cobaltstrike | 56a7522bc9bea9d6655b3ace9a4d060d9a8f01ae3e277f20639c6afe95a204d8

Analysis

max time kernel
125s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

4f23a118e05edb9a39164ed1d125ea34
SHA1

379326425f1558b69134de9e3bc9f7aec686e8d7
SHA256

56a7522bc9bea9d6655b3ace9a4d060d9a8f01ae3e277f20639c6afe95a204d8
SHA512

52b0021b928eef892f677b1c9063c7dd48d43ed1d683f94dab2219a5413f16ecbc489ef21a291dd7e2547000c054092e80c05cdf8752b82b12a943b236de020b
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lw:RWWBibf56utgpPFotBER/mQ32lUM

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e00000001228d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019423-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019438-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001944d-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-31.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001946b-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001946e-51.dat	cobalt_reflective_dll
behavioral1/files/0x002e00000001936b-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b6-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b2-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a6-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a460-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2ed-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a063-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f5e-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b4-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b0-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a433-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a429-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a31e-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a059-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d7b-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f47-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cad-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c76-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c74-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019458-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 30 IoCs

miner

resource	yara_rule
behavioral1/memory/764-68-0x000000013F970000-0x000000013FCC1000-memory.dmp	xmrig
behavioral1/memory/2648-79-0x000000013F2E0000-0x000000013F631000-memory.dmp	xmrig
behavioral1/memory/1996-1091-0x000000013FA80000-0x000000013FDD1000-memory.dmp	xmrig
behavioral1/memory/2088-118-0x000000013F970000-0x000000013FCC1000-memory.dmp	xmrig
behavioral1/memory/2500-98-0x000000013F630000-0x000000013F981000-memory.dmp	xmrig
behavioral1/memory/2348-94-0x000000013F0F0000-0x000000013F441000-memory.dmp	xmrig
behavioral1/memory/2524-92-0x000000013F4B0000-0x000000013F801000-memory.dmp	xmrig
behavioral1/memory/1164-86-0x000000013F9A0000-0x000000013FCF1000-memory.dmp	xmrig
behavioral1/memory/2356-77-0x000000013FB30000-0x000000013FE81000-memory.dmp	xmrig
behavioral1/memory/2568-48-0x000000013F250000-0x000000013F5A1000-memory.dmp	xmrig
behavioral1/memory/764-41-0x0000000002440000-0x0000000002791000-memory.dmp	xmrig
behavioral1/memory/2944-40-0x000000013F890000-0x000000013FBE1000-memory.dmp	xmrig
behavioral1/memory/2764-39-0x000000013F960000-0x000000013FCB1000-memory.dmp	xmrig
behavioral1/memory/2796-38-0x000000013F8D0000-0x000000013FC21000-memory.dmp	xmrig
behavioral1/memory/2848-35-0x000000013FC10000-0x000000013FF61000-memory.dmp	xmrig
behavioral1/memory/2932-32-0x000000013FDB0000-0x0000000140101000-memory.dmp	xmrig
behavioral1/memory/2500-3950-0x000000013F630000-0x000000013F981000-memory.dmp	xmrig
behavioral1/memory/2764-3956-0x000000013F960000-0x000000013FCB1000-memory.dmp	xmrig
behavioral1/memory/2088-3960-0x000000013F970000-0x000000013FCC1000-memory.dmp	xmrig
behavioral1/memory/2848-3955-0x000000013FC10000-0x000000013FF61000-memory.dmp	xmrig
behavioral1/memory/2568-3954-0x000000013F250000-0x000000013F5A1000-memory.dmp	xmrig
behavioral1/memory/2932-3953-0x000000013FDB0000-0x0000000140101000-memory.dmp	xmrig
behavioral1/memory/2524-3970-0x000000013F4B0000-0x000000013F801000-memory.dmp	xmrig
behavioral1/memory/1164-4023-0x000000013F9A0000-0x000000013FCF1000-memory.dmp	xmrig
behavioral1/memory/1996-4022-0x000000013FA80000-0x000000013FDD1000-memory.dmp	xmrig
behavioral1/memory/2356-4021-0x000000013FB30000-0x000000013FE81000-memory.dmp	xmrig
behavioral1/memory/2796-4246-0x000000013F8D0000-0x000000013FC21000-memory.dmp	xmrig
behavioral1/memory/2648-4248-0x000000013F2E0000-0x000000013F631000-memory.dmp	xmrig
behavioral1/memory/2348-4247-0x000000013F0F0000-0x000000013F441000-memory.dmp	xmrig
behavioral1/memory/2944-4767-0x000000013F890000-0x000000013FBE1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	DvbTpEC.exe
2944	qAYLdpx.exe
2932	gJEoDwl.exe
2356	GWsmtYR.exe
2848	LemTIbT.exe
2796	xrRYPrY.exe
2568	IWqtrDx.exe
2524	pUAxpzq.exe
2500	wEOyxWh.exe
2088	LzUeouI.exe
2648	pltNMJC.exe
1164	WxyGrCG.exe
2348	QAkwZbr.exe
1996	kCWnlXG.exe
1752	bZxxUEL.exe
2736	doQpOce.exe
1216	dGsIfZT.exe
2784	ZcBmbDW.exe
1748	MwbbULb.exe
1852	WmrtfCp.exe
2948	FjQrKnK.exe
2304	BpPgXUj.exe
2204	SwYhhgc.exe
2096	KVubpdO.exe
688	iacKYDR.exe
1300	ppGKMlO.exe
1212	nRaBusR.exe
1092	eBAGRNl.exe
1712	oznkPtR.exe
1980	ahEpODl.exe
628	otJMYEN.exe
2208	IcpabQv.exe
2976	JBJmdES.exe
816	bKghZnx.exe
2332	LdIyrgX.exe
1736	dgiePXL.exe
1968	iInzHMO.exe
2336	bYizzMq.exe
2072	AuDjaim.exe
2680	DSeHMFv.exe
1440	zqXpWrA.exe
1636	xQXSDSx.exe
2668	aHFwamb.exe
2604	BhGVMin.exe
1988	twxbPoC.exe
2896	CuZvbpc.exe
1256	fjvRJMz.exe
332	tSASTke.exe
448	nYbaEvZ.exe
848	QgRgznu.exe
2620	yLjoyyU.exe
1900	xvxzBQC.exe
972	ODnUUOS.exe
960	XtMXPJd.exe
592	VpHdHRL.exe
3044	WsIhNaD.exe
2836	EonUIAm.exe
1588	WyNqjFn.exe
2012	ZwvXbHb.exe
2428	ZniRcRa.exe
1592	vAeVKjY.exe
2936	pRUNHtK.exe
1928	ZygKEvG.exe
1012	lhjyRph.exe

Loads dropped DLL 64 IoCs

pid	Process
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/764-0-0x000000013F970000-0x000000013FCC1000-memory.dmp	upx
behavioral1/files/0x000e00000001228d-6.dat	upx
behavioral1/files/0x0007000000019423-11.dat	upx
behavioral1/files/0x0007000000019438-15.dat	upx
behavioral1/files/0x000600000001944d-22.dat	upx
behavioral1/files/0x000600000001945c-31.dat	upx
behavioral1/files/0x000700000001946b-45.dat	upx
behavioral1/files/0x000700000001946e-51.dat	upx
behavioral1/memory/2524-53-0x000000013F4B0000-0x000000013F801000-memory.dmp	upx
behavioral1/memory/2500-62-0x000000013F630000-0x000000013F981000-memory.dmp	upx
behavioral1/memory/764-68-0x000000013F970000-0x000000013FCC1000-memory.dmp	upx
behavioral1/memory/2648-79-0x000000013F2E0000-0x000000013F631000-memory.dmp	upx
behavioral1/files/0x002e00000001936b-82.dat	upx
behavioral1/memory/1996-100-0x000000013FA80000-0x000000013FDD1000-memory.dmp	upx
behavioral1/files/0x000500000001a4b6-193.dat	upx
behavioral1/memory/1996-1091-0x000000013FA80000-0x000000013FDD1000-memory.dmp	upx
behavioral1/files/0x000500000001a4b2-184.dat	upx
behavioral1/files/0x000500000001a494-179.dat	upx
behavioral1/files/0x000500000001a4a6-176.dat	upx
behavioral1/files/0x000500000001a48f-170.dat	upx
behavioral1/files/0x000500000001a460-165.dat	upx
behavioral1/files/0x000500000001a481-162.dat	upx
behavioral1/files/0x000500000001a434-155.dat	upx
behavioral1/files/0x000500000001a431-146.dat	upx
behavioral1/files/0x000500000001a427-139.dat	upx
behavioral1/files/0x000500000001a2ed-132.dat	upx
behavioral1/files/0x000500000001a063-121.dat	upx
behavioral1/files/0x0005000000019f5e-120.dat	upx
behavioral1/memory/2088-118-0x000000013F970000-0x000000013FCC1000-memory.dmp	upx
behavioral1/files/0x000500000001a4b4-192.dat	upx
behavioral1/files/0x000500000001a4b0-183.dat	upx
behavioral1/files/0x000500000001a483-168.dat	upx
behavioral1/files/0x000500000001a433-154.dat	upx
behavioral1/files/0x000500000001a429-145.dat	upx
behavioral1/files/0x000500000001a31e-136.dat	upx
behavioral1/files/0x000500000001a09a-127.dat	upx
behavioral1/files/0x000500000001a059-114.dat	upx
behavioral1/memory/2500-98-0x000000013F630000-0x000000013F981000-memory.dmp	upx
behavioral1/files/0x0005000000019d7b-97.dat	upx
behavioral1/files/0x0005000000019f47-105.dat	upx
behavioral1/memory/2348-94-0x000000013F0F0000-0x000000013F441000-memory.dmp	upx
behavioral1/memory/2524-92-0x000000013F4B0000-0x000000013F801000-memory.dmp	upx
behavioral1/files/0x0005000000019cad-89.dat	upx
behavioral1/memory/1164-86-0x000000013F9A0000-0x000000013FCF1000-memory.dmp	upx
behavioral1/memory/2356-77-0x000000013FB30000-0x000000013FE81000-memory.dmp	upx
behavioral1/files/0x0005000000019c76-75.dat	upx
behavioral1/memory/764-69-0x0000000002440000-0x0000000002791000-memory.dmp	upx
behavioral1/files/0x0005000000019c74-66.dat	upx
behavioral1/files/0x0005000000019c5b-58.dat	upx
behavioral1/memory/2568-48-0x000000013F250000-0x000000013F5A1000-memory.dmp	upx
behavioral1/memory/2944-40-0x000000013F890000-0x000000013FBE1000-memory.dmp	upx
behavioral1/memory/2764-39-0x000000013F960000-0x000000013FCB1000-memory.dmp	upx
behavioral1/memory/2796-38-0x000000013F8D0000-0x000000013FC21000-memory.dmp	upx
behavioral1/memory/2848-35-0x000000013FC10000-0x000000013FF61000-memory.dmp	upx
behavioral1/memory/2356-33-0x000000013FB30000-0x000000013FE81000-memory.dmp	upx
behavioral1/memory/2932-32-0x000000013FDB0000-0x0000000140101000-memory.dmp	upx
behavioral1/files/0x0006000000019458-26.dat	upx
behavioral1/memory/2500-3950-0x000000013F630000-0x000000013F981000-memory.dmp	upx
behavioral1/memory/2764-3956-0x000000013F960000-0x000000013FCB1000-memory.dmp	upx
behavioral1/memory/2088-3960-0x000000013F970000-0x000000013FCC1000-memory.dmp	upx
behavioral1/memory/2848-3955-0x000000013FC10000-0x000000013FF61000-memory.dmp	upx
behavioral1/memory/2568-3954-0x000000013F250000-0x000000013F5A1000-memory.dmp	upx
behavioral1/memory/2932-3953-0x000000013FDB0000-0x0000000140101000-memory.dmp	upx
behavioral1/memory/2524-3970-0x000000013F4B0000-0x000000013F801000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iLwYKJj.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYKYuSP.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dINMOWz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGcSdrS.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZBcmnt.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBijTED.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlsSIVm.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvaSLKt.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTrTqaM.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIXEToz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbRoAYU.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLjwQJD.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unLLTsf.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUbGCwT.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNEgGUa.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiXDdxk.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnLOfBz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDfNsmd.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFwGqaW.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyWDVQO.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODnUUOS.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMRCvHD.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxrczyQ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWXdYYZ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSVRLNM.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDhyuKz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqWrpmZ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtZefbk.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqzIcLX.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRSrMbY.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSnUqyF.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSSqPCQ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvgjVrv.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaWfzAF.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxgWyiv.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXfFWTf.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLujmTb.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHMfDYQ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unvKaqO.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hppabae.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHSpmbS.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPaaPfk.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Prmutfz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBtPQrv.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PziOPYv.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhFHDiB.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQhtlOI.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvIRqMZ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoyNfJM.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHyccdk.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLwGEwb.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsMgWbc.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkKSwbc.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgDYECi.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFRRouz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXVYIfW.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXeEouZ.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbKaffv.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njVuSAG.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYcIqAz.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwPZuOm.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRZTyIY.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnLdzjp.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIieJRM.exe	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 2764	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 764 wrote to memory of 2764	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 764 wrote to memory of 2764	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 764 wrote to memory of 2944	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 764 wrote to memory of 2944	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 764 wrote to memory of 2944	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 764 wrote to memory of 2932	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 764 wrote to memory of 2932	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 764 wrote to memory of 2932	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 764 wrote to memory of 2356	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 764 wrote to memory of 2356	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 764 wrote to memory of 2356	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 764 wrote to memory of 2848	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 764 wrote to memory of 2848	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 764 wrote to memory of 2848	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 764 wrote to memory of 2796	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 764 wrote to memory of 2796	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 764 wrote to memory of 2796	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 764 wrote to memory of 2568	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 764 wrote to memory of 2568	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 764 wrote to memory of 2568	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 764 wrote to memory of 2524	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 764 wrote to memory of 2524	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 764 wrote to memory of 2524	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 764 wrote to memory of 2500	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 764 wrote to memory of 2500	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 764 wrote to memory of 2500	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 764 wrote to memory of 2088	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 764 wrote to memory of 2088	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 764 wrote to memory of 2088	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 764 wrote to memory of 2648	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 764 wrote to memory of 2648	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 764 wrote to memory of 2648	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 764 wrote to memory of 1164	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 764 wrote to memory of 1164	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 764 wrote to memory of 1164	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 764 wrote to memory of 2348	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 764 wrote to memory of 2348	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 764 wrote to memory of 2348	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 764 wrote to memory of 1996	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 764 wrote to memory of 1996	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 764 wrote to memory of 1996	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 764 wrote to memory of 1752	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 764 wrote to memory of 1752	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 764 wrote to memory of 1752	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 764 wrote to memory of 1216	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 764 wrote to memory of 1216	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 764 wrote to memory of 1216	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 764 wrote to memory of 2736	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 764 wrote to memory of 2736	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 764 wrote to memory of 2736	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 764 wrote to memory of 2784	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 764 wrote to memory of 2784	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 764 wrote to memory of 2784	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 764 wrote to memory of 1748	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 764 wrote to memory of 1748	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 764 wrote to memory of 1748	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 764 wrote to memory of 1852	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 764 wrote to memory of 1852	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 764 wrote to memory of 1852	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 764 wrote to memory of 2948	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 764 wrote to memory of 2948	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 764 wrote to memory of 2948	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 764 wrote to memory of 2208	764	2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_4f23a118e05edb9a39164ed1d125ea34_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\System\DvbTpEC.exe
  C:\Windows\System\DvbTpEC.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qAYLdpx.exe
  C:\Windows\System\qAYLdpx.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\gJEoDwl.exe
  C:\Windows\System\gJEoDwl.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\GWsmtYR.exe
  C:\Windows\System\GWsmtYR.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\LemTIbT.exe
  C:\Windows\System\LemTIbT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\xrRYPrY.exe
  C:\Windows\System\xrRYPrY.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\IWqtrDx.exe
  C:\Windows\System\IWqtrDx.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\pUAxpzq.exe
  C:\Windows\System\pUAxpzq.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\wEOyxWh.exe
  C:\Windows\System\wEOyxWh.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\LzUeouI.exe
  C:\Windows\System\LzUeouI.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\pltNMJC.exe
  C:\Windows\System\pltNMJC.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\WxyGrCG.exe
  C:\Windows\System\WxyGrCG.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\QAkwZbr.exe
  C:\Windows\System\QAkwZbr.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\kCWnlXG.exe
  C:\Windows\System\kCWnlXG.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\bZxxUEL.exe
  C:\Windows\System\bZxxUEL.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\dGsIfZT.exe
  C:\Windows\System\dGsIfZT.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\doQpOce.exe
  C:\Windows\System\doQpOce.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ZcBmbDW.exe
  C:\Windows\System\ZcBmbDW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\MwbbULb.exe
  C:\Windows\System\MwbbULb.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\WmrtfCp.exe
  C:\Windows\System\WmrtfCp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\FjQrKnK.exe
  C:\Windows\System\FjQrKnK.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\IcpabQv.exe
  C:\Windows\System\IcpabQv.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\BpPgXUj.exe
  C:\Windows\System\BpPgXUj.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dgiePXL.exe
  C:\Windows\System\dgiePXL.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\SwYhhgc.exe
  C:\Windows\System\SwYhhgc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\AuDjaim.exe
  C:\Windows\System\AuDjaim.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\KVubpdO.exe
  C:\Windows\System\KVubpdO.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zqXpWrA.exe
  C:\Windows\System\zqXpWrA.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\iacKYDR.exe
  C:\Windows\System\iacKYDR.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\QgRgznu.exe
  C:\Windows\System\QgRgznu.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\ppGKMlO.exe
  C:\Windows\System\ppGKMlO.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ODnUUOS.exe
  C:\Windows\System\ODnUUOS.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\nRaBusR.exe
  C:\Windows\System\nRaBusR.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\XtMXPJd.exe
  C:\Windows\System\XtMXPJd.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\eBAGRNl.exe
  C:\Windows\System\eBAGRNl.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\VpHdHRL.exe
  C:\Windows\System\VpHdHRL.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\oznkPtR.exe
  C:\Windows\System\oznkPtR.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\WyNqjFn.exe
  C:\Windows\System\WyNqjFn.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\ahEpODl.exe
  C:\Windows\System\ahEpODl.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ZwvXbHb.exe
  C:\Windows\System\ZwvXbHb.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\otJMYEN.exe
  C:\Windows\System\otJMYEN.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\ZniRcRa.exe
  C:\Windows\System\ZniRcRa.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\JBJmdES.exe
  C:\Windows\System\JBJmdES.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\vAeVKjY.exe
  C:\Windows\System\vAeVKjY.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bKghZnx.exe
  C:\Windows\System\bKghZnx.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\pRUNHtK.exe
  C:\Windows\System\pRUNHtK.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LdIyrgX.exe
  C:\Windows\System\LdIyrgX.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ZygKEvG.exe
  C:\Windows\System\ZygKEvG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\iInzHMO.exe
  C:\Windows\System\iInzHMO.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\lhjyRph.exe
  C:\Windows\System\lhjyRph.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\bYizzMq.exe
  C:\Windows\System\bYizzMq.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\XPbZFYp.exe
  C:\Windows\System\XPbZFYp.exe
  2⤵
  PID:2068
- C:\Windows\System\DSeHMFv.exe
  C:\Windows\System\DSeHMFv.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\WscEIif.exe
  C:\Windows\System\WscEIif.exe
  2⤵
  PID:1524
- C:\Windows\System\xQXSDSx.exe
  C:\Windows\System\xQXSDSx.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VjqwPue.exe
  C:\Windows\System\VjqwPue.exe
  2⤵
  PID:2808
- C:\Windows\System\aHFwamb.exe
  C:\Windows\System\aHFwamb.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\xpczQYN.exe
  C:\Windows\System\xpczQYN.exe
  2⤵
  PID:3064
- C:\Windows\System\BhGVMin.exe
  C:\Windows\System\BhGVMin.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rPqRYwW.exe
  C:\Windows\System\rPqRYwW.exe
  2⤵
  PID:2608
- C:\Windows\System\twxbPoC.exe
  C:\Windows\System\twxbPoC.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\vswJxiw.exe
  C:\Windows\System\vswJxiw.exe
  2⤵
  PID:1384
- C:\Windows\System\CuZvbpc.exe
  C:\Windows\System\CuZvbpc.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\iFcoIcb.exe
  C:\Windows\System\iFcoIcb.exe
  2⤵
  PID:1564
- C:\Windows\System\fjvRJMz.exe
  C:\Windows\System\fjvRJMz.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\pGAwZOy.exe
  C:\Windows\System\pGAwZOy.exe
  2⤵
  PID:2860
- C:\Windows\System\tSASTke.exe
  C:\Windows\System\tSASTke.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\YzamVKI.exe
  C:\Windows\System\YzamVKI.exe
  2⤵
  PID:1992
- C:\Windows\System\nYbaEvZ.exe
  C:\Windows\System\nYbaEvZ.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\jMCpljF.exe
  C:\Windows\System\jMCpljF.exe
  2⤵
  PID:2508
- C:\Windows\System\yLjoyyU.exe
  C:\Windows\System\yLjoyyU.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\hWXhWuf.exe
  C:\Windows\System\hWXhWuf.exe
  2⤵
  PID:1880
- C:\Windows\System\xvxzBQC.exe
  C:\Windows\System\xvxzBQC.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ajwDRCr.exe
  C:\Windows\System\ajwDRCr.exe
  2⤵
  PID:2436
- C:\Windows\System\WsIhNaD.exe
  C:\Windows\System\WsIhNaD.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\xGajjAl.exe
  C:\Windows\System\xGajjAl.exe
  2⤵
  PID:1932
- C:\Windows\System\EonUIAm.exe
  C:\Windows\System\EonUIAm.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\yRoifzm.exe
  C:\Windows\System\yRoifzm.exe
  2⤵
  PID:1504
- C:\Windows\System\IbPaZPl.exe
  C:\Windows\System\IbPaZPl.exe
  2⤵
  PID:1520
- C:\Windows\System\rwUnFPn.exe
  C:\Windows\System\rwUnFPn.exe
  2⤵
  PID:2260
- C:\Windows\System\AJWYsdv.exe
  C:\Windows\System\AJWYsdv.exe
  2⤵
  PID:2376
- C:\Windows\System\lMamEOr.exe
  C:\Windows\System\lMamEOr.exe
  2⤵
  PID:800
- C:\Windows\System\BHKmffZ.exe
  C:\Windows\System\BHKmffZ.exe
  2⤵
  PID:1896
- C:\Windows\System\apVwTQP.exe
  C:\Windows\System\apVwTQP.exe
  2⤵
  PID:2180
- C:\Windows\System\eyBkyEX.exe
  C:\Windows\System\eyBkyEX.exe
  2⤵
  PID:1632
- C:\Windows\System\JVDsgBJ.exe
  C:\Windows\System\JVDsgBJ.exe
  2⤵
  PID:2104
- C:\Windows\System\ggsSFak.exe
  C:\Windows\System\ggsSFak.exe
  2⤵
  PID:1672
- C:\Windows\System\LnNsMdD.exe
  C:\Windows\System\LnNsMdD.exe
  2⤵
  PID:2756
- C:\Windows\System\cBGyArZ.exe
  C:\Windows\System\cBGyArZ.exe
  2⤵
  PID:2844
- C:\Windows\System\XEtMwpF.exe
  C:\Windows\System\XEtMwpF.exe
  2⤵
  PID:2696
- C:\Windows\System\zvLuHRv.exe
  C:\Windows\System\zvLuHRv.exe
  2⤵
  PID:2916
- C:\Windows\System\XMCupHh.exe
  C:\Windows\System\XMCupHh.exe
  2⤵
  PID:3060
- C:\Windows\System\zwQcQtf.exe
  C:\Windows\System\zwQcQtf.exe
  2⤵
  PID:2064
- C:\Windows\System\LRSOMhU.exe
  C:\Windows\System\LRSOMhU.exe
  2⤵
  PID:2960
- C:\Windows\System\OgudDxM.exe
  C:\Windows\System\OgudDxM.exe
  2⤵
  PID:2416
- C:\Windows\System\OODYWVM.exe
  C:\Windows\System\OODYWVM.exe
  2⤵
  PID:2148
- C:\Windows\System\BohlEFw.exe
  C:\Windows\System\BohlEFw.exe
  2⤵
  PID:2008
- C:\Windows\System\kcMnffC.exe
  C:\Windows\System\kcMnffC.exe
  2⤵
  PID:2996
- C:\Windows\System\BafARfl.exe
  C:\Windows\System\BafARfl.exe
  2⤵
  PID:1008
- C:\Windows\System\RkjTNcy.exe
  C:\Windows\System\RkjTNcy.exe
  2⤵
  PID:560
- C:\Windows\System\pYNdltS.exe
  C:\Windows\System\pYNdltS.exe
  2⤵
  PID:1232
- C:\Windows\System\hLjwQJD.exe
  C:\Windows\System\hLjwQJD.exe
  2⤵
  PID:1692
- C:\Windows\System\wHqYdkq.exe
  C:\Windows\System\wHqYdkq.exe
  2⤵
  PID:1032
- C:\Windows\System\YaFBXII.exe
  C:\Windows\System\YaFBXII.exe
  2⤵
  PID:1772
- C:\Windows\System\NeohNcP.exe
  C:\Windows\System\NeohNcP.exe
  2⤵
  PID:2396
- C:\Windows\System\lJbbCNb.exe
  C:\Windows\System\lJbbCNb.exe
  2⤵
  PID:2156
- C:\Windows\System\jmifLkO.exe
  C:\Windows\System\jmifLkO.exe
  2⤵
  PID:2152
- C:\Windows\System\xDuWnTF.exe
  C:\Windows\System\xDuWnTF.exe
  2⤵
  PID:976
- C:\Windows\System\tHyccdk.exe
  C:\Windows\System\tHyccdk.exe
  2⤵
  PID:2384
- C:\Windows\System\edOcmbr.exe
  C:\Windows\System\edOcmbr.exe
  2⤵
  PID:2776
- C:\Windows\System\CvoxXHs.exe
  C:\Windows\System\CvoxXHs.exe
  2⤵
  PID:784
- C:\Windows\System\wHGKYNz.exe
  C:\Windows\System\wHGKYNz.exe
  2⤵
  PID:2464
- C:\Windows\System\TcAhLJm.exe
  C:\Windows\System\TcAhLJm.exe
  2⤵
  PID:3076
- C:\Windows\System\UpiJRtl.exe
  C:\Windows\System\UpiJRtl.exe
  2⤵
  PID:3100
- C:\Windows\System\CwbECFD.exe
  C:\Windows\System\CwbECFD.exe
  2⤵
  PID:3120
- C:\Windows\System\ARnnryj.exe
  C:\Windows\System\ARnnryj.exe
  2⤵
  PID:3140
- C:\Windows\System\xjcxKyS.exe
  C:\Windows\System\xjcxKyS.exe
  2⤵
  PID:3156
- C:\Windows\System\RhNczqM.exe
  C:\Windows\System\RhNczqM.exe
  2⤵
  PID:3176
- C:\Windows\System\rgXIZyH.exe
  C:\Windows\System\rgXIZyH.exe
  2⤵
  PID:3196
- C:\Windows\System\yCBtEEy.exe
  C:\Windows\System\yCBtEEy.exe
  2⤵
  PID:3220
- C:\Windows\System\AprEuMu.exe
  C:\Windows\System\AprEuMu.exe
  2⤵
  PID:3236
- C:\Windows\System\INfoESS.exe
  C:\Windows\System\INfoESS.exe
  2⤵
  PID:3252
- C:\Windows\System\CFcBQtO.exe
  C:\Windows\System\CFcBQtO.exe
  2⤵
  PID:3268
- C:\Windows\System\SvxgsOw.exe
  C:\Windows\System\SvxgsOw.exe
  2⤵
  PID:3292
- C:\Windows\System\BqsZTgr.exe
  C:\Windows\System\BqsZTgr.exe
  2⤵
  PID:3308
- C:\Windows\System\xiFjPaj.exe
  C:\Windows\System\xiFjPaj.exe
  2⤵
  PID:3336
- C:\Windows\System\tMXkdNk.exe
  C:\Windows\System\tMXkdNk.exe
  2⤵
  PID:3352
- C:\Windows\System\KiddbWe.exe
  C:\Windows\System\KiddbWe.exe
  2⤵
  PID:3376
- C:\Windows\System\pRzKZBV.exe
  C:\Windows\System\pRzKZBV.exe
  2⤵
  PID:3396
- C:\Windows\System\gNXvIVA.exe
  C:\Windows\System\gNXvIVA.exe
  2⤵
  PID:3416
- C:\Windows\System\jWqSrGP.exe
  C:\Windows\System\jWqSrGP.exe
  2⤵
  PID:3436
- C:\Windows\System\AiABKFu.exe
  C:\Windows\System\AiABKFu.exe
  2⤵
  PID:3456
- C:\Windows\System\AfiUAvU.exe
  C:\Windows\System\AfiUAvU.exe
  2⤵
  PID:3472
- C:\Windows\System\bEOVsvB.exe
  C:\Windows\System\bEOVsvB.exe
  2⤵
  PID:3496
- C:\Windows\System\PzMDRSe.exe
  C:\Windows\System\PzMDRSe.exe
  2⤵
  PID:3512
- C:\Windows\System\qgRqCtg.exe
  C:\Windows\System\qgRqCtg.exe
  2⤵
  PID:3540
- C:\Windows\System\plIESCs.exe
  C:\Windows\System\plIESCs.exe
  2⤵
  PID:3556
- C:\Windows\System\aceqgFG.exe
  C:\Windows\System\aceqgFG.exe
  2⤵
  PID:3580
- C:\Windows\System\YAKuweN.exe
  C:\Windows\System\YAKuweN.exe
  2⤵
  PID:3596
- C:\Windows\System\vaSIkav.exe
  C:\Windows\System\vaSIkav.exe
  2⤵
  PID:3612
- C:\Windows\System\UtZefbk.exe
  C:\Windows\System\UtZefbk.exe
  2⤵
  PID:3632
- C:\Windows\System\rXihufV.exe
  C:\Windows\System\rXihufV.exe
  2⤵
  PID:3648
- C:\Windows\System\JoxjcGE.exe
  C:\Windows\System\JoxjcGE.exe
  2⤵
  PID:3664
- C:\Windows\System\PnnIjIP.exe
  C:\Windows\System\PnnIjIP.exe
  2⤵
  PID:3684
- C:\Windows\System\PAYwDjC.exe
  C:\Windows\System\PAYwDjC.exe
  2⤵
  PID:3720
- C:\Windows\System\nAxbcPP.exe
  C:\Windows\System\nAxbcPP.exe
  2⤵
  PID:3744
- C:\Windows\System\zvKWmZi.exe
  C:\Windows\System\zvKWmZi.exe
  2⤵
  PID:3760
- C:\Windows\System\oPTgsSM.exe
  C:\Windows\System\oPTgsSM.exe
  2⤵
  PID:3784
- C:\Windows\System\ZJTTycT.exe
  C:\Windows\System\ZJTTycT.exe
  2⤵
  PID:3800
- C:\Windows\System\KmaSNOF.exe
  C:\Windows\System\KmaSNOF.exe
  2⤵
  PID:3816
- C:\Windows\System\CRYosIf.exe
  C:\Windows\System\CRYosIf.exe
  2⤵
  PID:3832
- C:\Windows\System\aCvnJoj.exe
  C:\Windows\System\aCvnJoj.exe
  2⤵
  PID:3848
- C:\Windows\System\ZgEaBAR.exe
  C:\Windows\System\ZgEaBAR.exe
  2⤵
  PID:3868
- C:\Windows\System\qmMKifI.exe
  C:\Windows\System\qmMKifI.exe
  2⤵
  PID:3888
- C:\Windows\System\sginJPV.exe
  C:\Windows\System\sginJPV.exe
  2⤵
  PID:3908
- C:\Windows\System\OyWpKng.exe
  C:\Windows\System\OyWpKng.exe
  2⤵
  PID:3928
- C:\Windows\System\CyKdLuA.exe
  C:\Windows\System\CyKdLuA.exe
  2⤵
  PID:3944
- C:\Windows\System\RtYMefg.exe
  C:\Windows\System\RtYMefg.exe
  2⤵
  PID:3980
- C:\Windows\System\nZyzURo.exe
  C:\Windows\System\nZyzURo.exe
  2⤵
  PID:3996
- C:\Windows\System\bJOKvLe.exe
  C:\Windows\System\bJOKvLe.exe
  2⤵
  PID:4012
- C:\Windows\System\RuTUUee.exe
  C:\Windows\System\RuTUUee.exe
  2⤵
  PID:4036
- C:\Windows\System\SztouYI.exe
  C:\Windows\System\SztouYI.exe
  2⤵
  PID:4060
- C:\Windows\System\aDkSBHu.exe
  C:\Windows\System\aDkSBHu.exe
  2⤵
  PID:4076
- C:\Windows\System\PznEUzv.exe
  C:\Windows\System\PznEUzv.exe
  2⤵
  PID:2972
- C:\Windows\System\LeJHuQj.exe
  C:\Windows\System\LeJHuQj.exe
  2⤵
  PID:2968
- C:\Windows\System\UFSalpG.exe
  C:\Windows\System\UFSalpG.exe
  2⤵
  PID:3068
- C:\Windows\System\wsXXxKQ.exe
  C:\Windows\System\wsXXxKQ.exe
  2⤵
  PID:2400
- C:\Windows\System\MgiiicZ.exe
  C:\Windows\System\MgiiicZ.exe
  2⤵
  PID:3084
- C:\Windows\System\pNjuPga.exe
  C:\Windows\System\pNjuPga.exe
  2⤵
  PID:3128
- C:\Windows\System\ynOXPjk.exe
  C:\Windows\System\ynOXPjk.exe
  2⤵
  PID:3172
- C:\Windows\System\eMhWEbV.exe
  C:\Windows\System\eMhWEbV.exe
  2⤵
  PID:3116
- C:\Windows\System\yQGuVLL.exe
  C:\Windows\System\yQGuVLL.exe
  2⤵
  PID:3212
- C:\Windows\System\AwPZuOm.exe
  C:\Windows\System\AwPZuOm.exe
  2⤵
  PID:3188
- C:\Windows\System\DgwXVlb.exe
  C:\Windows\System\DgwXVlb.exe
  2⤵
  PID:3324
- C:\Windows\System\YrgAoKa.exe
  C:\Windows\System\YrgAoKa.exe
  2⤵
  PID:3360
- C:\Windows\System\MQeorWl.exe
  C:\Windows\System\MQeorWl.exe
  2⤵
  PID:3228
- C:\Windows\System\jaAGVvc.exe
  C:\Windows\System\jaAGVvc.exe
  2⤵
  PID:3368
- C:\Windows\System\dVkVxvS.exe
  C:\Windows\System\dVkVxvS.exe
  2⤵
  PID:3448
- C:\Windows\System\zQjAQkl.exe
  C:\Windows\System\zQjAQkl.exe
  2⤵
  PID:3392
- C:\Windows\System\lHbwvhG.exe
  C:\Windows\System\lHbwvhG.exe
  2⤵
  PID:3424
- C:\Windows\System\HlnBrtQ.exe
  C:\Windows\System\HlnBrtQ.exe
  2⤵
  PID:3524
- C:\Windows\System\noFwPAf.exe
  C:\Windows\System\noFwPAf.exe
  2⤵
  PID:3532
- C:\Windows\System\ATXSwyP.exe
  C:\Windows\System\ATXSwyP.exe
  2⤵
  PID:3568
- C:\Windows\System\QKqXRRy.exe
  C:\Windows\System\QKqXRRy.exe
  2⤵
  PID:3604
- C:\Windows\System\IahvAar.exe
  C:\Windows\System\IahvAar.exe
  2⤵
  PID:3672
- C:\Windows\System\JOUvqTX.exe
  C:\Windows\System\JOUvqTX.exe
  2⤵
  PID:3656
- C:\Windows\System\tRhfzPa.exe
  C:\Windows\System\tRhfzPa.exe
  2⤵
  PID:3728
- C:\Windows\System\NSokNZQ.exe
  C:\Windows\System\NSokNZQ.exe
  2⤵
  PID:3772
- C:\Windows\System\iEZAhWx.exe
  C:\Windows\System\iEZAhWx.exe
  2⤵
  PID:3812
- C:\Windows\System\TOyFSrM.exe
  C:\Windows\System\TOyFSrM.exe
  2⤵
  PID:3884
- C:\Windows\System\DRFYkVr.exe
  C:\Windows\System\DRFYkVr.exe
  2⤵
  PID:3924
- C:\Windows\System\QfRciIO.exe
  C:\Windows\System\QfRciIO.exe
  2⤵
  PID:3796
- C:\Windows\System\DvYLLiq.exe
  C:\Windows\System\DvYLLiq.exe
  2⤵
  PID:3952
- C:\Windows\System\ZNfnHPy.exe
  C:\Windows\System\ZNfnHPy.exe
  2⤵
  PID:3896
- C:\Windows\System\ugugmsz.exe
  C:\Windows\System\ugugmsz.exe
  2⤵
  PID:3900
- C:\Windows\System\EMeUgJq.exe
  C:\Windows\System\EMeUgJq.exe
  2⤵
  PID:3940
- C:\Windows\System\unLLTsf.exe
  C:\Windows\System\unLLTsf.exe
  2⤵
  PID:4056
- C:\Windows\System\nyzYkbC.exe
  C:\Windows\System\nyzYkbC.exe
  2⤵
  PID:3052
- C:\Windows\System\XlCGKCJ.exe
  C:\Windows\System\XlCGKCJ.exe
  2⤵
  PID:4024
- C:\Windows\System\FiINZhd.exe
  C:\Windows\System\FiINZhd.exe
  2⤵
  PID:2388
- C:\Windows\System\ghABZsJ.exe
  C:\Windows\System\ghABZsJ.exe
  2⤵
  PID:792
- C:\Windows\System\AtruTOV.exe
  C:\Windows\System\AtruTOV.exe
  2⤵
  PID:3136
- C:\Windows\System\kMmdjcH.exe
  C:\Windows\System\kMmdjcH.exe
  2⤵
  PID:3112
- C:\Windows\System\QQbQmMi.exe
  C:\Windows\System\QQbQmMi.exe
  2⤵
  PID:3108
- C:\Windows\System\CLweARL.exe
  C:\Windows\System\CLweARL.exe
  2⤵
  PID:3320
- C:\Windows\System\THEjPMR.exe
  C:\Windows\System\THEjPMR.exe
  2⤵
  PID:2176
- C:\Windows\System\cMDrzla.exe
  C:\Windows\System\cMDrzla.exe
  2⤵
  PID:3248
- C:\Windows\System\XOEKbkD.exe
  C:\Windows\System\XOEKbkD.exe
  2⤵
  PID:3344
- C:\Windows\System\YWrPnhb.exe
  C:\Windows\System\YWrPnhb.exe
  2⤵
  PID:3444
- C:\Windows\System\elGKQCM.exe
  C:\Windows\System\elGKQCM.exe
  2⤵
  PID:3504
- C:\Windows\System\CvZtkWQ.exe
  C:\Windows\System\CvZtkWQ.exe
  2⤵
  PID:3628
- C:\Windows\System\qUNrKRK.exe
  C:\Windows\System\qUNrKRK.exe
  2⤵
  PID:3768
- C:\Windows\System\oNoEFnU.exe
  C:\Windows\System\oNoEFnU.exe
  2⤵
  PID:3708
- C:\Windows\System\ZNUgMMT.exe
  C:\Windows\System\ZNUgMMT.exe
  2⤵
  PID:3968
- C:\Windows\System\fZICQaw.exe
  C:\Windows\System\fZICQaw.exe
  2⤵
  PID:4092
- C:\Windows\System\TOPVYjf.exe
  C:\Windows\System\TOPVYjf.exe
  2⤵
  PID:3372
- C:\Windows\System\NeKJPUg.exe
  C:\Windows\System\NeKJPUg.exe
  2⤵
  PID:3644
- C:\Windows\System\nVmxKnf.exe
  C:\Windows\System\nVmxKnf.exe
  2⤵
  PID:3332
- C:\Windows\System\LXEmFom.exe
  C:\Windows\System\LXEmFom.exe
  2⤵
  PID:3780
- C:\Windows\System\HCxhjYN.exe
  C:\Windows\System\HCxhjYN.exe
  2⤵
  PID:3488
- C:\Windows\System\KNiXVyG.exe
  C:\Windows\System\KNiXVyG.exe
  2⤵
  PID:3828
- C:\Windows\System\GLxWGSa.exe
  C:\Windows\System\GLxWGSa.exe
  2⤵
  PID:3736
- C:\Windows\System\eZiBOSe.exe
  C:\Windows\System\eZiBOSe.exe
  2⤵
  PID:3960
- C:\Windows\System\tgyuEIY.exe
  C:\Windows\System\tgyuEIY.exe
  2⤵
  PID:4004
- C:\Windows\System\AvWnEjp.exe
  C:\Windows\System\AvWnEjp.exe
  2⤵
  PID:4112
- C:\Windows\System\BvQjcnC.exe
  C:\Windows\System\BvQjcnC.exe
  2⤵
  PID:4132
- C:\Windows\System\PtsPkdf.exe
  C:\Windows\System\PtsPkdf.exe
  2⤵
  PID:4148
- C:\Windows\System\sgfVZbu.exe
  C:\Windows\System\sgfVZbu.exe
  2⤵
  PID:4164
- C:\Windows\System\lsYrPNw.exe
  C:\Windows\System\lsYrPNw.exe
  2⤵
  PID:4184
- C:\Windows\System\hfZMwSC.exe
  C:\Windows\System\hfZMwSC.exe
  2⤵
  PID:4200
- C:\Windows\System\YQMBLVd.exe
  C:\Windows\System\YQMBLVd.exe
  2⤵
  PID:4220
- C:\Windows\System\NTYXRiS.exe
  C:\Windows\System\NTYXRiS.exe
  2⤵
  PID:4236
- C:\Windows\System\wLKuKpI.exe
  C:\Windows\System\wLKuKpI.exe
  2⤵
  PID:4256
- C:\Windows\System\kvoIEUl.exe
  C:\Windows\System\kvoIEUl.exe
  2⤵
  PID:4272
- C:\Windows\System\ijxSJth.exe
  C:\Windows\System\ijxSJth.exe
  2⤵
  PID:4288
- C:\Windows\System\HQbywQA.exe
  C:\Windows\System\HQbywQA.exe
  2⤵
  PID:4304
- C:\Windows\System\FSOwTtN.exe
  C:\Windows\System\FSOwTtN.exe
  2⤵
  PID:4320
- C:\Windows\System\XavRydM.exe
  C:\Windows\System\XavRydM.exe
  2⤵
  PID:4340
- C:\Windows\System\liomWuz.exe
  C:\Windows\System\liomWuz.exe
  2⤵
  PID:4356
- C:\Windows\System\xOIvRRf.exe
  C:\Windows\System\xOIvRRf.exe
  2⤵
  PID:4372
- C:\Windows\System\mgpCTqo.exe
  C:\Windows\System\mgpCTqo.exe
  2⤵
  PID:4388
- C:\Windows\System\GLwGEwb.exe
  C:\Windows\System\GLwGEwb.exe
  2⤵
  PID:4404
- C:\Windows\System\tJJJdyb.exe
  C:\Windows\System\tJJJdyb.exe
  2⤵
  PID:4420
- C:\Windows\System\AuzdIUk.exe
  C:\Windows\System\AuzdIUk.exe
  2⤵
  PID:4436
- C:\Windows\System\szxKfPP.exe
  C:\Windows\System\szxKfPP.exe
  2⤵
  PID:4452
- C:\Windows\System\wjajsuo.exe
  C:\Windows\System\wjajsuo.exe
  2⤵
  PID:4468
- C:\Windows\System\NQPfNHt.exe
  C:\Windows\System\NQPfNHt.exe
  2⤵
  PID:4484
- C:\Windows\System\vOFAsNr.exe
  C:\Windows\System\vOFAsNr.exe
  2⤵
  PID:4512
- C:\Windows\System\cFwTSxC.exe
  C:\Windows\System\cFwTSxC.exe
  2⤵
  PID:4528
- C:\Windows\System\WITcknc.exe
  C:\Windows\System\WITcknc.exe
  2⤵
  PID:4544
- C:\Windows\System\kefXFrm.exe
  C:\Windows\System\kefXFrm.exe
  2⤵
  PID:4560
- C:\Windows\System\CroPTsS.exe
  C:\Windows\System\CroPTsS.exe
  2⤵
  PID:4596
- C:\Windows\System\dvVlbHL.exe
  C:\Windows\System\dvVlbHL.exe
  2⤵
  PID:4612
- C:\Windows\System\EGkeWYf.exe
  C:\Windows\System\EGkeWYf.exe
  2⤵
  PID:4628
- C:\Windows\System\MpLgRqJ.exe
  C:\Windows\System\MpLgRqJ.exe
  2⤵
  PID:4644
- C:\Windows\System\WdOQIjW.exe
  C:\Windows\System\WdOQIjW.exe
  2⤵
  PID:4660
- C:\Windows\System\YzgAKAV.exe
  C:\Windows\System\YzgAKAV.exe
  2⤵
  PID:4676
- C:\Windows\System\uJZJZsE.exe
  C:\Windows\System\uJZJZsE.exe
  2⤵
  PID:4692
- C:\Windows\System\KKxgxXY.exe
  C:\Windows\System\KKxgxXY.exe
  2⤵
  PID:4708
- C:\Windows\System\zUFznmJ.exe
  C:\Windows\System\zUFznmJ.exe
  2⤵
  PID:4732
- C:\Windows\System\FcGcJla.exe
  C:\Windows\System\FcGcJla.exe
  2⤵
  PID:4748
- C:\Windows\System\uPrclZS.exe
  C:\Windows\System\uPrclZS.exe
  2⤵
  PID:4764
- C:\Windows\System\qqzIcLX.exe
  C:\Windows\System\qqzIcLX.exe
  2⤵
  PID:4780
- C:\Windows\System\QKiBTVP.exe
  C:\Windows\System\QKiBTVP.exe
  2⤵
  PID:4796
- C:\Windows\System\zQXFxPw.exe
  C:\Windows\System\zQXFxPw.exe
  2⤵
  PID:4812
- C:\Windows\System\aWVchCc.exe
  C:\Windows\System\aWVchCc.exe
  2⤵
  PID:4828
- C:\Windows\System\khIOxdM.exe
  C:\Windows\System\khIOxdM.exe
  2⤵
  PID:4848
- C:\Windows\System\YNfIFAg.exe
  C:\Windows\System\YNfIFAg.exe
  2⤵
  PID:4948
- C:\Windows\System\JVubJux.exe
  C:\Windows\System\JVubJux.exe
  2⤵
  PID:4972
- C:\Windows\System\PqfpEmY.exe
  C:\Windows\System\PqfpEmY.exe
  2⤵
  PID:4992
- C:\Windows\System\vSZvEuh.exe
  C:\Windows\System\vSZvEuh.exe
  2⤵
  PID:5008
- C:\Windows\System\RukmbbH.exe
  C:\Windows\System\RukmbbH.exe
  2⤵
  PID:5028
- C:\Windows\System\pnaFgtr.exe
  C:\Windows\System\pnaFgtr.exe
  2⤵
  PID:5052
- C:\Windows\System\euZWaZl.exe
  C:\Windows\System\euZWaZl.exe
  2⤵
  PID:5072
- C:\Windows\System\LtOtZyG.exe
  C:\Windows\System\LtOtZyG.exe
  2⤵
  PID:5088
- C:\Windows\System\bjsmxJf.exe
  C:\Windows\System\bjsmxJf.exe
  2⤵
  PID:5104
- C:\Windows\System\pKnGSIt.exe
  C:\Windows\System\pKnGSIt.exe
  2⤵
  PID:3520
- C:\Windows\System\sOvpPiv.exe
  C:\Windows\System\sOvpPiv.exe
  2⤵
  PID:3916
- C:\Windows\System\mMBfNhn.exe
  C:\Windows\System\mMBfNhn.exe
  2⤵
  PID:3740
- C:\Windows\System\peGsPAw.exe
  C:\Windows\System\peGsPAw.exe
  2⤵
  PID:4120
- C:\Windows\System\FLBoOiI.exe
  C:\Windows\System\FLBoOiI.exe
  2⤵
  PID:4196
- C:\Windows\System\lRKraaC.exe
  C:\Windows\System\lRKraaC.exe
  2⤵
  PID:4296
- C:\Windows\System\jaXmVcE.exe
  C:\Windows\System\jaXmVcE.exe
  2⤵
  PID:4364
- C:\Windows\System\oBRbCxE.exe
  C:\Windows\System\oBRbCxE.exe
  2⤵
  PID:4400
- C:\Windows\System\XQpbDwX.exe
  C:\Windows\System\XQpbDwX.exe
  2⤵
  PID:4464
- C:\Windows\System\rzavCSa.exe
  C:\Windows\System\rzavCSa.exe
  2⤵
  PID:4508
- C:\Windows\System\RAKLlvX.exe
  C:\Windows\System\RAKLlvX.exe
  2⤵
  PID:4580
- C:\Windows\System\UtZHvfS.exe
  C:\Windows\System\UtZHvfS.exe
  2⤵
  PID:4624
- C:\Windows\System\CasJJNT.exe
  C:\Windows\System\CasJJNT.exe
  2⤵
  PID:4688
- C:\Windows\System\JUecRRI.exe
  C:\Windows\System\JUecRRI.exe
  2⤵
  PID:4756
- C:\Windows\System\mnJNtGk.exe
  C:\Windows\System\mnJNtGk.exe
  2⤵
  PID:4792
- C:\Windows\System\FUbGCwT.exe
  C:\Windows\System\FUbGCwT.exe
  2⤵
  PID:1428
- C:\Windows\System\RTAJyRN.exe
  C:\Windows\System\RTAJyRN.exe
  2⤵
  PID:3244
- C:\Windows\System\hTHxkQF.exe
  C:\Windows\System\hTHxkQF.exe
  2⤵
  PID:3680
- C:\Windows\System\fGyjFwb.exe
  C:\Windows\System\fGyjFwb.exe
  2⤵
  PID:3792
- C:\Windows\System\fStXaGH.exe
  C:\Windows\System\fStXaGH.exe
  2⤵
  PID:3976
- C:\Windows\System\ijuKOjE.exe
  C:\Windows\System\ijuKOjE.exe
  2⤵
  PID:536
- C:\Windows\System\HzzqvHe.exe
  C:\Windows\System\HzzqvHe.exe
  2⤵
  PID:4052
- C:\Windows\System\fuEHclh.exe
  C:\Windows\System\fuEHclh.exe
  2⤵
  PID:576
- C:\Windows\System\XCTaEii.exe
  C:\Windows\System\XCTaEii.exe
  2⤵
  PID:3092
- C:\Windows\System\aduEDfM.exe
  C:\Windows\System\aduEDfM.exe
  2⤵
  PID:3192
- C:\Windows\System\WOFzgZc.exe
  C:\Windows\System\WOFzgZc.exe
  2⤵
  PID:4880
- C:\Windows\System\aXUcxbi.exe
  C:\Windows\System\aXUcxbi.exe
  2⤵
  PID:4892
- C:\Windows\System\zAswarR.exe
  C:\Windows\System\zAswarR.exe
  2⤵
  PID:4908
- C:\Windows\System\kUxfbxz.exe
  C:\Windows\System\kUxfbxz.exe
  2⤵
  PID:856
- C:\Windows\System\xIWdegA.exe
  C:\Windows\System\xIWdegA.exe
  2⤵
  PID:4928
- C:\Windows\System\QKlsaLF.exe
  C:\Windows\System\QKlsaLF.exe
  2⤵
  PID:4772
- C:\Windows\System\mRTNGAg.exe
  C:\Windows\System\mRTNGAg.exe
  2⤵
  PID:3864
- C:\Windows\System\xWRxKLu.exe
  C:\Windows\System\xWRxKLu.exe
  2⤵
  PID:3920
- C:\Windows\System\svnGeFb.exe
  C:\Windows\System\svnGeFb.exe
  2⤵
  PID:4944
- C:\Windows\System\AsgsXsF.exe
  C:\Windows\System\AsgsXsF.exe
  2⤵
  PID:4212
- C:\Windows\System\HWCxmwf.exe
  C:\Windows\System\HWCxmwf.exe
  2⤵
  PID:4252
- C:\Windows\System\DLWmSdA.exe
  C:\Windows\System\DLWmSdA.exe
  2⤵
  PID:4316
- C:\Windows\System\EKgWWld.exe
  C:\Windows\System\EKgWWld.exe
  2⤵
  PID:4416
- C:\Windows\System\kXjUuqO.exe
  C:\Windows\System\kXjUuqO.exe
  2⤵
  PID:4480
- C:\Windows\System\HnzmDIK.exe
  C:\Windows\System\HnzmDIK.exe
  2⤵
  PID:4556
- C:\Windows\System\MrWswnA.exe
  C:\Windows\System\MrWswnA.exe
  2⤵
  PID:4640
- C:\Windows\System\YYZzbTA.exe
  C:\Windows\System\YYZzbTA.exe
  2⤵
  PID:4704
- C:\Windows\System\kvGcOgQ.exe
  C:\Windows\System\kvGcOgQ.exe
  2⤵
  PID:4836
- C:\Windows\System\yMmbVmC.exe
  C:\Windows\System\yMmbVmC.exe
  2⤵
  PID:4980
- C:\Windows\System\wZBcmnt.exe
  C:\Windows\System\wZBcmnt.exe
  2⤵
  PID:4984
- C:\Windows\System\pGmoZjC.exe
  C:\Windows\System\pGmoZjC.exe
  2⤵
  PID:4956
- C:\Windows\System\vsNRaOa.exe
  C:\Windows\System\vsNRaOa.exe
  2⤵
  PID:5024
- C:\Windows\System\urHijTF.exe
  C:\Windows\System\urHijTF.exe
  2⤵
  PID:5060
- C:\Windows\System\mhInugZ.exe
  C:\Windows\System\mhInugZ.exe
  2⤵
  PID:2872
- C:\Windows\System\gDUnsPc.exe
  C:\Windows\System\gDUnsPc.exe
  2⤵
  PID:5036
- C:\Windows\System\RyEmrxT.exe
  C:\Windows\System\RyEmrxT.exe
  2⤵
  PID:5048
- C:\Windows\System\FRSrMbY.exe
  C:\Windows\System\FRSrMbY.exe
  2⤵
  PID:776
- C:\Windows\System\cyPtGLk.exe
  C:\Windows\System\cyPtGLk.exe
  2⤵
  PID:5116
- C:\Windows\System\WFWbCJc.exe
  C:\Windows\System\WFWbCJc.exe
  2⤵
  PID:4232
- C:\Windows\System\CqsFCZu.exe
  C:\Windows\System\CqsFCZu.exe
  2⤵
  PID:4396
- C:\Windows\System\LhAwCcQ.exe
  C:\Windows\System\LhAwCcQ.exe
  2⤵
  PID:4156
- C:\Windows\System\NIieJRM.exe
  C:\Windows\System\NIieJRM.exe
  2⤵
  PID:4328
- C:\Windows\System\FwZrWkp.exe
  C:\Windows\System\FwZrWkp.exe
  2⤵
  PID:4428
- C:\Windows\System\lGHjKOP.exe
  C:\Windows\System\lGHjKOP.exe
  2⤵
  PID:4568
- C:\Windows\System\ITxUGQP.exe
  C:\Windows\System\ITxUGQP.exe
  2⤵
  PID:4684
- C:\Windows\System\JSkzukQ.exe
  C:\Windows\System\JSkzukQ.exe
  2⤵
  PID:4820
- C:\Windows\System\jdOIARm.exe
  C:\Windows\System\jdOIARm.exe
  2⤵
  PID:2712
- C:\Windows\System\AGdKhIE.exe
  C:\Windows\System\AGdKhIE.exe
  2⤵
  PID:3208
- C:\Windows\System\zgikiNm.exe
  C:\Windows\System\zgikiNm.exe
  2⤵
  PID:3152
- C:\Windows\System\LrTybIK.exe
  C:\Windows\System\LrTybIK.exe
  2⤵
  PID:4876
- C:\Windows\System\KmOKAdJ.exe
  C:\Windows\System\KmOKAdJ.exe
  2⤵
  PID:4904
- C:\Windows\System\mphgLNE.exe
  C:\Windows\System\mphgLNE.exe
  2⤵
  PID:4932
- C:\Windows\System\bbugJMs.exe
  C:\Windows\System\bbugJMs.exe
  2⤵
  PID:3756
- C:\Windows\System\LOTrWsC.exe
  C:\Windows\System\LOTrWsC.exe
  2⤵
  PID:4244
- C:\Windows\System\EmxKAny.exe
  C:\Windows\System\EmxKAny.exe
  2⤵
  PID:4384
- C:\Windows\System\URsEECK.exe
  C:\Windows\System\URsEECK.exe
  2⤵
  PID:4552
- C:\Windows\System\cOQSKDV.exe
  C:\Windows\System\cOQSKDV.exe
  2⤵
  PID:4844
- C:\Windows\System\tclwLdl.exe
  C:\Windows\System\tclwLdl.exe
  2⤵
  PID:4172
- C:\Windows\System\yvEXgyh.exe
  C:\Windows\System\yvEXgyh.exe
  2⤵
  PID:4964
- C:\Windows\System\iJixllh.exe
  C:\Windows\System\iJixllh.exe
  2⤵
  PID:5068
- C:\Windows\System\oKGuaxQ.exe
  C:\Windows\System\oKGuaxQ.exe
  2⤵
  PID:3280
- C:\Windows\System\YATXkgb.exe
  C:\Windows\System\YATXkgb.exe
  2⤵
  PID:5040
- C:\Windows\System\TZmaNtW.exe
  C:\Windows\System\TZmaNtW.exe
  2⤵
  PID:5084
- C:\Windows\System\CulBSSJ.exe
  C:\Windows\System\CulBSSJ.exe
  2⤵
  PID:2720
- C:\Windows\System\pKEaBhC.exe
  C:\Windows\System\pKEaBhC.exe
  2⤵
  PID:4192
- C:\Windows\System\WWOQxLy.exe
  C:\Windows\System\WWOQxLy.exe
  2⤵
  PID:4504
- C:\Windows\System\JKKaFWu.exe
  C:\Windows\System\JKKaFWu.exe
  2⤵
  PID:4540
- C:\Windows\System\sbPlZgA.exe
  C:\Windows\System\sbPlZgA.exe
  2⤵
  PID:3316
- C:\Windows\System\WXYjLOt.exe
  C:\Windows\System\WXYjLOt.exe
  2⤵
  PID:2128
- C:\Windows\System\TeBKARu.exe
  C:\Windows\System\TeBKARu.exe
  2⤵
  PID:5128
- C:\Windows\System\bLxLtVg.exe
  C:\Windows\System\bLxLtVg.exe
  2⤵
  PID:5144
- C:\Windows\System\NehrPwl.exe
  C:\Windows\System\NehrPwl.exe
  2⤵
  PID:5160
- C:\Windows\System\uzQeZwL.exe
  C:\Windows\System\uzQeZwL.exe
  2⤵
  PID:5176
- C:\Windows\System\cwNSiTS.exe
  C:\Windows\System\cwNSiTS.exe
  2⤵
  PID:5192
- C:\Windows\System\ApIILdu.exe
  C:\Windows\System\ApIILdu.exe
  2⤵
  PID:5208
- C:\Windows\System\hTZtuQO.exe
  C:\Windows\System\hTZtuQO.exe
  2⤵
  PID:5224
- C:\Windows\System\nDKGaPn.exe
  C:\Windows\System\nDKGaPn.exe
  2⤵
  PID:5240
- C:\Windows\System\WOuOcJv.exe
  C:\Windows\System\WOuOcJv.exe
  2⤵
  PID:5256
- C:\Windows\System\sbXuzql.exe
  C:\Windows\System\sbXuzql.exe
  2⤵
  PID:5272
- C:\Windows\System\wpzYaXk.exe
  C:\Windows\System\wpzYaXk.exe
  2⤵
  PID:5288
- C:\Windows\System\EeUSRJW.exe
  C:\Windows\System\EeUSRJW.exe
  2⤵
  PID:5304
- C:\Windows\System\XCrehuF.exe
  C:\Windows\System\XCrehuF.exe
  2⤵
  PID:5320
- C:\Windows\System\sfAVSsB.exe
  C:\Windows\System\sfAVSsB.exe
  2⤵
  PID:5336
- C:\Windows\System\bDkZNOM.exe
  C:\Windows\System\bDkZNOM.exe
  2⤵
  PID:5352
- C:\Windows\System\JoVxUlj.exe
  C:\Windows\System\JoVxUlj.exe
  2⤵
  PID:5368
- C:\Windows\System\xgdMTSL.exe
  C:\Windows\System\xgdMTSL.exe
  2⤵
  PID:5384
- C:\Windows\System\MdrGuJH.exe
  C:\Windows\System\MdrGuJH.exe
  2⤵
  PID:5400
- C:\Windows\System\mtmDqcC.exe
  C:\Windows\System\mtmDqcC.exe
  2⤵
  PID:5416
- C:\Windows\System\uNvErYZ.exe
  C:\Windows\System\uNvErYZ.exe
  2⤵
  PID:5436
- C:\Windows\System\BnpwEFe.exe
  C:\Windows\System\BnpwEFe.exe
  2⤵
  PID:5452
- C:\Windows\System\vUPzlZE.exe
  C:\Windows\System\vUPzlZE.exe
  2⤵
  PID:5468
- C:\Windows\System\rQYXtbV.exe
  C:\Windows\System\rQYXtbV.exe
  2⤵
  PID:5484
- C:\Windows\System\LzASBnj.exe
  C:\Windows\System\LzASBnj.exe
  2⤵
  PID:5500
- C:\Windows\System\bjiTbSg.exe
  C:\Windows\System\bjiTbSg.exe
  2⤵
  PID:5516
- C:\Windows\System\hQFyJdI.exe
  C:\Windows\System\hQFyJdI.exe
  2⤵
  PID:5532
- C:\Windows\System\KYADLXP.exe
  C:\Windows\System\KYADLXP.exe
  2⤵
  PID:5548
- C:\Windows\System\fVlIgAT.exe
  C:\Windows\System\fVlIgAT.exe
  2⤵
  PID:5564
- C:\Windows\System\HGnXCGo.exe
  C:\Windows\System\HGnXCGo.exe
  2⤵
  PID:5580
- C:\Windows\System\dRdRAVM.exe
  C:\Windows\System\dRdRAVM.exe
  2⤵
  PID:5596
- C:\Windows\System\GwKvbbN.exe
  C:\Windows\System\GwKvbbN.exe
  2⤵
  PID:5612
- C:\Windows\System\qigTMvh.exe
  C:\Windows\System\qigTMvh.exe
  2⤵
  PID:5628
- C:\Windows\System\tqKxEwf.exe
  C:\Windows\System\tqKxEwf.exe
  2⤵
  PID:5644
- C:\Windows\System\TXVNOzr.exe
  C:\Windows\System\TXVNOzr.exe
  2⤵
  PID:5660
- C:\Windows\System\pcqRCPU.exe
  C:\Windows\System\pcqRCPU.exe
  2⤵
  PID:5676
- C:\Windows\System\OvQjUwJ.exe
  C:\Windows\System\OvQjUwJ.exe
  2⤵
  PID:5692
- C:\Windows\System\GksLIDf.exe
  C:\Windows\System\GksLIDf.exe
  2⤵
  PID:5708
- C:\Windows\System\PsMgWbc.exe
  C:\Windows\System\PsMgWbc.exe
  2⤵
  PID:5724
- C:\Windows\System\auauJMD.exe
  C:\Windows\System\auauJMD.exe
  2⤵
  PID:5740
- C:\Windows\System\osAnQIz.exe
  C:\Windows\System\osAnQIz.exe
  2⤵
  PID:5756
- C:\Windows\System\cYHdFRA.exe
  C:\Windows\System\cYHdFRA.exe
  2⤵
  PID:5772
- C:\Windows\System\tvlEkFP.exe
  C:\Windows\System\tvlEkFP.exe
  2⤵
  PID:5788
- C:\Windows\System\TxSdMUb.exe
  C:\Windows\System\TxSdMUb.exe
  2⤵
  PID:5804
- C:\Windows\System\WpAazGj.exe
  C:\Windows\System\WpAazGj.exe
  2⤵
  PID:5820
- C:\Windows\System\KxmEPqX.exe
  C:\Windows\System\KxmEPqX.exe
  2⤵
  PID:5836
- C:\Windows\System\DJFzCtu.exe
  C:\Windows\System\DJFzCtu.exe
  2⤵
  PID:5852
- C:\Windows\System\YBCUuNg.exe
  C:\Windows\System\YBCUuNg.exe
  2⤵
  PID:5868
- C:\Windows\System\XBkmGuR.exe
  C:\Windows\System\XBkmGuR.exe
  2⤵
  PID:5884
- C:\Windows\System\lkKtnKP.exe
  C:\Windows\System\lkKtnKP.exe
  2⤵
  PID:5900
- C:\Windows\System\ErdCOXd.exe
  C:\Windows\System\ErdCOXd.exe
  2⤵
  PID:5916
- C:\Windows\System\miEbBXI.exe
  C:\Windows\System\miEbBXI.exe
  2⤵
  PID:5932
- C:\Windows\System\cOgQPGJ.exe
  C:\Windows\System\cOgQPGJ.exe
  2⤵
  PID:5948
- C:\Windows\System\AVTXnsr.exe
  C:\Windows\System\AVTXnsr.exe
  2⤵
  PID:5964
- C:\Windows\System\FdOjzbN.exe
  C:\Windows\System\FdOjzbN.exe
  2⤵
  PID:5980
- C:\Windows\System\DVLOWsB.exe
  C:\Windows\System\DVLOWsB.exe
  2⤵
  PID:5996
- C:\Windows\System\pnRbjZq.exe
  C:\Windows\System\pnRbjZq.exe
  2⤵
  PID:6012
- C:\Windows\System\FdedXEt.exe
  C:\Windows\System\FdedXEt.exe
  2⤵
  PID:6028
- C:\Windows\System\hPUCBxE.exe
  C:\Windows\System\hPUCBxE.exe
  2⤵
  PID:6044
- C:\Windows\System\zqSfeRb.exe
  C:\Windows\System\zqSfeRb.exe
  2⤵
  PID:6060
- C:\Windows\System\IHEeZTE.exe
  C:\Windows\System\IHEeZTE.exe
  2⤵
  PID:6076
- C:\Windows\System\JKDVzYL.exe
  C:\Windows\System\JKDVzYL.exe
  2⤵
  PID:6092
- C:\Windows\System\wQJWLld.exe
  C:\Windows\System\wQJWLld.exe
  2⤵
  PID:6108
- C:\Windows\System\NjhytFX.exe
  C:\Windows\System\NjhytFX.exe
  2⤵
  PID:6124
- C:\Windows\System\acdqLge.exe
  C:\Windows\System\acdqLge.exe
  2⤵
  PID:6140
- C:\Windows\System\fflZaYG.exe
  C:\Windows\System\fflZaYG.exe
  2⤵
  PID:4860
- C:\Windows\System\tllZvqN.exe
  C:\Windows\System\tllZvqN.exe
  2⤵
  PID:4900
- C:\Windows\System\FOtsERZ.exe
  C:\Windows\System\FOtsERZ.exe
  2⤵
  PID:4936
- C:\Windows\System\AeZpvfe.exe
  C:\Windows\System\AeZpvfe.exe
  2⤵
  PID:4940
- C:\Windows\System\AUKVpDh.exe
  C:\Windows\System\AUKVpDh.exe
  2⤵
  PID:4176
- C:\Windows\System\iznafie.exe
  C:\Windows\System\iznafie.exe
  2⤵
  PID:4312
- C:\Windows\System\YaxSLOt.exe
  C:\Windows\System\YaxSLOt.exe
  2⤵
  PID:4864
- C:\Windows\System\kDvmOqG.exe
  C:\Windows\System\kDvmOqG.exe
  2⤵
  PID:5004
- C:\Windows\System\unvKaqO.exe
  C:\Windows\System\unvKaqO.exe
  2⤵
  PID:2576
- C:\Windows\System\ZyhBLCK.exe
  C:\Windows\System\ZyhBLCK.exe
  2⤵
  PID:3328
- C:\Windows\System\xrXGBFy.exe
  C:\Windows\System\xrXGBFy.exe
  2⤵
  PID:4460
- C:\Windows\System\spERJWm.exe
  C:\Windows\System\spERJWm.exe
  2⤵
  PID:4724
- C:\Windows\System\HybIGox.exe
  C:\Windows\System\HybIGox.exe
  2⤵
  PID:5140
- C:\Windows\System\KRZTyIY.exe
  C:\Windows\System\KRZTyIY.exe
  2⤵
  PID:5172
- C:\Windows\System\QAVVhFM.exe
  C:\Windows\System\QAVVhFM.exe
  2⤵
  PID:5204
- C:\Windows\System\TmTCcok.exe
  C:\Windows\System\TmTCcok.exe
  2⤵
  PID:5236
- C:\Windows\System\yjgGQut.exe
  C:\Windows\System\yjgGQut.exe
  2⤵
  PID:5268
- C:\Windows\System\hcdLdFY.exe
  C:\Windows\System\hcdLdFY.exe
  2⤵
  PID:5300
- C:\Windows\System\sQLbuYO.exe
  C:\Windows\System\sQLbuYO.exe
  2⤵
  PID:5332
- C:\Windows\System\lbXWMRl.exe
  C:\Windows\System\lbXWMRl.exe
  2⤵
  PID:5364
- C:\Windows\System\HkLpfqQ.exe
  C:\Windows\System\HkLpfqQ.exe
  2⤵
  PID:5396
- C:\Windows\System\loxPFQh.exe
  C:\Windows\System\loxPFQh.exe
  2⤵
  PID:5428
- C:\Windows\System\mrDelad.exe
  C:\Windows\System\mrDelad.exe
  2⤵
  PID:5448
- C:\Windows\System\MXMcEDz.exe
  C:\Windows\System\MXMcEDz.exe
  2⤵
  PID:5480
- C:\Windows\System\tKfzNeC.exe
  C:\Windows\System\tKfzNeC.exe
  2⤵
  PID:5512
- C:\Windows\System\GiysYxm.exe
  C:\Windows\System\GiysYxm.exe
  2⤵
  PID:5556
- C:\Windows\System\dsUEuHc.exe
  C:\Windows\System\dsUEuHc.exe
  2⤵
  PID:5588
- C:\Windows\System\ztQFTDs.exe
  C:\Windows\System\ztQFTDs.exe
  2⤵
  PID:5620
- C:\Windows\System\yhVwyOX.exe
  C:\Windows\System\yhVwyOX.exe
  2⤵
  PID:5652
- C:\Windows\System\ROSAkcy.exe
  C:\Windows\System\ROSAkcy.exe
  2⤵
  PID:5668
- C:\Windows\System\DVMZcmt.exe
  C:\Windows\System\DVMZcmt.exe
  2⤵
  PID:5716
- C:\Windows\System\FDswEfL.exe
  C:\Windows\System\FDswEfL.exe
  2⤵
  PID:5748
- C:\Windows\System\ZtqELBh.exe
  C:\Windows\System\ZtqELBh.exe
  2⤵
  PID:5432
- C:\Windows\System\RLSrdLS.exe
  C:\Windows\System\RLSrdLS.exe
  2⤵
  PID:5796
- C:\Windows\System\dXSLtci.exe
  C:\Windows\System\dXSLtci.exe
  2⤵
  PID:5828
- C:\Windows\System\XAhWiti.exe
  C:\Windows\System\XAhWiti.exe
  2⤵
  PID:5860
- C:\Windows\System\EYwZaru.exe
  C:\Windows\System\EYwZaru.exe
  2⤵
  PID:5892
- C:\Windows\System\QnLdzjp.exe
  C:\Windows\System\QnLdzjp.exe
  2⤵
  PID:5924
- C:\Windows\System\aAUJJWZ.exe
  C:\Windows\System\aAUJJWZ.exe
  2⤵
  PID:5956
- C:\Windows\System\FmOMVar.exe
  C:\Windows\System\FmOMVar.exe
  2⤵
  PID:5988
- C:\Windows\System\aouCSmx.exe
  C:\Windows\System\aouCSmx.exe
  2⤵
  PID:6020
- C:\Windows\System\lTyZcLJ.exe
  C:\Windows\System\lTyZcLJ.exe
  2⤵
  PID:6052
- C:\Windows\System\XcyefgJ.exe
  C:\Windows\System\XcyefgJ.exe
  2⤵
  PID:6084
- C:\Windows\System\QcHYCoW.exe
  C:\Windows\System\QcHYCoW.exe
  2⤵
  PID:6116
- C:\Windows\System\GrwjOPt.exe
  C:\Windows\System\GrwjOPt.exe
  2⤵
  PID:4008
- C:\Windows\System\zbMzdxE.exe
  C:\Windows\System\zbMzdxE.exe
  2⤵
  PID:3364
- C:\Windows\System\xAXgPSV.exe
  C:\Windows\System\xAXgPSV.exe
  2⤵
  PID:2672
- C:\Windows\System\ALFiKDV.exe
  C:\Windows\System\ALFiKDV.exe
  2⤵
  PID:4524
- C:\Windows\System\RlJbWWZ.exe
  C:\Windows\System\RlJbWWZ.exe
  2⤵
  PID:4348
- C:\Windows\System\mkHYbaU.exe
  C:\Windows\System\mkHYbaU.exe
  2⤵
  PID:4368
- C:\Windows\System\hHapLKS.exe
  C:\Windows\System\hHapLKS.exe
  2⤵
  PID:4572
- C:\Windows\System\yQcuNti.exe
  C:\Windows\System\yQcuNti.exe
  2⤵
  PID:5136
- C:\Windows\System\xegHeqJ.exe
  C:\Windows\System\xegHeqJ.exe
  2⤵
  PID:5232
- C:\Windows\System\iRgLPxs.exe
  C:\Windows\System\iRgLPxs.exe
  2⤵
  PID:5296
- C:\Windows\System\zsjPprc.exe
  C:\Windows\System\zsjPprc.exe
  2⤵
  PID:5316
- C:\Windows\System\AhytEER.exe
  C:\Windows\System\AhytEER.exe
  2⤵
  PID:5424
- C:\Windows\System\oMBCAkZ.exe
  C:\Windows\System\oMBCAkZ.exe
  2⤵
  PID:5460
- C:\Windows\System\JeUQTCy.exe
  C:\Windows\System\JeUQTCy.exe
  2⤵
  PID:2624
- C:\Windows\System\lKCuyyY.exe
  C:\Windows\System\lKCuyyY.exe
  2⤵
  PID:5592
- C:\Windows\System\qDhyuKz.exe
  C:\Windows\System\qDhyuKz.exe
  2⤵
  PID:5656
- C:\Windows\System\IfZULcI.exe
  C:\Windows\System\IfZULcI.exe
  2⤵
  PID:5720
- C:\Windows\System\lYsyvMa.exe
  C:\Windows\System\lYsyvMa.exe
  2⤵
  PID:5768
- C:\Windows\System\xxfPnWA.exe
  C:\Windows\System\xxfPnWA.exe
  2⤵
  PID:5832
- C:\Windows\System\rlIiSoA.exe
  C:\Windows\System\rlIiSoA.exe
  2⤵
  PID:5864
- C:\Windows\System\fwxwifU.exe
  C:\Windows\System\fwxwifU.exe
  2⤵
  PID:2664
- C:\Windows\System\zaLEUZn.exe
  C:\Windows\System\zaLEUZn.exe
  2⤵
  PID:2772
- C:\Windows\System\djGmhiJ.exe
  C:\Windows\System\djGmhiJ.exe
  2⤵
  PID:1600
- C:\Windows\System\ZNSraXX.exe
  C:\Windows\System\ZNSraXX.exe
  2⤵
  PID:6008
- C:\Windows\System\BMieyQh.exe
  C:\Windows\System\BMieyQh.exe
  2⤵
  PID:6100
- C:\Windows\System\GLxmEcA.exe
  C:\Windows\System\GLxmEcA.exe
  2⤵
  PID:3936
- C:\Windows\System\ubOnWIj.exe
  C:\Windows\System\ubOnWIj.exe
  2⤵
  PID:4924
- C:\Windows\System\JHpIoUM.exe
  C:\Windows\System\JHpIoUM.exe
  2⤵
  PID:888
- C:\Windows\System\afURhHa.exe
  C:\Windows\System\afURhHa.exe
  2⤵
  PID:3408
- C:\Windows\System\HmBNPer.exe
  C:\Windows\System\HmBNPer.exe
  2⤵
  PID:5200
- C:\Windows\System\YvlpKJg.exe
  C:\Windows\System\YvlpKJg.exe
  2⤵
  PID:5328
- C:\Windows\System\owBBCME.exe
  C:\Windows\System\owBBCME.exe
  2⤵
  PID:2584
- C:\Windows\System\bqZEbIk.exe
  C:\Windows\System\bqZEbIk.exe
  2⤵
  PID:2824
- C:\Windows\System\AuyBoVq.exe
  C:\Windows\System\AuyBoVq.exe
  2⤵
  PID:2164
- C:\Windows\System\NAaliAH.exe
  C:\Windows\System\NAaliAH.exe
  2⤵
  PID:5684
- C:\Windows\System\XQDEgyl.exe
  C:\Windows\System\XQDEgyl.exe
  2⤵
  PID:6152
- C:\Windows\System\uhykXIR.exe
  C:\Windows\System\uhykXIR.exe
  2⤵
  PID:6168
- C:\Windows\System\PkwGATW.exe
  C:\Windows\System\PkwGATW.exe
  2⤵
  PID:6184
- C:\Windows\System\kLWFQfi.exe
  C:\Windows\System\kLWFQfi.exe
  2⤵
  PID:6204
- C:\Windows\System\bPXwrXM.exe
  C:\Windows\System\bPXwrXM.exe
  2⤵
  PID:6220
- C:\Windows\System\uSnpWRO.exe
  C:\Windows\System\uSnpWRO.exe
  2⤵
  PID:6236
- C:\Windows\System\uhHftcx.exe
  C:\Windows\System\uhHftcx.exe
  2⤵
  PID:6252
- C:\Windows\System\bpRsmpj.exe
  C:\Windows\System\bpRsmpj.exe
  2⤵
  PID:6268
- C:\Windows\System\vXevDBL.exe
  C:\Windows\System\vXevDBL.exe
  2⤵
  PID:6284
- C:\Windows\System\uFAipiB.exe
  C:\Windows\System\uFAipiB.exe
  2⤵
  PID:6300
- C:\Windows\System\IpllyIc.exe
  C:\Windows\System\IpllyIc.exe
  2⤵
  PID:6316
- C:\Windows\System\icjhFRO.exe
  C:\Windows\System\icjhFRO.exe
  2⤵
  PID:6332
- C:\Windows\System\vAHDaaO.exe
  C:\Windows\System\vAHDaaO.exe
  2⤵
  PID:6348
- C:\Windows\System\WsdQsdO.exe
  C:\Windows\System\WsdQsdO.exe
  2⤵
  PID:6364
- C:\Windows\System\sZQFGkG.exe
  C:\Windows\System\sZQFGkG.exe
  2⤵
  PID:6380
- C:\Windows\System\eAaZWdr.exe
  C:\Windows\System\eAaZWdr.exe
  2⤵
  PID:6396
- C:\Windows\System\tBqzWNV.exe
  C:\Windows\System\tBqzWNV.exe
  2⤵
  PID:6412
- C:\Windows\System\YPaaPfk.exe
  C:\Windows\System\YPaaPfk.exe
  2⤵
  PID:6428
- C:\Windows\System\kTdcbda.exe
  C:\Windows\System\kTdcbda.exe
  2⤵
  PID:6444
- C:\Windows\System\KrEWcvp.exe
  C:\Windows\System\KrEWcvp.exe
  2⤵
  PID:6460
- C:\Windows\System\YIOtyDk.exe
  C:\Windows\System\YIOtyDk.exe
  2⤵
  PID:6476
- C:\Windows\System\bYupDyh.exe
  C:\Windows\System\bYupDyh.exe
  2⤵
  PID:6492
- C:\Windows\System\MkKSwbc.exe
  C:\Windows\System\MkKSwbc.exe
  2⤵
  PID:6508
- C:\Windows\System\mwDHqJh.exe
  C:\Windows\System\mwDHqJh.exe
  2⤵
  PID:6524
- C:\Windows\System\spOKxTI.exe
  C:\Windows\System\spOKxTI.exe
  2⤵
  PID:6540
- C:\Windows\System\zPabrrB.exe
  C:\Windows\System\zPabrrB.exe
  2⤵
  PID:6556
- C:\Windows\System\FXuoDQG.exe
  C:\Windows\System\FXuoDQG.exe
  2⤵
  PID:6572
- C:\Windows\System\MsXoMCQ.exe
  C:\Windows\System\MsXoMCQ.exe
  2⤵
  PID:6588
- C:\Windows\System\VBKNKaD.exe
  C:\Windows\System\VBKNKaD.exe
  2⤵
  PID:6604
- C:\Windows\System\zbbYlfC.exe
  C:\Windows\System\zbbYlfC.exe
  2⤵
  PID:6620
- C:\Windows\System\OHLDBWV.exe
  C:\Windows\System\OHLDBWV.exe
  2⤵
  PID:6636
- C:\Windows\System\JVgIIIp.exe
  C:\Windows\System\JVgIIIp.exe
  2⤵
  PID:6652
- C:\Windows\System\nqsrGLe.exe
  C:\Windows\System\nqsrGLe.exe
  2⤵
  PID:6668
- C:\Windows\System\lYMhdqa.exe
  C:\Windows\System\lYMhdqa.exe
  2⤵
  PID:6684
- C:\Windows\System\sHEIvrQ.exe
  C:\Windows\System\sHEIvrQ.exe
  2⤵
  PID:6700
- C:\Windows\System\FAGnXAh.exe
  C:\Windows\System\FAGnXAh.exe
  2⤵
  PID:6716
- C:\Windows\System\DRovENa.exe
  C:\Windows\System\DRovENa.exe
  2⤵
  PID:6732
- C:\Windows\System\ugvOUDj.exe
  C:\Windows\System\ugvOUDj.exe
  2⤵
  PID:6748
- C:\Windows\System\HUijQLU.exe
  C:\Windows\System\HUijQLU.exe
  2⤵
  PID:6764
- C:\Windows\System\aVsvAHZ.exe
  C:\Windows\System\aVsvAHZ.exe
  2⤵
  PID:6780
- C:\Windows\System\rwJFUGP.exe
  C:\Windows\System\rwJFUGP.exe
  2⤵
  PID:6796
- C:\Windows\System\vyQbCdc.exe
  C:\Windows\System\vyQbCdc.exe
  2⤵
  PID:6812
- C:\Windows\System\xFOfRXp.exe
  C:\Windows\System\xFOfRXp.exe
  2⤵
  PID:6828
- C:\Windows\System\gnQXkRV.exe
  C:\Windows\System\gnQXkRV.exe
  2⤵
  PID:6844
- C:\Windows\System\bxeVIVh.exe
  C:\Windows\System\bxeVIVh.exe
  2⤵
  PID:6860
- C:\Windows\System\cMCIAea.exe
  C:\Windows\System\cMCIAea.exe
  2⤵
  PID:6876
- C:\Windows\System\mfkiPch.exe
  C:\Windows\System\mfkiPch.exe
  2⤵
  PID:6892
- C:\Windows\System\tCZsWwo.exe
  C:\Windows\System\tCZsWwo.exe
  2⤵
  PID:6908
- C:\Windows\System\ubdgEUK.exe
  C:\Windows\System\ubdgEUK.exe
  2⤵
  PID:6924
- C:\Windows\System\drZDfLw.exe
  C:\Windows\System\drZDfLw.exe
  2⤵
  PID:6940
- C:\Windows\System\zNzeAfg.exe
  C:\Windows\System\zNzeAfg.exe
  2⤵
  PID:6956
- C:\Windows\System\vBVqlMB.exe
  C:\Windows\System\vBVqlMB.exe
  2⤵
  PID:6972
- C:\Windows\System\tJnynbP.exe
  C:\Windows\System\tJnynbP.exe
  2⤵
  PID:6988
- C:\Windows\System\SBzJjpk.exe
  C:\Windows\System\SBzJjpk.exe
  2⤵
  PID:7004
- C:\Windows\System\aycDnCM.exe
  C:\Windows\System\aycDnCM.exe
  2⤵
  PID:7020
- C:\Windows\System\qTXbykW.exe
  C:\Windows\System\qTXbykW.exe
  2⤵
  PID:7036
- C:\Windows\System\MAynqUL.exe
  C:\Windows\System\MAynqUL.exe
  2⤵
  PID:7056
- C:\Windows\System\FJacBFt.exe
  C:\Windows\System\FJacBFt.exe
  2⤵
  PID:7072
- C:\Windows\System\SuECloF.exe
  C:\Windows\System\SuECloF.exe
  2⤵
  PID:7088
- C:\Windows\System\nfuOQVP.exe
  C:\Windows\System\nfuOQVP.exe
  2⤵
  PID:7104
- C:\Windows\System\btqkIuo.exe
  C:\Windows\System\btqkIuo.exe
  2⤵
  PID:7120
- C:\Windows\System\NMRCvHD.exe
  C:\Windows\System\NMRCvHD.exe
  2⤵
  PID:7136
- C:\Windows\System\oNXLSOK.exe
  C:\Windows\System\oNXLSOK.exe
  2⤵
  PID:7152
- C:\Windows\System\ZfnsJEk.exe
  C:\Windows\System\ZfnsJEk.exe
  2⤵
  PID:5752
- C:\Windows\System\goggnTJ.exe
  C:\Windows\System\goggnTJ.exe
  2⤵
  PID:5800
- C:\Windows\System\hppabae.exe
  C:\Windows\System\hppabae.exe
  2⤵
  PID:2884
- C:\Windows\System\WJuHVXA.exe
  C:\Windows\System\WJuHVXA.exe
  2⤵
  PID:5992
- C:\Windows\System\FDXAmEC.exe
  C:\Windows\System\FDXAmEC.exe
  2⤵
  PID:2564
- C:\Windows\System\MhzNrFl.exe
  C:\Windows\System\MhzNrFl.exe
  2⤵
  PID:6120
- C:\Windows\System\CYZarMV.exe
  C:\Windows\System\CYZarMV.exe
  2⤵
  PID:4888
- C:\Windows\System\iWpyLhD.exe
  C:\Windows\System\iWpyLhD.exe
  2⤵
  PID:3588
- C:\Windows\System\UlsSIVm.exe
  C:\Windows\System\UlsSIVm.exe
  2⤵
  PID:5392
- C:\Windows\System\YUmvcmo.exe
  C:\Windows\System\YUmvcmo.exe
  2⤵
  PID:2704
- C:\Windows\System\vaapZrG.exe
  C:\Windows\System\vaapZrG.exe
  2⤵
  PID:5604
- C:\Windows\System\MhSbkir.exe
  C:\Windows\System\MhSbkir.exe
  2⤵
  PID:2272
- C:\Windows\System\wxMBPuD.exe
  C:\Windows\System\wxMBPuD.exe
  2⤵
  PID:1616
- C:\Windows\System\lCaMrJL.exe
  C:\Windows\System\lCaMrJL.exe
  2⤵
  PID:6212
- C:\Windows\System\zHSpmbS.exe
  C:\Windows\System\zHSpmbS.exe
  2⤵
  PID:6228
- C:\Windows\System\rrZnNEI.exe
  C:\Windows\System\rrZnNEI.exe
  2⤵
  PID:6260
- C:\Windows\System\pyAeuZH.exe
  C:\Windows\System\pyAeuZH.exe
  2⤵
  PID:1644
- C:\Windows\System\Wvuocpf.exe
  C:\Windows\System\Wvuocpf.exe
  2⤵
  PID:6296
- C:\Windows\System\CbehUBh.exe
  C:\Windows\System\CbehUBh.exe
  2⤵
  PID:6340
- C:\Windows\System\MoiSBiq.exe
  C:\Windows\System\MoiSBiq.exe
  2⤵
  PID:6356
- C:\Windows\System\oHFDtpf.exe
  C:\Windows\System\oHFDtpf.exe
  2⤵
  PID:6404
- C:\Windows\System\UKHnrFc.exe
  C:\Windows\System\UKHnrFc.exe
  2⤵
  PID:2728
- C:\Windows\System\nGDqXkM.exe
  C:\Windows\System\nGDqXkM.exe
  2⤵
  PID:6452
- C:\Windows\System\XcZCHLR.exe
  C:\Windows\System\XcZCHLR.exe
  2⤵
  PID:6472
- C:\Windows\System\ggqpBUA.exe
  C:\Windows\System\ggqpBUA.exe
  2⤵
  PID:6504
- C:\Windows\System\nQTawrM.exe
  C:\Windows\System\nQTawrM.exe
  2⤵
  PID:6536
- C:\Windows\System\PhVYatz.exe
  C:\Windows\System\PhVYatz.exe
  2⤵
  PID:6568
- C:\Windows\System\bvMUhTc.exe
  C:\Windows\System\bvMUhTc.exe
  2⤵
  PID:6600
- C:\Windows\System\SwuQNOW.exe
  C:\Windows\System\SwuQNOW.exe
  2⤵
  PID:6628
- C:\Windows\System\SNNiaEW.exe
  C:\Windows\System\SNNiaEW.exe
  2⤵
  PID:6660
- C:\Windows\System\tuYOKZE.exe
  C:\Windows\System\tuYOKZE.exe
  2⤵
  PID:608
- C:\Windows\System\cZruLkU.exe
  C:\Windows\System\cZruLkU.exe
  2⤵
  PID:604
- C:\Windows\System\ZltzHuf.exe
  C:\Windows\System\ZltzHuf.exe
  2⤵
  PID:6708
- C:\Windows\System\qmIjgJn.exe
  C:\Windows\System\qmIjgJn.exe
  2⤵
  PID:6712
- C:\Windows\System\gqfmmqh.exe
  C:\Windows\System\gqfmmqh.exe
  2⤵
  PID:6740
- C:\Windows\System\bmvCOnY.exe
  C:\Windows\System\bmvCOnY.exe
  2⤵
  PID:6772
- C:\Windows\System\zaosyJH.exe
  C:\Windows\System\zaosyJH.exe
  2⤵
  PID:6804
- C:\Windows\System\gdIpEik.exe
  C:\Windows\System\gdIpEik.exe
  2⤵
  PID:6836
- C:\Windows\System\hzMpZTO.exe
  C:\Windows\System\hzMpZTO.exe
  2⤵
  PID:6868
- C:\Windows\System\fqkCGWf.exe
  C:\Windows\System\fqkCGWf.exe
  2⤵
  PID:6900
- C:\Windows\System\sFRvZQs.exe
  C:\Windows\System\sFRvZQs.exe
  2⤵
  PID:6932
- C:\Windows\System\cPaiDuu.exe
  C:\Windows\System\cPaiDuu.exe
  2⤵
  PID:1272
- C:\Windows\System\JeUPFiE.exe
  C:\Windows\System\JeUPFiE.exe
  2⤵
  PID:6984
- C:\Windows\System\DYKYuSP.exe
  C:\Windows\System\DYKYuSP.exe
  2⤵
  PID:7000
- C:\Windows\System\hkAlFLv.exe
  C:\Windows\System\hkAlFLv.exe
  2⤵
  PID:7048
- C:\Windows\System\fObovJN.exe
  C:\Windows\System\fObovJN.exe
  2⤵
  PID:7068
- C:\Windows\System\iGBWzzD.exe
  C:\Windows\System\iGBWzzD.exe
  2⤵
  PID:7100
- C:\Windows\System\eADVlVP.exe
  C:\Windows\System\eADVlVP.exe
  2⤵
  PID:7132
- C:\Windows\System\vtbAGyJ.exe
  C:\Windows\System\vtbAGyJ.exe
  2⤵
  PID:7164
- C:\Windows\System\RihPxpM.exe
  C:\Windows\System\RihPxpM.exe
  2⤵
  PID:5976
- C:\Windows\System\nwJRJoD.exe
  C:\Windows\System\nwJRJoD.exe
  2⤵
  PID:6104
- C:\Windows\System\IslcLQm.exe
  C:\Windows\System\IslcLQm.exe
  2⤵
  PID:1280
- C:\Windows\System\JbngYiu.exe
  C:\Windows\System\JbngYiu.exe
  2⤵
  PID:5264
- C:\Windows\System\cVswoTw.exe
  C:\Windows\System\cVswoTw.exe
  2⤵
  PID:5624
- C:\Windows\System\djGVzoT.exe
  C:\Windows\System\djGVzoT.exe
  2⤵
  PID:6192
- C:\Windows\System\gnEvSpP.exe
  C:\Windows\System\gnEvSpP.exe
  2⤵
  PID:6216
- C:\Windows\System\qWkjLff.exe
  C:\Windows\System\qWkjLff.exe
  2⤵
  PID:6292
- C:\Windows\System\wNxITLN.exe
  C:\Windows\System\wNxITLN.exe
  2⤵
  PID:6328
- C:\Windows\System\CTzmXEi.exe
  C:\Windows\System\CTzmXEi.exe
  2⤵
  PID:6388
- C:\Windows\System\CrVWnsW.exe
  C:\Windows\System\CrVWnsW.exe
  2⤵
  PID:6468
- C:\Windows\System\krRVMfe.exe
  C:\Windows\System\krRVMfe.exe
  2⤵
  PID:6500
- C:\Windows\System\hYrLIZC.exe
  C:\Windows\System\hYrLIZC.exe
  2⤵
  PID:6564
- C:\Windows\System\sukBypf.exe
  C:\Windows\System\sukBypf.exe
  2⤵
  PID:6200
- C:\Windows\System\wbZYqkI.exe
  C:\Windows\System\wbZYqkI.exe
  2⤵
  PID:6664
- C:\Windows\System\wYcnIRj.exe
  C:\Windows\System\wYcnIRj.exe
  2⤵
  PID:6680
- C:\Windows\System\OAoGRPm.exe
  C:\Windows\System\OAoGRPm.exe
  2⤵
  PID:2864
- C:\Windows\System\kRlnZZe.exe
  C:\Windows\System\kRlnZZe.exe
  2⤵
  PID:6760
- C:\Windows\System\yaCZWyh.exe
  C:\Windows\System\yaCZWyh.exe
  2⤵
  PID:6824
- C:\Windows\System\PziOPYv.exe
  C:\Windows\System\PziOPYv.exe
  2⤵
  PID:6888
- C:\Windows\System\EyXKIEA.exe
  C:\Windows\System\EyXKIEA.exe
  2⤵
  PID:6952
- C:\Windows\System\nrhkwsX.exe
  C:\Windows\System\nrhkwsX.exe
  2⤵
  PID:6968
- C:\Windows\System\qBDpGij.exe
  C:\Windows\System\qBDpGij.exe
  2⤵
  PID:7028
- C:\Windows\System\gxrczyQ.exe
  C:\Windows\System\gxrczyQ.exe
  2⤵
  PID:7128
- C:\Windows\System\NKdCtSl.exe
  C:\Windows\System\NKdCtSl.exe
  2⤵
  PID:5928
- C:\Windows\System\baDPnFq.exe
  C:\Windows\System\baDPnFq.exe
  2⤵
  PID:2676
- C:\Windows\System\QZZLseO.exe
  C:\Windows\System\QZZLseO.exe
  2⤵
  PID:3016
- C:\Windows\System\fXLuoad.exe
  C:\Windows\System\fXLuoad.exe
  2⤵
  PID:6148
- C:\Windows\System\zapEptG.exe
  C:\Windows\System\zapEptG.exe
  2⤵
  PID:6248
- C:\Windows\System\dHGviTG.exe
  C:\Windows\System\dHGviTG.exe
  2⤵
  PID:6372
- C:\Windows\System\ooKICtx.exe
  C:\Windows\System\ooKICtx.exe
  2⤵
  PID:6424
- C:\Windows\System\fvaSLKt.exe
  C:\Windows\System\fvaSLKt.exe
  2⤵
  PID:6520
- C:\Windows\System\cydiUkV.exe
  C:\Windows\System\cydiUkV.exe
  2⤵
  PID:6644
- C:\Windows\System\PaWfzAF.exe
  C:\Windows\System\PaWfzAF.exe
  2⤵
  PID:6696
- C:\Windows\System\qxdBdSO.exe
  C:\Windows\System\qxdBdSO.exe
  2⤵
  PID:3004
- C:\Windows\System\DbviSmp.exe
  C:\Windows\System\DbviSmp.exe
  2⤵
  PID:3000
- C:\Windows\System\vzNdKYK.exe
  C:\Windows\System\vzNdKYK.exe
  2⤵
  PID:3548
- C:\Windows\System\tsFdaEw.exe
  C:\Windows\System\tsFdaEw.exe
  2⤵
  PID:1500
- C:\Windows\System\hDYKvdN.exe
  C:\Windows\System\hDYKvdN.exe
  2⤵
  PID:7160
- C:\Windows\System\aRpnAcU.exe
  C:\Windows\System\aRpnAcU.exe
  2⤵
  PID:3640
- C:\Windows\System\EsjgfZV.exe
  C:\Windows\System\EsjgfZV.exe
  2⤵
  PID:5508
- C:\Windows\System\umIUOwb.exe
  C:\Windows\System\umIUOwb.exe
  2⤵
  PID:6324
- C:\Windows\System\ZIDOudF.exe
  C:\Windows\System\ZIDOudF.exe
  2⤵
  PID:6456
- C:\Windows\System\dVsWMGN.exe
  C:\Windows\System\dVsWMGN.exe
  2⤵
  PID:6744
- C:\Windows\System\lQIGxgs.exe
  C:\Windows\System\lQIGxgs.exe
  2⤵
  PID:2588
- C:\Windows\System\YXMOjWd.exe
  C:\Windows\System\YXMOjWd.exe
  2⤵
  PID:1740
- C:\Windows\System\drKJhul.exe
  C:\Windows\System\drKJhul.exe
  2⤵
  PID:7188
- C:\Windows\System\wfWSXtn.exe
  C:\Windows\System\wfWSXtn.exe
  2⤵
  PID:7208
- C:\Windows\System\merTOuM.exe
  C:\Windows\System\merTOuM.exe
  2⤵
  PID:7228
- C:\Windows\System\aSuXoLO.exe
  C:\Windows\System\aSuXoLO.exe
  2⤵
  PID:7248
- C:\Windows\System\MNvhBmY.exe
  C:\Windows\System\MNvhBmY.exe
  2⤵
  PID:7272
- C:\Windows\System\BBEikNR.exe
  C:\Windows\System\BBEikNR.exe
  2⤵
  PID:7292
- C:\Windows\System\ckEFOvs.exe
  C:\Windows\System\ckEFOvs.exe
  2⤵
  PID:7312
- C:\Windows\System\NiXDdxk.exe
  C:\Windows\System\NiXDdxk.exe
  2⤵
  PID:7332
- C:\Windows\System\GumoyOE.exe
  C:\Windows\System\GumoyOE.exe
  2⤵
  PID:7356
- C:\Windows\System\CciKLZl.exe
  C:\Windows\System\CciKLZl.exe
  2⤵
  PID:7380
- C:\Windows\System\WPyZSdV.exe
  C:\Windows\System\WPyZSdV.exe
  2⤵
  PID:7396
- C:\Windows\System\qxbvNsr.exe
  C:\Windows\System\qxbvNsr.exe
  2⤵
  PID:7416
- C:\Windows\System\GJoLiry.exe
  C:\Windows\System\GJoLiry.exe
  2⤵
  PID:7432
- C:\Windows\System\COONKUx.exe
  C:\Windows\System\COONKUx.exe
  2⤵
  PID:7448
- C:\Windows\System\ipQyXGj.exe
  C:\Windows\System\ipQyXGj.exe
  2⤵
  PID:7464
- C:\Windows\System\YgGthbd.exe
  C:\Windows\System\YgGthbd.exe
  2⤵
  PID:7480
- C:\Windows\System\RgDYECi.exe
  C:\Windows\System\RgDYECi.exe
  2⤵
  PID:7496
- C:\Windows\System\ZQhXvNV.exe
  C:\Windows\System\ZQhXvNV.exe
  2⤵
  PID:7512
- C:\Windows\System\adKsGGC.exe
  C:\Windows\System\adKsGGC.exe
  2⤵
  PID:7528
- C:\Windows\System\EYpLoJr.exe
  C:\Windows\System\EYpLoJr.exe
  2⤵
  PID:7544
- C:\Windows\System\aotNBXw.exe
  C:\Windows\System\aotNBXw.exe
  2⤵
  PID:7560
- C:\Windows\System\leLAeGm.exe
  C:\Windows\System\leLAeGm.exe
  2⤵
  PID:7616
- C:\Windows\System\vDRdXtT.exe
  C:\Windows\System\vDRdXtT.exe
  2⤵
  PID:7632
- C:\Windows\System\NpsLSqn.exe
  C:\Windows\System\NpsLSqn.exe
  2⤵
  PID:7648
- C:\Windows\System\KnLOfBz.exe
  C:\Windows\System\KnLOfBz.exe
  2⤵
  PID:7664
- C:\Windows\System\mHZalQP.exe
  C:\Windows\System\mHZalQP.exe
  2⤵
  PID:7680
- C:\Windows\System\NcqSflg.exe
  C:\Windows\System\NcqSflg.exe
  2⤵
  PID:7696
- C:\Windows\System\Xqtcpfp.exe
  C:\Windows\System\Xqtcpfp.exe
  2⤵
  PID:7712
- C:\Windows\System\kQMicwY.exe
  C:\Windows\System\kQMicwY.exe
  2⤵
  PID:7728
- C:\Windows\System\KllqzXU.exe
  C:\Windows\System\KllqzXU.exe
  2⤵
  PID:7744
- C:\Windows\System\SWcRUFv.exe
  C:\Windows\System\SWcRUFv.exe
  2⤵
  PID:7760
- C:\Windows\System\YIIaIxP.exe
  C:\Windows\System\YIIaIxP.exe
  2⤵
  PID:7776
- C:\Windows\System\vUqRjSY.exe
  C:\Windows\System\vUqRjSY.exe
  2⤵
  PID:7792
- C:\Windows\System\bsOuwKg.exe
  C:\Windows\System\bsOuwKg.exe
  2⤵
  PID:7808
- C:\Windows\System\ZASKKlr.exe
  C:\Windows\System\ZASKKlr.exe
  2⤵
  PID:7824
- C:\Windows\System\SyAwnVQ.exe
  C:\Windows\System\SyAwnVQ.exe
  2⤵
  PID:7840
- C:\Windows\System\LMwBuUz.exe
  C:\Windows\System\LMwBuUz.exe
  2⤵
  PID:7860
- C:\Windows\System\uInZbvz.exe
  C:\Windows\System\uInZbvz.exe
  2⤵
  PID:7876
- C:\Windows\System\TGXCuzZ.exe
  C:\Windows\System\TGXCuzZ.exe
  2⤵
  PID:7892
- C:\Windows\System\hjjNMMK.exe
  C:\Windows\System\hjjNMMK.exe
  2⤵
  PID:7908
- C:\Windows\System\AbZIKwh.exe
  C:\Windows\System\AbZIKwh.exe
  2⤵
  PID:7924
- C:\Windows\System\XimKEQQ.exe
  C:\Windows\System\XimKEQQ.exe
  2⤵
  PID:7940
- C:\Windows\System\LAlaZkN.exe
  C:\Windows\System\LAlaZkN.exe
  2⤵
  PID:7956
- C:\Windows\System\lIBZpfP.exe
  C:\Windows\System\lIBZpfP.exe
  2⤵
  PID:7972
- C:\Windows\System\SpngEhs.exe
  C:\Windows\System\SpngEhs.exe
  2⤵
  PID:7988
- C:\Windows\System\nOFRoAz.exe
  C:\Windows\System\nOFRoAz.exe
  2⤵
  PID:8004
- C:\Windows\System\EdsZjST.exe
  C:\Windows\System\EdsZjST.exe
  2⤵
  PID:8020
- C:\Windows\System\QAczaWR.exe
  C:\Windows\System\QAczaWR.exe
  2⤵
  PID:8036
- C:\Windows\System\trsVLrj.exe
  C:\Windows\System\trsVLrj.exe
  2⤵
  PID:8052
- C:\Windows\System\AnwdkHy.exe
  C:\Windows\System\AnwdkHy.exe
  2⤵
  PID:8068
- C:\Windows\System\TiBCgSL.exe
  C:\Windows\System\TiBCgSL.exe
  2⤵
  PID:8084
- C:\Windows\System\AnuUrAW.exe
  C:\Windows\System\AnuUrAW.exe
  2⤵
  PID:8100
- C:\Windows\System\MXqfpRS.exe
  C:\Windows\System\MXqfpRS.exe
  2⤵
  PID:8116
- C:\Windows\System\EAMyVpk.exe
  C:\Windows\System\EAMyVpk.exe
  2⤵
  PID:8132
- C:\Windows\System\FyKiFUH.exe
  C:\Windows\System\FyKiFUH.exe
  2⤵
  PID:8148
- C:\Windows\System\jzKitPD.exe
  C:\Windows\System\jzKitPD.exe
  2⤵
  PID:8164
- C:\Windows\System\rFUlBje.exe
  C:\Windows\System\rFUlBje.exe
  2⤵
  PID:8180
- C:\Windows\System\emMsZND.exe
  C:\Windows\System\emMsZND.exe
  2⤵
  PID:2856
- C:\Windows\System\NQdzwia.exe
  C:\Windows\System\NQdzwia.exe
  2⤵
  PID:6616
- C:\Windows\System\xhMcfIN.exe
  C:\Windows\System\xhMcfIN.exe
  2⤵
  PID:1188
- C:\Windows\System\xqhWrtr.exe
  C:\Windows\System\xqhWrtr.exe
  2⤵
  PID:6920
- C:\Windows\System\VLgNnAM.exe
  C:\Windows\System\VLgNnAM.exe
  2⤵
  PID:276
- C:\Windows\System\UGjSUgP.exe
  C:\Windows\System\UGjSUgP.exe
  2⤵
  PID:7196
- C:\Windows\System\dINMOWz.exe
  C:\Windows\System\dINMOWz.exe
  2⤵
  PID:7220
- C:\Windows\System\mXmQlVc.exe
  C:\Windows\System\mXmQlVc.exe
  2⤵
  PID:7320
- C:\Windows\System\ecLwoYB.exe
  C:\Windows\System\ecLwoYB.exe
  2⤵
  PID:2256
- C:\Windows\System\MvYpqFR.exe
  C:\Windows\System\MvYpqFR.exe
  2⤵
  PID:7388
- C:\Windows\System\rJSMLVl.exe
  C:\Windows\System\rJSMLVl.exe
  2⤵
  PID:7364
- C:\Windows\System\qRmVeTM.exe
  C:\Windows\System\qRmVeTM.exe
  2⤵
  PID:7460
- C:\Windows\System\dYGGiCY.exe
  C:\Windows\System\dYGGiCY.exe
  2⤵
  PID:7520
- C:\Windows\System\PlVugJS.exe
  C:\Windows\System\PlVugJS.exe
  2⤵
  PID:1696
- C:\Windows\System\CSUSgRn.exe
  C:\Windows\System\CSUSgRn.exe
  2⤵
  PID:7440
- C:\Windows\System\kWIvyKr.exe
  C:\Windows\System\kWIvyKr.exe
  2⤵
  PID:7536
- C:\Windows\System\CNLOavk.exe
  C:\Windows\System\CNLOavk.exe
  2⤵
  PID:4744
- C:\Windows\System\dkvqbSb.exe
  C:\Windows\System\dkvqbSb.exe
  2⤵
  PID:7584
- C:\Windows\System\DbrPnfj.exe
  C:\Windows\System\DbrPnfj.exe
  2⤵
  PID:1536
- C:\Windows\System\jaFLFrJ.exe
  C:\Windows\System\jaFLFrJ.exe
  2⤵
  PID:2412
- C:\Windows\System\VtfTlIr.exe
  C:\Windows\System\VtfTlIr.exe
  2⤵
  PID:7624
- C:\Windows\System\tfNgFfb.exe
  C:\Windows\System\tfNgFfb.exe
  2⤵
  PID:7656
- C:\Windows\System\ILhqCRT.exe
  C:\Windows\System\ILhqCRT.exe
  2⤵
  PID:7676
- C:\Windows\System\UPGnfEI.exe
  C:\Windows\System\UPGnfEI.exe
  2⤵
  PID:7772
- C:\Windows\System\NosfaBi.exe
  C:\Windows\System\NosfaBi.exe
  2⤵
  PID:7836
- C:\Windows\System\wdqbFpc.exe
  C:\Windows\System\wdqbFpc.exe
  2⤵
  PID:7688
- C:\Windows\System\IrmwMrO.exe
  C:\Windows\System\IrmwMrO.exe
  2⤵
  PID:7692
- C:\Windows\System\xgErqBG.exe
  C:\Windows\System\xgErqBG.exe
  2⤵
  PID:7756
- C:\Windows\System\KqMJrkT.exe
  C:\Windows\System\KqMJrkT.exe
  2⤵
  PID:7784
- C:\Windows\System\soDPvPJ.exe
  C:\Windows\System\soDPvPJ.exe
  2⤵
  PID:7996
- C:\Windows\System\rwLeUyK.exe
  C:\Windows\System\rwLeUyK.exe
  2⤵
  PID:8048
- C:\Windows\System\TKOSZRG.exe
  C:\Windows\System\TKOSZRG.exe
  2⤵
  PID:8060
- C:\Windows\System\kvyJIEk.exe
  C:\Windows\System\kvyJIEk.exe
  2⤵
  PID:8124
- C:\Windows\System\sKheCtL.exe
  C:\Windows\System\sKheCtL.exe
  2⤵
  PID:8140
- C:\Windows\System\rRuSlje.exe
  C:\Windows\System\rRuSlje.exe
  2⤵
  PID:8160
- C:\Windows\System\yGFJfme.exe
  C:\Windows\System\yGFJfme.exe
  2⤵
  PID:6488
- C:\Windows\System\sTcsxSP.exe
  C:\Windows\System\sTcsxSP.exe
  2⤵
  PID:2216
- C:\Windows\System\CDBjSdd.exe
  C:\Windows\System\CDBjSdd.exe
  2⤵
  PID:7216
- C:\Windows\System\JMDUJIT.exe
  C:\Windows\System\JMDUJIT.exe
  2⤵
  PID:7176
- C:\Windows\System\tPgJptm.exe
  C:\Windows\System\tPgJptm.exe
  2⤵
  PID:7260
- C:\Windows\System\YOTcecv.exe
  C:\Windows\System\YOTcecv.exe
  2⤵
  PID:7300
- C:\Windows\System\ZJCvWux.exe
  C:\Windows\System\ZJCvWux.exe
  2⤵
  PID:7288
- C:\Windows\System\urzkydF.exe
  C:\Windows\System\urzkydF.exe
  2⤵
  PID:7600
- C:\Windows\System\NmwyltW.exe
  C:\Windows\System\NmwyltW.exe
  2⤵
  PID:7324
- C:\Windows\System\CWmhuoc.exe
  C:\Windows\System\CWmhuoc.exe
  2⤵
  PID:2020
- C:\Windows\System\uUkjFTA.exe
  C:\Windows\System\uUkjFTA.exe
  2⤵
  PID:7412
- C:\Windows\System\VTrTqaM.exe
  C:\Windows\System\VTrTqaM.exe
  2⤵
  PID:7424
- C:\Windows\System\GbQGjid.exe
  C:\Windows\System\GbQGjid.exe
  2⤵
  PID:7552
- C:\Windows\System\FvNvtuv.exe
  C:\Windows\System\FvNvtuv.exe
  2⤵
  PID:7472
- C:\Windows\System\nDgrMdS.exe
  C:\Windows\System\nDgrMdS.exe
  2⤵
  PID:4128
- C:\Windows\System\ztuutyf.exe
  C:\Windows\System\ztuutyf.exe
  2⤵
  PID:408
- C:\Windows\System\FDCTaHn.exe
  C:\Windows\System\FDCTaHn.exe
  2⤵
  PID:7640
- C:\Windows\System\sZgBTZt.exe
  C:\Windows\System\sZgBTZt.exe
  2⤵
  PID:7644
- C:\Windows\System\MSfozAG.exe
  C:\Windows\System\MSfozAG.exe
  2⤵
  PID:7628
- C:\Windows\System\BqhRtkZ.exe
  C:\Windows\System\BqhRtkZ.exe
  2⤵
  PID:7832
- C:\Windows\System\BJqNRpA.exe
  C:\Windows\System\BJqNRpA.exe
  2⤵
  PID:7848
- C:\Windows\System\kZrMXlV.exe
  C:\Windows\System\kZrMXlV.exe
  2⤵
  PID:7720
- C:\Windows\System\cigcvHZ.exe
  C:\Windows\System\cigcvHZ.exe
  2⤵
  PID:7884
- C:\Windows\System\DjDyTIO.exe
  C:\Windows\System\DjDyTIO.exe
  2⤵
  PID:7936
- C:\Windows\System\QqOSkWi.exe
  C:\Windows\System\QqOSkWi.exe
  2⤵
  PID:8012
- C:\Windows\System\teTMgDT.exe
  C:\Windows\System\teTMgDT.exe
  2⤵
  PID:8032
- C:\Windows\System\uosXRMS.exe
  C:\Windows\System\uosXRMS.exe
  2⤵
  PID:8108
- C:\Windows\System\PetsvJf.exe
  C:\Windows\System\PetsvJf.exe
  2⤵
  PID:8080
- C:\Windows\System\fxbcTJC.exe
  C:\Windows\System\fxbcTJC.exe
  2⤵
  PID:2532
- C:\Windows\System\WhnNfSY.exe
  C:\Windows\System\WhnNfSY.exe
  2⤵
  PID:7080
- C:\Windows\System\UKqsBNT.exe
  C:\Windows\System\UKqsBNT.exe
  2⤵
  PID:7592
- C:\Windows\System\fCTLVcV.exe
  C:\Windows\System\fCTLVcV.exe
  2⤵
  PID:7280
- C:\Windows\System\ahZniJB.exe
  C:\Windows\System\ahZniJB.exe
  2⤵
  PID:7344
- C:\Windows\System\zpKeJkr.exe
  C:\Windows\System\zpKeJkr.exe
  2⤵
  PID:1224
- C:\Windows\System\yCaWQwx.exe
  C:\Windows\System\yCaWQwx.exe
  2⤵
  PID:7428
- C:\Windows\System\jFlLxcp.exe
  C:\Windows\System\jFlLxcp.exe
  2⤵
  PID:7596
- C:\Windows\System\eFZaVEJ.exe
  C:\Windows\System\eFZaVEJ.exe
  2⤵
  PID:7508
- C:\Windows\System\GgVGGUF.exe
  C:\Windows\System\GgVGGUF.exe
  2⤵
  PID:1816
- C:\Windows\System\bosNaji.exe
  C:\Windows\System\bosNaji.exe
  2⤵
  PID:7856
- C:\Windows\System\fLNIfoD.exe
  C:\Windows\System\fLNIfoD.exe
  2⤵
  PID:7984
- C:\Windows\System\ZGzgraQ.exe
  C:\Windows\System\ZGzgraQ.exe
  2⤵
  PID:6160
- C:\Windows\System\OxzrKHX.exe
  C:\Windows\System\OxzrKHX.exe
  2⤵
  PID:7236
- C:\Windows\System\YwJZAvq.exe
  C:\Windows\System\YwJZAvq.exe
  2⤵
  PID:7916
- C:\Windows\System\EavnLAm.exe
  C:\Windows\System\EavnLAm.exe
  2⤵
  PID:8112
- C:\Windows\System\JDfNsmd.exe
  C:\Windows\System\JDfNsmd.exe
  2⤵
  PID:7608
- C:\Windows\System\SBYUydZ.exe
  C:\Windows\System\SBYUydZ.exe
  2⤵
  PID:1120
- C:\Windows\System\ppvJjDO.exe
  C:\Windows\System\ppvJjDO.exe
  2⤵
  PID:7268
- C:\Windows\System\yfHvpqK.exe
  C:\Windows\System\yfHvpqK.exe
  2⤵
  PID:7476
- C:\Windows\System\MwTRDOI.exe
  C:\Windows\System\MwTRDOI.exe
  2⤵
  PID:8092
- C:\Windows\System\oMJyYGZ.exe
  C:\Windows\System\oMJyYGZ.exe
  2⤵
  PID:8044
- C:\Windows\System\aUeuHtZ.exe
  C:\Windows\System\aUeuHtZ.exe
  2⤵
  PID:8204
- C:\Windows\System\FLHtbGB.exe
  C:\Windows\System\FLHtbGB.exe
  2⤵
  PID:8220
- C:\Windows\System\dwqBAXg.exe
  C:\Windows\System\dwqBAXg.exe
  2⤵
  PID:8236
- C:\Windows\System\lsyiRhm.exe
  C:\Windows\System\lsyiRhm.exe
  2⤵
  PID:8252
- C:\Windows\System\XCHbgba.exe
  C:\Windows\System\XCHbgba.exe
  2⤵
  PID:8268
- C:\Windows\System\vIOVpeP.exe
  C:\Windows\System\vIOVpeP.exe
  2⤵
  PID:8284
- C:\Windows\System\NdFbadF.exe
  C:\Windows\System\NdFbadF.exe
  2⤵
  PID:8300
- C:\Windows\System\UWkrkhU.exe
  C:\Windows\System\UWkrkhU.exe
  2⤵
  PID:8316
- C:\Windows\System\hXUzAFJ.exe
  C:\Windows\System\hXUzAFJ.exe
  2⤵
  PID:8332
- C:\Windows\System\dItLNdS.exe
  C:\Windows\System\dItLNdS.exe
  2⤵
  PID:8348
- C:\Windows\System\LoWxHqH.exe
  C:\Windows\System\LoWxHqH.exe
  2⤵
  PID:8364
- C:\Windows\System\ZBTUsaA.exe
  C:\Windows\System\ZBTUsaA.exe
  2⤵
  PID:8380
- C:\Windows\System\TaSoQYi.exe
  C:\Windows\System\TaSoQYi.exe
  2⤵
  PID:8396
- C:\Windows\System\HRojhna.exe
  C:\Windows\System\HRojhna.exe
  2⤵
  PID:8412
- C:\Windows\System\yBsdSKY.exe
  C:\Windows\System\yBsdSKY.exe
  2⤵
  PID:8432
- C:\Windows\System\UdxHLsO.exe
  C:\Windows\System\UdxHLsO.exe
  2⤵
  PID:8448
- C:\Windows\System\iyWwpCm.exe
  C:\Windows\System\iyWwpCm.exe
  2⤵
  PID:8464
- C:\Windows\System\HUcwSaL.exe
  C:\Windows\System\HUcwSaL.exe
  2⤵
  PID:8480
- C:\Windows\System\nheWJhS.exe
  C:\Windows\System\nheWJhS.exe
  2⤵
  PID:8496
- C:\Windows\System\hrtKBqs.exe
  C:\Windows\System\hrtKBqs.exe
  2⤵
  PID:8512
- C:\Windows\System\mPVhmVC.exe
  C:\Windows\System\mPVhmVC.exe
  2⤵
  PID:8528
- C:\Windows\System\iWbYfdn.exe
  C:\Windows\System\iWbYfdn.exe
  2⤵
  PID:8548
- C:\Windows\System\ZdaBrkI.exe
  C:\Windows\System\ZdaBrkI.exe
  2⤵
  PID:8564
- C:\Windows\System\AoMLkgp.exe
  C:\Windows\System\AoMLkgp.exe
  2⤵
  PID:8580
- C:\Windows\System\LFIGVwR.exe
  C:\Windows\System\LFIGVwR.exe
  2⤵
  PID:8596
- C:\Windows\System\SLNiEeD.exe
  C:\Windows\System\SLNiEeD.exe
  2⤵
  PID:8612
- C:\Windows\System\XOighVf.exe
  C:\Windows\System\XOighVf.exe
  2⤵
  PID:8628
- C:\Windows\System\GeozYVn.exe
  C:\Windows\System\GeozYVn.exe
  2⤵
  PID:8644
- C:\Windows\System\HPpeeUf.exe
  C:\Windows\System\HPpeeUf.exe
  2⤵
  PID:8660
- C:\Windows\System\IYAguOF.exe
  C:\Windows\System\IYAguOF.exe
  2⤵
  PID:8676
- C:\Windows\System\UNMAcXm.exe
  C:\Windows\System\UNMAcXm.exe
  2⤵
  PID:8692
- C:\Windows\System\WAlXdgD.exe
  C:\Windows\System\WAlXdgD.exe
  2⤵
  PID:8708
- C:\Windows\System\bqCYVKQ.exe
  C:\Windows\System\bqCYVKQ.exe
  2⤵
  PID:8724
- C:\Windows\System\aYDlXMl.exe
  C:\Windows\System\aYDlXMl.exe
  2⤵
  PID:8740
- C:\Windows\System\sKMRFUv.exe
  C:\Windows\System\sKMRFUv.exe
  2⤵
  PID:8756
- C:\Windows\System\HJVrbEW.exe
  C:\Windows\System\HJVrbEW.exe
  2⤵
  PID:8772
- C:\Windows\System\lDxHmKz.exe
  C:\Windows\System\lDxHmKz.exe
  2⤵
  PID:8788
- C:\Windows\System\yefLFdA.exe
  C:\Windows\System\yefLFdA.exe
  2⤵
  PID:8804
- C:\Windows\System\AFwGqaW.exe
  C:\Windows\System\AFwGqaW.exe
  2⤵
  PID:8820
- C:\Windows\System\cFovKge.exe
  C:\Windows\System\cFovKge.exe
  2⤵
  PID:8836
- C:\Windows\System\axhMrtO.exe
  C:\Windows\System\axhMrtO.exe
  2⤵
  PID:8852
- C:\Windows\System\UuhcDZf.exe
  C:\Windows\System\UuhcDZf.exe
  2⤵
  PID:8876
- C:\Windows\System\nPXfioU.exe
  C:\Windows\System\nPXfioU.exe
  2⤵
  PID:8892
- C:\Windows\System\drSipgm.exe
  C:\Windows\System\drSipgm.exe
  2⤵
  PID:8908
- C:\Windows\System\oHYfVUs.exe
  C:\Windows\System\oHYfVUs.exe
  2⤵
  PID:8948
- C:\Windows\System\zyDWBkQ.exe
  C:\Windows\System\zyDWBkQ.exe
  2⤵
  PID:8988
- C:\Windows\System\scwGZGn.exe
  C:\Windows\System\scwGZGn.exe
  2⤵
  PID:9028
- C:\Windows\System\BYiUHLO.exe
  C:\Windows\System\BYiUHLO.exe
  2⤵
  PID:9064
- C:\Windows\System\OxxpZuB.exe
  C:\Windows\System\OxxpZuB.exe
  2⤵
  PID:9088
- C:\Windows\System\VvLQjNP.exe
  C:\Windows\System\VvLQjNP.exe
  2⤵
  PID:9104
- C:\Windows\System\EHhQTkt.exe
  C:\Windows\System\EHhQTkt.exe
  2⤵
  PID:9120
- C:\Windows\System\XGisxtU.exe
  C:\Windows\System\XGisxtU.exe
  2⤵
  PID:9136
- C:\Windows\System\OyVTRsw.exe
  C:\Windows\System\OyVTRsw.exe
  2⤵
  PID:9164
- C:\Windows\System\HXVYIfW.exe
  C:\Windows\System\HXVYIfW.exe
  2⤵
  PID:9180
- C:\Windows\System\twDkGhE.exe
  C:\Windows\System\twDkGhE.exe
  2⤵
  PID:9196
- C:\Windows\System\UtZeWuG.exe
  C:\Windows\System\UtZeWuG.exe
  2⤵
  PID:9212
- C:\Windows\System\eHydFKQ.exe
  C:\Windows\System\eHydFKQ.exe
  2⤵
  PID:7952
- C:\Windows\System\LPVhAaM.exe
  C:\Windows\System\LPVhAaM.exe
  2⤵
  PID:7492
- C:\Windows\System\KXKqaMI.exe
  C:\Windows\System\KXKqaMI.exe
  2⤵
  PID:268
- C:\Windows\System\svGDjMo.exe
  C:\Windows\System\svGDjMo.exe
  2⤵
  PID:8244
- C:\Windows\System\uHRlrpa.exe
  C:\Windows\System\uHRlrpa.exe
  2⤵
  PID:8280
- C:\Windows\System\hmKGRWr.exe
  C:\Windows\System\hmKGRWr.exe
  2⤵
  PID:8372
- C:\Windows\System\WOAgZgD.exe
  C:\Windows\System\WOAgZgD.exe
  2⤵
  PID:8408
- C:\Windows\System\ZQFTWfj.exe
  C:\Windows\System\ZQFTWfj.exe
  2⤵
  PID:8232
- C:\Windows\System\PAnzXvR.exe
  C:\Windows\System\PAnzXvR.exe
  2⤵
  PID:8324
- C:\Windows\System\XzOFzZn.exe
  C:\Windows\System\XzOFzZn.exe
  2⤵
  PID:8388
- C:\Windows\System\mwKCGeK.exe
  C:\Windows\System\mwKCGeK.exe
  2⤵
  PID:8196
- C:\Windows\System\IypBVCg.exe
  C:\Windows\System\IypBVCg.exe
  2⤵
  PID:8476
- C:\Windows\System\XnnVtTU.exe
  C:\Windows\System\XnnVtTU.exe
  2⤵
  PID:8460
- C:\Windows\System\xYrysNW.exe
  C:\Windows\System\xYrysNW.exe
  2⤵
  PID:8544
- C:\Windows\System\OvPIGgL.exe
  C:\Windows\System\OvPIGgL.exe
  2⤵
  PID:8576
- C:\Windows\System\EvyErtR.exe
  C:\Windows\System\EvyErtR.exe
  2⤵
  PID:8588
- C:\Windows\System\tZKcGkf.exe
  C:\Windows\System\tZKcGkf.exe
  2⤵
  PID:8652
- C:\Windows\System\kMFudGW.exe
  C:\Windows\System\kMFudGW.exe
  2⤵
  PID:8688
- C:\Windows\System\SjCDDYu.exe
  C:\Windows\System\SjCDDYu.exe
  2⤵
  PID:8640
- C:\Windows\System\uWYGWUm.exe
  C:\Windows\System\uWYGWUm.exe
  2⤵
  PID:8732
- C:\Windows\System\femgKNt.exe
  C:\Windows\System\femgKNt.exe
  2⤵
  PID:8764
- C:\Windows\System\NVisLgT.exe
  C:\Windows\System\NVisLgT.exe
  2⤵
  PID:8796
- C:\Windows\System\GhpnxxG.exe
  C:\Windows\System\GhpnxxG.exe
  2⤵
  PID:8828
- C:\Windows\System\KYIwwRK.exe
  C:\Windows\System\KYIwwRK.exe
  2⤵
  PID:8860
- C:\Windows\System\UMcKJrJ.exe
  C:\Windows\System\UMcKJrJ.exe
  2⤵
  PID:8884
- C:\Windows\System\GcDatGD.exe
  C:\Windows\System\GcDatGD.exe
  2⤵
  PID:8904
- C:\Windows\System\vCYFVyV.exe
  C:\Windows\System\vCYFVyV.exe
  2⤵
  PID:8928
- C:\Windows\System\QmykxNo.exe
  C:\Windows\System\QmykxNo.exe
  2⤵
  PID:8956
- C:\Windows\System\YppGsPP.exe
  C:\Windows\System\YppGsPP.exe
  2⤵
  PID:8972
- C:\Windows\System\hXCkpzn.exe
  C:\Windows\System\hXCkpzn.exe
  2⤵
  PID:9000
- C:\Windows\System\lpqiMmS.exe
  C:\Windows\System\lpqiMmS.exe
  2⤵
  PID:9016
- C:\Windows\System\anrvhqm.exe
  C:\Windows\System\anrvhqm.exe
  2⤵
  PID:9044
- C:\Windows\System\URFmWqQ.exe
  C:\Windows\System\URFmWqQ.exe
  2⤵
  PID:9072
- C:\Windows\System\HNuPaNy.exe
  C:\Windows\System\HNuPaNy.exe
  2⤵
  PID:9100
- C:\Windows\System\XgVNwVg.exe
  C:\Windows\System\XgVNwVg.exe
  2⤵
  PID:9156
- C:\Windows\System\icgfvIp.exe
  C:\Windows\System\icgfvIp.exe
  2⤵
  PID:7264
- C:\Windows\System\hzYLDCp.exe
  C:\Windows\System\hzYLDCp.exe
  2⤵
  PID:9172
- C:\Windows\System\EXeEouZ.exe
  C:\Windows\System\EXeEouZ.exe
  2⤵
  PID:2952
- C:\Windows\System\hbAqpVt.exe
  C:\Windows\System\hbAqpVt.exe
  2⤵
  PID:8340
- C:\Windows\System\WhFHDiB.exe
  C:\Windows\System\WhFHDiB.exe
  2⤵
  PID:8356
- C:\Windows\System\lBijTED.exe
  C:\Windows\System\lBijTED.exe
  2⤵
  PID:7404
- C:\Windows\System\NGcSdrS.exe
  C:\Windows\System\NGcSdrS.exe
  2⤵
  PID:8308
- C:\Windows\System\mlFdpQw.exe
  C:\Windows\System\mlFdpQw.exe
  2⤵
  PID:8424
- C:\Windows\System\GlgSoHw.exe
  C:\Windows\System\GlgSoHw.exe
  2⤵
  PID:8560
- C:\Windows\System\EZQDfjK.exe
  C:\Windows\System\EZQDfjK.exe
  2⤵
  PID:8488
- C:\Windows\System\QfQjIeY.exe
  C:\Windows\System\QfQjIeY.exe
  2⤵
  PID:8620
- C:\Windows\System\SlTEDoD.exe
  C:\Windows\System\SlTEDoD.exe
  2⤵
  PID:8656
- C:\Windows\System\wELEPLt.exe
  C:\Windows\System\wELEPLt.exe
  2⤵
  PID:8684
- C:\Windows\System\ekrktPR.exe
  C:\Windows\System\ekrktPR.exe
  2⤵
  PID:8736
- C:\Windows\System\WmEFPsj.exe
  C:\Windows\System\WmEFPsj.exe
  2⤵
  PID:8844
- C:\Windows\System\iQKhXEc.exe
  C:\Windows\System\iQKhXEc.exe
  2⤵
  PID:8924
- C:\Windows\System\Prmutfz.exe
  C:\Windows\System\Prmutfz.exe
  2⤵
  PID:8940
- C:\Windows\System\ROADkAh.exe
  C:\Windows\System\ROADkAh.exe
  2⤵
  PID:9036
- C:\Windows\System\rlDVteA.exe
  C:\Windows\System\rlDVteA.exe
  2⤵
  PID:9096
- C:\Windows\System\MkUzOXx.exe
  C:\Windows\System\MkUzOXx.exe
  2⤵
  PID:9132
- C:\Windows\System\VboQPtp.exe
  C:\Windows\System\VboQPtp.exe
  2⤵
  PID:8264
- C:\Windows\System\TGdYcvr.exe
  C:\Windows\System\TGdYcvr.exe
  2⤵
  PID:9160
- C:\Windows\System\BWXiwkZ.exe
  C:\Windows\System\BWXiwkZ.exe
  2⤵
  PID:8604
- C:\Windows\System\mylRCFS.exe
  C:\Windows\System\mylRCFS.exe
  2⤵
  PID:8212
- C:\Windows\System\qrwameQ.exe
  C:\Windows\System\qrwameQ.exe
  2⤵
  PID:8508
- C:\Windows\System\PJQCjTN.exe
  C:\Windows\System\PJQCjTN.exe
  2⤵
  PID:8444
- C:\Windows\System\NmoPGKf.exe
  C:\Windows\System\NmoPGKf.exe
  2⤵
  PID:8816
- C:\Windows\System\qCglFWB.exe
  C:\Windows\System\qCglFWB.exe
  2⤵
  PID:8920
- C:\Windows\System\LCaKZch.exe
  C:\Windows\System\LCaKZch.exe
  2⤵
  PID:8980
- C:\Windows\System\uTbcXGJ.exe
  C:\Windows\System\uTbcXGJ.exe
  2⤵
  PID:8984
- C:\Windows\System\TVMdNbP.exe
  C:\Windows\System\TVMdNbP.exe
  2⤵
  PID:9056
- C:\Windows\System\ROIAuKy.exe
  C:\Windows\System\ROIAuKy.exe
  2⤵
  PID:8404
- C:\Windows\System\qUbdtwC.exe
  C:\Windows\System\qUbdtwC.exe
  2⤵
  PID:9188
- C:\Windows\System\kaNuuzd.exe
  C:\Windows\System\kaNuuzd.exe
  2⤵
  PID:8900
- C:\Windows\System\qzmIxyy.exe
  C:\Windows\System\qzmIxyy.exe
  2⤵
  PID:7180
- C:\Windows\System\GdXFxoK.exe
  C:\Windows\System\GdXFxoK.exe
  2⤵
  PID:9228
- C:\Windows\System\LtMJbeF.exe
  C:\Windows\System\LtMJbeF.exe
  2⤵
  PID:9244
- C:\Windows\System\bmtUAmA.exe
  C:\Windows\System\bmtUAmA.exe
  2⤵
  PID:9260
- C:\Windows\System\OIgndvh.exe
  C:\Windows\System\OIgndvh.exe
  2⤵
  PID:9276
- C:\Windows\System\ZCCIOGi.exe
  C:\Windows\System\ZCCIOGi.exe
  2⤵
  PID:9292
- C:\Windows\System\iKXXrfA.exe
  C:\Windows\System\iKXXrfA.exe
  2⤵
  PID:9312
- C:\Windows\System\gJlZWqr.exe
  C:\Windows\System\gJlZWqr.exe
  2⤵
  PID:9328
- C:\Windows\System\eTTGfhP.exe
  C:\Windows\System\eTTGfhP.exe
  2⤵
  PID:9344
- C:\Windows\System\NhUjImJ.exe
  C:\Windows\System\NhUjImJ.exe
  2⤵
  PID:9360
- C:\Windows\System\wITGKsm.exe
  C:\Windows\System\wITGKsm.exe
  2⤵
  PID:9376
- C:\Windows\System\glMYxAH.exe
  C:\Windows\System\glMYxAH.exe
  2⤵
  PID:9392
- C:\Windows\System\VlTKJuC.exe
  C:\Windows\System\VlTKJuC.exe
  2⤵
  PID:9408
- C:\Windows\System\ZSBxhSX.exe
  C:\Windows\System\ZSBxhSX.exe
  2⤵
  PID:9424
- C:\Windows\System\NGWwwry.exe
  C:\Windows\System\NGWwwry.exe
  2⤵
  PID:9440
- C:\Windows\System\hXTNypR.exe
  C:\Windows\System\hXTNypR.exe
  2⤵
  PID:9456
- C:\Windows\System\GnMBeSr.exe
  C:\Windows\System\GnMBeSr.exe
  2⤵
  PID:9472
- C:\Windows\System\YNcuSfk.exe
  C:\Windows\System\YNcuSfk.exe
  2⤵
  PID:9488
- C:\Windows\System\kcVDgcp.exe
  C:\Windows\System\kcVDgcp.exe
  2⤵
  PID:9504
- C:\Windows\System\uNZKyeW.exe
  C:\Windows\System\uNZKyeW.exe
  2⤵
  PID:9520
- C:\Windows\System\HhQNwdz.exe
  C:\Windows\System\HhQNwdz.exe
  2⤵
  PID:9536
- C:\Windows\System\mduJfuZ.exe
  C:\Windows\System\mduJfuZ.exe
  2⤵
  PID:9552
- C:\Windows\System\rhQRJJd.exe
  C:\Windows\System\rhQRJJd.exe
  2⤵
  PID:9568
- C:\Windows\System\swfYKod.exe
  C:\Windows\System\swfYKod.exe
  2⤵
  PID:9584
- C:\Windows\System\rUqLkBS.exe
  C:\Windows\System\rUqLkBS.exe
  2⤵
  PID:9600
- C:\Windows\System\zRolJGR.exe
  C:\Windows\System\zRolJGR.exe
  2⤵
  PID:9616
- C:\Windows\System\uDxkafj.exe
  C:\Windows\System\uDxkafj.exe
  2⤵
  PID:9632
- C:\Windows\System\APqZhXW.exe
  C:\Windows\System\APqZhXW.exe
  2⤵
  PID:9648
- C:\Windows\System\ybkKeLN.exe
  C:\Windows\System\ybkKeLN.exe
  2⤵
  PID:9664
- C:\Windows\System\SogqkBK.exe
  C:\Windows\System\SogqkBK.exe
  2⤵
  PID:9680
- C:\Windows\System\JcDDoMa.exe
  C:\Windows\System\JcDDoMa.exe
  2⤵
  PID:9696
- C:\Windows\System\cAlKrfS.exe
  C:\Windows\System\cAlKrfS.exe
  2⤵
  PID:9712
- C:\Windows\System\vTolQTj.exe
  C:\Windows\System\vTolQTj.exe
  2⤵
  PID:9728
- C:\Windows\System\YmRKdXl.exe
  C:\Windows\System\YmRKdXl.exe
  2⤵
  PID:9744
- C:\Windows\System\WGfcnbM.exe
  C:\Windows\System\WGfcnbM.exe
  2⤵
  PID:9760
- C:\Windows\System\vSxqWQI.exe
  C:\Windows\System\vSxqWQI.exe
  2⤵
  PID:9776
- C:\Windows\System\oSeptYa.exe
  C:\Windows\System\oSeptYa.exe
  2⤵
  PID:9792
- C:\Windows\System\bzcEnsr.exe
  C:\Windows\System\bzcEnsr.exe
  2⤵
  PID:9808
- C:\Windows\System\jaPwuDG.exe
  C:\Windows\System\jaPwuDG.exe
  2⤵
  PID:9824
- C:\Windows\System\YvBebck.exe
  C:\Windows\System\YvBebck.exe
  2⤵
  PID:9840
- C:\Windows\System\crlvcgu.exe
  C:\Windows\System\crlvcgu.exe
  2⤵
  PID:9856
- C:\Windows\System\xedgXhb.exe
  C:\Windows\System\xedgXhb.exe
  2⤵
  PID:9872
- C:\Windows\System\lMMDwhE.exe
  C:\Windows\System\lMMDwhE.exe
  2⤵
  PID:9888
- C:\Windows\System\kCtEFNq.exe
  C:\Windows\System\kCtEFNq.exe
  2⤵
  PID:9904
- C:\Windows\System\Freduxf.exe
  C:\Windows\System\Freduxf.exe
  2⤵
  PID:9920
- C:\Windows\System\jMePIRu.exe
  C:\Windows\System\jMePIRu.exe
  2⤵
  PID:9936
- C:\Windows\System\EqZSCmG.exe
  C:\Windows\System\EqZSCmG.exe
  2⤵
  PID:9952
- C:\Windows\System\ntLNWcP.exe
  C:\Windows\System\ntLNWcP.exe
  2⤵
  PID:9968
- C:\Windows\System\yvDfykj.exe
  C:\Windows\System\yvDfykj.exe
  2⤵
  PID:9984
- C:\Windows\System\wkatXiX.exe
  C:\Windows\System\wkatXiX.exe
  2⤵
  PID:10000
- C:\Windows\System\KPEmCpF.exe
  C:\Windows\System\KPEmCpF.exe
  2⤵
  PID:10016
- C:\Windows\System\uChbYyP.exe
  C:\Windows\System\uChbYyP.exe
  2⤵
  PID:10032
- C:\Windows\System\iSVGMGk.exe
  C:\Windows\System\iSVGMGk.exe
  2⤵
  PID:10048
- C:\Windows\System\XRxziCi.exe
  C:\Windows\System\XRxziCi.exe
  2⤵
  PID:10064
- C:\Windows\System\svirjQD.exe
  C:\Windows\System\svirjQD.exe
  2⤵
  PID:10080
- C:\Windows\System\FoubcNj.exe
  C:\Windows\System\FoubcNj.exe
  2⤵
  PID:10096
- C:\Windows\System\zcQKlCP.exe
  C:\Windows\System\zcQKlCP.exe
  2⤵
  PID:10112
- C:\Windows\System\sIbcvuV.exe
  C:\Windows\System\sIbcvuV.exe
  2⤵
  PID:10128
- C:\Windows\System\fEZovYY.exe
  C:\Windows\System\fEZovYY.exe
  2⤵
  PID:10144
- C:\Windows\System\dTLjeSH.exe
  C:\Windows\System\dTLjeSH.exe
  2⤵
  PID:10160
- C:\Windows\System\UnyiZKa.exe
  C:\Windows\System\UnyiZKa.exe
  2⤵
  PID:10176
- C:\Windows\System\AsXgvYZ.exe
  C:\Windows\System\AsXgvYZ.exe
  2⤵
  PID:10192
- C:\Windows\System\vcZndEF.exe
  C:\Windows\System\vcZndEF.exe
  2⤵
  PID:10208
- C:\Windows\System\kRvJTTI.exe
  C:\Windows\System\kRvJTTI.exe
  2⤵
  PID:10224
- C:\Windows\System\HbKaffv.exe
  C:\Windows\System\HbKaffv.exe
  2⤵
  PID:8420
- C:\Windows\System\qoAMRDB.exe
  C:\Windows\System\qoAMRDB.exe
  2⤵
  PID:8968
- C:\Windows\System\KiVdjMg.exe
  C:\Windows\System\KiVdjMg.exe
  2⤵
  PID:9204
- C:\Windows\System\mSnUqyF.exe
  C:\Windows\System\mSnUqyF.exe
  2⤵
  PID:9284
- C:\Windows\System\XKjjnMg.exe
  C:\Windows\System\XKjjnMg.exe
  2⤵
  PID:8276
- C:\Windows\System\obuxKCg.exe
  C:\Windows\System\obuxKCg.exe
  2⤵
  PID:8868
- C:\Windows\System\PdGJqpa.exe
  C:\Windows\System\PdGJqpa.exe
  2⤵
  PID:9320
- C:\Windows\System\njVuSAG.exe
  C:\Windows\System\njVuSAG.exe
  2⤵
  PID:9416
- C:\Windows\System\HwAqIRW.exe
  C:\Windows\System\HwAqIRW.exe
  2⤵
  PID:9268
- C:\Windows\System\wwjgeyA.exe
  C:\Windows\System\wwjgeyA.exe
  2⤵
  PID:8668
- C:\Windows\System\BSJtUZf.exe
  C:\Windows\System\BSJtUZf.exe
  2⤵
  PID:9368
- C:\Windows\System\KBSkuJd.exe
  C:\Windows\System\KBSkuJd.exe
  2⤵
  PID:9432
- C:\Windows\System\PqHMTRi.exe
  C:\Windows\System\PqHMTRi.exe
  2⤵
  PID:9468
- C:\Windows\System\WjVfvRO.exe
  C:\Windows\System\WjVfvRO.exe
  2⤵
  PID:9532
- C:\Windows\System\QIgSojQ.exe
  C:\Windows\System\QIgSojQ.exe
  2⤵
  PID:9596
- C:\Windows\System\wIDreYg.exe
  C:\Windows\System\wIDreYg.exe
  2⤵
  PID:9660
- C:\Windows\System\LciFuQM.exe
  C:\Windows\System\LciFuQM.exe
  2⤵
  PID:9448
- C:\Windows\System\vRKvqXH.exe
  C:\Windows\System\vRKvqXH.exe
  2⤵
  PID:9512
- C:\Windows\System\noFoStI.exe
  C:\Windows\System\noFoStI.exe
  2⤵
  PID:9580
- C:\Windows\System\KknjYox.exe
  C:\Windows\System\KknjYox.exe
  2⤵
  PID:9644
- C:\Windows\System\gjXSduE.exe
  C:\Windows\System\gjXSduE.exe
  2⤵
  PID:9736
- C:\Windows\System\NLMkpoQ.exe
  C:\Windows\System\NLMkpoQ.exe
  2⤵
  PID:9768
- C:\Windows\System\FmuqMhJ.exe
  C:\Windows\System\FmuqMhJ.exe
  2⤵
  PID:9836
- C:\Windows\System\wooPSnr.exe
  C:\Windows\System\wooPSnr.exe
  2⤵
  PID:9928
- C:\Windows\System\waOeQrj.exe
  C:\Windows\System\waOeQrj.exe
  2⤵
  PID:9960
- C:\Windows\System\COhRUVb.exe
  C:\Windows\System\COhRUVb.exe
  2⤵
  PID:9784
- C:\Windows\System\TLNHVLE.exe
  C:\Windows\System\TLNHVLE.exe
  2⤵
  PID:9848
- C:\Windows\System\usvfhiS.exe
  C:\Windows\System\usvfhiS.exe
  2⤵
  PID:9992
- C:\Windows\System\uZRuZAw.exe
  C:\Windows\System\uZRuZAw.exe
  2⤵
  PID:10028
- C:\Windows\System\UPvnWuH.exe
  C:\Windows\System\UPvnWuH.exe
  2⤵
  PID:10008
- C:\Windows\System\gzLLChU.exe
  C:\Windows\System\gzLLChU.exe
  2⤵
  PID:10060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BpPgXUj.exe

Filesize
5.2MB

MD5
c60251e15dd1b1dab8cfc49c1488c1ba

SHA1
e8b2ae92a914d08412869198ea07cd95782a7347

SHA256
3b10b1245ebe47e9995631649f0cd16969e8a9ab9bb04f5369b0746603a00ba6

SHA512
d86a53c9aa528fd5d5c6cb338cab1ab8fb7c1e035b0d64a790a1e4212995cd5c6999d340098fd3b7e98bfe31fb6d085223d9d93de96b4e7ea76baba8cae81c90

Download Submit
C:\Windows\system\DvbTpEC.exe

Filesize
5.2MB

MD5
b03a6f3dd11277b65ea0774fe249ddf8

SHA1
5ca3e8420fd4de8228c34a518286f9294ae9a933

SHA256
7694adda90d3c53ce8fda64e624782e75f6ab9b1eaabf92ebf5c81708bfc341e

SHA512
750b75001ea2436fa825c74c0a277e957982899b19853c481302ec847134910e1ab95b88c64ef3f5a7fb7bd52f5076d2692c59f36b5eb2a5a6a68b47474ec761

Download Submit
C:\Windows\system\FjQrKnK.exe

Filesize
5.2MB

MD5
311885e0a618516c9a4d7466a856afd9

SHA1
8ad2bd9e5d82680de10d977f63726f7a60d3d041

SHA256
63e0e0eaf1c416e76da2c95ab3142e96ce05f3cb8157469bfa73f628f66a3903

SHA512
9c6b959d43666b5da5e7f79fdac24c719e9d52fc0077f7daaaaa5d46062d6c72814d01b9e447935e629d46417d9442827e5c271e523b63f08aa6f12037cd0b72

Download Submit
C:\Windows\system\GWsmtYR.exe

Filesize
5.2MB

MD5
b42a7a248e10cb21d689ca7afad43e1a

SHA1
5c237998f98b05403aec0b64d44120ee886c805c

SHA256
d678275fc86d7c909a7d246d1c3b732569fde01218b8ecdfd261ccb9b7ccb832

SHA512
1bc2ac24cbf363463036d6cc6e5a6a64026c34478792b3677d3c9ddaafa7c022a3b3a070c844923230742243d0426647b4853452f32cd55f23a0186e9f5924a9

Download Submit
C:\Windows\system\IWqtrDx.exe

Filesize
5.2MB

MD5
3ee002fd884d5ae3daccd2161ce8721b

SHA1
7572e8c94c073027a7813bd3219260a30cb802da

SHA256
39515700c5874905b2d53355d18b49e4037b829b24e6f6e7706d740dc90792bc

SHA512
ad4ac49ac34a55e93b887541384ef39d21e35e82da4b2de568ba19db796ff53ce6d289ee87a8a287e2704f43ca651ed34516722a0510085bcc852d262604ea37

Download Submit
C:\Windows\system\KVubpdO.exe

Filesize
5.2MB

MD5
63647240f7eb266a2d0b131c9ef7606f

SHA1
ef1ec3837a2d5ff09c7b4b4b25cf69c60d88ef58

SHA256
5d5b350e239cf7f3a6b7f050480794a6a31d81b15ddc26381edcae769c85d83d

SHA512
569e802ab8eebee1a2bab42bdccdd0bca38094e3b346c0b3856911f4e51ea1b51a16f54a550fa5d2751c4059a715592a5a491630df1aaac891b74bd405403e2e

Download Submit
C:\Windows\system\LemTIbT.exe

Filesize
5.2MB

MD5
76a180a361d9b75d215d333c12106a8b

SHA1
b829b815dbeabe81d6c2af5b965579bf210ee40f

SHA256
1642ff6e664f564566e8e0985fca0468ebbef07ea58e2aeb8d71cb423fb9d41c

SHA512
1605209e4bf1d0d5dff746ec43b65105f128546822868accb8916a2cbde674b3acac20c3a5cd492115b26986d056799155baa0c8d3262d2a17aa5ec62201b910

Download Submit
C:\Windows\system\LzUeouI.exe

Filesize
5.2MB

MD5
193bf9766f59110b7787784993b21635

SHA1
7de14c2ea3220f202e0a4fd5ebca563b1ef88fd7

SHA256
51f5c3cd365307246160890192c534dec4e6109635c4346c2d22a77273f622c4

SHA512
e54f80ce970f88b7ae514ab2fe873b3427fbfb49214636e40bd74319591a416448616a3284017b5a97bc4d88bc9af98432ef2b65ba5d964f44f08c7045fe76c4

Download Submit
C:\Windows\system\MwbbULb.exe

Filesize
5.2MB

MD5
933756ebc74b807f83460d5d26c45dfd

SHA1
77cca68560ae4783b6af55b0bda5a38a7dbcfb11

SHA256
7ace5e6a453279f07d550ee6ea6d8a5ef84c6ec221f3a6a1653e6be3e906eabc

SHA512
7bafed801f82b6a8ddb666a2a619c34c57c4bf2174b2d9da9d60ae8902761b0cbef7ec4a6eee7bd4581f52ef4995a5916e9450b825b00b7dcffbbdc298d2858f

Download Submit
C:\Windows\system\QAkwZbr.exe

Filesize
5.2MB

MD5
d40b10ee1745b09c92b54d49438f50e6

SHA1
64f4225504fc5d57e195d50c0ecb8c8c93234b7f

SHA256
2730d96116dcb5d0d66697d13adf2d244ae37a0eafc6fb4c17aed65dd5a15ace

SHA512
3599bad0f69dd51d9a709fe6ee79611ab959e62f54ad5d41f8806dbc0a07245053c2ab518e16c0c7f6d531d4e86d0672d1bf2d84a1aa1c5e8018aa8310c50939

Download Submit
C:\Windows\system\SwYhhgc.exe

Filesize
5.2MB

MD5
3c246fb93af5e23b52f2587f287de767

SHA1
af5b26063862b458817441b20fe1c532bfe7655b

SHA256
25f15b0c14c6804479bdf17a1dd5cc084bb13e301f90908872d4bc60c49f9110

SHA512
e94c239592e8f391addb4735207a1e1decacb1077f49115ebd10fa2f7545c4d5b72a204a82363107409212a3cc1d987262e4ce4101dc6459ab657dfa2e7b3a77

Download Submit
C:\Windows\system\WmrtfCp.exe

Filesize
5.2MB

MD5
9e318da5fe8a903728d9cdc1ef686646

SHA1
dea2e77b14aebb5fa3dde15e045db6852545a150

SHA256
66fb9046803b824853a070b054ccb288fc46f2298928d1c2ab60c91e3357a8af

SHA512
0e354ce0af00e378681e7d5e8cecc04fa0d9a690d5ac50763d64ca43130f40d5c9df24d0eacb6341b9df8bd3f8a70b83055dd84e24f8decc566d90e886ee0285

Download Submit
C:\Windows\system\WxyGrCG.exe

Filesize
5.2MB

MD5
b6f8a7a660be8ba8e78244b05fcc1666

SHA1
533c2c45474344fd8f728aa7bdd5a3d92a47b52f

SHA256
220e44d47783f5920161b7217acc65dc9a495f41fcd11e2e557bb138e564a419

SHA512
0c596ae0874899abe68df670d42bb329896032bd86421239db22b8826d68ff4efd57a0597691792584b9918b9df323a6a8240b6c4f59e8472d1d8f26ce9a4142

Download Submit
C:\Windows\system\ZcBmbDW.exe

Filesize
5.2MB

MD5
058b07f341c0e27ccbf2381fdda8cc19

SHA1
e5458633058bca48e477a3b822047275d14cd61b

SHA256
7857f926120324e472828e8a17a08e1cae1792e96319d03f47dd0a09b47f1ec7

SHA512
3c5102e728876eae6f41e65cddaa10c06d4335baee5bae5f15e943496988206d9e281471968bbdacc26331c5fb320662d7ea4372f700a035f043b1f13daae038

Download Submit
C:\Windows\system\bZxxUEL.exe

Filesize
5.2MB

MD5
e51a2094f0486480c913869563997997

SHA1
a796d6ac5e34269a5b9d3c1dc0746a2819f84904

SHA256
7df2d7fc8c52da5fab1a83f03f0281860887357f5906e885e0c377d40ebddbc3

SHA512
f68a97799140c0ec32d0450b65e2031b70315c76a0128fff6b4f14af380f074d88749a46b38582b7d7f5baa915ff64d3e69ca1ea26383812bedbadc9c9bbcfb7

Download Submit
C:\Windows\system\dGsIfZT.exe

Filesize
5.2MB

MD5
070edc3b1a8c7ad8950fa83c8de26826

SHA1
4f1b65bd769896fa1c734653208a6c5b3622e838

SHA256
56040a245822575d08e020a31c8a28ed454c844ff61673c0f273610056d97f13

SHA512
d7b262b69afdd240410753ef8e6e0163e720b079821afe0716960cdb5052b12d258bec3844ec6cb8fe65a1ef9398c1f0b1227fb5448f334d67da865d3927492b

Download Submit
C:\Windows\system\doQpOce.exe

Filesize
5.2MB

MD5
267da69d886adff4c5dc131388105626

SHA1
f76ed95e510cecaba12bafcdbbe53f09daf9da5b

SHA256
81bb87bb408f2f7acf4ef5d8bdf10603afa6c84fb4e8d41002758fe9b3e3b16e

SHA512
610df5f17710ba441f8c9d03c392d6a78778b89f720dbc3a874eb466e992bee14031705dde6cf010d45721c1d02eabff309e9f68b71e86b7cf80fd065575469d

Download Submit
C:\Windows\system\eBAGRNl.exe

Filesize
5.2MB

MD5
304756a01ce83767144e56bbafbdee75

SHA1
cead8bd21b6206334f94b6c96149acf1aed7735b

SHA256
051212bf9b505bee9662eba157deb6f209ee1612fd7172cb91d2f1a126a946bd

SHA512
2b049e3040890aa289ffb36bd387b1b282654b13930097c9bd12bf652b93440e7f650bb1658e9f9dcfc80519be48d656d94346bf70e67ff3aefe361514e985e3

Download Submit
C:\Windows\system\gJEoDwl.exe

Filesize
5.2MB

MD5
d2f1e8549809a53b3949503252d8bbb9

SHA1
7fc22a59d968ac58267c47a949250f30547e7440

SHA256
2693c2467de8cdccf0041d4f6ef68764fc596358a91d57435b1ef73903aa49cb

SHA512
8309b1d57820b4710a4147e05eaa6e48d36ad81eaa9a4087557ffe42db9797f2e76dc64ad2b485b085a6d5c2f63871886b1e5ca80c6acd7a0112d1b89aebde79

Download Submit
C:\Windows\system\iacKYDR.exe

Filesize
5.2MB

MD5
2e1f816399f555ae5feeff77e662ecf8

SHA1
894fb1f5aa2ffab967f96a6a5f4fe00d4633daa5

SHA256
660a88fc0d1feacd50aa85a4f26ec9f89970e2727c2e0c39fb96192ee1972fb7

SHA512
170293d6f1eb08ec1d3733736df6bc0f76560158b7fce0dfc7eed82040d914d6739fb0f98f1cfeb645fa8d972f9441aebd106e9a6c6c34efd28cd78115264e9f

Download Submit
C:\Windows\system\kCWnlXG.exe

Filesize
5.2MB

MD5
f5deb643c23c7b09d9bfcafb4fe16cf7

SHA1
1e33170b8fa1e7234107aa5d4976cbdddb8a066e

SHA256
b3f2c42208be822c78dd5758bc22262af4392d59ac4ffab490f13ef22b3b5ef0

SHA512
6287aaff6976f760a1c099991941cfeac96790fe8a6ece297f47ad417c28e82f6193becb15fb7bd09c7fdb4a6b9c902fa5b589ac32e10c5b339084da492c1a64

Download Submit
C:\Windows\system\nRaBusR.exe

Filesize
5.2MB

MD5
45c92aa216b892eaad4ce975a297390a

SHA1
432c98702e6fc5f4c804430a0950772943195529

SHA256
167f47b3a468458798bb798f94b6e3fed0b31bc8d8947a66fcec928bc5eac7e5

SHA512
cb1eef1ffdad96b8fc1521ce57ae8486e4ceee159f368ed79c5a552fac6c428769adb730138ef79d4e8f4ccc6b47304812c1b1e97883a867b0d01d7bb01c8007

Download Submit
C:\Windows\system\pUAxpzq.exe

Filesize
5.2MB

MD5
6eeb11ce4ca7e14658791e9625695fc4

SHA1
45a7a0eb22153f6d3099f6a2f26df9cd3dddb66f

SHA256
707e8da3a16f5db8ea711ceb007dcbc6df9b5ddbc8be7f8e4affdad65d4bbbf6

SHA512
50c5d2d7bd6bbb21d9639194386350e09d20e2259fc0ec4e6c9e20e725f87761ba495fb561de68ebc0947ff8402fd145a16388341e68f02958088d7fac5d9ada

Download Submit
C:\Windows\system\pltNMJC.exe

Filesize
5.2MB

MD5
43dba9926ea85b406f4ef18b23b66436

SHA1
e222e117d5c6a975c1a4951a49392f72f1979a18

SHA256
365488ab29a3c6be8071f4a05dadfe033a2c3fd8b5a387b1f4cb635eb817de0a

SHA512
d779e48fb4770b2ebd32672a74a21ce16f617f39de1854a64c178b0c860f03abe5f0859b2cb3598104ba95147b605a67f095b1fde386a52f7420e9f335564605

Download Submit
C:\Windows\system\ppGKMlO.exe

Filesize
5.2MB

MD5
5b2ba6b79b0930313d5c7e5a8f01c007

SHA1
0f645e9245d6da1c4266c794876982104f968b49

SHA256
a710680c62c2fd3375a0b8cf89854c242e9e85cf685393aaca9b5301060d60f0

SHA512
98cac01f42c29bdd3301a7d2b1606edaaa044229c9fb840adac48bef2abfb8aa5ab59586197d7232b299ff5edb338895b5298e83190278d79fcf34ac76f47846

Download Submit
C:\Windows\system\qAYLdpx.exe

Filesize
5.2MB

MD5
b31ec40b5bb052d1277e8535f41b4c26

SHA1
8c78a6951dfc3529cf9a7dd86a7684dde9104f88

SHA256
e530082c286da35b15d1685d1403d021c7f95c3182b301cd7ea891dad1dc329f

SHA512
65b0d4029e3100fd233564bbc78cd6b6d5a297dba09a0e849669fe4cbe9fca87c54952f214bb3224544d0546267a91e1931482511bc1e5d26236dd9ee1206b5b

Download Submit
C:\Windows\system\wEOyxWh.exe

Filesize
5.2MB

MD5
6d2dc974379e1b12a0acba94a2df22cb

SHA1
fda04b64c416696aac7dee1f97e4074c5f2fd123

SHA256
fb6f4b9440bf53299a140e645008e0c7b9dee2f5190abe2ff0933125a24e2fad

SHA512
8af821f831d8d85bd126a0bdb39305e0300871995c345c821f7cb023f33f2717df638de34488e1430140182ab2984ffa1415302b16a9963d3158a54b5ffcfe9d

Download Submit
C:\Windows\system\xrRYPrY.exe

Filesize
5.2MB

MD5
f1ca446bb8ab4d4aad314a5f0956cf67

SHA1
659047936a4c067fbb7a2de14c2046472d51d09b

SHA256
0ec9839ebc4736464e9aca130a8b02d7908b4f443a4cd00df9bff26b6faf9fa3

SHA512
09547f23bdf5553760f24a05226e9e20babc32044a69bd0ece3c2fdf0eb1cbf826aeff04759329724b3d435e6c99850af8407e93dea562cfd1ff81c737cb9228

Download Submit
\Windows\system\AuDjaim.exe

Filesize
5.2MB

MD5
c0c654a97187fbee287e86dd37854b5d

SHA1
5cc0da23d36049267cd9290961390b69a9c0cfe6

SHA256
ab464a55580540ccdefe854528ae57ca093862651ac6e0fa198b15d1889846d8

SHA512
2a22481b0c6a9bbf72f8831fdcdac2eb563afd25c1427dd7de81a48363396b7934c31a0ef2f85d513f22b823f94fd9f5056266bb1d86fc0f698355863e12ce9a

Download Submit
\Windows\system\IcpabQv.exe

Filesize
5.2MB

MD5
b8e9c9b71cac868c43a449c8be8fc57a

SHA1
a1ef83226156a42a78fd1de7ccc7810c2fa27d0a

SHA256
520414f51b5d67500c401339b809c23b4247e36fcc9c5715cafca0787fb7edf6

SHA512
da1b07c4cc9d0cec8430d626971354f6383ea6bd15e30c97a0096ee446f9a39d5adee32786208dcb41f35cda64e696a674c7687d548a5d8c91325eb449ab1836

Download Submit
\Windows\system\ODnUUOS.exe

Filesize
5.2MB

MD5
796960ad497e3ba94e3ea5e0a725f701

SHA1
6a9463b7c2218a0be3903f89c465af177c473d57

SHA256
a80152e3197db6466106159a31b87c612ef4c7c3c23b43253aa31bcd6e15a39e

SHA512
48ae250516d64ff5162facc5dc0b31fe8502750e9e82976c3e070b5536fb19ba370c7cbcfabfa47ba6f1e72ea6dce8b2a26d780642b538dd360cdc5ffd350a20

Download Submit
\Windows\system\QgRgznu.exe

Filesize
5.2MB

MD5
cc1ae23a287b1be8db4dbc6efdbe1160

SHA1
9e12f14b38fbed2a83253a61fa1333abe2c1c808

SHA256
fc1c989b83664bbca737b2659d9b3b99c5ad4a122bce0556e7a84b7c2b61e052

SHA512
e4b49b455d5f07386ac750196f3650e135a945c1196841fff39057b144ec11514b9e3130d1e20b45d4319cf95cc13df59da47920668c41ce9b248b02465d3c56

Download Submit
\Windows\system\VpHdHRL.exe

Filesize
5.2MB

MD5
b1005493fbdc93b035730369acb3d5a2

SHA1
1ca7eae830c4b60e91c71bcbe07f6a2a3f5d4ccf

SHA256
4bcf1edaa1baff7ece05acda4086fd34be0fc00466aa93e9c4bba4a0b75aac1a

SHA512
69ce0b5518de21818412e58267d42202a342213bd9c4e550438b1499eed900b724a673930f565d9c89a74b60d566af0e33f04e4a6fef8c548d8b1203cdda4fb0

Download Submit
\Windows\system\XtMXPJd.exe

Filesize
5.2MB

MD5
7133dfc7dac94d3210cd965b88040c47

SHA1
fa6a56a6b5c7dd355f1977e5dddbde8d6b21c6cc

SHA256
d718b4e0089ec2210f0036f7457e3c9f62ce32a3c1ae471666771cb110065c90

SHA512
0733ddccea17627e57743540ba59d3f6d68dc42dc13a37e5089d7b96fdca17b9bec8ef8d1abbd52811d89c45ce632d3f683a9c7c5fdc06c1d16261e0ae84fbb7

Download Submit
\Windows\system\dgiePXL.exe

Filesize
5.2MB

MD5
8bc0b2cb3a74d1d93839d373c11abfcd

SHA1
dc2bc735cefa159caa1caf8adc306e616c2bfc71

SHA256
83ebc144309b3467881eddb6009c3e930344c205c93dae74da32b481b8174920

SHA512
25123ddb90f214a2e0d1284b126ce43f30658bbc86cafbe2c23db0d239ed73a251de0e31e9eb14d85e3ed02ffe44fe33fe048a822e597d918267d85c2beb370e

Download Submit
\Windows\system\zqXpWrA.exe

Filesize
5.2MB

MD5
0e69f06b4de9b7e6e0793b8621be784c

SHA1
b15612776b080342d1c8b6fdd4216f08073754ca

SHA256
9c663e407c208c9bf508475fdb8a40a4abe38207c55eff377cdb797f9837e2c8

SHA512
5601daf2312ff32d221fdd22fd1222c5490e6a0303ba882b62f91b3b9a6bc74f8d252ba4c6b142e491d06d92e247eb78a87650274bf5fdf263015d00d6e6db15

Download Submit
memory/764-99-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-52-0x000000013F4B0000-0x000000013F801000-memory.dmp

Filesize
3.3MB

Download
memory/764-119-0x000000013FF90000-0x00000001402E1000-memory.dmp

Filesize
3.3MB

Download
memory/764-735-0x000000013F0F0000-0x000000013F441000-memory.dmp

Filesize
3.3MB

Download
memory/764-1090-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/764-1264-0x000000013FF90000-0x00000001402E1000-memory.dmp

Filesize
3.3MB

Download
memory/764-523-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-0-0x000000013F970000-0x000000013FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/764-37-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-41-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-47-0x000000013F250000-0x000000013F5A1000-memory.dmp

Filesize
3.3MB

Download
memory/764-17-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-93-0x000000013F0F0000-0x000000013F441000-memory.dmp

Filesize
3.3MB

Download
memory/764-60-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-68-0x000000013F970000-0x000000013FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/764-67-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-85-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-78-0x000000013F2E0000-0x000000013F631000-memory.dmp

Filesize
3.3MB

Download
memory/764-69-0x0000000002440000-0x0000000002791000-memory.dmp

Filesize
3.3MB

Download
memory/764-70-0x000000013FDB0000-0x0000000140101000-memory.dmp

Filesize
3.3MB

Download
memory/1164-86-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

Filesize
3.3MB

Download
memory/1164-4023-0x000000013F9A0000-0x000000013FCF1000-memory.dmp

Filesize
3.3MB

Download
memory/1996-100-0x000000013FA80000-0x000000013FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1091-0x000000013FA80000-0x000000013FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/1996-4022-0x000000013FA80000-0x000000013FDD1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3960-0x000000013F970000-0x000000013FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/2088-118-0x000000013F970000-0x000000013FCC1000-memory.dmp

Filesize
3.3MB

Download
memory/2348-4247-0x000000013F0F0000-0x000000013F441000-memory.dmp

Filesize
3.3MB

Download
memory/2348-94-0x000000013F0F0000-0x000000013F441000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4021-0x000000013FB30000-0x000000013FE81000-memory.dmp

Filesize
3.3MB

Download
memory/2356-33-0x000000013FB30000-0x000000013FE81000-memory.dmp

Filesize
3.3MB

Download
memory/2356-77-0x000000013FB30000-0x000000013FE81000-memory.dmp

Filesize
3.3MB

Download
memory/2500-62-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/2500-98-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3950-0x000000013F630000-0x000000013F981000-memory.dmp

Filesize
3.3MB

Download
memory/2524-92-0x000000013F4B0000-0x000000013F801000-memory.dmp

Filesize
3.3MB

Download
memory/2524-53-0x000000013F4B0000-0x000000013F801000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3970-0x000000013F4B0000-0x000000013F801000-memory.dmp

Filesize
3.3MB

Download
memory/2568-48-0x000000013F250000-0x000000013F5A1000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3954-0x000000013F250000-0x000000013F5A1000-memory.dmp

Filesize
3.3MB

Download
memory/2648-79-0x000000013F2E0000-0x000000013F631000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4248-0x000000013F2E0000-0x000000013F631000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3956-0x000000013F960000-0x000000013FCB1000-memory.dmp

Filesize
3.3MB

Download
memory/2764-39-0x000000013F960000-0x000000013FCB1000-memory.dmp

Filesize
3.3MB

Download
memory/2796-38-0x000000013F8D0000-0x000000013FC21000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4246-0x000000013F8D0000-0x000000013FC21000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3955-0x000000013FC10000-0x000000013FF61000-memory.dmp

Filesize
3.3MB

Download
memory/2848-35-0x000000013FC10000-0x000000013FF61000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3953-0x000000013FDB0000-0x0000000140101000-memory.dmp

Filesize
3.3MB

Download
memory/2932-32-0x000000013FDB0000-0x0000000140101000-memory.dmp

Filesize
3.3MB

Download
memory/2944-40-0x000000013F890000-0x000000013FBE1000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4767-0x000000013F890000-0x000000013FBE1000-memory.dmp

Filesize
3.3MB

Download