cobaltstrike | 84c43b34c38cbd3069e5736bf7d69e5fda5d03712e4de0e5c0db237c23417e43

Analysis

max time kernel
130s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

16fbfc05a3bbe6e86738255e75e57cd6
SHA1

95d2ef5d93282ebb99690230f151d6caecbb90b0
SHA256

84c43b34c38cbd3069e5736bf7d69e5fda5d03712e4de0e5c0db237c23417e43
SHA512

9ffe8401c59d23070168e1f121394ead1a3b5c85f8b7349bd5dc7011ff53c1eb389bab182e493e0f02309c294b2642c6dfe5b59b157ca5199f185a033a798d60
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUn:j+R56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012270-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-17.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016df8-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-48.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-27.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018683-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013F100000-0x000000013F44D000-memory.dmp	xmrig
behavioral1/files/0x000b000000012270-3.dat	xmrig
behavioral1/memory/1708-7-0x000000013F130000-0x000000013F47D000-memory.dmp	xmrig
behavioral1/files/0x00080000000174b4-9.dat	xmrig
behavioral1/files/0x0007000000017570-17.dat	xmrig
behavioral1/memory/1868-18-0x000000013F1B0000-0x000000013F4FD000-memory.dmp	xmrig
behavioral1/memory/2328-13-0x000000013F670000-0x000000013F9BD000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f1-21.dat	xmrig
behavioral1/memory/2836-34-0x000000013FF80000-0x00000001402CD000-memory.dmp	xmrig
behavioral1/memory/2840-41-0x000000013F890000-0x000000013FBDD000-memory.dmp	xmrig
behavioral1/files/0x0009000000016df8-30.dat	xmrig
behavioral1/files/0x0005000000019274-59.dat	xmrig
behavioral1/memory/2160-155-0x000000013F5F0000-0x000000013F93D000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-101.dat	xmrig
behavioral1/files/0x0005000000019543-190.dat	xmrig
behavioral1/files/0x000500000001952e-182.dat	xmrig
behavioral1/files/0x00050000000193dc-174.dat	xmrig
behavioral1/files/0x0005000000019520-167.dat	xmrig
behavioral1/memory/1472-160-0x000000013F3B0000-0x000000013F6FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019510-157.dat	xmrig
behavioral1/memory/2772-147-0x000000013F430000-0x000000013F77D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019502-144.dat	xmrig
behavioral1/files/0x00050000000194d5-137.dat	xmrig
behavioral1/memory/2056-237-0x000000013F730000-0x000000013FA7D000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ad-128.dat	xmrig
behavioral1/files/0x0005000000019426-119.dat	xmrig
behavioral1/memory/532-112-0x000000013FCE0000-0x000000014002D000-memory.dmp	xmrig
behavioral1/memory/2480-94-0x000000013F050000-0x000000013F39D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019354-93.dat	xmrig
behavioral1/memory/2716-91-0x000000013F580000-0x000000013F8CD000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-87.dat	xmrig
behavioral1/files/0x0005000000019299-80.dat	xmrig
behavioral1/memory/1764-221-0x000000013FC80000-0x000000013FFCD000-memory.dmp	xmrig
behavioral1/memory/656-215-0x000000013FEF0000-0x000000014023D000-memory.dmp	xmrig
behavioral1/memory/1720-209-0x000000013F990000-0x000000013FCDD000-memory.dmp	xmrig
behavioral1/memory/1812-199-0x000000013F6A0000-0x000000013F9ED000-memory.dmp	xmrig
behavioral1/memory/2032-189-0x000000013F520000-0x000000013F86D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019535-188.dat	xmrig
behavioral1/memory/1740-181-0x000000013F6B0000-0x000000013F9FD000-memory.dmp	xmrig
behavioral1/files/0x000500000001952b-178.dat	xmrig
behavioral1/memory/2784-176-0x000000013F2F0000-0x000000013F63D000-memory.dmp	xmrig
behavioral1/memory/2272-166-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019518-164.dat	xmrig
behavioral1/memory/2060-77-0x000000013F800000-0x000000013FB4D000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-76.dat	xmrig
behavioral1/files/0x0005000000019508-152.dat	xmrig
behavioral1/files/0x00050000000194e1-142.dat	xmrig
behavioral1/memory/1752-136-0x000000013F960000-0x000000013FCAD000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c3-134.dat	xmrig
behavioral1/memory/2124-126-0x000000013F560000-0x000000013F8AD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019428-125.dat	xmrig
behavioral1/files/0x00050000000193f9-115.dat	xmrig
behavioral1/files/0x00050000000193d0-108.dat	xmrig
behavioral1/memory/2856-100-0x000000013F770000-0x000000013FABD000-memory.dmp	xmrig
behavioral1/files/0x000500000001939f-99.dat	xmrig
behavioral1/memory/664-86-0x000000013FC60000-0x000000013FFAD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019358-85.dat	xmrig
behavioral1/memory/2640-61-0x000000013F7C0000-0x000000013FB0D000-memory.dmp	xmrig
behavioral1/memory/2608-67-0x000000013F400000-0x000000013F74D000-memory.dmp	xmrig
behavioral1/files/0x000500000001927a-65.dat	xmrig
behavioral1/memory/2620-55-0x000000013F200000-0x000000013F54D000-memory.dmp	xmrig
behavioral1/files/0x0006000000019261-53.dat	xmrig
behavioral1/memory/2888-49-0x000000013F0D0000-0x000000013F41D000-memory.dmp	xmrig
behavioral1/files/0x0008000000018697-48.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1708	NhwKpZJ.exe
2328	pMswuVs.exe
1868	PiRjudd.exe
2836	QONrVEG.exe
2748	ITQMAhA.exe
2336	xrqYvWF.exe
2840	JJHtKqr.exe
2888	eAlKSBE.exe
2620	dRUnmmb.exe
2640	WEhAGkI.exe
2608	WuVzRox.exe
2060	GFmOKXc.exe
2716	MqqVVwN.exe
664	sFzDfEd.exe
2480	VhTqBrs.exe
2856	mSefsQG.exe
532	VGChoTj.exe
316	NLEHPrQ.exe
2124	hQrhlfY.exe
1752	LfRipBK.exe
2772	aqmgCbQ.exe
2160	CvbNIff.exe
1472	AYvVxXV.exe
2272	qYoApGR.exe
332	apgcwaV.exe
2784	WIGthyJ.exe
1740	OgUtVZm.exe
2032	RmtJsaz.exe
1480	nXEeuEa.exe
1320	qLWShpT.exe
1812	YLEBifk.exe
2932	QkbdvbS.exe
1720	gILlcXo.exe
656	eOJSaxD.exe
1764	xkhkpNe.exe
2528	acthNNe.exe
2056	JiBueOh.exe
2196	NKwQPFH.exe
2928	jvpDLRd.exe
2140	QSznLZC.exe
2044	JGUZjXt.exe
2168	aDHiolV.exe
300	TQhunXW.exe
1304	JVbXnzz.exe
1544	cMCXOgh.exe
344	YxCvDLK.exe
1240	eGLqhwi.exe
2544	AmBirho.exe
2216	cEwGNLW.exe
2448	qPPdBNE.exe
2520	vOHGKkt.exe
2816	syAmoAH.exe
3032	RsdTIAK.exe
2628	RSOFntG.exe
972	bPtldiL.exe
752	karqhGB.exe
2732	DIlVptr.exe
1672	uSzIyAE.exe
1772	qeIFGYx.exe
2020	QvzeEDO.exe
492	xnJxQwf.exe
2916	AKCJHzP.exe
2576	cIGWjMB.exe
1924	OSvUXuG.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eIDcqOv.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcHGQIf.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYZfyZs.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmRxuoL.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPzyghH.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPtgcEb.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvyTPwC.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsAyYKs.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQnzWns.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiofYrJ.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqJyyye.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAlKSBE.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHrIpoe.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiQXJXN.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wavhaBm.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giNsVtv.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gILlcXo.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyPqUna.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Skaaibg.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoBLpRW.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNwAVJc.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxUbrCv.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOnStEz.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOCRHCe.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrLMMpl.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJkpmPh.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKiuBvW.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZybeIf.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImboUhw.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvLejCx.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggpUMuc.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFcwKIb.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBcJvOb.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoWjzRv.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izwraTM.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlxbOnw.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocjwoeq.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHCiUbR.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqTAlse.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwbzPls.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgftvhX.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuoyOqi.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSXDhro.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdjENrI.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWpluji.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKUmIcU.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwyZQNv.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LukbMkc.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZocicT.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GngoIuo.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFIoMNM.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqAaBvx.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRYUGca.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwPsida.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqDzVij.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhkGrMc.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFUmcpG.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXXxqsa.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puUXcOn.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjTrJGY.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXFFHnM.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOQDDLE.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUSnlrW.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbugeTl.exe	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1708	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 1708	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 1708	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2328	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2328	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2328	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 1868	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1868	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1868	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 2336	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2336	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2336	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 2836	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2836	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2836	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2840	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2840	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2840	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2748	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2748	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2748	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2888	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2888	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2888	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2620	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2620	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2620	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2640	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2640	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2640	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2608	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2608	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2608	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2716	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2716	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2716	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2060	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2060	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2060	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2480	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2480	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2480	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 664	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 664	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 664	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 1472	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 1472	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 1472	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 2856	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2856	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2856	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 332	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 332	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 332	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 532	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 532	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 532	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 2784	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2784	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2784	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 316	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 316	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 316	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 1480	3068	2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_16fbfc05a3bbe6e86738255e75e57cd6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\NhwKpZJ.exe
  C:\Windows\System\NhwKpZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\pMswuVs.exe
  C:\Windows\System\pMswuVs.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\PiRjudd.exe
  C:\Windows\System\PiRjudd.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\xrqYvWF.exe
  C:\Windows\System\xrqYvWF.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\QONrVEG.exe
  C:\Windows\System\QONrVEG.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\JJHtKqr.exe
  C:\Windows\System\JJHtKqr.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ITQMAhA.exe
  C:\Windows\System\ITQMAhA.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\eAlKSBE.exe
  C:\Windows\System\eAlKSBE.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\dRUnmmb.exe
  C:\Windows\System\dRUnmmb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\WEhAGkI.exe
  C:\Windows\System\WEhAGkI.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\WuVzRox.exe
  C:\Windows\System\WuVzRox.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\MqqVVwN.exe
  C:\Windows\System\MqqVVwN.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\GFmOKXc.exe
  C:\Windows\System\GFmOKXc.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\VhTqBrs.exe
  C:\Windows\System\VhTqBrs.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\sFzDfEd.exe
  C:\Windows\System\sFzDfEd.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\AYvVxXV.exe
  C:\Windows\System\AYvVxXV.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\mSefsQG.exe
  C:\Windows\System\mSefsQG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\apgcwaV.exe
  C:\Windows\System\apgcwaV.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\VGChoTj.exe
  C:\Windows\System\VGChoTj.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\WIGthyJ.exe
  C:\Windows\System\WIGthyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NLEHPrQ.exe
  C:\Windows\System\NLEHPrQ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\nXEeuEa.exe
  C:\Windows\System\nXEeuEa.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\hQrhlfY.exe
  C:\Windows\System\hQrhlfY.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\qLWShpT.exe
  C:\Windows\System\qLWShpT.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\LfRipBK.exe
  C:\Windows\System\LfRipBK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\QkbdvbS.exe
  C:\Windows\System\QkbdvbS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\aqmgCbQ.exe
  C:\Windows\System\aqmgCbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\jvpDLRd.exe
  C:\Windows\System\jvpDLRd.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CvbNIff.exe
  C:\Windows\System\CvbNIff.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\QSznLZC.exe
  C:\Windows\System\QSznLZC.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\qYoApGR.exe
  C:\Windows\System\qYoApGR.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\JGUZjXt.exe
  C:\Windows\System\JGUZjXt.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\OgUtVZm.exe
  C:\Windows\System\OgUtVZm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\aDHiolV.exe
  C:\Windows\System\aDHiolV.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\RmtJsaz.exe
  C:\Windows\System\RmtJsaz.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\TQhunXW.exe
  C:\Windows\System\TQhunXW.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\YLEBifk.exe
  C:\Windows\System\YLEBifk.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\JVbXnzz.exe
  C:\Windows\System\JVbXnzz.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\gILlcXo.exe
  C:\Windows\System\gILlcXo.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\cMCXOgh.exe
  C:\Windows\System\cMCXOgh.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\eOJSaxD.exe
  C:\Windows\System\eOJSaxD.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\YxCvDLK.exe
  C:\Windows\System\YxCvDLK.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\xkhkpNe.exe
  C:\Windows\System\xkhkpNe.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\eGLqhwi.exe
  C:\Windows\System\eGLqhwi.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\acthNNe.exe
  C:\Windows\System\acthNNe.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\AmBirho.exe
  C:\Windows\System\AmBirho.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\JiBueOh.exe
  C:\Windows\System\JiBueOh.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\cEwGNLW.exe
  C:\Windows\System\cEwGNLW.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\NKwQPFH.exe
  C:\Windows\System\NKwQPFH.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\qPPdBNE.exe
  C:\Windows\System\qPPdBNE.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\vOHGKkt.exe
  C:\Windows\System\vOHGKkt.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\syAmoAH.exe
  C:\Windows\System\syAmoAH.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\RsdTIAK.exe
  C:\Windows\System\RsdTIAK.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\DIlVptr.exe
  C:\Windows\System\DIlVptr.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\RSOFntG.exe
  C:\Windows\System\RSOFntG.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\QvzeEDO.exe
  C:\Windows\System\QvzeEDO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\bPtldiL.exe
  C:\Windows\System\bPtldiL.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\xnJxQwf.exe
  C:\Windows\System\xnJxQwf.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\karqhGB.exe
  C:\Windows\System\karqhGB.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\AKCJHzP.exe
  C:\Windows\System\AKCJHzP.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\uSzIyAE.exe
  C:\Windows\System\uSzIyAE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\cIGWjMB.exe
  C:\Windows\System\cIGWjMB.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\qeIFGYx.exe
  C:\Windows\System\qeIFGYx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\OSvUXuG.exe
  C:\Windows\System\OSvUXuG.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\gFFFrDh.exe
  C:\Windows\System\gFFFrDh.exe
  2⤵
  PID:108
- C:\Windows\System\tqUARbI.exe
  C:\Windows\System\tqUARbI.exe
  2⤵
  PID:840
- C:\Windows\System\CKeVtKU.exe
  C:\Windows\System\CKeVtKU.exe
  2⤵
  PID:1968
- C:\Windows\System\LDQVFZV.exe
  C:\Windows\System\LDQVFZV.exe
  2⤵
  PID:2116
- C:\Windows\System\ZQQogUX.exe
  C:\Windows\System\ZQQogUX.exe
  2⤵
  PID:2128
- C:\Windows\System\YfTtFxV.exe
  C:\Windows\System\YfTtFxV.exe
  2⤵
  PID:2120
- C:\Windows\System\QOlyttH.exe
  C:\Windows\System\QOlyttH.exe
  2⤵
  PID:816
- C:\Windows\System\vvGwjwl.exe
  C:\Windows\System\vvGwjwl.exe
  2⤵
  PID:2184
- C:\Windows\System\SacSqdt.exe
  C:\Windows\System\SacSqdt.exe
  2⤵
  PID:688
- C:\Windows\System\hDnBICg.exe
  C:\Windows\System\hDnBICg.exe
  2⤵
  PID:2288
- C:\Windows\System\RqFXctZ.exe
  C:\Windows\System\RqFXctZ.exe
  2⤵
  PID:864
- C:\Windows\System\anJiiQZ.exe
  C:\Windows\System\anJiiQZ.exe
  2⤵
  PID:2820
- C:\Windows\System\JHXzEuv.exe
  C:\Windows\System\JHXzEuv.exe
  2⤵
  PID:2228
- C:\Windows\System\VLaFVpH.exe
  C:\Windows\System\VLaFVpH.exe
  2⤵
  PID:2780
- C:\Windows\System\vYOHxaE.exe
  C:\Windows\System\vYOHxaE.exe
  2⤵
  PID:2348
- C:\Windows\System\DBJLhzO.exe
  C:\Windows\System\DBJLhzO.exe
  2⤵
  PID:2672
- C:\Windows\System\IBJLuUV.exe
  C:\Windows\System\IBJLuUV.exe
  2⤵
  PID:1724
- C:\Windows\System\SQOjPcM.exe
  C:\Windows\System\SQOjPcM.exe
  2⤵
  PID:2740
- C:\Windows\System\mhPhlPP.exe
  C:\Windows\System\mhPhlPP.exe
  2⤵
  PID:3044
- C:\Windows\System\yFUmcpG.exe
  C:\Windows\System\yFUmcpG.exe
  2⤵
  PID:2360
- C:\Windows\System\gzBjoKA.exe
  C:\Windows\System\gzBjoKA.exe
  2⤵
  PID:2960
- C:\Windows\System\KduTEJj.exe
  C:\Windows\System\KduTEJj.exe
  2⤵
  PID:2476
- C:\Windows\System\YDLhfOX.exe
  C:\Windows\System\YDLhfOX.exe
  2⤵
  PID:1280
- C:\Windows\System\TENYGIb.exe
  C:\Windows\System\TENYGIb.exe
  2⤵
  PID:692
- C:\Windows\System\EIRLqjM.exe
  C:\Windows\System\EIRLqjM.exe
  2⤵
  PID:2092
- C:\Windows\System\vxpbyHa.exe
  C:\Windows\System\vxpbyHa.exe
  2⤵
  PID:2212
- C:\Windows\System\egmJhBZ.exe
  C:\Windows\System\egmJhBZ.exe
  2⤵
  PID:400
- C:\Windows\System\hQQndit.exe
  C:\Windows\System\hQQndit.exe
  2⤵
  PID:3040
- C:\Windows\System\ZPHzumR.exe
  C:\Windows\System\ZPHzumR.exe
  2⤵
  PID:2260
- C:\Windows\System\AghNUuM.exe
  C:\Windows\System\AghNUuM.exe
  2⤵
  PID:3080
- C:\Windows\System\UCxaKaT.exe
  C:\Windows\System\UCxaKaT.exe
  2⤵
  PID:3108
- C:\Windows\System\XogGeXI.exe
  C:\Windows\System\XogGeXI.exe
  2⤵
  PID:3128
- C:\Windows\System\pkvhwlN.exe
  C:\Windows\System\pkvhwlN.exe
  2⤵
  PID:3208
- C:\Windows\System\HWWgxll.exe
  C:\Windows\System\HWWgxll.exe
  2⤵
  PID:3228
- C:\Windows\System\NehlQef.exe
  C:\Windows\System\NehlQef.exe
  2⤵
  PID:3252
- C:\Windows\System\VcxkpEG.exe
  C:\Windows\System\VcxkpEG.exe
  2⤵
  PID:3276
- C:\Windows\System\fKUmIcU.exe
  C:\Windows\System\fKUmIcU.exe
  2⤵
  PID:3296
- C:\Windows\System\sDFnbnl.exe
  C:\Windows\System\sDFnbnl.exe
  2⤵
  PID:3312
- C:\Windows\System\EGoGoCQ.exe
  C:\Windows\System\EGoGoCQ.exe
  2⤵
  PID:3336
- C:\Windows\System\PRFXteS.exe
  C:\Windows\System\PRFXteS.exe
  2⤵
  PID:3356
- C:\Windows\System\BpJYCXK.exe
  C:\Windows\System\BpJYCXK.exe
  2⤵
  PID:3400
- C:\Windows\System\xnSsZJh.exe
  C:\Windows\System\xnSsZJh.exe
  2⤵
  PID:3424
- C:\Windows\System\XrOYIDR.exe
  C:\Windows\System\XrOYIDR.exe
  2⤵
  PID:3440
- C:\Windows\System\GVvulTQ.exe
  C:\Windows\System\GVvulTQ.exe
  2⤵
  PID:3468
- C:\Windows\System\GDaBdKh.exe
  C:\Windows\System\GDaBdKh.exe
  2⤵
  PID:3488
- C:\Windows\System\CjthDfV.exe
  C:\Windows\System\CjthDfV.exe
  2⤵
  PID:3516
- C:\Windows\System\sSOvhWP.exe
  C:\Windows\System\sSOvhWP.exe
  2⤵
  PID:3532
- C:\Windows\System\aFsYhnp.exe
  C:\Windows\System\aFsYhnp.exe
  2⤵
  PID:3556
- C:\Windows\System\OxtNRWl.exe
  C:\Windows\System\OxtNRWl.exe
  2⤵
  PID:3576
- C:\Windows\System\fQxmmZL.exe
  C:\Windows\System\fQxmmZL.exe
  2⤵
  PID:3596
- C:\Windows\System\xOUBwHt.exe
  C:\Windows\System\xOUBwHt.exe
  2⤵
  PID:3616
- C:\Windows\System\DIUQUIs.exe
  C:\Windows\System\DIUQUIs.exe
  2⤵
  PID:3640
- C:\Windows\System\brbXJUd.exe
  C:\Windows\System\brbXJUd.exe
  2⤵
  PID:3668
- C:\Windows\System\QumvwHf.exe
  C:\Windows\System\QumvwHf.exe
  2⤵
  PID:3692
- C:\Windows\System\dADAgYu.exe
  C:\Windows\System\dADAgYu.exe
  2⤵
  PID:3712
- C:\Windows\System\ZJFyslW.exe
  C:\Windows\System\ZJFyslW.exe
  2⤵
  PID:3732
- C:\Windows\System\WDpuUTy.exe
  C:\Windows\System\WDpuUTy.exe
  2⤵
  PID:3752
- C:\Windows\System\LkBLaTy.exe
  C:\Windows\System\LkBLaTy.exe
  2⤵
  PID:3772
- C:\Windows\System\aUgndRY.exe
  C:\Windows\System\aUgndRY.exe
  2⤵
  PID:3796
- C:\Windows\System\sqszXUF.exe
  C:\Windows\System\sqszXUF.exe
  2⤵
  PID:3816
- C:\Windows\System\hXybadm.exe
  C:\Windows\System\hXybadm.exe
  2⤵
  PID:3880
- C:\Windows\System\uCovOUx.exe
  C:\Windows\System\uCovOUx.exe
  2⤵
  PID:3900
- C:\Windows\System\ocjwoeq.exe
  C:\Windows\System\ocjwoeq.exe
  2⤵
  PID:3928
- C:\Windows\System\evMViGT.exe
  C:\Windows\System\evMViGT.exe
  2⤵
  PID:3944
- C:\Windows\System\TNGNfcn.exe
  C:\Windows\System\TNGNfcn.exe
  2⤵
  PID:3960
- C:\Windows\System\DjuzoSV.exe
  C:\Windows\System\DjuzoSV.exe
  2⤵
  PID:3984
- C:\Windows\System\KoBUHFj.exe
  C:\Windows\System\KoBUHFj.exe
  2⤵
  PID:4000
- C:\Windows\System\NcHYIjd.exe
  C:\Windows\System\NcHYIjd.exe
  2⤵
  PID:4016
- C:\Windows\System\PexWjWO.exe
  C:\Windows\System\PexWjWO.exe
  2⤵
  PID:4032
- C:\Windows\System\XuoyOqi.exe
  C:\Windows\System\XuoyOqi.exe
  2⤵
  PID:4052
- C:\Windows\System\mvrJhHx.exe
  C:\Windows\System\mvrJhHx.exe
  2⤵
  PID:4072
- C:\Windows\System\SWMzMsD.exe
  C:\Windows\System\SWMzMsD.exe
  2⤵
  PID:2164
- C:\Windows\System\vLxgQHi.exe
  C:\Windows\System\vLxgQHi.exe
  2⤵
  PID:2796
- C:\Windows\System\FYPKllZ.exe
  C:\Windows\System\FYPKllZ.exe
  2⤵
  PID:2904
- C:\Windows\System\aUQfOfa.exe
  C:\Windows\System\aUQfOfa.exe
  2⤵
  PID:2296
- C:\Windows\System\wtRaVKA.exe
  C:\Windows\System\wtRaVKA.exe
  2⤵
  PID:3004
- C:\Windows\System\CQmNBKy.exe
  C:\Windows\System\CQmNBKy.exe
  2⤵
  PID:568
- C:\Windows\System\tWZyveB.exe
  C:\Windows\System\tWZyveB.exe
  2⤵
  PID:2396
- C:\Windows\System\WUyphcC.exe
  C:\Windows\System\WUyphcC.exe
  2⤵
  PID:1612
- C:\Windows\System\IyZFggb.exe
  C:\Windows\System\IyZFggb.exe
  2⤵
  PID:2000
- C:\Windows\System\tJsqxza.exe
  C:\Windows\System\tJsqxza.exe
  2⤵
  PID:3120
- C:\Windows\System\wHkzuQr.exe
  C:\Windows\System\wHkzuQr.exe
  2⤵
  PID:1972
- C:\Windows\System\wDbClob.exe
  C:\Windows\System\wDbClob.exe
  2⤵
  PID:1728
- C:\Windows\System\VrPtMnK.exe
  C:\Windows\System\VrPtMnK.exe
  2⤵
  PID:3100
- C:\Windows\System\JdjnqLB.exe
  C:\Windows\System\JdjnqLB.exe
  2⤵
  PID:2636
- C:\Windows\System\HbFyAgu.exe
  C:\Windows\System\HbFyAgu.exe
  2⤵
  PID:3136
- C:\Windows\System\OYQQTfs.exe
  C:\Windows\System\OYQQTfs.exe
  2⤵
  PID:3156
- C:\Windows\System\aYfDkxI.exe
  C:\Windows\System\aYfDkxI.exe
  2⤵
  PID:3180
- C:\Windows\System\RfBDoTA.exe
  C:\Windows\System\RfBDoTA.exe
  2⤵
  PID:3192
- C:\Windows\System\YelKYLT.exe
  C:\Windows\System\YelKYLT.exe
  2⤵
  PID:3264
- C:\Windows\System\bdYCsky.exe
  C:\Windows\System\bdYCsky.exe
  2⤵
  PID:3308
- C:\Windows\System\faLtprr.exe
  C:\Windows\System\faLtprr.exe
  2⤵
  PID:3248
- C:\Windows\System\KeZFbCT.exe
  C:\Windows\System\KeZFbCT.exe
  2⤵
  PID:3324
- C:\Windows\System\MIYEOqG.exe
  C:\Windows\System\MIYEOqG.exe
  2⤵
  PID:3364
- C:\Windows\System\WxSqtWv.exe
  C:\Windows\System\WxSqtWv.exe
  2⤵
  PID:3380
- C:\Windows\System\LKuPsnw.exe
  C:\Windows\System\LKuPsnw.exe
  2⤵
  PID:3448
- C:\Windows\System\TRKrUoX.exe
  C:\Windows\System\TRKrUoX.exe
  2⤵
  PID:3500
- C:\Windows\System\uhcJyXK.exe
  C:\Windows\System\uhcJyXK.exe
  2⤵
  PID:3540
- C:\Windows\System\iyPqUna.exe
  C:\Windows\System\iyPqUna.exe
  2⤵
  PID:3584
- C:\Windows\System\PKGdZPZ.exe
  C:\Windows\System\PKGdZPZ.exe
  2⤵
  PID:3632
- C:\Windows\System\knijHSd.exe
  C:\Windows\System\knijHSd.exe
  2⤵
  PID:3684
- C:\Windows\System\nvQmcCh.exe
  C:\Windows\System\nvQmcCh.exe
  2⤵
  PID:3484
- C:\Windows\System\BVehmlf.exe
  C:\Windows\System\BVehmlf.exe
  2⤵
  PID:3764
- C:\Windows\System\fpbsows.exe
  C:\Windows\System\fpbsows.exe
  2⤵
  PID:3812
- C:\Windows\System\kdfJzhg.exe
  C:\Windows\System\kdfJzhg.exe
  2⤵
  PID:3660
- C:\Windows\System\NUIZClU.exe
  C:\Windows\System\NUIZClU.exe
  2⤵
  PID:3744
- C:\Windows\System\iduouhZ.exe
  C:\Windows\System\iduouhZ.exe
  2⤵
  PID:3936
- C:\Windows\System\GeTpfxQ.exe
  C:\Windows\System\GeTpfxQ.exe
  2⤵
  PID:3792
- C:\Windows\System\UWAkcUJ.exe
  C:\Windows\System\UWAkcUJ.exe
  2⤵
  PID:3608
- C:\Windows\System\gpIBDfU.exe
  C:\Windows\System\gpIBDfU.exe
  2⤵
  PID:3848
- C:\Windows\System\vmsGxhx.exe
  C:\Windows\System\vmsGxhx.exe
  2⤵
  PID:3868
- C:\Windows\System\OVFSIRZ.exe
  C:\Windows\System\OVFSIRZ.exe
  2⤵
  PID:3980
- C:\Windows\System\sdXdBjW.exe
  C:\Windows\System\sdXdBjW.exe
  2⤵
  PID:3920
- C:\Windows\System\xIGAHrf.exe
  C:\Windows\System\xIGAHrf.exe
  2⤵
  PID:4080
- C:\Windows\System\MyrAmia.exe
  C:\Windows\System\MyrAmia.exe
  2⤵
  PID:600
- C:\Windows\System\STxAJoj.exe
  C:\Windows\System\STxAJoj.exe
  2⤵
  PID:2996
- C:\Windows\System\qFDgKxc.exe
  C:\Windows\System\qFDgKxc.exe
  2⤵
  PID:4028
- C:\Windows\System\qIfgloR.exe
  C:\Windows\System\qIfgloR.exe
  2⤵
  PID:1596
- C:\Windows\System\mLcxWBN.exe
  C:\Windows\System\mLcxWBN.exe
  2⤵
  PID:808
- C:\Windows\System\tvareYP.exe
  C:\Windows\System\tvareYP.exe
  2⤵
  PID:3092
- C:\Windows\System\FstdWHn.exe
  C:\Windows\System\FstdWHn.exe
  2⤵
  PID:3168
- C:\Windows\System\HAyCBIF.exe
  C:\Windows\System\HAyCBIF.exe
  2⤵
  PID:3260
- C:\Windows\System\GFsAkYY.exe
  C:\Windows\System\GFsAkYY.exe
  2⤵
  PID:3352
- C:\Windows\System\kKkouRV.exe
  C:\Windows\System\kKkouRV.exe
  2⤵
  PID:3420
- C:\Windows\System\LrAzFIh.exe
  C:\Windows\System\LrAzFIh.exe
  2⤵
  PID:1260
- C:\Windows\System\IITakYj.exe
  C:\Windows\System\IITakYj.exe
  2⤵
  PID:1532
- C:\Windows\System\OMTAsvi.exe
  C:\Windows\System\OMTAsvi.exe
  2⤵
  PID:3636
- C:\Windows\System\YUcWMPR.exe
  C:\Windows\System\YUcWMPR.exe
  2⤵
  PID:1804
- C:\Windows\System\BvwZcNQ.exe
  C:\Windows\System\BvwZcNQ.exe
  2⤵
  PID:1156
- C:\Windows\System\rnUnDGm.exe
  C:\Windows\System\rnUnDGm.exe
  2⤵
  PID:3808
- C:\Windows\System\dSLrgIr.exe
  C:\Windows\System\dSLrgIr.exe
  2⤵
  PID:3708
- C:\Windows\System\bCOGhMr.exe
  C:\Windows\System\bCOGhMr.exe
  2⤵
  PID:3836
- C:\Windows\System\zbkLBMl.exe
  C:\Windows\System\zbkLBMl.exe
  2⤵
  PID:3016
- C:\Windows\System\FOtWQDF.exe
  C:\Windows\System\FOtWQDF.exe
  2⤵
  PID:888
- C:\Windows\System\VoBLpRW.exe
  C:\Windows\System\VoBLpRW.exe
  2⤵
  PID:2408
- C:\Windows\System\nDWihFR.exe
  C:\Windows\System\nDWihFR.exe
  2⤵
  PID:3124
- C:\Windows\System\HSjjQId.exe
  C:\Windows\System\HSjjQId.exe
  2⤵
  PID:3408
- C:\Windows\System\sVbkjBC.exe
  C:\Windows\System\sVbkjBC.exe
  2⤵
  PID:3480
- C:\Windows\System\QuhHomc.exe
  C:\Windows\System\QuhHomc.exe
  2⤵
  PID:4100
- C:\Windows\System\RoaPWfZ.exe
  C:\Windows\System\RoaPWfZ.exe
  2⤵
  PID:4124
- C:\Windows\System\xUUjLuq.exe
  C:\Windows\System\xUUjLuq.exe
  2⤵
  PID:4140
- C:\Windows\System\hLRFrKF.exe
  C:\Windows\System\hLRFrKF.exe
  2⤵
  PID:4164
- C:\Windows\System\UIOamZD.exe
  C:\Windows\System\UIOamZD.exe
  2⤵
  PID:4188
- C:\Windows\System\vtYAbLF.exe
  C:\Windows\System\vtYAbLF.exe
  2⤵
  PID:4208
- C:\Windows\System\WCQOlWu.exe
  C:\Windows\System\WCQOlWu.exe
  2⤵
  PID:4224
- C:\Windows\System\fFoyIAc.exe
  C:\Windows\System\fFoyIAc.exe
  2⤵
  PID:4248
- C:\Windows\System\YkWnkBg.exe
  C:\Windows\System\YkWnkBg.exe
  2⤵
  PID:4268
- C:\Windows\System\QjTaeIE.exe
  C:\Windows\System\QjTaeIE.exe
  2⤵
  PID:4288
- C:\Windows\System\rTZwvwa.exe
  C:\Windows\System\rTZwvwa.exe
  2⤵
  PID:4316
- C:\Windows\System\teYouzo.exe
  C:\Windows\System\teYouzo.exe
  2⤵
  PID:4336
- C:\Windows\System\RCKswIp.exe
  C:\Windows\System\RCKswIp.exe
  2⤵
  PID:4356
- C:\Windows\System\GPfKUWd.exe
  C:\Windows\System\GPfKUWd.exe
  2⤵
  PID:4380
- C:\Windows\System\quKBJbD.exe
  C:\Windows\System\quKBJbD.exe
  2⤵
  PID:4404
- C:\Windows\System\TFMMrsZ.exe
  C:\Windows\System\TFMMrsZ.exe
  2⤵
  PID:4424
- C:\Windows\System\diVProU.exe
  C:\Windows\System\diVProU.exe
  2⤵
  PID:4444
- C:\Windows\System\EpTJeUI.exe
  C:\Windows\System\EpTJeUI.exe
  2⤵
  PID:4464
- C:\Windows\System\YjmikLS.exe
  C:\Windows\System\YjmikLS.exe
  2⤵
  PID:4480
- C:\Windows\System\kdHuCJy.exe
  C:\Windows\System\kdHuCJy.exe
  2⤵
  PID:4500
- C:\Windows\System\zRYUGca.exe
  C:\Windows\System\zRYUGca.exe
  2⤵
  PID:4520
- C:\Windows\System\YKyAStg.exe
  C:\Windows\System\YKyAStg.exe
  2⤵
  PID:4548
- C:\Windows\System\JPjzzCY.exe
  C:\Windows\System\JPjzzCY.exe
  2⤵
  PID:4572
- C:\Windows\System\HmFfqtb.exe
  C:\Windows\System\HmFfqtb.exe
  2⤵
  PID:4596
- C:\Windows\System\WRQnodH.exe
  C:\Windows\System\WRQnodH.exe
  2⤵
  PID:4620
- C:\Windows\System\xcIsLOC.exe
  C:\Windows\System\xcIsLOC.exe
  2⤵
  PID:4640
- C:\Windows\System\ffjNopG.exe
  C:\Windows\System\ffjNopG.exe
  2⤵
  PID:4660
- C:\Windows\System\tPEXTJn.exe
  C:\Windows\System\tPEXTJn.exe
  2⤵
  PID:4684
- C:\Windows\System\NhQBqWB.exe
  C:\Windows\System\NhQBqWB.exe
  2⤵
  PID:4708
- C:\Windows\System\sgUNDEL.exe
  C:\Windows\System\sgUNDEL.exe
  2⤵
  PID:4728
- C:\Windows\System\KTVTJRh.exe
  C:\Windows\System\KTVTJRh.exe
  2⤵
  PID:4748
- C:\Windows\System\CUsHzFc.exe
  C:\Windows\System\CUsHzFc.exe
  2⤵
  PID:4772
- C:\Windows\System\vnxQQQZ.exe
  C:\Windows\System\vnxQQQZ.exe
  2⤵
  PID:4800
- C:\Windows\System\VHMuTZr.exe
  C:\Windows\System\VHMuTZr.exe
  2⤵
  PID:4820
- C:\Windows\System\gjaITEx.exe
  C:\Windows\System\gjaITEx.exe
  2⤵
  PID:5012
- C:\Windows\System\hEVrarR.exe
  C:\Windows\System\hEVrarR.exe
  2⤵
  PID:5032
- C:\Windows\System\aHKsTHw.exe
  C:\Windows\System\aHKsTHw.exe
  2⤵
  PID:5060
- C:\Windows\System\XAuZHwt.exe
  C:\Windows\System\XAuZHwt.exe
  2⤵
  PID:5080
- C:\Windows\System\pmpieDd.exe
  C:\Windows\System\pmpieDd.exe
  2⤵
  PID:5096
- C:\Windows\System\hMZiHOs.exe
  C:\Windows\System\hMZiHOs.exe
  2⤵
  PID:3648
- C:\Windows\System\oJpLbWz.exe
  C:\Windows\System\oJpLbWz.exe
  2⤵
  PID:3048
- C:\Windows\System\lXjWAKN.exe
  C:\Windows\System\lXjWAKN.exe
  2⤵
  PID:2808
- C:\Windows\System\XfFQzUv.exe
  C:\Windows\System\XfFQzUv.exe
  2⤵
  PID:2728
- C:\Windows\System\DEgmYsT.exe
  C:\Windows\System\DEgmYsT.exe
  2⤵
  PID:4200
- C:\Windows\System\avFxqNz.exe
  C:\Windows\System\avFxqNz.exe
  2⤵
  PID:4276
- C:\Windows\System\mjVMlQB.exe
  C:\Windows\System\mjVMlQB.exe
  2⤵
  PID:4328
- C:\Windows\System\blGSFrI.exe
  C:\Windows\System\blGSFrI.exe
  2⤵
  PID:4416
- C:\Windows\System\UPzMOSJ.exe
  C:\Windows\System\UPzMOSJ.exe
  2⤵
  PID:4488
- C:\Windows\System\UVaGCRM.exe
  C:\Windows\System\UVaGCRM.exe
  2⤵
  PID:4544
- C:\Windows\System\zEYgWYv.exe
  C:\Windows\System\zEYgWYv.exe
  2⤵
  PID:4584
- C:\Windows\System\WLIPsPw.exe
  C:\Windows\System\WLIPsPw.exe
  2⤵
  PID:4628
- C:\Windows\System\VbDWvrw.exe
  C:\Windows\System\VbDWvrw.exe
  2⤵
  PID:3116
- C:\Windows\System\jwvbGDo.exe
  C:\Windows\System\jwvbGDo.exe
  2⤵
  PID:4676
- C:\Windows\System\wsOEWZE.exe
  C:\Windows\System\wsOEWZE.exe
  2⤵
  PID:2684
- C:\Windows\System\rpCqbYk.exe
  C:\Windows\System\rpCqbYk.exe
  2⤵
  PID:3188
- C:\Windows\System\FObDZwr.exe
  C:\Windows\System\FObDZwr.exe
  2⤵
  PID:3320
- C:\Windows\System\BmsGiVc.exe
  C:\Windows\System\BmsGiVc.exe
  2⤵
  PID:3376
- C:\Windows\System\lJCGfVr.exe
  C:\Windows\System\lJCGfVr.exe
  2⤵
  PID:4756
- C:\Windows\System\NLnhWEh.exe
  C:\Windows\System\NLnhWEh.exe
  2⤵
  PID:3392
- C:\Windows\System\Xvzkcvv.exe
  C:\Windows\System\Xvzkcvv.exe
  2⤵
  PID:4812
- C:\Windows\System\nvIvgDR.exe
  C:\Windows\System\nvIvgDR.exe
  2⤵
  PID:3760
- C:\Windows\System\dfidynI.exe
  C:\Windows\System\dfidynI.exe
  2⤵
  PID:3780
- C:\Windows\System\EmRxuoL.exe
  C:\Windows\System\EmRxuoL.exe
  2⤵
  PID:3860
- C:\Windows\System\AJpxnGI.exe
  C:\Windows\System\AJpxnGI.exe
  2⤵
  PID:3916
- C:\Windows\System\UfuDlmz.exe
  C:\Windows\System\UfuDlmz.exe
  2⤵
  PID:3164
- C:\Windows\System\qMzDdcy.exe
  C:\Windows\System\qMzDdcy.exe
  2⤵
  PID:3740
- C:\Windows\System\dXFlLgL.exe
  C:\Windows\System\dXFlLgL.exe
  2⤵
  PID:3784
- C:\Windows\System\MQOfMSM.exe
  C:\Windows\System\MQOfMSM.exe
  2⤵
  PID:4176
- C:\Windows\System\bOSgREq.exe
  C:\Windows\System\bOSgREq.exe
  2⤵
  PID:4308
- C:\Windows\System\DAaGmSQ.exe
  C:\Windows\System\DAaGmSQ.exe
  2⤵
  PID:4392
- C:\Windows\System\fAVBgrw.exe
  C:\Windows\System\fAVBgrw.exe
  2⤵
  PID:4556
- C:\Windows\System\cOGuKGg.exe
  C:\Windows\System\cOGuKGg.exe
  2⤵
  PID:4608
- C:\Windows\System\BpTQMYS.exe
  C:\Windows\System\BpTQMYS.exe
  2⤵
  PID:4692
- C:\Windows\System\GXXxqsa.exe
  C:\Windows\System\GXXxqsa.exe
  2⤵
  PID:4740
- C:\Windows\System\rARdvrc.exe
  C:\Windows\System\rARdvrc.exe
  2⤵
  PID:4796
- C:\Windows\System\SzszNsV.exe
  C:\Windows\System\SzszNsV.exe
  2⤵
  PID:1088
- C:\Windows\System\CoknDoT.exe
  C:\Windows\System\CoknDoT.exe
  2⤵
  PID:628
- C:\Windows\System\ohOhhAv.exe
  C:\Windows\System\ohOhhAv.exe
  2⤵
  PID:3956
- C:\Windows\System\CWDKKaF.exe
  C:\Windows\System\CWDKKaF.exe
  2⤵
  PID:4836
- C:\Windows\System\vwGrcKf.exe
  C:\Windows\System\vwGrcKf.exe
  2⤵
  PID:4856
- C:\Windows\System\KxVgymD.exe
  C:\Windows\System\KxVgymD.exe
  2⤵
  PID:4872
- C:\Windows\System\NODkdbU.exe
  C:\Windows\System\NODkdbU.exe
  2⤵
  PID:4892
- C:\Windows\System\oweghBG.exe
  C:\Windows\System\oweghBG.exe
  2⤵
  PID:4916
- C:\Windows\System\DLXqcsU.exe
  C:\Windows\System\DLXqcsU.exe
  2⤵
  PID:4936
- C:\Windows\System\oCbUEeQ.exe
  C:\Windows\System\oCbUEeQ.exe
  2⤵
  PID:4952
- C:\Windows\System\idCFTQN.exe
  C:\Windows\System\idCFTQN.exe
  2⤵
  PID:5068
- C:\Windows\System\LirJafn.exe
  C:\Windows\System\LirJafn.exe
  2⤵
  PID:5116
- C:\Windows\System\hTIlOdl.exe
  C:\Windows\System\hTIlOdl.exe
  2⤵
  PID:4976
- C:\Windows\System\GkAAngz.exe
  C:\Windows\System\GkAAngz.exe
  2⤵
  PID:3436
- C:\Windows\System\GUiImAi.exe
  C:\Windows\System\GUiImAi.exe
  2⤵
  PID:4332
- C:\Windows\System\rTfjetM.exe
  C:\Windows\System\rTfjetM.exe
  2⤵
  PID:1600
- C:\Windows\System\TVUCMWA.exe
  C:\Windows\System\TVUCMWA.exe
  2⤵
  PID:2688
- C:\Windows\System\RCYpvrK.exe
  C:\Windows\System\RCYpvrK.exe
  2⤵
  PID:5008
- C:\Windows\System\nCIqpou.exe
  C:\Windows\System\nCIqpou.exe
  2⤵
  PID:5052
- C:\Windows\System\MhfQJdU.exe
  C:\Windows\System\MhfQJdU.exe
  2⤵
  PID:5088
- C:\Windows\System\lskcQDA.exe
  C:\Windows\System\lskcQDA.exe
  2⤵
  PID:1504
- C:\Windows\System\yPLdpFi.exe
  C:\Windows\System\yPLdpFi.exe
  2⤵
  PID:3292
- C:\Windows\System\YqmoEBJ.exe
  C:\Windows\System\YqmoEBJ.exe
  2⤵
  PID:4120
- C:\Windows\System\lUWAywG.exe
  C:\Windows\System\lUWAywG.exe
  2⤵
  PID:4232
- C:\Windows\System\ekiMGWB.exe
  C:\Windows\System\ekiMGWB.exe
  2⤵
  PID:4368
- C:\Windows\System\AaBzLUX.exe
  C:\Windows\System\AaBzLUX.exe
  2⤵
  PID:4496
- C:\Windows\System\GiNrlgu.exe
  C:\Windows\System\GiNrlgu.exe
  2⤵
  PID:4808
- C:\Windows\System\pdMaOqP.exe
  C:\Windows\System\pdMaOqP.exe
  2⤵
  PID:3572
- C:\Windows\System\bOvgXmN.exe
  C:\Windows\System\bOvgXmN.exe
  2⤵
  PID:3908
- C:\Windows\System\artOgQx.exe
  C:\Windows\System\artOgQx.exe
  2⤵
  PID:2860
- C:\Windows\System\TcePhMi.exe
  C:\Windows\System\TcePhMi.exe
  2⤵
  PID:4348
- C:\Windows\System\azWtfPj.exe
  C:\Windows\System\azWtfPj.exe
  2⤵
  PID:4588
- C:\Windows\System\gJDuQvi.exe
  C:\Windows\System\gJDuQvi.exe
  2⤵
  PID:2964
- C:\Windows\System\WJwCcJf.exe
  C:\Windows\System\WJwCcJf.exe
  2⤵
  PID:4848
- C:\Windows\System\srIhDtf.exe
  C:\Windows\System\srIhDtf.exe
  2⤵
  PID:4924
- C:\Windows\System\ZsAZtRO.exe
  C:\Windows\System\ZsAZtRO.exe
  2⤵
  PID:3828
- C:\Windows\System\nVSzchu.exe
  C:\Windows\System\nVSzchu.exe
  2⤵
  PID:5020
- C:\Windows\System\LIDfFLt.exe
  C:\Windows\System\LIDfFLt.exe
  2⤵
  PID:2984
- C:\Windows\System\KrlhfvI.exe
  C:\Windows\System\KrlhfvI.exe
  2⤵
  PID:3892
- C:\Windows\System\qBnbHAQ.exe
  C:\Windows\System\qBnbHAQ.exe
  2⤵
  PID:4720
- C:\Windows\System\GPDRDhA.exe
  C:\Windows\System\GPDRDhA.exe
  2⤵
  PID:784
- C:\Windows\System\MiMJpya.exe
  C:\Windows\System\MiMJpya.exe
  2⤵
  PID:4788
- C:\Windows\System\mfHVXNT.exe
  C:\Windows\System\mfHVXNT.exe
  2⤵
  PID:4828
- C:\Windows\System\xthVwbH.exe
  C:\Windows\System\xthVwbH.exe
  2⤵
  PID:4044
- C:\Windows\System\sxSrWWu.exe
  C:\Windows\System\sxSrWWu.exe
  2⤵
  PID:968
- C:\Windows\System\CqHpraB.exe
  C:\Windows\System\CqHpraB.exe
  2⤵
  PID:4400
- C:\Windows\System\uWTQTwy.exe
  C:\Windows\System\uWTQTwy.exe
  2⤵
  PID:4460
- C:\Windows\System\obUqHUh.exe
  C:\Windows\System\obUqHUh.exe
  2⤵
  PID:3076
- C:\Windows\System\hyqoyun.exe
  C:\Windows\System\hyqoyun.exe
  2⤵
  PID:4944
- C:\Windows\System\keXtAnj.exe
  C:\Windows\System\keXtAnj.exe
  2⤵
  PID:1272
- C:\Windows\System\lnRkOjk.exe
  C:\Windows\System\lnRkOjk.exe
  2⤵
  PID:2756
- C:\Windows\System\LgQFlkL.exe
  C:\Windows\System\LgQFlkL.exe
  2⤵
  PID:3464
- C:\Windows\System\NIBnccz.exe
  C:\Windows\System\NIBnccz.exe
  2⤵
  PID:1548
- C:\Windows\System\GbgACzm.exe
  C:\Windows\System\GbgACzm.exe
  2⤵
  PID:4112
- C:\Windows\System\rdNlQrA.exe
  C:\Windows\System\rdNlQrA.exe
  2⤵
  PID:4420
- C:\Windows\System\gyFjAfs.exe
  C:\Windows\System\gyFjAfs.exe
  2⤵
  PID:292
- C:\Windows\System\TPzuXpm.exe
  C:\Windows\System\TPzuXpm.exe
  2⤵
  PID:4736
- C:\Windows\System\ghIVZfw.exe
  C:\Windows\System\ghIVZfw.exe
  2⤵
  PID:3704
- C:\Windows\System\BpqwgXb.exe
  C:\Windows\System\BpqwgXb.exe
  2⤵
  PID:4884
- C:\Windows\System\cHCiUbR.exe
  C:\Windows\System\cHCiUbR.exe
  2⤵
  PID:4764
- C:\Windows\System\GyjCAYe.exe
  C:\Windows\System\GyjCAYe.exe
  2⤵
  PID:4928
- C:\Windows\System\oUvduUZ.exe
  C:\Windows\System\oUvduUZ.exe
  2⤵
  PID:4156
- C:\Windows\System\ABsHjHm.exe
  C:\Windows\System\ABsHjHm.exe
  2⤵
  PID:3204
- C:\Windows\System\lcTtPzK.exe
  C:\Windows\System\lcTtPzK.exe
  2⤵
  PID:4216
- C:\Windows\System\icdoutg.exe
  C:\Windows\System\icdoutg.exe
  2⤵
  PID:4264
- C:\Windows\System\wIWrMvl.exe
  C:\Windows\System\wIWrMvl.exe
  2⤵
  PID:4432
- C:\Windows\System\PqTAlse.exe
  C:\Windows\System\PqTAlse.exe
  2⤵
  PID:2604
- C:\Windows\System\pElEqkl.exe
  C:\Windows\System\pElEqkl.exe
  2⤵
  PID:2944
- C:\Windows\System\RSaNmOq.exe
  C:\Windows\System\RSaNmOq.exe
  2⤵
  PID:1696
- C:\Windows\System\IMYKwkq.exe
  C:\Windows\System\IMYKwkq.exe
  2⤵
  PID:1488
- C:\Windows\System\yDYsJpj.exe
  C:\Windows\System\yDYsJpj.exe
  2⤵
  PID:2980
- C:\Windows\System\JVMCmBC.exe
  C:\Windows\System\JVMCmBC.exe
  2⤵
  PID:540
- C:\Windows\System\uSnEDxV.exe
  C:\Windows\System\uSnEDxV.exe
  2⤵
  PID:2632
- C:\Windows\System\dBzKYyt.exe
  C:\Windows\System\dBzKYyt.exe
  2⤵
  PID:448
- C:\Windows\System\fkQXNwb.exe
  C:\Windows\System\fkQXNwb.exe
  2⤵
  PID:2800
- C:\Windows\System\UuBxoro.exe
  C:\Windows\System\UuBxoro.exe
  2⤵
  PID:3144
- C:\Windows\System\pvKjSGg.exe
  C:\Windows\System\pvKjSGg.exe
  2⤵
  PID:2136
- C:\Windows\System\ZxzSlMJ.exe
  C:\Windows\System\ZxzSlMJ.exe
  2⤵
  PID:620
- C:\Windows\System\btdvDZp.exe
  C:\Windows\System\btdvDZp.exe
  2⤵
  PID:2104
- C:\Windows\System\lOVQbSX.exe
  C:\Windows\System\lOVQbSX.exe
  2⤵
  PID:5040
- C:\Windows\System\xcBTCXE.exe
  C:\Windows\System\xcBTCXE.exe
  2⤵
  PID:5048
- C:\Windows\System\oAbWGrB.exe
  C:\Windows\System\oAbWGrB.exe
  2⤵
  PID:4656
- C:\Windows\System\ILyrTWW.exe
  C:\Windows\System\ILyrTWW.exe
  2⤵
  PID:4652
- C:\Windows\System\CJinfsy.exe
  C:\Windows\System\CJinfsy.exe
  2⤵
  PID:4700
- C:\Windows\System\FCOSMid.exe
  C:\Windows\System\FCOSMid.exe
  2⤵
  PID:1376
- C:\Windows\System\qzHxiTz.exe
  C:\Windows\System\qzHxiTz.exe
  2⤵
  PID:4172
- C:\Windows\System\fxclXNF.exe
  C:\Windows\System\fxclXNF.exe
  2⤵
  PID:3592
- C:\Windows\System\ggpUMuc.exe
  C:\Windows\System\ggpUMuc.exe
  2⤵
  PID:3372
- C:\Windows\System\DNbOMBY.exe
  C:\Windows\System\DNbOMBY.exe
  2⤵
  PID:1572
- C:\Windows\System\FlhhINM.exe
  C:\Windows\System\FlhhINM.exe
  2⤵
  PID:4964
- C:\Windows\System\jLPObOA.exe
  C:\Windows\System\jLPObOA.exe
  2⤵
  PID:4724
- C:\Windows\System\yFcwKIb.exe
  C:\Windows\System\yFcwKIb.exe
  2⤵
  PID:3972
- C:\Windows\System\KYnGSIz.exe
  C:\Windows\System\KYnGSIz.exe
  2⤵
  PID:4068
- C:\Windows\System\WkcWxSQ.exe
  C:\Windows\System\WkcWxSQ.exe
  2⤵
  PID:3196
- C:\Windows\System\FSxJjpV.exe
  C:\Windows\System\FSxJjpV.exe
  2⤵
  PID:2852
- C:\Windows\System\yvuefUU.exe
  C:\Windows\System\yvuefUU.exe
  2⤵
  PID:1932
- C:\Windows\System\sYmFVqV.exe
  C:\Windows\System\sYmFVqV.exe
  2⤵
  PID:2864
- C:\Windows\System\BjTeDTV.exe
  C:\Windows\System\BjTeDTV.exe
  2⤵
  PID:2224
- C:\Windows\System\QqcrhHq.exe
  C:\Windows\System\QqcrhHq.exe
  2⤵
  PID:2556
- C:\Windows\System\vsqyQvg.exe
  C:\Windows\System\vsqyQvg.exe
  2⤵
  PID:2868
- C:\Windows\System\wWruNlT.exe
  C:\Windows\System\wWruNlT.exe
  2⤵
  PID:2760
- C:\Windows\System\suDxKqe.exe
  C:\Windows\System\suDxKqe.exe
  2⤵
  PID:576
- C:\Windows\System\cHqwito.exe
  C:\Windows\System\cHqwito.exe
  2⤵
  PID:2968
- C:\Windows\System\tjgXRKl.exe
  C:\Windows\System\tjgXRKl.exe
  2⤵
  PID:4672
- C:\Windows\System\fVESJur.exe
  C:\Windows\System\fVESJur.exe
  2⤵
  PID:3268
- C:\Windows\System\shCsiIx.exe
  C:\Windows\System\shCsiIx.exe
  2⤵
  PID:3496
- C:\Windows\System\xdKCQRb.exe
  C:\Windows\System\xdKCQRb.exe
  2⤵
  PID:4616
- C:\Windows\System\aelqSVo.exe
  C:\Windows\System\aelqSVo.exe
  2⤵
  PID:3688
- C:\Windows\System\AeDHwJF.exe
  C:\Windows\System\AeDHwJF.exe
  2⤵
  PID:2768
- C:\Windows\System\dRgBjVT.exe
  C:\Windows\System\dRgBjVT.exe
  2⤵
  PID:1688
- C:\Windows\System\yvAopvY.exe
  C:\Windows\System\yvAopvY.exe
  2⤵
  PID:2920
- C:\Windows\System\QhjwsWu.exe
  C:\Windows\System\QhjwsWu.exe
  2⤵
  PID:2112
- C:\Windows\System\SlRCdAa.exe
  C:\Windows\System\SlRCdAa.exe
  2⤵
  PID:3052
- C:\Windows\System\VfgmCiv.exe
  C:\Windows\System\VfgmCiv.exe
  2⤵
  PID:4992
- C:\Windows\System\PquMVvY.exe
  C:\Windows\System\PquMVvY.exe
  2⤵
  PID:2600
- C:\Windows\System\baXLZWa.exe
  C:\Windows\System\baXLZWa.exe
  2⤵
  PID:832
- C:\Windows\System\EmJRQoC.exe
  C:\Windows\System\EmJRQoC.exe
  2⤵
  PID:2592
- C:\Windows\System\peCUflC.exe
  C:\Windows\System\peCUflC.exe
  2⤵
  PID:1580
- C:\Windows\System\MbnpSCm.exe
  C:\Windows\System\MbnpSCm.exe
  2⤵
  PID:4240
- C:\Windows\System\bzrtYQO.exe
  C:\Windows\System\bzrtYQO.exe
  2⤵
  PID:5124
- C:\Windows\System\WzFAoOO.exe
  C:\Windows\System\WzFAoOO.exe
  2⤵
  PID:5140
- C:\Windows\System\yyqIAVo.exe
  C:\Windows\System\yyqIAVo.exe
  2⤵
  PID:5156
- C:\Windows\System\AalbCpz.exe
  C:\Windows\System\AalbCpz.exe
  2⤵
  PID:5172
- C:\Windows\System\MbsVlTF.exe
  C:\Windows\System\MbsVlTF.exe
  2⤵
  PID:5188
- C:\Windows\System\SJnWZgc.exe
  C:\Windows\System\SJnWZgc.exe
  2⤵
  PID:5204
- C:\Windows\System\NrVjFZo.exe
  C:\Windows\System\NrVjFZo.exe
  2⤵
  PID:5220
- C:\Windows\System\RMRKTdE.exe
  C:\Windows\System\RMRKTdE.exe
  2⤵
  PID:5240
- C:\Windows\System\YPYybMR.exe
  C:\Windows\System\YPYybMR.exe
  2⤵
  PID:5256
- C:\Windows\System\DXGsBxZ.exe
  C:\Windows\System\DXGsBxZ.exe
  2⤵
  PID:5272
- C:\Windows\System\VFNKuJp.exe
  C:\Windows\System\VFNKuJp.exe
  2⤵
  PID:5288
- C:\Windows\System\QLjwgJR.exe
  C:\Windows\System\QLjwgJR.exe
  2⤵
  PID:5304
- C:\Windows\System\duQQXuM.exe
  C:\Windows\System\duQQXuM.exe
  2⤵
  PID:5320
- C:\Windows\System\YKJImjd.exe
  C:\Windows\System\YKJImjd.exe
  2⤵
  PID:5336
- C:\Windows\System\nilIxwy.exe
  C:\Windows\System\nilIxwy.exe
  2⤵
  PID:5352
- C:\Windows\System\WqiCrHg.exe
  C:\Windows\System\WqiCrHg.exe
  2⤵
  PID:5368
- C:\Windows\System\EotVqhn.exe
  C:\Windows\System\EotVqhn.exe
  2⤵
  PID:5384
- C:\Windows\System\UqlYYyZ.exe
  C:\Windows\System\UqlYYyZ.exe
  2⤵
  PID:5400
- C:\Windows\System\dsfOOKA.exe
  C:\Windows\System\dsfOOKA.exe
  2⤵
  PID:5416
- C:\Windows\System\hBdsRxJ.exe
  C:\Windows\System\hBdsRxJ.exe
  2⤵
  PID:5432
- C:\Windows\System\JYbEDbh.exe
  C:\Windows\System\JYbEDbh.exe
  2⤵
  PID:5448
- C:\Windows\System\muqhRcf.exe
  C:\Windows\System\muqhRcf.exe
  2⤵
  PID:5464
- C:\Windows\System\puUXcOn.exe
  C:\Windows\System\puUXcOn.exe
  2⤵
  PID:5480
- C:\Windows\System\UPMEVNC.exe
  C:\Windows\System\UPMEVNC.exe
  2⤵
  PID:5496
- C:\Windows\System\dEeOkFi.exe
  C:\Windows\System\dEeOkFi.exe
  2⤵
  PID:5512
- C:\Windows\System\WgaCmXm.exe
  C:\Windows\System\WgaCmXm.exe
  2⤵
  PID:5528
- C:\Windows\System\zbsBbqy.exe
  C:\Windows\System\zbsBbqy.exe
  2⤵
  PID:5544
- C:\Windows\System\avCJxRC.exe
  C:\Windows\System\avCJxRC.exe
  2⤵
  PID:5564
- C:\Windows\System\DGignme.exe
  C:\Windows\System\DGignme.exe
  2⤵
  PID:5580
- C:\Windows\System\jkqUQSP.exe
  C:\Windows\System\jkqUQSP.exe
  2⤵
  PID:5596
- C:\Windows\System\ERBWGmh.exe
  C:\Windows\System\ERBWGmh.exe
  2⤵
  PID:5612
- C:\Windows\System\ZyTszjj.exe
  C:\Windows\System\ZyTszjj.exe
  2⤵
  PID:5628
- C:\Windows\System\tfqhmhq.exe
  C:\Windows\System\tfqhmhq.exe
  2⤵
  PID:5644
- C:\Windows\System\LkGfHyu.exe
  C:\Windows\System\LkGfHyu.exe
  2⤵
  PID:5660
- C:\Windows\System\SqdpLoY.exe
  C:\Windows\System\SqdpLoY.exe
  2⤵
  PID:5676
- C:\Windows\System\xHrIpoe.exe
  C:\Windows\System\xHrIpoe.exe
  2⤵
  PID:5724
- C:\Windows\System\eNYsFla.exe
  C:\Windows\System\eNYsFla.exe
  2⤵
  PID:6040
- C:\Windows\System\DRvkNSR.exe
  C:\Windows\System\DRvkNSR.exe
  2⤵
  PID:6060
- C:\Windows\System\HgqtRCb.exe
  C:\Windows\System\HgqtRCb.exe
  2⤵
  PID:6128
- C:\Windows\System\ClASbhL.exe
  C:\Windows\System\ClASbhL.exe
  2⤵
  PID:1620
- C:\Windows\System\sJBHjpi.exe
  C:\Windows\System\sJBHjpi.exe
  2⤵
  PID:2392
- C:\Windows\System\lTdeZjG.exe
  C:\Windows\System\lTdeZjG.exe
  2⤵
  PID:2804
- C:\Windows\System\kXWkkpz.exe
  C:\Windows\System\kXWkkpz.exe
  2⤵
  PID:3244
- C:\Windows\System\iYsMuOW.exe
  C:\Windows\System\iYsMuOW.exe
  2⤵
  PID:944
- C:\Windows\System\YJpCYww.exe
  C:\Windows\System\YJpCYww.exe
  2⤵
  PID:3992
- C:\Windows\System\SrXBKKt.exe
  C:\Windows\System\SrXBKKt.exe
  2⤵
  PID:4988
- C:\Windows\System\mDZekCZ.exe
  C:\Windows\System\mDZekCZ.exe
  2⤵
  PID:5184
- C:\Windows\System\GEEafmS.exe
  C:\Windows\System\GEEafmS.exe
  2⤵
  PID:2908
- C:\Windows\System\tYljftW.exe
  C:\Windows\System\tYljftW.exe
  2⤵
  PID:5252
- C:\Windows\System\PgRmxak.exe
  C:\Windows\System\PgRmxak.exe
  2⤵
  PID:1356
- C:\Windows\System\ghwRYZQ.exe
  C:\Windows\System\ghwRYZQ.exe
  2⤵
  PID:4912
- C:\Windows\System\qOEgJHo.exe
  C:\Windows\System\qOEgJHo.exe
  2⤵
  PID:4024
- C:\Windows\System\XUJeqqf.exe
  C:\Windows\System\XUJeqqf.exe
  2⤵
  PID:5076
- C:\Windows\System\PjTrJGY.exe
  C:\Windows\System\PjTrJGY.exe
  2⤵
  PID:5312
- C:\Windows\System\WfNUzVq.exe
  C:\Windows\System\WfNUzVq.exe
  2⤵
  PID:5348
- C:\Windows\System\jGimgwR.exe
  C:\Windows\System\jGimgwR.exe
  2⤵
  PID:5136
- C:\Windows\System\LyNGdJU.exe
  C:\Windows\System\LyNGdJU.exe
  2⤵
  PID:5476
- C:\Windows\System\PeoOSec.exe
  C:\Windows\System\PeoOSec.exe
  2⤵
  PID:5300
- C:\Windows\System\KtcAhRm.exe
  C:\Windows\System\KtcAhRm.exe
  2⤵
  PID:4784
- C:\Windows\System\yPaHVBx.exe
  C:\Windows\System\yPaHVBx.exe
  2⤵
  PID:916
- C:\Windows\System\ypnrAkY.exe
  C:\Windows\System\ypnrAkY.exe
  2⤵
  PID:5520
- C:\Windows\System\VvyTPwC.exe
  C:\Windows\System\VvyTPwC.exe
  2⤵
  PID:5684
- C:\Windows\System\hclZbEi.exe
  C:\Windows\System\hclZbEi.exe
  2⤵
  PID:5712
- C:\Windows\System\UPnvxAS.exe
  C:\Windows\System\UPnvxAS.exe
  2⤵
  PID:5716
- C:\Windows\System\pUYXgZw.exe
  C:\Windows\System\pUYXgZw.exe
  2⤵
  PID:5752
- C:\Windows\System\gMIHaDI.exe
  C:\Windows\System\gMIHaDI.exe
  2⤵
  PID:5760
- C:\Windows\System\Lvolfij.exe
  C:\Windows\System\Lvolfij.exe
  2⤵
  PID:5788
- C:\Windows\System\SGLJQgs.exe
  C:\Windows\System\SGLJQgs.exe
  2⤵
  PID:5804
- C:\Windows\System\XELeJST.exe
  C:\Windows\System\XELeJST.exe
  2⤵
  PID:5828
- C:\Windows\System\IzyOatT.exe
  C:\Windows\System\IzyOatT.exe
  2⤵
  PID:5820
- C:\Windows\System\PRiMzsr.exe
  C:\Windows\System\PRiMzsr.exe
  2⤵
  PID:5860
- C:\Windows\System\vvzwDrx.exe
  C:\Windows\System\vvzwDrx.exe
  2⤵
  PID:5880
- C:\Windows\System\UtUvibZ.exe
  C:\Windows\System\UtUvibZ.exe
  2⤵
  PID:5908
- C:\Windows\System\CPAOdYm.exe
  C:\Windows\System\CPAOdYm.exe
  2⤵
  PID:5952
- C:\Windows\System\icZXRiD.exe
  C:\Windows\System\icZXRiD.exe
  2⤵
  PID:5968
- C:\Windows\System\zqurHrR.exe
  C:\Windows\System\zqurHrR.exe
  2⤵
  PID:5996
- C:\Windows\System\cWjPqWt.exe
  C:\Windows\System\cWjPqWt.exe
  2⤵
  PID:6008
- C:\Windows\System\euGvTQh.exe
  C:\Windows\System\euGvTQh.exe
  2⤵
  PID:6024
- C:\Windows\System\oXcVeAa.exe
  C:\Windows\System\oXcVeAa.exe
  2⤵
  PID:6032
- C:\Windows\System\Oiknnnr.exe
  C:\Windows\System\Oiknnnr.exe
  2⤵
  PID:6080
- C:\Windows\System\JiQXJXN.exe
  C:\Windows\System\JiQXJXN.exe
  2⤵
  PID:6088
- C:\Windows\System\zvSrHZQ.exe
  C:\Windows\System\zvSrHZQ.exe
  2⤵
  PID:6108
- C:\Windows\System\dNbFtZq.exe
  C:\Windows\System\dNbFtZq.exe
  2⤵
  PID:6112
- C:\Windows\System\AqEmmTL.exe
  C:\Windows\System\AqEmmTL.exe
  2⤵
  PID:6120
- C:\Windows\System\mqVhUdA.exe
  C:\Windows\System\mqVhUdA.exe
  2⤵
  PID:5216
- C:\Windows\System\eYRjEjL.exe
  C:\Windows\System\eYRjEjL.exe
  2⤵
  PID:1716
- C:\Windows\System\eZTdWQG.exe
  C:\Windows\System\eZTdWQG.exe
  2⤵
  PID:3000
- C:\Windows\System\QqxnlQR.exe
  C:\Windows\System\QqxnlQR.exe
  2⤵
  PID:5344
- C:\Windows\System\mltQAcK.exe
  C:\Windows\System\mltQAcK.exe
  2⤵
  PID:1976
- C:\Windows\System\TlYrMxL.exe
  C:\Windows\System\TlYrMxL.exe
  2⤵
  PID:5408
- C:\Windows\System\KohDlYj.exe
  C:\Windows\System\KohDlYj.exe
  2⤵
  PID:5232
- C:\Windows\System\fqKyalL.exe
  C:\Windows\System\fqKyalL.exe
  2⤵
  PID:1072
- C:\Windows\System\QojTsvp.exe
  C:\Windows\System\QojTsvp.exe
  2⤵
  PID:5200
- C:\Windows\System\XtxCfrR.exe
  C:\Windows\System\XtxCfrR.exe
  2⤵
  PID:5248
- C:\Windows\System\IDKTvRY.exe
  C:\Windows\System\IDKTvRY.exe
  2⤵
  PID:4868
- C:\Windows\System\nEiNpIR.exe
  C:\Windows\System\nEiNpIR.exe
  2⤵
  PID:5424
- C:\Windows\System\PFGlQhl.exe
  C:\Windows\System\PFGlQhl.exe
  2⤵
  PID:5456
- C:\Windows\System\TTNCASi.exe
  C:\Windows\System\TTNCASi.exe
  2⤵
  PID:4196
- C:\Windows\System\HQqjgve.exe
  C:\Windows\System\HQqjgve.exe
  2⤵
  PID:5196
- C:\Windows\System\NPeTust.exe
  C:\Windows\System\NPeTust.exe
  2⤵
  PID:5296
- C:\Windows\System\RHtqJlg.exe
  C:\Windows\System\RHtqJlg.exe
  2⤵
  PID:5328
- C:\Windows\System\eZUKQds.exe
  C:\Windows\System\eZUKQds.exe
  2⤵
  PID:5732
- C:\Windows\System\CsiZVDD.exe
  C:\Windows\System\CsiZVDD.exe
  2⤵
  PID:5796
- C:\Windows\System\XKlUkUD.exe
  C:\Windows\System\XKlUkUD.exe
  2⤵
  PID:5872
- C:\Windows\System\gHGsGEg.exe
  C:\Windows\System\gHGsGEg.exe
  2⤵
  PID:5360
- C:\Windows\System\cjWFiIq.exe
  C:\Windows\System\cjWFiIq.exe
  2⤵
  PID:5672
- C:\Windows\System\bouQmaP.exe
  C:\Windows\System\bouQmaP.exe
  2⤵
  PID:5772
- C:\Windows\System\WxiZnrG.exe
  C:\Windows\System\WxiZnrG.exe
  2⤵
  PID:5624
- C:\Windows\System\cAJUZsf.exe
  C:\Windows\System\cAJUZsf.exe
  2⤵
  PID:5744
- C:\Windows\System\OeigaFT.exe
  C:\Windows\System\OeigaFT.exe
  2⤵
  PID:5832
- C:\Windows\System\WsCQxLH.exe
  C:\Windows\System\WsCQxLH.exe
  2⤵
  PID:5912
- C:\Windows\System\ECjyGGH.exe
  C:\Windows\System\ECjyGGH.exe
  2⤵
  PID:5924
- C:\Windows\System\mofkUxQ.exe
  C:\Windows\System\mofkUxQ.exe
  2⤵
  PID:5928
- C:\Windows\System\LgTTuNk.exe
  C:\Windows\System\LgTTuNk.exe
  2⤵
  PID:5932
- C:\Windows\System\QazBsGV.exe
  C:\Windows\System\QazBsGV.exe
  2⤵
  PID:6020
- C:\Windows\System\IqQmRGR.exe
  C:\Windows\System\IqQmRGR.exe
  2⤵
  PID:6084
- C:\Windows\System\bfywrmW.exe
  C:\Windows\System\bfywrmW.exe
  2⤵
  PID:5964
- C:\Windows\System\HiZnBUF.exe
  C:\Windows\System\HiZnBUF.exe
  2⤵
  PID:6052
- C:\Windows\System\VIMkHKV.exe
  C:\Windows\System\VIMkHKV.exe
  2⤵
  PID:3912
- C:\Windows\System\LtsyhZk.exe
  C:\Windows\System\LtsyhZk.exe
  2⤵
  PID:1980
- C:\Windows\System\zfOEVtm.exe
  C:\Windows\System\zfOEVtm.exe
  2⤵
  PID:5284
- C:\Windows\System\sXBRIKc.exe
  C:\Windows\System\sXBRIKc.exe
  2⤵
  PID:768
- C:\Windows\System\TwypWWg.exe
  C:\Windows\System\TwypWWg.exe
  2⤵
  PID:5316
- C:\Windows\System\fMVWsnW.exe
  C:\Windows\System\fMVWsnW.exe
  2⤵
  PID:4260
- C:\Windows\System\UeslcsN.exe
  C:\Windows\System\UeslcsN.exe
  2⤵
  PID:5604
- C:\Windows\System\TsTdrmj.exe
  C:\Windows\System\TsTdrmj.exe
  2⤵
  PID:5704
- C:\Windows\System\cNcyjpj.exe
  C:\Windows\System\cNcyjpj.exe
  2⤵
  PID:5576
- C:\Windows\System\nruvixM.exe
  C:\Windows\System\nruvixM.exe
  2⤵
  PID:5812
- C:\Windows\System\fUTOPPH.exe
  C:\Windows\System\fUTOPPH.exe
  2⤵
  PID:5540
- C:\Windows\System\KqvxqjS.exe
  C:\Windows\System\KqvxqjS.exe
  2⤵
  PID:5896
- C:\Windows\System\gRfAhTl.exe
  C:\Windows\System\gRfAhTl.exe
  2⤵
  PID:5940
- C:\Windows\System\QVLUBEp.exe
  C:\Windows\System\QVLUBEp.exe
  2⤵
  PID:6000
- C:\Windows\System\jnqNaIE.exe
  C:\Windows\System\jnqNaIE.exe
  2⤵
  PID:5164
- C:\Windows\System\TBXLibC.exe
  C:\Windows\System\TBXLibC.exe
  2⤵
  PID:5620
- C:\Windows\System\zOCKxLs.exe
  C:\Windows\System\zOCKxLs.exe
  2⤵
  PID:5740
- C:\Windows\System\sQBHuXN.exe
  C:\Windows\System\sQBHuXN.exe
  2⤵
  PID:5976
- C:\Windows\System\HffQOaW.exe
  C:\Windows\System\HffQOaW.exe
  2⤵
  PID:5884
- C:\Windows\System\OIOSzOF.exe
  C:\Windows\System\OIOSzOF.exe
  2⤵
  PID:1652
- C:\Windows\System\GHaWnvd.exe
  C:\Windows\System\GHaWnvd.exe
  2⤵
  PID:5668
- C:\Windows\System\rVLDamG.exe
  C:\Windows\System\rVLDamG.exe
  2⤵
  PID:2180
- C:\Windows\System\ynnQqxB.exe
  C:\Windows\System\ynnQqxB.exe
  2⤵
  PID:5132
- C:\Windows\System\QuqCrvi.exe
  C:\Windows\System\QuqCrvi.exe
  2⤵
  PID:5764
- C:\Windows\System\vbyvfGs.exe
  C:\Windows\System\vbyvfGs.exe
  2⤵
  PID:1128
- C:\Windows\System\ZnPKEfC.exe
  C:\Windows\System\ZnPKEfC.exe
  2⤵
  PID:5556
- C:\Windows\System\fwyZQNv.exe
  C:\Windows\System\fwyZQNv.exe
  2⤵
  PID:1852
- C:\Windows\System\kVJzDEB.exe
  C:\Windows\System\kVJzDEB.exe
  2⤵
  PID:5708
- C:\Windows\System\RmdtOvO.exe
  C:\Windows\System\RmdtOvO.exe
  2⤵
  PID:5844
- C:\Windows\System\CKWYOzL.exe
  C:\Windows\System\CKWYOzL.exe
  2⤵
  PID:5980
- C:\Windows\System\yGpLafV.exe
  C:\Windows\System\yGpLafV.exe
  2⤵
  PID:5904
- C:\Windows\System\exDueIA.exe
  C:\Windows\System\exDueIA.exe
  2⤵
  PID:5876
- C:\Windows\System\CIqyDIm.exe
  C:\Windows\System\CIqyDIm.exe
  2⤵
  PID:6160
- C:\Windows\System\XXFFHnM.exe
  C:\Windows\System\XXFFHnM.exe
  2⤵
  PID:6176
- C:\Windows\System\JJkbQNn.exe
  C:\Windows\System\JJkbQNn.exe
  2⤵
  PID:6192
- C:\Windows\System\PUXPPrH.exe
  C:\Windows\System\PUXPPrH.exe
  2⤵
  PID:6208
- C:\Windows\System\YSuCRZF.exe
  C:\Windows\System\YSuCRZF.exe
  2⤵
  PID:6224
- C:\Windows\System\glUoqXp.exe
  C:\Windows\System\glUoqXp.exe
  2⤵
  PID:6240
- C:\Windows\System\sPkwPfn.exe
  C:\Windows\System\sPkwPfn.exe
  2⤵
  PID:6256
- C:\Windows\System\ksPgaRY.exe
  C:\Windows\System\ksPgaRY.exe
  2⤵
  PID:6272
- C:\Windows\System\pYafCPH.exe
  C:\Windows\System\pYafCPH.exe
  2⤵
  PID:6288
- C:\Windows\System\AUKxlpB.exe
  C:\Windows\System\AUKxlpB.exe
  2⤵
  PID:6304
- C:\Windows\System\DLlhxOg.exe
  C:\Windows\System\DLlhxOg.exe
  2⤵
  PID:6320
- C:\Windows\System\jsArzCd.exe
  C:\Windows\System\jsArzCd.exe
  2⤵
  PID:6336
- C:\Windows\System\kjQLKJH.exe
  C:\Windows\System\kjQLKJH.exe
  2⤵
  PID:6352
- C:\Windows\System\niPGjoJ.exe
  C:\Windows\System\niPGjoJ.exe
  2⤵
  PID:6368
- C:\Windows\System\QKOPfZA.exe
  C:\Windows\System\QKOPfZA.exe
  2⤵
  PID:6384
- C:\Windows\System\ychxems.exe
  C:\Windows\System\ychxems.exe
  2⤵
  PID:6400
- C:\Windows\System\nOVUtpc.exe
  C:\Windows\System\nOVUtpc.exe
  2⤵
  PID:6416
- C:\Windows\System\cHuFTie.exe
  C:\Windows\System\cHuFTie.exe
  2⤵
  PID:6432
- C:\Windows\System\RAiFdMz.exe
  C:\Windows\System\RAiFdMz.exe
  2⤵
  PID:6448
- C:\Windows\System\IZuyQAs.exe
  C:\Windows\System\IZuyQAs.exe
  2⤵
  PID:6464
- C:\Windows\System\lWfSLad.exe
  C:\Windows\System\lWfSLad.exe
  2⤵
  PID:6480
- C:\Windows\System\LqaXYEz.exe
  C:\Windows\System\LqaXYEz.exe
  2⤵
  PID:6496
- C:\Windows\System\hPpnMvA.exe
  C:\Windows\System\hPpnMvA.exe
  2⤵
  PID:6512
- C:\Windows\System\AxYTqMG.exe
  C:\Windows\System\AxYTqMG.exe
  2⤵
  PID:6528
- C:\Windows\System\wwVqySb.exe
  C:\Windows\System\wwVqySb.exe
  2⤵
  PID:6544
- C:\Windows\System\GGSzWNL.exe
  C:\Windows\System\GGSzWNL.exe
  2⤵
  PID:6560
- C:\Windows\System\JXREZrP.exe
  C:\Windows\System\JXREZrP.exe
  2⤵
  PID:6576
- C:\Windows\System\iwqXljS.exe
  C:\Windows\System\iwqXljS.exe
  2⤵
  PID:6592
- C:\Windows\System\kxjWGhN.exe
  C:\Windows\System\kxjWGhN.exe
  2⤵
  PID:6608
- C:\Windows\System\ImYkBaC.exe
  C:\Windows\System\ImYkBaC.exe
  2⤵
  PID:6624
- C:\Windows\System\XUYTDtP.exe
  C:\Windows\System\XUYTDtP.exe
  2⤵
  PID:6640
- C:\Windows\System\MFiUVTR.exe
  C:\Windows\System\MFiUVTR.exe
  2⤵
  PID:6656
- C:\Windows\System\JERIWlp.exe
  C:\Windows\System\JERIWlp.exe
  2⤵
  PID:6672
- C:\Windows\System\aCLscBK.exe
  C:\Windows\System\aCLscBK.exe
  2⤵
  PID:6688
- C:\Windows\System\snGjBTd.exe
  C:\Windows\System\snGjBTd.exe
  2⤵
  PID:6704
- C:\Windows\System\kSylUxX.exe
  C:\Windows\System\kSylUxX.exe
  2⤵
  PID:6720
- C:\Windows\System\noHrtXg.exe
  C:\Windows\System\noHrtXg.exe
  2⤵
  PID:6736
- C:\Windows\System\Skaaibg.exe
  C:\Windows\System\Skaaibg.exe
  2⤵
  PID:6752
- C:\Windows\System\nESNZAk.exe
  C:\Windows\System\nESNZAk.exe
  2⤵
  PID:6768
- C:\Windows\System\vXiTypI.exe
  C:\Windows\System\vXiTypI.exe
  2⤵
  PID:6784
- C:\Windows\System\cGhbDDk.exe
  C:\Windows\System\cGhbDDk.exe
  2⤵
  PID:6800
- C:\Windows\System\SRnqNVu.exe
  C:\Windows\System\SRnqNVu.exe
  2⤵
  PID:6816
- C:\Windows\System\MatYqjz.exe
  C:\Windows\System\MatYqjz.exe
  2⤵
  PID:6832
- C:\Windows\System\DhXNjPy.exe
  C:\Windows\System\DhXNjPy.exe
  2⤵
  PID:6848
- C:\Windows\System\MBLpsWl.exe
  C:\Windows\System\MBLpsWl.exe
  2⤵
  PID:6864
- C:\Windows\System\dcafGFD.exe
  C:\Windows\System\dcafGFD.exe
  2⤵
  PID:6880
- C:\Windows\System\mqZOsQQ.exe
  C:\Windows\System\mqZOsQQ.exe
  2⤵
  PID:6896
- C:\Windows\System\oGSDbyO.exe
  C:\Windows\System\oGSDbyO.exe
  2⤵
  PID:6912
- C:\Windows\System\QyIoqQV.exe
  C:\Windows\System\QyIoqQV.exe
  2⤵
  PID:6928
- C:\Windows\System\kyZJxzz.exe
  C:\Windows\System\kyZJxzz.exe
  2⤵
  PID:6944
- C:\Windows\System\vvwOIqf.exe
  C:\Windows\System\vvwOIqf.exe
  2⤵
  PID:6960
- C:\Windows\System\pyyECcy.exe
  C:\Windows\System\pyyECcy.exe
  2⤵
  PID:6976
- C:\Windows\System\avXjOmV.exe
  C:\Windows\System\avXjOmV.exe
  2⤵
  PID:6992
- C:\Windows\System\pzXmxWf.exe
  C:\Windows\System\pzXmxWf.exe
  2⤵
  PID:7008
- C:\Windows\System\ApQnwMU.exe
  C:\Windows\System\ApQnwMU.exe
  2⤵
  PID:7024
- C:\Windows\System\JIFWXbn.exe
  C:\Windows\System\JIFWXbn.exe
  2⤵
  PID:7040
- C:\Windows\System\fCLRchx.exe
  C:\Windows\System\fCLRchx.exe
  2⤵
  PID:7056
- C:\Windows\System\ZEPLbOP.exe
  C:\Windows\System\ZEPLbOP.exe
  2⤵
  PID:7072
- C:\Windows\System\zsHAPZa.exe
  C:\Windows\System\zsHAPZa.exe
  2⤵
  PID:7088
- C:\Windows\System\ixweZyI.exe
  C:\Windows\System\ixweZyI.exe
  2⤵
  PID:7104
- C:\Windows\System\YZbkUQB.exe
  C:\Windows\System\YZbkUQB.exe
  2⤵
  PID:7120
- C:\Windows\System\sNKWyXT.exe
  C:\Windows\System\sNKWyXT.exe
  2⤵
  PID:7136
- C:\Windows\System\ibJwCUK.exe
  C:\Windows\System\ibJwCUK.exe
  2⤵
  PID:7152
- C:\Windows\System\dWHwUVt.exe
  C:\Windows\System\dWHwUVt.exe
  2⤵
  PID:5692
- C:\Windows\System\KSjAdRi.exe
  C:\Windows\System\KSjAdRi.exe
  2⤵
  PID:6152
- C:\Windows\System\LAvsCUV.exe
  C:\Windows\System\LAvsCUV.exe
  2⤵
  PID:5856
- C:\Windows\System\dsURITU.exe
  C:\Windows\System\dsURITU.exe
  2⤵
  PID:4844
- C:\Windows\System\fPegUMl.exe
  C:\Windows\System\fPegUMl.exe
  2⤵
  PID:6168
- C:\Windows\System\uYdcypD.exe
  C:\Windows\System\uYdcypD.exe
  2⤵
  PID:6424
- C:\Windows\System\jHAVrdz.exe
  C:\Windows\System\jHAVrdz.exe
  2⤵
  PID:6488
- C:\Windows\System\gjVInvf.exe
  C:\Windows\System\gjVInvf.exe
  2⤵
  PID:6632
- C:\Windows\System\zrYeZRr.exe
  C:\Windows\System\zrYeZRr.exe
  2⤵
  PID:6796
- C:\Windows\System\MkFsGpL.exe
  C:\Windows\System\MkFsGpL.exe
  2⤵
  PID:6892
- C:\Windows\System\hwvimwn.exe
  C:\Windows\System\hwvimwn.exe
  2⤵
  PID:6904
- C:\Windows\System\oLGGOAw.exe
  C:\Windows\System\oLGGOAw.exe
  2⤵
  PID:6984
- C:\Windows\System\GWMuDRy.exe
  C:\Windows\System\GWMuDRy.exe
  2⤵
  PID:6872
- C:\Windows\System\wbStSWn.exe
  C:\Windows\System\wbStSWn.exe
  2⤵
  PID:7020
- C:\Windows\System\inPhQGR.exe
  C:\Windows\System\inPhQGR.exe
  2⤵
  PID:7048
- C:\Windows\System\rTApSnj.exe
  C:\Windows\System\rTApSnj.exe
  2⤵
  PID:7096
- C:\Windows\System\LukbMkc.exe
  C:\Windows\System\LukbMkc.exe
  2⤵
  PID:7132
- C:\Windows\System\hofwIsx.exe
  C:\Windows\System\hofwIsx.exe
  2⤵
  PID:7112
- C:\Windows\System\IGTokfk.exe
  C:\Windows\System\IGTokfk.exe
  2⤵
  PID:7164
- C:\Windows\System\MwsCDRa.exe
  C:\Windows\System\MwsCDRa.exe
  2⤵
  PID:6188
- C:\Windows\System\ePUVIuF.exe
  C:\Windows\System\ePUVIuF.exe
  2⤵
  PID:5988
- C:\Windows\System\DZZiMZr.exe
  C:\Windows\System\DZZiMZr.exe
  2⤵
  PID:6264
- C:\Windows\System\RRGdkHh.exe
  C:\Windows\System\RRGdkHh.exe
  2⤵
  PID:6328
- C:\Windows\System\lwqtxVI.exe
  C:\Windows\System\lwqtxVI.exe
  2⤵
  PID:6376
- C:\Windows\System\nrseGNa.exe
  C:\Windows\System\nrseGNa.exe
  2⤵
  PID:2468
- C:\Windows\System\HCkQaRv.exe
  C:\Windows\System\HCkQaRv.exe
  2⤵
  PID:6312
- C:\Windows\System\PCaDjgd.exe
  C:\Windows\System\PCaDjgd.exe
  2⤵
  PID:6460
- C:\Windows\System\WVxByxq.exe
  C:\Windows\System\WVxByxq.exe
  2⤵
  PID:6520
- C:\Windows\System\aDJQqRf.exe
  C:\Windows\System\aDJQqRf.exe
  2⤵
  PID:6504
- C:\Windows\System\DULutsD.exe
  C:\Windows\System\DULutsD.exe
  2⤵
  PID:6536
- C:\Windows\System\GQpiIPp.exe
  C:\Windows\System\GQpiIPp.exe
  2⤵
  PID:6620
- C:\Windows\System\nladfne.exe
  C:\Windows\System\nladfne.exe
  2⤵
  PID:6712
- C:\Windows\System\nDyYtPX.exe
  C:\Windows\System\nDyYtPX.exe
  2⤵
  PID:6476
- C:\Windows\System\TsiPyUd.exe
  C:\Windows\System\TsiPyUd.exe
  2⤵
  PID:6568
- C:\Windows\System\dgvdkIC.exe
  C:\Windows\System\dgvdkIC.exe
  2⤵
  PID:6668
- C:\Windows\System\jtcdoFd.exe
  C:\Windows\System\jtcdoFd.exe
  2⤵
  PID:6696
- C:\Windows\System\EWHUmUx.exe
  C:\Windows\System\EWHUmUx.exe
  2⤵
  PID:6792
- C:\Windows\System\bOacdrD.exe
  C:\Windows\System\bOacdrD.exe
  2⤵
  PID:6780
- C:\Windows\System\GsiKooH.exe
  C:\Windows\System\GsiKooH.exe
  2⤵
  PID:6824
- C:\Windows\System\RCggobd.exe
  C:\Windows\System\RCggobd.exe
  2⤵
  PID:6952
- C:\Windows\System\BKQWcdm.exe
  C:\Windows\System\BKQWcdm.exe
  2⤵
  PID:6876
- C:\Windows\System\JlBguRD.exe
  C:\Windows\System\JlBguRD.exe
  2⤵
  PID:7080
- C:\Windows\System\looyBQO.exe
  C:\Windows\System\looyBQO.exe
  2⤵
  PID:7036
- C:\Windows\System\aUeXFIb.exe
  C:\Windows\System\aUeXFIb.exe
  2⤵
  PID:6296
- C:\Windows\System\IqEgGJF.exe
  C:\Windows\System\IqEgGJF.exe
  2⤵
  PID:6252
- C:\Windows\System\ImboUhw.exe
  C:\Windows\System\ImboUhw.exe
  2⤵
  PID:6616
- C:\Windows\System\PpoGGjG.exe
  C:\Windows\System\PpoGGjG.exe
  2⤵
  PID:7184
- C:\Windows\System\kDmeglW.exe
  C:\Windows\System\kDmeglW.exe
  2⤵
  PID:7200
- C:\Windows\System\fhtkSrn.exe
  C:\Windows\System\fhtkSrn.exe
  2⤵
  PID:7216
- C:\Windows\System\vxFpbZa.exe
  C:\Windows\System\vxFpbZa.exe
  2⤵
  PID:7232
- C:\Windows\System\UGRtbqA.exe
  C:\Windows\System\UGRtbqA.exe
  2⤵
  PID:7248
- C:\Windows\System\EjXLaAU.exe
  C:\Windows\System\EjXLaAU.exe
  2⤵
  PID:7264
- C:\Windows\System\MtxUTkz.exe
  C:\Windows\System\MtxUTkz.exe
  2⤵
  PID:7288
- C:\Windows\System\qBdreJP.exe
  C:\Windows\System\qBdreJP.exe
  2⤵
  PID:7308
- C:\Windows\System\AAOuHbp.exe
  C:\Windows\System\AAOuHbp.exe
  2⤵
  PID:7324
- C:\Windows\System\SYdYACN.exe
  C:\Windows\System\SYdYACN.exe
  2⤵
  PID:7340
- C:\Windows\System\rNrJOpN.exe
  C:\Windows\System\rNrJOpN.exe
  2⤵
  PID:7356
- C:\Windows\System\mUjTcZM.exe
  C:\Windows\System\mUjTcZM.exe
  2⤵
  PID:7372
- C:\Windows\System\jkHCXkC.exe
  C:\Windows\System\jkHCXkC.exe
  2⤵
  PID:7388
- C:\Windows\System\FAyGaqK.exe
  C:\Windows\System\FAyGaqK.exe
  2⤵
  PID:7404
- C:\Windows\System\fKnmpPn.exe
  C:\Windows\System\fKnmpPn.exe
  2⤵
  PID:7420
- C:\Windows\System\fxtdwBm.exe
  C:\Windows\System\fxtdwBm.exe
  2⤵
  PID:7444
- C:\Windows\System\FztkVNk.exe
  C:\Windows\System\FztkVNk.exe
  2⤵
  PID:7460
- C:\Windows\System\yJlnrMw.exe
  C:\Windows\System\yJlnrMw.exe
  2⤵
  PID:7484
- C:\Windows\System\JhejasL.exe
  C:\Windows\System\JhejasL.exe
  2⤵
  PID:7500
- C:\Windows\System\xTieFva.exe
  C:\Windows\System\xTieFva.exe
  2⤵
  PID:7516
- C:\Windows\System\CKNejJJ.exe
  C:\Windows\System\CKNejJJ.exe
  2⤵
  PID:7532
- C:\Windows\System\LGYTrFm.exe
  C:\Windows\System\LGYTrFm.exe
  2⤵
  PID:7548
- C:\Windows\System\bDyYGxG.exe
  C:\Windows\System\bDyYGxG.exe
  2⤵
  PID:7564
- C:\Windows\System\UUgsFtD.exe
  C:\Windows\System\UUgsFtD.exe
  2⤵
  PID:7580
- C:\Windows\System\ETIPLxW.exe
  C:\Windows\System\ETIPLxW.exe
  2⤵
  PID:7596
- C:\Windows\System\ghQxVBO.exe
  C:\Windows\System\ghQxVBO.exe
  2⤵
  PID:7612
- C:\Windows\System\PmftDpv.exe
  C:\Windows\System\PmftDpv.exe
  2⤵
  PID:7628
- C:\Windows\System\gzyCBkT.exe
  C:\Windows\System\gzyCBkT.exe
  2⤵
  PID:7644
- C:\Windows\System\CZRyZjR.exe
  C:\Windows\System\CZRyZjR.exe
  2⤵
  PID:7660
- C:\Windows\System\bKGzSnx.exe
  C:\Windows\System\bKGzSnx.exe
  2⤵
  PID:7676
- C:\Windows\System\dNNDxjS.exe
  C:\Windows\System\dNNDxjS.exe
  2⤵
  PID:7692
- C:\Windows\System\wEUtHyp.exe
  C:\Windows\System\wEUtHyp.exe
  2⤵
  PID:7708
- C:\Windows\System\LYGQUJW.exe
  C:\Windows\System\LYGQUJW.exe
  2⤵
  PID:7724
- C:\Windows\System\CojhbBU.exe
  C:\Windows\System\CojhbBU.exe
  2⤵
  PID:7744
- C:\Windows\System\ffRKCPp.exe
  C:\Windows\System\ffRKCPp.exe
  2⤵
  PID:7760
- C:\Windows\System\ltvIjEX.exe
  C:\Windows\System\ltvIjEX.exe
  2⤵
  PID:7776
- C:\Windows\System\IKZJmkg.exe
  C:\Windows\System\IKZJmkg.exe
  2⤵
  PID:7792
- C:\Windows\System\AHZoBLa.exe
  C:\Windows\System\AHZoBLa.exe
  2⤵
  PID:7808
- C:\Windows\System\JrSamUY.exe
  C:\Windows\System\JrSamUY.exe
  2⤵
  PID:7824
- C:\Windows\System\gZfpkvi.exe
  C:\Windows\System\gZfpkvi.exe
  2⤵
  PID:7840
- C:\Windows\System\mgvjYGD.exe
  C:\Windows\System\mgvjYGD.exe
  2⤵
  PID:7856
- C:\Windows\System\QBcJvOb.exe
  C:\Windows\System\QBcJvOb.exe
  2⤵
  PID:7876
- C:\Windows\System\MEielfe.exe
  C:\Windows\System\MEielfe.exe
  2⤵
  PID:7892
- C:\Windows\System\UMcGeqE.exe
  C:\Windows\System\UMcGeqE.exe
  2⤵
  PID:7912
- C:\Windows\System\voalDpa.exe
  C:\Windows\System\voalDpa.exe
  2⤵
  PID:7928
- C:\Windows\System\wavhaBm.exe
  C:\Windows\System\wavhaBm.exe
  2⤵
  PID:7948
- C:\Windows\System\cGxEUhz.exe
  C:\Windows\System\cGxEUhz.exe
  2⤵
  PID:7968
- C:\Windows\System\JRYUGOs.exe
  C:\Windows\System\JRYUGOs.exe
  2⤵
  PID:7984
- C:\Windows\System\NGawnlY.exe
  C:\Windows\System\NGawnlY.exe
  2⤵
  PID:8008
- C:\Windows\System\uoVBKhs.exe
  C:\Windows\System\uoVBKhs.exe
  2⤵
  PID:8024
- C:\Windows\System\wkQNBQZ.exe
  C:\Windows\System\wkQNBQZ.exe
  2⤵
  PID:8040
- C:\Windows\System\SOYHANi.exe
  C:\Windows\System\SOYHANi.exe
  2⤵
  PID:8056
- C:\Windows\System\gHPPVmJ.exe
  C:\Windows\System\gHPPVmJ.exe
  2⤵
  PID:8072
- C:\Windows\System\oTkQDEp.exe
  C:\Windows\System\oTkQDEp.exe
  2⤵
  PID:8088
- C:\Windows\System\DraZdSZ.exe
  C:\Windows\System\DraZdSZ.exe
  2⤵
  PID:8104
- C:\Windows\System\aQZfziA.exe
  C:\Windows\System\aQZfziA.exe
  2⤵
  PID:8120
- C:\Windows\System\rOlCuee.exe
  C:\Windows\System\rOlCuee.exe
  2⤵
  PID:8136
- C:\Windows\System\qOKQBRh.exe
  C:\Windows\System\qOKQBRh.exe
  2⤵
  PID:8152
- C:\Windows\System\QLowSWo.exe
  C:\Windows\System\QLowSWo.exe
  2⤵
  PID:8168
- C:\Windows\System\NUTlRZZ.exe
  C:\Windows\System\NUTlRZZ.exe
  2⤵
  PID:8184
- C:\Windows\System\QslVauY.exe
  C:\Windows\System\QslVauY.exe
  2⤵
  PID:6744
- C:\Windows\System\mldJDao.exe
  C:\Windows\System\mldJDao.exe
  2⤵
  PID:6392
- C:\Windows\System\VztojyO.exe
  C:\Windows\System\VztojyO.exe
  2⤵
  PID:7032
- C:\Windows\System\PrARXiC.exe
  C:\Windows\System\PrARXiC.exe
  2⤵
  PID:6344
- C:\Windows\System\nJkpmPh.exe
  C:\Windows\System\nJkpmPh.exe
  2⤵
  PID:6748
- C:\Windows\System\DxPkmMP.exe
  C:\Windows\System\DxPkmMP.exe
  2⤵
  PID:7064
- C:\Windows\System\nUqFmUs.exe
  C:\Windows\System\nUqFmUs.exe
  2⤵
  PID:6396
- C:\Windows\System\YXIPvUQ.exe
  C:\Windows\System\YXIPvUQ.exe
  2⤵
  PID:7180
- C:\Windows\System\MyJTysE.exe
  C:\Windows\System\MyJTysE.exe
  2⤵
  PID:6936
- C:\Windows\System\kJiZoLn.exe
  C:\Windows\System\kJiZoLn.exe
  2⤵
  PID:7244
- C:\Windows\System\aeWuGsS.exe
  C:\Windows\System\aeWuGsS.exe
  2⤵
  PID:6856
- C:\Windows\System\tMrktHM.exe
  C:\Windows\System\tMrktHM.exe
  2⤵
  PID:6556
- C:\Windows\System\ZITiclb.exe
  C:\Windows\System\ZITiclb.exe
  2⤵
  PID:6348
- C:\Windows\System\McKTFjx.exe
  C:\Windows\System\McKTFjx.exe
  2⤵
  PID:7196
- C:\Windows\System\nirMSrQ.exe
  C:\Windows\System\nirMSrQ.exe
  2⤵
  PID:6412
- C:\Windows\System\VqtSIqL.exe
  C:\Windows\System\VqtSIqL.exe
  2⤵
  PID:7304
- C:\Windows\System\WEYTKJY.exe
  C:\Windows\System\WEYTKJY.exe
  2⤵
  PID:7284
- C:\Windows\System\IbkBgQa.exe
  C:\Windows\System\IbkBgQa.exe
  2⤵
  PID:7364
- C:\Windows\System\XrPRKTk.exe
  C:\Windows\System\XrPRKTk.exe
  2⤵
  PID:7176
- C:\Windows\System\BuAIiQn.exe
  C:\Windows\System\BuAIiQn.exe
  2⤵
  PID:7400
- C:\Windows\System\zIHaUvB.exe
  C:\Windows\System\zIHaUvB.exe
  2⤵
  PID:7492
- C:\Windows\System\xoeoyne.exe
  C:\Windows\System\xoeoyne.exe
  2⤵
  PID:7428
- C:\Windows\System\SYUerjx.exe
  C:\Windows\System\SYUerjx.exe
  2⤵
  PID:7436
- C:\Windows\System\RfQgaag.exe
  C:\Windows\System\RfQgaag.exe
  2⤵
  PID:7560
- C:\Windows\System\UmDBCYH.exe
  C:\Windows\System\UmDBCYH.exe
  2⤵
  PID:7624
- C:\Windows\System\PEWOOZR.exe
  C:\Windows\System\PEWOOZR.exe
  2⤵
  PID:7656
- C:\Windows\System\yJnaikG.exe
  C:\Windows\System\yJnaikG.exe
  2⤵
  PID:7572
- C:\Windows\System\Vxbyuvm.exe
  C:\Windows\System\Vxbyuvm.exe
  2⤵
  PID:7636
- C:\Windows\System\rjhxaJy.exe
  C:\Windows\System\rjhxaJy.exe
  2⤵
  PID:7684
- C:\Windows\System\LHPttvA.exe
  C:\Windows\System\LHPttvA.exe
  2⤵
  PID:7756
- C:\Windows\System\BPIjNHc.exe
  C:\Windows\System\BPIjNHc.exe
  2⤵
  PID:7848
- C:\Windows\System\DVanzdt.exe
  C:\Windows\System\DVanzdt.exe
  2⤵
  PID:7888
- C:\Windows\System\LsGfNFg.exe
  C:\Windows\System\LsGfNFg.exe
  2⤵
  PID:7956
- C:\Windows\System\cBdfWri.exe
  C:\Windows\System\cBdfWri.exe
  2⤵
  PID:7996
- C:\Windows\System\cduuRAw.exe
  C:\Windows\System\cduuRAw.exe
  2⤵
  PID:7904
- C:\Windows\System\nnQQqFO.exe
  C:\Windows\System\nnQQqFO.exe
  2⤵
  PID:8068
- C:\Windows\System\GIsnsJv.exe
  C:\Windows\System\GIsnsJv.exe
  2⤵
  PID:7872
- C:\Windows\System\AuKoleV.exe
  C:\Windows\System\AuKoleV.exe
  2⤵
  PID:7936
- C:\Windows\System\wAqQjzH.exe
  C:\Windows\System\wAqQjzH.exe
  2⤵
  PID:7804
- C:\Windows\System\DRKQdtK.exe
  C:\Windows\System\DRKQdtK.exe
  2⤵
  PID:8048
- C:\Windows\System\YPIQOnD.exe
  C:\Windows\System\YPIQOnD.exe
  2⤵
  PID:8016
- C:\Windows\System\aZBxHrj.exe
  C:\Windows\System\aZBxHrj.exe
  2⤵
  PID:8128
- C:\Windows\System\rcBNGha.exe
  C:\Windows\System\rcBNGha.exe
  2⤵
  PID:8164
- C:\Windows\System\BWlRNkp.exe
  C:\Windows\System\BWlRNkp.exe
  2⤵
  PID:8144
- C:\Windows\System\EZEpwji.exe
  C:\Windows\System\EZEpwji.exe
  2⤵
  PID:6764
- C:\Windows\System\MIuEzbk.exe
  C:\Windows\System\MIuEzbk.exe
  2⤵
  PID:5960
- C:\Windows\System\iEgNQpX.exe
  C:\Windows\System\iEgNQpX.exe
  2⤵
  PID:6812
- C:\Windows\System\yZwlyfR.exe
  C:\Windows\System\yZwlyfR.exe
  2⤵
  PID:6332
- C:\Windows\System\jDTGYOa.exe
  C:\Windows\System\jDTGYOa.exe
  2⤵
  PID:7272
- C:\Windows\System\sTcyyBW.exe
  C:\Windows\System\sTcyyBW.exe
  2⤵
  PID:7296
- C:\Windows\System\bSKukxx.exe
  C:\Windows\System\bSKukxx.exe
  2⤵
  PID:6680
- C:\Windows\System\UqaIAXj.exe
  C:\Windows\System\UqaIAXj.exe
  2⤵
  PID:7320
- C:\Windows\System\aHxKiYb.exe
  C:\Windows\System\aHxKiYb.exe
  2⤵
  PID:7332
- C:\Windows\System\JLYEetV.exe
  C:\Windows\System\JLYEetV.exe
  2⤵
  PID:7652
- C:\Windows\System\DsZOUOU.exe
  C:\Windows\System\DsZOUOU.exe
  2⤵
  PID:7540
- C:\Windows\System\XQeHSSM.exe
  C:\Windows\System\XQeHSSM.exe
  2⤵
  PID:7788
- C:\Windows\System\nPQwBLm.exe
  C:\Windows\System\nPQwBLm.exe
  2⤵
  PID:7480
- C:\Windows\System\vMIOeZl.exe
  C:\Windows\System\vMIOeZl.exe
  2⤵
  PID:7720
- C:\Windows\System\mhVbOro.exe
  C:\Windows\System\mhVbOro.exe
  2⤵
  PID:7964
- C:\Windows\System\NkJQyQQ.exe
  C:\Windows\System\NkJQyQQ.exe
  2⤵
  PID:7704
- C:\Windows\System\DjWGANa.exe
  C:\Windows\System\DjWGANa.exe
  2⤵
  PID:7752
- C:\Windows\System\XbFTgKQ.exe
  C:\Windows\System\XbFTgKQ.exe
  2⤵
  PID:7976
- C:\Windows\System\RgLHEgL.exe
  C:\Windows\System\RgLHEgL.exe
  2⤵
  PID:8084
- C:\Windows\System\OKUDImR.exe
  C:\Windows\System\OKUDImR.exe
  2⤵
  PID:7144
- C:\Windows\System\WVURyEd.exe
  C:\Windows\System\WVURyEd.exe
  2⤵
  PID:7900
- C:\Windows\System\TinwVNe.exe
  C:\Windows\System\TinwVNe.exe
  2⤵
  PID:6988
- C:\Windows\System\VKiuBvW.exe
  C:\Windows\System\VKiuBvW.exe
  2⤵
  PID:6552
- C:\Windows\System\XmmFHDi.exe
  C:\Windows\System\XmmFHDi.exe
  2⤵
  PID:7256
- C:\Windows\System\ElehGnt.exe
  C:\Windows\System\ElehGnt.exe
  2⤵
  PID:7228
- C:\Windows\System\woMbRWS.exe
  C:\Windows\System\woMbRWS.exe
  2⤵
  PID:7472
- C:\Windows\System\BSBBZDO.exe
  C:\Windows\System\BSBBZDO.exe
  2⤵
  PID:7820
- C:\Windows\System\eFHmoAb.exe
  C:\Windows\System\eFHmoAb.exe
  2⤵
  PID:7668
- C:\Windows\System\nfywPRi.exe
  C:\Windows\System\nfywPRi.exe
  2⤵
  PID:7992
- C:\Windows\System\drTiujO.exe
  C:\Windows\System\drTiujO.exe
  2⤵
  PID:8004
- C:\Windows\System\wjjfeCD.exe
  C:\Windows\System\wjjfeCD.exe
  2⤵
  PID:7000
- C:\Windows\System\UYuAZMg.exe
  C:\Windows\System\UYuAZMg.exe
  2⤵
  PID:7316
- C:\Windows\System\knDmiBm.exe
  C:\Windows\System\knDmiBm.exe
  2⤵
  PID:7816
- C:\Windows\System\pqVgkfj.exe
  C:\Windows\System\pqVgkfj.exe
  2⤵
  PID:7800
- C:\Windows\System\QppccmD.exe
  C:\Windows\System\QppccmD.exe
  2⤵
  PID:6652
- C:\Windows\System\nPdAbJy.exe
  C:\Windows\System\nPdAbJy.exe
  2⤵
  PID:7260
- C:\Windows\System\wxhydJZ.exe
  C:\Windows\System\wxhydJZ.exe
  2⤵
  PID:7524
- C:\Windows\System\tZocicT.exe
  C:\Windows\System\tZocicT.exe
  2⤵
  PID:8160
- C:\Windows\System\bmUGwrH.exe
  C:\Windows\System\bmUGwrH.exe
  2⤵
  PID:8052
- C:\Windows\System\EdcdFHm.exe
  C:\Windows\System\EdcdFHm.exe
  2⤵
  PID:7980
- C:\Windows\System\vJDYGnX.exe
  C:\Windows\System\vJDYGnX.exe
  2⤵
  PID:7528
- C:\Windows\System\cIsbTpa.exe
  C:\Windows\System\cIsbTpa.exe
  2⤵
  PID:7240
- C:\Windows\System\KewNUEk.exe
  C:\Windows\System\KewNUEk.exe
  2⤵
  PID:8096
- C:\Windows\System\DqJyyye.exe
  C:\Windows\System\DqJyyye.exe
  2⤵
  PID:7352
- C:\Windows\System\jHDXqLw.exe
  C:\Windows\System\jHDXqLw.exe
  2⤵
  PID:6716
- C:\Windows\System\kxqRMfc.exe
  C:\Windows\System\kxqRMfc.exe
  2⤵
  PID:8200
- C:\Windows\System\RsAyYKs.exe
  C:\Windows\System\RsAyYKs.exe
  2⤵
  PID:8216
- C:\Windows\System\uPzyghH.exe
  C:\Windows\System\uPzyghH.exe
  2⤵
  PID:8232
- C:\Windows\System\jKSXurG.exe
  C:\Windows\System\jKSXurG.exe
  2⤵
  PID:8248
- C:\Windows\System\KfObeYA.exe
  C:\Windows\System\KfObeYA.exe
  2⤵
  PID:8264
- C:\Windows\System\JTJeXxm.exe
  C:\Windows\System\JTJeXxm.exe
  2⤵
  PID:8280
- C:\Windows\System\arcMaWC.exe
  C:\Windows\System\arcMaWC.exe
  2⤵
  PID:8296
- C:\Windows\System\OXhzEyD.exe
  C:\Windows\System\OXhzEyD.exe
  2⤵
  PID:8312
- C:\Windows\System\inWcSBQ.exe
  C:\Windows\System\inWcSBQ.exe
  2⤵
  PID:8328
- C:\Windows\System\uGYIucu.exe
  C:\Windows\System\uGYIucu.exe
  2⤵
  PID:8344
- C:\Windows\System\mSkhPEW.exe
  C:\Windows\System\mSkhPEW.exe
  2⤵
  PID:8360
- C:\Windows\System\KToKDyp.exe
  C:\Windows\System\KToKDyp.exe
  2⤵
  PID:8376
- C:\Windows\System\RCyJyev.exe
  C:\Windows\System\RCyJyev.exe
  2⤵
  PID:8392
- C:\Windows\System\jDcfgMh.exe
  C:\Windows\System\jDcfgMh.exe
  2⤵
  PID:8408
- C:\Windows\System\qQbwvst.exe
  C:\Windows\System\qQbwvst.exe
  2⤵
  PID:8424
- C:\Windows\System\ThPiIGB.exe
  C:\Windows\System\ThPiIGB.exe
  2⤵
  PID:8440
- C:\Windows\System\SvjzVbM.exe
  C:\Windows\System\SvjzVbM.exe
  2⤵
  PID:8460
- C:\Windows\System\BCUbbGr.exe
  C:\Windows\System\BCUbbGr.exe
  2⤵
  PID:8476
- C:\Windows\System\mIFQgpy.exe
  C:\Windows\System\mIFQgpy.exe
  2⤵
  PID:8492
- C:\Windows\System\nurXHpB.exe
  C:\Windows\System\nurXHpB.exe
  2⤵
  PID:8508
- C:\Windows\System\WsUsVmo.exe
  C:\Windows\System\WsUsVmo.exe
  2⤵
  PID:8524
- C:\Windows\System\XnMlCxJ.exe
  C:\Windows\System\XnMlCxJ.exe
  2⤵
  PID:8540
- C:\Windows\System\CWCrJyr.exe
  C:\Windows\System\CWCrJyr.exe
  2⤵
  PID:8556
- C:\Windows\System\zTNgSiQ.exe
  C:\Windows\System\zTNgSiQ.exe
  2⤵
  PID:8572
- C:\Windows\System\GaEzaTT.exe
  C:\Windows\System\GaEzaTT.exe
  2⤵
  PID:8588
- C:\Windows\System\xADWqIm.exe
  C:\Windows\System\xADWqIm.exe
  2⤵
  PID:8604
- C:\Windows\System\ZVsykbV.exe
  C:\Windows\System\ZVsykbV.exe
  2⤵
  PID:8624
- C:\Windows\System\lffgYZc.exe
  C:\Windows\System\lffgYZc.exe
  2⤵
  PID:8640
- C:\Windows\System\sohEvlt.exe
  C:\Windows\System\sohEvlt.exe
  2⤵
  PID:8656
- C:\Windows\System\noNKHyn.exe
  C:\Windows\System\noNKHyn.exe
  2⤵
  PID:8672
- C:\Windows\System\ddWwsJm.exe
  C:\Windows\System\ddWwsJm.exe
  2⤵
  PID:8688
- C:\Windows\System\FZybeIf.exe
  C:\Windows\System\FZybeIf.exe
  2⤵
  PID:8704
- C:\Windows\System\rlqdgzb.exe
  C:\Windows\System\rlqdgzb.exe
  2⤵
  PID:8720
- C:\Windows\System\BFAYoXy.exe
  C:\Windows\System\BFAYoXy.exe
  2⤵
  PID:8736
- C:\Windows\System\QoWjzRv.exe
  C:\Windows\System\QoWjzRv.exe
  2⤵
  PID:8752
- C:\Windows\System\gAGidmr.exe
  C:\Windows\System\gAGidmr.exe
  2⤵
  PID:8768
- C:\Windows\System\cOZkwLO.exe
  C:\Windows\System\cOZkwLO.exe
  2⤵
  PID:8784
- C:\Windows\System\UAZBJPz.exe
  C:\Windows\System\UAZBJPz.exe
  2⤵
  PID:8800
- C:\Windows\System\kTYsSkV.exe
  C:\Windows\System\kTYsSkV.exe
  2⤵
  PID:8816
- C:\Windows\System\YjHYbgx.exe
  C:\Windows\System\YjHYbgx.exe
  2⤵
  PID:8832
- C:\Windows\System\KdXLydc.exe
  C:\Windows\System\KdXLydc.exe
  2⤵
  PID:8848
- C:\Windows\System\htVLtSE.exe
  C:\Windows\System\htVLtSE.exe
  2⤵
  PID:8864
- C:\Windows\System\RekDYHJ.exe
  C:\Windows\System\RekDYHJ.exe
  2⤵
  PID:8880
- C:\Windows\System\XEoYlVd.exe
  C:\Windows\System\XEoYlVd.exe
  2⤵
  PID:8896
- C:\Windows\System\WcPROUE.exe
  C:\Windows\System\WcPROUE.exe
  2⤵
  PID:8912
- C:\Windows\System\BvLejCx.exe
  C:\Windows\System\BvLejCx.exe
  2⤵
  PID:8928
- C:\Windows\System\SdHsXlO.exe
  C:\Windows\System\SdHsXlO.exe
  2⤵
  PID:8944
- C:\Windows\System\CiEqRJH.exe
  C:\Windows\System\CiEqRJH.exe
  2⤵
  PID:8960
- C:\Windows\System\fwywLkZ.exe
  C:\Windows\System\fwywLkZ.exe
  2⤵
  PID:8976
- C:\Windows\System\yyUlwAL.exe
  C:\Windows\System\yyUlwAL.exe
  2⤵
  PID:8992
- C:\Windows\System\mNmZyAP.exe
  C:\Windows\System\mNmZyAP.exe
  2⤵
  PID:9008
- C:\Windows\System\dKxqTpC.exe
  C:\Windows\System\dKxqTpC.exe
  2⤵
  PID:9024
- C:\Windows\System\RcgbwyV.exe
  C:\Windows\System\RcgbwyV.exe
  2⤵
  PID:9040
- C:\Windows\System\TwPYnXL.exe
  C:\Windows\System\TwPYnXL.exe
  2⤵
  PID:9056
- C:\Windows\System\JaBGWYn.exe
  C:\Windows\System\JaBGWYn.exe
  2⤵
  PID:9072
- C:\Windows\System\OAnTrAB.exe
  C:\Windows\System\OAnTrAB.exe
  2⤵
  PID:9088
- C:\Windows\System\MmcjLEE.exe
  C:\Windows\System\MmcjLEE.exe
  2⤵
  PID:9104
- C:\Windows\System\niaVptl.exe
  C:\Windows\System\niaVptl.exe
  2⤵
  PID:9120
- C:\Windows\System\toVMmkb.exe
  C:\Windows\System\toVMmkb.exe
  2⤵
  PID:9136
- C:\Windows\System\kwrrQsN.exe
  C:\Windows\System\kwrrQsN.exe
  2⤵
  PID:9152
- C:\Windows\System\mCOxeqV.exe
  C:\Windows\System\mCOxeqV.exe
  2⤵
  PID:9168
- C:\Windows\System\eWTowCc.exe
  C:\Windows\System\eWTowCc.exe
  2⤵
  PID:9184
- C:\Windows\System\eQoQyTc.exe
  C:\Windows\System\eQoQyTc.exe
  2⤵
  PID:9200
- C:\Windows\System\hhCPERL.exe
  C:\Windows\System\hhCPERL.exe
  2⤵
  PID:8208
- C:\Windows\System\jYFbONr.exe
  C:\Windows\System\jYFbONr.exe
  2⤵
  PID:8224
- C:\Windows\System\DIGoLAF.exe
  C:\Windows\System\DIGoLAF.exe
  2⤵
  PID:8272
- C:\Windows\System\GngoIuo.exe
  C:\Windows\System\GngoIuo.exe
  2⤵
  PID:8256
- C:\Windows\System\dIBKpKb.exe
  C:\Windows\System\dIBKpKb.exe
  2⤵
  PID:8352
- C:\Windows\System\tcHPdIH.exe
  C:\Windows\System\tcHPdIH.exe
  2⤵
  PID:8388
- C:\Windows\System\aTflQNY.exe
  C:\Windows\System\aTflQNY.exe
  2⤵
  PID:8452
- C:\Windows\System\onZCohB.exe
  C:\Windows\System\onZCohB.exe
  2⤵
  PID:8308
- C:\Windows\System\SEQVrCQ.exe
  C:\Windows\System\SEQVrCQ.exe
  2⤵
  PID:8372
- C:\Windows\System\uoKJxAT.exe
  C:\Windows\System\uoKJxAT.exe
  2⤵
  PID:8436
- C:\Windows\System\roLHAHy.exe
  C:\Windows\System\roLHAHy.exe
  2⤵
  PID:8532
- C:\Windows\System\pvoTaFM.exe
  C:\Windows\System\pvoTaFM.exe
  2⤵
  PID:8596
- C:\Windows\System\DCmGegQ.exe
  C:\Windows\System\DCmGegQ.exe
  2⤵
  PID:8504
- C:\Windows\System\vCaEfBp.exe
  C:\Windows\System\vCaEfBp.exe
  2⤵
  PID:8520
- C:\Windows\System\rmKSUec.exe
  C:\Windows\System\rmKSUec.exe
  2⤵
  PID:8636
- C:\Windows\System\fSfAlPI.exe
  C:\Windows\System\fSfAlPI.exe
  2⤵
  PID:8664
- C:\Windows\System\dAXtvYp.exe
  C:\Windows\System\dAXtvYp.exe
  2⤵
  PID:8696
- C:\Windows\System\znchWNK.exe
  C:\Windows\System\znchWNK.exe
  2⤵
  PID:8732
- C:\Windows\System\nNsCCVH.exe
  C:\Windows\System\nNsCCVH.exe
  2⤵
  PID:8796
- C:\Windows\System\SgtUIse.exe
  C:\Windows\System\SgtUIse.exe
  2⤵
  PID:8860
- C:\Windows\System\wiNZuFJ.exe
  C:\Windows\System\wiNZuFJ.exe
  2⤵
  PID:8744
- C:\Windows\System\hhQeEFW.exe
  C:\Windows\System\hhQeEFW.exe
  2⤵
  PID:8712
- C:\Windows\System\YNChJTT.exe
  C:\Windows\System\YNChJTT.exe
  2⤵
  PID:8956
- C:\Windows\System\oZiecad.exe
  C:\Windows\System\oZiecad.exe
  2⤵
  PID:8808
- C:\Windows\System\HIvwuxg.exe
  C:\Windows\System\HIvwuxg.exe
  2⤵
  PID:8840
- C:\Windows\System\xdPUBmV.exe
  C:\Windows\System\xdPUBmV.exe
  2⤵
  PID:8876
- C:\Windows\System\KmZoZap.exe
  C:\Windows\System\KmZoZap.exe
  2⤵
  PID:9000
- C:\Windows\System\zpXyuqi.exe
  C:\Windows\System\zpXyuqi.exe
  2⤵
  PID:9036
- C:\Windows\System\tanfiGs.exe
  C:\Windows\System\tanfiGs.exe
  2⤵
  PID:9084
- C:\Windows\System\qyVCKEz.exe
  C:\Windows\System\qyVCKEz.exe
  2⤵
  PID:9068
- C:\Windows\System\IeLUZGT.exe
  C:\Windows\System\IeLUZGT.exe
  2⤵
  PID:9096
- C:\Windows\System\CBJkOlZ.exe
  C:\Windows\System\CBJkOlZ.exe
  2⤵
  PID:9180
- C:\Windows\System\CvEoBrJ.exe
  C:\Windows\System\CvEoBrJ.exe
  2⤵
  PID:9212
- C:\Windows\System\xYycqdN.exe
  C:\Windows\System\xYycqdN.exe
  2⤵
  PID:8320
- C:\Windows\System\sdkoIGO.exe
  C:\Windows\System\sdkoIGO.exe
  2⤵
  PID:9164
- C:\Windows\System\COPEuCJ.exe
  C:\Windows\System\COPEuCJ.exe
  2⤵
  PID:8420
- C:\Windows\System\SQICBrI.exe
  C:\Windows\System\SQICBrI.exe
  2⤵
  PID:8500
- C:\Windows\System\MFWPFii.exe
  C:\Windows\System\MFWPFii.exe
  2⤵
  PID:8612
- C:\Windows\System\IbloTQr.exe
  C:\Windows\System\IbloTQr.exe
  2⤵
  PID:8304
- C:\Windows\System\gnOycMK.exe
  C:\Windows\System\gnOycMK.exe
  2⤵
  PID:8564
- C:\Windows\System\RKilJQo.exe
  C:\Windows\System\RKilJQo.exe
  2⤵
  PID:8680
- C:\Windows\System\nfKGvqz.exe
  C:\Windows\System\nfKGvqz.exe
  2⤵
  PID:8892
- C:\Windows\System\dqwpXJd.exe
  C:\Windows\System\dqwpXJd.exe
  2⤵
  PID:8552
- C:\Windows\System\YsreHSK.exe
  C:\Windows\System\YsreHSK.exe
  2⤵
  PID:8584
- C:\Windows\System\PFYIYgW.exe
  C:\Windows\System\PFYIYgW.exe
  2⤵
  PID:8856
- C:\Windows\System\PNFVRIV.exe
  C:\Windows\System\PNFVRIV.exe
  2⤵
  PID:8780
- C:\Windows\System\izwraTM.exe
  C:\Windows\System\izwraTM.exe
  2⤵
  PID:8872
- C:\Windows\System\MNjuPPz.exe
  C:\Windows\System\MNjuPPz.exe
  2⤵
  PID:9148
- C:\Windows\System\lKKiBJK.exe
  C:\Windows\System\lKKiBJK.exe
  2⤵
  PID:9128
- C:\Windows\System\fcEOQCZ.exe
  C:\Windows\System\fcEOQCZ.exe
  2⤵
  PID:9132
- C:\Windows\System\vhDCIty.exe
  C:\Windows\System\vhDCIty.exe
  2⤵
  PID:8340
- C:\Windows\System\ZXqRBzA.exe
  C:\Windows\System\ZXqRBzA.exe
  2⤵
  PID:8648
- C:\Windows\System\PnGXvLq.exe
  C:\Windows\System\PnGXvLq.exe
  2⤵
  PID:8516
- C:\Windows\System\iUgpCwE.exe
  C:\Windows\System\iUgpCwE.exe
  2⤵
  PID:8844
- C:\Windows\System\PyascpY.exe
  C:\Windows\System\PyascpY.exe
  2⤵
  PID:1616
- C:\Windows\System\alzFtBn.exe
  C:\Windows\System\alzFtBn.exe
  2⤵
  PID:9080
- C:\Windows\System\fXqLmzf.exe
  C:\Windows\System\fXqLmzf.exe
  2⤵
  PID:8432
- C:\Windows\System\kaRyESC.exe
  C:\Windows\System\kaRyESC.exe
  2⤵
  PID:9116
- C:\Windows\System\HTIKjnG.exe
  C:\Windows\System\HTIKjnG.exe
  2⤵
  PID:8952
- C:\Windows\System\PEudZtj.exe
  C:\Windows\System\PEudZtj.exe
  2⤵
  PID:8228
- C:\Windows\System\bbUtiaR.exe
  C:\Windows\System\bbUtiaR.exe
  2⤵
  PID:8828
- C:\Windows\System\MoVUOaO.exe
  C:\Windows\System\MoVUOaO.exe
  2⤵
  PID:8728
- C:\Windows\System\ZbojAZw.exe
  C:\Windows\System\ZbojAZw.exe
  2⤵
  PID:9016
- C:\Windows\System\XqDzVij.exe
  C:\Windows\System\XqDzVij.exe
  2⤵
  PID:7396
- C:\Windows\System\mgLpPeV.exe
  C:\Windows\System\mgLpPeV.exe
  2⤵
  PID:8792
- C:\Windows\System\oDPCEwM.exe
  C:\Windows\System\oDPCEwM.exe
  2⤵
  PID:9228
- C:\Windows\System\OFIoMNM.exe
  C:\Windows\System\OFIoMNM.exe
  2⤵
  PID:9244
- C:\Windows\System\ebRMZqi.exe
  C:\Windows\System\ebRMZqi.exe
  2⤵
  PID:9260
- C:\Windows\System\sOHMXqR.exe
  C:\Windows\System\sOHMXqR.exe
  2⤵
  PID:9276
- C:\Windows\System\XabZlvA.exe
  C:\Windows\System\XabZlvA.exe
  2⤵
  PID:9292
- C:\Windows\System\lCRUxeO.exe
  C:\Windows\System\lCRUxeO.exe
  2⤵
  PID:9308
- C:\Windows\System\jPdHplk.exe
  C:\Windows\System\jPdHplk.exe
  2⤵
  PID:9324
- C:\Windows\System\tmMxtNU.exe
  C:\Windows\System\tmMxtNU.exe
  2⤵
  PID:9340
- C:\Windows\System\jsQfkjG.exe
  C:\Windows\System\jsQfkjG.exe
  2⤵
  PID:9356
- C:\Windows\System\xUONxhQ.exe
  C:\Windows\System\xUONxhQ.exe
  2⤵
  PID:9372
- C:\Windows\System\TJBgRCY.exe
  C:\Windows\System\TJBgRCY.exe
  2⤵
  PID:9388
- C:\Windows\System\bjkddkL.exe
  C:\Windows\System\bjkddkL.exe
  2⤵
  PID:9404
- C:\Windows\System\LMABzvJ.exe
  C:\Windows\System\LMABzvJ.exe
  2⤵
  PID:9420
- C:\Windows\System\lYSCYFD.exe
  C:\Windows\System\lYSCYFD.exe
  2⤵
  PID:9436
- C:\Windows\System\FbaJmYp.exe
  C:\Windows\System\FbaJmYp.exe
  2⤵
  PID:9452
- C:\Windows\System\IIgOAYI.exe
  C:\Windows\System\IIgOAYI.exe
  2⤵
  PID:9468
- C:\Windows\System\yzDXyDk.exe
  C:\Windows\System\yzDXyDk.exe
  2⤵
  PID:9484
- C:\Windows\System\gWxQeEl.exe
  C:\Windows\System\gWxQeEl.exe
  2⤵
  PID:9500
- C:\Windows\System\KlxbOnw.exe
  C:\Windows\System\KlxbOnw.exe
  2⤵
  PID:9516
- C:\Windows\System\DVJPsFi.exe
  C:\Windows\System\DVJPsFi.exe
  2⤵
  PID:9532
- C:\Windows\System\fnoPdfL.exe
  C:\Windows\System\fnoPdfL.exe
  2⤵
  PID:9548
- C:\Windows\System\APXJitq.exe
  C:\Windows\System\APXJitq.exe
  2⤵
  PID:9564
- C:\Windows\System\rbugeTl.exe
  C:\Windows\System\rbugeTl.exe
  2⤵
  PID:9580
- C:\Windows\System\GmOHQHs.exe
  C:\Windows\System\GmOHQHs.exe
  2⤵
  PID:9596
- C:\Windows\System\ufIuQKv.exe
  C:\Windows\System\ufIuQKv.exe
  2⤵
  PID:9612
- C:\Windows\System\kWXUajw.exe
  C:\Windows\System\kWXUajw.exe
  2⤵
  PID:9628
- C:\Windows\System\kGiVNVq.exe
  C:\Windows\System\kGiVNVq.exe
  2⤵
  PID:9644
- C:\Windows\System\PoiGoJq.exe
  C:\Windows\System\PoiGoJq.exe
  2⤵
  PID:9660
- C:\Windows\System\MRTvLuz.exe
  C:\Windows\System\MRTvLuz.exe
  2⤵
  PID:9676
- C:\Windows\System\oQslfQs.exe
  C:\Windows\System\oQslfQs.exe
  2⤵
  PID:9696
- C:\Windows\System\nwykzSQ.exe
  C:\Windows\System\nwykzSQ.exe
  2⤵
  PID:9712
- C:\Windows\System\srPHJif.exe
  C:\Windows\System\srPHJif.exe
  2⤵
  PID:9728
- C:\Windows\System\EWRzEZU.exe
  C:\Windows\System\EWRzEZU.exe
  2⤵
  PID:9748
- C:\Windows\System\iLZxSMk.exe
  C:\Windows\System\iLZxSMk.exe
  2⤵
  PID:9764
- C:\Windows\System\AJQQSlt.exe
  C:\Windows\System\AJQQSlt.exe
  2⤵
  PID:9780
- C:\Windows\System\LCxDiKC.exe
  C:\Windows\System\LCxDiKC.exe
  2⤵
  PID:9796
- C:\Windows\System\YJjgJRp.exe
  C:\Windows\System\YJjgJRp.exe
  2⤵
  PID:9812
- C:\Windows\System\aWorflM.exe
  C:\Windows\System\aWorflM.exe
  2⤵
  PID:9844
- C:\Windows\System\KCvTFsT.exe
  C:\Windows\System\KCvTFsT.exe
  2⤵
  PID:9860
- C:\Windows\System\STWYCfB.exe
  C:\Windows\System\STWYCfB.exe
  2⤵
  PID:9876
- C:\Windows\System\VtwuAAn.exe
  C:\Windows\System\VtwuAAn.exe
  2⤵
  PID:9892
- C:\Windows\System\QwbyqrN.exe
  C:\Windows\System\QwbyqrN.exe
  2⤵
  PID:9908
- C:\Windows\System\GyrYAgq.exe
  C:\Windows\System\GyrYAgq.exe
  2⤵
  PID:9924
- C:\Windows\System\uKeDekA.exe
  C:\Windows\System\uKeDekA.exe
  2⤵
  PID:9940
- C:\Windows\System\UDJHxck.exe
  C:\Windows\System\UDJHxck.exe
  2⤵
  PID:9956
- C:\Windows\System\onUxblD.exe
  C:\Windows\System\onUxblD.exe
  2⤵
  PID:9972
- C:\Windows\System\XgtVqCH.exe
  C:\Windows\System\XgtVqCH.exe
  2⤵
  PID:9992
- C:\Windows\System\HjJhzvd.exe
  C:\Windows\System\HjJhzvd.exe
  2⤵
  PID:10012
- C:\Windows\System\xsdkYdu.exe
  C:\Windows\System\xsdkYdu.exe
  2⤵
  PID:10032
- C:\Windows\System\wGCdxxn.exe
  C:\Windows\System\wGCdxxn.exe
  2⤵
  PID:10048
- C:\Windows\System\qCjvuZv.exe
  C:\Windows\System\qCjvuZv.exe
  2⤵
  PID:10068
- C:\Windows\System\mMazICX.exe
  C:\Windows\System\mMazICX.exe
  2⤵
  PID:10084
- C:\Windows\System\ZYYsiZX.exe
  C:\Windows\System\ZYYsiZX.exe
  2⤵
  PID:10100
- C:\Windows\System\pLBkaXh.exe
  C:\Windows\System\pLBkaXh.exe
  2⤵
  PID:10116
- C:\Windows\System\cDLofih.exe
  C:\Windows\System\cDLofih.exe
  2⤵
  PID:10140
- C:\Windows\System\QcFdGxL.exe
  C:\Windows\System\QcFdGxL.exe
  2⤵
  PID:10160
- C:\Windows\System\tKyGhoh.exe
  C:\Windows\System\tKyGhoh.exe
  2⤵
  PID:10176
- C:\Windows\System\OGbOSXq.exe
  C:\Windows\System\OGbOSXq.exe
  2⤵
  PID:10192
- C:\Windows\System\YOnxFRu.exe
  C:\Windows\System\YOnxFRu.exe
  2⤵
  PID:10208
- C:\Windows\System\AVsUwas.exe
  C:\Windows\System\AVsUwas.exe
  2⤵
  PID:10224
- C:\Windows\System\qoNaDCe.exe
  C:\Windows\System\qoNaDCe.exe
  2⤵
  PID:9236
- C:\Windows\System\BCkqEBR.exe
  C:\Windows\System\BCkqEBR.exe
  2⤵
  PID:9220
- C:\Windows\System\yDLlQZz.exe
  C:\Windows\System\yDLlQZz.exe
  2⤵
  PID:9284
- C:\Windows\System\TIYxJfa.exe
  C:\Windows\System\TIYxJfa.exe
  2⤵
  PID:9316
- C:\Windows\System\qdoBpRF.exe
  C:\Windows\System\qdoBpRF.exe
  2⤵
  PID:9352
- C:\Windows\System\TrTKKUu.exe
  C:\Windows\System\TrTKKUu.exe
  2⤵
  PID:9496
- C:\Windows\System\WcnvQRs.exe
  C:\Windows\System\WcnvQRs.exe
  2⤵
  PID:9416
- C:\Windows\System\FOLKpjD.exe
  C:\Windows\System\FOLKpjD.exe
  2⤵
  PID:9560
- C:\Windows\System\JVpJjtw.exe
  C:\Windows\System\JVpJjtw.exe
  2⤵
  PID:9620
- C:\Windows\System\mTJTtcl.exe
  C:\Windows\System\mTJTtcl.exe
  2⤵
  PID:9512
- C:\Windows\System\jVHtqmI.exe
  C:\Windows\System\jVHtqmI.exe
  2⤵
  PID:9540
- C:\Windows\System\sBYnIou.exe
  C:\Windows\System\sBYnIou.exe
  2⤵
  PID:9604
- C:\Windows\System\GbRkbYa.exe
  C:\Windows\System\GbRkbYa.exe
  2⤵
  PID:9656
- C:\Windows\System\WUedDjd.exe
  C:\Windows\System\WUedDjd.exe
  2⤵
  PID:9720
- C:\Windows\System\hwbzPls.exe
  C:\Windows\System\hwbzPls.exe
  2⤵
  PID:9760
- C:\Windows\System\goUlfEb.exe
  C:\Windows\System\goUlfEb.exe
  2⤵
  PID:9708
- C:\Windows\System\oPtgcEb.exe
  C:\Windows\System\oPtgcEb.exe
  2⤵
  PID:8368
- C:\Windows\System\cNRdEyI.exe
  C:\Windows\System\cNRdEyI.exe
  2⤵
  PID:9776
- C:\Windows\System\FrHBzWO.exe
  C:\Windows\System\FrHBzWO.exe
  2⤵
  PID:9872
- C:\Windows\System\mVpGvsR.exe
  C:\Windows\System\mVpGvsR.exe
  2⤵
  PID:9772
- C:\Windows\System\bqqtWPj.exe
  C:\Windows\System\bqqtWPj.exe
  2⤵
  PID:9888
- C:\Windows\System\YbeAwZZ.exe
  C:\Windows\System\YbeAwZZ.exe
  2⤵
  PID:9968
- C:\Windows\System\WqasJhF.exe
  C:\Windows\System\WqasJhF.exe
  2⤵
  PID:10040
- C:\Windows\System\EbYOCyT.exe
  C:\Windows\System\EbYOCyT.exe
  2⤵
  PID:9920
- C:\Windows\System\ZfMtUEf.exe
  C:\Windows\System\ZfMtUEf.exe
  2⤵
  PID:9984
- C:\Windows\System\RXbZokF.exe
  C:\Windows\System\RXbZokF.exe
  2⤵
  PID:10060
- C:\Windows\System\UhArQpw.exe
  C:\Windows\System\UhArQpw.exe
  2⤵
  PID:10128
- C:\Windows\System\JVuEMcG.exe
  C:\Windows\System\JVuEMcG.exe
  2⤵
  PID:10188
- C:\Windows\System\pnMrCfq.exe
  C:\Windows\System\pnMrCfq.exe
  2⤵
  PID:9268
- C:\Windows\System\ZjmqojM.exe
  C:\Windows\System\ZjmqojM.exe
  2⤵
  PID:9304
- C:\Windows\System\RAyBaCY.exe
  C:\Windows\System\RAyBaCY.exe
  2⤵
  PID:9252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CvbNIff.exe

Filesize
5.7MB

MD5
0b79aea323add1a77f27edeeeb0c86e8

SHA1
6b7891478518655e58afe5282888a4c05164a607

SHA256
1cee19666d53354066cf3f034af66c079f3c087141df9462484b55294d7218df

SHA512
6e413bc2c1125957f7372f6ec8e4a00b9c795e1237d7387e2774247210261a14d159f42006bc4485ae632285032767a55777cacfe9116a4229487b26230b8efb

Download Submit
C:\Windows\system\GFmOKXc.exe

Filesize
5.7MB

MD5
000156afd00ca616ad666639b3a4aa69

SHA1
03cc6fe059dec414b6575d3760c97efd759323c8

SHA256
6314669a5639264fe168e0fdb1947233afc1a858cac577de5c2cf754f0bc0fe9

SHA512
486ca8df4befe83a18f05c47231006324cf5183e340216777ab18d24e8e36c5cb34e37d801628607b3e4ba435d1538c47a75aefae530de1249c744a44b30bc51

Download Submit
C:\Windows\system\ITQMAhA.exe

Filesize
5.7MB

MD5
5250bd385dfdb66ebc4523aa1434b570

SHA1
69e0aee002736b797f4cd8d34b235195b082b82a

SHA256
6c99cdf6aba647cf07492f16339f6af3b902c772bffe8ba7acabdf10552175a2

SHA512
7c0ac7355be30793077f3807dbadc38b8aa4e69aa923160f03b574d7c5ce534dbc24fcb5a81c7d353841294b6cd817327d300de9a74b0564619c60b58ed68f06

Download Submit
C:\Windows\system\LfRipBK.exe

Filesize
5.7MB

MD5
e9def4d4ca1b7c9c1c4ddcf8e3ec1269

SHA1
087d7b1497e3199d043871030d5a629e41b82c61

SHA256
a6ac1731a8f5665d9d0ac92384bb6b40015c8d4d517645d38c270f1aace62068

SHA512
d4df4553dfb8c4c0308363aa4ee19c8929ec2d014f4eadb28f50d2da1bffb40b210d83109a442be9f4cabfb687d1846062b8bc98380b9f17d3719d31cd22cf28

Download Submit
C:\Windows\system\MqqVVwN.exe

Filesize
5.7MB

MD5
07db9692daf278145dd437a46aeb9bf9

SHA1
0dbd03e2796fa426c0297a4b463c26fe725fd975

SHA256
fb0f98fba8b4a735d35d369f49d9b55dca4dceba5b23ef327416706bb284498c

SHA512
ec3b4aee8551d002467d5cf72f4d607e333f6f4bf667c9e88a12cc6901763206020fefb036915b9555e8ac40951b8cce63346c1cd50487fc62dbecb71e5e7119

Download Submit
C:\Windows\system\NLEHPrQ.exe

Filesize
5.7MB

MD5
2c572320829e2a4400062c32aa0005c4

SHA1
4bb52ff4adfe5a6ac650c3e6cb6115ef29b5bf13

SHA256
6b9fd8022836a1f7fdd12463f8c81257edf39897adf86734bb26fdd81f685d14

SHA512
ac16f5ef5969fe25baf152a0366a145afcb5fab7774234a9ff3e9c1528b548a2d2dcbe188a6f5ee25644ece730f4a9eb9984f916eb72083b0d95d6563624c3b0

Download Submit
C:\Windows\system\OgUtVZm.exe

Filesize
5.7MB

MD5
d0ccfe25f6bb3fe9ced6d69f422ff7aa

SHA1
013bf9c800e56aa1e08a976b86d43e22150bb73e

SHA256
eb3086a717621649849736425f770efabc9ed04c3aa130dfd72fd636f2a51515

SHA512
0ff4a22519943876595edb995ffa8361781f6a38b87bd195e635767aeec9428587b4e39289a0b770675fc6017e7aceda73be38cabe63326be6eb9fd239981e2f

Download Submit
C:\Windows\system\PiRjudd.exe

Filesize
5.7MB

MD5
56ac0fc12e7eadacb6609fa17e2c615e

SHA1
327e9b42e66dd392d7bbfbc40d2d52dc7c875e1c

SHA256
e3d057996f85c530cf5f6804169606d808ab6a4a133dc1e5374365236e7e9232

SHA512
7f4ea2f91fca9638c7606e06d21412655ac6668ecebdaaf8dca6cccc197852ccbb7f75aa53e6fdf8ca1e89189c780e7dcc12fc7729b8209836b250c6041b96b7

Download Submit
C:\Windows\system\QONrVEG.exe

Filesize
5.7MB

MD5
b2f0f3ecbe351f8c41769a9eabb1972b

SHA1
fc2369cf7069cb98cacd86e21e03b4086de4d13d

SHA256
874fe520291112a0bc016e9fe88fb6bdc5b0c700c48ca96aec25ebd1a0356731

SHA512
5b2fa0151c8f8f6f108abeef2df42b6eea3220db78e3fccbdb202204e3426f61a37c3132786acc60b76e4606bdd34a066589bfcaa0412122096c2e12ea16d5dc

Download Submit
C:\Windows\system\RmtJsaz.exe

Filesize
5.7MB

MD5
67edeb82e6951bf3301d9ff31a75d8c8

SHA1
77beeac3db2682255d1c5e9e37e7e5b10770f6c2

SHA256
a07c9085d13d87c57b7724c09fff8a5455454856e4e51d9135c88276f3332e22

SHA512
415998c06dcf51164015ec90c452beb5869105b434564db49f2bdc27c07ee12b1309a372a240da89055ef688c8829cc9ace5f1be1daab2ba569fc8e5df0caa21

Download Submit
C:\Windows\system\VGChoTj.exe

Filesize
5.7MB

MD5
96167f9510a907c6182f10e9e3380283

SHA1
2f499daca4485a6fe98259539c601018f0821a64

SHA256
bb383c604b634113a93510ad7c4102892a6c1bf4f1cb72392b2f0cc4b01c85ec

SHA512
9c3a9d561014080c889a5378b1639375e93bdd6d0cc1b5e5dff9cb1ec5857f3a3a594df2a908930d2ccaad020f560b0c208419167c59be2f7088bc38c8affe45

Download Submit
C:\Windows\system\VhTqBrs.exe

Filesize
5.7MB

MD5
95ebac9be28ea7f25937b550db117b5c

SHA1
13b005c1375d921ba8a35ab94332240874418cd0

SHA256
17be38c991ffcebd9f9fbb2038f1451e0e0279a94adb568a7109854cff7483cf

SHA512
1550b161865c44e46e720e90ea364e396dc48626b66aef80b20c0b8ca4419b66af0f17cb40488bf8f31ddc1e80ce6b791fef4b2714d378b4725a9c7376b9dd24

Download Submit
C:\Windows\system\WEhAGkI.exe

Filesize
5.7MB

MD5
43d911f275ec628ce8573a31766b4537

SHA1
abccb68ddae563e3567e71bddd0011362d771f0e

SHA256
652cbeecf021dc7e46574ee24b557c9fae54cc0d134265fe5b79481c61868260

SHA512
b3e9283d5794857ff90733e650e05d85de029ffd47bfa3c61e1c67ed541d272c141cebde90ffa6c4d0b3dc66cd3e1e0622c162799f32f47d89c33f1a48312402

Download Submit
C:\Windows\system\WIGthyJ.exe

Filesize
5.7MB

MD5
e551ec60ba1ff46854b1cc44bfe96d60

SHA1
78223cfdbe49ed6fe60d457b9a07dfd64c0e6977

SHA256
b86eff338e2aa1ba54bf00f3ae93618167113920eb489c9c27c1d86369ef3db8

SHA512
c4df950ff7be4032b73e58b3eeff3f6fb74adadb43cffb54dbc033f9c495030a94af0784af829ac477f1fd506b0833456eadf30f6399b3e92c6958f43422d39c

Download Submit
C:\Windows\system\WuVzRox.exe

Filesize
5.7MB

MD5
b7d08151183c69c223d4c1e21b0df74d

SHA1
93f2762e7a6154c38fd61129da5d618955ddc7ec

SHA256
ac88addc814adc1ccaa297f8d376bcbafd4dc63985fda5de7098ad3e226ae42d

SHA512
99c2ad61a768c653fee4cd6a67f9fdecaf6e2ab7cbb37d1627fccb9c27357e3ca71d38f286a2c696c7f0dcdef8aa87496c327553e34d2a34b30be549c2f79a44

Download Submit
C:\Windows\system\aqmgCbQ.exe

Filesize
5.7MB

MD5
970336dee8816c48f312ad132d6b6bcc

SHA1
54440616f68bbc50f28d6ee2044e3bf298f8dea0

SHA256
444e8ef377c7c6a9a23f9f85437a9c6f3f3cebe71c2a9925ea641bde442ab3d8

SHA512
84477d49f5dca203c3481c86a61c3a44dad047cfd08bc6cc3f6674cbfcbdfe9b9feabbfcf19bcc2618ef868d5127bac15e5c412f3bab01f93935af4c9dc502eb

Download Submit
C:\Windows\system\dRUnmmb.exe

Filesize
5.7MB

MD5
1e86a7e0a3d919de09a9e3b54b8ab463

SHA1
6c7acbb4f1fce1af2e9f488d2f9657271cad2bcd

SHA256
e0c8e869b26ec58b1a377d859c23419f91f9296dd2c0f5b36f991fee5c489113

SHA512
297c58748f06c56fb49babcc5a630a1c9f8ef8f8a40924cd0c04f2a7a50bad088807d4e6041dab2cd8a9b4fc3637491449c97acc9bb0c0b6008956829a25c643

Download Submit
C:\Windows\system\eAlKSBE.exe

Filesize
5.7MB

MD5
0aaef7805003325b56c0ef63d700aeec

SHA1
73d2e358170d58953aacd43e78db97d196a76150

SHA256
b5de66a1b38f204a3e816edb9a0b5b592a3c9765bc5cd41b2c8eed171682e18b

SHA512
ed72c280f54f527bda20b1869a0e1ca293be2084ab255975b013e4211aec9d59e9cd2464a1e12486d54125330c01249a1bceff75dfe4f3ca3f030785fd435943

Download Submit
C:\Windows\system\hQrhlfY.exe

Filesize
5.7MB

MD5
6f919b5de578ef98dfb8414ed2c76984

SHA1
9f761ac2a066a5f89997eafa3001773f39a8e5ad

SHA256
039cba640032db074345e47f3b29870a1fd177c07c6dc2d70d83bb5b36712f79

SHA512
17997d1e61a7418fcc953d858407e371a9d2c42e17ad12a4f1b16956a893e98813e972a575c4c8d90e3f3030bc4fdac9145f1d4461c098c4a10803841321ff27

Download Submit
C:\Windows\system\mSefsQG.exe

Filesize
5.7MB

MD5
9fc5344f7c15931a0907bb0939466086

SHA1
58be80c8336a39c59376060e6b022a22f1650949

SHA256
e8be5a264f9688e3516b97a1a0dfb615ec8b6aa410e11bc5e6f1b3346efa9ec8

SHA512
ef3f004fada8169f28e73f6fc13a88951881a90305e5ab049572ae8571c378a5597ccf44612e68cacab22202f786e4f8a5c176220359dc3a02e404e67f29317f

Download Submit
C:\Windows\system\qYoApGR.exe

Filesize
5.7MB

MD5
f7ad1b9596ebc49b8079c5570b2d3e0c

SHA1
e02fd81366ffc065d5583b1b4dcdda475fe5afcc

SHA256
e15c4297db25e7ec9ffbe24958239897609e465edc3af5ff78067ec281750032

SHA512
9ce8bc7ed57f5a36281e46d0dcf140603f8cf6de191069f34a952809425d43cab545245ae11ad52bb376a8aaa9d348cb2664b99ce0d0bba86db4ccf94dbbd5ed

Download Submit
C:\Windows\system\sFzDfEd.exe

Filesize
5.7MB

MD5
34f60d6f9ec8a9a61ddf750d578ca90a

SHA1
4a72c42c4708b6fbc032c29fb0f9a75fd8d9a843

SHA256
63733027b73ee190dad397860d75ff4d83583b0d21160c596c13178db9d468f1

SHA512
ce3708b5334703860347da8939f09d34158ad93d59b86e9e1aed61b5372d66cd09ad61391431c4a0354465250f8a9981b0d2ddff8489151156b1a05490e2aa96

Download Submit
\Windows\system\AYvVxXV.exe

Filesize
5.7MB

MD5
b6270e9121897f7564c19bc866e1898a

SHA1
afcc4bd003b4d4b85e7c3d5ed436467d3cf03a3a

SHA256
0d4eb3c8b05de133543881c7ffacf9e1a7e686567b3884331107571110483681

SHA512
2537362783ed56941fff301c6395a4e03e74314ab2edc177558fd32f8b075f215a3f5976cc76aedbe84365383f1567caa44a3277f56793d6a764bc67c0223c08

Download Submit
\Windows\system\JGUZjXt.exe

Filesize
5.7MB

MD5
5be157ea4b8d2449a232d6046951e87a

SHA1
e69cbe0f32f61e66010b3491eecd2538e2218afc

SHA256
4315d331d9209eaef1ba5f71a9dc8a506ec3740d7b854ade9c08533fd0247028

SHA512
f4a394e4ad7aa6a2b194dd5c3f1c63f8143317b1af5760d916ba366b613179598d95c23e41d9860b3b7ec0f63bd86383c16f5a397effb756fb41b0ccc6ba3ccc

Download Submit
\Windows\system\JJHtKqr.exe

Filesize
5.7MB

MD5
3371622991801098f9a330a1ead1cede

SHA1
fda45850c85c3e86636277dc01a543eb622cd074

SHA256
88050f6ce7181c7121e6185885e0eaad03d41f1443e32edea97990bdfc7081e4

SHA512
95e284fd7708a18ef591c0b55d78975a5a3223beb9a706216967bdb20a540e62cd4cda07aaa557a4de8d33699040138250bcbc4e8a4bfe86d9ca9426fcc66e37

Download Submit
\Windows\system\NhwKpZJ.exe

Filesize
5.7MB

MD5
91374cea6d08a8f8bc2ee3af3d0cbaaf

SHA1
d1dd6014237d043f93d4fd0529db8b785fa97b6c

SHA256
fcfd10479c79192197d06efdb487100c90d156f024f8af0448383bea8a5fe049

SHA512
0d31306b57206e32b8f16b05ce77634f68ba041b8332c75fb955a547fb631fd11b8f1724c76c449e60b8fe48d16bc402635d00b56f0def1c4d5803112147753d

Download Submit
\Windows\system\QSznLZC.exe

Filesize
5.7MB

MD5
16381815d74d3f1305b7134a6c4946c5

SHA1
bf713ce499fc98f622fbb0deb7dea603e08f1399

SHA256
b8b5786a86d2b847be3e1701523b6ce27f7948ee6a5f02cfefadaebacb373d44

SHA512
d589f1acb9726a3a7b72b4f193fa184806efc5e711ac17bf8c4af1302ea5ee68c5c6a1025324e2d62a6cbdbbcd130dbefa55e0159e57dc7d0bf2ef151dd322dc

Download Submit
\Windows\system\QkbdvbS.exe

Filesize
5.7MB

MD5
08e63e71c8dacc5d4801adc193552078

SHA1
8cc520bfc34f818577da7f97e4fb08cd29b028e1

SHA256
a1937996ca07a36f0591892b241e829adae63983cb669f4ed7b8914ab58be355

SHA512
b8c4763d2776d0bad681af300bcd56980f7c369ea5b98b20c76d6270540c7f2af34426f43b8ad17b47242c0db0a0d47f25fd519aad4c0591a99447033287cee3

Download Submit
\Windows\system\TQhunXW.exe

Filesize
5.7MB

MD5
b58efdaced07c810ea4d47ff71ddeeef

SHA1
1ba91111fa392f4ab8e227c0d74aa21527f3e911

SHA256
3435d5acb92a695fc93b9c23ba92114a4b7568b17955b86cd0c97852536d8a40

SHA512
2fee933cc0195b03693158e1c057959cc056d08ad93b4aaf3f01281db6d277b0df73f7995d3aea0665f26a7f0194e35f69f60e1aaafa14a55eb515766314883f

Download Submit
\Windows\system\aDHiolV.exe

Filesize
5.7MB

MD5
a3569d3c1ec7b5a1b25b7c04eec58ae2

SHA1
4bfccc1306e59f12ee4a3ec9da8d08137fd0b5a8

SHA256
ebd25af0cc89db77aa5b298a1ad8fc5d15a4378e032bf948aeb3952abec70e6f

SHA512
2bbb3e488e7e1f8ee93f0046d19f494524f1c9f5a46ce25406d10c9f0d400b3c84c0f392993e2fb3673631f1e28ffb864fbd7c067080e8cadd3efd2c51b1eb47

Download Submit
\Windows\system\apgcwaV.exe

Filesize
5.7MB

MD5
607fc5eb64ca6c1c048467fab1d42ad5

SHA1
8a39373e28268591b94d9a61e020e931931aed16

SHA256
aa9ffa5ccfbb946424baf96668f92a79569b3318b34cc27bba4c1bab0a964d1b

SHA512
ee236e38be5e5fde377424d53fd12434e80bcb4a386c2362484ec42ba5e7f7dc875ed68ca1cd11abb9ebf259623856260ff60edf71f9c2e547438bbdafd6d3c0

Download Submit
\Windows\system\jvpDLRd.exe

Filesize
5.7MB

MD5
d78268959a8a9bd3f7d0a8689cf8bb9e

SHA1
c616de66ef1cbdaffe01dc9dd36e36d4a9484026

SHA256
b0177c68a24098def48348d8eceb4f6ea26cbf77bcee489a2dc3166113fb8ec6

SHA512
8e1da462e2ef9ecea4e169f7a52f8e0740c7765afc73f90abbc044cf197f53a1c06c9684293f7ffab1a2d37f59f830a5ac2e1a918c345d456140fc52c668f11d

Download Submit
\Windows\system\nXEeuEa.exe

Filesize
5.7MB

MD5
8554b0ac5ec1f49b6617d59c419a84f0

SHA1
ccf3424c208231fd0bfc87fc43fadff0c3cc0d8a

SHA256
da20ec9a11c553697b0a9fe384e0c2e089d4391a7dd9fe23ddb40370ea312ebd

SHA512
8d5f9c89a690c1c1a86db3cc518973e90089b11aba3c414b28535c7b9344e7d4e5961c91ec4924eaada5f92b63e54af370584a8e3063db56231779f6ddecf469

Download Submit
\Windows\system\pMswuVs.exe

Filesize
5.7MB

MD5
15a0cc68a7b30e4251d5ea9b02aeb39d

SHA1
12c3e9fe4bc24b1c7c5d12813c11d80dac33e16f

SHA256
824f4e088286b451f3e4e2eaeb3cbf99b473a29abeeefa2586a72dea7aaacdaa

SHA512
a908a7354d6c893e2f4a0a3ecbd93f5d98911262f51ce1233003c266231a33bec3e5093df29e6a70dc5dad08b890f9fc4ba0a857387847113f5ba316a96b119e

Download Submit
\Windows\system\qLWShpT.exe

Filesize
5.7MB

MD5
6119ef2513a0bc5c1413bd0a76611eae

SHA1
87f97c36b3ec5e0e7722852143b51895f706e99b

SHA256
7c4c2ba9bd5f656494acde751bbf99cf5c29fa07a83ce793188cb350e853c62b

SHA512
17708141a34368a4c3d62434d0049ea16f9bb0c68a874a027089d0bf99ac475b81cdb1a98e310249ad8ec30efe0aaa65e4d7eb00664b11d05a6dea53fd3c14ca

Download Submit
\Windows\system\xrqYvWF.exe

Filesize
5.7MB

MD5
7f500518d06463911ac78d34b3f8af73

SHA1
a95fb752cbd9d11000ac93b4f761f2e23045ff23

SHA256
e2cde1b6d2c4b556b36d5814560544bd5075a075e40549d5e2d0f9752076d854

SHA512
49c14c08edd7a82e603ac6ed004d687302bb69709cbb0da2b7a3c12995978c4d3829f0e1ad78d12c3dafa6402a79318554117436fdbc7b689cb5ca0e297dd8ab

Download Submit
memory/532-112-0x000000013FCE0000-0x000000014002D000-memory.dmp

Filesize
3.3MB

Download
memory/656-215-0x000000013FEF0000-0x000000014023D000-memory.dmp

Filesize
3.3MB

Download
memory/664-86-0x000000013FC60000-0x000000013FFAD000-memory.dmp

Filesize
3.3MB

Download
memory/1472-160-0x000000013F3B0000-0x000000013F6FD000-memory.dmp

Filesize
3.3MB

Download
memory/1708-7-0x000000013F130000-0x000000013F47D000-memory.dmp

Filesize
3.3MB

Download
memory/1720-209-0x000000013F990000-0x000000013FCDD000-memory.dmp

Filesize
3.3MB

Download
memory/1740-181-0x000000013F6B0000-0x000000013F9FD000-memory.dmp

Filesize
3.3MB

Download
memory/1752-136-0x000000013F960000-0x000000013FCAD000-memory.dmp

Filesize
3.3MB

Download
memory/1764-221-0x000000013FC80000-0x000000013FFCD000-memory.dmp

Filesize
3.3MB

Download
memory/1812-199-0x000000013F6A0000-0x000000013F9ED000-memory.dmp

Filesize
3.3MB

Download
memory/1868-18-0x000000013F1B0000-0x000000013F4FD000-memory.dmp

Filesize
3.3MB

Download
memory/2032-189-0x000000013F520000-0x000000013F86D000-memory.dmp

Filesize
3.3MB

Download
memory/2056-237-0x000000013F730000-0x000000013FA7D000-memory.dmp

Filesize
3.3MB

Download
memory/2060-77-0x000000013F800000-0x000000013FB4D000-memory.dmp

Filesize
3.3MB

Download
memory/2124-126-0x000000013F560000-0x000000013F8AD000-memory.dmp

Filesize
3.3MB

Download
memory/2160-155-0x000000013F5F0000-0x000000013F93D000-memory.dmp

Filesize
3.3MB

Download
memory/2272-166-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/2328-13-0x000000013F670000-0x000000013F9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2336-38-0x000000013F840000-0x000000013FB8D000-memory.dmp

Filesize
3.3MB

Download
memory/2480-94-0x000000013F050000-0x000000013F39D000-memory.dmp

Filesize
3.3MB

Download
memory/2608-67-0x000000013F400000-0x000000013F74D000-memory.dmp

Filesize
3.3MB

Download
memory/2620-55-0x000000013F200000-0x000000013F54D000-memory.dmp

Filesize
3.3MB

Download
memory/2640-61-0x000000013F7C0000-0x000000013FB0D000-memory.dmp

Filesize
3.3MB

Download
memory/2716-91-0x000000013F580000-0x000000013F8CD000-memory.dmp

Filesize
3.3MB

Download
memory/2748-43-0x000000013FA90000-0x000000013FDDD000-memory.dmp

Filesize
3.3MB

Download
memory/2772-147-0x000000013F430000-0x000000013F77D000-memory.dmp

Filesize
3.3MB

Download
memory/2784-176-0x000000013F2F0000-0x000000013F63D000-memory.dmp

Filesize
3.3MB

Download
memory/2836-34-0x000000013FF80000-0x00000001402CD000-memory.dmp

Filesize
3.3MB

Download
memory/2840-41-0x000000013F890000-0x000000013FBDD000-memory.dmp

Filesize
3.3MB

Download
memory/2856-100-0x000000013F770000-0x000000013FABD000-memory.dmp

Filesize
3.3MB

Download
memory/2888-49-0x000000013F0D0000-0x000000013F41D000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3068-0-0x000000013F100000-0x000000013F44D000-memory.dmp

Filesize
3.3MB

Download