cobaltstrike | d85e9d2d979fe595e26aecb82239c43d51a1617f5228ad5ccee8f352b3980e0d

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01/02/2025, 12:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

eae06c3c54e61366d8b4cd829989f039
SHA1

4d8d02b130d63268ce109c2aa319998ba0484b3a
SHA256

d85e9d2d979fe595e26aecb82239c43d51a1617f5228ad5ccee8f352b3980e0d
SHA512

9ffc8fda3273b8dd047a6bc94b3039da75c9e80347f4298c55ae932221ca726d47d0377076287d97aee07f14da60c7cba7b85d96ba2380c8ab50e520630210cb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019326-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019394-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a0-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-34.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000018b89-40.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-56.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019480-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019489-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-110.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1996-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/files/0x0008000000019326-12.dat	xmrig
behavioral1/memory/2476-14-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1996-20-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0007000000019394-19.dat	xmrig
behavioral1/memory/2908-22-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a0-24.dat	xmrig
behavioral1/memory/2812-29-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2256-11-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2824-36-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2844-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00060000000193b8-34.dat	xmrig
behavioral1/memory/1996-41-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0026000000018b89-40.dat	xmrig
behavioral1/memory/2256-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2476-48-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c7-47.dat	xmrig
behavioral1/memory/1144-55-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2908-54-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0006000000019470-56.dat	xmrig
behavioral1/memory/2696-62-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2812-64-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019480-63.dat	xmrig
behavioral1/memory/2492-70-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1996-69-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2824-71-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000019489-72.dat	xmrig
behavioral1/memory/2844-74-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2644-77-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-89.dat	xmrig
behavioral1/files/0x000500000001a03c-85.dat	xmrig
behavioral1/memory/1260-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2760-99-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2628-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fdd-82.dat	xmrig
behavioral1/memory/1996-103-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2696-102-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-107.dat	xmrig
behavioral1/files/0x000500000001a3ab-115.dat	xmrig
behavioral1/files/0x000500000001a3f8-129.dat	xmrig
behavioral1/files/0x000500000001a400-139.dat	xmrig
behavioral1/files/0x000500000001a438-149.dat	xmrig
behavioral1/files/0x000500000001a44d-160.dat	xmrig
behavioral1/files/0x000500000001a46f-194.dat	xmrig
behavioral1/memory/2644-250-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/1472-541-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-200.dat	xmrig
behavioral1/files/0x000500000001a46d-190.dat	xmrig
behavioral1/files/0x000500000001a46b-184.dat	xmrig
behavioral1/files/0x000500000001a463-174.dat	xmrig
behavioral1/files/0x000500000001a469-180.dat	xmrig
behavioral1/files/0x000500000001a457-165.dat	xmrig
behavioral1/files/0x000500000001a459-169.dat	xmrig
behavioral1/files/0x000500000001a404-144.dat	xmrig
behavioral1/files/0x000500000001a44f-157.dat	xmrig
behavioral1/files/0x000500000001a3fd-134.dat	xmrig
behavioral1/files/0x000500000001a3f6-124.dat	xmrig
behavioral1/memory/1996-113-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-110.dat	xmrig
behavioral1/memory/1472-109-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2256-1005-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2812-1008-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2908-1007-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2256	lHJgIDT.exe
2476	WWjGOEM.exe
2908	RrkUVFB.exe
2812	KAZjDBl.exe
2824	nzMoJrg.exe
2844	tXiEEOe.exe
1144	XYPJLJh.exe
2696	oNoFfrc.exe
2492	ShebpuX.exe
2644	MuLJbJe.exe
2628	qIxIhis.exe
1260	DWVGJVc.exe
2760	WDUDVrw.exe
1472	fKGRafH.exe
3024	GNTmkZo.exe
2952	bfZhrNt.exe
848	oXscZEr.exe
2992	CmCWxok.exe
2424	DAezSIz.exe
1204	aVelQCh.exe
2084	rOqHqGl.exe
1488	UZdZhbK.exe
2112	kkgIPzy.exe
2168	mQUFIga.exe
2088	lWTSSGE.exe
2208	EKikSJf.exe
2388	OImSqCj.exe
2412	ixQoPUI.exe
2160	Yfevver.exe
2164	hbAxXOF.exe
2552	YZlZPgn.exe
1288	sAezRDr.exe
2456	VWfoXYS.exe
2624	GCjjTKc.exe
864	FQNmOoE.exe
1380	PYwmUhr.exe
1484	VLvKzjn.exe
1724	btSUqmr.exe
2916	czwBItQ.exe
1740	iCIQFFZ.exe
612	bWLjtmS.exe
2000	OdSlUzC.exe
2516	qQvXxIk.exe
2280	TkESWkn.exe
940	vnbmMTz.exe
1816	VzojRck.exe
1652	vCTnjfS.exe
548	ZPtmGoX.exe
880	lrFSNZv.exe
2596	vbiYokc.exe
2284	BrRLjhL.exe
1548	DjIHjnZ.exe
1376	VgyTiNw.exe
2804	KAyMkwQ.exe
2892	bbLdLHa.exe
1660	nPBPsvQ.exe
2860	IIlkiIC.exe
2664	GzlUIFN.exe
692	pacNIhK.exe
2132	hAvzYZW.exe
2800	VAaqoXH.exe
2856	zfwUnvL.exe
2680	AIwRdOB.exe
2684	HIYJRoO.exe

Loads dropped DLL 64 IoCs

pid	Process
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1996-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/files/0x0008000000019326-12.dat	upx
behavioral1/memory/2476-14-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0007000000019394-19.dat	upx
behavioral1/memory/2908-22-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x00060000000193a0-24.dat	upx
behavioral1/memory/2812-29-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2256-11-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2824-36-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2844-42-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00060000000193b8-34.dat	upx
behavioral1/memory/1996-41-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0026000000018b89-40.dat	upx
behavioral1/memory/2256-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2476-48-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00060000000193c7-47.dat	upx
behavioral1/memory/1144-55-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2908-54-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0006000000019470-56.dat	upx
behavioral1/memory/2696-62-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2812-64-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0008000000019480-63.dat	upx
behavioral1/memory/2492-70-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2824-71-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000019489-72.dat	upx
behavioral1/memory/2844-74-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2644-77-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000500000001a049-89.dat	upx
behavioral1/files/0x000500000001a03c-85.dat	upx
behavioral1/memory/1260-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2760-99-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2628-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019fdd-82.dat	upx
behavioral1/memory/2696-102-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-107.dat	upx
behavioral1/files/0x000500000001a3ab-115.dat	upx
behavioral1/files/0x000500000001a3f8-129.dat	upx
behavioral1/files/0x000500000001a400-139.dat	upx
behavioral1/files/0x000500000001a438-149.dat	upx
behavioral1/files/0x000500000001a44d-160.dat	upx
behavioral1/files/0x000500000001a46f-194.dat	upx
behavioral1/memory/2644-250-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/1472-541-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x000500000001a471-200.dat	upx
behavioral1/files/0x000500000001a46d-190.dat	upx
behavioral1/files/0x000500000001a46b-184.dat	upx
behavioral1/files/0x000500000001a463-174.dat	upx
behavioral1/files/0x000500000001a469-180.dat	upx
behavioral1/files/0x000500000001a457-165.dat	upx
behavioral1/files/0x000500000001a459-169.dat	upx
behavioral1/files/0x000500000001a404-144.dat	upx
behavioral1/files/0x000500000001a44f-157.dat	upx
behavioral1/files/0x000500000001a3fd-134.dat	upx
behavioral1/files/0x000500000001a3f6-124.dat	upx
behavioral1/files/0x000500000001a309-110.dat	upx
behavioral1/memory/1472-109-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2256-1005-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2812-1008-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2908-1007-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2476-1006-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2824-1040-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2844-1055-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1144-1061-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QzyiufO.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIChUrQ.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWDanKI.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JITYWdt.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDjoFPy.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmCzsLE.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLrVlec.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryOkkoS.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYPximh.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxjGgvb.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkSNGYT.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjRNuSS.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqjFUoP.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIMAVWe.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEpTfju.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtzeTba.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUBFpLm.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLAEpJe.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeGWLcS.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piTqjSS.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAbUkWK.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GghWiic.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgBusyz.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odpcyMA.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmtKJDP.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKxKzzh.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKwuRET.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOwVdPN.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfKuZuz.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvLCFEF.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNXyljd.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNgoacf.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crQDExQ.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMbYWcv.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjzaTmT.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDVcoxW.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKTWwfs.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAJAmjd.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtXaJGU.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIxIhis.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNTmkZo.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfNdHpz.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygaJjzi.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPVvtNv.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taIcisn.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQlZbki.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXKkYUd.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHaXXTX.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGePwXb.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oknSFif.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTFsbIr.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDhrIKJ.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrmubMc.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKQLotL.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynCtzCB.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDpsJyr.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuLPunH.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmEFDfZ.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIEYroU.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAzJPEq.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYbnWld.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogLdUKy.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSCTBat.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYPJLJh.exe	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2256	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1996 wrote to memory of 2256	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1996 wrote to memory of 2256	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1996 wrote to memory of 2476	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 2476	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 2476	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 2908	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 2908	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 2908	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 2812	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2812	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2812	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2824	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2824	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2824	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2844	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 2844	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 2844	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 1144	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 1144	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 1144	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 2696	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2696	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2696	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2492	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2492	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2492	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2644	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 2644	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 2644	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 2628	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 2628	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 2628	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 1260	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 1260	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 1260	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 2760	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 2760	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 2760	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 1472	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 1472	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 1472	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 2952	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 2952	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 2952	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 3024	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 3024	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 3024	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 848	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 848	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 848	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 2992	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 2992	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 2992	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 2424	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 2424	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 2424	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 1204	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 1204	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 1204	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 2084	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 2084	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 2084	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 1488	1996	2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_eae06c3c54e61366d8b4cd829989f039_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\System\lHJgIDT.exe
  C:\Windows\System\lHJgIDT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\WWjGOEM.exe
  C:\Windows\System\WWjGOEM.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RrkUVFB.exe
  C:\Windows\System\RrkUVFB.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\KAZjDBl.exe
  C:\Windows\System\KAZjDBl.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nzMoJrg.exe
  C:\Windows\System\nzMoJrg.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\tXiEEOe.exe
  C:\Windows\System\tXiEEOe.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\XYPJLJh.exe
  C:\Windows\System\XYPJLJh.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\oNoFfrc.exe
  C:\Windows\System\oNoFfrc.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ShebpuX.exe
  C:\Windows\System\ShebpuX.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\MuLJbJe.exe
  C:\Windows\System\MuLJbJe.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\qIxIhis.exe
  C:\Windows\System\qIxIhis.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\DWVGJVc.exe
  C:\Windows\System\DWVGJVc.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\WDUDVrw.exe
  C:\Windows\System\WDUDVrw.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\fKGRafH.exe
  C:\Windows\System\fKGRafH.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\bfZhrNt.exe
  C:\Windows\System\bfZhrNt.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\GNTmkZo.exe
  C:\Windows\System\GNTmkZo.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\oXscZEr.exe
  C:\Windows\System\oXscZEr.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\CmCWxok.exe
  C:\Windows\System\CmCWxok.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DAezSIz.exe
  C:\Windows\System\DAezSIz.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\aVelQCh.exe
  C:\Windows\System\aVelQCh.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\rOqHqGl.exe
  C:\Windows\System\rOqHqGl.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\UZdZhbK.exe
  C:\Windows\System\UZdZhbK.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mQUFIga.exe
  C:\Windows\System\mQUFIga.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\kkgIPzy.exe
  C:\Windows\System\kkgIPzy.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\lWTSSGE.exe
  C:\Windows\System\lWTSSGE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EKikSJf.exe
  C:\Windows\System\EKikSJf.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\OImSqCj.exe
  C:\Windows\System\OImSqCj.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ixQoPUI.exe
  C:\Windows\System\ixQoPUI.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\Yfevver.exe
  C:\Windows\System\Yfevver.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\hbAxXOF.exe
  C:\Windows\System\hbAxXOF.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\YZlZPgn.exe
  C:\Windows\System\YZlZPgn.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\sAezRDr.exe
  C:\Windows\System\sAezRDr.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\VWfoXYS.exe
  C:\Windows\System\VWfoXYS.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\GCjjTKc.exe
  C:\Windows\System\GCjjTKc.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\FQNmOoE.exe
  C:\Windows\System\FQNmOoE.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\PYwmUhr.exe
  C:\Windows\System\PYwmUhr.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\VLvKzjn.exe
  C:\Windows\System\VLvKzjn.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\btSUqmr.exe
  C:\Windows\System\btSUqmr.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\czwBItQ.exe
  C:\Windows\System\czwBItQ.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\iCIQFFZ.exe
  C:\Windows\System\iCIQFFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\bWLjtmS.exe
  C:\Windows\System\bWLjtmS.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\OdSlUzC.exe
  C:\Windows\System\OdSlUzC.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\qQvXxIk.exe
  C:\Windows\System\qQvXxIk.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\TkESWkn.exe
  C:\Windows\System\TkESWkn.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vnbmMTz.exe
  C:\Windows\System\vnbmMTz.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\VzojRck.exe
  C:\Windows\System\VzojRck.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\vCTnjfS.exe
  C:\Windows\System\vCTnjfS.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ZPtmGoX.exe
  C:\Windows\System\ZPtmGoX.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\lrFSNZv.exe
  C:\Windows\System\lrFSNZv.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\vbiYokc.exe
  C:\Windows\System\vbiYokc.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\BrRLjhL.exe
  C:\Windows\System\BrRLjhL.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\DjIHjnZ.exe
  C:\Windows\System\DjIHjnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\VgyTiNw.exe
  C:\Windows\System\VgyTiNw.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\KAyMkwQ.exe
  C:\Windows\System\KAyMkwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\bbLdLHa.exe
  C:\Windows\System\bbLdLHa.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\nPBPsvQ.exe
  C:\Windows\System\nPBPsvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\IIlkiIC.exe
  C:\Windows\System\IIlkiIC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\GzlUIFN.exe
  C:\Windows\System\GzlUIFN.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pacNIhK.exe
  C:\Windows\System\pacNIhK.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\hAvzYZW.exe
  C:\Windows\System\hAvzYZW.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\VAaqoXH.exe
  C:\Windows\System\VAaqoXH.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\zfwUnvL.exe
  C:\Windows\System\zfwUnvL.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\AIwRdOB.exe
  C:\Windows\System\AIwRdOB.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\HIYJRoO.exe
  C:\Windows\System\HIYJRoO.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\TIChUrQ.exe
  C:\Windows\System\TIChUrQ.exe
  2⤵
  PID:1164
- C:\Windows\System\ZctmuUt.exe
  C:\Windows\System\ZctmuUt.exe
  2⤵
  PID:584
- C:\Windows\System\Xjxnmec.exe
  C:\Windows\System\Xjxnmec.exe
  2⤵
  PID:2912
- C:\Windows\System\QDoGAzs.exe
  C:\Windows\System\QDoGAzs.exe
  2⤵
  PID:2940
- C:\Windows\System\ZFJcdNg.exe
  C:\Windows\System\ZFJcdNg.exe
  2⤵
  PID:1732
- C:\Windows\System\mGeTyZn.exe
  C:\Windows\System\mGeTyZn.exe
  2⤵
  PID:2984
- C:\Windows\System\NQgdnWh.exe
  C:\Windows\System\NQgdnWh.exe
  2⤵
  PID:2988
- C:\Windows\System\RltWsAT.exe
  C:\Windows\System\RltWsAT.exe
  2⤵
  PID:3004
- C:\Windows\System\WKaVBnt.exe
  C:\Windows\System\WKaVBnt.exe
  2⤵
  PID:1060
- C:\Windows\System\odiEzep.exe
  C:\Windows\System\odiEzep.exe
  2⤵
  PID:760
- C:\Windows\System\bSDnGQx.exe
  C:\Windows\System\bSDnGQx.exe
  2⤵
  PID:540
- C:\Windows\System\PrjvVUV.exe
  C:\Windows\System\PrjvVUV.exe
  2⤵
  PID:1644
- C:\Windows\System\GfmOMPc.exe
  C:\Windows\System\GfmOMPc.exe
  2⤵
  PID:2196
- C:\Windows\System\lEoHLmV.exe
  C:\Windows\System\lEoHLmV.exe
  2⤵
  PID:2344
- C:\Windows\System\yOvAROd.exe
  C:\Windows\System\yOvAROd.exe
  2⤵
  PID:2068
- C:\Windows\System\YVTFzvN.exe
  C:\Windows\System\YVTFzvN.exe
  2⤵
  PID:1308
- C:\Windows\System\crkACQw.exe
  C:\Windows\System\crkACQw.exe
  2⤵
  PID:2776
- C:\Windows\System\akQxGww.exe
  C:\Windows\System\akQxGww.exe
  2⤵
  PID:1672
- C:\Windows\System\gyevHfD.exe
  C:\Windows\System\gyevHfD.exe
  2⤵
  PID:3064
- C:\Windows\System\IFZxbZi.exe
  C:\Windows\System\IFZxbZi.exe
  2⤵
  PID:1020
- C:\Windows\System\LHSawAH.exe
  C:\Windows\System\LHSawAH.exe
  2⤵
  PID:2216
- C:\Windows\System\iPaazqT.exe
  C:\Windows\System\iPaazqT.exe
  2⤵
  PID:1764
- C:\Windows\System\XVMwKqH.exe
  C:\Windows\System\XVMwKqH.exe
  2⤵
  PID:1728
- C:\Windows\System\ZQNgrWP.exe
  C:\Windows\System\ZQNgrWP.exe
  2⤵
  PID:2016
- C:\Windows\System\AfiPsoL.exe
  C:\Windows\System\AfiPsoL.exe
  2⤵
  PID:1564
- C:\Windows\System\xFrWGvB.exe
  C:\Windows\System\xFrWGvB.exe
  2⤵
  PID:2092
- C:\Windows\System\griMHOE.exe
  C:\Windows\System\griMHOE.exe
  2⤵
  PID:2436
- C:\Windows\System\VaVhNNZ.exe
  C:\Windows\System\VaVhNNZ.exe
  2⤵
  PID:108
- C:\Windows\System\wvwGhbu.exe
  C:\Windows\System\wvwGhbu.exe
  2⤵
  PID:2124
- C:\Windows\System\mNYTRic.exe
  C:\Windows\System\mNYTRic.exe
  2⤵
  PID:1608
- C:\Windows\System\JKwuRET.exe
  C:\Windows\System\JKwuRET.exe
  2⤵
  PID:2932
- C:\Windows\System\ZGZMWYW.exe
  C:\Windows\System\ZGZMWYW.exe
  2⤵
  PID:2148
- C:\Windows\System\UMOolCR.exe
  C:\Windows\System\UMOolCR.exe
  2⤵
  PID:1704
- C:\Windows\System\YdbMuEt.exe
  C:\Windows\System\YdbMuEt.exe
  2⤵
  PID:2720
- C:\Windows\System\llllyHf.exe
  C:\Windows\System\llllyHf.exe
  2⤵
  PID:2116
- C:\Windows\System\GIlQQgI.exe
  C:\Windows\System\GIlQQgI.exe
  2⤵
  PID:3044
- C:\Windows\System\GqBAwXJ.exe
  C:\Windows\System\GqBAwXJ.exe
  2⤵
  PID:2648
- C:\Windows\System\RxrzifD.exe
  C:\Windows\System\RxrzifD.exe
  2⤵
  PID:1928
- C:\Windows\System\lqQOcOp.exe
  C:\Windows\System\lqQOcOp.exe
  2⤵
  PID:1356
- C:\Windows\System\NkvFqZX.exe
  C:\Windows\System\NkvFqZX.exe
  2⤵
  PID:1580
- C:\Windows\System\eObhxfV.exe
  C:\Windows\System\eObhxfV.exe
  2⤵
  PID:2972
- C:\Windows\System\OcnuhcO.exe
  C:\Windows\System\OcnuhcO.exe
  2⤵
  PID:3020
- C:\Windows\System\fCOQHTS.exe
  C:\Windows\System\fCOQHTS.exe
  2⤵
  PID:2980
- C:\Windows\System\zndIXHE.exe
  C:\Windows\System\zndIXHE.exe
  2⤵
  PID:2444
- C:\Windows\System\MhvJWme.exe
  C:\Windows\System\MhvJWme.exe
  2⤵
  PID:2376
- C:\Windows\System\LohKWTT.exe
  C:\Windows\System\LohKWTT.exe
  2⤵
  PID:1876
- C:\Windows\System\fNCkQhF.exe
  C:\Windows\System\fNCkQhF.exe
  2⤵
  PID:948
- C:\Windows\System\fflXrzu.exe
  C:\Windows\System\fflXrzu.exe
  2⤵
  PID:1532
- C:\Windows\System\pYCVMjG.exe
  C:\Windows\System\pYCVMjG.exe
  2⤵
  PID:928
- C:\Windows\System\BizHRqs.exe
  C:\Windows\System\BizHRqs.exe
  2⤵
  PID:1812
- C:\Windows\System\DyrfXaX.exe
  C:\Windows\System\DyrfXaX.exe
  2⤵
  PID:1748
- C:\Windows\System\mcViFQN.exe
  C:\Windows\System\mcViFQN.exe
  2⤵
  PID:1620
- C:\Windows\System\BSPwgMc.exe
  C:\Windows\System\BSPwgMc.exe
  2⤵
  PID:1736
- C:\Windows\System\dfVZglQ.exe
  C:\Windows\System\dfVZglQ.exe
  2⤵
  PID:2188
- C:\Windows\System\jWWCIlI.exe
  C:\Windows\System\jWWCIlI.exe
  2⤵
  PID:3036
- C:\Windows\System\SEUXboh.exe
  C:\Windows\System\SEUXboh.exe
  2⤵
  PID:1588
- C:\Windows\System\Gowmvye.exe
  C:\Windows\System\Gowmvye.exe
  2⤵
  PID:2120
- C:\Windows\System\mSjhlgB.exe
  C:\Windows\System\mSjhlgB.exe
  2⤵
  PID:2660
- C:\Windows\System\MpwyBWY.exe
  C:\Windows\System\MpwyBWY.exe
  2⤵
  PID:2820
- C:\Windows\System\fgDBKlx.exe
  C:\Windows\System\fgDBKlx.exe
  2⤵
  PID:2728
- C:\Windows\System\LmiRtHk.exe
  C:\Windows\System\LmiRtHk.exe
  2⤵
  PID:2792
- C:\Windows\System\cFQzJaU.exe
  C:\Windows\System\cFQzJaU.exe
  2⤵
  PID:1636
- C:\Windows\System\uHRBlEI.exe
  C:\Windows\System\uHRBlEI.exe
  2⤵
  PID:1640
- C:\Windows\System\gvUMcXu.exe
  C:\Windows\System\gvUMcXu.exe
  2⤵
  PID:2236
- C:\Windows\System\zmnpRTB.exe
  C:\Windows\System\zmnpRTB.exe
  2⤵
  PID:1820
- C:\Windows\System\FKsjfFu.exe
  C:\Windows\System\FKsjfFu.exe
  2⤵
  PID:676
- C:\Windows\System\SiQOIjP.exe
  C:\Windows\System\SiQOIjP.exe
  2⤵
  PID:440
- C:\Windows\System\AXfQGIM.exe
  C:\Windows\System\AXfQGIM.exe
  2⤵
  PID:2432
- C:\Windows\System\qMvVXmb.exe
  C:\Windows\System\qMvVXmb.exe
  2⤵
  PID:2004
- C:\Windows\System\tGMRccS.exe
  C:\Windows\System\tGMRccS.exe
  2⤵
  PID:996
- C:\Windows\System\dxYsYnC.exe
  C:\Windows\System\dxYsYnC.exe
  2⤵
  PID:2784
- C:\Windows\System\awecbwk.exe
  C:\Windows\System\awecbwk.exe
  2⤵
  PID:2296
- C:\Windows\System\chWRyPU.exe
  C:\Windows\System\chWRyPU.exe
  2⤵
  PID:2868
- C:\Windows\System\nXzDKEW.exe
  C:\Windows\System\nXzDKEW.exe
  2⤵
  PID:952
- C:\Windows\System\tEnGFxl.exe
  C:\Windows\System\tEnGFxl.exe
  2⤵
  PID:976
- C:\Windows\System\ZdzOSYK.exe
  C:\Windows\System\ZdzOSYK.exe
  2⤵
  PID:2888
- C:\Windows\System\yOMKORz.exe
  C:\Windows\System\yOMKORz.exe
  2⤵
  PID:1864
- C:\Windows\System\ewccEQR.exe
  C:\Windows\System\ewccEQR.exe
  2⤵
  PID:3080
- C:\Windows\System\SKnUrRa.exe
  C:\Windows\System\SKnUrRa.exe
  2⤵
  PID:3100
- C:\Windows\System\SBDEpbx.exe
  C:\Windows\System\SBDEpbx.exe
  2⤵
  PID:3120
- C:\Windows\System\VtzeTba.exe
  C:\Windows\System\VtzeTba.exe
  2⤵
  PID:3140
- C:\Windows\System\WyXlSGj.exe
  C:\Windows\System\WyXlSGj.exe
  2⤵
  PID:3164
- C:\Windows\System\ILiHSrz.exe
  C:\Windows\System\ILiHSrz.exe
  2⤵
  PID:3184
- C:\Windows\System\jbHzLMN.exe
  C:\Windows\System\jbHzLMN.exe
  2⤵
  PID:3204
- C:\Windows\System\TEHlfYk.exe
  C:\Windows\System\TEHlfYk.exe
  2⤵
  PID:3224
- C:\Windows\System\vPbreVi.exe
  C:\Windows\System\vPbreVi.exe
  2⤵
  PID:3244
- C:\Windows\System\VbzzLoV.exe
  C:\Windows\System\VbzzLoV.exe
  2⤵
  PID:3264
- C:\Windows\System\iPaBYZQ.exe
  C:\Windows\System\iPaBYZQ.exe
  2⤵
  PID:3288
- C:\Windows\System\FbxydJY.exe
  C:\Windows\System\FbxydJY.exe
  2⤵
  PID:3308
- C:\Windows\System\ulhhgfa.exe
  C:\Windows\System\ulhhgfa.exe
  2⤵
  PID:3332
- C:\Windows\System\PuLPunH.exe
  C:\Windows\System\PuLPunH.exe
  2⤵
  PID:3352
- C:\Windows\System\qZYELFE.exe
  C:\Windows\System\qZYELFE.exe
  2⤵
  PID:3372
- C:\Windows\System\LqyMVVj.exe
  C:\Windows\System\LqyMVVj.exe
  2⤵
  PID:3392
- C:\Windows\System\BpjTrNt.exe
  C:\Windows\System\BpjTrNt.exe
  2⤵
  PID:3412
- C:\Windows\System\fCHaMUA.exe
  C:\Windows\System\fCHaMUA.exe
  2⤵
  PID:3436
- C:\Windows\System\iVhyqok.exe
  C:\Windows\System\iVhyqok.exe
  2⤵
  PID:3472
- C:\Windows\System\BPhHQXx.exe
  C:\Windows\System\BPhHQXx.exe
  2⤵
  PID:3492
- C:\Windows\System\uhNlKEV.exe
  C:\Windows\System\uhNlKEV.exe
  2⤵
  PID:3512
- C:\Windows\System\GGuZYPe.exe
  C:\Windows\System\GGuZYPe.exe
  2⤵
  PID:3532
- C:\Windows\System\HplGfXz.exe
  C:\Windows\System\HplGfXz.exe
  2⤵
  PID:3552
- C:\Windows\System\UkvjrAh.exe
  C:\Windows\System\UkvjrAh.exe
  2⤵
  PID:3572
- C:\Windows\System\RKXsewk.exe
  C:\Windows\System\RKXsewk.exe
  2⤵
  PID:3588
- C:\Windows\System\dSsqJPi.exe
  C:\Windows\System\dSsqJPi.exe
  2⤵
  PID:3612
- C:\Windows\System\TVHLswU.exe
  C:\Windows\System\TVHLswU.exe
  2⤵
  PID:3632
- C:\Windows\System\kUujCnJ.exe
  C:\Windows\System\kUujCnJ.exe
  2⤵
  PID:3660
- C:\Windows\System\JuULlXx.exe
  C:\Windows\System\JuULlXx.exe
  2⤵
  PID:3676
- C:\Windows\System\xgKtEEQ.exe
  C:\Windows\System\xgKtEEQ.exe
  2⤵
  PID:3700
- C:\Windows\System\UwtZHWG.exe
  C:\Windows\System\UwtZHWG.exe
  2⤵
  PID:3720
- C:\Windows\System\GmEFDfZ.exe
  C:\Windows\System\GmEFDfZ.exe
  2⤵
  PID:3740
- C:\Windows\System\vfNdHpz.exe
  C:\Windows\System\vfNdHpz.exe
  2⤵
  PID:3760
- C:\Windows\System\hqQoMvk.exe
  C:\Windows\System\hqQoMvk.exe
  2⤵
  PID:3780
- C:\Windows\System\taugGIr.exe
  C:\Windows\System\taugGIr.exe
  2⤵
  PID:3800
- C:\Windows\System\MrWfLJe.exe
  C:\Windows\System\MrWfLJe.exe
  2⤵
  PID:3820
- C:\Windows\System\DuZDUTX.exe
  C:\Windows\System\DuZDUTX.exe
  2⤵
  PID:3840
- C:\Windows\System\GhLEdBv.exe
  C:\Windows\System\GhLEdBv.exe
  2⤵
  PID:3860
- C:\Windows\System\HKooaxe.exe
  C:\Windows\System\HKooaxe.exe
  2⤵
  PID:3880
- C:\Windows\System\afkddNC.exe
  C:\Windows\System\afkddNC.exe
  2⤵
  PID:3900
- C:\Windows\System\jAbUkWK.exe
  C:\Windows\System\jAbUkWK.exe
  2⤵
  PID:3920
- C:\Windows\System\tDhSinf.exe
  C:\Windows\System\tDhSinf.exe
  2⤵
  PID:3940
- C:\Windows\System\tdAMoqo.exe
  C:\Windows\System\tdAMoqo.exe
  2⤵
  PID:3964
- C:\Windows\System\vWGXpnP.exe
  C:\Windows\System\vWGXpnP.exe
  2⤵
  PID:3984
- C:\Windows\System\DRNPUsY.exe
  C:\Windows\System\DRNPUsY.exe
  2⤵
  PID:4004
- C:\Windows\System\KrmYdtZ.exe
  C:\Windows\System\KrmYdtZ.exe
  2⤵
  PID:4028
- C:\Windows\System\bZCmIRQ.exe
  C:\Windows\System\bZCmIRQ.exe
  2⤵
  PID:4048
- C:\Windows\System\lPnUpMt.exe
  C:\Windows\System\lPnUpMt.exe
  2⤵
  PID:4068
- C:\Windows\System\SMaBzSl.exe
  C:\Windows\System\SMaBzSl.exe
  2⤵
  PID:4088
- C:\Windows\System\lDpwVWs.exe
  C:\Windows\System\lDpwVWs.exe
  2⤵
  PID:1780
- C:\Windows\System\dxkwAvG.exe
  C:\Windows\System\dxkwAvG.exe
  2⤵
  PID:3060
- C:\Windows\System\tWXfKKv.exe
  C:\Windows\System\tWXfKKv.exe
  2⤵
  PID:2488
- C:\Windows\System\ybAsrPt.exe
  C:\Windows\System\ybAsrPt.exe
  2⤵
  PID:1856
- C:\Windows\System\oxbCVPa.exe
  C:\Windows\System\oxbCVPa.exe
  2⤵
  PID:2836
- C:\Windows\System\fNghXBZ.exe
  C:\Windows\System\fNghXBZ.exe
  2⤵
  PID:2520
- C:\Windows\System\ISqLjId.exe
  C:\Windows\System\ISqLjId.exe
  2⤵
  PID:280
- C:\Windows\System\ygaJjzi.exe
  C:\Windows\System\ygaJjzi.exe
  2⤵
  PID:2040
- C:\Windows\System\MEDRcot.exe
  C:\Windows\System\MEDRcot.exe
  2⤵
  PID:3136
- C:\Windows\System\OjRytll.exe
  C:\Windows\System\OjRytll.exe
  2⤵
  PID:3160
- C:\Windows\System\ByQnnrF.exe
  C:\Windows\System\ByQnnrF.exe
  2⤵
  PID:924
- C:\Windows\System\TRhCKPD.exe
  C:\Windows\System\TRhCKPD.exe
  2⤵
  PID:3256
- C:\Windows\System\zpERfij.exe
  C:\Windows\System\zpERfij.exe
  2⤵
  PID:3200
- C:\Windows\System\CZbAnzx.exe
  C:\Windows\System\CZbAnzx.exe
  2⤵
  PID:3272
- C:\Windows\System\SpTuNFQ.exe
  C:\Windows\System\SpTuNFQ.exe
  2⤵
  PID:3344
- C:\Windows\System\hZvYlXp.exe
  C:\Windows\System\hZvYlXp.exe
  2⤵
  PID:3424
- C:\Windows\System\NnvEOtA.exe
  C:\Windows\System\NnvEOtA.exe
  2⤵
  PID:3364
- C:\Windows\System\oAlglsY.exe
  C:\Windows\System\oAlglsY.exe
  2⤵
  PID:3444
- C:\Windows\System\tJcrALQ.exe
  C:\Windows\System\tJcrALQ.exe
  2⤵
  PID:2956
- C:\Windows\System\WXUGhVa.exe
  C:\Windows\System\WXUGhVa.exe
  2⤵
  PID:2724
- C:\Windows\System\xosAEZu.exe
  C:\Windows\System\xosAEZu.exe
  2⤵
  PID:3520
- C:\Windows\System\iethaPQ.exe
  C:\Windows\System\iethaPQ.exe
  2⤵
  PID:3528
- C:\Windows\System\gRCYpmf.exe
  C:\Windows\System\gRCYpmf.exe
  2⤵
  PID:3568
- C:\Windows\System\eUaeMgq.exe
  C:\Windows\System\eUaeMgq.exe
  2⤵
  PID:3596
- C:\Windows\System\yWdoZKl.exe
  C:\Windows\System\yWdoZKl.exe
  2⤵
  PID:2032
- C:\Windows\System\SSVWhLP.exe
  C:\Windows\System\SSVWhLP.exe
  2⤵
  PID:3644
- C:\Windows\System\cEOBvqF.exe
  C:\Windows\System\cEOBvqF.exe
  2⤵
  PID:3696
- C:\Windows\System\XbstAAf.exe
  C:\Windows\System\XbstAAf.exe
  2⤵
  PID:3736
- C:\Windows\System\qApLrPO.exe
  C:\Windows\System\qApLrPO.exe
  2⤵
  PID:3776
- C:\Windows\System\xpCeRZk.exe
  C:\Windows\System\xpCeRZk.exe
  2⤵
  PID:3752
- C:\Windows\System\LxKgPtQ.exe
  C:\Windows\System\LxKgPtQ.exe
  2⤵
  PID:3788
- C:\Windows\System\KzhbVwT.exe
  C:\Windows\System\KzhbVwT.exe
  2⤵
  PID:3852
- C:\Windows\System\vzEQCDe.exe
  C:\Windows\System\vzEQCDe.exe
  2⤵
  PID:3896
- C:\Windows\System\nrCwbkV.exe
  C:\Windows\System\nrCwbkV.exe
  2⤵
  PID:3928
- C:\Windows\System\JsuxEQy.exe
  C:\Windows\System\JsuxEQy.exe
  2⤵
  PID:3932
- C:\Windows\System\gsjeJig.exe
  C:\Windows\System\gsjeJig.exe
  2⤵
  PID:3960
- C:\Windows\System\uXghgCD.exe
  C:\Windows\System\uXghgCD.exe
  2⤵
  PID:3996
- C:\Windows\System\LzUmHJm.exe
  C:\Windows\System\LzUmHJm.exe
  2⤵
  PID:4040
- C:\Windows\System\RFfjAnx.exe
  C:\Windows\System\RFfjAnx.exe
  2⤵
  PID:4080
- C:\Windows\System\MlWkKla.exe
  C:\Windows\System\MlWkKla.exe
  2⤵
  PID:332
- C:\Windows\System\KIuRGfh.exe
  C:\Windows\System\KIuRGfh.exe
  2⤵
  PID:2816
- C:\Windows\System\uOwVdPN.exe
  C:\Windows\System\uOwVdPN.exe
  2⤵
  PID:3056
- C:\Windows\System\QbsybDV.exe
  C:\Windows\System\QbsybDV.exe
  2⤵
  PID:2176
- C:\Windows\System\JPXlSQT.exe
  C:\Windows\System\JPXlSQT.exe
  2⤵
  PID:3128
- C:\Windows\System\ztobyDs.exe
  C:\Windows\System\ztobyDs.exe
  2⤵
  PID:3148
- C:\Windows\System\gjIUshp.exe
  C:\Windows\System\gjIUshp.exe
  2⤵
  PID:3304
- C:\Windows\System\gTCpFZu.exe
  C:\Windows\System\gTCpFZu.exe
  2⤵
  PID:3300
- C:\Windows\System\cvTVQAU.exe
  C:\Windows\System\cvTVQAU.exe
  2⤵
  PID:3348
- C:\Windows\System\VBFLsgh.exe
  C:\Windows\System\VBFLsgh.exe
  2⤵
  PID:3420
- C:\Windows\System\jJpzvGY.exe
  C:\Windows\System\jJpzvGY.exe
  2⤵
  PID:2612
- C:\Windows\System\QDZjmuE.exe
  C:\Windows\System\QDZjmuE.exe
  2⤵
  PID:3404
- C:\Windows\System\RBkgVwI.exe
  C:\Windows\System\RBkgVwI.exe
  2⤵
  PID:972
- C:\Windows\System\QQDpWap.exe
  C:\Windows\System\QQDpWap.exe
  2⤵
  PID:3500
- C:\Windows\System\aerBMeU.exe
  C:\Windows\System\aerBMeU.exe
  2⤵
  PID:3564
- C:\Windows\System\mbbXUHU.exe
  C:\Windows\System\mbbXUHU.exe
  2⤵
  PID:3692
- C:\Windows\System\bSQXNSQ.exe
  C:\Windows\System\bSQXNSQ.exe
  2⤵
  PID:3728
- C:\Windows\System\JheEEkf.exe
  C:\Windows\System\JheEEkf.exe
  2⤵
  PID:3812
- C:\Windows\System\fOyyDWD.exe
  C:\Windows\System\fOyyDWD.exe
  2⤵
  PID:3792
- C:\Windows\System\xqbHvAW.exe
  C:\Windows\System\xqbHvAW.exe
  2⤵
  PID:1340
- C:\Windows\System\wAxVdKm.exe
  C:\Windows\System\wAxVdKm.exe
  2⤵
  PID:3936
- C:\Windows\System\NlBaoRx.exe
  C:\Windows\System\NlBaoRx.exe
  2⤵
  PID:4020
- C:\Windows\System\xActKdk.exe
  C:\Windows\System\xActKdk.exe
  2⤵
  PID:4056
- C:\Windows\System\nYGAiXu.exe
  C:\Windows\System\nYGAiXu.exe
  2⤵
  PID:2504
- C:\Windows\System\mQklphn.exe
  C:\Windows\System\mQklphn.exe
  2⤵
  PID:2448
- C:\Windows\System\DJYtSzB.exe
  C:\Windows\System\DJYtSzB.exe
  2⤵
  PID:2732
- C:\Windows\System\PbuEHgU.exe
  C:\Windows\System\PbuEHgU.exe
  2⤵
  PID:3180
- C:\Windows\System\FkyogVn.exe
  C:\Windows\System\FkyogVn.exe
  2⤵
  PID:3212
- C:\Windows\System\aoiulAk.exe
  C:\Windows\System\aoiulAk.exe
  2⤵
  PID:3388
- C:\Windows\System\fwUqJcL.exe
  C:\Windows\System\fwUqJcL.exe
  2⤵
  PID:2968
- C:\Windows\System\HYFEJln.exe
  C:\Windows\System\HYFEJln.exe
  2⤵
  PID:3560
- C:\Windows\System\dLKJugm.exe
  C:\Windows\System\dLKJugm.exe
  2⤵
  PID:3480
- C:\Windows\System\egDcBpW.exe
  C:\Windows\System\egDcBpW.exe
  2⤵
  PID:3628
- C:\Windows\System\kFNNhxc.exe
  C:\Windows\System\kFNNhxc.exe
  2⤵
  PID:3708
- C:\Windows\System\LKkgEbE.exe
  C:\Windows\System\LKkgEbE.exe
  2⤵
  PID:3888
- C:\Windows\System\YkeoIfi.exe
  C:\Windows\System\YkeoIfi.exe
  2⤵
  PID:3868
- C:\Windows\System\fWYrtsX.exe
  C:\Windows\System\fWYrtsX.exe
  2⤵
  PID:4076
- C:\Windows\System\teSeumh.exe
  C:\Windows\System\teSeumh.exe
  2⤵
  PID:4036
- C:\Windows\System\xzmpQlo.exe
  C:\Windows\System\xzmpQlo.exe
  2⤵
  PID:1072
- C:\Windows\System\ZYMTfiN.exe
  C:\Windows\System\ZYMTfiN.exe
  2⤵
  PID:3008
- C:\Windows\System\mMqyisT.exe
  C:\Windows\System\mMqyisT.exe
  2⤵
  PID:3260
- C:\Windows\System\XSKmoor.exe
  C:\Windows\System\XSKmoor.exe
  2⤵
  PID:3464
- C:\Windows\System\unAILML.exe
  C:\Windows\System\unAILML.exe
  2⤵
  PID:3808
- C:\Windows\System\PudvxSk.exe
  C:\Windows\System\PudvxSk.exe
  2⤵
  PID:3548
- C:\Windows\System\KPVvtNv.exe
  C:\Windows\System\KPVvtNv.exe
  2⤵
  PID:3832
- C:\Windows\System\hVLysFA.exe
  C:\Windows\System\hVLysFA.exe
  2⤵
  PID:2008
- C:\Windows\System\avFxKRp.exe
  C:\Windows\System\avFxKRp.exe
  2⤵
  PID:4120
- C:\Windows\System\pVFlFxT.exe
  C:\Windows\System\pVFlFxT.exe
  2⤵
  PID:4140
- C:\Windows\System\SjNjaec.exe
  C:\Windows\System\SjNjaec.exe
  2⤵
  PID:4160
- C:\Windows\System\hLCnvXN.exe
  C:\Windows\System\hLCnvXN.exe
  2⤵
  PID:4180
- C:\Windows\System\nBNsruB.exe
  C:\Windows\System\nBNsruB.exe
  2⤵
  PID:4200
- C:\Windows\System\xmnmljo.exe
  C:\Windows\System\xmnmljo.exe
  2⤵
  PID:4220
- C:\Windows\System\IagxLyC.exe
  C:\Windows\System\IagxLyC.exe
  2⤵
  PID:4244
- C:\Windows\System\taIcisn.exe
  C:\Windows\System\taIcisn.exe
  2⤵
  PID:4264
- C:\Windows\System\qfIDrhd.exe
  C:\Windows\System\qfIDrhd.exe
  2⤵
  PID:4284
- C:\Windows\System\XLzoUiz.exe
  C:\Windows\System\XLzoUiz.exe
  2⤵
  PID:4304
- C:\Windows\System\lrrkbja.exe
  C:\Windows\System\lrrkbja.exe
  2⤵
  PID:4324
- C:\Windows\System\SpBgZqa.exe
  C:\Windows\System\SpBgZqa.exe
  2⤵
  PID:4344
- C:\Windows\System\slsernN.exe
  C:\Windows\System\slsernN.exe
  2⤵
  PID:4364
- C:\Windows\System\OLjpftg.exe
  C:\Windows\System\OLjpftg.exe
  2⤵
  PID:4384
- C:\Windows\System\munYqhm.exe
  C:\Windows\System\munYqhm.exe
  2⤵
  PID:4400
- C:\Windows\System\bUHGWSs.exe
  C:\Windows\System\bUHGWSs.exe
  2⤵
  PID:4428
- C:\Windows\System\xYfUSov.exe
  C:\Windows\System\xYfUSov.exe
  2⤵
  PID:4448
- C:\Windows\System\zvjzYvg.exe
  C:\Windows\System\zvjzYvg.exe
  2⤵
  PID:4468
- C:\Windows\System\wVVOjhO.exe
  C:\Windows\System\wVVOjhO.exe
  2⤵
  PID:4488
- C:\Windows\System\agIWaYN.exe
  C:\Windows\System\agIWaYN.exe
  2⤵
  PID:4508
- C:\Windows\System\RayoDRk.exe
  C:\Windows\System\RayoDRk.exe
  2⤵
  PID:4528
- C:\Windows\System\hsOZkuQ.exe
  C:\Windows\System\hsOZkuQ.exe
  2⤵
  PID:4548
- C:\Windows\System\dByEKSF.exe
  C:\Windows\System\dByEKSF.exe
  2⤵
  PID:4568
- C:\Windows\System\JdrpLbD.exe
  C:\Windows\System\JdrpLbD.exe
  2⤵
  PID:4588
- C:\Windows\System\VPfnhMR.exe
  C:\Windows\System\VPfnhMR.exe
  2⤵
  PID:4712
- C:\Windows\System\GzdPmNO.exe
  C:\Windows\System\GzdPmNO.exe
  2⤵
  PID:4732
- C:\Windows\System\wlxtZZi.exe
  C:\Windows\System\wlxtZZi.exe
  2⤵
  PID:4748
- C:\Windows\System\DJZYdlr.exe
  C:\Windows\System\DJZYdlr.exe
  2⤵
  PID:4764
- C:\Windows\System\GMUdqSs.exe
  C:\Windows\System\GMUdqSs.exe
  2⤵
  PID:4780
- C:\Windows\System\btIuVWu.exe
  C:\Windows\System\btIuVWu.exe
  2⤵
  PID:4796
- C:\Windows\System\IDcuQMh.exe
  C:\Windows\System\IDcuQMh.exe
  2⤵
  PID:4812
- C:\Windows\System\vaVDlkb.exe
  C:\Windows\System\vaVDlkb.exe
  2⤵
  PID:4828
- C:\Windows\System\kkZARqX.exe
  C:\Windows\System\kkZARqX.exe
  2⤵
  PID:4844
- C:\Windows\System\rDXeUvE.exe
  C:\Windows\System\rDXeUvE.exe
  2⤵
  PID:4860
- C:\Windows\System\ZZoIViM.exe
  C:\Windows\System\ZZoIViM.exe
  2⤵
  PID:4876
- C:\Windows\System\LFzNuug.exe
  C:\Windows\System\LFzNuug.exe
  2⤵
  PID:4892
- C:\Windows\System\OSMocAB.exe
  C:\Windows\System\OSMocAB.exe
  2⤵
  PID:4908
- C:\Windows\System\BsTdZEJ.exe
  C:\Windows\System\BsTdZEJ.exe
  2⤵
  PID:4924
- C:\Windows\System\BiWPNhL.exe
  C:\Windows\System\BiWPNhL.exe
  2⤵
  PID:4976
- C:\Windows\System\kOUNMrM.exe
  C:\Windows\System\kOUNMrM.exe
  2⤵
  PID:4992
- C:\Windows\System\ZFOrQQy.exe
  C:\Windows\System\ZFOrQQy.exe
  2⤵
  PID:5016
- C:\Windows\System\BIRkZnd.exe
  C:\Windows\System\BIRkZnd.exe
  2⤵
  PID:5036
- C:\Windows\System\omZUHrD.exe
  C:\Windows\System\omZUHrD.exe
  2⤵
  PID:5052
- C:\Windows\System\qkSNGYT.exe
  C:\Windows\System\qkSNGYT.exe
  2⤵
  PID:5084
- C:\Windows\System\wQlZbki.exe
  C:\Windows\System\wQlZbki.exe
  2⤵
  PID:1064
- C:\Windows\System\jkZghYY.exe
  C:\Windows\System\jkZghYY.exe
  2⤵
  PID:2924
- C:\Windows\System\CEYNdNm.exe
  C:\Windows\System\CEYNdNm.exe
  2⤵
  PID:3236
- C:\Windows\System\ieWvujv.exe
  C:\Windows\System\ieWvujv.exe
  2⤵
  PID:3584
- C:\Windows\System\yiFGDRb.exe
  C:\Windows\System\yiFGDRb.exe
  2⤵
  PID:3836
- C:\Windows\System\zgHDCFG.exe
  C:\Windows\System\zgHDCFG.exe
  2⤵
  PID:4116
- C:\Windows\System\PxTCMTo.exe
  C:\Windows\System\PxTCMTo.exe
  2⤵
  PID:4168
- C:\Windows\System\fUnYWdI.exe
  C:\Windows\System\fUnYWdI.exe
  2⤵
  PID:4156
- C:\Windows\System\kAxjesj.exe
  C:\Windows\System\kAxjesj.exe
  2⤵
  PID:4216
- C:\Windows\System\dYDwBqB.exe
  C:\Windows\System\dYDwBqB.exe
  2⤵
  PID:4252
- C:\Windows\System\DLUACvK.exe
  C:\Windows\System\DLUACvK.exe
  2⤵
  PID:4296
- C:\Windows\System\XelfgHm.exe
  C:\Windows\System\XelfgHm.exe
  2⤵
  PID:4276
- C:\Windows\System\digRhsV.exe
  C:\Windows\System\digRhsV.exe
  2⤵
  PID:4336
- C:\Windows\System\iuxhLxd.exe
  C:\Windows\System\iuxhLxd.exe
  2⤵
  PID:4376
- C:\Windows\System\UJPbAKm.exe
  C:\Windows\System\UJPbAKm.exe
  2⤵
  PID:4420
- C:\Windows\System\SDUGTHE.exe
  C:\Windows\System\SDUGTHE.exe
  2⤵
  PID:4416
- C:\Windows\System\JFklEMo.exe
  C:\Windows\System\JFklEMo.exe
  2⤵
  PID:4440
- C:\Windows\System\yNtpyAF.exe
  C:\Windows\System\yNtpyAF.exe
  2⤵
  PID:4484
- C:\Windows\System\OIEYroU.exe
  C:\Windows\System\OIEYroU.exe
  2⤵
  PID:4536
- C:\Windows\System\WxbkRGx.exe
  C:\Windows\System\WxbkRGx.exe
  2⤵
  PID:4576
- C:\Windows\System\oatXqnO.exe
  C:\Windows\System\oatXqnO.exe
  2⤵
  PID:1992
- C:\Windows\System\ShCKzOB.exe
  C:\Windows\System\ShCKzOB.exe
  2⤵
  PID:1216
- C:\Windows\System\BEXslYK.exe
  C:\Windows\System\BEXslYK.exe
  2⤵
  PID:2056
- C:\Windows\System\biOBgwT.exe
  C:\Windows\System\biOBgwT.exe
  2⤵
  PID:2212
- C:\Windows\System\lneyzGb.exe
  C:\Windows\System\lneyzGb.exe
  2⤵
  PID:1212
- C:\Windows\System\BvmRDzY.exe
  C:\Windows\System\BvmRDzY.exe
  2⤵
  PID:4676
- C:\Windows\System\RsaeHzB.exe
  C:\Windows\System\RsaeHzB.exe
  2⤵
  PID:2508
- C:\Windows\System\oXphwuo.exe
  C:\Windows\System\oXphwuo.exe
  2⤵
  PID:2096
- C:\Windows\System\CPBKVkX.exe
  C:\Windows\System\CPBKVkX.exe
  2⤵
  PID:4692
- C:\Windows\System\neppmuK.exe
  C:\Windows\System\neppmuK.exe
  2⤵
  PID:1328
- C:\Windows\System\vIHJNuK.exe
  C:\Windows\System\vIHJNuK.exe
  2⤵
  PID:2512
- C:\Windows\System\TSYIbtX.exe
  C:\Windows\System\TSYIbtX.exe
  2⤵
  PID:4760
- C:\Windows\System\KOwhZPk.exe
  C:\Windows\System\KOwhZPk.exe
  2⤵
  PID:4744
- C:\Windows\System\lvDdmZT.exe
  C:\Windows\System\lvDdmZT.exe
  2⤵
  PID:4820
- C:\Windows\System\VVwHtCz.exe
  C:\Windows\System\VVwHtCz.exe
  2⤵
  PID:4856
- C:\Windows\System\UMwLTjE.exe
  C:\Windows\System\UMwLTjE.exe
  2⤵
  PID:4920
- C:\Windows\System\IWwhiuZ.exe
  C:\Windows\System\IWwhiuZ.exe
  2⤵
  PID:4900
- C:\Windows\System\hDlAZRy.exe
  C:\Windows\System\hDlAZRy.exe
  2⤵
  PID:4952
- C:\Windows\System\uDSzTEa.exe
  C:\Windows\System\uDSzTEa.exe
  2⤵
  PID:4972
- C:\Windows\System\EpFanLS.exe
  C:\Windows\System\EpFanLS.exe
  2⤵
  PID:5024
- C:\Windows\System\wGtzUca.exe
  C:\Windows\System\wGtzUca.exe
  2⤵
  PID:5060
- C:\Windows\System\BfKuZuz.exe
  C:\Windows\System\BfKuZuz.exe
  2⤵
  PID:5064
- C:\Windows\System\GWLzgJR.exe
  C:\Windows\System\GWLzgJR.exe
  2⤵
  PID:5108
- C:\Windows\System\XxCNiFK.exe
  C:\Windows\System\XxCNiFK.exe
  2⤵
  PID:5032
- C:\Windows\System\BtILqmL.exe
  C:\Windows\System\BtILqmL.exe
  2⤵
  PID:3408
- C:\Windows\System\UUBFpLm.exe
  C:\Windows\System\UUBFpLm.exe
  2⤵
  PID:3316
- C:\Windows\System\mYjfOPW.exe
  C:\Windows\System\mYjfOPW.exe
  2⤵
  PID:3876
- C:\Windows\System\vOJoRVi.exe
  C:\Windows\System\vOJoRVi.exe
  2⤵
  PID:4212
- C:\Windows\System\UeFBAXj.exe
  C:\Windows\System\UeFBAXj.exe
  2⤵
  PID:4148
- C:\Windows\System\cJSoZjK.exe
  C:\Windows\System\cJSoZjK.exe
  2⤵
  PID:4256
- C:\Windows\System\eNZoClR.exe
  C:\Windows\System\eNZoClR.exe
  2⤵
  PID:4316
- C:\Windows\System\qUfeWgD.exe
  C:\Windows\System\qUfeWgD.exe
  2⤵
  PID:4128
- C:\Windows\System\PUzKHKT.exe
  C:\Windows\System\PUzKHKT.exe
  2⤵
  PID:4340
- C:\Windows\System\sfYBbJE.exe
  C:\Windows\System\sfYBbJE.exe
  2⤵
  PID:4456
- C:\Windows\System\RXcjeKh.exe
  C:\Windows\System\RXcjeKh.exe
  2⤵
  PID:4520
- C:\Windows\System\cDKYveD.exe
  C:\Windows\System\cDKYveD.exe
  2⤵
  PID:4560
- C:\Windows\System\CywnLcz.exe
  C:\Windows\System\CywnLcz.exe
  2⤵
  PID:2840
- C:\Windows\System\IjOyHEy.exe
  C:\Windows\System\IjOyHEy.exe
  2⤵
  PID:2976
- C:\Windows\System\iEwnmWr.exe
  C:\Windows\System\iEwnmWr.exe
  2⤵
  PID:2392
- C:\Windows\System\jPlICmH.exe
  C:\Windows\System\jPlICmH.exe
  2⤵
  PID:1536
- C:\Windows\System\UweHKXo.exe
  C:\Windows\System\UweHKXo.exe
  2⤵
  PID:2400
- C:\Windows\System\vwOpHhr.exe
  C:\Windows\System\vwOpHhr.exe
  2⤵
  PID:2948
- C:\Windows\System\dSpiOuo.exe
  C:\Windows\System\dSpiOuo.exe
  2⤵
  PID:4728
- C:\Windows\System\QBToLoe.exe
  C:\Windows\System\QBToLoe.exe
  2⤵
  PID:4840
- C:\Windows\System\RaJfWQL.exe
  C:\Windows\System\RaJfWQL.exe
  2⤵
  PID:4836
- C:\Windows\System\UhivOCy.exe
  C:\Windows\System\UhivOCy.exe
  2⤵
  PID:4916
- C:\Windows\System\zMrcHpX.exe
  C:\Windows\System\zMrcHpX.exe
  2⤵
  PID:4956
- C:\Windows\System\dsBpBrH.exe
  C:\Windows\System\dsBpBrH.exe
  2⤵
  PID:5000
- C:\Windows\System\zBkSxhn.exe
  C:\Windows\System\zBkSxhn.exe
  2⤵
  PID:5044
- C:\Windows\System\RFinAge.exe
  C:\Windows\System\RFinAge.exe
  2⤵
  PID:5100
- C:\Windows\System\HYuqeUU.exe
  C:\Windows\System\HYuqeUU.exe
  2⤵
  PID:2404
- C:\Windows\System\QAzJPEq.exe
  C:\Windows\System\QAzJPEq.exe
  2⤵
  PID:4084
- C:\Windows\System\GyvHGtd.exe
  C:\Windows\System\GyvHGtd.exe
  2⤵
  PID:4196
- C:\Windows\System\Elrvihd.exe
  C:\Windows\System\Elrvihd.exe
  2⤵
  PID:4236
- C:\Windows\System\soKJRws.exe
  C:\Windows\System\soKJRws.exe
  2⤵
  PID:4272
- C:\Windows\System\ZmOcAaa.exe
  C:\Windows\System\ZmOcAaa.exe
  2⤵
  PID:4476
- C:\Windows\System\gbBnWWb.exe
  C:\Windows\System\gbBnWWb.exe
  2⤵
  PID:4240
- C:\Windows\System\mIgXtZw.exe
  C:\Windows\System\mIgXtZw.exe
  2⤵
  PID:5092
- C:\Windows\System\yXMSJTC.exe
  C:\Windows\System\yXMSJTC.exe
  2⤵
  PID:3432
- C:\Windows\System\jOxGhtF.exe
  C:\Windows\System\jOxGhtF.exe
  2⤵
  PID:1952
- C:\Windows\System\PDKTeiN.exe
  C:\Windows\System\PDKTeiN.exe
  2⤵
  PID:1312
- C:\Windows\System\sJRmwqs.exe
  C:\Windows\System\sJRmwqs.exe
  2⤵
  PID:1756
- C:\Windows\System\jcXfwED.exe
  C:\Windows\System\jcXfwED.exe
  2⤵
  PID:4888
- C:\Windows\System\nBwTBwl.exe
  C:\Windows\System\nBwTBwl.exe
  2⤵
  PID:4644
- C:\Windows\System\gmPsqtd.exe
  C:\Windows\System\gmPsqtd.exe
  2⤵
  PID:4932
- C:\Windows\System\jJnXDYu.exe
  C:\Windows\System\jJnXDYu.exe
  2⤵
  PID:5068
- C:\Windows\System\LCXjAFN.exe
  C:\Windows\System\LCXjAFN.exe
  2⤵
  PID:4516
- C:\Windows\System\KbxualK.exe
  C:\Windows\System\KbxualK.exe
  2⤵
  PID:3640
- C:\Windows\System\ussBtIc.exe
  C:\Windows\System\ussBtIc.exe
  2⤵
  PID:4300
- C:\Windows\System\ehlThbJ.exe
  C:\Windows\System\ehlThbJ.exe
  2⤵
  PID:4460
- C:\Windows\System\eBFQakD.exe
  C:\Windows\System\eBFQakD.exe
  2⤵
  PID:2152
- C:\Windows\System\PYumvOk.exe
  C:\Windows\System\PYumvOk.exe
  2⤵
  PID:4776
- C:\Windows\System\foJTrbq.exe
  C:\Windows\System\foJTrbq.exe
  2⤵
  PID:2544
- C:\Windows\System\TrsyrLI.exe
  C:\Windows\System\TrsyrLI.exe
  2⤵
  PID:4968
- C:\Windows\System\zKqkUUk.exe
  C:\Windows\System\zKqkUUk.exe
  2⤵
  PID:5104
- C:\Windows\System\ynHJinN.exe
  C:\Windows\System\ynHJinN.exe
  2⤵
  PID:3368
- C:\Windows\System\bXMtdlf.exe
  C:\Windows\System\bXMtdlf.exe
  2⤵
  PID:4136
- C:\Windows\System\zJiuyhQ.exe
  C:\Windows\System\zJiuyhQ.exe
  2⤵
  PID:3152
- C:\Windows\System\fWSnGEc.exe
  C:\Windows\System\fWSnGEc.exe
  2⤵
  PID:2172
- C:\Windows\System\BbhVJer.exe
  C:\Windows\System\BbhVJer.exe
  2⤵
  PID:3000
- C:\Windows\System\KyFZCvg.exe
  C:\Windows\System\KyFZCvg.exe
  2⤵
  PID:5028
- C:\Windows\System\jUIaphL.exe
  C:\Windows\System\jUIaphL.exe
  2⤵
  PID:4792
- C:\Windows\System\rfrOUgo.exe
  C:\Windows\System\rfrOUgo.exe
  2⤵
  PID:4640
- C:\Windows\System\MwJsEHs.exe
  C:\Windows\System\MwJsEHs.exe
  2⤵
  PID:3600
- C:\Windows\System\MyaYjMo.exe
  C:\Windows\System\MyaYjMo.exe
  2⤵
  PID:1084
- C:\Windows\System\TzSSCkX.exe
  C:\Windows\System\TzSSCkX.exe
  2⤵
  PID:4580
- C:\Windows\System\COBrIvV.exe
  C:\Windows\System\COBrIvV.exe
  2⤵
  PID:4112
- C:\Windows\System\BZLxXJE.exe
  C:\Windows\System\BZLxXJE.exe
  2⤵
  PID:4444
- C:\Windows\System\DBlPITR.exe
  C:\Windows\System\DBlPITR.exe
  2⤵
  PID:700
- C:\Windows\System\ifvzyyN.exe
  C:\Windows\System\ifvzyyN.exe
  2⤵
  PID:5140
- C:\Windows\System\SRDMIgT.exe
  C:\Windows\System\SRDMIgT.exe
  2⤵
  PID:5160
- C:\Windows\System\CSQHKKi.exe
  C:\Windows\System\CSQHKKi.exe
  2⤵
  PID:5188
- C:\Windows\System\HgvJvid.exe
  C:\Windows\System\HgvJvid.exe
  2⤵
  PID:5204
- C:\Windows\System\zmaAUrX.exe
  C:\Windows\System\zmaAUrX.exe
  2⤵
  PID:5220
- C:\Windows\System\BvLCFEF.exe
  C:\Windows\System\BvLCFEF.exe
  2⤵
  PID:5236
- C:\Windows\System\tCPZBCP.exe
  C:\Windows\System\tCPZBCP.exe
  2⤵
  PID:5264
- C:\Windows\System\IdbadNg.exe
  C:\Windows\System\IdbadNg.exe
  2⤵
  PID:5280
- C:\Windows\System\NjzMwkf.exe
  C:\Windows\System\NjzMwkf.exe
  2⤵
  PID:5300
- C:\Windows\System\LeqGLFz.exe
  C:\Windows\System\LeqGLFz.exe
  2⤵
  PID:5328
- C:\Windows\System\KOdXVzW.exe
  C:\Windows\System\KOdXVzW.exe
  2⤵
  PID:5348
- C:\Windows\System\dCkyxJz.exe
  C:\Windows\System\dCkyxJz.exe
  2⤵
  PID:5364
- C:\Windows\System\wQIBGQj.exe
  C:\Windows\System\wQIBGQj.exe
  2⤵
  PID:5380
- C:\Windows\System\oNDLiNn.exe
  C:\Windows\System\oNDLiNn.exe
  2⤵
  PID:5396
- C:\Windows\System\HAMkfvY.exe
  C:\Windows\System\HAMkfvY.exe
  2⤵
  PID:5424
- C:\Windows\System\Yslisas.exe
  C:\Windows\System\Yslisas.exe
  2⤵
  PID:5440
- C:\Windows\System\xYbnWld.exe
  C:\Windows\System\xYbnWld.exe
  2⤵
  PID:5464
- C:\Windows\System\wkQiYDS.exe
  C:\Windows\System\wkQiYDS.exe
  2⤵
  PID:5484
- C:\Windows\System\EoYRAgq.exe
  C:\Windows\System\EoYRAgq.exe
  2⤵
  PID:5508
- C:\Windows\System\bSCFXDj.exe
  C:\Windows\System\bSCFXDj.exe
  2⤵
  PID:5524
- C:\Windows\System\KXKkYUd.exe
  C:\Windows\System\KXKkYUd.exe
  2⤵
  PID:5548
- C:\Windows\System\TEUwjSH.exe
  C:\Windows\System\TEUwjSH.exe
  2⤵
  PID:5564
- C:\Windows\System\oWZDjxx.exe
  C:\Windows\System\oWZDjxx.exe
  2⤵
  PID:5584
- C:\Windows\System\ClGCXQZ.exe
  C:\Windows\System\ClGCXQZ.exe
  2⤵
  PID:5604
- C:\Windows\System\TRhfpZd.exe
  C:\Windows\System\TRhfpZd.exe
  2⤵
  PID:5628
- C:\Windows\System\gsAhZyE.exe
  C:\Windows\System\gsAhZyE.exe
  2⤵
  PID:5644
- C:\Windows\System\nRnxkTR.exe
  C:\Windows\System\nRnxkTR.exe
  2⤵
  PID:5668
- C:\Windows\System\jjigote.exe
  C:\Windows\System\jjigote.exe
  2⤵
  PID:5684
- C:\Windows\System\VAOAnwK.exe
  C:\Windows\System\VAOAnwK.exe
  2⤵
  PID:5712
- C:\Windows\System\AEUrSuZ.exe
  C:\Windows\System\AEUrSuZ.exe
  2⤵
  PID:5728
- C:\Windows\System\bmfeWqu.exe
  C:\Windows\System\bmfeWqu.exe
  2⤵
  PID:5744
- C:\Windows\System\JxxcHTq.exe
  C:\Windows\System\JxxcHTq.exe
  2⤵
  PID:5764
- C:\Windows\System\ahweRHj.exe
  C:\Windows\System\ahweRHj.exe
  2⤵
  PID:5784
- C:\Windows\System\dTQYLcL.exe
  C:\Windows\System\dTQYLcL.exe
  2⤵
  PID:5812
- C:\Windows\System\LeNzUfo.exe
  C:\Windows\System\LeNzUfo.exe
  2⤵
  PID:5836
- C:\Windows\System\GNMdnup.exe
  C:\Windows\System\GNMdnup.exe
  2⤵
  PID:5856
- C:\Windows\System\xbPSdon.exe
  C:\Windows\System\xbPSdon.exe
  2⤵
  PID:5876
- C:\Windows\System\ILAuqpK.exe
  C:\Windows\System\ILAuqpK.exe
  2⤵
  PID:5892
- C:\Windows\System\UQjrTdB.exe
  C:\Windows\System\UQjrTdB.exe
  2⤵
  PID:5912
- C:\Windows\System\zMNQmap.exe
  C:\Windows\System\zMNQmap.exe
  2⤵
  PID:5932
- C:\Windows\System\owqBhQe.exe
  C:\Windows\System\owqBhQe.exe
  2⤵
  PID:5956
- C:\Windows\System\mavsuau.exe
  C:\Windows\System\mavsuau.exe
  2⤵
  PID:5972
- C:\Windows\System\MNbOJBi.exe
  C:\Windows\System\MNbOJBi.exe
  2⤵
  PID:5992
- C:\Windows\System\POABmMY.exe
  C:\Windows\System\POABmMY.exe
  2⤵
  PID:6012
- C:\Windows\System\ScfMEGL.exe
  C:\Windows\System\ScfMEGL.exe
  2⤵
  PID:6036
- C:\Windows\System\kXsSOQM.exe
  C:\Windows\System\kXsSOQM.exe
  2⤵
  PID:6052
- C:\Windows\System\SAlNFIH.exe
  C:\Windows\System\SAlNFIH.exe
  2⤵
  PID:6072
- C:\Windows\System\zLAEpJe.exe
  C:\Windows\System\zLAEpJe.exe
  2⤵
  PID:6088
- C:\Windows\System\sBAIlhR.exe
  C:\Windows\System\sBAIlhR.exe
  2⤵
  PID:6116
- C:\Windows\System\srFJadq.exe
  C:\Windows\System\srFJadq.exe
  2⤵
  PID:6132
- C:\Windows\System\bvRyZdb.exe
  C:\Windows\System\bvRyZdb.exe
  2⤵
  PID:4556
- C:\Windows\System\hwKKbsw.exe
  C:\Windows\System\hwKKbsw.exe
  2⤵
  PID:5124
- C:\Windows\System\GQMGZtl.exe
  C:\Windows\System\GQMGZtl.exe
  2⤵
  PID:5076
- C:\Windows\System\yYFfpET.exe
  C:\Windows\System\yYFfpET.exe
  2⤵
  PID:5176
- C:\Windows\System\OXksGjJ.exe
  C:\Windows\System\OXksGjJ.exe
  2⤵
  PID:5200
- C:\Windows\System\WfEEugI.exe
  C:\Windows\System\WfEEugI.exe
  2⤵
  PID:5252
- C:\Windows\System\NoUQKzr.exe
  C:\Windows\System\NoUQKzr.exe
  2⤵
  PID:5292
- C:\Windows\System\qQGVleL.exe
  C:\Windows\System\qQGVleL.exe
  2⤵
  PID:5324
- C:\Windows\System\qMQBZOM.exe
  C:\Windows\System\qMQBZOM.exe
  2⤵
  PID:5156
- C:\Windows\System\HxrwYDF.exe
  C:\Windows\System\HxrwYDF.exe
  2⤵
  PID:5416
- C:\Windows\System\cJoAQDd.exe
  C:\Windows\System\cJoAQDd.exe
  2⤵
  PID:5388
- C:\Windows\System\mGMziSz.exe
  C:\Windows\System\mGMziSz.exe
  2⤵
  PID:5456
- C:\Windows\System\PVpFaWc.exe
  C:\Windows\System\PVpFaWc.exe
  2⤵
  PID:5476
- C:\Windows\System\vKFlhhB.exe
  C:\Windows\System\vKFlhhB.exe
  2⤵
  PID:5500
- C:\Windows\System\dTdyxfn.exe
  C:\Windows\System\dTdyxfn.exe
  2⤵
  PID:5540
- C:\Windows\System\dsOPSAI.exe
  C:\Windows\System\dsOPSAI.exe
  2⤵
  PID:5580
- C:\Windows\System\STtgDpr.exe
  C:\Windows\System\STtgDpr.exe
  2⤵
  PID:5616
- C:\Windows\System\FuuNlbL.exe
  C:\Windows\System\FuuNlbL.exe
  2⤵
  PID:5636
- C:\Windows\System\MFWLwiQ.exe
  C:\Windows\System\MFWLwiQ.exe
  2⤵
  PID:5676
- C:\Windows\System\HgrRbYj.exe
  C:\Windows\System\HgrRbYj.exe
  2⤵
  PID:5704
- C:\Windows\System\EPYYGZW.exe
  C:\Windows\System\EPYYGZW.exe
  2⤵
  PID:5772
- C:\Windows\System\wbniQIr.exe
  C:\Windows\System\wbniQIr.exe
  2⤵
  PID:5792
- C:\Windows\System\GOqNwdN.exe
  C:\Windows\System\GOqNwdN.exe
  2⤵
  PID:5804
- C:\Windows\System\TnkPfEC.exe
  C:\Windows\System\TnkPfEC.exe
  2⤵
  PID:5848
- C:\Windows\System\rvjfQLX.exe
  C:\Windows\System\rvjfQLX.exe
  2⤵
  PID:5888
- C:\Windows\System\UhKGlbS.exe
  C:\Windows\System\UhKGlbS.exe
  2⤵
  PID:5920
- C:\Windows\System\LiqnMXG.exe
  C:\Windows\System\LiqnMXG.exe
  2⤵
  PID:5944
- C:\Windows\System\ViczLJp.exe
  C:\Windows\System\ViczLJp.exe
  2⤵
  PID:5984
- C:\Windows\System\ORbdVGp.exe
  C:\Windows\System\ORbdVGp.exe
  2⤵
  PID:6024
- C:\Windows\System\HxMsTMd.exe
  C:\Windows\System\HxMsTMd.exe
  2⤵
  PID:6064
- C:\Windows\System\MDqpoKB.exe
  C:\Windows\System\MDqpoKB.exe
  2⤵
  PID:6080
- C:\Windows\System\kHWBnll.exe
  C:\Windows\System\kHWBnll.exe
  2⤵
  PID:6112
- C:\Windows\System\SAHhVwA.exe
  C:\Windows\System\SAHhVwA.exe
  2⤵
  PID:5132
- C:\Windows\System\BjsEKTu.exe
  C:\Windows\System\BjsEKTu.exe
  2⤵
  PID:4988
- C:\Windows\System\XQiDShJ.exe
  C:\Windows\System\XQiDShJ.exe
  2⤵
  PID:5796
- C:\Windows\System\MTqcVJC.exe
  C:\Windows\System\MTqcVJC.exe
  2⤵
  PID:5288
- C:\Windows\System\TLymKsH.exe
  C:\Windows\System\TLymKsH.exe
  2⤵
  PID:5316
- C:\Windows\System\DfHbNDb.exe
  C:\Windows\System\DfHbNDb.exe
  2⤵
  PID:5376
- C:\Windows\System\tJiTEXC.exe
  C:\Windows\System\tJiTEXC.exe
  2⤵
  PID:5532
- C:\Windows\System\caFKseJ.exe
  C:\Windows\System\caFKseJ.exe
  2⤵
  PID:5592
- C:\Windows\System\UAFbpml.exe
  C:\Windows\System\UAFbpml.exe
  2⤵
  PID:5572
- C:\Windows\System\YoStAaj.exe
  C:\Windows\System\YoStAaj.exe
  2⤵
  PID:5660
- C:\Windows\System\ANgjRWs.exe
  C:\Windows\System\ANgjRWs.exe
  2⤵
  PID:5740
- C:\Windows\System\VMUyRGd.exe
  C:\Windows\System\VMUyRGd.exe
  2⤵
  PID:5624
- C:\Windows\System\VRmtWUs.exe
  C:\Windows\System\VRmtWUs.exe
  2⤵
  PID:5760
- C:\Windows\System\FlxftIq.exe
  C:\Windows\System\FlxftIq.exe
  2⤵
  PID:5820
- C:\Windows\System\DvhdDvA.exe
  C:\Windows\System\DvhdDvA.exe
  2⤵
  PID:5868
- C:\Windows\System\eYHgAIu.exe
  C:\Windows\System\eYHgAIu.exe
  2⤵
  PID:5988
- C:\Windows\System\UEcQPFM.exe
  C:\Windows\System\UEcQPFM.exe
  2⤵
  PID:6008
- C:\Windows\System\ReEgtYY.exe
  C:\Windows\System\ReEgtYY.exe
  2⤵
  PID:6032
- C:\Windows\System\zzYYXNz.exe
  C:\Windows\System\zzYYXNz.exe
  2⤵
  PID:6096
- C:\Windows\System\YWeFbpc.exe
  C:\Windows\System\YWeFbpc.exe
  2⤵
  PID:4704
- C:\Windows\System\dHaXXTX.exe
  C:\Windows\System\dHaXXTX.exe
  2⤵
  PID:5196
- C:\Windows\System\Izefmve.exe
  C:\Windows\System\Izefmve.exe
  2⤵
  PID:5248
- C:\Windows\System\JHaMtaG.exe
  C:\Windows\System\JHaMtaG.exe
  2⤵
  PID:5340
- C:\Windows\System\jvzktKP.exe
  C:\Windows\System\jvzktKP.exe
  2⤵
  PID:5344
- C:\Windows\System\HQhILor.exe
  C:\Windows\System\HQhILor.exe
  2⤵
  PID:5452
- C:\Windows\System\JbYFtaD.exe
  C:\Windows\System\JbYFtaD.exe
  2⤵
  PID:5556
- C:\Windows\System\ARsTCRz.exe
  C:\Windows\System\ARsTCRz.exe
  2⤵
  PID:5700
- C:\Windows\System\BLJFRJc.exe
  C:\Windows\System\BLJFRJc.exe
  2⤵
  PID:5872
- C:\Windows\System\SVVwMwN.exe
  C:\Windows\System\SVVwMwN.exe
  2⤵
  PID:5904
- C:\Windows\System\cPefgXw.exe
  C:\Windows\System\cPefgXw.exe
  2⤵
  PID:5964
- C:\Windows\System\MOZemRZ.exe
  C:\Windows\System\MOZemRZ.exe
  2⤵
  PID:6100
- C:\Windows\System\sNXyljd.exe
  C:\Windows\System\sNXyljd.exe
  2⤵
  PID:6128
- C:\Windows\System\qgihUSw.exe
  C:\Windows\System\qgihUSw.exe
  2⤵
  PID:5232
- C:\Windows\System\PkpzzBx.exe
  C:\Windows\System\PkpzzBx.exe
  2⤵
  PID:5436
- C:\Windows\System\IZFdpcM.exe
  C:\Windows\System\IZFdpcM.exe
  2⤵
  PID:5544
- C:\Windows\System\dlpsupW.exe
  C:\Windows\System\dlpsupW.exe
  2⤵
  PID:5752
- C:\Windows\System\XKkzsBP.exe
  C:\Windows\System\XKkzsBP.exe
  2⤵
  PID:6004
- C:\Windows\System\tKnRvtG.exe
  C:\Windows\System\tKnRvtG.exe
  2⤵
  PID:5336
- C:\Windows\System\XIOzeeW.exe
  C:\Windows\System\XIOzeeW.exe
  2⤵
  PID:5940
- C:\Windows\System\XzBSCxP.exe
  C:\Windows\System\XzBSCxP.exe
  2⤵
  PID:5296
- C:\Windows\System\mSelrdk.exe
  C:\Windows\System\mSelrdk.exe
  2⤵
  PID:5516
- C:\Windows\System\nkWefvc.exe
  C:\Windows\System\nkWefvc.exe
  2⤵
  PID:6044
- C:\Windows\System\WlehxdX.exe
  C:\Windows\System\WlehxdX.exe
  2⤵
  PID:6060
- C:\Windows\System\DGYcnuR.exe
  C:\Windows\System\DGYcnuR.exe
  2⤵
  PID:5360
- C:\Windows\System\WkYqXVM.exe
  C:\Windows\System\WkYqXVM.exe
  2⤵
  PID:5828
- C:\Windows\System\dRkevSt.exe
  C:\Windows\System\dRkevSt.exe
  2⤵
  PID:5496
- C:\Windows\System\riJWXiw.exe
  C:\Windows\System\riJWXiw.exe
  2⤵
  PID:6152
- C:\Windows\System\JQFxvkr.exe
  C:\Windows\System\JQFxvkr.exe
  2⤵
  PID:6172
- C:\Windows\System\lJqEctZ.exe
  C:\Windows\System\lJqEctZ.exe
  2⤵
  PID:6196
- C:\Windows\System\EjWLUlD.exe
  C:\Windows\System\EjWLUlD.exe
  2⤵
  PID:6216
- C:\Windows\System\YhdtUJH.exe
  C:\Windows\System\YhdtUJH.exe
  2⤵
  PID:6236
- C:\Windows\System\qlvVXGk.exe
  C:\Windows\System\qlvVXGk.exe
  2⤵
  PID:6252
- C:\Windows\System\nMiFFew.exe
  C:\Windows\System\nMiFFew.exe
  2⤵
  PID:6272
- C:\Windows\System\qQVHGvy.exe
  C:\Windows\System\qQVHGvy.exe
  2⤵
  PID:6292
- C:\Windows\System\nsCWpfG.exe
  C:\Windows\System\nsCWpfG.exe
  2⤵
  PID:6316
- C:\Windows\System\uJsOIim.exe
  C:\Windows\System\uJsOIim.exe
  2⤵
  PID:6332
- C:\Windows\System\NlYDOyk.exe
  C:\Windows\System\NlYDOyk.exe
  2⤵
  PID:6356
- C:\Windows\System\EIxuusl.exe
  C:\Windows\System\EIxuusl.exe
  2⤵
  PID:6372
- C:\Windows\System\QSqQneC.exe
  C:\Windows\System\QSqQneC.exe
  2⤵
  PID:6396
- C:\Windows\System\HHlNrnf.exe
  C:\Windows\System\HHlNrnf.exe
  2⤵
  PID:6412
- C:\Windows\System\hJnCiSt.exe
  C:\Windows\System\hJnCiSt.exe
  2⤵
  PID:6436
- C:\Windows\System\DcuIlyf.exe
  C:\Windows\System\DcuIlyf.exe
  2⤵
  PID:6452
- C:\Windows\System\GCOsshF.exe
  C:\Windows\System\GCOsshF.exe
  2⤵
  PID:6472
- C:\Windows\System\jwXPaOx.exe
  C:\Windows\System\jwXPaOx.exe
  2⤵
  PID:6492
- C:\Windows\System\WaOHunm.exe
  C:\Windows\System\WaOHunm.exe
  2⤵
  PID:6508
- C:\Windows\System\ijEHQVg.exe
  C:\Windows\System\ijEHQVg.exe
  2⤵
  PID:6536
- C:\Windows\System\qlNBLGq.exe
  C:\Windows\System\qlNBLGq.exe
  2⤵
  PID:6556
- C:\Windows\System\liYVRBE.exe
  C:\Windows\System\liYVRBE.exe
  2⤵
  PID:6572
- C:\Windows\System\CfkqQSM.exe
  C:\Windows\System\CfkqQSM.exe
  2⤵
  PID:6596
- C:\Windows\System\XnMsbav.exe
  C:\Windows\System\XnMsbav.exe
  2⤵
  PID:6612
- C:\Windows\System\IVgUdnL.exe
  C:\Windows\System\IVgUdnL.exe
  2⤵
  PID:6628
- C:\Windows\System\KqmGPTI.exe
  C:\Windows\System\KqmGPTI.exe
  2⤵
  PID:6648
- C:\Windows\System\vFfYytG.exe
  C:\Windows\System\vFfYytG.exe
  2⤵
  PID:6680
- C:\Windows\System\eRPfmxS.exe
  C:\Windows\System\eRPfmxS.exe
  2⤵
  PID:6696
- C:\Windows\System\xfqCufz.exe
  C:\Windows\System\xfqCufz.exe
  2⤵
  PID:6716
- C:\Windows\System\BopBrzw.exe
  C:\Windows\System\BopBrzw.exe
  2⤵
  PID:6740
- C:\Windows\System\IwtMZoO.exe
  C:\Windows\System\IwtMZoO.exe
  2⤵
  PID:6756
- C:\Windows\System\izbRmBv.exe
  C:\Windows\System\izbRmBv.exe
  2⤵
  PID:6776
- C:\Windows\System\bTXhskV.exe
  C:\Windows\System\bTXhskV.exe
  2⤵
  PID:6792
- C:\Windows\System\inRAacV.exe
  C:\Windows\System\inRAacV.exe
  2⤵
  PID:6812
- C:\Windows\System\MLHLeiE.exe
  C:\Windows\System\MLHLeiE.exe
  2⤵
  PID:6840
- C:\Windows\System\XHAgybG.exe
  C:\Windows\System\XHAgybG.exe
  2⤵
  PID:6856
- C:\Windows\System\zQNhtuV.exe
  C:\Windows\System\zQNhtuV.exe
  2⤵
  PID:6876
- C:\Windows\System\thNuipV.exe
  C:\Windows\System\thNuipV.exe
  2⤵
  PID:6892
- C:\Windows\System\imfDSuJ.exe
  C:\Windows\System\imfDSuJ.exe
  2⤵
  PID:6912
- C:\Windows\System\ecHgDjw.exe
  C:\Windows\System\ecHgDjw.exe
  2⤵
  PID:6928
- C:\Windows\System\ORTLwdF.exe
  C:\Windows\System\ORTLwdF.exe
  2⤵
  PID:6952
- C:\Windows\System\bflfVnW.exe
  C:\Windows\System\bflfVnW.exe
  2⤵
  PID:6968
- C:\Windows\System\NKRIRoG.exe
  C:\Windows\System\NKRIRoG.exe
  2⤵
  PID:6984
- C:\Windows\System\KIuCJxd.exe
  C:\Windows\System\KIuCJxd.exe
  2⤵
  PID:7000
- C:\Windows\System\fMMVlgf.exe
  C:\Windows\System\fMMVlgf.exe
  2⤵
  PID:7016
- C:\Windows\System\HIzheQr.exe
  C:\Windows\System\HIzheQr.exe
  2⤵
  PID:7032
- C:\Windows\System\pMirutf.exe
  C:\Windows\System\pMirutf.exe
  2⤵
  PID:7056
- C:\Windows\System\wxzsqtW.exe
  C:\Windows\System\wxzsqtW.exe
  2⤵
  PID:7080
- C:\Windows\System\hbAeZLh.exe
  C:\Windows\System\hbAeZLh.exe
  2⤵
  PID:7108
- C:\Windows\System\ackwMEG.exe
  C:\Windows\System\ackwMEG.exe
  2⤵
  PID:7132
- C:\Windows\System\rfLHfLh.exe
  C:\Windows\System\rfLHfLh.exe
  2⤵
  PID:7148
- C:\Windows\System\EExZVrx.exe
  C:\Windows\System\EExZVrx.exe
  2⤵
  PID:5952
- C:\Windows\System\IgdPFPA.exe
  C:\Windows\System\IgdPFPA.exe
  2⤵
  PID:6160
- C:\Windows\System\guXJGFI.exe
  C:\Windows\System\guXJGFI.exe
  2⤵
  PID:6208
- C:\Windows\System\QgZbNpT.exe
  C:\Windows\System\QgZbNpT.exe
  2⤵
  PID:6244
- C:\Windows\System\lKpsHRs.exe
  C:\Windows\System\lKpsHRs.exe
  2⤵
  PID:6280
- C:\Windows\System\GbQPIqJ.exe
  C:\Windows\System\GbQPIqJ.exe
  2⤵
  PID:6324
- C:\Windows\System\mnPRXvo.exe
  C:\Windows\System\mnPRXvo.exe
  2⤵
  PID:6348
- C:\Windows\System\QSAQIfy.exe
  C:\Windows\System\QSAQIfy.exe
  2⤵
  PID:6380
- C:\Windows\System\GfWopAP.exe
  C:\Windows\System\GfWopAP.exe
  2⤵
  PID:6424
- C:\Windows\System\mijhnSb.exe
  C:\Windows\System\mijhnSb.exe
  2⤵
  PID:6428
- C:\Windows\System\YiJmBEu.exe
  C:\Windows\System\YiJmBEu.exe
  2⤵
  PID:6480
- C:\Windows\System\kfJkzhv.exe
  C:\Windows\System\kfJkzhv.exe
  2⤵
  PID:6528
- C:\Windows\System\OiSVYmD.exe
  C:\Windows\System\OiSVYmD.exe
  2⤵
  PID:6544
- C:\Windows\System\GghWiic.exe
  C:\Windows\System\GghWiic.exe
  2⤵
  PID:6564
- C:\Windows\System\EyGlBwz.exe
  C:\Windows\System\EyGlBwz.exe
  2⤵
  PID:6620
- C:\Windows\System\qJKGZkV.exe
  C:\Windows\System\qJKGZkV.exe
  2⤵
  PID:6604
- C:\Windows\System\jIXkGdT.exe
  C:\Windows\System\jIXkGdT.exe
  2⤵
  PID:6636
- C:\Windows\System\tjDBcoP.exe
  C:\Windows\System\tjDBcoP.exe
  2⤵
  PID:6692
- C:\Windows\System\ZaBehCt.exe
  C:\Windows\System\ZaBehCt.exe
  2⤵
  PID:6748
- C:\Windows\System\rUpmSci.exe
  C:\Windows\System\rUpmSci.exe
  2⤵
  PID:6772
- C:\Windows\System\OiPIctT.exe
  C:\Windows\System\OiPIctT.exe
  2⤵
  PID:6832
- C:\Windows\System\hvUUNbS.exe
  C:\Windows\System\hvUUNbS.exe
  2⤵
  PID:6824
- C:\Windows\System\uNgoacf.exe
  C:\Windows\System\uNgoacf.exe
  2⤵
  PID:6900
- C:\Windows\System\mlANsFj.exe
  C:\Windows\System\mlANsFj.exe
  2⤵
  PID:6940
- C:\Windows\System\AeVEKSD.exe
  C:\Windows\System\AeVEKSD.exe
  2⤵
  PID:6924
- C:\Windows\System\nLSXRAL.exe
  C:\Windows\System\nLSXRAL.exe
  2⤵
  PID:6976
- C:\Windows\System\ZzMyRXv.exe
  C:\Windows\System\ZzMyRXv.exe
  2⤵
  PID:6996
- C:\Windows\System\FIJspwr.exe
  C:\Windows\System\FIJspwr.exe
  2⤵
  PID:7044
- C:\Windows\System\KJvrcTm.exe
  C:\Windows\System\KJvrcTm.exe
  2⤵
  PID:6944
- C:\Windows\System\lYHLCmw.exe
  C:\Windows\System\lYHLCmw.exe
  2⤵
  PID:7104
- C:\Windows\System\AWAnIvu.exe
  C:\Windows\System\AWAnIvu.exe
  2⤵
  PID:6148
- C:\Windows\System\ResUzCe.exe
  C:\Windows\System\ResUzCe.exe
  2⤵
  PID:7120
- C:\Windows\System\svUHDEO.exe
  C:\Windows\System\svUHDEO.exe
  2⤵
  PID:7164
- C:\Windows\System\fZbmxnF.exe
  C:\Windows\System\fZbmxnF.exe
  2⤵
  PID:6300
- C:\Windows\System\GUIjozN.exe
  C:\Windows\System\GUIjozN.exe
  2⤵
  PID:6264
- C:\Windows\System\ZEQWQFY.exe
  C:\Windows\System\ZEQWQFY.exe
  2⤵
  PID:6368
- C:\Windows\System\wYHzqws.exe
  C:\Windows\System\wYHzqws.exe
  2⤵
  PID:6388
- C:\Windows\System\qguCgEX.exe
  C:\Windows\System\qguCgEX.exe
  2⤵
  PID:6432
- C:\Windows\System\yPKpCLL.exe
  C:\Windows\System\yPKpCLL.exe
  2⤵
  PID:6448
- C:\Windows\System\MMEMsXY.exe
  C:\Windows\System\MMEMsXY.exe
  2⤵
  PID:6584
- C:\Windows\System\glSlPpM.exe
  C:\Windows\System\glSlPpM.exe
  2⤵
  PID:6656
- C:\Windows\System\VDmHYZb.exe
  C:\Windows\System\VDmHYZb.exe
  2⤵
  PID:6708
- C:\Windows\System\afetqqr.exe
  C:\Windows\System\afetqqr.exe
  2⤵
  PID:6784
- C:\Windows\System\TPykJNK.exe
  C:\Windows\System\TPykJNK.exe
  2⤵
  PID:6804
- C:\Windows\System\lGNNstK.exe
  C:\Windows\System\lGNNstK.exe
  2⤵
  PID:6936
- C:\Windows\System\sUrOiPo.exe
  C:\Windows\System\sUrOiPo.exe
  2⤵
  PID:7028
- C:\Windows\System\Dgyuckh.exe
  C:\Windows\System\Dgyuckh.exe
  2⤵
  PID:6920
- C:\Windows\System\iotxmfO.exe
  C:\Windows\System\iotxmfO.exe
  2⤵
  PID:7128
- C:\Windows\System\KgyQtcT.exe
  C:\Windows\System\KgyQtcT.exe
  2⤵
  PID:6820
- C:\Windows\System\GzsZTrj.exe
  C:\Windows\System\GzsZTrj.exe
  2⤵
  PID:7076
- C:\Windows\System\CoaazEJ.exe
  C:\Windows\System\CoaazEJ.exe
  2⤵
  PID:6164
- C:\Windows\System\AUhxKMu.exe
  C:\Windows\System\AUhxKMu.exe
  2⤵
  PID:6232
- C:\Windows\System\XjGfbrH.exe
  C:\Windows\System\XjGfbrH.exe
  2⤵
  PID:6312
- C:\Windows\System\gcdLgiC.exe
  C:\Windows\System\gcdLgiC.exe
  2⤵
  PID:6464
- C:\Windows\System\UbKdkrG.exe
  C:\Windows\System\UbKdkrG.exe
  2⤵
  PID:5172
- C:\Windows\System\dlRAYvR.exe
  C:\Windows\System\dlRAYvR.exe
  2⤵
  PID:6668
- C:\Windows\System\gIMgAKG.exe
  C:\Windows\System\gIMgAKG.exe
  2⤵
  PID:6788
- C:\Windows\System\BkoygWR.exe
  C:\Windows\System\BkoygWR.exe
  2⤵
  PID:6732
- C:\Windows\System\IUutFgJ.exe
  C:\Windows\System\IUutFgJ.exe
  2⤵
  PID:7096
- C:\Windows\System\BMknevn.exe
  C:\Windows\System\BMknevn.exe
  2⤵
  PID:6868
- C:\Windows\System\uhAFdyG.exe
  C:\Windows\System\uhAFdyG.exe
  2⤵
  PID:6964
- C:\Windows\System\GjHNGCj.exe
  C:\Windows\System\GjHNGCj.exe
  2⤵
  PID:7048
- C:\Windows\System\uFwGLck.exe
  C:\Windows\System\uFwGLck.exe
  2⤵
  PID:7160
- C:\Windows\System\OTSPOoL.exe
  C:\Windows\System\OTSPOoL.exe
  2⤵
  PID:6568
- C:\Windows\System\SraXWUr.exe
  C:\Windows\System\SraXWUr.exe
  2⤵
  PID:6552
- C:\Windows\System\qQFrNqR.exe
  C:\Windows\System\qQFrNqR.exe
  2⤵
  PID:6520
- C:\Windows\System\zKdvDuV.exe
  C:\Windows\System\zKdvDuV.exe
  2⤵
  PID:6888
- C:\Windows\System\qinXgDj.exe
  C:\Windows\System\qinXgDj.exe
  2⤵
  PID:7040
- C:\Windows\System\rwebQZM.exe
  C:\Windows\System\rwebQZM.exe
  2⤵
  PID:6188
- C:\Windows\System\YeDbgVq.exe
  C:\Windows\System\YeDbgVq.exe
  2⤵
  PID:6460
- C:\Windows\System\npYDMVC.exe
  C:\Windows\System\npYDMVC.exe
  2⤵
  PID:6204
- C:\Windows\System\cbMRyRA.exe
  C:\Windows\System\cbMRyRA.exe
  2⤵
  PID:6588
- C:\Windows\System\uJvWEDN.exe
  C:\Windows\System\uJvWEDN.exe
  2⤵
  PID:6704
- C:\Windows\System\xZrLxrQ.exe
  C:\Windows\System\xZrLxrQ.exe
  2⤵
  PID:6712
- C:\Windows\System\MtMYWca.exe
  C:\Windows\System\MtMYWca.exe
  2⤵
  PID:6308
- C:\Windows\System\npaqgEy.exe
  C:\Windows\System\npaqgEy.exe
  2⤵
  PID:6992
- C:\Windows\System\sQPvyeu.exe
  C:\Windows\System\sQPvyeu.exe
  2⤵
  PID:7176
- C:\Windows\System\lKzHAEr.exe
  C:\Windows\System\lKzHAEr.exe
  2⤵
  PID:7192
- C:\Windows\System\cqDYToc.exe
  C:\Windows\System\cqDYToc.exe
  2⤵
  PID:7212
- C:\Windows\System\UDVPzep.exe
  C:\Windows\System\UDVPzep.exe
  2⤵
  PID:7232
- C:\Windows\System\CUZPOjN.exe
  C:\Windows\System\CUZPOjN.exe
  2⤵
  PID:7248
- C:\Windows\System\hTMMwKp.exe
  C:\Windows\System\hTMMwKp.exe
  2⤵
  PID:7268
- C:\Windows\System\MqkPJHd.exe
  C:\Windows\System\MqkPJHd.exe
  2⤵
  PID:7288
- C:\Windows\System\KUBwusi.exe
  C:\Windows\System\KUBwusi.exe
  2⤵
  PID:7312
- C:\Windows\System\MRkPDjB.exe
  C:\Windows\System\MRkPDjB.exe
  2⤵
  PID:7328
- C:\Windows\System\uoXyOpC.exe
  C:\Windows\System\uoXyOpC.exe
  2⤵
  PID:7360
- C:\Windows\System\FCPNLyS.exe
  C:\Windows\System\FCPNLyS.exe
  2⤵
  PID:7376
- C:\Windows\System\BLzFzYf.exe
  C:\Windows\System\BLzFzYf.exe
  2⤵
  PID:7392
- C:\Windows\System\TEiqslA.exe
  C:\Windows\System\TEiqslA.exe
  2⤵
  PID:7412
- C:\Windows\System\cbtVomN.exe
  C:\Windows\System\cbtVomN.exe
  2⤵
  PID:7432
- C:\Windows\System\uXvJtgH.exe
  C:\Windows\System\uXvJtgH.exe
  2⤵
  PID:7448
- C:\Windows\System\FwkimbN.exe
  C:\Windows\System\FwkimbN.exe
  2⤵
  PID:7480
- C:\Windows\System\DwDVrEa.exe
  C:\Windows\System\DwDVrEa.exe
  2⤵
  PID:7496
- C:\Windows\System\getQWwm.exe
  C:\Windows\System\getQWwm.exe
  2⤵
  PID:7520
- C:\Windows\System\cWrGnXU.exe
  C:\Windows\System\cWrGnXU.exe
  2⤵
  PID:7540
- C:\Windows\System\pzhcEVL.exe
  C:\Windows\System\pzhcEVL.exe
  2⤵
  PID:7560
- C:\Windows\System\ySiQpZW.exe
  C:\Windows\System\ySiQpZW.exe
  2⤵
  PID:7576
- C:\Windows\System\CCcizPk.exe
  C:\Windows\System\CCcizPk.exe
  2⤵
  PID:7604
- C:\Windows\System\bqBtQDO.exe
  C:\Windows\System\bqBtQDO.exe
  2⤵
  PID:7620
- C:\Windows\System\BAEXaNX.exe
  C:\Windows\System\BAEXaNX.exe
  2⤵
  PID:7640
- C:\Windows\System\nnSsMWC.exe
  C:\Windows\System\nnSsMWC.exe
  2⤵
  PID:7660
- C:\Windows\System\tDqFhIK.exe
  C:\Windows\System\tDqFhIK.exe
  2⤵
  PID:7680
- C:\Windows\System\EmMbSuo.exe
  C:\Windows\System\EmMbSuo.exe
  2⤵
  PID:7696
- C:\Windows\System\IAkCdJz.exe
  C:\Windows\System\IAkCdJz.exe
  2⤵
  PID:7716
- C:\Windows\System\apxIFre.exe
  C:\Windows\System\apxIFre.exe
  2⤵
  PID:7732
- C:\Windows\System\PVKqqyx.exe
  C:\Windows\System\PVKqqyx.exe
  2⤵
  PID:7764
- C:\Windows\System\XGJaYrt.exe
  C:\Windows\System\XGJaYrt.exe
  2⤵
  PID:7780
- C:\Windows\System\pRApIMq.exe
  C:\Windows\System\pRApIMq.exe
  2⤵
  PID:7796
- C:\Windows\System\PTZdKJl.exe
  C:\Windows\System\PTZdKJl.exe
  2⤵
  PID:7824
- C:\Windows\System\JszfzMH.exe
  C:\Windows\System\JszfzMH.exe
  2⤵
  PID:7840
- C:\Windows\System\LneGSff.exe
  C:\Windows\System\LneGSff.exe
  2⤵
  PID:7868
- C:\Windows\System\GDpZdTC.exe
  C:\Windows\System\GDpZdTC.exe
  2⤵
  PID:7884
- C:\Windows\System\iIxtGOv.exe
  C:\Windows\System\iIxtGOv.exe
  2⤵
  PID:7900
- C:\Windows\System\KUTPpfT.exe
  C:\Windows\System\KUTPpfT.exe
  2⤵
  PID:7920
- C:\Windows\System\rGXImMg.exe
  C:\Windows\System\rGXImMg.exe
  2⤵
  PID:7936
- C:\Windows\System\dCLXlCS.exe
  C:\Windows\System\dCLXlCS.exe
  2⤵
  PID:7960
- C:\Windows\System\CcMOEfw.exe
  C:\Windows\System\CcMOEfw.exe
  2⤵
  PID:7980
- C:\Windows\System\VlJArdf.exe
  C:\Windows\System\VlJArdf.exe
  2⤵
  PID:7996
- C:\Windows\System\UKXhriL.exe
  C:\Windows\System\UKXhriL.exe
  2⤵
  PID:8028
- C:\Windows\System\XJIGKaq.exe
  C:\Windows\System\XJIGKaq.exe
  2⤵
  PID:8044
- C:\Windows\System\iIQipIz.exe
  C:\Windows\System\iIQipIz.exe
  2⤵
  PID:8084
- C:\Windows\System\CeCVuIr.exe
  C:\Windows\System\CeCVuIr.exe
  2⤵
  PID:8100
- C:\Windows\System\WcOmyGC.exe
  C:\Windows\System\WcOmyGC.exe
  2⤵
  PID:8116
- C:\Windows\System\hjjIQwT.exe
  C:\Windows\System\hjjIQwT.exe
  2⤵
  PID:8132
- C:\Windows\System\uCjsETz.exe
  C:\Windows\System\uCjsETz.exe
  2⤵
  PID:8148
- C:\Windows\System\WXomxbB.exe
  C:\Windows\System\WXomxbB.exe
  2⤵
  PID:8176
- C:\Windows\System\IcvOaQD.exe
  C:\Windows\System\IcvOaQD.exe
  2⤵
  PID:6304
- C:\Windows\System\wRoCWwi.exe
  C:\Windows\System\wRoCWwi.exe
  2⤵
  PID:7184
- C:\Windows\System\NCEmkBS.exe
  C:\Windows\System\NCEmkBS.exe
  2⤵
  PID:7228
- C:\Windows\System\umbeBgL.exe
  C:\Windows\System\umbeBgL.exe
  2⤵
  PID:6248
- C:\Windows\System\aCpWjcd.exe
  C:\Windows\System\aCpWjcd.exe
  2⤵
  PID:7300
- C:\Windows\System\PIyZlqR.exe
  C:\Windows\System\PIyZlqR.exe
  2⤵
  PID:7280
- C:\Windows\System\QoaAsxY.exe
  C:\Windows\System\QoaAsxY.exe
  2⤵
  PID:7244
- C:\Windows\System\fFgMKZD.exe
  C:\Windows\System\fFgMKZD.exe
  2⤵
  PID:7336
- C:\Windows\System\GNNQGSZ.exe
  C:\Windows\System\GNNQGSZ.exe
  2⤵
  PID:7276
- C:\Windows\System\TiEcvKI.exe
  C:\Windows\System\TiEcvKI.exe
  2⤵
  PID:7388
- C:\Windows\System\qflmKEP.exe
  C:\Windows\System\qflmKEP.exe
  2⤵
  PID:7456
- C:\Windows\System\OtyUHwa.exe
  C:\Windows\System\OtyUHwa.exe
  2⤵
  PID:7516
- C:\Windows\System\pjTjgGe.exe
  C:\Windows\System\pjTjgGe.exe
  2⤵
  PID:7548
- C:\Windows\System\iDtZkLX.exe
  C:\Windows\System\iDtZkLX.exe
  2⤵
  PID:7572
- C:\Windows\System\FrwTgeS.exe
  C:\Windows\System\FrwTgeS.exe
  2⤵
  PID:2288
- C:\Windows\System\EIyNcDd.exe
  C:\Windows\System\EIyNcDd.exe
  2⤵
  PID:7612
- C:\Windows\System\LvHWJze.exe
  C:\Windows\System\LvHWJze.exe
  2⤵
  PID:7632
- C:\Windows\System\hKQLotL.exe
  C:\Windows\System\hKQLotL.exe
  2⤵
  PID:7676
- C:\Windows\System\hgBusyz.exe
  C:\Windows\System\hgBusyz.exe
  2⤵
  PID:7712
- C:\Windows\System\TxFJYor.exe
  C:\Windows\System\TxFJYor.exe
  2⤵
  PID:7688
- C:\Windows\System\syUlPOM.exe
  C:\Windows\System\syUlPOM.exe
  2⤵
  PID:7744
- C:\Windows\System\WoDmzet.exe
  C:\Windows\System\WoDmzet.exe
  2⤵
  PID:7836
- C:\Windows\System\ACEQBQw.exe
  C:\Windows\System\ACEQBQw.exe
  2⤵
  PID:7808
- C:\Windows\System\AunlmAs.exe
  C:\Windows\System\AunlmAs.exe
  2⤵
  PID:7852
- C:\Windows\System\WppMcPO.exe
  C:\Windows\System\WppMcPO.exe
  2⤵
  PID:7912
- C:\Windows\System\yDWhiPk.exe
  C:\Windows\System\yDWhiPk.exe
  2⤵
  PID:7956
- C:\Windows\System\XOBgUWE.exe
  C:\Windows\System\XOBgUWE.exe
  2⤵
  PID:7932
- C:\Windows\System\LkbenAQ.exe
  C:\Windows\System\LkbenAQ.exe
  2⤵
  PID:8008
- C:\Windows\System\Argkvvi.exe
  C:\Windows\System\Argkvvi.exe
  2⤵
  PID:6872
- C:\Windows\System\FmHJlYD.exe
  C:\Windows\System\FmHJlYD.exe
  2⤵
  PID:8052
- C:\Windows\System\GUGVtlr.exe
  C:\Windows\System\GUGVtlr.exe
  2⤵
  PID:8056
- C:\Windows\System\mEEAUsj.exe
  C:\Windows\System\mEEAUsj.exe
  2⤵
  PID:8128
- C:\Windows\System\JAKLjnw.exe
  C:\Windows\System\JAKLjnw.exe
  2⤵
  PID:8172
- C:\Windows\System\oCVySfh.exe
  C:\Windows\System\oCVySfh.exe
  2⤵
  PID:8188
- C:\Windows\System\NBMNgYS.exe
  C:\Windows\System\NBMNgYS.exe
  2⤵
  PID:7256
- C:\Windows\System\PxMcWnF.exe
  C:\Windows\System\PxMcWnF.exe
  2⤵
  PID:7308
- C:\Windows\System\IEYkvgt.exe
  C:\Windows\System\IEYkvgt.exe
  2⤵
  PID:7324
- C:\Windows\System\NbGMqbR.exe
  C:\Windows\System\NbGMqbR.exe
  2⤵
  PID:7428
- C:\Windows\System\VkIFnLu.exe
  C:\Windows\System\VkIFnLu.exe
  2⤵
  PID:7468
- C:\Windows\System\fVgskUN.exe
  C:\Windows\System\fVgskUN.exe
  2⤵
  PID:7476
- C:\Windows\System\dbibhJa.exe
  C:\Windows\System\dbibhJa.exe
  2⤵
  PID:7508
- C:\Windows\System\ZuLvrWD.exe
  C:\Windows\System\ZuLvrWD.exe
  2⤵
  PID:7556
- C:\Windows\System\jtagSPj.exe
  C:\Windows\System\jtagSPj.exe
  2⤵
  PID:2304
- C:\Windows\System\eUxMorT.exe
  C:\Windows\System\eUxMorT.exe
  2⤵
  PID:7636
- C:\Windows\System\EwJfUtB.exe
  C:\Windows\System\EwJfUtB.exe
  2⤵
  PID:2360
- C:\Windows\System\sbbCwdF.exe
  C:\Windows\System\sbbCwdF.exe
  2⤵
  PID:7708
- C:\Windows\System\udRiUZe.exe
  C:\Windows\System\udRiUZe.exe
  2⤵
  PID:7760
- C:\Windows\System\qzVtqCN.exe
  C:\Windows\System\qzVtqCN.exe
  2⤵
  PID:7724
- C:\Windows\System\tbKtsGe.exe
  C:\Windows\System\tbKtsGe.exe
  2⤵
  PID:7832
- C:\Windows\System\gblwYrK.exe
  C:\Windows\System\gblwYrK.exe
  2⤵
  PID:7876
- C:\Windows\System\JEtilia.exe
  C:\Windows\System\JEtilia.exe
  2⤵
  PID:7992
- C:\Windows\System\VetIbzA.exe
  C:\Windows\System\VetIbzA.exe
  2⤵
  PID:7968
- C:\Windows\System\dPByPaL.exe
  C:\Windows\System\dPByPaL.exe
  2⤵
  PID:7592
- C:\Windows\System\PbzhhjB.exe
  C:\Windows\System\PbzhhjB.exe
  2⤵
  PID:8112
- C:\Windows\System\wqmnkmV.exe
  C:\Windows\System\wqmnkmV.exe
  2⤵
  PID:8144
- C:\Windows\System\fzJlMtr.exe
  C:\Windows\System\fzJlMtr.exe
  2⤵
  PID:7304
- C:\Windows\System\OeOrrZJ.exe
  C:\Windows\System\OeOrrZJ.exe
  2⤵
  PID:7240
- C:\Windows\System\bXGuVIH.exe
  C:\Windows\System\bXGuVIH.exe
  2⤵
  PID:7460
- C:\Windows\System\MnZMlUG.exe
  C:\Windows\System\MnZMlUG.exe
  2⤵
  PID:7488
- C:\Windows\System\AWwXRmT.exe
  C:\Windows\System\AWwXRmT.exe
  2⤵
  PID:7532
- C:\Windows\System\sPUzJeH.exe
  C:\Windows\System\sPUzJeH.exe
  2⤵
  PID:2640
- C:\Windows\System\NOoqcqp.exe
  C:\Windows\System\NOoqcqp.exe
  2⤵
  PID:2884
- C:\Windows\System\sFaVLvI.exe
  C:\Windows\System\sFaVLvI.exe
  2⤵
  PID:7856
- C:\Windows\System\TaCnzSV.exe
  C:\Windows\System\TaCnzSV.exe
  2⤵
  PID:7756
- C:\Windows\System\BERFBAD.exe
  C:\Windows\System\BERFBAD.exe
  2⤵
  PID:8004
- C:\Windows\System\wliwFAH.exe
  C:\Windows\System\wliwFAH.exe
  2⤵
  PID:7952
- C:\Windows\System\TNTdtRL.exe
  C:\Windows\System\TNTdtRL.exe
  2⤵
  PID:7384
- C:\Windows\System\pGBjdSi.exe
  C:\Windows\System\pGBjdSi.exe
  2⤵
  PID:7200
- C:\Windows\System\xROVlkw.exe
  C:\Windows\System\xROVlkw.exe
  2⤵
  PID:8164
- C:\Windows\System\hmWWZrv.exe
  C:\Windows\System\hmWWZrv.exe
  2⤵
  PID:7464
- C:\Windows\System\bqyPZEy.exe
  C:\Windows\System\bqyPZEy.exe
  2⤵
  PID:7472
- C:\Windows\System\mbaRzSL.exe
  C:\Windows\System\mbaRzSL.exe
  2⤵
  PID:7772
- C:\Windows\System\AHovHDO.exe
  C:\Windows\System\AHovHDO.exe
  2⤵
  PID:7944
- C:\Windows\System\cLPiNkB.exe
  C:\Windows\System\cLPiNkB.exe
  2⤵
  PID:2324
- C:\Windows\System\SQoSCiz.exe
  C:\Windows\System\SQoSCiz.exe
  2⤵
  PID:7220
- C:\Windows\System\QvdPVpJ.exe
  C:\Windows\System\QvdPVpJ.exe
  2⤵
  PID:8016
- C:\Windows\System\KyErZFs.exe
  C:\Windows\System\KyErZFs.exe
  2⤵
  PID:7628
- C:\Windows\System\FFoZRlr.exe
  C:\Windows\System\FFoZRlr.exe
  2⤵
  PID:7908
- C:\Windows\System\sBHOeOH.exe
  C:\Windows\System\sBHOeOH.exe
  2⤵
  PID:7928
- C:\Windows\System\LCObRsr.exe
  C:\Windows\System\LCObRsr.exe
  2⤵
  PID:7424
- C:\Windows\System\QqqPgay.exe
  C:\Windows\System\QqqPgay.exe
  2⤵
  PID:7400
- C:\Windows\System\FjRNuSS.exe
  C:\Windows\System\FjRNuSS.exe
  2⤵
  PID:7748
- C:\Windows\System\YEFSVrU.exe
  C:\Windows\System\YEFSVrU.exe
  2⤵
  PID:2252
- C:\Windows\System\uIgBcmH.exe
  C:\Windows\System\uIgBcmH.exe
  2⤵
  PID:8200
- C:\Windows\System\HRxrjLm.exe
  C:\Windows\System\HRxrjLm.exe
  2⤵
  PID:8216
- C:\Windows\System\ZzhVHdI.exe
  C:\Windows\System\ZzhVHdI.exe
  2⤵
  PID:8232
- C:\Windows\System\SRnggRg.exe
  C:\Windows\System\SRnggRg.exe
  2⤵
  PID:8248
- C:\Windows\System\qDocQdm.exe
  C:\Windows\System\qDocQdm.exe
  2⤵
  PID:8284
- C:\Windows\System\IOSKegq.exe
  C:\Windows\System\IOSKegq.exe
  2⤵
  PID:8300
- C:\Windows\System\xEvfUFr.exe
  C:\Windows\System\xEvfUFr.exe
  2⤵
  PID:8320
- C:\Windows\System\HTUfupf.exe
  C:\Windows\System\HTUfupf.exe
  2⤵
  PID:8340
- C:\Windows\System\YuYpeOl.exe
  C:\Windows\System\YuYpeOl.exe
  2⤵
  PID:8356
- C:\Windows\System\nSiEcDw.exe
  C:\Windows\System\nSiEcDw.exe
  2⤵
  PID:8388
- C:\Windows\System\RVMpGzb.exe
  C:\Windows\System\RVMpGzb.exe
  2⤵
  PID:8408
- C:\Windows\System\EGcIFxa.exe
  C:\Windows\System\EGcIFxa.exe
  2⤵
  PID:8424
- C:\Windows\System\tyxylVj.exe
  C:\Windows\System\tyxylVj.exe
  2⤵
  PID:8440
- C:\Windows\System\UnwXijE.exe
  C:\Windows\System\UnwXijE.exe
  2⤵
  PID:8468
- C:\Windows\System\EukbfFY.exe
  C:\Windows\System\EukbfFY.exe
  2⤵
  PID:8484
- C:\Windows\System\nrAzmkA.exe
  C:\Windows\System\nrAzmkA.exe
  2⤵
  PID:8504
- C:\Windows\System\XFjpkbq.exe
  C:\Windows\System\XFjpkbq.exe
  2⤵
  PID:8520
- C:\Windows\System\mWDAoTU.exe
  C:\Windows\System\mWDAoTU.exe
  2⤵
  PID:8540
- C:\Windows\System\EnZqgvL.exe
  C:\Windows\System\EnZqgvL.exe
  2⤵
  PID:8568
- C:\Windows\System\hKsUKge.exe
  C:\Windows\System\hKsUKge.exe
  2⤵
  PID:8588
- C:\Windows\System\CbWAJfm.exe
  C:\Windows\System\CbWAJfm.exe
  2⤵
  PID:8608
- C:\Windows\System\TNjxpsl.exe
  C:\Windows\System\TNjxpsl.exe
  2⤵
  PID:8628
- C:\Windows\System\JJWLNnl.exe
  C:\Windows\System\JJWLNnl.exe
  2⤵
  PID:8652
- C:\Windows\System\qcHYRsf.exe
  C:\Windows\System\qcHYRsf.exe
  2⤵
  PID:8676
- C:\Windows\System\odPdGvP.exe
  C:\Windows\System\odPdGvP.exe
  2⤵
  PID:8696
- C:\Windows\System\xzvtytV.exe
  C:\Windows\System\xzvtytV.exe
  2⤵
  PID:8712
- C:\Windows\System\LgHALPz.exe
  C:\Windows\System\LgHALPz.exe
  2⤵
  PID:8728
- C:\Windows\System\ceADOAj.exe
  C:\Windows\System\ceADOAj.exe
  2⤵
  PID:8748
- C:\Windows\System\nbzjHuq.exe
  C:\Windows\System\nbzjHuq.exe
  2⤵
  PID:8768
- C:\Windows\System\ZIgjvxi.exe
  C:\Windows\System\ZIgjvxi.exe
  2⤵
  PID:8792
- C:\Windows\System\cJIqMHf.exe
  C:\Windows\System\cJIqMHf.exe
  2⤵
  PID:8812
- C:\Windows\System\kzWYmcF.exe
  C:\Windows\System\kzWYmcF.exe
  2⤵
  PID:8832
- C:\Windows\System\yuGXOGq.exe
  C:\Windows\System\yuGXOGq.exe
  2⤵
  PID:8856
- C:\Windows\System\GJRFzlQ.exe
  C:\Windows\System\GJRFzlQ.exe
  2⤵
  PID:8872
- C:\Windows\System\FoQpoxX.exe
  C:\Windows\System\FoQpoxX.exe
  2⤵
  PID:8892
- C:\Windows\System\TNqalVI.exe
  C:\Windows\System\TNqalVI.exe
  2⤵
  PID:8908
- C:\Windows\System\NwLvSyD.exe
  C:\Windows\System\NwLvSyD.exe
  2⤵
  PID:8932
- C:\Windows\System\KLBxiUx.exe
  C:\Windows\System\KLBxiUx.exe
  2⤵
  PID:8948
- C:\Windows\System\xTriQKW.exe
  C:\Windows\System\xTriQKW.exe
  2⤵
  PID:8976
- C:\Windows\System\WKLQmWR.exe
  C:\Windows\System\WKLQmWR.exe
  2⤵
  PID:8992
- C:\Windows\System\UjcDNXA.exe
  C:\Windows\System\UjcDNXA.exe
  2⤵
  PID:9008
- C:\Windows\System\TGqNvTj.exe
  C:\Windows\System\TGqNvTj.exe
  2⤵
  PID:9028
- C:\Windows\System\FIBADNz.exe
  C:\Windows\System\FIBADNz.exe
  2⤵
  PID:9044
- C:\Windows\System\ZewpCHU.exe
  C:\Windows\System\ZewpCHU.exe
  2⤵
  PID:9060
- C:\Windows\System\dCRJCiN.exe
  C:\Windows\System\dCRJCiN.exe
  2⤵
  PID:9096
- C:\Windows\System\jLuuNUU.exe
  C:\Windows\System\jLuuNUU.exe
  2⤵
  PID:9116
- C:\Windows\System\xmXUhoN.exe
  C:\Windows\System\xmXUhoN.exe
  2⤵
  PID:9136
- C:\Windows\System\NPkmYmH.exe
  C:\Windows\System\NPkmYmH.exe
  2⤵
  PID:9152
- C:\Windows\System\FDWnKza.exe
  C:\Windows\System\FDWnKza.exe
  2⤵
  PID:9168
- C:\Windows\System\pRTVJWq.exe
  C:\Windows\System\pRTVJWq.exe
  2⤵
  PID:9184
- C:\Windows\System\HnTdWiY.exe
  C:\Windows\System\HnTdWiY.exe
  2⤵
  PID:9208
- C:\Windows\System\ERIJajx.exe
  C:\Windows\System\ERIJajx.exe
  2⤵
  PID:8040
- C:\Windows\System\oNYHJFy.exe
  C:\Windows\System\oNYHJFy.exe
  2⤵
  PID:8228
- C:\Windows\System\fObBpYj.exe
  C:\Windows\System\fObBpYj.exe
  2⤵
  PID:8272
- C:\Windows\System\mJpPfwj.exe
  C:\Windows\System\mJpPfwj.exe
  2⤵
  PID:8280
- C:\Windows\System\qpgKrWC.exe
  C:\Windows\System\qpgKrWC.exe
  2⤵
  PID:8352
- C:\Windows\System\BTCeDFV.exe
  C:\Windows\System\BTCeDFV.exe
  2⤵
  PID:8376
- C:\Windows\System\QPSrItB.exe
  C:\Windows\System\QPSrItB.exe
  2⤵
  PID:7600
- C:\Windows\System\gKlFpwH.exe
  C:\Windows\System\gKlFpwH.exe
  2⤵
  PID:8448
- C:\Windows\System\UYCsEVO.exe
  C:\Windows\System\UYCsEVO.exe
  2⤵
  PID:8476
- C:\Windows\System\WrTeRjf.exe
  C:\Windows\System\WrTeRjf.exe
  2⤵
  PID:8516
- C:\Windows\System\DeMqaoi.exe
  C:\Windows\System\DeMqaoi.exe
  2⤵
  PID:8556
- C:\Windows\System\quqWbMi.exe
  C:\Windows\System\quqWbMi.exe
  2⤵
  PID:8564
- C:\Windows\System\kDDaHxM.exe
  C:\Windows\System\kDDaHxM.exe
  2⤵
  PID:8580
- C:\Windows\System\IAbUYHn.exe
  C:\Windows\System\IAbUYHn.exe
  2⤵
  PID:8584
- C:\Windows\System\GNDiqRf.exe
  C:\Windows\System\GNDiqRf.exe
  2⤵
  PID:8668
- C:\Windows\System\lyNAlmu.exe
  C:\Windows\System\lyNAlmu.exe
  2⤵
  PID:8724
- C:\Windows\System\GalnvKx.exe
  C:\Windows\System\GalnvKx.exe
  2⤵
  PID:8800
- C:\Windows\System\QguZUcS.exe
  C:\Windows\System\QguZUcS.exe
  2⤵
  PID:8736
- C:\Windows\System\JVTLnBw.exe
  C:\Windows\System\JVTLnBw.exe
  2⤵
  PID:8708
- C:\Windows\System\mywjHHG.exe
  C:\Windows\System\mywjHHG.exe
  2⤵
  PID:8820
- C:\Windows\System\UYpvPmF.exe
  C:\Windows\System\UYpvPmF.exe
  2⤵
  PID:8888
- C:\Windows\System\MaUKpbm.exe
  C:\Windows\System\MaUKpbm.exe
  2⤵
  PID:8928
- C:\Windows\System\ZlZAGVi.exe
  C:\Windows\System\ZlZAGVi.exe
  2⤵
  PID:8968
- C:\Windows\System\JXCtGMK.exe
  C:\Windows\System\JXCtGMK.exe
  2⤵
  PID:8972
- C:\Windows\System\vZxNwlV.exe
  C:\Windows\System\vZxNwlV.exe
  2⤵
  PID:9052
- C:\Windows\System\RjKkPAf.exe
  C:\Windows\System\RjKkPAf.exe
  2⤵
  PID:9076
- C:\Windows\System\uglituy.exe
  C:\Windows\System\uglituy.exe
  2⤵
  PID:9128
- C:\Windows\System\rkCXNSY.exe
  C:\Windows\System\rkCXNSY.exe
  2⤵
  PID:9192
- C:\Windows\System\VuBmiaa.exe
  C:\Windows\System\VuBmiaa.exe
  2⤵
  PID:9020
- C:\Windows\System\AHiEuKt.exe
  C:\Windows\System\AHiEuKt.exe
  2⤵
  PID:8196
- C:\Windows\System\DbPsvEa.exe
  C:\Windows\System\DbPsvEa.exe
  2⤵
  PID:8244
- C:\Windows\System\wZJVZYr.exe
  C:\Windows\System\wZJVZYr.exe
  2⤵
  PID:8268
- C:\Windows\System\nqYNhBL.exe
  C:\Windows\System\nqYNhBL.exe
  2⤵
  PID:8012
- C:\Windows\System\BtRgBbX.exe
  C:\Windows\System\BtRgBbX.exe
  2⤵
  PID:8296
- C:\Windows\System\YtHfsTl.exe
  C:\Windows\System\YtHfsTl.exe
  2⤵
  PID:8368
- C:\Windows\System\zKrhPUE.exe
  C:\Windows\System\zKrhPUE.exe
  2⤵
  PID:8212
- C:\Windows\System\IfyJuTi.exe
  C:\Windows\System\IfyJuTi.exe
  2⤵
  PID:8480
- C:\Windows\System\kQktcXc.exe
  C:\Windows\System\kQktcXc.exe
  2⤵
  PID:8548
- C:\Windows\System\CslsGiw.exe
  C:\Windows\System\CslsGiw.exe
  2⤵
  PID:8492
- C:\Windows\System\upZDsPE.exe
  C:\Windows\System\upZDsPE.exe
  2⤵
  PID:8648
- C:\Windows\System\IfHOIDi.exe
  C:\Windows\System\IfHOIDi.exe
  2⤵
  PID:8688
- C:\Windows\System\IOvDiLW.exe
  C:\Windows\System\IOvDiLW.exe
  2⤵
  PID:8776
- C:\Windows\System\foqjJnn.exe
  C:\Windows\System\foqjJnn.exe
  2⤵
  PID:8784
- C:\Windows\System\SQimsyC.exe
  C:\Windows\System\SQimsyC.exe
  2⤵
  PID:8848
- C:\Windows\System\IPMnmnP.exe
  C:\Windows\System\IPMnmnP.exe
  2⤵
  PID:8880
- C:\Windows\System\tHClwlR.exe
  C:\Windows\System\tHClwlR.exe
  2⤵
  PID:8944
- C:\Windows\System\gZCUoGR.exe
  C:\Windows\System\gZCUoGR.exe
  2⤵
  PID:9036
- C:\Windows\System\bRPgRts.exe
  C:\Windows\System\bRPgRts.exe
  2⤵
  PID:8208
- C:\Windows\System\oaWQqAk.exe
  C:\Windows\System\oaWQqAk.exe
  2⤵
  PID:9092
- C:\Windows\System\PUVJveR.exe
  C:\Windows\System\PUVJveR.exe
  2⤵
  PID:9144
- C:\Windows\System\UGnhOON.exe
  C:\Windows\System\UGnhOON.exe
  2⤵
  PID:9180
- C:\Windows\System\xhTfTnm.exe
  C:\Windows\System\xhTfTnm.exe
  2⤵
  PID:8404
- C:\Windows\System\ABCkBNP.exe
  C:\Windows\System\ABCkBNP.exe
  2⤵
  PID:8348
- C:\Windows\System\nSgmwsG.exe
  C:\Windows\System\nSgmwsG.exe
  2⤵
  PID:8636
- C:\Windows\System\pVGAWOF.exe
  C:\Windows\System\pVGAWOF.exe
  2⤵
  PID:8600
- C:\Windows\System\JWECnmM.exe
  C:\Windows\System\JWECnmM.exe
  2⤵
  PID:8672
- C:\Windows\System\bQdEFrQ.exe
  C:\Windows\System\bQdEFrQ.exe
  2⤵
  PID:8744
- C:\Windows\System\OoFjIMs.exe
  C:\Windows\System\OoFjIMs.exe
  2⤵
  PID:8844
- C:\Windows\System\gavKIDS.exe
  C:\Windows\System\gavKIDS.exe
  2⤵
  PID:8868
- C:\Windows\System\FZvjILD.exe
  C:\Windows\System\FZvjILD.exe
  2⤵
  PID:8852
- C:\Windows\System\MRVLZde.exe
  C:\Windows\System\MRVLZde.exe
  2⤵
  PID:9108
- C:\Windows\System\EuOeewQ.exe
  C:\Windows\System\EuOeewQ.exe
  2⤵
  PID:9148
- C:\Windows\System\cgKhnRQ.exe
  C:\Windows\System\cgKhnRQ.exe
  2⤵
  PID:8536
- C:\Windows\System\xrCcVug.exe
  C:\Windows\System\xrCcVug.exe
  2⤵
  PID:8916
- C:\Windows\System\ituWzRR.exe
  C:\Windows\System\ituWzRR.exe
  2⤵
  PID:9204
- C:\Windows\System\bjgSeyQ.exe
  C:\Windows\System\bjgSeyQ.exe
  2⤵
  PID:8984
- C:\Windows\System\BKUSDsS.exe
  C:\Windows\System\BKUSDsS.exe
  2⤵
  PID:8224
- C:\Windows\System\TtObxNa.exe
  C:\Windows\System\TtObxNa.exe
  2⤵
  PID:8464
- C:\Windows\System\ieunTgx.exe
  C:\Windows\System\ieunTgx.exe
  2⤵
  PID:8988
- C:\Windows\System\conWtpe.exe
  C:\Windows\System\conWtpe.exe
  2⤵
  PID:8828
- C:\Windows\System\VdFANgi.exe
  C:\Windows\System\VdFANgi.exe
  2⤵
  PID:8260
- C:\Windows\System\jvbaPAW.exe
  C:\Windows\System\jvbaPAW.exe
  2⤵
  PID:8604
- C:\Windows\System\XkbRyzV.exe
  C:\Windows\System\XkbRyzV.exe
  2⤵
  PID:8384
- C:\Windows\System\NjqxPDP.exe
  C:\Windows\System\NjqxPDP.exe
  2⤵
  PID:9104
- C:\Windows\System\gYKjxmA.exe
  C:\Windows\System\gYKjxmA.exe
  2⤵
  PID:9232
- C:\Windows\System\xepqZtX.exe
  C:\Windows\System\xepqZtX.exe
  2⤵
  PID:9248
- C:\Windows\System\HmqzfaL.exe
  C:\Windows\System\HmqzfaL.exe
  2⤵
  PID:9276
- C:\Windows\System\UmpKhQx.exe
  C:\Windows\System\UmpKhQx.exe
  2⤵
  PID:9312
- C:\Windows\System\qnCCyMX.exe
  C:\Windows\System\qnCCyMX.exe
  2⤵
  PID:9328
- C:\Windows\System\dBWJxxj.exe
  C:\Windows\System\dBWJxxj.exe
  2⤵
  PID:9348
- C:\Windows\System\xkytmbP.exe
  C:\Windows\System\xkytmbP.exe
  2⤵
  PID:9368
- C:\Windows\System\SIxBSwC.exe
  C:\Windows\System\SIxBSwC.exe
  2⤵
  PID:9392
- C:\Windows\System\VpyOZNH.exe
  C:\Windows\System\VpyOZNH.exe
  2⤵
  PID:9408
- C:\Windows\System\aekiSgS.exe
  C:\Windows\System\aekiSgS.exe
  2⤵
  PID:9432
- C:\Windows\System\oNrThYe.exe
  C:\Windows\System\oNrThYe.exe
  2⤵
  PID:9452
- C:\Windows\System\JIYXUzV.exe
  C:\Windows\System\JIYXUzV.exe
  2⤵
  PID:9472
- C:\Windows\System\nrZBLtK.exe
  C:\Windows\System\nrZBLtK.exe
  2⤵
  PID:9492
- C:\Windows\System\ZhVirGR.exe
  C:\Windows\System\ZhVirGR.exe
  2⤵
  PID:9512
- C:\Windows\System\lyihfZC.exe
  C:\Windows\System\lyihfZC.exe
  2⤵
  PID:9532
- C:\Windows\System\krNOEZR.exe
  C:\Windows\System\krNOEZR.exe
  2⤵
  PID:9548
- C:\Windows\System\CuJXlxF.exe
  C:\Windows\System\CuJXlxF.exe
  2⤵
  PID:9568
- C:\Windows\System\wQYFvTm.exe
  C:\Windows\System\wQYFvTm.exe
  2⤵
  PID:9592
- C:\Windows\System\QTrdUqr.exe
  C:\Windows\System\QTrdUqr.exe
  2⤵
  PID:9612
- C:\Windows\System\EvfWtxh.exe
  C:\Windows\System\EvfWtxh.exe
  2⤵
  PID:9628
- C:\Windows\System\pXdhQeP.exe
  C:\Windows\System\pXdhQeP.exe
  2⤵
  PID:9648
- C:\Windows\System\YkuMbTb.exe
  C:\Windows\System\YkuMbTb.exe
  2⤵
  PID:9668
- C:\Windows\System\bLsBYZu.exe
  C:\Windows\System\bLsBYZu.exe
  2⤵
  PID:9696
- C:\Windows\System\UCKBrkC.exe
  C:\Windows\System\UCKBrkC.exe
  2⤵
  PID:9712
- C:\Windows\System\OquWQBe.exe
  C:\Windows\System\OquWQBe.exe
  2⤵
  PID:9728
- C:\Windows\System\npIyZUn.exe
  C:\Windows\System\npIyZUn.exe
  2⤵
  PID:9744
- C:\Windows\System\ueGCBXY.exe
  C:\Windows\System\ueGCBXY.exe
  2⤵
  PID:9760
- C:\Windows\System\qEYLKKV.exe
  C:\Windows\System\qEYLKKV.exe
  2⤵
  PID:9788
- C:\Windows\System\sSUvAtm.exe
  C:\Windows\System\sSUvAtm.exe
  2⤵
  PID:9820
- C:\Windows\System\KqvGfIU.exe
  C:\Windows\System\KqvGfIU.exe
  2⤵
  PID:9840
- C:\Windows\System\ujwcfSG.exe
  C:\Windows\System\ujwcfSG.exe
  2⤵
  PID:9856
- C:\Windows\System\tsoaLyi.exe
  C:\Windows\System\tsoaLyi.exe
  2⤵
  PID:9872
- C:\Windows\System\HMjqQxl.exe
  C:\Windows\System\HMjqQxl.exe
  2⤵
  PID:9888
- C:\Windows\System\DpjVkRx.exe
  C:\Windows\System\DpjVkRx.exe
  2⤵
  PID:9904
- C:\Windows\System\fJknDgz.exe
  C:\Windows\System\fJknDgz.exe
  2⤵
  PID:9936
- C:\Windows\System\KeGWLcS.exe
  C:\Windows\System\KeGWLcS.exe
  2⤵
  PID:9952
- C:\Windows\System\VqscokN.exe
  C:\Windows\System\VqscokN.exe
  2⤵
  PID:9972
- C:\Windows\System\NqSFsiV.exe
  C:\Windows\System\NqSFsiV.exe
  2⤵
  PID:10000
- C:\Windows\System\IphdXWd.exe
  C:\Windows\System\IphdXWd.exe
  2⤵
  PID:10016
- C:\Windows\System\RwxBzja.exe
  C:\Windows\System\RwxBzja.exe
  2⤵
  PID:10040
- C:\Windows\System\grMTqwr.exe
  C:\Windows\System\grMTqwr.exe
  2⤵
  PID:10056
- C:\Windows\System\goigeIL.exe
  C:\Windows\System\goigeIL.exe
  2⤵
  PID:10080
- C:\Windows\System\fMGhPin.exe
  C:\Windows\System\fMGhPin.exe
  2⤵
  PID:10100
- C:\Windows\System\wHHEbsZ.exe
  C:\Windows\System\wHHEbsZ.exe
  2⤵
  PID:10124
- C:\Windows\System\rfjjsTf.exe
  C:\Windows\System\rfjjsTf.exe
  2⤵
  PID:10140
- C:\Windows\System\BEfGahc.exe
  C:\Windows\System\BEfGahc.exe
  2⤵
  PID:10156
- C:\Windows\System\cMdJBzZ.exe
  C:\Windows\System\cMdJBzZ.exe
  2⤵
  PID:10176
- C:\Windows\System\zbGmrrO.exe
  C:\Windows\System\zbGmrrO.exe
  2⤵
  PID:10204
- C:\Windows\System\jfqZcZu.exe
  C:\Windows\System\jfqZcZu.exe
  2⤵
  PID:10220
- C:\Windows\System\bteNwqH.exe
  C:\Windows\System\bteNwqH.exe
  2⤵
  PID:9040
- C:\Windows\System\qzsUglp.exe
  C:\Windows\System\qzsUglp.exe
  2⤵
  PID:9164
- C:\Windows\System\syVLDNm.exe
  C:\Windows\System\syVLDNm.exe
  2⤵
  PID:9296
- C:\Windows\System\gWDanKI.exe
  C:\Windows\System\gWDanKI.exe
  2⤵
  PID:9224
- C:\Windows\System\XwNXnwn.exe
  C:\Windows\System\XwNXnwn.exe
  2⤵
  PID:8780
- C:\Windows\System\YUKWEYC.exe
  C:\Windows\System\YUKWEYC.exe
  2⤵
  PID:9320
- C:\Windows\System\fgdBwRh.exe
  C:\Windows\System\fgdBwRh.exe
  2⤵
  PID:9376
- C:\Windows\System\woZBBca.exe
  C:\Windows\System\woZBBca.exe
  2⤵
  PID:9360
- C:\Windows\System\COehbpj.exe
  C:\Windows\System\COehbpj.exe
  2⤵
  PID:9404
- C:\Windows\System\Duodlnv.exe
  C:\Windows\System\Duodlnv.exe
  2⤵
  PID:9440
- C:\Windows\System\qjyyzQR.exe
  C:\Windows\System\qjyyzQR.exe
  2⤵
  PID:9508
- C:\Windows\System\iuFhkUi.exe
  C:\Windows\System\iuFhkUi.exe
  2⤵
  PID:9576
- C:\Windows\System\mTWrDSI.exe
  C:\Windows\System\mTWrDSI.exe
  2⤵
  PID:9520
- C:\Windows\System\ArUMReG.exe
  C:\Windows\System\ArUMReG.exe
  2⤵
  PID:9580
- C:\Windows\System\AwttsJO.exe
  C:\Windows\System\AwttsJO.exe
  2⤵
  PID:9636
- C:\Windows\System\bMCUjTu.exe
  C:\Windows\System\bMCUjTu.exe
  2⤵
  PID:9688
- C:\Windows\System\TskcDWF.exe
  C:\Windows\System\TskcDWF.exe
  2⤵
  PID:9704
- C:\Windows\System\bkSFmvy.exe
  C:\Windows\System\bkSFmvy.exe
  2⤵
  PID:9720
- C:\Windows\System\DWhZuxo.exe
  C:\Windows\System\DWhZuxo.exe
  2⤵
  PID:9752
- C:\Windows\System\ymSiFKO.exe
  C:\Windows\System\ymSiFKO.exe
  2⤵
  PID:9808
- C:\Windows\System\FDcpbhq.exe
  C:\Windows\System\FDcpbhq.exe
  2⤵
  PID:9836
- C:\Windows\System\RPbNBTL.exe
  C:\Windows\System\RPbNBTL.exe
  2⤵
  PID:9848
- C:\Windows\System\YgJHeCJ.exe
  C:\Windows\System\YgJHeCJ.exe
  2⤵
  PID:9920
- C:\Windows\System\euggzNr.exe
  C:\Windows\System\euggzNr.exe
  2⤵
  PID:9880
- C:\Windows\System\nQvoWZI.exe
  C:\Windows\System\nQvoWZI.exe
  2⤵
  PID:9984
- C:\Windows\System\wJJwerH.exe
  C:\Windows\System\wJJwerH.exe
  2⤵
  PID:9996
- C:\Windows\System\NrCegfc.exe
  C:\Windows\System\NrCegfc.exe
  2⤵
  PID:10012
- C:\Windows\System\uVWLyzJ.exe
  C:\Windows\System\uVWLyzJ.exe
  2⤵
  PID:10052
- C:\Windows\System\VSSULZS.exe
  C:\Windows\System\VSSULZS.exe
  2⤵
  PID:10088
- C:\Windows\System\odpcyMA.exe
  C:\Windows\System\odpcyMA.exe
  2⤵
  PID:10116
- C:\Windows\System\HrsKSrP.exe
  C:\Windows\System\HrsKSrP.exe
  2⤵
  PID:10164
- C:\Windows\System\zCEzNwR.exe
  C:\Windows\System\zCEzNwR.exe
  2⤵
  PID:10196
- C:\Windows\System\TlUeNgM.exe
  C:\Windows\System\TlUeNgM.exe
  2⤵
  PID:10236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CmCWxok.exe

Filesize
6.0MB

MD5
637ae845f8787b3624ff29674f22ae43

SHA1
5fe9d1e3615a3a5b0aca4ac9e6e98c1193f0b49e

SHA256
3a01c1736e361253843b8d5aa4fdbe7c2e59526cb2bb38a3acb819e107e90d23

SHA512
f309c69719a37bb8316f7620b36f97e8e5f618ae46761e2c88858ece74db7ae2216d2d166155bbf9a1e4795d88e5f72c955fbea9c6df717c62e4f0d3d9973e8d

Download Submit
C:\Windows\system\DAezSIz.exe

Filesize
6.0MB

MD5
7bde4541b513f8011e9db8ec7f25fcc2

SHA1
e2de9c42ff7358ec55f901f765cc242141f6c1e2

SHA256
a4d3a84c05c13fcadd47e8b0bfca66c24d3bb2718cee92e1562d85221e25333a

SHA512
0d676f1a337d6ed4d13690c7b058d1524cb9d2c32afd4d550224f8bd2be17bcb1fbc4478030a5d025e3a0d9572b2da68fe5216ac41f5e2d28125a77745abbb76

Download Submit
C:\Windows\system\EKikSJf.exe

Filesize
6.0MB

MD5
49546ed8bea668a72a5d9498c7b10407

SHA1
17637495ca29e13a8b65044d31af184ed89ba472

SHA256
dc1907b634c60fd3363ad09c7a313fadfe2aa47c8a15de5dfd035ddd479aa0d3

SHA512
1803af2ed534dbc13e383f0722c1c5df7633d717970dbf4a0dcb335bb0136994de4ff688c79bfc1f78e0095a2f6de21e5f2d50310079c2dc96591333d21b51e1

Download Submit
C:\Windows\system\OImSqCj.exe

Filesize
6.0MB

MD5
75a9a1bfc9086ff8c976f1782ae9090c

SHA1
c41cb10edd5ecdeda15b8db2be0d3afcc6be8855

SHA256
9bb564815d7791a70d671ffa0ddb706c5a0503f53e92b6bc51c68c8dbf531dec

SHA512
9120970a5eda140039fc1deac8026cc9c6d461658e9d4f7122c10ccbf265fdb66644d599724d46b26787526d4b983b5712a0cee3f57fa23d9b92de8aad22a851

Download Submit
C:\Windows\system\RrkUVFB.exe

Filesize
6.0MB

MD5
be707021a18362f3e3f3e947281200b2

SHA1
c2eff4360a365370d6b5920b15dcdb7bb283e958

SHA256
3a3acec6eb5919f9ad345da5d2dad7474120b54562b707b0633f41106503d5bc

SHA512
9a278fb69079fef8f210c94a3f25e0511e70c9c9004a24bb8a123b2630a896018763452e76fbd477f5f1ca633ccea13a3d56d232ae2ba9b4eea35deedc703162

Download Submit
C:\Windows\system\UZdZhbK.exe

Filesize
6.0MB

MD5
71cc7a71394dabf1f87c85dfacda9aff

SHA1
5c222cbdf35a225391792e0ca5072e7d2ef98c61

SHA256
6153bc0937a133995e85972957eacd29fd97bfa59318fd8fbf2c62bd7e5a71d9

SHA512
794c55aabc924d2e7b5c86d73dd40aab11f9142d2dc6d28010ac4508baf79be1f3d012cc1bf10b513218c4ce42c6b325b3de16056c5c9debea838befaa3d9b50

Download Submit
C:\Windows\system\WWjGOEM.exe

Filesize
6.0MB

MD5
01c0451cbed00a04d8e1fb7e459449c7

SHA1
7b30f9755c15e28bdc54b5745955d278cfda6482

SHA256
53600018ee5c2dc25f58fffca40b25d8758310f77d78c44e6e235e026b27fc3c

SHA512
26c03e21e494cfa082d066bcebc9e05c0ab701fb9ec5d05083e417faafa0e79a111bdcf7d23032f5fe554eaf2a2dc89ab8edd6639301c4863eb17686fbfe5913

Download Submit
C:\Windows\system\YZlZPgn.exe

Filesize
6.0MB

MD5
8e31f2bbb126312e22e020f1d042a009

SHA1
ddd0c0166fea9c883504262d319ce2ea5b852409

SHA256
d0136ba9112808cfb5853f0581a65f9937f7ae4d5826621f76ee1ebc9777cd0d

SHA512
fa7a51e623be98e63a981932ff64575b284ed9a8a4843085abbfea255bf97aa5ffbaf4cdd5f443703565c01052902ce6f0e8149da726be4d81ae77e0312f1382

Download Submit
C:\Windows\system\Yfevver.exe

Filesize
6.0MB

MD5
25531a27701f6b8a9c6d8fdc4cda0a47

SHA1
46a4af472fd6131b380fe348e353d60c6a96ca84

SHA256
5090aa0fdf757d0da4b03a33675af916c7e9b28ab1c96cf8b4d41d27e1a1d4ff

SHA512
04d9dae5957c96b345e34ee8797c2a963bfb463223235d32edf40e43bc86a9f47a9b7e2374eb72e9056a4e6036c3ad7585a08221c5d11c0c9da6626b2daeccc3

Download Submit
C:\Windows\system\aVelQCh.exe

Filesize
6.0MB

MD5
a0d06da0d4a506311667dff4b57bba99

SHA1
aea5713a6a006b7743f952bc2c0649cb2c5b9b43

SHA256
7121a14cad46750dc21b8dc1f8067a36abe8c39867f7b89e46b8f1778402027d

SHA512
20495d693762a959c6b7d7b3ebd7492ea2abab2f127dc9ecaa31a02d6df68cf2a523e83d39badc838c3ba82324ed946ffc6ab56c32752c9cf62d33ab66190a68

Download Submit
C:\Windows\system\fKGRafH.exe

Filesize
6.0MB

MD5
e65291fd75c9a0654b2de25efd12b33a

SHA1
3b79d29f758f152268e2f33fafd81a5a8ff4312f

SHA256
046914f509d0fb1546df8904ac5c95e276d314505b49a67986a7a5d0c9447576

SHA512
b383e707df79e61b63c420271ccd999741899f31b39b5226d31ac9d3542d56c92285d2756ecc7041dcd15e86cc481ed3e51d49b934b740bd4a4a2dae9e9e418b

Download Submit
C:\Windows\system\hbAxXOF.exe

Filesize
6.0MB

MD5
d0f57fb4cf7cb4e4fe95ca7096682496

SHA1
054e8c7be9ad1780e8c11acd108c3475143b07ea

SHA256
08e4bb37f27f09071616ed0e4a4d10d0c30f8d492f8457f8b578ea56303138af

SHA512
cb593f0c73441fb54a120f82a9b214e6ada0ecb1b2dd2d66d49f71cd8ba9ca5a833332f58e638a0482a9bd90286ab73f9e8b45e8f95dd8ce0192788e5e5afc4b

Download Submit
C:\Windows\system\ixQoPUI.exe

Filesize
6.0MB

MD5
2a12324f68c66338a3cee2313241c2d3

SHA1
e9807c6d96e116f8bf8d85e253140d31f76ded28

SHA256
ab7ec82bf5a021f09f6beaa470b5954a104caa3aaa3a605886421249e6042b72

SHA512
fb00ceedfb64d29db6107b89354c2221a6cd1d1ee9852bf01b49fa4d5f51d39a97527fbdd45db0743c1fc40a864fbed0e8881fed5198f2c91df2bc881041cfb7

Download Submit
C:\Windows\system\kkgIPzy.exe

Filesize
6.0MB

MD5
87e2de2d2f4e4d9894e6b421b1d31bcc

SHA1
b6238c7afa570f4f818a9461f48d512c228e98d1

SHA256
c953838bc28bea048f1577083aad3d58725ef399102cd18711adeecf0c4bb89e

SHA512
a07db7fc30eac86138920dbc4bdd7854808e927da02c85b85a47a780474cc0a510c41468426aee9c8cb5d380ad5711017f963593b42184a477a77bfe6395f8ae

Download Submit
C:\Windows\system\lWTSSGE.exe

Filesize
6.0MB

MD5
f5b13c91a5c120f794498b94569fb248

SHA1
7c3626891c7a7faa987ac071f0e2a9dd1429c4b2

SHA256
642759be40bbbbb7079ef8f7ac5cf70a795048cdf67213808bc861409ba94708

SHA512
3bd49611d9c774d43451ab8e426387c70d8415bce400050e2c5c76e36c9702db0540e5d24d9c7f7c211041d46d65be0a79a2b47ea53c40e5489a7c5cafba277e

Download Submit
C:\Windows\system\mQUFIga.exe

Filesize
6.0MB

MD5
72570031396ebc00727eb5f4e404d55f

SHA1
55d750c7f1b7a4c52b2c2e36d2cacbf44976ab01

SHA256
10dda874867d0d6037e927eaf65eaa667fdab8dfbb2b9d19db4931f05434b7b9

SHA512
2c5e482258b915eb8998ad1ccfbf7d7b38a5c41ea47a26ac28500f94c0ae3e5de1caf0cee08572ee3fc9d79c012fd3ebca6318456ef8920adbd22f1e776627e5

Download Submit
C:\Windows\system\nzMoJrg.exe

Filesize
6.0MB

MD5
2bfaaae83bd033f1802f360d7f459b19

SHA1
e83abb2269d701bfc54e96221ebdbcbb0f76321e

SHA256
1dcc3503da7cce8a347036b582760d2cbbbc6a96185e30c9e4e89e17b6c25d9f

SHA512
35b2cb57a8f05b14bb2d24fb910205b94fe96456b34904af36ce9ae67b91f398deee9c839f3723dd65830eb22344d4bb0c67552f14d5124e92c72dcbb6de9e99

Download Submit
C:\Windows\system\oXscZEr.exe

Filesize
6.0MB

MD5
ee28ceb7195480ef4c14f7f711a7ae57

SHA1
8976fec99e13161276892745fe98633af8737dc0

SHA256
6017817b8324ffea690a3cba283ba9a2b3ef24daa8f36ddfc89f33495da6b4d1

SHA512
19eed182f840e43ec8c3bf6dd3c81ffe91c9e174aab9dd57bc26fe0fcdd047ed8bbe945a5b4db6ee967f5a49f89238acbdf980c20e01c56e5fdc875a60b6723f

Download Submit
C:\Windows\system\qIxIhis.exe

Filesize
6.0MB

MD5
c04edafa2b79f5b478ef904736aba0ed

SHA1
33aeeeb7e365577d005d29ab03be09f613e7a092

SHA256
3b075a8ef4f30553ef061c0b9e590da235bffc06a2e917968ebfa85fc066bdb6

SHA512
dc14a3f71b8d4104c0c175d1116538356822b74477c816ea7ead3b1378e45687a7b55815173912f807cf57c388b97326b039222aadff473956a5066fd48dd95a

Download Submit
C:\Windows\system\rOqHqGl.exe

Filesize
6.0MB

MD5
78abb0f1d20e634221151a054a933396

SHA1
655e9ec1a2139c8e9e1ae8b587e60e6e4e6e5941

SHA256
375ad1d97c866003a9631931ee1734d3205622ff186c054f0747dee34c364544

SHA512
dc62d19480c49919a3fb8d18d7e1e1ab74b52e9ee7b69faf2aef983432692da695cec328e71e1051485a1dc663159019472d354d78edfbb6ebd59db541e35b54

Download Submit
C:\Windows\system\sAezRDr.exe

Filesize
6.0MB

MD5
a777e5c08c8f06085e77cb072a6feef6

SHA1
c2a672da065ce5f7c9f594eb88aab1251f0aa8a5

SHA256
5fdffe02d8dc0e0429691290a3770121bc6c3df3420445fb148c97833374afe4

SHA512
d610a332e7bb9187b4904426852abf13d4db072b9f8f679d84aa98d88bcfa67798279c1cdb8ec0675514cc2639e8a34383eab5148e73cb7c1826f117df9b1c0d

Download Submit
C:\Windows\system\tXiEEOe.exe

Filesize
6.0MB

MD5
8d47e2461d871d320b8927a157627d60

SHA1
22e6df5579f68b3d1326abcf5dcf655c32b81307

SHA256
06d99c82fd4629e8793ab633599481df7d9f582aba94370a0a0b35c12c58db58

SHA512
83ac5bb18ca3f67eac0160d760c9648e34d6b31d30b4192c5c7f6cb2a7a011e2cc1e027f86c966780c36ec258e2b08a940971e4ceb6372b45b22a26648366cd7

Download Submit
\Windows\system\DWVGJVc.exe

Filesize
6.0MB

MD5
002a4b91efa7ff7a6fcf44804093f7a3

SHA1
6cc1ae2e5ee6d36613648d485ac491aa15bdc664

SHA256
d9b1ca96e5c176f7d5ca018d12fec566e08fee578771308cd23b2b1a092331b2

SHA512
3556a0ff53158eb25eed342dcd7fa669842f86051897912a484ee8bcb94bd2a3a212ef936f7dc13a8866ef46f31cb95be4e2009a527f2bf265794a1fdbed7e40

Download Submit
\Windows\system\GNTmkZo.exe

Filesize
6.0MB

MD5
b10470352466cfd3798dbcbebf5ccf16

SHA1
e056f9c89d14d08b5be9438ce22ccb0823c66307

SHA256
9f4080f556ee95c930a701b933084c43b04aeaa607fc93e784ae461146f5704d

SHA512
306e45589641632e1c5fef10b7ff7f31ead0dad8beca241bd43bc177df54742bb5261ecfe13b263578eff104b2dfd722722401d4dfbff1d027dfc775cc22c277

Download Submit
\Windows\system\KAZjDBl.exe

Filesize
6.0MB

MD5
96c7a40066fc1693252d63c0627c4eb8

SHA1
21c604a0c868f4e8d8db4db6bd164c89301f8a57

SHA256
ecfe4ed28f889f3df389aece362a7918437b20ec211812b6095088ec5a61211e

SHA512
7ebc4f08bcee3eaed4b89c57c4e20c310049955d5d56a6e6243aaa5948bc2dbf558298402f6eb3d02013cad1a377bd97e031a7adc58073c4fbbe6b4372d3c1a9

Download Submit
\Windows\system\MuLJbJe.exe

Filesize
6.0MB

MD5
6352c66e886cabc5458f192ef56333ef

SHA1
3aadbe0752934689e201a234b9996c3ded1c958a

SHA256
caab4f4f35b7bdcb0128d46cdaeaa94a4964d4d6e2678e180c61599838021f84

SHA512
3c8d17c53274c98aa87a8f4f2a562283eff1f20ba9fafc961ae72455f21586aa98b636179be019cfb7f906d47ea0af6b362b17160aaafe643c99b06ad3581e20

Download Submit
\Windows\system\ShebpuX.exe

Filesize
6.0MB

MD5
24e7794c1437d51a2d61f8f109899f69

SHA1
6d4d4762c3905863a26486074c021fdcf6794a0d

SHA256
b76dd36dd2e3cde68c26f5049d2bbd77dff410319a9b9e75793a4b23a6830c55

SHA512
023b8f367be7f3f4a9afbfa445d82aa56111099850e6ea1b06a8561fe08bf688d5a3215734b02f588ce06a76ecf7d3d5f983f6effcbe07cc894d7df3075643fc

Download Submit
\Windows\system\WDUDVrw.exe

Filesize
6.0MB

MD5
76fa95ae89fb6b4664797e74a1cbf0aa

SHA1
1fc4ea452af578abf4adeb9bc08be1c72dc172b0

SHA256
5bfaf463127304d1a87a84d4be603ebc877dcd3e9fc42ad244cb0047f6eaa460

SHA512
7f0930694997fa7a71fc4618ffae49b83eb0c2ba61e24aed90e2ff5416ffef92c10eb937580f72ff408605b010fdf5e7aee68ed70dcbbcfee95782fcf6452098

Download Submit
\Windows\system\XYPJLJh.exe

Filesize
6.0MB

MD5
e9bf1152149841b005efff0ecec2e099

SHA1
9c01497f9de61f31c19aa8fd57bb2c4857c2139c

SHA256
02df81b92939e875c330c025e109fa2fbd1c3196f0d274b43513dcb961bad55a

SHA512
5047fc034ec6300d93999455d91c7e28bc7731013595fc95410ea689c39fe7abdad19db89c375dd45609853a96e7601e74d546ba4624199aa2616930c05f39ac

Download Submit
\Windows\system\bfZhrNt.exe

Filesize
6.0MB

MD5
7710dc701335a1d83c85651dd6c3040a

SHA1
682ee3b8ec1f8c89a082b6f082aaaa39e6361323

SHA256
eaa6125e35342067abf4255e9267f2bd25529e27c489199859acd62e38069405

SHA512
3b6325fa5ed42d013dc915dff9d8a8a1eb5b57283561c82b944b4fbf6e6595b7d937237517e53cf7dffcec160494943a0647fc24e256a9e1d732718a98053d14

Download Submit
\Windows\system\lHJgIDT.exe

Filesize
6.0MB

MD5
e3b2d61cd734241010e3c9a0f7c24114

SHA1
ee92c70662d97bfaee2b8417170ccde86ea8e856

SHA256
2bf63008d4f786599dd3c9a5f2608319d3baa252ca6bd66da74c4f30a51131d4

SHA512
4c1953a40a3c9025ff94c8ea2327795a2fe7d2976789a2f749095284c07a9d8fb44aa9601f8cd9877980a3e17b957a6e80e1fcec0c4cd826f783efd38a983a9b

Download Submit
\Windows\system\oNoFfrc.exe

Filesize
6.0MB

MD5
722874825cab653e5a4ec7e74e5fc873

SHA1
5ead8b83e55d2e8946c0b88ab234514115846e6b

SHA256
6b528080187f663269f9ec30b5ffd51df8b56d370a2ded3c2cce32e7abb10f16

SHA512
030e2b37c301a0244eed2053dfef3c0daf40365a9854947a0a773e3e3a463216f42b78bc936537933f11160d6425904b7156f3f5bf071dc7688b3350db66bed8

Download Submit
memory/1144-1061-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1144-55-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1260-1347-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-109-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1409-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1472-541-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1996-101-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-105-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1996-90-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1996-20-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1996-88-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-98-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-23-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1996-73-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-103-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-113-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-6-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-69-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-25-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-38-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1996-33-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1996-57-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-53-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1996-41-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1996-583-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1996-492-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2256-11-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1005-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-48-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2476-1006-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2476-14-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2492-70-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1145-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1343-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-77-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-250-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1340-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-62-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-102-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1087-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-99-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1352-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-64-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1008-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-29-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1040-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2824-71-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2824-36-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1055-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2844-74-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2844-42-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1007-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2908-22-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2908-54-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download