cobaltstrike | 4880f2152f7ee4968908d3d2742b340053455c8bca275e3681937923ef872eed

Analysis

max time kernel
147s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

aac198c254f74d2fb5154e73cad790f2
SHA1

a3b9262bd223be174835e16ccc9f3b8991e1e732
SHA256

4880f2152f7ee4968908d3d2742b340053455c8bca275e3681937923ef872eed
SHA512

1d4c2d198bd19af006ca7fd2d16aace61acb1b459b3bf7462700ec4c3477eb59d28cfb95c3912139c3ae78d748903a610356b93decf3ab3d0a3b52dc3913fbb3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-60.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1116-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016c23-12.dat	xmrig
behavioral1/files/0x0007000000016cab-13.dat	xmrig
behavioral1/memory/2964-23-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ccc-24.dat	xmrig
behavioral1/memory/1516-22-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2448-21-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd8-31.dat	xmrig
behavioral1/memory/2888-30-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1192-40-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce9-53.dat	xmrig
behavioral1/files/0x00050000000194eb-67.dat	xmrig
behavioral1/files/0x000500000001950f-87.dat	xmrig
behavioral1/memory/2912-93-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-96.dat	xmrig
behavioral1/files/0x00050000000195ad-123.dat	xmrig
behavioral1/files/0x00050000000195b3-139.dat	xmrig
behavioral1/files/0x00050000000195bd-160.dat	xmrig
behavioral1/files/0x00050000000195c6-177.dat	xmrig
behavioral1/files/0x000500000001960c-191.dat	xmrig
behavioral1/memory/772-2115-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2576-2128-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1136-2157-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2964-2264-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1312-2149-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1648-2144-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2636-2103-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2788-2090-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1192-2057-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/3020-2061-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2448-1767-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1516-1763-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1116-220-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-182.dat	xmrig
behavioral1/files/0x00050000000195c5-175.dat	xmrig
behavioral1/files/0x00050000000195c3-170.dat	xmrig
behavioral1/files/0x00050000000195c1-166.dat	xmrig
behavioral1/files/0x00050000000195bb-155.dat	xmrig
behavioral1/files/0x00050000000195b7-150.dat	xmrig
behavioral1/files/0x00050000000195af-138.dat	xmrig
behavioral1/files/0x00050000000195b5-144.dat	xmrig
behavioral1/files/0x00050000000195b1-134.dat	xmrig
behavioral1/files/0x00050000000195ab-120.dat	xmrig
behavioral1/files/0x00050000000195a9-116.dat	xmrig
behavioral1/files/0x00050000000195a7-110.dat	xmrig
behavioral1/files/0x000500000001957c-105.dat	xmrig
behavioral1/memory/1136-102-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2788-100-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1312-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1648-91-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-86.dat	xmrig
behavioral1/memory/1116-84-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/772-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2576-82-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-74.dat	xmrig
behavioral1/memory/2636-64-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-60.dat	xmrig
behavioral1/memory/2788-55-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2912-50-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/3020-49-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ace-47.dat	xmrig
behavioral1/files/0x0008000000016ce0-45.dat	xmrig
behavioral1/memory/1116-44-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1516	JcmFGFr.exe
2964	lPVlOIi.exe
2448	hXTxeIG.exe
2888	lyqoIZr.exe
1192	FmaeLkP.exe
3020	SgCitnP.exe
2912	aKCDCMJ.exe
2788	MqOhPrb.exe
2636	ZHJZkdd.exe
772	otrSAhR.exe
2576	IvfLhwx.exe
1648	LZNcyvS.exe
1312	AIiiWLa.exe
1136	PMzeuQI.exe
2852	KttCIoC.exe
740	zJkWHWB.exe
1948	vuLHNno.exe
1920	ItoUHpE.exe
1288	egDjGxO.exe
1752	WdFuQBu.exe
1896	DpgvtTf.exe
2404	aDgDazR.exe
1628	rwYnpdD.exe
1484	xzwOJTZ.exe
2056	PxbkQUo.exe
2020	sEBBUtF.exe
1348	JHmtHHl.exe
432	PXbLHkY.exe
3068	Lhtlqor.exe
1704	DGCPAzW.exe
1800	NuamusT.exe
1612	ZxgYEUu.exe
1772	nLlDqDi.exe
2856	oyKuUGT.exe
1780	MjAyuYr.exe
2032	aMFubPb.exe
1416	YAKYVLL.exe
1524	fWtUHuy.exe
572	AGYQWsW.exe
2040	IFakuzU.exe
2948	EAcGSnm.exe
856	SUmhxYc.exe
2524	BXXJGWZ.exe
1012	HsWlBjm.exe
2372	iVTNlTL.exe
836	gJvxTib.exe
672	KaTZbuV.exe
2348	jqODNrF.exe
880	LuGdnxQ.exe
1408	uZHDIju.exe
2340	xWsvLex.exe
1720	btEFoLq.exe
2552	lUomKYs.exe
1988	RBOsalL.exe
2760	aocCnvf.exe
2880	oTZzqHz.exe
2456	MOzQRNs.exe
2712	tnAANFj.exe
2780	OLfXVyN.exe
2616	TTAwNTW.exe
2996	OwoRASs.exe
3000	yubnQOt.exe
1980	WVcPPnx.exe
2600	RCgjgnt.exe

Loads dropped DLL 64 IoCs

pid	Process
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1116-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x0008000000016c23-12.dat	upx
behavioral1/files/0x0007000000016cab-13.dat	upx
behavioral1/memory/2964-23-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0007000000016ccc-24.dat	upx
behavioral1/memory/1516-22-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2448-21-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x0007000000016cd8-31.dat	upx
behavioral1/memory/2888-30-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1192-40-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0008000000016ce9-53.dat	upx
behavioral1/files/0x00050000000194eb-67.dat	upx
behavioral1/files/0x000500000001950f-87.dat	upx
behavioral1/memory/2912-93-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019547-96.dat	upx
behavioral1/files/0x00050000000195ad-123.dat	upx
behavioral1/files/0x00050000000195b3-139.dat	upx
behavioral1/files/0x00050000000195bd-160.dat	upx
behavioral1/files/0x00050000000195c6-177.dat	upx
behavioral1/files/0x000500000001960c-191.dat	upx
behavioral1/memory/772-2115-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2576-2128-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1136-2157-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2964-2264-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1312-2149-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1648-2144-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2636-2103-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2788-2090-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1192-2057-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/3020-2061-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2448-1767-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1516-1763-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-182.dat	upx
behavioral1/files/0x00050000000195c5-175.dat	upx
behavioral1/files/0x00050000000195c3-170.dat	upx
behavioral1/files/0x00050000000195c1-166.dat	upx
behavioral1/files/0x00050000000195bb-155.dat	upx
behavioral1/files/0x00050000000195b7-150.dat	upx
behavioral1/files/0x00050000000195af-138.dat	upx
behavioral1/files/0x00050000000195b5-144.dat	upx
behavioral1/files/0x00050000000195b1-134.dat	upx
behavioral1/files/0x00050000000195ab-120.dat	upx
behavioral1/files/0x00050000000195a9-116.dat	upx
behavioral1/files/0x00050000000195a7-110.dat	upx
behavioral1/files/0x000500000001957c-105.dat	upx
behavioral1/memory/1136-102-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2788-100-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1312-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1648-91-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019515-86.dat	upx
behavioral1/memory/772-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2576-82-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-74.dat	upx
behavioral1/memory/2636-64-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-60.dat	upx
behavioral1/memory/2788-55-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2912-50-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/3020-49-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0009000000016ace-47.dat	upx
behavioral1/files/0x0008000000016ce0-45.dat	upx
behavioral1/memory/1116-44-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2888-2270-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2912-2554-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DHkaqme.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEYEvPA.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKCLSwz.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDPPAjK.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpWCEap.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvCNyks.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsXdWlB.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSYfozl.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgWsbqb.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSyAyPG.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TttcoTV.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKUsOpo.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFyJJdx.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAZzcCs.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXjsICQ.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBqRXhN.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxAEnEr.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBssfeo.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmOvyEy.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvzzRCm.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odetVxG.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aocCnvf.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAtlffr.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKbGlxX.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxjuyNV.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCmQHdX.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKVciCT.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMhDcWq.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdFuQBu.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzJyTNU.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDQHFmH.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOjRTRv.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfdFZOO.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMFubPb.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRwAfcx.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKYvJUz.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsMHoRf.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXKyCmG.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvKLkge.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKoJtDJ.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sprrEVK.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXoSmsP.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmKsCkS.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpxxvpO.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbrPxFz.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUreysj.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAAcbfr.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqitnmU.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAaKJzY.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEigFET.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCobvym.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Phmrtag.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klRmUAO.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTAwNTW.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvIqhkc.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCYUEyx.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTfOMtU.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTxVJij.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjOPbQq.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKCDCMJ.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GreWDvI.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUEKbyg.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KunKChY.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crMZeyd.exe	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 1516	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 1516	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 1516	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 2964	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2964	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2964	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2448	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2448	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2448	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2888	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 2888	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 2888	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 1192	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 1192	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 1192	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 2912	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 2912	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 2912	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 3020	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 3020	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 3020	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 2788	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 2788	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 2788	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 2636	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 2636	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 2636	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 772	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 772	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 772	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 2576	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 2576	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 2576	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 1312	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 1312	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 1312	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 1648	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1648	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1648	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1136	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 1136	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 1136	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 2852	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 2852	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 2852	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 740	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 740	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 740	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 1948	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1948	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1948	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1920	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1920	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1920	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1288	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1288	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1288	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1896	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 1896	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 1896	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 1752	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 1752	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 1752	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 2404	1116	2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_aac198c254f74d2fb5154e73cad790f2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\System\JcmFGFr.exe
  C:\Windows\System\JcmFGFr.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\lPVlOIi.exe
  C:\Windows\System\lPVlOIi.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\hXTxeIG.exe
  C:\Windows\System\hXTxeIG.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\lyqoIZr.exe
  C:\Windows\System\lyqoIZr.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\FmaeLkP.exe
  C:\Windows\System\FmaeLkP.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\aKCDCMJ.exe
  C:\Windows\System\aKCDCMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\SgCitnP.exe
  C:\Windows\System\SgCitnP.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\MqOhPrb.exe
  C:\Windows\System\MqOhPrb.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ZHJZkdd.exe
  C:\Windows\System\ZHJZkdd.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\otrSAhR.exe
  C:\Windows\System\otrSAhR.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\IvfLhwx.exe
  C:\Windows\System\IvfLhwx.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\AIiiWLa.exe
  C:\Windows\System\AIiiWLa.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\LZNcyvS.exe
  C:\Windows\System\LZNcyvS.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\PMzeuQI.exe
  C:\Windows\System\PMzeuQI.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\KttCIoC.exe
  C:\Windows\System\KttCIoC.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\zJkWHWB.exe
  C:\Windows\System\zJkWHWB.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\vuLHNno.exe
  C:\Windows\System\vuLHNno.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ItoUHpE.exe
  C:\Windows\System\ItoUHpE.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\egDjGxO.exe
  C:\Windows\System\egDjGxO.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\DpgvtTf.exe
  C:\Windows\System\DpgvtTf.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\WdFuQBu.exe
  C:\Windows\System\WdFuQBu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\aDgDazR.exe
  C:\Windows\System\aDgDazR.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\rwYnpdD.exe
  C:\Windows\System\rwYnpdD.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\xzwOJTZ.exe
  C:\Windows\System\xzwOJTZ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\PxbkQUo.exe
  C:\Windows\System\PxbkQUo.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\sEBBUtF.exe
  C:\Windows\System\sEBBUtF.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\JHmtHHl.exe
  C:\Windows\System\JHmtHHl.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\PXbLHkY.exe
  C:\Windows\System\PXbLHkY.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\Lhtlqor.exe
  C:\Windows\System\Lhtlqor.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\NuamusT.exe
  C:\Windows\System\NuamusT.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\DGCPAzW.exe
  C:\Windows\System\DGCPAzW.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ZxgYEUu.exe
  C:\Windows\System\ZxgYEUu.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\nLlDqDi.exe
  C:\Windows\System\nLlDqDi.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\oyKuUGT.exe
  C:\Windows\System\oyKuUGT.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\MjAyuYr.exe
  C:\Windows\System\MjAyuYr.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\aMFubPb.exe
  C:\Windows\System\aMFubPb.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\YAKYVLL.exe
  C:\Windows\System\YAKYVLL.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\fWtUHuy.exe
  C:\Windows\System\fWtUHuy.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\AGYQWsW.exe
  C:\Windows\System\AGYQWsW.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\IFakuzU.exe
  C:\Windows\System\IFakuzU.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\EAcGSnm.exe
  C:\Windows\System\EAcGSnm.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\iVTNlTL.exe
  C:\Windows\System\iVTNlTL.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\SUmhxYc.exe
  C:\Windows\System\SUmhxYc.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\gJvxTib.exe
  C:\Windows\System\gJvxTib.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\BXXJGWZ.exe
  C:\Windows\System\BXXJGWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\KaTZbuV.exe
  C:\Windows\System\KaTZbuV.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\HsWlBjm.exe
  C:\Windows\System\HsWlBjm.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\jqODNrF.exe
  C:\Windows\System\jqODNrF.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\LuGdnxQ.exe
  C:\Windows\System\LuGdnxQ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\uZHDIju.exe
  C:\Windows\System\uZHDIju.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\xWsvLex.exe
  C:\Windows\System\xWsvLex.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\btEFoLq.exe
  C:\Windows\System\btEFoLq.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\lUomKYs.exe
  C:\Windows\System\lUomKYs.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\RBOsalL.exe
  C:\Windows\System\RBOsalL.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\aocCnvf.exe
  C:\Windows\System\aocCnvf.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\oTZzqHz.exe
  C:\Windows\System\oTZzqHz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\MOzQRNs.exe
  C:\Windows\System\MOzQRNs.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\tnAANFj.exe
  C:\Windows\System\tnAANFj.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OLfXVyN.exe
  C:\Windows\System\OLfXVyN.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\OwoRASs.exe
  C:\Windows\System\OwoRASs.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\TTAwNTW.exe
  C:\Windows\System\TTAwNTW.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\RCgjgnt.exe
  C:\Windows\System\RCgjgnt.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\yubnQOt.exe
  C:\Windows\System\yubnQOt.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\NfVtrBU.exe
  C:\Windows\System\NfVtrBU.exe
  2⤵
  PID:3016
- C:\Windows\System\WVcPPnx.exe
  C:\Windows\System\WVcPPnx.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\enoDRty.exe
  C:\Windows\System\enoDRty.exe
  2⤵
  PID:2820
- C:\Windows\System\lRHouJu.exe
  C:\Windows\System\lRHouJu.exe
  2⤵
  PID:1464
- C:\Windows\System\wmhdwDp.exe
  C:\Windows\System\wmhdwDp.exe
  2⤵
  PID:2916
- C:\Windows\System\xkiWgPE.exe
  C:\Windows\System\xkiWgPE.exe
  2⤵
  PID:2716
- C:\Windows\System\ReXPiHP.exe
  C:\Windows\System\ReXPiHP.exe
  2⤵
  PID:2988
- C:\Windows\System\vwlznGV.exe
  C:\Windows\System\vwlznGV.exe
  2⤵
  PID:1728
- C:\Windows\System\AQRhJuJ.exe
  C:\Windows\System\AQRhJuJ.exe
  2⤵
  PID:1520
- C:\Windows\System\ErRaHEG.exe
  C:\Windows\System\ErRaHEG.exe
  2⤵
  PID:2392
- C:\Windows\System\vvehKuT.exe
  C:\Windows\System\vvehKuT.exe
  2⤵
  PID:1148
- C:\Windows\System\YioiVIt.exe
  C:\Windows\System\YioiVIt.exe
  2⤵
  PID:620
- C:\Windows\System\yeLdiNA.exe
  C:\Windows\System\yeLdiNA.exe
  2⤵
  PID:1748
- C:\Windows\System\pziPBai.exe
  C:\Windows\System\pziPBai.exe
  2⤵
  PID:824
- C:\Windows\System\TttcoTV.exe
  C:\Windows\System\TttcoTV.exe
  2⤵
  PID:1744
- C:\Windows\System\LxddGeO.exe
  C:\Windows\System\LxddGeO.exe
  2⤵
  PID:1688
- C:\Windows\System\GCuAaPg.exe
  C:\Windows\System\GCuAaPg.exe
  2⤵
  PID:1212
- C:\Windows\System\KwTgBoX.exe
  C:\Windows\System\KwTgBoX.exe
  2⤵
  PID:1716
- C:\Windows\System\XNaMGwf.exe
  C:\Windows\System\XNaMGwf.exe
  2⤵
  PID:1528
- C:\Windows\System\wYnpACg.exe
  C:\Windows\System\wYnpACg.exe
  2⤵
  PID:2408
- C:\Windows\System\uDKMaqg.exe
  C:\Windows\System\uDKMaqg.exe
  2⤵
  PID:2452
- C:\Windows\System\reePnNV.exe
  C:\Windows\System\reePnNV.exe
  2⤵
  PID:1040
- C:\Windows\System\PAOqRwh.exe
  C:\Windows\System\PAOqRwh.exe
  2⤵
  PID:2116
- C:\Windows\System\AxqNXAV.exe
  C:\Windows\System\AxqNXAV.exe
  2⤵
  PID:2000
- C:\Windows\System\JZUYCrh.exe
  C:\Windows\System\JZUYCrh.exe
  2⤵
  PID:1188
- C:\Windows\System\aWaNHHg.exe
  C:\Windows\System\aWaNHHg.exe
  2⤵
  PID:2724
- C:\Windows\System\vfTuPcu.exe
  C:\Windows\System\vfTuPcu.exe
  2⤵
  PID:3032
- C:\Windows\System\GreWDvI.exe
  C:\Windows\System\GreWDvI.exe
  2⤵
  PID:2644
- C:\Windows\System\QSTKzvi.exe
  C:\Windows\System\QSTKzvi.exe
  2⤵
  PID:2748
- C:\Windows\System\YWjGAQp.exe
  C:\Windows\System\YWjGAQp.exe
  2⤵
  PID:2940
- C:\Windows\System\gxGxbsL.exe
  C:\Windows\System\gxGxbsL.exe
  2⤵
  PID:1932
- C:\Windows\System\XbDxGYR.exe
  C:\Windows\System\XbDxGYR.exe
  2⤵
  PID:2248
- C:\Windows\System\FpPOCaH.exe
  C:\Windows\System\FpPOCaH.exe
  2⤵
  PID:2696
- C:\Windows\System\agghDRl.exe
  C:\Windows\System\agghDRl.exe
  2⤵
  PID:2608
- C:\Windows\System\xvrNlwz.exe
  C:\Windows\System\xvrNlwz.exe
  2⤵
  PID:2384
- C:\Windows\System\RiCinTf.exe
  C:\Windows\System\RiCinTf.exe
  2⤵
  PID:1052
- C:\Windows\System\rwlKkVT.exe
  C:\Windows\System\rwlKkVT.exe
  2⤵
  PID:2420
- C:\Windows\System\iNjwcKG.exe
  C:\Windows\System\iNjwcKG.exe
  2⤵
  PID:1472
- C:\Windows\System\ENjsfJK.exe
  C:\Windows\System\ENjsfJK.exe
  2⤵
  PID:2044
- C:\Windows\System\fwrcCBR.exe
  C:\Windows\System\fwrcCBR.exe
  2⤵
  PID:528
- C:\Windows\System\kYbFgvl.exe
  C:\Windows\System\kYbFgvl.exe
  2⤵
  PID:2216
- C:\Windows\System\zhrWHpg.exe
  C:\Windows\System\zhrWHpg.exe
  2⤵
  PID:2204
- C:\Windows\System\rVLeiwz.exe
  C:\Windows\System\rVLeiwz.exe
  2⤵
  PID:268
- C:\Windows\System\oBzizpO.exe
  C:\Windows\System\oBzizpO.exe
  2⤵
  PID:2492
- C:\Windows\System\zcoyubm.exe
  C:\Windows\System\zcoyubm.exe
  2⤵
  PID:3064
- C:\Windows\System\POFqXaY.exe
  C:\Windows\System\POFqXaY.exe
  2⤵
  PID:2316
- C:\Windows\System\qpICnTn.exe
  C:\Windows\System\qpICnTn.exe
  2⤵
  PID:1888
- C:\Windows\System\jkWgLuh.exe
  C:\Windows\System\jkWgLuh.exe
  2⤵
  PID:1564
- C:\Windows\System\nRwAfcx.exe
  C:\Windows\System\nRwAfcx.exe
  2⤵
  PID:1620
- C:\Windows\System\xITObLe.exe
  C:\Windows\System\xITObLe.exe
  2⤵
  PID:3040
- C:\Windows\System\JOHDQzw.exe
  C:\Windows\System\JOHDQzw.exe
  2⤵
  PID:2864
- C:\Windows\System\CamNNca.exe
  C:\Windows\System\CamNNca.exe
  2⤵
  PID:2832
- C:\Windows\System\VvzzRCm.exe
  C:\Windows\System\VvzzRCm.exe
  2⤵
  PID:1588
- C:\Windows\System\EfRaQEY.exe
  C:\Windows\System\EfRaQEY.exe
  2⤵
  PID:3092
- C:\Windows\System\ABasNAu.exe
  C:\Windows\System\ABasNAu.exe
  2⤵
  PID:3108
- C:\Windows\System\sPOWykN.exe
  C:\Windows\System\sPOWykN.exe
  2⤵
  PID:3124
- C:\Windows\System\zVMlUde.exe
  C:\Windows\System\zVMlUde.exe
  2⤵
  PID:3144
- C:\Windows\System\UtkoiPZ.exe
  C:\Windows\System\UtkoiPZ.exe
  2⤵
  PID:3164
- C:\Windows\System\SETUGgS.exe
  C:\Windows\System\SETUGgS.exe
  2⤵
  PID:3188
- C:\Windows\System\wyHKghe.exe
  C:\Windows\System\wyHKghe.exe
  2⤵
  PID:3204
- C:\Windows\System\sFzayPK.exe
  C:\Windows\System\sFzayPK.exe
  2⤵
  PID:3220
- C:\Windows\System\cdticpE.exe
  C:\Windows\System\cdticpE.exe
  2⤵
  PID:3260
- C:\Windows\System\UzHXfdp.exe
  C:\Windows\System\UzHXfdp.exe
  2⤵
  PID:3276
- C:\Windows\System\RSFBhsW.exe
  C:\Windows\System\RSFBhsW.exe
  2⤵
  PID:3304
- C:\Windows\System\HNQLQCy.exe
  C:\Windows\System\HNQLQCy.exe
  2⤵
  PID:3320
- C:\Windows\System\kuxRkqn.exe
  C:\Windows\System\kuxRkqn.exe
  2⤵
  PID:3344
- C:\Windows\System\mtEPvId.exe
  C:\Windows\System\mtEPvId.exe
  2⤵
  PID:3364
- C:\Windows\System\eJfADxV.exe
  C:\Windows\System\eJfADxV.exe
  2⤵
  PID:3384
- C:\Windows\System\odetVxG.exe
  C:\Windows\System\odetVxG.exe
  2⤵
  PID:3404
- C:\Windows\System\gvDJGRk.exe
  C:\Windows\System\gvDJGRk.exe
  2⤵
  PID:3424
- C:\Windows\System\NJrUKKi.exe
  C:\Windows\System\NJrUKKi.exe
  2⤵
  PID:3444
- C:\Windows\System\qegVJaB.exe
  C:\Windows\System\qegVJaB.exe
  2⤵
  PID:3460
- C:\Windows\System\QksrUcx.exe
  C:\Windows\System\QksrUcx.exe
  2⤵
  PID:3480
- C:\Windows\System\pxbwyNA.exe
  C:\Windows\System\pxbwyNA.exe
  2⤵
  PID:3500
- C:\Windows\System\iXylSXE.exe
  C:\Windows\System\iXylSXE.exe
  2⤵
  PID:3520
- C:\Windows\System\AytSfIb.exe
  C:\Windows\System\AytSfIb.exe
  2⤵
  PID:3540
- C:\Windows\System\hKUsOpo.exe
  C:\Windows\System\hKUsOpo.exe
  2⤵
  PID:3556
- C:\Windows\System\rHuVyXt.exe
  C:\Windows\System\rHuVyXt.exe
  2⤵
  PID:3580
- C:\Windows\System\EulXlnu.exe
  C:\Windows\System\EulXlnu.exe
  2⤵
  PID:3596
- C:\Windows\System\DsywIxg.exe
  C:\Windows\System\DsywIxg.exe
  2⤵
  PID:3616
- C:\Windows\System\nAUInHp.exe
  C:\Windows\System\nAUInHp.exe
  2⤵
  PID:3640
- C:\Windows\System\PVqdAmT.exe
  C:\Windows\System\PVqdAmT.exe
  2⤵
  PID:3656
- C:\Windows\System\jinSzVI.exe
  C:\Windows\System\jinSzVI.exe
  2⤵
  PID:3676
- C:\Windows\System\ZBfdjxP.exe
  C:\Windows\System\ZBfdjxP.exe
  2⤵
  PID:3696
- C:\Windows\System\PxrxEaC.exe
  C:\Windows\System\PxrxEaC.exe
  2⤵
  PID:3720
- C:\Windows\System\kMTDUYS.exe
  C:\Windows\System\kMTDUYS.exe
  2⤵
  PID:3736
- C:\Windows\System\JwYGYHS.exe
  C:\Windows\System\JwYGYHS.exe
  2⤵
  PID:3760
- C:\Windows\System\GKzCtEk.exe
  C:\Windows\System\GKzCtEk.exe
  2⤵
  PID:3788
- C:\Windows\System\DsSnwzI.exe
  C:\Windows\System\DsSnwzI.exe
  2⤵
  PID:3804
- C:\Windows\System\ynvfijJ.exe
  C:\Windows\System\ynvfijJ.exe
  2⤵
  PID:3824
- C:\Windows\System\imedjbr.exe
  C:\Windows\System\imedjbr.exe
  2⤵
  PID:3848
- C:\Windows\System\SLvxBBT.exe
  C:\Windows\System\SLvxBBT.exe
  2⤵
  PID:3868
- C:\Windows\System\fYKJDTw.exe
  C:\Windows\System\fYKJDTw.exe
  2⤵
  PID:3888
- C:\Windows\System\RdSNBAC.exe
  C:\Windows\System\RdSNBAC.exe
  2⤵
  PID:3908
- C:\Windows\System\NHdXwoz.exe
  C:\Windows\System\NHdXwoz.exe
  2⤵
  PID:3928
- C:\Windows\System\YWDPeSd.exe
  C:\Windows\System\YWDPeSd.exe
  2⤵
  PID:3948
- C:\Windows\System\lSObiCS.exe
  C:\Windows\System\lSObiCS.exe
  2⤵
  PID:3964
- C:\Windows\System\YkPrbVe.exe
  C:\Windows\System\YkPrbVe.exe
  2⤵
  PID:3984
- C:\Windows\System\VKtKTVJ.exe
  C:\Windows\System\VKtKTVJ.exe
  2⤵
  PID:4008
- C:\Windows\System\dqITqMR.exe
  C:\Windows\System\dqITqMR.exe
  2⤵
  PID:4024
- C:\Windows\System\KubSIYr.exe
  C:\Windows\System\KubSIYr.exe
  2⤵
  PID:4044
- C:\Windows\System\fjzqZAP.exe
  C:\Windows\System\fjzqZAP.exe
  2⤵
  PID:4068
- C:\Windows\System\fUUVfFb.exe
  C:\Windows\System\fUUVfFb.exe
  2⤵
  PID:4088
- C:\Windows\System\PsUDFjt.exe
  C:\Windows\System\PsUDFjt.exe
  2⤵
  PID:3052
- C:\Windows\System\EssEwvk.exe
  C:\Windows\System\EssEwvk.exe
  2⤵
  PID:2224
- C:\Windows\System\puhdoUy.exe
  C:\Windows\System\puhdoUy.exe
  2⤵
  PID:2076
- C:\Windows\System\ozLapTp.exe
  C:\Windows\System\ozLapTp.exe
  2⤵
  PID:2008
- C:\Windows\System\OwspwUe.exe
  C:\Windows\System\OwspwUe.exe
  2⤵
  PID:1100
- C:\Windows\System\sKrzDZB.exe
  C:\Windows\System\sKrzDZB.exe
  2⤵
  PID:2212
- C:\Windows\System\FmBVkxu.exe
  C:\Windows\System\FmBVkxu.exe
  2⤵
  PID:2688
- C:\Windows\System\cPXLqCI.exe
  C:\Windows\System\cPXLqCI.exe
  2⤵
  PID:3100
- C:\Windows\System\FClvIhJ.exe
  C:\Windows\System\FClvIhJ.exe
  2⤵
  PID:3140
- C:\Windows\System\fuXLTzQ.exe
  C:\Windows\System\fuXLTzQ.exe
  2⤵
  PID:656
- C:\Windows\System\tBzPCaM.exe
  C:\Windows\System\tBzPCaM.exe
  2⤵
  PID:2400
- C:\Windows\System\gnXySeM.exe
  C:\Windows\System\gnXySeM.exe
  2⤵
  PID:3084
- C:\Windows\System\nswuRdR.exe
  C:\Windows\System\nswuRdR.exe
  2⤵
  PID:3116
- C:\Windows\System\QcZkaqm.exe
  C:\Windows\System\QcZkaqm.exe
  2⤵
  PID:3156
- C:\Windows\System\PrYlfGX.exe
  C:\Windows\System\PrYlfGX.exe
  2⤵
  PID:3244
- C:\Windows\System\ehsoTLZ.exe
  C:\Windows\System\ehsoTLZ.exe
  2⤵
  PID:3236
- C:\Windows\System\vtSmaLQ.exe
  C:\Windows\System\vtSmaLQ.exe
  2⤵
  PID:3316
- C:\Windows\System\SBEqbGM.exe
  C:\Windows\System\SBEqbGM.exe
  2⤵
  PID:3284
- C:\Windows\System\wHhXjae.exe
  C:\Windows\System\wHhXjae.exe
  2⤵
  PID:3328
- C:\Windows\System\CSmqZzo.exe
  C:\Windows\System\CSmqZzo.exe
  2⤵
  PID:3476
- C:\Windows\System\WJQwpQu.exe
  C:\Windows\System\WJQwpQu.exe
  2⤵
  PID:3508
- C:\Windows\System\kodHcex.exe
  C:\Windows\System\kodHcex.exe
  2⤵
  PID:3420
- C:\Windows\System\dIWDmBB.exe
  C:\Windows\System\dIWDmBB.exe
  2⤵
  PID:3548
- C:\Windows\System\dbKQWoi.exe
  C:\Windows\System\dbKQWoi.exe
  2⤵
  PID:3592
- C:\Windows\System\pemjJnA.exe
  C:\Windows\System\pemjJnA.exe
  2⤵
  PID:3488
- C:\Windows\System\sIQCGLD.exe
  C:\Windows\System\sIQCGLD.exe
  2⤵
  PID:3532
- C:\Windows\System\FZpfoyG.exe
  C:\Windows\System\FZpfoyG.exe
  2⤵
  PID:3572
- C:\Windows\System\GsImevK.exe
  C:\Windows\System\GsImevK.exe
  2⤵
  PID:3708
- C:\Windows\System\ulXOqYX.exe
  C:\Windows\System\ulXOqYX.exe
  2⤵
  PID:3748
- C:\Windows\System\iHBWVZN.exe
  C:\Windows\System\iHBWVZN.exe
  2⤵
  PID:3652
- C:\Windows\System\GMIuOOz.exe
  C:\Windows\System\GMIuOOz.exe
  2⤵
  PID:3728
- C:\Windows\System\yHVMOHd.exe
  C:\Windows\System\yHVMOHd.exe
  2⤵
  PID:3832
- C:\Windows\System\bchbWHd.exe
  C:\Windows\System\bchbWHd.exe
  2⤵
  PID:3776
- C:\Windows\System\AQkHZJz.exe
  C:\Windows\System\AQkHZJz.exe
  2⤵
  PID:3820
- C:\Windows\System\nvQdxSH.exe
  C:\Windows\System\nvQdxSH.exe
  2⤵
  PID:3860
- C:\Windows\System\cbmUXSI.exe
  C:\Windows\System\cbmUXSI.exe
  2⤵
  PID:3920
- C:\Windows\System\wofQWbx.exe
  C:\Windows\System\wofQWbx.exe
  2⤵
  PID:3904
- C:\Windows\System\ruqwaFz.exe
  C:\Windows\System\ruqwaFz.exe
  2⤵
  PID:3976
- C:\Windows\System\xHUhRrC.exe
  C:\Windows\System\xHUhRrC.exe
  2⤵
  PID:3996
- C:\Windows\System\SxoWScF.exe
  C:\Windows\System\SxoWScF.exe
  2⤵
  PID:4080
- C:\Windows\System\Qubvplq.exe
  C:\Windows\System\Qubvplq.exe
  2⤵
  PID:4020
- C:\Windows\System\pYvbmWV.exe
  C:\Windows\System\pYvbmWV.exe
  2⤵
  PID:896
- C:\Windows\System\GyXqTZU.exe
  C:\Windows\System\GyXqTZU.exe
  2⤵
  PID:1540
- C:\Windows\System\WdGdtmY.exe
  C:\Windows\System\WdGdtmY.exe
  2⤵
  PID:2544
- C:\Windows\System\KnwDPUO.exe
  C:\Windows\System\KnwDPUO.exe
  2⤵
  PID:2464
- C:\Windows\System\tlKPYHF.exe
  C:\Windows\System\tlKPYHF.exe
  2⤵
  PID:1868
- C:\Windows\System\RKeEmie.exe
  C:\Windows\System\RKeEmie.exe
  2⤵
  PID:3132
- C:\Windows\System\ZrsFvHc.exe
  C:\Windows\System\ZrsFvHc.exe
  2⤵
  PID:3080
- C:\Windows\System\XSfAaJL.exe
  C:\Windows\System\XSfAaJL.exe
  2⤵
  PID:3152
- C:\Windows\System\CsoBhpt.exe
  C:\Windows\System\CsoBhpt.exe
  2⤵
  PID:3256
- C:\Windows\System\jumQQBj.exe
  C:\Windows\System\jumQQBj.exe
  2⤵
  PID:3356
- C:\Windows\System\wzGjdWO.exe
  C:\Windows\System\wzGjdWO.exe
  2⤵
  PID:3272
- C:\Windows\System\hhkpwDI.exe
  C:\Windows\System\hhkpwDI.exe
  2⤵
  PID:3396
- C:\Windows\System\ohrIzcb.exe
  C:\Windows\System\ohrIzcb.exe
  2⤵
  PID:3380
- C:\Windows\System\ZwmzXii.exe
  C:\Windows\System\ZwmzXii.exe
  2⤵
  PID:3516
- C:\Windows\System\LRiillB.exe
  C:\Windows\System\LRiillB.exe
  2⤵
  PID:3632
- C:\Windows\System\gBlJTCF.exe
  C:\Windows\System\gBlJTCF.exe
  2⤵
  PID:3664
- C:\Windows\System\grTRPWk.exe
  C:\Windows\System\grTRPWk.exe
  2⤵
  PID:3564
- C:\Windows\System\DvPpHpT.exe
  C:\Windows\System\DvPpHpT.exe
  2⤵
  PID:3612
- C:\Windows\System\VRACjGB.exe
  C:\Windows\System\VRACjGB.exe
  2⤵
  PID:3768
- C:\Windows\System\FbLCmpu.exe
  C:\Windows\System\FbLCmpu.exe
  2⤵
  PID:2792
- C:\Windows\System\bDIvrgY.exe
  C:\Windows\System\bDIvrgY.exe
  2⤵
  PID:3836
- C:\Windows\System\LOpSEpH.exe
  C:\Windows\System\LOpSEpH.exe
  2⤵
  PID:3884
- C:\Windows\System\LaQmujZ.exe
  C:\Windows\System\LaQmujZ.exe
  2⤵
  PID:3972
- C:\Windows\System\EXJbszN.exe
  C:\Windows\System\EXJbszN.exe
  2⤵
  PID:4084
- C:\Windows\System\IRKJupq.exe
  C:\Windows\System\IRKJupq.exe
  2⤵
  PID:756
- C:\Windows\System\cVJMQoN.exe
  C:\Windows\System\cVJMQoN.exe
  2⤵
  PID:2320
- C:\Windows\System\ECvTtWZ.exe
  C:\Windows\System\ECvTtWZ.exe
  2⤵
  PID:2052
- C:\Windows\System\LkXrWbw.exe
  C:\Windows\System\LkXrWbw.exe
  2⤵
  PID:544
- C:\Windows\System\mUFVtYl.exe
  C:\Windows\System\mUFVtYl.exe
  2⤵
  PID:3136
- C:\Windows\System\CPUacHH.exe
  C:\Windows\System\CPUacHH.exe
  2⤵
  PID:3252
- C:\Windows\System\PkacoKX.exe
  C:\Windows\System\PkacoKX.exe
  2⤵
  PID:4116
- C:\Windows\System\NQfWWqZ.exe
  C:\Windows\System\NQfWWqZ.exe
  2⤵
  PID:4136
- C:\Windows\System\WQOgVum.exe
  C:\Windows\System\WQOgVum.exe
  2⤵
  PID:4156
- C:\Windows\System\ClxpxhP.exe
  C:\Windows\System\ClxpxhP.exe
  2⤵
  PID:4176
- C:\Windows\System\PeQLpQI.exe
  C:\Windows\System\PeQLpQI.exe
  2⤵
  PID:4200
- C:\Windows\System\siftGRO.exe
  C:\Windows\System\siftGRO.exe
  2⤵
  PID:4216
- C:\Windows\System\VkSqrMv.exe
  C:\Windows\System\VkSqrMv.exe
  2⤵
  PID:4240
- C:\Windows\System\exqFwQg.exe
  C:\Windows\System\exqFwQg.exe
  2⤵
  PID:4264
- C:\Windows\System\FLSTCMF.exe
  C:\Windows\System\FLSTCMF.exe
  2⤵
  PID:4284
- C:\Windows\System\QTpZVeA.exe
  C:\Windows\System\QTpZVeA.exe
  2⤵
  PID:4304
- C:\Windows\System\URkBMOd.exe
  C:\Windows\System\URkBMOd.exe
  2⤵
  PID:4324
- C:\Windows\System\jUEKbyg.exe
  C:\Windows\System\jUEKbyg.exe
  2⤵
  PID:4344
- C:\Windows\System\StSrSUJ.exe
  C:\Windows\System\StSrSUJ.exe
  2⤵
  PID:4364
- C:\Windows\System\fJaUHFI.exe
  C:\Windows\System\fJaUHFI.exe
  2⤵
  PID:4384
- C:\Windows\System\aHqoJVc.exe
  C:\Windows\System\aHqoJVc.exe
  2⤵
  PID:4404
- C:\Windows\System\dIkVZVg.exe
  C:\Windows\System\dIkVZVg.exe
  2⤵
  PID:4424
- C:\Windows\System\UqrJRUc.exe
  C:\Windows\System\UqrJRUc.exe
  2⤵
  PID:4444
- C:\Windows\System\vEdRurq.exe
  C:\Windows\System\vEdRurq.exe
  2⤵
  PID:4464
- C:\Windows\System\xApcqeq.exe
  C:\Windows\System\xApcqeq.exe
  2⤵
  PID:4480
- C:\Windows\System\fYnFgfl.exe
  C:\Windows\System\fYnFgfl.exe
  2⤵
  PID:4500
- C:\Windows\System\WYdGuZC.exe
  C:\Windows\System\WYdGuZC.exe
  2⤵
  PID:4528
- C:\Windows\System\dHdjDeT.exe
  C:\Windows\System\dHdjDeT.exe
  2⤵
  PID:4548
- C:\Windows\System\JwQKYaI.exe
  C:\Windows\System\JwQKYaI.exe
  2⤵
  PID:4568
- C:\Windows\System\FVKxLrs.exe
  C:\Windows\System\FVKxLrs.exe
  2⤵
  PID:4588
- C:\Windows\System\aFyJJdx.exe
  C:\Windows\System\aFyJJdx.exe
  2⤵
  PID:4608
- C:\Windows\System\CZkZrUC.exe
  C:\Windows\System\CZkZrUC.exe
  2⤵
  PID:4632
- C:\Windows\System\nSwSHpd.exe
  C:\Windows\System\nSwSHpd.exe
  2⤵
  PID:4652
- C:\Windows\System\bUMjHcS.exe
  C:\Windows\System\bUMjHcS.exe
  2⤵
  PID:4672
- C:\Windows\System\Kxvdmke.exe
  C:\Windows\System\Kxvdmke.exe
  2⤵
  PID:4692
- C:\Windows\System\PyONvyV.exe
  C:\Windows\System\PyONvyV.exe
  2⤵
  PID:4712
- C:\Windows\System\isMLxTE.exe
  C:\Windows\System\isMLxTE.exe
  2⤵
  PID:4732
- C:\Windows\System\OgaXNjZ.exe
  C:\Windows\System\OgaXNjZ.exe
  2⤵
  PID:4748
- C:\Windows\System\zwRdiWj.exe
  C:\Windows\System\zwRdiWj.exe
  2⤵
  PID:4768
- C:\Windows\System\mLGiODU.exe
  C:\Windows\System\mLGiODU.exe
  2⤵
  PID:4792
- C:\Windows\System\GcTrvgk.exe
  C:\Windows\System\GcTrvgk.exe
  2⤵
  PID:4812
- C:\Windows\System\eBCPiCe.exe
  C:\Windows\System\eBCPiCe.exe
  2⤵
  PID:4832
- C:\Windows\System\FQZLNVn.exe
  C:\Windows\System\FQZLNVn.exe
  2⤵
  PID:4852
- C:\Windows\System\yimryOv.exe
  C:\Windows\System\yimryOv.exe
  2⤵
  PID:4872
- C:\Windows\System\pNIFdxA.exe
  C:\Windows\System\pNIFdxA.exe
  2⤵
  PID:4888
- C:\Windows\System\ByRIKfh.exe
  C:\Windows\System\ByRIKfh.exe
  2⤵
  PID:4912
- C:\Windows\System\fROBpwi.exe
  C:\Windows\System\fROBpwi.exe
  2⤵
  PID:4932
- C:\Windows\System\McZSLjb.exe
  C:\Windows\System\McZSLjb.exe
  2⤵
  PID:4952
- C:\Windows\System\YJKFCLB.exe
  C:\Windows\System\YJKFCLB.exe
  2⤵
  PID:4972
- C:\Windows\System\ntJaOgp.exe
  C:\Windows\System\ntJaOgp.exe
  2⤵
  PID:4996
- C:\Windows\System\aRWWkfQ.exe
  C:\Windows\System\aRWWkfQ.exe
  2⤵
  PID:5016
- C:\Windows\System\VcyRSgv.exe
  C:\Windows\System\VcyRSgv.exe
  2⤵
  PID:5040
- C:\Windows\System\yuvguWH.exe
  C:\Windows\System\yuvguWH.exe
  2⤵
  PID:5060
- C:\Windows\System\xpSybfh.exe
  C:\Windows\System\xpSybfh.exe
  2⤵
  PID:5080
- C:\Windows\System\mFuJlcj.exe
  C:\Windows\System\mFuJlcj.exe
  2⤵
  PID:5100
- C:\Windows\System\QDCjDLV.exe
  C:\Windows\System\QDCjDLV.exe
  2⤵
  PID:864
- C:\Windows\System\fGbmGps.exe
  C:\Windows\System\fGbmGps.exe
  2⤵
  PID:2752
- C:\Windows\System\IVDrDfU.exe
  C:\Windows\System\IVDrDfU.exe
  2⤵
  PID:1560
- C:\Windows\System\xKvzcpx.exe
  C:\Windows\System\xKvzcpx.exe
  2⤵
  PID:3412
- C:\Windows\System\AdXEbUe.exe
  C:\Windows\System\AdXEbUe.exe
  2⤵
  PID:3552
- C:\Windows\System\NckonuV.exe
  C:\Windows\System\NckonuV.exe
  2⤵
  PID:3528
- C:\Windows\System\LejwohV.exe
  C:\Windows\System\LejwohV.exe
  2⤵
  PID:3608
- C:\Windows\System\lPKKxRb.exe
  C:\Windows\System\lPKKxRb.exe
  2⤵
  PID:3784
- C:\Windows\System\YOvXbba.exe
  C:\Windows\System\YOvXbba.exe
  2⤵
  PID:3916
- C:\Windows\System\DnBNVLT.exe
  C:\Windows\System\DnBNVLT.exe
  2⤵
  PID:3944
- C:\Windows\System\VYIEoJx.exe
  C:\Windows\System\VYIEoJx.exe
  2⤵
  PID:4040
- C:\Windows\System\wCcjXoh.exe
  C:\Windows\System\wCcjXoh.exe
  2⤵
  PID:3180
- C:\Windows\System\MyajpwK.exe
  C:\Windows\System\MyajpwK.exe
  2⤵
  PID:1964
- C:\Windows\System\OgWmWke.exe
  C:\Windows\System\OgWmWke.exe
  2⤵
  PID:4108
- C:\Windows\System\nFJFJkO.exe
  C:\Windows\System\nFJFJkO.exe
  2⤵
  PID:4132
- C:\Windows\System\kIixvWe.exe
  C:\Windows\System\kIixvWe.exe
  2⤵
  PID:4164
- C:\Windows\System\SIApCci.exe
  C:\Windows\System\SIApCci.exe
  2⤵
  PID:4172
- C:\Windows\System\McWcgUO.exe
  C:\Windows\System\McWcgUO.exe
  2⤵
  PID:4212
- C:\Windows\System\pgWOTKz.exe
  C:\Windows\System\pgWOTKz.exe
  2⤵
  PID:4312
- C:\Windows\System\uSqOyNq.exe
  C:\Windows\System\uSqOyNq.exe
  2⤵
  PID:4316
- C:\Windows\System\QmnTxRT.exe
  C:\Windows\System\QmnTxRT.exe
  2⤵
  PID:4336
- C:\Windows\System\kYpnDjp.exe
  C:\Windows\System\kYpnDjp.exe
  2⤵
  PID:4392
- C:\Windows\System\gHpYzpx.exe
  C:\Windows\System\gHpYzpx.exe
  2⤵
  PID:4440
- C:\Windows\System\JhNjwJG.exe
  C:\Windows\System\JhNjwJG.exe
  2⤵
  PID:4416
- C:\Windows\System\bLjZvfk.exe
  C:\Windows\System\bLjZvfk.exe
  2⤵
  PID:4476
- C:\Windows\System\qzJyTNU.exe
  C:\Windows\System\qzJyTNU.exe
  2⤵
  PID:4496
- C:\Windows\System\nRRqmnS.exe
  C:\Windows\System\nRRqmnS.exe
  2⤵
  PID:4556
- C:\Windows\System\OCetUto.exe
  C:\Windows\System\OCetUto.exe
  2⤵
  PID:2740
- C:\Windows\System\crQqjVp.exe
  C:\Windows\System\crQqjVp.exe
  2⤵
  PID:4584
- C:\Windows\System\ltKOOmw.exe
  C:\Windows\System\ltKOOmw.exe
  2⤵
  PID:4616
- C:\Windows\System\linaVsh.exe
  C:\Windows\System\linaVsh.exe
  2⤵
  PID:4680
- C:\Windows\System\pgeSLhi.exe
  C:\Windows\System\pgeSLhi.exe
  2⤵
  PID:4728
- C:\Windows\System\LWLbZwB.exe
  C:\Windows\System\LWLbZwB.exe
  2⤵
  PID:320
- C:\Windows\System\GyKksVQ.exe
  C:\Windows\System\GyKksVQ.exe
  2⤵
  PID:4784
- C:\Windows\System\CKXnfhR.exe
  C:\Windows\System\CKXnfhR.exe
  2⤵
  PID:4780
- C:\Windows\System\GuHkYSN.exe
  C:\Windows\System\GuHkYSN.exe
  2⤵
  PID:4848
- C:\Windows\System\BiPeSTy.exe
  C:\Windows\System\BiPeSTy.exe
  2⤵
  PID:4880
- C:\Windows\System\aYNPLIA.exe
  C:\Windows\System\aYNPLIA.exe
  2⤵
  PID:4904
- C:\Windows\System\zIUeWmo.exe
  C:\Windows\System\zIUeWmo.exe
  2⤵
  PID:4948
- C:\Windows\System\TquSkwi.exe
  C:\Windows\System\TquSkwi.exe
  2⤵
  PID:5012
- C:\Windows\System\SFGTLQn.exe
  C:\Windows\System\SFGTLQn.exe
  2⤵
  PID:4984
- C:\Windows\System\CRtuzgc.exe
  C:\Windows\System\CRtuzgc.exe
  2⤵
  PID:5052
- C:\Windows\System\IoGUUAJ.exe
  C:\Windows\System\IoGUUAJ.exe
  2⤵
  PID:5092
- C:\Windows\System\sbEYvaf.exe
  C:\Windows\System\sbEYvaf.exe
  2⤵
  PID:5112
- C:\Windows\System\GWloxzv.exe
  C:\Windows\System\GWloxzv.exe
  2⤵
  PID:3200
- C:\Windows\System\qSoOoeB.exe
  C:\Windows\System\qSoOoeB.exe
  2⤵
  PID:3588
- C:\Windows\System\ublfvmo.exe
  C:\Windows\System\ublfvmo.exe
  2⤵
  PID:3704
- C:\Windows\System\cOZoqGr.exe
  C:\Windows\System\cOZoqGr.exe
  2⤵
  PID:3796
- C:\Windows\System\inIBjNr.exe
  C:\Windows\System\inIBjNr.exe
  2⤵
  PID:3880
- C:\Windows\System\iajGtBO.exe
  C:\Windows\System\iajGtBO.exe
  2⤵
  PID:1708
- C:\Windows\System\MYRlRvs.exe
  C:\Windows\System\MYRlRvs.exe
  2⤵
  PID:4100
- C:\Windows\System\PBFDHME.exe
  C:\Windows\System\PBFDHME.exe
  2⤵
  PID:3212
- C:\Windows\System\WGAJZDi.exe
  C:\Windows\System\WGAJZDi.exe
  2⤵
  PID:4228
- C:\Windows\System\OcIOJgo.exe
  C:\Windows\System\OcIOJgo.exe
  2⤵
  PID:4232
- C:\Windows\System\dDgCDIH.exe
  C:\Windows\System\dDgCDIH.exe
  2⤵
  PID:4320
- C:\Windows\System\TjzhHrZ.exe
  C:\Windows\System\TjzhHrZ.exe
  2⤵
  PID:4296
- C:\Windows\System\IOqsPmn.exe
  C:\Windows\System\IOqsPmn.exe
  2⤵
  PID:4376
- C:\Windows\System\CzNLeMM.exe
  C:\Windows\System\CzNLeMM.exe
  2⤵
  PID:4516
- C:\Windows\System\MTifoIE.exe
  C:\Windows\System\MTifoIE.exe
  2⤵
  PID:4564
- C:\Windows\System\vsiEpHs.exe
  C:\Windows\System\vsiEpHs.exe
  2⤵
  PID:4488
- C:\Windows\System\fskyIIZ.exe
  C:\Windows\System\fskyIIZ.exe
  2⤵
  PID:4644
- C:\Windows\System\WmSTlJf.exe
  C:\Windows\System\WmSTlJf.exe
  2⤵
  PID:4620
- C:\Windows\System\gfHgoki.exe
  C:\Windows\System\gfHgoki.exe
  2⤵
  PID:4708
- C:\Windows\System\wdRtFLp.exe
  C:\Windows\System\wdRtFLp.exe
  2⤵
  PID:4704
- C:\Windows\System\DIdFWAj.exe
  C:\Windows\System\DIdFWAj.exe
  2⤵
  PID:4808
- C:\Windows\System\VOBlHDY.exe
  C:\Windows\System\VOBlHDY.exe
  2⤵
  PID:4908
- C:\Windows\System\OTxaqBz.exe
  C:\Windows\System\OTxaqBz.exe
  2⤵
  PID:5004
- C:\Windows\System\EcPWzEH.exe
  C:\Windows\System\EcPWzEH.exe
  2⤵
  PID:5056
- C:\Windows\System\PNjIOzE.exe
  C:\Windows\System\PNjIOzE.exe
  2⤵
  PID:5076
- C:\Windows\System\pEiZGEz.exe
  C:\Windows\System\pEiZGEz.exe
  2⤵
  PID:5108
- C:\Windows\System\fnCgKcG.exe
  C:\Windows\System\fnCgKcG.exe
  2⤵
  PID:3440
- C:\Windows\System\lYvHMBu.exe
  C:\Windows\System\lYvHMBu.exe
  2⤵
  PID:3684
- C:\Windows\System\FfRnBVs.exe
  C:\Windows\System\FfRnBVs.exe
  2⤵
  PID:1592
- C:\Windows\System\FWxiCke.exe
  C:\Windows\System\FWxiCke.exe
  2⤵
  PID:1820
- C:\Windows\System\vdugHTF.exe
  C:\Windows\System\vdugHTF.exe
  2⤵
  PID:1368
- C:\Windows\System\DMKtyJn.exe
  C:\Windows\System\DMKtyJn.exe
  2⤵
  PID:4224
- C:\Windows\System\tUxIeZZ.exe
  C:\Windows\System\tUxIeZZ.exe
  2⤵
  PID:4372
- C:\Windows\System\vzNEXFb.exe
  C:\Windows\System\vzNEXFb.exe
  2⤵
  PID:4452
- C:\Windows\System\fYaOYUv.exe
  C:\Windows\System\fYaOYUv.exe
  2⤵
  PID:4456
- C:\Windows\System\LIeCwAS.exe
  C:\Windows\System\LIeCwAS.exe
  2⤵
  PID:4460
- C:\Windows\System\xgvRPvk.exe
  C:\Windows\System\xgvRPvk.exe
  2⤵
  PID:4600
- C:\Windows\System\vEzNZtF.exe
  C:\Windows\System\vEzNZtF.exe
  2⤵
  PID:4684
- C:\Windows\System\iqKvmsM.exe
  C:\Windows\System\iqKvmsM.exe
  2⤵
  PID:4804
- C:\Windows\System\YXADwRS.exe
  C:\Windows\System\YXADwRS.exe
  2⤵
  PID:4896
- C:\Windows\System\gCTSCbW.exe
  C:\Windows\System\gCTSCbW.exe
  2⤵
  PID:5140
- C:\Windows\System\wWbpbib.exe
  C:\Windows\System\wWbpbib.exe
  2⤵
  PID:5160
- C:\Windows\System\VydFDpz.exe
  C:\Windows\System\VydFDpz.exe
  2⤵
  PID:5180
- C:\Windows\System\XKYvJUz.exe
  C:\Windows\System\XKYvJUz.exe
  2⤵
  PID:5196
- C:\Windows\System\zCHKpZR.exe
  C:\Windows\System\zCHKpZR.exe
  2⤵
  PID:5220
- C:\Windows\System\YFHFzcG.exe
  C:\Windows\System\YFHFzcG.exe
  2⤵
  PID:5244
- C:\Windows\System\VgKyWyu.exe
  C:\Windows\System\VgKyWyu.exe
  2⤵
  PID:5264
- C:\Windows\System\tDbWYNR.exe
  C:\Windows\System\tDbWYNR.exe
  2⤵
  PID:5284
- C:\Windows\System\hBiDpRR.exe
  C:\Windows\System\hBiDpRR.exe
  2⤵
  PID:5304
- C:\Windows\System\ajvsvfA.exe
  C:\Windows\System\ajvsvfA.exe
  2⤵
  PID:5324
- C:\Windows\System\gYupHSe.exe
  C:\Windows\System\gYupHSe.exe
  2⤵
  PID:5344
- C:\Windows\System\jJckQPp.exe
  C:\Windows\System\jJckQPp.exe
  2⤵
  PID:5364
- C:\Windows\System\ouEhZTB.exe
  C:\Windows\System\ouEhZTB.exe
  2⤵
  PID:5380
- C:\Windows\System\ickSbWI.exe
  C:\Windows\System\ickSbWI.exe
  2⤵
  PID:5404
- C:\Windows\System\LnTmuYV.exe
  C:\Windows\System\LnTmuYV.exe
  2⤵
  PID:5424
- C:\Windows\System\BoNBcaq.exe
  C:\Windows\System\BoNBcaq.exe
  2⤵
  PID:5444
- C:\Windows\System\baBqOzI.exe
  C:\Windows\System\baBqOzI.exe
  2⤵
  PID:5460
- C:\Windows\System\BvwsiHM.exe
  C:\Windows\System\BvwsiHM.exe
  2⤵
  PID:5484
- C:\Windows\System\AEvuzNW.exe
  C:\Windows\System\AEvuzNW.exe
  2⤵
  PID:5504
- C:\Windows\System\VZQzygP.exe
  C:\Windows\System\VZQzygP.exe
  2⤵
  PID:5524
- C:\Windows\System\QsPxgkN.exe
  C:\Windows\System\QsPxgkN.exe
  2⤵
  PID:5544
- C:\Windows\System\RxjNhiz.exe
  C:\Windows\System\RxjNhiz.exe
  2⤵
  PID:5564
- C:\Windows\System\czfapdy.exe
  C:\Windows\System\czfapdy.exe
  2⤵
  PID:5584
- C:\Windows\System\hbypJPu.exe
  C:\Windows\System\hbypJPu.exe
  2⤵
  PID:5608
- C:\Windows\System\RrhZFLQ.exe
  C:\Windows\System\RrhZFLQ.exe
  2⤵
  PID:5628
- C:\Windows\System\MXKyCmG.exe
  C:\Windows\System\MXKyCmG.exe
  2⤵
  PID:5652
- C:\Windows\System\LzseTcF.exe
  C:\Windows\System\LzseTcF.exe
  2⤵
  PID:5672
- C:\Windows\System\MXMvqCn.exe
  C:\Windows\System\MXMvqCn.exe
  2⤵
  PID:5692
- C:\Windows\System\UvogDdb.exe
  C:\Windows\System\UvogDdb.exe
  2⤵
  PID:5712
- C:\Windows\System\aRcysyy.exe
  C:\Windows\System\aRcysyy.exe
  2⤵
  PID:5732
- C:\Windows\System\geyiqaP.exe
  C:\Windows\System\geyiqaP.exe
  2⤵
  PID:5752
- C:\Windows\System\xyuZyqk.exe
  C:\Windows\System\xyuZyqk.exe
  2⤵
  PID:5772
- C:\Windows\System\SneVbPh.exe
  C:\Windows\System\SneVbPh.exe
  2⤵
  PID:5792
- C:\Windows\System\OOIUFVU.exe
  C:\Windows\System\OOIUFVU.exe
  2⤵
  PID:5812
- C:\Windows\System\YhdBqnT.exe
  C:\Windows\System\YhdBqnT.exe
  2⤵
  PID:5828
- C:\Windows\System\XnzFQWA.exe
  C:\Windows\System\XnzFQWA.exe
  2⤵
  PID:5852
- C:\Windows\System\ZnFafjA.exe
  C:\Windows\System\ZnFafjA.exe
  2⤵
  PID:5872
- C:\Windows\System\LqNDDQZ.exe
  C:\Windows\System\LqNDDQZ.exe
  2⤵
  PID:5892
- C:\Windows\System\yEVldpQ.exe
  C:\Windows\System\yEVldpQ.exe
  2⤵
  PID:5912
- C:\Windows\System\ZYkfQTz.exe
  C:\Windows\System\ZYkfQTz.exe
  2⤵
  PID:5932
- C:\Windows\System\ShfRhEy.exe
  C:\Windows\System\ShfRhEy.exe
  2⤵
  PID:5948
- C:\Windows\System\MADfbZc.exe
  C:\Windows\System\MADfbZc.exe
  2⤵
  PID:5972
- C:\Windows\System\AeFQvDZ.exe
  C:\Windows\System\AeFQvDZ.exe
  2⤵
  PID:5992
- C:\Windows\System\jgPMloZ.exe
  C:\Windows\System\jgPMloZ.exe
  2⤵
  PID:6016
- C:\Windows\System\zszgxvJ.exe
  C:\Windows\System\zszgxvJ.exe
  2⤵
  PID:6036
- C:\Windows\System\gHfzNVF.exe
  C:\Windows\System\gHfzNVF.exe
  2⤵
  PID:6056
- C:\Windows\System\uvxEhBJ.exe
  C:\Windows\System\uvxEhBJ.exe
  2⤵
  PID:6076
- C:\Windows\System\zTUwgRb.exe
  C:\Windows\System\zTUwgRb.exe
  2⤵
  PID:6096
- C:\Windows\System\exAyzVN.exe
  C:\Windows\System\exAyzVN.exe
  2⤵
  PID:6120
- C:\Windows\System\bXvRkEy.exe
  C:\Windows\System\bXvRkEy.exe
  2⤵
  PID:6140
- C:\Windows\System\adxbNWq.exe
  C:\Windows\System\adxbNWq.exe
  2⤵
  PID:5036
- C:\Windows\System\jnKkuFe.exe
  C:\Windows\System\jnKkuFe.exe
  2⤵
  PID:2800
- C:\Windows\System\rwtnzsi.exe
  C:\Windows\System\rwtnzsi.exe
  2⤵
  PID:3812
- C:\Windows\System\EvIqhkc.exe
  C:\Windows\System\EvIqhkc.exe
  2⤵
  PID:4004
- C:\Windows\System\HayzSWV.exe
  C:\Windows\System\HayzSWV.exe
  2⤵
  PID:4104
- C:\Windows\System\KyFubqM.exe
  C:\Windows\System\KyFubqM.exe
  2⤵
  PID:2932
- C:\Windows\System\NvdIplk.exe
  C:\Windows\System\NvdIplk.exe
  2⤵
  PID:4360
- C:\Windows\System\KeTqHgF.exe
  C:\Windows\System\KeTqHgF.exe
  2⤵
  PID:236
- C:\Windows\System\kwweMkY.exe
  C:\Windows\System\kwweMkY.exe
  2⤵
  PID:4396
- C:\Windows\System\HeoUqHO.exe
  C:\Windows\System\HeoUqHO.exe
  2⤵
  PID:4724
- C:\Windows\System\yzwAvjC.exe
  C:\Windows\System\yzwAvjC.exe
  2⤵
  PID:4900
- C:\Windows\System\JNkxjZm.exe
  C:\Windows\System\JNkxjZm.exe
  2⤵
  PID:5148
- C:\Windows\System\VcspvHt.exe
  C:\Windows\System\VcspvHt.exe
  2⤵
  PID:5176
- C:\Windows\System\eGrGkVy.exe
  C:\Windows\System\eGrGkVy.exe
  2⤵
  PID:5236
- C:\Windows\System\YsIfkZH.exe
  C:\Windows\System\YsIfkZH.exe
  2⤵
  PID:5216
- C:\Windows\System\mcLvmHV.exe
  C:\Windows\System\mcLvmHV.exe
  2⤵
  PID:5260
- C:\Windows\System\XTGwpIZ.exe
  C:\Windows\System\XTGwpIZ.exe
  2⤵
  PID:5300
- C:\Windows\System\TKNzKoM.exe
  C:\Windows\System\TKNzKoM.exe
  2⤵
  PID:5340
- C:\Windows\System\BxaWzgW.exe
  C:\Windows\System\BxaWzgW.exe
  2⤵
  PID:5396
- C:\Windows\System\FJVedCS.exe
  C:\Windows\System\FJVedCS.exe
  2⤵
  PID:5132
- C:\Windows\System\UylFBRe.exe
  C:\Windows\System\UylFBRe.exe
  2⤵
  PID:5416
- C:\Windows\System\AyEkZgq.exe
  C:\Windows\System\AyEkZgq.exe
  2⤵
  PID:5456
- C:\Windows\System\RNCpIkr.exe
  C:\Windows\System\RNCpIkr.exe
  2⤵
  PID:5492
- C:\Windows\System\UDURbiR.exe
  C:\Windows\System\UDURbiR.exe
  2⤵
  PID:5540
- C:\Windows\System\jEWenjp.exe
  C:\Windows\System\jEWenjp.exe
  2⤵
  PID:5592
- C:\Windows\System\HlFxGSI.exe
  C:\Windows\System\HlFxGSI.exe
  2⤵
  PID:5604
- C:\Windows\System\jyDAQep.exe
  C:\Windows\System\jyDAQep.exe
  2⤵
  PID:5624
- C:\Windows\System\SoiCgvL.exe
  C:\Windows\System\SoiCgvL.exe
  2⤵
  PID:5668
- C:\Windows\System\WvdhJlT.exe
  C:\Windows\System\WvdhJlT.exe
  2⤵
  PID:5720
- C:\Windows\System\XoQEWRu.exe
  C:\Windows\System\XoQEWRu.exe
  2⤵
  PID:2148
- C:\Windows\System\SjAdLXU.exe
  C:\Windows\System\SjAdLXU.exe
  2⤵
  PID:5764
- C:\Windows\System\SaGZRPx.exe
  C:\Windows\System\SaGZRPx.exe
  2⤵
  PID:5804
- C:\Windows\System\tdXfpbD.exe
  C:\Windows\System\tdXfpbD.exe
  2⤵
  PID:5844
- C:\Windows\System\lsZUItl.exe
  C:\Windows\System\lsZUItl.exe
  2⤵
  PID:5888
- C:\Windows\System\vbuLrZc.exe
  C:\Windows\System\vbuLrZc.exe
  2⤵
  PID:5900
- C:\Windows\System\jONlBcc.exe
  C:\Windows\System\jONlBcc.exe
  2⤵
  PID:5904
- C:\Windows\System\gOPkeDH.exe
  C:\Windows\System\gOPkeDH.exe
  2⤵
  PID:5944
- C:\Windows\System\yklspyc.exe
  C:\Windows\System\yklspyc.exe
  2⤵
  PID:6004
- C:\Windows\System\XhmfXrQ.exe
  C:\Windows\System\XhmfXrQ.exe
  2⤵
  PID:6044
- C:\Windows\System\ETXisbB.exe
  C:\Windows\System\ETXisbB.exe
  2⤵
  PID:6072
- C:\Windows\System\unISklE.exe
  C:\Windows\System\unISklE.exe
  2⤵
  PID:6104
- C:\Windows\System\pjZTBkg.exe
  C:\Windows\System\pjZTBkg.exe
  2⤵
  PID:6132
- C:\Windows\System\nBTETBv.exe
  C:\Windows\System\nBTETBv.exe
  2⤵
  PID:4928
- C:\Windows\System\aFKdWNB.exe
  C:\Windows\System\aFKdWNB.exe
  2⤵
  PID:3468
- C:\Windows\System\RDxcchC.exe
  C:\Windows\System\RDxcchC.exe
  2⤵
  PID:4128
- C:\Windows\System\KBntHbT.exe
  C:\Windows\System\KBntHbT.exe
  2⤵
  PID:4380
- C:\Windows\System\tmSQmSV.exe
  C:\Windows\System\tmSQmSV.exe
  2⤵
  PID:2976
- C:\Windows\System\mABCoKa.exe
  C:\Windows\System\mABCoKa.exe
  2⤵
  PID:6116
- C:\Windows\System\QElnDGt.exe
  C:\Windows\System\QElnDGt.exe
  2⤵
  PID:4740
- C:\Windows\System\GfChZrQ.exe
  C:\Windows\System\GfChZrQ.exe
  2⤵
  PID:5128
- C:\Windows\System\cnTkjoG.exe
  C:\Windows\System\cnTkjoG.exe
  2⤵
  PID:5252
- C:\Windows\System\gallaAB.exe
  C:\Windows\System\gallaAB.exe
  2⤵
  PID:5204
- C:\Windows\System\ikcjiTw.exe
  C:\Windows\System\ikcjiTw.exe
  2⤵
  PID:5392
- C:\Windows\System\lBqRoFR.exe
  C:\Windows\System\lBqRoFR.exe
  2⤵
  PID:5356
- C:\Windows\System\oEDzTOm.exe
  C:\Windows\System\oEDzTOm.exe
  2⤵
  PID:5468
- C:\Windows\System\LGnjRSN.exe
  C:\Windows\System\LGnjRSN.exe
  2⤵
  PID:5520
- C:\Windows\System\mCDOTGg.exe
  C:\Windows\System\mCDOTGg.exe
  2⤵
  PID:5580
- C:\Windows\System\nNzvMOU.exe
  C:\Windows\System\nNzvMOU.exe
  2⤵
  PID:5576
- C:\Windows\System\FjUGwjf.exe
  C:\Windows\System\FjUGwjf.exe
  2⤵
  PID:5648
- C:\Windows\System\BCWKcVS.exe
  C:\Windows\System\BCWKcVS.exe
  2⤵
  PID:5704
- C:\Windows\System\AvNzrid.exe
  C:\Windows\System\AvNzrid.exe
  2⤵
  PID:5744
- C:\Windows\System\WTVgGiC.exe
  C:\Windows\System\WTVgGiC.exe
  2⤵
  PID:5800
- C:\Windows\System\kniGeSZ.exe
  C:\Windows\System\kniGeSZ.exe
  2⤵
  PID:2924
- C:\Windows\System\uFenjUV.exe
  C:\Windows\System\uFenjUV.exe
  2⤵
  PID:5836
- C:\Windows\System\tBlLarV.exe
  C:\Windows\System\tBlLarV.exe
  2⤵
  PID:5968
- C:\Windows\System\KxYywPq.exe
  C:\Windows\System\KxYywPq.exe
  2⤵
  PID:6064
- C:\Windows\System\TswYhAB.exe
  C:\Windows\System\TswYhAB.exe
  2⤵
  PID:6068
- C:\Windows\System\aphwZPM.exe
  C:\Windows\System\aphwZPM.exe
  2⤵
  PID:2928
- C:\Windows\System\EiJXlyP.exe
  C:\Windows\System\EiJXlyP.exe
  2⤵
  PID:5116
- C:\Windows\System\pVAwORP.exe
  C:\Windows\System\pVAwORP.exe
  2⤵
  PID:4252
- C:\Windows\System\hQiyiUZ.exe
  C:\Windows\System\hQiyiUZ.exe
  2⤵
  PID:4432
- C:\Windows\System\THsjjsI.exe
  C:\Windows\System\THsjjsI.exe
  2⤵
  PID:5168
- C:\Windows\System\HxSLqKP.exe
  C:\Windows\System\HxSLqKP.exe
  2⤵
  PID:5188
- C:\Windows\System\xcNBHrz.exe
  C:\Windows\System\xcNBHrz.exe
  2⤵
  PID:5208
- C:\Windows\System\gJpYzUs.exe
  C:\Windows\System\gJpYzUs.exe
  2⤵
  PID:5372
- C:\Windows\System\rgODfIG.exe
  C:\Windows\System\rgODfIG.exe
  2⤵
  PID:2016
- C:\Windows\System\pUFnFYe.exe
  C:\Windows\System\pUFnFYe.exe
  2⤵
  PID:5516
- C:\Windows\System\jZCzCrI.exe
  C:\Windows\System\jZCzCrI.exe
  2⤵
  PID:5480
- C:\Windows\System\HDyLAyL.exe
  C:\Windows\System\HDyLAyL.exe
  2⤵
  PID:2836
- C:\Windows\System\yFSJiRN.exe
  C:\Windows\System\yFSJiRN.exe
  2⤵
  PID:5640
- C:\Windows\System\ftbpMGp.exe
  C:\Windows\System\ftbpMGp.exe
  2⤵
  PID:5824
- C:\Windows\System\VetDrlD.exe
  C:\Windows\System\VetDrlD.exe
  2⤵
  PID:6012
- C:\Windows\System\xXnGNAQ.exe
  C:\Windows\System\xXnGNAQ.exe
  2⤵
  PID:6000
- C:\Windows\System\KCLtpuF.exe
  C:\Windows\System\KCLtpuF.exe
  2⤵
  PID:6092
- C:\Windows\System\BoepDae.exe
  C:\Windows\System\BoepDae.exe
  2⤵
  PID:5088
- C:\Windows\System\feLFhOF.exe
  C:\Windows\System\feLFhOF.exe
  2⤵
  PID:4560
- C:\Windows\System\RSKqdar.exe
  C:\Windows\System\RSKqdar.exe
  2⤵
  PID:3844
- C:\Windows\System\IWHTzqD.exe
  C:\Windows\System\IWHTzqD.exe
  2⤵
  PID:5232
- C:\Windows\System\OQHtgcS.exe
  C:\Windows\System\OQHtgcS.exe
  2⤵
  PID:5316
- C:\Windows\System\oEAvbTF.exe
  C:\Windows\System\oEAvbTF.exe
  2⤵
  PID:5708
- C:\Windows\System\QVNeWqG.exe
  C:\Windows\System\QVNeWqG.exe
  2⤵
  PID:5532
- C:\Windows\System\qtBRiHB.exe
  C:\Windows\System\qtBRiHB.exe
  2⤵
  PID:6160
- C:\Windows\System\avlHTWk.exe
  C:\Windows\System\avlHTWk.exe
  2⤵
  PID:6180
- C:\Windows\System\SIcABYR.exe
  C:\Windows\System\SIcABYR.exe
  2⤵
  PID:6200
- C:\Windows\System\oBYWbhX.exe
  C:\Windows\System\oBYWbhX.exe
  2⤵
  PID:6220
- C:\Windows\System\oDTKrsS.exe
  C:\Windows\System\oDTKrsS.exe
  2⤵
  PID:6240
- C:\Windows\System\OvLjdwP.exe
  C:\Windows\System\OvLjdwP.exe
  2⤵
  PID:6256
- C:\Windows\System\zuUtWbE.exe
  C:\Windows\System\zuUtWbE.exe
  2⤵
  PID:6280
- C:\Windows\System\kAtlffr.exe
  C:\Windows\System\kAtlffr.exe
  2⤵
  PID:6300
- C:\Windows\System\gAcYhEA.exe
  C:\Windows\System\gAcYhEA.exe
  2⤵
  PID:6320
- C:\Windows\System\TjNmXBx.exe
  C:\Windows\System\TjNmXBx.exe
  2⤵
  PID:6340
- C:\Windows\System\aCJFitx.exe
  C:\Windows\System\aCJFitx.exe
  2⤵
  PID:6360
- C:\Windows\System\VITdCKv.exe
  C:\Windows\System\VITdCKv.exe
  2⤵
  PID:6380
- C:\Windows\System\KunKChY.exe
  C:\Windows\System\KunKChY.exe
  2⤵
  PID:6400
- C:\Windows\System\GtNNXZH.exe
  C:\Windows\System\GtNNXZH.exe
  2⤵
  PID:6420
- C:\Windows\System\EKxuYGJ.exe
  C:\Windows\System\EKxuYGJ.exe
  2⤵
  PID:6440
- C:\Windows\System\EHxMbLw.exe
  C:\Windows\System\EHxMbLw.exe
  2⤵
  PID:6456
- C:\Windows\System\qSMmFES.exe
  C:\Windows\System\qSMmFES.exe
  2⤵
  PID:6480
- C:\Windows\System\cDExNGG.exe
  C:\Windows\System\cDExNGG.exe
  2⤵
  PID:6500
- C:\Windows\System\INIwxfs.exe
  C:\Windows\System\INIwxfs.exe
  2⤵
  PID:6524
- C:\Windows\System\oViwnkZ.exe
  C:\Windows\System\oViwnkZ.exe
  2⤵
  PID:6544
- C:\Windows\System\NUaoXNz.exe
  C:\Windows\System\NUaoXNz.exe
  2⤵
  PID:6564
- C:\Windows\System\uFzLRUP.exe
  C:\Windows\System\uFzLRUP.exe
  2⤵
  PID:6584
- C:\Windows\System\uKzSmUp.exe
  C:\Windows\System\uKzSmUp.exe
  2⤵
  PID:6604
- C:\Windows\System\YPsLafQ.exe
  C:\Windows\System\YPsLafQ.exe
  2⤵
  PID:6624
- C:\Windows\System\JQmWiuf.exe
  C:\Windows\System\JQmWiuf.exe
  2⤵
  PID:6644
- C:\Windows\System\wXsVeGB.exe
  C:\Windows\System\wXsVeGB.exe
  2⤵
  PID:6664
- C:\Windows\System\incVSPp.exe
  C:\Windows\System\incVSPp.exe
  2⤵
  PID:6684
- C:\Windows\System\iTnOPDA.exe
  C:\Windows\System\iTnOPDA.exe
  2⤵
  PID:6704
- C:\Windows\System\MPVvTJH.exe
  C:\Windows\System\MPVvTJH.exe
  2⤵
  PID:6724
- C:\Windows\System\Nvimqkc.exe
  C:\Windows\System\Nvimqkc.exe
  2⤵
  PID:6744
- C:\Windows\System\pKNDbhR.exe
  C:\Windows\System\pKNDbhR.exe
  2⤵
  PID:6764
- C:\Windows\System\cqfVrcG.exe
  C:\Windows\System\cqfVrcG.exe
  2⤵
  PID:6784
- C:\Windows\System\rZBvWpF.exe
  C:\Windows\System\rZBvWpF.exe
  2⤵
  PID:6804
- C:\Windows\System\HCPCFUh.exe
  C:\Windows\System\HCPCFUh.exe
  2⤵
  PID:6824
- C:\Windows\System\oQnOGaY.exe
  C:\Windows\System\oQnOGaY.exe
  2⤵
  PID:6840
- C:\Windows\System\OysMeWf.exe
  C:\Windows\System\OysMeWf.exe
  2⤵
  PID:6860
- C:\Windows\System\faYklWB.exe
  C:\Windows\System\faYklWB.exe
  2⤵
  PID:6880
- C:\Windows\System\ouKahcu.exe
  C:\Windows\System\ouKahcu.exe
  2⤵
  PID:6904
- C:\Windows\System\OHRbaWf.exe
  C:\Windows\System\OHRbaWf.exe
  2⤵
  PID:6924
- C:\Windows\System\VvxoGdJ.exe
  C:\Windows\System\VvxoGdJ.exe
  2⤵
  PID:6944
- C:\Windows\System\fzqLDpL.exe
  C:\Windows\System\fzqLDpL.exe
  2⤵
  PID:6964
- C:\Windows\System\vhDPMgB.exe
  C:\Windows\System\vhDPMgB.exe
  2⤵
  PID:6988
- C:\Windows\System\TOscWkB.exe
  C:\Windows\System\TOscWkB.exe
  2⤵
  PID:7008
- C:\Windows\System\JOsKATN.exe
  C:\Windows\System\JOsKATN.exe
  2⤵
  PID:7028
- C:\Windows\System\dwLxCcr.exe
  C:\Windows\System\dwLxCcr.exe
  2⤵
  PID:7052
- C:\Windows\System\PgNHqEs.exe
  C:\Windows\System\PgNHqEs.exe
  2⤵
  PID:7076
- C:\Windows\System\ZtcXsNl.exe
  C:\Windows\System\ZtcXsNl.exe
  2⤵
  PID:7096
- C:\Windows\System\sGwXGnQ.exe
  C:\Windows\System\sGwXGnQ.exe
  2⤵
  PID:7116
- C:\Windows\System\EPEOdut.exe
  C:\Windows\System\EPEOdut.exe
  2⤵
  PID:7136
- C:\Windows\System\SIhcytl.exe
  C:\Windows\System\SIhcytl.exe
  2⤵
  PID:7156
- C:\Windows\System\IlGrpVo.exe
  C:\Windows\System\IlGrpVo.exe
  2⤵
  PID:5700
- C:\Windows\System\ujIMqOC.exe
  C:\Windows\System\ujIMqOC.exe
  2⤵
  PID:5868
- C:\Windows\System\rlsgsQF.exe
  C:\Windows\System\rlsgsQF.exe
  2⤵
  PID:5884
- C:\Windows\System\AwdIpbL.exe
  C:\Windows\System\AwdIpbL.exe
  2⤵
  PID:4968
- C:\Windows\System\ksfcYni.exe
  C:\Windows\System\ksfcYni.exe
  2⤵
  PID:5228
- C:\Windows\System\eLLnKhT.exe
  C:\Windows\System\eLLnKhT.exe
  2⤵
  PID:5644
- C:\Windows\System\GALzSuv.exe
  C:\Windows\System\GALzSuv.exe
  2⤵
  PID:5436
- C:\Windows\System\sliSGEv.exe
  C:\Windows\System\sliSGEv.exe
  2⤵
  PID:5496
- C:\Windows\System\BGqIRES.exe
  C:\Windows\System\BGqIRES.exe
  2⤵
  PID:6192
- C:\Windows\System\hcWkrbH.exe
  C:\Windows\System\hcWkrbH.exe
  2⤵
  PID:6216
- C:\Windows\System\OBZpKbJ.exe
  C:\Windows\System\OBZpKbJ.exe
  2⤵
  PID:6264
- C:\Windows\System\EaEyfbe.exe
  C:\Windows\System\EaEyfbe.exe
  2⤵
  PID:6288
- C:\Windows\System\DXiwIop.exe
  C:\Windows\System\DXiwIop.exe
  2⤵
  PID:6292
- C:\Windows\System\WfyplYs.exe
  C:\Windows\System\WfyplYs.exe
  2⤵
  PID:6356
- C:\Windows\System\lrpBCCJ.exe
  C:\Windows\System\lrpBCCJ.exe
  2⤵
  PID:6376
- C:\Windows\System\cBVmFNP.exe
  C:\Windows\System\cBVmFNP.exe
  2⤵
  PID:6412
- C:\Windows\System\IqAfZJi.exe
  C:\Windows\System\IqAfZJi.exe
  2⤵
  PID:6476
- C:\Windows\System\eJRaUTg.exe
  C:\Windows\System\eJRaUTg.exe
  2⤵
  PID:6496
- C:\Windows\System\rsSXYbR.exe
  C:\Windows\System\rsSXYbR.exe
  2⤵
  PID:6532
- C:\Windows\System\jSUkWYx.exe
  C:\Windows\System\jSUkWYx.exe
  2⤵
  PID:6556
- C:\Windows\System\XvqbgDD.exe
  C:\Windows\System\XvqbgDD.exe
  2⤵
  PID:6640
- C:\Windows\System\LltMWHX.exe
  C:\Windows\System\LltMWHX.exe
  2⤵
  PID:6620
- C:\Windows\System\mDMpUwi.exe
  C:\Windows\System\mDMpUwi.exe
  2⤵
  PID:6660
- C:\Windows\System\DsCIvKf.exe
  C:\Windows\System\DsCIvKf.exe
  2⤵
  PID:6712
- C:\Windows\System\LFJJKcA.exe
  C:\Windows\System\LFJJKcA.exe
  2⤵
  PID:6756
- C:\Windows\System\WwxIbLQ.exe
  C:\Windows\System\WwxIbLQ.exe
  2⤵
  PID:6800
- C:\Windows\System\phGaIhH.exe
  C:\Windows\System\phGaIhH.exe
  2⤵
  PID:6772
- C:\Windows\System\BxyNXQw.exe
  C:\Windows\System\BxyNXQw.exe
  2⤵
  PID:6816
- C:\Windows\System\MAUyiuf.exe
  C:\Windows\System\MAUyiuf.exe
  2⤵
  PID:6872
- C:\Windows\System\LsVryGe.exe
  C:\Windows\System\LsVryGe.exe
  2⤵
  PID:6852
- C:\Windows\System\lsrhZyi.exe
  C:\Windows\System\lsrhZyi.exe
  2⤵
  PID:6916
- C:\Windows\System\YGNzeYy.exe
  C:\Windows\System\YGNzeYy.exe
  2⤵
  PID:6940
- C:\Windows\System\gyvMhaw.exe
  C:\Windows\System\gyvMhaw.exe
  2⤵
  PID:6976
- C:\Windows\System\nmSzxCH.exe
  C:\Windows\System\nmSzxCH.exe
  2⤵
  PID:7020
- C:\Windows\System\dbNniYG.exe
  C:\Windows\System\dbNniYG.exe
  2⤵
  PID:7072
- C:\Windows\System\lmdmtED.exe
  C:\Windows\System\lmdmtED.exe
  2⤵
  PID:7124
- C:\Windows\System\cAWKeHK.exe
  C:\Windows\System\cAWKeHK.exe
  2⤵
  PID:7108
- C:\Windows\System\GRTRRLz.exe
  C:\Windows\System\GRTRRLz.exe
  2⤵
  PID:7152
- C:\Windows\System\FugMIDc.exe
  C:\Windows\System\FugMIDc.exe
  2⤵
  PID:5928
- C:\Windows\System\LtUfyuy.exe
  C:\Windows\System\LtUfyuy.exe
  2⤵
  PID:2672
- C:\Windows\System\avfLWkc.exe
  C:\Windows\System\avfLWkc.exe
  2⤵
  PID:4660
- C:\Windows\System\bowUkId.exe
  C:\Windows\System\bowUkId.exe
  2⤵
  PID:6148
- C:\Windows\System\CvKLkge.exe
  C:\Windows\System\CvKLkge.exe
  2⤵
  PID:2092
- C:\Windows\System\jBhoGBU.exe
  C:\Windows\System\jBhoGBU.exe
  2⤵
  PID:6208
- C:\Windows\System\NCvLpdq.exe
  C:\Windows\System\NCvLpdq.exe
  2⤵
  PID:6276
- C:\Windows\System\JrNQZCy.exe
  C:\Windows\System\JrNQZCy.exe
  2⤵
  PID:6312
- C:\Windows\System\YOJblzq.exe
  C:\Windows\System\YOJblzq.exe
  2⤵
  PID:6328
- C:\Windows\System\wIXRbAe.exe
  C:\Windows\System\wIXRbAe.exe
  2⤵
  PID:6416
- C:\Windows\System\xqSSzdN.exe
  C:\Windows\System\xqSSzdN.exe
  2⤵
  PID:6520
- C:\Windows\System\jGbkwxk.exe
  C:\Windows\System\jGbkwxk.exe
  2⤵
  PID:6600
- C:\Windows\System\BOZNOlZ.exe
  C:\Windows\System\BOZNOlZ.exe
  2⤵
  PID:6540
- C:\Windows\System\WjXGFnF.exe
  C:\Windows\System\WjXGFnF.exe
  2⤵
  PID:6652
- C:\Windows\System\VAIsXyU.exe
  C:\Windows\System\VAIsXyU.exe
  2⤵
  PID:6752
- C:\Windows\System\ZZtRKPt.exe
  C:\Windows\System\ZZtRKPt.exe
  2⤵
  PID:6740
- C:\Windows\System\crMZeyd.exe
  C:\Windows\System\crMZeyd.exe
  2⤵
  PID:6820
- C:\Windows\System\MTHApyL.exe
  C:\Windows\System\MTHApyL.exe
  2⤵
  PID:6888
- C:\Windows\System\FowDcJR.exe
  C:\Windows\System\FowDcJR.exe
  2⤵
  PID:6892
- C:\Windows\System\gsWxoYr.exe
  C:\Windows\System\gsWxoYr.exe
  2⤵
  PID:7004
- C:\Windows\System\pMhvaCf.exe
  C:\Windows\System\pMhvaCf.exe
  2⤵
  PID:7060
- C:\Windows\System\eDJVfpI.exe
  C:\Windows\System\eDJVfpI.exe
  2⤵
  PID:7088
- C:\Windows\System\uUaYEzD.exe
  C:\Windows\System\uUaYEzD.exe
  2⤵
  PID:5984
- C:\Windows\System\VjBjpKE.exe
  C:\Windows\System\VjBjpKE.exe
  2⤵
  PID:6024
- C:\Windows\System\hUEZkPi.exe
  C:\Windows\System\hUEZkPi.exe
  2⤵
  PID:5332
- C:\Windows\System\JfXCOgI.exe
  C:\Windows\System\JfXCOgI.exe
  2⤵
  PID:6196
- C:\Windows\System\ZnrwmOb.exe
  C:\Windows\System\ZnrwmOb.exe
  2⤵
  PID:6248
- C:\Windows\System\IcHcBpA.exe
  C:\Windows\System\IcHcBpA.exe
  2⤵
  PID:6176
- C:\Windows\System\icZynlS.exe
  C:\Windows\System\icZynlS.exe
  2⤵
  PID:4188
- C:\Windows\System\IwLBQjx.exe
  C:\Windows\System\IwLBQjx.exe
  2⤵
  PID:6488
- C:\Windows\System\UOMYQvB.exe
  C:\Windows\System\UOMYQvB.exe
  2⤵
  PID:6452
- C:\Windows\System\xnWPHQe.exe
  C:\Windows\System\xnWPHQe.exe
  2⤵
  PID:6716
- C:\Windows\System\WPbuFlb.exe
  C:\Windows\System\WPbuFlb.exe
  2⤵
  PID:6676
- C:\Windows\System\odFiQiJ.exe
  C:\Windows\System\odFiQiJ.exe
  2⤵
  PID:6656
- C:\Windows\System\DwJBQEa.exe
  C:\Windows\System\DwJBQEa.exe
  2⤵
  PID:6876
- C:\Windows\System\YPElYDx.exe
  C:\Windows\System\YPElYDx.exe
  2⤵
  PID:7024
- C:\Windows\System\FLmnxNg.exe
  C:\Windows\System\FLmnxNg.exe
  2⤵
  PID:7068
- C:\Windows\System\WJFlsuZ.exe
  C:\Windows\System\WJFlsuZ.exe
  2⤵
  PID:5956
- C:\Windows\System\gdDeILz.exe
  C:\Windows\System\gdDeILz.exe
  2⤵
  PID:7164
- C:\Windows\System\qMNwfTe.exe
  C:\Windows\System\qMNwfTe.exe
  2⤵
  PID:6156
- C:\Windows\System\oOpEwgk.exe
  C:\Windows\System\oOpEwgk.exe
  2⤵
  PID:7180
- C:\Windows\System\ALCxDhW.exe
  C:\Windows\System\ALCxDhW.exe
  2⤵
  PID:7200
- C:\Windows\System\pRpoguV.exe
  C:\Windows\System\pRpoguV.exe
  2⤵
  PID:7216
- C:\Windows\System\vtiriYF.exe
  C:\Windows\System\vtiriYF.exe
  2⤵
  PID:7236
- C:\Windows\System\YMVpyaj.exe
  C:\Windows\System\YMVpyaj.exe
  2⤵
  PID:7264
- C:\Windows\System\buGQlvG.exe
  C:\Windows\System\buGQlvG.exe
  2⤵
  PID:7348
- C:\Windows\System\skfUcna.exe
  C:\Windows\System\skfUcna.exe
  2⤵
  PID:7368
- C:\Windows\System\rZcukwr.exe
  C:\Windows\System\rZcukwr.exe
  2⤵
  PID:7388
- C:\Windows\System\PssMMXD.exe
  C:\Windows\System\PssMMXD.exe
  2⤵
  PID:7404
- C:\Windows\System\cbhGDDq.exe
  C:\Windows\System\cbhGDDq.exe
  2⤵
  PID:7428
- C:\Windows\System\CZxWiBq.exe
  C:\Windows\System\CZxWiBq.exe
  2⤵
  PID:7448
- C:\Windows\System\HCrlOwv.exe
  C:\Windows\System\HCrlOwv.exe
  2⤵
  PID:7468
- C:\Windows\System\BaLGFBX.exe
  C:\Windows\System\BaLGFBX.exe
  2⤵
  PID:7484
- C:\Windows\System\kZAUBGn.exe
  C:\Windows\System\kZAUBGn.exe
  2⤵
  PID:7504
- C:\Windows\System\GGBitbS.exe
  C:\Windows\System\GGBitbS.exe
  2⤵
  PID:7528
- C:\Windows\System\jYobZSo.exe
  C:\Windows\System\jYobZSo.exe
  2⤵
  PID:7552
- C:\Windows\System\IIayvDp.exe
  C:\Windows\System\IIayvDp.exe
  2⤵
  PID:7572
- C:\Windows\System\Kpchvfc.exe
  C:\Windows\System\Kpchvfc.exe
  2⤵
  PID:7596
- C:\Windows\System\NIWPLwC.exe
  C:\Windows\System\NIWPLwC.exe
  2⤵
  PID:7616
- C:\Windows\System\drTQRms.exe
  C:\Windows\System\drTQRms.exe
  2⤵
  PID:7636
- C:\Windows\System\GynRUhl.exe
  C:\Windows\System\GynRUhl.exe
  2⤵
  PID:7656
- C:\Windows\System\TtUOyEl.exe
  C:\Windows\System\TtUOyEl.exe
  2⤵
  PID:7672
- C:\Windows\System\gxhvWDo.exe
  C:\Windows\System\gxhvWDo.exe
  2⤵
  PID:7696
- C:\Windows\System\aDBQjYv.exe
  C:\Windows\System\aDBQjYv.exe
  2⤵
  PID:7716
- C:\Windows\System\VKuxcAE.exe
  C:\Windows\System\VKuxcAE.exe
  2⤵
  PID:7732
- C:\Windows\System\EvmBGEo.exe
  C:\Windows\System\EvmBGEo.exe
  2⤵
  PID:7760
- C:\Windows\System\NHjjjAJ.exe
  C:\Windows\System\NHjjjAJ.exe
  2⤵
  PID:7776
- C:\Windows\System\INpQjYQ.exe
  C:\Windows\System\INpQjYQ.exe
  2⤵
  PID:7804
- C:\Windows\System\yDCXZxV.exe
  C:\Windows\System\yDCXZxV.exe
  2⤵
  PID:7824
- C:\Windows\System\ZRNsjpe.exe
  C:\Windows\System\ZRNsjpe.exe
  2⤵
  PID:7848
- C:\Windows\System\nWmOXeQ.exe
  C:\Windows\System\nWmOXeQ.exe
  2⤵
  PID:7864
- C:\Windows\System\kMCLKSH.exe
  C:\Windows\System\kMCLKSH.exe
  2⤵
  PID:7888
- C:\Windows\System\AHSEdVT.exe
  C:\Windows\System\AHSEdVT.exe
  2⤵
  PID:7912
- C:\Windows\System\ipykcEr.exe
  C:\Windows\System\ipykcEr.exe
  2⤵
  PID:7932
- C:\Windows\System\LWFUuLI.exe
  C:\Windows\System\LWFUuLI.exe
  2⤵
  PID:7948
- C:\Windows\System\NXOmjfz.exe
  C:\Windows\System\NXOmjfz.exe
  2⤵
  PID:7972
- C:\Windows\System\hOBfzZP.exe
  C:\Windows\System\hOBfzZP.exe
  2⤵
  PID:7996
- C:\Windows\System\AuxdDGr.exe
  C:\Windows\System\AuxdDGr.exe
  2⤵
  PID:8016
- C:\Windows\System\MUquYrK.exe
  C:\Windows\System\MUquYrK.exe
  2⤵
  PID:8036
- C:\Windows\System\inApTyS.exe
  C:\Windows\System\inApTyS.exe
  2⤵
  PID:8052
- C:\Windows\System\hMqyPGd.exe
  C:\Windows\System\hMqyPGd.exe
  2⤵
  PID:8076
- C:\Windows\System\rYVsLKi.exe
  C:\Windows\System\rYVsLKi.exe
  2⤵
  PID:8100
- C:\Windows\System\LTJnkaY.exe
  C:\Windows\System\LTJnkaY.exe
  2⤵
  PID:8116
- C:\Windows\System\rAklhZQ.exe
  C:\Windows\System\rAklhZQ.exe
  2⤵
  PID:8148
- C:\Windows\System\yrFiRpb.exe
  C:\Windows\System\yrFiRpb.exe
  2⤵
  PID:8168
- C:\Windows\System\EcBwWBP.exe
  C:\Windows\System\EcBwWBP.exe
  2⤵
  PID:8188
- C:\Windows\System\JfKSYry.exe
  C:\Windows\System\JfKSYry.exe
  2⤵
  PID:6428
- C:\Windows\System\EiFLoDQ.exe
  C:\Windows\System\EiFLoDQ.exe
  2⤵
  PID:6408
- C:\Windows\System\ZmLZxEW.exe
  C:\Windows\System\ZmLZxEW.exe
  2⤵
  PID:6536
- C:\Windows\System\CAAcbfr.exe
  C:\Windows\System\CAAcbfr.exe
  2⤵
  PID:6736
- C:\Windows\System\dCYUEyx.exe
  C:\Windows\System\dCYUEyx.exe
  2⤵
  PID:6900
- C:\Windows\System\eHXOKXI.exe
  C:\Windows\System\eHXOKXI.exe
  2⤵
  PID:7000
- C:\Windows\System\WCogdOz.exe
  C:\Windows\System\WCogdOz.exe
  2⤵
  PID:5352
- C:\Windows\System\EBmcofB.exe
  C:\Windows\System\EBmcofB.exe
  2⤵
  PID:6232
- C:\Windows\System\bGEtffq.exe
  C:\Windows\System\bGEtffq.exe
  2⤵
  PID:7208
- C:\Windows\System\BTbsbDK.exe
  C:\Windows\System\BTbsbDK.exe
  2⤵
  PID:7188
- C:\Windows\System\GTTYhAy.exe
  C:\Windows\System\GTTYhAy.exe
  2⤵
  PID:7228
- C:\Windows\System\GsiCpWf.exe
  C:\Windows\System\GsiCpWf.exe
  2⤵
  PID:7360
- C:\Windows\System\xsxYAEd.exe
  C:\Windows\System\xsxYAEd.exe
  2⤵
  PID:7340
- C:\Windows\System\zfNEpyt.exe
  C:\Windows\System\zfNEpyt.exe
  2⤵
  PID:7380
- C:\Windows\System\mnxywQI.exe
  C:\Windows\System\mnxywQI.exe
  2⤵
  PID:7480
- C:\Windows\System\DJgqqDr.exe
  C:\Windows\System\DJgqqDr.exe
  2⤵
  PID:7516
- C:\Windows\System\mRmQInl.exe
  C:\Windows\System\mRmQInl.exe
  2⤵
  PID:2676
- C:\Windows\System\DAPXobt.exe
  C:\Windows\System\DAPXobt.exe
  2⤵
  PID:7568
- C:\Windows\System\qCisoxO.exe
  C:\Windows\System\qCisoxO.exe
  2⤵
  PID:7644
- C:\Windows\System\lnzogKu.exe
  C:\Windows\System\lnzogKu.exe
  2⤵
  PID:7544
- C:\Windows\System\GZaMERI.exe
  C:\Windows\System\GZaMERI.exe
  2⤵
  PID:7648
- C:\Windows\System\MjvWWAP.exe
  C:\Windows\System\MjvWWAP.exe
  2⤵
  PID:7684
- C:\Windows\System\rPFaDvL.exe
  C:\Windows\System\rPFaDvL.exe
  2⤵
  PID:7728
- C:\Windows\System\uYQqCFt.exe
  C:\Windows\System\uYQqCFt.exe
  2⤵
  PID:7812
- C:\Windows\System\OPSKplr.exe
  C:\Windows\System\OPSKplr.exe
  2⤵
  PID:7752
- C:\Windows\System\pYeViNA.exe
  C:\Windows\System\pYeViNA.exe
  2⤵
  PID:7796
- C:\Windows\System\vhAyyxP.exe
  C:\Windows\System\vhAyyxP.exe
  2⤵
  PID:7856
- C:\Windows\System\vaDJCdl.exe
  C:\Windows\System\vaDJCdl.exe
  2⤵
  PID:7908
- C:\Windows\System\SbTWJpy.exe
  C:\Windows\System\SbTWJpy.exe
  2⤵
  PID:7836
- C:\Windows\System\YYGlGsO.exe
  C:\Windows\System\YYGlGsO.exe
  2⤵
  PID:7876
- C:\Windows\System\wrrqJvA.exe
  C:\Windows\System\wrrqJvA.exe
  2⤵
  PID:2364
- C:\Windows\System\KyrRxEh.exe
  C:\Windows\System\KyrRxEh.exe
  2⤵
  PID:8024
- C:\Windows\System\uGRKeRF.exe
  C:\Windows\System\uGRKeRF.exe
  2⤵
  PID:7968
- C:\Windows\System\ZThXTUL.exe
  C:\Windows\System\ZThXTUL.exe
  2⤵
  PID:8012
- C:\Windows\System\KkmVXXK.exe
  C:\Windows\System\KkmVXXK.exe
  2⤵
  PID:8140
- C:\Windows\System\eeqHPQC.exe
  C:\Windows\System\eeqHPQC.exe
  2⤵
  PID:8160
- C:\Windows\System\dwtImGj.exe
  C:\Windows\System\dwtImGj.exe
  2⤵
  PID:8176
- C:\Windows\System\fWVLPOX.exe
  C:\Windows\System\fWVLPOX.exe
  2⤵
  PID:6516
- C:\Windows\System\agfciLg.exe
  C:\Windows\System\agfciLg.exe
  2⤵
  PID:1156
- C:\Windows\System\MxHkpfL.exe
  C:\Windows\System\MxHkpfL.exe
  2⤵
  PID:972
- C:\Windows\System\dFSTRoG.exe
  C:\Windows\System\dFSTRoG.exe
  2⤵
  PID:6856
- C:\Windows\System\PTKLxiX.exe
  C:\Windows\System\PTKLxiX.exe
  2⤵
  PID:6796
- C:\Windows\System\FvhYRYy.exe
  C:\Windows\System\FvhYRYy.exe
  2⤵
  PID:2080
- C:\Windows\System\XobwtuX.exe
  C:\Windows\System\XobwtuX.exe
  2⤵
  PID:4788
- C:\Windows\System\dJzpSXC.exe
  C:\Windows\System\dJzpSXC.exe
  2⤵
  PID:7336
- C:\Windows\System\ocYynXK.exe
  C:\Windows\System\ocYynXK.exe
  2⤵
  PID:7232
- C:\Windows\System\chtjOjp.exe
  C:\Windows\System\chtjOjp.exe
  2⤵
  PID:1152
- C:\Windows\System\WKCLSwz.exe
  C:\Windows\System\WKCLSwz.exe
  2⤵
  PID:7420
- C:\Windows\System\WcVWBJu.exe
  C:\Windows\System\WcVWBJu.exe
  2⤵
  PID:7492
- C:\Windows\System\gUNmkms.exe
  C:\Windows\System\gUNmkms.exe
  2⤵
  PID:7520
- C:\Windows\System\devAfiq.exe
  C:\Windows\System\devAfiq.exe
  2⤵
  PID:7608
- C:\Windows\System\uJUnRyR.exe
  C:\Windows\System\uJUnRyR.exe
  2⤵
  PID:1900
- C:\Windows\System\AKwoLoa.exe
  C:\Windows\System\AKwoLoa.exe
  2⤵
  PID:7540
- C:\Windows\System\BNCTYJl.exe
  C:\Windows\System\BNCTYJl.exe
  2⤵
  PID:7536
- C:\Windows\System\XwnQUjs.exe
  C:\Windows\System\XwnQUjs.exe
  2⤵
  PID:7668
- C:\Windows\System\aCjymkk.exe
  C:\Windows\System\aCjymkk.exe
  2⤵
  PID:7772
- C:\Windows\System\qfrkMxR.exe
  C:\Windows\System\qfrkMxR.exe
  2⤵
  PID:1176
- C:\Windows\System\QrFmXyf.exe
  C:\Windows\System\QrFmXyf.exe
  2⤵
  PID:7816
- C:\Windows\System\iKSEumo.exe
  C:\Windows\System\iKSEumo.exe
  2⤵
  PID:4776
- C:\Windows\System\TdbQQnm.exe
  C:\Windows\System\TdbQQnm.exe
  2⤵
  PID:7884
- C:\Windows\System\kvmWVum.exe
  C:\Windows\System\kvmWVum.exe
  2⤵
  PID:2024
- C:\Windows\System\edcMEcw.exe
  C:\Windows\System\edcMEcw.exe
  2⤵
  PID:8092
- C:\Windows\System\lJUYjxt.exe
  C:\Windows\System\lJUYjxt.exe
  2⤵
  PID:8068
- C:\Windows\System\KeeaOEB.exe
  C:\Windows\System\KeeaOEB.exe
  2⤵
  PID:7800
- C:\Windows\System\txSssPW.exe
  C:\Windows\System\txSssPW.exe
  2⤵
  PID:8004
- C:\Windows\System\RFUrSNV.exe
  C:\Windows\System\RFUrSNV.exe
  2⤵
  PID:2396
- C:\Windows\System\xVwzckw.exe
  C:\Windows\System\xVwzckw.exe
  2⤵
  PID:6472
- C:\Windows\System\ZJLnTgP.exe
  C:\Windows\System\ZJLnTgP.exe
  2⤵
  PID:6792
- C:\Windows\System\dmKORNN.exe
  C:\Windows\System\dmKORNN.exe
  2⤵
  PID:3924
- C:\Windows\System\QKHmEke.exe
  C:\Windows\System\QKHmEke.exe
  2⤵
  PID:2680
- C:\Windows\System\kvdTnpJ.exe
  C:\Windows\System\kvdTnpJ.exe
  2⤵
  PID:7176
- C:\Windows\System\vPuGqWT.exe
  C:\Windows\System\vPuGqWT.exe
  2⤵
  PID:7224
- C:\Windows\System\CueefZG.exe
  C:\Windows\System\CueefZG.exe
  2⤵
  PID:7244
- C:\Windows\System\MxfBbAD.exe
  C:\Windows\System\MxfBbAD.exe
  2⤵
  PID:7464
- C:\Windows\System\JBdUvVo.exe
  C:\Windows\System\JBdUvVo.exe
  2⤵
  PID:2808
- C:\Windows\System\VSWXasW.exe
  C:\Windows\System\VSWXasW.exe
  2⤵
  PID:7628
- C:\Windows\System\yEeGpur.exe
  C:\Windows\System\yEeGpur.exe
  2⤵
  PID:7592
- C:\Windows\System\psAFJRd.exe
  C:\Windows\System\psAFJRd.exe
  2⤵
  PID:8028
- C:\Windows\System\ZnSUaBY.exe
  C:\Windows\System\ZnSUaBY.exe
  2⤵
  PID:1624
- C:\Windows\System\omTGmIL.exe
  C:\Windows\System\omTGmIL.exe
  2⤵
  PID:7844
- C:\Windows\System\mBUGPoc.exe
  C:\Windows\System\mBUGPoc.exe
  2⤵
  PID:8180
- C:\Windows\System\ijjONUI.exe
  C:\Windows\System\ijjONUI.exe
  2⤵
  PID:2776
- C:\Windows\System\gXsPJWS.exe
  C:\Windows\System\gXsPJWS.exe
  2⤵
  PID:7896
- C:\Windows\System\oHWnFEe.exe
  C:\Windows\System\oHWnFEe.exe
  2⤵
  PID:8112
- C:\Windows\System\nqMZRkV.exe
  C:\Windows\System\nqMZRkV.exe
  2⤵
  PID:1712
- C:\Windows\System\NpCAUvN.exe
  C:\Windows\System\NpCAUvN.exe
  2⤵
  PID:7260
- C:\Windows\System\oFMsDxT.exe
  C:\Windows\System\oFMsDxT.exe
  2⤵
  PID:2756
- C:\Windows\System\SCnaorw.exe
  C:\Windows\System\SCnaorw.exe
  2⤵
  PID:7788
- C:\Windows\System\jWgoJIA.exe
  C:\Windows\System\jWgoJIA.exe
  2⤵
  PID:3060
- C:\Windows\System\IOzckIW.exe
  C:\Windows\System\IOzckIW.exe
  2⤵
  PID:7400
- C:\Windows\System\MAuZSqh.exe
  C:\Windows\System\MAuZSqh.exe
  2⤵
  PID:7192
- C:\Windows\System\owMHNNh.exe
  C:\Windows\System\owMHNNh.exe
  2⤵
  PID:3004
- C:\Windows\System\hdYQtdN.exe
  C:\Windows\System\hdYQtdN.exe
  2⤵
  PID:852
- C:\Windows\System\kEmaPMO.exe
  C:\Windows\System\kEmaPMO.exe
  2⤵
  PID:2952
- C:\Windows\System\jutzqhp.exe
  C:\Windows\System\jutzqhp.exe
  2⤵
  PID:7712
- C:\Windows\System\EYegGwy.exe
  C:\Windows\System\EYegGwy.exe
  2⤵
  PID:2140
- C:\Windows\System\vycmohJ.exe
  C:\Windows\System\vycmohJ.exe
  2⤵
  PID:7500
- C:\Windows\System\kxdTpWb.exe
  C:\Windows\System\kxdTpWb.exe
  2⤵
  PID:1164
- C:\Windows\System\cmrahqS.exe
  C:\Windows\System\cmrahqS.exe
  2⤵
  PID:7196
- C:\Windows\System\fnLSKZA.exe
  C:\Windows\System\fnLSKZA.exe
  2⤵
  PID:7680
- C:\Windows\System\JAmKnrH.exe
  C:\Windows\System\JAmKnrH.exe
  2⤵
  PID:2100
- C:\Windows\System\BWMYipN.exe
  C:\Windows\System\BWMYipN.exe
  2⤵
  PID:7904
- C:\Windows\System\edmWbqY.exe
  C:\Windows\System\edmWbqY.exe
  2⤵
  PID:1636
- C:\Windows\System\dhTtySG.exe
  C:\Windows\System\dhTtySG.exe
  2⤵
  PID:1608
- C:\Windows\System\fQRoUKK.exe
  C:\Windows\System\fQRoUKK.exe
  2⤵
  PID:7376
- C:\Windows\System\KbZaDFE.exe
  C:\Windows\System\KbZaDFE.exe
  2⤵
  PID:7416
- C:\Windows\System\oZZVcXr.exe
  C:\Windows\System\oZZVcXr.exe
  2⤵
  PID:1652
- C:\Windows\System\nTOmkWW.exe
  C:\Windows\System\nTOmkWW.exe
  2⤵
  PID:1504
- C:\Windows\System\MwEdGhE.exe
  C:\Windows\System\MwEdGhE.exe
  2⤵
  PID:7820
- C:\Windows\System\BkyeCxi.exe
  C:\Windows\System\BkyeCxi.exe
  2⤵
  PID:2300
- C:\Windows\System\HeCYGea.exe
  C:\Windows\System\HeCYGea.exe
  2⤵
  PID:2664
- C:\Windows\System\XLHIHri.exe
  C:\Windows\System\XLHIHri.exe
  2⤵
  PID:7112
- C:\Windows\System\WxGKWwB.exe
  C:\Windows\System\WxGKWwB.exe
  2⤵
  PID:1940
- C:\Windows\System\arGBhsp.exe
  C:\Windows\System\arGBhsp.exe
  2⤵
  PID:8196
- C:\Windows\System\wSpKvaf.exe
  C:\Windows\System\wSpKvaf.exe
  2⤵
  PID:8224
- C:\Windows\System\MlRCqoQ.exe
  C:\Windows\System\MlRCqoQ.exe
  2⤵
  PID:8240
- C:\Windows\System\MgRqpVe.exe
  C:\Windows\System\MgRqpVe.exe
  2⤵
  PID:8256
- C:\Windows\System\KUXubGy.exe
  C:\Windows\System\KUXubGy.exe
  2⤵
  PID:8272
- C:\Windows\System\qqryMZP.exe
  C:\Windows\System\qqryMZP.exe
  2⤵
  PID:8304
- C:\Windows\System\bPvpUZE.exe
  C:\Windows\System\bPvpUZE.exe
  2⤵
  PID:8320
- C:\Windows\System\xNmVIBQ.exe
  C:\Windows\System\xNmVIBQ.exe
  2⤵
  PID:8340
- C:\Windows\System\lrBfvAt.exe
  C:\Windows\System\lrBfvAt.exe
  2⤵
  PID:8360
- C:\Windows\System\aKRgiZe.exe
  C:\Windows\System\aKRgiZe.exe
  2⤵
  PID:8380
- C:\Windows\System\MwDxRhz.exe
  C:\Windows\System\MwDxRhz.exe
  2⤵
  PID:8396
- C:\Windows\System\hoFPIZD.exe
  C:\Windows\System\hoFPIZD.exe
  2⤵
  PID:8412
- C:\Windows\System\Uowggbu.exe
  C:\Windows\System\Uowggbu.exe
  2⤵
  PID:8428
- C:\Windows\System\uXWqhjO.exe
  C:\Windows\System\uXWqhjO.exe
  2⤵
  PID:8448
- C:\Windows\System\oxLXQaR.exe
  C:\Windows\System\oxLXQaR.exe
  2⤵
  PID:8468
- C:\Windows\System\srbajFS.exe
  C:\Windows\System\srbajFS.exe
  2⤵
  PID:8488
- C:\Windows\System\nCuMcPD.exe
  C:\Windows\System\nCuMcPD.exe
  2⤵
  PID:8508
- C:\Windows\System\pFxTsam.exe
  C:\Windows\System\pFxTsam.exe
  2⤵
  PID:8524
- C:\Windows\System\tyZpCWU.exe
  C:\Windows\System\tyZpCWU.exe
  2⤵
  PID:8556
- C:\Windows\System\UvQGiXk.exe
  C:\Windows\System\UvQGiXk.exe
  2⤵
  PID:8576
- C:\Windows\System\FzIAwEU.exe
  C:\Windows\System\FzIAwEU.exe
  2⤵
  PID:8604
- C:\Windows\System\EQBWQcb.exe
  C:\Windows\System\EQBWQcb.exe
  2⤵
  PID:8620
- C:\Windows\System\WvquKTA.exe
  C:\Windows\System\WvquKTA.exe
  2⤵
  PID:8640
- C:\Windows\System\UBXiKfQ.exe
  C:\Windows\System\UBXiKfQ.exe
  2⤵
  PID:8656
- C:\Windows\System\LKpqOGw.exe
  C:\Windows\System\LKpqOGw.exe
  2⤵
  PID:8684
- C:\Windows\System\kTKSrxI.exe
  C:\Windows\System\kTKSrxI.exe
  2⤵
  PID:8704
- C:\Windows\System\mrpTTeS.exe
  C:\Windows\System\mrpTTeS.exe
  2⤵
  PID:8720
- C:\Windows\System\KFLJAof.exe
  C:\Windows\System\KFLJAof.exe
  2⤵
  PID:8740
- C:\Windows\System\vjPoqen.exe
  C:\Windows\System\vjPoqen.exe
  2⤵
  PID:8756
- C:\Windows\System\JGbPQSF.exe
  C:\Windows\System\JGbPQSF.exe
  2⤵
  PID:8776
- C:\Windows\System\xtaIsIi.exe
  C:\Windows\System\xtaIsIi.exe
  2⤵
  PID:8792
- C:\Windows\System\fQEEWGT.exe
  C:\Windows\System\fQEEWGT.exe
  2⤵
  PID:8812
- C:\Windows\System\TmWZeKk.exe
  C:\Windows\System\TmWZeKk.exe
  2⤵
  PID:8828
- C:\Windows\System\qSCgLpd.exe
  C:\Windows\System\qSCgLpd.exe
  2⤵
  PID:8844
- C:\Windows\System\xSYXZfD.exe
  C:\Windows\System\xSYXZfD.exe
  2⤵
  PID:8860
- C:\Windows\System\bcPsMqx.exe
  C:\Windows\System\bcPsMqx.exe
  2⤵
  PID:8884
- C:\Windows\System\ddZQIBh.exe
  C:\Windows\System\ddZQIBh.exe
  2⤵
  PID:8900
- C:\Windows\System\KeCqrck.exe
  C:\Windows\System\KeCqrck.exe
  2⤵
  PID:8916
- C:\Windows\System\VGGkAPo.exe
  C:\Windows\System\VGGkAPo.exe
  2⤵
  PID:8932
- C:\Windows\System\hnllpEh.exe
  C:\Windows\System\hnllpEh.exe
  2⤵
  PID:8948
- C:\Windows\System\RrOnusw.exe
  C:\Windows\System\RrOnusw.exe
  2⤵
  PID:8968
- C:\Windows\System\owASnuy.exe
  C:\Windows\System\owASnuy.exe
  2⤵
  PID:8984
- C:\Windows\System\rVvOwBa.exe
  C:\Windows\System\rVvOwBa.exe
  2⤵
  PID:9000
- C:\Windows\System\LtjMqTX.exe
  C:\Windows\System\LtjMqTX.exe
  2⤵
  PID:9016
- C:\Windows\System\opeCbKK.exe
  C:\Windows\System\opeCbKK.exe
  2⤵
  PID:9032
- C:\Windows\System\xJODJJD.exe
  C:\Windows\System\xJODJJD.exe
  2⤵
  PID:9048
- C:\Windows\System\aYqxxkZ.exe
  C:\Windows\System\aYqxxkZ.exe
  2⤵
  PID:9064
- C:\Windows\System\mtxqZZF.exe
  C:\Windows\System\mtxqZZF.exe
  2⤵
  PID:9160
- C:\Windows\System\JCIMDJL.exe
  C:\Windows\System\JCIMDJL.exe
  2⤵
  PID:9176
- C:\Windows\System\JUIisUY.exe
  C:\Windows\System\JUIisUY.exe
  2⤵
  PID:9196
- C:\Windows\System\uSukSvn.exe
  C:\Windows\System\uSukSvn.exe
  2⤵
  PID:7580
- C:\Windows\System\YOqHSmd.exe
  C:\Windows\System\YOqHSmd.exe
  2⤵
  PID:2132
- C:\Windows\System\SHvrTjG.exe
  C:\Windows\System\SHvrTjG.exe
  2⤵
  PID:8232
- C:\Windows\System\tdcdgDB.exe
  C:\Windows\System\tdcdgDB.exe
  2⤵
  PID:8208
- C:\Windows\System\SXAQkDJ.exe
  C:\Windows\System\SXAQkDJ.exe
  2⤵
  PID:8284
- C:\Windows\System\EHDFTlN.exe
  C:\Windows\System\EHDFTlN.exe
  2⤵
  PID:8388
- C:\Windows\System\fuXdFCu.exe
  C:\Windows\System\fuXdFCu.exe
  2⤵
  PID:8392
- C:\Windows\System\DINUZtD.exe
  C:\Windows\System\DINUZtD.exe
  2⤵
  PID:8464
- C:\Windows\System\dSMlTny.exe
  C:\Windows\System\dSMlTny.exe
  2⤵
  PID:8300
- C:\Windows\System\ukCYofa.exe
  C:\Windows\System\ukCYofa.exe
  2⤵
  PID:8368
- C:\Windows\System\wBGUtKS.exe
  C:\Windows\System\wBGUtKS.exe
  2⤵
  PID:8444
- C:\Windows\System\wbVUCuP.exe
  C:\Windows\System\wbVUCuP.exe
  2⤵
  PID:8516
- C:\Windows\System\TydOhEU.exe
  C:\Windows\System\TydOhEU.exe
  2⤵
  PID:8548
- C:\Windows\System\xaarfph.exe
  C:\Windows\System\xaarfph.exe
  2⤵
  PID:8596
- C:\Windows\System\ldHYBno.exe
  C:\Windows\System\ldHYBno.exe
  2⤵
  PID:8536
- C:\Windows\System\IXfedFn.exe
  C:\Windows\System\IXfedFn.exe
  2⤵
  PID:8712
- C:\Windows\System\XXoSmsP.exe
  C:\Windows\System\XXoSmsP.exe
  2⤵
  PID:8820
- C:\Windows\System\MbCbdAN.exe
  C:\Windows\System\MbCbdAN.exe
  2⤵
  PID:8572
- C:\Windows\System\qFgurFR.exe
  C:\Windows\System\qFgurFR.exe
  2⤵
  PID:8616
- C:\Windows\System\bKmQQlG.exe
  C:\Windows\System\bKmQQlG.exe
  2⤵
  PID:8700
- C:\Windows\System\zuKLilS.exe
  C:\Windows\System\zuKLilS.exe
  2⤵
  PID:8768
- C:\Windows\System\KeYfotQ.exe
  C:\Windows\System\KeYfotQ.exe
  2⤵
  PID:8892
- C:\Windows\System\XZTMeuI.exe
  C:\Windows\System\XZTMeuI.exe
  2⤵
  PID:8808
- C:\Windows\System\lCuDwqG.exe
  C:\Windows\System\lCuDwqG.exe
  2⤵
  PID:8956
- C:\Windows\System\onVKCsk.exe
  C:\Windows\System\onVKCsk.exe
  2⤵
  PID:9024
- C:\Windows\System\lOLmYXm.exe
  C:\Windows\System\lOLmYXm.exe
  2⤵
  PID:9040
- C:\Windows\System\VTkjfJH.exe
  C:\Windows\System\VTkjfJH.exe
  2⤵
  PID:9008
- C:\Windows\System\kDmtHxp.exe
  C:\Windows\System\kDmtHxp.exe
  2⤵
  PID:9092
- C:\Windows\System\iZZRIXf.exe
  C:\Windows\System\iZZRIXf.exe
  2⤵
  PID:9108
- C:\Windows\System\XfYIyEW.exe
  C:\Windows\System\XfYIyEW.exe
  2⤵
  PID:9132
- C:\Windows\System\jHiohvi.exe
  C:\Windows\System\jHiohvi.exe
  2⤵
  PID:9156
- C:\Windows\System\VHmuukR.exe
  C:\Windows\System\VHmuukR.exe
  2⤵
  PID:9172
- C:\Windows\System\rZCnthF.exe
  C:\Windows\System\rZCnthF.exe
  2⤵
  PID:9212
- C:\Windows\System\nZkwWES.exe
  C:\Windows\System\nZkwWES.exe
  2⤵
  PID:7256
- C:\Windows\System\ikVRKsQ.exe
  C:\Windows\System\ikVRKsQ.exe
  2⤵
  PID:7252
- C:\Windows\System\VDwFJtG.exe
  C:\Windows\System\VDwFJtG.exe
  2⤵
  PID:8292
- C:\Windows\System\lXvLXwY.exe
  C:\Windows\System\lXvLXwY.exe
  2⤵
  PID:8236
- C:\Windows\System\bDPPAjK.exe
  C:\Windows\System\bDPPAjK.exe
  2⤵
  PID:8348
- C:\Windows\System\dbufiVi.exe
  C:\Windows\System\dbufiVi.exe
  2⤵
  PID:8544
- C:\Windows\System\XTteUJH.exe
  C:\Windows\System\XTteUJH.exe
  2⤵
  PID:8484
- C:\Windows\System\lUOgTxa.exe
  C:\Windows\System\lUOgTxa.exe
  2⤵
  PID:8592
- C:\Windows\System\rEBidZd.exe
  C:\Windows\System\rEBidZd.exe
  2⤵
  PID:8612
- C:\Windows\System\pKrusfn.exe
  C:\Windows\System\pKrusfn.exe
  2⤵
  PID:8668
- C:\Windows\System\vIehSJL.exe
  C:\Windows\System\vIehSJL.exe
  2⤵
  PID:8924
- C:\Windows\System\NYnHjPL.exe
  C:\Windows\System\NYnHjPL.exe
  2⤵
  PID:8692
- C:\Windows\System\SKbGlxX.exe
  C:\Windows\System\SKbGlxX.exe
  2⤵
  PID:8564
- C:\Windows\System\JTANWBh.exe
  C:\Windows\System\JTANWBh.exe
  2⤵
  PID:8696
- C:\Windows\System\nlJfggO.exe
  C:\Windows\System\nlJfggO.exe
  2⤵
  PID:9056
- C:\Windows\System\LkwKRvs.exe
  C:\Windows\System\LkwKRvs.exe
  2⤵
  PID:8908
- C:\Windows\System\nIOypfH.exe
  C:\Windows\System\nIOypfH.exe
  2⤵
  PID:8912
- C:\Windows\System\dyUxVuX.exe
  C:\Windows\System\dyUxVuX.exe
  2⤵
  PID:9144
- C:\Windows\System\WSTgPQl.exe
  C:\Windows\System\WSTgPQl.exe
  2⤵
  PID:9084
- C:\Windows\System\TLyVuPM.exe
  C:\Windows\System\TLyVuPM.exe
  2⤵
  PID:9044
- C:\Windows\System\wgAbJRg.exe
  C:\Windows\System\wgAbJRg.exe
  2⤵
  PID:8268
- C:\Windows\System\oTQmzOb.exe
  C:\Windows\System\oTQmzOb.exe
  2⤵
  PID:9128
- C:\Windows\System\DZyGtNa.exe
  C:\Windows\System\DZyGtNa.exe
  2⤵
  PID:920
- C:\Windows\System\fxZMSzc.exe
  C:\Windows\System\fxZMSzc.exe
  2⤵
  PID:2496
- C:\Windows\System\ieCymtj.exe
  C:\Windows\System\ieCymtj.exe
  2⤵
  PID:8460
- C:\Windows\System\cLXQsfg.exe
  C:\Windows\System\cLXQsfg.exe
  2⤵
  PID:2328
- C:\Windows\System\UrmAZWu.exe
  C:\Windows\System\UrmAZWu.exe
  2⤵
  PID:8404
- C:\Windows\System\XtWtOrD.exe
  C:\Windows\System\XtWtOrD.exe
  2⤵
  PID:8440
- C:\Windows\System\DiRqqGC.exe
  C:\Windows\System\DiRqqGC.exe
  2⤵
  PID:8204
- C:\Windows\System\syiAIKg.exe
  C:\Windows\System\syiAIKg.exe
  2⤵
  PID:8408
- C:\Windows\System\PgyMUep.exe
  C:\Windows\System\PgyMUep.exe
  2⤵
  PID:8676
- C:\Windows\System\npoLFvf.exe
  C:\Windows\System\npoLFvf.exe
  2⤵
  PID:8880
- C:\Windows\System\XEIGmNy.exe
  C:\Windows\System\XEIGmNy.exe
  2⤵
  PID:8788
- C:\Windows\System\XOTANcd.exe
  C:\Windows\System\XOTANcd.exe
  2⤵
  PID:9072
- C:\Windows\System\BcAspwL.exe
  C:\Windows\System\BcAspwL.exe
  2⤵
  PID:9100
- C:\Windows\System\nWBdcYO.exe
  C:\Windows\System\nWBdcYO.exe
  2⤵
  PID:9168
- C:\Windows\System\uQIOBBG.exe
  C:\Windows\System\uQIOBBG.exe
  2⤵
  PID:9116
- C:\Windows\System\tYTYGjI.exe
  C:\Windows\System\tYTYGjI.exe
  2⤵
  PID:8356
- C:\Windows\System\ZUudLGd.exe
  C:\Windows\System\ZUudLGd.exe
  2⤵
  PID:916
- C:\Windows\System\NgkANpO.exe
  C:\Windows\System\NgkANpO.exe
  2⤵
  PID:9076
- C:\Windows\System\wBEFcjO.exe
  C:\Windows\System\wBEFcjO.exe
  2⤵
  PID:8296
- C:\Windows\System\cTiNvab.exe
  C:\Windows\System\cTiNvab.exe
  2⤵
  PID:8996
- C:\Windows\System\vLIlJbk.exe
  C:\Windows\System\vLIlJbk.exe
  2⤵
  PID:8252
- C:\Windows\System\DWUvhFl.exe
  C:\Windows\System\DWUvhFl.exe
  2⤵
  PID:1956
- C:\Windows\System\pSYfozl.exe
  C:\Windows\System\pSYfozl.exe
  2⤵
  PID:1080
- C:\Windows\System\SmCAyGH.exe
  C:\Windows\System\SmCAyGH.exe
  2⤵
  PID:9120
- C:\Windows\System\bhDwMTa.exe
  C:\Windows\System\bhDwMTa.exe
  2⤵
  PID:8872
- C:\Windows\System\ohxlOBX.exe
  C:\Windows\System\ohxlOBX.exe
  2⤵
  PID:8212
- C:\Windows\System\wzLqTby.exe
  C:\Windows\System\wzLqTby.exe
  2⤵
  PID:2560
- C:\Windows\System\VqSRREn.exe
  C:\Windows\System\VqSRREn.exe
  2⤵
  PID:8852
- C:\Windows\System\dSMmIFt.exe
  C:\Windows\System\dSMmIFt.exe
  2⤵
  PID:8732
- C:\Windows\System\QZfufwr.exe
  C:\Windows\System\QZfufwr.exe
  2⤵
  PID:9224
- C:\Windows\System\MqsBzzl.exe
  C:\Windows\System\MqsBzzl.exe
  2⤵
  PID:9240
- C:\Windows\System\ebkRZGL.exe
  C:\Windows\System\ebkRZGL.exe
  2⤵
  PID:9256
- C:\Windows\System\REnjfXV.exe
  C:\Windows\System\REnjfXV.exe
  2⤵
  PID:9272
- C:\Windows\System\xRzWWNt.exe
  C:\Windows\System\xRzWWNt.exe
  2⤵
  PID:9288
- C:\Windows\System\ddHnSsT.exe
  C:\Windows\System\ddHnSsT.exe
  2⤵
  PID:9304
- C:\Windows\System\TjeAKGW.exe
  C:\Windows\System\TjeAKGW.exe
  2⤵
  PID:9320
- C:\Windows\System\wuJMAhI.exe
  C:\Windows\System\wuJMAhI.exe
  2⤵
  PID:9336
- C:\Windows\System\nTsZurp.exe
  C:\Windows\System\nTsZurp.exe
  2⤵
  PID:9352
- C:\Windows\System\xHXHMAg.exe
  C:\Windows\System\xHXHMAg.exe
  2⤵
  PID:9372
- C:\Windows\System\MLMMbpd.exe
  C:\Windows\System\MLMMbpd.exe
  2⤵
  PID:9388
- C:\Windows\System\ARlDqhM.exe
  C:\Windows\System\ARlDqhM.exe
  2⤵
  PID:9404
- C:\Windows\System\SDJyktL.exe
  C:\Windows\System\SDJyktL.exe
  2⤵
  PID:9420
- C:\Windows\System\WIHITVO.exe
  C:\Windows\System\WIHITVO.exe
  2⤵
  PID:9436
- C:\Windows\System\XjzDFHG.exe
  C:\Windows\System\XjzDFHG.exe
  2⤵
  PID:9456
- C:\Windows\System\UeCgNDK.exe
  C:\Windows\System\UeCgNDK.exe
  2⤵
  PID:9472
- C:\Windows\System\HhFbyIS.exe
  C:\Windows\System\HhFbyIS.exe
  2⤵
  PID:9488
- C:\Windows\System\kUhQyUp.exe
  C:\Windows\System\kUhQyUp.exe
  2⤵
  PID:9504
- C:\Windows\System\YCmIgRU.exe
  C:\Windows\System\YCmIgRU.exe
  2⤵
  PID:9520
- C:\Windows\System\xUYgPLd.exe
  C:\Windows\System\xUYgPLd.exe
  2⤵
  PID:9536
- C:\Windows\System\tPStnab.exe
  C:\Windows\System\tPStnab.exe
  2⤵
  PID:9552
- C:\Windows\System\XTAGgBf.exe
  C:\Windows\System\XTAGgBf.exe
  2⤵
  PID:9568
- C:\Windows\System\GrHRxfu.exe
  C:\Windows\System\GrHRxfu.exe
  2⤵
  PID:9584
- C:\Windows\System\GijUrRd.exe
  C:\Windows\System\GijUrRd.exe
  2⤵
  PID:9600
- C:\Windows\System\Bxkpcxb.exe
  C:\Windows\System\Bxkpcxb.exe
  2⤵
  PID:9616
- C:\Windows\System\zYZNAtT.exe
  C:\Windows\System\zYZNAtT.exe
  2⤵
  PID:9632
- C:\Windows\System\NIEwLWu.exe
  C:\Windows\System\NIEwLWu.exe
  2⤵
  PID:9648
- C:\Windows\System\AqslBKe.exe
  C:\Windows\System\AqslBKe.exe
  2⤵
  PID:9664
- C:\Windows\System\jJrWxlX.exe
  C:\Windows\System\jJrWxlX.exe
  2⤵
  PID:9680
- C:\Windows\System\zQieMLw.exe
  C:\Windows\System\zQieMLw.exe
  2⤵
  PID:9696
- C:\Windows\System\UMURXHU.exe
  C:\Windows\System\UMURXHU.exe
  2⤵
  PID:9716
- C:\Windows\System\PKKyvJH.exe
  C:\Windows\System\PKKyvJH.exe
  2⤵
  PID:9732
- C:\Windows\System\txDXluW.exe
  C:\Windows\System\txDXluW.exe
  2⤵
  PID:9748
- C:\Windows\System\ugaecTb.exe
  C:\Windows\System\ugaecTb.exe
  2⤵
  PID:9764
- C:\Windows\System\VeQVoMf.exe
  C:\Windows\System\VeQVoMf.exe
  2⤵
  PID:9780
- C:\Windows\System\GjWAmoc.exe
  C:\Windows\System\GjWAmoc.exe
  2⤵
  PID:9796
- C:\Windows\System\dtqzUeW.exe
  C:\Windows\System\dtqzUeW.exe
  2⤵
  PID:9812
- C:\Windows\System\fMaeLCO.exe
  C:\Windows\System\fMaeLCO.exe
  2⤵
  PID:9828
- C:\Windows\System\nuwYiMh.exe
  C:\Windows\System\nuwYiMh.exe
  2⤵
  PID:9844
- C:\Windows\System\lcMFcIx.exe
  C:\Windows\System\lcMFcIx.exe
  2⤵
  PID:9860
- C:\Windows\System\sTfOMtU.exe
  C:\Windows\System\sTfOMtU.exe
  2⤵
  PID:9876
- C:\Windows\System\xLbnKNw.exe
  C:\Windows\System\xLbnKNw.exe
  2⤵
  PID:9892
- C:\Windows\System\wKKpFwF.exe
  C:\Windows\System\wKKpFwF.exe
  2⤵
  PID:9908
- C:\Windows\System\YdNPvzh.exe
  C:\Windows\System\YdNPvzh.exe
  2⤵
  PID:9924
- C:\Windows\System\BjxBfEz.exe
  C:\Windows\System\BjxBfEz.exe
  2⤵
  PID:9940
- C:\Windows\System\RUewUHa.exe
  C:\Windows\System\RUewUHa.exe
  2⤵
  PID:9956
- C:\Windows\System\TtLkpcX.exe
  C:\Windows\System\TtLkpcX.exe
  2⤵
  PID:9972
- C:\Windows\System\HGzjVet.exe
  C:\Windows\System\HGzjVet.exe
  2⤵
  PID:9988
- C:\Windows\System\TvzzCzK.exe
  C:\Windows\System\TvzzCzK.exe
  2⤵
  PID:10004
- C:\Windows\System\JRwnPzf.exe
  C:\Windows\System\JRwnPzf.exe
  2⤵
  PID:10020
- C:\Windows\System\NNarmWi.exe
  C:\Windows\System\NNarmWi.exe
  2⤵
  PID:10036
- C:\Windows\System\XOHciGi.exe
  C:\Windows\System\XOHciGi.exe
  2⤵
  PID:10056
- C:\Windows\System\yhsTfQw.exe
  C:\Windows\System\yhsTfQw.exe
  2⤵
  PID:10076
- C:\Windows\System\azrrJjw.exe
  C:\Windows\System\azrrJjw.exe
  2⤵
  PID:10092
- C:\Windows\System\viDXSBc.exe
  C:\Windows\System\viDXSBc.exe
  2⤵
  PID:10108
- C:\Windows\System\zyAuQyX.exe
  C:\Windows\System\zyAuQyX.exe
  2⤵
  PID:10128
- C:\Windows\System\jzLSbsQ.exe
  C:\Windows\System\jzLSbsQ.exe
  2⤵
  PID:10144
- C:\Windows\System\iMRLMZu.exe
  C:\Windows\System\iMRLMZu.exe
  2⤵
  PID:10160
- C:\Windows\System\hOsnFba.exe
  C:\Windows\System\hOsnFba.exe
  2⤵
  PID:10176
- C:\Windows\System\yYKsNJf.exe
  C:\Windows\System\yYKsNJf.exe
  2⤵
  PID:10192
- C:\Windows\System\XCFRaHw.exe
  C:\Windows\System\XCFRaHw.exe
  2⤵
  PID:10208
- C:\Windows\System\AoauyFP.exe
  C:\Windows\System\AoauyFP.exe
  2⤵
  PID:10224
- C:\Windows\System\xdYmsqs.exe
  C:\Windows\System\xdYmsqs.exe
  2⤵
  PID:9208
- C:\Windows\System\aNlUrPu.exe
  C:\Windows\System\aNlUrPu.exe
  2⤵
  PID:8764
- C:\Windows\System\IRYrhDa.exe
  C:\Windows\System\IRYrhDa.exe
  2⤵
  PID:9284
- C:\Windows\System\QybIKiS.exe
  C:\Windows\System\QybIKiS.exe
  2⤵
  PID:8980
- C:\Windows\System\ngYbPXn.exe
  C:\Windows\System\ngYbPXn.exe
  2⤵
  PID:9232
- C:\Windows\System\QqoyxLS.exe
  C:\Windows\System\QqoyxLS.exe
  2⤵
  PID:9384
- C:\Windows\System\Phmrtag.exe
  C:\Windows\System\Phmrtag.exe
  2⤵
  PID:9332
- C:\Windows\System\tKziKJA.exe
  C:\Windows\System\tKziKJA.exe
  2⤵
  PID:9364
- C:\Windows\System\ExDHguc.exe
  C:\Windows\System\ExDHguc.exe
  2⤵
  PID:9432
- C:\Windows\System\exmHhVr.exe
  C:\Windows\System\exmHhVr.exe
  2⤵
  PID:9368
- C:\Windows\System\bFHMdrl.exe
  C:\Windows\System\bFHMdrl.exe
  2⤵
  PID:9464
- C:\Windows\System\sdttSZG.exe
  C:\Windows\System\sdttSZG.exe
  2⤵
  PID:9516
- C:\Windows\System\QiOZHrt.exe
  C:\Windows\System\QiOZHrt.exe
  2⤵
  PID:9576
- C:\Windows\System\WtwhbJV.exe
  C:\Windows\System\WtwhbJV.exe
  2⤵
  PID:9564
- C:\Windows\System\rVLJuOi.exe
  C:\Windows\System\rVLJuOi.exe
  2⤵
  PID:9640
- C:\Windows\System\xgkOZkV.exe
  C:\Windows\System\xgkOZkV.exe
  2⤵
  PID:9676
- C:\Windows\System\rnKTawP.exe
  C:\Windows\System\rnKTawP.exe
  2⤵
  PID:9772
- C:\Windows\System\psmrNGn.exe
  C:\Windows\System\psmrNGn.exe
  2⤵
  PID:9808
- C:\Windows\System\dMTJugz.exe
  C:\Windows\System\dMTJugz.exe
  2⤵
  PID:9656
- C:\Windows\System\WkZqkCY.exe
  C:\Windows\System\WkZqkCY.exe
  2⤵
  PID:9660
- C:\Windows\System\ANwRnyr.exe
  C:\Windows\System\ANwRnyr.exe
  2⤵
  PID:9820
- C:\Windows\System\DSIkslJ.exe
  C:\Windows\System\DSIkslJ.exe
  2⤵
  PID:9756
- C:\Windows\System\XKZOXMI.exe
  C:\Windows\System\XKZOXMI.exe
  2⤵
  PID:9824
- C:\Windows\System\KYzQwoj.exe
  C:\Windows\System\KYzQwoj.exe
  2⤵
  PID:9932
- C:\Windows\System\LZEjCKY.exe
  C:\Windows\System\LZEjCKY.exe
  2⤵
  PID:9916
- C:\Windows\System\bCfLsiv.exe
  C:\Windows\System\bCfLsiv.exe
  2⤵
  PID:9996
- C:\Windows\System\dKhteDl.exe
  C:\Windows\System\dKhteDl.exe
  2⤵
  PID:9984
- C:\Windows\System\ucJrqjE.exe
  C:\Windows\System\ucJrqjE.exe
  2⤵
  PID:10064
- C:\Windows\System\nwjYOjY.exe
  C:\Windows\System\nwjYOjY.exe
  2⤵
  PID:10012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIiiWLa.exe

Filesize
6.0MB

MD5
1e6e67b71dbdde843aa0fa31e8cb3078

SHA1
731cba9a96f5b6671f7f47d0fef3068dfbb25a31

SHA256
4a86f949193112f4099699cd0b0c6c80d2a6bdf81d4864f40fca556dfb3b4498

SHA512
93dc57041ca17eac8f65431391731d550c682313e246945956469fa98febbc6e8884dc3bddfbd75158cde5da37013316d11ef82d71f0475cb819b041ed3d99c1

Download Submit
C:\Windows\system\DGCPAzW.exe

Filesize
6.0MB

MD5
49d5b2dec73883ec3b4ae2bb0677b27e

SHA1
fbaff85470c152735d746198c1025242e34d3c94

SHA256
57a85ccd16ddb14357fae79e3c4c1247bb1e179becb80f19acbcce4dfd2f4547

SHA512
1f0f41f3bb0836704147f96f2ac8b6a66539130f20a23f424bf3baacee074867623a2ba45c8955c5df4cf137d1a662d1683bc421e7e44dfd626195dd4a1b4454

Download Submit
C:\Windows\system\DpgvtTf.exe

Filesize
6.0MB

MD5
98b80a6a7da1f63815b70b542b281ddf

SHA1
d992aef86934e1746bae41ad989090373c4a0b97

SHA256
5ddbdddc298d29ddddef0b979ae96daf758f35b58eb2ac2d55b252b8f5a57bca

SHA512
072167eeaab62366ec46cb86db1f5233b5c219dd84136dcb9ab240d510c9138174b2e174bc9c8081fdb81974a848d300906ee0f4c4e8a23af6df0c0c45127802

Download Submit
C:\Windows\system\ItoUHpE.exe

Filesize
6.0MB

MD5
6ecd9e22ede660dae4217e7992cc985f

SHA1
a427d8035d79849c65fab420706218c676093965

SHA256
46eec2fe87593430f5da9bb58d983fd3c865bc70c4c5c9e32315546ba7431ede

SHA512
4d80963c0c199920bced96fdb469693474d814e9cb74473b29133c0bfd8d5ce62f3acc71364bf8d948b07022d71e33c95e8d351b34eda3e2b03b1338e73f70c0

Download Submit
C:\Windows\system\IvfLhwx.exe

Filesize
6.0MB

MD5
64ff38c654338d1284880fff9ec9a5b7

SHA1
54e3ecb62703bbb5d2d183d975415c6a3cd2c078

SHA256
ecbf3101302beab227f721bb7e1faa1869cdcf685ccaa6648c1ea1b38439de27

SHA512
535916e9266ebee3c389231faf6c22a0ff3d8429ffdaa0d0e734224af7a393d9d895811b820888802f4d92619ef4849635d3b414ab89dbf709b2cc27a381bad0

Download Submit
C:\Windows\system\JHmtHHl.exe

Filesize
6.0MB

MD5
07f1e4b7096d0a24677048d1ae7f33ff

SHA1
c88a17cccb1ea8897291b6aeab0891c2bff1ec0b

SHA256
a5bf210d0e2f0e46a67c327b884aa34e8a4a47fd4746eb3c702eaf4b8d9bae98

SHA512
79a9026e1e650e79f0f5ce39a4ad8e45748b78713c17ea33eb36d1648bc3d44fa8d0a2b76d5d7dab9df10dbdab8e9aba741d33c0ad151e859c4af1d3c5ac6d8b

Download Submit
C:\Windows\system\KttCIoC.exe

Filesize
6.0MB

MD5
e8677d53609901a3a5997d1f473f568f

SHA1
b95c9dbef98f59541350dcdc3b1494fa97e61866

SHA256
77f5d205002966fb8100c5211316b2d36e096bc5525659d52872e9310e05a5df

SHA512
bd2923415867b6395d4d2776974a849080a77af8af242e8d0918480fd006ad3018011558070aa3e3ce313e48a63b22b69b3098422b0ecff67a13e74af50e3bc3

Download Submit
C:\Windows\system\LZNcyvS.exe

Filesize
6.0MB

MD5
9629fcc4cde2ed6f0efd35d2e944a182

SHA1
af5a6852d7e86e3af5c83e4097278b242888b7ba

SHA256
b431d8b07635600292817dd13c6b85ff74d256fea7a6da0d461646e13e6e6386

SHA512
1a6c9881e1aa0d187aa9fecc0b68b81e5a11e4b616051334f33b59961e933c13334ee1fef05b28f7eef711bdb896fdcf5956e331aebbd88a4413fc2772b8abde

Download Submit
C:\Windows\system\Lhtlqor.exe

Filesize
6.0MB

MD5
6f40aa29511d1da0ab613b0e40aa856b

SHA1
84f7770678c713a691feac2a6bb4ecf190671bbc

SHA256
66a5a2079508bc6c0a5e81f167993a37de56356b458b5912ebc83577dfcb74e0

SHA512
fb990168df4de00d4ae0ca505f41b7ce52a09ed6d353f4efc7ebc173840510f49e18e7c30a527b5873cd23f4184d8fb2f937f4592841d75adfea6be1e2894509

Download Submit
C:\Windows\system\MqOhPrb.exe

Filesize
6.0MB

MD5
b32f67052b2bffbde18194982f6ec4d9

SHA1
b01efe0aa778fe73e18d188b4b4e7194aa34cc58

SHA256
7aade32222a2cd09ed22748ddef87bd0325f072e60f293006f75bc8e6728ca10

SHA512
b2f53097d0d7b445dd47e8e9fc71be0da6e57035af2910abb7d673f06c88465fb9ca2da311969a4dc6eae340516decaca3f7224830c02deeadfdf7865fc6b058

Download Submit
C:\Windows\system\PMzeuQI.exe

Filesize
6.0MB

MD5
f37c375abf96852162c3850b64c8d292

SHA1
b4b73e2376a38db165807cc5eac17f412349ada2

SHA256
a811a190ecb2ce36dd09548dc90e03c161fb6cc51162f7ce1bdba5e8bd8851c5

SHA512
e1b41857242f61769d5ee748f41972f43527d91e3c407f7030cca1232cf709adb4e2897f572b5b8ee2e50f93599425b6b6fbc65bc2fa3f8d2eff3066005f856a

Download Submit
C:\Windows\system\PXbLHkY.exe

Filesize
6.0MB

MD5
3368a3ac93e6a1bdc6adc3df537b9862

SHA1
ce5987cbd4f62527350146338e24a1cab4d1259c

SHA256
f0ad6c0d612623d510930eb7d03de2d434d61b7376278a23de56edf7cc6e6143

SHA512
9c3eab92a7d1832a485c36e94f70af25c8ecafc250722171b6b8901acb9a953483b85f71f8a4ab410e900e1da3af8003e16054066a141fc5b35e9cae36af4db7

Download Submit
C:\Windows\system\PxbkQUo.exe

Filesize
6.0MB

MD5
0c77d1a674e5a4479d69d102ad589b8c

SHA1
0afdc6f0cacb80e32b0d24a08daf678407e94f5f

SHA256
9a9f28aba2840fb94ba3e7e7a060fa89b59ee97e5fe111c9fe14440ca8457d85

SHA512
c4efd1b8d083a07acf9e46b5f76b56538b2665b5445e6fc84f2bad5d84e41772c6799511c586ba25a1f813f212415ce42315532e94a6fcdd073841c084cf6992

Download Submit
C:\Windows\system\SgCitnP.exe

Filesize
6.0MB

MD5
77b6e1318e31e161d180a0318bed7035

SHA1
4dddfd25ff7130d3e95f81ac6c7c3d0683888c6b

SHA256
294a268561aa3bfda27765b71f00bb87f571d30cdcf50510b35eec7c41308915

SHA512
c64e1b22dc193eb0b3d6cd087626e97e988565c86a21f23df98cc7d8b2f6fa0ad31f555dccf1b334a802b267e0b7e23178723523d39399c879120301534ba2ef

Download Submit
C:\Windows\system\WdFuQBu.exe

Filesize
6.0MB

MD5
2036aa680c503752f46fefc49ae2667a

SHA1
1160881ccd0f74cf2de2d8fc0d05c4bc38f58c17

SHA256
acb8f95a68d6a37d0f48e79dcc23ea6b412a35d79db3b2c1dbf51441383177f0

SHA512
2d31e2c069dd481c81f097afd24cc0eebe7cb68dd565aa16b27a765d2ce5a759bd40d3e9c9e26703245cdfe039f831d8f01ef5af7e2ef9e07ad14d5058440b5e

Download Submit
C:\Windows\system\ZHJZkdd.exe

Filesize
6.0MB

MD5
902fee46967c81405d6d5b889872a1e6

SHA1
eed981f863f0448a76c262540f5818c14fb17a7d

SHA256
08769902cafad327d8d29cbd4b34b787b0930d5074ef3b573ef4f62087609556

SHA512
98bd46b3dccc24c70a2bfb4752d87dc8490f9925f957b16bcce3faa53821212a87a8bae2cff9e94a99fb1dc457833311608d3b5fc28d43ffd754195460aaea26

Download Submit
C:\Windows\system\ZxgYEUu.exe

Filesize
6.0MB

MD5
e79eae33f154bcb7b3ab06b0d101a4b9

SHA1
bc9d0221ba1dd98b02c7d54271b46f72a175e561

SHA256
6275fbcfc7ad921e18c54ee963061d0a95eadea6397ad2bd582e62a65e1aa62f

SHA512
4e8019a5166cc3addf9dadffa6475d44f610f5d49721f3da30413fbb85ad90c8cb779bcf288427a1deeea0763c38e2f4a01f42957c2dccfcdf6ee8b05f733a3e

Download Submit
C:\Windows\system\aDgDazR.exe

Filesize
6.0MB

MD5
b98084f0900326221c1d713b098b9999

SHA1
f347f3ad91e4a5b323f9b11e260325a9222a4e99

SHA256
238e6aff98902fceceb3e545c5fb473146a69a10aa54e5c8d4455b4a65e228dc

SHA512
d98a0c3581bda13ace7b38ddaebad24a9cc4753162f570a58f2f68636962de160c3b42bedfab561014e343edb72d799ff9fbb0cd3ab24e2f501a29942c07cc2a

Download Submit
C:\Windows\system\aKCDCMJ.exe

Filesize
6.0MB

MD5
94f7af554a63715d2729a5abf4acf22c

SHA1
7f10dd7aa0588ed8f1da9eb4fe087f741af2b1ee

SHA256
1379ae5743fa9424342e297682fc0106eba34010b79d4c50215ad21ef70b7bc4

SHA512
f8f32d9b6d407deab8c44d81d6c964a5f32a4b518c2ad0324a34e1cb7400974843f9b7ebe6fa0e2edb675fbb6d7b42b2b051ae02eee72143f45cd28d9da265e9

Download Submit
C:\Windows\system\lPVlOIi.exe

Filesize
6.0MB

MD5
3dcff5a6d0450eb8723751e0fbf9cb6c

SHA1
6069351e963d08f4740c49896a542253206eb3ec

SHA256
624afd18b68ace1551c285a96f4e76477ae4177a03d14c170d362d86586bd48e

SHA512
cfbea23955284d452479bd8b75dbb469e260d806ad438fd61733f0758d37d8eddcf3df316d9fa539dbabc245c46c4ebbfd09a948d46aaed185e316534c9f0265

Download Submit
C:\Windows\system\otrSAhR.exe

Filesize
6.0MB

MD5
46843530f938c4af19c46c91c539c13f

SHA1
8fc7d4a214f958e0c3f2513e2489606d815a22ef

SHA256
70800465c2eae9cf99e559e37e5f865f2a0071d84cd169123c4f8271b68c20ce

SHA512
4e4362302ee84acd424ed4bd4dbd44e1d09ac903306697b4f13c79bfe727dca44b9b4a5e33765c9b8acce8693f4748d7042f3010a8da67a7e5dac465af0273f4

Download Submit
C:\Windows\system\rwYnpdD.exe

Filesize
6.0MB

MD5
6f24f8612996de228ee0012cd986afe9

SHA1
c67bde4d25517c35a8069ea3590a4cdf7bad0425

SHA256
d9eb87c97c6dbfbd71a3a6136ac72e008f56f6dbdaff15bba8367e2194af0ac8

SHA512
51684eefac65d5353e18906f69d30a97757a2e988daffcde0006fe03831a5e49fca626cc52347f2b21ac110119e415f3c2164fb13c867129edbf9a5e5e107d9b

Download Submit
C:\Windows\system\sEBBUtF.exe

Filesize
6.0MB

MD5
de0a7a7945ec8786589a2f7196409499

SHA1
a2944f18c38176feac4c21876e2f6337f9d7bb09

SHA256
302e856283352cc7a3f34689cf8f137c0b54d140d265e1589786033153bf3af3

SHA512
22082b29d3534980a06fd74b65dfaf5eecbfdc379d99216efe14c0dd2c50d5114ee4b35ceff26f05c91c53694301d09cf49a25bf754260176aba66cc8cbaae65

Download Submit
C:\Windows\system\vuLHNno.exe

Filesize
6.0MB

MD5
a03c057dee2fc968a71216bd28e18b1b

SHA1
a4bc37aa67171a0c02d0c2544544f0cea1bab779

SHA256
03091937f0c3efbb6e9ba9b03946c396720b38c9c384853561ae6a9169c9368a

SHA512
96c00a00c3372bd687cf6e7a56a07e608798aaccbff2a43feccd6cb21d2d141d0d8ce1ea052675e04b9717ab2f6fe25cf4dd0e9251c103fd36ecc84218590f91

Download Submit
C:\Windows\system\xzwOJTZ.exe

Filesize
6.0MB

MD5
294d91e29f00c41cae3e3982e498557f

SHA1
e4beda043998604d6c5cc0077000908a3672e68f

SHA256
07f8a2678c87c488b6326aaa111120308941cd618e8d60fd3911a4d3ee8a673c

SHA512
de9ec7f61f6c24c17b26cd273fc0f59c9659529828c4f8ab9fbddd20efcb28e9c3bc8f2c8da899995a37bba819740f66b09339159888eb1f364043e732b955b7

Download Submit
C:\Windows\system\zJkWHWB.exe

Filesize
6.0MB

MD5
22370abf6216edaa07b0b5845830a218

SHA1
aa183bd4d23cf5a2e20a9f6dc1b629562f9d3d93

SHA256
1e90571e2b576f4c8e70c077ccdec7f348ad09c8a6b1d3acfa200a7ac333e2aa

SHA512
1d4d39c8b925f0db748f98e68eed355142896ae6e066d261848e02c2867201a175971c6c44292ed585389675f5b292838b825c964499fae51fae21d62699a72f

Download Submit
\Windows\system\FmaeLkP.exe

Filesize
6.0MB

MD5
d9796597a5d6a0e2a9383d96e25b9c10

SHA1
fdf0da567c0c7314554d902189e9b12ec3ba5df6

SHA256
852caa205a6b0afd413880e214e021e727bb996ad4608f80010feb949faebf00

SHA512
bac3b5fea3515dbd8625230299f5da31975791b539427fc0f7bc8d7afec01659402a2f821bf0fbe659bef7825ff873fa99f93011ceddaa6d03c4f96c9ce15299

Download Submit
\Windows\system\JcmFGFr.exe

Filesize
6.0MB

MD5
b3f99384d67f4bbf4980c0efefcd4558

SHA1
994114e20a40d0414c9bc18bee19ba2a42e72ba6

SHA256
8c9fb76f0cd7b9a5bf0e26437495cb239f26f696258986e4c8df5898a13e05a5

SHA512
5bb48671c063041e0051151cbef2bab4453ba39248da11bae3688afb1e728b6268a59b43414251007f99d7027c960d01d0608b1a193c304fdb514a9f9d9748da

Download Submit
\Windows\system\NuamusT.exe

Filesize
6.0MB

MD5
0a6697bbc6f8b6ee8c85a0cfa6cd9779

SHA1
ff49fca1b93e7cbaf9c630a3e38586b3633c408f

SHA256
7acd68116e63eb0ff67a0d0abd4a96b9b7a6de824ac973ebf3a43c6f4f4ad328

SHA512
134614584a70319502a724472e987e73d75fe84ed20898c9fa378debd34a7932a0c2da103a9193078796e2cd10c448397ddc0000d9d7ce308cbdb2c4e9e28a78

Download Submit
\Windows\system\egDjGxO.exe

Filesize
6.0MB

MD5
c5be0a1fa59c20439bf575bce08d04cd

SHA1
f98ea1f1a21f25cefa6f5d988c4496577dd313b1

SHA256
11343d652dd6ef9b76745af3d790d10b739e10604859dc12d4a980b483209506

SHA512
4b12185e41d123a14511205aa8c84d440e6a28b60a81d8fb2aad85b9e7db7bd1b5a9e56b11569008f98e6e7d68ddf5439fd9fe701e58838fed2967a9a2b9f5f7

Download Submit
\Windows\system\hXTxeIG.exe

Filesize
6.0MB

MD5
471ace0555b160e1fc56f9533b925dae

SHA1
5c648679a3c97d5a9f77475cd1872a630e230c2b

SHA256
dc89d23ddfb35fd966624cb68de966980ce0750fb7f20ce2b1b08996fd1c1e37

SHA512
13b75b5e3b391449be15a592dcc87f59a72a689cd752cd8e8b6e3109a73e9fb010c564834eb1e7b3921f67e4f9fe9d9ebf2759b7a900073642e96c141d288268

Download Submit
\Windows\system\lyqoIZr.exe

Filesize
6.0MB

MD5
44f3e358a63936caa08a203a48319e3c

SHA1
61307082de3746da96065238413992082fd48031

SHA256
ba8082bd86d709817b6ff1c881ff37fb7e00ec21afe348d3e0a29d79bdf5c4f4

SHA512
a3729569cf61c2d2f58857c5ce0c98af27fcb9cc2b5838d41544c09de8d50034d08f5c1c276a3b75ed4c78d377fa07eb602ae656d762e539952bf4da40451a16

Download Submit
memory/772-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/772-2115-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-701-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-81-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-44-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1116-10-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1116-48-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-822-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-220-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-54-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1116-25-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1116-83-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1116-70-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-84-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-99-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1116-101-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-63-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1116-20-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1116-18-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1116-36-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1136-102-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-2157-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1192-40-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2057-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2149-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-92-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1516-22-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1516-1763-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1648-2144-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1648-91-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1767-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2448-21-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2128-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2576-82-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2103-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2636-64-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2090-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2788-55-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2788-100-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2888-30-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2270-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2912-50-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-93-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2554-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2964-23-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2264-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/3020-49-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2061-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download