cobaltstrike | dcb0fe7c1287186c39ee30c524e2f2c02f44442a8aa3c00cc4f391dadcfce4c0

Analysis

max time kernel
148s
max time network
27s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d87e38b2259394b228d5667a89c86e9c
SHA1

e2574b877d8d90288296c45b1c99aac2872a16a1
SHA256

dcb0fe7c1287186c39ee30c524e2f2c02f44442a8aa3c00cc4f391dadcfce4c0
SHA512

9caac46c2bbcd9306e35f4b0af6e7d0a47413c7da884bb5bba8ea7fab77be5a4101d56bcb2f2807b3f99a19164d27bb0783cd8e915f0f61e84cae5a8997dace1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-27.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-194.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-105.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000016458-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-88.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-63.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016fc9-36.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2608-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225c-6.dat	xmrig
behavioral1/files/0x0009000000016ace-8.dat	xmrig
behavioral1/files/0x0007000000016c10-12.dat	xmrig
behavioral1/memory/3016-22-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c1a-27.dat	xmrig
behavioral1/memory/2808-50-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0005000000019480-70.dat	xmrig
behavioral1/files/0x0005000000019490-98.dat	xmrig
behavioral1/files/0x00050000000194ef-115.dat	xmrig
behavioral1/files/0x000500000001950f-120.dat	xmrig
behavioral1/files/0x0005000000019515-125.dat	xmrig
behavioral1/files/0x0005000000019547-130.dat	xmrig
behavioral1/memory/1920-134-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a7-143.dat	xmrig
behavioral1/files/0x00050000000195ad-159.dat	xmrig
behavioral1/files/0x00050000000195bd-194.dat	xmrig
behavioral1/memory/2608-231-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-188.dat	xmrig
behavioral1/files/0x00050000000195b7-184.dat	xmrig
behavioral1/files/0x00050000000195b5-179.dat	xmrig
behavioral1/files/0x00050000000195b3-173.dat	xmrig
behavioral1/files/0x00050000000195af-163.dat	xmrig
behavioral1/files/0x00050000000195b1-168.dat	xmrig
behavioral1/files/0x00050000000195ab-153.dat	xmrig
behavioral1/files/0x00050000000195a9-149.dat	xmrig
behavioral1/files/0x000500000001957c-137.dat	xmrig
behavioral1/memory/2608-133-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-110.dat	xmrig
behavioral1/memory/2904-102-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-105.dat	xmrig
behavioral1/memory/2152-95-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1836-94-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2608-82-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/2220-81-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000c000000016458-79.dat	xmrig
behavioral1/files/0x0005000000019489-78.dat	xmrig
behavioral1/memory/2684-74-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2520-72-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-88.dat	xmrig
behavioral1/memory/1664-58-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2608-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c7-54.dat	xmrig
behavioral1/memory/1920-65-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2608-64-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019470-63.dat	xmrig
behavioral1/memory/1260-62-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2824-39-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0009000000016fc9-36.dat	xmrig
behavioral1/memory/2900-49-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-44.dat	xmrig
behavioral1/files/0x0007000000016c23-33.dat	xmrig
behavioral1/memory/2520-29-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2164-23-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2608-20-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1260-19-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2164-1117-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1260-1118-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2824-1120-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2520-1119-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/3016-1121-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2900-1137-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2808-1136-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2220-1140-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2164	eHSgaBK.exe
1260	uvgDiqf.exe
3016	ffotUMo.exe
2520	jGczbnc.exe
2824	sNBeDTb.exe
2900	dsXCmAZ.exe
2808	VxHPPJR.exe
1664	LYCojWe.exe
1920	iFdTSoH.exe
2684	GxeMSSc.exe
2220	JIvkfin.exe
1836	FnuhqzZ.exe
2152	vZYCRQX.exe
2904	GkDBVUX.exe
1980	BRPMSYD.exe
2728	DDNlhdo.exe
2996	rIUalbV.exe
540	dkEGMsV.exe
2980	KLtaykO.exe
3008	TFeOaOJ.exe
2096	deuCKNx.exe
1400	vBMbEve.exe
1908	IJkGlPu.exe
820	yYGLJnT.exe
2232	PLzhhtD.exe
2844	iEJMLwE.exe
2212	xPNsPPs.exe
2452	sJoxRGB.exe
2192	qNIhVRe.exe
1956	TqhBnhR.exe
2280	LHyZtUV.exe
604	jpKDMfj.exe
280	YocBIvL.exe
2224	sPmUkAD.exe
2228	ofduaXJ.exe
1828	BtrRlNp.exe
2976	YrPSBSi.exe
1816	StGfJXY.exe
1212	hvjKWlH.exe
2536	jfnUUPX.exe
2124	sIqySVk.exe
2020	PYTFIyN.exe
788	YYUWMyC.exe
1936	lAqStYM.exe
2260	ZnjHcVw.exe
2436	kskviGE.exe
2596	XNhUEzG.exe
2524	WOTLhgC.exe
2628	owtLylJ.exe
892	voIxfqn.exe
2556	hIKSQHS.exe
2072	hswfxYy.exe
2748	IFyklIa.exe
2180	fnuRPgX.exe
1192	sWYDiyj.exe
2920	ayOUsPZ.exe
2528	aKmEUhs.exe
2060	JfnKpnI.exe
2716	zCLUYnf.exe
2300	syMhnHD.exe
2732	ytPvKAg.exe
1560	YUnQINB.exe
308	ASPjTyL.exe
2496	ofZZiwf.exe

Loads dropped DLL 64 IoCs

pid	Process
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2608-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-6.dat	upx
behavioral1/files/0x0009000000016ace-8.dat	upx
behavioral1/files/0x0007000000016c10-12.dat	upx
behavioral1/memory/3016-22-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0007000000016c1a-27.dat	upx
behavioral1/memory/2808-50-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x0005000000019480-70.dat	upx
behavioral1/files/0x0005000000019490-98.dat	upx
behavioral1/files/0x00050000000194ef-115.dat	upx
behavioral1/files/0x000500000001950f-120.dat	upx
behavioral1/files/0x0005000000019515-125.dat	upx
behavioral1/files/0x0005000000019547-130.dat	upx
behavioral1/memory/1920-134-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00050000000195a7-143.dat	upx
behavioral1/files/0x00050000000195ad-159.dat	upx
behavioral1/files/0x00050000000195bd-194.dat	upx
behavioral1/files/0x00050000000195bb-188.dat	upx
behavioral1/files/0x00050000000195b7-184.dat	upx
behavioral1/files/0x00050000000195b5-179.dat	upx
behavioral1/files/0x00050000000195b3-173.dat	upx
behavioral1/files/0x00050000000195af-163.dat	upx
behavioral1/files/0x00050000000195b1-168.dat	upx
behavioral1/files/0x00050000000195ab-153.dat	upx
behavioral1/files/0x00050000000195a9-149.dat	upx
behavioral1/files/0x000500000001957c-137.dat	upx
behavioral1/files/0x00050000000194eb-110.dat	upx
behavioral1/memory/2904-102-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-105.dat	upx
behavioral1/memory/2152-95-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1836-94-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2220-81-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000c000000016458-79.dat	upx
behavioral1/files/0x0005000000019489-78.dat	upx
behavioral1/memory/2684-74-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2520-72-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001948c-88.dat	upx
behavioral1/memory/1664-58-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2608-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x00060000000193c7-54.dat	upx
behavioral1/memory/1920-65-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0005000000019470-63.dat	upx
behavioral1/memory/1260-62-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2824-39-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0009000000016fc9-36.dat	upx
behavioral1/memory/2900-49-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0002000000018334-44.dat	upx
behavioral1/files/0x0007000000016c23-33.dat	upx
behavioral1/memory/2520-29-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2164-23-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1260-19-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2164-1117-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1260-1118-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2824-1120-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2520-1119-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/3016-1121-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2900-1137-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2808-1136-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2220-1140-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1920-1139-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1836-1138-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2904-1148-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1664-1162-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2152-1152-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yWLAGZy.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izyqUCb.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpjrwzx.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkbIrUY.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvLiJEr.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOMRrHw.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLJhdya.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkQvehG.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXBHlDM.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToZvxBV.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrPAqTz.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vndjXAy.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kknRAsb.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYVzHbK.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLKBAyx.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBipBmP.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkRHkmE.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHKNfhA.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnVkVfY.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKmXjlg.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hukwHMt.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWOjuRU.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loOXIFO.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Obaukav.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJCUKnY.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXbAxwE.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsQlSoL.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfBHTfS.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNIhVRe.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUnQINB.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIboMlp.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgvQxdn.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqWyzwc.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHNdGqM.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjjEPqX.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbrkFTX.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BECVpIX.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhYWvlh.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NArhpqg.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYBwLrH.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQhoHhj.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xioQJIj.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iorqJoh.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsiieJn.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJUbLIT.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\przaxqM.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPyKwHN.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJhKmgL.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHyZtUV.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzKhSiq.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrzQwpj.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrskShC.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKxkUMZ.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASPjTyL.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLGhchu.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATwrAHq.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNjIbxd.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZEJpxT.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGhjGlA.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czUuybE.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovsYssW.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKboLog.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgMBodT.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwZMDuB.exe	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2164	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2608 wrote to memory of 2164	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2608 wrote to memory of 2164	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2608 wrote to memory of 1260	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2608 wrote to memory of 1260	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2608 wrote to memory of 1260	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2608 wrote to memory of 3016	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2608 wrote to memory of 3016	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2608 wrote to memory of 3016	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2608 wrote to memory of 2520	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2608 wrote to memory of 2520	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2608 wrote to memory of 2520	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2608 wrote to memory of 2824	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2608 wrote to memory of 2824	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2608 wrote to memory of 2824	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2608 wrote to memory of 2808	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2608 wrote to memory of 2808	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2608 wrote to memory of 2808	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2608 wrote to memory of 2900	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2608 wrote to memory of 2900	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2608 wrote to memory of 2900	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2608 wrote to memory of 1664	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2608 wrote to memory of 1664	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2608 wrote to memory of 1664	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2608 wrote to memory of 1920	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2608 wrote to memory of 1920	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2608 wrote to memory of 1920	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2608 wrote to memory of 2684	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2608 wrote to memory of 2684	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2608 wrote to memory of 2684	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2608 wrote to memory of 2220	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2608 wrote to memory of 2220	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2608 wrote to memory of 2220	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2608 wrote to memory of 2152	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2608 wrote to memory of 2152	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2608 wrote to memory of 2152	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2608 wrote to memory of 1836	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2608 wrote to memory of 1836	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2608 wrote to memory of 1836	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2608 wrote to memory of 2904	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2608 wrote to memory of 2904	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2608 wrote to memory of 2904	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2608 wrote to memory of 1980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2608 wrote to memory of 1980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2608 wrote to memory of 1980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2608 wrote to memory of 2728	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2608 wrote to memory of 2728	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2608 wrote to memory of 2728	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2608 wrote to memory of 2996	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2608 wrote to memory of 2996	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2608 wrote to memory of 2996	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2608 wrote to memory of 540	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2608 wrote to memory of 540	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2608 wrote to memory of 540	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2608 wrote to memory of 2980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2608 wrote to memory of 2980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2608 wrote to memory of 2980	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2608 wrote to memory of 3008	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2608 wrote to memory of 3008	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2608 wrote to memory of 3008	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2608 wrote to memory of 2096	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2608 wrote to memory of 2096	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2608 wrote to memory of 2096	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2608 wrote to memory of 1400	2608	2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_d87e38b2259394b228d5667a89c86e9c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\System\eHSgaBK.exe
  C:\Windows\System\eHSgaBK.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\uvgDiqf.exe
  C:\Windows\System\uvgDiqf.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ffotUMo.exe
  C:\Windows\System\ffotUMo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\jGczbnc.exe
  C:\Windows\System\jGczbnc.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\sNBeDTb.exe
  C:\Windows\System\sNBeDTb.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\VxHPPJR.exe
  C:\Windows\System\VxHPPJR.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dsXCmAZ.exe
  C:\Windows\System\dsXCmAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\LYCojWe.exe
  C:\Windows\System\LYCojWe.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\iFdTSoH.exe
  C:\Windows\System\iFdTSoH.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\GxeMSSc.exe
  C:\Windows\System\GxeMSSc.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JIvkfin.exe
  C:\Windows\System\JIvkfin.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\vZYCRQX.exe
  C:\Windows\System\vZYCRQX.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\FnuhqzZ.exe
  C:\Windows\System\FnuhqzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\GkDBVUX.exe
  C:\Windows\System\GkDBVUX.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\BRPMSYD.exe
  C:\Windows\System\BRPMSYD.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\DDNlhdo.exe
  C:\Windows\System\DDNlhdo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rIUalbV.exe
  C:\Windows\System\rIUalbV.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\dkEGMsV.exe
  C:\Windows\System\dkEGMsV.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\KLtaykO.exe
  C:\Windows\System\KLtaykO.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\TFeOaOJ.exe
  C:\Windows\System\TFeOaOJ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\deuCKNx.exe
  C:\Windows\System\deuCKNx.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\vBMbEve.exe
  C:\Windows\System\vBMbEve.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\IJkGlPu.exe
  C:\Windows\System\IJkGlPu.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\yYGLJnT.exe
  C:\Windows\System\yYGLJnT.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\PLzhhtD.exe
  C:\Windows\System\PLzhhtD.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\iEJMLwE.exe
  C:\Windows\System\iEJMLwE.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\xPNsPPs.exe
  C:\Windows\System\xPNsPPs.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\sJoxRGB.exe
  C:\Windows\System\sJoxRGB.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qNIhVRe.exe
  C:\Windows\System\qNIhVRe.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\TqhBnhR.exe
  C:\Windows\System\TqhBnhR.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\LHyZtUV.exe
  C:\Windows\System\LHyZtUV.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\jpKDMfj.exe
  C:\Windows\System\jpKDMfj.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\YocBIvL.exe
  C:\Windows\System\YocBIvL.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\sPmUkAD.exe
  C:\Windows\System\sPmUkAD.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ofduaXJ.exe
  C:\Windows\System\ofduaXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\BtrRlNp.exe
  C:\Windows\System\BtrRlNp.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\YrPSBSi.exe
  C:\Windows\System\YrPSBSi.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\StGfJXY.exe
  C:\Windows\System\StGfJXY.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\hvjKWlH.exe
  C:\Windows\System\hvjKWlH.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\jfnUUPX.exe
  C:\Windows\System\jfnUUPX.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\sIqySVk.exe
  C:\Windows\System\sIqySVk.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\PYTFIyN.exe
  C:\Windows\System\PYTFIyN.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\YYUWMyC.exe
  C:\Windows\System\YYUWMyC.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\ZnjHcVw.exe
  C:\Windows\System\ZnjHcVw.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\lAqStYM.exe
  C:\Windows\System\lAqStYM.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\kskviGE.exe
  C:\Windows\System\kskviGE.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\XNhUEzG.exe
  C:\Windows\System\XNhUEzG.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\WOTLhgC.exe
  C:\Windows\System\WOTLhgC.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\owtLylJ.exe
  C:\Windows\System\owtLylJ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\voIxfqn.exe
  C:\Windows\System\voIxfqn.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\hIKSQHS.exe
  C:\Windows\System\hIKSQHS.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\hswfxYy.exe
  C:\Windows\System\hswfxYy.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\IFyklIa.exe
  C:\Windows\System\IFyklIa.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\fnuRPgX.exe
  C:\Windows\System\fnuRPgX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\sWYDiyj.exe
  C:\Windows\System\sWYDiyj.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\ayOUsPZ.exe
  C:\Windows\System\ayOUsPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\aKmEUhs.exe
  C:\Windows\System\aKmEUhs.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\JfnKpnI.exe
  C:\Windows\System\JfnKpnI.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\zCLUYnf.exe
  C:\Windows\System\zCLUYnf.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\syMhnHD.exe
  C:\Windows\System\syMhnHD.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\ytPvKAg.exe
  C:\Windows\System\ytPvKAg.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\YUnQINB.exe
  C:\Windows\System\YUnQINB.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ASPjTyL.exe
  C:\Windows\System\ASPjTyL.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\FlujRzf.exe
  C:\Windows\System\FlujRzf.exe
  2⤵
  PID:1416
- C:\Windows\System\ofZZiwf.exe
  C:\Windows\System\ofZZiwf.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\XuhVaNz.exe
  C:\Windows\System\XuhVaNz.exe
  2⤵
  PID:2084
- C:\Windows\System\jLITBab.exe
  C:\Windows\System\jLITBab.exe
  2⤵
  PID:1656
- C:\Windows\System\XzZQciU.exe
  C:\Windows\System\XzZQciU.exe
  2⤵
  PID:1708
- C:\Windows\System\kAKMCgN.exe
  C:\Windows\System\kAKMCgN.exe
  2⤵
  PID:2548
- C:\Windows\System\PIboMlp.exe
  C:\Windows\System\PIboMlp.exe
  2⤵
  PID:2516
- C:\Windows\System\vROXrRK.exe
  C:\Windows\System\vROXrRK.exe
  2⤵
  PID:2568
- C:\Windows\System\SUldmum.exe
  C:\Windows\System\SUldmum.exe
  2⤵
  PID:2064
- C:\Windows\System\ecURtXs.exe
  C:\Windows\System\ecURtXs.exe
  2⤵
  PID:2484
- C:\Windows\System\mQWxPWH.exe
  C:\Windows\System\mQWxPWH.exe
  2⤵
  PID:792
- C:\Windows\System\fxuGklM.exe
  C:\Windows\System\fxuGklM.exe
  2⤵
  PID:2032
- C:\Windows\System\cbIxkhm.exe
  C:\Windows\System\cbIxkhm.exe
  2⤵
  PID:3040
- C:\Windows\System\ONVaowE.exe
  C:\Windows\System\ONVaowE.exe
  2⤵
  PID:2276
- C:\Windows\System\WYSYhpJ.exe
  C:\Windows\System\WYSYhpJ.exe
  2⤵
  PID:2468
- C:\Windows\System\fGALpiF.exe
  C:\Windows\System\fGALpiF.exe
  2⤵
  PID:616
- C:\Windows\System\PdMtKUP.exe
  C:\Windows\System\PdMtKUP.exe
  2⤵
  PID:2420
- C:\Windows\System\dJvjbMR.exe
  C:\Windows\System\dJvjbMR.exe
  2⤵
  PID:2472
- C:\Windows\System\YgvQxdn.exe
  C:\Windows\System\YgvQxdn.exe
  2⤵
  PID:2492
- C:\Windows\System\KqWyzwc.exe
  C:\Windows\System\KqWyzwc.exe
  2⤵
  PID:1364
- C:\Windows\System\BMIdgwO.exe
  C:\Windows\System\BMIdgwO.exe
  2⤵
  PID:2600
- C:\Windows\System\iwRadxU.exe
  C:\Windows\System\iwRadxU.exe
  2⤵
  PID:1724
- C:\Windows\System\RXBHlDM.exe
  C:\Windows\System\RXBHlDM.exe
  2⤵
  PID:1624
- C:\Windows\System\LXpHWGP.exe
  C:\Windows\System\LXpHWGP.exe
  2⤵
  PID:2772
- C:\Windows\System\EwAUmYj.exe
  C:\Windows\System\EwAUmYj.exe
  2⤵
  PID:2876
- C:\Windows\System\UjTroRv.exe
  C:\Windows\System\UjTroRv.exe
  2⤵
  PID:2692
- C:\Windows\System\NExNaxY.exe
  C:\Windows\System\NExNaxY.exe
  2⤵
  PID:2648
- C:\Windows\System\DBsnukn.exe
  C:\Windows\System\DBsnukn.exe
  2⤵
  PID:2736
- C:\Windows\System\PPBEUQY.exe
  C:\Windows\System\PPBEUQY.exe
  2⤵
  PID:776
- C:\Windows\System\izyqUCb.exe
  C:\Windows\System\izyqUCb.exe
  2⤵
  PID:1680
- C:\Windows\System\LbSViIm.exe
  C:\Windows\System\LbSViIm.exe
  2⤵
  PID:1832
- C:\Windows\System\xwvsrHK.exe
  C:\Windows\System\xwvsrHK.exe
  2⤵
  PID:2404
- C:\Windows\System\wLDpluu.exe
  C:\Windows\System\wLDpluu.exe
  2⤵
  PID:1888
- C:\Windows\System\AuVLaVM.exe
  C:\Windows\System\AuVLaVM.exe
  2⤵
  PID:2112
- C:\Windows\System\DZawFTb.exe
  C:\Windows\System\DZawFTb.exe
  2⤵
  PID:3088
- C:\Windows\System\PCwekAF.exe
  C:\Windows\System\PCwekAF.exe
  2⤵
  PID:3104
- C:\Windows\System\XsiCgnY.exe
  C:\Windows\System\XsiCgnY.exe
  2⤵
  PID:3128
- C:\Windows\System\pqWbjVP.exe
  C:\Windows\System\pqWbjVP.exe
  2⤵
  PID:3144
- C:\Windows\System\fRlDmmL.exe
  C:\Windows\System\fRlDmmL.exe
  2⤵
  PID:3168
- C:\Windows\System\nwfWhXt.exe
  C:\Windows\System\nwfWhXt.exe
  2⤵
  PID:3188
- C:\Windows\System\hbubHPr.exe
  C:\Windows\System\hbubHPr.exe
  2⤵
  PID:3208
- C:\Windows\System\obZKaJW.exe
  C:\Windows\System\obZKaJW.exe
  2⤵
  PID:3228
- C:\Windows\System\rHthveS.exe
  C:\Windows\System\rHthveS.exe
  2⤵
  PID:3244
- C:\Windows\System\XtgIsOB.exe
  C:\Windows\System\XtgIsOB.exe
  2⤵
  PID:3268
- C:\Windows\System\mAfEFqM.exe
  C:\Windows\System\mAfEFqM.exe
  2⤵
  PID:3288
- C:\Windows\System\hVxQvcY.exe
  C:\Windows\System\hVxQvcY.exe
  2⤵
  PID:3308
- C:\Windows\System\rsEhHxE.exe
  C:\Windows\System\rsEhHxE.exe
  2⤵
  PID:3336
- C:\Windows\System\vMNrazQ.exe
  C:\Windows\System\vMNrazQ.exe
  2⤵
  PID:3352
- C:\Windows\System\atUmghU.exe
  C:\Windows\System\atUmghU.exe
  2⤵
  PID:3380
- C:\Windows\System\YKboLog.exe
  C:\Windows\System\YKboLog.exe
  2⤵
  PID:3396
- C:\Windows\System\ZSvYNCR.exe
  C:\Windows\System\ZSvYNCR.exe
  2⤵
  PID:3416
- C:\Windows\System\cNqHcrN.exe
  C:\Windows\System\cNqHcrN.exe
  2⤵
  PID:3436
- C:\Windows\System\qpBqVVq.exe
  C:\Windows\System\qpBqVVq.exe
  2⤵
  PID:3456
- C:\Windows\System\DwzEiXf.exe
  C:\Windows\System\DwzEiXf.exe
  2⤵
  PID:3476
- C:\Windows\System\kMhZGLV.exe
  C:\Windows\System\kMhZGLV.exe
  2⤵
  PID:3492
- C:\Windows\System\jbxWNSW.exe
  C:\Windows\System\jbxWNSW.exe
  2⤵
  PID:3516
- C:\Windows\System\zaXGQIm.exe
  C:\Windows\System\zaXGQIm.exe
  2⤵
  PID:3532
- C:\Windows\System\fmjcXay.exe
  C:\Windows\System\fmjcXay.exe
  2⤵
  PID:3552
- C:\Windows\System\hghraVc.exe
  C:\Windows\System\hghraVc.exe
  2⤵
  PID:3572
- C:\Windows\System\lBLiJZt.exe
  C:\Windows\System\lBLiJZt.exe
  2⤵
  PID:3592
- C:\Windows\System\qMiqztH.exe
  C:\Windows\System\qMiqztH.exe
  2⤵
  PID:3616
- C:\Windows\System\eKVRFmN.exe
  C:\Windows\System\eKVRFmN.exe
  2⤵
  PID:3640
- C:\Windows\System\EhUuJBw.exe
  C:\Windows\System\EhUuJBw.exe
  2⤵
  PID:3656
- C:\Windows\System\otfOsbv.exe
  C:\Windows\System\otfOsbv.exe
  2⤵
  PID:3680
- C:\Windows\System\TMBkAYd.exe
  C:\Windows\System\TMBkAYd.exe
  2⤵
  PID:3704
- C:\Windows\System\CvJDAGD.exe
  C:\Windows\System\CvJDAGD.exe
  2⤵
  PID:3720
- C:\Windows\System\SjhCzZI.exe
  C:\Windows\System\SjhCzZI.exe
  2⤵
  PID:3744
- C:\Windows\System\YdfwrPf.exe
  C:\Windows\System\YdfwrPf.exe
  2⤵
  PID:3764
- C:\Windows\System\Hcqaagj.exe
  C:\Windows\System\Hcqaagj.exe
  2⤵
  PID:3780
- C:\Windows\System\CYrEGcN.exe
  C:\Windows\System\CYrEGcN.exe
  2⤵
  PID:3800
- C:\Windows\System\aWFRQzA.exe
  C:\Windows\System\aWFRQzA.exe
  2⤵
  PID:3824
- C:\Windows\System\BxulnYe.exe
  C:\Windows\System\BxulnYe.exe
  2⤵
  PID:3844
- C:\Windows\System\sKixeGm.exe
  C:\Windows\System\sKixeGm.exe
  2⤵
  PID:3868
- C:\Windows\System\WrXXxLH.exe
  C:\Windows\System\WrXXxLH.exe
  2⤵
  PID:3884
- C:\Windows\System\kACpcMG.exe
  C:\Windows\System\kACpcMG.exe
  2⤵
  PID:3908
- C:\Windows\System\sbErSXa.exe
  C:\Windows\System\sbErSXa.exe
  2⤵
  PID:3928
- C:\Windows\System\OnVkVfY.exe
  C:\Windows\System\OnVkVfY.exe
  2⤵
  PID:3948
- C:\Windows\System\ugvJGUw.exe
  C:\Windows\System\ugvJGUw.exe
  2⤵
  PID:3964
- C:\Windows\System\NLnVLNG.exe
  C:\Windows\System\NLnVLNG.exe
  2⤵
  PID:3984
- C:\Windows\System\haOfuie.exe
  C:\Windows\System\haOfuie.exe
  2⤵
  PID:4004
- C:\Windows\System\IyTXXKH.exe
  C:\Windows\System\IyTXXKH.exe
  2⤵
  PID:4020
- C:\Windows\System\INUpzaQ.exe
  C:\Windows\System\INUpzaQ.exe
  2⤵
  PID:4044
- C:\Windows\System\yCSBHJF.exe
  C:\Windows\System\yCSBHJF.exe
  2⤵
  PID:4060
- C:\Windows\System\tyOVcRw.exe
  C:\Windows\System\tyOVcRw.exe
  2⤵
  PID:4080
- C:\Windows\System\DmczrwK.exe
  C:\Windows\System\DmczrwK.exe
  2⤵
  PID:960
- C:\Windows\System\OrUNExT.exe
  C:\Windows\System\OrUNExT.exe
  2⤵
  PID:2564
- C:\Windows\System\DtnLHFW.exe
  C:\Windows\System\DtnLHFW.exe
  2⤵
  PID:1672
- C:\Windows\System\bwSNCuD.exe
  C:\Windows\System\bwSNCuD.exe
  2⤵
  PID:2104
- C:\Windows\System\QHEYekp.exe
  C:\Windows\System\QHEYekp.exe
  2⤵
  PID:2012
- C:\Windows\System\ZrgKAje.exe
  C:\Windows\System\ZrgKAje.exe
  2⤵
  PID:112
- C:\Windows\System\GaRaxJm.exe
  C:\Windows\System\GaRaxJm.exe
  2⤵
  PID:904
- C:\Windows\System\GRNllIE.exe
  C:\Windows\System\GRNllIE.exe
  2⤵
  PID:2044
- C:\Windows\System\tpjrwzx.exe
  C:\Windows\System\tpjrwzx.exe
  2⤵
  PID:860
- C:\Windows\System\AvLZwnd.exe
  C:\Windows\System\AvLZwnd.exe
  2⤵
  PID:1800
- C:\Windows\System\rgMBodT.exe
  C:\Windows\System\rgMBodT.exe
  2⤵
  PID:2252
- C:\Windows\System\jgxzKHm.exe
  C:\Windows\System\jgxzKHm.exe
  2⤵
  PID:2292
- C:\Windows\System\HTQmyAz.exe
  C:\Windows\System\HTQmyAz.exe
  2⤵
  PID:2720
- C:\Windows\System\osImvWE.exe
  C:\Windows\System\osImvWE.exe
  2⤵
  PID:2500
- C:\Windows\System\tNmeNjN.exe
  C:\Windows\System\tNmeNjN.exe
  2⤵
  PID:1300
- C:\Windows\System\szPEqCG.exe
  C:\Windows\System\szPEqCG.exe
  2⤵
  PID:3152
- C:\Windows\System\imiAaAP.exe
  C:\Windows\System\imiAaAP.exe
  2⤵
  PID:3096
- C:\Windows\System\kHNjkzd.exe
  C:\Windows\System\kHNjkzd.exe
  2⤵
  PID:3200
- C:\Windows\System\bRltpKW.exe
  C:\Windows\System\bRltpKW.exe
  2⤵
  PID:3184
- C:\Windows\System\xsoFCDX.exe
  C:\Windows\System\xsoFCDX.exe
  2⤵
  PID:3284
- C:\Windows\System\pjvwqrf.exe
  C:\Windows\System\pjvwqrf.exe
  2⤵
  PID:3332
- C:\Windows\System\EiCrnur.exe
  C:\Windows\System\EiCrnur.exe
  2⤵
  PID:2504
- C:\Windows\System\eEqkyjM.exe
  C:\Windows\System\eEqkyjM.exe
  2⤵
  PID:3300
- C:\Windows\System\AYIYHSO.exe
  C:\Windows\System\AYIYHSO.exe
  2⤵
  PID:3296
- C:\Windows\System\gFAVnhQ.exe
  C:\Windows\System\gFAVnhQ.exe
  2⤵
  PID:3448
- C:\Windows\System\gTLZZIZ.exe
  C:\Windows\System\gTLZZIZ.exe
  2⤵
  PID:3388
- C:\Windows\System\nfBkKlG.exe
  C:\Windows\System\nfBkKlG.exe
  2⤵
  PID:3432
- C:\Windows\System\zepIOWN.exe
  C:\Windows\System\zepIOWN.exe
  2⤵
  PID:3600
- C:\Windows\System\ZewwPdn.exe
  C:\Windows\System\ZewwPdn.exe
  2⤵
  PID:3508
- C:\Windows\System\ggimDdv.exe
  C:\Windows\System\ggimDdv.exe
  2⤵
  PID:3652
- C:\Windows\System\qnGiHjz.exe
  C:\Windows\System\qnGiHjz.exe
  2⤵
  PID:3692
- C:\Windows\System\psCfJMF.exe
  C:\Windows\System\psCfJMF.exe
  2⤵
  PID:3732
- C:\Windows\System\CFPxYkm.exe
  C:\Windows\System\CFPxYkm.exe
  2⤵
  PID:3584
- C:\Windows\System\swfigVl.exe
  C:\Windows\System\swfigVl.exe
  2⤵
  PID:3624
- C:\Windows\System\srRmcgK.exe
  C:\Windows\System\srRmcgK.exe
  2⤵
  PID:3664
- C:\Windows\System\ioMKNbb.exe
  C:\Windows\System\ioMKNbb.exe
  2⤵
  PID:3856
- C:\Windows\System\GzbXcUI.exe
  C:\Windows\System\GzbXcUI.exe
  2⤵
  PID:3760
- C:\Windows\System\cSwNtVD.exe
  C:\Windows\System\cSwNtVD.exe
  2⤵
  PID:3896
- C:\Windows\System\MydOnoI.exe
  C:\Windows\System\MydOnoI.exe
  2⤵
  PID:3832
- C:\Windows\System\upOTPjQ.exe
  C:\Windows\System\upOTPjQ.exe
  2⤵
  PID:3944
- C:\Windows\System\NNkQgJq.exe
  C:\Windows\System\NNkQgJq.exe
  2⤵
  PID:4016
- C:\Windows\System\rxhpIiz.exe
  C:\Windows\System\rxhpIiz.exe
  2⤵
  PID:4052
- C:\Windows\System\hJSNLjX.exe
  C:\Windows\System\hJSNLjX.exe
  2⤵
  PID:3920
- C:\Windows\System\EfQhSmP.exe
  C:\Windows\System\EfQhSmP.exe
  2⤵
  PID:2088
- C:\Windows\System\fkbIrUY.exe
  C:\Windows\System\fkbIrUY.exe
  2⤵
  PID:1580
- C:\Windows\System\tXeOwNS.exe
  C:\Windows\System\tXeOwNS.exe
  2⤵
  PID:4032
- C:\Windows\System\LyJlwIm.exe
  C:\Windows\System\LyJlwIm.exe
  2⤵
  PID:4076
- C:\Windows\System\YANfBcd.exe
  C:\Windows\System\YANfBcd.exe
  2⤵
  PID:4068
- C:\Windows\System\nwwAzDJ.exe
  C:\Windows\System\nwwAzDJ.exe
  2⤵
  PID:4072
- C:\Windows\System\jFPrRYV.exe
  C:\Windows\System\jFPrRYV.exe
  2⤵
  PID:1028
- C:\Windows\System\IrXzDGu.exe
  C:\Windows\System\IrXzDGu.exe
  2⤵
  PID:3028
- C:\Windows\System\zMYHtQl.exe
  C:\Windows\System\zMYHtQl.exe
  2⤵
  PID:1496
- C:\Windows\System\viDgldH.exe
  C:\Windows\System\viDgldH.exe
  2⤵
  PID:1616
- C:\Windows\System\OddWwpl.exe
  C:\Windows\System\OddWwpl.exe
  2⤵
  PID:3112
- C:\Windows\System\YJAzxLv.exe
  C:\Windows\System\YJAzxLv.exe
  2⤵
  PID:3240
- C:\Windows\System\qvpbwYB.exe
  C:\Windows\System\qvpbwYB.exe
  2⤵
  PID:3136
- C:\Windows\System\wgqARql.exe
  C:\Windows\System\wgqARql.exe
  2⤵
  PID:3196
- C:\Windows\System\YVRzYLG.exe
  C:\Windows\System\YVRzYLG.exe
  2⤵
  PID:3376
- C:\Windows\System\EHoyPuy.exe
  C:\Windows\System\EHoyPuy.exe
  2⤵
  PID:3408
- C:\Windows\System\vrywdPv.exe
  C:\Windows\System\vrywdPv.exe
  2⤵
  PID:3360
- C:\Windows\System\IIwcoAE.exe
  C:\Windows\System\IIwcoAE.exe
  2⤵
  PID:3348
- C:\Windows\System\mkpzWhS.exe
  C:\Windows\System\mkpzWhS.exe
  2⤵
  PID:3472
- C:\Windows\System\NZgshGA.exe
  C:\Windows\System\NZgshGA.exe
  2⤵
  PID:3696
- C:\Windows\System\RQtGocZ.exe
  C:\Windows\System\RQtGocZ.exe
  2⤵
  PID:3608
- C:\Windows\System\yhcbcFd.exe
  C:\Windows\System\yhcbcFd.exe
  2⤵
  PID:3636
- C:\Windows\System\YMmDkVE.exe
  C:\Windows\System\YMmDkVE.exe
  2⤵
  PID:3796
- C:\Windows\System\OyRoQQb.exe
  C:\Windows\System\OyRoQQb.exe
  2⤵
  PID:3580
- C:\Windows\System\ewhbPsK.exe
  C:\Windows\System\ewhbPsK.exe
  2⤵
  PID:3792
- C:\Windows\System\uzEKaBf.exe
  C:\Windows\System\uzEKaBf.exe
  2⤵
  PID:3892
- C:\Windows\System\COXZeWU.exe
  C:\Windows\System\COXZeWU.exe
  2⤵
  PID:4012
- C:\Windows\System\aVLwcJp.exe
  C:\Windows\System\aVLwcJp.exe
  2⤵
  PID:4040
- C:\Windows\System\AiaJhPO.exe
  C:\Windows\System\AiaJhPO.exe
  2⤵
  PID:2368
- C:\Windows\System\ESeAXga.exe
  C:\Windows\System\ESeAXga.exe
  2⤵
  PID:844
- C:\Windows\System\VsjuXsP.exe
  C:\Windows\System\VsjuXsP.exe
  2⤵
  PID:1716
- C:\Windows\System\IYmTwfD.exe
  C:\Windows\System\IYmTwfD.exe
  2⤵
  PID:2680
- C:\Windows\System\dlBmslF.exe
  C:\Windows\System\dlBmslF.exe
  2⤵
  PID:2964
- C:\Windows\System\UgjtDiE.exe
  C:\Windows\System\UgjtDiE.exe
  2⤵
  PID:2076
- C:\Windows\System\AFnJyfX.exe
  C:\Windows\System\AFnJyfX.exe
  2⤵
  PID:1988
- C:\Windows\System\RixfeBH.exe
  C:\Windows\System\RixfeBH.exe
  2⤵
  PID:3140
- C:\Windows\System\mJJVImw.exe
  C:\Windows\System\mJJVImw.exe
  2⤵
  PID:3412
- C:\Windows\System\EpnaqNF.exe
  C:\Windows\System\EpnaqNF.exe
  2⤵
  PID:2264
- C:\Windows\System\aOiZGhs.exe
  C:\Windows\System\aOiZGhs.exe
  2⤵
  PID:3260
- C:\Windows\System\wFmTCwv.exe
  C:\Windows\System\wFmTCwv.exe
  2⤵
  PID:4112
- C:\Windows\System\TPyuZIE.exe
  C:\Windows\System\TPyuZIE.exe
  2⤵
  PID:4132
- C:\Windows\System\IOHwyud.exe
  C:\Windows\System\IOHwyud.exe
  2⤵
  PID:4260
- C:\Windows\System\kcIhLJL.exe
  C:\Windows\System\kcIhLJL.exe
  2⤵
  PID:4284
- C:\Windows\System\TLmFtXz.exe
  C:\Windows\System\TLmFtXz.exe
  2⤵
  PID:4300
- C:\Windows\System\slmLbCM.exe
  C:\Windows\System\slmLbCM.exe
  2⤵
  PID:4316
- C:\Windows\System\RpDwjNa.exe
  C:\Windows\System\RpDwjNa.exe
  2⤵
  PID:4332
- C:\Windows\System\xTYEbjL.exe
  C:\Windows\System\xTYEbjL.exe
  2⤵
  PID:4352
- C:\Windows\System\mSHbfvw.exe
  C:\Windows\System\mSHbfvw.exe
  2⤵
  PID:4372
- C:\Windows\System\DAfcciV.exe
  C:\Windows\System\DAfcciV.exe
  2⤵
  PID:4388
- C:\Windows\System\yZjEqxT.exe
  C:\Windows\System\yZjEqxT.exe
  2⤵
  PID:4404
- C:\Windows\System\tdGkQDp.exe
  C:\Windows\System\tdGkQDp.exe
  2⤵
  PID:4420
- C:\Windows\System\URbCRqD.exe
  C:\Windows\System\URbCRqD.exe
  2⤵
  PID:4444
- C:\Windows\System\ExIGWfm.exe
  C:\Windows\System\ExIGWfm.exe
  2⤵
  PID:4468
- C:\Windows\System\ONfVksE.exe
  C:\Windows\System\ONfVksE.exe
  2⤵
  PID:4504
- C:\Windows\System\vdDvdXp.exe
  C:\Windows\System\vdDvdXp.exe
  2⤵
  PID:4524
- C:\Windows\System\RPLfHuH.exe
  C:\Windows\System\RPLfHuH.exe
  2⤵
  PID:4540
- C:\Windows\System\eMfvUdA.exe
  C:\Windows\System\eMfvUdA.exe
  2⤵
  PID:4560
- C:\Windows\System\fOjfJcT.exe
  C:\Windows\System\fOjfJcT.exe
  2⤵
  PID:4584
- C:\Windows\System\RZPTwpO.exe
  C:\Windows\System\RZPTwpO.exe
  2⤵
  PID:4600
- C:\Windows\System\sKhUICh.exe
  C:\Windows\System\sKhUICh.exe
  2⤵
  PID:4616
- C:\Windows\System\dYRTYYo.exe
  C:\Windows\System\dYRTYYo.exe
  2⤵
  PID:4632
- C:\Windows\System\XPIiIfh.exe
  C:\Windows\System\XPIiIfh.exe
  2⤵
  PID:4648
- C:\Windows\System\utdAkvq.exe
  C:\Windows\System\utdAkvq.exe
  2⤵
  PID:4668
- C:\Windows\System\dJhhgak.exe
  C:\Windows\System\dJhhgak.exe
  2⤵
  PID:4684
- C:\Windows\System\ABaJPra.exe
  C:\Windows\System\ABaJPra.exe
  2⤵
  PID:4716
- C:\Windows\System\eKUnyrw.exe
  C:\Windows\System\eKUnyrw.exe
  2⤵
  PID:4776
- C:\Windows\System\LnQKdOV.exe
  C:\Windows\System\LnQKdOV.exe
  2⤵
  PID:4792
- C:\Windows\System\OmnoFDJ.exe
  C:\Windows\System\OmnoFDJ.exe
  2⤵
  PID:4812
- C:\Windows\System\OlHSzxz.exe
  C:\Windows\System\OlHSzxz.exe
  2⤵
  PID:4828
- C:\Windows\System\MsgXqkj.exe
  C:\Windows\System\MsgXqkj.exe
  2⤵
  PID:4856
- C:\Windows\System\BECVpIX.exe
  C:\Windows\System\BECVpIX.exe
  2⤵
  PID:4872
- C:\Windows\System\rRThzej.exe
  C:\Windows\System\rRThzej.exe
  2⤵
  PID:4896
- C:\Windows\System\qIyyRbf.exe
  C:\Windows\System\qIyyRbf.exe
  2⤵
  PID:4916
- C:\Windows\System\QbzhUcW.exe
  C:\Windows\System\QbzhUcW.exe
  2⤵
  PID:4936
- C:\Windows\System\OPPehtX.exe
  C:\Windows\System\OPPehtX.exe
  2⤵
  PID:4952
- C:\Windows\System\yNqwCxc.exe
  C:\Windows\System\yNqwCxc.exe
  2⤵
  PID:4976
- C:\Windows\System\WtdlhCe.exe
  C:\Windows\System\WtdlhCe.exe
  2⤵
  PID:5000
- C:\Windows\System\pEZluvV.exe
  C:\Windows\System\pEZluvV.exe
  2⤵
  PID:5016
- C:\Windows\System\UwpoezE.exe
  C:\Windows\System\UwpoezE.exe
  2⤵
  PID:5032
- C:\Windows\System\EKroxtV.exe
  C:\Windows\System\EKroxtV.exe
  2⤵
  PID:5048
- C:\Windows\System\NfiFauW.exe
  C:\Windows\System\NfiFauW.exe
  2⤵
  PID:5064
- C:\Windows\System\unRHVqj.exe
  C:\Windows\System\unRHVqj.exe
  2⤵
  PID:5096
- C:\Windows\System\sAsJSur.exe
  C:\Windows\System\sAsJSur.exe
  2⤵
  PID:5112
- C:\Windows\System\TmSWTpV.exe
  C:\Windows\System\TmSWTpV.exe
  2⤵
  PID:3392
- C:\Windows\System\XvLiJEr.exe
  C:\Windows\System\XvLiJEr.exe
  2⤵
  PID:3500
- C:\Windows\System\MXmLMdP.exe
  C:\Windows\System\MXmLMdP.exe
  2⤵
  PID:3808
- C:\Windows\System\QDqLgdK.exe
  C:\Windows\System\QDqLgdK.exe
  2⤵
  PID:3752
- C:\Windows\System\hApCHmu.exe
  C:\Windows\System\hApCHmu.exe
  2⤵
  PID:2144
- C:\Windows\System\tYtiTjs.exe
  C:\Windows\System\tYtiTjs.exe
  2⤵
  PID:3816
- C:\Windows\System\ecfHHcj.exe
  C:\Windows\System\ecfHHcj.exe
  2⤵
  PID:3924
- C:\Windows\System\XJKFrHZ.exe
  C:\Windows\System\XJKFrHZ.exe
  2⤵
  PID:3916
- C:\Windows\System\rhYWvlh.exe
  C:\Windows\System\rhYWvlh.exe
  2⤵
  PID:696
- C:\Windows\System\ctyAxjs.exe
  C:\Windows\System\ctyAxjs.exe
  2⤵
  PID:2424
- C:\Windows\System\vfWQQjK.exe
  C:\Windows\System\vfWQQjK.exe
  2⤵
  PID:3080
- C:\Windows\System\DjLjqkH.exe
  C:\Windows\System\DjLjqkH.exe
  2⤵
  PID:3048
- C:\Windows\System\YsaERoO.exe
  C:\Windows\System\YsaERoO.exe
  2⤵
  PID:3344
- C:\Windows\System\vhuvHsQ.exe
  C:\Windows\System\vhuvHsQ.exe
  2⤵
  PID:4104
- C:\Windows\System\QLdnVYX.exe
  C:\Windows\System\QLdnVYX.exe
  2⤵
  PID:4140
- C:\Windows\System\lrkNjXt.exe
  C:\Windows\System\lrkNjXt.exe
  2⤵
  PID:2068
- C:\Windows\System\rWnjXsX.exe
  C:\Windows\System\rWnjXsX.exe
  2⤵
  PID:2672
- C:\Windows\System\nRWNKPL.exe
  C:\Windows\System\nRWNKPL.exe
  2⤵
  PID:4196
- C:\Windows\System\zGJSExO.exe
  C:\Windows\System\zGJSExO.exe
  2⤵
  PID:2836
- C:\Windows\System\hqiOLSJ.exe
  C:\Windows\System\hqiOLSJ.exe
  2⤵
  PID:2788
- C:\Windows\System\dcQCFQg.exe
  C:\Windows\System\dcQCFQg.exe
  2⤵
  PID:4204
- C:\Windows\System\SWlPKTo.exe
  C:\Windows\System\SWlPKTo.exe
  2⤵
  PID:2284
- C:\Windows\System\kOPDhdl.exe
  C:\Windows\System\kOPDhdl.exe
  2⤵
  PID:3176
- C:\Windows\System\smSztuG.exe
  C:\Windows\System\smSztuG.exe
  2⤵
  PID:2116
- C:\Windows\System\SDVpYnT.exe
  C:\Windows\System\SDVpYnT.exe
  2⤵
  PID:2724
- C:\Windows\System\NjcZbpn.exe
  C:\Windows\System\NjcZbpn.exe
  2⤵
  PID:4236
- C:\Windows\System\fVGTyvg.exe
  C:\Windows\System\fVGTyvg.exe
  2⤵
  PID:2108
- C:\Windows\System\wwIeaeK.exe
  C:\Windows\System\wwIeaeK.exe
  2⤵
  PID:2884
- C:\Windows\System\iBCjaLR.exe
  C:\Windows\System\iBCjaLR.exe
  2⤵
  PID:1992
- C:\Windows\System\wSOKkYc.exe
  C:\Windows\System\wSOKkYc.exe
  2⤵
  PID:2360
- C:\Windows\System\FaWaakE.exe
  C:\Windows\System\FaWaakE.exe
  2⤵
  PID:2184
- C:\Windows\System\BrPnwDl.exe
  C:\Windows\System\BrPnwDl.exe
  2⤵
  PID:1376
- C:\Windows\System\VgIKzyE.exe
  C:\Windows\System\VgIKzyE.exe
  2⤵
  PID:4272
- C:\Windows\System\CzCzznd.exe
  C:\Windows\System\CzCzznd.exe
  2⤵
  PID:840
- C:\Windows\System\bVPNPim.exe
  C:\Windows\System\bVPNPim.exe
  2⤵
  PID:2156
- C:\Windows\System\AdBHLAp.exe
  C:\Windows\System\AdBHLAp.exe
  2⤵
  PID:1068
- C:\Windows\System\yyVBVOy.exe
  C:\Windows\System\yyVBVOy.exe
  2⤵
  PID:824
- C:\Windows\System\tIbAduP.exe
  C:\Windows\System\tIbAduP.exe
  2⤵
  PID:4308
- C:\Windows\System\eiNthMP.exe
  C:\Windows\System\eiNthMP.exe
  2⤵
  PID:4328
- C:\Windows\System\esLJybF.exe
  C:\Windows\System\esLJybF.exe
  2⤵
  PID:4368
- C:\Windows\System\ffotBwI.exe
  C:\Windows\System\ffotBwI.exe
  2⤵
  PID:4436
- C:\Windows\System\yzKhSiq.exe
  C:\Windows\System\yzKhSiq.exe
  2⤵
  PID:4480
- C:\Windows\System\qYhCevG.exe
  C:\Windows\System\qYhCevG.exe
  2⤵
  PID:4520
- C:\Windows\System\MDIarXb.exe
  C:\Windows\System\MDIarXb.exe
  2⤵
  PID:4568
- C:\Windows\System\CZGJTPJ.exe
  C:\Windows\System\CZGJTPJ.exe
  2⤵
  PID:4628
- C:\Windows\System\IPNSlto.exe
  C:\Windows\System\IPNSlto.exe
  2⤵
  PID:4656
- C:\Windows\System\SecleTZ.exe
  C:\Windows\System\SecleTZ.exe
  2⤵
  PID:4640
- C:\Windows\System\GWMiKoa.exe
  C:\Windows\System\GWMiKoa.exe
  2⤵
  PID:4712
- C:\Windows\System\TMloGVd.exe
  C:\Windows\System\TMloGVd.exe
  2⤵
  PID:4788
- C:\Windows\System\iYHeVFD.exe
  C:\Windows\System\iYHeVFD.exe
  2⤵
  PID:4768
- C:\Windows\System\xMNmvmn.exe
  C:\Windows\System\xMNmvmn.exe
  2⤵
  PID:4804
- C:\Windows\System\WpANdry.exe
  C:\Windows\System\WpANdry.exe
  2⤵
  PID:4848
- C:\Windows\System\mycIlNL.exe
  C:\Windows\System\mycIlNL.exe
  2⤵
  PID:4884
- C:\Windows\System\YLKBAyx.exe
  C:\Windows\System\YLKBAyx.exe
  2⤵
  PID:4924
- C:\Windows\System\ISHBUrq.exe
  C:\Windows\System\ISHBUrq.exe
  2⤵
  PID:4964
- C:\Windows\System\KVOTUCI.exe
  C:\Windows\System\KVOTUCI.exe
  2⤵
  PID:5024
- C:\Windows\System\eZizPaT.exe
  C:\Windows\System\eZizPaT.exe
  2⤵
  PID:5040
- C:\Windows\System\NMAqrHU.exe
  C:\Windows\System\NMAqrHU.exe
  2⤵
  PID:4988
- C:\Windows\System\XQtiSeY.exe
  C:\Windows\System\XQtiSeY.exe
  2⤵
  PID:3560
- C:\Windows\System\uINfxOY.exe
  C:\Windows\System\uINfxOY.exe
  2⤵
  PID:3588
- C:\Windows\System\PkKyytg.exe
  C:\Windows\System\PkKyytg.exe
  2⤵
  PID:3776
- C:\Windows\System\LqQjFXJ.exe
  C:\Windows\System\LqQjFXJ.exe
  2⤵
  PID:3900
- C:\Windows\System\KIdNXTu.exe
  C:\Windows\System\KIdNXTu.exe
  2⤵
  PID:5060
- C:\Windows\System\jaDhVBg.exe
  C:\Windows\System\jaDhVBg.exe
  2⤵
  PID:3972
- C:\Windows\System\WkKCFIe.exe
  C:\Windows\System\WkKCFIe.exe
  2⤵
  PID:3904
- C:\Windows\System\IMBtrzy.exe
  C:\Windows\System\IMBtrzy.exe
  2⤵
  PID:3324
- C:\Windows\System\ToZvxBV.exe
  C:\Windows\System\ToZvxBV.exe
  2⤵
  PID:3736
- C:\Windows\System\WrSOXIt.exe
  C:\Windows\System\WrSOXIt.exe
  2⤵
  PID:2588
- C:\Windows\System\oQyIfgF.exe
  C:\Windows\System\oQyIfgF.exe
  2⤵
  PID:3264
- C:\Windows\System\NsumpAp.exe
  C:\Windows\System\NsumpAp.exe
  2⤵
  PID:2972
- C:\Windows\System\YDRaEog.exe
  C:\Windows\System\YDRaEog.exe
  2⤵
  PID:1644
- C:\Windows\System\kEfmpOK.exe
  C:\Windows\System\kEfmpOK.exe
  2⤵
  PID:2852
- C:\Windows\System\HYhiqJG.exe
  C:\Windows\System\HYhiqJG.exe
  2⤵
  PID:2804
- C:\Windows\System\aGVBNVo.exe
  C:\Windows\System\aGVBNVo.exe
  2⤵
  PID:964
- C:\Windows\System\qcoKbjl.exe
  C:\Windows\System\qcoKbjl.exe
  2⤵
  PID:268
- C:\Windows\System\MIdiSIU.exe
  C:\Windows\System\MIdiSIU.exe
  2⤵
  PID:2480
- C:\Windows\System\hAvjZRg.exe
  C:\Windows\System\hAvjZRg.exe
  2⤵
  PID:4252
- C:\Windows\System\hcEXddJ.exe
  C:\Windows\System\hcEXddJ.exe
  2⤵
  PID:1588
- C:\Windows\System\iIPgKBD.exe
  C:\Windows\System\iIPgKBD.exe
  2⤵
  PID:4340
- C:\Windows\System\hMyhaUK.exe
  C:\Windows\System\hMyhaUK.exe
  2⤵
  PID:980
- C:\Windows\System\MygBIqI.exe
  C:\Windows\System\MygBIqI.exe
  2⤵
  PID:4456
- C:\Windows\System\OeiXQno.exe
  C:\Windows\System\OeiXQno.exe
  2⤵
  PID:4464
- C:\Windows\System\ZQstoiS.exe
  C:\Windows\System\ZQstoiS.exe
  2⤵
  PID:4476
- C:\Windows\System\fzeKdXW.exe
  C:\Windows\System\fzeKdXW.exe
  2⤵
  PID:4492
- C:\Windows\System\iOrpfFY.exe
  C:\Windows\System\iOrpfFY.exe
  2⤵
  PID:4496
- C:\Windows\System\FNtFSgr.exe
  C:\Windows\System\FNtFSgr.exe
  2⤵
  PID:4660
- C:\Windows\System\PHichnp.exe
  C:\Windows\System\PHichnp.exe
  2⤵
  PID:4836
- C:\Windows\System\IIKmpsM.exe
  C:\Windows\System\IIKmpsM.exe
  2⤵
  PID:4864
- C:\Windows\System\sVPQbuM.exe
  C:\Windows\System\sVPQbuM.exe
  2⤵
  PID:4840
- C:\Windows\System\BrFpfHb.exe
  C:\Windows\System\BrFpfHb.exe
  2⤵
  PID:4748
- C:\Windows\System\ZJDOODd.exe
  C:\Windows\System\ZJDOODd.exe
  2⤵
  PID:4800
- C:\Windows\System\tXjjIJC.exe
  C:\Windows\System\tXjjIJC.exe
  2⤵
  PID:5084
- C:\Windows\System\NsPQsop.exe
  C:\Windows\System\NsPQsop.exe
  2⤵
  PID:4912
- C:\Windows\System\UYmAGvu.exe
  C:\Windows\System\UYmAGvu.exe
  2⤵
  PID:4928
- C:\Windows\System\CIjIZra.exe
  C:\Windows\System\CIjIZra.exe
  2⤵
  PID:5012
- C:\Windows\System\ubBPtQR.exe
  C:\Windows\System\ubBPtQR.exe
  2⤵
  PID:1404
- C:\Windows\System\HlkHpxP.exe
  C:\Windows\System\HlkHpxP.exe
  2⤵
  PID:2508
- C:\Windows\System\VznHAaJ.exe
  C:\Windows\System\VznHAaJ.exe
  2⤵
  PID:3124
- C:\Windows\System\cUoSTOv.exe
  C:\Windows\System\cUoSTOv.exe
  2⤵
  PID:2576
- C:\Windows\System\nemVtFL.exe
  C:\Windows\System\nemVtFL.exe
  2⤵
  PID:2860
- C:\Windows\System\XEpMtkh.exe
  C:\Windows\System\XEpMtkh.exe
  2⤵
  PID:2668
- C:\Windows\System\FgxeEbK.exe
  C:\Windows\System\FgxeEbK.exe
  2⤵
  PID:1072
- C:\Windows\System\voHOmEp.exe
  C:\Windows\System\voHOmEp.exe
  2⤵
  PID:2532
- C:\Windows\System\AiJghHb.exe
  C:\Windows\System\AiJghHb.exe
  2⤵
  PID:2704
- C:\Windows\System\AnycXhf.exe
  C:\Windows\System\AnycXhf.exe
  2⤵
  PID:2652
- C:\Windows\System\xBPuUuI.exe
  C:\Windows\System\xBPuUuI.exe
  2⤵
  PID:3220
- C:\Windows\System\BwXBTcL.exe
  C:\Windows\System\BwXBTcL.exe
  2⤵
  PID:2664
- C:\Windows\System\saqmXOo.exe
  C:\Windows\System\saqmXOo.exe
  2⤵
  PID:1532
- C:\Windows\System\OMDakKE.exe
  C:\Windows\System\OMDakKE.exe
  2⤵
  PID:2812
- C:\Windows\System\dkGLyhJ.exe
  C:\Windows\System\dkGLyhJ.exe
  2⤵
  PID:2656
- C:\Windows\System\NArhpqg.exe
  C:\Windows\System\NArhpqg.exe
  2⤵
  PID:4384
- C:\Windows\System\MQYTogX.exe
  C:\Windows\System\MQYTogX.exe
  2⤵
  PID:4256
- C:\Windows\System\SYBwLrH.exe
  C:\Windows\System\SYBwLrH.exe
  2⤵
  PID:4696
- C:\Windows\System\YMnGXdQ.exe
  C:\Windows\System\YMnGXdQ.exe
  2⤵
  PID:4760
- C:\Windows\System\ZTWXOqf.exe
  C:\Windows\System\ZTWXOqf.exe
  2⤵
  PID:4892
- C:\Windows\System\AIhwNuS.exe
  C:\Windows\System\AIhwNuS.exe
  2⤵
  PID:5076
- C:\Windows\System\RSiIGNi.exe
  C:\Windows\System\RSiIGNi.exe
  2⤵
  PID:4996
- C:\Windows\System\fBDdErZ.exe
  C:\Windows\System\fBDdErZ.exe
  2⤵
  PID:4824
- C:\Windows\System\Kydowxe.exe
  C:\Windows\System\Kydowxe.exe
  2⤵
  PID:4948
- C:\Windows\System\vSjkVZU.exe
  C:\Windows\System\vSjkVZU.exe
  2⤵
  PID:5008
- C:\Windows\System\AkyVJLv.exe
  C:\Windows\System\AkyVJLv.exe
  2⤵
  PID:5104
- C:\Windows\System\pgmuhrq.exe
  C:\Windows\System\pgmuhrq.exe
  2⤵
  PID:1676
- C:\Windows\System\JLPoPma.exe
  C:\Windows\System\JLPoPma.exe
  2⤵
  PID:3216
- C:\Windows\System\CCkxIkd.exe
  C:\Windows\System\CCkxIkd.exe
  2⤵
  PID:3524
- C:\Windows\System\jDTtQvJ.exe
  C:\Windows\System\jDTtQvJ.exe
  2⤵
  PID:2992
- C:\Windows\System\euqxzpf.exe
  C:\Windows\System\euqxzpf.exe
  2⤵
  PID:2176
- C:\Windows\System\cLkaEYH.exe
  C:\Windows\System\cLkaEYH.exe
  2⤵
  PID:1900
- C:\Windows\System\FBsBiZD.exe
  C:\Windows\System\FBsBiZD.exe
  2⤵
  PID:4516
- C:\Windows\System\MAVtDbd.exe
  C:\Windows\System\MAVtDbd.exe
  2⤵
  PID:3060
- C:\Windows\System\KLBWguO.exe
  C:\Windows\System\KLBWguO.exe
  2⤵
  PID:4412
- C:\Windows\System\eFJZlEh.exe
  C:\Windows\System\eFJZlEh.exe
  2⤵
  PID:4276
- C:\Windows\System\mdRgXLS.exe
  C:\Windows\System\mdRgXLS.exe
  2⤵
  PID:2616
- C:\Windows\System\HRBnrlo.exe
  C:\Windows\System\HRBnrlo.exe
  2⤵
  PID:4400
- C:\Windows\System\NwsGxLy.exe
  C:\Windows\System\NwsGxLy.exe
  2⤵
  PID:4092
- C:\Windows\System\QkmpYfi.exe
  C:\Windows\System\QkmpYfi.exe
  2⤵
  PID:2796
- C:\Windows\System\ButDiqi.exe
  C:\Windows\System\ButDiqi.exe
  2⤵
  PID:2872
- C:\Windows\System\REgJakI.exe
  C:\Windows\System\REgJakI.exe
  2⤵
  PID:5092
- C:\Windows\System\iorqJoh.exe
  C:\Windows\System\iorqJoh.exe
  2⤵
  PID:4644
- C:\Windows\System\ZAyQQVH.exe
  C:\Windows\System\ZAyQQVH.exe
  2⤵
  PID:2948
- C:\Windows\System\zmHbmjG.exe
  C:\Windows\System\zmHbmjG.exe
  2⤵
  PID:4348
- C:\Windows\System\ebRaLxZ.exe
  C:\Windows\System\ebRaLxZ.exe
  2⤵
  PID:4820
- C:\Windows\System\kfXBVsS.exe
  C:\Windows\System\kfXBVsS.exe
  2⤵
  PID:4188
- C:\Windows\System\BmEfEGs.exe
  C:\Windows\System\BmEfEGs.exe
  2⤵
  PID:3740
- C:\Windows\System\ioWazja.exe
  C:\Windows\System\ioWazja.exe
  2⤵
  PID:2856
- C:\Windows\System\itwmtkq.exe
  C:\Windows\System\itwmtkq.exe
  2⤵
  PID:1412
- C:\Windows\System\rRtUWzd.exe
  C:\Windows\System\rRtUWzd.exe
  2⤵
  PID:5124
- C:\Windows\System\UlcaGBl.exe
  C:\Windows\System\UlcaGBl.exe
  2⤵
  PID:5140
- C:\Windows\System\TKFoHkp.exe
  C:\Windows\System\TKFoHkp.exe
  2⤵
  PID:5156
- C:\Windows\System\nFQFuUb.exe
  C:\Windows\System\nFQFuUb.exe
  2⤵
  PID:5172
- C:\Windows\System\DfebDKl.exe
  C:\Windows\System\DfebDKl.exe
  2⤵
  PID:5188
- C:\Windows\System\YyQUttS.exe
  C:\Windows\System\YyQUttS.exe
  2⤵
  PID:5204
- C:\Windows\System\tpvlMbG.exe
  C:\Windows\System\tpvlMbG.exe
  2⤵
  PID:5220
- C:\Windows\System\ngoVrtz.exe
  C:\Windows\System\ngoVrtz.exe
  2⤵
  PID:5320
- C:\Windows\System\CwZMDuB.exe
  C:\Windows\System\CwZMDuB.exe
  2⤵
  PID:5340
- C:\Windows\System\bAxbVMw.exe
  C:\Windows\System\bAxbVMw.exe
  2⤵
  PID:5356
- C:\Windows\System\goSebbs.exe
  C:\Windows\System\goSebbs.exe
  2⤵
  PID:5372
- C:\Windows\System\BOMRrHw.exe
  C:\Windows\System\BOMRrHw.exe
  2⤵
  PID:5388
- C:\Windows\System\Qdcqzwr.exe
  C:\Windows\System\Qdcqzwr.exe
  2⤵
  PID:5404
- C:\Windows\System\xHwopaJ.exe
  C:\Windows\System\xHwopaJ.exe
  2⤵
  PID:5420
- C:\Windows\System\iMdzpbw.exe
  C:\Windows\System\iMdzpbw.exe
  2⤵
  PID:5436
- C:\Windows\System\MQLIbMy.exe
  C:\Windows\System\MQLIbMy.exe
  2⤵
  PID:5452
- C:\Windows\System\XEnBxQV.exe
  C:\Windows\System\XEnBxQV.exe
  2⤵
  PID:5468
- C:\Windows\System\BrPAqTz.exe
  C:\Windows\System\BrPAqTz.exe
  2⤵
  PID:5484
- C:\Windows\System\wZnavpu.exe
  C:\Windows\System\wZnavpu.exe
  2⤵
  PID:5500
- C:\Windows\System\suGTvDa.exe
  C:\Windows\System\suGTvDa.exe
  2⤵
  PID:5516
- C:\Windows\System\IbDxZHE.exe
  C:\Windows\System\IbDxZHE.exe
  2⤵
  PID:5532
- C:\Windows\System\ycLuXGo.exe
  C:\Windows\System\ycLuXGo.exe
  2⤵
  PID:5548
- C:\Windows\System\BkPoXMd.exe
  C:\Windows\System\BkPoXMd.exe
  2⤵
  PID:5568
- C:\Windows\System\LXniwmM.exe
  C:\Windows\System\LXniwmM.exe
  2⤵
  PID:5584
- C:\Windows\System\SkipqGc.exe
  C:\Windows\System\SkipqGc.exe
  2⤵
  PID:5600
- C:\Windows\System\YoKOtuW.exe
  C:\Windows\System\YoKOtuW.exe
  2⤵
  PID:5616
- C:\Windows\System\lvTBSCL.exe
  C:\Windows\System\lvTBSCL.exe
  2⤵
  PID:5632
- C:\Windows\System\LHOnvab.exe
  C:\Windows\System\LHOnvab.exe
  2⤵
  PID:5648
- C:\Windows\System\VxLxBCd.exe
  C:\Windows\System\VxLxBCd.exe
  2⤵
  PID:5664
- C:\Windows\System\CftrRRj.exe
  C:\Windows\System\CftrRRj.exe
  2⤵
  PID:5680
- C:\Windows\System\fzuocBT.exe
  C:\Windows\System\fzuocBT.exe
  2⤵
  PID:5696
- C:\Windows\System\cZxSEVt.exe
  C:\Windows\System\cZxSEVt.exe
  2⤵
  PID:5712
- C:\Windows\System\wqqcloa.exe
  C:\Windows\System\wqqcloa.exe
  2⤵
  PID:5728
- C:\Windows\System\WOFLcXa.exe
  C:\Windows\System\WOFLcXa.exe
  2⤵
  PID:5744
- C:\Windows\System\NAdipQv.exe
  C:\Windows\System\NAdipQv.exe
  2⤵
  PID:5760
- C:\Windows\System\IGtIcPh.exe
  C:\Windows\System\IGtIcPh.exe
  2⤵
  PID:5776
- C:\Windows\System\qjNODmt.exe
  C:\Windows\System\qjNODmt.exe
  2⤵
  PID:5792
- C:\Windows\System\lMipYPs.exe
  C:\Windows\System\lMipYPs.exe
  2⤵
  PID:5808
- C:\Windows\System\Hzoxtmb.exe
  C:\Windows\System\Hzoxtmb.exe
  2⤵
  PID:5824
- C:\Windows\System\FklqmkU.exe
  C:\Windows\System\FklqmkU.exe
  2⤵
  PID:5840
- C:\Windows\System\kPIIrzK.exe
  C:\Windows\System\kPIIrzK.exe
  2⤵
  PID:5856
- C:\Windows\System\DXRrrsY.exe
  C:\Windows\System\DXRrrsY.exe
  2⤵
  PID:5872
- C:\Windows\System\gZeyKSH.exe
  C:\Windows\System\gZeyKSH.exe
  2⤵
  PID:5888
- C:\Windows\System\LUxRdjC.exe
  C:\Windows\System\LUxRdjC.exe
  2⤵
  PID:5904
- C:\Windows\System\YRuQWpY.exe
  C:\Windows\System\YRuQWpY.exe
  2⤵
  PID:5920
- C:\Windows\System\pgWRGZN.exe
  C:\Windows\System\pgWRGZN.exe
  2⤵
  PID:5936
- C:\Windows\System\ArmBUbO.exe
  C:\Windows\System\ArmBUbO.exe
  2⤵
  PID:5952
- C:\Windows\System\UmwDxyF.exe
  C:\Windows\System\UmwDxyF.exe
  2⤵
  PID:5968
- C:\Windows\System\HjNddcL.exe
  C:\Windows\System\HjNddcL.exe
  2⤵
  PID:5984
- C:\Windows\System\tyCLXEJ.exe
  C:\Windows\System\tyCLXEJ.exe
  2⤵
  PID:6000
- C:\Windows\System\lcHcvlf.exe
  C:\Windows\System\lcHcvlf.exe
  2⤵
  PID:6016
- C:\Windows\System\OpAikrR.exe
  C:\Windows\System\OpAikrR.exe
  2⤵
  PID:6032
- C:\Windows\System\Ybvfrvl.exe
  C:\Windows\System\Ybvfrvl.exe
  2⤵
  PID:6048
- C:\Windows\System\WXSGpWN.exe
  C:\Windows\System\WXSGpWN.exe
  2⤵
  PID:6064
- C:\Windows\System\PoMlBAc.exe
  C:\Windows\System\PoMlBAc.exe
  2⤵
  PID:6084
- C:\Windows\System\hdPaZrT.exe
  C:\Windows\System\hdPaZrT.exe
  2⤵
  PID:6100
- C:\Windows\System\UIgANmA.exe
  C:\Windows\System\UIgANmA.exe
  2⤵
  PID:6116
- C:\Windows\System\MYebUQc.exe
  C:\Windows\System\MYebUQc.exe
  2⤵
  PID:6132
- C:\Windows\System\MqcoxuS.exe
  C:\Windows\System\MqcoxuS.exe
  2⤵
  PID:2236
- C:\Windows\System\fSpCvWO.exe
  C:\Windows\System\fSpCvWO.exe
  2⤵
  PID:5180
- C:\Windows\System\uazzDUd.exe
  C:\Windows\System\uazzDUd.exe
  2⤵
  PID:5216
- C:\Windows\System\vewdFWS.exe
  C:\Windows\System\vewdFWS.exe
  2⤵
  PID:5164
- C:\Windows\System\TwCYfbR.exe
  C:\Windows\System\TwCYfbR.exe
  2⤵
  PID:4160
- C:\Windows\System\fdoJbRR.exe
  C:\Windows\System\fdoJbRR.exe
  2⤵
  PID:5196
- C:\Windows\System\PmoXVCY.exe
  C:\Windows\System\PmoXVCY.exe
  2⤵
  PID:5248
- C:\Windows\System\jiuLXVg.exe
  C:\Windows\System\jiuLXVg.exe
  2⤵
  PID:5264
- C:\Windows\System\FXrhZIk.exe
  C:\Windows\System\FXrhZIk.exe
  2⤵
  PID:5280
- C:\Windows\System\IfBmcph.exe
  C:\Windows\System\IfBmcph.exe
  2⤵
  PID:5296
- C:\Windows\System\mZhufNa.exe
  C:\Windows\System\mZhufNa.exe
  2⤵
  PID:5308
- C:\Windows\System\vHVnNvt.exe
  C:\Windows\System\vHVnNvt.exe
  2⤵
  PID:5368
- C:\Windows\System\xaldMNO.exe
  C:\Windows\System\xaldMNO.exe
  2⤵
  PID:5380
- C:\Windows\System\RJxRWka.exe
  C:\Windows\System\RJxRWka.exe
  2⤵
  PID:5400
- C:\Windows\System\eAAlzwT.exe
  C:\Windows\System\eAAlzwT.exe
  2⤵
  PID:5460
- C:\Windows\System\aTQwCjL.exe
  C:\Windows\System\aTQwCjL.exe
  2⤵
  PID:5524
- C:\Windows\System\KKLEKdC.exe
  C:\Windows\System\KKLEKdC.exe
  2⤵
  PID:5416
- C:\Windows\System\pDKnRzy.exe
  C:\Windows\System\pDKnRzy.exe
  2⤵
  PID:5560
- C:\Windows\System\ZRKeFzc.exe
  C:\Windows\System\ZRKeFzc.exe
  2⤵
  PID:5540
- C:\Windows\System\jxTawIl.exe
  C:\Windows\System\jxTawIl.exe
  2⤵
  PID:5624
- C:\Windows\System\rkNILwz.exe
  C:\Windows\System\rkNILwz.exe
  2⤵
  PID:5688
- C:\Windows\System\LltHxSq.exe
  C:\Windows\System\LltHxSq.exe
  2⤵
  PID:5608
- C:\Windows\System\TAuGfCz.exe
  C:\Windows\System\TAuGfCz.exe
  2⤵
  PID:5676
- C:\Windows\System\mCDqnmK.exe
  C:\Windows\System\mCDqnmK.exe
  2⤵
  PID:5752
- C:\Windows\System\AtitJKO.exe
  C:\Windows\System\AtitJKO.exe
  2⤵
  PID:5704
- C:\Windows\System\RQQycIf.exe
  C:\Windows\System\RQQycIf.exe
  2⤵
  PID:5784
- C:\Windows\System\sankIwR.exe
  C:\Windows\System\sankIwR.exe
  2⤵
  PID:5832
- C:\Windows\System\ghbYEhD.exe
  C:\Windows\System\ghbYEhD.exe
  2⤵
  PID:5852
- C:\Windows\System\viuQfiJ.exe
  C:\Windows\System\viuQfiJ.exe
  2⤵
  PID:5944
- C:\Windows\System\MGEnSqe.exe
  C:\Windows\System\MGEnSqe.exe
  2⤵
  PID:5948
- C:\Windows\System\xQBvQep.exe
  C:\Windows\System\xQBvQep.exe
  2⤵
  PID:5932
- C:\Windows\System\cYKPVud.exe
  C:\Windows\System\cYKPVud.exe
  2⤵
  PID:5868
- C:\Windows\System\tmgXOJL.exe
  C:\Windows\System\tmgXOJL.exe
  2⤵
  PID:6040
- C:\Windows\System\kmqWQUR.exe
  C:\Windows\System\kmqWQUR.exe
  2⤵
  PID:6024
- C:\Windows\System\aKmXjlg.exe
  C:\Windows\System\aKmXjlg.exe
  2⤵
  PID:6060
- C:\Windows\System\tXLcRjk.exe
  C:\Windows\System\tXLcRjk.exe
  2⤵
  PID:6140
- C:\Windows\System\WARivYm.exe
  C:\Windows\System\WARivYm.exe
  2⤵
  PID:6128
- C:\Windows\System\rsELeWh.exe
  C:\Windows\System\rsELeWh.exe
  2⤵
  PID:4592
- C:\Windows\System\jlkBQrx.exe
  C:\Windows\System\jlkBQrx.exe
  2⤵
  PID:5056
- C:\Windows\System\DslVLTo.exe
  C:\Windows\System\DslVLTo.exe
  2⤵
  PID:5240
- C:\Windows\System\kRxuhWt.exe
  C:\Windows\System\kRxuhWt.exe
  2⤵
  PID:5260
- C:\Windows\System\nmhhxCn.exe
  C:\Windows\System\nmhhxCn.exe
  2⤵
  PID:5236
- C:\Windows\System\pxIvnzQ.exe
  C:\Windows\System\pxIvnzQ.exe
  2⤵
  PID:5556
- C:\Windows\System\joLVwIP.exe
  C:\Windows\System\joLVwIP.exe
  2⤵
  PID:5596
- C:\Windows\System\gkncykF.exe
  C:\Windows\System\gkncykF.exe
  2⤵
  PID:5644
- C:\Windows\System\PenVUFG.exe
  C:\Windows\System\PenVUFG.exe
  2⤵
  PID:5352
- C:\Windows\System\FbQUZLL.exe
  C:\Windows\System\FbQUZLL.exe
  2⤵
  PID:5508
- C:\Windows\System\GxACxwg.exe
  C:\Windows\System\GxACxwg.exe
  2⤵
  PID:6080
- C:\Windows\System\lKfllge.exe
  C:\Windows\System\lKfllge.exe
  2⤵
  PID:5576
- C:\Windows\System\PGYRYsW.exe
  C:\Windows\System\PGYRYsW.exe
  2⤵
  PID:5708
- C:\Windows\System\Xbbwkzk.exe
  C:\Windows\System\Xbbwkzk.exe
  2⤵
  PID:5848
- C:\Windows\System\nGrfINI.exe
  C:\Windows\System\nGrfINI.exe
  2⤵
  PID:6008
- C:\Windows\System\fRpGVTn.exe
  C:\Windows\System\fRpGVTn.exe
  2⤵
  PID:5992
- C:\Windows\System\elWfwAq.exe
  C:\Windows\System\elWfwAq.exe
  2⤵
  PID:6056
- C:\Windows\System\adTkTGO.exe
  C:\Windows\System\adTkTGO.exe
  2⤵
  PID:6108
- C:\Windows\System\YWRtHhz.exe
  C:\Windows\System\YWRtHhz.exe
  2⤵
  PID:5272
- C:\Windows\System\pWonXjd.exe
  C:\Windows\System\pWonXjd.exe
  2⤵
  PID:5200
- C:\Windows\System\VxtjTjl.exe
  C:\Windows\System\VxtjTjl.exe
  2⤵
  PID:5432
- C:\Windows\System\ESQcXBo.exe
  C:\Windows\System\ESQcXBo.exe
  2⤵
  PID:5496
- C:\Windows\System\XDKdCYa.exe
  C:\Windows\System\XDKdCYa.exe
  2⤵
  PID:5820
- C:\Windows\System\FWoYunu.exe
  C:\Windows\System\FWoYunu.exe
  2⤵
  PID:5328
- C:\Windows\System\XIZuxNQ.exe
  C:\Windows\System\XIZuxNQ.exe
  2⤵
  PID:5964
- C:\Windows\System\NJtuJcv.exe
  C:\Windows\System\NJtuJcv.exe
  2⤵
  PID:5740
- C:\Windows\System\HkiOhxA.exe
  C:\Windows\System\HkiOhxA.exe
  2⤵
  PID:5928
- C:\Windows\System\uwzaVly.exe
  C:\Windows\System\uwzaVly.exe
  2⤵
  PID:4292
- C:\Windows\System\sodCKwp.exe
  C:\Windows\System\sodCKwp.exe
  2⤵
  PID:5656
- C:\Windows\System\hNQqPeo.exe
  C:\Windows\System\hNQqPeo.exe
  2⤵
  PID:5912
- C:\Windows\System\nXDWLiR.exe
  C:\Windows\System\nXDWLiR.exe
  2⤵
  PID:5724
- C:\Windows\System\YoTWUxo.exe
  C:\Windows\System\YoTWUxo.exe
  2⤵
  PID:4220
- C:\Windows\System\FGezILJ.exe
  C:\Windows\System\FGezILJ.exe
  2⤵
  PID:5804
- C:\Windows\System\wsNJTRL.exe
  C:\Windows\System\wsNJTRL.exe
  2⤵
  PID:6148
- C:\Windows\System\GqgZZnF.exe
  C:\Windows\System\GqgZZnF.exe
  2⤵
  PID:6164
- C:\Windows\System\hukwHMt.exe
  C:\Windows\System\hukwHMt.exe
  2⤵
  PID:6180
- C:\Windows\System\dMwbcDq.exe
  C:\Windows\System\dMwbcDq.exe
  2⤵
  PID:6196
- C:\Windows\System\JXpWMPf.exe
  C:\Windows\System\JXpWMPf.exe
  2⤵
  PID:6212
- C:\Windows\System\AKtcFsk.exe
  C:\Windows\System\AKtcFsk.exe
  2⤵
  PID:6736
- C:\Windows\System\aKlKDki.exe
  C:\Windows\System\aKlKDki.exe
  2⤵
  PID:6756
- C:\Windows\System\MAVcuCj.exe
  C:\Windows\System\MAVcuCj.exe
  2⤵
  PID:6772
- C:\Windows\System\QgKRfdH.exe
  C:\Windows\System\QgKRfdH.exe
  2⤵
  PID:6792
- C:\Windows\System\ghMNhrK.exe
  C:\Windows\System\ghMNhrK.exe
  2⤵
  PID:6812
- C:\Windows\System\NSQAJPm.exe
  C:\Windows\System\NSQAJPm.exe
  2⤵
  PID:6828
- C:\Windows\System\plKattQ.exe
  C:\Windows\System\plKattQ.exe
  2⤵
  PID:6848
- C:\Windows\System\uCCiezz.exe
  C:\Windows\System\uCCiezz.exe
  2⤵
  PID:6872
- C:\Windows\System\CISoweT.exe
  C:\Windows\System\CISoweT.exe
  2⤵
  PID:6896
- C:\Windows\System\oTLNnXQ.exe
  C:\Windows\System\oTLNnXQ.exe
  2⤵
  PID:6912
- C:\Windows\System\InSQQYE.exe
  C:\Windows\System\InSQQYE.exe
  2⤵
  PID:6932
- C:\Windows\System\ZkceAAa.exe
  C:\Windows\System\ZkceAAa.exe
  2⤵
  PID:6948
- C:\Windows\System\vsIVWqY.exe
  C:\Windows\System\vsIVWqY.exe
  2⤵
  PID:6976
- C:\Windows\System\VbtfDxX.exe
  C:\Windows\System\VbtfDxX.exe
  2⤵
  PID:7008
- C:\Windows\System\mGXvmfv.exe
  C:\Windows\System\mGXvmfv.exe
  2⤵
  PID:7024
- C:\Windows\System\cRAHFLG.exe
  C:\Windows\System\cRAHFLG.exe
  2⤵
  PID:7044
- C:\Windows\System\vgalhfA.exe
  C:\Windows\System\vgalhfA.exe
  2⤵
  PID:7068
- C:\Windows\System\xDrFVzo.exe
  C:\Windows\System\xDrFVzo.exe
  2⤵
  PID:7088
- C:\Windows\System\zWDKjnZ.exe
  C:\Windows\System\zWDKjnZ.exe
  2⤵
  PID:7104
- C:\Windows\System\bWTYXua.exe
  C:\Windows\System\bWTYXua.exe
  2⤵
  PID:7120
- C:\Windows\System\HIXQcIj.exe
  C:\Windows\System\HIXQcIj.exe
  2⤵
  PID:7152
- C:\Windows\System\rubLCTM.exe
  C:\Windows\System\rubLCTM.exe
  2⤵
  PID:6028
- C:\Windows\System\dcKIIja.exe
  C:\Windows\System\dcKIIja.exe
  2⤵
  PID:5396
- C:\Windows\System\zOWmiOq.exe
  C:\Windows\System\zOWmiOq.exe
  2⤵
  PID:6208
- C:\Windows\System\KqPURhu.exe
  C:\Windows\System\KqPURhu.exe
  2⤵
  PID:6228
- C:\Windows\System\dmRNvFM.exe
  C:\Windows\System\dmRNvFM.exe
  2⤵
  PID:6244
- C:\Windows\System\JQeCzjS.exe
  C:\Windows\System\JQeCzjS.exe
  2⤵
  PID:6260
- C:\Windows\System\rPlsGuS.exe
  C:\Windows\System\rPlsGuS.exe
  2⤵
  PID:6276
- C:\Windows\System\QmnHpHV.exe
  C:\Windows\System\QmnHpHV.exe
  2⤵
  PID:6300
- C:\Windows\System\ZhLZNkU.exe
  C:\Windows\System\ZhLZNkU.exe
  2⤵
  PID:6324
- C:\Windows\System\PZDrYLL.exe
  C:\Windows\System\PZDrYLL.exe
  2⤵
  PID:6344
- C:\Windows\System\gPEtedK.exe
  C:\Windows\System\gPEtedK.exe
  2⤵
  PID:6364
- C:\Windows\System\DZXnomr.exe
  C:\Windows\System\DZXnomr.exe
  2⤵
  PID:6384
- C:\Windows\System\ZMffOkC.exe
  C:\Windows\System\ZMffOkC.exe
  2⤵
  PID:6408
- C:\Windows\System\clRryBp.exe
  C:\Windows\System\clRryBp.exe
  2⤵
  PID:6424
- C:\Windows\System\MsckITG.exe
  C:\Windows\System\MsckITG.exe
  2⤵
  PID:6436
- C:\Windows\System\MAhOlJY.exe
  C:\Windows\System\MAhOlJY.exe
  2⤵
  PID:6460
- C:\Windows\System\vBLrUSi.exe
  C:\Windows\System\vBLrUSi.exe
  2⤵
  PID:6476
- C:\Windows\System\zfIWJbA.exe
  C:\Windows\System\zfIWJbA.exe
  2⤵
  PID:6492
- C:\Windows\System\elBssur.exe
  C:\Windows\System\elBssur.exe
  2⤵
  PID:6512
- C:\Windows\System\ISQUGhs.exe
  C:\Windows\System\ISQUGhs.exe
  2⤵
  PID:6528
- C:\Windows\System\GmGEsIQ.exe
  C:\Windows\System\GmGEsIQ.exe
  2⤵
  PID:6548
- C:\Windows\System\SuXKOmc.exe
  C:\Windows\System\SuXKOmc.exe
  2⤵
  PID:6568
- C:\Windows\System\flRJgUZ.exe
  C:\Windows\System\flRJgUZ.exe
  2⤵
  PID:6588
- C:\Windows\System\DiocFwN.exe
  C:\Windows\System\DiocFwN.exe
  2⤵
  PID:6612
- C:\Windows\System\QEJgcRx.exe
  C:\Windows\System\QEJgcRx.exe
  2⤵
  PID:6652
- C:\Windows\System\dkOzMwJ.exe
  C:\Windows\System\dkOzMwJ.exe
  2⤵
  PID:6668
- C:\Windows\System\YENOlBW.exe
  C:\Windows\System\YENOlBW.exe
  2⤵
  PID:6676
- C:\Windows\System\pQYvLCL.exe
  C:\Windows\System\pQYvLCL.exe
  2⤵
  PID:6696
- C:\Windows\System\WvVLlNL.exe
  C:\Windows\System\WvVLlNL.exe
  2⤵
  PID:6728
- C:\Windows\System\fJysJLJ.exe
  C:\Windows\System\fJysJLJ.exe
  2⤵
  PID:6748
- C:\Windows\System\TkkGytH.exe
  C:\Windows\System\TkkGytH.exe
  2⤵
  PID:6800
- C:\Windows\System\bvISpcQ.exe
  C:\Windows\System\bvISpcQ.exe
  2⤵
  PID:6860
- C:\Windows\System\YDiQpjk.exe
  C:\Windows\System\YDiQpjk.exe
  2⤵
  PID:6844
- C:\Windows\System\NWOjuRU.exe
  C:\Windows\System\NWOjuRU.exe
  2⤵
  PID:6904
- C:\Windows\System\kbatGGy.exe
  C:\Windows\System\kbatGGy.exe
  2⤵
  PID:6944
- C:\Windows\System\VLJhdya.exe
  C:\Windows\System\VLJhdya.exe
  2⤵
  PID:6968
- C:\Windows\System\FLGhchu.exe
  C:\Windows\System\FLGhchu.exe
  2⤵
  PID:1236
- C:\Windows\System\WewMajD.exe
  C:\Windows\System\WewMajD.exe
  2⤵
  PID:1172
- C:\Windows\System\cciaqfI.exe
  C:\Windows\System\cciaqfI.exe
  2⤵
  PID:2336
- C:\Windows\System\FeEvGby.exe
  C:\Windows\System\FeEvGby.exe
  2⤵
  PID:7004
- C:\Windows\System\rGISavv.exe
  C:\Windows\System\rGISavv.exe
  2⤵
  PID:7076
- C:\Windows\System\bKoVuqa.exe
  C:\Windows\System\bKoVuqa.exe
  2⤵
  PID:7052
- C:\Windows\System\QAdqIOq.exe
  C:\Windows\System\QAdqIOq.exe
  2⤵
  PID:7060
- C:\Windows\System\HGcUJZJ.exe
  C:\Windows\System\HGcUJZJ.exe
  2⤵
  PID:7164
- C:\Windows\System\TKhjzop.exe
  C:\Windows\System\TKhjzop.exe
  2⤵
  PID:6176
- C:\Windows\System\SUjxKoB.exe
  C:\Windows\System\SUjxKoB.exe
  2⤵
  PID:6204
- C:\Windows\System\kjPsYvE.exe
  C:\Windows\System\kjPsYvE.exe
  2⤵
  PID:6236
- C:\Windows\System\awpHeur.exe
  C:\Windows\System\awpHeur.exe
  2⤵
  PID:6316
- C:\Windows\System\bYcgQUn.exe
  C:\Windows\System\bYcgQUn.exe
  2⤵
  PID:6256
- C:\Windows\System\ZpXNTBw.exe
  C:\Windows\System\ZpXNTBw.exe
  2⤵
  PID:6332
- C:\Windows\System\TmaiBxy.exe
  C:\Windows\System\TmaiBxy.exe
  2⤵
  PID:6400
- C:\Windows\System\ocoXIIW.exe
  C:\Windows\System\ocoXIIW.exe
  2⤵
  PID:6380
- C:\Windows\System\RqivhnM.exe
  C:\Windows\System\RqivhnM.exe
  2⤵
  PID:6416
- C:\Windows\System\UOnRHib.exe
  C:\Windows\System\UOnRHib.exe
  2⤵
  PID:6468
- C:\Windows\System\pXKUuOy.exe
  C:\Windows\System\pXKUuOy.exe
  2⤵
  PID:6584
- C:\Windows\System\sKSYzIu.exe
  C:\Windows\System\sKSYzIu.exe
  2⤵
  PID:6628
- C:\Windows\System\ZqHwppt.exe
  C:\Windows\System\ZqHwppt.exe
  2⤵
  PID:6596
- C:\Windows\System\ATbMmru.exe
  C:\Windows\System\ATbMmru.exe
  2⤵
  PID:6456
- C:\Windows\System\gfGggnd.exe
  C:\Windows\System\gfGggnd.exe
  2⤵
  PID:6604
- C:\Windows\System\dosQGJG.exe
  C:\Windows\System\dosQGJG.exe
  2⤵
  PID:6680
- C:\Windows\System\KUFexFT.exe
  C:\Windows\System\KUFexFT.exe
  2⤵
  PID:6724
- C:\Windows\System\UPVwlal.exe
  C:\Windows\System\UPVwlal.exe
  2⤵
  PID:6716
- C:\Windows\System\GSYjhFt.exe
  C:\Windows\System\GSYjhFt.exe
  2⤵
  PID:6692
- C:\Windows\System\iDqjxUk.exe
  C:\Windows\System\iDqjxUk.exe
  2⤵
  PID:6804
- C:\Windows\System\PQWKutS.exe
  C:\Windows\System\PQWKutS.exe
  2⤵
  PID:6764
- C:\Windows\System\XqRIBUb.exe
  C:\Windows\System\XqRIBUb.exe
  2⤵
  PID:6960
- C:\Windows\System\EWbOjBE.exe
  C:\Windows\System\EWbOjBE.exe
  2⤵
  PID:6984
- C:\Windows\System\JCTrlmF.exe
  C:\Windows\System\JCTrlmF.exe
  2⤵
  PID:1648
- C:\Windows\System\oTOoqAR.exe
  C:\Windows\System\oTOoqAR.exe
  2⤵
  PID:7064
- C:\Windows\System\FXrANPQ.exe
  C:\Windows\System\FXrANPQ.exe
  2⤵
  PID:2936
- C:\Windows\System\aBtKJAf.exe
  C:\Windows\System\aBtKJAf.exe
  2⤵
  PID:6160
- C:\Windows\System\aophgaN.exe
  C:\Windows\System\aophgaN.exe
  2⤵
  PID:6252
- C:\Windows\System\RiFixSF.exe
  C:\Windows\System\RiFixSF.exe
  2⤵
  PID:5660
- C:\Windows\System\utJtRJD.exe
  C:\Windows\System\utJtRJD.exe
  2⤵
  PID:6540
- C:\Windows\System\vQhoHhj.exe
  C:\Windows\System\vQhoHhj.exe
  2⤵
  PID:6640
- C:\Windows\System\agZoQuR.exe
  C:\Windows\System\agZoQuR.exe
  2⤵
  PID:5292
- C:\Windows\System\NQAmzFe.exe
  C:\Windows\System\NQAmzFe.exe
  2⤵
  PID:6272
- C:\Windows\System\vndjXAy.exe
  C:\Windows\System\vndjXAy.exe
  2⤵
  PID:6292
- C:\Windows\System\JIriamZ.exe
  C:\Windows\System\JIriamZ.exe
  2⤵
  PID:5332
- C:\Windows\System\PJDakwP.exe
  C:\Windows\System\PJDakwP.exe
  2⤵
  PID:6448
- C:\Windows\System\AyiXMrf.exe
  C:\Windows\System\AyiXMrf.exe
  2⤵
  PID:6720
- C:\Windows\System\PcKnMTq.exe
  C:\Windows\System\PcKnMTq.exe
  2⤵
  PID:6700
- C:\Windows\System\trBFuud.exe
  C:\Windows\System\trBFuud.exe
  2⤵
  PID:7020
- C:\Windows\System\jbXHQEp.exe
  C:\Windows\System\jbXHQEp.exe
  2⤵
  PID:6884
- C:\Windows\System\RTvrafI.exe
  C:\Windows\System\RTvrafI.exe
  2⤵
  PID:6928
- C:\Windows\System\lwfAxTj.exe
  C:\Windows\System\lwfAxTj.exe
  2⤵
  PID:6660
- C:\Windows\System\mWWwyJy.exe
  C:\Windows\System\mWWwyJy.exe
  2⤵
  PID:6432
- C:\Windows\System\eSJwJBi.exe
  C:\Windows\System\eSJwJBi.exe
  2⤵
  PID:5836
- C:\Windows\System\cxIggOS.exe
  C:\Windows\System\cxIggOS.exe
  2⤵
  PID:7144
- C:\Windows\System\sTpVEzj.exe
  C:\Windows\System\sTpVEzj.exe
  2⤵
  PID:6644
- C:\Windows\System\dGAtOaz.exe
  C:\Windows\System\dGAtOaz.exe
  2⤵
  PID:7140
- C:\Windows\System\igKIRgi.exe
  C:\Windows\System\igKIRgi.exe
  2⤵
  PID:5316
- C:\Windows\System\YbDjCjD.exe
  C:\Windows\System\YbDjCjD.exe
  2⤵
  PID:7160
- C:\Windows\System\WACJpVY.exe
  C:\Windows\System\WACJpVY.exe
  2⤵
  PID:6296
- C:\Windows\System\EprhCSV.exe
  C:\Windows\System\EprhCSV.exe
  2⤵
  PID:6544
- C:\Windows\System\GSPHHML.exe
  C:\Windows\System\GSPHHML.exe
  2⤵
  PID:1420
- C:\Windows\System\bUZEihO.exe
  C:\Windows\System\bUZEihO.exe
  2⤵
  PID:6704
- C:\Windows\System\WgBtlXi.exe
  C:\Windows\System\WgBtlXi.exe
  2⤵
  PID:6560
- C:\Windows\System\TAaBSTr.exe
  C:\Windows\System\TAaBSTr.exe
  2⤵
  PID:6648
- C:\Windows\System\SLuLDxr.exe
  C:\Windows\System\SLuLDxr.exe
  2⤵
  PID:6820
- C:\Windows\System\ieZpFqW.exe
  C:\Windows\System\ieZpFqW.exe
  2⤵
  PID:3068
- C:\Windows\System\NHBbEMt.exe
  C:\Windows\System\NHBbEMt.exe
  2⤵
  PID:7100
- C:\Windows\System\RmShgOG.exe
  C:\Windows\System\RmShgOG.exe
  2⤵
  PID:6520
- C:\Windows\System\VNVWVMV.exe
  C:\Windows\System\VNVWVMV.exe
  2⤵
  PID:6348
- C:\Windows\System\TEzjoLK.exe
  C:\Windows\System\TEzjoLK.exe
  2⤵
  PID:6972
- C:\Windows\System\YmNfyMa.exe
  C:\Windows\System\YmNfyMa.exe
  2⤵
  PID:6312
- C:\Windows\System\XtTPmKt.exe
  C:\Windows\System\XtTPmKt.exe
  2⤵
  PID:6396
- C:\Windows\System\cbCGZlT.exe
  C:\Windows\System\cbCGZlT.exe
  2⤵
  PID:6752
- C:\Windows\System\QKXlWqP.exe
  C:\Windows\System\QKXlWqP.exe
  2⤵
  PID:7036
- C:\Windows\System\GGJBqyg.exe
  C:\Windows\System\GGJBqyg.exe
  2⤵
  PID:7080
- C:\Windows\System\CfglkwZ.exe
  C:\Windows\System\CfglkwZ.exe
  2⤵
  PID:6524
- C:\Windows\System\FRnGBlX.exe
  C:\Windows\System\FRnGBlX.exe
  2⤵
  PID:6880
- C:\Windows\System\bnfpfZJ.exe
  C:\Windows\System\bnfpfZJ.exe
  2⤵
  PID:6620
- C:\Windows\System\eSlhzys.exe
  C:\Windows\System\eSlhzys.exe
  2⤵
  PID:7172
- C:\Windows\System\sZczOhc.exe
  C:\Windows\System\sZczOhc.exe
  2⤵
  PID:7192
- C:\Windows\System\MaheQdx.exe
  C:\Windows\System\MaheQdx.exe
  2⤵
  PID:7212
- C:\Windows\System\mFKqCMQ.exe
  C:\Windows\System\mFKqCMQ.exe
  2⤵
  PID:7232
- C:\Windows\System\tsawdLj.exe
  C:\Windows\System\tsawdLj.exe
  2⤵
  PID:7252
- C:\Windows\System\LTqtMPL.exe
  C:\Windows\System\LTqtMPL.exe
  2⤵
  PID:7268
- C:\Windows\System\xTdUSAC.exe
  C:\Windows\System\xTdUSAC.exe
  2⤵
  PID:7288
- C:\Windows\System\DHUsoIY.exe
  C:\Windows\System\DHUsoIY.exe
  2⤵
  PID:7308
- C:\Windows\System\dkcitAg.exe
  C:\Windows\System\dkcitAg.exe
  2⤵
  PID:7324
- C:\Windows\System\dZtxaBX.exe
  C:\Windows\System\dZtxaBX.exe
  2⤵
  PID:7352
- C:\Windows\System\RetuTzt.exe
  C:\Windows\System\RetuTzt.exe
  2⤵
  PID:7368
- C:\Windows\System\sxbMEAR.exe
  C:\Windows\System\sxbMEAR.exe
  2⤵
  PID:7384
- C:\Windows\System\APDRDaW.exe
  C:\Windows\System\APDRDaW.exe
  2⤵
  PID:7400
- C:\Windows\System\QgYxcce.exe
  C:\Windows\System\QgYxcce.exe
  2⤵
  PID:7432
- C:\Windows\System\mpdarZw.exe
  C:\Windows\System\mpdarZw.exe
  2⤵
  PID:7448
- C:\Windows\System\yczvDrd.exe
  C:\Windows\System\yczvDrd.exe
  2⤵
  PID:7464
- C:\Windows\System\gDQENLG.exe
  C:\Windows\System\gDQENLG.exe
  2⤵
  PID:7484
- C:\Windows\System\tZNnzMQ.exe
  C:\Windows\System\tZNnzMQ.exe
  2⤵
  PID:7504
- C:\Windows\System\iHWEBbN.exe
  C:\Windows\System\iHWEBbN.exe
  2⤵
  PID:7520
- C:\Windows\System\vAsMLMV.exe
  C:\Windows\System\vAsMLMV.exe
  2⤵
  PID:7536
- C:\Windows\System\WagZPoT.exe
  C:\Windows\System\WagZPoT.exe
  2⤵
  PID:7552
- C:\Windows\System\mGkCQCB.exe
  C:\Windows\System\mGkCQCB.exe
  2⤵
  PID:7568
- C:\Windows\System\bBsAuOA.exe
  C:\Windows\System\bBsAuOA.exe
  2⤵
  PID:7584
- C:\Windows\System\egKuufy.exe
  C:\Windows\System\egKuufy.exe
  2⤵
  PID:7600
- C:\Windows\System\yrlkoSy.exe
  C:\Windows\System\yrlkoSy.exe
  2⤵
  PID:7620
- C:\Windows\System\aQgreKw.exe
  C:\Windows\System\aQgreKw.exe
  2⤵
  PID:7636
- C:\Windows\System\qknMtvD.exe
  C:\Windows\System\qknMtvD.exe
  2⤵
  PID:7652
- C:\Windows\System\GnyXTQq.exe
  C:\Windows\System\GnyXTQq.exe
  2⤵
  PID:7672
- C:\Windows\System\wBYWSkn.exe
  C:\Windows\System\wBYWSkn.exe
  2⤵
  PID:7688
- C:\Windows\System\oQFutkJ.exe
  C:\Windows\System\oQFutkJ.exe
  2⤵
  PID:7708
- C:\Windows\System\tjFToRF.exe
  C:\Windows\System\tjFToRF.exe
  2⤵
  PID:7724
- C:\Windows\System\HoVqLTC.exe
  C:\Windows\System\HoVqLTC.exe
  2⤵
  PID:7748
- C:\Windows\System\wksNdSQ.exe
  C:\Windows\System\wksNdSQ.exe
  2⤵
  PID:7764
- C:\Windows\System\QMdOaVa.exe
  C:\Windows\System\QMdOaVa.exe
  2⤵
  PID:7780
- C:\Windows\System\rCilSbb.exe
  C:\Windows\System\rCilSbb.exe
  2⤵
  PID:7800
- C:\Windows\System\hopulfn.exe
  C:\Windows\System\hopulfn.exe
  2⤵
  PID:7820
- C:\Windows\System\NpKEAcc.exe
  C:\Windows\System\NpKEAcc.exe
  2⤵
  PID:7836
- C:\Windows\System\jNSugqz.exe
  C:\Windows\System\jNSugqz.exe
  2⤵
  PID:7852
- C:\Windows\System\VlekjsK.exe
  C:\Windows\System\VlekjsK.exe
  2⤵
  PID:7868
- C:\Windows\System\TzbndTY.exe
  C:\Windows\System\TzbndTY.exe
  2⤵
  PID:7884
- C:\Windows\System\EtBrRvF.exe
  C:\Windows\System\EtBrRvF.exe
  2⤵
  PID:7900
- C:\Windows\System\hrzQwpj.exe
  C:\Windows\System\hrzQwpj.exe
  2⤵
  PID:7920
- C:\Windows\System\tpOjuZR.exe
  C:\Windows\System\tpOjuZR.exe
  2⤵
  PID:7944
- C:\Windows\System\CISbSIz.exe
  C:\Windows\System\CISbSIz.exe
  2⤵
  PID:7960
- C:\Windows\System\igdpBeA.exe
  C:\Windows\System\igdpBeA.exe
  2⤵
  PID:7976
- C:\Windows\System\OrBaLjw.exe
  C:\Windows\System\OrBaLjw.exe
  2⤵
  PID:7992
- C:\Windows\System\GQjAKCQ.exe
  C:\Windows\System\GQjAKCQ.exe
  2⤵
  PID:8008
- C:\Windows\System\kqWzCfO.exe
  C:\Windows\System\kqWzCfO.exe
  2⤵
  PID:8024
- C:\Windows\System\MZJHNyr.exe
  C:\Windows\System\MZJHNyr.exe
  2⤵
  PID:8040
- C:\Windows\System\CqPihWj.exe
  C:\Windows\System\CqPihWj.exe
  2⤵
  PID:8056
- C:\Windows\System\MqCTtUu.exe
  C:\Windows\System\MqCTtUu.exe
  2⤵
  PID:8072
- C:\Windows\System\PNCtpha.exe
  C:\Windows\System\PNCtpha.exe
  2⤵
  PID:8092
- C:\Windows\System\eZRRZvN.exe
  C:\Windows\System\eZRRZvN.exe
  2⤵
  PID:8108
- C:\Windows\System\VpcTDft.exe
  C:\Windows\System\VpcTDft.exe
  2⤵
  PID:8124
- C:\Windows\System\EJDldPo.exe
  C:\Windows\System\EJDldPo.exe
  2⤵
  PID:8140
- C:\Windows\System\hHKKLlm.exe
  C:\Windows\System\hHKKLlm.exe
  2⤵
  PID:8156
- C:\Windows\System\WnLCEnA.exe
  C:\Windows\System\WnLCEnA.exe
  2⤵
  PID:8172
- C:\Windows\System\zyaUexj.exe
  C:\Windows\System\zyaUexj.exe
  2⤵
  PID:8188
- C:\Windows\System\HDMzayO.exe
  C:\Windows\System\HDMzayO.exe
  2⤵
  PID:7184
- C:\Windows\System\BVlPTSc.exe
  C:\Windows\System\BVlPTSc.exe
  2⤵
  PID:7228
- C:\Windows\System\IJCUKnY.exe
  C:\Windows\System\IJCUKnY.exe
  2⤵
  PID:7260
- C:\Windows\System\GoHdhMw.exe
  C:\Windows\System\GoHdhMw.exe
  2⤵
  PID:7300
- C:\Windows\System\kDKdTPL.exe
  C:\Windows\System\kDKdTPL.exe
  2⤵
  PID:7276
- C:\Windows\System\owNWuKc.exe
  C:\Windows\System\owNWuKc.exe
  2⤵
  PID:7344
- C:\Windows\System\mqcBdhy.exe
  C:\Windows\System\mqcBdhy.exe
  2⤵
  PID:7392
- C:\Windows\System\hMLpduF.exe
  C:\Windows\System\hMLpduF.exe
  2⤵
  PID:7416
- C:\Windows\System\GutrYiq.exe
  C:\Windows\System\GutrYiq.exe
  2⤵
  PID:7424
- C:\Windows\System\kknRAsb.exe
  C:\Windows\System\kknRAsb.exe
  2⤵
  PID:7492
- C:\Windows\System\VXhVwov.exe
  C:\Windows\System\VXhVwov.exe
  2⤵
  PID:7476
- C:\Windows\System\bwqtSrC.exe
  C:\Windows\System\bwqtSrC.exe
  2⤵
  PID:7560
- C:\Windows\System\LUVRchu.exe
  C:\Windows\System\LUVRchu.exe
  2⤵
  PID:7596
- C:\Windows\System\WaoJDjU.exe
  C:\Windows\System\WaoJDjU.exe
  2⤵
  PID:7576
- C:\Windows\System\XMroOoK.exe
  C:\Windows\System\XMroOoK.exe
  2⤵
  PID:7660
- C:\Windows\System\JWieZJl.exe
  C:\Windows\System\JWieZJl.exe
  2⤵
  PID:7704
- C:\Windows\System\XqFXFoS.exe
  C:\Windows\System\XqFXFoS.exe
  2⤵
  PID:7716
- C:\Windows\System\aFbPcOt.exe
  C:\Windows\System\aFbPcOt.exe
  2⤵
  PID:7736
- C:\Windows\System\hIQsGtA.exe
  C:\Windows\System\hIQsGtA.exe
  2⤵
  PID:7808
- C:\Windows\System\UvECDGb.exe
  C:\Windows\System\UvECDGb.exe
  2⤵
  PID:7760
- C:\Windows\System\ejGVwEH.exe
  C:\Windows\System\ejGVwEH.exe
  2⤵
  PID:7916
- C:\Windows\System\udUfDkx.exe
  C:\Windows\System\udUfDkx.exe
  2⤵
  PID:7828
- C:\Windows\System\hMooCjk.exe
  C:\Windows\System\hMooCjk.exe
  2⤵
  PID:7932
- C:\Windows\System\StonIGE.exe
  C:\Windows\System\StonIGE.exe
  2⤵
  PID:7896
- C:\Windows\System\qWsUhIu.exe
  C:\Windows\System\qWsUhIu.exe
  2⤵
  PID:7940
- C:\Windows\System\eozxSZh.exe
  C:\Windows\System\eozxSZh.exe
  2⤵
  PID:8048
- C:\Windows\System\iELAYvf.exe
  C:\Windows\System\iELAYvf.exe
  2⤵
  PID:8080
- C:\Windows\System\VojOzoZ.exe
  C:\Windows\System\VojOzoZ.exe
  2⤵
  PID:8120
- C:\Windows\System\wWNwawS.exe
  C:\Windows\System\wWNwawS.exe
  2⤵
  PID:8180
- C:\Windows\System\FMeRTXp.exe
  C:\Windows\System\FMeRTXp.exe
  2⤵
  PID:7204
- C:\Windows\System\yVpfpvM.exe
  C:\Windows\System\yVpfpvM.exe
  2⤵
  PID:8132
- C:\Windows\System\ZZLTHhj.exe
  C:\Windows\System\ZZLTHhj.exe
  2⤵
  PID:7208
- C:\Windows\System\InErdzX.exe
  C:\Windows\System\InErdzX.exe
  2⤵
  PID:7316
- C:\Windows\System\ICBDRRQ.exe
  C:\Windows\System\ICBDRRQ.exe
  2⤵
  PID:7380
- C:\Windows\System\fmHckXS.exe
  C:\Windows\System\fmHckXS.exe
  2⤵
  PID:7460
- C:\Windows\System\tLyusfX.exe
  C:\Windows\System\tLyusfX.exe
  2⤵
  PID:7440
- C:\Windows\System\cAhRSnu.exe
  C:\Windows\System\cAhRSnu.exe
  2⤵
  PID:7512
- C:\Windows\System\wTCsuMu.exe
  C:\Windows\System\wTCsuMu.exe
  2⤵
  PID:7668
- C:\Windows\System\ogowghU.exe
  C:\Windows\System\ogowghU.exe
  2⤵
  PID:7684
- C:\Windows\System\rVCMYRr.exe
  C:\Windows\System\rVCMYRr.exe
  2⤵
  PID:7644
- C:\Windows\System\uDDZMKj.exe
  C:\Windows\System\uDDZMKj.exe
  2⤵
  PID:7844
- C:\Windows\System\IAVFOxK.exe
  C:\Windows\System\IAVFOxK.exe
  2⤵
  PID:7880
- C:\Windows\System\gagXHhN.exe
  C:\Windows\System\gagXHhN.exe
  2⤵
  PID:7952
- C:\Windows\System\zZCzyHy.exe
  C:\Windows\System\zZCzyHy.exe
  2⤵
  PID:8020
- C:\Windows\System\RMJBscN.exe
  C:\Windows\System\RMJBscN.exe
  2⤵
  PID:7860
- C:\Windows\System\ECZMhPn.exe
  C:\Windows\System\ECZMhPn.exe
  2⤵
  PID:8184
- C:\Windows\System\AcWVVGC.exe
  C:\Windows\System\AcWVVGC.exe
  2⤵
  PID:7928
- C:\Windows\System\FRMkFBW.exe
  C:\Windows\System\FRMkFBW.exe
  2⤵
  PID:7616
- C:\Windows\System\urOVoKu.exe
  C:\Windows\System\urOVoKu.exe
  2⤵
  PID:7304
- C:\Windows\System\BkvMrqR.exe
  C:\Windows\System\BkvMrqR.exe
  2⤵
  PID:8104
- C:\Windows\System\FGYoFPQ.exe
  C:\Windows\System\FGYoFPQ.exe
  2⤵
  PID:7340
- C:\Windows\System\vXlqjPf.exe
  C:\Windows\System\vXlqjPf.exe
  2⤵
  PID:7496
- C:\Windows\System\GiNiQKx.exe
  C:\Windows\System\GiNiQKx.exe
  2⤵
  PID:7632
- C:\Windows\System\AOWcCIr.exe
  C:\Windows\System\AOWcCIr.exe
  2⤵
  PID:7956
- C:\Windows\System\JCeOsXz.exe
  C:\Windows\System\JCeOsXz.exe
  2⤵
  PID:8004
- C:\Windows\System\hekfdaH.exe
  C:\Windows\System\hekfdaH.exe
  2⤵
  PID:7456
- C:\Windows\System\EWyWQrZ.exe
  C:\Windows\System\EWyWQrZ.exe
  2⤵
  PID:7296
- C:\Windows\System\FPsSbFV.exe
  C:\Windows\System\FPsSbFV.exe
  2⤵
  PID:7776
- C:\Windows\System\tVcNLnu.exe
  C:\Windows\System\tVcNLnu.exe
  2⤵
  PID:7892
- C:\Windows\System\vamfatB.exe
  C:\Windows\System\vamfatB.exe
  2⤵
  PID:7908
- C:\Windows\System\gLuhcsq.exe
  C:\Windows\System\gLuhcsq.exe
  2⤵
  PID:7592
- C:\Windows\System\SIjglUv.exe
  C:\Windows\System\SIjglUv.exe
  2⤵
  PID:8068
- C:\Windows\System\obiiMTm.exe
  C:\Windows\System\obiiMTm.exe
  2⤵
  PID:7408
- C:\Windows\System\yiOmtAs.exe
  C:\Windows\System\yiOmtAs.exe
  2⤵
  PID:7772
- C:\Windows\System\tENfSti.exe
  C:\Windows\System\tENfSti.exe
  2⤵
  PID:7200
- C:\Windows\System\yIFfmgs.exe
  C:\Windows\System\yIFfmgs.exe
  2⤵
  PID:8196
- C:\Windows\System\kKeJWnV.exe
  C:\Windows\System\kKeJWnV.exe
  2⤵
  PID:8216
- C:\Windows\System\RcyABkY.exe
  C:\Windows\System\RcyABkY.exe
  2⤵
  PID:8236
- C:\Windows\System\KsXhOWp.exe
  C:\Windows\System\KsXhOWp.exe
  2⤵
  PID:8268
- C:\Windows\System\VWuJemg.exe
  C:\Windows\System\VWuJemg.exe
  2⤵
  PID:8284
- C:\Windows\System\PCEutGw.exe
  C:\Windows\System\PCEutGw.exe
  2⤵
  PID:8300
- C:\Windows\System\evLQiBR.exe
  C:\Windows\System\evLQiBR.exe
  2⤵
  PID:8320
- C:\Windows\System\ajAztDE.exe
  C:\Windows\System\ajAztDE.exe
  2⤵
  PID:8340
- C:\Windows\System\FGFZkcc.exe
  C:\Windows\System\FGFZkcc.exe
  2⤵
  PID:8356
- C:\Windows\System\urDVzIK.exe
  C:\Windows\System\urDVzIK.exe
  2⤵
  PID:8376
- C:\Windows\System\NQFDsEl.exe
  C:\Windows\System\NQFDsEl.exe
  2⤵
  PID:8392
- C:\Windows\System\UJLezEt.exe
  C:\Windows\System\UJLezEt.exe
  2⤵
  PID:8412
- C:\Windows\System\YTUulVW.exe
  C:\Windows\System\YTUulVW.exe
  2⤵
  PID:8440
- C:\Windows\System\loOXIFO.exe
  C:\Windows\System\loOXIFO.exe
  2⤵
  PID:8468
- C:\Windows\System\CfzpfSK.exe
  C:\Windows\System\CfzpfSK.exe
  2⤵
  PID:8484
- C:\Windows\System\rsVaiwj.exe
  C:\Windows\System\rsVaiwj.exe
  2⤵
  PID:8500
- C:\Windows\System\thwyLwV.exe
  C:\Windows\System\thwyLwV.exe
  2⤵
  PID:8520
- C:\Windows\System\ZyIlcks.exe
  C:\Windows\System\ZyIlcks.exe
  2⤵
  PID:8548
- C:\Windows\System\JXatdsB.exe
  C:\Windows\System\JXatdsB.exe
  2⤵
  PID:8568
- C:\Windows\System\SxQpzAi.exe
  C:\Windows\System\SxQpzAi.exe
  2⤵
  PID:8588
- C:\Windows\System\ZcIOsxT.exe
  C:\Windows\System\ZcIOsxT.exe
  2⤵
  PID:8604
- C:\Windows\System\nVxZSJi.exe
  C:\Windows\System\nVxZSJi.exe
  2⤵
  PID:8628
- C:\Windows\System\LfwVUhT.exe
  C:\Windows\System\LfwVUhT.exe
  2⤵
  PID:8644
- C:\Windows\System\zrRehVg.exe
  C:\Windows\System\zrRehVg.exe
  2⤵
  PID:8664
- C:\Windows\System\KUwKTZL.exe
  C:\Windows\System\KUwKTZL.exe
  2⤵
  PID:8684
- C:\Windows\System\FzuGiLh.exe
  C:\Windows\System\FzuGiLh.exe
  2⤵
  PID:8712
- C:\Windows\System\ajETGlC.exe
  C:\Windows\System\ajETGlC.exe
  2⤵
  PID:8732
- C:\Windows\System\ajqVgnA.exe
  C:\Windows\System\ajqVgnA.exe
  2⤵
  PID:8748
- C:\Windows\System\zClSvnF.exe
  C:\Windows\System\zClSvnF.exe
  2⤵
  PID:8768
- C:\Windows\System\tXnvNzq.exe
  C:\Windows\System\tXnvNzq.exe
  2⤵
  PID:8792
- C:\Windows\System\pNQXmGB.exe
  C:\Windows\System\pNQXmGB.exe
  2⤵
  PID:8812
- C:\Windows\System\NKVLeOD.exe
  C:\Windows\System\NKVLeOD.exe
  2⤵
  PID:8828
- C:\Windows\System\JhdtFPu.exe
  C:\Windows\System\JhdtFPu.exe
  2⤵
  PID:8848
- C:\Windows\System\EDRJmVy.exe
  C:\Windows\System\EDRJmVy.exe
  2⤵
  PID:8872
- C:\Windows\System\NnGwKZB.exe
  C:\Windows\System\NnGwKZB.exe
  2⤵
  PID:8888
- C:\Windows\System\fhKnDjq.exe
  C:\Windows\System\fhKnDjq.exe
  2⤵
  PID:8912
- C:\Windows\System\TIDkqgO.exe
  C:\Windows\System\TIDkqgO.exe
  2⤵
  PID:8928
- C:\Windows\System\RwIUFTz.exe
  C:\Windows\System\RwIUFTz.exe
  2⤵
  PID:8948
- C:\Windows\System\mOZXMuv.exe
  C:\Windows\System\mOZXMuv.exe
  2⤵
  PID:8964
- C:\Windows\System\LdowPgH.exe
  C:\Windows\System\LdowPgH.exe
  2⤵
  PID:8992
- C:\Windows\System\XsiieJn.exe
  C:\Windows\System\XsiieJn.exe
  2⤵
  PID:9008
- C:\Windows\System\QmxACxE.exe
  C:\Windows\System\QmxACxE.exe
  2⤵
  PID:9032
- C:\Windows\System\ATwrAHq.exe
  C:\Windows\System\ATwrAHq.exe
  2⤵
  PID:9048
- C:\Windows\System\lnlrqiU.exe
  C:\Windows\System\lnlrqiU.exe
  2⤵
  PID:9068
- C:\Windows\System\DvysmbP.exe
  C:\Windows\System\DvysmbP.exe
  2⤵
  PID:9092
- C:\Windows\System\XpwUbhO.exe
  C:\Windows\System\XpwUbhO.exe
  2⤵
  PID:9112
- C:\Windows\System\CpidEbE.exe
  C:\Windows\System\CpidEbE.exe
  2⤵
  PID:9128
- C:\Windows\System\FDxSRHA.exe
  C:\Windows\System\FDxSRHA.exe
  2⤵
  PID:9156
- C:\Windows\System\nvIObJC.exe
  C:\Windows\System\nvIObJC.exe
  2⤵
  PID:9172
- C:\Windows\System\FJBtKzv.exe
  C:\Windows\System\FJBtKzv.exe
  2⤵
  PID:9192
- C:\Windows\System\aIhIsXI.exe
  C:\Windows\System\aIhIsXI.exe
  2⤵
  PID:9208
- C:\Windows\System\qYHkVzl.exe
  C:\Windows\System\qYHkVzl.exe
  2⤵
  PID:8224
- C:\Windows\System\BICAvFZ.exe
  C:\Windows\System\BICAvFZ.exe
  2⤵
  PID:8116
- C:\Windows\System\nOUqtOy.exe
  C:\Windows\System\nOUqtOy.exe
  2⤵
  PID:8000
- C:\Windows\System\QXLZcUd.exe
  C:\Windows\System\QXLZcUd.exe
  2⤵
  PID:8276
- C:\Windows\System\XrskShC.exe
  C:\Windows\System\XrskShC.exe
  2⤵
  PID:8316
- C:\Windows\System\uBHHzIv.exe
  C:\Windows\System\uBHHzIv.exe
  2⤵
  PID:8256
- C:\Windows\System\CPKYayA.exe
  C:\Windows\System\CPKYayA.exe
  2⤵
  PID:8352
- C:\Windows\System\rMgyGCP.exe
  C:\Windows\System\rMgyGCP.exe
  2⤵
  PID:8296
- C:\Windows\System\DSuKWCH.exe
  C:\Windows\System\DSuKWCH.exe
  2⤵
  PID:8432
- C:\Windows\System\UPsBUme.exe
  C:\Windows\System\UPsBUme.exe
  2⤵
  PID:8424
- C:\Windows\System\GXbuzGT.exe
  C:\Windows\System\GXbuzGT.exe
  2⤵
  PID:8480
- C:\Windows\System\eBoJxOo.exe
  C:\Windows\System\eBoJxOo.exe
  2⤵
  PID:8364
- C:\Windows\System\hygxnRT.exe
  C:\Windows\System\hygxnRT.exe
  2⤵
  PID:8408
- C:\Windows\System\bWuSjDH.exe
  C:\Windows\System\bWuSjDH.exe
  2⤵
  PID:8452
- C:\Windows\System\ylmULkL.exe
  C:\Windows\System\ylmULkL.exe
  2⤵
  PID:8536
- C:\Windows\System\JpjBGoW.exe
  C:\Windows\System\JpjBGoW.exe
  2⤵
  PID:2580
- C:\Windows\System\RIUqkab.exe
  C:\Windows\System\RIUqkab.exe
  2⤵
  PID:8560
- C:\Windows\System\fmyiSZp.exe
  C:\Windows\System\fmyiSZp.exe
  2⤵
  PID:8580
- C:\Windows\System\TBRIUQV.exe
  C:\Windows\System\TBRIUQV.exe
  2⤵
  PID:8672
- C:\Windows\System\nqkTWtc.exe
  C:\Windows\System\nqkTWtc.exe
  2⤵
  PID:8612
- C:\Windows\System\gajZlLP.exe
  C:\Windows\System\gajZlLP.exe
  2⤵
  PID:8624
- C:\Windows\System\Twcuvvh.exe
  C:\Windows\System\Twcuvvh.exe
  2⤵
  PID:8692
- C:\Windows\System\mCUMqIJ.exe
  C:\Windows\System\mCUMqIJ.exe
  2⤵
  PID:8756
- C:\Windows\System\Owbzqgi.exe
  C:\Windows\System\Owbzqgi.exe
  2⤵
  PID:8740
- C:\Windows\System\iZlEdNP.exe
  C:\Windows\System\iZlEdNP.exe
  2⤵
  PID:8780
- C:\Windows\System\tJCNUnN.exe
  C:\Windows\System\tJCNUnN.exe
  2⤵
  PID:8804
- C:\Windows\System\zYzyJsK.exe
  C:\Windows\System\zYzyJsK.exe
  2⤵
  PID:8820
- C:\Windows\System\WAeADtO.exe
  C:\Windows\System\WAeADtO.exe
  2⤵
  PID:8884
- C:\Windows\System\FTzAoJq.exe
  C:\Windows\System\FTzAoJq.exe
  2⤵
  PID:8868
- C:\Windows\System\rszWjBs.exe
  C:\Windows\System\rszWjBs.exe
  2⤵
  PID:8904
- C:\Windows\System\zSTOayw.exe
  C:\Windows\System\zSTOayw.exe
  2⤵
  PID:8960
- C:\Windows\System\yGELoKh.exe
  C:\Windows\System\yGELoKh.exe
  2⤵
  PID:8972
- C:\Windows\System\Obaukav.exe
  C:\Windows\System\Obaukav.exe
  2⤵
  PID:8976
- C:\Windows\System\xFznQqV.exe
  C:\Windows\System\xFznQqV.exe
  2⤵
  PID:9020
- C:\Windows\System\NZoDYNz.exe
  C:\Windows\System\NZoDYNz.exe
  2⤵
  PID:9028
- C:\Windows\System\cyiHmyZ.exe
  C:\Windows\System\cyiHmyZ.exe
  2⤵
  PID:9120
- C:\Windows\System\LGhjGlA.exe
  C:\Windows\System\LGhjGlA.exe
  2⤵
  PID:9060
- C:\Windows\System\CotTSGt.exe
  C:\Windows\System\CotTSGt.exe
  2⤵
  PID:9136
- C:\Windows\System\xXjuRuP.exe
  C:\Windows\System\xXjuRuP.exe
  2⤵
  PID:9164
- C:\Windows\System\JxRUhaI.exe
  C:\Windows\System\JxRUhaI.exe
  2⤵
  PID:9168
- C:\Windows\System\wXduIIJ.exe
  C:\Windows\System\wXduIIJ.exe
  2⤵
  PID:9188
- C:\Windows\System\XiTesPK.exe
  C:\Windows\System\XiTesPK.exe
  2⤵
  PID:7240
- C:\Windows\System\VZSgCQu.exe
  C:\Windows\System\VZSgCQu.exe
  2⤵
  PID:8248
- C:\Windows\System\FQewUkL.exe
  C:\Windows\System\FQewUkL.exe
  2⤵
  PID:8384
- C:\Windows\System\EscnmFt.exe
  C:\Windows\System\EscnmFt.exe
  2⤵
  PID:8420
- C:\Windows\System\ynHHszH.exe
  C:\Windows\System\ynHHszH.exe
  2⤵
  PID:8516
- C:\Windows\System\zLBgAjS.exe
  C:\Windows\System\zLBgAjS.exe
  2⤵
  PID:8464
- C:\Windows\System\SJFQhSx.exe
  C:\Windows\System\SJFQhSx.exe
  2⤵
  PID:8596
- C:\Windows\System\OBRSGUN.exe
  C:\Windows\System\OBRSGUN.exe
  2⤵
  PID:8564
- C:\Windows\System\orvnZDA.exe
  C:\Windows\System\orvnZDA.exe
  2⤵
  PID:8640
- C:\Windows\System\GrOQpyq.exe
  C:\Windows\System\GrOQpyq.exe
  2⤵
  PID:8620
- C:\Windows\System\BOtWjmh.exe
  C:\Windows\System\BOtWjmh.exe
  2⤵
  PID:8700
- C:\Windows\System\nZEKZid.exe
  C:\Windows\System\nZEKZid.exe
  2⤵
  PID:8840
- C:\Windows\System\LssGoiD.exe
  C:\Windows\System\LssGoiD.exe
  2⤵
  PID:8856
- C:\Windows\System\frKIRVw.exe
  C:\Windows\System\frKIRVw.exe
  2⤵
  PID:8940
- C:\Windows\System\ovBBCLA.exe
  C:\Windows\System\ovBBCLA.exe
  2⤵
  PID:8956
- C:\Windows\System\kZSlrxx.exe
  C:\Windows\System\kZSlrxx.exe
  2⤵
  PID:9124
- C:\Windows\System\ZSumbTM.exe
  C:\Windows\System\ZSumbTM.exe
  2⤵
  PID:7696
- C:\Windows\System\sjvYrPB.exe
  C:\Windows\System\sjvYrPB.exe
  2⤵
  PID:7180
- C:\Windows\System\mSRyRPa.exe
  C:\Windows\System\mSRyRPa.exe
  2⤵
  PID:1444
- C:\Windows\System\SdjJzzr.exe
  C:\Windows\System\SdjJzzr.exe
  2⤵
  PID:8636
- C:\Windows\System\VjXkgTT.exe
  C:\Windows\System\VjXkgTT.exe
  2⤵
  PID:8660
- C:\Windows\System\kuWUOvm.exe
  C:\Windows\System\kuWUOvm.exe
  2⤵
  PID:8704
- C:\Windows\System\LPtRtWG.exe
  C:\Windows\System\LPtRtWG.exe
  2⤵
  PID:9016
- C:\Windows\System\aKOfveo.exe
  C:\Windows\System\aKOfveo.exe
  2⤵
  PID:7744
- C:\Windows\System\RPsbcxM.exe
  C:\Windows\System\RPsbcxM.exe
  2⤵
  PID:9104
- C:\Windows\System\FCLCEiw.exe
  C:\Windows\System\FCLCEiw.exe
  2⤵
  PID:9024
- C:\Windows\System\wPfApID.exe
  C:\Windows\System\wPfApID.exe
  2⤵
  PID:9148
- C:\Windows\System\AfKMJzE.exe
  C:\Windows\System\AfKMJzE.exe
  2⤵
  PID:1064
- C:\Windows\System\QyjKSbJ.exe
  C:\Windows\System\QyjKSbJ.exe
  2⤵
  PID:8264
- C:\Windows\System\JvfWUxD.exe
  C:\Windows\System\JvfWUxD.exe
  2⤵
  PID:8508
- C:\Windows\System\pQMERCB.exe
  C:\Windows\System\pQMERCB.exe
  2⤵
  PID:8656
- C:\Windows\System\HkwAZpo.exe
  C:\Windows\System\HkwAZpo.exe
  2⤵
  PID:9088
- C:\Windows\System\RrYkjXh.exe
  C:\Windows\System\RrYkjXh.exe
  2⤵
  PID:8616
- C:\Windows\System\gacrnFL.exe
  C:\Windows\System\gacrnFL.exe
  2⤵
  PID:8204
- C:\Windows\System\pBuknxz.exe
  C:\Windows\System\pBuknxz.exe
  2⤵
  PID:8404
- C:\Windows\System\KmbesMC.exe
  C:\Windows\System\KmbesMC.exe
  2⤵
  PID:8896
- C:\Windows\System\BZcrabl.exe
  C:\Windows\System\BZcrabl.exe
  2⤵
  PID:9144
- C:\Windows\System\HJUbLIT.exe
  C:\Windows\System\HJUbLIT.exe
  2⤵
  PID:8252
- C:\Windows\System\krQFPrY.exe
  C:\Windows\System\krQFPrY.exe
  2⤵
  PID:8332
- C:\Windows\System\BJLbgQg.exe
  C:\Windows\System\BJLbgQg.exe
  2⤵
  PID:9228
- C:\Windows\System\PguLdZU.exe
  C:\Windows\System\PguLdZU.exe
  2⤵
  PID:9296
- C:\Windows\System\UgMGosp.exe
  C:\Windows\System\UgMGosp.exe
  2⤵
  PID:9312
- C:\Windows\System\hsyCTPK.exe
  C:\Windows\System\hsyCTPK.exe
  2⤵
  PID:9360
- C:\Windows\System\czUuybE.exe
  C:\Windows\System\czUuybE.exe
  2⤵
  PID:9396
- C:\Windows\System\NNkzIjR.exe
  C:\Windows\System\NNkzIjR.exe
  2⤵
  PID:9416
- C:\Windows\System\ohguqQd.exe
  C:\Windows\System\ohguqQd.exe
  2⤵
  PID:9436
- C:\Windows\System\lToTgHM.exe
  C:\Windows\System\lToTgHM.exe
  2⤵
  PID:9456
- C:\Windows\System\QBxDlvg.exe
  C:\Windows\System\QBxDlvg.exe
  2⤵
  PID:9472
- C:\Windows\System\HQczzcZ.exe
  C:\Windows\System\HQczzcZ.exe
  2⤵
  PID:9488
- C:\Windows\System\FXZeYsx.exe
  C:\Windows\System\FXZeYsx.exe
  2⤵
  PID:9504
- C:\Windows\System\jYtzZWd.exe
  C:\Windows\System\jYtzZWd.exe
  2⤵
  PID:9520
- C:\Windows\System\BTlFiZd.exe
  C:\Windows\System\BTlFiZd.exe
  2⤵
  PID:9536
- C:\Windows\System\aHubKbX.exe
  C:\Windows\System\aHubKbX.exe
  2⤵
  PID:9552
- C:\Windows\System\SUlFJAG.exe
  C:\Windows\System\SUlFJAG.exe
  2⤵
  PID:9568
- C:\Windows\System\QiYkzHl.exe
  C:\Windows\System\QiYkzHl.exe
  2⤵
  PID:9588
- C:\Windows\System\CkPjMCw.exe
  C:\Windows\System\CkPjMCw.exe
  2⤵
  PID:9608
- C:\Windows\System\EPNHVqp.exe
  C:\Windows\System\EPNHVqp.exe
  2⤵
  PID:9628
- C:\Windows\System\jNUWwGH.exe
  C:\Windows\System\jNUWwGH.exe
  2⤵
  PID:9652
- C:\Windows\System\SAsuOhm.exe
  C:\Windows\System\SAsuOhm.exe
  2⤵
  PID:9676
- C:\Windows\System\tqYfqYQ.exe
  C:\Windows\System\tqYfqYQ.exe
  2⤵
  PID:9712
- C:\Windows\System\RTYePUq.exe
  C:\Windows\System\RTYePUq.exe
  2⤵
  PID:9728
- C:\Windows\System\XJolnMj.exe
  C:\Windows\System\XJolnMj.exe
  2⤵
  PID:9748
- C:\Windows\System\aMRTMbr.exe
  C:\Windows\System\aMRTMbr.exe
  2⤵
  PID:9764
- C:\Windows\System\STBIbKM.exe
  C:\Windows\System\STBIbKM.exe
  2⤵
  PID:9780
- C:\Windows\System\sjtAdrY.exe
  C:\Windows\System\sjtAdrY.exe
  2⤵
  PID:9796
- C:\Windows\System\JaqBiyl.exe
  C:\Windows\System\JaqBiyl.exe
  2⤵
  PID:9812
- C:\Windows\System\EbpenEE.exe
  C:\Windows\System\EbpenEE.exe
  2⤵
  PID:9828
- C:\Windows\System\JfGlnos.exe
  C:\Windows\System\JfGlnos.exe
  2⤵
  PID:9848
- C:\Windows\System\chhuwIj.exe
  C:\Windows\System\chhuwIj.exe
  2⤵
  PID:9864
- C:\Windows\System\doRdTVU.exe
  C:\Windows\System\doRdTVU.exe
  2⤵
  PID:10072
- C:\Windows\System\eMULdze.exe
  C:\Windows\System\eMULdze.exe
  2⤵
  PID:10092
- C:\Windows\System\BeMqiPE.exe
  C:\Windows\System\BeMqiPE.exe
  2⤵
  PID:10108
- C:\Windows\System\zcWxJuv.exe
  C:\Windows\System\zcWxJuv.exe
  2⤵
  PID:10124
- C:\Windows\System\TiFYWSr.exe
  C:\Windows\System\TiFYWSr.exe
  2⤵
  PID:10140
- C:\Windows\System\hKqajnD.exe
  C:\Windows\System\hKqajnD.exe
  2⤵
  PID:10156
- C:\Windows\System\cuXakoc.exe
  C:\Windows\System\cuXakoc.exe
  2⤵
  PID:10176
- C:\Windows\System\bTPYwlP.exe
  C:\Windows\System\bTPYwlP.exe
  2⤵
  PID:10192
- C:\Windows\System\oZBHQBp.exe
  C:\Windows\System\oZBHQBp.exe
  2⤵
  PID:10208
- C:\Windows\System\lAWKdaS.exe
  C:\Windows\System\lAWKdaS.exe
  2⤵
  PID:10224
- C:\Windows\System\UvUMeeK.exe
  C:\Windows\System\UvUMeeK.exe
  2⤵
  PID:8924
- C:\Windows\System\cfdIsvi.exe
  C:\Windows\System\cfdIsvi.exe
  2⤵
  PID:9240
- C:\Windows\System\YYLVBGs.exe
  C:\Windows\System\YYLVBGs.exe
  2⤵
  PID:9252
- C:\Windows\System\DWiAosO.exe
  C:\Windows\System\DWiAosO.exe
  2⤵
  PID:9224
- C:\Windows\System\aVojxKw.exe
  C:\Windows\System\aVojxKw.exe
  2⤵
  PID:9276
- C:\Windows\System\gKDvAiL.exe
  C:\Windows\System\gKDvAiL.exe
  2⤵
  PID:9320
- C:\Windows\System\lYVzHbK.exe
  C:\Windows\System\lYVzHbK.exe
  2⤵
  PID:9336
- C:\Windows\System\DozxCRG.exe
  C:\Windows\System\DozxCRG.exe
  2⤵
  PID:9348
- C:\Windows\System\mrjfPCG.exe
  C:\Windows\System\mrjfPCG.exe
  2⤵
  PID:9328
- C:\Windows\System\TAOwcNA.exe
  C:\Windows\System\TAOwcNA.exe
  2⤵
  PID:9408
- C:\Windows\System\nCrLFsa.exe
  C:\Windows\System\nCrLFsa.exe
  2⤵
  PID:9452
- C:\Windows\System\LTEfodf.exe
  C:\Windows\System\LTEfodf.exe
  2⤵
  PID:9544
- C:\Windows\System\PDDrXQb.exe
  C:\Windows\System\PDDrXQb.exe
  2⤵
  PID:9580
- C:\Windows\System\KLMIOFx.exe
  C:\Windows\System\KLMIOFx.exe
  2⤵
  PID:9384
- C:\Windows\System\jYnzunL.exe
  C:\Windows\System\jYnzunL.exe
  2⤵
  PID:9392
- C:\Windows\System\tiLMgnd.exe
  C:\Windows\System\tiLMgnd.exe
  2⤵
  PID:9528
- C:\Windows\System\DRiGyvH.exe
  C:\Windows\System\DRiGyvH.exe
  2⤵
  PID:9432
- C:\Windows\System\ElmiSVy.exe
  C:\Windows\System\ElmiSVy.exe
  2⤵
  PID:9600
- C:\Windows\System\qFzZmvK.exe
  C:\Windows\System\qFzZmvK.exe
  2⤵
  PID:9664
- C:\Windows\System\VMakgeZ.exe
  C:\Windows\System\VMakgeZ.exe
  2⤵
  PID:9640
- C:\Windows\System\uktFBvB.exe
  C:\Windows\System\uktFBvB.exe
  2⤵
  PID:9700
- C:\Windows\System\SuLMEGL.exe
  C:\Windows\System\SuLMEGL.exe
  2⤵
  PID:9704
- C:\Windows\System\JzWMYUb.exe
  C:\Windows\System\JzWMYUb.exe
  2⤵
  PID:9736
- C:\Windows\System\JXEvlSj.exe
  C:\Windows\System\JXEvlSj.exe
  2⤵
  PID:9760
- C:\Windows\System\owLBSIo.exe
  C:\Windows\System\owLBSIo.exe
  2⤵
  PID:9772
- C:\Windows\System\lXYZRsf.exe
  C:\Windows\System\lXYZRsf.exe
  2⤵
  PID:9804
- C:\Windows\System\FLTtHRc.exe
  C:\Windows\System\FLTtHRc.exe
  2⤵
  PID:9808
- C:\Windows\System\CRivPzM.exe
  C:\Windows\System\CRivPzM.exe
  2⤵
  PID:9880
- C:\Windows\System\KhRWTKF.exe
  C:\Windows\System\KhRWTKF.exe
  2⤵
  PID:9896
- C:\Windows\System\qWmBDRt.exe
  C:\Windows\System\qWmBDRt.exe
  2⤵
  PID:9908
- C:\Windows\System\QDHixvr.exe
  C:\Windows\System\QDHixvr.exe
  2⤵
  PID:9928
- C:\Windows\System\BDgdXHm.exe
  C:\Windows\System\BDgdXHm.exe
  2⤵
  PID:9944
- C:\Windows\System\KJCujvs.exe
  C:\Windows\System\KJCujvs.exe
  2⤵
  PID:9960
- C:\Windows\System\HBUYGGZ.exe
  C:\Windows\System\HBUYGGZ.exe
  2⤵
  PID:9976
- C:\Windows\System\fmvXOGe.exe
  C:\Windows\System\fmvXOGe.exe
  2⤵
  PID:9992
- C:\Windows\System\AsaDtAL.exe
  C:\Windows\System\AsaDtAL.exe
  2⤵
  PID:10008
- C:\Windows\System\MRaQUYm.exe
  C:\Windows\System\MRaQUYm.exe
  2⤵
  PID:10024
- C:\Windows\System\YmusDTw.exe
  C:\Windows\System\YmusDTw.exe
  2⤵
  PID:10040
- C:\Windows\System\dvuqfxR.exe
  C:\Windows\System\dvuqfxR.exe
  2⤵
  PID:9604
- C:\Windows\System\EfEvbIf.exe
  C:\Windows\System\EfEvbIf.exe
  2⤵
  PID:9876
- C:\Windows\System\WBkSNvs.exe
  C:\Windows\System\WBkSNvs.exe
  2⤵
  PID:10148
- C:\Windows\System\xajemiq.exe
  C:\Windows\System\xajemiq.exe
  2⤵
  PID:10220
- C:\Windows\System\VJgFble.exe
  C:\Windows\System\VJgFble.exe
  2⤵
  PID:8776
- C:\Windows\System\gRgakZS.exe
  C:\Windows\System\gRgakZS.exe
  2⤵
  PID:10168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BRPMSYD.exe

Filesize
6.0MB

MD5
b9d80e2abb4c20be3dda25be6bd20976

SHA1
4714425e17527f4fc9afaadb72eb1358eba22c00

SHA256
731ec390b3bee46c03abb9ea1ff5f3b13303ef96d96d658122c99d9905a07e4c

SHA512
dda8a23ffb7ea26fe6d91884f2f315d9dad4f6c3e4fa430d419c812a4dbc9ba0de14e1a239f9954ecfb02893dad5637b1d23ca440884d8a83e09954247ef33fb

Download Submit
C:\Windows\system\DDNlhdo.exe

Filesize
6.0MB

MD5
df042cd715936aef00cf3ae7d685daeb

SHA1
fddf0effe111369d8be919f03945ec1d488b4a08

SHA256
4a0ebbe1c8f088f8969b340c87065564f2aba4061e658a1debed065aa7232fe8

SHA512
3fbdc866e2798a6d8f549a0005840592560a41fb11b7ed7ed5850caa18197c793e440d0959628cdad7aee6f7a5e7f3ee807ab05d2fe29df1a72c7ac3c2d73403

Download Submit
C:\Windows\system\FnuhqzZ.exe

Filesize
6.0MB

MD5
f6a646f3ed0d3338de77939d18b4e133

SHA1
4cd9fda90396c86c38130e6af1c9871a256ff117

SHA256
bfc5c14a6a21c14b172245bac3ba0516771977c677d379d6d2a3b45d54780033

SHA512
7d1c67b19acb1ba86d1346583ca1dc6b335f367a57bc21b62ad5482f9d71014094a64b920118d67d193f1354b50faa1d97d4f79c89892993caa52fd28e2c6e96

Download Submit
C:\Windows\system\GkDBVUX.exe

Filesize
6.0MB

MD5
de5d9aef8996c6b68a39666af3a45d72

SHA1
f2d7e3263cfe37f9443ebe4aea40611d0910fcde

SHA256
314a432026d59178db9ec37eb0120335547aca060adc8ebf21abc73cfdda3533

SHA512
ee933fcc855ab5fead42a82cff24a04377e2b2f88ecf443b363759e5bf08f72f8f94259973c462a2a69dc1439bec07bc7d9f4132760e89f3ea7b40e93c68ac50

Download Submit
C:\Windows\system\GxeMSSc.exe

Filesize
6.0MB

MD5
734a4f8c21573665ee08e2d30f63b663

SHA1
896b6bbbf0e01c7e81a92f0236921506ff92797f

SHA256
e70c6353e48e6921ac5358e1fdd058e6e8280b6912f5717a3c555f6f20276539

SHA512
8f44f7d4c887d34f70d162bfca96bab3e50ec7f63dedb90ba310f5100a685bdd3f770bd4f898572fca1d80062ad3e48c4d5855449c00b41e9c5ecd0820904c1c

Download Submit
C:\Windows\system\IJkGlPu.exe

Filesize
6.0MB

MD5
3254278a84e58cee8f4e9f616ec700a2

SHA1
6ff5c9b708513049505d2644b7aa294de1c168b6

SHA256
32a6c8c130400165559a2ddc1eca82623a98fe4b5f7b3fc6c7e1c49007dc9f0c

SHA512
13ea72cd2c6136467bb19ff65562f777aa4d9c55ad43d479e1948048f5940f9153aab8e7fd978793896b1857b042392ade3761d98c76bcd05b70f3def7b7e72f

Download Submit
C:\Windows\system\JIvkfin.exe

Filesize
6.0MB

MD5
3a8e9065a2ee8d732c04d776d333831e

SHA1
28569d86f391e13fe7e9feb244d3b44857d9a454

SHA256
c6591695dc15ad8cf941923dd44e690d397c1d82e7f959e399c0fb87ae9b6bac

SHA512
9588dba9a484207947aba80dbd480ee3823e01937bb56059fbb5c45eb86da741a0f222831503241d7eecf6f51332aebdf04f5de15f74ca08be22eba56cb79c71

Download Submit
C:\Windows\system\KLtaykO.exe

Filesize
6.0MB

MD5
1196803078070ebe294858bdafe55bba

SHA1
f06a81d4a9b0ce45223d71ab5d999e054196a4b3

SHA256
c64ce9a6db9646002173c78fb06cf51145d21bd9f6a08f99830842ae36fad68e

SHA512
21358d4c84eedeaaa6333a55e2d7932db472263bdd0d22558814c20cecd7010fdbd7174a53e88b8a1655aa2704de985e4ec4c80f395913fa5f5e116064b3241c

Download Submit
C:\Windows\system\LHyZtUV.exe

Filesize
6.0MB

MD5
1522d2258e1cb70c0f4c0cd74a21d1f3

SHA1
89cf3aa10bbd661f1a5d9c423fc0d77b8c1278ae

SHA256
c59fac0c440da3d32782e1a5a625c8014e6f5b302bc24b8d565c9cd7031db0ea

SHA512
ede2930811c452858f02ae72c3360eb381c3735d035787df55742cc79f22173a98173d1d3a1ac7311376e37dfb2197a77576be0584350caefb2112db0e66c695

Download Submit
C:\Windows\system\LYCojWe.exe

Filesize
6.0MB

MD5
78c367bf658031b66ab4a90498e856d6

SHA1
c90bff7750945a190a6f1fd08508b0e888dc0746

SHA256
a133db91d479d96703d2939997bb4f1e459b49abaa24b5b52cbac2997daf33fc

SHA512
86a3fbf1e68429dd115b21b652d557a04d13c6b2ed03e64692f3e781f39b681d546358c600cfa69c7baa172b4afff2015fed9585f218c1a228264fc9bb26704a

Download Submit
C:\Windows\system\PLzhhtD.exe

Filesize
6.0MB

MD5
b2042000a3e8fda96b9b93d0400a3fe4

SHA1
ee88abea25c3778527148352cbd16b8d68542cf3

SHA256
d9e592ed76707d6f152121991b016f5f308eef27bf75574120a0fdd153fa51cf

SHA512
ba596a0caa6a1e0643debde9a4b8df036200fce4c69a2f06b1aa7ca23556e22c214c86f3c59ea1cde256b1e3ad491b7ac7cd43d7210c2821591008b950ac7d62

Download Submit
C:\Windows\system\TFeOaOJ.exe

Filesize
6.0MB

MD5
c7f20eae5ee5532caa0a5fdc97075fdc

SHA1
1803f4d22a700bd581df63dd19519a172c339959

SHA256
ed3d1a47f114a8bb7a71b5d44275e162ed5fd9ac3ebe14153324dc2a07236d8e

SHA512
59bbeb73d076e7c0ea1ff2dda3dbc1bef043c17b8a3b45e3faf6274a0c009a352a8cfa187e84991055e4c901538e2a0a6bd57980b0dd0aa1f0030dede2914e03

Download Submit
C:\Windows\system\TqhBnhR.exe

Filesize
6.0MB

MD5
ffc3dd29205d69f1f35e8cc969ec86be

SHA1
d505aec40f6cb8b94403361b42e59fe037278420

SHA256
d17a11aa7f6a5efad46d8e9e07a1d6555c7b0d26292c2fdf534b6522e551dd8b

SHA512
34272bed0c5e714c7b71815f9b94e0be4e84f951e252ec1ca3280e7c760d8a42de0922d0038437af9adf9beab84d7a232528d5d1430f405d26c4ffa644c49287

Download Submit
C:\Windows\system\deuCKNx.exe

Filesize
6.0MB

MD5
953da832bf5cacec90e01e17f33aa93d

SHA1
16224ed7877450d93937f26c54a6a801904fe6ff

SHA256
75fd43f39286095dd8cd5e664d8d829e3ae45f9ff6b6852ab06a1d082cd37d2c

SHA512
a7bc74c7bd5073aaf137328444e16df8733e2d4a23af13ed01d503d0a78f018f389eddbc7773e792fffbb14bd0bbed515b44c74767e01e8194b1802958e6be7f

Download Submit
C:\Windows\system\dkEGMsV.exe

Filesize
6.0MB

MD5
e6377a60fa2daa6c4b9244bf1d45a9c3

SHA1
d1fe4892b84bb0061549358bbd5cecae4a1ae0c8

SHA256
07b7c2169da0fe422ea725d8057e3100b82caf583f58d5a2799baa9ebfe6d75d

SHA512
0d29696e2d7487157a5193a8acdea14e259e450e30de6d664555cdf318b289fe6d204b187699d29df877ccbc34487e4a65d67e22a540482183a1593b82f06ac2

Download Submit
C:\Windows\system\dsXCmAZ.exe

Filesize
6.0MB

MD5
bd348426d5b68329db0cfe7e100382cd

SHA1
e36282ca61ea40873585d2df11bbd0dc691253c1

SHA256
8632f0bc1b895e9682d7ef1999cf0679ba14d35c6083cae68c693b22aac52a61

SHA512
d5812ed77aca6e4a741d94f0cad11c5f3e70816e96c7e990f93fcc71b1774b2b1412f13cd23b021fd4eda4a01f75ddeb97368c38b8a7365716b79acdd85dc759

Download Submit
C:\Windows\system\eHSgaBK.exe

Filesize
6.0MB

MD5
7ca422ee616908a9427931416bfc7d6d

SHA1
afa531647d5304c200b5f32d746b13e8429f1a6f

SHA256
048456d0859ce881768b274bb706b0268c31c4f7be6b4b6ff06d7f15d12fd796

SHA512
40ac016ea3b639f36b9eccab5657c60f1fb9ca60ef126faf0aa7bbb44a1783a312bf79477d4a0a3af94aab534fd92f3085d3f4df444022b7408708324e898f33

Download Submit
C:\Windows\system\iEJMLwE.exe

Filesize
6.0MB

MD5
8c97164bb8c5443fa8366da314b8bce7

SHA1
f9c5f6d4fa655512399e10abe3010f41f27ec8dc

SHA256
ea1a2ec01695834e36f28e39a0f0679d5f458711318f5026cbd7edf885bc1d64

SHA512
5c40df465a8b1688fedb5a8e10fcc1748eeffc1020abae6ef655f6fe1c396939df385972ec327aff0acd33609d1b082901fac079c4cea5cc7eb1b34396475df5

Download Submit
C:\Windows\system\iFdTSoH.exe

Filesize
6.0MB

MD5
0a22579b0e446132d89a7aacef0c9672

SHA1
c5b5770bb2e76b6a5bbb9bdb001a8bbcf8a74aca

SHA256
b9018c911a7e2cd50da22441b207e185049dbd87ba30f7cc0abf375706274dd1

SHA512
14d5137b5dd98accc7c563a443823f5c88b95621d832ec6bfe66bb9f8308b67bfa6b7cc93882e1cc6043f937811ee42508737b898c03de5727839b945018884d

Download Submit
C:\Windows\system\jGczbnc.exe

Filesize
6.0MB

MD5
eab6d6e11bdb44f9d871ce469fc6245c

SHA1
8e37557a21851fecb3738dae80d60071be5ff330

SHA256
c9734bf022fd8185cf8089c3b0302423cfb852ac89fc864c85051cdf5afcc0ec

SHA512
8620d848ecb93f30a56733a2bd911ef61ec4cbb1cb8c5e6760ece3d5f4a3b130c8d1547d9f144708547ca29ab8f013e3014d71fafbda58ab58dc3a83c76fa45f

Download Submit
C:\Windows\system\jpKDMfj.exe

Filesize
6.0MB

MD5
925c5916595b0b8d8b0e1800bdadcadc

SHA1
4a44cd7c15361d09a9594aaf74f12085379fb8e1

SHA256
217524b5f31c4d7a7e17f1fe20cf5929c1f05b6e69190b1575693c1c00fb60cc

SHA512
8c418b7a16ba04954e024febbbf904d5d10cc12b1439bf695202be7163a6f4ab0f242937d02bdaa3ded0d33a5a79aa3dc71ba298f05c71c4646ee259f8f3bbe3

Download Submit
C:\Windows\system\qNIhVRe.exe

Filesize
6.0MB

MD5
fe7b37bcac50072f71d3c27e27903905

SHA1
40f14a4e0547e4629d09b759c929b2743daf1867

SHA256
23f43f35e95329c6fe75eb079ae9184be4ab581bb8b06e870a6160d10fe550a8

SHA512
b389677d42f3edcf7dde52fc4d3fcba3203562b1c29f63fda7f1241122b3cf0f84de062f5cb51c7e7c724607aeb7d1e1e95c66c475988299da3a4b4f93e3ab46

Download Submit
C:\Windows\system\rIUalbV.exe

Filesize
6.0MB

MD5
4d94b1402168cc0f201ab18a7a9c4286

SHA1
53d844fd67a22f14dafedfc2b6f2d6ddc8c7726b

SHA256
f1bb004b065242594bf400c190d905a18b7b77be5e74341697e2f5d80ac92d09

SHA512
d6d0a7337a015c44d5c370921493dbd9495846c414ee1405d24c5449a7af75415206ea36aab2b294e430dbd4ab7081bdab203f778b01c49afc5a9576377e9af5

Download Submit
C:\Windows\system\sJoxRGB.exe

Filesize
6.0MB

MD5
efb094ac6dc7202d984ffbc493963803

SHA1
32776c211dd098a584a4b3b0eb1899d7694c814e

SHA256
95ae3875b920c40dbe35f60c0b470bc9f665dc8a55d8bafd05c40b245815686d

SHA512
b2b202df319c8808bf8122f66b4728fd999c1d0707aba6ab708fcb0a40d423c912dea7a400d5cbc429120c325a51e16bfdeb4471f876b18348c06bb12b91d9fb

Download Submit
C:\Windows\system\sNBeDTb.exe

Filesize
6.0MB

MD5
c6ba2b1dfce87558c213836df0da4190

SHA1
604a12160ca27eabc6e44d84d4abe064766f2632

SHA256
362d6d71210f259ab5fe91f81cd3790a0f0ac64009fc12779d87714199683e2c

SHA512
263e828b8f7f7c75338c0b6dbeaa506971e605fc9e2137cc9ccc0c5524a8227a20a5dd51910ff8331bfd07e0d514c49b1c0a3cfa67ca218688296aff19d1d49d

Download Submit
C:\Windows\system\vBMbEve.exe

Filesize
6.0MB

MD5
175a78d2986532064b82b8569143b1ac

SHA1
7e4bf9e671e603eb3d4e612932b09d0c2718eaae

SHA256
587e0f314d054630add6d0d28b9e20c2d937fe08463247f2ea7ff156c61fc455

SHA512
4d9ccbb6335c74398ed3a1434866824d9131a1e242ac87dd353b50a12d7ac47e2284148c7ac527e977fb1a396458cf6549ce74f35d1f6786132ade8af6b949da

Download Submit
C:\Windows\system\xPNsPPs.exe

Filesize
6.0MB

MD5
fd896808fac8f2cae526db8802049a4d

SHA1
9dea618c3d2ec5d9902eea37abdc7011776a0640

SHA256
5293b3c948e8071f4dc35d3887d7a39a1dce05c4463f1f46ebcae7dd05285f8e

SHA512
be8ff4b114d852254c17d167479a1444748a625f9f04948e5a9dc890a6bdcc0dc2fa2a9e5d1b8c1c2dd193eeca7a29375a9a888acac748a6152f26a8b33a44b5

Download Submit
C:\Windows\system\yYGLJnT.exe

Filesize
6.0MB

MD5
3b0b92507dbf959d1b447eb878172155

SHA1
5ec8ba1a1cd8fd176871b32fc0562f1e54f593ef

SHA256
ab04bf2cc98a02e29c482140bd655728bf279bcd8e2fb0a55a592766a4587b0d

SHA512
b72610a673cd942558cb436aa2542a3f330362c073f128443f316857b69f51ad3221cddc50f6c22b26ba04666a41679f05d948a2bb269dd407e452abb1ccdbe2

Download Submit
\Windows\system\VxHPPJR.exe

Filesize
6.0MB

MD5
338a3cbeb4e90e1fbebf69f17f0ee8da

SHA1
1abe4a480d9503417ab596349952516909c6726c

SHA256
844cd6f222e40933203d91afa9c6a9cdf152f182d53b1f8ac118ab3a2e2ac7b7

SHA512
d113dfbc7274064acb0ccfd79258a58be8bb876bd237c1108bf610c85d963a3b9117c98383c5e10bd9472d8c9552ffe86a26f2eb3ec7565772397d3f2ff36ea2

Download Submit
\Windows\system\ffotUMo.exe

Filesize
6.0MB

MD5
43ff3c85b98e411ff7a9fb7b5ea59023

SHA1
6d6028f5bff8d1e12543c1fce707826ce204ca39

SHA256
f14bbf454dae47dcf4e253806abac344f31c47aad15f4434c8bba93a9f930f0e

SHA512
ff747ff3bb6c823fcfa79bcba7fcd01c913f6aff80365e228809c24f721018576bc3b9654ce2e2b2466f9fe221e08e57b654289cd62fe3907816556e2ec8d111

Download Submit
\Windows\system\uvgDiqf.exe

Filesize
6.0MB

MD5
e3cc5a0c1468d8c1b6528f1dc95e5575

SHA1
60f87bc49ecdadce59fa87fba467b74ef4e01848

SHA256
ade19abd1351b8cbc08fa44130efb949997f687201490618e8c892804b734463

SHA512
198c134a15100e8e43be884a6aa420e5c1e8857b7c4366af2851169f4ec36e1b3b17ca0305f979622ac6729e7a4cd31549447c3d019b33f21340b41700ccaef8

Download Submit
\Windows\system\vZYCRQX.exe

Filesize
6.0MB

MD5
37415698daa357d44dab143a510973ea

SHA1
fe0a180f09144f26bf986b0fb5f073e7c28ca305

SHA256
03367e95efc37d2fb3d5d36f39a7fba04b44ddb2bea2a1673995b68a6113fa4b

SHA512
b50611d1e710b758d684a74358a9d444dabe8fc418fff33ede87baad5a7a9346d67030fe4c581b89ea568e9fe9dbec94bb5c9f7171900415cf673639a22fdb4d

Download Submit
memory/1260-1118-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1260-62-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1260-19-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1664-58-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1162-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1836-1138-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1836-94-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1920-65-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1139-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-134-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-95-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1152-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1117-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2164-23-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2220-81-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1140-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-29-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1119-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2520-72-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2608-140-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-73-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-56-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2608-64-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-82-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-83-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-57-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-101-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2608-41-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2608-42-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-133-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2608-28-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2608-93-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2608-20-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-16-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-18-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2608-231-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2608-292-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2608-405-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1153-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-74-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1136-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2808-50-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1120-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-39-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1137-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2900-49-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2904-102-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1148-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1121-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-22-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download