a974d90534afb567c13055b457f427f933676c6ad6ed3554621fe2d70115d794d

Download Submit
C:\Windows\system\NIossrb.exe

Filesize
6.0MB

MD5
3cf9428fadb885b16cec483c58c28676

SHA1
4a04e50fd4bb2cbb4cf71563deb04c12fd6bfad4

SHA256
fea942275c71a335e5de2591cd0c4ed001056263587e2b9a5df48868d796cb02

SHA512
232ef154025ef14d19874f8b1c7c2069182a9a299a6ea1b78a4f605de7c2c439301e026c361ffef9baddd3b8d9714c69e06445e2406e3b2fbf67c1ae0cef3dae

Download Submit
C:\Windows\system\NRGIpOc.exe

Filesize
6.0MB

MD5
ae8cbdf7ee94966139f160a14aad2077

SHA1
1d078d792e0356d14df245cdf4b59c020fe4dec4

SHA256
7b66955b967cd1ca375b70905634cbfeaf01d0874f40510766c9d540283d6f15

SHA512
d40b52efb8e019bc4744dfc2c7a78ba7fdd73ee6c827f44ad6e4c980201163e8a5b5d88de4db0bada92e4a04c37d2a3e7aae30c0714b88012ad32d554cb02676

Download Submit
C:\Windows\system\SJickNi.exe

Filesize
6.0MB

MD5
4136a98e51815d32b8094e7f62ee5583

SHA1
ec44afc46a53a337145649282c152c3baf7f9069

SHA256
a551179c99d6b82e5736d05df9f28ae0b4b304e0cdcdc2a82c174ddee9aa88a0

SHA512
3f1e82f6127d605b7e5fc522d509efba919371b4510ea75055cedbaf07816d6fc344d871aab64fa9fbc619a923ee2705284816808e1b787e09fb23908ed13281

Download Submit
C:\Windows\system\UpwLWCw.exe

Filesize
6.0MB

MD5
02dad652d8a05492b7f8ccd396f30d7b

SHA1
ae36411532c9453f0d9e3e1c95a236b87fb63c52

SHA256
c29a1d59669f391e541b90bf7cfb227b80baaf39e7eb2ea8e267c7d5bd216712

SHA512
a8dd00351fae41804dde56cd25cc7119d96c70965a3f0f90c892abe17f3d7d9cfe4626a8180087599848c11868a5f4172752fec7a82c364f72617ba782fc3f38

Download Submit
C:\Windows\system\VImEKyc.exe

Filesize
6.0MB

MD5
30c80c62f7a246fd072c742f675aeb13

SHA1
842081540e94ea8049e208c1c8f982ab101f4941

SHA256
a933854f970acd8ecffdf293ced6c2881b6ed628775e3cb4bfed688d8ea0fb8f

SHA512
1fd2d58de794848eb285a736fd54cee3d16f05c23100c9fd940ab28bc069ea1d4a9a4544b097c7a4b67cde5b5ddf2bfecf54df22db817c9894eb664ca35762e8

Download Submit
C:\Windows\system\VzWkINy.exe

Filesize
6.0MB

MD5
4aec904e6b335fa44c90170c0d3d7cad

SHA1
ebc148a40d5324214518664cd7f2a122f4791d8b

SHA256
81a00f66af6fa1cbc8f6ecf1144a0bade44f982be719c8706012f1ace7e5e768

SHA512
022de82b31fb89595981c69555b2ca7b31e12ab27ebafb05163cca6a192190dd15d7b259f1a88f8e2a723201565dc8cfcef9b54c4de6c85cb0cb58e2787f816c

Download Submit
C:\Windows\system\WRMOhvQ.exe

Filesize
6.0MB

MD5
31ec9aea47eca46753d0e56602c601f0

SHA1
3ffa169b53e20dccf37b710114b1199d61ec3f1e

SHA256
8d4cf458bf4e23264f729d57a1b4fa5c1b68be9372c8693b485241eb7a93ad76

SHA512
5a4aa66a6fad19366898e4edaee38c6a522c82f6adbe4a69fff233e342a6b45ace745b1505315881ea3148f42b133d1af452a0f5a25e7bdaa868ef1d8f576e17

Download Submit
C:\Windows\system\YXNLoDD.exe

Filesize
6.0MB

MD5
177fe330b9cf3e3cad1e7b49f76554e9

SHA1
17d499f090884d3613420a8a7fc4e97690170cc7

SHA256
4a375390abfcaa4ad5defbeb852413c35e87deb49a45833d624e18aaee0e6f3a

SHA512
4fea20628ff59d6cdd9bd5006886835874721a0e7ad26a74f24e2962bee3da94248d6cd08f0afd4c6dc86a176bcafead68c292da112aaedb02f9aa2d6d6faa8c

Download Submit
C:\Windows\system\ZYZHWOM.exe

Filesize
6.0MB

MD5
52fa71490ed78f4264351d53f866c225

SHA1
7a74b989e9750f21e0bf0681eced6718c6598b68

SHA256
bb476dd79fd3deaa8d67470a04792b5f856bf1e1257fd2a2bd5e7e38db437d58

SHA512
b873ca00b2a6cd48090d472a6381eeed6207a7f43673207544230bd6c7def3ae55866bb331f5d67f5c71b5fe7bf41182a5a505d672b58103074f83bd9ad735d2

Download Submit
C:\Windows\system\ZtARYhj.exe

Filesize
6.0MB

MD5
9e30ad1a443edd748faebd6640b87ed1

SHA1
8b8c3507d5d41765c23e0fc3b6e8b4ab38b9dbd5

SHA256
a070c562fc3b56e2e1320d1a92739a1b3214bbfd0e506e2992fa0f7eed49bf39

SHA512
b1ce3ef90ac876094bb6e367a18497c52bb946759d8a703774f65ead6492390900b645f2a361d2977b3e9463d6a38cc5009ecbe0387f4c4b28135202b35ddcc9

Download Submit
C:\Windows\system\ckWsCfG.exe

Filesize
6.0MB

MD5
5f62fabefdca652949d847814b4331bc

SHA1
3457c3948d3eed2261fb7e9c1295be46b39260c4

SHA256
ea0df1eff10cf5a26e63620a02d8581ccf6cc82631eb532ffa5b0bbb4803044b

SHA512
0427c4e2a139b1b4271ddea6c83d5432ea69adba8a511d39a5bd06119d9f6ef899d687f1c00c54d341bc53e02222003630154fa1901158e178c989b1bf1d9d7c

Download Submit
C:\Windows\system\gFvAIQk.exe

Filesize
6.0MB

MD5
728a35da88f355d1bab66387b354f3b5

SHA1
0a86ad70511b63b2c88b17ea5f0ece242cd32f6d

SHA256
0d1c4626cd5621bcc2ec2d58dfe88be8218518a873248d569bf480a0cf0760fb

SHA512
37748d2c7d3b1bd5aef297dd707da98e9a0af4835a8936e62fd13b2f8823ce5e0d6318896659c9ea1c2809a5530a20d3eea3aefea5307ea21038c38cf5972d94

Download Submit
C:\Windows\system\ggjASIM.exe

Filesize
6.0MB

MD5
c066d1d2d8c36be7af11994903c2986f

SHA1
e2e1db7a937f131deb71a02e82581e7b6fb357ad

SHA256
d4b1d4f1057b6ee4ee6a89a37f54da62bf41bda328dc010ff73f20b6b762260d

SHA512
a5c5ad9c10ce0d5d457155377c1322411788ed420adf4cb395275d6b1d92da34d1f2bfe5af1782ede9c95eb9577b3d5c8f7089a657f28f7a8b30245f8618d424

Download Submit
C:\Windows\system\lfQFogL.exe

Filesize
6.0MB

MD5
18aedbea85be485aeabd8a6c0be8c4d0

SHA1
ed5dfecf6f3815fd0e5e6e645443e39c59b3368a

SHA256
c358bb1da722f3afdc22a6d7941cfce26ceef0cd73536c59e5484f814df7b828

SHA512
f5c2d373f004076d8fd14829590d5d2a2f8da19867e7b3becc4d9ec912628eb6195a88f92ae1debe772afd1b5987f7a39cdd9ad9e8ae54f1299fc09ab06baddc

Download Submit
C:\Windows\system\pPguuLN.exe

Filesize
6.0MB

MD5
a9bb6abbb4371c497a5f1d4d4a8d8341

SHA1
de97ea7e62db54b77eea2f7df5f57574624f58b6

SHA256
be4fb4a59f3e731eb7b02af5fb647aa5e6fc04482773d3e61395e5561cb50bab

SHA512
f8a941cdd49d51e7f0977de2cfceb9a070128e2b9c2944b980ead7971119810d2e6f913f674ff1d77d648d5a2898218ce5e50b89ef544cbdf76bb29e2997b1e4

Download Submit
C:\Windows\system\vyFSEuO.exe

Filesize
6.0MB

MD5
4adfe389ab59fb6d562ad35ebafc71cf

SHA1
1a4486b1aeffa696f9938b0f9a422ff64297cde2

SHA256
3a42e00c0ac7dd32b01eae4284f7874e521c47ea7d4427aca9055b24b7ea72b3

SHA512
bba12926b60145fde18e508468f174c851c0c869c70d0c3b56baa2d112907b6b014813e9f5d0c791431d1b7789ba4f145904062115e4bb7e504af90820027e34

Download Submit
C:\Windows\system\wNaJFXr.exe

Filesize
6.0MB

MD5
6f18bb133d87539f3064a1226e6fd27d

SHA1
0ebb83e99d28e92188ca8116d6d6771004efb21c

SHA256
c7b4b3997bca3715cc388b68d5ebc8e09c2e73258b7b2a89f4300c4764bc81a0

SHA512
49d26282b7a092597182eca83b7f8cc51a564f64afe761272ce2af473627e191686c77ea585f92601f7a79a40940700e4369b666a847ac17b78c0dfdf4bf027c

Download Submit
\Windows\system\FURZega.exe

Filesize
6.0MB

MD5
c01766974d361446163884e5253d663e

SHA1
c3cb11be72153c40f3c3ec133d668659c8fefa8b

SHA256
1d5f3ae3434e0ba70779978757e5c9ff416beb4000a0864c943f84d84ba0b141

SHA512
850ee38ff4b669a530d782d421a43e1fe1728216a59953f52a02c19f56e1c7532bbd26cf9ba0c0c0190cdfbecc9b61ad009025df7786883e8f5ce3e160bd79a3

Download Submit
\Windows\system\IkmrshE.exe

Filesize
6.0MB

MD5
6dda35fe53b8ccc46f160848b1437702

SHA1
b083dc1f366418ffc864f3d6e9043cf1c0c29e5e

SHA256
c25eacab328636dc50254d58a8d547cd2088c90f068296a66d2a973df1373751

SHA512
6adfba2259a21ee3340837e2fdfa329f4e7c2d153037606eace182ad8a931009a57b49fc914f0cf45fb373ccf2ccc2cd754bcc77c83377584005e6166a234342

Download Submit
\Windows\system\PCQsfZK.exe

Filesize
6.0MB

MD5
f2f388e9c00083e07e9823226d56070f

SHA1
b33011d5fd3487525dc03a1d9b9e63dec578c58f

SHA256
b3635e18699741f52e881dbdfd4843dddc92edb709bccbfead24562bdca5a38e

SHA512
66f3d5ef0c6c15761bcee8aa1d7a9719e9474b1e8271780e7cff95661ae291dd6162158062b4a5880813b6101b6a0e426f9f87c406e7544ba2c7e4080064fe0e

Download Submit
\Windows\system\PeTIvEc.exe

Filesize
6.0MB

MD5
3a687c3e4455f7c012e596020587d404

SHA1
bce3975302d32f194787d62742bf3ab829b7dfb8

SHA256
d0291052b9413a61b850798967643e5502de7385890ce9857261e89e2a129f9c

SHA512
cf3109ef8759a3ac58b27d8e256e0ea984aee6f2ac7f8260a01a32d07f047d0ed54b6fa4752d724637cd4dfaf805dd2fcbbf0ed41b6aa65592b4b0331858d5b9

Download Submit
\Windows\system\WmrkuNI.exe

Filesize
6.0MB

MD5
bdd2a1629e245648d8f21be624a9cf1e

SHA1
5bdf4c434dd10fc7f52f58a1625b6d7ffd15938b

SHA256
548e63ac31f8bc5fa6d449e8e9c8e78fcb251473216c952138c277d2f953c719

SHA512
140c727efc513c9dc2e841dfd0d85df606f688175ba34e5727c0377a7ee159cd37ddb741c37c789b551be5a5cc3a07e4a8461e94d48ddb86bbc0b21f2c8f9f7f

Download Submit
\Windows\system\bSveqFt.exe

Filesize
6.0MB

MD5
f8cf81511d6acb50526f4f5f59825f07

SHA1
cc76311f62dfa5ecef14f80f3bab4da50512ad90

SHA256
58f3bc9ea6656c6cd9f2d96f95b8012973969c28873a50e0af024e8e0ad07d9c

SHA512
e5b007deb422ddff69d031de133238e790917bda4accd347b5153ca01bfb616bf90027f9188aa8ee41f012ca88a68bb0f020cc7420385020d8257a6adbd89b7d

Download Submit
\Windows\system\rSCJwYQ.exe

Filesize
6.0MB

MD5
24e463266d3ce185d9c45f8ff3e0b8a9

SHA1
8fdb4b6aac547e0de6efede46ed3bb4a374abfb2

SHA256
aa75aa0fb7ff5fdb2e6732838b67b6726213aa8ae96c8525149b1901d23ce787

SHA512
654068a7335c4e013498f3e474f9ac37259d3001d4d33cd13fc8e35670dd8f34e327805207f21b98eafa668142245c02e33bb000026bf40163b71821ab9241a9

Download Submit
memory/684-3037-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/684-77-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/952-895-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/952-75-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-990-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-101-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-407-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1916-381-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-40-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-53-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-42-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-65-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-6-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1916-19-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-29-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1916-34-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1916-20-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-106-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-71-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-0-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1916-434-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-72-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-79-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1916-97-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-784-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2052-74-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2052-46-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2660-88-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-266-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-970-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-516-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2736-12-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2736-35-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2796-508-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2796-39-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2796-15-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2820-68-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-627-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-44-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-594-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2920-30-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2936-95-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2936-342-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1025-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2980-47-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-509-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-22-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-83-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2988-220-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2988-968-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3052-893-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/3052-55-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/3068-894-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3068-63-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download