cobaltstrike | cbc71f22ab931e81a39674273793857199c435f43dbe845df4cf93ba95e0b383

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

95e22f88a7abefa5a8c6079d86f92723
SHA1

e9832950f80273b3eb29f6536ca90a4b659c3aac
SHA256

cbc71f22ab931e81a39674273793857199c435f43dbe845df4cf93ba95e0b383
SHA512

40354824c4ea52d707492224bd17cfe07b570a4f8604d94afe53aaf105ebab733f64ffe451d55143106b91dc2ed489e74b2aa40edc1e07d4e72a0fccab9de022
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164b1-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001653a-15.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016be6-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c03-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c4b-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bf7-36.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000169f5-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2312-0-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225f-6.dat	xmrig
behavioral1/files/0x00080000000164b1-7.dat	xmrig
behavioral1/files/0x000800000001653a-15.dat	xmrig
behavioral1/files/0x000700000001678f-21.dat	xmrig
behavioral1/files/0x0007000000016be6-30.dat	xmrig
behavioral1/files/0x0009000000016c03-41.dat	xmrig
behavioral1/files/0x0009000000016c4b-46.dat	xmrig
behavioral1/files/0x0005000000019232-60.dat	xmrig
behavioral1/files/0x0005000000019369-75.dat	xmrig
behavioral1/files/0x0005000000019371-80.dat	xmrig
behavioral1/files/0x000500000001958b-135.dat	xmrig
behavioral1/files/0x00050000000195c6-151.dat	xmrig
behavioral1/memory/2940-1256-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2584-1322-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/536-1964-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2312-2013-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/644-2044-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1160-2008-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2312-2284-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/3024-1911-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/3016-1837-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2312-1666-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2648-1665-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2312-1610-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2588-1609-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2828-1556-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2312-1498-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/496-1497-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2604-1449-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1764-1401-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2796-931-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-161.dat	xmrig
behavioral1/files/0x00050000000195c7-155.dat	xmrig
behavioral1/files/0x00050000000195c4-146.dat	xmrig
behavioral1/files/0x00050000000195c2-140.dat	xmrig
behavioral1/files/0x00050000000194e2-130.dat	xmrig
behavioral1/files/0x000500000001948d-124.dat	xmrig
behavioral1/files/0x000500000001945c-120.dat	xmrig
behavioral1/files/0x00050000000193f0-115.dat	xmrig
behavioral1/files/0x00050000000193e6-110.dat	xmrig
behavioral1/files/0x00050000000193d1-104.dat	xmrig
behavioral1/files/0x00050000000193a8-100.dat	xmrig
behavioral1/files/0x000500000001938e-95.dat	xmrig
behavioral1/files/0x0005000000019382-90.dat	xmrig
behavioral1/files/0x000500000001937b-85.dat	xmrig
behavioral1/files/0x0005000000019345-70.dat	xmrig
behavioral1/files/0x0005000000019329-65.dat	xmrig
behavioral1/files/0x000500000001921d-55.dat	xmrig
behavioral1/files/0x0006000000019214-50.dat	xmrig
behavioral1/files/0x0007000000016bf7-36.dat	xmrig
behavioral1/files/0x00070000000169f5-26.dat	xmrig
behavioral1/memory/2312-2749-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2796-2855-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2312-2958-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2312-2969-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2312-3030-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2312-3055-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2312-3057-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2312-3061-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2584-3247-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2796-3263-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2604-3264-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/644-3240-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	KZSmBNg.exe
2940	DyNLZvr.exe
2584	QkeetVu.exe
1764	GcATUas.exe
2604	CKpSOjF.exe
496	kksEhtG.exe
2828	VrsPWTL.exe
2588	QYhHtaH.exe
2648	xoCkZQk.exe
3016	eeqPWlB.exe
3024	zjLEwbW.exe
536	wHNrxAQ.exe
1160	DOffNpz.exe
644	sGrxAzg.exe
2988	zcDXAZF.exe
576	MQWTPzF.exe
1952	vgZsakF.exe
1648	qUFjwwX.exe
1188	QLxtOvq.exe
1416	LMWEmZi.exe
1964	BjtRMih.exe
1856	TPSLUvP.exe
2892	FlRbEvj.exe
848	OvYUhcV.exe
1988	fPdyAfg.exe
1992	vBsEKMm.exe
2220	Blmrdvz.exe
2424	RHPsBVa.exe
2224	pAXgkJK.exe
2480	xpZueOf.exe
2476	VnTiQrP.exe
2428	AaWgbfo.exe
1212	TPWTpyD.exe
1700	LXmUbJY.exe
1788	pJoHjpG.exe
2216	fhMkUQO.exe
604	WspsYfA.exe
3068	VdWKpHN.exe
1140	YYhnUPO.exe
696	DoibADG.exe
2280	gIvRIwS.exe
328	hSZqeSn.exe
356	JBZHeDG.exe
1392	cSmbAuk.exe
3048	mSVXlnf.exe
1228	ibKAJyB.exe
1716	upEJFuV.exe
904	mvppGhM.exe
2400	oeqBiaX.exe
2996	mLZBQyA.exe
2524	NLekbcn.exe
2512	wsUOWBN.exe
1064	aZFhkRq.exe
2976	YHeZYvV.exe
744	YEHWuQl.exe
1804	cJvpORv.exe
2504	xvuggyX.exe
1672	nowccJH.exe
2784	lJFycMN.exe
2716	TunSlSP.exe
2732	XaodDEB.exe
2848	cbacnyT.exe
2600	YksYxOB.exe
2772	Fzallfn.exe

Loads dropped DLL 64 IoCs

pid	Process
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x000a00000001225f-6.dat	upx
behavioral1/files/0x00080000000164b1-7.dat	upx
behavioral1/files/0x000800000001653a-15.dat	upx
behavioral1/files/0x000700000001678f-21.dat	upx
behavioral1/files/0x0007000000016be6-30.dat	upx
behavioral1/files/0x0009000000016c03-41.dat	upx
behavioral1/files/0x0009000000016c4b-46.dat	upx
behavioral1/files/0x0005000000019232-60.dat	upx
behavioral1/files/0x0005000000019369-75.dat	upx
behavioral1/files/0x0005000000019371-80.dat	upx
behavioral1/files/0x000500000001958b-135.dat	upx
behavioral1/files/0x00050000000195c6-151.dat	upx
behavioral1/memory/2940-1256-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2584-1322-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/536-1964-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/644-2044-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1160-2008-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/3024-1911-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/3016-1837-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2648-1665-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2588-1609-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2828-1556-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/496-1497-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2604-1449-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1764-1401-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2796-931-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-161.dat	upx
behavioral1/files/0x00050000000195c7-155.dat	upx
behavioral1/files/0x00050000000195c4-146.dat	upx
behavioral1/files/0x00050000000195c2-140.dat	upx
behavioral1/files/0x00050000000194e2-130.dat	upx
behavioral1/files/0x000500000001948d-124.dat	upx
behavioral1/files/0x000500000001945c-120.dat	upx
behavioral1/files/0x00050000000193f0-115.dat	upx
behavioral1/files/0x00050000000193e6-110.dat	upx
behavioral1/files/0x00050000000193d1-104.dat	upx
behavioral1/files/0x00050000000193a8-100.dat	upx
behavioral1/files/0x000500000001938e-95.dat	upx
behavioral1/files/0x0005000000019382-90.dat	upx
behavioral1/files/0x000500000001937b-85.dat	upx
behavioral1/files/0x0005000000019345-70.dat	upx
behavioral1/files/0x0005000000019329-65.dat	upx
behavioral1/files/0x000500000001921d-55.dat	upx
behavioral1/files/0x0006000000019214-50.dat	upx
behavioral1/files/0x0007000000016bf7-36.dat	upx
behavioral1/files/0x00070000000169f5-26.dat	upx
behavioral1/memory/2312-2749-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2796-2855-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2584-3247-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2796-3263-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2604-3264-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/644-3240-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2828-3265-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1160-3420-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/3024-3418-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2648-3419-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1764-3987-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2588-4008-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2940-4016-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/536-4017-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/496-4018-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/3016-4042-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TgzRlFu.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxyIDkh.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuHgRgd.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkmyjtQ.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMbGyIA.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubjKghD.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXfhUUm.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgKAYiV.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMxyqae.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHJNJxG.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VARPcKF.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esouJbf.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KknxooA.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSrMgev.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNWHgWj.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnYxxMw.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbgboGG.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJODpfO.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsyRuDK.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDWtoSU.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnPDtgp.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSVXlnf.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlrAhpu.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfCTGHL.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oemvWws.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRIXaoa.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXRYCMw.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PElpSyd.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doYzIsB.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYuqipa.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZArtkZY.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhMkUQO.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBxXREA.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caOtJVw.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQgazAt.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNMSQPo.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\squGFMO.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfFdKQX.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrGBsuY.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTqaCZK.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzlrbOR.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNZbWhg.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cilNqdY.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SczZHLE.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcCqiyJ.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joqlpJP.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtzSeSd.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boHwdVU.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTjWDCn.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPxOVJy.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LALigdh.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVnRuYl.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDIzygc.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKrEnRF.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaMnPiv.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkWtnTt.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUtHPMR.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laFnFSn.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAtOVGw.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYAEaDL.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlSIlXP.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvUfWKr.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUFjwwX.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBsEKMm.exe	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2796	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2796	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2796	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2940	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2940	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2940	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2584	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 2584	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 2584	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 1764	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 1764	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 1764	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 2604	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 2604	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 2604	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 496	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 496	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 496	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 2828	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2828	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2828	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2588	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 2588	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 2588	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 2648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 2648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 2648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 3016	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 3016	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 3016	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 3024	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 3024	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 3024	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 536	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 536	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 536	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 1160	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 1160	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 1160	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 644	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 644	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 644	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 2988	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 2988	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 2988	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 576	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 576	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 576	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 1952	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 1952	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 1952	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 1648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 1648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 1648	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 1188	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 1188	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 1188	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 1416	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 1416	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 1416	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 1964	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 1964	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 1964	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 1856	2312	2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_95e22f88a7abefa5a8c6079d86f92723_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\System\KZSmBNg.exe
  C:\Windows\System\KZSmBNg.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\DyNLZvr.exe
  C:\Windows\System\DyNLZvr.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QkeetVu.exe
  C:\Windows\System\QkeetVu.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\GcATUas.exe
  C:\Windows\System\GcATUas.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\CKpSOjF.exe
  C:\Windows\System\CKpSOjF.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\kksEhtG.exe
  C:\Windows\System\kksEhtG.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\VrsPWTL.exe
  C:\Windows\System\VrsPWTL.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\QYhHtaH.exe
  C:\Windows\System\QYhHtaH.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\xoCkZQk.exe
  C:\Windows\System\xoCkZQk.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\eeqPWlB.exe
  C:\Windows\System\eeqPWlB.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\zjLEwbW.exe
  C:\Windows\System\zjLEwbW.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\wHNrxAQ.exe
  C:\Windows\System\wHNrxAQ.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\DOffNpz.exe
  C:\Windows\System\DOffNpz.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\sGrxAzg.exe
  C:\Windows\System\sGrxAzg.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\zcDXAZF.exe
  C:\Windows\System\zcDXAZF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\MQWTPzF.exe
  C:\Windows\System\MQWTPzF.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\vgZsakF.exe
  C:\Windows\System\vgZsakF.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\qUFjwwX.exe
  C:\Windows\System\qUFjwwX.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\QLxtOvq.exe
  C:\Windows\System\QLxtOvq.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\LMWEmZi.exe
  C:\Windows\System\LMWEmZi.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\BjtRMih.exe
  C:\Windows\System\BjtRMih.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\TPSLUvP.exe
  C:\Windows\System\TPSLUvP.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\FlRbEvj.exe
  C:\Windows\System\FlRbEvj.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\OvYUhcV.exe
  C:\Windows\System\OvYUhcV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\fPdyAfg.exe
  C:\Windows\System\fPdyAfg.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\vBsEKMm.exe
  C:\Windows\System\vBsEKMm.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\Blmrdvz.exe
  C:\Windows\System\Blmrdvz.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\RHPsBVa.exe
  C:\Windows\System\RHPsBVa.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\pAXgkJK.exe
  C:\Windows\System\pAXgkJK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\xpZueOf.exe
  C:\Windows\System\xpZueOf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\VnTiQrP.exe
  C:\Windows\System\VnTiQrP.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\AaWgbfo.exe
  C:\Windows\System\AaWgbfo.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\TPWTpyD.exe
  C:\Windows\System\TPWTpyD.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\LXmUbJY.exe
  C:\Windows\System\LXmUbJY.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\pJoHjpG.exe
  C:\Windows\System\pJoHjpG.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\WspsYfA.exe
  C:\Windows\System\WspsYfA.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\fhMkUQO.exe
  C:\Windows\System\fhMkUQO.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\VdWKpHN.exe
  C:\Windows\System\VdWKpHN.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\YYhnUPO.exe
  C:\Windows\System\YYhnUPO.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\DoibADG.exe
  C:\Windows\System\DoibADG.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\gIvRIwS.exe
  C:\Windows\System\gIvRIwS.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\hSZqeSn.exe
  C:\Windows\System\hSZqeSn.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\JBZHeDG.exe
  C:\Windows\System\JBZHeDG.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\cSmbAuk.exe
  C:\Windows\System\cSmbAuk.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\mSVXlnf.exe
  C:\Windows\System\mSVXlnf.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ibKAJyB.exe
  C:\Windows\System\ibKAJyB.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\upEJFuV.exe
  C:\Windows\System\upEJFuV.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\mvppGhM.exe
  C:\Windows\System\mvppGhM.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\oeqBiaX.exe
  C:\Windows\System\oeqBiaX.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\mLZBQyA.exe
  C:\Windows\System\mLZBQyA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NLekbcn.exe
  C:\Windows\System\NLekbcn.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\wsUOWBN.exe
  C:\Windows\System\wsUOWBN.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\aZFhkRq.exe
  C:\Windows\System\aZFhkRq.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\YHeZYvV.exe
  C:\Windows\System\YHeZYvV.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\YEHWuQl.exe
  C:\Windows\System\YEHWuQl.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\cJvpORv.exe
  C:\Windows\System\cJvpORv.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\xvuggyX.exe
  C:\Windows\System\xvuggyX.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\nowccJH.exe
  C:\Windows\System\nowccJH.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\lJFycMN.exe
  C:\Windows\System\lJFycMN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\TunSlSP.exe
  C:\Windows\System\TunSlSP.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\XaodDEB.exe
  C:\Windows\System\XaodDEB.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\cbacnyT.exe
  C:\Windows\System\cbacnyT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\YksYxOB.exe
  C:\Windows\System\YksYxOB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\Fzallfn.exe
  C:\Windows\System\Fzallfn.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\OZJJqoF.exe
  C:\Windows\System\OZJJqoF.exe
  2⤵
  PID:2640
- C:\Windows\System\sMuQHhi.exe
  C:\Windows\System\sMuQHhi.exe
  2⤵
  PID:3020
- C:\Windows\System\kLELTuL.exe
  C:\Windows\System\kLELTuL.exe
  2⤵
  PID:484
- C:\Windows\System\UTRvUMp.exe
  C:\Windows\System\UTRvUMp.exe
  2⤵
  PID:2228
- C:\Windows\System\sDzDzqc.exe
  C:\Windows\System\sDzDzqc.exe
  2⤵
  PID:1492
- C:\Windows\System\PlgusbK.exe
  C:\Windows\System\PlgusbK.exe
  2⤵
  PID:304
- C:\Windows\System\ngVkwvi.exe
  C:\Windows\System\ngVkwvi.exe
  2⤵
  PID:1128
- C:\Windows\System\AXeLHHP.exe
  C:\Windows\System\AXeLHHP.exe
  2⤵
  PID:1368
- C:\Windows\System\auVILOT.exe
  C:\Windows\System\auVILOT.exe
  2⤵
  PID:1768
- C:\Windows\System\QcXcOVO.exe
  C:\Windows\System\QcXcOVO.exe
  2⤵
  PID:2676
- C:\Windows\System\zaVXtHl.exe
  C:\Windows\System\zaVXtHl.exe
  2⤵
  PID:1940
- C:\Windows\System\vUlIFLS.exe
  C:\Windows\System\vUlIFLS.exe
  2⤵
  PID:1980
- C:\Windows\System\UXFJwLb.exe
  C:\Windows\System\UXFJwLb.exe
  2⤵
  PID:792
- C:\Windows\System\qgGtrMZ.exe
  C:\Windows\System\qgGtrMZ.exe
  2⤵
  PID:2108
- C:\Windows\System\wAayYPw.exe
  C:\Windows\System\wAayYPw.exe
  2⤵
  PID:2164
- C:\Windows\System\hnvnxpV.exe
  C:\Windows\System\hnvnxpV.exe
  2⤵
  PID:668
- C:\Windows\System\yVtGkQx.exe
  C:\Windows\System\yVtGkQx.exe
  2⤵
  PID:2456
- C:\Windows\System\EZdHYzP.exe
  C:\Windows\System\EZdHYzP.exe
  2⤵
  PID:2232
- C:\Windows\System\LdESFof.exe
  C:\Windows\System\LdESFof.exe
  2⤵
  PID:1956
- C:\Windows\System\lulUADY.exe
  C:\Windows\System\lulUADY.exe
  2⤵
  PID:1016
- C:\Windows\System\jdsUECd.exe
  C:\Windows\System\jdsUECd.exe
  2⤵
  PID:944
- C:\Windows\System\MBfXNLz.exe
  C:\Windows\System\MBfXNLz.exe
  2⤵
  PID:1612
- C:\Windows\System\KcvPgKP.exe
  C:\Windows\System\KcvPgKP.exe
  2⤵
  PID:828
- C:\Windows\System\SgFomDu.exe
  C:\Windows\System\SgFomDu.exe
  2⤵
  PID:2008
- C:\Windows\System\cHGRTAL.exe
  C:\Windows\System\cHGRTAL.exe
  2⤵
  PID:2972
- C:\Windows\System\KOClLCS.exe
  C:\Windows\System\KOClLCS.exe
  2⤵
  PID:2256
- C:\Windows\System\mnQlOTB.exe
  C:\Windows\System\mnQlOTB.exe
  2⤵
  PID:2432
- C:\Windows\System\fmQhenQ.exe
  C:\Windows\System\fmQhenQ.exe
  2⤵
  PID:3056
- C:\Windows\System\zDgVyFk.exe
  C:\Windows\System\zDgVyFk.exe
  2⤵
  PID:1800
- C:\Windows\System\HJxyztE.exe
  C:\Windows\System\HJxyztE.exe
  2⤵
  PID:2072
- C:\Windows\System\slqUVbk.exe
  C:\Windows\System\slqUVbk.exe
  2⤵
  PID:1564
- C:\Windows\System\UNoLgrg.exe
  C:\Windows\System\UNoLgrg.exe
  2⤵
  PID:2792
- C:\Windows\System\PElpSyd.exe
  C:\Windows\System\PElpSyd.exe
  2⤵
  PID:2688
- C:\Windows\System\EOztRVw.exe
  C:\Windows\System\EOztRVw.exe
  2⤵
  PID:2812
- C:\Windows\System\UZOwtQJ.exe
  C:\Windows\System\UZOwtQJ.exe
  2⤵
  PID:1920
- C:\Windows\System\HmYHHHk.exe
  C:\Windows\System\HmYHHHk.exe
  2⤵
  PID:3012
- C:\Windows\System\zxgHIUV.exe
  C:\Windows\System\zxgHIUV.exe
  2⤵
  PID:3004
- C:\Windows\System\iuhOIXZ.exe
  C:\Windows\System\iuhOIXZ.exe
  2⤵
  PID:308
- C:\Windows\System\ODTtvLk.exe
  C:\Windows\System\ODTtvLk.exe
  2⤵
  PID:2484
- C:\Windows\System\ShPjimO.exe
  C:\Windows\System\ShPjimO.exe
  2⤵
  PID:1792
- C:\Windows\System\SQkGrRf.exe
  C:\Windows\System\SQkGrRf.exe
  2⤵
  PID:1972
- C:\Windows\System\XXglKFb.exe
  C:\Windows\System\XXglKFb.exe
  2⤵
  PID:2304
- C:\Windows\System\XIyHVwI.exe
  C:\Windows\System\XIyHVwI.exe
  2⤵
  PID:1624
- C:\Windows\System\HmTqNAQ.exe
  C:\Windows\System\HmTqNAQ.exe
  2⤵
  PID:1868
- C:\Windows\System\uJrtcbE.exe
  C:\Windows\System\uJrtcbE.exe
  2⤵
  PID:1084
- C:\Windows\System\xeWNVfk.exe
  C:\Windows\System\xeWNVfk.exe
  2⤵
  PID:872
- C:\Windows\System\dCaqhOL.exe
  C:\Windows\System\dCaqhOL.exe
  2⤵
  PID:1324
- C:\Windows\System\ZEvUjUr.exe
  C:\Windows\System\ZEvUjUr.exe
  2⤵
  PID:2012
- C:\Windows\System\ivZaEID.exe
  C:\Windows\System\ivZaEID.exe
  2⤵
  PID:2520
- C:\Windows\System\oVQRRkK.exe
  C:\Windows\System\oVQRRkK.exe
  2⤵
  PID:2040
- C:\Windows\System\vKhdLgp.exe
  C:\Windows\System\vKhdLgp.exe
  2⤵
  PID:288
- C:\Windows\System\GOGJIoH.exe
  C:\Windows\System\GOGJIoH.exe
  2⤵
  PID:876
- C:\Windows\System\NKLCSWV.exe
  C:\Windows\System\NKLCSWV.exe
  2⤵
  PID:1592
- C:\Windows\System\MdJcERg.exe
  C:\Windows\System\MdJcERg.exe
  2⤵
  PID:3084
- C:\Windows\System\mhmzPOL.exe
  C:\Windows\System\mhmzPOL.exe
  2⤵
  PID:3104
- C:\Windows\System\sLEJcnF.exe
  C:\Windows\System\sLEJcnF.exe
  2⤵
  PID:3124
- C:\Windows\System\nZEjNyk.exe
  C:\Windows\System\nZEjNyk.exe
  2⤵
  PID:3148
- C:\Windows\System\EIQTjce.exe
  C:\Windows\System\EIQTjce.exe
  2⤵
  PID:3164
- C:\Windows\System\UqazwIq.exe
  C:\Windows\System\UqazwIq.exe
  2⤵
  PID:3184
- C:\Windows\System\SwSfUrP.exe
  C:\Windows\System\SwSfUrP.exe
  2⤵
  PID:3200
- C:\Windows\System\MOMtqWc.exe
  C:\Windows\System\MOMtqWc.exe
  2⤵
  PID:3228
- C:\Windows\System\LlrAhpu.exe
  C:\Windows\System\LlrAhpu.exe
  2⤵
  PID:3244
- C:\Windows\System\ZKbgdPu.exe
  C:\Windows\System\ZKbgdPu.exe
  2⤵
  PID:3264
- C:\Windows\System\HOHhATG.exe
  C:\Windows\System\HOHhATG.exe
  2⤵
  PID:3288
- C:\Windows\System\MSjzaJe.exe
  C:\Windows\System\MSjzaJe.exe
  2⤵
  PID:3308
- C:\Windows\System\kNeklbP.exe
  C:\Windows\System\kNeklbP.exe
  2⤵
  PID:3328
- C:\Windows\System\cPaPysX.exe
  C:\Windows\System\cPaPysX.exe
  2⤵
  PID:3348
- C:\Windows\System\sejprFG.exe
  C:\Windows\System\sejprFG.exe
  2⤵
  PID:3368
- C:\Windows\System\xzNkhZZ.exe
  C:\Windows\System\xzNkhZZ.exe
  2⤵
  PID:3388
- C:\Windows\System\DDCwHcv.exe
  C:\Windows\System\DDCwHcv.exe
  2⤵
  PID:3404
- C:\Windows\System\OGDituK.exe
  C:\Windows\System\OGDituK.exe
  2⤵
  PID:3428
- C:\Windows\System\mFYYpNM.exe
  C:\Windows\System\mFYYpNM.exe
  2⤵
  PID:3444
- C:\Windows\System\tgjdHnO.exe
  C:\Windows\System\tgjdHnO.exe
  2⤵
  PID:3464
- C:\Windows\System\ItxNsNW.exe
  C:\Windows\System\ItxNsNW.exe
  2⤵
  PID:3484
- C:\Windows\System\GUMFucS.exe
  C:\Windows\System\GUMFucS.exe
  2⤵
  PID:3500
- C:\Windows\System\zGQTDJj.exe
  C:\Windows\System\zGQTDJj.exe
  2⤵
  PID:3524
- C:\Windows\System\EDTvctO.exe
  C:\Windows\System\EDTvctO.exe
  2⤵
  PID:3548
- C:\Windows\System\GmrnJDp.exe
  C:\Windows\System\GmrnJDp.exe
  2⤵
  PID:3568
- C:\Windows\System\eOzGYHP.exe
  C:\Windows\System\eOzGYHP.exe
  2⤵
  PID:3588
- C:\Windows\System\BwPPxtP.exe
  C:\Windows\System\BwPPxtP.exe
  2⤵
  PID:3608
- C:\Windows\System\KTHKOqS.exe
  C:\Windows\System\KTHKOqS.exe
  2⤵
  PID:3624
- C:\Windows\System\hrEWKES.exe
  C:\Windows\System\hrEWKES.exe
  2⤵
  PID:3644
- C:\Windows\System\lavMBON.exe
  C:\Windows\System\lavMBON.exe
  2⤵
  PID:3664
- C:\Windows\System\VcqKKQS.exe
  C:\Windows\System\VcqKKQS.exe
  2⤵
  PID:3684
- C:\Windows\System\cpUDIPH.exe
  C:\Windows\System\cpUDIPH.exe
  2⤵
  PID:3704
- C:\Windows\System\jkBYlFa.exe
  C:\Windows\System\jkBYlFa.exe
  2⤵
  PID:3724
- C:\Windows\System\YwDBLMS.exe
  C:\Windows\System\YwDBLMS.exe
  2⤵
  PID:3748
- C:\Windows\System\qPhvIwN.exe
  C:\Windows\System\qPhvIwN.exe
  2⤵
  PID:3768
- C:\Windows\System\mbZWeDN.exe
  C:\Windows\System\mbZWeDN.exe
  2⤵
  PID:3788
- C:\Windows\System\ghfVFqZ.exe
  C:\Windows\System\ghfVFqZ.exe
  2⤵
  PID:3808
- C:\Windows\System\rfHDMXJ.exe
  C:\Windows\System\rfHDMXJ.exe
  2⤵
  PID:3824
- C:\Windows\System\aeQkeQR.exe
  C:\Windows\System\aeQkeQR.exe
  2⤵
  PID:3848
- C:\Windows\System\rYRudNf.exe
  C:\Windows\System\rYRudNf.exe
  2⤵
  PID:3868
- C:\Windows\System\CFEHeLF.exe
  C:\Windows\System\CFEHeLF.exe
  2⤵
  PID:3884
- C:\Windows\System\sLzShxe.exe
  C:\Windows\System\sLzShxe.exe
  2⤵
  PID:3904
- C:\Windows\System\ImSRuor.exe
  C:\Windows\System\ImSRuor.exe
  2⤵
  PID:3924
- C:\Windows\System\ntlRucK.exe
  C:\Windows\System\ntlRucK.exe
  2⤵
  PID:3944
- C:\Windows\System\nJXFEGH.exe
  C:\Windows\System\nJXFEGH.exe
  2⤵
  PID:3964
- C:\Windows\System\XbooFIx.exe
  C:\Windows\System\XbooFIx.exe
  2⤵
  PID:3980
- C:\Windows\System\FVGjaBl.exe
  C:\Windows\System\FVGjaBl.exe
  2⤵
  PID:4004
- C:\Windows\System\VsAaNQV.exe
  C:\Windows\System\VsAaNQV.exe
  2⤵
  PID:4020
- C:\Windows\System\VEyEeRO.exe
  C:\Windows\System\VEyEeRO.exe
  2⤵
  PID:4040
- C:\Windows\System\moaAGZx.exe
  C:\Windows\System\moaAGZx.exe
  2⤵
  PID:4064
- C:\Windows\System\YEFIhHt.exe
  C:\Windows\System\YEFIhHt.exe
  2⤵
  PID:4084
- C:\Windows\System\eNbgVtr.exe
  C:\Windows\System\eNbgVtr.exe
  2⤵
  PID:2608
- C:\Windows\System\FnkfqKy.exe
  C:\Windows\System\FnkfqKy.exe
  2⤵
  PID:2736
- C:\Windows\System\rdnXxpE.exe
  C:\Windows\System\rdnXxpE.exe
  2⤵
  PID:580
- C:\Windows\System\LaSBtBs.exe
  C:\Windows\System\LaSBtBs.exe
  2⤵
  PID:1336
- C:\Windows\System\ZqgaBAQ.exe
  C:\Windows\System\ZqgaBAQ.exe
  2⤵
  PID:2328
- C:\Windows\System\iHRwdeq.exe
  C:\Windows\System\iHRwdeq.exe
  2⤵
  PID:2452
- C:\Windows\System\CPZNoDu.exe
  C:\Windows\System\CPZNoDu.exe
  2⤵
  PID:2556
- C:\Windows\System\GVOxBnI.exe
  C:\Windows\System\GVOxBnI.exe
  2⤵
  PID:2464
- C:\Windows\System\taHFlYY.exe
  C:\Windows\System\taHFlYY.exe
  2⤵
  PID:1876
- C:\Windows\System\AlwYLvd.exe
  C:\Windows\System\AlwYLvd.exe
  2⤵
  PID:1540
- C:\Windows\System\NwAOkwN.exe
  C:\Windows\System\NwAOkwN.exe
  2⤵
  PID:2364
- C:\Windows\System\MAXWimR.exe
  C:\Windows\System\MAXWimR.exe
  2⤵
  PID:2488
- C:\Windows\System\bdlSNnO.exe
  C:\Windows\System\bdlSNnO.exe
  2⤵
  PID:3120
- C:\Windows\System\JFXMbxY.exe
  C:\Windows\System\JFXMbxY.exe
  2⤵
  PID:3100
- C:\Windows\System\sUYiEPt.exe
  C:\Windows\System\sUYiEPt.exe
  2⤵
  PID:3160
- C:\Windows\System\fwZYGRp.exe
  C:\Windows\System\fwZYGRp.exe
  2⤵
  PID:3196
- C:\Windows\System\NkBJpIs.exe
  C:\Windows\System\NkBJpIs.exe
  2⤵
  PID:3236
- C:\Windows\System\nKERMff.exe
  C:\Windows\System\nKERMff.exe
  2⤵
  PID:3216
- C:\Windows\System\qCvzUcR.exe
  C:\Windows\System\qCvzUcR.exe
  2⤵
  PID:3316
- C:\Windows\System\NSneuHP.exe
  C:\Windows\System\NSneuHP.exe
  2⤵
  PID:3260
- C:\Windows\System\UkFOSUB.exe
  C:\Windows\System\UkFOSUB.exe
  2⤵
  PID:3304
- C:\Windows\System\mMXuKqJ.exe
  C:\Windows\System\mMXuKqJ.exe
  2⤵
  PID:3376
- C:\Windows\System\AxnexPE.exe
  C:\Windows\System\AxnexPE.exe
  2⤵
  PID:3400
- C:\Windows\System\ZvnlcYL.exe
  C:\Windows\System\ZvnlcYL.exe
  2⤵
  PID:3416
- C:\Windows\System\PcbOycg.exe
  C:\Windows\System\PcbOycg.exe
  2⤵
  PID:3516
- C:\Windows\System\LtSkFqb.exe
  C:\Windows\System\LtSkFqb.exe
  2⤵
  PID:3564
- C:\Windows\System\CjUXyuA.exe
  C:\Windows\System\CjUXyuA.exe
  2⤵
  PID:3496
- C:\Windows\System\gNYYlxn.exe
  C:\Windows\System\gNYYlxn.exe
  2⤵
  PID:3576
- C:\Windows\System\BVDkRus.exe
  C:\Windows\System\BVDkRus.exe
  2⤵
  PID:3584
- C:\Windows\System\EZqVJgL.exe
  C:\Windows\System\EZqVJgL.exe
  2⤵
  PID:3620
- C:\Windows\System\OgoKNYK.exe
  C:\Windows\System\OgoKNYK.exe
  2⤵
  PID:3656
- C:\Windows\System\QWaLBjs.exe
  C:\Windows\System\QWaLBjs.exe
  2⤵
  PID:3696
- C:\Windows\System\FrLoPSk.exe
  C:\Windows\System\FrLoPSk.exe
  2⤵
  PID:3744
- C:\Windows\System\ncXZjxM.exe
  C:\Windows\System\ncXZjxM.exe
  2⤵
  PID:3796
- C:\Windows\System\jtzHxim.exe
  C:\Windows\System\jtzHxim.exe
  2⤵
  PID:3780
- C:\Windows\System\UEoIxtd.exe
  C:\Windows\System\UEoIxtd.exe
  2⤵
  PID:3816
- C:\Windows\System\mVoEBDK.exe
  C:\Windows\System\mVoEBDK.exe
  2⤵
  PID:3912
- C:\Windows\System\Thyryti.exe
  C:\Windows\System\Thyryti.exe
  2⤵
  PID:3860
- C:\Windows\System\JLVUeWu.exe
  C:\Windows\System\JLVUeWu.exe
  2⤵
  PID:3940
- C:\Windows\System\MjgbddO.exe
  C:\Windows\System\MjgbddO.exe
  2⤵
  PID:3988
- C:\Windows\System\jCnTyUW.exe
  C:\Windows\System\jCnTyUW.exe
  2⤵
  PID:3972
- C:\Windows\System\RpsdlNv.exe
  C:\Windows\System\RpsdlNv.exe
  2⤵
  PID:4016
- C:\Windows\System\ShmVSRC.exe
  C:\Windows\System\ShmVSRC.exe
  2⤵
  PID:4052
- C:\Windows\System\CvduPTE.exe
  C:\Windows\System\CvduPTE.exe
  2⤵
  PID:4092
- C:\Windows\System\wEMpOhb.exe
  C:\Windows\System\wEMpOhb.exe
  2⤵
  PID:2116
- C:\Windows\System\abWPHPy.exe
  C:\Windows\System\abWPHPy.exe
  2⤵
  PID:2344
- C:\Windows\System\nFVBZYa.exe
  C:\Windows\System\nFVBZYa.exe
  2⤵
  PID:1452
- C:\Windows\System\odeePEW.exe
  C:\Windows\System\odeePEW.exe
  2⤵
  PID:1732
- C:\Windows\System\dUGIntM.exe
  C:\Windows\System\dUGIntM.exe
  2⤵
  PID:1112
- C:\Windows\System\xHhxgZl.exe
  C:\Windows\System\xHhxgZl.exe
  2⤵
  PID:3044
- C:\Windows\System\erepoEy.exe
  C:\Windows\System\erepoEy.exe
  2⤵
  PID:3156
- C:\Windows\System\nriUmjf.exe
  C:\Windows\System\nriUmjf.exe
  2⤵
  PID:2396
- C:\Windows\System\bQRCKOJ.exe
  C:\Windows\System\bQRCKOJ.exe
  2⤵
  PID:3180
- C:\Windows\System\jCdqFsy.exe
  C:\Windows\System\jCdqFsy.exe
  2⤵
  PID:3220
- C:\Windows\System\ViqvFaU.exe
  C:\Windows\System\ViqvFaU.exe
  2⤵
  PID:3256
- C:\Windows\System\XLByRBP.exe
  C:\Windows\System\XLByRBP.exe
  2⤵
  PID:3364
- C:\Windows\System\JHEbKls.exe
  C:\Windows\System\JHEbKls.exe
  2⤵
  PID:3412
- C:\Windows\System\muctovr.exe
  C:\Windows\System\muctovr.exe
  2⤵
  PID:3380
- C:\Windows\System\Zweodpn.exe
  C:\Windows\System\Zweodpn.exe
  2⤵
  PID:3508
- C:\Windows\System\hFatgaX.exe
  C:\Windows\System\hFatgaX.exe
  2⤵
  PID:3560
- C:\Windows\System\rJEAKQv.exe
  C:\Windows\System\rJEAKQv.exe
  2⤵
  PID:3600
- C:\Windows\System\Ifajkyb.exe
  C:\Windows\System\Ifajkyb.exe
  2⤵
  PID:3712
- C:\Windows\System\agQRYSH.exe
  C:\Windows\System\agQRYSH.exe
  2⤵
  PID:3720
- C:\Windows\System\hOjXRza.exe
  C:\Windows\System\hOjXRza.exe
  2⤵
  PID:3840
- C:\Windows\System\ySMrOQM.exe
  C:\Windows\System\ySMrOQM.exe
  2⤵
  PID:3800
- C:\Windows\System\qWIFcDn.exe
  C:\Windows\System\qWIFcDn.exe
  2⤵
  PID:3880
- C:\Windows\System\PhYjrbL.exe
  C:\Windows\System\PhYjrbL.exe
  2⤵
  PID:3956
- C:\Windows\System\pGEjEFM.exe
  C:\Windows\System\pGEjEFM.exe
  2⤵
  PID:4032
- C:\Windows\System\nRKPHRt.exe
  C:\Windows\System\nRKPHRt.exe
  2⤵
  PID:2760
- C:\Windows\System\XgxMcHJ.exe
  C:\Windows\System\XgxMcHJ.exe
  2⤵
  PID:2780
- C:\Windows\System\PmrmaYd.exe
  C:\Windows\System\PmrmaYd.exe
  2⤵
  PID:2152
- C:\Windows\System\TcpnoMu.exe
  C:\Windows\System\TcpnoMu.exe
  2⤵
  PID:1528
- C:\Windows\System\Bpehlap.exe
  C:\Windows\System\Bpehlap.exe
  2⤵
  PID:1736
- C:\Windows\System\QTjWDCn.exe
  C:\Windows\System\QTjWDCn.exe
  2⤵
  PID:1816
- C:\Windows\System\ZwbblNT.exe
  C:\Windows\System\ZwbblNT.exe
  2⤵
  PID:3076
- C:\Windows\System\LfxFSuL.exe
  C:\Windows\System\LfxFSuL.exe
  2⤵
  PID:3092
- C:\Windows\System\tXjWSZV.exe
  C:\Windows\System\tXjWSZV.exe
  2⤵
  PID:3280
- C:\Windows\System\qYbadvw.exe
  C:\Windows\System\qYbadvw.exe
  2⤵
  PID:3544
- C:\Windows\System\YrbuzTO.exe
  C:\Windows\System\YrbuzTO.exe
  2⤵
  PID:3692
- C:\Windows\System\lbWChIc.exe
  C:\Windows\System\lbWChIc.exe
  2⤵
  PID:3480
- C:\Windows\System\FznEchx.exe
  C:\Windows\System\FznEchx.exe
  2⤵
  PID:3652
- C:\Windows\System\CLQvizS.exe
  C:\Windows\System\CLQvizS.exe
  2⤵
  PID:3604
- C:\Windows\System\EdMmiye.exe
  C:\Windows\System\EdMmiye.exe
  2⤵
  PID:3992
- C:\Windows\System\elNPvhD.exe
  C:\Windows\System\elNPvhD.exe
  2⤵
  PID:3960
- C:\Windows\System\LqytDHI.exe
  C:\Windows\System\LqytDHI.exe
  2⤵
  PID:4060
- C:\Windows\System\LzFWrGc.exe
  C:\Windows\System\LzFWrGc.exe
  2⤵
  PID:1924
- C:\Windows\System\gcJdchG.exe
  C:\Windows\System\gcJdchG.exe
  2⤵
  PID:1200
- C:\Windows\System\ZGQIapq.exe
  C:\Windows\System\ZGQIapq.exe
  2⤵
  PID:3096
- C:\Windows\System\rSdeVya.exe
  C:\Windows\System\rSdeVya.exe
  2⤵
  PID:4112
- C:\Windows\System\NDjMSVM.exe
  C:\Windows\System\NDjMSVM.exe
  2⤵
  PID:4132
- C:\Windows\System\QlyvLRr.exe
  C:\Windows\System\QlyvLRr.exe
  2⤵
  PID:4156
- C:\Windows\System\KZzturA.exe
  C:\Windows\System\KZzturA.exe
  2⤵
  PID:4176
- C:\Windows\System\AStcBzy.exe
  C:\Windows\System\AStcBzy.exe
  2⤵
  PID:4192
- C:\Windows\System\esNfKaA.exe
  C:\Windows\System\esNfKaA.exe
  2⤵
  PID:4216
- C:\Windows\System\zcLQVkW.exe
  C:\Windows\System\zcLQVkW.exe
  2⤵
  PID:4232
- C:\Windows\System\VRILBDS.exe
  C:\Windows\System\VRILBDS.exe
  2⤵
  PID:4256
- C:\Windows\System\KWhNSsL.exe
  C:\Windows\System\KWhNSsL.exe
  2⤵
  PID:4276
- C:\Windows\System\yGthTuE.exe
  C:\Windows\System\yGthTuE.exe
  2⤵
  PID:4292
- C:\Windows\System\dsOEREj.exe
  C:\Windows\System\dsOEREj.exe
  2⤵
  PID:4312
- C:\Windows\System\msyOGNH.exe
  C:\Windows\System\msyOGNH.exe
  2⤵
  PID:4336
- C:\Windows\System\ouWpfvZ.exe
  C:\Windows\System\ouWpfvZ.exe
  2⤵
  PID:4352
- C:\Windows\System\hoUsWOk.exe
  C:\Windows\System\hoUsWOk.exe
  2⤵
  PID:4368
- C:\Windows\System\JmeEEQp.exe
  C:\Windows\System\JmeEEQp.exe
  2⤵
  PID:4388
- C:\Windows\System\LWlKfxg.exe
  C:\Windows\System\LWlKfxg.exe
  2⤵
  PID:4408
- C:\Windows\System\tCWaGIX.exe
  C:\Windows\System\tCWaGIX.exe
  2⤵
  PID:4424
- C:\Windows\System\ksPItam.exe
  C:\Windows\System\ksPItam.exe
  2⤵
  PID:4440
- C:\Windows\System\iXBSxAJ.exe
  C:\Windows\System\iXBSxAJ.exe
  2⤵
  PID:4460
- C:\Windows\System\MaHTjJS.exe
  C:\Windows\System\MaHTjJS.exe
  2⤵
  PID:4484
- C:\Windows\System\XxdTNrl.exe
  C:\Windows\System\XxdTNrl.exe
  2⤵
  PID:4516
- C:\Windows\System\uchMVCy.exe
  C:\Windows\System\uchMVCy.exe
  2⤵
  PID:4536
- C:\Windows\System\wKqmaXu.exe
  C:\Windows\System\wKqmaXu.exe
  2⤵
  PID:4556
- C:\Windows\System\yOTBXqW.exe
  C:\Windows\System\yOTBXqW.exe
  2⤵
  PID:4576
- C:\Windows\System\leyYMxz.exe
  C:\Windows\System\leyYMxz.exe
  2⤵
  PID:4592
- C:\Windows\System\KTLhFan.exe
  C:\Windows\System\KTLhFan.exe
  2⤵
  PID:4608
- C:\Windows\System\dMVKkBP.exe
  C:\Windows\System\dMVKkBP.exe
  2⤵
  PID:4624
- C:\Windows\System\IwqRkNN.exe
  C:\Windows\System\IwqRkNN.exe
  2⤵
  PID:4648
- C:\Windows\System\NCyJosR.exe
  C:\Windows\System\NCyJosR.exe
  2⤵
  PID:4668
- C:\Windows\System\IjMSLsr.exe
  C:\Windows\System\IjMSLsr.exe
  2⤵
  PID:4688
- C:\Windows\System\PmsRHJq.exe
  C:\Windows\System\PmsRHJq.exe
  2⤵
  PID:4708
- C:\Windows\System\iVoXkyZ.exe
  C:\Windows\System\iVoXkyZ.exe
  2⤵
  PID:4724
- C:\Windows\System\PhZvcxV.exe
  C:\Windows\System\PhZvcxV.exe
  2⤵
  PID:4740
- C:\Windows\System\kJYcFAN.exe
  C:\Windows\System\kJYcFAN.exe
  2⤵
  PID:4756
- C:\Windows\System\irQgvSs.exe
  C:\Windows\System\irQgvSs.exe
  2⤵
  PID:4772
- C:\Windows\System\BKIFElY.exe
  C:\Windows\System\BKIFElY.exe
  2⤵
  PID:4792
- C:\Windows\System\UiEiaCc.exe
  C:\Windows\System\UiEiaCc.exe
  2⤵
  PID:4808
- C:\Windows\System\JaLINmc.exe
  C:\Windows\System\JaLINmc.exe
  2⤵
  PID:4828
- C:\Windows\System\gScbVmd.exe
  C:\Windows\System\gScbVmd.exe
  2⤵
  PID:4844
- C:\Windows\System\CLpPSFZ.exe
  C:\Windows\System\CLpPSFZ.exe
  2⤵
  PID:4896
- C:\Windows\System\oQnJXtN.exe
  C:\Windows\System\oQnJXtN.exe
  2⤵
  PID:4912
- C:\Windows\System\SjwzyQi.exe
  C:\Windows\System\SjwzyQi.exe
  2⤵
  PID:4932
- C:\Windows\System\NHluBin.exe
  C:\Windows\System\NHluBin.exe
  2⤵
  PID:4952
- C:\Windows\System\cMbGyIA.exe
  C:\Windows\System\cMbGyIA.exe
  2⤵
  PID:4968
- C:\Windows\System\dvQAqGt.exe
  C:\Windows\System\dvQAqGt.exe
  2⤵
  PID:4992
- C:\Windows\System\qNfGBHN.exe
  C:\Windows\System\qNfGBHN.exe
  2⤵
  PID:5012
- C:\Windows\System\SczZHLE.exe
  C:\Windows\System\SczZHLE.exe
  2⤵
  PID:5028
- C:\Windows\System\btLYZRz.exe
  C:\Windows\System\btLYZRz.exe
  2⤵
  PID:5052
- C:\Windows\System\doYzIsB.exe
  C:\Windows\System\doYzIsB.exe
  2⤵
  PID:5068
- C:\Windows\System\msHhXmb.exe
  C:\Windows\System\msHhXmb.exe
  2⤵
  PID:5088
- C:\Windows\System\dYngoar.exe
  C:\Windows\System\dYngoar.exe
  2⤵
  PID:5108
- C:\Windows\System\cLihJpp.exe
  C:\Windows\System\cLihJpp.exe
  2⤵
  PID:3224
- C:\Windows\System\dgpyDrq.exe
  C:\Windows\System\dgpyDrq.exe
  2⤵
  PID:3320
- C:\Windows\System\ZxNdPAE.exe
  C:\Windows\System\ZxNdPAE.exe
  2⤵
  PID:3700
- C:\Windows\System\xXlAyVA.exe
  C:\Windows\System\xXlAyVA.exe
  2⤵
  PID:3916
- C:\Windows\System\maLJyYk.exe
  C:\Windows\System\maLJyYk.exe
  2⤵
  PID:3556
- C:\Windows\System\mHcpaNS.exe
  C:\Windows\System\mHcpaNS.exe
  2⤵
  PID:3844
- C:\Windows\System\cLcYhII.exe
  C:\Windows\System\cLcYhII.exe
  2⤵
  PID:4012
- C:\Windows\System\IuBpdLh.exe
  C:\Windows\System\IuBpdLh.exe
  2⤵
  PID:1720
- C:\Windows\System\MciOrOn.exe
  C:\Windows\System\MciOrOn.exe
  2⤵
  PID:4172
- C:\Windows\System\dZPZxvx.exe
  C:\Windows\System\dZPZxvx.exe
  2⤵
  PID:4204
- C:\Windows\System\BrNHjJT.exe
  C:\Windows\System\BrNHjJT.exe
  2⤵
  PID:4248
- C:\Windows\System\wcCqiyJ.exe
  C:\Windows\System\wcCqiyJ.exe
  2⤵
  PID:4244
- C:\Windows\System\xEdbEzk.exe
  C:\Windows\System\xEdbEzk.exe
  2⤵
  PID:4328
- C:\Windows\System\hBBkjzX.exe
  C:\Windows\System\hBBkjzX.exe
  2⤵
  PID:4152
- C:\Windows\System\jcAPfxz.exe
  C:\Windows\System\jcAPfxz.exe
  2⤵
  PID:4364
- C:\Windows\System\QyUzNZt.exe
  C:\Windows\System\QyUzNZt.exe
  2⤵
  PID:4228
- C:\Windows\System\dGILCkS.exe
  C:\Windows\System\dGILCkS.exe
  2⤵
  PID:4432
- C:\Windows\System\WtIQjsN.exe
  C:\Windows\System\WtIQjsN.exe
  2⤵
  PID:4468
- C:\Windows\System\eEhTrvh.exe
  C:\Windows\System\eEhTrvh.exe
  2⤵
  PID:4480
- C:\Windows\System\ZzErDnl.exe
  C:\Windows\System\ZzErDnl.exe
  2⤵
  PID:4524
- C:\Windows\System\hPKGjaG.exe
  C:\Windows\System\hPKGjaG.exe
  2⤵
  PID:4384
- C:\Windows\System\wCJHkYG.exe
  C:\Windows\System\wCJHkYG.exe
  2⤵
  PID:4584
- C:\Windows\System\fOHYFwS.exe
  C:\Windows\System\fOHYFwS.exe
  2⤵
  PID:4548
- C:\Windows\System\RWZtDXT.exe
  C:\Windows\System\RWZtDXT.exe
  2⤵
  PID:4800
- C:\Windows\System\GDLCKCZ.exe
  C:\Windows\System\GDLCKCZ.exe
  2⤵
  PID:4568
- C:\Windows\System\htExDPh.exe
  C:\Windows\System\htExDPh.exe
  2⤵
  PID:4644
- C:\Windows\System\YAAuFqd.exe
  C:\Windows\System\YAAuFqd.exe
  2⤵
  PID:4684
- C:\Windows\System\uNZJoRY.exe
  C:\Windows\System\uNZJoRY.exe
  2⤵
  PID:4780
- C:\Windows\System\ouVhSKc.exe
  C:\Windows\System\ouVhSKc.exe
  2⤵
  PID:4852
- C:\Windows\System\FhzzYmM.exe
  C:\Windows\System\FhzzYmM.exe
  2⤵
  PID:4876
- C:\Windows\System\SLDmmQf.exe
  C:\Windows\System\SLDmmQf.exe
  2⤵
  PID:4856
- C:\Windows\System\qTsqkob.exe
  C:\Windows\System\qTsqkob.exe
  2⤵
  PID:4924
- C:\Windows\System\fyCiSpg.exe
  C:\Windows\System\fyCiSpg.exe
  2⤵
  PID:5000
- C:\Windows\System\Nlpscud.exe
  C:\Windows\System\Nlpscud.exe
  2⤵
  PID:5040
- C:\Windows\System\sYuqipa.exe
  C:\Windows\System\sYuqipa.exe
  2⤵
  PID:5084
- C:\Windows\System\NsQYTAe.exe
  C:\Windows\System\NsQYTAe.exe
  2⤵
  PID:3440
- C:\Windows\System\SqsDkcj.exe
  C:\Windows\System\SqsDkcj.exe
  2⤵
  PID:4944
- C:\Windows\System\fwIuABy.exe
  C:\Windows\System\fwIuABy.exe
  2⤵
  PID:5060
- C:\Windows\System\VDREmTA.exe
  C:\Windows\System\VDREmTA.exe
  2⤵
  PID:3804
- C:\Windows\System\TFoLxoN.exe
  C:\Windows\System\TFoLxoN.exe
  2⤵
  PID:892
- C:\Windows\System\XqAluVr.exe
  C:\Windows\System\XqAluVr.exe
  2⤵
  PID:5020
- C:\Windows\System\DbrMiub.exe
  C:\Windows\System\DbrMiub.exe
  2⤵
  PID:2100
- C:\Windows\System\yJBIwWg.exe
  C:\Windows\System\yJBIwWg.exe
  2⤵
  PID:4140
- C:\Windows\System\XafpQvN.exe
  C:\Windows\System\XafpQvN.exe
  2⤵
  PID:4184
- C:\Windows\System\XTPcmBS.exe
  C:\Windows\System\XTPcmBS.exe
  2⤵
  PID:4348
- C:\Windows\System\LZMgdzn.exe
  C:\Windows\System\LZMgdzn.exe
  2⤵
  PID:4448
- C:\Windows\System\lANXYLy.exe
  C:\Windows\System\lANXYLy.exe
  2⤵
  PID:4344
- C:\Windows\System\OtKDyQf.exe
  C:\Windows\System\OtKDyQf.exe
  2⤵
  PID:4696
- C:\Windows\System\GbkicjB.exe
  C:\Windows\System\GbkicjB.exe
  2⤵
  PID:4664
- C:\Windows\System\YIUfiAX.exe
  C:\Windows\System\YIUfiAX.exe
  2⤵
  PID:4320
- C:\Windows\System\nqHPggR.exe
  C:\Windows\System\nqHPggR.exe
  2⤵
  PID:4400
- C:\Windows\System\jcSPlsD.exe
  C:\Windows\System\jcSPlsD.exe
  2⤵
  PID:4452
- C:\Windows\System\dqLqxPy.exe
  C:\Windows\System\dqLqxPy.exe
  2⤵
  PID:4620
- C:\Windows\System\iOwsGpu.exe
  C:\Windows\System\iOwsGpu.exe
  2⤵
  PID:4572
- C:\Windows\System\tTUcqeH.exe
  C:\Windows\System\tTUcqeH.exe
  2⤵
  PID:4604
- C:\Windows\System\XAuVNlq.exe
  C:\Windows\System\XAuVNlq.exe
  2⤵
  PID:4748
- C:\Windows\System\IehfYNo.exe
  C:\Windows\System\IehfYNo.exe
  2⤵
  PID:4820
- C:\Windows\System\hUuAuQu.exe
  C:\Windows\System\hUuAuQu.exe
  2⤵
  PID:4864
- C:\Windows\System\REAJeSc.exe
  C:\Windows\System\REAJeSc.exe
  2⤵
  PID:1812
- C:\Windows\System\FEhVXlU.exe
  C:\Windows\System\FEhVXlU.exe
  2⤵
  PID:4976
- C:\Windows\System\aVKpWqj.exe
  C:\Windows\System\aVKpWqj.exe
  2⤵
  PID:4984
- C:\Windows\System\AVnumQa.exe
  C:\Windows\System\AVnumQa.exe
  2⤵
  PID:4108
- C:\Windows\System\gwPDNGF.exe
  C:\Windows\System\gwPDNGF.exe
  2⤵
  PID:4380
- C:\Windows\System\otyMlQZ.exe
  C:\Windows\System\otyMlQZ.exe
  2⤵
  PID:4732
- C:\Windows\System\qHQugDA.exe
  C:\Windows\System\qHQugDA.exe
  2⤵
  PID:4508
- C:\Windows\System\tUAdReR.exe
  C:\Windows\System\tUAdReR.exe
  2⤵
  PID:4768
- C:\Windows\System\qylCDMs.exe
  C:\Windows\System\qylCDMs.exe
  2⤵
  PID:4824
- C:\Windows\System\rfcHsiG.exe
  C:\Windows\System\rfcHsiG.exe
  2⤵
  PID:4840
- C:\Windows\System\eqkjcUb.exe
  C:\Windows\System\eqkjcUb.exe
  2⤵
  PID:4272
- C:\Windows\System\QcynkIf.exe
  C:\Windows\System\QcynkIf.exe
  2⤵
  PID:5132
- C:\Windows\System\VSoRVdD.exe
  C:\Windows\System\VSoRVdD.exe
  2⤵
  PID:5156
- C:\Windows\System\gNGYtuu.exe
  C:\Windows\System\gNGYtuu.exe
  2⤵
  PID:5172
- C:\Windows\System\rAaWKKr.exe
  C:\Windows\System\rAaWKKr.exe
  2⤵
  PID:5188
- C:\Windows\System\vUcsUgE.exe
  C:\Windows\System\vUcsUgE.exe
  2⤵
  PID:5212
- C:\Windows\System\kjPytme.exe
  C:\Windows\System\kjPytme.exe
  2⤵
  PID:5228
- C:\Windows\System\KVdNLpL.exe
  C:\Windows\System\KVdNLpL.exe
  2⤵
  PID:5252
- C:\Windows\System\EpGGQuQ.exe
  C:\Windows\System\EpGGQuQ.exe
  2⤵
  PID:5276
- C:\Windows\System\fgnwsfp.exe
  C:\Windows\System\fgnwsfp.exe
  2⤵
  PID:5292
- C:\Windows\System\oslimaZ.exe
  C:\Windows\System\oslimaZ.exe
  2⤵
  PID:5308
- C:\Windows\System\ohjuVZx.exe
  C:\Windows\System\ohjuVZx.exe
  2⤵
  PID:5332
- C:\Windows\System\tIHTenn.exe
  C:\Windows\System\tIHTenn.exe
  2⤵
  PID:5352
- C:\Windows\System\gfCTGHL.exe
  C:\Windows\System\gfCTGHL.exe
  2⤵
  PID:5376
- C:\Windows\System\CMEcKOG.exe
  C:\Windows\System\CMEcKOG.exe
  2⤵
  PID:5400
- C:\Windows\System\YwrQBNq.exe
  C:\Windows\System\YwrQBNq.exe
  2⤵
  PID:5416
- C:\Windows\System\MHMlmvM.exe
  C:\Windows\System\MHMlmvM.exe
  2⤵
  PID:5436
- C:\Windows\System\PDrHtvS.exe
  C:\Windows\System\PDrHtvS.exe
  2⤵
  PID:5456
- C:\Windows\System\QlxbjHK.exe
  C:\Windows\System\QlxbjHK.exe
  2⤵
  PID:5480
- C:\Windows\System\oSsKJTF.exe
  C:\Windows\System\oSsKJTF.exe
  2⤵
  PID:5500
- C:\Windows\System\iLBYVro.exe
  C:\Windows\System\iLBYVro.exe
  2⤵
  PID:5524
- C:\Windows\System\dTbVPLU.exe
  C:\Windows\System\dTbVPLU.exe
  2⤵
  PID:5544
- C:\Windows\System\dxNfsQi.exe
  C:\Windows\System\dxNfsQi.exe
  2⤵
  PID:5576
- C:\Windows\System\EhTAUYP.exe
  C:\Windows\System\EhTAUYP.exe
  2⤵
  PID:5592
- C:\Windows\System\dOGDFsG.exe
  C:\Windows\System\dOGDFsG.exe
  2⤵
  PID:5616
- C:\Windows\System\GypFKTl.exe
  C:\Windows\System\GypFKTl.exe
  2⤵
  PID:5640
- C:\Windows\System\gEbvEzC.exe
  C:\Windows\System\gEbvEzC.exe
  2⤵
  PID:5660
- C:\Windows\System\EOoqNcS.exe
  C:\Windows\System\EOoqNcS.exe
  2⤵
  PID:5684
- C:\Windows\System\geIOcgf.exe
  C:\Windows\System\geIOcgf.exe
  2⤵
  PID:5704
- C:\Windows\System\qUFpBBn.exe
  C:\Windows\System\qUFpBBn.exe
  2⤵
  PID:5724
- C:\Windows\System\XCOKiqi.exe
  C:\Windows\System\XCOKiqi.exe
  2⤵
  PID:5740
- C:\Windows\System\kLlVmdi.exe
  C:\Windows\System\kLlVmdi.exe
  2⤵
  PID:5764
- C:\Windows\System\KgCVKOT.exe
  C:\Windows\System\KgCVKOT.exe
  2⤵
  PID:5784
- C:\Windows\System\NvXNvSe.exe
  C:\Windows\System\NvXNvSe.exe
  2⤵
  PID:5804
- C:\Windows\System\UYrzhIf.exe
  C:\Windows\System\UYrzhIf.exe
  2⤵
  PID:5824
- C:\Windows\System\ZoTkQuZ.exe
  C:\Windows\System\ZoTkQuZ.exe
  2⤵
  PID:5844
- C:\Windows\System\OkURjJS.exe
  C:\Windows\System\OkURjJS.exe
  2⤵
  PID:5864
- C:\Windows\System\AHFHiAc.exe
  C:\Windows\System\AHFHiAc.exe
  2⤵
  PID:5884
- C:\Windows\System\CEwQBLO.exe
  C:\Windows\System\CEwQBLO.exe
  2⤵
  PID:5904
- C:\Windows\System\bjlGpUH.exe
  C:\Windows\System\bjlGpUH.exe
  2⤵
  PID:5924
- C:\Windows\System\nnOpsoR.exe
  C:\Windows\System\nnOpsoR.exe
  2⤵
  PID:5944
- C:\Windows\System\kQuqeEB.exe
  C:\Windows\System\kQuqeEB.exe
  2⤵
  PID:5964
- C:\Windows\System\OgKizGF.exe
  C:\Windows\System\OgKizGF.exe
  2⤵
  PID:5984
- C:\Windows\System\NCZiyjj.exe
  C:\Windows\System\NCZiyjj.exe
  2⤵
  PID:6004
- C:\Windows\System\FVadPIH.exe
  C:\Windows\System\FVadPIH.exe
  2⤵
  PID:6024
- C:\Windows\System\fuFgrmv.exe
  C:\Windows\System\fuFgrmv.exe
  2⤵
  PID:6048
- C:\Windows\System\CnJHbly.exe
  C:\Windows\System\CnJHbly.exe
  2⤵
  PID:6064
- C:\Windows\System\PfHZYtd.exe
  C:\Windows\System\PfHZYtd.exe
  2⤵
  PID:6084
- C:\Windows\System\ErFocqV.exe
  C:\Windows\System\ErFocqV.exe
  2⤵
  PID:6100
- C:\Windows\System\WdLcBvY.exe
  C:\Windows\System\WdLcBvY.exe
  2⤵
  PID:6124
- C:\Windows\System\wtMVXle.exe
  C:\Windows\System\wtMVXle.exe
  2⤵
  PID:4404
- C:\Windows\System\oQbQOVL.exe
  C:\Windows\System\oQbQOVL.exe
  2⤵
  PID:3460
- C:\Windows\System\RsdNQFo.exe
  C:\Windows\System\RsdNQFo.exe
  2⤵
  PID:3616
- C:\Windows\System\drlAHPe.exe
  C:\Windows\System\drlAHPe.exe
  2⤵
  PID:5184
- C:\Windows\System\qzbSKPz.exe
  C:\Windows\System\qzbSKPz.exe
  2⤵
  PID:5264
- C:\Windows\System\SEeertv.exe
  C:\Windows\System\SEeertv.exe
  2⤵
  PID:5340
- C:\Windows\System\hIZBsQA.exe
  C:\Windows\System\hIZBsQA.exe
  2⤵
  PID:3424
- C:\Windows\System\fuxbcKP.exe
  C:\Windows\System\fuxbcKP.exe
  2⤵
  PID:2752
- C:\Windows\System\pLfgsTB.exe
  C:\Windows\System\pLfgsTB.exe
  2⤵
  PID:2840
- C:\Windows\System\iNiUePp.exe
  C:\Windows\System\iNiUePp.exe
  2⤵
  PID:4636
- C:\Windows\System\ZQhpGXy.exe
  C:\Windows\System\ZQhpGXy.exe
  2⤵
  PID:5392
- C:\Windows\System\wGicJub.exe
  C:\Windows\System\wGicJub.exe
  2⤵
  PID:4920
- C:\Windows\System\joMtfLE.exe
  C:\Windows\System\joMtfLE.exe
  2⤵
  PID:5080
- C:\Windows\System\rYmZBBV.exe
  C:\Windows\System\rYmZBBV.exe
  2⤵
  PID:5096
- C:\Windows\System\iutsvhw.exe
  C:\Windows\System\iutsvhw.exe
  2⤵
  PID:4660
- C:\Windows\System\zdPPERh.exe
  C:\Windows\System\zdPPERh.exe
  2⤵
  PID:4868
- C:\Windows\System\tfImmbR.exe
  C:\Windows\System\tfImmbR.exe
  2⤵
  PID:5124
- C:\Windows\System\SMkHeJB.exe
  C:\Windows\System\SMkHeJB.exe
  2⤵
  PID:5168
- C:\Windows\System\AdTwVNH.exe
  C:\Windows\System\AdTwVNH.exe
  2⤵
  PID:5552
- C:\Windows\System\fZlbxVG.exe
  C:\Windows\System\fZlbxVG.exe
  2⤵
  PID:5248
- C:\Windows\System\kMQXLqi.exe
  C:\Windows\System\kMQXLqi.exe
  2⤵
  PID:5316
- C:\Windows\System\GCBpXzp.exe
  C:\Windows\System\GCBpXzp.exe
  2⤵
  PID:5364
- C:\Windows\System\KRfwVdV.exe
  C:\Windows\System\KRfwVdV.exe
  2⤵
  PID:5444
- C:\Windows\System\iQkiQFX.exe
  C:\Windows\System\iQkiQFX.exe
  2⤵
  PID:5488
- C:\Windows\System\zqukybB.exe
  C:\Windows\System\zqukybB.exe
  2⤵
  PID:5532
- C:\Windows\System\nbtYxSn.exe
  C:\Windows\System\nbtYxSn.exe
  2⤵
  PID:5588
- C:\Windows\System\iuctABl.exe
  C:\Windows\System\iuctABl.exe
  2⤵
  PID:5692
- C:\Windows\System\Mcceyij.exe
  C:\Windows\System\Mcceyij.exe
  2⤵
  PID:5680
- C:\Windows\System\fFZjUAn.exe
  C:\Windows\System\fFZjUAn.exe
  2⤵
  PID:5732
- C:\Windows\System\xhxPqBO.exe
  C:\Windows\System\xhxPqBO.exe
  2⤵
  PID:5720
- C:\Windows\System\ayfYnIw.exe
  C:\Windows\System\ayfYnIw.exe
  2⤵
  PID:5852
- C:\Windows\System\YJssNBB.exe
  C:\Windows\System\YJssNBB.exe
  2⤵
  PID:5756
- C:\Windows\System\MbzOmmw.exe
  C:\Windows\System\MbzOmmw.exe
  2⤵
  PID:5832
- C:\Windows\System\XNMSQPo.exe
  C:\Windows\System\XNMSQPo.exe
  2⤵
  PID:5836
- C:\Windows\System\PgmPTyW.exe
  C:\Windows\System\PgmPTyW.exe
  2⤵
  PID:5932
- C:\Windows\System\dchApNV.exe
  C:\Windows\System\dchApNV.exe
  2⤵
  PID:5920
- C:\Windows\System\KiJVpIg.exe
  C:\Windows\System\KiJVpIg.exe
  2⤵
  PID:5956
- C:\Windows\System\zJqETZr.exe
  C:\Windows\System\zJqETZr.exe
  2⤵
  PID:6092
- C:\Windows\System\FEjCuGH.exe
  C:\Windows\System\FEjCuGH.exe
  2⤵
  PID:6132
- C:\Windows\System\nDutfXm.exe
  C:\Windows\System\nDutfXm.exe
  2⤵
  PID:6072
- C:\Windows\System\sADxobn.exe
  C:\Windows\System\sADxobn.exe
  2⤵
  PID:6116
- C:\Windows\System\egYpPZz.exe
  C:\Windows\System\egYpPZz.exe
  2⤵
  PID:4816
- C:\Windows\System\lYsIhqW.exe
  C:\Windows\System\lYsIhqW.exe
  2⤵
  PID:5268
- C:\Windows\System\rRiCsRI.exe
  C:\Windows\System\rRiCsRI.exe
  2⤵
  PID:5304
- C:\Windows\System\eIfnKKa.exe
  C:\Windows\System\eIfnKKa.exe
  2⤵
  PID:5104
- C:\Windows\System\IeAThnG.exe
  C:\Windows\System\IeAThnG.exe
  2⤵
  PID:4124
- C:\Windows\System\ZADiuNh.exe
  C:\Windows\System\ZADiuNh.exe
  2⤵
  PID:4504
- C:\Windows\System\hGluxXp.exe
  C:\Windows\System\hGluxXp.exe
  2⤵
  PID:5076
- C:\Windows\System\NJaGFXz.exe
  C:\Windows\System\NJaGFXz.exe
  2⤵
  PID:4208
- C:\Windows\System\NSrMgev.exe
  C:\Windows\System\NSrMgev.exe
  2⤵
  PID:4676
- C:\Windows\System\DPCAPqs.exe
  C:\Windows\System\DPCAPqs.exe
  2⤵
  PID:5520
- C:\Windows\System\oSCmzwy.exe
  C:\Windows\System\oSCmzwy.exe
  2⤵
  PID:5208
- C:\Windows\System\fMqtEeX.exe
  C:\Windows\System\fMqtEeX.exe
  2⤵
  PID:5244
- C:\Windows\System\FBJRtba.exe
  C:\Windows\System\FBJRtba.exe
  2⤵
  PID:5412
- C:\Windows\System\PKFNXnm.exe
  C:\Windows\System\PKFNXnm.exe
  2⤵
  PID:5604
- C:\Windows\System\iBlndXL.exe
  C:\Windows\System\iBlndXL.exe
  2⤵
  PID:5584
- C:\Windows\System\RsvYkJp.exe
  C:\Windows\System\RsvYkJp.exe
  2⤵
  PID:5700
- C:\Windows\System\UZQtrOO.exe
  C:\Windows\System\UZQtrOO.exe
  2⤵
  PID:5676
- C:\Windows\System\hXmupDA.exe
  C:\Windows\System\hXmupDA.exe
  2⤵
  PID:5780
- C:\Windows\System\liFRFlO.exe
  C:\Windows\System\liFRFlO.exe
  2⤵
  PID:5752
- C:\Windows\System\qIpBFcv.exe
  C:\Windows\System\qIpBFcv.exe
  2⤵
  PID:5880
- C:\Windows\System\sGhQiQr.exe
  C:\Windows\System\sGhQiQr.exe
  2⤵
  PID:5960
- C:\Windows\System\JAMzxVa.exe
  C:\Windows\System\JAMzxVa.exe
  2⤵
  PID:5996
- C:\Windows\System\PNJPDch.exe
  C:\Windows\System\PNJPDch.exe
  2⤵
  PID:6036
- C:\Windows\System\deZlRQT.exe
  C:\Windows\System\deZlRQT.exe
  2⤵
  PID:6112
- C:\Windows\System\sSxWMqy.exe
  C:\Windows\System\sSxWMqy.exe
  2⤵
  PID:3356
- C:\Windows\System\HYmFQbZ.exe
  C:\Windows\System\HYmFQbZ.exe
  2⤵
  PID:2692
- C:\Windows\System\wmbXWPM.exe
  C:\Windows\System\wmbXWPM.exe
  2⤵
  PID:5348
- C:\Windows\System\wyQpZnn.exe
  C:\Windows\System\wyQpZnn.exe
  2⤵
  PID:5388
- C:\Windows\System\YlUyZgj.exe
  C:\Windows\System\YlUyZgj.exe
  2⤵
  PID:5468
- C:\Windows\System\qSVpwTf.exe
  C:\Windows\System\qSVpwTf.exe
  2⤵
  PID:4360
- C:\Windows\System\bfdegzs.exe
  C:\Windows\System\bfdegzs.exe
  2⤵
  PID:5284
- C:\Windows\System\ZArtkZY.exe
  C:\Windows\System\ZArtkZY.exe
  2⤵
  PID:5196
- C:\Windows\System\HktXsmU.exe
  C:\Windows\System\HktXsmU.exe
  2⤵
  PID:5656
- C:\Windows\System\lywOzmJ.exe
  C:\Windows\System\lywOzmJ.exe
  2⤵
  PID:5776
- C:\Windows\System\iCdHayC.exe
  C:\Windows\System\iCdHayC.exe
  2⤵
  PID:5748
- C:\Windows\System\RKYZKQI.exe
  C:\Windows\System\RKYZKQI.exe
  2⤵
  PID:5900
- C:\Windows\System\TFmrxnT.exe
  C:\Windows\System\TFmrxnT.exe
  2⤵
  PID:5876
- C:\Windows\System\UgnBTzy.exe
  C:\Windows\System\UgnBTzy.exe
  2⤵
  PID:6080
- C:\Windows\System\nDqZUsG.exe
  C:\Windows\System\nDqZUsG.exe
  2⤵
  PID:6152
- C:\Windows\System\kiYbYCZ.exe
  C:\Windows\System\kiYbYCZ.exe
  2⤵
  PID:6172
- C:\Windows\System\sdZpVZT.exe
  C:\Windows\System\sdZpVZT.exe
  2⤵
  PID:6192
- C:\Windows\System\BHyXaCI.exe
  C:\Windows\System\BHyXaCI.exe
  2⤵
  PID:6212
- C:\Windows\System\rJzJqiN.exe
  C:\Windows\System\rJzJqiN.exe
  2⤵
  PID:6228
- C:\Windows\System\JyeJoRN.exe
  C:\Windows\System\JyeJoRN.exe
  2⤵
  PID:6252
- C:\Windows\System\igIKuwM.exe
  C:\Windows\System\igIKuwM.exe
  2⤵
  PID:6280
- C:\Windows\System\jHQunZB.exe
  C:\Windows\System\jHQunZB.exe
  2⤵
  PID:6300
- C:\Windows\System\HxSFHON.exe
  C:\Windows\System\HxSFHON.exe
  2⤵
  PID:6320
- C:\Windows\System\ubjKghD.exe
  C:\Windows\System\ubjKghD.exe
  2⤵
  PID:6340
- C:\Windows\System\NAgrrvv.exe
  C:\Windows\System\NAgrrvv.exe
  2⤵
  PID:6360
- C:\Windows\System\wFMoWiu.exe
  C:\Windows\System\wFMoWiu.exe
  2⤵
  PID:6380
- C:\Windows\System\IDjFvxx.exe
  C:\Windows\System\IDjFvxx.exe
  2⤵
  PID:6400
- C:\Windows\System\KnAoiVZ.exe
  C:\Windows\System\KnAoiVZ.exe
  2⤵
  PID:6420
- C:\Windows\System\LfwHWjW.exe
  C:\Windows\System\LfwHWjW.exe
  2⤵
  PID:6440
- C:\Windows\System\bcduYWH.exe
  C:\Windows\System\bcduYWH.exe
  2⤵
  PID:6460
- C:\Windows\System\dTuvNVE.exe
  C:\Windows\System\dTuvNVE.exe
  2⤵
  PID:6480
- C:\Windows\System\DDlgnpI.exe
  C:\Windows\System\DDlgnpI.exe
  2⤵
  PID:6500
- C:\Windows\System\cvvmRMr.exe
  C:\Windows\System\cvvmRMr.exe
  2⤵
  PID:6520
- C:\Windows\System\CSdzswg.exe
  C:\Windows\System\CSdzswg.exe
  2⤵
  PID:6540
- C:\Windows\System\TQvwYOo.exe
  C:\Windows\System\TQvwYOo.exe
  2⤵
  PID:6556
- C:\Windows\System\tojouUd.exe
  C:\Windows\System\tojouUd.exe
  2⤵
  PID:6580
- C:\Windows\System\IGHWhWK.exe
  C:\Windows\System\IGHWhWK.exe
  2⤵
  PID:6596
- C:\Windows\System\cxZLBZZ.exe
  C:\Windows\System\cxZLBZZ.exe
  2⤵
  PID:6620
- C:\Windows\System\KFJijav.exe
  C:\Windows\System\KFJijav.exe
  2⤵
  PID:6648
- C:\Windows\System\AbjGIvD.exe
  C:\Windows\System\AbjGIvD.exe
  2⤵
  PID:6668
- C:\Windows\System\LEvhKLb.exe
  C:\Windows\System\LEvhKLb.exe
  2⤵
  PID:6688
- C:\Windows\System\EqqYCSQ.exe
  C:\Windows\System\EqqYCSQ.exe
  2⤵
  PID:6708
- C:\Windows\System\mJznTqG.exe
  C:\Windows\System\mJznTqG.exe
  2⤵
  PID:6728
- C:\Windows\System\zCWSgwu.exe
  C:\Windows\System\zCWSgwu.exe
  2⤵
  PID:6748
- C:\Windows\System\QqdSalj.exe
  C:\Windows\System\QqdSalj.exe
  2⤵
  PID:6768
- C:\Windows\System\zMYPGVJ.exe
  C:\Windows\System\zMYPGVJ.exe
  2⤵
  PID:6788
- C:\Windows\System\GzVEiaA.exe
  C:\Windows\System\GzVEiaA.exe
  2⤵
  PID:6804
- C:\Windows\System\OIwkhxG.exe
  C:\Windows\System\OIwkhxG.exe
  2⤵
  PID:6828
- C:\Windows\System\wCCcxGw.exe
  C:\Windows\System\wCCcxGw.exe
  2⤵
  PID:6844
- C:\Windows\System\JnjsqHS.exe
  C:\Windows\System\JnjsqHS.exe
  2⤵
  PID:6864
- C:\Windows\System\zPjkyAH.exe
  C:\Windows\System\zPjkyAH.exe
  2⤵
  PID:6880
- C:\Windows\System\Zklojkt.exe
  C:\Windows\System\Zklojkt.exe
  2⤵
  PID:6900
- C:\Windows\System\Yvbxgdk.exe
  C:\Windows\System\Yvbxgdk.exe
  2⤵
  PID:6920
- C:\Windows\System\qzIEjTs.exe
  C:\Windows\System\qzIEjTs.exe
  2⤵
  PID:6944
- C:\Windows\System\NujskNK.exe
  C:\Windows\System\NujskNK.exe
  2⤵
  PID:6964
- C:\Windows\System\ziYiitI.exe
  C:\Windows\System\ziYiitI.exe
  2⤵
  PID:6984
- C:\Windows\System\hvrvdyr.exe
  C:\Windows\System\hvrvdyr.exe
  2⤵
  PID:7004
- C:\Windows\System\WOhMSpi.exe
  C:\Windows\System\WOhMSpi.exe
  2⤵
  PID:7024
- C:\Windows\System\aUaNhFL.exe
  C:\Windows\System\aUaNhFL.exe
  2⤵
  PID:7040
- C:\Windows\System\HarkiuQ.exe
  C:\Windows\System\HarkiuQ.exe
  2⤵
  PID:7060
- C:\Windows\System\uKSRsue.exe
  C:\Windows\System\uKSRsue.exe
  2⤵
  PID:7076
- C:\Windows\System\ejWxXNG.exe
  C:\Windows\System\ejWxXNG.exe
  2⤵
  PID:7096
- C:\Windows\System\JNwioIn.exe
  C:\Windows\System\JNwioIn.exe
  2⤵
  PID:7112
- C:\Windows\System\iedGgEj.exe
  C:\Windows\System\iedGgEj.exe
  2⤵
  PID:7132
- C:\Windows\System\TvOcjHT.exe
  C:\Windows\System\TvOcjHT.exe
  2⤵
  PID:7148
- C:\Windows\System\OruKDsx.exe
  C:\Windows\System\OruKDsx.exe
  2⤵
  PID:7164
- C:\Windows\System\GmialDg.exe
  C:\Windows\System\GmialDg.exe
  2⤵
  PID:5100
- C:\Windows\System\LibyUGq.exe
  C:\Windows\System\LibyUGq.exe
  2⤵
  PID:5180
- C:\Windows\System\XWozfeW.exe
  C:\Windows\System\XWozfeW.exe
  2⤵
  PID:5128
- C:\Windows\System\mWUJVud.exe
  C:\Windows\System\mWUJVud.exe
  2⤵
  PID:5452
- C:\Windows\System\xVnyMnG.exe
  C:\Windows\System\xVnyMnG.exe
  2⤵
  PID:5164
- C:\Windows\System\RonmFPc.exe
  C:\Windows\System\RonmFPc.exe
  2⤵
  PID:5816
- C:\Windows\System\syBWkGQ.exe
  C:\Windows\System\syBWkGQ.exe
  2⤵
  PID:5696
- C:\Windows\System\qYVJbYY.exe
  C:\Windows\System\qYVJbYY.exe
  2⤵
  PID:2168
- C:\Windows\System\DhotzvY.exe
  C:\Windows\System\DhotzvY.exe
  2⤵
  PID:5912
- C:\Windows\System\ZZrbIzB.exe
  C:\Windows\System\ZZrbIzB.exe
  2⤵
  PID:6140
- C:\Windows\System\MjkEEAN.exe
  C:\Windows\System\MjkEEAN.exe
  2⤵
  PID:6208
- C:\Windows\System\SssOIBf.exe
  C:\Windows\System\SssOIBf.exe
  2⤵
  PID:6220
- C:\Windows\System\ghXUHrc.exe
  C:\Windows\System\ghXUHrc.exe
  2⤵
  PID:6296
- C:\Windows\System\vFhnsFb.exe
  C:\Windows\System\vFhnsFb.exe
  2⤵
  PID:6332
- C:\Windows\System\ZhXbMBL.exe
  C:\Windows\System\ZhXbMBL.exe
  2⤵
  PID:6348
- C:\Windows\System\EpQwXZE.exe
  C:\Windows\System\EpQwXZE.exe
  2⤵
  PID:6412
- C:\Windows\System\hvYrdZD.exe
  C:\Windows\System\hvYrdZD.exe
  2⤵
  PID:6564
- C:\Windows\System\EUrFwiR.exe
  C:\Windows\System\EUrFwiR.exe
  2⤵
  PID:6572
- C:\Windows\System\HKBOtfj.exe
  C:\Windows\System\HKBOtfj.exe
  2⤵
  PID:6608
- C:\Windows\System\LDlEWqX.exe
  C:\Windows\System\LDlEWqX.exe
  2⤵
  PID:6664
- C:\Windows\System\xqbWNJI.exe
  C:\Windows\System\xqbWNJI.exe
  2⤵
  PID:6636
- C:\Windows\System\MSEMirb.exe
  C:\Windows\System\MSEMirb.exe
  2⤵
  PID:6700
- C:\Windows\System\WrfZOtt.exe
  C:\Windows\System\WrfZOtt.exe
  2⤵
  PID:6684
- C:\Windows\System\UshVLFQ.exe
  C:\Windows\System\UshVLFQ.exe
  2⤵
  PID:6812
- C:\Windows\System\fxOLVZt.exe
  C:\Windows\System\fxOLVZt.exe
  2⤵
  PID:6852
- C:\Windows\System\uZBubcu.exe
  C:\Windows\System\uZBubcu.exe
  2⤵
  PID:6896
- C:\Windows\System\JhWFtpr.exe
  C:\Windows\System\JhWFtpr.exe
  2⤵
  PID:6940
- C:\Windows\System\XkQDGkf.exe
  C:\Windows\System\XkQDGkf.exe
  2⤵
  PID:6976
- C:\Windows\System\QFDkfkE.exe
  C:\Windows\System\QFDkfkE.exe
  2⤵
  PID:7056
- C:\Windows\System\tWouVWz.exe
  C:\Windows\System\tWouVWz.exe
  2⤵
  PID:7088
- C:\Windows\System\dnbqXan.exe
  C:\Windows\System\dnbqXan.exe
  2⤵
  PID:7156
- C:\Windows\System\SoamJAj.exe
  C:\Windows\System\SoamJAj.exe
  2⤵
  PID:844
- C:\Windows\System\IGiCQZJ.exe
  C:\Windows\System\IGiCQZJ.exe
  2⤵
  PID:3008
- C:\Windows\System\gKbJCmn.exe
  C:\Windows\System\gKbJCmn.exe
  2⤵
  PID:4528
- C:\Windows\System\dofeyBW.exe
  C:\Windows\System\dofeyBW.exe
  2⤵
  PID:5432
- C:\Windows\System\WYWxIRq.exe
  C:\Windows\System\WYWxIRq.exe
  2⤵
  PID:5628
- C:\Windows\System\eoSFOzY.exe
  C:\Windows\System\eoSFOzY.exe
  2⤵
  PID:6876
- C:\Windows\System\LsrSCrU.exe
  C:\Windows\System\LsrSCrU.exe
  2⤵
  PID:6912
- C:\Windows\System\jjnfWtI.exe
  C:\Windows\System\jjnfWtI.exe
  2⤵
  PID:6244
- C:\Windows\System\joqlpJP.exe
  C:\Windows\System\joqlpJP.exe
  2⤵
  PID:6952
- C:\Windows\System\hDUbnzv.exe
  C:\Windows\System\hDUbnzv.exe
  2⤵
  PID:6328
- C:\Windows\System\JSkLhpL.exe
  C:\Windows\System\JSkLhpL.exe
  2⤵
  PID:7032
- C:\Windows\System\uKIEzpv.exe
  C:\Windows\System\uKIEzpv.exe
  2⤵
  PID:6416
- C:\Windows\System\UCqrAer.exe
  C:\Windows\System\UCqrAer.exe
  2⤵
  PID:2868
- C:\Windows\System\IjLUefw.exe
  C:\Windows\System\IjLUefw.exe
  2⤵
  PID:5812
- C:\Windows\System\apbCTpv.exe
  C:\Windows\System\apbCTpv.exe
  2⤵
  PID:6188
- C:\Windows\System\rpywDiD.exe
  C:\Windows\System\rpywDiD.exe
  2⤵
  PID:6292
- C:\Windows\System\cTRmIKZ.exe
  C:\Windows\System\cTRmIKZ.exe
  2⤵
  PID:6352
- C:\Windows\System\RClapsJ.exe
  C:\Windows\System\RClapsJ.exe
  2⤵
  PID:6428
- C:\Windows\System\bQrpQgy.exe
  C:\Windows\System\bQrpQgy.exe
  2⤵
  PID:1748
- C:\Windows\System\EyTsyOb.exe
  C:\Windows\System\EyTsyOb.exe
  2⤵
  PID:6516
- C:\Windows\System\crkgpUC.exe
  C:\Windows\System\crkgpUC.exe
  2⤵
  PID:6656
- C:\Windows\System\VbuYqqY.exe
  C:\Windows\System\VbuYqqY.exe
  2⤵
  PID:6392
- C:\Windows\System\tbOEZix.exe
  C:\Windows\System\tbOEZix.exe
  2⤵
  PID:6604
- C:\Windows\System\WXZwUeP.exe
  C:\Windows\System\WXZwUeP.exe
  2⤵
  PID:6704
- C:\Windows\System\zeJfrBk.exe
  C:\Windows\System\zeJfrBk.exe
  2⤵
  PID:6552
- C:\Windows\System\XdvFKOn.exe
  C:\Windows\System\XdvFKOn.exe
  2⤵
  PID:6936
- C:\Windows\System\eYTRzXO.exe
  C:\Windows\System\eYTRzXO.exe
  2⤵
  PID:6776
- C:\Windows\System\VHgYpjI.exe
  C:\Windows\System\VHgYpjI.exe
  2⤵
  PID:1932
- C:\Windows\System\eQBKqWT.exe
  C:\Windows\System\eQBKqWT.exe
  2⤵
  PID:804
- C:\Windows\System\sWCQoik.exe
  C:\Windows\System\sWCQoik.exe
  2⤵
  PID:6780
- C:\Windows\System\SwWpcBZ.exe
  C:\Windows\System\SwWpcBZ.exe
  2⤵
  PID:5328
- C:\Windows\System\ePYRrgS.exe
  C:\Windows\System\ePYRrgS.exe
  2⤵
  PID:6908
- C:\Windows\System\aQhutcK.exe
  C:\Windows\System\aQhutcK.exe
  2⤵
  PID:6992
- C:\Windows\System\PNUFuQW.exe
  C:\Windows\System\PNUFuQW.exe
  2⤵
  PID:7104
- C:\Windows\System\AfMIxjO.exe
  C:\Windows\System\AfMIxjO.exe
  2⤵
  PID:2944
- C:\Windows\System\HwrNQqG.exe
  C:\Windows\System\HwrNQqG.exe
  2⤵
  PID:548
- C:\Windows\System\KUfcOqI.exe
  C:\Windows\System\KUfcOqI.exe
  2⤵
  PID:2900
- C:\Windows\System\bonQGlD.exe
  C:\Windows\System\bonQGlD.exe
  2⤵
  PID:6040
- C:\Windows\System\PaMnPiv.exe
  C:\Windows\System\PaMnPiv.exe
  2⤵
  PID:5608
- C:\Windows\System\XyhFIXP.exe
  C:\Windows\System\XyhFIXP.exe
  2⤵
  PID:4784
- C:\Windows\System\oykdWoP.exe
  C:\Windows\System\oykdWoP.exe
  2⤵
  PID:2724
- C:\Windows\System\vXmPOtz.exe
  C:\Windows\System\vXmPOtz.exe
  2⤵
  PID:6616
- C:\Windows\System\NJnWdqZ.exe
  C:\Windows\System\NJnWdqZ.exe
  2⤵
  PID:1772
- C:\Windows\System\TqIubzs.exe
  C:\Windows\System\TqIubzs.exe
  2⤵
  PID:6592
- C:\Windows\System\TImzOYf.exe
  C:\Windows\System\TImzOYf.exe
  2⤵
  PID:7128
- C:\Windows\System\PoSBsod.exe
  C:\Windows\System\PoSBsod.exe
  2⤵
  PID:6888
- C:\Windows\System\QeJyodv.exe
  C:\Windows\System\QeJyodv.exe
  2⤵
  PID:6204
- C:\Windows\System\hDwIUug.exe
  C:\Windows\System\hDwIUug.exe
  2⤵
  PID:7092
- C:\Windows\System\XLvqOjN.exe
  C:\Windows\System\XLvqOjN.exe
  2⤵
  PID:6816
- C:\Windows\System\LsuEhre.exe
  C:\Windows\System\LsuEhre.exe
  2⤵
  PID:6928
- C:\Windows\System\njFGjWZ.exe
  C:\Windows\System\njFGjWZ.exe
  2⤵
  PID:6240
- C:\Windows\System\SiMfSxR.exe
  C:\Windows\System\SiMfSxR.exe
  2⤵
  PID:6308
- C:\Windows\System\Djztqfz.exe
  C:\Windows\System\Djztqfz.exe
  2⤵
  PID:3740
- C:\Windows\System\EINQXDa.exe
  C:\Windows\System\EINQXDa.exe
  2⤵
  PID:5148
- C:\Windows\System\RcuNZmp.exe
  C:\Windows\System\RcuNZmp.exe
  2⤵
  PID:6288
- C:\Windows\System\ChaCFMt.exe
  C:\Windows\System\ChaCFMt.exe
  2⤵
  PID:5916
- C:\Windows\System\MsRHGXa.exe
  C:\Windows\System\MsRHGXa.exe
  2⤵
  PID:1560
- C:\Windows\System\lKBBkWH.exe
  C:\Windows\System\lKBBkWH.exe
  2⤵
  PID:6744
- C:\Windows\System\bMgeyWI.exe
  C:\Windows\System\bMgeyWI.exe
  2⤵
  PID:6388
- C:\Windows\System\xUtUfZT.exe
  C:\Windows\System\xUtUfZT.exe
  2⤵
  PID:5760
- C:\Windows\System\LjyRKvG.exe
  C:\Windows\System\LjyRKvG.exe
  2⤵
  PID:6960
- C:\Windows\System\TAtOVGw.exe
  C:\Windows\System\TAtOVGw.exe
  2⤵
  PID:7140
- C:\Windows\System\jkvHgbE.exe
  C:\Windows\System\jkvHgbE.exe
  2⤵
  PID:2056
- C:\Windows\System\RyqZVEV.exe
  C:\Windows\System\RyqZVEV.exe
  2⤵
  PID:4476
- C:\Windows\System\LPhWozG.exe
  C:\Windows\System\LPhWozG.exe
  2⤵
  PID:5472
- C:\Windows\System\VGRRxcU.exe
  C:\Windows\System\VGRRxcU.exe
  2⤵
  PID:376
- C:\Windows\System\txdghCF.exe
  C:\Windows\System\txdghCF.exe
  2⤵
  PID:3864
- C:\Windows\System\UKFEvie.exe
  C:\Windows\System\UKFEvie.exe
  2⤵
  PID:764
- C:\Windows\System\fCwaQJc.exe
  C:\Windows\System\fCwaQJc.exe
  2⤵
  PID:7124
- C:\Windows\System\fbKSMSK.exe
  C:\Windows\System\fbKSMSK.exe
  2⤵
  PID:588
- C:\Windows\System\RvsrcRc.exe
  C:\Windows\System\RvsrcRc.exe
  2⤵
  PID:2884
- C:\Windows\System\iEvOzgg.exe
  C:\Windows\System\iEvOzgg.exe
  2⤵
  PID:1640
- C:\Windows\System\cDkQsCW.exe
  C:\Windows\System\cDkQsCW.exe
  2⤵
  PID:2748
- C:\Windows\System\zVEWxpJ.exe
  C:\Windows\System\zVEWxpJ.exe
  2⤵
  PID:6148
- C:\Windows\System\pyclehc.exe
  C:\Windows\System\pyclehc.exe
  2⤵
  PID:6740
- C:\Windows\System\KrpCPvY.exe
  C:\Windows\System\KrpCPvY.exe
  2⤵
  PID:6872
- C:\Windows\System\ZmoUvPP.exe
  C:\Windows\System\ZmoUvPP.exe
  2⤵
  PID:2204
- C:\Windows\System\bFYmGgY.exe
  C:\Windows\System\bFYmGgY.exe
  2⤵
  PID:6000
- C:\Windows\System\pihbflK.exe
  C:\Windows\System\pihbflK.exe
  2⤵
  PID:2904
- C:\Windows\System\YSOvyLn.exe
  C:\Windows\System\YSOvyLn.exe
  2⤵
  PID:5236
- C:\Windows\System\cwelVTM.exe
  C:\Windows\System\cwelVTM.exe
  2⤵
  PID:7184
- C:\Windows\System\zkHfRKO.exe
  C:\Windows\System\zkHfRKO.exe
  2⤵
  PID:7200
- C:\Windows\System\UtPbtME.exe
  C:\Windows\System\UtPbtME.exe
  2⤵
  PID:7248
- C:\Windows\System\lFBTflq.exe
  C:\Windows\System\lFBTflq.exe
  2⤵
  PID:7264
- C:\Windows\System\wavXoZx.exe
  C:\Windows\System\wavXoZx.exe
  2⤵
  PID:7280
- C:\Windows\System\zBIpfVC.exe
  C:\Windows\System\zBIpfVC.exe
  2⤵
  PID:7296
- C:\Windows\System\yWHRBUt.exe
  C:\Windows\System\yWHRBUt.exe
  2⤵
  PID:7312
- C:\Windows\System\ibUSNbs.exe
  C:\Windows\System\ibUSNbs.exe
  2⤵
  PID:7328
- C:\Windows\System\nCQNSxq.exe
  C:\Windows\System\nCQNSxq.exe
  2⤵
  PID:7344
- C:\Windows\System\CtEBYrc.exe
  C:\Windows\System\CtEBYrc.exe
  2⤵
  PID:7360
- C:\Windows\System\prJcWib.exe
  C:\Windows\System\prJcWib.exe
  2⤵
  PID:7376
- C:\Windows\System\esdwwaD.exe
  C:\Windows\System\esdwwaD.exe
  2⤵
  PID:7392
- C:\Windows\System\dFsDmzT.exe
  C:\Windows\System\dFsDmzT.exe
  2⤵
  PID:7408
- C:\Windows\System\FgSnPXq.exe
  C:\Windows\System\FgSnPXq.exe
  2⤵
  PID:7424
- C:\Windows\System\NdGdCyc.exe
  C:\Windows\System\NdGdCyc.exe
  2⤵
  PID:7440
- C:\Windows\System\DpeeBvH.exe
  C:\Windows\System\DpeeBvH.exe
  2⤵
  PID:7456
- C:\Windows\System\MxJOCqP.exe
  C:\Windows\System\MxJOCqP.exe
  2⤵
  PID:7472
- C:\Windows\System\rnLfndH.exe
  C:\Windows\System\rnLfndH.exe
  2⤵
  PID:7488
- C:\Windows\System\lMDjujW.exe
  C:\Windows\System\lMDjujW.exe
  2⤵
  PID:7504
- C:\Windows\System\IqIVMRW.exe
  C:\Windows\System\IqIVMRW.exe
  2⤵
  PID:7520
- C:\Windows\System\lavfRbK.exe
  C:\Windows\System\lavfRbK.exe
  2⤵
  PID:7536
- C:\Windows\System\PHuAwuZ.exe
  C:\Windows\System\PHuAwuZ.exe
  2⤵
  PID:7552
- C:\Windows\System\ZTEDKGw.exe
  C:\Windows\System\ZTEDKGw.exe
  2⤵
  PID:7568
- C:\Windows\System\uRtPukA.exe
  C:\Windows\System\uRtPukA.exe
  2⤵
  PID:7584
- C:\Windows\System\PadbATC.exe
  C:\Windows\System\PadbATC.exe
  2⤵
  PID:7600
- C:\Windows\System\nkWtnTt.exe
  C:\Windows\System\nkWtnTt.exe
  2⤵
  PID:7616
- C:\Windows\System\zJODpfO.exe
  C:\Windows\System\zJODpfO.exe
  2⤵
  PID:7632
- C:\Windows\System\PanpYly.exe
  C:\Windows\System\PanpYly.exe
  2⤵
  PID:7648
- C:\Windows\System\aWwjhTM.exe
  C:\Windows\System\aWwjhTM.exe
  2⤵
  PID:7664
- C:\Windows\System\WcIEpjD.exe
  C:\Windows\System\WcIEpjD.exe
  2⤵
  PID:7680
- C:\Windows\System\VZqyGVN.exe
  C:\Windows\System\VZqyGVN.exe
  2⤵
  PID:7696
- C:\Windows\System\Qgqhers.exe
  C:\Windows\System\Qgqhers.exe
  2⤵
  PID:7712
- C:\Windows\System\AWhjpQu.exe
  C:\Windows\System\AWhjpQu.exe
  2⤵
  PID:7728
- C:\Windows\System\QUwdmnw.exe
  C:\Windows\System\QUwdmnw.exe
  2⤵
  PID:7744
- C:\Windows\System\oLCdCBN.exe
  C:\Windows\System\oLCdCBN.exe
  2⤵
  PID:7760
- C:\Windows\System\JdaRXaQ.exe
  C:\Windows\System\JdaRXaQ.exe
  2⤵
  PID:7776
- C:\Windows\System\dNEFLoK.exe
  C:\Windows\System\dNEFLoK.exe
  2⤵
  PID:7792
- C:\Windows\System\ADCAnEN.exe
  C:\Windows\System\ADCAnEN.exe
  2⤵
  PID:7808
- C:\Windows\System\CtzSeSd.exe
  C:\Windows\System\CtzSeSd.exe
  2⤵
  PID:7824
- C:\Windows\System\dBZLuEH.exe
  C:\Windows\System\dBZLuEH.exe
  2⤵
  PID:7840
- C:\Windows\System\CofMVnY.exe
  C:\Windows\System\CofMVnY.exe
  2⤵
  PID:7856
- C:\Windows\System\yJYmwPg.exe
  C:\Windows\System\yJYmwPg.exe
  2⤵
  PID:7872
- C:\Windows\System\FzxwZrh.exe
  C:\Windows\System\FzxwZrh.exe
  2⤵
  PID:7888
- C:\Windows\System\CDzFkHU.exe
  C:\Windows\System\CDzFkHU.exe
  2⤵
  PID:7904
- C:\Windows\System\SNNaujz.exe
  C:\Windows\System\SNNaujz.exe
  2⤵
  PID:7920
- C:\Windows\System\YQqyWur.exe
  C:\Windows\System\YQqyWur.exe
  2⤵
  PID:7936
- C:\Windows\System\XgpxAcO.exe
  C:\Windows\System\XgpxAcO.exe
  2⤵
  PID:7952
- C:\Windows\System\MASgNqV.exe
  C:\Windows\System\MASgNqV.exe
  2⤵
  PID:7972
- C:\Windows\System\hSbbzEN.exe
  C:\Windows\System\hSbbzEN.exe
  2⤵
  PID:8016
- C:\Windows\System\pVLPMMq.exe
  C:\Windows\System\pVLPMMq.exe
  2⤵
  PID:8032
- C:\Windows\System\zFCNjpn.exe
  C:\Windows\System\zFCNjpn.exe
  2⤵
  PID:8048
- C:\Windows\System\cNxHWye.exe
  C:\Windows\System\cNxHWye.exe
  2⤵
  PID:8064
- C:\Windows\System\PfBOmaZ.exe
  C:\Windows\System\PfBOmaZ.exe
  2⤵
  PID:8104
- C:\Windows\System\GWDoWVr.exe
  C:\Windows\System\GWDoWVr.exe
  2⤵
  PID:8120
- C:\Windows\System\GiEHwWu.exe
  C:\Windows\System\GiEHwWu.exe
  2⤵
  PID:8140
- C:\Windows\System\wkXgNPu.exe
  C:\Windows\System\wkXgNPu.exe
  2⤵
  PID:1948
- C:\Windows\System\aPwNGad.exe
  C:\Windows\System\aPwNGad.exe
  2⤵
  PID:1680
- C:\Windows\System\bwquDkm.exe
  C:\Windows\System\bwquDkm.exe
  2⤵
  PID:6632
- C:\Windows\System\NSixevs.exe
  C:\Windows\System\NSixevs.exe
  2⤵
  PID:2016
- C:\Windows\System\qRAzGRs.exe
  C:\Windows\System\qRAzGRs.exe
  2⤵
  PID:1380
- C:\Windows\System\gtmwGRF.exe
  C:\Windows\System\gtmwGRF.exe
  2⤵
  PID:7304
- C:\Windows\System\zraxgbf.exe
  C:\Windows\System\zraxgbf.exe
  2⤵
  PID:7292
- C:\Windows\System\zFgJPSs.exe
  C:\Windows\System\zFgJPSs.exe
  2⤵
  PID:7484
- C:\Windows\System\xTqaCZK.exe
  C:\Windows\System\xTqaCZK.exe
  2⤵
  PID:7672
- C:\Windows\System\yitGCTv.exe
  C:\Windows\System\yitGCTv.exe
  2⤵
  PID:7592
- C:\Windows\System\fNZEjUV.exe
  C:\Windows\System\fNZEjUV.exe
  2⤵
  PID:7884
- C:\Windows\System\pDsfxdm.exe
  C:\Windows\System\pDsfxdm.exe
  2⤵
  PID:7916
- C:\Windows\System\vxCpbLF.exe
  C:\Windows\System\vxCpbLF.exe
  2⤵
  PID:7236
- C:\Windows\System\NXfhUUm.exe
  C:\Windows\System\NXfhUUm.exe
  2⤵
  PID:7996
- C:\Windows\System\doIoDXt.exe
  C:\Windows\System\doIoDXt.exe
  2⤵
  PID:8024
- C:\Windows\System\iMxyqae.exe
  C:\Windows\System\iMxyqae.exe
  2⤵
  PID:8060
- C:\Windows\System\ZgwjWZL.exe
  C:\Windows\System\ZgwjWZL.exe
  2⤵
  PID:8080
- C:\Windows\System\LblEhyY.exe
  C:\Windows\System\LblEhyY.exe
  2⤵
  PID:2880
- C:\Windows\System\RkZQCwP.exe
  C:\Windows\System\RkZQCwP.exe
  2⤵
  PID:8100
- C:\Windows\System\GbNAVgF.exe
  C:\Windows\System\GbNAVgF.exe
  2⤵
  PID:6836
- C:\Windows\System\PCQqbsO.exe
  C:\Windows\System\PCQqbsO.exe
  2⤵
  PID:8148
- C:\Windows\System\sTnsrFF.exe
  C:\Windows\System\sTnsrFF.exe
  2⤵
  PID:8172
- C:\Windows\System\SOEExLA.exe
  C:\Windows\System\SOEExLA.exe
  2⤵
  PID:8188
- C:\Windows\System\rNLgwYy.exe
  C:\Windows\System\rNLgwYy.exe
  2⤵
  PID:2636
- C:\Windows\System\keITnKP.exe
  C:\Windows\System\keITnKP.exe
  2⤵
  PID:7216
- C:\Windows\System\CjrhCDg.exe
  C:\Windows\System\CjrhCDg.exe
  2⤵
  PID:6756
- C:\Windows\System\WMOlmPd.exe
  C:\Windows\System\WMOlmPd.exe
  2⤵
  PID:7196
- C:\Windows\System\IHJNJxG.exe
  C:\Windows\System\IHJNJxG.exe
  2⤵
  PID:7320
- C:\Windows\System\PafffCm.exe
  C:\Windows\System\PafffCm.exe
  2⤵
  PID:8152
- C:\Windows\System\nanZyci.exe
  C:\Windows\System\nanZyci.exe
  2⤵
  PID:1760
- C:\Windows\System\gfuVdGu.exe
  C:\Windows\System\gfuVdGu.exe
  2⤵
  PID:1000
- C:\Windows\System\hLRKjKq.exe
  C:\Windows\System\hLRKjKq.exe
  2⤵
  PID:7372
- C:\Windows\System\naBpBCn.exe
  C:\Windows\System\naBpBCn.exe
  2⤵
  PID:6276
- C:\Windows\System\UyJmxQt.exe
  C:\Windows\System\UyJmxQt.exe
  2⤵
  PID:7448
- C:\Windows\System\trxukaB.exe
  C:\Windows\System\trxukaB.exe
  2⤵
  PID:6020
- C:\Windows\System\euXuMWP.exe
  C:\Windows\System\euXuMWP.exe
  2⤵
  PID:7612
- C:\Windows\System\bCfLpGJ.exe
  C:\Windows\System\bCfLpGJ.exe
  2⤵
  PID:7736
- C:\Windows\System\xqiaOTP.exe
  C:\Windows\System\xqiaOTP.exe
  2⤵
  PID:7528
- C:\Windows\System\fRbQadd.exe
  C:\Windows\System\fRbQadd.exe
  2⤵
  PID:7720
- C:\Windows\System\ZEjMduy.exe
  C:\Windows\System\ZEjMduy.exe
  2⤵
  PID:7656
- C:\Windows\System\jvwZBhW.exe
  C:\Windows\System\jvwZBhW.exe
  2⤵
  PID:7756
- C:\Windows\System\umdkXcr.exe
  C:\Windows\System\umdkXcr.exe
  2⤵
  PID:7912
- C:\Windows\System\gWOiszI.exe
  C:\Windows\System\gWOiszI.exe
  2⤵
  PID:7932
- C:\Windows\System\yrRKfmB.exe
  C:\Windows\System\yrRKfmB.exe
  2⤵
  PID:7992
- C:\Windows\System\KaJyvtX.exe
  C:\Windows\System\KaJyvtX.exe
  2⤵
  PID:8056
- C:\Windows\System\rFuOJLK.exe
  C:\Windows\System\rFuOJLK.exe
  2⤵
  PID:5428
- C:\Windows\System\tCNxTDX.exe
  C:\Windows\System\tCNxTDX.exe
  2⤵
  PID:8088
- C:\Windows\System\FUZjoaj.exe
  C:\Windows\System\FUZjoaj.exe
  2⤵
  PID:2244
- C:\Windows\System\AgIQVEs.exe
  C:\Windows\System\AgIQVEs.exe
  2⤵
  PID:8184
- C:\Windows\System\BGbFcCG.exe
  C:\Windows\System\BGbFcCG.exe
  2⤵
  PID:8132
- C:\Windows\System\SyzDCtq.exe
  C:\Windows\System\SyzDCtq.exe
  2⤵
  PID:7244
- C:\Windows\System\Eblzkuz.exe
  C:\Windows\System\Eblzkuz.exe
  2⤵
  PID:1420
- C:\Windows\System\QQrAVxd.exe
  C:\Windows\System\QQrAVxd.exe
  2⤵
  PID:7336
- C:\Windows\System\ndAiEjy.exe
  C:\Windows\System\ndAiEjy.exe
  2⤵
  PID:7352
- C:\Windows\System\OlVoeJX.exe
  C:\Windows\System\OlVoeJX.exe
  2⤵
  PID:7432
- C:\Windows\System\PHARFOf.exe
  C:\Windows\System\PHARFOf.exe
  2⤵
  PID:7436
- C:\Windows\System\msiXSWU.exe
  C:\Windows\System\msiXSWU.exe
  2⤵
  PID:540
- C:\Windows\System\YGuTwBY.exe
  C:\Windows\System\YGuTwBY.exe
  2⤵
  PID:7480
- C:\Windows\System\onCpfQB.exe
  C:\Windows\System\onCpfQB.exe
  2⤵
  PID:7564
- C:\Windows\System\WRkDAbF.exe
  C:\Windows\System\WRkDAbF.exe
  2⤵
  PID:7820
- C:\Windows\System\xdbPdJG.exe
  C:\Windows\System\xdbPdJG.exe
  2⤵
  PID:7848
- C:\Windows\System\TmbLdAg.exe
  C:\Windows\System\TmbLdAg.exe
  2⤵
  PID:7836
- C:\Windows\System\hfWASiB.exe
  C:\Windows\System\hfWASiB.exe
  2⤵
  PID:7784
- C:\Windows\System\CPxOVJy.exe
  C:\Windows\System\CPxOVJy.exe
  2⤵
  PID:7948
- C:\Windows\System\hLMmtwW.exe
  C:\Windows\System\hLMmtwW.exe
  2⤵
  PID:7984
- C:\Windows\System\NTvTLNI.exe
  C:\Windows\System\NTvTLNI.exe
  2⤵
  PID:8164
- C:\Windows\System\frDdfDh.exe
  C:\Windows\System\frDdfDh.exe
  2⤵
  PID:7768
- C:\Windows\System\aXyHtIt.exe
  C:\Windows\System\aXyHtIt.exe
  2⤵
  PID:2192
- C:\Windows\System\jPmFAQJ.exe
  C:\Windows\System\jPmFAQJ.exe
  2⤵
  PID:7640
- C:\Windows\System\PLwvDzi.exe
  C:\Windows\System\PLwvDzi.exe
  2⤵
  PID:7832
- C:\Windows\System\sBLCSwj.exe
  C:\Windows\System\sBLCSwj.exe
  2⤵
  PID:8116
- C:\Windows\System\tSXtUXH.exe
  C:\Windows\System\tSXtUXH.exe
  2⤵
  PID:6856
- C:\Windows\System\BVCoDIP.exe
  C:\Windows\System\BVCoDIP.exe
  2⤵
  PID:7516
- C:\Windows\System\kEmppaC.exe
  C:\Windows\System\kEmppaC.exe
  2⤵
  PID:6980
- C:\Windows\System\DFPZRSe.exe
  C:\Windows\System\DFPZRSe.exe
  2⤵
  PID:7404
- C:\Windows\System\jKQZIKk.exe
  C:\Windows\System\jKQZIKk.exe
  2⤵
  PID:7724
- C:\Windows\System\KGQQurQ.exe
  C:\Windows\System\KGQQurQ.exe
  2⤵
  PID:7968
- C:\Windows\System\gTrfYaG.exe
  C:\Windows\System\gTrfYaG.exe
  2⤵
  PID:7228
- C:\Windows\System\toiUXAo.exe
  C:\Windows\System\toiUXAo.exe
  2⤵
  PID:6676
- C:\Windows\System\dxXeQcd.exe
  C:\Windows\System\dxXeQcd.exe
  2⤵
  PID:7276
- C:\Windows\System\HZnzRbV.exe
  C:\Windows\System\HZnzRbV.exe
  2⤵
  PID:7324
- C:\Windows\System\QYAEaDL.exe
  C:\Windows\System\QYAEaDL.exe
  2⤵
  PID:7532
- C:\Windows\System\jRWvjHV.exe
  C:\Windows\System\jRWvjHV.exe
  2⤵
  PID:7340
- C:\Windows\System\IzkKuxT.exe
  C:\Windows\System\IzkKuxT.exe
  2⤵
  PID:7960
- C:\Windows\System\aotmFdR.exe
  C:\Windows\System\aotmFdR.exe
  2⤵
  PID:7576
- C:\Windows\System\ZpeQZIh.exe
  C:\Windows\System\ZpeQZIh.exe
  2⤵
  PID:8156
- C:\Windows\System\xBomTpG.exe
  C:\Windows\System\xBomTpG.exe
  2⤵
  PID:7644
- C:\Windows\System\EnkywLG.exe
  C:\Windows\System\EnkywLG.exe
  2⤵
  PID:8208
- C:\Windows\System\rhKHHqg.exe
  C:\Windows\System\rhKHHqg.exe
  2⤵
  PID:8228
- C:\Windows\System\CRkdeyN.exe
  C:\Windows\System\CRkdeyN.exe
  2⤵
  PID:8244
- C:\Windows\System\RDNOiqe.exe
  C:\Windows\System\RDNOiqe.exe
  2⤵
  PID:8260
- C:\Windows\System\rFoAIXe.exe
  C:\Windows\System\rFoAIXe.exe
  2⤵
  PID:8276
- C:\Windows\System\CyUHhji.exe
  C:\Windows\System\CyUHhji.exe
  2⤵
  PID:8292
- C:\Windows\System\kUajnKI.exe
  C:\Windows\System\kUajnKI.exe
  2⤵
  PID:8312
- C:\Windows\System\SchARAE.exe
  C:\Windows\System\SchARAE.exe
  2⤵
  PID:8336
- C:\Windows\System\FtlKkXX.exe
  C:\Windows\System\FtlKkXX.exe
  2⤵
  PID:8352
- C:\Windows\System\wyKypIA.exe
  C:\Windows\System\wyKypIA.exe
  2⤵
  PID:8368
- C:\Windows\System\dHOvqMA.exe
  C:\Windows\System\dHOvqMA.exe
  2⤵
  PID:8384
- C:\Windows\System\HlwWamj.exe
  C:\Windows\System\HlwWamj.exe
  2⤵
  PID:8400
- C:\Windows\System\OvKuDQk.exe
  C:\Windows\System\OvKuDQk.exe
  2⤵
  PID:8416
- C:\Windows\System\dOdaRtw.exe
  C:\Windows\System\dOdaRtw.exe
  2⤵
  PID:8432
- C:\Windows\System\YtIynQx.exe
  C:\Windows\System\YtIynQx.exe
  2⤵
  PID:8448
- C:\Windows\System\BGNJtSn.exe
  C:\Windows\System\BGNJtSn.exe
  2⤵
  PID:8464
- C:\Windows\System\UUUHlsM.exe
  C:\Windows\System\UUUHlsM.exe
  2⤵
  PID:8484
- C:\Windows\System\gdCKtwa.exe
  C:\Windows\System\gdCKtwa.exe
  2⤵
  PID:8504
- C:\Windows\System\ZvbcIiA.exe
  C:\Windows\System\ZvbcIiA.exe
  2⤵
  PID:8532
- C:\Windows\System\oHQDbAu.exe
  C:\Windows\System\oHQDbAu.exe
  2⤵
  PID:8624
- C:\Windows\System\pgKAYiV.exe
  C:\Windows\System\pgKAYiV.exe
  2⤵
  PID:8648
- C:\Windows\System\UDvfeme.exe
  C:\Windows\System\UDvfeme.exe
  2⤵
  PID:8664
- C:\Windows\System\LhUitWd.exe
  C:\Windows\System\LhUitWd.exe
  2⤵
  PID:8688
- C:\Windows\System\bGmtCxW.exe
  C:\Windows\System\bGmtCxW.exe
  2⤵
  PID:8712
- C:\Windows\System\IuajvLo.exe
  C:\Windows\System\IuajvLo.exe
  2⤵
  PID:8728
- C:\Windows\System\dmYcEQr.exe
  C:\Windows\System\dmYcEQr.exe
  2⤵
  PID:8744
- C:\Windows\System\NXNZNAR.exe
  C:\Windows\System\NXNZNAR.exe
  2⤵
  PID:8776
- C:\Windows\System\anGAQQz.exe
  C:\Windows\System\anGAQQz.exe
  2⤵
  PID:8800
- C:\Windows\System\EcqrpoJ.exe
  C:\Windows\System\EcqrpoJ.exe
  2⤵
  PID:8816
- C:\Windows\System\DIlAcoG.exe
  C:\Windows\System\DIlAcoG.exe
  2⤵
  PID:8844
- C:\Windows\System\sADejQL.exe
  C:\Windows\System\sADejQL.exe
  2⤵
  PID:8860
- C:\Windows\System\luqfJHr.exe
  C:\Windows\System\luqfJHr.exe
  2⤵
  PID:8876
- C:\Windows\System\ZljmXBi.exe
  C:\Windows\System\ZljmXBi.exe
  2⤵
  PID:8892
- C:\Windows\System\zTDRhWU.exe
  C:\Windows\System\zTDRhWU.exe
  2⤵
  PID:8912
- C:\Windows\System\UbYIZnf.exe
  C:\Windows\System\UbYIZnf.exe
  2⤵
  PID:8928
- C:\Windows\System\eAxqXJr.exe
  C:\Windows\System\eAxqXJr.exe
  2⤵
  PID:8944
- C:\Windows\System\SWlndkL.exe
  C:\Windows\System\SWlndkL.exe
  2⤵
  PID:8960
- C:\Windows\System\zNvaKnm.exe
  C:\Windows\System\zNvaKnm.exe
  2⤵
  PID:8976
- C:\Windows\System\VARPcKF.exe
  C:\Windows\System\VARPcKF.exe
  2⤵
  PID:8996
- C:\Windows\System\dccaOhT.exe
  C:\Windows\System\dccaOhT.exe
  2⤵
  PID:9016
- C:\Windows\System\xOylrYw.exe
  C:\Windows\System\xOylrYw.exe
  2⤵
  PID:9032
- C:\Windows\System\ZsMnxQA.exe
  C:\Windows\System\ZsMnxQA.exe
  2⤵
  PID:9048
- C:\Windows\System\ZUvvDWE.exe
  C:\Windows\System\ZUvvDWE.exe
  2⤵
  PID:9064
- C:\Windows\System\jwEfUzq.exe
  C:\Windows\System\jwEfUzq.exe
  2⤵
  PID:9080
- C:\Windows\System\FxoCLsS.exe
  C:\Windows\System\FxoCLsS.exe
  2⤵
  PID:9112
- C:\Windows\System\KuWheHe.exe
  C:\Windows\System\KuWheHe.exe
  2⤵
  PID:9128
- C:\Windows\System\kMOimqQ.exe
  C:\Windows\System\kMOimqQ.exe
  2⤵
  PID:9148
- C:\Windows\System\WFxpTgM.exe
  C:\Windows\System\WFxpTgM.exe
  2⤵
  PID:9168
- C:\Windows\System\lSCaTJl.exe
  C:\Windows\System\lSCaTJl.exe
  2⤵
  PID:9192
- C:\Windows\System\UzWuKDP.exe
  C:\Windows\System\UzWuKDP.exe
  2⤵
  PID:8200
- C:\Windows\System\cvRpIUx.exe
  C:\Windows\System\cvRpIUx.exe
  2⤵
  PID:8300
- C:\Windows\System\WHFZNFR.exe
  C:\Windows\System\WHFZNFR.exe
  2⤵
  PID:8364
- C:\Windows\System\vpbQetH.exe
  C:\Windows\System\vpbQetH.exe
  2⤵
  PID:7800
- C:\Windows\System\ffJRhWf.exe
  C:\Windows\System\ffJRhWf.exe
  2⤵
  PID:8324
- C:\Windows\System\qKKBjKf.exe
  C:\Windows\System\qKKBjKf.exe
  2⤵
  PID:8500
- C:\Windows\System\KACKFDb.exe
  C:\Windows\System\KACKFDb.exe
  2⤵
  PID:8412
- C:\Windows\System\rEcWjcP.exe
  C:\Windows\System\rEcWjcP.exe
  2⤵
  PID:8552
- C:\Windows\System\sIurtCl.exe
  C:\Windows\System\sIurtCl.exe
  2⤵
  PID:8348
- C:\Windows\System\HzlrbOR.exe
  C:\Windows\System\HzlrbOR.exe
  2⤵
  PID:8476
- C:\Windows\System\EpMBYSM.exe
  C:\Windows\System\EpMBYSM.exe
  2⤵
  PID:8580
- C:\Windows\System\qQVqLMN.exe
  C:\Windows\System\qQVqLMN.exe
  2⤵
  PID:8596
- C:\Windows\System\mgQfSgA.exe
  C:\Windows\System\mgQfSgA.exe
  2⤵
  PID:8676
- C:\Windows\System\RptsRDL.exe
  C:\Windows\System\RptsRDL.exe
  2⤵
  PID:8680
- C:\Windows\System\YwSeHqg.exe
  C:\Windows\System\YwSeHqg.exe
  2⤵
  PID:8700
- C:\Windows\System\wkBkpWk.exe
  C:\Windows\System\wkBkpWk.exe
  2⤵
  PID:8740
- C:\Windows\System\OzkHwaY.exe
  C:\Windows\System\OzkHwaY.exe
  2⤵
  PID:8760
- C:\Windows\System\jwmDwsW.exe
  C:\Windows\System\jwmDwsW.exe
  2⤵
  PID:8792
- C:\Windows\System\utQnPJs.exe
  C:\Windows\System\utQnPJs.exe
  2⤵
  PID:8856
- C:\Windows\System\AkiYWOf.exe
  C:\Windows\System\AkiYWOf.exe
  2⤵
  PID:8924
- C:\Windows\System\jWPAKxS.exe
  C:\Windows\System\jWPAKxS.exe
  2⤵
  PID:8988
- C:\Windows\System\clCNNoc.exe
  C:\Windows\System\clCNNoc.exe
  2⤵
  PID:8868
- C:\Windows\System\lhBgcRO.exe
  C:\Windows\System\lhBgcRO.exe
  2⤵
  PID:9100
- C:\Windows\System\ECSNvwG.exe
  C:\Windows\System\ECSNvwG.exe
  2⤵
  PID:9140
- C:\Windows\System\gtOPOnz.exe
  C:\Windows\System\gtOPOnz.exe
  2⤵
  PID:9176
- C:\Windows\System\UsmiNbY.exe
  C:\Windows\System\UsmiNbY.exe
  2⤵
  PID:9180
- C:\Windows\System\TtbnKWX.exe
  C:\Windows\System\TtbnKWX.exe
  2⤵
  PID:8396
- C:\Windows\System\XZTokJJ.exe
  C:\Windows\System\XZTokJJ.exe
  2⤵
  PID:8940
- C:\Windows\System\sMWmkfT.exe
  C:\Windows\System\sMWmkfT.exe
  2⤵
  PID:8972
- C:\Windows\System\VrahiVY.exe
  C:\Windows\System\VrahiVY.exe
  2⤵
  PID:9040
- C:\Windows\System\EvcNryt.exe
  C:\Windows\System\EvcNryt.exe
  2⤵
  PID:8256
- C:\Windows\System\ukttuSN.exe
  C:\Windows\System\ukttuSN.exe
  2⤵
  PID:9164
- C:\Windows\System\xuxFOYc.exe
  C:\Windows\System\xuxFOYc.exe
  2⤵
  PID:8224
- C:\Windows\System\hsPtxPF.exe
  C:\Windows\System\hsPtxPF.exe
  2⤵
  PID:8520
- C:\Windows\System\GuOfgZv.exe
  C:\Windows\System\GuOfgZv.exe
  2⤵
  PID:8592
- C:\Windows\System\BNVgrwF.exe
  C:\Windows\System\BNVgrwF.exe
  2⤵
  PID:8440
- C:\Windows\System\vgaPQXK.exe
  C:\Windows\System\vgaPQXK.exe
  2⤵
  PID:8620
- C:\Windows\System\DWGZSJx.exe
  C:\Windows\System\DWGZSJx.exe
  2⤵
  PID:8852
- C:\Windows\System\ymOFEaV.exe
  C:\Windows\System\ymOFEaV.exe
  2⤵
  PID:8952
- C:\Windows\System\tqobPJf.exe
  C:\Windows\System\tqobPJf.exe
  2⤵
  PID:8684
- C:\Windows\System\maXEYBz.exe
  C:\Windows\System\maXEYBz.exe
  2⤵
  PID:9184
- C:\Windows\System\qetWJMr.exe
  C:\Windows\System\qetWJMr.exe
  2⤵
  PID:8812
- C:\Windows\System\gCysMHa.exe
  C:\Windows\System\gCysMHa.exe
  2⤵
  PID:8788
- C:\Windows\System\aRmOJIv.exe
  C:\Windows\System\aRmOJIv.exe
  2⤵
  PID:9096
- C:\Windows\System\wqRmrTD.exe
  C:\Windows\System\wqRmrTD.exe
  2⤵
  PID:8268
- C:\Windows\System\wZjqjBu.exe
  C:\Windows\System\wZjqjBu.exe
  2⤵
  PID:9072
- C:\Windows\System\aIGErTI.exe
  C:\Windows\System\aIGErTI.exe
  2⤵
  PID:9028
- C:\Windows\System\vpWeKNj.exe
  C:\Windows\System\vpWeKNj.exe
  2⤵
  PID:8796
- C:\Windows\System\UkrKEiz.exe
  C:\Windows\System\UkrKEiz.exe
  2⤵
  PID:9204
- C:\Windows\System\GgbShhm.exe
  C:\Windows\System\GgbShhm.exe
  2⤵
  PID:9156
- C:\Windows\System\bjpHFDG.exe
  C:\Windows\System\bjpHFDG.exe
  2⤵
  PID:8496
- C:\Windows\System\kgQIwbN.exe
  C:\Windows\System\kgQIwbN.exe
  2⤵
  PID:8376
- C:\Windows\System\iZVpzXL.exe
  C:\Windows\System\iZVpzXL.exe
  2⤵
  PID:8656
- C:\Windows\System\HgnSddE.exe
  C:\Windows\System\HgnSddE.exe
  2⤵
  PID:8632
- C:\Windows\System\XFcplTt.exe
  C:\Windows\System\XFcplTt.exe
  2⤵
  PID:9056
- C:\Windows\System\wMnsDkM.exe
  C:\Windows\System\wMnsDkM.exe
  2⤵
  PID:8836
- C:\Windows\System\Fspgvmt.exe
  C:\Windows\System\Fspgvmt.exe
  2⤵
  PID:9228
- C:\Windows\System\fKCQqif.exe
  C:\Windows\System\fKCQqif.exe
  2⤵
  PID:9244
- C:\Windows\System\dsyRuDK.exe
  C:\Windows\System\dsyRuDK.exe
  2⤵
  PID:9260
- C:\Windows\System\lwwfYuv.exe
  C:\Windows\System\lwwfYuv.exe
  2⤵
  PID:9276
- C:\Windows\System\BmPiOwL.exe
  C:\Windows\System\BmPiOwL.exe
  2⤵
  PID:9292
- C:\Windows\System\lPAVRmB.exe
  C:\Windows\System\lPAVRmB.exe
  2⤵
  PID:9312
- C:\Windows\System\CNOhWrc.exe
  C:\Windows\System\CNOhWrc.exe
  2⤵
  PID:9332
- C:\Windows\System\NRRiSIo.exe
  C:\Windows\System\NRRiSIo.exe
  2⤵
  PID:9352
- C:\Windows\System\ObSgpfk.exe
  C:\Windows\System\ObSgpfk.exe
  2⤵
  PID:9372
- C:\Windows\System\oemvWws.exe
  C:\Windows\System\oemvWws.exe
  2⤵
  PID:9388
- C:\Windows\System\kkzNiBb.exe
  C:\Windows\System\kkzNiBb.exe
  2⤵
  PID:9412
- C:\Windows\System\HtrNDrl.exe
  C:\Windows\System\HtrNDrl.exe
  2⤵
  PID:9432
- C:\Windows\System\cRIXaoa.exe
  C:\Windows\System\cRIXaoa.exe
  2⤵
  PID:9456
- C:\Windows\System\rjSLapv.exe
  C:\Windows\System\rjSLapv.exe
  2⤵
  PID:9476
- C:\Windows\System\ExhOfpa.exe
  C:\Windows\System\ExhOfpa.exe
  2⤵
  PID:9496
- C:\Windows\System\ASaiYAr.exe
  C:\Windows\System\ASaiYAr.exe
  2⤵
  PID:9516
- C:\Windows\System\gtyzaGC.exe
  C:\Windows\System\gtyzaGC.exe
  2⤵
  PID:9540
- C:\Windows\System\mFQCLXD.exe
  C:\Windows\System\mFQCLXD.exe
  2⤵
  PID:9564
- C:\Windows\System\YPBDqlC.exe
  C:\Windows\System\YPBDqlC.exe
  2⤵
  PID:9616
- C:\Windows\System\SSLbHin.exe
  C:\Windows\System\SSLbHin.exe
  2⤵
  PID:9632
- C:\Windows\System\izpCfmP.exe
  C:\Windows\System\izpCfmP.exe
  2⤵
  PID:9648
- C:\Windows\System\JYIsNOL.exe
  C:\Windows\System\JYIsNOL.exe
  2⤵
  PID:9680
- C:\Windows\System\xcSsfJS.exe
  C:\Windows\System\xcSsfJS.exe
  2⤵
  PID:9696
- C:\Windows\System\zbjyriA.exe
  C:\Windows\System\zbjyriA.exe
  2⤵
  PID:9712
- C:\Windows\System\AQeTpfe.exe
  C:\Windows\System\AQeTpfe.exe
  2⤵
  PID:9728
- C:\Windows\System\dwvSqJf.exe
  C:\Windows\System\dwvSqJf.exe
  2⤵
  PID:9744
- C:\Windows\System\DpzohZx.exe
  C:\Windows\System\DpzohZx.exe
  2⤵
  PID:9760
- C:\Windows\System\GYySTpz.exe
  C:\Windows\System\GYySTpz.exe
  2⤵
  PID:9776
- C:\Windows\System\ZDILOXL.exe
  C:\Windows\System\ZDILOXL.exe
  2⤵
  PID:9792
- C:\Windows\System\bFuORLq.exe
  C:\Windows\System\bFuORLq.exe
  2⤵
  PID:9808
- C:\Windows\System\FLQajQw.exe
  C:\Windows\System\FLQajQw.exe
  2⤵
  PID:9824
- C:\Windows\System\SNXvfvQ.exe
  C:\Windows\System\SNXvfvQ.exe
  2⤵
  PID:9840
- C:\Windows\System\fSHIQTo.exe
  C:\Windows\System\fSHIQTo.exe
  2⤵
  PID:9860
- C:\Windows\System\MarWsAH.exe
  C:\Windows\System\MarWsAH.exe
  2⤵
  PID:9876
- C:\Windows\System\rgnbqyO.exe
  C:\Windows\System\rgnbqyO.exe
  2⤵
  PID:9896
- C:\Windows\System\FwSUxVq.exe
  C:\Windows\System\FwSUxVq.exe
  2⤵
  PID:9916
- C:\Windows\System\JORIirC.exe
  C:\Windows\System\JORIirC.exe
  2⤵
  PID:9952
- C:\Windows\System\lrgveXC.exe
  C:\Windows\System\lrgveXC.exe
  2⤵
  PID:9984
- C:\Windows\System\AZmeRwf.exe
  C:\Windows\System\AZmeRwf.exe
  2⤵
  PID:10004
- C:\Windows\System\feSnoxA.exe
  C:\Windows\System\feSnoxA.exe
  2⤵
  PID:10036
- C:\Windows\System\QJrdIcJ.exe
  C:\Windows\System\QJrdIcJ.exe
  2⤵
  PID:10068
- C:\Windows\System\uONwUiu.exe
  C:\Windows\System\uONwUiu.exe
  2⤵
  PID:10088
- C:\Windows\System\PokeRjp.exe
  C:\Windows\System\PokeRjp.exe
  2⤵
  PID:10104
- C:\Windows\System\mbjtWRi.exe
  C:\Windows\System\mbjtWRi.exe
  2⤵
  PID:10124
- C:\Windows\System\LKUAFKt.exe
  C:\Windows\System\LKUAFKt.exe
  2⤵
  PID:10140
- C:\Windows\System\mjgtPio.exe
  C:\Windows\System\mjgtPio.exe
  2⤵
  PID:10160
- C:\Windows\System\DbzIZFU.exe
  C:\Windows\System\DbzIZFU.exe
  2⤵
  PID:10176
- C:\Windows\System\SyuiMvT.exe
  C:\Windows\System\SyuiMvT.exe
  2⤵
  PID:10192
- C:\Windows\System\aNHsaPy.exe
  C:\Windows\System\aNHsaPy.exe
  2⤵
  PID:10212
- C:\Windows\System\YJvkhTS.exe
  C:\Windows\System\YJvkhTS.exe
  2⤵
  PID:10232
- C:\Windows\System\SodcpPe.exe
  C:\Windows\System\SodcpPe.exe
  2⤵
  PID:8968
- C:\Windows\System\cnICBjx.exe
  C:\Windows\System\cnICBjx.exe
  2⤵
  PID:8272
- C:\Windows\System\xAEaBgk.exe
  C:\Windows\System\xAEaBgk.exe
  2⤵
  PID:8576
- C:\Windows\System\TBaCcrz.exe
  C:\Windows\System\TBaCcrz.exe
  2⤵
  PID:8724
- C:\Windows\System\TGnuApg.exe
  C:\Windows\System\TGnuApg.exe
  2⤵
  PID:8756
- C:\Windows\System\wACWjNn.exe
  C:\Windows\System\wACWjNn.exe
  2⤵
  PID:9256
- C:\Windows\System\bMnQMLI.exe
  C:\Windows\System\bMnQMLI.exe
  2⤵
  PID:9120
- C:\Windows\System\IGZONNd.exe
  C:\Windows\System\IGZONNd.exe
  2⤵
  PID:8660
- C:\Windows\System\bVEbwdU.exe
  C:\Windows\System\bVEbwdU.exe
  2⤵
  PID:9272
- C:\Windows\System\iacrTAw.exe
  C:\Windows\System\iacrTAw.exe
  2⤵
  PID:9340
- C:\Windows\System\zrlHXVT.exe
  C:\Windows\System\zrlHXVT.exe
  2⤵
  PID:9424
- C:\Windows\System\AEltLMe.exe
  C:\Windows\System\AEltLMe.exe
  2⤵
  PID:9384
- C:\Windows\System\SviinYH.exe
  C:\Windows\System\SviinYH.exe
  2⤵
  PID:9560
- C:\Windows\System\VhYGrwS.exe
  C:\Windows\System\VhYGrwS.exe
  2⤵
  PID:7356
- C:\Windows\System\EHhkiAT.exe
  C:\Windows\System\EHhkiAT.exe
  2⤵
  PID:9396
- C:\Windows\System\xgXXElH.exe
  C:\Windows\System\xgXXElH.exe
  2⤵
  PID:9400
- C:\Windows\System\uKvzhsL.exe
  C:\Windows\System\uKvzhsL.exe
  2⤵
  PID:9484
- C:\Windows\System\RfSVgew.exe
  C:\Windows\System\RfSVgew.exe
  2⤵
  PID:9572
- C:\Windows\System\aifNCgA.exe
  C:\Windows\System\aifNCgA.exe
  2⤵
  PID:9612
- C:\Windows\System\lpuTVuA.exe
  C:\Windows\System\lpuTVuA.exe
  2⤵
  PID:9704
- C:\Windows\System\rBxXREA.exe
  C:\Windows\System\rBxXREA.exe
  2⤵
  PID:9724
- C:\Windows\System\cmJJfTm.exe
  C:\Windows\System\cmJJfTm.exe
  2⤵
  PID:9848
- C:\Windows\System\PuvZqzb.exe
  C:\Windows\System\PuvZqzb.exe
  2⤵
  PID:9928
- C:\Windows\System\CuFznSg.exe
  C:\Windows\System\CuFznSg.exe
  2⤵
  PID:9932
- C:\Windows\System\pPJUABS.exe
  C:\Windows\System\pPJUABS.exe
  2⤵
  PID:9836
- C:\Windows\System\BxlXITj.exe
  C:\Windows\System\BxlXITj.exe
  2⤵
  PID:9908
- C:\Windows\System\jsYnDcG.exe
  C:\Windows\System\jsYnDcG.exe
  2⤵
  PID:9960
- C:\Windows\System\YTngOON.exe
  C:\Windows\System\YTngOON.exe
  2⤵
  PID:9804
- C:\Windows\System\LipfzRZ.exe
  C:\Windows\System\LipfzRZ.exe
  2⤵
  PID:10024
- C:\Windows\System\sGsROgU.exe
  C:\Windows\System\sGsROgU.exe
  2⤵
  PID:9972
- C:\Windows\System\QmujoaS.exe
  C:\Windows\System\QmujoaS.exe
  2⤵
  PID:9996
- C:\Windows\System\vVuwqQO.exe
  C:\Windows\System\vVuwqQO.exe
  2⤵
  PID:10020
- C:\Windows\System\TgzRlFu.exe
  C:\Windows\System\TgzRlFu.exe
  2⤵
  PID:10120
- C:\Windows\System\nIsKWGd.exe
  C:\Windows\System\nIsKWGd.exe
  2⤵
  PID:9224
- C:\Windows\System\oIZKeum.exe
  C:\Windows\System\oIZKeum.exe
  2⤵
  PID:9508
- C:\Windows\System\ABcfnTW.exe
  C:\Windows\System\ABcfnTW.exe
  2⤵
  PID:10044
- C:\Windows\System\TdUzCzh.exe
  C:\Windows\System\TdUzCzh.exe
  2⤵
  PID:10060
- C:\Windows\System\ONsMmij.exe
  C:\Windows\System\ONsMmij.exe
  2⤵
  PID:9328
- C:\Windows\System\VQpmskC.exe
  C:\Windows\System\VQpmskC.exe
  2⤵
  PID:9324
- C:\Windows\System\IoCbmkJ.exe
  C:\Windows\System\IoCbmkJ.exe
  2⤵
  PID:10096
- C:\Windows\System\TMHlBmc.exe
  C:\Windows\System\TMHlBmc.exe
  2⤵
  PID:10168
- C:\Windows\System\JRMKTiz.exe
  C:\Windows\System\JRMKTiz.exe
  2⤵
  PID:10208
- C:\Windows\System\ohUfqPz.exe
  C:\Windows\System\ohUfqPz.exe
  2⤵
  PID:8588
- C:\Windows\System\ZkfXJfH.exe
  C:\Windows\System\ZkfXJfH.exe
  2⤵
  PID:9548
- C:\Windows\System\WeFGkrO.exe
  C:\Windows\System\WeFGkrO.exe
  2⤵
  PID:9448
- C:\Windows\System\LosNYVD.exe
  C:\Windows\System\LosNYVD.exe
  2⤵
  PID:9608
- C:\Windows\System\meYdYMM.exe
  C:\Windows\System\meYdYMM.exe
  2⤵
  PID:9600
- C:\Windows\System\ZUXYikn.exe
  C:\Windows\System\ZUXYikn.exe
  2⤵
  PID:9740
- C:\Windows\System\aymuwkO.exe
  C:\Windows\System\aymuwkO.exe
  2⤵
  PID:9692
- C:\Windows\System\dzMFtnv.exe
  C:\Windows\System\dzMFtnv.exe
  2⤵
  PID:9816
- C:\Windows\System\CUOcXCm.exe
  C:\Windows\System\CUOcXCm.exe
  2⤵
  PID:9800
- C:\Windows\System\ZmPRfGa.exe
  C:\Windows\System\ZmPRfGa.exe
  2⤵
  PID:10012
- C:\Windows\System\lYKgNpe.exe
  C:\Windows\System\lYKgNpe.exe
  2⤵
  PID:10228
- C:\Windows\System\vHccHdM.exe
  C:\Windows\System\vHccHdM.exe
  2⤵
  PID:8460
- C:\Windows\System\HfVoHQf.exe
  C:\Windows\System\HfVoHQf.exe
  2⤵
  PID:10156
- C:\Windows\System\hsCQiQo.exe
  C:\Windows\System\hsCQiQo.exe
  2⤵
  PID:8220
- C:\Windows\System\UFSqEKt.exe
  C:\Windows\System\UFSqEKt.exe
  2⤵
  PID:9492
- C:\Windows\System\YySpUlq.exe
  C:\Windows\System\YySpUlq.exe
  2⤵
  PID:9304
- C:\Windows\System\UBYXlAJ.exe
  C:\Windows\System\UBYXlAJ.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AaWgbfo.exe

Filesize
6.0MB

MD5
4503ab7234a4ad4bf4cf658ee62aa8c9

SHA1
e25b46a718c60e2844854e6af9784ad901c32407

SHA256
c0a36952554591e8c55ae85eb34f5d961bb798c3731b31f888f2236040723e66

SHA512
1ffbafe09c3f8ed6e04a97a33683aefd97a286fc49953d2c9c2731ab2de1778d642417713ee1ce0c7c0bd88bca6bf9828ac3fdb93bc56e1035baf693c2ca5d3b

Download Submit
C:\Windows\system\BjtRMih.exe

Filesize
6.0MB

MD5
3684200cddbcfe462508107ae14ff47f

SHA1
ec057e0f1bee9f3fb5837b391b1b077a6ea38b03

SHA256
e33135a8e217b0a4232997434510734c8df5bd51cdcdca95f612b41744712a9d

SHA512
61e329c440c385035176ee584279f16ef349afaa9b2768ba37b3e6275750ae9986e1fba1a76c053490566cd89c690fd99a7c2b5466ecc67ef6634a10c464ea9c

Download Submit
C:\Windows\system\Blmrdvz.exe

Filesize
6.0MB

MD5
6a39682bf72779c55e365061bd6faf77

SHA1
ba7b0869bc20b9c2811f668539205d871a04957b

SHA256
484b14a36c6fccbcf36ba37c3046da93acc7322744466ce25a10dedc0ddef3ee

SHA512
a0dc509bdbc30c4dc519eb9850bd05f423c7688fffd9469074d94746a1a6fa13cca6d9d4f3608856bceab1e49acad261ec700a972fe029c05f163d042c7b5cef

Download Submit
C:\Windows\system\CKpSOjF.exe

Filesize
6.0MB

MD5
84b581dfb5b734b265151825d406b3f9

SHA1
e6359ec5ec89f33f8dda3d5935d7c4b028b45bfd

SHA256
b8e7f75c5e3cdf86a8fa38baf98c8f26f2daf5904247b53835c20816bcc19102

SHA512
e94bf2f384c1352fb7a707d1818186c318e82ca5e86f27b0f4d7048e2c7d4a41b3717ab46335579cb3859555b3e5c297c63ba4a93db793b12104ea8070fef1cd

Download Submit
C:\Windows\system\DOffNpz.exe

Filesize
6.0MB

MD5
fb311dba243e0fa5fb779778fde3a31b

SHA1
94176277dcb035b05843dde78874efec63d9018d

SHA256
f99077a3585a5d18454d71bcccb027ca98138e512a1032416fa91279dad3a288

SHA512
0e7df2a99f8fe9838f91c6c5e7d21ca9edf5cfd6b5a797f65eeecf164616e2936610083a6b41eaecc979c8540a65dadf6dc91aac9bf4aaa57ce3f4be0acb7a76

Download Submit
C:\Windows\system\FlRbEvj.exe

Filesize
6.0MB

MD5
6c84f8ba38d3c905a5e036ca501db1d7

SHA1
3bcf9aae7701864b6ab5b255ce6e2d7afd13673d

SHA256
96552290193ee3d5d97ccac07785aff004b6a0c8d564af2a5ad7ad20224e44b0

SHA512
8347355e3ad5095ce2ef1fa8d41b1104635e78d090d1ad72f4de58db8726c6c048c17f19c0060a589ce53accddb292010acf10d4ce4c6e8ff128b0630383c05f

Download Submit
C:\Windows\system\GcATUas.exe

Filesize
6.0MB

MD5
034d92e3700f089adf377050cc56e6c1

SHA1
faa2e4f50a28fd4b40404599b562fd82859548cc

SHA256
1f2c42cb3c42de0282d761d5bd09e13d77f0f30db81305b210eaefc8f1af761f

SHA512
769b6e7cb625b2d4cac2ba8230314384513710d789cffa1969cf745dc257165dd155a5be5c672f553a7cfe67bc2e72b31dd2e1306c348e40334485a03bfefa9f

Download Submit
C:\Windows\system\KZSmBNg.exe

Filesize
6.0MB

MD5
d19c4f798ae4d69d44bde56f46ccec11

SHA1
40a7b1e12a2802963573768117fb969f9834e751

SHA256
d8cdb74020cdb5d2f711d5fdf671d10515dd4333904a26c5fb33fe1cba1a3556

SHA512
b15705f085c5cfd605e242dfe3ae6419ebaa89f9821ddf6aba04aa21a1afc6739cf059183524746bb2715711fae25b68d316cdc85d72a6d7ae967f29004a2a36

Download Submit
C:\Windows\system\LMWEmZi.exe

Filesize
6.0MB

MD5
fbe281484415703de672033795ec281f

SHA1
ebfc5167394e610126fa82c8917abf5249cd0a28

SHA256
f72035182cbdd62fbe05330199708f267da234415e837738549ba6ca4fdacc44

SHA512
53d67d7cd01e6b8fec1d94ae0c46ff93a9141379ac612a87f5680d99aa49b76571825ca5963ba6114bb3e5453d10454d6c97a4b4f88fb1f58a878a70ab2be977

Download Submit
C:\Windows\system\MQWTPzF.exe

Filesize
6.0MB

MD5
6614b049c920a244ec14d3b60e4da87d

SHA1
abe080f3c5f3da29eaf85e5ea7e13a433a4d9d5e

SHA256
c5c51f5ab2991b841edf5065c7cc8cb801a142cef5a4a83b0ef61b5d5910a6a3

SHA512
d16b9ecacc1e8a9ab2f759b28eedb8480fdff75b8510adebdbb487c6af02c465cab1ee7901ba9aeaf71a9bd951a37a0944a8fd395cb441a030e343afd4608b82

Download Submit
C:\Windows\system\OvYUhcV.exe

Filesize
6.0MB

MD5
565a70ed1538c8e1f2ce47c7e8a1bd14

SHA1
5a710ba965f149595313aa6cabf5b47d514106bb

SHA256
f9ff84004fef6cee8d841b6ff51b7eec1d550b1d6a6203a36c0c0adae07d6b2a

SHA512
98f5e0cf73e7e20f89004ff09d09632f464b46070e410da2967ccb598a8dd20604960c26485a9a41b94b33f6e5c37a6a025cda341da8435d85c5e0c18ef8c1fd

Download Submit
C:\Windows\system\QLxtOvq.exe

Filesize
6.0MB

MD5
3c092964c5207918b26a1cd2df7d6d96

SHA1
db3de3fb72994dede89ae6543916bddee831b9fa

SHA256
7fed1f2698e28685c97a2ccbf534e7b5947cf4b68034c795277f679e36dda750

SHA512
8224d76fded96655188cd4788fc9bae1cbc3172295e569ad9c147e3cfa7ea131e187a891325646875aacd0db2cb4f5547c8a8d13d27ae3a805fc5f25fc871d2d

Download Submit
C:\Windows\system\QYhHtaH.exe

Filesize
6.0MB

MD5
b2af46738a198594e70a19f41f70a380

SHA1
15bb22940c9fbd7e7eb3a75c4cbfaa0b2ae88360

SHA256
ab944c243654b2c26363c6362e78ca90b340773cc166894c7dfaef9d8605ef35

SHA512
0a4cf68371ee4e52a316ccc79bfbd7ff03226b49e02582a04a46010a562ffcbb342b738bcaba2b2819ae30b17c19209ecaddbeb46f87a70bfc30f174f04e301b

Download Submit
C:\Windows\system\QkeetVu.exe

Filesize
6.0MB

MD5
f8e8706fb9fb249f6c5ad7562ec3ba4d

SHA1
9f2930829b857883c8ab971703a43e1aa55dfdb1

SHA256
55f2ab1c200aeef26e37586a4d24e5eda2c908c63d5416cb7880ea8af2e4d75e

SHA512
8c2a5f8f33cd51295764f02493d58b218b21951acaecd68987c60ba75ebcb05f2ea524e1d967d4532c9a7389daa5936dcf458a473600d7905a05c17b9186c8cf

Download Submit
C:\Windows\system\RHPsBVa.exe

Filesize
6.0MB

MD5
06a3416e794bb6c4aebe45089c007bc5

SHA1
67b4e3ccf206675a3db4da45c6ac9c8aedfbc769

SHA256
5d4f2abb99c5c6f142b81f813216f976e8fe25a330f403d4b5f617a43f5ecfc2

SHA512
1df323a63056ffc693084bbfd556e1a246c8f20190c8b2983ceeaa9f5b7b5d58204d9ce06a824d58257a656a1b06c793502627fa4c28dd9ff96fa20a5f7bf39d

Download Submit
C:\Windows\system\TPSLUvP.exe

Filesize
6.0MB

MD5
2aaaf3d400b47bcbb0d2f0a102b25111

SHA1
2afa766c30f43d0b537775d498fd42f271b4d8f8

SHA256
eb870f912795e852e5128e498f37f6adf8c0c67f8717a8555747dd0394786bea

SHA512
61d1d4d5634254b337df6e7fe3f15ba1746dea5bc05f2f03790c85fd263b349d88e82d46a73722fef6ee2899e8cb327d92be4ca66b5dfa7d67e7842c3a72992d

Download Submit
C:\Windows\system\VnTiQrP.exe

Filesize
6.0MB

MD5
ffa0b456837a6e13f597449802488169

SHA1
70b8b4ba597eb0ea4a6ee92a6733165ab51404a2

SHA256
cad438dc67608a7849fb939b5e589f2b60c3a6901b9547434764a0f2158220e0

SHA512
ddbec1239bade9fe4685e983f633d244e8590d6b14d3caffe4eb50783389ba49158844abb76dd45027ec3fda0483123825beb5c04d17d92ee316a00e2db489e9

Download Submit
C:\Windows\system\VrsPWTL.exe

Filesize
6.0MB

MD5
03b4c095e18eecec7f6b9a93334d1303

SHA1
d4adde7a6021078eecf62f3a8f22f924b7f820fa

SHA256
f1daa29d9dceaa87a634eb67798d0cbbf14a56f497710e6c5093efc23cc704d7

SHA512
9218169dfabfee5c9c899a79bde33b33797dd1f15e84bef0438b8aae1a574f5999db7f8b91336915c91d63f55c1191c578e05ed4c6ce5b447d9ab2f0e20d2e6e

Download Submit
C:\Windows\system\eeqPWlB.exe

Filesize
6.0MB

MD5
23cead21a7819d539ad33b7f017ee8fa

SHA1
43d7abc7f414edc3c32f820961da800857cb892a

SHA256
38ed84fa76de7f92bd0a7549476a2ac9606059f6f28870c596926ea3dd3381e5

SHA512
5255e97195b718315382f6ec5c64a0d365b9a8b82c8841e2c9ebdf8e88596e2f122dd5ee89fee79a176bd9e37928d80d5f7072666e7dd3823daf13768f12b7c7

Download Submit
C:\Windows\system\fPdyAfg.exe

Filesize
6.0MB

MD5
a0ad8b8dcc036f37f5a9df1fde9d35b5

SHA1
f18aa5e5b70856f0732fe32a1076e077edd7e451

SHA256
ac641d6bdac461f401ce1ecda77c4e579392f55aae6bd671e84d82f37ac88e3c

SHA512
f0cac49874e5dab3cfe7fc609fb149d5d7b73d0993d41c97bf23b5c796730f2da91ee40a9704032ce5a12bcccbfe0b98922accf1f456457618641fc9f50cb1a1

Download Submit
C:\Windows\system\kksEhtG.exe

Filesize
6.0MB

MD5
470056af25c4f4ad23a5ab7fd854d69c

SHA1
c8043575727d0afa5e0b261a948a41bf2a0553fb

SHA256
7302bcdfb6b5522103a0bcc34fdb16d47ff792e281cd1fca2f6ad696381aeb25

SHA512
e9222f3f94e6bde489b2d835d03fe642bd32ef44bba1c2f75928ca1d54c6500fb4cc365e108ced4b952a04ed4671f9768097ad486de93f7534bd7231c725aca8

Download Submit
C:\Windows\system\pAXgkJK.exe

Filesize
6.0MB

MD5
3e6c17dc0e766ee92b921dee83a5b0d7

SHA1
7803e3f6a6104205eae24760720b627913c6393f

SHA256
0d9251021db2b886c386bec99709615b87346de0dbb8e64e47c9430a3762be1b

SHA512
4d23375fe1c66256dd75c4d1e0ea7031c3deab35254dc1d59fbb2b7b2b5610d0a42b54e65d84b08df5d210be6833fad0773488f55528cec26072fb28076c60c1

Download Submit
C:\Windows\system\qUFjwwX.exe

Filesize
6.0MB

MD5
6661ffd3c44c5631624eb8b0fbb397e4

SHA1
4a5fcff0f98727b27d67b75115d6bdd83ccabc4b

SHA256
44c438b29b008c9d6c0ba68d290bd45aabe641909be9733b7d6e6398603ec85b

SHA512
d99ab76afe59369998b7c5b36c600f5f9f4eb58f9e6d67182043aa8ea80346d9bf8e2631b24cd0d4defecd3c538f18bba4822a078e71e27f3386dfcdf8810855

Download Submit
C:\Windows\system\sGrxAzg.exe

Filesize
6.0MB

MD5
39569c07a3e80518242137aa84e62268

SHA1
14370cbe3f71beed6e962941a2938791a0c90c2d

SHA256
4b8c580b63a90d3edf8eef6cc0c3b05d3bee3bfb6383232b46bacc4f8db66257

SHA512
8c5ef324447bb6e4661f7f10ab6a1a0be67fe291aa180afa7de7abc995dade5070c5b4d39695ec3cee0583c65b99038f2e75598326f7f186ea7b958e8195a416

Download Submit
C:\Windows\system\vBsEKMm.exe

Filesize
6.0MB

MD5
5169bbb800ac067c3a1462bd241248c6

SHA1
9571b5af2dca5b8b9d3337c7b1f5828dc2cfb4bf

SHA256
4416e8d70fb69a72ac0bf2b496358425cd48e9006c0e1b98e925b0393925e3f3

SHA512
69ed089bbdbe086fc7c0039cadd562b6319016ad4ef285e6e5c4572b54790831c12eb64e5d5fa6a80eb81b2b8465e3df31357793a0b0d71a16d07c411e51ec7b

Download Submit
C:\Windows\system\vgZsakF.exe

Filesize
6.0MB

MD5
d0a4db0b4added935549281236d7af04

SHA1
2c022a9b7ef49c1eecac0293ac76086f837dca62

SHA256
a8364d7f9f94922b85b244670b909229b0bac57ccd53497213dd6b046cfec3e0

SHA512
323b30ceb7c0b5531469c759b34a12505fe68300d7d152ae089bc27a9ba221a7582801f8bf30b54debc65a7d91b5d502f9a329744b96ce333881c52fc901ff1c

Download Submit
C:\Windows\system\wHNrxAQ.exe

Filesize
6.0MB

MD5
8783c73bc6485bd6298b586d2b98d80a

SHA1
b807c5e5aca7b42c521abda3b9f5a4135c88a911

SHA256
0f1dc48af5ff86264afe12a1d35e44158169daa5ed107c3fb794bd8975bde597

SHA512
eaf4cd3b84efcfecb2603af400ac3213c7a591c89af21d5a727413649f3585438e3ed7c3267c289568d9e2b9f0033b30b8b507d2ccd11b9cac939006c0d1896a

Download Submit
C:\Windows\system\xoCkZQk.exe

Filesize
6.0MB

MD5
a2ff9780d05f75bc690e6d227f960336

SHA1
7b7f57765c7cb484abaadf923bccf5763a6671d1

SHA256
4b7ddd71c5897f357799e099fda70085edd51a5af8c3285b2e68eceb195659d8

SHA512
2b41a90a6a15105b739ecad1ef494ded2e6ecf215cae84b5141fb1eb6accdc1f65a39439081e65f55d4513fac16c588e92cfb12c8d3a29347e7e9bee07483e1e

Download Submit
C:\Windows\system\xpZueOf.exe

Filesize
6.0MB

MD5
ea12d6bfd1bc26a54baca98c559edb54

SHA1
e054d95a1687d73441438735bb697ebfa3367e22

SHA256
3ecb605b7325a807f1c3f036f757718aa556265301e708fc5a12b55c7e9f28eb

SHA512
8c18e71a025d7d1ba605dc11e996ddbbc7febe319e2ad2538f3c12bf008da4c0b7b2d945d603523829ab853fe322638ff223677081f4694a19a10392902b521e

Download Submit
C:\Windows\system\zcDXAZF.exe

Filesize
6.0MB

MD5
6611867c7922c5fa5c6ab11040606d0c

SHA1
5ac6391b5837c52bc5d8f52c7f91dc1c9c16a153

SHA256
2c24525f8576c74f33f1151082cc8756a9cf2e7ab95396fff113b9a5c4da4815

SHA512
21390a3f7e827e0df1d37962d03bb87d35bbe5830a691d834c49a665dc54cd5d5a534b73fdd4101a7b49680fa85463913640f98912cf7c026ab0627cb010e573

Download Submit
C:\Windows\system\zjLEwbW.exe

Filesize
6.0MB

MD5
c2c1c3b5734b2e2ec3af113db851086c

SHA1
748f02e4d95a8e3a50aac14f3db6f2e93dd4907d

SHA256
232d6dfc5549d812ef5edbd2144532f138c8ca95eebe6e2913b9015093609049

SHA512
6cc19aca64745f2bf6c06e5ce6dbbe9acd5984bb51c4e1e9963971853d3949ff40c92e6986bf24d018ea873622a0d2fe9b43df8cfd402f50c0c98de5a455386c

Download Submit
\Windows\system\DyNLZvr.exe

Filesize
6.0MB

MD5
d9e01362f868149e49c397792810208a

SHA1
7bd21ad28ca604b27f8d6b6880baca5526e7c5dd

SHA256
29ad84e3f68204ebb0851e6a159e6e44c4278b3335915888c060aa635970e323

SHA512
1b3c17bc345784693feb5473e68a215fa87a2ec61751b0163f22e3c4bf09136ed1c37eb2d0bcbaee9cd38bd3563a4690cd743c5621ac86a254e490c07a8c1075

Download Submit
memory/496-1497-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/496-4018-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/536-1964-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/536-4017-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/644-2044-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/644-3240-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1160-2008-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1160-3420-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-3987-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1401-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2285-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1847-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1257-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1325-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1402-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/2312-1450-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1498-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1934-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1557-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2013-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1610-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3060-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1666-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3061-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3071-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3190-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-0-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2284-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1971-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2750-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2749-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3098-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2958-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2969-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2961-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2943-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3019-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3030-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3044-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3055-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3057-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3247-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1322-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1609-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4008-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-1449-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3264-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1665-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3419-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2796-931-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3263-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2855-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3265-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1556-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4016-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1256-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1837-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4042-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3418-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1911-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download