cobaltstrike | f5a4d176a69c7ece27f4242b26271a44f126b91b0d0e1480691137a82d37ad6d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

353247698cd376db842e9cbbe064ba57
SHA1

a15aa4addaafbe31b37b4534c3d15c0e6f7e42ed
SHA256

f5a4d176a69c7ece27f4242b26271a44f126b91b0d0e1480691137a82d37ad6d
SHA512

13636472a3aacc6bd7ebc485a11c6af43f57df61f44e3736d4e4a7ae36d0e48edad7899be2d964846065d12107e898b0b5b6a9218e92e50405efd52a2bbe7a51
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000012245-6.dat	cobalt_reflective_dll
behavioral1/files/0x0017000000018657-12.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018662-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c8-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-100.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-65.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191f3-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x000f000000012245-6.dat	xmrig
behavioral1/files/0x0017000000018657-12.dat	xmrig
behavioral1/memory/2388-15-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2472-13-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000f000000018662-10.dat	xmrig
behavioral1/memory/2064-21-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c8-22.dat	xmrig
behavioral1/memory/2632-28-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000600000001878d-32.dat	xmrig
behavioral1/files/0x00070000000190c6-38.dat	xmrig
behavioral1/memory/2996-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1036-41-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3028-37-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-59.dat	xmrig
behavioral1/memory/2824-75-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-84.dat	xmrig
behavioral1/files/0x0005000000019fb9-104.dat	xmrig
behavioral1/files/0x000500000001a07b-125.dat	xmrig
behavioral1/files/0x000500000001a345-140.dat	xmrig
behavioral1/files/0x000500000001a434-165.dat	xmrig
behavioral1/files/0x000500000001a48c-175.dat	xmrig
behavioral1/files/0x000500000001a48e-177.dat	xmrig
behavioral1/memory/2452-1402-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2588-1037-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2708-1036-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2996-695-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2776-315-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46a-170.dat	xmrig
behavioral1/files/0x000500000001a49a-184.dat	xmrig
behavioral1/files/0x000500000001a431-160.dat	xmrig
behavioral1/files/0x000500000001a42f-155.dat	xmrig
behavioral1/files/0x000500000001a42d-151.dat	xmrig
behavioral1/files/0x000500000001a42b-145.dat	xmrig
behavioral1/files/0x000500000001a301-135.dat	xmrig
behavioral1/files/0x000500000001a0a1-130.dat	xmrig
behavioral1/files/0x000500000001a067-119.dat	xmrig
behavioral1/memory/2452-103-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f9f-100.dat	xmrig
behavioral1/files/0x0009000000017481-94.dat	xmrig
behavioral1/files/0x0005000000019da4-92.dat	xmrig
behavioral1/files/0x0005000000019db8-107.dat	xmrig
behavioral1/memory/2672-82-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2632-81-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2588-80-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2708-76-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-74.dat	xmrig
behavioral1/files/0x0005000000019c3a-73.dat	xmrig
behavioral1/files/0x0005000000019c36-72.dat	xmrig
behavioral1/memory/2880-71-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c38-65.dat	xmrig
behavioral1/memory/2776-50-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00080000000191f3-46.dat	xmrig
behavioral1/memory/2388-4018-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2064-4019-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2632-4020-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/3028-4021-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/1036-4022-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2776-4023-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2824-4025-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2880-4024-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2588-4026-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2708-4027-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2672-4028-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2472	uuOIfTu.exe
2388	YVCkGMb.exe
2064	HosWKkT.exe
2632	oxThFmW.exe
3028	MGfbrJl.exe
1036	QlPDjWZ.exe
2776	TkIhCLW.exe
2880	lLZnHEE.exe
2824	AUhBCcs.exe
2672	qfstZig.exe
2708	GQREylM.exe
2588	jKofOUs.exe
2452	CcjnKDK.exe
1516	gwOJdhZ.exe
1964	eYhhlVP.exe
2960	SQgGaqa.exe
1696	PLtQAZj.exe
1612	Wvdjbia.exe
552	RYeINRT.exe
1652	GYNrdWZ.exe
1820	KXOvruc.exe
1168	RCiTLNL.exe
1164	XqmhKXW.exe
1424	nqjYQPo.exe
2836	ZmVppHy.exe
2608	HgtwsEm.exe
2208	JLkvPhN.exe
2228	HdqSxcl.exe
1800	GhaOWfY.exe
1396	CypkBpX.exe
1476	VivkSfa.exe
1860	YHjryue.exe
2040	TspyNQd.exe
1064	COmyWbd.exe
1256	sBBCtJZ.exe
1100	JHnIase.exe
2984	YxTEmCM.exe
1552	iSphQlT.exe
2292	eHLgOOC.exe
1280	vRkGcuj.exe
916	nXpCsix.exe
1776	HPKDySS.exe
2316	uhNbNiR.exe
796	nUCDMCh.exe
320	KGQiYmS.exe
700	oJsMshh.exe
1792	leOifmF.exe
1872	nDgoUmw.exe
1628	MgkIDDN.exe
2420	Cichiqp.exe
2108	FqrgjJW.exe
1672	NuSeqGe.exe
2112	CyKyEXA.exe
2148	IVAIKsk.exe
1600	RxKkwWb.exe
1720	bFqDotS.exe
1936	oAZeOke.exe
2132	rJdMbxs.exe
592	XHtyGjZ.exe
2816	rGLZbcS.exe
2860	iPeeRcW.exe
2804	dggycAx.exe
2344	HNThOVs.exe
2364	IulNrAJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000f000000012245-6.dat	upx
behavioral1/files/0x0017000000018657-12.dat	upx
behavioral1/memory/2388-15-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2472-13-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000f000000018662-10.dat	upx
behavioral1/memory/2064-21-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00060000000186c8-22.dat	upx
behavioral1/memory/2632-28-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000600000001878d-32.dat	upx
behavioral1/files/0x00070000000190c6-38.dat	upx
behavioral1/memory/2996-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1036-41-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/3028-37-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-59.dat	upx
behavioral1/memory/2824-75-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-84.dat	upx
behavioral1/files/0x0005000000019fb9-104.dat	upx
behavioral1/files/0x000500000001a07b-125.dat	upx
behavioral1/files/0x000500000001a345-140.dat	upx
behavioral1/files/0x000500000001a434-165.dat	upx
behavioral1/files/0x000500000001a48c-175.dat	upx
behavioral1/files/0x000500000001a48e-177.dat	upx
behavioral1/memory/2452-1402-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2588-1037-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2708-1036-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2776-315-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x000500000001a46a-170.dat	upx
behavioral1/files/0x000500000001a49a-184.dat	upx
behavioral1/files/0x000500000001a431-160.dat	upx
behavioral1/files/0x000500000001a42f-155.dat	upx
behavioral1/files/0x000500000001a42d-151.dat	upx
behavioral1/files/0x000500000001a42b-145.dat	upx
behavioral1/files/0x000500000001a301-135.dat	upx
behavioral1/files/0x000500000001a0a1-130.dat	upx
behavioral1/files/0x000500000001a067-119.dat	upx
behavioral1/memory/2452-103-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0005000000019f9f-100.dat	upx
behavioral1/files/0x0009000000017481-94.dat	upx
behavioral1/files/0x0005000000019da4-92.dat	upx
behavioral1/files/0x0005000000019db8-107.dat	upx
behavioral1/memory/2672-82-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2632-81-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2588-80-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2708-76-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-74.dat	upx
behavioral1/files/0x0005000000019c3a-73.dat	upx
behavioral1/files/0x0005000000019c36-72.dat	upx
behavioral1/memory/2880-71-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0005000000019c38-65.dat	upx
behavioral1/memory/2776-50-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00080000000191f3-46.dat	upx
behavioral1/memory/2388-4018-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2064-4019-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2632-4020-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/3028-4021-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1036-4022-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2776-4023-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2824-4025-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2880-4024-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2588-4026-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2708-4027-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2672-4028-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2452-4029-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kVIkuAe.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrOyquR.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOBWRNB.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhcsjzH.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGnVsFQ.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRkGcuj.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsScOpl.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHBflBU.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZNDAGW.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRpRaew.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwyFFlq.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irYRwRI.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLumpLL.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfstZig.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwsEauv.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLMsbOh.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLNqfjl.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkXDtMj.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCbmfzG.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUTaXIb.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIWsqnp.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNVCLcp.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBclmRT.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etJozBs.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLtaFBG.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZwAixk.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOKfpSV.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYzhTfv.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFgoZSZ.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYtsVAk.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yhxamzu.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSLxAPb.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKGjaKY.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psQnAfq.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EENnqrQ.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkIhCLW.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQtUZzW.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqQJnSu.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZHcOdq.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsrRknJ.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phRrfof.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZwvVBW.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwABhtB.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGpxGhx.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcQGRgo.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLeBxLu.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeXSsgn.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzDkEed.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeYqynF.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaBkvpB.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEvmmXs.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMPmVKR.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFaoNLL.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klrMEZJ.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcjnKDK.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clpPqNy.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHlmNSc.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcbuXqh.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYhhlVP.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thyWFVr.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqHMxCB.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsRtFEo.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtJKGmx.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phCmlNm.exe	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2472	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2472	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2472	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2388	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2388	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2388	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2064	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2064	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2064	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2632	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2632	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2632	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 3028	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 3028	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 3028	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 1036	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 1036	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 1036	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2776	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2776	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2776	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2672	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2672	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2672	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2880	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2880	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2880	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2708	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2708	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2708	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2824	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2824	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2824	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2588	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2588	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2588	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2960	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 2960	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 2960	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 2452	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 2452	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 2452	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 1696	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 1696	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 1696	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 1516	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1516	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1516	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1612	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 1612	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 1612	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 1964	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 1964	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 1964	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 552	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 552	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 552	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1652	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1652	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1652	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1820	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 1820	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 1820	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 1168	2996	2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_353247698cd376db842e9cbbe064ba57_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\System\uuOIfTu.exe
  C:\Windows\System\uuOIfTu.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\YVCkGMb.exe
  C:\Windows\System\YVCkGMb.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\HosWKkT.exe
  C:\Windows\System\HosWKkT.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\oxThFmW.exe
  C:\Windows\System\oxThFmW.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\MGfbrJl.exe
  C:\Windows\System\MGfbrJl.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\QlPDjWZ.exe
  C:\Windows\System\QlPDjWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\TkIhCLW.exe
  C:\Windows\System\TkIhCLW.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\qfstZig.exe
  C:\Windows\System\qfstZig.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\lLZnHEE.exe
  C:\Windows\System\lLZnHEE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\GQREylM.exe
  C:\Windows\System\GQREylM.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\AUhBCcs.exe
  C:\Windows\System\AUhBCcs.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\jKofOUs.exe
  C:\Windows\System\jKofOUs.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\SQgGaqa.exe
  C:\Windows\System\SQgGaqa.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\CcjnKDK.exe
  C:\Windows\System\CcjnKDK.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\PLtQAZj.exe
  C:\Windows\System\PLtQAZj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\gwOJdhZ.exe
  C:\Windows\System\gwOJdhZ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\Wvdjbia.exe
  C:\Windows\System\Wvdjbia.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\eYhhlVP.exe
  C:\Windows\System\eYhhlVP.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\RYeINRT.exe
  C:\Windows\System\RYeINRT.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\GYNrdWZ.exe
  C:\Windows\System\GYNrdWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\KXOvruc.exe
  C:\Windows\System\KXOvruc.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\RCiTLNL.exe
  C:\Windows\System\RCiTLNL.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\XqmhKXW.exe
  C:\Windows\System\XqmhKXW.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\nqjYQPo.exe
  C:\Windows\System\nqjYQPo.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\ZmVppHy.exe
  C:\Windows\System\ZmVppHy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\HgtwsEm.exe
  C:\Windows\System\HgtwsEm.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\JLkvPhN.exe
  C:\Windows\System\JLkvPhN.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HdqSxcl.exe
  C:\Windows\System\HdqSxcl.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\GhaOWfY.exe
  C:\Windows\System\GhaOWfY.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\CypkBpX.exe
  C:\Windows\System\CypkBpX.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\VivkSfa.exe
  C:\Windows\System\VivkSfa.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\YHjryue.exe
  C:\Windows\System\YHjryue.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\TspyNQd.exe
  C:\Windows\System\TspyNQd.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\COmyWbd.exe
  C:\Windows\System\COmyWbd.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\sBBCtJZ.exe
  C:\Windows\System\sBBCtJZ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\JHnIase.exe
  C:\Windows\System\JHnIase.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\YxTEmCM.exe
  C:\Windows\System\YxTEmCM.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\iSphQlT.exe
  C:\Windows\System\iSphQlT.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\eHLgOOC.exe
  C:\Windows\System\eHLgOOC.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\vRkGcuj.exe
  C:\Windows\System\vRkGcuj.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\nXpCsix.exe
  C:\Windows\System\nXpCsix.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\HPKDySS.exe
  C:\Windows\System\HPKDySS.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\nUCDMCh.exe
  C:\Windows\System\nUCDMCh.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\uhNbNiR.exe
  C:\Windows\System\uhNbNiR.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\oJsMshh.exe
  C:\Windows\System\oJsMshh.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\KGQiYmS.exe
  C:\Windows\System\KGQiYmS.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\leOifmF.exe
  C:\Windows\System\leOifmF.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\nDgoUmw.exe
  C:\Windows\System\nDgoUmw.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\MgkIDDN.exe
  C:\Windows\System\MgkIDDN.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\Cichiqp.exe
  C:\Windows\System\Cichiqp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\FqrgjJW.exe
  C:\Windows\System\FqrgjJW.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\NuSeqGe.exe
  C:\Windows\System\NuSeqGe.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\CyKyEXA.exe
  C:\Windows\System\CyKyEXA.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\IVAIKsk.exe
  C:\Windows\System\IVAIKsk.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\RxKkwWb.exe
  C:\Windows\System\RxKkwWb.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\bFqDotS.exe
  C:\Windows\System\bFqDotS.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\oAZeOke.exe
  C:\Windows\System\oAZeOke.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\rJdMbxs.exe
  C:\Windows\System\rJdMbxs.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\XHtyGjZ.exe
  C:\Windows\System\XHtyGjZ.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\rGLZbcS.exe
  C:\Windows\System\rGLZbcS.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\iPeeRcW.exe
  C:\Windows\System\iPeeRcW.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\dggycAx.exe
  C:\Windows\System\dggycAx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HNThOVs.exe
  C:\Windows\System\HNThOVs.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IulNrAJ.exe
  C:\Windows\System\IulNrAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\WJonReN.exe
  C:\Windows\System\WJonReN.exe
  2⤵
  PID:1284
- C:\Windows\System\qBtmxmk.exe
  C:\Windows\System\qBtmxmk.exe
  2⤵
  PID:1300
- C:\Windows\System\HrdAjHj.exe
  C:\Windows\System\HrdAjHj.exe
  2⤵
  PID:2808
- C:\Windows\System\ocGFdkC.exe
  C:\Windows\System\ocGFdkC.exe
  2⤵
  PID:1784
- C:\Windows\System\JNhGLlD.exe
  C:\Windows\System\JNhGLlD.exe
  2⤵
  PID:2008
- C:\Windows\System\OCfKqUA.exe
  C:\Windows\System\OCfKqUA.exe
  2⤵
  PID:2016
- C:\Windows\System\WEfdkxw.exe
  C:\Windows\System\WEfdkxw.exe
  2⤵
  PID:1428
- C:\Windows\System\QTVyUUH.exe
  C:\Windows\System\QTVyUUH.exe
  2⤵
  PID:2616
- C:\Windows\System\AcFaden.exe
  C:\Windows\System\AcFaden.exe
  2⤵
  PID:1480
- C:\Windows\System\IYPtzox.exe
  C:\Windows\System\IYPtzox.exe
  2⤵
  PID:1540
- C:\Windows\System\aCiqYLE.exe
  C:\Windows\System\aCiqYLE.exe
  2⤵
  PID:2436
- C:\Windows\System\ayMWYIh.exe
  C:\Windows\System\ayMWYIh.exe
  2⤵
  PID:1512
- C:\Windows\System\YotvhNo.exe
  C:\Windows\System\YotvhNo.exe
  2⤵
  PID:1716
- C:\Windows\System\xZtqBHD.exe
  C:\Windows\System\xZtqBHD.exe
  2⤵
  PID:1380
- C:\Windows\System\ajVKJsl.exe
  C:\Windows\System\ajVKJsl.exe
  2⤵
  PID:1732
- C:\Windows\System\eZiemZH.exe
  C:\Windows\System\eZiemZH.exe
  2⤵
  PID:276
- C:\Windows\System\NebXkji.exe
  C:\Windows\System\NebXkji.exe
  2⤵
  PID:1296
- C:\Windows\System\roxiUdt.exe
  C:\Windows\System\roxiUdt.exe
  2⤵
  PID:1016
- C:\Windows\System\iQtUZzW.exe
  C:\Windows\System\iQtUZzW.exe
  2⤵
  PID:3008
- C:\Windows\System\rBPWfFI.exe
  C:\Windows\System\rBPWfFI.exe
  2⤵
  PID:484
- C:\Windows\System\JUnAqmS.exe
  C:\Windows\System\JUnAqmS.exe
  2⤵
  PID:304
- C:\Windows\System\uCmLtij.exe
  C:\Windows\System\uCmLtij.exe
  2⤵
  PID:1488
- C:\Windows\System\WbmyJQJ.exe
  C:\Windows\System\WbmyJQJ.exe
  2⤵
  PID:2100
- C:\Windows\System\lJcwLiI.exe
  C:\Windows\System\lJcwLiI.exe
  2⤵
  PID:3052
- C:\Windows\System\fYmZUUV.exe
  C:\Windows\System\fYmZUUV.exe
  2⤵
  PID:3060
- C:\Windows\System\VXshKpx.exe
  C:\Windows\System\VXshKpx.exe
  2⤵
  PID:2992
- C:\Windows\System\jtGUtSL.exe
  C:\Windows\System\jtGUtSL.exe
  2⤵
  PID:2736
- C:\Windows\System\yKDznQP.exe
  C:\Windows\System\yKDznQP.exe
  2⤵
  PID:2696
- C:\Windows\System\eggytje.exe
  C:\Windows\System\eggytje.exe
  2⤵
  PID:2724
- C:\Windows\System\BQUTsMy.exe
  C:\Windows\System\BQUTsMy.exe
  2⤵
  PID:2592
- C:\Windows\System\bmamdQB.exe
  C:\Windows\System\bmamdQB.exe
  2⤵
  PID:1200
- C:\Windows\System\xVaziqf.exe
  C:\Windows\System\xVaziqf.exe
  2⤵
  PID:2096
- C:\Windows\System\DNNbztX.exe
  C:\Windows\System\DNNbztX.exe
  2⤵
  PID:1812
- C:\Windows\System\oGMISar.exe
  C:\Windows\System\oGMISar.exe
  2⤵
  PID:2864
- C:\Windows\System\sjAlMlN.exe
  C:\Windows\System\sjAlMlN.exe
  2⤵
  PID:608
- C:\Windows\System\YwNOPZt.exe
  C:\Windows\System\YwNOPZt.exe
  2⤵
  PID:2136
- C:\Windows\System\vJBttok.exe
  C:\Windows\System\vJBttok.exe
  2⤵
  PID:1756
- C:\Windows\System\gxvPHmZ.exe
  C:\Windows\System\gxvPHmZ.exe
  2⤵
  PID:1148
- C:\Windows\System\CXFpTsk.exe
  C:\Windows\System\CXFpTsk.exe
  2⤵
  PID:1636
- C:\Windows\System\JxXSdhd.exe
  C:\Windows\System\JxXSdhd.exe
  2⤵
  PID:1556
- C:\Windows\System\zIKtxIY.exe
  C:\Windows\System\zIKtxIY.exe
  2⤵
  PID:1796
- C:\Windows\System\ocJCrbh.exe
  C:\Windows\System\ocJCrbh.exe
  2⤵
  PID:3004
- C:\Windows\System\zLUOdfv.exe
  C:\Windows\System\zLUOdfv.exe
  2⤵
  PID:896
- C:\Windows\System\XydUNHr.exe
  C:\Windows\System\XydUNHr.exe
  2⤵
  PID:352
- C:\Windows\System\RBUBUIy.exe
  C:\Windows\System\RBUBUIy.exe
  2⤵
  PID:1504
- C:\Windows\System\bUiFtbR.exe
  C:\Windows\System\bUiFtbR.exe
  2⤵
  PID:1976
- C:\Windows\System\XEEPncP.exe
  C:\Windows\System\XEEPncP.exe
  2⤵
  PID:2656
- C:\Windows\System\wtsrIUb.exe
  C:\Windows\System\wtsrIUb.exe
  2⤵
  PID:2968
- C:\Windows\System\WNXidjk.exe
  C:\Windows\System\WNXidjk.exe
  2⤵
  PID:2740
- C:\Windows\System\oJiemCj.exe
  C:\Windows\System\oJiemCj.exe
  2⤵
  PID:1736
- C:\Windows\System\nxZXjnF.exe
  C:\Windows\System\nxZXjnF.exe
  2⤵
  PID:1956
- C:\Windows\System\VRFzMrr.exe
  C:\Windows\System\VRFzMrr.exe
  2⤵
  PID:2384
- C:\Windows\System\nkcBjlo.exe
  C:\Windows\System\nkcBjlo.exe
  2⤵
  PID:448
- C:\Windows\System\UcZOVDb.exe
  C:\Windows\System\UcZOVDb.exe
  2⤵
  PID:1000
- C:\Windows\System\pmZOxsL.exe
  C:\Windows\System\pmZOxsL.exe
  2⤵
  PID:2532
- C:\Windows\System\dzauNsC.exe
  C:\Windows\System\dzauNsC.exe
  2⤵
  PID:800
- C:\Windows\System\XGGvDmb.exe
  C:\Windows\System\XGGvDmb.exe
  2⤵
  PID:3088
- C:\Windows\System\cqtqcww.exe
  C:\Windows\System\cqtqcww.exe
  2⤵
  PID:3108
- C:\Windows\System\PFEpwaK.exe
  C:\Windows\System\PFEpwaK.exe
  2⤵
  PID:3128
- C:\Windows\System\wLzCHlx.exe
  C:\Windows\System\wLzCHlx.exe
  2⤵
  PID:3148
- C:\Windows\System\OhHWVQB.exe
  C:\Windows\System\OhHWVQB.exe
  2⤵
  PID:3168
- C:\Windows\System\ySWCxpF.exe
  C:\Windows\System\ySWCxpF.exe
  2⤵
  PID:3188
- C:\Windows\System\cGoKjhm.exe
  C:\Windows\System\cGoKjhm.exe
  2⤵
  PID:3208
- C:\Windows\System\LRUVWCM.exe
  C:\Windows\System\LRUVWCM.exe
  2⤵
  PID:3228
- C:\Windows\System\BQhDsCS.exe
  C:\Windows\System\BQhDsCS.exe
  2⤵
  PID:3248
- C:\Windows\System\xsScOpl.exe
  C:\Windows\System\xsScOpl.exe
  2⤵
  PID:3268
- C:\Windows\System\ctfbEnT.exe
  C:\Windows\System\ctfbEnT.exe
  2⤵
  PID:3288
- C:\Windows\System\CDSTvnM.exe
  C:\Windows\System\CDSTvnM.exe
  2⤵
  PID:3308
- C:\Windows\System\iqMVWFp.exe
  C:\Windows\System\iqMVWFp.exe
  2⤵
  PID:3328
- C:\Windows\System\jTGDOpB.exe
  C:\Windows\System\jTGDOpB.exe
  2⤵
  PID:3348
- C:\Windows\System\XgCubdn.exe
  C:\Windows\System\XgCubdn.exe
  2⤵
  PID:3368
- C:\Windows\System\DtHmaTN.exe
  C:\Windows\System\DtHmaTN.exe
  2⤵
  PID:3388
- C:\Windows\System\RAyJUVe.exe
  C:\Windows\System\RAyJUVe.exe
  2⤵
  PID:3408
- C:\Windows\System\QmrevDF.exe
  C:\Windows\System\QmrevDF.exe
  2⤵
  PID:3428
- C:\Windows\System\dVILoCt.exe
  C:\Windows\System\dVILoCt.exe
  2⤵
  PID:3448
- C:\Windows\System\pToXPKX.exe
  C:\Windows\System\pToXPKX.exe
  2⤵
  PID:3468
- C:\Windows\System\abgIPsV.exe
  C:\Windows\System\abgIPsV.exe
  2⤵
  PID:3488
- C:\Windows\System\XyCNAFa.exe
  C:\Windows\System\XyCNAFa.exe
  2⤵
  PID:3508
- C:\Windows\System\IDgdioF.exe
  C:\Windows\System\IDgdioF.exe
  2⤵
  PID:3528
- C:\Windows\System\NwTfiNc.exe
  C:\Windows\System\NwTfiNc.exe
  2⤵
  PID:3548
- C:\Windows\System\PtEjSXr.exe
  C:\Windows\System\PtEjSXr.exe
  2⤵
  PID:3568
- C:\Windows\System\thyWFVr.exe
  C:\Windows\System\thyWFVr.exe
  2⤵
  PID:3588
- C:\Windows\System\MCqqDKp.exe
  C:\Windows\System\MCqqDKp.exe
  2⤵
  PID:3608
- C:\Windows\System\qSoNJBI.exe
  C:\Windows\System\qSoNJBI.exe
  2⤵
  PID:3628
- C:\Windows\System\UaaoXyP.exe
  C:\Windows\System\UaaoXyP.exe
  2⤵
  PID:3648
- C:\Windows\System\WzyLIgx.exe
  C:\Windows\System\WzyLIgx.exe
  2⤵
  PID:3664
- C:\Windows\System\DQlxUzZ.exe
  C:\Windows\System\DQlxUzZ.exe
  2⤵
  PID:3688
- C:\Windows\System\XKjCpyL.exe
  C:\Windows\System\XKjCpyL.exe
  2⤵
  PID:3708
- C:\Windows\System\QxnmnoW.exe
  C:\Windows\System\QxnmnoW.exe
  2⤵
  PID:3728
- C:\Windows\System\ZVNdTiT.exe
  C:\Windows\System\ZVNdTiT.exe
  2⤵
  PID:3748
- C:\Windows\System\KAKpXza.exe
  C:\Windows\System\KAKpXza.exe
  2⤵
  PID:3768
- C:\Windows\System\cAvKHdP.exe
  C:\Windows\System\cAvKHdP.exe
  2⤵
  PID:3792
- C:\Windows\System\bpfRiXp.exe
  C:\Windows\System\bpfRiXp.exe
  2⤵
  PID:3812
- C:\Windows\System\DGeAXyW.exe
  C:\Windows\System\DGeAXyW.exe
  2⤵
  PID:3832
- C:\Windows\System\PaxVWYa.exe
  C:\Windows\System\PaxVWYa.exe
  2⤵
  PID:3852
- C:\Windows\System\uOSdYiw.exe
  C:\Windows\System\uOSdYiw.exe
  2⤵
  PID:3872
- C:\Windows\System\WGwOKdr.exe
  C:\Windows\System\WGwOKdr.exe
  2⤵
  PID:3892
- C:\Windows\System\HkMJdZQ.exe
  C:\Windows\System\HkMJdZQ.exe
  2⤵
  PID:3912
- C:\Windows\System\aIJuKAM.exe
  C:\Windows\System\aIJuKAM.exe
  2⤵
  PID:3932
- C:\Windows\System\qCaiwgS.exe
  C:\Windows\System\qCaiwgS.exe
  2⤵
  PID:3952
- C:\Windows\System\mztxvmk.exe
  C:\Windows\System\mztxvmk.exe
  2⤵
  PID:3972
- C:\Windows\System\cXAOjpt.exe
  C:\Windows\System\cXAOjpt.exe
  2⤵
  PID:3992
- C:\Windows\System\trgWERY.exe
  C:\Windows\System\trgWERY.exe
  2⤵
  PID:4012
- C:\Windows\System\xmhKQjL.exe
  C:\Windows\System\xmhKQjL.exe
  2⤵
  PID:4032
- C:\Windows\System\CNGWmtd.exe
  C:\Windows\System\CNGWmtd.exe
  2⤵
  PID:4052
- C:\Windows\System\CbCEjEX.exe
  C:\Windows\System\CbCEjEX.exe
  2⤵
  PID:4072
- C:\Windows\System\EELltIe.exe
  C:\Windows\System\EELltIe.exe
  2⤵
  PID:4092
- C:\Windows\System\DqQJnSu.exe
  C:\Windows\System\DqQJnSu.exe
  2⤵
  PID:908
- C:\Windows\System\QzGwITk.exe
  C:\Windows\System\QzGwITk.exe
  2⤵
  PID:2476
- C:\Windows\System\KxDhOaV.exe
  C:\Windows\System\KxDhOaV.exe
  2⤵
  PID:2664
- C:\Windows\System\gGBdlwW.exe
  C:\Windows\System\gGBdlwW.exe
  2⤵
  PID:2504
- C:\Windows\System\llahfeq.exe
  C:\Windows\System\llahfeq.exe
  2⤵
  PID:340
- C:\Windows\System\TGPZLFU.exe
  C:\Windows\System\TGPZLFU.exe
  2⤵
  PID:2156
- C:\Windows\System\GtKWVmx.exe
  C:\Windows\System\GtKWVmx.exe
  2⤵
  PID:1116
- C:\Windows\System\uuYajGj.exe
  C:\Windows\System\uuYajGj.exe
  2⤵
  PID:316
- C:\Windows\System\oxwlmqL.exe
  C:\Windows\System\oxwlmqL.exe
  2⤵
  PID:3104
- C:\Windows\System\kDobHQT.exe
  C:\Windows\System\kDobHQT.exe
  2⤵
  PID:3136
- C:\Windows\System\DnniQBL.exe
  C:\Windows\System\DnniQBL.exe
  2⤵
  PID:3160
- C:\Windows\System\UzNVSls.exe
  C:\Windows\System\UzNVSls.exe
  2⤵
  PID:3180
- C:\Windows\System\DjEtfsF.exe
  C:\Windows\System\DjEtfsF.exe
  2⤵
  PID:3236
- C:\Windows\System\xzDkEed.exe
  C:\Windows\System\xzDkEed.exe
  2⤵
  PID:3284
- C:\Windows\System\mAXwMww.exe
  C:\Windows\System\mAXwMww.exe
  2⤵
  PID:3260
- C:\Windows\System\ZupndpS.exe
  C:\Windows\System\ZupndpS.exe
  2⤵
  PID:3320
- C:\Windows\System\rxcNZci.exe
  C:\Windows\System\rxcNZci.exe
  2⤵
  PID:3360
- C:\Windows\System\ANxAkon.exe
  C:\Windows\System\ANxAkon.exe
  2⤵
  PID:3400
- C:\Windows\System\FxgoynC.exe
  C:\Windows\System\FxgoynC.exe
  2⤵
  PID:3424
- C:\Windows\System\csBQTch.exe
  C:\Windows\System\csBQTch.exe
  2⤵
  PID:3476
- C:\Windows\System\OzChMID.exe
  C:\Windows\System\OzChMID.exe
  2⤵
  PID:3460
- C:\Windows\System\zTSILhg.exe
  C:\Windows\System\zTSILhg.exe
  2⤵
  PID:3500
- C:\Windows\System\kVIkuAe.exe
  C:\Windows\System\kVIkuAe.exe
  2⤵
  PID:3536
- C:\Windows\System\acDEPOu.exe
  C:\Windows\System\acDEPOu.exe
  2⤵
  PID:3584
- C:\Windows\System\EXtBwtI.exe
  C:\Windows\System\EXtBwtI.exe
  2⤵
  PID:3616
- C:\Windows\System\bttTXmy.exe
  C:\Windows\System\bttTXmy.exe
  2⤵
  PID:3672
- C:\Windows\System\nfddavY.exe
  C:\Windows\System\nfddavY.exe
  2⤵
  PID:3676
- C:\Windows\System\vxUBSaM.exe
  C:\Windows\System\vxUBSaM.exe
  2⤵
  PID:3700
- C:\Windows\System\XeTdCJL.exe
  C:\Windows\System\XeTdCJL.exe
  2⤵
  PID:3744
- C:\Windows\System\NZFCgrM.exe
  C:\Windows\System\NZFCgrM.exe
  2⤵
  PID:3808
- C:\Windows\System\vScdued.exe
  C:\Windows\System\vScdued.exe
  2⤵
  PID:3840
- C:\Windows\System\JsdfvqZ.exe
  C:\Windows\System\JsdfvqZ.exe
  2⤵
  PID:3860
- C:\Windows\System\yYzhTfv.exe
  C:\Windows\System\yYzhTfv.exe
  2⤵
  PID:3900
- C:\Windows\System\EkkjTjW.exe
  C:\Windows\System\EkkjTjW.exe
  2⤵
  PID:3968
- C:\Windows\System\AwrqgVf.exe
  C:\Windows\System\AwrqgVf.exe
  2⤵
  PID:3948
- C:\Windows\System\gSLxAPb.exe
  C:\Windows\System\gSLxAPb.exe
  2⤵
  PID:3988
- C:\Windows\System\AFlTodM.exe
  C:\Windows\System\AFlTodM.exe
  2⤵
  PID:4044
- C:\Windows\System\HcSkMAa.exe
  C:\Windows\System\HcSkMAa.exe
  2⤵
  PID:4080
- C:\Windows\System\AVkhNNJ.exe
  C:\Windows\System\AVkhNNJ.exe
  2⤵
  PID:4064
- C:\Windows\System\nuUQjZr.exe
  C:\Windows\System\nuUQjZr.exe
  2⤵
  PID:560
- C:\Windows\System\ooVWgzD.exe
  C:\Windows\System\ooVWgzD.exe
  2⤵
  PID:2828
- C:\Windows\System\cDuwPHY.exe
  C:\Windows\System\cDuwPHY.exe
  2⤵
  PID:2536
- C:\Windows\System\wgZxsBw.exe
  C:\Windows\System\wgZxsBw.exe
  2⤵
  PID:1484
- C:\Windows\System\TGMtgxz.exe
  C:\Windows\System\TGMtgxz.exe
  2⤵
  PID:3076
- C:\Windows\System\KhowtRa.exe
  C:\Windows\System\KhowtRa.exe
  2⤵
  PID:2288
- C:\Windows\System\zzklPFZ.exe
  C:\Windows\System\zzklPFZ.exe
  2⤵
  PID:3184
- C:\Windows\System\pgYorIR.exe
  C:\Windows\System\pgYorIR.exe
  2⤵
  PID:3276
- C:\Windows\System\quwYqpM.exe
  C:\Windows\System\quwYqpM.exe
  2⤵
  PID:3216
- C:\Windows\System\kOgpDtB.exe
  C:\Windows\System\kOgpDtB.exe
  2⤵
  PID:3344
- C:\Windows\System\FtgviHX.exe
  C:\Windows\System\FtgviHX.exe
  2⤵
  PID:3440
- C:\Windows\System\TpwaDOg.exe
  C:\Windows\System\TpwaDOg.exe
  2⤵
  PID:3524
- C:\Windows\System\uiMmPdg.exe
  C:\Windows\System\uiMmPdg.exe
  2⤵
  PID:3496
- C:\Windows\System\rIIfVaF.exe
  C:\Windows\System\rIIfVaF.exe
  2⤵
  PID:3556
- C:\Windows\System\PjXOGuc.exe
  C:\Windows\System\PjXOGuc.exe
  2⤵
  PID:3600
- C:\Windows\System\rsVduQg.exe
  C:\Windows\System\rsVduQg.exe
  2⤵
  PID:3724
- C:\Windows\System\YWcPOow.exe
  C:\Windows\System\YWcPOow.exe
  2⤵
  PID:3736
- C:\Windows\System\bPrnPll.exe
  C:\Windows\System\bPrnPll.exe
  2⤵
  PID:3780
- C:\Windows\System\GYjdUlb.exe
  C:\Windows\System\GYjdUlb.exe
  2⤵
  PID:3804
- C:\Windows\System\zOhiouT.exe
  C:\Windows\System\zOhiouT.exe
  2⤵
  PID:3868
- C:\Windows\System\CQltewi.exe
  C:\Windows\System\CQltewi.exe
  2⤵
  PID:3940
- C:\Windows\System\dFgoZSZ.exe
  C:\Windows\System\dFgoZSZ.exe
  2⤵
  PID:4048
- C:\Windows\System\XitHQgz.exe
  C:\Windows\System\XitHQgz.exe
  2⤵
  PID:4060
- C:\Windows\System\MwABhtB.exe
  C:\Windows\System\MwABhtB.exe
  2⤵
  PID:2408
- C:\Windows\System\qTciDiz.exe
  C:\Windows\System\qTciDiz.exe
  2⤵
  PID:3084
- C:\Windows\System\JPjPtkv.exe
  C:\Windows\System\JPjPtkv.exe
  2⤵
  PID:3164
- C:\Windows\System\zyFXxap.exe
  C:\Windows\System\zyFXxap.exe
  2⤵
  PID:3240
- C:\Windows\System\MPECwDK.exe
  C:\Windows\System\MPECwDK.exe
  2⤵
  PID:3264
- C:\Windows\System\EoJPDmO.exe
  C:\Windows\System\EoJPDmO.exe
  2⤵
  PID:3484
- C:\Windows\System\PHBflBU.exe
  C:\Windows\System\PHBflBU.exe
  2⤵
  PID:3464
- C:\Windows\System\PvlpOyp.exe
  C:\Windows\System\PvlpOyp.exe
  2⤵
  PID:3636
- C:\Windows\System\pwsEauv.exe
  C:\Windows\System\pwsEauv.exe
  2⤵
  PID:3656
- C:\Windows\System\RJJnEZt.exe
  C:\Windows\System\RJJnEZt.exe
  2⤵
  PID:3844
- C:\Windows\System\lYXlyUw.exe
  C:\Windows\System\lYXlyUw.exe
  2⤵
  PID:3928
- C:\Windows\System\TpVYfGG.exe
  C:\Windows\System\TpVYfGG.exe
  2⤵
  PID:4104
- C:\Windows\System\ZWoWExp.exe
  C:\Windows\System\ZWoWExp.exe
  2⤵
  PID:4124
- C:\Windows\System\hYThUDT.exe
  C:\Windows\System\hYThUDT.exe
  2⤵
  PID:4144
- C:\Windows\System\rtviQzE.exe
  C:\Windows\System\rtviQzE.exe
  2⤵
  PID:4164
- C:\Windows\System\KxTLqko.exe
  C:\Windows\System\KxTLqko.exe
  2⤵
  PID:4180
- C:\Windows\System\olXlvTk.exe
  C:\Windows\System\olXlvTk.exe
  2⤵
  PID:4204
- C:\Windows\System\yEXkkNi.exe
  C:\Windows\System\yEXkkNi.exe
  2⤵
  PID:4224
- C:\Windows\System\NHXdvRs.exe
  C:\Windows\System\NHXdvRs.exe
  2⤵
  PID:4244
- C:\Windows\System\aDEaRAg.exe
  C:\Windows\System\aDEaRAg.exe
  2⤵
  PID:4264
- C:\Windows\System\uPOGRAJ.exe
  C:\Windows\System\uPOGRAJ.exe
  2⤵
  PID:4284
- C:\Windows\System\eKGPhQK.exe
  C:\Windows\System\eKGPhQK.exe
  2⤵
  PID:4304
- C:\Windows\System\SOVYobW.exe
  C:\Windows\System\SOVYobW.exe
  2⤵
  PID:4324
- C:\Windows\System\oTfqXOg.exe
  C:\Windows\System\oTfqXOg.exe
  2⤵
  PID:4344
- C:\Windows\System\YVUoJPa.exe
  C:\Windows\System\YVUoJPa.exe
  2⤵
  PID:4364
- C:\Windows\System\sKQgIah.exe
  C:\Windows\System\sKQgIah.exe
  2⤵
  PID:4384
- C:\Windows\System\MWnBzdt.exe
  C:\Windows\System\MWnBzdt.exe
  2⤵
  PID:4408
- C:\Windows\System\eTfXjWr.exe
  C:\Windows\System\eTfXjWr.exe
  2⤵
  PID:4424
- C:\Windows\System\ZwIbEPF.exe
  C:\Windows\System\ZwIbEPF.exe
  2⤵
  PID:4448
- C:\Windows\System\KlVoyiy.exe
  C:\Windows\System\KlVoyiy.exe
  2⤵
  PID:4468
- C:\Windows\System\zxVvZgZ.exe
  C:\Windows\System\zxVvZgZ.exe
  2⤵
  PID:4488
- C:\Windows\System\YmtJsjb.exe
  C:\Windows\System\YmtJsjb.exe
  2⤵
  PID:4508
- C:\Windows\System\kkfgvhF.exe
  C:\Windows\System\kkfgvhF.exe
  2⤵
  PID:4528
- C:\Windows\System\BoPKFlV.exe
  C:\Windows\System\BoPKFlV.exe
  2⤵
  PID:4548
- C:\Windows\System\hNugDZl.exe
  C:\Windows\System\hNugDZl.exe
  2⤵
  PID:4568
- C:\Windows\System\TzmxKGH.exe
  C:\Windows\System\TzmxKGH.exe
  2⤵
  PID:4588
- C:\Windows\System\rxsfEoa.exe
  C:\Windows\System\rxsfEoa.exe
  2⤵
  PID:4608
- C:\Windows\System\DHNTDwj.exe
  C:\Windows\System\DHNTDwj.exe
  2⤵
  PID:4628
- C:\Windows\System\QIJJxKh.exe
  C:\Windows\System\QIJJxKh.exe
  2⤵
  PID:4648
- C:\Windows\System\HfmzfTi.exe
  C:\Windows\System\HfmzfTi.exe
  2⤵
  PID:4668
- C:\Windows\System\DDdTfRq.exe
  C:\Windows\System\DDdTfRq.exe
  2⤵
  PID:4688
- C:\Windows\System\fUclmrV.exe
  C:\Windows\System\fUclmrV.exe
  2⤵
  PID:4708
- C:\Windows\System\JBOskkO.exe
  C:\Windows\System\JBOskkO.exe
  2⤵
  PID:4732
- C:\Windows\System\MeYqynF.exe
  C:\Windows\System\MeYqynF.exe
  2⤵
  PID:4752
- C:\Windows\System\BpQcgEN.exe
  C:\Windows\System\BpQcgEN.exe
  2⤵
  PID:4772
- C:\Windows\System\pvHpEAn.exe
  C:\Windows\System\pvHpEAn.exe
  2⤵
  PID:4792
- C:\Windows\System\NGuBjxV.exe
  C:\Windows\System\NGuBjxV.exe
  2⤵
  PID:4812
- C:\Windows\System\mdIcjAG.exe
  C:\Windows\System\mdIcjAG.exe
  2⤵
  PID:4832
- C:\Windows\System\FmwvJRu.exe
  C:\Windows\System\FmwvJRu.exe
  2⤵
  PID:4852
- C:\Windows\System\GRLTMWR.exe
  C:\Windows\System\GRLTMWR.exe
  2⤵
  PID:4872
- C:\Windows\System\wczdzHs.exe
  C:\Windows\System\wczdzHs.exe
  2⤵
  PID:4892
- C:\Windows\System\jqGApLk.exe
  C:\Windows\System\jqGApLk.exe
  2⤵
  PID:4916
- C:\Windows\System\WMGNjrw.exe
  C:\Windows\System\WMGNjrw.exe
  2⤵
  PID:4936
- C:\Windows\System\DCSQgdE.exe
  C:\Windows\System\DCSQgdE.exe
  2⤵
  PID:4956
- C:\Windows\System\GNkzNrF.exe
  C:\Windows\System\GNkzNrF.exe
  2⤵
  PID:4976
- C:\Windows\System\KdeymKz.exe
  C:\Windows\System\KdeymKz.exe
  2⤵
  PID:4996
- C:\Windows\System\MWgITHY.exe
  C:\Windows\System\MWgITHY.exe
  2⤵
  PID:5016
- C:\Windows\System\mrITdAO.exe
  C:\Windows\System\mrITdAO.exe
  2⤵
  PID:5036
- C:\Windows\System\uZDKpkt.exe
  C:\Windows\System\uZDKpkt.exe
  2⤵
  PID:5056
- C:\Windows\System\nKyzrHa.exe
  C:\Windows\System\nKyzrHa.exe
  2⤵
  PID:5076
- C:\Windows\System\NRSYZmS.exe
  C:\Windows\System\NRSYZmS.exe
  2⤵
  PID:5096
- C:\Windows\System\aMzJwNd.exe
  C:\Windows\System\aMzJwNd.exe
  2⤵
  PID:5116
- C:\Windows\System\FnECSMb.exe
  C:\Windows\System\FnECSMb.exe
  2⤵
  PID:2160
- C:\Windows\System\Lbgurdb.exe
  C:\Windows\System\Lbgurdb.exe
  2⤵
  PID:2964
- C:\Windows\System\zrTWOqi.exe
  C:\Windows\System\zrTWOqi.exe
  2⤵
  PID:2768
- C:\Windows\System\wpzrEgB.exe
  C:\Windows\System\wpzrEgB.exe
  2⤵
  PID:3324
- C:\Windows\System\mYarTvK.exe
  C:\Windows\System\mYarTvK.exe
  2⤵
  PID:3396
- C:\Windows\System\CoKJWiJ.exe
  C:\Windows\System\CoKJWiJ.exe
  2⤵
  PID:3756
- C:\Windows\System\xkUlbjJ.exe
  C:\Windows\System\xkUlbjJ.exe
  2⤵
  PID:3716
- C:\Windows\System\WKGjaKY.exe
  C:\Windows\System\WKGjaKY.exe
  2⤵
  PID:4008
- C:\Windows\System\tXmrtbC.exe
  C:\Windows\System\tXmrtbC.exe
  2⤵
  PID:4116
- C:\Windows\System\agQeNwR.exe
  C:\Windows\System\agQeNwR.exe
  2⤵
  PID:4156
- C:\Windows\System\ppviJao.exe
  C:\Windows\System\ppviJao.exe
  2⤵
  PID:4136
- C:\Windows\System\BqoIFgr.exe
  C:\Windows\System\BqoIFgr.exe
  2⤵
  PID:4240
- C:\Windows\System\hQtJyoy.exe
  C:\Windows\System\hQtJyoy.exe
  2⤵
  PID:4252
- C:\Windows\System\FNHIpRR.exe
  C:\Windows\System\FNHIpRR.exe
  2⤵
  PID:4276
- C:\Windows\System\VJcogvp.exe
  C:\Windows\System\VJcogvp.exe
  2⤵
  PID:4296
- C:\Windows\System\UeSOfUE.exe
  C:\Windows\System\UeSOfUE.exe
  2⤵
  PID:4340
- C:\Windows\System\GpkukPi.exe
  C:\Windows\System\GpkukPi.exe
  2⤵
  PID:4396
- C:\Windows\System\KbMLRJZ.exe
  C:\Windows\System\KbMLRJZ.exe
  2⤵
  PID:4440
- C:\Windows\System\DEwxAqj.exe
  C:\Windows\System\DEwxAqj.exe
  2⤵
  PID:4456
- C:\Windows\System\JhgYddN.exe
  C:\Windows\System\JhgYddN.exe
  2⤵
  PID:4524
- C:\Windows\System\xFfyyQc.exe
  C:\Windows\System\xFfyyQc.exe
  2⤵
  PID:4500
- C:\Windows\System\BkWTRQi.exe
  C:\Windows\System\BkWTRQi.exe
  2⤵
  PID:4564
- C:\Windows\System\TCbmfzG.exe
  C:\Windows\System\TCbmfzG.exe
  2⤵
  PID:4600
- C:\Windows\System\CRmDPfJ.exe
  C:\Windows\System\CRmDPfJ.exe
  2⤵
  PID:4616
- C:\Windows\System\bUlLbZM.exe
  C:\Windows\System\bUlLbZM.exe
  2⤵
  PID:4664
- C:\Windows\System\fSfiTRG.exe
  C:\Windows\System\fSfiTRG.exe
  2⤵
  PID:4696
- C:\Windows\System\RyOinCa.exe
  C:\Windows\System\RyOinCa.exe
  2⤵
  PID:4724
- C:\Windows\System\XGznYqY.exe
  C:\Windows\System\XGznYqY.exe
  2⤵
  PID:4740
- C:\Windows\System\CqaaSIQ.exe
  C:\Windows\System\CqaaSIQ.exe
  2⤵
  PID:4808
- C:\Windows\System\VSArCXw.exe
  C:\Windows\System\VSArCXw.exe
  2⤵
  PID:4828
- C:\Windows\System\aBXrFSL.exe
  C:\Windows\System\aBXrFSL.exe
  2⤵
  PID:4860
- C:\Windows\System\ntfRvNi.exe
  C:\Windows\System\ntfRvNi.exe
  2⤵
  PID:4884
- C:\Windows\System\sVBQbHK.exe
  C:\Windows\System\sVBQbHK.exe
  2⤵
  PID:4932
- C:\Windows\System\FsogZBb.exe
  C:\Windows\System\FsogZBb.exe
  2⤵
  PID:2652
- C:\Windows\System\tZImTJc.exe
  C:\Windows\System\tZImTJc.exe
  2⤵
  PID:4984
- C:\Windows\System\pGOQxBI.exe
  C:\Windows\System\pGOQxBI.exe
  2⤵
  PID:5052
- C:\Windows\System\fikMEiM.exe
  C:\Windows\System\fikMEiM.exe
  2⤵
  PID:5064
- C:\Windows\System\vDibQGf.exe
  C:\Windows\System\vDibQGf.exe
  2⤵
  PID:5088
- C:\Windows\System\pncWlMy.exe
  C:\Windows\System\pncWlMy.exe
  2⤵
  PID:5108
- C:\Windows\System\UPHFCYE.exe
  C:\Windows\System\UPHFCYE.exe
  2⤵
  PID:2516
- C:\Windows\System\hhTDFCB.exe
  C:\Windows\System\hhTDFCB.exe
  2⤵
  PID:3416
- C:\Windows\System\giPKXZd.exe
  C:\Windows\System\giPKXZd.exe
  2⤵
  PID:3456
- C:\Windows\System\naDxMBP.exe
  C:\Windows\System\naDxMBP.exe
  2⤵
  PID:3620
- C:\Windows\System\rAhiIeP.exe
  C:\Windows\System\rAhiIeP.exe
  2⤵
  PID:3960
- C:\Windows\System\oPanYDk.exe
  C:\Windows\System\oPanYDk.exe
  2⤵
  PID:4192
- C:\Windows\System\yXTQnUu.exe
  C:\Windows\System\yXTQnUu.exe
  2⤵
  PID:4160
- C:\Windows\System\MuOhxFT.exe
  C:\Windows\System\MuOhxFT.exe
  2⤵
  PID:4232
- C:\Windows\System\uEFrFOF.exe
  C:\Windows\System\uEFrFOF.exe
  2⤵
  PID:4316
- C:\Windows\System\qhqNApv.exe
  C:\Windows\System\qhqNApv.exe
  2⤵
  PID:4436
- C:\Windows\System\aQIMMSc.exe
  C:\Windows\System\aQIMMSc.exe
  2⤵
  PID:2600
- C:\Windows\System\eaCwNWn.exe
  C:\Windows\System\eaCwNWn.exe
  2⤵
  PID:4484
- C:\Windows\System\DTMxFMi.exe
  C:\Windows\System\DTMxFMi.exe
  2⤵
  PID:2760
- C:\Windows\System\hiDvsEJ.exe
  C:\Windows\System\hiDvsEJ.exe
  2⤵
  PID:4540
- C:\Windows\System\uJCtiQB.exe
  C:\Windows\System\uJCtiQB.exe
  2⤵
  PID:4644
- C:\Windows\System\gWbhVfG.exe
  C:\Windows\System\gWbhVfG.exe
  2⤵
  PID:4700
- C:\Windows\System\jykKjOV.exe
  C:\Windows\System\jykKjOV.exe
  2⤵
  PID:4680
- C:\Windows\System\dsZnnbp.exe
  C:\Windows\System\dsZnnbp.exe
  2⤵
  PID:4768
- C:\Windows\System\ZOsIbcw.exe
  C:\Windows\System\ZOsIbcw.exe
  2⤵
  PID:4844
- C:\Windows\System\NnMWxWI.exe
  C:\Windows\System\NnMWxWI.exe
  2⤵
  PID:4864
- C:\Windows\System\SymuWYp.exe
  C:\Windows\System\SymuWYp.exe
  2⤵
  PID:4880
- C:\Windows\System\kzXdFdH.exe
  C:\Windows\System\kzXdFdH.exe
  2⤵
  PID:5004
- C:\Windows\System\sOHZdac.exe
  C:\Windows\System\sOHZdac.exe
  2⤵
  PID:4988
- C:\Windows\System\loSabvj.exe
  C:\Windows\System\loSabvj.exe
  2⤵
  PID:5032
- C:\Windows\System\hcEnHJC.exe
  C:\Windows\System\hcEnHJC.exe
  2⤵
  PID:5072
- C:\Windows\System\vvKrJHw.exe
  C:\Windows\System\vvKrJHw.exe
  2⤵
  PID:2868
- C:\Windows\System\honaWUA.exe
  C:\Windows\System\honaWUA.exe
  2⤵
  PID:3380
- C:\Windows\System\etFtVcn.exe
  C:\Windows\System\etFtVcn.exe
  2⤵
  PID:4200
- C:\Windows\System\LgTOkNC.exe
  C:\Windows\System\LgTOkNC.exe
  2⤵
  PID:4120
- C:\Windows\System\ppksnVe.exe
  C:\Windows\System\ppksnVe.exe
  2⤵
  PID:4400
- C:\Windows\System\msUWJtp.exe
  C:\Windows\System\msUWJtp.exe
  2⤵
  PID:1864
- C:\Windows\System\AeUgyIq.exe
  C:\Windows\System\AeUgyIq.exe
  2⤵
  PID:4280
- C:\Windows\System\DEBIRgI.exe
  C:\Windows\System\DEBIRgI.exe
  2⤵
  PID:4556
- C:\Windows\System\MtBPAaA.exe
  C:\Windows\System\MtBPAaA.exe
  2⤵
  PID:4728
- C:\Windows\System\zaaABBC.exe
  C:\Windows\System\zaaABBC.exe
  2⤵
  PID:1656
- C:\Windows\System\pUorAas.exe
  C:\Windows\System\pUorAas.exe
  2⤵
  PID:4624
- C:\Windows\System\ZOYfAbw.exe
  C:\Windows\System\ZOYfAbw.exe
  2⤵
  PID:4788
- C:\Windows\System\TofviFC.exe
  C:\Windows\System\TofviFC.exe
  2⤵
  PID:4784
- C:\Windows\System\tjYrVUv.exe
  C:\Windows\System\tjYrVUv.exe
  2⤵
  PID:4928
- C:\Windows\System\IIpXNne.exe
  C:\Windows\System\IIpXNne.exe
  2⤵
  PID:2620
- C:\Windows\System\nrgYuSu.exe
  C:\Windows\System\nrgYuSu.exe
  2⤵
  PID:4912
- C:\Windows\System\TrfWjnI.exe
  C:\Windows\System\TrfWjnI.exe
  2⤵
  PID:3644
- C:\Windows\System\gWXokHc.exe
  C:\Windows\System\gWXokHc.exe
  2⤵
  PID:3980
- C:\Windows\System\zpfkcaO.exe
  C:\Windows\System\zpfkcaO.exe
  2⤵
  PID:4300
- C:\Windows\System\EYtsVAk.exe
  C:\Windows\System\EYtsVAk.exe
  2⤵
  PID:4392
- C:\Windows\System\kraYZam.exe
  C:\Windows\System\kraYZam.exe
  2⤵
  PID:4636
- C:\Windows\System\suEPoRf.exe
  C:\Windows\System\suEPoRf.exe
  2⤵
  PID:4464
- C:\Windows\System\GtASTEw.exe
  C:\Windows\System\GtASTEw.exe
  2⤵
  PID:2660
- C:\Windows\System\GfeVhDt.exe
  C:\Windows\System\GfeVhDt.exe
  2⤵
  PID:3064
- C:\Windows\System\cobUpol.exe
  C:\Windows\System\cobUpol.exe
  2⤵
  PID:5008
- C:\Windows\System\kJrGoed.exe
  C:\Windows\System\kJrGoed.exe
  2⤵
  PID:5104
- C:\Windows\System\iVlAbqa.exe
  C:\Windows\System\iVlAbqa.exe
  2⤵
  PID:2084
- C:\Windows\System\yUIivme.exe
  C:\Windows\System\yUIivme.exe
  2⤵
  PID:4640
- C:\Windows\System\rCwwGAJ.exe
  C:\Windows\System\rCwwGAJ.exe
  2⤵
  PID:4604
- C:\Windows\System\lYljrQU.exe
  C:\Windows\System\lYljrQU.exe
  2⤵
  PID:4800
- C:\Windows\System\hahYsam.exe
  C:\Windows\System\hahYsam.exe
  2⤵
  PID:5136
- C:\Windows\System\jKcHZJo.exe
  C:\Windows\System\jKcHZJo.exe
  2⤵
  PID:5156
- C:\Windows\System\RImxTCH.exe
  C:\Windows\System\RImxTCH.exe
  2⤵
  PID:5176
- C:\Windows\System\oVDQWdK.exe
  C:\Windows\System\oVDQWdK.exe
  2⤵
  PID:5196
- C:\Windows\System\jzKXGUb.exe
  C:\Windows\System\jzKXGUb.exe
  2⤵
  PID:5216
- C:\Windows\System\THzpMtb.exe
  C:\Windows\System\THzpMtb.exe
  2⤵
  PID:5236
- C:\Windows\System\cbCieFp.exe
  C:\Windows\System\cbCieFp.exe
  2⤵
  PID:5256
- C:\Windows\System\Ijbkodv.exe
  C:\Windows\System\Ijbkodv.exe
  2⤵
  PID:5276
- C:\Windows\System\plUKvfH.exe
  C:\Windows\System\plUKvfH.exe
  2⤵
  PID:5296
- C:\Windows\System\hPxhxBG.exe
  C:\Windows\System\hPxhxBG.exe
  2⤵
  PID:5316
- C:\Windows\System\LMjYrXk.exe
  C:\Windows\System\LMjYrXk.exe
  2⤵
  PID:5336
- C:\Windows\System\JGSjfIw.exe
  C:\Windows\System\JGSjfIw.exe
  2⤵
  PID:5352
- C:\Windows\System\nkGCgJU.exe
  C:\Windows\System\nkGCgJU.exe
  2⤵
  PID:5376
- C:\Windows\System\zDglRiQ.exe
  C:\Windows\System\zDglRiQ.exe
  2⤵
  PID:5396
- C:\Windows\System\iJynZYH.exe
  C:\Windows\System\iJynZYH.exe
  2⤵
  PID:5416
- C:\Windows\System\DmpJTNy.exe
  C:\Windows\System\DmpJTNy.exe
  2⤵
  PID:5436
- C:\Windows\System\DrwyKwv.exe
  C:\Windows\System\DrwyKwv.exe
  2⤵
  PID:5456
- C:\Windows\System\GeTimKg.exe
  C:\Windows\System\GeTimKg.exe
  2⤵
  PID:5476
- C:\Windows\System\mjnpklZ.exe
  C:\Windows\System\mjnpklZ.exe
  2⤵
  PID:5496
- C:\Windows\System\aeMiOVT.exe
  C:\Windows\System\aeMiOVT.exe
  2⤵
  PID:5512
- C:\Windows\System\cIGxVYI.exe
  C:\Windows\System\cIGxVYI.exe
  2⤵
  PID:5536
- C:\Windows\System\xPfWhKr.exe
  C:\Windows\System\xPfWhKr.exe
  2⤵
  PID:5552
- C:\Windows\System\qkeVWGP.exe
  C:\Windows\System\qkeVWGP.exe
  2⤵
  PID:5576
- C:\Windows\System\CbwQGcK.exe
  C:\Windows\System\CbwQGcK.exe
  2⤵
  PID:5596
- C:\Windows\System\ENUGuCx.exe
  C:\Windows\System\ENUGuCx.exe
  2⤵
  PID:5616
- C:\Windows\System\KuyamWs.exe
  C:\Windows\System\KuyamWs.exe
  2⤵
  PID:5632
- C:\Windows\System\kEMaYEo.exe
  C:\Windows\System\kEMaYEo.exe
  2⤵
  PID:5656
- C:\Windows\System\eIiHwwK.exe
  C:\Windows\System\eIiHwwK.exe
  2⤵
  PID:5676
- C:\Windows\System\OVGULFw.exe
  C:\Windows\System\OVGULFw.exe
  2⤵
  PID:5696
- C:\Windows\System\hvRMqor.exe
  C:\Windows\System\hvRMqor.exe
  2⤵
  PID:5716
- C:\Windows\System\BdfCNoS.exe
  C:\Windows\System\BdfCNoS.exe
  2⤵
  PID:5736
- C:\Windows\System\uRSBWxu.exe
  C:\Windows\System\uRSBWxu.exe
  2⤵
  PID:5756
- C:\Windows\System\UPmOSnd.exe
  C:\Windows\System\UPmOSnd.exe
  2⤵
  PID:5776
- C:\Windows\System\aVNNPCN.exe
  C:\Windows\System\aVNNPCN.exe
  2⤵
  PID:5792
- C:\Windows\System\IhGvyKY.exe
  C:\Windows\System\IhGvyKY.exe
  2⤵
  PID:5816
- C:\Windows\System\iFCzmFz.exe
  C:\Windows\System\iFCzmFz.exe
  2⤵
  PID:5836
- C:\Windows\System\ScIkXeI.exe
  C:\Windows\System\ScIkXeI.exe
  2⤵
  PID:5856
- C:\Windows\System\zCJRivn.exe
  C:\Windows\System\zCJRivn.exe
  2⤵
  PID:5876
- C:\Windows\System\LaeOiJg.exe
  C:\Windows\System\LaeOiJg.exe
  2⤵
  PID:5896
- C:\Windows\System\bGBjmxB.exe
  C:\Windows\System\bGBjmxB.exe
  2⤵
  PID:5916
- C:\Windows\System\uAIpaoV.exe
  C:\Windows\System\uAIpaoV.exe
  2⤵
  PID:5936
- C:\Windows\System\OLtaFBG.exe
  C:\Windows\System\OLtaFBG.exe
  2⤵
  PID:5960
- C:\Windows\System\sGpxGhx.exe
  C:\Windows\System\sGpxGhx.exe
  2⤵
  PID:5980
- C:\Windows\System\abYDCXM.exe
  C:\Windows\System\abYDCXM.exe
  2⤵
  PID:6000
- C:\Windows\System\SxeXpiF.exe
  C:\Windows\System\SxeXpiF.exe
  2⤵
  PID:6020
- C:\Windows\System\qrOyquR.exe
  C:\Windows\System\qrOyquR.exe
  2⤵
  PID:6040
- C:\Windows\System\UMphDZU.exe
  C:\Windows\System\UMphDZU.exe
  2⤵
  PID:6064
- C:\Windows\System\pziGseV.exe
  C:\Windows\System\pziGseV.exe
  2⤵
  PID:6084
- C:\Windows\System\ZnIbXRd.exe
  C:\Windows\System\ZnIbXRd.exe
  2⤵
  PID:6104
- C:\Windows\System\cVxIyTG.exe
  C:\Windows\System\cVxIyTG.exe
  2⤵
  PID:6120
- C:\Windows\System\YMTVQLt.exe
  C:\Windows\System\YMTVQLt.exe
  2⤵
  PID:4888
- C:\Windows\System\wsHiocB.exe
  C:\Windows\System\wsHiocB.exe
  2⤵
  PID:4216
- C:\Windows\System\vYLbbVh.exe
  C:\Windows\System\vYLbbVh.exe
  2⤵
  PID:4212
- C:\Windows\System\oVJGgEr.exe
  C:\Windows\System\oVJGgEr.exe
  2⤵
  PID:3316
- C:\Windows\System\eZhDpFZ.exe
  C:\Windows\System\eZhDpFZ.exe
  2⤵
  PID:2564
- C:\Windows\System\sHlmNSc.exe
  C:\Windows\System\sHlmNSc.exe
  2⤵
  PID:5172
- C:\Windows\System\jQtMncM.exe
  C:\Windows\System\jQtMncM.exe
  2⤵
  PID:5148
- C:\Windows\System\kptHkyf.exe
  C:\Windows\System\kptHkyf.exe
  2⤵
  PID:5244
- C:\Windows\System\OGrsFnn.exe
  C:\Windows\System\OGrsFnn.exe
  2⤵
  PID:5228
- C:\Windows\System\xZHcOdq.exe
  C:\Windows\System\xZHcOdq.exe
  2⤵
  PID:5268
- C:\Windows\System\UrGRxtB.exe
  C:\Windows\System\UrGRxtB.exe
  2⤵
  PID:5312
- C:\Windows\System\GEOUhes.exe
  C:\Windows\System\GEOUhes.exe
  2⤵
  PID:1920
- C:\Windows\System\XeVnSWH.exe
  C:\Windows\System\XeVnSWH.exe
  2⤵
  PID:5384
- C:\Windows\System\dPxpXFk.exe
  C:\Windows\System\dPxpXFk.exe
  2⤵
  PID:5388
- C:\Windows\System\TArbOhk.exe
  C:\Windows\System\TArbOhk.exe
  2⤵
  PID:5448
- C:\Windows\System\ySkFLHr.exe
  C:\Windows\System\ySkFLHr.exe
  2⤵
  PID:5492
- C:\Windows\System\cZwAixk.exe
  C:\Windows\System\cZwAixk.exe
  2⤵
  PID:5468
- C:\Windows\System\fatmsvS.exe
  C:\Windows\System\fatmsvS.exe
  2⤵
  PID:5504
- C:\Windows\System\hkubjUV.exe
  C:\Windows\System\hkubjUV.exe
  2⤵
  PID:5564
- C:\Windows\System\phCmlNm.exe
  C:\Windows\System\phCmlNm.exe
  2⤵
  PID:5588
- C:\Windows\System\HYEcAOc.exe
  C:\Windows\System\HYEcAOc.exe
  2⤵
  PID:5624
- C:\Windows\System\dQukvNf.exe
  C:\Windows\System\dQukvNf.exe
  2⤵
  PID:5692
- C:\Windows\System\tXLHRrK.exe
  C:\Windows\System\tXLHRrK.exe
  2⤵
  PID:5704
- C:\Windows\System\TjmReQC.exe
  C:\Windows\System\TjmReQC.exe
  2⤵
  PID:5764
- C:\Windows\System\pSQhIjn.exe
  C:\Windows\System\pSQhIjn.exe
  2⤵
  PID:5768
- C:\Windows\System\QemFcuq.exe
  C:\Windows\System\QemFcuq.exe
  2⤵
  PID:5788
- C:\Windows\System\ZQItayY.exe
  C:\Windows\System\ZQItayY.exe
  2⤵
  PID:5824
- C:\Windows\System\tQlYAFF.exe
  C:\Windows\System\tQlYAFF.exe
  2⤵
  PID:5892
- C:\Windows\System\LLlhWTv.exe
  C:\Windows\System\LLlhWTv.exe
  2⤵
  PID:5872
- C:\Windows\System\ajoFVdy.exe
  C:\Windows\System\ajoFVdy.exe
  2⤵
  PID:5928
- C:\Windows\System\bgGocxB.exe
  C:\Windows\System\bgGocxB.exe
  2⤵
  PID:5912
- C:\Windows\System\kcQGRgo.exe
  C:\Windows\System\kcQGRgo.exe
  2⤵
  PID:6048
- C:\Windows\System\ASeTXdu.exe
  C:\Windows\System\ASeTXdu.exe
  2⤵
  PID:6036
- C:\Windows\System\IsrRknJ.exe
  C:\Windows\System\IsrRknJ.exe
  2⤵
  PID:6092
- C:\Windows\System\PULtfGg.exe
  C:\Windows\System\PULtfGg.exe
  2⤵
  PID:6076
- C:\Windows\System\LBHCvcc.exe
  C:\Windows\System\LBHCvcc.exe
  2⤵
  PID:2164
- C:\Windows\System\xaAJcrD.exe
  C:\Windows\System\xaAJcrD.exe
  2⤵
  PID:4964
- C:\Windows\System\abPPVdP.exe
  C:\Windows\System\abPPVdP.exe
  2⤵
  PID:4764
- C:\Windows\System\nQElNGB.exe
  C:\Windows\System\nQElNGB.exe
  2⤵
  PID:5204
- C:\Windows\System\HLbnlEh.exe
  C:\Windows\System\HLbnlEh.exe
  2⤵
  PID:5212
- C:\Windows\System\IrwwwhI.exe
  C:\Windows\System\IrwwwhI.exe
  2⤵
  PID:5208
- C:\Windows\System\lFXTKHS.exe
  C:\Windows\System\lFXTKHS.exe
  2⤵
  PID:5324
- C:\Windows\System\NiKkrdL.exe
  C:\Windows\System\NiKkrdL.exe
  2⤵
  PID:5328
- C:\Windows\System\KCbRhRl.exe
  C:\Windows\System\KCbRhRl.exe
  2⤵
  PID:5364
- C:\Windows\System\cXSvqKX.exe
  C:\Windows\System\cXSvqKX.exe
  2⤵
  PID:5444
- C:\Windows\System\Vqmdxgw.exe
  C:\Windows\System\Vqmdxgw.exe
  2⤵
  PID:5472
- C:\Windows\System\RrmrZpV.exe
  C:\Windows\System\RrmrZpV.exe
  2⤵
  PID:5524
- C:\Windows\System\KaBkvpB.exe
  C:\Windows\System\KaBkvpB.exe
  2⤵
  PID:5544
- C:\Windows\System\HJoiydt.exe
  C:\Windows\System\HJoiydt.exe
  2⤵
  PID:5584
- C:\Windows\System\KPQtiww.exe
  C:\Windows\System\KPQtiww.exe
  2⤵
  PID:5644
- C:\Windows\System\XeQNDfw.exe
  C:\Windows\System\XeQNDfw.exe
  2⤵
  PID:5732
- C:\Windows\System\jNpzXtL.exe
  C:\Windows\System\jNpzXtL.exe
  2⤵
  PID:5852
- C:\Windows\System\soAtbXn.exe
  C:\Windows\System\soAtbXn.exe
  2⤵
  PID:5888
- C:\Windows\System\FnymLpU.exe
  C:\Windows\System\FnymLpU.exe
  2⤵
  PID:5924
- C:\Windows\System\iODinGp.exe
  C:\Windows\System\iODinGp.exe
  2⤵
  PID:2312
- C:\Windows\System\YJUGGnB.exe
  C:\Windows\System\YJUGGnB.exe
  2⤵
  PID:6028
- C:\Windows\System\wkLvCzu.exe
  C:\Windows\System\wkLvCzu.exe
  2⤵
  PID:6096
- C:\Windows\System\IZdgfco.exe
  C:\Windows\System\IZdgfco.exe
  2⤵
  PID:6052
- C:\Windows\System\zAezFTR.exe
  C:\Windows\System\zAezFTR.exe
  2⤵
  PID:6132
- C:\Windows\System\onxgSBG.exe
  C:\Windows\System\onxgSBG.exe
  2⤵
  PID:4848
- C:\Windows\System\IUWJBXY.exe
  C:\Windows\System\IUWJBXY.exe
  2⤵
  PID:5152
- C:\Windows\System\meqneFT.exe
  C:\Windows\System\meqneFT.exe
  2⤵
  PID:5948
- C:\Windows\System\xuMUKNG.exe
  C:\Windows\System\xuMUKNG.exe
  2⤵
  PID:5432
- C:\Windows\System\LWLVymv.exe
  C:\Windows\System\LWLVymv.exe
  2⤵
  PID:5520
- C:\Windows\System\BmhLYbv.exe
  C:\Windows\System\BmhLYbv.exe
  2⤵
  PID:5560
- C:\Windows\System\ojeSlDj.exe
  C:\Windows\System\ojeSlDj.exe
  2⤵
  PID:5728
- C:\Windows\System\gBBMEtz.exe
  C:\Windows\System\gBBMEtz.exe
  2⤵
  PID:2380
- C:\Windows\System\wQpsyAt.exe
  C:\Windows\System\wQpsyAt.exe
  2⤵
  PID:5848
- C:\Windows\System\HYHXybO.exe
  C:\Windows\System\HYHXybO.exe
  2⤵
  PID:6056
- C:\Windows\System\NuvEpac.exe
  C:\Windows\System\NuvEpac.exe
  2⤵
  PID:5996
- C:\Windows\System\jrVDAxh.exe
  C:\Windows\System\jrVDAxh.exe
  2⤵
  PID:5164
- C:\Windows\System\xEYzwva.exe
  C:\Windows\System\xEYzwva.exe
  2⤵
  PID:5192
- C:\Windows\System\MWwAUpX.exe
  C:\Windows\System\MWwAUpX.exe
  2⤵
  PID:4376
- C:\Windows\System\YpmSVOo.exe
  C:\Windows\System\YpmSVOo.exe
  2⤵
  PID:5372
- C:\Windows\System\XOZBrlA.exe
  C:\Windows\System\XOZBrlA.exe
  2⤵
  PID:3820
- C:\Windows\System\HCWtZTt.exe
  C:\Windows\System\HCWtZTt.exe
  2⤵
  PID:2896
- C:\Windows\System\GeernTr.exe
  C:\Windows\System\GeernTr.exe
  2⤵
  PID:2560
- C:\Windows\System\WRWaFuX.exe
  C:\Windows\System\WRWaFuX.exe
  2⤵
  PID:4432
- C:\Windows\System\MBEeaGK.exe
  C:\Windows\System\MBEeaGK.exe
  2⤵
  PID:2680
- C:\Windows\System\bfERNss.exe
  C:\Windows\System\bfERNss.exe
  2⤵
  PID:5672
- C:\Windows\System\CMpbLkE.exe
  C:\Windows\System\CMpbLkE.exe
  2⤵
  PID:5844
- C:\Windows\System\gITovnT.exe
  C:\Windows\System\gITovnT.exe
  2⤵
  PID:5812
- C:\Windows\System\USPGXYk.exe
  C:\Windows\System\USPGXYk.exe
  2⤵
  PID:5956
- C:\Windows\System\XaWdmpw.exe
  C:\Windows\System\XaWdmpw.exe
  2⤵
  PID:6112
- C:\Windows\System\etJozBs.exe
  C:\Windows\System\etJozBs.exe
  2⤵
  PID:4236
- C:\Windows\System\bLCilEi.exe
  C:\Windows\System\bLCilEi.exe
  2⤵
  PID:852
- C:\Windows\System\epiyECP.exe
  C:\Windows\System\epiyECP.exe
  2⤵
  PID:5408
- C:\Windows\System\hUHXXWw.exe
  C:\Windows\System\hUHXXWw.exe
  2⤵
  PID:5828
- C:\Windows\System\rZfsAMy.exe
  C:\Windows\System\rZfsAMy.exe
  2⤵
  PID:1624
- C:\Windows\System\ZNdISSd.exe
  C:\Windows\System\ZNdISSd.exe
  2⤵
  PID:1288
- C:\Windows\System\WvDwTqr.exe
  C:\Windows\System\WvDwTqr.exe
  2⤵
  PID:4676
- C:\Windows\System\bGLxGQJ.exe
  C:\Windows\System\bGLxGQJ.exe
  2⤵
  PID:2748
- C:\Windows\System\GJEHoAJ.exe
  C:\Windows\System\GJEHoAJ.exe
  2⤵
  PID:2456
- C:\Windows\System\tLMsbOh.exe
  C:\Windows\System\tLMsbOh.exe
  2⤵
  PID:6060
- C:\Windows\System\zxDoTps.exe
  C:\Windows\System\zxDoTps.exe
  2⤵
  PID:5292
- C:\Windows\System\phRrfof.exe
  C:\Windows\System\phRrfof.exe
  2⤵
  PID:1764
- C:\Windows\System\WUPkklL.exe
  C:\Windows\System\WUPkklL.exe
  2⤵
  PID:1752
- C:\Windows\System\MbWxnTP.exe
  C:\Windows\System\MbWxnTP.exe
  2⤵
  PID:1152
- C:\Windows\System\aKScjQg.exe
  C:\Windows\System\aKScjQg.exe
  2⤵
  PID:5668
- C:\Windows\System\JaRFkKM.exe
  C:\Windows\System\JaRFkKM.exe
  2⤵
  PID:2576
- C:\Windows\System\ntKyDJd.exe
  C:\Windows\System\ntKyDJd.exe
  2⤵
  PID:2956
- C:\Windows\System\TNIpyKz.exe
  C:\Windows\System\TNIpyKz.exe
  2⤵
  PID:6148
- C:\Windows\System\YwUYkgI.exe
  C:\Windows\System\YwUYkgI.exe
  2⤵
  PID:6176
- C:\Windows\System\zrwNZMr.exe
  C:\Windows\System\zrwNZMr.exe
  2⤵
  PID:6192
- C:\Windows\System\FxSRWZy.exe
  C:\Windows\System\FxSRWZy.exe
  2⤵
  PID:6208
- C:\Windows\System\AHMBdHz.exe
  C:\Windows\System\AHMBdHz.exe
  2⤵
  PID:6232
- C:\Windows\System\wdzIJIx.exe
  C:\Windows\System\wdzIJIx.exe
  2⤵
  PID:6248
- C:\Windows\System\TTtqjZi.exe
  C:\Windows\System\TTtqjZi.exe
  2⤵
  PID:6268
- C:\Windows\System\NpFCXVu.exe
  C:\Windows\System\NpFCXVu.exe
  2⤵
  PID:6288
- C:\Windows\System\wJMofbx.exe
  C:\Windows\System\wJMofbx.exe
  2⤵
  PID:6312
- C:\Windows\System\VqNFNxH.exe
  C:\Windows\System\VqNFNxH.exe
  2⤵
  PID:6332
- C:\Windows\System\RfZdoPu.exe
  C:\Windows\System\RfZdoPu.exe
  2⤵
  PID:6356
- C:\Windows\System\GPbspch.exe
  C:\Windows\System\GPbspch.exe
  2⤵
  PID:6372
- C:\Windows\System\wcWsXly.exe
  C:\Windows\System\wcWsXly.exe
  2⤵
  PID:6388
- C:\Windows\System\cFXiTZo.exe
  C:\Windows\System\cFXiTZo.exe
  2⤵
  PID:6404
- C:\Windows\System\gLSQaEr.exe
  C:\Windows\System\gLSQaEr.exe
  2⤵
  PID:6420
- C:\Windows\System\ARtNQTA.exe
  C:\Windows\System\ARtNQTA.exe
  2⤵
  PID:6436
- C:\Windows\System\zBaxKsT.exe
  C:\Windows\System\zBaxKsT.exe
  2⤵
  PID:6452
- C:\Windows\System\RoKJMKO.exe
  C:\Windows\System\RoKJMKO.exe
  2⤵
  PID:6468
- C:\Windows\System\ZkjaPQZ.exe
  C:\Windows\System\ZkjaPQZ.exe
  2⤵
  PID:6484
- C:\Windows\System\VtzcVyP.exe
  C:\Windows\System\VtzcVyP.exe
  2⤵
  PID:6544
- C:\Windows\System\ZLeBxLu.exe
  C:\Windows\System\ZLeBxLu.exe
  2⤵
  PID:6560
- C:\Windows\System\ptQlXYY.exe
  C:\Windows\System\ptQlXYY.exe
  2⤵
  PID:6576
- C:\Windows\System\edKSRlG.exe
  C:\Windows\System\edKSRlG.exe
  2⤵
  PID:6592
- C:\Windows\System\ngXqIEx.exe
  C:\Windows\System\ngXqIEx.exe
  2⤵
  PID:6608
- C:\Windows\System\fCPwnhw.exe
  C:\Windows\System\fCPwnhw.exe
  2⤵
  PID:6624
- C:\Windows\System\YmTmpAI.exe
  C:\Windows\System\YmTmpAI.exe
  2⤵
  PID:6660
- C:\Windows\System\iIAugnn.exe
  C:\Windows\System\iIAugnn.exe
  2⤵
  PID:6676
- C:\Windows\System\gfoIqvf.exe
  C:\Windows\System\gfoIqvf.exe
  2⤵
  PID:6696
- C:\Windows\System\SZpeiYS.exe
  C:\Windows\System\SZpeiYS.exe
  2⤵
  PID:6712
- C:\Windows\System\BUpJohR.exe
  C:\Windows\System\BUpJohR.exe
  2⤵
  PID:6728
- C:\Windows\System\aacVSBj.exe
  C:\Windows\System\aacVSBj.exe
  2⤵
  PID:6744
- C:\Windows\System\auVRfyo.exe
  C:\Windows\System\auVRfyo.exe
  2⤵
  PID:6792
- C:\Windows\System\qHLZYzY.exe
  C:\Windows\System\qHLZYzY.exe
  2⤵
  PID:6808
- C:\Windows\System\KWRrNIg.exe
  C:\Windows\System\KWRrNIg.exe
  2⤵
  PID:6824
- C:\Windows\System\YOHDNCf.exe
  C:\Windows\System\YOHDNCf.exe
  2⤵
  PID:6840
- C:\Windows\System\DcfTxsI.exe
  C:\Windows\System\DcfTxsI.exe
  2⤵
  PID:6868
- C:\Windows\System\llNWUGx.exe
  C:\Windows\System\llNWUGx.exe
  2⤵
  PID:6884
- C:\Windows\System\mgBcPwj.exe
  C:\Windows\System\mgBcPwj.exe
  2⤵
  PID:6900
- C:\Windows\System\lGYEPPa.exe
  C:\Windows\System\lGYEPPa.exe
  2⤵
  PID:6916
- C:\Windows\System\faPQZpU.exe
  C:\Windows\System\faPQZpU.exe
  2⤵
  PID:6932
- C:\Windows\System\Ptxnyfm.exe
  C:\Windows\System\Ptxnyfm.exe
  2⤵
  PID:6948
- C:\Windows\System\caJSCVf.exe
  C:\Windows\System\caJSCVf.exe
  2⤵
  PID:6972
- C:\Windows\System\DsAqdnT.exe
  C:\Windows\System\DsAqdnT.exe
  2⤵
  PID:6988
- C:\Windows\System\KNXNfXP.exe
  C:\Windows\System\KNXNfXP.exe
  2⤵
  PID:7016
- C:\Windows\System\jVZomeC.exe
  C:\Windows\System\jVZomeC.exe
  2⤵
  PID:7032
- C:\Windows\System\zbCxaoV.exe
  C:\Windows\System\zbCxaoV.exe
  2⤵
  PID:7064
- C:\Windows\System\nRoQcVS.exe
  C:\Windows\System\nRoQcVS.exe
  2⤵
  PID:7092
- C:\Windows\System\WTOsuaK.exe
  C:\Windows\System\WTOsuaK.exe
  2⤵
  PID:7108
- C:\Windows\System\FhAVFUV.exe
  C:\Windows\System\FhAVFUV.exe
  2⤵
  PID:7128
- C:\Windows\System\bHNprzO.exe
  C:\Windows\System\bHNprzO.exe
  2⤵
  PID:7144
- C:\Windows\System\cBDyIRs.exe
  C:\Windows\System\cBDyIRs.exe
  2⤵
  PID:7160
- C:\Windows\System\mnTKONR.exe
  C:\Windows\System\mnTKONR.exe
  2⤵
  PID:6136
- C:\Windows\System\ZREcosF.exe
  C:\Windows\System\ZREcosF.exe
  2⤵
  PID:6204
- C:\Windows\System\tvnKbrv.exe
  C:\Windows\System\tvnKbrv.exe
  2⤵
  PID:6172
- C:\Windows\System\lvTiOYd.exe
  C:\Windows\System\lvTiOYd.exe
  2⤵
  PID:6328
- C:\Windows\System\rILXHbp.exe
  C:\Windows\System\rILXHbp.exe
  2⤵
  PID:6296
- C:\Windows\System\lEuaSYM.exe
  C:\Windows\System\lEuaSYM.exe
  2⤵
  PID:6304
- C:\Windows\System\ZXQxaOl.exe
  C:\Windows\System\ZXQxaOl.exe
  2⤵
  PID:6216
- C:\Windows\System\RzSOXWb.exe
  C:\Windows\System\RzSOXWb.exe
  2⤵
  PID:6224
- C:\Windows\System\coZdwBs.exe
  C:\Windows\System\coZdwBs.exe
  2⤵
  PID:6492
- C:\Windows\System\QlNCGpc.exe
  C:\Windows\System\QlNCGpc.exe
  2⤵
  PID:6432
- C:\Windows\System\JvOiKak.exe
  C:\Windows\System\JvOiKak.exe
  2⤵
  PID:6508
- C:\Windows\System\BUcPDkI.exe
  C:\Windows\System\BUcPDkI.exe
  2⤵
  PID:6524
- C:\Windows\System\TXMEHeM.exe
  C:\Windows\System\TXMEHeM.exe
  2⤵
  PID:6540
- C:\Windows\System\pxzVGny.exe
  C:\Windows\System\pxzVGny.exe
  2⤵
  PID:6412
- C:\Windows\System\IDkZzRX.exe
  C:\Windows\System\IDkZzRX.exe
  2⤵
  PID:6444
- C:\Windows\System\ywMZymb.exe
  C:\Windows\System\ywMZymb.exe
  2⤵
  PID:6568
- C:\Windows\System\fEONzrF.exe
  C:\Windows\System\fEONzrF.exe
  2⤵
  PID:6584
- C:\Windows\System\EZNDAGW.exe
  C:\Windows\System\EZNDAGW.exe
  2⤵
  PID:1032
- C:\Windows\System\DNODjEA.exe
  C:\Windows\System\DNODjEA.exe
  2⤵
  PID:6724
- C:\Windows\System\lDiRrVj.exe
  C:\Windows\System\lDiRrVj.exe
  2⤵
  PID:6768
- C:\Windows\System\KzYWZbq.exe
  C:\Windows\System\KzYWZbq.exe
  2⤵
  PID:6736
- C:\Windows\System\oeoWTay.exe
  C:\Windows\System\oeoWTay.exe
  2⤵
  PID:6740
- C:\Windows\System\Uqwwtjy.exe
  C:\Windows\System\Uqwwtjy.exe
  2⤵
  PID:6848
- C:\Windows\System\yAdmWLe.exe
  C:\Windows\System\yAdmWLe.exe
  2⤵
  PID:6864
- C:\Windows\System\qDodeso.exe
  C:\Windows\System\qDodeso.exe
  2⤵
  PID:6956
- C:\Windows\System\dSzQxVi.exe
  C:\Windows\System\dSzQxVi.exe
  2⤵
  PID:6960
- C:\Windows\System\ifHulrP.exe
  C:\Windows\System\ifHulrP.exe
  2⤵
  PID:6832
- C:\Windows\System\qvNwAWL.exe
  C:\Windows\System\qvNwAWL.exe
  2⤵
  PID:6908
- C:\Windows\System\VLhKSdv.exe
  C:\Windows\System\VLhKSdv.exe
  2⤵
  PID:7044
- C:\Windows\System\hGqqToO.exe
  C:\Windows\System\hGqqToO.exe
  2⤵
  PID:2336
- C:\Windows\System\HvIlqMe.exe
  C:\Windows\System\HvIlqMe.exe
  2⤵
  PID:7056
- C:\Windows\System\UiJkprw.exe
  C:\Windows\System\UiJkprw.exe
  2⤵
  PID:6944
- C:\Windows\System\nksYjhf.exe
  C:\Windows\System\nksYjhf.exe
  2⤵
  PID:7076
- C:\Windows\System\BJbAPIt.exe
  C:\Windows\System\BJbAPIt.exe
  2⤵
  PID:7080
- C:\Windows\System\QsrTowD.exe
  C:\Windows\System\QsrTowD.exe
  2⤵
  PID:6200
- C:\Windows\System\dpxOfAG.exe
  C:\Windows\System\dpxOfAG.exe
  2⤵
  PID:5248
- C:\Windows\System\cQfRDmv.exe
  C:\Windows\System\cQfRDmv.exe
  2⤵
  PID:7152
- C:\Windows\System\BJiceQN.exe
  C:\Windows\System\BJiceQN.exe
  2⤵
  PID:6280
- C:\Windows\System\NpqBoMo.exe
  C:\Windows\System\NpqBoMo.exe
  2⤵
  PID:6264
- C:\Windows\System\ySsRBTX.exe
  C:\Windows\System\ySsRBTX.exe
  2⤵
  PID:2684
- C:\Windows\System\HWRAzDc.exe
  C:\Windows\System\HWRAzDc.exe
  2⤵
  PID:6428
- C:\Windows\System\CArkkXQ.exe
  C:\Windows\System\CArkkXQ.exe
  2⤵
  PID:6480
- C:\Windows\System\LWmgPZW.exe
  C:\Windows\System\LWmgPZW.exe
  2⤵
  PID:6672
- C:\Windows\System\rtcpUxB.exe
  C:\Windows\System\rtcpUxB.exe
  2⤵
  PID:6820
- C:\Windows\System\jtbLdcc.exe
  C:\Windows\System\jtbLdcc.exe
  2⤵
  PID:6996
- C:\Windows\System\MSIKBof.exe
  C:\Windows\System\MSIKBof.exe
  2⤵
  PID:6648
- C:\Windows\System\bigkHGZ.exe
  C:\Windows\System\bigkHGZ.exe
  2⤵
  PID:6692
- C:\Windows\System\GBVBWgu.exe
  C:\Windows\System\GBVBWgu.exe
  2⤵
  PID:7072
- C:\Windows\System\vAoAKIo.exe
  C:\Windows\System\vAoAKIo.exe
  2⤵
  PID:7124
- C:\Windows\System\ZZkDTLO.exe
  C:\Windows\System\ZZkDTLO.exe
  2⤵
  PID:6256
- C:\Windows\System\mcCnpwZ.exe
  C:\Windows\System\mcCnpwZ.exe
  2⤵
  PID:6804
- C:\Windows\System\npPYZID.exe
  C:\Windows\System\npPYZID.exe
  2⤵
  PID:6656
- C:\Windows\System\fvDvraT.exe
  C:\Windows\System\fvDvraT.exe
  2⤵
  PID:6856
- C:\Windows\System\VDtquIV.exe
  C:\Windows\System\VDtquIV.exe
  2⤵
  PID:6876
- C:\Windows\System\RwuUjil.exe
  C:\Windows\System\RwuUjil.exe
  2⤵
  PID:6188
- C:\Windows\System\ZhXNNXv.exe
  C:\Windows\System\ZhXNNXv.exe
  2⤵
  PID:6880
- C:\Windows\System\CVqKOKj.exe
  C:\Windows\System\CVqKOKj.exe
  2⤵
  PID:7116
- C:\Windows\System\qzqJmWj.exe
  C:\Windows\System\qzqJmWj.exe
  2⤵
  PID:6276
- C:\Windows\System\UenuDov.exe
  C:\Windows\System\UenuDov.exe
  2⤵
  PID:6496
- C:\Windows\System\euoJahr.exe
  C:\Windows\System\euoJahr.exe
  2⤵
  PID:6396
- C:\Windows\System\ZJLSGFu.exe
  C:\Windows\System\ZJLSGFu.exe
  2⤵
  PID:6520
- C:\Windows\System\ggcmkgX.exe
  C:\Windows\System\ggcmkgX.exe
  2⤵
  PID:7048
- C:\Windows\System\yOIFTqG.exe
  C:\Windows\System\yOIFTqG.exe
  2⤵
  PID:6644
- C:\Windows\System\jVHuPvt.exe
  C:\Windows\System\jVHuPvt.exe
  2⤵
  PID:6340
- C:\Windows\System\WLlsrfT.exe
  C:\Windows\System\WLlsrfT.exe
  2⤵
  PID:6160
- C:\Windows\System\wBKhrgn.exe
  C:\Windows\System\wBKhrgn.exe
  2⤵
  PID:6616
- C:\Windows\System\sptnNMa.exe
  C:\Windows\System\sptnNMa.exe
  2⤵
  PID:7040
- C:\Windows\System\EyIWFbx.exe
  C:\Windows\System\EyIWFbx.exe
  2⤵
  PID:6300
- C:\Windows\System\smBIPIT.exe
  C:\Windows\System\smBIPIT.exe
  2⤵
  PID:6284
- C:\Windows\System\NEWkltX.exe
  C:\Windows\System\NEWkltX.exe
  2⤵
  PID:7088
- C:\Windows\System\tVxfmiI.exe
  C:\Windows\System\tVxfmiI.exe
  2⤵
  PID:7004
- C:\Windows\System\PdWpXeM.exe
  C:\Windows\System\PdWpXeM.exe
  2⤵
  PID:6896
- C:\Windows\System\zRpRaew.exe
  C:\Windows\System\zRpRaew.exe
  2⤵
  PID:6164
- C:\Windows\System\uUTArle.exe
  C:\Windows\System\uUTArle.exe
  2⤵
  PID:6704
- C:\Windows\System\KNsjsMH.exe
  C:\Windows\System\KNsjsMH.exe
  2⤵
  PID:2440
- C:\Windows\System\ldFlZLf.exe
  C:\Windows\System\ldFlZLf.exe
  2⤵
  PID:6308
- C:\Windows\System\OmeHjtN.exe
  C:\Windows\System\OmeHjtN.exe
  2⤵
  PID:6780
- C:\Windows\System\PjjdwEu.exe
  C:\Windows\System\PjjdwEu.exe
  2⤵
  PID:7172
- C:\Windows\System\TiXOUEN.exe
  C:\Windows\System\TiXOUEN.exe
  2⤵
  PID:7216
- C:\Windows\System\DRUtbrg.exe
  C:\Windows\System\DRUtbrg.exe
  2⤵
  PID:7232
- C:\Windows\System\txnkGgT.exe
  C:\Windows\System\txnkGgT.exe
  2⤵
  PID:7248
- C:\Windows\System\QjNTcCK.exe
  C:\Windows\System\QjNTcCK.exe
  2⤵
  PID:7280
- C:\Windows\System\PwOpSoO.exe
  C:\Windows\System\PwOpSoO.exe
  2⤵
  PID:7304
- C:\Windows\System\zkQINer.exe
  C:\Windows\System\zkQINer.exe
  2⤵
  PID:7320
- C:\Windows\System\NeeDbHA.exe
  C:\Windows\System\NeeDbHA.exe
  2⤵
  PID:7336
- C:\Windows\System\wZBDqdn.exe
  C:\Windows\System\wZBDqdn.exe
  2⤵
  PID:7356
- C:\Windows\System\xBbIjbj.exe
  C:\Windows\System\xBbIjbj.exe
  2⤵
  PID:7376
- C:\Windows\System\GVYZAIn.exe
  C:\Windows\System\GVYZAIn.exe
  2⤵
  PID:7404
- C:\Windows\System\OqSyWfn.exe
  C:\Windows\System\OqSyWfn.exe
  2⤵
  PID:7420
- C:\Windows\System\dMISPjo.exe
  C:\Windows\System\dMISPjo.exe
  2⤵
  PID:7440
- C:\Windows\System\YjgpBdL.exe
  C:\Windows\System\YjgpBdL.exe
  2⤵
  PID:7460
- C:\Windows\System\MtJrNYu.exe
  C:\Windows\System\MtJrNYu.exe
  2⤵
  PID:7480
- C:\Windows\System\KIascCv.exe
  C:\Windows\System\KIascCv.exe
  2⤵
  PID:7496
- C:\Windows\System\FANbzsA.exe
  C:\Windows\System\FANbzsA.exe
  2⤵
  PID:7516
- C:\Windows\System\vhDqsQb.exe
  C:\Windows\System\vhDqsQb.exe
  2⤵
  PID:7532
- C:\Windows\System\CtjOUjg.exe
  C:\Windows\System\CtjOUjg.exe
  2⤵
  PID:7548
- C:\Windows\System\RVfLbpT.exe
  C:\Windows\System\RVfLbpT.exe
  2⤵
  PID:7580
- C:\Windows\System\DDLwiHf.exe
  C:\Windows\System\DDLwiHf.exe
  2⤵
  PID:7600
- C:\Windows\System\PeArfVm.exe
  C:\Windows\System\PeArfVm.exe
  2⤵
  PID:7616
- C:\Windows\System\gnVpTQx.exe
  C:\Windows\System\gnVpTQx.exe
  2⤵
  PID:7632
- C:\Windows\System\LdfczuQ.exe
  C:\Windows\System\LdfczuQ.exe
  2⤵
  PID:7648
- C:\Windows\System\UtKHzjV.exe
  C:\Windows\System\UtKHzjV.exe
  2⤵
  PID:7680
- C:\Windows\System\hBgeYvt.exe
  C:\Windows\System\hBgeYvt.exe
  2⤵
  PID:7704
- C:\Windows\System\ukwRIYC.exe
  C:\Windows\System\ukwRIYC.exe
  2⤵
  PID:7720
- C:\Windows\System\KrgvXEs.exe
  C:\Windows\System\KrgvXEs.exe
  2⤵
  PID:7740
- C:\Windows\System\mbRquQH.exe
  C:\Windows\System\mbRquQH.exe
  2⤵
  PID:7756
- C:\Windows\System\iptHQFP.exe
  C:\Windows\System\iptHQFP.exe
  2⤵
  PID:7776
- C:\Windows\System\mLWICpe.exe
  C:\Windows\System\mLWICpe.exe
  2⤵
  PID:7796
- C:\Windows\System\nTYLcIu.exe
  C:\Windows\System\nTYLcIu.exe
  2⤵
  PID:7816
- C:\Windows\System\CLnJhly.exe
  C:\Windows\System\CLnJhly.exe
  2⤵
  PID:7832
- C:\Windows\System\vxPfqmj.exe
  C:\Windows\System\vxPfqmj.exe
  2⤵
  PID:7848
- C:\Windows\System\KwDwDTC.exe
  C:\Windows\System\KwDwDTC.exe
  2⤵
  PID:7864
- C:\Windows\System\HTyZYnk.exe
  C:\Windows\System\HTyZYnk.exe
  2⤵
  PID:7888
- C:\Windows\System\QVexsLu.exe
  C:\Windows\System\QVexsLu.exe
  2⤵
  PID:7904
- C:\Windows\System\LaKIKMq.exe
  C:\Windows\System\LaKIKMq.exe
  2⤵
  PID:7920
- C:\Windows\System\RpoClpw.exe
  C:\Windows\System\RpoClpw.exe
  2⤵
  PID:7936
- C:\Windows\System\pLjeWRs.exe
  C:\Windows\System\pLjeWRs.exe
  2⤵
  PID:7956
- C:\Windows\System\UTnpwRz.exe
  C:\Windows\System\UTnpwRz.exe
  2⤵
  PID:7972
- C:\Windows\System\yOqHwFd.exe
  C:\Windows\System\yOqHwFd.exe
  2⤵
  PID:7992
- C:\Windows\System\LqHMxCB.exe
  C:\Windows\System\LqHMxCB.exe
  2⤵
  PID:8016
- C:\Windows\System\bSzqbay.exe
  C:\Windows\System\bSzqbay.exe
  2⤵
  PID:8032
- C:\Windows\System\XhLHrZZ.exe
  C:\Windows\System\XhLHrZZ.exe
  2⤵
  PID:8048
- C:\Windows\System\srVPDcE.exe
  C:\Windows\System\srVPDcE.exe
  2⤵
  PID:8064
- C:\Windows\System\DNlimCY.exe
  C:\Windows\System\DNlimCY.exe
  2⤵
  PID:8096
- C:\Windows\System\zOrZrHP.exe
  C:\Windows\System\zOrZrHP.exe
  2⤵
  PID:8140
- C:\Windows\System\fOBWRNB.exe
  C:\Windows\System\fOBWRNB.exe
  2⤵
  PID:8156
- C:\Windows\System\YIBjEwU.exe
  C:\Windows\System\YIBjEwU.exe
  2⤵
  PID:8172
- C:\Windows\System\QarsFTQ.exe
  C:\Windows\System\QarsFTQ.exe
  2⤵
  PID:1632
- C:\Windows\System\bxVduMs.exe
  C:\Windows\System\bxVduMs.exe
  2⤵
  PID:6980
- C:\Windows\System\SBMAKyn.exe
  C:\Windows\System\SBMAKyn.exe
  2⤵
  PID:6892
- C:\Windows\System\XaJLmll.exe
  C:\Windows\System\XaJLmll.exe
  2⤵
  PID:7208
- C:\Windows\System\EPkRCPA.exe
  C:\Windows\System\EPkRCPA.exe
  2⤵
  PID:5612
- C:\Windows\System\LlXVfgK.exe
  C:\Windows\System\LlXVfgK.exe
  2⤵
  PID:7184
- C:\Windows\System\qhPQSyF.exe
  C:\Windows\System\qhPQSyF.exe
  2⤵
  PID:7228
- C:\Windows\System\wiBavAQ.exe
  C:\Windows\System\wiBavAQ.exe
  2⤵
  PID:7276
- C:\Windows\System\QcSiAYv.exe
  C:\Windows\System\QcSiAYv.exe
  2⤵
  PID:5664
- C:\Windows\System\vZnYbmQ.exe
  C:\Windows\System\vZnYbmQ.exe
  2⤵
  PID:7328
- C:\Windows\System\ybxnHDy.exe
  C:\Windows\System\ybxnHDy.exe
  2⤵
  PID:7344
- C:\Windows\System\DikEJuS.exe
  C:\Windows\System\DikEJuS.exe
  2⤵
  PID:7400
- C:\Windows\System\FHUymla.exe
  C:\Windows\System\FHUymla.exe
  2⤵
  PID:7412
- C:\Windows\System\UxLXYOr.exe
  C:\Windows\System\UxLXYOr.exe
  2⤵
  PID:7492
- C:\Windows\System\NTZlRlB.exe
  C:\Windows\System\NTZlRlB.exe
  2⤵
  PID:7508
- C:\Windows\System\cCWlJMA.exe
  C:\Windows\System\cCWlJMA.exe
  2⤵
  PID:7564
- C:\Windows\System\TyYiFZf.exe
  C:\Windows\System\TyYiFZf.exe
  2⤵
  PID:7504
- C:\Windows\System\nxqDQlU.exe
  C:\Windows\System\nxqDQlU.exe
  2⤵
  PID:7596
- C:\Windows\System\qRNvpxF.exe
  C:\Windows\System\qRNvpxF.exe
  2⤵
  PID:7628
- C:\Windows\System\MuhWZsX.exe
  C:\Windows\System\MuhWZsX.exe
  2⤵
  PID:7676
- C:\Windows\System\WEvmmXs.exe
  C:\Windows\System\WEvmmXs.exe
  2⤵
  PID:7696
- C:\Windows\System\bosRSBb.exe
  C:\Windows\System\bosRSBb.exe
  2⤵
  PID:7768
- C:\Windows\System\purrkFb.exe
  C:\Windows\System\purrkFb.exe
  2⤵
  PID:7812
- C:\Windows\System\dxhNUdC.exe
  C:\Windows\System\dxhNUdC.exe
  2⤵
  PID:7876
- C:\Windows\System\ICrJDYR.exe
  C:\Windows\System\ICrJDYR.exe
  2⤵
  PID:7916
- C:\Windows\System\HWmWdLi.exe
  C:\Windows\System\HWmWdLi.exe
  2⤵
  PID:7752
- C:\Windows\System\TuxYqOX.exe
  C:\Windows\System\TuxYqOX.exe
  2⤵
  PID:8056
- C:\Windows\System\jtTPMgp.exe
  C:\Windows\System\jtTPMgp.exe
  2⤵
  PID:7896
- C:\Windows\System\vtTOETB.exe
  C:\Windows\System\vtTOETB.exe
  2⤵
  PID:7932
- C:\Windows\System\leSczEZ.exe
  C:\Windows\System\leSczEZ.exe
  2⤵
  PID:8112
- C:\Windows\System\clpPqNy.exe
  C:\Windows\System\clpPqNy.exe
  2⤵
  PID:8132
- C:\Windows\System\OIQQDOh.exe
  C:\Windows\System\OIQQDOh.exe
  2⤵
  PID:8076
- C:\Windows\System\KsQmvax.exe
  C:\Windows\System\KsQmvax.exe
  2⤵
  PID:7856
- C:\Windows\System\UoPFBYr.exe
  C:\Windows\System\UoPFBYr.exe
  2⤵
  PID:8180
- C:\Windows\System\EJPJCsV.exe
  C:\Windows\System\EJPJCsV.exe
  2⤵
  PID:6324
- C:\Windows\System\zWzPuit.exe
  C:\Windows\System\zWzPuit.exe
  2⤵
  PID:8044
- C:\Windows\System\EDLsSYw.exe
  C:\Windows\System\EDLsSYw.exe
  2⤵
  PID:7180
- C:\Windows\System\GlzwfFh.exe
  C:\Windows\System\GlzwfFh.exe
  2⤵
  PID:6368
- C:\Windows\System\TQMhAXZ.exe
  C:\Windows\System\TQMhAXZ.exe
  2⤵
  PID:7264
- C:\Windows\System\AluXFgM.exe
  C:\Windows\System\AluXFgM.exe
  2⤵
  PID:7292
- C:\Windows\System\MDETHEK.exe
  C:\Windows\System\MDETHEK.exe
  2⤵
  PID:7368
- C:\Windows\System\iWgilRs.exe
  C:\Windows\System\iWgilRs.exe
  2⤵
  PID:7224
- C:\Windows\System\bmOOpXz.exe
  C:\Windows\System\bmOOpXz.exe
  2⤵
  PID:7452
- C:\Windows\System\FHWhvKU.exe
  C:\Windows\System\FHWhvKU.exe
  2⤵
  PID:7476
- C:\Windows\System\wKdWmCj.exe
  C:\Windows\System\wKdWmCj.exe
  2⤵
  PID:7592
- C:\Windows\System\aKpAruF.exe
  C:\Windows\System\aKpAruF.exe
  2⤵
  PID:7672
- C:\Windows\System\lmQMbSx.exe
  C:\Windows\System\lmQMbSx.exe
  2⤵
  PID:7716
- C:\Windows\System\KheeljD.exe
  C:\Windows\System\KheeljD.exe
  2⤵
  PID:7712
- C:\Windows\System\WjIASRo.exe
  C:\Windows\System\WjIASRo.exe
  2⤵
  PID:7576
- C:\Windows\System\szCNyGP.exe
  C:\Windows\System\szCNyGP.exe
  2⤵
  PID:7984
- C:\Windows\System\ddUwUFT.exe
  C:\Windows\System\ddUwUFT.exe
  2⤵
  PID:7824
- C:\Windows\System\QWPFqkk.exe
  C:\Windows\System\QWPFqkk.exe
  2⤵
  PID:7784
- C:\Windows\System\dMKjLBc.exe
  C:\Windows\System\dMKjLBc.exe
  2⤵
  PID:8164
- C:\Windows\System\asznhmy.exe
  C:\Windows\System\asznhmy.exe
  2⤵
  PID:8128
- C:\Windows\System\MamLVXx.exe
  C:\Windows\System\MamLVXx.exe
  2⤵
  PID:8040
- C:\Windows\System\BgWuOja.exe
  C:\Windows\System\BgWuOja.exe
  2⤵
  PID:7928
- C:\Windows\System\akBUino.exe
  C:\Windows\System\akBUino.exe
  2⤵
  PID:7296
- C:\Windows\System\waahfJw.exe
  C:\Windows\System\waahfJw.exe
  2⤵
  PID:7392
- C:\Windows\System\SvDqkyd.exe
  C:\Windows\System\SvDqkyd.exe
  2⤵
  PID:6504
- C:\Windows\System\Kepqdgg.exe
  C:\Windows\System\Kepqdgg.exe
  2⤵
  PID:6600
- C:\Windows\System\oGIuEfp.exe
  C:\Windows\System\oGIuEfp.exe
  2⤵
  PID:7472
- C:\Windows\System\owDZIaK.exe
  C:\Windows\System\owDZIaK.exe
  2⤵
  PID:7764
- C:\Windows\System\IKcCNVT.exe
  C:\Windows\System\IKcCNVT.exe
  2⤵
  PID:7980
- C:\Windows\System\sLPeWvf.exe
  C:\Windows\System\sLPeWvf.exe
  2⤵
  PID:8024
- C:\Windows\System\cDPulBM.exe
  C:\Windows\System\cDPulBM.exe
  2⤵
  PID:8000
- C:\Windows\System\UtyActG.exe
  C:\Windows\System\UtyActG.exe
  2⤵
  PID:7572
- C:\Windows\System\eGujSqR.exe
  C:\Windows\System\eGujSqR.exe
  2⤵
  PID:892
- C:\Windows\System\YVyniOb.exe
  C:\Windows\System\YVyniOb.exe
  2⤵
  PID:8004
- C:\Windows\System\YqgrXrr.exe
  C:\Windows\System\YqgrXrr.exe
  2⤵
  PID:7028
- C:\Windows\System\ATAEDpr.exe
  C:\Windows\System\ATAEDpr.exe
  2⤵
  PID:7384
- C:\Windows\System\TVykxcr.exe
  C:\Windows\System\TVykxcr.exe
  2⤵
  PID:7608
- C:\Windows\System\aIhuoIm.exe
  C:\Windows\System\aIhuoIm.exe
  2⤵
  PID:8104
- C:\Windows\System\Diusttw.exe
  C:\Windows\System\Diusttw.exe
  2⤵
  PID:6776
- C:\Windows\System\svetzfv.exe
  C:\Windows\System\svetzfv.exe
  2⤵
  PID:7560
- C:\Windows\System\BuqbtkX.exe
  C:\Windows\System\BuqbtkX.exe
  2⤵
  PID:6640
- C:\Windows\System\QQBLUYB.exe
  C:\Windows\System\QQBLUYB.exe
  2⤵
  PID:8208
- C:\Windows\System\LEElxQB.exe
  C:\Windows\System\LEElxQB.exe
  2⤵
  PID:8236
- C:\Windows\System\wUUABJg.exe
  C:\Windows\System\wUUABJg.exe
  2⤵
  PID:8252
- C:\Windows\System\lxoLZif.exe
  C:\Windows\System\lxoLZif.exe
  2⤵
  PID:8280
- C:\Windows\System\MBMNWPV.exe
  C:\Windows\System\MBMNWPV.exe
  2⤵
  PID:8296
- C:\Windows\System\mHTlouM.exe
  C:\Windows\System\mHTlouM.exe
  2⤵
  PID:8312
- C:\Windows\System\HOHAtyx.exe
  C:\Windows\System\HOHAtyx.exe
  2⤵
  PID:8328
- C:\Windows\System\jApViKV.exe
  C:\Windows\System\jApViKV.exe
  2⤵
  PID:8356
- C:\Windows\System\CJcWqkA.exe
  C:\Windows\System\CJcWqkA.exe
  2⤵
  PID:8376
- C:\Windows\System\peQuWMX.exe
  C:\Windows\System\peQuWMX.exe
  2⤵
  PID:8392
- C:\Windows\System\LHBEaZw.exe
  C:\Windows\System\LHBEaZw.exe
  2⤵
  PID:8440
- C:\Windows\System\HaUXIoj.exe
  C:\Windows\System\HaUXIoj.exe
  2⤵
  PID:8464
- C:\Windows\System\XVmjvWq.exe
  C:\Windows\System\XVmjvWq.exe
  2⤵
  PID:8480
- C:\Windows\System\ZLNqfjl.exe
  C:\Windows\System\ZLNqfjl.exe
  2⤵
  PID:8500
- C:\Windows\System\FFbgiaU.exe
  C:\Windows\System\FFbgiaU.exe
  2⤵
  PID:8520
- C:\Windows\System\wkpgWQM.exe
  C:\Windows\System\wkpgWQM.exe
  2⤵
  PID:8556
- C:\Windows\System\begAOqY.exe
  C:\Windows\System\begAOqY.exe
  2⤵
  PID:8572
- C:\Windows\System\iTTziFs.exe
  C:\Windows\System\iTTziFs.exe
  2⤵
  PID:8592
- C:\Windows\System\zEFdLVB.exe
  C:\Windows\System\zEFdLVB.exe
  2⤵
  PID:8608
- C:\Windows\System\xwDGbNb.exe
  C:\Windows\System\xwDGbNb.exe
  2⤵
  PID:8624
- C:\Windows\System\wamrjrh.exe
  C:\Windows\System\wamrjrh.exe
  2⤵
  PID:8640
- C:\Windows\System\VHeHrgo.exe
  C:\Windows\System\VHeHrgo.exe
  2⤵
  PID:8664
- C:\Windows\System\LdpLbPG.exe
  C:\Windows\System\LdpLbPG.exe
  2⤵
  PID:8680
- C:\Windows\System\znKrvgx.exe
  C:\Windows\System\znKrvgx.exe
  2⤵
  PID:8700
- C:\Windows\System\AfXWSvf.exe
  C:\Windows\System\AfXWSvf.exe
  2⤵
  PID:8716
- C:\Windows\System\dZPlgoX.exe
  C:\Windows\System\dZPlgoX.exe
  2⤵
  PID:8732
- C:\Windows\System\bOCSgZh.exe
  C:\Windows\System\bOCSgZh.exe
  2⤵
  PID:8752
- C:\Windows\System\zFkOHGJ.exe
  C:\Windows\System\zFkOHGJ.exe
  2⤵
  PID:8800
- C:\Windows\System\ZlkurvR.exe
  C:\Windows\System\ZlkurvR.exe
  2⤵
  PID:8820
- C:\Windows\System\VtsZmln.exe
  C:\Windows\System\VtsZmln.exe
  2⤵
  PID:8844
- C:\Windows\System\fbevmtX.exe
  C:\Windows\System\fbevmtX.exe
  2⤵
  PID:8860
- C:\Windows\System\MZwvVBW.exe
  C:\Windows\System\MZwvVBW.exe
  2⤵
  PID:8880
- C:\Windows\System\lvEGqmU.exe
  C:\Windows\System\lvEGqmU.exe
  2⤵
  PID:8904
- C:\Windows\System\ccvLgnz.exe
  C:\Windows\System\ccvLgnz.exe
  2⤵
  PID:8928
- C:\Windows\System\YBmZvuO.exe
  C:\Windows\System\YBmZvuO.exe
  2⤵
  PID:8948
- C:\Windows\System\dgmCocP.exe
  C:\Windows\System\dgmCocP.exe
  2⤵
  PID:8964
- C:\Windows\System\HEQDdbh.exe
  C:\Windows\System\HEQDdbh.exe
  2⤵
  PID:8980
- C:\Windows\System\vCRxJIo.exe
  C:\Windows\System\vCRxJIo.exe
  2⤵
  PID:9000
- C:\Windows\System\SGzsiKm.exe
  C:\Windows\System\SGzsiKm.exe
  2⤵
  PID:9020
- C:\Windows\System\WpVdGZm.exe
  C:\Windows\System\WpVdGZm.exe
  2⤵
  PID:9044
- C:\Windows\System\hNFkZwB.exe
  C:\Windows\System\hNFkZwB.exe
  2⤵
  PID:9064
- C:\Windows\System\IhOUUCr.exe
  C:\Windows\System\IhOUUCr.exe
  2⤵
  PID:9080
- C:\Windows\System\RxqFtFW.exe
  C:\Windows\System\RxqFtFW.exe
  2⤵
  PID:9100
- C:\Windows\System\IOIAZFv.exe
  C:\Windows\System\IOIAZFv.exe
  2⤵
  PID:9120
- C:\Windows\System\jOKfpSV.exe
  C:\Windows\System\jOKfpSV.exe
  2⤵
  PID:9136
- C:\Windows\System\xlcyceV.exe
  C:\Windows\System\xlcyceV.exe
  2⤵
  PID:9156
- C:\Windows\System\iLKHWpH.exe
  C:\Windows\System\iLKHWpH.exe
  2⤵
  PID:9180
- C:\Windows\System\oVzKilL.exe
  C:\Windows\System\oVzKilL.exe
  2⤵
  PID:9208
- C:\Windows\System\sgXdCdg.exe
  C:\Windows\System\sgXdCdg.exe
  2⤵
  PID:8200
- C:\Windows\System\SRENevV.exe
  C:\Windows\System\SRENevV.exe
  2⤵
  PID:7748
- C:\Windows\System\rqumuMu.exe
  C:\Windows\System\rqumuMu.exe
  2⤵
  PID:7624
- C:\Windows\System\lQNAUxY.exe
  C:\Windows\System\lQNAUxY.exe
  2⤵
  PID:7660
- C:\Windows\System\baYhoVQ.exe
  C:\Windows\System\baYhoVQ.exe
  2⤵
  PID:8248
- C:\Windows\System\bwyFFlq.exe
  C:\Windows\System\bwyFFlq.exe
  2⤵
  PID:7668
- C:\Windows\System\WfFzpLb.exe
  C:\Windows\System\WfFzpLb.exe
  2⤵
  PID:2940
- C:\Windows\System\YOnovBY.exe
  C:\Windows\System\YOnovBY.exe
  2⤵
  PID:7352
- C:\Windows\System\xKBlQbV.exe
  C:\Windows\System\xKBlQbV.exe
  2⤵
  PID:8364
- C:\Windows\System\GonEdLV.exe
  C:\Windows\System\GonEdLV.exe
  2⤵
  PID:8336
- C:\Windows\System\FSVYcVR.exe
  C:\Windows\System\FSVYcVR.exe
  2⤵
  PID:8276
- C:\Windows\System\BbjfguE.exe
  C:\Windows\System\BbjfguE.exe
  2⤵
  PID:8388
- C:\Windows\System\nScHmqx.exe
  C:\Windows\System\nScHmqx.exe
  2⤵
  PID:8456
- C:\Windows\System\JUZazEH.exe
  C:\Windows\System\JUZazEH.exe
  2⤵
  PID:8508
- C:\Windows\System\lkXDtMj.exe
  C:\Windows\System\lkXDtMj.exe
  2⤵
  PID:8512
- C:\Windows\System\jBnVLCC.exe
  C:\Windows\System\jBnVLCC.exe
  2⤵
  PID:2216
- C:\Windows\System\LFgKlXb.exe
  C:\Windows\System\LFgKlXb.exe
  2⤵
  PID:8552
- C:\Windows\System\dPOMnfn.exe
  C:\Windows\System\dPOMnfn.exe
  2⤵
  PID:8604
- C:\Windows\System\fPkPDSd.exe
  C:\Windows\System\fPkPDSd.exe
  2⤵
  PID:8672
- C:\Windows\System\ZulMgIC.exe
  C:\Windows\System\ZulMgIC.exe
  2⤵
  PID:8620
- C:\Windows\System\nBSSIMX.exe
  C:\Windows\System\nBSSIMX.exe
  2⤵
  PID:8748
- C:\Windows\System\vkmdrEH.exe
  C:\Windows\System\vkmdrEH.exe
  2⤵
  PID:8692
- C:\Windows\System\eSRZIoy.exe
  C:\Windows\System\eSRZIoy.exe
  2⤵
  PID:8660
- C:\Windows\System\yGYMUxq.exe
  C:\Windows\System\yGYMUxq.exe
  2⤵
  PID:1572
- C:\Windows\System\ICuROcR.exe
  C:\Windows\System\ICuROcR.exe
  2⤵
  PID:8516
- C:\Windows\System\CCvuZZL.exe
  C:\Windows\System\CCvuZZL.exe
  2⤵
  PID:8808
- C:\Windows\System\KOWcjPn.exe
  C:\Windows\System\KOWcjPn.exe
  2⤵
  PID:8832
- C:\Windows\System\pHOlnsu.exe
  C:\Windows\System\pHOlnsu.exe
  2⤵
  PID:8872
- C:\Windows\System\FhAryoY.exe
  C:\Windows\System\FhAryoY.exe
  2⤵
  PID:8792
- C:\Windows\System\JhcsjzH.exe
  C:\Windows\System\JhcsjzH.exe
  2⤵
  PID:8936
- C:\Windows\System\bVraWur.exe
  C:\Windows\System\bVraWur.exe
  2⤵
  PID:8972
- C:\Windows\System\nSZdacK.exe
  C:\Windows\System\nSZdacK.exe
  2⤵
  PID:9016
- C:\Windows\System\kwKRmsK.exe
  C:\Windows\System\kwKRmsK.exe
  2⤵
  PID:9092
- C:\Windows\System\mgoAbYa.exe
  C:\Windows\System\mgoAbYa.exe
  2⤵
  PID:9128
- C:\Windows\System\IuZuDYe.exe
  C:\Windows\System\IuZuDYe.exe
  2⤵
  PID:9148
- C:\Windows\System\WRXwbtt.exe
  C:\Windows\System\WRXwbtt.exe
  2⤵
  PID:9116
- C:\Windows\System\QBXIvln.exe
  C:\Windows\System\QBXIvln.exe
  2⤵
  PID:9144
- C:\Windows\System\HLWRrTJ.exe
  C:\Windows\System\HLWRrTJ.exe
  2⤵
  PID:9204
- C:\Windows\System\jcxbzvF.exe
  C:\Windows\System\jcxbzvF.exe
  2⤵
  PID:7528
- C:\Windows\System\RqhqIhD.exe
  C:\Windows\System\RqhqIhD.exe
  2⤵
  PID:8072
- C:\Windows\System\FPlgGtR.exe
  C:\Windows\System\FPlgGtR.exe
  2⤵
  PID:8320
- C:\Windows\System\uWEqMkx.exe
  C:\Windows\System\uWEqMkx.exe
  2⤵
  PID:8232
- C:\Windows\System\iXFoZIm.exe
  C:\Windows\System\iXFoZIm.exe
  2⤵
  PID:8368
- C:\Windows\System\bUqiQGI.exe
  C:\Windows\System\bUqiQGI.exe
  2⤵
  PID:8264
- C:\Windows\System\tFhdVIn.exe
  C:\Windows\System\tFhdVIn.exe
  2⤵
  PID:8452
- C:\Windows\System\EYnMrBP.exe
  C:\Windows\System\EYnMrBP.exe
  2⤵
  PID:8488
- C:\Windows\System\heOAqiu.exe
  C:\Windows\System\heOAqiu.exe
  2⤵
  PID:8540
- C:\Windows\System\fAAttwu.exe
  C:\Windows\System\fAAttwu.exe
  2⤵
  PID:2976
- C:\Windows\System\FIvOnaY.exe
  C:\Windows\System\FIvOnaY.exe
  2⤵
  PID:8636
- C:\Windows\System\kcRUCAb.exe
  C:\Windows\System\kcRUCAb.exe
  2⤵
  PID:8580
- C:\Windows\System\QQOgrUJ.exe
  C:\Windows\System\QQOgrUJ.exe
  2⤵
  PID:8768
- C:\Windows\System\xbyTUhu.exe
  C:\Windows\System\xbyTUhu.exe
  2⤵
  PID:8840
- C:\Windows\System\fMespCU.exe
  C:\Windows\System\fMespCU.exe
  2⤵
  PID:8760
- C:\Windows\System\wpKEMaN.exe
  C:\Windows\System\wpKEMaN.exe
  2⤵
  PID:8852
- C:\Windows\System\sHmfYNJ.exe
  C:\Windows\System\sHmfYNJ.exe
  2⤵
  PID:8912
- C:\Windows\System\QuKScDS.exe
  C:\Windows\System\QuKScDS.exe
  2⤵
  PID:9008
- C:\Windows\System\MZCbmUx.exe
  C:\Windows\System\MZCbmUx.exe
  2⤵
  PID:9088
- C:\Windows\System\psQnAfq.exe
  C:\Windows\System\psQnAfq.exe
  2⤵
  PID:9028
- C:\Windows\System\UWxsGvI.exe
  C:\Windows\System\UWxsGvI.exe
  2⤵
  PID:9168
- C:\Windows\System\MdCsDmw.exe
  C:\Windows\System\MdCsDmw.exe
  2⤵
  PID:9176
- C:\Windows\System\UUNhwsi.exe
  C:\Windows\System\UUNhwsi.exe
  2⤵
  PID:9196
- C:\Windows\System\aOJZOcA.exe
  C:\Windows\System\aOJZOcA.exe
  2⤵
  PID:8108
- C:\Windows\System\gnMdHdU.exe
  C:\Windows\System\gnMdHdU.exe
  2⤵
  PID:8292
- C:\Windows\System\NLHHlay.exe
  C:\Windows\System\NLHHlay.exe
  2⤵
  PID:7456
- C:\Windows\System\zHGHWhQ.exe
  C:\Windows\System\zHGHWhQ.exe
  2⤵
  PID:8348
- C:\Windows\System\kTmjdwB.exe
  C:\Windows\System\kTmjdwB.exe
  2⤵
  PID:8272
- C:\Windows\System\ZsRtFEo.exe
  C:\Windows\System\ZsRtFEo.exe
  2⤵
  PID:8568
- C:\Windows\System\GMPmVKR.exe
  C:\Windows\System\GMPmVKR.exe
  2⤵
  PID:8584
- C:\Windows\System\QJFmyYv.exe
  C:\Windows\System\QJFmyYv.exe
  2⤵
  PID:8656
- C:\Windows\System\ISsSScq.exe
  C:\Windows\System\ISsSScq.exe
  2⤵
  PID:8728
- C:\Windows\System\wnFCsoH.exe
  C:\Windows\System\wnFCsoH.exe
  2⤵
  PID:8708
- C:\Windows\System\irYRwRI.exe
  C:\Windows\System\irYRwRI.exe
  2⤵
  PID:8868
- C:\Windows\System\CACnEwC.exe
  C:\Windows\System\CACnEwC.exe
  2⤵
  PID:8960
- C:\Windows\System\fTfQPfT.exe
  C:\Windows\System\fTfQPfT.exe
  2⤵
  PID:9188
- C:\Windows\System\fhOGivJ.exe
  C:\Windows\System\fhOGivJ.exe
  2⤵
  PID:8400
- C:\Windows\System\UPhsFXF.exe
  C:\Windows\System\UPhsFXF.exe
  2⤵
  PID:7260
- C:\Windows\System\aoTFMeS.exe
  C:\Windows\System\aoTFMeS.exe
  2⤵
  PID:8344
- C:\Windows\System\uvoWpZD.exe
  C:\Windows\System\uvoWpZD.exe
  2⤵
  PID:9056
- C:\Windows\System\iKhvydx.exe
  C:\Windows\System\iKhvydx.exe
  2⤵
  PID:7808
- C:\Windows\System\QlMAVzP.exe
  C:\Windows\System\QlMAVzP.exe
  2⤵
  PID:8528
- C:\Windows\System\FYNIWdM.exe
  C:\Windows\System\FYNIWdM.exe
  2⤵
  PID:8448
- C:\Windows\System\jAxGQVl.exe
  C:\Windows\System\jAxGQVl.exe
  2⤵
  PID:9164
- C:\Windows\System\EiIquZV.exe
  C:\Windows\System\EiIquZV.exe
  2⤵
  PID:8764
- C:\Windows\System\xwYtplz.exe
  C:\Windows\System\xwYtplz.exe
  2⤵
  PID:8432
- C:\Windows\System\IREVPnz.exe
  C:\Windows\System\IREVPnz.exe
  2⤵
  PID:8532
- C:\Windows\System\WlBijdP.exe
  C:\Windows\System\WlBijdP.exe
  2⤵
  PID:8776
- C:\Windows\System\nEtRqiP.exe
  C:\Windows\System\nEtRqiP.exe
  2⤵
  PID:7880
- C:\Windows\System\MFnEiGV.exe
  C:\Windows\System\MFnEiGV.exe
  2⤵
  PID:8688
- C:\Windows\System\WSlbgdC.exe
  C:\Windows\System\WSlbgdC.exe
  2⤵
  PID:9224
- C:\Windows\System\mYwiuue.exe
  C:\Windows\System\mYwiuue.exe
  2⤵
  PID:9244
- C:\Windows\System\ntXGkIo.exe
  C:\Windows\System\ntXGkIo.exe
  2⤵
  PID:9264
- C:\Windows\System\YjdnVkh.exe
  C:\Windows\System\YjdnVkh.exe
  2⤵
  PID:9300
- C:\Windows\System\cNlvFlQ.exe
  C:\Windows\System\cNlvFlQ.exe
  2⤵
  PID:9320
- C:\Windows\System\nqpvzVT.exe
  C:\Windows\System\nqpvzVT.exe
  2⤵
  PID:9340
- C:\Windows\System\uUznpmg.exe
  C:\Windows\System\uUznpmg.exe
  2⤵
  PID:9356
- C:\Windows\System\dhlKPCi.exe
  C:\Windows\System\dhlKPCi.exe
  2⤵
  PID:9376
- C:\Windows\System\FFaoNLL.exe
  C:\Windows\System\FFaoNLL.exe
  2⤵
  PID:9400
- C:\Windows\System\zGPkabv.exe
  C:\Windows\System\zGPkabv.exe
  2⤵
  PID:9420
- C:\Windows\System\rRsVkRB.exe
  C:\Windows\System\rRsVkRB.exe
  2⤵
  PID:9440
- C:\Windows\System\UYAVmqN.exe
  C:\Windows\System\UYAVmqN.exe
  2⤵
  PID:9464
- C:\Windows\System\rsvRkGL.exe
  C:\Windows\System\rsvRkGL.exe
  2⤵
  PID:9488
- C:\Windows\System\guDAEsr.exe
  C:\Windows\System\guDAEsr.exe
  2⤵
  PID:9508
- C:\Windows\System\sRKPRfr.exe
  C:\Windows\System\sRKPRfr.exe
  2⤵
  PID:9524
- C:\Windows\System\aUUKBdP.exe
  C:\Windows\System\aUUKBdP.exe
  2⤵
  PID:9544
- C:\Windows\System\vhstgau.exe
  C:\Windows\System\vhstgau.exe
  2⤵
  PID:9564
- C:\Windows\System\cUTaXIb.exe
  C:\Windows\System\cUTaXIb.exe
  2⤵
  PID:9584
- C:\Windows\System\Ykcwkxx.exe
  C:\Windows\System\Ykcwkxx.exe
  2⤵
  PID:9608
- C:\Windows\System\ERxulan.exe
  C:\Windows\System\ERxulan.exe
  2⤵
  PID:9628
- C:\Windows\System\HJKikrr.exe
  C:\Windows\System\HJKikrr.exe
  2⤵
  PID:9648
- C:\Windows\System\KKJJrPH.exe
  C:\Windows\System\KKJJrPH.exe
  2⤵
  PID:9668
- C:\Windows\System\ngTgoXd.exe
  C:\Windows\System\ngTgoXd.exe
  2⤵
  PID:9692
- C:\Windows\System\BXlkGaj.exe
  C:\Windows\System\BXlkGaj.exe
  2⤵
  PID:9708
- C:\Windows\System\HZRKyPA.exe
  C:\Windows\System\HZRKyPA.exe
  2⤵
  PID:9732
- C:\Windows\System\JqaPOYj.exe
  C:\Windows\System\JqaPOYj.exe
  2⤵
  PID:9752
- C:\Windows\System\bgORsVF.exe
  C:\Windows\System\bgORsVF.exe
  2⤵
  PID:9772
- C:\Windows\System\qBbXuvj.exe
  C:\Windows\System\qBbXuvj.exe
  2⤵
  PID:9788
- C:\Windows\System\KUwXaCB.exe
  C:\Windows\System\KUwXaCB.exe
  2⤵
  PID:9804
- C:\Windows\System\XhKjAqY.exe
  C:\Windows\System\XhKjAqY.exe
  2⤵
  PID:9832
- C:\Windows\System\nivUCFb.exe
  C:\Windows\System\nivUCFb.exe
  2⤵
  PID:9848
- C:\Windows\System\urTlbzk.exe
  C:\Windows\System\urTlbzk.exe
  2⤵
  PID:9868
- C:\Windows\System\DATJdJq.exe
  C:\Windows\System\DATJdJq.exe
  2⤵
  PID:9888
- C:\Windows\System\SBbWWpd.exe
  C:\Windows\System\SBbWWpd.exe
  2⤵
  PID:9908
- C:\Windows\System\sPbMbSn.exe
  C:\Windows\System\sPbMbSn.exe
  2⤵
  PID:9932
- C:\Windows\System\RtTvEMN.exe
  C:\Windows\System\RtTvEMN.exe
  2⤵
  PID:9948
- C:\Windows\System\rSvdgvg.exe
  C:\Windows\System\rSvdgvg.exe
  2⤵
  PID:9968
- C:\Windows\System\VQbgRTY.exe
  C:\Windows\System\VQbgRTY.exe
  2⤵
  PID:9988
- C:\Windows\System\IRMBPBm.exe
  C:\Windows\System\IRMBPBm.exe
  2⤵
  PID:10008
- C:\Windows\System\oamawtn.exe
  C:\Windows\System\oamawtn.exe
  2⤵
  PID:10024
- C:\Windows\System\mdDMsKQ.exe
  C:\Windows\System\mdDMsKQ.exe
  2⤵
  PID:10048
- C:\Windows\System\ziGtElp.exe
  C:\Windows\System\ziGtElp.exe
  2⤵
  PID:10068
- C:\Windows\System\hnQwImE.exe
  C:\Windows\System\hnQwImE.exe
  2⤵
  PID:10088
- C:\Windows\System\YOHTtam.exe
  C:\Windows\System\YOHTtam.exe
  2⤵
  PID:10108
- C:\Windows\System\sgOBVSP.exe
  C:\Windows\System\sgOBVSP.exe
  2⤵
  PID:10124
- C:\Windows\System\zDGgPUD.exe
  C:\Windows\System\zDGgPUD.exe
  2⤵
  PID:10148
- C:\Windows\System\fyXPyyP.exe
  C:\Windows\System\fyXPyyP.exe
  2⤵
  PID:10168
- C:\Windows\System\CHlIygT.exe
  C:\Windows\System\CHlIygT.exe
  2⤵
  PID:10188
- C:\Windows\System\kSoHkCv.exe
  C:\Windows\System\kSoHkCv.exe
  2⤵
  PID:10208
- C:\Windows\System\hZZIvrV.exe
  C:\Windows\System\hZZIvrV.exe
  2⤵
  PID:10224
- C:\Windows\System\BknAJjC.exe
  C:\Windows\System\BknAJjC.exe
  2⤵
  PID:9252
- C:\Windows\System\gmtNMFO.exe
  C:\Windows\System\gmtNMFO.exe
  2⤵
  PID:9036
- C:\Windows\System\ojmFTwR.exe
  C:\Windows\System\ojmFTwR.exe
  2⤵
  PID:2224
- C:\Windows\System\hFuUFrw.exe
  C:\Windows\System\hFuUFrw.exe
  2⤵
  PID:9232
- C:\Windows\System\dbxGlKQ.exe
  C:\Windows\System\dbxGlKQ.exe
  2⤵
  PID:9312
- C:\Windows\System\PQELhZx.exe
  C:\Windows\System\PQELhZx.exe
  2⤵
  PID:9348
- C:\Windows\System\NtbwNgO.exe
  C:\Windows\System\NtbwNgO.exe
  2⤵
  PID:8372
- C:\Windows\System\qLWbXQK.exe
  C:\Windows\System\qLWbXQK.exe
  2⤵
  PID:9336
- C:\Windows\System\IFPnxne.exe
  C:\Windows\System\IFPnxne.exe
  2⤵
  PID:9368
- C:\Windows\System\XVgwInx.exe
  C:\Windows\System\XVgwInx.exe
  2⤵
  PID:9408
- C:\Windows\System\QxdYaZl.exe
  C:\Windows\System\QxdYaZl.exe
  2⤵
  PID:9416
- C:\Windows\System\xzrgAQQ.exe
  C:\Windows\System\xzrgAQQ.exe
  2⤵
  PID:9496
- C:\Windows\System\IcPAXHn.exe
  C:\Windows\System\IcPAXHn.exe
  2⤵
  PID:9516
- C:\Windows\System\ZntJidi.exe
  C:\Windows\System\ZntJidi.exe
  2⤵
  PID:9556
- C:\Windows\System\CDuJRtC.exe
  C:\Windows\System\CDuJRtC.exe
  2⤵
  PID:9596
- C:\Windows\System\MIWsqnp.exe
  C:\Windows\System\MIWsqnp.exe
  2⤵
  PID:9616
- C:\Windows\System\TwPtRqG.exe
  C:\Windows\System\TwPtRqG.exe
  2⤵
  PID:9656
- C:\Windows\System\oYbcNUU.exe
  C:\Windows\System\oYbcNUU.exe
  2⤵
  PID:9680
- C:\Windows\System\rOlpxIp.exe
  C:\Windows\System\rOlpxIp.exe
  2⤵
  PID:9704
- C:\Windows\System\cwjMZyQ.exe
  C:\Windows\System\cwjMZyQ.exe
  2⤵
  PID:9740
- C:\Windows\System\RBuzuOV.exe
  C:\Windows\System\RBuzuOV.exe
  2⤵
  PID:9760
- C:\Windows\System\aDMJwrQ.exe
  C:\Windows\System\aDMJwrQ.exe
  2⤵
  PID:9800
- C:\Windows\System\qzwjHiV.exe
  C:\Windows\System\qzwjHiV.exe
  2⤵
  PID:9828
- C:\Windows\System\onUHIih.exe
  C:\Windows\System\onUHIih.exe
  2⤵
  PID:9944
- C:\Windows\System\wXOxlIR.exe
  C:\Windows\System\wXOxlIR.exe
  2⤵
  PID:9980
- C:\Windows\System\elmSzvi.exe
  C:\Windows\System\elmSzvi.exe
  2⤵
  PID:10004
- C:\Windows\System\gDQoWtM.exe
  C:\Windows\System\gDQoWtM.exe
  2⤵
  PID:10036
- C:\Windows\System\PtXQyMk.exe
  C:\Windows\System\PtXQyMk.exe
  2⤵
  PID:10076
- C:\Windows\System\RNJJbrx.exe
  C:\Windows\System\RNJJbrx.exe
  2⤵
  PID:10100
- C:\Windows\System\hTCwTzU.exe
  C:\Windows\System\hTCwTzU.exe
  2⤵
  PID:10132
- C:\Windows\System\lNKRYHL.exe
  C:\Windows\System\lNKRYHL.exe
  2⤵
  PID:10164
- C:\Windows\System\TdIpAcJ.exe
  C:\Windows\System\TdIpAcJ.exe
  2⤵
  PID:10180
- C:\Windows\System\hpGZewp.exe
  C:\Windows\System\hpGZewp.exe
  2⤵
  PID:10204
- C:\Windows\System\eENEHSu.exe
  C:\Windows\System\eENEHSu.exe
  2⤵
  PID:8812
- C:\Windows\System\ExOYXwk.exe
  C:\Windows\System\ExOYXwk.exe
  2⤵
  PID:9240
- C:\Windows\System\XJTnRLm.exe
  C:\Windows\System\XJTnRLm.exe
  2⤵
  PID:9200
- C:\Windows\System\JnmClsf.exe
  C:\Windows\System\JnmClsf.exe
  2⤵
  PID:9448
- C:\Windows\System\RXNNEKa.exe
  C:\Windows\System\RXNNEKa.exe
  2⤵
  PID:9476
- C:\Windows\System\EbMIVQz.exe
  C:\Windows\System\EbMIVQz.exe
  2⤵
  PID:9484
- C:\Windows\System\OGHmICG.exe
  C:\Windows\System\OGHmICG.exe
  2⤵
  PID:9432
- C:\Windows\System\UDpaqjX.exe
  C:\Windows\System\UDpaqjX.exe
  2⤵
  PID:9580
- C:\Windows\System\IZWuTdA.exe
  C:\Windows\System\IZWuTdA.exe
  2⤵
  PID:9540
- C:\Windows\System\HMVPAEv.exe
  C:\Windows\System\HMVPAEv.exe
  2⤵
  PID:9780
- C:\Windows\System\coyctgo.exe
  C:\Windows\System\coyctgo.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CcjnKDK.exe

Filesize
6.0MB

MD5
2332d5b450007b69e14fbed1cfea0104

SHA1
2da14d2f433f0766ba29c3506c27bfb9017e0bd7

SHA256
a3887608eec7130b3b9962b387047a90dca5f2b9b2620fa37c4e6dbcb402c086

SHA512
8bb1a915f20df9cc860f589f6fa0cb2bb7cbe2381c6cf4c9e267e4637b504f1f354c4108f01a9b3a5c18253d95f67e465177e5c9c91feb1732e920cea4fd7984

Download Submit
C:\Windows\system\CypkBpX.exe

Filesize
6.0MB

MD5
66fdc96607e165876df6172c96923275

SHA1
ec28c85c54ff0ac0f8ad9d6e1cf7617cde12e064

SHA256
b24633c405e01ee3e38ab425b1147e807a4e45dc9860381d773e2b78c8d72a45

SHA512
f4a6066789d867b85ed51ffdeea2af82eaba977853e6a2ffd02ebf92375dc4cb835e48fb71d53602d058141cf22e04852b6cdb685c47e2e7a6d42fe31cfd93ce

Download Submit
C:\Windows\system\GQREylM.exe

Filesize
6.0MB

MD5
ead9239160b9ebf3b44434d9db30eb3e

SHA1
8488fb575e649e0d708e7b054fb7c4c443181b0b

SHA256
3034b381b7c92eb41bcc0a72e9116748a5fa799a953645df27e4089a1475b17a

SHA512
24f0d474a07e72df9c27510f1b23a3dba0639c70835fed1191c439a9ecd39fc2beefaa58be67dde0c86475f5404ccd0b4feacd3fe0f0bb7dec6c58ff41ebf1db

Download Submit
C:\Windows\system\GYNrdWZ.exe

Filesize
6.0MB

MD5
cdb5e14bfc8039198a7c6116c55594f1

SHA1
9b247d6fac23aa1f8a22db248b82c024c99f9860

SHA256
f3ec3a2783f09b25a0f8b2b078c886d325625cb0da51dc16fa20c2ca43aaa0c0

SHA512
6cce8ca8caba9551b325f2fb02d959a34174770efc0bf2c87b7866c7f729e9b8d641b732958701c05f2a4b171e4cd009759c88344ebabcff154b12dcdc7a45c3

Download Submit
C:\Windows\system\GhaOWfY.exe

Filesize
6.0MB

MD5
d8a9bceddf10bacca3b84c0c25f8722a

SHA1
6484bf224f954a4b913b571da53b2529158a91bd

SHA256
3670a912c5cd1e5f8d2b07fd1c3e7f5d1a430735506167e2741a14e454fbb0b3

SHA512
6d6dffca9feba2737f08e3d8f0c8a140383785d96d0971f42d57d86b8f3cd1ebe25393a18c99fc9a52f34ca1938d0cc40a18be1fc1fdaf53a030d216570af36a

Download Submit
C:\Windows\system\HdqSxcl.exe

Filesize
6.0MB

MD5
51a72e54eda54b3cf72989d3d7259618

SHA1
e10a9cfd48702f720d76a7635ec66a9fdf05fcd2

SHA256
1369dd30a71874533438a31e2041d0ff5c5627eb56e0af849a816d889b4b00ed

SHA512
62260b1ef2f2228b6acec0c87d230d6188b1900845cfae767b4a29dd81d7e76dee39cd96d8d67aa45b0a60633852be5e557d9dd088d4559da22eb48e979f917e

Download Submit
C:\Windows\system\HgtwsEm.exe

Filesize
6.0MB

MD5
99db7f6df7ce756305e2cfa23a06fe55

SHA1
90ee0aa9da1f6ab9814411353216898340f6a59e

SHA256
5933f1efb6e02d7954caf744f949116652dfb65e6e0eec4041ce448b06c73fb5

SHA512
f8b9ed71fcdc296f36b0cf1012ee3a2a2f6896f39a92af218f4af82e8d72d3607faa4a58242f007998e1ba8cfa7b970ad986c23c09f2a6f34d5cd16351a467e8

Download Submit
C:\Windows\system\HosWKkT.exe

Filesize
6.0MB

MD5
c0f02d9271181fdd4521b07016778518

SHA1
80931846ba9f38a824b8be64f6ebbf3b3bf8d8f5

SHA256
bd5a4b0a5ca9b2f0dc20c33e07e63987cd7bd176ef8cd10641f5e47719fdd1bb

SHA512
a7404f788c2ef4a677c46208c0e480eb15ce4d8bb7affe05700a623f1675c7de982ff3aafc0a4deb2c8f9e674e4c4aa0670fee03dd9f7624aeb426a0a0a05528

Download Submit
C:\Windows\system\JLkvPhN.exe

Filesize
6.0MB

MD5
91a29944bb3dcd6e774af839c75745f6

SHA1
212cfe9c8fae8a53e968690dd8ce3d573ccacca5

SHA256
545056c64530ceee5e61f9f793cce026539fe44ba9d699d0f565fdb3536a8d5b

SHA512
e30b1fecaf75ccb4610b22444253a2ee9637607aa2129a99acb41cd43ce6ddc7d767b2f7f0cdf523a973d2a545ec70e443f3b8af07de2c74f3a159401cb2b637

Download Submit
C:\Windows\system\KXOvruc.exe

Filesize
6.0MB

MD5
2610f8447979d84453eca35fe81aa2a2

SHA1
f2520dec445c68352a2259d658de8f65680d7d9b

SHA256
8fc10c9886e8eae11cec33522150f13040898ea423184359b94954399a8a05dd

SHA512
a36bc2afc224a9a196dac56b43e97b36e3235632800a7437457c69f67573189466475dacebee5f69389bdb23a2d69c22c8a5cc99409ec5cbc3fb2947532252e8

Download Submit
C:\Windows\system\MGfbrJl.exe

Filesize
6.0MB

MD5
d20f4c24db08d3f42d0387c6d69aa7a0

SHA1
eb5fae19b0cd9af3a12ef5d340cfaa919f71f3dd

SHA256
4b9b9caa9cb645476a194dbc25f231be2527deb94f85c2f25a97bcabff523f0d

SHA512
d62bdd1cd95e3d62d22160d07ac9c5e4ac716416f6655bbae0532414e2ae67a35683bb8453f3753db2be1279ccdb2ef86a64417417ff81c054412fff4a5ceac1

Download Submit
C:\Windows\system\QlPDjWZ.exe

Filesize
6.0MB

MD5
3992c8a2d812678e53b6a0eed4b0009c

SHA1
346cfad71d1c072e465bbc683818e245dd1d3992

SHA256
58ed4943f26b787de51954a5e5a4f5325d9c27bc910d3e7b236feea75dfe95bc

SHA512
f1d668267474cc4d58275051fb4ca9b37be2a8d895bacf1ee1f212aa60ec009c0ee519d32b1debc55c692f185f0346b64751e629b80cbf2cff82db3fd9792111

Download Submit
C:\Windows\system\RCiTLNL.exe

Filesize
6.0MB

MD5
56e6026432a015684fb371b29d340e33

SHA1
a1f766913e7e80ba4c2ee1316d097bd6426a6751

SHA256
07e902b559fca5f6efd967760d5f2e201b7f003ca74d9fb5d8f6f4eb5ede9fbd

SHA512
16a7257799d59ccbc04183da030905cdd0f1ef2624fea67c7acf2061969c6a93693886ce23330c08819d5d5e04d7071959b85f110617d2f39475d257584bef35

Download Submit
C:\Windows\system\RYeINRT.exe

Filesize
6.0MB

MD5
67fa1cf7f0dd4bbb9c35b518a090199a

SHA1
f0f622813cb770918b78ac222ce2759bf4f0e985

SHA256
8fa6b3ff5d6dd90ddb069163fb2910b3c0161a4e14282896752a46feadd7c7ef

SHA512
bcdf64877b4fc1ba81a18977b40204f8eb1713d3da99d701fd891b999a1b837d8d11879d4a7cc165634e3185ee4241c7d870abd310e11bb9abb642a593ccd620

Download Submit
C:\Windows\system\TkIhCLW.exe

Filesize
6.0MB

MD5
f22f9d6b6659f501753a36c861d7e4a7

SHA1
ef31d2d73c7a8d78cf8531978e4555b080907c4e

SHA256
a110527134f9ee5632fd59c99116661578c4a73e92ac289a2e06a954e17967cb

SHA512
dd36fdc3bf7add9f5bbad726f35dc96efd7786a4091e13ce864b229f3a375bf02ba07e60438102f409a46c29bb949ee713f23973b513dd12cc096d80e8c082cf

Download Submit
C:\Windows\system\XqmhKXW.exe

Filesize
6.0MB

MD5
28c62fc495e391995da48b288e4e83ea

SHA1
06d39eab9d8cd8e6e37c231f0f4337a2fa0bb1ee

SHA256
3e37523c35aaed9246ca8684302ac06d172e7943f3228e7fd6e4edee1d723f31

SHA512
4fad28065b43ecd8ec804457974bc302659fcc498e62c04411ba22643afc009c2afee96cefa7c19f92adae04c4f6c1cccf30d69de824c094e8adff9af1de485e

Download Submit
C:\Windows\system\YHjryue.exe

Filesize
6.0MB

MD5
6f48c2eedc1a3f4e2f9df3a0f233ba78

SHA1
ca8a468453eea391275fceff597f1533fb85ee61

SHA256
bcf57338988d49e6dc519a418e100b8e4a3cdf30120288af612ec528a4c36fba

SHA512
bc5d5dfa8661d55329953016d8bfa306ecf409467d19e8a2d77d99ad2f615440bdec5a43ab59b039b402e7572c842b997c3d180f8dc7eb87ac9f9e9a2394f5f1

Download Submit
C:\Windows\system\YVCkGMb.exe

Filesize
6.0MB

MD5
8a1726dd3cbcb88008c5d44ad3611eb4

SHA1
c4f344975d9e8f77712d5bc5e06a1320dea3fbff

SHA256
29c1c6edea8b82407c76bf3dc0081e199973c1806abf3a3c321fe3c8ceebde80

SHA512
99ab79b8f776fd1a49af45135c658589f568e2a8c1cf1180ffd92c32fc6ae0ea8c0014bbccdacb8a4d027547f2a6bf89b717954dc6f3b2f8bdfa513cc834b92b

Download Submit
C:\Windows\system\ZmVppHy.exe

Filesize
6.0MB

MD5
44c8299c52b16df92bafc80baee2a771

SHA1
8345daa00292d8d689dadc9f4250010184b9ac76

SHA256
757d15307dfef033f7f940b6758458023fd50f7e2997fbc0686b041614a368e1

SHA512
ae96bb3a7f912a742bd25db67401cea12c9264100e9ed8d487917dea13c80c7517f0bd80817889b9fc1582cc0a4859fbb6df8c2c70faaf790fb54ae49e41460c

Download Submit
C:\Windows\system\gwOJdhZ.exe

Filesize
6.0MB

MD5
7cf2a2b6a5ff53c7b5a3533e8b4934b5

SHA1
8b4d292d1336200b09a9d37e5c9ac083d68b56ac

SHA256
cd4311003300f6c7b3ce6de33b84990ba22ef6648781d083d9968ac0a79bea70

SHA512
79efab1578c2645d66da17325d533fb19ce3b58d46d29ddf58443d94b27d7200c3f3f3d0b746428746fd4a11597b28dc40403870541a9852ff1ca4e78f035f58

Download Submit
C:\Windows\system\jKofOUs.exe

Filesize
6.0MB

MD5
8e6fcd87ada0433146bda08a30a5172a

SHA1
92478ea959c6656755b0984e306244f367858341

SHA256
7b57cd83503db7904758ac48bf7f8f0f2b984977f4fa0c388c6076a26e20b4a4

SHA512
5381f8049ea8dbf619eea8bd77a90af4e7b0ac157f9d1135ad5c933fe414485c3ab53d4a146c5f71e1245a709a8b4396439483efa6669b163e35d0e99fabf1c9

Download Submit
C:\Windows\system\lLZnHEE.exe

Filesize
6.0MB

MD5
2398d7c26ddfda37c97ed088623174a7

SHA1
3cdcb5276e4b97022ad6d114f48965b9da019d88

SHA256
e8bd69e6f37c87eb20ccd33eb1999d0e7a87d78819eedaee01eeab1c0705213e

SHA512
524bb3cd0fc0fb7a95d426f63034e1e3256a3c37d15a3f0e8e8f893d6e668b368c982a2715ecabd0504fd0f137e3265f294cf51cf5811c63f5b157e7191bb3e7

Download Submit
C:\Windows\system\nqjYQPo.exe

Filesize
6.0MB

MD5
19a33b74641d4302334a4801b0bf81d1

SHA1
5e75030338f0221fe75619cb2da928a39054bc32

SHA256
9db40ec34002025a02238894088aa46ab13e5402b8287066a6a800570aa7f4f7

SHA512
49e13a85124b2824f66aea9735d5e335ae2b6d85e91820ab5e87f02ebfbd2780d56fb7a5f33529b3b1eda90baa9df8aec4442f8f89b1bacac8f87fa63e93514c

Download Submit
C:\Windows\system\qfstZig.exe

Filesize
6.0MB

MD5
aabffe6a109ceb92856a3f499c0208b2

SHA1
40cbea57a093631b5e18f0b72e357f2450908fe8

SHA256
8688c6e0828d1768371abcb9497dbd8515e1cf343b063ad78c2d9750704e2346

SHA512
b379d3cc4730b2104c60089f09322651a0c874eb8fcb94c212288279ab025374e0333a07b23793ee2424ace4b117392c012c0edc81af4319ecf00af6101e1f8a

Download Submit
C:\Windows\system\uuOIfTu.exe

Filesize
6.0MB

MD5
04e5b320743808ce7e74fc411adc8224

SHA1
89b133b741829498acba1662642067c1deb68b25

SHA256
c9323910f64da5a8ba1a96553ca5d840304bcff4d02b6a1d358ce7aa9cb9bcef

SHA512
65b35ff711a32a47d21ca1b8822c430175d34fd160f630b1796d64f2f94ec5ee1d7da54a00d1aea3cfa5cb3137aa59ecd2b87b5442948d15a0d82e158a1ed014

Download Submit
\Windows\system\AUhBCcs.exe

Filesize
6.0MB

MD5
4a666f7d9f5bc9e4be4a985d7f187399

SHA1
0703e294e736c1457ac3863b3fd7f140276f1efa

SHA256
fff6b7f0e3767ed6bf4df43262fbf0dadc3809f2c575d85f55a5cdfc2d014749

SHA512
07703c03eabd04f4a76000484ffe626ab4d3811a5d1ea5b6b92ce2ad8f50c976e6649fb08993e914f774f9408b9b0860e9cb221a479c54ad793bd61f0ca91fce

Download Submit
\Windows\system\PLtQAZj.exe

Filesize
6.0MB

MD5
4f8e50bb21a5af96d25955f304e34e00

SHA1
4a301d0d3701f7315a1dbc0eafd50c482b58f09c

SHA256
77a2c25259bcb56e76dc205b6446d5ee3e51d82f5c10ceb11f97872c41857c60

SHA512
2a1b5c08f6480a1c13afa89d7a56a59acc9b45dd8da2c8ae0c8639ee17c37257f425adc84cfa1edb06ce1e0b26868a167e581d63c5783e873065e2d2a8edd21a

Download Submit
\Windows\system\SQgGaqa.exe

Filesize
6.0MB

MD5
80c4a16c2448d86b805f42d465147b63

SHA1
350fe0380e1cdd0836647a460fefda3442d466f7

SHA256
c93e738c95d51f5a3f6db6eb183e155517a5f91ac67f453c64c837254e4ed00a

SHA512
0c89bf36a3532bcf1001da92ba76b264b311c605e283f6f0beeafb335cbc1814917c5753e776a7141034a9a4c913fa291b463450ff34d476fff5140569706ffd

Download Submit
\Windows\system\VivkSfa.exe

Filesize
6.0MB

MD5
54f6f64da868d76437b8b1a4c11b8082

SHA1
695df3b69f4fdea89c61bd25003ffcae6dac749d

SHA256
342b0d2c894c2ac4a8149b44a7ce409c88dd6be20d03a73b003e5907c909de45

SHA512
b5ff1e74c00ea664d23dc9501112dc542fe75c832418ee78a7e7929e3f19005d443c5dc1c9552c58e6ba6f177e0873d09754f0f59f64ecec2d3decf552d63506

Download Submit
\Windows\system\Wvdjbia.exe

Filesize
6.0MB

MD5
6061dd8ad81d6322e5dc0d6b2406beb0

SHA1
4f8a62750ef1732dddf0a29830ceec46fea17e4b

SHA256
4e73158e1e02509c4c50c6da8869e3a494eb8be718535b9fd1cea9d6578f43d7

SHA512
7c9cd6c7278e453a260525a01023cd8d735f46a33e7ed05272f1f2686803e586d7fae39e60067a9fc5cbff54e22a84a440172ecc049d83e311fc60949946603c

Download Submit
\Windows\system\eYhhlVP.exe

Filesize
6.0MB

MD5
6dd1ea307a05ed7403abf0cabe886a5c

SHA1
6904544c3323e3cdfbddf99960349d1cdb884bfd

SHA256
05142d1053eefb772ceaa8c10194049fd421f0d3137ad5c1e2faf74946016a91

SHA512
f62f870d791f356cae0d661f92f9a3cc3a7ac6034c7d33e76a094e6e07bd0289d2d9d376a509b9ccfb6cec8f984e8c41c05722df4f30832104eee08e54a4e41f

Download Submit
\Windows\system\oxThFmW.exe

Filesize
6.0MB

MD5
6f0583c83fdf11380306cf2ce3ad665d

SHA1
97991fdad926774443279c46eada7cae75662adb

SHA256
32d78f201a0a399e2ee01402821a2c835307934c145185a376c9c197ee785986

SHA512
050e8bf1a54115a8c270e89b5bf942d44a16b93cee46504f82fd5ece1c62615273d7a688c31e4a8226ef2fe746666dbbfcf220db904a507e34b7c0f0be94ef9b

Download Submit
memory/1036-4022-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1036-41-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2064-21-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2064-4019-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2388-15-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2388-4018-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4029-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-1402-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-103-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-13-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4026-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2588-80-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1037-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4020-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2632-28-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2632-81-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2672-82-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4028-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1036-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-76-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4027-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-50-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2776-315-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4023-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4025-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-75-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4024-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2880-71-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2996-61-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-25-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2996-68-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-7-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2996-57-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2996-89-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2996-45-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2996-91-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-70-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2996-40-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-695-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-217-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1227-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2996-0-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-112-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1607-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1606-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/3028-37-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4021-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download