cobaltstrike | ff5c0773a16f825be57142bb3e34e61eb7fae50c55a80c95943baa72969538d1

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.2MB
MD5

fdf39337cfb37aba698e96af8b81fc07
SHA1

8245dc0bc9935883ece649bc84f2f14e371f40d7
SHA256

ff5c0773a16f825be57142bb3e34e61eb7fae50c55a80c95943baa72969538d1
SHA512

0c7f1a04e85914e255ba8b247158ae1332c55a50583e55552ab41c082fcff97cd2007a2e36b63ba7bd24ade2fefaf40b9a0736cb67546db1f0ce03026e0217e7
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lj:RWWBibf56utgpPFotBER/mQ32lUH

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000018662-9.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c8-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b7-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-76.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-70.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000191f3-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 31 IoCs

miner

resource	yara_rule
behavioral1/memory/2196-32-0x000000013F470000-0x000000013F7C1000-memory.dmp	xmrig
behavioral1/memory/2516-37-0x000000013FC40000-0x000000013FF91000-memory.dmp	xmrig
behavioral1/memory/2072-72-0x000000013FA00000-0x000000013FD51000-memory.dmp	xmrig
behavioral1/memory/2412-89-0x000000013F300000-0x000000013F651000-memory.dmp	xmrig
behavioral1/memory/2632-96-0x000000013FE90000-0x00000001401E1000-memory.dmp	xmrig
behavioral1/memory/2872-99-0x000000013F9E0000-0x000000013FD31000-memory.dmp	xmrig
behavioral1/memory/1916-241-0x000000013F790000-0x000000013FAE1000-memory.dmp	xmrig
behavioral1/memory/1056-312-0x000000013F170000-0x000000013F4C1000-memory.dmp	xmrig
behavioral1/memory/2908-637-0x000000013F170000-0x000000013F4C1000-memory.dmp	xmrig
behavioral1/memory/2604-353-0x000000013F280000-0x000000013F5D1000-memory.dmp	xmrig
behavioral1/memory/2740-88-0x000000013FDA0000-0x00000001400F1000-memory.dmp	xmrig
behavioral1/memory/2516-56-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2764-71-0x000000013FF40000-0x0000000140291000-memory.dmp	xmrig
behavioral1/memory/2156-60-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2908-51-0x000000013F170000-0x000000013F4C1000-memory.dmp	xmrig
behavioral1/memory/1624-49-0x000000013F0E0000-0x000000013F431000-memory.dmp	xmrig
behavioral1/memory/2072-12-0x000000013FA00000-0x000000013FD51000-memory.dmp	xmrig
behavioral1/memory/1916-23-0x000000013F790000-0x000000013FAE1000-memory.dmp	xmrig
behavioral1/memory/1624-2867-0x000000013F0E0000-0x000000013F431000-memory.dmp	xmrig
behavioral1/memory/2764-2869-0x000000013FF40000-0x0000000140291000-memory.dmp	xmrig
behavioral1/memory/2072-2871-0x000000013FA00000-0x000000013FD51000-memory.dmp	xmrig
behavioral1/memory/2156-2873-0x000000013F8B0000-0x000000013FC01000-memory.dmp	xmrig
behavioral1/memory/2740-2877-0x000000013FDA0000-0x00000001400F1000-memory.dmp	xmrig
behavioral1/memory/2604-2907-0x000000013F280000-0x000000013F5D1000-memory.dmp	xmrig
behavioral1/memory/1056-2930-0x000000013F170000-0x000000013F4C1000-memory.dmp	xmrig
behavioral1/memory/2632-2899-0x000000013FE90000-0x00000001401E1000-memory.dmp	xmrig
behavioral1/memory/2412-3582-0x000000013F300000-0x000000013F651000-memory.dmp	xmrig
behavioral1/memory/1916-3667-0x000000013F790000-0x000000013FAE1000-memory.dmp	xmrig
behavioral1/memory/2872-3695-0x000000013F9E0000-0x000000013FD31000-memory.dmp	xmrig
behavioral1/memory/2196-3696-0x000000013F470000-0x000000013F7C1000-memory.dmp	xmrig
behavioral1/memory/2908-3694-0x000000013F170000-0x000000013F4C1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2072	sXZTHha.exe
1916	kGxmjng.exe
1056	BdKGPrI.exe
2196	gmHWJUi.exe
1624	ZOhyMhe.exe
2764	UFqTqtQ.exe
2908	QyCgBQc.exe
2156	hxjLgmk.exe
2604	yGfNNZH.exe
2740	XbbakSY.exe
2412	KoLeUrx.exe
2632	SSOikzQ.exe
2872	zMwqsdN.exe
2572	yQfXtPG.exe
2456	jMsnEAP.exe
2992	ePDfbAg.exe
2312	liZPVIO.exe
1076	pOBlcPC.exe
1248	ARDbgoC.exe
1268	QYkVmeh.exe
1388	NfxWjAm.exe
2788	GpgzHhs.exe
2308	BHOGzyf.exe
1644	FWQIKia.exe
2876	kNCaKpG.exe
2152	FMzJDbE.exe
2168	tWlDDjY.exe
1588	eEaCYAo.exe
1032	DTtOkYR.exe
2440	UxEYXbF.exe
844	lpjUTCQ.exe
800	NrskpgH.exe
1640	HnSeils.exe
1508	WXsslFJ.exe
1684	eHZVcXv.exe
2920	ojimNsC.exe
1692	TrfIUpt.exe
1376	ZKbYtmB.exe
1372	nMFTLer.exe
576	ONWOmSi.exe
2360	NOcxVky.exe
2300	qsgdiLA.exe
2948	PnKGIyq.exe
2936	PAVLvmh.exe
1048	fERIPqr.exe
2180	AlNdDci.exe
1804	XqcXCZU.exe
2964	IuufNZx.exe
2524	WTmQSZm.exe
2912	UviPJya.exe
2108	OhEjQsJ.exe
1608	nItrCnM.exe
2348	fEdSlkS.exe
2852	BLRMxGv.exe
2032	dminZZF.exe
2776	gcfrHVW.exe
2832	mmkXqdC.exe
2596	Atrpzbl.exe
2976	wnNfylR.exe
2844	gQZmCXY.exe
2584	fsJNsUP.exe
1972	jhqQDos.exe
2336	Utgpxne.exe
1952	WKqaStP.exe

Loads dropped DLL 64 IoCs

pid	Process
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2516-0-0x000000013FC40000-0x000000013FF91000-memory.dmp	upx
behavioral1/files/0x000f000000018662-9.dat	upx
behavioral1/memory/2196-32-0x000000013F470000-0x000000013F7C1000-memory.dmp	upx
behavioral1/files/0x00060000000186c8-20.dat	upx
behavioral1/memory/2516-37-0x000000013FC40000-0x000000013FF91000-memory.dmp	upx
behavioral1/files/0x00070000000193b7-41.dat	upx
behavioral1/files/0x00050000000193c1-46.dat	upx
behavioral1/files/0x00050000000193d4-57.dat	upx
behavioral1/memory/2072-72-0x000000013FA00000-0x000000013FD51000-memory.dmp	upx
behavioral1/memory/2412-89-0x000000013F300000-0x000000013F651000-memory.dmp	upx
behavioral1/memory/2632-96-0x000000013FE90000-0x00000001401E1000-memory.dmp	upx
behavioral1/files/0x000500000001941a-100.dat	upx
behavioral1/files/0x00050000000194f3-110.dat	upx
behavioral1/files/0x0005000000019441-107.dat	upx
behavioral1/files/0x00050000000194bd-104.dat	upx
behavioral1/files/0x00050000000193c8-76.dat	upx
behavioral1/memory/2872-99-0x000000013F9E0000-0x000000013FD31000-memory.dmp	upx
behavioral1/files/0x0009000000017481-116.dat	upx
behavioral1/files/0x000500000001960d-137.dat	upx
behavioral1/files/0x0005000000019616-164.dat	upx
behavioral1/files/0x000500000001962a-174.dat	upx
behavioral1/memory/1916-241-0x000000013F790000-0x000000013FAE1000-memory.dmp	upx
behavioral1/memory/1056-312-0x000000013F170000-0x000000013F4C1000-memory.dmp	upx
behavioral1/files/0x00050000000196ac-184.dat	upx
behavioral1/files/0x000500000001966c-179.dat	upx
behavioral1/files/0x0005000000019618-169.dat	upx
behavioral1/files/0x0005000000019614-160.dat	upx
behavioral1/memory/2908-637-0x000000013F170000-0x000000013F4C1000-memory.dmp	upx
behavioral1/memory/2604-353-0x000000013F280000-0x000000013F5D1000-memory.dmp	upx
behavioral1/files/0x0005000000019612-154.dat	upx
behavioral1/files/0x0005000000019610-150.dat	upx
behavioral1/files/0x000500000001960a-129.dat	upx
behavioral1/files/0x000500000001960e-142.dat	upx
behavioral1/files/0x000500000001960c-135.dat	upx
behavioral1/files/0x0005000000019537-121.dat	upx
behavioral1/files/0x00050000000195d9-124.dat	upx
behavioral1/memory/2740-88-0x000000013FDA0000-0x00000001400F1000-memory.dmp	upx
behavioral1/files/0x00050000000193ec-87.dat	upx
behavioral1/files/0x0005000000019436-82.dat	upx
behavioral1/memory/2764-71-0x000000013FF40000-0x0000000140291000-memory.dmp	upx
behavioral1/files/0x0005000000019417-70.dat	upx
behavioral1/memory/2604-68-0x000000013F280000-0x000000013F5D1000-memory.dmp	upx
behavioral1/memory/2156-60-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx
behavioral1/memory/2908-51-0x000000013F170000-0x000000013F4C1000-memory.dmp	upx
behavioral1/memory/1624-49-0x000000013F0E0000-0x000000013F431000-memory.dmp	upx
behavioral1/files/0x00090000000191f3-33.dat	upx
behavioral1/files/0x000600000001878d-16.dat	upx
behavioral1/memory/2072-12-0x000000013FA00000-0x000000013FD51000-memory.dmp	upx
behavioral1/memory/1056-28-0x000000013F170000-0x000000013F4C1000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-27.dat	upx
behavioral1/memory/1916-23-0x000000013F790000-0x000000013FAE1000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/memory/1624-2867-0x000000013F0E0000-0x000000013F431000-memory.dmp	upx
behavioral1/memory/2764-2869-0x000000013FF40000-0x0000000140291000-memory.dmp	upx
behavioral1/memory/2072-2871-0x000000013FA00000-0x000000013FD51000-memory.dmp	upx
behavioral1/memory/2156-2873-0x000000013F8B0000-0x000000013FC01000-memory.dmp	upx
behavioral1/memory/2740-2877-0x000000013FDA0000-0x00000001400F1000-memory.dmp	upx
behavioral1/memory/2604-2907-0x000000013F280000-0x000000013F5D1000-memory.dmp	upx
behavioral1/memory/1056-2930-0x000000013F170000-0x000000013F4C1000-memory.dmp	upx
behavioral1/memory/2632-2899-0x000000013FE90000-0x00000001401E1000-memory.dmp	upx
behavioral1/memory/2412-3582-0x000000013F300000-0x000000013F651000-memory.dmp	upx
behavioral1/memory/1916-3667-0x000000013F790000-0x000000013FAE1000-memory.dmp	upx
behavioral1/memory/2872-3695-0x000000013F9E0000-0x000000013FD31000-memory.dmp	upx
behavioral1/memory/2196-3696-0x000000013F470000-0x000000013F7C1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iYdnygC.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAKhTuN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXLOWiH.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QicAhzK.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRUtsVV.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpxVVBz.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTTrLHQ.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnHEVnh.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyaOcRa.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIlHEGE.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNAnMBN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIGwzZX.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pugfpvz.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emrrtzw.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyKGfWW.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnblXVl.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjLFPnD.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAIfmkI.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSIqbOC.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxQXMuV.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhmfGZN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQaNmcS.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXlsNdI.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcnmyOa.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdoxVWw.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaSGTfn.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtDOvTC.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoPlpIJ.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEzhaFx.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEdfuZv.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zshMBBP.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpWJaPC.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDkXcRF.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBFovJN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlaGDNG.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQhojWS.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYbhfgC.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCDMPTo.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npjGsqb.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYMTjlM.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOhyMhe.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGkGWDe.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUnfMvG.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSrsNOT.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYjgaQY.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJbmWMq.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffGlLXN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ketoAtx.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlTCOKD.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSFtlKH.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nROiHzT.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDHiYsb.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaVWHae.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFAvqPs.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGgjqbW.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWNpkSS.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBWFjKb.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFYwAoP.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgwVODy.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNGgndN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMXkEtI.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoJMUJe.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMmHSNd.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JALiWIN.exe	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2072	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 2072	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 2072	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 1056	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 1056	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 1056	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 1916	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 1916	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 1916	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 1624	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 1624	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 1624	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 2196	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2196	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2196	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2764	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2764	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2764	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2908	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2908	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2908	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2156	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2156	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2156	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2412	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2412	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2412	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2604	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 2604	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 2604	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 2872	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 2872	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 2872	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 2740	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 2740	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 2740	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 2572	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 2572	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 2572	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 2632	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 2632	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 2632	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 2992	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 2992	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 2992	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 2456	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 2456	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 2456	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 2312	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 2312	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 2312	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 1248	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 1248	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 1248	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 1076	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 1076	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 1076	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 1268	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1268	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1268	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1388	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 1388	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 1388	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 2788	2516	2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_fdf39337cfb37aba698e96af8b81fc07_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\System\sXZTHha.exe
  C:\Windows\System\sXZTHha.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\BdKGPrI.exe
  C:\Windows\System\BdKGPrI.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\kGxmjng.exe
  C:\Windows\System\kGxmjng.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\ZOhyMhe.exe
  C:\Windows\System\ZOhyMhe.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\gmHWJUi.exe
  C:\Windows\System\gmHWJUi.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\UFqTqtQ.exe
  C:\Windows\System\UFqTqtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\QyCgBQc.exe
  C:\Windows\System\QyCgBQc.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hxjLgmk.exe
  C:\Windows\System\hxjLgmk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\KoLeUrx.exe
  C:\Windows\System\KoLeUrx.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\yGfNNZH.exe
  C:\Windows\System\yGfNNZH.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\zMwqsdN.exe
  C:\Windows\System\zMwqsdN.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\XbbakSY.exe
  C:\Windows\System\XbbakSY.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\yQfXtPG.exe
  C:\Windows\System\yQfXtPG.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\SSOikzQ.exe
  C:\Windows\System\SSOikzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ePDfbAg.exe
  C:\Windows\System\ePDfbAg.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\jMsnEAP.exe
  C:\Windows\System\jMsnEAP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\liZPVIO.exe
  C:\Windows\System\liZPVIO.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ARDbgoC.exe
  C:\Windows\System\ARDbgoC.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\pOBlcPC.exe
  C:\Windows\System\pOBlcPC.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\QYkVmeh.exe
  C:\Windows\System\QYkVmeh.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\NfxWjAm.exe
  C:\Windows\System\NfxWjAm.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\GpgzHhs.exe
  C:\Windows\System\GpgzHhs.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\FWQIKia.exe
  C:\Windows\System\FWQIKia.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\BHOGzyf.exe
  C:\Windows\System\BHOGzyf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\kNCaKpG.exe
  C:\Windows\System\kNCaKpG.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\FMzJDbE.exe
  C:\Windows\System\FMzJDbE.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\tWlDDjY.exe
  C:\Windows\System\tWlDDjY.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\eEaCYAo.exe
  C:\Windows\System\eEaCYAo.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\DTtOkYR.exe
  C:\Windows\System\DTtOkYR.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\UxEYXbF.exe
  C:\Windows\System\UxEYXbF.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\lpjUTCQ.exe
  C:\Windows\System\lpjUTCQ.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\NrskpgH.exe
  C:\Windows\System\NrskpgH.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\HnSeils.exe
  C:\Windows\System\HnSeils.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\WXsslFJ.exe
  C:\Windows\System\WXsslFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\eHZVcXv.exe
  C:\Windows\System\eHZVcXv.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ojimNsC.exe
  C:\Windows\System\ojimNsC.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\TrfIUpt.exe
  C:\Windows\System\TrfIUpt.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ZKbYtmB.exe
  C:\Windows\System\ZKbYtmB.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\nMFTLer.exe
  C:\Windows\System\nMFTLer.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ONWOmSi.exe
  C:\Windows\System\ONWOmSi.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\NOcxVky.exe
  C:\Windows\System\NOcxVky.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\qsgdiLA.exe
  C:\Windows\System\qsgdiLA.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\PnKGIyq.exe
  C:\Windows\System\PnKGIyq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\PAVLvmh.exe
  C:\Windows\System\PAVLvmh.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\fERIPqr.exe
  C:\Windows\System\fERIPqr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\AlNdDci.exe
  C:\Windows\System\AlNdDci.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\XqcXCZU.exe
  C:\Windows\System\XqcXCZU.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\IuufNZx.exe
  C:\Windows\System\IuufNZx.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WTmQSZm.exe
  C:\Windows\System\WTmQSZm.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\UviPJya.exe
  C:\Windows\System\UviPJya.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\OhEjQsJ.exe
  C:\Windows\System\OhEjQsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\nItrCnM.exe
  C:\Windows\System\nItrCnM.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\fEdSlkS.exe
  C:\Windows\System\fEdSlkS.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\BLRMxGv.exe
  C:\Windows\System\BLRMxGv.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\dminZZF.exe
  C:\Windows\System\dminZZF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\gcfrHVW.exe
  C:\Windows\System\gcfrHVW.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\mmkXqdC.exe
  C:\Windows\System\mmkXqdC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\Atrpzbl.exe
  C:\Windows\System\Atrpzbl.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\wnNfylR.exe
  C:\Windows\System\wnNfylR.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\gQZmCXY.exe
  C:\Windows\System\gQZmCXY.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\fsJNsUP.exe
  C:\Windows\System\fsJNsUP.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\jhqQDos.exe
  C:\Windows\System\jhqQDos.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\Utgpxne.exe
  C:\Windows\System\Utgpxne.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\WKqaStP.exe
  C:\Windows\System\WKqaStP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\TeXIKEn.exe
  C:\Windows\System\TeXIKEn.exe
  2⤵
  PID:2636
- C:\Windows\System\dPzeuAW.exe
  C:\Windows\System\dPzeuAW.exe
  2⤵
  PID:2012
- C:\Windows\System\hjLFPnD.exe
  C:\Windows\System\hjLFPnD.exe
  2⤵
  PID:2752
- C:\Windows\System\lVXTjRX.exe
  C:\Windows\System\lVXTjRX.exe
  2⤵
  PID:2160
- C:\Windows\System\iKTWoJc.exe
  C:\Windows\System\iKTWoJc.exe
  2⤵
  PID:860
- C:\Windows\System\miYuOtX.exe
  C:\Windows\System\miYuOtX.exe
  2⤵
  PID:448
- C:\Windows\System\edoPLhi.exe
  C:\Windows\System\edoPLhi.exe
  2⤵
  PID:900
- C:\Windows\System\zKhnPQB.exe
  C:\Windows\System\zKhnPQB.exe
  2⤵
  PID:1356
- C:\Windows\System\TJbmWMq.exe
  C:\Windows\System\TJbmWMq.exe
  2⤵
  PID:1700
- C:\Windows\System\FJriSDf.exe
  C:\Windows\System\FJriSDf.exe
  2⤵
  PID:2256
- C:\Windows\System\HHTlwKD.exe
  C:\Windows\System\HHTlwKD.exe
  2⤵
  PID:1552
- C:\Windows\System\jXAGGfK.exe
  C:\Windows\System\jXAGGfK.exe
  2⤵
  PID:2216
- C:\Windows\System\iPYeHeq.exe
  C:\Windows\System\iPYeHeq.exe
  2⤵
  PID:1788
- C:\Windows\System\xoiXOzf.exe
  C:\Windows\System\xoiXOzf.exe
  2⤵
  PID:264
- C:\Windows\System\sGpfZxL.exe
  C:\Windows\System\sGpfZxL.exe
  2⤵
  PID:1512
- C:\Windows\System\bMiphoi.exe
  C:\Windows\System\bMiphoi.exe
  2⤵
  PID:924
- C:\Windows\System\OBJoHye.exe
  C:\Windows\System\OBJoHye.exe
  2⤵
  PID:2332
- C:\Windows\System\YaSGTfn.exe
  C:\Windows\System\YaSGTfn.exe
  2⤵
  PID:3032
- C:\Windows\System\PFjwtHZ.exe
  C:\Windows\System\PFjwtHZ.exe
  2⤵
  PID:2400
- C:\Windows\System\xBlwpwa.exe
  C:\Windows\System\xBlwpwa.exe
  2⤵
  PID:1600
- C:\Windows\System\IhzjIGR.exe
  C:\Windows\System\IhzjIGR.exe
  2⤵
  PID:2380
- C:\Windows\System\vydpacm.exe
  C:\Windows\System\vydpacm.exe
  2⤵
  PID:1920
- C:\Windows\System\jPViYEf.exe
  C:\Windows\System\jPViYEf.exe
  2⤵
  PID:2316
- C:\Windows\System\yAWoeNW.exe
  C:\Windows\System\yAWoeNW.exe
  2⤵
  PID:2680
- C:\Windows\System\RHJeneC.exe
  C:\Windows\System\RHJeneC.exe
  2⤵
  PID:396
- C:\Windows\System\TzbtNbf.exe
  C:\Windows\System\TzbtNbf.exe
  2⤵
  PID:2620
- C:\Windows\System\yArBUqV.exe
  C:\Windows\System\yArBUqV.exe
  2⤵
  PID:672
- C:\Windows\System\FJWuCNV.exe
  C:\Windows\System\FJWuCNV.exe
  2⤵
  PID:2184
- C:\Windows\System\qBEKFqk.exe
  C:\Windows\System\qBEKFqk.exe
  2⤵
  PID:2972
- C:\Windows\System\SUClILn.exe
  C:\Windows\System\SUClILn.exe
  2⤵
  PID:1208
- C:\Windows\System\FRajIyt.exe
  C:\Windows\System\FRajIyt.exe
  2⤵
  PID:1236
- C:\Windows\System\vSTvhhM.exe
  C:\Windows\System\vSTvhhM.exe
  2⤵
  PID:920
- C:\Windows\System\ZhubJpE.exe
  C:\Windows\System\ZhubJpE.exe
  2⤵
  PID:1204
- C:\Windows\System\ulIiSga.exe
  C:\Windows\System\ulIiSga.exe
  2⤵
  PID:2808
- C:\Windows\System\ndtaVMV.exe
  C:\Windows\System\ndtaVMV.exe
  2⤵
  PID:2744
- C:\Windows\System\TpRXDpl.exe
  C:\Windows\System\TpRXDpl.exe
  2⤵
  PID:2436
- C:\Windows\System\qJgLZhY.exe
  C:\Windows\System\qJgLZhY.exe
  2⤵
  PID:1540
- C:\Windows\System\mmPHhWr.exe
  C:\Windows\System\mmPHhWr.exe
  2⤵
  PID:784
- C:\Windows\System\ykuYDGI.exe
  C:\Windows\System\ykuYDGI.exe
  2⤵
  PID:1504
- C:\Windows\System\wnfUWZX.exe
  C:\Windows\System\wnfUWZX.exe
  2⤵
  PID:1580
- C:\Windows\System\HJUzJzI.exe
  C:\Windows\System\HJUzJzI.exe
  2⤵
  PID:1124
- C:\Windows\System\iNpRWlR.exe
  C:\Windows\System\iNpRWlR.exe
  2⤵
  PID:3060
- C:\Windows\System\xMZYedR.exe
  C:\Windows\System\xMZYedR.exe
  2⤵
  PID:1160
- C:\Windows\System\YKCxzhz.exe
  C:\Windows\System\YKCxzhz.exe
  2⤵
  PID:2112
- C:\Windows\System\HEUMVfi.exe
  C:\Windows\System\HEUMVfi.exe
  2⤵
  PID:2408
- C:\Windows\System\cYYsjSJ.exe
  C:\Windows\System\cYYsjSJ.exe
  2⤵
  PID:2016
- C:\Windows\System\McTXIuV.exe
  C:\Windows\System\McTXIuV.exe
  2⤵
  PID:3052
- C:\Windows\System\hhsJBkl.exe
  C:\Windows\System\hhsJBkl.exe
  2⤵
  PID:1500
- C:\Windows\System\WinIQAs.exe
  C:\Windows\System\WinIQAs.exe
  2⤵
  PID:1960
- C:\Windows\System\IBUXlbW.exe
  C:\Windows\System\IBUXlbW.exe
  2⤵
  PID:616
- C:\Windows\System\nBAvjBQ.exe
  C:\Windows\System\nBAvjBQ.exe
  2⤵
  PID:2484
- C:\Windows\System\aFUNRlI.exe
  C:\Windows\System\aFUNRlI.exe
  2⤵
  PID:1900
- C:\Windows\System\MpXRllH.exe
  C:\Windows\System\MpXRllH.exe
  2⤵
  PID:612
- C:\Windows\System\YsrWMRs.exe
  C:\Windows\System\YsrWMRs.exe
  2⤵
  PID:2716
- C:\Windows\System\vkOAxmW.exe
  C:\Windows\System\vkOAxmW.exe
  2⤵
  PID:2100
- C:\Windows\System\hlCKHeF.exe
  C:\Windows\System\hlCKHeF.exe
  2⤵
  PID:584
- C:\Windows\System\gjSiZUf.exe
  C:\Windows\System\gjSiZUf.exe
  2⤵
  PID:1476
- C:\Windows\System\ILToJTO.exe
  C:\Windows\System\ILToJTO.exe
  2⤵
  PID:2828
- C:\Windows\System\TlzAlYM.exe
  C:\Windows\System\TlzAlYM.exe
  2⤵
  PID:2120
- C:\Windows\System\APpgRDJ.exe
  C:\Windows\System\APpgRDJ.exe
  2⤵
  PID:484
- C:\Windows\System\mbmeOSJ.exe
  C:\Windows\System\mbmeOSJ.exe
  2⤵
  PID:3048
- C:\Windows\System\CXPDGXy.exe
  C:\Windows\System\CXPDGXy.exe
  2⤵
  PID:856
- C:\Windows\System\LpgsakN.exe
  C:\Windows\System\LpgsakN.exe
  2⤵
  PID:2980
- C:\Windows\System\hLFoVdd.exe
  C:\Windows\System\hLFoVdd.exe
  2⤵
  PID:1080
- C:\Windows\System\MUgVFcm.exe
  C:\Windows\System\MUgVFcm.exe
  2⤵
  PID:2208
- C:\Windows\System\uNtRbsD.exe
  C:\Windows\System\uNtRbsD.exe
  2⤵
  PID:2816
- C:\Windows\System\qyRHZes.exe
  C:\Windows\System\qyRHZes.exe
  2⤵
  PID:3088
- C:\Windows\System\vqkMNHk.exe
  C:\Windows\System\vqkMNHk.exe
  2⤵
  PID:3104
- C:\Windows\System\XikogYk.exe
  C:\Windows\System\XikogYk.exe
  2⤵
  PID:3120
- C:\Windows\System\mCyyiBc.exe
  C:\Windows\System\mCyyiBc.exe
  2⤵
  PID:3136
- C:\Windows\System\GfsmBwD.exe
  C:\Windows\System\GfsmBwD.exe
  2⤵
  PID:3152
- C:\Windows\System\RcwykQM.exe
  C:\Windows\System\RcwykQM.exe
  2⤵
  PID:3168
- C:\Windows\System\WBCPXpc.exe
  C:\Windows\System\WBCPXpc.exe
  2⤵
  PID:3188
- C:\Windows\System\nNVOGgu.exe
  C:\Windows\System\nNVOGgu.exe
  2⤵
  PID:3204
- C:\Windows\System\QCXjupw.exe
  C:\Windows\System\QCXjupw.exe
  2⤵
  PID:3220
- C:\Windows\System\czEasxJ.exe
  C:\Windows\System\czEasxJ.exe
  2⤵
  PID:3236
- C:\Windows\System\CAhvOxo.exe
  C:\Windows\System\CAhvOxo.exe
  2⤵
  PID:3252
- C:\Windows\System\uxosvgm.exe
  C:\Windows\System\uxosvgm.exe
  2⤵
  PID:3296
- C:\Windows\System\zkRXvoi.exe
  C:\Windows\System\zkRXvoi.exe
  2⤵
  PID:3348
- C:\Windows\System\KFcSYDX.exe
  C:\Windows\System\KFcSYDX.exe
  2⤵
  PID:3364
- C:\Windows\System\iAQwNOy.exe
  C:\Windows\System\iAQwNOy.exe
  2⤵
  PID:3384
- C:\Windows\System\HMJqThW.exe
  C:\Windows\System\HMJqThW.exe
  2⤵
  PID:3412
- C:\Windows\System\oZxVBGT.exe
  C:\Windows\System\oZxVBGT.exe
  2⤵
  PID:3428
- C:\Windows\System\naWqcSM.exe
  C:\Windows\System\naWqcSM.exe
  2⤵
  PID:3448
- C:\Windows\System\copdmGf.exe
  C:\Windows\System\copdmGf.exe
  2⤵
  PID:3464
- C:\Windows\System\dfwHpbR.exe
  C:\Windows\System\dfwHpbR.exe
  2⤵
  PID:3480
- C:\Windows\System\ZusJpTk.exe
  C:\Windows\System\ZusJpTk.exe
  2⤵
  PID:3496
- C:\Windows\System\OVPtqLh.exe
  C:\Windows\System\OVPtqLh.exe
  2⤵
  PID:3512
- C:\Windows\System\bhWjgHD.exe
  C:\Windows\System\bhWjgHD.exe
  2⤵
  PID:3528
- C:\Windows\System\ycQbpnW.exe
  C:\Windows\System\ycQbpnW.exe
  2⤵
  PID:3548
- C:\Windows\System\uQWZKwu.exe
  C:\Windows\System\uQWZKwu.exe
  2⤵
  PID:3564
- C:\Windows\System\qyZpUwH.exe
  C:\Windows\System\qyZpUwH.exe
  2⤵
  PID:3584
- C:\Windows\System\txblvih.exe
  C:\Windows\System\txblvih.exe
  2⤵
  PID:3600
- C:\Windows\System\vnjjdsu.exe
  C:\Windows\System\vnjjdsu.exe
  2⤵
  PID:3616
- C:\Windows\System\HYwOpwn.exe
  C:\Windows\System\HYwOpwn.exe
  2⤵
  PID:3632
- C:\Windows\System\UFapmoL.exe
  C:\Windows\System\UFapmoL.exe
  2⤵
  PID:3672
- C:\Windows\System\lrIVDqx.exe
  C:\Windows\System\lrIVDqx.exe
  2⤵
  PID:3692
- C:\Windows\System\TIbpjOe.exe
  C:\Windows\System\TIbpjOe.exe
  2⤵
  PID:3708
- C:\Windows\System\zNGgndN.exe
  C:\Windows\System\zNGgndN.exe
  2⤵
  PID:3728
- C:\Windows\System\gnHEVnh.exe
  C:\Windows\System\gnHEVnh.exe
  2⤵
  PID:3756
- C:\Windows\System\hktkEwZ.exe
  C:\Windows\System\hktkEwZ.exe
  2⤵
  PID:3772
- C:\Windows\System\UuZWhGy.exe
  C:\Windows\System\UuZWhGy.exe
  2⤵
  PID:3796
- C:\Windows\System\aIiRvUO.exe
  C:\Windows\System\aIiRvUO.exe
  2⤵
  PID:3832
- C:\Windows\System\JOcrczG.exe
  C:\Windows\System\JOcrczG.exe
  2⤵
  PID:3856
- C:\Windows\System\TSymMnv.exe
  C:\Windows\System\TSymMnv.exe
  2⤵
  PID:3872
- C:\Windows\System\XQTQxJd.exe
  C:\Windows\System\XQTQxJd.exe
  2⤵
  PID:3892
- C:\Windows\System\vulBjQk.exe
  C:\Windows\System\vulBjQk.exe
  2⤵
  PID:3912
- C:\Windows\System\KKhzWmv.exe
  C:\Windows\System\KKhzWmv.exe
  2⤵
  PID:3936
- C:\Windows\System\zRriCrc.exe
  C:\Windows\System\zRriCrc.exe
  2⤵
  PID:3952
- C:\Windows\System\eLpkRRh.exe
  C:\Windows\System\eLpkRRh.exe
  2⤵
  PID:3972
- C:\Windows\System\eaZvCpf.exe
  C:\Windows\System\eaZvCpf.exe
  2⤵
  PID:3988
- C:\Windows\System\bETlDjY.exe
  C:\Windows\System\bETlDjY.exe
  2⤵
  PID:4004
- C:\Windows\System\QorEmYf.exe
  C:\Windows\System\QorEmYf.exe
  2⤵
  PID:4028
- C:\Windows\System\vXiQKeh.exe
  C:\Windows\System\vXiQKeh.exe
  2⤵
  PID:4048
- C:\Windows\System\xxJRTSN.exe
  C:\Windows\System\xxJRTSN.exe
  2⤵
  PID:4064
- C:\Windows\System\bUujQww.exe
  C:\Windows\System\bUujQww.exe
  2⤵
  PID:4080
- C:\Windows\System\pStXjhK.exe
  C:\Windows\System\pStXjhK.exe
  2⤵
  PID:3132
- C:\Windows\System\xwnpKBl.exe
  C:\Windows\System\xwnpKBl.exe
  2⤵
  PID:3200
- C:\Windows\System\XtEZRMr.exe
  C:\Windows\System\XtEZRMr.exe
  2⤵
  PID:2616
- C:\Windows\System\xfFkwRH.exe
  C:\Windows\System\xfFkwRH.exe
  2⤵
  PID:3272
- C:\Windows\System\nmeckwU.exe
  C:\Windows\System\nmeckwU.exe
  2⤵
  PID:3096
- C:\Windows\System\kKcJDTG.exe
  C:\Windows\System\kKcJDTG.exe
  2⤵
  PID:3020
- C:\Windows\System\hnGbaFi.exe
  C:\Windows\System\hnGbaFi.exe
  2⤵
  PID:3084
- C:\Windows\System\aCSaNQw.exe
  C:\Windows\System\aCSaNQw.exe
  2⤵
  PID:3176
- C:\Windows\System\wvDiBwu.exe
  C:\Windows\System\wvDiBwu.exe
  2⤵
  PID:3216
- C:\Windows\System\bHTTJCx.exe
  C:\Windows\System\bHTTJCx.exe
  2⤵
  PID:2296
- C:\Windows\System\oPnTSSV.exe
  C:\Windows\System\oPnTSSV.exe
  2⤵
  PID:3360
- C:\Windows\System\kRMNBct.exe
  C:\Windows\System\kRMNBct.exe
  2⤵
  PID:3400
- C:\Windows\System\XZoOvpZ.exe
  C:\Windows\System\XZoOvpZ.exe
  2⤵
  PID:3440
- C:\Windows\System\xpfeuIW.exe
  C:\Windows\System\xpfeuIW.exe
  2⤵
  PID:3488
- C:\Windows\System\yaEiAII.exe
  C:\Windows\System\yaEiAII.exe
  2⤵
  PID:3556
- C:\Windows\System\bHHeuxG.exe
  C:\Windows\System\bHHeuxG.exe
  2⤵
  PID:3612
- C:\Windows\System\MERoarv.exe
  C:\Windows\System\MERoarv.exe
  2⤵
  PID:3628
- C:\Windows\System\QhutRWx.exe
  C:\Windows\System\QhutRWx.exe
  2⤵
  PID:2568
- C:\Windows\System\PUHZqAS.exe
  C:\Windows\System\PUHZqAS.exe
  2⤵
  PID:3720
- C:\Windows\System\GYXTXwP.exe
  C:\Windows\System\GYXTXwP.exe
  2⤵
  PID:3644
- C:\Windows\System\OovgfoX.exe
  C:\Windows\System\OovgfoX.exe
  2⤵
  PID:3744
- C:\Windows\System\NajfDgv.exe
  C:\Windows\System\NajfDgv.exe
  2⤵
  PID:3656
- C:\Windows\System\AXDPlnM.exe
  C:\Windows\System\AXDPlnM.exe
  2⤵
  PID:2576
- C:\Windows\System\otaWZwU.exe
  C:\Windows\System\otaWZwU.exe
  2⤵
  PID:3804
- C:\Windows\System\KtDOvTC.exe
  C:\Windows\System\KtDOvTC.exe
  2⤵
  PID:2292
- C:\Windows\System\ICEarSO.exe
  C:\Windows\System\ICEarSO.exe
  2⤵
  PID:3784
- C:\Windows\System\kFPHxby.exe
  C:\Windows\System\kFPHxby.exe
  2⤵
  PID:3868
- C:\Windows\System\qXfphxX.exe
  C:\Windows\System\qXfphxX.exe
  2⤵
  PID:3884
- C:\Windows\System\rqtkGqj.exe
  C:\Windows\System\rqtkGqj.exe
  2⤵
  PID:3944
- C:\Windows\System\enmAlOU.exe
  C:\Windows\System\enmAlOU.exe
  2⤵
  PID:4020
- C:\Windows\System\xqwQtAs.exe
  C:\Windows\System\xqwQtAs.exe
  2⤵
  PID:4088
- C:\Windows\System\PVlwjaq.exe
  C:\Windows\System\PVlwjaq.exe
  2⤵
  PID:2136
- C:\Windows\System\OoTGvpY.exe
  C:\Windows\System\OoTGvpY.exe
  2⤵
  PID:3212
- C:\Windows\System\lftqTMo.exe
  C:\Windows\System\lftqTMo.exe
  2⤵
  PID:3316
- C:\Windows\System\WBKwnbJ.exe
  C:\Windows\System\WBKwnbJ.exe
  2⤵
  PID:3280
- C:\Windows\System\rEhfcxq.exe
  C:\Windows\System\rEhfcxq.exe
  2⤵
  PID:3336
- C:\Windows\System\TqmzRCR.exe
  C:\Windows\System\TqmzRCR.exe
  2⤵
  PID:4000
- C:\Windows\System\oVtjXOi.exe
  C:\Windows\System\oVtjXOi.exe
  2⤵
  PID:4044
- C:\Windows\System\KltLaJh.exe
  C:\Windows\System\KltLaJh.exe
  2⤵
  PID:3308
- C:\Windows\System\saCWtDW.exe
  C:\Windows\System\saCWtDW.exe
  2⤵
  PID:3460
- C:\Windows\System\syHeQht.exe
  C:\Windows\System\syHeQht.exe
  2⤵
  PID:3116
- C:\Windows\System\IpWIdCd.exe
  C:\Windows\System\IpWIdCd.exe
  2⤵
  PID:3344
- C:\Windows\System\jWMyGKB.exe
  C:\Windows\System\jWMyGKB.exe
  2⤵
  PID:3380
- C:\Windows\System\ZpyMtbY.exe
  C:\Windows\System\ZpyMtbY.exe
  2⤵
  PID:3596
- C:\Windows\System\ajtitLS.exe
  C:\Windows\System\ajtitLS.exe
  2⤵
  PID:3544
- C:\Windows\System\Osgzjjs.exe
  C:\Windows\System\Osgzjjs.exe
  2⤵
  PID:2840
- C:\Windows\System\TZrpEAd.exe
  C:\Windows\System\TZrpEAd.exe
  2⤵
  PID:3660
- C:\Windows\System\ijoNqGV.exe
  C:\Windows\System\ijoNqGV.exe
  2⤵
  PID:3668
- C:\Windows\System\kxuvFuN.exe
  C:\Windows\System\kxuvFuN.exe
  2⤵
  PID:3768
- C:\Windows\System\ZxTGMFl.exe
  C:\Windows\System\ZxTGMFl.exe
  2⤵
  PID:3848
- C:\Windows\System\oDICCOh.exe
  C:\Windows\System\oDICCOh.exe
  2⤵
  PID:2984
- C:\Windows\System\rqCFLgw.exe
  C:\Windows\System\rqCFLgw.exe
  2⤵
  PID:3664
- C:\Windows\System\YHewOYe.exe
  C:\Windows\System\YHewOYe.exe
  2⤵
  PID:3320
- C:\Windows\System\zshMBBP.exe
  C:\Windows\System\zshMBBP.exe
  2⤵
  PID:4040
- C:\Windows\System\FBuQJKo.exe
  C:\Windows\System\FBuQJKo.exe
  2⤵
  PID:4060
- C:\Windows\System\WizRxAO.exe
  C:\Windows\System\WizRxAO.exe
  2⤵
  PID:3024
- C:\Windows\System\LUzDzrN.exe
  C:\Windows\System\LUzDzrN.exe
  2⤵
  PID:3332
- C:\Windows\System\pNFcUdB.exe
  C:\Windows\System\pNFcUdB.exe
  2⤵
  PID:1180
- C:\Windows\System\yjpzspt.exe
  C:\Windows\System\yjpzspt.exe
  2⤵
  PID:4016
- C:\Windows\System\TtiXesh.exe
  C:\Windows\System\TtiXesh.exe
  2⤵
  PID:2172
- C:\Windows\System\wZCQPZT.exe
  C:\Windows\System\wZCQPZT.exe
  2⤵
  PID:3076
- C:\Windows\System\RLxQxFa.exe
  C:\Windows\System\RLxQxFa.exe
  2⤵
  PID:3968
- C:\Windows\System\ynjdQxx.exe
  C:\Windows\System\ynjdQxx.exe
  2⤵
  PID:3128
- C:\Windows\System\mLutmQs.exe
  C:\Windows\System\mLutmQs.exe
  2⤵
  PID:3508
- C:\Windows\System\utojKvI.exe
  C:\Windows\System\utojKvI.exe
  2⤵
  PID:3764
- C:\Windows\System\YwuHoja.exe
  C:\Windows\System\YwuHoja.exe
  2⤵
  PID:3700
- C:\Windows\System\AuRiECJ.exe
  C:\Windows\System\AuRiECJ.exe
  2⤵
  PID:2040
- C:\Windows\System\mHlXPNL.exe
  C:\Windows\System\mHlXPNL.exe
  2⤵
  PID:2268
- C:\Windows\System\AsSLqiz.exe
  C:\Windows\System\AsSLqiz.exe
  2⤵
  PID:3864
- C:\Windows\System\wCqwwZc.exe
  C:\Windows\System\wCqwwZc.exe
  2⤵
  PID:3372
- C:\Windows\System\SHaIRmL.exe
  C:\Windows\System\SHaIRmL.exe
  2⤵
  PID:2628
- C:\Windows\System\VQPksaD.exe
  C:\Windows\System\VQPksaD.exe
  2⤵
  PID:2900
- C:\Windows\System\PNpImZl.exe
  C:\Windows\System\PNpImZl.exe
  2⤵
  PID:3472
- C:\Windows\System\WzBTTHg.exe
  C:\Windows\System\WzBTTHg.exe
  2⤵
  PID:3340
- C:\Windows\System\qdpuTRa.exe
  C:\Windows\System\qdpuTRa.exe
  2⤵
  PID:3312
- C:\Windows\System\LsdrzqQ.exe
  C:\Windows\System\LsdrzqQ.exe
  2⤵
  PID:2668
- C:\Windows\System\DJbsNIg.exe
  C:\Windows\System\DJbsNIg.exe
  2⤵
  PID:3592
- C:\Windows\System\VeGRmSw.exe
  C:\Windows\System\VeGRmSw.exe
  2⤵
  PID:3408
- C:\Windows\System\yTMkdVP.exe
  C:\Windows\System\yTMkdVP.exe
  2⤵
  PID:2780
- C:\Windows\System\MnlnEJR.exe
  C:\Windows\System\MnlnEJR.exe
  2⤵
  PID:3232
- C:\Windows\System\dzwmaJI.exe
  C:\Windows\System\dzwmaJI.exe
  2⤵
  PID:1672
- C:\Windows\System\bsoBIJT.exe
  C:\Windows\System\bsoBIJT.exe
  2⤵
  PID:2592
- C:\Windows\System\JMhgjhN.exe
  C:\Windows\System\JMhgjhN.exe
  2⤵
  PID:1096
- C:\Windows\System\HYTyPTg.exe
  C:\Windows\System\HYTyPTg.exe
  2⤵
  PID:4036
- C:\Windows\System\kCnsoLj.exe
  C:\Windows\System\kCnsoLj.exe
  2⤵
  PID:2768
- C:\Windows\System\XQJjCvX.exe
  C:\Windows\System\XQJjCvX.exe
  2⤵
  PID:4012
- C:\Windows\System\TlYgSJu.exe
  C:\Windows\System\TlYgSJu.exe
  2⤵
  PID:3808
- C:\Windows\System\kOLGWZQ.exe
  C:\Windows\System\kOLGWZQ.exe
  2⤵
  PID:2756
- C:\Windows\System\hIlUWoy.exe
  C:\Windows\System\hIlUWoy.exe
  2⤵
  PID:3056
- C:\Windows\System\QNksXZj.exe
  C:\Windows\System\QNksXZj.exe
  2⤵
  PID:4128
- C:\Windows\System\budwCAf.exe
  C:\Windows\System\budwCAf.exe
  2⤵
  PID:4160
- C:\Windows\System\sSqqjdy.exe
  C:\Windows\System\sSqqjdy.exe
  2⤵
  PID:4200
- C:\Windows\System\RztpvUV.exe
  C:\Windows\System\RztpvUV.exe
  2⤵
  PID:4308
- C:\Windows\System\EbfpFzo.exe
  C:\Windows\System\EbfpFzo.exe
  2⤵
  PID:4324
- C:\Windows\System\GQANoZv.exe
  C:\Windows\System\GQANoZv.exe
  2⤵
  PID:4344
- C:\Windows\System\hcTKdrt.exe
  C:\Windows\System\hcTKdrt.exe
  2⤵
  PID:4360
- C:\Windows\System\FJOJVQL.exe
  C:\Windows\System\FJOJVQL.exe
  2⤵
  PID:4376
- C:\Windows\System\eiqMteg.exe
  C:\Windows\System\eiqMteg.exe
  2⤵
  PID:4392
- C:\Windows\System\InvvEJb.exe
  C:\Windows\System\InvvEJb.exe
  2⤵
  PID:4412
- C:\Windows\System\SgLQgNO.exe
  C:\Windows\System\SgLQgNO.exe
  2⤵
  PID:4432
- C:\Windows\System\IWBIpSY.exe
  C:\Windows\System\IWBIpSY.exe
  2⤵
  PID:4448
- C:\Windows\System\ScPZSsa.exe
  C:\Windows\System\ScPZSsa.exe
  2⤵
  PID:4468
- C:\Windows\System\JYhXDdP.exe
  C:\Windows\System\JYhXDdP.exe
  2⤵
  PID:4508
- C:\Windows\System\seKeeEl.exe
  C:\Windows\System\seKeeEl.exe
  2⤵
  PID:4524
- C:\Windows\System\yMTNOYg.exe
  C:\Windows\System\yMTNOYg.exe
  2⤵
  PID:4540
- C:\Windows\System\YbsKdFE.exe
  C:\Windows\System\YbsKdFE.exe
  2⤵
  PID:4560
- C:\Windows\System\MDrlqek.exe
  C:\Windows\System\MDrlqek.exe
  2⤵
  PID:4576
- C:\Windows\System\KrjaipR.exe
  C:\Windows\System\KrjaipR.exe
  2⤵
  PID:4592
- C:\Windows\System\ZfRQzCc.exe
  C:\Windows\System\ZfRQzCc.exe
  2⤵
  PID:4608
- C:\Windows\System\uOJEQjZ.exe
  C:\Windows\System\uOJEQjZ.exe
  2⤵
  PID:4636
- C:\Windows\System\LXhQNLD.exe
  C:\Windows\System\LXhQNLD.exe
  2⤵
  PID:4652
- C:\Windows\System\vWLjTaO.exe
  C:\Windows\System\vWLjTaO.exe
  2⤵
  PID:4680
- C:\Windows\System\nCNREbQ.exe
  C:\Windows\System\nCNREbQ.exe
  2⤵
  PID:4700
- C:\Windows\System\qqfRHsp.exe
  C:\Windows\System\qqfRHsp.exe
  2⤵
  PID:4716
- C:\Windows\System\jsNThyQ.exe
  C:\Windows\System\jsNThyQ.exe
  2⤵
  PID:4732
- C:\Windows\System\vrYqQNU.exe
  C:\Windows\System\vrYqQNU.exe
  2⤵
  PID:4748
- C:\Windows\System\rPBHAyl.exe
  C:\Windows\System\rPBHAyl.exe
  2⤵
  PID:4772
- C:\Windows\System\SFwTyUR.exe
  C:\Windows\System\SFwTyUR.exe
  2⤵
  PID:4788
- C:\Windows\System\CmzhRvA.exe
  C:\Windows\System\CmzhRvA.exe
  2⤵
  PID:4804
- C:\Windows\System\rtzvovH.exe
  C:\Windows\System\rtzvovH.exe
  2⤵
  PID:4836
- C:\Windows\System\iHkRXFo.exe
  C:\Windows\System\iHkRXFo.exe
  2⤵
  PID:4852
- C:\Windows\System\eGAbiDO.exe
  C:\Windows\System\eGAbiDO.exe
  2⤵
  PID:4876
- C:\Windows\System\sjPAlWU.exe
  C:\Windows\System\sjPAlWU.exe
  2⤵
  PID:4896
- C:\Windows\System\Arpvzhx.exe
  C:\Windows\System\Arpvzhx.exe
  2⤵
  PID:4912
- C:\Windows\System\aifRwzH.exe
  C:\Windows\System\aifRwzH.exe
  2⤵
  PID:4932
- C:\Windows\System\jjUpSTW.exe
  C:\Windows\System\jjUpSTW.exe
  2⤵
  PID:4948
- C:\Windows\System\WGlUYcg.exe
  C:\Windows\System\WGlUYcg.exe
  2⤵
  PID:4964
- C:\Windows\System\DelMQCW.exe
  C:\Windows\System\DelMQCW.exe
  2⤵
  PID:4980
- C:\Windows\System\GQPcnxI.exe
  C:\Windows\System\GQPcnxI.exe
  2⤵
  PID:5000
- C:\Windows\System\cmoWuhc.exe
  C:\Windows\System\cmoWuhc.exe
  2⤵
  PID:5020
- C:\Windows\System\zVtcLCT.exe
  C:\Windows\System\zVtcLCT.exe
  2⤵
  PID:5036
- C:\Windows\System\tHulXfO.exe
  C:\Windows\System\tHulXfO.exe
  2⤵
  PID:5052
- C:\Windows\System\WGHaYUB.exe
  C:\Windows\System\WGHaYUB.exe
  2⤵
  PID:5072
- C:\Windows\System\oLgFCrV.exe
  C:\Windows\System\oLgFCrV.exe
  2⤵
  PID:5092
- C:\Windows\System\jgPEdyS.exe
  C:\Windows\System\jgPEdyS.exe
  2⤵
  PID:5108
- C:\Windows\System\WBeOvpO.exe
  C:\Windows\System\WBeOvpO.exe
  2⤵
  PID:3196
- C:\Windows\System\BLMYFur.exe
  C:\Windows\System\BLMYFur.exe
  2⤵
  PID:4056
- C:\Windows\System\mhDWlNZ.exe
  C:\Windows\System\mhDWlNZ.exe
  2⤵
  PID:3684
- C:\Windows\System\qZuCDOv.exe
  C:\Windows\System\qZuCDOv.exe
  2⤵
  PID:3908
- C:\Windows\System\yYlgazC.exe
  C:\Windows\System\yYlgazC.exe
  2⤵
  PID:4256
- C:\Windows\System\toTNHXA.exe
  C:\Windows\System\toTNHXA.exe
  2⤵
  PID:4236
- C:\Windows\System\wkteQsg.exe
  C:\Windows\System\wkteQsg.exe
  2⤵
  PID:4252
- C:\Windows\System\GJEswSo.exe
  C:\Windows\System\GJEswSo.exe
  2⤵
  PID:4264
- C:\Windows\System\reipRVl.exe
  C:\Windows\System\reipRVl.exe
  2⤵
  PID:4296
- C:\Windows\System\pHOjzlA.exe
  C:\Windows\System\pHOjzlA.exe
  2⤵
  PID:2996
- C:\Windows\System\AZyYTFt.exe
  C:\Windows\System\AZyYTFt.exe
  2⤵
  PID:4332
- C:\Windows\System\mMlPkYQ.exe
  C:\Windows\System\mMlPkYQ.exe
  2⤵
  PID:4456
- C:\Windows\System\wWwAhpw.exe
  C:\Windows\System\wWwAhpw.exe
  2⤵
  PID:4476
- C:\Windows\System\cIZFrcH.exe
  C:\Windows\System\cIZFrcH.exe
  2⤵
  PID:4488
- C:\Windows\System\QwBwGep.exe
  C:\Windows\System\QwBwGep.exe
  2⤵
  PID:4496
- C:\Windows\System\KMWwxRz.exe
  C:\Windows\System\KMWwxRz.exe
  2⤵
  PID:4548
- C:\Windows\System\ibHKnrt.exe
  C:\Windows\System\ibHKnrt.exe
  2⤵
  PID:4588
- C:\Windows\System\cAIfmkI.exe
  C:\Windows\System\cAIfmkI.exe
  2⤵
  PID:4632
- C:\Windows\System\CktWjFA.exe
  C:\Windows\System\CktWjFA.exe
  2⤵
  PID:4532
- C:\Windows\System\rtVcbtF.exe
  C:\Windows\System\rtVcbtF.exe
  2⤵
  PID:4536
- C:\Windows\System\TPnyzWT.exe
  C:\Windows\System\TPnyzWT.exe
  2⤵
  PID:4712
- C:\Windows\System\VfgNYfr.exe
  C:\Windows\System\VfgNYfr.exe
  2⤵
  PID:4780
- C:\Windows\System\ScYIOmD.exe
  C:\Windows\System\ScYIOmD.exe
  2⤵
  PID:4696
- C:\Windows\System\aAwZQNV.exe
  C:\Windows\System\aAwZQNV.exe
  2⤵
  PID:4824
- C:\Windows\System\MhvhTpB.exe
  C:\Windows\System\MhvhTpB.exe
  2⤵
  PID:4832
- C:\Windows\System\jHOGQNs.exe
  C:\Windows\System\jHOGQNs.exe
  2⤵
  PID:4872
- C:\Windows\System\ZolHapc.exe
  C:\Windows\System\ZolHapc.exe
  2⤵
  PID:5016
- C:\Windows\System\EgirJTi.exe
  C:\Windows\System\EgirJTi.exe
  2⤵
  PID:5012
- C:\Windows\System\iMenZNk.exe
  C:\Windows\System\iMenZNk.exe
  2⤵
  PID:5084
- C:\Windows\System\YdOVQrT.exe
  C:\Windows\System\YdOVQrT.exe
  2⤵
  PID:3288
- C:\Windows\System\XMFVrZw.exe
  C:\Windows\System\XMFVrZw.exe
  2⤵
  PID:4920
- C:\Windows\System\EjyeOQQ.exe
  C:\Windows\System\EjyeOQQ.exe
  2⤵
  PID:5032
- C:\Windows\System\WoEmiux.exe
  C:\Windows\System\WoEmiux.exe
  2⤵
  PID:5100
- C:\Windows\System\oXNSFWh.exe
  C:\Windows\System\oXNSFWh.exe
  2⤵
  PID:4112
- C:\Windows\System\hXNkRNV.exe
  C:\Windows\System\hXNkRNV.exe
  2⤵
  PID:4156
- C:\Windows\System\uvBFmPE.exe
  C:\Windows\System\uvBFmPE.exe
  2⤵
  PID:4148
- C:\Windows\System\auMSolw.exe
  C:\Windows\System\auMSolw.exe
  2⤵
  PID:4216
- C:\Windows\System\OhrZBmK.exe
  C:\Windows\System\OhrZBmK.exe
  2⤵
  PID:3068
- C:\Windows\System\JErijip.exe
  C:\Windows\System\JErijip.exe
  2⤵
  PID:2960
- C:\Windows\System\OtAZptz.exe
  C:\Windows\System\OtAZptz.exe
  2⤵
  PID:2580
- C:\Windows\System\oBNoUzQ.exe
  C:\Windows\System\oBNoUzQ.exe
  2⤵
  PID:956
- C:\Windows\System\lwMoUDt.exe
  C:\Windows\System\lwMoUDt.exe
  2⤵
  PID:4288
- C:\Windows\System\qXNhlMS.exe
  C:\Windows\System\qXNhlMS.exe
  2⤵
  PID:4388
- C:\Windows\System\ZFdQkzI.exe
  C:\Windows\System\ZFdQkzI.exe
  2⤵
  PID:4444
- C:\Windows\System\AJLsXAb.exe
  C:\Windows\System\AJLsXAb.exe
  2⤵
  PID:4372
- C:\Windows\System\DqjymWi.exe
  C:\Windows\System\DqjymWi.exe
  2⤵
  PID:4336
- C:\Windows\System\VqUEROE.exe
  C:\Windows\System\VqUEROE.exe
  2⤵
  PID:2192
- C:\Windows\System\vnlgnbG.exe
  C:\Windows\System\vnlgnbG.exe
  2⤵
  PID:4660
- C:\Windows\System\izCWrHg.exe
  C:\Windows\System\izCWrHg.exe
  2⤵
  PID:4516
- C:\Windows\System\gHKqArS.exe
  C:\Windows\System\gHKqArS.exe
  2⤵
  PID:4672
- C:\Windows\System\outvPqM.exe
  C:\Windows\System\outvPqM.exe
  2⤵
  PID:4744
- C:\Windows\System\juFtqNE.exe
  C:\Windows\System\juFtqNE.exe
  2⤵
  PID:4820
- C:\Windows\System\QeyiWQv.exe
  C:\Windows\System\QeyiWQv.exe
  2⤵
  PID:4764
- C:\Windows\System\plvKUWv.exe
  C:\Windows\System\plvKUWv.exe
  2⤵
  PID:4940
- C:\Windows\System\ZZAhUoQ.exe
  C:\Windows\System\ZZAhUoQ.exe
  2⤵
  PID:4976
- C:\Windows\System\CyDAdJl.exe
  C:\Windows\System\CyDAdJl.exe
  2⤵
  PID:2448
- C:\Windows\System\hHHmOcs.exe
  C:\Windows\System\hHHmOcs.exe
  2⤵
  PID:776
- C:\Windows\System\WhboBvX.exe
  C:\Windows\System\WhboBvX.exe
  2⤵
  PID:4988
- C:\Windows\System\mgQwXRb.exe
  C:\Windows\System\mgQwXRb.exe
  2⤵
  PID:4996
- C:\Windows\System\vsghdUy.exe
  C:\Windows\System\vsghdUy.exe
  2⤵
  PID:1040
- C:\Windows\System\RsHBxog.exe
  C:\Windows\System\RsHBxog.exe
  2⤵
  PID:5068
- C:\Windows\System\SzctqIl.exe
  C:\Windows\System\SzctqIl.exe
  2⤵
  PID:1776
- C:\Windows\System\bBrdZPA.exe
  C:\Windows\System\bBrdZPA.exe
  2⤵
  PID:664
- C:\Windows\System\wBIBLZc.exe
  C:\Windows\System\wBIBLZc.exe
  2⤵
  PID:3844
- C:\Windows\System\pooFVCC.exe
  C:\Windows\System\pooFVCC.exe
  2⤵
  PID:1336
- C:\Windows\System\qvwGaJQ.exe
  C:\Windows\System\qvwGaJQ.exe
  2⤵
  PID:1848
- C:\Windows\System\gHOCCsB.exe
  C:\Windows\System\gHOCCsB.exe
  2⤵
  PID:1756
- C:\Windows\System\oJIxHbh.exe
  C:\Windows\System\oJIxHbh.exe
  2⤵
  PID:4400
- C:\Windows\System\IRjbrQW.exe
  C:\Windows\System\IRjbrQW.exe
  2⤵
  PID:4424
- C:\Windows\System\kODPgIB.exe
  C:\Windows\System\kODPgIB.exe
  2⤵
  PID:4812
- C:\Windows\System\rvROElf.exe
  C:\Windows\System\rvROElf.exe
  2⤵
  PID:4664
- C:\Windows\System\xoFmYJo.exe
  C:\Windows\System\xoFmYJo.exe
  2⤵
  PID:4756
- C:\Windows\System\nEhmlfp.exe
  C:\Windows\System\nEhmlfp.exe
  2⤵
  PID:4864
- C:\Windows\System\VMytyNL.exe
  C:\Windows\System\VMytyNL.exe
  2⤵
  PID:4868
- C:\Windows\System\KmiERRA.exe
  C:\Windows\System\KmiERRA.exe
  2⤵
  PID:5064
- C:\Windows\System\AeUawjs.exe
  C:\Windows\System\AeUawjs.exe
  2⤵
  PID:2080
- C:\Windows\System\AUKzBGW.exe
  C:\Windows\System\AUKzBGW.exe
  2⤵
  PID:3100
- C:\Windows\System\tUjCzSD.exe
  C:\Windows\System\tUjCzSD.exe
  2⤵
  PID:2792
- C:\Windows\System\VYNAILm.exe
  C:\Windows\System\VYNAILm.exe
  2⤵
  PID:4184
- C:\Windows\System\ZIcCxxm.exe
  C:\Windows\System\ZIcCxxm.exe
  2⤵
  PID:4300
- C:\Windows\System\qnxnnlX.exe
  C:\Windows\System\qnxnnlX.exe
  2⤵
  PID:4280
- C:\Windows\System\vZIZIDi.exe
  C:\Windows\System\vZIZIDi.exe
  2⤵
  PID:4352
- C:\Windows\System\lJeYeOu.exe
  C:\Windows\System\lJeYeOu.exe
  2⤵
  PID:4728
- C:\Windows\System\BELtEAn.exe
  C:\Windows\System\BELtEAn.exe
  2⤵
  PID:4292
- C:\Windows\System\pBPXkZf.exe
  C:\Windows\System\pBPXkZf.exe
  2⤵
  PID:4688
- C:\Windows\System\DmtSsCm.exe
  C:\Windows\System\DmtSsCm.exe
  2⤵
  PID:4828
- C:\Windows\System\MLaFpxx.exe
  C:\Windows\System\MLaFpxx.exe
  2⤵
  PID:2064
- C:\Windows\System\OshKSpB.exe
  C:\Windows\System\OshKSpB.exe
  2⤵
  PID:5080
- C:\Windows\System\piusUkh.exe
  C:\Windows\System\piusUkh.exe
  2⤵
  PID:4104
- C:\Windows\System\RSbhKKR.exe
  C:\Windows\System\RSbhKKR.exe
  2⤵
  PID:4284
- C:\Windows\System\KOiewdp.exe
  C:\Windows\System\KOiewdp.exe
  2⤵
  PID:1772
- C:\Windows\System\lhfuhLB.exe
  C:\Windows\System\lhfuhLB.exe
  2⤵
  PID:4464
- C:\Windows\System\xWOMwQB.exe
  C:\Windows\System\xWOMwQB.exe
  2⤵
  PID:4624
- C:\Windows\System\gjKeweH.exe
  C:\Windows\System\gjKeweH.exe
  2⤵
  PID:4848
- C:\Windows\System\QIEDVVp.exe
  C:\Windows\System\QIEDVVp.exe
  2⤵
  PID:4212
- C:\Windows\System\vTXWvnH.exe
  C:\Windows\System\vTXWvnH.exe
  2⤵
  PID:2812
- C:\Windows\System\NClWzNa.exe
  C:\Windows\System\NClWzNa.exe
  2⤵
  PID:4492
- C:\Windows\System\VnqJuLZ.exe
  C:\Windows\System\VnqJuLZ.exe
  2⤵
  PID:1472
- C:\Windows\System\AukqEfi.exe
  C:\Windows\System\AukqEfi.exe
  2⤵
  PID:4924
- C:\Windows\System\DXlsNdI.exe
  C:\Windows\System\DXlsNdI.exe
  2⤵
  PID:4120
- C:\Windows\System\ueCkgNR.exe
  C:\Windows\System\ueCkgNR.exe
  2⤵
  PID:4708
- C:\Windows\System\MvYfyHB.exe
  C:\Windows\System\MvYfyHB.exe
  2⤵
  PID:1516
- C:\Windows\System\vkBKXNf.exe
  C:\Windows\System\vkBKXNf.exe
  2⤵
  PID:5124
- C:\Windows\System\ddLcWui.exe
  C:\Windows\System\ddLcWui.exe
  2⤵
  PID:5140
- C:\Windows\System\fyaOcRa.exe
  C:\Windows\System\fyaOcRa.exe
  2⤵
  PID:5156
- C:\Windows\System\qwPWJDV.exe
  C:\Windows\System\qwPWJDV.exe
  2⤵
  PID:5172
- C:\Windows\System\zTvpDdf.exe
  C:\Windows\System\zTvpDdf.exe
  2⤵
  PID:5188
- C:\Windows\System\ntfGuxx.exe
  C:\Windows\System\ntfGuxx.exe
  2⤵
  PID:5208
- C:\Windows\System\oQnEbfg.exe
  C:\Windows\System\oQnEbfg.exe
  2⤵
  PID:5224
- C:\Windows\System\CsEZfaT.exe
  C:\Windows\System\CsEZfaT.exe
  2⤵
  PID:5240
- C:\Windows\System\omAbWnv.exe
  C:\Windows\System\omAbWnv.exe
  2⤵
  PID:5260
- C:\Windows\System\UOnRKaL.exe
  C:\Windows\System\UOnRKaL.exe
  2⤵
  PID:5300
- C:\Windows\System\jBAgFku.exe
  C:\Windows\System\jBAgFku.exe
  2⤵
  PID:5324
- C:\Windows\System\XBDomvD.exe
  C:\Windows\System\XBDomvD.exe
  2⤵
  PID:5340
- C:\Windows\System\glZXJFa.exe
  C:\Windows\System\glZXJFa.exe
  2⤵
  PID:5356
- C:\Windows\System\YUlZGcw.exe
  C:\Windows\System\YUlZGcw.exe
  2⤵
  PID:5376
- C:\Windows\System\AaruCzt.exe
  C:\Windows\System\AaruCzt.exe
  2⤵
  PID:5392
- C:\Windows\System\hUODMPR.exe
  C:\Windows\System\hUODMPR.exe
  2⤵
  PID:5452
- C:\Windows\System\jYgXIcF.exe
  C:\Windows\System\jYgXIcF.exe
  2⤵
  PID:5468
- C:\Windows\System\OvbHbaJ.exe
  C:\Windows\System\OvbHbaJ.exe
  2⤵
  PID:5484
- C:\Windows\System\cfnhLAK.exe
  C:\Windows\System\cfnhLAK.exe
  2⤵
  PID:5512
- C:\Windows\System\STkfdrF.exe
  C:\Windows\System\STkfdrF.exe
  2⤵
  PID:5528
- C:\Windows\System\mpXbEdn.exe
  C:\Windows\System\mpXbEdn.exe
  2⤵
  PID:5544
- C:\Windows\System\KaVWHae.exe
  C:\Windows\System\KaVWHae.exe
  2⤵
  PID:5560
- C:\Windows\System\gbVvpgo.exe
  C:\Windows\System\gbVvpgo.exe
  2⤵
  PID:5576
- C:\Windows\System\fKjADxZ.exe
  C:\Windows\System\fKjADxZ.exe
  2⤵
  PID:5604
- C:\Windows\System\xdWOOnu.exe
  C:\Windows\System\xdWOOnu.exe
  2⤵
  PID:5620
- C:\Windows\System\pwhFTjM.exe
  C:\Windows\System\pwhFTjM.exe
  2⤵
  PID:5640
- C:\Windows\System\pMgTfDj.exe
  C:\Windows\System\pMgTfDj.exe
  2⤵
  PID:5656
- C:\Windows\System\ssoaMDn.exe
  C:\Windows\System\ssoaMDn.exe
  2⤵
  PID:5676
- C:\Windows\System\wwRTbMm.exe
  C:\Windows\System\wwRTbMm.exe
  2⤵
  PID:5692
- C:\Windows\System\HAaRGyo.exe
  C:\Windows\System\HAaRGyo.exe
  2⤵
  PID:5708
- C:\Windows\System\ZcBAyLt.exe
  C:\Windows\System\ZcBAyLt.exe
  2⤵
  PID:5724
- C:\Windows\System\xkdphxH.exe
  C:\Windows\System\xkdphxH.exe
  2⤵
  PID:5740
- C:\Windows\System\hnqrNNx.exe
  C:\Windows\System\hnqrNNx.exe
  2⤵
  PID:5760
- C:\Windows\System\XUmeqsq.exe
  C:\Windows\System\XUmeqsq.exe
  2⤵
  PID:5776
- C:\Windows\System\BJjYtSV.exe
  C:\Windows\System\BJjYtSV.exe
  2⤵
  PID:5796
- C:\Windows\System\seWKeko.exe
  C:\Windows\System\seWKeko.exe
  2⤵
  PID:5812
- C:\Windows\System\eRIkHLc.exe
  C:\Windows\System\eRIkHLc.exe
  2⤵
  PID:5832
- C:\Windows\System\oImuAsF.exe
  C:\Windows\System\oImuAsF.exe
  2⤵
  PID:5888
- C:\Windows\System\UcYYmKX.exe
  C:\Windows\System\UcYYmKX.exe
  2⤵
  PID:5908
- C:\Windows\System\YgyfKdI.exe
  C:\Windows\System\YgyfKdI.exe
  2⤵
  PID:5928
- C:\Windows\System\maxGocO.exe
  C:\Windows\System\maxGocO.exe
  2⤵
  PID:5944
- C:\Windows\System\sRnHTwY.exe
  C:\Windows\System\sRnHTwY.exe
  2⤵
  PID:5960
- C:\Windows\System\UyqnPFV.exe
  C:\Windows\System\UyqnPFV.exe
  2⤵
  PID:5976
- C:\Windows\System\hfAMTNG.exe
  C:\Windows\System\hfAMTNG.exe
  2⤵
  PID:5992
- C:\Windows\System\meZOikM.exe
  C:\Windows\System\meZOikM.exe
  2⤵
  PID:6008
- C:\Windows\System\tWJGskx.exe
  C:\Windows\System\tWJGskx.exe
  2⤵
  PID:6028
- C:\Windows\System\ebpSfDx.exe
  C:\Windows\System\ebpSfDx.exe
  2⤵
  PID:6048
- C:\Windows\System\HQtrkLm.exe
  C:\Windows\System\HQtrkLm.exe
  2⤵
  PID:6064
- C:\Windows\System\FOVEyLl.exe
  C:\Windows\System\FOVEyLl.exe
  2⤵
  PID:6080
- C:\Windows\System\KyvOZTg.exe
  C:\Windows\System\KyvOZTg.exe
  2⤵
  PID:6096
- C:\Windows\System\LKnSlcG.exe
  C:\Windows\System\LKnSlcG.exe
  2⤵
  PID:6116
- C:\Windows\System\ibUGdmU.exe
  C:\Windows\System\ibUGdmU.exe
  2⤵
  PID:6132
- C:\Windows\System\AuatsCD.exe
  C:\Windows\System\AuatsCD.exe
  2⤵
  PID:5220
- C:\Windows\System\IoAOVcV.exe
  C:\Windows\System\IoAOVcV.exe
  2⤵
  PID:1728
- C:\Windows\System\oOWDACd.exe
  C:\Windows\System\oOWDACd.exe
  2⤵
  PID:5316
- C:\Windows\System\HUMvLZn.exe
  C:\Windows\System\HUMvLZn.exe
  2⤵
  PID:5132
- C:\Windows\System\UGIAtdw.exe
  C:\Windows\System\UGIAtdw.exe
  2⤵
  PID:5204
- C:\Windows\System\lhlJBsw.exe
  C:\Windows\System\lhlJBsw.exe
  2⤵
  PID:5388
- C:\Windows\System\ealreFD.exe
  C:\Windows\System\ealreFD.exe
  2⤵
  PID:5364
- C:\Windows\System\mNdCtjk.exe
  C:\Windows\System\mNdCtjk.exe
  2⤵
  PID:5296
- C:\Windows\System\wZiUPGP.exe
  C:\Windows\System\wZiUPGP.exe
  2⤵
  PID:5416
- C:\Windows\System\pVwIgNF.exe
  C:\Windows\System\pVwIgNF.exe
  2⤵
  PID:5428
- C:\Windows\System\ynhsRNR.exe
  C:\Windows\System\ynhsRNR.exe
  2⤵
  PID:5552
- C:\Windows\System\gQPxLGp.exe
  C:\Windows\System\gQPxLGp.exe
  2⤵
  PID:5612
- C:\Windows\System\FdoxVWw.exe
  C:\Windows\System\FdoxVWw.exe
  2⤵
  PID:5688
- C:\Windows\System\caXtBvI.exe
  C:\Windows\System\caXtBvI.exe
  2⤵
  PID:5784
- C:\Windows\System\ozJIMJt.exe
  C:\Windows\System\ozJIMJt.exe
  2⤵
  PID:5788
- C:\Windows\System\DpcGFOo.exe
  C:\Windows\System\DpcGFOo.exe
  2⤵
  PID:5824
- C:\Windows\System\CPGVVgd.exe
  C:\Windows\System\CPGVVgd.exe
  2⤵
  PID:5768
- C:\Windows\System\QRAjMgS.exe
  C:\Windows\System\QRAjMgS.exe
  2⤵
  PID:5664
- C:\Windows\System\cZDHhJZ.exe
  C:\Windows\System\cZDHhJZ.exe
  2⤵
  PID:5904
- C:\Windows\System\FdvIAME.exe
  C:\Windows\System\FdvIAME.exe
  2⤵
  PID:5704
- C:\Windows\System\zahsJfE.exe
  C:\Windows\System\zahsJfE.exe
  2⤵
  PID:5808
- C:\Windows\System\YiqkGVm.exe
  C:\Windows\System\YiqkGVm.exe
  2⤵
  PID:5936
- C:\Windows\System\tFAvqPs.exe
  C:\Windows\System\tFAvqPs.exe
  2⤵
  PID:5916
- C:\Windows\System\BrCVDbm.exe
  C:\Windows\System\BrCVDbm.exe
  2⤵
  PID:6072
- C:\Windows\System\SgnIxuZ.exe
  C:\Windows\System\SgnIxuZ.exe
  2⤵
  PID:5860
- C:\Windows\System\aBDuahN.exe
  C:\Windows\System\aBDuahN.exe
  2⤵
  PID:5872
- C:\Windows\System\DEJcYpw.exe
  C:\Windows\System\DEJcYpw.exe
  2⤵
  PID:6104
- C:\Windows\System\XqjksAX.exe
  C:\Windows\System\XqjksAX.exe
  2⤵
  PID:5152
- C:\Windows\System\YQFrZAt.exe
  C:\Windows\System\YQFrZAt.exe
  2⤵
  PID:5180
- C:\Windows\System\iZqgbCf.exe
  C:\Windows\System\iZqgbCf.exe
  2⤵
  PID:6020
- C:\Windows\System\CbGEIdZ.exe
  C:\Windows\System\CbGEIdZ.exe
  2⤵
  PID:5196
- C:\Windows\System\lGyjLmF.exe
  C:\Windows\System\lGyjLmF.exe
  2⤵
  PID:5368
- C:\Windows\System\vNxWdbX.exe
  C:\Windows\System\vNxWdbX.exe
  2⤵
  PID:6024
- C:\Windows\System\mrkEhJW.exe
  C:\Windows\System\mrkEhJW.exe
  2⤵
  PID:5256
- C:\Windows\System\WDAXWcr.exe
  C:\Windows\System\WDAXWcr.exe
  2⤵
  PID:5348
- C:\Windows\System\XNZLsGG.exe
  C:\Windows\System\XNZLsGG.exe
  2⤵
  PID:5408
- C:\Windows\System\gVeeRmD.exe
  C:\Windows\System\gVeeRmD.exe
  2⤵
  PID:5272
- C:\Windows\System\dMXbUAX.exe
  C:\Windows\System\dMXbUAX.exe
  2⤵
  PID:5436
- C:\Windows\System\WinaVex.exe
  C:\Windows\System\WinaVex.exe
  2⤵
  PID:5480
- C:\Windows\System\dixknJJ.exe
  C:\Windows\System\dixknJJ.exe
  2⤵
  PID:5508
- C:\Windows\System\JwuvcZk.exe
  C:\Windows\System\JwuvcZk.exe
  2⤵
  PID:5524
- C:\Windows\System\oGCxNWH.exe
  C:\Windows\System\oGCxNWH.exe
  2⤵
  PID:5756
- C:\Windows\System\rbYrKGK.exe
  C:\Windows\System\rbYrKGK.exe
  2⤵
  PID:5900
- C:\Windows\System\MAabKkp.exe
  C:\Windows\System\MAabKkp.exe
  2⤵
  PID:5720
- C:\Windows\System\jpnzAQd.exe
  C:\Windows\System\jpnzAQd.exe
  2⤵
  PID:5856
- C:\Windows\System\uaAFCSY.exe
  C:\Windows\System\uaAFCSY.exe
  2⤵
  PID:6076
- C:\Windows\System\dRMeRWv.exe
  C:\Windows\System\dRMeRWv.exe
  2⤵
  PID:5924
- C:\Windows\System\DdiZYTU.exe
  C:\Windows\System\DdiZYTU.exe
  2⤵
  PID:6140
- C:\Windows\System\nMNUArs.exe
  C:\Windows\System\nMNUArs.exe
  2⤵
  PID:4724
- C:\Windows\System\ZomScxL.exe
  C:\Windows\System\ZomScxL.exe
  2⤵
  PID:5320
- C:\Windows\System\ThyUwqy.exe
  C:\Windows\System\ThyUwqy.exe
  2⤵
  PID:5232
- C:\Windows\System\RyNJVqO.exe
  C:\Windows\System\RyNJVqO.exe
  2⤵
  PID:5568
- C:\Windows\System\KNuaZEk.exe
  C:\Windows\System\KNuaZEk.exe
  2⤵
  PID:5572
- C:\Windows\System\GAKhTuN.exe
  C:\Windows\System\GAKhTuN.exe
  2⤵
  PID:5412
- C:\Windows\System\HHuQPev.exe
  C:\Windows\System\HHuQPev.exe
  2⤵
  PID:5496
- C:\Windows\System\iGNGQmQ.exe
  C:\Windows\System\iGNGQmQ.exe
  2⤵
  PID:5372
- C:\Windows\System\IajcgUv.exe
  C:\Windows\System\IajcgUv.exe
  2⤵
  PID:5252
- C:\Windows\System\mqYLcdl.exe
  C:\Windows\System\mqYLcdl.exe
  2⤵
  PID:5684
- C:\Windows\System\znnoItO.exe
  C:\Windows\System\znnoItO.exe
  2⤵
  PID:5628
- C:\Windows\System\kFPwANC.exe
  C:\Windows\System\kFPwANC.exe
  2⤵
  PID:5700
- C:\Windows\System\qvBRQcw.exe
  C:\Windows\System\qvBRQcw.exe
  2⤵
  PID:5876
- C:\Windows\System\NhJAOdm.exe
  C:\Windows\System\NhJAOdm.exe
  2⤵
  PID:6128
- C:\Windows\System\QlshyZX.exe
  C:\Windows\System\QlshyZX.exe
  2⤵
  PID:5536
- C:\Windows\System\nBGhtNd.exe
  C:\Windows\System\nBGhtNd.exe
  2⤵
  PID:5284
- C:\Windows\System\UmBIhcG.exe
  C:\Windows\System\UmBIhcG.exe
  2⤵
  PID:5464
- C:\Windows\System\ZzzxEKq.exe
  C:\Windows\System\ZzzxEKq.exe
  2⤵
  PID:5164
- C:\Windows\System\OmTUXHz.exe
  C:\Windows\System\OmTUXHz.exe
  2⤵
  PID:5804
- C:\Windows\System\jJBEytM.exe
  C:\Windows\System\jJBEytM.exe
  2⤵
  PID:5868
- C:\Windows\System\olUfPvC.exe
  C:\Windows\System\olUfPvC.exe
  2⤵
  PID:5312
- C:\Windows\System\LnEeFJt.exe
  C:\Windows\System\LnEeFJt.exe
  2⤵
  PID:6004
- C:\Windows\System\BqzIyCp.exe
  C:\Windows\System\BqzIyCp.exe
  2⤵
  PID:5184
- C:\Windows\System\rDgxmKt.exe
  C:\Windows\System\rDgxmKt.exe
  2⤵
  PID:6040
- C:\Windows\System\GXequhS.exe
  C:\Windows\System\GXequhS.exe
  2⤵
  PID:5716
- C:\Windows\System\AvVkTpW.exe
  C:\Windows\System\AvVkTpW.exe
  2⤵
  PID:528
- C:\Windows\System\xtIecHw.exe
  C:\Windows\System\xtIecHw.exe
  2⤵
  PID:6148
- C:\Windows\System\lYCfbRq.exe
  C:\Windows\System\lYCfbRq.exe
  2⤵
  PID:6168
- C:\Windows\System\bbcVpnY.exe
  C:\Windows\System\bbcVpnY.exe
  2⤵
  PID:6184
- C:\Windows\System\morJJmZ.exe
  C:\Windows\System\morJJmZ.exe
  2⤵
  PID:6204
- C:\Windows\System\LfHigqB.exe
  C:\Windows\System\LfHigqB.exe
  2⤵
  PID:6220
- C:\Windows\System\QLlbebB.exe
  C:\Windows\System\QLlbebB.exe
  2⤵
  PID:6244
- C:\Windows\System\CRRtqPA.exe
  C:\Windows\System\CRRtqPA.exe
  2⤵
  PID:6260
- C:\Windows\System\efsBFMI.exe
  C:\Windows\System\efsBFMI.exe
  2⤵
  PID:6472
- C:\Windows\System\vycAYxs.exe
  C:\Windows\System\vycAYxs.exe
  2⤵
  PID:6488
- C:\Windows\System\vhpotHf.exe
  C:\Windows\System\vhpotHf.exe
  2⤵
  PID:6508
- C:\Windows\System\ZnOjtif.exe
  C:\Windows\System\ZnOjtif.exe
  2⤵
  PID:6532
- C:\Windows\System\EzOlZeY.exe
  C:\Windows\System\EzOlZeY.exe
  2⤵
  PID:6552
- C:\Windows\System\ZxbuwWn.exe
  C:\Windows\System\ZxbuwWn.exe
  2⤵
  PID:6568
- C:\Windows\System\mvhAYWM.exe
  C:\Windows\System\mvhAYWM.exe
  2⤵
  PID:6584
- C:\Windows\System\BZQcKUo.exe
  C:\Windows\System\BZQcKUo.exe
  2⤵
  PID:6600
- C:\Windows\System\iyUXiOv.exe
  C:\Windows\System\iyUXiOv.exe
  2⤵
  PID:6620
- C:\Windows\System\aaPlvSb.exe
  C:\Windows\System\aaPlvSb.exe
  2⤵
  PID:6636
- C:\Windows\System\zaLFrfZ.exe
  C:\Windows\System\zaLFrfZ.exe
  2⤵
  PID:6656
- C:\Windows\System\ZizlIqL.exe
  C:\Windows\System\ZizlIqL.exe
  2⤵
  PID:6672
- C:\Windows\System\RwfnRKQ.exe
  C:\Windows\System\RwfnRKQ.exe
  2⤵
  PID:6692
- C:\Windows\System\xOwzYCl.exe
  C:\Windows\System\xOwzYCl.exe
  2⤵
  PID:6708
- C:\Windows\System\cWsxeNA.exe
  C:\Windows\System\cWsxeNA.exe
  2⤵
  PID:6724
- C:\Windows\System\RYdxJGw.exe
  C:\Windows\System\RYdxJGw.exe
  2⤵
  PID:6776
- C:\Windows\System\vXLOWiH.exe
  C:\Windows\System\vXLOWiH.exe
  2⤵
  PID:6792
- C:\Windows\System\wrPlRvM.exe
  C:\Windows\System\wrPlRvM.exe
  2⤵
  PID:6808
- C:\Windows\System\PfVngmH.exe
  C:\Windows\System\PfVngmH.exe
  2⤵
  PID:6828
- C:\Windows\System\eviDSIm.exe
  C:\Windows\System\eviDSIm.exe
  2⤵
  PID:6848
- C:\Windows\System\hGqPaYR.exe
  C:\Windows\System\hGqPaYR.exe
  2⤵
  PID:6864
- C:\Windows\System\qbNNGGb.exe
  C:\Windows\System\qbNNGGb.exe
  2⤵
  PID:6880
- C:\Windows\System\ttyplJx.exe
  C:\Windows\System\ttyplJx.exe
  2⤵
  PID:6900
- C:\Windows\System\LUOXprL.exe
  C:\Windows\System\LUOXprL.exe
  2⤵
  PID:6920
- C:\Windows\System\icBxfTj.exe
  C:\Windows\System\icBxfTj.exe
  2⤵
  PID:6940
- C:\Windows\System\goTYIse.exe
  C:\Windows\System\goTYIse.exe
  2⤵
  PID:6956
- C:\Windows\System\soStiMv.exe
  C:\Windows\System\soStiMv.exe
  2⤵
  PID:6972
- C:\Windows\System\BXBEEqo.exe
  C:\Windows\System\BXBEEqo.exe
  2⤵
  PID:6988
- C:\Windows\System\UVnFXbD.exe
  C:\Windows\System\UVnFXbD.exe
  2⤵
  PID:7032
- C:\Windows\System\GtLoZHJ.exe
  C:\Windows\System\GtLoZHJ.exe
  2⤵
  PID:7052
- C:\Windows\System\OSbOkQz.exe
  C:\Windows\System\OSbOkQz.exe
  2⤵
  PID:7068
- C:\Windows\System\fyxQmLN.exe
  C:\Windows\System\fyxQmLN.exe
  2⤵
  PID:7088
- C:\Windows\System\wwlNXYN.exe
  C:\Windows\System\wwlNXYN.exe
  2⤵
  PID:7104
- C:\Windows\System\uDFylYU.exe
  C:\Windows\System\uDFylYU.exe
  2⤵
  PID:7124
- C:\Windows\System\zIWiDrt.exe
  C:\Windows\System\zIWiDrt.exe
  2⤵
  PID:7140
- C:\Windows\System\iJsRwOJ.exe
  C:\Windows\System\iJsRwOJ.exe
  2⤵
  PID:7156
- C:\Windows\System\XfiZYbU.exe
  C:\Windows\System\XfiZYbU.exe
  2⤵
  PID:5540
- C:\Windows\System\MtwESgX.exe
  C:\Windows\System\MtwESgX.exe
  2⤵
  PID:6212
- C:\Windows\System\kWzCffV.exe
  C:\Windows\System\kWzCffV.exe
  2⤵
  PID:5896
- C:\Windows\System\FdTjOor.exe
  C:\Windows\System\FdTjOor.exe
  2⤵
  PID:6228
- C:\Windows\System\VSrIrbE.exe
  C:\Windows\System\VSrIrbE.exe
  2⤵
  PID:6196
- C:\Windows\System\UENouBi.exe
  C:\Windows\System\UENouBi.exe
  2⤵
  PID:5592
- C:\Windows\System\KCtxzRD.exe
  C:\Windows\System\KCtxzRD.exe
  2⤵
  PID:6304
- C:\Windows\System\HRloAXO.exe
  C:\Windows\System\HRloAXO.exe
  2⤵
  PID:6352
- C:\Windows\System\MkMkBxW.exe
  C:\Windows\System\MkMkBxW.exe
  2⤵
  PID:6368
- C:\Windows\System\tcCEHUy.exe
  C:\Windows\System\tcCEHUy.exe
  2⤵
  PID:6408
- C:\Windows\System\sjcffDN.exe
  C:\Windows\System\sjcffDN.exe
  2⤵
  PID:6340
- C:\Windows\System\aIfLtAR.exe
  C:\Windows\System\aIfLtAR.exe
  2⤵
  PID:6308
- C:\Windows\System\nIYBPpj.exe
  C:\Windows\System\nIYBPpj.exe
  2⤵
  PID:6324
- C:\Windows\System\ofQDuXc.exe
  C:\Windows\System\ofQDuXc.exe
  2⤵
  PID:6380
- C:\Windows\System\YQhusbm.exe
  C:\Windows\System\YQhusbm.exe
  2⤵
  PID:6468
- C:\Windows\System\gqFriBb.exe
  C:\Windows\System\gqFriBb.exe
  2⤵
  PID:6520
- C:\Windows\System\JvHVLBw.exe
  C:\Windows\System\JvHVLBw.exe
  2⤵
  PID:6564
- C:\Windows\System\dxwdxVH.exe
  C:\Windows\System\dxwdxVH.exe
  2⤵
  PID:6632
- C:\Windows\System\XzTDQgJ.exe
  C:\Windows\System\XzTDQgJ.exe
  2⤵
  PID:6544
- C:\Windows\System\VApNAyM.exe
  C:\Windows\System\VApNAyM.exe
  2⤵
  PID:6732
- C:\Windows\System\iIuUdiI.exe
  C:\Windows\System\iIuUdiI.exe
  2⤵
  PID:6756
- C:\Windows\System\bIfStoZ.exe
  C:\Windows\System\bIfStoZ.exe
  2⤵
  PID:6772
- C:\Windows\System\MYqVDhf.exe
  C:\Windows\System\MYqVDhf.exe
  2⤵
  PID:6612
- C:\Windows\System\dGQYKyu.exe
  C:\Windows\System\dGQYKyu.exe
  2⤵
  PID:6652
- C:\Windows\System\wPUmnYU.exe
  C:\Windows\System\wPUmnYU.exe
  2⤵
  PID:6716
- C:\Windows\System\vCMwrrl.exe
  C:\Windows\System\vCMwrrl.exe
  2⤵
  PID:6788
- C:\Windows\System\ByyTIAF.exe
  C:\Windows\System\ByyTIAF.exe
  2⤵
  PID:6856
- C:\Windows\System\EGyVvsv.exe
  C:\Windows\System\EGyVvsv.exe
  2⤵
  PID:6896
- C:\Windows\System\SIOjKCe.exe
  C:\Windows\System\SIOjKCe.exe
  2⤵
  PID:6948
- C:\Windows\System\itiiKpd.exe
  C:\Windows\System\itiiKpd.exe
  2⤵
  PID:6984
- C:\Windows\System\eEJXJWd.exe
  C:\Windows\System\eEJXJWd.exe
  2⤵
  PID:7008
- C:\Windows\System\aaQMHQi.exe
  C:\Windows\System\aaQMHQi.exe
  2⤵
  PID:7028
- C:\Windows\System\TNSNpTt.exe
  C:\Windows\System\TNSNpTt.exe
  2⤵
  PID:7076
- C:\Windows\System\XLhgdjG.exe
  C:\Windows\System\XLhgdjG.exe
  2⤵
  PID:7116
- C:\Windows\System\HgRNIIA.exe
  C:\Windows\System\HgRNIIA.exe
  2⤵
  PID:6176
- C:\Windows\System\myocWQg.exe
  C:\Windows\System\myocWQg.exe
  2⤵
  PID:6156
- C:\Windows\System\oxQENlR.exe
  C:\Windows\System\oxQENlR.exe
  2⤵
  PID:6256
- C:\Windows\System\xpCQgiU.exe
  C:\Windows\System\xpCQgiU.exe
  2⤵
  PID:5504
- C:\Windows\System\VThuCbI.exe
  C:\Windows\System\VThuCbI.exe
  2⤵
  PID:5972
- C:\Windows\System\poiplUo.exe
  C:\Windows\System\poiplUo.exe
  2⤵
  PID:6348
- C:\Windows\System\jlIYEMo.exe
  C:\Windows\System\jlIYEMo.exe
  2⤵
  PID:6300
- C:\Windows\System\FTImpZR.exe
  C:\Windows\System\FTImpZR.exe
  2⤵
  PID:6388
- C:\Windows\System\enOiPLC.exe
  C:\Windows\System\enOiPLC.exe
  2⤵
  PID:6292
- C:\Windows\System\GuXFNGx.exe
  C:\Windows\System\GuXFNGx.exe
  2⤵
  PID:6464
- C:\Windows\System\amLgLoZ.exe
  C:\Windows\System\amLgLoZ.exe
  2⤵
  PID:6360
- C:\Windows\System\uJipmos.exe
  C:\Windows\System\uJipmos.exe
  2⤵
  PID:6440
- C:\Windows\System\CUsCoqx.exe
  C:\Windows\System\CUsCoqx.exe
  2⤵
  PID:6456
- C:\Windows\System\vekPoto.exe
  C:\Windows\System\vekPoto.exe
  2⤵
  PID:6596
- C:\Windows\System\IEONrYl.exe
  C:\Windows\System\IEONrYl.exe
  2⤵
  PID:6764
- C:\Windows\System\rrhQrLi.exe
  C:\Windows\System\rrhQrLi.exe
  2⤵
  PID:6740
- C:\Windows\System\thMjQds.exe
  C:\Windows\System\thMjQds.exe
  2⤵
  PID:6744
- C:\Windows\System\QicAhzK.exe
  C:\Windows\System\QicAhzK.exe
  2⤵
  PID:6668
- C:\Windows\System\asnJdlv.exe
  C:\Windows\System\asnJdlv.exe
  2⤵
  PID:7080
- C:\Windows\System\gewDvZp.exe
  C:\Windows\System\gewDvZp.exe
  2⤵
  PID:6480
- C:\Windows\System\CjoHqxn.exe
  C:\Windows\System\CjoHqxn.exe
  2⤵
  PID:6344
- C:\Windows\System\anwQaUa.exe
  C:\Windows\System\anwQaUa.exe
  2⤵
  PID:7040
- C:\Windows\System\lQGwyrC.exe
  C:\Windows\System\lQGwyrC.exe
  2⤵
  PID:6416
- C:\Windows\System\VLlaoqH.exe
  C:\Windows\System\VLlaoqH.exe
  2⤵
  PID:7100
- C:\Windows\System\AzZFick.exe
  C:\Windows\System\AzZFick.exe
  2⤵
  PID:6336
- C:\Windows\System\TDAQCwy.exe
  C:\Windows\System\TDAQCwy.exe
  2⤵
  PID:6280
- C:\Windows\System\MbjBmAv.exe
  C:\Windows\System\MbjBmAv.exe
  2⤵
  PID:6232
- C:\Windows\System\JmtxzaJ.exe
  C:\Windows\System\JmtxzaJ.exe
  2⤵
  PID:6448
- C:\Windows\System\vtGzRpc.exe
  C:\Windows\System\vtGzRpc.exe
  2⤵
  PID:6452
- C:\Windows\System\CyOdRQd.exe
  C:\Windows\System\CyOdRQd.exe
  2⤵
  PID:6800
- C:\Windows\System\dIzozDK.exe
  C:\Windows\System\dIzozDK.exe
  2⤵
  PID:6752
- C:\Windows\System\uxBBJjW.exe
  C:\Windows\System\uxBBJjW.exe
  2⤵
  PID:6964
- C:\Windows\System\NYZEfOx.exe
  C:\Windows\System\NYZEfOx.exe
  2⤵
  PID:6688
- C:\Windows\System\eHSpoij.exe
  C:\Windows\System\eHSpoij.exe
  2⤵
  PID:7020
- C:\Windows\System\aCQhOHx.exe
  C:\Windows\System\aCQhOHx.exe
  2⤵
  PID:6236
- C:\Windows\System\hGwySpM.exe
  C:\Windows\System\hGwySpM.exe
  2⤵
  PID:7152
- C:\Windows\System\LVsyFdh.exe
  C:\Windows\System\LVsyFdh.exe
  2⤵
  PID:6400
- C:\Windows\System\vgKFqnW.exe
  C:\Windows\System\vgKFqnW.exe
  2⤵
  PID:6824
- C:\Windows\System\bdLWFBO.exe
  C:\Windows\System\bdLWFBO.exe
  2⤵
  PID:6816
- C:\Windows\System\BposvvM.exe
  C:\Windows\System\BposvvM.exe
  2⤵
  PID:6312
- C:\Windows\System\oHrCrEM.exe
  C:\Windows\System\oHrCrEM.exe
  2⤵
  PID:6932
- C:\Windows\System\JCrykhY.exe
  C:\Windows\System\JCrykhY.exe
  2⤵
  PID:6912
- C:\Windows\System\DlIxSFt.exe
  C:\Windows\System\DlIxSFt.exe
  2⤵
  PID:6996
- C:\Windows\System\CuuUsaj.exe
  C:\Windows\System\CuuUsaj.exe
  2⤵
  PID:6404
- C:\Windows\System\YznzOmY.exe
  C:\Windows\System\YznzOmY.exe
  2⤵
  PID:6200
- C:\Windows\System\APLuTqC.exe
  C:\Windows\System\APLuTqC.exe
  2⤵
  PID:6560
- C:\Windows\System\GIvCKcx.exe
  C:\Windows\System\GIvCKcx.exe
  2⤵
  PID:6876
- C:\Windows\System\HDDqgoC.exe
  C:\Windows\System\HDDqgoC.exe
  2⤵
  PID:5236
- C:\Windows\System\HjQKEtz.exe
  C:\Windows\System\HjQKEtz.exe
  2⤵
  PID:6432
- C:\Windows\System\DrfjOkc.exe
  C:\Windows\System\DrfjOkc.exe
  2⤵
  PID:7172
- C:\Windows\System\ZIocHpj.exe
  C:\Windows\System\ZIocHpj.exe
  2⤵
  PID:7188
- C:\Windows\System\WEEIjJp.exe
  C:\Windows\System\WEEIjJp.exe
  2⤵
  PID:7204
- C:\Windows\System\dWyQLXM.exe
  C:\Windows\System\dWyQLXM.exe
  2⤵
  PID:7224
- C:\Windows\System\aypVBxn.exe
  C:\Windows\System\aypVBxn.exe
  2⤵
  PID:7320
- C:\Windows\System\BwquDut.exe
  C:\Windows\System\BwquDut.exe
  2⤵
  PID:7336
- C:\Windows\System\lcnmyOa.exe
  C:\Windows\System\lcnmyOa.exe
  2⤵
  PID:7356
- C:\Windows\System\FOstEEj.exe
  C:\Windows\System\FOstEEj.exe
  2⤵
  PID:7376
- C:\Windows\System\MnGRXWn.exe
  C:\Windows\System\MnGRXWn.exe
  2⤵
  PID:7396
- C:\Windows\System\nNbVnIF.exe
  C:\Windows\System\nNbVnIF.exe
  2⤵
  PID:7416
- C:\Windows\System\QIUHwpJ.exe
  C:\Windows\System\QIUHwpJ.exe
  2⤵
  PID:7432
- C:\Windows\System\iXIzprt.exe
  C:\Windows\System\iXIzprt.exe
  2⤵
  PID:7448
- C:\Windows\System\MVffqKD.exe
  C:\Windows\System\MVffqKD.exe
  2⤵
  PID:7468
- C:\Windows\System\zIPvynM.exe
  C:\Windows\System\zIPvynM.exe
  2⤵
  PID:7484
- C:\Windows\System\uhVXVVz.exe
  C:\Windows\System\uhVXVVz.exe
  2⤵
  PID:7500
- C:\Windows\System\MiWQlZj.exe
  C:\Windows\System\MiWQlZj.exe
  2⤵
  PID:7528
- C:\Windows\System\VdOJCIB.exe
  C:\Windows\System\VdOJCIB.exe
  2⤵
  PID:7548
- C:\Windows\System\TgDpkZg.exe
  C:\Windows\System\TgDpkZg.exe
  2⤵
  PID:7564
- C:\Windows\System\fuhFXJc.exe
  C:\Windows\System\fuhFXJc.exe
  2⤵
  PID:7656
- C:\Windows\System\MmiXBYY.exe
  C:\Windows\System\MmiXBYY.exe
  2⤵
  PID:7672
- C:\Windows\System\tEpwnsz.exe
  C:\Windows\System\tEpwnsz.exe
  2⤵
  PID:7688
- C:\Windows\System\WqqjOZy.exe
  C:\Windows\System\WqqjOZy.exe
  2⤵
  PID:7708
- C:\Windows\System\PoPVMeO.exe
  C:\Windows\System\PoPVMeO.exe
  2⤵
  PID:7732
- C:\Windows\System\gCeceDK.exe
  C:\Windows\System\gCeceDK.exe
  2⤵
  PID:7752
- C:\Windows\System\YglEEvb.exe
  C:\Windows\System\YglEEvb.exe
  2⤵
  PID:7768
- C:\Windows\System\PMHWUSv.exe
  C:\Windows\System\PMHWUSv.exe
  2⤵
  PID:7800
- C:\Windows\System\EIPYIlf.exe
  C:\Windows\System\EIPYIlf.exe
  2⤵
  PID:7816
- C:\Windows\System\KhimMvc.exe
  C:\Windows\System\KhimMvc.exe
  2⤵
  PID:7832
- C:\Windows\System\VtmRQmN.exe
  C:\Windows\System\VtmRQmN.exe
  2⤵
  PID:7852
- C:\Windows\System\DDeJxeg.exe
  C:\Windows\System\DDeJxeg.exe
  2⤵
  PID:7868
- C:\Windows\System\KfwjnNh.exe
  C:\Windows\System\KfwjnNh.exe
  2⤵
  PID:7928
- C:\Windows\System\VSnIEUu.exe
  C:\Windows\System\VSnIEUu.exe
  2⤵
  PID:7944
- C:\Windows\System\ywBMgDS.exe
  C:\Windows\System\ywBMgDS.exe
  2⤵
  PID:7964
- C:\Windows\System\IPHVnUQ.exe
  C:\Windows\System\IPHVnUQ.exe
  2⤵
  PID:7980
- C:\Windows\System\oFUxttW.exe
  C:\Windows\System\oFUxttW.exe
  2⤵
  PID:8008
- C:\Windows\System\mFAmpTH.exe
  C:\Windows\System\mFAmpTH.exe
  2⤵
  PID:8024
- C:\Windows\System\LMzOukC.exe
  C:\Windows\System\LMzOukC.exe
  2⤵
  PID:8040
- C:\Windows\System\etqQmuX.exe
  C:\Windows\System\etqQmuX.exe
  2⤵
  PID:8056
- C:\Windows\System\iVFICVK.exe
  C:\Windows\System\iVFICVK.exe
  2⤵
  PID:8072
- C:\Windows\System\WakascM.exe
  C:\Windows\System\WakascM.exe
  2⤵
  PID:8088
- C:\Windows\System\yjFRvzJ.exe
  C:\Windows\System\yjFRvzJ.exe
  2⤵
  PID:8104
- C:\Windows\System\uhvNBZP.exe
  C:\Windows\System\uhvNBZP.exe
  2⤵
  PID:8120
- C:\Windows\System\YnOXeWZ.exe
  C:\Windows\System\YnOXeWZ.exe
  2⤵
  PID:8136
- C:\Windows\System\UxkpzBU.exe
  C:\Windows\System\UxkpzBU.exe
  2⤵
  PID:8152
- C:\Windows\System\lspzrVj.exe
  C:\Windows\System\lspzrVj.exe
  2⤵
  PID:8168
- C:\Windows\System\WugJHOP.exe
  C:\Windows\System\WugJHOP.exe
  2⤵
  PID:7180
- C:\Windows\System\KgliPMP.exe
  C:\Windows\System\KgliPMP.exe
  2⤵
  PID:6608
- C:\Windows\System\hegkBVr.exe
  C:\Windows\System\hegkBVr.exe
  2⤵
  PID:7236
- C:\Windows\System\WhAEeFE.exe
  C:\Windows\System\WhAEeFE.exe
  2⤵
  PID:7260
- C:\Windows\System\osgOVvC.exe
  C:\Windows\System\osgOVvC.exe
  2⤵
  PID:7312
- C:\Windows\System\tVIGTIB.exe
  C:\Windows\System\tVIGTIB.exe
  2⤵
  PID:7308
- C:\Windows\System\NsDAczL.exe
  C:\Windows\System\NsDAczL.exe
  2⤵
  PID:7288
- C:\Windows\System\nwbZBlh.exe
  C:\Windows\System\nwbZBlh.exe
  2⤵
  PID:7352
- C:\Windows\System\tcQObQX.exe
  C:\Windows\System\tcQObQX.exe
  2⤵
  PID:7372
- C:\Windows\System\axUzmEM.exe
  C:\Windows\System\axUzmEM.exe
  2⤵
  PID:7404
- C:\Windows\System\cEeYwYS.exe
  C:\Windows\System\cEeYwYS.exe
  2⤵
  PID:7440
- C:\Windows\System\ejGOQqZ.exe
  C:\Windows\System\ejGOQqZ.exe
  2⤵
  PID:7444
- C:\Windows\System\lRzlcLr.exe
  C:\Windows\System\lRzlcLr.exe
  2⤵
  PID:7540
- C:\Windows\System\HBFovJN.exe
  C:\Windows\System\HBFovJN.exe
  2⤵
  PID:7556
- C:\Windows\System\JJwlbqT.exe
  C:\Windows\System\JJwlbqT.exe
  2⤵
  PID:7508
- C:\Windows\System\XpBbGOc.exe
  C:\Windows\System\XpBbGOc.exe
  2⤵
  PID:7604
- C:\Windows\System\bObJzOp.exe
  C:\Windows\System\bObJzOp.exe
  2⤵
  PID:7628
- C:\Windows\System\qQeveRe.exe
  C:\Windows\System\qQeveRe.exe
  2⤵
  PID:7644
- C:\Windows\System\fFlMpiw.exe
  C:\Windows\System\fFlMpiw.exe
  2⤵
  PID:7700
- C:\Windows\System\NPrSrLM.exe
  C:\Windows\System\NPrSrLM.exe
  2⤵
  PID:7724
- C:\Windows\System\FDqBtdi.exe
  C:\Windows\System\FDqBtdi.exe
  2⤵
  PID:7748
- C:\Windows\System\weZZTsA.exe
  C:\Windows\System\weZZTsA.exe
  2⤵
  PID:7784
- C:\Windows\System\zrEyuGu.exe
  C:\Windows\System\zrEyuGu.exe
  2⤵
  PID:7848
- C:\Windows\System\DwGkNjW.exe
  C:\Windows\System\DwGkNjW.exe
  2⤵
  PID:7864
- C:\Windows\System\aRocYrO.exe
  C:\Windows\System\aRocYrO.exe
  2⤵
  PID:7888
- C:\Windows\System\cBYFhWo.exe
  C:\Windows\System\cBYFhWo.exe
  2⤵
  PID:7912
- C:\Windows\System\hnPmaLR.exe
  C:\Windows\System\hnPmaLR.exe
  2⤵
  PID:7952
- C:\Windows\System\dPoaUtT.exe
  C:\Windows\System\dPoaUtT.exe
  2⤵
  PID:7972
- C:\Windows\System\yxPjzop.exe
  C:\Windows\System\yxPjzop.exe
  2⤵
  PID:7996
- C:\Windows\System\fxXyZXI.exe
  C:\Windows\System\fxXyZXI.exe
  2⤵
  PID:8128
- C:\Windows\System\pMVCIWp.exe
  C:\Windows\System\pMVCIWp.exe
  2⤵
  PID:8080
- C:\Windows\System\lGKxjXa.exe
  C:\Windows\System\lGKxjXa.exe
  2⤵
  PID:8164
- C:\Windows\System\lgJWlpm.exe
  C:\Windows\System\lgJWlpm.exe
  2⤵
  PID:8084
- C:\Windows\System\LekOGsX.exe
  C:\Windows\System\LekOGsX.exe
  2⤵
  PID:7044
- C:\Windows\System\RxHdwpx.exe
  C:\Windows\System\RxHdwpx.exe
  2⤵
  PID:8184
- C:\Windows\System\pIfONlC.exe
  C:\Windows\System\pIfONlC.exe
  2⤵
  PID:6160
- C:\Windows\System\ISoHSWD.exe
  C:\Windows\System\ISoHSWD.exe
  2⤵
  PID:7264
- C:\Windows\System\tgNcbYa.exe
  C:\Windows\System\tgNcbYa.exe
  2⤵
  PID:7332
- C:\Windows\System\NAGVLOA.exe
  C:\Windows\System\NAGVLOA.exe
  2⤵
  PID:7424
- C:\Windows\System\ZYgwjMJ.exe
  C:\Windows\System\ZYgwjMJ.exe
  2⤵
  PID:7572
- C:\Windows\System\ohsEUuT.exe
  C:\Windows\System\ohsEUuT.exe
  2⤵
  PID:7364
- C:\Windows\System\rsMNUjg.exe
  C:\Windows\System\rsMNUjg.exe
  2⤵
  PID:7584
- C:\Windows\System\udmlyTQ.exe
  C:\Windows\System\udmlyTQ.exe
  2⤵
  PID:7600
- C:\Windows\System\IAtjjKV.exe
  C:\Windows\System\IAtjjKV.exe
  2⤵
  PID:7652
- C:\Windows\System\tqxMseC.exe
  C:\Windows\System\tqxMseC.exe
  2⤵
  PID:7624
- C:\Windows\System\lFsQQJV.exe
  C:\Windows\System\lFsQQJV.exe
  2⤵
  PID:7696
- C:\Windows\System\MYiFINT.exe
  C:\Windows\System\MYiFINT.exe
  2⤵
  PID:7764
- C:\Windows\System\xOYJNhU.exe
  C:\Windows\System\xOYJNhU.exe
  2⤵
  PID:7808
- C:\Windows\System\KUPrMQm.exe
  C:\Windows\System\KUPrMQm.exe
  2⤵
  PID:7860
- C:\Windows\System\WyFmLIx.exe
  C:\Windows\System\WyFmLIx.exe
  2⤵
  PID:7908
- C:\Windows\System\IBaHKGe.exe
  C:\Windows\System\IBaHKGe.exe
  2⤵
  PID:7940
- C:\Windows\System\NYpNcNe.exe
  C:\Windows\System\NYpNcNe.exe
  2⤵
  PID:8004
- C:\Windows\System\HGBWFwW.exe
  C:\Windows\System\HGBWFwW.exe
  2⤵
  PID:8112
- C:\Windows\System\oRCMbgS.exe
  C:\Windows\System\oRCMbgS.exe
  2⤵
  PID:8052
- C:\Windows\System\LWEoYnv.exe
  C:\Windows\System\LWEoYnv.exe
  2⤵
  PID:7212
- C:\Windows\System\saDWvIs.exe
  C:\Windows\System\saDWvIs.exe
  2⤵
  PID:7184
- C:\Windows\System\fTTTMMS.exe
  C:\Windows\System\fTTTMMS.exe
  2⤵
  PID:6516
- C:\Windows\System\oWcDBWS.exe
  C:\Windows\System\oWcDBWS.exe
  2⤵
  PID:7248
- C:\Windows\System\sazlhHi.exe
  C:\Windows\System\sazlhHi.exe
  2⤵
  PID:7512
- C:\Windows\System\SOcFfiv.exe
  C:\Windows\System\SOcFfiv.exe
  2⤵
  PID:7292
- C:\Windows\System\CripXfn.exe
  C:\Windows\System\CripXfn.exe
  2⤵
  PID:7620
- C:\Windows\System\ukToMWb.exe
  C:\Windows\System\ukToMWb.exe
  2⤵
  PID:7780
- C:\Windows\System\IglzEyo.exe
  C:\Windows\System\IglzEyo.exe
  2⤵
  PID:7664
- C:\Windows\System\HXlUiSE.exe
  C:\Windows\System\HXlUiSE.exe
  2⤵
  PID:7904
- C:\Windows\System\OcOkpta.exe
  C:\Windows\System\OcOkpta.exe
  2⤵
  PID:8096
- C:\Windows\System\IfrQJFc.exe
  C:\Windows\System\IfrQJFc.exe
  2⤵
  PID:8100
- C:\Windows\System\aqXrBHk.exe
  C:\Windows\System\aqXrBHk.exe
  2⤵
  PID:8144
- C:\Windows\System\LtQvjhW.exe
  C:\Windows\System\LtQvjhW.exe
  2⤵
  PID:7272
- C:\Windows\System\rNKTPBw.exe
  C:\Windows\System\rNKTPBw.exe
  2⤵
  PID:6844
- C:\Windows\System\cORkXKN.exe
  C:\Windows\System\cORkXKN.exe
  2⤵
  PID:7464
- C:\Windows\System\gacxqFN.exe
  C:\Windows\System\gacxqFN.exe
  2⤵
  PID:7220
- C:\Windows\System\upFKNmO.exe
  C:\Windows\System\upFKNmO.exe
  2⤵
  PID:7592
- C:\Windows\System\SvwMKuf.exe
  C:\Windows\System\SvwMKuf.exe
  2⤵
  PID:7516
- C:\Windows\System\QlLSxyg.exe
  C:\Windows\System\QlLSxyg.exe
  2⤵
  PID:7776
- C:\Windows\System\nGXEPIG.exe
  C:\Windows\System\nGXEPIG.exe
  2⤵
  PID:7828
- C:\Windows\System\VjnRjlq.exe
  C:\Windows\System\VjnRjlq.exe
  2⤵
  PID:7924
- C:\Windows\System\oQRdChq.exe
  C:\Windows\System\oQRdChq.exe
  2⤵
  PID:7388
- C:\Windows\System\gegJzbS.exe
  C:\Windows\System\gegJzbS.exe
  2⤵
  PID:8204
- C:\Windows\System\Pugfpvz.exe
  C:\Windows\System\Pugfpvz.exe
  2⤵
  PID:8220
- C:\Windows\System\BRsyqNV.exe
  C:\Windows\System\BRsyqNV.exe
  2⤵
  PID:8240
- C:\Windows\System\vFAzVrA.exe
  C:\Windows\System\vFAzVrA.exe
  2⤵
  PID:8256
- C:\Windows\System\YUmYAKO.exe
  C:\Windows\System\YUmYAKO.exe
  2⤵
  PID:8276
- C:\Windows\System\yYyUcdY.exe
  C:\Windows\System\yYyUcdY.exe
  2⤵
  PID:8296
- C:\Windows\System\GpqttEl.exe
  C:\Windows\System\GpqttEl.exe
  2⤵
  PID:8316
- C:\Windows\System\rZydqqK.exe
  C:\Windows\System\rZydqqK.exe
  2⤵
  PID:8340
- C:\Windows\System\xpizxzh.exe
  C:\Windows\System\xpizxzh.exe
  2⤵
  PID:8356
- C:\Windows\System\jIUAVud.exe
  C:\Windows\System\jIUAVud.exe
  2⤵
  PID:8376
- C:\Windows\System\DqlVspI.exe
  C:\Windows\System\DqlVspI.exe
  2⤵
  PID:8392
- C:\Windows\System\PAHvPbU.exe
  C:\Windows\System\PAHvPbU.exe
  2⤵
  PID:8416
- C:\Windows\System\lmZXzPa.exe
  C:\Windows\System\lmZXzPa.exe
  2⤵
  PID:8436
- C:\Windows\System\YhWsdKg.exe
  C:\Windows\System\YhWsdKg.exe
  2⤵
  PID:8452
- C:\Windows\System\ceJGrxo.exe
  C:\Windows\System\ceJGrxo.exe
  2⤵
  PID:8472
- C:\Windows\System\HLZJHgx.exe
  C:\Windows\System\HLZJHgx.exe
  2⤵
  PID:8492
- C:\Windows\System\hfOrDkp.exe
  C:\Windows\System\hfOrDkp.exe
  2⤵
  PID:8512
- C:\Windows\System\NlaGDNG.exe
  C:\Windows\System\NlaGDNG.exe
  2⤵
  PID:8528
- C:\Windows\System\xEaFFWk.exe
  C:\Windows\System\xEaFFWk.exe
  2⤵
  PID:8548
- C:\Windows\System\wGDwKXa.exe
  C:\Windows\System\wGDwKXa.exe
  2⤵
  PID:8568
- C:\Windows\System\aGZyNEZ.exe
  C:\Windows\System\aGZyNEZ.exe
  2⤵
  PID:8588
- C:\Windows\System\RRUtsVV.exe
  C:\Windows\System\RRUtsVV.exe
  2⤵
  PID:8604
- C:\Windows\System\TeXfIYc.exe
  C:\Windows\System\TeXfIYc.exe
  2⤵
  PID:8624
- C:\Windows\System\irTIYIo.exe
  C:\Windows\System\irTIYIo.exe
  2⤵
  PID:8640
- C:\Windows\System\PvuFZpL.exe
  C:\Windows\System\PvuFZpL.exe
  2⤵
  PID:8664
- C:\Windows\System\vVQyxpd.exe
  C:\Windows\System\vVQyxpd.exe
  2⤵
  PID:8684
- C:\Windows\System\gOFnYvq.exe
  C:\Windows\System\gOFnYvq.exe
  2⤵
  PID:8700
- C:\Windows\System\VhHLERb.exe
  C:\Windows\System\VhHLERb.exe
  2⤵
  PID:8724
- C:\Windows\System\dDMkrZK.exe
  C:\Windows\System\dDMkrZK.exe
  2⤵
  PID:8744
- C:\Windows\System\TOagQWa.exe
  C:\Windows\System\TOagQWa.exe
  2⤵
  PID:8760
- C:\Windows\System\pwjnKNJ.exe
  C:\Windows\System\pwjnKNJ.exe
  2⤵
  PID:8776
- C:\Windows\System\BDeyAbl.exe
  C:\Windows\System\BDeyAbl.exe
  2⤵
  PID:8792
- C:\Windows\System\imlHRdp.exe
  C:\Windows\System\imlHRdp.exe
  2⤵
  PID:8808
- C:\Windows\System\PnRpLpD.exe
  C:\Windows\System\PnRpLpD.exe
  2⤵
  PID:8824
- C:\Windows\System\CRHHsoW.exe
  C:\Windows\System\CRHHsoW.exe
  2⤵
  PID:8840
- C:\Windows\System\QusomlO.exe
  C:\Windows\System\QusomlO.exe
  2⤵
  PID:8860
- C:\Windows\System\IXxpfIC.exe
  C:\Windows\System\IXxpfIC.exe
  2⤵
  PID:8876
- C:\Windows\System\ncmwqbt.exe
  C:\Windows\System\ncmwqbt.exe
  2⤵
  PID:8892
- C:\Windows\System\PojKuYf.exe
  C:\Windows\System\PojKuYf.exe
  2⤵
  PID:8912
- C:\Windows\System\kIDeSRc.exe
  C:\Windows\System\kIDeSRc.exe
  2⤵
  PID:8932
- C:\Windows\System\QePqMeh.exe
  C:\Windows\System\QePqMeh.exe
  2⤵
  PID:8952
- C:\Windows\System\BuWTXXc.exe
  C:\Windows\System\BuWTXXc.exe
  2⤵
  PID:8968
- C:\Windows\System\sljIuKy.exe
  C:\Windows\System\sljIuKy.exe
  2⤵
  PID:8984
- C:\Windows\System\YKYYIys.exe
  C:\Windows\System\YKYYIys.exe
  2⤵
  PID:9004
- C:\Windows\System\oOSFzTn.exe
  C:\Windows\System\oOSFzTn.exe
  2⤵
  PID:9024
- C:\Windows\System\JzOrXoX.exe
  C:\Windows\System\JzOrXoX.exe
  2⤵
  PID:9048
- C:\Windows\System\ExvSmvn.exe
  C:\Windows\System\ExvSmvn.exe
  2⤵
  PID:9064
- C:\Windows\System\bvbCsDv.exe
  C:\Windows\System\bvbCsDv.exe
  2⤵
  PID:9080
- C:\Windows\System\fbZqSdD.exe
  C:\Windows\System\fbZqSdD.exe
  2⤵
  PID:9100
- C:\Windows\System\gHIdRXt.exe
  C:\Windows\System\gHIdRXt.exe
  2⤵
  PID:9120
- C:\Windows\System\CYJPcVf.exe
  C:\Windows\System\CYJPcVf.exe
  2⤵
  PID:9140
- C:\Windows\System\yIEotKA.exe
  C:\Windows\System\yIEotKA.exe
  2⤵
  PID:9160
- C:\Windows\System\XEbZjgm.exe
  C:\Windows\System\XEbZjgm.exe
  2⤵
  PID:9184
- C:\Windows\System\ejPvmMw.exe
  C:\Windows\System\ejPvmMw.exe
  2⤵
  PID:9204
- C:\Windows\System\eYbmMOI.exe
  C:\Windows\System\eYbmMOI.exe
  2⤵
  PID:7216
- C:\Windows\System\tCfhJEC.exe
  C:\Windows\System\tCfhJEC.exe
  2⤵
  PID:7300
- C:\Windows\System\wfCIHfL.exe
  C:\Windows\System\wfCIHfL.exe
  2⤵
  PID:7920
- C:\Windows\System\Zjjbbht.exe
  C:\Windows\System\Zjjbbht.exe
  2⤵
  PID:8228
- C:\Windows\System\xHzKUve.exe
  C:\Windows\System\xHzKUve.exe
  2⤵
  PID:8272
- C:\Windows\System\YniJPDy.exe
  C:\Windows\System\YniJPDy.exe
  2⤵
  PID:8348
- C:\Windows\System\tEcCENE.exe
  C:\Windows\System\tEcCENE.exe
  2⤵
  PID:8428
- C:\Windows\System\ChMKUiB.exe
  C:\Windows\System\ChMKUiB.exe
  2⤵
  PID:8468
- C:\Windows\System\RqbxpRb.exe
  C:\Windows\System\RqbxpRb.exe
  2⤵
  PID:8536
- C:\Windows\System\VGhGkVO.exe
  C:\Windows\System\VGhGkVO.exe
  2⤵
  PID:8580
- C:\Windows\System\RAEtaDl.exe
  C:\Windows\System\RAEtaDl.exe
  2⤵
  PID:8648
- C:\Windows\System\PqOhFBX.exe
  C:\Windows\System\PqOhFBX.exe
  2⤵
  PID:8736
- C:\Windows\System\zyrgAjk.exe
  C:\Windows\System\zyrgAjk.exe
  2⤵
  PID:8708
- C:\Windows\System\IKKuxcO.exe
  C:\Windows\System\IKKuxcO.exe
  2⤵
  PID:8252
- C:\Windows\System\eIitxVX.exe
  C:\Windows\System\eIitxVX.exe
  2⤵
  PID:8596
- C:\Windows\System\BUsiAIy.exe
  C:\Windows\System\BUsiAIy.exe
  2⤵
  PID:8676
- C:\Windows\System\AGDMRNy.exe
  C:\Windows\System\AGDMRNy.exe
  2⤵
  PID:8756
- C:\Windows\System\PSgyPUr.exe
  C:\Windows\System\PSgyPUr.exe
  2⤵
  PID:8848
- C:\Windows\System\PgBskhZ.exe
  C:\Windows\System\PgBskhZ.exe
  2⤵
  PID:8944
- C:\Windows\System\dUgrPzB.exe
  C:\Windows\System\dUgrPzB.exe
  2⤵
  PID:8888
- C:\Windows\System\nGDwvlB.exe
  C:\Windows\System\nGDwvlB.exe
  2⤵
  PID:8980
- C:\Windows\System\TTytYuG.exe
  C:\Windows\System\TTytYuG.exe
  2⤵
  PID:9000
- C:\Windows\System\wVQSVmR.exe
  C:\Windows\System\wVQSVmR.exe
  2⤵
  PID:9060
- C:\Windows\System\PxyhDPf.exe
  C:\Windows\System\PxyhDPf.exe
  2⤵
  PID:9136
- C:\Windows\System\FgtjPPi.exe
  C:\Windows\System\FgtjPPi.exe
  2⤵
  PID:9040
- C:\Windows\System\NFpbHaK.exe
  C:\Windows\System\NFpbHaK.exe
  2⤵
  PID:9112
- C:\Windows\System\evSPCpJ.exe
  C:\Windows\System\evSPCpJ.exe
  2⤵
  PID:9156
- C:\Windows\System\mddmmdn.exe
  C:\Windows\System\mddmmdn.exe
  2⤵
  PID:9076
- C:\Windows\System\dzvqeNB.exe
  C:\Windows\System\dzvqeNB.exe
  2⤵
  PID:7896
- C:\Windows\System\OQewFdW.exe
  C:\Windows\System\OQewFdW.exe
  2⤵
  PID:8264
- C:\Windows\System\mpxVVBz.exe
  C:\Windows\System\mpxVVBz.exe
  2⤵
  PID:8424
- C:\Windows\System\IPLeSbA.exe
  C:\Windows\System\IPLeSbA.exe
  2⤵
  PID:8612
- C:\Windows\System\mfVgjfW.exe
  C:\Windows\System\mfVgjfW.exe
  2⤵
  PID:8308
- C:\Windows\System\yDCKOHc.exe
  C:\Windows\System\yDCKOHc.exe
  2⤵
  PID:8768
- C:\Windows\System\IHgUFmq.exe
  C:\Windows\System\IHgUFmq.exe
  2⤵
  PID:8324
- C:\Windows\System\XClQWlT.exe
  C:\Windows\System\XClQWlT.exe
  2⤵
  PID:8336
- C:\Windows\System\DROQbZm.exe
  C:\Windows\System\DROQbZm.exe
  2⤵
  PID:8372
- C:\Windows\System\qqjlWsd.exe
  C:\Windows\System\qqjlWsd.exe
  2⤵
  PID:8444
- C:\Windows\System\MijIBNt.exe
  C:\Windows\System\MijIBNt.exe
  2⤵
  PID:8016
- C:\Windows\System\wAjtvQK.exe
  C:\Windows\System\wAjtvQK.exe
  2⤵
  PID:8408
- C:\Windows\System\AbtjIeV.exe
  C:\Windows\System\AbtjIeV.exe
  2⤵
  PID:8524
- C:\Windows\System\DOJMfFl.exe
  C:\Windows\System\DOJMfFl.exe
  2⤵
  PID:9020
- C:\Windows\System\uwEUIzP.exe
  C:\Windows\System\uwEUIzP.exe
  2⤵
  PID:8804
- C:\Windows\System\gIXRZez.exe
  C:\Windows\System\gIXRZez.exe
  2⤵
  PID:8868
- C:\Windows\System\OEjzFpO.exe
  C:\Windows\System\OEjzFpO.exe
  2⤵
  PID:7496
- C:\Windows\System\OZSKYkE.exe
  C:\Windows\System\OZSKYkE.exe
  2⤵
  PID:8964
- C:\Windows\System\bwUgGSP.exe
  C:\Windows\System\bwUgGSP.exe
  2⤵
  PID:9032
- C:\Windows\System\ipmzjgD.exe
  C:\Windows\System\ipmzjgD.exe
  2⤵
  PID:9196
- C:\Windows\System\OLYnRwl.exe
  C:\Windows\System\OLYnRwl.exe
  2⤵
  PID:9200
- C:\Windows\System\DMDPyEf.exe
  C:\Windows\System\DMDPyEf.exe
  2⤵
  PID:8248
- C:\Windows\System\bEaaeEC.exe
  C:\Windows\System\bEaaeEC.exe
  2⤵
  PID:8564
- C:\Windows\System\yliSJVq.exe
  C:\Windows\System\yliSJVq.exe
  2⤵
  PID:8904
- C:\Windows\System\wVcJTAa.exe
  C:\Windows\System\wVcJTAa.exe
  2⤵
  PID:8872
- C:\Windows\System\QOSPNKV.exe
  C:\Windows\System\QOSPNKV.exe
  2⤵
  PID:9168
- C:\Windows\System\lhGQEOs.exe
  C:\Windows\System\lhGQEOs.exe
  2⤵
  PID:8460
- C:\Windows\System\aFfCLBX.exe
  C:\Windows\System\aFfCLBX.exe
  2⤵
  PID:9228
- C:\Windows\System\jmPWZhn.exe
  C:\Windows\System\jmPWZhn.exe
  2⤵
  PID:9244
- C:\Windows\System\SSHeWHI.exe
  C:\Windows\System\SSHeWHI.exe
  2⤵
  PID:9264
- C:\Windows\System\VTfuXjX.exe
  C:\Windows\System\VTfuXjX.exe
  2⤵
  PID:9280
- C:\Windows\System\XASfGSj.exe
  C:\Windows\System\XASfGSj.exe
  2⤵
  PID:9296
- C:\Windows\System\MVKLbHS.exe
  C:\Windows\System\MVKLbHS.exe
  2⤵
  PID:9312
- C:\Windows\System\eyoECLo.exe
  C:\Windows\System\eyoECLo.exe
  2⤵
  PID:9328
- C:\Windows\System\sBXSQXY.exe
  C:\Windows\System\sBXSQXY.exe
  2⤵
  PID:9344
- C:\Windows\System\VtQWFMm.exe
  C:\Windows\System\VtQWFMm.exe
  2⤵
  PID:9360
- C:\Windows\System\yngdMAT.exe
  C:\Windows\System\yngdMAT.exe
  2⤵
  PID:9380
- C:\Windows\System\IdPzHzx.exe
  C:\Windows\System\IdPzHzx.exe
  2⤵
  PID:9428
- C:\Windows\System\LerqmHE.exe
  C:\Windows\System\LerqmHE.exe
  2⤵
  PID:9444
- C:\Windows\System\wTSRtOV.exe
  C:\Windows\System\wTSRtOV.exe
  2⤵
  PID:9460
- C:\Windows\System\AfHUkaZ.exe
  C:\Windows\System\AfHUkaZ.exe
  2⤵
  PID:9480
- C:\Windows\System\xtgUWcQ.exe
  C:\Windows\System\xtgUWcQ.exe
  2⤵
  PID:9496
- C:\Windows\System\mmAWDBp.exe
  C:\Windows\System\mmAWDBp.exe
  2⤵
  PID:9540
- C:\Windows\System\FyteSoa.exe
  C:\Windows\System\FyteSoa.exe
  2⤵
  PID:9556
- C:\Windows\System\uhlNTmZ.exe
  C:\Windows\System\uhlNTmZ.exe
  2⤵
  PID:9572
- C:\Windows\System\DbHahxz.exe
  C:\Windows\System\DbHahxz.exe
  2⤵
  PID:9596
- C:\Windows\System\VboTWvL.exe
  C:\Windows\System\VboTWvL.exe
  2⤵
  PID:9612
- C:\Windows\System\ZprLeAw.exe
  C:\Windows\System\ZprLeAw.exe
  2⤵
  PID:9628
- C:\Windows\System\xXzHPsB.exe
  C:\Windows\System\xXzHPsB.exe
  2⤵
  PID:9644
- C:\Windows\System\XPosPni.exe
  C:\Windows\System\XPosPni.exe
  2⤵
  PID:9664
- C:\Windows\System\ryUnLpF.exe
  C:\Windows\System\ryUnLpF.exe
  2⤵
  PID:9744
- C:\Windows\System\TyjyvmT.exe
  C:\Windows\System\TyjyvmT.exe
  2⤵
  PID:9764
- C:\Windows\System\UjgzOMw.exe
  C:\Windows\System\UjgzOMw.exe
  2⤵
  PID:9832
- C:\Windows\System\YniuvvI.exe
  C:\Windows\System\YniuvvI.exe
  2⤵
  PID:9848
- C:\Windows\System\YhIfVaI.exe
  C:\Windows\System\YhIfVaI.exe
  2⤵
  PID:9876
- C:\Windows\System\cjWmZRR.exe
  C:\Windows\System\cjWmZRR.exe
  2⤵
  PID:9896
- C:\Windows\System\GGvyFsw.exe
  C:\Windows\System\GGvyFsw.exe
  2⤵
  PID:9912
- C:\Windows\System\jsyOGwG.exe
  C:\Windows\System\jsyOGwG.exe
  2⤵
  PID:9928
- C:\Windows\System\MspUaNs.exe
  C:\Windows\System\MspUaNs.exe
  2⤵
  PID:9944
- C:\Windows\System\emrrtzw.exe
  C:\Windows\System\emrrtzw.exe
  2⤵
  PID:9968
- C:\Windows\System\blfAKVs.exe
  C:\Windows\System\blfAKVs.exe
  2⤵
  PID:9984
- C:\Windows\System\BClauFj.exe
  C:\Windows\System\BClauFj.exe
  2⤵
  PID:10000
- C:\Windows\System\bTDsQQc.exe
  C:\Windows\System\bTDsQQc.exe
  2⤵
  PID:10020
- C:\Windows\System\BUSKczF.exe
  C:\Windows\System\BUSKczF.exe
  2⤵
  PID:10036
- C:\Windows\System\VXAuHnt.exe
  C:\Windows\System\VXAuHnt.exe
  2⤵
  PID:10056
- C:\Windows\System\vQZeNZf.exe
  C:\Windows\System\vQZeNZf.exe
  2⤵
  PID:10076
- C:\Windows\System\vbQJYfS.exe
  C:\Windows\System\vbQJYfS.exe
  2⤵
  PID:10092
- C:\Windows\System\cJOGORG.exe
  C:\Windows\System\cJOGORG.exe
  2⤵
  PID:10116
- C:\Windows\System\UkuBdcV.exe
  C:\Windows\System\UkuBdcV.exe
  2⤵
  PID:10140
- C:\Windows\System\gSLncYK.exe
  C:\Windows\System\gSLncYK.exe
  2⤵
  PID:10156
- C:\Windows\System\xwSWuGB.exe
  C:\Windows\System\xwSWuGB.exe
  2⤵
  PID:10176
- C:\Windows\System\NFNinPx.exe
  C:\Windows\System\NFNinPx.exe
  2⤵
  PID:10192
- C:\Windows\System\ZVDrkqE.exe
  C:\Windows\System\ZVDrkqE.exe
  2⤵
  PID:10208
- C:\Windows\System\jkPtmqu.exe
  C:\Windows\System\jkPtmqu.exe
  2⤵
  PID:10224
- C:\Windows\System\gDkXcRF.exe
  C:\Windows\System\gDkXcRF.exe
  2⤵
  PID:8672
- C:\Windows\System\tbxEMSE.exe
  C:\Windows\System\tbxEMSE.exe
  2⤵
  PID:8196
- C:\Windows\System\cVdTWvZ.exe
  C:\Windows\System\cVdTWvZ.exe
  2⤵
  PID:8484
- C:\Windows\System\OtLXete.exe
  C:\Windows\System\OtLXete.exe
  2⤵
  PID:8584
- C:\Windows\System\ugKTVcc.exe
  C:\Windows\System\ugKTVcc.exe
  2⤵
  PID:8332
- C:\Windows\System\ONLZPbU.exe
  C:\Windows\System\ONLZPbU.exe
  2⤵
  PID:7412
- C:\Windows\System\ykPaDql.exe
  C:\Windows\System\ykPaDql.exe
  2⤵
  PID:9220
- C:\Windows\System\ThNXZnO.exe
  C:\Windows\System\ThNXZnO.exe
  2⤵
  PID:8292
- C:\Windows\System\wwxExQN.exe
  C:\Windows\System\wwxExQN.exe
  2⤵
  PID:8036
- C:\Windows\System\EbbouHj.exe
  C:\Windows\System\EbbouHj.exe
  2⤵
  PID:8400
- C:\Windows\System\qBrAnJP.exe
  C:\Windows\System\qBrAnJP.exe
  2⤵
  PID:8928
- C:\Windows\System\nQRAfYm.exe
  C:\Windows\System\nQRAfYm.exe
  2⤵
  PID:8560
- C:\Windows\System\RIBIRQW.exe
  C:\Windows\System\RIBIRQW.exe
  2⤵
  PID:9372
- C:\Windows\System\okmQTjx.exe
  C:\Windows\System\okmQTjx.exe
  2⤵
  PID:9320
- C:\Windows\System\TauzZph.exe
  C:\Windows\System\TauzZph.exe
  2⤵
  PID:9436
- C:\Windows\System\coMYoGF.exe
  C:\Windows\System\coMYoGF.exe
  2⤵
  PID:9508
- C:\Windows\System\tLpfBil.exe
  C:\Windows\System\tLpfBil.exe
  2⤵
  PID:9528
- C:\Windows\System\KkwQtJd.exe
  C:\Windows\System\KkwQtJd.exe
  2⤵
  PID:9568
- C:\Windows\System\sLzjIMP.exe
  C:\Windows\System\sLzjIMP.exe
  2⤵
  PID:9604
- C:\Windows\System\TpyWjRi.exe
  C:\Windows\System\TpyWjRi.exe
  2⤵
  PID:9672
- C:\Windows\System\JPqRtkB.exe
  C:\Windows\System\JPqRtkB.exe
  2⤵
  PID:9688
- C:\Windows\System\HJLhKip.exe
  C:\Windows\System\HJLhKip.exe
  2⤵
  PID:9704
- C:\Windows\System\xwwaHRy.exe
  C:\Windows\System\xwwaHRy.exe
  2⤵
  PID:9720
- C:\Windows\System\psrpNfb.exe
  C:\Windows\System\psrpNfb.exe
  2⤵
  PID:9740
- C:\Windows\System\HhhAtgT.exe
  C:\Windows\System\HhhAtgT.exe
  2⤵
  PID:8384
- C:\Windows\System\cYdSRfn.exe
  C:\Windows\System\cYdSRfn.exe
  2⤵
  PID:9788
- C:\Windows\System\cxlwMgS.exe
  C:\Windows\System\cxlwMgS.exe
  2⤵
  PID:9424
- C:\Windows\System\AMJsMsp.exe
  C:\Windows\System\AMJsMsp.exe
  2⤵
  PID:9936
- C:\Windows\System\xNWzmSM.exe
  C:\Windows\System\xNWzmSM.exe
  2⤵
  PID:9488
- C:\Windows\System\leanZUd.exe
  C:\Windows\System\leanZUd.exe
  2⤵
  PID:9580
- C:\Windows\System\KjHYlNu.exe
  C:\Windows\System\KjHYlNu.exe
  2⤵
  PID:9656
- C:\Windows\System\FTiwyTE.exe
  C:\Windows\System\FTiwyTE.exe
  2⤵
  PID:10016
- C:\Windows\System\OLqNBiT.exe
  C:\Windows\System\OLqNBiT.exe
  2⤵
  PID:10172
- C:\Windows\System\zHHUOty.exe
  C:\Windows\System\zHHUOty.exe
  2⤵
  PID:9884
- C:\Windows\System\aqHZFlY.exe
  C:\Windows\System\aqHZFlY.exe
  2⤵
  PID:9964
- C:\Windows\System\DwZGefM.exe
  C:\Windows\System\DwZGefM.exe
  2⤵
  PID:9336
- C:\Windows\System\hPODnGU.exe
  C:\Windows\System\hPODnGU.exe
  2⤵
  PID:9304
- C:\Windows\System\UMqBukB.exe
  C:\Windows\System\UMqBukB.exe
  2⤵
  PID:8940
- C:\Windows\System\HqYkEga.exe
  C:\Windows\System\HqYkEga.exe
  2⤵
  PID:9092
- C:\Windows\System\zNXoemd.exe
  C:\Windows\System\zNXoemd.exe
  2⤵
  PID:9252
- C:\Windows\System\hcYQDSz.exe
  C:\Windows\System\hcYQDSz.exe
  2⤵
  PID:9376
- C:\Windows\System\dQzsSbz.exe
  C:\Windows\System\dQzsSbz.exe
  2⤵
  PID:7796
- C:\Windows\System\ZyaeJXX.exe
  C:\Windows\System\ZyaeJXX.exe
  2⤵
  PID:8692
- C:\Windows\System\biOXQPm.exe
  C:\Windows\System\biOXQPm.exe
  2⤵
  PID:9292
- C:\Windows\System\QfTEHit.exe
  C:\Windows\System\QfTEHit.exe
  2⤵
  PID:9680
- C:\Windows\System\htGFfke.exe
  C:\Windows\System\htGFfke.exe
  2⤵
  PID:9176
- C:\Windows\System\qcPZMfG.exe
  C:\Windows\System\qcPZMfG.exe
  2⤵
  PID:9696
- C:\Windows\System\eaDUtJF.exe
  C:\Windows\System\eaDUtJF.exe
  2⤵
  PID:9736
- C:\Windows\System\OSOjXlI.exe
  C:\Windows\System\OSOjXlI.exe
  2⤵
  PID:9800
- C:\Windows\System\wjgUlPT.exe
  C:\Windows\System\wjgUlPT.exe
  2⤵
  PID:10064
- C:\Windows\System\WxwZNtf.exe
  C:\Windows\System\WxwZNtf.exe
  2⤵
  PID:9636
- C:\Windows\System\WyngBxt.exe
  C:\Windows\System\WyngBxt.exe
  2⤵
  PID:10104
- C:\Windows\System\kIQYPbt.exe
  C:\Windows\System\kIQYPbt.exe
  2⤵
  PID:10152
- C:\Windows\System\emquqNr.exe
  C:\Windows\System\emquqNr.exe
  2⤵
  PID:8388
- C:\Windows\System\xECkPof.exe
  C:\Windows\System\xECkPof.exe
  2⤵
  PID:9272
- C:\Windows\System\wdNvvAg.exe
  C:\Windows\System\wdNvvAg.exe
  2⤵
  PID:9524
- C:\Windows\System\rVRkDfd.exe
  C:\Windows\System\rVRkDfd.exe
  2⤵
  PID:9532
- C:\Windows\System\PpZcvey.exe
  C:\Windows\System\PpZcvey.exe
  2⤵
  PID:9388
- C:\Windows\System\WbBmnyh.exe
  C:\Windows\System\WbBmnyh.exe
  2⤵
  PID:9816
- C:\Windows\System\UoexJZc.exe
  C:\Windows\System\UoexJZc.exe
  2⤵
  PID:8832
- C:\Windows\System\dagRNtt.exe
  C:\Windows\System\dagRNtt.exe
  2⤵
  PID:9452
- C:\Windows\System\YMXkEtI.exe
  C:\Windows\System\YMXkEtI.exe
  2⤵
  PID:10164
- C:\Windows\System\TyVIDPk.exe
  C:\Windows\System\TyVIDPk.exe
  2⤵
  PID:9472
- C:\Windows\System\YvkmLHR.exe
  C:\Windows\System\YvkmLHR.exe
  2⤵
  PID:9624
- C:\Windows\System\XwgrObR.exe
  C:\Windows\System\XwgrObR.exe
  2⤵
  PID:9992
- C:\Windows\System\NLbWjGW.exe
  C:\Windows\System\NLbWjGW.exe
  2⤵
  PID:9476
- C:\Windows\System\XKHrkie.exe
  C:\Windows\System\XKHrkie.exe
  2⤵
  PID:10236
- C:\Windows\System\rLcplZf.exe
  C:\Windows\System\rLcplZf.exe
  2⤵
  PID:9856
- C:\Windows\System\OACMfVc.exe
  C:\Windows\System\OACMfVc.exe
  2⤵
  PID:9408
- C:\Windows\System\PlBaRGO.exe
  C:\Windows\System\PlBaRGO.exe
  2⤵
  PID:9584
- C:\Windows\System\lugKfOj.exe
  C:\Windows\System\lugKfOj.exe
  2⤵
  PID:9400
- C:\Windows\System\BSIqbOC.exe
  C:\Windows\System\BSIqbOC.exe
  2⤵
  PID:9592
- C:\Windows\System\XkJDEsn.exe
  C:\Windows\System\XkJDEsn.exe
  2⤵
  PID:8720
- C:\Windows\System\WGRPjya.exe
  C:\Windows\System\WGRPjya.exe
  2⤵
  PID:9520
- C:\Windows\System\kKNNxvi.exe
  C:\Windows\System\kKNNxvi.exe
  2⤵
  PID:9960
- C:\Windows\System\dsOcSkC.exe
  C:\Windows\System\dsOcSkC.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ARDbgoC.exe

Filesize
5.2MB

MD5
381a9f2c026a612ed84a6537b5a41dd2

SHA1
f64f7640464608f8782bc3fc5116086fbac714da

SHA256
5851cfecf32572981d1c0f3cc1610bbcf698f81936824a0e08ffaa3341617c9f

SHA512
25be7ef30f7edacbb69cdc5eea6f39c6f46612efb77ad0045665881703f0ebcd02fde5a415f0e522a912a5e67e1346bf157868e66532c82cf98135bed054a203

Download Submit
C:\Windows\system\BHOGzyf.exe

Filesize
5.2MB

MD5
a5e5f4785ef189e0ebdcd38d0b0b8da6

SHA1
50cbe85021cccf572a4835ffff9672f9305c192d

SHA256
ad326ecc0d1264f984f8a65d6da5fa0150fc138f2117aee42c6766fa0a574db3

SHA512
c94f5970279e4f935682ad3662067416cad51005419b81494a98a65761672cd34c4c7999347df5c31366e950a8bc49c5245b3b100d4a7d3c360f7a0b4ca7c348

Download Submit
C:\Windows\system\DTtOkYR.exe

Filesize
5.2MB

MD5
710034b88aeafd821a6a75a2bd1fee1f

SHA1
04c1fc9bba30b5f4dd746300e6c6c5a5a0c7d99e

SHA256
4eef11fc34db87eec4867a7608558bbb294251a02fae94cb16c5ac93cd3bec4a

SHA512
3654554a36cf93d22b6919cd465ede8a4de613e8e364590175d9a6d7834c0c4b49e7a40a24c68dd7db211c16528a50c46a4b19915f83b41b1acb2f005dff28f7

Download Submit
C:\Windows\system\FMzJDbE.exe

Filesize
5.2MB

MD5
0a37e29ed050004d7015f0d053b02bf2

SHA1
91bf94b75517aed4f038a5844434f3188071746a

SHA256
0937a66d7021c9f44ad4f5e9bf3a774b1ae271afbadabb76186ea891773f04a4

SHA512
d873d471aed004ffedd92089c047cf606616b06776284672244e49f36990aa49635168ac0aafffeed1d038590641a61c9ca5fea5c6f92998af2bf1e7c5855204

Download Submit
C:\Windows\system\GpgzHhs.exe

Filesize
5.2MB

MD5
6df1b2f6accbb2dac82dfc00191f63d0

SHA1
8b048682b4975868635aeb72c71feaf32a4da646

SHA256
73340cf0a0e063506f5cfa0a84e966eb38a4d44f5645771e57db536b09e9e151

SHA512
60aec1d8dff687b525267d51e0216b85e912bcc2ac8da2945f71e7eda4e79519bf4c5d1464e063a42d5528913c87ef7249aee529d6de4ddd59cc18e031073c72

Download Submit
C:\Windows\system\KoLeUrx.exe

Filesize
5.2MB

MD5
bec9c36124e5df54c9687026bddf66e6

SHA1
f7b5c9c6b227cf4351bcebe31d302698661bb0d1

SHA256
96724b4209701efc1f75441d9c1132abb78deea809c9c39d928ac0214d38de0a

SHA512
95d9b78a5573c8833aeb1883d409b84f60740e7f2c061ff2f2964b5177f7128449cd0cd3abab0898a66869f8bf5f09eb8c7338e3f59952cd5e46be90cb7634ee

Download Submit
C:\Windows\system\NfxWjAm.exe

Filesize
5.2MB

MD5
2b888d019916a40f3fb070b85813f0da

SHA1
adf0151acb83d32d0873cc5c39798057f8c0bc32

SHA256
7992bcdf0bb331df2cc6aabac48cf4aa525768a8138f47b8a2c13af1e0dc3c1b

SHA512
1747d0154b18d05bb0ddd4d92a9a153e594dcaa846ba4214140d7ae2fd4ee140e3a329198dcdffe8108af3f13607cc0397ad7e27b8a7bcce565a22a31cbe7ca6

Download Submit
C:\Windows\system\NrskpgH.exe

Filesize
5.2MB

MD5
412db6f50a452a34a0a36c48916ef5c7

SHA1
7bd4ab38c09d0ba313148c6f1973e7b152bfd914

SHA256
55ca111e9d698dd757e8586939bec1a2ab6df52926c4dc8bfcdd571b45bc5a99

SHA512
6427645b0fc6483c848adfbabf3dd880a0edc5e0c910da79700606a9e9ac9849fe96183e67309085d7c4a0e4bd33b61310fdef24c15c0a6e4393b0144441c895

Download Submit
C:\Windows\system\QYkVmeh.exe

Filesize
5.2MB

MD5
c99c44bbe9b7f1a9afbcec4997cf44ee

SHA1
bb08c40f4c5fd70299009792aab230fd303c2e3f

SHA256
22b8a2569af664b3bab62c928cb3f7171ffa46e8b9f768e34b927dedb9d9b630

SHA512
4e97ed4f648a92e5a3f7b1f1e0b0e5eb104a938adceea5be7530b33580f3b019e8869822849b57612198cf265cc8c919d5ad225137806518eb7d2a75c8c8451e

Download Submit
C:\Windows\system\QyCgBQc.exe

Filesize
5.2MB

MD5
5a274d70352f9d4592d4d1af3f95aef5

SHA1
d6968d8c8d3b0ea63e924bd80ab21bad6d6b60df

SHA256
3d07bede1c066bceaad6b892aff0d15625b4cfc15eb4d030531fd2d8d5bc58ed

SHA512
74eb57818be475fb4656714d1f873a997b6bae934d6a08b97466ecf6bc5c4102829109372689b365d85df917cae11234ef682f37d10bdf8352f6cb84ef2283e8

Download Submit
C:\Windows\system\SSOikzQ.exe

Filesize
5.2MB

MD5
9da6f2c3984529b136e5257dcae9fe33

SHA1
989ee9ce6684fc7de40555122699fd283326bedc

SHA256
b39f6300b533e85fdebd01cf1510cb8525b79d7347566be918989442201d3c33

SHA512
d0d53a99c38cb210cac7170a2119ccf50c12391727a609f906e9d1a3311925422f7993400b05d9de50b63634aa82e98cc598552149996b6d460c3617c76ab2d0

Download Submit
C:\Windows\system\UxEYXbF.exe

Filesize
5.2MB

MD5
202815e39c1a2b72c264fdc3a67412e9

SHA1
0e6649e9b98ef67d065af6423d94f57863374bed

SHA256
e2731703a232a3b549ffa4212bd83752e3f28021c65d4efab3e94a85216c0b1a

SHA512
45bfcf7b1a8c22790714c306b3d760d770faf82c4c2fe4aeda7140456741aa1d1a07bf79f6615c0f9282d168db34c5e19b1e4a8e7fa3672c3e074c65e75630b3

Download Submit
C:\Windows\system\XbbakSY.exe

Filesize
5.2MB

MD5
50bff8d5b1246d53ca746747319fddd9

SHA1
c411181f325453fa7b0f25c31ff353085c4cd211

SHA256
05254e1b4bef18e1f6a76b3458553ef76ed974df3a58501bb82c1117329f9cc0

SHA512
dad8092fd0cbc4503ec479bb9ba790abbede7cd6fd9efffd00e3aff767b491636155f7e62679ecdee617f29349f7bf8778e2f45fbf64ae909ab2c79b7ac8923c

Download Submit
C:\Windows\system\eEaCYAo.exe

Filesize
5.2MB

MD5
c4d98fe120ac68501569aaceb90ef1ed

SHA1
8d572e3689d6133a8b72faf84158ffb0cd22bfb0

SHA256
631f280d9aee18a8c93429e8e5fc34aa89a3e7384c755694f5281e72c8f3a79b

SHA512
204ecfbe6cafea3b72c4ca0552209f24babfc59e9e11c505747761327e54bfd5558b45af9b07feb64d98d2c2f690e220f378cb6d306416b4f8bd78062872cb12

Download Submit
C:\Windows\system\ePDfbAg.exe

Filesize
5.2MB

MD5
9d1a949bda5196aa837069f4f7743cf9

SHA1
d601a3c769bb067b7a4bf89073431963f0444df0

SHA256
0599e2febb91693c4584c378570cdbf93d0ee6ab42c0dd26d6278018334d31a2

SHA512
f589fb36ee9f4cb975252ff27b96acc299e48f318cf991ce3a5672d0360c35e3699599cb8f4e5642bd11e61c56359ba21793b0df435952c3e054200948e8c996

Download Submit
C:\Windows\system\gmHWJUi.exe

Filesize
5.2MB

MD5
bcfb84cda6809045218fde56e975d0ae

SHA1
98800792b96353110825bb444f91142fe46a0d5b

SHA256
d3329aa891e884ce63e435103d5b5a773ea852fdd083679a75ad74591fc14ac7

SHA512
47c8ccfa08b4c1aa47dc39523c0279b795ac06c1ce9f23849c0de0746beb4f60280ff7eedca64eb1b7fac07617dba6f2d7977aee8a1a7128c08e5d090e76af5f

Download Submit
C:\Windows\system\hxjLgmk.exe

Filesize
5.2MB

MD5
beeb2f12235e20b9f4d869f00ab63043

SHA1
4a9940dd60cd171762a986e3faa7757739df6c34

SHA256
6577d407a32823e61242a648255597ab803e4b660c3bd3d370791e05ca1eb32b

SHA512
16659ac7031867842405268beb8bea32f735540e0fec8ac9631a60e2f3814b9729bf9fac43ad51c626430456a1810bb555067429e6fbbcacf686a7051bd8614d

Download Submit
C:\Windows\system\jMsnEAP.exe

Filesize
5.2MB

MD5
71a334e420d6202a4ec3731b0274494e

SHA1
b1d6c1b49960a05ce7765aaf9c404613d3a7422f

SHA256
66ca4353ef586dda029259397c5512014e1de3debd70f73b18864e4179bd26e4

SHA512
48740985b9cbbc5e8e78ca380ebd38f8643d80d0eea24f95172fdb7d0ec3f830d44c935e7e356c797c154b77db23d710cb03f55e43c89e2aff3cdfca295fd5fd

Download Submit
C:\Windows\system\kGxmjng.exe

Filesize
5.2MB

MD5
b4413bd8ee4e4c300ea062c1f817f471

SHA1
cde72fbcdcbef53b7c9a2a06a69d38834e17f1ea

SHA256
372f2dd8f51a0f1762f61d4adde2d059f7de66050dd00949def0ddfacd0f6812

SHA512
0c95cf9410c624d52ebda33f51b916ccc7ea82d678b95b3439aa6d651705d3dc99d03fbb62d79ce79958829e52ca28148641120f2544ffa80b41f999616b06c3

Download Submit
C:\Windows\system\kNCaKpG.exe

Filesize
5.2MB

MD5
5e237d983e70056caa809087748b5e5f

SHA1
2d4db0609a854c6d114bb93dda4dbc99347f4b86

SHA256
0fc7517d8cba9c4b6ffddea378c18a24461fa4223ea865dcd5bd69f9d3a6d39c

SHA512
9e383ef403fac9f6f88d3dce5043ebf8ae691d36276d0002d7cbb25da89746af48a5bf05b250cf7517f96f602c97edf64e4f836fc5c7a5ddc69284388a2c71be

Download Submit
C:\Windows\system\liZPVIO.exe

Filesize
5.2MB

MD5
f913bfe7e37c89e6d5e0ad45953d14af

SHA1
970f32a4d4f91f5043f5d22fba62f1023afa3469

SHA256
9dbdd9094af02ed759797329e30d27a36173d311720d05728ff72dddf8df4eb6

SHA512
3cb6f5826d3bdef2b9bff93a9e0e964a048c572def99e6599b5046ef42f4f4704d547ec6d4fcb26c2a87841ae925fdff74107706e31a757102c230efd7793bcf

Download Submit
C:\Windows\system\lpjUTCQ.exe

Filesize
5.2MB

MD5
002c1e9b6976adbf429537d18bfe6db0

SHA1
96ec46460e0d69b0817d1482aba5c5c5c0ac1e62

SHA256
1096fda09ffe4d9bc7e22c5226a049e2f6eca848a186f76b593ebd2f735482de

SHA512
501ef8f58dfd5a1f156fcb821208ea906058ae3daa337ab692885120aa18073e9a6f0baa67219c47e31b3deddd5a9c8571cf72516156a20062bb33fc3c6b424d

Download Submit
C:\Windows\system\sXZTHha.exe

Filesize
5.2MB

MD5
582e9d18c43a47b75ec2102b8f0a76bd

SHA1
58102cc695c150c66eafd034fa9698fdde833ff8

SHA256
44b8cfb8fd8505c502d91d184d35dc079158750d3394047e09dd3dfe2f6dcaca

SHA512
da284f3b089aab7c179518bfc39da3686e0bca57b2d92533e327950f87a7c2324a686e794661023995ff2c6d98121fd897a1dfefb8d6aa678c9233143520cc00

Download Submit
C:\Windows\system\tWlDDjY.exe

Filesize
5.2MB

MD5
528fe85ed929bb3c771f1ce35e70b477

SHA1
5d1a4f7e21ba3c78584c93d1a5c05792d6cf4d58

SHA256
f0d02088743c965428d4d4396c90c8a2b9f1438879d83089961995f07a8ad442

SHA512
de097e0fe0413db43a99f723f3a5e90f2ebd8e11e193b3cdaaec19f21f5ecf4b665a5be7067c3b4fa4036682e43eb4db1f2de3cd7520a198fdef5b36882a97a1

Download Submit
C:\Windows\system\yQfXtPG.exe

Filesize
5.2MB

MD5
fcb5405ce22e88135081bbeeab16bcc5

SHA1
8ecf09ddc0c185ea735da28cb44d66e558d06d94

SHA256
9e466b6bc1fbf3cab24161c737ee2714ff16f21d02398e9387fa6224fae09909

SHA512
1766b01918b83e996b1dada1c0729fdd774737b4e904e89dc40398682bee90339165922566dced1eb50eec3ed46caddf658446db20aae292decce7486d091d2b

Download Submit
C:\Windows\system\zMwqsdN.exe

Filesize
5.2MB

MD5
1c2bd37207bcee6de023c539c739ba44

SHA1
304c40ccbe0cb48c5a551daf1ca4c6f14ecb451f

SHA256
15c9ec10cd15511a7bce6bb8cdaae9676d471619f02e6ce30fdb23ed6e2b42b9

SHA512
6680e0b33085359433a03b50c7b1829468610a70f9804541cea06412c145b643c4a9beb73d59836d639c2e87936a3d3789344bc6cc29c154d529719b764d181d

Download Submit
\Windows\system\BdKGPrI.exe

Filesize
5.2MB

MD5
7c10a9a55d3ee58954f147047acedf7b

SHA1
0c13a8bb0adce2a533fe9a9fe334b35d8df38857

SHA256
d155c5d0b057bc2947c1ff8df6c08641823060b071a5c086d1e57af92058e340

SHA512
8611d66ddaaed8949fbab9be986fb6758b84002def07e4252fc1870512fb4399708936e9a58bf4aa8167be26a495f1e0bbe71b03c2b8521da4062fff6f334f23

Download Submit
\Windows\system\FWQIKia.exe

Filesize
5.2MB

MD5
5d98536839ca7907653f9dd3114654b3

SHA1
fa751e2fe81564e593f57d471583f898f54c9f68

SHA256
92f0ad3317a8037acf69ccc7e71bdf629a9db2a0ea18f18ed2973bf27e59a463

SHA512
b6673708100f9bea9a8c5a80d323c2501fb5eb8be79215eaf141fbde74d08d5f76c60b7d10115ec41681d6697d6cbcf01c53c3451670b90f1da0a453e8dc7cd8

Download Submit
\Windows\system\UFqTqtQ.exe

Filesize
5.2MB

MD5
6a4668dc7508bf7c96673803ed216c9c

SHA1
c022bc492bbf9229f7883f69a211813537fced81

SHA256
4c846073dcc118ce59b9d00eb748b19b4a38b0b57a3cec333572cb4f20e9bce3

SHA512
c91791ca17acee5f35a648367e59c4f84c8624a790f8efcdb5c3bd1f82ecfdb5026f4a080f0f8c10b4bbe3fda32b80318b81b9dbf8f1f32f31eda891d3997218

Download Submit
\Windows\system\ZOhyMhe.exe

Filesize
5.2MB

MD5
3d06cb3c320ea444e2e0162d55bbe984

SHA1
cc1141fd797bc12118ff96463de6fffccdd1f27b

SHA256
398497df1ef717d72b2f1c0d69bf52f20e9c8828d61460a4c1323a6fd61189ac

SHA512
10ca977d4358fe568ccc193fea4eb729aa306942e4f9b7fe8830f1fc3e969707367e67004fdd621fa72c4b2cb82e74facb1baa79ed3350a8ee1837f532efb3b9

Download Submit
\Windows\system\pOBlcPC.exe

Filesize
5.2MB

MD5
daa85d7551bac383ec75b6e2ef1e59c4

SHA1
389c59310220a08ca2e15157c145086f00c2a477

SHA256
9e6c8057543bb726df93aef81f48b4ac7e758ae057905f549683c5097b55a3cb

SHA512
01f06864b1f722de0ab32feb50590c84be682eee9ea5b8d588c7739737ec3ac63254842cc0b2c118c97d55c63ed84989bd980f81a25da7c144b9ccd52d8afef6

Download Submit
\Windows\system\yGfNNZH.exe

Filesize
5.2MB

MD5
de4cbaf776eae75ebf60012dbcaa0352

SHA1
314891dff3c7d4c9e67e9e40334ee64b0150d050

SHA256
18e0403ecc719185fac6e680c282705bad3d777e72c700d690289e0df1030ccb

SHA512
17e9e1b6a2be678869e4ed68d44f8c21987ed8187675fb732ef8d163add85791e24659ffea98f5276538407150c0be5e8f96b79f86e48706e3f0b46023338283

Download Submit
memory/1056-312-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download
memory/1056-2930-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download
memory/1056-28-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download
memory/1624-49-0x000000013F0E0000-0x000000013F431000-memory.dmp

Filesize
3.3MB

Download
memory/1624-2867-0x000000013F0E0000-0x000000013F431000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3667-0x000000013F790000-0x000000013FAE1000-memory.dmp

Filesize
3.3MB

Download
memory/1916-23-0x000000013F790000-0x000000013FAE1000-memory.dmp

Filesize
3.3MB

Download
memory/1916-241-0x000000013F790000-0x000000013FAE1000-memory.dmp

Filesize
3.3MB

Download
memory/2072-72-0x000000013FA00000-0x000000013FD51000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2871-0x000000013FA00000-0x000000013FD51000-memory.dmp

Filesize
3.3MB

Download
memory/2072-12-0x000000013FA00000-0x000000013FD51000-memory.dmp

Filesize
3.3MB

Download
memory/2156-60-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2873-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/2196-32-0x000000013F470000-0x000000013F7C1000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3696-0x000000013F470000-0x000000013F7C1000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3582-0x000000013F300000-0x000000013F651000-memory.dmp

Filesize
3.3MB

Download
memory/2412-89-0x000000013F300000-0x000000013F651000-memory.dmp

Filesize
3.3MB

Download
memory/2516-92-0x000000013F810000-0x000000013FB61000-memory.dmp

Filesize
3.3MB

Download
memory/2516-7-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-83-0x000000013F280000-0x000000013F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2516-56-0x000000013F8B0000-0x000000013FC01000-memory.dmp

Filesize
3.3MB

Download
memory/2516-37-0x000000013FC40000-0x000000013FF91000-memory.dmp

Filesize
3.3MB

Download
memory/2516-106-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-105-0x000000013FFE0000-0x0000000140331000-memory.dmp

Filesize
3.3MB

Download
memory/2516-81-0x000000013F300000-0x000000013F651000-memory.dmp

Filesize
3.3MB

Download
memory/2516-0-0x000000013FC40000-0x000000013FF91000-memory.dmp

Filesize
3.3MB

Download
memory/2516-50-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-642-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-938-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-17-0x000000013F790000-0x000000013FAE1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-935-0x000000013FFE0000-0x0000000140331000-memory.dmp

Filesize
3.3MB

Download
memory/2516-917-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-787-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-657-0x000000013F300000-0x000000013F651000-memory.dmp

Filesize
3.3MB

Download
memory/2516-629-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2516-86-0x0000000002260000-0x00000000025B1000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2907-0x000000013F280000-0x000000013F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2604-68-0x000000013F280000-0x000000013F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2604-353-0x000000013F280000-0x000000013F5D1000-memory.dmp

Filesize
3.3MB

Download
memory/2632-96-0x000000013FE90000-0x00000001401E1000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2899-0x000000013FE90000-0x00000001401E1000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2877-0x000000013FDA0000-0x00000001400F1000-memory.dmp

Filesize
3.3MB

Download
memory/2740-88-0x000000013FDA0000-0x00000001400F1000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2869-0x000000013FF40000-0x0000000140291000-memory.dmp

Filesize
3.3MB

Download
memory/2764-71-0x000000013FF40000-0x0000000140291000-memory.dmp

Filesize
3.3MB

Download
memory/2872-99-0x000000013F9E0000-0x000000013FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3695-0x000000013F9E0000-0x000000013FD31000-memory.dmp

Filesize
3.3MB

Download
memory/2908-51-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-637-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3694-0x000000013F170000-0x000000013F4C1000-memory.dmp

Filesize
3.3MB

Download