cobaltstrike | 5786cf2eb04350f1be597e6c117e5eb6f091dad173f83d07f736588546b166af

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5ddce92addb1f691b66e71e462bfc260
SHA1

4c499fbc0999e27a62b2bf02cae75bb058ae713f
SHA256

5786cf2eb04350f1be597e6c117e5eb6f091dad173f83d07f736588546b166af
SHA512

c2091874e3f428bb9340787109f298117ed8626b3067f4bf7ccb4809265174dfc594dfecb49ea573feb0f97097eef298e0cbc62f313e7626ce15163898247d90
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194e6-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-105.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019429-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-42.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-3.dat	xmrig
behavioral1/memory/1728-11-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000019490-10.dat	xmrig
behavioral1/files/0x00060000000194e4-30.dat	xmrig
behavioral1/files/0x00070000000194e6-35.dat	xmrig
behavioral1/files/0x000500000001a4a5-46.dat	xmrig
behavioral1/files/0x000500000001a4af-58.dat	xmrig
behavioral1/memory/1952-92-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b3-100.dat	xmrig
behavioral1/files/0x000500000001a4bd-121.dat	xmrig
behavioral1/memory/2924-509-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2780-525-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2668-524-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/3068-523-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2800-510-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/788-507-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2152-506-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2368-431-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1728-355-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1952-752-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1704-190-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4d4-165.dat	xmrig
behavioral1/files/0x000500000001a4d1-160.dat	xmrig
behavioral1/files/0x000500000001a4cf-156.dat	xmrig
behavioral1/files/0x000500000001a4cd-153.dat	xmrig
behavioral1/files/0x000500000001a4cb-148.dat	xmrig
behavioral1/files/0x000500000001a4c9-145.dat	xmrig
behavioral1/files/0x000500000001a4c7-140.dat	xmrig
behavioral1/files/0x000500000001a4c5-137.dat	xmrig
behavioral1/files/0x000500000001a4c3-132.dat	xmrig
behavioral1/files/0x000500000001a4c1-129.dat	xmrig
behavioral1/files/0x000500000001a4bf-124.dat	xmrig
behavioral1/files/0x000500000001a4bb-116.dat	xmrig
behavioral1/files/0x000500000001a4b9-113.dat	xmrig
behavioral1/files/0x000500000001a4b7-108.dat	xmrig
behavioral1/files/0x000500000001a4b5-105.dat	xmrig
behavioral1/files/0x0008000000019429-97.dat	xmrig
behavioral1/files/0x000500000001a4b1-91.dat	xmrig
behavioral1/memory/1704-86-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2780-85-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1704-84-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2668-83-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2680-81-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1704-80-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/3068-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1704-78-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2652-77-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2800-75-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2928-73-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1704-72-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2924-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2496-69-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/788-67-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2152-60-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ad-55.dat	xmrig
behavioral1/files/0x000500000001a4ab-50.dat	xmrig
behavioral1/files/0x000500000001a495-42.dat	xmrig
behavioral1/files/0x0007000000019551-39.dat	xmrig
behavioral1/files/0x00060000000194da-27.dat	xmrig
behavioral1/files/0x000700000001949d-12.dat	xmrig
behavioral1/files/0x00060000000194d0-22.dat	xmrig
behavioral1/memory/2368-21-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1728-3786-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1728	uIbTGzx.exe
2368	oBcXKnu.exe
2152	nciGyKc.exe
788	wCXzTRe.exe
2496	KmkFwOH.exe
2924	jSrbNcr.exe
2928	HTuEbUv.exe
2800	nyGhTrW.exe
2652	rWBKthj.exe
3068	vWVDxki.exe
2680	ayDpjUn.exe
2668	ySUMpzB.exe
2780	gRkfGQP.exe
1952	TrCAtez.exe
1936	vvGarzo.exe
2856	fzDrMff.exe
1632	RrqnEiV.exe
1932	kjizZFv.exe
2836	EmgGnND.exe
1360	DfIWBee.exe
1912	vHlauIL.exe
1176	TCvIljc.exe
2980	GKQEffL.exe
2732	VjcVMDm.exe
2996	lzTPKaU.exe
1168	AemxcME.exe
2396	AIuODQe.exe
2024	sxldLoR.exe
2092	vzHhgNm.exe
844	JFSZZjt.exe
2468	sjTPvOE.exe
2268	DyjutTW.exe
1892	XFJSKlC.exe
1820	RFIoPOC.exe
1288	fSucTnw.exe
1172	fZzJoRB.exe
1920	XiSLqbf.exe
1624	bsjDoFq.exe
1904	OyYOPcr.exe
1116	QEjmJdZ.exe
684	bdRkvyt.exe
2044	kBfAUnN.exe
1468	curdufP.exe
1256	njfquRG.exe
1252	SehJRHn.exe
2624	rmpNJDX.exe
1476	Jgxprbr.exe
1764	oFqhtYI.exe
2260	yBKRAQW.exe
1408	PHRtSSi.exe
2080	EjdkThB.exe
2256	lmOjdqp.exe
2512	vwcqvoJ.exe
2392	YFjIVYZ.exe
996	nWCMQBg.exe
1528	WIHrubg.exe
1844	dEdyPzF.exe
2296	MFFPUyU.exe
1868	gwuXzZL.exe
2304	EUCACfu.exe
1572	xLBnvpg.exe
2544	vsuUHeQ.exe
1300	flBCAWB.exe
3056	bxzaRjh.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000c000000012263-3.dat	upx
behavioral1/memory/1728-11-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000019490-10.dat	upx
behavioral1/files/0x00060000000194e4-30.dat	upx
behavioral1/files/0x00070000000194e6-35.dat	upx
behavioral1/files/0x000500000001a4a5-46.dat	upx
behavioral1/files/0x000500000001a4af-58.dat	upx
behavioral1/memory/1952-92-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a4b3-100.dat	upx
behavioral1/files/0x000500000001a4bd-121.dat	upx
behavioral1/memory/2924-509-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2780-525-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2668-524-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/3068-523-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2800-510-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/788-507-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2152-506-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2368-431-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1728-355-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1952-752-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1704-190-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001a4d4-165.dat	upx
behavioral1/files/0x000500000001a4d1-160.dat	upx
behavioral1/files/0x000500000001a4cf-156.dat	upx
behavioral1/files/0x000500000001a4cd-153.dat	upx
behavioral1/files/0x000500000001a4cb-148.dat	upx
behavioral1/files/0x000500000001a4c9-145.dat	upx
behavioral1/files/0x000500000001a4c7-140.dat	upx
behavioral1/files/0x000500000001a4c5-137.dat	upx
behavioral1/files/0x000500000001a4c3-132.dat	upx
behavioral1/files/0x000500000001a4c1-129.dat	upx
behavioral1/files/0x000500000001a4bf-124.dat	upx
behavioral1/files/0x000500000001a4bb-116.dat	upx
behavioral1/files/0x000500000001a4b9-113.dat	upx
behavioral1/files/0x000500000001a4b7-108.dat	upx
behavioral1/files/0x000500000001a4b5-105.dat	upx
behavioral1/files/0x0008000000019429-97.dat	upx
behavioral1/files/0x000500000001a4b1-91.dat	upx
behavioral1/memory/2780-85-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2668-83-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2680-81-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/3068-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2652-77-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2800-75-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2928-73-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2924-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2496-69-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/788-67-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2152-60-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x000500000001a4ad-55.dat	upx
behavioral1/files/0x000500000001a4ab-50.dat	upx
behavioral1/files/0x000500000001a495-42.dat	upx
behavioral1/files/0x0007000000019551-39.dat	upx
behavioral1/files/0x00060000000194da-27.dat	upx
behavioral1/files/0x000700000001949d-12.dat	upx
behavioral1/files/0x00060000000194d0-22.dat	upx
behavioral1/memory/2368-21-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1728-3786-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2680-3853-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2652-3848-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2928-3854-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/3068-3856-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2152-3857-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hKTBMsZ.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqJkGvQ.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDuAGhH.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njfquRG.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFqhtYI.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqJCksB.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNyGHCk.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLhhThg.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDhhIbL.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTzecMv.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMrVGrf.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OePdSRr.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLdcdyC.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfwUpxf.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUKcEph.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxGgwQq.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIkdwzX.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcpiRva.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htBrVcS.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUkjSOk.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miNjtkS.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjiuoZB.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYMcviC.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usyKBZF.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKPsRzT.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agQyOLl.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqSHfGH.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwhnDRb.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLRJURI.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVJDFaz.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqWiiPr.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyYOPcr.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHrFYLJ.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvcGlON.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLaRYjT.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTHeLdC.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDuQaLm.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayFlQeG.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvYhNiy.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPknAek.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGJXbty.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovVUWUJ.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nciGyKc.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEJyFwD.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inwtkMF.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGXTTLf.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaPXeBN.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyvPHwU.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNhrrZI.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKFyvdQ.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdervVu.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiwLEKT.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woPpTDm.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlWGEtE.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkfnZtt.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owRJRzS.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyfKMgG.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gueonAY.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBrfyxM.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXnvKtP.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhBroMm.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utzaSSu.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYtfMhr.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfKkJON.exe	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2368	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2368	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2368	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 1728	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 1728	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 1728	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 788	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 788	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 788	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2152	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2152	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2152	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2496	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2496	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2496	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2924	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2924	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2924	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2928	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2928	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2928	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2800	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2800	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2800	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2652	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2652	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2652	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 3068	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 3068	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 3068	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2680	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2680	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2680	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2668	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2668	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2668	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2780	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2780	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2780	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 1952	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 1952	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 1952	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 1936	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 1936	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 1936	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2856	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 2856	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 2856	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 1632	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1632	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1632	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1932	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1932	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1932	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 2836	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 2836	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 2836	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1360	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1360	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1360	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1912	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1704 wrote to memory of 1912	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1704 wrote to memory of 1912	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1704 wrote to memory of 1176	1704	2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_5ddce92addb1f691b66e71e462bfc260_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\System\oBcXKnu.exe
  C:\Windows\System\oBcXKnu.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\uIbTGzx.exe
  C:\Windows\System\uIbTGzx.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\wCXzTRe.exe
  C:\Windows\System\wCXzTRe.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\nciGyKc.exe
  C:\Windows\System\nciGyKc.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\KmkFwOH.exe
  C:\Windows\System\KmkFwOH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\jSrbNcr.exe
  C:\Windows\System\jSrbNcr.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\HTuEbUv.exe
  C:\Windows\System\HTuEbUv.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\nyGhTrW.exe
  C:\Windows\System\nyGhTrW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\rWBKthj.exe
  C:\Windows\System\rWBKthj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\vWVDxki.exe
  C:\Windows\System\vWVDxki.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\ayDpjUn.exe
  C:\Windows\System\ayDpjUn.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ySUMpzB.exe
  C:\Windows\System\ySUMpzB.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\gRkfGQP.exe
  C:\Windows\System\gRkfGQP.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\TrCAtez.exe
  C:\Windows\System\TrCAtez.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\vvGarzo.exe
  C:\Windows\System\vvGarzo.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\fzDrMff.exe
  C:\Windows\System\fzDrMff.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\RrqnEiV.exe
  C:\Windows\System\RrqnEiV.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\kjizZFv.exe
  C:\Windows\System\kjizZFv.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\EmgGnND.exe
  C:\Windows\System\EmgGnND.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\DfIWBee.exe
  C:\Windows\System\DfIWBee.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\vHlauIL.exe
  C:\Windows\System\vHlauIL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\TCvIljc.exe
  C:\Windows\System\TCvIljc.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\GKQEffL.exe
  C:\Windows\System\GKQEffL.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VjcVMDm.exe
  C:\Windows\System\VjcVMDm.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\lzTPKaU.exe
  C:\Windows\System\lzTPKaU.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\AemxcME.exe
  C:\Windows\System\AemxcME.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\AIuODQe.exe
  C:\Windows\System\AIuODQe.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\sxldLoR.exe
  C:\Windows\System\sxldLoR.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\vzHhgNm.exe
  C:\Windows\System\vzHhgNm.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\JFSZZjt.exe
  C:\Windows\System\JFSZZjt.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\sjTPvOE.exe
  C:\Windows\System\sjTPvOE.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\DyjutTW.exe
  C:\Windows\System\DyjutTW.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\XFJSKlC.exe
  C:\Windows\System\XFJSKlC.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\RFIoPOC.exe
  C:\Windows\System\RFIoPOC.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\fSucTnw.exe
  C:\Windows\System\fSucTnw.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\fZzJoRB.exe
  C:\Windows\System\fZzJoRB.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\XiSLqbf.exe
  C:\Windows\System\XiSLqbf.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\bsjDoFq.exe
  C:\Windows\System\bsjDoFq.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\OyYOPcr.exe
  C:\Windows\System\OyYOPcr.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\QEjmJdZ.exe
  C:\Windows\System\QEjmJdZ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\bdRkvyt.exe
  C:\Windows\System\bdRkvyt.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\kBfAUnN.exe
  C:\Windows\System\kBfAUnN.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\curdufP.exe
  C:\Windows\System\curdufP.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\njfquRG.exe
  C:\Windows\System\njfquRG.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\SehJRHn.exe
  C:\Windows\System\SehJRHn.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\rmpNJDX.exe
  C:\Windows\System\rmpNJDX.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\Jgxprbr.exe
  C:\Windows\System\Jgxprbr.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\oFqhtYI.exe
  C:\Windows\System\oFqhtYI.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\yBKRAQW.exe
  C:\Windows\System\yBKRAQW.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\PHRtSSi.exe
  C:\Windows\System\PHRtSSi.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\EjdkThB.exe
  C:\Windows\System\EjdkThB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\lmOjdqp.exe
  C:\Windows\System\lmOjdqp.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\vwcqvoJ.exe
  C:\Windows\System\vwcqvoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\YFjIVYZ.exe
  C:\Windows\System\YFjIVYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\nWCMQBg.exe
  C:\Windows\System\nWCMQBg.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\WIHrubg.exe
  C:\Windows\System\WIHrubg.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\dEdyPzF.exe
  C:\Windows\System\dEdyPzF.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\MFFPUyU.exe
  C:\Windows\System\MFFPUyU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\gwuXzZL.exe
  C:\Windows\System\gwuXzZL.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\EUCACfu.exe
  C:\Windows\System\EUCACfu.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\xLBnvpg.exe
  C:\Windows\System\xLBnvpg.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\vsuUHeQ.exe
  C:\Windows\System\vsuUHeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\flBCAWB.exe
  C:\Windows\System\flBCAWB.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\bxzaRjh.exe
  C:\Windows\System\bxzaRjh.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\axTdwIV.exe
  C:\Windows\System\axTdwIV.exe
  2⤵
  PID:3000
- C:\Windows\System\ySlrXDo.exe
  C:\Windows\System\ySlrXDo.exe
  2⤵
  PID:2332
- C:\Windows\System\LaFqXSp.exe
  C:\Windows\System\LaFqXSp.exe
  2⤵
  PID:1856
- C:\Windows\System\CAJdXEK.exe
  C:\Windows\System\CAJdXEK.exe
  2⤵
  PID:2684
- C:\Windows\System\pFTmjUQ.exe
  C:\Windows\System\pFTmjUQ.exe
  2⤵
  PID:1640
- C:\Windows\System\OKJPxrZ.exe
  C:\Windows\System\OKJPxrZ.exe
  2⤵
  PID:2280
- C:\Windows\System\HsuYkPx.exe
  C:\Windows\System\HsuYkPx.exe
  2⤵
  PID:2756
- C:\Windows\System\dXaMhuM.exe
  C:\Windows\System\dXaMhuM.exe
  2⤵
  PID:836
- C:\Windows\System\vGmgADi.exe
  C:\Windows\System\vGmgADi.exe
  2⤵
  PID:2376
- C:\Windows\System\UBOAPoG.exe
  C:\Windows\System\UBOAPoG.exe
  2⤵
  PID:1368
- C:\Windows\System\uFhdCtn.exe
  C:\Windows\System\uFhdCtn.exe
  2⤵
  PID:1396
- C:\Windows\System\aeuMjXa.exe
  C:\Windows\System\aeuMjXa.exe
  2⤵
  PID:3048
- C:\Windows\System\CSmEUFQ.exe
  C:\Windows\System\CSmEUFQ.exe
  2⤵
  PID:580
- C:\Windows\System\TpGDYxQ.exe
  C:\Windows\System\TpGDYxQ.exe
  2⤵
  PID:1112
- C:\Windows\System\bqSHfGH.exe
  C:\Windows\System\bqSHfGH.exe
  2⤵
  PID:1352
- C:\Windows\System\ntFJDNY.exe
  C:\Windows\System\ntFJDNY.exe
  2⤵
  PID:704
- C:\Windows\System\ntOzUYk.exe
  C:\Windows\System\ntOzUYk.exe
  2⤵
  PID:1304
- C:\Windows\System\SCMuMyl.exe
  C:\Windows\System\SCMuMyl.exe
  2⤵
  PID:1776
- C:\Windows\System\kWlhphT.exe
  C:\Windows\System\kWlhphT.exe
  2⤵
  PID:2336
- C:\Windows\System\senyHLi.exe
  C:\Windows\System\senyHLi.exe
  2⤵
  PID:2100
- C:\Windows\System\GagwlSK.exe
  C:\Windows\System\GagwlSK.exe
  2⤵
  PID:1664
- C:\Windows\System\OTzCzLn.exe
  C:\Windows\System\OTzCzLn.exe
  2⤵
  PID:980
- C:\Windows\System\nuqDIBK.exe
  C:\Windows\System\nuqDIBK.exe
  2⤵
  PID:524
- C:\Windows\System\xxuPDvj.exe
  C:\Windows\System\xxuPDvj.exe
  2⤵
  PID:2440
- C:\Windows\System\GoEgZeh.exe
  C:\Windows\System\GoEgZeh.exe
  2⤵
  PID:2436
- C:\Windows\System\YzNZQzA.exe
  C:\Windows\System\YzNZQzA.exe
  2⤵
  PID:1628
- C:\Windows\System\LmuKssq.exe
  C:\Windows\System\LmuKssq.exe
  2⤵
  PID:600
- C:\Windows\System\BDhhIbL.exe
  C:\Windows\System\BDhhIbL.exe
  2⤵
  PID:1600
- C:\Windows\System\DZBlbAW.exe
  C:\Windows\System\DZBlbAW.exe
  2⤵
  PID:872
- C:\Windows\System\CqJCksB.exe
  C:\Windows\System\CqJCksB.exe
  2⤵
  PID:1488
- C:\Windows\System\EuFbyKp.exe
  C:\Windows\System\EuFbyKp.exe
  2⤵
  PID:2548
- C:\Windows\System\kUtSVKN.exe
  C:\Windows\System\kUtSVKN.exe
  2⤵
  PID:2568
- C:\Windows\System\PNyGHCk.exe
  C:\Windows\System\PNyGHCk.exe
  2⤵
  PID:2192
- C:\Windows\System\EkNQIUF.exe
  C:\Windows\System\EkNQIUF.exe
  2⤵
  PID:2812
- C:\Windows\System\BbMiqxv.exe
  C:\Windows\System\BbMiqxv.exe
  2⤵
  PID:3032
- C:\Windows\System\UkAmgMe.exe
  C:\Windows\System\UkAmgMe.exe
  2⤵
  PID:2300
- C:\Windows\System\uQPgbsi.exe
  C:\Windows\System\uQPgbsi.exe
  2⤵
  PID:2984
- C:\Windows\System\YcHBaEE.exe
  C:\Windows\System\YcHBaEE.exe
  2⤵
  PID:1944
- C:\Windows\System\yFARdGe.exe
  C:\Windows\System\yFARdGe.exe
  2⤵
  PID:2120
- C:\Windows\System\sNbIOGX.exe
  C:\Windows\System\sNbIOGX.exe
  2⤵
  PID:1216
- C:\Windows\System\eyqaqOB.exe
  C:\Windows\System\eyqaqOB.exe
  2⤵
  PID:1280
- C:\Windows\System\SiKqryn.exe
  C:\Windows\System\SiKqryn.exe
  2⤵
  PID:1616
- C:\Windows\System\wguaqXh.exe
  C:\Windows\System\wguaqXh.exe
  2⤵
  PID:768
- C:\Windows\System\rRYPgVg.exe
  C:\Windows\System\rRYPgVg.exe
  2⤵
  PID:2008
- C:\Windows\System\XzyFqtD.exe
  C:\Windows\System\XzyFqtD.exe
  2⤵
  PID:1044
- C:\Windows\System\miNjtkS.exe
  C:\Windows\System\miNjtkS.exe
  2⤵
  PID:2592
- C:\Windows\System\qerIiKC.exe
  C:\Windows\System\qerIiKC.exe
  2⤵
  PID:3060
- C:\Windows\System\QRRMuBU.exe
  C:\Windows\System\QRRMuBU.exe
  2⤵
  PID:1520
- C:\Windows\System\pWZXHeU.exe
  C:\Windows\System\pWZXHeU.exe
  2⤵
  PID:3044
- C:\Windows\System\caqeots.exe
  C:\Windows\System\caqeots.exe
  2⤵
  PID:2272
- C:\Windows\System\XHyWJHJ.exe
  C:\Windows\System\XHyWJHJ.exe
  2⤵
  PID:1712
- C:\Windows\System\IMEIoLY.exe
  C:\Windows\System\IMEIoLY.exe
  2⤵
  PID:2012
- C:\Windows\System\wiEsDtC.exe
  C:\Windows\System\wiEsDtC.exe
  2⤵
  PID:820
- C:\Windows\System\FGVPFMz.exe
  C:\Windows\System\FGVPFMz.exe
  2⤵
  PID:2508
- C:\Windows\System\EesPtFR.exe
  C:\Windows\System\EesPtFR.exe
  2⤵
  PID:1612
- C:\Windows\System\pKEUMxV.exe
  C:\Windows\System\pKEUMxV.exe
  2⤵
  PID:2016
- C:\Windows\System\NPyGeJv.exe
  C:\Windows\System\NPyGeJv.exe
  2⤵
  PID:3008
- C:\Windows\System\RhRgeka.exe
  C:\Windows\System\RhRgeka.exe
  2⤵
  PID:3088
- C:\Windows\System\QgSohlB.exe
  C:\Windows\System\QgSohlB.exe
  2⤵
  PID:3104
- C:\Windows\System\lsjPTlt.exe
  C:\Windows\System\lsjPTlt.exe
  2⤵
  PID:3120
- C:\Windows\System\URvRlps.exe
  C:\Windows\System\URvRlps.exe
  2⤵
  PID:3136
- C:\Windows\System\rOUtSqo.exe
  C:\Windows\System\rOUtSqo.exe
  2⤵
  PID:3152
- C:\Windows\System\QoSENus.exe
  C:\Windows\System\QoSENus.exe
  2⤵
  PID:3172
- C:\Windows\System\xFWnjli.exe
  C:\Windows\System\xFWnjli.exe
  2⤵
  PID:3188
- C:\Windows\System\bdervVu.exe
  C:\Windows\System\bdervVu.exe
  2⤵
  PID:3204
- C:\Windows\System\DxMBkZr.exe
  C:\Windows\System\DxMBkZr.exe
  2⤵
  PID:3220
- C:\Windows\System\cIGjhlU.exe
  C:\Windows\System\cIGjhlU.exe
  2⤵
  PID:3236
- C:\Windows\System\ATNcJTB.exe
  C:\Windows\System\ATNcJTB.exe
  2⤵
  PID:3252
- C:\Windows\System\cJJElrx.exe
  C:\Windows\System\cJJElrx.exe
  2⤵
  PID:3268
- C:\Windows\System\UJbrVyq.exe
  C:\Windows\System\UJbrVyq.exe
  2⤵
  PID:3284
- C:\Windows\System\GRebOPZ.exe
  C:\Windows\System\GRebOPZ.exe
  2⤵
  PID:3300
- C:\Windows\System\btJgeMv.exe
  C:\Windows\System\btJgeMv.exe
  2⤵
  PID:3316
- C:\Windows\System\FAcxUSj.exe
  C:\Windows\System\FAcxUSj.exe
  2⤵
  PID:3332
- C:\Windows\System\epemUKP.exe
  C:\Windows\System\epemUKP.exe
  2⤵
  PID:3348
- C:\Windows\System\PtmDdtf.exe
  C:\Windows\System\PtmDdtf.exe
  2⤵
  PID:3364
- C:\Windows\System\GCbhJhR.exe
  C:\Windows\System\GCbhJhR.exe
  2⤵
  PID:3380
- C:\Windows\System\VkGrZdl.exe
  C:\Windows\System\VkGrZdl.exe
  2⤵
  PID:3396
- C:\Windows\System\GHyBhNA.exe
  C:\Windows\System\GHyBhNA.exe
  2⤵
  PID:3412
- C:\Windows\System\iLzQAhV.exe
  C:\Windows\System\iLzQAhV.exe
  2⤵
  PID:3428
- C:\Windows\System\ITZhCKi.exe
  C:\Windows\System\ITZhCKi.exe
  2⤵
  PID:3444
- C:\Windows\System\khnnSGy.exe
  C:\Windows\System\khnnSGy.exe
  2⤵
  PID:3460
- C:\Windows\System\pNxmunj.exe
  C:\Windows\System\pNxmunj.exe
  2⤵
  PID:3476
- C:\Windows\System\FSEmTcv.exe
  C:\Windows\System\FSEmTcv.exe
  2⤵
  PID:3492
- C:\Windows\System\gTfFtJw.exe
  C:\Windows\System\gTfFtJw.exe
  2⤵
  PID:3508
- C:\Windows\System\vqRLnqq.exe
  C:\Windows\System\vqRLnqq.exe
  2⤵
  PID:3524
- C:\Windows\System\wLLwerl.exe
  C:\Windows\System\wLLwerl.exe
  2⤵
  PID:3540
- C:\Windows\System\YwtRlvY.exe
  C:\Windows\System\YwtRlvY.exe
  2⤵
  PID:3556
- C:\Windows\System\OglWtPh.exe
  C:\Windows\System\OglWtPh.exe
  2⤵
  PID:3572
- C:\Windows\System\hIkdwzX.exe
  C:\Windows\System\hIkdwzX.exe
  2⤵
  PID:3588
- C:\Windows\System\VFLLnUF.exe
  C:\Windows\System\VFLLnUF.exe
  2⤵
  PID:3604
- C:\Windows\System\nYDLMju.exe
  C:\Windows\System\nYDLMju.exe
  2⤵
  PID:3620
- C:\Windows\System\pMyQRTb.exe
  C:\Windows\System\pMyQRTb.exe
  2⤵
  PID:3636
- C:\Windows\System\kXyaFpy.exe
  C:\Windows\System\kXyaFpy.exe
  2⤵
  PID:3652
- C:\Windows\System\hVsYkSW.exe
  C:\Windows\System\hVsYkSW.exe
  2⤵
  PID:3668
- C:\Windows\System\DEsKxbb.exe
  C:\Windows\System\DEsKxbb.exe
  2⤵
  PID:3684
- C:\Windows\System\quZUncI.exe
  C:\Windows\System\quZUncI.exe
  2⤵
  PID:3700
- C:\Windows\System\mEjBcww.exe
  C:\Windows\System\mEjBcww.exe
  2⤵
  PID:3716
- C:\Windows\System\XacNMcM.exe
  C:\Windows\System\XacNMcM.exe
  2⤵
  PID:3732
- C:\Windows\System\kxfxIpT.exe
  C:\Windows\System\kxfxIpT.exe
  2⤵
  PID:3748
- C:\Windows\System\nqCbcLs.exe
  C:\Windows\System\nqCbcLs.exe
  2⤵
  PID:3772
- C:\Windows\System\PqZrSXq.exe
  C:\Windows\System\PqZrSXq.exe
  2⤵
  PID:3788
- C:\Windows\System\TqTiKAk.exe
  C:\Windows\System\TqTiKAk.exe
  2⤵
  PID:3804
- C:\Windows\System\xTMFPEX.exe
  C:\Windows\System\xTMFPEX.exe
  2⤵
  PID:3820
- C:\Windows\System\FjhkHJq.exe
  C:\Windows\System\FjhkHJq.exe
  2⤵
  PID:3836
- C:\Windows\System\gqETLHn.exe
  C:\Windows\System\gqETLHn.exe
  2⤵
  PID:3852
- C:\Windows\System\ENDZOEd.exe
  C:\Windows\System\ENDZOEd.exe
  2⤵
  PID:3868
- C:\Windows\System\NqzRaTz.exe
  C:\Windows\System\NqzRaTz.exe
  2⤵
  PID:3888
- C:\Windows\System\mVKfjIY.exe
  C:\Windows\System\mVKfjIY.exe
  2⤵
  PID:3904
- C:\Windows\System\QZlafuw.exe
  C:\Windows\System\QZlafuw.exe
  2⤵
  PID:3920
- C:\Windows\System\Vspxmqb.exe
  C:\Windows\System\Vspxmqb.exe
  2⤵
  PID:3936
- C:\Windows\System\zayHxqH.exe
  C:\Windows\System\zayHxqH.exe
  2⤵
  PID:3952
- C:\Windows\System\meHxnlr.exe
  C:\Windows\System\meHxnlr.exe
  2⤵
  PID:3968
- C:\Windows\System\ApspHgZ.exe
  C:\Windows\System\ApspHgZ.exe
  2⤵
  PID:3984
- C:\Windows\System\KCFOdbW.exe
  C:\Windows\System\KCFOdbW.exe
  2⤵
  PID:4000
- C:\Windows\System\CQoyunx.exe
  C:\Windows\System\CQoyunx.exe
  2⤵
  PID:4016
- C:\Windows\System\lohQKVV.exe
  C:\Windows\System\lohQKVV.exe
  2⤵
  PID:4032
- C:\Windows\System\JAOhrNg.exe
  C:\Windows\System\JAOhrNg.exe
  2⤵
  PID:4048
- C:\Windows\System\ohbHyxE.exe
  C:\Windows\System\ohbHyxE.exe
  2⤵
  PID:4064
- C:\Windows\System\zmLtXeP.exe
  C:\Windows\System\zmLtXeP.exe
  2⤵
  PID:4080
- C:\Windows\System\IByOGBP.exe
  C:\Windows\System\IByOGBP.exe
  2⤵
  PID:1592
- C:\Windows\System\UcHXCgC.exe
  C:\Windows\System\UcHXCgC.exe
  2⤵
  PID:2492
- C:\Windows\System\yJfWCQJ.exe
  C:\Windows\System\yJfWCQJ.exe
  2⤵
  PID:1564
- C:\Windows\System\FFhOvff.exe
  C:\Windows\System\FFhOvff.exe
  2⤵
  PID:2748
- C:\Windows\System\liLamTv.exe
  C:\Windows\System\liLamTv.exe
  2⤵
  PID:3100
- C:\Windows\System\QYSZGsQ.exe
  C:\Windows\System\QYSZGsQ.exe
  2⤵
  PID:3132
- C:\Windows\System\CqXmCar.exe
  C:\Windows\System\CqXmCar.exe
  2⤵
  PID:3160
- C:\Windows\System\oNGVqTK.exe
  C:\Windows\System\oNGVqTK.exe
  2⤵
  PID:3196
- C:\Windows\System\cOTRLir.exe
  C:\Windows\System\cOTRLir.exe
  2⤵
  PID:3228
- C:\Windows\System\nzlYXvp.exe
  C:\Windows\System\nzlYXvp.exe
  2⤵
  PID:3260
- C:\Windows\System\ZYytUDL.exe
  C:\Windows\System\ZYytUDL.exe
  2⤵
  PID:3292
- C:\Windows\System\VOlVXuT.exe
  C:\Windows\System\VOlVXuT.exe
  2⤵
  PID:3324
- C:\Windows\System\xkwrtCj.exe
  C:\Windows\System\xkwrtCj.exe
  2⤵
  PID:3360
- C:\Windows\System\VtILiCP.exe
  C:\Windows\System\VtILiCP.exe
  2⤵
  PID:3388
- C:\Windows\System\FDpqHqx.exe
  C:\Windows\System\FDpqHqx.exe
  2⤵
  PID:3420
- C:\Windows\System\tEJyFwD.exe
  C:\Windows\System\tEJyFwD.exe
  2⤵
  PID:3452
- C:\Windows\System\PnyPuYd.exe
  C:\Windows\System\PnyPuYd.exe
  2⤵
  PID:3472
- C:\Windows\System\PlKOdlC.exe
  C:\Windows\System\PlKOdlC.exe
  2⤵
  PID:3644
- C:\Windows\System\FBguwvj.exe
  C:\Windows\System\FBguwvj.exe
  2⤵
  PID:3708
- C:\Windows\System\YKMzWcj.exe
  C:\Windows\System\YKMzWcj.exe
  2⤵
  PID:3488
- C:\Windows\System\owRJRzS.exe
  C:\Windows\System\owRJRzS.exe
  2⤵
  PID:3596
- C:\Windows\System\RmgDpgy.exe
  C:\Windows\System\RmgDpgy.exe
  2⤵
  PID:2480
- C:\Windows\System\jfmDCdX.exe
  C:\Windows\System\jfmDCdX.exe
  2⤵
  PID:1196
- C:\Windows\System\AzPFidl.exe
  C:\Windows\System\AzPFidl.exe
  2⤵
  PID:2952
- C:\Windows\System\KiwLEKT.exe
  C:\Windows\System\KiwLEKT.exe
  2⤵
  PID:2380
- C:\Windows\System\UHgSgVd.exe
  C:\Windows\System\UHgSgVd.exe
  2⤵
  PID:1608
- C:\Windows\System\euLhKad.exe
  C:\Windows\System\euLhKad.exe
  2⤵
  PID:2808
- C:\Windows\System\SLhhThg.exe
  C:\Windows\System\SLhhThg.exe
  2⤵
  PID:2572
- C:\Windows\System\DHjXFoQ.exe
  C:\Windows\System\DHjXFoQ.exe
  2⤵
  PID:3760
- C:\Windows\System\FrcMgZd.exe
  C:\Windows\System\FrcMgZd.exe
  2⤵
  PID:3844
- C:\Windows\System\xhLNGlE.exe
  C:\Windows\System\xhLNGlE.exe
  2⤵
  PID:2944
- C:\Windows\System\bAIjvWT.exe
  C:\Windows\System\bAIjvWT.exe
  2⤵
  PID:2788
- C:\Windows\System\YXnvKtP.exe
  C:\Windows\System\YXnvKtP.exe
  2⤵
  PID:2528
- C:\Windows\System\szdRQAU.exe
  C:\Windows\System\szdRQAU.exe
  2⤵
  PID:2328
- C:\Windows\System\YoyqcsJ.exe
  C:\Windows\System\YoyqcsJ.exe
  2⤵
  PID:3280
- C:\Windows\System\kLXbfUr.exe
  C:\Windows\System\kLXbfUr.exe
  2⤵
  PID:3356
- C:\Windows\System\kUfrdTm.exe
  C:\Windows\System\kUfrdTm.exe
  2⤵
  PID:3116
- C:\Windows\System\LLdcdyC.exe
  C:\Windows\System\LLdcdyC.exe
  2⤵
  PID:3344
- C:\Windows\System\oujhNJS.exe
  C:\Windows\System\oujhNJS.exe
  2⤵
  PID:3372
- C:\Windows\System\dJekpcA.exe
  C:\Windows\System\dJekpcA.exe
  2⤵
  PID:3504
- C:\Windows\System\eZPHJkE.exe
  C:\Windows\System\eZPHJkE.exe
  2⤵
  PID:2908
- C:\Windows\System\vZYwfeG.exe
  C:\Windows\System\vZYwfeG.exe
  2⤵
  PID:3404
- C:\Windows\System\EisfwfP.exe
  C:\Windows\System\EisfwfP.exe
  2⤵
  PID:2900
- C:\Windows\System\MnVjdIi.exe
  C:\Windows\System\MnVjdIi.exe
  2⤵
  PID:1772
- C:\Windows\System\GOgDymV.exe
  C:\Windows\System\GOgDymV.exe
  2⤵
  PID:3616
- C:\Windows\System\QsewhUJ.exe
  C:\Windows\System\QsewhUJ.exe
  2⤵
  PID:3696
- C:\Windows\System\OXnrGFa.exe
  C:\Windows\System\OXnrGFa.exe
  2⤵
  PID:2744
- C:\Windows\System\rXjIXHu.exe
  C:\Windows\System\rXjIXHu.exe
  2⤵
  PID:2976
- C:\Windows\System\MVxZLqV.exe
  C:\Windows\System\MVxZLqV.exe
  2⤵
  PID:2876
- C:\Windows\System\akWwNsz.exe
  C:\Windows\System\akWwNsz.exe
  2⤵
  PID:2312
- C:\Windows\System\EXeNrsU.exe
  C:\Windows\System\EXeNrsU.exe
  2⤵
  PID:2616
- C:\Windows\System\IJHCZht.exe
  C:\Windows\System\IJHCZht.exe
  2⤵
  PID:2632
- C:\Windows\System\IQACQlq.exe
  C:\Windows\System\IQACQlq.exe
  2⤵
  PID:3744
- C:\Windows\System\fjuJqai.exe
  C:\Windows\System\fjuJqai.exe
  2⤵
  PID:3020
- C:\Windows\System\ChFHVhq.exe
  C:\Windows\System\ChFHVhq.exe
  2⤵
  PID:3812
- C:\Windows\System\vecqaDO.exe
  C:\Windows\System\vecqaDO.exe
  2⤵
  PID:3832
- C:\Windows\System\lXKYnQK.exe
  C:\Windows\System\lXKYnQK.exe
  2⤵
  PID:2540
- C:\Windows\System\tTzecMv.exe
  C:\Windows\System\tTzecMv.exe
  2⤵
  PID:3884
- C:\Windows\System\BfjbSHV.exe
  C:\Windows\System\BfjbSHV.exe
  2⤵
  PID:3912
- C:\Windows\System\OlovOqS.exe
  C:\Windows\System\OlovOqS.exe
  2⤵
  PID:3916
- C:\Windows\System\WgzdYYo.exe
  C:\Windows\System\WgzdYYo.exe
  2⤵
  PID:3500
- C:\Windows\System\sTazibJ.exe
  C:\Windows\System\sTazibJ.exe
  2⤵
  PID:1588
- C:\Windows\System\TTFGpzy.exe
  C:\Windows\System\TTFGpzy.exe
  2⤵
  PID:3948
- C:\Windows\System\qYaTuvc.exe
  C:\Windows\System\qYaTuvc.exe
  2⤵
  PID:3980
- C:\Windows\System\tFvpjwI.exe
  C:\Windows\System\tFvpjwI.exe
  2⤵
  PID:3996
- C:\Windows\System\CsgzTkw.exe
  C:\Windows\System\CsgzTkw.exe
  2⤵
  PID:4028
- C:\Windows\System\RuAeyLj.exe
  C:\Windows\System\RuAeyLj.exe
  2⤵
  PID:756
- C:\Windows\System\meqefgN.exe
  C:\Windows\System\meqefgN.exe
  2⤵
  PID:3264
- C:\Windows\System\nDINyRC.exe
  C:\Windows\System\nDINyRC.exe
  2⤵
  PID:4056
- C:\Windows\System\JwEHyms.exe
  C:\Windows\System\JwEHyms.exe
  2⤵
  PID:1620
- C:\Windows\System\AdKHMPP.exe
  C:\Windows\System\AdKHMPP.exe
  2⤵
  PID:2848
- C:\Windows\System\gxHNFFN.exe
  C:\Windows\System\gxHNFFN.exe
  2⤵
  PID:1244
- C:\Windows\System\goyNOJR.exe
  C:\Windows\System\goyNOJR.exe
  2⤵
  PID:2672
- C:\Windows\System\WjMNkBK.exe
  C:\Windows\System\WjMNkBK.exe
  2⤵
  PID:3392
- C:\Windows\System\oAuvYry.exe
  C:\Windows\System\oAuvYry.exe
  2⤵
  PID:1656
- C:\Windows\System\cctpkTT.exe
  C:\Windows\System\cctpkTT.exe
  2⤵
  PID:3692
- C:\Windows\System\CMEldOK.exe
  C:\Windows\System\CMEldOK.exe
  2⤵
  PID:3532
- C:\Windows\System\LaGdbvA.exe
  C:\Windows\System\LaGdbvA.exe
  2⤵
  PID:2792
- C:\Windows\System\GMrVGrf.exe
  C:\Windows\System\GMrVGrf.exe
  2⤵
  PID:2112
- C:\Windows\System\PtpBCSD.exe
  C:\Windows\System\PtpBCSD.exe
  2⤵
  PID:2852
- C:\Windows\System\smNfKno.exe
  C:\Windows\System\smNfKno.exe
  2⤵
  PID:1148
- C:\Windows\System\IkkfvVQ.exe
  C:\Windows\System\IkkfvVQ.exe
  2⤵
  PID:3848
- C:\Windows\System\xLAPAbk.exe
  C:\Windows\System\xLAPAbk.exe
  2⤵
  PID:3768
- C:\Windows\System\nzEZWBb.exe
  C:\Windows\System\nzEZWBb.exe
  2⤵
  PID:2420
- C:\Windows\System\yEnsOaR.exe
  C:\Windows\System\yEnsOaR.exe
  2⤵
  PID:1836
- C:\Windows\System\GhspoJv.exe
  C:\Windows\System\GhspoJv.exe
  2⤵
  PID:4024
- C:\Windows\System\gdqJdev.exe
  C:\Windows\System\gdqJdev.exe
  2⤵
  PID:1492
- C:\Windows\System\Kusehio.exe
  C:\Windows\System\Kusehio.exe
  2⤵
  PID:2888
- C:\Windows\System\BGlfJkV.exe
  C:\Windows\System\BGlfJkV.exe
  2⤵
  PID:2992
- C:\Windows\System\LACBgUr.exe
  C:\Windows\System\LACBgUr.exe
  2⤵
  PID:1460
- C:\Windows\System\bvkVisE.exe
  C:\Windows\System\bvkVisE.exe
  2⤵
  PID:3424
- C:\Windows\System\hlpJqJQ.exe
  C:\Windows\System\hlpJqJQ.exe
  2⤵
  PID:1964
- C:\Windows\System\GKWBiDC.exe
  C:\Windows\System\GKWBiDC.exe
  2⤵
  PID:1496
- C:\Windows\System\AkRrgjA.exe
  C:\Windows\System\AkRrgjA.exe
  2⤵
  PID:2948
- C:\Windows\System\pqrJrvi.exe
  C:\Windows\System\pqrJrvi.exe
  2⤵
  PID:3964
- C:\Windows\System\NHvVrat.exe
  C:\Windows\System\NHvVrat.exe
  2⤵
  PID:2740
- C:\Windows\System\Tfipbdc.exe
  C:\Windows\System\Tfipbdc.exe
  2⤵
  PID:4060
- C:\Windows\System\qcmMqOO.exe
  C:\Windows\System\qcmMqOO.exe
  2⤵
  PID:2308
- C:\Windows\System\DDUPSeu.exe
  C:\Windows\System\DDUPSeu.exe
  2⤵
  PID:3660
- C:\Windows\System\rGJPFov.exe
  C:\Windows\System\rGJPFov.exe
  2⤵
  PID:4088
- C:\Windows\System\feUZlET.exe
  C:\Windows\System\feUZlET.exe
  2⤵
  PID:1400
- C:\Windows\System\eflkFAa.exe
  C:\Windows\System\eflkFAa.exe
  2⤵
  PID:1692
- C:\Windows\System\SmSZfoD.exe
  C:\Windows\System\SmSZfoD.exe
  2⤵
  PID:3896
- C:\Windows\System\WUBfTKy.exe
  C:\Windows\System\WUBfTKy.exe
  2⤵
  PID:3876
- C:\Windows\System\CFnUqKn.exe
  C:\Windows\System\CFnUqKn.exe
  2⤵
  PID:4108
- C:\Windows\System\sZNLPsu.exe
  C:\Windows\System\sZNLPsu.exe
  2⤵
  PID:4124
- C:\Windows\System\WisfzcD.exe
  C:\Windows\System\WisfzcD.exe
  2⤵
  PID:4140
- C:\Windows\System\ZyhpmOi.exe
  C:\Windows\System\ZyhpmOi.exe
  2⤵
  PID:4156
- C:\Windows\System\UetYxHH.exe
  C:\Windows\System\UetYxHH.exe
  2⤵
  PID:4176
- C:\Windows\System\ykpmnBM.exe
  C:\Windows\System\ykpmnBM.exe
  2⤵
  PID:4228
- C:\Windows\System\EPMUnaD.exe
  C:\Windows\System\EPMUnaD.exe
  2⤵
  PID:4244
- C:\Windows\System\IqjqwLf.exe
  C:\Windows\System\IqjqwLf.exe
  2⤵
  PID:4272
- C:\Windows\System\fwvseGv.exe
  C:\Windows\System\fwvseGv.exe
  2⤵
  PID:4288
- C:\Windows\System\CVMkkSd.exe
  C:\Windows\System\CVMkkSd.exe
  2⤵
  PID:4308
- C:\Windows\System\ATDXcvD.exe
  C:\Windows\System\ATDXcvD.exe
  2⤵
  PID:4620
- C:\Windows\System\ftwkeGH.exe
  C:\Windows\System\ftwkeGH.exe
  2⤵
  PID:4636
- C:\Windows\System\dCuaFmf.exe
  C:\Windows\System\dCuaFmf.exe
  2⤵
  PID:4652
- C:\Windows\System\buuKVwD.exe
  C:\Windows\System\buuKVwD.exe
  2⤵
  PID:4704
- C:\Windows\System\bpxAMRw.exe
  C:\Windows\System\bpxAMRw.exe
  2⤵
  PID:4748
- C:\Windows\System\OAnwcoj.exe
  C:\Windows\System\OAnwcoj.exe
  2⤵
  PID:4788
- C:\Windows\System\ANUENpi.exe
  C:\Windows\System\ANUENpi.exe
  2⤵
  PID:4824
- C:\Windows\System\WHbjKnM.exe
  C:\Windows\System\WHbjKnM.exe
  2⤵
  PID:4840
- C:\Windows\System\tkWeNeb.exe
  C:\Windows\System\tkWeNeb.exe
  2⤵
  PID:4856
- C:\Windows\System\EvjjBvf.exe
  C:\Windows\System\EvjjBvf.exe
  2⤵
  PID:4876
- C:\Windows\System\uWRpPHJ.exe
  C:\Windows\System\uWRpPHJ.exe
  2⤵
  PID:4892
- C:\Windows\System\HqAKLcT.exe
  C:\Windows\System\HqAKLcT.exe
  2⤵
  PID:4908
- C:\Windows\System\cfwUpxf.exe
  C:\Windows\System\cfwUpxf.exe
  2⤵
  PID:4924
- C:\Windows\System\ggpASxv.exe
  C:\Windows\System\ggpASxv.exe
  2⤵
  PID:4940
- C:\Windows\System\eVCOjie.exe
  C:\Windows\System\eVCOjie.exe
  2⤵
  PID:4956
- C:\Windows\System\naJexMY.exe
  C:\Windows\System\naJexMY.exe
  2⤵
  PID:4972
- C:\Windows\System\lUWkIYS.exe
  C:\Windows\System\lUWkIYS.exe
  2⤵
  PID:4988
- C:\Windows\System\dcdLrbQ.exe
  C:\Windows\System\dcdLrbQ.exe
  2⤵
  PID:5012
- C:\Windows\System\VeubewA.exe
  C:\Windows\System\VeubewA.exe
  2⤵
  PID:5032
- C:\Windows\System\bMoKuuk.exe
  C:\Windows\System\bMoKuuk.exe
  2⤵
  PID:5048
- C:\Windows\System\NqtvChe.exe
  C:\Windows\System\NqtvChe.exe
  2⤵
  PID:5064
- C:\Windows\System\HzUJNbb.exe
  C:\Windows\System\HzUJNbb.exe
  2⤵
  PID:5084
- C:\Windows\System\lWznlri.exe
  C:\Windows\System\lWznlri.exe
  2⤵
  PID:5100
- C:\Windows\System\peTujwG.exe
  C:\Windows\System\peTujwG.exe
  2⤵
  PID:3612
- C:\Windows\System\twgeaeG.exe
  C:\Windows\System\twgeaeG.exe
  2⤵
  PID:748
- C:\Windows\System\cPgLfeG.exe
  C:\Windows\System\cPgLfeG.exe
  2⤵
  PID:4116
- C:\Windows\System\erYnbro.exe
  C:\Windows\System\erYnbro.exe
  2⤵
  PID:1676
- C:\Windows\System\uoqwfma.exe
  C:\Windows\System\uoqwfma.exe
  2⤵
  PID:2828
- C:\Windows\System\VbRzWIq.exe
  C:\Windows\System\VbRzWIq.exe
  2⤵
  PID:3756
- C:\Windows\System\ftVvLwa.exe
  C:\Windows\System\ftVvLwa.exe
  2⤵
  PID:4192
- C:\Windows\System\qFnoJRT.exe
  C:\Windows\System\qFnoJRT.exe
  2⤵
  PID:4216
- C:\Windows\System\cKygGlf.exe
  C:\Windows\System\cKygGlf.exe
  2⤵
  PID:4220
- C:\Windows\System\CgOOupp.exe
  C:\Windows\System\CgOOupp.exe
  2⤵
  PID:4256
- C:\Windows\System\ABzMOSY.exe
  C:\Windows\System\ABzMOSY.exe
  2⤵
  PID:4296
- C:\Windows\System\LbhDMFq.exe
  C:\Windows\System\LbhDMFq.exe
  2⤵
  PID:4236
- C:\Windows\System\FMfIyNc.exe
  C:\Windows\System\FMfIyNc.exe
  2⤵
  PID:4332
- C:\Windows\System\piqKxEt.exe
  C:\Windows\System\piqKxEt.exe
  2⤵
  PID:4348
- C:\Windows\System\qftaaoQ.exe
  C:\Windows\System\qftaaoQ.exe
  2⤵
  PID:4364
- C:\Windows\System\uKkUqUS.exe
  C:\Windows\System\uKkUqUS.exe
  2⤵
  PID:4384
- C:\Windows\System\xYncspP.exe
  C:\Windows\System\xYncspP.exe
  2⤵
  PID:4396
- C:\Windows\System\GkWiFcu.exe
  C:\Windows\System\GkWiFcu.exe
  2⤵
  PID:4404
- C:\Windows\System\JMSPNcB.exe
  C:\Windows\System\JMSPNcB.exe
  2⤵
  PID:4428
- C:\Windows\System\zXWbwGW.exe
  C:\Windows\System\zXWbwGW.exe
  2⤵
  PID:4436
- C:\Windows\System\JGEXbnM.exe
  C:\Windows\System\JGEXbnM.exe
  2⤵
  PID:4460
- C:\Windows\System\dqPKqNu.exe
  C:\Windows\System\dqPKqNu.exe
  2⤵
  PID:4476
- C:\Windows\System\vluakGF.exe
  C:\Windows\System\vluakGF.exe
  2⤵
  PID:4484
- C:\Windows\System\DYAhmcy.exe
  C:\Windows\System\DYAhmcy.exe
  2⤵
  PID:4512
- C:\Windows\System\fgLQstT.exe
  C:\Windows\System\fgLQstT.exe
  2⤵
  PID:4532
- C:\Windows\System\gTvJurj.exe
  C:\Windows\System\gTvJurj.exe
  2⤵
  PID:4552
- C:\Windows\System\GnBuuzn.exe
  C:\Windows\System\GnBuuzn.exe
  2⤵
  PID:4572
- C:\Windows\System\czNHeSe.exe
  C:\Windows\System\czNHeSe.exe
  2⤵
  PID:4588
- C:\Windows\System\njoWwmO.exe
  C:\Windows\System\njoWwmO.exe
  2⤵
  PID:4660
- C:\Windows\System\vxxxWMn.exe
  C:\Windows\System\vxxxWMn.exe
  2⤵
  PID:4680
- C:\Windows\System\SSoFpgv.exe
  C:\Windows\System\SSoFpgv.exe
  2⤵
  PID:4696
- C:\Windows\System\ESKCWYz.exe
  C:\Windows\System\ESKCWYz.exe
  2⤵
  PID:4600
- C:\Windows\System\cveagEF.exe
  C:\Windows\System\cveagEF.exe
  2⤵
  PID:4616
- C:\Windows\System\JfpFNwO.exe
  C:\Windows\System\JfpFNwO.exe
  2⤵
  PID:4716
- C:\Windows\System\sdnWNSR.exe
  C:\Windows\System\sdnWNSR.exe
  2⤵
  PID:4732
- C:\Windows\System\qoLjmPQ.exe
  C:\Windows\System\qoLjmPQ.exe
  2⤵
  PID:4744
- C:\Windows\System\ifWyVgY.exe
  C:\Windows\System\ifWyVgY.exe
  2⤵
  PID:4776
- C:\Windows\System\BqgsSPh.exe
  C:\Windows\System\BqgsSPh.exe
  2⤵
  PID:4832
- C:\Windows\System\QrLEGjj.exe
  C:\Windows\System\QrLEGjj.exe
  2⤵
  PID:4796
- C:\Windows\System\EMAMFFC.exe
  C:\Windows\System\EMAMFFC.exe
  2⤵
  PID:4800
- C:\Windows\System\qIiNjlN.exe
  C:\Windows\System\qIiNjlN.exe
  2⤵
  PID:4868
- C:\Windows\System\qbirQkB.exe
  C:\Windows\System\qbirQkB.exe
  2⤵
  PID:4932
- C:\Windows\System\INksIxG.exe
  C:\Windows\System\INksIxG.exe
  2⤵
  PID:4964
- C:\Windows\System\inwtkMF.exe
  C:\Windows\System\inwtkMF.exe
  2⤵
  PID:5004
- C:\Windows\System\MaLwviI.exe
  C:\Windows\System\MaLwviI.exe
  2⤵
  PID:5072
- C:\Windows\System\qQxRExP.exe
  C:\Windows\System\qQxRExP.exe
  2⤵
  PID:5024
- C:\Windows\System\owOenRq.exe
  C:\Windows\System\owOenRq.exe
  2⤵
  PID:5116
- C:\Windows\System\BEcePlm.exe
  C:\Windows\System\BEcePlm.exe
  2⤵
  PID:5028
- C:\Windows\System\qGyfKMT.exe
  C:\Windows\System\qGyfKMT.exe
  2⤵
  PID:4136
- C:\Windows\System\eCoekcu.exe
  C:\Windows\System\eCoekcu.exe
  2⤵
  PID:4188
- C:\Windows\System\eGXTTLf.exe
  C:\Windows\System\eGXTTLf.exe
  2⤵
  PID:4284
- C:\Windows\System\hKTBMsZ.exe
  C:\Windows\System\hKTBMsZ.exe
  2⤵
  PID:4984
- C:\Windows\System\oiBnckQ.exe
  C:\Windows\System\oiBnckQ.exe
  2⤵
  PID:4388
- C:\Windows\System\hmaOaMi.exe
  C:\Windows\System\hmaOaMi.exe
  2⤵
  PID:4344
- C:\Windows\System\JrEtQkQ.exe
  C:\Windows\System\JrEtQkQ.exe
  2⤵
  PID:4152
- C:\Windows\System\RuyRajQ.exe
  C:\Windows\System\RuyRajQ.exe
  2⤵
  PID:4252
- C:\Windows\System\QnSFsdu.exe
  C:\Windows\System\QnSFsdu.exe
  2⤵
  PID:4392
- C:\Windows\System\CaPXeBN.exe
  C:\Windows\System\CaPXeBN.exe
  2⤵
  PID:4424
- C:\Windows\System\duWrChi.exe
  C:\Windows\System\duWrChi.exe
  2⤵
  PID:4488
- C:\Windows\System\vEbBYkc.exe
  C:\Windows\System\vEbBYkc.exe
  2⤵
  PID:3180
- C:\Windows\System\qBySMUM.exe
  C:\Windows\System\qBySMUM.exe
  2⤵
  PID:4376
- C:\Windows\System\SqMvWbH.exe
  C:\Windows\System\SqMvWbH.exe
  2⤵
  PID:4524
- C:\Windows\System\kRdVHKH.exe
  C:\Windows\System\kRdVHKH.exe
  2⤵
  PID:4764
- C:\Windows\System\zZfeqUk.exe
  C:\Windows\System\zZfeqUk.exe
  2⤵
  PID:4820
- C:\Windows\System\mEXCKof.exe
  C:\Windows\System\mEXCKof.exe
  2⤵
  PID:5044
- C:\Windows\System\CJpWLvZ.exe
  C:\Windows\System\CJpWLvZ.exe
  2⤵
  PID:5112
- C:\Windows\System\VTdOirC.exe
  C:\Windows\System\VTdOirC.exe
  2⤵
  PID:4268
- C:\Windows\System\MYwtagA.exe
  C:\Windows\System\MYwtagA.exe
  2⤵
  PID:2488
- C:\Windows\System\qCsYVFj.exe
  C:\Windows\System\qCsYVFj.exe
  2⤵
  PID:4412
- C:\Windows\System\IQoWHrn.exe
  C:\Windows\System\IQoWHrn.exe
  2⤵
  PID:4676
- C:\Windows\System\jsutOqS.exe
  C:\Windows\System\jsutOqS.exe
  2⤵
  PID:4712
- C:\Windows\System\VViAGNm.exe
  C:\Windows\System\VViAGNm.exe
  2⤵
  PID:4920
- C:\Windows\System\kfkEPiQ.exe
  C:\Windows\System\kfkEPiQ.exe
  2⤵
  PID:5000
- C:\Windows\System\IXjLXKV.exe
  C:\Windows\System\IXjLXKV.exe
  2⤵
  PID:4784
- C:\Windows\System\VEvMoIw.exe
  C:\Windows\System\VEvMoIw.exe
  2⤵
  PID:4212
- C:\Windows\System\iJAeLJO.exe
  C:\Windows\System\iJAeLJO.exe
  2⤵
  PID:2088
- C:\Windows\System\woPpTDm.exe
  C:\Windows\System\woPpTDm.exe
  2⤵
  PID:4948
- C:\Windows\System\YyCzqOe.exe
  C:\Windows\System\YyCzqOe.exe
  2⤵
  PID:4496
- C:\Windows\System\GnahvCq.exe
  C:\Windows\System\GnahvCq.exe
  2⤵
  PID:4628
- C:\Windows\System\XLUaxbI.exe
  C:\Windows\System\XLUaxbI.exe
  2⤵
  PID:4576
- C:\Windows\System\jeEamep.exe
  C:\Windows\System\jeEamep.exe
  2⤵
  PID:4608
- C:\Windows\System\pHrFYLJ.exe
  C:\Windows\System\pHrFYLJ.exe
  2⤵
  PID:4728
- C:\Windows\System\LqKbvFC.exe
  C:\Windows\System\LqKbvFC.exe
  2⤵
  PID:3568
- C:\Windows\System\YHylXjd.exe
  C:\Windows\System\YHylXjd.exe
  2⤵
  PID:4864
- C:\Windows\System\KAutmig.exe
  C:\Windows\System\KAutmig.exe
  2⤵
  PID:4648
- C:\Windows\System\nAUGtcY.exe
  C:\Windows\System\nAUGtcY.exe
  2⤵
  PID:4360
- C:\Windows\System\cepPSDn.exe
  C:\Windows\System\cepPSDn.exe
  2⤵
  PID:5124
- C:\Windows\System\FFsfJiI.exe
  C:\Windows\System\FFsfJiI.exe
  2⤵
  PID:5140
- C:\Windows\System\XyMmoIa.exe
  C:\Windows\System\XyMmoIa.exe
  2⤵
  PID:5156
- C:\Windows\System\JotRdSo.exe
  C:\Windows\System\JotRdSo.exe
  2⤵
  PID:5172
- C:\Windows\System\Hvvmugg.exe
  C:\Windows\System\Hvvmugg.exe
  2⤵
  PID:5188
- C:\Windows\System\Femthgf.exe
  C:\Windows\System\Femthgf.exe
  2⤵
  PID:5204
- C:\Windows\System\kwJKmOD.exe
  C:\Windows\System\kwJKmOD.exe
  2⤵
  PID:5220
- C:\Windows\System\PrwhXBZ.exe
  C:\Windows\System\PrwhXBZ.exe
  2⤵
  PID:5236
- C:\Windows\System\hzXeFQK.exe
  C:\Windows\System\hzXeFQK.exe
  2⤵
  PID:5252
- C:\Windows\System\HLmSBgT.exe
  C:\Windows\System\HLmSBgT.exe
  2⤵
  PID:5268
- C:\Windows\System\zUUoekl.exe
  C:\Windows\System\zUUoekl.exe
  2⤵
  PID:5284
- C:\Windows\System\NMwJWfS.exe
  C:\Windows\System\NMwJWfS.exe
  2⤵
  PID:5300
- C:\Windows\System\DFTcgxR.exe
  C:\Windows\System\DFTcgxR.exe
  2⤵
  PID:5316
- C:\Windows\System\GwhnDRb.exe
  C:\Windows\System\GwhnDRb.exe
  2⤵
  PID:5332
- C:\Windows\System\TYNDpFs.exe
  C:\Windows\System\TYNDpFs.exe
  2⤵
  PID:5348
- C:\Windows\System\ZbZoqim.exe
  C:\Windows\System\ZbZoqim.exe
  2⤵
  PID:5364
- C:\Windows\System\IrcGJIU.exe
  C:\Windows\System\IrcGJIU.exe
  2⤵
  PID:5380
- C:\Windows\System\mUauaPJ.exe
  C:\Windows\System\mUauaPJ.exe
  2⤵
  PID:5396
- C:\Windows\System\JrEAdIo.exe
  C:\Windows\System\JrEAdIo.exe
  2⤵
  PID:5412
- C:\Windows\System\hsINvBg.exe
  C:\Windows\System\hsINvBg.exe
  2⤵
  PID:5428
- C:\Windows\System\WSxNQbc.exe
  C:\Windows\System\WSxNQbc.exe
  2⤵
  PID:5444
- C:\Windows\System\xarvjax.exe
  C:\Windows\System\xarvjax.exe
  2⤵
  PID:5460
- C:\Windows\System\qWXEEFi.exe
  C:\Windows\System\qWXEEFi.exe
  2⤵
  PID:5480
- C:\Windows\System\FppCihN.exe
  C:\Windows\System\FppCihN.exe
  2⤵
  PID:5504
- C:\Windows\System\BPZDHgk.exe
  C:\Windows\System\BPZDHgk.exe
  2⤵
  PID:5540
- C:\Windows\System\LralMsx.exe
  C:\Windows\System\LralMsx.exe
  2⤵
  PID:5556
- C:\Windows\System\lEiXChA.exe
  C:\Windows\System\lEiXChA.exe
  2⤵
  PID:5572
- C:\Windows\System\oJEoVUc.exe
  C:\Windows\System\oJEoVUc.exe
  2⤵
  PID:5588
- C:\Windows\System\SlWGEtE.exe
  C:\Windows\System\SlWGEtE.exe
  2⤵
  PID:5604
- C:\Windows\System\rNJwZUW.exe
  C:\Windows\System\rNJwZUW.exe
  2⤵
  PID:5620
- C:\Windows\System\aXXekWK.exe
  C:\Windows\System\aXXekWK.exe
  2⤵
  PID:5636
- C:\Windows\System\xEdoojr.exe
  C:\Windows\System\xEdoojr.exe
  2⤵
  PID:5652
- C:\Windows\System\CRUKqbv.exe
  C:\Windows\System\CRUKqbv.exe
  2⤵
  PID:5668
- C:\Windows\System\ZQtSEmW.exe
  C:\Windows\System\ZQtSEmW.exe
  2⤵
  PID:5684
- C:\Windows\System\nTHYYya.exe
  C:\Windows\System\nTHYYya.exe
  2⤵
  PID:5700
- C:\Windows\System\EdWgbwo.exe
  C:\Windows\System\EdWgbwo.exe
  2⤵
  PID:5716
- C:\Windows\System\iNtnUGd.exe
  C:\Windows\System\iNtnUGd.exe
  2⤵
  PID:5808
- C:\Windows\System\XBIbzlS.exe
  C:\Windows\System\XBIbzlS.exe
  2⤵
  PID:5828
- C:\Windows\System\OeCQiid.exe
  C:\Windows\System\OeCQiid.exe
  2⤵
  PID:5844
- C:\Windows\System\VNgjPmq.exe
  C:\Windows\System\VNgjPmq.exe
  2⤵
  PID:5864
- C:\Windows\System\dQeAZFR.exe
  C:\Windows\System\dQeAZFR.exe
  2⤵
  PID:5880
- C:\Windows\System\bkonrzq.exe
  C:\Windows\System\bkonrzq.exe
  2⤵
  PID:5896
- C:\Windows\System\ncaKzYb.exe
  C:\Windows\System\ncaKzYb.exe
  2⤵
  PID:5916
- C:\Windows\System\JrDhsPl.exe
  C:\Windows\System\JrDhsPl.exe
  2⤵
  PID:5948
- C:\Windows\System\TIZTBHy.exe
  C:\Windows\System\TIZTBHy.exe
  2⤵
  PID:5964
- C:\Windows\System\CowimCC.exe
  C:\Windows\System\CowimCC.exe
  2⤵
  PID:5980
- C:\Windows\System\nhkjXmp.exe
  C:\Windows\System\nhkjXmp.exe
  2⤵
  PID:5996
- C:\Windows\System\FZeDphX.exe
  C:\Windows\System\FZeDphX.exe
  2⤵
  PID:6012
- C:\Windows\System\iZGrVit.exe
  C:\Windows\System\iZGrVit.exe
  2⤵
  PID:6028
- C:\Windows\System\NWcMPbN.exe
  C:\Windows\System\NWcMPbN.exe
  2⤵
  PID:6044
- C:\Windows\System\OfaPZsY.exe
  C:\Windows\System\OfaPZsY.exe
  2⤵
  PID:6080
- C:\Windows\System\YiRdEBK.exe
  C:\Windows\System\YiRdEBK.exe
  2⤵
  PID:6096
- C:\Windows\System\HnCmORl.exe
  C:\Windows\System\HnCmORl.exe
  2⤵
  PID:6112
- C:\Windows\System\mZSkgGv.exe
  C:\Windows\System\mZSkgGv.exe
  2⤵
  PID:6128
- C:\Windows\System\VtGoEcH.exe
  C:\Windows\System\VtGoEcH.exe
  2⤵
  PID:4996
- C:\Windows\System\GwevUpw.exe
  C:\Windows\System\GwevUpw.exe
  2⤵
  PID:4980
- C:\Windows\System\gdvZCQr.exe
  C:\Windows\System\gdvZCQr.exe
  2⤵
  PID:3992
- C:\Windows\System\qccnwVG.exe
  C:\Windows\System\qccnwVG.exe
  2⤵
  PID:4596
- C:\Windows\System\rLiAhvl.exe
  C:\Windows\System\rLiAhvl.exe
  2⤵
  PID:5152
- C:\Windows\System\qVuKZYc.exe
  C:\Windows\System\qVuKZYc.exe
  2⤵
  PID:5080
- C:\Windows\System\tCvgohH.exe
  C:\Windows\System\tCvgohH.exe
  2⤵
  PID:5216
- C:\Windows\System\Xpemfkl.exe
  C:\Windows\System\Xpemfkl.exe
  2⤵
  PID:4852
- C:\Windows\System\BjZJIAD.exe
  C:\Windows\System\BjZJIAD.exe
  2⤵
  PID:5108
- C:\Windows\System\wZpGKQg.exe
  C:\Windows\System\wZpGKQg.exe
  2⤵
  PID:5132
- C:\Windows\System\zhQfpAv.exe
  C:\Windows\System\zhQfpAv.exe
  2⤵
  PID:5200
- C:\Windows\System\DbeiurK.exe
  C:\Windows\System\DbeiurK.exe
  2⤵
  PID:5312
- C:\Windows\System\yHKRVsQ.exe
  C:\Windows\System\yHKRVsQ.exe
  2⤵
  PID:5376
- C:\Windows\System\EJhzQwd.exe
  C:\Windows\System\EJhzQwd.exe
  2⤵
  PID:5408
- C:\Windows\System\otMACks.exe
  C:\Windows\System\otMACks.exe
  2⤵
  PID:5440
- C:\Windows\System\JkIOQLW.exe
  C:\Windows\System\JkIOQLW.exe
  2⤵
  PID:5472
- C:\Windows\System\vaUTgYn.exe
  C:\Windows\System\vaUTgYn.exe
  2⤵
  PID:5356
- C:\Windows\System\ivHIwKt.exe
  C:\Windows\System\ivHIwKt.exe
  2⤵
  PID:5520
- C:\Windows\System\omOraDL.exe
  C:\Windows\System\omOraDL.exe
  2⤵
  PID:5500
- C:\Windows\System\vwVYMiS.exe
  C:\Windows\System\vwVYMiS.exe
  2⤵
  PID:5492
- C:\Windows\System\mkBmdYA.exe
  C:\Windows\System\mkBmdYA.exe
  2⤵
  PID:5536
- C:\Windows\System\qiiKOgi.exe
  C:\Windows\System\qiiKOgi.exe
  2⤵
  PID:5552
- C:\Windows\System\YOenZrN.exe
  C:\Windows\System\YOenZrN.exe
  2⤵
  PID:5600
- C:\Windows\System\FnLWtvs.exe
  C:\Windows\System\FnLWtvs.exe
  2⤵
  PID:5664
- C:\Windows\System\AZWygWU.exe
  C:\Windows\System\AZWygWU.exe
  2⤵
  PID:5648
- C:\Windows\System\RCtrPRc.exe
  C:\Windows\System\RCtrPRc.exe
  2⤵
  PID:5676
- C:\Windows\System\GucvyKw.exe
  C:\Windows\System\GucvyKw.exe
  2⤵
  PID:5644
- C:\Windows\System\UJfKiXs.exe
  C:\Windows\System\UJfKiXs.exe
  2⤵
  PID:5744
- C:\Windows\System\bDSAHkV.exe
  C:\Windows\System\bDSAHkV.exe
  2⤵
  PID:5760
- C:\Windows\System\RVfYCrU.exe
  C:\Windows\System\RVfYCrU.exe
  2⤵
  PID:5776
- C:\Windows\System\tUxYfsL.exe
  C:\Windows\System\tUxYfsL.exe
  2⤵
  PID:5792
- C:\Windows\System\YLRJURI.exe
  C:\Windows\System\YLRJURI.exe
  2⤵
  PID:5836
- C:\Windows\System\FroxgTD.exe
  C:\Windows\System\FroxgTD.exe
  2⤵
  PID:5904
- C:\Windows\System\fwdWVLQ.exe
  C:\Windows\System\fwdWVLQ.exe
  2⤵
  PID:5960
- C:\Windows\System\hxcRIjA.exe
  C:\Windows\System\hxcRIjA.exe
  2⤵
  PID:6024
- C:\Windows\System\zjiuoZB.exe
  C:\Windows\System\zjiuoZB.exe
  2⤵
  PID:5824
- C:\Windows\System\ropTsXP.exe
  C:\Windows\System\ropTsXP.exe
  2⤵
  PID:6036
- C:\Windows\System\gQizurb.exe
  C:\Windows\System\gQizurb.exe
  2⤵
  PID:5936
- C:\Windows\System\PxDCtvt.exe
  C:\Windows\System\PxDCtvt.exe
  2⤵
  PID:5892
- C:\Windows\System\AjPPgFG.exe
  C:\Windows\System\AjPPgFG.exe
  2⤵
  PID:6064
- C:\Windows\System\JMUCsns.exe
  C:\Windows\System\JMUCsns.exe
  2⤵
  PID:5972
- C:\Windows\System\skjeDjm.exe
  C:\Windows\System\skjeDjm.exe
  2⤵
  PID:6104
- C:\Windows\System\RdXeGXU.exe
  C:\Windows\System\RdXeGXU.exe
  2⤵
  PID:4580
- C:\Windows\System\uaDchUs.exe
  C:\Windows\System\uaDchUs.exe
  2⤵
  PID:6088
- C:\Windows\System\uSEyecc.exe
  C:\Windows\System\uSEyecc.exe
  2⤵
  PID:5184
- C:\Windows\System\scPWjpP.exe
  C:\Windows\System\scPWjpP.exe
  2⤵
  PID:4740
- C:\Windows\System\RFTSxFj.exe
  C:\Windows\System\RFTSxFj.exe
  2⤵
  PID:5212
- C:\Windows\System\OsiAjGm.exe
  C:\Windows\System\OsiAjGm.exe
  2⤵
  PID:4692
- C:\Windows\System\wYMcviC.exe
  C:\Windows\System\wYMcviC.exe
  2⤵
  PID:5196
- C:\Windows\System\gDLmRhP.exe
  C:\Windows\System\gDLmRhP.exe
  2⤵
  PID:5308
- C:\Windows\System\dfvDVat.exe
  C:\Windows\System\dfvDVat.exe
  2⤵
  PID:5452
- C:\Windows\System\XEkxvJc.exe
  C:\Windows\System\XEkxvJc.exe
  2⤵
  PID:5524
- C:\Windows\System\nHeqtFQ.exe
  C:\Windows\System\nHeqtFQ.exe
  2⤵
  PID:5584
- C:\Windows\System\IZcdrJl.exe
  C:\Windows\System\IZcdrJl.exe
  2⤵
  PID:5680
- C:\Windows\System\iZehmae.exe
  C:\Windows\System\iZehmae.exe
  2⤵
  PID:5872
- C:\Windows\System\jakrbwa.exe
  C:\Windows\System\jakrbwa.exe
  2⤵
  PID:5856
- C:\Windows\System\yUiewNv.exe
  C:\Windows\System\yUiewNv.exe
  2⤵
  PID:5888
- C:\Windows\System\KoRZNox.exe
  C:\Windows\System\KoRZNox.exe
  2⤵
  PID:6136
- C:\Windows\System\AFekuWZ.exe
  C:\Windows\System\AFekuWZ.exe
  2⤵
  PID:4936
- C:\Windows\System\XfHPrtY.exe
  C:\Windows\System\XfHPrtY.exe
  2⤵
  PID:5092
- C:\Windows\System\TZpyniq.exe
  C:\Windows\System\TZpyniq.exe
  2⤵
  PID:5956
- C:\Windows\System\BNONMfs.exe
  C:\Windows\System\BNONMfs.exe
  2⤵
  PID:5932
- C:\Windows\System\LTHeLdC.exe
  C:\Windows\System\LTHeLdC.exe
  2⤵
  PID:5772
- C:\Windows\System\MAsypvv.exe
  C:\Windows\System\MAsypvv.exe
  2⤵
  PID:5712
- C:\Windows\System\WKaQEsR.exe
  C:\Windows\System\WKaQEsR.exe
  2⤵
  PID:5596
- C:\Windows\System\kRjbUBx.exe
  C:\Windows\System\kRjbUBx.exe
  2⤵
  PID:5516
- C:\Windows\System\STAnhnm.exe
  C:\Windows\System\STAnhnm.exe
  2⤵
  PID:5296
- C:\Windows\System\iyhFxKk.exe
  C:\Windows\System\iyhFxKk.exe
  2⤵
  PID:6120
- C:\Windows\System\TbIVSlf.exe
  C:\Windows\System\TbIVSlf.exe
  2⤵
  PID:6008
- C:\Windows\System\MxvQthn.exe
  C:\Windows\System\MxvQthn.exe
  2⤵
  PID:5280
- C:\Windows\System\kafrsTc.exe
  C:\Windows\System\kafrsTc.exe
  2⤵
  PID:5784
- C:\Windows\System\eOHPgZc.exe
  C:\Windows\System\eOHPgZc.exe
  2⤵
  PID:5388
- C:\Windows\System\oyruAAj.exe
  C:\Windows\System\oyruAAj.exe
  2⤵
  PID:5820
- C:\Windows\System\VZRBLRi.exe
  C:\Windows\System\VZRBLRi.exe
  2⤵
  PID:5740
- C:\Windows\System\WeoIZWt.exe
  C:\Windows\System\WeoIZWt.exe
  2⤵
  PID:6060
- C:\Windows\System\TdWvfat.exe
  C:\Windows\System\TdWvfat.exe
  2⤵
  PID:5360
- C:\Windows\System\wrrvDwX.exe
  C:\Windows\System\wrrvDwX.exe
  2⤵
  PID:5632
- C:\Windows\System\sjPqtZC.exe
  C:\Windows\System\sjPqtZC.exe
  2⤵
  PID:5260
- C:\Windows\System\vXqPBTJ.exe
  C:\Windows\System\vXqPBTJ.exe
  2⤵
  PID:5660
- C:\Windows\System\IVJDFaz.exe
  C:\Windows\System\IVJDFaz.exe
  2⤵
  PID:5148
- C:\Windows\System\DQeJoyY.exe
  C:\Windows\System\DQeJoyY.exe
  2⤵
  PID:4688
- C:\Windows\System\gRjrjnE.exe
  C:\Windows\System\gRjrjnE.exe
  2⤵
  PID:5924
- C:\Windows\System\xUhEwUH.exe
  C:\Windows\System\xUhEwUH.exe
  2⤵
  PID:5436
- C:\Windows\System\sWSDlzW.exe
  C:\Windows\System\sWSDlzW.exe
  2⤵
  PID:664
- C:\Windows\System\XCrzOyV.exe
  C:\Windows\System\XCrzOyV.exe
  2⤵
  PID:4280
- C:\Windows\System\AZpFFci.exe
  C:\Windows\System\AZpFFci.exe
  2⤵
  PID:5580
- C:\Windows\System\NnmEivZ.exe
  C:\Windows\System\NnmEivZ.exe
  2⤵
  PID:6020
- C:\Windows\System\cViYpuX.exe
  C:\Windows\System\cViYpuX.exe
  2⤵
  PID:5468
- C:\Windows\System\fPdfTUw.exe
  C:\Windows\System\fPdfTUw.exe
  2⤵
  PID:5708
- C:\Windows\System\zQqzhAB.exe
  C:\Windows\System\zQqzhAB.exe
  2⤵
  PID:5292
- C:\Windows\System\krFQLoR.exe
  C:\Windows\System\krFQLoR.exe
  2⤵
  PID:6160
- C:\Windows\System\cXVzCuA.exe
  C:\Windows\System\cXVzCuA.exe
  2⤵
  PID:6176
- C:\Windows\System\EbVXWhb.exe
  C:\Windows\System\EbVXWhb.exe
  2⤵
  PID:6192
- C:\Windows\System\qrdADZT.exe
  C:\Windows\System\qrdADZT.exe
  2⤵
  PID:6208
- C:\Windows\System\lujphXq.exe
  C:\Windows\System\lujphXq.exe
  2⤵
  PID:6224
- C:\Windows\System\dQILWpB.exe
  C:\Windows\System\dQILWpB.exe
  2⤵
  PID:6240
- C:\Windows\System\BVQsjkF.exe
  C:\Windows\System\BVQsjkF.exe
  2⤵
  PID:6256
- C:\Windows\System\ETCyNJG.exe
  C:\Windows\System\ETCyNJG.exe
  2⤵
  PID:6272
- C:\Windows\System\kafZWCR.exe
  C:\Windows\System\kafZWCR.exe
  2⤵
  PID:6288
- C:\Windows\System\PHUxrtB.exe
  C:\Windows\System\PHUxrtB.exe
  2⤵
  PID:6304
- C:\Windows\System\kfdCjdh.exe
  C:\Windows\System\kfdCjdh.exe
  2⤵
  PID:6324
- C:\Windows\System\wcqBSxi.exe
  C:\Windows\System\wcqBSxi.exe
  2⤵
  PID:6340
- C:\Windows\System\BWevUOW.exe
  C:\Windows\System\BWevUOW.exe
  2⤵
  PID:6356
- C:\Windows\System\BLRVcXQ.exe
  C:\Windows\System\BLRVcXQ.exe
  2⤵
  PID:6372
- C:\Windows\System\NaPtmLG.exe
  C:\Windows\System\NaPtmLG.exe
  2⤵
  PID:6388
- C:\Windows\System\PfubrMk.exe
  C:\Windows\System\PfubrMk.exe
  2⤵
  PID:6404
- C:\Windows\System\LomGmbz.exe
  C:\Windows\System\LomGmbz.exe
  2⤵
  PID:6420
- C:\Windows\System\hASMZkL.exe
  C:\Windows\System\hASMZkL.exe
  2⤵
  PID:6436
- C:\Windows\System\QLSIVjI.exe
  C:\Windows\System\QLSIVjI.exe
  2⤵
  PID:6452
- C:\Windows\System\sACKOVy.exe
  C:\Windows\System\sACKOVy.exe
  2⤵
  PID:6468
- C:\Windows\System\ktqSZfC.exe
  C:\Windows\System\ktqSZfC.exe
  2⤵
  PID:6484
- C:\Windows\System\JynIpwE.exe
  C:\Windows\System\JynIpwE.exe
  2⤵
  PID:6500
- C:\Windows\System\ynhifMe.exe
  C:\Windows\System\ynhifMe.exe
  2⤵
  PID:6516
- C:\Windows\System\mDzgMtv.exe
  C:\Windows\System\mDzgMtv.exe
  2⤵
  PID:6532
- C:\Windows\System\AsMaFSE.exe
  C:\Windows\System\AsMaFSE.exe
  2⤵
  PID:6548
- C:\Windows\System\dkSaOlO.exe
  C:\Windows\System\dkSaOlO.exe
  2⤵
  PID:6564
- C:\Windows\System\SRNxEDk.exe
  C:\Windows\System\SRNxEDk.exe
  2⤵
  PID:6580
- C:\Windows\System\ZoiCCmV.exe
  C:\Windows\System\ZoiCCmV.exe
  2⤵
  PID:6596
- C:\Windows\System\GmeJuoa.exe
  C:\Windows\System\GmeJuoa.exe
  2⤵
  PID:6612
- C:\Windows\System\jvsXpPw.exe
  C:\Windows\System\jvsXpPw.exe
  2⤵
  PID:6628
- C:\Windows\System\dsDYkTh.exe
  C:\Windows\System\dsDYkTh.exe
  2⤵
  PID:6644
- C:\Windows\System\ytgexQd.exe
  C:\Windows\System\ytgexQd.exe
  2⤵
  PID:6660
- C:\Windows\System\aUrFcCE.exe
  C:\Windows\System\aUrFcCE.exe
  2⤵
  PID:6676
- C:\Windows\System\NZlvqJH.exe
  C:\Windows\System\NZlvqJH.exe
  2⤵
  PID:6692
- C:\Windows\System\UljRvBK.exe
  C:\Windows\System\UljRvBK.exe
  2⤵
  PID:6708
- C:\Windows\System\uGUWDEd.exe
  C:\Windows\System\uGUWDEd.exe
  2⤵
  PID:6724
- C:\Windows\System\sMGczEX.exe
  C:\Windows\System\sMGczEX.exe
  2⤵
  PID:6740
- C:\Windows\System\VWPIstR.exe
  C:\Windows\System\VWPIstR.exe
  2⤵
  PID:6756
- C:\Windows\System\hYRGOSj.exe
  C:\Windows\System\hYRGOSj.exe
  2⤵
  PID:6772
- C:\Windows\System\sRHTgpY.exe
  C:\Windows\System\sRHTgpY.exe
  2⤵
  PID:6788
- C:\Windows\System\XSViiXj.exe
  C:\Windows\System\XSViiXj.exe
  2⤵
  PID:6804
- C:\Windows\System\fpEEipK.exe
  C:\Windows\System\fpEEipK.exe
  2⤵
  PID:6820
- C:\Windows\System\mxJuDwU.exe
  C:\Windows\System\mxJuDwU.exe
  2⤵
  PID:6836
- C:\Windows\System\TZCwBrS.exe
  C:\Windows\System\TZCwBrS.exe
  2⤵
  PID:6852
- C:\Windows\System\pfBfnEp.exe
  C:\Windows\System\pfBfnEp.exe
  2⤵
  PID:6868
- C:\Windows\System\YCrHXst.exe
  C:\Windows\System\YCrHXst.exe
  2⤵
  PID:6884
- C:\Windows\System\drrBgLv.exe
  C:\Windows\System\drrBgLv.exe
  2⤵
  PID:6900
- C:\Windows\System\hfSUCif.exe
  C:\Windows\System\hfSUCif.exe
  2⤵
  PID:6916
- C:\Windows\System\ILfvata.exe
  C:\Windows\System\ILfvata.exe
  2⤵
  PID:6932
- C:\Windows\System\YQJNDTn.exe
  C:\Windows\System\YQJNDTn.exe
  2⤵
  PID:6948
- C:\Windows\System\FZBtOJc.exe
  C:\Windows\System\FZBtOJc.exe
  2⤵
  PID:6964
- C:\Windows\System\ttjfyhT.exe
  C:\Windows\System\ttjfyhT.exe
  2⤵
  PID:6980
- C:\Windows\System\bdjAKgm.exe
  C:\Windows\System\bdjAKgm.exe
  2⤵
  PID:6996
- C:\Windows\System\iwrozuG.exe
  C:\Windows\System\iwrozuG.exe
  2⤵
  PID:7012
- C:\Windows\System\pPlSIaF.exe
  C:\Windows\System\pPlSIaF.exe
  2⤵
  PID:7028
- C:\Windows\System\GLGOeiY.exe
  C:\Windows\System\GLGOeiY.exe
  2⤵
  PID:7044
- C:\Windows\System\ewsFDhw.exe
  C:\Windows\System\ewsFDhw.exe
  2⤵
  PID:7060
- C:\Windows\System\KVMEyvn.exe
  C:\Windows\System\KVMEyvn.exe
  2⤵
  PID:7076
- C:\Windows\System\czJkDkk.exe
  C:\Windows\System\czJkDkk.exe
  2⤵
  PID:7092
- C:\Windows\System\oQjFXeS.exe
  C:\Windows\System\oQjFXeS.exe
  2⤵
  PID:7108
- C:\Windows\System\cxtjuxd.exe
  C:\Windows\System\cxtjuxd.exe
  2⤵
  PID:7124
- C:\Windows\System\mJsXWdd.exe
  C:\Windows\System\mJsXWdd.exe
  2⤵
  PID:7140
- C:\Windows\System\XdjZteQ.exe
  C:\Windows\System\XdjZteQ.exe
  2⤵
  PID:7156
- C:\Windows\System\ohrlQIQ.exe
  C:\Windows\System\ohrlQIQ.exe
  2⤵
  PID:6152
- C:\Windows\System\NnlluPF.exe
  C:\Windows\System\NnlluPF.exe
  2⤵
  PID:5488
- C:\Windows\System\uVqOJPr.exe
  C:\Windows\System\uVqOJPr.exe
  2⤵
  PID:6252
- C:\Windows\System\ohvWOWg.exe
  C:\Windows\System\ohvWOWg.exe
  2⤵
  PID:6312
- C:\Windows\System\lCkTXxe.exe
  C:\Windows\System\lCkTXxe.exe
  2⤵
  PID:6204
- C:\Windows\System\KFPXDdt.exe
  C:\Windows\System\KFPXDdt.exe
  2⤵
  PID:6268
- C:\Windows\System\anmZhdM.exe
  C:\Windows\System\anmZhdM.exe
  2⤵
  PID:6348
- C:\Windows\System\zDOthwz.exe
  C:\Windows\System\zDOthwz.exe
  2⤵
  PID:6384
- C:\Windows\System\UQvyOPG.exe
  C:\Windows\System\UQvyOPG.exe
  2⤵
  PID:6396
- C:\Windows\System\nhfuCTl.exe
  C:\Windows\System\nhfuCTl.exe
  2⤵
  PID:6448
- C:\Windows\System\NAEmGLK.exe
  C:\Windows\System\NAEmGLK.exe
  2⤵
  PID:6508
- C:\Windows\System\kFtVOUY.exe
  C:\Windows\System\kFtVOUY.exe
  2⤵
  PID:6496
- C:\Windows\System\aEIbtFl.exe
  C:\Windows\System\aEIbtFl.exe
  2⤵
  PID:6544
- C:\Windows\System\wLTfPlb.exe
  C:\Windows\System\wLTfPlb.exe
  2⤵
  PID:6592
- C:\Windows\System\EesARSw.exe
  C:\Windows\System\EesARSw.exe
  2⤵
  PID:6636
- C:\Windows\System\zwwILVA.exe
  C:\Windows\System\zwwILVA.exe
  2⤵
  PID:6668
- C:\Windows\System\MVlXYpL.exe
  C:\Windows\System\MVlXYpL.exe
  2⤵
  PID:6672
- C:\Windows\System\RyGOAgB.exe
  C:\Windows\System\RyGOAgB.exe
  2⤵
  PID:6688
- C:\Windows\System\MIvNlPx.exe
  C:\Windows\System\MIvNlPx.exe
  2⤵
  PID:6736
- C:\Windows\System\hmcWUuP.exe
  C:\Windows\System\hmcWUuP.exe
  2⤵
  PID:6800
- C:\Windows\System\mpnIoUO.exe
  C:\Windows\System\mpnIoUO.exe
  2⤵
  PID:6752
- C:\Windows\System\BWgEAfp.exe
  C:\Windows\System\BWgEAfp.exe
  2⤵
  PID:6816
- C:\Windows\System\KfRFLul.exe
  C:\Windows\System\KfRFLul.exe
  2⤵
  PID:6864
- C:\Windows\System\OePdSRr.exe
  C:\Windows\System\OePdSRr.exe
  2⤵
  PID:6896
- C:\Windows\System\HtSPZaE.exe
  C:\Windows\System\HtSPZaE.exe
  2⤵
  PID:6944
- C:\Windows\System\TESwPQA.exe
  C:\Windows\System\TESwPQA.exe
  2⤵
  PID:7024
- C:\Windows\System\ciOPgMw.exe
  C:\Windows\System\ciOPgMw.exe
  2⤵
  PID:7088
- C:\Windows\System\kldsIJy.exe
  C:\Windows\System\kldsIJy.exe
  2⤵
  PID:7116
- C:\Windows\System\zYfBAGh.exe
  C:\Windows\System\zYfBAGh.exe
  2⤵
  PID:7148
- C:\Windows\System\YJXzKoa.exe
  C:\Windows\System\YJXzKoa.exe
  2⤵
  PID:6236
- C:\Windows\System\fjJrAnp.exe
  C:\Windows\System\fjJrAnp.exe
  2⤵
  PID:7136
- C:\Windows\System\qRBzAIn.exe
  C:\Windows\System\qRBzAIn.exe
  2⤵
  PID:6976
- C:\Windows\System\VVDuLVf.exe
  C:\Windows\System\VVDuLVf.exe
  2⤵
  PID:5804
- C:\Windows\System\SZMpTft.exe
  C:\Windows\System\SZMpTft.exe
  2⤵
  PID:6400
- C:\Windows\System\ZIJpxoj.exe
  C:\Windows\System\ZIJpxoj.exe
  2⤵
  PID:6576
- C:\Windows\System\wVmckEM.exe
  C:\Windows\System\wVmckEM.exe
  2⤵
  PID:6332
- C:\Windows\System\pfZChXa.exe
  C:\Windows\System\pfZChXa.exe
  2⤵
  PID:6640
- C:\Windows\System\phjPaNw.exe
  C:\Windows\System\phjPaNw.exe
  2⤵
  PID:6704
- C:\Windows\System\pmylrgJ.exe
  C:\Windows\System\pmylrgJ.exe
  2⤵
  PID:6652
- C:\Windows\System\xymaMHd.exe
  C:\Windows\System\xymaMHd.exe
  2⤵
  PID:6720
- C:\Windows\System\AbASWSF.exe
  C:\Windows\System\AbASWSF.exe
  2⤵
  PID:6796
- C:\Windows\System\bdHQIki.exe
  C:\Windows\System\bdHQIki.exe
  2⤵
  PID:6892
- C:\Windows\System\BlFJqHg.exe
  C:\Windows\System\BlFJqHg.exe
  2⤵
  PID:6912
- C:\Windows\System\EOHHdvm.exe
  C:\Windows\System\EOHHdvm.exe
  2⤵
  PID:6828
- C:\Windows\System\oekqcNt.exe
  C:\Windows\System\oekqcNt.exe
  2⤵
  PID:6284
- C:\Windows\System\fpKBNUe.exe
  C:\Windows\System\fpKBNUe.exe
  2⤵
  PID:7072
- C:\Windows\System\VsTvOqg.exe
  C:\Windows\System\VsTvOqg.exe
  2⤵
  PID:6264
- C:\Windows\System\LrhuLos.exe
  C:\Windows\System\LrhuLos.exe
  2⤵
  PID:6380
- C:\Windows\System\cwPuWnh.exe
  C:\Windows\System\cwPuWnh.exe
  2⤵
  PID:6428
- C:\Windows\System\GCLXxYk.exe
  C:\Windows\System\GCLXxYk.exe
  2⤵
  PID:6300
- C:\Windows\System\ewlGysK.exe
  C:\Windows\System\ewlGysK.exe
  2⤵
  PID:6588
- C:\Windows\System\yOnGvLs.exe
  C:\Windows\System\yOnGvLs.exe
  2⤵
  PID:6928
- C:\Windows\System\PcyCijJ.exe
  C:\Windows\System\PcyCijJ.exe
  2⤵
  PID:7036
- C:\Windows\System\MZdebAP.exe
  C:\Windows\System\MZdebAP.exe
  2⤵
  PID:6336
- C:\Windows\System\XqJkGvQ.exe
  C:\Windows\System\XqJkGvQ.exe
  2⤵
  PID:7020
- C:\Windows\System\HPjYGgW.exe
  C:\Windows\System\HPjYGgW.exe
  2⤵
  PID:6624
- C:\Windows\System\aqSQTVz.exe
  C:\Windows\System\aqSQTVz.exe
  2⤵
  PID:6512
- C:\Windows\System\KzYZgHr.exe
  C:\Windows\System\KzYZgHr.exe
  2⤵
  PID:6184
- C:\Windows\System\NVpzRVX.exe
  C:\Windows\System\NVpzRVX.exe
  2⤵
  PID:6232
- C:\Windows\System\TSLdaid.exe
  C:\Windows\System\TSLdaid.exe
  2⤵
  PID:2884
- C:\Windows\System\cgfjNji.exe
  C:\Windows\System\cgfjNji.exe
  2⤵
  PID:7176
- C:\Windows\System\QwxEdvi.exe
  C:\Windows\System\QwxEdvi.exe
  2⤵
  PID:7192
- C:\Windows\System\XITlDls.exe
  C:\Windows\System\XITlDls.exe
  2⤵
  PID:7208
- C:\Windows\System\UAmZNmE.exe
  C:\Windows\System\UAmZNmE.exe
  2⤵
  PID:7228
- C:\Windows\System\xFIAMZx.exe
  C:\Windows\System\xFIAMZx.exe
  2⤵
  PID:7244
- C:\Windows\System\tCCFRfT.exe
  C:\Windows\System\tCCFRfT.exe
  2⤵
  PID:7260
- C:\Windows\System\kIhrbnX.exe
  C:\Windows\System\kIhrbnX.exe
  2⤵
  PID:7276
- C:\Windows\System\rxagUAX.exe
  C:\Windows\System\rxagUAX.exe
  2⤵
  PID:7292
- C:\Windows\System\cZanbMS.exe
  C:\Windows\System\cZanbMS.exe
  2⤵
  PID:7308
- C:\Windows\System\JwVnwdc.exe
  C:\Windows\System\JwVnwdc.exe
  2⤵
  PID:7324
- C:\Windows\System\qcRyBSN.exe
  C:\Windows\System\qcRyBSN.exe
  2⤵
  PID:7340
- C:\Windows\System\tOOUbux.exe
  C:\Windows\System\tOOUbux.exe
  2⤵
  PID:7356
- C:\Windows\System\MDbdsys.exe
  C:\Windows\System\MDbdsys.exe
  2⤵
  PID:7372
- C:\Windows\System\YqWiiPr.exe
  C:\Windows\System\YqWiiPr.exe
  2⤵
  PID:7388
- C:\Windows\System\zmrADcm.exe
  C:\Windows\System\zmrADcm.exe
  2⤵
  PID:7404
- C:\Windows\System\UVlEfYm.exe
  C:\Windows\System\UVlEfYm.exe
  2⤵
  PID:7420
- C:\Windows\System\ptFIwEZ.exe
  C:\Windows\System\ptFIwEZ.exe
  2⤵
  PID:7436
- C:\Windows\System\UMGklmx.exe
  C:\Windows\System\UMGklmx.exe
  2⤵
  PID:7452
- C:\Windows\System\noyxDBO.exe
  C:\Windows\System\noyxDBO.exe
  2⤵
  PID:7468
- C:\Windows\System\pwvOoZm.exe
  C:\Windows\System\pwvOoZm.exe
  2⤵
  PID:7484
- C:\Windows\System\kFwoDTF.exe
  C:\Windows\System\kFwoDTF.exe
  2⤵
  PID:7504
- C:\Windows\System\eKqhLSQ.exe
  C:\Windows\System\eKqhLSQ.exe
  2⤵
  PID:7520
- C:\Windows\System\ZUXkfBc.exe
  C:\Windows\System\ZUXkfBc.exe
  2⤵
  PID:7536
- C:\Windows\System\JUxvRSf.exe
  C:\Windows\System\JUxvRSf.exe
  2⤵
  PID:7552
- C:\Windows\System\hXzQCtx.exe
  C:\Windows\System\hXzQCtx.exe
  2⤵
  PID:7576
- C:\Windows\System\eMfPviA.exe
  C:\Windows\System\eMfPviA.exe
  2⤵
  PID:7592
- C:\Windows\System\zerFKpb.exe
  C:\Windows\System\zerFKpb.exe
  2⤵
  PID:7608
- C:\Windows\System\fysaIVk.exe
  C:\Windows\System\fysaIVk.exe
  2⤵
  PID:7624
- C:\Windows\System\LemFSrE.exe
  C:\Windows\System\LemFSrE.exe
  2⤵
  PID:7640
- C:\Windows\System\kiHGySv.exe
  C:\Windows\System\kiHGySv.exe
  2⤵
  PID:7656
- C:\Windows\System\HvIHlyn.exe
  C:\Windows\System\HvIHlyn.exe
  2⤵
  PID:7672
- C:\Windows\System\NcpiRva.exe
  C:\Windows\System\NcpiRva.exe
  2⤵
  PID:7688
- C:\Windows\System\usyKBZF.exe
  C:\Windows\System\usyKBZF.exe
  2⤵
  PID:7704
- C:\Windows\System\WIjyYvr.exe
  C:\Windows\System\WIjyYvr.exe
  2⤵
  PID:7720
- C:\Windows\System\phGPYMX.exe
  C:\Windows\System\phGPYMX.exe
  2⤵
  PID:7736
- C:\Windows\System\ryeQivu.exe
  C:\Windows\System\ryeQivu.exe
  2⤵
  PID:7756
- C:\Windows\System\UwCCOyz.exe
  C:\Windows\System\UwCCOyz.exe
  2⤵
  PID:7772
- C:\Windows\System\WZENABg.exe
  C:\Windows\System\WZENABg.exe
  2⤵
  PID:7788
- C:\Windows\System\yDHYORi.exe
  C:\Windows\System\yDHYORi.exe
  2⤵
  PID:7804
- C:\Windows\System\Tmhemtg.exe
  C:\Windows\System\Tmhemtg.exe
  2⤵
  PID:7820
- C:\Windows\System\dUMmmVQ.exe
  C:\Windows\System\dUMmmVQ.exe
  2⤵
  PID:7836
- C:\Windows\System\oeagwZp.exe
  C:\Windows\System\oeagwZp.exe
  2⤵
  PID:7852
- C:\Windows\System\ZFRKATL.exe
  C:\Windows\System\ZFRKATL.exe
  2⤵
  PID:7868
- C:\Windows\System\SBVflKL.exe
  C:\Windows\System\SBVflKL.exe
  2⤵
  PID:7884
- C:\Windows\System\XgttcUQ.exe
  C:\Windows\System\XgttcUQ.exe
  2⤵
  PID:7900
- C:\Windows\System\quMCzFv.exe
  C:\Windows\System\quMCzFv.exe
  2⤵
  PID:7916
- C:\Windows\System\MZpAlvH.exe
  C:\Windows\System\MZpAlvH.exe
  2⤵
  PID:7932
- C:\Windows\System\BtRThjz.exe
  C:\Windows\System\BtRThjz.exe
  2⤵
  PID:7948
- C:\Windows\System\hjDNNtY.exe
  C:\Windows\System\hjDNNtY.exe
  2⤵
  PID:7964
- C:\Windows\System\xrwNKuL.exe
  C:\Windows\System\xrwNKuL.exe
  2⤵
  PID:7980
- C:\Windows\System\thkHnyB.exe
  C:\Windows\System\thkHnyB.exe
  2⤵
  PID:7996
- C:\Windows\System\StBwxco.exe
  C:\Windows\System\StBwxco.exe
  2⤵
  PID:8012
- C:\Windows\System\ancwbmO.exe
  C:\Windows\System\ancwbmO.exe
  2⤵
  PID:8028
- C:\Windows\System\SLTGQgF.exe
  C:\Windows\System\SLTGQgF.exe
  2⤵
  PID:8044
- C:\Windows\System\lMkPoLo.exe
  C:\Windows\System\lMkPoLo.exe
  2⤵
  PID:8060
- C:\Windows\System\qOUjgVh.exe
  C:\Windows\System\qOUjgVh.exe
  2⤵
  PID:8076
- C:\Windows\System\OseWVvS.exe
  C:\Windows\System\OseWVvS.exe
  2⤵
  PID:8092
- C:\Windows\System\iVOezag.exe
  C:\Windows\System\iVOezag.exe
  2⤵
  PID:8108
- C:\Windows\System\XLbQSsD.exe
  C:\Windows\System\XLbQSsD.exe
  2⤵
  PID:8124
- C:\Windows\System\WrWjkdL.exe
  C:\Windows\System\WrWjkdL.exe
  2⤵
  PID:8140
- C:\Windows\System\apuOVoX.exe
  C:\Windows\System\apuOVoX.exe
  2⤵
  PID:8156
- C:\Windows\System\FNrktxB.exe
  C:\Windows\System\FNrktxB.exe
  2⤵
  PID:8172
- C:\Windows\System\GZkXAuT.exe
  C:\Windows\System\GZkXAuT.exe
  2⤵
  PID:8188
- C:\Windows\System\ShBRaRE.exe
  C:\Windows\System\ShBRaRE.exe
  2⤵
  PID:6604
- C:\Windows\System\StZDxvq.exe
  C:\Windows\System\StZDxvq.exe
  2⤵
  PID:6320
- C:\Windows\System\dvgmLDu.exe
  C:\Windows\System\dvgmLDu.exe
  2⤵
  PID:7428
- C:\Windows\System\bGhmCeG.exe
  C:\Windows\System\bGhmCeG.exe
  2⤵
  PID:7204
- C:\Windows\System\nwonptw.exe
  C:\Windows\System\nwonptw.exe
  2⤵
  PID:7336
- C:\Windows\System\lTFehPA.exe
  C:\Windows\System\lTFehPA.exe
  2⤵
  PID:7492
- C:\Windows\System\UfjdGfb.exe
  C:\Windows\System\UfjdGfb.exe
  2⤵
  PID:7268
- C:\Windows\System\TcedzeW.exe
  C:\Windows\System\TcedzeW.exe
  2⤵
  PID:7448
- C:\Windows\System\uctuPuJ.exe
  C:\Windows\System\uctuPuJ.exe
  2⤵
  PID:7412
- C:\Windows\System\lhWYaJx.exe
  C:\Windows\System\lhWYaJx.exe
  2⤵
  PID:7316
- C:\Windows\System\ooGhfcX.exe
  C:\Windows\System\ooGhfcX.exe
  2⤵
  PID:7224
- C:\Windows\System\VgEDnfA.exe
  C:\Windows\System\VgEDnfA.exe
  2⤵
  PID:6364
- C:\Windows\System\plUobTL.exe
  C:\Windows\System\plUobTL.exe
  2⤵
  PID:6860
- C:\Windows\System\CecvzaM.exe
  C:\Windows\System\CecvzaM.exe
  2⤵
  PID:7584
- C:\Windows\System\RXyxABX.exe
  C:\Windows\System\RXyxABX.exe
  2⤵
  PID:6880
- C:\Windows\System\zssbMAe.exe
  C:\Windows\System\zssbMAe.exe
  2⤵
  PID:7600
- C:\Windows\System\islmNoN.exe
  C:\Windows\System\islmNoN.exe
  2⤵
  PID:7648
- C:\Windows\System\ZrzOBxI.exe
  C:\Windows\System\ZrzOBxI.exe
  2⤵
  PID:7712
- C:\Windows\System\erzeCCS.exe
  C:\Windows\System\erzeCCS.exe
  2⤵
  PID:7780
- C:\Windows\System\MoxvKRG.exe
  C:\Windows\System\MoxvKRG.exe
  2⤵
  PID:7844
- C:\Windows\System\pfcMEBB.exe
  C:\Windows\System\pfcMEBB.exe
  2⤵
  PID:7528
- C:\Windows\System\QHjknWg.exe
  C:\Windows\System\QHjknWg.exe
  2⤵
  PID:7940
- C:\Windows\System\aBGkHcG.exe
  C:\Windows\System\aBGkHcG.exe
  2⤵
  PID:8004
- C:\Windows\System\mwYIxpO.exe
  C:\Windows\System\mwYIxpO.exe
  2⤵
  PID:8068
- C:\Windows\System\cNvgjbC.exe
  C:\Windows\System\cNvgjbC.exe
  2⤵
  PID:8132
- C:\Windows\System\EZElGJN.exe
  C:\Windows\System\EZElGJN.exe
  2⤵
  PID:7668
- C:\Windows\System\tGhswgg.exe
  C:\Windows\System\tGhswgg.exe
  2⤵
  PID:7732
- C:\Windows\System\zEpkjJk.exe
  C:\Windows\System\zEpkjJk.exe
  2⤵
  PID:7892
- C:\Windows\System\RjaYiYi.exe
  C:\Windows\System\RjaYiYi.exe
  2⤵
  PID:7960
- C:\Windows\System\qyKzwxp.exe
  C:\Windows\System\qyKzwxp.exe
  2⤵
  PID:8024
- C:\Windows\System\FfBcuov.exe
  C:\Windows\System\FfBcuov.exe
  2⤵
  PID:7632
- C:\Windows\System\pukcWGh.exe
  C:\Windows\System\pukcWGh.exe
  2⤵
  PID:8152
- C:\Windows\System\CRiwsfh.exe
  C:\Windows\System\CRiwsfh.exe
  2⤵
  PID:8084
- C:\Windows\System\iNHZdiW.exe
  C:\Windows\System\iNHZdiW.exe
  2⤵
  PID:7800
- C:\Windows\System\intjKsz.exe
  C:\Windows\System\intjKsz.exe
  2⤵
  PID:8196
- C:\Windows\System\LWOeawE.exe
  C:\Windows\System\LWOeawE.exe
  2⤵
  PID:8212
- C:\Windows\System\OAUmHhY.exe
  C:\Windows\System\OAUmHhY.exe
  2⤵
  PID:8228
- C:\Windows\System\hdxGicZ.exe
  C:\Windows\System\hdxGicZ.exe
  2⤵
  PID:8244
- C:\Windows\System\UkNpRUZ.exe
  C:\Windows\System\UkNpRUZ.exe
  2⤵
  PID:8260
- C:\Windows\System\gCLNLFK.exe
  C:\Windows\System\gCLNLFK.exe
  2⤵
  PID:8276
- C:\Windows\System\BfgUZxa.exe
  C:\Windows\System\BfgUZxa.exe
  2⤵
  PID:8292
- C:\Windows\System\yuRBSyN.exe
  C:\Windows\System\yuRBSyN.exe
  2⤵
  PID:8308
- C:\Windows\System\QFouyrq.exe
  C:\Windows\System\QFouyrq.exe
  2⤵
  PID:8324
- C:\Windows\System\cnEjGTH.exe
  C:\Windows\System\cnEjGTH.exe
  2⤵
  PID:8340
- C:\Windows\System\ptTixUd.exe
  C:\Windows\System\ptTixUd.exe
  2⤵
  PID:8356
- C:\Windows\System\ZUSkEyx.exe
  C:\Windows\System\ZUSkEyx.exe
  2⤵
  PID:8372
- C:\Windows\System\ltijQju.exe
  C:\Windows\System\ltijQju.exe
  2⤵
  PID:8388
- C:\Windows\System\gVDpzil.exe
  C:\Windows\System\gVDpzil.exe
  2⤵
  PID:8404
- C:\Windows\System\VHrvtUq.exe
  C:\Windows\System\VHrvtUq.exe
  2⤵
  PID:8420
- C:\Windows\System\IlluecQ.exe
  C:\Windows\System\IlluecQ.exe
  2⤵
  PID:8436
- C:\Windows\System\pJcKbDZ.exe
  C:\Windows\System\pJcKbDZ.exe
  2⤵
  PID:8452
- C:\Windows\System\BxRuhGk.exe
  C:\Windows\System\BxRuhGk.exe
  2⤵
  PID:8468
- C:\Windows\System\aHHMfvA.exe
  C:\Windows\System\aHHMfvA.exe
  2⤵
  PID:8484
- C:\Windows\System\DJBCBVY.exe
  C:\Windows\System\DJBCBVY.exe
  2⤵
  PID:8500
- C:\Windows\System\dPLIpJj.exe
  C:\Windows\System\dPLIpJj.exe
  2⤵
  PID:8516
- C:\Windows\System\hRtPuYj.exe
  C:\Windows\System\hRtPuYj.exe
  2⤵
  PID:8532
- C:\Windows\System\okWEaYJ.exe
  C:\Windows\System\okWEaYJ.exe
  2⤵
  PID:8548
- C:\Windows\System\nchQTrQ.exe
  C:\Windows\System\nchQTrQ.exe
  2⤵
  PID:8568
- C:\Windows\System\KxJsGbG.exe
  C:\Windows\System\KxJsGbG.exe
  2⤵
  PID:8584
- C:\Windows\System\zORbrKt.exe
  C:\Windows\System\zORbrKt.exe
  2⤵
  PID:8600
- C:\Windows\System\nckEVho.exe
  C:\Windows\System\nckEVho.exe
  2⤵
  PID:8616
- C:\Windows\System\wyKzQRe.exe
  C:\Windows\System\wyKzQRe.exe
  2⤵
  PID:8632
- C:\Windows\System\nRXcoMp.exe
  C:\Windows\System\nRXcoMp.exe
  2⤵
  PID:8648
- C:\Windows\System\XaSlCGc.exe
  C:\Windows\System\XaSlCGc.exe
  2⤵
  PID:8664
- C:\Windows\System\UdPhXhh.exe
  C:\Windows\System\UdPhXhh.exe
  2⤵
  PID:8680
- C:\Windows\System\VKtMNJL.exe
  C:\Windows\System\VKtMNJL.exe
  2⤵
  PID:8696
- C:\Windows\System\wrxeAuD.exe
  C:\Windows\System\wrxeAuD.exe
  2⤵
  PID:8712
- C:\Windows\System\WuwTjTC.exe
  C:\Windows\System\WuwTjTC.exe
  2⤵
  PID:8744
- C:\Windows\System\uggKwqF.exe
  C:\Windows\System\uggKwqF.exe
  2⤵
  PID:8760
- C:\Windows\System\wUKcEph.exe
  C:\Windows\System\wUKcEph.exe
  2⤵
  PID:8776
- C:\Windows\System\GrkZcAK.exe
  C:\Windows\System\GrkZcAK.exe
  2⤵
  PID:8792
- C:\Windows\System\EEKdoXm.exe
  C:\Windows\System\EEKdoXm.exe
  2⤵
  PID:8808
- C:\Windows\System\jeIrThc.exe
  C:\Windows\System\jeIrThc.exe
  2⤵
  PID:8824
- C:\Windows\System\axUgIRZ.exe
  C:\Windows\System\axUgIRZ.exe
  2⤵
  PID:8840
- C:\Windows\System\hFoEGei.exe
  C:\Windows\System\hFoEGei.exe
  2⤵
  PID:8856
- C:\Windows\System\UnLThpx.exe
  C:\Windows\System\UnLThpx.exe
  2⤵
  PID:8872
- C:\Windows\System\KZFRTql.exe
  C:\Windows\System\KZFRTql.exe
  2⤵
  PID:8888
- C:\Windows\System\YyFmzGu.exe
  C:\Windows\System\YyFmzGu.exe
  2⤵
  PID:8908
- C:\Windows\System\paeobvC.exe
  C:\Windows\System\paeobvC.exe
  2⤵
  PID:8924
- C:\Windows\System\wXucwKT.exe
  C:\Windows\System\wXucwKT.exe
  2⤵
  PID:8940
- C:\Windows\System\oRdXtpH.exe
  C:\Windows\System\oRdXtpH.exe
  2⤵
  PID:8960
- C:\Windows\System\iVkJOZP.exe
  C:\Windows\System\iVkJOZP.exe
  2⤵
  PID:8988
- C:\Windows\System\gWnmKAY.exe
  C:\Windows\System\gWnmKAY.exe
  2⤵
  PID:9012
- C:\Windows\System\hbEcjFY.exe
  C:\Windows\System\hbEcjFY.exe
  2⤵
  PID:9028
- C:\Windows\System\FQzBPvL.exe
  C:\Windows\System\FQzBPvL.exe
  2⤵
  PID:9044
- C:\Windows\System\jFjnTRi.exe
  C:\Windows\System\jFjnTRi.exe
  2⤵
  PID:9064
- C:\Windows\System\xSKWsTu.exe
  C:\Windows\System\xSKWsTu.exe
  2⤵
  PID:9080
- C:\Windows\System\hecTWkh.exe
  C:\Windows\System\hecTWkh.exe
  2⤵
  PID:9096
- C:\Windows\System\eBNouIz.exe
  C:\Windows\System\eBNouIz.exe
  2⤵
  PID:9112
- C:\Windows\System\BHUvyoc.exe
  C:\Windows\System\BHUvyoc.exe
  2⤵
  PID:9128
- C:\Windows\System\pxRDdsz.exe
  C:\Windows\System\pxRDdsz.exe
  2⤵
  PID:9144
- C:\Windows\System\ykTIFdr.exe
  C:\Windows\System\ykTIFdr.exe
  2⤵
  PID:9160
- C:\Windows\System\UQXgiVH.exe
  C:\Windows\System\UQXgiVH.exe
  2⤵
  PID:9176
- C:\Windows\System\NFCkokV.exe
  C:\Windows\System\NFCkokV.exe
  2⤵
  PID:9192
- C:\Windows\System\UrbZjQe.exe
  C:\Windows\System\UrbZjQe.exe
  2⤵
  PID:9208
- C:\Windows\System\vhyaBJU.exe
  C:\Windows\System\vhyaBJU.exe
  2⤵
  PID:7400
- C:\Windows\System\JpWmXXF.exe
  C:\Windows\System\JpWmXXF.exe
  2⤵
  PID:7352
- C:\Windows\System\QqSFdRK.exe
  C:\Windows\System\QqSFdRK.exe
  2⤵
  PID:7684
- C:\Windows\System\bnVuzAk.exe
  C:\Windows\System\bnVuzAk.exe
  2⤵
  PID:7860
- C:\Windows\System\LajpEef.exe
  C:\Windows\System\LajpEef.exe
  2⤵
  PID:7828
- C:\Windows\System\qbRCQeq.exe
  C:\Windows\System\qbRCQeq.exe
  2⤵
  PID:8300
- C:\Windows\System\GexmvCx.exe
  C:\Windows\System\GexmvCx.exe
  2⤵
  PID:8496
- C:\Windows\System\ulOkfzl.exe
  C:\Windows\System\ulOkfzl.exe
  2⤵
  PID:8576
- C:\Windows\System\zDuQaLm.exe
  C:\Windows\System\zDuQaLm.exe
  2⤵
  PID:8352
- C:\Windows\System\qiTlWHe.exe
  C:\Windows\System\qiTlWHe.exe
  2⤵
  PID:8416
- C:\Windows\System\JRwlSZv.exe
  C:\Windows\System\JRwlSZv.exe
  2⤵
  PID:8592
- C:\Windows\System\BsDOiED.exe
  C:\Windows\System\BsDOiED.exe
  2⤵
  PID:8540
- C:\Windows\System\lXrnpfd.exe
  C:\Windows\System\lXrnpfd.exe
  2⤵
  PID:8612
- C:\Windows\System\wVqeVpb.exe
  C:\Windows\System\wVqeVpb.exe
  2⤵
  PID:8676
- C:\Windows\System\KCrmVYo.exe
  C:\Windows\System\KCrmVYo.exe
  2⤵
  PID:8656
- C:\Windows\System\mfUMVBf.exe
  C:\Windows\System\mfUMVBf.exe
  2⤵
  PID:7380
- C:\Windows\System\KSrfZIo.exe
  C:\Windows\System\KSrfZIo.exe
  2⤵
  PID:7568
- C:\Windows\System\MMynfhS.exe
  C:\Windows\System\MMynfhS.exe
  2⤵
  PID:7912
- C:\Windows\System\PQocexf.exe
  C:\Windows\System\PQocexf.exe
  2⤵
  PID:8020
- C:\Windows\System\uhrlrLP.exe
  C:\Windows\System\uhrlrLP.exe
  2⤵
  PID:8288
- C:\Windows\System\rXmxcXl.exe
  C:\Windows\System\rXmxcXl.exe
  2⤵
  PID:8224
- C:\Windows\System\POQRzIJ.exe
  C:\Windows\System\POQRzIJ.exe
  2⤵
  PID:8088
- C:\Windows\System\LCDHVAp.exe
  C:\Windows\System\LCDHVAp.exe
  2⤵
  PID:7928
- C:\Windows\System\oGXyaCc.exe
  C:\Windows\System\oGXyaCc.exe
  2⤵
  PID:7976
- C:\Windows\System\azbUWAC.exe
  C:\Windows\System\azbUWAC.exe
  2⤵
  PID:7752
- C:\Windows\System\KNYMODP.exe
  C:\Windows\System\KNYMODP.exe
  2⤵
  PID:7200
- C:\Windows\System\YhBroMm.exe
  C:\Windows\System\YhBroMm.exe
  2⤵
  PID:7284
- C:\Windows\System\CKiolfP.exe
  C:\Windows\System\CKiolfP.exe
  2⤵
  PID:7364
- C:\Windows\System\hwnWpBF.exe
  C:\Windows\System\hwnWpBF.exe
  2⤵
  PID:8204
- C:\Windows\System\wmsLFjl.exe
  C:\Windows\System\wmsLFjl.exe
  2⤵
  PID:8560
- C:\Windows\System\eGOYMSP.exe
  C:\Windows\System\eGOYMSP.exe
  2⤵
  PID:8624
- C:\Windows\System\wQPHDvT.exe
  C:\Windows\System\wQPHDvT.exe
  2⤵
  PID:8720
- C:\Windows\System\SHFEXMg.exe
  C:\Windows\System\SHFEXMg.exe
  2⤵
  PID:8364
- C:\Windows\System\dFykxhs.exe
  C:\Windows\System\dFykxhs.exe
  2⤵
  PID:8368
- C:\Windows\System\IfPPEyr.exe
  C:\Windows\System\IfPPEyr.exe
  2⤵
  PID:8756
- C:\Windows\System\rwIfFrL.exe
  C:\Windows\System\rwIfFrL.exe
  2⤵
  PID:8820
- C:\Windows\System\IRjIwFv.exe
  C:\Windows\System\IRjIwFv.exe
  2⤵
  PID:8884
- C:\Windows\System\zhqWWKp.exe
  C:\Windows\System\zhqWWKp.exe
  2⤵
  PID:8948
- C:\Windows\System\ejkRbAl.exe
  C:\Windows\System\ejkRbAl.exe
  2⤵
  PID:8836
- C:\Windows\System\kCREvdS.exe
  C:\Windows\System\kCREvdS.exe
  2⤵
  PID:8900
- C:\Windows\System\BcrqvXy.exe
  C:\Windows\System\BcrqvXy.exe
  2⤵
  PID:8768
- C:\Windows\System\sLnpzNN.exe
  C:\Windows\System\sLnpzNN.exe
  2⤵
  PID:2324
- C:\Windows\System\NewIhbJ.exe
  C:\Windows\System\NewIhbJ.exe
  2⤵
  PID:9008
- C:\Windows\System\ayFlQeG.exe
  C:\Windows\System\ayFlQeG.exe
  2⤵
  PID:7056
- C:\Windows\System\ZJeLFss.exe
  C:\Windows\System\ZJeLFss.exe
  2⤵
  PID:9184
- C:\Windows\System\QCzUqwM.exe
  C:\Windows\System\QCzUqwM.exe
  2⤵
  PID:9024
- C:\Windows\System\cKPsRzT.exe
  C:\Windows\System\cKPsRzT.exe
  2⤵
  PID:8464
- C:\Windows\System\oTtjjyy.exe
  C:\Windows\System\oTtjjyy.exe
  2⤵
  PID:8384
- C:\Windows\System\WrnXKnz.exe
  C:\Windows\System\WrnXKnz.exe
  2⤵
  PID:8268
- C:\Windows\System\hxmtlHv.exe
  C:\Windows\System\hxmtlHv.exe
  2⤵
  PID:8512
- C:\Windows\System\oUaHFYD.exe
  C:\Windows\System\oUaHFYD.exe
  2⤵
  PID:7908
- C:\Windows\System\YqAUZld.exe
  C:\Windows\System\YqAUZld.exe
  2⤵
  PID:7764
- C:\Windows\System\BpzwwyE.exe
  C:\Windows\System\BpzwwyE.exe
  2⤵
  PID:7588
- C:\Windows\System\bxdXpXe.exe
  C:\Windows\System\bxdXpXe.exe
  2⤵
  PID:8608
- C:\Windows\System\AVqDtdO.exe
  C:\Windows\System\AVqDtdO.exe
  2⤵
  PID:7104
- C:\Windows\System\nnGQLbn.exe
  C:\Windows\System\nnGQLbn.exe
  2⤵
  PID:8528
- C:\Windows\System\VgKqyOQ.exe
  C:\Windows\System\VgKqyOQ.exe
  2⤵
  PID:8460
- C:\Windows\System\YLPsOSm.exe
  C:\Windows\System\YLPsOSm.exe
  2⤵
  PID:7252
- C:\Windows\System\faKjVRk.exe
  C:\Windows\System\faKjVRk.exe
  2⤵
  PID:8740
- C:\Windows\System\WVXftnO.exe
  C:\Windows\System\WVXftnO.exe
  2⤵
  PID:8868
- C:\Windows\System\EbpnUOv.exe
  C:\Windows\System\EbpnUOv.exe
  2⤵
  PID:8996
- C:\Windows\System\seWOatg.exe
  C:\Windows\System\seWOatg.exe
  2⤵
  PID:9104
- C:\Windows\System\GqGRVzX.exe
  C:\Windows\System\GqGRVzX.exe
  2⤵
  PID:9172
- C:\Windows\System\fBFOdLr.exe
  C:\Windows\System\fBFOdLr.exe
  2⤵
  PID:8984
- C:\Windows\System\mJbLMre.exe
  C:\Windows\System\mJbLMre.exe
  2⤵
  PID:9092
- C:\Windows\System\kcKTMkD.exe
  C:\Windows\System\kcKTMkD.exe
  2⤵
  PID:7184
- C:\Windows\System\CdfiLET.exe
  C:\Windows\System\CdfiLET.exe
  2⤵
  PID:8348
- C:\Windows\System\METyDWV.exe
  C:\Windows\System\METyDWV.exe
  2⤵
  PID:8316
- C:\Windows\System\nEogMII.exe
  C:\Windows\System\nEogMII.exe
  2⤵
  PID:8672
- C:\Windows\System\TSwXQRF.exe
  C:\Windows\System\TSwXQRF.exe
  2⤵
  PID:9156
- C:\Windows\System\twshRBE.exe
  C:\Windows\System\twshRBE.exe
  2⤵
  PID:7444
- C:\Windows\System\TdYzTmC.exe
  C:\Windows\System\TdYzTmC.exe
  2⤵
  PID:7480
- C:\Windows\System\bsmsNdu.exe
  C:\Windows\System\bsmsNdu.exe
  2⤵
  PID:8816
- C:\Windows\System\SkiWjpd.exe
  C:\Windows\System\SkiWjpd.exe
  2⤵
  PID:8896
- C:\Windows\System\sxZyAjZ.exe
  C:\Windows\System\sxZyAjZ.exe
  2⤵
  PID:8580
- C:\Windows\System\EjJISQx.exe
  C:\Windows\System\EjJISQx.exe
  2⤵
  PID:7516
- C:\Windows\System\OtqzhMm.exe
  C:\Windows\System\OtqzhMm.exe
  2⤵
  PID:8252
- C:\Windows\System\NqQEHkK.exe
  C:\Windows\System\NqQEHkK.exe
  2⤵
  PID:9140
- C:\Windows\System\iCsgTkW.exe
  C:\Windows\System\iCsgTkW.exe
  2⤵
  PID:9052
- C:\Windows\System\LQqNEsX.exe
  C:\Windows\System\LQqNEsX.exe
  2⤵
  PID:8508
- C:\Windows\System\scsWxcW.exe
  C:\Windows\System\scsWxcW.exe
  2⤵
  PID:8272
- C:\Windows\System\agQyOLl.exe
  C:\Windows\System\agQyOLl.exe
  2⤵
  PID:7512
- C:\Windows\System\QDuAGhH.exe
  C:\Windows\System\QDuAGhH.exe
  2⤵
  PID:8852
- C:\Windows\System\EBrWFhI.exe
  C:\Windows\System\EBrWFhI.exe
  2⤵
  PID:8936
- C:\Windows\System\JgPjwcd.exe
  C:\Windows\System\JgPjwcd.exe
  2⤵
  PID:7332
- C:\Windows\System\yFioDQO.exe
  C:\Windows\System\yFioDQO.exe
  2⤵
  PID:8332
- C:\Windows\System\WFIhNws.exe
  C:\Windows\System\WFIhNws.exe
  2⤵
  PID:9076
- C:\Windows\System\OwzYdEP.exe
  C:\Windows\System\OwzYdEP.exe
  2⤵
  PID:8168
- C:\Windows\System\plIiaXt.exe
  C:\Windows\System\plIiaXt.exe
  2⤵
  PID:8476
- C:\Windows\System\vEjYHAv.exe
  C:\Windows\System\vEjYHAv.exe
  2⤵
  PID:7500
- C:\Windows\System\PPgEUJg.exe
  C:\Windows\System\PPgEUJg.exe
  2⤵
  PID:8056
- C:\Windows\System\kgBBuxR.exe
  C:\Windows\System\kgBBuxR.exe
  2⤵
  PID:8692
- C:\Windows\System\fUFBNUv.exe
  C:\Windows\System\fUFBNUv.exe
  2⤵
  PID:8956
- C:\Windows\System\vwWYkMD.exe
  C:\Windows\System\vwWYkMD.exe
  2⤵
  PID:9060
- C:\Windows\System\LgzFOvu.exe
  C:\Windows\System\LgzFOvu.exe
  2⤵
  PID:9108
- C:\Windows\System\IhPZIcL.exe
  C:\Windows\System\IhPZIcL.exe
  2⤵
  PID:7956
- C:\Windows\System\SRDuHZR.exe
  C:\Windows\System\SRDuHZR.exe
  2⤵
  PID:9088
- C:\Windows\System\hncDwmG.exe
  C:\Windows\System\hncDwmG.exe
  2⤵
  PID:9240
- C:\Windows\System\xWnvKus.exe
  C:\Windows\System\xWnvKus.exe
  2⤵
  PID:9296
- C:\Windows\System\HZxCkvw.exe
  C:\Windows\System\HZxCkvw.exe
  2⤵
  PID:9320
- C:\Windows\System\VmqkqoX.exe
  C:\Windows\System\VmqkqoX.exe
  2⤵
  PID:9336
- C:\Windows\System\EWuBQZW.exe
  C:\Windows\System\EWuBQZW.exe
  2⤵
  PID:9356
- C:\Windows\System\PlJeQzG.exe
  C:\Windows\System\PlJeQzG.exe
  2⤵
  PID:9376
- C:\Windows\System\sXuXzrc.exe
  C:\Windows\System\sXuXzrc.exe
  2⤵
  PID:9392
- C:\Windows\System\oWDJNRW.exe
  C:\Windows\System\oWDJNRW.exe
  2⤵
  PID:9408
- C:\Windows\System\sCqNOZF.exe
  C:\Windows\System\sCqNOZF.exe
  2⤵
  PID:9424
- C:\Windows\System\tkfnZtt.exe
  C:\Windows\System\tkfnZtt.exe
  2⤵
  PID:9448
- C:\Windows\System\xsLLGRh.exe
  C:\Windows\System\xsLLGRh.exe
  2⤵
  PID:9468
- C:\Windows\System\htOziPm.exe
  C:\Windows\System\htOziPm.exe
  2⤵
  PID:9488
- C:\Windows\System\HTUdkpi.exe
  C:\Windows\System\HTUdkpi.exe
  2⤵
  PID:9504
- C:\Windows\System\cwQFLBt.exe
  C:\Windows\System\cwQFLBt.exe
  2⤵
  PID:9532
- C:\Windows\System\inJaUNZ.exe
  C:\Windows\System\inJaUNZ.exe
  2⤵
  PID:9552
- C:\Windows\System\BrScMTE.exe
  C:\Windows\System\BrScMTE.exe
  2⤵
  PID:9572
- C:\Windows\System\JMeqGBJ.exe
  C:\Windows\System\JMeqGBJ.exe
  2⤵
  PID:9596
- C:\Windows\System\rMLGUJn.exe
  C:\Windows\System\rMLGUJn.exe
  2⤵
  PID:9612
- C:\Windows\System\siQjXcH.exe
  C:\Windows\System\siQjXcH.exe
  2⤵
  PID:9636
- C:\Windows\System\IFitXcb.exe
  C:\Windows\System\IFitXcb.exe
  2⤵
  PID:9652
- C:\Windows\System\meMTuDJ.exe
  C:\Windows\System\meMTuDJ.exe
  2⤵
  PID:9668
- C:\Windows\System\BAWZsKg.exe
  C:\Windows\System\BAWZsKg.exe
  2⤵
  PID:9688
- C:\Windows\System\khiCuzr.exe
  C:\Windows\System\khiCuzr.exe
  2⤵
  PID:9704
- C:\Windows\System\CmiAxKX.exe
  C:\Windows\System\CmiAxKX.exe
  2⤵
  PID:9724
- C:\Windows\System\IQeksoz.exe
  C:\Windows\System\IQeksoz.exe
  2⤵
  PID:9744
- C:\Windows\System\jiVdrBQ.exe
  C:\Windows\System\jiVdrBQ.exe
  2⤵
  PID:9764
- C:\Windows\System\oJTxEda.exe
  C:\Windows\System\oJTxEda.exe
  2⤵
  PID:9780
- C:\Windows\System\hhLZAfO.exe
  C:\Windows\System\hhLZAfO.exe
  2⤵
  PID:9800
- C:\Windows\System\CAfRkjW.exe
  C:\Windows\System\CAfRkjW.exe
  2⤵
  PID:9940
- C:\Windows\System\TSjJzSH.exe
  C:\Windows\System\TSjJzSH.exe
  2⤵
  PID:9980
- C:\Windows\System\RyfKMgG.exe
  C:\Windows\System\RyfKMgG.exe
  2⤵
  PID:9996
- C:\Windows\System\ORVxCHt.exe
  C:\Windows\System\ORVxCHt.exe
  2⤵
  PID:10012
- C:\Windows\System\NtHkyBQ.exe
  C:\Windows\System\NtHkyBQ.exe
  2⤵
  PID:10036
- C:\Windows\System\qXLWclf.exe
  C:\Windows\System\qXLWclf.exe
  2⤵
  PID:10060
- C:\Windows\System\PZDMaUt.exe
  C:\Windows\System\PZDMaUt.exe
  2⤵
  PID:10080
- C:\Windows\System\elNWxzb.exe
  C:\Windows\System\elNWxzb.exe
  2⤵
  PID:10096
- C:\Windows\System\SClbrvY.exe
  C:\Windows\System\SClbrvY.exe
  2⤵
  PID:10112
- C:\Windows\System\EuwIUpQ.exe
  C:\Windows\System\EuwIUpQ.exe
  2⤵
  PID:10128
- C:\Windows\System\Lrxqwji.exe
  C:\Windows\System\Lrxqwji.exe
  2⤵
  PID:10144
- C:\Windows\System\gOpyvgy.exe
  C:\Windows\System\gOpyvgy.exe
  2⤵
  PID:10160
- C:\Windows\System\hQtvWXp.exe
  C:\Windows\System\hQtvWXp.exe
  2⤵
  PID:10176
- C:\Windows\System\whxKywz.exe
  C:\Windows\System\whxKywz.exe
  2⤵
  PID:9584
- C:\Windows\System\zAZjkGW.exe
  C:\Windows\System\zAZjkGW.exe
  2⤵
  PID:9604
- C:\Windows\System\avhmGmE.exe
  C:\Windows\System\avhmGmE.exe
  2⤵
  PID:9664
- C:\Windows\System\WgTIRqs.exe
  C:\Windows\System\WgTIRqs.exe
  2⤵
  PID:9736
- C:\Windows\System\eSWFOkd.exe
  C:\Windows\System\eSWFOkd.exe
  2⤵
  PID:9808
- C:\Windows\System\mYcVbYs.exe
  C:\Windows\System\mYcVbYs.exe
  2⤵
  PID:9812
- C:\Windows\System\YHhghLp.exe
  C:\Windows\System\YHhghLp.exe
  2⤵
  PID:9828
- C:\Windows\System\EmvJKhD.exe
  C:\Windows\System\EmvJKhD.exe
  2⤵
  PID:9720
- C:\Windows\System\SHiakPn.exe
  C:\Windows\System\SHiakPn.exe
  2⤵
  PID:9760
- C:\Windows\System\YpysnSa.exe
  C:\Windows\System\YpysnSa.exe
  2⤵
  PID:9348
- C:\Windows\System\BvYhNiy.exe
  C:\Windows\System\BvYhNiy.exe
  2⤵
  PID:9852
- C:\Windows\System\pBvtBvP.exe
  C:\Windows\System\pBvtBvP.exe
  2⤵
  PID:9872
- C:\Windows\System\ZDWFzxp.exe
  C:\Windows\System\ZDWFzxp.exe
  2⤵
  PID:9888
- C:\Windows\System\icPuluE.exe
  C:\Windows\System\icPuluE.exe
  2⤵
  PID:9916
- C:\Windows\System\QEDbMhA.exe
  C:\Windows\System\QEDbMhA.exe
  2⤵
  PID:9920
- C:\Windows\System\nSpQtkt.exe
  C:\Windows\System\nSpQtkt.exe
  2⤵
  PID:9936
- C:\Windows\System\fhVDEgm.exe
  C:\Windows\System\fhVDEgm.exe
  2⤵
  PID:9960
- C:\Windows\System\yieTTiq.exe
  C:\Windows\System\yieTTiq.exe
  2⤵
  PID:9972
- C:\Windows\System\AvvrNID.exe
  C:\Windows\System\AvvrNID.exe
  2⤵
  PID:9948
- C:\Windows\System\bniyDgN.exe
  C:\Windows\System\bniyDgN.exe
  2⤵
  PID:10152
- C:\Windows\System\wxfdoRv.exe
  C:\Windows\System\wxfdoRv.exe
  2⤵
  PID:9988
- C:\Windows\System\kdbECAh.exe
  C:\Windows\System\kdbECAh.exe
  2⤵
  PID:10072
- C:\Windows\System\LUOkjpC.exe
  C:\Windows\System\LUOkjpC.exe
  2⤵
  PID:10172
- C:\Windows\System\NTruIEW.exe
  C:\Windows\System\NTruIEW.exe
  2⤵
  PID:10004
- C:\Windows\System\sJuuPcB.exe
  C:\Windows\System\sJuuPcB.exe
  2⤵
  PID:10092
- C:\Windows\System\xeQPXFB.exe
  C:\Windows\System\xeQPXFB.exe
  2⤵
  PID:9384
- C:\Windows\System\CnZsCHp.exe
  C:\Windows\System\CnZsCHp.exe
  2⤵
  PID:10224
- C:\Windows\System\LYUpQSn.exe
  C:\Windows\System\LYUpQSn.exe
  2⤵
  PID:9228
- C:\Windows\System\zCTmKfi.exe
  C:\Windows\System\zCTmKfi.exe
  2⤵
  PID:9372
- C:\Windows\System\sKwRJGl.exe
  C:\Windows\System\sKwRJGl.exe
  2⤵
  PID:9568
- C:\Windows\System\cwoGPqW.exe
  C:\Windows\System\cwoGPqW.exe
  2⤵
  PID:9580
- C:\Windows\System\zHGaNyX.exe
  C:\Windows\System\zHGaNyX.exe
  2⤵
  PID:9528
- C:\Windows\System\OGbLgsV.exe
  C:\Windows\System\OGbLgsV.exe
  2⤵
  PID:9648
- C:\Windows\System\RLYDGfN.exe
  C:\Windows\System\RLYDGfN.exe
  2⤵
  PID:9976
- C:\Windows\System\ZjhezrJ.exe
  C:\Windows\System\ZjhezrJ.exe
  2⤵
  PID:10120
- C:\Windows\System\fleURsh.exe
  C:\Windows\System\fleURsh.exe
  2⤵
  PID:9236
- C:\Windows\System\fhtnvvm.exe
  C:\Windows\System\fhtnvvm.exe
  2⤵
  PID:9344
- C:\Windows\System\PmugSht.exe
  C:\Windows\System\PmugSht.exe
  2⤵
  PID:9328
- C:\Windows\System\lkryFVx.exe
  C:\Windows\System\lkryFVx.exe
  2⤵
  PID:9368
- C:\Windows\System\sJXiNIR.exe
  C:\Windows\System\sJXiNIR.exe
  2⤵
  PID:8724
- C:\Windows\System\wEmKSNz.exe
  C:\Windows\System\wEmKSNz.exe
  2⤵
  PID:9592
- C:\Windows\System\qfKkJON.exe
  C:\Windows\System\qfKkJON.exe
  2⤵
  PID:9484
- C:\Windows\System\rQltKCL.exe
  C:\Windows\System\rQltKCL.exe
  2⤵
  PID:10068
- C:\Windows\System\ipuEKpv.exe
  C:\Windows\System\ipuEKpv.exe
  2⤵
  PID:9460
- C:\Windows\System\lJJIkTk.exe
  C:\Windows\System\lJJIkTk.exe
  2⤵
  PID:10220
- C:\Windows\System\dXzvLru.exe
  C:\Windows\System\dXzvLru.exe
  2⤵
  PID:9332
- C:\Windows\System\glILrwn.exe
  C:\Windows\System\glILrwn.exe
  2⤵
  PID:7664
- C:\Windows\System\UnMzuQe.exe
  C:\Windows\System\UnMzuQe.exe
  2⤵
  PID:8968
- C:\Windows\System\HrHBsTs.exe
  C:\Windows\System\HrHBsTs.exe
  2⤵
  PID:9284
- C:\Windows\System\bhaIaZW.exe
  C:\Windows\System\bhaIaZW.exe
  2⤵
  PID:9352
- C:\Windows\System\qmWXNZY.exe
  C:\Windows\System\qmWXNZY.exe
  2⤵
  PID:9444
- C:\Windows\System\QneKGUL.exe
  C:\Windows\System\QneKGUL.exe
  2⤵
  PID:9476
- C:\Windows\System\icztGPh.exe
  C:\Windows\System\icztGPh.exe
  2⤵
  PID:10048
- C:\Windows\System\CRdGdhP.exe
  C:\Windows\System\CRdGdhP.exe
  2⤵
  PID:9608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIuODQe.exe

Filesize
6.0MB

MD5
d5c52bbcaba411581e4a32be8e426e0f

SHA1
6a19b16ea92e7c7e4e4fee2e7cbd5ef15816547b

SHA256
4e2d72964d8a67bec5e420546f2f6aaf7e3bb7ae069c06480d1054b26e239c28

SHA512
4b9130159cb45ea7b69e02f81d34d2c0126e508b1554c970a36c72919a94b926baaaac1dc30b6da806fd82c06a244c5e1bae3fdc42f477a52eba60eb21ee94c9

Download Submit
C:\Windows\system\AemxcME.exe

Filesize
6.0MB

MD5
5a9c9ce4a9e0bb490636384688cf1bfb

SHA1
4d1bc60db1ce06a9f5fabbc78420e0ba34d9efda

SHA256
764aaffd86ce8178390e9fb73a8b50be4b47e03ba4d6c5a24e9937723be0d0c1

SHA512
f50f28a6b42f7989cf6278d02679bfc8ab5b1a3c6d3e1d8ffe322e2854dcefebfd0348dc125b1bfb9a7c4315c06e39b35ec92a089ff7fbb0acfd7ac2005605ca

Download Submit
C:\Windows\system\DfIWBee.exe

Filesize
6.0MB

MD5
ace01b5c9081154789d6178e35a20df1

SHA1
668ffdf3a6d7a7d4a5dd6ea3955d6655ad5c5bb2

SHA256
477318bd6e451c42a2d53bbf38ff9f8713d224763e075df94f31c94d896f52e6

SHA512
ae06c20f08de9df976c1a6e92b0bcb2a1ed42cb773985abc7b8a32b8653b0c097daa0db41f874918cb68ed2a143fb79b9feb7448066a3787478bc09a178b5974

Download Submit
C:\Windows\system\DyjutTW.exe

Filesize
6.0MB

MD5
6add2006cb7b63f5f41887e092c1519d

SHA1
df0ac75fc4ab22db3e52ae8e48e7302d0a9ff651

SHA256
729f64a3e0625202810569d1f9f2364a6b2671644655b9198c081b57d8ad63fe

SHA512
6b8844c1d6b78a3c73be8f973bd15d45a447b3e51dc32547e5e159da7295ced4637cb8b6cae1101e764d601aa5ac031f4042fcfc23954c3c349fc76ac1e77e16

Download Submit
C:\Windows\system\EmgGnND.exe

Filesize
6.0MB

MD5
55335b561e673da13499935ab32b18e5

SHA1
1418c98cf3f3ba58404197bcd640b0b1ce502045

SHA256
5f8028d10bcb69d485dd1b758f5254058786e0773714db0311651be428395901

SHA512
010488c5164ebb5f3ca356230147fc19093ab0cfc318b22f07bd9cca5c7f1377e34f4878b578e0eaa6487c40e86005926e8fc81571344c4c52d0f414658d0524

Download Submit
C:\Windows\system\GKQEffL.exe

Filesize
6.0MB

MD5
823b60d854bae337603ea3e1a945588e

SHA1
b315b628a4a66bc17ce668cb741d658c8ecb43d9

SHA256
6ad2d706baaf7eb9f1600dfee6664bd726e10943c860779b472d802df77624cd

SHA512
6e3d72c081e549a37e6cce256c236f38d2e83bb279f088c0aa7ee1d48924b7d1c932d4ed414dcb0c268ac83acd1a872745634e93516779b4481e400ec8f9311b

Download Submit
C:\Windows\system\HTuEbUv.exe

Filesize
6.0MB

MD5
e86d44cfe8d1b89e180f12be957f322a

SHA1
b34a24623cf69845e4d83bfa3b8bc4fac074d739

SHA256
524494f45da74e6ac3edd6017221d6e6cdac550ca80ee5c600cb070ccf6ad66b

SHA512
dc6e9625da0938d33751a18a47d2bd1699e2c5fd0d4265202418a469dbe827aa17f3d39a6b6d8518e207c49da9f33c80f413c1d5394a3ba7537250672c9af6c9

Download Submit
C:\Windows\system\JFSZZjt.exe

Filesize
6.0MB

MD5
2b2e835afc10a7411db68a8ecf35dea1

SHA1
7977545d5b0cafe7ed204d4e7a93f1ce5fa12afa

SHA256
492acba9726d69b0cf6b275389fa29044bbe7d724e5d3134e9ccb33aa810ac48

SHA512
299799f7f3d72c50f14a054eedf3b9b6e25a7e59a57c2f4f2c9e574a2c17377d9aa09d5d4652f7290cf45d226bc712c94cd5f91d61e3c857925fd6498bcf76a0

Download Submit
C:\Windows\system\KmkFwOH.exe

Filesize
6.0MB

MD5
07fc90ab12e3b81d81836f668273dfd3

SHA1
5dcc779caf8b979044f6b6bc63d4077659d9c3cb

SHA256
29c9de3ad7d94b410c7dd889209b19b5dc4a1ad1b412047577bb1c159b347de1

SHA512
7be977f4e9278639025cbd1946dc61324a6deb2e93e353cef92dc5100a338f22f1928e802264457afd2e3ef10d84088c9fbc6e6c4bf47cc6a92e4bc06c12f811

Download Submit
C:\Windows\system\RrqnEiV.exe

Filesize
6.0MB

MD5
3ea5ac1f97e442227c40453615553458

SHA1
ab516b24af66f3a741f103e4a6a67941fc45deb7

SHA256
cde43273bd38eb4f133f14ee4f9ea081cdda7f4fb178d8241695ea7b841646a5

SHA512
9128d5572d70f86ec285a76f5e73ccef9517f262d3cb30fbf5c3deeeb737d43b559a13ca0562469ca6ffd4946fa67ed208f817c13cd7cafb92280e8d05f5928b

Download Submit
C:\Windows\system\TCvIljc.exe

Filesize
6.0MB

MD5
55072c049b43b0deef44cf8b6cefe9b8

SHA1
134c8de6a727b4707eb863a510faba5df130bd96

SHA256
ad7e506d0ff6d4e0c37f14e6c2fe12164f06cd4de43847f78a515d3b9fc7d43c

SHA512
8b6b4cf7593d7d112ce5e5e53b71847a9c576baaaee31873928636a49d8bf9b07abfb4a69a30b178158de43b856643e0c39178a64188e615907ff25a36cb0d9f

Download Submit
C:\Windows\system\TrCAtez.exe

Filesize
6.0MB

MD5
9cf1dd89eed92cf3a453692c1418f2d7

SHA1
07afa370e57e1205d92b225ef8576749a4cd56d0

SHA256
05123e323f83070f0c6652a3a69200fbb8a35a0314191736840721da6b36b41c

SHA512
9c3ba3492481e3f20c0f2c26066afbbb10ebd79921cee024321cbed7bb30a9bd2e7b22103e0b5f609b3aeac59bba19638af82ab2ca75302b588faaf9dbe0f513

Download Submit
C:\Windows\system\VjcVMDm.exe

Filesize
6.0MB

MD5
590e64169d3db1df30bdd8704c3db8d0

SHA1
d6db2e20ceb8d1b262013d7a88f7227dfd4acbb2

SHA256
775030bccb9e4b6826426b582c80ec01ceb2a435561a78ff3ff164837e874896

SHA512
358f9e5b2d3c12cc5286b9d941ca1cc32981d7f7230b5c38643fc4f883c2f0468fb528396e05b3fd495da38ef4b17ee9d3d445eb8065ff1d8086f08d75728716

Download Submit
C:\Windows\system\ayDpjUn.exe

Filesize
6.0MB

MD5
6c4cc849a173da4f4fc4c382daf801ad

SHA1
cdb499afb55fbfb1a4aac27ca58c0c0ff5a09e78

SHA256
7c84d9a26de3a40b977a1556125cef07d97d824b55ffcdf91751b1548f08a68b

SHA512
41877ab823f588bf34a568879b7916b0daadb872b56f095c138d825fc1299e952a1e12f9a1157fe60164764ae03081bec540544ced9c28a1295465d622260096

Download Submit
C:\Windows\system\fzDrMff.exe

Filesize
6.0MB

MD5
623520a2ddcf0465ce43386094cf90fe

SHA1
3ff1c957e4ac19ebba7c92bda701a4a758e6679f

SHA256
b8fc2748a8b81a34b8b58e9e30c2a896e70e76f3f94a0b9bcffdbc22be0fc72e

SHA512
bc14ef14cd51f110e6f9bc08d430423839d0102596e8a46b15b0509c88171cf65374e4a1d1972be39de9c45cdb57f284dc2b441282c01f8e35b73a5b43994241

Download Submit
C:\Windows\system\gRkfGQP.exe

Filesize
6.0MB

MD5
8d9ba91f9d2dda7ad3d9212441b807e5

SHA1
8e01c81b37702469fe47da83d0ce947f98287892

SHA256
ca51b4b5ac61fc8f7d8820aaa82d4e4165cc617a2234d817de5a2c25a61a9ffa

SHA512
36112096ec811dfdfda33287e6bc0cb315882afa9d0fc37dd96e9a9c8c4335499dbbcc936dd96b5a571d5763860d3a4c58d2e9f53c936c71c3c0a9ffe2f4bcd9

Download Submit
C:\Windows\system\jSrbNcr.exe

Filesize
6.0MB

MD5
bc294333947e74d3514594f714c1a1e9

SHA1
dc0548a2e9f9ddd8bd47ea67fbc2fd565290eae8

SHA256
ff70d130abe81827ba198569ca53585c31f753865d72e47bda8ef7f52bd37b5c

SHA512
1ee41e272ab20190e251b8aa731968fa641cace46ae0d0156953e5fd5b15a2e0c88833ff464ab5df69f831dddbb0a9460a0d46d2891910ecbf970f4591a37c89

Download Submit
C:\Windows\system\kjizZFv.exe

Filesize
6.0MB

MD5
8cf1a515a7b041f2e3b5289d6a51cd88

SHA1
950725cf5dcf7ef5104f7551d341ed6347da552b

SHA256
af2aa73feb928ec391948a5eaf76a663b33aa5bb114da31c3908847b0435a090

SHA512
83756c0aeac31fece51c560974c1e9d40982f1376a4e7b08bcd8b4efd2ac3854812d9d46052585f4536bdb0ae6565e45632fe4251ec23f5c069f965736ee9dce

Download Submit
C:\Windows\system\lzTPKaU.exe

Filesize
6.0MB

MD5
0701723522252db08e93f33c4e05dd53

SHA1
7260ae38632f789b48a7ee60ec27697e49e55e4a

SHA256
1a6e5869facd535f73906342aa56fca36fbc7131f88b668b3e7442a88ce4b482

SHA512
b13eab245e39d0d6b647c19a48d1096d9d7ce20f69696bc551c6ecb87e32f5bd483138fcc06d7bba16549d2dd7c3448f6eeb195470007de9030853fdafc5fc1e

Download Submit
C:\Windows\system\nciGyKc.exe

Filesize
6.0MB

MD5
2a044c52c973acb7130f0eeed4ec41fc

SHA1
0b95bd86e801d62b42ea1e1abc32d46e74eb338b

SHA256
d4dfcd23e907442d0d2fcdf25032317bcd28988f9e86ea2bcbfbf43201a1309b

SHA512
f2aa7292b1195f6a48bce714f007940a95eb7b90c9f20e398da3693066da99771e7165a435a69058eb3773c0e1f9e7f0cbd61640528763a642bce2df54da91f1

Download Submit
C:\Windows\system\nyGhTrW.exe

Filesize
6.0MB

MD5
ec382ba13c6547b1ce70b643c3b5eb4b

SHA1
7bc53e4fd42d61554d8c453c4ed4b9e48d14ceaf

SHA256
6272a97923af6f812869cb0965eedef0541fbaba6efef93c925094248aec8153

SHA512
63e10d108f1510bcc0e7b37db9e37db34696bb3cf7e0ee8d220f8c3b768f1345e8987a936af83306b96138fa940d62da4871a50c3cb4309d944bd2df64af81e8

Download Submit
C:\Windows\system\rWBKthj.exe

Filesize
6.0MB

MD5
2b48d0966d2d2f7c1facbd1068514dd5

SHA1
f5358d3aae010b73c4c272ac0ba87fdc768f8c30

SHA256
1c11dc7c687eeebcf5eeb63bf377ef8a4a903355f639a635b31b465e146c1cb2

SHA512
e0ecd0016a6b91f642581c68898433725681e7ec898f6572f381ae9f6e3dced802d53f490c36c6c84851fe7700d685131b52e3507fdb4be0b447bc55b35ea5fc

Download Submit
C:\Windows\system\sjTPvOE.exe

Filesize
6.0MB

MD5
be1fd9d999b1643fd5f4b9dbcd77f581

SHA1
08442b2d7b8ac54bc959c54e563208029d94dea3

SHA256
15266cbd2b0ee64fc964a206717f14555723e1c8f62d3d6fba00c1ad9c1acd6d

SHA512
b9c2d6c33d7354c8ceabe4add7e268355929eda9997b4beb4fc9b3f25f8598b66e40d59852ee7328ccf6c774e942d4096aedbb122f912e444d83ef15b601dfdf

Download Submit
C:\Windows\system\sxldLoR.exe

Filesize
6.0MB

MD5
3ef2e3bc80184770af48ee8cd1e338d3

SHA1
5147a4bda28b2da267e80f086e3682c917ee8cc5

SHA256
5f1fa211318c3e7727fe7f0404049698d76e23bb736ba65e5613caee10ab6bb3

SHA512
92e1ef5825a9009597c5601b4ce99a658df3557fb3e617ce0579aad5475689f9e69581165d06ef84b6ec24e6f7daeb0cd5b6c0e92b0449b4d4ac57cba094ca46

Download Submit
C:\Windows\system\uIbTGzx.exe

Filesize
6.0MB

MD5
aadc706bc1e359ff93b3c3dc8de85141

SHA1
0dea7bfab1ba465355bf216f1e5cd5ca092add05

SHA256
8538f85bcffa2885543a80915f2d6f53604113580965a6103e52e71ca5624a81

SHA512
69bda47db814fad42c376d04ce2ea4943681398e4a921c3c10b723622d184d4bc9c69bbb34eef1e6399b60b1a8578276eed63ed5f4488f14ec41972bf969cff5

Download Submit
C:\Windows\system\vHlauIL.exe

Filesize
6.0MB

MD5
1d2b7c6b49d9067a77d40f7d178a8814

SHA1
57c0af7d6914fed06dfd9141f557b131d6ab8645

SHA256
0e93a1cd34b020fd59b14a24b51fc596ff0bed026858cc78e9860bff75428c05

SHA512
9cf81f1d9d7d07edca591a5532edd147f55e4b1861188928c46f9ba8f8ae379d02d352562f92da3d5539d8878e8fc902798649fffa214015bbb8c3c5e4633b5d

Download Submit
C:\Windows\system\vWVDxki.exe

Filesize
6.0MB

MD5
123adb7277ca1c1e66ff7d9254912d2c

SHA1
b0b0e631bc24575fd8e0cab095c8fdacfb671772

SHA256
731b6145452eb15d9dd7ea26821bc9a17917528b67f87349504774d855cd7bce

SHA512
c3af2e939b03a461378a8a1652db083bd0eadedd89753119eb603ca7a65ec55ceee5d5ded99d3f03e019c7139ff4c599af470adda68e5853e9ceae582a698868

Download Submit
C:\Windows\system\vvGarzo.exe

Filesize
6.0MB

MD5
fc99265026bee3ec726ae1daab6b8c56

SHA1
3982f2ca0fa71535a2f61603229de9f78788dd64

SHA256
a0e5687944704debbe68e6a13f35497882b2b42d6dcb4b96e07d2960f88eb00d

SHA512
94bbdf43b15264aa9a10d777cfd94b75f626f98e334bcc51f49987b79e02ba9c07d18464a7fb364dbd4891b6c7ebfa0572a259f35316e723816cf36db5092852

Download Submit
C:\Windows\system\vzHhgNm.exe

Filesize
6.0MB

MD5
20edfbcf340c2d837f4d651c5694a1a8

SHA1
926e9d427b118ce5d440f2043eac3d95970d3100

SHA256
cb13893de2c8cd5a0f03cd2b87030a95e5a4c24bb22aae2d6cd036ce2d825f66

SHA512
8a2a8a013f4160a20222fc81bf74b604c7e9a8c4482c36c307f51a2db19636d741091a99b695d9ab1f6041f6c6b2fd451941222e5706bc758d39f6d16db1eba2

Download Submit
C:\Windows\system\ySUMpzB.exe

Filesize
6.0MB

MD5
3a76daeca118c20bf1f0dab324768be2

SHA1
b0a12c8f3eee093ab743f95892802dafc2dc2400

SHA256
ae3075a29269241ca236a4138e2d5f28837620a20e93f130150e6d5736a24da6

SHA512
2bab8531bbe9d7606e4874d02edfb7a3bda44d7c8775cb21650f84355bf2f9e9e2fd831c6cdc87312b8f077c47441b5e58b6bf3d100dd06da6fdd3b88893842f

Download Submit
\Windows\system\oBcXKnu.exe

Filesize
6.0MB

MD5
f1551f201d32a1ff5bd8fe647f17c220

SHA1
d43f561e508a6caf6cf2e60ac60b9556f108182d

SHA256
0a75bc7bf119d1929d135081dff640c3efef7f4112b0fd895e2631cf9e38767f

SHA512
2e9237d7a39022c1542c5f98f5a01b39ce2e3cb85f9f52c57493ae6506a8efde6648e2bd5a0d110cb1a0ca0a878b6bd5143f1fd1d0192993834e9ba7f2bd27b2

Download Submit
\Windows\system\wCXzTRe.exe

Filesize
6.0MB

MD5
b9a3c4bfc57c1889023d3bcc364ee9b8

SHA1
d72c9ab0792f0068e29885fa3f7c0919f8088749

SHA256
a82592e9570e19729b7643f6d30942cd0001f02d1b155f9b357b5fabb800fae5

SHA512
ecc370d62e5cfe83504a8888324d1a119af063ceeb60bb223452693bb4c1e93c01f6bf30b2ca2869a4aad646a17ba95668a784c3266aabd67f600d442352f6b1

Download Submit
memory/788-67-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/788-507-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-598-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-6-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1704-955-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-190-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-430-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-15-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-68-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-529-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-94-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-508-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-88-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-86-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-84-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-72-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-82-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-74-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1704-80-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1704-76-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-78-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3786-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1728-355-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1728-11-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1952-92-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4083-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1952-752-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3857-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2152-506-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2152-60-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3859-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2368-21-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2368-431-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2496-69-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2652-77-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3848-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3858-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2668-524-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2668-83-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3853-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2680-81-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2780-525-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3860-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-85-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-510-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2800-75-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2924-71-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-509-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-73-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3854-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3856-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3068-523-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3068-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download