cobaltstrike | b5f31b08a6b7b31a47d0ab068875d0b250cdaa8ed38adff04621373e8202d1f0

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b7b32b1b8716aebd952b948761e57258
SHA1

4bdb664d576002d0015177b367b6dd0eee5bb577
SHA256

b5f31b08a6b7b31a47d0ab068875d0b250cdaa8ed38adff04621373e8202d1f0
SHA512

f879b0a4a56552c3b2788fe1a9d28c8c66a6b02c3ee2f2e9b4bab9de176aafae00ec2c08b603e370ffdf7f0451dd195fbb825e62efa2659d1448c7bec4925240
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707f-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-16.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174f8-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-30.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018683-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-131.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016df8-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2812-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x000800000001707f-11.dat	xmrig
behavioral1/files/0x00080000000174b4-16.dat	xmrig
behavioral1/files/0x00080000000174f8-21.dat	xmrig
behavioral1/files/0x00070000000175f1-26.dat	xmrig
behavioral1/files/0x00070000000175f7-30.dat	xmrig
behavioral1/files/0x000e000000018683-36.dat	xmrig
behavioral1/files/0x0007000000018706-45.dat	xmrig
behavioral1/files/0x00050000000192a1-50.dat	xmrig
behavioral1/files/0x0005000000019358-58.dat	xmrig
behavioral1/files/0x000500000001938e-65.dat	xmrig
behavioral1/files/0x00050000000193cc-75.dat	xmrig
behavioral1/files/0x0005000000019510-131.dat	xmrig
behavioral1/files/0x0034000000016df8-152.dat	xmrig
behavioral1/memory/2812-1093-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0005000000019508-147.dat	xmrig
behavioral1/files/0x000500000001952b-144.dat	xmrig
behavioral1/memory/3040-137-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019518-134.dat	xmrig
behavioral1/memory/1856-196-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2200-194-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2052-192-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/1364-190-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2444-188-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2584-186-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2812-185-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2576-184-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2440-182-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2812-181-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2640-180-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2528-178-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2812-177-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2536-176-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2676-173-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2560-169-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019535-160.dat	xmrig
behavioral1/files/0x000500000001952e-151.dat	xmrig
behavioral1/files/0x0005000000019520-141.dat	xmrig
behavioral1/files/0x00050000000194e1-120.dat	xmrig
behavioral1/files/0x00050000000194c3-110.dat	xmrig
behavioral1/files/0x0005000000019502-125.dat	xmrig
behavioral1/files/0x00050000000194d5-115.dat	xmrig
behavioral1/files/0x00050000000194ad-105.dat	xmrig
behavioral1/files/0x0005000000019428-100.dat	xmrig
behavioral1/files/0x0005000000019426-95.dat	xmrig
behavioral1/files/0x00050000000193f9-90.dat	xmrig
behavioral1/files/0x00050000000193dc-85.dat	xmrig
behavioral1/files/0x00050000000193d0-80.dat	xmrig
behavioral1/files/0x000500000001939f-70.dat	xmrig
behavioral1/files/0x0005000000019354-55.dat	xmrig
behavioral1/files/0x0007000000018697-41.dat	xmrig
behavioral1/memory/2576-3840-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2052-3847-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2200-4080-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2676-4083-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2444-4122-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2536-4210-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2640-4209-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1856-4207-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2560-4206-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2440-4082-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1364-4081-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/3040-4079-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3040	KUncApg.exe
2560	FTRCcmB.exe
2676	NVDadBK.exe
2536	rHEGOKw.exe
2528	fVhnbWW.exe
2640	tcrXEGs.exe
2440	NYOyxyN.exe
2576	JnOqlzY.exe
2584	DzmZQHB.exe
2444	rUwqTXO.exe
1364	WOkosCu.exe
2052	yuAOKxQ.exe
2200	HqNMagm.exe
1856	XoyggjG.exe
2160	vyqllpk.exe
1620	sTZseWm.exe
1624	XKPGbdk.exe
1044	twznfWp.exe
2332	FGmyKOL.exe
2344	qObnwkU.exe
2164	EznJVux.exe
2180	cNMcZJh.exe
840	KFAbvpu.exe
1368	nyOFUoE.exe
1288	dKKufkd.exe
1756	LkwIYgo.exe
2852	zhkJjOh.exe
2604	ETXVIKD.exe
2472	PlgQqXl.exe
956	FtcOIRH.exe
3020	UGPdBZL.exe
920	PnKdwMG.exe
1536	srQTkZP.exe
2016	YNxMauK.exe
2400	PzPpZcn.exe
2952	dPpJpyA.exe
2380	kedXzKk.exe
1680	zuvDQyd.exe
1752	BAdKzvn.exe
2124	YFFSvLE.exe
1528	PDhZBKr.exe
568	KvVDASw.exe
3048	iOgQdZJ.exe
1740	nJSWvcH.exe
1664	rObHKNF.exe
1672	xWFtpTm.exe
1984	rrQaveb.exe
2708	BGqIOMd.exe
2004	zgcZKds.exe
1588	cWtiExg.exe
1556	MFkgsoE.exe
2556	mNcfeDw.exe
2540	SYZwqUV.exe
2500	eEdPCvw.exe
2428	bbYjbbn.exe
2204	jUMBIYA.exe
2672	VOtbkvh.exe
2452	BwNDeJw.exe
1012	HxkuipS.exe
1812	wnmeUiJ.exe
324	kkFCcok.exe
2532	HtJUCfj.exe
2156	zBKcdYY.exe
2176	SLTPpoA.exe

Loads dropped DLL 64 IoCs

pid	Process
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2812-0-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x000800000001707f-11.dat	upx
behavioral1/files/0x00080000000174b4-16.dat	upx
behavioral1/files/0x00080000000174f8-21.dat	upx
behavioral1/files/0x00070000000175f1-26.dat	upx
behavioral1/files/0x00070000000175f7-30.dat	upx
behavioral1/files/0x000e000000018683-36.dat	upx
behavioral1/files/0x0007000000018706-45.dat	upx
behavioral1/files/0x00050000000192a1-50.dat	upx
behavioral1/files/0x0005000000019358-58.dat	upx
behavioral1/files/0x000500000001938e-65.dat	upx
behavioral1/files/0x00050000000193cc-75.dat	upx
behavioral1/files/0x0005000000019510-131.dat	upx
behavioral1/files/0x0034000000016df8-152.dat	upx
behavioral1/memory/2812-1093-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0005000000019508-147.dat	upx
behavioral1/files/0x000500000001952b-144.dat	upx
behavioral1/memory/3040-137-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019518-134.dat	upx
behavioral1/memory/1856-196-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2200-194-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2052-192-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/1364-190-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2444-188-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2584-186-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2576-184-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2440-182-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2640-180-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2528-178-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2536-176-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2676-173-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2560-169-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019535-160.dat	upx
behavioral1/files/0x000500000001952e-151.dat	upx
behavioral1/files/0x0005000000019520-141.dat	upx
behavioral1/files/0x00050000000194e1-120.dat	upx
behavioral1/files/0x00050000000194c3-110.dat	upx
behavioral1/files/0x0005000000019502-125.dat	upx
behavioral1/files/0x00050000000194d5-115.dat	upx
behavioral1/files/0x00050000000194ad-105.dat	upx
behavioral1/files/0x0005000000019428-100.dat	upx
behavioral1/files/0x0005000000019426-95.dat	upx
behavioral1/files/0x00050000000193f9-90.dat	upx
behavioral1/files/0x00050000000193dc-85.dat	upx
behavioral1/files/0x00050000000193d0-80.dat	upx
behavioral1/files/0x000500000001939f-70.dat	upx
behavioral1/files/0x0005000000019354-55.dat	upx
behavioral1/files/0x0007000000018697-41.dat	upx
behavioral1/memory/2576-3840-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2052-3847-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2200-4080-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2676-4083-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2444-4122-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2536-4210-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2640-4209-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1856-4207-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2560-4206-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2440-4082-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1364-4081-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/3040-4079-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2584-4078-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iQWlZxR.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEYFGPW.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBFjsRC.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgkAqon.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPXDrMj.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPUoLRd.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxryZFA.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwBpvEF.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdnWWKW.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsmsOCw.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsqxrZS.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPMKPLa.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUIFJfK.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKpYkad.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHTVTig.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaLlJub.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjZKful.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xqlshob.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOrofsH.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDLAziL.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fskwEGW.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDeOyzV.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCYpXxk.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLUUYTo.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcRKUDD.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSaYPwS.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYGCASM.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guNSZjK.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyZeIxG.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyGiJQr.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TudtnXU.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnexPMi.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKUrtbh.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXoproB.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOojzct.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAmpwKl.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNzWpMt.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHvauTC.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVIiPuC.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngrYUpY.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASnCUMT.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMUbqOe.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lgtutbg.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKSvBJh.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\easlfMo.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIzOdwn.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWnxpzh.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buGnrmz.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkAktUI.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebVMXjf.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrDHicN.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLeKSfk.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMcyHjE.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsKLWDR.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpVCBjT.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjHISQh.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMpVomf.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEdPCvw.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WInhmRL.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBabYAX.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJnhwWu.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TouXvDC.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETazYRj.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIloAMB.exe	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 3040	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2812 wrote to memory of 3040	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2812 wrote to memory of 3040	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2812 wrote to memory of 2560	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2812 wrote to memory of 2560	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2812 wrote to memory of 2560	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2812 wrote to memory of 2676	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2812 wrote to memory of 2676	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2812 wrote to memory of 2676	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2812 wrote to memory of 2536	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2812 wrote to memory of 2536	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2812 wrote to memory of 2536	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2812 wrote to memory of 2528	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2812 wrote to memory of 2528	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2812 wrote to memory of 2528	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2812 wrote to memory of 2640	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2812 wrote to memory of 2640	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2812 wrote to memory of 2640	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2812 wrote to memory of 2440	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2812 wrote to memory of 2440	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2812 wrote to memory of 2440	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2812 wrote to memory of 2576	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2812 wrote to memory of 2576	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2812 wrote to memory of 2576	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2812 wrote to memory of 2584	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2812 wrote to memory of 2584	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2812 wrote to memory of 2584	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2812 wrote to memory of 2444	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2812 wrote to memory of 2444	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2812 wrote to memory of 2444	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2812 wrote to memory of 1364	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2812 wrote to memory of 1364	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2812 wrote to memory of 1364	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2812 wrote to memory of 2052	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2812 wrote to memory of 2052	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2812 wrote to memory of 2052	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2812 wrote to memory of 2200	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2812 wrote to memory of 2200	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2812 wrote to memory of 2200	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2812 wrote to memory of 1856	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2812 wrote to memory of 1856	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2812 wrote to memory of 1856	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2812 wrote to memory of 2160	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2812 wrote to memory of 2160	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2812 wrote to memory of 2160	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2812 wrote to memory of 1620	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2812 wrote to memory of 1620	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2812 wrote to memory of 1620	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2812 wrote to memory of 1624	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2812 wrote to memory of 1624	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2812 wrote to memory of 1624	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2812 wrote to memory of 1044	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2812 wrote to memory of 1044	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2812 wrote to memory of 1044	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2812 wrote to memory of 2332	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2812 wrote to memory of 2332	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2812 wrote to memory of 2332	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2812 wrote to memory of 2344	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2812 wrote to memory of 2344	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2812 wrote to memory of 2344	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2812 wrote to memory of 2164	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2812 wrote to memory of 2164	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2812 wrote to memory of 2164	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2812 wrote to memory of 2180	2812	2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_b7b32b1b8716aebd952b948761e57258_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\System\KUncApg.exe
  C:\Windows\System\KUncApg.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\FTRCcmB.exe
  C:\Windows\System\FTRCcmB.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NVDadBK.exe
  C:\Windows\System\NVDadBK.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\rHEGOKw.exe
  C:\Windows\System\rHEGOKw.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\fVhnbWW.exe
  C:\Windows\System\fVhnbWW.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\tcrXEGs.exe
  C:\Windows\System\tcrXEGs.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\NYOyxyN.exe
  C:\Windows\System\NYOyxyN.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\JnOqlzY.exe
  C:\Windows\System\JnOqlzY.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\DzmZQHB.exe
  C:\Windows\System\DzmZQHB.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\rUwqTXO.exe
  C:\Windows\System\rUwqTXO.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\WOkosCu.exe
  C:\Windows\System\WOkosCu.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\yuAOKxQ.exe
  C:\Windows\System\yuAOKxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\HqNMagm.exe
  C:\Windows\System\HqNMagm.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\XoyggjG.exe
  C:\Windows\System\XoyggjG.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\vyqllpk.exe
  C:\Windows\System\vyqllpk.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\sTZseWm.exe
  C:\Windows\System\sTZseWm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\XKPGbdk.exe
  C:\Windows\System\XKPGbdk.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\twznfWp.exe
  C:\Windows\System\twznfWp.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\FGmyKOL.exe
  C:\Windows\System\FGmyKOL.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qObnwkU.exe
  C:\Windows\System\qObnwkU.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\EznJVux.exe
  C:\Windows\System\EznJVux.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cNMcZJh.exe
  C:\Windows\System\cNMcZJh.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\KFAbvpu.exe
  C:\Windows\System\KFAbvpu.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\nyOFUoE.exe
  C:\Windows\System\nyOFUoE.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\dKKufkd.exe
  C:\Windows\System\dKKufkd.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\ETXVIKD.exe
  C:\Windows\System\ETXVIKD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\LkwIYgo.exe
  C:\Windows\System\LkwIYgo.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\UGPdBZL.exe
  C:\Windows\System\UGPdBZL.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\zhkJjOh.exe
  C:\Windows\System\zhkJjOh.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\YNxMauK.exe
  C:\Windows\System\YNxMauK.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\PlgQqXl.exe
  C:\Windows\System\PlgQqXl.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\PzPpZcn.exe
  C:\Windows\System\PzPpZcn.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\FtcOIRH.exe
  C:\Windows\System\FtcOIRH.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\kedXzKk.exe
  C:\Windows\System\kedXzKk.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\PnKdwMG.exe
  C:\Windows\System\PnKdwMG.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\BAdKzvn.exe
  C:\Windows\System\BAdKzvn.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\srQTkZP.exe
  C:\Windows\System\srQTkZP.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\YFFSvLE.exe
  C:\Windows\System\YFFSvLE.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\dPpJpyA.exe
  C:\Windows\System\dPpJpyA.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\PDhZBKr.exe
  C:\Windows\System\PDhZBKr.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\zuvDQyd.exe
  C:\Windows\System\zuvDQyd.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\KvVDASw.exe
  C:\Windows\System\KvVDASw.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\iOgQdZJ.exe
  C:\Windows\System\iOgQdZJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rObHKNF.exe
  C:\Windows\System\rObHKNF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\nJSWvcH.exe
  C:\Windows\System\nJSWvcH.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\xWFtpTm.exe
  C:\Windows\System\xWFtpTm.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\rrQaveb.exe
  C:\Windows\System\rrQaveb.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\BGqIOMd.exe
  C:\Windows\System\BGqIOMd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\zgcZKds.exe
  C:\Windows\System\zgcZKds.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\MFkgsoE.exe
  C:\Windows\System\MFkgsoE.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\cWtiExg.exe
  C:\Windows\System\cWtiExg.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\SYZwqUV.exe
  C:\Windows\System\SYZwqUV.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\mNcfeDw.exe
  C:\Windows\System\mNcfeDw.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\VOtbkvh.exe
  C:\Windows\System\VOtbkvh.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\eEdPCvw.exe
  C:\Windows\System\eEdPCvw.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\BwNDeJw.exe
  C:\Windows\System\BwNDeJw.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\bbYjbbn.exe
  C:\Windows\System\bbYjbbn.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\HtJUCfj.exe
  C:\Windows\System\HtJUCfj.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\jUMBIYA.exe
  C:\Windows\System\jUMBIYA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\zBKcdYY.exe
  C:\Windows\System\zBKcdYY.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\HxkuipS.exe
  C:\Windows\System\HxkuipS.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\SLTPpoA.exe
  C:\Windows\System\SLTPpoA.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\wnmeUiJ.exe
  C:\Windows\System\wnmeUiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\dnWFAQA.exe
  C:\Windows\System\dnWFAQA.exe
  2⤵
  PID:2320
- C:\Windows\System\kkFCcok.exe
  C:\Windows\System\kkFCcok.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\XoCwLzQ.exe
  C:\Windows\System\XoCwLzQ.exe
  2⤵
  PID:1152
- C:\Windows\System\pYZxbSo.exe
  C:\Windows\System\pYZxbSo.exe
  2⤵
  PID:2012
- C:\Windows\System\DlzvJDz.exe
  C:\Windows\System\DlzvJDz.exe
  2⤵
  PID:1744
- C:\Windows\System\porZxIp.exe
  C:\Windows\System\porZxIp.exe
  2⤵
  PID:2168
- C:\Windows\System\svPqLYG.exe
  C:\Windows\System\svPqLYG.exe
  2⤵
  PID:2508
- C:\Windows\System\ECjtoxp.exe
  C:\Windows\System\ECjtoxp.exe
  2⤵
  PID:1684
- C:\Windows\System\fhfhvkO.exe
  C:\Windows\System\fhfhvkO.exe
  2⤵
  PID:844
- C:\Windows\System\wejYJqc.exe
  C:\Windows\System\wejYJqc.exe
  2⤵
  PID:848
- C:\Windows\System\eylhhwF.exe
  C:\Windows\System\eylhhwF.exe
  2⤵
  PID:1748
- C:\Windows\System\NkEjfha.exe
  C:\Windows\System\NkEjfha.exe
  2⤵
  PID:2816
- C:\Windows\System\uypjcnV.exe
  C:\Windows\System\uypjcnV.exe
  2⤵
  PID:2992
- C:\Windows\System\PzgcMWm.exe
  C:\Windows\System\PzgcMWm.exe
  2⤵
  PID:1572
- C:\Windows\System\UyDWfMz.exe
  C:\Windows\System\UyDWfMz.exe
  2⤵
  PID:896
- C:\Windows\System\skYacNO.exe
  C:\Windows\System\skYacNO.exe
  2⤵
  PID:2252
- C:\Windows\System\baeNnRI.exe
  C:\Windows\System\baeNnRI.exe
  2⤵
  PID:996
- C:\Windows\System\lNjDroL.exe
  C:\Windows\System\lNjDroL.exe
  2⤵
  PID:2552
- C:\Windows\System\FWkmfOr.exe
  C:\Windows\System\FWkmfOr.exe
  2⤵
  PID:1720
- C:\Windows\System\BfYEwsi.exe
  C:\Windows\System\BfYEwsi.exe
  2⤵
  PID:1700
- C:\Windows\System\UsKUadw.exe
  C:\Windows\System\UsKUadw.exe
  2⤵
  PID:2580
- C:\Windows\System\eFvykXS.exe
  C:\Windows\System\eFvykXS.exe
  2⤵
  PID:1692
- C:\Windows\System\YnNNdcV.exe
  C:\Windows\System\YnNNdcV.exe
  2⤵
  PID:1584
- C:\Windows\System\HOnpJVZ.exe
  C:\Windows\System\HOnpJVZ.exe
  2⤵
  PID:2636
- C:\Windows\System\rAOFsUt.exe
  C:\Windows\System\rAOFsUt.exe
  2⤵
  PID:308
- C:\Windows\System\sEDoyMx.exe
  C:\Windows\System\sEDoyMx.exe
  2⤵
  PID:2624
- C:\Windows\System\ulsygYH.exe
  C:\Windows\System\ulsygYH.exe
  2⤵
  PID:3096
- C:\Windows\System\RoLYCnr.exe
  C:\Windows\System\RoLYCnr.exe
  2⤵
  PID:3112
- C:\Windows\System\mGjdpUj.exe
  C:\Windows\System\mGjdpUj.exe
  2⤵
  PID:3136
- C:\Windows\System\IOxyHPn.exe
  C:\Windows\System\IOxyHPn.exe
  2⤵
  PID:3156
- C:\Windows\System\fFedcdz.exe
  C:\Windows\System\fFedcdz.exe
  2⤵
  PID:3176
- C:\Windows\System\BKEgSYy.exe
  C:\Windows\System\BKEgSYy.exe
  2⤵
  PID:3192
- C:\Windows\System\GRVDrRP.exe
  C:\Windows\System\GRVDrRP.exe
  2⤵
  PID:3216
- C:\Windows\System\ibsrICq.exe
  C:\Windows\System\ibsrICq.exe
  2⤵
  PID:3232
- C:\Windows\System\budNnqz.exe
  C:\Windows\System\budNnqz.exe
  2⤵
  PID:3248
- C:\Windows\System\MhisYao.exe
  C:\Windows\System\MhisYao.exe
  2⤵
  PID:3272
- C:\Windows\System\QwfVvQh.exe
  C:\Windows\System\QwfVvQh.exe
  2⤵
  PID:3288
- C:\Windows\System\NPPqFZU.exe
  C:\Windows\System\NPPqFZU.exe
  2⤵
  PID:3312
- C:\Windows\System\mDVffVB.exe
  C:\Windows\System\mDVffVB.exe
  2⤵
  PID:3336
- C:\Windows\System\CJJIjul.exe
  C:\Windows\System\CJJIjul.exe
  2⤵
  PID:3352
- C:\Windows\System\qAtkInZ.exe
  C:\Windows\System\qAtkInZ.exe
  2⤵
  PID:3412
- C:\Windows\System\VNxPvty.exe
  C:\Windows\System\VNxPvty.exe
  2⤵
  PID:3428
- C:\Windows\System\oJErpyy.exe
  C:\Windows\System\oJErpyy.exe
  2⤵
  PID:3448
- C:\Windows\System\HJwEQNL.exe
  C:\Windows\System\HJwEQNL.exe
  2⤵
  PID:3468
- C:\Windows\System\EjrEGHz.exe
  C:\Windows\System\EjrEGHz.exe
  2⤵
  PID:3484
- C:\Windows\System\fFbmWWf.exe
  C:\Windows\System\fFbmWWf.exe
  2⤵
  PID:3508
- C:\Windows\System\XDLAziL.exe
  C:\Windows\System\XDLAziL.exe
  2⤵
  PID:3532
- C:\Windows\System\CMoJydM.exe
  C:\Windows\System\CMoJydM.exe
  2⤵
  PID:3548
- C:\Windows\System\CqbjrKZ.exe
  C:\Windows\System\CqbjrKZ.exe
  2⤵
  PID:3564
- C:\Windows\System\UwiQbfZ.exe
  C:\Windows\System\UwiQbfZ.exe
  2⤵
  PID:3584
- C:\Windows\System\URvqRoO.exe
  C:\Windows\System\URvqRoO.exe
  2⤵
  PID:3600
- C:\Windows\System\kWKfXjL.exe
  C:\Windows\System\kWKfXjL.exe
  2⤵
  PID:3624
- C:\Windows\System\nMaYMjE.exe
  C:\Windows\System\nMaYMjE.exe
  2⤵
  PID:3640
- C:\Windows\System\ulIykpj.exe
  C:\Windows\System\ulIykpj.exe
  2⤵
  PID:3656
- C:\Windows\System\cukGQtp.exe
  C:\Windows\System\cukGQtp.exe
  2⤵
  PID:3672
- C:\Windows\System\ZtcRVoE.exe
  C:\Windows\System\ZtcRVoE.exe
  2⤵
  PID:3688
- C:\Windows\System\UdcDPxh.exe
  C:\Windows\System\UdcDPxh.exe
  2⤵
  PID:3704
- C:\Windows\System\fRluYzv.exe
  C:\Windows\System\fRluYzv.exe
  2⤵
  PID:3724
- C:\Windows\System\nFvyWLc.exe
  C:\Windows\System\nFvyWLc.exe
  2⤵
  PID:3744
- C:\Windows\System\DhofSYR.exe
  C:\Windows\System\DhofSYR.exe
  2⤵
  PID:3760
- C:\Windows\System\lwBpvEF.exe
  C:\Windows\System\lwBpvEF.exe
  2⤵
  PID:3784
- C:\Windows\System\oiBXPiJ.exe
  C:\Windows\System\oiBXPiJ.exe
  2⤵
  PID:3804
- C:\Windows\System\qPkEdQS.exe
  C:\Windows\System\qPkEdQS.exe
  2⤵
  PID:3824
- C:\Windows\System\RpMIAmc.exe
  C:\Windows\System\RpMIAmc.exe
  2⤵
  PID:3844
- C:\Windows\System\uWBXlwS.exe
  C:\Windows\System\uWBXlwS.exe
  2⤵
  PID:3864
- C:\Windows\System\YwTRMMJ.exe
  C:\Windows\System\YwTRMMJ.exe
  2⤵
  PID:3880
- C:\Windows\System\OIyuQUQ.exe
  C:\Windows\System\OIyuQUQ.exe
  2⤵
  PID:3928
- C:\Windows\System\iVRmkoF.exe
  C:\Windows\System\iVRmkoF.exe
  2⤵
  PID:3944
- C:\Windows\System\AfPclod.exe
  C:\Windows\System\AfPclod.exe
  2⤵
  PID:3964
- C:\Windows\System\UtTJhDQ.exe
  C:\Windows\System\UtTJhDQ.exe
  2⤵
  PID:3980
- C:\Windows\System\FPZhOBa.exe
  C:\Windows\System\FPZhOBa.exe
  2⤵
  PID:3996
- C:\Windows\System\WkrEcli.exe
  C:\Windows\System\WkrEcli.exe
  2⤵
  PID:4012
- C:\Windows\System\OASAkqY.exe
  C:\Windows\System\OASAkqY.exe
  2⤵
  PID:4028
- C:\Windows\System\jZtxuSC.exe
  C:\Windows\System\jZtxuSC.exe
  2⤵
  PID:4044
- C:\Windows\System\SpBaKaV.exe
  C:\Windows\System\SpBaKaV.exe
  2⤵
  PID:4060
- C:\Windows\System\dFpUpvR.exe
  C:\Windows\System\dFpUpvR.exe
  2⤵
  PID:4076
- C:\Windows\System\UDCaXKI.exe
  C:\Windows\System\UDCaXKI.exe
  2⤵
  PID:4092
- C:\Windows\System\zecfFRW.exe
  C:\Windows\System\zecfFRW.exe
  2⤵
  PID:2364
- C:\Windows\System\jDBZzYC.exe
  C:\Windows\System\jDBZzYC.exe
  2⤵
  PID:1328
- C:\Windows\System\fnLQXDp.exe
  C:\Windows\System\fnLQXDp.exe
  2⤵
  PID:1564
- C:\Windows\System\OvESPJG.exe
  C:\Windows\System\OvESPJG.exe
  2⤵
  PID:2432
- C:\Windows\System\ajfgJBS.exe
  C:\Windows\System\ajfgJBS.exe
  2⤵
  PID:1304
- C:\Windows\System\FKJceWB.exe
  C:\Windows\System\FKJceWB.exe
  2⤵
  PID:576
- C:\Windows\System\JDcQJjs.exe
  C:\Windows\System\JDcQJjs.exe
  2⤵
  PID:3080
- C:\Windows\System\guNSZjK.exe
  C:\Windows\System\guNSZjK.exe
  2⤵
  PID:1312
- C:\Windows\System\QhMnxXD.exe
  C:\Windows\System\QhMnxXD.exe
  2⤵
  PID:1964
- C:\Windows\System\acyCuZI.exe
  C:\Windows\System\acyCuZI.exe
  2⤵
  PID:3128
- C:\Windows\System\fXfjLbO.exe
  C:\Windows\System\fXfjLbO.exe
  2⤵
  PID:3212
- C:\Windows\System\CUbxeZH.exe
  C:\Windows\System\CUbxeZH.exe
  2⤵
  PID:1316
- C:\Windows\System\QmrwuGN.exe
  C:\Windows\System\QmrwuGN.exe
  2⤵
  PID:2292
- C:\Windows\System\oGPJfmG.exe
  C:\Windows\System\oGPJfmG.exe
  2⤵
  PID:2088
- C:\Windows\System\DuDbfpf.exe
  C:\Windows\System\DuDbfpf.exe
  2⤵
  PID:3328
- C:\Windows\System\OVmnWdC.exe
  C:\Windows\System\OVmnWdC.exe
  2⤵
  PID:3360
- C:\Windows\System\OWsaNxS.exe
  C:\Windows\System\OWsaNxS.exe
  2⤵
  PID:3384
- C:\Windows\System\QtOkKKR.exe
  C:\Windows\System\QtOkKKR.exe
  2⤵
  PID:3400
- C:\Windows\System\dGktazQ.exe
  C:\Windows\System\dGktazQ.exe
  2⤵
  PID:3476
- C:\Windows\System\eSVnITv.exe
  C:\Windows\System\eSVnITv.exe
  2⤵
  PID:3012
- C:\Windows\System\hKTZApS.exe
  C:\Windows\System\hKTZApS.exe
  2⤵
  PID:3560
- C:\Windows\System\qFoqpTW.exe
  C:\Windows\System\qFoqpTW.exe
  2⤵
  PID:3596
- C:\Windows\System\NddBikN.exe
  C:\Windows\System\NddBikN.exe
  2⤵
  PID:3296
- C:\Windows\System\JMcpHbq.exe
  C:\Windows\System\JMcpHbq.exe
  2⤵
  PID:2828
- C:\Windows\System\eZEUhOF.exe
  C:\Windows\System\eZEUhOF.exe
  2⤵
  PID:3188
- C:\Windows\System\jEqYjwA.exe
  C:\Windows\System\jEqYjwA.exe
  2⤵
  PID:2120
- C:\Windows\System\pHFMVDg.exe
  C:\Windows\System\pHFMVDg.exe
  2⤵
  PID:1936
- C:\Windows\System\pOuSmov.exe
  C:\Windows\System\pOuSmov.exe
  2⤵
  PID:3700
- C:\Windows\System\OkaQSfQ.exe
  C:\Windows\System\OkaQSfQ.exe
  2⤵
  PID:3768
- C:\Windows\System\mFwGcSr.exe
  C:\Windows\System\mFwGcSr.exe
  2⤵
  PID:3816
- C:\Windows\System\aLmvdSE.exe
  C:\Windows\System\aLmvdSE.exe
  2⤵
  PID:3856
- C:\Windows\System\jDovHYu.exe
  C:\Windows\System\jDovHYu.exe
  2⤵
  PID:3900
- C:\Windows\System\kzvsUlm.exe
  C:\Windows\System\kzvsUlm.exe
  2⤵
  PID:3916
- C:\Windows\System\gpIYRqP.exe
  C:\Windows\System\gpIYRqP.exe
  2⤵
  PID:3988
- C:\Windows\System\JZIOevO.exe
  C:\Windows\System\JZIOevO.exe
  2⤵
  PID:3456
- C:\Windows\System\IsPNSkZ.exe
  C:\Windows\System\IsPNSkZ.exe
  2⤵
  PID:3500
- C:\Windows\System\thXMELv.exe
  C:\Windows\System\thXMELv.exe
  2⤵
  PID:4084
- C:\Windows\System\MgLcZsA.exe
  C:\Windows\System\MgLcZsA.exe
  2⤵
  PID:2372
- C:\Windows\System\UJhzZyJ.exe
  C:\Windows\System\UJhzZyJ.exe
  2⤵
  PID:3620
- C:\Windows\System\ngrYUpY.exe
  C:\Windows\System\ngrYUpY.exe
  2⤵
  PID:3832
- C:\Windows\System\TeLItUq.exe
  C:\Windows\System\TeLItUq.exe
  2⤵
  PID:3576
- C:\Windows\System\JKOqFeK.exe
  C:\Windows\System\JKOqFeK.exe
  2⤵
  PID:3712
- C:\Windows\System\yaPsGzy.exe
  C:\Windows\System\yaPsGzy.exe
  2⤵
  PID:3612
- C:\Windows\System\FsEODii.exe
  C:\Windows\System\FsEODii.exe
  2⤵
  PID:3940
- C:\Windows\System\ZrlWKqt.exe
  C:\Windows\System\ZrlWKqt.exe
  2⤵
  PID:2008
- C:\Windows\System\gjHDsfF.exe
  C:\Windows\System\gjHDsfF.exe
  2⤵
  PID:2420
- C:\Windows\System\AIpceNL.exe
  C:\Windows\System\AIpceNL.exe
  2⤵
  PID:3976
- C:\Windows\System\rgUveac.exe
  C:\Windows\System\rgUveac.exe
  2⤵
  PID:1716
- C:\Windows\System\OcKGrjn.exe
  C:\Windows\System\OcKGrjn.exe
  2⤵
  PID:1596
- C:\Windows\System\IHAjafJ.exe
  C:\Windows\System\IHAjafJ.exe
  2⤵
  PID:4036
- C:\Windows\System\YYhLZQp.exe
  C:\Windows\System\YYhLZQp.exe
  2⤵
  PID:2464
- C:\Windows\System\MctJNAY.exe
  C:\Windows\System\MctJNAY.exe
  2⤵
  PID:812
- C:\Windows\System\OMcmYGg.exe
  C:\Windows\System\OMcmYGg.exe
  2⤵
  PID:1920
- C:\Windows\System\lhnDLJr.exe
  C:\Windows\System\lhnDLJr.exe
  2⤵
  PID:1504
- C:\Windows\System\cAODUqH.exe
  C:\Windows\System\cAODUqH.exe
  2⤵
  PID:340
- C:\Windows\System\BONjFGM.exe
  C:\Windows\System\BONjFGM.exe
  2⤵
  PID:3368
- C:\Windows\System\voFFQxi.exe
  C:\Windows\System\voFFQxi.exe
  2⤵
  PID:3404
- C:\Windows\System\lDwdDrj.exe
  C:\Windows\System\lDwdDrj.exe
  2⤵
  PID:3592
- C:\Windows\System\rizlRbZ.exe
  C:\Windows\System\rizlRbZ.exe
  2⤵
  PID:3344
- C:\Windows\System\NyiODbu.exe
  C:\Windows\System\NyiODbu.exe
  2⤵
  PID:3520
- C:\Windows\System\VEiCAAN.exe
  C:\Windows\System\VEiCAAN.exe
  2⤵
  PID:3224
- C:\Windows\System\DyCnVBY.exe
  C:\Windows\System\DyCnVBY.exe
  2⤵
  PID:3664
- C:\Windows\System\igDtyZE.exe
  C:\Windows\System\igDtyZE.exe
  2⤵
  PID:3780
- C:\Windows\System\NTuNeAl.exe
  C:\Windows\System\NTuNeAl.exe
  2⤵
  PID:3892
- C:\Windows\System\gIuWMnp.exe
  C:\Windows\System\gIuWMnp.exe
  2⤵
  PID:3492
- C:\Windows\System\dEGNQaC.exe
  C:\Windows\System\dEGNQaC.exe
  2⤵
  PID:3908
- C:\Windows\System\tigQHMb.exe
  C:\Windows\System\tigQHMb.exe
  2⤵
  PID:3792
- C:\Windows\System\beMdiVT.exe
  C:\Windows\System\beMdiVT.exe
  2⤵
  PID:3716
- C:\Windows\System\VJqjCIA.exe
  C:\Windows\System\VJqjCIA.exe
  2⤵
  PID:1004
- C:\Windows\System\hItWDmf.exe
  C:\Windows\System\hItWDmf.exe
  2⤵
  PID:4040
- C:\Windows\System\yFGIsSa.exe
  C:\Windows\System\yFGIsSa.exe
  2⤵
  PID:3540
- C:\Windows\System\gZsClMu.exe
  C:\Windows\System\gZsClMu.exe
  2⤵
  PID:2408
- C:\Windows\System\sgLuFEn.exe
  C:\Windows\System\sgLuFEn.exe
  2⤵
  PID:3124
- C:\Windows\System\SeWBDIL.exe
  C:\Windows\System\SeWBDIL.exe
  2⤵
  PID:1688
- C:\Windows\System\JsKLWDR.exe
  C:\Windows\System\JsKLWDR.exe
  2⤵
  PID:3524
- C:\Windows\System\XjicbpT.exe
  C:\Windows\System\XjicbpT.exe
  2⤵
  PID:3036
- C:\Windows\System\YwLNGCY.exe
  C:\Windows\System\YwLNGCY.exe
  2⤵
  PID:404
- C:\Windows\System\fVDENgZ.exe
  C:\Windows\System\fVDENgZ.exe
  2⤵
  PID:1868
- C:\Windows\System\OOZGOXd.exe
  C:\Windows\System\OOZGOXd.exe
  2⤵
  PID:916
- C:\Windows\System\YhNlUsV.exe
  C:\Windows\System\YhNlUsV.exe
  2⤵
  PID:3268
- C:\Windows\System\EAUhaKE.exe
  C:\Windows\System\EAUhaKE.exe
  2⤵
  PID:3240
- C:\Windows\System\DKezpSJ.exe
  C:\Windows\System\DKezpSJ.exe
  2⤵
  PID:3740
- C:\Windows\System\LbkyIMj.exe
  C:\Windows\System\LbkyIMj.exe
  2⤵
  PID:4068
- C:\Windows\System\KJOSHVm.exe
  C:\Windows\System\KJOSHVm.exe
  2⤵
  PID:2832
- C:\Windows\System\vQmsdvk.exe
  C:\Windows\System\vQmsdvk.exe
  2⤵
  PID:3956
- C:\Windows\System\VhfrmYl.exe
  C:\Windows\System\VhfrmYl.exe
  2⤵
  PID:3332
- C:\Windows\System\DnhyXtq.exe
  C:\Windows\System\DnhyXtq.exe
  2⤵
  PID:2304
- C:\Windows\System\RsQHMwb.exe
  C:\Windows\System\RsQHMwb.exe
  2⤵
  PID:4004
- C:\Windows\System\PxSBICR.exe
  C:\Windows\System\PxSBICR.exe
  2⤵
  PID:3872
- C:\Windows\System\iuenHGw.exe
  C:\Windows\System\iuenHGw.exe
  2⤵
  PID:3876
- C:\Windows\System\LNldUaI.exe
  C:\Windows\System\LNldUaI.exe
  2⤵
  PID:4108
- C:\Windows\System\cDyYbpx.exe
  C:\Windows\System\cDyYbpx.exe
  2⤵
  PID:4128
- C:\Windows\System\RPbSfqg.exe
  C:\Windows\System\RPbSfqg.exe
  2⤵
  PID:4152
- C:\Windows\System\xkitjiU.exe
  C:\Windows\System\xkitjiU.exe
  2⤵
  PID:4168
- C:\Windows\System\NLVJJyd.exe
  C:\Windows\System\NLVJJyd.exe
  2⤵
  PID:4184
- C:\Windows\System\ubPLJvg.exe
  C:\Windows\System\ubPLJvg.exe
  2⤵
  PID:4204
- C:\Windows\System\NIcGdrd.exe
  C:\Windows\System\NIcGdrd.exe
  2⤵
  PID:4224
- C:\Windows\System\DeZRchU.exe
  C:\Windows\System\DeZRchU.exe
  2⤵
  PID:4240
- C:\Windows\System\CKvUiGS.exe
  C:\Windows\System\CKvUiGS.exe
  2⤵
  PID:4256
- C:\Windows\System\ahPuIGU.exe
  C:\Windows\System\ahPuIGU.exe
  2⤵
  PID:4280
- C:\Windows\System\TRIOPxU.exe
  C:\Windows\System\TRIOPxU.exe
  2⤵
  PID:4296
- C:\Windows\System\FKVJfYO.exe
  C:\Windows\System\FKVJfYO.exe
  2⤵
  PID:4312
- C:\Windows\System\mWJrSRj.exe
  C:\Windows\System\mWJrSRj.exe
  2⤵
  PID:4328
- C:\Windows\System\qAUScdH.exe
  C:\Windows\System\qAUScdH.exe
  2⤵
  PID:4344
- C:\Windows\System\RmyFIfU.exe
  C:\Windows\System\RmyFIfU.exe
  2⤵
  PID:4360
- C:\Windows\System\JtdjLsg.exe
  C:\Windows\System\JtdjLsg.exe
  2⤵
  PID:4376
- C:\Windows\System\BnexPMi.exe
  C:\Windows\System\BnexPMi.exe
  2⤵
  PID:4392
- C:\Windows\System\FVdFdKK.exe
  C:\Windows\System\FVdFdKK.exe
  2⤵
  PID:4408
- C:\Windows\System\qZtfVrI.exe
  C:\Windows\System\qZtfVrI.exe
  2⤵
  PID:4424
- C:\Windows\System\hjQXRTS.exe
  C:\Windows\System\hjQXRTS.exe
  2⤵
  PID:4440
- C:\Windows\System\hlYUARr.exe
  C:\Windows\System\hlYUARr.exe
  2⤵
  PID:4456
- C:\Windows\System\LvfyWvd.exe
  C:\Windows\System\LvfyWvd.exe
  2⤵
  PID:4476
- C:\Windows\System\UyZNRJp.exe
  C:\Windows\System\UyZNRJp.exe
  2⤵
  PID:4516
- C:\Windows\System\NMwMDfd.exe
  C:\Windows\System\NMwMDfd.exe
  2⤵
  PID:4536
- C:\Windows\System\yTnbeYv.exe
  C:\Windows\System\yTnbeYv.exe
  2⤵
  PID:4556
- C:\Windows\System\vwzOYwB.exe
  C:\Windows\System\vwzOYwB.exe
  2⤵
  PID:4608
- C:\Windows\System\MllQmrF.exe
  C:\Windows\System\MllQmrF.exe
  2⤵
  PID:4632
- C:\Windows\System\RtFGZKB.exe
  C:\Windows\System\RtFGZKB.exe
  2⤵
  PID:4652
- C:\Windows\System\zZJzWfA.exe
  C:\Windows\System\zZJzWfA.exe
  2⤵
  PID:4668
- C:\Windows\System\IMgEauk.exe
  C:\Windows\System\IMgEauk.exe
  2⤵
  PID:4684
- C:\Windows\System\PRkkasA.exe
  C:\Windows\System\PRkkasA.exe
  2⤵
  PID:4704
- C:\Windows\System\bjuTgoK.exe
  C:\Windows\System\bjuTgoK.exe
  2⤵
  PID:4720
- C:\Windows\System\CwnyqIm.exe
  C:\Windows\System\CwnyqIm.exe
  2⤵
  PID:4744
- C:\Windows\System\dmJYdMc.exe
  C:\Windows\System\dmJYdMc.exe
  2⤵
  PID:4764
- C:\Windows\System\tsqxrZS.exe
  C:\Windows\System\tsqxrZS.exe
  2⤵
  PID:4784
- C:\Windows\System\omMnTnr.exe
  C:\Windows\System\omMnTnr.exe
  2⤵
  PID:4800
- C:\Windows\System\HIvFhoC.exe
  C:\Windows\System\HIvFhoC.exe
  2⤵
  PID:4824
- C:\Windows\System\tEBKyAX.exe
  C:\Windows\System\tEBKyAX.exe
  2⤵
  PID:4840
- C:\Windows\System\yoyLWiA.exe
  C:\Windows\System\yoyLWiA.exe
  2⤵
  PID:4860
- C:\Windows\System\KSHvtVI.exe
  C:\Windows\System\KSHvtVI.exe
  2⤵
  PID:4880
- C:\Windows\System\ZpJwoal.exe
  C:\Windows\System\ZpJwoal.exe
  2⤵
  PID:4900
- C:\Windows\System\zfNYjZU.exe
  C:\Windows\System\zfNYjZU.exe
  2⤵
  PID:4916
- C:\Windows\System\rcJTtNb.exe
  C:\Windows\System\rcJTtNb.exe
  2⤵
  PID:4940
- C:\Windows\System\mUuWfmt.exe
  C:\Windows\System\mUuWfmt.exe
  2⤵
  PID:4956
- C:\Windows\System\QgBHCME.exe
  C:\Windows\System\QgBHCME.exe
  2⤵
  PID:4972
- C:\Windows\System\pDaahrT.exe
  C:\Windows\System\pDaahrT.exe
  2⤵
  PID:5000
- C:\Windows\System\gkItMBn.exe
  C:\Windows\System\gkItMBn.exe
  2⤵
  PID:5016
- C:\Windows\System\iQWlZxR.exe
  C:\Windows\System\iQWlZxR.exe
  2⤵
  PID:5048
- C:\Windows\System\uVkIdRd.exe
  C:\Windows\System\uVkIdRd.exe
  2⤵
  PID:5064
- C:\Windows\System\AfGuHNI.exe
  C:\Windows\System\AfGuHNI.exe
  2⤵
  PID:5080
- C:\Windows\System\CTOrnoc.exe
  C:\Windows\System\CTOrnoc.exe
  2⤵
  PID:5096
- C:\Windows\System\KDxRNvo.exe
  C:\Windows\System\KDxRNvo.exe
  2⤵
  PID:1640
- C:\Windows\System\JEFvEGc.exe
  C:\Windows\System\JEFvEGc.exe
  2⤵
  PID:288
- C:\Windows\System\WInhmRL.exe
  C:\Windows\System\WInhmRL.exe
  2⤵
  PID:3516
- C:\Windows\System\LUCHKUi.exe
  C:\Windows\System\LUCHKUi.exe
  2⤵
  PID:3896
- C:\Windows\System\ySCAEDe.exe
  C:\Windows\System\ySCAEDe.exe
  2⤵
  PID:3148
- C:\Windows\System\oJzJdbA.exe
  C:\Windows\System\oJzJdbA.exe
  2⤵
  PID:4056
- C:\Windows\System\XpJdRot.exe
  C:\Windows\System\XpJdRot.exe
  2⤵
  PID:4116
- C:\Windows\System\gHZNPPw.exe
  C:\Windows\System\gHZNPPw.exe
  2⤵
  PID:4164
- C:\Windows\System\SYFqlRD.exe
  C:\Windows\System\SYFqlRD.exe
  2⤵
  PID:4232
- C:\Windows\System\KneVCzn.exe
  C:\Windows\System\KneVCzn.exe
  2⤵
  PID:3772
- C:\Windows\System\vpVCBjT.exe
  C:\Windows\System\vpVCBjT.exe
  2⤵
  PID:4268
- C:\Windows\System\hvGWVXh.exe
  C:\Windows\System\hvGWVXh.exe
  2⤵
  PID:1300
- C:\Windows\System\IsKkgyG.exe
  C:\Windows\System\IsKkgyG.exe
  2⤵
  PID:4372
- C:\Windows\System\IMlgoYp.exe
  C:\Windows\System\IMlgoYp.exe
  2⤵
  PID:2388
- C:\Windows\System\MKvZqvC.exe
  C:\Windows\System\MKvZqvC.exe
  2⤵
  PID:4136
- C:\Windows\System\yuXRkcS.exe
  C:\Windows\System\yuXRkcS.exe
  2⤵
  PID:4148
- C:\Windows\System\FNtCMbE.exe
  C:\Windows\System\FNtCMbE.exe
  2⤵
  PID:4472
- C:\Windows\System\okOzcbh.exe
  C:\Windows\System\okOzcbh.exe
  2⤵
  PID:4176
- C:\Windows\System\DYbAPDH.exe
  C:\Windows\System\DYbAPDH.exe
  2⤵
  PID:4568
- C:\Windows\System\vnyvYmk.exe
  C:\Windows\System\vnyvYmk.exe
  2⤵
  PID:4588
- C:\Windows\System\RIWXUyr.exe
  C:\Windows\System\RIWXUyr.exe
  2⤵
  PID:4600
- C:\Windows\System\eDbQvsQ.exe
  C:\Windows\System\eDbQvsQ.exe
  2⤵
  PID:4488
- C:\Windows\System\ZjOTosv.exe
  C:\Windows\System\ZjOTosv.exe
  2⤵
  PID:4500
- C:\Windows\System\EylcFxO.exe
  C:\Windows\System\EylcFxO.exe
  2⤵
  PID:4544
- C:\Windows\System\GNZBssb.exe
  C:\Windows\System\GNZBssb.exe
  2⤵
  PID:4388
- C:\Windows\System\gNfhtMF.exe
  C:\Windows\System\gNfhtMF.exe
  2⤵
  PID:4320
- C:\Windows\System\PJQBAry.exe
  C:\Windows\System\PJQBAry.exe
  2⤵
  PID:4248
- C:\Windows\System\rHEhmai.exe
  C:\Windows\System\rHEhmai.exe
  2⤵
  PID:4712
- C:\Windows\System\otOmdgd.exe
  C:\Windows\System\otOmdgd.exe
  2⤵
  PID:4756
- C:\Windows\System\ENQWBXv.exe
  C:\Windows\System\ENQWBXv.exe
  2⤵
  PID:4620
- C:\Windows\System\bwtquuf.exe
  C:\Windows\System\bwtquuf.exe
  2⤵
  PID:4836
- C:\Windows\System\hMEGcXN.exe
  C:\Windows\System\hMEGcXN.exe
  2⤵
  PID:4908
- C:\Windows\System\nhrWVnS.exe
  C:\Windows\System\nhrWVnS.exe
  2⤵
  PID:4692
- C:\Windows\System\OMAXaeE.exe
  C:\Windows\System\OMAXaeE.exe
  2⤵
  PID:4980
- C:\Windows\System\hnBbWhr.exe
  C:\Windows\System\hnBbWhr.exe
  2⤵
  PID:4740
- C:\Windows\System\ztWnerW.exe
  C:\Windows\System\ztWnerW.exe
  2⤵
  PID:4772
- C:\Windows\System\tVvxoRP.exe
  C:\Windows\System\tVvxoRP.exe
  2⤵
  PID:4816
- C:\Windows\System\SDYZZCP.exe
  C:\Windows\System\SDYZZCP.exe
  2⤵
  PID:5032
- C:\Windows\System\GeryxwS.exe
  C:\Windows\System\GeryxwS.exe
  2⤵
  PID:5076
- C:\Windows\System\kCKLYOo.exe
  C:\Windows\System\kCKLYOo.exe
  2⤵
  PID:3200
- C:\Windows\System\GvVBKvf.exe
  C:\Windows\System\GvVBKvf.exe
  2⤵
  PID:3144
- C:\Windows\System\ScVXrZQ.exe
  C:\Windows\System\ScVXrZQ.exe
  2⤵
  PID:4020
- C:\Windows\System\aimZggT.exe
  C:\Windows\System\aimZggT.exe
  2⤵
  PID:3812
- C:\Windows\System\jYZmjfy.exe
  C:\Windows\System\jYZmjfy.exe
  2⤵
  PID:4336
- C:\Windows\System\JyjdNTX.exe
  C:\Windows\System\JyjdNTX.exe
  2⤵
  PID:4468
- C:\Windows\System\IjCtoHV.exe
  C:\Windows\System\IjCtoHV.exe
  2⤵
  PID:4496
- C:\Windows\System\KEwoGKB.exe
  C:\Windows\System\KEwoGKB.exe
  2⤵
  PID:4416
- C:\Windows\System\EPLQSkI.exe
  C:\Windows\System\EPLQSkI.exe
  2⤵
  PID:4760
- C:\Windows\System\OgUWXJJ.exe
  C:\Windows\System\OgUWXJJ.exe
  2⤵
  PID:5128
- C:\Windows\System\JbFfLHZ.exe
  C:\Windows\System\JbFfLHZ.exe
  2⤵
  PID:5144
- C:\Windows\System\vNVrneH.exe
  C:\Windows\System\vNVrneH.exe
  2⤵
  PID:5160
- C:\Windows\System\gRbcfIy.exe
  C:\Windows\System\gRbcfIy.exe
  2⤵
  PID:5176
- C:\Windows\System\ZoLpvbs.exe
  C:\Windows\System\ZoLpvbs.exe
  2⤵
  PID:5192
- C:\Windows\System\sYKWlTa.exe
  C:\Windows\System\sYKWlTa.exe
  2⤵
  PID:5208
- C:\Windows\System\BjZKful.exe
  C:\Windows\System\BjZKful.exe
  2⤵
  PID:5224
- C:\Windows\System\sHDswsc.exe
  C:\Windows\System\sHDswsc.exe
  2⤵
  PID:5244
- C:\Windows\System\cXomFCu.exe
  C:\Windows\System\cXomFCu.exe
  2⤵
  PID:5260
- C:\Windows\System\GmOZafO.exe
  C:\Windows\System\GmOZafO.exe
  2⤵
  PID:5276
- C:\Windows\System\KVQAuYV.exe
  C:\Windows\System\KVQAuYV.exe
  2⤵
  PID:5292
- C:\Windows\System\wvyvBGj.exe
  C:\Windows\System\wvyvBGj.exe
  2⤵
  PID:5308
- C:\Windows\System\fWdqohs.exe
  C:\Windows\System\fWdqohs.exe
  2⤵
  PID:5324
- C:\Windows\System\KzayCRf.exe
  C:\Windows\System\KzayCRf.exe
  2⤵
  PID:5340
- C:\Windows\System\SVRfFSo.exe
  C:\Windows\System\SVRfFSo.exe
  2⤵
  PID:5356
- C:\Windows\System\PhKeIkC.exe
  C:\Windows\System\PhKeIkC.exe
  2⤵
  PID:5372
- C:\Windows\System\eyZeIxG.exe
  C:\Windows\System\eyZeIxG.exe
  2⤵
  PID:5388
- C:\Windows\System\BBWgBVm.exe
  C:\Windows\System\BBWgBVm.exe
  2⤵
  PID:5404
- C:\Windows\System\CAiqAtm.exe
  C:\Windows\System\CAiqAtm.exe
  2⤵
  PID:5424
- C:\Windows\System\CjeUUSj.exe
  C:\Windows\System\CjeUUSj.exe
  2⤵
  PID:5440
- C:\Windows\System\XftmwiJ.exe
  C:\Windows\System\XftmwiJ.exe
  2⤵
  PID:5456
- C:\Windows\System\MSKlQcn.exe
  C:\Windows\System\MSKlQcn.exe
  2⤵
  PID:5472
- C:\Windows\System\gEOrBek.exe
  C:\Windows\System\gEOrBek.exe
  2⤵
  PID:5488
- C:\Windows\System\TNzWpMt.exe
  C:\Windows\System\TNzWpMt.exe
  2⤵
  PID:5504
- C:\Windows\System\yhUMEKJ.exe
  C:\Windows\System\yhUMEKJ.exe
  2⤵
  PID:5520
- C:\Windows\System\BNmAEBX.exe
  C:\Windows\System\BNmAEBX.exe
  2⤵
  PID:5536
- C:\Windows\System\UhoNzdU.exe
  C:\Windows\System\UhoNzdU.exe
  2⤵
  PID:5564
- C:\Windows\System\sfAttMk.exe
  C:\Windows\System\sfAttMk.exe
  2⤵
  PID:5820
- C:\Windows\System\NeZpqUB.exe
  C:\Windows\System\NeZpqUB.exe
  2⤵
  PID:5840
- C:\Windows\System\beofwMU.exe
  C:\Windows\System\beofwMU.exe
  2⤵
  PID:5860
- C:\Windows\System\FrBhIIr.exe
  C:\Windows\System\FrBhIIr.exe
  2⤵
  PID:5880
- C:\Windows\System\LOzuRQN.exe
  C:\Windows\System\LOzuRQN.exe
  2⤵
  PID:5900
- C:\Windows\System\JsqjQjo.exe
  C:\Windows\System\JsqjQjo.exe
  2⤵
  PID:5924
- C:\Windows\System\QItPBcp.exe
  C:\Windows\System\QItPBcp.exe
  2⤵
  PID:5940
- C:\Windows\System\KZSnuiP.exe
  C:\Windows\System\KZSnuiP.exe
  2⤵
  PID:5956
- C:\Windows\System\hfKkaVC.exe
  C:\Windows\System\hfKkaVC.exe
  2⤵
  PID:5980
- C:\Windows\System\mOaGctD.exe
  C:\Windows\System\mOaGctD.exe
  2⤵
  PID:5996
- C:\Windows\System\IYVwxUb.exe
  C:\Windows\System\IYVwxUb.exe
  2⤵
  PID:6016
- C:\Windows\System\JLaSPGi.exe
  C:\Windows\System\JLaSPGi.exe
  2⤵
  PID:6032
- C:\Windows\System\obpwlgl.exe
  C:\Windows\System\obpwlgl.exe
  2⤵
  PID:6048
- C:\Windows\System\givxkUY.exe
  C:\Windows\System\givxkUY.exe
  2⤵
  PID:6064
- C:\Windows\System\qCnvnPq.exe
  C:\Windows\System\qCnvnPq.exe
  2⤵
  PID:6080
- C:\Windows\System\eRQlBPQ.exe
  C:\Windows\System\eRQlBPQ.exe
  2⤵
  PID:6096
- C:\Windows\System\GLflelf.exe
  C:\Windows\System\GLflelf.exe
  2⤵
  PID:6112
- C:\Windows\System\hpwpkjO.exe
  C:\Windows\System\hpwpkjO.exe
  2⤵
  PID:6128
- C:\Windows\System\NiGRzMR.exe
  C:\Windows\System\NiGRzMR.exe
  2⤵
  PID:4628
- C:\Windows\System\FWyjqjq.exe
  C:\Windows\System\FWyjqjq.exe
  2⤵
  PID:4736
- C:\Windows\System\LCDqEQf.exe
  C:\Windows\System\LCDqEQf.exe
  2⤵
  PID:5044
- C:\Windows\System\VVzFnsi.exe
  C:\Windows\System\VVzFnsi.exe
  2⤵
  PID:1348
- C:\Windows\System\dGXBKfz.exe
  C:\Windows\System\dGXBKfz.exe
  2⤵
  PID:4196
- C:\Windows\System\irvgbJD.exe
  C:\Windows\System\irvgbJD.exe
  2⤵
  PID:1524
- C:\Windows\System\XWJolgI.exe
  C:\Windows\System\XWJolgI.exe
  2⤵
  PID:4212
- C:\Windows\System\buGnrmz.exe
  C:\Windows\System\buGnrmz.exe
  2⤵
  PID:5184
- C:\Windows\System\pesvvmp.exe
  C:\Windows\System\pesvvmp.exe
  2⤵
  PID:1104
- C:\Windows\System\iKtGBMn.exe
  C:\Windows\System\iKtGBMn.exe
  2⤵
  PID:5256
- C:\Windows\System\SqyvOjX.exe
  C:\Windows\System\SqyvOjX.exe
  2⤵
  PID:5320
- C:\Windows\System\PrLnegl.exe
  C:\Windows\System\PrLnegl.exe
  2⤵
  PID:888
- C:\Windows\System\JKjVOMg.exe
  C:\Windows\System\JKjVOMg.exe
  2⤵
  PID:4936
- C:\Windows\System\uhwTShz.exe
  C:\Windows\System\uhwTShz.exe
  2⤵
  PID:4856
- C:\Windows\System\oNTTOuQ.exe
  C:\Windows\System\oNTTOuQ.exe
  2⤵
  PID:4924
- C:\Windows\System\QTYdnkp.exe
  C:\Windows\System\QTYdnkp.exe
  2⤵
  PID:3556
- C:\Windows\System\ppZVnzx.exe
  C:\Windows\System\ppZVnzx.exe
  2⤵
  PID:3380
- C:\Windows\System\vMKvRXF.exe
  C:\Windows\System\vMKvRXF.exe
  2⤵
  PID:688
- C:\Windows\System\ePSBiRg.exe
  C:\Windows\System\ePSBiRg.exe
  2⤵
  PID:5512
- C:\Windows\System\JwaUWcv.exe
  C:\Windows\System\JwaUWcv.exe
  2⤵
  PID:5560
- C:\Windows\System\LURRTmb.exe
  C:\Windows\System\LURRTmb.exe
  2⤵
  PID:4580
- C:\Windows\System\MdPysOE.exe
  C:\Windows\System\MdPysOE.exe
  2⤵
  PID:4952
- C:\Windows\System\HNqHWno.exe
  C:\Windows\System\HNqHWno.exe
  2⤵
  PID:5368
- C:\Windows\System\HyjBGHN.exe
  C:\Windows\System\HyjBGHN.exe
  2⤵
  PID:616
- C:\Windows\System\ysztjyA.exe
  C:\Windows\System\ysztjyA.exe
  2⤵
  PID:5500
- C:\Windows\System\HstrtWu.exe
  C:\Windows\System\HstrtWu.exe
  2⤵
  PID:3280
- C:\Windows\System\ndFzctC.exe
  C:\Windows\System\ndFzctC.exe
  2⤵
  PID:5584
- C:\Windows\System\KXcJqGi.exe
  C:\Windows\System\KXcJqGi.exe
  2⤵
  PID:5232
- C:\Windows\System\ROEaBfL.exe
  C:\Windows\System\ROEaBfL.exe
  2⤵
  PID:5140
- C:\Windows\System\lUWWjvm.exe
  C:\Windows\System\lUWWjvm.exe
  2⤵
  PID:4564
- C:\Windows\System\RYCXRLW.exe
  C:\Windows\System\RYCXRLW.exe
  2⤵
  PID:5112
- C:\Windows\System\kQhoziJ.exe
  C:\Windows\System\kQhoziJ.exe
  2⤵
  PID:4700
- C:\Windows\System\gMYKyHK.exe
  C:\Windows\System\gMYKyHK.exe
  2⤵
  PID:4644
- C:\Windows\System\EuYTqij.exe
  C:\Windows\System\EuYTqij.exe
  2⤵
  PID:4548
- C:\Windows\System\eIwySWt.exe
  C:\Windows\System\eIwySWt.exe
  2⤵
  PID:4584
- C:\Windows\System\zDeqSAw.exe
  C:\Windows\System\zDeqSAw.exe
  2⤵
  PID:4104
- C:\Windows\System\Krprwgg.exe
  C:\Windows\System\Krprwgg.exe
  2⤵
  PID:3912
- C:\Windows\System\QcrUwuX.exe
  C:\Windows\System\QcrUwuX.exe
  2⤵
  PID:3776
- C:\Windows\System\inTBBfg.exe
  C:\Windows\System\inTBBfg.exe
  2⤵
  PID:5664
- C:\Windows\System\OQIpNIe.exe
  C:\Windows\System\OQIpNIe.exe
  2⤵
  PID:5700
- C:\Windows\System\SDUmbkc.exe
  C:\Windows\System\SDUmbkc.exe
  2⤵
  PID:5716
- C:\Windows\System\rlwjMAm.exe
  C:\Windows\System\rlwjMAm.exe
  2⤵
  PID:5740
- C:\Windows\System\NgdkAUw.exe
  C:\Windows\System\NgdkAUw.exe
  2⤵
  PID:5756
- C:\Windows\System\AksGwor.exe
  C:\Windows\System\AksGwor.exe
  2⤵
  PID:5780
- C:\Windows\System\penWJkn.exe
  C:\Windows\System\penWJkn.exe
  2⤵
  PID:5800
- C:\Windows\System\MGUGmkv.exe
  C:\Windows\System\MGUGmkv.exe
  2⤵
  PID:5832
- C:\Windows\System\DGnEbJc.exe
  C:\Windows\System\DGnEbJc.exe
  2⤵
  PID:5920
- C:\Windows\System\gEwfBQq.exe
  C:\Windows\System\gEwfBQq.exe
  2⤵
  PID:5992
- C:\Windows\System\tNWglGV.exe
  C:\Windows\System\tNWglGV.exe
  2⤵
  PID:6060
- C:\Windows\System\Dqhkhic.exe
  C:\Windows\System\Dqhkhic.exe
  2⤵
  PID:4664
- C:\Windows\System\uxLnTGl.exe
  C:\Windows\System\uxLnTGl.exe
  2⤵
  PID:4100
- C:\Windows\System\mdxjqMg.exe
  C:\Windows\System\mdxjqMg.exe
  2⤵
  PID:1308
- C:\Windows\System\xCRjJZd.exe
  C:\Windows\System\xCRjJZd.exe
  2⤵
  PID:532
- C:\Windows\System\QiROxjl.exe
  C:\Windows\System\QiROxjl.exe
  2⤵
  PID:1996
- C:\Windows\System\tmcTzIs.exe
  C:\Windows\System\tmcTzIs.exe
  2⤵
  PID:5888
- C:\Windows\System\hLiiYGx.exe
  C:\Windows\System\hLiiYGx.exe
  2⤵
  PID:5384
- C:\Windows\System\NCYpXxk.exe
  C:\Windows\System\NCYpXxk.exe
  2⤵
  PID:5972
- C:\Windows\System\laHZttM.exe
  C:\Windows\System\laHZttM.exe
  2⤵
  PID:6012
- C:\Windows\System\bvFNtEe.exe
  C:\Windows\System\bvFNtEe.exe
  2⤵
  PID:6044
- C:\Windows\System\HeafzFU.exe
  C:\Windows\System\HeafzFU.exe
  2⤵
  PID:5556
- C:\Windows\System\NZMnruD.exe
  C:\Windows\System\NZMnruD.exe
  2⤵
  PID:6104
- C:\Windows\System\kGXLjhr.exe
  C:\Windows\System\kGXLjhr.exe
  2⤵
  PID:5040
- C:\Windows\System\CZMjhkU.exe
  C:\Windows\System\CZMjhkU.exe
  2⤵
  PID:2976
- C:\Windows\System\dSFakrO.exe
  C:\Windows\System\dSFakrO.exe
  2⤵
  PID:2612
- C:\Windows\System\QEYFGPW.exe
  C:\Windows\System\QEYFGPW.exe
  2⤵
  PID:3652
- C:\Windows\System\HmwjkAi.exe
  C:\Windows\System\HmwjkAi.exe
  2⤵
  PID:2704
- C:\Windows\System\UtaSMLf.exe
  C:\Windows\System\UtaSMLf.exe
  2⤵
  PID:1768
- C:\Windows\System\MYdqYoK.exe
  C:\Windows\System\MYdqYoK.exe
  2⤵
  PID:5060
- C:\Windows\System\IBabYAX.exe
  C:\Windows\System\IBabYAX.exe
  2⤵
  PID:2140
- C:\Windows\System\OfVTZQl.exe
  C:\Windows\System\OfVTZQl.exe
  2⤵
  PID:5240
- C:\Windows\System\baBwAGk.exe
  C:\Windows\System\baBwAGk.exe
  2⤵
  PID:2056
- C:\Windows\System\sWlTeNd.exe
  C:\Windows\System\sWlTeNd.exe
  2⤵
  PID:3632
- C:\Windows\System\jdFrfJg.exe
  C:\Windows\System\jdFrfJg.exe
  2⤵
  PID:4596
- C:\Windows\System\iQYQbxH.exe
  C:\Windows\System\iQYQbxH.exe
  2⤵
  PID:4996
- C:\Windows\System\TvWsdSN.exe
  C:\Windows\System\TvWsdSN.exe
  2⤵
  PID:5576
- C:\Windows\System\dhnIcVW.exe
  C:\Windows\System\dhnIcVW.exe
  2⤵
  PID:4308
- C:\Windows\System\euDORKU.exe
  C:\Windows\System\euDORKU.exe
  2⤵
  PID:4528
- C:\Windows\System\BYBDJQc.exe
  C:\Windows\System\BYBDJQc.exe
  2⤵
  PID:5648
- C:\Windows\System\qxHTcVV.exe
  C:\Windows\System\qxHTcVV.exe
  2⤵
  PID:4616
- C:\Windows\System\HXNiOnZ.exe
  C:\Windows\System\HXNiOnZ.exe
  2⤵
  PID:5688
- C:\Windows\System\AocKKSK.exe
  C:\Windows\System\AocKKSK.exe
  2⤵
  PID:5660
- C:\Windows\System\JipiXhS.exe
  C:\Windows\System\JipiXhS.exe
  2⤵
  PID:5732
- C:\Windows\System\qCKfqkJ.exe
  C:\Windows\System\qCKfqkJ.exe
  2⤵
  PID:5748
- C:\Windows\System\wqSKUuc.exe
  C:\Windows\System\wqSKUuc.exe
  2⤵
  PID:5836
- C:\Windows\System\GPSXDtE.exe
  C:\Windows\System\GPSXDtE.exe
  2⤵
  PID:5876
- C:\Windows\System\fyGiJQr.exe
  C:\Windows\System\fyGiJQr.exe
  2⤵
  PID:5872
- C:\Windows\System\ezDmAei.exe
  C:\Windows\System\ezDmAei.exe
  2⤵
  PID:6120
- C:\Windows\System\wwiWlSU.exe
  C:\Windows\System\wwiWlSU.exe
  2⤵
  PID:2844
- C:\Windows\System\mPjxtLr.exe
  C:\Windows\System\mPjxtLr.exe
  2⤵
  PID:4888
- C:\Windows\System\VMUbqOe.exe
  C:\Windows\System\VMUbqOe.exe
  2⤵
  PID:5352
- C:\Windows\System\VEfOodm.exe
  C:\Windows\System\VEfOodm.exe
  2⤵
  PID:5852
- C:\Windows\System\VeGTqLq.exe
  C:\Windows\System\VeGTqLq.exe
  2⤵
  PID:6008
- C:\Windows\System\UwgCLSP.exe
  C:\Windows\System\UwgCLSP.exe
  2⤵
  PID:3044
- C:\Windows\System\OvreVUA.exe
  C:\Windows\System\OvreVUA.exe
  2⤵
  PID:5416
- C:\Windows\System\XDnXfsd.exe
  C:\Windows\System\XDnXfsd.exe
  2⤵
  PID:4680
- C:\Windows\System\HGvDPeb.exe
  C:\Windows\System\HGvDPeb.exe
  2⤵
  PID:5332
- C:\Windows\System\hqxSoEr.exe
  C:\Windows\System\hqxSoEr.exe
  2⤵
  PID:5288
- C:\Windows\System\vheimbi.exe
  C:\Windows\System\vheimbi.exe
  2⤵
  PID:4932
- C:\Windows\System\wCXfhvC.exe
  C:\Windows\System\wCXfhvC.exe
  2⤵
  PID:2080
- C:\Windows\System\MDRBKSJ.exe
  C:\Windows\System\MDRBKSJ.exe
  2⤵
  PID:5400
- C:\Windows\System\fYmeajV.exe
  C:\Windows\System\fYmeajV.exe
  2⤵
  PID:5364
- C:\Windows\System\xgtDYyV.exe
  C:\Windows\System\xgtDYyV.exe
  2⤵
  PID:5236
- C:\Windows\System\TWiFFBV.exe
  C:\Windows\System\TWiFFBV.exe
  2⤵
  PID:5600
- C:\Windows\System\YZOpegc.exe
  C:\Windows\System\YZOpegc.exe
  2⤵
  PID:4352
- C:\Windows\System\jVmVXVa.exe
  C:\Windows\System\jVmVXVa.exe
  2⤵
  PID:4120
- C:\Windows\System\NFwHSDA.exe
  C:\Windows\System\NFwHSDA.exe
  2⤵
  PID:4792
- C:\Windows\System\RLbEfek.exe
  C:\Windows\System\RLbEfek.exe
  2⤵
  PID:776
- C:\Windows\System\ahrjIRU.exe
  C:\Windows\System\ahrjIRU.exe
  2⤵
  PID:4452
- C:\Windows\System\mBpvpen.exe
  C:\Windows\System\mBpvpen.exe
  2⤵
  PID:1792
- C:\Windows\System\yjzwZmX.exe
  C:\Windows\System\yjzwZmX.exe
  2⤵
  PID:5808
- C:\Windows\System\zSgKYme.exe
  C:\Windows\System\zSgKYme.exe
  2⤵
  PID:5988
- C:\Windows\System\ieLfoWx.exe
  C:\Windows\System\ieLfoWx.exe
  2⤵
  PID:2020
- C:\Windows\System\GTNZCKk.exe
  C:\Windows\System\GTNZCKk.exe
  2⤵
  PID:6124
- C:\Windows\System\xjzWkIU.exe
  C:\Windows\System\xjzWkIU.exe
  2⤵
  PID:2316
- C:\Windows\System\ndmeOus.exe
  C:\Windows\System\ndmeOus.exe
  2⤵
  PID:5848
- C:\Windows\System\HEZKbkz.exe
  C:\Windows\System\HEZKbkz.exe
  2⤵
  PID:5936
- C:\Windows\System\nXPJwqc.exe
  C:\Windows\System\nXPJwqc.exe
  2⤵
  PID:5968
- C:\Windows\System\JXHmhjl.exe
  C:\Windows\System\JXHmhjl.exe
  2⤵
  PID:2072
- C:\Windows\System\QHXFKHZ.exe
  C:\Windows\System\QHXFKHZ.exe
  2⤵
  PID:4848
- C:\Windows\System\vuFzWep.exe
  C:\Windows\System\vuFzWep.exe
  2⤵
  PID:4928
- C:\Windows\System\NfywehC.exe
  C:\Windows\System\NfywehC.exe
  2⤵
  PID:2896
- C:\Windows\System\qXPGJzC.exe
  C:\Windows\System\qXPGJzC.exe
  2⤵
  PID:4604
- C:\Windows\System\ksULhHp.exe
  C:\Windows\System\ksULhHp.exe
  2⤵
  PID:4752
- C:\Windows\System\qXWYkNk.exe
  C:\Windows\System\qXWYkNk.exe
  2⤵
  PID:4948
- C:\Windows\System\VmXvSGU.exe
  C:\Windows\System\VmXvSGU.exe
  2⤵
  PID:4160
- C:\Windows\System\xfCVpNg.exe
  C:\Windows\System\xfCVpNg.exe
  2⤵
  PID:2384
- C:\Windows\System\GZaRbLZ.exe
  C:\Windows\System\GZaRbLZ.exe
  2⤵
  PID:5772
- C:\Windows\System\DmVXwST.exe
  C:\Windows\System\DmVXwST.exe
  2⤵
  PID:4484
- C:\Windows\System\POhSqlw.exe
  C:\Windows\System\POhSqlw.exe
  2⤵
  PID:5792
- C:\Windows\System\vbVmFtR.exe
  C:\Windows\System\vbVmFtR.exe
  2⤵
  PID:1088
- C:\Windows\System\PcAIVJJ.exe
  C:\Windows\System\PcAIVJJ.exe
  2⤵
  PID:5124
- C:\Windows\System\sVdPEdJ.exe
  C:\Windows\System\sVdPEdJ.exe
  2⤵
  PID:2700
- C:\Windows\System\LzwjRtu.exe
  C:\Windows\System\LzwjRtu.exe
  2⤵
  PID:5964
- C:\Windows\System\ZXSSjRE.exe
  C:\Windows\System\ZXSSjRE.exe
  2⤵
  PID:6136
- C:\Windows\System\UfnLYIZ.exe
  C:\Windows\System\UfnLYIZ.exe
  2⤵
  PID:2988
- C:\Windows\System\vwjnttI.exe
  C:\Windows\System\vwjnttI.exe
  2⤵
  PID:5272
- C:\Windows\System\zdFkHpB.exe
  C:\Windows\System\zdFkHpB.exe
  2⤵
  PID:5300
- C:\Windows\System\bgkWUyn.exe
  C:\Windows\System\bgkWUyn.exe
  2⤵
  PID:1444
- C:\Windows\System\Lgtutbg.exe
  C:\Windows\System\Lgtutbg.exe
  2⤵
  PID:5728
- C:\Windows\System\zZMRIjn.exe
  C:\Windows\System\zZMRIjn.exe
  2⤵
  PID:5908
- C:\Windows\System\fTMHhoP.exe
  C:\Windows\System\fTMHhoP.exe
  2⤵
  PID:5856
- C:\Windows\System\SnWjpwP.exe
  C:\Windows\System\SnWjpwP.exe
  2⤵
  PID:5544
- C:\Windows\System\oGRXUVx.exe
  C:\Windows\System\oGRXUVx.exe
  2⤵
  PID:5796
- C:\Windows\System\QLmAdVe.exe
  C:\Windows\System\QLmAdVe.exe
  2⤵
  PID:5468
- C:\Windows\System\ifiBaTK.exe
  C:\Windows\System\ifiBaTK.exe
  2⤵
  PID:2480
- C:\Windows\System\zGtrArG.exe
  C:\Windows\System\zGtrArG.exe
  2⤵
  PID:3796
- C:\Windows\System\dWdeTZc.exe
  C:\Windows\System\dWdeTZc.exe
  2⤵
  PID:5676
- C:\Windows\System\AKXuwNt.exe
  C:\Windows\System\AKXuwNt.exe
  2⤵
  PID:1512
- C:\Windows\System\ukNfQQB.exe
  C:\Windows\System\ukNfQQB.exe
  2⤵
  PID:1192
- C:\Windows\System\SIMrQwQ.exe
  C:\Windows\System\SIMrQwQ.exe
  2⤵
  PID:2568
- C:\Windows\System\PXNgVhX.exe
  C:\Windows\System\PXNgVhX.exe
  2⤵
  PID:6164
- C:\Windows\System\LCCrMmc.exe
  C:\Windows\System\LCCrMmc.exe
  2⤵
  PID:6180
- C:\Windows\System\tHHyAmJ.exe
  C:\Windows\System\tHHyAmJ.exe
  2⤵
  PID:6200
- C:\Windows\System\AuoCaXV.exe
  C:\Windows\System\AuoCaXV.exe
  2⤵
  PID:6220
- C:\Windows\System\lzoXdiE.exe
  C:\Windows\System\lzoXdiE.exe
  2⤵
  PID:6240
- C:\Windows\System\JmaEsja.exe
  C:\Windows\System\JmaEsja.exe
  2⤵
  PID:6260
- C:\Windows\System\ERyKURc.exe
  C:\Windows\System\ERyKURc.exe
  2⤵
  PID:6276
- C:\Windows\System\WiYLEjj.exe
  C:\Windows\System\WiYLEjj.exe
  2⤵
  PID:6300
- C:\Windows\System\ewXnIFg.exe
  C:\Windows\System\ewXnIFg.exe
  2⤵
  PID:6320
- C:\Windows\System\pBunoIr.exe
  C:\Windows\System\pBunoIr.exe
  2⤵
  PID:6336
- C:\Windows\System\ZISXOHy.exe
  C:\Windows\System\ZISXOHy.exe
  2⤵
  PID:6352
- C:\Windows\System\uWhlkMx.exe
  C:\Windows\System\uWhlkMx.exe
  2⤵
  PID:6368
- C:\Windows\System\YlZNYeV.exe
  C:\Windows\System\YlZNYeV.exe
  2⤵
  PID:6384
- C:\Windows\System\ehZjFRq.exe
  C:\Windows\System\ehZjFRq.exe
  2⤵
  PID:6400
- C:\Windows\System\BHEUOyG.exe
  C:\Windows\System\BHEUOyG.exe
  2⤵
  PID:6416
- C:\Windows\System\dIWsUcl.exe
  C:\Windows\System\dIWsUcl.exe
  2⤵
  PID:6432
- C:\Windows\System\IOnvHHl.exe
  C:\Windows\System\IOnvHHl.exe
  2⤵
  PID:6448
- C:\Windows\System\hyAyUaM.exe
  C:\Windows\System\hyAyUaM.exe
  2⤵
  PID:6484
- C:\Windows\System\rqAYLdp.exe
  C:\Windows\System\rqAYLdp.exe
  2⤵
  PID:6500
- C:\Windows\System\huNOGdG.exe
  C:\Windows\System\huNOGdG.exe
  2⤵
  PID:6516
- C:\Windows\System\ZGwlHXq.exe
  C:\Windows\System\ZGwlHXq.exe
  2⤵
  PID:6532
- C:\Windows\System\tgSjeTZ.exe
  C:\Windows\System\tgSjeTZ.exe
  2⤵
  PID:6548
- C:\Windows\System\vpxvjAO.exe
  C:\Windows\System\vpxvjAO.exe
  2⤵
  PID:6564
- C:\Windows\System\zkesZaV.exe
  C:\Windows\System\zkesZaV.exe
  2⤵
  PID:6580
- C:\Windows\System\kxPHAUh.exe
  C:\Windows\System\kxPHAUh.exe
  2⤵
  PID:6596
- C:\Windows\System\mtBTLHF.exe
  C:\Windows\System\mtBTLHF.exe
  2⤵
  PID:6612
- C:\Windows\System\RSOMhUE.exe
  C:\Windows\System\RSOMhUE.exe
  2⤵
  PID:6628
- C:\Windows\System\YHHPuWT.exe
  C:\Windows\System\YHHPuWT.exe
  2⤵
  PID:6644
- C:\Windows\System\YRFpiQU.exe
  C:\Windows\System\YRFpiQU.exe
  2⤵
  PID:6668
- C:\Windows\System\pNXTSNK.exe
  C:\Windows\System\pNXTSNK.exe
  2⤵
  PID:6684
- C:\Windows\System\hdDzZPz.exe
  C:\Windows\System\hdDzZPz.exe
  2⤵
  PID:6704
- C:\Windows\System\dwVcmgH.exe
  C:\Windows\System\dwVcmgH.exe
  2⤵
  PID:6724
- C:\Windows\System\BLIjUaP.exe
  C:\Windows\System\BLIjUaP.exe
  2⤵
  PID:6740
- C:\Windows\System\nAgacnO.exe
  C:\Windows\System\nAgacnO.exe
  2⤵
  PID:6756
- C:\Windows\System\Xdngdoi.exe
  C:\Windows\System\Xdngdoi.exe
  2⤵
  PID:6776
- C:\Windows\System\cOIfQeQ.exe
  C:\Windows\System\cOIfQeQ.exe
  2⤵
  PID:6792
- C:\Windows\System\AxbSHgG.exe
  C:\Windows\System\AxbSHgG.exe
  2⤵
  PID:6812
- C:\Windows\System\KLFlbKU.exe
  C:\Windows\System\KLFlbKU.exe
  2⤵
  PID:6828
- C:\Windows\System\tdsGAxE.exe
  C:\Windows\System\tdsGAxE.exe
  2⤵
  PID:6848
- C:\Windows\System\poxxNjG.exe
  C:\Windows\System\poxxNjG.exe
  2⤵
  PID:6868
- C:\Windows\System\XPutDfx.exe
  C:\Windows\System\XPutDfx.exe
  2⤵
  PID:6888
- C:\Windows\System\oetulzm.exe
  C:\Windows\System\oetulzm.exe
  2⤵
  PID:6920
- C:\Windows\System\nwGgaVr.exe
  C:\Windows\System\nwGgaVr.exe
  2⤵
  PID:6936
- C:\Windows\System\GDCkgdE.exe
  C:\Windows\System\GDCkgdE.exe
  2⤵
  PID:6952
- C:\Windows\System\FTKnXZg.exe
  C:\Windows\System\FTKnXZg.exe
  2⤵
  PID:6968
- C:\Windows\System\UXmjiaE.exe
  C:\Windows\System\UXmjiaE.exe
  2⤵
  PID:6984
- C:\Windows\System\gfPjJmt.exe
  C:\Windows\System\gfPjJmt.exe
  2⤵
  PID:7000
- C:\Windows\System\urbbqkd.exe
  C:\Windows\System\urbbqkd.exe
  2⤵
  PID:7112
- C:\Windows\System\GnWNAyt.exe
  C:\Windows\System\GnWNAyt.exe
  2⤵
  PID:7128
- C:\Windows\System\BtBNpkU.exe
  C:\Windows\System\BtBNpkU.exe
  2⤵
  PID:7148
- C:\Windows\System\aFAWvAL.exe
  C:\Windows\System\aFAWvAL.exe
  2⤵
  PID:5896
- C:\Windows\System\RSnCwKG.exe
  C:\Windows\System\RSnCwKG.exe
  2⤵
  PID:4968
- C:\Windows\System\yRgRSCV.exe
  C:\Windows\System\yRgRSCV.exe
  2⤵
  PID:936
- C:\Windows\System\qjXcwxg.exe
  C:\Windows\System\qjXcwxg.exe
  2⤵
  PID:5952
- C:\Windows\System\QfrzRrK.exe
  C:\Windows\System\QfrzRrK.exe
  2⤵
  PID:6208
- C:\Windows\System\jifldXI.exe
  C:\Windows\System\jifldXI.exe
  2⤵
  PID:6284
- C:\Windows\System\jeoJzUh.exe
  C:\Windows\System\jeoJzUh.exe
  2⤵
  PID:6332
- C:\Windows\System\sMmTJcJ.exe
  C:\Windows\System\sMmTJcJ.exe
  2⤵
  PID:6424
- C:\Windows\System\zSrEqHf.exe
  C:\Windows\System\zSrEqHf.exe
  2⤵
  PID:6192
- C:\Windows\System\ONnoHZd.exe
  C:\Windows\System\ONnoHZd.exe
  2⤵
  PID:6464
- C:\Windows\System\vaILJkp.exe
  C:\Windows\System\vaILJkp.exe
  2⤵
  PID:6480
- C:\Windows\System\kINyrom.exe
  C:\Windows\System\kINyrom.exe
  2⤵
  PID:6544
- C:\Windows\System\LwpuVzG.exe
  C:\Windows\System\LwpuVzG.exe
  2⤵
  PID:6608
- C:\Windows\System\GdyFvDy.exe
  C:\Windows\System\GdyFvDy.exe
  2⤵
  PID:6680
- C:\Windows\System\LNdJQwY.exe
  C:\Windows\System\LNdJQwY.exe
  2⤵
  PID:6748
- C:\Windows\System\oEgvZgH.exe
  C:\Windows\System\oEgvZgH.exe
  2⤵
  PID:6788
- C:\Windows\System\HiSEkbH.exe
  C:\Windows\System\HiSEkbH.exe
  2⤵
  PID:6860
- C:\Windows\System\gemFsYt.exe
  C:\Windows\System\gemFsYt.exe
  2⤵
  PID:6908
- C:\Windows\System\QDdAfGb.exe
  C:\Windows\System\QDdAfGb.exe
  2⤵
  PID:6944
- C:\Windows\System\tlPslMu.exe
  C:\Windows\System\tlPslMu.exe
  2⤵
  PID:6160
- C:\Windows\System\dvhkzpA.exe
  C:\Windows\System\dvhkzpA.exe
  2⤵
  PID:2656
- C:\Windows\System\BxxxjlE.exe
  C:\Windows\System\BxxxjlE.exe
  2⤵
  PID:6232
- C:\Windows\System\VXTNkju.exe
  C:\Windows\System\VXTNkju.exe
  2⤵
  PID:7012
- C:\Windows\System\dDkFFAs.exe
  C:\Windows\System\dDkFFAs.exe
  2⤵
  PID:6664
- C:\Windows\System\HqnqUbe.exe
  C:\Windows\System\HqnqUbe.exe
  2⤵
  PID:6764
- C:\Windows\System\rkVqxxM.exe
  C:\Windows\System\rkVqxxM.exe
  2⤵
  PID:6804
- C:\Windows\System\IAmpwKl.exe
  C:\Windows\System\IAmpwKl.exe
  2⤵
  PID:6844
- C:\Windows\System\FEHdzcj.exe
  C:\Windows\System\FEHdzcj.exe
  2⤵
  PID:6928
- C:\Windows\System\bcMKpJr.exe
  C:\Windows\System\bcMKpJr.exe
  2⤵
  PID:6992
- C:\Windows\System\nsPVZAT.exe
  C:\Windows\System\nsPVZAT.exe
  2⤵
  PID:6560
- C:\Windows\System\GFpdwSF.exe
  C:\Windows\System\GFpdwSF.exe
  2⤵
  PID:6496
- C:\Windows\System\pjGsCiN.exe
  C:\Windows\System\pjGsCiN.exe
  2⤵
  PID:6412
- C:\Windows\System\BIRtgav.exe
  C:\Windows\System\BIRtgav.exe
  2⤵
  PID:6348
- C:\Windows\System\xJoNlEj.exe
  C:\Windows\System\xJoNlEj.exe
  2⤵
  PID:7016
- C:\Windows\System\qCdXoZS.exe
  C:\Windows\System\qCdXoZS.exe
  2⤵
  PID:7032
- C:\Windows\System\IeYOuoR.exe
  C:\Windows\System\IeYOuoR.exe
  2⤵
  PID:7048
- C:\Windows\System\xITOzbp.exe
  C:\Windows\System\xITOzbp.exe
  2⤵
  PID:7064
- C:\Windows\System\GJMAtIx.exe
  C:\Windows\System\GJMAtIx.exe
  2⤵
  PID:7080
- C:\Windows\System\pqnTOFD.exe
  C:\Windows\System\pqnTOFD.exe
  2⤵
  PID:7096
- C:\Windows\System\hDTlYBX.exe
  C:\Windows\System\hDTlYBX.exe
  2⤵
  PID:5672
- C:\Windows\System\PVwQDsO.exe
  C:\Windows\System\PVwQDsO.exe
  2⤵
  PID:7136
- C:\Windows\System\TcwDeEj.exe
  C:\Windows\System\TcwDeEj.exe
  2⤵
  PID:7156
- C:\Windows\System\SlAemYl.exe
  C:\Windows\System\SlAemYl.exe
  2⤵
  PID:5216
- C:\Windows\System\okuBZCB.exe
  C:\Windows\System\okuBZCB.exe
  2⤵
  PID:6212
- C:\Windows\System\LVMEYIu.exe
  C:\Windows\System\LVMEYIu.exe
  2⤵
  PID:6256
- C:\Windows\System\zpPrHYm.exe
  C:\Windows\System\zpPrHYm.exe
  2⤵
  PID:6396
- C:\Windows\System\iYDEIxb.exe
  C:\Windows\System\iYDEIxb.exe
  2⤵
  PID:6512
- C:\Windows\System\uCHdDWF.exe
  C:\Windows\System\uCHdDWF.exe
  2⤵
  PID:6752
- C:\Windows\System\wrUIlAo.exe
  C:\Windows\System\wrUIlAo.exe
  2⤵
  PID:6976
- C:\Windows\System\KXOPeNB.exe
  C:\Windows\System\KXOPeNB.exe
  2⤵
  PID:2680
- C:\Windows\System\mvSuROU.exe
  C:\Windows\System\mvSuROU.exe
  2⤵
  PID:4808
- C:\Windows\System\yFpdKGj.exe
  C:\Windows\System\yFpdKGj.exe
  2⤵
  PID:6652
- C:\Windows\System\yfiksls.exe
  C:\Windows\System\yfiksls.exe
  2⤵
  PID:6880
- C:\Windows\System\PlbNYsC.exe
  C:\Windows\System\PlbNYsC.exe
  2⤵
  PID:6588
- C:\Windows\System\QIjZaqt.exe
  C:\Windows\System\QIjZaqt.exe
  2⤵
  PID:6308
- C:\Windows\System\wvhafmK.exe
  C:\Windows\System\wvhafmK.exe
  2⤵
  PID:7076
- C:\Windows\System\POCznCY.exe
  C:\Windows\System\POCznCY.exe
  2⤵
  PID:2788
- C:\Windows\System\PJeBGXm.exe
  C:\Windows\System\PJeBGXm.exe
  2⤵
  PID:2392
- C:\Windows\System\tCHLZjp.exe
  C:\Windows\System\tCHLZjp.exe
  2⤵
  PID:2144
- C:\Windows\System\JsxWPzP.exe
  C:\Windows\System\JsxWPzP.exe
  2⤵
  PID:7060
- C:\Windows\System\sZPBLYs.exe
  C:\Windows\System\sZPBLYs.exe
  2⤵
  PID:7092
- C:\Windows\System\WskhCVD.exe
  C:\Windows\System\WskhCVD.exe
  2⤵
  PID:3152
- C:\Windows\System\wBfPWxB.exe
  C:\Windows\System\wBfPWxB.exe
  2⤵
  PID:6604
- C:\Windows\System\OmPoCRP.exe
  C:\Windows\System\OmPoCRP.exe
  2⤵
  PID:6856
- C:\Windows\System\EYHFUBP.exe
  C:\Windows\System\EYHFUBP.exe
  2⤵
  PID:1712
- C:\Windows\System\DDeOyzV.exe
  C:\Windows\System\DDeOyzV.exe
  2⤵
  PID:2972
- C:\Windows\System\jLvmPHk.exe
  C:\Windows\System\jLvmPHk.exe
  2⤵
  PID:6700
- C:\Windows\System\GHnjtSk.exe
  C:\Windows\System\GHnjtSk.exe
  2⤵
  PID:6840
- C:\Windows\System\SNMavph.exe
  C:\Windows\System\SNMavph.exe
  2⤵
  PID:6524
- C:\Windows\System\BZjkisP.exe
  C:\Windows\System\BZjkisP.exe
  2⤵
  PID:2208
- C:\Windows\System\eEhHBYN.exe
  C:\Windows\System\eEhHBYN.exe
  2⤵
  PID:1800
- C:\Windows\System\qMyImiu.exe
  C:\Windows\System\qMyImiu.exe
  2⤵
  PID:7164
- C:\Windows\System\axVMLcF.exe
  C:\Windows\System\axVMLcF.exe
  2⤵
  PID:6360
- C:\Windows\System\iBjAlTI.exe
  C:\Windows\System\iBjAlTI.exe
  2⤵
  PID:6676
- C:\Windows\System\DiCsktc.exe
  C:\Windows\System\DiCsktc.exe
  2⤵
  PID:6624
- C:\Windows\System\JVZMMnX.exe
  C:\Windows\System\JVZMMnX.exe
  2⤵
  PID:7072
- C:\Windows\System\EJnhwWu.exe
  C:\Windows\System\EJnhwWu.exe
  2⤵
  PID:6248
- C:\Windows\System\CeHNHDS.exe
  C:\Windows\System\CeHNHDS.exe
  2⤵
  PID:2600
- C:\Windows\System\RmeeNQR.exe
  C:\Windows\System\RmeeNQR.exe
  2⤵
  PID:6268
- C:\Windows\System\dCXbyNy.exe
  C:\Windows\System\dCXbyNy.exe
  2⤵
  PID:7160
- C:\Windows\System\vOtMpyo.exe
  C:\Windows\System\vOtMpyo.exe
  2⤵
  PID:6440
- C:\Windows\System\ZEpWBBI.exe
  C:\Windows\System\ZEpWBBI.exe
  2⤵
  PID:6380
- C:\Windows\System\uWOLtMg.exe
  C:\Windows\System\uWOLtMg.exe
  2⤵
  PID:7056
- C:\Windows\System\SKSvBJh.exe
  C:\Windows\System\SKSvBJh.exe
  2⤵
  PID:6824
- C:\Windows\System\WEWWIET.exe
  C:\Windows\System\WEWWIET.exe
  2⤵
  PID:2524
- C:\Windows\System\LIpEHwn.exe
  C:\Windows\System\LIpEHwn.exe
  2⤵
  PID:2516
- C:\Windows\System\tVKaGYk.exe
  C:\Windows\System\tVKaGYk.exe
  2⤵
  PID:6916
- C:\Windows\System\QCRDTqr.exe
  C:\Windows\System\QCRDTqr.exe
  2⤵
  PID:7124
- C:\Windows\System\scTKHuA.exe
  C:\Windows\System\scTKHuA.exe
  2⤵
  PID:7140
- C:\Windows\System\LisLNaa.exe
  C:\Windows\System\LisLNaa.exe
  2⤵
  PID:6620
- C:\Windows\System\drYqVpf.exe
  C:\Windows\System\drYqVpf.exe
  2⤵
  PID:2152
- C:\Windows\System\QCPtnLb.exe
  C:\Windows\System\QCPtnLb.exe
  2⤵
  PID:2488
- C:\Windows\System\XjtyHRD.exe
  C:\Windows\System\XjtyHRD.exe
  2⤵
  PID:2084
- C:\Windows\System\gZfQPSu.exe
  C:\Windows\System\gZfQPSu.exe
  2⤵
  PID:1972
- C:\Windows\System\kCVuvss.exe
  C:\Windows\System\kCVuvss.exe
  2⤵
  PID:6592
- C:\Windows\System\DFLQtYY.exe
  C:\Windows\System\DFLQtYY.exe
  2⤵
  PID:6692
- C:\Windows\System\eqCyRua.exe
  C:\Windows\System\eqCyRua.exe
  2⤵
  PID:6836
- C:\Windows\System\xbpqSfo.exe
  C:\Windows\System\xbpqSfo.exe
  2⤵
  PID:6696
- C:\Windows\System\jVWONtT.exe
  C:\Windows\System\jVWONtT.exe
  2⤵
  PID:1552
- C:\Windows\System\YNnAhqF.exe
  C:\Windows\System\YNnAhqF.exe
  2⤵
  PID:6456
- C:\Windows\System\wpyNmSH.exe
  C:\Windows\System\wpyNmSH.exe
  2⤵
  PID:1160
- C:\Windows\System\samNaMK.exe
  C:\Windows\System\samNaMK.exe
  2⤵
  PID:7184
- C:\Windows\System\rNZabTN.exe
  C:\Windows\System\rNZabTN.exe
  2⤵
  PID:7200
- C:\Windows\System\umhARWb.exe
  C:\Windows\System\umhARWb.exe
  2⤵
  PID:7216
- C:\Windows\System\wkNhDip.exe
  C:\Windows\System\wkNhDip.exe
  2⤵
  PID:7232
- C:\Windows\System\zQSXGWu.exe
  C:\Windows\System\zQSXGWu.exe
  2⤵
  PID:7248
- C:\Windows\System\AheEund.exe
  C:\Windows\System\AheEund.exe
  2⤵
  PID:7264
- C:\Windows\System\XubBhrf.exe
  C:\Windows\System\XubBhrf.exe
  2⤵
  PID:7280
- C:\Windows\System\PAbMzWY.exe
  C:\Windows\System\PAbMzWY.exe
  2⤵
  PID:7296
- C:\Windows\System\HPQjFJy.exe
  C:\Windows\System\HPQjFJy.exe
  2⤵
  PID:7312
- C:\Windows\System\sXrfjQA.exe
  C:\Windows\System\sXrfjQA.exe
  2⤵
  PID:7328
- C:\Windows\System\EANaqgG.exe
  C:\Windows\System\EANaqgG.exe
  2⤵
  PID:7344
- C:\Windows\System\UNByyGH.exe
  C:\Windows\System\UNByyGH.exe
  2⤵
  PID:7360
- C:\Windows\System\hmiuGYZ.exe
  C:\Windows\System\hmiuGYZ.exe
  2⤵
  PID:7376
- C:\Windows\System\TkhTTrj.exe
  C:\Windows\System\TkhTTrj.exe
  2⤵
  PID:7392
- C:\Windows\System\cxeESXO.exe
  C:\Windows\System\cxeESXO.exe
  2⤵
  PID:7408
- C:\Windows\System\sSKBHkr.exe
  C:\Windows\System\sSKBHkr.exe
  2⤵
  PID:7424
- C:\Windows\System\AGxjcHo.exe
  C:\Windows\System\AGxjcHo.exe
  2⤵
  PID:7440
- C:\Windows\System\OOGUgSF.exe
  C:\Windows\System\OOGUgSF.exe
  2⤵
  PID:7456
- C:\Windows\System\iwtzlzQ.exe
  C:\Windows\System\iwtzlzQ.exe
  2⤵
  PID:7472
- C:\Windows\System\RMOntuz.exe
  C:\Windows\System\RMOntuz.exe
  2⤵
  PID:7488
- C:\Windows\System\gxzdzIY.exe
  C:\Windows\System\gxzdzIY.exe
  2⤵
  PID:7504
- C:\Windows\System\stEwACY.exe
  C:\Windows\System\stEwACY.exe
  2⤵
  PID:7520
- C:\Windows\System\CXZQmwx.exe
  C:\Windows\System\CXZQmwx.exe
  2⤵
  PID:7536
- C:\Windows\System\qBFjsRC.exe
  C:\Windows\System\qBFjsRC.exe
  2⤵
  PID:7552
- C:\Windows\System\QgkAqon.exe
  C:\Windows\System\QgkAqon.exe
  2⤵
  PID:7568
- C:\Windows\System\zFGobXM.exe
  C:\Windows\System\zFGobXM.exe
  2⤵
  PID:7584
- C:\Windows\System\iAQMUpH.exe
  C:\Windows\System\iAQMUpH.exe
  2⤵
  PID:7600
- C:\Windows\System\gkaVqIJ.exe
  C:\Windows\System\gkaVqIJ.exe
  2⤵
  PID:7616
- C:\Windows\System\easlfMo.exe
  C:\Windows\System\easlfMo.exe
  2⤵
  PID:7632
- C:\Windows\System\CQRDIbM.exe
  C:\Windows\System\CQRDIbM.exe
  2⤵
  PID:7648
- C:\Windows\System\qOZwCco.exe
  C:\Windows\System\qOZwCco.exe
  2⤵
  PID:7668
- C:\Windows\System\ZJmgPIP.exe
  C:\Windows\System\ZJmgPIP.exe
  2⤵
  PID:7684
- C:\Windows\System\zwvwTDL.exe
  C:\Windows\System\zwvwTDL.exe
  2⤵
  PID:7700
- C:\Windows\System\zwUgVbV.exe
  C:\Windows\System\zwUgVbV.exe
  2⤵
  PID:7716
- C:\Windows\System\DVptfVY.exe
  C:\Windows\System\DVptfVY.exe
  2⤵
  PID:7732
- C:\Windows\System\AESSdvN.exe
  C:\Windows\System\AESSdvN.exe
  2⤵
  PID:7748
- C:\Windows\System\yEVjxhb.exe
  C:\Windows\System\yEVjxhb.exe
  2⤵
  PID:7764
- C:\Windows\System\CqMfLlg.exe
  C:\Windows\System\CqMfLlg.exe
  2⤵
  PID:7780
- C:\Windows\System\XfzywOT.exe
  C:\Windows\System\XfzywOT.exe
  2⤵
  PID:7796
- C:\Windows\System\lVfahSG.exe
  C:\Windows\System\lVfahSG.exe
  2⤵
  PID:7812
- C:\Windows\System\McsdfGj.exe
  C:\Windows\System\McsdfGj.exe
  2⤵
  PID:7828
- C:\Windows\System\TQVBuPx.exe
  C:\Windows\System\TQVBuPx.exe
  2⤵
  PID:7844
- C:\Windows\System\sRlgHcg.exe
  C:\Windows\System\sRlgHcg.exe
  2⤵
  PID:7860
- C:\Windows\System\imcgOku.exe
  C:\Windows\System\imcgOku.exe
  2⤵
  PID:7876
- C:\Windows\System\CIOXMqi.exe
  C:\Windows\System\CIOXMqi.exe
  2⤵
  PID:7892
- C:\Windows\System\GtWPcwG.exe
  C:\Windows\System\GtWPcwG.exe
  2⤵
  PID:7908
- C:\Windows\System\bBymLyw.exe
  C:\Windows\System\bBymLyw.exe
  2⤵
  PID:7924
- C:\Windows\System\kCBfwwW.exe
  C:\Windows\System\kCBfwwW.exe
  2⤵
  PID:7940
- C:\Windows\System\XncNEOY.exe
  C:\Windows\System\XncNEOY.exe
  2⤵
  PID:7956
- C:\Windows\System\NsOPfmF.exe
  C:\Windows\System\NsOPfmF.exe
  2⤵
  PID:7972
- C:\Windows\System\iwrjxiE.exe
  C:\Windows\System\iwrjxiE.exe
  2⤵
  PID:7988
- C:\Windows\System\PyHjzLM.exe
  C:\Windows\System\PyHjzLM.exe
  2⤵
  PID:8004
- C:\Windows\System\hdQvnvE.exe
  C:\Windows\System\hdQvnvE.exe
  2⤵
  PID:8020
- C:\Windows\System\eCdPeGe.exe
  C:\Windows\System\eCdPeGe.exe
  2⤵
  PID:8036
- C:\Windows\System\smstSev.exe
  C:\Windows\System\smstSev.exe
  2⤵
  PID:8052
- C:\Windows\System\aswdbkv.exe
  C:\Windows\System\aswdbkv.exe
  2⤵
  PID:8068
- C:\Windows\System\sVfDCiT.exe
  C:\Windows\System\sVfDCiT.exe
  2⤵
  PID:8084
- C:\Windows\System\olijZmX.exe
  C:\Windows\System\olijZmX.exe
  2⤵
  PID:8104
- C:\Windows\System\zCEppcB.exe
  C:\Windows\System\zCEppcB.exe
  2⤵
  PID:8120
- C:\Windows\System\eUHpHse.exe
  C:\Windows\System\eUHpHse.exe
  2⤵
  PID:8136
- C:\Windows\System\rrTazSM.exe
  C:\Windows\System\rrTazSM.exe
  2⤵
  PID:8152
- C:\Windows\System\ywuuLAK.exe
  C:\Windows\System\ywuuLAK.exe
  2⤵
  PID:8168
- C:\Windows\System\dLMhLAt.exe
  C:\Windows\System\dLMhLAt.exe
  2⤵
  PID:8184
- C:\Windows\System\PtfmEYh.exe
  C:\Windows\System\PtfmEYh.exe
  2⤵
  PID:6904
- C:\Windows\System\pbMYIKN.exe
  C:\Windows\System\pbMYIKN.exe
  2⤵
  PID:6252
- C:\Windows\System\RuwUbBS.exe
  C:\Windows\System\RuwUbBS.exe
  2⤵
  PID:1520
- C:\Windows\System\jZKEulI.exe
  C:\Windows\System\jZKEulI.exe
  2⤵
  PID:7192
- C:\Windows\System\TouXvDC.exe
  C:\Windows\System\TouXvDC.exe
  2⤵
  PID:7256
- C:\Windows\System\rSnRfwx.exe
  C:\Windows\System\rSnRfwx.exe
  2⤵
  PID:7212
- C:\Windows\System\cVIfsnB.exe
  C:\Windows\System\cVIfsnB.exe
  2⤵
  PID:7304
- C:\Windows\System\XBGwJcl.exe
  C:\Windows\System\XBGwJcl.exe
  2⤵
  PID:7288
- C:\Windows\System\PpTvYfm.exe
  C:\Windows\System\PpTvYfm.exe
  2⤵
  PID:7352
- C:\Windows\System\LoFogdd.exe
  C:\Windows\System\LoFogdd.exe
  2⤵
  PID:7416
- C:\Windows\System\uVhGRIg.exe
  C:\Windows\System\uVhGRIg.exe
  2⤵
  PID:7480
- C:\Windows\System\IjXgmsk.exe
  C:\Windows\System\IjXgmsk.exe
  2⤵
  PID:7544
- C:\Windows\System\CbmFzfs.exe
  C:\Windows\System\CbmFzfs.exe
  2⤵
  PID:7608
- C:\Windows\System\EnghlrK.exe
  C:\Windows\System\EnghlrK.exe
  2⤵
  PID:7368
- C:\Windows\System\rubmmep.exe
  C:\Windows\System\rubmmep.exe
  2⤵
  PID:7464
- C:\Windows\System\FXJWWsF.exe
  C:\Windows\System\FXJWWsF.exe
  2⤵
  PID:7468
- C:\Windows\System\iUDSpAO.exe
  C:\Windows\System\iUDSpAO.exe
  2⤵
  PID:7500
- C:\Windows\System\XvTiNHn.exe
  C:\Windows\System\XvTiNHn.exe
  2⤵
  PID:7564
- C:\Windows\System\NHXeMlg.exe
  C:\Windows\System\NHXeMlg.exe
  2⤵
  PID:7660
- C:\Windows\System\TMcyHjE.exe
  C:\Windows\System\TMcyHjE.exe
  2⤵
  PID:7696
- C:\Windows\System\GqyFfsD.exe
  C:\Windows\System\GqyFfsD.exe
  2⤵
  PID:7712
- C:\Windows\System\SYCgHVt.exe
  C:\Windows\System\SYCgHVt.exe
  2⤵
  PID:7776
- C:\Windows\System\WwZrLtM.exe
  C:\Windows\System\WwZrLtM.exe
  2⤵
  PID:7820
- C:\Windows\System\IcDBxBr.exe
  C:\Windows\System\IcDBxBr.exe
  2⤵
  PID:7836
- C:\Windows\System\snxoQzf.exe
  C:\Windows\System\snxoQzf.exe
  2⤵
  PID:7824
- C:\Windows\System\VxYFvhJ.exe
  C:\Windows\System\VxYFvhJ.exe
  2⤵
  PID:7916
- C:\Windows\System\iDODmWP.exe
  C:\Windows\System\iDODmWP.exe
  2⤵
  PID:7980
- C:\Windows\System\EtZJKWo.exe
  C:\Windows\System\EtZJKWo.exe
  2⤵
  PID:7936
- C:\Windows\System\TIUSJxg.exe
  C:\Windows\System\TIUSJxg.exe
  2⤵
  PID:7996
- C:\Windows\System\iCfPeFy.exe
  C:\Windows\System\iCfPeFy.exe
  2⤵
  PID:8060
- C:\Windows\System\NiTCboB.exe
  C:\Windows\System\NiTCboB.exe
  2⤵
  PID:8100
- C:\Windows\System\jXchROD.exe
  C:\Windows\System\jXchROD.exe
  2⤵
  PID:8164
- C:\Windows\System\YjehWHF.exe
  C:\Windows\System\YjehWHF.exe
  2⤵
  PID:480
- C:\Windows\System\TXKpZhs.exe
  C:\Windows\System\TXKpZhs.exe
  2⤵
  PID:7276
- C:\Windows\System\jmEsgzQ.exe
  C:\Windows\System\jmEsgzQ.exe
  2⤵
  PID:8112
- C:\Windows\System\aOgEFDl.exe
  C:\Windows\System\aOgEFDl.exe
  2⤵
  PID:8176
- C:\Windows\System\APStnhP.exe
  C:\Windows\System\APStnhP.exe
  2⤵
  PID:8148
- C:\Windows\System\fVwtYnu.exe
  C:\Windows\System\fVwtYnu.exe
  2⤵
  PID:7176
- C:\Windows\System\zCmaGON.exe
  C:\Windows\System\zCmaGON.exe
  2⤵
  PID:7384
- C:\Windows\System\RMPfvWi.exe
  C:\Windows\System\RMPfvWi.exe
  2⤵
  PID:7448
- C:\Windows\System\jfEvSSm.exe
  C:\Windows\System\jfEvSSm.exe
  2⤵
  PID:7400
- C:\Windows\System\sZlaUXO.exe
  C:\Windows\System\sZlaUXO.exe
  2⤵
  PID:7532
- C:\Windows\System\JJOUZfV.exe
  C:\Windows\System\JJOUZfV.exe
  2⤵
  PID:7436
- C:\Windows\System\trHCxhn.exe
  C:\Windows\System\trHCxhn.exe
  2⤵
  PID:7680
- C:\Windows\System\oKeqrra.exe
  C:\Windows\System\oKeqrra.exe
  2⤵
  PID:7728
- C:\Windows\System\IGgfmDM.exe
  C:\Windows\System\IGgfmDM.exe
  2⤵
  PID:7872
- C:\Windows\System\BxyYbKS.exe
  C:\Windows\System\BxyYbKS.exe
  2⤵
  PID:7968
- C:\Windows\System\GScHgjO.exe
  C:\Windows\System\GScHgjO.exe
  2⤵
  PID:7840
- C:\Windows\System\TrdzXQt.exe
  C:\Windows\System\TrdzXQt.exe
  2⤵
  PID:7932
- C:\Windows\System\xjkWRma.exe
  C:\Windows\System\xjkWRma.exe
  2⤵
  PID:8044
- C:\Windows\System\WezqzMC.exe
  C:\Windows\System\WezqzMC.exe
  2⤵
  PID:8144
- C:\Windows\System\OHIUQBL.exe
  C:\Windows\System\OHIUQBL.exe
  2⤵
  PID:7244
- C:\Windows\System\VgjpYCx.exe
  C:\Windows\System\VgjpYCx.exe
  2⤵
  PID:8048
- C:\Windows\System\beZabBt.exe
  C:\Windows\System\beZabBt.exe
  2⤵
  PID:7580
- C:\Windows\System\lWlGgln.exe
  C:\Windows\System\lWlGgln.exe
  2⤵
  PID:7644
- C:\Windows\System\gNzIbqH.exe
  C:\Windows\System\gNzIbqH.exe
  2⤵
  PID:7948
- C:\Windows\System\DrxEKcn.exe
  C:\Windows\System\DrxEKcn.exe
  2⤵
  PID:7512
- C:\Windows\System\GyawBpy.exe
  C:\Windows\System\GyawBpy.exe
  2⤵
  PID:7788
- C:\Windows\System\bGFmuNq.exe
  C:\Windows\System\bGFmuNq.exe
  2⤵
  PID:8032
- C:\Windows\System\vwJuxCo.exe
  C:\Windows\System\vwJuxCo.exe
  2⤵
  PID:6800
- C:\Windows\System\AmfRegs.exe
  C:\Windows\System\AmfRegs.exe
  2⤵
  PID:7320
- C:\Windows\System\UBPOtlo.exe
  C:\Windows\System\UBPOtlo.exe
  2⤵
  PID:7904
- C:\Windows\System\nEtjSAS.exe
  C:\Windows\System\nEtjSAS.exe
  2⤵
  PID:7336
- C:\Windows\System\CWSRIio.exe
  C:\Windows\System\CWSRIio.exe
  2⤵
  PID:8208
- C:\Windows\System\iieXBvb.exe
  C:\Windows\System\iieXBvb.exe
  2⤵
  PID:8224
- C:\Windows\System\sJFImrl.exe
  C:\Windows\System\sJFImrl.exe
  2⤵
  PID:8240
- C:\Windows\System\ZBRiFDb.exe
  C:\Windows\System\ZBRiFDb.exe
  2⤵
  PID:8256
- C:\Windows\System\awPxsZn.exe
  C:\Windows\System\awPxsZn.exe
  2⤵
  PID:8272
- C:\Windows\System\kzCGjKl.exe
  C:\Windows\System\kzCGjKl.exe
  2⤵
  PID:8288
- C:\Windows\System\lBBPAvT.exe
  C:\Windows\System\lBBPAvT.exe
  2⤵
  PID:8304
- C:\Windows\System\PaxrKeQ.exe
  C:\Windows\System\PaxrKeQ.exe
  2⤵
  PID:8320
- C:\Windows\System\AbSHDuv.exe
  C:\Windows\System\AbSHDuv.exe
  2⤵
  PID:8336
- C:\Windows\System\bbJGbZP.exe
  C:\Windows\System\bbJGbZP.exe
  2⤵
  PID:8352
- C:\Windows\System\ZCNSrHt.exe
  C:\Windows\System\ZCNSrHt.exe
  2⤵
  PID:8368
- C:\Windows\System\hVMoBHL.exe
  C:\Windows\System\hVMoBHL.exe
  2⤵
  PID:8384
- C:\Windows\System\PyIbauM.exe
  C:\Windows\System\PyIbauM.exe
  2⤵
  PID:8400
- C:\Windows\System\PVKelVT.exe
  C:\Windows\System\PVKelVT.exe
  2⤵
  PID:8416
- C:\Windows\System\synKOiS.exe
  C:\Windows\System\synKOiS.exe
  2⤵
  PID:8432
- C:\Windows\System\ZXAJSwc.exe
  C:\Windows\System\ZXAJSwc.exe
  2⤵
  PID:8448
- C:\Windows\System\ETazYRj.exe
  C:\Windows\System\ETazYRj.exe
  2⤵
  PID:8464
- C:\Windows\System\dkexlAA.exe
  C:\Windows\System\dkexlAA.exe
  2⤵
  PID:8480
- C:\Windows\System\xRASXWA.exe
  C:\Windows\System\xRASXWA.exe
  2⤵
  PID:8496
- C:\Windows\System\AqSrnNv.exe
  C:\Windows\System\AqSrnNv.exe
  2⤵
  PID:8512
- C:\Windows\System\mJCtnwl.exe
  C:\Windows\System\mJCtnwl.exe
  2⤵
  PID:8528
- C:\Windows\System\FFhnGxl.exe
  C:\Windows\System\FFhnGxl.exe
  2⤵
  PID:8544
- C:\Windows\System\goafNSv.exe
  C:\Windows\System\goafNSv.exe
  2⤵
  PID:8560
- C:\Windows\System\ublqDFq.exe
  C:\Windows\System\ublqDFq.exe
  2⤵
  PID:8576
- C:\Windows\System\TojZZfE.exe
  C:\Windows\System\TojZZfE.exe
  2⤵
  PID:8592
- C:\Windows\System\TjHISQh.exe
  C:\Windows\System\TjHISQh.exe
  2⤵
  PID:8608
- C:\Windows\System\lpnKkBc.exe
  C:\Windows\System\lpnKkBc.exe
  2⤵
  PID:8624
- C:\Windows\System\KHsCYwF.exe
  C:\Windows\System\KHsCYwF.exe
  2⤵
  PID:8640
- C:\Windows\System\EXJYMtv.exe
  C:\Windows\System\EXJYMtv.exe
  2⤵
  PID:8656
- C:\Windows\System\wgiVcoN.exe
  C:\Windows\System\wgiVcoN.exe
  2⤵
  PID:8672
- C:\Windows\System\mRwQYCM.exe
  C:\Windows\System\mRwQYCM.exe
  2⤵
  PID:8688
- C:\Windows\System\WHFuWgR.exe
  C:\Windows\System\WHFuWgR.exe
  2⤵
  PID:8704
- C:\Windows\System\ZpOxfYK.exe
  C:\Windows\System\ZpOxfYK.exe
  2⤵
  PID:8720
- C:\Windows\System\ZMDNMGv.exe
  C:\Windows\System\ZMDNMGv.exe
  2⤵
  PID:8736
- C:\Windows\System\aPlAMQU.exe
  C:\Windows\System\aPlAMQU.exe
  2⤵
  PID:8752
- C:\Windows\System\FSyrKPT.exe
  C:\Windows\System\FSyrKPT.exe
  2⤵
  PID:8768
- C:\Windows\System\BnjTQDm.exe
  C:\Windows\System\BnjTQDm.exe
  2⤵
  PID:8784
- C:\Windows\System\rTWVipv.exe
  C:\Windows\System\rTWVipv.exe
  2⤵
  PID:8800
- C:\Windows\System\RAFvOmo.exe
  C:\Windows\System\RAFvOmo.exe
  2⤵
  PID:8816
- C:\Windows\System\TrPTaOF.exe
  C:\Windows\System\TrPTaOF.exe
  2⤵
  PID:8832
- C:\Windows\System\kvEPYBm.exe
  C:\Windows\System\kvEPYBm.exe
  2⤵
  PID:8848
- C:\Windows\System\afDHJdR.exe
  C:\Windows\System\afDHJdR.exe
  2⤵
  PID:8864
- C:\Windows\System\kndVlBz.exe
  C:\Windows\System\kndVlBz.exe
  2⤵
  PID:8880
- C:\Windows\System\JQAVeek.exe
  C:\Windows\System\JQAVeek.exe
  2⤵
  PID:8896
- C:\Windows\System\SuwaAEP.exe
  C:\Windows\System\SuwaAEP.exe
  2⤵
  PID:8912
- C:\Windows\System\MSchapr.exe
  C:\Windows\System\MSchapr.exe
  2⤵
  PID:8928
- C:\Windows\System\uPpGbAC.exe
  C:\Windows\System\uPpGbAC.exe
  2⤵
  PID:8944
- C:\Windows\System\DVJifqQ.exe
  C:\Windows\System\DVJifqQ.exe
  2⤵
  PID:8960
- C:\Windows\System\AiUUTUc.exe
  C:\Windows\System\AiUUTUc.exe
  2⤵
  PID:8976
- C:\Windows\System\eenWVAI.exe
  C:\Windows\System\eenWVAI.exe
  2⤵
  PID:8992
- C:\Windows\System\zCLpHwW.exe
  C:\Windows\System\zCLpHwW.exe
  2⤵
  PID:9012
- C:\Windows\System\PaLlJub.exe
  C:\Windows\System\PaLlJub.exe
  2⤵
  PID:9028
- C:\Windows\System\ZWsyAdr.exe
  C:\Windows\System\ZWsyAdr.exe
  2⤵
  PID:9044
- C:\Windows\System\mfCUBzA.exe
  C:\Windows\System\mfCUBzA.exe
  2⤵
  PID:9060
- C:\Windows\System\umUsjKq.exe
  C:\Windows\System\umUsjKq.exe
  2⤵
  PID:9076
- C:\Windows\System\HJZGGDm.exe
  C:\Windows\System\HJZGGDm.exe
  2⤵
  PID:9092
- C:\Windows\System\lVQNntm.exe
  C:\Windows\System\lVQNntm.exe
  2⤵
  PID:9112
- C:\Windows\System\cAjZEgC.exe
  C:\Windows\System\cAjZEgC.exe
  2⤵
  PID:9128
- C:\Windows\System\nTaykZa.exe
  C:\Windows\System\nTaykZa.exe
  2⤵
  PID:9144
- C:\Windows\System\wNeUFIQ.exe
  C:\Windows\System\wNeUFIQ.exe
  2⤵
  PID:9160
- C:\Windows\System\suhlOLk.exe
  C:\Windows\System\suhlOLk.exe
  2⤵
  PID:9188
- C:\Windows\System\ocHCyPs.exe
  C:\Windows\System\ocHCyPs.exe
  2⤵
  PID:9208
- C:\Windows\System\ntNRfEs.exe
  C:\Windows\System\ntNRfEs.exe
  2⤵
  PID:7228
- C:\Windows\System\owdKBrE.exe
  C:\Windows\System\owdKBrE.exe
  2⤵
  PID:8252
- C:\Windows\System\soipjoP.exe
  C:\Windows\System\soipjoP.exe
  2⤵
  PID:8312
- C:\Windows\System\TFuDMWM.exe
  C:\Windows\System\TFuDMWM.exe
  2⤵
  PID:7516
- C:\Windows\System\myOJiVf.exe
  C:\Windows\System\myOJiVf.exe
  2⤵
  PID:7888
- C:\Windows\System\caMqiAj.exe
  C:\Windows\System\caMqiAj.exe
  2⤵
  PID:8236
- C:\Windows\System\TPXDrMj.exe
  C:\Windows\System\TPXDrMj.exe
  2⤵
  PID:8300
- C:\Windows\System\piKrted.exe
  C:\Windows\System\piKrted.exe
  2⤵
  PID:8376
- C:\Windows\System\TPUoLRd.exe
  C:\Windows\System\TPUoLRd.exe
  2⤵
  PID:8328
- C:\Windows\System\sCmpEjg.exe
  C:\Windows\System\sCmpEjg.exe
  2⤵
  PID:8392
- C:\Windows\System\VLUUYTo.exe
  C:\Windows\System\VLUUYTo.exe
  2⤵
  PID:8444
- C:\Windows\System\IoNDajs.exe
  C:\Windows\System\IoNDajs.exe
  2⤵
  PID:8476
- C:\Windows\System\tYBhvTK.exe
  C:\Windows\System\tYBhvTK.exe
  2⤵
  PID:8540
- C:\Windows\System\kiNqETb.exe
  C:\Windows\System\kiNqETb.exe
  2⤵
  PID:8600
- C:\Windows\System\JUlfnKx.exe
  C:\Windows\System\JUlfnKx.exe
  2⤵
  PID:8492
- C:\Windows\System\uDiLkaP.exe
  C:\Windows\System\uDiLkaP.exe
  2⤵
  PID:8668
- C:\Windows\System\xcgSaxR.exe
  C:\Windows\System\xcgSaxR.exe
  2⤵
  PID:8556
- C:\Windows\System\uRtaOzY.exe
  C:\Windows\System\uRtaOzY.exe
  2⤵
  PID:8728
- C:\Windows\System\bKUrtbh.exe
  C:\Windows\System\bKUrtbh.exe
  2⤵
  PID:8652
- C:\Windows\System\FmLkjUH.exe
  C:\Windows\System\FmLkjUH.exe
  2⤵
  PID:8744
- C:\Windows\System\yyRfprm.exe
  C:\Windows\System\yyRfprm.exe
  2⤵
  PID:8780
- C:\Windows\System\wmqIFRl.exe
  C:\Windows\System\wmqIFRl.exe
  2⤵
  PID:8796
- C:\Windows\System\kGVyXIY.exe
  C:\Windows\System\kGVyXIY.exe
  2⤵
  PID:8860
- C:\Windows\System\LHAjRTZ.exe
  C:\Windows\System\LHAjRTZ.exe
  2⤵
  PID:8844
- C:\Windows\System\PrgYJEv.exe
  C:\Windows\System\PrgYJEv.exe
  2⤵
  PID:8908
- C:\Windows\System\NfBjcrW.exe
  C:\Windows\System\NfBjcrW.exe
  2⤵
  PID:8920
- C:\Windows\System\ClkQtgR.exe
  C:\Windows\System\ClkQtgR.exe
  2⤵
  PID:8956
- C:\Windows\System\WGWvvmq.exe
  C:\Windows\System\WGWvvmq.exe
  2⤵
  PID:8984
- C:\Windows\System\jieZeOJ.exe
  C:\Windows\System\jieZeOJ.exe
  2⤵
  PID:9024
- C:\Windows\System\fNfwFnT.exe
  C:\Windows\System\fNfwFnT.exe
  2⤵
  PID:9104
- C:\Windows\System\PlhLYHc.exe
  C:\Windows\System\PlhLYHc.exe
  2⤵
  PID:9068
- C:\Windows\System\kNksYxk.exe
  C:\Windows\System\kNksYxk.exe
  2⤵
  PID:9108
- C:\Windows\System\jGiUxMx.exe
  C:\Windows\System\jGiUxMx.exe
  2⤵
  PID:9200
- C:\Windows\System\ZRmHBSm.exe
  C:\Windows\System\ZRmHBSm.exe
  2⤵
  PID:7628
- C:\Windows\System\biUEHHV.exe
  C:\Windows\System\biUEHHV.exe
  2⤵
  PID:8344
- C:\Windows\System\FuykhpQ.exe
  C:\Windows\System\FuykhpQ.exe
  2⤵
  PID:9168
- C:\Windows\System\rekLzSY.exe
  C:\Windows\System\rekLzSY.exe
  2⤵
  PID:9176
- C:\Windows\System\rFehSLV.exe
  C:\Windows\System\rFehSLV.exe
  2⤵
  PID:7576
- C:\Windows\System\tIJUTFJ.exe
  C:\Windows\System\tIJUTFJ.exe
  2⤵
  PID:8412
- C:\Windows\System\BOyaeSs.exe
  C:\Windows\System\BOyaeSs.exe
  2⤵
  PID:8508
- C:\Windows\System\zlLTesJ.exe
  C:\Windows\System\zlLTesJ.exe
  2⤵
  PID:8472
- C:\Windows\System\OTcxTYW.exe
  C:\Windows\System\OTcxTYW.exe
  2⤵
  PID:8616
- C:\Windows\System\LcfOYwF.exe
  C:\Windows\System\LcfOYwF.exe
  2⤵
  PID:8524
- C:\Windows\System\GBHCmNs.exe
  C:\Windows\System\GBHCmNs.exe
  2⤵
  PID:8764
- C:\Windows\System\hpxFHzJ.exe
  C:\Windows\System\hpxFHzJ.exe
  2⤵
  PID:8888
- C:\Windows\System\wBYqzij.exe
  C:\Windows\System\wBYqzij.exe
  2⤵
  PID:7656
- C:\Windows\System\JBZfExp.exe
  C:\Windows\System\JBZfExp.exe
  2⤵
  PID:8856
- C:\Windows\System\GracIRm.exe
  C:\Windows\System\GracIRm.exe
  2⤵
  PID:9056
- C:\Windows\System\BxGIPBj.exe
  C:\Windows\System\BxGIPBj.exe
  2⤵
  PID:9036
- C:\Windows\System\zYwhgZg.exe
  C:\Windows\System\zYwhgZg.exe
  2⤵
  PID:9156
- C:\Windows\System\QzlMxxq.exe
  C:\Windows\System\QzlMxxq.exe
  2⤵
  PID:8204
- C:\Windows\System\uDeoRoa.exe
  C:\Windows\System\uDeoRoa.exe
  2⤵
  PID:9184
- C:\Windows\System\DiRIxkP.exe
  C:\Windows\System\DiRIxkP.exe
  2⤵
  PID:8424
- C:\Windows\System\awTnqIL.exe
  C:\Windows\System\awTnqIL.exe
  2⤵
  PID:8160
- C:\Windows\System\axYxQsE.exe
  C:\Windows\System\axYxQsE.exe
  2⤵
  PID:8632
- C:\Windows\System\lZkgCDF.exe
  C:\Windows\System\lZkgCDF.exe
  2⤵
  PID:8588
- C:\Windows\System\NrZlRIX.exe
  C:\Windows\System\NrZlRIX.exe
  2⤵
  PID:9004
- C:\Windows\System\XFhHtiS.exe
  C:\Windows\System\XFhHtiS.exe
  2⤵
  PID:8968
- C:\Windows\System\PTSWidl.exe
  C:\Windows\System\PTSWidl.exe
  2⤵
  PID:8940
- C:\Windows\System\pgTiwgI.exe
  C:\Windows\System\pgTiwgI.exe
  2⤵
  PID:9020
- C:\Windows\System\bwMdlYo.exe
  C:\Windows\System\bwMdlYo.exe
  2⤵
  PID:8364
- C:\Windows\System\hPMKPLa.exe
  C:\Windows\System\hPMKPLa.exe
  2⤵
  PID:8636
- C:\Windows\System\BMpZQyJ.exe
  C:\Windows\System\BMpZQyJ.exe
  2⤵
  PID:8284
- C:\Windows\System\oWeAajF.exe
  C:\Windows\System\oWeAajF.exe
  2⤵
  PID:8248
- C:\Windows\System\SHEHDUv.exe
  C:\Windows\System\SHEHDUv.exe
  2⤵
  PID:8428
- C:\Windows\System\rvYpNYk.exe
  C:\Windows\System\rvYpNYk.exe
  2⤵
  PID:8812
- C:\Windows\System\HAQvdfN.exe
  C:\Windows\System\HAQvdfN.exe
  2⤵
  PID:7772
- C:\Windows\System\kPcKeGd.exe
  C:\Windows\System\kPcKeGd.exe
  2⤵
  PID:8732
- C:\Windows\System\HsfnduH.exe
  C:\Windows\System\HsfnduH.exe
  2⤵
  PID:9228
- C:\Windows\System\hqYaNvo.exe
  C:\Windows\System\hqYaNvo.exe
  2⤵
  PID:9244
- C:\Windows\System\TqPSDSR.exe
  C:\Windows\System\TqPSDSR.exe
  2⤵
  PID:9260
- C:\Windows\System\MaqkKJz.exe
  C:\Windows\System\MaqkKJz.exe
  2⤵
  PID:9276
- C:\Windows\System\JfNAEEq.exe
  C:\Windows\System\JfNAEEq.exe
  2⤵
  PID:9292
- C:\Windows\System\YbbrnGm.exe
  C:\Windows\System\YbbrnGm.exe
  2⤵
  PID:9308
- C:\Windows\System\fdodLZk.exe
  C:\Windows\System\fdodLZk.exe
  2⤵
  PID:9324
- C:\Windows\System\iniEqVB.exe
  C:\Windows\System\iniEqVB.exe
  2⤵
  PID:9344
- C:\Windows\System\YahdDpd.exe
  C:\Windows\System\YahdDpd.exe
  2⤵
  PID:9364
- C:\Windows\System\lqMimLi.exe
  C:\Windows\System\lqMimLi.exe
  2⤵
  PID:9380
- C:\Windows\System\hjGElQE.exe
  C:\Windows\System\hjGElQE.exe
  2⤵
  PID:9400
- C:\Windows\System\MRJpbZF.exe
  C:\Windows\System\MRJpbZF.exe
  2⤵
  PID:9416
- C:\Windows\System\moHihBk.exe
  C:\Windows\System\moHihBk.exe
  2⤵
  PID:9432
- C:\Windows\System\CbegTAK.exe
  C:\Windows\System\CbegTAK.exe
  2⤵
  PID:9448
- C:\Windows\System\LGIWkIS.exe
  C:\Windows\System\LGIWkIS.exe
  2⤵
  PID:9464
- C:\Windows\System\NWhRZAZ.exe
  C:\Windows\System\NWhRZAZ.exe
  2⤵
  PID:9484
- C:\Windows\System\VMpVomf.exe
  C:\Windows\System\VMpVomf.exe
  2⤵
  PID:9500
- C:\Windows\System\cdXrFqI.exe
  C:\Windows\System\cdXrFqI.exe
  2⤵
  PID:9516
- C:\Windows\System\FkHXnNA.exe
  C:\Windows\System\FkHXnNA.exe
  2⤵
  PID:9532
- C:\Windows\System\QGfMxLu.exe
  C:\Windows\System\QGfMxLu.exe
  2⤵
  PID:9552
- C:\Windows\System\PbMRlOY.exe
  C:\Windows\System\PbMRlOY.exe
  2⤵
  PID:9568
- C:\Windows\System\Xqlshob.exe
  C:\Windows\System\Xqlshob.exe
  2⤵
  PID:9584
- C:\Windows\System\CEHLbSO.exe
  C:\Windows\System\CEHLbSO.exe
  2⤵
  PID:9600
- C:\Windows\System\OrrKvEC.exe
  C:\Windows\System\OrrKvEC.exe
  2⤵
  PID:9616
- C:\Windows\System\ELJolWg.exe
  C:\Windows\System\ELJolWg.exe
  2⤵
  PID:9632
- C:\Windows\System\tKwVoap.exe
  C:\Windows\System\tKwVoap.exe
  2⤵
  PID:9648
- C:\Windows\System\FbFLIvL.exe
  C:\Windows\System\FbFLIvL.exe
  2⤵
  PID:9664
- C:\Windows\System\jFhNAQM.exe
  C:\Windows\System\jFhNAQM.exe
  2⤵
  PID:9680
- C:\Windows\System\cRqUQhy.exe
  C:\Windows\System\cRqUQhy.exe
  2⤵
  PID:9700
- C:\Windows\System\brXBRKc.exe
  C:\Windows\System\brXBRKc.exe
  2⤵
  PID:9716
- C:\Windows\System\Whpiyxj.exe
  C:\Windows\System\Whpiyxj.exe
  2⤵
  PID:9736
- C:\Windows\System\bLHPwQt.exe
  C:\Windows\System\bLHPwQt.exe
  2⤵
  PID:9752
- C:\Windows\System\XWKjnJT.exe
  C:\Windows\System\XWKjnJT.exe
  2⤵
  PID:9768
- C:\Windows\System\mFLGVTD.exe
  C:\Windows\System\mFLGVTD.exe
  2⤵
  PID:9784
- C:\Windows\System\hBvCLlK.exe
  C:\Windows\System\hBvCLlK.exe
  2⤵
  PID:9804
- C:\Windows\System\deiMCKK.exe
  C:\Windows\System\deiMCKK.exe
  2⤵
  PID:9820
- C:\Windows\System\FMLGBjH.exe
  C:\Windows\System\FMLGBjH.exe
  2⤵
  PID:9836
- C:\Windows\System\nkAktUI.exe
  C:\Windows\System\nkAktUI.exe
  2⤵
  PID:9852
- C:\Windows\System\QjLRnYz.exe
  C:\Windows\System\QjLRnYz.exe
  2⤵
  PID:9868
- C:\Windows\System\ehJAChO.exe
  C:\Windows\System\ehJAChO.exe
  2⤵
  PID:9884
- C:\Windows\System\OnJmyGR.exe
  C:\Windows\System\OnJmyGR.exe
  2⤵
  PID:9900
- C:\Windows\System\ZkWSFuy.exe
  C:\Windows\System\ZkWSFuy.exe
  2⤵
  PID:9916
- C:\Windows\System\CIloAMB.exe
  C:\Windows\System\CIloAMB.exe
  2⤵
  PID:9932
- C:\Windows\System\QLjRIvX.exe
  C:\Windows\System\QLjRIvX.exe
  2⤵
  PID:9948
- C:\Windows\System\NWSZxvE.exe
  C:\Windows\System\NWSZxvE.exe
  2⤵
  PID:9964
- C:\Windows\System\SgPSFZB.exe
  C:\Windows\System\SgPSFZB.exe
  2⤵
  PID:9980
- C:\Windows\System\wnMjuTn.exe
  C:\Windows\System\wnMjuTn.exe
  2⤵
  PID:9996
- C:\Windows\System\yCHRMtD.exe
  C:\Windows\System\yCHRMtD.exe
  2⤵
  PID:10012
- C:\Windows\System\RRAdFae.exe
  C:\Windows\System\RRAdFae.exe
  2⤵
  PID:10028
- C:\Windows\System\kgyMdqn.exe
  C:\Windows\System\kgyMdqn.exe
  2⤵
  PID:10048
- C:\Windows\System\aFclJQI.exe
  C:\Windows\System\aFclJQI.exe
  2⤵
  PID:10064
- C:\Windows\System\vIzOdwn.exe
  C:\Windows\System\vIzOdwn.exe
  2⤵
  PID:10080
- C:\Windows\System\NXjRBGf.exe
  C:\Windows\System\NXjRBGf.exe
  2⤵
  PID:10096
- C:\Windows\System\eMQeFsk.exe
  C:\Windows\System\eMQeFsk.exe
  2⤵
  PID:10112
- C:\Windows\System\NoeOTgX.exe
  C:\Windows\System\NoeOTgX.exe
  2⤵
  PID:10128
- C:\Windows\System\IqQyTUP.exe
  C:\Windows\System\IqQyTUP.exe
  2⤵
  PID:10148
- C:\Windows\System\JVjROQb.exe
  C:\Windows\System\JVjROQb.exe
  2⤵
  PID:10164
- C:\Windows\System\SmcOTKc.exe
  C:\Windows\System\SmcOTKc.exe
  2⤵
  PID:10180
- C:\Windows\System\ACgKqOE.exe
  C:\Windows\System\ACgKqOE.exe
  2⤵
  PID:10196
- C:\Windows\System\OVZXaht.exe
  C:\Windows\System\OVZXaht.exe
  2⤵
  PID:10212
- C:\Windows\System\mfxndjK.exe
  C:\Windows\System\mfxndjK.exe
  2⤵
  PID:10228
- C:\Windows\System\Ujaeibu.exe
  C:\Windows\System\Ujaeibu.exe
  2⤵
  PID:8572
- C:\Windows\System\aCrJBtP.exe
  C:\Windows\System\aCrJBtP.exe
  2⤵
  PID:9124
- C:\Windows\System\hvDAWBa.exe
  C:\Windows\System\hvDAWBa.exe
  2⤵
  PID:9220
- C:\Windows\System\CuDGZgE.exe
  C:\Windows\System\CuDGZgE.exe
  2⤵
  PID:9252
- C:\Windows\System\afShnpH.exe
  C:\Windows\System\afShnpH.exe
  2⤵
  PID:9320
- C:\Windows\System\ShvvHtp.exe
  C:\Windows\System\ShvvHtp.exe
  2⤵
  PID:9356
- C:\Windows\System\luhbdOu.exe
  C:\Windows\System\luhbdOu.exe
  2⤵
  PID:9440
- C:\Windows\System\cCoHAPX.exe
  C:\Windows\System\cCoHAPX.exe
  2⤵
  PID:9360
- C:\Windows\System\jQzrXvp.exe
  C:\Windows\System\jQzrXvp.exe
  2⤵
  PID:9388
- C:\Windows\System\tthJRbJ.exe
  C:\Windows\System\tthJRbJ.exe
  2⤵
  PID:9460
- C:\Windows\System\lpVPaLJ.exe
  C:\Windows\System\lpVPaLJ.exe
  2⤵
  PID:9512
- C:\Windows\System\GMULUVK.exe
  C:\Windows\System\GMULUVK.exe
  2⤵
  PID:9544
- C:\Windows\System\ZwdxSvU.exe
  C:\Windows\System\ZwdxSvU.exe
  2⤵
  PID:9792
- C:\Windows\System\MGjzIId.exe
  C:\Windows\System\MGjzIId.exe
  2⤵
  PID:9816
- C:\Windows\System\pAsFXKM.exe
  C:\Windows\System\pAsFXKM.exe
  2⤵
  PID:9976
- C:\Windows\System\kZfdekn.exe
  C:\Windows\System\kZfdekn.exe
  2⤵
  PID:9928
- C:\Windows\System\khrHhku.exe
  C:\Windows\System\khrHhku.exe
  2⤵
  PID:9992
- C:\Windows\System\DtaJmhz.exe
  C:\Windows\System\DtaJmhz.exe
  2⤵
  PID:10044
- C:\Windows\System\esZqVha.exe
  C:\Windows\System\esZqVha.exe
  2⤵
  PID:10072
- C:\Windows\System\bORgHAs.exe
  C:\Windows\System\bORgHAs.exe
  2⤵
  PID:10092
- C:\Windows\System\CmDmfCB.exe
  C:\Windows\System\CmDmfCB.exe
  2⤵
  PID:10140
- C:\Windows\System\VRQKZly.exe
  C:\Windows\System\VRQKZly.exe
  2⤵
  PID:10156
- C:\Windows\System\PVxOeih.exe
  C:\Windows\System\PVxOeih.exe
  2⤵
  PID:10188
- C:\Windows\System\DSJJyIc.exe
  C:\Windows\System\DSJJyIc.exe
  2⤵
  PID:10220
- C:\Windows\System\TGwHjaG.exe
  C:\Windows\System\TGwHjaG.exe
  2⤵
  PID:8408
- C:\Windows\System\fWwlncS.exe
  C:\Windows\System\fWwlncS.exe
  2⤵
  PID:9332
- C:\Windows\System\rlxHhSC.exe
  C:\Windows\System\rlxHhSC.exe
  2⤵
  PID:9240
- C:\Windows\System\HwPFUbE.exe
  C:\Windows\System\HwPFUbE.exe
  2⤵
  PID:9340
- C:\Windows\System\uAjVaxj.exe
  C:\Windows\System\uAjVaxj.exe
  2⤵
  PID:9472
- C:\Windows\System\GpgVcwP.exe
  C:\Windows\System\GpgVcwP.exe
  2⤵
  PID:9560
- C:\Windows\System\wWerdOS.exe
  C:\Windows\System\wWerdOS.exe
  2⤵
  PID:9524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DzmZQHB.exe

Filesize
6.0MB

MD5
f869d5c1f8981acbcbc6f2e517b94f85

SHA1
9a08472b8f183499e6e609080d7da9c408b53ff4

SHA256
42e07f7825165870f309a40e1c399ff40748f903a8b9b828311dd343a3a7b8fb

SHA512
5470dc72bf24a337363abf590b53a853a0fdf2cd32a4d81c33967a8d8b9ddfab581d487bd3be2e53c7cd987eab0248b136f6d96d3ed63a15f8f91370e57fd62a

Download Submit
C:\Windows\system\ETXVIKD.exe

Filesize
6.0MB

MD5
ec80b828f1d30101be61c7563f640014

SHA1
8fb17f9f3b5e9321655d0e0b85cd443561f18331

SHA256
3331ef97580deac8e0a6698a1a37baa0e8fe325a35c189771e5fc7001429e557

SHA512
b02ad49264e90f8baaee1d17ccbe2c0c60683c93887f5032a2c0fd016630b305980348d409cc5c77ce82688199b3ecb33a04ceb042e8cdb7abec23d5c5eefc37

Download Submit
C:\Windows\system\EznJVux.exe

Filesize
6.0MB

MD5
375b9fcce047e2a132e92e99d6bf2f20

SHA1
47fd1001bfe2cc04e758c64c90520f425ff13cee

SHA256
0a3f117fa7b5de2b449f78223d92f507f63a3373c82b3494a24c3f8ea87a8890

SHA512
55e15fa2114d5c1b461f858826dca172f17fde183e0084f2e8ca3881d7b220425013067b93e3a84289b914566a0764ef29cc92811e33d57abbc00d0b36de85a1

Download Submit
C:\Windows\system\FGmyKOL.exe

Filesize
6.0MB

MD5
0e0bd7686af445f93efc4442a9f0b9d9

SHA1
4b7401bb3c55354edfccfc0749d95ec64b4192e7

SHA256
f644f66aa39561d1afab3e1298784cbd212e197aefd38c7da672c0c40e3c5d4e

SHA512
2ca0fdfc3c1129a8266728383c203d95c0a3e6798fea54b1346a7272ca6822170861a418b1959171c4f627fe8e9b38d847246596b55c0382b9ad028be0366065

Download Submit
C:\Windows\system\FTRCcmB.exe

Filesize
6.0MB

MD5
f1e3c83cc0ebe62b831f62c637df4b4e

SHA1
154a1fbf21378633c6099da8059b67652dcb1907

SHA256
4a1028bb79c928620be75e48529d2d872bf5512681f8a5e9c7489d0da190d837

SHA512
72b9de16ff4881f911b09f624bb6c0dd795c6f0b89517cc924b03ce63593e7cad3c62d091238d9de7f10ecef4a943d4b51b617bcaa60b05aab3b30f940140c26

Download Submit
C:\Windows\system\FtcOIRH.exe

Filesize
6.0MB

MD5
181169be513938d124d8e14d9a287fe8

SHA1
08d3597fc8bddde967772fe5c722e2f481ba32d2

SHA256
fab95187bc1132ddbd0326ff6400adba0f12be093cf580b41ec954fd253fbee0

SHA512
7285923b56f5109592081a3db471a6e714d686557593e1a42dea5e4824dcec922fc02bba3f7a0fdbf232a558aedadd3be65004243eda3e69c1695df6de2ef9bd

Download Submit
C:\Windows\system\HqNMagm.exe

Filesize
6.0MB

MD5
1439f9baffae51fa09f5952af98db91e

SHA1
53c4d3ed54c26ad0e089b2e54c33ef3142a318e4

SHA256
51cddf20256bb4c0c01937f69f1558174499969ec3de5baf84ef36d6e26dc4c0

SHA512
6e4213376f44ab087a48a6032e76b6f133396e8da4c0666e457c286e45851681231b4d2db20fca6cac7a42a77fca5b1bda645d785272976626ea2e4175a9c66f

Download Submit
C:\Windows\system\JnOqlzY.exe

Filesize
6.0MB

MD5
f8c903ed58039cb2e32c819c8fbda1e7

SHA1
bf2ec29e99ea6f2014b1f48e166c8b196893b8c5

SHA256
debf9d4bf4eb832cdb94d770c2593be08c594c46b7d88149238b3d59cd727774

SHA512
999e4186983bd7ac3f24e0c4a748d3df62c2022d99c90499dbf83e685c45c6d03ea6680a27bcb251930ebc6b4df0722b18b3ba204f0be41592b5d18d01f315b3

Download Submit
C:\Windows\system\KFAbvpu.exe

Filesize
6.0MB

MD5
6ab76e7612e61922212dcad2aab31306

SHA1
fc62c263a6c883903ee40eea96097c457151c210

SHA256
a2efaa365d7bd37a33b1ead0cc9de870276ffa5792a475661d478b69020649fe

SHA512
fc8890aaacb155a857315c11dc7a4e88a70043487707b669117a04836d3c98f61bba225ff06d11bb005719e7bef17f392b4ebf543c057b7ee268ae1174a212af

Download Submit
C:\Windows\system\NVDadBK.exe

Filesize
6.0MB

MD5
1187168e85f7aa39af97b108f15e1ca6

SHA1
0222e48951a3d09b363e66ca489376b8cd3108cc

SHA256
316bc47d43876a6be5c649bd9ab7488892e29a8f969bd6cb4203358b20c237e8

SHA512
a22a2e3da3d1f32eb6db2fc77f4e9e1540c6c2f614cf637e036edbd9f6a50b49a920335f6d253cd80cc3f9ba94eb5bed47310d8a7dc8d4a9b5876a3827024826

Download Submit
C:\Windows\system\NYOyxyN.exe

Filesize
6.0MB

MD5
0942af52d1fce0751061ef99e721f9ee

SHA1
024f9554b07095511bed41a1b3c821e15ba9b9b1

SHA256
50252c5d9ae8e4bdcad65c5c5493561e7c658ccd888bed32dd79854b27f11661

SHA512
44ee9837a6963ffee6ae2ccfc420e5a66ee5e2d15d1d7931f941e6bcd2dc24e8093dbd2cda95deda5039fd807860bf94d974d88c64a2dada535e53a2b391802c

Download Submit
C:\Windows\system\PlgQqXl.exe

Filesize
6.0MB

MD5
90dcd03261aecb96be1c61150c2b48f1

SHA1
799d4b3f96efda51335d26c44b71d8edb4668ddf

SHA256
335067bdbe793e8972645538e6ad05cdb869ee97d057250eec4148b0790c3dea

SHA512
d7d80849535a1e04740c3c20b01257957bf78ceddf78ae1e4d6a102ed37fc03f4e52ac10c11f6072480828f8bef9da89b1302b6098831f0ebe0517da1ba8ffaf

Download Submit
C:\Windows\system\WOkosCu.exe

Filesize
6.0MB

MD5
e1e17a29e244c2684297ffa644d77f77

SHA1
02d821bbd2ea614fd557dd06300d5fe6034ba8fc

SHA256
f31f1c3158d6627213b5718b72d390af69654d9c9384ba91e40aa3651bc10d14

SHA512
32da9d80a70be9faf5daea75c36e7fd300091fd77aa6d26efeb3ef611817a691c0f319b1365fbcde7fbb1c60857bd157012598d2a9d3462ddd55616ab633921c

Download Submit
C:\Windows\system\XKPGbdk.exe

Filesize
6.0MB

MD5
3d3a0807a39bc40cf4a0c1ef730cf32e

SHA1
5b395c89b0ee0a81827c6e0f0fdebaccd25b2f41

SHA256
2c81ab9b659ac845384803bfd213840afd5ca7f61d71b8935175c1669a1f131b

SHA512
d07bfb19a7613cc23302b26938cf0936ad7926e9ac6d54fcd64c1972ee485318fd50ac626a33a4e0b6caae41d226353eb953cacec1a3e7a69546acc91b52733b

Download Submit
C:\Windows\system\XoyggjG.exe

Filesize
6.0MB

MD5
8573b4595e19365c6254f8beafe5379d

SHA1
6e4c325d9cb50333811d59964ae6e181352a4da6

SHA256
71f74297b1ac51d9287d6ac9fb1cf64b6168e4638b3af697e42ae761dbd78b7b

SHA512
072a112aa2d727865541f062e7fe2165ba892440d02aa3bbae005f6e988a74c99c2ac1fd61e61f9bf77d96aee5b48446e75ae0df4ef45e827387b5d288d8ea35

Download Submit
C:\Windows\system\cNMcZJh.exe

Filesize
6.0MB

MD5
5ee1cfffec74de3831c12ad633612c5b

SHA1
cd303dd9e1d3c961d5f47c0838fe41d7f3b3d9f0

SHA256
1299f6b9d3dc515352a509912a13c5844464288366f766d4c986065ad33633b2

SHA512
bf9a7da5456e392af2eb69cf3c7074c0be4f45271c719d67b7d8bf07439587ab8ec0d7c8bd15cc7a70e2d221ddcb2ddeddb34508617f5f4d35184bad0258116b

Download Submit
C:\Windows\system\dKKufkd.exe

Filesize
6.0MB

MD5
d44f68b0b2e85fa0eb89fa2240959b7d

SHA1
d0f41d1ab294b2d8666c1ef97b1f049523d8237e

SHA256
3f0be63e4bae0362ad3a3430243e64afacb166a75ae3fa2a61f0ad63101b7ac2

SHA512
d536a5022569d56cb721c3491cfb2f4f3067379142ae188e26f5d41ed01afb45ecc5f00b1ba7ea74e0ed13852de63c097eefbc9d11af13de878dacf3406e1e56

Download Submit
C:\Windows\system\fVhnbWW.exe

Filesize
6.0MB

MD5
517fbb9c8dbf75ce72772d5bf6e6ef52

SHA1
bd1fc62991797170ce3f4e609eb16d091fcdcdd7

SHA256
7833d89f3da660916ae0d431cb238d78eefade820193de40a2a08450b161f27c

SHA512
e2c789c0c875db89fc39fc5caa2947637d349197e4f9bc78e95e8b5dee03a923c248033ee5974ef4401187162ae207f489fff209980754fd04c6053b641ae7c9

Download Submit
C:\Windows\system\nyOFUoE.exe

Filesize
6.0MB

MD5
b5c0855a4ce42e23eb9f63abdab5f0ba

SHA1
6a74d62c9d9b7940fb3de723282d1b925e4af7e6

SHA256
6599d49b07c8aba04982af2c23e84255b8d496ebcab5933a7071ef0065239217

SHA512
694dd20e44e847524391f441a9ad5a5caaf4e8882aca882ecd50c65746c7863ace84a2054da84f6dbe03f322cdeee48022dec7971fefdc07aae4690b85c14cfc

Download Submit
C:\Windows\system\qObnwkU.exe

Filesize
6.0MB

MD5
8dd6ea3e3eab20f8caf1aaa0e90f8b26

SHA1
1a4590136ad8b4b9639459134657846c7b81d17e

SHA256
f5e25f8efc381162749d90b272ada70549df5fb7a127bc1757a34450e7c9ddbd

SHA512
1bcab81629ac1dfd579473763030d6d1d991032f5169d293630e12124094bbd19e4e30f61535ed2e9b5170ad910a50f24a20dc35a1bca2ee0f3959ca899922fa

Download Submit
C:\Windows\system\rHEGOKw.exe

Filesize
6.0MB

MD5
2228392e73357d6ccf3e285d2cb7d89b

SHA1
2632ae2d69bab1b5bc45f0ce9620b2cf0a94244d

SHA256
e2f3aabc48c34c8366089623ff80d7b13ae8786977dbb1e82a4c61caa9b8261c

SHA512
4a18f0cc7877902af9e29490383330c195f464c0acf480621999566356404cb42a5aa7761f32471dbe52c9d10436371e645f26f76d78d8ef55b49f2897c1fe98

Download Submit
C:\Windows\system\rUwqTXO.exe

Filesize
6.0MB

MD5
359cd17d06a2f2ba3441e8176f1c05dd

SHA1
e3316ed2b5ff336d6efd06853f771bc0297ae131

SHA256
c83f53053a7340630feb5d1227cae0b8010fb04efbf663abd7c8197f2390a8dd

SHA512
dd09b4f1debfa7bacbd57e4079e4f2cffb1344651e26ebb68f1ab0dd19971be881026ded8a2d30e52694c7e9ababcdcddae6992daa5c4fb626d3f070f5638ebf

Download Submit
C:\Windows\system\sTZseWm.exe

Filesize
6.0MB

MD5
9c76bcd7c0f2145ef6813947ec97a181

SHA1
83606b501656432bc78baf5870a1865cd9717b4a

SHA256
c67b85cc655fadc3de7675edb301b8de291187d5b9188d8d9c8f6594f0174f1a

SHA512
0ef21ba7ae8b0c48cd0483fa4c5945a6c5041ec3925e8e0b73755bbba93b9b9cf7e991f2dc981a9b279a7926b7c7ef3215d6d18016621c1b1dc654c7858eaf50

Download Submit
C:\Windows\system\tcrXEGs.exe

Filesize
6.0MB

MD5
15f5915644b198a0fcdd4f23eb4f9fd1

SHA1
00cb1a94d8e63d0731e37e263ccbe062981fabbb

SHA256
b60831f195d377d5e78381b4b5c102d2aee0d8fee14c4d148701f04ee8dd8481

SHA512
591ff876d080ff49759c177344b04c9ed6180ee90c2f4a9c4397016133cf636940fcc3a6f094c9735e8cd62b1644c8554b6dd6e2d5c5cc6c1b123a8e596a396e

Download Submit
C:\Windows\system\twznfWp.exe

Filesize
6.0MB

MD5
f8c230f15d48247b9b7c879c6742c82e

SHA1
1e21dd60748e7c8044b9ece756bb22db55a2fcb8

SHA256
11da745b4071b60d92fedf45c1df2198c51ad6806cfa87d450ae97fcaf58f0f4

SHA512
dd14a8ce2dd445de8ef660c524889009e9862b90243f34cb0076e87193dea4db5d3a02a6554a978c2da776ef7d3edf211614974bebe3f4828a226da96b2291d5

Download Submit
C:\Windows\system\vyqllpk.exe

Filesize
6.0MB

MD5
1037617169fbc92a1197d4adcdf0932a

SHA1
06f542b34f53ed52a9bb507a0d28c7938ee512a1

SHA256
50e2f1eac07762d6ec02a6e35a31cf58fe1885d1dab89b06245f68d0ff1f0d0b

SHA512
35fd9fdc2224d03a04c898f897f03a9e65376783857af916a192ebfab9b49b57f46dd6b6e3f0742fe19cfb2c2f8a46f62752341e6eb93559b13815aa864649cf

Download Submit
C:\Windows\system\zhkJjOh.exe

Filesize
6.0MB

MD5
3cc860c008acfea4cb6985598dfd2915

SHA1
a343295f32648341a50693a0845a5219fada4bde

SHA256
37282492b7e97434e2fb0b000f6ecf42d99913ffe985f46b9543f899cd83e6d7

SHA512
030290c5d3ddf5b88361c3fc856e7280a96de6036732dc80fcb581ef9b215ae088dec20c12a14ab5f7e986dfd089eb1b250911497baf56bd7f46e71401a9e315

Download Submit
\Windows\system\KUncApg.exe

Filesize
6.0MB

MD5
b93d90e171ef8c68578d1d2e101c2da3

SHA1
0e87777b123e5b0459c0f9d6819e0c9b07af0fc8

SHA256
57feed2b1df06541ed2abecba4d48d55ee55f9c0393862d1d13643cc52a2432f

SHA512
4f4e0ebca745612c90ab4a614de9209047b3ee0102eebdf243dd55bf24aec4215c7f872dc2795a867b72a4ae8cd6ed03aa6f7aaf748373f04d4f72f2c488a163

Download Submit
\Windows\system\LkwIYgo.exe

Filesize
6.0MB

MD5
5003f21434d06ddb0edd6f30d80d583b

SHA1
48c01b783bcdb4b42bfa27b1d423af5b4cd5456c

SHA256
4b09cb28265b62aed04c6abe0366e5e9ece0320a295da0a4e4c6c233989f1bff

SHA512
e7ea590b7f88f3ce0a1d798da8fca0f2166bc155777028780fba428dd993afd9cb70530cb7177de56142f0ba3bf7c6e8d160a1d1c1693e91e3f78818802e8830

Download Submit
\Windows\system\PzPpZcn.exe

Filesize
6.0MB

MD5
e83415349f229a4e94527753dc28ad21

SHA1
a2cfccaa18fe5308e4e96735365c163d1d7823fc

SHA256
de713d9ef7a9a2d5b792688443dcdb9fce21e3a5ea618d37c42a896f97001711

SHA512
5e8d5007a9a41221a3b4d7612ed6de0f59af2a7745e2cf86ced8b8f8d1120bfa511dd13230cca736be6cf2fd90775e19f5d2eef28b2bbc0c0e1bdf844f6977e3

Download Submit
\Windows\system\UGPdBZL.exe

Filesize
6.0MB

MD5
4828efb918712c07cb54d35305d33725

SHA1
1a4ff40dd447c19da8b7967337b0d5de7f8c7645

SHA256
2c98de5d664b62a1f03841fcb32dc93e0bbc844b0451f07183ee986dbe8d1bab

SHA512
bdd8acf8634cf2b71f4db112b259657c93619ade7648c50f4934abf484d9ca1c5001c1614b6797afca4f1ad8b38f77e72f625d7c22fe6eba1b8420dcf6d51941

Download Submit
\Windows\system\YNxMauK.exe

Filesize
6.0MB

MD5
f1cfcff9d1b263dd8b9be2f8d00f2808

SHA1
d1c0217e95e40c0d32d8d03d0baa1670a200dfce

SHA256
127ae2482fc148451bdb4c20440c28a5f012b453e1b1851484967f242f0d0f64

SHA512
84a063d67c9e3c2e15915a25e88b1359d57eed75a672a18cefba79d5dcdba8ebf6e52d267c114c771fac57b6332fc7f620a9479fa442c0cd65cd885531f1d563

Download Submit
\Windows\system\yuAOKxQ.exe

Filesize
6.0MB

MD5
f7e7118711f602aa1305bd1c417268f2

SHA1
0192dde6721ed3fd337391c391313311ce28a988

SHA256
071850fd9b99cad2f1b6201d07ee675413b899b2d52d044c511d9661d98d3ce5

SHA512
2d23d4ed1796809acf3736e8e6aa9bd92905279a25ddc843aec4c21bc7e4fa7c96af90ae61cddddabffcec25cfae0f0f2693bc2ac75251631e2219da0b9a4767

Download Submit
memory/1364-190-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-4081-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-4207-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1856-196-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2052-192-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3847-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2200-4080-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2200-194-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4082-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-182-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-4122-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-188-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-178-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4210-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-176-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4206-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2560-169-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2576-184-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3840-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-186-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4078-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4209-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-180-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-173-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4083-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-197-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1224-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2812-185-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-0-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2812-187-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-189-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-191-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2812-193-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2812-195-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2812-181-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-198-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-175-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-172-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1093-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2812-179-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1121-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-183-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-177-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1225-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1212-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1332-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3040-4079-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-137-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download