cobaltstrike | 525200c5a251db210593782e551ac84faaf3fbbd24396a5fc08993c19860ead8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

05e37fe226ea18b342310b75f6e88717
SHA1

01efedd669a5c48fd96699e8ba281d8932fc1fdc
SHA256

525200c5a251db210593782e551ac84faaf3fbbd24396a5fc08993c19860ead8
SHA512

4a6f5b31638c01d54964323dc9c4ba5d2f9d692ab549d2389d17073a01b9ec6061f7386cdc48a8dfe96d2d6386c73d3590a1064db6b0a7fb8166657b8ebae9d5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bdd-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932a-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a467-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41f-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-75.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001930d-52.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-38.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921f-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f9-3.dat	xmrig
behavioral1/files/0x0008000000018bdd-8.dat	xmrig
behavioral1/files/0x000700000001921d-12.dat	xmrig
behavioral1/memory/2820-23-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2824-29-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2880-35-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2688-40-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001932a-57.dat	xmrig
behavioral1/files/0x0005000000019f9a-61.dat	xmrig
behavioral1/memory/836-82-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/600-98-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09a-101.dat	xmrig
behavioral1/memory/2860-103-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2860-883-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2232-500-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2380-218-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b3-194.dat	xmrig
behavioral1/files/0x000500000001a4af-184.dat	xmrig
behavioral1/files/0x000500000001a4b1-189.dat	xmrig
behavioral1/files/0x000500000001a4ab-174.dat	xmrig
behavioral1/files/0x000500000001a4ad-180.dat	xmrig
behavioral1/files/0x000500000001a495-164.dat	xmrig
behavioral1/files/0x000500000001a4a5-169.dat	xmrig
behavioral1/files/0x000500000001a494-160.dat	xmrig
behavioral1/files/0x000500000001a489-154.dat	xmrig
behavioral1/files/0x000500000001a487-148.dat	xmrig
behavioral1/files/0x000500000001a467-144.dat	xmrig
behavioral1/files/0x000500000001a42d-139.dat	xmrig
behavioral1/files/0x000500000001a423-134.dat	xmrig
behavioral1/files/0x000500000001a41f-129.dat	xmrig
behavioral1/files/0x000500000001a41c-125.dat	xmrig
behavioral1/files/0x000500000001a41a-119.dat	xmrig
behavioral1/files/0x000500000001a355-114.dat	xmrig
behavioral1/files/0x000500000001a303-108.dat	xmrig
behavioral1/memory/2688-96-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07a-93.dat	xmrig
behavioral1/memory/2232-88-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2880-86-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000500000001a071-85.dat	xmrig
behavioral1/memory/1512-81-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2068-80-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2824-79-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb8-75.dat	xmrig
behavioral1/memory/2380-72-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/2380-71-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1956-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2144-60-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000800000001930d-52.dat	xmrig
behavioral1/memory/2380-50-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2644-49-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000600000001925b-38.dat	xmrig
behavioral1/files/0x000600000001925d-46.dat	xmrig
behavioral1/files/0x0006000000019242-33.dat	xmrig
behavioral1/files/0x000700000001921f-27.dat	xmrig
behavioral1/memory/1432-22-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2144-20-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2820-2958-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1432-3654-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2144-3655-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1512-3663-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2824-3669-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2232-3674-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2068-4246-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2820	rUXWllr.exe
2144	nzsGLqN.exe
1432	NSOChbQ.exe
2824	pKqjPqV.exe
2880	gIkgHGL.exe
2688	yLUTgeQ.exe
2644	wlxJUTo.exe
1956	owUdiom.exe
2068	COUyHfQ.exe
1512	kgeIIdp.exe
836	RJqXBnx.exe
2232	dwwBTly.exe
600	kIhkqMh.exe
2860	VdpwBJs.exe
2988	kWpQQPT.exe
2252	uVKnDZo.exe
1900	jTCfHvz.exe
1904	oJSkjpp.exe
1748	JRAfChr.exe
1984	VXcGcas.exe
2308	AnKJRYn.exe
2388	PqkeNXc.exe
1296	FyvIevP.exe
840	SadiJHA.exe
2072	qZozcMX.exe
2416	pCGndtr.exe
2288	gXsbmAd.exe
1740	LdKhaCo.exe
1628	LuoMKCG.exe
904	sCXfFAd.exe
696	XkhRbmK.exe
2164	DHnqHpu.exe
1800	MOZsZkw.exe
1656	OHEJjQG.exe
1724	hPeMQCp.exe
1736	hhxpzxn.exe
1284	DKvMJBV.exe
2564	qIHpaIU.exe
2584	zkgtqVE.exe
292	TKLkaEj.exe
1988	OTQnAlc.exe
996	LPYUyou.exe
2240	njLaQXl.exe
3060	fRQehop.exe
2440	ZRMQDaC.exe
2292	kSsCrjo.exe
2368	cBeYtLS.exe
1652	Nppayru.exe
2776	AtXBEPv.exe
324	vLSJQTe.exe
1592	krsSteg.exe
2784	eQwypku.exe
2436	TIPqArb.exe
2116	GIDVAHf.exe
2636	EhivVxr.exe
2452	RzYARSD.exe
1504	aEiaiSj.exe
2856	XjVCsLc.exe
988	akLSIuu.exe
820	QUWFLBy.exe
1152	nhFqPAU.exe
108	UXQxjKF.exe
2100	AYAyLiM.exe
2244	RBxMOmG.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-3.dat	upx
behavioral1/files/0x0008000000018bdd-8.dat	upx
behavioral1/files/0x000700000001921d-12.dat	upx
behavioral1/memory/2820-23-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2824-29-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2880-35-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2688-40-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000700000001932a-57.dat	upx
behavioral1/files/0x0005000000019f9a-61.dat	upx
behavioral1/memory/836-82-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/600-98-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a09a-101.dat	upx
behavioral1/memory/2860-103-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2860-883-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2232-500-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b3-194.dat	upx
behavioral1/files/0x000500000001a4af-184.dat	upx
behavioral1/files/0x000500000001a4b1-189.dat	upx
behavioral1/files/0x000500000001a4ab-174.dat	upx
behavioral1/files/0x000500000001a4ad-180.dat	upx
behavioral1/files/0x000500000001a495-164.dat	upx
behavioral1/files/0x000500000001a4a5-169.dat	upx
behavioral1/files/0x000500000001a494-160.dat	upx
behavioral1/files/0x000500000001a489-154.dat	upx
behavioral1/files/0x000500000001a487-148.dat	upx
behavioral1/files/0x000500000001a467-144.dat	upx
behavioral1/files/0x000500000001a42d-139.dat	upx
behavioral1/files/0x000500000001a423-134.dat	upx
behavioral1/files/0x000500000001a41f-129.dat	upx
behavioral1/files/0x000500000001a41c-125.dat	upx
behavioral1/files/0x000500000001a41a-119.dat	upx
behavioral1/files/0x000500000001a355-114.dat	upx
behavioral1/files/0x000500000001a303-108.dat	upx
behavioral1/memory/2688-96-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000500000001a07a-93.dat	upx
behavioral1/memory/2232-88-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2880-86-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000500000001a071-85.dat	upx
behavioral1/memory/1512-81-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2068-80-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2824-79-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0005000000019fb8-75.dat	upx
behavioral1/memory/1956-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2144-60-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000800000001930d-52.dat	upx
behavioral1/memory/2380-50-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2644-49-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000600000001925b-38.dat	upx
behavioral1/files/0x000600000001925d-46.dat	upx
behavioral1/files/0x0006000000019242-33.dat	upx
behavioral1/files/0x000700000001921f-27.dat	upx
behavioral1/memory/1432-22-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2144-20-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2820-2958-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1432-3654-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2144-3655-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1512-3663-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2824-3669-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2232-3674-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2068-4246-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1956-3676-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/836-3675-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2860-3668-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JTmRaRZ.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uijwWZQ.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOvuKvO.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVNVUGS.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkgtqVE.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjQdVTQ.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXjKlrE.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKuzURk.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOajoPN.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOvvrPe.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmdqBom.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHnqHpu.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiCMUjE.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDmzixj.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgZAaQu.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPeMQCp.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWTPXKd.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGoUiMX.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpkDrlK.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqYYqSw.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxCxbRU.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozRsIhS.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrdcEIv.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwHyIKb.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqporWh.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLdyJce.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOOcqfT.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlQXawb.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnqNZUk.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvKADPl.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTZqoLq.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTkXDIh.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjYfsGL.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqmiMdL.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdWlfeP.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtXinEM.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdxhDvj.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWpQQPT.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcnodJo.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKRKcan.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCXZXdp.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drbIIqI.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLSJQTe.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjdZaxc.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrpOXtD.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooChqNt.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dofqFSt.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUAiqgy.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frgEZpe.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugJCQUr.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lloFEAC.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIDalxz.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRKsfjb.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxpyEZQ.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxouBRe.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFIEoUG.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADPHmGp.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXPuhEk.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVaXaqN.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFlzVdu.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrSzUHz.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHzMJqM.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJkuyIp.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMcTLJT.exe	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2820	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2820	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2820	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2144	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2144	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2144	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 1432	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1432	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1432	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2824	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2824	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2824	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2880	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2880	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2880	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2688	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2688	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2688	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2644	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2644	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2644	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 1956	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 1956	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 1956	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2068	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2068	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2068	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 836	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 836	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 836	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 1512	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 1512	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 1512	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2232	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2232	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2232	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 600	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 600	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 600	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 2860	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2860	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2860	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2988	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2988	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2988	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2252	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2252	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2252	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1900	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1900	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1900	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1904	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1904	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1904	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1748	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1748	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1748	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1984	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1984	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1984	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 2308	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2308	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2308	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2388	2380	2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_05e37fe226ea18b342310b75f6e88717_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\rUXWllr.exe
  C:\Windows\System\rUXWllr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\nzsGLqN.exe
  C:\Windows\System\nzsGLqN.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\NSOChbQ.exe
  C:\Windows\System\NSOChbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\pKqjPqV.exe
  C:\Windows\System\pKqjPqV.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\gIkgHGL.exe
  C:\Windows\System\gIkgHGL.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\yLUTgeQ.exe
  C:\Windows\System\yLUTgeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wlxJUTo.exe
  C:\Windows\System\wlxJUTo.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\owUdiom.exe
  C:\Windows\System\owUdiom.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\COUyHfQ.exe
  C:\Windows\System\COUyHfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\RJqXBnx.exe
  C:\Windows\System\RJqXBnx.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\kgeIIdp.exe
  C:\Windows\System\kgeIIdp.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\dwwBTly.exe
  C:\Windows\System\dwwBTly.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\kIhkqMh.exe
  C:\Windows\System\kIhkqMh.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\VdpwBJs.exe
  C:\Windows\System\VdpwBJs.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kWpQQPT.exe
  C:\Windows\System\kWpQQPT.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\uVKnDZo.exe
  C:\Windows\System\uVKnDZo.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\jTCfHvz.exe
  C:\Windows\System\jTCfHvz.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\oJSkjpp.exe
  C:\Windows\System\oJSkjpp.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\JRAfChr.exe
  C:\Windows\System\JRAfChr.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\VXcGcas.exe
  C:\Windows\System\VXcGcas.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\AnKJRYn.exe
  C:\Windows\System\AnKJRYn.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PqkeNXc.exe
  C:\Windows\System\PqkeNXc.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FyvIevP.exe
  C:\Windows\System\FyvIevP.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\SadiJHA.exe
  C:\Windows\System\SadiJHA.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\qZozcMX.exe
  C:\Windows\System\qZozcMX.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\pCGndtr.exe
  C:\Windows\System\pCGndtr.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\gXsbmAd.exe
  C:\Windows\System\gXsbmAd.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\LdKhaCo.exe
  C:\Windows\System\LdKhaCo.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\LuoMKCG.exe
  C:\Windows\System\LuoMKCG.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\sCXfFAd.exe
  C:\Windows\System\sCXfFAd.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\XkhRbmK.exe
  C:\Windows\System\XkhRbmK.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\DHnqHpu.exe
  C:\Windows\System\DHnqHpu.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\MOZsZkw.exe
  C:\Windows\System\MOZsZkw.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\OHEJjQG.exe
  C:\Windows\System\OHEJjQG.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\hPeMQCp.exe
  C:\Windows\System\hPeMQCp.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\hhxpzxn.exe
  C:\Windows\System\hhxpzxn.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\DKvMJBV.exe
  C:\Windows\System\DKvMJBV.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\qIHpaIU.exe
  C:\Windows\System\qIHpaIU.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\zkgtqVE.exe
  C:\Windows\System\zkgtqVE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\OTQnAlc.exe
  C:\Windows\System\OTQnAlc.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\TKLkaEj.exe
  C:\Windows\System\TKLkaEj.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\njLaQXl.exe
  C:\Windows\System\njLaQXl.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\LPYUyou.exe
  C:\Windows\System\LPYUyou.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\cBeYtLS.exe
  C:\Windows\System\cBeYtLS.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\fRQehop.exe
  C:\Windows\System\fRQehop.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\Nppayru.exe
  C:\Windows\System\Nppayru.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ZRMQDaC.exe
  C:\Windows\System\ZRMQDaC.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\vLSJQTe.exe
  C:\Windows\System\vLSJQTe.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\kSsCrjo.exe
  C:\Windows\System\kSsCrjo.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\krsSteg.exe
  C:\Windows\System\krsSteg.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\AtXBEPv.exe
  C:\Windows\System\AtXBEPv.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\eQwypku.exe
  C:\Windows\System\eQwypku.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\TIPqArb.exe
  C:\Windows\System\TIPqArb.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\GIDVAHf.exe
  C:\Windows\System\GIDVAHf.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\EhivVxr.exe
  C:\Windows\System\EhivVxr.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\RzYARSD.exe
  C:\Windows\System\RzYARSD.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\aEiaiSj.exe
  C:\Windows\System\aEiaiSj.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\XjVCsLc.exe
  C:\Windows\System\XjVCsLc.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\akLSIuu.exe
  C:\Windows\System\akLSIuu.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\QUWFLBy.exe
  C:\Windows\System\QUWFLBy.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\nhFqPAU.exe
  C:\Windows\System\nhFqPAU.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\UXQxjKF.exe
  C:\Windows\System\UXQxjKF.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\AYAyLiM.exe
  C:\Windows\System\AYAyLiM.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\RBxMOmG.exe
  C:\Windows\System\RBxMOmG.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\hwzmbiR.exe
  C:\Windows\System\hwzmbiR.exe
  2⤵
  PID:960
- C:\Windows\System\vMXgfAo.exe
  C:\Windows\System\vMXgfAo.exe
  2⤵
  PID:848
- C:\Windows\System\NcoFUmI.exe
  C:\Windows\System\NcoFUmI.exe
  2⤵
  PID:2192
- C:\Windows\System\hjBGyNk.exe
  C:\Windows\System\hjBGyNk.exe
  2⤵
  PID:2300
- C:\Windows\System\PvXznBv.exe
  C:\Windows\System\PvXznBv.exe
  2⤵
  PID:340
- C:\Windows\System\WZSevir.exe
  C:\Windows\System\WZSevir.exe
  2⤵
  PID:1048
- C:\Windows\System\tNGKlWa.exe
  C:\Windows\System\tNGKlWa.exe
  2⤵
  PID:1712
- C:\Windows\System\dFWoZRQ.exe
  C:\Windows\System\dFWoZRQ.exe
  2⤵
  PID:664
- C:\Windows\System\ukgpAqh.exe
  C:\Windows\System\ukgpAqh.exe
  2⤵
  PID:2000
- C:\Windows\System\dcAFtUs.exe
  C:\Windows\System\dcAFtUs.exe
  2⤵
  PID:3064
- C:\Windows\System\shYGHrg.exe
  C:\Windows\System\shYGHrg.exe
  2⤵
  PID:1256
- C:\Windows\System\DMDhAzk.exe
  C:\Windows\System\DMDhAzk.exe
  2⤵
  PID:1672
- C:\Windows\System\ZKqAKdG.exe
  C:\Windows\System\ZKqAKdG.exe
  2⤵
  PID:1380
- C:\Windows\System\KzmFbGG.exe
  C:\Windows\System\KzmFbGG.exe
  2⤵
  PID:2852
- C:\Windows\System\ZFOKWuG.exe
  C:\Windows\System\ZFOKWuG.exe
  2⤵
  PID:1676
- C:\Windows\System\EPpTcXH.exe
  C:\Windows\System\EPpTcXH.exe
  2⤵
  PID:1596
- C:\Windows\System\mYbuUtR.exe
  C:\Windows\System\mYbuUtR.exe
  2⤵
  PID:2948
- C:\Windows\System\EoIWNyK.exe
  C:\Windows\System\EoIWNyK.exe
  2⤵
  PID:1300
- C:\Windows\System\zjIBIAn.exe
  C:\Windows\System\zjIBIAn.exe
  2⤵
  PID:2248
- C:\Windows\System\svnfDVF.exe
  C:\Windows\System\svnfDVF.exe
  2⤵
  PID:2672
- C:\Windows\System\VXUbyEE.exe
  C:\Windows\System\VXUbyEE.exe
  2⤵
  PID:2984
- C:\Windows\System\QQEhUFz.exe
  C:\Windows\System\QQEhUFz.exe
  2⤵
  PID:856
- C:\Windows\System\UkjSnpy.exe
  C:\Windows\System\UkjSnpy.exe
  2⤵
  PID:2304
- C:\Windows\System\TZTlWlY.exe
  C:\Windows\System\TZTlWlY.exe
  2⤵
  PID:1976
- C:\Windows\System\pRWbmAl.exe
  C:\Windows\System\pRWbmAl.exe
  2⤵
  PID:1056
- C:\Windows\System\lPRPAUV.exe
  C:\Windows\System\lPRPAUV.exe
  2⤵
  PID:1104
- C:\Windows\System\gHuWYBW.exe
  C:\Windows\System\gHuWYBW.exe
  2⤵
  PID:3076
- C:\Windows\System\LPIFEmH.exe
  C:\Windows\System\LPIFEmH.exe
  2⤵
  PID:3092
- C:\Windows\System\DdApPlt.exe
  C:\Windows\System\DdApPlt.exe
  2⤵
  PID:3112
- C:\Windows\System\kKjhXbY.exe
  C:\Windows\System\kKjhXbY.exe
  2⤵
  PID:3128
- C:\Windows\System\FEzXdyx.exe
  C:\Windows\System\FEzXdyx.exe
  2⤵
  PID:3152
- C:\Windows\System\MCFVZbS.exe
  C:\Windows\System\MCFVZbS.exe
  2⤵
  PID:3168
- C:\Windows\System\yypGwBk.exe
  C:\Windows\System\yypGwBk.exe
  2⤵
  PID:3188
- C:\Windows\System\TKUWEdw.exe
  C:\Windows\System\TKUWEdw.exe
  2⤵
  PID:3208
- C:\Windows\System\TCtKtbg.exe
  C:\Windows\System\TCtKtbg.exe
  2⤵
  PID:3228
- C:\Windows\System\VShafdA.exe
  C:\Windows\System\VShafdA.exe
  2⤵
  PID:3248
- C:\Windows\System\AodEJgZ.exe
  C:\Windows\System\AodEJgZ.exe
  2⤵
  PID:3264
- C:\Windows\System\iauGqMx.exe
  C:\Windows\System\iauGqMx.exe
  2⤵
  PID:3288
- C:\Windows\System\CJgeazJ.exe
  C:\Windows\System\CJgeazJ.exe
  2⤵
  PID:3308
- C:\Windows\System\YekNtHh.exe
  C:\Windows\System\YekNtHh.exe
  2⤵
  PID:3324
- C:\Windows\System\OSCmKBw.exe
  C:\Windows\System\OSCmKBw.exe
  2⤵
  PID:3340
- C:\Windows\System\OdRtBvQ.exe
  C:\Windows\System\OdRtBvQ.exe
  2⤵
  PID:3364
- C:\Windows\System\uvdLpyt.exe
  C:\Windows\System\uvdLpyt.exe
  2⤵
  PID:3388
- C:\Windows\System\ovnIhLA.exe
  C:\Windows\System\ovnIhLA.exe
  2⤵
  PID:3412
- C:\Windows\System\xjqyrHN.exe
  C:\Windows\System\xjqyrHN.exe
  2⤵
  PID:3436
- C:\Windows\System\wVpznyj.exe
  C:\Windows\System\wVpznyj.exe
  2⤵
  PID:3460
- C:\Windows\System\jbBtKZf.exe
  C:\Windows\System\jbBtKZf.exe
  2⤵
  PID:3480
- C:\Windows\System\tNlVigO.exe
  C:\Windows\System\tNlVigO.exe
  2⤵
  PID:3500
- C:\Windows\System\rnJASyD.exe
  C:\Windows\System\rnJASyD.exe
  2⤵
  PID:3516
- C:\Windows\System\QTIHMcc.exe
  C:\Windows\System\QTIHMcc.exe
  2⤵
  PID:3532
- C:\Windows\System\TnlWMwO.exe
  C:\Windows\System\TnlWMwO.exe
  2⤵
  PID:3548
- C:\Windows\System\VQghSPg.exe
  C:\Windows\System\VQghSPg.exe
  2⤵
  PID:3580
- C:\Windows\System\PjQdVTQ.exe
  C:\Windows\System\PjQdVTQ.exe
  2⤵
  PID:3600
- C:\Windows\System\HDLuIBQ.exe
  C:\Windows\System\HDLuIBQ.exe
  2⤵
  PID:3624
- C:\Windows\System\tUhZxqJ.exe
  C:\Windows\System\tUhZxqJ.exe
  2⤵
  PID:3644
- C:\Windows\System\DjYfsGL.exe
  C:\Windows\System\DjYfsGL.exe
  2⤵
  PID:3664
- C:\Windows\System\KRimHGR.exe
  C:\Windows\System\KRimHGR.exe
  2⤵
  PID:3684
- C:\Windows\System\ejwLseu.exe
  C:\Windows\System\ejwLseu.exe
  2⤵
  PID:3704
- C:\Windows\System\dzxfaXw.exe
  C:\Windows\System\dzxfaXw.exe
  2⤵
  PID:3724
- C:\Windows\System\KAKysoA.exe
  C:\Windows\System\KAKysoA.exe
  2⤵
  PID:3744
- C:\Windows\System\ooPqGpy.exe
  C:\Windows\System\ooPqGpy.exe
  2⤵
  PID:3760
- C:\Windows\System\eUqPBAc.exe
  C:\Windows\System\eUqPBAc.exe
  2⤵
  PID:3780
- C:\Windows\System\yHGrKrN.exe
  C:\Windows\System\yHGrKrN.exe
  2⤵
  PID:3800
- C:\Windows\System\FbKQkMX.exe
  C:\Windows\System\FbKQkMX.exe
  2⤵
  PID:3824
- C:\Windows\System\jYMCDtG.exe
  C:\Windows\System\jYMCDtG.exe
  2⤵
  PID:3848
- C:\Windows\System\BTdcjfY.exe
  C:\Windows\System\BTdcjfY.exe
  2⤵
  PID:3868
- C:\Windows\System\XYabLRZ.exe
  C:\Windows\System\XYabLRZ.exe
  2⤵
  PID:3884
- C:\Windows\System\NMWuGxW.exe
  C:\Windows\System\NMWuGxW.exe
  2⤵
  PID:3904
- C:\Windows\System\vUgcygk.exe
  C:\Windows\System\vUgcygk.exe
  2⤵
  PID:3920
- C:\Windows\System\ybOdQvi.exe
  C:\Windows\System\ybOdQvi.exe
  2⤵
  PID:3952
- C:\Windows\System\egJMkbf.exe
  C:\Windows\System\egJMkbf.exe
  2⤵
  PID:3976
- C:\Windows\System\oFPlEJI.exe
  C:\Windows\System\oFPlEJI.exe
  2⤵
  PID:3996
- C:\Windows\System\ntlwcai.exe
  C:\Windows\System\ntlwcai.exe
  2⤵
  PID:4012
- C:\Windows\System\eoWSeUz.exe
  C:\Windows\System\eoWSeUz.exe
  2⤵
  PID:4032
- C:\Windows\System\doQHqdL.exe
  C:\Windows\System\doQHqdL.exe
  2⤵
  PID:4048
- C:\Windows\System\lwvVLXp.exe
  C:\Windows\System\lwvVLXp.exe
  2⤵
  PID:4068
- C:\Windows\System\LlSXVqc.exe
  C:\Windows\System\LlSXVqc.exe
  2⤵
  PID:1608
- C:\Windows\System\fgNWbcY.exe
  C:\Windows\System\fgNWbcY.exe
  2⤵
  PID:2204
- C:\Windows\System\qbHEXLR.exe
  C:\Windows\System\qbHEXLR.exe
  2⤵
  PID:1728
- C:\Windows\System\NUgZaIz.exe
  C:\Windows\System\NUgZaIz.exe
  2⤵
  PID:1816
- C:\Windows\System\OhZXIJK.exe
  C:\Windows\System\OhZXIJK.exe
  2⤵
  PID:2552
- C:\Windows\System\Ftyynqd.exe
  C:\Windows\System\Ftyynqd.exe
  2⤵
  PID:832
- C:\Windows\System\zubOPvk.exe
  C:\Windows\System\zubOPvk.exe
  2⤵
  PID:2092
- C:\Windows\System\QbHlJQF.exe
  C:\Windows\System\QbHlJQF.exe
  2⤵
  PID:1788
- C:\Windows\System\ocQQnbG.exe
  C:\Windows\System\ocQQnbG.exe
  2⤵
  PID:1992
- C:\Windows\System\pfEUtIS.exe
  C:\Windows\System\pfEUtIS.exe
  2⤵
  PID:1248
- C:\Windows\System\vlEhnsQ.exe
  C:\Windows\System\vlEhnsQ.exe
  2⤵
  PID:2432
- C:\Windows\System\aGgobbK.exe
  C:\Windows\System\aGgobbK.exe
  2⤵
  PID:2236
- C:\Windows\System\fgmTejv.exe
  C:\Windows\System\fgmTejv.exe
  2⤵
  PID:2732
- C:\Windows\System\svEufXj.exe
  C:\Windows\System\svEufXj.exe
  2⤵
  PID:2064
- C:\Windows\System\pAnYSyV.exe
  C:\Windows\System\pAnYSyV.exe
  2⤵
  PID:2332
- C:\Windows\System\nxCLXER.exe
  C:\Windows\System\nxCLXER.exe
  2⤵
  PID:3104
- C:\Windows\System\lloFEAC.exe
  C:\Windows\System\lloFEAC.exe
  2⤵
  PID:3236
- C:\Windows\System\vqczPUK.exe
  C:\Windows\System\vqczPUK.exe
  2⤵
  PID:3284
- C:\Windows\System\IzJOyQI.exe
  C:\Windows\System\IzJOyQI.exe
  2⤵
  PID:3144
- C:\Windows\System\LTuCzNY.exe
  C:\Windows\System\LTuCzNY.exe
  2⤵
  PID:3316
- C:\Windows\System\YyGNlkL.exe
  C:\Windows\System\YyGNlkL.exe
  2⤵
  PID:3220
- C:\Windows\System\aKQxKZL.exe
  C:\Windows\System\aKQxKZL.exe
  2⤵
  PID:3260
- C:\Windows\System\amhLxTH.exe
  C:\Windows\System\amhLxTH.exe
  2⤵
  PID:3404
- C:\Windows\System\ZvCscin.exe
  C:\Windows\System\ZvCscin.exe
  2⤵
  PID:3372
- C:\Windows\System\MgenRvG.exe
  C:\Windows\System\MgenRvG.exe
  2⤵
  PID:3428
- C:\Windows\System\CvWUobR.exe
  C:\Windows\System\CvWUobR.exe
  2⤵
  PID:3488
- C:\Windows\System\iKmowDa.exe
  C:\Windows\System\iKmowDa.exe
  2⤵
  PID:3540
- C:\Windows\System\RunKKlv.exe
  C:\Windows\System\RunKKlv.exe
  2⤵
  PID:3556
- C:\Windows\System\ApRitgw.exe
  C:\Windows\System\ApRitgw.exe
  2⤵
  PID:3576
- C:\Windows\System\KVCAVPQ.exe
  C:\Windows\System\KVCAVPQ.exe
  2⤵
  PID:3612
- C:\Windows\System\eQptoIp.exe
  C:\Windows\System\eQptoIp.exe
  2⤵
  PID:3652
- C:\Windows\System\wQTcXZt.exe
  C:\Windows\System\wQTcXZt.exe
  2⤵
  PID:3692
- C:\Windows\System\wnUYMSN.exe
  C:\Windows\System\wnUYMSN.exe
  2⤵
  PID:3740
- C:\Windows\System\zkmFSvA.exe
  C:\Windows\System\zkmFSvA.exe
  2⤵
  PID:3712
- C:\Windows\System\EdfBwTb.exe
  C:\Windows\System\EdfBwTb.exe
  2⤵
  PID:3776
- C:\Windows\System\oUnJjlq.exe
  C:\Windows\System\oUnJjlq.exe
  2⤵
  PID:3792
- C:\Windows\System\qAwDmaV.exe
  C:\Windows\System\qAwDmaV.exe
  2⤵
  PID:3844
- C:\Windows\System\LtQnMbZ.exe
  C:\Windows\System\LtQnMbZ.exe
  2⤵
  PID:3900
- C:\Windows\System\wXSqZUy.exe
  C:\Windows\System\wXSqZUy.exe
  2⤵
  PID:3940
- C:\Windows\System\AogpZAq.exe
  C:\Windows\System\AogpZAq.exe
  2⤵
  PID:3960
- C:\Windows\System\pTAMuyv.exe
  C:\Windows\System\pTAMuyv.exe
  2⤵
  PID:4020
- C:\Windows\System\sNAAOJo.exe
  C:\Windows\System\sNAAOJo.exe
  2⤵
  PID:4064
- C:\Windows\System\GrQRMYO.exe
  C:\Windows\System\GrQRMYO.exe
  2⤵
  PID:4004
- C:\Windows\System\vVTMnuL.exe
  C:\Windows\System\vVTMnuL.exe
  2⤵
  PID:4040
- C:\Windows\System\LmQSyfH.exe
  C:\Windows\System\LmQSyfH.exe
  2⤵
  PID:1532
- C:\Windows\System\LpKXDhh.exe
  C:\Windows\System\LpKXDhh.exe
  2⤵
  PID:2844
- C:\Windows\System\ySSLknE.exe
  C:\Windows\System\ySSLknE.exe
  2⤵
  PID:1028
- C:\Windows\System\QzQjPVC.exe
  C:\Windows\System\QzQjPVC.exe
  2⤵
  PID:2592
- C:\Windows\System\TNhhmlF.exe
  C:\Windows\System\TNhhmlF.exe
  2⤵
  PID:2628
- C:\Windows\System\LiCSAPp.exe
  C:\Windows\System\LiCSAPp.exe
  2⤵
  PID:2884
- C:\Windows\System\NqporWh.exe
  C:\Windows\System\NqporWh.exe
  2⤵
  PID:1680
- C:\Windows\System\yWTPXKd.exe
  C:\Windows\System\yWTPXKd.exe
  2⤵
  PID:3084
- C:\Windows\System\FEmPJBe.exe
  C:\Windows\System\FEmPJBe.exe
  2⤵
  PID:548
- C:\Windows\System\ZQCKWZK.exe
  C:\Windows\System\ZQCKWZK.exe
  2⤵
  PID:3196
- C:\Windows\System\LRWsZHP.exe
  C:\Windows\System\LRWsZHP.exe
  2⤵
  PID:3276
- C:\Windows\System\pVPawTT.exe
  C:\Windows\System\pVPawTT.exe
  2⤵
  PID:3180
- C:\Windows\System\WTxQPCN.exe
  C:\Windows\System\WTxQPCN.exe
  2⤵
  PID:3352
- C:\Windows\System\iAmxnjo.exe
  C:\Windows\System\iAmxnjo.exe
  2⤵
  PID:3452
- C:\Windows\System\ozRalWv.exe
  C:\Windows\System\ozRalWv.exe
  2⤵
  PID:3384
- C:\Windows\System\CGkRkQF.exe
  C:\Windows\System\CGkRkQF.exe
  2⤵
  PID:3472
- C:\Windows\System\DtbDSDK.exe
  C:\Windows\System\DtbDSDK.exe
  2⤵
  PID:3588
- C:\Windows\System\unqyeob.exe
  C:\Windows\System\unqyeob.exe
  2⤵
  PID:3544
- C:\Windows\System\kckeNaA.exe
  C:\Windows\System\kckeNaA.exe
  2⤵
  PID:3636
- C:\Windows\System\vLdyJce.exe
  C:\Windows\System\vLdyJce.exe
  2⤵
  PID:3680
- C:\Windows\System\ItlRImn.exe
  C:\Windows\System\ItlRImn.exe
  2⤵
  PID:3892
- C:\Windows\System\NixEpAA.exe
  C:\Windows\System\NixEpAA.exe
  2⤵
  PID:3876
- C:\Windows\System\othoaFL.exe
  C:\Windows\System\othoaFL.exe
  2⤵
  PID:3832
- C:\Windows\System\PmRxrcw.exe
  C:\Windows\System\PmRxrcw.exe
  2⤵
  PID:3912
- C:\Windows\System\hRoUtWa.exe
  C:\Windows\System\hRoUtWa.exe
  2⤵
  PID:3972
- C:\Windows\System\xDKlFul.exe
  C:\Windows\System\xDKlFul.exe
  2⤵
  PID:3964
- C:\Windows\System\haZBqRu.exe
  C:\Windows\System\haZBqRu.exe
  2⤵
  PID:4092
- C:\Windows\System\fPcrVKM.exe
  C:\Windows\System\fPcrVKM.exe
  2⤵
  PID:2916
- C:\Windows\System\VbYscLR.exe
  C:\Windows\System\VbYscLR.exe
  2⤵
  PID:2276
- C:\Windows\System\WlCNkdj.exe
  C:\Windows\System\WlCNkdj.exe
  2⤵
  PID:2676
- C:\Windows\System\vCyllVt.exe
  C:\Windows\System\vCyllVt.exe
  2⤵
  PID:3164
- C:\Windows\System\HsgERJR.exe
  C:\Windows\System\HsgERJR.exe
  2⤵
  PID:2576
- C:\Windows\System\KiCMUjE.exe
  C:\Windows\System\KiCMUjE.exe
  2⤵
  PID:3140
- C:\Windows\System\MLBbjeP.exe
  C:\Windows\System\MLBbjeP.exe
  2⤵
  PID:4116
- C:\Windows\System\tGgBAOJ.exe
  C:\Windows\System\tGgBAOJ.exe
  2⤵
  PID:4136
- C:\Windows\System\rOOcqfT.exe
  C:\Windows\System\rOOcqfT.exe
  2⤵
  PID:4160
- C:\Windows\System\hzWzmGn.exe
  C:\Windows\System\hzWzmGn.exe
  2⤵
  PID:4176
- C:\Windows\System\SZHCSSX.exe
  C:\Windows\System\SZHCSSX.exe
  2⤵
  PID:4196
- C:\Windows\System\WqtZIkN.exe
  C:\Windows\System\WqtZIkN.exe
  2⤵
  PID:4220
- C:\Windows\System\QVevaXe.exe
  C:\Windows\System\QVevaXe.exe
  2⤵
  PID:4240
- C:\Windows\System\aqBoUxZ.exe
  C:\Windows\System\aqBoUxZ.exe
  2⤵
  PID:4260
- C:\Windows\System\bvarYRX.exe
  C:\Windows\System\bvarYRX.exe
  2⤵
  PID:4280
- C:\Windows\System\vIbfSvY.exe
  C:\Windows\System\vIbfSvY.exe
  2⤵
  PID:4296
- C:\Windows\System\ZHZrblm.exe
  C:\Windows\System\ZHZrblm.exe
  2⤵
  PID:4316
- C:\Windows\System\yZugRdJ.exe
  C:\Windows\System\yZugRdJ.exe
  2⤵
  PID:4332
- C:\Windows\System\KMbyRvp.exe
  C:\Windows\System\KMbyRvp.exe
  2⤵
  PID:4360
- C:\Windows\System\ZHsnoNJ.exe
  C:\Windows\System\ZHsnoNJ.exe
  2⤵
  PID:4380
- C:\Windows\System\nohGMuC.exe
  C:\Windows\System\nohGMuC.exe
  2⤵
  PID:4400
- C:\Windows\System\XHeZekM.exe
  C:\Windows\System\XHeZekM.exe
  2⤵
  PID:4420
- C:\Windows\System\FyGlOGd.exe
  C:\Windows\System\FyGlOGd.exe
  2⤵
  PID:4440
- C:\Windows\System\MTJCHhm.exe
  C:\Windows\System\MTJCHhm.exe
  2⤵
  PID:4460
- C:\Windows\System\EhbJUFF.exe
  C:\Windows\System\EhbJUFF.exe
  2⤵
  PID:4480
- C:\Windows\System\KoolVAD.exe
  C:\Windows\System\KoolVAD.exe
  2⤵
  PID:4500
- C:\Windows\System\vDpHHCA.exe
  C:\Windows\System\vDpHHCA.exe
  2⤵
  PID:4520
- C:\Windows\System\ufarEez.exe
  C:\Windows\System\ufarEez.exe
  2⤵
  PID:4540
- C:\Windows\System\elUrNGA.exe
  C:\Windows\System\elUrNGA.exe
  2⤵
  PID:4560
- C:\Windows\System\iIDalxz.exe
  C:\Windows\System\iIDalxz.exe
  2⤵
  PID:4580
- C:\Windows\System\oYWusAY.exe
  C:\Windows\System\oYWusAY.exe
  2⤵
  PID:4600
- C:\Windows\System\PseZGAr.exe
  C:\Windows\System\PseZGAr.exe
  2⤵
  PID:4620
- C:\Windows\System\sXCqWGS.exe
  C:\Windows\System\sXCqWGS.exe
  2⤵
  PID:4640
- C:\Windows\System\ZlTRfFK.exe
  C:\Windows\System\ZlTRfFK.exe
  2⤵
  PID:4660
- C:\Windows\System\GqnaeHz.exe
  C:\Windows\System\GqnaeHz.exe
  2⤵
  PID:4680
- C:\Windows\System\wBhNtwr.exe
  C:\Windows\System\wBhNtwr.exe
  2⤵
  PID:4700
- C:\Windows\System\lIEQnNx.exe
  C:\Windows\System\lIEQnNx.exe
  2⤵
  PID:4720
- C:\Windows\System\rGEPvCj.exe
  C:\Windows\System\rGEPvCj.exe
  2⤵
  PID:4736
- C:\Windows\System\StDmzbN.exe
  C:\Windows\System\StDmzbN.exe
  2⤵
  PID:4756
- C:\Windows\System\ZkSNyTU.exe
  C:\Windows\System\ZkSNyTU.exe
  2⤵
  PID:4780
- C:\Windows\System\mGuhAnv.exe
  C:\Windows\System\mGuhAnv.exe
  2⤵
  PID:4800
- C:\Windows\System\EcxDNRR.exe
  C:\Windows\System\EcxDNRR.exe
  2⤵
  PID:4820
- C:\Windows\System\dvPFFIG.exe
  C:\Windows\System\dvPFFIG.exe
  2⤵
  PID:4840
- C:\Windows\System\XlFBPio.exe
  C:\Windows\System\XlFBPio.exe
  2⤵
  PID:4860
- C:\Windows\System\PjPlVsI.exe
  C:\Windows\System\PjPlVsI.exe
  2⤵
  PID:4880
- C:\Windows\System\QfBINCS.exe
  C:\Windows\System\QfBINCS.exe
  2⤵
  PID:4900
- C:\Windows\System\QbWPCKZ.exe
  C:\Windows\System\QbWPCKZ.exe
  2⤵
  PID:4920
- C:\Windows\System\uYOfMMW.exe
  C:\Windows\System\uYOfMMW.exe
  2⤵
  PID:4940
- C:\Windows\System\KxSfFbA.exe
  C:\Windows\System\KxSfFbA.exe
  2⤵
  PID:4960
- C:\Windows\System\nLVLPYU.exe
  C:\Windows\System\nLVLPYU.exe
  2⤵
  PID:4984
- C:\Windows\System\SosiRoR.exe
  C:\Windows\System\SosiRoR.exe
  2⤵
  PID:5008
- C:\Windows\System\pRmpxnm.exe
  C:\Windows\System\pRmpxnm.exe
  2⤵
  PID:5028
- C:\Windows\System\KATgjLT.exe
  C:\Windows\System\KATgjLT.exe
  2⤵
  PID:5048
- C:\Windows\System\EmPcNOp.exe
  C:\Windows\System\EmPcNOp.exe
  2⤵
  PID:5068
- C:\Windows\System\kSmwPPR.exe
  C:\Windows\System\kSmwPPR.exe
  2⤵
  PID:5088
- C:\Windows\System\yeTYkjV.exe
  C:\Windows\System\yeTYkjV.exe
  2⤵
  PID:5104
- C:\Windows\System\FaEDdGZ.exe
  C:\Windows\System\FaEDdGZ.exe
  2⤵
  PID:3304
- C:\Windows\System\bjflsXE.exe
  C:\Windows\System\bjflsXE.exe
  2⤵
  PID:3332
- C:\Windows\System\yiCSZlv.exe
  C:\Windows\System\yiCSZlv.exe
  2⤵
  PID:3592
- C:\Windows\System\pXJoOhP.exe
  C:\Windows\System\pXJoOhP.exe
  2⤵
  PID:3380
- C:\Windows\System\QNGlJRi.exe
  C:\Windows\System\QNGlJRi.exe
  2⤵
  PID:3640
- C:\Windows\System\ctVdhVJ.exe
  C:\Windows\System\ctVdhVJ.exe
  2⤵
  PID:3756
- C:\Windows\System\HvePTRu.exe
  C:\Windows\System\HvePTRu.exe
  2⤵
  PID:3932
- C:\Windows\System\FBHjdea.exe
  C:\Windows\System\FBHjdea.exe
  2⤵
  PID:3788
- C:\Windows\System\amCykBu.exe
  C:\Windows\System\amCykBu.exe
  2⤵
  PID:3988
- C:\Windows\System\pQbblRx.exe
  C:\Windows\System\pQbblRx.exe
  2⤵
  PID:1784
- C:\Windows\System\ruNZZDM.exe
  C:\Windows\System\ruNZZDM.exe
  2⤵
  PID:320
- C:\Windows\System\OyKVtIJ.exe
  C:\Windows\System\OyKVtIJ.exe
  2⤵
  PID:3272
- C:\Windows\System\CgnIiWF.exe
  C:\Windows\System\CgnIiWF.exe
  2⤵
  PID:4112
- C:\Windows\System\oJoNkUQ.exe
  C:\Windows\System\oJoNkUQ.exe
  2⤵
  PID:4152
- C:\Windows\System\yCivzYM.exe
  C:\Windows\System\yCivzYM.exe
  2⤵
  PID:3184
- C:\Windows\System\jrQBauh.exe
  C:\Windows\System\jrQBauh.exe
  2⤵
  PID:4188
- C:\Windows\System\vvfDKwD.exe
  C:\Windows\System\vvfDKwD.exe
  2⤵
  PID:4232
- C:\Windows\System\sDQsTEi.exe
  C:\Windows\System\sDQsTEi.exe
  2⤵
  PID:4248
- C:\Windows\System\OLSGbCn.exe
  C:\Windows\System\OLSGbCn.exe
  2⤵
  PID:4304
- C:\Windows\System\pcOlANu.exe
  C:\Windows\System\pcOlANu.exe
  2⤵
  PID:4324
- C:\Windows\System\zVmSlcC.exe
  C:\Windows\System\zVmSlcC.exe
  2⤵
  PID:4356
- C:\Windows\System\pNtcVUK.exe
  C:\Windows\System\pNtcVUK.exe
  2⤵
  PID:4368
- C:\Windows\System\XDwseEw.exe
  C:\Windows\System\XDwseEw.exe
  2⤵
  PID:4408
- C:\Windows\System\XsoijTm.exe
  C:\Windows\System\XsoijTm.exe
  2⤵
  PID:4432
- C:\Windows\System\qXYmZxQ.exe
  C:\Windows\System\qXYmZxQ.exe
  2⤵
  PID:4452
- C:\Windows\System\FoKgVqs.exe
  C:\Windows\System\FoKgVqs.exe
  2⤵
  PID:4508
- C:\Windows\System\DsNRERr.exe
  C:\Windows\System\DsNRERr.exe
  2⤵
  PID:4548
- C:\Windows\System\gnwyPIU.exe
  C:\Windows\System\gnwyPIU.exe
  2⤵
  PID:4532
- C:\Windows\System\sXOEJza.exe
  C:\Windows\System\sXOEJza.exe
  2⤵
  PID:4592
- C:\Windows\System\SNMaZyC.exe
  C:\Windows\System\SNMaZyC.exe
  2⤵
  PID:4628
- C:\Windows\System\WBaozWf.exe
  C:\Windows\System\WBaozWf.exe
  2⤵
  PID:4676
- C:\Windows\System\pQbFOqk.exe
  C:\Windows\System\pQbFOqk.exe
  2⤵
  PID:4696
- C:\Windows\System\waUTzjA.exe
  C:\Windows\System\waUTzjA.exe
  2⤵
  PID:4752
- C:\Windows\System\ujIBvyS.exe
  C:\Windows\System\ujIBvyS.exe
  2⤵
  PID:4796
- C:\Windows\System\CWEuCWH.exe
  C:\Windows\System\CWEuCWH.exe
  2⤵
  PID:4808
- C:\Windows\System\HpWRufB.exe
  C:\Windows\System\HpWRufB.exe
  2⤵
  PID:4812
- C:\Windows\System\BfYzDWr.exe
  C:\Windows\System\BfYzDWr.exe
  2⤵
  PID:4872
- C:\Windows\System\RAYauUg.exe
  C:\Windows\System\RAYauUg.exe
  2⤵
  PID:4892
- C:\Windows\System\bonrkyf.exe
  C:\Windows\System\bonrkyf.exe
  2⤵
  PID:4936
- C:\Windows\System\wsJCLbx.exe
  C:\Windows\System\wsJCLbx.exe
  2⤵
  PID:4992
- C:\Windows\System\HqMkBqW.exe
  C:\Windows\System\HqMkBqW.exe
  2⤵
  PID:4980
- C:\Windows\System\UEaFRkD.exe
  C:\Windows\System\UEaFRkD.exe
  2⤵
  PID:5044
- C:\Windows\System\DASFsCl.exe
  C:\Windows\System\DASFsCl.exe
  2⤵
  PID:5060
- C:\Windows\System\VvbBsSq.exe
  C:\Windows\System\VvbBsSq.exe
  2⤵
  PID:5096
- C:\Windows\System\ppZfaYz.exe
  C:\Windows\System\ppZfaYz.exe
  2⤵
  PID:5116
- C:\Windows\System\suwpzmS.exe
  C:\Windows\System\suwpzmS.exe
  2⤵
  PID:3420
- C:\Windows\System\QqLfbxX.exe
  C:\Windows\System\QqLfbxX.exe
  2⤵
  PID:3660
- C:\Windows\System\KHdZEDp.exe
  C:\Windows\System\KHdZEDp.exe
  2⤵
  PID:3716
- C:\Windows\System\ZVyQjTH.exe
  C:\Windows\System\ZVyQjTH.exe
  2⤵
  PID:4044
- C:\Windows\System\AwsLlpi.exe
  C:\Windows\System\AwsLlpi.exe
  2⤵
  PID:1756
- C:\Windows\System\yvkZtLq.exe
  C:\Windows\System\yvkZtLq.exe
  2⤵
  PID:4104
- C:\Windows\System\mrHwEMy.exe
  C:\Windows\System\mrHwEMy.exe
  2⤵
  PID:3136
- C:\Windows\System\JSKhMJs.exe
  C:\Windows\System\JSKhMJs.exe
  2⤵
  PID:3836
- C:\Windows\System\WmZyseQ.exe
  C:\Windows\System\WmZyseQ.exe
  2⤵
  PID:1940
- C:\Windows\System\ovJjqEo.exe
  C:\Windows\System\ovJjqEo.exe
  2⤵
  PID:4228
- C:\Windows\System\XpptPSa.exe
  C:\Windows\System\XpptPSa.exe
  2⤵
  PID:4168
- C:\Windows\System\mdWQgQX.exe
  C:\Windows\System\mdWQgQX.exe
  2⤵
  PID:4340
- C:\Windows\System\yRUIfxY.exe
  C:\Windows\System\yRUIfxY.exe
  2⤵
  PID:4396
- C:\Windows\System\fFrbBmE.exe
  C:\Windows\System\fFrbBmE.exe
  2⤵
  PID:4268
- C:\Windows\System\XjdZaxc.exe
  C:\Windows\System\XjdZaxc.exe
  2⤵
  PID:4568
- C:\Windows\System\TFmVzaa.exe
  C:\Windows\System\TFmVzaa.exe
  2⤵
  PID:4636
- C:\Windows\System\xOvgnfj.exe
  C:\Windows\System\xOvgnfj.exe
  2⤵
  PID:112
- C:\Windows\System\csldEaA.exe
  C:\Windows\System\csldEaA.exe
  2⤵
  PID:4668
- C:\Windows\System\axhkskQ.exe
  C:\Windows\System\axhkskQ.exe
  2⤵
  PID:4672
- C:\Windows\System\bpcNaek.exe
  C:\Windows\System\bpcNaek.exe
  2⤵
  PID:4772
- C:\Windows\System\cfIsHWR.exe
  C:\Windows\System\cfIsHWR.exe
  2⤵
  PID:4908
- C:\Windows\System\AbEpfwi.exe
  C:\Windows\System\AbEpfwi.exe
  2⤵
  PID:4608
- C:\Windows\System\LEmUdbn.exe
  C:\Windows\System\LEmUdbn.exe
  2⤵
  PID:4428
- C:\Windows\System\vqKCfJK.exe
  C:\Windows\System\vqKCfJK.exe
  2⤵
  PID:5020
- C:\Windows\System\MZKvXar.exe
  C:\Windows\System\MZKvXar.exe
  2⤵
  PID:5084
- C:\Windows\System\jcRYVVc.exe
  C:\Windows\System\jcRYVVc.exe
  2⤵
  PID:4848
- C:\Windows\System\XZQXkEb.exe
  C:\Windows\System\XZQXkEb.exe
  2⤵
  PID:4928
- C:\Windows\System\uxJyMaf.exe
  C:\Windows\System\uxJyMaf.exe
  2⤵
  PID:5056
- C:\Windows\System\CGoUiMX.exe
  C:\Windows\System\CGoUiMX.exe
  2⤵
  PID:3700
- C:\Windows\System\ZDhTAXz.exe
  C:\Windows\System\ZDhTAXz.exe
  2⤵
  PID:2596
- C:\Windows\System\mKuOrVs.exe
  C:\Windows\System\mKuOrVs.exe
  2⤵
  PID:1496
- C:\Windows\System\PyKSEjb.exe
  C:\Windows\System\PyKSEjb.exe
  2⤵
  PID:4192
- C:\Windows\System\rnHLrLL.exe
  C:\Windows\System\rnHLrLL.exe
  2⤵
  PID:4612
- C:\Windows\System\fOFtXKm.exe
  C:\Windows\System\fOFtXKm.exe
  2⤵
  PID:4732
- C:\Windows\System\stvLUaH.exe
  C:\Windows\System\stvLUaH.exe
  2⤵
  PID:5132
- C:\Windows\System\TbxGYLz.exe
  C:\Windows\System\TbxGYLz.exe
  2⤵
  PID:5148
- C:\Windows\System\YIRQtle.exe
  C:\Windows\System\YIRQtle.exe
  2⤵
  PID:5180
- C:\Windows\System\OKuOVLe.exe
  C:\Windows\System\OKuOVLe.exe
  2⤵
  PID:5196
- C:\Windows\System\keoinQO.exe
  C:\Windows\System\keoinQO.exe
  2⤵
  PID:5212
- C:\Windows\System\cHxHYZm.exe
  C:\Windows\System\cHxHYZm.exe
  2⤵
  PID:5228
- C:\Windows\System\nftcBIS.exe
  C:\Windows\System\nftcBIS.exe
  2⤵
  PID:5244
- C:\Windows\System\sEBvMjC.exe
  C:\Windows\System\sEBvMjC.exe
  2⤵
  PID:5260
- C:\Windows\System\tVBjQmg.exe
  C:\Windows\System\tVBjQmg.exe
  2⤵
  PID:5276
- C:\Windows\System\CntSFQd.exe
  C:\Windows\System\CntSFQd.exe
  2⤵
  PID:5292
- C:\Windows\System\HZEvxAJ.exe
  C:\Windows\System\HZEvxAJ.exe
  2⤵
  PID:5308
- C:\Windows\System\fYIRkMR.exe
  C:\Windows\System\fYIRkMR.exe
  2⤵
  PID:5324
- C:\Windows\System\UzJmvxS.exe
  C:\Windows\System\UzJmvxS.exe
  2⤵
  PID:5340
- C:\Windows\System\bIbMzEc.exe
  C:\Windows\System\bIbMzEc.exe
  2⤵
  PID:5356
- C:\Windows\System\NbzLqKE.exe
  C:\Windows\System\NbzLqKE.exe
  2⤵
  PID:5372
- C:\Windows\System\xtIuvcC.exe
  C:\Windows\System\xtIuvcC.exe
  2⤵
  PID:5388
- C:\Windows\System\oSRORik.exe
  C:\Windows\System\oSRORik.exe
  2⤵
  PID:5404
- C:\Windows\System\FCqVPKm.exe
  C:\Windows\System\FCqVPKm.exe
  2⤵
  PID:5420
- C:\Windows\System\sgXnFXK.exe
  C:\Windows\System\sgXnFXK.exe
  2⤵
  PID:5436
- C:\Windows\System\aAVRbQJ.exe
  C:\Windows\System\aAVRbQJ.exe
  2⤵
  PID:5452
- C:\Windows\System\hOTMqlv.exe
  C:\Windows\System\hOTMqlv.exe
  2⤵
  PID:5468
- C:\Windows\System\LvYqpuL.exe
  C:\Windows\System\LvYqpuL.exe
  2⤵
  PID:5484
- C:\Windows\System\VrqGxOs.exe
  C:\Windows\System\VrqGxOs.exe
  2⤵
  PID:5500
- C:\Windows\System\grEyMnA.exe
  C:\Windows\System\grEyMnA.exe
  2⤵
  PID:5516
- C:\Windows\System\DAraQzw.exe
  C:\Windows\System\DAraQzw.exe
  2⤵
  PID:5532
- C:\Windows\System\vNguTIR.exe
  C:\Windows\System\vNguTIR.exe
  2⤵
  PID:5548
- C:\Windows\System\wdvPCiN.exe
  C:\Windows\System\wdvPCiN.exe
  2⤵
  PID:5564
- C:\Windows\System\IlvdMWm.exe
  C:\Windows\System\IlvdMWm.exe
  2⤵
  PID:5580
- C:\Windows\System\XNiCddt.exe
  C:\Windows\System\XNiCddt.exe
  2⤵
  PID:5596
- C:\Windows\System\kntEeuv.exe
  C:\Windows\System\kntEeuv.exe
  2⤵
  PID:5612
- C:\Windows\System\FiBzwUh.exe
  C:\Windows\System\FiBzwUh.exe
  2⤵
  PID:5628
- C:\Windows\System\zJOnvLF.exe
  C:\Windows\System\zJOnvLF.exe
  2⤵
  PID:5644
- C:\Windows\System\ZckBmmA.exe
  C:\Windows\System\ZckBmmA.exe
  2⤵
  PID:5660
- C:\Windows\System\XLCIgse.exe
  C:\Windows\System\XLCIgse.exe
  2⤵
  PID:5676
- C:\Windows\System\JCvSExY.exe
  C:\Windows\System\JCvSExY.exe
  2⤵
  PID:5692
- C:\Windows\System\YDDmbvB.exe
  C:\Windows\System\YDDmbvB.exe
  2⤵
  PID:5708
- C:\Windows\System\hVlLIMM.exe
  C:\Windows\System\hVlLIMM.exe
  2⤵
  PID:5724
- C:\Windows\System\FThkbSJ.exe
  C:\Windows\System\FThkbSJ.exe
  2⤵
  PID:5740
- C:\Windows\System\dcCtkPO.exe
  C:\Windows\System\dcCtkPO.exe
  2⤵
  PID:5756
- C:\Windows\System\bhfKzQN.exe
  C:\Windows\System\bhfKzQN.exe
  2⤵
  PID:5772
- C:\Windows\System\hPXBOnI.exe
  C:\Windows\System\hPXBOnI.exe
  2⤵
  PID:5788
- C:\Windows\System\LETvljC.exe
  C:\Windows\System\LETvljC.exe
  2⤵
  PID:5804
- C:\Windows\System\TAukEep.exe
  C:\Windows\System\TAukEep.exe
  2⤵
  PID:5820
- C:\Windows\System\HYahCez.exe
  C:\Windows\System\HYahCez.exe
  2⤵
  PID:5836
- C:\Windows\System\clElaQW.exe
  C:\Windows\System\clElaQW.exe
  2⤵
  PID:5852
- C:\Windows\System\zjwpqVe.exe
  C:\Windows\System\zjwpqVe.exe
  2⤵
  PID:5868
- C:\Windows\System\mVpObNN.exe
  C:\Windows\System\mVpObNN.exe
  2⤵
  PID:5884
- C:\Windows\System\OrTBhJP.exe
  C:\Windows\System\OrTBhJP.exe
  2⤵
  PID:5900
- C:\Windows\System\DiurHwM.exe
  C:\Windows\System\DiurHwM.exe
  2⤵
  PID:5916
- C:\Windows\System\CDVnGMS.exe
  C:\Windows\System\CDVnGMS.exe
  2⤵
  PID:5932
- C:\Windows\System\PkomXmk.exe
  C:\Windows\System\PkomXmk.exe
  2⤵
  PID:5948
- C:\Windows\System\GTnlnVY.exe
  C:\Windows\System\GTnlnVY.exe
  2⤵
  PID:5964
- C:\Windows\System\FxXtbiD.exe
  C:\Windows\System\FxXtbiD.exe
  2⤵
  PID:5980
- C:\Windows\System\rFlzVdu.exe
  C:\Windows\System\rFlzVdu.exe
  2⤵
  PID:5996
- C:\Windows\System\EwtaTEF.exe
  C:\Windows\System\EwtaTEF.exe
  2⤵
  PID:6012
- C:\Windows\System\tMfHDDj.exe
  C:\Windows\System\tMfHDDj.exe
  2⤵
  PID:6028
- C:\Windows\System\DCzWzMA.exe
  C:\Windows\System\DCzWzMA.exe
  2⤵
  PID:6044
- C:\Windows\System\KDueSkQ.exe
  C:\Windows\System\KDueSkQ.exe
  2⤵
  PID:6060
- C:\Windows\System\iaRfgul.exe
  C:\Windows\System\iaRfgul.exe
  2⤵
  PID:6076
- C:\Windows\System\CQuBpQy.exe
  C:\Windows\System\CQuBpQy.exe
  2⤵
  PID:6092
- C:\Windows\System\pmArnjC.exe
  C:\Windows\System\pmArnjC.exe
  2⤵
  PID:6108
- C:\Windows\System\jFAWpfh.exe
  C:\Windows\System\jFAWpfh.exe
  2⤵
  PID:6124
- C:\Windows\System\msvmHQl.exe
  C:\Windows\System\msvmHQl.exe
  2⤵
  PID:6140
- C:\Windows\System\NLErXgV.exe
  C:\Windows\System\NLErXgV.exe
  2⤵
  PID:4956
- C:\Windows\System\iMcTLJT.exe
  C:\Windows\System\iMcTLJT.exe
  2⤵
  PID:4832
- C:\Windows\System\UvFekrx.exe
  C:\Windows\System\UvFekrx.exe
  2⤵
  PID:3336
- C:\Windows\System\jfhSLbG.exe
  C:\Windows\System\jfhSLbG.exe
  2⤵
  PID:3816
- C:\Windows\System\ZcojuKN.exe
  C:\Windows\System\ZcojuKN.exe
  2⤵
  PID:4652
- C:\Windows\System\XQLnzBx.exe
  C:\Windows\System\XQLnzBx.exe
  2⤵
  PID:3596
- C:\Windows\System\IWOfPik.exe
  C:\Windows\System\IWOfPik.exe
  2⤵
  PID:4132
- C:\Windows\System\GdHlSiR.exe
  C:\Windows\System\GdHlSiR.exe
  2⤵
  PID:4288
- C:\Windows\System\USZYOiO.exe
  C:\Windows\System\USZYOiO.exe
  2⤵
  PID:4916
- C:\Windows\System\xMMrGNF.exe
  C:\Windows\System\xMMrGNF.exe
  2⤵
  PID:4024
- C:\Windows\System\PuSvzLu.exe
  C:\Windows\System\PuSvzLu.exe
  2⤵
  PID:4148
- C:\Windows\System\AnyQSVu.exe
  C:\Windows\System\AnyQSVu.exe
  2⤵
  PID:4712
- C:\Windows\System\cQNpHVV.exe
  C:\Windows\System\cQNpHVV.exe
  2⤵
  PID:1452
- C:\Windows\System\fefbaDr.exe
  C:\Windows\System\fefbaDr.exe
  2⤵
  PID:5188
- C:\Windows\System\cnOXdMP.exe
  C:\Windows\System\cnOXdMP.exe
  2⤵
  PID:5300
- C:\Windows\System\gkQpNjN.exe
  C:\Windows\System\gkQpNjN.exe
  2⤵
  PID:5364
- C:\Windows\System\eHCLNTn.exe
  C:\Windows\System\eHCLNTn.exe
  2⤵
  PID:5476
- C:\Windows\System\BWKrhOg.exe
  C:\Windows\System\BWKrhOg.exe
  2⤵
  PID:5540
- C:\Windows\System\xaKMeCP.exe
  C:\Windows\System\xaKMeCP.exe
  2⤵
  PID:5428
- C:\Windows\System\UeJsapf.exe
  C:\Windows\System\UeJsapf.exe
  2⤵
  PID:5576
- C:\Windows\System\emrNOXK.exe
  C:\Windows\System\emrNOXK.exe
  2⤵
  PID:5640
- C:\Windows\System\TeyHAxz.exe
  C:\Windows\System\TeyHAxz.exe
  2⤵
  PID:5624
- C:\Windows\System\XpuAzdc.exe
  C:\Windows\System\XpuAzdc.exe
  2⤵
  PID:5496
- C:\Windows\System\BvpfCRL.exe
  C:\Windows\System\BvpfCRL.exe
  2⤵
  PID:5816
- C:\Windows\System\jDkBtHW.exe
  C:\Windows\System\jDkBtHW.exe
  2⤵
  PID:5764
- C:\Windows\System\MDwAFxQ.exe
  C:\Windows\System\MDwAFxQ.exe
  2⤵
  PID:5524
- C:\Windows\System\TjNAGvD.exe
  C:\Windows\System\TjNAGvD.exe
  2⤵
  PID:5192
- C:\Windows\System\HAboEcA.exe
  C:\Windows\System\HAboEcA.exe
  2⤵
  PID:5252
- C:\Windows\System\StoOHtf.exe
  C:\Windows\System\StoOHtf.exe
  2⤵
  PID:5204
- C:\Windows\System\FrnooGX.exe
  C:\Windows\System\FrnooGX.exe
  2⤵
  PID:2796
- C:\Windows\System\MAFgKdA.exe
  C:\Windows\System\MAFgKdA.exe
  2⤵
  PID:5348
- C:\Windows\System\KVUeQEO.exe
  C:\Windows\System\KVUeQEO.exe
  2⤵
  PID:2752
- C:\Windows\System\Rlcdrct.exe
  C:\Windows\System\Rlcdrct.exe
  2⤵
  PID:1584
- C:\Windows\System\auhXpBk.exe
  C:\Windows\System\auhXpBk.exe
  2⤵
  PID:5268
- C:\Windows\System\KRQwMjY.exe
  C:\Windows\System\KRQwMjY.exe
  2⤵
  PID:5080
- C:\Windows\System\lWUEEso.exe
  C:\Windows\System\lWUEEso.exe
  2⤵
  PID:6036
- C:\Windows\System\mPvnjdj.exe
  C:\Windows\System\mPvnjdj.exe
  2⤵
  PID:5944
- C:\Windows\System\wrtCqeY.exe
  C:\Windows\System\wrtCqeY.exe
  2⤵
  PID:5508
- C:\Windows\System\EBiVuqf.exe
  C:\Windows\System\EBiVuqf.exe
  2⤵
  PID:5448
- C:\Windows\System\UKEobNb.exe
  C:\Windows\System\UKEobNb.exe
  2⤵
  PID:2804
- C:\Windows\System\fQFLXVX.exe
  C:\Windows\System\fQFLXVX.exe
  2⤵
  PID:5704
- C:\Windows\System\mfoAyAu.exe
  C:\Windows\System\mfoAyAu.exe
  2⤵
  PID:2456
- C:\Windows\System\IIeecQw.exe
  C:\Windows\System\IIeecQw.exe
  2⤵
  PID:2272
- C:\Windows\System\uNkLIDw.exe
  C:\Windows\System\uNkLIDw.exe
  2⤵
  PID:5880
- C:\Windows\System\YQvkacm.exe
  C:\Windows\System\YQvkacm.exe
  2⤵
  PID:5908
- C:\Windows\System\qWdeTCm.exe
  C:\Windows\System\qWdeTCm.exe
  2⤵
  PID:5912
- C:\Windows\System\JqZwiHz.exe
  C:\Windows\System\JqZwiHz.exe
  2⤵
  PID:5860
- C:\Windows\System\HRccmRd.exe
  C:\Windows\System\HRccmRd.exe
  2⤵
  PID:2428
- C:\Windows\System\ukkHGjg.exe
  C:\Windows\System\ukkHGjg.exe
  2⤵
  PID:1544
- C:\Windows\System\fFTFvAx.exe
  C:\Windows\System\fFTFvAx.exe
  2⤵
  PID:5960
- C:\Windows\System\sNnmUcH.exe
  C:\Windows\System\sNnmUcH.exe
  2⤵
  PID:2392
- C:\Windows\System\kMYCzYT.exe
  C:\Windows\System\kMYCzYT.exe
  2⤵
  PID:5688
- C:\Windows\System\QDcRVLU.exe
  C:\Windows\System\QDcRVLU.exe
  2⤵
  PID:5592
- C:\Windows\System\TeyTyGx.exe
  C:\Windows\System\TeyTyGx.exe
  2⤵
  PID:6020
- C:\Windows\System\mufmDEw.exe
  C:\Windows\System\mufmDEw.exe
  2⤵
  PID:2896
- C:\Windows\System\sbwWNYl.exe
  C:\Windows\System\sbwWNYl.exe
  2⤵
  PID:2912
- C:\Windows\System\BEdppGT.exe
  C:\Windows\System\BEdppGT.exe
  2⤵
  PID:5780
- C:\Windows\System\SpGkCJX.exe
  C:\Windows\System\SpGkCJX.exe
  2⤵
  PID:4888
- C:\Windows\System\qpLnfgT.exe
  C:\Windows\System\qpLnfgT.exe
  2⤵
  PID:2324
- C:\Windows\System\PXZuiLp.exe
  C:\Windows\System\PXZuiLp.exe
  2⤵
  PID:4616
- C:\Windows\System\oMNENQo.exe
  C:\Windows\System\oMNENQo.exe
  2⤵
  PID:6072
- C:\Windows\System\VxXRBqz.exe
  C:\Windows\System\VxXRBqz.exe
  2⤵
  PID:6136
- C:\Windows\System\gaslbLR.exe
  C:\Windows\System\gaslbLR.exe
  2⤵
  PID:5076
- C:\Windows\System\JRARabe.exe
  C:\Windows\System\JRARabe.exe
  2⤵
  PID:640
- C:\Windows\System\GyKGrJl.exe
  C:\Windows\System\GyKGrJl.exe
  2⤵
  PID:2720
- C:\Windows\System\ilGPFYT.exe
  C:\Windows\System\ilGPFYT.exe
  2⤵
  PID:2756
- C:\Windows\System\YrpOXtD.exe
  C:\Windows\System\YrpOXtD.exe
  2⤵
  PID:5320
- C:\Windows\System\HbAjFTc.exe
  C:\Windows\System\HbAjFTc.exe
  2⤵
  PID:2408
- C:\Windows\System\BxWNBXy.exe
  C:\Windows\System\BxWNBXy.exe
  2⤵
  PID:4292
- C:\Windows\System\mynNmbn.exe
  C:\Windows\System\mynNmbn.exe
  2⤵
  PID:5444
- C:\Windows\System\hzDyeuj.exe
  C:\Windows\System\hzDyeuj.exe
  2⤵
  PID:6040
- C:\Windows\System\BDmzixj.exe
  C:\Windows\System\BDmzixj.exe
  2⤵
  PID:2728
- C:\Windows\System\mScBRom.exe
  C:\Windows\System\mScBRom.exe
  2⤵
  PID:5460
- C:\Windows\System\CRjFnne.exe
  C:\Windows\System\CRjFnne.exe
  2⤵
  PID:2472
- C:\Windows\System\sdRwjNB.exe
  C:\Windows\System\sdRwjNB.exe
  2⤵
  PID:5864
- C:\Windows\System\qDXYTpd.exe
  C:\Windows\System\qDXYTpd.exe
  2⤵
  PID:2076
- C:\Windows\System\ooiGQQt.exe
  C:\Windows\System\ooiGQQt.exe
  2⤵
  PID:5928
- C:\Windows\System\LRKsfjb.exe
  C:\Windows\System\LRKsfjb.exe
  2⤵
  PID:5956
- C:\Windows\System\TLNprIq.exe
  C:\Windows\System\TLNprIq.exe
  2⤵
  PID:5464
- C:\Windows\System\jidbuOp.exe
  C:\Windows\System\jidbuOp.exe
  2⤵
  PID:5876
- C:\Windows\System\mqKnWpU.exe
  C:\Windows\System\mqKnWpU.exe
  2⤵
  PID:6056
- C:\Windows\System\coZGwSq.exe
  C:\Windows\System\coZGwSq.exe
  2⤵
  PID:4932
- C:\Windows\System\OqbvPtk.exe
  C:\Windows\System\OqbvPtk.exe
  2⤵
  PID:4496
- C:\Windows\System\CuxoMNB.exe
  C:\Windows\System\CuxoMNB.exe
  2⤵
  PID:4716
- C:\Windows\System\ykuSMon.exe
  C:\Windows\System\ykuSMon.exe
  2⤵
  PID:6132
- C:\Windows\System\tnhokWX.exe
  C:\Windows\System\tnhokWX.exe
  2⤵
  PID:3736
- C:\Windows\System\RsMJJoe.exe
  C:\Windows\System\RsMJJoe.exe
  2⤵
  PID:2936
- C:\Windows\System\NFqRluN.exe
  C:\Windows\System\NFqRluN.exe
  2⤵
  PID:2956
- C:\Windows\System\IAraFLl.exe
  C:\Windows\System\IAraFLl.exe
  2⤵
  PID:5492
- C:\Windows\System\IPNdfAZ.exe
  C:\Windows\System\IPNdfAZ.exe
  2⤵
  PID:2808
- C:\Windows\System\LlvIEwo.exe
  C:\Windows\System\LlvIEwo.exe
  2⤵
  PID:5556
- C:\Windows\System\zcnodJo.exe
  C:\Windows\System\zcnodJo.exe
  2⤵
  PID:2632
- C:\Windows\System\AyzbXlq.exe
  C:\Windows\System\AyzbXlq.exe
  2⤵
  PID:3948
- C:\Windows\System\yUEehso.exe
  C:\Windows\System\yUEehso.exe
  2⤵
  PID:5992
- C:\Windows\System\HlPrumi.exe
  C:\Windows\System\HlPrumi.exe
  2⤵
  PID:6024
- C:\Windows\System\jcrKeVv.exe
  C:\Windows\System\jcrKeVv.exe
  2⤵
  PID:6160
- C:\Windows\System\BzWOHxO.exe
  C:\Windows\System\BzWOHxO.exe
  2⤵
  PID:6176
- C:\Windows\System\eWCLscY.exe
  C:\Windows\System\eWCLscY.exe
  2⤵
  PID:6192
- C:\Windows\System\gmrAhER.exe
  C:\Windows\System\gmrAhER.exe
  2⤵
  PID:6208
- C:\Windows\System\DXtkUWQ.exe
  C:\Windows\System\DXtkUWQ.exe
  2⤵
  PID:6224
- C:\Windows\System\ASRhRgA.exe
  C:\Windows\System\ASRhRgA.exe
  2⤵
  PID:6240
- C:\Windows\System\DIuLlZg.exe
  C:\Windows\System\DIuLlZg.exe
  2⤵
  PID:6256
- C:\Windows\System\wAiRhaT.exe
  C:\Windows\System\wAiRhaT.exe
  2⤵
  PID:6272
- C:\Windows\System\rUUwwFj.exe
  C:\Windows\System\rUUwwFj.exe
  2⤵
  PID:6288
- C:\Windows\System\exlODNH.exe
  C:\Windows\System\exlODNH.exe
  2⤵
  PID:6304
- C:\Windows\System\xUkmdcq.exe
  C:\Windows\System\xUkmdcq.exe
  2⤵
  PID:6320
- C:\Windows\System\RuVBtmF.exe
  C:\Windows\System\RuVBtmF.exe
  2⤵
  PID:6336
- C:\Windows\System\bAgYtTj.exe
  C:\Windows\System\bAgYtTj.exe
  2⤵
  PID:6352
- C:\Windows\System\xrSzUHz.exe
  C:\Windows\System\xrSzUHz.exe
  2⤵
  PID:6368
- C:\Windows\System\svKMPVC.exe
  C:\Windows\System\svKMPVC.exe
  2⤵
  PID:6384
- C:\Windows\System\RvFpedR.exe
  C:\Windows\System\RvFpedR.exe
  2⤵
  PID:6400
- C:\Windows\System\ErMPmHt.exe
  C:\Windows\System\ErMPmHt.exe
  2⤵
  PID:6416
- C:\Windows\System\JeEfPJS.exe
  C:\Windows\System\JeEfPJS.exe
  2⤵
  PID:6432
- C:\Windows\System\hqCNKzX.exe
  C:\Windows\System\hqCNKzX.exe
  2⤵
  PID:6452
- C:\Windows\System\jqmiMdL.exe
  C:\Windows\System\jqmiMdL.exe
  2⤵
  PID:6468
- C:\Windows\System\bsWdrPc.exe
  C:\Windows\System\bsWdrPc.exe
  2⤵
  PID:6484
- C:\Windows\System\yetqezY.exe
  C:\Windows\System\yetqezY.exe
  2⤵
  PID:6500
- C:\Windows\System\JqaxrJS.exe
  C:\Windows\System\JqaxrJS.exe
  2⤵
  PID:6516
- C:\Windows\System\wYcgJjC.exe
  C:\Windows\System\wYcgJjC.exe
  2⤵
  PID:6532
- C:\Windows\System\Eihiuit.exe
  C:\Windows\System\Eihiuit.exe
  2⤵
  PID:6548
- C:\Windows\System\cDFlMcd.exe
  C:\Windows\System\cDFlMcd.exe
  2⤵
  PID:6564
- C:\Windows\System\mesIWtj.exe
  C:\Windows\System\mesIWtj.exe
  2⤵
  PID:6580
- C:\Windows\System\SLOlpOW.exe
  C:\Windows\System\SLOlpOW.exe
  2⤵
  PID:6596
- C:\Windows\System\rGRHjBd.exe
  C:\Windows\System\rGRHjBd.exe
  2⤵
  PID:6612
- C:\Windows\System\yYAjqkR.exe
  C:\Windows\System\yYAjqkR.exe
  2⤵
  PID:6628
- C:\Windows\System\dcnQdMw.exe
  C:\Windows\System\dcnQdMw.exe
  2⤵
  PID:6644
- C:\Windows\System\wJAvBHJ.exe
  C:\Windows\System\wJAvBHJ.exe
  2⤵
  PID:6660
- C:\Windows\System\VGSdrDy.exe
  C:\Windows\System\VGSdrDy.exe
  2⤵
  PID:6676
- C:\Windows\System\xbvBnNn.exe
  C:\Windows\System\xbvBnNn.exe
  2⤵
  PID:6692
- C:\Windows\System\xkyVcig.exe
  C:\Windows\System\xkyVcig.exe
  2⤵
  PID:6708
- C:\Windows\System\RGbzQRk.exe
  C:\Windows\System\RGbzQRk.exe
  2⤵
  PID:6724
- C:\Windows\System\utPnDkP.exe
  C:\Windows\System\utPnDkP.exe
  2⤵
  PID:6740
- C:\Windows\System\yXajWFr.exe
  C:\Windows\System\yXajWFr.exe
  2⤵
  PID:6756
- C:\Windows\System\ZnIXLrs.exe
  C:\Windows\System\ZnIXLrs.exe
  2⤵
  PID:6772
- C:\Windows\System\JVLIdKT.exe
  C:\Windows\System\JVLIdKT.exe
  2⤵
  PID:6788
- C:\Windows\System\kdmdgKx.exe
  C:\Windows\System\kdmdgKx.exe
  2⤵
  PID:6804
- C:\Windows\System\FAiQHeQ.exe
  C:\Windows\System\FAiQHeQ.exe
  2⤵
  PID:6820
- C:\Windows\System\nnFSAto.exe
  C:\Windows\System\nnFSAto.exe
  2⤵
  PID:6836
- C:\Windows\System\pkRFRYM.exe
  C:\Windows\System\pkRFRYM.exe
  2⤵
  PID:6852
- C:\Windows\System\KYXzLNx.exe
  C:\Windows\System\KYXzLNx.exe
  2⤵
  PID:6868
- C:\Windows\System\hmJHnMo.exe
  C:\Windows\System\hmJHnMo.exe
  2⤵
  PID:6884
- C:\Windows\System\zceKZxP.exe
  C:\Windows\System\zceKZxP.exe
  2⤵
  PID:6900
- C:\Windows\System\oBmeNAz.exe
  C:\Windows\System\oBmeNAz.exe
  2⤵
  PID:6916
- C:\Windows\System\euvKFeo.exe
  C:\Windows\System\euvKFeo.exe
  2⤵
  PID:6932
- C:\Windows\System\LUiJDSf.exe
  C:\Windows\System\LUiJDSf.exe
  2⤵
  PID:6948
- C:\Windows\System\xrQnIhM.exe
  C:\Windows\System\xrQnIhM.exe
  2⤵
  PID:6964
- C:\Windows\System\zFIzrhY.exe
  C:\Windows\System\zFIzrhY.exe
  2⤵
  PID:6980
- C:\Windows\System\rXSuKyB.exe
  C:\Windows\System\rXSuKyB.exe
  2⤵
  PID:6996
- C:\Windows\System\mRGLsDy.exe
  C:\Windows\System\mRGLsDy.exe
  2⤵
  PID:7012
- C:\Windows\System\vHqUjum.exe
  C:\Windows\System\vHqUjum.exe
  2⤵
  PID:7028
- C:\Windows\System\JllgPTl.exe
  C:\Windows\System\JllgPTl.exe
  2⤵
  PID:7044
- C:\Windows\System\xgTQrQS.exe
  C:\Windows\System\xgTQrQS.exe
  2⤵
  PID:7060
- C:\Windows\System\oHciqXF.exe
  C:\Windows\System\oHciqXF.exe
  2⤵
  PID:7076
- C:\Windows\System\FMpBcmE.exe
  C:\Windows\System\FMpBcmE.exe
  2⤵
  PID:7092
- C:\Windows\System\TmaAfeJ.exe
  C:\Windows\System\TmaAfeJ.exe
  2⤵
  PID:7108
- C:\Windows\System\KyKCLuF.exe
  C:\Windows\System\KyKCLuF.exe
  2⤵
  PID:7124
- C:\Windows\System\SljsaSl.exe
  C:\Windows\System\SljsaSl.exe
  2⤵
  PID:7140
- C:\Windows\System\gEOZlRU.exe
  C:\Windows\System\gEOZlRU.exe
  2⤵
  PID:7156
- C:\Windows\System\fRsIWot.exe
  C:\Windows\System\fRsIWot.exe
  2⤵
  PID:4252
- C:\Windows\System\tzEuOEz.exe
  C:\Windows\System\tzEuOEz.exe
  2⤵
  PID:4472
- C:\Windows\System\vHyWHSU.exe
  C:\Windows\System\vHyWHSU.exe
  2⤵
  PID:5236
- C:\Windows\System\AQlrKeS.exe
  C:\Windows\System\AQlrKeS.exe
  2⤵
  PID:3880
- C:\Windows\System\HHXGpPW.exe
  C:\Windows\System\HHXGpPW.exe
  2⤵
  PID:2220
- C:\Windows\System\GGRfcFy.exe
  C:\Windows\System\GGRfcFy.exe
  2⤵
  PID:5560
- C:\Windows\System\mufjVNM.exe
  C:\Windows\System\mufjVNM.exe
  2⤵
  PID:5716
- C:\Windows\System\mpkDrlK.exe
  C:\Windows\System\mpkDrlK.exe
  2⤵
  PID:6168
- C:\Windows\System\jOGwxqX.exe
  C:\Windows\System\jOGwxqX.exe
  2⤵
  PID:6200
- C:\Windows\System\eRllyru.exe
  C:\Windows\System\eRllyru.exe
  2⤵
  PID:6216
- C:\Windows\System\HzRpklX.exe
  C:\Windows\System\HzRpklX.exe
  2⤵
  PID:6264
- C:\Windows\System\OXsGxYL.exe
  C:\Windows\System\OXsGxYL.exe
  2⤵
  PID:6252
- C:\Windows\System\GBVVUeN.exe
  C:\Windows\System\GBVVUeN.exe
  2⤵
  PID:6332
- C:\Windows\System\vYYYujI.exe
  C:\Windows\System\vYYYujI.exe
  2⤵
  PID:6344
- C:\Windows\System\qyBTdhv.exe
  C:\Windows\System\qyBTdhv.exe
  2⤵
  PID:6396
- C:\Windows\System\yAlehFh.exe
  C:\Windows\System\yAlehFh.exe
  2⤵
  PID:6380
- C:\Windows\System\jaARCGB.exe
  C:\Windows\System\jaARCGB.exe
  2⤵
  PID:6464
- C:\Windows\System\FKRKcan.exe
  C:\Windows\System\FKRKcan.exe
  2⤵
  PID:6496
- C:\Windows\System\JWIXxuq.exe
  C:\Windows\System\JWIXxuq.exe
  2⤵
  PID:6480
- C:\Windows\System\dsxUGSO.exe
  C:\Windows\System\dsxUGSO.exe
  2⤵
  PID:6560
- C:\Windows\System\GvyPTMy.exe
  C:\Windows\System\GvyPTMy.exe
  2⤵
  PID:6544
- C:\Windows\System\NWcuDNO.exe
  C:\Windows\System\NWcuDNO.exe
  2⤵
  PID:6652
- C:\Windows\System\sRAEBYb.exe
  C:\Windows\System\sRAEBYb.exe
  2⤵
  PID:6636
- C:\Windows\System\nKHQfVH.exe
  C:\Windows\System\nKHQfVH.exe
  2⤵
  PID:6684
- C:\Windows\System\jLJofdW.exe
  C:\Windows\System\jLJofdW.exe
  2⤵
  PID:6716
- C:\Windows\System\MUTKgts.exe
  C:\Windows\System\MUTKgts.exe
  2⤵
  PID:6672
- C:\Windows\System\grtMfxL.exe
  C:\Windows\System\grtMfxL.exe
  2⤵
  PID:6752
- C:\Windows\System\NRCfpNM.exe
  C:\Windows\System\NRCfpNM.exe
  2⤵
  PID:6784
- C:\Windows\System\mgZHCdU.exe
  C:\Windows\System\mgZHCdU.exe
  2⤵
  PID:6848
- C:\Windows\System\VXbihyf.exe
  C:\Windows\System\VXbihyf.exe
  2⤵
  PID:6876
- C:\Windows\System\YghXSjt.exe
  C:\Windows\System\YghXSjt.exe
  2⤵
  PID:6880
- C:\Windows\System\pmYLUfc.exe
  C:\Windows\System\pmYLUfc.exe
  2⤵
  PID:6912
- C:\Windows\System\uJjgjyv.exe
  C:\Windows\System\uJjgjyv.exe
  2⤵
  PID:6928
- C:\Windows\System\UqdlGUa.exe
  C:\Windows\System\UqdlGUa.exe
  2⤵
  PID:6960
- C:\Windows\System\iafusid.exe
  C:\Windows\System\iafusid.exe
  2⤵
  PID:6988
- C:\Windows\System\iwdtXYr.exe
  C:\Windows\System\iwdtXYr.exe
  2⤵
  PID:7068
- C:\Windows\System\KldIquM.exe
  C:\Windows\System\KldIquM.exe
  2⤵
  PID:7100
- C:\Windows\System\PdwBhsg.exe
  C:\Windows\System\PdwBhsg.exe
  2⤵
  PID:7024
- C:\Windows\System\GTLuNRj.exe
  C:\Windows\System\GTLuNRj.exe
  2⤵
  PID:7084
- C:\Windows\System\sXTfSYA.exe
  C:\Windows\System\sXTfSYA.exe
  2⤵
  PID:2968
- C:\Windows\System\PJeoYtU.exe
  C:\Windows\System\PJeoYtU.exe
  2⤵
  PID:7120
- C:\Windows\System\HmXQIpt.exe
  C:\Windows\System\HmXQIpt.exe
  2⤵
  PID:2996
- C:\Windows\System\cXzJGMf.exe
  C:\Windows\System\cXzJGMf.exe
  2⤵
  PID:6236
- C:\Windows\System\BraOaPn.exe
  C:\Windows\System\BraOaPn.exe
  2⤵
  PID:6104
- C:\Windows\System\yOOEBIx.exe
  C:\Windows\System\yOOEBIx.exe
  2⤵
  PID:6008
- C:\Windows\System\RDGckRO.exe
  C:\Windows\System\RDGckRO.exe
  2⤵
  PID:6376
- C:\Windows\System\iZtFsaK.exe
  C:\Windows\System\iZtFsaK.exe
  2⤵
  PID:6296
- C:\Windows\System\fbbEbVd.exe
  C:\Windows\System\fbbEbVd.exe
  2⤵
  PID:6284
- C:\Windows\System\vNPpXDl.exe
  C:\Windows\System\vNPpXDl.exe
  2⤵
  PID:6460
- C:\Windows\System\dLnKbUi.exe
  C:\Windows\System\dLnKbUi.exe
  2⤵
  PID:7180
- C:\Windows\System\LbxtUAb.exe
  C:\Windows\System\LbxtUAb.exe
  2⤵
  PID:7196
- C:\Windows\System\QsGrAAs.exe
  C:\Windows\System\QsGrAAs.exe
  2⤵
  PID:7212
- C:\Windows\System\cwTgYuW.exe
  C:\Windows\System\cwTgYuW.exe
  2⤵
  PID:7228
- C:\Windows\System\FaZXYqB.exe
  C:\Windows\System\FaZXYqB.exe
  2⤵
  PID:7248
- C:\Windows\System\aWzxFfB.exe
  C:\Windows\System\aWzxFfB.exe
  2⤵
  PID:7264
- C:\Windows\System\iWHWvOQ.exe
  C:\Windows\System\iWHWvOQ.exe
  2⤵
  PID:7284
- C:\Windows\System\IvRBlyG.exe
  C:\Windows\System\IvRBlyG.exe
  2⤵
  PID:7300
- C:\Windows\System\tGWzeke.exe
  C:\Windows\System\tGWzeke.exe
  2⤵
  PID:7316
- C:\Windows\System\dcKsWfa.exe
  C:\Windows\System\dcKsWfa.exe
  2⤵
  PID:7332
- C:\Windows\System\lonvebw.exe
  C:\Windows\System\lonvebw.exe
  2⤵
  PID:7348
- C:\Windows\System\LHzMJqM.exe
  C:\Windows\System\LHzMJqM.exe
  2⤵
  PID:7364
- C:\Windows\System\XmEfBPs.exe
  C:\Windows\System\XmEfBPs.exe
  2⤵
  PID:7380
- C:\Windows\System\AhgGjCf.exe
  C:\Windows\System\AhgGjCf.exe
  2⤵
  PID:7396
- C:\Windows\System\WdWlfeP.exe
  C:\Windows\System\WdWlfeP.exe
  2⤵
  PID:7412
- C:\Windows\System\KGhPCtu.exe
  C:\Windows\System\KGhPCtu.exe
  2⤵
  PID:7428
- C:\Windows\System\OdincYq.exe
  C:\Windows\System\OdincYq.exe
  2⤵
  PID:7444
- C:\Windows\System\Hkawgez.exe
  C:\Windows\System\Hkawgez.exe
  2⤵
  PID:7464
- C:\Windows\System\HXwkFwB.exe
  C:\Windows\System\HXwkFwB.exe
  2⤵
  PID:7488
- C:\Windows\System\CYMLbOp.exe
  C:\Windows\System\CYMLbOp.exe
  2⤵
  PID:7516
- C:\Windows\System\ceskwaJ.exe
  C:\Windows\System\ceskwaJ.exe
  2⤵
  PID:7548
- C:\Windows\System\YYnyzQb.exe
  C:\Windows\System\YYnyzQb.exe
  2⤵
  PID:7576
- C:\Windows\System\mSTVnvw.exe
  C:\Windows\System\mSTVnvw.exe
  2⤵
  PID:7604
- C:\Windows\System\ANdCwFx.exe
  C:\Windows\System\ANdCwFx.exe
  2⤵
  PID:7636
- C:\Windows\System\xKyGPTQ.exe
  C:\Windows\System\xKyGPTQ.exe
  2⤵
  PID:7660
- C:\Windows\System\WsoyFsw.exe
  C:\Windows\System\WsoyFsw.exe
  2⤵
  PID:7688
- C:\Windows\System\msuhgnF.exe
  C:\Windows\System\msuhgnF.exe
  2⤵
  PID:7724
- C:\Windows\System\zXjKlrE.exe
  C:\Windows\System\zXjKlrE.exe
  2⤵
  PID:7780
- C:\Windows\System\AueXDnR.exe
  C:\Windows\System\AueXDnR.exe
  2⤵
  PID:7796
- C:\Windows\System\DglzfLH.exe
  C:\Windows\System\DglzfLH.exe
  2⤵
  PID:7812
- C:\Windows\System\kwNJBHH.exe
  C:\Windows\System\kwNJBHH.exe
  2⤵
  PID:7828
- C:\Windows\System\wmDHSHB.exe
  C:\Windows\System\wmDHSHB.exe
  2⤵
  PID:7844
- C:\Windows\System\rsXmNTJ.exe
  C:\Windows\System\rsXmNTJ.exe
  2⤵
  PID:7864
- C:\Windows\System\IcStery.exe
  C:\Windows\System\IcStery.exe
  2⤵
  PID:7880
- C:\Windows\System\sfqOSBK.exe
  C:\Windows\System\sfqOSBK.exe
  2⤵
  PID:7896
- C:\Windows\System\BYgcTkM.exe
  C:\Windows\System\BYgcTkM.exe
  2⤵
  PID:7912
- C:\Windows\System\geVWXfN.exe
  C:\Windows\System\geVWXfN.exe
  2⤵
  PID:7928
- C:\Windows\System\OzIqRHS.exe
  C:\Windows\System\OzIqRHS.exe
  2⤵
  PID:7944
- C:\Windows\System\CxmMwWG.exe
  C:\Windows\System\CxmMwWG.exe
  2⤵
  PID:7960
- C:\Windows\System\QlQXawb.exe
  C:\Windows\System\QlQXawb.exe
  2⤵
  PID:7976
- C:\Windows\System\MmSsFeq.exe
  C:\Windows\System\MmSsFeq.exe
  2⤵
  PID:7992
- C:\Windows\System\HIrhVnn.exe
  C:\Windows\System\HIrhVnn.exe
  2⤵
  PID:8008
- C:\Windows\System\yNuhJAe.exe
  C:\Windows\System\yNuhJAe.exe
  2⤵
  PID:8024
- C:\Windows\System\GtqCJqB.exe
  C:\Windows\System\GtqCJqB.exe
  2⤵
  PID:8040
- C:\Windows\System\NZsQPmi.exe
  C:\Windows\System\NZsQPmi.exe
  2⤵
  PID:8056
- C:\Windows\System\aHmvMTx.exe
  C:\Windows\System\aHmvMTx.exe
  2⤵
  PID:8072
- C:\Windows\System\JEuvRzy.exe
  C:\Windows\System\JEuvRzy.exe
  2⤵
  PID:8088
- C:\Windows\System\iXhfNFq.exe
  C:\Windows\System\iXhfNFq.exe
  2⤵
  PID:8104
- C:\Windows\System\XGGzzcQ.exe
  C:\Windows\System\XGGzzcQ.exe
  2⤵
  PID:8120
- C:\Windows\System\peaZsWJ.exe
  C:\Windows\System\peaZsWJ.exe
  2⤵
  PID:8136
- C:\Windows\System\pinQCuS.exe
  C:\Windows\System\pinQCuS.exe
  2⤵
  PID:8152
- C:\Windows\System\nUFTPhP.exe
  C:\Windows\System\nUFTPhP.exe
  2⤵
  PID:8168
- C:\Windows\System\COhtvsh.exe
  C:\Windows\System\COhtvsh.exe
  2⤵
  PID:8184
- C:\Windows\System\CYpFnGi.exe
  C:\Windows\System\CYpFnGi.exe
  2⤵
  PID:6732
- C:\Windows\System\rQeSPPH.exe
  C:\Windows\System\rQeSPPH.exe
  2⤵
  PID:6892
- C:\Windows\System\rbNCUJG.exe
  C:\Windows\System\rbNCUJG.exe
  2⤵
  PID:6316
- C:\Windows\System\fayLGpB.exe
  C:\Windows\System\fayLGpB.exe
  2⤵
  PID:7132
- C:\Windows\System\gYgyhNv.exe
  C:\Windows\System\gYgyhNv.exe
  2⤵
  PID:6620
- C:\Windows\System\JBeUYYA.exe
  C:\Windows\System\JBeUYYA.exe
  2⤵
  PID:4764
- C:\Windows\System\HHkHMLG.exe
  C:\Windows\System\HHkHMLG.exe
  2⤵
  PID:7176
- C:\Windows\System\JccEVBB.exe
  C:\Windows\System\JccEVBB.exe
  2⤵
  PID:6476
- C:\Windows\System\vfycUxz.exe
  C:\Windows\System\vfycUxz.exe
  2⤵
  PID:6576
- C:\Windows\System\XlWbCCz.exe
  C:\Windows\System\XlWbCCz.exe
  2⤵
  PID:6704
- C:\Windows\System\FqDbtGl.exe
  C:\Windows\System\FqDbtGl.exe
  2⤵
  PID:6832
- C:\Windows\System\ZugmaMc.exe
  C:\Windows\System\ZugmaMc.exe
  2⤵
  PID:7004
- C:\Windows\System\ITjlqwr.exe
  C:\Windows\System\ITjlqwr.exe
  2⤵
  PID:6528
- C:\Windows\System\lqYyAeV.exe
  C:\Windows\System\lqYyAeV.exe
  2⤵
  PID:6248
- C:\Windows\System\lKTqzdA.exe
  C:\Windows\System\lKTqzdA.exe
  2⤵
  PID:7276
- C:\Windows\System\WfnezRP.exe
  C:\Windows\System\WfnezRP.exe
  2⤵
  PID:7236
- C:\Windows\System\zWFHxJS.exe
  C:\Windows\System\zWFHxJS.exe
  2⤵
  PID:7344
- C:\Windows\System\YuSzyBN.exe
  C:\Windows\System\YuSzyBN.exe
  2⤵
  PID:5620
- C:\Windows\System\kIQScgH.exe
  C:\Windows\System\kIQScgH.exe
  2⤵
  PID:7192
- C:\Windows\System\lbRqsKC.exe
  C:\Windows\System\lbRqsKC.exe
  2⤵
  PID:7260
- C:\Windows\System\BbGJXyw.exe
  C:\Windows\System\BbGJXyw.exe
  2⤵
  PID:7328
- C:\Windows\System\DENwMUV.exe
  C:\Windows\System\DENwMUV.exe
  2⤵
  PID:7392
- C:\Windows\System\bUgJRYT.exe
  C:\Windows\System\bUgJRYT.exe
  2⤵
  PID:7460
- C:\Windows\System\eTdybPT.exe
  C:\Windows\System\eTdybPT.exe
  2⤵
  PID:7504
- C:\Windows\System\iAedJaM.exe
  C:\Windows\System\iAedJaM.exe
  2⤵
  PID:7560
- C:\Windows\System\BpfFuCh.exe
  C:\Windows\System\BpfFuCh.exe
  2⤵
  PID:7612
- C:\Windows\System\HEtKaWT.exe
  C:\Windows\System\HEtKaWT.exe
  2⤵
  PID:7628
- C:\Windows\System\wzxYguU.exe
  C:\Windows\System\wzxYguU.exe
  2⤵
  PID:7672
- C:\Windows\System\ZTdloWv.exe
  C:\Windows\System\ZTdloWv.exe
  2⤵
  PID:7376
- C:\Windows\System\FcGtEFW.exe
  C:\Windows\System\FcGtEFW.exe
  2⤵
  PID:5384
- C:\Windows\System\dtXinEM.exe
  C:\Windows\System\dtXinEM.exe
  2⤵
  PID:7408
- C:\Windows\System\hpWQxsp.exe
  C:\Windows\System\hpWQxsp.exe
  2⤵
  PID:7476
- C:\Windows\System\ffjiowu.exe
  C:\Windows\System\ffjiowu.exe
  2⤵
  PID:2652
- C:\Windows\System\ZmXfKrx.exe
  C:\Windows\System\ZmXfKrx.exe
  2⤵
  PID:7540
- C:\Windows\System\PZyKoss.exe
  C:\Windows\System\PZyKoss.exe
  2⤵
  PID:7592
- C:\Windows\System\gzZYjoF.exe
  C:\Windows\System\gzZYjoF.exe
  2⤵
  PID:7652
- C:\Windows\System\EyyleDj.exe
  C:\Windows\System\EyyleDj.exe
  2⤵
  PID:7704
- C:\Windows\System\DCwDUac.exe
  C:\Windows\System\DCwDUac.exe
  2⤵
  PID:7744
- C:\Windows\System\IQGHdKP.exe
  C:\Windows\System\IQGHdKP.exe
  2⤵
  PID:7760
- C:\Windows\System\AWYYEqk.exe
  C:\Windows\System\AWYYEqk.exe
  2⤵
  PID:7792
- C:\Windows\System\kmXMHrW.exe
  C:\Windows\System\kmXMHrW.exe
  2⤵
  PID:7788
- C:\Windows\System\ygOoYDA.exe
  C:\Windows\System\ygOoYDA.exe
  2⤵
  PID:7888
- C:\Windows\System\yEkEHsn.exe
  C:\Windows\System\yEkEHsn.exe
  2⤵
  PID:7924
- C:\Windows\System\YaCjbKm.exe
  C:\Windows\System\YaCjbKm.exe
  2⤵
  PID:8016
- C:\Windows\System\oTwdgED.exe
  C:\Windows\System\oTwdgED.exe
  2⤵
  PID:8084
- C:\Windows\System\gkPiCsU.exe
  C:\Windows\System\gkPiCsU.exe
  2⤵
  PID:3524
- C:\Windows\System\kMyFpKO.exe
  C:\Windows\System\kMyFpKO.exe
  2⤵
  PID:7836
- C:\Windows\System\GEldnIN.exe
  C:\Windows\System\GEldnIN.exe
  2⤵
  PID:7904
- C:\Windows\System\ZGBxkYb.exe
  C:\Windows\System\ZGBxkYb.exe
  2⤵
  PID:7968
- C:\Windows\System\YgVUECZ.exe
  C:\Windows\System\YgVUECZ.exe
  2⤵
  PID:8032
- C:\Windows\System\sYPNAVB.exe
  C:\Windows\System\sYPNAVB.exe
  2⤵
  PID:8096
- C:\Windows\System\UbaKjFn.exe
  C:\Windows\System\UbaKjFn.exe
  2⤵
  PID:8160
- C:\Windows\System\MfNyMco.exe
  C:\Windows\System\MfNyMco.exe
  2⤵
  PID:6972
- C:\Windows\System\xOtlBDm.exe
  C:\Windows\System\xOtlBDm.exe
  2⤵
  PID:6328
- C:\Windows\System\WJkuyIp.exe
  C:\Windows\System\WJkuyIp.exe
  2⤵
  PID:4972
- C:\Windows\System\DZBRNiG.exe
  C:\Windows\System\DZBRNiG.exe
  2⤵
  PID:4976
- C:\Windows\System\cKldMxr.exe
  C:\Windows\System\cKldMxr.exe
  2⤵
  PID:7224
- C:\Windows\System\lahUzhk.exe
  C:\Windows\System\lahUzhk.exe
  2⤵
  PID:7500
- C:\Windows\System\kiPVcnO.exe
  C:\Windows\System\kiPVcnO.exe
  2⤵
  PID:7768
- C:\Windows\System\fGXMytW.exe
  C:\Windows\System\fGXMytW.exe
  2⤵
  PID:2468
- C:\Windows\System\KbxwJdN.exe
  C:\Windows\System\KbxwJdN.exe
  2⤵
  PID:7572
- C:\Windows\System\yCpetPr.exe
  C:\Windows\System\yCpetPr.exe
  2⤵
  PID:7940
- C:\Windows\System\gyeFytN.exe
  C:\Windows\System\gyeFytN.exe
  2⤵
  PID:7988
- C:\Windows\System\LBdNVHz.exe
  C:\Windows\System\LBdNVHz.exe
  2⤵
  PID:6748
- C:\Windows\System\rEUFaRE.exe
  C:\Windows\System\rEUFaRE.exe
  2⤵
  PID:2668
- C:\Windows\System\LojjPki.exe
  C:\Windows\System\LojjPki.exe
  2⤵
  PID:6592
- C:\Windows\System\JrWUDHC.exe
  C:\Windows\System\JrWUDHC.exe
  2⤵
  PID:6816
- C:\Windows\System\mrdvijI.exe
  C:\Windows\System\mrdvijI.exe
  2⤵
  PID:7312
- C:\Windows\System\qDHosao.exe
  C:\Windows\System\qDHosao.exe
  2⤵
  PID:8116
- C:\Windows\System\IQxVWxa.exe
  C:\Windows\System\IQxVWxa.exe
  2⤵
  PID:7188
- C:\Windows\System\BVMTcqC.exe
  C:\Windows\System\BVMTcqC.exe
  2⤵
  PID:7508
- C:\Windows\System\wLWSqYM.exe
  C:\Windows\System\wLWSqYM.exe
  2⤵
  PID:2888
- C:\Windows\System\tBYLBeX.exe
  C:\Windows\System\tBYLBeX.exe
  2⤵
  PID:7056
- C:\Windows\System\AGpXjcf.exe
  C:\Windows\System\AGpXjcf.exe
  2⤵
  PID:2460
- C:\Windows\System\glOLrUV.exe
  C:\Windows\System\glOLrUV.exe
  2⤵
  PID:6172
- C:\Windows\System\NKuzURk.exe
  C:\Windows\System\NKuzURk.exe
  2⤵
  PID:7532
- C:\Windows\System\IZIvQhZ.exe
  C:\Windows\System\IZIvQhZ.exe
  2⤵
  PID:7600
- C:\Windows\System\BiswgFf.exe
  C:\Windows\System\BiswgFf.exe
  2⤵
  PID:6540
- C:\Windows\System\aMVXdil.exe
  C:\Windows\System\aMVXdil.exe
  2⤵
  PID:2132
- C:\Windows\System\ItJQBlF.exe
  C:\Windows\System\ItJQBlF.exe
  2⤵
  PID:4528
- C:\Windows\System\baNnzxT.exe
  C:\Windows\System\baNnzxT.exe
  2⤵
  PID:3016
- C:\Windows\System\fkuKXpW.exe
  C:\Windows\System\fkuKXpW.exe
  2⤵
  PID:1148
- C:\Windows\System\TVStTda.exe
  C:\Windows\System\TVStTda.exe
  2⤵
  PID:2588
- C:\Windows\System\ORuKThh.exe
  C:\Windows\System\ORuKThh.exe
  2⤵
  PID:2616
- C:\Windows\System\zrdcEIv.exe
  C:\Windows\System\zrdcEIv.exe
  2⤵
  PID:2868
- C:\Windows\System\TLWYtdO.exe
  C:\Windows\System\TLWYtdO.exe
  2⤵
  PID:2900
- C:\Windows\System\jIDXvLE.exe
  C:\Windows\System\jIDXvLE.exe
  2⤵
  PID:7732
- C:\Windows\System\selwNPM.exe
  C:\Windows\System\selwNPM.exe
  2⤵
  PID:7736
- C:\Windows\System\sHGBKJI.exe
  C:\Windows\System\sHGBKJI.exe
  2⤵
  PID:7856
- C:\Windows\System\TwxOsvD.exe
  C:\Windows\System\TwxOsvD.exe
  2⤵
  PID:7892
- C:\Windows\System\aITPnGG.exe
  C:\Windows\System\aITPnGG.exe
  2⤵
  PID:8052
- C:\Windows\System\tIZuSqt.exe
  C:\Windows\System\tIZuSqt.exe
  2⤵
  PID:8180
- C:\Windows\System\tbTltdM.exe
  C:\Windows\System\tbTltdM.exe
  2⤵
  PID:2640
- C:\Windows\System\BSXYjub.exe
  C:\Windows\System\BSXYjub.exe
  2⤵
  PID:6688
- C:\Windows\System\stORBXy.exe
  C:\Windows\System\stORBXy.exe
  2⤵
  PID:2604
- C:\Windows\System\jokzZtq.exe
  C:\Windows\System\jokzZtq.exe
  2⤵
  PID:7256
- C:\Windows\System\lcJSOqM.exe
  C:\Windows\System\lcJSOqM.exe
  2⤵
  PID:1972
- C:\Windows\System\tmoqSxB.exe
  C:\Windows\System\tmoqSxB.exe
  2⤵
  PID:7808
- C:\Windows\System\EbXszCo.exe
  C:\Windows\System\EbXszCo.exe
  2⤵
  PID:8164
- C:\Windows\System\gvtSMmy.exe
  C:\Windows\System\gvtSMmy.exe
  2⤵
  PID:7072
- C:\Windows\System\zVLHjyq.exe
  C:\Windows\System\zVLHjyq.exe
  2⤵
  PID:7484
- C:\Windows\System\LOVjkVA.exe
  C:\Windows\System\LOVjkVA.exe
  2⤵
  PID:7588
- C:\Windows\System\hZqRKXU.exe
  C:\Windows\System\hZqRKXU.exe
  2⤵
  PID:7496
- C:\Windows\System\lDZcZFE.exe
  C:\Windows\System\lDZcZFE.exe
  2⤵
  PID:3004
- C:\Windows\System\pwtymVP.exe
  C:\Windows\System\pwtymVP.exe
  2⤵
  PID:7372
- C:\Windows\System\EXUwglo.exe
  C:\Windows\System\EXUwglo.exe
  2⤵
  PID:8004
- C:\Windows\System\vIpcbQC.exe
  C:\Windows\System\vIpcbQC.exe
  2⤵
  PID:7308
- C:\Windows\System\abXwIyC.exe
  C:\Windows\System\abXwIyC.exe
  2⤵
  PID:6184
- C:\Windows\System\LoFhRQe.exe
  C:\Windows\System\LoFhRQe.exe
  2⤵
  PID:1044
- C:\Windows\System\HbTtSei.exe
  C:\Windows\System\HbTtSei.exe
  2⤵
  PID:2120
- C:\Windows\System\bMKsyGX.exe
  C:\Windows\System\bMKsyGX.exe
  2⤵
  PID:2176
- C:\Windows\System\ezEWgOr.exe
  C:\Windows\System\ezEWgOr.exe
  2⤵
  PID:7756
- C:\Windows\System\bfDstWX.exe
  C:\Windows\System\bfDstWX.exe
  2⤵
  PID:6624
- C:\Windows\System\XHqVSbr.exe
  C:\Windows\System\XHqVSbr.exe
  2⤵
  PID:6300
- C:\Windows\System\xwRRjzV.exe
  C:\Windows\System\xwRRjzV.exe
  2⤵
  PID:2340
- C:\Windows\System\pkwgUZb.exe
  C:\Windows\System\pkwgUZb.exe
  2⤵
  PID:2400
- C:\Windows\System\LgCsjUe.exe
  C:\Windows\System\LgCsjUe.exe
  2⤵
  PID:1444
- C:\Windows\System\masYNiC.exe
  C:\Windows\System\masYNiC.exe
  2⤵
  PID:6924
- C:\Windows\System\btXWxUI.exe
  C:\Windows\System\btXWxUI.exe
  2⤵
  PID:8148
- C:\Windows\System\UXRAACP.exe
  C:\Windows\System\UXRAACP.exe
  2⤵
  PID:8048
- C:\Windows\System\exFeCwl.exe
  C:\Windows\System\exFeCwl.exe
  2⤵
  PID:7804
- C:\Windows\System\WDhBAhR.exe
  C:\Windows\System\WDhBAhR.exe
  2⤵
  PID:7712
- C:\Windows\System\sjvFWFf.exe
  C:\Windows\System\sjvFWFf.exe
  2⤵
  PID:1932
- C:\Windows\System\Hdmnbrz.exe
  C:\Windows\System\Hdmnbrz.exe
  2⤵
  PID:1916
- C:\Windows\System\KfWpZRv.exe
  C:\Windows\System\KfWpZRv.exe
  2⤵
  PID:7860
- C:\Windows\System\NPWjEcx.exe
  C:\Windows\System\NPWjEcx.exe
  2⤵
  PID:1572
- C:\Windows\System\RAkNrPf.exe
  C:\Windows\System\RAkNrPf.exe
  2⤵
  PID:1716
- C:\Windows\System\bivXMSz.exe
  C:\Windows\System\bivXMSz.exe
  2⤵
  PID:1376
- C:\Windows\System\XQBysal.exe
  C:\Windows\System\XQBysal.exe
  2⤵
  PID:7472
- C:\Windows\System\nfhMUKM.exe
  C:\Windows\System\nfhMUKM.exe
  2⤵
  PID:7740
- C:\Windows\System\lwDvfKC.exe
  C:\Windows\System\lwDvfKC.exe
  2⤵
  PID:6448
- C:\Windows\System\JLeAgGK.exe
  C:\Windows\System\JLeAgGK.exe
  2⤵
  PID:7324
- C:\Windows\System\armKvKW.exe
  C:\Windows\System\armKvKW.exe
  2⤵
  PID:8208
- C:\Windows\System\AIvcEmQ.exe
  C:\Windows\System\AIvcEmQ.exe
  2⤵
  PID:8264
- C:\Windows\System\CCEPzYJ.exe
  C:\Windows\System\CCEPzYJ.exe
  2⤵
  PID:8284
- C:\Windows\System\VTivkWM.exe
  C:\Windows\System\VTivkWM.exe
  2⤵
  PID:8308
- C:\Windows\System\aSLjZVu.exe
  C:\Windows\System\aSLjZVu.exe
  2⤵
  PID:8336
- C:\Windows\System\UnqIeYr.exe
  C:\Windows\System\UnqIeYr.exe
  2⤵
  PID:8364
- C:\Windows\System\KhECSWK.exe
  C:\Windows\System\KhECSWK.exe
  2⤵
  PID:8380
- C:\Windows\System\UJpFUIo.exe
  C:\Windows\System\UJpFUIo.exe
  2⤵
  PID:8396
- C:\Windows\System\WlFbJJo.exe
  C:\Windows\System\WlFbJJo.exe
  2⤵
  PID:8412
- C:\Windows\System\SUYsQaq.exe
  C:\Windows\System\SUYsQaq.exe
  2⤵
  PID:8432
- C:\Windows\System\bmTaxta.exe
  C:\Windows\System\bmTaxta.exe
  2⤵
  PID:8448
- C:\Windows\System\VhhlcLV.exe
  C:\Windows\System\VhhlcLV.exe
  2⤵
  PID:8464
- C:\Windows\System\YGpuTCP.exe
  C:\Windows\System\YGpuTCP.exe
  2⤵
  PID:8484
- C:\Windows\System\BHTtqrJ.exe
  C:\Windows\System\BHTtqrJ.exe
  2⤵
  PID:8500
- C:\Windows\System\QBLeNaW.exe
  C:\Windows\System\QBLeNaW.exe
  2⤵
  PID:8516
- C:\Windows\System\etATtyO.exe
  C:\Windows\System\etATtyO.exe
  2⤵
  PID:8532
- C:\Windows\System\bgsulvM.exe
  C:\Windows\System\bgsulvM.exe
  2⤵
  PID:8548
- C:\Windows\System\RDiubCm.exe
  C:\Windows\System\RDiubCm.exe
  2⤵
  PID:8564
- C:\Windows\System\kkWyzAp.exe
  C:\Windows\System\kkWyzAp.exe
  2⤵
  PID:8580
- C:\Windows\System\fKchgzS.exe
  C:\Windows\System\fKchgzS.exe
  2⤵
  PID:8596
- C:\Windows\System\DtCFeRf.exe
  C:\Windows\System\DtCFeRf.exe
  2⤵
  PID:8612
- C:\Windows\System\lzIMsFf.exe
  C:\Windows\System\lzIMsFf.exe
  2⤵
  PID:8628
- C:\Windows\System\MWhfLGx.exe
  C:\Windows\System\MWhfLGx.exe
  2⤵
  PID:8644
- C:\Windows\System\zFaZqHO.exe
  C:\Windows\System\zFaZqHO.exe
  2⤵
  PID:8660
- C:\Windows\System\klMbCIu.exe
  C:\Windows\System\klMbCIu.exe
  2⤵
  PID:8676
- C:\Windows\System\nOISTjR.exe
  C:\Windows\System\nOISTjR.exe
  2⤵
  PID:8692
- C:\Windows\System\zkbRxsX.exe
  C:\Windows\System\zkbRxsX.exe
  2⤵
  PID:8708
- C:\Windows\System\zqYYqSw.exe
  C:\Windows\System\zqYYqSw.exe
  2⤵
  PID:8724
- C:\Windows\System\kawDXiQ.exe
  C:\Windows\System\kawDXiQ.exe
  2⤵
  PID:8740
- C:\Windows\System\EpiNkcF.exe
  C:\Windows\System\EpiNkcF.exe
  2⤵
  PID:8756
- C:\Windows\System\vTIZfpN.exe
  C:\Windows\System\vTIZfpN.exe
  2⤵
  PID:8776
- C:\Windows\System\PPWtnzB.exe
  C:\Windows\System\PPWtnzB.exe
  2⤵
  PID:8792
- C:\Windows\System\cSLAgEL.exe
  C:\Windows\System\cSLAgEL.exe
  2⤵
  PID:8808
- C:\Windows\System\UTZqoLq.exe
  C:\Windows\System\UTZqoLq.exe
  2⤵
  PID:8824
- C:\Windows\System\bCbgulZ.exe
  C:\Windows\System\bCbgulZ.exe
  2⤵
  PID:8840
- C:\Windows\System\tWZKagx.exe
  C:\Windows\System\tWZKagx.exe
  2⤵
  PID:8856
- C:\Windows\System\jpZUWlQ.exe
  C:\Windows\System\jpZUWlQ.exe
  2⤵
  PID:8872
- C:\Windows\System\nCzFGYA.exe
  C:\Windows\System\nCzFGYA.exe
  2⤵
  PID:8892
- C:\Windows\System\qRgycUq.exe
  C:\Windows\System\qRgycUq.exe
  2⤵
  PID:8908
- C:\Windows\System\kUwKrgN.exe
  C:\Windows\System\kUwKrgN.exe
  2⤵
  PID:8924
- C:\Windows\System\oTkXDIh.exe
  C:\Windows\System\oTkXDIh.exe
  2⤵
  PID:8940
- C:\Windows\System\XUqSSDy.exe
  C:\Windows\System\XUqSSDy.exe
  2⤵
  PID:8956
- C:\Windows\System\irzDNPG.exe
  C:\Windows\System\irzDNPG.exe
  2⤵
  PID:8972
- C:\Windows\System\fsuKhCl.exe
  C:\Windows\System\fsuKhCl.exe
  2⤵
  PID:8988
- C:\Windows\System\mBWJpaj.exe
  C:\Windows\System\mBWJpaj.exe
  2⤵
  PID:9004
- C:\Windows\System\KlbTuRU.exe
  C:\Windows\System\KlbTuRU.exe
  2⤵
  PID:9020
- C:\Windows\System\pflEaMB.exe
  C:\Windows\System\pflEaMB.exe
  2⤵
  PID:9036
- C:\Windows\System\xtKjXiy.exe
  C:\Windows\System\xtKjXiy.exe
  2⤵
  PID:9052
- C:\Windows\System\QfuaSYt.exe
  C:\Windows\System\QfuaSYt.exe
  2⤵
  PID:9068
- C:\Windows\System\JTClxUY.exe
  C:\Windows\System\JTClxUY.exe
  2⤵
  PID:9084
- C:\Windows\System\zFcDeWX.exe
  C:\Windows\System\zFcDeWX.exe
  2⤵
  PID:9100
- C:\Windows\System\GiXSqxe.exe
  C:\Windows\System\GiXSqxe.exe
  2⤵
  PID:9116
- C:\Windows\System\JTmRaRZ.exe
  C:\Windows\System\JTmRaRZ.exe
  2⤵
  PID:9132
- C:\Windows\System\usHznDV.exe
  C:\Windows\System\usHznDV.exe
  2⤵
  PID:9148
- C:\Windows\System\yinIVXl.exe
  C:\Windows\System\yinIVXl.exe
  2⤵
  PID:9164
- C:\Windows\System\PYOCvXz.exe
  C:\Windows\System\PYOCvXz.exe
  2⤵
  PID:9180
- C:\Windows\System\DETAiTO.exe
  C:\Windows\System\DETAiTO.exe
  2⤵
  PID:9196
- C:\Windows\System\uWimzkM.exe
  C:\Windows\System\uWimzkM.exe
  2⤵
  PID:9212
- C:\Windows\System\bFfNzzD.exe
  C:\Windows\System\bFfNzzD.exe
  2⤵
  PID:2972
- C:\Windows\System\cMtPHdw.exe
  C:\Windows\System\cMtPHdw.exe
  2⤵
  PID:7584
- C:\Windows\System\gTWrzZx.exe
  C:\Windows\System\gTWrzZx.exe
  2⤵
  PID:7984
- C:\Windows\System\yOwpnKI.exe
  C:\Windows\System\yOwpnKI.exe
  2⤵
  PID:8228
- C:\Windows\System\jySaXgY.exe
  C:\Windows\System\jySaXgY.exe
  2⤵
  PID:8248
- C:\Windows\System\huPBBEn.exe
  C:\Windows\System\huPBBEn.exe
  2⤵
  PID:8280
- C:\Windows\System\xBoSWKC.exe
  C:\Windows\System\xBoSWKC.exe
  2⤵
  PID:8220
- C:\Windows\System\HzBvCKU.exe
  C:\Windows\System\HzBvCKU.exe
  2⤵
  PID:8332
- C:\Windows\System\oLdgIHz.exe
  C:\Windows\System\oLdgIHz.exe
  2⤵
  PID:8352
- C:\Windows\System\IgiHBli.exe
  C:\Windows\System\IgiHBli.exe
  2⤵
  PID:8608
- C:\Windows\System\fEzMbFV.exe
  C:\Windows\System\fEzMbFV.exe
  2⤵
  PID:8640
- C:\Windows\System\tYoNgCS.exe
  C:\Windows\System\tYoNgCS.exe
  2⤵
  PID:8716
- C:\Windows\System\qDFUcwd.exe
  C:\Windows\System\qDFUcwd.exe
  2⤵
  PID:8736
- C:\Windows\System\kQVjalD.exe
  C:\Windows\System\kQVjalD.exe
  2⤵
  PID:8772
- C:\Windows\System\aOMzntN.exe
  C:\Windows\System\aOMzntN.exe
  2⤵
  PID:8752
- C:\Windows\System\uXOTBwq.exe
  C:\Windows\System\uXOTBwq.exe
  2⤵
  PID:8820
- C:\Windows\System\ooChqNt.exe
  C:\Windows\System\ooChqNt.exe
  2⤵
  PID:8888
- C:\Windows\System\UbBUqaS.exe
  C:\Windows\System\UbBUqaS.exe
  2⤵
  PID:8864
- C:\Windows\System\xNfTJhy.exe
  C:\Windows\System\xNfTJhy.exe
  2⤵
  PID:8904
- C:\Windows\System\gxCxXaA.exe
  C:\Windows\System\gxCxXaA.exe
  2⤵
  PID:8980
- C:\Windows\System\CmgXkff.exe
  C:\Windows\System\CmgXkff.exe
  2⤵
  PID:9044
- C:\Windows\System\PeXJppf.exe
  C:\Windows\System\PeXJppf.exe
  2⤵
  PID:9108
- C:\Windows\System\lUhzKxJ.exe
  C:\Windows\System\lUhzKxJ.exe
  2⤵
  PID:8968
- C:\Windows\System\FBKfqey.exe
  C:\Windows\System\FBKfqey.exe
  2⤵
  PID:9032
- C:\Windows\System\xgLFmyt.exe
  C:\Windows\System\xgLFmyt.exe
  2⤵
  PID:9096
- C:\Windows\System\xsqgGiU.exe
  C:\Windows\System\xsqgGiU.exe
  2⤵
  PID:9172
- C:\Windows\System\NTMaTDd.exe
  C:\Windows\System\NTMaTDd.exe
  2⤵
  PID:1500
- C:\Windows\System\siAGCer.exe
  C:\Windows\System\siAGCer.exe
  2⤵
  PID:8204
- C:\Windows\System\DOitUlK.exe
  C:\Windows\System\DOitUlK.exe
  2⤵
  PID:8324
- C:\Windows\System\JqpIdqN.exe
  C:\Windows\System\JqpIdqN.exe
  2⤵
  PID:9156
- C:\Windows\System\gBAwHne.exe
  C:\Windows\System\gBAwHne.exe
  2⤵
  PID:7908
- C:\Windows\System\wEHaWnZ.exe
  C:\Windows\System\wEHaWnZ.exe
  2⤵
  PID:7452
- C:\Windows\System\rjERwPP.exe
  C:\Windows\System\rjERwPP.exe
  2⤵
  PID:8224
- C:\Windows\System\WlLcqar.exe
  C:\Windows\System\WlLcqar.exe
  2⤵
  PID:8348
- C:\Windows\System\nfYNGrs.exe
  C:\Windows\System\nfYNGrs.exe
  2⤵
  PID:8388
- C:\Windows\System\YUuFNpL.exe
  C:\Windows\System\YUuFNpL.exe
  2⤵
  PID:8456
- C:\Windows\System\lZrJHGv.exe
  C:\Windows\System\lZrJHGv.exe
  2⤵
  PID:8440
- C:\Windows\System\TORVFFk.exe
  C:\Windows\System\TORVFFk.exe
  2⤵
  PID:8576
- C:\Windows\System\QtLEVmp.exe
  C:\Windows\System\QtLEVmp.exe
  2⤵
  PID:8572
- C:\Windows\System\QXMfAZk.exe
  C:\Windows\System\QXMfAZk.exe
  2⤵
  PID:8496
- C:\Windows\System\ZPtrglE.exe
  C:\Windows\System\ZPtrglE.exe
  2⤵
  PID:8512
- C:\Windows\System\XmsTcaj.exe
  C:\Windows\System\XmsTcaj.exe
  2⤵
  PID:8656
- C:\Windows\System\YauLtSg.exe
  C:\Windows\System\YauLtSg.exe
  2⤵
  PID:8672
- C:\Windows\System\BZgSXci.exe
  C:\Windows\System\BZgSXci.exe
  2⤵
  PID:8624
- C:\Windows\System\XAfTILf.exe
  C:\Windows\System\XAfTILf.exe
  2⤵
  PID:9012
- C:\Windows\System\aNLIsvs.exe
  C:\Windows\System\aNLIsvs.exe
  2⤵
  PID:9064
- C:\Windows\System\jjnDlIi.exe
  C:\Windows\System\jjnDlIi.exe
  2⤵
  PID:8900
- C:\Windows\System\OSceHoX.exe
  C:\Windows\System\OSceHoX.exe
  2⤵
  PID:8948
- C:\Windows\System\SbBCaeF.exe
  C:\Windows\System\SbBCaeF.exe
  2⤵
  PID:9000
- C:\Windows\System\DiPpFnB.exe
  C:\Windows\System\DiPpFnB.exe
  2⤵
  PID:8276
- C:\Windows\System\hGKFWUC.exe
  C:\Windows\System\hGKFWUC.exe
  2⤵
  PID:8244
- C:\Windows\System\kPGloZc.exe
  C:\Windows\System\kPGloZc.exe
  2⤵
  PID:8296
- C:\Windows\System\nadWBVD.exe
  C:\Windows\System\nadWBVD.exe
  2⤵
  PID:8556
- C:\Windows\System\GdGbsqh.exe
  C:\Windows\System\GdGbsqh.exe
  2⤵
  PID:8652
- C:\Windows\System\fbhOuAN.exe
  C:\Windows\System\fbhOuAN.exe
  2⤵
  PID:9128
- C:\Windows\System\mxuGhaH.exe
  C:\Windows\System\mxuGhaH.exe
  2⤵
  PID:8460
- C:\Windows\System\kFpAGxo.exe
  C:\Windows\System\kFpAGxo.exe
  2⤵
  PID:8344
- C:\Windows\System\jXdnsgp.exe
  C:\Windows\System\jXdnsgp.exe
  2⤵
  PID:8604
- C:\Windows\System\nhwsEjN.exe
  C:\Windows\System\nhwsEjN.exe
  2⤵
  PID:8636
- C:\Windows\System\vRiJgSR.exe
  C:\Windows\System\vRiJgSR.exe
  2⤵
  PID:8540
- C:\Windows\System\uapeoch.exe
  C:\Windows\System\uapeoch.exe
  2⤵
  PID:8804
- C:\Windows\System\bDvxUVq.exe
  C:\Windows\System\bDvxUVq.exe
  2⤵
  PID:9144
- C:\Windows\System\vCvuPiC.exe
  C:\Windows\System\vCvuPiC.exe
  2⤵
  PID:8684
- C:\Windows\System\dLAPTQQ.exe
  C:\Windows\System\dLAPTQQ.exe
  2⤵
  PID:8428
- C:\Windows\System\UGruEcP.exe
  C:\Windows\System\UGruEcP.exe
  2⤵
  PID:9232
- C:\Windows\System\kUanBXa.exe
  C:\Windows\System\kUanBXa.exe
  2⤵
  PID:9252
- C:\Windows\System\dKdpthR.exe
  C:\Windows\System\dKdpthR.exe
  2⤵
  PID:9268
- C:\Windows\System\ONgoxfo.exe
  C:\Windows\System\ONgoxfo.exe
  2⤵
  PID:9284
- C:\Windows\System\QehLLdD.exe
  C:\Windows\System\QehLLdD.exe
  2⤵
  PID:9300
- C:\Windows\System\dqCbLyf.exe
  C:\Windows\System\dqCbLyf.exe
  2⤵
  PID:9316
- C:\Windows\System\OVJhpGW.exe
  C:\Windows\System\OVJhpGW.exe
  2⤵
  PID:9332
- C:\Windows\System\kTRzoKV.exe
  C:\Windows\System\kTRzoKV.exe
  2⤵
  PID:9348
- C:\Windows\System\aroZfwQ.exe
  C:\Windows\System\aroZfwQ.exe
  2⤵
  PID:9364
- C:\Windows\System\tTAhPHZ.exe
  C:\Windows\System\tTAhPHZ.exe
  2⤵
  PID:9380
- C:\Windows\System\xQlNyDv.exe
  C:\Windows\System\xQlNyDv.exe
  2⤵
  PID:9396
- C:\Windows\System\RxXWUiY.exe
  C:\Windows\System\RxXWUiY.exe
  2⤵
  PID:9412
- C:\Windows\System\QnKkPRc.exe
  C:\Windows\System\QnKkPRc.exe
  2⤵
  PID:9428
- C:\Windows\System\MyqqiDs.exe
  C:\Windows\System\MyqqiDs.exe
  2⤵
  PID:9444
- C:\Windows\System\cBDIVoG.exe
  C:\Windows\System\cBDIVoG.exe
  2⤵
  PID:9460
- C:\Windows\System\ckkYNZg.exe
  C:\Windows\System\ckkYNZg.exe
  2⤵
  PID:9476
- C:\Windows\System\ehTNiyf.exe
  C:\Windows\System\ehTNiyf.exe
  2⤵
  PID:9492
- C:\Windows\System\BewCJYU.exe
  C:\Windows\System\BewCJYU.exe
  2⤵
  PID:9508
- C:\Windows\System\SwaIKdl.exe
  C:\Windows\System\SwaIKdl.exe
  2⤵
  PID:9524
- C:\Windows\System\XDFFevZ.exe
  C:\Windows\System\XDFFevZ.exe
  2⤵
  PID:9540
- C:\Windows\System\XwHtHIZ.exe
  C:\Windows\System\XwHtHIZ.exe
  2⤵
  PID:9556
- C:\Windows\System\QujvbpL.exe
  C:\Windows\System\QujvbpL.exe
  2⤵
  PID:9572
- C:\Windows\System\pxCHkiY.exe
  C:\Windows\System\pxCHkiY.exe
  2⤵
  PID:9588
- C:\Windows\System\QksSQCv.exe
  C:\Windows\System\QksSQCv.exe
  2⤵
  PID:9604
- C:\Windows\System\NvVkeqM.exe
  C:\Windows\System\NvVkeqM.exe
  2⤵
  PID:9620
- C:\Windows\System\EAEGlZs.exe
  C:\Windows\System\EAEGlZs.exe
  2⤵
  PID:9640
- C:\Windows\System\AROjKii.exe
  C:\Windows\System\AROjKii.exe
  2⤵
  PID:9656
- C:\Windows\System\vxNpOwG.exe
  C:\Windows\System\vxNpOwG.exe
  2⤵
  PID:9672
- C:\Windows\System\obnukBU.exe
  C:\Windows\System\obnukBU.exe
  2⤵
  PID:9688
- C:\Windows\System\zKckRzk.exe
  C:\Windows\System\zKckRzk.exe
  2⤵
  PID:9704
- C:\Windows\System\rjnDERH.exe
  C:\Windows\System\rjnDERH.exe
  2⤵
  PID:9720
- C:\Windows\System\WjOhGTm.exe
  C:\Windows\System\WjOhGTm.exe
  2⤵
  PID:9736
- C:\Windows\System\yinCMjG.exe
  C:\Windows\System\yinCMjG.exe
  2⤵
  PID:9752
- C:\Windows\System\GpSnHKv.exe
  C:\Windows\System\GpSnHKv.exe
  2⤵
  PID:9768
- C:\Windows\System\isNPGCL.exe
  C:\Windows\System\isNPGCL.exe
  2⤵
  PID:9784
- C:\Windows\System\AzSyMzM.exe
  C:\Windows\System\AzSyMzM.exe
  2⤵
  PID:9800
- C:\Windows\System\kgRAzgG.exe
  C:\Windows\System\kgRAzgG.exe
  2⤵
  PID:9816
- C:\Windows\System\DNcxsMa.exe
  C:\Windows\System\DNcxsMa.exe
  2⤵
  PID:9832
- C:\Windows\System\OhhiSHI.exe
  C:\Windows\System\OhhiSHI.exe
  2⤵
  PID:9848
- C:\Windows\System\GzWLNjo.exe
  C:\Windows\System\GzWLNjo.exe
  2⤵
  PID:9864
- C:\Windows\System\XLgHgTz.exe
  C:\Windows\System\XLgHgTz.exe
  2⤵
  PID:9880
- C:\Windows\System\kMObpTX.exe
  C:\Windows\System\kMObpTX.exe
  2⤵
  PID:9896
- C:\Windows\System\OiQKexj.exe
  C:\Windows\System\OiQKexj.exe
  2⤵
  PID:9912
- C:\Windows\System\UTNsyLE.exe
  C:\Windows\System\UTNsyLE.exe
  2⤵
  PID:9928
- C:\Windows\System\WRtPNGR.exe
  C:\Windows\System\WRtPNGR.exe
  2⤵
  PID:9944
- C:\Windows\System\URfInsx.exe
  C:\Windows\System\URfInsx.exe
  2⤵
  PID:9960
- C:\Windows\System\ttCOTvE.exe
  C:\Windows\System\ttCOTvE.exe
  2⤵
  PID:9976
- C:\Windows\System\XeVdvNF.exe
  C:\Windows\System\XeVdvNF.exe
  2⤵
  PID:9992
- C:\Windows\System\NlQKFuX.exe
  C:\Windows\System\NlQKFuX.exe
  2⤵
  PID:10008
- C:\Windows\System\qmUyKOB.exe
  C:\Windows\System\qmUyKOB.exe
  2⤵
  PID:10024
- C:\Windows\System\QzfzJDH.exe
  C:\Windows\System\QzfzJDH.exe
  2⤵
  PID:10040
- C:\Windows\System\zYyboHr.exe
  C:\Windows\System\zYyboHr.exe
  2⤵
  PID:10056
- C:\Windows\System\jElKYRd.exe
  C:\Windows\System\jElKYRd.exe
  2⤵
  PID:10072
- C:\Windows\System\bJGYLPC.exe
  C:\Windows\System\bJGYLPC.exe
  2⤵
  PID:10088
- C:\Windows\System\ghvtxrC.exe
  C:\Windows\System\ghvtxrC.exe
  2⤵
  PID:10104
- C:\Windows\System\uGmQaIX.exe
  C:\Windows\System\uGmQaIX.exe
  2⤵
  PID:10120
- C:\Windows\System\pQcWHaJ.exe
  C:\Windows\System\pQcWHaJ.exe
  2⤵
  PID:10136
- C:\Windows\System\xCeaXnK.exe
  C:\Windows\System\xCeaXnK.exe
  2⤵
  PID:10152
- C:\Windows\System\SGXsFcc.exe
  C:\Windows\System\SGXsFcc.exe
  2⤵
  PID:10168
- C:\Windows\System\HViYofv.exe
  C:\Windows\System\HViYofv.exe
  2⤵
  PID:10184
- C:\Windows\System\ZAzeyJN.exe
  C:\Windows\System\ZAzeyJN.exe
  2⤵
  PID:10200
- C:\Windows\System\vxpyEZQ.exe
  C:\Windows\System\vxpyEZQ.exe
  2⤵
  PID:10216
- C:\Windows\System\xqSnAkX.exe
  C:\Windows\System\xqSnAkX.exe
  2⤵
  PID:10232
- C:\Windows\System\XZHwOIJ.exe
  C:\Windows\System\XZHwOIJ.exe
  2⤵
  PID:8788
- C:\Windows\System\yvFDEjd.exe
  C:\Windows\System\yvFDEjd.exe
  2⤵
  PID:8832
- C:\Windows\System\lpbNkdJ.exe
  C:\Windows\System\lpbNkdJ.exe
  2⤵
  PID:9280
- C:\Windows\System\OtozpSc.exe
  C:\Windows\System\OtozpSc.exe
  2⤵
  PID:9372
- C:\Windows\System\GkhPBbz.exe
  C:\Windows\System\GkhPBbz.exe
  2⤵
  PID:9440
- C:\Windows\System\iczrTqi.exe
  C:\Windows\System\iczrTqi.exe
  2⤵
  PID:9504
- C:\Windows\System\JgaSErD.exe
  C:\Windows\System\JgaSErD.exe
  2⤵
  PID:9568
- C:\Windows\System\YKpmUhs.exe
  C:\Windows\System\YKpmUhs.exe
  2⤵
  PID:9080
- C:\Windows\System\jMJPahn.exe
  C:\Windows\System\jMJPahn.exe
  2⤵
  PID:9520
- C:\Windows\System\PbsTweR.exe
  C:\Windows\System\PbsTweR.exe
  2⤵
  PID:9076
- C:\Windows\System\MIyOYEJ.exe
  C:\Windows\System\MIyOYEJ.exe
  2⤵
  PID:8320
- C:\Windows\System\blXnczL.exe
  C:\Windows\System\blXnczL.exe
  2⤵
  PID:8592
- C:\Windows\System\qBvQJbh.exe
  C:\Windows\System\qBvQJbh.exe
  2⤵
  PID:8216
- C:\Windows\System\MwFHWOB.exe
  C:\Windows\System\MwFHWOB.exe
  2⤵
  PID:9228
- C:\Windows\System\oUoBkzB.exe
  C:\Windows\System\oUoBkzB.exe
  2⤵
  PID:9328
- C:\Windows\System\AeMtUXd.exe
  C:\Windows\System\AeMtUXd.exe
  2⤵
  PID:9388
- C:\Windows\System\cPBYexe.exe
  C:\Windows\System\cPBYexe.exe
  2⤵
  PID:9484
- C:\Windows\System\QJpyAuh.exe
  C:\Windows\System\QJpyAuh.exe
  2⤵
  PID:9612
- C:\Windows\System\ETCuwqU.exe
  C:\Windows\System\ETCuwqU.exe
  2⤵
  PID:9696
- C:\Windows\System\PyyeUri.exe
  C:\Windows\System\PyyeUri.exe
  2⤵
  PID:9636
- C:\Windows\System\qMdrLNe.exe
  C:\Windows\System\qMdrLNe.exe
  2⤵
  PID:9856
- C:\Windows\System\uBuvKMw.exe
  C:\Windows\System\uBuvKMw.exe
  2⤵
  PID:9860
- C:\Windows\System\waQCULe.exe
  C:\Windows\System\waQCULe.exe
  2⤵
  PID:9748
- C:\Windows\System\fnqNZUk.exe
  C:\Windows\System\fnqNZUk.exe
  2⤵
  PID:9648
- C:\Windows\System\cppMOtB.exe
  C:\Windows\System\cppMOtB.exe
  2⤵
  PID:9776
- C:\Windows\System\mqshdYy.exe
  C:\Windows\System\mqshdYy.exe
  2⤵
  PID:9876
- C:\Windows\System\yBFHfjG.exe
  C:\Windows\System\yBFHfjG.exe
  2⤵
  PID:9984
- C:\Windows\System\meOJgnb.exe
  C:\Windows\System\meOJgnb.exe
  2⤵
  PID:10048
- C:\Windows\System\NLzMhnw.exe
  C:\Windows\System\NLzMhnw.exe
  2⤵
  PID:10112
- C:\Windows\System\IaOZZLb.exe
  C:\Windows\System\IaOZZLb.exe
  2⤵
  PID:10176
- C:\Windows\System\BWdxcBy.exe
  C:\Windows\System\BWdxcBy.exe
  2⤵
  PID:9016
- C:\Windows\System\wWOepPs.exe
  C:\Windows\System\wWOepPs.exe
  2⤵
  PID:9308
- C:\Windows\System\bULHRjY.exe
  C:\Windows\System\bULHRjY.exe
  2⤵
  PID:9564
- C:\Windows\System\GdrozoN.exe
  C:\Windows\System\GdrozoN.exe
  2⤵
  PID:10032
- C:\Windows\System\pkQIcOt.exe
  C:\Windows\System\pkQIcOt.exe
  2⤵
  PID:10004
- C:\Windows\System\dofqFSt.exe
  C:\Windows\System\dofqFSt.exe
  2⤵
  PID:10100
- C:\Windows\System\ElgjNrR.exe
  C:\Windows\System\ElgjNrR.exe
  2⤵
  PID:10164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnKJRYn.exe

Filesize
6.0MB

MD5
aa1b3842de5e88e5e60a61e33dae0e3e

SHA1
19712f7d721fb52a689f6f805171105606f61513

SHA256
2cde6663fa50fe55c43fdeb94025b5ce410ecfa54a4b0b02459bedfac092d205

SHA512
8349e9092a476600c1c9b1326ec979a97e3a96c0563603300655c350ebe8cf2af8f5f9676441683aa1e61210eae0ba7c41455f67546b298ac100050e9e7327bf

Download Submit
C:\Windows\system\DHnqHpu.exe

Filesize
6.0MB

MD5
dd10acb6654f7606c17ed87f771f9f79

SHA1
b1aa0b44ef3f50a79aa8a9ff5e6e7e4248d7a100

SHA256
7c9f5f91a0e306adc3589b8095dc535f2beca81636cfd07bdd160172bc1eb732

SHA512
b0369254378289a7c3e9666fb86ea804c3e6c16c61ca2de861295259989da8f8787ae2f3a291a7deeea384170cf9586029d3d77d07885e4e82d9cff58b8b0cb5

Download Submit
C:\Windows\system\FyvIevP.exe

Filesize
6.0MB

MD5
7e9f04ee62d91f29549b295bd8168706

SHA1
cdbab1277c881c99ca79cde57b5644f2bd28cfe7

SHA256
401b35a80798e7610a9d6a9852b9266c4451cf72782dbc71fdd322987d6bcd1d

SHA512
2befb9fffa5d08be155c4ac762924e67ed49625ce95950852f41ce57ef449bdd3ae94827494c0d1c50e69aeb95dcb882b71e96b8e5a3b69c66f67911b48393d3

Download Submit
C:\Windows\system\JRAfChr.exe

Filesize
6.0MB

MD5
aa29b44639fcafe3c4a7c7b6a974592d

SHA1
d465c438db2608e91dae88e2cd72ce7c7c52770a

SHA256
77af0d184214049298c2b55bb76f4f204081565a977f2ab1e55f0f7801667f31

SHA512
941b5988dda7c99ac64871805e47efbf7880b2ce4f1ca392435c1f0dba0a61d3f2d7d7000a461e69282951e7027402d35dc7bf8412f41a94413abeb5e82eee2b

Download Submit
C:\Windows\system\LdKhaCo.exe

Filesize
6.0MB

MD5
2d626e1fffc78660ed2d4f0990e9c6d0

SHA1
25c7224a46b874ba2ebba45a4f33c53ccc0cdfae

SHA256
bdc9f46c09da321f3d3ded73134316ecfabe425f89f826885a35238157334354

SHA512
2a55be542ffe291a31560be9c1470f50185a56152612b550e7723539697e375d40e7c2cde6edc97a47f65e68bf09d2202cbcd54b7c820117b40dfa58fee1c664

Download Submit
C:\Windows\system\LuoMKCG.exe

Filesize
6.0MB

MD5
da29cdcb9875cded41bf7e13bdc45903

SHA1
1bdb0d9451bd04dfad5399986ce6974430d0a8ba

SHA256
ff12a0a23843dd00aba264b17a54dba5f6744928a9bf5964451a723089caf420

SHA512
71ccbb9dcbc80a872efa0457ed0282b201a5715660fe49ce9ed8f1941c81f8d8cd3bef8f7f8df0fb66cbbc71a338e59b81ea79be02638738d8b9ae993ddac2ec

Download Submit
C:\Windows\system\PqkeNXc.exe

Filesize
6.0MB

MD5
e1edc5c3494dee4a4ba926a73215fb24

SHA1
f5f828ef90bcadece62539e6595ebb1f8fc637e9

SHA256
82bd6a1b6d5898712061a38c596ebca00873965673902d74cf93b775c4f7ef76

SHA512
063d8dcfd014be09b18c2bfc62716b133f56860beec17eb7bd81399270d57ed64338edaed3879b24583e19c7a598abf2be1da9f7285e742d5167a8907d70a128

Download Submit
C:\Windows\system\SadiJHA.exe

Filesize
6.0MB

MD5
56a93bfe59f1b27e5daa7675b83f8a21

SHA1
307bc28e70534ca981d2d311259b5e9b45e9f7e7

SHA256
8ba18f59d94282360087ef9a3401147b746b59348e4a70620708c702db1ab267

SHA512
e1b9e685b0ae9708f001465e6d0075e5080b51e2d72fca2bdb104370e8d2a49caee8ffbcd5c7afccfce53e03992d8a3222cb3a1d8f8fe1aabbbe29f4b40ce22c

Download Submit
C:\Windows\system\VXcGcas.exe

Filesize
6.0MB

MD5
9e27a3beacaf3966e4d024e54e1968b6

SHA1
8dfa7c959068c1877ffba046363c2130d2f450c0

SHA256
a8ff8b92f72c1744413f950e4257f08091d712028590b2d5196ce417b22a8a2e

SHA512
dd4ead2d85372a428afa46e7881a7b08b136bf7058b31ff4002c1198ec1dae5d95fcc15ace797326fee1fad2fee0fc11884110efeb6695d84c035cda36db1249

Download Submit
C:\Windows\system\VdpwBJs.exe

Filesize
6.0MB

MD5
48512dbb01c18a8e981511f69e238a0f

SHA1
3a67c9711814747db6dcec787ee0e30ec17d9b79

SHA256
5c44c0a9d9501d2d343ada4a78ac6b0a56175a021160d14d01fb5f7cc3c8fdba

SHA512
3513ee7e34768d10c0ebcb32ca13d9467bfde6417840b873ca0b58f0a7b67870a7fc5563756de81a5cbe4e1d684430a53d697e0a81fc9f9ce7d2195d83baacc1

Download Submit
C:\Windows\system\XkhRbmK.exe

Filesize
6.0MB

MD5
5f3e74c2b43030165c05c621e5a51e78

SHA1
2158bc743c09d73c8cf2f8c2d309bd78c745cb03

SHA256
7271bd6ce2ab6de280801cf9f5808fb41324ce6e2b5503cdb67c206a73632cfa

SHA512
9618aebb18d663793410ca3867fe1fb9e72b91189f6a34a2a2c28c097a208de5efe5baed16664c1c93e43cdc82b045b9a075301f680756202acc95560f4a8e70

Download Submit
C:\Windows\system\dwwBTly.exe

Filesize
6.0MB

MD5
d8f44e40db521ae1b5a3a8cd3168de34

SHA1
97e311332d6e41aee144d5c3450b03e10d6c5ca8

SHA256
738902a948e6cac292851656fef5afc21a70be14ae739430b9596205b7c9c3c1

SHA512
d070524aa8b20b0518cc24b0f9fb0d70a6536432ccb08844c1014018195ca32464ed9e8c385776aed49fe43b41a4c8aaf7085d57aa45de7c0948f7135dde3c53

Download Submit
C:\Windows\system\gIkgHGL.exe

Filesize
6.0MB

MD5
f1940ba8a397a310419ee46986cb8eee

SHA1
f1114fd39bbcc1c83737eafce70b5a7d49066440

SHA256
a8bd079c8bc35a65338cb7398d3e0da0a6a61a8b0d8fab8fc763ee70a25b40c5

SHA512
5229759874e7144b193d425719126caea7f7666e059e315acb9aed978ff4b1c3edbb20d768a00387d0dbbbe7eb7744320a23574c0639b3a4fe2c6857e227e532

Download Submit
C:\Windows\system\gXsbmAd.exe

Filesize
6.0MB

MD5
07326470b5d43d8f2fb9ef8a40fc8e48

SHA1
869d0ee721b440e97103dd80f0916da9b091c4a7

SHA256
a8481bb6e1cca6acee8917c4389f6b3e0745ebd8650177f01002f2e892cfb04f

SHA512
8c5564fd395e4799e6ee3c483a5fdf539c277026ba3c937d4db6565b3b71e2f1c4d5cf0a4490bd5654d2d9ee7f67223303338a4afa3a425fbf863686e3607553

Download Submit
C:\Windows\system\jTCfHvz.exe

Filesize
6.0MB

MD5
83b26d5407b6394660304eb9a2f413f3

SHA1
1b65df1b7edad66dd25a0ec61dd9abf1d328743f

SHA256
5e783cf728c179084ce972c452fc107aab10c0c195dcee599978db07360abc71

SHA512
d2bd5d08e50eff7d7b92e7550465a1afd6905d646a333bd35de39e95d3bc157c7a5dc315b7c3c26b389c7fb6e3d3b8ec167b535cb091327842b08d4fcf8cd578

Download Submit
C:\Windows\system\kIhkqMh.exe

Filesize
6.0MB

MD5
30e6117e63390ff88eafa723050c831d

SHA1
19891c0c00f9e8c6682abbeed00d44e70792daf4

SHA256
d5aecf24fb4f23b2fd606d77ed12c5ea8c299dec25897ce1c9cf24cb9b6f4eb2

SHA512
8e03d2530e9ef7e70d152168a9666d13d1d2c8fda797612c2722178cc4361d09740ebd041990828b7ec9b494082d4a6cb6f4435a379c3a5e4f24281f60479d94

Download Submit
C:\Windows\system\kWpQQPT.exe

Filesize
6.0MB

MD5
d26740e0fff03e9484041a5005097e1c

SHA1
fad1a89f370bb57b9e881c031c04a1dbd325a543

SHA256
8ae3df3934b1a99dfc2dcec7f9efe174bcc057eed9503c0dd3e3eb0202dd6d77

SHA512
a543f27b7763731a42be3c0553dcef7be7b2436766df76f6e74eaf6e84627e274615be64ebefa722a6ad7a41bf21bf77ffe895ecc5de4e9fd1fd82678dea5253

Download Submit
C:\Windows\system\kgeIIdp.exe

Filesize
6.0MB

MD5
f378e36ea95c379c82069e1779a78bf6

SHA1
3718ab73824ff5ac1021b0c3a836555eed9d9ae5

SHA256
9c921db8c3077f1445f33f17af85c9337358839cbe7b752039eb5a5f9dea92cb

SHA512
b449a83dcaaf207f3c7f1b88673942900d39b15d223b1109c6e439771cffef053ba0aa74c1d6bce595bc25dcf33933d87cfac6d3d1bec3a0fcf45ac68dc035f1

Download Submit
C:\Windows\system\oJSkjpp.exe

Filesize
6.0MB

MD5
3d8137623d1049819ab92f6b86e9de24

SHA1
aa1c0c13ceaef0a2772f09d56ff96495123e9537

SHA256
af7d716debb8f7534d6789f6f42d7d5d1f1d57e95f5b7f71ee4ed26e05fa36ff

SHA512
c909ecc4de15af13284c391486ad68cf70c7beaa3e0ea7020734df55d214cde7d7b4ce045ea513ac8ea192e0cc6c74e26bfdc3374aeffd456223146e4c4cbd21

Download Submit
C:\Windows\system\pCGndtr.exe

Filesize
6.0MB

MD5
e4748bbd8a04562758332ec07a94f5b5

SHA1
d64563e033cab2323620c71d436517ea6eae2c68

SHA256
6ea472fe1036bc3c84b22563abd52860904414ecfc8a62d32fff4d7381641e94

SHA512
8b6f572889151fc7510730196bd7e3c23cd1dbaa2a23996557de2dd402e6e154a0f9b50aa260cdcdcab3a67e5226e3119d1cd4d7b9b362b998936e3b72564a29

Download Submit
C:\Windows\system\pKqjPqV.exe

Filesize
6.0MB

MD5
3ae09a41e9ae5260f0b948458e2291e9

SHA1
a97ad5c9ab4d23165b8000b787dceb006a493d68

SHA256
962368f74e9b1aa65ee700154fab38e7397700bf3bf4bd086f9a626ecb6e0607

SHA512
f452ec15c9d7dacd942fb0dfe9b2b2edc7283ccd027c3d93700260869426d596403cfb90f7e43268ac95833b41a9913500fb7feb71f2602ad4d1c9f487841cbd

Download Submit
C:\Windows\system\qZozcMX.exe

Filesize
6.0MB

MD5
0b592da4efa3df335da302cd36729269

SHA1
3eb5774449631120cf9e62d64e63eadb5a2b8bc9

SHA256
6aefceb9e733e2dd416f8e58bb578a7ae63dd80c53a52702ab59da2214e55d87

SHA512
97081a927a7ed3bfbb9a2a2b8dd1f61171ce661e568c737bae7f362d7cde2c31734aa327d010731845e718b191a474470c501f685640b679f3b462fe8f7bd09d

Download Submit
C:\Windows\system\sCXfFAd.exe

Filesize
6.0MB

MD5
452df394eef97842c101ed933b6d6e32

SHA1
6b6558f6eab5b957f247ce0eb014c1ee96de4793

SHA256
361e52cd0d02e2a2f96a1a302bffd0cff3b1d8ab54e8b365fe48f7b2e3a86ef6

SHA512
edff3fe1eb0ebd5fe0b7b89f59028b98f7a3fe49795bc30b434dc6a8415438ed685febdc24f11bdbd6bf63b60c0d6835ca4a978d946f58c76cbafba23e45a5eb

Download Submit
C:\Windows\system\uVKnDZo.exe

Filesize
6.0MB

MD5
7febf99a636fb8a11a14aec4d845a80a

SHA1
9ecf7b5dc5343d781735882d1cad2f60254ea501

SHA256
b6ff520c63aada8f093432acff7e1e0e02d07a4e89b45f1069e523f96808459b

SHA512
89e02e0571486abec7f2368e1ccb4be1c20b6eca66fcb2ea48ca5d08f08b03954ec4f0e84ebf3b46deb8f899530c6a66902873d89e4c456cf4956e2007ff31d0

Download Submit
C:\Windows\system\wlxJUTo.exe

Filesize
6.0MB

MD5
9a32e10eab5970b396d50209a61c625f

SHA1
16d2043796bd533200de797d384b73abab9cecba

SHA256
89746cfd15f8f2d05f6af79a62f5681a204c860f8488e20a1fb3e2f660daa5fd

SHA512
02a00cfaa024dc7964cfbc4c57c29e48ff962d16ac291c2b6b68ea70d4dc30a510e74c81990d9040570dd0a8d4f6754b284eed5f09e022ef82bd782454318611

Download Submit
C:\Windows\system\yLUTgeQ.exe

Filesize
6.0MB

MD5
e0952b746752b041552cffc0b94c73f0

SHA1
dc3c8f0475ec2a2929854fc51951ca234a1d3e4a

SHA256
8cdbd2f01f846593e638a3dd7debc559b996fdb78f19259ea452fc05b5c999f4

SHA512
d8577ac1dbaa3d0bc170a58ea910c1b08f3b5596105aba2890e820c80d2710493624f6bbd97cb9514fe9b967903b37de2d9f2e22c64b34a7db4308e46b7b064e

Download Submit
\Windows\system\COUyHfQ.exe

Filesize
6.0MB

MD5
039c36e372e99f8341b8d34460175ee5

SHA1
9e0b5e1e11aa736b4c99c118d8e3db17df955b34

SHA256
332873e39959c95fd27b4da568409982cdb4e361bda939ae5989c4924e6a87af

SHA512
ffdd1a995fa2790568ee23c37af536c20be6adf534539ff1efb4ea7d558ccd8c5371552bc26712d9388526d7dca98dc1a63be7ae7f95ec725e396fa3558f7e05

Download Submit
\Windows\system\NSOChbQ.exe

Filesize
6.0MB

MD5
9c75dfb62d6678c51a05d01f360c2f0e

SHA1
eb4a445788031635c885966936f68fae34eea058

SHA256
675528686c178b5659ef2b51a1eca3f13f50f29fac0567dc2c435b2446d7fb87

SHA512
da48402153118a21e498525f2746414262b85edcc90124a223d4dfe6cedddbeaac0ff3797ffeb1e033cb857e6df7eee8c57f20471098a95e286dbbb35b4abf73

Download Submit
\Windows\system\RJqXBnx.exe

Filesize
6.0MB

MD5
9dfb77da53bd2a62007dea42642fbb8d

SHA1
2bec13c10677ac3b35e3aa17ef90e689b5543f85

SHA256
4ecf871110392a6e61b33fe19ea198ec5daf086949760ab3a8ad262db96f21e7

SHA512
a35cbc23872d411e114db02a6fb281242c089ebcea024ed8d8b50c1f50452d1f3f370746e83c186dae547d34bc7aa5b0a8c907b7348566b4767a6e4793565a33

Download Submit
\Windows\system\nzsGLqN.exe

Filesize
6.0MB

MD5
6d9d1faf796a225e6edced956fd0dd8f

SHA1
9ad73131a6f60686eb5ca798d22a41853814ff6d

SHA256
57471b6f3376e6ab97b51621bbd3a318d7c43d67273d00b18fffc7be63fdb533

SHA512
aee0644145117b5e7d7cfafef1e8d17ef72764a0aef8f9851f920dca26b4dbb8fb1a96479d63bc109e73d679ccda594b26e7148f47bbb4e68f2476213cdf536f

Download Submit
\Windows\system\owUdiom.exe

Filesize
6.0MB

MD5
4aed700f975f35ffac5b1f3a37c428c0

SHA1
43cb608907fbed20cb49d6fd732cb0a2a500e41d

SHA256
f8efea6963010a47d2876555dbfed932eaa801fe07e0264e6bab8944e93511d2

SHA512
8336b0c532341f3c05c27d4ff76233c1b67c39775707b0cbbe237ad06d7e32bdc242b668a3e7597de66034cf9a9f9ed41984d4456fa841e4a9cd54028cca6ffa

Download Submit
\Windows\system\rUXWllr.exe

Filesize
6.0MB

MD5
3698685217f4036a875066e5f4563140

SHA1
51f376969bc2c088e1592359ec870305c31a6428

SHA256
fdf4e7ded7ee2b7b1ea7c79c017251a2274796b64b9d9aedd8b36c20b5dbd4bd

SHA512
a8da2153afa16cf842c3fce00aea425b92b33dafdb370341ed1321a5244a9f6e7b43122b11538a8134e1893ef789babcf4d8f522d5753e7f4323f0707026e7ea

Download Submit
memory/600-98-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/600-3660-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/836-3675-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/836-82-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-22-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1432-3654-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1512-3663-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1512-81-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3676-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1956-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2068-80-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2068-4246-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3655-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-60-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-20-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-88-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3674-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-500-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-97-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-218-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-499-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-73-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-72-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-71-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-701-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-67-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2380-87-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-882-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-51-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2380-50-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1072-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-48-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2380-39-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2380-111-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2380-34-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-28-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2380-17-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2380-102-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-21-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2380-18-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-49-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3659-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2688-40-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3658-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-96-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2958-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2820-23-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2824-29-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3669-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2824-79-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2860-883-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3668-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2860-103-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2880-86-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3662-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2880-35-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download