cobaltstrike | 19b309396132807a9df27248909d3e71a10be8fb4ebaf58dee3fe394604829b5

Analysis

max time kernel
106s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
Size

5.8MB
MD5

8cc4f112290659b4a49c36a8db1af78f
SHA1

3100f234a5cce9ada11102128992bad61a005efb
SHA256

19b309396132807a9df27248909d3e71a10be8fb4ebaf58dee3fe394604829b5
SHA512

006ee4b0a1ca02bb25a276d580aeebc7d085ecb7449f635c31beea16d0f6dd738c92386da66434bb2279ba3a62c6359cb0fa104d3e0705bf17d07b2d669f02c8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lT:T+q56utgpPF8u/A

Score

10^/10

cobaltstrike xmrig backdoor miner trojan upx

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3556-0-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp	xmrig
behavioral2/files/0x00080000000241ef-5.dat	xmrig
behavioral2/memory/536-8-0x00007FF611CF0000-0x00007FF612044000-memory.dmp	xmrig
behavioral2/files/0x00080000000241f2-11.dat	xmrig
behavioral2/files/0x00070000000241f6-17.dat	xmrig
behavioral2/files/0x00070000000241f7-18.dat	xmrig
behavioral2/files/0x00070000000241f8-26.dat	xmrig
behavioral2/files/0x00070000000241fa-34.dat	xmrig
behavioral2/memory/5880-41-0x00007FF7282E0000-0x00007FF728634000-memory.dmp	xmrig
behavioral2/memory/5336-46-0x00007FF73AF80000-0x00007FF73B2D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241fc-50.dat	xmrig
behavioral2/memory/5240-54-0x00007FF76EE70000-0x00007FF76F1C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241fb-52.dat	xmrig
behavioral2/memory/2116-49-0x00007FF7BA4C0000-0x00007FF7BA814000-memory.dmp	xmrig
behavioral2/memory/1624-47-0x00007FF783C40000-0x00007FF783F94000-memory.dmp	xmrig
behavioral2/memory/2344-43-0x00007FF79B380000-0x00007FF79B6D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241f9-37.dat	xmrig
behavioral2/memory/2808-31-0x00007FF60FDA0000-0x00007FF6100F4000-memory.dmp	xmrig
behavioral2/memory/5600-24-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp	xmrig
behavioral2/files/0x00070000000241fd-59.dat	xmrig
behavioral2/files/0x00080000000241f3-64.dat	xmrig
behavioral2/memory/4484-68-0x00007FF6BCD60000-0x00007FF6BD0B4000-memory.dmp	xmrig
behavioral2/memory/4448-60-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000241fe-71.dat	xmrig
behavioral2/memory/556-77-0x00007FF7941F0000-0x00007FF794544000-memory.dmp	xmrig
behavioral2/files/0x0007000000024200-78.dat	xmrig
behavioral2/memory/4728-74-0x00007FF650EB0000-0x00007FF651204000-memory.dmp	xmrig
behavioral2/memory/4648-85-0x00007FF718890000-0x00007FF718BE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000024201-86.dat	xmrig
behavioral2/memory/3556-84-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp	xmrig
behavioral2/files/0x0007000000024203-90.dat	xmrig
behavioral2/files/0x0007000000024204-96.dat	xmrig
behavioral2/files/0x0007000000024206-111.dat	xmrig
behavioral2/memory/5600-107-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp	xmrig
behavioral2/files/0x0007000000024208-120.dat	xmrig
behavioral2/memory/6068-133-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp	xmrig
behavioral2/memory/5412-138-0x00007FF752EB0000-0x00007FF753204000-memory.dmp	xmrig
behavioral2/memory/3184-143-0x00007FF7DA5F0000-0x00007FF7DA944000-memory.dmp	xmrig
behavioral2/memory/4568-142-0x00007FF782F30000-0x00007FF783284000-memory.dmp	xmrig
behavioral2/memory/4752-137-0x00007FF7BE760000-0x00007FF7BEAB4000-memory.dmp	xmrig
behavioral2/files/0x000700000002420a-136.dat	xmrig
behavioral2/files/0x0007000000024209-135.dat	xmrig
behavioral2/memory/3852-134-0x00007FF798BA0000-0x00007FF798EF4000-memory.dmp	xmrig
behavioral2/memory/4064-130-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp	xmrig
behavioral2/memory/5544-129-0x00007FF66DF30000-0x00007FF66E284000-memory.dmp	xmrig
behavioral2/files/0x0007000000024207-124.dat	xmrig
behavioral2/memory/4676-123-0x00007FF7A9600000-0x00007FF7A9954000-memory.dmp	xmrig
behavioral2/files/0x000c000000024031-116.dat	xmrig
behavioral2/memory/5880-114-0x00007FF7282E0000-0x00007FF728634000-memory.dmp	xmrig
behavioral2/files/0x0007000000024205-104.dat	xmrig
behavioral2/files/0x000700000002420b-150.dat	xmrig
behavioral2/files/0x000d000000024023-161.dat	xmrig
behavioral2/memory/5548-164-0x00007FF7E18D0000-0x00007FF7E1C24000-memory.dmp	xmrig
behavioral2/files/0x000b000000024042-188.dat	xmrig
behavioral2/files/0x000c00000002403f-189.dat	xmrig
behavioral2/files/0x000700000002420d-197.dat	xmrig
behavioral2/memory/5660-196-0x00007FF618200000-0x00007FF618554000-memory.dmp	xmrig
behavioral2/files/0x000c000000024030-194.dat	xmrig
behavioral2/files/0x000700000002420c-193.dat	xmrig
behavioral2/memory/556-186-0x00007FF7941F0000-0x00007FF794544000-memory.dmp	xmrig
behavioral2/files/0x000b00000002402f-176.dat	xmrig
behavioral2/memory/1748-175-0x00007FF6AE230000-0x00007FF6AE584000-memory.dmp	xmrig
behavioral2/memory/3648-169-0x00007FF742220000-0x00007FF742574000-memory.dmp	xmrig
behavioral2/memory/4448-163-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
536	BYNwnyT.exe
5600	qrnlBvP.exe
2344	BSQFBiz.exe
2808	ImKReea.exe
5336	iLVdKdN.exe
5880	okjlwkv.exe
1624	dzhTzDY.exe
2116	ZnSfByg.exe
5240	GPPUoPd.exe
4448	hiSlhqX.exe
4484	aHTWXxl.exe
4728	qJuTBPx.exe
556	QFEylxq.exe
4648	uBGSdlP.exe
4676	IDhdIRJ.exe
4752	IQzCrYA.exe
5544	tBZMIej.exe
4064	VJMkdOc.exe
5412	xDfZpvP.exe
4568	vIINJJi.exe
6068	NKTWjtX.exe
3184	XihQWkE.exe
3852	FNTSoJG.exe
6000	JYkqvPC.exe
1552	UDgmPzc.exe
5548	iLyIsdP.exe
3648	NVmJEay.exe
1748	CqYSiKl.exe
5660	WzwEMFr.exe
2276	dhMuOUq.exe
3664	EKeCEgF.exe
952	XplHGyA.exe
5888	aXsmQnu.exe
620	UYICLXY.exe
5564	HbuqCBs.exe
2764	hjYGerv.exe
2420	DCiZAtC.exe
744	OTaluna.exe
668	vOGGMUs.exe
3160	pINyEVU.exe
3068	CCUKcNj.exe
5012	pbGBgtW.exe
964	ZaiCZxO.exe
2108	bfdYwJr.exe
3124	LfyFyDP.exe
2964	jJPEVhh.exe
5468	XszShxS.exe
6124	MIkQUxa.exe
5892	UWXDSzC.exe
1964	VyWwowr.exe
3056	uNCGUkO.exe
3988	HkCdjGY.exe
2308	TeFnyRS.exe
880	AafjtnI.exe
1804	eZEBoJz.exe
1284	ywPnPsQ.exe
3004	VwLyewp.exe
5656	qVSKlzB.exe
5828	HwwkBZX.exe
5592	njUONRT.exe
5972	qliSGFV.exe
2476	MxdFASd.exe
5636	hEUVXLP.exe
1416	ErOFnfr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3556-0-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp	upx
behavioral2/files/0x00080000000241ef-5.dat	upx
behavioral2/memory/536-8-0x00007FF611CF0000-0x00007FF612044000-memory.dmp	upx
behavioral2/files/0x00080000000241f2-11.dat	upx
behavioral2/files/0x00070000000241f6-17.dat	upx
behavioral2/files/0x00070000000241f7-18.dat	upx
behavioral2/files/0x00070000000241f8-26.dat	upx
behavioral2/files/0x00070000000241fa-34.dat	upx
behavioral2/memory/5880-41-0x00007FF7282E0000-0x00007FF728634000-memory.dmp	upx
behavioral2/memory/5336-46-0x00007FF73AF80000-0x00007FF73B2D4000-memory.dmp	upx
behavioral2/files/0x00070000000241fc-50.dat	upx
behavioral2/memory/5240-54-0x00007FF76EE70000-0x00007FF76F1C4000-memory.dmp	upx
behavioral2/files/0x00070000000241fb-52.dat	upx
behavioral2/memory/2116-49-0x00007FF7BA4C0000-0x00007FF7BA814000-memory.dmp	upx
behavioral2/memory/1624-47-0x00007FF783C40000-0x00007FF783F94000-memory.dmp	upx
behavioral2/memory/2344-43-0x00007FF79B380000-0x00007FF79B6D4000-memory.dmp	upx
behavioral2/files/0x00070000000241f9-37.dat	upx
behavioral2/memory/2808-31-0x00007FF60FDA0000-0x00007FF6100F4000-memory.dmp	upx
behavioral2/memory/5600-24-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp	upx
behavioral2/files/0x00070000000241fd-59.dat	upx
behavioral2/files/0x00080000000241f3-64.dat	upx
behavioral2/memory/4484-68-0x00007FF6BCD60000-0x00007FF6BD0B4000-memory.dmp	upx
behavioral2/memory/4448-60-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp	upx
behavioral2/files/0x00070000000241fe-71.dat	upx
behavioral2/memory/556-77-0x00007FF7941F0000-0x00007FF794544000-memory.dmp	upx
behavioral2/files/0x0007000000024200-78.dat	upx
behavioral2/memory/4728-74-0x00007FF650EB0000-0x00007FF651204000-memory.dmp	upx
behavioral2/memory/4648-85-0x00007FF718890000-0x00007FF718BE4000-memory.dmp	upx
behavioral2/files/0x0007000000024201-86.dat	upx
behavioral2/memory/3556-84-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp	upx
behavioral2/files/0x0007000000024203-90.dat	upx
behavioral2/files/0x0007000000024204-96.dat	upx
behavioral2/files/0x0007000000024206-111.dat	upx
behavioral2/memory/5600-107-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp	upx
behavioral2/files/0x0007000000024208-120.dat	upx
behavioral2/memory/6068-133-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp	upx
behavioral2/memory/5412-138-0x00007FF752EB0000-0x00007FF753204000-memory.dmp	upx
behavioral2/memory/3184-143-0x00007FF7DA5F0000-0x00007FF7DA944000-memory.dmp	upx
behavioral2/memory/4568-142-0x00007FF782F30000-0x00007FF783284000-memory.dmp	upx
behavioral2/memory/4752-137-0x00007FF7BE760000-0x00007FF7BEAB4000-memory.dmp	upx
behavioral2/files/0x000700000002420a-136.dat	upx
behavioral2/files/0x0007000000024209-135.dat	upx
behavioral2/memory/3852-134-0x00007FF798BA0000-0x00007FF798EF4000-memory.dmp	upx
behavioral2/memory/4064-130-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp	upx
behavioral2/memory/5544-129-0x00007FF66DF30000-0x00007FF66E284000-memory.dmp	upx
behavioral2/files/0x0007000000024207-124.dat	upx
behavioral2/memory/4676-123-0x00007FF7A9600000-0x00007FF7A9954000-memory.dmp	upx
behavioral2/files/0x000c000000024031-116.dat	upx
behavioral2/memory/5880-114-0x00007FF7282E0000-0x00007FF728634000-memory.dmp	upx
behavioral2/files/0x0007000000024205-104.dat	upx
behavioral2/files/0x000700000002420b-150.dat	upx
behavioral2/files/0x000d000000024023-161.dat	upx
behavioral2/memory/5548-164-0x00007FF7E18D0000-0x00007FF7E1C24000-memory.dmp	upx
behavioral2/files/0x000b000000024042-188.dat	upx
behavioral2/files/0x000c00000002403f-189.dat	upx
behavioral2/files/0x000700000002420d-197.dat	upx
behavioral2/memory/5660-196-0x00007FF618200000-0x00007FF618554000-memory.dmp	upx
behavioral2/files/0x000c000000024030-194.dat	upx
behavioral2/files/0x000700000002420c-193.dat	upx
behavioral2/memory/556-186-0x00007FF7941F0000-0x00007FF794544000-memory.dmp	upx
behavioral2/files/0x000b00000002402f-176.dat	upx
behavioral2/memory/1748-175-0x00007FF6AE230000-0x00007FF6AE584000-memory.dmp	upx
behavioral2/memory/3648-169-0x00007FF742220000-0x00007FF742574000-memory.dmp	upx
behavioral2/memory/4448-163-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XVzrVUN.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\SkVXvbw.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BWtskyS.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NkoosDn.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\IgiUMUF.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\vkcPwHR.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\BYNwnyT.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\dhMuOUq.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\aYaxFSa.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zEakhDi.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\UvAcvJj.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\gJkbtCb.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\sqiJMHH.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\tBZMIej.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\UDgmPzc.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rNyGrSX.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\WJnKdkA.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AxFcfDq.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\JYSBIQF.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ZLvjpQR.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\InAChbu.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\GSrZsvB.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\xmQodSj.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\cNdZJZq.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\pvqGLWi.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\DftzvoO.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zzyCSQU.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\iYEOhpT.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\IDhdIRJ.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\Nclntfj.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\fUCLpXe.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\fIfpehR.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\zEGcBEX.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\qTsSCAm.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\CHDZCoO.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\PXhMFku.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\okjlwkv.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FNTSoJG.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\nONAjLL.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\AcGeYDD.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\YtkxVkg.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\veepgua.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\dnkXQUY.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\qUDzFth.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\XSgRvup.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\mrdchHW.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FBEegEm.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\kWmRRaZ.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\CMriSSO.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\QgHYOqR.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\VDsKCwG.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\DJdYLsJ.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\FuHadTS.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\SgNtmoR.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\uwYPAyP.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\eFaYZqD.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\PFIPxxt.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\rBbmxYT.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\hEQvhXT.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\TRMOTOn.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\ZnSfByg.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\jJPEVhh.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\gNhfHjc.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
File created	C:\Windows\System\NkXfsVz.exe	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 536	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	86
PID 3556 wrote to memory of 536	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	86
PID 3556 wrote to memory of 5600	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	87
PID 3556 wrote to memory of 5600	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	87
PID 3556 wrote to memory of 2344	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	88
PID 3556 wrote to memory of 2344	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	88
PID 3556 wrote to memory of 2808	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	89
PID 3556 wrote to memory of 2808	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	89
PID 3556 wrote to memory of 5336	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	90
PID 3556 wrote to memory of 5336	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	90
PID 3556 wrote to memory of 5880	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	91
PID 3556 wrote to memory of 5880	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	91
PID 3556 wrote to memory of 1624	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	92
PID 3556 wrote to memory of 1624	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	92
PID 3556 wrote to memory of 2116	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	93
PID 3556 wrote to memory of 2116	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	93
PID 3556 wrote to memory of 5240	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	94
PID 3556 wrote to memory of 5240	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	94
PID 3556 wrote to memory of 4448	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	95
PID 3556 wrote to memory of 4448	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	95
PID 3556 wrote to memory of 4484	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	96
PID 3556 wrote to memory of 4484	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	96
PID 3556 wrote to memory of 4728	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	98
PID 3556 wrote to memory of 4728	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	98
PID 3556 wrote to memory of 556	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	100
PID 3556 wrote to memory of 556	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	100
PID 3556 wrote to memory of 4648	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	102
PID 3556 wrote to memory of 4648	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	102
PID 3556 wrote to memory of 4676	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	103
PID 3556 wrote to memory of 4676	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	103
PID 3556 wrote to memory of 4752	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	104
PID 3556 wrote to memory of 4752	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	104
PID 3556 wrote to memory of 5544	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	105
PID 3556 wrote to memory of 5544	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	105
PID 3556 wrote to memory of 4064	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	106
PID 3556 wrote to memory of 4064	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	106
PID 3556 wrote to memory of 5412	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	107
PID 3556 wrote to memory of 5412	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	107
PID 3556 wrote to memory of 4568	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	108
PID 3556 wrote to memory of 4568	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	108
PID 3556 wrote to memory of 6068	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	109
PID 3556 wrote to memory of 6068	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	109
PID 3556 wrote to memory of 3184	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	110
PID 3556 wrote to memory of 3184	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	110
PID 3556 wrote to memory of 3852	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	111
PID 3556 wrote to memory of 3852	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	111
PID 3556 wrote to memory of 6000	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	112
PID 3556 wrote to memory of 6000	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	112
PID 3556 wrote to memory of 1552	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	113
PID 3556 wrote to memory of 1552	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	113
PID 3556 wrote to memory of 5548	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	114
PID 3556 wrote to memory of 5548	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	114
PID 3556 wrote to memory of 3648	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	115
PID 3556 wrote to memory of 3648	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	115
PID 3556 wrote to memory of 1748	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	116
PID 3556 wrote to memory of 1748	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	116
PID 3556 wrote to memory of 5660	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	117
PID 3556 wrote to memory of 5660	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	117
PID 3556 wrote to memory of 2276	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	118
PID 3556 wrote to memory of 2276	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	118
PID 3556 wrote to memory of 3664	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	119
PID 3556 wrote to memory of 3664	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	119
PID 3556 wrote to memory of 952	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	120
PID 3556 wrote to memory of 952	3556	2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe	120

C:\Users\Admin\AppData\Local\Temp\2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-28_8cc4f112290659b4a49c36a8db1af78f_cobalt-strike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\System\BYNwnyT.exe
  C:\Windows\System\BYNwnyT.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\qrnlBvP.exe
  C:\Windows\System\qrnlBvP.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\BSQFBiz.exe
  C:\Windows\System\BSQFBiz.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ImKReea.exe
  C:\Windows\System\ImKReea.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\iLVdKdN.exe
  C:\Windows\System\iLVdKdN.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System\okjlwkv.exe
  C:\Windows\System\okjlwkv.exe
  2⤵
  - Executes dropped EXE
  PID:5880
- C:\Windows\System\dzhTzDY.exe
  C:\Windows\System\dzhTzDY.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\ZnSfByg.exe
  C:\Windows\System\ZnSfByg.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\GPPUoPd.exe
  C:\Windows\System\GPPUoPd.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System\hiSlhqX.exe
  C:\Windows\System\hiSlhqX.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\aHTWXxl.exe
  C:\Windows\System\aHTWXxl.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\qJuTBPx.exe
  C:\Windows\System\qJuTBPx.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\QFEylxq.exe
  C:\Windows\System\QFEylxq.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\uBGSdlP.exe
  C:\Windows\System\uBGSdlP.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\IDhdIRJ.exe
  C:\Windows\System\IDhdIRJ.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\IQzCrYA.exe
  C:\Windows\System\IQzCrYA.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\tBZMIej.exe
  C:\Windows\System\tBZMIej.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\VJMkdOc.exe
  C:\Windows\System\VJMkdOc.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\xDfZpvP.exe
  C:\Windows\System\xDfZpvP.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\vIINJJi.exe
  C:\Windows\System\vIINJJi.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\NKTWjtX.exe
  C:\Windows\System\NKTWjtX.exe
  2⤵
  - Executes dropped EXE
  PID:6068
- C:\Windows\System\XihQWkE.exe
  C:\Windows\System\XihQWkE.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\FNTSoJG.exe
  C:\Windows\System\FNTSoJG.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\JYkqvPC.exe
  C:\Windows\System\JYkqvPC.exe
  2⤵
  - Executes dropped EXE
  PID:6000
- C:\Windows\System\UDgmPzc.exe
  C:\Windows\System\UDgmPzc.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\iLyIsdP.exe
  C:\Windows\System\iLyIsdP.exe
  2⤵
  - Executes dropped EXE
  PID:5548
- C:\Windows\System\NVmJEay.exe
  C:\Windows\System\NVmJEay.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\CqYSiKl.exe
  C:\Windows\System\CqYSiKl.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\WzwEMFr.exe
  C:\Windows\System\WzwEMFr.exe
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Windows\System\dhMuOUq.exe
  C:\Windows\System\dhMuOUq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\EKeCEgF.exe
  C:\Windows\System\EKeCEgF.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\XplHGyA.exe
  C:\Windows\System\XplHGyA.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\aXsmQnu.exe
  C:\Windows\System\aXsmQnu.exe
  2⤵
  - Executes dropped EXE
  PID:5888
- C:\Windows\System\UYICLXY.exe
  C:\Windows\System\UYICLXY.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\HbuqCBs.exe
  C:\Windows\System\HbuqCBs.exe
  2⤵
  - Executes dropped EXE
  PID:5564
- C:\Windows\System\hjYGerv.exe
  C:\Windows\System\hjYGerv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\DCiZAtC.exe
  C:\Windows\System\DCiZAtC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\OTaluna.exe
  C:\Windows\System\OTaluna.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vOGGMUs.exe
  C:\Windows\System\vOGGMUs.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\pINyEVU.exe
  C:\Windows\System\pINyEVU.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\CCUKcNj.exe
  C:\Windows\System\CCUKcNj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\pbGBgtW.exe
  C:\Windows\System\pbGBgtW.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ZaiCZxO.exe
  C:\Windows\System\ZaiCZxO.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\bfdYwJr.exe
  C:\Windows\System\bfdYwJr.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\LfyFyDP.exe
  C:\Windows\System\LfyFyDP.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\jJPEVhh.exe
  C:\Windows\System\jJPEVhh.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\XszShxS.exe
  C:\Windows\System\XszShxS.exe
  2⤵
  - Executes dropped EXE
  PID:5468
- C:\Windows\System\MIkQUxa.exe
  C:\Windows\System\MIkQUxa.exe
  2⤵
  - Executes dropped EXE
  PID:6124
- C:\Windows\System\UWXDSzC.exe
  C:\Windows\System\UWXDSzC.exe
  2⤵
  - Executes dropped EXE
  PID:5892
- C:\Windows\System\VyWwowr.exe
  C:\Windows\System\VyWwowr.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\uNCGUkO.exe
  C:\Windows\System\uNCGUkO.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\HkCdjGY.exe
  C:\Windows\System\HkCdjGY.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\TeFnyRS.exe
  C:\Windows\System\TeFnyRS.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\AafjtnI.exe
  C:\Windows\System\AafjtnI.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\eZEBoJz.exe
  C:\Windows\System\eZEBoJz.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\ywPnPsQ.exe
  C:\Windows\System\ywPnPsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\VwLyewp.exe
  C:\Windows\System\VwLyewp.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\qVSKlzB.exe
  C:\Windows\System\qVSKlzB.exe
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Windows\System\HwwkBZX.exe
  C:\Windows\System\HwwkBZX.exe
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\System\njUONRT.exe
  C:\Windows\System\njUONRT.exe
  2⤵
  - Executes dropped EXE
  PID:5592
- C:\Windows\System\qliSGFV.exe
  C:\Windows\System\qliSGFV.exe
  2⤵
  - Executes dropped EXE
  PID:5972
- C:\Windows\System\MxdFASd.exe
  C:\Windows\System\MxdFASd.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hEUVXLP.exe
  C:\Windows\System\hEUVXLP.exe
  2⤵
  - Executes dropped EXE
  PID:5636
- C:\Windows\System\ErOFnfr.exe
  C:\Windows\System\ErOFnfr.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\FjWAQVK.exe
  C:\Windows\System\FjWAQVK.exe
  2⤵
  PID:4656
- C:\Windows\System\xtbRkcJ.exe
  C:\Windows\System\xtbRkcJ.exe
  2⤵
  PID:5368
- C:\Windows\System\mNWOZgB.exe
  C:\Windows\System\mNWOZgB.exe
  2⤵
  PID:3616
- C:\Windows\System\IRqluwV.exe
  C:\Windows\System\IRqluwV.exe
  2⤵
  PID:4000
- C:\Windows\System\ftNboRP.exe
  C:\Windows\System\ftNboRP.exe
  2⤵
  PID:3076
- C:\Windows\System\KDUGnDr.exe
  C:\Windows\System\KDUGnDr.exe
  2⤵
  PID:4936
- C:\Windows\System\hVShMxN.exe
  C:\Windows\System\hVShMxN.exe
  2⤵
  PID:4816
- C:\Windows\System\GIfBMUu.exe
  C:\Windows\System\GIfBMUu.exe
  2⤵
  PID:4436
- C:\Windows\System\ZiGqMwA.exe
  C:\Windows\System\ZiGqMwA.exe
  2⤵
  PID:3128
- C:\Windows\System\eKCvFiu.exe
  C:\Windows\System\eKCvFiu.exe
  2⤵
  PID:4704
- C:\Windows\System\JRvLMsj.exe
  C:\Windows\System\JRvLMsj.exe
  2⤵
  PID:4588
- C:\Windows\System\MdaWOYa.exe
  C:\Windows\System\MdaWOYa.exe
  2⤵
  PID:2776
- C:\Windows\System\yxqGXWQ.exe
  C:\Windows\System\yxqGXWQ.exe
  2⤵
  PID:5068
- C:\Windows\System\bCUZNsC.exe
  C:\Windows\System\bCUZNsC.exe
  2⤵
  PID:5020
- C:\Windows\System\ZHGzNfn.exe
  C:\Windows\System\ZHGzNfn.exe
  2⤵
  PID:4976
- C:\Windows\System\NyFGwtN.exe
  C:\Windows\System\NyFGwtN.exe
  2⤵
  PID:2024
- C:\Windows\System\PiaeCzu.exe
  C:\Windows\System\PiaeCzu.exe
  2⤵
  PID:8
- C:\Windows\System\aVQnfJM.exe
  C:\Windows\System\aVQnfJM.exe
  2⤵
  PID:2156
- C:\Windows\System\dpJPbhQ.exe
  C:\Windows\System\dpJPbhQ.exe
  2⤵
  PID:1496
- C:\Windows\System\veepgua.exe
  C:\Windows\System\veepgua.exe
  2⤵
  PID:1848
- C:\Windows\System\qsVCkni.exe
  C:\Windows\System\qsVCkni.exe
  2⤵
  PID:2676
- C:\Windows\System\kxzwREj.exe
  C:\Windows\System\kxzwREj.exe
  2⤵
  PID:2172
- C:\Windows\System\FuaYLGz.exe
  C:\Windows\System\FuaYLGz.exe
  2⤵
  PID:1936
- C:\Windows\System\XKYfxvO.exe
  C:\Windows\System\XKYfxvO.exe
  2⤵
  PID:2372
- C:\Windows\System\uwYPAyP.exe
  C:\Windows\System\uwYPAyP.exe
  2⤵
  PID:2784
- C:\Windows\System\CGqyEhM.exe
  C:\Windows\System\CGqyEhM.exe
  2⤵
  PID:1352
- C:\Windows\System\CpiOZhu.exe
  C:\Windows\System\CpiOZhu.exe
  2⤵
  PID:5380
- C:\Windows\System\vgmBmOf.exe
  C:\Windows\System\vgmBmOf.exe
  2⤵
  PID:4528
- C:\Windows\System\FdRUNEa.exe
  C:\Windows\System\FdRUNEa.exe
  2⤵
  PID:6140
- C:\Windows\System\MAQUAFh.exe
  C:\Windows\System\MAQUAFh.exe
  2⤵
  PID:3992
- C:\Windows\System\DvIuynG.exe
  C:\Windows\System\DvIuynG.exe
  2⤵
  PID:1592
- C:\Windows\System\osJgZEN.exe
  C:\Windows\System\osJgZEN.exe
  2⤵
  PID:5404
- C:\Windows\System\swwkscd.exe
  C:\Windows\System\swwkscd.exe
  2⤵
  PID:2832
- C:\Windows\System\DDpejyb.exe
  C:\Windows\System\DDpejyb.exe
  2⤵
  PID:1008
- C:\Windows\System\oDQoPBH.exe
  C:\Windows\System\oDQoPBH.exe
  2⤵
  PID:2720
- C:\Windows\System\kWmRRaZ.exe
  C:\Windows\System\kWmRRaZ.exe
  2⤵
  PID:3980
- C:\Windows\System\inctEes.exe
  C:\Windows\System\inctEes.exe
  2⤵
  PID:6008
- C:\Windows\System\nOilEPL.exe
  C:\Windows\System\nOilEPL.exe
  2⤵
  PID:2316
- C:\Windows\System\vLJRLGn.exe
  C:\Windows\System\vLJRLGn.exe
  2⤵
  PID:2620
- C:\Windows\System\uOKAXdP.exe
  C:\Windows\System\uOKAXdP.exe
  2⤵
  PID:3912
- C:\Windows\System\VYIkQVs.exe
  C:\Windows\System\VYIkQVs.exe
  2⤵
  PID:2012
- C:\Windows\System\suwVueE.exe
  C:\Windows\System\suwVueE.exe
  2⤵
  PID:2388
- C:\Windows\System\lfRpwIP.exe
  C:\Windows\System\lfRpwIP.exe
  2⤵
  PID:5376
- C:\Windows\System\WViMDZH.exe
  C:\Windows\System\WViMDZH.exe
  2⤵
  PID:3960
- C:\Windows\System\VcgqxaF.exe
  C:\Windows\System\VcgqxaF.exe
  2⤵
  PID:4368
- C:\Windows\System\sQekenm.exe
  C:\Windows\System\sQekenm.exe
  2⤵
  PID:6092
- C:\Windows\System\LcPXDYN.exe
  C:\Windows\System\LcPXDYN.exe
  2⤵
  PID:4396
- C:\Windows\System\DhoasPF.exe
  C:\Windows\System\DhoasPF.exe
  2⤵
  PID:4468
- C:\Windows\System\tPfYsRV.exe
  C:\Windows\System\tPfYsRV.exe
  2⤵
  PID:4620
- C:\Windows\System\BbKPvRs.exe
  C:\Windows\System\BbKPvRs.exe
  2⤵
  PID:4688
- C:\Windows\System\WANwyxp.exe
  C:\Windows\System\WANwyxp.exe
  2⤵
  PID:5272
- C:\Windows\System\GuHsaxr.exe
  C:\Windows\System\GuHsaxr.exe
  2⤵
  PID:4120
- C:\Windows\System\WvNdxzA.exe
  C:\Windows\System\WvNdxzA.exe
  2⤵
  PID:5160
- C:\Windows\System\HyIGQkP.exe
  C:\Windows\System\HyIGQkP.exe
  2⤵
  PID:3548
- C:\Windows\System\OggYYhW.exe
  C:\Windows\System\OggYYhW.exe
  2⤵
  PID:4628
- C:\Windows\System\gsnIljg.exe
  C:\Windows\System\gsnIljg.exe
  2⤵
  PID:4560
- C:\Windows\System\LTgsFXG.exe
  C:\Windows\System\LTgsFXG.exe
  2⤵
  PID:676
- C:\Windows\System\InAChbu.exe
  C:\Windows\System\InAChbu.exe
  2⤵
  PID:6028
- C:\Windows\System\OnrfFAb.exe
  C:\Windows\System\OnrfFAb.exe
  2⤵
  PID:1852
- C:\Windows\System\VDsKCwG.exe
  C:\Windows\System\VDsKCwG.exe
  2⤵
  PID:3804
- C:\Windows\System\xnLZwyd.exe
  C:\Windows\System\xnLZwyd.exe
  2⤵
  PID:2328
- C:\Windows\System\lmKIuTO.exe
  C:\Windows\System\lmKIuTO.exe
  2⤵
  PID:1336
- C:\Windows\System\mqJFVgc.exe
  C:\Windows\System\mqJFVgc.exe
  2⤵
  PID:1408
- C:\Windows\System\OMIkVhG.exe
  C:\Windows\System\OMIkVhG.exe
  2⤵
  PID:5112
- C:\Windows\System\BIhFdze.exe
  C:\Windows\System\BIhFdze.exe
  2⤵
  PID:1508
- C:\Windows\System\UCcVwVW.exe
  C:\Windows\System\UCcVwVW.exe
  2⤵
  PID:4476
- C:\Windows\System\OuMTzvF.exe
  C:\Windows\System\OuMTzvF.exe
  2⤵
  PID:5408
- C:\Windows\System\YAPetwA.exe
  C:\Windows\System\YAPetwA.exe
  2⤵
  PID:3504
- C:\Windows\System\kpVZHnE.exe
  C:\Windows\System\kpVZHnE.exe
  2⤵
  PID:4956
- C:\Windows\System\WRAyQEo.exe
  C:\Windows\System\WRAyQEo.exe
  2⤵
  PID:5208
- C:\Windows\System\aYaxFSa.exe
  C:\Windows\System\aYaxFSa.exe
  2⤵
  PID:1620
- C:\Windows\System\DPxibyf.exe
  C:\Windows\System\DPxibyf.exe
  2⤵
  PID:3396
- C:\Windows\System\MSLNSXD.exe
  C:\Windows\System\MSLNSXD.exe
  2⤵
  PID:2796
- C:\Windows\System\LVBFvvf.exe
  C:\Windows\System\LVBFvvf.exe
  2⤵
  PID:4512
- C:\Windows\System\sFYUyhL.exe
  C:\Windows\System\sFYUyhL.exe
  2⤵
  PID:4576
- C:\Windows\System\gNhfHjc.exe
  C:\Windows\System\gNhfHjc.exe
  2⤵
  PID:1212
- C:\Windows\System\orMneYH.exe
  C:\Windows\System\orMneYH.exe
  2⤵
  PID:1868
- C:\Windows\System\QfJVEVZ.exe
  C:\Windows\System\QfJVEVZ.exe
  2⤵
  PID:6104
- C:\Windows\System\zXCLSIO.exe
  C:\Windows\System\zXCLSIO.exe
  2⤵
  PID:5492
- C:\Windows\System\SWHcPbz.exe
  C:\Windows\System\SWHcPbz.exe
  2⤵
  PID:4104
- C:\Windows\System\qbiafWd.exe
  C:\Windows\System\qbiafWd.exe
  2⤵
  PID:2384
- C:\Windows\System\isAWTQy.exe
  C:\Windows\System\isAWTQy.exe
  2⤵
  PID:6152
- C:\Windows\System\lNMdtoI.exe
  C:\Windows\System\lNMdtoI.exe
  2⤵
  PID:6176
- C:\Windows\System\sxWTWyd.exe
  C:\Windows\System\sxWTWyd.exe
  2⤵
  PID:6228
- C:\Windows\System\HxXeFZf.exe
  C:\Windows\System\HxXeFZf.exe
  2⤵
  PID:6260
- C:\Windows\System\GhjGkOj.exe
  C:\Windows\System\GhjGkOj.exe
  2⤵
  PID:6292
- C:\Windows\System\FfDTumB.exe
  C:\Windows\System\FfDTumB.exe
  2⤵
  PID:6344
- C:\Windows\System\dnkXQUY.exe
  C:\Windows\System\dnkXQUY.exe
  2⤵
  PID:6396
- C:\Windows\System\FWTGMQa.exe
  C:\Windows\System\FWTGMQa.exe
  2⤵
  PID:6420
- C:\Windows\System\YnOEyVf.exe
  C:\Windows\System\YnOEyVf.exe
  2⤵
  PID:6448
- C:\Windows\System\OofekUZ.exe
  C:\Windows\System\OofekUZ.exe
  2⤵
  PID:6476
- C:\Windows\System\hySNoMk.exe
  C:\Windows\System\hySNoMk.exe
  2⤵
  PID:6508
- C:\Windows\System\PQiHfwX.exe
  C:\Windows\System\PQiHfwX.exe
  2⤵
  PID:6532
- C:\Windows\System\tnWIcVY.exe
  C:\Windows\System\tnWIcVY.exe
  2⤵
  PID:6560
- C:\Windows\System\jEMxPOs.exe
  C:\Windows\System\jEMxPOs.exe
  2⤵
  PID:6592
- C:\Windows\System\EBphqXg.exe
  C:\Windows\System\EBphqXg.exe
  2⤵
  PID:6616
- C:\Windows\System\DkCAQvh.exe
  C:\Windows\System\DkCAQvh.exe
  2⤵
  PID:6648
- C:\Windows\System\NCRBApF.exe
  C:\Windows\System\NCRBApF.exe
  2⤵
  PID:6676
- C:\Windows\System\MdGlRGo.exe
  C:\Windows\System\MdGlRGo.exe
  2⤵
  PID:6704
- C:\Windows\System\zuHhkzQ.exe
  C:\Windows\System\zuHhkzQ.exe
  2⤵
  PID:6732
- C:\Windows\System\tevRKss.exe
  C:\Windows\System\tevRKss.exe
  2⤵
  PID:6760
- C:\Windows\System\RFpbtJn.exe
  C:\Windows\System\RFpbtJn.exe
  2⤵
  PID:6796
- C:\Windows\System\VwpmFuD.exe
  C:\Windows\System\VwpmFuD.exe
  2⤵
  PID:6824
- C:\Windows\System\ObPxoWN.exe
  C:\Windows\System\ObPxoWN.exe
  2⤵
  PID:6848
- C:\Windows\System\GSrZsvB.exe
  C:\Windows\System\GSrZsvB.exe
  2⤵
  PID:6888
- C:\Windows\System\jYeNLTw.exe
  C:\Windows\System\jYeNLTw.exe
  2⤵
  PID:6916
- C:\Windows\System\daMsdhq.exe
  C:\Windows\System\daMsdhq.exe
  2⤵
  PID:6936
- C:\Windows\System\GwueFAS.exe
  C:\Windows\System\GwueFAS.exe
  2⤵
  PID:6968
- C:\Windows\System\mXeSYaa.exe
  C:\Windows\System\mXeSYaa.exe
  2⤵
  PID:6996
- C:\Windows\System\Svgtugb.exe
  C:\Windows\System\Svgtugb.exe
  2⤵
  PID:7032
- C:\Windows\System\rNyGrSX.exe
  C:\Windows\System\rNyGrSX.exe
  2⤵
  PID:7064
- C:\Windows\System\FJsiJFe.exe
  C:\Windows\System\FJsiJFe.exe
  2⤵
  PID:7132
- C:\Windows\System\mtangGc.exe
  C:\Windows\System\mtangGc.exe
  2⤵
  PID:6192
- C:\Windows\System\EnhhfCO.exe
  C:\Windows\System\EnhhfCO.exe
  2⤵
  PID:6316
- C:\Windows\System\NmIyNGV.exe
  C:\Windows\System\NmIyNGV.exe
  2⤵
  PID:6504
- C:\Windows\System\hVmRnCH.exe
  C:\Windows\System\hVmRnCH.exe
  2⤵
  PID:6576
- C:\Windows\System\MftyRKw.exe
  C:\Windows\System\MftyRKw.exe
  2⤵
  PID:6656
- C:\Windows\System\QWHimcb.exe
  C:\Windows\System\QWHimcb.exe
  2⤵
  PID:6688
- C:\Windows\System\nDOMYsK.exe
  C:\Windows\System\nDOMYsK.exe
  2⤵
  PID:6784
- C:\Windows\System\xmQodSj.exe
  C:\Windows\System\xmQodSj.exe
  2⤵
  PID:6896
- C:\Windows\System\nsYgfcz.exe
  C:\Windows\System\nsYgfcz.exe
  2⤵
  PID:6944
- C:\Windows\System\ILWSFLc.exe
  C:\Windows\System\ILWSFLc.exe
  2⤵
  PID:7012
- C:\Windows\System\bFmperx.exe
  C:\Windows\System\bFmperx.exe
  2⤵
  PID:7128
- C:\Windows\System\AXZTyRx.exe
  C:\Windows\System\AXZTyRx.exe
  2⤵
  PID:6280
- C:\Windows\System\ncMFfQD.exe
  C:\Windows\System\ncMFfQD.exe
  2⤵
  PID:5280
- C:\Windows\System\KvZwczL.exe
  C:\Windows\System\KvZwczL.exe
  2⤵
  PID:1796
- C:\Windows\System\lDcGeAm.exe
  C:\Windows\System\lDcGeAm.exe
  2⤵
  PID:6860
- C:\Windows\System\cFLTpwI.exe
  C:\Windows\System\cFLTpwI.exe
  2⤵
  PID:7052
- C:\Windows\System\rtupgPG.exe
  C:\Windows\System\rtupgPG.exe
  2⤵
  PID:6460
- C:\Windows\System\SKtERfk.exe
  C:\Windows\System\SKtERfk.exe
  2⤵
  PID:6768
- C:\Windows\System\eFaYZqD.exe
  C:\Windows\System\eFaYZqD.exe
  2⤵
  PID:4972
- C:\Windows\System\yQyFnnW.exe
  C:\Windows\System\yQyFnnW.exe
  2⤵
  PID:6628
- C:\Windows\System\YURSDBv.exe
  C:\Windows\System\YURSDBv.exe
  2⤵
  PID:7196
- C:\Windows\System\aNdjdTB.exe
  C:\Windows\System\aNdjdTB.exe
  2⤵
  PID:7220
- C:\Windows\System\wczTUyg.exe
  C:\Windows\System\wczTUyg.exe
  2⤵
  PID:7240
- C:\Windows\System\TNOzkZN.exe
  C:\Windows\System\TNOzkZN.exe
  2⤵
  PID:7280
- C:\Windows\System\pSuqEtG.exe
  C:\Windows\System\pSuqEtG.exe
  2⤵
  PID:7308
- C:\Windows\System\viVvSpy.exe
  C:\Windows\System\viVvSpy.exe
  2⤵
  PID:7336
- C:\Windows\System\RjUAphF.exe
  C:\Windows\System\RjUAphF.exe
  2⤵
  PID:7368
- C:\Windows\System\MayuLNp.exe
  C:\Windows\System\MayuLNp.exe
  2⤵
  PID:7396
- C:\Windows\System\AsevOqZ.exe
  C:\Windows\System\AsevOqZ.exe
  2⤵
  PID:7428
- C:\Windows\System\DBXbRlU.exe
  C:\Windows\System\DBXbRlU.exe
  2⤵
  PID:7452
- C:\Windows\System\qIvEZfd.exe
  C:\Windows\System\qIvEZfd.exe
  2⤵
  PID:7480
- C:\Windows\System\dpFXaJf.exe
  C:\Windows\System\dpFXaJf.exe
  2⤵
  PID:7508
- C:\Windows\System\iSXPTgn.exe
  C:\Windows\System\iSXPTgn.exe
  2⤵
  PID:7536
- C:\Windows\System\YtDwnIi.exe
  C:\Windows\System\YtDwnIi.exe
  2⤵
  PID:7556
- C:\Windows\System\XVzrVUN.exe
  C:\Windows\System\XVzrVUN.exe
  2⤵
  PID:7596
- C:\Windows\System\eogbjll.exe
  C:\Windows\System\eogbjll.exe
  2⤵
  PID:7624
- C:\Windows\System\uwaNjEG.exe
  C:\Windows\System\uwaNjEG.exe
  2⤵
  PID:7652
- C:\Windows\System\pVtFtgr.exe
  C:\Windows\System\pVtFtgr.exe
  2⤵
  PID:7684
- C:\Windows\System\zRqYTAW.exe
  C:\Windows\System\zRqYTAW.exe
  2⤵
  PID:7708
- C:\Windows\System\xzRbUpU.exe
  C:\Windows\System\xzRbUpU.exe
  2⤵
  PID:7732
- C:\Windows\System\ZZLOEgl.exe
  C:\Windows\System\ZZLOEgl.exe
  2⤵
  PID:7764
- C:\Windows\System\KzuNBWF.exe
  C:\Windows\System\KzuNBWF.exe
  2⤵
  PID:7792
- C:\Windows\System\BRszbkS.exe
  C:\Windows\System\BRszbkS.exe
  2⤵
  PID:7820
- C:\Windows\System\hZFnCJi.exe
  C:\Windows\System\hZFnCJi.exe
  2⤵
  PID:7856
- C:\Windows\System\kHTWzsO.exe
  C:\Windows\System\kHTWzsO.exe
  2⤵
  PID:7880
- C:\Windows\System\zHeZsEv.exe
  C:\Windows\System\zHeZsEv.exe
  2⤵
  PID:7908
- C:\Windows\System\dvntIfK.exe
  C:\Windows\System\dvntIfK.exe
  2⤵
  PID:7936
- C:\Windows\System\jplmMeJ.exe
  C:\Windows\System\jplmMeJ.exe
  2⤵
  PID:7964
- C:\Windows\System\IiCKTcd.exe
  C:\Windows\System\IiCKTcd.exe
  2⤵
  PID:7992
- C:\Windows\System\vHilNdI.exe
  C:\Windows\System\vHilNdI.exe
  2⤵
  PID:8020
- C:\Windows\System\IisdgEn.exe
  C:\Windows\System\IisdgEn.exe
  2⤵
  PID:8052
- C:\Windows\System\TWxLiQH.exe
  C:\Windows\System\TWxLiQH.exe
  2⤵
  PID:8076
- C:\Windows\System\mRhQliB.exe
  C:\Windows\System\mRhQliB.exe
  2⤵
  PID:8104
- C:\Windows\System\VwhPVaE.exe
  C:\Windows\System\VwhPVaE.exe
  2⤵
  PID:8132
- C:\Windows\System\UesUShq.exe
  C:\Windows\System\UesUShq.exe
  2⤵
  PID:8164
- C:\Windows\System\RehlJXs.exe
  C:\Windows\System\RehlJXs.exe
  2⤵
  PID:8180
- C:\Windows\System\fwzigMi.exe
  C:\Windows\System\fwzigMi.exe
  2⤵
  PID:7192
- C:\Windows\System\NFQcMBm.exe
  C:\Windows\System\NFQcMBm.exe
  2⤵
  PID:7260
- C:\Windows\System\YYKOTir.exe
  C:\Windows\System\YYKOTir.exe
  2⤵
  PID:2212
- C:\Windows\System\qXAxbJa.exe
  C:\Windows\System\qXAxbJa.exe
  2⤵
  PID:7352
- C:\Windows\System\ytgWVbN.exe
  C:\Windows\System\ytgWVbN.exe
  2⤵
  PID:7436
- C:\Windows\System\lLzXFwY.exe
  C:\Windows\System\lLzXFwY.exe
  2⤵
  PID:7488
- C:\Windows\System\JaLiyyW.exe
  C:\Windows\System\JaLiyyW.exe
  2⤵
  PID:7584
- C:\Windows\System\CTZXPvK.exe
  C:\Windows\System\CTZXPvK.exe
  2⤵
  PID:6832
- C:\Windows\System\NkXfsVz.exe
  C:\Windows\System\NkXfsVz.exe
  2⤵
  PID:7776
- C:\Windows\System\KNxPkdb.exe
  C:\Windows\System\KNxPkdb.exe
  2⤵
  PID:4044
- C:\Windows\System\jGbwVQY.exe
  C:\Windows\System\jGbwVQY.exe
  2⤵
  PID:5844
- C:\Windows\System\WFzvwyH.exe
  C:\Windows\System\WFzvwyH.exe
  2⤵
  PID:7924
- C:\Windows\System\tiuXmly.exe
  C:\Windows\System\tiuXmly.exe
  2⤵
  PID:7984
- C:\Windows\System\JzkAPuj.exe
  C:\Windows\System\JzkAPuj.exe
  2⤵
  PID:8048
- C:\Windows\System\xvPKHCt.exe
  C:\Windows\System\xvPKHCt.exe
  2⤵
  PID:8116
- C:\Windows\System\ZLMnVps.exe
  C:\Windows\System\ZLMnVps.exe
  2⤵
  PID:8176
- C:\Windows\System\TRFVIQA.exe
  C:\Windows\System\TRFVIQA.exe
  2⤵
  PID:1608
- C:\Windows\System\rygNKcF.exe
  C:\Windows\System\rygNKcF.exe
  2⤵
  PID:7348
- C:\Windows\System\MyMDkAc.exe
  C:\Windows\System\MyMDkAc.exe
  2⤵
  PID:7472
- C:\Windows\System\UVdGGxJ.exe
  C:\Windows\System\UVdGGxJ.exe
  2⤵
  PID:7516
- C:\Windows\System\sARvDDn.exe
  C:\Windows\System\sARvDDn.exe
  2⤵
  PID:4464
- C:\Windows\System\ISSuSRc.exe
  C:\Windows\System\ISSuSRc.exe
  2⤵
  PID:6080
- C:\Windows\System\hCxFOWM.exe
  C:\Windows\System\hCxFOWM.exe
  2⤵
  PID:644
- C:\Windows\System\VcZVZwt.exe
  C:\Windows\System\VcZVZwt.exe
  2⤵
  PID:7640
- C:\Windows\System\SzOVyGm.exe
  C:\Windows\System\SzOVyGm.exe
  2⤵
  PID:7804
- C:\Windows\System\fANrYdd.exe
  C:\Windows\System\fANrYdd.exe
  2⤵
  PID:7916
- C:\Windows\System\pfsEpXo.exe
  C:\Windows\System\pfsEpXo.exe
  2⤵
  PID:8084
- C:\Windows\System\BZkGYpN.exe
  C:\Windows\System\BZkGYpN.exe
  2⤵
  PID:7188
- C:\Windows\System\jFCrcnT.exe
  C:\Windows\System\jFCrcnT.exe
  2⤵
  PID:980
- C:\Windows\System\cNdZJZq.exe
  C:\Windows\System\cNdZJZq.exe
  2⤵
  PID:4456
- C:\Windows\System\IczWDwy.exe
  C:\Windows\System\IczWDwy.exe
  2⤵
  PID:4516
- C:\Windows\System\KSAwiFm.exe
  C:\Windows\System\KSAwiFm.exe
  2⤵
  PID:7892
- C:\Windows\System\LAExspJ.exe
  C:\Windows\System\LAExspJ.exe
  2⤵
  PID:8152
- C:\Windows\System\fiekhrP.exe
  C:\Windows\System\fiekhrP.exe
  2⤵
  PID:4408
- C:\Windows\System\NgtUerF.exe
  C:\Windows\System\NgtUerF.exe
  2⤵
  PID:8012
- C:\Windows\System\xrlaqGb.exe
  C:\Windows\System\xrlaqGb.exe
  2⤵
  PID:7748
- C:\Windows\System\wPYPDhl.exe
  C:\Windows\System\wPYPDhl.exe
  2⤵
  PID:8200
- C:\Windows\System\arYyGAL.exe
  C:\Windows\System\arYyGAL.exe
  2⤵
  PID:8220
- C:\Windows\System\PSjsMZs.exe
  C:\Windows\System\PSjsMZs.exe
  2⤵
  PID:8252
- C:\Windows\System\AjIZrAy.exe
  C:\Windows\System\AjIZrAy.exe
  2⤵
  PID:8280
- C:\Windows\System\TxvSfdS.exe
  C:\Windows\System\TxvSfdS.exe
  2⤵
  PID:8304
- C:\Windows\System\WJnKdkA.exe
  C:\Windows\System\WJnKdkA.exe
  2⤵
  PID:8332
- C:\Windows\System\FiWUCsN.exe
  C:\Windows\System\FiWUCsN.exe
  2⤵
  PID:8360
- C:\Windows\System\FccgXKB.exe
  C:\Windows\System\FccgXKB.exe
  2⤵
  PID:8388
- C:\Windows\System\tiAYzwM.exe
  C:\Windows\System\tiAYzwM.exe
  2⤵
  PID:8416
- C:\Windows\System\dCVaOHn.exe
  C:\Windows\System\dCVaOHn.exe
  2⤵
  PID:8456
- C:\Windows\System\BznXEVM.exe
  C:\Windows\System\BznXEVM.exe
  2⤵
  PID:8472
- C:\Windows\System\JxaWxfi.exe
  C:\Windows\System\JxaWxfi.exe
  2⤵
  PID:8508
- C:\Windows\System\KoCEWPV.exe
  C:\Windows\System\KoCEWPV.exe
  2⤵
  PID:8528
- C:\Windows\System\HpyaJDk.exe
  C:\Windows\System\HpyaJDk.exe
  2⤵
  PID:8556
- C:\Windows\System\DJsfoZt.exe
  C:\Windows\System\DJsfoZt.exe
  2⤵
  PID:8584
- C:\Windows\System\xphXOgH.exe
  C:\Windows\System\xphXOgH.exe
  2⤵
  PID:8612
- C:\Windows\System\VUgBzBv.exe
  C:\Windows\System\VUgBzBv.exe
  2⤵
  PID:8644
- C:\Windows\System\WXsUmZT.exe
  C:\Windows\System\WXsUmZT.exe
  2⤵
  PID:8676
- C:\Windows\System\vtjCDGs.exe
  C:\Windows\System\vtjCDGs.exe
  2⤵
  PID:8700
- C:\Windows\System\NHOObeA.exe
  C:\Windows\System\NHOObeA.exe
  2⤵
  PID:8724
- C:\Windows\System\pcwKFoJ.exe
  C:\Windows\System\pcwKFoJ.exe
  2⤵
  PID:8760
- C:\Windows\System\gqLrgKO.exe
  C:\Windows\System\gqLrgKO.exe
  2⤵
  PID:8788
- C:\Windows\System\CNShsKF.exe
  C:\Windows\System\CNShsKF.exe
  2⤵
  PID:8808
- C:\Windows\System\pvqGLWi.exe
  C:\Windows\System\pvqGLWi.exe
  2⤵
  PID:8836
- C:\Windows\System\PFIPxxt.exe
  C:\Windows\System\PFIPxxt.exe
  2⤵
  PID:8864
- C:\Windows\System\thUdQNS.exe
  C:\Windows\System\thUdQNS.exe
  2⤵
  PID:8892
- C:\Windows\System\AxFcfDq.exe
  C:\Windows\System\AxFcfDq.exe
  2⤵
  PID:8920
- C:\Windows\System\kUHGIJu.exe
  C:\Windows\System\kUHGIJu.exe
  2⤵
  PID:8948
- C:\Windows\System\lYJCCAf.exe
  C:\Windows\System\lYJCCAf.exe
  2⤵
  PID:8980
- C:\Windows\System\NAiLabm.exe
  C:\Windows\System\NAiLabm.exe
  2⤵
  PID:9004
- C:\Windows\System\qkFYewb.exe
  C:\Windows\System\qkFYewb.exe
  2⤵
  PID:9032
- C:\Windows\System\gvFKfFh.exe
  C:\Windows\System\gvFKfFh.exe
  2⤵
  PID:9064
- C:\Windows\System\xCjWrUx.exe
  C:\Windows\System\xCjWrUx.exe
  2⤵
  PID:9092
- C:\Windows\System\OMJsYel.exe
  C:\Windows\System\OMJsYel.exe
  2⤵
  PID:9116
- C:\Windows\System\IwRsUKB.exe
  C:\Windows\System\IwRsUKB.exe
  2⤵
  PID:9144
- C:\Windows\System\SkVXvbw.exe
  C:\Windows\System\SkVXvbw.exe
  2⤵
  PID:9180
- C:\Windows\System\pvWVHXC.exe
  C:\Windows\System\pvWVHXC.exe
  2⤵
  PID:9204
- C:\Windows\System\wjNBWzz.exe
  C:\Windows\System\wjNBWzz.exe
  2⤵
  PID:8216
- C:\Windows\System\IlWdOnt.exe
  C:\Windows\System\IlWdOnt.exe
  2⤵
  PID:8288
- C:\Windows\System\YNGbjID.exe
  C:\Windows\System\YNGbjID.exe
  2⤵
  PID:8352
- C:\Windows\System\qniYgtj.exe
  C:\Windows\System\qniYgtj.exe
  2⤵
  PID:8400
- C:\Windows\System\oEMsnXb.exe
  C:\Windows\System\oEMsnXb.exe
  2⤵
  PID:8464
- C:\Windows\System\UkludKZ.exe
  C:\Windows\System\UkludKZ.exe
  2⤵
  PID:8524
- C:\Windows\System\wHBvfBI.exe
  C:\Windows\System\wHBvfBI.exe
  2⤵
  PID:8604
- C:\Windows\System\BWtskyS.exe
  C:\Windows\System\BWtskyS.exe
  2⤵
  PID:8660
- C:\Windows\System\WkuAlqn.exe
  C:\Windows\System\WkuAlqn.exe
  2⤵
  PID:8708
- C:\Windows\System\gBrVDYS.exe
  C:\Windows\System\gBrVDYS.exe
  2⤵
  PID:8768
- C:\Windows\System\tKCOwIB.exe
  C:\Windows\System\tKCOwIB.exe
  2⤵
  PID:8820
- C:\Windows\System\YqjaYCK.exe
  C:\Windows\System\YqjaYCK.exe
  2⤵
  PID:8884
- C:\Windows\System\sgZCyKi.exe
  C:\Windows\System\sgZCyKi.exe
  2⤵
  PID:8940
- C:\Windows\System\ORMJVXq.exe
  C:\Windows\System\ORMJVXq.exe
  2⤵
  PID:9024
- C:\Windows\System\pWwnDJP.exe
  C:\Windows\System\pWwnDJP.exe
  2⤵
  PID:9084
- C:\Windows\System\WdXfEzm.exe
  C:\Windows\System\WdXfEzm.exe
  2⤵
  PID:9140
- C:\Windows\System\QBOarEX.exe
  C:\Windows\System\QBOarEX.exe
  2⤵
  PID:9196
- C:\Windows\System\zEakhDi.exe
  C:\Windows\System\zEakhDi.exe
  2⤵
  PID:8328
- C:\Windows\System\JSYcFxQ.exe
  C:\Windows\System\JSYcFxQ.exe
  2⤵
  PID:8452
- C:\Windows\System\VpqQDqS.exe
  C:\Windows\System\VpqQDqS.exe
  2⤵
  PID:8800
- C:\Windows\System\nlbtsmL.exe
  C:\Windows\System\nlbtsmL.exe
  2⤵
  PID:9112
- C:\Windows\System\clRndhT.exe
  C:\Windows\System\clRndhT.exe
  2⤵
  PID:8632
- C:\Windows\System\ANuAtJc.exe
  C:\Windows\System\ANuAtJc.exe
  2⤵
  PID:9224
- C:\Windows\System\utDhkYR.exe
  C:\Windows\System\utDhkYR.exe
  2⤵
  PID:9240
- C:\Windows\System\VgaxCOm.exe
  C:\Windows\System\VgaxCOm.exe
  2⤵
  PID:9292
- C:\Windows\System\xAKILFo.exe
  C:\Windows\System\xAKILFo.exe
  2⤵
  PID:9328
- C:\Windows\System\EVewMRJ.exe
  C:\Windows\System\EVewMRJ.exe
  2⤵
  PID:9356
- C:\Windows\System\rBbmxYT.exe
  C:\Windows\System\rBbmxYT.exe
  2⤵
  PID:9384
- C:\Windows\System\nqHAida.exe
  C:\Windows\System\nqHAida.exe
  2⤵
  PID:9424
- C:\Windows\System\AsZIOVn.exe
  C:\Windows\System\AsZIOVn.exe
  2⤵
  PID:9444
- C:\Windows\System\qLWbNcX.exe
  C:\Windows\System\qLWbNcX.exe
  2⤵
  PID:9472
- C:\Windows\System\CoFnZky.exe
  C:\Windows\System\CoFnZky.exe
  2⤵
  PID:9500
- C:\Windows\System\nXfIoFc.exe
  C:\Windows\System\nXfIoFc.exe
  2⤵
  PID:9532
- C:\Windows\System\ZzlZDpD.exe
  C:\Windows\System\ZzlZDpD.exe
  2⤵
  PID:9556
- C:\Windows\System\VUyjSyZ.exe
  C:\Windows\System\VUyjSyZ.exe
  2⤵
  PID:9584
- C:\Windows\System\fizDQoP.exe
  C:\Windows\System\fizDQoP.exe
  2⤵
  PID:9612
- C:\Windows\System\mUUFtKz.exe
  C:\Windows\System\mUUFtKz.exe
  2⤵
  PID:9640
- C:\Windows\System\tuXrTRG.exe
  C:\Windows\System\tuXrTRG.exe
  2⤵
  PID:9668
- C:\Windows\System\AOqpMZu.exe
  C:\Windows\System\AOqpMZu.exe
  2⤵
  PID:9704
- C:\Windows\System\UkPEEto.exe
  C:\Windows\System\UkPEEto.exe
  2⤵
  PID:9732
- C:\Windows\System\PKyHmNC.exe
  C:\Windows\System\PKyHmNC.exe
  2⤵
  PID:9756
- C:\Windows\System\lHlaJqG.exe
  C:\Windows\System\lHlaJqG.exe
  2⤵
  PID:9780
- C:\Windows\System\LNYwOGx.exe
  C:\Windows\System\LNYwOGx.exe
  2⤵
  PID:9808
- C:\Windows\System\Nclntfj.exe
  C:\Windows\System\Nclntfj.exe
  2⤵
  PID:9836
- C:\Windows\System\aosBoxm.exe
  C:\Windows\System\aosBoxm.exe
  2⤵
  PID:9864
- C:\Windows\System\bBtuKAa.exe
  C:\Windows\System\bBtuKAa.exe
  2⤵
  PID:9900
- C:\Windows\System\jYOWknB.exe
  C:\Windows\System\jYOWknB.exe
  2⤵
  PID:9920
- C:\Windows\System\sHNPfvp.exe
  C:\Windows\System\sHNPfvp.exe
  2⤵
  PID:9964
- C:\Windows\System\DcgWEzJ.exe
  C:\Windows\System\DcgWEzJ.exe
  2⤵
  PID:9992
- C:\Windows\System\PjMtdFc.exe
  C:\Windows\System\PjMtdFc.exe
  2⤵
  PID:10016
- C:\Windows\System\DJdYLsJ.exe
  C:\Windows\System\DJdYLsJ.exe
  2⤵
  PID:10040
- C:\Windows\System\ywSRGob.exe
  C:\Windows\System\ywSRGob.exe
  2⤵
  PID:10068
- C:\Windows\System\nONAjLL.exe
  C:\Windows\System\nONAjLL.exe
  2⤵
  PID:10100
- C:\Windows\System\BIAGKnu.exe
  C:\Windows\System\BIAGKnu.exe
  2⤵
  PID:10124
- C:\Windows\System\OVlqbIi.exe
  C:\Windows\System\OVlqbIi.exe
  2⤵
  PID:10152
- C:\Windows\System\hEubPWJ.exe
  C:\Windows\System\hEubPWJ.exe
  2⤵
  PID:10180
- C:\Windows\System\ZmwGSSY.exe
  C:\Windows\System\ZmwGSSY.exe
  2⤵
  PID:10208
- C:\Windows\System\boklyWI.exe
  C:\Windows\System\boklyWI.exe
  2⤵
  PID:10236
- C:\Windows\System\PjfdbQR.exe
  C:\Windows\System\PjfdbQR.exe
  2⤵
  PID:9284
- C:\Windows\System\AVRhyKM.exe
  C:\Windows\System\AVRhyKM.exe
  2⤵
  PID:9376
- C:\Windows\System\zdNmaqb.exe
  C:\Windows\System\zdNmaqb.exe
  2⤵
  PID:9432
- C:\Windows\System\MeSsuvY.exe
  C:\Windows\System\MeSsuvY.exe
  2⤵
  PID:9520
- C:\Windows\System\esmmnDj.exe
  C:\Windows\System\esmmnDj.exe
  2⤵
  PID:9552
- C:\Windows\System\OHfpJfp.exe
  C:\Windows\System\OHfpJfp.exe
  2⤵
  PID:9624
- C:\Windows\System\oORjmLo.exe
  C:\Windows\System\oORjmLo.exe
  2⤵
  PID:9688
- C:\Windows\System\ETFlpSs.exe
  C:\Windows\System\ETFlpSs.exe
  2⤵
  PID:9748
- C:\Windows\System\fZHRuFL.exe
  C:\Windows\System\fZHRuFL.exe
  2⤵
  PID:9820
- C:\Windows\System\przMful.exe
  C:\Windows\System\przMful.exe
  2⤵
  PID:9884
- C:\Windows\System\MaZtSrc.exe
  C:\Windows\System\MaZtSrc.exe
  2⤵
  PID:9960
- C:\Windows\System\hJljWNN.exe
  C:\Windows\System\hJljWNN.exe
  2⤵
  PID:10008
- C:\Windows\System\bdGFueh.exe
  C:\Windows\System\bdGFueh.exe
  2⤵
  PID:10080
- C:\Windows\System\wwrczjX.exe
  C:\Windows\System\wwrczjX.exe
  2⤵
  PID:10144
- C:\Windows\System\cUAfZAE.exe
  C:\Windows\System\cUAfZAE.exe
  2⤵
  PID:10204
- C:\Windows\System\XrmOzGO.exe
  C:\Windows\System\XrmOzGO.exe
  2⤵
  PID:9320
- C:\Windows\System\HtuoZNR.exe
  C:\Windows\System\HtuoZNR.exe
  2⤵
  PID:9468
- C:\Windows\System\nTMceGe.exe
  C:\Windows\System\nTMceGe.exe
  2⤵
  PID:9608
- C:\Windows\System\pQOTNVr.exe
  C:\Windows\System\pQOTNVr.exe
  2⤵
  PID:9776
- C:\Windows\System\RRirvqg.exe
  C:\Windows\System\RRirvqg.exe
  2⤵
  PID:9972
- C:\Windows\System\MimhquL.exe
  C:\Windows\System\MimhquL.exe
  2⤵
  PID:10064
- C:\Windows\System\fUCLpXe.exe
  C:\Windows\System\fUCLpXe.exe
  2⤵
  PID:9396
- C:\Windows\System\HYvcgfk.exe
  C:\Windows\System\HYvcgfk.exe
  2⤵
  PID:9604
- C:\Windows\System\UvAcvJj.exe
  C:\Windows\System\UvAcvJj.exe
  2⤵
  PID:10004
- C:\Windows\System\bchsMwb.exe
  C:\Windows\System\bchsMwb.exe
  2⤵
  PID:9544
- C:\Windows\System\rITMOWH.exe
  C:\Windows\System\rITMOWH.exe
  2⤵
  PID:9268
- C:\Windows\System\XyrXCZU.exe
  C:\Windows\System\XyrXCZU.exe
  2⤵
  PID:10252
- C:\Windows\System\OaxVeNt.exe
  C:\Windows\System\OaxVeNt.exe
  2⤵
  PID:10272
- C:\Windows\System\hDcYWiN.exe
  C:\Windows\System\hDcYWiN.exe
  2⤵
  PID:10300
- C:\Windows\System\eEpHDyM.exe
  C:\Windows\System\eEpHDyM.exe
  2⤵
  PID:10328
- C:\Windows\System\vxStkJD.exe
  C:\Windows\System\vxStkJD.exe
  2⤵
  PID:10356
- C:\Windows\System\EvHfKDg.exe
  C:\Windows\System\EvHfKDg.exe
  2⤵
  PID:10384
- C:\Windows\System\PsSHZnr.exe
  C:\Windows\System\PsSHZnr.exe
  2⤵
  PID:10420
- C:\Windows\System\ROZlJNz.exe
  C:\Windows\System\ROZlJNz.exe
  2⤵
  PID:10440
- C:\Windows\System\ZloOiBK.exe
  C:\Windows\System\ZloOiBK.exe
  2⤵
  PID:10468
- C:\Windows\System\DftzvoO.exe
  C:\Windows\System\DftzvoO.exe
  2⤵
  PID:10496
- C:\Windows\System\naxtskG.exe
  C:\Windows\System\naxtskG.exe
  2⤵
  PID:10536
- C:\Windows\System\tQtxziN.exe
  C:\Windows\System\tQtxziN.exe
  2⤵
  PID:10556
- C:\Windows\System\TofNobW.exe
  C:\Windows\System\TofNobW.exe
  2⤵
  PID:10584
- C:\Windows\System\tapGSWT.exe
  C:\Windows\System\tapGSWT.exe
  2⤵
  PID:10612
- C:\Windows\System\DdWbYkV.exe
  C:\Windows\System\DdWbYkV.exe
  2⤵
  PID:10644
- C:\Windows\System\cWGJuxt.exe
  C:\Windows\System\cWGJuxt.exe
  2⤵
  PID:10672
- C:\Windows\System\YmMJAbg.exe
  C:\Windows\System\YmMJAbg.exe
  2⤵
  PID:10708
- C:\Windows\System\eyoBOLQ.exe
  C:\Windows\System\eyoBOLQ.exe
  2⤵
  PID:10728
- C:\Windows\System\ipXsjkU.exe
  C:\Windows\System\ipXsjkU.exe
  2⤵
  PID:10756
- C:\Windows\System\wcyhpRs.exe
  C:\Windows\System\wcyhpRs.exe
  2⤵
  PID:10784
- C:\Windows\System\vmjcNLm.exe
  C:\Windows\System\vmjcNLm.exe
  2⤵
  PID:10812
- C:\Windows\System\JYSBIQF.exe
  C:\Windows\System\JYSBIQF.exe
  2⤵
  PID:10840
- C:\Windows\System\iOFvhyP.exe
  C:\Windows\System\iOFvhyP.exe
  2⤵
  PID:10872
- C:\Windows\System\rWjRohA.exe
  C:\Windows\System\rWjRohA.exe
  2⤵
  PID:10896
- C:\Windows\System\zGnLNki.exe
  C:\Windows\System\zGnLNki.exe
  2⤵
  PID:10924
- C:\Windows\System\cVymsRE.exe
  C:\Windows\System\cVymsRE.exe
  2⤵
  PID:10952
- C:\Windows\System\HTfhZot.exe
  C:\Windows\System\HTfhZot.exe
  2⤵
  PID:10980
- C:\Windows\System\kysBDAp.exe
  C:\Windows\System\kysBDAp.exe
  2⤵
  PID:11012
- C:\Windows\System\ippUudT.exe
  C:\Windows\System\ippUudT.exe
  2⤵
  PID:11036
- C:\Windows\System\McywvNK.exe
  C:\Windows\System\McywvNK.exe
  2⤵
  PID:11064
- C:\Windows\System\zzyCSQU.exe
  C:\Windows\System\zzyCSQU.exe
  2⤵
  PID:11104
- C:\Windows\System\peJcwsj.exe
  C:\Windows\System\peJcwsj.exe
  2⤵
  PID:11120
- C:\Windows\System\JTQIAwQ.exe
  C:\Windows\System\JTQIAwQ.exe
  2⤵
  PID:11160
- C:\Windows\System\jAFtNWm.exe
  C:\Windows\System\jAFtNWm.exe
  2⤵
  PID:11176
- C:\Windows\System\SQzZobo.exe
  C:\Windows\System\SQzZobo.exe
  2⤵
  PID:11212
- C:\Windows\System\ZwgykLm.exe
  C:\Windows\System\ZwgykLm.exe
  2⤵
  PID:11232
- C:\Windows\System\MKXsuSw.exe
  C:\Windows\System\MKXsuSw.exe
  2⤵
  PID:11260
- C:\Windows\System\DNvertA.exe
  C:\Windows\System\DNvertA.exe
  2⤵
  PID:10296
- C:\Windows\System\fIfpehR.exe
  C:\Windows\System\fIfpehR.exe
  2⤵
  PID:10368
- C:\Windows\System\prwcWcO.exe
  C:\Windows\System\prwcWcO.exe
  2⤵
  PID:10436
- C:\Windows\System\qDXRmOY.exe
  C:\Windows\System\qDXRmOY.exe
  2⤵
  PID:10508
- C:\Windows\System\xxZhHAc.exe
  C:\Windows\System\xxZhHAc.exe
  2⤵
  PID:10576
- C:\Windows\System\suTCxLt.exe
  C:\Windows\System\suTCxLt.exe
  2⤵
  PID:10636
- C:\Windows\System\wQSmOud.exe
  C:\Windows\System\wQSmOud.exe
  2⤵
  PID:10696
- C:\Windows\System\EVVsOTL.exe
  C:\Windows\System\EVVsOTL.exe
  2⤵
  PID:10768
- C:\Windows\System\MHluMuF.exe
  C:\Windows\System\MHluMuF.exe
  2⤵
  PID:10832
- C:\Windows\System\bvjcMtj.exe
  C:\Windows\System\bvjcMtj.exe
  2⤵
  PID:10892
- C:\Windows\System\kSoQLja.exe
  C:\Windows\System\kSoQLja.exe
  2⤵
  PID:10964
- C:\Windows\System\RVoggWk.exe
  C:\Windows\System\RVoggWk.exe
  2⤵
  PID:11028
- C:\Windows\System\GnsxvuF.exe
  C:\Windows\System\GnsxvuF.exe
  2⤵
  PID:11100
- C:\Windows\System\wOjwybA.exe
  C:\Windows\System\wOjwybA.exe
  2⤵
  PID:11116
- C:\Windows\System\sTXKZHB.exe
  C:\Windows\System\sTXKZHB.exe
  2⤵
  PID:6372
- C:\Windows\System\gXvxmPD.exe
  C:\Windows\System\gXvxmPD.exe
  2⤵
  PID:11156
- C:\Windows\System\BDaTlQN.exe
  C:\Windows\System\BDaTlQN.exe
  2⤵
  PID:11200
- C:\Windows\System\DQEMyVB.exe
  C:\Windows\System\DQEMyVB.exe
  2⤵
  PID:10264
- C:\Windows\System\FXKKFvh.exe
  C:\Windows\System\FXKKFvh.exe
  2⤵
  PID:10408
- C:\Windows\System\rsamAfV.exe
  C:\Windows\System\rsamAfV.exe
  2⤵
  PID:10608
- C:\Windows\System\YppLRoK.exe
  C:\Windows\System\YppLRoK.exe
  2⤵
  PID:10724
- C:\Windows\System\adNmqTW.exe
  C:\Windows\System\adNmqTW.exe
  2⤵
  PID:10880
- C:\Windows\System\VQghFiX.exe
  C:\Windows\System\VQghFiX.exe
  2⤵
  PID:11020
- C:\Windows\System\BeJKiYT.exe
  C:\Windows\System\BeJKiYT.exe
  2⤵
  PID:6320
- C:\Windows\System\IZLLqCB.exe
  C:\Windows\System\IZLLqCB.exe
  2⤵
  PID:11188
- C:\Windows\System\FSVubBD.exe
  C:\Windows\System\FSVubBD.exe
  2⤵
  PID:10396
- C:\Windows\System\PZsErbf.exe
  C:\Windows\System\PZsErbf.exe
  2⤵
  PID:10824
- C:\Windows\System\pMxrLou.exe
  C:\Windows\System\pMxrLou.exe
  2⤵
  PID:11112
- C:\Windows\System\RAHJiTT.exe
  C:\Windows\System\RAHJiTT.exe
  2⤵
  PID:10352
- C:\Windows\System\dLufzkw.exe
  C:\Windows\System\dLufzkw.exe
  2⤵
  PID:6304
- C:\Windows\System\DrwCFOA.exe
  C:\Windows\System\DrwCFOA.exe
  2⤵
  PID:11084
- C:\Windows\System\zdvaPRL.exe
  C:\Windows\System\zdvaPRL.exe
  2⤵
  PID:11292
- C:\Windows\System\lUgCRTz.exe
  C:\Windows\System\lUgCRTz.exe
  2⤵
  PID:11320
- C:\Windows\System\QnLctDp.exe
  C:\Windows\System\QnLctDp.exe
  2⤵
  PID:11348
- C:\Windows\System\WRkkdxp.exe
  C:\Windows\System\WRkkdxp.exe
  2⤵
  PID:11376
- C:\Windows\System\cJnvMcu.exe
  C:\Windows\System\cJnvMcu.exe
  2⤵
  PID:11404
- C:\Windows\System\yOnjweh.exe
  C:\Windows\System\yOnjweh.exe
  2⤵
  PID:11432
- C:\Windows\System\iYEOhpT.exe
  C:\Windows\System\iYEOhpT.exe
  2⤵
  PID:11460
- C:\Windows\System\yxIRPqs.exe
  C:\Windows\System\yxIRPqs.exe
  2⤵
  PID:11488
- C:\Windows\System\fUveJaP.exe
  C:\Windows\System\fUveJaP.exe
  2⤵
  PID:11516
- C:\Windows\System\kkMarMm.exe
  C:\Windows\System\kkMarMm.exe
  2⤵
  PID:11544
- C:\Windows\System\mrxdOVh.exe
  C:\Windows\System\mrxdOVh.exe
  2⤵
  PID:11584
- C:\Windows\System\FwdfJrY.exe
  C:\Windows\System\FwdfJrY.exe
  2⤵
  PID:11604
- C:\Windows\System\shzbeHE.exe
  C:\Windows\System\shzbeHE.exe
  2⤵
  PID:11632
- C:\Windows\System\MSEMoAy.exe
  C:\Windows\System\MSEMoAy.exe
  2⤵
  PID:11660
- C:\Windows\System\HvceMAh.exe
  C:\Windows\System\HvceMAh.exe
  2⤵
  PID:11688
- C:\Windows\System\ohLEAAb.exe
  C:\Windows\System\ohLEAAb.exe
  2⤵
  PID:11716
- C:\Windows\System\tEPQovA.exe
  C:\Windows\System\tEPQovA.exe
  2⤵
  PID:11748
- C:\Windows\System\dAwEwWG.exe
  C:\Windows\System\dAwEwWG.exe
  2⤵
  PID:11772
- C:\Windows\System\ekkXrxh.exe
  C:\Windows\System\ekkXrxh.exe
  2⤵
  PID:11800
- C:\Windows\System\dnJLLgE.exe
  C:\Windows\System\dnJLLgE.exe
  2⤵
  PID:11828
- C:\Windows\System\qUDzFth.exe
  C:\Windows\System\qUDzFth.exe
  2⤵
  PID:11856
- C:\Windows\System\itVVZwe.exe
  C:\Windows\System\itVVZwe.exe
  2⤵
  PID:11892
- C:\Windows\System\rKwsXuO.exe
  C:\Windows\System\rKwsXuO.exe
  2⤵
  PID:11916
- C:\Windows\System\AWwiXIS.exe
  C:\Windows\System\AWwiXIS.exe
  2⤵
  PID:11948
- C:\Windows\System\AcGeYDD.exe
  C:\Windows\System\AcGeYDD.exe
  2⤵
  PID:11968
- C:\Windows\System\szpfLZN.exe
  C:\Windows\System\szpfLZN.exe
  2⤵
  PID:11996
- C:\Windows\System\oyVPQLf.exe
  C:\Windows\System\oyVPQLf.exe
  2⤵
  PID:12024
- C:\Windows\System\DbMtXdS.exe
  C:\Windows\System\DbMtXdS.exe
  2⤵
  PID:12052
- C:\Windows\System\RddWBIF.exe
  C:\Windows\System\RddWBIF.exe
  2⤵
  PID:12080
- C:\Windows\System\DAoeuUq.exe
  C:\Windows\System\DAoeuUq.exe
  2⤵
  PID:12108
- C:\Windows\System\mSdZOXM.exe
  C:\Windows\System\mSdZOXM.exe
  2⤵
  PID:12136
- C:\Windows\System\rSdeDLQ.exe
  C:\Windows\System\rSdeDLQ.exe
  2⤵
  PID:12164
- C:\Windows\System\DZxycSH.exe
  C:\Windows\System\DZxycSH.exe
  2⤵
  PID:12192
- C:\Windows\System\GOrDNgN.exe
  C:\Windows\System\GOrDNgN.exe
  2⤵
  PID:12228
- C:\Windows\System\ZaynYxJ.exe
  C:\Windows\System\ZaynYxJ.exe
  2⤵
  PID:12248
- C:\Windows\System\KUuKXXR.exe
  C:\Windows\System\KUuKXXR.exe
  2⤵
  PID:12276
- C:\Windows\System\xRnDiQC.exe
  C:\Windows\System\xRnDiQC.exe
  2⤵
  PID:11304
- C:\Windows\System\jNbkjDL.exe
  C:\Windows\System\jNbkjDL.exe
  2⤵
  PID:11368
- C:\Windows\System\mHwJMod.exe
  C:\Windows\System\mHwJMod.exe
  2⤵
  PID:11428
- C:\Windows\System\jZHgPww.exe
  C:\Windows\System\jZHgPww.exe
  2⤵
  PID:11500
- C:\Windows\System\rKuworx.exe
  C:\Windows\System\rKuworx.exe
  2⤵
  PID:11564
- C:\Windows\System\ueUehyY.exe
  C:\Windows\System\ueUehyY.exe
  2⤵
  PID:11644
- C:\Windows\System\YtkxVkg.exe
  C:\Windows\System\YtkxVkg.exe
  2⤵
  PID:11700
- C:\Windows\System\WHpEVdV.exe
  C:\Windows\System\WHpEVdV.exe
  2⤵
  PID:11784
- C:\Windows\System\zcaRWbo.exe
  C:\Windows\System\zcaRWbo.exe
  2⤵
  PID:11820
- C:\Windows\System\RmBient.exe
  C:\Windows\System\RmBient.exe
  2⤵
  PID:11880
- C:\Windows\System\pFcCPtK.exe
  C:\Windows\System\pFcCPtK.exe
  2⤵
  PID:11956
- C:\Windows\System\dXKKyNL.exe
  C:\Windows\System\dXKKyNL.exe
  2⤵
  PID:12008
- C:\Windows\System\wdxnUSQ.exe
  C:\Windows\System\wdxnUSQ.exe
  2⤵
  PID:12072
- C:\Windows\System\uyxAznh.exe
  C:\Windows\System\uyxAznh.exe
  2⤵
  PID:6236
- C:\Windows\System\HgMZGbx.exe
  C:\Windows\System\HgMZGbx.exe
  2⤵
  PID:12176
- C:\Windows\System\TBDnasG.exe
  C:\Windows\System\TBDnasG.exe
  2⤵
  PID:12240
- C:\Windows\System\GYHrpHv.exe
  C:\Windows\System\GYHrpHv.exe
  2⤵
  PID:11344
- C:\Windows\System\BqjYhFQ.exe
  C:\Windows\System\BqjYhFQ.exe
  2⤵
  PID:11456
- C:\Windows\System\zGkvLaS.exe
  C:\Windows\System\zGkvLaS.exe
  2⤵
  PID:11616
- C:\Windows\System\NkoosDn.exe
  C:\Windows\System\NkoosDn.exe
  2⤵
  PID:11756
- C:\Windows\System\znqoZok.exe
  C:\Windows\System\znqoZok.exe
  2⤵
  PID:11908
- C:\Windows\System\jKVaqlG.exe
  C:\Windows\System\jKVaqlG.exe
  2⤵
  PID:12104
- C:\Windows\System\IBUdlVS.exe
  C:\Windows\System\IBUdlVS.exe
  2⤵
  PID:12160
- C:\Windows\System\jNhghwU.exe
  C:\Windows\System\jNhghwU.exe
  2⤵
  PID:11416
- C:\Windows\System\TbdIXgf.exe
  C:\Windows\System\TbdIXgf.exe
  2⤵
  PID:11728
- C:\Windows\System\ZLvjpQR.exe
  C:\Windows\System\ZLvjpQR.exe
  2⤵
  PID:12092
- C:\Windows\System\JXMuZyF.exe
  C:\Windows\System\JXMuZyF.exe
  2⤵
  PID:11528
- C:\Windows\System\VGyUiNH.exe
  C:\Windows\System\VGyUiNH.exe
  2⤵
  PID:11004
- C:\Windows\System\HjDBwqA.exe
  C:\Windows\System\HjDBwqA.exe
  2⤵
  PID:6252
- C:\Windows\System\KUKZmnQ.exe
  C:\Windows\System\KUKZmnQ.exe
  2⤵
  PID:12316
- C:\Windows\System\qLHnxur.exe
  C:\Windows\System\qLHnxur.exe
  2⤵
  PID:12348
- C:\Windows\System\uTPunXt.exe
  C:\Windows\System\uTPunXt.exe
  2⤵
  PID:12408
- C:\Windows\System\VyINdlN.exe
  C:\Windows\System\VyINdlN.exe
  2⤵
  PID:12436
- C:\Windows\System\XSgRvup.exe
  C:\Windows\System\XSgRvup.exe
  2⤵
  PID:12468
- C:\Windows\System\CMriSSO.exe
  C:\Windows\System\CMriSSO.exe
  2⤵
  PID:12504
- C:\Windows\System\vuQzDds.exe
  C:\Windows\System\vuQzDds.exe
  2⤵
  PID:12544
- C:\Windows\System\FiQyHlB.exe
  C:\Windows\System\FiQyHlB.exe
  2⤵
  PID:12572
- C:\Windows\System\ykoJEzW.exe
  C:\Windows\System\ykoJEzW.exe
  2⤵
  PID:12600
- C:\Windows\System\pJmxKta.exe
  C:\Windows\System\pJmxKta.exe
  2⤵
  PID:12628
- C:\Windows\System\EAkMxRK.exe
  C:\Windows\System\EAkMxRK.exe
  2⤵
  PID:12656
- C:\Windows\System\FNjPbhV.exe
  C:\Windows\System\FNjPbhV.exe
  2⤵
  PID:12696
- C:\Windows\System\sjumpHw.exe
  C:\Windows\System\sjumpHw.exe
  2⤵
  PID:12716
- C:\Windows\System\zEGcBEX.exe
  C:\Windows\System\zEGcBEX.exe
  2⤵
  PID:12744
- C:\Windows\System\SLnNTaz.exe
  C:\Windows\System\SLnNTaz.exe
  2⤵
  PID:12772
- C:\Windows\System\bhcbpCc.exe
  C:\Windows\System\bhcbpCc.exe
  2⤵
  PID:12800
- C:\Windows\System\rqFTGph.exe
  C:\Windows\System\rqFTGph.exe
  2⤵
  PID:12828
- C:\Windows\System\vqhRJjD.exe
  C:\Windows\System\vqhRJjD.exe
  2⤵
  PID:12856
- C:\Windows\System\KGSAwkC.exe
  C:\Windows\System\KGSAwkC.exe
  2⤵
  PID:12884
- C:\Windows\System\ZPOcwVx.exe
  C:\Windows\System\ZPOcwVx.exe
  2⤵
  PID:12912
- C:\Windows\System\ZKtNJml.exe
  C:\Windows\System\ZKtNJml.exe
  2⤵
  PID:12940
- C:\Windows\System\SzFrTle.exe
  C:\Windows\System\SzFrTle.exe
  2⤵
  PID:12968
- C:\Windows\System\uqLYZLi.exe
  C:\Windows\System\uqLYZLi.exe
  2⤵
  PID:12996
- C:\Windows\System\xGYnrip.exe
  C:\Windows\System\xGYnrip.exe
  2⤵
  PID:13024
- C:\Windows\System\TRMOTOn.exe
  C:\Windows\System\TRMOTOn.exe
  2⤵
  PID:13052
- C:\Windows\System\SRKVZMn.exe
  C:\Windows\System\SRKVZMn.exe
  2⤵
  PID:13080
- C:\Windows\System\QmXTbqS.exe
  C:\Windows\System\QmXTbqS.exe
  2⤵
  PID:13108
- C:\Windows\System\GUkKBWP.exe
  C:\Windows\System\GUkKBWP.exe
  2⤵
  PID:13136
- C:\Windows\System\XZJtXAW.exe
  C:\Windows\System\XZJtXAW.exe
  2⤵
  PID:13168
- C:\Windows\System\NqDLBHS.exe
  C:\Windows\System\NqDLBHS.exe
  2⤵
  PID:13192
- C:\Windows\System\akgQOlO.exe
  C:\Windows\System\akgQOlO.exe
  2⤵
  PID:13224
- C:\Windows\System\IjknDLz.exe
  C:\Windows\System\IjknDLz.exe
  2⤵
  PID:13248
- C:\Windows\System\hdOLZNh.exe
  C:\Windows\System\hdOLZNh.exe
  2⤵
  PID:13276
- C:\Windows\System\LAnzBHS.exe
  C:\Windows\System\LAnzBHS.exe
  2⤵
  PID:13304
- C:\Windows\System\mrdchHW.exe
  C:\Windows\System\mrdchHW.exe
  2⤵
  PID:12340
- C:\Windows\System\yoBFtwQ.exe
  C:\Windows\System\yoBFtwQ.exe
  2⤵
  PID:6112
- C:\Windows\System\nKOlpZC.exe
  C:\Windows\System\nKOlpZC.exe
  2⤵
  PID:12432
- C:\Windows\System\uWBHcSA.exe
  C:\Windows\System\uWBHcSA.exe
  2⤵
  PID:12516
- C:\Windows\System\PSmFmQE.exe
  C:\Windows\System\PSmFmQE.exe
  2⤵
  PID:12592
- C:\Windows\System\dqmcqhJ.exe
  C:\Windows\System\dqmcqhJ.exe
  2⤵
  PID:12652
- C:\Windows\System\ogYpvLW.exe
  C:\Windows\System\ogYpvLW.exe
  2⤵
  PID:5580
- C:\Windows\System\GLczZNg.exe
  C:\Windows\System\GLczZNg.exe
  2⤵
  PID:12756
- C:\Windows\System\bPiHcwh.exe
  C:\Windows\System\bPiHcwh.exe
  2⤵
  PID:12820
- C:\Windows\System\ugeTCKd.exe
  C:\Windows\System\ugeTCKd.exe
  2⤵
  PID:12896
- C:\Windows\System\BZUIxZN.exe
  C:\Windows\System\BZUIxZN.exe
  2⤵
  PID:12952
- C:\Windows\System\pgBoWQe.exe
  C:\Windows\System\pgBoWQe.exe
  2⤵
  PID:13016
- C:\Windows\System\rzKjXqc.exe
  C:\Windows\System\rzKjXqc.exe
  2⤵
  PID:13076
- C:\Windows\System\TNAgXuP.exe
  C:\Windows\System\TNAgXuP.exe
  2⤵
  PID:13156
- C:\Windows\System\qoUUPqX.exe
  C:\Windows\System\qoUUPqX.exe
  2⤵
  PID:1340
- C:\Windows\System\xIvowkd.exe
  C:\Windows\System\xIvowkd.exe
  2⤵
  PID:13272
- C:\Windows\System\PStIXiV.exe
  C:\Windows\System\PStIXiV.exe
  2⤵
  PID:64
- C:\Windows\System\OanRurw.exe
  C:\Windows\System\OanRurw.exe
  2⤵
  PID:12460
- C:\Windows\System\WjjPBcP.exe
  C:\Windows\System\WjjPBcP.exe
  2⤵
  PID:12620
- C:\Windows\System\kOLXxZh.exe
  C:\Windows\System\kOLXxZh.exe
  2⤵
  PID:4272
- C:\Windows\System\JRmRuXM.exe
  C:\Windows\System\JRmRuXM.exe
  2⤵
  PID:12848
- C:\Windows\System\AunZdCT.exe
  C:\Windows\System\AunZdCT.exe
  2⤵
  PID:12992
- C:\Windows\System\KxMcDIF.exe
  C:\Windows\System\KxMcDIF.exe
  2⤵
  PID:13148
- C:\Windows\System\RpkiyAG.exe
  C:\Windows\System\RpkiyAG.exe
  2⤵
  PID:13296
- C:\Windows\System\lrWLIRL.exe
  C:\Windows\System\lrWLIRL.exe
  2⤵
  PID:12568
- C:\Windows\System\GuDmyvJ.exe
  C:\Windows\System\GuDmyvJ.exe
  2⤵
  PID:12796
- C:\Windows\System\iSSbYTo.exe
  C:\Windows\System\iSSbYTo.exe
  2⤵
  PID:12936
- C:\Windows\System\gEKphUV.exe
  C:\Windows\System\gEKphUV.exe
  2⤵
  PID:13260
- C:\Windows\System\FyuaXjz.exe
  C:\Windows\System\FyuaXjz.exe
  2⤵
  PID:12736
- C:\Windows\System\CwEBBTA.exe
  C:\Windows\System\CwEBBTA.exe
  2⤵
  PID:12496
- C:\Windows\System\KajLsTT.exe
  C:\Windows\System\KajLsTT.exe
  2⤵
  PID:13244
- C:\Windows\System\JMBvjsx.exe
  C:\Windows\System\JMBvjsx.exe
  2⤵
  PID:13340
- C:\Windows\System\FYlkmhQ.exe
  C:\Windows\System\FYlkmhQ.exe
  2⤵
  PID:13368
- C:\Windows\System\iwHUeNV.exe
  C:\Windows\System\iwHUeNV.exe
  2⤵
  PID:13396
- C:\Windows\System\pLycetk.exe
  C:\Windows\System\pLycetk.exe
  2⤵
  PID:13424
- C:\Windows\System\UTencgX.exe
  C:\Windows\System\UTencgX.exe
  2⤵
  PID:13452
- C:\Windows\System\aAGiCDr.exe
  C:\Windows\System\aAGiCDr.exe
  2⤵
  PID:13480
- C:\Windows\System\qTsSCAm.exe
  C:\Windows\System\qTsSCAm.exe
  2⤵
  PID:13508
- C:\Windows\System\vjExqyE.exe
  C:\Windows\System\vjExqyE.exe
  2⤵
  PID:13536
- C:\Windows\System\iYwimra.exe
  C:\Windows\System\iYwimra.exe
  2⤵
  PID:13564
- C:\Windows\System\CHDZCoO.exe
  C:\Windows\System\CHDZCoO.exe
  2⤵
  PID:13604
- C:\Windows\System\mhyYLmZ.exe
  C:\Windows\System\mhyYLmZ.exe
  2⤵
  PID:13620
- C:\Windows\System\UgOMNNe.exe
  C:\Windows\System\UgOMNNe.exe
  2⤵
  PID:13648
- C:\Windows\System\vgHRsRI.exe
  C:\Windows\System\vgHRsRI.exe
  2⤵
  PID:13680
- C:\Windows\System\gJkbtCb.exe
  C:\Windows\System\gJkbtCb.exe
  2⤵
  PID:13708
- C:\Windows\System\LpNTyPK.exe
  C:\Windows\System\LpNTyPK.exe
  2⤵
  PID:13736
- C:\Windows\System\lPbhkln.exe
  C:\Windows\System\lPbhkln.exe
  2⤵
  PID:13764
- C:\Windows\System\xUYVpre.exe
  C:\Windows\System\xUYVpre.exe
  2⤵
  PID:13792
- C:\Windows\System\idYgrEC.exe
  C:\Windows\System\idYgrEC.exe
  2⤵
  PID:13820
- C:\Windows\System\mPrvXIB.exe
  C:\Windows\System\mPrvXIB.exe
  2⤵
  PID:13848
- C:\Windows\System\hEQvhXT.exe
  C:\Windows\System\hEQvhXT.exe
  2⤵
  PID:13880
- C:\Windows\System\UySdIob.exe
  C:\Windows\System\UySdIob.exe
  2⤵
  PID:13908
- C:\Windows\System\mQgHjIX.exe
  C:\Windows\System\mQgHjIX.exe
  2⤵
  PID:13944
- C:\Windows\System\uLxQUaO.exe
  C:\Windows\System\uLxQUaO.exe
  2⤵
  PID:13964
- C:\Windows\System\VWGkRQb.exe
  C:\Windows\System\VWGkRQb.exe
  2⤵
  PID:13992
- C:\Windows\System\hhtEGEy.exe
  C:\Windows\System\hhtEGEy.exe
  2⤵
  PID:14020
- C:\Windows\System\tAGQZoM.exe
  C:\Windows\System\tAGQZoM.exe
  2⤵
  PID:14048
- C:\Windows\System\EHhUYmx.exe
  C:\Windows\System\EHhUYmx.exe
  2⤵
  PID:14076
- C:\Windows\System\lPZJLWy.exe
  C:\Windows\System\lPZJLWy.exe
  2⤵
  PID:14104
- C:\Windows\System\jtpyVNG.exe
  C:\Windows\System\jtpyVNG.exe
  2⤵
  PID:14132
- C:\Windows\System\CCxzYaQ.exe
  C:\Windows\System\CCxzYaQ.exe
  2⤵
  PID:14168
- C:\Windows\System\sjTpXhe.exe
  C:\Windows\System\sjTpXhe.exe
  2⤵
  PID:14188
- C:\Windows\System\LnODZGz.exe
  C:\Windows\System\LnODZGz.exe
  2⤵
  PID:14216
- C:\Windows\System\PXhMFku.exe
  C:\Windows\System\PXhMFku.exe
  2⤵
  PID:14244
- C:\Windows\System\FBEegEm.exe
  C:\Windows\System\FBEegEm.exe
  2⤵
  PID:14272
- C:\Windows\System\csBOPLK.exe
  C:\Windows\System\csBOPLK.exe
  2⤵
  PID:14300
- C:\Windows\System\PzPjABi.exe
  C:\Windows\System\PzPjABi.exe
  2⤵
  PID:14332
- C:\Windows\System\WIytBYg.exe
  C:\Windows\System\WIytBYg.exe
  2⤵
  PID:13364
- C:\Windows\System\UFIXgzP.exe
  C:\Windows\System\UFIXgzP.exe
  2⤵
  PID:13416
- C:\Windows\System\eEzwmHG.exe
  C:\Windows\System\eEzwmHG.exe
  2⤵
  PID:13476
- C:\Windows\System\pQHoixd.exe
  C:\Windows\System\pQHoixd.exe
  2⤵
  PID:13520
- C:\Windows\System\lPCEJkl.exe
  C:\Windows\System\lPCEJkl.exe
  2⤵
  PID:13120
- C:\Windows\System\XNjqnzI.exe
  C:\Windows\System\XNjqnzI.exe
  2⤵
  PID:13640
- C:\Windows\System\mFYjGYu.exe
  C:\Windows\System\mFYjGYu.exe
  2⤵
  PID:13728
- C:\Windows\System\lBxLaPu.exe
  C:\Windows\System\lBxLaPu.exe
  2⤵
  PID:13776
- C:\Windows\System\EMjlpvv.exe
  C:\Windows\System\EMjlpvv.exe
  2⤵
  PID:13840
- C:\Windows\System\GfFGTBC.exe
  C:\Windows\System\GfFGTBC.exe
  2⤵
  PID:13892
- C:\Windows\System\OYTGPvV.exe
  C:\Windows\System\OYTGPvV.exe
  2⤵
  PID:13956
- C:\Windows\System\NkQkAuU.exe
  C:\Windows\System\NkQkAuU.exe
  2⤵
  PID:14016
- C:\Windows\System\sqjdmQd.exe
  C:\Windows\System\sqjdmQd.exe
  2⤵
  PID:3564
- C:\Windows\System\naHhGFG.exe
  C:\Windows\System\naHhGFG.exe
  2⤵
  PID:14116
- C:\Windows\System\TrNhycq.exe
  C:\Windows\System\TrNhycq.exe
  2⤵
  PID:14180
- C:\Windows\System\pZdcMmy.exe
  C:\Windows\System\pZdcMmy.exe
  2⤵
  PID:14240
- C:\Windows\System\HpOPsoW.exe
  C:\Windows\System\HpOPsoW.exe
  2⤵
  PID:5904
- C:\Windows\System\nSiHfKA.exe
  C:\Windows\System\nSiHfKA.exe
  2⤵
  PID:4852
- C:\Windows\System\soFRCod.exe
  C:\Windows\System\soFRCod.exe
  2⤵
  PID:13360
- C:\Windows\System\jrvOxcG.exe
  C:\Windows\System\jrvOxcG.exe
  2⤵
  PID:13464
- C:\Windows\System\TSqseBx.exe
  C:\Windows\System\TSqseBx.exe
  2⤵
  PID:13616
- C:\Windows\System\HsneQUh.exe
  C:\Windows\System\HsneQUh.exe
  2⤵
  PID:13756
- C:\Windows\System\flLnpVP.exe
  C:\Windows\System\flLnpVP.exe
  2⤵
  PID:13920
- C:\Windows\System\UyCIVdW.exe
  C:\Windows\System\UyCIVdW.exe
  2⤵
  PID:14012
- C:\Windows\System\NZwruYK.exe
  C:\Windows\System\NZwruYK.exe
  2⤵
  PID:14176
- C:\Windows\System\drkTWPL.exe
  C:\Windows\System\drkTWPL.exe
  2⤵
  PID:6096
- C:\Windows\System\gUxUQRi.exe
  C:\Windows\System\gUxUQRi.exe
  2⤵
  PID:13408
- C:\Windows\System\xLVZrcU.exe
  C:\Windows\System\xLVZrcU.exe
  2⤵
  PID:3404
- C:\Windows\System\pJIVhso.exe
  C:\Windows\System\pJIVhso.exe
  2⤵
  PID:13832
- C:\Windows\System\cLAyizA.exe
  C:\Windows\System\cLAyizA.exe
  2⤵
  PID:14144
- C:\Windows\System\VycGZfx.exe
  C:\Windows\System\VycGZfx.exe
  2⤵
  PID:13748
- C:\Windows\System\YQCNPPw.exe
  C:\Windows\System\YQCNPPw.exe
  2⤵
  PID:14096
- C:\Windows\System\RYlLsnG.exe
  C:\Windows\System\RYlLsnG.exe
  2⤵
  PID:14296
- C:\Windows\System\afrnsPf.exe
  C:\Windows\System\afrnsPf.exe
  2⤵
  PID:14368
- C:\Windows\System\DPxezoN.exe
  C:\Windows\System\DPxezoN.exe
  2⤵
  PID:14388
- C:\Windows\System\QgHYOqR.exe
  C:\Windows\System\QgHYOqR.exe
  2⤵
  PID:14412
- C:\Windows\System\cIRxBcb.exe
  C:\Windows\System\cIRxBcb.exe
  2⤵
  PID:14464
- C:\Windows\System\chKCcso.exe
  C:\Windows\System\chKCcso.exe
  2⤵
  PID:14480
- C:\Windows\System\xyzaruy.exe
  C:\Windows\System\xyzaruy.exe
  2⤵
  PID:14500
- C:\Windows\System\RjUlcKM.exe
  C:\Windows\System\RjUlcKM.exe
  2⤵
  PID:14540
- C:\Windows\System\pmIncif.exe
  C:\Windows\System\pmIncif.exe
  2⤵
  PID:14564
- C:\Windows\System\kUIbzBz.exe
  C:\Windows\System\kUIbzBz.exe
  2⤵
  PID:14580
- C:\Windows\System\vvuVVUP.exe
  C:\Windows\System\vvuVVUP.exe
  2⤵
  PID:14612
- C:\Windows\System\OLwXfZi.exe
  C:\Windows\System\OLwXfZi.exe
  2⤵
  PID:14636
- C:\Windows\System\tceuAjM.exe
  C:\Windows\System\tceuAjM.exe
  2⤵
  PID:14664
- C:\Windows\System\VlShmVg.exe
  C:\Windows\System\VlShmVg.exe
  2⤵
  PID:14684
- C:\Windows\System\kLyIQll.exe
  C:\Windows\System\kLyIQll.exe
  2⤵
  PID:14732
- C:\Windows\System\SHRGTau.exe
  C:\Windows\System\SHRGTau.exe
  2⤵
  PID:14748
- C:\Windows\System\lILfWYH.exe
  C:\Windows\System\lILfWYH.exe
  2⤵
  PID:14788
- C:\Windows\System\WxbooIo.exe
  C:\Windows\System\WxbooIo.exe
  2⤵
  PID:14816
- C:\Windows\System\dqDlmXw.exe
  C:\Windows\System\dqDlmXw.exe
  2⤵
  PID:14836
- C:\Windows\System\GdhyEeR.exe
  C:\Windows\System\GdhyEeR.exe
  2⤵
  PID:14864
- C:\Windows\System\FuHadTS.exe
  C:\Windows\System\FuHadTS.exe
  2⤵
  PID:14900
- C:\Windows\System\gMegIjd.exe
  C:\Windows\System\gMegIjd.exe
  2⤵
  PID:14916
- C:\Windows\System\XLlLOZT.exe
  C:\Windows\System\XLlLOZT.exe
  2⤵
  PID:14944
- C:\Windows\System\XNejWgT.exe
  C:\Windows\System\XNejWgT.exe
  2⤵
  PID:14984
- C:\Windows\System\lfooOmM.exe
  C:\Windows\System\lfooOmM.exe
  2⤵
  PID:15012
- C:\Windows\System\jFQItZS.exe
  C:\Windows\System\jFQItZS.exe
  2⤵
  PID:15040
- C:\Windows\System\sqiJMHH.exe
  C:\Windows\System\sqiJMHH.exe
  2⤵
  PID:15056
- C:\Windows\System\bXxLzPE.exe
  C:\Windows\System\bXxLzPE.exe
  2⤵
  PID:15084
- C:\Windows\System\zvGbEQy.exe
  C:\Windows\System\zvGbEQy.exe
  2⤵
  PID:15124
- C:\Windows\System\TSPzlkv.exe
  C:\Windows\System\TSPzlkv.exe
  2⤵
  PID:15152
- C:\Windows\System\zYMYQJA.exe
  C:\Windows\System\zYMYQJA.exe
  2⤵
  PID:15180
- C:\Windows\System\FATzRga.exe
  C:\Windows\System\FATzRga.exe
  2⤵
  PID:15208
- C:\Windows\System\JhTPnTa.exe
  C:\Windows\System\JhTPnTa.exe
  2⤵
  PID:15236
- C:\Windows\System\XAXCCpP.exe
  C:\Windows\System\XAXCCpP.exe
  2⤵
  PID:15252
- C:\Windows\System\KlbMndy.exe
  C:\Windows\System\KlbMndy.exe
  2⤵
  PID:15292
- C:\Windows\System\Vfbrmfz.exe
  C:\Windows\System\Vfbrmfz.exe
  2⤵
  PID:15320
- C:\Windows\System\STKFTTS.exe
  C:\Windows\System\STKFTTS.exe
  2⤵
  PID:15348
- C:\Windows\System\WugJYDC.exe
  C:\Windows\System\WugJYDC.exe
  2⤵
  PID:14360
- C:\Windows\System\cicZtdr.exe
  C:\Windows\System\cicZtdr.exe
  2⤵
  PID:14436
- C:\Windows\System\MrpHbTG.exe
  C:\Windows\System\MrpHbTG.exe
  2⤵
  PID:14532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BSQFBiz.exe

Filesize
5.8MB

MD5
471a0903b93eece27cff0f5b01c9e22b

SHA1
4d6dc386c3624b74dcc98998c44f823b57cab01b

SHA256
a9306868075ef8f4cc58192a6bf6be35852bca3f7db876f514f39ada7c863c2c

SHA512
b70d97834ed233b85228d3d858e0c4e0660693ac376aa30a855fa2ea9c711b11cfe48dd63d099c5dd6cd2f07473da485917a9bfc0feb9c20b3a74e504ca5ab51

Download Submit
C:\Windows\System\BYNwnyT.exe

Filesize
5.8MB

MD5
60cf32cfad02ae76738b8965cf5770bd

SHA1
8375a1ecf9534cbd8f55a291d593d4ab0be8d0db

SHA256
9c3da7497a08e826d2c39281ac8e8d8f2de521c8485d5d0704135cce1d3e9441

SHA512
5773ecd9600720392cd1f2eb6709ba97a62b6cacf7d94e6e6756cd5b18ce21d405924686ba1992bd99c84464f45193ef8664da0bf1e250feaa387c68bbe4771e

Download Submit
C:\Windows\System\CqYSiKl.exe

Filesize
5.8MB

MD5
a8fcdf54c255db012fdecb6caafe02c1

SHA1
2e60e30a27774728c4827ec22e31d4bdb8067d1a

SHA256
75d0f9ffe6ed7b4a574f60d7955dd8277d99f3de6fbf179eff210d5394bf63e4

SHA512
bd9cd0e8706bd0f8c3ebde74f1b10ca85ec79aa1cfd54d7481dd2cd22603e2772163a9a912c78db6b3c354273fa653c044499b583ae8f1971bc95c714c5c6b3f

Download Submit
C:\Windows\System\EKeCEgF.exe

Filesize
5.8MB

MD5
b619b9a7538735720ab587666f101408

SHA1
04b06c599a025f5321bec13dc3fc348fbba006a0

SHA256
dbfdde0e1816d2210bf5ef4156fd1122bfea66ee29e1c782bfd4d5d26877e231

SHA512
f2f85b317e6c3545c11631fab6b04bcc9fb0c02269302d04ad1f5a5135d8a6b1ab921ed53834b4ddc4eda0fd2328cbf48aad49d30c22c4b13d6daf736a7c9553

Download Submit
C:\Windows\System\FNTSoJG.exe

Filesize
5.8MB

MD5
d3bd6e54388529d5390e83fe2dcb5bef

SHA1
5182db00ecef00f6a68ce1d58379ba617113d02e

SHA256
c6f6eb53adce467718646b9b32cca08c02a57ffe1de76b0ad01f0579026484e3

SHA512
789ff5b06aa10563c809d1b9be46b017cdc69b974ddf55c4bd18446d9b811577a60f9a9ddad369d0cebb424ad31ac02f4999d50dd95854aa98f674359814618b

Download Submit
C:\Windows\System\GPPUoPd.exe

Filesize
5.8MB

MD5
1ada1f94f9b4a58efd3c5b89c682610a

SHA1
68d99dfe2cabf32d65d07a86e39d3d5804c66c2d

SHA256
716fc7dc1fb9e051b9b0e141a4171b774f010c8362d7f986cbdfde9b0075356d

SHA512
20d0d4708ca41549e42ea1050a58263fdd2e667a6186c8a8549356506c3fa78ff05110ece0e9557a0e5c3ac30c7b07746e9c4e1a4afd0e06c8bea4b0ce771e15

Download Submit
C:\Windows\System\IDhdIRJ.exe

Filesize
5.8MB

MD5
90fd5046f3650ba4ab324ac95e1bd8b6

SHA1
bbb85ee5e3c2ace51efb31acf574bb41c646497e

SHA256
d2c66566df24dbae3d9efb25bdc294891fb09666e343d8f7d4075f42674f34a8

SHA512
25d6f897ef47d50206416f24904fe58abb1c38ca5cd30e3c8a06c2d19a7112148a4a38119f038b6487d2dab41e072471f10bea68ef0f13390ac424b253cfa85d

Download Submit
C:\Windows\System\IQzCrYA.exe

Filesize
5.8MB

MD5
8053f9f3c699bccaa171d4b4888feee9

SHA1
2c5314cd6bef6af4030885bdca06efbd04bea645

SHA256
f9f74c8a8923c1149dd5bfc3ffdb1bc39fe3aa5a30276fe40a5f3670b4da855a

SHA512
3944b67abfa1d3f8be726af41791eca20c275542228dd3c4197cf0a06a5cfa6cc91741aa7ae6167080a75de9261b8cd153a3fb420c3c10fb08404fa525792d43

Download Submit
C:\Windows\System\ImKReea.exe

Filesize
5.8MB

MD5
0d5d5b2f17ed7e8d21e17664b7a3ca97

SHA1
47493db4984dfa00a2d9bebf2f133bd1c08d22db

SHA256
54dc9b575d858684c85c00aa413d22b8298690c7248498753b2b4edf61466f51

SHA512
edbb00d3f773d928e26da8099d15e7bbdfa1fa439ac319224111fc4839ec39318121dc25b98c45d23cb8334e88dcfd92c25e7284173b590013e62f3ace97dbd1

Download Submit
C:\Windows\System\JYkqvPC.exe

Filesize
5.8MB

MD5
ccf62248dc6b683c0ffe4949ef45f97f

SHA1
f99c2df424875e6945e052e746f0489aa76bdc8d

SHA256
c5c78f5fc4bbfc8e5e5fbfd27b3c81ca231e6fbcb077c1854f1d708d4294ccdc

SHA512
002fc89853e265f760f562e732f209366fa42f0511659a001eb7ef0fb6cbe67f47265f01a5c4e486a3455464a8014f19f89d4a794c45352416b9cc80600d9f9c

Download Submit
C:\Windows\System\NKTWjtX.exe

Filesize
5.8MB

MD5
d43dae59542a0a4cf00bc47e5fea49ce

SHA1
671925b3ceb8b08717d8664acf90f1ae3444207a

SHA256
821fab76b1474079abc82f5305de45b3d447de752c3c3033f884a6f446909cc5

SHA512
ce7d8c9d33a6f0fd31aae8cb43ee98e0eb0c3c0929fd5cd79c0954098e86bc3ad0b610fe276ed53043c5e5252eb1271bfda237793ef3a65f77a44fe160f06879

Download Submit
C:\Windows\System\NVmJEay.exe

Filesize
5.8MB

MD5
ac1a3a8c228f5a2dc26972d35ed03773

SHA1
1b3384213c53a60002c9b2ee12666fd2a64f3d3f

SHA256
febe1b0fa25603a760d20c3cd627fb9a3c5a779d9eeac7054ea9497377bf1028

SHA512
96c3ec7bd61bbcc7d63483e6b2863b39806f888bd8e0faabb2e3805b0d4d31cdfef065c8415cb4c73746a6b354e233dc4daf8040004dcc0c1a75319a67f4c824

Download Submit
C:\Windows\System\QFEylxq.exe

Filesize
5.8MB

MD5
69003030dc8fd76e228207e85e2b771e

SHA1
ca47f4e0d8517a70c4ca5957ea7bcda80fdb389d

SHA256
baec640b393dc0a7964232b14970693b87dab2d1b9a8162b40c1914c641653dd

SHA512
2e00ae1f35869b0df7634fc0c154a99a43933b41fd38bdae8feee09ab7adc73fb322fae0ebf7539be3d5225d9c81c3a02da9a7e6ce542734aca1ee2108300240

Download Submit
C:\Windows\System\UDgmPzc.exe

Filesize
5.8MB

MD5
9fdeafc761c25cf3eca7b601cbf0dff6

SHA1
24525c4c2dd61b3d502993644da0a237540ade59

SHA256
7c305d8216f0fc972238ba92919b8472c87a7aebb43934c4d4d4425fe50bf3e3

SHA512
08a9a4d9e4fde6fec667444423cad18798f6d842d951022d065d6b6c0110a40b658505bc018739f910bc057ca25e1640d9f8167aa98a5a50ee14ee900f11ebcd

Download Submit
C:\Windows\System\VJMkdOc.exe

Filesize
5.8MB

MD5
d8e60ab95d92b492cfb014bc5b0fd882

SHA1
df82f8563793c1c08510435ec5182e649747865d

SHA256
b9f8999fe62aa85ced8bb21c50da25b74d330bb157039d4a847dd20d18e605fa

SHA512
e5176d85531002df8636ba3ffaf41955e9706e75795ff918fb6cc2a0cc1c30c63ac59659753b86572df47da5829f9b6ad2ad3ff041c86c5b55a2b9ed1f2746a3

Download Submit
C:\Windows\System\WzwEMFr.exe

Filesize
5.8MB

MD5
75f8ee0f0cab909f5659d6a318e2815e

SHA1
786d5e2a690d98420b8e73da8c0036800f1ae6ff

SHA256
e8b2ee72cbe3b88af3427aabcedcb941c1554ed9310ac5d34f7425c81b92fb39

SHA512
a284ca26b17055bf247b30560675080d89633315dbcc220f633e99f1b6ee84350717a5ba54f024f682fba14f07af9b703c665560fd7ad7421316d3bfdb7dc92e

Download Submit
C:\Windows\System\XihQWkE.exe

Filesize
5.8MB

MD5
1149635b03a2099b67a4863b6c86367b

SHA1
f79bd60f73508339f9556756445bb52af9db8837

SHA256
846a77e7395758a3c3ea074bad4ad9c85ec86546ad9937d07ca51af28ab7bc91

SHA512
425098bddadfb32cfc4b674b13ed5d17a442d20582c01c44b21d21b42a3b5ee76de18e5359e0ab2beb46102f3d500681aa190525c92bc9cb1557669c914994b4

Download Submit
C:\Windows\System\XplHGyA.exe

Filesize
5.8MB

MD5
344257126320ccf5cdaf9d893b1d9436

SHA1
59e04a87559384b65615d0241c4f151e3138b0f8

SHA256
62becaa6eb026e2754cd4d69a6bc0fbb2f1a41439eb42664e7ff40fd004434f8

SHA512
72f41c5b215aa0b65037a4a0bd8f78e05050e184d6c517685c350b3a1b307ee7994aa5eb36231472fa5a4fbf787da4b074bbdc72415a92ad80e2a94a8544ba91

Download Submit
C:\Windows\System\ZnSfByg.exe

Filesize
5.8MB

MD5
8e5b45f3407e355cfa82bb9da8252cfe

SHA1
4d65e6ac60f22fb84330525450c992bfa94b3dcd

SHA256
ef1665646198d97d7ec3a4235dc66cd9f1d47c4f5c24dbbc11a168b66ba98be9

SHA512
b1f7a7d91909d01c99153d5a6e0d6fe8b62c8a9188ab6839fe79b077855dae212b8dd5e15cca9962053a9a613befc9491b07ae363db3902300776a27e2575b79

Download Submit
C:\Windows\System\aHTWXxl.exe

Filesize
5.8MB

MD5
6eeab58108ab9405b0a4328d4b487782

SHA1
d35a77caad60c562ae227759d899bee2c023b8cd

SHA256
f99a6b379f8deee38be021b7f48fc40cd4ba2514e1bf7b89f7ee3b2b49a5d4cb

SHA512
00240b87370e511558f9b6b3b025efeb1b9978807b3fdf7ba6eba1ce894cba6ce445e9deaf62bcb0bf2ee56eb648a7d7bbf10a6604b6f9a53ba667706b510a53

Download Submit
C:\Windows\System\aXsmQnu.exe

Filesize
5.8MB

MD5
e8fc1532f90c498513077ec31c62e9af

SHA1
527fefddf2821eb491e314e5d2b2451f116115a4

SHA256
2a4f7bff10721952df0c45211582471b5a85b29a83c6674005dc4aafd9a15ff9

SHA512
48627bf457a44542588860c283483a085646ba69c1fcd10d03354ea40173204fa72f1191fe847f4ba5b0870869b5a9a38159d2f4af28bdbf84a9d738af5edbfd

Download Submit
C:\Windows\System\dhMuOUq.exe

Filesize
5.8MB

MD5
fe16b635a6757312293a4ca96f13a22a

SHA1
ab274d83c4b461f941206ba90303965f8cc0ce0f

SHA256
ddc04814050c664750246640120f170fe72198a9c304fcd5068db6d14fe544a1

SHA512
562c2ad6a82fd5003e0c68691afa8243de4a92fc96e33cad653382de626df095ba3ba0427f6a5527fd13c986e18f402f14c929ebfcd064d940594874fd4062c9

Download Submit
C:\Windows\System\dzhTzDY.exe

Filesize
5.8MB

MD5
1cbf9a0b68af88912c181a20d13a0eaa

SHA1
2cdaecf403f093849c82c3446a72a7bf30b41731

SHA256
aa989331a4d80678f38783370062a8a6db37b98de555ae8123dd61985c661002

SHA512
a12946ea319dfbbeac91391d937e87b3c12e25ea40a2504bafd39022b7de20993de7f4d96566f56294d38b85c92566d5bd6e843b50dccc39beeec81039275882

Download Submit
C:\Windows\System\hiSlhqX.exe

Filesize
5.8MB

MD5
9e4e2461f8818de57143805675b80a0a

SHA1
a0d319d559b2c09f9817d66fa68836938cc73f3c

SHA256
628f4778f2f9fccce9e6c456a634c6e3ab6b78e45f17885ad62da478d47f4ab5

SHA512
ba81f423450d67b7b773df59beb5205c0bf1bda73e259cab975f6c25eb46f4ca306cac182603157b41723fc9942df93cf178fa891639abe5ebbaf262384df47a

Download Submit
C:\Windows\System\iLVdKdN.exe

Filesize
5.8MB

MD5
3eb4afc6611c0be4144ba266bab02ec4

SHA1
4ee14988e6911748bbd5248d69473490945837f3

SHA256
7f3dbece91b13e40d34444bff35a679d17f33b20b95389d25df33c5c10a6aac3

SHA512
ab886f71530dcac7bfa5efe317c8ee197455faf12ed5f5b8e284e3a08f33b0f564488e53ee96fc8753e50e4798cd71994d6a1bebbd7cce6cdc565d631f20800e

Download Submit
C:\Windows\System\iLyIsdP.exe

Filesize
5.8MB

MD5
07ff8b5b7d0aefa0b657904b63714a8d

SHA1
f550a153d7904702c51fb492ea1ba3af9040946c

SHA256
d447fbaa931fda079a84bea8133cff019f0a9f20ff2c64428108991d94bf59f3

SHA512
0dd41f23ce8760eb90d07a8475cbf9a3c80e6a1113a98a1e2ee1d89fbd1f63e0e827e1265d22cea22097162ea3bd8ff9d138b574564c8926c5caca1673a8aa0e

Download Submit
C:\Windows\System\okjlwkv.exe

Filesize
5.8MB

MD5
168f9d3b1bf396d7c0c66a3e476401e0

SHA1
1dec46a5a5ad7bb7692c76fdd8a05947d03c633f

SHA256
00a373b1eacb3d53adfaa2fe76b7031c7c006035f4c5b1de67c68d15e1a43c05

SHA512
b9a12a03e4016d2f31b031e8e831ce360e5bf59618e20480cdee62fbc6247da526226dedd7a224b66ccd4abc297e08feb250be870179f8a21d5843a2437e14cb

Download Submit
C:\Windows\System\qJuTBPx.exe

Filesize
5.8MB

MD5
40badc94bd15674242d880eb54c36405

SHA1
b48d0d58ee7f874a914b0028aedbd444f1dc156b

SHA256
2bb56e00e0d365f3955ed31147cb71c7145bf53588923e80f062e4d8b810c44f

SHA512
f781846218cf848129493ac798a44621ca740d015d492d6705aea5084d4ba8555bb2bb7f878fbfb1ab39dd7edd87a2f2648700bc1fac5bd31c9c7a6e76d8de39

Download Submit
C:\Windows\System\qrnlBvP.exe

Filesize
5.8MB

MD5
801404422c8c6d89f5296d960a8e4019

SHA1
b04d9c1f33b28b852cc3569786906e328c9b771e

SHA256
cbb47ec3c7710475d139c1e5666a0ca3f2b6c06936612975089d5d3389e118f6

SHA512
56394faf5c7e6535a73fb9db9af3bf08bb21a7740190d33da91759f055a495b6ce6cd4e73ae1927a8314683358a9ddb610ace070b008f360bbbac71f003a4b26

Download Submit
C:\Windows\System\tBZMIej.exe

Filesize
5.8MB

MD5
3f0657fecd316215adb52f0553014ae7

SHA1
279fce8d6a258fa51e4c77325dcb4b957656edf8

SHA256
1b61dde6987c0acfce51581eea5c4df918164eeecd653ee082c36616687602dd

SHA512
c6b3185b718444162c54e49436829586bf601740eac77b281d5cacd7848b5da162ec38952b859e1f8b12a5656a99f149bf41cd0687699d5ebd838aa66779518e

Download Submit
C:\Windows\System\uBGSdlP.exe

Filesize
5.8MB

MD5
65740f3191a99ad6343ab119f8a25127

SHA1
ef5b20d5c9c6d5011628bbdeb24debdba200765c

SHA256
d82d741a759690657cb25c978bc9816a9756a7f64b1d25353b9703412f52d47e

SHA512
e2635b288d00299f806b3f8c73b56917c0008e1f8561d17b6c0ab3d841e5025cd429368686c5d227e4a350c92bdc32c309940d383387d17d87bf32bb1f26f8d1

Download Submit
C:\Windows\System\vIINJJi.exe

Filesize
5.8MB

MD5
34f15aac68cc3200a18a2f187e32bd7b

SHA1
d3dea818f5a2969e3874df0d1ba0df0ac6d092fd

SHA256
6102bc78ecfac0f2dbf2db534035aaadf7c615903391ce8bb51d9345753d77bd

SHA512
40199334ef039fde5258eee604496be0b8b07aa14ecf12ad8a5dca37973fc971f09cf3e8deb6fb38edcbeb901b7037938388a28c93da27ac6a873fe2cd767dea

Download Submit
C:\Windows\System\xDfZpvP.exe

Filesize
5.8MB

MD5
a8dd702c081cb264b04036a4e25e72a6

SHA1
8a3300fd24b397592b45ccec897b1e87b00dd07e

SHA256
ca262603b1103915fce37c6b670380afdb525f35dd78e4214560c08d84223308

SHA512
16221191ff4fe72a3907bd44e3fc1932f1f16ddd12dd93d6eae212ad8178828235bb0ad58f7581d0701d5704501c13174e4cff395d969a282390c213a4b06411

Download Submit
memory/536-8-0x00007FF611CF0000-0x00007FF612044000-memory.dmp

Filesize
3.3MB

Download
memory/556-77-0x00007FF7941F0000-0x00007FF794544000-memory.dmp

Filesize
3.3MB

Download
memory/556-2260-0x00007FF7941F0000-0x00007FF794544000-memory.dmp

Filesize
3.3MB

Download
memory/556-186-0x00007FF7941F0000-0x00007FF794544000-memory.dmp

Filesize
3.3MB

Download
memory/1552-157-0x00007FF6E5E20000-0x00007FF6E6174000-memory.dmp

Filesize
3.3MB

Download
memory/1552-535-0x00007FF6E5E20000-0x00007FF6E6174000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2272-0x00007FF6E5E20000-0x00007FF6E6174000-memory.dmp

Filesize
3.3MB

Download
memory/1624-47-0x00007FF783C40000-0x00007FF783F94000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2254-0x00007FF783C40000-0x00007FF783F94000-memory.dmp

Filesize
3.3MB

Download
memory/1748-736-0x00007FF6AE230000-0x00007FF6AE584000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2274-0x00007FF6AE230000-0x00007FF6AE584000-memory.dmp

Filesize
3.3MB

Download
memory/1748-175-0x00007FF6AE230000-0x00007FF6AE584000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2255-0x00007FF7BA4C0000-0x00007FF7BA814000-memory.dmp

Filesize
3.3MB

Download
memory/2116-147-0x00007FF7BA4C0000-0x00007FF7BA814000-memory.dmp

Filesize
3.3MB

Download
memory/2116-49-0x00007FF7BA4C0000-0x00007FF7BA814000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2251-0x00007FF79B380000-0x00007FF79B6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-43-0x00007FF79B380000-0x00007FF79B6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-31-0x00007FF60FDA0000-0x00007FF6100F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2250-0x00007FF60FDA0000-0x00007FF6100F4000-memory.dmp

Filesize
3.3MB

Download
memory/3184-143-0x00007FF7DA5F0000-0x00007FF7DA944000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2270-0x00007FF7DA5F0000-0x00007FF7DA944000-memory.dmp

Filesize
3.3MB

Download
memory/3556-84-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp

Filesize
3.3MB

Download
memory/3556-1-0x000001B811C50000-0x000001B811C60000-memory.dmp

Filesize
64KB

Download
memory/3556-0-0x00007FF7CA7D0000-0x00007FF7CAB24000-memory.dmp

Filesize
3.3MB

Download
memory/3648-169-0x00007FF742220000-0x00007FF742574000-memory.dmp

Filesize
3.3MB

Download
memory/3648-661-0x00007FF742220000-0x00007FF742574000-memory.dmp

Filesize
3.3MB

Download
memory/3648-2275-0x00007FF742220000-0x00007FF742574000-memory.dmp

Filesize
3.3MB

Download
memory/3852-134-0x00007FF798BA0000-0x00007FF798EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-2268-0x00007FF798BA0000-0x00007FF798EF4000-memory.dmp

Filesize
3.3MB

Download
memory/3852-260-0x00007FF798BA0000-0x00007FF798EF4000-memory.dmp

Filesize
3.3MB

Download
memory/4064-2265-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp

Filesize
3.3MB

Download
memory/4064-130-0x00007FF6E1900000-0x00007FF6E1C54000-memory.dmp

Filesize
3.3MB

Download
memory/4448-163-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-60-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4448-2257-0x00007FF6EA180000-0x00007FF6EA4D4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-2258-0x00007FF6BCD60000-0x00007FF6BD0B4000-memory.dmp

Filesize
3.3MB

Download
memory/4484-68-0x00007FF6BCD60000-0x00007FF6BD0B4000-memory.dmp

Filesize
3.3MB

Download
memory/4568-142-0x00007FF782F30000-0x00007FF783284000-memory.dmp

Filesize
3.3MB

Download
memory/4568-2269-0x00007FF782F30000-0x00007FF783284000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2261-0x00007FF718890000-0x00007FF718BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-85-0x00007FF718890000-0x00007FF718BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4648-205-0x00007FF718890000-0x00007FF718BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4676-2262-0x00007FF7A9600000-0x00007FF7A9954000-memory.dmp

Filesize
3.3MB

Download
memory/4676-123-0x00007FF7A9600000-0x00007FF7A9954000-memory.dmp

Filesize
3.3MB

Download
memory/4728-74-0x00007FF650EB0000-0x00007FF651204000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2259-0x00007FF650EB0000-0x00007FF651204000-memory.dmp

Filesize
3.3MB

Download
memory/4752-2263-0x00007FF7BE760000-0x00007FF7BEAB4000-memory.dmp

Filesize
3.3MB

Download
memory/4752-137-0x00007FF7BE760000-0x00007FF7BEAB4000-memory.dmp

Filesize
3.3MB

Download
memory/5240-54-0x00007FF76EE70000-0x00007FF76F1C4000-memory.dmp

Filesize
3.3MB

Download
memory/5240-2256-0x00007FF76EE70000-0x00007FF76F1C4000-memory.dmp

Filesize
3.3MB

Download
memory/5240-156-0x00007FF76EE70000-0x00007FF76F1C4000-memory.dmp

Filesize
3.3MB

Download
memory/5336-46-0x00007FF73AF80000-0x00007FF73B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/5336-2252-0x00007FF73AF80000-0x00007FF73B2D4000-memory.dmp

Filesize
3.3MB

Download
memory/5412-2266-0x00007FF752EB0000-0x00007FF753204000-memory.dmp

Filesize
3.3MB

Download
memory/5412-138-0x00007FF752EB0000-0x00007FF753204000-memory.dmp

Filesize
3.3MB

Download
memory/5544-2264-0x00007FF66DF30000-0x00007FF66E284000-memory.dmp

Filesize
3.3MB

Download
memory/5544-129-0x00007FF66DF30000-0x00007FF66E284000-memory.dmp

Filesize
3.3MB

Download
memory/5548-164-0x00007FF7E18D0000-0x00007FF7E1C24000-memory.dmp

Filesize
3.3MB

Download
memory/5548-606-0x00007FF7E18D0000-0x00007FF7E1C24000-memory.dmp

Filesize
3.3MB

Download
memory/5548-2273-0x00007FF7E18D0000-0x00007FF7E1C24000-memory.dmp

Filesize
3.3MB

Download
memory/5600-24-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp

Filesize
3.3MB

Download
memory/5600-107-0x00007FF6AFBE0000-0x00007FF6AFF34000-memory.dmp

Filesize
3.3MB

Download
memory/5660-196-0x00007FF618200000-0x00007FF618554000-memory.dmp

Filesize
3.3MB

Download
memory/5660-2276-0x00007FF618200000-0x00007FF618554000-memory.dmp

Filesize
3.3MB

Download
memory/5880-114-0x00007FF7282E0000-0x00007FF728634000-memory.dmp

Filesize
3.3MB

Download
memory/5880-2253-0x00007FF7282E0000-0x00007FF728634000-memory.dmp

Filesize
3.3MB

Download
memory/5880-41-0x00007FF7282E0000-0x00007FF728634000-memory.dmp

Filesize
3.3MB

Download
memory/6000-155-0x00007FF7DF500000-0x00007FF7DF854000-memory.dmp

Filesize
3.3MB

Download
memory/6000-2271-0x00007FF7DF500000-0x00007FF7DF854000-memory.dmp

Filesize
3.3MB

Download
memory/6000-396-0x00007FF7DF500000-0x00007FF7DF854000-memory.dmp

Filesize
3.3MB

Download
memory/6068-2267-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp

Filesize
3.3MB

Download
memory/6068-259-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp

Filesize
3.3MB

Download
memory/6068-133-0x00007FF6B45C0000-0x00007FF6B4914000-memory.dmp

Filesize
3.3MB

Download