cobaltstrike | 0e733445cccc5005996037158e63b8bdc15c90000f0e3ac7c1ab68e16f9b8b07

Analysis

max time kernel
132s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

844b784569034ec0e99f17b87316bf38
SHA1

aba582af94ccd3b064eba1a17ac99cd16d32679d
SHA256

0e733445cccc5005996037158e63b8bdc15c90000f0e3ac7c1ab68e16f9b8b07
SHA512

5300bc87715892cdfea44cb51907e4ef9869f49f742462c00cc05e491238e0d80181f46282c746b106fac2abd0a3a292845918e0c20a01d4d9da28ea892e4a27
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUx:T+q56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-8.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018683-25.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-97.dat	cobalt_reflective_dll
behavioral1/files/0x00390000000173a9-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-75.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001873d-64.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ee-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-3.dat	xmrig
behavioral1/files/0x00080000000174cc-8.dat	xmrig
behavioral1/memory/1708-9-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000e000000018676-16.dat	xmrig
behavioral1/files/0x0007000000018683-25.dat	xmrig
behavioral1/files/0x00060000000186ea-30.dat	xmrig
behavioral1/memory/2872-42-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1708-51-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186fd-55.dat	xmrig
behavioral1/memory/2884-72-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2188-80-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/768-86-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2596-94-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1260-100-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-156.dat	xmrig
behavioral1/files/0x0005000000019625-172.dat	xmrig
behavioral1/files/0x0005000000019623-168.dat	xmrig
behavioral1/files/0x0005000000019622-165.dat	xmrig
behavioral1/files/0x0005000000019621-161.dat	xmrig
behavioral1/files/0x000500000001961d-153.dat	xmrig
behavioral1/files/0x000500000001961b-148.dat	xmrig
behavioral1/files/0x0005000000019619-145.dat	xmrig
behavioral1/files/0x0005000000019617-140.dat	xmrig
behavioral1/files/0x0005000000019615-137.dat	xmrig
behavioral1/files/0x0005000000019613-132.dat	xmrig
behavioral1/files/0x0005000000019611-129.dat	xmrig
behavioral1/files/0x000500000001960f-124.dat	xmrig
behavioral1/files/0x000500000001960b-116.dat	xmrig
behavioral1/files/0x000500000001960d-121.dat	xmrig
behavioral1/files/0x0005000000019609-113.dat	xmrig
behavioral1/files/0x00050000000195c5-108.dat	xmrig
behavioral1/memory/2276-105-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019582-103.dat	xmrig
behavioral1/files/0x000500000001950c-97.dat	xmrig
behavioral1/memory/2316-92-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00390000000173a9-90.dat	xmrig
behavioral1/memory/2872-87-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-84.dat	xmrig
behavioral1/memory/2100-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2688-77-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2988-71-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-70.dat	xmrig
behavioral1/memory/1980-69-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2712-68-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-75.dat	xmrig
behavioral1/files/0x000700000001873d-64.dat	xmrig
behavioral1/memory/2596-63-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2276-50-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2612-49-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ee-46.dat	xmrig
behavioral1/memory/2188-38-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2688-35-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-34.dat	xmrig
behavioral1/memory/2988-21-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2276-19-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2712-15-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1708-3721-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2988-3724-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2712-3725-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2612-3726-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2188-3723-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1980-3722-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2688-3727-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1708	DgXQLZp.exe
2712	ulHJAUU.exe
2988	eOBJwUI.exe
2688	XjfwQxR.exe
2188	cUYviCB.exe
2872	PBZZAfa.exe
2612	USahchV.exe
2596	akmgXtk.exe
1980	GoPbObG.exe
2884	ifRBMjZ.exe
2100	uMyJSiS.exe
768	ksTUXim.exe
2316	niuAMsK.exe
1260	TrMkxSd.exe
1168	cyFQIFu.exe
2364	zDyxRfm.exe
2932	KiuMUDN.exe
2936	nCQsGTX.exe
552	hFEHYgo.exe
480	HuToXvu.exe
532	rdBeKZA.exe
1764	WWVeKQk.exe
2432	IFkQsmO.exe
1792	rXuZDFJ.exe
1732	LIpuWkq.exe
3020	GWvGveD.exe
2984	HspdhzA.exe
2068	IKoFjOn.exe
1148	nEaqllo.exe
2168	OmPDQao.exe
1056	mLkAjNB.exe
852	CIvHkoc.exe
968	sqGyAIC.exe
672	ZBiuwRu.exe
1104	NJzbfOk.exe
268	xWqZvCL.exe
1928	IYifqxJ.exe
1728	hIscFCG.exe
2296	BCsqpZF.exe
1548	SKkpzmx.exe
1556	boCotue.exe
1744	AixbzDM.exe
2148	DwJrMpl.exe
1956	ajwzfEB.exe
2012	GoCfbid.exe
624	nTFBWwG.exe
2516	bfNyNrU.exe
996	akCDIai.exe
1748	ZUZuvuX.exe
3008	gyiSVXF.exe
2852	cmtAuKi.exe
2384	gbCrVSL.exe
2320	XYrwLvK.exe
3012	qCHBizR.exe
696	OHEmuvD.exe
3004	FyOEtKO.exe
2352	zUcJUxI.exe
392	OVJNCsu.exe
884	sUPXpLr.exe
2408	kIVHrvV.exe
2648	IjwfPOU.exe
2968	DFitvlg.exe
1608	nVrXPsl.exe
1604	ZEarDbe.exe

Loads dropped DLL 64 IoCs

pid	Process
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0003000000012000-3.dat	upx
behavioral1/files/0x00080000000174cc-8.dat	upx
behavioral1/memory/1708-9-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000e000000018676-16.dat	upx
behavioral1/files/0x0007000000018683-25.dat	upx
behavioral1/files/0x00060000000186ea-30.dat	upx
behavioral1/memory/2872-42-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1708-51-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00060000000186fd-55.dat	upx
behavioral1/memory/2884-72-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2188-80-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/768-86-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2596-94-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1260-100-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x000500000001961f-156.dat	upx
behavioral1/files/0x0005000000019625-172.dat	upx
behavioral1/files/0x0005000000019623-168.dat	upx
behavioral1/files/0x0005000000019622-165.dat	upx
behavioral1/files/0x0005000000019621-161.dat	upx
behavioral1/files/0x000500000001961d-153.dat	upx
behavioral1/files/0x000500000001961b-148.dat	upx
behavioral1/files/0x0005000000019619-145.dat	upx
behavioral1/files/0x0005000000019617-140.dat	upx
behavioral1/files/0x0005000000019615-137.dat	upx
behavioral1/files/0x0005000000019613-132.dat	upx
behavioral1/files/0x0005000000019611-129.dat	upx
behavioral1/files/0x000500000001960f-124.dat	upx
behavioral1/files/0x000500000001960b-116.dat	upx
behavioral1/files/0x000500000001960d-121.dat	upx
behavioral1/files/0x0005000000019609-113.dat	upx
behavioral1/files/0x00050000000195c5-108.dat	upx
behavioral1/files/0x0005000000019582-103.dat	upx
behavioral1/files/0x000500000001950c-97.dat	upx
behavioral1/memory/2316-92-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00390000000173a9-90.dat	upx
behavioral1/memory/2872-87-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x0005000000019461-84.dat	upx
behavioral1/memory/2100-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2688-77-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2988-71-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0005000000019441-70.dat	upx
behavioral1/memory/1980-69-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2712-68-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000500000001944f-75.dat	upx
behavioral1/files/0x000700000001873d-64.dat	upx
behavioral1/memory/2596-63-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2276-50-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2612-49-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00060000000186ee-46.dat	upx
behavioral1/memory/2188-38-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2688-35-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-34.dat	upx
behavioral1/memory/2988-21-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2712-15-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1708-3721-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2988-3724-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2712-3725-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2612-3726-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2188-3723-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1980-3722-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2688-3727-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2596-4284-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2100-4285-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZVRqcTy.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBUhQZr.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szYWGQd.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiXzQlf.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQZWnAB.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlAvWDV.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELzDEiF.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWzoZbe.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsNHoNw.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEHyjiX.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnRIbEL.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shacjTJ.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bflwMKh.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPteZLm.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpBpetW.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceDVIHf.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIUrGgf.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEarDbe.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNkGpwu.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usggWUV.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNvYoeO.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laWHCUJ.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldrOosB.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvqzAoS.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZzQERH.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZUVTNe.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLOtXMV.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfpJmxU.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWpKFrf.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMjjSOa.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCLjdiy.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZGnAbK.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuKSImo.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObNjQLY.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQoYUaA.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcYfEyy.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbvvMSj.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmtPeyj.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcZLRId.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjUOdhW.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\przVjFc.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJVcPtv.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjpQvuz.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOBUEFA.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQVlKAi.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBJYqSv.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLvzwNZ.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktJXqxk.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgZIBys.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHjxFOp.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHlCpAT.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrLOQIO.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZBYUpA.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRoYQIg.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwkOMDx.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlOOVry.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doGopPT.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drPUBEA.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWyxXBw.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIJOwBI.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFHhfzN.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGTiWdF.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wbumilw.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYrwLvK.exe	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1708	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 1708	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 1708	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2276 wrote to memory of 2712	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2712	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2712	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2276 wrote to memory of 2988	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2988	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2988	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2276 wrote to memory of 2688	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2688	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2688	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2276 wrote to memory of 2188	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2188	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2188	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2276 wrote to memory of 2872	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2872	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2872	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2276 wrote to memory of 2612	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2612	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2612	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2276 wrote to memory of 2596	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2596	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 2596	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2276 wrote to memory of 1980	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 1980	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 1980	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2276 wrote to memory of 2884	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2884	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2884	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2276 wrote to memory of 2100	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2100	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 2100	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2276 wrote to memory of 768	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 768	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 768	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2276 wrote to memory of 2316	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2316	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 2316	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2276 wrote to memory of 1260	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1260	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1260	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2276 wrote to memory of 1168	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 1168	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 1168	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2276 wrote to memory of 2364	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2364	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2364	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2276 wrote to memory of 2932	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2932	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2932	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2276 wrote to memory of 2936	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 2936	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 2936	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2276 wrote to memory of 552	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 552	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 552	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2276 wrote to memory of 480	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 480	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 480	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2276 wrote to memory of 532	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 532	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 532	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2276 wrote to memory of 1764	2276	2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_844b784569034ec0e99f17b87316bf38_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\System\DgXQLZp.exe
  C:\Windows\System\DgXQLZp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ulHJAUU.exe
  C:\Windows\System\ulHJAUU.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\eOBJwUI.exe
  C:\Windows\System\eOBJwUI.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\XjfwQxR.exe
  C:\Windows\System\XjfwQxR.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\cUYviCB.exe
  C:\Windows\System\cUYviCB.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\PBZZAfa.exe
  C:\Windows\System\PBZZAfa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\USahchV.exe
  C:\Windows\System\USahchV.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\akmgXtk.exe
  C:\Windows\System\akmgXtk.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\GoPbObG.exe
  C:\Windows\System\GoPbObG.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ifRBMjZ.exe
  C:\Windows\System\ifRBMjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\uMyJSiS.exe
  C:\Windows\System\uMyJSiS.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\ksTUXim.exe
  C:\Windows\System\ksTUXim.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\niuAMsK.exe
  C:\Windows\System\niuAMsK.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\TrMkxSd.exe
  C:\Windows\System\TrMkxSd.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\cyFQIFu.exe
  C:\Windows\System\cyFQIFu.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\zDyxRfm.exe
  C:\Windows\System\zDyxRfm.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\KiuMUDN.exe
  C:\Windows\System\KiuMUDN.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\nCQsGTX.exe
  C:\Windows\System\nCQsGTX.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hFEHYgo.exe
  C:\Windows\System\hFEHYgo.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\HuToXvu.exe
  C:\Windows\System\HuToXvu.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\rdBeKZA.exe
  C:\Windows\System\rdBeKZA.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\WWVeKQk.exe
  C:\Windows\System\WWVeKQk.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IFkQsmO.exe
  C:\Windows\System\IFkQsmO.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\rXuZDFJ.exe
  C:\Windows\System\rXuZDFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\LIpuWkq.exe
  C:\Windows\System\LIpuWkq.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\GWvGveD.exe
  C:\Windows\System\GWvGveD.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\HspdhzA.exe
  C:\Windows\System\HspdhzA.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\IKoFjOn.exe
  C:\Windows\System\IKoFjOn.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\nEaqllo.exe
  C:\Windows\System\nEaqllo.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\OmPDQao.exe
  C:\Windows\System\OmPDQao.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\mLkAjNB.exe
  C:\Windows\System\mLkAjNB.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\CIvHkoc.exe
  C:\Windows\System\CIvHkoc.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\sqGyAIC.exe
  C:\Windows\System\sqGyAIC.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\ZBiuwRu.exe
  C:\Windows\System\ZBiuwRu.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\NJzbfOk.exe
  C:\Windows\System\NJzbfOk.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\xWqZvCL.exe
  C:\Windows\System\xWqZvCL.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\IYifqxJ.exe
  C:\Windows\System\IYifqxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\hIscFCG.exe
  C:\Windows\System\hIscFCG.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\BCsqpZF.exe
  C:\Windows\System\BCsqpZF.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\SKkpzmx.exe
  C:\Windows\System\SKkpzmx.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\boCotue.exe
  C:\Windows\System\boCotue.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\AixbzDM.exe
  C:\Windows\System\AixbzDM.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\DwJrMpl.exe
  C:\Windows\System\DwJrMpl.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ajwzfEB.exe
  C:\Windows\System\ajwzfEB.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\GoCfbid.exe
  C:\Windows\System\GoCfbid.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\nTFBWwG.exe
  C:\Windows\System\nTFBWwG.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\bfNyNrU.exe
  C:\Windows\System\bfNyNrU.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\akCDIai.exe
  C:\Windows\System\akCDIai.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\ZUZuvuX.exe
  C:\Windows\System\ZUZuvuX.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\gyiSVXF.exe
  C:\Windows\System\gyiSVXF.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\cmtAuKi.exe
  C:\Windows\System\cmtAuKi.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\gbCrVSL.exe
  C:\Windows\System\gbCrVSL.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\XYrwLvK.exe
  C:\Windows\System\XYrwLvK.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\qCHBizR.exe
  C:\Windows\System\qCHBizR.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\OHEmuvD.exe
  C:\Windows\System\OHEmuvD.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\FyOEtKO.exe
  C:\Windows\System\FyOEtKO.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\zUcJUxI.exe
  C:\Windows\System\zUcJUxI.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\OVJNCsu.exe
  C:\Windows\System\OVJNCsu.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\sUPXpLr.exe
  C:\Windows\System\sUPXpLr.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\kIVHrvV.exe
  C:\Windows\System\kIVHrvV.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\IjwfPOU.exe
  C:\Windows\System\IjwfPOU.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\DFitvlg.exe
  C:\Windows\System\DFitvlg.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\nVrXPsl.exe
  C:\Windows\System\nVrXPsl.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ZEarDbe.exe
  C:\Windows\System\ZEarDbe.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\SHuBCEj.exe
  C:\Windows\System\SHuBCEj.exe
  2⤵
  PID:2672
- C:\Windows\System\DXrmzGq.exe
  C:\Windows\System\DXrmzGq.exe
  2⤵
  PID:2840
- C:\Windows\System\LvHtkAP.exe
  C:\Windows\System\LvHtkAP.exe
  2⤵
  PID:2980
- C:\Windows\System\HNhJPdK.exe
  C:\Windows\System\HNhJPdK.exe
  2⤵
  PID:2568
- C:\Windows\System\NYcTFna.exe
  C:\Windows\System\NYcTFna.exe
  2⤵
  PID:2908
- C:\Windows\System\NGIAEmO.exe
  C:\Windows\System\NGIAEmO.exe
  2⤵
  PID:2744
- C:\Windows\System\iFsgube.exe
  C:\Windows\System\iFsgube.exe
  2⤵
  PID:1684
- C:\Windows\System\ddAZHWy.exe
  C:\Windows\System\ddAZHWy.exe
  2⤵
  PID:2228
- C:\Windows\System\TNfzHLP.exe
  C:\Windows\System\TNfzHLP.exe
  2⤵
  PID:2800
- C:\Windows\System\hhCnCVh.exe
  C:\Windows\System\hhCnCVh.exe
  2⤵
  PID:2300
- C:\Windows\System\mClZbTY.exe
  C:\Windows\System\mClZbTY.exe
  2⤵
  PID:108
- C:\Windows\System\QYNEdkE.exe
  C:\Windows\System\QYNEdkE.exe
  2⤵
  PID:1652
- C:\Windows\System\zZWDpEa.exe
  C:\Windows\System\zZWDpEa.exe
  2⤵
  PID:1160
- C:\Windows\System\OBcdmtk.exe
  C:\Windows\System\OBcdmtk.exe
  2⤵
  PID:2440
- C:\Windows\System\udvEmaB.exe
  C:\Windows\System\udvEmaB.exe
  2⤵
  PID:2084
- C:\Windows\System\ffYQDnV.exe
  C:\Windows\System\ffYQDnV.exe
  2⤵
  PID:2336
- C:\Windows\System\MxCAeqp.exe
  C:\Windows\System\MxCAeqp.exe
  2⤵
  PID:1100
- C:\Windows\System\irzGNWv.exe
  C:\Windows\System\irzGNWv.exe
  2⤵
  PID:1972
- C:\Windows\System\XcGalko.exe
  C:\Windows\System\XcGalko.exe
  2⤵
  PID:1864
- C:\Windows\System\sDBWylH.exe
  C:\Windows\System\sDBWylH.exe
  2⤵
  PID:2204
- C:\Windows\System\zCvXvmb.exe
  C:\Windows\System\zCvXvmb.exe
  2⤵
  PID:568
- C:\Windows\System\acRoBqi.exe
  C:\Windows\System\acRoBqi.exe
  2⤵
  PID:1720
- C:\Windows\System\mxJzegS.exe
  C:\Windows\System\mxJzegS.exe
  2⤵
  PID:1776
- C:\Windows\System\QczDiEk.exe
  C:\Windows\System\QczDiEk.exe
  2⤵
  PID:2024
- C:\Windows\System\wycOQsy.exe
  C:\Windows\System\wycOQsy.exe
  2⤵
  PID:2032
- C:\Windows\System\kFrSeCi.exe
  C:\Windows\System\kFrSeCi.exe
  2⤵
  PID:284
- C:\Windows\System\UfQrZSa.exe
  C:\Windows\System\UfQrZSa.exe
  2⤵
  PID:2496
- C:\Windows\System\DrAsWLp.exe
  C:\Windows\System\DrAsWLp.exe
  2⤵
  PID:2960
- C:\Windows\System\mCBOeib.exe
  C:\Windows\System\mCBOeib.exe
  2⤵
  PID:1008
- C:\Windows\System\lixUmqJ.exe
  C:\Windows\System\lixUmqJ.exe
  2⤵
  PID:2096
- C:\Windows\System\unnXoOe.exe
  C:\Windows\System\unnXoOe.exe
  2⤵
  PID:2292
- C:\Windows\System\sSGiMdE.exe
  C:\Windows\System\sSGiMdE.exe
  2⤵
  PID:316
- C:\Windows\System\Goabvbm.exe
  C:\Windows\System\Goabvbm.exe
  2⤵
  PID:1328
- C:\Windows\System\KPmDIrb.exe
  C:\Windows\System\KPmDIrb.exe
  2⤵
  PID:1664
- C:\Windows\System\mrTTcHa.exe
  C:\Windows\System\mrTTcHa.exe
  2⤵
  PID:2424
- C:\Windows\System\IcNmBvD.exe
  C:\Windows\System\IcNmBvD.exe
  2⤵
  PID:2876
- C:\Windows\System\PSfSoMw.exe
  C:\Windows\System\PSfSoMw.exe
  2⤵
  PID:3060
- C:\Windows\System\qoALFlc.exe
  C:\Windows\System\qoALFlc.exe
  2⤵
  PID:3068
- C:\Windows\System\QOlzhZP.exe
  C:\Windows\System\QOlzhZP.exe
  2⤵
  PID:1860
- C:\Windows\System\QgITfRG.exe
  C:\Windows\System\QgITfRG.exe
  2⤵
  PID:2652
- C:\Windows\System\dLRuIcz.exe
  C:\Windows\System\dLRuIcz.exe
  2⤵
  PID:2200
- C:\Windows\System\UIaAgVp.exe
  C:\Windows\System\UIaAgVp.exe
  2⤵
  PID:3076
- C:\Windows\System\GVlqvsw.exe
  C:\Windows\System\GVlqvsw.exe
  2⤵
  PID:3092
- C:\Windows\System\HBddDso.exe
  C:\Windows\System\HBddDso.exe
  2⤵
  PID:3108
- C:\Windows\System\qoonSrY.exe
  C:\Windows\System\qoonSrY.exe
  2⤵
  PID:3124
- C:\Windows\System\zTcJFaN.exe
  C:\Windows\System\zTcJFaN.exe
  2⤵
  PID:3140
- C:\Windows\System\chkmotx.exe
  C:\Windows\System\chkmotx.exe
  2⤵
  PID:3156
- C:\Windows\System\HCoRFhP.exe
  C:\Windows\System\HCoRFhP.exe
  2⤵
  PID:3172
- C:\Windows\System\GHiuFJZ.exe
  C:\Windows\System\GHiuFJZ.exe
  2⤵
  PID:3188
- C:\Windows\System\YcXhdzF.exe
  C:\Windows\System\YcXhdzF.exe
  2⤵
  PID:3204
- C:\Windows\System\OmBkVEh.exe
  C:\Windows\System\OmBkVEh.exe
  2⤵
  PID:3220
- C:\Windows\System\goeFooa.exe
  C:\Windows\System\goeFooa.exe
  2⤵
  PID:3236
- C:\Windows\System\tkZnvYO.exe
  C:\Windows\System\tkZnvYO.exe
  2⤵
  PID:3252
- C:\Windows\System\mzJXByK.exe
  C:\Windows\System\mzJXByK.exe
  2⤵
  PID:3268
- C:\Windows\System\slcvikP.exe
  C:\Windows\System\slcvikP.exe
  2⤵
  PID:3284
- C:\Windows\System\ObZjFjp.exe
  C:\Windows\System\ObZjFjp.exe
  2⤵
  PID:3304
- C:\Windows\System\JsOYwEl.exe
  C:\Windows\System\JsOYwEl.exe
  2⤵
  PID:3324
- C:\Windows\System\PmBrrsv.exe
  C:\Windows\System\PmBrrsv.exe
  2⤵
  PID:3340
- C:\Windows\System\GdKcVmj.exe
  C:\Windows\System\GdKcVmj.exe
  2⤵
  PID:3356
- C:\Windows\System\kAQlzGX.exe
  C:\Windows\System\kAQlzGX.exe
  2⤵
  PID:3372
- C:\Windows\System\PihoVRy.exe
  C:\Windows\System\PihoVRy.exe
  2⤵
  PID:3388
- C:\Windows\System\qqQRSEP.exe
  C:\Windows\System\qqQRSEP.exe
  2⤵
  PID:3404
- C:\Windows\System\atgiwBU.exe
  C:\Windows\System\atgiwBU.exe
  2⤵
  PID:3420
- C:\Windows\System\MtWhFSj.exe
  C:\Windows\System\MtWhFSj.exe
  2⤵
  PID:3436
- C:\Windows\System\XlPexsF.exe
  C:\Windows\System\XlPexsF.exe
  2⤵
  PID:3452
- C:\Windows\System\TVRBQeK.exe
  C:\Windows\System\TVRBQeK.exe
  2⤵
  PID:3468
- C:\Windows\System\XOFyCLk.exe
  C:\Windows\System\XOFyCLk.exe
  2⤵
  PID:3484
- C:\Windows\System\NLCGpPY.exe
  C:\Windows\System\NLCGpPY.exe
  2⤵
  PID:3500
- C:\Windows\System\XUdpFuK.exe
  C:\Windows\System\XUdpFuK.exe
  2⤵
  PID:3516
- C:\Windows\System\ROVoIDr.exe
  C:\Windows\System\ROVoIDr.exe
  2⤵
  PID:3532
- C:\Windows\System\aTZvUJw.exe
  C:\Windows\System\aTZvUJw.exe
  2⤵
  PID:3548
- C:\Windows\System\qjnYsTt.exe
  C:\Windows\System\qjnYsTt.exe
  2⤵
  PID:3564
- C:\Windows\System\qNtccNK.exe
  C:\Windows\System\qNtccNK.exe
  2⤵
  PID:3580
- C:\Windows\System\TtvGxac.exe
  C:\Windows\System\TtvGxac.exe
  2⤵
  PID:3596
- C:\Windows\System\zCxOsyV.exe
  C:\Windows\System\zCxOsyV.exe
  2⤵
  PID:3612
- C:\Windows\System\twoDSqL.exe
  C:\Windows\System\twoDSqL.exe
  2⤵
  PID:3628
- C:\Windows\System\HCQolOA.exe
  C:\Windows\System\HCQolOA.exe
  2⤵
  PID:3644
- C:\Windows\System\zmSfzSU.exe
  C:\Windows\System\zmSfzSU.exe
  2⤵
  PID:3660
- C:\Windows\System\drPUBEA.exe
  C:\Windows\System\drPUBEA.exe
  2⤵
  PID:3676
- C:\Windows\System\HICYSiX.exe
  C:\Windows\System\HICYSiX.exe
  2⤵
  PID:3692
- C:\Windows\System\LotsktF.exe
  C:\Windows\System\LotsktF.exe
  2⤵
  PID:3708
- C:\Windows\System\BBuPxwy.exe
  C:\Windows\System\BBuPxwy.exe
  2⤵
  PID:3724
- C:\Windows\System\wcYfEyy.exe
  C:\Windows\System\wcYfEyy.exe
  2⤵
  PID:3740
- C:\Windows\System\vTFAdfN.exe
  C:\Windows\System\vTFAdfN.exe
  2⤵
  PID:3756
- C:\Windows\System\yhVdKrR.exe
  C:\Windows\System\yhVdKrR.exe
  2⤵
  PID:3772
- C:\Windows\System\gAgKIWA.exe
  C:\Windows\System\gAgKIWA.exe
  2⤵
  PID:3788
- C:\Windows\System\BhoSwLP.exe
  C:\Windows\System\BhoSwLP.exe
  2⤵
  PID:3804
- C:\Windows\System\VRgjKqL.exe
  C:\Windows\System\VRgjKqL.exe
  2⤵
  PID:3820
- C:\Windows\System\iQJDkyE.exe
  C:\Windows\System\iQJDkyE.exe
  2⤵
  PID:3836
- C:\Windows\System\rtrsmyR.exe
  C:\Windows\System\rtrsmyR.exe
  2⤵
  PID:3852
- C:\Windows\System\kvyTXoO.exe
  C:\Windows\System\kvyTXoO.exe
  2⤵
  PID:3868
- C:\Windows\System\gEOMzlv.exe
  C:\Windows\System\gEOMzlv.exe
  2⤵
  PID:3884
- C:\Windows\System\VWYxRKg.exe
  C:\Windows\System\VWYxRKg.exe
  2⤵
  PID:3900
- C:\Windows\System\tVuqCLg.exe
  C:\Windows\System\tVuqCLg.exe
  2⤵
  PID:3916
- C:\Windows\System\AqRuNPY.exe
  C:\Windows\System\AqRuNPY.exe
  2⤵
  PID:3932
- C:\Windows\System\eppYZcX.exe
  C:\Windows\System\eppYZcX.exe
  2⤵
  PID:3948
- C:\Windows\System\lFccVsC.exe
  C:\Windows\System\lFccVsC.exe
  2⤵
  PID:3964
- C:\Windows\System\OumLOdr.exe
  C:\Windows\System\OumLOdr.exe
  2⤵
  PID:3980
- C:\Windows\System\jnQuOYP.exe
  C:\Windows\System\jnQuOYP.exe
  2⤵
  PID:3996
- C:\Windows\System\RdgXvxq.exe
  C:\Windows\System\RdgXvxq.exe
  2⤵
  PID:4012
- C:\Windows\System\vVQHjvu.exe
  C:\Windows\System\vVQHjvu.exe
  2⤵
  PID:4028
- C:\Windows\System\lELuder.exe
  C:\Windows\System\lELuder.exe
  2⤵
  PID:4044
- C:\Windows\System\UWRglDN.exe
  C:\Windows\System\UWRglDN.exe
  2⤵
  PID:4060
- C:\Windows\System\NvVvNbp.exe
  C:\Windows\System\NvVvNbp.exe
  2⤵
  PID:4076
- C:\Windows\System\NIzdHki.exe
  C:\Windows\System\NIzdHki.exe
  2⤵
  PID:4092
- C:\Windows\System\xOHGWxB.exe
  C:\Windows\System\xOHGWxB.exe
  2⤵
  PID:1960
- C:\Windows\System\sMBebHn.exe
  C:\Windows\System\sMBebHn.exe
  2⤵
  PID:1016
- C:\Windows\System\pVwrHhn.exe
  C:\Windows\System\pVwrHhn.exe
  2⤵
  PID:3032
- C:\Windows\System\utoBqbS.exe
  C:\Windows\System\utoBqbS.exe
  2⤵
  PID:2104
- C:\Windows\System\tOBUEFA.exe
  C:\Windows\System\tOBUEFA.exe
  2⤵
  PID:2428
- C:\Windows\System\WrBSFMb.exe
  C:\Windows\System\WrBSFMb.exe
  2⤵
  PID:1736
- C:\Windows\System\tOmlmgZ.exe
  C:\Windows\System\tOmlmgZ.exe
  2⤵
  PID:1512
- C:\Windows\System\wqiKzVI.exe
  C:\Windows\System\wqiKzVI.exe
  2⤵
  PID:544
- C:\Windows\System\bexHGzP.exe
  C:\Windows\System\bexHGzP.exe
  2⤵
  PID:2268
- C:\Windows\System\DWOClIS.exe
  C:\Windows\System\DWOClIS.exe
  2⤵
  PID:2572
- C:\Windows\System\BQjDLfi.exe
  C:\Windows\System\BQjDLfi.exe
  2⤵
  PID:2080
- C:\Windows\System\mqjZlHW.exe
  C:\Windows\System\mqjZlHW.exe
  2⤵
  PID:2780
- C:\Windows\System\HgWmPGq.exe
  C:\Windows\System\HgWmPGq.exe
  2⤵
  PID:604
- C:\Windows\System\wWqAleZ.exe
  C:\Windows\System\wWqAleZ.exe
  2⤵
  PID:3088
- C:\Windows\System\yhQAWrn.exe
  C:\Windows\System\yhQAWrn.exe
  2⤵
  PID:3120
- C:\Windows\System\wTbGSNb.exe
  C:\Windows\System\wTbGSNb.exe
  2⤵
  PID:3168
- C:\Windows\System\DtSgaEz.exe
  C:\Windows\System\DtSgaEz.exe
  2⤵
  PID:3200
- C:\Windows\System\QkRbKLo.exe
  C:\Windows\System\QkRbKLo.exe
  2⤵
  PID:3216
- C:\Windows\System\yqOriQR.exe
  C:\Windows\System\yqOriQR.exe
  2⤵
  PID:3248
- C:\Windows\System\uarQJLP.exe
  C:\Windows\System\uarQJLP.exe
  2⤵
  PID:3280
- C:\Windows\System\PbIAAbh.exe
  C:\Windows\System\PbIAAbh.exe
  2⤵
  PID:3336
- C:\Windows\System\PrPtFoU.exe
  C:\Windows\System\PrPtFoU.exe
  2⤵
  PID:3352
- C:\Windows\System\UfJWutw.exe
  C:\Windows\System\UfJWutw.exe
  2⤵
  PID:3400
- C:\Windows\System\JZWQHVI.exe
  C:\Windows\System\JZWQHVI.exe
  2⤵
  PID:3432
- C:\Windows\System\jxjerdO.exe
  C:\Windows\System\jxjerdO.exe
  2⤵
  PID:3448
- C:\Windows\System\ECUKBec.exe
  C:\Windows\System\ECUKBec.exe
  2⤵
  PID:3480
- C:\Windows\System\xHeTmJm.exe
  C:\Windows\System\xHeTmJm.exe
  2⤵
  PID:3528
- C:\Windows\System\sOuRPRl.exe
  C:\Windows\System\sOuRPRl.exe
  2⤵
  PID:3544
- C:\Windows\System\OmtnDYU.exe
  C:\Windows\System\OmtnDYU.exe
  2⤵
  PID:3592
- C:\Windows\System\PYwCGqy.exe
  C:\Windows\System\PYwCGqy.exe
  2⤵
  PID:3624
- C:\Windows\System\wiXNCzU.exe
  C:\Windows\System\wiXNCzU.exe
  2⤵
  PID:3656
- C:\Windows\System\SUPURbo.exe
  C:\Windows\System\SUPURbo.exe
  2⤵
  PID:3688
- C:\Windows\System\ZPRzKyx.exe
  C:\Windows\System\ZPRzKyx.exe
  2⤵
  PID:3720
- C:\Windows\System\GbdaUId.exe
  C:\Windows\System\GbdaUId.exe
  2⤵
  PID:3752
- C:\Windows\System\EiXzQlf.exe
  C:\Windows\System\EiXzQlf.exe
  2⤵
  PID:3784
- C:\Windows\System\XvFPdoW.exe
  C:\Windows\System\XvFPdoW.exe
  2⤵
  PID:3844
- C:\Windows\System\JmGdwoH.exe
  C:\Windows\System\JmGdwoH.exe
  2⤵
  PID:3832
- C:\Windows\System\GJKEOQc.exe
  C:\Windows\System\GJKEOQc.exe
  2⤵
  PID:3880
- C:\Windows\System\GKhXOLX.exe
  C:\Windows\System\GKhXOLX.exe
  2⤵
  PID:3912
- C:\Windows\System\YheBZJe.exe
  C:\Windows\System\YheBZJe.exe
  2⤵
  PID:3972
- C:\Windows\System\UIbNXxM.exe
  C:\Windows\System\UIbNXxM.exe
  2⤵
  PID:3956
- C:\Windows\System\ShbfhEa.exe
  C:\Windows\System\ShbfhEa.exe
  2⤵
  PID:4020
- C:\Windows\System\HLcKoLD.exe
  C:\Windows\System\HLcKoLD.exe
  2⤵
  PID:4040
- C:\Windows\System\dNbqTqp.exe
  C:\Windows\System\dNbqTqp.exe
  2⤵
  PID:4072
- C:\Windows\System\sEOZanM.exe
  C:\Windows\System\sEOZanM.exe
  2⤵
  PID:1064
- C:\Windows\System\louRFAY.exe
  C:\Windows\System\louRFAY.exe
  2⤵
  PID:1808
- C:\Windows\System\FUdWcUg.exe
  C:\Windows\System\FUdWcUg.exe
  2⤵
  PID:1800
- C:\Windows\System\KdpvRNO.exe
  C:\Windows\System\KdpvRNO.exe
  2⤵
  PID:1560
- C:\Windows\System\VzQgXNC.exe
  C:\Windows\System\VzQgXNC.exe
  2⤵
  PID:2748
- C:\Windows\System\oYKxvVN.exe
  C:\Windows\System\oYKxvVN.exe
  2⤵
  PID:1784
- C:\Windows\System\aJcAEtN.exe
  C:\Windows\System\aJcAEtN.exe
  2⤵
  PID:2920
- C:\Windows\System\LnwVpqw.exe
  C:\Windows\System\LnwVpqw.exe
  2⤵
  PID:3136
- C:\Windows\System\LDtgTJf.exe
  C:\Windows\System\LDtgTJf.exe
  2⤵
  PID:3184
- C:\Windows\System\vEdyaqe.exe
  C:\Windows\System\vEdyaqe.exe
  2⤵
  PID:3312
- C:\Windows\System\XShXoDt.exe
  C:\Windows\System\XShXoDt.exe
  2⤵
  PID:3320
- C:\Windows\System\DKphLVg.exe
  C:\Windows\System\DKphLVg.exe
  2⤵
  PID:3368
- C:\Windows\System\CmOtSOO.exe
  C:\Windows\System\CmOtSOO.exe
  2⤵
  PID:3464
- C:\Windows\System\HLVvOIW.exe
  C:\Windows\System\HLVvOIW.exe
  2⤵
  PID:3576
- C:\Windows\System\fZkNMMP.exe
  C:\Windows\System\fZkNMMP.exe
  2⤵
  PID:3640
- C:\Windows\System\NRpOQaS.exe
  C:\Windows\System\NRpOQaS.exe
  2⤵
  PID:3652
- C:\Windows\System\JbAaIsu.exe
  C:\Windows\System\JbAaIsu.exe
  2⤵
  PID:3672
- C:\Windows\System\aMXZYdP.exe
  C:\Windows\System\aMXZYdP.exe
  2⤵
  PID:4112
- C:\Windows\System\qTvtYpb.exe
  C:\Windows\System\qTvtYpb.exe
  2⤵
  PID:4128
- C:\Windows\System\OpYDZqF.exe
  C:\Windows\System\OpYDZqF.exe
  2⤵
  PID:4144
- C:\Windows\System\pCaqyhb.exe
  C:\Windows\System\pCaqyhb.exe
  2⤵
  PID:4160
- C:\Windows\System\CTxduhM.exe
  C:\Windows\System\CTxduhM.exe
  2⤵
  PID:4176
- C:\Windows\System\FJqFavL.exe
  C:\Windows\System\FJqFavL.exe
  2⤵
  PID:4192
- C:\Windows\System\tvItECj.exe
  C:\Windows\System\tvItECj.exe
  2⤵
  PID:4208
- C:\Windows\System\EkNQiOl.exe
  C:\Windows\System\EkNQiOl.exe
  2⤵
  PID:4224
- C:\Windows\System\qQZWnAB.exe
  C:\Windows\System\qQZWnAB.exe
  2⤵
  PID:4240
- C:\Windows\System\iqaDCBC.exe
  C:\Windows\System\iqaDCBC.exe
  2⤵
  PID:4256
- C:\Windows\System\ordjMSb.exe
  C:\Windows\System\ordjMSb.exe
  2⤵
  PID:4272
- C:\Windows\System\qyIKFax.exe
  C:\Windows\System\qyIKFax.exe
  2⤵
  PID:4288
- C:\Windows\System\oAkqOge.exe
  C:\Windows\System\oAkqOge.exe
  2⤵
  PID:4304
- C:\Windows\System\EfUSRPj.exe
  C:\Windows\System\EfUSRPj.exe
  2⤵
  PID:4320
- C:\Windows\System\SAuhMOT.exe
  C:\Windows\System\SAuhMOT.exe
  2⤵
  PID:4336
- C:\Windows\System\dLhUdjE.exe
  C:\Windows\System\dLhUdjE.exe
  2⤵
  PID:4352
- C:\Windows\System\RDXRNFW.exe
  C:\Windows\System\RDXRNFW.exe
  2⤵
  PID:4368
- C:\Windows\System\acMwZCT.exe
  C:\Windows\System\acMwZCT.exe
  2⤵
  PID:4384
- C:\Windows\System\FBuxFOx.exe
  C:\Windows\System\FBuxFOx.exe
  2⤵
  PID:4400
- C:\Windows\System\nBfDeSN.exe
  C:\Windows\System\nBfDeSN.exe
  2⤵
  PID:4416
- C:\Windows\System\aHdFgop.exe
  C:\Windows\System\aHdFgop.exe
  2⤵
  PID:4432
- C:\Windows\System\FMjpdWY.exe
  C:\Windows\System\FMjpdWY.exe
  2⤵
  PID:4448
- C:\Windows\System\lQVlKAi.exe
  C:\Windows\System\lQVlKAi.exe
  2⤵
  PID:4464
- C:\Windows\System\SWSwCYd.exe
  C:\Windows\System\SWSwCYd.exe
  2⤵
  PID:4480
- C:\Windows\System\BppYprR.exe
  C:\Windows\System\BppYprR.exe
  2⤵
  PID:4496
- C:\Windows\System\KCqoHYv.exe
  C:\Windows\System\KCqoHYv.exe
  2⤵
  PID:4512
- C:\Windows\System\hyNdFEY.exe
  C:\Windows\System\hyNdFEY.exe
  2⤵
  PID:4528
- C:\Windows\System\euSFzcD.exe
  C:\Windows\System\euSFzcD.exe
  2⤵
  PID:4544
- C:\Windows\System\fPwUabq.exe
  C:\Windows\System\fPwUabq.exe
  2⤵
  PID:4560
- C:\Windows\System\uXssYRZ.exe
  C:\Windows\System\uXssYRZ.exe
  2⤵
  PID:4576
- C:\Windows\System\splXCiL.exe
  C:\Windows\System\splXCiL.exe
  2⤵
  PID:4592
- C:\Windows\System\BkEqSby.exe
  C:\Windows\System\BkEqSby.exe
  2⤵
  PID:4608
- C:\Windows\System\GkaNHzR.exe
  C:\Windows\System\GkaNHzR.exe
  2⤵
  PID:4624
- C:\Windows\System\hXLkqhx.exe
  C:\Windows\System\hXLkqhx.exe
  2⤵
  PID:4640
- C:\Windows\System\oyftRnk.exe
  C:\Windows\System\oyftRnk.exe
  2⤵
  PID:4656
- C:\Windows\System\bdkDFpZ.exe
  C:\Windows\System\bdkDFpZ.exe
  2⤵
  PID:4672
- C:\Windows\System\CBaoJlr.exe
  C:\Windows\System\CBaoJlr.exe
  2⤵
  PID:4688
- C:\Windows\System\JrIcpKT.exe
  C:\Windows\System\JrIcpKT.exe
  2⤵
  PID:4704
- C:\Windows\System\OKAsYBW.exe
  C:\Windows\System\OKAsYBW.exe
  2⤵
  PID:4720
- C:\Windows\System\liFmwvg.exe
  C:\Windows\System\liFmwvg.exe
  2⤵
  PID:4740
- C:\Windows\System\FpzdAcN.exe
  C:\Windows\System\FpzdAcN.exe
  2⤵
  PID:4756
- C:\Windows\System\oGEQMQd.exe
  C:\Windows\System\oGEQMQd.exe
  2⤵
  PID:4772
- C:\Windows\System\bqiJmbo.exe
  C:\Windows\System\bqiJmbo.exe
  2⤵
  PID:4788
- C:\Windows\System\TcAeHNt.exe
  C:\Windows\System\TcAeHNt.exe
  2⤵
  PID:4804
- C:\Windows\System\yvTUcJd.exe
  C:\Windows\System\yvTUcJd.exe
  2⤵
  PID:4820
- C:\Windows\System\YJGVyIK.exe
  C:\Windows\System\YJGVyIK.exe
  2⤵
  PID:4836
- C:\Windows\System\fOqBRcw.exe
  C:\Windows\System\fOqBRcw.exe
  2⤵
  PID:4852
- C:\Windows\System\qPiDYsc.exe
  C:\Windows\System\qPiDYsc.exe
  2⤵
  PID:4868
- C:\Windows\System\TmeECNK.exe
  C:\Windows\System\TmeECNK.exe
  2⤵
  PID:4884
- C:\Windows\System\BPYnchE.exe
  C:\Windows\System\BPYnchE.exe
  2⤵
  PID:4900
- C:\Windows\System\zRHIFFA.exe
  C:\Windows\System\zRHIFFA.exe
  2⤵
  PID:4916
- C:\Windows\System\GZqiejN.exe
  C:\Windows\System\GZqiejN.exe
  2⤵
  PID:4932
- C:\Windows\System\nSmSFNn.exe
  C:\Windows\System\nSmSFNn.exe
  2⤵
  PID:4948
- C:\Windows\System\yAflhuR.exe
  C:\Windows\System\yAflhuR.exe
  2⤵
  PID:4964
- C:\Windows\System\mhtYHYb.exe
  C:\Windows\System\mhtYHYb.exe
  2⤵
  PID:4980
- C:\Windows\System\uQPRDIP.exe
  C:\Windows\System\uQPRDIP.exe
  2⤵
  PID:4996
- C:\Windows\System\IhApiWh.exe
  C:\Windows\System\IhApiWh.exe
  2⤵
  PID:5012
- C:\Windows\System\HDmtQQp.exe
  C:\Windows\System\HDmtQQp.exe
  2⤵
  PID:5028
- C:\Windows\System\KVdbdsp.exe
  C:\Windows\System\KVdbdsp.exe
  2⤵
  PID:5044
- C:\Windows\System\tQHBbij.exe
  C:\Windows\System\tQHBbij.exe
  2⤵
  PID:5060
- C:\Windows\System\OVfeYbc.exe
  C:\Windows\System\OVfeYbc.exe
  2⤵
  PID:5076
- C:\Windows\System\TZUqFkc.exe
  C:\Windows\System\TZUqFkc.exe
  2⤵
  PID:5092
- C:\Windows\System\syYECjs.exe
  C:\Windows\System\syYECjs.exe
  2⤵
  PID:5108
- C:\Windows\System\LlwJHnq.exe
  C:\Windows\System\LlwJHnq.exe
  2⤵
  PID:3736
- C:\Windows\System\eCwivlL.exe
  C:\Windows\System\eCwivlL.exe
  2⤵
  PID:3800
- C:\Windows\System\LYKtlxj.exe
  C:\Windows\System\LYKtlxj.exe
  2⤵
  PID:3860
- C:\Windows\System\ldrOosB.exe
  C:\Windows\System\ldrOosB.exe
  2⤵
  PID:3944
- C:\Windows\System\kjdJAEN.exe
  C:\Windows\System\kjdJAEN.exe
  2⤵
  PID:4024
- C:\Windows\System\LLjSRKX.exe
  C:\Windows\System\LLjSRKX.exe
  2⤵
  PID:4052
- C:\Windows\System\uoGHlqz.exe
  C:\Windows\System\uoGHlqz.exe
  2⤵
  PID:2528
- C:\Windows\System\YjFwzxe.exe
  C:\Windows\System\YjFwzxe.exe
  2⤵
  PID:2136
- C:\Windows\System\ZtkwsjG.exe
  C:\Windows\System\ZtkwsjG.exe
  2⤵
  PID:2684
- C:\Windows\System\zsEjkVg.exe
  C:\Windows\System\zsEjkVg.exe
  2⤵
  PID:3132
- C:\Windows\System\Wkxvrxa.exe
  C:\Windows\System\Wkxvrxa.exe
  2⤵
  PID:3264
- C:\Windows\System\tjeXFgn.exe
  C:\Windows\System\tjeXFgn.exe
  2⤵
  PID:3396
- C:\Windows\System\ECLUBkU.exe
  C:\Windows\System\ECLUBkU.exe
  2⤵
  PID:3588
- C:\Windows\System\ZHSgiOd.exe
  C:\Windows\System\ZHSgiOd.exe
  2⤵
  PID:3716
- C:\Windows\System\cRjAzhI.exe
  C:\Windows\System\cRjAzhI.exe
  2⤵
  PID:2828
- C:\Windows\System\bIdLVEA.exe
  C:\Windows\System\bIdLVEA.exe
  2⤵
  PID:4152
- C:\Windows\System\CeijfOe.exe
  C:\Windows\System\CeijfOe.exe
  2⤵
  PID:4184
- C:\Windows\System\gOHubhx.exe
  C:\Windows\System\gOHubhx.exe
  2⤵
  PID:4216
- C:\Windows\System\qNkGpwu.exe
  C:\Windows\System\qNkGpwu.exe
  2⤵
  PID:4248
- C:\Windows\System\nnEwnhc.exe
  C:\Windows\System\nnEwnhc.exe
  2⤵
  PID:4284
- C:\Windows\System\XiFsEEC.exe
  C:\Windows\System\XiFsEEC.exe
  2⤵
  PID:4264
- C:\Windows\System\TstchAQ.exe
  C:\Windows\System\TstchAQ.exe
  2⤵
  PID:4300
- C:\Windows\System\iJCrQpj.exe
  C:\Windows\System\iJCrQpj.exe
  2⤵
  PID:4328
- C:\Windows\System\PucdIkw.exe
  C:\Windows\System\PucdIkw.exe
  2⤵
  PID:4364
- C:\Windows\System\WFjYgeR.exe
  C:\Windows\System\WFjYgeR.exe
  2⤵
  PID:4440
- C:\Windows\System\lSpUdHG.exe
  C:\Windows\System\lSpUdHG.exe
  2⤵
  PID:4472
- C:\Windows\System\hWyxXBw.exe
  C:\Windows\System\hWyxXBw.exe
  2⤵
  PID:4508
- C:\Windows\System\fVqDrrk.exe
  C:\Windows\System\fVqDrrk.exe
  2⤵
  PID:4540
- C:\Windows\System\qQNuJuA.exe
  C:\Windows\System\qQNuJuA.exe
  2⤵
  PID:4572
- C:\Windows\System\rZAIxDc.exe
  C:\Windows\System\rZAIxDc.exe
  2⤵
  PID:4604
- C:\Windows\System\JuUuhhM.exe
  C:\Windows\System\JuUuhhM.exe
  2⤵
  PID:4632
- C:\Windows\System\YlPQgPv.exe
  C:\Windows\System\YlPQgPv.exe
  2⤵
  PID:4664
- C:\Windows\System\aJRWVmQ.exe
  C:\Windows\System\aJRWVmQ.exe
  2⤵
  PID:4696
- C:\Windows\System\CHeckRk.exe
  C:\Windows\System\CHeckRk.exe
  2⤵
  PID:4680
- C:\Windows\System\RRgRMTV.exe
  C:\Windows\System\RRgRMTV.exe
  2⤵
  PID:4716
- C:\Windows\System\oYdehcs.exe
  C:\Windows\System\oYdehcs.exe
  2⤵
  PID:4828
- C:\Windows\System\gYLxGED.exe
  C:\Windows\System\gYLxGED.exe
  2⤵
  PID:4780
- C:\Windows\System\xgzoDGg.exe
  C:\Windows\System\xgzoDGg.exe
  2⤵
  PID:4812
- C:\Windows\System\nEssBXn.exe
  C:\Windows\System\nEssBXn.exe
  2⤵
  PID:4896
- C:\Windows\System\pCTQgJg.exe
  C:\Windows\System\pCTQgJg.exe
  2⤵
  PID:4908
- C:\Windows\System\zAXsoTB.exe
  C:\Windows\System\zAXsoTB.exe
  2⤵
  PID:4956
- C:\Windows\System\tkHNIKi.exe
  C:\Windows\System\tkHNIKi.exe
  2⤵
  PID:5020
- C:\Windows\System\PuFwoAa.exe
  C:\Windows\System\PuFwoAa.exe
  2⤵
  PID:4976
- C:\Windows\System\PaNyHqi.exe
  C:\Windows\System\PaNyHqi.exe
  2⤵
  PID:5052
- C:\Windows\System\JRZxElA.exe
  C:\Windows\System\JRZxElA.exe
  2⤵
  PID:5116
- C:\Windows\System\DbvvMSj.exe
  C:\Windows\System\DbvvMSj.exe
  2⤵
  PID:3780
- C:\Windows\System\TTaHgmO.exe
  C:\Windows\System\TTaHgmO.exe
  2⤵
  PID:5100
- C:\Windows\System\hAuusym.exe
  C:\Windows\System\hAuusym.exe
  2⤵
  PID:3816
- C:\Windows\System\NaFiqro.exe
  C:\Windows\System\NaFiqro.exe
  2⤵
  PID:1448
- C:\Windows\System\jnpfrEl.exe
  C:\Windows\System\jnpfrEl.exe
  2⤵
  PID:3864
- C:\Windows\System\FgGVhgO.exe
  C:\Windows\System\FgGVhgO.exe
  2⤵
  PID:3152
- C:\Windows\System\ncNtRGL.exe
  C:\Windows\System\ncNtRGL.exe
  2⤵
  PID:2160
- C:\Windows\System\gdFGnEr.exe
  C:\Windows\System\gdFGnEr.exe
  2⤵
  PID:3300
- C:\Windows\System\CtbMMUc.exe
  C:\Windows\System\CtbMMUc.exe
  2⤵
  PID:4108
- C:\Windows\System\ICuFykR.exe
  C:\Windows\System\ICuFykR.exe
  2⤵
  PID:4220
- C:\Windows\System\HYGNySA.exe
  C:\Windows\System\HYGNySA.exe
  2⤵
  PID:4172
- C:\Windows\System\vtYDnNX.exe
  C:\Windows\System\vtYDnNX.exe
  2⤵
  PID:4376
- C:\Windows\System\rqihOLU.exe
  C:\Windows\System\rqihOLU.exe
  2⤵
  PID:4360
- C:\Windows\System\ryLRLJE.exe
  C:\Windows\System\ryLRLJE.exe
  2⤵
  PID:4344
- C:\Windows\System\GsHhLsQ.exe
  C:\Windows\System\GsHhLsQ.exe
  2⤵
  PID:4520
- C:\Windows\System\gOpImyi.exe
  C:\Windows\System\gOpImyi.exe
  2⤵
  PID:4552
- C:\Windows\System\tTCrQVt.exe
  C:\Windows\System\tTCrQVt.exe
  2⤵
  PID:4636
- C:\Windows\System\FTWoaVy.exe
  C:\Windows\System\FTWoaVy.exe
  2⤵
  PID:4764
- C:\Windows\System\elfjerq.exe
  C:\Windows\System\elfjerq.exe
  2⤵
  PID:4796
- C:\Windows\System\TmLZJgL.exe
  C:\Windows\System\TmLZJgL.exe
  2⤵
  PID:4816
- C:\Windows\System\jLksJaO.exe
  C:\Windows\System\jLksJaO.exe
  2⤵
  PID:5132
- C:\Windows\System\smhkIgW.exe
  C:\Windows\System\smhkIgW.exe
  2⤵
  PID:5148
- C:\Windows\System\REBZVzN.exe
  C:\Windows\System\REBZVzN.exe
  2⤵
  PID:5164
- C:\Windows\System\bhgufGQ.exe
  C:\Windows\System\bhgufGQ.exe
  2⤵
  PID:5180
- C:\Windows\System\AdsNDeh.exe
  C:\Windows\System\AdsNDeh.exe
  2⤵
  PID:5196
- C:\Windows\System\dbVqLCE.exe
  C:\Windows\System\dbVqLCE.exe
  2⤵
  PID:5212
- C:\Windows\System\rrawYKg.exe
  C:\Windows\System\rrawYKg.exe
  2⤵
  PID:5232
- C:\Windows\System\XBJYqSv.exe
  C:\Windows\System\XBJYqSv.exe
  2⤵
  PID:5248
- C:\Windows\System\WTdXVHM.exe
  C:\Windows\System\WTdXVHM.exe
  2⤵
  PID:5264
- C:\Windows\System\WTGShtV.exe
  C:\Windows\System\WTGShtV.exe
  2⤵
  PID:5280
- C:\Windows\System\ATOgtHs.exe
  C:\Windows\System\ATOgtHs.exe
  2⤵
  PID:5296
- C:\Windows\System\SgPkEVf.exe
  C:\Windows\System\SgPkEVf.exe
  2⤵
  PID:5312
- C:\Windows\System\VvQtywu.exe
  C:\Windows\System\VvQtywu.exe
  2⤵
  PID:5328
- C:\Windows\System\WTIrNvS.exe
  C:\Windows\System\WTIrNvS.exe
  2⤵
  PID:5344
- C:\Windows\System\zAxXXBz.exe
  C:\Windows\System\zAxXXBz.exe
  2⤵
  PID:5360
- C:\Windows\System\wDrdYtl.exe
  C:\Windows\System\wDrdYtl.exe
  2⤵
  PID:5376
- C:\Windows\System\BZpLeik.exe
  C:\Windows\System\BZpLeik.exe
  2⤵
  PID:5392
- C:\Windows\System\hSGxgdQ.exe
  C:\Windows\System\hSGxgdQ.exe
  2⤵
  PID:5408
- C:\Windows\System\LQpjIAf.exe
  C:\Windows\System\LQpjIAf.exe
  2⤵
  PID:5424
- C:\Windows\System\OpsMUsJ.exe
  C:\Windows\System\OpsMUsJ.exe
  2⤵
  PID:5440
- C:\Windows\System\kaGaSfi.exe
  C:\Windows\System\kaGaSfi.exe
  2⤵
  PID:5456
- C:\Windows\System\lNLifxs.exe
  C:\Windows\System\lNLifxs.exe
  2⤵
  PID:5472
- C:\Windows\System\QKfThTQ.exe
  C:\Windows\System\QKfThTQ.exe
  2⤵
  PID:5488
- C:\Windows\System\ErPMmJq.exe
  C:\Windows\System\ErPMmJq.exe
  2⤵
  PID:5504
- C:\Windows\System\rtMfxpE.exe
  C:\Windows\System\rtMfxpE.exe
  2⤵
  PID:5520
- C:\Windows\System\nLwcsxd.exe
  C:\Windows\System\nLwcsxd.exe
  2⤵
  PID:5536
- C:\Windows\System\vrxlkAd.exe
  C:\Windows\System\vrxlkAd.exe
  2⤵
  PID:5552
- C:\Windows\System\wjeVtiH.exe
  C:\Windows\System\wjeVtiH.exe
  2⤵
  PID:5568
- C:\Windows\System\qYFOBnU.exe
  C:\Windows\System\qYFOBnU.exe
  2⤵
  PID:5584
- C:\Windows\System\GMoUJDc.exe
  C:\Windows\System\GMoUJDc.exe
  2⤵
  PID:5600
- C:\Windows\System\cevmzzt.exe
  C:\Windows\System\cevmzzt.exe
  2⤵
  PID:5620
- C:\Windows\System\ASBuXPH.exe
  C:\Windows\System\ASBuXPH.exe
  2⤵
  PID:5636
- C:\Windows\System\sCBokMN.exe
  C:\Windows\System\sCBokMN.exe
  2⤵
  PID:5652
- C:\Windows\System\ebVcIwj.exe
  C:\Windows\System\ebVcIwj.exe
  2⤵
  PID:5668
- C:\Windows\System\tAmrUyI.exe
  C:\Windows\System\tAmrUyI.exe
  2⤵
  PID:5684
- C:\Windows\System\BRHFcNk.exe
  C:\Windows\System\BRHFcNk.exe
  2⤵
  PID:5700
- C:\Windows\System\cwhKkub.exe
  C:\Windows\System\cwhKkub.exe
  2⤵
  PID:5716
- C:\Windows\System\rUSIKet.exe
  C:\Windows\System\rUSIKet.exe
  2⤵
  PID:5732
- C:\Windows\System\PjOBuku.exe
  C:\Windows\System\PjOBuku.exe
  2⤵
  PID:5748
- C:\Windows\System\iSwqTcj.exe
  C:\Windows\System\iSwqTcj.exe
  2⤵
  PID:5764
- C:\Windows\System\jDKKxNE.exe
  C:\Windows\System\jDKKxNE.exe
  2⤵
  PID:5780
- C:\Windows\System\xYdZSsK.exe
  C:\Windows\System\xYdZSsK.exe
  2⤵
  PID:5796
- C:\Windows\System\xpOKfKt.exe
  C:\Windows\System\xpOKfKt.exe
  2⤵
  PID:5812
- C:\Windows\System\GosRjbp.exe
  C:\Windows\System\GosRjbp.exe
  2⤵
  PID:5828
- C:\Windows\System\vPEduZA.exe
  C:\Windows\System\vPEduZA.exe
  2⤵
  PID:5844
- C:\Windows\System\UUNSdNa.exe
  C:\Windows\System\UUNSdNa.exe
  2⤵
  PID:5860
- C:\Windows\System\PsDxZPG.exe
  C:\Windows\System\PsDxZPG.exe
  2⤵
  PID:5876
- C:\Windows\System\qHLRHcJ.exe
  C:\Windows\System\qHLRHcJ.exe
  2⤵
  PID:5892
- C:\Windows\System\szPjbjB.exe
  C:\Windows\System\szPjbjB.exe
  2⤵
  PID:5908
- C:\Windows\System\USieonH.exe
  C:\Windows\System\USieonH.exe
  2⤵
  PID:5924
- C:\Windows\System\jqwKccX.exe
  C:\Windows\System\jqwKccX.exe
  2⤵
  PID:5940
- C:\Windows\System\NmcNRAo.exe
  C:\Windows\System\NmcNRAo.exe
  2⤵
  PID:5956
- C:\Windows\System\ZuQZEXn.exe
  C:\Windows\System\ZuQZEXn.exe
  2⤵
  PID:5972
- C:\Windows\System\DwzVuDR.exe
  C:\Windows\System\DwzVuDR.exe
  2⤵
  PID:5988
- C:\Windows\System\ZUwcozU.exe
  C:\Windows\System\ZUwcozU.exe
  2⤵
  PID:6004
- C:\Windows\System\GAfxqiU.exe
  C:\Windows\System\GAfxqiU.exe
  2⤵
  PID:6020
- C:\Windows\System\PlmUltd.exe
  C:\Windows\System\PlmUltd.exe
  2⤵
  PID:6036
- C:\Windows\System\jqxfOtG.exe
  C:\Windows\System\jqxfOtG.exe
  2⤵
  PID:6052
- C:\Windows\System\kegKIlr.exe
  C:\Windows\System\kegKIlr.exe
  2⤵
  PID:6068
- C:\Windows\System\LKjAiwx.exe
  C:\Windows\System\LKjAiwx.exe
  2⤵
  PID:6084
- C:\Windows\System\EXBWdmA.exe
  C:\Windows\System\EXBWdmA.exe
  2⤵
  PID:6100
- C:\Windows\System\ElWZeAM.exe
  C:\Windows\System\ElWZeAM.exe
  2⤵
  PID:6116
- C:\Windows\System\zcaxEba.exe
  C:\Windows\System\zcaxEba.exe
  2⤵
  PID:6132
- C:\Windows\System\AGMZTVs.exe
  C:\Windows\System\AGMZTVs.exe
  2⤵
  PID:4844
- C:\Windows\System\mzqlAMH.exe
  C:\Windows\System\mzqlAMH.exe
  2⤵
  PID:4912
- C:\Windows\System\cxcQsDf.exe
  C:\Windows\System\cxcQsDf.exe
  2⤵
  PID:4972
- C:\Windows\System\IClEXoO.exe
  C:\Windows\System\IClEXoO.exe
  2⤵
  PID:5004
- C:\Windows\System\uEkhErT.exe
  C:\Windows\System\uEkhErT.exe
  2⤵
  PID:4056
- C:\Windows\System\RULSWVO.exe
  C:\Windows\System\RULSWVO.exe
  2⤵
  PID:3988
- C:\Windows\System\eMbcRnq.exe
  C:\Windows\System\eMbcRnq.exe
  2⤵
  PID:2052
- C:\Windows\System\VlAvWDV.exe
  C:\Windows\System\VlAvWDV.exe
  2⤵
  PID:3512
- C:\Windows\System\TQJkLml.exe
  C:\Windows\System\TQJkLml.exe
  2⤵
  PID:4124
- C:\Windows\System\HVpkVLc.exe
  C:\Windows\System\HVpkVLc.exe
  2⤵
  PID:4236
- C:\Windows\System\KUjuGAK.exe
  C:\Windows\System\KUjuGAK.exe
  2⤵
  PID:4296
- C:\Windows\System\BlhJdwV.exe
  C:\Windows\System\BlhJdwV.exe
  2⤵
  PID:4652
- C:\Windows\System\DbLOzNg.exe
  C:\Windows\System\DbLOzNg.exe
  2⤵
  PID:4620
- C:\Windows\System\ZoMEhRK.exe
  C:\Windows\System\ZoMEhRK.exe
  2⤵
  PID:4800
- C:\Windows\System\GTpVCzR.exe
  C:\Windows\System\GTpVCzR.exe
  2⤵
  PID:5144
- C:\Windows\System\WeyJvuw.exe
  C:\Windows\System\WeyJvuw.exe
  2⤵
  PID:5176
- C:\Windows\System\vwhMpux.exe
  C:\Windows\System\vwhMpux.exe
  2⤵
  PID:5208
- C:\Windows\System\DzWpwYP.exe
  C:\Windows\System\DzWpwYP.exe
  2⤵
  PID:5224
- C:\Windows\System\clUrLGY.exe
  C:\Windows\System\clUrLGY.exe
  2⤵
  PID:5276
- C:\Windows\System\QPImtVf.exe
  C:\Windows\System\QPImtVf.exe
  2⤵
  PID:5308
- C:\Windows\System\AgzZRsb.exe
  C:\Windows\System\AgzZRsb.exe
  2⤵
  PID:5324
- C:\Windows\System\tpsJmpO.exe
  C:\Windows\System\tpsJmpO.exe
  2⤵
  PID:5356
- C:\Windows\System\tEsQFLt.exe
  C:\Windows\System\tEsQFLt.exe
  2⤵
  PID:5404
- C:\Windows\System\xnbMfmg.exe
  C:\Windows\System\xnbMfmg.exe
  2⤵
  PID:5436
- C:\Windows\System\gwSEDdH.exe
  C:\Windows\System\gwSEDdH.exe
  2⤵
  PID:5452
- C:\Windows\System\iYRrggO.exe
  C:\Windows\System\iYRrggO.exe
  2⤵
  PID:5496
- C:\Windows\System\NaGhSVr.exe
  C:\Windows\System\NaGhSVr.exe
  2⤵
  PID:5516
- C:\Windows\System\wMsaJVK.exe
  C:\Windows\System\wMsaJVK.exe
  2⤵
  PID:5560
- C:\Windows\System\TzuXWKU.exe
  C:\Windows\System\TzuXWKU.exe
  2⤵
  PID:5592
- C:\Windows\System\tYayDKC.exe
  C:\Windows\System\tYayDKC.exe
  2⤵
  PID:5628
- C:\Windows\System\kFGJtKF.exe
  C:\Windows\System\kFGJtKF.exe
  2⤵
  PID:5660
- C:\Windows\System\skGvHiz.exe
  C:\Windows\System\skGvHiz.exe
  2⤵
  PID:5676
- C:\Windows\System\AxIClpD.exe
  C:\Windows\System\AxIClpD.exe
  2⤵
  PID:5708
- C:\Windows\System\YLvzwNZ.exe
  C:\Windows\System\YLvzwNZ.exe
  2⤵
  PID:5756
- C:\Windows\System\anvelZc.exe
  C:\Windows\System\anvelZc.exe
  2⤵
  PID:5788
- C:\Windows\System\UgiEQxS.exe
  C:\Windows\System\UgiEQxS.exe
  2⤵
  PID:5820
- C:\Windows\System\KrEuras.exe
  C:\Windows\System\KrEuras.exe
  2⤵
  PID:5836
- C:\Windows\System\eZwCCNh.exe
  C:\Windows\System\eZwCCNh.exe
  2⤵
  PID:5884
- C:\Windows\System\hnjhOCL.exe
  C:\Windows\System\hnjhOCL.exe
  2⤵
  PID:5872
- C:\Windows\System\VFnFdGu.exe
  C:\Windows\System\VFnFdGu.exe
  2⤵
  PID:5920
- C:\Windows\System\rrjEqGa.exe
  C:\Windows\System\rrjEqGa.exe
  2⤵
  PID:5952
- C:\Windows\System\nZHnBtv.exe
  C:\Windows\System\nZHnBtv.exe
  2⤵
  PID:5964
- C:\Windows\System\SHjxFOp.exe
  C:\Windows\System\SHjxFOp.exe
  2⤵
  PID:6016
- C:\Windows\System\YnyLvXt.exe
  C:\Windows\System\YnyLvXt.exe
  2⤵
  PID:6048
- C:\Windows\System\QnCcMRG.exe
  C:\Windows\System\QnCcMRG.exe
  2⤵
  PID:6080
- C:\Windows\System\ORiJxnD.exe
  C:\Windows\System\ORiJxnD.exe
  2⤵
  PID:6096
- C:\Windows\System\nATNKBX.exe
  C:\Windows\System\nATNKBX.exe
  2⤵
  PID:4892
- C:\Windows\System\kwkWEXt.exe
  C:\Windows\System\kwkWEXt.exe
  2⤵
  PID:5040
- C:\Windows\System\wzzcTxP.exe
  C:\Windows\System\wzzcTxP.exe
  2⤵
  PID:5072
- C:\Windows\System\QfrenoR.exe
  C:\Windows\System\QfrenoR.exe
  2⤵
  PID:4156
- C:\Windows\System\flqdlhG.exe
  C:\Windows\System\flqdlhG.exe
  2⤵
  PID:3768
- C:\Windows\System\GnTLHHE.exe
  C:\Windows\System\GnTLHHE.exe
  2⤵
  PID:4316
- C:\Windows\System\ZUDxxEn.exe
  C:\Windows\System\ZUDxxEn.exe
  2⤵
  PID:4444
- C:\Windows\System\HXeDnMA.exe
  C:\Windows\System\HXeDnMA.exe
  2⤵
  PID:5188
- C:\Windows\System\oUCGaDK.exe
  C:\Windows\System\oUCGaDK.exe
  2⤵
  PID:5156
- C:\Windows\System\CZuRLbv.exe
  C:\Windows\System\CZuRLbv.exe
  2⤵
  PID:5260
- C:\Windows\System\absIdNm.exe
  C:\Windows\System\absIdNm.exe
  2⤵
  PID:5336
- C:\Windows\System\hANUUEd.exe
  C:\Windows\System\hANUUEd.exe
  2⤵
  PID:5448
- C:\Windows\System\fzIfkwa.exe
  C:\Windows\System\fzIfkwa.exe
  2⤵
  PID:5372
- C:\Windows\System\ATMkhQz.exe
  C:\Windows\System\ATMkhQz.exe
  2⤵
  PID:5528
- C:\Windows\System\ZTOawmi.exe
  C:\Windows\System\ZTOawmi.exe
  2⤵
  PID:5544
- C:\Windows\System\LwBvEOW.exe
  C:\Windows\System\LwBvEOW.exe
  2⤵
  PID:5632
- C:\Windows\System\lCpHWDb.exe
  C:\Windows\System\lCpHWDb.exe
  2⤵
  PID:5596
- C:\Windows\System\hNPljZo.exe
  C:\Windows\System\hNPljZo.exe
  2⤵
  PID:5772
- C:\Windows\System\qVgJpoK.exe
  C:\Windows\System\qVgJpoK.exe
  2⤵
  PID:2584
- C:\Windows\System\SaDfBrY.exe
  C:\Windows\System\SaDfBrY.exe
  2⤵
  PID:5804
- C:\Windows\System\XJNSuVg.exe
  C:\Windows\System\XJNSuVg.exe
  2⤵
  PID:2344
- C:\Windows\System\LnxLTJA.exe
  C:\Windows\System\LnxLTJA.exe
  2⤵
  PID:5916
- C:\Windows\System\gUhuizc.exe
  C:\Windows\System\gUhuizc.exe
  2⤵
  PID:6012
- C:\Windows\System\hLOtXMV.exe
  C:\Windows\System\hLOtXMV.exe
  2⤵
  PID:6044
- C:\Windows\System\EwPLPZE.exe
  C:\Windows\System\EwPLPZE.exe
  2⤵
  PID:6124
- C:\Windows\System\zrfIHSE.exe
  C:\Windows\System\zrfIHSE.exe
  2⤵
  PID:4880
- C:\Windows\System\ZufowfM.exe
  C:\Windows\System\ZufowfM.exe
  2⤵
  PID:5088
- C:\Windows\System\WqcFtLZ.exe
  C:\Windows\System\WqcFtLZ.exe
  2⤵
  PID:3384
- C:\Windows\System\OtcZjCu.exe
  C:\Windows\System\OtcZjCu.exe
  2⤵
  PID:5124
- C:\Windows\System\XvGSNlT.exe
  C:\Windows\System\XvGSNlT.exe
  2⤵
  PID:2844
- C:\Windows\System\oHlCpAT.exe
  C:\Windows\System\oHlCpAT.exe
  2⤵
  PID:5400
- C:\Windows\System\wWkMhBU.exe
  C:\Windows\System\wWkMhBU.exe
  2⤵
  PID:5420
- C:\Windows\System\bvDEvQw.exe
  C:\Windows\System\bvDEvQw.exe
  2⤵
  PID:5608
- C:\Windows\System\VRoZFhB.exe
  C:\Windows\System\VRoZFhB.exe
  2⤵
  PID:6152
- C:\Windows\System\UQPnKwh.exe
  C:\Windows\System\UQPnKwh.exe
  2⤵
  PID:6168
- C:\Windows\System\rEauWAA.exe
  C:\Windows\System\rEauWAA.exe
  2⤵
  PID:6184
- C:\Windows\System\TwarpZX.exe
  C:\Windows\System\TwarpZX.exe
  2⤵
  PID:6200
- C:\Windows\System\QKiVibQ.exe
  C:\Windows\System\QKiVibQ.exe
  2⤵
  PID:6216
- C:\Windows\System\bFLxsXo.exe
  C:\Windows\System\bFLxsXo.exe
  2⤵
  PID:6232
- C:\Windows\System\RZerfSJ.exe
  C:\Windows\System\RZerfSJ.exe
  2⤵
  PID:6248
- C:\Windows\System\yqbjWqa.exe
  C:\Windows\System\yqbjWqa.exe
  2⤵
  PID:6264
- C:\Windows\System\aQgijbi.exe
  C:\Windows\System\aQgijbi.exe
  2⤵
  PID:6280
- C:\Windows\System\VIrsQyd.exe
  C:\Windows\System\VIrsQyd.exe
  2⤵
  PID:6296
- C:\Windows\System\DXWrjXe.exe
  C:\Windows\System\DXWrjXe.exe
  2⤵
  PID:6312
- C:\Windows\System\OVFUPwF.exe
  C:\Windows\System\OVFUPwF.exe
  2⤵
  PID:6328
- C:\Windows\System\OhoweoM.exe
  C:\Windows\System\OhoweoM.exe
  2⤵
  PID:6344
- C:\Windows\System\FRUidJl.exe
  C:\Windows\System\FRUidJl.exe
  2⤵
  PID:6360
- C:\Windows\System\TOMoXjD.exe
  C:\Windows\System\TOMoXjD.exe
  2⤵
  PID:6376
- C:\Windows\System\rOmvFaa.exe
  C:\Windows\System\rOmvFaa.exe
  2⤵
  PID:6392
- C:\Windows\System\HfHiJgD.exe
  C:\Windows\System\HfHiJgD.exe
  2⤵
  PID:6408
- C:\Windows\System\ywxiPkf.exe
  C:\Windows\System\ywxiPkf.exe
  2⤵
  PID:6424
- C:\Windows\System\ZUDbATP.exe
  C:\Windows\System\ZUDbATP.exe
  2⤵
  PID:6440
- C:\Windows\System\VwiiEYj.exe
  C:\Windows\System\VwiiEYj.exe
  2⤵
  PID:6456
- C:\Windows\System\ZfpJmxU.exe
  C:\Windows\System\ZfpJmxU.exe
  2⤵
  PID:6472
- C:\Windows\System\mJNfclq.exe
  C:\Windows\System\mJNfclq.exe
  2⤵
  PID:6488
- C:\Windows\System\gbQoNiO.exe
  C:\Windows\System\gbQoNiO.exe
  2⤵
  PID:6504
- C:\Windows\System\wBzCBfx.exe
  C:\Windows\System\wBzCBfx.exe
  2⤵
  PID:6520
- C:\Windows\System\LoYvywU.exe
  C:\Windows\System\LoYvywU.exe
  2⤵
  PID:6536
- C:\Windows\System\unRTVyZ.exe
  C:\Windows\System\unRTVyZ.exe
  2⤵
  PID:6552
- C:\Windows\System\sCLjdiy.exe
  C:\Windows\System\sCLjdiy.exe
  2⤵
  PID:6568
- C:\Windows\System\gKNaxzG.exe
  C:\Windows\System\gKNaxzG.exe
  2⤵
  PID:6584
- C:\Windows\System\htdcvlt.exe
  C:\Windows\System\htdcvlt.exe
  2⤵
  PID:6600
- C:\Windows\System\lIiZOep.exe
  C:\Windows\System\lIiZOep.exe
  2⤵
  PID:6616
- C:\Windows\System\KDEnqVN.exe
  C:\Windows\System\KDEnqVN.exe
  2⤵
  PID:6632
- C:\Windows\System\DjngHmE.exe
  C:\Windows\System\DjngHmE.exe
  2⤵
  PID:6648
- C:\Windows\System\NSudFaj.exe
  C:\Windows\System\NSudFaj.exe
  2⤵
  PID:6664
- C:\Windows\System\oHKHkbB.exe
  C:\Windows\System\oHKHkbB.exe
  2⤵
  PID:6680
- C:\Windows\System\wJuaPKR.exe
  C:\Windows\System\wJuaPKR.exe
  2⤵
  PID:6696
- C:\Windows\System\tuPqPqx.exe
  C:\Windows\System\tuPqPqx.exe
  2⤵
  PID:6712
- C:\Windows\System\usggWUV.exe
  C:\Windows\System\usggWUV.exe
  2⤵
  PID:6728
- C:\Windows\System\NbQwzWZ.exe
  C:\Windows\System\NbQwzWZ.exe
  2⤵
  PID:6744
- C:\Windows\System\BCwwjJB.exe
  C:\Windows\System\BCwwjJB.exe
  2⤵
  PID:6760
- C:\Windows\System\nYRXxIE.exe
  C:\Windows\System\nYRXxIE.exe
  2⤵
  PID:6776
- C:\Windows\System\fEtpjCI.exe
  C:\Windows\System\fEtpjCI.exe
  2⤵
  PID:6792
- C:\Windows\System\YIJOwBI.exe
  C:\Windows\System\YIJOwBI.exe
  2⤵
  PID:6808
- C:\Windows\System\xtjQjJj.exe
  C:\Windows\System\xtjQjJj.exe
  2⤵
  PID:6828
- C:\Windows\System\qFHhfzN.exe
  C:\Windows\System\qFHhfzN.exe
  2⤵
  PID:6844
- C:\Windows\System\SPimVPT.exe
  C:\Windows\System\SPimVPT.exe
  2⤵
  PID:6860
- C:\Windows\System\TxWTEeR.exe
  C:\Windows\System\TxWTEeR.exe
  2⤵
  PID:6876
- C:\Windows\System\FmtygVm.exe
  C:\Windows\System\FmtygVm.exe
  2⤵
  PID:6892
- C:\Windows\System\nCLNSEX.exe
  C:\Windows\System\nCLNSEX.exe
  2⤵
  PID:6908
- C:\Windows\System\hbAqQfC.exe
  C:\Windows\System\hbAqQfC.exe
  2⤵
  PID:6924
- C:\Windows\System\nDmdavt.exe
  C:\Windows\System\nDmdavt.exe
  2⤵
  PID:6940
- C:\Windows\System\AxjwzLu.exe
  C:\Windows\System\AxjwzLu.exe
  2⤵
  PID:6956
- C:\Windows\System\LvijGKD.exe
  C:\Windows\System\LvijGKD.exe
  2⤵
  PID:6972
- C:\Windows\System\ZvqzAoS.exe
  C:\Windows\System\ZvqzAoS.exe
  2⤵
  PID:6988
- C:\Windows\System\nKPVaOA.exe
  C:\Windows\System\nKPVaOA.exe
  2⤵
  PID:7004
- C:\Windows\System\BAebJNb.exe
  C:\Windows\System\BAebJNb.exe
  2⤵
  PID:7020
- C:\Windows\System\YYapApz.exe
  C:\Windows\System\YYapApz.exe
  2⤵
  PID:7036
- C:\Windows\System\xLaqVBK.exe
  C:\Windows\System\xLaqVBK.exe
  2⤵
  PID:7052
- C:\Windows\System\sMEwQRv.exe
  C:\Windows\System\sMEwQRv.exe
  2⤵
  PID:7068
- C:\Windows\System\GXJSZpX.exe
  C:\Windows\System\GXJSZpX.exe
  2⤵
  PID:7084
- C:\Windows\System\NTLBXDs.exe
  C:\Windows\System\NTLBXDs.exe
  2⤵
  PID:7100
- C:\Windows\System\nYKjckG.exe
  C:\Windows\System\nYKjckG.exe
  2⤵
  PID:7116
- C:\Windows\System\FdeEMLa.exe
  C:\Windows\System\FdeEMLa.exe
  2⤵
  PID:7132
- C:\Windows\System\DxYrvUp.exe
  C:\Windows\System\DxYrvUp.exe
  2⤵
  PID:7148
- C:\Windows\System\yZVnbmQ.exe
  C:\Windows\System\yZVnbmQ.exe
  2⤵
  PID:7164
- C:\Windows\System\UaCfIUE.exe
  C:\Windows\System\UaCfIUE.exe
  2⤵
  PID:5740
- C:\Windows\System\XLHWyfh.exe
  C:\Windows\System\XLHWyfh.exe
  2⤵
  PID:2724
- C:\Windows\System\UkUwvYN.exe
  C:\Windows\System\UkUwvYN.exe
  2⤵
  PID:5900
- C:\Windows\System\VVZSDkc.exe
  C:\Windows\System\VVZSDkc.exe
  2⤵
  PID:6076
- C:\Windows\System\gQSEjmx.exe
  C:\Windows\System\gQSEjmx.exe
  2⤵
  PID:4944
- C:\Windows\System\dKcKYNf.exe
  C:\Windows\System\dKcKYNf.exe
  2⤵
  PID:4412
- C:\Windows\System\RmtPeyj.exe
  C:\Windows\System\RmtPeyj.exe
  2⤵
  PID:5192
- C:\Windows\System\ODQBvlA.exe
  C:\Windows\System\ODQBvlA.exe
  2⤵
  PID:5512
- C:\Windows\System\vQeeYIy.exe
  C:\Windows\System\vQeeYIy.exe
  2⤵
  PID:6148
- C:\Windows\System\IvnBAYL.exe
  C:\Windows\System\IvnBAYL.exe
  2⤵
  PID:6180
- C:\Windows\System\JosvRwt.exe
  C:\Windows\System\JosvRwt.exe
  2⤵
  PID:6212
- C:\Windows\System\zuMdVRB.exe
  C:\Windows\System\zuMdVRB.exe
  2⤵
  PID:6256
- C:\Windows\System\PVsiOwX.exe
  C:\Windows\System\PVsiOwX.exe
  2⤵
  PID:6276
- C:\Windows\System\aXJYhkc.exe
  C:\Windows\System\aXJYhkc.exe
  2⤵
  PID:6308
- C:\Windows\System\BlftQoz.exe
  C:\Windows\System\BlftQoz.exe
  2⤵
  PID:2736
- C:\Windows\System\RldVVfU.exe
  C:\Windows\System\RldVVfU.exe
  2⤵
  PID:2616
- C:\Windows\System\hQQTlyl.exe
  C:\Windows\System\hQQTlyl.exe
  2⤵
  PID:6384
- C:\Windows\System\BiEKEcE.exe
  C:\Windows\System\BiEKEcE.exe
  2⤵
  PID:6404
- C:\Windows\System\UQOTjmt.exe
  C:\Windows\System\UQOTjmt.exe
  2⤵
  PID:6448
- C:\Windows\System\EmlzQWR.exe
  C:\Windows\System\EmlzQWR.exe
  2⤵
  PID:6464
- C:\Windows\System\jQOXBmm.exe
  C:\Windows\System\jQOXBmm.exe
  2⤵
  PID:6496
- C:\Windows\System\alHJPkX.exe
  C:\Windows\System\alHJPkX.exe
  2⤵
  PID:6528
- C:\Windows\System\OjcZCsJ.exe
  C:\Windows\System\OjcZCsJ.exe
  2⤵
  PID:6560
- C:\Windows\System\tCJaMtV.exe
  C:\Windows\System\tCJaMtV.exe
  2⤵
  PID:6592
- C:\Windows\System\FcZLRId.exe
  C:\Windows\System\FcZLRId.exe
  2⤵
  PID:6624
- C:\Windows\System\mCdBvbk.exe
  C:\Windows\System\mCdBvbk.exe
  2⤵
  PID:6656
- C:\Windows\System\LqNJwka.exe
  C:\Windows\System\LqNJwka.exe
  2⤵
  PID:6704
- C:\Windows\System\MrLOQIO.exe
  C:\Windows\System\MrLOQIO.exe
  2⤵
  PID:6720
- C:\Windows\System\wBSSqAW.exe
  C:\Windows\System\wBSSqAW.exe
  2⤵
  PID:6752
- C:\Windows\System\xiKFqSS.exe
  C:\Windows\System\xiKFqSS.exe
  2⤵
  PID:6784
- C:\Windows\System\ELzDEiF.exe
  C:\Windows\System\ELzDEiF.exe
  2⤵
  PID:6816
- C:\Windows\System\BlCjMde.exe
  C:\Windows\System\BlCjMde.exe
  2⤵
  PID:6852
- C:\Windows\System\Cxofjwv.exe
  C:\Windows\System\Cxofjwv.exe
  2⤵
  PID:6884
- C:\Windows\System\ayTKsDx.exe
  C:\Windows\System\ayTKsDx.exe
  2⤵
  PID:6904
- C:\Windows\System\yrMKmlq.exe
  C:\Windows\System\yrMKmlq.exe
  2⤵
  PID:6936
- C:\Windows\System\TfgBTWZ.exe
  C:\Windows\System\TfgBTWZ.exe
  2⤵
  PID:6968
- C:\Windows\System\TUQKEum.exe
  C:\Windows\System\TUQKEum.exe
  2⤵
  PID:7000
- C:\Windows\System\tHJBOgS.exe
  C:\Windows\System\tHJBOgS.exe
  2⤵
  PID:7016
- C:\Windows\System\XikrwlE.exe
  C:\Windows\System\XikrwlE.exe
  2⤵
  PID:7048
- C:\Windows\System\HnuLUqW.exe
  C:\Windows\System\HnuLUqW.exe
  2⤵
  PID:7080
- C:\Windows\System\DvNCRkQ.exe
  C:\Windows\System\DvNCRkQ.exe
  2⤵
  PID:7112
- C:\Windows\System\chUMKVH.exe
  C:\Windows\System\chUMKVH.exe
  2⤵
  PID:7140
- C:\Windows\System\qezopeJ.exe
  C:\Windows\System\qezopeJ.exe
  2⤵
  PID:5776
- C:\Windows\System\tcuJEsu.exe
  C:\Windows\System\tcuJEsu.exe
  2⤵
  PID:5868
- C:\Windows\System\dqnppUE.exe
  C:\Windows\System\dqnppUE.exe
  2⤵
  PID:6060
- C:\Windows\System\EsWWdOk.exe
  C:\Windows\System\EsWWdOk.exe
  2⤵
  PID:2608
- C:\Windows\System\DxmgmkN.exe
  C:\Windows\System\DxmgmkN.exe
  2⤵
  PID:5368
- C:\Windows\System\kxUTJZn.exe
  C:\Windows\System\kxUTJZn.exe
  2⤵
  PID:2560
- C:\Windows\System\SGhqTsd.exe
  C:\Windows\System\SGhqTsd.exe
  2⤵
  PID:6192
- C:\Windows\System\RlLVPMk.exe
  C:\Windows\System\RlLVPMk.exe
  2⤵
  PID:6224
- C:\Windows\System\YmpOcxo.exe
  C:\Windows\System\YmpOcxo.exe
  2⤵
  PID:6288
- C:\Windows\System\uKjWLyg.exe
  C:\Windows\System\uKjWLyg.exe
  2⤵
  PID:6340
- C:\Windows\System\wazSgEB.exe
  C:\Windows\System\wazSgEB.exe
  2⤵
  PID:2728
- C:\Windows\System\ogRyMMe.exe
  C:\Windows\System\ogRyMMe.exe
  2⤵
  PID:6420
- C:\Windows\System\ImSORGE.exe
  C:\Windows\System\ImSORGE.exe
  2⤵
  PID:2588
- C:\Windows\System\SaEsZST.exe
  C:\Windows\System\SaEsZST.exe
  2⤵
  PID:6516
- C:\Windows\System\yManMni.exe
  C:\Windows\System\yManMni.exe
  2⤵
  PID:6564
- C:\Windows\System\dUUVFQj.exe
  C:\Windows\System\dUUVFQj.exe
  2⤵
  PID:1592
- C:\Windows\System\vCBDwQl.exe
  C:\Windows\System\vCBDwQl.exe
  2⤵
  PID:6676
- C:\Windows\System\nnSgwvt.exe
  C:\Windows\System\nnSgwvt.exe
  2⤵
  PID:6756
- C:\Windows\System\UMUwXkR.exe
  C:\Windows\System\UMUwXkR.exe
  2⤵
  PID:6800
- C:\Windows\System\FfFgAwm.exe
  C:\Windows\System\FfFgAwm.exe
  2⤵
  PID:6868
- C:\Windows\System\yylQOmd.exe
  C:\Windows\System\yylQOmd.exe
  2⤵
  PID:6932
- C:\Windows\System\jTFyUFw.exe
  C:\Windows\System\jTFyUFw.exe
  2⤵
  PID:6980
- C:\Windows\System\qrsgtZt.exe
  C:\Windows\System\qrsgtZt.exe
  2⤵
  PID:7044
- C:\Windows\System\QeKOmjD.exe
  C:\Windows\System\QeKOmjD.exe
  2⤵
  PID:7092
- C:\Windows\System\jDlqYWG.exe
  C:\Windows\System\jDlqYWG.exe
  2⤵
  PID:1208
- C:\Windows\System\rfNGISY.exe
  C:\Windows\System\rfNGISY.exe
  2⤵
  PID:5724
- C:\Windows\System\HyZoHuT.exe
  C:\Windows\System\HyZoHuT.exe
  2⤵
  PID:5932
- C:\Windows\System\SZJaymV.exe
  C:\Windows\System\SZJaymV.exe
  2⤵
  PID:5464
- C:\Windows\System\AMwdKKX.exe
  C:\Windows\System\AMwdKKX.exe
  2⤵
  PID:6240
- C:\Windows\System\LAxMoCL.exe
  C:\Windows\System\LAxMoCL.exe
  2⤵
  PID:1676
- C:\Windows\System\TAYpLEB.exe
  C:\Windows\System\TAYpLEB.exe
  2⤵
  PID:860
- C:\Windows\System\UmhtswK.exe
  C:\Windows\System\UmhtswK.exe
  2⤵
  PID:2760
- C:\Windows\System\VMqfkqe.exe
  C:\Windows\System\VMqfkqe.exe
  2⤵
  PID:6580
- C:\Windows\System\zoIQQmk.exe
  C:\Windows\System\zoIQQmk.exe
  2⤵
  PID:6644
- C:\Windows\System\JTytudS.exe
  C:\Windows\System\JTytudS.exe
  2⤵
  PID:1436
- C:\Windows\System\YTIsLZZ.exe
  C:\Windows\System\YTIsLZZ.exe
  2⤵
  PID:6872
- C:\Windows\System\nQGDfMB.exe
  C:\Windows\System\nQGDfMB.exe
  2⤵
  PID:6984
- C:\Windows\System\sEjrEij.exe
  C:\Windows\System\sEjrEij.exe
  2⤵
  PID:7128
- C:\Windows\System\MBemGaW.exe
  C:\Windows\System\MBemGaW.exe
  2⤵
  PID:5996
- C:\Windows\System\SzLKAul.exe
  C:\Windows\System\SzLKAul.exe
  2⤵
  PID:7184
- C:\Windows\System\YnEfGFE.exe
  C:\Windows\System\YnEfGFE.exe
  2⤵
  PID:7200
- C:\Windows\System\nhVTSIO.exe
  C:\Windows\System\nhVTSIO.exe
  2⤵
  PID:7216
- C:\Windows\System\XpRUrZB.exe
  C:\Windows\System\XpRUrZB.exe
  2⤵
  PID:7232
- C:\Windows\System\dGRpQev.exe
  C:\Windows\System\dGRpQev.exe
  2⤵
  PID:7248
- C:\Windows\System\vnYLdAj.exe
  C:\Windows\System\vnYLdAj.exe
  2⤵
  PID:7264
- C:\Windows\System\jSKbnQR.exe
  C:\Windows\System\jSKbnQR.exe
  2⤵
  PID:7280
- C:\Windows\System\uuHFdIF.exe
  C:\Windows\System\uuHFdIF.exe
  2⤵
  PID:7296
- C:\Windows\System\QokUZkd.exe
  C:\Windows\System\QokUZkd.exe
  2⤵
  PID:7312
- C:\Windows\System\PpKWrMT.exe
  C:\Windows\System\PpKWrMT.exe
  2⤵
  PID:7328
- C:\Windows\System\xBukksc.exe
  C:\Windows\System\xBukksc.exe
  2⤵
  PID:7348
- C:\Windows\System\QtSjMYb.exe
  C:\Windows\System\QtSjMYb.exe
  2⤵
  PID:7364
- C:\Windows\System\ttTSDda.exe
  C:\Windows\System\ttTSDda.exe
  2⤵
  PID:7380
- C:\Windows\System\rQjtBik.exe
  C:\Windows\System\rQjtBik.exe
  2⤵
  PID:7396
- C:\Windows\System\IPfePAl.exe
  C:\Windows\System\IPfePAl.exe
  2⤵
  PID:7412
- C:\Windows\System\CQLeDhC.exe
  C:\Windows\System\CQLeDhC.exe
  2⤵
  PID:7428
- C:\Windows\System\VPHRrnQ.exe
  C:\Windows\System\VPHRrnQ.exe
  2⤵
  PID:7444
- C:\Windows\System\CwcWFxY.exe
  C:\Windows\System\CwcWFxY.exe
  2⤵
  PID:7460
- C:\Windows\System\teWLEmV.exe
  C:\Windows\System\teWLEmV.exe
  2⤵
  PID:7476
- C:\Windows\System\LSWnawB.exe
  C:\Windows\System\LSWnawB.exe
  2⤵
  PID:7492
- C:\Windows\System\MQyjLdJ.exe
  C:\Windows\System\MQyjLdJ.exe
  2⤵
  PID:7508
- C:\Windows\System\UbzATIt.exe
  C:\Windows\System\UbzATIt.exe
  2⤵
  PID:7524
- C:\Windows\System\BxlcvaB.exe
  C:\Windows\System\BxlcvaB.exe
  2⤵
  PID:7540
- C:\Windows\System\rcpqZGm.exe
  C:\Windows\System\rcpqZGm.exe
  2⤵
  PID:7556
- C:\Windows\System\VZGnAbK.exe
  C:\Windows\System\VZGnAbK.exe
  2⤵
  PID:7572
- C:\Windows\System\JGaMbNI.exe
  C:\Windows\System\JGaMbNI.exe
  2⤵
  PID:7588
- C:\Windows\System\npbbSdC.exe
  C:\Windows\System\npbbSdC.exe
  2⤵
  PID:7604
- C:\Windows\System\eVyXBxi.exe
  C:\Windows\System\eVyXBxi.exe
  2⤵
  PID:7620
- C:\Windows\System\NQHjoFM.exe
  C:\Windows\System\NQHjoFM.exe
  2⤵
  PID:7636
- C:\Windows\System\YOQYClX.exe
  C:\Windows\System\YOQYClX.exe
  2⤵
  PID:7652
- C:\Windows\System\tzDuYYs.exe
  C:\Windows\System\tzDuYYs.exe
  2⤵
  PID:7668
- C:\Windows\System\qenNDEc.exe
  C:\Windows\System\qenNDEc.exe
  2⤵
  PID:7684
- C:\Windows\System\JxzREWY.exe
  C:\Windows\System\JxzREWY.exe
  2⤵
  PID:7700
- C:\Windows\System\lHSMozf.exe
  C:\Windows\System\lHSMozf.exe
  2⤵
  PID:7716
- C:\Windows\System\ktJXqxk.exe
  C:\Windows\System\ktJXqxk.exe
  2⤵
  PID:7732
- C:\Windows\System\wxqGYRs.exe
  C:\Windows\System\wxqGYRs.exe
  2⤵
  PID:7748
- C:\Windows\System\uEHyjiX.exe
  C:\Windows\System\uEHyjiX.exe
  2⤵
  PID:7764
- C:\Windows\System\zOrgbaT.exe
  C:\Windows\System\zOrgbaT.exe
  2⤵
  PID:7780
- C:\Windows\System\JgMbObv.exe
  C:\Windows\System\JgMbObv.exe
  2⤵
  PID:7796
- C:\Windows\System\DmWHNBp.exe
  C:\Windows\System\DmWHNBp.exe
  2⤵
  PID:7812
- C:\Windows\System\koaBgcA.exe
  C:\Windows\System\koaBgcA.exe
  2⤵
  PID:7828
- C:\Windows\System\idfUPIA.exe
  C:\Windows\System\idfUPIA.exe
  2⤵
  PID:7844
- C:\Windows\System\dDttruF.exe
  C:\Windows\System\dDttruF.exe
  2⤵
  PID:7860
- C:\Windows\System\fXphSBB.exe
  C:\Windows\System\fXphSBB.exe
  2⤵
  PID:7876
- C:\Windows\System\xyoiXxW.exe
  C:\Windows\System\xyoiXxW.exe
  2⤵
  PID:7892
- C:\Windows\System\wPDDTMH.exe
  C:\Windows\System\wPDDTMH.exe
  2⤵
  PID:7908
- C:\Windows\System\tgganFl.exe
  C:\Windows\System\tgganFl.exe
  2⤵
  PID:7924
- C:\Windows\System\gNMfged.exe
  C:\Windows\System\gNMfged.exe
  2⤵
  PID:7940
- C:\Windows\System\uPLhRcB.exe
  C:\Windows\System\uPLhRcB.exe
  2⤵
  PID:7956
- C:\Windows\System\YdlcgAo.exe
  C:\Windows\System\YdlcgAo.exe
  2⤵
  PID:7972
- C:\Windows\System\BWxwezf.exe
  C:\Windows\System\BWxwezf.exe
  2⤵
  PID:7988
- C:\Windows\System\TGfsXwW.exe
  C:\Windows\System\TGfsXwW.exe
  2⤵
  PID:8004
- C:\Windows\System\TdzUuPW.exe
  C:\Windows\System\TdzUuPW.exe
  2⤵
  PID:8020
- C:\Windows\System\XwsVEoi.exe
  C:\Windows\System\XwsVEoi.exe
  2⤵
  PID:8036
- C:\Windows\System\xXDPNQq.exe
  C:\Windows\System\xXDPNQq.exe
  2⤵
  PID:8052
- C:\Windows\System\fhWRfjP.exe
  C:\Windows\System\fhWRfjP.exe
  2⤵
  PID:8068
- C:\Windows\System\SXSGoIS.exe
  C:\Windows\System\SXSGoIS.exe
  2⤵
  PID:8084
- C:\Windows\System\noKHpBX.exe
  C:\Windows\System\noKHpBX.exe
  2⤵
  PID:8100
- C:\Windows\System\kjdytyl.exe
  C:\Windows\System\kjdytyl.exe
  2⤵
  PID:8116
- C:\Windows\System\sFjDtnS.exe
  C:\Windows\System\sFjDtnS.exe
  2⤵
  PID:8132
- C:\Windows\System\tQHWLxJ.exe
  C:\Windows\System\tQHWLxJ.exe
  2⤵
  PID:8148
- C:\Windows\System\cdqgPTW.exe
  C:\Windows\System\cdqgPTW.exe
  2⤵
  PID:8164
- C:\Windows\System\gRfuOpC.exe
  C:\Windows\System\gRfuOpC.exe
  2⤵
  PID:8180
- C:\Windows\System\mgxPVCu.exe
  C:\Windows\System\mgxPVCu.exe
  2⤵
  PID:4504
- C:\Windows\System\onQDVkj.exe
  C:\Windows\System\onQDVkj.exe
  2⤵
  PID:764
- C:\Windows\System\ShEjomb.exe
  C:\Windows\System\ShEjomb.exe
  2⤵
  PID:6336
- C:\Windows\System\xKVlula.exe
  C:\Windows\System\xKVlula.exe
  2⤵
  PID:6500
- C:\Windows\System\EdwKkoJ.exe
  C:\Windows\System\EdwKkoJ.exe
  2⤵
  PID:6724
- C:\Windows\System\JoYEmft.exe
  C:\Windows\System\JoYEmft.exe
  2⤵
  PID:2692
- C:\Windows\System\kJeklnE.exe
  C:\Windows\System\kJeklnE.exe
  2⤵
  PID:7176
- C:\Windows\System\XZdohEp.exe
  C:\Windows\System\XZdohEp.exe
  2⤵
  PID:7196
- C:\Windows\System\uQGRjqv.exe
  C:\Windows\System\uQGRjqv.exe
  2⤵
  PID:7228
- C:\Windows\System\jZOenXq.exe
  C:\Windows\System\jZOenXq.exe
  2⤵
  PID:7260
- C:\Windows\System\trmjaMQ.exe
  C:\Windows\System\trmjaMQ.exe
  2⤵
  PID:7304
- C:\Windows\System\BhGkxTp.exe
  C:\Windows\System\BhGkxTp.exe
  2⤵
  PID:7324
- C:\Windows\System\ujYcbGR.exe
  C:\Windows\System\ujYcbGR.exe
  2⤵
  PID:7360
- C:\Windows\System\NNMFmTZ.exe
  C:\Windows\System\NNMFmTZ.exe
  2⤵
  PID:7392
- C:\Windows\System\ljPdfpW.exe
  C:\Windows\System\ljPdfpW.exe
  2⤵
  PID:7436
- C:\Windows\System\przVjFc.exe
  C:\Windows\System\przVjFc.exe
  2⤵
  PID:7468
- C:\Windows\System\OZyYgpL.exe
  C:\Windows\System\OZyYgpL.exe
  2⤵
  PID:7488
- C:\Windows\System\KYelzJc.exe
  C:\Windows\System\KYelzJc.exe
  2⤵
  PID:7532
- C:\Windows\System\wInCzHX.exe
  C:\Windows\System\wInCzHX.exe
  2⤵
  PID:7552
- C:\Windows\System\eltKLkj.exe
  C:\Windows\System\eltKLkj.exe
  2⤵
  PID:7596
- C:\Windows\System\METZQAQ.exe
  C:\Windows\System\METZQAQ.exe
  2⤵
  PID:7616
- C:\Windows\System\DbQcSNn.exe
  C:\Windows\System\DbQcSNn.exe
  2⤵
  PID:7648
- C:\Windows\System\BNIQEmW.exe
  C:\Windows\System\BNIQEmW.exe
  2⤵
  PID:7680
- C:\Windows\System\IKbFFaF.exe
  C:\Windows\System\IKbFFaF.exe
  2⤵
  PID:7724
- C:\Windows\System\muawuGL.exe
  C:\Windows\System\muawuGL.exe
  2⤵
  PID:7744
- C:\Windows\System\IsCKRPi.exe
  C:\Windows\System\IsCKRPi.exe
  2⤵
  PID:7776
- C:\Windows\System\ihvdpkX.exe
  C:\Windows\System\ihvdpkX.exe
  2⤵
  PID:7808
- C:\Windows\System\Zewkqgt.exe
  C:\Windows\System\Zewkqgt.exe
  2⤵
  PID:7840
- C:\Windows\System\QiMNIUE.exe
  C:\Windows\System\QiMNIUE.exe
  2⤵
  PID:7872
- C:\Windows\System\GuNCcXU.exe
  C:\Windows\System\GuNCcXU.exe
  2⤵
  PID:7916
- C:\Windows\System\RTWdfKz.exe
  C:\Windows\System\RTWdfKz.exe
  2⤵
  PID:7936
- C:\Windows\System\VMdQjIN.exe
  C:\Windows\System\VMdQjIN.exe
  2⤵
  PID:7968
- C:\Windows\System\OLGZdHR.exe
  C:\Windows\System\OLGZdHR.exe
  2⤵
  PID:8012
- C:\Windows\System\SJJuIZc.exe
  C:\Windows\System\SJJuIZc.exe
  2⤵
  PID:8044
- C:\Windows\System\MKRONjX.exe
  C:\Windows\System\MKRONjX.exe
  2⤵
  PID:8076
- C:\Windows\System\aukWirD.exe
  C:\Windows\System\aukWirD.exe
  2⤵
  PID:8108
- C:\Windows\System\XDTFovA.exe
  C:\Windows\System\XDTFovA.exe
  2⤵
  PID:8140
- C:\Windows\System\ygPbgTG.exe
  C:\Windows\System\ygPbgTG.exe
  2⤵
  PID:8172
- C:\Windows\System\KaEQeol.exe
  C:\Windows\System\KaEQeol.exe
  2⤵
  PID:2072
- C:\Windows\System\CRjmeOw.exe
  C:\Windows\System\CRjmeOw.exe
  2⤵
  PID:6432
- C:\Windows\System\TZzQERH.exe
  C:\Windows\System\TZzQERH.exe
  2⤵
  PID:6920
- C:\Windows\System\kDLiAZp.exe
  C:\Windows\System\kDLiAZp.exe
  2⤵
  PID:5728
- C:\Windows\System\DLwKVZH.exe
  C:\Windows\System\DLwKVZH.exe
  2⤵
  PID:7240
- C:\Windows\System\LJVcPtv.exe
  C:\Windows\System\LJVcPtv.exe
  2⤵
  PID:7320
- C:\Windows\System\YqVHsLp.exe
  C:\Windows\System\YqVHsLp.exe
  2⤵
  PID:7372
- C:\Windows\System\tXrbDxs.exe
  C:\Windows\System\tXrbDxs.exe
  2⤵
  PID:7452
- C:\Windows\System\eSZRuEU.exe
  C:\Windows\System\eSZRuEU.exe
  2⤵
  PID:7516
- C:\Windows\System\lYltLWn.exe
  C:\Windows\System\lYltLWn.exe
  2⤵
  PID:7580
- C:\Windows\System\CpPHgKI.exe
  C:\Windows\System\CpPHgKI.exe
  2⤵
  PID:7644
- C:\Windows\System\xovAMKz.exe
  C:\Windows\System\xovAMKz.exe
  2⤵
  PID:7692
- C:\Windows\System\aTLyZUz.exe
  C:\Windows\System\aTLyZUz.exe
  2⤵
  PID:7740
- C:\Windows\System\CKelCTV.exe
  C:\Windows\System\CKelCTV.exe
  2⤵
  PID:7756
- C:\Windows\System\pFrrWKd.exe
  C:\Windows\System\pFrrWKd.exe
  2⤵
  PID:7820
- C:\Windows\System\AmKcbqJ.exe
  C:\Windows\System\AmKcbqJ.exe
  2⤵
  PID:7884
- C:\Windows\System\SxlfIuc.exe
  C:\Windows\System\SxlfIuc.exe
  2⤵
  PID:7948
- C:\Windows\System\uOJnRoW.exe
  C:\Windows\System\uOJnRoW.exe
  2⤵
  PID:8028
- C:\Windows\System\eTZkZFz.exe
  C:\Windows\System\eTZkZFz.exe
  2⤵
  PID:8080
- C:\Windows\System\WUNbPiP.exe
  C:\Windows\System\WUNbPiP.exe
  2⤵
  PID:8124
- C:\Windows\System\mmtkPWk.exe
  C:\Windows\System\mmtkPWk.exe
  2⤵
  PID:8188
- C:\Windows\System\XHyZgih.exe
  C:\Windows\System\XHyZgih.exe
  2⤵
  PID:6964
- C:\Windows\System\hiOGYDn.exe
  C:\Windows\System\hiOGYDn.exe
  2⤵
  PID:7272
- C:\Windows\System\dSHyAhw.exe
  C:\Windows\System\dSHyAhw.exe
  2⤵
  PID:7356
- C:\Windows\System\lvTPJuG.exe
  C:\Windows\System\lvTPJuG.exe
  2⤵
  PID:7520
- C:\Windows\System\faScFKS.exe
  C:\Windows\System\faScFKS.exe
  2⤵
  PID:7660
- C:\Windows\System\fkEGWMB.exe
  C:\Windows\System\fkEGWMB.exe
  2⤵
  PID:2716
- C:\Windows\System\RnkDJIu.exe
  C:\Windows\System\RnkDJIu.exe
  2⤵
  PID:7836
- C:\Windows\System\uibnqtD.exe
  C:\Windows\System\uibnqtD.exe
  2⤵
  PID:7952
- C:\Windows\System\TbqhvMU.exe
  C:\Windows\System\TbqhvMU.exe
  2⤵
  PID:8092
- C:\Windows\System\QBkwOht.exe
  C:\Windows\System\QBkwOht.exe
  2⤵
  PID:8200
- C:\Windows\System\DAsEiku.exe
  C:\Windows\System\DAsEiku.exe
  2⤵
  PID:8216
- C:\Windows\System\lcbnzFb.exe
  C:\Windows\System\lcbnzFb.exe
  2⤵
  PID:8232
- C:\Windows\System\JsHlbaS.exe
  C:\Windows\System\JsHlbaS.exe
  2⤵
  PID:8248
- C:\Windows\System\eIhjTIQ.exe
  C:\Windows\System\eIhjTIQ.exe
  2⤵
  PID:8264
- C:\Windows\System\QKWdkPr.exe
  C:\Windows\System\QKWdkPr.exe
  2⤵
  PID:8280
- C:\Windows\System\dkRwYem.exe
  C:\Windows\System\dkRwYem.exe
  2⤵
  PID:8296
- C:\Windows\System\xhHmUhF.exe
  C:\Windows\System\xhHmUhF.exe
  2⤵
  PID:8312
- C:\Windows\System\OxZudgY.exe
  C:\Windows\System\OxZudgY.exe
  2⤵
  PID:8328
- C:\Windows\System\RSCrvZr.exe
  C:\Windows\System\RSCrvZr.exe
  2⤵
  PID:8344
- C:\Windows\System\POHjmPC.exe
  C:\Windows\System\POHjmPC.exe
  2⤵
  PID:8360
- C:\Windows\System\wvKJqLY.exe
  C:\Windows\System\wvKJqLY.exe
  2⤵
  PID:8376
- C:\Windows\System\BnjsvJj.exe
  C:\Windows\System\BnjsvJj.exe
  2⤵
  PID:8392
- C:\Windows\System\kEHUOQx.exe
  C:\Windows\System\kEHUOQx.exe
  2⤵
  PID:8408
- C:\Windows\System\bjUOdhW.exe
  C:\Windows\System\bjUOdhW.exe
  2⤵
  PID:8424
- C:\Windows\System\DOQkkWM.exe
  C:\Windows\System\DOQkkWM.exe
  2⤵
  PID:8440
- C:\Windows\System\qVenJFH.exe
  C:\Windows\System\qVenJFH.exe
  2⤵
  PID:8456
- C:\Windows\System\OubbucY.exe
  C:\Windows\System\OubbucY.exe
  2⤵
  PID:8472
- C:\Windows\System\lkltfLE.exe
  C:\Windows\System\lkltfLE.exe
  2⤵
  PID:8488
- C:\Windows\System\maEjrsR.exe
  C:\Windows\System\maEjrsR.exe
  2⤵
  PID:8504
- C:\Windows\System\xRwvhaD.exe
  C:\Windows\System\xRwvhaD.exe
  2⤵
  PID:8520
- C:\Windows\System\AShsabn.exe
  C:\Windows\System\AShsabn.exe
  2⤵
  PID:8536
- C:\Windows\System\knThahz.exe
  C:\Windows\System\knThahz.exe
  2⤵
  PID:8552
- C:\Windows\System\rFprYLu.exe
  C:\Windows\System\rFprYLu.exe
  2⤵
  PID:8568
- C:\Windows\System\QnRIbEL.exe
  C:\Windows\System\QnRIbEL.exe
  2⤵
  PID:8584
- C:\Windows\System\qUfPOUa.exe
  C:\Windows\System\qUfPOUa.exe
  2⤵
  PID:8600
- C:\Windows\System\CuRtuiK.exe
  C:\Windows\System\CuRtuiK.exe
  2⤵
  PID:8616
- C:\Windows\System\egVOpdA.exe
  C:\Windows\System\egVOpdA.exe
  2⤵
  PID:8632
- C:\Windows\System\xGBfANl.exe
  C:\Windows\System\xGBfANl.exe
  2⤵
  PID:8648
- C:\Windows\System\pUmWQRd.exe
  C:\Windows\System\pUmWQRd.exe
  2⤵
  PID:8664
- C:\Windows\System\BxcwlgX.exe
  C:\Windows\System\BxcwlgX.exe
  2⤵
  PID:8680
- C:\Windows\System\IEADkNs.exe
  C:\Windows\System\IEADkNs.exe
  2⤵
  PID:8696
- C:\Windows\System\fvjZbuV.exe
  C:\Windows\System\fvjZbuV.exe
  2⤵
  PID:8712
- C:\Windows\System\LWHbXCQ.exe
  C:\Windows\System\LWHbXCQ.exe
  2⤵
  PID:8728
- C:\Windows\System\NfDlrmG.exe
  C:\Windows\System\NfDlrmG.exe
  2⤵
  PID:8744
- C:\Windows\System\RBMaWyJ.exe
  C:\Windows\System\RBMaWyJ.exe
  2⤵
  PID:8760
- C:\Windows\System\zRpzMIn.exe
  C:\Windows\System\zRpzMIn.exe
  2⤵
  PID:8776
- C:\Windows\System\KVSDPgv.exe
  C:\Windows\System\KVSDPgv.exe
  2⤵
  PID:8792
- C:\Windows\System\KcEDLPL.exe
  C:\Windows\System\KcEDLPL.exe
  2⤵
  PID:8808
- C:\Windows\System\dsipxyM.exe
  C:\Windows\System\dsipxyM.exe
  2⤵
  PID:8824
- C:\Windows\System\yLbwGGO.exe
  C:\Windows\System\yLbwGGO.exe
  2⤵
  PID:8840
- C:\Windows\System\cZciAIZ.exe
  C:\Windows\System\cZciAIZ.exe
  2⤵
  PID:8856
- C:\Windows\System\oeAEGEY.exe
  C:\Windows\System\oeAEGEY.exe
  2⤵
  PID:8872
- C:\Windows\System\ujZUKQl.exe
  C:\Windows\System\ujZUKQl.exe
  2⤵
  PID:8888
- C:\Windows\System\vpsKuhd.exe
  C:\Windows\System\vpsKuhd.exe
  2⤵
  PID:8904
- C:\Windows\System\frSczaj.exe
  C:\Windows\System\frSczaj.exe
  2⤵
  PID:8920
- C:\Windows\System\WfgAURf.exe
  C:\Windows\System\WfgAURf.exe
  2⤵
  PID:8936
- C:\Windows\System\WsEwket.exe
  C:\Windows\System\WsEwket.exe
  2⤵
  PID:8952
- C:\Windows\System\cQarpqV.exe
  C:\Windows\System\cQarpqV.exe
  2⤵
  PID:8972
- C:\Windows\System\NcJeypX.exe
  C:\Windows\System\NcJeypX.exe
  2⤵
  PID:8988
- C:\Windows\System\oGXUBnE.exe
  C:\Windows\System\oGXUBnE.exe
  2⤵
  PID:9004
- C:\Windows\System\ggdmtQr.exe
  C:\Windows\System\ggdmtQr.exe
  2⤵
  PID:9020
- C:\Windows\System\ZzlZROu.exe
  C:\Windows\System\ZzlZROu.exe
  2⤵
  PID:9036
- C:\Windows\System\bYETSRk.exe
  C:\Windows\System\bYETSRk.exe
  2⤵
  PID:9052
- C:\Windows\System\fsmMEjj.exe
  C:\Windows\System\fsmMEjj.exe
  2⤵
  PID:9068
- C:\Windows\System\HoAvcgr.exe
  C:\Windows\System\HoAvcgr.exe
  2⤵
  PID:9084
- C:\Windows\System\EfoMvjs.exe
  C:\Windows\System\EfoMvjs.exe
  2⤵
  PID:9100
- C:\Windows\System\tJTkLIt.exe
  C:\Windows\System\tJTkLIt.exe
  2⤵
  PID:9116
- C:\Windows\System\xeAYxrI.exe
  C:\Windows\System\xeAYxrI.exe
  2⤵
  PID:9132
- C:\Windows\System\meMDXre.exe
  C:\Windows\System\meMDXre.exe
  2⤵
  PID:9148
- C:\Windows\System\YNvYoeO.exe
  C:\Windows\System\YNvYoeO.exe
  2⤵
  PID:9164
- C:\Windows\System\aleEgJK.exe
  C:\Windows\System\aleEgJK.exe
  2⤵
  PID:9180
- C:\Windows\System\LrkDUYA.exe
  C:\Windows\System\LrkDUYA.exe
  2⤵
  PID:9196
- C:\Windows\System\huMfmzc.exe
  C:\Windows\System\huMfmzc.exe
  2⤵
  PID:9212
- C:\Windows\System\cbstLLy.exe
  C:\Windows\System\cbstLLy.exe
  2⤵
  PID:6640
- C:\Windows\System\awYDLry.exe
  C:\Windows\System\awYDLry.exe
  2⤵
  PID:7336
- C:\Windows\System\FkSArHJ.exe
  C:\Windows\System\FkSArHJ.exe
  2⤵
  PID:7584
- C:\Windows\System\cpMfdUs.exe
  C:\Windows\System\cpMfdUs.exe
  2⤵
  PID:7868
- C:\Windows\System\CZBYUpA.exe
  C:\Windows\System\CZBYUpA.exe
  2⤵
  PID:976
- C:\Windows\System\jBNMRMx.exe
  C:\Windows\System\jBNMRMx.exe
  2⤵
  PID:8212
- C:\Windows\System\atimisM.exe
  C:\Windows\System\atimisM.exe
  2⤵
  PID:8228
- C:\Windows\System\oXUGFKT.exe
  C:\Windows\System\oXUGFKT.exe
  2⤵
  PID:8272
- C:\Windows\System\PqFbekr.exe
  C:\Windows\System\PqFbekr.exe
  2⤵
  PID:8292
- C:\Windows\System\cEBPOpf.exe
  C:\Windows\System\cEBPOpf.exe
  2⤵
  PID:8324
- C:\Windows\System\caFcfQh.exe
  C:\Windows\System\caFcfQh.exe
  2⤵
  PID:8356
- C:\Windows\System\MpjgFeR.exe
  C:\Windows\System\MpjgFeR.exe
  2⤵
  PID:2620
- C:\Windows\System\cbASEfS.exe
  C:\Windows\System\cbASEfS.exe
  2⤵
  PID:8432
- C:\Windows\System\gwvQcQP.exe
  C:\Windows\System\gwvQcQP.exe
  2⤵
  PID:8436
- C:\Windows\System\ANpujhe.exe
  C:\Windows\System\ANpujhe.exe
  2⤵
  PID:8468
- C:\Windows\System\AkUECfr.exe
  C:\Windows\System\AkUECfr.exe
  2⤵
  PID:8500
- C:\Windows\System\uBltiLT.exe
  C:\Windows\System\uBltiLT.exe
  2⤵
  PID:2832
- C:\Windows\System\MTfRMST.exe
  C:\Windows\System\MTfRMST.exe
  2⤵
  PID:8560
- C:\Windows\System\xcyAbwW.exe
  C:\Windows\System\xcyAbwW.exe
  2⤵
  PID:8592
- C:\Windows\System\wWzoZbe.exe
  C:\Windows\System\wWzoZbe.exe
  2⤵
  PID:8624
- C:\Windows\System\wRqZWRh.exe
  C:\Windows\System\wRqZWRh.exe
  2⤵
  PID:8660
- C:\Windows\System\CwGDbMZ.exe
  C:\Windows\System\CwGDbMZ.exe
  2⤵
  PID:8688
- C:\Windows\System\fMGxPDX.exe
  C:\Windows\System\fMGxPDX.exe
  2⤵
  PID:8704
- C:\Windows\System\ANknnNK.exe
  C:\Windows\System\ANknnNK.exe
  2⤵
  PID:8752
- C:\Windows\System\FqESZFH.exe
  C:\Windows\System\FqESZFH.exe
  2⤵
  PID:2864
- C:\Windows\System\eYdyiEb.exe
  C:\Windows\System\eYdyiEb.exe
  2⤵
  PID:8816
- C:\Windows\System\OFsLqtw.exe
  C:\Windows\System\OFsLqtw.exe
  2⤵
  PID:8804
- C:\Windows\System\EEkZLca.exe
  C:\Windows\System\EEkZLca.exe
  2⤵
  PID:8848
- C:\Windows\System\IlBsJPb.exe
  C:\Windows\System\IlBsJPb.exe
  2⤵
  PID:8864
- C:\Windows\System\xOafref.exe
  C:\Windows\System\xOafref.exe
  2⤵
  PID:8912
- C:\Windows\System\DTgPUmU.exe
  C:\Windows\System\DTgPUmU.exe
  2⤵
  PID:2076
- C:\Windows\System\OvEugdQ.exe
  C:\Windows\System\OvEugdQ.exe
  2⤵
  PID:8960
- C:\Windows\System\wDCFlLy.exe
  C:\Windows\System\wDCFlLy.exe
  2⤵
  PID:9000
- C:\Windows\System\LBXcfRd.exe
  C:\Windows\System\LBXcfRd.exe
  2⤵
  PID:9028
- C:\Windows\System\reZNhEd.exe
  C:\Windows\System\reZNhEd.exe
  2⤵
  PID:9060
- C:\Windows\System\tgcVhbv.exe
  C:\Windows\System\tgcVhbv.exe
  2⤵
  PID:9092
- C:\Windows\System\jvHdyXy.exe
  C:\Windows\System\jvHdyXy.exe
  2⤵
  PID:7456
- C:\Windows\System\yGNkdIG.exe
  C:\Windows\System\yGNkdIG.exe
  2⤵
  PID:8196
- C:\Windows\System\msuZxiU.exe
  C:\Windows\System\msuZxiU.exe
  2⤵
  PID:8260
- C:\Windows\System\WYAMdfU.exe
  C:\Windows\System\WYAMdfU.exe
  2⤵
  PID:8288
- C:\Windows\System\yDoKjWs.exe
  C:\Windows\System\yDoKjWs.exe
  2⤵
  PID:8368
- C:\Windows\System\nohyTKQ.exe
  C:\Windows\System\nohyTKQ.exe
  2⤵
  PID:2836
- C:\Windows\System\FHgiYDK.exe
  C:\Windows\System\FHgiYDK.exe
  2⤵
  PID:2016
- C:\Windows\System\hRoYQIg.exe
  C:\Windows\System\hRoYQIg.exe
  2⤵
  PID:8516
- C:\Windows\System\EjZLlrN.exe
  C:\Windows\System\EjZLlrN.exe
  2⤵
  PID:2376
- C:\Windows\System\FifYtKa.exe
  C:\Windows\System\FifYtKa.exe
  2⤵
  PID:8656
- C:\Windows\System\ULnzAML.exe
  C:\Windows\System\ULnzAML.exe
  2⤵
  PID:8736
- C:\Windows\System\jKKIXED.exe
  C:\Windows\System\jKKIXED.exe
  2⤵
  PID:8784
- C:\Windows\System\BtTLoqK.exe
  C:\Windows\System\BtTLoqK.exe
  2⤵
  PID:1844
- C:\Windows\System\RDtrbmX.exe
  C:\Windows\System\RDtrbmX.exe
  2⤵
  PID:8884
- C:\Windows\System\GdpWQWT.exe
  C:\Windows\System\GdpWQWT.exe
  2⤵
  PID:2788
- C:\Windows\System\PsYtotM.exe
  C:\Windows\System\PsYtotM.exe
  2⤵
  PID:9096
- C:\Windows\System\EQeIfSg.exe
  C:\Windows\System\EQeIfSg.exe
  2⤵
  PID:700
- C:\Windows\System\ufdctNB.exe
  C:\Windows\System\ufdctNB.exe
  2⤵
  PID:8208
- C:\Windows\System\lNClYGe.exe
  C:\Windows\System\lNClYGe.exe
  2⤵
  PID:8336
- C:\Windows\System\uijDWBp.exe
  C:\Windows\System\uijDWBp.exe
  2⤵
  PID:8420
- C:\Windows\System\EixPZlW.exe
  C:\Windows\System\EixPZlW.exe
  2⤵
  PID:8576
- C:\Windows\System\hplAESB.exe
  C:\Windows\System\hplAESB.exe
  2⤵
  PID:1152
- C:\Windows\System\laWHCUJ.exe
  C:\Windows\System\laWHCUJ.exe
  2⤵
  PID:8464
- C:\Windows\System\QNkVQWT.exe
  C:\Windows\System\QNkVQWT.exe
  2⤵
  PID:8720
- C:\Windows\System\lnobMXR.exe
  C:\Windows\System\lnobMXR.exe
  2⤵
  PID:8852
- C:\Windows\System\uCXYvqS.exe
  C:\Windows\System\uCXYvqS.exe
  2⤵
  PID:9016
- C:\Windows\System\LOkLJkt.exe
  C:\Windows\System\LOkLJkt.exe
  2⤵
  PID:2176
- C:\Windows\System\CNTUqxQ.exe
  C:\Windows\System\CNTUqxQ.exe
  2⤵
  PID:2060
- C:\Windows\System\fIibDSg.exe
  C:\Windows\System\fIibDSg.exe
  2⤵
  PID:788
- C:\Windows\System\oqhkClA.exe
  C:\Windows\System\oqhkClA.exe
  2⤵
  PID:1948
- C:\Windows\System\ZRtDMwl.exe
  C:\Windows\System\ZRtDMwl.exe
  2⤵
  PID:2220
- C:\Windows\System\ZOQsqwm.exe
  C:\Windows\System\ZOQsqwm.exe
  2⤵
  PID:1616
- C:\Windows\System\SXWGTdC.exe
  C:\Windows\System\SXWGTdC.exe
  2⤵
  PID:8256
- C:\Windows\System\boufheU.exe
  C:\Windows\System\boufheU.exe
  2⤵
  PID:1672
- C:\Windows\System\BttPQIT.exe
  C:\Windows\System\BttPQIT.exe
  2⤵
  PID:8692
- C:\Windows\System\ntlYsyI.exe
  C:\Windows\System\ntlYsyI.exe
  2⤵
  PID:5228
- C:\Windows\System\KGzpftH.exe
  C:\Windows\System\KGzpftH.exe
  2⤵
  PID:8832
- C:\Windows\System\GowdGZl.exe
  C:\Windows\System\GowdGZl.exe
  2⤵
  PID:2036
- C:\Windows\System\lAzGisy.exe
  C:\Windows\System\lAzGisy.exe
  2⤵
  PID:2956
- C:\Windows\System\KvTYgeO.exe
  C:\Windows\System\KvTYgeO.exe
  2⤵
  PID:2912
- C:\Windows\System\nDJeedL.exe
  C:\Windows\System\nDJeedL.exe
  2⤵
  PID:9076
- C:\Windows\System\aamQaxt.exe
  C:\Windows\System\aamQaxt.exe
  2⤵
  PID:9232
- C:\Windows\System\qSPmQWy.exe
  C:\Windows\System\qSPmQWy.exe
  2⤵
  PID:9248
- C:\Windows\System\kLdmyqh.exe
  C:\Windows\System\kLdmyqh.exe
  2⤵
  PID:9264
- C:\Windows\System\QgaDaSg.exe
  C:\Windows\System\QgaDaSg.exe
  2⤵
  PID:9280
- C:\Windows\System\WlrgzrV.exe
  C:\Windows\System\WlrgzrV.exe
  2⤵
  PID:9296
- C:\Windows\System\ZVRqcTy.exe
  C:\Windows\System\ZVRqcTy.exe
  2⤵
  PID:9312
- C:\Windows\System\lgZtybI.exe
  C:\Windows\System\lgZtybI.exe
  2⤵
  PID:9328
- C:\Windows\System\nyZmoSC.exe
  C:\Windows\System\nyZmoSC.exe
  2⤵
  PID:9344
- C:\Windows\System\CgqCDfe.exe
  C:\Windows\System\CgqCDfe.exe
  2⤵
  PID:9360
- C:\Windows\System\dhHaYWZ.exe
  C:\Windows\System\dhHaYWZ.exe
  2⤵
  PID:9376
- C:\Windows\System\NuKSImo.exe
  C:\Windows\System\NuKSImo.exe
  2⤵
  PID:9392
- C:\Windows\System\JBSJHbX.exe
  C:\Windows\System\JBSJHbX.exe
  2⤵
  PID:9408
- C:\Windows\System\GUlnYMa.exe
  C:\Windows\System\GUlnYMa.exe
  2⤵
  PID:9424
- C:\Windows\System\qmMfcjk.exe
  C:\Windows\System\qmMfcjk.exe
  2⤵
  PID:9444
- C:\Windows\System\JLeUcvm.exe
  C:\Windows\System\JLeUcvm.exe
  2⤵
  PID:9460
- C:\Windows\System\DiSGIPY.exe
  C:\Windows\System\DiSGIPY.exe
  2⤵
  PID:9476
- C:\Windows\System\PXEEuZx.exe
  C:\Windows\System\PXEEuZx.exe
  2⤵
  PID:9492
- C:\Windows\System\LwEZDdW.exe
  C:\Windows\System\LwEZDdW.exe
  2⤵
  PID:9508
- C:\Windows\System\fwoIFdT.exe
  C:\Windows\System\fwoIFdT.exe
  2⤵
  PID:9524
- C:\Windows\System\bWoNIoE.exe
  C:\Windows\System\bWoNIoE.exe
  2⤵
  PID:9540
- C:\Windows\System\jZgcRbN.exe
  C:\Windows\System\jZgcRbN.exe
  2⤵
  PID:9556
- C:\Windows\System\oSBoJQu.exe
  C:\Windows\System\oSBoJQu.exe
  2⤵
  PID:9572
- C:\Windows\System\aaTQImK.exe
  C:\Windows\System\aaTQImK.exe
  2⤵
  PID:9600
- C:\Windows\System\OlWceQo.exe
  C:\Windows\System\OlWceQo.exe
  2⤵
  PID:9616
- C:\Windows\System\HWVNggN.exe
  C:\Windows\System\HWVNggN.exe
  2⤵
  PID:9632
- C:\Windows\System\oPHybSN.exe
  C:\Windows\System\oPHybSN.exe
  2⤵
  PID:9648
- C:\Windows\System\fhuCinu.exe
  C:\Windows\System\fhuCinu.exe
  2⤵
  PID:9664
- C:\Windows\System\UPwkIcu.exe
  C:\Windows\System\UPwkIcu.exe
  2⤵
  PID:9680
- C:\Windows\System\SEStQTS.exe
  C:\Windows\System\SEStQTS.exe
  2⤵
  PID:9696
- C:\Windows\System\OdAZEkz.exe
  C:\Windows\System\OdAZEkz.exe
  2⤵
  PID:9716
- C:\Windows\System\OnNEzZv.exe
  C:\Windows\System\OnNEzZv.exe
  2⤵
  PID:9732
- C:\Windows\System\BSDamNE.exe
  C:\Windows\System\BSDamNE.exe
  2⤵
  PID:9748
- C:\Windows\System\ycXkPwL.exe
  C:\Windows\System\ycXkPwL.exe
  2⤵
  PID:9764
- C:\Windows\System\rGFdTHb.exe
  C:\Windows\System\rGFdTHb.exe
  2⤵
  PID:9780
- C:\Windows\System\nuhfvqo.exe
  C:\Windows\System\nuhfvqo.exe
  2⤵
  PID:9800
- C:\Windows\System\zSrnisP.exe
  C:\Windows\System\zSrnisP.exe
  2⤵
  PID:9816
- C:\Windows\System\ogRRFnq.exe
  C:\Windows\System\ogRRFnq.exe
  2⤵
  PID:9832
- C:\Windows\System\zdTnQxE.exe
  C:\Windows\System\zdTnQxE.exe
  2⤵
  PID:9848
- C:\Windows\System\YdNZTcK.exe
  C:\Windows\System\YdNZTcK.exe
  2⤵
  PID:9864
- C:\Windows\System\eFDJayc.exe
  C:\Windows\System\eFDJayc.exe
  2⤵
  PID:9880
- C:\Windows\System\GJUpnys.exe
  C:\Windows\System\GJUpnys.exe
  2⤵
  PID:9896
- C:\Windows\System\SdlmNZN.exe
  C:\Windows\System\SdlmNZN.exe
  2⤵
  PID:9912
- C:\Windows\System\ROShCWo.exe
  C:\Windows\System\ROShCWo.exe
  2⤵
  PID:9928
- C:\Windows\System\yMAKnvk.exe
  C:\Windows\System\yMAKnvk.exe
  2⤵
  PID:9944
- C:\Windows\System\IiKvCWU.exe
  C:\Windows\System\IiKvCWU.exe
  2⤵
  PID:9960
- C:\Windows\System\xAkgtjw.exe
  C:\Windows\System\xAkgtjw.exe
  2⤵
  PID:9976
- C:\Windows\System\DMHMNip.exe
  C:\Windows\System\DMHMNip.exe
  2⤵
  PID:9992
- C:\Windows\System\ueRFJHg.exe
  C:\Windows\System\ueRFJHg.exe
  2⤵
  PID:10008
- C:\Windows\System\GzalaRu.exe
  C:\Windows\System\GzalaRu.exe
  2⤵
  PID:10024
- C:\Windows\System\bpTUKKr.exe
  C:\Windows\System\bpTUKKr.exe
  2⤵
  PID:10040
- C:\Windows\System\rmeqcnK.exe
  C:\Windows\System\rmeqcnK.exe
  2⤵
  PID:10056
- C:\Windows\System\jRnuXuO.exe
  C:\Windows\System\jRnuXuO.exe
  2⤵
  PID:10072
- C:\Windows\System\pMKHrHk.exe
  C:\Windows\System\pMKHrHk.exe
  2⤵
  PID:10088
- C:\Windows\System\kLZArIA.exe
  C:\Windows\System\kLZArIA.exe
  2⤵
  PID:10104
- C:\Windows\System\QSOOTpR.exe
  C:\Windows\System\QSOOTpR.exe
  2⤵
  PID:10120
- C:\Windows\System\RqnzTgD.exe
  C:\Windows\System\RqnzTgD.exe
  2⤵
  PID:10136
- C:\Windows\System\BayCZqY.exe
  C:\Windows\System\BayCZqY.exe
  2⤵
  PID:10152
- C:\Windows\System\WLTxRVP.exe
  C:\Windows\System\WLTxRVP.exe
  2⤵
  PID:10172
- C:\Windows\System\mBUhQZr.exe
  C:\Windows\System\mBUhQZr.exe
  2⤵
  PID:10188
- C:\Windows\System\uKITAbw.exe
  C:\Windows\System\uKITAbw.exe
  2⤵
  PID:10204
- C:\Windows\System\xEkJzTP.exe
  C:\Windows\System\xEkJzTP.exe
  2⤵
  PID:10220
- C:\Windows\System\qChjmAj.exe
  C:\Windows\System\qChjmAj.exe
  2⤵
  PID:10236
- C:\Windows\System\FEKQaXo.exe
  C:\Windows\System\FEKQaXo.exe
  2⤵
  PID:9048
- C:\Windows\System\ZgrAKmz.exe
  C:\Windows\System\ZgrAKmz.exe
  2⤵
  PID:1976
- C:\Windows\System\tTbwAXQ.exe
  C:\Windows\System\tTbwAXQ.exe
  2⤵
  PID:9244
- C:\Windows\System\OiNbJPf.exe
  C:\Windows\System\OiNbJPf.exe
  2⤵
  PID:8484
- C:\Windows\System\oHaKnpe.exe
  C:\Windows\System\oHaKnpe.exe
  2⤵
  PID:2256
- C:\Windows\System\fvZBeTS.exe
  C:\Windows\System\fvZBeTS.exe
  2⤵
  PID:8724
- C:\Windows\System\MEvecHJ.exe
  C:\Windows\System\MEvecHJ.exe
  2⤵
  PID:9384
- C:\Windows\System\QYgKsSp.exe
  C:\Windows\System\QYgKsSp.exe
  2⤵
  PID:9436
- C:\Windows\System\LiOTzky.exe
  C:\Windows\System\LiOTzky.exe
  2⤵
  PID:9536
- C:\Windows\System\ZlQAQjW.exe
  C:\Windows\System\ZlQAQjW.exe
  2⤵
  PID:9516
- C:\Windows\System\vQpeHSN.exe
  C:\Windows\System\vQpeHSN.exe
  2⤵
  PID:9708
- C:\Windows\System\kQTTYjW.exe
  C:\Windows\System\kQTTYjW.exe
  2⤵
  PID:9796
- C:\Windows\System\VQazCWZ.exe
  C:\Windows\System\VQazCWZ.exe
  2⤵
  PID:9308
- C:\Windows\System\iLOAxGj.exe
  C:\Windows\System\iLOAxGj.exe
  2⤵
  PID:9420
- C:\Windows\System\ZeNjSuU.exe
  C:\Windows\System\ZeNjSuU.exe
  2⤵
  PID:9372
- C:\Windows\System\iUdRsoT.exe
  C:\Windows\System\iUdRsoT.exe
  2⤵
  PID:2512
- C:\Windows\System\HgKCNEW.exe
  C:\Windows\System\HgKCNEW.exe
  2⤵
  PID:9644
- C:\Windows\System\dEPTIzY.exe
  C:\Windows\System\dEPTIzY.exe
  2⤵
  PID:9548
- C:\Windows\System\XjBNhAc.exe
  C:\Windows\System\XjBNhAc.exe
  2⤵
  PID:9624
- C:\Windows\System\IUWkihA.exe
  C:\Windows\System\IUWkihA.exe
  2⤵
  PID:9704
- C:\Windows\System\bduTYzQ.exe
  C:\Windows\System\bduTYzQ.exe
  2⤵
  PID:9776
- C:\Windows\System\kMotWTX.exe
  C:\Windows\System\kMotWTX.exe
  2⤵
  PID:9724
- C:\Windows\System\CPWugQX.exe
  C:\Windows\System\CPWugQX.exe
  2⤵
  PID:9728
- C:\Windows\System\hadkTLz.exe
  C:\Windows\System\hadkTLz.exe
  2⤵
  PID:9844
- C:\Windows\System\KYokXJJ.exe
  C:\Windows\System\KYokXJJ.exe
  2⤵
  PID:9908
- C:\Windows\System\ZxmKLtE.exe
  C:\Windows\System\ZxmKLtE.exe
  2⤵
  PID:9860
- C:\Windows\System\JORyJeZ.exe
  C:\Windows\System\JORyJeZ.exe
  2⤵
  PID:9936
- C:\Windows\System\Lhjosob.exe
  C:\Windows\System\Lhjosob.exe
  2⤵
  PID:10004
- C:\Windows\System\zwYZhar.exe
  C:\Windows\System\zwYZhar.exe
  2⤵
  PID:10036
- C:\Windows\System\jqimBqd.exe
  C:\Windows\System\jqimBqd.exe
  2⤵
  PID:10100
- C:\Windows\System\gBICffX.exe
  C:\Windows\System\gBICffX.exe
  2⤵
  PID:10048
- C:\Windows\System\eQBjthq.exe
  C:\Windows\System\eQBjthq.exe
  2⤵
  PID:10132
- C:\Windows\System\YjVIFuE.exe
  C:\Windows\System\YjVIFuE.exe
  2⤵
  PID:10112
- C:\Windows\System\hapkBZF.exe
  C:\Windows\System\hapkBZF.exe
  2⤵
  PID:10168
- C:\Windows\System\olxMxDg.exe
  C:\Windows\System\olxMxDg.exe
  2⤵
  PID:10232
- C:\Windows\System\EsasyLl.exe
  C:\Windows\System\EsasyLl.exe
  2⤵
  PID:10180
- C:\Windows\System\meociuA.exe
  C:\Windows\System\meociuA.exe
  2⤵
  PID:8224
- C:\Windows\System\gyGrAjk.exe
  C:\Windows\System\gyGrAjk.exe
  2⤵
  PID:9240
- C:\Windows\System\ktSidPY.exe
  C:\Windows\System\ktSidPY.exe
  2⤵
  PID:1376
- C:\Windows\System\wGqqaII.exe
  C:\Windows\System\wGqqaII.exe
  2⤵
  PID:9292
- C:\Windows\System\vMhAaoU.exe
  C:\Windows\System\vMhAaoU.exe
  2⤵
  PID:1576
- C:\Windows\System\UEVVWgf.exe
  C:\Windows\System\UEVVWgf.exe
  2⤵
  PID:9256
- C:\Windows\System\ACKvgYH.exe
  C:\Windows\System\ACKvgYH.exe
  2⤵
  PID:9320
- C:\Windows\System\TcqOVex.exe
  C:\Windows\System\TcqOVex.exe
  2⤵
  PID:9484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CIvHkoc.exe

Filesize
6.0MB

MD5
9f2ec144ace5b05e6dc8b4a1663025a9

SHA1
636bd3af932af8d16dd23f56d7734d934a2e58cf

SHA256
3cab5bb88e006371bfbefbc6785123243f470969d1c613651d3e38c23e2d5522

SHA512
bb4798ecabf7288a7d39f3da6078010261f8811693dab3c33aa3e22880bdf1a84de5d8b2c16aeb5c14584edb4cfbb6bbb5df9873c9548dce9569096da7c2b97d

Download Submit
C:\Windows\system\GWvGveD.exe

Filesize
6.0MB

MD5
8b283071f4a9ac2d5d3294f83a2c5683

SHA1
773865cbf33c7c050e5c5713262ee1c328ff2803

SHA256
610e36ae69202d1fb2e1ebe9830fd93089ef51c2e6f282f03fd8d8ecb8b0fd35

SHA512
d85770e449c862fbb2d3d55e9ac4fd8a4d7a73c82a95d1143d347be2e5a578962477658643a6a317f466db0106f85835dec6dd77e9de89f504e6012cd67a98b1

Download Submit
C:\Windows\system\GoPbObG.exe

Filesize
6.0MB

MD5
0f434589b43f7819754ae8d2f3a19b23

SHA1
922838e421368fb184a247d0fffb1da224e4ecd4

SHA256
c25f1978d7e0704703e01b0d70be0da4bf19fd335b5ccd6aebef595ae0788a4f

SHA512
a22c8c484a40673d837cda4ced635e87e414ea2f166a082e0113d14b01e7f2fdb3b1ccd70c4406a30b7a079a7b7493059ced773fa55213596f743fb78c171e7d

Download Submit
C:\Windows\system\HspdhzA.exe

Filesize
6.0MB

MD5
7594ea2f201fce653fd1b6ab42426d90

SHA1
003e4c0258cb61da764cfa832cef4874318d093d

SHA256
423f422a0c7fa6068475a6ba0217ca2de9e5f89ff1864abb6e7fb4c95f0d42fd

SHA512
f47aaee0fb1958698872078680ed95a01b9d5a149f1d4c85e08336c99cbae58aa46f6747613326f111d301ab6fdb3936103610a3427db4edb97e663afbdbfdd8

Download Submit
C:\Windows\system\HuToXvu.exe

Filesize
6.0MB

MD5
f087c40a9cd32fb250d2dc6c1240b621

SHA1
bff0c94b60cb85195e4771fabf624be0c30010f6

SHA256
d142f2ea2455b5e05534921e3842c5106a6c576205da4cd506261dbc6b686a73

SHA512
4831925fcf461b9599fceaf4118feaafccc87f8210a32c1e8da87c5495050adf5cb220a66bc223b01f677d3c5d48d0957d07e0543037cdc1cf90c60777ea4369

Download Submit
C:\Windows\system\IFkQsmO.exe

Filesize
6.0MB

MD5
007c841cddb83556931a5e2f878ef67f

SHA1
c0e787989c35c3ce38f4ebefc3add035c2f0847d

SHA256
8eb297e2a96f9cc7d4eac415b27e601f9359344544f81006a8435fcaff546a5f

SHA512
755a6cb50eb96f1f16b557efd5f8acf158f7024717bc7d57c52573699431dec2dc337d30a42b230af43a6f9d40b93ae0a0eb929d87e73b439e69414e6f3ad289

Download Submit
C:\Windows\system\IKoFjOn.exe

Filesize
6.0MB

MD5
029489f5fb8c3452fe9385f27a7de95d

SHA1
8f49472af931000f157e547a7cff5d9b1052dcc2

SHA256
1a7ccf2d1f961c1e28d612a0e0c9a1df422fb3d094869897680dd9b2431e3630

SHA512
1e5899d972e1262d67c8185bd0b3632974e0ab57cf926f4fa8bd39de7f622deebbbfeaeb5134a0ab928778b5e36b0c168226d00ea58f292fcb2cd43d011112dc

Download Submit
C:\Windows\system\KiuMUDN.exe

Filesize
6.0MB

MD5
980a8da62275420574faad0b0222c461

SHA1
e0c1fa72bcdfc3ff8cda9c822664440e7c218a63

SHA256
d120ae1c322ee1bead5c6738c8dc2543153ee25d911e80bebd1eb50ae650b338

SHA512
58bc2cfd8256f84742ae2c0c6d8b5c5a8ab99372055bc48224985791dca9262ea78f4b9f7210e6ea6a8640da6ba91f93d53c75f3cbf3f14ef2a89355414d6793

Download Submit
C:\Windows\system\LIpuWkq.exe

Filesize
6.0MB

MD5
21eb56a4fee6ca858f29d887602457b2

SHA1
70e4d852878555633eca3cf8498280d77bff60c1

SHA256
053a78a39c606367a354aaed1641738632f165f4d8c4171c6b2503bcb119eedc

SHA512
bd733a18559b6fb58e52f79c36fbfadc0a7a6a4916b4f5dda35d62c2df2ddeb4093da8232bd98fa11e2d0a049a6c4afb0eac7b602c03a32e64e5b9d05663c216

Download Submit
C:\Windows\system\OmPDQao.exe

Filesize
6.0MB

MD5
ecd7352eb324fdd9da1f06ce9f7758f2

SHA1
4aea8d562f69953b067cd5ce33a916d00b4d1615

SHA256
439f068f609fd3857da3b67ac2346bd95b4556891158affafdbcc6e5aec309e6

SHA512
20681b6083f7ade6cbf2cd74ccb2258d7f42708b2c57e55dfe9701bd39736f0cb755105c4831d1e4235670cfe3a0c227532dd01c8214777e167884a0de99620f

Download Submit
C:\Windows\system\TrMkxSd.exe

Filesize
6.0MB

MD5
ed294a50b7b51140e2d40bcf406df707

SHA1
63ba7cf39a06859944520cfdeb5f6b8fb64cefb4

SHA256
991c1f5af3a6c35afce98aa7f0f676ba968367d5fff4684a65a33302be33d5cc

SHA512
fccd89cdfba84d1e0d35151494f1d165068d04908bc9271300fc2dc9605023340b1ef2d76b1a55ae29006881c4489cfa40868b9fb12e7a5860387f1d3dacf18a

Download Submit
C:\Windows\system\USahchV.exe

Filesize
6.0MB

MD5
abf15e586691d82d6d698aaa4ae164ef

SHA1
48c7f141dad07dedcd6888dd307e6c6c99a8f913

SHA256
7767eae71a276b877bcebd5657cc371d9cf502ffaf2cb3b6e0f1534067e13969

SHA512
a704ee60b729c22a2608a22568c82e9852b5c4fe688cca8e7e74db580f4d684deacdcb1e7b630aab86b7f281ba102eafc27edef6e17bc06877c806c3da5475bb

Download Submit
C:\Windows\system\WWVeKQk.exe

Filesize
6.0MB

MD5
5e68d57116f8138f7bd0f828728172d9

SHA1
e330e10f172248506c6353c66dca9020f8ebb9e7

SHA256
f830f83d2909acc6d4a6ee11e1c16eb730f5c70da3d02033ad72c6b931947d43

SHA512
4f6a8d7ccc0b1164755f95656061c343e40d294f94554f382df774854749300c4ff7e29b8a3430a70745bfadc4df97e05aa058b4a6adfcae363a3b93093e642f

Download Submit
C:\Windows\system\XjfwQxR.exe

Filesize
6.0MB

MD5
5ecc711565cb5ef013186a21333628ab

SHA1
df3ddec580b2b7fddd2aaded58079838e9f9ddba

SHA256
9f12f56224b65f26b075d71e5fa0a9ba4dfd3f920f9beca8bdf5dd30bf958a8a

SHA512
dd7d3974267af68c513f4aa9d14458c8174921e800e7c48bbbec83221a038a693370eaa5f6fac3b3e313fa139cbb95322b426a075b9ad45eb770f22ccab38e6b

Download Submit
C:\Windows\system\akmgXtk.exe

Filesize
6.0MB

MD5
c439fb3dfefd6a520edee077fae423eb

SHA1
12d1c7c7a9d4334ca882408cb37a5d02660f1022

SHA256
254bf7b2c4047b2188edd91152603be58fc5f6b347eb14b9a569b784d4ea338e

SHA512
4cf3d07bb431a9cd24f0879e2d2adfc4915b6a3858c85d4710ce685ce08596e856d591099128374499b8e47c9fbc1b6bc15d577b4897e5756175a9bcdc86326d

Download Submit
C:\Windows\system\cUYviCB.exe

Filesize
6.0MB

MD5
69b490c8dca19096a88835b3910bc6f8

SHA1
5acb6f336a946870e0d0a41e88702708dd00c958

SHA256
28327dc13e2350387144a6299ff5055e1ff980231259bee2e89ffaf4d8d8d62f

SHA512
0af697dbf2870c86ba1fd8c782f112acec8667094a847fdf8ddee7f426d721130bd69b83f5f5362c93041d3f835e634fa9061c9778b640080c59522f0e513248

Download Submit
C:\Windows\system\cyFQIFu.exe

Filesize
6.0MB

MD5
7dee70c9931b39e0eac9e736a59ec17a

SHA1
c9bb319728554f7a2043d6b59a8d92b5e878bc6d

SHA256
25cf469b6a3e03dc08dddf14485d45d18f5709c09e31e8221281189c59fd574c

SHA512
c80bf3586f6319035bf43cea81a7eae1d313629183e5cb33fb7bc06afc991c92b62a2550f60380370b7ed259ebdd29057e5d2fd6420f371a5e9c3d109075093f

Download Submit
C:\Windows\system\hFEHYgo.exe

Filesize
6.0MB

MD5
fa29a0c942cf3bafa373e544377d558f

SHA1
611097de0c584e3341960bdc2d6fd44373aac347

SHA256
8c6fdbea502967c63db692f3090b38441e8d48755dcf44e1ed882bdc7a4ed62b

SHA512
ca17fe8a486e5ecc69ec571ed682d1f30f14091a02bd646152d1e15c66c1a7108287692bfa33f508de1fc5649936f057cfa5b9ce94bbff5cfc4f617d751ddb65

Download Submit
C:\Windows\system\ifRBMjZ.exe

Filesize
6.0MB

MD5
1d960a4a25267ac76f4b1eecdf3bdacd

SHA1
f856378ae4381824b429348db0ef898fff7210bd

SHA256
e82ab2f012d308462b2954b4f976d3412cf391e8c2d9f029b430c8daa6f3093f

SHA512
bb5370cdaea9350275f91ec1fd0371841051da061d9099b514f1674724d969ed3d1baaad40bf741bde8a3bc5534af3abc360f6235123b81f4b3162c739cf23ed

Download Submit
C:\Windows\system\ksTUXim.exe

Filesize
6.0MB

MD5
e17d78e6e6266cb802b9953ce3efda68

SHA1
b9afa2c0ccd39e039e4ce3856ae01e81464f1e41

SHA256
e8bb87af21d82b90baf4d7c666541b0e333be85701faece6223da47d6083246b

SHA512
1c2731309b7a73ed368fd00d816c46194dd5658ce865fa233f83098d2e1d8eadd1335d8d08c06ec38f14ee20de9a6ddd392311664edfedbaac8588a1fb6a5541

Download Submit
C:\Windows\system\mLkAjNB.exe

Filesize
6.0MB

MD5
2a28fb953c30a6c26b884d56fbfd4d89

SHA1
7c9ba2637792e0a0a105db1b512bde480f341bd2

SHA256
ac6920d07b32e530fca0a2a8d23e126d617332333f4925ffd8af0ecbec922cc9

SHA512
7b3cf7ef5edfa071c741bd022264760d928dd7df8a3bbd76e42f0cddc2be43f565edf3cd32ade5e92c702b4bd4a665eef6e4d2cc4b226ab8969496413e3cea84

Download Submit
C:\Windows\system\nCQsGTX.exe

Filesize
6.0MB

MD5
95c7a349202a0a1749db95fa5e9e5552

SHA1
a9ebf6a01cbfce135ea5f388d69adecbd06632f7

SHA256
907c9173b0addb645fa63cd2df1df47de84820b1aed1b992c055fe81f7c0b403

SHA512
e9b489abf391fdcf62f248efb9ca28e0087004c37515f5984e5f31bef5d2631f179b4f897c072fcfb17b0a56293d7de3c4c534e1c89469abb3851d1947c3a5b7

Download Submit
C:\Windows\system\nEaqllo.exe

Filesize
6.0MB

MD5
76ed22d5d5424c9248ea666e0ad6bd44

SHA1
eda763b4788a8e09bf447b9b5a158eb2ae181649

SHA256
53daaad27b6f57df568a13b58771fcdc335a4ef9728a686c1b86295e0e0e714f

SHA512
830fbd9394e5d4532d5f51c5836e0a1d6d1f33aeaf5ab412beb248391af759b3ec668549a36e050d1505758b152628dbbc7bd4b7aaffe915641d8df54efa8a38

Download Submit
C:\Windows\system\niuAMsK.exe

Filesize
6.0MB

MD5
e31c364f76ff20719387454179d950eb

SHA1
bb4bdb578dee5c07d2354999b4c8f73d5f3a61c7

SHA256
42cf582bec585a44802a766b5cf4f327a4482f00991f2139f2cfdc1636cc5e75

SHA512
ec0429af4249ad05fb69afbad7069ed3b4ab13a24478316c1a0611143c726d4454fab95549602a3f5fc898cd2a215b3c5eddb69304d52a45ae1d67de5890c9b4

Download Submit
C:\Windows\system\rXuZDFJ.exe

Filesize
6.0MB

MD5
7142052b62404817ca798b8fc7cba9a5

SHA1
43f8059909710e5f28c04f981387f8140a96a576

SHA256
337e21babaf8575d0b9e57155acc935bb6b7e8b88426c4548a9d4716bfa01745

SHA512
9286ff0a7d12fe3501f46caf6677f74cd1e5c8b5c89d20cb776e5203d77e4f7bef1090fb27eb7f822e66a93c8b16f867fb2cff96666e0d9932c9ac1cec5f6fbb

Download Submit
C:\Windows\system\rdBeKZA.exe

Filesize
6.0MB

MD5
e88076b100bf52ce17a1b3539d6e7c0e

SHA1
dcf5b0dfae51d2ee2c5d586b50215dbeb09fa83e

SHA256
b1ff9d0acb1a33dac650f562841a27cb3a234be3de35eb7ad80576c2a120e32b

SHA512
4112959fe56c302399faec2969948f92c8dfc51e5c58664abee36822386c6c1cf13c24814a9754b8a04b5e102c5cc290bea737af131e868d3ccfa1fdc04d8ffd

Download Submit
C:\Windows\system\uMyJSiS.exe

Filesize
6.0MB

MD5
364a24cb909c557ce5a0805f02ee0fb8

SHA1
37ea4465537c359fcf9450fec6e317bc22664f6d

SHA256
518fe5ea5e928a911802fadaee886cbfc1879f85f33f9bea4766bc6d5cf656ee

SHA512
d07eef7c26b98ed0f3dff41f9bf1d6eec97a5757c5d28c13f5ff1c63445680fdcf472699dd23a007c54bd5cb3b245733a356a2f29849911841761fc93dbac58e

Download Submit
C:\Windows\system\zDyxRfm.exe

Filesize
6.0MB

MD5
bf11eb0712c442d69e2b69495ecc742d

SHA1
fb7bfe66930d136eadd8eb3c176b1c3a9b3eb1e1

SHA256
d50f966b768bd1e36d8dd30ea17e6593871e29be0dbab3b30cbb638e627454ae

SHA512
12bd6e57d8d61bc015a5d595a347f89960809a15dd8fde971d626e6575b2f7780d4ab3cb64fb2b7912673b882075e64e4e9c6e2a5d173f959da2868453ae7ac6

Download Submit
\Windows\system\DgXQLZp.exe

Filesize
6.0MB

MD5
90d081ea6218dda957e9f4331fbd88b4

SHA1
786c94a740785ad101f2c3dadd83d40250fa9af9

SHA256
9318d2fb71fa186809bc2828ea4bf3baa5a642f868f8a886b15aab3ef60b8a66

SHA512
f43368cfb6d7950edfd8171717ba2d3812a5778214e3c25b29ec6fd42b0784ec6b26599c7091c515826ee67930ce956be14c11c9f80717ec555b56e2c12fb04c

Download Submit
\Windows\system\PBZZAfa.exe

Filesize
6.0MB

MD5
302214c7aa05a68ccd35da4f71e4edf7

SHA1
fb36253901c1e298ebad958e188f1bdc397ddaed

SHA256
5d3e883334a2a336d6272b59a22e0e643279cfe840d25ca9ea03f17e50187f25

SHA512
639402bcff42677de98c2838248ce88555f10e9574841be76bd09f8a239ed38d21dcd98db50c14da769cf1ecc20a61c0516d1dede8a9503b9fcce9c9c845dabd

Download Submit
\Windows\system\eOBJwUI.exe

Filesize
6.0MB

MD5
b35f7c184df32bf7c5a559e6899cf218

SHA1
6f34c5afb734bb596c60076d5e3024a887fcde6c

SHA256
ed16ccbd67caee5e25021bc66449e9965e7974ec8b7ec8e7503e74495b5db749

SHA512
06c208beec647f0bf15147a51ba8f7a6dd3225e6890d1ec7e393f0bb2147dabd848ae45aadb59fe94c69e829a7afd0593874a566e850dfad1f4c3c7a169db02d

Download Submit
\Windows\system\ulHJAUU.exe

Filesize
6.0MB

MD5
52f8ee8b6b45ea092d03be5874eba6cf

SHA1
b78933beb9d10a42d726fd5541f4951c0fe5765d

SHA256
ff9d229455c02627385915a14df8eb30d2894802c7f48f56b1b493d251b22c2d

SHA512
1f98feab84468734da389a81689597bc606a6d2bc5e0e29c4168f028368b826fa432b457bcc2c66a37136281aa26e7b9f01f7e58ebfb81b786c871598303924d

Download Submit
memory/768-86-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/768-4286-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1260-4289-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-100-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-51-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-9-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3721-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-69-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-3722-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-4285-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-38-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3723-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2188-80-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-93-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2276-650-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2276-13-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2276-78-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-59-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2479-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-0-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2276-99-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-19-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-67-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2276-105-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-65-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-302-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-29-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-50-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2276-841-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-48-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-454-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-40-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-39-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-85-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-92-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4287-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-63-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4284-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2596-94-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3726-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-49-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-35-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3727-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2688-77-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2712-15-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3725-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-68-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2872-42-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4288-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2872-87-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2884-72-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4290-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3724-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-71-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-21-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download