cobaltstrike | b0b5870e5ca3a194df6c7031117aace6982cff3d106c796d0241e6facc4f0932

Analysis

max time kernel
134s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

6bcec926b2a2ff5e96d0c5129423a6e6
SHA1

e7681031d52d8476b1863f631e22823e591380c3
SHA256

b0b5870e5ca3a194df6c7031117aace6982cff3d106c796d0241e6facc4f0932
SHA512

d2eb1e8c37de72fa002313897ee25f9c884f9ff3b7c9bb0cbcb483010f3e2c3522703426fc239198a1c6378aea1a97cc0c538859b986b0c1377c0ddaa2aa72f9
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUV:j+R56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932d-17.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-21.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-53.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-48.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-42.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939b-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019374-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2188-0-0x000000013F240000-0x000000013F58D000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-6.dat	xmrig
behavioral1/files/0x000700000001930d-10.dat	xmrig
behavioral1/memory/2772-14-0x000000013F440000-0x000000013F78D000-memory.dmp	xmrig
behavioral1/files/0x000700000001932d-17.dat	xmrig
behavioral1/memory/2692-11-0x000000013F6A0000-0x000000013F9ED000-memory.dmp	xmrig
behavioral1/files/0x000600000001933b-21.dat	xmrig
behavioral1/memory/2444-31-0x000000013F510000-0x000000013F85D000-memory.dmp	xmrig
behavioral1/memory/2996-37-0x000000013F650000-0x000000013F99D000-memory.dmp	xmrig
behavioral1/memory/2612-55-0x000000013F640000-0x000000013F98D000-memory.dmp	xmrig
behavioral1/memory/1876-67-0x000000013F460000-0x000000013F7AD000-memory.dmp	xmrig
behavioral1/memory/2324-79-0x000000013F320000-0x000000013F66D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09e-83.dat	xmrig
behavioral1/memory/2100-91-0x000000013F300000-0x000000013F64D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-108.dat	xmrig
behavioral1/memory/1432-193-0x000000013FC00000-0x000000013FF4D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b7-192.dat	xmrig
behavioral1/memory/1908-178-0x000000013FBE0000-0x000000013FF2D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-177.dat	xmrig
behavioral1/files/0x000500000001a4b3-173.dat	xmrig
behavioral1/memory/2468-187-0x000000013F350000-0x000000013F69D000-memory.dmp	xmrig
behavioral1/memory/2684-184-0x000000013F540000-0x000000013F88D000-memory.dmp	xmrig
behavioral1/memory/536-157-0x000000013FEC0000-0x000000014020D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-156.dat	xmrig
behavioral1/files/0x000500000001a48d-143.dat	xmrig
behavioral1/files/0x000500000001a4b5-183.dat	xmrig
behavioral1/memory/1276-172-0x000000013FB10000-0x000000013FE5D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-171.dat	xmrig
behavioral1/memory/2332-163-0x000000013F200000-0x000000013F54D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a9-160.dat	xmrig
behavioral1/memory/2136-151-0x000000013FDB0000-0x00000001400FD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a499-150.dat	xmrig
behavioral1/memory/2940-139-0x000000013FA20000-0x000000013FD6D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48b-137.dat	xmrig
behavioral1/memory/2124-133-0x000000013F080000-0x000000013F3CD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-131.dat	xmrig
behavioral1/memory/1020-127-0x000000013F5A0000-0x000000013F8ED000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-125.dat	xmrig
behavioral1/memory/996-121-0x000000013F410000-0x000000013F75D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-119.dat	xmrig
behavioral1/memory/1652-115-0x000000013F1B0000-0x000000013F4FD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-113.dat	xmrig
behavioral1/memory/1884-103-0x000000013F070000-0x000000013F3BD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-101.dat	xmrig
behavioral1/memory/1520-97-0x000000013FE60000-0x00000001401AD000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-95.dat	xmrig
behavioral1/files/0x000500000001a307-89.dat	xmrig
behavioral1/memory/3064-85-0x000000013F5E0000-0x000000013F92D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07e-77.dat	xmrig
behavioral1/memory/2648-73-0x000000013F050000-0x000000013F39D000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-71.dat	xmrig
behavioral1/files/0x0005000000019f94-65.dat	xmrig
behavioral1/memory/2256-61-0x000000013FA00000-0x000000013FD4D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f8a-60.dat	xmrig
behavioral1/files/0x0005000000019dbf-53.dat	xmrig
behavioral1/memory/2056-49-0x000000013FE90000-0x00000001401DD000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b5-48.dat	xmrig
behavioral1/memory/2868-43-0x000000013F9A0000-0x000000013FCED000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-42.dat	xmrig
behavioral1/files/0x000600000001939b-35.dat	xmrig
behavioral1/memory/3044-29-0x000000013FAF0000-0x000000013FE3D000-memory.dmp	xmrig
behavioral1/files/0x0006000000019374-28.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2692	gwoZLux.exe
2772	ssIvczn.exe
2860	FVkyadu.exe
3044	LUTkvqb.exe
2444	UauVdSt.exe
2996	jzCVYTn.exe
2868	fiPsYUH.exe
2056	nNuzLmH.exe
2612	psiDqgf.exe
2256	YsdVXkK.exe
1876	PSalPfC.exe
2648	QoxcEce.exe
2324	tmWPpXY.exe
3064	RcgUAyV.exe
2100	vYRMFqW.exe
1520	BbEKVnY.exe
1884	nIZMBeH.exe
296	iayBZyI.exe
1652	sYACPDY.exe
996	hyaFXIU.exe
1020	AgOBbNg.exe
2124	EvknAUh.exe
2940	RpjnJiD.exe
1300	YERqWKw.exe
2136	mlejaQQ.exe
536	wqTANga.exe
2332	EzinJDX.exe
1276	eXszuCW.exe
1908	qpGSaAr.exe
2684	hvMlqOi.exe
2468	lKUWOlk.exe
1432	jhQEESp.exe
1436	xzYzEix.exe
2540	AZthMXZ.exe
1608	zCrHeKC.exe
1796	lxGaJYs.exe
2244	ihexeqv.exe
264	DGIyrYj.exe
1592	qwzCfVD.exe
2496	wNHyPdk.exe
2196	YPpwZEG.exe
2508	TMBiSQk.exe
1720	lZYesOu.exe
2388	KwuyyAl.exe
316	MZBzzIo.exe
1460	dETgCyk.exe
2068	HRmPYwj.exe
1596	eKuyaec.exe
2712	oeFlRmn.exe
2392	lUGRdXA.exe
3004	SrHqoiA.exe
1940	EzFftDE.exe
2752	uPfoOSc.exe
2568	tmSIauw.exe
1844	HuYYKgR.exe
1260	vSRXQKb.exe
2088	ZdYYOvE.exe
2064	nhlbuWU.exe
2092	zXLJQAF.exe
2480	GdrzyDl.exe
1976	lCzuLfG.exe
948	pvojEMS.exe
2344	sMFNJaK.exe
2076	YwitbRV.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bZwJVrq.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JahZjHi.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boIIqur.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkwcmOH.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqeWHju.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SftSELV.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaqRdsx.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmCOKyN.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njxVqVS.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJVCOcy.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZKahOi.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPnhnxN.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVnaKRa.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFWVYMJ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnVIFaa.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIfXqeb.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjPkGBH.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrHfphB.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCPycAa.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSLpkry.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmopVfk.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVdJGSS.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THNxTKS.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JezXyeU.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqYwXsO.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIzFMvZ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAWRddk.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKUWOlk.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeQNGLU.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qATXNRC.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnExojG.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBKLmLF.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltCyuYJ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFBEyJC.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRXRRMT.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKZjqDu.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVsQgqo.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xaqaLCg.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyAoKXH.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxygptJ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJfjUNw.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQEJqzR.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUjbRbJ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYCmzXS.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBowFsh.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CozSBNA.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAaCDVg.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwVqRsI.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYqyhYe.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTHMRog.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJGxtEE.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwDnhtx.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcpKzTN.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLeVeop.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMkfaTO.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsSSTBl.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGmPIFz.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdtabNj.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUitBnw.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAAsnCv.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcKzSff.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZkYBxj.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XziLJKB.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeFCtzZ.exe	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2692	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2692	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2692	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2188 wrote to memory of 2772	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2772	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2772	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2188 wrote to memory of 2860	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2860	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 2860	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2188 wrote to memory of 3044	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 3044	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 3044	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2188 wrote to memory of 2444	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2444	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2444	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2188 wrote to memory of 2996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 2996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 2996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2188 wrote to memory of 2868	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2868	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2868	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2188 wrote to memory of 2056	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2056	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2056	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2188 wrote to memory of 2612	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2612	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2612	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2188 wrote to memory of 2256	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 2256	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 2256	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2188 wrote to memory of 1876	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1876	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 1876	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2188 wrote to memory of 2648	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2648	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2648	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2188 wrote to memory of 2324	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2324	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 2324	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2188 wrote to memory of 3064	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 3064	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 3064	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2188 wrote to memory of 2100	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2100	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 2100	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2188 wrote to memory of 1520	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 1520	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 1520	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2188 wrote to memory of 1884	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1884	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 1884	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2188 wrote to memory of 296	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 296	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 296	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2188 wrote to memory of 1652	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 1652	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 1652	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2188 wrote to memory of 996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 996	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2188 wrote to memory of 1020	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 1020	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 1020	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2188 wrote to memory of 2124	2188	2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_6bcec926b2a2ff5e96d0c5129423a6e6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System\gwoZLux.exe
  C:\Windows\System\gwoZLux.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ssIvczn.exe
  C:\Windows\System\ssIvczn.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FVkyadu.exe
  C:\Windows\System\FVkyadu.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\LUTkvqb.exe
  C:\Windows\System\LUTkvqb.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\UauVdSt.exe
  C:\Windows\System\UauVdSt.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\jzCVYTn.exe
  C:\Windows\System\jzCVYTn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\fiPsYUH.exe
  C:\Windows\System\fiPsYUH.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\nNuzLmH.exe
  C:\Windows\System\nNuzLmH.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\psiDqgf.exe
  C:\Windows\System\psiDqgf.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\YsdVXkK.exe
  C:\Windows\System\YsdVXkK.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\PSalPfC.exe
  C:\Windows\System\PSalPfC.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\QoxcEce.exe
  C:\Windows\System\QoxcEce.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\tmWPpXY.exe
  C:\Windows\System\tmWPpXY.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\RcgUAyV.exe
  C:\Windows\System\RcgUAyV.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\vYRMFqW.exe
  C:\Windows\System\vYRMFqW.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\BbEKVnY.exe
  C:\Windows\System\BbEKVnY.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\nIZMBeH.exe
  C:\Windows\System\nIZMBeH.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\iayBZyI.exe
  C:\Windows\System\iayBZyI.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\sYACPDY.exe
  C:\Windows\System\sYACPDY.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\hyaFXIU.exe
  C:\Windows\System\hyaFXIU.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\AgOBbNg.exe
  C:\Windows\System\AgOBbNg.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\EvknAUh.exe
  C:\Windows\System\EvknAUh.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\RpjnJiD.exe
  C:\Windows\System\RpjnJiD.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\YERqWKw.exe
  C:\Windows\System\YERqWKw.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\mlejaQQ.exe
  C:\Windows\System\mlejaQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\wqTANga.exe
  C:\Windows\System\wqTANga.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\EzinJDX.exe
  C:\Windows\System\EzinJDX.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qpGSaAr.exe
  C:\Windows\System\qpGSaAr.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\eXszuCW.exe
  C:\Windows\System\eXszuCW.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\lKUWOlk.exe
  C:\Windows\System\lKUWOlk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\hvMlqOi.exe
  C:\Windows\System\hvMlqOi.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\jhQEESp.exe
  C:\Windows\System\jhQEESp.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\xzYzEix.exe
  C:\Windows\System\xzYzEix.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\AZthMXZ.exe
  C:\Windows\System\AZthMXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\zCrHeKC.exe
  C:\Windows\System\zCrHeKC.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\lxGaJYs.exe
  C:\Windows\System\lxGaJYs.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ihexeqv.exe
  C:\Windows\System\ihexeqv.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\DGIyrYj.exe
  C:\Windows\System\DGIyrYj.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\qwzCfVD.exe
  C:\Windows\System\qwzCfVD.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\wNHyPdk.exe
  C:\Windows\System\wNHyPdk.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\YPpwZEG.exe
  C:\Windows\System\YPpwZEG.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TMBiSQk.exe
  C:\Windows\System\TMBiSQk.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\lZYesOu.exe
  C:\Windows\System\lZYesOu.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\KwuyyAl.exe
  C:\Windows\System\KwuyyAl.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MZBzzIo.exe
  C:\Windows\System\MZBzzIo.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\dETgCyk.exe
  C:\Windows\System\dETgCyk.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\HRmPYwj.exe
  C:\Windows\System\HRmPYwj.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\eKuyaec.exe
  C:\Windows\System\eKuyaec.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\oeFlRmn.exe
  C:\Windows\System\oeFlRmn.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\lUGRdXA.exe
  C:\Windows\System\lUGRdXA.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\SrHqoiA.exe
  C:\Windows\System\SrHqoiA.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\EzFftDE.exe
  C:\Windows\System\EzFftDE.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\uPfoOSc.exe
  C:\Windows\System\uPfoOSc.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\tmSIauw.exe
  C:\Windows\System\tmSIauw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\HuYYKgR.exe
  C:\Windows\System\HuYYKgR.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\nhlbuWU.exe
  C:\Windows\System\nhlbuWU.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\vSRXQKb.exe
  C:\Windows\System\vSRXQKb.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\GdrzyDl.exe
  C:\Windows\System\GdrzyDl.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ZdYYOvE.exe
  C:\Windows\System\ZdYYOvE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\lCzuLfG.exe
  C:\Windows\System\lCzuLfG.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\zXLJQAF.exe
  C:\Windows\System\zXLJQAF.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\sMFNJaK.exe
  C:\Windows\System\sMFNJaK.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\pvojEMS.exe
  C:\Windows\System\pvojEMS.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\YwitbRV.exe
  C:\Windows\System\YwitbRV.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\HtURPER.exe
  C:\Windows\System\HtURPER.exe
  2⤵
  PID:924
- C:\Windows\System\joVhHru.exe
  C:\Windows\System\joVhHru.exe
  2⤵
  PID:1396
- C:\Windows\System\XRCJYHB.exe
  C:\Windows\System\XRCJYHB.exe
  2⤵
  PID:1600
- C:\Windows\System\cKELyAH.exe
  C:\Windows\System\cKELyAH.exe
  2⤵
  PID:1556
- C:\Windows\System\axQbUcx.exe
  C:\Windows\System\axQbUcx.exe
  2⤵
  PID:1204
- C:\Windows\System\NguadEB.exe
  C:\Windows\System\NguadEB.exe
  2⤵
  PID:2180
- C:\Windows\System\ellOovR.exe
  C:\Windows\System\ellOovR.exe
  2⤵
  PID:1152
- C:\Windows\System\wVehrDz.exe
  C:\Windows\System\wVehrDz.exe
  2⤵
  PID:2300
- C:\Windows\System\TitCKqq.exe
  C:\Windows\System\TitCKqq.exe
  2⤵
  PID:1656
- C:\Windows\System\sfaqocf.exe
  C:\Windows\System\sfaqocf.exe
  2⤵
  PID:544
- C:\Windows\System\QgYvBpO.exe
  C:\Windows\System\QgYvBpO.exe
  2⤵
  PID:2396
- C:\Windows\System\NTabpYT.exe
  C:\Windows\System\NTabpYT.exe
  2⤵
  PID:2236
- C:\Windows\System\ASrjbkA.exe
  C:\Windows\System\ASrjbkA.exe
  2⤵
  PID:2148
- C:\Windows\System\srGoUBR.exe
  C:\Windows\System\srGoUBR.exe
  2⤵
  PID:2740
- C:\Windows\System\WrEPIym.exe
  C:\Windows\System\WrEPIym.exe
  2⤵
  PID:2380
- C:\Windows\System\SgrELhc.exe
  C:\Windows\System\SgrELhc.exe
  2⤵
  PID:2636
- C:\Windows\System\tdFsQnf.exe
  C:\Windows\System\tdFsQnf.exe
  2⤵
  PID:1540
- C:\Windows\System\VVEuvvf.exe
  C:\Windows\System\VVEuvvf.exe
  2⤵
  PID:2116
- C:\Windows\System\MVAdDoK.exe
  C:\Windows\System\MVAdDoK.exe
  2⤵
  PID:1588
- C:\Windows\System\LxpXfCi.exe
  C:\Windows\System\LxpXfCi.exe
  2⤵
  PID:1916
- C:\Windows\System\ohfBNHs.exe
  C:\Windows\System\ohfBNHs.exe
  2⤵
  PID:3096
- C:\Windows\System\BBhxUEM.exe
  C:\Windows\System\BBhxUEM.exe
  2⤵
  PID:3116
- C:\Windows\System\sgayOcT.exe
  C:\Windows\System\sgayOcT.exe
  2⤵
  PID:3132
- C:\Windows\System\knmzdXZ.exe
  C:\Windows\System\knmzdXZ.exe
  2⤵
  PID:3156
- C:\Windows\System\sJOwGsE.exe
  C:\Windows\System\sJOwGsE.exe
  2⤵
  PID:3176
- C:\Windows\System\JMhuveK.exe
  C:\Windows\System\JMhuveK.exe
  2⤵
  PID:3192
- C:\Windows\System\ByyQHjS.exe
  C:\Windows\System\ByyQHjS.exe
  2⤵
  PID:3208
- C:\Windows\System\aEhqLUp.exe
  C:\Windows\System\aEhqLUp.exe
  2⤵
  PID:3224
- C:\Windows\System\QiiGIAD.exe
  C:\Windows\System\QiiGIAD.exe
  2⤵
  PID:3244
- C:\Windows\System\rBILiYS.exe
  C:\Windows\System\rBILiYS.exe
  2⤵
  PID:3264
- C:\Windows\System\WCmRcEG.exe
  C:\Windows\System\WCmRcEG.exe
  2⤵
  PID:3284
- C:\Windows\System\mvSEdYE.exe
  C:\Windows\System\mvSEdYE.exe
  2⤵
  PID:3312
- C:\Windows\System\wOmOAvk.exe
  C:\Windows\System\wOmOAvk.exe
  2⤵
  PID:3328
- C:\Windows\System\hsBnYnW.exe
  C:\Windows\System\hsBnYnW.exe
  2⤵
  PID:3352
- C:\Windows\System\maEFNdh.exe
  C:\Windows\System\maEFNdh.exe
  2⤵
  PID:3368
- C:\Windows\System\xdRgVdD.exe
  C:\Windows\System\xdRgVdD.exe
  2⤵
  PID:3392
- C:\Windows\System\utpNQCa.exe
  C:\Windows\System\utpNQCa.exe
  2⤵
  PID:3416
- C:\Windows\System\JqLaEJU.exe
  C:\Windows\System\JqLaEJU.exe
  2⤵
  PID:3432
- C:\Windows\System\njxVqVS.exe
  C:\Windows\System\njxVqVS.exe
  2⤵
  PID:3448
- C:\Windows\System\pMTHYuA.exe
  C:\Windows\System\pMTHYuA.exe
  2⤵
  PID:3480
- C:\Windows\System\cWUVfyd.exe
  C:\Windows\System\cWUVfyd.exe
  2⤵
  PID:3496
- C:\Windows\System\RIPVWWr.exe
  C:\Windows\System\RIPVWWr.exe
  2⤵
  PID:3512
- C:\Windows\System\UNPRNGw.exe
  C:\Windows\System\UNPRNGw.exe
  2⤵
  PID:3528
- C:\Windows\System\wHEWCtr.exe
  C:\Windows\System\wHEWCtr.exe
  2⤵
  PID:3552
- C:\Windows\System\jsRaXhs.exe
  C:\Windows\System\jsRaXhs.exe
  2⤵
  PID:3568
- C:\Windows\System\qadltSJ.exe
  C:\Windows\System\qadltSJ.exe
  2⤵
  PID:3588
- C:\Windows\System\BSLpkry.exe
  C:\Windows\System\BSLpkry.exe
  2⤵
  PID:3608
- C:\Windows\System\JctWvao.exe
  C:\Windows\System\JctWvao.exe
  2⤵
  PID:3680
- C:\Windows\System\mhTgUmd.exe
  C:\Windows\System\mhTgUmd.exe
  2⤵
  PID:3860
- C:\Windows\System\FVjSpwz.exe
  C:\Windows\System\FVjSpwz.exe
  2⤵
  PID:3884
- C:\Windows\System\mLilOQG.exe
  C:\Windows\System\mLilOQG.exe
  2⤵
  PID:3900
- C:\Windows\System\FwajWpm.exe
  C:\Windows\System\FwajWpm.exe
  2⤵
  PID:3920
- C:\Windows\System\xVZxnam.exe
  C:\Windows\System\xVZxnam.exe
  2⤵
  PID:3948
- C:\Windows\System\FRpgCZJ.exe
  C:\Windows\System\FRpgCZJ.exe
  2⤵
  PID:3972
- C:\Windows\System\HCbolbW.exe
  C:\Windows\System\HCbolbW.exe
  2⤵
  PID:3988
- C:\Windows\System\PnVoXkV.exe
  C:\Windows\System\PnVoXkV.exe
  2⤵
  PID:4008
- C:\Windows\System\OBlUmUs.exe
  C:\Windows\System\OBlUmUs.exe
  2⤵
  PID:4036
- C:\Windows\System\RsVRbki.exe
  C:\Windows\System\RsVRbki.exe
  2⤵
  PID:4056
- C:\Windows\System\QRUvwRU.exe
  C:\Windows\System\QRUvwRU.exe
  2⤵
  PID:4080
- C:\Windows\System\eOSKKgl.exe
  C:\Windows\System\eOSKKgl.exe
  2⤵
  PID:1860
- C:\Windows\System\FgTXAGe.exe
  C:\Windows\System\FgTXAGe.exe
  2⤵
  PID:1244
- C:\Windows\System\MkYggyA.exe
  C:\Windows\System\MkYggyA.exe
  2⤵
  PID:2524
- C:\Windows\System\yAAyGJN.exe
  C:\Windows\System\yAAyGJN.exe
  2⤵
  PID:976
- C:\Windows\System\OPVfnxZ.exe
  C:\Windows\System\OPVfnxZ.exe
  2⤵
  PID:2428
- C:\Windows\System\eGICHMy.exe
  C:\Windows\System\eGICHMy.exe
  2⤵
  PID:1480
- C:\Windows\System\kiZbETv.exe
  C:\Windows\System\kiZbETv.exe
  2⤵
  PID:2872
- C:\Windows\System\ToNnNOA.exe
  C:\Windows\System\ToNnNOA.exe
  2⤵
  PID:2560
- C:\Windows\System\nzFYGwp.exe
  C:\Windows\System\nzFYGwp.exe
  2⤵
  PID:3112
- C:\Windows\System\QawQumJ.exe
  C:\Windows\System\QawQumJ.exe
  2⤵
  PID:3188
- C:\Windows\System\eGudGrZ.exe
  C:\Windows\System\eGudGrZ.exe
  2⤵
  PID:3260
- C:\Windows\System\QwTleri.exe
  C:\Windows\System\QwTleri.exe
  2⤵
  PID:3304
- C:\Windows\System\CvQGNvT.exe
  C:\Windows\System\CvQGNvT.exe
  2⤵
  PID:3344
- C:\Windows\System\XVHnaNW.exe
  C:\Windows\System\XVHnaNW.exe
  2⤵
  PID:3380
- C:\Windows\System\tcEPcAU.exe
  C:\Windows\System\tcEPcAU.exe
  2⤵
  PID:3428
- C:\Windows\System\BZcbiXG.exe
  C:\Windows\System\BZcbiXG.exe
  2⤵
  PID:2624
- C:\Windows\System\cxLPzTh.exe
  C:\Windows\System\cxLPzTh.exe
  2⤵
  PID:2512
- C:\Windows\System\vcandFw.exe
  C:\Windows\System\vcandFw.exe
  2⤵
  PID:3476
- C:\Windows\System\uloiFSq.exe
  C:\Windows\System\uloiFSq.exe
  2⤵
  PID:1496
- C:\Windows\System\QBOcnzn.exe
  C:\Windows\System\QBOcnzn.exe
  2⤵
  PID:2840
- C:\Windows\System\HrkCbIq.exe
  C:\Windows\System\HrkCbIq.exe
  2⤵
  PID:3620
- C:\Windows\System\uFVFnOx.exe
  C:\Windows\System\uFVFnOx.exe
  2⤵
  PID:2956
- C:\Windows\System\BusCwoN.exe
  C:\Windows\System\BusCwoN.exe
  2⤵
  PID:2928
- C:\Windows\System\ZkOglKE.exe
  C:\Windows\System\ZkOglKE.exe
  2⤵
  PID:1456
- C:\Windows\System\PBgpsXG.exe
  C:\Windows\System\PBgpsXG.exe
  2⤵
  PID:3240
- C:\Windows\System\FvnIadE.exe
  C:\Windows\System\FvnIadE.exe
  2⤵
  PID:3668
- C:\Windows\System\MXBABxM.exe
  C:\Windows\System\MXBABxM.exe
  2⤵
  PID:3412
- C:\Windows\System\tYEujgt.exe
  C:\Windows\System\tYEujgt.exe
  2⤵
  PID:3520
- C:\Windows\System\JMwffJq.exe
  C:\Windows\System\JMwffJq.exe
  2⤵
  PID:3604
- C:\Windows\System\oYCmzXS.exe
  C:\Windows\System\oYCmzXS.exe
  2⤵
  PID:3440
- C:\Windows\System\aBEKUMI.exe
  C:\Windows\System\aBEKUMI.exe
  2⤵
  PID:3320
- C:\Windows\System\TOrlZUX.exe
  C:\Windows\System\TOrlZUX.exe
  2⤵
  PID:3232
- C:\Windows\System\FMXbtiF.exe
  C:\Windows\System\FMXbtiF.exe
  2⤵
  PID:3080
- C:\Windows\System\WrOshVf.exe
  C:\Windows\System\WrOshVf.exe
  2⤵
  PID:2764
- C:\Windows\System\tJquDhp.exe
  C:\Windows\System\tJquDhp.exe
  2⤵
  PID:1672
- C:\Windows\System\rUxSHEs.exe
  C:\Windows\System\rUxSHEs.exe
  2⤵
  PID:1576
- C:\Windows\System\SIqUoiK.exe
  C:\Windows\System\SIqUoiK.exe
  2⤵
  PID:3908
- C:\Windows\System\GZwBgHU.exe
  C:\Windows\System\GZwBgHU.exe
  2⤵
  PID:4088
- C:\Windows\System\JBUELbE.exe
  C:\Windows\System\JBUELbE.exe
  2⤵
  PID:2140
- C:\Windows\System\uzanDnU.exe
  C:\Windows\System\uzanDnU.exe
  2⤵
  PID:3756
- C:\Windows\System\wdgnZob.exe
  C:\Windows\System\wdgnZob.exe
  2⤵
  PID:3776
- C:\Windows\System\jXFMOCk.exe
  C:\Windows\System\jXFMOCk.exe
  2⤵
  PID:3792
- C:\Windows\System\tKZjqDu.exe
  C:\Windows\System\tKZjqDu.exe
  2⤵
  PID:3088
- C:\Windows\System\aqfYKmM.exe
  C:\Windows\System\aqfYKmM.exe
  2⤵
  PID:3824
- C:\Windows\System\jysIcWk.exe
  C:\Windows\System\jysIcWk.exe
  2⤵
  PID:3676
- C:\Windows\System\ykXiBXu.exe
  C:\Windows\System\ykXiBXu.exe
  2⤵
  PID:3400
- C:\Windows\System\kmuTVoy.exe
  C:\Windows\System\kmuTVoy.exe
  2⤵
  PID:3836
- C:\Windows\System\jnIzNHu.exe
  C:\Windows\System\jnIzNHu.exe
  2⤵
  PID:3848
- C:\Windows\System\UelGiJu.exe
  C:\Windows\System\UelGiJu.exe
  2⤵
  PID:3856
- C:\Windows\System\iuLpJCY.exe
  C:\Windows\System\iuLpJCY.exe
  2⤵
  PID:2376
- C:\Windows\System\hVPLQAo.exe
  C:\Windows\System\hVPLQAo.exe
  2⤵
  PID:2476
- C:\Windows\System\XuPNocO.exe
  C:\Windows\System\XuPNocO.exe
  2⤵
  PID:4024
- C:\Windows\System\BoftPOJ.exe
  C:\Windows\System\BoftPOJ.exe
  2⤵
  PID:764
- C:\Windows\System\CnAHrgu.exe
  C:\Windows\System\CnAHrgu.exe
  2⤵
  PID:2104
- C:\Windows\System\FhyqTlO.exe
  C:\Windows\System\FhyqTlO.exe
  2⤵
  PID:2852
- C:\Windows\System\zlvrttg.exe
  C:\Windows\System\zlvrttg.exe
  2⤵
  PID:3148
- C:\Windows\System\QSzdbAx.exe
  C:\Windows\System\QSzdbAx.exe
  2⤵
  PID:3424
- C:\Windows\System\kwVmfSg.exe
  C:\Windows\System\kwVmfSg.exe
  2⤵
  PID:3376
- C:\Windows\System\LZPWLaE.exe
  C:\Windows\System\LZPWLaE.exe
  2⤵
  PID:1636
- C:\Windows\System\qaqRdsx.exe
  C:\Windows\System\qaqRdsx.exe
  2⤵
  PID:3628
- C:\Windows\System\ofSrqeO.exe
  C:\Windows\System\ofSrqeO.exe
  2⤵
  PID:3656
- C:\Windows\System\nlArpoW.exe
  C:\Windows\System\nlArpoW.exe
  2⤵
  PID:876
- C:\Windows\System\UyenGAi.exe
  C:\Windows\System\UyenGAi.exe
  2⤵
  PID:4068
- C:\Windows\System\oWTNVLH.exe
  C:\Windows\System\oWTNVLH.exe
  2⤵
  PID:4048
- C:\Windows\System\CSYUDjV.exe
  C:\Windows\System\CSYUDjV.exe
  2⤵
  PID:3692
- C:\Windows\System\kNuguwb.exe
  C:\Windows\System\kNuguwb.exe
  2⤵
  PID:3708
- C:\Windows\System\ivHfLsg.exe
  C:\Windows\System\ivHfLsg.exe
  2⤵
  PID:3732
- C:\Windows\System\KEgidIK.exe
  C:\Windows\System\KEgidIK.exe
  2⤵
  PID:3744
- C:\Windows\System\kJCAime.exe
  C:\Windows\System\kJCAime.exe
  2⤵
  PID:3584
- C:\Windows\System\bDzsfbR.exe
  C:\Windows\System\bDzsfbR.exe
  2⤵
  PID:2716
- C:\Windows\System\tSifwrh.exe
  C:\Windows\System\tSifwrh.exe
  2⤵
  PID:3796
- C:\Windows\System\TwSEIwT.exe
  C:\Windows\System\TwSEIwT.exe
  2⤵
  PID:3168
- C:\Windows\System\JlamfCk.exe
  C:\Windows\System\JlamfCk.exe
  2⤵
  PID:3200
- C:\Windows\System\zthFTMF.exe
  C:\Windows\System\zthFTMF.exe
  2⤵
  PID:3868
- C:\Windows\System\JcCNckL.exe
  C:\Windows\System\JcCNckL.exe
  2⤵
  PID:880
- C:\Windows\System\prcFvSo.exe
  C:\Windows\System\prcFvSo.exe
  2⤵
  PID:3752
- C:\Windows\System\IwoiGYD.exe
  C:\Windows\System\IwoiGYD.exe
  2⤵
  PID:3468
- C:\Windows\System\Dcutbbc.exe
  C:\Windows\System\Dcutbbc.exe
  2⤵
  PID:3560
- C:\Windows\System\bLsiSBY.exe
  C:\Windows\System\bLsiSBY.exe
  2⤵
  PID:3660
- C:\Windows\System\rYqzaJh.exe
  C:\Windows\System\rYqzaJh.exe
  2⤵
  PID:4108
- C:\Windows\System\tYMcFrt.exe
  C:\Windows\System\tYMcFrt.exe
  2⤵
  PID:4132
- C:\Windows\System\rxDhMKk.exe
  C:\Windows\System\rxDhMKk.exe
  2⤵
  PID:4156
- C:\Windows\System\SwqZutG.exe
  C:\Windows\System\SwqZutG.exe
  2⤵
  PID:4228
- C:\Windows\System\ZoJusPm.exe
  C:\Windows\System\ZoJusPm.exe
  2⤵
  PID:4260
- C:\Windows\System\hcKXKeV.exe
  C:\Windows\System\hcKXKeV.exe
  2⤵
  PID:4280
- C:\Windows\System\WDMnnrE.exe
  C:\Windows\System\WDMnnrE.exe
  2⤵
  PID:4304
- C:\Windows\System\pMthThg.exe
  C:\Windows\System\pMthThg.exe
  2⤵
  PID:4328
- C:\Windows\System\ixSWKLm.exe
  C:\Windows\System\ixSWKLm.exe
  2⤵
  PID:4344
- C:\Windows\System\NsKhuFU.exe
  C:\Windows\System\NsKhuFU.exe
  2⤵
  PID:4360
- C:\Windows\System\yozDVUs.exe
  C:\Windows\System\yozDVUs.exe
  2⤵
  PID:4376
- C:\Windows\System\CFBEyJC.exe
  C:\Windows\System\CFBEyJC.exe
  2⤵
  PID:4392
- C:\Windows\System\iozMVed.exe
  C:\Windows\System\iozMVed.exe
  2⤵
  PID:4408
- C:\Windows\System\qrgeMKK.exe
  C:\Windows\System\qrgeMKK.exe
  2⤵
  PID:4432
- C:\Windows\System\DkddwdB.exe
  C:\Windows\System\DkddwdB.exe
  2⤵
  PID:4448
- C:\Windows\System\HXuZDrD.exe
  C:\Windows\System\HXuZDrD.exe
  2⤵
  PID:4468
- C:\Windows\System\tVyANEh.exe
  C:\Windows\System\tVyANEh.exe
  2⤵
  PID:4488
- C:\Windows\System\ywsVzKW.exe
  C:\Windows\System\ywsVzKW.exe
  2⤵
  PID:4508
- C:\Windows\System\lWftYkU.exe
  C:\Windows\System\lWftYkU.exe
  2⤵
  PID:4532
- C:\Windows\System\ogdiRze.exe
  C:\Windows\System\ogdiRze.exe
  2⤵
  PID:4568
- C:\Windows\System\SDDgSCv.exe
  C:\Windows\System\SDDgSCv.exe
  2⤵
  PID:4592
- C:\Windows\System\GTISFVE.exe
  C:\Windows\System\GTISFVE.exe
  2⤵
  PID:4612
- C:\Windows\System\CgdipYh.exe
  C:\Windows\System\CgdipYh.exe
  2⤵
  PID:4636
- C:\Windows\System\zAfEoLZ.exe
  C:\Windows\System\zAfEoLZ.exe
  2⤵
  PID:4656
- C:\Windows\System\yLSHMme.exe
  C:\Windows\System\yLSHMme.exe
  2⤵
  PID:4680
- C:\Windows\System\RYGnahR.exe
  C:\Windows\System\RYGnahR.exe
  2⤵
  PID:4696
- C:\Windows\System\xLDWOSx.exe
  C:\Windows\System\xLDWOSx.exe
  2⤵
  PID:4720
- C:\Windows\System\jOrSJfq.exe
  C:\Windows\System\jOrSJfq.exe
  2⤵
  PID:4736
- C:\Windows\System\gtAVmKT.exe
  C:\Windows\System\gtAVmKT.exe
  2⤵
  PID:4756
- C:\Windows\System\aSCcuTA.exe
  C:\Windows\System\aSCcuTA.exe
  2⤵
  PID:4772
- C:\Windows\System\uHtQFZp.exe
  C:\Windows\System\uHtQFZp.exe
  2⤵
  PID:4788
- C:\Windows\System\cfiQXqw.exe
  C:\Windows\System\cfiQXqw.exe
  2⤵
  PID:4804
- C:\Windows\System\vfOUQvT.exe
  C:\Windows\System\vfOUQvT.exe
  2⤵
  PID:4820
- C:\Windows\System\XVRAKii.exe
  C:\Windows\System\XVRAKii.exe
  2⤵
  PID:4836
- C:\Windows\System\zyCXCDT.exe
  C:\Windows\System\zyCXCDT.exe
  2⤵
  PID:4856
- C:\Windows\System\SXdqvJc.exe
  C:\Windows\System\SXdqvJc.exe
  2⤵
  PID:4876
- C:\Windows\System\GXnBcyw.exe
  C:\Windows\System\GXnBcyw.exe
  2⤵
  PID:4900
- C:\Windows\System\hGCMZfV.exe
  C:\Windows\System\hGCMZfV.exe
  2⤵
  PID:4944
- C:\Windows\System\uzRwDRQ.exe
  C:\Windows\System\uzRwDRQ.exe
  2⤵
  PID:4960
- C:\Windows\System\Bjidwqw.exe
  C:\Windows\System\Bjidwqw.exe
  2⤵
  PID:4976
- C:\Windows\System\BVZUfbW.exe
  C:\Windows\System\BVZUfbW.exe
  2⤵
  PID:4992
- C:\Windows\System\aEDzBeB.exe
  C:\Windows\System\aEDzBeB.exe
  2⤵
  PID:5016
- C:\Windows\System\DmCOKyN.exe
  C:\Windows\System\DmCOKyN.exe
  2⤵
  PID:5040
- C:\Windows\System\sRQIRhN.exe
  C:\Windows\System\sRQIRhN.exe
  2⤵
  PID:5060
- C:\Windows\System\wWgTJDl.exe
  C:\Windows\System\wWgTJDl.exe
  2⤵
  PID:5080
- C:\Windows\System\SFZqQfu.exe
  C:\Windows\System\SFZqQfu.exe
  2⤵
  PID:5096
- C:\Windows\System\DRnekGq.exe
  C:\Windows\System\DRnekGq.exe
  2⤵
  PID:1236
- C:\Windows\System\YWocdUD.exe
  C:\Windows\System\YWocdUD.exe
  2⤵
  PID:3688
- C:\Windows\System\wmqmoqH.exe
  C:\Windows\System\wmqmoqH.exe
  2⤵
  PID:3540
- C:\Windows\System\papPjgj.exe
  C:\Windows\System\papPjgj.exe
  2⤵
  PID:3768
- C:\Windows\System\vjuBvib.exe
  C:\Windows\System\vjuBvib.exe
  2⤵
  PID:4032
- C:\Windows\System\bfJAXkC.exe
  C:\Windows\System\bfJAXkC.exe
  2⤵
  PID:2744
- C:\Windows\System\oZsPlyQ.exe
  C:\Windows\System\oZsPlyQ.exe
  2⤵
  PID:3220
- C:\Windows\System\ydIBruq.exe
  C:\Windows\System\ydIBruq.exe
  2⤵
  PID:2372
- C:\Windows\System\TguPBQV.exe
  C:\Windows\System\TguPBQV.exe
  2⤵
  PID:2348
- C:\Windows\System\vAYvKfe.exe
  C:\Windows\System\vAYvKfe.exe
  2⤵
  PID:4164
- C:\Windows\System\rjdoufK.exe
  C:\Windows\System\rjdoufK.exe
  2⤵
  PID:4184
- C:\Windows\System\mbusEGh.exe
  C:\Windows\System\mbusEGh.exe
  2⤵
  PID:4216
- C:\Windows\System\DeQNGLU.exe
  C:\Windows\System\DeQNGLU.exe
  2⤵
  PID:4272
- C:\Windows\System\TyaObsW.exe
  C:\Windows\System\TyaObsW.exe
  2⤵
  PID:4324
- C:\Windows\System\wiVrGzk.exe
  C:\Windows\System\wiVrGzk.exe
  2⤵
  PID:3704
- C:\Windows\System\DPyVOAm.exe
  C:\Windows\System\DPyVOAm.exe
  2⤵
  PID:4420
- C:\Windows\System\RzzERKf.exe
  C:\Windows\System\RzzERKf.exe
  2⤵
  PID:4464
- C:\Windows\System\FRxRbBx.exe
  C:\Windows\System\FRxRbBx.exe
  2⤵
  PID:4548
- C:\Windows\System\xlpeAYI.exe
  C:\Windows\System\xlpeAYI.exe
  2⤵
  PID:2888
- C:\Windows\System\VXFGwey.exe
  C:\Windows\System\VXFGwey.exe
  2⤵
  PID:4688
- C:\Windows\System\UsdWLrT.exe
  C:\Windows\System\UsdWLrT.exe
  2⤵
  PID:4796
- C:\Windows\System\xbPtwnz.exe
  C:\Windows\System\xbPtwnz.exe
  2⤵
  PID:4868
- C:\Windows\System\gHSmFxn.exe
  C:\Windows\System\gHSmFxn.exe
  2⤵
  PID:4920
- C:\Windows\System\kHKnoFS.exe
  C:\Windows\System\kHKnoFS.exe
  2⤵
  PID:4936
- C:\Windows\System\tAbeHCh.exe
  C:\Windows\System\tAbeHCh.exe
  2⤵
  PID:5012
- C:\Windows\System\KVUEhCK.exe
  C:\Windows\System\KVUEhCK.exe
  2⤵
  PID:5092
- C:\Windows\System\ccTTGVb.exe
  C:\Windows\System\ccTTGVb.exe
  2⤵
  PID:2884
- C:\Windows\System\qwBuIyf.exe
  C:\Windows\System\qwBuIyf.exe
  2⤵
  PID:3580
- C:\Windows\System\gCKMLuj.exe
  C:\Windows\System\gCKMLuj.exe
  2⤵
  PID:2736
- C:\Windows\System\rvcxcXl.exe
  C:\Windows\System\rvcxcXl.exe
  2⤵
  PID:3184
- C:\Windows\System\IFFeMru.exe
  C:\Windows\System\IFFeMru.exe
  2⤵
  PID:3832
- C:\Windows\System\YUqQvUC.exe
  C:\Windows\System\YUqQvUC.exe
  2⤵
  PID:1716
- C:\Windows\System\cIwRyUO.exe
  C:\Windows\System\cIwRyUO.exe
  2⤵
  PID:4244
- C:\Windows\System\twpIUlV.exe
  C:\Windows\System\twpIUlV.exe
  2⤵
  PID:3348
- C:\Windows\System\bljTTBK.exe
  C:\Windows\System\bljTTBK.exe
  2⤵
  PID:4336
- C:\Windows\System\GweNeYR.exe
  C:\Windows\System\GweNeYR.exe
  2⤵
  PID:4528
- C:\Windows\System\BvWFKCA.exe
  C:\Windows\System\BvWFKCA.exe
  2⤵
  PID:4672
- C:\Windows\System\bgTjvdM.exe
  C:\Windows\System\bgTjvdM.exe
  2⤵
  PID:4784
- C:\Windows\System\QOZIKPU.exe
  C:\Windows\System\QOZIKPU.exe
  2⤵
  PID:4852
- C:\Windows\System\DTbgKHy.exe
  C:\Windows\System\DTbgKHy.exe
  2⤵
  PID:4956
- C:\Windows\System\RveLOcB.exe
  C:\Windows\System\RveLOcB.exe
  2⤵
  PID:5036
- C:\Windows\System\lGZonPy.exe
  C:\Windows\System\lGZonPy.exe
  2⤵
  PID:5108
- C:\Windows\System\LkcXLYJ.exe
  C:\Windows\System\LkcXLYJ.exe
  2⤵
  PID:3724
- C:\Windows\System\BYoxfpx.exe
  C:\Windows\System\BYoxfpx.exe
  2⤵
  PID:2520
- C:\Windows\System\rdDwJnS.exe
  C:\Windows\System\rdDwJnS.exe
  2⤵
  PID:1868
- C:\Windows\System\secpkyA.exe
  C:\Windows\System\secpkyA.exe
  2⤵
  PID:4744
- C:\Windows\System\UwdbDof.exe
  C:\Windows\System\UwdbDof.exe
  2⤵
  PID:4620
- C:\Windows\System\lXavzsn.exe
  C:\Windows\System\lXavzsn.exe
  2⤵
  PID:4476
- C:\Windows\System\xuOIpCJ.exe
  C:\Windows\System\xuOIpCJ.exe
  2⤵
  PID:3292
- C:\Windows\System\wxNFzZi.exe
  C:\Windows\System\wxNFzZi.exe
  2⤵
  PID:3940
- C:\Windows\System\UJGxtEE.exe
  C:\Windows\System\UJGxtEE.exe
  2⤵
  PID:1548
- C:\Windows\System\UMKrraI.exe
  C:\Windows\System\UMKrraI.exe
  2⤵
  PID:680
- C:\Windows\System\ofQjuUq.exe
  C:\Windows\System\ofQjuUq.exe
  2⤵
  PID:4128
- C:\Windows\System\CqiDsDe.exe
  C:\Windows\System\CqiDsDe.exe
  2⤵
  PID:3956
- C:\Windows\System\dcbjdDv.exe
  C:\Windows\System\dcbjdDv.exe
  2⤵
  PID:1164
- C:\Windows\System\OzvtGTN.exe
  C:\Windows\System\OzvtGTN.exe
  2⤵
  PID:4208
- C:\Windows\System\bCSeMzz.exe
  C:\Windows\System\bCSeMzz.exe
  2⤵
  PID:4388
- C:\Windows\System\TXIrfPZ.exe
  C:\Windows\System\TXIrfPZ.exe
  2⤵
  PID:4544
- C:\Windows\System\nbVRsBb.exe
  C:\Windows\System\nbVRsBb.exe
  2⤵
  PID:4652
- C:\Windows\System\nKPPLGz.exe
  C:\Windows\System\nKPPLGz.exe
  2⤵
  PID:4928
- C:\Windows\System\EGBZgfW.exe
  C:\Windows\System\EGBZgfW.exe
  2⤵
  PID:1668
- C:\Windows\System\shZgLWb.exe
  C:\Windows\System\shZgLWb.exe
  2⤵
  PID:4100
- C:\Windows\System\AnFWiJT.exe
  C:\Windows\System\AnFWiJT.exe
  2⤵
  PID:3740
- C:\Windows\System\lRCrhRi.exe
  C:\Windows\System\lRCrhRi.exe
  2⤵
  PID:1728
- C:\Windows\System\KNmDsGE.exe
  C:\Windows\System\KNmDsGE.exe
  2⤵
  PID:4176
- C:\Windows\System\Usckudm.exe
  C:\Windows\System\Usckudm.exe
  2⤵
  PID:4180
- C:\Windows\System\RrcmGQR.exe
  C:\Windows\System\RrcmGQR.exe
  2⤵
  PID:4988
- C:\Windows\System\aCenBDT.exe
  C:\Windows\System\aCenBDT.exe
  2⤵
  PID:5072
- C:\Windows\System\PPLtKcC.exe
  C:\Windows\System\PPLtKcC.exe
  2⤵
  PID:4268
- C:\Windows\System\PrjlEeZ.exe
  C:\Windows\System\PrjlEeZ.exe
  2⤵
  PID:3164
- C:\Windows\System\SmEZFVo.exe
  C:\Windows\System\SmEZFVo.exe
  2⤵
  PID:4576
- C:\Windows\System\JyUguri.exe
  C:\Windows\System\JyUguri.exe
  2⤵
  PID:1992
- C:\Windows\System\ZBtPymv.exe
  C:\Windows\System\ZBtPymv.exe
  2⤵
  PID:4624
- C:\Windows\System\xVpyHba.exe
  C:\Windows\System\xVpyHba.exe
  2⤵
  PID:4816
- C:\Windows\System\RzmAHCA.exe
  C:\Windows\System\RzmAHCA.exe
  2⤵
  PID:5032
- C:\Windows\System\RkWQdRw.exe
  C:\Windows\System\RkWQdRw.exe
  2⤵
  PID:3944
- C:\Windows\System\XBhDMZD.exe
  C:\Windows\System\XBhDMZD.exe
  2⤵
  PID:4628
- C:\Windows\System\jEFUypS.exe
  C:\Windows\System\jEFUypS.exe
  2⤵
  PID:3788
- C:\Windows\System\WJGVFSp.exe
  C:\Windows\System\WJGVFSp.exe
  2⤵
  PID:4832
- C:\Windows\System\nsJAMdN.exe
  C:\Windows\System\nsJAMdN.exe
  2⤵
  PID:4812
- C:\Windows\System\BmZwXsI.exe
  C:\Windows\System\BmZwXsI.exe
  2⤵
  PID:1228
- C:\Windows\System\PYhnTmF.exe
  C:\Windows\System\PYhnTmF.exe
  2⤵
  PID:1088
- C:\Windows\System\glWQoKv.exe
  C:\Windows\System\glWQoKv.exe
  2⤵
  PID:3896
- C:\Windows\System\gCVWkDt.exe
  C:\Windows\System\gCVWkDt.exe
  2⤵
  PID:2280
- C:\Windows\System\VdNHgcB.exe
  C:\Windows\System\VdNHgcB.exe
  2⤵
  PID:1616
- C:\Windows\System\GiIBzqh.exe
  C:\Windows\System\GiIBzqh.exe
  2⤵
  PID:4484
- C:\Windows\System\KWguGFl.exe
  C:\Windows\System\KWguGFl.exe
  2⤵
  PID:5104
- C:\Windows\System\ABzmcHU.exe
  C:\Windows\System\ABzmcHU.exe
  2⤵
  PID:4016
- C:\Windows\System\etmDEHH.exe
  C:\Windows\System\etmDEHH.exe
  2⤵
  PID:2892
- C:\Windows\System\bYJVGHz.exe
  C:\Windows\System\bYJVGHz.exe
  2⤵
  PID:3508
- C:\Windows\System\CBefUno.exe
  C:\Windows\System\CBefUno.exe
  2⤵
  PID:4140
- C:\Windows\System\OoulHRI.exe
  C:\Windows\System\OoulHRI.exe
  2⤵
  PID:3128
- C:\Windows\System\yXqJkxK.exe
  C:\Windows\System\yXqJkxK.exe
  2⤵
  PID:4236
- C:\Windows\System\OVncija.exe
  C:\Windows\System\OVncija.exe
  2⤵
  PID:4292
- C:\Windows\System\iZiePpB.exe
  C:\Windows\System\iZiePpB.exe
  2⤵
  PID:4384
- C:\Windows\System\bgFtxyu.exe
  C:\Windows\System\bgFtxyu.exe
  2⤵
  PID:4848
- C:\Windows\System\lEmLAxg.exe
  C:\Windows\System\lEmLAxg.exe
  2⤵
  PID:5028
- C:\Windows\System\obpSRwj.exe
  C:\Windows\System\obpSRwj.exe
  2⤵
  PID:4668
- C:\Windows\System\aohhhla.exe
  C:\Windows\System\aohhhla.exe
  2⤵
  PID:540
- C:\Windows\System\MozSqVx.exe
  C:\Windows\System\MozSqVx.exe
  2⤵
  PID:4500
- C:\Windows\System\WOOMDUD.exe
  C:\Windows\System\WOOMDUD.exe
  2⤵
  PID:5076
- C:\Windows\System\wwVqRsI.exe
  C:\Windows\System\wwVqRsI.exe
  2⤵
  PID:2168
- C:\Windows\System\FJeNXZb.exe
  C:\Windows\System\FJeNXZb.exe
  2⤵
  PID:4460
- C:\Windows\System\dCIdlmk.exe
  C:\Windows\System\dCIdlmk.exe
  2⤵
  PID:4732
- C:\Windows\System\XKPydCe.exe
  C:\Windows\System\XKPydCe.exe
  2⤵
  PID:4768
- C:\Windows\System\MdkKSrO.exe
  C:\Windows\System\MdkKSrO.exe
  2⤵
  PID:4912
- C:\Windows\System\BwPixre.exe
  C:\Windows\System\BwPixre.exe
  2⤵
  PID:4076
- C:\Windows\System\HYiHxeC.exe
  C:\Windows\System\HYiHxeC.exe
  2⤵
  PID:3912
- C:\Windows\System\tedMCHP.exe
  C:\Windows\System\tedMCHP.exe
  2⤵
  PID:4664
- C:\Windows\System\wmJajKg.exe
  C:\Windows\System\wmJajKg.exe
  2⤵
  PID:3492
- C:\Windows\System\MQRucIS.exe
  C:\Windows\System\MQRucIS.exe
  2⤵
  PID:3576
- C:\Windows\System\BvYhylx.exe
  C:\Windows\System\BvYhylx.exe
  2⤵
  PID:1536
- C:\Windows\System\nZkYBxj.exe
  C:\Windows\System\nZkYBxj.exe
  2⤵
  PID:4120
- C:\Windows\System\hSRoSfs.exe
  C:\Windows\System\hSRoSfs.exe
  2⤵
  PID:4644
- C:\Windows\System\OBowFsh.exe
  C:\Windows\System\OBowFsh.exe
  2⤵
  PID:3880
- C:\Windows\System\ALmvtgo.exe
  C:\Windows\System\ALmvtgo.exe
  2⤵
  PID:4520
- C:\Windows\System\tfGQIdB.exe
  C:\Windows\System\tfGQIdB.exe
  2⤵
  PID:4368
- C:\Windows\System\txOkZAp.exe
  C:\Windows\System\txOkZAp.exe
  2⤵
  PID:3444
- C:\Windows\System\aNSKbjF.exe
  C:\Windows\System\aNSKbjF.exe
  2⤵
  PID:1240
- C:\Windows\System\wdFeqsA.exe
  C:\Windows\System\wdFeqsA.exe
  2⤵
  PID:4916
- C:\Windows\System\ohPtpTh.exe
  C:\Windows\System\ohPtpTh.exe
  2⤵
  PID:4764
- C:\Windows\System\EZrEtFD.exe
  C:\Windows\System\EZrEtFD.exe
  2⤵
  PID:4404
- C:\Windows\System\xDPpgfc.exe
  C:\Windows\System\xDPpgfc.exe
  2⤵
  PID:4588
- C:\Windows\System\WcrwTQn.exe
  C:\Windows\System\WcrwTQn.exe
  2⤵
  PID:3892
- C:\Windows\System\wXyTQjj.exe
  C:\Windows\System\wXyTQjj.exe
  2⤵
  PID:2192
- C:\Windows\System\TRyBSZD.exe
  C:\Windows\System\TRyBSZD.exe
  2⤵
  PID:4648
- C:\Windows\System\aLPSYUf.exe
  C:\Windows\System\aLPSYUf.exe
  2⤵
  PID:1532
- C:\Windows\System\EwsQMPO.exe
  C:\Windows\System\EwsQMPO.exe
  2⤵
  PID:1500
- C:\Windows\System\gdEpFVD.exe
  C:\Windows\System\gdEpFVD.exe
  2⤵
  PID:4428
- C:\Windows\System\JUJQVhm.exe
  C:\Windows\System\JUJQVhm.exe
  2⤵
  PID:1148
- C:\Windows\System\vDbWvXc.exe
  C:\Windows\System\vDbWvXc.exe
  2⤵
  PID:4608
- C:\Windows\System\amnInsk.exe
  C:\Windows\System\amnInsk.exe
  2⤵
  PID:2216
- C:\Windows\System\oJzPQaa.exe
  C:\Windows\System\oJzPQaa.exe
  2⤵
  PID:4600
- C:\Windows\System\KnVIFaa.exe
  C:\Windows\System\KnVIFaa.exe
  2⤵
  PID:4144
- C:\Windows\System\VnTcuvW.exe
  C:\Windows\System\VnTcuvW.exe
  2⤵
  PID:2880
- C:\Windows\System\JWqWEQB.exe
  C:\Windows\System\JWqWEQB.exe
  2⤵
  PID:5024
- C:\Windows\System\mekoNDn.exe
  C:\Windows\System\mekoNDn.exe
  2⤵
  PID:4752
- C:\Windows\System\cPisPob.exe
  C:\Windows\System\cPisPob.exe
  2⤵
  PID:3324
- C:\Windows\System\vCwGeZN.exe
  C:\Windows\System\vCwGeZN.exe
  2⤵
  PID:2704
- C:\Windows\System\TyRZcdE.exe
  C:\Windows\System\TyRZcdE.exe
  2⤵
  PID:1704
- C:\Windows\System\QPDhhwm.exe
  C:\Windows\System\QPDhhwm.exe
  2⤵
  PID:5000
- C:\Windows\System\GecLepx.exe
  C:\Windows\System\GecLepx.exe
  2⤵
  PID:2820
- C:\Windows\System\KUitBnw.exe
  C:\Windows\System\KUitBnw.exe
  2⤵
  PID:856
- C:\Windows\System\nfJdZyE.exe
  C:\Windows\System\nfJdZyE.exe
  2⤵
  PID:2564
- C:\Windows\System\EdKhugn.exe
  C:\Windows\System\EdKhugn.exe
  2⤵
  PID:2600
- C:\Windows\System\zGtwtSA.exe
  C:\Windows\System\zGtwtSA.exe
  2⤵
  PID:292
- C:\Windows\System\wKMNsht.exe
  C:\Windows\System\wKMNsht.exe
  2⤵
  PID:3272
- C:\Windows\System\dqYOwam.exe
  C:\Windows\System\dqYOwam.exe
  2⤵
  PID:4356
- C:\Windows\System\HDzaImk.exe
  C:\Windows\System\HDzaImk.exe
  2⤵
  PID:2792
- C:\Windows\System\XJQUWIu.exe
  C:\Windows\System\XJQUWIu.exe
  2⤵
  PID:2856
- C:\Windows\System\ehljAnt.exe
  C:\Windows\System\ehljAnt.exe
  2⤵
  PID:4968
- C:\Windows\System\gwTkbeJ.exe
  C:\Windows\System\gwTkbeJ.exe
  2⤵
  PID:5124
- C:\Windows\System\tyAoKXH.exe
  C:\Windows\System\tyAoKXH.exe
  2⤵
  PID:5152
- C:\Windows\System\qFPyBpM.exe
  C:\Windows\System\qFPyBpM.exe
  2⤵
  PID:5172
- C:\Windows\System\pVGOhdl.exe
  C:\Windows\System\pVGOhdl.exe
  2⤵
  PID:5196
- C:\Windows\System\FkwcmOH.exe
  C:\Windows\System\FkwcmOH.exe
  2⤵
  PID:5216
- C:\Windows\System\uqvNjLt.exe
  C:\Windows\System\uqvNjLt.exe
  2⤵
  PID:5248
- C:\Windows\System\XziLJKB.exe
  C:\Windows\System\XziLJKB.exe
  2⤵
  PID:5272
- C:\Windows\System\qxfPvip.exe
  C:\Windows\System\qxfPvip.exe
  2⤵
  PID:5300
- C:\Windows\System\uZHRBQe.exe
  C:\Windows\System\uZHRBQe.exe
  2⤵
  PID:5320
- C:\Windows\System\rgAhjRI.exe
  C:\Windows\System\rgAhjRI.exe
  2⤵
  PID:5340
- C:\Windows\System\YEkDYeU.exe
  C:\Windows\System\YEkDYeU.exe
  2⤵
  PID:5360
- C:\Windows\System\ydBCpKm.exe
  C:\Windows\System\ydBCpKm.exe
  2⤵
  PID:5396
- C:\Windows\System\NFLXeHX.exe
  C:\Windows\System\NFLXeHX.exe
  2⤵
  PID:5416
- C:\Windows\System\rcIuSiO.exe
  C:\Windows\System\rcIuSiO.exe
  2⤵
  PID:5444
- C:\Windows\System\YUKhxxe.exe
  C:\Windows\System\YUKhxxe.exe
  2⤵
  PID:5460
- C:\Windows\System\cQHqguv.exe
  C:\Windows\System\cQHqguv.exe
  2⤵
  PID:5484
- C:\Windows\System\bnyJSRN.exe
  C:\Windows\System\bnyJSRN.exe
  2⤵
  PID:5508
- C:\Windows\System\nObqzWM.exe
  C:\Windows\System\nObqzWM.exe
  2⤵
  PID:5532
- C:\Windows\System\DzkHzUP.exe
  C:\Windows\System\DzkHzUP.exe
  2⤵
  PID:5560
- C:\Windows\System\XSwstyQ.exe
  C:\Windows\System\XSwstyQ.exe
  2⤵
  PID:5580
- C:\Windows\System\YofLAJB.exe
  C:\Windows\System\YofLAJB.exe
  2⤵
  PID:5616
- C:\Windows\System\JgssKYQ.exe
  C:\Windows\System\JgssKYQ.exe
  2⤵
  PID:5636
- C:\Windows\System\iueUDNh.exe
  C:\Windows\System\iueUDNh.exe
  2⤵
  PID:5672
- C:\Windows\System\FbxWjHN.exe
  C:\Windows\System\FbxWjHN.exe
  2⤵
  PID:5692
- C:\Windows\System\ZZwmUyM.exe
  C:\Windows\System\ZZwmUyM.exe
  2⤵
  PID:5708
- C:\Windows\System\sMAeuGy.exe
  C:\Windows\System\sMAeuGy.exe
  2⤵
  PID:5728
- C:\Windows\System\XQKPUep.exe
  C:\Windows\System\XQKPUep.exe
  2⤵
  PID:5748
- C:\Windows\System\cHDTIpV.exe
  C:\Windows\System\cHDTIpV.exe
  2⤵
  PID:5780
- C:\Windows\System\TyxsEcO.exe
  C:\Windows\System\TyxsEcO.exe
  2⤵
  PID:5796
- C:\Windows\System\LRvTRrH.exe
  C:\Windows\System\LRvTRrH.exe
  2⤵
  PID:5812
- C:\Windows\System\XwXvqjy.exe
  C:\Windows\System\XwXvqjy.exe
  2⤵
  PID:5828
- C:\Windows\System\iKdCZQP.exe
  C:\Windows\System\iKdCZQP.exe
  2⤵
  PID:5844
- C:\Windows\System\OyNdwxL.exe
  C:\Windows\System\OyNdwxL.exe
  2⤵
  PID:5860
- C:\Windows\System\rFPxTKk.exe
  C:\Windows\System\rFPxTKk.exe
  2⤵
  PID:5876
- C:\Windows\System\TRgQumk.exe
  C:\Windows\System\TRgQumk.exe
  2⤵
  PID:5896
- C:\Windows\System\FKaHGZQ.exe
  C:\Windows\System\FKaHGZQ.exe
  2⤵
  PID:5916
- C:\Windows\System\DuiRKgM.exe
  C:\Windows\System\DuiRKgM.exe
  2⤵
  PID:5932
- C:\Windows\System\WXpVqQj.exe
  C:\Windows\System\WXpVqQj.exe
  2⤵
  PID:5948
- C:\Windows\System\wOnnpql.exe
  C:\Windows\System\wOnnpql.exe
  2⤵
  PID:5964
- C:\Windows\System\sAAgiak.exe
  C:\Windows\System\sAAgiak.exe
  2⤵
  PID:5988
- C:\Windows\System\ngooell.exe
  C:\Windows\System\ngooell.exe
  2⤵
  PID:6008
- C:\Windows\System\ERaseJw.exe
  C:\Windows\System\ERaseJw.exe
  2⤵
  PID:6024
- C:\Windows\System\LGwioqp.exe
  C:\Windows\System\LGwioqp.exe
  2⤵
  PID:6040
- C:\Windows\System\dxUgmaW.exe
  C:\Windows\System\dxUgmaW.exe
  2⤵
  PID:6060
- C:\Windows\System\snXnVIX.exe
  C:\Windows\System\snXnVIX.exe
  2⤵
  PID:6080
- C:\Windows\System\pWnNpRx.exe
  C:\Windows\System\pWnNpRx.exe
  2⤵
  PID:6100
- C:\Windows\System\LbGAWAI.exe
  C:\Windows\System\LbGAWAI.exe
  2⤵
  PID:6128
- C:\Windows\System\oBqcITF.exe
  C:\Windows\System\oBqcITF.exe
  2⤵
  PID:5056
- C:\Windows\System\aIxYxdA.exe
  C:\Windows\System\aIxYxdA.exe
  2⤵
  PID:2368
- C:\Windows\System\WcirUGo.exe
  C:\Windows\System\WcirUGo.exe
  2⤵
  PID:1748
- C:\Windows\System\EEOddEu.exe
  C:\Windows\System\EEOddEu.exe
  2⤵
  PID:5132
- C:\Windows\System\pnbEoYS.exe
  C:\Windows\System\pnbEoYS.exe
  2⤵
  PID:5148
- C:\Windows\System\zhccnMm.exe
  C:\Windows\System\zhccnMm.exe
  2⤵
  PID:5368
- C:\Windows\System\SWDzQTY.exe
  C:\Windows\System\SWDzQTY.exe
  2⤵
  PID:5408
- C:\Windows\System\oFSsjHx.exe
  C:\Windows\System\oFSsjHx.exe
  2⤵
  PID:5436
- C:\Windows\System\ZkChZeJ.exe
  C:\Windows\System\ZkChZeJ.exe
  2⤵
  PID:5472
- C:\Windows\System\cEEOJDi.exe
  C:\Windows\System\cEEOJDi.exe
  2⤵
  PID:5476
- C:\Windows\System\KIfXqeb.exe
  C:\Windows\System\KIfXqeb.exe
  2⤵
  PID:5520
- C:\Windows\System\jRgECDr.exe
  C:\Windows\System\jRgECDr.exe
  2⤵
  PID:5556
- C:\Windows\System\oVkRRgj.exe
  C:\Windows\System\oVkRRgj.exe
  2⤵
  PID:5528
- C:\Windows\System\Zlsghvo.exe
  C:\Windows\System\Zlsghvo.exe
  2⤵
  PID:5568
- C:\Windows\System\SVmVenC.exe
  C:\Windows\System\SVmVenC.exe
  2⤵
  PID:5572
- C:\Windows\System\BIdfKMQ.exe
  C:\Windows\System\BIdfKMQ.exe
  2⤵
  PID:5624
- C:\Windows\System\Fdxebkb.exe
  C:\Windows\System\Fdxebkb.exe
  2⤵
  PID:5628
- C:\Windows\System\kGLNVNS.exe
  C:\Windows\System\kGLNVNS.exe
  2⤵
  PID:5656
- C:\Windows\System\owGDMIp.exe
  C:\Windows\System\owGDMIp.exe
  2⤵
  PID:2832
- C:\Windows\System\QIvyXCp.exe
  C:\Windows\System\QIvyXCp.exe
  2⤵
  PID:5136
- C:\Windows\System\VGwIQPh.exe
  C:\Windows\System\VGwIQPh.exe
  2⤵
  PID:5660
- C:\Windows\System\aYlkThr.exe
  C:\Windows\System\aYlkThr.exe
  2⤵
  PID:5688
- C:\Windows\System\tjmYtWn.exe
  C:\Windows\System\tjmYtWn.exe
  2⤵
  PID:1688
- C:\Windows\System\MNksByR.exe
  C:\Windows\System\MNksByR.exe
  2⤵
  PID:2912
- C:\Windows\System\cisVohD.exe
  C:\Windows\System\cisVohD.exe
  2⤵
  PID:5740
- C:\Windows\System\edNRpqN.exe
  C:\Windows\System\edNRpqN.exe
  2⤵
  PID:5716
- C:\Windows\System\RdixraK.exe
  C:\Windows\System\RdixraK.exe
  2⤵
  PID:5760
- C:\Windows\System\cgrTxJV.exe
  C:\Windows\System\cgrTxJV.exe
  2⤵
  PID:5776
- C:\Windows\System\vwDmXfG.exe
  C:\Windows\System\vwDmXfG.exe
  2⤵
  PID:5840
- C:\Windows\System\pNfmjoD.exe
  C:\Windows\System\pNfmjoD.exe
  2⤵
  PID:5908
- C:\Windows\System\EAEQgpB.exe
  C:\Windows\System\EAEQgpB.exe
  2⤵
  PID:5972
- C:\Windows\System\zknNFAt.exe
  C:\Windows\System\zknNFAt.exe
  2⤵
  PID:5984
- C:\Windows\System\twTxaha.exe
  C:\Windows\System\twTxaha.exe
  2⤵
  PID:6056
- C:\Windows\System\OKqkegq.exe
  C:\Windows\System\OKqkegq.exe
  2⤵
  PID:6136
- C:\Windows\System\ShLbHwc.exe
  C:\Windows\System\ShLbHwc.exe
  2⤵
  PID:5924
- C:\Windows\System\fTnYSZe.exe
  C:\Windows\System\fTnYSZe.exe
  2⤵
  PID:5140
- C:\Windows\System\euiZRqh.exe
  C:\Windows\System\euiZRqh.exe
  2⤵
  PID:5820
- C:\Windows\System\EAIsrrS.exe
  C:\Windows\System\EAIsrrS.exe
  2⤵
  PID:6016
- C:\Windows\System\thkOYBk.exe
  C:\Windows\System\thkOYBk.exe
  2⤵
  PID:5892
- C:\Windows\System\fWyzAGg.exe
  C:\Windows\System\fWyzAGg.exe
  2⤵
  PID:328
- C:\Windows\System\pjhrprX.exe
  C:\Windows\System\pjhrprX.exe
  2⤵
  PID:5996
- C:\Windows\System\epRWdHK.exe
  C:\Windows\System\epRWdHK.exe
  2⤵
  PID:6072
- C:\Windows\System\nMBhwpQ.exe
  C:\Windows\System\nMBhwpQ.exe
  2⤵
  PID:6112
- C:\Windows\System\pRWhEBK.exe
  C:\Windows\System\pRWhEBK.exe
  2⤵
  PID:2144
- C:\Windows\System\CAMoRmd.exe
  C:\Windows\System\CAMoRmd.exe
  2⤵
  PID:2220
- C:\Windows\System\ACwqjCp.exe
  C:\Windows\System\ACwqjCp.exe
  2⤵
  PID:5188
- C:\Windows\System\GVdtpkQ.exe
  C:\Windows\System\GVdtpkQ.exe
  2⤵
  PID:5228
- C:\Windows\System\fjiDwId.exe
  C:\Windows\System\fjiDwId.exe
  2⤵
  PID:5260
- C:\Windows\System\EMfzAfc.exe
  C:\Windows\System\EMfzAfc.exe
  2⤵
  PID:5280
- C:\Windows\System\VwWYlWO.exe
  C:\Windows\System\VwWYlWO.exe
  2⤵
  PID:5296
- C:\Windows\System\EwbOKCo.exe
  C:\Windows\System\EwbOKCo.exe
  2⤵
  PID:5288
- C:\Windows\System\CXvwhEI.exe
  C:\Windows\System\CXvwhEI.exe
  2⤵
  PID:5356
- C:\Windows\System\xSbJDbI.exe
  C:\Windows\System\xSbJDbI.exe
  2⤵
  PID:5336
- C:\Windows\System\AgRVXeI.exe
  C:\Windows\System\AgRVXeI.exe
  2⤵
  PID:2748
- C:\Windows\System\AqRVbxn.exe
  C:\Windows\System\AqRVbxn.exe
  2⤵
  PID:5432
- C:\Windows\System\riHyBqA.exe
  C:\Windows\System\riHyBqA.exe
  2⤵
  PID:5648
- C:\Windows\System\IYFiFSD.exe
  C:\Windows\System\IYFiFSD.exe
  2⤵
  PID:600
- C:\Windows\System\YDOPKrY.exe
  C:\Windows\System\YDOPKrY.exe
  2⤵
  PID:5500
- C:\Windows\System\yCvYwEW.exe
  C:\Windows\System\yCvYwEW.exe
  2⤵
  PID:3056
- C:\Windows\System\KehgUrY.exe
  C:\Windows\System\KehgUrY.exe
  2⤵
  PID:2676
- C:\Windows\System\MdqmUpY.exe
  C:\Windows\System\MdqmUpY.exe
  2⤵
  PID:5736
- C:\Windows\System\JrTuZaX.exe
  C:\Windows\System\JrTuZaX.exe
  2⤵
  PID:5756
- C:\Windows\System\vhGWYfk.exe
  C:\Windows\System\vhGWYfk.exe
  2⤵
  PID:5836
- C:\Windows\System\PvXVpRU.exe
  C:\Windows\System\PvXVpRU.exe
  2⤵
  PID:2828
- C:\Windows\System\pKQmmgS.exe
  C:\Windows\System\pKQmmgS.exe
  2⤵
  PID:5884
- C:\Windows\System\DlStZKO.exe
  C:\Windows\System\DlStZKO.exe
  2⤵
  PID:6108
- C:\Windows\System\QJnKMcz.exe
  C:\Windows\System\QJnKMcz.exe
  2⤵
  PID:5768
- C:\Windows\System\MfDxCVu.exe
  C:\Windows\System\MfDxCVu.exe
  2⤵
  PID:5904
- C:\Windows\System\gKZIErf.exe
  C:\Windows\System\gKZIErf.exe
  2⤵
  PID:1052
- C:\Windows\System\TLvrOEZ.exe
  C:\Windows\System\TLvrOEZ.exe
  2⤵
  PID:6032
- C:\Windows\System\YkAriKS.exe
  C:\Windows\System\YkAriKS.exe
  2⤵
  PID:6124
- C:\Windows\System\gnExojG.exe
  C:\Windows\System\gnExojG.exe
  2⤵
  PID:5236
- C:\Windows\System\DkqbSov.exe
  C:\Windows\System\DkqbSov.exe
  2⤵
  PID:5312
- C:\Windows\System\ljLGrdv.exe
  C:\Windows\System\ljLGrdv.exe
  2⤵
  PID:5548
- C:\Windows\System\CHXfyDZ.exe
  C:\Windows\System\CHXfyDZ.exe
  2⤵
  PID:2700
- C:\Windows\System\LjcAtQK.exe
  C:\Windows\System\LjcAtQK.exe
  2⤵
  PID:5208
- C:\Windows\System\FvCVGPR.exe
  C:\Windows\System\FvCVGPR.exe
  2⤵
  PID:5596
- C:\Windows\System\ElPyGiw.exe
  C:\Windows\System\ElPyGiw.exe
  2⤵
  PID:5496
- C:\Windows\System\BUzPDlr.exe
  C:\Windows\System\BUzPDlr.exe
  2⤵
  PID:5412
- C:\Windows\System\HDQzKmT.exe
  C:\Windows\System\HDQzKmT.exe
  2⤵
  PID:5652
- C:\Windows\System\zMqaeim.exe
  C:\Windows\System\zMqaeim.exe
  2⤵
  PID:5516
- C:\Windows\System\ORGWZAS.exe
  C:\Windows\System\ORGWZAS.exe
  2⤵
  PID:1032
- C:\Windows\System\RmALvQU.exe
  C:\Windows\System\RmALvQU.exe
  2⤵
  PID:572
- C:\Windows\System\oGxxQse.exe
  C:\Windows\System\oGxxQse.exe
  2⤵
  PID:5872
- C:\Windows\System\JisKWBR.exe
  C:\Windows\System\JisKWBR.exe
  2⤵
  PID:5960
- C:\Windows\System\edVCzSZ.exe
  C:\Windows\System\edVCzSZ.exe
  2⤵
  PID:5264
- C:\Windows\System\ufzCBNw.exe
  C:\Windows\System\ufzCBNw.exe
  2⤵
  PID:5268
- C:\Windows\System\LMeOdpD.exe
  C:\Windows\System\LMeOdpD.exe
  2⤵
  PID:6092
- C:\Windows\System\WTBYRir.exe
  C:\Windows\System\WTBYRir.exe
  2⤵
  PID:1452
- C:\Windows\System\HLCvidb.exe
  C:\Windows\System\HLCvidb.exe
  2⤵
  PID:5540
- C:\Windows\System\VdfyrOd.exe
  C:\Windows\System\VdfyrOd.exe
  2⤵
  PID:2580
- C:\Windows\System\htBmdwG.exe
  C:\Windows\System\htBmdwG.exe
  2⤵
  PID:5668
- C:\Windows\System\sxmtosa.exe
  C:\Windows\System\sxmtosa.exe
  2⤵
  PID:5180
- C:\Windows\System\DdDSZic.exe
  C:\Windows\System\DdDSZic.exe
  2⤵
  PID:1776
- C:\Windows\System\mBhxFUQ.exe
  C:\Windows\System\mBhxFUQ.exe
  2⤵
  PID:5980
- C:\Windows\System\YZQnymq.exe
  C:\Windows\System\YZQnymq.exe
  2⤵
  PID:5404
- C:\Windows\System\yHwBQml.exe
  C:\Windows\System\yHwBQml.exe
  2⤵
  PID:6096
- C:\Windows\System\BQkOdXe.exe
  C:\Windows\System\BQkOdXe.exe
  2⤵
  PID:5940
- C:\Windows\System\UpitrAu.exe
  C:\Windows\System\UpitrAu.exe
  2⤵
  PID:2620
- C:\Windows\System\LczcpVC.exe
  C:\Windows\System\LczcpVC.exe
  2⤵
  PID:5256
- C:\Windows\System\JwSdudu.exe
  C:\Windows\System\JwSdudu.exe
  2⤵
  PID:6160
- C:\Windows\System\bBFVjbI.exe
  C:\Windows\System\bBFVjbI.exe
  2⤵
  PID:6176
- C:\Windows\System\pcikGmf.exe
  C:\Windows\System\pcikGmf.exe
  2⤵
  PID:6192
- C:\Windows\System\vXKrOJU.exe
  C:\Windows\System\vXKrOJU.exe
  2⤵
  PID:6208
- C:\Windows\System\gStGpxW.exe
  C:\Windows\System\gStGpxW.exe
  2⤵
  PID:6224
- C:\Windows\System\IQPdFwD.exe
  C:\Windows\System\IQPdFwD.exe
  2⤵
  PID:6240
- C:\Windows\System\QPlpimW.exe
  C:\Windows\System\QPlpimW.exe
  2⤵
  PID:6256
- C:\Windows\System\QAzCPEK.exe
  C:\Windows\System\QAzCPEK.exe
  2⤵
  PID:6272
- C:\Windows\System\hTihJzg.exe
  C:\Windows\System\hTihJzg.exe
  2⤵
  PID:6288
- C:\Windows\System\gtPFvit.exe
  C:\Windows\System\gtPFvit.exe
  2⤵
  PID:6304
- C:\Windows\System\NwxCfyK.exe
  C:\Windows\System\NwxCfyK.exe
  2⤵
  PID:6320
- C:\Windows\System\GTSMTLB.exe
  C:\Windows\System\GTSMTLB.exe
  2⤵
  PID:6336
- C:\Windows\System\BdxGslC.exe
  C:\Windows\System\BdxGslC.exe
  2⤵
  PID:6352
- C:\Windows\System\hVZSZDs.exe
  C:\Windows\System\hVZSZDs.exe
  2⤵
  PID:6368
- C:\Windows\System\lIKtpRW.exe
  C:\Windows\System\lIKtpRW.exe
  2⤵
  PID:6384
- C:\Windows\System\OIYSHWd.exe
  C:\Windows\System\OIYSHWd.exe
  2⤵
  PID:6400
- C:\Windows\System\hZeSaBn.exe
  C:\Windows\System\hZeSaBn.exe
  2⤵
  PID:6416
- C:\Windows\System\rSHVwKs.exe
  C:\Windows\System\rSHVwKs.exe
  2⤵
  PID:6432
- C:\Windows\System\vmytvCb.exe
  C:\Windows\System\vmytvCb.exe
  2⤵
  PID:6448
- C:\Windows\System\CXriqTw.exe
  C:\Windows\System\CXriqTw.exe
  2⤵
  PID:6464
- C:\Windows\System\SVNmsok.exe
  C:\Windows\System\SVNmsok.exe
  2⤵
  PID:6480
- C:\Windows\System\kcFNBmO.exe
  C:\Windows\System\kcFNBmO.exe
  2⤵
  PID:6496
- C:\Windows\System\sugmvJC.exe
  C:\Windows\System\sugmvJC.exe
  2⤵
  PID:6520
- C:\Windows\System\hILkgEK.exe
  C:\Windows\System\hILkgEK.exe
  2⤵
  PID:6544
- C:\Windows\System\jvOCAUJ.exe
  C:\Windows\System\jvOCAUJ.exe
  2⤵
  PID:6560
- C:\Windows\System\JkPqdBF.exe
  C:\Windows\System\JkPqdBF.exe
  2⤵
  PID:6576
- C:\Windows\System\StuviGe.exe
  C:\Windows\System\StuviGe.exe
  2⤵
  PID:6600
- C:\Windows\System\VczrYXe.exe
  C:\Windows\System\VczrYXe.exe
  2⤵
  PID:6616
- C:\Windows\System\oLSEdUs.exe
  C:\Windows\System\oLSEdUs.exe
  2⤵
  PID:6632
- C:\Windows\System\BHZQbzs.exe
  C:\Windows\System\BHZQbzs.exe
  2⤵
  PID:6648
- C:\Windows\System\RPxLgHA.exe
  C:\Windows\System\RPxLgHA.exe
  2⤵
  PID:6664
- C:\Windows\System\FAuEaqR.exe
  C:\Windows\System\FAuEaqR.exe
  2⤵
  PID:6680
- C:\Windows\System\gvzwfmE.exe
  C:\Windows\System\gvzwfmE.exe
  2⤵
  PID:6696
- C:\Windows\System\wdFvjbu.exe
  C:\Windows\System\wdFvjbu.exe
  2⤵
  PID:6712
- C:\Windows\System\HsHunFv.exe
  C:\Windows\System\HsHunFv.exe
  2⤵
  PID:6736
- C:\Windows\System\XGOUSRF.exe
  C:\Windows\System\XGOUSRF.exe
  2⤵
  PID:6756
- C:\Windows\System\rjpeEnb.exe
  C:\Windows\System\rjpeEnb.exe
  2⤵
  PID:6776
- C:\Windows\System\TopFLyd.exe
  C:\Windows\System\TopFLyd.exe
  2⤵
  PID:6792
- C:\Windows\System\pDHAOhs.exe
  C:\Windows\System\pDHAOhs.exe
  2⤵
  PID:6808
- C:\Windows\System\cjOiMtw.exe
  C:\Windows\System\cjOiMtw.exe
  2⤵
  PID:6824
- C:\Windows\System\bbdrRGW.exe
  C:\Windows\System\bbdrRGW.exe
  2⤵
  PID:6840
- C:\Windows\System\JwNWAXR.exe
  C:\Windows\System\JwNWAXR.exe
  2⤵
  PID:6856
- C:\Windows\System\klicers.exe
  C:\Windows\System\klicers.exe
  2⤵
  PID:6872
- C:\Windows\System\veMRDuk.exe
  C:\Windows\System\veMRDuk.exe
  2⤵
  PID:6888
- C:\Windows\System\DMWrSLj.exe
  C:\Windows\System\DMWrSLj.exe
  2⤵
  PID:6904
- C:\Windows\System\vbmhMTX.exe
  C:\Windows\System\vbmhMTX.exe
  2⤵
  PID:6924
- C:\Windows\System\QHZMniB.exe
  C:\Windows\System\QHZMniB.exe
  2⤵
  PID:6968
- C:\Windows\System\sdUnbmW.exe
  C:\Windows\System\sdUnbmW.exe
  2⤵
  PID:6984
- C:\Windows\System\eTRDfIg.exe
  C:\Windows\System\eTRDfIg.exe
  2⤵
  PID:7000
- C:\Windows\System\AVOlRxZ.exe
  C:\Windows\System\AVOlRxZ.exe
  2⤵
  PID:7016
- C:\Windows\System\LoazJEW.exe
  C:\Windows\System\LoazJEW.exe
  2⤵
  PID:7032
- C:\Windows\System\wXIUWNj.exe
  C:\Windows\System\wXIUWNj.exe
  2⤵
  PID:7048
- C:\Windows\System\ujlwrlY.exe
  C:\Windows\System\ujlwrlY.exe
  2⤵
  PID:7064
- C:\Windows\System\YqXVTXR.exe
  C:\Windows\System\YqXVTXR.exe
  2⤵
  PID:7080
- C:\Windows\System\ndksAAK.exe
  C:\Windows\System\ndksAAK.exe
  2⤵
  PID:7096
- C:\Windows\System\CgYQQvK.exe
  C:\Windows\System\CgYQQvK.exe
  2⤵
  PID:7112
- C:\Windows\System\icyjclh.exe
  C:\Windows\System\icyjclh.exe
  2⤵
  PID:7128
- C:\Windows\System\wqTfznn.exe
  C:\Windows\System\wqTfznn.exe
  2⤵
  PID:7144
- C:\Windows\System\VhwsUnm.exe
  C:\Windows\System\VhwsUnm.exe
  2⤵
  PID:7160
- C:\Windows\System\XJkyPCY.exe
  C:\Windows\System\XJkyPCY.exe
  2⤵
  PID:6172
- C:\Windows\System\VrbSUFC.exe
  C:\Windows\System\VrbSUFC.exe
  2⤵
  PID:6236
- C:\Windows\System\tnETraS.exe
  C:\Windows\System\tnETraS.exe
  2⤵
  PID:2932
- C:\Windows\System\sVuIUfB.exe
  C:\Windows\System\sVuIUfB.exe
  2⤵
  PID:6184
- C:\Windows\System\Rcozyih.exe
  C:\Windows\System\Rcozyih.exe
  2⤵
  PID:6220
- C:\Windows\System\JAERXQm.exe
  C:\Windows\System\JAERXQm.exe
  2⤵
  PID:6296
- C:\Windows\System\QVlgMBk.exe
  C:\Windows\System\QVlgMBk.exe
  2⤵
  PID:6120
- C:\Windows\System\uFGRVnO.exe
  C:\Windows\System\uFGRVnO.exe
  2⤵
  PID:6344
- C:\Windows\System\xwRMcSS.exe
  C:\Windows\System\xwRMcSS.exe
  2⤵
  PID:6360
- C:\Windows\System\uOEVtOz.exe
  C:\Windows\System\uOEVtOz.exe
  2⤵
  PID:6396
- C:\Windows\System\fIoELuc.exe
  C:\Windows\System\fIoELuc.exe
  2⤵
  PID:6456
- C:\Windows\System\BjRumSD.exe
  C:\Windows\System\BjRumSD.exe
  2⤵
  PID:6528
- C:\Windows\System\QNxOczL.exe
  C:\Windows\System\QNxOczL.exe
  2⤵
  PID:6568
- C:\Windows\System\lHPFjIP.exe
  C:\Windows\System\lHPFjIP.exe
  2⤵
  PID:6612
- C:\Windows\System\jtBdvlY.exe
  C:\Windows\System\jtBdvlY.exe
  2⤵
  PID:6624
- C:\Windows\System\tICnEsr.exe
  C:\Windows\System\tICnEsr.exe
  2⤵
  PID:6472
- C:\Windows\System\LaJWLUz.exe
  C:\Windows\System\LaJWLUz.exe
  2⤵
  PID:6516
- C:\Windows\System\FrfpUQS.exe
  C:\Windows\System\FrfpUQS.exe
  2⤵
  PID:6584
- C:\Windows\System\pAWLLQW.exe
  C:\Windows\System\pAWLLQW.exe
  2⤵
  PID:6676
- C:\Windows\System\sIFsBSW.exe
  C:\Windows\System\sIFsBSW.exe
  2⤵
  PID:6744
- C:\Windows\System\WaJwEUA.exe
  C:\Windows\System\WaJwEUA.exe
  2⤵
  PID:6688
- C:\Windows\System\TqqCcYP.exe
  C:\Windows\System\TqqCcYP.exe
  2⤵
  PID:6788
- C:\Windows\System\RJVCOcy.exe
  C:\Windows\System\RJVCOcy.exe
  2⤵
  PID:6768
- C:\Windows\System\CgJHiDe.exe
  C:\Windows\System\CgJHiDe.exe
  2⤵
  PID:6820
- C:\Windows\System\bQiwXjn.exe
  C:\Windows\System\bQiwXjn.exe
  2⤵
  PID:6864
- C:\Windows\System\oytDZMG.exe
  C:\Windows\System\oytDZMG.exe
  2⤵
  PID:6932
- C:\Windows\System\yLSebIU.exe
  C:\Windows\System\yLSebIU.exe
  2⤵
  PID:6880
- C:\Windows\System\kDRUCgg.exe
  C:\Windows\System\kDRUCgg.exe
  2⤵
  PID:6920
- C:\Windows\System\oBjMeFk.exe
  C:\Windows\System\oBjMeFk.exe
  2⤵
  PID:6956
- C:\Windows\System\bQHevLe.exe
  C:\Windows\System\bQHevLe.exe
  2⤵
  PID:6996
- C:\Windows\System\bxiYVrB.exe
  C:\Windows\System\bxiYVrB.exe
  2⤵
  PID:7092
- C:\Windows\System\dYECPRU.exe
  C:\Windows\System\dYECPRU.exe
  2⤵
  PID:7040
- C:\Windows\System\CMDDHUR.exe
  C:\Windows\System\CMDDHUR.exe
  2⤵
  PID:7044
- C:\Windows\System\rlAYYXA.exe
  C:\Windows\System\rlAYYXA.exe
  2⤵
  PID:7108
- C:\Windows\System\DrpzQUC.exe
  C:\Windows\System\DrpzQUC.exe
  2⤵
  PID:7156
- C:\Windows\System\ldhpJcW.exe
  C:\Windows\System\ldhpJcW.exe
  2⤵
  PID:6264
- C:\Windows\System\unKPAPQ.exe
  C:\Windows\System\unKPAPQ.exe
  2⤵
  PID:5292
- C:\Windows\System\EncHdOo.exe
  C:\Windows\System\EncHdOo.exe
  2⤵
  PID:6156
- C:\Windows\System\pwDJnsB.exe
  C:\Windows\System\pwDJnsB.exe
  2⤵
  PID:6332
- C:\Windows\System\DSIpmAY.exe
  C:\Windows\System\DSIpmAY.exe
  2⤵
  PID:6188
- C:\Windows\System\FNrXIlK.exe
  C:\Windows\System\FNrXIlK.exe
  2⤵
  PID:6572
- C:\Windows\System\OvMKKxh.exe
  C:\Windows\System\OvMKKxh.exe
  2⤵
  PID:6644
- C:\Windows\System\mownbcO.exe
  C:\Windows\System\mownbcO.exe
  2⤵
  PID:6408
- C:\Windows\System\DundQRV.exe
  C:\Windows\System\DundQRV.exe
  2⤵
  PID:6592
- C:\Windows\System\ShRoQii.exe
  C:\Windows\System\ShRoQii.exe
  2⤵
  PID:6628
- C:\Windows\System\ZlSVTlL.exe
  C:\Windows\System\ZlSVTlL.exe
  2⤵
  PID:6764
- C:\Windows\System\dAXnTLt.exe
  C:\Windows\System\dAXnTLt.exe
  2⤵
  PID:6852
- C:\Windows\System\JxygptJ.exe
  C:\Windows\System\JxygptJ.exe
  2⤵
  PID:6800
- C:\Windows\System\OOXLtQf.exe
  C:\Windows\System\OOXLtQf.exe
  2⤵
  PID:6916
- C:\Windows\System\OvpNfly.exe
  C:\Windows\System\OvpNfly.exe
  2⤵
  PID:6964
- C:\Windows\System\ezLgBCy.exe
  C:\Windows\System\ezLgBCy.exe
  2⤵
  PID:7028
- C:\Windows\System\eVyyfCY.exe
  C:\Windows\System\eVyyfCY.exe
  2⤵
  PID:7008
- C:\Windows\System\MntctMh.exe
  C:\Windows\System\MntctMh.exe
  2⤵
  PID:7104
- C:\Windows\System\gjMOiSP.exe
  C:\Windows\System\gjMOiSP.exe
  2⤵
  PID:6252
- C:\Windows\System\xKCcPvG.exe
  C:\Windows\System\xKCcPvG.exe
  2⤵
  PID:5452
- C:\Windows\System\NPmvGHT.exe
  C:\Windows\System\NPmvGHT.exe
  2⤵
  PID:6392
- C:\Windows\System\lRVkIUg.exe
  C:\Windows\System\lRVkIUg.exe
  2⤵
  PID:6640
- C:\Windows\System\YYVVdaj.exe
  C:\Windows\System\YYVVdaj.exe
  2⤵
  PID:6848
- C:\Windows\System\mYjeyeT.exe
  C:\Windows\System\mYjeyeT.exe
  2⤵
  PID:6912
- C:\Windows\System\lyYPhYl.exe
  C:\Windows\System\lyYPhYl.exe
  2⤵
  PID:7140
- C:\Windows\System\wGRJKye.exe
  C:\Windows\System\wGRJKye.exe
  2⤵
  PID:6784
- C:\Windows\System\sGpYXmU.exe
  C:\Windows\System\sGpYXmU.exe
  2⤵
  PID:6724
- C:\Windows\System\MXaJSWU.exe
  C:\Windows\System\MXaJSWU.exe
  2⤵
  PID:7152
- C:\Windows\System\NLBDKZv.exe
  C:\Windows\System\NLBDKZv.exe
  2⤵
  PID:6376
- C:\Windows\System\yBsuFbh.exe
  C:\Windows\System\yBsuFbh.exe
  2⤵
  PID:6588
- C:\Windows\System\uSrpvax.exe
  C:\Windows\System\uSrpvax.exe
  2⤵
  PID:6556
- C:\Windows\System\OIVAzJp.exe
  C:\Windows\System\OIVAzJp.exe
  2⤵
  PID:6980
- C:\Windows\System\bZwJVrq.exe
  C:\Windows\System\bZwJVrq.exe
  2⤵
  PID:6944
- C:\Windows\System\yWjFdHD.exe
  C:\Windows\System\yWjFdHD.exe
  2⤵
  PID:7124
- C:\Windows\System\KXbTGUi.exe
  C:\Windows\System\KXbTGUi.exe
  2⤵
  PID:7184
- C:\Windows\System\neNcpRm.exe
  C:\Windows\System\neNcpRm.exe
  2⤵
  PID:7200
- C:\Windows\System\oMMJcUh.exe
  C:\Windows\System\oMMJcUh.exe
  2⤵
  PID:7216
- C:\Windows\System\udYSXqC.exe
  C:\Windows\System\udYSXqC.exe
  2⤵
  PID:7232
- C:\Windows\System\WauqtVR.exe
  C:\Windows\System\WauqtVR.exe
  2⤵
  PID:7248
- C:\Windows\System\SrOhrLh.exe
  C:\Windows\System\SrOhrLh.exe
  2⤵
  PID:7264
- C:\Windows\System\gmopVfk.exe
  C:\Windows\System\gmopVfk.exe
  2⤵
  PID:7280
- C:\Windows\System\wYZhkyu.exe
  C:\Windows\System\wYZhkyu.exe
  2⤵
  PID:7296
- C:\Windows\System\yCYdURa.exe
  C:\Windows\System\yCYdURa.exe
  2⤵
  PID:7312
- C:\Windows\System\gJjTsVk.exe
  C:\Windows\System\gJjTsVk.exe
  2⤵
  PID:7328
- C:\Windows\System\WDRnwyX.exe
  C:\Windows\System\WDRnwyX.exe
  2⤵
  PID:7344
- C:\Windows\System\TCMhjLn.exe
  C:\Windows\System\TCMhjLn.exe
  2⤵
  PID:7360
- C:\Windows\System\rBkBFCr.exe
  C:\Windows\System\rBkBFCr.exe
  2⤵
  PID:7376
- C:\Windows\System\GRdAzqf.exe
  C:\Windows\System\GRdAzqf.exe
  2⤵
  PID:7392
- C:\Windows\System\NoDNBZb.exe
  C:\Windows\System\NoDNBZb.exe
  2⤵
  PID:7408
- C:\Windows\System\TXdBHuo.exe
  C:\Windows\System\TXdBHuo.exe
  2⤵
  PID:7424
- C:\Windows\System\VIIaVup.exe
  C:\Windows\System\VIIaVup.exe
  2⤵
  PID:7440
- C:\Windows\System\lbTIgpi.exe
  C:\Windows\System\lbTIgpi.exe
  2⤵
  PID:7456
- C:\Windows\System\CVWVHIh.exe
  C:\Windows\System\CVWVHIh.exe
  2⤵
  PID:7472
- C:\Windows\System\SEJaVFj.exe
  C:\Windows\System\SEJaVFj.exe
  2⤵
  PID:7488
- C:\Windows\System\rbghdCd.exe
  C:\Windows\System\rbghdCd.exe
  2⤵
  PID:7504
- C:\Windows\System\wccbTLS.exe
  C:\Windows\System\wccbTLS.exe
  2⤵
  PID:7520
- C:\Windows\System\qgFUuJT.exe
  C:\Windows\System\qgFUuJT.exe
  2⤵
  PID:7536
- C:\Windows\System\tohTPfq.exe
  C:\Windows\System\tohTPfq.exe
  2⤵
  PID:7552
- C:\Windows\System\ECfdNOu.exe
  C:\Windows\System\ECfdNOu.exe
  2⤵
  PID:7568
- C:\Windows\System\cpJnWna.exe
  C:\Windows\System\cpJnWna.exe
  2⤵
  PID:7584
- C:\Windows\System\NBPYqcJ.exe
  C:\Windows\System\NBPYqcJ.exe
  2⤵
  PID:7600
- C:\Windows\System\CNzXzDO.exe
  C:\Windows\System\CNzXzDO.exe
  2⤵
  PID:7616
- C:\Windows\System\MbVZoDu.exe
  C:\Windows\System\MbVZoDu.exe
  2⤵
  PID:7632
- C:\Windows\System\OmTxPtg.exe
  C:\Windows\System\OmTxPtg.exe
  2⤵
  PID:7648
- C:\Windows\System\XDCErAq.exe
  C:\Windows\System\XDCErAq.exe
  2⤵
  PID:7664
- C:\Windows\System\sgUUtsS.exe
  C:\Windows\System\sgUUtsS.exe
  2⤵
  PID:7680
- C:\Windows\System\xASNtCg.exe
  C:\Windows\System\xASNtCg.exe
  2⤵
  PID:7696
- C:\Windows\System\QOxrtXJ.exe
  C:\Windows\System\QOxrtXJ.exe
  2⤵
  PID:7712
- C:\Windows\System\XOaCIXR.exe
  C:\Windows\System\XOaCIXR.exe
  2⤵
  PID:7728
- C:\Windows\System\tXIojkA.exe
  C:\Windows\System\tXIojkA.exe
  2⤵
  PID:7744
- C:\Windows\System\PfqjBdY.exe
  C:\Windows\System\PfqjBdY.exe
  2⤵
  PID:7760
- C:\Windows\System\FlFEVhC.exe
  C:\Windows\System\FlFEVhC.exe
  2⤵
  PID:7776
- C:\Windows\System\fKmwmgA.exe
  C:\Windows\System\fKmwmgA.exe
  2⤵
  PID:7792
- C:\Windows\System\lJKFAcw.exe
  C:\Windows\System\lJKFAcw.exe
  2⤵
  PID:7808
- C:\Windows\System\gwVNvZP.exe
  C:\Windows\System\gwVNvZP.exe
  2⤵
  PID:7824
- C:\Windows\System\copBegF.exe
  C:\Windows\System\copBegF.exe
  2⤵
  PID:7840
- C:\Windows\System\WeffNna.exe
  C:\Windows\System\WeffNna.exe
  2⤵
  PID:7860
- C:\Windows\System\vVVDftT.exe
  C:\Windows\System\vVVDftT.exe
  2⤵
  PID:7876
- C:\Windows\System\gDMoQim.exe
  C:\Windows\System\gDMoQim.exe
  2⤵
  PID:7892
- C:\Windows\System\xZKahOi.exe
  C:\Windows\System\xZKahOi.exe
  2⤵
  PID:7908
- C:\Windows\System\jPCdMMk.exe
  C:\Windows\System\jPCdMMk.exe
  2⤵
  PID:7924
- C:\Windows\System\iuDVxiw.exe
  C:\Windows\System\iuDVxiw.exe
  2⤵
  PID:7940
- C:\Windows\System\WNlRoxu.exe
  C:\Windows\System\WNlRoxu.exe
  2⤵
  PID:7956
- C:\Windows\System\BKlNRmE.exe
  C:\Windows\System\BKlNRmE.exe
  2⤵
  PID:8000
- C:\Windows\System\DVfijbD.exe
  C:\Windows\System\DVfijbD.exe
  2⤵
  PID:8016
- C:\Windows\System\DUWmmNL.exe
  C:\Windows\System\DUWmmNL.exe
  2⤵
  PID:8032
- C:\Windows\System\RxcsQhc.exe
  C:\Windows\System\RxcsQhc.exe
  2⤵
  PID:8048
- C:\Windows\System\gcgWfcB.exe
  C:\Windows\System\gcgWfcB.exe
  2⤵
  PID:8064
- C:\Windows\System\tLkPrux.exe
  C:\Windows\System\tLkPrux.exe
  2⤵
  PID:8080
- C:\Windows\System\eurGSOF.exe
  C:\Windows\System\eurGSOF.exe
  2⤵
  PID:8096
- C:\Windows\System\jRZdwwK.exe
  C:\Windows\System\jRZdwwK.exe
  2⤵
  PID:8112
- C:\Windows\System\OwtxuPu.exe
  C:\Windows\System\OwtxuPu.exe
  2⤵
  PID:8128
- C:\Windows\System\xPnhnxN.exe
  C:\Windows\System\xPnhnxN.exe
  2⤵
  PID:8144
- C:\Windows\System\LGIrzvC.exe
  C:\Windows\System\LGIrzvC.exe
  2⤵
  PID:8168
- C:\Windows\System\vuOMoxe.exe
  C:\Windows\System\vuOMoxe.exe
  2⤵
  PID:8184
- C:\Windows\System\fwDnhtx.exe
  C:\Windows\System\fwDnhtx.exe
  2⤵
  PID:6168
- C:\Windows\System\JVXCHSp.exe
  C:\Windows\System\JVXCHSp.exe
  2⤵
  PID:7228
- C:\Windows\System\xzwGPEJ.exe
  C:\Windows\System\xzwGPEJ.exe
  2⤵
  PID:7256
- C:\Windows\System\jbYtDfB.exe
  C:\Windows\System\jbYtDfB.exe
  2⤵
  PID:7288
- C:\Windows\System\aqEebvN.exe
  C:\Windows\System\aqEebvN.exe
  2⤵
  PID:7292
- C:\Windows\System\zFHAlhM.exe
  C:\Windows\System\zFHAlhM.exe
  2⤵
  PID:7276
- C:\Windows\System\qNzNSDj.exe
  C:\Windows\System\qNzNSDj.exe
  2⤵
  PID:7340
- C:\Windows\System\dqgwetF.exe
  C:\Windows\System\dqgwetF.exe
  2⤵
  PID:7372
- C:\Windows\System\VzhmPJZ.exe
  C:\Windows\System\VzhmPJZ.exe
  2⤵
  PID:7356
- C:\Windows\System\RWDIpnA.exe
  C:\Windows\System\RWDIpnA.exe
  2⤵
  PID:7432
- C:\Windows\System\RJLbzmS.exe
  C:\Windows\System\RJLbzmS.exe
  2⤵
  PID:7464
- C:\Windows\System\nnkvAvU.exe
  C:\Windows\System\nnkvAvU.exe
  2⤵
  PID:7528
- C:\Windows\System\UBlCKwN.exe
  C:\Windows\System\UBlCKwN.exe
  2⤵
  PID:7480
- C:\Windows\System\nfVdSUE.exe
  C:\Windows\System\nfVdSUE.exe
  2⤵
  PID:7544
- C:\Windows\System\xFuZbBI.exe
  C:\Windows\System\xFuZbBI.exe
  2⤵
  PID:7592
- C:\Windows\System\ESFHLSe.exe
  C:\Windows\System\ESFHLSe.exe
  2⤵
  PID:7656
- C:\Windows\System\DsRbPrR.exe
  C:\Windows\System\DsRbPrR.exe
  2⤵
  PID:7724
- C:\Windows\System\twifnmG.exe
  C:\Windows\System\twifnmG.exe
  2⤵
  PID:7816
- C:\Windows\System\IxaUBQT.exe
  C:\Windows\System\IxaUBQT.exe
  2⤵
  PID:7856
- C:\Windows\System\nWfAsdY.exe
  C:\Windows\System\nWfAsdY.exe
  2⤵
  PID:7920
- C:\Windows\System\kaoYbkQ.exe
  C:\Windows\System\kaoYbkQ.exe
  2⤵
  PID:7672
- C:\Windows\System\HQxuyaD.exe
  C:\Windows\System\HQxuyaD.exe
  2⤵
  PID:8012
- C:\Windows\System\wdEyjlM.exe
  C:\Windows\System\wdEyjlM.exe
  2⤵
  PID:8076
- C:\Windows\System\WIXgrvX.exe
  C:\Windows\System\WIXgrvX.exe
  2⤵
  PID:8140
- C:\Windows\System\PLsKiaA.exe
  C:\Windows\System\PLsKiaA.exe
  2⤵
  PID:7676
- C:\Windows\System\sEVQekg.exe
  C:\Windows\System\sEVQekg.exe
  2⤵
  PID:7768
- C:\Windows\System\pAYZmAD.exe
  C:\Windows\System\pAYZmAD.exe
  2⤵
  PID:7832
- C:\Windows\System\pbrnCOO.exe
  C:\Windows\System\pbrnCOO.exe
  2⤵
  PID:7900
- C:\Windows\System\rewPYuF.exe
  C:\Windows\System\rewPYuF.exe
  2⤵
  PID:7964
- C:\Windows\System\pJQOUvC.exe
  C:\Windows\System\pJQOUvC.exe
  2⤵
  PID:7984
- C:\Windows\System\kKmdUER.exe
  C:\Windows\System\kKmdUER.exe
  2⤵
  PID:8152
- C:\Windows\System\flCvJpB.exe
  C:\Windows\System\flCvJpB.exe
  2⤵
  PID:6316
- C:\Windows\System\xfOSZnh.exe
  C:\Windows\System\xfOSZnh.exe
  2⤵
  PID:7176
- C:\Windows\System\cBCUhyL.exe
  C:\Windows\System\cBCUhyL.exe
  2⤵
  PID:7992
- C:\Windows\System\fzoZsxM.exe
  C:\Windows\System\fzoZsxM.exe
  2⤵
  PID:8060
- C:\Windows\System\bQeGQlP.exe
  C:\Windows\System\bQeGQlP.exe
  2⤵
  PID:8156
- C:\Windows\System\JFWHfAL.exe
  C:\Windows\System\JFWHfAL.exe
  2⤵
  PID:6900
- C:\Windows\System\ooazwaG.exe
  C:\Windows\System\ooazwaG.exe
  2⤵
  PID:7212
- C:\Windows\System\YGIOboV.exe
  C:\Windows\System\YGIOboV.exe
  2⤵
  PID:7352
- C:\Windows\System\nnYupvp.exe
  C:\Windows\System\nnYupvp.exe
  2⤵
  PID:7452
- C:\Windows\System\BdTIhbb.exe
  C:\Windows\System\BdTIhbb.exe
  2⤵
  PID:7564
- C:\Windows\System\yqxskRA.exe
  C:\Windows\System\yqxskRA.exe
  2⤵
  PID:7624
- C:\Windows\System\UEwgaBt.exe
  C:\Windows\System\UEwgaBt.exe
  2⤵
  PID:7788
- C:\Windows\System\LXRpiwn.exe
  C:\Windows\System\LXRpiwn.exe
  2⤵
  PID:8008
- C:\Windows\System\hUnsiQc.exe
  C:\Windows\System\hUnsiQc.exe
  2⤵
  PID:8136
- C:\Windows\System\PCPhtFa.exe
  C:\Windows\System\PCPhtFa.exe
  2⤵
  PID:7952
- C:\Windows\System\fBHsCvl.exe
  C:\Windows\System\fBHsCvl.exe
  2⤵
  PID:7872
- C:\Windows\System\UjPkGBH.exe
  C:\Windows\System\UjPkGBH.exe
  2⤵
  PID:7612
- C:\Windows\System\FJfjUNw.exe
  C:\Windows\System\FJfjUNw.exe
  2⤵
  PID:7804
- C:\Windows\System\vtuWVYO.exe
  C:\Windows\System\vtuWVYO.exe
  2⤵
  PID:8024
- C:\Windows\System\HAXgNgX.exe
  C:\Windows\System\HAXgNgX.exe
  2⤵
  PID:7224
- C:\Windows\System\tdXTZTs.exe
  C:\Windows\System\tdXTZTs.exe
  2⤵
  PID:7448
- C:\Windows\System\rHsUBwZ.exe
  C:\Windows\System\rHsUBwZ.exe
  2⤵
  PID:7916
- C:\Windows\System\GJLlGWg.exe
  C:\Windows\System\GJLlGWg.exe
  2⤵
  PID:8072
- C:\Windows\System\tzKsVYn.exe
  C:\Windows\System\tzKsVYn.exe
  2⤵
  PID:8164
- C:\Windows\System\dnHgEXe.exe
  C:\Windows\System\dnHgEXe.exe
  2⤵
  PID:6896
- C:\Windows\System\MjTlXze.exe
  C:\Windows\System\MjTlXze.exe
  2⤵
  PID:7784
- C:\Windows\System\zcUEqeH.exe
  C:\Windows\System\zcUEqeH.exe
  2⤵
  PID:8028
- C:\Windows\System\uMzFgNM.exe
  C:\Windows\System\uMzFgNM.exe
  2⤵
  PID:7192
- C:\Windows\System\jTuIrFg.exe
  C:\Windows\System\jTuIrFg.exe
  2⤵
  PID:8120
- C:\Windows\System\HNTliXm.exe
  C:\Windows\System\HNTliXm.exe
  2⤵
  PID:7948
- C:\Windows\System\GFHOqEy.exe
  C:\Windows\System\GFHOqEy.exe
  2⤵
  PID:7420
- C:\Windows\System\unjtqNC.exe
  C:\Windows\System\unjtqNC.exe
  2⤵
  PID:7740
- C:\Windows\System\xWIgBbw.exe
  C:\Windows\System\xWIgBbw.exe
  2⤵
  PID:7500
- C:\Windows\System\NaYuDgv.exe
  C:\Windows\System\NaYuDgv.exe
  2⤵
  PID:8208
- C:\Windows\System\BBVFiPl.exe
  C:\Windows\System\BBVFiPl.exe
  2⤵
  PID:8224
- C:\Windows\System\YlDGUJT.exe
  C:\Windows\System\YlDGUJT.exe
  2⤵
  PID:8240
- C:\Windows\System\FCPCknt.exe
  C:\Windows\System\FCPCknt.exe
  2⤵
  PID:8256
- C:\Windows\System\ObLYRPq.exe
  C:\Windows\System\ObLYRPq.exe
  2⤵
  PID:8272
- C:\Windows\System\CYgydrK.exe
  C:\Windows\System\CYgydrK.exe
  2⤵
  PID:8288
- C:\Windows\System\UbRCuDK.exe
  C:\Windows\System\UbRCuDK.exe
  2⤵
  PID:8304
- C:\Windows\System\qDOecwL.exe
  C:\Windows\System\qDOecwL.exe
  2⤵
  PID:8320
- C:\Windows\System\ByDCMzC.exe
  C:\Windows\System\ByDCMzC.exe
  2⤵
  PID:8336
- C:\Windows\System\dymcOhx.exe
  C:\Windows\System\dymcOhx.exe
  2⤵
  PID:8352
- C:\Windows\System\alysoNV.exe
  C:\Windows\System\alysoNV.exe
  2⤵
  PID:8368
- C:\Windows\System\RmJQucO.exe
  C:\Windows\System\RmJQucO.exe
  2⤵
  PID:8384
- C:\Windows\System\TNOVIJN.exe
  C:\Windows\System\TNOVIJN.exe
  2⤵
  PID:8400
- C:\Windows\System\FWcrbeb.exe
  C:\Windows\System\FWcrbeb.exe
  2⤵
  PID:8416
- C:\Windows\System\rVwntET.exe
  C:\Windows\System\rVwntET.exe
  2⤵
  PID:8432
- C:\Windows\System\Doimtwq.exe
  C:\Windows\System\Doimtwq.exe
  2⤵
  PID:8448
- C:\Windows\System\RlOWNdF.exe
  C:\Windows\System\RlOWNdF.exe
  2⤵
  PID:8464
- C:\Windows\System\MIYmoKf.exe
  C:\Windows\System\MIYmoKf.exe
  2⤵
  PID:8488
- C:\Windows\System\bCtLxSu.exe
  C:\Windows\System\bCtLxSu.exe
  2⤵
  PID:8672
- C:\Windows\System\GJoGiIC.exe
  C:\Windows\System\GJoGiIC.exe
  2⤵
  PID:8688
- C:\Windows\System\VpFYCwr.exe
  C:\Windows\System\VpFYCwr.exe
  2⤵
  PID:8704
- C:\Windows\System\kMheRvB.exe
  C:\Windows\System\kMheRvB.exe
  2⤵
  PID:8744
- C:\Windows\System\BmeHfrc.exe
  C:\Windows\System\BmeHfrc.exe
  2⤵
  PID:8760
- C:\Windows\System\HJeQNVy.exe
  C:\Windows\System\HJeQNVy.exe
  2⤵
  PID:8776
- C:\Windows\System\aUFBAYo.exe
  C:\Windows\System\aUFBAYo.exe
  2⤵
  PID:8792
- C:\Windows\System\zVFiXFb.exe
  C:\Windows\System\zVFiXFb.exe
  2⤵
  PID:8808
- C:\Windows\System\jzpCYyI.exe
  C:\Windows\System\jzpCYyI.exe
  2⤵
  PID:8824
- C:\Windows\System\zhmIFhi.exe
  C:\Windows\System\zhmIFhi.exe
  2⤵
  PID:8840
- C:\Windows\System\BsSsauW.exe
  C:\Windows\System\BsSsauW.exe
  2⤵
  PID:8856
- C:\Windows\System\imbDEer.exe
  C:\Windows\System\imbDEer.exe
  2⤵
  PID:8872
- C:\Windows\System\NKZLCHh.exe
  C:\Windows\System\NKZLCHh.exe
  2⤵
  PID:8888
- C:\Windows\System\xnSyyeC.exe
  C:\Windows\System\xnSyyeC.exe
  2⤵
  PID:8904
- C:\Windows\System\qZbHGIZ.exe
  C:\Windows\System\qZbHGIZ.exe
  2⤵
  PID:8920
- C:\Windows\System\fDWlQZO.exe
  C:\Windows\System\fDWlQZO.exe
  2⤵
  PID:8936
- C:\Windows\System\DVdJGSS.exe
  C:\Windows\System\DVdJGSS.exe
  2⤵
  PID:8952
- C:\Windows\System\FlzjqtW.exe
  C:\Windows\System\FlzjqtW.exe
  2⤵
  PID:8968
- C:\Windows\System\VUXsKwT.exe
  C:\Windows\System\VUXsKwT.exe
  2⤵
  PID:8984
- C:\Windows\System\tIEjbyK.exe
  C:\Windows\System\tIEjbyK.exe
  2⤵
  PID:9000
- C:\Windows\System\JahZjHi.exe
  C:\Windows\System\JahZjHi.exe
  2⤵
  PID:9016
- C:\Windows\System\eMWdZrv.exe
  C:\Windows\System\eMWdZrv.exe
  2⤵
  PID:9032
- C:\Windows\System\WLPscFW.exe
  C:\Windows\System\WLPscFW.exe
  2⤵
  PID:9048
- C:\Windows\System\jqXhsfa.exe
  C:\Windows\System\jqXhsfa.exe
  2⤵
  PID:9064
- C:\Windows\System\fkBDKXu.exe
  C:\Windows\System\fkBDKXu.exe
  2⤵
  PID:9080
- C:\Windows\System\PnHMkEn.exe
  C:\Windows\System\PnHMkEn.exe
  2⤵
  PID:9096
- C:\Windows\System\NcQtnSs.exe
  C:\Windows\System\NcQtnSs.exe
  2⤵
  PID:9112
- C:\Windows\System\dUgjbbp.exe
  C:\Windows\System\dUgjbbp.exe
  2⤵
  PID:9128
- C:\Windows\System\lhZOKEx.exe
  C:\Windows\System\lhZOKEx.exe
  2⤵
  PID:9148
- C:\Windows\System\XHxNcKL.exe
  C:\Windows\System\XHxNcKL.exe
  2⤵
  PID:9164
- C:\Windows\System\pcaHxVP.exe
  C:\Windows\System\pcaHxVP.exe
  2⤵
  PID:9180
- C:\Windows\System\BYCTDbx.exe
  C:\Windows\System\BYCTDbx.exe
  2⤵
  PID:9196
- C:\Windows\System\OMVLCCe.exe
  C:\Windows\System\OMVLCCe.exe
  2⤵
  PID:9212
- C:\Windows\System\wEOooWm.exe
  C:\Windows\System\wEOooWm.exe
  2⤵
  PID:7512
- C:\Windows\System\gQLPkMn.exe
  C:\Windows\System\gQLPkMn.exe
  2⤵
  PID:8204
- C:\Windows\System\xKwWPhw.exe
  C:\Windows\System\xKwWPhw.exe
  2⤵
  PID:7404
- C:\Windows\System\RviTQBN.exe
  C:\Windows\System\RviTQBN.exe
  2⤵
  PID:8220
- C:\Windows\System\PkZUwmm.exe
  C:\Windows\System\PkZUwmm.exe
  2⤵
  PID:8252
- C:\Windows\System\rDPrOSb.exe
  C:\Windows\System\rDPrOSb.exe
  2⤵
  PID:8316
- C:\Windows\System\IFEKGgm.exe
  C:\Windows\System\IFEKGgm.exe
  2⤵
  PID:8380
- C:\Windows\System\qIVkelT.exe
  C:\Windows\System\qIVkelT.exe
  2⤵
  PID:8444
- C:\Windows\System\nqSvuDy.exe
  C:\Windows\System\nqSvuDy.exe
  2⤵
  PID:8300
- C:\Windows\System\eCtvuAP.exe
  C:\Windows\System\eCtvuAP.exe
  2⤵
  PID:8364
- C:\Windows\System\TugfTDK.exe
  C:\Windows\System\TugfTDK.exe
  2⤵
  PID:8428
- C:\Windows\System\ogRouJD.exe
  C:\Windows\System\ogRouJD.exe
  2⤵
  PID:7720
- C:\Windows\System\DabaSyQ.exe
  C:\Windows\System\DabaSyQ.exe
  2⤵
  PID:8500
- C:\Windows\System\UylAPsa.exe
  C:\Windows\System\UylAPsa.exe
  2⤵
  PID:8516
- C:\Windows\System\DFCJFqf.exe
  C:\Windows\System\DFCJFqf.exe
  2⤵
  PID:8532
- C:\Windows\System\rSrNLXZ.exe
  C:\Windows\System\rSrNLXZ.exe
  2⤵
  PID:8476
- C:\Windows\System\gTXqyvT.exe
  C:\Windows\System\gTXqyvT.exe
  2⤵
  PID:8560
- C:\Windows\System\akaYYpQ.exe
  C:\Windows\System\akaYYpQ.exe
  2⤵
  PID:8576
- C:\Windows\System\OZCUDYs.exe
  C:\Windows\System\OZCUDYs.exe
  2⤵
  PID:8592
- C:\Windows\System\dAnUzMy.exe
  C:\Windows\System\dAnUzMy.exe
  2⤵
  PID:8604
- C:\Windows\System\SfAaTuy.exe
  C:\Windows\System\SfAaTuy.exe
  2⤵
  PID:8616
- C:\Windows\System\OPxdZVJ.exe
  C:\Windows\System\OPxdZVJ.exe
  2⤵
  PID:8632
- C:\Windows\System\IGcKcRw.exe
  C:\Windows\System\IGcKcRw.exe
  2⤵
  PID:8656
- C:\Windows\System\IaDxQBj.exe
  C:\Windows\System\IaDxQBj.exe
  2⤵
  PID:8668
- C:\Windows\System\nQERHez.exe
  C:\Windows\System\nQERHez.exe
  2⤵
  PID:8728
- C:\Windows\System\MhDCHIx.exe
  C:\Windows\System\MhDCHIx.exe
  2⤵
  PID:8720
- C:\Windows\System\EbToeIf.exe
  C:\Windows\System\EbToeIf.exe
  2⤵
  PID:8772
- C:\Windows\System\LJWpHiL.exe
  C:\Windows\System\LJWpHiL.exe
  2⤵
  PID:8836
- C:\Windows\System\yOueAkZ.exe
  C:\Windows\System\yOueAkZ.exe
  2⤵
  PID:8900
- C:\Windows\System\YFabxya.exe
  C:\Windows\System\YFabxya.exe
  2⤵
  PID:8964
- C:\Windows\System\BcpKzTN.exe
  C:\Windows\System\BcpKzTN.exe
  2⤵
  PID:9024
- C:\Windows\System\ZtmKYIs.exe
  C:\Windows\System\ZtmKYIs.exe
  2⤵
  PID:9088
- C:\Windows\System\SCTKXjU.exe
  C:\Windows\System\SCTKXjU.exe
  2⤵
  PID:9156
- C:\Windows\System\CYWWLPM.exe
  C:\Windows\System\CYWWLPM.exe
  2⤵
  PID:9192
- C:\Windows\System\urbNOVz.exe
  C:\Windows\System\urbNOVz.exe
  2⤵
  PID:7496
- C:\Windows\System\JQEJqzR.exe
  C:\Windows\System\JQEJqzR.exe
  2⤵
  PID:8376
- C:\Windows\System\THNxTKS.exe
  C:\Windows\System\THNxTKS.exe
  2⤵
  PID:8820
- C:\Windows\System\mwVzwfZ.exe
  C:\Windows\System\mwVzwfZ.exe
  2⤵
  PID:9136
- C:\Windows\System\iOUtVgP.exe
  C:\Windows\System\iOUtVgP.exe
  2⤵
  PID:8788
- C:\Windows\System\NUjbRbJ.exe
  C:\Windows\System\NUjbRbJ.exe
  2⤵
  PID:8880
- C:\Windows\System\aWKJOJe.exe
  C:\Windows\System\aWKJOJe.exe
  2⤵
  PID:8944
- C:\Windows\System\qNQuJEo.exe
  C:\Windows\System\qNQuJEo.exe
  2⤵
  PID:9012
- C:\Windows\System\sJPmrWr.exe
  C:\Windows\System\sJPmrWr.exe
  2⤵
  PID:9108
- C:\Windows\System\IbwDIYj.exe
  C:\Windows\System\IbwDIYj.exe
  2⤵
  PID:9208
- C:\Windows\System\uxKKMsR.exe
  C:\Windows\System\uxKKMsR.exe
  2⤵
  PID:8216
- C:\Windows\System\vmqGpGS.exe
  C:\Windows\System\vmqGpGS.exe
  2⤵
  PID:8440
- C:\Windows\System\VeJTsnr.exe
  C:\Windows\System\VeJTsnr.exe
  2⤵
  PID:8472
- C:\Windows\System\rkoQHQP.exe
  C:\Windows\System\rkoQHQP.exe
  2⤵
  PID:8528
- C:\Windows\System\sZWSyxd.exe
  C:\Windows\System\sZWSyxd.exe
  2⤵
  PID:8584
- C:\Windows\System\ofYCllw.exe
  C:\Windows\System\ofYCllw.exe
  2⤵
  PID:8648
- C:\Windows\System\zvnWhmp.exe
  C:\Windows\System\zvnWhmp.exe
  2⤵
  PID:8716
- C:\Windows\System\yJQNgMp.exe
  C:\Windows\System\yJQNgMp.exe
  2⤵
  PID:8868
- C:\Windows\System\PonyCdn.exe
  C:\Windows\System\PonyCdn.exe
  2⤵
  PID:8624
- C:\Windows\System\DXVuGPS.exe
  C:\Windows\System\DXVuGPS.exe
  2⤵
  PID:8508
- C:\Windows\System\wutvvkK.exe
  C:\Windows\System\wutvvkK.exe
  2⤵
  PID:8572
- C:\Windows\System\AfCZCcG.exe
  C:\Windows\System\AfCZCcG.exe
  2⤵
  PID:8960
- C:\Windows\System\AVGWMLS.exe
  C:\Windows\System\AVGWMLS.exe
  2⤵
  PID:8832
- C:\Windows\System\LcMiIaF.exe
  C:\Windows\System\LcMiIaF.exe
  2⤵
  PID:8092
- C:\Windows\System\UsDbAaB.exe
  C:\Windows\System\UsDbAaB.exe
  2⤵
  PID:8980
- C:\Windows\System\ClfFaTm.exe
  C:\Windows\System\ClfFaTm.exe
  2⤵
  PID:9044
- C:\Windows\System\wLXMEpo.exe
  C:\Windows\System\wLXMEpo.exe
  2⤵
  PID:8756
- C:\Windows\System\uUuyNZh.exe
  C:\Windows\System\uUuyNZh.exe
  2⤵
  PID:8396
- C:\Windows\System\qyNyKXv.exe
  C:\Windows\System\qyNyKXv.exe
  2⤵
  PID:8200
- C:\Windows\System\xCMcbJQ.exe
  C:\Windows\System\xCMcbJQ.exe
  2⤵
  PID:8484
- C:\Windows\System\AsYQCZj.exe
  C:\Windows\System\AsYQCZj.exe
  2⤵
  PID:8996
- C:\Windows\System\vFFbdyC.exe
  C:\Windows\System\vFFbdyC.exe
  2⤵
  PID:8512
- C:\Windows\System\qGmPIFz.exe
  C:\Windows\System\qGmPIFz.exe
  2⤵
  PID:8424
- C:\Windows\System\YeKQEQV.exe
  C:\Windows\System\YeKQEQV.exe
  2⤵
  PID:9120
- C:\Windows\System\QJQSFQD.exe
  C:\Windows\System\QJQSFQD.exe
  2⤵
  PID:8804
- C:\Windows\System\QKNcAFn.exe
  C:\Windows\System\QKNcAFn.exe
  2⤵
  PID:9188
- C:\Windows\System\cyjKmBD.exe
  C:\Windows\System\cyjKmBD.exe
  2⤵
  PID:9060
- C:\Windows\System\ueMiuty.exe
  C:\Windows\System\ueMiuty.exe
  2⤵
  PID:8348
- C:\Windows\System\AYDFmkX.exe
  C:\Windows\System\AYDFmkX.exe
  2⤵
  PID:8360
- C:\Windows\System\IjKKQDi.exe
  C:\Windows\System\IjKKQDi.exe
  2⤵
  PID:8412
- C:\Windows\System\FcHOceP.exe
  C:\Windows\System\FcHOceP.exe
  2⤵
  PID:8932
- C:\Windows\System\lxwUnUV.exe
  C:\Windows\System\lxwUnUV.exe
  2⤵
  PID:8740
- C:\Windows\System\XPhVVQN.exe
  C:\Windows\System\XPhVVQN.exe
  2⤵
  PID:9228
- C:\Windows\System\rYlBhYo.exe
  C:\Windows\System\rYlBhYo.exe
  2⤵
  PID:9244
- C:\Windows\System\RqzVhnG.exe
  C:\Windows\System\RqzVhnG.exe
  2⤵
  PID:9260
- C:\Windows\System\AQQEJQG.exe
  C:\Windows\System\AQQEJQG.exe
  2⤵
  PID:9276
- C:\Windows\System\btRRQPe.exe
  C:\Windows\System\btRRQPe.exe
  2⤵
  PID:9292
- C:\Windows\System\sVsQgqo.exe
  C:\Windows\System\sVsQgqo.exe
  2⤵
  PID:9308
- C:\Windows\System\qJiwomp.exe
  C:\Windows\System\qJiwomp.exe
  2⤵
  PID:9324
- C:\Windows\System\sptOwQg.exe
  C:\Windows\System\sptOwQg.exe
  2⤵
  PID:9340
- C:\Windows\System\NvpsWdH.exe
  C:\Windows\System\NvpsWdH.exe
  2⤵
  PID:9356
- C:\Windows\System\sqWrgTY.exe
  C:\Windows\System\sqWrgTY.exe
  2⤵
  PID:9372
- C:\Windows\System\OiiheTB.exe
  C:\Windows\System\OiiheTB.exe
  2⤵
  PID:9388
- C:\Windows\System\HSSZbFu.exe
  C:\Windows\System\HSSZbFu.exe
  2⤵
  PID:9404
- C:\Windows\System\GrYsHQk.exe
  C:\Windows\System\GrYsHQk.exe
  2⤵
  PID:9420
- C:\Windows\System\PKsIiZM.exe
  C:\Windows\System\PKsIiZM.exe
  2⤵
  PID:9436
- C:\Windows\System\buhsgPu.exe
  C:\Windows\System\buhsgPu.exe
  2⤵
  PID:9456
- C:\Windows\System\pdHRNad.exe
  C:\Windows\System\pdHRNad.exe
  2⤵
  PID:9472
- C:\Windows\System\KVaTXyI.exe
  C:\Windows\System\KVaTXyI.exe
  2⤵
  PID:9488
- C:\Windows\System\DGHAJMq.exe
  C:\Windows\System\DGHAJMq.exe
  2⤵
  PID:9504
- C:\Windows\System\dBKLmLF.exe
  C:\Windows\System\dBKLmLF.exe
  2⤵
  PID:9520
- C:\Windows\System\BTgLSLu.exe
  C:\Windows\System\BTgLSLu.exe
  2⤵
  PID:9536
- C:\Windows\System\GNrmqmN.exe
  C:\Windows\System\GNrmqmN.exe
  2⤵
  PID:9552
- C:\Windows\System\QDytHAS.exe
  C:\Windows\System\QDytHAS.exe
  2⤵
  PID:9568
- C:\Windows\System\kkmotjs.exe
  C:\Windows\System\kkmotjs.exe
  2⤵
  PID:9584
- C:\Windows\System\bJhkTNj.exe
  C:\Windows\System\bJhkTNj.exe
  2⤵
  PID:9600
- C:\Windows\System\VMDgDxF.exe
  C:\Windows\System\VMDgDxF.exe
  2⤵
  PID:9616
- C:\Windows\System\TJaAzSl.exe
  C:\Windows\System\TJaAzSl.exe
  2⤵
  PID:9632
- C:\Windows\System\jAnFbud.exe
  C:\Windows\System\jAnFbud.exe
  2⤵
  PID:9648
- C:\Windows\System\IvfOkFp.exe
  C:\Windows\System\IvfOkFp.exe
  2⤵
  PID:9664
- C:\Windows\System\ZlEcGxp.exe
  C:\Windows\System\ZlEcGxp.exe
  2⤵
  PID:9680
- C:\Windows\System\duttFJs.exe
  C:\Windows\System\duttFJs.exe
  2⤵
  PID:9696
- C:\Windows\System\eLxJhdM.exe
  C:\Windows\System\eLxJhdM.exe
  2⤵
  PID:9712
- C:\Windows\System\bwCkPsm.exe
  C:\Windows\System\bwCkPsm.exe
  2⤵
  PID:9728
- C:\Windows\System\yTmnPZJ.exe
  C:\Windows\System\yTmnPZJ.exe
  2⤵
  PID:9744
- C:\Windows\System\sxCpjgB.exe
  C:\Windows\System\sxCpjgB.exe
  2⤵
  PID:9760
- C:\Windows\System\Kkkvcjx.exe
  C:\Windows\System\Kkkvcjx.exe
  2⤵
  PID:9776
- C:\Windows\System\jaIOCRA.exe
  C:\Windows\System\jaIOCRA.exe
  2⤵
  PID:9792
- C:\Windows\System\EXzJFNz.exe
  C:\Windows\System\EXzJFNz.exe
  2⤵
  PID:9808
- C:\Windows\System\CyARBJD.exe
  C:\Windows\System\CyARBJD.exe
  2⤵
  PID:9824
- C:\Windows\System\uzEIRVE.exe
  C:\Windows\System\uzEIRVE.exe
  2⤵
  PID:9840
- C:\Windows\System\EcAfCOa.exe
  C:\Windows\System\EcAfCOa.exe
  2⤵
  PID:9856
- C:\Windows\System\jtMIPVh.exe
  C:\Windows\System\jtMIPVh.exe
  2⤵
  PID:9872
- C:\Windows\System\RtkAHBp.exe
  C:\Windows\System\RtkAHBp.exe
  2⤵
  PID:9888
- C:\Windows\System\yzDjQDv.exe
  C:\Windows\System\yzDjQDv.exe
  2⤵
  PID:9904
- C:\Windows\System\RvKLEWa.exe
  C:\Windows\System\RvKLEWa.exe
  2⤵
  PID:9920
- C:\Windows\System\SmALjHN.exe
  C:\Windows\System\SmALjHN.exe
  2⤵
  PID:9936
- C:\Windows\System\ARZVGkx.exe
  C:\Windows\System\ARZVGkx.exe
  2⤵
  PID:9952
- C:\Windows\System\oSzrzIL.exe
  C:\Windows\System\oSzrzIL.exe
  2⤵
  PID:9968
- C:\Windows\System\adsxjYh.exe
  C:\Windows\System\adsxjYh.exe
  2⤵
  PID:9984
- C:\Windows\System\ULhPvzi.exe
  C:\Windows\System\ULhPvzi.exe
  2⤵
  PID:10000
- C:\Windows\System\ovgJodT.exe
  C:\Windows\System\ovgJodT.exe
  2⤵
  PID:10016
- C:\Windows\System\pdsNZOh.exe
  C:\Windows\System\pdsNZOh.exe
  2⤵
  PID:10032
- C:\Windows\System\ViBFyrm.exe
  C:\Windows\System\ViBFyrm.exe
  2⤵
  PID:10048
- C:\Windows\System\pGrYqEh.exe
  C:\Windows\System\pGrYqEh.exe
  2⤵
  PID:10064
- C:\Windows\System\taDIuCQ.exe
  C:\Windows\System\taDIuCQ.exe
  2⤵
  PID:10080
- C:\Windows\System\GtzTHVa.exe
  C:\Windows\System\GtzTHVa.exe
  2⤵
  PID:10096
- C:\Windows\System\tVtldyS.exe
  C:\Windows\System\tVtldyS.exe
  2⤵
  PID:10112
- C:\Windows\System\YzmFTYS.exe
  C:\Windows\System\YzmFTYS.exe
  2⤵
  PID:10128
- C:\Windows\System\dqdFQcT.exe
  C:\Windows\System\dqdFQcT.exe
  2⤵
  PID:10144
- C:\Windows\System\iHZyGsK.exe
  C:\Windows\System\iHZyGsK.exe
  2⤵
  PID:10160
- C:\Windows\System\zmhHEUE.exe
  C:\Windows\System\zmhHEUE.exe
  2⤵
  PID:10176
- C:\Windows\System\RsRyGOE.exe
  C:\Windows\System\RsRyGOE.exe
  2⤵
  PID:10192
- C:\Windows\System\BZAhuZz.exe
  C:\Windows\System\BZAhuZz.exe
  2⤵
  PID:10208
- C:\Windows\System\URohTqa.exe
  C:\Windows\System\URohTqa.exe
  2⤵
  PID:10224
- C:\Windows\System\BmKeUcW.exe
  C:\Windows\System\BmKeUcW.exe
  2⤵
  PID:9220
- C:\Windows\System\GLSpswg.exe
  C:\Windows\System\GLSpswg.exe
  2⤵
  PID:8568
- C:\Windows\System\zoSVqDy.exe
  C:\Windows\System\zoSVqDy.exe
  2⤵
  PID:8612
- C:\Windows\System\xWcbdOM.exe
  C:\Windows\System\xWcbdOM.exe
  2⤵
  PID:8544
- C:\Windows\System\NxQiKWG.exe
  C:\Windows\System\NxQiKWG.exe
  2⤵
  PID:9240
- C:\Windows\System\jeErMfE.exe
  C:\Windows\System\jeErMfE.exe
  2⤵
  PID:9272
- C:\Windows\System\ZamagRC.exe
  C:\Windows\System\ZamagRC.exe
  2⤵
  PID:9348
- C:\Windows\System\nqYwXsO.exe
  C:\Windows\System\nqYwXsO.exe
  2⤵
  PID:9412
- C:\Windows\System\uSyCiKE.exe
  C:\Windows\System\uSyCiKE.exe
  2⤵
  PID:9332
- C:\Windows\System\aYaKtSt.exe
  C:\Windows\System\aYaKtSt.exe
  2⤵
  PID:9480
- C:\Windows\System\WDkkahn.exe
  C:\Windows\System\WDkkahn.exe
  2⤵
  PID:9516
- C:\Windows\System\qLwFtTT.exe
  C:\Windows\System\qLwFtTT.exe
  2⤵
  PID:9364
- C:\Windows\System\yXyTQMI.exe
  C:\Windows\System\yXyTQMI.exe
  2⤵
  PID:9544
- C:\Windows\System\KVCTpqp.exe
  C:\Windows\System\KVCTpqp.exe
  2⤵
  PID:9608
- C:\Windows\System\mCoPCkI.exe
  C:\Windows\System\mCoPCkI.exe
  2⤵
  PID:9640
- C:\Windows\System\HToIFNx.exe
  C:\Windows\System\HToIFNx.exe
  2⤵
  PID:9560
- C:\Windows\System\aVkBMop.exe
  C:\Windows\System\aVkBMop.exe
  2⤵
  PID:9596
- C:\Windows\System\yvlhzfq.exe
  C:\Windows\System\yvlhzfq.exe
  2⤵
  PID:9692
- C:\Windows\System\HqRMCCZ.exe
  C:\Windows\System\HqRMCCZ.exe
  2⤵
  PID:9704
- C:\Windows\System\IRXRRMT.exe
  C:\Windows\System\IRXRRMT.exe
  2⤵
  PID:9768
- C:\Windows\System\JezXyeU.exe
  C:\Windows\System\JezXyeU.exe
  2⤵
  PID:9772
- C:\Windows\System\jTdVDFC.exe
  C:\Windows\System\jTdVDFC.exe
  2⤵
  PID:9752
- C:\Windows\System\iKClRbq.exe
  C:\Windows\System\iKClRbq.exe
  2⤵
  PID:9788
- C:\Windows\System\MXXlAUV.exe
  C:\Windows\System\MXXlAUV.exe
  2⤵
  PID:9864
- C:\Windows\System\XiaYoGL.exe
  C:\Windows\System\XiaYoGL.exe
  2⤵
  PID:9932
- C:\Windows\System\aiEHaed.exe
  C:\Windows\System\aiEHaed.exe
  2⤵
  PID:9996
- C:\Windows\System\QtowgmR.exe
  C:\Windows\System\QtowgmR.exe
  2⤵
  PID:9880
- C:\Windows\System\TxJaaOZ.exe
  C:\Windows\System\TxJaaOZ.exe
  2⤵
  PID:9980
- C:\Windows\System\zJRNGTh.exe
  C:\Windows\System\zJRNGTh.exe
  2⤵
  PID:10060
- C:\Windows\System\pGrXBZj.exe
  C:\Windows\System\pGrXBZj.exe
  2⤵
  PID:10120
- C:\Windows\System\fYqyhYe.exe
  C:\Windows\System\fYqyhYe.exe
  2⤵
  PID:10008
- C:\Windows\System\pzgXlVD.exe
  C:\Windows\System\pzgXlVD.exe
  2⤵
  PID:10184
- C:\Windows\System\zeUKaFz.exe
  C:\Windows\System\zeUKaFz.exe
  2⤵
  PID:9252
- C:\Windows\System\oqxquMj.exe
  C:\Windows\System\oqxquMj.exe
  2⤵
  PID:10108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AgOBbNg.exe

Filesize
5.7MB

MD5
c178f6a330b2233fc012ab6c7f2badcb

SHA1
44fc493fe44f59fa33b8ade89cb224ba511c24a5

SHA256
f7f9ff828c4a1fb6a24b0146cba9ce8f5dd678f6ec3ef9191548b5e9c7514e60

SHA512
7bb4f1594ff2c523bd3cdc387790f8e5f874b454a6fa5070c7acb5d3b9166a78e9488d1615c60dd1ee110edbfb3b48ac6e9b753b459061f31a2b0e0ba4b88ae0

Download Submit
C:\Windows\system\BbEKVnY.exe

Filesize
5.7MB

MD5
13746b7a7e83fa421aef4aa21f06b024

SHA1
5b3cad62b6a6348752dd2f5b386f9f2246919599

SHA256
b3c27f056e614e836aae8c96a6807e43b0e35ce7221ed3dce8c1deb6c6376626

SHA512
e95da7a0c400cb4be6c74bc1fcc65ba946df980d58fbff986649b4018828bb880aab0329814c50430918a71ef9f1f78f697d9fb7dc1bdff7189b72f931955102

Download Submit
C:\Windows\system\EvknAUh.exe

Filesize
5.7MB

MD5
251f24bd529fdafbe6abcc949d75e666

SHA1
b6b21305ee398e4848233d81706bd65ae5d7b907

SHA256
0f94e4c12c689a0ecb9b76e7d51dd48cad410a4dbb27bfea27b69a69348a9aaf

SHA512
b967ea78b93217e1257a646b3ddc25405867683d7a878d08ef5ac32646d3004eb5e835554bbb63f394beb1a506ede7d1673a93e8b8f021fbdf7a876d40160da3

Download Submit
C:\Windows\system\EzinJDX.exe

Filesize
5.7MB

MD5
b9792a11d8722db08f07fd7912faf169

SHA1
779213d52cbd55115d23245922b059db33214b9d

SHA256
bf032e449bc50153ca91d44b07e7482a8c6a6727944c19e0a5fdbb2cf5395065

SHA512
39aab7cb6b116734d9814986b8f4348a547cd14dcc440edc296abf1202872baae48f411e5ab9df34e8f4cc390d6b831695683e1e24397161248694e05c299c1e

Download Submit
C:\Windows\system\FVkyadu.exe

Filesize
5.7MB

MD5
05ee2a637299f27843e21d2ca38b24f9

SHA1
2bca533cb8e55fbf3cc650643855ce7d95ca7efe

SHA256
bc75293c3912cbec6e83b7d17e41c851f86aad860071eec262b73cd92f288da2

SHA512
81103ca21c567295e117a1103deb636fc1229dd65de084a1f7beff9271f812a00dcd479a8e507328f41d03a1d0074026762f1f17cad502ba818135865a26e19c

Download Submit
C:\Windows\system\PSalPfC.exe

Filesize
5.7MB

MD5
9f972ed29cef2b278114856547f563f7

SHA1
a338ffc1d77eb5a812d8b36bb898868944cceebd

SHA256
13b1f9450b8a7b33c9af96f272b1e5b30115b88f2053823d0725461d831cda1d

SHA512
8364aed13fe1d562d73aa636878c06b76ebb6539c59343fdfbbecebbea416ebe32a0a250fdb74d2961f22c693d7c336655c22c1b483d3bbab1afe900326813f2

Download Submit
C:\Windows\system\QoxcEce.exe

Filesize
5.7MB

MD5
803fa54cb7844f6d6e6ebbadf6a70634

SHA1
10269dd5bd04d004c3e7625bc1d6009f229cb6a9

SHA256
f851a23b2f1a6ca7d8bcb2c7a7bbcdfeb255b4481c17f3520b1efe124624287b

SHA512
08e6f8622815e74f774314085eea47a61324433daf6be9d7bd53b244632b037547007ab87dcb6805b21978f509b4e4408401342c2f9bd30ee29f2ba1e08c92c4

Download Submit
C:\Windows\system\RcgUAyV.exe

Filesize
5.7MB

MD5
a7de574dd3006d2ddc6e83acc617d868

SHA1
9146d318419e5f67b1f93245b827519eb7895141

SHA256
ccfd375c8e1e8ef86f866b2956be33c799de98ad0d31bcfb718d7b3850d6d2fe

SHA512
bce6305489a112dcc74b1f84dfb3e9c09cff56bfdd936435f0cf92562fcce1d1f399f2684c126d372d8e1f9a723e5d128d3267173eaeea712aadb1114bd723e6

Download Submit
C:\Windows\system\RpjnJiD.exe

Filesize
5.7MB

MD5
acd4e3960c560cf510d96cc62c6625b6

SHA1
15c840226525cdb10502d71c4ba87647c821f92b

SHA256
d26c544189c269775d9ca9c220fff8b038b29f696006bbd6a11f14ac79227cd6

SHA512
b7a89cb14bc98f99e72ad3cfa8a43224de8047d2a1a9da7ea9281fb5ee8b0e4324d16f3c6dbd8f6f174da832a19d72b3b5fba7c97d9fc4ede3b889dfdea863aa

Download Submit
C:\Windows\system\UauVdSt.exe

Filesize
5.7MB

MD5
e6b9e9bf64287750e1e113b665bee214

SHA1
fc9ecae8c4651dfffa899a99f7022f3ff6979789

SHA256
3555a5452a68ab65e09f26daf4e80567fdd404c0a06f8013cd06cd5d2744ee9f

SHA512
7802f3e366b5700045731ba3456bd306d3148d865eea4356f5c7d3a95f709a5c6402080c37c52bd99efe1db68170053ff20c9b769b953c776e213a9b361056c8

Download Submit
C:\Windows\system\YERqWKw.exe

Filesize
5.7MB

MD5
94d659c8a165761acc683e965c876f72

SHA1
c3aa5638341edefa49a059f1074984c1ebf03ef8

SHA256
8dca2c0a21fb39718539f5fa20047f64f2d3033058b4d9cec5a959fd29ba34f8

SHA512
2afb0be7211414d9a8cf39b304604c436a14b9d72813988bf9898aa883dcbfcf631b6605bd524cbf361341046d8952b240555250412d1d512429bb93b149c5e6

Download Submit
C:\Windows\system\YsdVXkK.exe

Filesize
5.7MB

MD5
27d2a19c7b7e70e13a46327a50f4f07d

SHA1
5399fb071508294a50b2b5c95fcefa0974cd96c8

SHA256
bc62f7015da51d243ada1082cb4cee5eb42bd14f1e38766f4ae90dc5210d12ac

SHA512
d794c944be572a2fa78ddbcd65bf35e519153d35369ffea186ea00a45adf794b3f1b56510ff41dd745ac49020cc7598757c6cf734e8fe68e0b7541204e7e2930

Download Submit
C:\Windows\system\eXszuCW.exe

Filesize
5.7MB

MD5
48e3b4028177424edcd8af50af0e450d

SHA1
093ad05d6a3b8daaa8a9bf147c48977eb0322e3a

SHA256
1e6489d77f45d9d9d9d1169e6833db79f78f68d10719bfd9bc72c9577d32a6e3

SHA512
0821be8b61e7dd1397a9b937c82557e16577ac9b0eff48060d0d65c3ed0f95480473d0c10fc7d7f584a9a30ffd4c034086f96487deeb6f29d776044a03acea97

Download Submit
C:\Windows\system\fiPsYUH.exe

Filesize
5.7MB

MD5
c26550cce88819562864e2cd943fa521

SHA1
4dcb60669d2452c7f6d3f9f127ddc308ffa404d8

SHA256
55a9efc0a3aa6940f1849e0857b605926d58261cab8e118c597ee33a9469e9e9

SHA512
e1b3d4d98c2c69dc6ea7219177e3127faa198e4ce8623ffb6238529b69bbfb0a7e84592a87244de2fa9f6c225dc9111d795ee648062e34e95e2031b157cfb0b1

Download Submit
C:\Windows\system\gwoZLux.exe

Filesize
5.7MB

MD5
ebcb1d3798a2106cad7522fece4c2176

SHA1
53e83b819e96ce9f3ff639124e02aa62b1d37934

SHA256
1f874e4c24fab855a303c7cb005eeba9912370545250e9c5ef1add5e156761db

SHA512
f79c492027f8eeddebc69a292adfdb9a588e2e9d5bd40a73eeab30b5192a7b30b957117a03800519bb8d16a3f4528aba82a366c4f026dedf30b1c521d21eeaa4

Download Submit
C:\Windows\system\hvMlqOi.exe

Filesize
5.7MB

MD5
1687f8212f1fc4b5905f76d01fc3acd6

SHA1
e10f673b6a53550e5a84f48191342143d3be24ea

SHA256
14595e7407a3c30b664462d3990a0a0ac2865f9a1c927a5234d5050bfc61d3e7

SHA512
7ccf72b42812e31be9364aa44329c450d8cb7ca805aa1befd86876dd4f2d78504a6e1ec62cf78ee1321bf09dc93a0e961a87a5677b43f7bbc9a39c96d2b2fd49

Download Submit
C:\Windows\system\hyaFXIU.exe

Filesize
5.7MB

MD5
3a780304fb601f7f2b0bfc0a3fb168f2

SHA1
33f444133ef298e6fbde5e5fcb7aa39a5469e055

SHA256
9aa0b1109cb5a258a435dae594c10fa80805c2a67550e51c2147b005d246b003

SHA512
39598136457bd0fe64fb0d293399083cc95fb5a5f9b0f20dbe0e4236d73d91157c630dd229d65ed2276fc9c656f731e6f7a4b4ae2cd59dda9902fe8d1d9ad697

Download Submit
C:\Windows\system\iayBZyI.exe

Filesize
5.7MB

MD5
5ce61c81c94018b5955f89ded7eed1da

SHA1
860a4a94bacc674d00b6d6b0d1f7a3b95cd527b2

SHA256
c5de7573b7424a24d65ffcfc7ef563820a79e0797af88a53b17ee16edea46862

SHA512
7daf6e920f272f164cdc956c3653710758a71a6546b850d8c7ac619e67952b26c946250c919944f3c325405a9804ba0342e13e4389e1b21a9ba5237c3f635701

Download Submit
C:\Windows\system\jhQEESp.exe

Filesize
5.7MB

MD5
3c00f79b9e5ac158b78e441c03725c08

SHA1
b9898a124d9ccc4e58f6381b8c698ab0f2f581a9

SHA256
48514e498dd8755cad9020735914e4057cad82a7f84d7401f10b58147f286bbb

SHA512
4166e154c9a594a64dbb5e201a9112e45c50e300e2add4c8e4f944cbb412ff98ec8da494a607b322d7b452bc9e70079a97978e122d8e8168e89fa872babb475d

Download Submit
C:\Windows\system\jzCVYTn.exe

Filesize
5.7MB

MD5
16bcc7dc6a5dbe5ea01dac2a3c21aeaa

SHA1
737fd56b2cff30ab180a15ed679fa9db99d02449

SHA256
d9d8409059656c7a91b6a7b11f01f49ead207d72d376deb8da859aa50176db33

SHA512
f68ac35fb2d5f7f838869886eb1be185fa9ef2f1db0478e53a3cb3ad6810d4717ce5a9772744bef5cc54da20b033ed4ad4296fbaada0802a48ebfd30008cea08

Download Submit
C:\Windows\system\mlejaQQ.exe

Filesize
5.7MB

MD5
b20f5453c408cb3be0ce903993077ce1

SHA1
92e98d43600f260c7b78127cadf049a3c0b954ff

SHA256
676549bcfee5c0718033b5e09269225736055a58930a1ea5b032ef1bad2f3102

SHA512
81c9376f5472ded6b547e41f8a950b8d73de6525c7ca65796c18d136cb0cd82f1ac17af43c094538289c49ecf4bd9c0ed88ed65df6e177f95cd137709303a93d

Download Submit
C:\Windows\system\nIZMBeH.exe

Filesize
5.7MB

MD5
453eee2b6bc7530c80fecfb0aa9c25fe

SHA1
4637552b3eafaed5ce2d3debdce25fc2c21b4aa3

SHA256
8671a4586e7bf4aaef0e094485d5f50ce42b082146ef9374c34fe4c73fedfeee

SHA512
3b716cc0c1a9d61cc859804343f4fdf155235e7f8a1fe72aa5ebee268003bc229530f74ea70ea18cf207c1ce2af2a6ec57b05b3042f919a09e654d08f3e80a41

Download Submit
C:\Windows\system\nNuzLmH.exe

Filesize
5.7MB

MD5
deae8106f9d11a3dc814a45016a50d0a

SHA1
399861afb6b0357bce3e3aac740b915b44d67f35

SHA256
bc54cf63bddc0f336d41903d4e7f1c58d02a464fdc4f37872fb149ab461aee8f

SHA512
c8270e436dc3ee434623105baea35314724eee6ee367dc907883b00730d31439d940987a0fb329ab3db168422fc1099536b1c89d753956aac61378c5fda6a105

Download Submit
C:\Windows\system\psiDqgf.exe

Filesize
5.7MB

MD5
414d3d11e0cebfa69f143c79613cc515

SHA1
bb6208408ccf0187f3f98d83d5d6437f5cc42dd0

SHA256
1177f8143a8d24f57fa1cf36f6fc2f526225ce8c6bb83884ad5c648e283c5cc1

SHA512
417f49fa63c49896a273b0fd260f0c692aca4e6996fc9208166addecf055c1f9faf6fcda209ddb4d5fe684e5242be0807345e0728f7a5bd09781d5610625b034

Download Submit
C:\Windows\system\qpGSaAr.exe

Filesize
5.7MB

MD5
1b84828f2dd07874e1690341f17df8e8

SHA1
205d8d8d74d3dd1600bd68df897eb315ca3ad836

SHA256
0aebc8b6f88e6a127dfe49d3c8be22a6689656fbbbdc707b8b7a26da554fef68

SHA512
0875c53034bd828f0c3e6efbe3396da32deeca09882ea8dba95dbdb9877c3db7532b529efe913e9ac4ae11f49c4cb55772eb07bb5925419fdaa055aa26050b4a

Download Submit
C:\Windows\system\sYACPDY.exe

Filesize
5.7MB

MD5
1b8191f5462ae46e161e721eac510d33

SHA1
8a07eabb098d79713f6432b0d0e18ebf800a9eee

SHA256
4fc5455c6d734e519f83958ac878e1e804a153129e35d0ee3e574b9e75f6b1e7

SHA512
a9fb8ad279ba03731e3083de2492f4af5ff4e65e778dea67771fba520190d9fa512902a32c7e78664e7c2df7a779b37dbd3f78b977aefca1615aeb5df2dc898f

Download Submit
C:\Windows\system\ssIvczn.exe

Filesize
5.7MB

MD5
a3a3e5519bb59c3c37e39f30dac22dbe

SHA1
2862797c2d57784fd9dd1398eb99d32b2d7d0ef1

SHA256
8919c533b71964133a3b0e6ae9c9376e9ae7a41c137d458d23b9d161fe349b98

SHA512
7fb871825b269ed6d73334101d9cd3e8eae2232fbe788768c43376bc1169e5356a7d610daf16c359cd19c075c14138366e5fc1f1d916b33af7027ac74ae5caa1

Download Submit
C:\Windows\system\tmWPpXY.exe

Filesize
5.7MB

MD5
01bed20c5696b26156bc9ed19ab56b78

SHA1
c07359bcc6ef9972b42a2685375a6758f652e3d0

SHA256
77c8c024f10763b0a8f033186d518f73c14afea9acc0142e8a871b085f861c40

SHA512
44ff5d31c2cc0971678a47b5ab1045a31cbd27d6ef85caf7ef09b083ebf14472d06b6883d7aefef8df6514351dcae59761cb303134349ea5799ed3fc4d516233

Download Submit
C:\Windows\system\vYRMFqW.exe

Filesize
5.7MB

MD5
cf1d1df6dfba405d6482c6d11b4f01ba

SHA1
efbaa15d692783c3f7b91fbe8fc3a273fa58b1be

SHA256
56517f5755c749e77df0e869a36d07f5af31adef08eaaed925226b522b3cf357

SHA512
b488885dad505cc11282e1efe9fe1627d8863aa2f10b738f4f5c16f2d532aa3164dd5f9998e762f0ceacb5fa065abbe6e5b590f72ed5502d745aa2eb0d32618c

Download Submit
C:\Windows\system\wqTANga.exe

Filesize
5.7MB

MD5
3035ea85270a03404cbe850a7bc066b8

SHA1
229dade56aba122a01685d0b1951e16a5fb9a5e3

SHA256
3d9fb285b346bdc29230687f6e473a2fdaea4caaa0683ced371676fdc5e1d3c4

SHA512
1c2b2bf1264df6b4212eb496be49df39b95e4938c7362d0049d018ee5dbc91ecf8ec2cff8ec9b214af45865172968bb025a4fae4c885082af001045cea44ca96

Download Submit
\Windows\system\LUTkvqb.exe

Filesize
5.7MB

MD5
913cf8d8f741b76d71ee7e539624e33e

SHA1
d937345478a9436f112717b7f6292c286c8ceb29

SHA256
22ecfe158528c966b81377fcf6e1c47ddc523a41a16206f4aeb430e32e2162b6

SHA512
ba559301222dcc9fb8449af108395d31cda934ca79e0ffc66134f5da66d466403c68eda421eefb48e81ba39f5a633865ae0806714fbae3ec335f1b97b66f02f3

Download Submit
\Windows\system\lKUWOlk.exe

Filesize
5.7MB

MD5
db2b3eddac6c9984dae9230ab687245c

SHA1
569ea471109d8b02942ed873c1bbf3a7c194b303

SHA256
85e701eba42ba8f4a61e2e00679717bf1d94bdd1d9a70c3060a0babd3320af11

SHA512
7890571a7388d405ec0c91b2fd9e85eec4369dc51e9834fd40edd784c3782b2832a65902a794ce6586c7cd308b4391dc679d22caf03d0c5fe02fd1ddb886722b

Download Submit
memory/536-157-0x000000013FEC0000-0x000000014020D000-memory.dmp

Filesize
3.3MB

Download
memory/996-121-0x000000013F410000-0x000000013F75D000-memory.dmp

Filesize
3.3MB

Download
memory/1020-127-0x000000013F5A0000-0x000000013F8ED000-memory.dmp

Filesize
3.3MB

Download
memory/1276-172-0x000000013FB10000-0x000000013FE5D000-memory.dmp

Filesize
3.3MB

Download
memory/1432-193-0x000000013FC00000-0x000000013FF4D000-memory.dmp

Filesize
3.3MB

Download
memory/1520-97-0x000000013FE60000-0x00000001401AD000-memory.dmp

Filesize
3.3MB

Download
memory/1652-115-0x000000013F1B0000-0x000000013F4FD000-memory.dmp

Filesize
3.3MB

Download
memory/1876-67-0x000000013F460000-0x000000013F7AD000-memory.dmp

Filesize
3.3MB

Download
memory/1884-103-0x000000013F070000-0x000000013F3BD000-memory.dmp

Filesize
3.3MB

Download
memory/1908-178-0x000000013FBE0000-0x000000013FF2D000-memory.dmp

Filesize
3.3MB

Download
memory/2056-49-0x000000013FE90000-0x00000001401DD000-memory.dmp

Filesize
3.3MB

Download
memory/2100-91-0x000000013F300000-0x000000013F64D000-memory.dmp

Filesize
3.3MB

Download
memory/2124-133-0x000000013F080000-0x000000013F3CD000-memory.dmp

Filesize
3.3MB

Download
memory/2136-151-0x000000013FDB0000-0x00000001400FD000-memory.dmp

Filesize
3.3MB

Download
memory/2188-0-0x000000013F240000-0x000000013F58D000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2256-61-0x000000013FA00000-0x000000013FD4D000-memory.dmp

Filesize
3.3MB

Download
memory/2324-79-0x000000013F320000-0x000000013F66D000-memory.dmp

Filesize
3.3MB

Download
memory/2332-163-0x000000013F200000-0x000000013F54D000-memory.dmp

Filesize
3.3MB

Download
memory/2444-31-0x000000013F510000-0x000000013F85D000-memory.dmp

Filesize
3.3MB

Download
memory/2468-187-0x000000013F350000-0x000000013F69D000-memory.dmp

Filesize
3.3MB

Download
memory/2612-55-0x000000013F640000-0x000000013F98D000-memory.dmp

Filesize
3.3MB

Download
memory/2648-73-0x000000013F050000-0x000000013F39D000-memory.dmp

Filesize
3.3MB

Download
memory/2684-184-0x000000013F540000-0x000000013F88D000-memory.dmp

Filesize
3.3MB

Download
memory/2692-11-0x000000013F6A0000-0x000000013F9ED000-memory.dmp

Filesize
3.3MB

Download
memory/2772-14-0x000000013F440000-0x000000013F78D000-memory.dmp

Filesize
3.3MB

Download
memory/2868-43-0x000000013F9A0000-0x000000013FCED000-memory.dmp

Filesize
3.3MB

Download
memory/2940-139-0x000000013FA20000-0x000000013FD6D000-memory.dmp

Filesize
3.3MB

Download
memory/2996-37-0x000000013F650000-0x000000013F99D000-memory.dmp

Filesize
3.3MB

Download
memory/3044-29-0x000000013FAF0000-0x000000013FE3D000-memory.dmp

Filesize
3.3MB

Download
memory/3064-85-0x000000013F5E0000-0x000000013F92D000-memory.dmp

Filesize
3.3MB

Download