cobaltstrike | bcb042f2102aae6e63f766fc5d02b32ed7b067b5774e1b0600f3395d29be209c

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff47f11cca47464cf11772000abf7e8f
SHA1

3cd8c5de99b655d658261973c66750215ffbb88b
SHA256

bcb042f2102aae6e63f766fc5d02b32ed7b067b5774e1b0600f3395d29be209c
SHA512

533b84de78d49203abfaba6cdbd27bfb4e13c294568baa51542025e4fb2f5f53cce9326050def167790efe4a063d2f38ef80b27f2b73e4908d082c99bc68124b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f10-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160a5-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ab-23.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015d51-29.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001648f-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019230-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194cd-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e9-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d2-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194db-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c4-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949e-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f7-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e8-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b5-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939b-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019374-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933b-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932d-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-88.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165b9-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019223-71.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162f6-47.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001629c-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/files/0x0008000000015f10-8.dat	xmrig
behavioral1/memory/2736-12-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2780-14-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x00070000000160a5-16.dat	xmrig
behavioral1/memory/2768-21-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00070000000160ab-23.dat	xmrig
behavioral1/files/0x000c000000015d51-29.dat	xmrig
behavioral1/memory/2832-35-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/3028-39-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2736-43-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2384-75-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000900000001648f-54.dat	xmrig
behavioral1/files/0x0005000000019230-78.dat	xmrig
behavioral1/memory/2516-85-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194cd-154.dat	xmrig
behavioral1/files/0x00050000000194e3-166.dat	xmrig
behavioral1/files/0x00050000000194e9-174.dat	xmrig
behavioral1/memory/3028-910-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/3028-713-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e7-170.dat	xmrig
behavioral1/files/0x00050000000194d2-156.dat	xmrig
behavioral1/files/0x00050000000194db-161.dat	xmrig
behavioral1/files/0x00050000000194c4-150.dat	xmrig
behavioral1/files/0x000500000001949e-146.dat	xmrig
behavioral1/files/0x00050000000193f7-142.dat	xmrig
behavioral1/files/0x00050000000193e8-138.dat	xmrig
behavioral1/files/0x00050000000193b5-134.dat	xmrig
behavioral1/files/0x00050000000193b3-130.dat	xmrig
behavioral1/files/0x000500000001939b-126.dat	xmrig
behavioral1/files/0x0005000000019374-122.dat	xmrig
behavioral1/files/0x000500000001933b-118.dat	xmrig
behavioral1/files/0x000500000001930d-110.dat	xmrig
behavioral1/files/0x000500000001932d-114.dat	xmrig
behavioral1/memory/3028-106-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2968-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-103.dat	xmrig
behavioral1/memory/1232-99-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2660-97-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/3028-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-94.dat	xmrig
behavioral1/memory/1424-91-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2832-84-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/376-81-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2532-90-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-88.dat	xmrig
behavioral1/memory/2768-66-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00090000000165b9-65.dat	xmrig
behavioral1/files/0x0006000000018bf3-61.dat	xmrig
behavioral1/memory/2700-77-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1720-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019223-71.dat	xmrig
behavioral1/memory/3028-70-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2968-57-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2532-42-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2660-50-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2780-49-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x00070000000162f6-47.dat	xmrig
behavioral1/files/0x000700000001629c-38.dat	xmrig
behavioral1/memory/2700-28-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2832-3730-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2968-3751-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2700-3763-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2736	JjmnduP.exe
2780	vtmOrbK.exe
2768	DsnUVaB.exe
2700	RnJfQfJ.exe
2832	ohJxOsy.exe
2532	HHLWptn.exe
2660	qoqeoMZ.exe
2968	nPCVPcP.exe
1720	jvdjGhB.exe
2384	kyEZYCG.exe
376	NUCrFzJ.exe
2516	DXPZZDg.exe
1424	PmyQCQM.exe
1232	GWkohmG.exe
1732	mNuGIxW.exe
1736	clFwstw.exe
1068	BfDeupL.exe
1144	BqBsIFE.exe
432	SiKgWtz.exe
1952	YMtmsnM.exe
1132	DKrDtlb.exe
316	ShOCtNB.exe
532	BAMqTVE.exe
992	eVbjNbv.exe
2228	SbBkofw.exe
2164	gJcCxPT.exe
2336	chANKAP.exe
1880	ALkEIuZ.exe
1860	cgoeOYA.exe
2348	kwkUbCu.exe
2100	koJDUjn.exe
1904	gsGQALf.exe
1924	ggiWQpU.exe
2404	wdSaIsM.exe
892	YLafBxK.exe
2856	UlaPnbw.exe
2068	vWRyEJt.exe
2720	SYTlQmo.exe
816	Gziddxr.exe
2356	TfGnJAy.exe
1368	qPUFdsp.exe
1916	mZBpjjg.exe
280	dzpeCay.exe
2212	EuwIlps.exe
2396	hJlGxbJ.exe
1064	EZaJwMh.exe
2252	lANQYxt.exe
848	tcbfJzE.exe
2028	ydJIpkr.exe
2412	ymtrckq.exe
2500	IaWUhvZ.exe
2144	BBxaUUj.exe
2920	yFmRWyR.exe
1184	SIVcEXW.exe
2020	CrHGJNO.exe
2180	qKqkOhy.exe
2148	RZbVhHN.exe
2420	zqcaRyl.exe
1932	vvHxyHe.exe
1528	EVqcMzd.exe
1644	SPPNtjq.exe
2056	sHclWkp.exe
2940	nCTVIbJ.exe
1572	ZGnskdz.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/files/0x0008000000015f10-8.dat	upx
behavioral1/memory/2736-12-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2780-14-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x00070000000160a5-16.dat	upx
behavioral1/memory/2768-21-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00070000000160ab-23.dat	upx
behavioral1/files/0x000c000000015d51-29.dat	upx
behavioral1/memory/2832-35-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/3028-39-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2736-43-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2384-75-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000900000001648f-54.dat	upx
behavioral1/files/0x0005000000019230-78.dat	upx
behavioral1/memory/2516-85-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x00050000000194cd-154.dat	upx
behavioral1/files/0x00050000000194e3-166.dat	upx
behavioral1/files/0x00050000000194e9-174.dat	upx
behavioral1/files/0x00050000000194e7-170.dat	upx
behavioral1/files/0x00050000000194d2-156.dat	upx
behavioral1/files/0x00050000000194db-161.dat	upx
behavioral1/files/0x00050000000194c4-150.dat	upx
behavioral1/files/0x000500000001949e-146.dat	upx
behavioral1/files/0x00050000000193f7-142.dat	upx
behavioral1/files/0x00050000000193e8-138.dat	upx
behavioral1/files/0x00050000000193b5-134.dat	upx
behavioral1/files/0x00050000000193b3-130.dat	upx
behavioral1/files/0x000500000001939b-126.dat	upx
behavioral1/files/0x0005000000019374-122.dat	upx
behavioral1/files/0x000500000001933b-118.dat	upx
behavioral1/files/0x000500000001930d-110.dat	upx
behavioral1/files/0x000500000001932d-114.dat	upx
behavioral1/memory/2968-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x000500000001926b-103.dat	upx
behavioral1/memory/1232-99-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2660-97-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0005000000019246-94.dat	upx
behavioral1/memory/1424-91-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2832-84-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/376-81-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2532-90-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0005000000019240-88.dat	upx
behavioral1/memory/2768-66-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00090000000165b9-65.dat	upx
behavioral1/files/0x0006000000018bf3-61.dat	upx
behavioral1/memory/2700-77-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1720-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019223-71.dat	upx
behavioral1/memory/2968-57-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2532-42-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2660-50-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2780-49-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x00070000000162f6-47.dat	upx
behavioral1/files/0x000700000001629c-38.dat	upx
behavioral1/memory/2700-28-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2832-3730-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2968-3751-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2700-3763-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2384-4168-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1424-4169-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1720-4170-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2516-4172-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1232-4171-0x000000013F710000-0x000000013FA64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MGDYqaY.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLYmzDS.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvJsIiT.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKCkXKy.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDIqyEq.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\manDCKl.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmeuneG.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDjkqrd.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCACegc.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDTASuv.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btNdggc.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPEJSic.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwUfyHR.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBqAcyo.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWVbHHB.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCkjoon.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcOkzcM.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtbEPHL.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSnWBme.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQNEAnq.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJyismV.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiubYRY.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgfpcUZ.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdNvNuA.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLIKoJI.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMSIdAf.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMQkMFA.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIAaden.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGxGbbM.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXRQCIZ.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkqGSVY.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSDKGfO.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwLRQKv.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZXSHPs.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTLFYbq.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWYQOmh.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaEYDqT.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsCNvPs.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHRpQdn.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jddAzco.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUmOcnU.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKaQonL.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTDJpxl.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsnUVaB.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaRUiEy.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNRjupw.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOVLEFY.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQqwcyB.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrqeqdN.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogOJqLO.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNwsTNS.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVyceTg.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCnNFkc.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrwpLyT.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohJxOsy.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlvChUr.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTMMkso.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBAlosg.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOzpTQi.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGDICFq.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFikeaP.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBEIbHG.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbRYQfL.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxokgby.exe	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2780	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2780	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2780	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2768	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2768	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2768	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2700	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2700	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2700	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2832	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2832	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2832	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2532	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2532	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2532	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2660	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2660	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2660	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2968	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2968	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2968	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 1720	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 1720	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 1720	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 376	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 376	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 376	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2384	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2384	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2384	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2516	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2516	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2516	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1424	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1424	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1424	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1232	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1232	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1232	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1732	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1732	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1732	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1736	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1068	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1068	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1068	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1144	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1144	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 1144	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 432	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 432	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 432	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 1952	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 1952	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 1952	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 1132	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1132	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1132	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 316	3028	2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_ff47f11cca47464cf11772000abf7e8f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\JjmnduP.exe
  C:\Windows\System\JjmnduP.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\vtmOrbK.exe
  C:\Windows\System\vtmOrbK.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\DsnUVaB.exe
  C:\Windows\System\DsnUVaB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RnJfQfJ.exe
  C:\Windows\System\RnJfQfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ohJxOsy.exe
  C:\Windows\System\ohJxOsy.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\HHLWptn.exe
  C:\Windows\System\HHLWptn.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\qoqeoMZ.exe
  C:\Windows\System\qoqeoMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\nPCVPcP.exe
  C:\Windows\System\nPCVPcP.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\jvdjGhB.exe
  C:\Windows\System\jvdjGhB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\NUCrFzJ.exe
  C:\Windows\System\NUCrFzJ.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\kyEZYCG.exe
  C:\Windows\System\kyEZYCG.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\DXPZZDg.exe
  C:\Windows\System\DXPZZDg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\PmyQCQM.exe
  C:\Windows\System\PmyQCQM.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\GWkohmG.exe
  C:\Windows\System\GWkohmG.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\mNuGIxW.exe
  C:\Windows\System\mNuGIxW.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\clFwstw.exe
  C:\Windows\System\clFwstw.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\BfDeupL.exe
  C:\Windows\System\BfDeupL.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\BqBsIFE.exe
  C:\Windows\System\BqBsIFE.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\SiKgWtz.exe
  C:\Windows\System\SiKgWtz.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\YMtmsnM.exe
  C:\Windows\System\YMtmsnM.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\DKrDtlb.exe
  C:\Windows\System\DKrDtlb.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\ShOCtNB.exe
  C:\Windows\System\ShOCtNB.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\BAMqTVE.exe
  C:\Windows\System\BAMqTVE.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\eVbjNbv.exe
  C:\Windows\System\eVbjNbv.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\SbBkofw.exe
  C:\Windows\System\SbBkofw.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\gJcCxPT.exe
  C:\Windows\System\gJcCxPT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\chANKAP.exe
  C:\Windows\System\chANKAP.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\cgoeOYA.exe
  C:\Windows\System\cgoeOYA.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\ALkEIuZ.exe
  C:\Windows\System\ALkEIuZ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\kwkUbCu.exe
  C:\Windows\System\kwkUbCu.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\koJDUjn.exe
  C:\Windows\System\koJDUjn.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\gsGQALf.exe
  C:\Windows\System\gsGQALf.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ggiWQpU.exe
  C:\Windows\System\ggiWQpU.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\wdSaIsM.exe
  C:\Windows\System\wdSaIsM.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YLafBxK.exe
  C:\Windows\System\YLafBxK.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\UlaPnbw.exe
  C:\Windows\System\UlaPnbw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vWRyEJt.exe
  C:\Windows\System\vWRyEJt.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\SYTlQmo.exe
  C:\Windows\System\SYTlQmo.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\Gziddxr.exe
  C:\Windows\System\Gziddxr.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\TfGnJAy.exe
  C:\Windows\System\TfGnJAy.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\qPUFdsp.exe
  C:\Windows\System\qPUFdsp.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\mZBpjjg.exe
  C:\Windows\System\mZBpjjg.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\dzpeCay.exe
  C:\Windows\System\dzpeCay.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\EuwIlps.exe
  C:\Windows\System\EuwIlps.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\hJlGxbJ.exe
  C:\Windows\System\hJlGxbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\lANQYxt.exe
  C:\Windows\System\lANQYxt.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\EZaJwMh.exe
  C:\Windows\System\EZaJwMh.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\tcbfJzE.exe
  C:\Windows\System\tcbfJzE.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\ydJIpkr.exe
  C:\Windows\System\ydJIpkr.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ymtrckq.exe
  C:\Windows\System\ymtrckq.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\IaWUhvZ.exe
  C:\Windows\System\IaWUhvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\BBxaUUj.exe
  C:\Windows\System\BBxaUUj.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\yFmRWyR.exe
  C:\Windows\System\yFmRWyR.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\SIVcEXW.exe
  C:\Windows\System\SIVcEXW.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\CrHGJNO.exe
  C:\Windows\System\CrHGJNO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\qKqkOhy.exe
  C:\Windows\System\qKqkOhy.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\RZbVhHN.exe
  C:\Windows\System\RZbVhHN.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\zqcaRyl.exe
  C:\Windows\System\zqcaRyl.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\vvHxyHe.exe
  C:\Windows\System\vvHxyHe.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\EVqcMzd.exe
  C:\Windows\System\EVqcMzd.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\SPPNtjq.exe
  C:\Windows\System\SPPNtjq.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\sHclWkp.exe
  C:\Windows\System\sHclWkp.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\nCTVIbJ.exe
  C:\Windows\System\nCTVIbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\ZGnskdz.exe
  C:\Windows\System\ZGnskdz.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\uWbsLFd.exe
  C:\Windows\System\uWbsLFd.exe
  2⤵
  PID:1696
- C:\Windows\System\uWhJMvo.exe
  C:\Windows\System\uWhJMvo.exe
  2⤵
  PID:2688
- C:\Windows\System\NAJGfev.exe
  C:\Windows\System\NAJGfev.exe
  2⤵
  PID:2760
- C:\Windows\System\uccKPtZ.exe
  C:\Windows\System\uccKPtZ.exe
  2⤵
  PID:2732
- C:\Windows\System\yLXwhcQ.exe
  C:\Windows\System\yLXwhcQ.exe
  2⤵
  PID:2656
- C:\Windows\System\Yigvgos.exe
  C:\Windows\System\Yigvgos.exe
  2⤵
  PID:2944
- C:\Windows\System\Dmylvag.exe
  C:\Windows\System\Dmylvag.exe
  2⤵
  PID:2956
- C:\Windows\System\evAukgw.exe
  C:\Windows\System\evAukgw.exe
  2⤵
  PID:2964
- C:\Windows\System\NtUPlqd.exe
  C:\Windows\System\NtUPlqd.exe
  2⤵
  PID:2072
- C:\Windows\System\cgYemzp.exe
  C:\Windows\System\cgYemzp.exe
  2⤵
  PID:2140
- C:\Windows\System\alsoifn.exe
  C:\Windows\System\alsoifn.exe
  2⤵
  PID:2896
- C:\Windows\System\ippIssC.exe
  C:\Windows\System\ippIssC.exe
  2⤵
  PID:1728
- C:\Windows\System\BLcarEP.exe
  C:\Windows\System\BLcarEP.exe
  2⤵
  PID:2508
- C:\Windows\System\PQAncvw.exe
  C:\Windows\System\PQAncvw.exe
  2⤵
  PID:3068
- C:\Windows\System\eZEqaXF.exe
  C:\Windows\System\eZEqaXF.exe
  2⤵
  PID:2952
- C:\Windows\System\hDSLWEO.exe
  C:\Windows\System\hDSLWEO.exe
  2⤵
  PID:1652
- C:\Windows\System\OTyCeDV.exe
  C:\Windows\System\OTyCeDV.exe
  2⤵
  PID:2036
- C:\Windows\System\CStDtjU.exe
  C:\Windows\System\CStDtjU.exe
  2⤵
  PID:2188
- C:\Windows\System\wKXcuWa.exe
  C:\Windows\System\wKXcuWa.exe
  2⤵
  PID:540
- C:\Windows\System\rlbuLRz.exe
  C:\Windows\System\rlbuLRz.exe
  2⤵
  PID:1596
- C:\Windows\System\HWAyHKa.exe
  C:\Windows\System\HWAyHKa.exe
  2⤵
  PID:928
- C:\Windows\System\GPFDaXf.exe
  C:\Windows\System\GPFDaXf.exe
  2⤵
  PID:912
- C:\Windows\System\ydeVdLo.exe
  C:\Windows\System\ydeVdLo.exe
  2⤵
  PID:1076
- C:\Windows\System\jQkXiue.exe
  C:\Windows\System\jQkXiue.exe
  2⤵
  PID:1552
- C:\Windows\System\pIyYmcV.exe
  C:\Windows\System\pIyYmcV.exe
  2⤵
  PID:1464
- C:\Windows\System\KwHZbrX.exe
  C:\Windows\System\KwHZbrX.exe
  2⤵
  PID:328
- C:\Windows\System\VfpkuZz.exe
  C:\Windows\System\VfpkuZz.exe
  2⤵
  PID:1056
- C:\Windows\System\PFZdYZG.exe
  C:\Windows\System\PFZdYZG.exe
  2⤵
  PID:1448
- C:\Windows\System\kWXWVNL.exe
  C:\Windows\System\kWXWVNL.exe
  2⤵
  PID:2264
- C:\Windows\System\OOgnduC.exe
  C:\Windows\System\OOgnduC.exe
  2⤵
  PID:2456
- C:\Windows\System\rRdKoUG.exe
  C:\Windows\System\rRdKoUG.exe
  2⤵
  PID:2928
- C:\Windows\System\eMSeGAz.exe
  C:\Windows\System\eMSeGAz.exe
  2⤵
  PID:1812
- C:\Windows\System\WEpbDnY.exe
  C:\Windows\System\WEpbDnY.exe
  2⤵
  PID:996
- C:\Windows\System\YBPYDXJ.exe
  C:\Windows\System\YBPYDXJ.exe
  2⤵
  PID:1800
- C:\Windows\System\MyXrdxD.exe
  C:\Windows\System\MyXrdxD.exe
  2⤵
  PID:3004
- C:\Windows\System\ComPMwC.exe
  C:\Windows\System\ComPMwC.exe
  2⤵
  PID:2016
- C:\Windows\System\dlbtvDM.exe
  C:\Windows\System\dlbtvDM.exe
  2⤵
  PID:1604
- C:\Windows\System\HCGkdYw.exe
  C:\Windows\System\HCGkdYw.exe
  2⤵
  PID:2764
- C:\Windows\System\ltpTcIO.exe
  C:\Windows\System\ltpTcIO.exe
  2⤵
  PID:2744
- C:\Windows\System\TzCCMMG.exe
  C:\Windows\System\TzCCMMG.exe
  2⤵
  PID:2544
- C:\Windows\System\YhZTvLp.exe
  C:\Windows\System\YhZTvLp.exe
  2⤵
  PID:2276
- C:\Windows\System\BBifQNK.exe
  C:\Windows\System\BBifQNK.exe
  2⤵
  PID:2368
- C:\Windows\System\LfBIAeo.exe
  C:\Windows\System\LfBIAeo.exe
  2⤵
  PID:1420
- C:\Windows\System\VoxNzrK.exe
  C:\Windows\System\VoxNzrK.exe
  2⤵
  PID:1036
- C:\Windows\System\hRuOsbz.exe
  C:\Windows\System\hRuOsbz.exe
  2⤵
  PID:2220
- C:\Windows\System\ASpOafE.exe
  C:\Windows\System\ASpOafE.exe
  2⤵
  PID:2344
- C:\Windows\System\IftijeG.exe
  C:\Windows\System\IftijeG.exe
  2⤵
  PID:2496
- C:\Windows\System\iosSMVD.exe
  C:\Windows\System\iosSMVD.exe
  2⤵
  PID:2628
- C:\Windows\System\zoqVbdz.exe
  C:\Windows\System\zoqVbdz.exe
  2⤵
  PID:1564
- C:\Windows\System\sKCkXKy.exe
  C:\Windows\System\sKCkXKy.exe
  2⤵
  PID:1928
- C:\Windows\System\DVJBFMm.exe
  C:\Windows\System\DVJBFMm.exe
  2⤵
  PID:1244
- C:\Windows\System\FIXXYZH.exe
  C:\Windows\System\FIXXYZH.exe
  2⤵
  PID:2492
- C:\Windows\System\JyLLkSa.exe
  C:\Windows\System\JyLLkSa.exe
  2⤵
  PID:1764
- C:\Windows\System\KItGzoR.exe
  C:\Windows\System\KItGzoR.exe
  2⤵
  PID:2936
- C:\Windows\System\FkkYCoy.exe
  C:\Windows\System\FkkYCoy.exe
  2⤵
  PID:2648
- C:\Windows\System\kYqeuAV.exe
  C:\Windows\System\kYqeuAV.exe
  2⤵
  PID:3084
- C:\Windows\System\mjHIeSa.exe
  C:\Windows\System\mjHIeSa.exe
  2⤵
  PID:3100
- C:\Windows\System\VePpDkm.exe
  C:\Windows\System\VePpDkm.exe
  2⤵
  PID:3116
- C:\Windows\System\gHEIZGP.exe
  C:\Windows\System\gHEIZGP.exe
  2⤵
  PID:3132
- C:\Windows\System\RTCSKRE.exe
  C:\Windows\System\RTCSKRE.exe
  2⤵
  PID:3148
- C:\Windows\System\QRERlnf.exe
  C:\Windows\System\QRERlnf.exe
  2⤵
  PID:3164
- C:\Windows\System\UpXDDRk.exe
  C:\Windows\System\UpXDDRk.exe
  2⤵
  PID:3180
- C:\Windows\System\yGcBwTq.exe
  C:\Windows\System\yGcBwTq.exe
  2⤵
  PID:3196
- C:\Windows\System\TTPSShX.exe
  C:\Windows\System\TTPSShX.exe
  2⤵
  PID:3212
- C:\Windows\System\FMgGVrr.exe
  C:\Windows\System\FMgGVrr.exe
  2⤵
  PID:3228
- C:\Windows\System\jmlxeyE.exe
  C:\Windows\System\jmlxeyE.exe
  2⤵
  PID:3244
- C:\Windows\System\PCYoDqI.exe
  C:\Windows\System\PCYoDqI.exe
  2⤵
  PID:3260
- C:\Windows\System\tNESFsu.exe
  C:\Windows\System\tNESFsu.exe
  2⤵
  PID:3276
- C:\Windows\System\sIKXoMA.exe
  C:\Windows\System\sIKXoMA.exe
  2⤵
  PID:3292
- C:\Windows\System\JWoyXmW.exe
  C:\Windows\System\JWoyXmW.exe
  2⤵
  PID:3308
- C:\Windows\System\sIAaden.exe
  C:\Windows\System\sIAaden.exe
  2⤵
  PID:3324
- C:\Windows\System\UTdrCgn.exe
  C:\Windows\System\UTdrCgn.exe
  2⤵
  PID:3340
- C:\Windows\System\tkEvHOR.exe
  C:\Windows\System\tkEvHOR.exe
  2⤵
  PID:3356
- C:\Windows\System\jyhsDHs.exe
  C:\Windows\System\jyhsDHs.exe
  2⤵
  PID:3372
- C:\Windows\System\gGFNVBK.exe
  C:\Windows\System\gGFNVBK.exe
  2⤵
  PID:3388
- C:\Windows\System\qrVoSLn.exe
  C:\Windows\System\qrVoSLn.exe
  2⤵
  PID:3404
- C:\Windows\System\ueLkBdR.exe
  C:\Windows\System\ueLkBdR.exe
  2⤵
  PID:3420
- C:\Windows\System\NDTASuv.exe
  C:\Windows\System\NDTASuv.exe
  2⤵
  PID:3436
- C:\Windows\System\HZJLOEg.exe
  C:\Windows\System\HZJLOEg.exe
  2⤵
  PID:3452
- C:\Windows\System\JMzmhMa.exe
  C:\Windows\System\JMzmhMa.exe
  2⤵
  PID:3468
- C:\Windows\System\cAkISEX.exe
  C:\Windows\System\cAkISEX.exe
  2⤵
  PID:3484
- C:\Windows\System\GpUqXun.exe
  C:\Windows\System\GpUqXun.exe
  2⤵
  PID:3500
- C:\Windows\System\VAcsAvL.exe
  C:\Windows\System\VAcsAvL.exe
  2⤵
  PID:3516
- C:\Windows\System\vmbohdl.exe
  C:\Windows\System\vmbohdl.exe
  2⤵
  PID:3532
- C:\Windows\System\FYmEGZc.exe
  C:\Windows\System\FYmEGZc.exe
  2⤵
  PID:3548
- C:\Windows\System\fRmxLYY.exe
  C:\Windows\System\fRmxLYY.exe
  2⤵
  PID:3568
- C:\Windows\System\kujfRDQ.exe
  C:\Windows\System\kujfRDQ.exe
  2⤵
  PID:3584
- C:\Windows\System\nGSIBpY.exe
  C:\Windows\System\nGSIBpY.exe
  2⤵
  PID:3600
- C:\Windows\System\dWJhqUR.exe
  C:\Windows\System\dWJhqUR.exe
  2⤵
  PID:3616
- C:\Windows\System\TaxwOPl.exe
  C:\Windows\System\TaxwOPl.exe
  2⤵
  PID:3632
- C:\Windows\System\KIfDqTK.exe
  C:\Windows\System\KIfDqTK.exe
  2⤵
  PID:3648
- C:\Windows\System\buEqxYJ.exe
  C:\Windows\System\buEqxYJ.exe
  2⤵
  PID:3664
- C:\Windows\System\aUuVXFf.exe
  C:\Windows\System\aUuVXFf.exe
  2⤵
  PID:3680
- C:\Windows\System\QQFwOhR.exe
  C:\Windows\System\QQFwOhR.exe
  2⤵
  PID:3696
- C:\Windows\System\PYbzaTJ.exe
  C:\Windows\System\PYbzaTJ.exe
  2⤵
  PID:3712
- C:\Windows\System\vaKIouA.exe
  C:\Windows\System\vaKIouA.exe
  2⤵
  PID:3728
- C:\Windows\System\VaujyBs.exe
  C:\Windows\System\VaujyBs.exe
  2⤵
  PID:3744
- C:\Windows\System\btNdggc.exe
  C:\Windows\System\btNdggc.exe
  2⤵
  PID:3760
- C:\Windows\System\fjkbcRG.exe
  C:\Windows\System\fjkbcRG.exe
  2⤵
  PID:3776
- C:\Windows\System\yLDkHzg.exe
  C:\Windows\System\yLDkHzg.exe
  2⤵
  PID:3792
- C:\Windows\System\DPaQHiN.exe
  C:\Windows\System\DPaQHiN.exe
  2⤵
  PID:3808
- C:\Windows\System\WACDpqP.exe
  C:\Windows\System\WACDpqP.exe
  2⤵
  PID:3824
- C:\Windows\System\VDaiNmZ.exe
  C:\Windows\System\VDaiNmZ.exe
  2⤵
  PID:3844
- C:\Windows\System\TGKBkgw.exe
  C:\Windows\System\TGKBkgw.exe
  2⤵
  PID:3860
- C:\Windows\System\qYxfJZx.exe
  C:\Windows\System\qYxfJZx.exe
  2⤵
  PID:3876
- C:\Windows\System\TlXYvcK.exe
  C:\Windows\System\TlXYvcK.exe
  2⤵
  PID:3892
- C:\Windows\System\Veutkik.exe
  C:\Windows\System\Veutkik.exe
  2⤵
  PID:3908
- C:\Windows\System\QWJlBwv.exe
  C:\Windows\System\QWJlBwv.exe
  2⤵
  PID:3924
- C:\Windows\System\MMrmJtY.exe
  C:\Windows\System\MMrmJtY.exe
  2⤵
  PID:3940
- C:\Windows\System\VdzBYjC.exe
  C:\Windows\System\VdzBYjC.exe
  2⤵
  PID:3956
- C:\Windows\System\SOHwdBj.exe
  C:\Windows\System\SOHwdBj.exe
  2⤵
  PID:3972
- C:\Windows\System\CGxZvzD.exe
  C:\Windows\System\CGxZvzD.exe
  2⤵
  PID:3988
- C:\Windows\System\dPYkbev.exe
  C:\Windows\System\dPYkbev.exe
  2⤵
  PID:4004
- C:\Windows\System\CwLRQKv.exe
  C:\Windows\System\CwLRQKv.exe
  2⤵
  PID:4020
- C:\Windows\System\qDozBue.exe
  C:\Windows\System\qDozBue.exe
  2⤵
  PID:4036
- C:\Windows\System\VnABEhQ.exe
  C:\Windows\System\VnABEhQ.exe
  2⤵
  PID:4052
- C:\Windows\System\LRtYzTZ.exe
  C:\Windows\System\LRtYzTZ.exe
  2⤵
  PID:4068
- C:\Windows\System\ElPJBEd.exe
  C:\Windows\System\ElPJBEd.exe
  2⤵
  PID:4084
- C:\Windows\System\NiXYChu.exe
  C:\Windows\System\NiXYChu.exe
  2⤵
  PID:2560
- C:\Windows\System\emqwagJ.exe
  C:\Windows\System\emqwagJ.exe
  2⤵
  PID:1460
- C:\Windows\System\ZlykzLL.exe
  C:\Windows\System\ZlykzLL.exe
  2⤵
  PID:2904
- C:\Windows\System\VOpcrvF.exe
  C:\Windows\System\VOpcrvF.exe
  2⤵
  PID:2976
- C:\Windows\System\MJhOCrj.exe
  C:\Windows\System\MJhOCrj.exe
  2⤵
  PID:1628
- C:\Windows\System\UIceedy.exe
  C:\Windows\System\UIceedy.exe
  2⤵
  PID:2176
- C:\Windows\System\UOtBGgG.exe
  C:\Windows\System\UOtBGgG.exe
  2⤵
  PID:2092
- C:\Windows\System\ZnHPktA.exe
  C:\Windows\System\ZnHPktA.exe
  2⤵
  PID:1992
- C:\Windows\System\zqHfsVn.exe
  C:\Windows\System\zqHfsVn.exe
  2⤵
  PID:3076
- C:\Windows\System\PfjYVJJ.exe
  C:\Windows\System\PfjYVJJ.exe
  2⤵
  PID:1700
- C:\Windows\System\MoqWNcJ.exe
  C:\Windows\System\MoqWNcJ.exe
  2⤵
  PID:3096
- C:\Windows\System\MZofZXi.exe
  C:\Windows\System\MZofZXi.exe
  2⤵
  PID:3144
- C:\Windows\System\UOHtPam.exe
  C:\Windows\System\UOHtPam.exe
  2⤵
  PID:3176
- C:\Windows\System\BDWpmTe.exe
  C:\Windows\System\BDWpmTe.exe
  2⤵
  PID:3192
- C:\Windows\System\VDMaBYO.exe
  C:\Windows\System\VDMaBYO.exe
  2⤵
  PID:3240
- C:\Windows\System\UTNfszM.exe
  C:\Windows\System\UTNfszM.exe
  2⤵
  PID:3252
- C:\Windows\System\DDUgKVS.exe
  C:\Windows\System\DDUgKVS.exe
  2⤵
  PID:3284
- C:\Windows\System\ZtrzwUV.exe
  C:\Windows\System\ZtrzwUV.exe
  2⤵
  PID:3288
- C:\Windows\System\CTLqEVt.exe
  C:\Windows\System\CTLqEVt.exe
  2⤵
  PID:3348
- C:\Windows\System\MSOJeIF.exe
  C:\Windows\System\MSOJeIF.exe
  2⤵
  PID:3396
- C:\Windows\System\dnxjxQn.exe
  C:\Windows\System\dnxjxQn.exe
  2⤵
  PID:3428
- C:\Windows\System\LWcmYZB.exe
  C:\Windows\System\LWcmYZB.exe
  2⤵
  PID:3460
- C:\Windows\System\usOeMTI.exe
  C:\Windows\System\usOeMTI.exe
  2⤵
  PID:3492
- C:\Windows\System\IKBiHzN.exe
  C:\Windows\System\IKBiHzN.exe
  2⤵
  PID:3524
- C:\Windows\System\RxvmmvX.exe
  C:\Windows\System\RxvmmvX.exe
  2⤵
  PID:3512
- C:\Windows\System\MrcUqtY.exe
  C:\Windows\System\MrcUqtY.exe
  2⤵
  PID:3564
- C:\Windows\System\veTgAPN.exe
  C:\Windows\System\veTgAPN.exe
  2⤵
  PID:3596
- C:\Windows\System\YeMhKCX.exe
  C:\Windows\System\YeMhKCX.exe
  2⤵
  PID:3656
- C:\Windows\System\OdJnfRi.exe
  C:\Windows\System\OdJnfRi.exe
  2⤵
  PID:3688
- C:\Windows\System\gQVrlgf.exe
  C:\Windows\System\gQVrlgf.exe
  2⤵
  PID:3672
- C:\Windows\System\ndTJugI.exe
  C:\Windows\System\ndTJugI.exe
  2⤵
  PID:3704
- C:\Windows\System\lENRSrO.exe
  C:\Windows\System\lENRSrO.exe
  2⤵
  PID:3784
- C:\Windows\System\SctmJah.exe
  C:\Windows\System\SctmJah.exe
  2⤵
  PID:3772
- C:\Windows\System\ufAoMhQ.exe
  C:\Windows\System\ufAoMhQ.exe
  2⤵
  PID:3856
- C:\Windows\System\DICgGKi.exe
  C:\Windows\System\DICgGKi.exe
  2⤵
  PID:3884
- C:\Windows\System\MSDGigS.exe
  C:\Windows\System\MSDGigS.exe
  2⤵
  PID:3872
- C:\Windows\System\JUUNjeP.exe
  C:\Windows\System\JUUNjeP.exe
  2⤵
  PID:3904
- C:\Windows\System\QBpBBNg.exe
  C:\Windows\System\QBpBBNg.exe
  2⤵
  PID:3936
- C:\Windows\System\EoJOiOR.exe
  C:\Windows\System\EoJOiOR.exe
  2⤵
  PID:4012
- C:\Windows\System\YWBfOqR.exe
  C:\Windows\System\YWBfOqR.exe
  2⤵
  PID:4028
- C:\Windows\System\VKHZgpM.exe
  C:\Windows\System\VKHZgpM.exe
  2⤵
  PID:4060
- C:\Windows\System\TfyZwpr.exe
  C:\Windows\System\TfyZwpr.exe
  2⤵
  PID:4064
- C:\Windows\System\BfSrNVc.exe
  C:\Windows\System\BfSrNVc.exe
  2⤵
  PID:1228
- C:\Windows\System\WTjZRst.exe
  C:\Windows\System\WTjZRst.exe
  2⤵
  PID:2476
- C:\Windows\System\ZPBynyc.exe
  C:\Windows\System\ZPBynyc.exe
  2⤵
  PID:1156
- C:\Windows\System\arSTWsr.exe
  C:\Windows\System\arSTWsr.exe
  2⤵
  PID:3080
- C:\Windows\System\gIBqMFs.exe
  C:\Windows\System\gIBqMFs.exe
  2⤵
  PID:3056
- C:\Windows\System\FrZhcGP.exe
  C:\Windows\System\FrZhcGP.exe
  2⤵
  PID:3160
- C:\Windows\System\WuBISqg.exe
  C:\Windows\System\WuBISqg.exe
  2⤵
  PID:3268
- C:\Windows\System\GjSvuBF.exe
  C:\Windows\System\GjSvuBF.exe
  2⤵
  PID:3304
- C:\Windows\System\uQLQeBJ.exe
  C:\Windows\System\uQLQeBJ.exe
  2⤵
  PID:2676
- C:\Windows\System\sHNCWXo.exe
  C:\Windows\System\sHNCWXo.exe
  2⤵
  PID:3412
- C:\Windows\System\FQizIjG.exe
  C:\Windows\System\FQizIjG.exe
  2⤵
  PID:3384
- C:\Windows\System\DWmaWjx.exe
  C:\Windows\System\DWmaWjx.exe
  2⤵
  PID:3496
- C:\Windows\System\lZkKKjT.exe
  C:\Windows\System\lZkKKjT.exe
  2⤵
  PID:3544
- C:\Windows\System\HhjClKl.exe
  C:\Windows\System\HhjClKl.exe
  2⤵
  PID:3628
- C:\Windows\System\cteYCQw.exe
  C:\Windows\System\cteYCQw.exe
  2⤵
  PID:3640
- C:\Windows\System\hLeXsey.exe
  C:\Windows\System\hLeXsey.exe
  2⤵
  PID:3724
- C:\Windows\System\hblEXUs.exe
  C:\Windows\System\hblEXUs.exe
  2⤵
  PID:3768
- C:\Windows\System\OYlmSKj.exe
  C:\Windows\System\OYlmSKj.exe
  2⤵
  PID:3952
- C:\Windows\System\cjHMKUN.exe
  C:\Windows\System\cjHMKUN.exe
  2⤵
  PID:3836
- C:\Windows\System\PPHWCng.exe
  C:\Windows\System\PPHWCng.exe
  2⤵
  PID:3984
- C:\Windows\System\lASGkQp.exe
  C:\Windows\System\lASGkQp.exe
  2⤵
  PID:2588
- C:\Windows\System\niPeaih.exe
  C:\Windows\System\niPeaih.exe
  2⤵
  PID:1660
- C:\Windows\System\vUliqFr.exe
  C:\Windows\System\vUliqFr.exe
  2⤵
  PID:3012
- C:\Windows\System\aZleYUB.exe
  C:\Windows\System\aZleYUB.exe
  2⤵
  PID:3112
- C:\Windows\System\tkGhWPA.exe
  C:\Windows\System\tkGhWPA.exe
  2⤵
  PID:3220
- C:\Windows\System\lXPmXeL.exe
  C:\Windows\System\lXPmXeL.exe
  2⤵
  PID:3352
- C:\Windows\System\kaTgAEh.exe
  C:\Windows\System\kaTgAEh.exe
  2⤵
  PID:4108
- C:\Windows\System\bbQrecp.exe
  C:\Windows\System\bbQrecp.exe
  2⤵
  PID:4124
- C:\Windows\System\IeqpsFX.exe
  C:\Windows\System\IeqpsFX.exe
  2⤵
  PID:4140
- C:\Windows\System\UuOoLMv.exe
  C:\Windows\System\UuOoLMv.exe
  2⤵
  PID:4156
- C:\Windows\System\dnoiAHY.exe
  C:\Windows\System\dnoiAHY.exe
  2⤵
  PID:4172
- C:\Windows\System\jdntNCi.exe
  C:\Windows\System\jdntNCi.exe
  2⤵
  PID:4188
- C:\Windows\System\hEKPJkv.exe
  C:\Windows\System\hEKPJkv.exe
  2⤵
  PID:4204
- C:\Windows\System\kmkKNcK.exe
  C:\Windows\System\kmkKNcK.exe
  2⤵
  PID:4220
- C:\Windows\System\PlvChUr.exe
  C:\Windows\System\PlvChUr.exe
  2⤵
  PID:4236
- C:\Windows\System\utzIWgv.exe
  C:\Windows\System\utzIWgv.exe
  2⤵
  PID:4252
- C:\Windows\System\OpnUGaC.exe
  C:\Windows\System\OpnUGaC.exe
  2⤵
  PID:4268
- C:\Windows\System\QoNZJSN.exe
  C:\Windows\System\QoNZJSN.exe
  2⤵
  PID:4284
- C:\Windows\System\OCeouDx.exe
  C:\Windows\System\OCeouDx.exe
  2⤵
  PID:4300
- C:\Windows\System\NdNvNuA.exe
  C:\Windows\System\NdNvNuA.exe
  2⤵
  PID:4316
- C:\Windows\System\tTcqFvh.exe
  C:\Windows\System\tTcqFvh.exe
  2⤵
  PID:4332
- C:\Windows\System\pWLeidN.exe
  C:\Windows\System\pWLeidN.exe
  2⤵
  PID:4348
- C:\Windows\System\VptYSHe.exe
  C:\Windows\System\VptYSHe.exe
  2⤵
  PID:4368
- C:\Windows\System\hKoSYOr.exe
  C:\Windows\System\hKoSYOr.exe
  2⤵
  PID:4384
- C:\Windows\System\FMdAwpi.exe
  C:\Windows\System\FMdAwpi.exe
  2⤵
  PID:4400
- C:\Windows\System\hukJYQY.exe
  C:\Windows\System\hukJYQY.exe
  2⤵
  PID:4416
- C:\Windows\System\MTYKxVG.exe
  C:\Windows\System\MTYKxVG.exe
  2⤵
  PID:4432
- C:\Windows\System\rBdKrWQ.exe
  C:\Windows\System\rBdKrWQ.exe
  2⤵
  PID:4448
- C:\Windows\System\HoFtVZj.exe
  C:\Windows\System\HoFtVZj.exe
  2⤵
  PID:4464
- C:\Windows\System\WCfIPyi.exe
  C:\Windows\System\WCfIPyi.exe
  2⤵
  PID:4480
- C:\Windows\System\alLejnb.exe
  C:\Windows\System\alLejnb.exe
  2⤵
  PID:4496
- C:\Windows\System\GCxxNau.exe
  C:\Windows\System\GCxxNau.exe
  2⤵
  PID:4512
- C:\Windows\System\Etdyyzm.exe
  C:\Windows\System\Etdyyzm.exe
  2⤵
  PID:4528
- C:\Windows\System\FnzHpZs.exe
  C:\Windows\System\FnzHpZs.exe
  2⤵
  PID:4544
- C:\Windows\System\ezOuEHl.exe
  C:\Windows\System\ezOuEHl.exe
  2⤵
  PID:4560
- C:\Windows\System\guuQAde.exe
  C:\Windows\System\guuQAde.exe
  2⤵
  PID:4576
- C:\Windows\System\ZPtgeEL.exe
  C:\Windows\System\ZPtgeEL.exe
  2⤵
  PID:4592
- C:\Windows\System\jZKQbGp.exe
  C:\Windows\System\jZKQbGp.exe
  2⤵
  PID:4608
- C:\Windows\System\EvCjVtx.exe
  C:\Windows\System\EvCjVtx.exe
  2⤵
  PID:4624
- C:\Windows\System\uDwdctb.exe
  C:\Windows\System\uDwdctb.exe
  2⤵
  PID:4640
- C:\Windows\System\OkEcKPd.exe
  C:\Windows\System\OkEcKPd.exe
  2⤵
  PID:4656
- C:\Windows\System\Bqnfxug.exe
  C:\Windows\System\Bqnfxug.exe
  2⤵
  PID:4672
- C:\Windows\System\vWBtcOb.exe
  C:\Windows\System\vWBtcOb.exe
  2⤵
  PID:4688
- C:\Windows\System\mPOKNYN.exe
  C:\Windows\System\mPOKNYN.exe
  2⤵
  PID:4704
- C:\Windows\System\XqPyKYl.exe
  C:\Windows\System\XqPyKYl.exe
  2⤵
  PID:4720
- C:\Windows\System\AzwVseI.exe
  C:\Windows\System\AzwVseI.exe
  2⤵
  PID:4736
- C:\Windows\System\CtLxnrY.exe
  C:\Windows\System\CtLxnrY.exe
  2⤵
  PID:4752
- C:\Windows\System\YcAUTty.exe
  C:\Windows\System\YcAUTty.exe
  2⤵
  PID:4768
- C:\Windows\System\LPzgnUp.exe
  C:\Windows\System\LPzgnUp.exe
  2⤵
  PID:4788
- C:\Windows\System\uLGAjAj.exe
  C:\Windows\System\uLGAjAj.exe
  2⤵
  PID:4804
- C:\Windows\System\gWOjCBw.exe
  C:\Windows\System\gWOjCBw.exe
  2⤵
  PID:4820
- C:\Windows\System\YnOkkDs.exe
  C:\Windows\System\YnOkkDs.exe
  2⤵
  PID:4836
- C:\Windows\System\rcDPZIh.exe
  C:\Windows\System\rcDPZIh.exe
  2⤵
  PID:4852
- C:\Windows\System\oLurzGs.exe
  C:\Windows\System\oLurzGs.exe
  2⤵
  PID:4868
- C:\Windows\System\IAzACce.exe
  C:\Windows\System\IAzACce.exe
  2⤵
  PID:4884
- C:\Windows\System\jGOkatb.exe
  C:\Windows\System\jGOkatb.exe
  2⤵
  PID:4908
- C:\Windows\System\ixJFppf.exe
  C:\Windows\System\ixJFppf.exe
  2⤵
  PID:4924
- C:\Windows\System\KhGIFgD.exe
  C:\Windows\System\KhGIFgD.exe
  2⤵
  PID:4940
- C:\Windows\System\AUMBHBR.exe
  C:\Windows\System\AUMBHBR.exe
  2⤵
  PID:4956
- C:\Windows\System\juMJudY.exe
  C:\Windows\System\juMJudY.exe
  2⤵
  PID:4972
- C:\Windows\System\xYQuSuE.exe
  C:\Windows\System\xYQuSuE.exe
  2⤵
  PID:4988
- C:\Windows\System\tETGJal.exe
  C:\Windows\System\tETGJal.exe
  2⤵
  PID:5004
- C:\Windows\System\xLLExOt.exe
  C:\Windows\System\xLLExOt.exe
  2⤵
  PID:5020
- C:\Windows\System\SMtswcZ.exe
  C:\Windows\System\SMtswcZ.exe
  2⤵
  PID:5036
- C:\Windows\System\locDxms.exe
  C:\Windows\System\locDxms.exe
  2⤵
  PID:5052
- C:\Windows\System\XgBkiXt.exe
  C:\Windows\System\XgBkiXt.exe
  2⤵
  PID:5068
- C:\Windows\System\lzBxhIH.exe
  C:\Windows\System\lzBxhIH.exe
  2⤵
  PID:5084
- C:\Windows\System\GsxszRG.exe
  C:\Windows\System\GsxszRG.exe
  2⤵
  PID:5100
- C:\Windows\System\mnMltxp.exe
  C:\Windows\System\mnMltxp.exe
  2⤵
  PID:5116
- C:\Windows\System\sAiIxqn.exe
  C:\Windows\System\sAiIxqn.exe
  2⤵
  PID:3464
- C:\Windows\System\eusGXdo.exe
  C:\Windows\System\eusGXdo.exe
  2⤵
  PID:3540
- C:\Windows\System\gqqOktg.exe
  C:\Windows\System\gqqOktg.exe
  2⤵
  PID:3660
- C:\Windows\System\WxbkeWD.exe
  C:\Windows\System\WxbkeWD.exe
  2⤵
  PID:3820
- C:\Windows\System\DiHLCFD.exe
  C:\Windows\System\DiHLCFD.exe
  2⤵
  PID:3968
- C:\Windows\System\YBfmCmN.exe
  C:\Windows\System\YBfmCmN.exe
  2⤵
  PID:4032
- C:\Windows\System\OmfWCQJ.exe
  C:\Windows\System\OmfWCQJ.exe
  2⤵
  PID:884
- C:\Windows\System\XdQbQSp.exe
  C:\Windows\System\XdQbQSp.exe
  2⤵
  PID:2680
- C:\Windows\System\gmwIWqc.exe
  C:\Windows\System\gmwIWqc.exe
  2⤵
  PID:4104
- C:\Windows\System\uTKacVm.exe
  C:\Windows\System\uTKacVm.exe
  2⤵
  PID:4136
- C:\Windows\System\wwKGtzE.exe
  C:\Windows\System\wwKGtzE.exe
  2⤵
  PID:4184
- C:\Windows\System\pmOuFQN.exe
  C:\Windows\System\pmOuFQN.exe
  2⤵
  PID:4196
- C:\Windows\System\iOPRhoT.exe
  C:\Windows\System\iOPRhoT.exe
  2⤵
  PID:4228
- C:\Windows\System\HSqaeAw.exe
  C:\Windows\System\HSqaeAw.exe
  2⤵
  PID:4280
- C:\Windows\System\dQDeWka.exe
  C:\Windows\System\dQDeWka.exe
  2⤵
  PID:4296
- C:\Windows\System\UfPgMvR.exe
  C:\Windows\System\UfPgMvR.exe
  2⤵
  PID:4324
- C:\Windows\System\twxPLvi.exe
  C:\Windows\System\twxPLvi.exe
  2⤵
  PID:4380
- C:\Windows\System\ICGlQSv.exe
  C:\Windows\System\ICGlQSv.exe
  2⤵
  PID:4412
- C:\Windows\System\QKTXzZx.exe
  C:\Windows\System\QKTXzZx.exe
  2⤵
  PID:4440
- C:\Windows\System\EbEldMa.exe
  C:\Windows\System\EbEldMa.exe
  2⤵
  PID:4456
- C:\Windows\System\WrNHXyT.exe
  C:\Windows\System\WrNHXyT.exe
  2⤵
  PID:4460
- C:\Windows\System\EVLsfZV.exe
  C:\Windows\System\EVLsfZV.exe
  2⤵
  PID:4540
- C:\Windows\System\liWAuLe.exe
  C:\Windows\System\liWAuLe.exe
  2⤵
  PID:4568
- C:\Windows\System\sXBDyeK.exe
  C:\Windows\System\sXBDyeK.exe
  2⤵
  PID:4584
- C:\Windows\System\HJnCELz.exe
  C:\Windows\System\HJnCELz.exe
  2⤵
  PID:4632
- C:\Windows\System\YYEMkei.exe
  C:\Windows\System\YYEMkei.exe
  2⤵
  PID:4664
- C:\Windows\System\KdzPUON.exe
  C:\Windows\System\KdzPUON.exe
  2⤵
  PID:4652
- C:\Windows\System\kTDztXq.exe
  C:\Windows\System\kTDztXq.exe
  2⤵
  PID:4700
- C:\Windows\System\NTuyaqm.exe
  C:\Windows\System\NTuyaqm.exe
  2⤵
  PID:4732
- C:\Windows\System\POBQOjx.exe
  C:\Windows\System\POBQOjx.exe
  2⤵
  PID:4764
- C:\Windows\System\JcEDOef.exe
  C:\Windows\System\JcEDOef.exe
  2⤵
  PID:4364
- C:\Windows\System\hXvGEHp.exe
  C:\Windows\System\hXvGEHp.exe
  2⤵
  PID:4776
- C:\Windows\System\WDIqyEq.exe
  C:\Windows\System\WDIqyEq.exe
  2⤵
  PID:4812
- C:\Windows\System\GrPxhJK.exe
  C:\Windows\System\GrPxhJK.exe
  2⤵
  PID:4844
- C:\Windows\System\JzVSCMK.exe
  C:\Windows\System\JzVSCMK.exe
  2⤵
  PID:4876
- C:\Windows\System\KlvVIpk.exe
  C:\Windows\System\KlvVIpk.exe
  2⤵
  PID:4920
- C:\Windows\System\DaTIjNk.exe
  C:\Windows\System\DaTIjNk.exe
  2⤵
  PID:4952
- C:\Windows\System\neBmopq.exe
  C:\Windows\System\neBmopq.exe
  2⤵
  PID:5000
- C:\Windows\System\JWOTaox.exe
  C:\Windows\System\JWOTaox.exe
  2⤵
  PID:4984
- C:\Windows\System\pRyauRB.exe
  C:\Windows\System\pRyauRB.exe
  2⤵
  PID:5016
- C:\Windows\System\oeelgsm.exe
  C:\Windows\System\oeelgsm.exe
  2⤵
  PID:5048
- C:\Windows\System\PKwHIii.exe
  C:\Windows\System\PKwHIii.exe
  2⤵
  PID:5080
- C:\Windows\System\vlUKQDB.exe
  C:\Windows\System\vlUKQDB.exe
  2⤵
  PID:3756
- C:\Windows\System\GhSmiJJ.exe
  C:\Windows\System\GhSmiJJ.exe
  2⤵
  PID:3980
- C:\Windows\System\gHRpQdn.exe
  C:\Windows\System\gHRpQdn.exe
  2⤵
  PID:3932
- C:\Windows\System\riWXdLX.exe
  C:\Windows\System\riWXdLX.exe
  2⤵
  PID:2288
- C:\Windows\System\lpexQtc.exe
  C:\Windows\System\lpexQtc.exe
  2⤵
  PID:4100
- C:\Windows\System\pRZzQBN.exe
  C:\Windows\System\pRZzQBN.exe
  2⤵
  PID:2612
- C:\Windows\System\HPIfIvK.exe
  C:\Windows\System\HPIfIvK.exe
  2⤵
  PID:4132
- C:\Windows\System\bOvstmV.exe
  C:\Windows\System\bOvstmV.exe
  2⤵
  PID:4216
- C:\Windows\System\Zqwwdtx.exe
  C:\Windows\System\Zqwwdtx.exe
  2⤵
  PID:4276
- C:\Windows\System\CPWoxQq.exe
  C:\Windows\System\CPWoxQq.exe
  2⤵
  PID:4340
- C:\Windows\System\WOuVgYq.exe
  C:\Windows\System\WOuVgYq.exe
  2⤵
  PID:4360
- C:\Windows\System\lgIgCdW.exe
  C:\Windows\System\lgIgCdW.exe
  2⤵
  PID:4504
- C:\Windows\System\YUtuClL.exe
  C:\Windows\System\YUtuClL.exe
  2⤵
  PID:4524
- C:\Windows\System\rxZNVSk.exe
  C:\Windows\System\rxZNVSk.exe
  2⤵
  PID:4556
- C:\Windows\System\UhNaxbx.exe
  C:\Windows\System\UhNaxbx.exe
  2⤵
  PID:4636
- C:\Windows\System\GMiNhif.exe
  C:\Windows\System\GMiNhif.exe
  2⤵
  PID:4728
- C:\Windows\System\CZUTokS.exe
  C:\Windows\System\CZUTokS.exe
  2⤵
  PID:1104
- C:\Windows\System\dUODsUl.exe
  C:\Windows\System\dUODsUl.exe
  2⤵
  PID:2640
- C:\Windows\System\cOCddfl.exe
  C:\Windows\System\cOCddfl.exe
  2⤵
  PID:4832
- C:\Windows\System\trXWetM.exe
  C:\Windows\System\trXWetM.exe
  2⤵
  PID:4880
- C:\Windows\System\hxmJbGt.exe
  C:\Windows\System\hxmJbGt.exe
  2⤵
  PID:2408
- C:\Windows\System\MntpDKu.exe
  C:\Windows\System\MntpDKu.exe
  2⤵
  PID:5012
- C:\Windows\System\XuBiozt.exe
  C:\Windows\System\XuBiozt.exe
  2⤵
  PID:3480
- C:\Windows\System\ngmoDjS.exe
  C:\Windows\System\ngmoDjS.exe
  2⤵
  PID:3576
- C:\Windows\System\iaeGyKj.exe
  C:\Windows\System\iaeGyKj.exe
  2⤵
  PID:3236
- C:\Windows\System\IuIbzxs.exe
  C:\Windows\System\IuIbzxs.exe
  2⤵
  PID:3316
- C:\Windows\System\jWOzAVH.exe
  C:\Windows\System\jWOzAVH.exe
  2⤵
  PID:4212
- C:\Windows\System\EoQNrVS.exe
  C:\Windows\System\EoQNrVS.exe
  2⤵
  PID:4396
- C:\Windows\System\gSnWBme.exe
  C:\Windows\System\gSnWBme.exe
  2⤵
  PID:4344
- C:\Windows\System\iCpMmuk.exe
  C:\Windows\System\iCpMmuk.exe
  2⤵
  PID:4572
- C:\Windows\System\KsUixIh.exe
  C:\Windows\System\KsUixIh.exe
  2⤵
  PID:5136
- C:\Windows\System\kvZXMIT.exe
  C:\Windows\System\kvZXMIT.exe
  2⤵
  PID:5152
- C:\Windows\System\UvPNQpM.exe
  C:\Windows\System\UvPNQpM.exe
  2⤵
  PID:5168
- C:\Windows\System\fxhwdDh.exe
  C:\Windows\System\fxhwdDh.exe
  2⤵
  PID:5184
- C:\Windows\System\clzbooK.exe
  C:\Windows\System\clzbooK.exe
  2⤵
  PID:5200
- C:\Windows\System\BntZEXo.exe
  C:\Windows\System\BntZEXo.exe
  2⤵
  PID:5216
- C:\Windows\System\XSdBkqe.exe
  C:\Windows\System\XSdBkqe.exe
  2⤵
  PID:5232
- C:\Windows\System\UJwPfCF.exe
  C:\Windows\System\UJwPfCF.exe
  2⤵
  PID:5248
- C:\Windows\System\gALzOGx.exe
  C:\Windows\System\gALzOGx.exe
  2⤵
  PID:5264
- C:\Windows\System\qWftcbH.exe
  C:\Windows\System\qWftcbH.exe
  2⤵
  PID:5280
- C:\Windows\System\IToeCjT.exe
  C:\Windows\System\IToeCjT.exe
  2⤵
  PID:5296
- C:\Windows\System\dlbCIPU.exe
  C:\Windows\System\dlbCIPU.exe
  2⤵
  PID:5312
- C:\Windows\System\xsFqeoC.exe
  C:\Windows\System\xsFqeoC.exe
  2⤵
  PID:5332
- C:\Windows\System\JTMMkso.exe
  C:\Windows\System\JTMMkso.exe
  2⤵
  PID:5348
- C:\Windows\System\dRMFmiy.exe
  C:\Windows\System\dRMFmiy.exe
  2⤵
  PID:5364
- C:\Windows\System\aSnvSNg.exe
  C:\Windows\System\aSnvSNg.exe
  2⤵
  PID:5380
- C:\Windows\System\rGjnbgq.exe
  C:\Windows\System\rGjnbgq.exe
  2⤵
  PID:5396
- C:\Windows\System\GRNeGus.exe
  C:\Windows\System\GRNeGus.exe
  2⤵
  PID:5416
- C:\Windows\System\rNjUflg.exe
  C:\Windows\System\rNjUflg.exe
  2⤵
  PID:5432
- C:\Windows\System\QAZcMkI.exe
  C:\Windows\System\QAZcMkI.exe
  2⤵
  PID:5448
- C:\Windows\System\nsEPPFc.exe
  C:\Windows\System\nsEPPFc.exe
  2⤵
  PID:5464
- C:\Windows\System\meyokOO.exe
  C:\Windows\System\meyokOO.exe
  2⤵
  PID:5480
- C:\Windows\System\xgyyUMh.exe
  C:\Windows\System\xgyyUMh.exe
  2⤵
  PID:5496
- C:\Windows\System\lPGqpWe.exe
  C:\Windows\System\lPGqpWe.exe
  2⤵
  PID:5512
- C:\Windows\System\zvPjdzp.exe
  C:\Windows\System\zvPjdzp.exe
  2⤵
  PID:5528
- C:\Windows\System\nHpeChR.exe
  C:\Windows\System\nHpeChR.exe
  2⤵
  PID:5544
- C:\Windows\System\OHVOcGd.exe
  C:\Windows\System\OHVOcGd.exe
  2⤵
  PID:5560
- C:\Windows\System\VuqxSwU.exe
  C:\Windows\System\VuqxSwU.exe
  2⤵
  PID:5576
- C:\Windows\System\yStshmw.exe
  C:\Windows\System\yStshmw.exe
  2⤵
  PID:5592
- C:\Windows\System\fbMWrqN.exe
  C:\Windows\System\fbMWrqN.exe
  2⤵
  PID:5608
- C:\Windows\System\eTXjVFT.exe
  C:\Windows\System\eTXjVFT.exe
  2⤵
  PID:5624
- C:\Windows\System\NgcQSpi.exe
  C:\Windows\System\NgcQSpi.exe
  2⤵
  PID:5640
- C:\Windows\System\UYgdJuJ.exe
  C:\Windows\System\UYgdJuJ.exe
  2⤵
  PID:5656
- C:\Windows\System\zCuRHwS.exe
  C:\Windows\System\zCuRHwS.exe
  2⤵
  PID:5672
- C:\Windows\System\PLeykVH.exe
  C:\Windows\System\PLeykVH.exe
  2⤵
  PID:5688
- C:\Windows\System\spNXTSW.exe
  C:\Windows\System\spNXTSW.exe
  2⤵
  PID:5704
- C:\Windows\System\fsOfFxL.exe
  C:\Windows\System\fsOfFxL.exe
  2⤵
  PID:5720
- C:\Windows\System\ULrBnzL.exe
  C:\Windows\System\ULrBnzL.exe
  2⤵
  PID:5736
- C:\Windows\System\VaCWJQX.exe
  C:\Windows\System\VaCWJQX.exe
  2⤵
  PID:5752
- C:\Windows\System\YyVqzdl.exe
  C:\Windows\System\YyVqzdl.exe
  2⤵
  PID:5768
- C:\Windows\System\CpiQrUD.exe
  C:\Windows\System\CpiQrUD.exe
  2⤵
  PID:5784
- C:\Windows\System\ZTIEttB.exe
  C:\Windows\System\ZTIEttB.exe
  2⤵
  PID:5800
- C:\Windows\System\skICnEf.exe
  C:\Windows\System\skICnEf.exe
  2⤵
  PID:5816
- C:\Windows\System\NAkWmsg.exe
  C:\Windows\System\NAkWmsg.exe
  2⤵
  PID:5832
- C:\Windows\System\XAJeCDt.exe
  C:\Windows\System\XAJeCDt.exe
  2⤵
  PID:5848
- C:\Windows\System\SlGltTz.exe
  C:\Windows\System\SlGltTz.exe
  2⤵
  PID:5864
- C:\Windows\System\MRqziKw.exe
  C:\Windows\System\MRqziKw.exe
  2⤵
  PID:5880
- C:\Windows\System\CvcyKUl.exe
  C:\Windows\System\CvcyKUl.exe
  2⤵
  PID:5896
- C:\Windows\System\lOHZSxv.exe
  C:\Windows\System\lOHZSxv.exe
  2⤵
  PID:5912
- C:\Windows\System\RlKtZeM.exe
  C:\Windows\System\RlKtZeM.exe
  2⤵
  PID:5928
- C:\Windows\System\bfdRAaP.exe
  C:\Windows\System\bfdRAaP.exe
  2⤵
  PID:5944
- C:\Windows\System\QWocEno.exe
  C:\Windows\System\QWocEno.exe
  2⤵
  PID:5960
- C:\Windows\System\KpEKEmV.exe
  C:\Windows\System\KpEKEmV.exe
  2⤵
  PID:5976
- C:\Windows\System\qjPtDxk.exe
  C:\Windows\System\qjPtDxk.exe
  2⤵
  PID:5992
- C:\Windows\System\LZyakkS.exe
  C:\Windows\System\LZyakkS.exe
  2⤵
  PID:6008
- C:\Windows\System\MQocQSU.exe
  C:\Windows\System\MQocQSU.exe
  2⤵
  PID:6024
- C:\Windows\System\YArjUQB.exe
  C:\Windows\System\YArjUQB.exe
  2⤵
  PID:6040
- C:\Windows\System\QBEZkOC.exe
  C:\Windows\System\QBEZkOC.exe
  2⤵
  PID:6056
- C:\Windows\System\huFRnse.exe
  C:\Windows\System\huFRnse.exe
  2⤵
  PID:6072
- C:\Windows\System\JtBxEgI.exe
  C:\Windows\System\JtBxEgI.exe
  2⤵
  PID:6088
- C:\Windows\System\drXaNjb.exe
  C:\Windows\System\drXaNjb.exe
  2⤵
  PID:6104
- C:\Windows\System\xLkVcSj.exe
  C:\Windows\System\xLkVcSj.exe
  2⤵
  PID:6120
- C:\Windows\System\toAaIJI.exe
  C:\Windows\System\toAaIJI.exe
  2⤵
  PID:6136
- C:\Windows\System\WkQqHKa.exe
  C:\Windows\System\WkQqHKa.exe
  2⤵
  PID:1740
- C:\Windows\System\XmsrEzD.exe
  C:\Windows\System\XmsrEzD.exe
  2⤵
  PID:4604
- C:\Windows\System\RCtuhPy.exe
  C:\Windows\System\RCtuhPy.exe
  2⤵
  PID:4896
- C:\Windows\System\kkdpxSB.exe
  C:\Windows\System\kkdpxSB.exe
  2⤵
  PID:4964
- C:\Windows\System\pPEJSic.exe
  C:\Windows\System\pPEJSic.exe
  2⤵
  PID:3380
- C:\Windows\System\XkhWOzI.exe
  C:\Windows\System\XkhWOzI.exe
  2⤵
  PID:5096
- C:\Windows\System\QQJqOMQ.exe
  C:\Windows\System\QQJqOMQ.exe
  2⤵
  PID:5076
- C:\Windows\System\hyLsTZs.exe
  C:\Windows\System\hyLsTZs.exe
  2⤵
  PID:2372
- C:\Windows\System\yurAUTJ.exe
  C:\Windows\System\yurAUTJ.exe
  2⤵
  PID:5128
- C:\Windows\System\CIpghlP.exe
  C:\Windows\System\CIpghlP.exe
  2⤵
  PID:4476
- C:\Windows\System\PBAlosg.exe
  C:\Windows\System\PBAlosg.exe
  2⤵
  PID:5144
- C:\Windows\System\FcDDgje.exe
  C:\Windows\System\FcDDgje.exe
  2⤵
  PID:5180
- C:\Windows\System\yZXSHPs.exe
  C:\Windows\System\yZXSHPs.exe
  2⤵
  PID:5208
- C:\Windows\System\laymIkN.exe
  C:\Windows\System\laymIkN.exe
  2⤵
  PID:5260
- C:\Windows\System\carWlef.exe
  C:\Windows\System\carWlef.exe
  2⤵
  PID:5272
- C:\Windows\System\tjJWKZB.exe
  C:\Windows\System\tjJWKZB.exe
  2⤵
  PID:4932
- C:\Windows\System\eqHJxTH.exe
  C:\Windows\System\eqHJxTH.exe
  2⤵
  PID:5356
- C:\Windows\System\OCjUnmT.exe
  C:\Windows\System\OCjUnmT.exe
  2⤵
  PID:5340
- C:\Windows\System\PQzciur.exe
  C:\Windows\System\PQzciur.exe
  2⤵
  PID:5372
- C:\Windows\System\QZeKAbT.exe
  C:\Windows\System\QZeKAbT.exe
  2⤵
  PID:5428
- C:\Windows\System\aTPMUiQ.exe
  C:\Windows\System\aTPMUiQ.exe
  2⤵
  PID:5408
- C:\Windows\System\etzWvuf.exe
  C:\Windows\System\etzWvuf.exe
  2⤵
  PID:5472
- C:\Windows\System\dyBJAXz.exe
  C:\Windows\System\dyBJAXz.exe
  2⤵
  PID:5520
- C:\Windows\System\lfIFAqd.exe
  C:\Windows\System\lfIFAqd.exe
  2⤵
  PID:5504
- C:\Windows\System\LEgvibL.exe
  C:\Windows\System\LEgvibL.exe
  2⤵
  PID:5568
- C:\Windows\System\IuKEaqW.exe
  C:\Windows\System\IuKEaqW.exe
  2⤵
  PID:5600
- C:\Windows\System\HZDfrmG.exe
  C:\Windows\System\HZDfrmG.exe
  2⤵
  PID:5604
- C:\Windows\System\oUazUKY.exe
  C:\Windows\System\oUazUKY.exe
  2⤵
  PID:5664
- C:\Windows\System\MVyCmbD.exe
  C:\Windows\System\MVyCmbD.exe
  2⤵
  PID:5696
- C:\Windows\System\ePFdFeM.exe
  C:\Windows\System\ePFdFeM.exe
  2⤵
  PID:5728
- C:\Windows\System\RkcupvV.exe
  C:\Windows\System\RkcupvV.exe
  2⤵
  PID:5780
- C:\Windows\System\rWXjNuT.exe
  C:\Windows\System\rWXjNuT.exe
  2⤵
  PID:5792
- C:\Windows\System\alonIgi.exe
  C:\Windows\System\alonIgi.exe
  2⤵
  PID:5796
- C:\Windows\System\jRasfqf.exe
  C:\Windows\System\jRasfqf.exe
  2⤵
  PID:5828
- C:\Windows\System\tALnLco.exe
  C:\Windows\System\tALnLco.exe
  2⤵
  PID:5888
- C:\Windows\System\UBqvrVv.exe
  C:\Windows\System\UBqvrVv.exe
  2⤵
  PID:5920
- C:\Windows\System\RgZUAPC.exe
  C:\Windows\System\RgZUAPC.exe
  2⤵
  PID:5924
- C:\Windows\System\PZNXEDs.exe
  C:\Windows\System\PZNXEDs.exe
  2⤵
  PID:5956
- C:\Windows\System\Sxnpouu.exe
  C:\Windows\System\Sxnpouu.exe
  2⤵
  PID:5988
- C:\Windows\System\kOqvHHg.exe
  C:\Windows\System\kOqvHHg.exe
  2⤵
  PID:6020
- C:\Windows\System\kUTFUki.exe
  C:\Windows\System\kUTFUki.exe
  2⤵
  PID:6096
- C:\Windows\System\MtwbTFW.exe
  C:\Windows\System\MtwbTFW.exe
  2⤵
  PID:6080
- C:\Windows\System\unNQiMM.exe
  C:\Windows\System\unNQiMM.exe
  2⤵
  PID:6132
- C:\Windows\System\wpalEiS.exe
  C:\Windows\System\wpalEiS.exe
  2⤵
  PID:648
- C:\Windows\System\scxBgxH.exe
  C:\Windows\System\scxBgxH.exe
  2⤵
  PID:4760
- C:\Windows\System\uaaWzgU.exe
  C:\Windows\System\uaaWzgU.exe
  2⤵
  PID:1868
- C:\Windows\System\lHqXzcp.exe
  C:\Windows\System\lHqXzcp.exe
  2⤵
  PID:2584
- C:\Windows\System\scEgLjs.exe
  C:\Windows\System\scEgLjs.exe
  2⤵
  PID:4116
- C:\Windows\System\uFdxCOu.exe
  C:\Windows\System\uFdxCOu.exe
  2⤵
  PID:5176
- C:\Windows\System\atdEBQr.exe
  C:\Windows\System\atdEBQr.exe
  2⤵
  PID:5192
- C:\Windows\System\gMFYjGj.exe
  C:\Windows\System\gMFYjGj.exe
  2⤵
  PID:1428
- C:\Windows\System\qOJLrvQ.exe
  C:\Windows\System\qOJLrvQ.exe
  2⤵
  PID:5308
- C:\Windows\System\yTmPdLy.exe
  C:\Windows\System\yTmPdLy.exe
  2⤵
  PID:5324
- C:\Windows\System\NchCJrt.exe
  C:\Windows\System\NchCJrt.exe
  2⤵
  PID:5456
- C:\Windows\System\QoVBDQN.exe
  C:\Windows\System\QoVBDQN.exe
  2⤵
  PID:5492
- C:\Windows\System\gbeajba.exe
  C:\Windows\System\gbeajba.exe
  2⤵
  PID:5588
- C:\Windows\System\MRAoUIp.exe
  C:\Windows\System\MRAoUIp.exe
  2⤵
  PID:5620
- C:\Windows\System\YAuoiur.exe
  C:\Windows\System\YAuoiur.exe
  2⤵
  PID:5648
- C:\Windows\System\zMOxHel.exe
  C:\Windows\System\zMOxHel.exe
  2⤵
  PID:5748
- C:\Windows\System\FDdAnOW.exe
  C:\Windows\System\FDdAnOW.exe
  2⤵
  PID:5844
- C:\Windows\System\NoHraTO.exe
  C:\Windows\System\NoHraTO.exe
  2⤵
  PID:5840
- C:\Windows\System\wEGhNUj.exe
  C:\Windows\System\wEGhNUj.exe
  2⤵
  PID:4200
- C:\Windows\System\DCBGDVd.exe
  C:\Windows\System\DCBGDVd.exe
  2⤵
  PID:1544
- C:\Windows\System\VBVtNIi.exe
  C:\Windows\System\VBVtNIi.exe
  2⤵
  PID:5412
- C:\Windows\System\YHASnLZ.exe
  C:\Windows\System\YHASnLZ.exe
  2⤵
  PID:4648
- C:\Windows\System\UNQUdnE.exe
  C:\Windows\System\UNQUdnE.exe
  2⤵
  PID:6128
- C:\Windows\System\GIdmnTT.exe
  C:\Windows\System\GIdmnTT.exe
  2⤵
  PID:2280
- C:\Windows\System\acrsCGf.exe
  C:\Windows\System\acrsCGf.exe
  2⤵
  PID:1820
- C:\Windows\System\ifPSomt.exe
  C:\Windows\System\ifPSomt.exe
  2⤵
  PID:5196
- C:\Windows\System\IgpePpq.exe
  C:\Windows\System\IgpePpq.exe
  2⤵
  PID:4508
- C:\Windows\System\ICQtWYf.exe
  C:\Windows\System\ICQtWYf.exe
  2⤵
  PID:5360
- C:\Windows\System\CKSOcRA.exe
  C:\Windows\System\CKSOcRA.exe
  2⤵
  PID:2716
- C:\Windows\System\dhsWdze.exe
  C:\Windows\System\dhsWdze.exe
  2⤵
  PID:5652
- C:\Windows\System\bZTzOhn.exe
  C:\Windows\System\bZTzOhn.exe
  2⤵
  PID:1276
- C:\Windows\System\MGZVSBk.exe
  C:\Windows\System\MGZVSBk.exe
  2⤵
  PID:5892
- C:\Windows\System\YeEJsiE.exe
  C:\Windows\System\YeEJsiE.exe
  2⤵
  PID:6036
- C:\Windows\System\mQaCMoz.exe
  C:\Windows\System\mQaCMoz.exe
  2⤵
  PID:6260
- C:\Windows\System\uRKglLk.exe
  C:\Windows\System\uRKglLk.exe
  2⤵
  PID:6276
- C:\Windows\System\nqUhcCP.exe
  C:\Windows\System\nqUhcCP.exe
  2⤵
  PID:6292
- C:\Windows\System\QEDCgBx.exe
  C:\Windows\System\QEDCgBx.exe
  2⤵
  PID:6308
- C:\Windows\System\TTqBzwO.exe
  C:\Windows\System\TTqBzwO.exe
  2⤵
  PID:6324
- C:\Windows\System\hQUNIpa.exe
  C:\Windows\System\hQUNIpa.exe
  2⤵
  PID:6340
- C:\Windows\System\jihpKbl.exe
  C:\Windows\System\jihpKbl.exe
  2⤵
  PID:6356
- C:\Windows\System\jOyFgLO.exe
  C:\Windows\System\jOyFgLO.exe
  2⤵
  PID:6372
- C:\Windows\System\TRyreoC.exe
  C:\Windows\System\TRyreoC.exe
  2⤵
  PID:6388
- C:\Windows\System\ZbZieLN.exe
  C:\Windows\System\ZbZieLN.exe
  2⤵
  PID:6408
- C:\Windows\System\xHqAMvX.exe
  C:\Windows\System\xHqAMvX.exe
  2⤵
  PID:6424
- C:\Windows\System\kBfzRRc.exe
  C:\Windows\System\kBfzRRc.exe
  2⤵
  PID:6984
- C:\Windows\System\uGEupCx.exe
  C:\Windows\System\uGEupCx.exe
  2⤵
  PID:5556
- C:\Windows\System\wjxhsed.exe
  C:\Windows\System\wjxhsed.exe
  2⤵
  PID:6112
- C:\Windows\System\aaRUiEy.exe
  C:\Windows\System\aaRUiEy.exe
  2⤵
  PID:4748
- C:\Windows\System\OdmVAsk.exe
  C:\Windows\System\OdmVAsk.exe
  2⤵
  PID:6156
- C:\Windows\System\duJhHDE.exe
  C:\Windows\System\duJhHDE.exe
  2⤵
  PID:6172
- C:\Windows\System\nBjjdgw.exe
  C:\Windows\System\nBjjdgw.exe
  2⤵
  PID:6188
- C:\Windows\System\wKjZySA.exe
  C:\Windows\System\wKjZySA.exe
  2⤵
  PID:6204
- C:\Windows\System\TFQqPYh.exe
  C:\Windows\System\TFQqPYh.exe
  2⤵
  PID:6220
- C:\Windows\System\cSaIaRL.exe
  C:\Windows\System\cSaIaRL.exe
  2⤵
  PID:6304
- C:\Windows\System\JAkXSKa.exe
  C:\Windows\System\JAkXSKa.exe
  2⤵
  PID:6368
- C:\Windows\System\jddAzco.exe
  C:\Windows\System\jddAzco.exe
  2⤵
  PID:6404
- C:\Windows\System\ipkaOEW.exe
  C:\Windows\System\ipkaOEW.exe
  2⤵
  PID:6236
- C:\Windows\System\yKIZTdo.exe
  C:\Windows\System\yKIZTdo.exe
  2⤵
  PID:1684
- C:\Windows\System\EzKobEE.exe
  C:\Windows\System\EzKobEE.exe
  2⤵
  PID:6252
- C:\Windows\System\YPBqMLW.exe
  C:\Windows\System\YPBqMLW.exe
  2⤵
  PID:6444
- C:\Windows\System\qdTPqzH.exe
  C:\Windows\System\qdTPqzH.exe
  2⤵
  PID:6352
- C:\Windows\System\BjzvYxm.exe
  C:\Windows\System\BjzvYxm.exe
  2⤵
  PID:6420
- C:\Windows\System\UkaLccG.exe
  C:\Windows\System\UkaLccG.exe
  2⤵
  PID:2332
- C:\Windows\System\yKaoMIV.exe
  C:\Windows\System\yKaoMIV.exe
  2⤵
  PID:6460
- C:\Windows\System\FUmOcnU.exe
  C:\Windows\System\FUmOcnU.exe
  2⤵
  PID:6476
- C:\Windows\System\tGXaDGA.exe
  C:\Windows\System\tGXaDGA.exe
  2⤵
  PID:6492
- C:\Windows\System\xFYXIQL.exe
  C:\Windows\System\xFYXIQL.exe
  2⤵
  PID:6508
- C:\Windows\System\OVozkMK.exe
  C:\Windows\System\OVozkMK.exe
  2⤵
  PID:6524
- C:\Windows\System\SmiwSxJ.exe
  C:\Windows\System\SmiwSxJ.exe
  2⤵
  PID:6540
- C:\Windows\System\TwltOBK.exe
  C:\Windows\System\TwltOBK.exe
  2⤵
  PID:6556
- C:\Windows\System\WLTfEjB.exe
  C:\Windows\System\WLTfEjB.exe
  2⤵
  PID:6572
- C:\Windows\System\JxJnCMP.exe
  C:\Windows\System\JxJnCMP.exe
  2⤵
  PID:6596
- C:\Windows\System\tRnAJah.exe
  C:\Windows\System\tRnAJah.exe
  2⤵
  PID:6612
- C:\Windows\System\HWVbHHB.exe
  C:\Windows\System\HWVbHHB.exe
  2⤵
  PID:6628
- C:\Windows\System\idwXiSO.exe
  C:\Windows\System\idwXiSO.exe
  2⤵
  PID:6644
- C:\Windows\System\nVBjWJO.exe
  C:\Windows\System\nVBjWJO.exe
  2⤵
  PID:6664
- C:\Windows\System\AcTmKGc.exe
  C:\Windows\System\AcTmKGc.exe
  2⤵
  PID:6680
- C:\Windows\System\yvDmXlL.exe
  C:\Windows\System\yvDmXlL.exe
  2⤵
  PID:6696
- C:\Windows\System\EfVMIYj.exe
  C:\Windows\System\EfVMIYj.exe
  2⤵
  PID:6712
- C:\Windows\System\qfIqiih.exe
  C:\Windows\System\qfIqiih.exe
  2⤵
  PID:6728
- C:\Windows\System\fNIuCeh.exe
  C:\Windows\System\fNIuCeh.exe
  2⤵
  PID:6744
- C:\Windows\System\oFRhJzi.exe
  C:\Windows\System\oFRhJzi.exe
  2⤵
  PID:6760
- C:\Windows\System\sCkjoon.exe
  C:\Windows\System\sCkjoon.exe
  2⤵
  PID:6776
- C:\Windows\System\DKBiaUT.exe
  C:\Windows\System\DKBiaUT.exe
  2⤵
  PID:6792
- C:\Windows\System\MxBhHYB.exe
  C:\Windows\System\MxBhHYB.exe
  2⤵
  PID:6808
- C:\Windows\System\WOPAioU.exe
  C:\Windows\System\WOPAioU.exe
  2⤵
  PID:6828
- C:\Windows\System\wMQZfjT.exe
  C:\Windows\System\wMQZfjT.exe
  2⤵
  PID:6844
- C:\Windows\System\dEUBPXX.exe
  C:\Windows\System\dEUBPXX.exe
  2⤵
  PID:6860
- C:\Windows\System\MOCkSgM.exe
  C:\Windows\System\MOCkSgM.exe
  2⤵
  PID:6876
- C:\Windows\System\FaTeUyg.exe
  C:\Windows\System\FaTeUyg.exe
  2⤵
  PID:6896
- C:\Windows\System\CoUxgpV.exe
  C:\Windows\System\CoUxgpV.exe
  2⤵
  PID:6912
- C:\Windows\System\uJJlirf.exe
  C:\Windows\System\uJJlirf.exe
  2⤵
  PID:6924
- C:\Windows\System\CTUUSaC.exe
  C:\Windows\System\CTUUSaC.exe
  2⤵
  PID:6940
- C:\Windows\System\pcEqdmT.exe
  C:\Windows\System\pcEqdmT.exe
  2⤵
  PID:6956
- C:\Windows\System\jChOfik.exe
  C:\Windows\System\jChOfik.exe
  2⤵
  PID:6972
- C:\Windows\System\Haacpzi.exe
  C:\Windows\System\Haacpzi.exe
  2⤵
  PID:1624
- C:\Windows\System\zFnBYwS.exe
  C:\Windows\System\zFnBYwS.exe
  2⤵
  PID:2380
- C:\Windows\System\NiyGVZP.exe
  C:\Windows\System\NiyGVZP.exe
  2⤵
  PID:2108
- C:\Windows\System\gUssZAD.exe
  C:\Windows\System\gUssZAD.exe
  2⤵
  PID:552
- C:\Windows\System\obzZyBH.exe
  C:\Windows\System\obzZyBH.exe
  2⤵
  PID:2888
- C:\Windows\System\CnparpA.exe
  C:\Windows\System\CnparpA.exe
  2⤵
  PID:6996
- C:\Windows\System\AMyGcrA.exe
  C:\Windows\System\AMyGcrA.exe
  2⤵
  PID:7012
- C:\Windows\System\ypcOiJb.exe
  C:\Windows\System\ypcOiJb.exe
  2⤵
  PID:7028
- C:\Windows\System\KnDqMcR.exe
  C:\Windows\System\KnDqMcR.exe
  2⤵
  PID:7044
- C:\Windows\System\nopngWd.exe
  C:\Windows\System\nopngWd.exe
  2⤵
  PID:7064
- C:\Windows\System\UOYvgmz.exe
  C:\Windows\System\UOYvgmz.exe
  2⤵
  PID:7080
- C:\Windows\System\yBNAAGf.exe
  C:\Windows\System\yBNAAGf.exe
  2⤵
  PID:7096
- C:\Windows\System\LttJiKw.exe
  C:\Windows\System\LttJiKw.exe
  2⤵
  PID:7112
- C:\Windows\System\JFBpbZd.exe
  C:\Windows\System\JFBpbZd.exe
  2⤵
  PID:7128
- C:\Windows\System\SAOnclC.exe
  C:\Windows\System\SAOnclC.exe
  2⤵
  PID:7140
- C:\Windows\System\rjwZTHi.exe
  C:\Windows\System\rjwZTHi.exe
  2⤵
  PID:7164
- C:\Windows\System\QmDwabD.exe
  C:\Windows\System\QmDwabD.exe
  2⤵
  PID:1332
- C:\Windows\System\WXTemWv.exe
  C:\Windows\System\WXTemWv.exe
  2⤵
  PID:5276
- C:\Windows\System\ebZVtAj.exe
  C:\Windows\System\ebZVtAj.exe
  2⤵
  PID:604
- C:\Windows\System\FzUIUhs.exe
  C:\Windows\System\FzUIUhs.exe
  2⤵
  PID:688
- C:\Windows\System\IgItLbc.exe
  C:\Windows\System\IgItLbc.exe
  2⤵
  PID:6268
- C:\Windows\System\CVBdxCJ.exe
  C:\Windows\System\CVBdxCJ.exe
  2⤵
  PID:4904
- C:\Windows\System\nvaqjZE.exe
  C:\Windows\System\nvaqjZE.exe
  2⤵
  PID:6272
- C:\Windows\System\jBPFyyY.exe
  C:\Windows\System\jBPFyyY.exe
  2⤵
  PID:5244
- C:\Windows\System\gJjRFZj.exe
  C:\Windows\System\gJjRFZj.exe
  2⤵
  PID:2096
- C:\Windows\System\dUgvXtx.exe
  C:\Windows\System\dUgvXtx.exe
  2⤵
  PID:6004
- C:\Windows\System\ZOfNXYg.exe
  C:\Windows\System\ZOfNXYg.exe
  2⤵
  PID:1416
- C:\Windows\System\KCugVYp.exe
  C:\Windows\System\KCugVYp.exe
  2⤵
  PID:5908
- C:\Windows\System\gygBwEG.exe
  C:\Windows\System\gygBwEG.exe
  2⤵
  PID:5940
- C:\Windows\System\gSjHeMZ.exe
  C:\Windows\System\gSjHeMZ.exe
  2⤵
  PID:6168
- C:\Windows\System\HSiCAZz.exe
  C:\Windows\System\HSiCAZz.exe
  2⤵
  PID:6228
- C:\Windows\System\EWUaDLp.exe
  C:\Windows\System\EWUaDLp.exe
  2⤵
  PID:6152
- C:\Windows\System\BrbnjgE.exe
  C:\Windows\System\BrbnjgE.exe
  2⤵
  PID:6364
- C:\Windows\System\vjoBcNX.exe
  C:\Windows\System\vjoBcNX.exe
  2⤵
  PID:6180
- C:\Windows\System\KrUwDzM.exe
  C:\Windows\System\KrUwDzM.exe
  2⤵
  PID:6288
- C:\Windows\System\SJdBvLH.exe
  C:\Windows\System\SJdBvLH.exe
  2⤵
  PID:6248
- C:\Windows\System\bHhsQaY.exe
  C:\Windows\System\bHhsQaY.exe
  2⤵
  PID:2980
- C:\Windows\System\QLEkJIZ.exe
  C:\Windows\System\QLEkJIZ.exe
  2⤵
  PID:6484
- C:\Windows\System\qMuHksz.exe
  C:\Windows\System\qMuHksz.exe
  2⤵
  PID:6548
- C:\Windows\System\VfmlVep.exe
  C:\Windows\System\VfmlVep.exe
  2⤵
  PID:6620
- C:\Windows\System\ShRybZG.exe
  C:\Windows\System\ShRybZG.exe
  2⤵
  PID:6472
- C:\Windows\System\dlCGqAr.exe
  C:\Windows\System\dlCGqAr.exe
  2⤵
  PID:6500
- C:\Windows\System\bsraysv.exe
  C:\Windows\System\bsraysv.exe
  2⤵
  PID:6604
- C:\Windows\System\PBRJxtO.exe
  C:\Windows\System\PBRJxtO.exe
  2⤵
  PID:6656
- C:\Windows\System\jrPGoRT.exe
  C:\Windows\System\jrPGoRT.exe
  2⤵
  PID:6724
- C:\Windows\System\rEnSjeD.exe
  C:\Windows\System\rEnSjeD.exe
  2⤵
  PID:6788
- C:\Windows\System\wlABhds.exe
  C:\Windows\System\wlABhds.exe
  2⤵
  PID:6852
- C:\Windows\System\nBEIbHG.exe
  C:\Windows\System\nBEIbHG.exe
  2⤵
  PID:6916
- C:\Windows\System\snuWref.exe
  C:\Windows\System\snuWref.exe
  2⤵
  PID:2116
- C:\Windows\System\hHFdIoJ.exe
  C:\Windows\System\hHFdIoJ.exe
  2⤵
  PID:1568
- C:\Windows\System\LgOyGYQ.exe
  C:\Windows\System\LgOyGYQ.exe
  2⤵
  PID:7036
- C:\Windows\System\IxTaTHA.exe
  C:\Windows\System\IxTaTHA.exe
  2⤵
  PID:6736
- C:\Windows\System\jLnfMxI.exe
  C:\Windows\System\jLnfMxI.exe
  2⤵
  PID:6676
- C:\Windows\System\XnawWxi.exe
  C:\Windows\System\XnawWxi.exe
  2⤵
  PID:6772
- C:\Windows\System\CKIfFPX.exe
  C:\Windows\System\CKIfFPX.exe
  2⤵
  PID:7076
- C:\Windows\System\iFRRZMv.exe
  C:\Windows\System\iFRRZMv.exe
  2⤵
  PID:7152
- C:\Windows\System\YnUHHEg.exe
  C:\Windows\System\YnUHHEg.exe
  2⤵
  PID:1092
- C:\Windows\System\EorJpwp.exe
  C:\Windows\System\EorJpwp.exe
  2⤵
  PID:6868
- C:\Windows\System\IYaaQvN.exe
  C:\Windows\System\IYaaQvN.exe
  2⤵
  PID:6932
- C:\Windows\System\ZVAdroL.exe
  C:\Windows\System\ZVAdroL.exe
  2⤵
  PID:2504
- C:\Windows\System\EcEPlFz.exe
  C:\Windows\System\EcEPlFz.exe
  2⤵
  PID:6992
- C:\Windows\System\NrTuVTj.exe
  C:\Windows\System\NrTuVTj.exe
  2⤵
  PID:7060
- C:\Windows\System\GbRYQfL.exe
  C:\Windows\System\GbRYQfL.exe
  2⤵
  PID:1908
- C:\Windows\System\TxnJKjc.exe
  C:\Windows\System\TxnJKjc.exe
  2⤵
  PID:5388
- C:\Windows\System\egjrIqO.exe
  C:\Windows\System\egjrIqO.exe
  2⤵
  PID:7120
- C:\Windows\System\IlxjPkh.exe
  C:\Windows\System\IlxjPkh.exe
  2⤵
  PID:1964
- C:\Windows\System\bCKlMDe.exe
  C:\Windows\System\bCKlMDe.exe
  2⤵
  PID:6200
- C:\Windows\System\zMIyYky.exe
  C:\Windows\System\zMIyYky.exe
  2⤵
  PID:2568
- C:\Windows\System\OQNEAnq.exe
  C:\Windows\System\OQNEAnq.exe
  2⤵
  PID:6516
- C:\Windows\System\HJyismV.exe
  C:\Windows\System\HJyismV.exe
  2⤵
  PID:6568
- C:\Windows\System\bWNdktf.exe
  C:\Windows\System\bWNdktf.exe
  2⤵
  PID:6952
- C:\Windows\System\bJsWlxv.exe
  C:\Windows\System\bJsWlxv.exe
  2⤵
  PID:1188
- C:\Windows\System\tHczfXb.exe
  C:\Windows\System\tHczfXb.exe
  2⤵
  PID:2960
- C:\Windows\System\MmCGbXV.exe
  C:\Windows\System\MmCGbXV.exe
  2⤵
  PID:3040
- C:\Windows\System\oZOqwiJ.exe
  C:\Windows\System\oZOqwiJ.exe
  2⤵
  PID:3560
- C:\Windows\System\MBXfRXi.exe
  C:\Windows\System\MBXfRXi.exe
  2⤵
  PID:6148
- C:\Windows\System\GsnrErV.exe
  C:\Windows\System\GsnrErV.exe
  2⤵
  PID:6640
- C:\Windows\System\eQwaqlA.exe
  C:\Windows\System\eQwaqlA.exe
  2⤵
  PID:6164
- C:\Windows\System\wLeluuQ.exe
  C:\Windows\System\wLeluuQ.exe
  2⤵
  PID:6380
- C:\Windows\System\iOzpTQi.exe
  C:\Windows\System\iOzpTQi.exe
  2⤵
  PID:6564
- C:\Windows\System\mYNsYKW.exe
  C:\Windows\System\mYNsYKW.exe
  2⤵
  PID:6784
- C:\Windows\System\bhzQkSX.exe
  C:\Windows\System\bhzQkSX.exe
  2⤵
  PID:2364
- C:\Windows\System\CiVMgBo.exe
  C:\Windows\System\CiVMgBo.exe
  2⤵
  PID:7108
- C:\Windows\System\VeWlqRF.exe
  C:\Windows\System\VeWlqRF.exe
  2⤵
  PID:7020
- C:\Windows\System\FofvWYc.exe
  C:\Windows\System\FofvWYc.exe
  2⤵
  PID:7156
- C:\Windows\System\ARGABlL.exe
  C:\Windows\System\ARGABlL.exe
  2⤵
  PID:6348
- C:\Windows\System\jZIqLLF.exe
  C:\Windows\System\jZIqLLF.exe
  2⤵
  PID:6948
- C:\Windows\System\PGxbkfo.exe
  C:\Windows\System\PGxbkfo.exe
  2⤵
  PID:7092
- C:\Windows\System\QzxlEGD.exe
  C:\Windows\System\QzxlEGD.exe
  2⤵
  PID:2216
- C:\Windows\System\NFnZfFQ.exe
  C:\Windows\System\NFnZfFQ.exe
  2⤵
  PID:6636
- C:\Windows\System\AlrVkIm.exe
  C:\Windows\System\AlrVkIm.exe
  2⤵
  PID:5776
- C:\Windows\System\RNXEmCB.exe
  C:\Windows\System\RNXEmCB.exe
  2⤵
  PID:7172
- C:\Windows\System\ZyaSSma.exe
  C:\Windows\System\ZyaSSma.exe
  2⤵
  PID:7188
- C:\Windows\System\RBoegFc.exe
  C:\Windows\System\RBoegFc.exe
  2⤵
  PID:7204
- C:\Windows\System\HObuWIw.exe
  C:\Windows\System\HObuWIw.exe
  2⤵
  PID:7220
- C:\Windows\System\vfutmyS.exe
  C:\Windows\System\vfutmyS.exe
  2⤵
  PID:7236
- C:\Windows\System\vXURopN.exe
  C:\Windows\System\vXURopN.exe
  2⤵
  PID:7252
- C:\Windows\System\mzwRLHN.exe
  C:\Windows\System\mzwRLHN.exe
  2⤵
  PID:7268
- C:\Windows\System\xzKlVVh.exe
  C:\Windows\System\xzKlVVh.exe
  2⤵
  PID:7284
- C:\Windows\System\EtAmWAe.exe
  C:\Windows\System\EtAmWAe.exe
  2⤵
  PID:7300
- C:\Windows\System\tXTDPDK.exe
  C:\Windows\System\tXTDPDK.exe
  2⤵
  PID:7316
- C:\Windows\System\ZeBAaPb.exe
  C:\Windows\System\ZeBAaPb.exe
  2⤵
  PID:7332
- C:\Windows\System\Jkibalx.exe
  C:\Windows\System\Jkibalx.exe
  2⤵
  PID:7348
- C:\Windows\System\LyEnmro.exe
  C:\Windows\System\LyEnmro.exe
  2⤵
  PID:7364
- C:\Windows\System\GIxwccz.exe
  C:\Windows\System\GIxwccz.exe
  2⤵
  PID:7404
- C:\Windows\System\nCQOiFg.exe
  C:\Windows\System\nCQOiFg.exe
  2⤵
  PID:7420
- C:\Windows\System\upGJeuK.exe
  C:\Windows\System\upGJeuK.exe
  2⤵
  PID:7436
- C:\Windows\System\ejsRYaj.exe
  C:\Windows\System\ejsRYaj.exe
  2⤵
  PID:7452
- C:\Windows\System\MKUrCrc.exe
  C:\Windows\System\MKUrCrc.exe
  2⤵
  PID:7468
- C:\Windows\System\qacpATl.exe
  C:\Windows\System\qacpATl.exe
  2⤵
  PID:7484
- C:\Windows\System\UwrizTa.exe
  C:\Windows\System\UwrizTa.exe
  2⤵
  PID:7500
- C:\Windows\System\kxokgby.exe
  C:\Windows\System\kxokgby.exe
  2⤵
  PID:7516
- C:\Windows\System\JfwFlgk.exe
  C:\Windows\System\JfwFlgk.exe
  2⤵
  PID:7532
- C:\Windows\System\ZmwiCqB.exe
  C:\Windows\System\ZmwiCqB.exe
  2⤵
  PID:7548
- C:\Windows\System\obsnUCU.exe
  C:\Windows\System\obsnUCU.exe
  2⤵
  PID:7564
- C:\Windows\System\nghvUUQ.exe
  C:\Windows\System\nghvUUQ.exe
  2⤵
  PID:7580
- C:\Windows\System\tljtxkO.exe
  C:\Windows\System\tljtxkO.exe
  2⤵
  PID:7596
- C:\Windows\System\kgPeiWN.exe
  C:\Windows\System\kgPeiWN.exe
  2⤵
  PID:7612
- C:\Windows\System\aucwiZy.exe
  C:\Windows\System\aucwiZy.exe
  2⤵
  PID:7628
- C:\Windows\System\QQpFxtD.exe
  C:\Windows\System\QQpFxtD.exe
  2⤵
  PID:7644
- C:\Windows\System\FUAuZCc.exe
  C:\Windows\System\FUAuZCc.exe
  2⤵
  PID:7660
- C:\Windows\System\RnLUHMX.exe
  C:\Windows\System\RnLUHMX.exe
  2⤵
  PID:7676
- C:\Windows\System\WAiKato.exe
  C:\Windows\System\WAiKato.exe
  2⤵
  PID:7692
- C:\Windows\System\hrvSaKG.exe
  C:\Windows\System\hrvSaKG.exe
  2⤵
  PID:7708
- C:\Windows\System\solaHhX.exe
  C:\Windows\System\solaHhX.exe
  2⤵
  PID:7724
- C:\Windows\System\vuyvcsd.exe
  C:\Windows\System\vuyvcsd.exe
  2⤵
  PID:7740
- C:\Windows\System\skVMODE.exe
  C:\Windows\System\skVMODE.exe
  2⤵
  PID:7756
- C:\Windows\System\GnZAORe.exe
  C:\Windows\System\GnZAORe.exe
  2⤵
  PID:7772
- C:\Windows\System\sZMBpWw.exe
  C:\Windows\System\sZMBpWw.exe
  2⤵
  PID:7788
- C:\Windows\System\GZEGmvE.exe
  C:\Windows\System\GZEGmvE.exe
  2⤵
  PID:7804
- C:\Windows\System\gdGgkuD.exe
  C:\Windows\System\gdGgkuD.exe
  2⤵
  PID:7820
- C:\Windows\System\ogOJqLO.exe
  C:\Windows\System\ogOJqLO.exe
  2⤵
  PID:7836
- C:\Windows\System\pxsHJbe.exe
  C:\Windows\System\pxsHJbe.exe
  2⤵
  PID:7852
- C:\Windows\System\wuViBPE.exe
  C:\Windows\System\wuViBPE.exe
  2⤵
  PID:7868
- C:\Windows\System\vNdZLVn.exe
  C:\Windows\System\vNdZLVn.exe
  2⤵
  PID:7884
- C:\Windows\System\PjtStJk.exe
  C:\Windows\System\PjtStJk.exe
  2⤵
  PID:7900
- C:\Windows\System\SdXfLxn.exe
  C:\Windows\System\SdXfLxn.exe
  2⤵
  PID:7920
- C:\Windows\System\yVpeBLQ.exe
  C:\Windows\System\yVpeBLQ.exe
  2⤵
  PID:7940
- C:\Windows\System\LPFstGy.exe
  C:\Windows\System\LPFstGy.exe
  2⤵
  PID:7980
- C:\Windows\System\AkbQmIN.exe
  C:\Windows\System\AkbQmIN.exe
  2⤵
  PID:7996
- C:\Windows\System\uTmXNfC.exe
  C:\Windows\System\uTmXNfC.exe
  2⤵
  PID:8012
- C:\Windows\System\manDCKl.exe
  C:\Windows\System\manDCKl.exe
  2⤵
  PID:8032
- C:\Windows\System\myodzlm.exe
  C:\Windows\System\myodzlm.exe
  2⤵
  PID:8048
- C:\Windows\System\jAOcEiP.exe
  C:\Windows\System\jAOcEiP.exe
  2⤵
  PID:8068
- C:\Windows\System\GMjPepU.exe
  C:\Windows\System\GMjPepU.exe
  2⤵
  PID:8084
- C:\Windows\System\lUBTxcr.exe
  C:\Windows\System\lUBTxcr.exe
  2⤵
  PID:8100
- C:\Windows\System\hLhDcDP.exe
  C:\Windows\System\hLhDcDP.exe
  2⤵
  PID:8120
- C:\Windows\System\BGTJjHp.exe
  C:\Windows\System\BGTJjHp.exe
  2⤵
  PID:8140
- C:\Windows\System\rfIOdKw.exe
  C:\Windows\System\rfIOdKw.exe
  2⤵
  PID:8156
- C:\Windows\System\hzHahRY.exe
  C:\Windows\System\hzHahRY.exe
  2⤵
  PID:8172
- C:\Windows\System\kMEwWsu.exe
  C:\Windows\System\kMEwWsu.exe
  2⤵
  PID:8188
- C:\Windows\System\nZUJGlK.exe
  C:\Windows\System\nZUJGlK.exe
  2⤵
  PID:6768
- C:\Windows\System\nIvVlsm.exe
  C:\Windows\System\nIvVlsm.exe
  2⤵
  PID:7216
- C:\Windows\System\veHBvIY.exe
  C:\Windows\System\veHBvIY.exe
  2⤵
  PID:7280
- C:\Windows\System\pDzEqkO.exe
  C:\Windows\System\pDzEqkO.exe
  2⤵
  PID:7372
- C:\Windows\System\qJznyHG.exe
  C:\Windows\System\qJznyHG.exe
  2⤵
  PID:2308
- C:\Windows\System\TiykEIr.exe
  C:\Windows\System\TiykEIr.exe
  2⤵
  PID:7052
- C:\Windows\System\QDphOLq.exe
  C:\Windows\System\QDphOLq.exe
  2⤵
  PID:1648
- C:\Windows\System\UnppMld.exe
  C:\Windows\System\UnppMld.exe
  2⤵
  PID:5700
- C:\Windows\System\BSoXCKt.exe
  C:\Windows\System\BSoXCKt.exe
  2⤵
  PID:6888
- C:\Windows\System\IBKkZTU.exe
  C:\Windows\System\IBKkZTU.exe
  2⤵
  PID:7324
- C:\Windows\System\jPPzgDc.exe
  C:\Windows\System\jPPzgDc.exe
  2⤵
  PID:1632
- C:\Windows\System\AFohXoV.exe
  C:\Windows\System\AFohXoV.exe
  2⤵
  PID:6820
- C:\Windows\System\PGuXAge.exe
  C:\Windows\System\PGuXAge.exe
  2⤵
  PID:7072
- C:\Windows\System\RfcIBiE.exe
  C:\Windows\System\RfcIBiE.exe
  2⤵
  PID:7376
- C:\Windows\System\NwMLszL.exe
  C:\Windows\System\NwMLszL.exe
  2⤵
  PID:7464
- C:\Windows\System\RNwsTNS.exe
  C:\Windows\System\RNwsTNS.exe
  2⤵
  PID:7528
- C:\Windows\System\dQbxlYZ.exe
  C:\Windows\System\dQbxlYZ.exe
  2⤵
  PID:7592
- C:\Windows\System\tilGPrr.exe
  C:\Windows\System\tilGPrr.exe
  2⤵
  PID:7656
- C:\Windows\System\iTAjKoe.exe
  C:\Windows\System\iTAjKoe.exe
  2⤵
  PID:7444
- C:\Windows\System\ZEIvYoU.exe
  C:\Windows\System\ZEIvYoU.exe
  2⤵
  PID:7604
- C:\Windows\System\KNRjupw.exe
  C:\Windows\System\KNRjupw.exe
  2⤵
  PID:7716
- C:\Windows\System\WFayWIZ.exe
  C:\Windows\System\WFayWIZ.exe
  2⤵
  PID:7480
- C:\Windows\System\bXtAHQF.exe
  C:\Windows\System\bXtAHQF.exe
  2⤵
  PID:7816
- C:\Windows\System\dkRtXYU.exe
  C:\Windows\System\dkRtXYU.exe
  2⤵
  PID:7572
- C:\Windows\System\BPvvaDl.exe
  C:\Windows\System\BPvvaDl.exe
  2⤵
  PID:7668
- C:\Windows\System\pxTxfSX.exe
  C:\Windows\System\pxTxfSX.exe
  2⤵
  PID:7796
- C:\Windows\System\ZZdkmmp.exe
  C:\Windows\System\ZZdkmmp.exe
  2⤵
  PID:7800
- C:\Windows\System\pzWUjYW.exe
  C:\Windows\System\pzWUjYW.exe
  2⤵
  PID:7876
- C:\Windows\System\CkBRBrl.exe
  C:\Windows\System\CkBRBrl.exe
  2⤵
  PID:7916
- C:\Windows\System\QDZFxCU.exe
  C:\Windows\System\QDZFxCU.exe
  2⤵
  PID:7896
- C:\Windows\System\xbAUzcL.exe
  C:\Windows\System\xbAUzcL.exe
  2⤵
  PID:7976
- C:\Windows\System\MDdfXll.exe
  C:\Windows\System\MDdfXll.exe
  2⤵
  PID:8076
- C:\Windows\System\NTykbLc.exe
  C:\Windows\System\NTykbLc.exe
  2⤵
  PID:8112
- C:\Windows\System\KMRgQUV.exe
  C:\Windows\System\KMRgQUV.exe
  2⤵
  PID:7184
- C:\Windows\System\HuQpsik.exe
  C:\Windows\System\HuQpsik.exe
  2⤵
  PID:7344
- C:\Windows\System\oTltNAJ.exe
  C:\Windows\System\oTltNAJ.exe
  2⤵
  PID:6964
- C:\Windows\System\ipgGIiR.exe
  C:\Windows\System\ipgGIiR.exe
  2⤵
  PID:7248
- C:\Windows\System\skQsxEg.exe
  C:\Windows\System\skQsxEg.exe
  2⤵
  PID:7988
- C:\Windows\System\QoZEWrG.exe
  C:\Windows\System\QoZEWrG.exe
  2⤵
  PID:8028
- C:\Windows\System\HdrRotJ.exe
  C:\Windows\System\HdrRotJ.exe
  2⤵
  PID:8092
- C:\Windows\System\jPgqPDH.exe
  C:\Windows\System\jPgqPDH.exe
  2⤵
  PID:7264
- C:\Windows\System\xVeMMms.exe
  C:\Windows\System\xVeMMms.exe
  2⤵
  PID:6740
- C:\Windows\System\JxuuPcn.exe
  C:\Windows\System\JxuuPcn.exe
  2⤵
  PID:2292
- C:\Windows\System\VLqelJR.exe
  C:\Windows\System\VLqelJR.exe
  2⤵
  PID:6824
- C:\Windows\System\pxveIsp.exe
  C:\Windows\System\pxveIsp.exe
  2⤵
  PID:6232
- C:\Windows\System\RzmBxeC.exe
  C:\Windows\System\RzmBxeC.exe
  2⤵
  PID:7624
- C:\Windows\System\HVbVTBp.exe
  C:\Windows\System\HVbVTBp.exe
  2⤵
  PID:7460
- C:\Windows\System\sQMvCIa.exe
  C:\Windows\System\sQMvCIa.exe
  2⤵
  PID:7588
- C:\Windows\System\pkmtDiQ.exe
  C:\Windows\System\pkmtDiQ.exe
  2⤵
  PID:7748
- C:\Windows\System\nWxnsdZ.exe
  C:\Windows\System\nWxnsdZ.exe
  2⤵
  PID:7732
- C:\Windows\System\SsWMqNs.exe
  C:\Windows\System\SsWMqNs.exe
  2⤵
  PID:7860
- C:\Windows\System\pwwSbip.exe
  C:\Windows\System\pwwSbip.exe
  2⤵
  PID:8044
- C:\Windows\System\MVerNnQ.exe
  C:\Windows\System\MVerNnQ.exe
  2⤵
  PID:7008
- C:\Windows\System\DysABRg.exe
  C:\Windows\System\DysABRg.exe
  2⤵
  PID:7688
- C:\Windows\System\dmqUHoE.exe
  C:\Windows\System\dmqUHoE.exe
  2⤵
  PID:8064
- C:\Windows\System\FGxGbbM.exe
  C:\Windows\System\FGxGbbM.exe
  2⤵
  PID:7196
- C:\Windows\System\ggOvWlX.exe
  C:\Windows\System\ggOvWlX.exe
  2⤵
  PID:7640
- C:\Windows\System\WgmedZk.exe
  C:\Windows\System\WgmedZk.exe
  2⤵
  PID:6840
- C:\Windows\System\YcdMVFL.exe
  C:\Windows\System\YcdMVFL.exe
  2⤵
  PID:7912
- C:\Windows\System\HLlludJ.exe
  C:\Windows\System\HLlludJ.exe
  2⤵
  PID:8116
- C:\Windows\System\bySGPYy.exe
  C:\Windows\System\bySGPYy.exe
  2⤵
  PID:7232
- C:\Windows\System\KELbqYQ.exe
  C:\Windows\System\KELbqYQ.exe
  2⤵
  PID:8128
- C:\Windows\System\xoYgXlH.exe
  C:\Windows\System\xoYgXlH.exe
  2⤵
  PID:7844
- C:\Windows\System\KXiIkYA.exe
  C:\Windows\System\KXiIkYA.exe
  2⤵
  PID:6836
- C:\Windows\System\havWyYT.exe
  C:\Windows\System\havWyYT.exe
  2⤵
  PID:7260
- C:\Windows\System\CbtFWXC.exe
  C:\Windows\System\CbtFWXC.exe
  2⤵
  PID:7812
- C:\Windows\System\ajireNE.exe
  C:\Windows\System\ajireNE.exe
  2⤵
  PID:8108
- C:\Windows\System\GnevNIN.exe
  C:\Windows\System\GnevNIN.exe
  2⤵
  PID:8024
- C:\Windows\System\wWVXuPD.exe
  C:\Windows\System\wWVXuPD.exe
  2⤵
  PID:7448
- C:\Windows\System\vDBcNAb.exe
  C:\Windows\System\vDBcNAb.exe
  2⤵
  PID:7908
- C:\Windows\System\boWMeOt.exe
  C:\Windows\System\boWMeOt.exe
  2⤵
  PID:1760
- C:\Windows\System\xcictVG.exe
  C:\Windows\System\xcictVG.exe
  2⤵
  PID:8060
- C:\Windows\System\zvHlYnv.exe
  C:\Windows\System\zvHlYnv.exe
  2⤵
  PID:6588
- C:\Windows\System\NevNMSF.exe
  C:\Windows\System\NevNMSF.exe
  2⤵
  PID:8040
- C:\Windows\System\wckPReX.exe
  C:\Windows\System\wckPReX.exe
  2⤵
  PID:8020
- C:\Windows\System\SGKyjsT.exe
  C:\Windows\System\SGKyjsT.exe
  2⤵
  PID:7432
- C:\Windows\System\nnZXdXt.exe
  C:\Windows\System\nnZXdXt.exe
  2⤵
  PID:8008
- C:\Windows\System\BjCintS.exe
  C:\Windows\System\BjCintS.exe
  2⤵
  PID:8196
- C:\Windows\System\MQuKrrZ.exe
  C:\Windows\System\MQuKrrZ.exe
  2⤵
  PID:8212
- C:\Windows\System\rTDrzLX.exe
  C:\Windows\System\rTDrzLX.exe
  2⤵
  PID:8228
- C:\Windows\System\pwOOlNH.exe
  C:\Windows\System\pwOOlNH.exe
  2⤵
  PID:8244
- C:\Windows\System\TOxcizM.exe
  C:\Windows\System\TOxcizM.exe
  2⤵
  PID:8260
- C:\Windows\System\GlCqsiP.exe
  C:\Windows\System\GlCqsiP.exe
  2⤵
  PID:8276
- C:\Windows\System\mavFajw.exe
  C:\Windows\System\mavFajw.exe
  2⤵
  PID:8292
- C:\Windows\System\HYArvfd.exe
  C:\Windows\System\HYArvfd.exe
  2⤵
  PID:8308
- C:\Windows\System\SlPqiEa.exe
  C:\Windows\System\SlPqiEa.exe
  2⤵
  PID:8324
- C:\Windows\System\UeCDric.exe
  C:\Windows\System\UeCDric.exe
  2⤵
  PID:8340
- C:\Windows\System\bpYdvXi.exe
  C:\Windows\System\bpYdvXi.exe
  2⤵
  PID:8356
- C:\Windows\System\BRPahMq.exe
  C:\Windows\System\BRPahMq.exe
  2⤵
  PID:8372
- C:\Windows\System\FJdTTcj.exe
  C:\Windows\System\FJdTTcj.exe
  2⤵
  PID:8388
- C:\Windows\System\fBkgCwR.exe
  C:\Windows\System\fBkgCwR.exe
  2⤵
  PID:8408
- C:\Windows\System\QHUsWmf.exe
  C:\Windows\System\QHUsWmf.exe
  2⤵
  PID:8424
- C:\Windows\System\ysuddyl.exe
  C:\Windows\System\ysuddyl.exe
  2⤵
  PID:8440
- C:\Windows\System\zWdfkPe.exe
  C:\Windows\System\zWdfkPe.exe
  2⤵
  PID:8456
- C:\Windows\System\dlGOxfn.exe
  C:\Windows\System\dlGOxfn.exe
  2⤵
  PID:8472
- C:\Windows\System\fRkHvAB.exe
  C:\Windows\System\fRkHvAB.exe
  2⤵
  PID:8488
- C:\Windows\System\GUDrRWX.exe
  C:\Windows\System\GUDrRWX.exe
  2⤵
  PID:8504
- C:\Windows\System\qDNhUDp.exe
  C:\Windows\System\qDNhUDp.exe
  2⤵
  PID:8520
- C:\Windows\System\KakDcie.exe
  C:\Windows\System\KakDcie.exe
  2⤵
  PID:8536
- C:\Windows\System\gkZMYrZ.exe
  C:\Windows\System\gkZMYrZ.exe
  2⤵
  PID:8552
- C:\Windows\System\YQPXFJI.exe
  C:\Windows\System\YQPXFJI.exe
  2⤵
  PID:8568
- C:\Windows\System\ahJKFZY.exe
  C:\Windows\System\ahJKFZY.exe
  2⤵
  PID:8588
- C:\Windows\System\VUQAcys.exe
  C:\Windows\System\VUQAcys.exe
  2⤵
  PID:8604
- C:\Windows\System\ziDTMOG.exe
  C:\Windows\System\ziDTMOG.exe
  2⤵
  PID:8620
- C:\Windows\System\MGagFSF.exe
  C:\Windows\System\MGagFSF.exe
  2⤵
  PID:8636
- C:\Windows\System\NTrBrTS.exe
  C:\Windows\System\NTrBrTS.exe
  2⤵
  PID:8652
- C:\Windows\System\JzZpLZi.exe
  C:\Windows\System\JzZpLZi.exe
  2⤵
  PID:8668
- C:\Windows\System\gHKIHVS.exe
  C:\Windows\System\gHKIHVS.exe
  2⤵
  PID:8684
- C:\Windows\System\wTpMcsJ.exe
  C:\Windows\System\wTpMcsJ.exe
  2⤵
  PID:8700
- C:\Windows\System\iKaQonL.exe
  C:\Windows\System\iKaQonL.exe
  2⤵
  PID:8716
- C:\Windows\System\iCRbHIY.exe
  C:\Windows\System\iCRbHIY.exe
  2⤵
  PID:8732
- C:\Windows\System\CcJvnWN.exe
  C:\Windows\System\CcJvnWN.exe
  2⤵
  PID:8748
- C:\Windows\System\HQuYBQO.exe
  C:\Windows\System\HQuYBQO.exe
  2⤵
  PID:8764
- C:\Windows\System\aZHeSVG.exe
  C:\Windows\System\aZHeSVG.exe
  2⤵
  PID:8780
- C:\Windows\System\uElEWzM.exe
  C:\Windows\System\uElEWzM.exe
  2⤵
  PID:8796
- C:\Windows\System\KHXEWrO.exe
  C:\Windows\System\KHXEWrO.exe
  2⤵
  PID:8812
- C:\Windows\System\yCijssH.exe
  C:\Windows\System\yCijssH.exe
  2⤵
  PID:8828
- C:\Windows\System\hqYkESd.exe
  C:\Windows\System\hqYkESd.exe
  2⤵
  PID:8844
- C:\Windows\System\DxVAiuR.exe
  C:\Windows\System\DxVAiuR.exe
  2⤵
  PID:8860
- C:\Windows\System\CTTGaMa.exe
  C:\Windows\System\CTTGaMa.exe
  2⤵
  PID:8876
- C:\Windows\System\bauGesp.exe
  C:\Windows\System\bauGesp.exe
  2⤵
  PID:8892
- C:\Windows\System\hOhVGqG.exe
  C:\Windows\System\hOhVGqG.exe
  2⤵
  PID:8908
- C:\Windows\System\ZhofBBr.exe
  C:\Windows\System\ZhofBBr.exe
  2⤵
  PID:8924
- C:\Windows\System\oStLoUA.exe
  C:\Windows\System\oStLoUA.exe
  2⤵
  PID:8940
- C:\Windows\System\uzbBGgj.exe
  C:\Windows\System\uzbBGgj.exe
  2⤵
  PID:8956
- C:\Windows\System\TtsJDIM.exe
  C:\Windows\System\TtsJDIM.exe
  2⤵
  PID:8972
- C:\Windows\System\InZiOiX.exe
  C:\Windows\System\InZiOiX.exe
  2⤵
  PID:8988
- C:\Windows\System\OPnJmyt.exe
  C:\Windows\System\OPnJmyt.exe
  2⤵
  PID:9004
- C:\Windows\System\XHyXfXh.exe
  C:\Windows\System\XHyXfXh.exe
  2⤵
  PID:9020
- C:\Windows\System\LNIUEal.exe
  C:\Windows\System\LNIUEal.exe
  2⤵
  PID:9036
- C:\Windows\System\tCKOAVo.exe
  C:\Windows\System\tCKOAVo.exe
  2⤵
  PID:9052
- C:\Windows\System\iGaiGOR.exe
  C:\Windows\System\iGaiGOR.exe
  2⤵
  PID:9068
- C:\Windows\System\uDBlAhE.exe
  C:\Windows\System\uDBlAhE.exe
  2⤵
  PID:9084
- C:\Windows\System\HMliJTP.exe
  C:\Windows\System\HMliJTP.exe
  2⤵
  PID:9100
- C:\Windows\System\JcDGPhv.exe
  C:\Windows\System\JcDGPhv.exe
  2⤵
  PID:9116
- C:\Windows\System\oWBeRHH.exe
  C:\Windows\System\oWBeRHH.exe
  2⤵
  PID:9132
- C:\Windows\System\TApLTke.exe
  C:\Windows\System\TApLTke.exe
  2⤵
  PID:9148
- C:\Windows\System\JOVLEFY.exe
  C:\Windows\System\JOVLEFY.exe
  2⤵
  PID:9164
- C:\Windows\System\fpCodIa.exe
  C:\Windows\System\fpCodIa.exe
  2⤵
  PID:9180
- C:\Windows\System\bhwCYov.exe
  C:\Windows\System\bhwCYov.exe
  2⤵
  PID:9196
- C:\Windows\System\kligJMV.exe
  C:\Windows\System\kligJMV.exe
  2⤵
  PID:9212
- C:\Windows\System\vdDyXFo.exe
  C:\Windows\System\vdDyXFo.exe
  2⤵
  PID:8224
- C:\Windows\System\SDUMrcy.exe
  C:\Windows\System\SDUMrcy.exe
  2⤵
  PID:8284
- C:\Windows\System\SNWDCAV.exe
  C:\Windows\System\SNWDCAV.exe
  2⤵
  PID:6536
- C:\Windows\System\VHsjyIg.exe
  C:\Windows\System\VHsjyIg.exe
  2⤵
  PID:8348
- C:\Windows\System\YcyRPrf.exe
  C:\Windows\System\YcyRPrf.exe
  2⤵
  PID:8300
- C:\Windows\System\LnnbOjB.exe
  C:\Windows\System\LnnbOjB.exe
  2⤵
  PID:8416
- C:\Windows\System\nrqvCvy.exe
  C:\Windows\System\nrqvCvy.exe
  2⤵
  PID:8272
- C:\Windows\System\JnScIAq.exe
  C:\Windows\System\JnScIAq.exe
  2⤵
  PID:8336
- C:\Windows\System\vSeMsmM.exe
  C:\Windows\System\vSeMsmM.exe
  2⤵
  PID:8404
- C:\Windows\System\URLpkAQ.exe
  C:\Windows\System\URLpkAQ.exe
  2⤵
  PID:8484
- C:\Windows\System\KWmnuNd.exe
  C:\Windows\System\KWmnuNd.exe
  2⤵
  PID:8544
- C:\Windows\System\VFqEtRh.exe
  C:\Windows\System\VFqEtRh.exe
  2⤵
  PID:8496
- C:\Windows\System\zlECMre.exe
  C:\Windows\System\zlECMre.exe
  2⤵
  PID:8616
- C:\Windows\System\mmxBdFN.exe
  C:\Windows\System\mmxBdFN.exe
  2⤵
  PID:8680
- C:\Windows\System\DFOAUWF.exe
  C:\Windows\System\DFOAUWF.exe
  2⤵
  PID:8740
- C:\Windows\System\fmeuneG.exe
  C:\Windows\System\fmeuneG.exe
  2⤵
  PID:8600
- C:\Windows\System\xBEiPjZ.exe
  C:\Windows\System\xBEiPjZ.exe
  2⤵
  PID:8840
- C:\Windows\System\IqnPlGx.exe
  C:\Windows\System\IqnPlGx.exe
  2⤵
  PID:8868
- C:\Windows\System\TfqFiyY.exe
  C:\Windows\System\TfqFiyY.exe
  2⤵
  PID:8596
- C:\Windows\System\dTEOkhQ.exe
  C:\Windows\System\dTEOkhQ.exe
  2⤵
  PID:8936
- C:\Windows\System\NphCJjj.exe
  C:\Windows\System\NphCJjj.exe
  2⤵
  PID:8724
- C:\Windows\System\buafUaI.exe
  C:\Windows\System\buafUaI.exe
  2⤵
  PID:9000
- C:\Windows\System\TJlWdqC.exe
  C:\Windows\System\TJlWdqC.exe
  2⤵
  PID:8820
- C:\Windows\System\zropZan.exe
  C:\Windows\System\zropZan.exe
  2⤵
  PID:9096
- C:\Windows\System\VHYndJl.exe
  C:\Windows\System\VHYndJl.exe
  2⤵
  PID:9160
- C:\Windows\System\InHEDRB.exe
  C:\Windows\System\InHEDRB.exe
  2⤵
  PID:8220
- C:\Windows\System\VgZUkqQ.exe
  C:\Windows\System\VgZUkqQ.exe
  2⤵
  PID:8664
- C:\Windows\System\QgtREaV.exe
  C:\Windows\System\QgtREaV.exe
  2⤵
  PID:8728
- C:\Windows\System\UcBbDEX.exe
  C:\Windows\System\UcBbDEX.exe
  2⤵
  PID:8400
- C:\Windows\System\OsPVnzN.exe
  C:\Windows\System\OsPVnzN.exe
  2⤵
  PID:8512
- C:\Windows\System\ryCKvFd.exe
  C:\Windows\System\ryCKvFd.exe
  2⤵
  PID:8560
- C:\Windows\System\HVdwMvd.exe
  C:\Windows\System\HVdwMvd.exe
  2⤵
  PID:8756
- C:\Windows\System\ciQJCHH.exe
  C:\Windows\System\ciQJCHH.exe
  2⤵
  PID:9032
- C:\Windows\System\LzXmsHm.exe
  C:\Windows\System\LzXmsHm.exe
  2⤵
  PID:9156
- C:\Windows\System\CZEokap.exe
  C:\Windows\System\CZEokap.exe
  2⤵
  PID:8396
- C:\Windows\System\ZmPbJnm.exe
  C:\Windows\System\ZmPbJnm.exe
  2⤵
  PID:8612
- C:\Windows\System\JTCBxiA.exe
  C:\Windows\System\JTCBxiA.exe
  2⤵
  PID:9232
- C:\Windows\System\kVLqxrI.exe
  C:\Windows\System\kVLqxrI.exe
  2⤵
  PID:9248
- C:\Windows\System\KNKNuFN.exe
  C:\Windows\System\KNKNuFN.exe
  2⤵
  PID:9268
- C:\Windows\System\MgwVKkm.exe
  C:\Windows\System\MgwVKkm.exe
  2⤵
  PID:9284
- C:\Windows\System\oHCYXCv.exe
  C:\Windows\System\oHCYXCv.exe
  2⤵
  PID:9300
- C:\Windows\System\lqcoRAA.exe
  C:\Windows\System\lqcoRAA.exe
  2⤵
  PID:9316
- C:\Windows\System\cAIGJot.exe
  C:\Windows\System\cAIGJot.exe
  2⤵
  PID:9332
- C:\Windows\System\WXRQCIZ.exe
  C:\Windows\System\WXRQCIZ.exe
  2⤵
  PID:9348
- C:\Windows\System\XeTLzAK.exe
  C:\Windows\System\XeTLzAK.exe
  2⤵
  PID:9364
- C:\Windows\System\mWcjDAb.exe
  C:\Windows\System\mWcjDAb.exe
  2⤵
  PID:9380
- C:\Windows\System\JURlIYW.exe
  C:\Windows\System\JURlIYW.exe
  2⤵
  PID:9396
- C:\Windows\System\eEqJVik.exe
  C:\Windows\System\eEqJVik.exe
  2⤵
  PID:9412
- C:\Windows\System\gfMKfzw.exe
  C:\Windows\System\gfMKfzw.exe
  2⤵
  PID:9428
- C:\Windows\System\PFPvmYi.exe
  C:\Windows\System\PFPvmYi.exe
  2⤵
  PID:9444
- C:\Windows\System\qQdnCLf.exe
  C:\Windows\System\qQdnCLf.exe
  2⤵
  PID:9460
- C:\Windows\System\sdZQhSt.exe
  C:\Windows\System\sdZQhSt.exe
  2⤵
  PID:9476
- C:\Windows\System\ImSPwym.exe
  C:\Windows\System\ImSPwym.exe
  2⤵
  PID:9492
- C:\Windows\System\mMRPdYv.exe
  C:\Windows\System\mMRPdYv.exe
  2⤵
  PID:9508
- C:\Windows\System\RcOkzcM.exe
  C:\Windows\System\RcOkzcM.exe
  2⤵
  PID:9524
- C:\Windows\System\iNDEmWp.exe
  C:\Windows\System\iNDEmWp.exe
  2⤵
  PID:9540
- C:\Windows\System\YuTJgYU.exe
  C:\Windows\System\YuTJgYU.exe
  2⤵
  PID:9556
- C:\Windows\System\CyksVhD.exe
  C:\Windows\System\CyksVhD.exe
  2⤵
  PID:9572
- C:\Windows\System\wEWZoEk.exe
  C:\Windows\System\wEWZoEk.exe
  2⤵
  PID:9588
- C:\Windows\System\byIEiOD.exe
  C:\Windows\System\byIEiOD.exe
  2⤵
  PID:9604
- C:\Windows\System\XwPslQK.exe
  C:\Windows\System\XwPslQK.exe
  2⤵
  PID:9620
- C:\Windows\System\OQDTcUC.exe
  C:\Windows\System\OQDTcUC.exe
  2⤵
  PID:9636
- C:\Windows\System\TTDJpxl.exe
  C:\Windows\System\TTDJpxl.exe
  2⤵
  PID:9652
- C:\Windows\System\KcKvcEB.exe
  C:\Windows\System\KcKvcEB.exe
  2⤵
  PID:9668
- C:\Windows\System\uyGYPpL.exe
  C:\Windows\System\uyGYPpL.exe
  2⤵
  PID:9684
- C:\Windows\System\vdrrQaM.exe
  C:\Windows\System\vdrrQaM.exe
  2⤵
  PID:9700
- C:\Windows\System\WoStpQG.exe
  C:\Windows\System\WoStpQG.exe
  2⤵
  PID:9716
- C:\Windows\System\jgfHFWT.exe
  C:\Windows\System\jgfHFWT.exe
  2⤵
  PID:9732
- C:\Windows\System\laqCJsh.exe
  C:\Windows\System\laqCJsh.exe
  2⤵
  PID:9748
- C:\Windows\System\RytJXCv.exe
  C:\Windows\System\RytJXCv.exe
  2⤵
  PID:9764
- C:\Windows\System\jmZgbTi.exe
  C:\Windows\System\jmZgbTi.exe
  2⤵
  PID:9780
- C:\Windows\System\EbCyLsH.exe
  C:\Windows\System\EbCyLsH.exe
  2⤵
  PID:9800
- C:\Windows\System\grvECvu.exe
  C:\Windows\System\grvECvu.exe
  2⤵
  PID:9816
- C:\Windows\System\nVULKLe.exe
  C:\Windows\System\nVULKLe.exe
  2⤵
  PID:9832
- C:\Windows\System\bHhrDOv.exe
  C:\Windows\System\bHhrDOv.exe
  2⤵
  PID:9848
- C:\Windows\System\LDCamcW.exe
  C:\Windows\System\LDCamcW.exe
  2⤵
  PID:9864
- C:\Windows\System\hLvwbrf.exe
  C:\Windows\System\hLvwbrf.exe
  2⤵
  PID:9880
- C:\Windows\System\qAdhLlp.exe
  C:\Windows\System\qAdhLlp.exe
  2⤵
  PID:9896
- C:\Windows\System\xeBnqWq.exe
  C:\Windows\System\xeBnqWq.exe
  2⤵
  PID:9912
- C:\Windows\System\aTNhtST.exe
  C:\Windows\System\aTNhtST.exe
  2⤵
  PID:9932
- C:\Windows\System\DBQnwJf.exe
  C:\Windows\System\DBQnwJf.exe
  2⤵
  PID:9948
- C:\Windows\System\yhxYtSA.exe
  C:\Windows\System\yhxYtSA.exe
  2⤵
  PID:10048
- C:\Windows\System\gqKgIKw.exe
  C:\Windows\System\gqKgIKw.exe
  2⤵
  PID:10072
- C:\Windows\System\PJtclJA.exe
  C:\Windows\System\PJtclJA.exe
  2⤵
  PID:10092
- C:\Windows\System\TsSHbjv.exe
  C:\Windows\System\TsSHbjv.exe
  2⤵
  PID:10108
- C:\Windows\System\gYytiTO.exe
  C:\Windows\System\gYytiTO.exe
  2⤵
  PID:10124
- C:\Windows\System\SblxXWm.exe
  C:\Windows\System\SblxXWm.exe
  2⤵
  PID:10140
- C:\Windows\System\wLPpMvK.exe
  C:\Windows\System\wLPpMvK.exe
  2⤵
  PID:10156
- C:\Windows\System\tRyFDMF.exe
  C:\Windows\System\tRyFDMF.exe
  2⤵
  PID:10180
- C:\Windows\System\bMakbxc.exe
  C:\Windows\System\bMakbxc.exe
  2⤵
  PID:10196
- C:\Windows\System\LnVeHZt.exe
  C:\Windows\System\LnVeHZt.exe
  2⤵
  PID:10212
- C:\Windows\System\jIsydag.exe
  C:\Windows\System\jIsydag.exe
  2⤵
  PID:10228
- C:\Windows\System\aQDcZuu.exe
  C:\Windows\System\aQDcZuu.exe
  2⤵
  PID:8692
- C:\Windows\System\ALXyGJc.exe
  C:\Windows\System\ALXyGJc.exe
  2⤵
  PID:9228
- C:\Windows\System\oXqjTrf.exe
  C:\Windows\System\oXqjTrf.exe
  2⤵
  PID:9012
- C:\Windows\System\Uwodvwh.exe
  C:\Windows\System\Uwodvwh.exe
  2⤵
  PID:9044
- C:\Windows\System\MqEDzWf.exe
  C:\Windows\System\MqEDzWf.exe
  2⤵
  PID:9112
- C:\Windows\System\UGmjVrt.exe
  C:\Windows\System\UGmjVrt.exe
  2⤵
  PID:9172
- C:\Windows\System\SiubYRY.exe
  C:\Windows\System\SiubYRY.exe
  2⤵
  PID:8772
- C:\Windows\System\hnJRuOI.exe
  C:\Windows\System\hnJRuOI.exe
  2⤵
  PID:8256
- C:\Windows\System\rsQgNXB.exe
  C:\Windows\System\rsQgNXB.exe
  2⤵
  PID:8240
- C:\Windows\System\HyKJfxE.exe
  C:\Windows\System\HyKJfxE.exe
  2⤵
  PID:8436
- C:\Windows\System\BZleQQu.exe
  C:\Windows\System\BZleQQu.exe
  2⤵
  PID:9260
- C:\Windows\System\kCpUzvB.exe
  C:\Windows\System\kCpUzvB.exe
  2⤵
  PID:8532
- C:\Windows\System\UhCLAss.exe
  C:\Windows\System\UhCLAss.exe
  2⤵
  PID:8968
- C:\Windows\System\BmDceku.exe
  C:\Windows\System\BmDceku.exe
  2⤵
  PID:9192
- C:\Windows\System\HyGRSqr.exe
  C:\Windows\System\HyGRSqr.exe
  2⤵
  PID:8792
- C:\Windows\System\QDZeEAX.exe
  C:\Windows\System\QDZeEAX.exe
  2⤵
  PID:8948
- C:\Windows\System\ohGFSuo.exe
  C:\Windows\System\ohGFSuo.exe
  2⤵
  PID:9240
- C:\Windows\System\xTnxYZT.exe
  C:\Windows\System\xTnxYZT.exe
  2⤵
  PID:9328
- C:\Windows\System\UoKytcu.exe
  C:\Windows\System\UoKytcu.exe
  2⤵
  PID:9392
- C:\Windows\System\DHrvCnl.exe
  C:\Windows\System\DHrvCnl.exe
  2⤵
  PID:9308
- C:\Windows\System\DptDmMB.exe
  C:\Windows\System\DptDmMB.exe
  2⤵
  PID:9340
- C:\Windows\System\oaEYDqT.exe
  C:\Windows\System\oaEYDqT.exe
  2⤵
  PID:9456
- C:\Windows\System\wVyECvY.exe
  C:\Windows\System\wVyECvY.exe
  2⤵
  PID:9468
- C:\Windows\System\onsQEbw.exe
  C:\Windows\System\onsQEbw.exe
  2⤵
  PID:9404
- C:\Windows\System\UxtGFGt.exe
  C:\Windows\System\UxtGFGt.exe
  2⤵
  PID:9532
- C:\Windows\System\ocyKRJA.exe
  C:\Windows\System\ocyKRJA.exe
  2⤵
  PID:9552
- C:\Windows\System\HoPeauZ.exe
  C:\Windows\System\HoPeauZ.exe
  2⤵
  PID:9612
- C:\Windows\System\DLfpCZK.exe
  C:\Windows\System\DLfpCZK.exe
  2⤵
  PID:9676
- C:\Windows\System\nhQWqEV.exe
  C:\Windows\System\nhQWqEV.exe
  2⤵
  PID:9596
- C:\Windows\System\DiVNUeZ.exe
  C:\Windows\System\DiVNUeZ.exe
  2⤵
  PID:9772
- C:\Windows\System\BMqOTMS.exe
  C:\Windows\System\BMqOTMS.exe
  2⤵
  PID:9628
- C:\Windows\System\xErlrdX.exe
  C:\Windows\System\xErlrdX.exe
  2⤵
  PID:9760
- C:\Windows\System\lFRtHVG.exe
  C:\Windows\System\lFRtHVG.exe
  2⤵
  PID:9724
- C:\Windows\System\nCKbLup.exe
  C:\Windows\System\nCKbLup.exe
  2⤵
  PID:9812
- C:\Windows\System\yUBUwOC.exe
  C:\Windows\System\yUBUwOC.exe
  2⤵
  PID:9872
- C:\Windows\System\erknTWh.exe
  C:\Windows\System\erknTWh.exe
  2⤵
  PID:9920
- C:\Windows\System\SpHDuDB.exe
  C:\Windows\System\SpHDuDB.exe
  2⤵
  PID:9856
- C:\Windows\System\zBFsDsh.exe
  C:\Windows\System\zBFsDsh.exe
  2⤵
  PID:9940
- C:\Windows\System\XfApmOY.exe
  C:\Windows\System\XfApmOY.exe
  2⤵
  PID:9960
- C:\Windows\System\lcjPoes.exe
  C:\Windows\System\lcjPoes.exe
  2⤵
  PID:9976
- C:\Windows\System\safjcmY.exe
  C:\Windows\System\safjcmY.exe
  2⤵
  PID:9992
- C:\Windows\System\cGOFjYB.exe
  C:\Windows\System\cGOFjYB.exe
  2⤵
  PID:10012
- C:\Windows\System\OXdBNzI.exe
  C:\Windows\System\OXdBNzI.exe
  2⤵
  PID:10028
- C:\Windows\System\wEXfJuU.exe
  C:\Windows\System\wEXfJuU.exe
  2⤵
  PID:10044
- C:\Windows\System\TZCJPPb.exe
  C:\Windows\System\TZCJPPb.exe
  2⤵
  PID:10068
- C:\Windows\System\ZteYFbb.exe
  C:\Windows\System\ZteYFbb.exe
  2⤵
  PID:10132
- C:\Windows\System\EhbstKp.exe
  C:\Windows\System\EhbstKp.exe
  2⤵
  PID:10152
- C:\Windows\System\oQqwcyB.exe
  C:\Windows\System\oQqwcyB.exe
  2⤵
  PID:10116
- C:\Windows\System\lXaiCcr.exe
  C:\Windows\System\lXaiCcr.exe
  2⤵
  PID:10208
- C:\Windows\System\XhqhQDV.exe
  C:\Windows\System\XhqhQDV.exe
  2⤵
  PID:8660
- C:\Windows\System\qhbmFmp.exe
  C:\Windows\System\qhbmFmp.exe
  2⤵
  PID:8856
- C:\Windows\System\iOFyPos.exe
  C:\Windows\System\iOFyPos.exe
  2⤵
  PID:9076
- C:\Windows\System\OCbCZlS.exe
  C:\Windows\System\OCbCZlS.exe
  2⤵
  PID:9256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALkEIuZ.exe

Filesize
6.0MB

MD5
5175c6dafe9aac8d71271bddd26f4e1c

SHA1
99605d749d8ff3f07d2f1b192805c51c862115ba

SHA256
5dfb69f3626f6e33cd4dc144078f83669aa9072f2d41491da431af782327c91d

SHA512
260c617f9909f05749255400c3bfa5aa32361951b61c9664fd30d1979242a4d5fff545d6a7fb7e343e19e4c50e641af92f8845ac45466ddcf1f0ffd5e14e013b

Download Submit
C:\Windows\system\BAMqTVE.exe

Filesize
6.0MB

MD5
8ef54f2361c3ce6cc47ac73a5becf5fa

SHA1
8a877031763fc4319a1d7fff9735cb94b2bbcf96

SHA256
e9aedd4b94c990e7f403eb52bf28713f6aa062010a327ee367de9b6dda1de636

SHA512
c94ba4885abc8f2c1487c094af8583b1ee2d73f70f3db297e2b94a48b5338329f68e5b3eaf6c3c142575a686e14bd6ac45dbc9ed84acb67c93714fd93cddc2b1

Download Submit
C:\Windows\system\BfDeupL.exe

Filesize
6.0MB

MD5
b7945c1210b1708d79b103b992fb4d00

SHA1
74e980f394a0d86d2d07aed593773b4819229498

SHA256
1d2faeae173533343ac34248a10e872ceca8f9f1b4a0ce1bb9553ae14526434b

SHA512
33f30925fc75c5b358c32507c30a1a9e571cc7568ea99d21930db89c467fc57883ba76f9c4934b8a0f37bb0a026615b3124108fa9b25f6c894249be8f14c7771

Download Submit
C:\Windows\system\BqBsIFE.exe

Filesize
6.0MB

MD5
d7335d5b625dfad5218b6e69399d2158

SHA1
688725fe5e38062203905b2fb485a7586275dbce

SHA256
c2bdeb1756ba85ce704155ebea470f542b1296a5a8031fe42aa7b75448feb4a7

SHA512
271ddcc3eee353a9801b5780f09d72f1600056a4c1ec2b3580fe282571c39ba9a8bda840604b6d3688d1581074019bdea2494829bc64119ba7d93c70d701fa1f

Download Submit
C:\Windows\system\DKrDtlb.exe

Filesize
6.0MB

MD5
72f6f5f9ea9adba65e89526b525a27e0

SHA1
6ab289aba2f8dcb313805f5b799fb8cbe87729d9

SHA256
29a12dffd59f29b55fabfb90a72979fa20b4f242ced33ab42011881505713046

SHA512
0ea57f11838bbf141b3cc385e35f2488d527b068749a2c57a9e778e31740c51f9dc1024cdc1a17ba1dcdd05658883fc616ac01911792de7d33ca7153a13bec7c

Download Submit
C:\Windows\system\GWkohmG.exe

Filesize
6.0MB

MD5
76aa9ba8e0d4c86441e039ab39231b53

SHA1
732b191769bff1600070a1790ff27fc81b84ffa2

SHA256
609b4970c6f7dbe368d5535c1ced0de06df4ed59d8d03ec9ff2f061612a9e0d0

SHA512
1132dc22670f1f6bb7a40a9f5117be9869957c5bb52c05cda6cdc5245f809c723b5e6ec0e477f67d718460d291116b35a860a6e92565113c73405048a0ccda2c

Download Submit
C:\Windows\system\HHLWptn.exe

Filesize
6.0MB

MD5
f671815cdd767263aa6b8ec3bb3c08c1

SHA1
d5d7182179d4380b3831c3a46a737d0b9f407515

SHA256
2ac6afcd45213d30476a011a5c59d35ccc97ca284857ca40c977315d0809abe8

SHA512
f73f7f5a3593d09d8252430bea4fa2ceea8672bb58441b90dd8796c148759311c886516dbda38f66194c77b5fd9636e517720c4d183a3024193acaf17c3f16be

Download Submit
C:\Windows\system\PmyQCQM.exe

Filesize
6.0MB

MD5
91612759cd95c5dde6ed36ebfdd14588

SHA1
dd8f17c7b279130e373761becbca4a7b6346b3e8

SHA256
b64adaada566aaaf843a0d79ba6dda3e78da2df3131237f86152a341a230c86e

SHA512
7e29218c5153423a446438de92b71de95e78649245e1fdd2dc07fa8849e757564cd8cb9e5e4cd21d9eacd2b1c28b008c1382606199af20d7a90205ecf63ad34f

Download Submit
C:\Windows\system\SbBkofw.exe

Filesize
6.0MB

MD5
1f18e63ce46a38433fdd93ab221b6e9e

SHA1
2b00c97dc8d649982dd0b22309d394777b0af8b4

SHA256
2817c31963db8fa4edc95d6981f11d069fea73d4e1b2f5aaec3966a0af7129e6

SHA512
5cbfa779c8f68d33529def6ecbc316743f1b3243b6d7f76e878af16f701a33458154e6470a409868e6642f7aebcac46c3bee75c8bc5b379638282fc8ddfc2493

Download Submit
C:\Windows\system\ShOCtNB.exe

Filesize
6.0MB

MD5
bd3bcb8a62f940271d6ac1658db4e38f

SHA1
e4887eae0f7e2d4af10a1325109b2333858c19f6

SHA256
25c39f14a0c533d2ab6613b6b106766392f2badad2b8c94d18aabd841ef35a1d

SHA512
a2c7c9aab83cf58895914a7421248cf4cdcc3d81835d84c620acd1ca256462bbdd378d30c5b6ac947e781cb67646a57338cee93b12ddfba1ae6f86616ac40e6d

Download Submit
C:\Windows\system\SiKgWtz.exe

Filesize
6.0MB

MD5
a65d35b130012d8b16b7799b998ac7ad

SHA1
b6b4cb97a69394c0aa9657e082dca4d9b76e9b4b

SHA256
784a36458c05f6debeb5cc1e44990156e5ae7d54f29d4b7f3530dae0126d5b45

SHA512
ae8567332139d9066ef0b753637cac207e793560d6591ff9572db0828ca97e668e23f9cd49ae6af6ac684aaa968a5f3f8b5595500e28304ba68da461136e55b0

Download Submit
C:\Windows\system\YMtmsnM.exe

Filesize
6.0MB

MD5
df565d518408e9c6a6dc0615d8b21d3f

SHA1
a6d5d6cf0cc5cde6203ddb868dba84258d6f845a

SHA256
4427721bf02d2b89d65b3407b8ed6f13a152bdbcba20d1faba5ac127b5b4ea64

SHA512
f0b990c25d5debc9e9d953327fea783d126d6c67d5938c69a70e9873e9af8b1895bf239755a732a94689ab2dcc630904c45844dfc9711da458cc6b0b6d18737a

Download Submit
C:\Windows\system\chANKAP.exe

Filesize
6.0MB

MD5
e1b7a353c629e8e6275d5c57ca16c216

SHA1
c7db04ad47dc2271f868beebdad676839981c5e7

SHA256
184a4e289a9f6f1013945ddd78953687c4bdb9a52035133c4a97042a5dbe2d69

SHA512
64ee7e8203d5c1e05ee19fd31aaeb62acdb06b2647707bc21de54af094168f1a49b19ee7c894f73a45ba2c65d3b7977b7dfcd48d129e330fb8b663fdee03109a

Download Submit
C:\Windows\system\clFwstw.exe

Filesize
6.0MB

MD5
2c1c9cb7443c6aedb75f9feeeb7e3412

SHA1
700490635edb6ebfd4c837b5ed50ff2c2823edda

SHA256
fea02c6d3d2e744bf05ca35b4480251509f12ac9c0dc46824187540b9a5e1bef

SHA512
fb87705ca7e1429b910f14eed549d22d7938c98a3c35a7e79fc329ddfbf0e664f9f3f918dcb42d3ce53dd3c6a6038ef877aa2672a7460705f1ed99c44674bed3

Download Submit
C:\Windows\system\eVbjNbv.exe

Filesize
6.0MB

MD5
03fa38e456a19d760d84a3783f992268

SHA1
06dfe65ff61b738e9845a5d9aa46c9512dab4cc8

SHA256
d1cf298b6f23d46f55fa1949a463f10dc7a346d7da37382ec85ec776aaa75d85

SHA512
25883591081f8211064f1b1448a9d5e9b57bbd8b2c98f42989302ec5bad44880686f4a329e472b3c8546b6149269f4d94fafc7bc47798dac90628cd5f9365b72

Download Submit
C:\Windows\system\gJcCxPT.exe

Filesize
6.0MB

MD5
d87a4312542e2b969871d4910c843b17

SHA1
d9bc5d817b79525490e2880a57dd2c531b9a69ec

SHA256
b988f3950dd2163ae88359aa073722920ebb9512427e0988841bf20b1f513281

SHA512
5df51c108c8354fa02d8b8fbab502c8cf9dc0c07b86120cdbb208f30c17b1f07eabd78f8cdc1abe540bfd04ebbce4e6ad49462066e8a8d5926d5329853902753

Download Submit
C:\Windows\system\gsGQALf.exe

Filesize
6.0MB

MD5
acddf4f31532e53b911702690929ebf7

SHA1
9e35294250964162e93bf899956b968faadc5c1c

SHA256
035fedd713fda55ea00c2c7a5a85aec4e3f9d4206d0c4e91a1995c8094c5a451

SHA512
7b71868ef077b85ca3c1b9e91bd849fa49146cf5f26de49d39d336883a01946fefb73c463dbb6b19f341f1085cdf7eb1d11e195739d06dc1dac941573ee25249

Download Submit
C:\Windows\system\jvdjGhB.exe

Filesize
6.0MB

MD5
00d18b824e401535f43e2dac581bec95

SHA1
2956734102353be6e4dd711f834619709461993a

SHA256
1bb13e22995197bb3e0336e345ff89af7b5b78218ad745e72081b9685c60ccaa

SHA512
16594eef70f403108e6c44c206d07c15ecaa87d1aaab2b7546ccecccbc7bbe604c38cd3cdc587587f2a8417b888f1ca0e34e3b1203320553c9ec4486e0196f44

Download Submit
C:\Windows\system\koJDUjn.exe

Filesize
6.0MB

MD5
4d1f537824a1350727d7a08937bb8672

SHA1
0d9a81d9abd106289cd9bd170acf54387d93fa2f

SHA256
aed4c94b35073ed85ac9b9043052fc860d808003b676b7f37a1c3876c459ef13

SHA512
26f205f6d342a6a2ea245ed0de779d4d340a523d1ea24ed5a1be1f04adb1540dbca5d45bbed9b09b21e078ee7dd90fcca6ff3f0dc4c3faed95df7d5295e171dc

Download Submit
C:\Windows\system\kwkUbCu.exe

Filesize
6.0MB

MD5
0a1b35cd0a6e577ef963812d290d1e09

SHA1
1ef0c774cdd8a1af3bd8cbb3cb83a8623a755910

SHA256
353a3804dd80d5ef765b25a7651e9bdec63bb1946fcdda35dd9689df4adcc882

SHA512
2add6f2c848b410176a2aef02218788ef9b3d2832320901d89ba640f03bb1207a077ae910102f27a587765a8b86d26dd199b1ffe88fc79fc1c356c44ee6aef47

Download Submit
C:\Windows\system\kyEZYCG.exe

Filesize
6.0MB

MD5
979993a8ef417138641565582fdb3f9c

SHA1
4c4bd16e377618374d3389f6b6402df8c00e21f6

SHA256
424f983ed5f76087891e448ba3d741c6ad082d7c85730a610503a9dace354b4b

SHA512
ba72b160021e309f7adcac892897be4585a74789e2d9af4168ebf7825b40c1e5d35248e0adb49fbbc241ec4be093e98bb4c2de27bb63fa9344b8d02297f3ad80

Download Submit
C:\Windows\system\mNuGIxW.exe

Filesize
6.0MB

MD5
3f95f41329d25e25b8b44fb84bb46dd5

SHA1
8040ff3ad62c6ab84e9598eb3157c29602c2042f

SHA256
3deb83a71bf61e573216ca1780b1748849b5fcda8504ef8ea05bb0a35ad0fa5b

SHA512
2719e3094b68f653c44de5f6d7ac6cbd19cbd478222be96bb16f9cc5657d625aeaf6c2f4f5dbfed4723957dddc8282d1a2b66610ead78a15f03b7ec932513393

Download Submit
C:\Windows\system\nPCVPcP.exe

Filesize
6.0MB

MD5
cc2559c5ba34a49a35828463e3ee0327

SHA1
d58ab9c831d41efd7757f4ed64c2f2783dd6febe

SHA256
320847c9511df5ae3dac78dd0e4c84bafe1315d49fe4cd26f241e493a0bc5f90

SHA512
7dab38b7f4ceb14f627496b9f40eb2fad8389e54c142784bb2fc2c057b795a12be1649330f1d5dadc9cb6e292fdce7c3fb2e9452125ea5b40e8f16b63ce13c34

Download Submit
C:\Windows\system\qoqeoMZ.exe

Filesize
6.0MB

MD5
8f2514ccbd3cfc466a6e12a91147bc0c

SHA1
7920ec53cd0db703e999799e94b200da51a9cca8

SHA256
d51c47781314d2487266ab8f94a6a52276f893993dfaa6d992fc5b83d29bf4e8

SHA512
234def0cea16f54b332d71628a076ad1b6de2e3c5fea111f26898fca5961dd9fc1edfb62637a5a481f3b5eb6689efe4027d0fefe4a3984b2f1d464148e2fdf97

Download Submit
\Windows\system\DXPZZDg.exe

Filesize
6.0MB

MD5
ebeb282c9d1a4edfc7122b57bf96614a

SHA1
ba9f0a66e622aacbaf22f0919e995ae1e657e33e

SHA256
fe65bdfa0c41d310727c6c14ed3e0490ff255e6bf9d058f423ee5b56e5cb34cf

SHA512
152ea932d9099b5705a1a6807aa419aa4a4cc187abb6a2b9fec4d03f193f2d20e66b04f481d984fb50c053352b606491ad7165bcd47d0013c55ed1796c30cbd1

Download Submit
\Windows\system\DsnUVaB.exe

Filesize
6.0MB

MD5
379272004debe96dac088b76cba2be78

SHA1
36b6c5061b80ca54bee2a50b5afd74d0019974e7

SHA256
95748442c9817590ffac3ae91a77e8ccf82707e4ae06d567ac019b9bce07396f

SHA512
952a9202b00c487f777d18c3baf892be9cd738576c65c77f6cb33c5d276e1921642d6357b691ca56f2d575b3019016ebf9de851537b5d1f8e5b9d8b1959788c9

Download Submit
\Windows\system\JjmnduP.exe

Filesize
6.0MB

MD5
736ae0e9a312c848b9d9363b912d1a8b

SHA1
386b0f8096dae44c0b39477b5a63a8d81b3e4190

SHA256
eb619e44cc2690677f99be7d9c6a77259dcc12231339f78b0631a008a955e106

SHA512
f10bdcf53660347a424e7c8a0a7ad84c6a1a467eea487ddb5fc79fc69f159e9b6922455882364a109d23088bac7da9ca0a53d778b40010b5f598293a53801c54

Download Submit
\Windows\system\NUCrFzJ.exe

Filesize
6.0MB

MD5
74ded6da3a492e6298d3ed9a9e8102b9

SHA1
d90c2293dc91f15e29b469cc9b0f01481f781242

SHA256
4a9728dca2ff5ff227074c5fcaf71aa2d49e94425fd754e73b29622d1718805c

SHA512
c0b741628cd3787b1c3ee05a0a82fe71a1f8108553c46104e79489289a7955acf69382ed37ae30829b864e968e44a6518cdacd95f2812da51f9b27f20120fb50

Download Submit
\Windows\system\RnJfQfJ.exe

Filesize
6.0MB

MD5
2d9a01ea1e38baa8dd501fe100b67527

SHA1
6f9a86f991a0b8f62b3d1afd07127f873421ec55

SHA256
bd6215dd0a57c80e0c72c92f8bf2cd24269311751731eb04df81f1470f1298f7

SHA512
58006383bf7830fe7dd43264b4a16a1c6f7e7140a59d8d30ca109a5aa7aa66867567fecf4ba0cde240f7f309ee7e7468b998eb99f5bf5329539d270fd81ac8cb

Download Submit
\Windows\system\cgoeOYA.exe

Filesize
6.0MB

MD5
b17a4e00fd4e899c64643e6bc3df98f5

SHA1
9451c7bf4655a423656c4ad1cbf4e49615ac8870

SHA256
c0781a0cb8c60013bd629e32da0212500b27ca586fd695e2ea51bfb40a836001

SHA512
fcc2da5d966a99c8100689dfc2bec87c21380fde4fefb2c7606637ac93bb8b97323db7e17398a04bc902d420d6214be2f41d2d6894db61015360df82c75ff196

Download Submit
\Windows\system\ohJxOsy.exe

Filesize
6.0MB

MD5
889aee6ddd012718ef1223138cfd5033

SHA1
83714ec1a08e642c30015407e8d3411296d48251

SHA256
4ed7892a62420c91448a503688421e8f1b960c0e5159fb4b9cd510a3da98b6c8

SHA512
6871ac4bea120107efc8515ead61f72f02a7e35958023ec70c7408b415ec4b58cf29e7e34b9c2f82eba7d7f820c91ec6b5d11c0cb9559c5265b213b7ac68fe70

Download Submit
\Windows\system\vtmOrbK.exe

Filesize
6.0MB

MD5
ba450a5a760d3f809b3556d016fe3852

SHA1
3806f17ad68b9f5f43b3171221a2aa3cd828c4ad

SHA256
5aeec57efd68f5c7e54e267748daa83ee5c7cba5ae1acb54675d929c6f2118ed

SHA512
e8588e8f4017443bb314c0bd0271cebdcfa662b329552bb1dda39378581e1ace35befddb701b025eebbc92c520f037d171e187e68750ca61e4892483bc5adc57

Download Submit
memory/376-4173-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/376-81-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-99-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1232-4171-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1424-4169-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1424-91-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1720-4170-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2384-75-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2384-4168-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4172-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-85-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-42-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2532-90-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2660-50-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-97-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3763-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2700-77-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2700-28-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2736-12-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2736-43-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2768-21-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2768-66-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2780-49-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2780-14-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2832-84-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3730-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-35-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3751-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2968-105-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2968-57-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-107-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3028-39-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-73-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-70-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/3028-74-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3028-56-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-19-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-98-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-106-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/3028-33-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3028-15-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-26-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-100-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-96-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-82-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-410-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-713-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-910-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3028-581-0x0000000002520000-0x0000000002874000-memory.dmp

Filesize
3.3MB

Download
memory/3028-262-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3028-0-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download