cobaltstrike | 7f047cb355e90642310879df9c9c68af6c9b4abbc8d36eb9c8d637e038408d11

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dd40e87c1a6f704b7c84ae268db80333
SHA1

ea1c159a85b876860a271c691f5b292565cc8448
SHA256

7f047cb355e90642310879df9c9c68af6c9b4abbc8d36eb9c8d637e038408d11
SHA512

207e3c00c87c12bae7bbe6101c758c2a1b43e3a160d4363e9801a79ca7b2188ba8f41c20dedc17d9a73186294f1f0e4d8178b06035496e80063161ecc91a4211
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012291-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c7c-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca5-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cb2-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cbc-26.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-145.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016bf7-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-50.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016ccd-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc4-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2696-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012291-3.dat	xmrig
behavioral1/files/0x0008000000016c7c-7.dat	xmrig
behavioral1/files/0x0007000000016ca5-15.dat	xmrig
behavioral1/files/0x0007000000016cb2-18.dat	xmrig
behavioral1/files/0x0007000000016cbc-26.dat	xmrig
behavioral1/files/0x000800000001739f-40.dat	xmrig
behavioral1/files/0x0005000000019371-45.dat	xmrig
behavioral1/files/0x00050000000193a8-65.dat	xmrig
behavioral1/files/0x00050000000193e6-75.dat	xmrig
behavioral1/files/0x00050000000195c6-116.dat	xmrig
behavioral1/files/0x00050000000195ca-130.dat	xmrig
behavioral1/files/0x00050000000195cc-133.dat	xmrig
behavioral1/memory/2632-557-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2412-561-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2696-1235-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1732-559-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2724-555-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2748-553-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2844-551-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2772-549-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2804-547-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2984-545-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2920-543-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2896-538-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2248-536-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2936-534-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1848-532-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-161.dat	xmrig
behavioral1/files/0x00050000000195d0-151.dat	xmrig
behavioral1/files/0x00050000000195e0-155.dat	xmrig
behavioral1/files/0x00050000000195ce-145.dat	xmrig
behavioral1/files/0x0009000000016bf7-141.dat	xmrig
behavioral1/files/0x00050000000195c8-126.dat	xmrig
behavioral1/files/0x00050000000195c7-120.dat	xmrig
behavioral1/files/0x00050000000195c4-111.dat	xmrig
behavioral1/files/0x00050000000195c2-105.dat	xmrig
behavioral1/files/0x000500000001958b-100.dat	xmrig
behavioral1/files/0x00050000000194e2-95.dat	xmrig
behavioral1/files/0x000500000001948d-90.dat	xmrig
behavioral1/files/0x000500000001945c-85.dat	xmrig
behavioral1/files/0x00050000000193f0-80.dat	xmrig
behavioral1/files/0x00050000000193d1-70.dat	xmrig
behavioral1/files/0x000500000001938e-60.dat	xmrig
behavioral1/files/0x0005000000019382-55.dat	xmrig
behavioral1/files/0x000500000001937b-50.dat	xmrig
behavioral1/files/0x000a000000016ccd-36.dat	xmrig
behavioral1/files/0x0007000000016cc4-30.dat	xmrig
behavioral1/memory/2632-3940-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2248-4098-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2412-4148-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2748-4176-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2804-4168-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2984-4150-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2936-4147-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2896-4146-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2844-4205-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1732-4204-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1848-4206-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2724-4208-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2920-4242-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2412	jZyIuZI.exe
1848	OEpMkvc.exe
2936	FqdolYn.exe
2248	koLbCJn.exe
2896	aEjPcSk.exe
2920	nCusbhX.exe
2984	NGPNwFp.exe
2804	zlNebtK.exe
2772	WnEnvVb.exe
2844	GfUxuLF.exe
2748	PkKMYcE.exe
2724	TDyeubQ.exe
2632	fxHrAbR.exe
1732	bAhcfeb.exe
2256	hLoUWaN.exe
1808	FihwWHb.exe
1248	CifyFWr.exe
2008	PHMQYzM.exe
1048	avRYOCO.exe
2832	kgbJPMg.exe
1980	wjoCPLk.exe
1704	yEyQDAq.exe
1720	NPsEygL.exe
1972	utLQzQO.exe
2868	FveXAAE.exe
1996	YsBSvQl.exe
2072	nZpQckP.exe
844	WikPyKd.exe
2596	UqTRjwx.exe
768	ExGsKzY.exe
2288	yRKluko.exe
816	CijStvi.exe
2352	zPtJkBy.exe
2108	fVnNmyV.exe
1932	cuMJIyy.exe
2800	CPvILNA.exe
1592	xugoBCU.exe
1612	ikrHUMQ.exe
1924	zvEYSbE.exe
1532	ZlEIcLm.exe
2056	ZTvwjac.exe
1504	LwerNiP.exe
276	ClYBeLP.exe
920	JETDkTW.exe
2484	lrSmler.exe
2292	dEPhfVK.exe
2152	kbJStrE.exe
2416	MlNEtMC.exe
992	Jxigyxa.exe
2168	ufQjNmY.exe
2480	Bszkcfa.exe
2312	nZVMBBT.exe
888	NKVPKur.exe
2020	onEcLil.exe
2396	TvKDSwJ.exe
2388	jXrcdic.exe
1584	WLuOjKc.exe
2516	iWKUoWE.exe
2104	TRGSGkU.exe
2348	bOAOVGG.exe
2912	gIEDihb.exe
2744	euhstPd.exe
2828	FKjwEte.exe
2780	vfgWazI.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2696-0-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x000a000000012291-3.dat	upx
behavioral1/files/0x0008000000016c7c-7.dat	upx
behavioral1/files/0x0007000000016ca5-15.dat	upx
behavioral1/files/0x0007000000016cb2-18.dat	upx
behavioral1/files/0x0007000000016cbc-26.dat	upx
behavioral1/files/0x000800000001739f-40.dat	upx
behavioral1/files/0x0005000000019371-45.dat	upx
behavioral1/files/0x00050000000193a8-65.dat	upx
behavioral1/files/0x00050000000193e6-75.dat	upx
behavioral1/files/0x00050000000195c6-116.dat	upx
behavioral1/files/0x00050000000195ca-130.dat	upx
behavioral1/files/0x00050000000195cc-133.dat	upx
behavioral1/memory/2632-557-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2412-561-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2696-1235-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1732-559-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2724-555-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2748-553-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2844-551-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2772-549-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2804-547-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2984-545-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2920-543-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2896-538-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2248-536-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2936-534-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1848-532-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0005000000019624-161.dat	upx
behavioral1/files/0x00050000000195d0-151.dat	upx
behavioral1/files/0x00050000000195e0-155.dat	upx
behavioral1/files/0x00050000000195ce-145.dat	upx
behavioral1/files/0x0009000000016bf7-141.dat	upx
behavioral1/files/0x00050000000195c8-126.dat	upx
behavioral1/files/0x00050000000195c7-120.dat	upx
behavioral1/files/0x00050000000195c4-111.dat	upx
behavioral1/files/0x00050000000195c2-105.dat	upx
behavioral1/files/0x000500000001958b-100.dat	upx
behavioral1/files/0x00050000000194e2-95.dat	upx
behavioral1/files/0x000500000001948d-90.dat	upx
behavioral1/files/0x000500000001945c-85.dat	upx
behavioral1/files/0x00050000000193f0-80.dat	upx
behavioral1/files/0x00050000000193d1-70.dat	upx
behavioral1/files/0x000500000001938e-60.dat	upx
behavioral1/files/0x0005000000019382-55.dat	upx
behavioral1/files/0x000500000001937b-50.dat	upx
behavioral1/files/0x000a000000016ccd-36.dat	upx
behavioral1/files/0x0007000000016cc4-30.dat	upx
behavioral1/memory/2632-3940-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2248-4098-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2412-4148-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2748-4176-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2804-4168-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2984-4150-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2936-4147-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2896-4146-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2844-4205-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1732-4204-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1848-4206-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2724-4208-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2920-4242-0x000000013F810000-0x000000013FB64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tRGRIwL.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzVkccO.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBpvdfX.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlVxiGs.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIpsmKi.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJvxBVN.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxmnBOM.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKyOFYD.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPdfzcS.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgbRzek.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaBfTsT.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnGDMoc.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqwEoUq.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKgBIBc.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLoPJIs.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxxPzIs.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApMXXMv.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILqhIdM.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfkLkNE.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBvVzRa.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQahMhw.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqdUAIo.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaueuZk.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWnkitp.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtmAXjx.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opYrmpG.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdHnAOU.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIzdiFp.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eROjsqp.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWRxetF.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsSyGne.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFAyyep.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWFTefJ.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHyXbYz.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vatIhPN.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCvCuuz.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXAhneq.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CijStvi.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiWdWGB.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKGHeVS.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmVGtPS.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnDanWe.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxKgLJT.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrgneiT.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fazlZTA.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpkXEjl.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKvaFnc.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxqxjtw.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVVLZpd.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlUvLHF.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCUyIND.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLNKVtn.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhHPXBq.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCrckuE.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heDAfnq.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peVBaXp.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neqTtVe.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktCarcW.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLfMKnh.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIjapFQ.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNYbxjQ.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRLEcch.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWBkJaN.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGMXnKv.exe	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2412	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2696 wrote to memory of 2412	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2696 wrote to memory of 2412	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2696 wrote to memory of 1848	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2696 wrote to memory of 1848	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2696 wrote to memory of 1848	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2696 wrote to memory of 2936	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2696 wrote to memory of 2936	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2696 wrote to memory of 2936	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2696 wrote to memory of 2248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2696 wrote to memory of 2248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2696 wrote to memory of 2248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2696 wrote to memory of 2896	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2696 wrote to memory of 2896	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2696 wrote to memory of 2896	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2696 wrote to memory of 2920	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2696 wrote to memory of 2920	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2696 wrote to memory of 2920	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2696 wrote to memory of 2984	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2696 wrote to memory of 2984	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2696 wrote to memory of 2984	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2696 wrote to memory of 2804	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2696 wrote to memory of 2804	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2696 wrote to memory of 2804	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2696 wrote to memory of 2772	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2696 wrote to memory of 2772	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2696 wrote to memory of 2772	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2696 wrote to memory of 2844	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2696 wrote to memory of 2844	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2696 wrote to memory of 2844	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2696 wrote to memory of 2748	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2696 wrote to memory of 2748	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2696 wrote to memory of 2748	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2696 wrote to memory of 2724	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2696 wrote to memory of 2724	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2696 wrote to memory of 2724	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2696 wrote to memory of 2632	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2696 wrote to memory of 2632	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2696 wrote to memory of 2632	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2696 wrote to memory of 1732	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2696 wrote to memory of 1732	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2696 wrote to memory of 1732	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2696 wrote to memory of 2256	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2696 wrote to memory of 2256	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2696 wrote to memory of 2256	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2696 wrote to memory of 1808	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2696 wrote to memory of 1808	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2696 wrote to memory of 1808	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2696 wrote to memory of 1248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2696 wrote to memory of 1248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2696 wrote to memory of 1248	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2696 wrote to memory of 2008	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2696 wrote to memory of 2008	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2696 wrote to memory of 2008	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2696 wrote to memory of 1048	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2696 wrote to memory of 1048	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2696 wrote to memory of 1048	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2696 wrote to memory of 2832	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2696 wrote to memory of 2832	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2696 wrote to memory of 2832	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2696 wrote to memory of 1980	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2696 wrote to memory of 1980	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2696 wrote to memory of 1980	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2696 wrote to memory of 1704	2696	2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_dd40e87c1a6f704b7c84ae268db80333_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\System\jZyIuZI.exe
  C:\Windows\System\jZyIuZI.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\OEpMkvc.exe
  C:\Windows\System\OEpMkvc.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\FqdolYn.exe
  C:\Windows\System\FqdolYn.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\koLbCJn.exe
  C:\Windows\System\koLbCJn.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\aEjPcSk.exe
  C:\Windows\System\aEjPcSk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\nCusbhX.exe
  C:\Windows\System\nCusbhX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\NGPNwFp.exe
  C:\Windows\System\NGPNwFp.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\zlNebtK.exe
  C:\Windows\System\zlNebtK.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WnEnvVb.exe
  C:\Windows\System\WnEnvVb.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\GfUxuLF.exe
  C:\Windows\System\GfUxuLF.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\PkKMYcE.exe
  C:\Windows\System\PkKMYcE.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\TDyeubQ.exe
  C:\Windows\System\TDyeubQ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fxHrAbR.exe
  C:\Windows\System\fxHrAbR.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\bAhcfeb.exe
  C:\Windows\System\bAhcfeb.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\hLoUWaN.exe
  C:\Windows\System\hLoUWaN.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\FihwWHb.exe
  C:\Windows\System\FihwWHb.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\CifyFWr.exe
  C:\Windows\System\CifyFWr.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\PHMQYzM.exe
  C:\Windows\System\PHMQYzM.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\avRYOCO.exe
  C:\Windows\System\avRYOCO.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\kgbJPMg.exe
  C:\Windows\System\kgbJPMg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\wjoCPLk.exe
  C:\Windows\System\wjoCPLk.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\yEyQDAq.exe
  C:\Windows\System\yEyQDAq.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\NPsEygL.exe
  C:\Windows\System\NPsEygL.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\utLQzQO.exe
  C:\Windows\System\utLQzQO.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\FveXAAE.exe
  C:\Windows\System\FveXAAE.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\YsBSvQl.exe
  C:\Windows\System\YsBSvQl.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nZpQckP.exe
  C:\Windows\System\nZpQckP.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\WikPyKd.exe
  C:\Windows\System\WikPyKd.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\UqTRjwx.exe
  C:\Windows\System\UqTRjwx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ExGsKzY.exe
  C:\Windows\System\ExGsKzY.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\yRKluko.exe
  C:\Windows\System\yRKluko.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\CijStvi.exe
  C:\Windows\System\CijStvi.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\zPtJkBy.exe
  C:\Windows\System\zPtJkBy.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\fVnNmyV.exe
  C:\Windows\System\fVnNmyV.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\cuMJIyy.exe
  C:\Windows\System\cuMJIyy.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\CPvILNA.exe
  C:\Windows\System\CPvILNA.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\xugoBCU.exe
  C:\Windows\System\xugoBCU.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ikrHUMQ.exe
  C:\Windows\System\ikrHUMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\zvEYSbE.exe
  C:\Windows\System\zvEYSbE.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ZTvwjac.exe
  C:\Windows\System\ZTvwjac.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ZlEIcLm.exe
  C:\Windows\System\ZlEIcLm.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ClYBeLP.exe
  C:\Windows\System\ClYBeLP.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\LwerNiP.exe
  C:\Windows\System\LwerNiP.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\JETDkTW.exe
  C:\Windows\System\JETDkTW.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\lrSmler.exe
  C:\Windows\System\lrSmler.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\dEPhfVK.exe
  C:\Windows\System\dEPhfVK.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kbJStrE.exe
  C:\Windows\System\kbJStrE.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\MlNEtMC.exe
  C:\Windows\System\MlNEtMC.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\Jxigyxa.exe
  C:\Windows\System\Jxigyxa.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ufQjNmY.exe
  C:\Windows\System\ufQjNmY.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\Bszkcfa.exe
  C:\Windows\System\Bszkcfa.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\nZVMBBT.exe
  C:\Windows\System\nZVMBBT.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\NKVPKur.exe
  C:\Windows\System\NKVPKur.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\onEcLil.exe
  C:\Windows\System\onEcLil.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\TvKDSwJ.exe
  C:\Windows\System\TvKDSwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\jXrcdic.exe
  C:\Windows\System\jXrcdic.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\WLuOjKc.exe
  C:\Windows\System\WLuOjKc.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\iWKUoWE.exe
  C:\Windows\System\iWKUoWE.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\TRGSGkU.exe
  C:\Windows\System\TRGSGkU.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bOAOVGG.exe
  C:\Windows\System\bOAOVGG.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\gIEDihb.exe
  C:\Windows\System\gIEDihb.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\euhstPd.exe
  C:\Windows\System\euhstPd.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\FKjwEte.exe
  C:\Windows\System\FKjwEte.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\vfgWazI.exe
  C:\Windows\System\vfgWazI.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\iDDapZc.exe
  C:\Windows\System\iDDapZc.exe
  2⤵
  PID:2628
- C:\Windows\System\upfTeQt.exe
  C:\Windows\System\upfTeQt.exe
  2⤵
  PID:2688
- C:\Windows\System\qitXttl.exe
  C:\Windows\System\qitXttl.exe
  2⤵
  PID:2660
- C:\Windows\System\oVjBLlu.exe
  C:\Windows\System\oVjBLlu.exe
  2⤵
  PID:2364
- C:\Windows\System\SfUpboL.exe
  C:\Windows\System\SfUpboL.exe
  2⤵
  PID:1476
- C:\Windows\System\tiibITX.exe
  C:\Windows\System\tiibITX.exe
  2⤵
  PID:2872
- C:\Windows\System\DKvaFnc.exe
  C:\Windows\System\DKvaFnc.exe
  2⤵
  PID:2512
- C:\Windows\System\kkMoGlZ.exe
  C:\Windows\System\kkMoGlZ.exe
  2⤵
  PID:1892
- C:\Windows\System\hXUvimA.exe
  C:\Windows\System\hXUvimA.exe
  2⤵
  PID:2004
- C:\Windows\System\eQzqcvx.exe
  C:\Windows\System\eQzqcvx.exe
  2⤵
  PID:3036
- C:\Windows\System\LGGamLR.exe
  C:\Windows\System\LGGamLR.exe
  2⤵
  PID:2240
- C:\Windows\System\jgNvzyP.exe
  C:\Windows\System\jgNvzyP.exe
  2⤵
  PID:1680
- C:\Windows\System\BpCLkJZ.exe
  C:\Windows\System\BpCLkJZ.exe
  2⤵
  PID:2120
- C:\Windows\System\ApMXXMv.exe
  C:\Windows\System\ApMXXMv.exe
  2⤵
  PID:1044
- C:\Windows\System\OomZAaq.exe
  C:\Windows\System\OomZAaq.exe
  2⤵
  PID:2340
- C:\Windows\System\bKqPiaW.exe
  C:\Windows\System\bKqPiaW.exe
  2⤵
  PID:1492
- C:\Windows\System\egPxUGd.exe
  C:\Windows\System\egPxUGd.exe
  2⤵
  PID:1656
- C:\Windows\System\fUIFZlB.exe
  C:\Windows\System\fUIFZlB.exe
  2⤵
  PID:2792
- C:\Windows\System\UWdfufI.exe
  C:\Windows\System\UWdfufI.exe
  2⤵
  PID:984
- C:\Windows\System\cMsWjbi.exe
  C:\Windows\System\cMsWjbi.exe
  2⤵
  PID:1664
- C:\Windows\System\DexhLZP.exe
  C:\Windows\System\DexhLZP.exe
  2⤵
  PID:1348
- C:\Windows\System\xohfznI.exe
  C:\Windows\System\xohfznI.exe
  2⤵
  PID:2464
- C:\Windows\System\qcRwbgF.exe
  C:\Windows\System\qcRwbgF.exe
  2⤵
  PID:2304
- C:\Windows\System\fxUUMRt.exe
  C:\Windows\System\fxUUMRt.exe
  2⤵
  PID:2144
- C:\Windows\System\rlztEHj.exe
  C:\Windows\System\rlztEHj.exe
  2⤵
  PID:2100
- C:\Windows\System\lPXeAua.exe
  C:\Windows\System\lPXeAua.exe
  2⤵
  PID:1488
- C:\Windows\System\DWRxetF.exe
  C:\Windows\System\DWRxetF.exe
  2⤵
  PID:2392
- C:\Windows\System\dFTrEje.exe
  C:\Windows\System\dFTrEje.exe
  2⤵
  PID:1556
- C:\Windows\System\WzxXNnW.exe
  C:\Windows\System\WzxXNnW.exe
  2⤵
  PID:1856
- C:\Windows\System\fwlZrnT.exe
  C:\Windows\System\fwlZrnT.exe
  2⤵
  PID:2888
- C:\Windows\System\sCrckuE.exe
  C:\Windows\System\sCrckuE.exe
  2⤵
  PID:1956
- C:\Windows\System\rOVCCHI.exe
  C:\Windows\System\rOVCCHI.exe
  2⤵
  PID:2732
- C:\Windows\System\GefHtMM.exe
  C:\Windows\System\GefHtMM.exe
  2⤵
  PID:2536
- C:\Windows\System\hYAaIbx.exe
  C:\Windows\System\hYAaIbx.exe
  2⤵
  PID:1160
- C:\Windows\System\nxqxjtw.exe
  C:\Windows\System\nxqxjtw.exe
  2⤵
  PID:2824
- C:\Windows\System\GrcSaZY.exe
  C:\Windows\System\GrcSaZY.exe
  2⤵
  PID:672
- C:\Windows\System\VvERhul.exe
  C:\Windows\System\VvERhul.exe
  2⤵
  PID:1792
- C:\Windows\System\suQSjSD.exe
  C:\Windows\System\suQSjSD.exe
  2⤵
  PID:376
- C:\Windows\System\rEsgFCj.exe
  C:\Windows\System\rEsgFCj.exe
  2⤵
  PID:576
- C:\Windows\System\gKUjgaC.exe
  C:\Windows\System\gKUjgaC.exe
  2⤵
  PID:2124
- C:\Windows\System\TSLGjej.exe
  C:\Windows\System\TSLGjej.exe
  2⤵
  PID:2996
- C:\Windows\System\hcQphBn.exe
  C:\Windows\System\hcQphBn.exe
  2⤵
  PID:1244
- C:\Windows\System\aAGNwXt.exe
  C:\Windows\System\aAGNwXt.exe
  2⤵
  PID:268
- C:\Windows\System\QuFzwXk.exe
  C:\Windows\System\QuFzwXk.exe
  2⤵
  PID:1652
- C:\Windows\System\YTzYcsi.exe
  C:\Windows\System\YTzYcsi.exe
  2⤵
  PID:2848
- C:\Windows\System\NyEeLoP.exe
  C:\Windows\System\NyEeLoP.exe
  2⤵
  PID:1712
- C:\Windows\System\WiMzcjw.exe
  C:\Windows\System\WiMzcjw.exe
  2⤵
  PID:2444
- C:\Windows\System\lKWvJhG.exe
  C:\Windows\System\lKWvJhG.exe
  2⤵
  PID:2324
- C:\Windows\System\awvwrty.exe
  C:\Windows\System\awvwrty.exe
  2⤵
  PID:2344
- C:\Windows\System\ILqhIdM.exe
  C:\Windows\System\ILqhIdM.exe
  2⤵
  PID:1696
- C:\Windows\System\lCVsTpn.exe
  C:\Windows\System\lCVsTpn.exe
  2⤵
  PID:2964
- C:\Windows\System\jTnuuPc.exe
  C:\Windows\System\jTnuuPc.exe
  2⤵
  PID:2616
- C:\Windows\System\AWPVjSz.exe
  C:\Windows\System\AWPVjSz.exe
  2⤵
  PID:692
- C:\Windows\System\oGQtRJm.exe
  C:\Windows\System\oGQtRJm.exe
  2⤵
  PID:1764
- C:\Windows\System\iliODBP.exe
  C:\Windows\System\iliODBP.exe
  2⤵
  PID:3008
- C:\Windows\System\pSlhtEu.exe
  C:\Windows\System\pSlhtEu.exe
  2⤵
  PID:3012
- C:\Windows\System\CRZGrKD.exe
  C:\Windows\System\CRZGrKD.exe
  2⤵
  PID:1768
- C:\Windows\System\qmMPZCe.exe
  C:\Windows\System\qmMPZCe.exe
  2⤵
  PID:1644
- C:\Windows\System\rTBPcjf.exe
  C:\Windows\System\rTBPcjf.exe
  2⤵
  PID:2560
- C:\Windows\System\MRGZCsM.exe
  C:\Windows\System\MRGZCsM.exe
  2⤵
  PID:3088
- C:\Windows\System\YoQXbsy.exe
  C:\Windows\System\YoQXbsy.exe
  2⤵
  PID:3104
- C:\Windows\System\EtXQtZB.exe
  C:\Windows\System\EtXQtZB.exe
  2⤵
  PID:3124
- C:\Windows\System\PRafXGj.exe
  C:\Windows\System\PRafXGj.exe
  2⤵
  PID:3140
- C:\Windows\System\sLChPFL.exe
  C:\Windows\System\sLChPFL.exe
  2⤵
  PID:3160
- C:\Windows\System\uZdRoQw.exe
  C:\Windows\System\uZdRoQw.exe
  2⤵
  PID:3180
- C:\Windows\System\mQVWvtQ.exe
  C:\Windows\System\mQVWvtQ.exe
  2⤵
  PID:3204
- C:\Windows\System\SJhFioT.exe
  C:\Windows\System\SJhFioT.exe
  2⤵
  PID:3220
- C:\Windows\System\ZPFoUss.exe
  C:\Windows\System\ZPFoUss.exe
  2⤵
  PID:3244
- C:\Windows\System\NxYOzuJ.exe
  C:\Windows\System\NxYOzuJ.exe
  2⤵
  PID:3276
- C:\Windows\System\YmEGkcE.exe
  C:\Windows\System\YmEGkcE.exe
  2⤵
  PID:3296
- C:\Windows\System\LTShwvz.exe
  C:\Windows\System\LTShwvz.exe
  2⤵
  PID:3312
- C:\Windows\System\MpjBqay.exe
  C:\Windows\System\MpjBqay.exe
  2⤵
  PID:3332
- C:\Windows\System\uwqbMiI.exe
  C:\Windows\System\uwqbMiI.exe
  2⤵
  PID:3352
- C:\Windows\System\NRiSTwy.exe
  C:\Windows\System\NRiSTwy.exe
  2⤵
  PID:3376
- C:\Windows\System\mESUuiL.exe
  C:\Windows\System\mESUuiL.exe
  2⤵
  PID:3392
- C:\Windows\System\kmyGvvi.exe
  C:\Windows\System\kmyGvvi.exe
  2⤵
  PID:3412
- C:\Windows\System\yAeviXf.exe
  C:\Windows\System\yAeviXf.exe
  2⤵
  PID:3432
- C:\Windows\System\TAUPGpU.exe
  C:\Windows\System\TAUPGpU.exe
  2⤵
  PID:3456
- C:\Windows\System\nOeEdik.exe
  C:\Windows\System\nOeEdik.exe
  2⤵
  PID:3472
- C:\Windows\System\kMnBiOe.exe
  C:\Windows\System\kMnBiOe.exe
  2⤵
  PID:3492
- C:\Windows\System\UKoRTSW.exe
  C:\Windows\System\UKoRTSW.exe
  2⤵
  PID:3512
- C:\Windows\System\WMoNbfJ.exe
  C:\Windows\System\WMoNbfJ.exe
  2⤵
  PID:3528
- C:\Windows\System\WzNtYoD.exe
  C:\Windows\System\WzNtYoD.exe
  2⤵
  PID:3548
- C:\Windows\System\IQftZZh.exe
  C:\Windows\System\IQftZZh.exe
  2⤵
  PID:3568
- C:\Windows\System\ULyIFsk.exe
  C:\Windows\System\ULyIFsk.exe
  2⤵
  PID:3588
- C:\Windows\System\NNnUnQr.exe
  C:\Windows\System\NNnUnQr.exe
  2⤵
  PID:3608
- C:\Windows\System\LqYNzCb.exe
  C:\Windows\System\LqYNzCb.exe
  2⤵
  PID:3624
- C:\Windows\System\anEvaHX.exe
  C:\Windows\System\anEvaHX.exe
  2⤵
  PID:3640
- C:\Windows\System\yHRMzgH.exe
  C:\Windows\System\yHRMzgH.exe
  2⤵
  PID:3656
- C:\Windows\System\VZFBbhc.exe
  C:\Windows\System\VZFBbhc.exe
  2⤵
  PID:3676
- C:\Windows\System\vxwuZuZ.exe
  C:\Windows\System\vxwuZuZ.exe
  2⤵
  PID:3692
- C:\Windows\System\QVJwtWM.exe
  C:\Windows\System\QVJwtWM.exe
  2⤵
  PID:3708
- C:\Windows\System\bnOxZqk.exe
  C:\Windows\System\bnOxZqk.exe
  2⤵
  PID:3724
- C:\Windows\System\QoCfyme.exe
  C:\Windows\System\QoCfyme.exe
  2⤵
  PID:3740
- C:\Windows\System\nTPghyY.exe
  C:\Windows\System\nTPghyY.exe
  2⤵
  PID:3760
- C:\Windows\System\PDbtIKY.exe
  C:\Windows\System\PDbtIKY.exe
  2⤵
  PID:3896
- C:\Windows\System\DTmjpnK.exe
  C:\Windows\System\DTmjpnK.exe
  2⤵
  PID:3912
- C:\Windows\System\uLIWqcf.exe
  C:\Windows\System\uLIWqcf.exe
  2⤵
  PID:3928
- C:\Windows\System\gwEeHjo.exe
  C:\Windows\System\gwEeHjo.exe
  2⤵
  PID:3944
- C:\Windows\System\AnfDhrp.exe
  C:\Windows\System\AnfDhrp.exe
  2⤵
  PID:3960
- C:\Windows\System\AVgHKyL.exe
  C:\Windows\System\AVgHKyL.exe
  2⤵
  PID:3976
- C:\Windows\System\chfXBOZ.exe
  C:\Windows\System\chfXBOZ.exe
  2⤵
  PID:3992
- C:\Windows\System\xtBmMMu.exe
  C:\Windows\System\xtBmMMu.exe
  2⤵
  PID:4008
- C:\Windows\System\VWlGfoC.exe
  C:\Windows\System\VWlGfoC.exe
  2⤵
  PID:4024
- C:\Windows\System\GXAmhPM.exe
  C:\Windows\System\GXAmhPM.exe
  2⤵
  PID:4040
- C:\Windows\System\EqPFEgi.exe
  C:\Windows\System\EqPFEgi.exe
  2⤵
  PID:4056
- C:\Windows\System\JLCakBk.exe
  C:\Windows\System\JLCakBk.exe
  2⤵
  PID:4072
- C:\Windows\System\vZhkPmz.exe
  C:\Windows\System\vZhkPmz.exe
  2⤵
  PID:4088
- C:\Windows\System\nRpaMSL.exe
  C:\Windows\System\nRpaMSL.exe
  2⤵
  PID:112
- C:\Windows\System\ShLBNHH.exe
  C:\Windows\System\ShLBNHH.exe
  2⤵
  PID:2652
- C:\Windows\System\MqVDzmY.exe
  C:\Windows\System\MqVDzmY.exe
  2⤵
  PID:1296
- C:\Windows\System\GqfxCXn.exe
  C:\Windows\System\GqfxCXn.exe
  2⤵
  PID:996
- C:\Windows\System\clWBXIy.exe
  C:\Windows\System\clWBXIy.exe
  2⤵
  PID:2012
- C:\Windows\System\lGpQFoL.exe
  C:\Windows\System\lGpQFoL.exe
  2⤵
  PID:1576
- C:\Windows\System\YHzIDXl.exe
  C:\Windows\System\YHzIDXl.exe
  2⤵
  PID:2768
- C:\Windows\System\ANISGkt.exe
  C:\Windows\System\ANISGkt.exe
  2⤵
  PID:1372
- C:\Windows\System\JowohjV.exe
  C:\Windows\System\JowohjV.exe
  2⤵
  PID:3116
- C:\Windows\System\NVmnWWm.exe
  C:\Windows\System\NVmnWWm.exe
  2⤵
  PID:556
- C:\Windows\System\mPUKmsF.exe
  C:\Windows\System\mPUKmsF.exe
  2⤵
  PID:3188
- C:\Windows\System\ujMeqiH.exe
  C:\Windows\System\ujMeqiH.exe
  2⤵
  PID:1976
- C:\Windows\System\IXzExdL.exe
  C:\Windows\System\IXzExdL.exe
  2⤵
  PID:2232
- C:\Windows\System\mGqWcTa.exe
  C:\Windows\System\mGqWcTa.exe
  2⤵
  PID:3228
- C:\Windows\System\nnpvYno.exe
  C:\Windows\System\nnpvYno.exe
  2⤵
  PID:3236
- C:\Windows\System\eAPsPhO.exe
  C:\Windows\System\eAPsPhO.exe
  2⤵
  PID:3096
- C:\Windows\System\GPkyaHY.exe
  C:\Windows\System\GPkyaHY.exe
  2⤵
  PID:3132
- C:\Windows\System\HhPydxA.exe
  C:\Windows\System\HhPydxA.exe
  2⤵
  PID:3252
- C:\Windows\System\TdWYdKt.exe
  C:\Windows\System\TdWYdKt.exe
  2⤵
  PID:3268
- C:\Windows\System\fasEdfM.exe
  C:\Windows\System\fasEdfM.exe
  2⤵
  PID:3324
- C:\Windows\System\EgyqJRQ.exe
  C:\Windows\System\EgyqJRQ.exe
  2⤵
  PID:3372
- C:\Windows\System\wxUoMLu.exe
  C:\Windows\System\wxUoMLu.exe
  2⤵
  PID:3304
- C:\Windows\System\NOZHFvm.exe
  C:\Windows\System\NOZHFvm.exe
  2⤵
  PID:3348
- C:\Windows\System\LxZFsOP.exe
  C:\Windows\System\LxZFsOP.exe
  2⤵
  PID:3444
- C:\Windows\System\DNkDENA.exe
  C:\Windows\System\DNkDENA.exe
  2⤵
  PID:3520
- C:\Windows\System\onQswEA.exe
  C:\Windows\System\onQswEA.exe
  2⤵
  PID:3560
- C:\Windows\System\HsSyGne.exe
  C:\Windows\System\HsSyGne.exe
  2⤵
  PID:3636
- C:\Windows\System\PRZmHfp.exe
  C:\Windows\System\PRZmHfp.exe
  2⤵
  PID:3704
- C:\Windows\System\zamaxBV.exe
  C:\Windows\System\zamaxBV.exe
  2⤵
  PID:3388
- C:\Windows\System\bjZKzhq.exe
  C:\Windows\System\bjZKzhq.exe
  2⤵
  PID:3768
- C:\Windows\System\pgbRzek.exe
  C:\Windows\System\pgbRzek.exe
  2⤵
  PID:3804
- C:\Windows\System\aVNKisN.exe
  C:\Windows\System\aVNKisN.exe
  2⤵
  PID:3756
- C:\Windows\System\jtBykej.exe
  C:\Windows\System\jtBykej.exe
  2⤵
  PID:3584
- C:\Windows\System\qniFwRA.exe
  C:\Windows\System\qniFwRA.exe
  2⤵
  PID:3620
- C:\Windows\System\uskUBgy.exe
  C:\Windows\System\uskUBgy.exe
  2⤵
  PID:3720
- C:\Windows\System\ksFnQOp.exe
  C:\Windows\System\ksFnQOp.exe
  2⤵
  PID:3580
- C:\Windows\System\udkkUgI.exe
  C:\Windows\System\udkkUgI.exe
  2⤵
  PID:3920
- C:\Windows\System\UuZpnuX.exe
  C:\Windows\System\UuZpnuX.exe
  2⤵
  PID:3952
- C:\Windows\System\TjZTWLZ.exe
  C:\Windows\System\TjZTWLZ.exe
  2⤵
  PID:3968
- C:\Windows\System\qwJiztD.exe
  C:\Windows\System\qwJiztD.exe
  2⤵
  PID:4000
- C:\Windows\System\RDQyHTz.exe
  C:\Windows\System\RDQyHTz.exe
  2⤵
  PID:4032
- C:\Windows\System\bKeDCNh.exe
  C:\Windows\System\bKeDCNh.exe
  2⤵
  PID:4080
- C:\Windows\System\msFZWHq.exe
  C:\Windows\System\msFZWHq.exe
  2⤵
  PID:2556
- C:\Windows\System\xIllaSe.exe
  C:\Windows\System\xIllaSe.exe
  2⤵
  PID:2440
- C:\Windows\System\BheZxVv.exe
  C:\Windows\System\BheZxVv.exe
  2⤵
  PID:1536
- C:\Windows\System\UtYLSJl.exe
  C:\Windows\System\UtYLSJl.exe
  2⤵
  PID:1820
- C:\Windows\System\GaDqRlz.exe
  C:\Windows\System\GaDqRlz.exe
  2⤵
  PID:3148
- C:\Windows\System\YcwKJAG.exe
  C:\Windows\System\YcwKJAG.exe
  2⤵
  PID:3112
- C:\Windows\System\bFAyyep.exe
  C:\Windows\System\bFAyyep.exe
  2⤵
  PID:2376
- C:\Windows\System\eIVHxvi.exe
  C:\Windows\System\eIVHxvi.exe
  2⤵
  PID:788
- C:\Windows\System\HukNVFs.exe
  C:\Windows\System\HukNVFs.exe
  2⤵
  PID:3292
- C:\Windows\System\WoWUrTq.exe
  C:\Windows\System\WoWUrTq.exe
  2⤵
  PID:3320
- C:\Windows\System\ZIAhgzI.exe
  C:\Windows\System\ZIAhgzI.exe
  2⤵
  PID:3344
- C:\Windows\System\qQgearU.exe
  C:\Windows\System\qQgearU.exe
  2⤵
  PID:3408
- C:\Windows\System\dwndsLD.exe
  C:\Windows\System\dwndsLD.exe
  2⤵
  PID:3564
- C:\Windows\System\TnpxiES.exe
  C:\Windows\System\TnpxiES.exe
  2⤵
  PID:3700
- C:\Windows\System\NPNAXQw.exe
  C:\Windows\System\NPNAXQw.exe
  2⤵
  PID:3428
- C:\Windows\System\wxMpxFU.exe
  C:\Windows\System\wxMpxFU.exe
  2⤵
  PID:3716
- C:\Windows\System\YqtxeYW.exe
  C:\Windows\System\YqtxeYW.exe
  2⤵
  PID:3468
- C:\Windows\System\OaywjBN.exe
  C:\Windows\System\OaywjBN.exe
  2⤵
  PID:3544
- C:\Windows\System\SlXftTs.exe
  C:\Windows\System\SlXftTs.exe
  2⤵
  PID:3936
- C:\Windows\System\uGixlga.exe
  C:\Windows\System\uGixlga.exe
  2⤵
  PID:3988
- C:\Windows\System\uYHnuXa.exe
  C:\Windows\System\uYHnuXa.exe
  2⤵
  PID:4052
- C:\Windows\System\cEXzycC.exe
  C:\Windows\System\cEXzycC.exe
  2⤵
  PID:4108
- C:\Windows\System\FyLTZCe.exe
  C:\Windows\System\FyLTZCe.exe
  2⤵
  PID:4124
- C:\Windows\System\osVySEb.exe
  C:\Windows\System\osVySEb.exe
  2⤵
  PID:4140
- C:\Windows\System\vjwkBYU.exe
  C:\Windows\System\vjwkBYU.exe
  2⤵
  PID:4156
- C:\Windows\System\mQsLMWv.exe
  C:\Windows\System\mQsLMWv.exe
  2⤵
  PID:4172
- C:\Windows\System\fujBGeS.exe
  C:\Windows\System\fujBGeS.exe
  2⤵
  PID:4188
- C:\Windows\System\REzFzPI.exe
  C:\Windows\System\REzFzPI.exe
  2⤵
  PID:4204
- C:\Windows\System\KylQBBS.exe
  C:\Windows\System\KylQBBS.exe
  2⤵
  PID:4220
- C:\Windows\System\yMjgtcR.exe
  C:\Windows\System\yMjgtcR.exe
  2⤵
  PID:4236
- C:\Windows\System\WVeVYst.exe
  C:\Windows\System\WVeVYst.exe
  2⤵
  PID:4252
- C:\Windows\System\PkvKzlL.exe
  C:\Windows\System\PkvKzlL.exe
  2⤵
  PID:4268
- C:\Windows\System\nulchCE.exe
  C:\Windows\System\nulchCE.exe
  2⤵
  PID:4284
- C:\Windows\System\HUvaYlx.exe
  C:\Windows\System\HUvaYlx.exe
  2⤵
  PID:4300
- C:\Windows\System\aWmsfbH.exe
  C:\Windows\System\aWmsfbH.exe
  2⤵
  PID:4316
- C:\Windows\System\szllsNg.exe
  C:\Windows\System\szllsNg.exe
  2⤵
  PID:4332
- C:\Windows\System\dGUPgnj.exe
  C:\Windows\System\dGUPgnj.exe
  2⤵
  PID:4348
- C:\Windows\System\NdZySYk.exe
  C:\Windows\System\NdZySYk.exe
  2⤵
  PID:4364
- C:\Windows\System\opkFVkD.exe
  C:\Windows\System\opkFVkD.exe
  2⤵
  PID:4380
- C:\Windows\System\MRFlvUw.exe
  C:\Windows\System\MRFlvUw.exe
  2⤵
  PID:4396
- C:\Windows\System\YaBfTsT.exe
  C:\Windows\System\YaBfTsT.exe
  2⤵
  PID:4412
- C:\Windows\System\mkbbliX.exe
  C:\Windows\System\mkbbliX.exe
  2⤵
  PID:4428
- C:\Windows\System\afgZmNA.exe
  C:\Windows\System\afgZmNA.exe
  2⤵
  PID:4444
- C:\Windows\System\aiWdWGB.exe
  C:\Windows\System\aiWdWGB.exe
  2⤵
  PID:4460
- C:\Windows\System\fKptwLL.exe
  C:\Windows\System\fKptwLL.exe
  2⤵
  PID:4476
- C:\Windows\System\jxnEfGu.exe
  C:\Windows\System\jxnEfGu.exe
  2⤵
  PID:4492
- C:\Windows\System\tTJUDJe.exe
  C:\Windows\System\tTJUDJe.exe
  2⤵
  PID:4508
- C:\Windows\System\BlWPWaZ.exe
  C:\Windows\System\BlWPWaZ.exe
  2⤵
  PID:4524
- C:\Windows\System\cahgMkl.exe
  C:\Windows\System\cahgMkl.exe
  2⤵
  PID:4540
- C:\Windows\System\dIRueRm.exe
  C:\Windows\System\dIRueRm.exe
  2⤵
  PID:4560
- C:\Windows\System\qgYCyau.exe
  C:\Windows\System\qgYCyau.exe
  2⤵
  PID:4576
- C:\Windows\System\cBBVkvb.exe
  C:\Windows\System\cBBVkvb.exe
  2⤵
  PID:4592
- C:\Windows\System\ijDmBjT.exe
  C:\Windows\System\ijDmBjT.exe
  2⤵
  PID:4608
- C:\Windows\System\NxmswCM.exe
  C:\Windows\System\NxmswCM.exe
  2⤵
  PID:4624
- C:\Windows\System\GedFMRl.exe
  C:\Windows\System\GedFMRl.exe
  2⤵
  PID:4640
- C:\Windows\System\DybkpjV.exe
  C:\Windows\System\DybkpjV.exe
  2⤵
  PID:4656
- C:\Windows\System\WWJSZtE.exe
  C:\Windows\System\WWJSZtE.exe
  2⤵
  PID:4672
- C:\Windows\System\DcyMrXh.exe
  C:\Windows\System\DcyMrXh.exe
  2⤵
  PID:4688
- C:\Windows\System\uoDoBpD.exe
  C:\Windows\System\uoDoBpD.exe
  2⤵
  PID:4704
- C:\Windows\System\inFRHin.exe
  C:\Windows\System\inFRHin.exe
  2⤵
  PID:4720
- C:\Windows\System\zeZMiKp.exe
  C:\Windows\System\zeZMiKp.exe
  2⤵
  PID:4736
- C:\Windows\System\ValgwwO.exe
  C:\Windows\System\ValgwwO.exe
  2⤵
  PID:4752
- C:\Windows\System\dFhTLjg.exe
  C:\Windows\System\dFhTLjg.exe
  2⤵
  PID:4768
- C:\Windows\System\xkUsVkc.exe
  C:\Windows\System\xkUsVkc.exe
  2⤵
  PID:4784
- C:\Windows\System\eTsVMuw.exe
  C:\Windows\System\eTsVMuw.exe
  2⤵
  PID:4800
- C:\Windows\System\bzSIHpY.exe
  C:\Windows\System\bzSIHpY.exe
  2⤵
  PID:4816
- C:\Windows\System\vBcnqHT.exe
  C:\Windows\System\vBcnqHT.exe
  2⤵
  PID:4832
- C:\Windows\System\uouyydB.exe
  C:\Windows\System\uouyydB.exe
  2⤵
  PID:4848
- C:\Windows\System\EDvCWvg.exe
  C:\Windows\System\EDvCWvg.exe
  2⤵
  PID:4864
- C:\Windows\System\SJGGokw.exe
  C:\Windows\System\SJGGokw.exe
  2⤵
  PID:4880
- C:\Windows\System\CKmboLr.exe
  C:\Windows\System\CKmboLr.exe
  2⤵
  PID:4896
- C:\Windows\System\xQKpnLR.exe
  C:\Windows\System\xQKpnLR.exe
  2⤵
  PID:4912
- C:\Windows\System\QVYQQac.exe
  C:\Windows\System\QVYQQac.exe
  2⤵
  PID:4928
- C:\Windows\System\QXYufsX.exe
  C:\Windows\System\QXYufsX.exe
  2⤵
  PID:4944
- C:\Windows\System\UlPUrvS.exe
  C:\Windows\System\UlPUrvS.exe
  2⤵
  PID:4960
- C:\Windows\System\hHFWHiC.exe
  C:\Windows\System\hHFWHiC.exe
  2⤵
  PID:4976
- C:\Windows\System\IcVliLf.exe
  C:\Windows\System\IcVliLf.exe
  2⤵
  PID:4992
- C:\Windows\System\PdUEboP.exe
  C:\Windows\System\PdUEboP.exe
  2⤵
  PID:5008
- C:\Windows\System\KLpMqOG.exe
  C:\Windows\System\KLpMqOG.exe
  2⤵
  PID:5024
- C:\Windows\System\ulzhZzf.exe
  C:\Windows\System\ulzhZzf.exe
  2⤵
  PID:5040
- C:\Windows\System\sMPfrvh.exe
  C:\Windows\System\sMPfrvh.exe
  2⤵
  PID:5056
- C:\Windows\System\GkXHkgl.exe
  C:\Windows\System\GkXHkgl.exe
  2⤵
  PID:5072
- C:\Windows\System\ArImNqd.exe
  C:\Windows\System\ArImNqd.exe
  2⤵
  PID:5088
- C:\Windows\System\XcNwCop.exe
  C:\Windows\System\XcNwCop.exe
  2⤵
  PID:5104
- C:\Windows\System\fsXYYCe.exe
  C:\Windows\System\fsXYYCe.exe
  2⤵
  PID:4064
- C:\Windows\System\uEvkggB.exe
  C:\Windows\System\uEvkggB.exe
  2⤵
  PID:4068
- C:\Windows\System\ytxoghc.exe
  C:\Windows\System\ytxoghc.exe
  2⤵
  PID:1280
- C:\Windows\System\zARwXjo.exe
  C:\Windows\System\zARwXjo.exe
  2⤵
  PID:3216
- C:\Windows\System\sklWxYo.exe
  C:\Windows\System\sklWxYo.exe
  2⤵
  PID:3100
- C:\Windows\System\pBmksNJ.exe
  C:\Windows\System\pBmksNJ.exe
  2⤵
  PID:3328
- C:\Windows\System\HEfZIKu.exe
  C:\Windows\System\HEfZIKu.exe
  2⤵
  PID:3364
- C:\Windows\System\cMKHODQ.exe
  C:\Windows\System\cMKHODQ.exe
  2⤵
  PID:3672
- C:\Windows\System\occYbcB.exe
  C:\Windows\System\occYbcB.exe
  2⤵
  PID:3384
- C:\Windows\System\BskLsyW.exe
  C:\Windows\System\BskLsyW.exe
  2⤵
  PID:3504
- C:\Windows\System\FJzXgyz.exe
  C:\Windows\System\FJzXgyz.exe
  2⤵
  PID:3984
- C:\Windows\System\yRarLUA.exe
  C:\Windows\System\yRarLUA.exe
  2⤵
  PID:4020
- C:\Windows\System\JpHczzm.exe
  C:\Windows\System\JpHczzm.exe
  2⤵
  PID:4120
- C:\Windows\System\murCzhO.exe
  C:\Windows\System\murCzhO.exe
  2⤵
  PID:4196
- C:\Windows\System\mqwJHnf.exe
  C:\Windows\System\mqwJHnf.exe
  2⤵
  PID:4152
- C:\Windows\System\KUHPdMY.exe
  C:\Windows\System\KUHPdMY.exe
  2⤵
  PID:4216
- C:\Windows\System\HwwOCEt.exe
  C:\Windows\System\HwwOCEt.exe
  2⤵
  PID:4276
- C:\Windows\System\hiqthSO.exe
  C:\Windows\System\hiqthSO.exe
  2⤵
  PID:4308
- C:\Windows\System\xtEACRl.exe
  C:\Windows\System\xtEACRl.exe
  2⤵
  PID:4340
- C:\Windows\System\NSRFkFT.exe
  C:\Windows\System\NSRFkFT.exe
  2⤵
  PID:4344
- C:\Windows\System\RrKnTxO.exe
  C:\Windows\System\RrKnTxO.exe
  2⤵
  PID:4420
- C:\Windows\System\sUBZmpF.exe
  C:\Windows\System\sUBZmpF.exe
  2⤵
  PID:4436
- C:\Windows\System\evBFaMs.exe
  C:\Windows\System\evBFaMs.exe
  2⤵
  PID:4468
- C:\Windows\System\jNRXVlL.exe
  C:\Windows\System\jNRXVlL.exe
  2⤵
  PID:4516
- C:\Windows\System\lVOipXq.exe
  C:\Windows\System\lVOipXq.exe
  2⤵
  PID:4548
- C:\Windows\System\vUfhJlF.exe
  C:\Windows\System\vUfhJlF.exe
  2⤵
  PID:4584
- C:\Windows\System\BUyYmxu.exe
  C:\Windows\System\BUyYmxu.exe
  2⤵
  PID:4572
- C:\Windows\System\TgvfYPW.exe
  C:\Windows\System\TgvfYPW.exe
  2⤵
  PID:4632
- C:\Windows\System\zNmQVpZ.exe
  C:\Windows\System\zNmQVpZ.exe
  2⤵
  PID:4680
- C:\Windows\System\PSwihsp.exe
  C:\Windows\System\PSwihsp.exe
  2⤵
  PID:4696
- C:\Windows\System\CTEDpmj.exe
  C:\Windows\System\CTEDpmj.exe
  2⤵
  PID:4728
- C:\Windows\System\RNUZvGj.exe
  C:\Windows\System\RNUZvGj.exe
  2⤵
  PID:4732
- C:\Windows\System\CQkecgg.exe
  C:\Windows\System\CQkecgg.exe
  2⤵
  PID:4764
- C:\Windows\System\eNeTeYz.exe
  C:\Windows\System\eNeTeYz.exe
  2⤵
  PID:4824
- C:\Windows\System\FRBXNle.exe
  C:\Windows\System\FRBXNle.exe
  2⤵
  PID:4552
- C:\Windows\System\pyOhhQl.exe
  C:\Windows\System\pyOhhQl.exe
  2⤵
  PID:4876
- C:\Windows\System\vuXlfwn.exe
  C:\Windows\System\vuXlfwn.exe
  2⤵
  PID:4892
- C:\Windows\System\eWrCDME.exe
  C:\Windows\System\eWrCDME.exe
  2⤵
  PID:4940
- C:\Windows\System\ToPtQAZ.exe
  C:\Windows\System\ToPtQAZ.exe
  2⤵
  PID:4972
- C:\Windows\System\nTikRiZ.exe
  C:\Windows\System\nTikRiZ.exe
  2⤵
  PID:5032
- C:\Windows\System\iAqOblT.exe
  C:\Windows\System\iAqOblT.exe
  2⤵
  PID:5036
- C:\Windows\System\cbzkUKp.exe
  C:\Windows\System\cbzkUKp.exe
  2⤵
  PID:5068
- C:\Windows\System\JCzkvXD.exe
  C:\Windows\System\JCzkvXD.exe
  2⤵
  PID:5084
- C:\Windows\System\hGcyelH.exe
  C:\Windows\System\hGcyelH.exe
  2⤵
  PID:3196
- C:\Windows\System\nztQyMf.exe
  C:\Windows\System\nztQyMf.exe
  2⤵
  PID:3192
- C:\Windows\System\wRUOhtU.exe
  C:\Windows\System\wRUOhtU.exe
  2⤵
  PID:3152
- C:\Windows\System\VRJXjdr.exe
  C:\Windows\System\VRJXjdr.exe
  2⤵
  PID:3264
- C:\Windows\System\capQEqC.exe
  C:\Windows\System\capQEqC.exe
  2⤵
  PID:4100
- C:\Windows\System\NeTxpzq.exe
  C:\Windows\System\NeTxpzq.exe
  2⤵
  PID:3904
- C:\Windows\System\NCOEKsO.exe
  C:\Windows\System\NCOEKsO.exe
  2⤵
  PID:4136
- C:\Windows\System\wxwLTwc.exe
  C:\Windows\System\wxwLTwc.exe
  2⤵
  PID:4184
- C:\Windows\System\liaRIxF.exe
  C:\Windows\System\liaRIxF.exe
  2⤵
  PID:4260
- C:\Windows\System\bQKZGTE.exe
  C:\Windows\System\bQKZGTE.exe
  2⤵
  PID:4312
- C:\Windows\System\xFmkUqd.exe
  C:\Windows\System\xFmkUqd.exe
  2⤵
  PID:4424
- C:\Windows\System\YbpNktg.exe
  C:\Windows\System\YbpNktg.exe
  2⤵
  PID:4440
- C:\Windows\System\fyCJNZb.exe
  C:\Windows\System\fyCJNZb.exe
  2⤵
  PID:4620
- C:\Windows\System\fmrkpYF.exe
  C:\Windows\System\fmrkpYF.exe
  2⤵
  PID:4684
- C:\Windows\System\QXRhHWc.exe
  C:\Windows\System\QXRhHWc.exe
  2⤵
  PID:4568
- C:\Windows\System\uhGQmQT.exe
  C:\Windows\System\uhGQmQT.exe
  2⤵
  PID:4716
- C:\Windows\System\VyQKEja.exe
  C:\Windows\System\VyQKEja.exe
  2⤵
  PID:4812
- C:\Windows\System\BjzJQpZ.exe
  C:\Windows\System\BjzJQpZ.exe
  2⤵
  PID:4828
- C:\Windows\System\tlwIeDj.exe
  C:\Windows\System\tlwIeDj.exe
  2⤵
  PID:5000
- C:\Windows\System\ayUqZLi.exe
  C:\Windows\System\ayUqZLi.exe
  2⤵
  PID:5004
- C:\Windows\System\vWFvZVx.exe
  C:\Windows\System\vWFvZVx.exe
  2⤵
  PID:5052
- C:\Windows\System\nOcYMNM.exe
  C:\Windows\System\nOcYMNM.exe
  2⤵
  PID:5100
- C:\Windows\System\JgSapCU.exe
  C:\Windows\System\JgSapCU.exe
  2⤵
  PID:3176
- C:\Windows\System\mDPsPer.exe
  C:\Windows\System\mDPsPer.exe
  2⤵
  PID:5132
- C:\Windows\System\UlfYnGl.exe
  C:\Windows\System\UlfYnGl.exe
  2⤵
  PID:5148
- C:\Windows\System\VxhOlvM.exe
  C:\Windows\System\VxhOlvM.exe
  2⤵
  PID:5164
- C:\Windows\System\fYPBQts.exe
  C:\Windows\System\fYPBQts.exe
  2⤵
  PID:5180
- C:\Windows\System\ZyQQtVW.exe
  C:\Windows\System\ZyQQtVW.exe
  2⤵
  PID:5196
- C:\Windows\System\enpkbIJ.exe
  C:\Windows\System\enpkbIJ.exe
  2⤵
  PID:5216
- C:\Windows\System\lduHvQG.exe
  C:\Windows\System\lduHvQG.exe
  2⤵
  PID:5232
- C:\Windows\System\OEanlnP.exe
  C:\Windows\System\OEanlnP.exe
  2⤵
  PID:5248
- C:\Windows\System\szxcBZE.exe
  C:\Windows\System\szxcBZE.exe
  2⤵
  PID:5264
- C:\Windows\System\yhriaEJ.exe
  C:\Windows\System\yhriaEJ.exe
  2⤵
  PID:5280
- C:\Windows\System\NpXtwyB.exe
  C:\Windows\System\NpXtwyB.exe
  2⤵
  PID:5296
- C:\Windows\System\louOYhh.exe
  C:\Windows\System\louOYhh.exe
  2⤵
  PID:5312
- C:\Windows\System\XuMMzWP.exe
  C:\Windows\System\XuMMzWP.exe
  2⤵
  PID:5328
- C:\Windows\System\zXGxvje.exe
  C:\Windows\System\zXGxvje.exe
  2⤵
  PID:5344
- C:\Windows\System\cgIyVWc.exe
  C:\Windows\System\cgIyVWc.exe
  2⤵
  PID:5360
- C:\Windows\System\GPFdKSJ.exe
  C:\Windows\System\GPFdKSJ.exe
  2⤵
  PID:5376
- C:\Windows\System\RUAeDyB.exe
  C:\Windows\System\RUAeDyB.exe
  2⤵
  PID:5392
- C:\Windows\System\gscoVZL.exe
  C:\Windows\System\gscoVZL.exe
  2⤵
  PID:5408
- C:\Windows\System\MBlkXos.exe
  C:\Windows\System\MBlkXos.exe
  2⤵
  PID:5424
- C:\Windows\System\AfkLkNE.exe
  C:\Windows\System\AfkLkNE.exe
  2⤵
  PID:5440
- C:\Windows\System\WfUzluR.exe
  C:\Windows\System\WfUzluR.exe
  2⤵
  PID:5456
- C:\Windows\System\DSYcGZz.exe
  C:\Windows\System\DSYcGZz.exe
  2⤵
  PID:5472
- C:\Windows\System\VimTbEk.exe
  C:\Windows\System\VimTbEk.exe
  2⤵
  PID:5488
- C:\Windows\System\JpiffHY.exe
  C:\Windows\System\JpiffHY.exe
  2⤵
  PID:5504
- C:\Windows\System\JYjsDiw.exe
  C:\Windows\System\JYjsDiw.exe
  2⤵
  PID:5520
- C:\Windows\System\rHlGcij.exe
  C:\Windows\System\rHlGcij.exe
  2⤵
  PID:5536
- C:\Windows\System\XEVCFIQ.exe
  C:\Windows\System\XEVCFIQ.exe
  2⤵
  PID:5552
- C:\Windows\System\HafaaLH.exe
  C:\Windows\System\HafaaLH.exe
  2⤵
  PID:5568
- C:\Windows\System\TGfXYIg.exe
  C:\Windows\System\TGfXYIg.exe
  2⤵
  PID:5584
- C:\Windows\System\oroHSpx.exe
  C:\Windows\System\oroHSpx.exe
  2⤵
  PID:5600
- C:\Windows\System\CQxyQiH.exe
  C:\Windows\System\CQxyQiH.exe
  2⤵
  PID:5616
- C:\Windows\System\oNvMyYi.exe
  C:\Windows\System\oNvMyYi.exe
  2⤵
  PID:5632
- C:\Windows\System\WCNSTOo.exe
  C:\Windows\System\WCNSTOo.exe
  2⤵
  PID:5652
- C:\Windows\System\wTXQIEC.exe
  C:\Windows\System\wTXQIEC.exe
  2⤵
  PID:5668
- C:\Windows\System\tyLOEyJ.exe
  C:\Windows\System\tyLOEyJ.exe
  2⤵
  PID:5684
- C:\Windows\System\vfdyYiN.exe
  C:\Windows\System\vfdyYiN.exe
  2⤵
  PID:5700
- C:\Windows\System\ZFxdbuf.exe
  C:\Windows\System\ZFxdbuf.exe
  2⤵
  PID:5716
- C:\Windows\System\upfTEkC.exe
  C:\Windows\System\upfTEkC.exe
  2⤵
  PID:5732
- C:\Windows\System\oAmWRxD.exe
  C:\Windows\System\oAmWRxD.exe
  2⤵
  PID:5748
- C:\Windows\System\BKHRziQ.exe
  C:\Windows\System\BKHRziQ.exe
  2⤵
  PID:5764
- C:\Windows\System\rRBlpEh.exe
  C:\Windows\System\rRBlpEh.exe
  2⤵
  PID:5780
- C:\Windows\System\mWupmhW.exe
  C:\Windows\System\mWupmhW.exe
  2⤵
  PID:5796
- C:\Windows\System\NLlkuBF.exe
  C:\Windows\System\NLlkuBF.exe
  2⤵
  PID:5812
- C:\Windows\System\hSVzoBa.exe
  C:\Windows\System\hSVzoBa.exe
  2⤵
  PID:5828
- C:\Windows\System\opIhuNb.exe
  C:\Windows\System\opIhuNb.exe
  2⤵
  PID:5844
- C:\Windows\System\QuHtLjd.exe
  C:\Windows\System\QuHtLjd.exe
  2⤵
  PID:5860
- C:\Windows\System\abrsgjT.exe
  C:\Windows\System\abrsgjT.exe
  2⤵
  PID:5876
- C:\Windows\System\pMkQTZN.exe
  C:\Windows\System\pMkQTZN.exe
  2⤵
  PID:5892
- C:\Windows\System\SzuHraf.exe
  C:\Windows\System\SzuHraf.exe
  2⤵
  PID:5908
- C:\Windows\System\SofqUXh.exe
  C:\Windows\System\SofqUXh.exe
  2⤵
  PID:5924
- C:\Windows\System\ygCgntV.exe
  C:\Windows\System\ygCgntV.exe
  2⤵
  PID:5940
- C:\Windows\System\FVZuXEy.exe
  C:\Windows\System\FVZuXEy.exe
  2⤵
  PID:5956
- C:\Windows\System\dixUNeK.exe
  C:\Windows\System\dixUNeK.exe
  2⤵
  PID:5972
- C:\Windows\System\lznQMZC.exe
  C:\Windows\System\lznQMZC.exe
  2⤵
  PID:5988
- C:\Windows\System\FKGHeVS.exe
  C:\Windows\System\FKGHeVS.exe
  2⤵
  PID:6004
- C:\Windows\System\SKFgyDx.exe
  C:\Windows\System\SKFgyDx.exe
  2⤵
  PID:6020
- C:\Windows\System\heDAfnq.exe
  C:\Windows\System\heDAfnq.exe
  2⤵
  PID:6036
- C:\Windows\System\pXotbCt.exe
  C:\Windows\System\pXotbCt.exe
  2⤵
  PID:6052
- C:\Windows\System\UHhmfxg.exe
  C:\Windows\System\UHhmfxg.exe
  2⤵
  PID:6068
- C:\Windows\System\PElqBWM.exe
  C:\Windows\System\PElqBWM.exe
  2⤵
  PID:6084
- C:\Windows\System\aWBILKk.exe
  C:\Windows\System\aWBILKk.exe
  2⤵
  PID:6100
- C:\Windows\System\OSxBZrE.exe
  C:\Windows\System\OSxBZrE.exe
  2⤵
  PID:6116
- C:\Windows\System\CMFwFmc.exe
  C:\Windows\System\CMFwFmc.exe
  2⤵
  PID:6132
- C:\Windows\System\ZtaCJUs.exe
  C:\Windows\System\ZtaCJUs.exe
  2⤵
  PID:3556
- C:\Windows\System\dwpUbvN.exe
  C:\Windows\System\dwpUbvN.exe
  2⤵
  PID:4148
- C:\Windows\System\RCjyGWy.exe
  C:\Windows\System\RCjyGWy.exe
  2⤵
  PID:4180
- C:\Windows\System\owSoUMZ.exe
  C:\Windows\System\owSoUMZ.exe
  2⤵
  PID:4408
- C:\Windows\System\wuZOuBn.exe
  C:\Windows\System\wuZOuBn.exe
  2⤵
  PID:4556
- C:\Windows\System\PFfAGCf.exe
  C:\Windows\System\PFfAGCf.exe
  2⤵
  PID:4668
- C:\Windows\System\TxgdwBY.exe
  C:\Windows\System\TxgdwBY.exe
  2⤵
  PID:4780
- C:\Windows\System\oUJhLRx.exe
  C:\Windows\System\oUJhLRx.exe
  2⤵
  PID:4904
- C:\Windows\System\zxkOKHM.exe
  C:\Windows\System\zxkOKHM.exe
  2⤵
  PID:5064
- C:\Windows\System\WYLdrcO.exe
  C:\Windows\System\WYLdrcO.exe
  2⤵
  PID:1736
- C:\Windows\System\YTCrsYa.exe
  C:\Windows\System\YTCrsYa.exe
  2⤵
  PID:5124
- C:\Windows\System\CCqgoUc.exe
  C:\Windows\System\CCqgoUc.exe
  2⤵
  PID:5172
- C:\Windows\System\PEtNluq.exe
  C:\Windows\System\PEtNluq.exe
  2⤵
  PID:5188
- C:\Windows\System\FXStKzr.exe
  C:\Windows\System\FXStKzr.exe
  2⤵
  PID:5244
- C:\Windows\System\rQhSGGH.exe
  C:\Windows\System\rQhSGGH.exe
  2⤵
  PID:5256
- C:\Windows\System\jDYsZAu.exe
  C:\Windows\System\jDYsZAu.exe
  2⤵
  PID:5288
- C:\Windows\System\pxOvzNH.exe
  C:\Windows\System\pxOvzNH.exe
  2⤵
  PID:5336
- C:\Windows\System\sVowyUv.exe
  C:\Windows\System\sVowyUv.exe
  2⤵
  PID:5356
- C:\Windows\System\zmoElrz.exe
  C:\Windows\System\zmoElrz.exe
  2⤵
  PID:5212
- C:\Windows\System\sfyDmur.exe
  C:\Windows\System\sfyDmur.exe
  2⤵
  PID:5388
- C:\Windows\System\klaJeKS.exe
  C:\Windows\System\klaJeKS.exe
  2⤵
  PID:5496
- C:\Windows\System\QwtyXyh.exe
  C:\Windows\System\QwtyXyh.exe
  2⤵
  PID:5528
- C:\Windows\System\iirQUeV.exe
  C:\Windows\System\iirQUeV.exe
  2⤵
  PID:5480
- C:\Windows\System\wmbDCmg.exe
  C:\Windows\System\wmbDCmg.exe
  2⤵
  PID:5512
- C:\Windows\System\cuWiLXP.exe
  C:\Windows\System\cuWiLXP.exe
  2⤵
  PID:5516
- C:\Windows\System\jfEskUU.exe
  C:\Windows\System\jfEskUU.exe
  2⤵
  PID:5580
- C:\Windows\System\IWNikxo.exe
  C:\Windows\System\IWNikxo.exe
  2⤵
  PID:5608
- C:\Windows\System\cQahMhw.exe
  C:\Windows\System\cQahMhw.exe
  2⤵
  PID:5640
- C:\Windows\System\vQqZMTu.exe
  C:\Windows\System\vQqZMTu.exe
  2⤵
  PID:5680
- C:\Windows\System\tWnkitp.exe
  C:\Windows\System\tWnkitp.exe
  2⤵
  PID:5708
- C:\Windows\System\bFvWbRZ.exe
  C:\Windows\System\bFvWbRZ.exe
  2⤵
  PID:5820
- C:\Windows\System\MOquZQE.exe
  C:\Windows\System\MOquZQE.exe
  2⤵
  PID:5776
- C:\Windows\System\yjfrqnK.exe
  C:\Windows\System\yjfrqnK.exe
  2⤵
  PID:5808
- C:\Windows\System\nWFTefJ.exe
  C:\Windows\System\nWFTefJ.exe
  2⤵
  PID:5884
- C:\Windows\System\otqVDGP.exe
  C:\Windows\System\otqVDGP.exe
  2⤵
  PID:5948
- C:\Windows\System\hKeZNLs.exe
  C:\Windows\System\hKeZNLs.exe
  2⤵
  PID:6012
- C:\Windows\System\cqHDuhg.exe
  C:\Windows\System\cqHDuhg.exe
  2⤵
  PID:5904
- C:\Windows\System\cmKBlba.exe
  C:\Windows\System\cmKBlba.exe
  2⤵
  PID:6044
- C:\Windows\System\FyslEZs.exe
  C:\Windows\System\FyslEZs.exe
  2⤵
  PID:6080
- C:\Windows\System\hufLduB.exe
  C:\Windows\System\hufLduB.exe
  2⤵
  PID:5996
- C:\Windows\System\YpZUJZL.exe
  C:\Windows\System\YpZUJZL.exe
  2⤵
  PID:4168
- C:\Windows\System\IHXqYCY.exe
  C:\Windows\System\IHXqYCY.exe
  2⤵
  PID:6060
- C:\Windows\System\MpOHOEh.exe
  C:\Windows\System\MpOHOEh.exe
  2⤵
  PID:4520
- C:\Windows\System\cUWZSso.exe
  C:\Windows\System\cUWZSso.exe
  2⤵
  PID:4968
- C:\Windows\System\QlSIoXq.exe
  C:\Windows\System\QlSIoXq.exe
  2⤵
  PID:4132
- C:\Windows\System\dOFYdsX.exe
  C:\Windows\System\dOFYdsX.exe
  2⤵
  PID:4360
- C:\Windows\System\fpGfqJz.exe
  C:\Windows\System\fpGfqJz.exe
  2⤵
  PID:5176
- C:\Windows\System\JDzHNrS.exe
  C:\Windows\System\JDzHNrS.exe
  2⤵
  PID:5308
- C:\Windows\System\qegxDuH.exe
  C:\Windows\System\qegxDuH.exe
  2⤵
  PID:2668
- C:\Windows\System\qYwbsNc.exe
  C:\Windows\System\qYwbsNc.exe
  2⤵
  PID:5156
- C:\Windows\System\gDTJrbB.exe
  C:\Windows\System\gDTJrbB.exe
  2⤵
  PID:5304
- C:\Windows\System\TxUEXfF.exe
  C:\Windows\System\TxUEXfF.exe
  2⤵
  PID:5464
- C:\Windows\System\RYgTCXc.exe
  C:\Windows\System\RYgTCXc.exe
  2⤵
  PID:5404
- C:\Windows\System\vqPAgBh.exe
  C:\Windows\System\vqPAgBh.exe
  2⤵
  PID:5560
- C:\Windows\System\qGYucqH.exe
  C:\Windows\System\qGYucqH.exe
  2⤵
  PID:5692
- C:\Windows\System\uCxNzbx.exe
  C:\Windows\System\uCxNzbx.exe
  2⤵
  PID:5676
- C:\Windows\System\alPNgOG.exe
  C:\Windows\System\alPNgOG.exe
  2⤵
  PID:5756
- C:\Windows\System\vuIjerz.exe
  C:\Windows\System\vuIjerz.exe
  2⤵
  PID:5804
- C:\Windows\System\qBWGkjk.exe
  C:\Windows\System\qBWGkjk.exe
  2⤵
  PID:5916
- C:\Windows\System\PrtwGYg.exe
  C:\Windows\System\PrtwGYg.exe
  2⤵
  PID:5836
- C:\Windows\System\AGHHSvP.exe
  C:\Windows\System\AGHHSvP.exe
  2⤵
  PID:5980
- C:\Windows\System\OWtUQRh.exe
  C:\Windows\System\OWtUQRh.exe
  2⤵
  PID:6016
- C:\Windows\System\goUsuRV.exe
  C:\Windows\System\goUsuRV.exe
  2⤵
  PID:4504
- C:\Windows\System\cXWkveW.exe
  C:\Windows\System\cXWkveW.exe
  2⤵
  PID:4536
- C:\Windows\System\LmdnAQr.exe
  C:\Windows\System\LmdnAQr.exe
  2⤵
  PID:6032
- C:\Windows\System\cMHAtUM.exe
  C:\Windows\System\cMHAtUM.exe
  2⤵
  PID:6156
- C:\Windows\System\AIpxUSX.exe
  C:\Windows\System\AIpxUSX.exe
  2⤵
  PID:6172
- C:\Windows\System\wbSgKAt.exe
  C:\Windows\System\wbSgKAt.exe
  2⤵
  PID:6188
- C:\Windows\System\oOLadWz.exe
  C:\Windows\System\oOLadWz.exe
  2⤵
  PID:6208
- C:\Windows\System\DZRBJOv.exe
  C:\Windows\System\DZRBJOv.exe
  2⤵
  PID:6224
- C:\Windows\System\ohTdqXi.exe
  C:\Windows\System\ohTdqXi.exe
  2⤵
  PID:6240
- C:\Windows\System\HmEvNOy.exe
  C:\Windows\System\HmEvNOy.exe
  2⤵
  PID:6256
- C:\Windows\System\qSDVqhq.exe
  C:\Windows\System\qSDVqhq.exe
  2⤵
  PID:6272
- C:\Windows\System\HXNFrMv.exe
  C:\Windows\System\HXNFrMv.exe
  2⤵
  PID:6288
- C:\Windows\System\WdLJNmz.exe
  C:\Windows\System\WdLJNmz.exe
  2⤵
  PID:6304
- C:\Windows\System\bPDAsFy.exe
  C:\Windows\System\bPDAsFy.exe
  2⤵
  PID:6320
- C:\Windows\System\QHlIkDt.exe
  C:\Windows\System\QHlIkDt.exe
  2⤵
  PID:6336
- C:\Windows\System\AUijtTf.exe
  C:\Windows\System\AUijtTf.exe
  2⤵
  PID:6352
- C:\Windows\System\CkHHTbd.exe
  C:\Windows\System\CkHHTbd.exe
  2⤵
  PID:6368
- C:\Windows\System\OksfeDK.exe
  C:\Windows\System\OksfeDK.exe
  2⤵
  PID:6384
- C:\Windows\System\AMlznfl.exe
  C:\Windows\System\AMlznfl.exe
  2⤵
  PID:6400
- C:\Windows\System\ilsVOHj.exe
  C:\Windows\System\ilsVOHj.exe
  2⤵
  PID:6416
- C:\Windows\System\UlbRzEP.exe
  C:\Windows\System\UlbRzEP.exe
  2⤵
  PID:6432
- C:\Windows\System\tuZQknV.exe
  C:\Windows\System\tuZQknV.exe
  2⤵
  PID:6452
- C:\Windows\System\rJJivXh.exe
  C:\Windows\System\rJJivXh.exe
  2⤵
  PID:6468
- C:\Windows\System\neUrYky.exe
  C:\Windows\System\neUrYky.exe
  2⤵
  PID:6484
- C:\Windows\System\kZeROzZ.exe
  C:\Windows\System\kZeROzZ.exe
  2⤵
  PID:6500
- C:\Windows\System\npUXOUh.exe
  C:\Windows\System\npUXOUh.exe
  2⤵
  PID:6516
- C:\Windows\System\wvNYnZi.exe
  C:\Windows\System\wvNYnZi.exe
  2⤵
  PID:6532
- C:\Windows\System\BsZvXyq.exe
  C:\Windows\System\BsZvXyq.exe
  2⤵
  PID:6548
- C:\Windows\System\FfITLBZ.exe
  C:\Windows\System\FfITLBZ.exe
  2⤵
  PID:6564
- C:\Windows\System\CglSCNc.exe
  C:\Windows\System\CglSCNc.exe
  2⤵
  PID:6580
- C:\Windows\System\GKmsrAw.exe
  C:\Windows\System\GKmsrAw.exe
  2⤵
  PID:6596
- C:\Windows\System\FfOmmVf.exe
  C:\Windows\System\FfOmmVf.exe
  2⤵
  PID:6612
- C:\Windows\System\dYnEoin.exe
  C:\Windows\System\dYnEoin.exe
  2⤵
  PID:6628
- C:\Windows\System\KjfFojn.exe
  C:\Windows\System\KjfFojn.exe
  2⤵
  PID:6644
- C:\Windows\System\KQxLIId.exe
  C:\Windows\System\KQxLIId.exe
  2⤵
  PID:6660
- C:\Windows\System\fROpKtH.exe
  C:\Windows\System\fROpKtH.exe
  2⤵
  PID:6676
- C:\Windows\System\dDrrgzY.exe
  C:\Windows\System\dDrrgzY.exe
  2⤵
  PID:6692
- C:\Windows\System\pUPxtiu.exe
  C:\Windows\System\pUPxtiu.exe
  2⤵
  PID:6708
- C:\Windows\System\cMVviFa.exe
  C:\Windows\System\cMVviFa.exe
  2⤵
  PID:6724
- C:\Windows\System\EsVYiOA.exe
  C:\Windows\System\EsVYiOA.exe
  2⤵
  PID:6740
- C:\Windows\System\LyhwNTV.exe
  C:\Windows\System\LyhwNTV.exe
  2⤵
  PID:6756
- C:\Windows\System\GHQPVLt.exe
  C:\Windows\System\GHQPVLt.exe
  2⤵
  PID:6772
- C:\Windows\System\HFBFPmL.exe
  C:\Windows\System\HFBFPmL.exe
  2⤵
  PID:6788
- C:\Windows\System\lIZKIQe.exe
  C:\Windows\System\lIZKIQe.exe
  2⤵
  PID:6804
- C:\Windows\System\newmdBN.exe
  C:\Windows\System\newmdBN.exe
  2⤵
  PID:6820
- C:\Windows\System\suKoNyz.exe
  C:\Windows\System\suKoNyz.exe
  2⤵
  PID:6836
- C:\Windows\System\zjAZpYA.exe
  C:\Windows\System\zjAZpYA.exe
  2⤵
  PID:6852
- C:\Windows\System\yMUhmFb.exe
  C:\Windows\System\yMUhmFb.exe
  2⤵
  PID:6868
- C:\Windows\System\KLZXnYq.exe
  C:\Windows\System\KLZXnYq.exe
  2⤵
  PID:6884
- C:\Windows\System\oubZyoW.exe
  C:\Windows\System\oubZyoW.exe
  2⤵
  PID:6956
- C:\Windows\System\YGCjTdS.exe
  C:\Windows\System\YGCjTdS.exe
  2⤵
  PID:6972
- C:\Windows\System\iYLCbkv.exe
  C:\Windows\System\iYLCbkv.exe
  2⤵
  PID:6988
- C:\Windows\System\wqkBRpd.exe
  C:\Windows\System\wqkBRpd.exe
  2⤵
  PID:7004
- C:\Windows\System\kzRNLWu.exe
  C:\Windows\System\kzRNLWu.exe
  2⤵
  PID:7020
- C:\Windows\System\MtmAXjx.exe
  C:\Windows\System\MtmAXjx.exe
  2⤵
  PID:7036
- C:\Windows\System\DiHCTrc.exe
  C:\Windows\System\DiHCTrc.exe
  2⤵
  PID:7052
- C:\Windows\System\pIVoaYG.exe
  C:\Windows\System\pIVoaYG.exe
  2⤵
  PID:7068
- C:\Windows\System\zDATGpO.exe
  C:\Windows\System\zDATGpO.exe
  2⤵
  PID:7084
- C:\Windows\System\iVujVkv.exe
  C:\Windows\System\iVujVkv.exe
  2⤵
  PID:7100
- C:\Windows\System\dBpvdfX.exe
  C:\Windows\System\dBpvdfX.exe
  2⤵
  PID:7116
- C:\Windows\System\tzVJRHc.exe
  C:\Windows\System\tzVJRHc.exe
  2⤵
  PID:7132
- C:\Windows\System\wgzzntc.exe
  C:\Windows\System\wgzzntc.exe
  2⤵
  PID:7148
- C:\Windows\System\YrQrLQn.exe
  C:\Windows\System\YrQrLQn.exe
  2⤵
  PID:4844
- C:\Windows\System\ADaeBym.exe
  C:\Windows\System\ADaeBym.exe
  2⤵
  PID:5448
- C:\Windows\System\mBshFwh.exe
  C:\Windows\System\mBshFwh.exe
  2⤵
  PID:5096
- C:\Windows\System\CePfuAv.exe
  C:\Windows\System\CePfuAv.exe
  2⤵
  PID:2080
- C:\Windows\System\FBGCaHf.exe
  C:\Windows\System\FBGCaHf.exe
  2⤵
  PID:5872
- C:\Windows\System\ZGKTInO.exe
  C:\Windows\System\ZGKTInO.exe
  2⤵
  PID:4376
- C:\Windows\System\jGBaBoU.exe
  C:\Windows\System\jGBaBoU.exe
  2⤵
  PID:6028
- C:\Windows\System\pmMtIzC.exe
  C:\Windows\System\pmMtIzC.exe
  2⤵
  PID:5144
- C:\Windows\System\oiMmFYt.exe
  C:\Windows\System\oiMmFYt.exe
  2⤵
  PID:5420
- C:\Windows\System\QlNdYlc.exe
  C:\Windows\System\QlNdYlc.exe
  2⤵
  PID:6264
- C:\Windows\System\PsqhSmS.exe
  C:\Windows\System\PsqhSmS.exe
  2⤵
  PID:6300
- C:\Windows\System\RifxQHq.exe
  C:\Windows\System\RifxQHq.exe
  2⤵
  PID:5792
- C:\Windows\System\CwAzwFH.exe
  C:\Windows\System\CwAzwFH.exe
  2⤵
  PID:6076
- C:\Windows\System\vCbpAJy.exe
  C:\Windows\System\vCbpAJy.exe
  2⤵
  PID:6128
- C:\Windows\System\yEWlRLd.exe
  C:\Windows\System\yEWlRLd.exe
  2⤵
  PID:6180
- C:\Windows\System\mFFqaId.exe
  C:\Windows\System\mFFqaId.exe
  2⤵
  PID:6216
- C:\Windows\System\UwsrwNX.exe
  C:\Windows\System\UwsrwNX.exe
  2⤵
  PID:6280
- C:\Windows\System\YysOuiE.exe
  C:\Windows\System\YysOuiE.exe
  2⤵
  PID:6424
- C:\Windows\System\sHecIwa.exe
  C:\Windows\System\sHecIwa.exe
  2⤵
  PID:6492
- C:\Windows\System\lMYdNrM.exe
  C:\Windows\System\lMYdNrM.exe
  2⤵
  PID:6524
- C:\Windows\System\NbLFOLc.exe
  C:\Windows\System\NbLFOLc.exe
  2⤵
  PID:6376
- C:\Windows\System\DIxTzeh.exe
  C:\Windows\System\DIxTzeh.exe
  2⤵
  PID:6440
- C:\Windows\System\GtQgVUP.exe
  C:\Windows\System\GtQgVUP.exe
  2⤵
  PID:6556
- C:\Windows\System\gqefVOw.exe
  C:\Windows\System\gqefVOw.exe
  2⤵
  PID:6592
- C:\Windows\System\eYkPgFf.exe
  C:\Windows\System\eYkPgFf.exe
  2⤵
  PID:6624
- C:\Windows\System\HdpCtxa.exe
  C:\Windows\System\HdpCtxa.exe
  2⤵
  PID:6684
- C:\Windows\System\yTtJmdj.exe
  C:\Windows\System\yTtJmdj.exe
  2⤵
  PID:6748
- C:\Windows\System\lGdPnjt.exe
  C:\Windows\System\lGdPnjt.exe
  2⤵
  PID:6812
- C:\Windows\System\FVaXNzm.exe
  C:\Windows\System\FVaXNzm.exe
  2⤵
  PID:6848
- C:\Windows\System\ysaijEm.exe
  C:\Windows\System\ysaijEm.exe
  2⤵
  PID:6576
- C:\Windows\System\EXdilFz.exe
  C:\Windows\System\EXdilFz.exe
  2⤵
  PID:6668
- C:\Windows\System\JRrAvMY.exe
  C:\Windows\System\JRrAvMY.exe
  2⤵
  PID:6732
- C:\Windows\System\MuSWLpo.exe
  C:\Windows\System\MuSWLpo.exe
  2⤵
  PID:6796
- C:\Windows\System\FwvmPXo.exe
  C:\Windows\System\FwvmPXo.exe
  2⤵
  PID:6860
- C:\Windows\System\yHzxTrr.exe
  C:\Windows\System\yHzxTrr.exe
  2⤵
  PID:3772
- C:\Windows\System\HHMIMrF.exe
  C:\Windows\System\HHMIMrF.exe
  2⤵
  PID:6984
- C:\Windows\System\PTBVWQl.exe
  C:\Windows\System\PTBVWQl.exe
  2⤵
  PID:7028
- C:\Windows\System\OSGOvwE.exe
  C:\Windows\System\OSGOvwE.exe
  2⤵
  PID:7048
- C:\Windows\System\zamyRiF.exe
  C:\Windows\System\zamyRiF.exe
  2⤵
  PID:7080
- C:\Windows\System\zeujAMN.exe
  C:\Windows\System\zeujAMN.exe
  2⤵
  PID:7124
- C:\Windows\System\TEKHOtt.exe
  C:\Windows\System\TEKHOtt.exe
  2⤵
  PID:7144
- C:\Windows\System\FDdkGkv.exe
  C:\Windows\System\FDdkGkv.exe
  2⤵
  PID:5276
- C:\Windows\System\QUaRTqI.exe
  C:\Windows\System\QUaRTqI.exe
  2⤵
  PID:5696
- C:\Windows\System\lDxrbZc.exe
  C:\Windows\System\lDxrbZc.exe
  2⤵
  PID:3488
- C:\Windows\System\LZEDvKC.exe
  C:\Windows\System\LZEDvKC.exe
  2⤵
  PID:6168
- C:\Windows\System\xIrKJXO.exe
  C:\Windows\System\xIrKJXO.exe
  2⤵
  PID:6232
- C:\Windows\System\TzAiGyU.exe
  C:\Windows\System\TzAiGyU.exe
  2⤵
  PID:6332
- C:\Windows\System\OcshjGi.exe
  C:\Windows\System\OcshjGi.exe
  2⤵
  PID:6360
- C:\Windows\System\AsiNDnx.exe
  C:\Windows\System\AsiNDnx.exe
  2⤵
  PID:6392
- C:\Windows\System\NqSTLdg.exe
  C:\Windows\System\NqSTLdg.exe
  2⤵
  PID:3784
- C:\Windows\System\MbYUWbE.exe
  C:\Windows\System\MbYUWbE.exe
  2⤵
  PID:6460
- C:\Windows\System\dQvztiR.exe
  C:\Windows\System\dQvztiR.exe
  2⤵
  PID:6496
- C:\Windows\System\fpDwmad.exe
  C:\Windows\System\fpDwmad.exe
  2⤵
  PID:3820
- C:\Windows\System\peVBaXp.exe
  C:\Windows\System\peVBaXp.exe
  2⤵
  PID:6572
- C:\Windows\System\gOEzvaN.exe
  C:\Windows\System\gOEzvaN.exe
  2⤵
  PID:3604
- C:\Windows\System\nZzlCxr.exe
  C:\Windows\System\nZzlCxr.exe
  2⤵
  PID:6720
- C:\Windows\System\JCZphHo.exe
  C:\Windows\System\JCZphHo.exe
  2⤵
  PID:6784
- C:\Windows\System\LbCSZgW.exe
  C:\Windows\System\LbCSZgW.exe
  2⤵
  PID:6604
- C:\Windows\System\IJOCQOQ.exe
  C:\Windows\System\IJOCQOQ.exe
  2⤵
  PID:6704
- C:\Windows\System\uMvcell.exe
  C:\Windows\System\uMvcell.exe
  2⤵
  PID:6828
- C:\Windows\System\YxcLpdh.exe
  C:\Windows\System\YxcLpdh.exe
  2⤵
  PID:6996
- C:\Windows\System\JWTptFU.exe
  C:\Windows\System\JWTptFU.exe
  2⤵
  PID:7044
- C:\Windows\System\InnhMeP.exe
  C:\Windows\System\InnhMeP.exe
  2⤵
  PID:7076
- C:\Windows\System\dNUhsqM.exe
  C:\Windows\System\dNUhsqM.exe
  2⤵
  PID:7160
- C:\Windows\System\QWOgitO.exe
  C:\Windows\System\QWOgitO.exe
  2⤵
  PID:5664
- C:\Windows\System\zJmosOI.exe
  C:\Windows\System\zJmosOI.exe
  2⤵
  PID:3828
- C:\Windows\System\WxATsfC.exe
  C:\Windows\System\WxATsfC.exe
  2⤵
  PID:2692
- C:\Windows\System\CfQuaqh.exe
  C:\Windows\System\CfQuaqh.exe
  2⤵
  PID:5868
- C:\Windows\System\FMBrEYX.exe
  C:\Windows\System\FMBrEYX.exe
  2⤵
  PID:6152
- C:\Windows\System\aGACQRi.exe
  C:\Windows\System\aGACQRi.exe
  2⤵
  PID:3788
- C:\Windows\System\IprkxNZ.exe
  C:\Windows\System\IprkxNZ.exe
  2⤵
  PID:6380
- C:\Windows\System\XKUDUMr.exe
  C:\Windows\System\XKUDUMr.exe
  2⤵
  PID:6444
- C:\Windows\System\mDKpauF.exe
  C:\Windows\System\mDKpauF.exe
  2⤵
  PID:6716
- C:\Windows\System\tefyyyB.exe
  C:\Windows\System\tefyyyB.exe
  2⤵
  PID:6880
- C:\Windows\System\WFdJXRX.exe
  C:\Windows\System\WFdJXRX.exe
  2⤵
  PID:7180
- C:\Windows\System\WmCjYKb.exe
  C:\Windows\System\WmCjYKb.exe
  2⤵
  PID:7196
- C:\Windows\System\rLMOrlh.exe
  C:\Windows\System\rLMOrlh.exe
  2⤵
  PID:7212
- C:\Windows\System\WiSlxiP.exe
  C:\Windows\System\WiSlxiP.exe
  2⤵
  PID:7228
- C:\Windows\System\GLjqJyW.exe
  C:\Windows\System\GLjqJyW.exe
  2⤵
  PID:7244
- C:\Windows\System\GLWOsOo.exe
  C:\Windows\System\GLWOsOo.exe
  2⤵
  PID:7260
- C:\Windows\System\DcEltwO.exe
  C:\Windows\System\DcEltwO.exe
  2⤵
  PID:7276
- C:\Windows\System\hJlUKbY.exe
  C:\Windows\System\hJlUKbY.exe
  2⤵
  PID:7292
- C:\Windows\System\BhBIfdZ.exe
  C:\Windows\System\BhBIfdZ.exe
  2⤵
  PID:7312
- C:\Windows\System\uboLkDw.exe
  C:\Windows\System\uboLkDw.exe
  2⤵
  PID:7328
- C:\Windows\System\nLGMRWP.exe
  C:\Windows\System\nLGMRWP.exe
  2⤵
  PID:7344
- C:\Windows\System\gNBnZLG.exe
  C:\Windows\System\gNBnZLG.exe
  2⤵
  PID:7360
- C:\Windows\System\FdaNGTb.exe
  C:\Windows\System\FdaNGTb.exe
  2⤵
  PID:7376
- C:\Windows\System\raWbFgL.exe
  C:\Windows\System\raWbFgL.exe
  2⤵
  PID:7392
- C:\Windows\System\jiPPuoj.exe
  C:\Windows\System\jiPPuoj.exe
  2⤵
  PID:7408
- C:\Windows\System\cQBewVP.exe
  C:\Windows\System\cQBewVP.exe
  2⤵
  PID:7424
- C:\Windows\System\eHwEvPP.exe
  C:\Windows\System\eHwEvPP.exe
  2⤵
  PID:7440
- C:\Windows\System\KCWHKWP.exe
  C:\Windows\System\KCWHKWP.exe
  2⤵
  PID:7456
- C:\Windows\System\rURHHTN.exe
  C:\Windows\System\rURHHTN.exe
  2⤵
  PID:7472
- C:\Windows\System\qWHgkUc.exe
  C:\Windows\System\qWHgkUc.exe
  2⤵
  PID:7488
- C:\Windows\System\wFAbOno.exe
  C:\Windows\System\wFAbOno.exe
  2⤵
  PID:7504
- C:\Windows\System\ZrykPmk.exe
  C:\Windows\System\ZrykPmk.exe
  2⤵
  PID:7520
- C:\Windows\System\YExUETO.exe
  C:\Windows\System\YExUETO.exe
  2⤵
  PID:7536
- C:\Windows\System\HatESQm.exe
  C:\Windows\System\HatESQm.exe
  2⤵
  PID:7552
- C:\Windows\System\aEPSXox.exe
  C:\Windows\System\aEPSXox.exe
  2⤵
  PID:7568
- C:\Windows\System\riprAjI.exe
  C:\Windows\System\riprAjI.exe
  2⤵
  PID:7584
- C:\Windows\System\FWHMjqB.exe
  C:\Windows\System\FWHMjqB.exe
  2⤵
  PID:7600
- C:\Windows\System\IqDTJTD.exe
  C:\Windows\System\IqDTJTD.exe
  2⤵
  PID:7616
- C:\Windows\System\mZwnVMr.exe
  C:\Windows\System\mZwnVMr.exe
  2⤵
  PID:7632
- C:\Windows\System\dEvOuhA.exe
  C:\Windows\System\dEvOuhA.exe
  2⤵
  PID:7648
- C:\Windows\System\xPxWoJu.exe
  C:\Windows\System\xPxWoJu.exe
  2⤵
  PID:7664
- C:\Windows\System\QegqmFC.exe
  C:\Windows\System\QegqmFC.exe
  2⤵
  PID:7680
- C:\Windows\System\tIgrWGh.exe
  C:\Windows\System\tIgrWGh.exe
  2⤵
  PID:7704
- C:\Windows\System\oiKSRck.exe
  C:\Windows\System\oiKSRck.exe
  2⤵
  PID:7720
- C:\Windows\System\BaszDVe.exe
  C:\Windows\System\BaszDVe.exe
  2⤵
  PID:7736
- C:\Windows\System\nOWhYmw.exe
  C:\Windows\System\nOWhYmw.exe
  2⤵
  PID:7752
- C:\Windows\System\IBTMPcg.exe
  C:\Windows\System\IBTMPcg.exe
  2⤵
  PID:7768
- C:\Windows\System\gXYsQNF.exe
  C:\Windows\System\gXYsQNF.exe
  2⤵
  PID:7784
- C:\Windows\System\VnEVPez.exe
  C:\Windows\System\VnEVPez.exe
  2⤵
  PID:7800
- C:\Windows\System\RNJsnEJ.exe
  C:\Windows\System\RNJsnEJ.exe
  2⤵
  PID:7816
- C:\Windows\System\xezMdTM.exe
  C:\Windows\System\xezMdTM.exe
  2⤵
  PID:7832
- C:\Windows\System\qkDIdJa.exe
  C:\Windows\System\qkDIdJa.exe
  2⤵
  PID:7848
- C:\Windows\System\wmZxfCr.exe
  C:\Windows\System\wmZxfCr.exe
  2⤵
  PID:7864
- C:\Windows\System\TGcoPIk.exe
  C:\Windows\System\TGcoPIk.exe
  2⤵
  PID:7880
- C:\Windows\System\ueabPyB.exe
  C:\Windows\System\ueabPyB.exe
  2⤵
  PID:7896
- C:\Windows\System\HzvRTmc.exe
  C:\Windows\System\HzvRTmc.exe
  2⤵
  PID:7912
- C:\Windows\System\iQptcch.exe
  C:\Windows\System\iQptcch.exe
  2⤵
  PID:7932
- C:\Windows\System\ZAGXanx.exe
  C:\Windows\System\ZAGXanx.exe
  2⤵
  PID:7952
- C:\Windows\System\mYMTowX.exe
  C:\Windows\System\mYMTowX.exe
  2⤵
  PID:7972
- C:\Windows\System\kfyqjEW.exe
  C:\Windows\System\kfyqjEW.exe
  2⤵
  PID:7992
- C:\Windows\System\bqwEoUq.exe
  C:\Windows\System\bqwEoUq.exe
  2⤵
  PID:8008
- C:\Windows\System\RpErzqb.exe
  C:\Windows\System\RpErzqb.exe
  2⤵
  PID:8024
- C:\Windows\System\lnjyfbz.exe
  C:\Windows\System\lnjyfbz.exe
  2⤵
  PID:8040
- C:\Windows\System\QnGDMoc.exe
  C:\Windows\System\QnGDMoc.exe
  2⤵
  PID:8056
- C:\Windows\System\asAwKvP.exe
  C:\Windows\System\asAwKvP.exe
  2⤵
  PID:8084
- C:\Windows\System\vXUZnca.exe
  C:\Windows\System\vXUZnca.exe
  2⤵
  PID:8100
- C:\Windows\System\ykkIATx.exe
  C:\Windows\System\ykkIATx.exe
  2⤵
  PID:8120
- C:\Windows\System\GzCcLIG.exe
  C:\Windows\System\GzCcLIG.exe
  2⤵
  PID:8136
- C:\Windows\System\xLudQUf.exe
  C:\Windows\System\xLudQUf.exe
  2⤵
  PID:8152
- C:\Windows\System\GKHABhM.exe
  C:\Windows\System\GKHABhM.exe
  2⤵
  PID:8168
- C:\Windows\System\KFgYMMu.exe
  C:\Windows\System\KFgYMMu.exe
  2⤵
  PID:8184
- C:\Windows\System\GvmQkMo.exe
  C:\Windows\System\GvmQkMo.exe
  2⤵
  PID:7164
- C:\Windows\System\IAtQMdA.exe
  C:\Windows\System\IAtQMdA.exe
  2⤵
  PID:6980
- C:\Windows\System\QHHILmK.exe
  C:\Windows\System\QHHILmK.exe
  2⤵
  PID:7128
- C:\Windows\System\YFtgtNT.exe
  C:\Windows\System\YFtgtNT.exe
  2⤵
  PID:3848
- C:\Windows\System\mjRopNz.exe
  C:\Windows\System\mjRopNz.exe
  2⤵
  PID:3852
- C:\Windows\System\ZuZzcLW.exe
  C:\Windows\System\ZuZzcLW.exe
  2⤵
  PID:5576
- C:\Windows\System\ZasUwwm.exe
  C:\Windows\System\ZasUwwm.exe
  2⤵
  PID:3780
- C:\Windows\System\QjTRHsQ.exe
  C:\Windows\System\QjTRHsQ.exe
  2⤵
  PID:6348
- C:\Windows\System\XndjsSY.exe
  C:\Windows\System\XndjsSY.exe
  2⤵
  PID:6816
- C:\Windows\System\yOcvDvs.exe
  C:\Windows\System\yOcvDvs.exe
  2⤵
  PID:7188
- C:\Windows\System\LAnDOrx.exe
  C:\Windows\System\LAnDOrx.exe
  2⤵
  PID:7220
- C:\Windows\System\uNBEHvm.exe
  C:\Windows\System\uNBEHvm.exe
  2⤵
  PID:7252
- C:\Windows\System\iNsgFky.exe
  C:\Windows\System\iNsgFky.exe
  2⤵
  PID:7272
- C:\Windows\System\GQYRKcq.exe
  C:\Windows\System\GQYRKcq.exe
  2⤵
  PID:7304
- C:\Windows\System\DpyMgzM.exe
  C:\Windows\System\DpyMgzM.exe
  2⤵
  PID:7340
- C:\Windows\System\WOnkKsw.exe
  C:\Windows\System\WOnkKsw.exe
  2⤵
  PID:3872
- C:\Windows\System\Yvwxgsa.exe
  C:\Windows\System\Yvwxgsa.exe
  2⤵
  PID:7400
- C:\Windows\System\ryqTOHZ.exe
  C:\Windows\System\ryqTOHZ.exe
  2⤵
  PID:7416
- C:\Windows\System\KXWUXsw.exe
  C:\Windows\System\KXWUXsw.exe
  2⤵
  PID:7448
- C:\Windows\System\GZADtme.exe
  C:\Windows\System\GZADtme.exe
  2⤵
  PID:3884
- C:\Windows\System\icrWtiE.exe
  C:\Windows\System\icrWtiE.exe
  2⤵
  PID:7496
- C:\Windows\System\nQiZYVF.exe
  C:\Windows\System\nQiZYVF.exe
  2⤵
  PID:7528
- C:\Windows\System\ZrtCCYZ.exe
  C:\Windows\System\ZrtCCYZ.exe
  2⤵
  PID:7560
- C:\Windows\System\hDFROjq.exe
  C:\Windows\System\hDFROjq.exe
  2⤵
  PID:7592
- C:\Windows\System\zFsqDaQ.exe
  C:\Windows\System\zFsqDaQ.exe
  2⤵
  PID:7624
- C:\Windows\System\RRxuvCq.exe
  C:\Windows\System\RRxuvCq.exe
  2⤵
  PID:7644
- C:\Windows\System\xEqzIYv.exe
  C:\Windows\System\xEqzIYv.exe
  2⤵
  PID:7688
- C:\Windows\System\BQkrAXi.exe
  C:\Windows\System\BQkrAXi.exe
  2⤵
  PID:7728
- C:\Windows\System\GjqZGAa.exe
  C:\Windows\System\GjqZGAa.exe
  2⤵
  PID:7748
- C:\Windows\System\RmLhjEF.exe
  C:\Windows\System\RmLhjEF.exe
  2⤵
  PID:7780
- C:\Windows\System\WNYbxjQ.exe
  C:\Windows\System\WNYbxjQ.exe
  2⤵
  PID:7812
- C:\Windows\System\PNbywlE.exe
  C:\Windows\System\PNbywlE.exe
  2⤵
  PID:7844
- C:\Windows\System\FHyXbYz.exe
  C:\Windows\System\FHyXbYz.exe
  2⤵
  PID:7876
- C:\Windows\System\GJHBSrO.exe
  C:\Windows\System\GJHBSrO.exe
  2⤵
  PID:7908
- C:\Windows\System\LadVEot.exe
  C:\Windows\System\LadVEot.exe
  2⤵
  PID:2916
- C:\Windows\System\cgNYbeU.exe
  C:\Windows\System\cgNYbeU.exe
  2⤵
  PID:7964
- C:\Windows\System\ODvBFfn.exe
  C:\Windows\System\ODvBFfn.exe
  2⤵
  PID:8004
- C:\Windows\System\bsrVlSy.exe
  C:\Windows\System\bsrVlSy.exe
  2⤵
  PID:8036
- C:\Windows\System\hSggHrc.exe
  C:\Windows\System\hSggHrc.exe
  2⤵
  PID:8080
- C:\Windows\System\qvLEjNT.exe
  C:\Windows\System\qvLEjNT.exe
  2⤵
  PID:2720
- C:\Windows\System\oWKAArk.exe
  C:\Windows\System\oWKAArk.exe
  2⤵
  PID:8148
- C:\Windows\System\xpWlcJA.exe
  C:\Windows\System\xpWlcJA.exe
  2⤵
  PID:8176
- C:\Windows\System\GpDByht.exe
  C:\Windows\System\GpDByht.exe
  2⤵
  PID:6832
- C:\Windows\System\dXSYJju.exe
  C:\Windows\System\dXSYJju.exe
  2⤵
  PID:5272
- C:\Windows\System\OuEFTQW.exe
  C:\Windows\System\OuEFTQW.exe
  2⤵
  PID:6196
- C:\Windows\System\FryhoFu.exe
  C:\Windows\System\FryhoFu.exe
  2⤵
  PID:6540
- C:\Windows\System\IJXKNJW.exe
  C:\Windows\System\IJXKNJW.exe
  2⤵
  PID:7192
- C:\Windows\System\BbCEXUi.exe
  C:\Windows\System\BbCEXUi.exe
  2⤵
  PID:7224
- C:\Windows\System\EbCMICl.exe
  C:\Windows\System\EbCMICl.exe
  2⤵
  PID:7300
- C:\Windows\System\WKgBIBc.exe
  C:\Windows\System\WKgBIBc.exe
  2⤵
  PID:7356
- C:\Windows\System\wCROrpA.exe
  C:\Windows\System\wCROrpA.exe
  2⤵
  PID:7404
- C:\Windows\System\gqdUAIo.exe
  C:\Windows\System\gqdUAIo.exe
  2⤵
  PID:7464
- C:\Windows\System\mVVLZpd.exe
  C:\Windows\System\mVVLZpd.exe
  2⤵
  PID:7484
- C:\Windows\System\XASnTKQ.exe
  C:\Windows\System\XASnTKQ.exe
  2⤵
  PID:7548
- C:\Windows\System\IotZetp.exe
  C:\Windows\System\IotZetp.exe
  2⤵
  PID:7612
- C:\Windows\System\qLRpJze.exe
  C:\Windows\System\qLRpJze.exe
  2⤵
  PID:7676
- C:\Windows\System\wWLUbGF.exe
  C:\Windows\System\wWLUbGF.exe
  2⤵
  PID:2900
- C:\Windows\System\UxKLbOW.exe
  C:\Windows\System\UxKLbOW.exe
  2⤵
  PID:7776
- C:\Windows\System\xicvFdn.exe
  C:\Windows\System\xicvFdn.exe
  2⤵
  PID:7860
- C:\Windows\System\NFVoOoP.exe
  C:\Windows\System\NFVoOoP.exe
  2⤵
  PID:7892
- C:\Windows\System\llzaFYF.exe
  C:\Windows\System\llzaFYF.exe
  2⤵
  PID:7980
- C:\Windows\System\PHxxYyn.exe
  C:\Windows\System\PHxxYyn.exe
  2⤵
  PID:8092
- C:\Windows\System\xXimLhY.exe
  C:\Windows\System\xXimLhY.exe
  2⤵
  PID:8132
- C:\Windows\System\ZdmeXGg.exe
  C:\Windows\System\ZdmeXGg.exe
  2⤵
  PID:8164
- C:\Windows\System\yJmSqmZ.exe
  C:\Windows\System\yJmSqmZ.exe
  2⤵
  PID:7060
- C:\Windows\System\NPLvrBF.exe
  C:\Windows\System\NPLvrBF.exe
  2⤵
  PID:3860
- C:\Windows\System\JOpQXUP.exe
  C:\Windows\System\JOpQXUP.exe
  2⤵
  PID:2820
- C:\Windows\System\pUMbYhF.exe
  C:\Windows\System\pUMbYhF.exe
  2⤵
  PID:2908
- C:\Windows\System\qgUtgct.exe
  C:\Windows\System\qgUtgct.exe
  2⤵
  PID:7384
- C:\Windows\System\cOhBAjI.exe
  C:\Windows\System\cOhBAjI.exe
  2⤵
  PID:3064
- C:\Windows\System\eoDjkmj.exe
  C:\Windows\System\eoDjkmj.exe
  2⤵
  PID:7948
- C:\Windows\System\TwVSxpm.exe
  C:\Windows\System\TwVSxpm.exe
  2⤵
  PID:7580
- C:\Windows\System\OOnykpr.exe
  C:\Windows\System\OOnykpr.exe
  2⤵
  PID:7672
- C:\Windows\System\XXcYaXn.exe
  C:\Windows\System\XXcYaXn.exe
  2⤵
  PID:7828
- C:\Windows\System\LwgnsCO.exe
  C:\Windows\System\LwgnsCO.exe
  2⤵
  PID:7960
- C:\Windows\System\qcsXYmV.exe
  C:\Windows\System\qcsXYmV.exe
  2⤵
  PID:2788
- C:\Windows\System\mFpxXRu.exe
  C:\Windows\System\mFpxXRu.exe
  2⤵
  PID:6640
- C:\Windows\System\qxoHKgh.exe
  C:\Windows\System\qxoHKgh.exe
  2⤵
  PID:2664
- C:\Windows\System\SgPIRQB.exe
  C:\Windows\System\SgPIRQB.exe
  2⤵
  PID:764
- C:\Windows\System\nbfEeXg.exe
  C:\Windows\System\nbfEeXg.exe
  2⤵
  PID:6620
- C:\Windows\System\ttHsrbN.exe
  C:\Windows\System\ttHsrbN.exe
  2⤵
  PID:7208
- C:\Windows\System\jMZLCeB.exe
  C:\Windows\System\jMZLCeB.exe
  2⤵
  PID:7436
- C:\Windows\System\uUiwllV.exe
  C:\Windows\System\uUiwllV.exe
  2⤵
  PID:7608
- C:\Windows\System\IjfatOf.exe
  C:\Windows\System\IjfatOf.exe
  2⤵
  PID:7744
- C:\Windows\System\NhEUGDa.exe
  C:\Windows\System\NhEUGDa.exe
  2⤵
  PID:7840
- C:\Windows\System\zgRpILA.exe
  C:\Windows\System\zgRpILA.exe
  2⤵
  PID:8000
- C:\Windows\System\krSEdsY.exe
  C:\Windows\System\krSEdsY.exe
  2⤵
  PID:8144
- C:\Windows\System\kyASmiU.exe
  C:\Windows\System\kyASmiU.exe
  2⤵
  PID:2796
- C:\Windows\System\xEbNNUN.exe
  C:\Windows\System\xEbNNUN.exe
  2⤵
  PID:1284
- C:\Windows\System\kVZzSRo.exe
  C:\Windows\System\kVZzSRo.exe
  2⤵
  PID:568
- C:\Windows\System\ZjqhxyN.exe
  C:\Windows\System\ZjqhxyN.exe
  2⤵
  PID:1240
- C:\Windows\System\MiEsqOE.exe
  C:\Windows\System\MiEsqOE.exe
  2⤵
  PID:8204
- C:\Windows\System\NCIXReG.exe
  C:\Windows\System\NCIXReG.exe
  2⤵
  PID:8220
- C:\Windows\System\hSFwSPR.exe
  C:\Windows\System\hSFwSPR.exe
  2⤵
  PID:8236
- C:\Windows\System\ymNTiTf.exe
  C:\Windows\System\ymNTiTf.exe
  2⤵
  PID:8252
- C:\Windows\System\FqVbusW.exe
  C:\Windows\System\FqVbusW.exe
  2⤵
  PID:8268
- C:\Windows\System\mnDanWe.exe
  C:\Windows\System\mnDanWe.exe
  2⤵
  PID:8284
- C:\Windows\System\rGBLuxs.exe
  C:\Windows\System\rGBLuxs.exe
  2⤵
  PID:8300
- C:\Windows\System\EqtKaio.exe
  C:\Windows\System\EqtKaio.exe
  2⤵
  PID:8324
- C:\Windows\System\fSLoMvN.exe
  C:\Windows\System\fSLoMvN.exe
  2⤵
  PID:8348
- C:\Windows\System\nzcfuDs.exe
  C:\Windows\System\nzcfuDs.exe
  2⤵
  PID:8364
- C:\Windows\System\fyDoDut.exe
  C:\Windows\System\fyDoDut.exe
  2⤵
  PID:8380
- C:\Windows\System\SSLDAni.exe
  C:\Windows\System\SSLDAni.exe
  2⤵
  PID:8400
- C:\Windows\System\iCKiDRz.exe
  C:\Windows\System\iCKiDRz.exe
  2⤵
  PID:8440
- C:\Windows\System\JXLlMgc.exe
  C:\Windows\System\JXLlMgc.exe
  2⤵
  PID:8456
- C:\Windows\System\gdskZqD.exe
  C:\Windows\System\gdskZqD.exe
  2⤵
  PID:8472
- C:\Windows\System\cFeJQtC.exe
  C:\Windows\System\cFeJQtC.exe
  2⤵
  PID:8488
- C:\Windows\System\EjWnrAW.exe
  C:\Windows\System\EjWnrAW.exe
  2⤵
  PID:8516
- C:\Windows\System\VYIuhgP.exe
  C:\Windows\System\VYIuhgP.exe
  2⤵
  PID:8532
- C:\Windows\System\cYJKEnJ.exe
  C:\Windows\System\cYJKEnJ.exe
  2⤵
  PID:8548
- C:\Windows\System\szaUsmt.exe
  C:\Windows\System\szaUsmt.exe
  2⤵
  PID:8564
- C:\Windows\System\opYrmpG.exe
  C:\Windows\System\opYrmpG.exe
  2⤵
  PID:8580
- C:\Windows\System\OezYgBu.exe
  C:\Windows\System\OezYgBu.exe
  2⤵
  PID:8596
- C:\Windows\System\pifYFnF.exe
  C:\Windows\System\pifYFnF.exe
  2⤵
  PID:8616
- C:\Windows\System\QBhyqdD.exe
  C:\Windows\System\QBhyqdD.exe
  2⤵
  PID:8632
- C:\Windows\System\MTLZWQs.exe
  C:\Windows\System\MTLZWQs.exe
  2⤵
  PID:8648
- C:\Windows\System\jVoHoiu.exe
  C:\Windows\System\jVoHoiu.exe
  2⤵
  PID:8664
- C:\Windows\System\cvLUdPi.exe
  C:\Windows\System\cvLUdPi.exe
  2⤵
  PID:8680
- C:\Windows\System\BxrHWTF.exe
  C:\Windows\System\BxrHWTF.exe
  2⤵
  PID:8696
- C:\Windows\System\NstOmCm.exe
  C:\Windows\System\NstOmCm.exe
  2⤵
  PID:8712
- C:\Windows\System\FhaahCZ.exe
  C:\Windows\System\FhaahCZ.exe
  2⤵
  PID:8728
- C:\Windows\System\pUcmtRA.exe
  C:\Windows\System\pUcmtRA.exe
  2⤵
  PID:8744
- C:\Windows\System\nVfXicd.exe
  C:\Windows\System\nVfXicd.exe
  2⤵
  PID:8760
- C:\Windows\System\PAlxFZO.exe
  C:\Windows\System\PAlxFZO.exe
  2⤵
  PID:8776
- C:\Windows\System\qyZQFjp.exe
  C:\Windows\System\qyZQFjp.exe
  2⤵
  PID:8792
- C:\Windows\System\WgaDHDz.exe
  C:\Windows\System\WgaDHDz.exe
  2⤵
  PID:8808
- C:\Windows\System\bogIOmC.exe
  C:\Windows\System\bogIOmC.exe
  2⤵
  PID:8824
- C:\Windows\System\tiTxVLB.exe
  C:\Windows\System\tiTxVLB.exe
  2⤵
  PID:8840
- C:\Windows\System\sTwVIvy.exe
  C:\Windows\System\sTwVIvy.exe
  2⤵
  PID:8856
- C:\Windows\System\RJlxotM.exe
  C:\Windows\System\RJlxotM.exe
  2⤵
  PID:8872
- C:\Windows\System\igtqKFs.exe
  C:\Windows\System\igtqKFs.exe
  2⤵
  PID:8888
- C:\Windows\System\ZRctojZ.exe
  C:\Windows\System\ZRctojZ.exe
  2⤵
  PID:8904
- C:\Windows\System\kXvRHIh.exe
  C:\Windows\System\kXvRHIh.exe
  2⤵
  PID:8920
- C:\Windows\System\QbHlHSy.exe
  C:\Windows\System\QbHlHSy.exe
  2⤵
  PID:8936
- C:\Windows\System\LExtRNy.exe
  C:\Windows\System\LExtRNy.exe
  2⤵
  PID:8952
- C:\Windows\System\fJwcVgg.exe
  C:\Windows\System\fJwcVgg.exe
  2⤵
  PID:8968
- C:\Windows\System\xneWrDq.exe
  C:\Windows\System\xneWrDq.exe
  2⤵
  PID:8984
- C:\Windows\System\kHMNeAB.exe
  C:\Windows\System\kHMNeAB.exe
  2⤵
  PID:9000
- C:\Windows\System\QtraOvX.exe
  C:\Windows\System\QtraOvX.exe
  2⤵
  PID:9016
- C:\Windows\System\AlbDqii.exe
  C:\Windows\System\AlbDqii.exe
  2⤵
  PID:9032
- C:\Windows\System\sPWFZvI.exe
  C:\Windows\System\sPWFZvI.exe
  2⤵
  PID:9048
- C:\Windows\System\PDlbqug.exe
  C:\Windows\System\PDlbqug.exe
  2⤵
  PID:9064
- C:\Windows\System\wdkXWyQ.exe
  C:\Windows\System\wdkXWyQ.exe
  2⤵
  PID:9080
- C:\Windows\System\xZctweJ.exe
  C:\Windows\System\xZctweJ.exe
  2⤵
  PID:9096
- C:\Windows\System\wrxNIdg.exe
  C:\Windows\System\wrxNIdg.exe
  2⤵
  PID:9112
- C:\Windows\System\eSdWIfg.exe
  C:\Windows\System\eSdWIfg.exe
  2⤵
  PID:9128
- C:\Windows\System\ahEZCND.exe
  C:\Windows\System\ahEZCND.exe
  2⤵
  PID:9144
- C:\Windows\System\KDvMteR.exe
  C:\Windows\System\KDvMteR.exe
  2⤵
  PID:9160
- C:\Windows\System\bthTPhi.exe
  C:\Windows\System\bthTPhi.exe
  2⤵
  PID:9176
- C:\Windows\System\JdHnAOU.exe
  C:\Windows\System\JdHnAOU.exe
  2⤵
  PID:9192
- C:\Windows\System\BVoCSSk.exe
  C:\Windows\System\BVoCSSk.exe
  2⤵
  PID:9208
- C:\Windows\System\zZlDgwC.exe
  C:\Windows\System\zZlDgwC.exe
  2⤵
  PID:7904
- C:\Windows\System\BwJGzKR.exe
  C:\Windows\System\BwJGzKR.exe
  2⤵
  PID:2756
- C:\Windows\System\WgqwnAd.exe
  C:\Windows\System\WgqwnAd.exe
  2⤵
  PID:7172
- C:\Windows\System\KHrrKvv.exe
  C:\Windows\System\KHrrKvv.exe
  2⤵
  PID:7516
- C:\Windows\System\ljEIitl.exe
  C:\Windows\System\ljEIitl.exe
  2⤵
  PID:8232
- C:\Windows\System\GhGgVAY.exe
  C:\Windows\System\GhGgVAY.exe
  2⤵
  PID:8244
- C:\Windows\System\GHdERiB.exe
  C:\Windows\System\GHdERiB.exe
  2⤵
  PID:8316
- C:\Windows\System\iWZqwsA.exe
  C:\Windows\System\iWZqwsA.exe
  2⤵
  PID:8332
- C:\Windows\System\LDZtPSn.exe
  C:\Windows\System\LDZtPSn.exe
  2⤵
  PID:6204
- C:\Windows\System\obWzaql.exe
  C:\Windows\System\obWzaql.exe
  2⤵
  PID:8260
- C:\Windows\System\uBzJXvI.exe
  C:\Windows\System\uBzJXvI.exe
  2⤵
  PID:8344
- C:\Windows\System\WjKVHGL.exe
  C:\Windows\System\WjKVHGL.exe
  2⤵
  PID:8376
- C:\Windows\System\gaUlvEk.exe
  C:\Windows\System\gaUlvEk.exe
  2⤵
  PID:8408
- C:\Windows\System\zdmNsIX.exe
  C:\Windows\System\zdmNsIX.exe
  2⤵
  PID:8360
- C:\Windows\System\EZWdgwR.exe
  C:\Windows\System\EZWdgwR.exe
  2⤵
  PID:8448
- C:\Windows\System\DUGRtZi.exe
  C:\Windows\System\DUGRtZi.exe
  2⤵
  PID:3060
- C:\Windows\System\rZHxhor.exe
  C:\Windows\System\rZHxhor.exe
  2⤵
  PID:8524
- C:\Windows\System\vrdZeXv.exe
  C:\Windows\System\vrdZeXv.exe
  2⤵
  PID:8592
- C:\Windows\System\uFaLYeT.exe
  C:\Windows\System\uFaLYeT.exe
  2⤵
  PID:8420
- C:\Windows\System\DKwWGrL.exe
  C:\Windows\System\DKwWGrL.exe
  2⤵
  PID:8436
- C:\Windows\System\CSpeNCE.exe
  C:\Windows\System\CSpeNCE.exe
  2⤵
  PID:8692
- C:\Windows\System\XfhGIgS.exe
  C:\Windows\System\XfhGIgS.exe
  2⤵
  PID:8464
- C:\Windows\System\wqeVHbV.exe
  C:\Windows\System\wqeVHbV.exe
  2⤵
  PID:8512
- C:\Windows\System\EUNKQJH.exe
  C:\Windows\System\EUNKQJH.exe
  2⤵
  PID:1952
- C:\Windows\System\OXZvkFb.exe
  C:\Windows\System\OXZvkFb.exe
  2⤵
  PID:8604
- C:\Windows\System\eLOiXKb.exe
  C:\Windows\System\eLOiXKb.exe
  2⤵
  PID:8640
- C:\Windows\System\konnvqJ.exe
  C:\Windows\System\konnvqJ.exe
  2⤵
  PID:8708
- C:\Windows\System\dosMkUD.exe
  C:\Windows\System\dosMkUD.exe
  2⤵
  PID:8540
- C:\Windows\System\neVFFwi.exe
  C:\Windows\System\neVFFwi.exe
  2⤵
  PID:8804
- C:\Windows\System\eMgbkTS.exe
  C:\Windows\System\eMgbkTS.exe
  2⤵
  PID:8836
- C:\Windows\System\yepSBGc.exe
  C:\Windows\System\yepSBGc.exe
  2⤵
  PID:1256
- C:\Windows\System\yAtQvLj.exe
  C:\Windows\System\yAtQvLj.exe
  2⤵
  PID:6908
- C:\Windows\System\xuUlqTC.exe
  C:\Windows\System\xuUlqTC.exe
  2⤵
  PID:8900
- C:\Windows\System\ktCarcW.exe
  C:\Windows\System\ktCarcW.exe
  2⤵
  PID:1908
- C:\Windows\System\Bpelwdz.exe
  C:\Windows\System\Bpelwdz.exe
  2⤵
  PID:8932
- C:\Windows\System\upPNKmH.exe
  C:\Windows\System\upPNKmH.exe
  2⤵
  PID:8852
- C:\Windows\System\YrKUxnY.exe
  C:\Windows\System\YrKUxnY.exe
  2⤵
  PID:8884
- C:\Windows\System\zOztSMY.exe
  C:\Windows\System\zOztSMY.exe
  2⤵
  PID:8992
- C:\Windows\System\ydyKFrj.exe
  C:\Windows\System\ydyKFrj.exe
  2⤵
  PID:6936
- C:\Windows\System\svISaji.exe
  C:\Windows\System\svISaji.exe
  2⤵
  PID:6912
- C:\Windows\System\Toamdef.exe
  C:\Windows\System\Toamdef.exe
  2⤵
  PID:9088
- C:\Windows\System\Txdydbv.exe
  C:\Windows\System\Txdydbv.exe
  2⤵
  PID:9024
- C:\Windows\System\YVkzVWw.exe
  C:\Windows\System\YVkzVWw.exe
  2⤵
  PID:9188
- C:\Windows\System\QkXucRx.exe
  C:\Windows\System\QkXucRx.exe
  2⤵
  PID:1588
- C:\Windows\System\kBMvNsQ.exe
  C:\Windows\System\kBMvNsQ.exe
  2⤵
  PID:8980
- C:\Windows\System\upfhoZn.exe
  C:\Windows\System\upfhoZn.exe
  2⤵
  PID:9044
- C:\Windows\System\KsTDuMQ.exe
  C:\Windows\System\KsTDuMQ.exe
  2⤵
  PID:9108
- C:\Windows\System\moUXIBj.exe
  C:\Windows\System\moUXIBj.exe
  2⤵
  PID:9172
- C:\Windows\System\oXisRqy.exe
  C:\Windows\System\oXisRqy.exe
  2⤵
  PID:1940
- C:\Windows\System\ZQnlBbW.exe
  C:\Windows\System\ZQnlBbW.exe
  2⤵
  PID:8216
- C:\Windows\System\vGgyQdx.exe
  C:\Windows\System\vGgyQdx.exe
  2⤵
  PID:1836
- C:\Windows\System\BCLSrTM.exe
  C:\Windows\System\BCLSrTM.exe
  2⤵
  PID:8200
- C:\Windows\System\atzthOV.exe
  C:\Windows\System\atzthOV.exe
  2⤵
  PID:2612
- C:\Windows\System\KUmyJeN.exe
  C:\Windows\System\KUmyJeN.exe
  2⤵
  PID:8292
- C:\Windows\System\BOVktMr.exe
  C:\Windows\System\BOVktMr.exe
  2⤵
  PID:8452
- C:\Windows\System\cFVPdpo.exe
  C:\Windows\System\cFVPdpo.exe
  2⤵
  PID:8656
- C:\Windows\System\RMLxyjq.exe
  C:\Windows\System\RMLxyjq.exe
  2⤵
  PID:8660
- C:\Windows\System\waljlSr.exe
  C:\Windows\System\waljlSr.exe
  2⤵
  PID:8504
- C:\Windows\System\ACERvIM.exe
  C:\Windows\System\ACERvIM.exe
  2⤵
  PID:8432
- C:\Windows\System\sCrsezU.exe
  C:\Windows\System\sCrsezU.exe
  2⤵
  PID:1812
- C:\Windows\System\ntLuXvy.exe
  C:\Windows\System\ntLuXvy.exe
  2⤵
  PID:8576
- C:\Windows\System\xLfMKnh.exe
  C:\Windows\System\xLfMKnh.exe
  2⤵
  PID:2860
- C:\Windows\System\PaueuZk.exe
  C:\Windows\System\PaueuZk.exe
  2⤵
  PID:8740
- C:\Windows\System\KyijLcz.exe
  C:\Windows\System\KyijLcz.exe
  2⤵
  PID:8788
- C:\Windows\System\fhleexA.exe
  C:\Windows\System\fhleexA.exe
  2⤵
  PID:8916
- C:\Windows\System\WMZRYOy.exe
  C:\Windows\System\WMZRYOy.exe
  2⤵
  PID:9152
- C:\Windows\System\gBeNQdD.exe
  C:\Windows\System\gBeNQdD.exe
  2⤵
  PID:9184
- C:\Windows\System\snGbGOx.exe
  C:\Windows\System\snGbGOx.exe
  2⤵
  PID:8848
- C:\Windows\System\iDVLKdQ.exe
  C:\Windows\System\iDVLKdQ.exe
  2⤵
  PID:1124
- C:\Windows\System\fVYaufs.exe
  C:\Windows\System\fVYaufs.exe
  2⤵
  PID:3000
- C:\Windows\System\RNICSHV.exe
  C:\Windows\System\RNICSHV.exe
  2⤵
  PID:9104
- C:\Windows\System\UAHWuGI.exe
  C:\Windows\System\UAHWuGI.exe
  2⤵
  PID:8280
- C:\Windows\System\DtbhfrV.exe
  C:\Windows\System\DtbhfrV.exe
  2⤵
  PID:8248
- C:\Windows\System\zYIlVtd.exe
  C:\Windows\System\zYIlVtd.exe
  2⤵
  PID:9168
- C:\Windows\System\hKGzVam.exe
  C:\Windows\System\hKGzVam.exe
  2⤵
  PID:8560
- C:\Windows\System\JVJxOdH.exe
  C:\Windows\System\JVJxOdH.exe
  2⤵
  PID:8676
- C:\Windows\System\hNahnyR.exe
  C:\Windows\System\hNahnyR.exe
  2⤵
  PID:8496
- C:\Windows\System\qCTnrhg.exe
  C:\Windows\System\qCTnrhg.exe
  2⤵
  PID:8752
- C:\Windows\System\aYrrMOl.exe
  C:\Windows\System\aYrrMOl.exe
  2⤵
  PID:2852
- C:\Windows\System\CgFPEPp.exe
  C:\Windows\System\CgFPEPp.exe
  2⤵
  PID:8896
- C:\Windows\System\UiONOpz.exe
  C:\Windows\System\UiONOpz.exe
  2⤵
  PID:8820
- C:\Windows\System\mFlWIUb.exe
  C:\Windows\System\mFlWIUb.exe
  2⤵
  PID:8964
- C:\Windows\System\feUWQEC.exe
  C:\Windows\System\feUWQEC.exe
  2⤵
  PID:9040
- C:\Windows\System\HkkFiZM.exe
  C:\Windows\System\HkkFiZM.exe
  2⤵
  PID:9204
- C:\Windows\System\kTVtptl.exe
  C:\Windows\System\kTVtptl.exe
  2⤵
  PID:8588
- C:\Windows\System\ReSCFtY.exe
  C:\Windows\System\ReSCFtY.exe
  2⤵
  PID:1780
- C:\Windows\System\IlVxiGs.exe
  C:\Windows\System\IlVxiGs.exe
  2⤵
  PID:6928
- C:\Windows\System\aDwXhHj.exe
  C:\Windows\System\aDwXhHj.exe
  2⤵
  PID:9056
- C:\Windows\System\sefKhrg.exe
  C:\Windows\System\sefKhrg.exe
  2⤵
  PID:688
- C:\Windows\System\WIzdiFp.exe
  C:\Windows\System\WIzdiFp.exe
  2⤵
  PID:9140
- C:\Windows\System\paKWuFe.exe
  C:\Windows\System\paKWuFe.exe
  2⤵
  PID:9228
- C:\Windows\System\PIpsmKi.exe
  C:\Windows\System\PIpsmKi.exe
  2⤵
  PID:9244
- C:\Windows\System\OgiZBxS.exe
  C:\Windows\System\OgiZBxS.exe
  2⤵
  PID:9260
- C:\Windows\System\xiLvpaf.exe
  C:\Windows\System\xiLvpaf.exe
  2⤵
  PID:9276
- C:\Windows\System\BdCWhwu.exe
  C:\Windows\System\BdCWhwu.exe
  2⤵
  PID:9292
- C:\Windows\System\CCXtJXH.exe
  C:\Windows\System\CCXtJXH.exe
  2⤵
  PID:9308
- C:\Windows\System\GAoNFDC.exe
  C:\Windows\System\GAoNFDC.exe
  2⤵
  PID:9324
- C:\Windows\System\zRSHDui.exe
  C:\Windows\System\zRSHDui.exe
  2⤵
  PID:9340
- C:\Windows\System\QSlAQGd.exe
  C:\Windows\System\QSlAQGd.exe
  2⤵
  PID:9356
- C:\Windows\System\vatIhPN.exe
  C:\Windows\System\vatIhPN.exe
  2⤵
  PID:9372
- C:\Windows\System\kUuUSNs.exe
  C:\Windows\System\kUuUSNs.exe
  2⤵
  PID:9388
- C:\Windows\System\AgMOTRO.exe
  C:\Windows\System\AgMOTRO.exe
  2⤵
  PID:9408
- C:\Windows\System\vTHTaln.exe
  C:\Windows\System\vTHTaln.exe
  2⤵
  PID:9424
- C:\Windows\System\YhrzYZJ.exe
  C:\Windows\System\YhrzYZJ.exe
  2⤵
  PID:9440
- C:\Windows\System\lSLsVMZ.exe
  C:\Windows\System\lSLsVMZ.exe
  2⤵
  PID:9456
- C:\Windows\System\eJvxBVN.exe
  C:\Windows\System\eJvxBVN.exe
  2⤵
  PID:9472
- C:\Windows\System\qsqtwEg.exe
  C:\Windows\System\qsqtwEg.exe
  2⤵
  PID:9488
- C:\Windows\System\oEUblrH.exe
  C:\Windows\System\oEUblrH.exe
  2⤵
  PID:9504
- C:\Windows\System\zjwZLDQ.exe
  C:\Windows\System\zjwZLDQ.exe
  2⤵
  PID:9520
- C:\Windows\System\LFvAZPX.exe
  C:\Windows\System\LFvAZPX.exe
  2⤵
  PID:9536
- C:\Windows\System\sKhqkJu.exe
  C:\Windows\System\sKhqkJu.exe
  2⤵
  PID:9552
- C:\Windows\System\JtvZvFT.exe
  C:\Windows\System\JtvZvFT.exe
  2⤵
  PID:9568
- C:\Windows\System\jpaRYug.exe
  C:\Windows\System\jpaRYug.exe
  2⤵
  PID:9584
- C:\Windows\System\Ltjoaam.exe
  C:\Windows\System\Ltjoaam.exe
  2⤵
  PID:9600
- C:\Windows\System\qLdCWTb.exe
  C:\Windows\System\qLdCWTb.exe
  2⤵
  PID:9616
- C:\Windows\System\wASvrxB.exe
  C:\Windows\System\wASvrxB.exe
  2⤵
  PID:9632
- C:\Windows\System\HwPcxef.exe
  C:\Windows\System\HwPcxef.exe
  2⤵
  PID:9648
- C:\Windows\System\fYLNCpM.exe
  C:\Windows\System\fYLNCpM.exe
  2⤵
  PID:9664
- C:\Windows\System\BVjQiYH.exe
  C:\Windows\System\BVjQiYH.exe
  2⤵
  PID:9680
- C:\Windows\System\UrqqFYP.exe
  C:\Windows\System\UrqqFYP.exe
  2⤵
  PID:9696
- C:\Windows\System\avpGyiq.exe
  C:\Windows\System\avpGyiq.exe
  2⤵
  PID:9712
- C:\Windows\System\JBTsVZj.exe
  C:\Windows\System\JBTsVZj.exe
  2⤵
  PID:9728
- C:\Windows\System\JoIHvxv.exe
  C:\Windows\System\JoIHvxv.exe
  2⤵
  PID:9744
- C:\Windows\System\LwCERot.exe
  C:\Windows\System\LwCERot.exe
  2⤵
  PID:9760
- C:\Windows\System\nKHQZQh.exe
  C:\Windows\System\nKHQZQh.exe
  2⤵
  PID:9776
- C:\Windows\System\xEJKypO.exe
  C:\Windows\System\xEJKypO.exe
  2⤵
  PID:9792
- C:\Windows\System\TQomHGR.exe
  C:\Windows\System\TQomHGR.exe
  2⤵
  PID:9808
- C:\Windows\System\RNkvyGE.exe
  C:\Windows\System\RNkvyGE.exe
  2⤵
  PID:9824
- C:\Windows\System\Nyerjom.exe
  C:\Windows\System\Nyerjom.exe
  2⤵
  PID:9840
- C:\Windows\System\kljRsEv.exe
  C:\Windows\System\kljRsEv.exe
  2⤵
  PID:9856
- C:\Windows\System\gAKpDac.exe
  C:\Windows\System\gAKpDac.exe
  2⤵
  PID:9872
- C:\Windows\System\nIUJApE.exe
  C:\Windows\System\nIUJApE.exe
  2⤵
  PID:9888
- C:\Windows\System\eROjsqp.exe
  C:\Windows\System\eROjsqp.exe
  2⤵
  PID:9904
- C:\Windows\System\KxFaZqi.exe
  C:\Windows\System\KxFaZqi.exe
  2⤵
  PID:9920
- C:\Windows\System\RPYWnrR.exe
  C:\Windows\System\RPYWnrR.exe
  2⤵
  PID:9936
- C:\Windows\System\mlokDIh.exe
  C:\Windows\System\mlokDIh.exe
  2⤵
  PID:9952
- C:\Windows\System\YHTOnaL.exe
  C:\Windows\System\YHTOnaL.exe
  2⤵
  PID:9968
- C:\Windows\System\YKEEinY.exe
  C:\Windows\System\YKEEinY.exe
  2⤵
  PID:9984
- C:\Windows\System\XSJVlKy.exe
  C:\Windows\System\XSJVlKy.exe
  2⤵
  PID:10000
- C:\Windows\System\dvvbpHq.exe
  C:\Windows\System\dvvbpHq.exe
  2⤵
  PID:10016
- C:\Windows\System\tnMscFN.exe
  C:\Windows\System\tnMscFN.exe
  2⤵
  PID:10032
- C:\Windows\System\EFJhfnP.exe
  C:\Windows\System\EFJhfnP.exe
  2⤵
  PID:10048
- C:\Windows\System\dRzcYNC.exe
  C:\Windows\System\dRzcYNC.exe
  2⤵
  PID:10064
- C:\Windows\System\YroFQtV.exe
  C:\Windows\System\YroFQtV.exe
  2⤵
  PID:10080
- C:\Windows\System\PyLYrNf.exe
  C:\Windows\System\PyLYrNf.exe
  2⤵
  PID:10100
- C:\Windows\System\SekAZkf.exe
  C:\Windows\System\SekAZkf.exe
  2⤵
  PID:10116
- C:\Windows\System\wzDwBSQ.exe
  C:\Windows\System\wzDwBSQ.exe
  2⤵
  PID:10132
- C:\Windows\System\VCWVOoS.exe
  C:\Windows\System\VCWVOoS.exe
  2⤵
  PID:10148
- C:\Windows\System\QrYDqAv.exe
  C:\Windows\System\QrYDqAv.exe
  2⤵
  PID:10164
- C:\Windows\System\ZfDiGWw.exe
  C:\Windows\System\ZfDiGWw.exe
  2⤵
  PID:10180
- C:\Windows\System\iFybfzn.exe
  C:\Windows\System\iFybfzn.exe
  2⤵
  PID:10196
- C:\Windows\System\QxDXwvF.exe
  C:\Windows\System\QxDXwvF.exe
  2⤵
  PID:10212
- C:\Windows\System\byYZlwd.exe
  C:\Windows\System\byYZlwd.exe
  2⤵
  PID:10228
- C:\Windows\System\geuibsu.exe
  C:\Windows\System\geuibsu.exe
  2⤵
  PID:8960
- C:\Windows\System\maqwXhS.exe
  C:\Windows\System\maqwXhS.exe
  2⤵
  PID:9220
- C:\Windows\System\rwgNjuy.exe
  C:\Windows\System\rwgNjuy.exe
  2⤵
  PID:9252
- C:\Windows\System\cQBoDnc.exe
  C:\Windows\System\cQBoDnc.exe
  2⤵
  PID:6924
- C:\Windows\System\fGDOANT.exe
  C:\Windows\System\fGDOANT.exe
  2⤵
  PID:9268
- C:\Windows\System\eCongMc.exe
  C:\Windows\System\eCongMc.exe
  2⤵
  PID:9320
- C:\Windows\System\yTJFgUF.exe
  C:\Windows\System\yTJFgUF.exe
  2⤵
  PID:9300
- C:\Windows\System\wjvmvZy.exe
  C:\Windows\System\wjvmvZy.exe
  2⤵
  PID:9364
- C:\Windows\System\fCvCuuz.exe
  C:\Windows\System\fCvCuuz.exe
  2⤵
  PID:9368
- C:\Windows\System\itHmeDk.exe
  C:\Windows\System\itHmeDk.exe
  2⤵
  PID:9396
- C:\Windows\System\BTiMYLs.exe
  C:\Windows\System\BTiMYLs.exe
  2⤵
  PID:9464
- C:\Windows\System\PnrbEEm.exe
  C:\Windows\System\PnrbEEm.exe
  2⤵
  PID:9516
- C:\Windows\System\rVSOGLJ.exe
  C:\Windows\System\rVSOGLJ.exe
  2⤵
  PID:9528
- C:\Windows\System\deHpGag.exe
  C:\Windows\System\deHpGag.exe
  2⤵
  PID:9592
- C:\Windows\System\TRWvPsy.exe
  C:\Windows\System\TRWvPsy.exe
  2⤵
  PID:9640
- C:\Windows\System\tRGRIwL.exe
  C:\Windows\System\tRGRIwL.exe
  2⤵
  PID:9672
- C:\Windows\System\vtAaAuy.exe
  C:\Windows\System\vtAaAuy.exe
  2⤵
  PID:9660
- C:\Windows\System\PuNuEuR.exe
  C:\Windows\System\PuNuEuR.exe
  2⤵
  PID:9608
- C:\Windows\System\UsOdakk.exe
  C:\Windows\System\UsOdakk.exe
  2⤵
  PID:9656
- C:\Windows\System\cNkaLqv.exe
  C:\Windows\System\cNkaLqv.exe
  2⤵
  PID:9756
- C:\Windows\System\nAOQQhx.exe
  C:\Windows\System\nAOQQhx.exe
  2⤵
  PID:9788
- C:\Windows\System\sMBntwI.exe
  C:\Windows\System\sMBntwI.exe
  2⤵
  PID:9772
- C:\Windows\System\fiCawax.exe
  C:\Windows\System\fiCawax.exe
  2⤵
  PID:9916
- C:\Windows\System\qFwEvJS.exe
  C:\Windows\System\qFwEvJS.exe
  2⤵
  PID:9912
- C:\Windows\System\CQxyPoq.exe
  C:\Windows\System\CQxyPoq.exe
  2⤵
  PID:9928
- C:\Windows\System\gylOyRf.exe
  C:\Windows\System\gylOyRf.exe
  2⤵
  PID:9960
- C:\Windows\System\MCEKGie.exe
  C:\Windows\System\MCEKGie.exe
  2⤵
  PID:10028
- C:\Windows\System\rhymqwe.exe
  C:\Windows\System\rhymqwe.exe
  2⤵
  PID:9948
- C:\Windows\System\jXoVhlQ.exe
  C:\Windows\System\jXoVhlQ.exe
  2⤵
  PID:10060
- C:\Windows\System\VBAhfLy.exe
  C:\Windows\System\VBAhfLy.exe
  2⤵
  PID:10096
- C:\Windows\System\MIzQigF.exe
  C:\Windows\System\MIzQigF.exe
  2⤵
  PID:10160
- C:\Windows\System\cHQUesn.exe
  C:\Windows\System\cHQUesn.exe
  2⤵
  PID:10108
- C:\Windows\System\fGDNoCG.exe
  C:\Windows\System\fGDNoCG.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CifyFWr.exe

Filesize
6.0MB

MD5
5061fac8e01b094aa8b980678747c42a

SHA1
7f39bfb936814ffaa43c91bea968b67a2b5a77d8

SHA256
e9434f13f8045df7d53da441b119fb96de848aa8df45e836e722650080609f13

SHA512
cff9887dadb5568da0754258f40b58e519b9187088fe96aef443fa6864e007cb8e963ee62edfbaa4644592096fb036ee8d73da8fc2a48eb390106ce9c91a19e8

Download Submit
C:\Windows\system\CijStvi.exe

Filesize
6.0MB

MD5
f924ed4e742c21ad7d189471997d4738

SHA1
956c55a8271b94a424eb8eeec772896f2b811022

SHA256
391cde2e0cc090d1e751fb773d97f00721f3f77d0e19a33c53f0fddd038e607c

SHA512
695acc7cacbe0b46eb9823223d49dfe4831658036b07ee46ad5044ff1390a97016d37c7d7a0773c53cf2dc0785b3b9bb7cc229a8490721fdc1fadb838bbe1409

Download Submit
C:\Windows\system\ExGsKzY.exe

Filesize
6.0MB

MD5
7ef5c9aee7dd09fd95dd8b109cc47b94

SHA1
601b9d90ecf93303e5eea29ed98dc6edf42893a4

SHA256
105f903bf0a83897407d35a30674d4a2d6abf17120b02c56827738d60455ab36

SHA512
b9d31db369d0b2df9393eb7444e64c6ca9ea29addbe3d02726915a96a304e0c867ded73ad2cb560d8cb461430502f12cf8202b3baeae1580802d04c3559828f6

Download Submit
C:\Windows\system\FihwWHb.exe

Filesize
6.0MB

MD5
d5bd853cf9bbee6231cb86cb81b27f47

SHA1
c6183c68d06f7e5a3ed231ee4de92a2371979086

SHA256
4d06d3a70ff28396dc4cca94b52101ffbea7d165b19fbc8f48480890e06150b8

SHA512
f51236f6b4f59853e80b838b68d612c2acd35eb1ce9dd342c027e481ce23d633cb6507b611b90764c0643a7b9ca4ac16d534c4910b488fe01716f92d17372dca

Download Submit
C:\Windows\system\FqdolYn.exe

Filesize
6.0MB

MD5
3e3ed0a79d48b61b058566e18b69a54e

SHA1
4a0da7b5e2d54b77df72b034688ba604d5c1bc91

SHA256
b5917db91d3081169a1783eaf587f5ce08a9c6eac3836d2a6f49631492cb8b17

SHA512
ed33c8a4286a617ebf5fbe0c286b1b4a31098ad1d9087c8ed530258e3384598dad4435c3312a15feccebe3b0a517730a239d571be2b4e0217db53e7af2dd2e79

Download Submit
C:\Windows\system\FveXAAE.exe

Filesize
6.0MB

MD5
17c41716e2328dbcdc48dca1290a7f21

SHA1
1ba859d566a44a7643113a08c14de388445c0866

SHA256
a222edec22567d03dec15111f14c2c3f95ec97bbe8e849bf3f2a46de5ca84ed2

SHA512
d277e17a216c4e7d819b6419166c16b64623fb96cbdd894c269863ade66e0aafda1fe443f315b888e73bcdc5db4306d842b98c2cdddcc88889ed10c5f8856b53

Download Submit
C:\Windows\system\GfUxuLF.exe

Filesize
6.0MB

MD5
15b2fe11bc81eb03846d72e31789f328

SHA1
f892341ae0c78975f8836bdf198b3a1f8347832a

SHA256
1647483e68e2c42008f5ac9db088cc3630bc0abd8caac3c5be47ea5757ee25d4

SHA512
60102c25b26ff8ddc4ca6a9c31ab8b2dac4614ec469739b364439d04d79c9256bf12cf8133459dcd3ee851609d860593351fc99d74ee839f6761c5f8b26a8fe3

Download Submit
C:\Windows\system\NGPNwFp.exe

Filesize
6.0MB

MD5
1e26b1356ac76a34eab3a17abef573ad

SHA1
51bac262f159639062e403dc1217bb9ccc7008f3

SHA256
618bd6af294bfc2e89e547406a2a507324e2eef162c4e2765430fb24dff3e2c8

SHA512
a312474e9ae3301cc70667745deb217ef309da818fafa1bc88f450e2e3d58bd253fa6dabb94e0a86e3489107a525dc3dab74816074b9442ba113715c3d8b3508

Download Submit
C:\Windows\system\NPsEygL.exe

Filesize
6.0MB

MD5
5dd2ca9a132e5b4f7849bd5c50be7b60

SHA1
6ed101b2c81e4f164e4b1a83617054bd0b5087d3

SHA256
86415f499330b7586f9109a84d4abe8cc69094c5bcf328b42bbcdb3718a33f76

SHA512
0f43de883d3533f46ee79abfea6d8b8209cf46ecc5626221315fa3236752433cdb9360ea56a8cc5d5dd20a3f610618c05a04e1756f0d5eee80dbcc3c9349b257

Download Submit
C:\Windows\system\PHMQYzM.exe

Filesize
6.0MB

MD5
f1359c8f4e220450c1cac6f0e0079367

SHA1
56fb8f3653ff89e54cd7ec87ecc48ecaf94b19f1

SHA256
193a97890145a397db47f025acc6ef6abb17dd6c2ef7a80b4e7b1ecffcd9410a

SHA512
a0831c8e820f0ffca027e585fed46003ba46933724f6fdc693c1483e40601686d58be893def0d727cdd4307393a9f24d7b59d9301d85b6cb66ec1e6ffb4919ef

Download Submit
C:\Windows\system\PkKMYcE.exe

Filesize
6.0MB

MD5
6b9f3441c485dcd0eebb2e7954f22986

SHA1
700f52fc9a47a12a288a39ad8cb9dfd945e1a3fa

SHA256
701d96b0a0806b006e23320460a528bc6eb71b18eaccd32a17f13c1eae881e03

SHA512
3acfaf4848377948fe04664c74f6799d8ae75113199e66dbaae341b27a798011fe41327cc2f005e10452c51540ed2ab9335b576fa000e2ec1d925f4a1b53eee4

Download Submit
C:\Windows\system\TDyeubQ.exe

Filesize
6.0MB

MD5
89ecec954db1cff8cdbd4b99dea92af2

SHA1
13954adba8689f09bc40d10c887584e9815490c9

SHA256
9b9ec70f64a3f0e0f560fa53f940dad5835a303f6abf480d246055f5841fed2d

SHA512
ba57072594ab60156891615660671bb98a767470325bab7a4790f18503ef87ce56185526b147dc636e9e18e3498e492564b77945764769b3992ce65c833a1db4

Download Submit
C:\Windows\system\UqTRjwx.exe

Filesize
6.0MB

MD5
95a36c55a127c19f74080beda8c4cc65

SHA1
c1f8c0b680e70f4f18537c9dfe9e93db038ed279

SHA256
bdd85839a2ecbc9fc901c2fb4205c1a7f76f8e6406b57a8409adb507a7931a6a

SHA512
7f4db0e383ae41b69a6cee28823d908dfe2b232e7a2f56b77d0768c41c4c1e5c45002442eb188766261878e7eb9ea325041d042fbefc10cdcfa34b0c403337aa

Download Submit
C:\Windows\system\WikPyKd.exe

Filesize
6.0MB

MD5
ffe3844246f3951acbdcd956d82954d2

SHA1
a59adb457eca3a4008e1cf3cf578b455f6f3e818

SHA256
bf691b2b8eac32c8111da2b624706a3259dde6dd3822350383866e6f8ee7873b

SHA512
fdab1d9b8bfa84d80a4bc8d90a7b0231d34b8963eeb49ac3b8a29bd2e4af19fd7c9ca369d2f56ddbc55fba41898d7c8adf8bfb390e6480a21011106ab6e3f498

Download Submit
C:\Windows\system\WnEnvVb.exe

Filesize
6.0MB

MD5
b840949a01509c4791fb55542cdf9538

SHA1
efc3d9d7e6df3c777e21d63e998334b08fdca06e

SHA256
0ba048e55a4a336179c5efb616cec06a7326928b645436e8a3ff472660e7f479

SHA512
f02b0fc25de46391b53b759d9815e8f68b81ca2b9dab2a7f41915ad9fd9419e8b7ea3b0351b4cdc61656cd67884c6ee8c7d8b0e24f60cc8baa844e1b81a39600

Download Submit
C:\Windows\system\YsBSvQl.exe

Filesize
6.0MB

MD5
2e5ed9118c610db6dc43c25212bf3650

SHA1
578d32fab911af02b320335d36ecc2c93b0e5522

SHA256
9854ca10fc6c793d8fb7424cc84c1f78ee502270b9917462ae41496543273306

SHA512
9a020231340d2d835003b16fc6f2ef958ed480fc7cec103f53fd2357ffb6c035bd75ca0dcc6c5be1df25ef590d93676632b52c006fd7f5fe05f4a1ecf3018f18

Download Submit
C:\Windows\system\aEjPcSk.exe

Filesize
6.0MB

MD5
fc93095b508afbaccf04d84070912db0

SHA1
591ecb164d12c0ca84f4386d4af06d01a5a79078

SHA256
5362471c1b2e6cca23ab8dab25a8745b72cd5cdf3313236224cb276f964b7384

SHA512
fdd05381300054a26b4cac5250391c78861090fa2207f8e8780d5a15bd0a60ea28151b76342b0e45196e42526a62602a60efd75b42e87c5a379ebe82fd14b1f8

Download Submit
C:\Windows\system\avRYOCO.exe

Filesize
6.0MB

MD5
84295c9efaa0e4f067a9e32af95d1f28

SHA1
f2da2e19b76e884ab6e8ebdf6f3a0960ef909430

SHA256
01baceb5c1e6ec25bd088cbeae7c4ebfe3d1c11221843f5a40d7d5a4e6f2ea81

SHA512
0b643f8553d94dd0a3fe161f041df76e8dfeedfb769e380b1838f19d6aec03054b2300a0db224c46e318b3fb11afc4f9c7d21ecdfcf2bbbb776a480a835d90d4

Download Submit
C:\Windows\system\bAhcfeb.exe

Filesize
6.0MB

MD5
3d79caba805067aac6fa8508322ac51b

SHA1
779153f85e7ca082ca4c69dec0ff532729ec10d5

SHA256
88dae1fadc4f5211de9701db5e2f877f66c4b0b519e25eb8fcdc34ea5430a487

SHA512
61cf5e5cd710c930bc1f7dececcf6535e852a2052d50369daa21f7da969107969446942cd120e3a190aa9c5270370090210b04397c413b847b6742f8fe9d6a53

Download Submit
C:\Windows\system\fxHrAbR.exe

Filesize
6.0MB

MD5
04fe937f48dbd74382ca85660bc75494

SHA1
e26e4ca0dc73959f8e22225429f5a7ef92d4fa18

SHA256
877722f904df5f185546a0e4b1e2e0e3e1d20282acaa8565b0c7f633e0e61731

SHA512
1691f300a39dbe62710cd7117b8fd5b356dd63cce018df205f530ad28e91396673f95ab89b4eb039ec89d318b4adde90dcef2dcac9ad672dd44d77acf7d62b67

Download Submit
C:\Windows\system\hLoUWaN.exe

Filesize
6.0MB

MD5
1c7a1c5b2d35947ea47a80cd3619ed53

SHA1
d0b3563b5ac263ba02c8d4cc154d9de2694db3fe

SHA256
56b220f1e870d60b7a0d44bb69dcc7cbfef6d56691f670689455b473cb77391c

SHA512
296f3c2e4e93c2e68d298b4b7667b1aec751883f6f5ba7b94dc55b89fe0abb422bc54d6e8e89a8c061e10eb14ed456516c60f0efb658feb3305d28fc4332e458

Download Submit
C:\Windows\system\kgbJPMg.exe

Filesize
6.0MB

MD5
afeccbc54c34c85cd4f6d10832799df4

SHA1
3cc238b76bf093e8aef069fe989792013159225d

SHA256
2436b1a129edd89057515ac4e76411dcef680dd550ce678499fe25701688ef69

SHA512
a629c78e665061e1f51f94c9c4c2849ae1690f1622e56474d7ef27032a04e08e5ccea60721ccf2cfe3242ecad9e823764a97ca054a09700f84434db1d40bbc95

Download Submit
C:\Windows\system\nCusbhX.exe

Filesize
6.0MB

MD5
e950052e9e22f2fcd2dcf8088c20b26e

SHA1
3ffc7d8a74ceeff53fe2fa5a5b2dfbf608192446

SHA256
00bfe4ce8bdff50d6d7daa2d77a08c1c291ede25f1dc2e9cd66ce962e97f9443

SHA512
a8692cca5700fb2bb3aa0cf77b98729814c227fab065c37e108cfea3a58dd6c0c20b11eaa54ccffe26d2ff93a467c3830bc6ad707fb060e9d6628b3881b55427

Download Submit
C:\Windows\system\utLQzQO.exe

Filesize
6.0MB

MD5
c75d6bfe3d4263783dfbecfd781999f8

SHA1
2aa6ec98ae7bcd8f1a109341cefda71a6aab2227

SHA256
be05458c3d371f585ad20685e52e12f2336b3216cebbff8fc93bd425a2e4524c

SHA512
935dec3c9e39e12e9fc8a0052738d1cf803b3b5ff822a25afa89dd2b99bee412cecfe1b6a9d173ead707adca234869cab17f51d0a8de4a1660f71ef5dc6074bf

Download Submit
C:\Windows\system\wjoCPLk.exe

Filesize
6.0MB

MD5
30279f6a647c2f53f401f0b73814c692

SHA1
653ced9ac9e93a94281d2df6fe97d67d9e705928

SHA256
770fc013f8e7abf95fa404e7a1d8379a069ea626303ea3a025ec73dfcce1f7d2

SHA512
67075814d2b3dfb8361dd6d4c485179b155bb11570df8ca10d3d0ccac36e70c735142a12980d1f5df39a6c16e7081d738adb068f5c61c98049d1b4af768831d4

Download Submit
C:\Windows\system\yEyQDAq.exe

Filesize
6.0MB

MD5
3cac6cf63dfde3073edbcf6bf7426f66

SHA1
e45ca4655bd20ff3821e5d3f5426455505b2ae5e

SHA256
347db13147501e8757199ec4835c66c6b66b8d8e4320c4c6bfc477a3855c3458

SHA512
a8741fd3819c03c411e33ac38ca97146ed1284f2d6330cf2e61d06f26137782be29c111fc56cfd8127993b0dd9ddac9655fc407c233235b5b83794f818d5068a

Download Submit
C:\Windows\system\yRKluko.exe

Filesize
6.0MB

MD5
b56b11a6d45a8c0ca02122da8f2a7d90

SHA1
6c574d99a4413b755ffeab65564f42c1d31cfdda

SHA256
afa3ca7368b70bd80766ce73e701320c0b07124716caf7caf050d64ecc37ef65

SHA512
91a2e1c4e99d65c7e6542019fea8292dbb73e6c234af83530245c3dfa8a2edde2a17901ac19b45647df77bb6ddba368524d8b62d106f4e1787c10feaed062037

Download Submit
C:\Windows\system\zlNebtK.exe

Filesize
6.0MB

MD5
4f9129eb21f78270857e494330a4ee81

SHA1
ef9a80f4cfb957ad46ff54d0baf21f96826c696c

SHA256
e7d2464fd8052c6e5245b8816244e56f44688a450fbcad2ab1645c32d14ae37b

SHA512
369e617cf976b723c12e488eb1a98b4bf0634773627f0313842e7d8835dd955ea1b676f7309a715181ba25d05c9f8f04f4c79b385cb3d5d9b56a0429b5be120c

Download Submit
\Windows\system\OEpMkvc.exe

Filesize
6.0MB

MD5
0cc0f19b920c61358c41f9e5148621aa

SHA1
26b6aedce6638a48a0b2aa341c40b97593e0189a

SHA256
5731efb731f81f7df6916eedac1d99a6a59da46e41ff38e8644e6eb3678acea6

SHA512
9d0365a7690431ac2f703de2ee0bafc0d8fcb1b08fdd75c0d677306505f6adf211e91a729b762d462bf83e338033be005d01a909bad9b7f210af1e5e49285851

Download Submit
\Windows\system\jZyIuZI.exe

Filesize
6.0MB

MD5
79fd938451d48c1f3d70cd2d8bb3d9bb

SHA1
8ce1c9d59320c07a9b281ed53318e4cc1a0da0f1

SHA256
0d7651772a227faeec1430555c09a0a3f152766355b5606df2ad7b3e16ab82cd

SHA512
6c49281860e5b7d4d1022e10db1d5c5cc2cfe0014217e75c744862898e3c1f1c3acb6fc5cbb07d916fb838954a8e1ce879076453f3e97d2cf3f0d0719fe41cb3

Download Submit
\Windows\system\koLbCJn.exe

Filesize
6.0MB

MD5
fe6f3ec16e72c027dffb0f07bb8f4a07

SHA1
3dbf0b442a2345e621073a5d5a77c760cf639a42

SHA256
12339bd37d7a68f215cfcaa160d731592f218d3e209fec4552236bcaf77962f0

SHA512
c40097df6c47ee5432613866f67bb7c1aa9efd03c757d9830a625829c78e21efaabef44154f8e228d4123df06ea8b517bb5a1ad066da63c6c88da2aca41ccef0

Download Submit
\Windows\system\nZpQckP.exe

Filesize
6.0MB

MD5
7792977c097426fca8d5403ad91c205c

SHA1
abb8b9709a8adf22152444d13afcdbe2ea89dcdc

SHA256
62020ec5e096d8e89893a631c4ca191592fda92316394d89690cbe27ef397f5a

SHA512
094d847670b2e0670171c69889f024e06cb6f35a434d7c1ec57d47904b64431774d96ff0a06df720c946107914a4cb7709414c63c44d792acb5a0b5e1cb4d8c7

Download Submit
memory/1732-559-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1732-4204-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1848-4206-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1848-532-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2248-536-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-4098-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-561-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-4148-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-557-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3940-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1329-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1333-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2696-546-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2696-544-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1335-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2696-541-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1334-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2696-537-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2696-548-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-535-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1332-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-533-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1331-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-518-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-510-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-550-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1330-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2696-552-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-0-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-554-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1328-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2696-556-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2696-558-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2696-560-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1235-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1322-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1323-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1324-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1325-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1326-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1327-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4208-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-555-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4176-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-553-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-549-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-547-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4168-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4205-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-551-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2896-538-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4146-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2920-543-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4242-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2936-4147-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2936-534-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4150-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-545-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download