cobaltstrike | 2f5c2f00e4e0782553bc6b159420e03bf15dea9b0b1720f205fe2e00ad86198a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e4fc5a7b253f18c55439ead05c5cc51e
SHA1

04dfbc906b86b29fe32e257a3260829b93c470aa
SHA256

2f5c2f00e4e0782553bc6b159420e03bf15dea9b0b1720f205fe2e00ad86198a
SHA512

a52265afc956cd297258048feae0677a4ff4fb3fdc536efa9f7fa650b7c1dcfd683b6959987815bf723fe286cd69445b669c353c7a13fd3e34ee602154c018b6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001868b-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-18.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018742-30.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001878c-36.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193ac-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-83.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000175e7-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-98.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	xmrig
behavioral1/files/0x000700000001868b-12.dat	xmrig
behavioral1/memory/2172-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f8-18.dat	xmrig
behavioral1/memory/1148-17-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/268-25-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1492-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2172-28-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2204-26-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-24.dat	xmrig
behavioral1/files/0x0006000000018742-30.dat	xmrig
behavioral1/memory/784-35-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x000800000001878c-36.dat	xmrig
behavioral1/memory/2756-48-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193ac-45.dat	xmrig
behavioral1/files/0x000500000001942c-51.dat	xmrig
behavioral1/files/0x0005000000019456-62.dat	xmrig
behavioral1/files/0x0005000000019438-72.dat	xmrig
behavioral1/memory/2608-75-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2420-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-74.dat	xmrig
behavioral1/memory/2848-73-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019467-83.dat	xmrig
behavioral1/memory/2172-82-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/784-80-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2748-68-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2676-58-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2172-50-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2712-49-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00090000000175e7-89.dat	xmrig
behavioral1/files/0x0005000000019496-93.dat	xmrig
behavioral1/files/0x00050000000194fc-111.dat	xmrig
behavioral1/files/0x000500000001952f-123.dat	xmrig
behavioral1/memory/2172-621-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/300-626-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2676-632-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2172-629-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/1948-625-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2748-725-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2172-815-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2848-1163-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2172-2252-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2420-1907-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2608-1404-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x000500000001962b-183.dat	xmrig
behavioral1/files/0x0005000000019629-179.dat	xmrig
behavioral1/files/0x0005000000019627-173.dat	xmrig
behavioral1/files/0x0005000000019625-169.dat	xmrig
behavioral1/files/0x0005000000019623-163.dat	xmrig
behavioral1/files/0x0005000000019622-159.dat	xmrig
behavioral1/files/0x0005000000019621-154.dat	xmrig
behavioral1/files/0x000500000001961f-148.dat	xmrig
behavioral1/files/0x000500000001961d-144.dat	xmrig
behavioral1/files/0x00050000000195e6-138.dat	xmrig
behavioral1/files/0x00050000000195a7-133.dat	xmrig
behavioral1/files/0x000500000001957e-128.dat	xmrig
behavioral1/files/0x0005000000019506-118.dat	xmrig
behavioral1/files/0x00050000000194ef-108.dat	xmrig
behavioral1/files/0x00050000000194d0-103.dat	xmrig
behavioral1/files/0x00050000000194ad-98.dat	xmrig
behavioral1/memory/1148-3995-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/268-3996-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2204-3997-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1492-3998-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1148	ueeQHBV.exe
268	RlQEPug.exe
2204	jMiTIEa.exe
1492	KeENlrY.exe
784	hUVJzzs.exe
2756	ZWNgtKk.exe
2712	BIgIhSF.exe
2676	SdCxUBv.exe
2748	XzNxAqj.exe
2848	hrRTmDS.exe
2608	xGTWgjV.exe
2420	bBzWdMj.exe
1948	xrGUrJd.exe
300	HaMZuLQ.exe
2076	JAhisui.exe
1692	jDyrvhn.exe
1580	qyNmnkJ.exe
1812	hICIPqO.exe
1396	DzlZlaN.exe
1528	IdqCTKC.exe
1188	HwbiPqx.exe
496	ZAocrYw.exe
2804	oEjigNu.exe
2884	fPYjQVJ.exe
2228	YlYfluu.exe
2116	jLkkSWq.exe
3036	geRTLwT.exe
352	FNpOcNQ.exe
1872	baCTnrQ.exe
1960	rdYJItv.exe
1352	yJjUscn.exe
1084	djrnVXM.exe
1516	hPFAhHt.exe
1984	EPlDcfJ.exe
1028	JNAmNUR.exe
836	chTzdsf.exe
832	FAFDlgt.exe
1624	fTGYSKj.exe
1768	jBEBnKK.exe
2220	ZjsbwrQ.exe
2280	FlzShCC.exe
3000	FLzWezp.exe
2320	IWlFBGc.exe
2300	scYUxZm.exe
332	ZaKQwrb.exe
2376	QXdxfZV.exe
1224	DnCeNGS.exe
2364	GJOhDyp.exe
620	fSaOcCX.exe
888	oXqUytx.exe
2004	fxLjddz.exe
2452	JZheAAF.exe
1576	zNKwYUO.exe
1964	JVfxEmB.exe
2256	KdUlYnt.exe
2392	hJgtOkd.exe
2688	KwAqdIB.exe
2960	JtAsfLf.exe
2832	vxHpKLR.exe
2560	YqSBJVn.exe
2816	mdIbXIh.exe
2400	YaWGLUk.exe
2448	Vgqpudm.exe
1800	GZqNIir.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	upx
behavioral1/files/0x000700000001868b-12.dat	upx
behavioral1/memory/2172-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00060000000186f8-18.dat	upx
behavioral1/memory/1148-17-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/268-25-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1492-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2204-26-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0006000000018731-24.dat	upx
behavioral1/files/0x0006000000018742-30.dat	upx
behavioral1/memory/784-35-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x000800000001878c-36.dat	upx
behavioral1/memory/2756-48-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x00060000000193ac-45.dat	upx
behavioral1/files/0x000500000001942c-51.dat	upx
behavioral1/files/0x0005000000019456-62.dat	upx
behavioral1/files/0x0005000000019438-72.dat	upx
behavioral1/memory/2608-75-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2420-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000500000001945c-74.dat	upx
behavioral1/memory/2848-73-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000019467-83.dat	upx
behavioral1/memory/784-80-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2748-68-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2676-58-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2172-50-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2712-49-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00090000000175e7-89.dat	upx
behavioral1/files/0x0005000000019496-93.dat	upx
behavioral1/files/0x00050000000194fc-111.dat	upx
behavioral1/files/0x000500000001952f-123.dat	upx
behavioral1/memory/300-626-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2676-632-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1948-625-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2748-725-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2848-1163-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2420-1907-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2608-1404-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x000500000001962b-183.dat	upx
behavioral1/files/0x0005000000019629-179.dat	upx
behavioral1/files/0x0005000000019627-173.dat	upx
behavioral1/files/0x0005000000019625-169.dat	upx
behavioral1/files/0x0005000000019623-163.dat	upx
behavioral1/files/0x0005000000019622-159.dat	upx
behavioral1/files/0x0005000000019621-154.dat	upx
behavioral1/files/0x000500000001961f-148.dat	upx
behavioral1/files/0x000500000001961d-144.dat	upx
behavioral1/files/0x00050000000195e6-138.dat	upx
behavioral1/files/0x00050000000195a7-133.dat	upx
behavioral1/files/0x000500000001957e-128.dat	upx
behavioral1/files/0x0005000000019506-118.dat	upx
behavioral1/files/0x00050000000194ef-108.dat	upx
behavioral1/files/0x00050000000194d0-103.dat	upx
behavioral1/files/0x00050000000194ad-98.dat	upx
behavioral1/memory/1148-3995-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/268-3996-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2204-3997-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1492-3998-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/784-3999-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2712-4000-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2756-4001-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2676-4002-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2748-4003-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2848-4004-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PNgnuZt.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnDzneY.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWTxBww.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVhBLiX.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOBNBsP.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcbGpLN.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdCOUVE.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaxKpHZ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSXChAz.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rakUdFK.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMVaPwZ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBwtoym.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMGPDmF.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYczOcd.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuJelxO.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdNqgOJ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnrAUeZ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTsFGDN.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShUdaGL.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRsTIDe.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxLjddz.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTvAliY.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKHnUBo.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLTFYdv.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjthkUk.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaWGLUk.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfzMWah.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmqNKxK.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRZEzgh.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypaYTOs.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhNrfGK.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTGYSKj.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsPRkAz.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZuGVXT.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGsJREb.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMAJGen.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNnzjdo.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmqtbFr.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChAdHRp.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRjJgMY.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gewpwYQ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIRXiNJ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbTbDyu.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBjwJDs.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnfevyy.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqSNZJc.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeIHOfY.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKdjoSZ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbrZRzw.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxAwhCQ.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOAJrNi.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmPzZjq.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrMfvYM.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEkmdjR.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHIOZFc.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFueCxC.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueuasMP.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLhjGUh.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YspmSkX.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZCiVjn.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGrXGul.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIIvMjV.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDOsmAd.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHzIBCq.exe	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1148	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 1148	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 1148	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2172 wrote to memory of 268	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 268	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 268	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2172 wrote to memory of 2204	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 2204	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 2204	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2172 wrote to memory of 1492	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 1492	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 1492	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2172 wrote to memory of 784	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 784	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 784	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2172 wrote to memory of 2756	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 2756	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 2756	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2172 wrote to memory of 2712	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 2712	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 2712	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2172 wrote to memory of 2676	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 2676	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 2676	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2172 wrote to memory of 2848	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2848	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2848	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2172 wrote to memory of 2748	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 2748	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 2748	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2172 wrote to memory of 2608	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 2608	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 2608	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2172 wrote to memory of 2420	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 2420	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 2420	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2172 wrote to memory of 1948	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 1948	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 1948	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2172 wrote to memory of 300	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 300	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 300	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2172 wrote to memory of 2076	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 2076	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 2076	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2172 wrote to memory of 1692	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 1692	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 1692	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2172 wrote to memory of 1580	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 1580	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 1580	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2172 wrote to memory of 1812	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 1812	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 1812	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2172 wrote to memory of 1396	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 1396	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 1396	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2172 wrote to memory of 1528	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2172 wrote to memory of 1528	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2172 wrote to memory of 1528	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2172 wrote to memory of 1188	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2172 wrote to memory of 1188	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2172 wrote to memory of 1188	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2172 wrote to memory of 496	2172	2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_e4fc5a7b253f18c55439ead05c5cc51e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\System\ueeQHBV.exe
  C:\Windows\System\ueeQHBV.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\RlQEPug.exe
  C:\Windows\System\RlQEPug.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\jMiTIEa.exe
  C:\Windows\System\jMiTIEa.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\KeENlrY.exe
  C:\Windows\System\KeENlrY.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\hUVJzzs.exe
  C:\Windows\System\hUVJzzs.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\ZWNgtKk.exe
  C:\Windows\System\ZWNgtKk.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\BIgIhSF.exe
  C:\Windows\System\BIgIhSF.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SdCxUBv.exe
  C:\Windows\System\SdCxUBv.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\hrRTmDS.exe
  C:\Windows\System\hrRTmDS.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\XzNxAqj.exe
  C:\Windows\System\XzNxAqj.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xGTWgjV.exe
  C:\Windows\System\xGTWgjV.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\bBzWdMj.exe
  C:\Windows\System\bBzWdMj.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\xrGUrJd.exe
  C:\Windows\System\xrGUrJd.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\HaMZuLQ.exe
  C:\Windows\System\HaMZuLQ.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\JAhisui.exe
  C:\Windows\System\JAhisui.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\jDyrvhn.exe
  C:\Windows\System\jDyrvhn.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\qyNmnkJ.exe
  C:\Windows\System\qyNmnkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\hICIPqO.exe
  C:\Windows\System\hICIPqO.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\DzlZlaN.exe
  C:\Windows\System\DzlZlaN.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\IdqCTKC.exe
  C:\Windows\System\IdqCTKC.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\HwbiPqx.exe
  C:\Windows\System\HwbiPqx.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\ZAocrYw.exe
  C:\Windows\System\ZAocrYw.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\oEjigNu.exe
  C:\Windows\System\oEjigNu.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\fPYjQVJ.exe
  C:\Windows\System\fPYjQVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YlYfluu.exe
  C:\Windows\System\YlYfluu.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\jLkkSWq.exe
  C:\Windows\System\jLkkSWq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\geRTLwT.exe
  C:\Windows\System\geRTLwT.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\FNpOcNQ.exe
  C:\Windows\System\FNpOcNQ.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\baCTnrQ.exe
  C:\Windows\System\baCTnrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\rdYJItv.exe
  C:\Windows\System\rdYJItv.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\yJjUscn.exe
  C:\Windows\System\yJjUscn.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\djrnVXM.exe
  C:\Windows\System\djrnVXM.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\hPFAhHt.exe
  C:\Windows\System\hPFAhHt.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\EPlDcfJ.exe
  C:\Windows\System\EPlDcfJ.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JNAmNUR.exe
  C:\Windows\System\JNAmNUR.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\chTzdsf.exe
  C:\Windows\System\chTzdsf.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\FAFDlgt.exe
  C:\Windows\System\FAFDlgt.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\fTGYSKj.exe
  C:\Windows\System\fTGYSKj.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\jBEBnKK.exe
  C:\Windows\System\jBEBnKK.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\ZjsbwrQ.exe
  C:\Windows\System\ZjsbwrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\FlzShCC.exe
  C:\Windows\System\FlzShCC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\FLzWezp.exe
  C:\Windows\System\FLzWezp.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\IWlFBGc.exe
  C:\Windows\System\IWlFBGc.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\scYUxZm.exe
  C:\Windows\System\scYUxZm.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ZaKQwrb.exe
  C:\Windows\System\ZaKQwrb.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\QXdxfZV.exe
  C:\Windows\System\QXdxfZV.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\DnCeNGS.exe
  C:\Windows\System\DnCeNGS.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\GJOhDyp.exe
  C:\Windows\System\GJOhDyp.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\fSaOcCX.exe
  C:\Windows\System\fSaOcCX.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\oXqUytx.exe
  C:\Windows\System\oXqUytx.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\fxLjddz.exe
  C:\Windows\System\fxLjddz.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\JZheAAF.exe
  C:\Windows\System\JZheAAF.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\zNKwYUO.exe
  C:\Windows\System\zNKwYUO.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\JVfxEmB.exe
  C:\Windows\System\JVfxEmB.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\KdUlYnt.exe
  C:\Windows\System\KdUlYnt.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\hJgtOkd.exe
  C:\Windows\System\hJgtOkd.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\KwAqdIB.exe
  C:\Windows\System\KwAqdIB.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\JtAsfLf.exe
  C:\Windows\System\JtAsfLf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\vxHpKLR.exe
  C:\Windows\System\vxHpKLR.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\YqSBJVn.exe
  C:\Windows\System\YqSBJVn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\mdIbXIh.exe
  C:\Windows\System\mdIbXIh.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\YaWGLUk.exe
  C:\Windows\System\YaWGLUk.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\Vgqpudm.exe
  C:\Windows\System\Vgqpudm.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\GZqNIir.exe
  C:\Windows\System\GZqNIir.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\lztjvTm.exe
  C:\Windows\System\lztjvTm.exe
  2⤵
  PID:636
- C:\Windows\System\kMQlCBF.exe
  C:\Windows\System\kMQlCBF.exe
  2⤵
  PID:2648
- C:\Windows\System\NfItTJi.exe
  C:\Windows\System\NfItTJi.exe
  2⤵
  PID:1252
- C:\Windows\System\PNoYyPs.exe
  C:\Windows\System\PNoYyPs.exe
  2⤵
  PID:2008
- C:\Windows\System\Qihiehj.exe
  C:\Windows\System\Qihiehj.exe
  2⤵
  PID:2788
- C:\Windows\System\ywArUVr.exe
  C:\Windows\System\ywArUVr.exe
  2⤵
  PID:2140
- C:\Windows\System\xIttTQM.exe
  C:\Windows\System\xIttTQM.exe
  2⤵
  PID:484
- C:\Windows\System\yQycnfi.exe
  C:\Windows\System\yQycnfi.exe
  2⤵
  PID:1140
- C:\Windows\System\PODrTkt.exe
  C:\Windows\System\PODrTkt.exe
  2⤵
  PID:1940
- C:\Windows\System\wanXbKa.exe
  C:\Windows\System\wanXbKa.exe
  2⤵
  PID:1260
- C:\Windows\System\STwxVQp.exe
  C:\Windows\System\STwxVQp.exe
  2⤵
  PID:324
- C:\Windows\System\QZCiVjn.exe
  C:\Windows\System\QZCiVjn.exe
  2⤵
  PID:1236
- C:\Windows\System\RzNtzfD.exe
  C:\Windows\System\RzNtzfD.exe
  2⤵
  PID:2224
- C:\Windows\System\eBQZdtN.exe
  C:\Windows\System\eBQZdtN.exe
  2⤵
  PID:912
- C:\Windows\System\voCHtWy.exe
  C:\Windows\System\voCHtWy.exe
  2⤵
  PID:1192
- C:\Windows\System\MHIOZFc.exe
  C:\Windows\System\MHIOZFc.exe
  2⤵
  PID:1544
- C:\Windows\System\awLRgBR.exe
  C:\Windows\System\awLRgBR.exe
  2⤵
  PID:2380
- C:\Windows\System\WOFgUeh.exe
  C:\Windows\System\WOFgUeh.exe
  2⤵
  PID:2312
- C:\Windows\System\NDQUNSK.exe
  C:\Windows\System\NDQUNSK.exe
  2⤵
  PID:2092
- C:\Windows\System\zHbwDnI.exe
  C:\Windows\System\zHbwDnI.exe
  2⤵
  PID:2476
- C:\Windows\System\CNlBcFf.exe
  C:\Windows\System\CNlBcFf.exe
  2⤵
  PID:2456
- C:\Windows\System\TfBPjHm.exe
  C:\Windows\System\TfBPjHm.exe
  2⤵
  PID:2472
- C:\Windows\System\KiPGZnm.exe
  C:\Windows\System\KiPGZnm.exe
  2⤵
  PID:2352
- C:\Windows\System\MSXChAz.exe
  C:\Windows\System\MSXChAz.exe
  2⤵
  PID:1776
- C:\Windows\System\INpplDh.exe
  C:\Windows\System\INpplDh.exe
  2⤵
  PID:1712
- C:\Windows\System\GlaigUa.exe
  C:\Windows\System\GlaigUa.exe
  2⤵
  PID:2264
- C:\Windows\System\gXLGgon.exe
  C:\Windows\System\gXLGgon.exe
  2⤵
  PID:2820
- C:\Windows\System\kYQQLYg.exe
  C:\Windows\System\kYQQLYg.exe
  2⤵
  PID:2828
- C:\Windows\System\ZBfYljF.exe
  C:\Windows\System\ZBfYljF.exe
  2⤵
  PID:2880
- C:\Windows\System\MyEOmDv.exe
  C:\Windows\System\MyEOmDv.exe
  2⤵
  PID:1736
- C:\Windows\System\wmbKAnG.exe
  C:\Windows\System\wmbKAnG.exe
  2⤵
  PID:1708
- C:\Windows\System\vQWIgsj.exe
  C:\Windows\System\vQWIgsj.exe
  2⤵
  PID:2424
- C:\Windows\System\crneZhO.exe
  C:\Windows\System\crneZhO.exe
  2⤵
  PID:2432
- C:\Windows\System\UPspVHy.exe
  C:\Windows\System\UPspVHy.exe
  2⤵
  PID:1072
- C:\Windows\System\pzONnGJ.exe
  C:\Windows\System\pzONnGJ.exe
  2⤵
  PID:600
- C:\Windows\System\hsOVoYY.exe
  C:\Windows\System\hsOVoYY.exe
  2⤵
  PID:3048
- C:\Windows\System\aIOLEyq.exe
  C:\Windows\System\aIOLEyq.exe
  2⤵
  PID:2176
- C:\Windows\System\cQENKqS.exe
  C:\Windows\System\cQENKqS.exe
  2⤵
  PID:2668
- C:\Windows\System\duuIgvH.exe
  C:\Windows\System\duuIgvH.exe
  2⤵
  PID:2724
- C:\Windows\System\muQnlKI.exe
  C:\Windows\System\muQnlKI.exe
  2⤵
  PID:1632
- C:\Windows\System\JdpEytP.exe
  C:\Windows\System\JdpEytP.exe
  2⤵
  PID:2956
- C:\Windows\System\YUGzVyq.exe
  C:\Windows\System\YUGzVyq.exe
  2⤵
  PID:2388
- C:\Windows\System\stNvqiG.exe
  C:\Windows\System\stNvqiG.exe
  2⤵
  PID:1648
- C:\Windows\System\zFJONaI.exe
  C:\Windows\System\zFJONaI.exe
  2⤵
  PID:2484
- C:\Windows\System\mCNhiat.exe
  C:\Windows\System\mCNhiat.exe
  2⤵
  PID:1424
- C:\Windows\System\JLBGSsf.exe
  C:\Windows\System\JLBGSsf.exe
  2⤵
  PID:1604
- C:\Windows\System\xPmnwet.exe
  C:\Windows\System\xPmnwet.exe
  2⤵
  PID:1440
- C:\Windows\System\jbFCGVN.exe
  C:\Windows\System\jbFCGVN.exe
  2⤵
  PID:2872
- C:\Windows\System\nnvtevH.exe
  C:\Windows\System\nnvtevH.exe
  2⤵
  PID:2812
- C:\Windows\System\WWwkCTm.exe
  C:\Windows\System\WWwkCTm.exe
  2⤵
  PID:2340
- C:\Windows\System\xxKjTDt.exe
  C:\Windows\System\xxKjTDt.exe
  2⤵
  PID:1744
- C:\Windows\System\YKEbSOu.exe
  C:\Windows\System\YKEbSOu.exe
  2⤵
  PID:1996
- C:\Windows\System\NbaWVGW.exe
  C:\Windows\System\NbaWVGW.exe
  2⤵
  PID:2924
- C:\Windows\System\HTzAVwL.exe
  C:\Windows\System\HTzAVwL.exe
  2⤵
  PID:2344
- C:\Windows\System\LUlmcrW.exe
  C:\Windows\System\LUlmcrW.exe
  2⤵
  PID:1944
- C:\Windows\System\sADJuxM.exe
  C:\Windows\System\sADJuxM.exe
  2⤵
  PID:932
- C:\Windows\System\pRiGwXq.exe
  C:\Windows\System\pRiGwXq.exe
  2⤵
  PID:892
- C:\Windows\System\rakhdQh.exe
  C:\Windows\System\rakhdQh.exe
  2⤵
  PID:1792
- C:\Windows\System\uhuTDSA.exe
  C:\Windows\System\uhuTDSA.exe
  2⤵
  PID:2036
- C:\Windows\System\hGmYzeN.exe
  C:\Windows\System\hGmYzeN.exe
  2⤵
  PID:2964
- C:\Windows\System\SVuUTIL.exe
  C:\Windows\System\SVuUTIL.exe
  2⤵
  PID:2568
- C:\Windows\System\PcWRgfm.exe
  C:\Windows\System\PcWRgfm.exe
  2⤵
  PID:2012
- C:\Windows\System\wIkDuTc.exe
  C:\Windows\System\wIkDuTc.exe
  2⤵
  PID:2160
- C:\Windows\System\rBkcoSt.exe
  C:\Windows\System\rBkcoSt.exe
  2⤵
  PID:2660
- C:\Windows\System\sLeEBdz.exe
  C:\Windows\System\sLeEBdz.exe
  2⤵
  PID:2908
- C:\Windows\System\ZMbrtiv.exe
  C:\Windows\System\ZMbrtiv.exe
  2⤵
  PID:2316
- C:\Windows\System\pyGEkUX.exe
  C:\Windows\System\pyGEkUX.exe
  2⤵
  PID:2356
- C:\Windows\System\vaOyucc.exe
  C:\Windows\System\vaOyucc.exe
  2⤵
  PID:2556
- C:\Windows\System\cIosmqj.exe
  C:\Windows\System\cIosmqj.exe
  2⤵
  PID:692
- C:\Windows\System\PsNEhVm.exe
  C:\Windows\System\PsNEhVm.exe
  2⤵
  PID:2840
- C:\Windows\System\VTICEqH.exe
  C:\Windows\System\VTICEqH.exe
  2⤵
  PID:2652
- C:\Windows\System\JMuFiXH.exe
  C:\Windows\System\JMuFiXH.exe
  2⤵
  PID:1320
- C:\Windows\System\pkKrbpY.exe
  C:\Windows\System\pkKrbpY.exe
  2⤵
  PID:2836
- C:\Windows\System\jJcuyTy.exe
  C:\Windows\System\jJcuyTy.exe
  2⤵
  PID:1556
- C:\Windows\System\SlqRHPp.exe
  C:\Windows\System\SlqRHPp.exe
  2⤵
  PID:2200
- C:\Windows\System\aocSYaX.exe
  C:\Windows\System\aocSYaX.exe
  2⤵
  PID:1312
- C:\Windows\System\IbTbDyu.exe
  C:\Windows\System\IbTbDyu.exe
  2⤵
  PID:1952
- C:\Windows\System\Jyxjrfs.exe
  C:\Windows\System\Jyxjrfs.exe
  2⤵
  PID:1808
- C:\Windows\System\tHhgJNR.exe
  C:\Windows\System\tHhgJNR.exe
  2⤵
  PID:3080
- C:\Windows\System\AjxlYfH.exe
  C:\Windows\System\AjxlYfH.exe
  2⤵
  PID:3100
- C:\Windows\System\qHiHUuJ.exe
  C:\Windows\System\qHiHUuJ.exe
  2⤵
  PID:3120
- C:\Windows\System\tBXxCRb.exe
  C:\Windows\System\tBXxCRb.exe
  2⤵
  PID:3136
- C:\Windows\System\FjjZhZw.exe
  C:\Windows\System\FjjZhZw.exe
  2⤵
  PID:3160
- C:\Windows\System\XLZwrtI.exe
  C:\Windows\System\XLZwrtI.exe
  2⤵
  PID:3180
- C:\Windows\System\bhqNdSm.exe
  C:\Windows\System\bhqNdSm.exe
  2⤵
  PID:3200
- C:\Windows\System\FMAJGen.exe
  C:\Windows\System\FMAJGen.exe
  2⤵
  PID:3220
- C:\Windows\System\JvdIcOc.exe
  C:\Windows\System\JvdIcOc.exe
  2⤵
  PID:3240
- C:\Windows\System\hcNyXCD.exe
  C:\Windows\System\hcNyXCD.exe
  2⤵
  PID:3256
- C:\Windows\System\NMDGDcY.exe
  C:\Windows\System\NMDGDcY.exe
  2⤵
  PID:3280
- C:\Windows\System\QUTGaQK.exe
  C:\Windows\System\QUTGaQK.exe
  2⤵
  PID:3296
- C:\Windows\System\GVUyRSk.exe
  C:\Windows\System\GVUyRSk.exe
  2⤵
  PID:3320
- C:\Windows\System\bgNdlzk.exe
  C:\Windows\System\bgNdlzk.exe
  2⤵
  PID:3340
- C:\Windows\System\FUQVcYQ.exe
  C:\Windows\System\FUQVcYQ.exe
  2⤵
  PID:3360
- C:\Windows\System\ttlnzJG.exe
  C:\Windows\System\ttlnzJG.exe
  2⤵
  PID:3380
- C:\Windows\System\TxAwhCQ.exe
  C:\Windows\System\TxAwhCQ.exe
  2⤵
  PID:3400
- C:\Windows\System\nLumVfp.exe
  C:\Windows\System\nLumVfp.exe
  2⤵
  PID:3416
- C:\Windows\System\YRDXFLy.exe
  C:\Windows\System\YRDXFLy.exe
  2⤵
  PID:3440
- C:\Windows\System\PGzbLBJ.exe
  C:\Windows\System\PGzbLBJ.exe
  2⤵
  PID:3460
- C:\Windows\System\ieHdaev.exe
  C:\Windows\System\ieHdaev.exe
  2⤵
  PID:3480
- C:\Windows\System\qQzKZtP.exe
  C:\Windows\System\qQzKZtP.exe
  2⤵
  PID:3500
- C:\Windows\System\CZPLxtG.exe
  C:\Windows\System\CZPLxtG.exe
  2⤵
  PID:3520
- C:\Windows\System\BkvWBys.exe
  C:\Windows\System\BkvWBys.exe
  2⤵
  PID:3536
- C:\Windows\System\YaCOAXg.exe
  C:\Windows\System\YaCOAXg.exe
  2⤵
  PID:3560
- C:\Windows\System\zdosvjq.exe
  C:\Windows\System\zdosvjq.exe
  2⤵
  PID:3576
- C:\Windows\System\KbJNBUg.exe
  C:\Windows\System\KbJNBUg.exe
  2⤵
  PID:3600
- C:\Windows\System\mppJpbN.exe
  C:\Windows\System\mppJpbN.exe
  2⤵
  PID:3620
- C:\Windows\System\fpcxQwe.exe
  C:\Windows\System\fpcxQwe.exe
  2⤵
  PID:3640
- C:\Windows\System\zljUHsG.exe
  C:\Windows\System\zljUHsG.exe
  2⤵
  PID:3660
- C:\Windows\System\KKbUJzx.exe
  C:\Windows\System\KKbUJzx.exe
  2⤵
  PID:3680
- C:\Windows\System\XesmrMF.exe
  C:\Windows\System\XesmrMF.exe
  2⤵
  PID:3700
- C:\Windows\System\rcbTWps.exe
  C:\Windows\System\rcbTWps.exe
  2⤵
  PID:3720
- C:\Windows\System\iFQAFLn.exe
  C:\Windows\System\iFQAFLn.exe
  2⤵
  PID:3736
- C:\Windows\System\XxdrUgH.exe
  C:\Windows\System\XxdrUgH.exe
  2⤵
  PID:3752
- C:\Windows\System\GwimpKU.exe
  C:\Windows\System\GwimpKU.exe
  2⤵
  PID:3776
- C:\Windows\System\PRYUGyk.exe
  C:\Windows\System\PRYUGyk.exe
  2⤵
  PID:3792
- C:\Windows\System\BhlHCED.exe
  C:\Windows\System\BhlHCED.exe
  2⤵
  PID:3852
- C:\Windows\System\mOFFbzk.exe
  C:\Windows\System\mOFFbzk.exe
  2⤵
  PID:3868
- C:\Windows\System\NbBRFTI.exe
  C:\Windows\System\NbBRFTI.exe
  2⤵
  PID:3884
- C:\Windows\System\IqsyDIu.exe
  C:\Windows\System\IqsyDIu.exe
  2⤵
  PID:3900
- C:\Windows\System\GipBOYd.exe
  C:\Windows\System\GipBOYd.exe
  2⤵
  PID:3916
- C:\Windows\System\oNxtiin.exe
  C:\Windows\System\oNxtiin.exe
  2⤵
  PID:3936
- C:\Windows\System\cfLUMnp.exe
  C:\Windows\System\cfLUMnp.exe
  2⤵
  PID:3952
- C:\Windows\System\rtxiInE.exe
  C:\Windows\System\rtxiInE.exe
  2⤵
  PID:3976
- C:\Windows\System\vbPPwLi.exe
  C:\Windows\System\vbPPwLi.exe
  2⤵
  PID:3992
- C:\Windows\System\zUPOYye.exe
  C:\Windows\System\zUPOYye.exe
  2⤵
  PID:4008
- C:\Windows\System\LQovcfU.exe
  C:\Windows\System\LQovcfU.exe
  2⤵
  PID:4032
- C:\Windows\System\PSkUZeK.exe
  C:\Windows\System\PSkUZeK.exe
  2⤵
  PID:4048
- C:\Windows\System\ztxJVEx.exe
  C:\Windows\System\ztxJVEx.exe
  2⤵
  PID:4064
- C:\Windows\System\joxVaXE.exe
  C:\Windows\System\joxVaXE.exe
  2⤵
  PID:4080
- C:\Windows\System\FzBOdtq.exe
  C:\Windows\System\FzBOdtq.exe
  2⤵
  PID:2628
- C:\Windows\System\oVvZRlF.exe
  C:\Windows\System\oVvZRlF.exe
  2⤵
  PID:2132
- C:\Windows\System\ZdiXkYM.exe
  C:\Windows\System\ZdiXkYM.exe
  2⤵
  PID:3116
- C:\Windows\System\IDXELZB.exe
  C:\Windows\System\IDXELZB.exe
  2⤵
  PID:3144
- C:\Windows\System\MzPBpIY.exe
  C:\Windows\System\MzPBpIY.exe
  2⤵
  PID:3192
- C:\Windows\System\nzQOnta.exe
  C:\Windows\System\nzQOnta.exe
  2⤵
  PID:3172
- C:\Windows\System\TrtLTlV.exe
  C:\Windows\System\TrtLTlV.exe
  2⤵
  PID:3276
- C:\Windows\System\kXShlPj.exe
  C:\Windows\System\kXShlPj.exe
  2⤵
  PID:3268
- C:\Windows\System\wgpPyns.exe
  C:\Windows\System\wgpPyns.exe
  2⤵
  PID:3304
- C:\Windows\System\MzjbiBM.exe
  C:\Windows\System\MzjbiBM.exe
  2⤵
  PID:2284
- C:\Windows\System\whfkpGa.exe
  C:\Windows\System\whfkpGa.exe
  2⤵
  PID:3396
- C:\Windows\System\JfUTEUD.exe
  C:\Windows\System\JfUTEUD.exe
  2⤵
  PID:3376
- C:\Windows\System\NuVNklw.exe
  C:\Windows\System\NuVNklw.exe
  2⤵
  PID:3408
- C:\Windows\System\jUdoABU.exe
  C:\Windows\System\jUdoABU.exe
  2⤵
  PID:3448
- C:\Windows\System\aPmyMzL.exe
  C:\Windows\System\aPmyMzL.exe
  2⤵
  PID:3476
- C:\Windows\System\zxHEqvQ.exe
  C:\Windows\System\zxHEqvQ.exe
  2⤵
  PID:3516
- C:\Windows\System\CsRMUiC.exe
  C:\Windows\System\CsRMUiC.exe
  2⤵
  PID:3544
- C:\Windows\System\ArRLnSI.exe
  C:\Windows\System\ArRLnSI.exe
  2⤵
  PID:3528
- C:\Windows\System\ktlYkyd.exe
  C:\Windows\System\ktlYkyd.exe
  2⤵
  PID:3568
- C:\Windows\System\fGPbuxK.exe
  C:\Windows\System\fGPbuxK.exe
  2⤵
  PID:3632
- C:\Windows\System\MDRHIEp.exe
  C:\Windows\System\MDRHIEp.exe
  2⤵
  PID:2744
- C:\Windows\System\gJxRGtn.exe
  C:\Windows\System\gJxRGtn.exe
  2⤵
  PID:3744
- C:\Windows\System\oGrXGul.exe
  C:\Windows\System\oGrXGul.exe
  2⤵
  PID:3696
- C:\Windows\System\SFvLEWf.exe
  C:\Windows\System\SFvLEWf.exe
  2⤵
  PID:3728
- C:\Windows\System\gnoHpeN.exe
  C:\Windows\System\gnoHpeN.exe
  2⤵
  PID:3760
- C:\Windows\System\fLVwmej.exe
  C:\Windows\System\fLVwmej.exe
  2⤵
  PID:3828
- C:\Windows\System\AWXedLj.exe
  C:\Windows\System\AWXedLj.exe
  2⤵
  PID:2596
- C:\Windows\System\gPRAzbJ.exe
  C:\Windows\System\gPRAzbJ.exe
  2⤵
  PID:3892
- C:\Windows\System\baDKKvi.exe
  C:\Windows\System\baDKKvi.exe
  2⤵
  PID:4000
- C:\Windows\System\DmWMKRG.exe
  C:\Windows\System\DmWMKRG.exe
  2⤵
  PID:1480
- C:\Windows\System\aVBxlwP.exe
  C:\Windows\System\aVBxlwP.exe
  2⤵
  PID:4056
- C:\Windows\System\wWwjTRD.exe
  C:\Windows\System\wWwjTRD.exe
  2⤵
  PID:3944
- C:\Windows\System\gKGDVaV.exe
  C:\Windows\System\gKGDVaV.exe
  2⤵
  PID:3876
- C:\Windows\System\TuJelxO.exe
  C:\Windows\System\TuJelxO.exe
  2⤵
  PID:3096
- C:\Windows\System\EiFzAyP.exe
  C:\Windows\System\EiFzAyP.exe
  2⤵
  PID:3176
- C:\Windows\System\BVItZDD.exe
  C:\Windows\System\BVItZDD.exe
  2⤵
  PID:3312
- C:\Windows\System\chAymNW.exe
  C:\Windows\System\chAymNW.exe
  2⤵
  PID:2920
- C:\Windows\System\IkLYXEF.exe
  C:\Windows\System\IkLYXEF.exe
  2⤵
  PID:3108
- C:\Windows\System\RVXWGad.exe
  C:\Windows\System\RVXWGad.exe
  2⤵
  PID:3188
- C:\Windows\System\ffSWrYN.exe
  C:\Windows\System\ffSWrYN.exe
  2⤵
  PID:3328
- C:\Windows\System\rakUdFK.exe
  C:\Windows\System\rakUdFK.exe
  2⤵
  PID:3252
- C:\Windows\System\lRztzFz.exe
  C:\Windows\System\lRztzFz.exe
  2⤵
  PID:1104
- C:\Windows\System\wXDYzpv.exe
  C:\Windows\System\wXDYzpv.exe
  2⤵
  PID:3628
- C:\Windows\System\FHMoIOr.exe
  C:\Windows\System\FHMoIOr.exe
  2⤵
  PID:3676
- C:\Windows\System\daEhXQW.exe
  C:\Windows\System\daEhXQW.exe
  2⤵
  PID:3716
- C:\Windows\System\CMaDWJL.exe
  C:\Windows\System\CMaDWJL.exe
  2⤵
  PID:2704
- C:\Windows\System\oQzLBay.exe
  C:\Windows\System\oQzLBay.exe
  2⤵
  PID:3432
- C:\Windows\System\MeJIjxa.exe
  C:\Windows\System\MeJIjxa.exe
  2⤵
  PID:3388
- C:\Windows\System\tTjBqsY.exe
  C:\Windows\System\tTjBqsY.exe
  2⤵
  PID:2776
- C:\Windows\System\DJieSUV.exe
  C:\Windows\System\DJieSUV.exe
  2⤵
  PID:2784
- C:\Windows\System\xWkvNZr.exe
  C:\Windows\System\xWkvNZr.exe
  2⤵
  PID:4072
- C:\Windows\System\xMstVRn.exe
  C:\Windows\System\xMstVRn.exe
  2⤵
  PID:3964
- C:\Windows\System\gdNqgOJ.exe
  C:\Windows\System\gdNqgOJ.exe
  2⤵
  PID:3784
- C:\Windows\System\WhwxkoL.exe
  C:\Windows\System\WhwxkoL.exe
  2⤵
  PID:4088
- C:\Windows\System\SNnzjdo.exe
  C:\Windows\System\SNnzjdo.exe
  2⤵
  PID:2520
- C:\Windows\System\zfyjSOo.exe
  C:\Windows\System\zfyjSOo.exe
  2⤵
  PID:3212
- C:\Windows\System\kUWrfty.exe
  C:\Windows\System\kUWrfty.exe
  2⤵
  PID:2656
- C:\Windows\System\oMcSGCC.exe
  C:\Windows\System\oMcSGCC.exe
  2⤵
  PID:3356
- C:\Windows\System\WmqtbFr.exe
  C:\Windows\System\WmqtbFr.exe
  2⤵
  PID:3148
- C:\Windows\System\sbrZRzw.exe
  C:\Windows\System\sbrZRzw.exe
  2⤵
  PID:3368
- C:\Windows\System\PGXQbEJ.exe
  C:\Windows\System\PGXQbEJ.exe
  2⤵
  PID:1644
- C:\Windows\System\HGekvtz.exe
  C:\Windows\System\HGekvtz.exe
  2⤵
  PID:2588
- C:\Windows\System\JBpCiTH.exe
  C:\Windows\System\JBpCiTH.exe
  2⤵
  PID:3864
- C:\Windows\System\EPdoxhs.exe
  C:\Windows\System\EPdoxhs.exe
  2⤵
  PID:3688
- C:\Windows\System\gHQOynX.exe
  C:\Windows\System\gHQOynX.exe
  2⤵
  PID:3612
- C:\Windows\System\KIkWjFx.exe
  C:\Windows\System\KIkWjFx.exe
  2⤵
  PID:3960
- C:\Windows\System\zPvXhhb.exe
  C:\Windows\System\zPvXhhb.exe
  2⤵
  PID:4040
- C:\Windows\System\OlmsIZR.exe
  C:\Windows\System\OlmsIZR.exe
  2⤵
  PID:3348
- C:\Windows\System\PzXUgYW.exe
  C:\Windows\System\PzXUgYW.exe
  2⤵
  PID:3168
- C:\Windows\System\AquYJsA.exe
  C:\Windows\System\AquYJsA.exe
  2⤵
  PID:3316
- C:\Windows\System\HrYCgml.exe
  C:\Windows\System\HrYCgml.exe
  2⤵
  PID:3428
- C:\Windows\System\cYczOcd.exe
  C:\Windows\System\cYczOcd.exe
  2⤵
  PID:3468
- C:\Windows\System\Yfekedk.exe
  C:\Windows\System\Yfekedk.exe
  2⤵
  PID:3712
- C:\Windows\System\lpHZZkQ.exe
  C:\Windows\System\lpHZZkQ.exe
  2⤵
  PID:3652
- C:\Windows\System\fgDapJx.exe
  C:\Windows\System\fgDapJx.exe
  2⤵
  PID:1640
- C:\Windows\System\NkGHCwS.exe
  C:\Windows\System\NkGHCwS.exe
  2⤵
  PID:3584
- C:\Windows\System\ujuafDv.exe
  C:\Windows\System\ujuafDv.exe
  2⤵
  PID:3492
- C:\Windows\System\merPaNK.exe
  C:\Windows\System\merPaNK.exe
  2⤵
  PID:4016
- C:\Windows\System\HnrAUeZ.exe
  C:\Windows\System\HnrAUeZ.exe
  2⤵
  PID:2948
- C:\Windows\System\cJCxnIX.exe
  C:\Windows\System\cJCxnIX.exe
  2⤵
  PID:3880
- C:\Windows\System\LSWXrRe.exe
  C:\Windows\System\LSWXrRe.exe
  2⤵
  PID:3788
- C:\Windows\System\BzbqMJi.exe
  C:\Windows\System\BzbqMJi.exe
  2⤵
  PID:2044
- C:\Windows\System\ZdnLNYt.exe
  C:\Windows\System\ZdnLNYt.exe
  2⤵
  PID:4112
- C:\Windows\System\iaEmRHI.exe
  C:\Windows\System\iaEmRHI.exe
  2⤵
  PID:4132
- C:\Windows\System\vIIvMjV.exe
  C:\Windows\System\vIIvMjV.exe
  2⤵
  PID:4152
- C:\Windows\System\UxOCXnR.exe
  C:\Windows\System\UxOCXnR.exe
  2⤵
  PID:4172
- C:\Windows\System\ZJFVdoN.exe
  C:\Windows\System\ZJFVdoN.exe
  2⤵
  PID:4188
- C:\Windows\System\UUJacTJ.exe
  C:\Windows\System\UUJacTJ.exe
  2⤵
  PID:4232
- C:\Windows\System\nSotVXB.exe
  C:\Windows\System\nSotVXB.exe
  2⤵
  PID:4248
- C:\Windows\System\SxSbcQo.exe
  C:\Windows\System\SxSbcQo.exe
  2⤵
  PID:4264
- C:\Windows\System\tnfevyy.exe
  C:\Windows\System\tnfevyy.exe
  2⤵
  PID:4280
- C:\Windows\System\ynVbutL.exe
  C:\Windows\System\ynVbutL.exe
  2⤵
  PID:4296
- C:\Windows\System\ChAdHRp.exe
  C:\Windows\System\ChAdHRp.exe
  2⤵
  PID:4316
- C:\Windows\System\zuaQBUb.exe
  C:\Windows\System\zuaQBUb.exe
  2⤵
  PID:4348
- C:\Windows\System\QLzRPjo.exe
  C:\Windows\System\QLzRPjo.exe
  2⤵
  PID:4364
- C:\Windows\System\MUruQvf.exe
  C:\Windows\System\MUruQvf.exe
  2⤵
  PID:4388
- C:\Windows\System\kaAUAwL.exe
  C:\Windows\System\kaAUAwL.exe
  2⤵
  PID:4416
- C:\Windows\System\yhFYZFz.exe
  C:\Windows\System\yhFYZFz.exe
  2⤵
  PID:4444
- C:\Windows\System\OHZTjSq.exe
  C:\Windows\System\OHZTjSq.exe
  2⤵
  PID:4460
- C:\Windows\System\WulsbbV.exe
  C:\Windows\System\WulsbbV.exe
  2⤵
  PID:4476
- C:\Windows\System\elfuexA.exe
  C:\Windows\System\elfuexA.exe
  2⤵
  PID:4492
- C:\Windows\System\IANoERJ.exe
  C:\Windows\System\IANoERJ.exe
  2⤵
  PID:4524
- C:\Windows\System\ThuNxwK.exe
  C:\Windows\System\ThuNxwK.exe
  2⤵
  PID:4540
- C:\Windows\System\RKFtbXF.exe
  C:\Windows\System\RKFtbXF.exe
  2⤵
  PID:4556
- C:\Windows\System\jfzMWah.exe
  C:\Windows\System\jfzMWah.exe
  2⤵
  PID:4592
- C:\Windows\System\lNNaODK.exe
  C:\Windows\System\lNNaODK.exe
  2⤵
  PID:4616
- C:\Windows\System\JPYPDvc.exe
  C:\Windows\System\JPYPDvc.exe
  2⤵
  PID:4636
- C:\Windows\System\uHRFsjT.exe
  C:\Windows\System\uHRFsjT.exe
  2⤵
  PID:4652
- C:\Windows\System\wBynBxX.exe
  C:\Windows\System\wBynBxX.exe
  2⤵
  PID:4668
- C:\Windows\System\ZWXJdtV.exe
  C:\Windows\System\ZWXJdtV.exe
  2⤵
  PID:4692
- C:\Windows\System\oqSrGXD.exe
  C:\Windows\System\oqSrGXD.exe
  2⤵
  PID:4712
- C:\Windows\System\iVLcyeB.exe
  C:\Windows\System\iVLcyeB.exe
  2⤵
  PID:4728
- C:\Windows\System\zuQRncl.exe
  C:\Windows\System\zuQRncl.exe
  2⤵
  PID:4744
- C:\Windows\System\WBsWeUH.exe
  C:\Windows\System\WBsWeUH.exe
  2⤵
  PID:4760
- C:\Windows\System\bVoNvbL.exe
  C:\Windows\System\bVoNvbL.exe
  2⤵
  PID:4776
- C:\Windows\System\PvuyPWE.exe
  C:\Windows\System\PvuyPWE.exe
  2⤵
  PID:4792
- C:\Windows\System\oFueCxC.exe
  C:\Windows\System\oFueCxC.exe
  2⤵
  PID:4816
- C:\Windows\System\IWOcEBj.exe
  C:\Windows\System\IWOcEBj.exe
  2⤵
  PID:4832
- C:\Windows\System\JjthkUk.exe
  C:\Windows\System\JjthkUk.exe
  2⤵
  PID:4848
- C:\Windows\System\XTYsxhs.exe
  C:\Windows\System\XTYsxhs.exe
  2⤵
  PID:4864
- C:\Windows\System\qlwAbUl.exe
  C:\Windows\System\qlwAbUl.exe
  2⤵
  PID:4880
- C:\Windows\System\GQHrNzd.exe
  C:\Windows\System\GQHrNzd.exe
  2⤵
  PID:4900
- C:\Windows\System\ZcfnNus.exe
  C:\Windows\System\ZcfnNus.exe
  2⤵
  PID:4920
- C:\Windows\System\PTXlbxO.exe
  C:\Windows\System\PTXlbxO.exe
  2⤵
  PID:4940
- C:\Windows\System\Aakosgi.exe
  C:\Windows\System\Aakosgi.exe
  2⤵
  PID:4956
- C:\Windows\System\UxdEgox.exe
  C:\Windows\System\UxdEgox.exe
  2⤵
  PID:4972
- C:\Windows\System\XCSRsqG.exe
  C:\Windows\System\XCSRsqG.exe
  2⤵
  PID:4988
- C:\Windows\System\Rtvnzrk.exe
  C:\Windows\System\Rtvnzrk.exe
  2⤵
  PID:5008
- C:\Windows\System\xnOQbyO.exe
  C:\Windows\System\xnOQbyO.exe
  2⤵
  PID:5084
- C:\Windows\System\SnVJZGD.exe
  C:\Windows\System\SnVJZGD.exe
  2⤵
  PID:5100
- C:\Windows\System\teVSlym.exe
  C:\Windows\System\teVSlym.exe
  2⤵
  PID:5116
- C:\Windows\System\OscKGdi.exe
  C:\Windows\System\OscKGdi.exe
  2⤵
  PID:3812
- C:\Windows\System\KGBvFoD.exe
  C:\Windows\System\KGBvFoD.exe
  2⤵
  PID:448
- C:\Windows\System\DHVCCjK.exe
  C:\Windows\System\DHVCCjK.exe
  2⤵
  PID:3808
- C:\Windows\System\xWLCFRv.exe
  C:\Windows\System\xWLCFRv.exe
  2⤵
  PID:2616
- C:\Windows\System\gQQAiRv.exe
  C:\Windows\System\gQQAiRv.exe
  2⤵
  PID:4144
- C:\Windows\System\LqePXpp.exe
  C:\Windows\System\LqePXpp.exe
  2⤵
  PID:1756
- C:\Windows\System\YvopkSq.exe
  C:\Windows\System\YvopkSq.exe
  2⤵
  PID:2040
- C:\Windows\System\GllTAhH.exe
  C:\Windows\System\GllTAhH.exe
  2⤵
  PID:4160
- C:\Windows\System\gwTccqa.exe
  C:\Windows\System\gwTccqa.exe
  2⤵
  PID:4196
- C:\Windows\System\DjgSVlW.exe
  C:\Windows\System\DjgSVlW.exe
  2⤵
  PID:4224
- C:\Windows\System\ibXhmSM.exe
  C:\Windows\System\ibXhmSM.exe
  2⤵
  PID:4324
- C:\Windows\System\LcbGpLN.exe
  C:\Windows\System\LcbGpLN.exe
  2⤵
  PID:4292
- C:\Windows\System\CXaQvNy.exe
  C:\Windows\System\CXaQvNy.exe
  2⤵
  PID:4344
- C:\Windows\System\WZjIueR.exe
  C:\Windows\System\WZjIueR.exe
  2⤵
  PID:4376
- C:\Windows\System\NvpKTqZ.exe
  C:\Windows\System\NvpKTqZ.exe
  2⤵
  PID:4240
- C:\Windows\System\fDadYqR.exe
  C:\Windows\System\fDadYqR.exe
  2⤵
  PID:4304
- C:\Windows\System\fvsCQGU.exe
  C:\Windows\System\fvsCQGU.exe
  2⤵
  PID:4472
- C:\Windows\System\THgLLOq.exe
  C:\Windows\System\THgLLOq.exe
  2⤵
  PID:4548
- C:\Windows\System\FMlOCqj.exe
  C:\Windows\System\FMlOCqj.exe
  2⤵
  PID:4600
- C:\Windows\System\uYPsNYm.exe
  C:\Windows\System\uYPsNYm.exe
  2⤵
  PID:4484
- C:\Windows\System\eFwRSQT.exe
  C:\Windows\System\eFwRSQT.exe
  2⤵
  PID:4612
- C:\Windows\System\xtUIFJj.exe
  C:\Windows\System\xtUIFJj.exe
  2⤵
  PID:4580
- C:\Windows\System\kzurrUO.exe
  C:\Windows\System\kzurrUO.exe
  2⤵
  PID:4604
- C:\Windows\System\GhhooiY.exe
  C:\Windows\System\GhhooiY.exe
  2⤵
  PID:4644
- C:\Windows\System\GOhojYW.exe
  C:\Windows\System\GOhojYW.exe
  2⤵
  PID:4688
- C:\Windows\System\ueuasMP.exe
  C:\Windows\System\ueuasMP.exe
  2⤵
  PID:4756
- C:\Windows\System\YbMfvDs.exe
  C:\Windows\System\YbMfvDs.exe
  2⤵
  PID:4740
- C:\Windows\System\JOVSlMC.exe
  C:\Windows\System\JOVSlMC.exe
  2⤵
  PID:4800
- C:\Windows\System\WdgknxW.exe
  C:\Windows\System\WdgknxW.exe
  2⤵
  PID:4908
- C:\Windows\System\TCueARv.exe
  C:\Windows\System\TCueARv.exe
  2⤵
  PID:4952
- C:\Windows\System\UYSMmQq.exe
  C:\Windows\System\UYSMmQq.exe
  2⤵
  PID:5000
- C:\Windows\System\RRTSrjo.exe
  C:\Windows\System\RRTSrjo.exe
  2⤵
  PID:4896
- C:\Windows\System\KTdEJpN.exe
  C:\Windows\System\KTdEJpN.exe
  2⤵
  PID:4968
- C:\Windows\System\RzvEsVZ.exe
  C:\Windows\System\RzvEsVZ.exe
  2⤵
  PID:3836
- C:\Windows\System\pSWwIag.exe
  C:\Windows\System\pSWwIag.exe
  2⤵
  PID:4844
- C:\Windows\System\GgMypkZ.exe
  C:\Windows\System\GgMypkZ.exe
  2⤵
  PID:5024
- C:\Windows\System\oGeIuLJ.exe
  C:\Windows\System\oGeIuLJ.exe
  2⤵
  PID:5044
- C:\Windows\System\JYBuLSZ.exe
  C:\Windows\System\JYBuLSZ.exe
  2⤵
  PID:5060
- C:\Windows\System\YZXFigP.exe
  C:\Windows\System\YZXFigP.exe
  2⤵
  PID:5076
- C:\Windows\System\XtvihQE.exe
  C:\Windows\System\XtvihQE.exe
  2⤵
  PID:3272
- C:\Windows\System\mciPACk.exe
  C:\Windows\System\mciPACk.exe
  2⤵
  PID:5108
- C:\Windows\System\IlVtqdT.exe
  C:\Windows\System\IlVtqdT.exe
  2⤵
  PID:2232
- C:\Windows\System\BWNPCCL.exe
  C:\Windows\System\BWNPCCL.exe
  2⤵
  PID:1164
- C:\Windows\System\jJwxznS.exe
  C:\Windows\System\jJwxznS.exe
  2⤵
  PID:4216
- C:\Windows\System\deqTPYb.exe
  C:\Windows\System\deqTPYb.exe
  2⤵
  PID:4424
- C:\Windows\System\HRxrJiA.exe
  C:\Windows\System\HRxrJiA.exe
  2⤵
  PID:4436
- C:\Windows\System\LCZeTGb.exe
  C:\Windows\System\LCZeTGb.exe
  2⤵
  PID:4508
- C:\Windows\System\ZmubEhS.exe
  C:\Windows\System\ZmubEhS.exe
  2⤵
  PID:4184
- C:\Windows\System\EuskWQf.exe
  C:\Windows\System\EuskWQf.exe
  2⤵
  PID:4208
- C:\Windows\System\ZnJdaUu.exe
  C:\Windows\System\ZnJdaUu.exe
  2⤵
  PID:4520
- C:\Windows\System\XqeBeCC.exe
  C:\Windows\System\XqeBeCC.exe
  2⤵
  PID:4408
- C:\Windows\System\zmqNKxK.exe
  C:\Windows\System\zmqNKxK.exe
  2⤵
  PID:4452
- C:\Windows\System\gBIcjpb.exe
  C:\Windows\System\gBIcjpb.exe
  2⤵
  PID:4588
- C:\Windows\System\HuOVUWi.exe
  C:\Windows\System\HuOVUWi.exe
  2⤵
  PID:4360
- C:\Windows\System\EhZekiW.exe
  C:\Windows\System\EhZekiW.exe
  2⤵
  PID:4676
- C:\Windows\System\BQRrWEI.exe
  C:\Windows\System\BQRrWEI.exe
  2⤵
  PID:4680
- C:\Windows\System\MeTHyyv.exe
  C:\Windows\System\MeTHyyv.exe
  2⤵
  PID:4708
- C:\Windows\System\GMLHwUS.exe
  C:\Windows\System\GMLHwUS.exe
  2⤵
  PID:4996
- C:\Windows\System\RZNKbvR.exe
  C:\Windows\System\RZNKbvR.exe
  2⤵
  PID:5040
- C:\Windows\System\WGegSWD.exe
  C:\Windows\System\WGegSWD.exe
  2⤵
  PID:1752
- C:\Windows\System\CoCBIRj.exe
  C:\Windows\System\CoCBIRj.exe
  2⤵
  PID:4892
- C:\Windows\System\JDwixsf.exe
  C:\Windows\System\JDwixsf.exe
  2⤵
  PID:3844
- C:\Windows\System\NbBtkSf.exe
  C:\Windows\System\NbBtkSf.exe
  2⤵
  PID:1524
- C:\Windows\System\xAWVvjM.exe
  C:\Windows\System\xAWVvjM.exe
  2⤵
  PID:4336
- C:\Windows\System\FrmIkKV.exe
  C:\Windows\System\FrmIkKV.exe
  2⤵
  PID:4468
- C:\Windows\System\hHAFIog.exe
  C:\Windows\System\hHAFIog.exe
  2⤵
  PID:1972
- C:\Windows\System\iSOzFSg.exe
  C:\Windows\System\iSOzFSg.exe
  2⤵
  PID:4404
- C:\Windows\System\SCVnUpO.exe
  C:\Windows\System\SCVnUpO.exe
  2⤵
  PID:4724
- C:\Windows\System\dNGUgDV.exe
  C:\Windows\System\dNGUgDV.exe
  2⤵
  PID:3972
- C:\Windows\System\wpeDJfc.exe
  C:\Windows\System\wpeDJfc.exe
  2⤵
  PID:4784
- C:\Windows\System\LdAatGh.exe
  C:\Windows\System\LdAatGh.exe
  2⤵
  PID:4804
- C:\Windows\System\WQRDdJR.exe
  C:\Windows\System\WQRDdJR.exe
  2⤵
  PID:2332
- C:\Windows\System\BZbvKyo.exe
  C:\Windows\System\BZbvKyo.exe
  2⤵
  PID:4124
- C:\Windows\System\NdMtdIw.exe
  C:\Windows\System\NdMtdIw.exe
  2⤵
  PID:5072
- C:\Windows\System\rTEeVWO.exe
  C:\Windows\System\rTEeVWO.exe
  2⤵
  PID:4308
- C:\Windows\System\dwnKHdy.exe
  C:\Windows\System\dwnKHdy.exe
  2⤵
  PID:3800
- C:\Windows\System\xzczdyg.exe
  C:\Windows\System\xzczdyg.exe
  2⤵
  PID:5056
- C:\Windows\System\PovGPNY.exe
  C:\Windows\System\PovGPNY.exe
  2⤵
  PID:4664
- C:\Windows\System\okeTqpG.exe
  C:\Windows\System\okeTqpG.exe
  2⤵
  PID:5052
- C:\Windows\System\dbGfaEE.exe
  C:\Windows\System\dbGfaEE.exe
  2⤵
  PID:4456
- C:\Windows\System\XIsvTsh.exe
  C:\Windows\System\XIsvTsh.exe
  2⤵
  PID:2276
- C:\Windows\System\oAtlUiW.exe
  C:\Windows\System\oAtlUiW.exe
  2⤵
  PID:4608
- C:\Windows\System\WVGhIlQ.exe
  C:\Windows\System\WVGhIlQ.exe
  2⤵
  PID:4628
- C:\Windows\System\FmMcluN.exe
  C:\Windows\System\FmMcluN.exe
  2⤵
  PID:2120
- C:\Windows\System\ZQFjDiF.exe
  C:\Windows\System\ZQFjDiF.exe
  2⤵
  PID:3820
- C:\Windows\System\NwsMSqO.exe
  C:\Windows\System\NwsMSqO.exe
  2⤵
  PID:1684
- C:\Windows\System\ZJasyOy.exe
  C:\Windows\System\ZJasyOy.exe
  2⤵
  PID:2916
- C:\Windows\System\hysOEGS.exe
  C:\Windows\System\hysOEGS.exe
  2⤵
  PID:2412
- C:\Windows\System\ZOVWMSQ.exe
  C:\Windows\System\ZOVWMSQ.exe
  2⤵
  PID:4512
- C:\Windows\System\etFXDGS.exe
  C:\Windows\System\etFXDGS.exe
  2⤵
  PID:4384
- C:\Windows\System\SvYtjmF.exe
  C:\Windows\System\SvYtjmF.exe
  2⤵
  PID:4704
- C:\Windows\System\PADMYjW.exe
  C:\Windows\System\PADMYjW.exe
  2⤵
  PID:2700
- C:\Windows\System\joKuBUO.exe
  C:\Windows\System\joKuBUO.exe
  2⤵
  PID:4168
- C:\Windows\System\YOTdcrA.exe
  C:\Windows\System\YOTdcrA.exe
  2⤵
  PID:4516
- C:\Windows\System\soKgToG.exe
  C:\Windows\System\soKgToG.exe
  2⤵
  PID:4400
- C:\Windows\System\ACKUXET.exe
  C:\Windows\System\ACKUXET.exe
  2⤵
  PID:4020
- C:\Windows\System\wIZiAWX.exe
  C:\Windows\System\wIZiAWX.exe
  2⤵
  PID:4772
- C:\Windows\System\RetCpya.exe
  C:\Windows\System\RetCpya.exe
  2⤵
  PID:1336
- C:\Windows\System\OCEuqXg.exe
  C:\Windows\System\OCEuqXg.exe
  2⤵
  PID:5132
- C:\Windows\System\hoiIuBp.exe
  C:\Windows\System\hoiIuBp.exe
  2⤵
  PID:5148
- C:\Windows\System\fJIFAaA.exe
  C:\Windows\System\fJIFAaA.exe
  2⤵
  PID:5168
- C:\Windows\System\GNGsJXW.exe
  C:\Windows\System\GNGsJXW.exe
  2⤵
  PID:5196
- C:\Windows\System\RldEHXp.exe
  C:\Windows\System\RldEHXp.exe
  2⤵
  PID:5232
- C:\Windows\System\tlYHlWA.exe
  C:\Windows\System\tlYHlWA.exe
  2⤵
  PID:5248
- C:\Windows\System\lADiqTH.exe
  C:\Windows\System\lADiqTH.exe
  2⤵
  PID:5264
- C:\Windows\System\IMKRqhn.exe
  C:\Windows\System\IMKRqhn.exe
  2⤵
  PID:5288
- C:\Windows\System\WElEKWN.exe
  C:\Windows\System\WElEKWN.exe
  2⤵
  PID:5320
- C:\Windows\System\JflTFVe.exe
  C:\Windows\System\JflTFVe.exe
  2⤵
  PID:5336
- C:\Windows\System\kmihTxV.exe
  C:\Windows\System\kmihTxV.exe
  2⤵
  PID:5352
- C:\Windows\System\SgeBfDp.exe
  C:\Windows\System\SgeBfDp.exe
  2⤵
  PID:5380
- C:\Windows\System\XSSkwPN.exe
  C:\Windows\System\XSSkwPN.exe
  2⤵
  PID:5396
- C:\Windows\System\cFuszrC.exe
  C:\Windows\System\cFuszrC.exe
  2⤵
  PID:5416
- C:\Windows\System\PZaYyxT.exe
  C:\Windows\System\PZaYyxT.exe
  2⤵
  PID:5432
- C:\Windows\System\qDlchrC.exe
  C:\Windows\System\qDlchrC.exe
  2⤵
  PID:5452
- C:\Windows\System\WoklTvR.exe
  C:\Windows\System\WoklTvR.exe
  2⤵
  PID:5468
- C:\Windows\System\zJfGlwC.exe
  C:\Windows\System\zJfGlwC.exe
  2⤵
  PID:5484
- C:\Windows\System\FNWwLpn.exe
  C:\Windows\System\FNWwLpn.exe
  2⤵
  PID:5508
- C:\Windows\System\mTvAliY.exe
  C:\Windows\System\mTvAliY.exe
  2⤵
  PID:5524
- C:\Windows\System\YJCdvft.exe
  C:\Windows\System\YJCdvft.exe
  2⤵
  PID:5556
- C:\Windows\System\WRpKpKo.exe
  C:\Windows\System\WRpKpKo.exe
  2⤵
  PID:5572
- C:\Windows\System\lmGxFpJ.exe
  C:\Windows\System\lmGxFpJ.exe
  2⤵
  PID:5596
- C:\Windows\System\pZLGmFa.exe
  C:\Windows\System\pZLGmFa.exe
  2⤵
  PID:5616
- C:\Windows\System\DsYEoHC.exe
  C:\Windows\System\DsYEoHC.exe
  2⤵
  PID:5636
- C:\Windows\System\EjRpNoG.exe
  C:\Windows\System\EjRpNoG.exe
  2⤵
  PID:5668
- C:\Windows\System\RODyjMq.exe
  C:\Windows\System\RODyjMq.exe
  2⤵
  PID:5684
- C:\Windows\System\nnRWMcl.exe
  C:\Windows\System\nnRWMcl.exe
  2⤵
  PID:5700
- C:\Windows\System\feBKDQY.exe
  C:\Windows\System\feBKDQY.exe
  2⤵
  PID:5716
- C:\Windows\System\UQwisMO.exe
  C:\Windows\System\UQwisMO.exe
  2⤵
  PID:5732
- C:\Windows\System\DCYoLpO.exe
  C:\Windows\System\DCYoLpO.exe
  2⤵
  PID:5748
- C:\Windows\System\NCVGLdd.exe
  C:\Windows\System\NCVGLdd.exe
  2⤵
  PID:5764
- C:\Windows\System\qctQnlZ.exe
  C:\Windows\System\qctQnlZ.exe
  2⤵
  PID:5780
- C:\Windows\System\GubhLkX.exe
  C:\Windows\System\GubhLkX.exe
  2⤵
  PID:5796
- C:\Windows\System\HlVTdlO.exe
  C:\Windows\System\HlVTdlO.exe
  2⤵
  PID:5812
- C:\Windows\System\NkOMMgM.exe
  C:\Windows\System\NkOMMgM.exe
  2⤵
  PID:5832
- C:\Windows\System\PPnnBfG.exe
  C:\Windows\System\PPnnBfG.exe
  2⤵
  PID:5848
- C:\Windows\System\vVnKFVT.exe
  C:\Windows\System\vVnKFVT.exe
  2⤵
  PID:5864
- C:\Windows\System\JKEDeBA.exe
  C:\Windows\System\JKEDeBA.exe
  2⤵
  PID:5880
- C:\Windows\System\QUqfQam.exe
  C:\Windows\System\QUqfQam.exe
  2⤵
  PID:5896
- C:\Windows\System\MQODGaX.exe
  C:\Windows\System\MQODGaX.exe
  2⤵
  PID:5916
- C:\Windows\System\mVebBSl.exe
  C:\Windows\System\mVebBSl.exe
  2⤵
  PID:5932
- C:\Windows\System\dGMNiYO.exe
  C:\Windows\System\dGMNiYO.exe
  2⤵
  PID:5948
- C:\Windows\System\vDgZLLu.exe
  C:\Windows\System\vDgZLLu.exe
  2⤵
  PID:5964
- C:\Windows\System\RsfJafY.exe
  C:\Windows\System\RsfJafY.exe
  2⤵
  PID:5980
- C:\Windows\System\wdZbGWz.exe
  C:\Windows\System\wdZbGWz.exe
  2⤵
  PID:5996
- C:\Windows\System\BRjJgMY.exe
  C:\Windows\System\BRjJgMY.exe
  2⤵
  PID:6012
- C:\Windows\System\dIwvIhV.exe
  C:\Windows\System\dIwvIhV.exe
  2⤵
  PID:6028
- C:\Windows\System\cLInIUR.exe
  C:\Windows\System\cLInIUR.exe
  2⤵
  PID:6044
- C:\Windows\System\OhECKHp.exe
  C:\Windows\System\OhECKHp.exe
  2⤵
  PID:6060
- C:\Windows\System\NRTsjAG.exe
  C:\Windows\System\NRTsjAG.exe
  2⤵
  PID:6076
- C:\Windows\System\DQkVYFb.exe
  C:\Windows\System\DQkVYFb.exe
  2⤵
  PID:6092
- C:\Windows\System\kslOver.exe
  C:\Windows\System\kslOver.exe
  2⤵
  PID:6108
- C:\Windows\System\spxHnGQ.exe
  C:\Windows\System\spxHnGQ.exe
  2⤵
  PID:6124
- C:\Windows\System\HWUNNCf.exe
  C:\Windows\System\HWUNNCf.exe
  2⤵
  PID:6140
- C:\Windows\System\ePCrBdL.exe
  C:\Windows\System\ePCrBdL.exe
  2⤵
  PID:4876
- C:\Windows\System\wFdSaKF.exe
  C:\Windows\System\wFdSaKF.exe
  2⤵
  PID:2268
- C:\Windows\System\JfYzvNL.exe
  C:\Windows\System\JfYzvNL.exe
  2⤵
  PID:5164
- C:\Windows\System\qYSmKmt.exe
  C:\Windows\System\qYSmKmt.exe
  2⤵
  PID:5112
- C:\Windows\System\kGsJREb.exe
  C:\Windows\System\kGsJREb.exe
  2⤵
  PID:5180
- C:\Windows\System\zLlGBbE.exe
  C:\Windows\System\zLlGBbE.exe
  2⤵
  PID:5204
- C:\Windows\System\lVHZhSU.exe
  C:\Windows\System\lVHZhSU.exe
  2⤵
  PID:5220
- C:\Windows\System\aVcQnYi.exe
  C:\Windows\System\aVcQnYi.exe
  2⤵
  PID:5260
- C:\Windows\System\WMdWVWi.exe
  C:\Windows\System\WMdWVWi.exe
  2⤵
  PID:5276
- C:\Windows\System\oQXArcX.exe
  C:\Windows\System\oQXArcX.exe
  2⤵
  PID:5300
- C:\Windows\System\eIvqbNy.exe
  C:\Windows\System\eIvqbNy.exe
  2⤵
  PID:5316
- C:\Windows\System\rSgyUCj.exe
  C:\Windows\System\rSgyUCj.exe
  2⤵
  PID:5368
- C:\Windows\System\pOUwISO.exe
  C:\Windows\System\pOUwISO.exe
  2⤵
  PID:5364
- C:\Windows\System\lSuosMJ.exe
  C:\Windows\System\lSuosMJ.exe
  2⤵
  PID:5460
- C:\Windows\System\EYeMEwP.exe
  C:\Windows\System\EYeMEwP.exe
  2⤵
  PID:5532
- C:\Windows\System\mdHqfDn.exe
  C:\Windows\System\mdHqfDn.exe
  2⤵
  PID:5548
- C:\Windows\System\FNVBomr.exe
  C:\Windows\System\FNVBomr.exe
  2⤵
  PID:5588
- C:\Windows\System\MZXANqi.exe
  C:\Windows\System\MZXANqi.exe
  2⤵
  PID:5404
- C:\Windows\System\JSLDbhs.exe
  C:\Windows\System\JSLDbhs.exe
  2⤵
  PID:5448
- C:\Windows\System\crdPtbX.exe
  C:\Windows\System\crdPtbX.exe
  2⤵
  PID:5604
- C:\Windows\System\zjWsGtH.exe
  C:\Windows\System\zjWsGtH.exe
  2⤵
  PID:5676
- C:\Windows\System\qnXLShE.exe
  C:\Windows\System\qnXLShE.exe
  2⤵
  PID:5808
- C:\Windows\System\bbzUhNk.exe
  C:\Windows\System\bbzUhNk.exe
  2⤵
  PID:5792
- C:\Windows\System\JsLFnEx.exe
  C:\Windows\System\JsLFnEx.exe
  2⤵
  PID:5724
- C:\Windows\System\TynJWCZ.exe
  C:\Windows\System\TynJWCZ.exe
  2⤵
  PID:5840
- C:\Windows\System\vrXljFI.exe
  C:\Windows\System\vrXljFI.exe
  2⤵
  PID:5912
- C:\Windows\System\qgTQsKr.exe
  C:\Windows\System\qgTQsKr.exe
  2⤵
  PID:5860
- C:\Windows\System\QctGeYi.exe
  C:\Windows\System\QctGeYi.exe
  2⤵
  PID:5944
- C:\Windows\System\kxxoDoP.exe
  C:\Windows\System\kxxoDoP.exe
  2⤵
  PID:6036
- C:\Windows\System\PFQCojJ.exe
  C:\Windows\System\PFQCojJ.exe
  2⤵
  PID:5960
- C:\Windows\System\DtXxvMv.exe
  C:\Windows\System\DtXxvMv.exe
  2⤵
  PID:6020
- C:\Windows\System\MudRpJF.exe
  C:\Windows\System\MudRpJF.exe
  2⤵
  PID:6056
- C:\Windows\System\gvFHTZS.exe
  C:\Windows\System\gvFHTZS.exe
  2⤵
  PID:5080
- C:\Windows\System\FhgIJyu.exe
  C:\Windows\System\FhgIJyu.exe
  2⤵
  PID:5144
- C:\Windows\System\dwMXBhK.exe
  C:\Windows\System\dwMXBhK.exe
  2⤵
  PID:5256
- C:\Windows\System\MuGylyp.exe
  C:\Windows\System\MuGylyp.exe
  2⤵
  PID:5140
- C:\Windows\System\orKjLyY.exe
  C:\Windows\System\orKjLyY.exe
  2⤵
  PID:5304
- C:\Windows\System\TuUcUQS.exe
  C:\Windows\System\TuUcUQS.exe
  2⤵
  PID:5332
- C:\Windows\System\ZmnLXts.exe
  C:\Windows\System\ZmnLXts.exe
  2⤵
  PID:5424
- C:\Windows\System\ctlxLWM.exe
  C:\Windows\System\ctlxLWM.exe
  2⤵
  PID:5496
- C:\Windows\System\uLLeAla.exe
  C:\Windows\System\uLLeAla.exe
  2⤵
  PID:5520
- C:\Windows\System\qjGfPUB.exe
  C:\Windows\System\qjGfPUB.exe
  2⤵
  PID:5580
- C:\Windows\System\lmYwWtC.exe
  C:\Windows\System\lmYwWtC.exe
  2⤵
  PID:5440
- C:\Windows\System\drVqAbz.exe
  C:\Windows\System\drVqAbz.exe
  2⤵
  PID:5516
- C:\Windows\System\nIFGvmq.exe
  C:\Windows\System\nIFGvmq.exe
  2⤵
  PID:5740
- C:\Windows\System\HGSOHvJ.exe
  C:\Windows\System\HGSOHvJ.exe
  2⤵
  PID:5804
- C:\Windows\System\MxuFLtF.exe
  C:\Windows\System\MxuFLtF.exe
  2⤵
  PID:5696
- C:\Windows\System\ouYzCdB.exe
  C:\Windows\System\ouYzCdB.exe
  2⤵
  PID:5924
- C:\Windows\System\rixcGtz.exe
  C:\Windows\System\rixcGtz.exe
  2⤵
  PID:6072
- C:\Windows\System\xXnmmzU.exe
  C:\Windows\System\xXnmmzU.exe
  2⤵
  PID:6052
- C:\Windows\System\uyeSYNl.exe
  C:\Windows\System\uyeSYNl.exe
  2⤵
  PID:6132
- C:\Windows\System\FuBWyiY.exe
  C:\Windows\System\FuBWyiY.exe
  2⤵
  PID:4948
- C:\Windows\System\WSPFxmJ.exe
  C:\Windows\System\WSPFxmJ.exe
  2⤵
  PID:5228
- C:\Windows\System\lVHdiqk.exe
  C:\Windows\System\lVHdiqk.exe
  2⤵
  PID:5244
- C:\Windows\System\AuRWGpO.exe
  C:\Windows\System\AuRWGpO.exe
  2⤵
  PID:5392
- C:\Windows\System\GqaQYKV.exe
  C:\Windows\System\GqaQYKV.exe
  2⤵
  PID:5176
- C:\Windows\System\vRZEzgh.exe
  C:\Windows\System\vRZEzgh.exe
  2⤵
  PID:5500
- C:\Windows\System\zscsrAy.exe
  C:\Windows\System\zscsrAy.exe
  2⤵
  PID:5708
- C:\Windows\System\SoJwAhv.exe
  C:\Windows\System\SoJwAhv.exe
  2⤵
  PID:5772
- C:\Windows\System\BxPkReH.exe
  C:\Windows\System\BxPkReH.exe
  2⤵
  PID:5788
- C:\Windows\System\JnrAuOZ.exe
  C:\Windows\System\JnrAuOZ.exe
  2⤵
  PID:5728
- C:\Windows\System\SOAJrNi.exe
  C:\Windows\System\SOAJrNi.exe
  2⤵
  PID:6004
- C:\Windows\System\bSAHQKx.exe
  C:\Windows\System\bSAHQKx.exe
  2⤵
  PID:5988
- C:\Windows\System\DqnhXUb.exe
  C:\Windows\System\DqnhXUb.exe
  2⤵
  PID:4108
- C:\Windows\System\AGpyZzF.exe
  C:\Windows\System\AGpyZzF.exe
  2⤵
  PID:5272
- C:\Windows\System\XFEegNV.exe
  C:\Windows\System\XFEegNV.exe
  2⤵
  PID:5876
- C:\Windows\System\xCtsPAi.exe
  C:\Windows\System\xCtsPAi.exe
  2⤵
  PID:5312
- C:\Windows\System\hDweBpb.exe
  C:\Windows\System\hDweBpb.exe
  2⤵
  PID:5476
- C:\Windows\System\eqRHCHU.exe
  C:\Windows\System\eqRHCHU.exe
  2⤵
  PID:6008
- C:\Windows\System\VbFkPsL.exe
  C:\Windows\System\VbFkPsL.exe
  2⤵
  PID:6068
- C:\Windows\System\FSVhOHq.exe
  C:\Windows\System\FSVhOHq.exe
  2⤵
  PID:6152
- C:\Windows\System\VefzvYL.exe
  C:\Windows\System\VefzvYL.exe
  2⤵
  PID:6168
- C:\Windows\System\rIWqnuf.exe
  C:\Windows\System\rIWqnuf.exe
  2⤵
  PID:6184
- C:\Windows\System\TcoBvVN.exe
  C:\Windows\System\TcoBvVN.exe
  2⤵
  PID:6200
- C:\Windows\System\CkFmlPK.exe
  C:\Windows\System\CkFmlPK.exe
  2⤵
  PID:6220
- C:\Windows\System\EpNWnWa.exe
  C:\Windows\System\EpNWnWa.exe
  2⤵
  PID:6236
- C:\Windows\System\rIZcDUb.exe
  C:\Windows\System\rIZcDUb.exe
  2⤵
  PID:6252
- C:\Windows\System\AiPOqHG.exe
  C:\Windows\System\AiPOqHG.exe
  2⤵
  PID:6268
- C:\Windows\System\sYGEiCT.exe
  C:\Windows\System\sYGEiCT.exe
  2⤵
  PID:6288
- C:\Windows\System\yCafCwh.exe
  C:\Windows\System\yCafCwh.exe
  2⤵
  PID:6304
- C:\Windows\System\CsZENnb.exe
  C:\Windows\System\CsZENnb.exe
  2⤵
  PID:6320
- C:\Windows\System\KLmjKDn.exe
  C:\Windows\System\KLmjKDn.exe
  2⤵
  PID:6336
- C:\Windows\System\AZHkTHz.exe
  C:\Windows\System\AZHkTHz.exe
  2⤵
  PID:6352
- C:\Windows\System\QLhjGUh.exe
  C:\Windows\System\QLhjGUh.exe
  2⤵
  PID:6368
- C:\Windows\System\vmRZqmj.exe
  C:\Windows\System\vmRZqmj.exe
  2⤵
  PID:6388
- C:\Windows\System\rHTjtqN.exe
  C:\Windows\System\rHTjtqN.exe
  2⤵
  PID:6404
- C:\Windows\System\DCyzJgb.exe
  C:\Windows\System\DCyzJgb.exe
  2⤵
  PID:6420
- C:\Windows\System\ZHkqshA.exe
  C:\Windows\System\ZHkqshA.exe
  2⤵
  PID:6436
- C:\Windows\System\WCDtauM.exe
  C:\Windows\System\WCDtauM.exe
  2⤵
  PID:6456
- C:\Windows\System\cpDcRmL.exe
  C:\Windows\System\cpDcRmL.exe
  2⤵
  PID:6484
- C:\Windows\System\HLwbwNy.exe
  C:\Windows\System\HLwbwNy.exe
  2⤵
  PID:6504
- C:\Windows\System\eEikMoE.exe
  C:\Windows\System\eEikMoE.exe
  2⤵
  PID:6520
- C:\Windows\System\xGhdZEd.exe
  C:\Windows\System\xGhdZEd.exe
  2⤵
  PID:6536
- C:\Windows\System\UaUoNIf.exe
  C:\Windows\System\UaUoNIf.exe
  2⤵
  PID:6552
- C:\Windows\System\wDGrHWC.exe
  C:\Windows\System\wDGrHWC.exe
  2⤵
  PID:6568
- C:\Windows\System\teQJxgy.exe
  C:\Windows\System\teQJxgy.exe
  2⤵
  PID:6584
- C:\Windows\System\XQpAqCF.exe
  C:\Windows\System\XQpAqCF.exe
  2⤵
  PID:6600
- C:\Windows\System\NcJMcCd.exe
  C:\Windows\System\NcJMcCd.exe
  2⤵
  PID:6616
- C:\Windows\System\dxLiBLc.exe
  C:\Windows\System\dxLiBLc.exe
  2⤵
  PID:6632
- C:\Windows\System\nknWWRT.exe
  C:\Windows\System\nknWWRT.exe
  2⤵
  PID:6648
- C:\Windows\System\UvyNHKS.exe
  C:\Windows\System\UvyNHKS.exe
  2⤵
  PID:6664
- C:\Windows\System\yaXTEav.exe
  C:\Windows\System\yaXTEav.exe
  2⤵
  PID:6680
- C:\Windows\System\autHFfx.exe
  C:\Windows\System\autHFfx.exe
  2⤵
  PID:6696
- C:\Windows\System\fEmDfiw.exe
  C:\Windows\System\fEmDfiw.exe
  2⤵
  PID:6712
- C:\Windows\System\kOrFgyl.exe
  C:\Windows\System\kOrFgyl.exe
  2⤵
  PID:6728
- C:\Windows\System\LpUyGzS.exe
  C:\Windows\System\LpUyGzS.exe
  2⤵
  PID:6744
- C:\Windows\System\qiZFuke.exe
  C:\Windows\System\qiZFuke.exe
  2⤵
  PID:6760
- C:\Windows\System\cbMnzhs.exe
  C:\Windows\System\cbMnzhs.exe
  2⤵
  PID:6776
- C:\Windows\System\hDXCaTW.exe
  C:\Windows\System\hDXCaTW.exe
  2⤵
  PID:6792
- C:\Windows\System\xQtHxVp.exe
  C:\Windows\System\xQtHxVp.exe
  2⤵
  PID:6808
- C:\Windows\System\WnauQlW.exe
  C:\Windows\System\WnauQlW.exe
  2⤵
  PID:6824
- C:\Windows\System\dPnxuUY.exe
  C:\Windows\System\dPnxuUY.exe
  2⤵
  PID:6840
- C:\Windows\System\vDOsmAd.exe
  C:\Windows\System\vDOsmAd.exe
  2⤵
  PID:6856
- C:\Windows\System\sxlZdHx.exe
  C:\Windows\System\sxlZdHx.exe
  2⤵
  PID:6872
- C:\Windows\System\YfspPaA.exe
  C:\Windows\System\YfspPaA.exe
  2⤵
  PID:6888
- C:\Windows\System\pZEiIDp.exe
  C:\Windows\System\pZEiIDp.exe
  2⤵
  PID:6904
- C:\Windows\System\nWPmTwS.exe
  C:\Windows\System\nWPmTwS.exe
  2⤵
  PID:6920
- C:\Windows\System\UaXpTkm.exe
  C:\Windows\System\UaXpTkm.exe
  2⤵
  PID:6936
- C:\Windows\System\MwGxHrU.exe
  C:\Windows\System\MwGxHrU.exe
  2⤵
  PID:6952
- C:\Windows\System\KTVsiCf.exe
  C:\Windows\System\KTVsiCf.exe
  2⤵
  PID:6968
- C:\Windows\System\OdMQgUD.exe
  C:\Windows\System\OdMQgUD.exe
  2⤵
  PID:6984
- C:\Windows\System\mrpQdLO.exe
  C:\Windows\System\mrpQdLO.exe
  2⤵
  PID:7000
- C:\Windows\System\xYkgyub.exe
  C:\Windows\System\xYkgyub.exe
  2⤵
  PID:7016
- C:\Windows\System\mqZvasr.exe
  C:\Windows\System\mqZvasr.exe
  2⤵
  PID:7032
- C:\Windows\System\ZHhvxll.exe
  C:\Windows\System\ZHhvxll.exe
  2⤵
  PID:7048
- C:\Windows\System\zdPCcFz.exe
  C:\Windows\System\zdPCcFz.exe
  2⤵
  PID:7064
- C:\Windows\System\vdQLgGC.exe
  C:\Windows\System\vdQLgGC.exe
  2⤵
  PID:7080
- C:\Windows\System\OiNCeoS.exe
  C:\Windows\System\OiNCeoS.exe
  2⤵
  PID:7096
- C:\Windows\System\GEWosWy.exe
  C:\Windows\System\GEWosWy.exe
  2⤵
  PID:7112
- C:\Windows\System\CXcWYhA.exe
  C:\Windows\System\CXcWYhA.exe
  2⤵
  PID:7128
- C:\Windows\System\sZmawur.exe
  C:\Windows\System\sZmawur.exe
  2⤵
  PID:7144
- C:\Windows\System\BlHVLop.exe
  C:\Windows\System\BlHVLop.exe
  2⤵
  PID:7160
- C:\Windows\System\jKBJEUe.exe
  C:\Windows\System\jKBJEUe.exe
  2⤵
  PID:5664
- C:\Windows\System\lHUQiTc.exe
  C:\Windows\System\lHUQiTc.exe
  2⤵
  PID:5976
- C:\Windows\System\TdhcxwD.exe
  C:\Windows\System\TdhcxwD.exe
  2⤵
  PID:6196
- C:\Windows\System\ATaIATC.exe
  C:\Windows\System\ATaIATC.exe
  2⤵
  PID:6208
- C:\Windows\System\FrVRcze.exe
  C:\Windows\System\FrVRcze.exe
  2⤵
  PID:5904
- C:\Windows\System\uvrBFvv.exe
  C:\Windows\System\uvrBFvv.exe
  2⤵
  PID:6148
- C:\Windows\System\QIlPLon.exe
  C:\Windows\System\QIlPLon.exe
  2⤵
  PID:6260
- C:\Windows\System\NShdMKs.exe
  C:\Windows\System\NShdMKs.exe
  2⤵
  PID:6328
- C:\Windows\System\cGJyHzR.exe
  C:\Windows\System\cGJyHzR.exe
  2⤵
  PID:6280
- C:\Windows\System\VPERkwx.exe
  C:\Windows\System\VPERkwx.exe
  2⤵
  PID:6364
- C:\Windows\System\UDfHzRp.exe
  C:\Windows\System\UDfHzRp.exe
  2⤵
  PID:6376
- C:\Windows\System\gzOaVcR.exe
  C:\Windows\System\gzOaVcR.exe
  2⤵
  PID:6428
- C:\Windows\System\saniAIt.exe
  C:\Windows\System\saniAIt.exe
  2⤵
  PID:6464
- C:\Windows\System\MAvJycb.exe
  C:\Windows\System\MAvJycb.exe
  2⤵
  PID:6448
- C:\Windows\System\RwgCePk.exe
  C:\Windows\System\RwgCePk.exe
  2⤵
  PID:6476
- C:\Windows\System\VceLlua.exe
  C:\Windows\System\VceLlua.exe
  2⤵
  PID:4964
- C:\Windows\System\SqwnCkR.exe
  C:\Windows\System\SqwnCkR.exe
  2⤵
  PID:6544
- C:\Windows\System\TEHQMIL.exe
  C:\Windows\System\TEHQMIL.exe
  2⤵
  PID:6608
- C:\Windows\System\YsqRMCN.exe
  C:\Windows\System\YsqRMCN.exe
  2⤵
  PID:6704
- C:\Windows\System\waFZmwJ.exe
  C:\Windows\System\waFZmwJ.exe
  2⤵
  PID:6528
- C:\Windows\System\pBwFVmH.exe
  C:\Windows\System\pBwFVmH.exe
  2⤵
  PID:6772
- C:\Windows\System\xqVdWDh.exe
  C:\Windows\System\xqVdWDh.exe
  2⤵
  PID:6836
- C:\Windows\System\LmPzZjq.exe
  C:\Windows\System\LmPzZjq.exe
  2⤵
  PID:6784
- C:\Windows\System\FLJhwUz.exe
  C:\Windows\System\FLJhwUz.exe
  2⤵
  PID:6852
- C:\Windows\System\MYyzMKM.exe
  C:\Windows\System\MYyzMKM.exe
  2⤵
  PID:6916
- C:\Windows\System\IPpnCsG.exe
  C:\Windows\System\IPpnCsG.exe
  2⤵
  PID:6900
- C:\Windows\System\TknPigh.exe
  C:\Windows\System\TknPigh.exe
  2⤵
  PID:6960
- C:\Windows\System\xeyTSeV.exe
  C:\Windows\System\xeyTSeV.exe
  2⤵
  PID:6980
- C:\Windows\System\nOSYlXU.exe
  C:\Windows\System\nOSYlXU.exe
  2⤵
  PID:7012
- C:\Windows\System\IpYLRih.exe
  C:\Windows\System\IpYLRih.exe
  2⤵
  PID:7120
- C:\Windows\System\HaSKSIT.exe
  C:\Windows\System\HaSKSIT.exe
  2⤵
  PID:5624
- C:\Windows\System\nMtElQt.exe
  C:\Windows\System\nMtElQt.exe
  2⤵
  PID:4272
- C:\Windows\System\DoKszwc.exe
  C:\Windows\System\DoKszwc.exe
  2⤵
  PID:7104
- C:\Windows\System\wGWLaqp.exe
  C:\Windows\System\wGWLaqp.exe
  2⤵
  PID:6120
- C:\Windows\System\QcjCSgS.exe
  C:\Windows\System\QcjCSgS.exe
  2⤵
  PID:2936
- C:\Windows\System\cnOCkUG.exe
  C:\Windows\System\cnOCkUG.exe
  2⤵
  PID:6228
- C:\Windows\System\ubFMaal.exe
  C:\Windows\System\ubFMaal.exe
  2⤵
  PID:2864
- C:\Windows\System\RgHPEDK.exe
  C:\Windows\System\RgHPEDK.exe
  2⤵
  PID:6344
- C:\Windows\System\afOmDto.exe
  C:\Windows\System\afOmDto.exe
  2⤵
  PID:3496
- C:\Windows\System\LpAgnrE.exe
  C:\Windows\System\LpAgnrE.exe
  2⤵
  PID:6580
- C:\Windows\System\QbauLSk.exe
  C:\Windows\System\QbauLSk.exe
  2⤵
  PID:6516
- C:\Windows\System\prAocqn.exe
  C:\Windows\System\prAocqn.exe
  2⤵
  PID:6672
- C:\Windows\System\xWZnERi.exe
  C:\Windows\System\xWZnERi.exe
  2⤵
  PID:6624
- C:\Windows\System\dxKxAow.exe
  C:\Windows\System\dxKxAow.exe
  2⤵
  PID:6692
- C:\Windows\System\HpFYZnd.exe
  C:\Windows\System\HpFYZnd.exe
  2⤵
  PID:6596
- C:\Windows\System\zQcPqQN.exe
  C:\Windows\System\zQcPqQN.exe
  2⤵
  PID:6804
- C:\Windows\System\dQnxPhT.exe
  C:\Windows\System\dQnxPhT.exe
  2⤵
  PID:6816
- C:\Windows\System\LpgNhhe.exe
  C:\Windows\System\LpgNhhe.exe
  2⤵
  PID:6948
- C:\Windows\System\vJqkdjk.exe
  C:\Windows\System\vJqkdjk.exe
  2⤵
  PID:6848
- C:\Windows\System\pfbfVPF.exe
  C:\Windows\System\pfbfVPF.exe
  2⤵
  PID:6896
- C:\Windows\System\VVmzoaS.exe
  C:\Windows\System\VVmzoaS.exe
  2⤵
  PID:5444
- C:\Windows\System\oxXyUcb.exe
  C:\Windows\System\oxXyUcb.exe
  2⤵
  PID:7088
- C:\Windows\System\JTcrEve.exe
  C:\Windows\System\JTcrEve.exe
  2⤵
  PID:7140
- C:\Windows\System\tEIIhHC.exe
  C:\Windows\System\tEIIhHC.exe
  2⤵
  PID:6316
- C:\Windows\System\CzgVRZw.exe
  C:\Windows\System\CzgVRZw.exe
  2⤵
  PID:7008
- C:\Windows\System\YeNJFej.exe
  C:\Windows\System\YeNJFej.exe
  2⤵
  PID:7156
- C:\Windows\System\nGfoYGr.exe
  C:\Windows\System\nGfoYGr.exe
  2⤵
  PID:6300
- C:\Windows\System\GvmTikV.exe
  C:\Windows\System\GvmTikV.exe
  2⤵
  PID:6576
- C:\Windows\System\cblhiOz.exe
  C:\Windows\System\cblhiOz.exe
  2⤵
  PID:6688
- C:\Windows\System\LCbsyeB.exe
  C:\Windows\System\LCbsyeB.exe
  2⤵
  PID:6412
- C:\Windows\System\kMsixNr.exe
  C:\Windows\System\kMsixNr.exe
  2⤵
  PID:6720
- C:\Windows\System\jDuQzFH.exe
  C:\Windows\System\jDuQzFH.exe
  2⤵
  PID:6880
- C:\Windows\System\agSsZZl.exe
  C:\Windows\System\agSsZZl.exe
  2⤵
  PID:6360
- C:\Windows\System\NggTgGv.exe
  C:\Windows\System\NggTgGv.exe
  2⤵
  PID:5376
- C:\Windows\System\THpRHUC.exe
  C:\Windows\System\THpRHUC.exe
  2⤵
  PID:6212
- C:\Windows\System\UzGleJr.exe
  C:\Windows\System\UzGleJr.exe
  2⤵
  PID:1856
- C:\Windows\System\pjHLfGk.exe
  C:\Windows\System\pjHLfGk.exe
  2⤵
  PID:7076
- C:\Windows\System\dpcWxUu.exe
  C:\Windows\System\dpcWxUu.exe
  2⤵
  PID:6444
- C:\Windows\System\HnyPccy.exe
  C:\Windows\System\HnyPccy.exe
  2⤵
  PID:6676
- C:\Windows\System\GMUcaUV.exe
  C:\Windows\System\GMUcaUV.exe
  2⤵
  PID:6932
- C:\Windows\System\NRaVyim.exe
  C:\Windows\System\NRaVyim.exe
  2⤵
  PID:6492
- C:\Windows\System\WRhfYaG.exe
  C:\Windows\System\WRhfYaG.exe
  2⤵
  PID:6400
- C:\Windows\System\vLZdYxN.exe
  C:\Windows\System\vLZdYxN.exe
  2⤵
  PID:6660
- C:\Windows\System\lAYELLm.exe
  C:\Windows\System\lAYELLm.exe
  2⤵
  PID:6976
- C:\Windows\System\VISNmbg.exe
  C:\Windows\System\VISNmbg.exe
  2⤵
  PID:2852
- C:\Windows\System\ioxBUxy.exe
  C:\Windows\System\ioxBUxy.exe
  2⤵
  PID:6560
- C:\Windows\System\zJyzPZk.exe
  C:\Windows\System\zJyzPZk.exe
  2⤵
  PID:7176
- C:\Windows\System\zTNuNtH.exe
  C:\Windows\System\zTNuNtH.exe
  2⤵
  PID:7192
- C:\Windows\System\GfIRDRG.exe
  C:\Windows\System\GfIRDRG.exe
  2⤵
  PID:7208
- C:\Windows\System\yAaagwy.exe
  C:\Windows\System\yAaagwy.exe
  2⤵
  PID:7224
- C:\Windows\System\jlDmPBE.exe
  C:\Windows\System\jlDmPBE.exe
  2⤵
  PID:7240
- C:\Windows\System\hdCOUVE.exe
  C:\Windows\System\hdCOUVE.exe
  2⤵
  PID:7256
- C:\Windows\System\xkEWuhy.exe
  C:\Windows\System\xkEWuhy.exe
  2⤵
  PID:7272
- C:\Windows\System\CaddMVo.exe
  C:\Windows\System\CaddMVo.exe
  2⤵
  PID:7288
- C:\Windows\System\cGzYeZB.exe
  C:\Windows\System\cGzYeZB.exe
  2⤵
  PID:7304
- C:\Windows\System\bUVyitO.exe
  C:\Windows\System\bUVyitO.exe
  2⤵
  PID:7320
- C:\Windows\System\iuvFGjU.exe
  C:\Windows\System\iuvFGjU.exe
  2⤵
  PID:7336
- C:\Windows\System\JsBZnhg.exe
  C:\Windows\System\JsBZnhg.exe
  2⤵
  PID:7352
- C:\Windows\System\KquiMKM.exe
  C:\Windows\System\KquiMKM.exe
  2⤵
  PID:7368
- C:\Windows\System\Oztbtir.exe
  C:\Windows\System\Oztbtir.exe
  2⤵
  PID:7384
- C:\Windows\System\OuyHoDf.exe
  C:\Windows\System\OuyHoDf.exe
  2⤵
  PID:7400
- C:\Windows\System\sGgakRi.exe
  C:\Windows\System\sGgakRi.exe
  2⤵
  PID:7416
- C:\Windows\System\ETdSloW.exe
  C:\Windows\System\ETdSloW.exe
  2⤵
  PID:7432
- C:\Windows\System\RIhxOKY.exe
  C:\Windows\System\RIhxOKY.exe
  2⤵
  PID:7448
- C:\Windows\System\obIAgTs.exe
  C:\Windows\System\obIAgTs.exe
  2⤵
  PID:7480
- C:\Windows\System\AHECbjH.exe
  C:\Windows\System\AHECbjH.exe
  2⤵
  PID:7504
- C:\Windows\System\EgSMkAN.exe
  C:\Windows\System\EgSMkAN.exe
  2⤵
  PID:7520
- C:\Windows\System\gewpwYQ.exe
  C:\Windows\System\gewpwYQ.exe
  2⤵
  PID:7544
- C:\Windows\System\qIwcJaj.exe
  C:\Windows\System\qIwcJaj.exe
  2⤵
  PID:7560
- C:\Windows\System\VjCzSbJ.exe
  C:\Windows\System\VjCzSbJ.exe
  2⤵
  PID:7576
- C:\Windows\System\pSMZnHg.exe
  C:\Windows\System\pSMZnHg.exe
  2⤵
  PID:7592
- C:\Windows\System\LiggUjZ.exe
  C:\Windows\System\LiggUjZ.exe
  2⤵
  PID:7608
- C:\Windows\System\MzyJcZg.exe
  C:\Windows\System\MzyJcZg.exe
  2⤵
  PID:7624
- C:\Windows\System\DWdXXpI.exe
  C:\Windows\System\DWdXXpI.exe
  2⤵
  PID:7640
- C:\Windows\System\rLQYjiX.exe
  C:\Windows\System\rLQYjiX.exe
  2⤵
  PID:7656
- C:\Windows\System\oWamLMf.exe
  C:\Windows\System\oWamLMf.exe
  2⤵
  PID:7672
- C:\Windows\System\kkRqLma.exe
  C:\Windows\System\kkRqLma.exe
  2⤵
  PID:7688
- C:\Windows\System\XKRBmva.exe
  C:\Windows\System\XKRBmva.exe
  2⤵
  PID:7704
- C:\Windows\System\YZtHGim.exe
  C:\Windows\System\YZtHGim.exe
  2⤵
  PID:7732
- C:\Windows\System\uaJDGdR.exe
  C:\Windows\System\uaJDGdR.exe
  2⤵
  PID:7764
- C:\Windows\System\wplrgfZ.exe
  C:\Windows\System\wplrgfZ.exe
  2⤵
  PID:7784
- C:\Windows\System\gcOwBfS.exe
  C:\Windows\System\gcOwBfS.exe
  2⤵
  PID:7800
- C:\Windows\System\altsQlw.exe
  C:\Windows\System\altsQlw.exe
  2⤵
  PID:7816
- C:\Windows\System\VEOBbhe.exe
  C:\Windows\System\VEOBbhe.exe
  2⤵
  PID:7836
- C:\Windows\System\nQDIOQb.exe
  C:\Windows\System\nQDIOQb.exe
  2⤵
  PID:7852
- C:\Windows\System\xeZkHAF.exe
  C:\Windows\System\xeZkHAF.exe
  2⤵
  PID:7868
- C:\Windows\System\xjOiXfk.exe
  C:\Windows\System\xjOiXfk.exe
  2⤵
  PID:7884
- C:\Windows\System\WgtiQKK.exe
  C:\Windows\System\WgtiQKK.exe
  2⤵
  PID:7900
- C:\Windows\System\mSfLkdb.exe
  C:\Windows\System\mSfLkdb.exe
  2⤵
  PID:7916
- C:\Windows\System\eoqDrwr.exe
  C:\Windows\System\eoqDrwr.exe
  2⤵
  PID:7932
- C:\Windows\System\YuNuQqD.exe
  C:\Windows\System\YuNuQqD.exe
  2⤵
  PID:7956
- C:\Windows\System\QCbWpRB.exe
  C:\Windows\System\QCbWpRB.exe
  2⤵
  PID:7984
- C:\Windows\System\FiRCLzz.exe
  C:\Windows\System\FiRCLzz.exe
  2⤵
  PID:8000
- C:\Windows\System\rmFEyKv.exe
  C:\Windows\System\rmFEyKv.exe
  2⤵
  PID:8036
- C:\Windows\System\vurGRMT.exe
  C:\Windows\System\vurGRMT.exe
  2⤵
  PID:8076
- C:\Windows\System\XVauBpa.exe
  C:\Windows\System\XVauBpa.exe
  2⤵
  PID:8096
- C:\Windows\System\KPSQLXB.exe
  C:\Windows\System\KPSQLXB.exe
  2⤵
  PID:8116
- C:\Windows\System\ypaYTOs.exe
  C:\Windows\System\ypaYTOs.exe
  2⤵
  PID:8132
- C:\Windows\System\dwVNGVP.exe
  C:\Windows\System\dwVNGVP.exe
  2⤵
  PID:8148
- C:\Windows\System\lrMfvYM.exe
  C:\Windows\System\lrMfvYM.exe
  2⤵
  PID:8164
- C:\Windows\System\QKOBIIo.exe
  C:\Windows\System\QKOBIIo.exe
  2⤵
  PID:8184
- C:\Windows\System\YqSxDzQ.exe
  C:\Windows\System\YqSxDzQ.exe
  2⤵
  PID:7188
- C:\Windows\System\aZcYOwd.exe
  C:\Windows\System\aZcYOwd.exe
  2⤵
  PID:7220
- C:\Windows\System\nPaWmyf.exe
  C:\Windows\System\nPaWmyf.exe
  2⤵
  PID:7252
- C:\Windows\System\phmBqeK.exe
  C:\Windows\System\phmBqeK.exe
  2⤵
  PID:7316
- C:\Windows\System\JrgYTfg.exe
  C:\Windows\System\JrgYTfg.exe
  2⤵
  PID:7264
- C:\Windows\System\NplhxpH.exe
  C:\Windows\System\NplhxpH.exe
  2⤵
  PID:7300
- C:\Windows\System\HJoFDcY.exe
  C:\Windows\System\HJoFDcY.exe
  2⤵
  PID:7408
- C:\Windows\System\vvbWDJK.exe
  C:\Windows\System\vvbWDJK.exe
  2⤵
  PID:7424
- C:\Windows\System\JFTqgdt.exe
  C:\Windows\System\JFTqgdt.exe
  2⤵
  PID:7396
- C:\Windows\System\OGHHTyu.exe
  C:\Windows\System\OGHHTyu.exe
  2⤵
  PID:7496
- C:\Windows\System\bfpbqKP.exe
  C:\Windows\System\bfpbqKP.exe
  2⤵
  PID:7468
- C:\Windows\System\wGgBcST.exe
  C:\Windows\System\wGgBcST.exe
  2⤵
  PID:7532
- C:\Windows\System\JyinIaD.exe
  C:\Windows\System\JyinIaD.exe
  2⤵
  PID:7572
- C:\Windows\System\HFKmZUt.exe
  C:\Windows\System\HFKmZUt.exe
  2⤵
  PID:7636
- C:\Windows\System\vfZVpMp.exe
  C:\Windows\System\vfZVpMp.exe
  2⤵
  PID:7700
- C:\Windows\System\vOUbKUU.exe
  C:\Windows\System\vOUbKUU.exe
  2⤵
  PID:7740
- C:\Windows\System\eFJmflI.exe
  C:\Windows\System\eFJmflI.exe
  2⤵
  PID:7512
- C:\Windows\System\UxkWOJH.exe
  C:\Windows\System\UxkWOJH.exe
  2⤵
  PID:7720
- C:\Windows\System\ugXTgPs.exe
  C:\Windows\System\ugXTgPs.exe
  2⤵
  PID:7684
- C:\Windows\System\fFeXYhI.exe
  C:\Windows\System\fFeXYhI.exe
  2⤵
  PID:7748
- C:\Windows\System\OzjoUBm.exe
  C:\Windows\System\OzjoUBm.exe
  2⤵
  PID:7772
- C:\Windows\System\XwCPUZf.exe
  C:\Windows\System\XwCPUZf.exe
  2⤵
  PID:7796
- C:\Windows\System\IYNsLyO.exe
  C:\Windows\System\IYNsLyO.exe
  2⤵
  PID:7924
- C:\Windows\System\eyeaMFt.exe
  C:\Windows\System\eyeaMFt.exe
  2⤵
  PID:7896
- C:\Windows\System\xyhGaCE.exe
  C:\Windows\System\xyhGaCE.exe
  2⤵
  PID:7908
- C:\Windows\System\WqSNZJc.exe
  C:\Windows\System\WqSNZJc.exe
  2⤵
  PID:7808
- C:\Windows\System\GajzYme.exe
  C:\Windows\System\GajzYme.exe
  2⤵
  PID:7948
- C:\Windows\System\zgxCaIz.exe
  C:\Windows\System\zgxCaIz.exe
  2⤵
  PID:7976
- C:\Windows\System\FvqSTGE.exe
  C:\Windows\System\FvqSTGE.exe
  2⤵
  PID:8012
- C:\Windows\System\fBilivj.exe
  C:\Windows\System\fBilivj.exe
  2⤵
  PID:8024
- C:\Windows\System\PKmUbJt.exe
  C:\Windows\System\PKmUbJt.exe
  2⤵
  PID:8088
- C:\Windows\System\xbqNLIf.exe
  C:\Windows\System\xbqNLIf.exe
  2⤵
  PID:8128
- C:\Windows\System\onCYQlh.exe
  C:\Windows\System\onCYQlh.exe
  2⤵
  PID:8064
- C:\Windows\System\YspmSkX.exe
  C:\Windows\System\YspmSkX.exe
  2⤵
  PID:8180
- C:\Windows\System\KuHwnGB.exe
  C:\Windows\System\KuHwnGB.exe
  2⤵
  PID:8068
- C:\Windows\System\lQmtmuV.exe
  C:\Windows\System\lQmtmuV.exe
  2⤵
  PID:8144
- C:\Windows\System\cwlChPb.exe
  C:\Windows\System\cwlChPb.exe
  2⤵
  PID:8176
- C:\Windows\System\IHtuxhH.exe
  C:\Windows\System\IHtuxhH.exe
  2⤵
  PID:7284
- C:\Windows\System\apDenAw.exe
  C:\Windows\System\apDenAw.exe
  2⤵
  PID:7268
- C:\Windows\System\osaxIyS.exe
  C:\Windows\System\osaxIyS.exe
  2⤵
  PID:7360
- C:\Windows\System\sXXucwC.exe
  C:\Windows\System\sXXucwC.exe
  2⤵
  PID:7328
- C:\Windows\System\CAfUahm.exe
  C:\Windows\System\CAfUahm.exe
  2⤵
  PID:7500
- C:\Windows\System\LqsXEys.exe
  C:\Windows\System\LqsXEys.exe
  2⤵
  PID:7476
- C:\Windows\System\umyCGeE.exe
  C:\Windows\System\umyCGeE.exe
  2⤵
  PID:7604
- C:\Windows\System\TRChfND.exe
  C:\Windows\System\TRChfND.exe
  2⤵
  PID:7588
- C:\Windows\System\LtjMclC.exe
  C:\Windows\System\LtjMclC.exe
  2⤵
  PID:7756
- C:\Windows\System\LBtVStl.exe
  C:\Windows\System\LBtVStl.exe
  2⤵
  PID:7828
- C:\Windows\System\xBlwIfM.exe
  C:\Windows\System\xBlwIfM.exe
  2⤵
  PID:7848
- C:\Windows\System\JoLMCnM.exe
  C:\Windows\System\JoLMCnM.exe
  2⤵
  PID:7716
- C:\Windows\System\yZRfUTG.exe
  C:\Windows\System\yZRfUTG.exe
  2⤵
  PID:7864
- C:\Windows\System\zNPQmGR.exe
  C:\Windows\System\zNPQmGR.exe
  2⤵
  PID:8028
- C:\Windows\System\xeqSFIz.exe
  C:\Windows\System\xeqSFIz.exe
  2⤵
  PID:7968
- C:\Windows\System\NsEMEri.exe
  C:\Windows\System\NsEMEri.exe
  2⤵
  PID:8124
- C:\Windows\System\EKfZhLA.exe
  C:\Windows\System\EKfZhLA.exe
  2⤵
  PID:8052
- C:\Windows\System\pFFqcYP.exe
  C:\Windows\System\pFFqcYP.exe
  2⤵
  PID:6752
- C:\Windows\System\LDuvLPb.exe
  C:\Windows\System\LDuvLPb.exe
  2⤵
  PID:7204
- C:\Windows\System\Sbahidm.exe
  C:\Windows\System\Sbahidm.exe
  2⤵
  PID:7236
- C:\Windows\System\LmJScTz.exe
  C:\Windows\System\LmJScTz.exe
  2⤵
  PID:8112
- C:\Windows\System\BuHLZVA.exe
  C:\Windows\System\BuHLZVA.exe
  2⤵
  PID:7668
- C:\Windows\System\IKGhVba.exe
  C:\Windows\System\IKGhVba.exe
  2⤵
  PID:7620
- C:\Windows\System\MtKUVth.exe
  C:\Windows\System\MtKUVth.exe
  2⤵
  PID:7728
- C:\Windows\System\igkvexi.exe
  C:\Windows\System\igkvexi.exe
  2⤵
  PID:7792
- C:\Windows\System\lbGiEGK.exe
  C:\Windows\System\lbGiEGK.exe
  2⤵
  PID:8056
- C:\Windows\System\HfzZfGM.exe
  C:\Windows\System\HfzZfGM.exe
  2⤵
  PID:7184
- C:\Windows\System\bkHRSMA.exe
  C:\Windows\System\bkHRSMA.exe
  2⤵
  PID:7568
- C:\Windows\System\iaIELpj.exe
  C:\Windows\System\iaIELpj.exe
  2⤵
  PID:7880
- C:\Windows\System\EzRAIQs.exe
  C:\Windows\System\EzRAIQs.exe
  2⤵
  PID:8200
- C:\Windows\System\ruClqVA.exe
  C:\Windows\System\ruClqVA.exe
  2⤵
  PID:8216
- C:\Windows\System\YyMNIXB.exe
  C:\Windows\System\YyMNIXB.exe
  2⤵
  PID:8232
- C:\Windows\System\VbNnLDL.exe
  C:\Windows\System\VbNnLDL.exe
  2⤵
  PID:8248
- C:\Windows\System\JSwzgYU.exe
  C:\Windows\System\JSwzgYU.exe
  2⤵
  PID:8264
- C:\Windows\System\JEajggY.exe
  C:\Windows\System\JEajggY.exe
  2⤵
  PID:8280
- C:\Windows\System\wvBglXh.exe
  C:\Windows\System\wvBglXh.exe
  2⤵
  PID:8296
- C:\Windows\System\CyWjjDo.exe
  C:\Windows\System\CyWjjDo.exe
  2⤵
  PID:8312
- C:\Windows\System\kKjKCnq.exe
  C:\Windows\System\kKjKCnq.exe
  2⤵
  PID:8328
- C:\Windows\System\aGPaRUB.exe
  C:\Windows\System\aGPaRUB.exe
  2⤵
  PID:8344
- C:\Windows\System\XOxgMcW.exe
  C:\Windows\System\XOxgMcW.exe
  2⤵
  PID:8360
- C:\Windows\System\alkXTpb.exe
  C:\Windows\System\alkXTpb.exe
  2⤵
  PID:8376
- C:\Windows\System\KgwySNh.exe
  C:\Windows\System\KgwySNh.exe
  2⤵
  PID:8392
- C:\Windows\System\BSJOtLl.exe
  C:\Windows\System\BSJOtLl.exe
  2⤵
  PID:8408
- C:\Windows\System\llshPiW.exe
  C:\Windows\System\llshPiW.exe
  2⤵
  PID:8424
- C:\Windows\System\NKKjoRJ.exe
  C:\Windows\System\NKKjoRJ.exe
  2⤵
  PID:8444
- C:\Windows\System\xjeSllt.exe
  C:\Windows\System\xjeSllt.exe
  2⤵
  PID:8460
- C:\Windows\System\PNgnuZt.exe
  C:\Windows\System\PNgnuZt.exe
  2⤵
  PID:8476
- C:\Windows\System\fcamcBj.exe
  C:\Windows\System\fcamcBj.exe
  2⤵
  PID:8492
- C:\Windows\System\OWFoZdC.exe
  C:\Windows\System\OWFoZdC.exe
  2⤵
  PID:8508
- C:\Windows\System\rtICjgT.exe
  C:\Windows\System\rtICjgT.exe
  2⤵
  PID:8524
- C:\Windows\System\qxsAHcn.exe
  C:\Windows\System\qxsAHcn.exe
  2⤵
  PID:8540
- C:\Windows\System\lnCrFuc.exe
  C:\Windows\System\lnCrFuc.exe
  2⤵
  PID:8556
- C:\Windows\System\QvAWLqa.exe
  C:\Windows\System\QvAWLqa.exe
  2⤵
  PID:8572
- C:\Windows\System\kRYfSWE.exe
  C:\Windows\System\kRYfSWE.exe
  2⤵
  PID:8588
- C:\Windows\System\JNneNHj.exe
  C:\Windows\System\JNneNHj.exe
  2⤵
  PID:8604
- C:\Windows\System\fmMiHFR.exe
  C:\Windows\System\fmMiHFR.exe
  2⤵
  PID:8620
- C:\Windows\System\hyNzEvr.exe
  C:\Windows\System\hyNzEvr.exe
  2⤵
  PID:8644
- C:\Windows\System\AeIHOfY.exe
  C:\Windows\System\AeIHOfY.exe
  2⤵
  PID:8712
- C:\Windows\System\FgyZLyb.exe
  C:\Windows\System\FgyZLyb.exe
  2⤵
  PID:8728
- C:\Windows\System\dONXTtc.exe
  C:\Windows\System\dONXTtc.exe
  2⤵
  PID:8744
- C:\Windows\System\oAAWMdC.exe
  C:\Windows\System\oAAWMdC.exe
  2⤵
  PID:8760
- C:\Windows\System\BEQbxeL.exe
  C:\Windows\System\BEQbxeL.exe
  2⤵
  PID:8776
- C:\Windows\System\JIZqdCL.exe
  C:\Windows\System\JIZqdCL.exe
  2⤵
  PID:8800
- C:\Windows\System\BNuQSme.exe
  C:\Windows\System\BNuQSme.exe
  2⤵
  PID:8816
- C:\Windows\System\InPmrSR.exe
  C:\Windows\System\InPmrSR.exe
  2⤵
  PID:8832
- C:\Windows\System\vgJeQTH.exe
  C:\Windows\System\vgJeQTH.exe
  2⤵
  PID:8848
- C:\Windows\System\lORrrnS.exe
  C:\Windows\System\lORrrnS.exe
  2⤵
  PID:8864
- C:\Windows\System\UpBIXHL.exe
  C:\Windows\System\UpBIXHL.exe
  2⤵
  PID:8880
- C:\Windows\System\gtnxxcF.exe
  C:\Windows\System\gtnxxcF.exe
  2⤵
  PID:8896
- C:\Windows\System\HERztLb.exe
  C:\Windows\System\HERztLb.exe
  2⤵
  PID:8912
- C:\Windows\System\jkvOjUd.exe
  C:\Windows\System\jkvOjUd.exe
  2⤵
  PID:8928
- C:\Windows\System\SsfyPIi.exe
  C:\Windows\System\SsfyPIi.exe
  2⤵
  PID:8944
- C:\Windows\System\TgpSVzV.exe
  C:\Windows\System\TgpSVzV.exe
  2⤵
  PID:8960
- C:\Windows\System\cOfuRfx.exe
  C:\Windows\System\cOfuRfx.exe
  2⤵
  PID:8976
- C:\Windows\System\AUdfImp.exe
  C:\Windows\System\AUdfImp.exe
  2⤵
  PID:8992
- C:\Windows\System\PGEZCvo.exe
  C:\Windows\System\PGEZCvo.exe
  2⤵
  PID:9008
- C:\Windows\System\LhyQMTD.exe
  C:\Windows\System\LhyQMTD.exe
  2⤵
  PID:9024
- C:\Windows\System\VxDQiyw.exe
  C:\Windows\System\VxDQiyw.exe
  2⤵
  PID:9040
- C:\Windows\System\aiUedmu.exe
  C:\Windows\System\aiUedmu.exe
  2⤵
  PID:9056
- C:\Windows\System\QuMfzpx.exe
  C:\Windows\System\QuMfzpx.exe
  2⤵
  PID:9072
- C:\Windows\System\vqsRyXe.exe
  C:\Windows\System\vqsRyXe.exe
  2⤵
  PID:9088
- C:\Windows\System\oUaTERO.exe
  C:\Windows\System\oUaTERO.exe
  2⤵
  PID:9104
- C:\Windows\System\KnMLlcO.exe
  C:\Windows\System\KnMLlcO.exe
  2⤵
  PID:9120
- C:\Windows\System\PPnacdH.exe
  C:\Windows\System\PPnacdH.exe
  2⤵
  PID:9136
- C:\Windows\System\YQPQiSa.exe
  C:\Windows\System\YQPQiSa.exe
  2⤵
  PID:9152
- C:\Windows\System\DsujEtu.exe
  C:\Windows\System\DsujEtu.exe
  2⤵
  PID:9168
- C:\Windows\System\SmBDxup.exe
  C:\Windows\System\SmBDxup.exe
  2⤵
  PID:9184
- C:\Windows\System\OqYshQS.exe
  C:\Windows\System\OqYshQS.exe
  2⤵
  PID:9200
- C:\Windows\System\VJHmXmz.exe
  C:\Windows\System\VJHmXmz.exe
  2⤵
  PID:1572
- C:\Windows\System\kgTLpNV.exe
  C:\Windows\System\kgTLpNV.exe
  2⤵
  PID:8108
- C:\Windows\System\rHOthsY.exe
  C:\Windows\System\rHOthsY.exe
  2⤵
  PID:8228
- C:\Windows\System\kOQOtfV.exe
  C:\Windows\System\kOQOtfV.exe
  2⤵
  PID:8212
- C:\Windows\System\GhNrfGK.exe
  C:\Windows\System\GhNrfGK.exe
  2⤵
  PID:7444
- C:\Windows\System\ivjkxOk.exe
  C:\Windows\System\ivjkxOk.exe
  2⤵
  PID:7780
- C:\Windows\System\oLRPvNr.exe
  C:\Windows\System\oLRPvNr.exe
  2⤵
  PID:8292
- C:\Windows\System\fsmckQe.exe
  C:\Windows\System\fsmckQe.exe
  2⤵
  PID:8352
- C:\Windows\System\ERUxJvY.exe
  C:\Windows\System\ERUxJvY.exe
  2⤵
  PID:8308
- C:\Windows\System\kjvTEGK.exe
  C:\Windows\System\kjvTEGK.exe
  2⤵
  PID:8420
- C:\Windows\System\zTKSODd.exe
  C:\Windows\System\zTKSODd.exe
  2⤵
  PID:8372
- C:\Windows\System\pUTvLbb.exe
  C:\Windows\System\pUTvLbb.exe
  2⤵
  PID:8456
- C:\Windows\System\jkqlBYG.exe
  C:\Windows\System\jkqlBYG.exe
  2⤵
  PID:8488
- C:\Windows\System\VDOlUYN.exe
  C:\Windows\System\VDOlUYN.exe
  2⤵
  PID:8468
- C:\Windows\System\CBqYYFo.exe
  C:\Windows\System\CBqYYFo.exe
  2⤵
  PID:8580
- C:\Windows\System\DINdifK.exe
  C:\Windows\System\DINdifK.exe
  2⤵
  PID:8500
- C:\Windows\System\zwuFOAb.exe
  C:\Windows\System\zwuFOAb.exe
  2⤵
  PID:8628
- C:\Windows\System\ptObEEG.exe
  C:\Windows\System\ptObEEG.exe
  2⤵
  PID:8640
- C:\Windows\System\oIspSyB.exe
  C:\Windows\System\oIspSyB.exe
  2⤵
  PID:8664
- C:\Windows\System\zBXYfeW.exe
  C:\Windows\System\zBXYfeW.exe
  2⤵
  PID:8680
- C:\Windows\System\SNhnuta.exe
  C:\Windows\System\SNhnuta.exe
  2⤵
  PID:8696
- C:\Windows\System\BTmYdDt.exe
  C:\Windows\System\BTmYdDt.exe
  2⤵
  PID:8740
- C:\Windows\System\StKIaHQ.exe
  C:\Windows\System\StKIaHQ.exe
  2⤵
  PID:8788
- C:\Windows\System\dDXfjew.exe
  C:\Windows\System\dDXfjew.exe
  2⤵
  PID:8784
- C:\Windows\System\HUcnzwA.exe
  C:\Windows\System\HUcnzwA.exe
  2⤵
  PID:8808
- C:\Windows\System\eynaHoh.exe
  C:\Windows\System\eynaHoh.exe
  2⤵
  PID:8876
- C:\Windows\System\jyTiJng.exe
  C:\Windows\System\jyTiJng.exe
  2⤵
  PID:8968
- C:\Windows\System\cLHCpsK.exe
  C:\Windows\System\cLHCpsK.exe
  2⤵
  PID:8984
- C:\Windows\System\fbQSUgg.exe
  C:\Windows\System\fbQSUgg.exe
  2⤵
  PID:8888
- C:\Windows\System\yHxeCqC.exe
  C:\Windows\System\yHxeCqC.exe
  2⤵
  PID:9052
- C:\Windows\System\qLYGQol.exe
  C:\Windows\System\qLYGQol.exe
  2⤵
  PID:9132
- C:\Windows\System\mqBVoBV.exe
  C:\Windows\System\mqBVoBV.exe
  2⤵
  PID:9144
- C:\Windows\System\KnDzneY.exe
  C:\Windows\System\KnDzneY.exe
  2⤵
  PID:8452
- C:\Windows\System\sjpQKUJ.exe
  C:\Windows\System\sjpQKUJ.exe
  2⤵
  PID:8368
- C:\Windows\System\FuLlHku.exe
  C:\Windows\System\FuLlHku.exe
  2⤵
  PID:8484
- C:\Windows\System\SmgKKQI.exe
  C:\Windows\System\SmgKKQI.exe
  2⤵
  PID:8532
- C:\Windows\System\YhoZFiU.exe
  C:\Windows\System\YhoZFiU.exe
  2⤵
  PID:8616
- C:\Windows\System\mIeRhyW.exe
  C:\Windows\System\mIeRhyW.exe
  2⤵
  PID:8704
- C:\Windows\System\TtQYgrA.exe
  C:\Windows\System\TtQYgrA.exe
  2⤵
  PID:8660
- C:\Windows\System\vPwBFdF.exe
  C:\Windows\System\vPwBFdF.exe
  2⤵
  PID:8632
- C:\Windows\System\qjwXmCR.exe
  C:\Windows\System\qjwXmCR.exe
  2⤵
  PID:8772
- C:\Windows\System\WLCoRMT.exe
  C:\Windows\System\WLCoRMT.exe
  2⤵
  PID:8844
- C:\Windows\System\ayCIBsh.exe
  C:\Windows\System\ayCIBsh.exe
  2⤵
  PID:9004
- C:\Windows\System\WWbUzES.exe
  C:\Windows\System\WWbUzES.exe
  2⤵
  PID:9016
- C:\Windows\System\DTsFGDN.exe
  C:\Windows\System\DTsFGDN.exe
  2⤵
  PID:9112
- C:\Windows\System\RMbRVIu.exe
  C:\Windows\System\RMbRVIu.exe
  2⤵
  PID:8828
- C:\Windows\System\StcHiEP.exe
  C:\Windows\System\StcHiEP.exe
  2⤵
  PID:8924
- C:\Windows\System\iNeVTGK.exe
  C:\Windows\System\iNeVTGK.exe
  2⤵
  PID:9096
- C:\Windows\System\aYyBqQC.exe
  C:\Windows\System\aYyBqQC.exe
  2⤵
  PID:9196
- C:\Windows\System\MARcpgL.exe
  C:\Windows\System\MARcpgL.exe
  2⤵
  PID:9212
- C:\Windows\System\LZzZrtd.exe
  C:\Windows\System\LZzZrtd.exe
  2⤵
  PID:9176
- C:\Windows\System\cvBHDSn.exe
  C:\Windows\System\cvBHDSn.exe
  2⤵
  PID:7488
- C:\Windows\System\oDUbqPo.exe
  C:\Windows\System\oDUbqPo.exe
  2⤵
  PID:8324
- C:\Windows\System\HGUwxaW.exe
  C:\Windows\System\HGUwxaW.exe
  2⤵
  PID:8432
- C:\Windows\System\qNGgDph.exe
  C:\Windows\System\qNGgDph.exe
  2⤵
  PID:8288
- C:\Windows\System\sSGmJgH.exe
  C:\Windows\System\sSGmJgH.exe
  2⤵
  PID:8672
- C:\Windows\System\UPleklr.exe
  C:\Windows\System\UPleklr.exe
  2⤵
  PID:8756
- C:\Windows\System\SsPRkAz.exe
  C:\Windows\System\SsPRkAz.exe
  2⤵
  PID:8768
- C:\Windows\System\VhgOmRh.exe
  C:\Windows\System\VhgOmRh.exe
  2⤵
  PID:8860
- C:\Windows\System\rMPhFYp.exe
  C:\Windows\System\rMPhFYp.exe
  2⤵
  PID:9080
- C:\Windows\System\pocOSGK.exe
  C:\Windows\System\pocOSGK.exe
  2⤵
  PID:9068
- C:\Windows\System\BZKGNRM.exe
  C:\Windows\System\BZKGNRM.exe
  2⤵
  PID:8224
- C:\Windows\System\CFDnQyO.exe
  C:\Windows\System\CFDnQyO.exe
  2⤵
  PID:8548
- C:\Windows\System\NOPSQze.exe
  C:\Windows\System\NOPSQze.exe
  2⤵
  PID:8676
- C:\Windows\System\oGGOYCF.exe
  C:\Windows\System\oGGOYCF.exe
  2⤵
  PID:9000
- C:\Windows\System\RcEUvbS.exe
  C:\Windows\System\RcEUvbS.exe
  2⤵
  PID:7844
- C:\Windows\System\UpycleH.exe
  C:\Windows\System\UpycleH.exe
  2⤵
  PID:8840
- C:\Windows\System\jglMwck.exe
  C:\Windows\System\jglMwck.exe
  2⤵
  PID:8920
- C:\Windows\System\nNkelYg.exe
  C:\Windows\System\nNkelYg.exe
  2⤵
  PID:6296
- C:\Windows\System\gMiYsYl.exe
  C:\Windows\System\gMiYsYl.exe
  2⤵
  PID:8276
- C:\Windows\System\QvstxAQ.exe
  C:\Windows\System\QvstxAQ.exe
  2⤵
  PID:9220
- C:\Windows\System\cHNHzku.exe
  C:\Windows\System\cHNHzku.exe
  2⤵
  PID:9236
- C:\Windows\System\GIaAQZS.exe
  C:\Windows\System\GIaAQZS.exe
  2⤵
  PID:9252
- C:\Windows\System\LYhXmpZ.exe
  C:\Windows\System\LYhXmpZ.exe
  2⤵
  PID:9268
- C:\Windows\System\XcXRQyC.exe
  C:\Windows\System\XcXRQyC.exe
  2⤵
  PID:9284
- C:\Windows\System\EiRfJmv.exe
  C:\Windows\System\EiRfJmv.exe
  2⤵
  PID:9300
- C:\Windows\System\QbQXaeD.exe
  C:\Windows\System\QbQXaeD.exe
  2⤵
  PID:9316
- C:\Windows\System\TPnrNZH.exe
  C:\Windows\System\TPnrNZH.exe
  2⤵
  PID:9332
- C:\Windows\System\IJFQjUR.exe
  C:\Windows\System\IJFQjUR.exe
  2⤵
  PID:9348
- C:\Windows\System\LILQLFZ.exe
  C:\Windows\System\LILQLFZ.exe
  2⤵
  PID:9364
- C:\Windows\System\LYzQpZN.exe
  C:\Windows\System\LYzQpZN.exe
  2⤵
  PID:9380
- C:\Windows\System\OfsiepA.exe
  C:\Windows\System\OfsiepA.exe
  2⤵
  PID:9396
- C:\Windows\System\QIRXiNJ.exe
  C:\Windows\System\QIRXiNJ.exe
  2⤵
  PID:9412
- C:\Windows\System\HViVgYX.exe
  C:\Windows\System\HViVgYX.exe
  2⤵
  PID:9428
- C:\Windows\System\gvvidFL.exe
  C:\Windows\System\gvvidFL.exe
  2⤵
  PID:9460
- C:\Windows\System\KidxTZN.exe
  C:\Windows\System\KidxTZN.exe
  2⤵
  PID:9476
- C:\Windows\System\vEkmdjR.exe
  C:\Windows\System\vEkmdjR.exe
  2⤵
  PID:9496
- C:\Windows\System\zIioMjI.exe
  C:\Windows\System\zIioMjI.exe
  2⤵
  PID:9512
- C:\Windows\System\wavvhtD.exe
  C:\Windows\System\wavvhtD.exe
  2⤵
  PID:9528
- C:\Windows\System\XsyOIuM.exe
  C:\Windows\System\XsyOIuM.exe
  2⤵
  PID:9544
- C:\Windows\System\gUAWtSV.exe
  C:\Windows\System\gUAWtSV.exe
  2⤵
  PID:9768
- C:\Windows\System\FkMdpXh.exe
  C:\Windows\System\FkMdpXh.exe
  2⤵
  PID:10120
- C:\Windows\System\SAVNvRR.exe
  C:\Windows\System\SAVNvRR.exe
  2⤵
  PID:9620
- C:\Windows\System\FLltZGU.exe
  C:\Windows\System\FLltZGU.exe
  2⤵
  PID:10144
- C:\Windows\System\lRIYsDg.exe
  C:\Windows\System\lRIYsDg.exe
  2⤵
  PID:10228
- C:\Windows\System\hBjDFIl.exe
  C:\Windows\System\hBjDFIl.exe
  2⤵
  PID:8272
- C:\Windows\System\qAGAfzQ.exe
  C:\Windows\System\qAGAfzQ.exe
  2⤵
  PID:9424
- C:\Windows\System\fHaiyzz.exe
  C:\Windows\System\fHaiyzz.exe
  2⤵
  PID:9392
- C:\Windows\System\yvqnoed.exe
  C:\Windows\System\yvqnoed.exe
  2⤵
  PID:7992
- C:\Windows\System\YmvbvgN.exe
  C:\Windows\System\YmvbvgN.exe
  2⤵
  PID:9404
- C:\Windows\System\OtCrdjB.exe
  C:\Windows\System\OtCrdjB.exe
  2⤵
  PID:9488
- C:\Windows\System\mqGWIuE.exe
  C:\Windows\System\mqGWIuE.exe
  2⤵
  PID:9588
- C:\Windows\System\IOvDQLe.exe
  C:\Windows\System\IOvDQLe.exe
  2⤵
  PID:9536
- C:\Windows\System\SkwpLzT.exe
  C:\Windows\System\SkwpLzT.exe
  2⤵
  PID:9436
- C:\Windows\System\TPcZRLT.exe
  C:\Windows\System\TPcZRLT.exe
  2⤵
  PID:9148
- C:\Windows\System\kCGLjOt.exe
  C:\Windows\System\kCGLjOt.exe
  2⤵
  PID:9612
- C:\Windows\System\XJdRWpI.exe
  C:\Windows\System\XJdRWpI.exe
  2⤵
  PID:9628
- C:\Windows\System\LIgJnoL.exe
  C:\Windows\System\LIgJnoL.exe
  2⤵
  PID:9648
- C:\Windows\System\HAnZaHU.exe
  C:\Windows\System\HAnZaHU.exe
  2⤵
  PID:9676
- C:\Windows\System\jmuiUWY.exe
  C:\Windows\System\jmuiUWY.exe
  2⤵
  PID:9692
- C:\Windows\System\ErlBtxX.exe
  C:\Windows\System\ErlBtxX.exe
  2⤵
  PID:9704
- C:\Windows\System\yxPkhVd.exe
  C:\Windows\System\yxPkhVd.exe
  2⤵
  PID:9728
- C:\Windows\System\nJEYgeA.exe
  C:\Windows\System\nJEYgeA.exe
  2⤵
  PID:9756
- C:\Windows\System\GqbACOq.exe
  C:\Windows\System\GqbACOq.exe
  2⤵
  PID:10188
- C:\Windows\System\LBWmdMJ.exe
  C:\Windows\System\LBWmdMJ.exe
  2⤵
  PID:10212
- C:\Windows\System\UhxywLH.exe
  C:\Windows\System\UhxywLH.exe
  2⤵
  PID:10052
- C:\Windows\System\bMVaPwZ.exe
  C:\Windows\System\bMVaPwZ.exe
  2⤵
  PID:10108
- C:\Windows\System\mSozSWI.exe
  C:\Windows\System\mSozSWI.exe
  2⤵
  PID:9844
- C:\Windows\System\xxUKdKv.exe
  C:\Windows\System\xxUKdKv.exe
  2⤵
  PID:7680
- C:\Windows\System\ZsiUOji.exe
  C:\Windows\System\ZsiUOji.exe
  2⤵
  PID:9812
- C:\Windows\System\cPNobsx.exe
  C:\Windows\System\cPNobsx.exe
  2⤵
  PID:9828
- C:\Windows\System\WjgIdaJ.exe
  C:\Windows\System\WjgIdaJ.exe
  2⤵
  PID:9852
- C:\Windows\System\FdqEGiE.exe
  C:\Windows\System\FdqEGiE.exe
  2⤵
  PID:9860
- C:\Windows\System\yEwVYlV.exe
  C:\Windows\System\yEwVYlV.exe
  2⤵
  PID:9888
- C:\Windows\System\CHKHMhV.exe
  C:\Windows\System\CHKHMhV.exe
  2⤵
  PID:9908
- C:\Windows\System\Rgssdhx.exe
  C:\Windows\System\Rgssdhx.exe
  2⤵
  PID:9928
- C:\Windows\System\otevBgQ.exe
  C:\Windows\System\otevBgQ.exe
  2⤵
  PID:9944
- C:\Windows\System\JYUIOHu.exe
  C:\Windows\System\JYUIOHu.exe
  2⤵
  PID:9968
- C:\Windows\System\QXwXekd.exe
  C:\Windows\System\QXwXekd.exe
  2⤵
  PID:9980
- C:\Windows\System\hhlmWbV.exe
  C:\Windows\System\hhlmWbV.exe
  2⤵
  PID:10040
- C:\Windows\System\xpsWgAe.exe
  C:\Windows\System\xpsWgAe.exe
  2⤵
  PID:10060
- C:\Windows\System\NWiflbM.exe
  C:\Windows\System\NWiflbM.exe
  2⤵
  PID:10084
- C:\Windows\System\wQRfhdh.exe
  C:\Windows\System\wQRfhdh.exe
  2⤵
  PID:10104
- C:\Windows\System\TnmzDSw.exe
  C:\Windows\System\TnmzDSw.exe
  2⤵
  PID:10128
- C:\Windows\System\uAeVXRv.exe
  C:\Windows\System\uAeVXRv.exe
  2⤵
  PID:10196
- C:\Windows\System\JhyZYVq.exe
  C:\Windows\System\JhyZYVq.exe
  2⤵
  PID:9372
- C:\Windows\System\CCZhouf.exe
  C:\Windows\System\CCZhouf.exe
  2⤵
  PID:9248
- C:\Windows\System\AZcQgXy.exe
  C:\Windows\System\AZcQgXy.exe
  2⤵
  PID:9472
- C:\Windows\System\LIGrMxi.exe
  C:\Windows\System\LIGrMxi.exe
  2⤵
  PID:9592
- C:\Windows\System\aYWVvig.exe
  C:\Windows\System\aYWVvig.exe
  2⤵
  PID:9540
- C:\Windows\System\KVgnpzE.exe
  C:\Windows\System\KVgnpzE.exe
  2⤵
  PID:7296
- C:\Windows\System\RARghTt.exe
  C:\Windows\System\RARghTt.exe
  2⤵
  PID:9616
- C:\Windows\System\mkjdets.exe
  C:\Windows\System\mkjdets.exe
  2⤵
  PID:9660
- C:\Windows\System\wTiCagI.exe
  C:\Windows\System\wTiCagI.exe
  2⤵
  PID:9684
- C:\Windows\System\xBsxxhY.exe
  C:\Windows\System\xBsxxhY.exe
  2⤵
  PID:9716
- C:\Windows\System\dQOCBxB.exe
  C:\Windows\System\dQOCBxB.exe
  2⤵
  PID:10032
- C:\Windows\System\sfDIBQd.exe
  C:\Windows\System\sfDIBQd.exe
  2⤵
  PID:10176
- C:\Windows\System\SpwiGsq.exe
  C:\Windows\System\SpwiGsq.exe
  2⤵
  PID:10024
- C:\Windows\System\ryGsoWb.exe
  C:\Windows\System\ryGsoWb.exe
  2⤵
  PID:9788
- C:\Windows\System\zzxqIbF.exe
  C:\Windows\System\zzxqIbF.exe
  2⤵
  PID:9820
- C:\Windows\System\jAKxGmX.exe
  C:\Windows\System\jAKxGmX.exe
  2⤵
  PID:9876
- C:\Windows\System\uLGzYUo.exe
  C:\Windows\System\uLGzYUo.exe
  2⤵
  PID:9900
- C:\Windows\System\vZRfgQo.exe
  C:\Windows\System\vZRfgQo.exe
  2⤵
  PID:9924
- C:\Windows\System\LlgkZnl.exe
  C:\Windows\System\LlgkZnl.exe
  2⤵
  PID:9960
- C:\Windows\System\HlPKkVN.exe
  C:\Windows\System\HlPKkVN.exe
  2⤵
  PID:10000
- C:\Windows\System\dhUyuli.exe
  C:\Windows\System\dhUyuli.exe
  2⤵
  PID:9976
- C:\Windows\System\OsgEFzx.exe
  C:\Windows\System\OsgEFzx.exe
  2⤵
  PID:10056
- C:\Windows\System\AEFrSbt.exe
  C:\Windows\System\AEFrSbt.exe
  2⤵
  PID:10116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BIgIhSF.exe

Filesize
6.0MB

MD5
d496faaacc601222b7f24e5df9673f45

SHA1
dac60a473920324c591406850cb0118a3748d1e9

SHA256
55d008f04f3c36ce9d066136e2296b9b9f4391b6565e7834bbd7ee6398423999

SHA512
c21d7d9bef4e104baad489123da5337da10224bf4a0672566fa5960fcaabd4ea06d99c38784341fa05aed7086d6a2f19b8015fe79c727d00d51ddfc29a2fe82b

Download Submit
C:\Windows\system\DzlZlaN.exe

Filesize
6.0MB

MD5
bfe993c497fa8d99ad61cdfbf2bed254

SHA1
02801577683d1707a1286b122c20dbfc3231ad23

SHA256
4e248e3523b529c2a6c9f21ba896f430d0c67cfb4ae6ff98e4a7ad595bb38074

SHA512
6351e6bba948148b42a1301475bfb9561124985f19a5802389b6158d7589c745d91be02344a8779b6b4b346898af59cf09f75b81be4fbff01ef02ff1aa24b42e

Download Submit
C:\Windows\system\FNpOcNQ.exe

Filesize
6.0MB

MD5
200ed149eafaf6a588620df5c0a414e6

SHA1
35643d1caedf7914bbe1f4d78f984f134d5e9b12

SHA256
314a9b52aeda2609b1d570a9a793e784ae97e29713b3839ea8d5a28c68a1eb5e

SHA512
f00b6791aff7892693806190be263c2a88b0773960ad1bbaf8b6d84b41ee947e89a89e4eb940a3c9b0a971f44faf9b886eb279ea0e9312a807eddde828c6b3cd

Download Submit
C:\Windows\system\HaMZuLQ.exe

Filesize
6.0MB

MD5
b84be6d8baee99b68749adc9e238a46e

SHA1
3bf2fd06dd1f004fc0c85ddfcc437794eca55cfc

SHA256
65195cd7fa1f8615948fce7c8ee85927e722952420daf7ea6a1d77980c9a4fe5

SHA512
af2aeb6646b5f5623f29126b4e0ac2f1e7b2fb13e869d97aabc339fd36508fe15e990466bfcc3ef77c39ffd59f600034c55a95cf59a60749dc2730e20b165ced

Download Submit
C:\Windows\system\HwbiPqx.exe

Filesize
6.0MB

MD5
c16e46e8a9cfcaaaa5becd022f6b6ea2

SHA1
375888189e2d4d9d788dc3ea3a0f9e1e8807428c

SHA256
9b60437ccf463a938c92270cfd06c51a36415e9420c6596047962e46611752ff

SHA512
98a6f11973969012f5a5d7b2219ffc1bf97cd0082f5b2ead3345dd2306e8cf9c4426c4028df035703000e1bf54aeee08261e7f0147be08b9759c73459f55d629

Download Submit
C:\Windows\system\IdqCTKC.exe

Filesize
6.0MB

MD5
2e3d4babd72529cc142a4191489c1c8d

SHA1
c2156547e8b07f0d10cae1b265657e3a37ff76aa

SHA256
06f6fc6ca2aa150ffc0d7f682889ef58763715a1641100541204830ccd083dde

SHA512
fce8f1328b81a6211965e1d646cfa8cd336da0962c38e398224cdd5ef3cb6c2a683689af4da39cb53a1a5d50f8c1056442b686f51a4aa66ae79b9484b13a5e03

Download Submit
C:\Windows\system\JAhisui.exe

Filesize
6.0MB

MD5
edff9bc4a71ab24b60324241829f7310

SHA1
816c5f42d46c67e6e522ef737396ed9f16b8b38c

SHA256
f06d2ae6d25f0203cd3510d4c4ab5df38d2123ac73eea64030b746c576f4753b

SHA512
723e35f50189ba944c03ba6c904a29c36b3615f0778917f2765ac3b141e1a0d8a2792462e8dbf9085660ad92ccb10a4d24c17dff51f3669606fee5da1cc7e4d0

Download Submit
C:\Windows\system\KeENlrY.exe

Filesize
6.0MB

MD5
d7e80ac81bf7c2c6971a6b0c1bd77120

SHA1
5e9a02cdeb3a58855a164688c8ddadab922a1e80

SHA256
a2cc02d87dd2a3b8e5dbb3ca239bef8ba79a4bcf78f3d05502039fc1a905a25d

SHA512
acc6e27d73a4ac3c249ebc2e8deecabba90d1260076f149c7cd3f39c5add09f161e277457718d9d3e150431d704df51f22259d04fccf1909ac2ae58edf232160

Download Submit
C:\Windows\system\RlQEPug.exe

Filesize
6.0MB

MD5
ac1f4e44f6490b3ceff8a3bed5d78764

SHA1
31a9653e21132c01b7ccbd5beea5d5c8810079cf

SHA256
9c232198936e0ae75840281ff2eb8fe5879eaa19edf569b34f82f2c00d9a84aa

SHA512
5f0df6ea7aaed2ac6dcf173b73e65b1b310b6f442631491b1da374db94ecdba1af1f1816cabf0c8c0f383020aeafda0f5ac64353c9b35a1846104a3a3e465040

Download Submit
C:\Windows\system\XzNxAqj.exe

Filesize
6.0MB

MD5
b1858057551d96a5e9beb2d4853ea733

SHA1
76c496d93ab81c7799ef3a46d63f21ea3a348c09

SHA256
3be3d0e86d46e798945e400bebb09a4c3d504a3fd242429315e028c929fc1355

SHA512
9d9a940744960971cf78297512ecacb33f4712b2e4c2b72323c9763f74347c7ce244436e5b474e0968667e117a77c67b78c4009dfa4d411b9152714fff18f126

Download Submit
C:\Windows\system\YlYfluu.exe

Filesize
6.0MB

MD5
db88557d6bcb357784773d233e17ebf3

SHA1
1f171126b12f497f0d0e636f6fd89d3a198b6ea2

SHA256
f3a88ce8c7d689c05f550f848d35163cbea7d4ccef6c9829674bca77bba6cea9

SHA512
108f4a2b963c6ab1ae189f0e9e7a3f50101ce02f6c3a34ff43f6d4e0321d7e241639179fa445ce523345917e287af03019ef8d7c5361de3654ae52d07268fde4

Download Submit
C:\Windows\system\ZAocrYw.exe

Filesize
6.0MB

MD5
8aa516cdce5a72ebcfe010ae1367472f

SHA1
3d02550d8566333dec8cc30e51864bb8d665e451

SHA256
4351fca37b19604e521be5e3823f426c3688172bfe240965fbeb23dad0b71a09

SHA512
7709dd4c9e9cb1881bf583148cf91437f7ad31ea2b1b9bec2f9a7680b8f116767c1d07cc202e0abfa4d3a8aa6f9ec6acd4bef13db8651864c4447718f2210c5c

Download Submit
C:\Windows\system\bBzWdMj.exe

Filesize
6.0MB

MD5
3fea7a0e4cbc84557a871d296c917e79

SHA1
d45c651b88f257cb12c54ca25a827a63d60e101c

SHA256
b623460db637ec48bfe57e9be8f6b2849d025931588f4a62090f8b95d5d7f6dd

SHA512
82f2501b0ee3b5a3d905562549a525eba5c92cdc74df06aeb39bf9fb59cf0157341562754923c5bd815cbdb2cd5d7b2f0f84a5a15553ef2a3b4c3a1afe22e2c5

Download Submit
C:\Windows\system\baCTnrQ.exe

Filesize
6.0MB

MD5
c3efd3c6613b138ee12f799b3a71d30c

SHA1
b96f21f58307b084aa5f41a8e9e595451b2d06c4

SHA256
0ccab2ed93e19bd98668919dec3470543f514c7b2d9dd39f2482c34b12a8ea14

SHA512
059d65caf23fef46ee08a012c6a60ab3466410de0e0c5642bd3f8470a3d6d7baf3f3d623f5ceb05208259c56a25b4f86bee6bb8aad5c3f152b21a5caaa67c0cc

Download Submit
C:\Windows\system\djrnVXM.exe

Filesize
6.0MB

MD5
e449869d47cf5396ca1cbcf81be893a8

SHA1
bab60ff3e36d35938aacaebbadce6b3b3b0e497d

SHA256
847504daf25f96f18bb8ec510501dee5ccda23bdf00f67da2d90e9093f1218ad

SHA512
b4cb44880b0397fa737b2e7250b345173fe9263f01fc6698b44ddb1e356917e6c8771690e4e9faf13a09382a50f4390b94d789b92b08d5ee0e0b8c7b26eca239

Download Submit
C:\Windows\system\fPYjQVJ.exe

Filesize
6.0MB

MD5
d8ea3ae16b3cccf05376c41cc7359179

SHA1
449ad740732784bd5fe8f9c88d0b42b2a68fc69a

SHA256
862cdd18c19c6254953559bd6483e7b0b430098f16e3acbb941441ce62611d48

SHA512
55fc5c7a24703bb7fd7a7efa94530b48a76584378f4427d549dce6399ec42d9fe215590e1619ac84093bb3da7831008c34235e83b6764bb816ae5f93b1b70feb

Download Submit
C:\Windows\system\geRTLwT.exe

Filesize
6.0MB

MD5
e583d7ee0a08b2d7d40fb543a3a69d7a

SHA1
3a416fd56bed5cc7dfc8e0cb40d61a781e826fc7

SHA256
87804a0cb4a16205448221142c9e62ef6bc952166de7f87200e5719bd4166458

SHA512
3eae2e3075a8f754a210903bf86151b702d4063516c120d0e2cc9e41e1441817f0082e87c4e0598b214fbe59a2a5f9e34b53cb48b8bc108025b7df505f87aa0d

Download Submit
C:\Windows\system\hrRTmDS.exe

Filesize
6.0MB

MD5
b758a02c86086ecb4797a05f6aa21661

SHA1
972c0941b95079df368d36ca3600e63cc5a45b69

SHA256
7cfae4a287626338be50bf048c6003be9e8715e9b2bda4380593649180754ea1

SHA512
bc386ad4c73e65252e0d6e090fdbf9e9fb9147f8c24d649cc60269c9c849b2835519f5776b4ff432106c601f8662439e3353af6abdfd89ad393f62351e02ea07

Download Submit
C:\Windows\system\jDyrvhn.exe

Filesize
6.0MB

MD5
10648679301721419b1ba4b02e98bfed

SHA1
e900382816df0bb59b184789c8d15444d2c55842

SHA256
cec981ca4161ec2b98c6f71e07e9acede2b697feb54e023588c7cf0662a31fe3

SHA512
091700ba01929f7803c3095345f8e1808e5ae1b4b3808313c0a248ec7ec08beef8e16d02b07f43590b9d1af54e599ea3f6f38a28404363aad3a110989dafaae3

Download Submit
C:\Windows\system\jLkkSWq.exe

Filesize
6.0MB

MD5
dded9f27927e8109585ab50efaa98bef

SHA1
23909349264f8e3b61e667bedec786d0401dd317

SHA256
413d7bf9ab9fe8576cd7d44575601b91773311f017b435007def71002d706f58

SHA512
c900614d7dfc94b005d1609ffda0c9dccb880442bdd3c6800787999dbe3199a86a480b6a13fb705b827445fcd5184c9c12e039c9d747da85d226d365b481c7b2

Download Submit
C:\Windows\system\jMiTIEa.exe

Filesize
6.0MB

MD5
ae1e7284ee19c76515a2e0a9657346fd

SHA1
b4676ed2c9b37bfc27fae1de0a21579fdb4feeac

SHA256
151259f23b59c36835bc061f55942e6d09c9b8337d437ab5221fad2a1aaffac7

SHA512
bba9ce2f176ee66a2549487ac988587fb6ee41e9dcc7626a3c9385b49d010f50a2d7f46898361cb197d1d0e00b3e4e3248b15a50e3824eaab1eb83ca6628e4ad

Download Submit
C:\Windows\system\oEjigNu.exe

Filesize
6.0MB

MD5
0bcbfc4e8f0d9f79788952a93ba804e8

SHA1
3b1d3d75224a2907ccf7f72c4c404a0570ad7558

SHA256
0831ad2ea862ac89e9ea45255fee7a4a0e085931c2b9a4d354f3826621ac9bbb

SHA512
53d62bf8e0b29c19e9653b9a21b7fcfefcaa95c1f9cccd7ef895c5c5f684a7a942536786c286e96b24e5961add65289271d8831e5e6fdf69cb10ea2a2df7e1c2

Download Submit
C:\Windows\system\qyNmnkJ.exe

Filesize
6.0MB

MD5
11ff47d39a39f54324d88de600b5c62a

SHA1
7abe6b77a5e2c37f542449241dc2c1d40332b901

SHA256
b282676fecdfe8b147613d6165d8256ef3195593359593f86a753ec028d9fa9a

SHA512
08e79d4ec3d22c03798b7fa3115fbdc8350468115c049d380baa78ada490bbfde0bc7be076b66817f21edd68a3186c587f4938f0f42bd61e3a8e1db708d7efaf

Download Submit
C:\Windows\system\rdYJItv.exe

Filesize
6.0MB

MD5
4184f184eadee304f9d7ac6190bc5420

SHA1
9aebb6c1294b7bcac9cf9d2c7164193b201088c2

SHA256
3434412b392c590bd771df839d8ed101cf841caf9dc0d83f04b03f90b20a183e

SHA512
aafe2983bde97c29f55f491dcf2def72c05de902c4a312245c67fd4ca154215f0a13e52f2362687e83cd07ed28b0b37963375a628d33fd82652d1eab2c45e5e9

Download Submit
C:\Windows\system\xGTWgjV.exe

Filesize
6.0MB

MD5
99e5010096ab564348e8006d6ca75b4e

SHA1
9ce1e8462d11e1dffe1f295d166b0a49c57d5d4c

SHA256
0c1966d5a133c96e601772365fcf0bdc7966084e8beb95df4c8e94580d2a9c47

SHA512
1b3c99ffd55794638d853326deed867a28286b74c240dbbfc9dd60c5715b3d60e82f35ffebd70afd8f05a552f2e9038ab876ac58ae43cd5a92bb845a2776a374

Download Submit
C:\Windows\system\xrGUrJd.exe

Filesize
6.0MB

MD5
113b13986b119f562cf12802201a66c6

SHA1
6ac33136f320ada0ed3ed6a6c546e68522bbbb59

SHA256
058a5c38d52293fa90045052cf993a0a2f62b3dc12cf6e0179025b92d7e689f2

SHA512
098200b7c6813a9f0b586ae0f71652c8781aa2d01147c49f831ebc5435bca8bdc5ea9e48268c1970ca75251cbb5c0494facbc90d98e47fe8804daa8bda082d68

Download Submit
C:\Windows\system\yJjUscn.exe

Filesize
6.0MB

MD5
16bbe3b1a82af906bf5ab4baa6d880a5

SHA1
5d95bb7918ca5b867d7b8a4945582a07b7c14f94

SHA256
79514e0b6cb6e64029e1de5cb6718500713aa099375e12b4cf4ebf7f084568a5

SHA512
24c8964583908c26d0c1f1b5cc1fb4fd95e2c06e8223f64c3c0bbfa12487d3b076665a139a25eaac5d6b1564fb1808be1115ff36bfe544dcc9445ece73633fda

Download Submit
\Windows\system\SdCxUBv.exe

Filesize
6.0MB

MD5
42e6bd7f0115c0173382e00d1acfc2b4

SHA1
a2f75a3b6bbbc3bad00a5d34760f8a0b1585ab60

SHA256
1deb491f1de05af75ff259b0a69dd5ed3c4dd9d08e93a899a0a69065ab3efea2

SHA512
6ba68271dfdbd950c61fddba0bc9291fdd9f94b1e0d1304a9f5140476a951c93ef1952ed588c04e057f58c9ff7186f3487dd88a139448a444f3f8e0040a30ebb

Download Submit
\Windows\system\ZWNgtKk.exe

Filesize
6.0MB

MD5
e966403e4b11ba06a0e495fd370d3d7f

SHA1
8b50885050719b8ed7e3721d584f1519876849a8

SHA256
44bcdba640437992ad807637ae5a1654369fed16a81ceca4abe096b327165c33

SHA512
a5f7b2b1501905ab66bb7380dcc5db27606bba527bb0266ace7b0d4000cabc94cdb6b30592fdbb704c190794d5862abdc99057871a4ed9bf1316e0f22cbbf97f

Download Submit
\Windows\system\hICIPqO.exe

Filesize
6.0MB

MD5
2fe29b653d2798e1eb06ee96ce91d46c

SHA1
7c493695ed91330b476ef1c05e7300b9026671d1

SHA256
8de665fee43655086e64140cdefc456054dc411cb45755167e81765411ea502a

SHA512
02fbc04c1a0b59a13e3a3269f52f898ac4f7ac45d8338487121c4a3c8a0b295e759343bb97ecb174b76642b49533212e7a6c7748ceb5c4357de3e59638f06fee

Download Submit
\Windows\system\hUVJzzs.exe

Filesize
6.0MB

MD5
ee44a118ac146b4b4491f79976e7a28f

SHA1
57d202e72252f9bce12cbebee1f0636cc6686d83

SHA256
42418826eec083556a1f2a89e026ef067fb449f0a3f9fd1d7691c21bcc8d4312

SHA512
291f1e45d47b7ef7e6453229ef770fe425e564f10f72617e89917ac9ea4cffd380c97f2c9cf3a85cf6fb2e7d94e74f24763f3eb6aa44da84765b2c9dbf70b24b

Download Submit
\Windows\system\ueeQHBV.exe

Filesize
6.0MB

MD5
7b443a5891e7dad4b749845cd9e43bf3

SHA1
3a1b3cfa9becc831b3102d6daf3f340681420ca0

SHA256
9b628de291b6f76290dd51fe312bd2251024dd54c0a83ff761090dad1eac3815

SHA512
5f1a92f6d1335ffe3078b228ea37c87340ee730281ef7a87b83df9089912418dd35d3143081ccc6f0fda595edec32fc6211280c94de7bcf7a4a24691b577b031

Download Submit
memory/268-3996-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/268-25-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/300-626-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/300-4008-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/784-3999-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/784-35-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/784-80-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-17-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1148-3995-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1492-29-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-3998-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-625-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1948-4007-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2172-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2172-50-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2172-629-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-40-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-815-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2172-943-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-63-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1408-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2254-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2252-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2172-71-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2172-628-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-946-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2172-631-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-7-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2172-28-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-621-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2172-70-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-82-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-22-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2172-32-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3997-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2204-26-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-85-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2420-4006-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1907-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1404-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2608-75-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4005-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2676-632-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-58-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4002-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4000-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2712-49-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4003-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-68-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-725-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-48-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4001-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4004-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2848-73-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1163-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download