cobaltstrike | 13facfea7b2c48bc99c095894155ac3865b171c0f78c0f6f2d8aa5c849ec1e3a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8db4325b6b36818b4d44c564dab94836
SHA1

89165a697e59b31cb97ff7cb856b9bda15080446
SHA256

13facfea7b2c48bc99c095894155ac3865b171c0f78c0f6f2d8aa5c849ec1e3a
SHA512

ee50fa84cfe68782323e5ebca6e5a352d7407f3c7bf2bb7e20c33fd173ac57f5a07b9967db7ddb35e90926498d0d4b3414b64df6e588025d4f06e625aa2571e9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000018710-3.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019240-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019246-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001930d-28.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926b-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b68-40.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001932d-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194cd-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-199.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-116.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2436-0-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0008000000018710-3.dat	xmrig
behavioral1/memory/2436-6-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1960-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000019240-10.dat	xmrig
behavioral1/memory/2452-15-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019246-12.dat	xmrig
behavioral1/memory/2256-22-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2568-27-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000800000001930d-28.dat	xmrig
behavioral1/files/0x000600000001926b-26.dat	xmrig
behavioral1/memory/1960-41-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2988-35-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2436-34-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2724-42-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0009000000018b68-40.dat	xmrig
behavioral1/memory/2452-43-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000800000001932d-45.dat	xmrig
behavioral1/memory/824-55-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2256-54-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194cd-56.dat	xmrig
behavioral1/memory/2568-61-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3e-63.dat	xmrig
behavioral1/memory/2664-69-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2604-67-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c57-71.dat	xmrig
behavioral1/memory/2988-74-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2536-77-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cba-78.dat	xmrig
behavioral1/memory/2724-81-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2520-85-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2436-82-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cca-86.dat	xmrig
behavioral1/files/0x0005000000019dbf-97.dat	xmrig
behavioral1/files/0x0005000000019d8e-92.dat	xmrig
behavioral1/files/0x000500000001a07e-129.dat	xmrig
behavioral1/files/0x000500000001a09e-134.dat	xmrig
behavioral1/files/0x000500000001a427-164.dat	xmrig
behavioral1/files/0x000500000001a48d-184.dat	xmrig
behavioral1/memory/2436-770-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/2940-655-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2520-542-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2436-441-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2536-348-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a9-199.dat	xmrig
behavioral1/files/0x000500000001a49a-194.dat	xmrig
behavioral1/files/0x000500000001a499-190.dat	xmrig
behavioral1/files/0x000500000001a48b-179.dat	xmrig
behavioral1/files/0x000500000001a46f-174.dat	xmrig
behavioral1/files/0x000500000001a42d-169.dat	xmrig
behavioral1/files/0x000500000001a41e-159.dat	xmrig
behavioral1/files/0x000500000001a41d-155.dat	xmrig
behavioral1/files/0x000500000001a41b-149.dat	xmrig
behavioral1/files/0x000500000001a359-144.dat	xmrig
behavioral1/files/0x000500000001a307-139.dat	xmrig
behavioral1/files/0x000500000001a075-124.dat	xmrig
behavioral1/files/0x0005000000019f94-119.dat	xmrig
behavioral1/files/0x0005000000019f8a-116.dat	xmrig
behavioral1/memory/2952-115-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2664-111-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1308-110-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2604-108-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2436-103-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/2940-96-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1960	BaEWFqt.exe
2452	FkISJLd.exe
2256	bAiyzKY.exe
2568	SMqriOc.exe
2988	dWFODkN.exe
2724	VMKvTDh.exe
824	vBdzEYg.exe
2604	qfSQCsz.exe
2664	mruDYSv.exe
2536	grtedBA.exe
2520	DTjFAii.exe
2940	CjrBMje.exe
1308	TFrGgXP.exe
2952	jsrZgXh.exe
1028	vRIXwUq.exe
1796	pjHicFv.exe
2392	imGIEET.exe
2004	FDAfLZI.exe
1948	oUReIsI.exe
1328	OiqOJLV.exe
1576	iFtpQyh.exe
1692	CFPrjyk.exe
2844	Vezisjj.exe
2584	oQoqGsE.exe
2192	YdJeLTN.exe
2692	wNeqbus.exe
2112	cxvLfBp.exe
1108	YHejqzA.exe
2680	lyKjhBn.exe
1852	sNZbqqC.exe
112	GndSxkD.exe
924	WukSptj.exe
908	nsFVvqT.exe
1036	hmNIHmP.exe
1504	wklRzMw.exe
2184	ZhmvbZX.exe
1648	aWwjvuP.exe
1712	SzkdOQY.exe
1716	yvGQjfI.exe
1820	NSGYUgV.exe
1612	SDjxiAf.exe
2908	oPGrUWm.exe
1480	hvzsoTQ.exe
604	rrxkAGH.exe
2140	ZegmAzi.exe
2176	ERefMCK.exe
1624	CabiOwg.exe
872	dXwdjFc.exe
2396	KrnZrta.exe
3000	DLDMQaa.exe
1560	xoHBEss.exe
1700	EoeEUdH.exe
1800	CGLBDwx.exe
1196	dDoLAlQ.exe
3036	MqCpthn.exe
1968	hJcVSJZ.exe
2116	WRyJbGw.exe
2032	vaRNRkb.exe
2640	oulEOaD.exe
2080	IELWpWj.exe
2704	tywXTKw.exe
2620	YIrbzVl.exe
2180	nfrfVSi.exe
2168	dYYAAKN.exe

Loads dropped DLL 64 IoCs

pid	Process
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2436-0-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0008000000018710-3.dat	upx
behavioral1/memory/2436-6-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1960-9-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000019240-10.dat	upx
behavioral1/memory/2452-15-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0006000000019246-12.dat	upx
behavioral1/memory/2256-22-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2568-27-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000800000001930d-28.dat	upx
behavioral1/files/0x000600000001926b-26.dat	upx
behavioral1/memory/1960-41-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2988-35-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2436-34-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2724-42-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0009000000018b68-40.dat	upx
behavioral1/memory/2452-43-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000800000001932d-45.dat	upx
behavioral1/memory/824-55-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2256-54-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00060000000194cd-56.dat	upx
behavioral1/memory/2568-61-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0005000000019c3e-63.dat	upx
behavioral1/memory/2664-69-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2604-67-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000019c57-71.dat	upx
behavioral1/memory/2988-74-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2536-77-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0005000000019cba-78.dat	upx
behavioral1/memory/2724-81-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2520-85-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019cca-86.dat	upx
behavioral1/files/0x0005000000019dbf-97.dat	upx
behavioral1/files/0x0005000000019d8e-92.dat	upx
behavioral1/files/0x000500000001a07e-129.dat	upx
behavioral1/files/0x000500000001a09e-134.dat	upx
behavioral1/files/0x000500000001a427-164.dat	upx
behavioral1/files/0x000500000001a48d-184.dat	upx
behavioral1/memory/2940-655-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2520-542-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2536-348-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000500000001a4a9-199.dat	upx
behavioral1/files/0x000500000001a49a-194.dat	upx
behavioral1/files/0x000500000001a499-190.dat	upx
behavioral1/files/0x000500000001a48b-179.dat	upx
behavioral1/files/0x000500000001a46f-174.dat	upx
behavioral1/files/0x000500000001a42d-169.dat	upx
behavioral1/files/0x000500000001a41e-159.dat	upx
behavioral1/files/0x000500000001a41d-155.dat	upx
behavioral1/files/0x000500000001a41b-149.dat	upx
behavioral1/files/0x000500000001a359-144.dat	upx
behavioral1/files/0x000500000001a307-139.dat	upx
behavioral1/files/0x000500000001a075-124.dat	upx
behavioral1/files/0x0005000000019f94-119.dat	upx
behavioral1/files/0x0005000000019f8a-116.dat	upx
behavioral1/memory/2952-115-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2664-111-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1308-110-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2604-108-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2940-96-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2452-3533-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1960-3530-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2568-3555-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2724-3821-0x000000013F500000-0x000000013F854000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JQJwlgO.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksQUtVF.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGlilYA.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKoaLBY.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPTCFSW.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuWLneI.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvmcTWb.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkTVJEP.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfMEGDA.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCeQlWo.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGMPsJx.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOMCGPi.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGLuefw.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWdkDAK.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzLStnD.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyBhdxJ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwPSJdT.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cziipPx.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkKkuiY.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBDbkOW.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdJeLTN.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdrXNth.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXQLvkJ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCMQKgs.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUKhtWV.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekdhHvl.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVxFlat.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYXwHlP.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IzbNDhJ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUatDHA.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVykcqO.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdhrsCN.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTInHpK.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQLuIIu.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScDsRaU.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fypdRbY.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvGHCTn.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFrGgXP.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULbGvuV.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIPPBCZ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePYgYKU.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLuCmtH.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxmNvFZ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEkCXlh.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDvNhLv.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBnFqUl.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWOeImC.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCKEmhe.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFfGUyR.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzgSuTr.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzcHhrb.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcmBhUG.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXjPMpv.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqioGIF.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKBRwap.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMxODiQ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcHSLIn.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iviqSlt.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsFVvqT.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmWZaoL.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhsyyCQ.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcyoAcG.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdJHgLi.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiQjRAW.exe	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1960	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 1960	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 1960	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 2452	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 2452	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 2452	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 2256	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 2256	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 2256	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 2568	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2568	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2568	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2988	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2988	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2988	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2724	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 2724	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 2724	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 824	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 824	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 824	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 2604	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2604	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2604	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2664	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2664	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2664	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2536	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2536	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2536	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2520	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2520	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2520	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2940	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2940	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2940	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2952	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 2952	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 2952	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 1308	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 1308	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 1308	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 1028	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 1028	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 1028	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 1796	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 1796	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 1796	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 2392	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 2392	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 2392	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 2004	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 2004	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 2004	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 1948	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 1948	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 1948	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 1328	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 1328	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 1328	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 1576	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2436 wrote to memory of 1576	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2436 wrote to memory of 1576	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2436 wrote to memory of 1692	2436	2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_8db4325b6b36818b4d44c564dab94836_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\System\BaEWFqt.exe
  C:\Windows\System\BaEWFqt.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\FkISJLd.exe
  C:\Windows\System\FkISJLd.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\bAiyzKY.exe
  C:\Windows\System\bAiyzKY.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\SMqriOc.exe
  C:\Windows\System\SMqriOc.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\dWFODkN.exe
  C:\Windows\System\dWFODkN.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\VMKvTDh.exe
  C:\Windows\System\VMKvTDh.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\vBdzEYg.exe
  C:\Windows\System\vBdzEYg.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\qfSQCsz.exe
  C:\Windows\System\qfSQCsz.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\mruDYSv.exe
  C:\Windows\System\mruDYSv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\grtedBA.exe
  C:\Windows\System\grtedBA.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\DTjFAii.exe
  C:\Windows\System\DTjFAii.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\CjrBMje.exe
  C:\Windows\System\CjrBMje.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\jsrZgXh.exe
  C:\Windows\System\jsrZgXh.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\TFrGgXP.exe
  C:\Windows\System\TFrGgXP.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\vRIXwUq.exe
  C:\Windows\System\vRIXwUq.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\pjHicFv.exe
  C:\Windows\System\pjHicFv.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\imGIEET.exe
  C:\Windows\System\imGIEET.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\FDAfLZI.exe
  C:\Windows\System\FDAfLZI.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\oUReIsI.exe
  C:\Windows\System\oUReIsI.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\OiqOJLV.exe
  C:\Windows\System\OiqOJLV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\iFtpQyh.exe
  C:\Windows\System\iFtpQyh.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\CFPrjyk.exe
  C:\Windows\System\CFPrjyk.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\Vezisjj.exe
  C:\Windows\System\Vezisjj.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\oQoqGsE.exe
  C:\Windows\System\oQoqGsE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\YdJeLTN.exe
  C:\Windows\System\YdJeLTN.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\wNeqbus.exe
  C:\Windows\System\wNeqbus.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\cxvLfBp.exe
  C:\Windows\System\cxvLfBp.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\YHejqzA.exe
  C:\Windows\System\YHejqzA.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\lyKjhBn.exe
  C:\Windows\System\lyKjhBn.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\sNZbqqC.exe
  C:\Windows\System\sNZbqqC.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\GndSxkD.exe
  C:\Windows\System\GndSxkD.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\WukSptj.exe
  C:\Windows\System\WukSptj.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\nsFVvqT.exe
  C:\Windows\System\nsFVvqT.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\hmNIHmP.exe
  C:\Windows\System\hmNIHmP.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\wklRzMw.exe
  C:\Windows\System\wklRzMw.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ZhmvbZX.exe
  C:\Windows\System\ZhmvbZX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\aWwjvuP.exe
  C:\Windows\System\aWwjvuP.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\SzkdOQY.exe
  C:\Windows\System\SzkdOQY.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\yvGQjfI.exe
  C:\Windows\System\yvGQjfI.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\NSGYUgV.exe
  C:\Windows\System\NSGYUgV.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\SDjxiAf.exe
  C:\Windows\System\SDjxiAf.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\oPGrUWm.exe
  C:\Windows\System\oPGrUWm.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hvzsoTQ.exe
  C:\Windows\System\hvzsoTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\rrxkAGH.exe
  C:\Windows\System\rrxkAGH.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\ZegmAzi.exe
  C:\Windows\System\ZegmAzi.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ERefMCK.exe
  C:\Windows\System\ERefMCK.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\CabiOwg.exe
  C:\Windows\System\CabiOwg.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\dXwdjFc.exe
  C:\Windows\System\dXwdjFc.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\KrnZrta.exe
  C:\Windows\System\KrnZrta.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\DLDMQaa.exe
  C:\Windows\System\DLDMQaa.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\xoHBEss.exe
  C:\Windows\System\xoHBEss.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\EoeEUdH.exe
  C:\Windows\System\EoeEUdH.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\CGLBDwx.exe
  C:\Windows\System\CGLBDwx.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\dDoLAlQ.exe
  C:\Windows\System\dDoLAlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\MqCpthn.exe
  C:\Windows\System\MqCpthn.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\hJcVSJZ.exe
  C:\Windows\System\hJcVSJZ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\WRyJbGw.exe
  C:\Windows\System\WRyJbGw.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\vaRNRkb.exe
  C:\Windows\System\vaRNRkb.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\oulEOaD.exe
  C:\Windows\System\oulEOaD.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\IELWpWj.exe
  C:\Windows\System\IELWpWj.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\tywXTKw.exe
  C:\Windows\System\tywXTKw.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\YIrbzVl.exe
  C:\Windows\System\YIrbzVl.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\nfrfVSi.exe
  C:\Windows\System\nfrfVSi.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dYYAAKN.exe
  C:\Windows\System\dYYAAKN.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\aIeIVGE.exe
  C:\Windows\System\aIeIVGE.exe
  2⤵
  PID:2524
- C:\Windows\System\SdApvNm.exe
  C:\Windows\System\SdApvNm.exe
  2⤵
  PID:2976
- C:\Windows\System\DChPsCM.exe
  C:\Windows\System\DChPsCM.exe
  2⤵
  PID:2500
- C:\Windows\System\RqNDYFH.exe
  C:\Windows\System\RqNDYFH.exe
  2⤵
  PID:2488
- C:\Windows\System\nGrazyq.exe
  C:\Windows\System\nGrazyq.exe
  2⤵
  PID:1064
- C:\Windows\System\IMhAJzi.exe
  C:\Windows\System\IMhAJzi.exe
  2⤵
  PID:1252
- C:\Windows\System\cmaqHyc.exe
  C:\Windows\System\cmaqHyc.exe
  2⤵
  PID:840
- C:\Windows\System\jZzqAdt.exe
  C:\Windows\System\jZzqAdt.exe
  2⤵
  PID:1728
- C:\Windows\System\keFGuJF.exe
  C:\Windows\System\keFGuJF.exe
  2⤵
  PID:1956
- C:\Windows\System\SGRwVUn.exe
  C:\Windows\System\SGRwVUn.exe
  2⤵
  PID:1352
- C:\Windows\System\zECKNDN.exe
  C:\Windows\System\zECKNDN.exe
  2⤵
  PID:2476
- C:\Windows\System\EUtWFhm.exe
  C:\Windows\System\EUtWFhm.exe
  2⤵
  PID:2028
- C:\Windows\System\TdMeOes.exe
  C:\Windows\System\TdMeOes.exe
  2⤵
  PID:2380
- C:\Windows\System\atjLPpa.exe
  C:\Windows\System\atjLPpa.exe
  2⤵
  PID:2120
- C:\Windows\System\UXENXDz.exe
  C:\Windows\System\UXENXDz.exe
  2⤵
  PID:1828
- C:\Windows\System\iVykcqO.exe
  C:\Windows\System\iVykcqO.exe
  2⤵
  PID:1092
- C:\Windows\System\gVNoeuE.exe
  C:\Windows\System\gVNoeuE.exe
  2⤵
  PID:896
- C:\Windows\System\AqpjYsW.exe
  C:\Windows\System\AqpjYsW.exe
  2⤵
  PID:2456
- C:\Windows\System\pTzZuXf.exe
  C:\Windows\System\pTzZuXf.exe
  2⤵
  PID:1776
- C:\Windows\System\lGLuefw.exe
  C:\Windows\System\lGLuefw.exe
  2⤵
  PID:1332
- C:\Windows\System\ZmfFNXG.exe
  C:\Windows\System\ZmfFNXG.exe
  2⤵
  PID:284
- C:\Windows\System\KKbujgW.exe
  C:\Windows\System\KKbujgW.exe
  2⤵
  PID:1744
- C:\Windows\System\JTSjDgx.exe
  C:\Windows\System\JTSjDgx.exe
  2⤵
  PID:2904
- C:\Windows\System\mwxhTaL.exe
  C:\Windows\System\mwxhTaL.exe
  2⤵
  PID:984
- C:\Windows\System\IcaokBO.exe
  C:\Windows\System\IcaokBO.exe
  2⤵
  PID:2860
- C:\Windows\System\CgzWLct.exe
  C:\Windows\System\CgzWLct.exe
  2⤵
  PID:2472
- C:\Windows\System\SKsqjIP.exe
  C:\Windows\System\SKsqjIP.exe
  2⤵
  PID:2152
- C:\Windows\System\hmtrlcb.exe
  C:\Windows\System\hmtrlcb.exe
  2⤵
  PID:2340
- C:\Windows\System\kGJUZZI.exe
  C:\Windows\System\kGJUZZI.exe
  2⤵
  PID:1996
- C:\Windows\System\tNjLMMY.exe
  C:\Windows\System\tNjLMMY.exe
  2⤵
  PID:2688
- C:\Windows\System\spxBGlu.exe
  C:\Windows\System\spxBGlu.exe
  2⤵
  PID:2408
- C:\Windows\System\EhMcySe.exe
  C:\Windows\System\EhMcySe.exe
  2⤵
  PID:2880
- C:\Windows\System\ZcmBhUG.exe
  C:\Windows\System\ZcmBhUG.exe
  2⤵
  PID:2792
- C:\Windows\System\YdOnwzp.exe
  C:\Windows\System\YdOnwzp.exe
  2⤵
  PID:2220
- C:\Windows\System\jdsQLfh.exe
  C:\Windows\System\jdsQLfh.exe
  2⤵
  PID:2812
- C:\Windows\System\lxPdSPD.exe
  C:\Windows\System\lxPdSPD.exe
  2⤵
  PID:2516
- C:\Windows\System\YOcUPtj.exe
  C:\Windows\System\YOcUPtj.exe
  2⤵
  PID:2800
- C:\Windows\System\lRrMObZ.exe
  C:\Windows\System\lRrMObZ.exe
  2⤵
  PID:2768
- C:\Windows\System\qnMjTOi.exe
  C:\Windows\System\qnMjTOi.exe
  2⤵
  PID:572
- C:\Windows\System\LnyKEhP.exe
  C:\Windows\System\LnyKEhP.exe
  2⤵
  PID:880
- C:\Windows\System\DcccrfA.exe
  C:\Windows\System\DcccrfA.exe
  2⤵
  PID:1856
- C:\Windows\System\LDUyMTo.exe
  C:\Windows\System\LDUyMTo.exe
  2⤵
  PID:1976
- C:\Windows\System\UIljCmi.exe
  C:\Windows\System\UIljCmi.exe
  2⤵
  PID:2980
- C:\Windows\System\koroxEN.exe
  C:\Windows\System\koroxEN.exe
  2⤵
  PID:1736
- C:\Windows\System\vShxxJT.exe
  C:\Windows\System\vShxxJT.exe
  2⤵
  PID:2832
- C:\Windows\System\dQrULlb.exe
  C:\Windows\System\dQrULlb.exe
  2⤵
  PID:1396
- C:\Windows\System\ACuqHid.exe
  C:\Windows\System\ACuqHid.exe
  2⤵
  PID:2460
- C:\Windows\System\WWdkDAK.exe
  C:\Windows\System\WWdkDAK.exe
  2⤵
  PID:1532
- C:\Windows\System\VbhPHiH.exe
  C:\Windows\System\VbhPHiH.exe
  2⤵
  PID:1512
- C:\Windows\System\UEZgnzG.exe
  C:\Windows\System\UEZgnzG.exe
  2⤵
  PID:696
- C:\Windows\System\vdhrsCN.exe
  C:\Windows\System\vdhrsCN.exe
  2⤵
  PID:2216
- C:\Windows\System\TuurzwK.exe
  C:\Windows\System\TuurzwK.exe
  2⤵
  PID:2996
- C:\Windows\System\WxUNNXi.exe
  C:\Windows\System\WxUNNXi.exe
  2⤵
  PID:2204
- C:\Windows\System\GFkQaie.exe
  C:\Windows\System\GFkQaie.exe
  2⤵
  PID:1580
- C:\Windows\System\DvmfPHf.exe
  C:\Windows\System\DvmfPHf.exe
  2⤵
  PID:552
- C:\Windows\System\dQqzRTG.exe
  C:\Windows\System\dQqzRTG.exe
  2⤵
  PID:2772
- C:\Windows\System\GEtPscH.exe
  C:\Windows\System\GEtPscH.exe
  2⤵
  PID:2596
- C:\Windows\System\AphNhvD.exe
  C:\Windows\System\AphNhvD.exe
  2⤵
  PID:2668
- C:\Windows\System\vzlRTKc.exe
  C:\Windows\System\vzlRTKc.exe
  2⤵
  PID:2784
- C:\Windows\System\XGwNgQA.exe
  C:\Windows\System\XGwNgQA.exe
  2⤵
  PID:2248
- C:\Windows\System\OJrfWBu.exe
  C:\Windows\System\OJrfWBu.exe
  2⤵
  PID:2652
- C:\Windows\System\MkRvlfV.exe
  C:\Windows\System\MkRvlfV.exe
  2⤵
  PID:2020
- C:\Windows\System\GOHgnqt.exe
  C:\Windows\System\GOHgnqt.exe
  2⤵
  PID:1476
- C:\Windows\System\IgmyltM.exe
  C:\Windows\System\IgmyltM.exe
  2⤵
  PID:2840
- C:\Windows\System\EuvnVzo.exe
  C:\Windows\System\EuvnVzo.exe
  2⤵
  PID:988
- C:\Windows\System\DTInHpK.exe
  C:\Windows\System\DTInHpK.exe
  2⤵
  PID:1740
- C:\Windows\System\ECIdrEm.exe
  C:\Windows\System\ECIdrEm.exe
  2⤵
  PID:2728
- C:\Windows\System\eXSvhFD.exe
  C:\Windows\System\eXSvhFD.exe
  2⤵
  PID:2356
- C:\Windows\System\KXpsUPl.exe
  C:\Windows\System\KXpsUPl.exe
  2⤵
  PID:1376
- C:\Windows\System\jgvdfwM.exe
  C:\Windows\System\jgvdfwM.exe
  2⤵
  PID:2404
- C:\Windows\System\bKJoehM.exe
  C:\Windows\System\bKJoehM.exe
  2⤵
  PID:2312
- C:\Windows\System\TYAPYiV.exe
  C:\Windows\System\TYAPYiV.exe
  2⤵
  PID:2808
- C:\Windows\System\PnbpLYs.exe
  C:\Windows\System\PnbpLYs.exe
  2⤵
  PID:2600
- C:\Windows\System\RfMEGDA.exe
  C:\Windows\System\RfMEGDA.exe
  2⤵
  PID:2608
- C:\Windows\System\uOWGscS.exe
  C:\Windows\System\uOWGscS.exe
  2⤵
  PID:1088
- C:\Windows\System\Plwapvb.exe
  C:\Windows\System\Plwapvb.exe
  2⤵
  PID:3044
- C:\Windows\System\gUGgxre.exe
  C:\Windows\System\gUGgxre.exe
  2⤵
  PID:892
- C:\Windows\System\ijZYigy.exe
  C:\Windows\System\ijZYigy.exe
  2⤵
  PID:568
- C:\Windows\System\ixDKqbB.exe
  C:\Windows\System\ixDKqbB.exe
  2⤵
  PID:2304
- C:\Windows\System\QsGkBij.exe
  C:\Windows\System\QsGkBij.exe
  2⤵
  PID:2780
- C:\Windows\System\oOyAkts.exe
  C:\Windows\System\oOyAkts.exe
  2⤵
  PID:3088
- C:\Windows\System\zSOOuRc.exe
  C:\Windows\System\zSOOuRc.exe
  2⤵
  PID:3112
- C:\Windows\System\dvWyCEt.exe
  C:\Windows\System\dvWyCEt.exe
  2⤵
  PID:3132
- C:\Windows\System\tWHeHgj.exe
  C:\Windows\System\tWHeHgj.exe
  2⤵
  PID:3152
- C:\Windows\System\wxROwUq.exe
  C:\Windows\System\wxROwUq.exe
  2⤵
  PID:3172
- C:\Windows\System\HdaZnIt.exe
  C:\Windows\System\HdaZnIt.exe
  2⤵
  PID:3192
- C:\Windows\System\CDvNhLv.exe
  C:\Windows\System\CDvNhLv.exe
  2⤵
  PID:3216
- C:\Windows\System\EJnaFzN.exe
  C:\Windows\System\EJnaFzN.exe
  2⤵
  PID:3236
- C:\Windows\System\aOiOkIn.exe
  C:\Windows\System\aOiOkIn.exe
  2⤵
  PID:3256
- C:\Windows\System\zcZXIsN.exe
  C:\Windows\System\zcZXIsN.exe
  2⤵
  PID:3276
- C:\Windows\System\ZjLIiiq.exe
  C:\Windows\System\ZjLIiiq.exe
  2⤵
  PID:3296
- C:\Windows\System\XPTCFSW.exe
  C:\Windows\System\XPTCFSW.exe
  2⤵
  PID:3316
- C:\Windows\System\PPsDnDD.exe
  C:\Windows\System\PPsDnDD.exe
  2⤵
  PID:3336
- C:\Windows\System\kMffuKx.exe
  C:\Windows\System\kMffuKx.exe
  2⤵
  PID:3356
- C:\Windows\System\suIUiEM.exe
  C:\Windows\System\suIUiEM.exe
  2⤵
  PID:3376
- C:\Windows\System\jGkAdKQ.exe
  C:\Windows\System\jGkAdKQ.exe
  2⤵
  PID:3396
- C:\Windows\System\sDyVuwi.exe
  C:\Windows\System\sDyVuwi.exe
  2⤵
  PID:3416
- C:\Windows\System\aFLwmbK.exe
  C:\Windows\System\aFLwmbK.exe
  2⤵
  PID:3436
- C:\Windows\System\FQsethw.exe
  C:\Windows\System\FQsethw.exe
  2⤵
  PID:3456
- C:\Windows\System\qEwndaL.exe
  C:\Windows\System\qEwndaL.exe
  2⤵
  PID:3476
- C:\Windows\System\PcJORwi.exe
  C:\Windows\System\PcJORwi.exe
  2⤵
  PID:3496
- C:\Windows\System\KCUvSfe.exe
  C:\Windows\System\KCUvSfe.exe
  2⤵
  PID:3516
- C:\Windows\System\AmJhyFd.exe
  C:\Windows\System\AmJhyFd.exe
  2⤵
  PID:3536
- C:\Windows\System\dkIJXhl.exe
  C:\Windows\System\dkIJXhl.exe
  2⤵
  PID:3556
- C:\Windows\System\JujvtsR.exe
  C:\Windows\System\JujvtsR.exe
  2⤵
  PID:3576
- C:\Windows\System\lgCDzLd.exe
  C:\Windows\System\lgCDzLd.exe
  2⤵
  PID:3596
- C:\Windows\System\EXfMKMa.exe
  C:\Windows\System\EXfMKMa.exe
  2⤵
  PID:3616
- C:\Windows\System\SkIwFjt.exe
  C:\Windows\System\SkIwFjt.exe
  2⤵
  PID:3636
- C:\Windows\System\OPIKnuB.exe
  C:\Windows\System\OPIKnuB.exe
  2⤵
  PID:3656
- C:\Windows\System\lOTRyVB.exe
  C:\Windows\System\lOTRyVB.exe
  2⤵
  PID:3676
- C:\Windows\System\fNQJUJv.exe
  C:\Windows\System\fNQJUJv.exe
  2⤵
  PID:3696
- C:\Windows\System\rmPpxlm.exe
  C:\Windows\System\rmPpxlm.exe
  2⤵
  PID:3716
- C:\Windows\System\RmOJnXc.exe
  C:\Windows\System\RmOJnXc.exe
  2⤵
  PID:3736
- C:\Windows\System\UyzVcck.exe
  C:\Windows\System\UyzVcck.exe
  2⤵
  PID:3756
- C:\Windows\System\JYQrXUQ.exe
  C:\Windows\System\JYQrXUQ.exe
  2⤵
  PID:3776
- C:\Windows\System\kaRhyrK.exe
  C:\Windows\System\kaRhyrK.exe
  2⤵
  PID:3796
- C:\Windows\System\VAkzcqt.exe
  C:\Windows\System\VAkzcqt.exe
  2⤵
  PID:3816
- C:\Windows\System\oWqxPId.exe
  C:\Windows\System\oWqxPId.exe
  2⤵
  PID:3836
- C:\Windows\System\HTcEkSA.exe
  C:\Windows\System\HTcEkSA.exe
  2⤵
  PID:3860
- C:\Windows\System\BTsMeQV.exe
  C:\Windows\System\BTsMeQV.exe
  2⤵
  PID:3880
- C:\Windows\System\CGtlQsW.exe
  C:\Windows\System\CGtlQsW.exe
  2⤵
  PID:3900
- C:\Windows\System\FGlwPhm.exe
  C:\Windows\System\FGlwPhm.exe
  2⤵
  PID:3920
- C:\Windows\System\llCfiuf.exe
  C:\Windows\System\llCfiuf.exe
  2⤵
  PID:3940
- C:\Windows\System\IrWVzHR.exe
  C:\Windows\System\IrWVzHR.exe
  2⤵
  PID:3960
- C:\Windows\System\GkTNDbe.exe
  C:\Windows\System\GkTNDbe.exe
  2⤵
  PID:3980
- C:\Windows\System\CSubqyt.exe
  C:\Windows\System\CSubqyt.exe
  2⤵
  PID:4000
- C:\Windows\System\HRxtyPY.exe
  C:\Windows\System\HRxtyPY.exe
  2⤵
  PID:4020
- C:\Windows\System\aJMTFGp.exe
  C:\Windows\System\aJMTFGp.exe
  2⤵
  PID:4040
- C:\Windows\System\MjCRIRk.exe
  C:\Windows\System\MjCRIRk.exe
  2⤵
  PID:4060
- C:\Windows\System\TltcgJs.exe
  C:\Windows\System\TltcgJs.exe
  2⤵
  PID:4076
- C:\Windows\System\nTsOMKv.exe
  C:\Windows\System\nTsOMKv.exe
  2⤵
  PID:2560
- C:\Windows\System\QsJTdvg.exe
  C:\Windows\System\QsJTdvg.exe
  2⤵
  PID:2836
- C:\Windows\System\oKsMzQX.exe
  C:\Windows\System\oKsMzQX.exe
  2⤵
  PID:1756
- C:\Windows\System\pHUCNvG.exe
  C:\Windows\System\pHUCNvG.exe
  2⤵
  PID:2580
- C:\Windows\System\UIPPBCZ.exe
  C:\Windows\System\UIPPBCZ.exe
  2⤵
  PID:3076
- C:\Windows\System\jQBmNNg.exe
  C:\Windows\System\jQBmNNg.exe
  2⤵
  PID:3080
- C:\Windows\System\ZIHwMVw.exe
  C:\Windows\System\ZIHwMVw.exe
  2⤵
  PID:3108
- C:\Windows\System\XINyKZM.exe
  C:\Windows\System\XINyKZM.exe
  2⤵
  PID:3164
- C:\Windows\System\hxTcojm.exe
  C:\Windows\System\hxTcojm.exe
  2⤵
  PID:3208
- C:\Windows\System\NRfbVfx.exe
  C:\Windows\System\NRfbVfx.exe
  2⤵
  PID:3244
- C:\Windows\System\MEZUzQy.exe
  C:\Windows\System\MEZUzQy.exe
  2⤵
  PID:3264
- C:\Windows\System\IJitgQa.exe
  C:\Windows\System\IJitgQa.exe
  2⤵
  PID:3268
- C:\Windows\System\axsDQdf.exe
  C:\Windows\System\axsDQdf.exe
  2⤵
  PID:3332
- C:\Windows\System\JtirYtf.exe
  C:\Windows\System\JtirYtf.exe
  2⤵
  PID:3368
- C:\Windows\System\FTeBFpS.exe
  C:\Windows\System\FTeBFpS.exe
  2⤵
  PID:3392
- C:\Windows\System\ZftOFhM.exe
  C:\Windows\System\ZftOFhM.exe
  2⤵
  PID:3432
- C:\Windows\System\VspRzpO.exe
  C:\Windows\System\VspRzpO.exe
  2⤵
  PID:3464
- C:\Windows\System\WQBewZf.exe
  C:\Windows\System\WQBewZf.exe
  2⤵
  PID:3488
- C:\Windows\System\HxwdwcN.exe
  C:\Windows\System\HxwdwcN.exe
  2⤵
  PID:3512
- C:\Windows\System\CEDgPAo.exe
  C:\Windows\System\CEDgPAo.exe
  2⤵
  PID:3548
- C:\Windows\System\NzOSOTO.exe
  C:\Windows\System\NzOSOTO.exe
  2⤵
  PID:3612
- C:\Windows\System\SfCxQIx.exe
  C:\Windows\System\SfCxQIx.exe
  2⤵
  PID:3652
- C:\Windows\System\mwIIAId.exe
  C:\Windows\System\mwIIAId.exe
  2⤵
  PID:3684
- C:\Windows\System\wtAvesw.exe
  C:\Windows\System\wtAvesw.exe
  2⤵
  PID:3668
- C:\Windows\System\HKyHxzR.exe
  C:\Windows\System\HKyHxzR.exe
  2⤵
  PID:3728
- C:\Windows\System\KvXiztq.exe
  C:\Windows\System\KvXiztq.exe
  2⤵
  PID:3744
- C:\Windows\System\hFQYXVM.exe
  C:\Windows\System\hFQYXVM.exe
  2⤵
  PID:3784
- C:\Windows\System\QbljPak.exe
  C:\Windows\System\QbljPak.exe
  2⤵
  PID:3852
- C:\Windows\System\SPCMaYc.exe
  C:\Windows\System\SPCMaYc.exe
  2⤵
  PID:3848
- C:\Windows\System\lgAZpxN.exe
  C:\Windows\System\lgAZpxN.exe
  2⤵
  PID:3872
- C:\Windows\System\sSlSUYL.exe
  C:\Windows\System\sSlSUYL.exe
  2⤵
  PID:3908
- C:\Windows\System\EvIXPaK.exe
  C:\Windows\System\EvIXPaK.exe
  2⤵
  PID:3976
- C:\Windows\System\DDAthna.exe
  C:\Windows\System\DDAthna.exe
  2⤵
  PID:3988
- C:\Windows\System\KSnNzeF.exe
  C:\Windows\System\KSnNzeF.exe
  2⤵
  PID:3992
- C:\Windows\System\MYyHRCL.exe
  C:\Windows\System\MYyHRCL.exe
  2⤵
  PID:4036
- C:\Windows\System\gfEqxkp.exe
  C:\Windows\System\gfEqxkp.exe
  2⤵
  PID:4068
- C:\Windows\System\nxcgIvM.exe
  C:\Windows\System\nxcgIvM.exe
  2⤵
  PID:2044
- C:\Windows\System\DrxbbwF.exe
  C:\Windows\System\DrxbbwF.exe
  2⤵
  PID:1704
- C:\Windows\System\xiNHCVD.exe
  C:\Windows\System\xiNHCVD.exe
  2⤵
  PID:2420
- C:\Windows\System\ufROrDk.exe
  C:\Windows\System\ufROrDk.exe
  2⤵
  PID:3128
- C:\Windows\System\LfiDLFJ.exe
  C:\Windows\System\LfiDLFJ.exe
  2⤵
  PID:3140
- C:\Windows\System\OzQZUwI.exe
  C:\Windows\System\OzQZUwI.exe
  2⤵
  PID:3224
- C:\Windows\System\UWjKjyP.exe
  C:\Windows\System\UWjKjyP.exe
  2⤵
  PID:3288
- C:\Windows\System\xrxGYOc.exe
  C:\Windows\System\xrxGYOc.exe
  2⤵
  PID:3404
- C:\Windows\System\ETBIYdN.exe
  C:\Windows\System\ETBIYdN.exe
  2⤵
  PID:3448
- C:\Windows\System\QaGRlCB.exe
  C:\Windows\System\QaGRlCB.exe
  2⤵
  PID:3408
- C:\Windows\System\jVBgOmq.exe
  C:\Windows\System\jVBgOmq.exe
  2⤵
  PID:3484
- C:\Windows\System\AWxlicq.exe
  C:\Windows\System\AWxlicq.exe
  2⤵
  PID:3572
- C:\Windows\System\rcQZfcy.exe
  C:\Windows\System\rcQZfcy.exe
  2⤵
  PID:3588
- C:\Windows\System\fCHnJbS.exe
  C:\Windows\System\fCHnJbS.exe
  2⤵
  PID:3724
- C:\Windows\System\EAaYNXH.exe
  C:\Windows\System\EAaYNXH.exe
  2⤵
  PID:3752
- C:\Windows\System\XWXCZkl.exe
  C:\Windows\System\XWXCZkl.exe
  2⤵
  PID:2944
- C:\Windows\System\dHZyeOh.exe
  C:\Windows\System\dHZyeOh.exe
  2⤵
  PID:3808
- C:\Windows\System\kQLuIIu.exe
  C:\Windows\System\kQLuIIu.exe
  2⤵
  PID:3932
- C:\Windows\System\xflLUZK.exe
  C:\Windows\System\xflLUZK.exe
  2⤵
  PID:3956
- C:\Windows\System\mrmhqqw.exe
  C:\Windows\System\mrmhqqw.exe
  2⤵
  PID:4048
- C:\Windows\System\bknwnhJ.exe
  C:\Windows\System\bknwnhJ.exe
  2⤵
  PID:4084
- C:\Windows\System\urPcyiX.exe
  C:\Windows\System\urPcyiX.exe
  2⤵
  PID:4088
- C:\Windows\System\SBnFqUl.exe
  C:\Windows\System\SBnFqUl.exe
  2⤵
  PID:3124
- C:\Windows\System\VgiTwKm.exe
  C:\Windows\System\VgiTwKm.exe
  2⤵
  PID:2900
- C:\Windows\System\NTunwpM.exe
  C:\Windows\System\NTunwpM.exe
  2⤵
  PID:3324
- C:\Windows\System\TfjaiLI.exe
  C:\Windows\System\TfjaiLI.exe
  2⤵
  PID:3372
- C:\Windows\System\VcAPIEV.exe
  C:\Windows\System\VcAPIEV.exe
  2⤵
  PID:764
- C:\Windows\System\PNLKXMB.exe
  C:\Windows\System\PNLKXMB.exe
  2⤵
  PID:3348
- C:\Windows\System\jhtgHPa.exe
  C:\Windows\System\jhtgHPa.exe
  2⤵
  PID:3472
- C:\Windows\System\YUYAeqN.exe
  C:\Windows\System\YUYAeqN.exe
  2⤵
  PID:3592
- C:\Windows\System\JtvOvbc.exe
  C:\Windows\System\JtvOvbc.exe
  2⤵
  PID:3544
- C:\Windows\System\cREHmmc.exe
  C:\Windows\System\cREHmmc.exe
  2⤵
  PID:3704
- C:\Windows\System\qKstDYi.exe
  C:\Windows\System\qKstDYi.exe
  2⤵
  PID:3732
- C:\Windows\System\GRMOkQd.exe
  C:\Windows\System\GRMOkQd.exe
  2⤵
  PID:3764
- C:\Windows\System\fEXHhXc.exe
  C:\Windows\System\fEXHhXc.exe
  2⤵
  PID:4012
- C:\Windows\System\UXCHyiK.exe
  C:\Windows\System\UXCHyiK.exe
  2⤵
  PID:3180
- C:\Windows\System\shxFaKc.exe
  C:\Windows\System\shxFaKc.exe
  2⤵
  PID:2288
- C:\Windows\System\zXjPMpv.exe
  C:\Windows\System\zXjPMpv.exe
  2⤵
  PID:2936
- C:\Windows\System\UJUDqYc.exe
  C:\Windows\System\UJUDqYc.exe
  2⤵
  PID:1228
- C:\Windows\System\YlZaqmf.exe
  C:\Windows\System\YlZaqmf.exe
  2⤵
  PID:1760
- C:\Windows\System\MxnlOjO.exe
  C:\Windows\System\MxnlOjO.exe
  2⤵
  PID:3584
- C:\Windows\System\eeLbcYV.exe
  C:\Windows\System\eeLbcYV.exe
  2⤵
  PID:3768
- C:\Windows\System\IbFdSzo.exe
  C:\Windows\System\IbFdSzo.exe
  2⤵
  PID:3896
- C:\Windows\System\mlMNzty.exe
  C:\Windows\System\mlMNzty.exe
  2⤵
  PID:3928
- C:\Windows\System\AmhKCxJ.exe
  C:\Windows\System\AmhKCxJ.exe
  2⤵
  PID:2508
- C:\Windows\System\qGaXEAg.exe
  C:\Windows\System\qGaXEAg.exe
  2⤵
  PID:3200
- C:\Windows\System\uKQLufa.exe
  C:\Windows\System\uKQLufa.exe
  2⤵
  PID:3532
- C:\Windows\System\fKHQKiI.exe
  C:\Windows\System\fKHQKiI.exe
  2⤵
  PID:3832
- C:\Windows\System\uuscbAK.exe
  C:\Windows\System\uuscbAK.exe
  2⤵
  PID:4100
- C:\Windows\System\cKZOaXg.exe
  C:\Windows\System\cKZOaXg.exe
  2⤵
  PID:4116
- C:\Windows\System\XYIPEGH.exe
  C:\Windows\System\XYIPEGH.exe
  2⤵
  PID:4140
- C:\Windows\System\gTndibx.exe
  C:\Windows\System\gTndibx.exe
  2⤵
  PID:4160
- C:\Windows\System\YldZHAm.exe
  C:\Windows\System\YldZHAm.exe
  2⤵
  PID:4180
- C:\Windows\System\wTptKGa.exe
  C:\Windows\System\wTptKGa.exe
  2⤵
  PID:4200
- C:\Windows\System\akIvYhJ.exe
  C:\Windows\System\akIvYhJ.exe
  2⤵
  PID:4220
- C:\Windows\System\eseHYvT.exe
  C:\Windows\System\eseHYvT.exe
  2⤵
  PID:4240
- C:\Windows\System\BqavOkw.exe
  C:\Windows\System\BqavOkw.exe
  2⤵
  PID:4260
- C:\Windows\System\mKhpzvg.exe
  C:\Windows\System\mKhpzvg.exe
  2⤵
  PID:4280
- C:\Windows\System\aQaaQqI.exe
  C:\Windows\System\aQaaQqI.exe
  2⤵
  PID:4300
- C:\Windows\System\OlSUoJY.exe
  C:\Windows\System\OlSUoJY.exe
  2⤵
  PID:4320
- C:\Windows\System\UwhPirv.exe
  C:\Windows\System\UwhPirv.exe
  2⤵
  PID:4340
- C:\Windows\System\yMkgtHW.exe
  C:\Windows\System\yMkgtHW.exe
  2⤵
  PID:4360
- C:\Windows\System\GsEOOPf.exe
  C:\Windows\System\GsEOOPf.exe
  2⤵
  PID:4380
- C:\Windows\System\kGLWsqA.exe
  C:\Windows\System\kGLWsqA.exe
  2⤵
  PID:4400
- C:\Windows\System\EmSLiRU.exe
  C:\Windows\System\EmSLiRU.exe
  2⤵
  PID:4420
- C:\Windows\System\ciErtuo.exe
  C:\Windows\System\ciErtuo.exe
  2⤵
  PID:4436
- C:\Windows\System\jRlauES.exe
  C:\Windows\System\jRlauES.exe
  2⤵
  PID:4460
- C:\Windows\System\AegjZRq.exe
  C:\Windows\System\AegjZRq.exe
  2⤵
  PID:4476
- C:\Windows\System\xAKUaxz.exe
  C:\Windows\System\xAKUaxz.exe
  2⤵
  PID:4500
- C:\Windows\System\kCuqsxR.exe
  C:\Windows\System\kCuqsxR.exe
  2⤵
  PID:4520
- C:\Windows\System\lpOztCX.exe
  C:\Windows\System\lpOztCX.exe
  2⤵
  PID:4544
- C:\Windows\System\grWcOsP.exe
  C:\Windows\System\grWcOsP.exe
  2⤵
  PID:4564
- C:\Windows\System\qMYUkCB.exe
  C:\Windows\System\qMYUkCB.exe
  2⤵
  PID:4584
- C:\Windows\System\dkFOeaX.exe
  C:\Windows\System\dkFOeaX.exe
  2⤵
  PID:4604
- C:\Windows\System\bOPGdyk.exe
  C:\Windows\System\bOPGdyk.exe
  2⤵
  PID:4624
- C:\Windows\System\oLobKDG.exe
  C:\Windows\System\oLobKDG.exe
  2⤵
  PID:4640
- C:\Windows\System\soIlBnq.exe
  C:\Windows\System\soIlBnq.exe
  2⤵
  PID:4664
- C:\Windows\System\ztPqjpv.exe
  C:\Windows\System\ztPqjpv.exe
  2⤵
  PID:4684
- C:\Windows\System\OmgfYQn.exe
  C:\Windows\System\OmgfYQn.exe
  2⤵
  PID:4704
- C:\Windows\System\FqioGIF.exe
  C:\Windows\System\FqioGIF.exe
  2⤵
  PID:4724
- C:\Windows\System\MFhYjMP.exe
  C:\Windows\System\MFhYjMP.exe
  2⤵
  PID:4744
- C:\Windows\System\wiHuxjL.exe
  C:\Windows\System\wiHuxjL.exe
  2⤵
  PID:4764
- C:\Windows\System\Rbjuwfj.exe
  C:\Windows\System\Rbjuwfj.exe
  2⤵
  PID:4784
- C:\Windows\System\SekTzuN.exe
  C:\Windows\System\SekTzuN.exe
  2⤵
  PID:4804
- C:\Windows\System\AQpThnl.exe
  C:\Windows\System\AQpThnl.exe
  2⤵
  PID:4824
- C:\Windows\System\WLLYkPO.exe
  C:\Windows\System\WLLYkPO.exe
  2⤵
  PID:4844
- C:\Windows\System\WjsbiwL.exe
  C:\Windows\System\WjsbiwL.exe
  2⤵
  PID:4864
- C:\Windows\System\CddTgQs.exe
  C:\Windows\System\CddTgQs.exe
  2⤵
  PID:4884
- C:\Windows\System\xQmdyJs.exe
  C:\Windows\System\xQmdyJs.exe
  2⤵
  PID:4904
- C:\Windows\System\FmPXcaP.exe
  C:\Windows\System\FmPXcaP.exe
  2⤵
  PID:4924
- C:\Windows\System\kzliutX.exe
  C:\Windows\System\kzliutX.exe
  2⤵
  PID:4944
- C:\Windows\System\qaFyDCZ.exe
  C:\Windows\System\qaFyDCZ.exe
  2⤵
  PID:4960
- C:\Windows\System\eUatDHA.exe
  C:\Windows\System\eUatDHA.exe
  2⤵
  PID:4984
- C:\Windows\System\JOJYqWn.exe
  C:\Windows\System\JOJYqWn.exe
  2⤵
  PID:5000
- C:\Windows\System\yygWxNv.exe
  C:\Windows\System\yygWxNv.exe
  2⤵
  PID:5024
- C:\Windows\System\dmuNjLQ.exe
  C:\Windows\System\dmuNjLQ.exe
  2⤵
  PID:5040
- C:\Windows\System\ScDsRaU.exe
  C:\Windows\System\ScDsRaU.exe
  2⤵
  PID:5064
- C:\Windows\System\NPqRlaR.exe
  C:\Windows\System\NPqRlaR.exe
  2⤵
  PID:5084
- C:\Windows\System\MHIzyXV.exe
  C:\Windows\System\MHIzyXV.exe
  2⤵
  PID:5104
- C:\Windows\System\xnEdpaE.exe
  C:\Windows\System\xnEdpaE.exe
  2⤵
  PID:3936
- C:\Windows\System\afDbuYy.exe
  C:\Windows\System\afDbuYy.exe
  2⤵
  PID:3168
- C:\Windows\System\sRzYrTS.exe
  C:\Windows\System\sRzYrTS.exe
  2⤵
  PID:448
- C:\Windows\System\THQEaDy.exe
  C:\Windows\System\THQEaDy.exe
  2⤵
  PID:3688
- C:\Windows\System\dlvrssh.exe
  C:\Windows\System\dlvrssh.exe
  2⤵
  PID:4132
- C:\Windows\System\HIeKsXV.exe
  C:\Windows\System\HIeKsXV.exe
  2⤵
  PID:4168
- C:\Windows\System\OVpaihL.exe
  C:\Windows\System\OVpaihL.exe
  2⤵
  PID:4196
- C:\Windows\System\UeeivVD.exe
  C:\Windows\System\UeeivVD.exe
  2⤵
  PID:4248
- C:\Windows\System\EMnCxoU.exe
  C:\Windows\System\EMnCxoU.exe
  2⤵
  PID:4236
- C:\Windows\System\zKhiPYO.exe
  C:\Windows\System\zKhiPYO.exe
  2⤵
  PID:4296
- C:\Windows\System\POiLgFF.exe
  C:\Windows\System\POiLgFF.exe
  2⤵
  PID:4308
- C:\Windows\System\EEozBJu.exe
  C:\Windows\System\EEozBJu.exe
  2⤵
  PID:4348
- C:\Windows\System\hrWXVhY.exe
  C:\Windows\System\hrWXVhY.exe
  2⤵
  PID:4408
- C:\Windows\System\kQNmoyu.exe
  C:\Windows\System\kQNmoyu.exe
  2⤵
  PID:4444
- C:\Windows\System\pLludma.exe
  C:\Windows\System\pLludma.exe
  2⤵
  PID:4432
- C:\Windows\System\qoAVPUO.exe
  C:\Windows\System\qoAVPUO.exe
  2⤵
  PID:4468
- C:\Windows\System\MijZYhF.exe
  C:\Windows\System\MijZYhF.exe
  2⤵
  PID:4516
- C:\Windows\System\ySlBKXa.exe
  C:\Windows\System\ySlBKXa.exe
  2⤵
  PID:4576
- C:\Windows\System\SWOdkDz.exe
  C:\Windows\System\SWOdkDz.exe
  2⤵
  PID:4556
- C:\Windows\System\AdVkvVU.exe
  C:\Windows\System\AdVkvVU.exe
  2⤵
  PID:4616
- C:\Windows\System\mZifohj.exe
  C:\Windows\System\mZifohj.exe
  2⤵
  PID:4632
- C:\Windows\System\xopreGo.exe
  C:\Windows\System\xopreGo.exe
  2⤵
  PID:4676
- C:\Windows\System\XKXjyQe.exe
  C:\Windows\System\XKXjyQe.exe
  2⤵
  PID:4732
- C:\Windows\System\udCbBdi.exe
  C:\Windows\System\udCbBdi.exe
  2⤵
  PID:4772
- C:\Windows\System\nRVIoeV.exe
  C:\Windows\System\nRVIoeV.exe
  2⤵
  PID:4776
- C:\Windows\System\ZRDbZvy.exe
  C:\Windows\System\ZRDbZvy.exe
  2⤵
  PID:4816
- C:\Windows\System\RABOrZR.exe
  C:\Windows\System\RABOrZR.exe
  2⤵
  PID:4832
- C:\Windows\System\jpeIFLm.exe
  C:\Windows\System\jpeIFLm.exe
  2⤵
  PID:4836
- C:\Windows\System\GlQVLBM.exe
  C:\Windows\System\GlQVLBM.exe
  2⤵
  PID:4880
- C:\Windows\System\DzvecwM.exe
  C:\Windows\System\DzvecwM.exe
  2⤵
  PID:4940
- C:\Windows\System\tTftYkp.exe
  C:\Windows\System\tTftYkp.exe
  2⤵
  PID:4540
- C:\Windows\System\SMIpbMx.exe
  C:\Windows\System\SMIpbMx.exe
  2⤵
  PID:4976
- C:\Windows\System\JHcDcLv.exe
  C:\Windows\System\JHcDcLv.exe
  2⤵
  PID:4992
- C:\Windows\System\LODUuhw.exe
  C:\Windows\System\LODUuhw.exe
  2⤵
  PID:5032
- C:\Windows\System\rnLDjoS.exe
  C:\Windows\System\rnLDjoS.exe
  2⤵
  PID:5072
- C:\Windows\System\vWrzIgt.exe
  C:\Windows\System\vWrzIgt.exe
  2⤵
  PID:2308
- C:\Windows\System\czVVvDr.exe
  C:\Windows\System\czVVvDr.exe
  2⤵
  PID:1364
- C:\Windows\System\KQRknog.exe
  C:\Windows\System\KQRknog.exe
  2⤵
  PID:4156
- C:\Windows\System\VIJqldY.exe
  C:\Windows\System\VIJqldY.exe
  2⤵
  PID:4128
- C:\Windows\System\YPLlzHD.exe
  C:\Windows\System\YPLlzHD.exe
  2⤵
  PID:4188
- C:\Windows\System\fpAjAyA.exe
  C:\Windows\System\fpAjAyA.exe
  2⤵
  PID:4268
- C:\Windows\System\BWdQISR.exe
  C:\Windows\System\BWdQISR.exe
  2⤵
  PID:4228
- C:\Windows\System\JUysgcN.exe
  C:\Windows\System\JUysgcN.exe
  2⤵
  PID:4392
- C:\Windows\System\QsGXccD.exe
  C:\Windows\System\QsGXccD.exe
  2⤵
  PID:4488
- C:\Windows\System\QMoGzGu.exe
  C:\Windows\System\QMoGzGu.exe
  2⤵
  PID:4452
- C:\Windows\System\FarCPOi.exe
  C:\Windows\System\FarCPOi.exe
  2⤵
  PID:4600
- C:\Windows\System\GBvtmJq.exe
  C:\Windows\System\GBvtmJq.exe
  2⤵
  PID:4692
- C:\Windows\System\reMAXCB.exe
  C:\Windows\System\reMAXCB.exe
  2⤵
  PID:4740
- C:\Windows\System\KSeIueo.exe
  C:\Windows\System\KSeIueo.exe
  2⤵
  PID:3024
- C:\Windows\System\ZibrFEI.exe
  C:\Windows\System\ZibrFEI.exe
  2⤵
  PID:4712
- C:\Windows\System\QNacCpB.exe
  C:\Windows\System\QNacCpB.exe
  2⤵
  PID:1556
- C:\Windows\System\taZffMD.exe
  C:\Windows\System\taZffMD.exe
  2⤵
  PID:4856
- C:\Windows\System\YeOHlua.exe
  C:\Windows\System\YeOHlua.exe
  2⤵
  PID:4796
- C:\Windows\System\ScwyrtF.exe
  C:\Windows\System\ScwyrtF.exe
  2⤵
  PID:4980
- C:\Windows\System\SDTaNFs.exe
  C:\Windows\System\SDTaNFs.exe
  2⤵
  PID:5048
- C:\Windows\System\BtEZhWF.exe
  C:\Windows\System\BtEZhWF.exe
  2⤵
  PID:4920
- C:\Windows\System\pdQVlLb.exe
  C:\Windows\System\pdQVlLb.exe
  2⤵
  PID:5080
- C:\Windows\System\BQokxHB.exe
  C:\Windows\System\BQokxHB.exe
  2⤵
  PID:5100
- C:\Windows\System\IEgBJmi.exe
  C:\Windows\System\IEgBJmi.exe
  2⤵
  PID:4112
- C:\Windows\System\XAoslnt.exe
  C:\Windows\System\XAoslnt.exe
  2⤵
  PID:3856
- C:\Windows\System\nbirUFY.exe
  C:\Windows\System\nbirUFY.exe
  2⤵
  PID:4136
- C:\Windows\System\TYFDHqv.exe
  C:\Windows\System\TYFDHqv.exe
  2⤵
  PID:4312
- C:\Windows\System\UumnLfo.exe
  C:\Windows\System\UumnLfo.exe
  2⤵
  PID:4388
- C:\Windows\System\ihdCqjb.exe
  C:\Windows\System\ihdCqjb.exe
  2⤵
  PID:2076
- C:\Windows\System\aICdlpP.exe
  C:\Windows\System\aICdlpP.exe
  2⤵
  PID:4372
- C:\Windows\System\wxxDLFN.exe
  C:\Windows\System\wxxDLFN.exe
  2⤵
  PID:4572
- C:\Windows\System\CvxlWWx.exe
  C:\Windows\System\CvxlWWx.exe
  2⤵
  PID:4672
- C:\Windows\System\HTNmQNS.exe
  C:\Windows\System\HTNmQNS.exe
  2⤵
  PID:1388
- C:\Windows\System\gYUdRYv.exe
  C:\Windows\System\gYUdRYv.exe
  2⤵
  PID:1572
- C:\Windows\System\cpGYtsd.exe
  C:\Windows\System\cpGYtsd.exe
  2⤵
  PID:300
- C:\Windows\System\qpfKyyO.exe
  C:\Windows\System\qpfKyyO.exe
  2⤵
  PID:1808
- C:\Windows\System\HMqnfVK.exe
  C:\Windows\System\HMqnfVK.exe
  2⤵
  PID:1048
- C:\Windows\System\NFjxOun.exe
  C:\Windows\System\NFjxOun.exe
  2⤵
  PID:4916
- C:\Windows\System\OianVaH.exe
  C:\Windows\System\OianVaH.exe
  2⤵
  PID:4912
- C:\Windows\System\tisQPSK.exe
  C:\Windows\System\tisQPSK.exe
  2⤵
  PID:4968
- C:\Windows\System\qXBoubF.exe
  C:\Windows\System\qXBoubF.exe
  2⤵
  PID:5012
- C:\Windows\System\tDLLrCF.exe
  C:\Windows\System\tDLLrCF.exe
  2⤵
  PID:2324
- C:\Windows\System\gZdwdFT.exe
  C:\Windows\System\gZdwdFT.exe
  2⤵
  PID:3248
- C:\Windows\System\tZmgdAq.exe
  C:\Windows\System\tZmgdAq.exe
  2⤵
  PID:4212
- C:\Windows\System\LjWDuoC.exe
  C:\Windows\System\LjWDuoC.exe
  2⤵
  PID:4216
- C:\Windows\System\UysDcyP.exe
  C:\Windows\System\UysDcyP.exe
  2⤵
  PID:3232
- C:\Windows\System\mAmDiGU.exe
  C:\Windows\System\mAmDiGU.exe
  2⤵
  PID:1668
- C:\Windows\System\PUKhtWV.exe
  C:\Windows\System\PUKhtWV.exe
  2⤵
  PID:4336
- C:\Windows\System\hKzAzcp.exe
  C:\Windows\System\hKzAzcp.exe
  2⤵
  PID:952
- C:\Windows\System\fEIUpcr.exe
  C:\Windows\System\fEIUpcr.exe
  2⤵
  PID:4456
- C:\Windows\System\cajftRy.exe
  C:\Windows\System\cajftRy.exe
  2⤵
  PID:4560
- C:\Windows\System\gTiPjJq.exe
  C:\Windows\System\gTiPjJq.exe
  2⤵
  PID:4840
- C:\Windows\System\YtpoJRl.exe
  C:\Windows\System\YtpoJRl.exe
  2⤵
  PID:4896
- C:\Windows\System\QOMVlvV.exe
  C:\Windows\System\QOMVlvV.exe
  2⤵
  PID:3068
- C:\Windows\System\KgxVGio.exe
  C:\Windows\System\KgxVGio.exe
  2⤵
  PID:5052
- C:\Windows\System\ZkMpkpQ.exe
  C:\Windows\System\ZkMpkpQ.exe
  2⤵
  PID:2352
- C:\Windows\System\gIxDBWX.exe
  C:\Windows\System\gIxDBWX.exe
  2⤵
  PID:2764
- C:\Windows\System\lXkJhGM.exe
  C:\Windows\System\lXkJhGM.exe
  2⤵
  PID:1140
- C:\Windows\System\vrudZlR.exe
  C:\Windows\System\vrudZlR.exe
  2⤵
  PID:1724
- C:\Windows\System\CRPFhcN.exe
  C:\Windows\System\CRPFhcN.exe
  2⤵
  PID:4652
- C:\Windows\System\TZGBLgV.exe
  C:\Windows\System\TZGBLgV.exe
  2⤵
  PID:4760
- C:\Windows\System\JQJwlgO.exe
  C:\Windows\System\JQJwlgO.exe
  2⤵
  PID:1596
- C:\Windows\System\RVMZQbH.exe
  C:\Windows\System\RVMZQbH.exe
  2⤵
  PID:4752
- C:\Windows\System\sMaYpws.exe
  C:\Windows\System\sMaYpws.exe
  2⤵
  PID:2016
- C:\Windows\System\zEQdJuS.exe
  C:\Windows\System\zEQdJuS.exe
  2⤵
  PID:3788
- C:\Windows\System\mFPewDM.exe
  C:\Windows\System\mFPewDM.exe
  2⤵
  PID:328
- C:\Windows\System\QEZfqvR.exe
  C:\Windows\System\QEZfqvR.exe
  2⤵
  PID:4872
- C:\Windows\System\hYKnFPT.exe
  C:\Windows\System\hYKnFPT.exe
  2⤵
  PID:5020
- C:\Windows\System\LfzYCOn.exe
  C:\Windows\System\LfzYCOn.exe
  2⤵
  PID:3844
- C:\Windows\System\ekdhHvl.exe
  C:\Windows\System\ekdhHvl.exe
  2⤵
  PID:5016
- C:\Windows\System\SdCEVPz.exe
  C:\Windows\System\SdCEVPz.exe
  2⤵
  PID:4952
- C:\Windows\System\shwDBTr.exe
  C:\Windows\System\shwDBTr.exe
  2⤵
  PID:4276
- C:\Windows\System\RsJiSvE.exe
  C:\Windows\System\RsJiSvE.exe
  2⤵
  PID:5136
- C:\Windows\System\cKcjzxz.exe
  C:\Windows\System\cKcjzxz.exe
  2⤵
  PID:5164
- C:\Windows\System\wLckoaJ.exe
  C:\Windows\System\wLckoaJ.exe
  2⤵
  PID:5180
- C:\Windows\System\FhUOCOL.exe
  C:\Windows\System\FhUOCOL.exe
  2⤵
  PID:5212
- C:\Windows\System\eRXrWqT.exe
  C:\Windows\System\eRXrWqT.exe
  2⤵
  PID:5228
- C:\Windows\System\mbVfGwy.exe
  C:\Windows\System\mbVfGwy.exe
  2⤵
  PID:5244
- C:\Windows\System\CAWuisq.exe
  C:\Windows\System\CAWuisq.exe
  2⤵
  PID:5264
- C:\Windows\System\nWnwvpd.exe
  C:\Windows\System\nWnwvpd.exe
  2⤵
  PID:5284
- C:\Windows\System\TefVfeO.exe
  C:\Windows\System\TefVfeO.exe
  2⤵
  PID:5312
- C:\Windows\System\NZtcJmM.exe
  C:\Windows\System\NZtcJmM.exe
  2⤵
  PID:5328
- C:\Windows\System\ZfNcAzK.exe
  C:\Windows\System\ZfNcAzK.exe
  2⤵
  PID:5344
- C:\Windows\System\SoEHaTU.exe
  C:\Windows\System\SoEHaTU.exe
  2⤵
  PID:5360
- C:\Windows\System\TnSPrNk.exe
  C:\Windows\System\TnSPrNk.exe
  2⤵
  PID:5376
- C:\Windows\System\gsYZNnQ.exe
  C:\Windows\System\gsYZNnQ.exe
  2⤵
  PID:5392
- C:\Windows\System\ftiVQxA.exe
  C:\Windows\System\ftiVQxA.exe
  2⤵
  PID:5408
- C:\Windows\System\RenKYNR.exe
  C:\Windows\System\RenKYNR.exe
  2⤵
  PID:5424
- C:\Windows\System\MziImIN.exe
  C:\Windows\System\MziImIN.exe
  2⤵
  PID:5440
- C:\Windows\System\XGBkIoQ.exe
  C:\Windows\System\XGBkIoQ.exe
  2⤵
  PID:5456
- C:\Windows\System\qHtmova.exe
  C:\Windows\System\qHtmova.exe
  2⤵
  PID:5476
- C:\Windows\System\qnGuvrV.exe
  C:\Windows\System\qnGuvrV.exe
  2⤵
  PID:5504
- C:\Windows\System\CeAWBkR.exe
  C:\Windows\System\CeAWBkR.exe
  2⤵
  PID:5532
- C:\Windows\System\jWpgvTm.exe
  C:\Windows\System\jWpgvTm.exe
  2⤵
  PID:5552
- C:\Windows\System\idNOCNQ.exe
  C:\Windows\System\idNOCNQ.exe
  2⤵
  PID:5568
- C:\Windows\System\GLyqIfG.exe
  C:\Windows\System\GLyqIfG.exe
  2⤵
  PID:5616
- C:\Windows\System\JzeDEzE.exe
  C:\Windows\System\JzeDEzE.exe
  2⤵
  PID:5632
- C:\Windows\System\QObCWZa.exe
  C:\Windows\System\QObCWZa.exe
  2⤵
  PID:5652
- C:\Windows\System\XuCaKaa.exe
  C:\Windows\System\XuCaKaa.exe
  2⤵
  PID:5668
- C:\Windows\System\diWJvhh.exe
  C:\Windows\System\diWJvhh.exe
  2⤵
  PID:5684
- C:\Windows\System\umZcryC.exe
  C:\Windows\System\umZcryC.exe
  2⤵
  PID:5700
- C:\Windows\System\WWEOMnO.exe
  C:\Windows\System\WWEOMnO.exe
  2⤵
  PID:5716
- C:\Windows\System\IUgTZfq.exe
  C:\Windows\System\IUgTZfq.exe
  2⤵
  PID:5736
- C:\Windows\System\xlFRucF.exe
  C:\Windows\System\xlFRucF.exe
  2⤵
  PID:5776
- C:\Windows\System\nTHMJDC.exe
  C:\Windows\System\nTHMJDC.exe
  2⤵
  PID:5792
- C:\Windows\System\aOLnNzj.exe
  C:\Windows\System\aOLnNzj.exe
  2⤵
  PID:5808
- C:\Windows\System\NdDyxuV.exe
  C:\Windows\System\NdDyxuV.exe
  2⤵
  PID:5828
- C:\Windows\System\lvLjEYl.exe
  C:\Windows\System\lvLjEYl.exe
  2⤵
  PID:5844
- C:\Windows\System\ddaKBIy.exe
  C:\Windows\System\ddaKBIy.exe
  2⤵
  PID:5864
- C:\Windows\System\fslzpus.exe
  C:\Windows\System\fslzpus.exe
  2⤵
  PID:5884
- C:\Windows\System\XrALUkl.exe
  C:\Windows\System\XrALUkl.exe
  2⤵
  PID:5900
- C:\Windows\System\NlhxbCj.exe
  C:\Windows\System\NlhxbCj.exe
  2⤵
  PID:5916
- C:\Windows\System\FVxFlat.exe
  C:\Windows\System\FVxFlat.exe
  2⤵
  PID:5932
- C:\Windows\System\WbNskYd.exe
  C:\Windows\System\WbNskYd.exe
  2⤵
  PID:5948
- C:\Windows\System\bnbngOL.exe
  C:\Windows\System\bnbngOL.exe
  2⤵
  PID:5972
- C:\Windows\System\ldtGCcd.exe
  C:\Windows\System\ldtGCcd.exe
  2⤵
  PID:5988
- C:\Windows\System\vUCUJeU.exe
  C:\Windows\System\vUCUJeU.exe
  2⤵
  PID:6004
- C:\Windows\System\pnIhPjb.exe
  C:\Windows\System\pnIhPjb.exe
  2⤵
  PID:6052
- C:\Windows\System\esYNgkB.exe
  C:\Windows\System\esYNgkB.exe
  2⤵
  PID:6068
- C:\Windows\System\CWBIlCD.exe
  C:\Windows\System\CWBIlCD.exe
  2⤵
  PID:6084
- C:\Windows\System\QbRQPoH.exe
  C:\Windows\System\QbRQPoH.exe
  2⤵
  PID:6108
- C:\Windows\System\uIPRznV.exe
  C:\Windows\System\uIPRznV.exe
  2⤵
  PID:6128
- C:\Windows\System\BlgweGP.exe
  C:\Windows\System\BlgweGP.exe
  2⤵
  PID:5132
- C:\Windows\System\yMjIAQz.exe
  C:\Windows\System\yMjIAQz.exe
  2⤵
  PID:4696
- C:\Windows\System\KOGwiCy.exe
  C:\Windows\System\KOGwiCy.exe
  2⤵
  PID:5156
- C:\Windows\System\CfGQPYD.exe
  C:\Windows\System\CfGQPYD.exe
  2⤵
  PID:5200
- C:\Windows\System\CxVZgVg.exe
  C:\Windows\System\CxVZgVg.exe
  2⤵
  PID:5224
- C:\Windows\System\fUslDVC.exe
  C:\Windows\System\fUslDVC.exe
  2⤵
  PID:5260
- C:\Windows\System\UPZZATC.exe
  C:\Windows\System\UPZZATC.exe
  2⤵
  PID:5280
- C:\Windows\System\BPUkdlt.exe
  C:\Windows\System\BPUkdlt.exe
  2⤵
  PID:5304
- C:\Windows\System\LOIvlEG.exe
  C:\Windows\System\LOIvlEG.exe
  2⤵
  PID:5340
- C:\Windows\System\sBjrTRc.exe
  C:\Windows\System\sBjrTRc.exe
  2⤵
  PID:5436
- C:\Windows\System\syRjzRn.exe
  C:\Windows\System\syRjzRn.exe
  2⤵
  PID:5520
- C:\Windows\System\IsqBAAZ.exe
  C:\Windows\System\IsqBAAZ.exe
  2⤵
  PID:5548
- C:\Windows\System\yRsvwAv.exe
  C:\Windows\System\yRsvwAv.exe
  2⤵
  PID:5496
- C:\Windows\System\pdMKGop.exe
  C:\Windows\System\pdMKGop.exe
  2⤵
  PID:5544
- C:\Windows\System\fNhreFx.exe
  C:\Windows\System\fNhreFx.exe
  2⤵
  PID:5448
- C:\Windows\System\PfAVfoN.exe
  C:\Windows\System\PfAVfoN.exe
  2⤵
  PID:5592
- C:\Windows\System\QTfaEXF.exe
  C:\Windows\System\QTfaEXF.exe
  2⤵
  PID:5612
- C:\Windows\System\DzqcfjL.exe
  C:\Windows\System\DzqcfjL.exe
  2⤵
  PID:5640
- C:\Windows\System\HelJAfZ.exe
  C:\Windows\System\HelJAfZ.exe
  2⤵
  PID:5696
- C:\Windows\System\ltchgeO.exe
  C:\Windows\System\ltchgeO.exe
  2⤵
  PID:5712
- C:\Windows\System\qEOMxUG.exe
  C:\Windows\System\qEOMxUG.exe
  2⤵
  PID:5680
- C:\Windows\System\cTnswBu.exe
  C:\Windows\System\cTnswBu.exe
  2⤵
  PID:5768
- C:\Windows\System\qnaSUwv.exe
  C:\Windows\System\qnaSUwv.exe
  2⤵
  PID:5820
- C:\Windows\System\ePYgYKU.exe
  C:\Windows\System\ePYgYKU.exe
  2⤵
  PID:5860
- C:\Windows\System\apVeZeh.exe
  C:\Windows\System\apVeZeh.exe
  2⤵
  PID:5984
- C:\Windows\System\zTRbWgi.exe
  C:\Windows\System\zTRbWgi.exe
  2⤵
  PID:5924
- C:\Windows\System\XzaKYgI.exe
  C:\Windows\System\XzaKYgI.exe
  2⤵
  PID:6024
- C:\Windows\System\WMQkemP.exe
  C:\Windows\System\WMQkemP.exe
  2⤵
  PID:5968
- C:\Windows\System\VUBYhny.exe
  C:\Windows\System\VUBYhny.exe
  2⤵
  PID:6036
- C:\Windows\System\AqPnrYx.exe
  C:\Windows\System\AqPnrYx.exe
  2⤵
  PID:6016
- C:\Windows\System\UPADdLI.exe
  C:\Windows\System\UPADdLI.exe
  2⤵
  PID:6064
- C:\Windows\System\xJbOAgh.exe
  C:\Windows\System\xJbOAgh.exe
  2⤵
  PID:6104
- C:\Windows\System\DSxiMRG.exe
  C:\Windows\System\DSxiMRG.exe
  2⤵
  PID:6080
- C:\Windows\System\QUjHYyt.exe
  C:\Windows\System\QUjHYyt.exe
  2⤵
  PID:5152
- C:\Windows\System\fypdRbY.exe
  C:\Windows\System\fypdRbY.exe
  2⤵
  PID:1320
- C:\Windows\System\jutxyhb.exe
  C:\Windows\System\jutxyhb.exe
  2⤵
  PID:5336
- C:\Windows\System\zSdrKAx.exe
  C:\Windows\System\zSdrKAx.exe
  2⤵
  PID:5404
- C:\Windows\System\DKVzKQO.exe
  C:\Windows\System\DKVzKQO.exe
  2⤵
  PID:5300
- C:\Windows\System\oVwCpfV.exe
  C:\Windows\System\oVwCpfV.exe
  2⤵
  PID:5324
- C:\Windows\System\TfRoWPV.exe
  C:\Windows\System\TfRoWPV.exe
  2⤵
  PID:5452
- C:\Windows\System\rfkkiJn.exe
  C:\Windows\System\rfkkiJn.exe
  2⤵
  PID:5384
- C:\Windows\System\kAWOGoB.exe
  C:\Windows\System\kAWOGoB.exe
  2⤵
  PID:5604
- C:\Windows\System\QmWZaoL.exe
  C:\Windows\System\QmWZaoL.exe
  2⤵
  PID:5692
- C:\Windows\System\KFCNwzL.exe
  C:\Windows\System\KFCNwzL.exe
  2⤵
  PID:5596
- C:\Windows\System\uPKpCjr.exe
  C:\Windows\System\uPKpCjr.exe
  2⤵
  PID:5816
- C:\Windows\System\HzdqFAM.exe
  C:\Windows\System\HzdqFAM.exe
  2⤵
  PID:5760
- C:\Windows\System\MddGRvR.exe
  C:\Windows\System\MddGRvR.exe
  2⤵
  PID:5880
- C:\Windows\System\NgerHhW.exe
  C:\Windows\System\NgerHhW.exe
  2⤵
  PID:5944
- C:\Windows\System\EscgADz.exe
  C:\Windows\System\EscgADz.exe
  2⤵
  PID:5788
- C:\Windows\System\tDxZLgv.exe
  C:\Windows\System\tDxZLgv.exe
  2⤵
  PID:6096
- C:\Windows\System\tOGljCD.exe
  C:\Windows\System\tOGljCD.exe
  2⤵
  PID:5896
- C:\Windows\System\ieKNwpU.exe
  C:\Windows\System\ieKNwpU.exe
  2⤵
  PID:6100
- C:\Windows\System\PDadQdp.exe
  C:\Windows\System\PDadQdp.exe
  2⤵
  PID:5208
- C:\Windows\System\pBSxfOS.exe
  C:\Windows\System\pBSxfOS.exe
  2⤵
  PID:5472
- C:\Windows\System\tNAdFrQ.exe
  C:\Windows\System\tNAdFrQ.exe
  2⤵
  PID:5276
- C:\Windows\System\OFtFoBm.exe
  C:\Windows\System\OFtFoBm.exe
  2⤵
  PID:5388
- C:\Windows\System\JDazifm.exe
  C:\Windows\System\JDazifm.exe
  2⤵
  PID:5524
- C:\Windows\System\pdoWOPG.exe
  C:\Windows\System\pdoWOPG.exe
  2⤵
  PID:5664
- C:\Windows\System\guuZgYQ.exe
  C:\Windows\System\guuZgYQ.exe
  2⤵
  PID:5608
- C:\Windows\System\RGFGjqs.exe
  C:\Windows\System\RGFGjqs.exe
  2⤵
  PID:5876
- C:\Windows\System\KxXzshg.exe
  C:\Windows\System\KxXzshg.exe
  2⤵
  PID:5856
- C:\Windows\System\CMJfqLn.exe
  C:\Windows\System\CMJfqLn.exe
  2⤵
  PID:5192
- C:\Windows\System\UYxwvVd.exe
  C:\Windows\System\UYxwvVd.exe
  2⤵
  PID:4508
- C:\Windows\System\skMldqK.exe
  C:\Windows\System\skMldqK.exe
  2⤵
  PID:5320
- C:\Windows\System\QoIznNp.exe
  C:\Windows\System\QoIznNp.exe
  2⤵
  PID:5836
- C:\Windows\System\mQAQgnd.exe
  C:\Windows\System\mQAQgnd.exe
  2⤵
  PID:6032
- C:\Windows\System\yWRMxWv.exe
  C:\Windows\System\yWRMxWv.exe
  2⤵
  PID:6028
- C:\Windows\System\SjAKjfI.exe
  C:\Windows\System\SjAKjfI.exe
  2⤵
  PID:5492
- C:\Windows\System\EbXPNGF.exe
  C:\Windows\System\EbXPNGF.exe
  2⤵
  PID:6060
- C:\Windows\System\zyFuJXJ.exe
  C:\Windows\System\zyFuJXJ.exe
  2⤵
  PID:5676
- C:\Windows\System\ErjjkLp.exe
  C:\Windows\System\ErjjkLp.exe
  2⤵
  PID:5576
- C:\Windows\System\GzLStnD.exe
  C:\Windows\System\GzLStnD.exe
  2⤵
  PID:5628
- C:\Windows\System\sgSXrJD.exe
  C:\Windows\System\sgSXrJD.exe
  2⤵
  PID:5540
- C:\Windows\System\PYNBnNo.exe
  C:\Windows\System\PYNBnNo.exe
  2⤵
  PID:1288
- C:\Windows\System\ykJyFKA.exe
  C:\Windows\System\ykJyFKA.exe
  2⤵
  PID:5804
- C:\Windows\System\mVULTbM.exe
  C:\Windows\System\mVULTbM.exe
  2⤵
  PID:5784
- C:\Windows\System\lXKEwoW.exe
  C:\Windows\System\lXKEwoW.exe
  2⤵
  PID:5940
- C:\Windows\System\gFHFDKF.exe
  C:\Windows\System\gFHFDKF.exe
  2⤵
  PID:6156
- C:\Windows\System\ATueHuY.exe
  C:\Windows\System\ATueHuY.exe
  2⤵
  PID:6172
- C:\Windows\System\zLureFI.exe
  C:\Windows\System\zLureFI.exe
  2⤵
  PID:6192
- C:\Windows\System\mdZUTpt.exe
  C:\Windows\System\mdZUTpt.exe
  2⤵
  PID:6212
- C:\Windows\System\lFoBZyW.exe
  C:\Windows\System\lFoBZyW.exe
  2⤵
  PID:6228
- C:\Windows\System\OflAmGh.exe
  C:\Windows\System\OflAmGh.exe
  2⤵
  PID:6244
- C:\Windows\System\QckgkLR.exe
  C:\Windows\System\QckgkLR.exe
  2⤵
  PID:6260
- C:\Windows\System\mMrHSqN.exe
  C:\Windows\System\mMrHSqN.exe
  2⤵
  PID:6280
- C:\Windows\System\LDtZxyf.exe
  C:\Windows\System\LDtZxyf.exe
  2⤵
  PID:6296
- C:\Windows\System\oyttaxI.exe
  C:\Windows\System\oyttaxI.exe
  2⤵
  PID:6320
- C:\Windows\System\ehxRnkQ.exe
  C:\Windows\System\ehxRnkQ.exe
  2⤵
  PID:6340
- C:\Windows\System\EPHEVKX.exe
  C:\Windows\System\EPHEVKX.exe
  2⤵
  PID:6396
- C:\Windows\System\jvDorEr.exe
  C:\Windows\System\jvDorEr.exe
  2⤵
  PID:6412
- C:\Windows\System\JrldpBs.exe
  C:\Windows\System\JrldpBs.exe
  2⤵
  PID:6428
- C:\Windows\System\AyBhdxJ.exe
  C:\Windows\System\AyBhdxJ.exe
  2⤵
  PID:6444
- C:\Windows\System\nvdqQrD.exe
  C:\Windows\System\nvdqQrD.exe
  2⤵
  PID:6460
- C:\Windows\System\AlHMRky.exe
  C:\Windows\System\AlHMRky.exe
  2⤵
  PID:6480
- C:\Windows\System\ApisRGC.exe
  C:\Windows\System\ApisRGC.exe
  2⤵
  PID:6500
- C:\Windows\System\suwIvFn.exe
  C:\Windows\System\suwIvFn.exe
  2⤵
  PID:6516
- C:\Windows\System\tPShdFn.exe
  C:\Windows\System\tPShdFn.exe
  2⤵
  PID:6536
- C:\Windows\System\OHAvTFf.exe
  C:\Windows\System\OHAvTFf.exe
  2⤵
  PID:6556
- C:\Windows\System\GixNIbX.exe
  C:\Windows\System\GixNIbX.exe
  2⤵
  PID:6572
- C:\Windows\System\amxvDSb.exe
  C:\Windows\System\amxvDSb.exe
  2⤵
  PID:6592
- C:\Windows\System\AwhZEWs.exe
  C:\Windows\System\AwhZEWs.exe
  2⤵
  PID:6624
- C:\Windows\System\uRQVQLE.exe
  C:\Windows\System\uRQVQLE.exe
  2⤵
  PID:6640
- C:\Windows\System\JHOcEvR.exe
  C:\Windows\System\JHOcEvR.exe
  2⤵
  PID:6664
- C:\Windows\System\mkWuaWd.exe
  C:\Windows\System\mkWuaWd.exe
  2⤵
  PID:6684
- C:\Windows\System\UKlqrxh.exe
  C:\Windows\System\UKlqrxh.exe
  2⤵
  PID:6700
- C:\Windows\System\jfyByON.exe
  C:\Windows\System\jfyByON.exe
  2⤵
  PID:6736
- C:\Windows\System\zSqqajY.exe
  C:\Windows\System\zSqqajY.exe
  2⤵
  PID:6752
- C:\Windows\System\OBQHZOX.exe
  C:\Windows\System\OBQHZOX.exe
  2⤵
  PID:6768
- C:\Windows\System\AqZIlvz.exe
  C:\Windows\System\AqZIlvz.exe
  2⤵
  PID:6788
- C:\Windows\System\fgjnPIk.exe
  C:\Windows\System\fgjnPIk.exe
  2⤵
  PID:6808
- C:\Windows\System\VDQfzJk.exe
  C:\Windows\System\VDQfzJk.exe
  2⤵
  PID:6824
- C:\Windows\System\KGbDEpZ.exe
  C:\Windows\System\KGbDEpZ.exe
  2⤵
  PID:6848
- C:\Windows\System\tyHTkml.exe
  C:\Windows\System\tyHTkml.exe
  2⤵
  PID:6864
- C:\Windows\System\RkTVJEP.exe
  C:\Windows\System\RkTVJEP.exe
  2⤵
  PID:6884
- C:\Windows\System\imoUxRR.exe
  C:\Windows\System\imoUxRR.exe
  2⤵
  PID:6908
- C:\Windows\System\puhZUPK.exe
  C:\Windows\System\puhZUPK.exe
  2⤵
  PID:6924
- C:\Windows\System\DYZZOJv.exe
  C:\Windows\System\DYZZOJv.exe
  2⤵
  PID:6940
- C:\Windows\System\aABKAsx.exe
  C:\Windows\System\aABKAsx.exe
  2⤵
  PID:6956
- C:\Windows\System\VukaDcC.exe
  C:\Windows\System\VukaDcC.exe
  2⤵
  PID:7008
- C:\Windows\System\UeHWDsx.exe
  C:\Windows\System\UeHWDsx.exe
  2⤵
  PID:7024
- C:\Windows\System\wyjfQtp.exe
  C:\Windows\System\wyjfQtp.exe
  2⤵
  PID:7040
- C:\Windows\System\clpFUBb.exe
  C:\Windows\System\clpFUBb.exe
  2⤵
  PID:7056
- C:\Windows\System\CLcTDXI.exe
  C:\Windows\System\CLcTDXI.exe
  2⤵
  PID:7072
- C:\Windows\System\hSCyFwX.exe
  C:\Windows\System\hSCyFwX.exe
  2⤵
  PID:7092
- C:\Windows\System\pDHUlta.exe
  C:\Windows\System\pDHUlta.exe
  2⤵
  PID:7108
- C:\Windows\System\yhsyyCQ.exe
  C:\Windows\System\yhsyyCQ.exe
  2⤵
  PID:7124
- C:\Windows\System\rWOeImC.exe
  C:\Windows\System\rWOeImC.exe
  2⤵
  PID:7148
- C:\Windows\System\kTQtKWQ.exe
  C:\Windows\System\kTQtKWQ.exe
  2⤵
  PID:5432
- C:\Windows\System\lJrfvBA.exe
  C:\Windows\System\lJrfvBA.exe
  2⤵
  PID:6164
- C:\Windows\System\dVKnCkA.exe
  C:\Windows\System\dVKnCkA.exe
  2⤵
  PID:6208
- C:\Windows\System\wxSMsuV.exe
  C:\Windows\System\wxSMsuV.exe
  2⤵
  PID:6272
- C:\Windows\System\pwPSJdT.exe
  C:\Windows\System\pwPSJdT.exe
  2⤵
  PID:6224
- C:\Windows\System\sVWXwSM.exe
  C:\Windows\System\sVWXwSM.exe
  2⤵
  PID:6292
- C:\Windows\System\hZVjufF.exe
  C:\Windows\System\hZVjufF.exe
  2⤵
  PID:6308
- C:\Windows\System\EwmDyKK.exe
  C:\Windows\System\EwmDyKK.exe
  2⤵
  PID:6360
- C:\Windows\System\kfhwxrZ.exe
  C:\Windows\System\kfhwxrZ.exe
  2⤵
  PID:6376
- C:\Windows\System\jhqwBoK.exe
  C:\Windows\System\jhqwBoK.exe
  2⤵
  PID:6392
- C:\Windows\System\aAMdIUL.exe
  C:\Windows\System\aAMdIUL.exe
  2⤵
  PID:6408
- C:\Windows\System\mpwBGTW.exe
  C:\Windows\System\mpwBGTW.exe
  2⤵
  PID:6456
- C:\Windows\System\QcaYXuB.exe
  C:\Windows\System\QcaYXuB.exe
  2⤵
  PID:6492
- C:\Windows\System\pZaTWvT.exe
  C:\Windows\System\pZaTWvT.exe
  2⤵
  PID:6524
- C:\Windows\System\sAYcHpx.exe
  C:\Windows\System\sAYcHpx.exe
  2⤵
  PID:6604
- C:\Windows\System\UOLMaqJ.exe
  C:\Windows\System\UOLMaqJ.exe
  2⤵
  PID:6472
- C:\Windows\System\geeJNrb.exe
  C:\Windows\System\geeJNrb.exe
  2⤵
  PID:6584
- C:\Windows\System\afOLaIP.exe
  C:\Windows\System\afOLaIP.exe
  2⤵
  PID:6656
- C:\Windows\System\CtHsWdc.exe
  C:\Windows\System\CtHsWdc.exe
  2⤵
  PID:6720
- C:\Windows\System\OnZrUtA.exe
  C:\Windows\System\OnZrUtA.exe
  2⤵
  PID:6696
- C:\Windows\System\OMNNFTP.exe
  C:\Windows\System\OMNNFTP.exe
  2⤵
  PID:6748
- C:\Windows\System\iycMsUb.exe
  C:\Windows\System\iycMsUb.exe
  2⤵
  PID:6820
- C:\Windows\System\XpqlBFR.exe
  C:\Windows\System\XpqlBFR.exe
  2⤵
  PID:6816
- C:\Windows\System\ulxlady.exe
  C:\Windows\System\ulxlady.exe
  2⤵
  PID:6832
- C:\Windows\System\PNUSCbk.exe
  C:\Windows\System\PNUSCbk.exe
  2⤵
  PID:6952
- C:\Windows\System\EHAexzz.exe
  C:\Windows\System\EHAexzz.exe
  2⤵
  PID:6968
- C:\Windows\System\KMyMWMW.exe
  C:\Windows\System\KMyMWMW.exe
  2⤵
  PID:6976
- C:\Windows\System\ciPlOPJ.exe
  C:\Windows\System\ciPlOPJ.exe
  2⤵
  PID:6992
- C:\Windows\System\KYDUyaq.exe
  C:\Windows\System\KYDUyaq.exe
  2⤵
  PID:7032
- C:\Windows\System\kcpZgXW.exe
  C:\Windows\System\kcpZgXW.exe
  2⤵
  PID:7100
- C:\Windows\System\NwxFDar.exe
  C:\Windows\System\NwxFDar.exe
  2⤵
  PID:7020
- C:\Windows\System\DbBKTIm.exe
  C:\Windows\System\DbBKTIm.exe
  2⤵
  PID:7120
- C:\Windows\System\BzHSuMG.exe
  C:\Windows\System\BzHSuMG.exe
  2⤵
  PID:6204
- C:\Windows\System\RUTFlZQ.exe
  C:\Windows\System\RUTFlZQ.exe
  2⤵
  PID:6240
- C:\Windows\System\LLeMEKA.exe
  C:\Windows\System\LLeMEKA.exe
  2⤵
  PID:6180
- C:\Windows\System\fgMhybT.exe
  C:\Windows\System\fgMhybT.exe
  2⤵
  PID:7084
- C:\Windows\System\eEOMaZd.exe
  C:\Windows\System\eEOMaZd.exe
  2⤵
  PID:6288
- C:\Windows\System\sPqeUUm.exe
  C:\Windows\System\sPqeUUm.exe
  2⤵
  PID:6368
- C:\Windows\System\bKwWVnW.exe
  C:\Windows\System\bKwWVnW.exe
  2⤵
  PID:6600
- C:\Windows\System\fXKLlWj.exe
  C:\Windows\System\fXKLlWj.exe
  2⤵
  PID:6440
- C:\Windows\System\cLJYiCy.exe
  C:\Windows\System\cLJYiCy.exe
  2⤵
  PID:6680
- C:\Windows\System\AoQICak.exe
  C:\Windows\System\AoQICak.exe
  2⤵
  PID:6452
- C:\Windows\System\yHrGsbH.exe
  C:\Windows\System\yHrGsbH.exe
  2⤵
  PID:6780
- C:\Windows\System\HoMjYLC.exe
  C:\Windows\System\HoMjYLC.exe
  2⤵
  PID:6860
- C:\Windows\System\NaqmkQp.exe
  C:\Windows\System\NaqmkQp.exe
  2⤵
  PID:7064
- C:\Windows\System\dbceCNa.exe
  C:\Windows\System\dbceCNa.exe
  2⤵
  PID:5980
- C:\Windows\System\kIUUpKs.exe
  C:\Windows\System\kIUUpKs.exe
  2⤵
  PID:6800
- C:\Windows\System\JHfNLzZ.exe
  C:\Windows\System\JHfNLzZ.exe
  2⤵
  PID:6044
- C:\Windows\System\UivXNBg.exe
  C:\Windows\System\UivXNBg.exe
  2⤵
  PID:6872
- C:\Windows\System\fAZBvNJ.exe
  C:\Windows\System\fAZBvNJ.exe
  2⤵
  PID:6948
- C:\Windows\System\wKvbsyZ.exe
  C:\Windows\System\wKvbsyZ.exe
  2⤵
  PID:6188
- C:\Windows\System\tZEzOJT.exe
  C:\Windows\System\tZEzOJT.exe
  2⤵
  PID:7132
- C:\Windows\System\PHYgWVf.exe
  C:\Windows\System\PHYgWVf.exe
  2⤵
  PID:6256
- C:\Windows\System\ibgkBkE.exe
  C:\Windows\System\ibgkBkE.exe
  2⤵
  PID:6672
- C:\Windows\System\FycyIsZ.exe
  C:\Windows\System\FycyIsZ.exe
  2⤵
  PID:6904
- C:\Windows\System\pcoaKHq.exe
  C:\Windows\System\pcoaKHq.exe
  2⤵
  PID:6804
- C:\Windows\System\sCcTZPf.exe
  C:\Windows\System\sCcTZPf.exe
  2⤵
  PID:7160
- C:\Windows\System\lQLfeVF.exe
  C:\Windows\System\lQLfeVF.exe
  2⤵
  PID:6336
- C:\Windows\System\krqNUVy.exe
  C:\Windows\System\krqNUVy.exe
  2⤵
  PID:7140
- C:\Windows\System\KkugSch.exe
  C:\Windows\System\KkugSch.exe
  2⤵
  PID:6616
- C:\Windows\System\ksQUtVF.exe
  C:\Windows\System\ksQUtVF.exe
  2⤵
  PID:6660
- C:\Windows\System\oecGohu.exe
  C:\Windows\System\oecGohu.exe
  2⤵
  PID:6652
- C:\Windows\System\ZZeRWSS.exe
  C:\Windows\System\ZZeRWSS.exe
  2⤵
  PID:6424
- C:\Windows\System\DpoObuy.exe
  C:\Windows\System\DpoObuy.exe
  2⤵
  PID:6708
- C:\Windows\System\qGaVfLf.exe
  C:\Windows\System\qGaVfLf.exe
  2⤵
  PID:7004
- C:\Windows\System\AhdaHyY.exe
  C:\Windows\System\AhdaHyY.exe
  2⤵
  PID:7016
- C:\Windows\System\QsoXxhb.exe
  C:\Windows\System\QsoXxhb.exe
  2⤵
  PID:6352
- C:\Windows\System\zbzYuLL.exe
  C:\Windows\System\zbzYuLL.exe
  2⤵
  PID:6384
- C:\Windows\System\AiOktGU.exe
  C:\Windows\System\AiOktGU.exe
  2⤵
  PID:6732
- C:\Windows\System\EJCxEkd.exe
  C:\Windows\System\EJCxEkd.exe
  2⤵
  PID:6764
- C:\Windows\System\UiLdUDp.exe
  C:\Windows\System\UiLdUDp.exe
  2⤵
  PID:7192
- C:\Windows\System\zDtOxRm.exe
  C:\Windows\System\zDtOxRm.exe
  2⤵
  PID:7208
- C:\Windows\System\AGlilYA.exe
  C:\Windows\System\AGlilYA.exe
  2⤵
  PID:7224
- C:\Windows\System\fQNMjcw.exe
  C:\Windows\System\fQNMjcw.exe
  2⤵
  PID:7240
- C:\Windows\System\gozHnTV.exe
  C:\Windows\System\gozHnTV.exe
  2⤵
  PID:7288
- C:\Windows\System\DVWgSWU.exe
  C:\Windows\System\DVWgSWU.exe
  2⤵
  PID:7304
- C:\Windows\System\prZutgg.exe
  C:\Windows\System\prZutgg.exe
  2⤵
  PID:7320
- C:\Windows\System\cNRcRZo.exe
  C:\Windows\System\cNRcRZo.exe
  2⤵
  PID:7336
- C:\Windows\System\mlVLXul.exe
  C:\Windows\System\mlVLXul.exe
  2⤵
  PID:7352
- C:\Windows\System\gygLCBK.exe
  C:\Windows\System\gygLCBK.exe
  2⤵
  PID:7372
- C:\Windows\System\TklMoDr.exe
  C:\Windows\System\TklMoDr.exe
  2⤵
  PID:7388
- C:\Windows\System\vsNZRIY.exe
  C:\Windows\System\vsNZRIY.exe
  2⤵
  PID:7408
- C:\Windows\System\TROKMfg.exe
  C:\Windows\System\TROKMfg.exe
  2⤵
  PID:7424
- C:\Windows\System\kOeWFOR.exe
  C:\Windows\System\kOeWFOR.exe
  2⤵
  PID:7440
- C:\Windows\System\YeeVcSP.exe
  C:\Windows\System\YeeVcSP.exe
  2⤵
  PID:7456
- C:\Windows\System\RxdYklv.exe
  C:\Windows\System\RxdYklv.exe
  2⤵
  PID:7508
- C:\Windows\System\lXeNplX.exe
  C:\Windows\System\lXeNplX.exe
  2⤵
  PID:7524
- C:\Windows\System\bitssQY.exe
  C:\Windows\System\bitssQY.exe
  2⤵
  PID:7540
- C:\Windows\System\pdyLJji.exe
  C:\Windows\System\pdyLJji.exe
  2⤵
  PID:7560
- C:\Windows\System\CXfdEFz.exe
  C:\Windows\System\CXfdEFz.exe
  2⤵
  PID:7576
- C:\Windows\System\RWlViqU.exe
  C:\Windows\System\RWlViqU.exe
  2⤵
  PID:7596
- C:\Windows\System\dMIQvmG.exe
  C:\Windows\System\dMIQvmG.exe
  2⤵
  PID:7612
- C:\Windows\System\noVhAbR.exe
  C:\Windows\System\noVhAbR.exe
  2⤵
  PID:7628
- C:\Windows\System\FWOTaKn.exe
  C:\Windows\System\FWOTaKn.exe
  2⤵
  PID:7644
- C:\Windows\System\VtCetUF.exe
  C:\Windows\System\VtCetUF.exe
  2⤵
  PID:7660
- C:\Windows\System\WvBzfRZ.exe
  C:\Windows\System\WvBzfRZ.exe
  2⤵
  PID:7676
- C:\Windows\System\YXZVZDV.exe
  C:\Windows\System\YXZVZDV.exe
  2⤵
  PID:7712
- C:\Windows\System\vYWwVXK.exe
  C:\Windows\System\vYWwVXK.exe
  2⤵
  PID:7728
- C:\Windows\System\AwxEajI.exe
  C:\Windows\System\AwxEajI.exe
  2⤵
  PID:7748
- C:\Windows\System\dWmhQZc.exe
  C:\Windows\System\dWmhQZc.exe
  2⤵
  PID:7764
- C:\Windows\System\VuLMygK.exe
  C:\Windows\System\VuLMygK.exe
  2⤵
  PID:7780
- C:\Windows\System\QTcRRcz.exe
  C:\Windows\System\QTcRRcz.exe
  2⤵
  PID:7796
- C:\Windows\System\lXowCwU.exe
  C:\Windows\System\lXowCwU.exe
  2⤵
  PID:7812
- C:\Windows\System\wsNgvHM.exe
  C:\Windows\System\wsNgvHM.exe
  2⤵
  PID:7828
- C:\Windows\System\XmTWdoo.exe
  C:\Windows\System\XmTWdoo.exe
  2⤵
  PID:7844
- C:\Windows\System\JmiHulD.exe
  C:\Windows\System\JmiHulD.exe
  2⤵
  PID:7860
- C:\Windows\System\wcYhoUg.exe
  C:\Windows\System\wcYhoUg.exe
  2⤵
  PID:7924
- C:\Windows\System\JyhIDwh.exe
  C:\Windows\System\JyhIDwh.exe
  2⤵
  PID:7944
- C:\Windows\System\ckSwNuG.exe
  C:\Windows\System\ckSwNuG.exe
  2⤵
  PID:7968
- C:\Windows\System\GRJOAjs.exe
  C:\Windows\System\GRJOAjs.exe
  2⤵
  PID:7992
- C:\Windows\System\LHLmnFd.exe
  C:\Windows\System\LHLmnFd.exe
  2⤵
  PID:8008
- C:\Windows\System\pMnFMsA.exe
  C:\Windows\System\pMnFMsA.exe
  2⤵
  PID:8028
- C:\Windows\System\wKpLyLs.exe
  C:\Windows\System\wKpLyLs.exe
  2⤵
  PID:8044
- C:\Windows\System\fZGUVip.exe
  C:\Windows\System\fZGUVip.exe
  2⤵
  PID:8060
- C:\Windows\System\XuegJnL.exe
  C:\Windows\System\XuegJnL.exe
  2⤵
  PID:8080
- C:\Windows\System\ygTqbKW.exe
  C:\Windows\System\ygTqbKW.exe
  2⤵
  PID:8100
- C:\Windows\System\NxrAKCX.exe
  C:\Windows\System\NxrAKCX.exe
  2⤵
  PID:8116
- C:\Windows\System\deAQyKQ.exe
  C:\Windows\System\deAQyKQ.exe
  2⤵
  PID:8136
- C:\Windows\System\OwBjkgW.exe
  C:\Windows\System\OwBjkgW.exe
  2⤵
  PID:8160
- C:\Windows\System\MLVEuaY.exe
  C:\Windows\System\MLVEuaY.exe
  2⤵
  PID:8188
- C:\Windows\System\NuvIsoH.exe
  C:\Windows\System\NuvIsoH.exe
  2⤵
  PID:7080
- C:\Windows\System\zdmjHiF.exe
  C:\Windows\System\zdmjHiF.exe
  2⤵
  PID:6508
- C:\Windows\System\bpjglxn.exe
  C:\Windows\System\bpjglxn.exe
  2⤵
  PID:7180
- C:\Windows\System\YPtNgVD.exe
  C:\Windows\System\YPtNgVD.exe
  2⤵
  PID:6920
- C:\Windows\System\nCKEmhe.exe
  C:\Windows\System\nCKEmhe.exe
  2⤵
  PID:6984
- C:\Windows\System\fPlvpLd.exe
  C:\Windows\System\fPlvpLd.exe
  2⤵
  PID:7204
- C:\Windows\System\BIWMFbM.exe
  C:\Windows\System\BIWMFbM.exe
  2⤵
  PID:7256
- C:\Windows\System\xlakEwU.exe
  C:\Windows\System\xlakEwU.exe
  2⤵
  PID:7280
- C:\Windows\System\GzPRgFO.exe
  C:\Windows\System\GzPRgFO.exe
  2⤵
  PID:7328
- C:\Windows\System\oIBauUA.exe
  C:\Windows\System\oIBauUA.exe
  2⤵
  PID:7380
- C:\Windows\System\zXXWiGg.exe
  C:\Windows\System\zXXWiGg.exe
  2⤵
  PID:7404
- C:\Windows\System\QkVMQeW.exe
  C:\Windows\System\QkVMQeW.exe
  2⤵
  PID:7452
- C:\Windows\System\LtOgePh.exe
  C:\Windows\System\LtOgePh.exe
  2⤵
  PID:7480
- C:\Windows\System\EeaxqjR.exe
  C:\Windows\System\EeaxqjR.exe
  2⤵
  PID:7488
- C:\Windows\System\JqPKYNu.exe
  C:\Windows\System\JqPKYNu.exe
  2⤵
  PID:7468
- C:\Windows\System\mOVmyaM.exe
  C:\Windows\System\mOVmyaM.exe
  2⤵
  PID:7536
- C:\Windows\System\WERkwCA.exe
  C:\Windows\System\WERkwCA.exe
  2⤵
  PID:7556
- C:\Windows\System\FYWUsZI.exe
  C:\Windows\System\FYWUsZI.exe
  2⤵
  PID:7652
- C:\Windows\System\imWsUtN.exe
  C:\Windows\System\imWsUtN.exe
  2⤵
  PID:7688
- C:\Windows\System\CcyQCmf.exe
  C:\Windows\System\CcyQCmf.exe
  2⤵
  PID:7804
- C:\Windows\System\KMFjdlr.exe
  C:\Windows\System\KMFjdlr.exe
  2⤵
  PID:7868
- C:\Windows\System\qNiHKWO.exe
  C:\Windows\System\qNiHKWO.exe
  2⤵
  PID:7884
- C:\Windows\System\muTPmXX.exe
  C:\Windows\System\muTPmXX.exe
  2⤵
  PID:7640
- C:\Windows\System\IMbUQwh.exe
  C:\Windows\System\IMbUQwh.exe
  2⤵
  PID:7756
- C:\Windows\System\EljiPHI.exe
  C:\Windows\System\EljiPHI.exe
  2⤵
  PID:7824
- C:\Windows\System\NtbATmT.exe
  C:\Windows\System\NtbATmT.exe
  2⤵
  PID:7896
- C:\Windows\System\XTqdLPy.exe
  C:\Windows\System\XTqdLPy.exe
  2⤵
  PID:7912
- C:\Windows\System\XErRejK.exe
  C:\Windows\System\XErRejK.exe
  2⤵
  PID:7892
- C:\Windows\System\KsorwIS.exe
  C:\Windows\System\KsorwIS.exe
  2⤵
  PID:7956
- C:\Windows\System\QdUCCxG.exe
  C:\Windows\System\QdUCCxG.exe
  2⤵
  PID:8020
- C:\Windows\System\BkouNhi.exe
  C:\Windows\System\BkouNhi.exe
  2⤵
  PID:8088
- C:\Windows\System\wsjdkiM.exe
  C:\Windows\System\wsjdkiM.exe
  2⤵
  PID:8072
- C:\Windows\System\dEDsrEA.exe
  C:\Windows\System\dEDsrEA.exe
  2⤵
  PID:8124
- C:\Windows\System\ZmtHLYP.exe
  C:\Windows\System\ZmtHLYP.exe
  2⤵
  PID:8108
- C:\Windows\System\gBpJIst.exe
  C:\Windows\System\gBpJIst.exe
  2⤵
  PID:8152
- C:\Windows\System\HZjULCI.exe
  C:\Windows\System\HZjULCI.exe
  2⤵
  PID:8180
- C:\Windows\System\EFUEQLz.exe
  C:\Windows\System\EFUEQLz.exe
  2⤵
  PID:6200
- C:\Windows\System\uxMOxMw.exe
  C:\Windows\System\uxMOxMw.exe
  2⤵
  PID:7248
- C:\Windows\System\OStsWwz.exe
  C:\Windows\System\OStsWwz.exe
  2⤵
  PID:6436
- C:\Windows\System\ljimFqn.exe
  C:\Windows\System\ljimFqn.exe
  2⤵
  PID:6588
- C:\Windows\System\QOJDbcM.exe
  C:\Windows\System\QOJDbcM.exe
  2⤵
  PID:7296
- C:\Windows\System\KrvIABZ.exe
  C:\Windows\System\KrvIABZ.exe
  2⤵
  PID:7620
- C:\Windows\System\EuQSKCS.exe
  C:\Windows\System\EuQSKCS.exe
  2⤵
  PID:7464
- C:\Windows\System\hfqiywp.exe
  C:\Windows\System\hfqiywp.exe
  2⤵
  PID:7592
- C:\Windows\System\DKBRwap.exe
  C:\Windows\System\DKBRwap.exe
  2⤵
  PID:7936
- C:\Windows\System\UxryIkz.exe
  C:\Windows\System\UxryIkz.exe
  2⤵
  PID:7744
- C:\Windows\System\JTJpuur.exe
  C:\Windows\System\JTJpuur.exe
  2⤵
  PID:7776
- C:\Windows\System\NGyYLog.exe
  C:\Windows\System\NGyYLog.exe
  2⤵
  PID:7856
- C:\Windows\System\bjvwECy.exe
  C:\Windows\System\bjvwECy.exe
  2⤵
  PID:7976
- C:\Windows\System\PWjhdAb.exe
  C:\Windows\System\PWjhdAb.exe
  2⤵
  PID:8016
- C:\Windows\System\FvGHCTn.exe
  C:\Windows\System\FvGHCTn.exe
  2⤵
  PID:8052
- C:\Windows\System\NjdOdLw.exe
  C:\Windows\System\NjdOdLw.exe
  2⤵
  PID:8144
- C:\Windows\System\PTCIvyy.exe
  C:\Windows\System\PTCIvyy.exe
  2⤵
  PID:7252
- C:\Windows\System\OtNhIYM.exe
  C:\Windows\System\OtNhIYM.exe
  2⤵
  PID:7200
- C:\Windows\System\XytrcBi.exe
  C:\Windows\System\XytrcBi.exe
  2⤵
  PID:7348
- C:\Windows\System\gCEQCcX.exe
  C:\Windows\System\gCEQCcX.exe
  2⤵
  PID:6488
- C:\Windows\System\eFCAKmF.exe
  C:\Windows\System\eFCAKmF.exe
  2⤵
  PID:7436
- C:\Windows\System\tMpLjEi.exe
  C:\Windows\System\tMpLjEi.exe
  2⤵
  PID:7548
- C:\Windows\System\hyvebQj.exe
  C:\Windows\System\hyvebQj.exe
  2⤵
  PID:7364
- C:\Windows\System\QJtZMVm.exe
  C:\Windows\System\QJtZMVm.exe
  2⤵
  PID:7820
- C:\Windows\System\qIEvDNB.exe
  C:\Windows\System\qIEvDNB.exe
  2⤵
  PID:7932
- C:\Windows\System\UftHUgO.exe
  C:\Windows\System\UftHUgO.exe
  2⤵
  PID:7964
- C:\Windows\System\YVUXHNb.exe
  C:\Windows\System\YVUXHNb.exe
  2⤵
  PID:7984
- C:\Windows\System\XcyoAcG.exe
  C:\Windows\System\XcyoAcG.exe
  2⤵
  PID:8132
- C:\Windows\System\UwlFuFj.exe
  C:\Windows\System\UwlFuFj.exe
  2⤵
  PID:7312
- C:\Windows\System\DaLYkcu.exe
  C:\Windows\System\DaLYkcu.exe
  2⤵
  PID:7552
- C:\Windows\System\hxqBYtL.exe
  C:\Windows\System\hxqBYtL.exe
  2⤵
  PID:6972
- C:\Windows\System\fuInSMl.exe
  C:\Windows\System\fuInSMl.exe
  2⤵
  PID:7432
- C:\Windows\System\yyVDcxJ.exe
  C:\Windows\System\yyVDcxJ.exe
  2⤵
  PID:7908
- C:\Windows\System\ZgvtjRz.exe
  C:\Windows\System\ZgvtjRz.exe
  2⤵
  PID:7988
- C:\Windows\System\jCMYQGq.exe
  C:\Windows\System\jCMYQGq.exe
  2⤵
  PID:8176
- C:\Windows\System\UOlUKeZ.exe
  C:\Windows\System\UOlUKeZ.exe
  2⤵
  PID:8040
- C:\Windows\System\KUDSoQb.exe
  C:\Windows\System\KUDSoQb.exe
  2⤵
  PID:7532
- C:\Windows\System\aLQGhPl.exe
  C:\Windows\System\aLQGhPl.exe
  2⤵
  PID:7700
- C:\Windows\System\RcrTZVb.exe
  C:\Windows\System\RcrTZVb.exe
  2⤵
  PID:7880
- C:\Windows\System\HtTZuFW.exe
  C:\Windows\System\HtTZuFW.exe
  2⤵
  PID:7872
- C:\Windows\System\dxWqEeo.exe
  C:\Windows\System\dxWqEeo.exe
  2⤵
  PID:6532
- C:\Windows\System\EEvLOYE.exe
  C:\Windows\System\EEvLOYE.exe
  2⤵
  PID:8036
- C:\Windows\System\wFugwvI.exe
  C:\Windows\System\wFugwvI.exe
  2⤵
  PID:7188
- C:\Windows\System\lfSppGp.exe
  C:\Windows\System\lfSppGp.exe
  2⤵
  PID:7400
- C:\Windows\System\KWSCTlI.exe
  C:\Windows\System\KWSCTlI.exe
  2⤵
  PID:8204
- C:\Windows\System\YieFoTQ.exe
  C:\Windows\System\YieFoTQ.exe
  2⤵
  PID:8220
- C:\Windows\System\btvCiaM.exe
  C:\Windows\System\btvCiaM.exe
  2⤵
  PID:8260
- C:\Windows\System\TvBLWrL.exe
  C:\Windows\System\TvBLWrL.exe
  2⤵
  PID:8276
- C:\Windows\System\rNpeiJw.exe
  C:\Windows\System\rNpeiJw.exe
  2⤵
  PID:8292
- C:\Windows\System\tXbIpvg.exe
  C:\Windows\System\tXbIpvg.exe
  2⤵
  PID:8312
- C:\Windows\System\ryROtSU.exe
  C:\Windows\System\ryROtSU.exe
  2⤵
  PID:8336
- C:\Windows\System\nKSwQiC.exe
  C:\Windows\System\nKSwQiC.exe
  2⤵
  PID:8360
- C:\Windows\System\mFfAFUp.exe
  C:\Windows\System\mFfAFUp.exe
  2⤵
  PID:8376
- C:\Windows\System\OoEnRUi.exe
  C:\Windows\System\OoEnRUi.exe
  2⤵
  PID:8392
- C:\Windows\System\cODGsAo.exe
  C:\Windows\System\cODGsAo.exe
  2⤵
  PID:8408
- C:\Windows\System\AFOlmCg.exe
  C:\Windows\System\AFOlmCg.exe
  2⤵
  PID:8424
- C:\Windows\System\zwDOaZY.exe
  C:\Windows\System\zwDOaZY.exe
  2⤵
  PID:8440
- C:\Windows\System\CXrpZYz.exe
  C:\Windows\System\CXrpZYz.exe
  2⤵
  PID:8480
- C:\Windows\System\CdJHgLi.exe
  C:\Windows\System\CdJHgLi.exe
  2⤵
  PID:8496
- C:\Windows\System\MvcQNzG.exe
  C:\Windows\System\MvcQNzG.exe
  2⤵
  PID:8512
- C:\Windows\System\jyKxkra.exe
  C:\Windows\System\jyKxkra.exe
  2⤵
  PID:8540
- C:\Windows\System\isWmSst.exe
  C:\Windows\System\isWmSst.exe
  2⤵
  PID:8556
- C:\Windows\System\upZTIEl.exe
  C:\Windows\System\upZTIEl.exe
  2⤵
  PID:8576
- C:\Windows\System\fSUzzvC.exe
  C:\Windows\System\fSUzzvC.exe
  2⤵
  PID:8592
- C:\Windows\System\xLjtOWg.exe
  C:\Windows\System\xLjtOWg.exe
  2⤵
  PID:8608
- C:\Windows\System\eJukuxf.exe
  C:\Windows\System\eJukuxf.exe
  2⤵
  PID:8624
- C:\Windows\System\wSbFTha.exe
  C:\Windows\System\wSbFTha.exe
  2⤵
  PID:8640
- C:\Windows\System\bdfscFr.exe
  C:\Windows\System\bdfscFr.exe
  2⤵
  PID:8656
- C:\Windows\System\GUEaVRJ.exe
  C:\Windows\System\GUEaVRJ.exe
  2⤵
  PID:8672
- C:\Windows\System\rFzQThE.exe
  C:\Windows\System\rFzQThE.exe
  2⤵
  PID:8692
- C:\Windows\System\ENAisNP.exe
  C:\Windows\System\ENAisNP.exe
  2⤵
  PID:8720
- C:\Windows\System\PaYWMxL.exe
  C:\Windows\System\PaYWMxL.exe
  2⤵
  PID:8736
- C:\Windows\System\NfgYPPD.exe
  C:\Windows\System\NfgYPPD.exe
  2⤵
  PID:8752
- C:\Windows\System\cziipPx.exe
  C:\Windows\System\cziipPx.exe
  2⤵
  PID:8784
- C:\Windows\System\PyGvWpv.exe
  C:\Windows\System\PyGvWpv.exe
  2⤵
  PID:8808
- C:\Windows\System\Fhipgsa.exe
  C:\Windows\System\Fhipgsa.exe
  2⤵
  PID:8824
- C:\Windows\System\BkOKnWk.exe
  C:\Windows\System\BkOKnWk.exe
  2⤵
  PID:8864
- C:\Windows\System\oCSIztT.exe
  C:\Windows\System\oCSIztT.exe
  2⤵
  PID:8880
- C:\Windows\System\LqJSFRO.exe
  C:\Windows\System\LqJSFRO.exe
  2⤵
  PID:8896
- C:\Windows\System\DzjfaGL.exe
  C:\Windows\System\DzjfaGL.exe
  2⤵
  PID:8920
- C:\Windows\System\mPaZvyk.exe
  C:\Windows\System\mPaZvyk.exe
  2⤵
  PID:8940
- C:\Windows\System\OpfpZgi.exe
  C:\Windows\System\OpfpZgi.exe
  2⤵
  PID:8956
- C:\Windows\System\xAKFpip.exe
  C:\Windows\System\xAKFpip.exe
  2⤵
  PID:8976
- C:\Windows\System\sdptbos.exe
  C:\Windows\System\sdptbos.exe
  2⤵
  PID:9004
- C:\Windows\System\FDOoyun.exe
  C:\Windows\System\FDOoyun.exe
  2⤵
  PID:9020
- C:\Windows\System\UXfCRHL.exe
  C:\Windows\System\UXfCRHL.exe
  2⤵
  PID:9040
- C:\Windows\System\DfcSDDR.exe
  C:\Windows\System\DfcSDDR.exe
  2⤵
  PID:9060
- C:\Windows\System\QqxIcEG.exe
  C:\Windows\System\QqxIcEG.exe
  2⤵
  PID:9076
- C:\Windows\System\nAtouwu.exe
  C:\Windows\System\nAtouwu.exe
  2⤵
  PID:9092
- C:\Windows\System\WBOoAwi.exe
  C:\Windows\System\WBOoAwi.exe
  2⤵
  PID:9128
- C:\Windows\System\AMPEWcB.exe
  C:\Windows\System\AMPEWcB.exe
  2⤵
  PID:9144
- C:\Windows\System\dRdqUEa.exe
  C:\Windows\System\dRdqUEa.exe
  2⤵
  PID:9160
- C:\Windows\System\BaaKLog.exe
  C:\Windows\System\BaaKLog.exe
  2⤵
  PID:9180
- C:\Windows\System\VJHFoPo.exe
  C:\Windows\System\VJHFoPo.exe
  2⤵
  PID:9204
- C:\Windows\System\raEAkfW.exe
  C:\Windows\System\raEAkfW.exe
  2⤵
  PID:8212
- C:\Windows\System\oAJowck.exe
  C:\Windows\System\oAJowck.exe
  2⤵
  PID:8196
- C:\Windows\System\wGxnNHj.exe
  C:\Windows\System\wGxnNHj.exe
  2⤵
  PID:8244
- C:\Windows\System\XHaiLJn.exe
  C:\Windows\System\XHaiLJn.exe
  2⤵
  PID:8300
- C:\Windows\System\qcSMfZG.exe
  C:\Windows\System\qcSMfZG.exe
  2⤵
  PID:8284
- C:\Windows\System\SIEmmnp.exe
  C:\Windows\System\SIEmmnp.exe
  2⤵
  PID:8344
- C:\Windows\System\tPVLPsv.exe
  C:\Windows\System\tPVLPsv.exe
  2⤵
  PID:8416
- C:\Windows\System\qdhmIYm.exe
  C:\Windows\System\qdhmIYm.exe
  2⤵
  PID:8404
- C:\Windows\System\HaDGinW.exe
  C:\Windows\System\HaDGinW.exe
  2⤵
  PID:8472
- C:\Windows\System\kcrRfyK.exe
  C:\Windows\System\kcrRfyK.exe
  2⤵
  PID:8488
- C:\Windows\System\PbXXMFB.exe
  C:\Windows\System\PbXXMFB.exe
  2⤵
  PID:8532
- C:\Windows\System\LLIbkQl.exe
  C:\Windows\System\LLIbkQl.exe
  2⤵
  PID:8552
- C:\Windows\System\QscSMHq.exe
  C:\Windows\System\QscSMHq.exe
  2⤵
  PID:8680
- C:\Windows\System\fFnupqd.exe
  C:\Windows\System\fFnupqd.exe
  2⤵
  PID:8732
- C:\Windows\System\bWDoZxd.exe
  C:\Windows\System\bWDoZxd.exe
  2⤵
  PID:8780
- C:\Windows\System\BHIelqp.exe
  C:\Windows\System\BHIelqp.exe
  2⤵
  PID:8572
- C:\Windows\System\IyEbKit.exe
  C:\Windows\System\IyEbKit.exe
  2⤵
  PID:8632
- C:\Windows\System\lYTnihr.exe
  C:\Windows\System\lYTnihr.exe
  2⤵
  PID:8748
- C:\Windows\System\rIuTMVT.exe
  C:\Windows\System\rIuTMVT.exe
  2⤵
  PID:8816
- C:\Windows\System\SWFXpOQ.exe
  C:\Windows\System\SWFXpOQ.exe
  2⤵
  PID:8844
- C:\Windows\System\FGZacVL.exe
  C:\Windows\System\FGZacVL.exe
  2⤵
  PID:8860
- C:\Windows\System\SKNiRGa.exe
  C:\Windows\System\SKNiRGa.exe
  2⤵
  PID:8908
- C:\Windows\System\mxenmrz.exe
  C:\Windows\System\mxenmrz.exe
  2⤵
  PID:8892
- C:\Windows\System\wmjWXsx.exe
  C:\Windows\System\wmjWXsx.exe
  2⤵
  PID:8984
- C:\Windows\System\ruMWTPE.exe
  C:\Windows\System\ruMWTPE.exe
  2⤵
  PID:8992
- C:\Windows\System\LNfwmey.exe
  C:\Windows\System\LNfwmey.exe
  2⤵
  PID:9028
- C:\Windows\System\IkKkuiY.exe
  C:\Windows\System\IkKkuiY.exe
  2⤵
  PID:9100
- C:\Windows\System\odCvtuD.exe
  C:\Windows\System\odCvtuD.exe
  2⤵
  PID:9108
- C:\Windows\System\MctYjGC.exe
  C:\Windows\System\MctYjGC.exe
  2⤵
  PID:9116
- C:\Windows\System\gvHGXgk.exe
  C:\Windows\System\gvHGXgk.exe
  2⤵
  PID:9140
- C:\Windows\System\PbgTSOV.exe
  C:\Windows\System\PbgTSOV.exe
  2⤵
  PID:9196
- C:\Windows\System\wNBVkGD.exe
  C:\Windows\System\wNBVkGD.exe
  2⤵
  PID:7788
- C:\Windows\System\QPCLtMr.exe
  C:\Windows\System\QPCLtMr.exe
  2⤵
  PID:8240
- C:\Windows\System\pVQHKKm.exe
  C:\Windows\System\pVQHKKm.exe
  2⤵
  PID:8272
- C:\Windows\System\NOHxlkP.exe
  C:\Windows\System\NOHxlkP.exe
  2⤵
  PID:8288
- C:\Windows\System\xWRUtNB.exe
  C:\Windows\System\xWRUtNB.exe
  2⤵
  PID:8388
- C:\Windows\System\IZUvQfq.exe
  C:\Windows\System\IZUvQfq.exe
  2⤵
  PID:8456
- C:\Windows\System\NkRroUi.exe
  C:\Windows\System\NkRroUi.exe
  2⤵
  PID:8460
- C:\Windows\System\ltyETQK.exe
  C:\Windows\System\ltyETQK.exe
  2⤵
  PID:8528
- C:\Windows\System\xCeQlWo.exe
  C:\Windows\System\xCeQlWo.exe
  2⤵
  PID:8652
- C:\Windows\System\MiswXrv.exe
  C:\Windows\System\MiswXrv.exe
  2⤵
  PID:8568
- C:\Windows\System\COeSxOe.exe
  C:\Windows\System\COeSxOe.exe
  2⤵
  PID:8712
- C:\Windows\System\Pdvucjw.exe
  C:\Windows\System\Pdvucjw.exe
  2⤵
  PID:8836
- C:\Windows\System\evRLfly.exe
  C:\Windows\System\evRLfly.exe
  2⤵
  PID:8904
- C:\Windows\System\iUttqRE.exe
  C:\Windows\System\iUttqRE.exe
  2⤵
  PID:8912
- C:\Windows\System\SeQBfoH.exe
  C:\Windows\System\SeQBfoH.exe
  2⤵
  PID:8964
- C:\Windows\System\tcUIxPU.exe
  C:\Windows\System\tcUIxPU.exe
  2⤵
  PID:9052
- C:\Windows\System\qBYLNbN.exe
  C:\Windows\System\qBYLNbN.exe
  2⤵
  PID:9168
- C:\Windows\System\kLYcRDa.exe
  C:\Windows\System\kLYcRDa.exe
  2⤵
  PID:8236
- C:\Windows\System\yKAJAng.exe
  C:\Windows\System\yKAJAng.exe
  2⤵
  PID:8256
- C:\Windows\System\sRvBBFl.exe
  C:\Windows\System\sRvBBFl.exe
  2⤵
  PID:8332
- C:\Windows\System\eLZLoLE.exe
  C:\Windows\System\eLZLoLE.exe
  2⤵
  PID:8200
- C:\Windows\System\YQxWhkr.exe
  C:\Windows\System\YQxWhkr.exe
  2⤵
  PID:8324
- C:\Windows\System\elbgViP.exe
  C:\Windows\System\elbgViP.exe
  2⤵
  PID:8648
- C:\Windows\System\OUsxNHd.exe
  C:\Windows\System\OUsxNHd.exe
  2⤵
  PID:8504
- C:\Windows\System\tlHVbnN.exe
  C:\Windows\System\tlHVbnN.exe
  2⤵
  PID:8728
- C:\Windows\System\FedNhGD.exe
  C:\Windows\System\FedNhGD.exe
  2⤵
  PID:8800
- C:\Windows\System\GOYIwxe.exe
  C:\Windows\System\GOYIwxe.exe
  2⤵
  PID:8936
- C:\Windows\System\wVSfeeB.exe
  C:\Windows\System\wVSfeeB.exe
  2⤵
  PID:9068
- C:\Windows\System\QbAfhsK.exe
  C:\Windows\System\QbAfhsK.exe
  2⤵
  PID:8584
- C:\Windows\System\OzTdJTI.exe
  C:\Windows\System\OzTdJTI.exe
  2⤵
  PID:9000
- C:\Windows\System\LEPPigY.exe
  C:\Windows\System\LEPPigY.exe
  2⤵
  PID:9212
- C:\Windows\System\fvNcQUh.exe
  C:\Windows\System\fvNcQUh.exe
  2⤵
  PID:8776
- C:\Windows\System\IQKxFfi.exe
  C:\Windows\System\IQKxFfi.exe
  2⤵
  PID:8668
- C:\Windows\System\pQkxOEH.exe
  C:\Windows\System\pQkxOEH.exe
  2⤵
  PID:8664
- C:\Windows\System\CZYaxtU.exe
  C:\Windows\System\CZYaxtU.exe
  2⤵
  PID:8932
- C:\Windows\System\aIhGDhM.exe
  C:\Windows\System\aIhGDhM.exe
  2⤵
  PID:9188
- C:\Windows\System\lnVRRVS.exe
  C:\Windows\System\lnVRRVS.exe
  2⤵
  PID:8948
- C:\Windows\System\PsKHtee.exe
  C:\Windows\System\PsKHtee.exe
  2⤵
  PID:8520
- C:\Windows\System\HggqbHj.exe
  C:\Windows\System\HggqbHj.exe
  2⤵
  PID:8792
- C:\Windows\System\tuWLneI.exe
  C:\Windows\System\tuWLneI.exe
  2⤵
  PID:9136
- C:\Windows\System\jViqWFc.exe
  C:\Windows\System\jViqWFc.exe
  2⤵
  PID:9176
- C:\Windows\System\gZcLMJH.exe
  C:\Windows\System\gZcLMJH.exe
  2⤵
  PID:8304
- C:\Windows\System\xjNmkAn.exe
  C:\Windows\System\xjNmkAn.exe
  2⤵
  PID:9224
- C:\Windows\System\NmRpazZ.exe
  C:\Windows\System\NmRpazZ.exe
  2⤵
  PID:9240
- C:\Windows\System\OLSOfch.exe
  C:\Windows\System\OLSOfch.exe
  2⤵
  PID:9256
- C:\Windows\System\uuVMMkl.exe
  C:\Windows\System\uuVMMkl.exe
  2⤵
  PID:9276
- C:\Windows\System\VQVILFj.exe
  C:\Windows\System\VQVILFj.exe
  2⤵
  PID:9320
- C:\Windows\System\BiSTfKn.exe
  C:\Windows\System\BiSTfKn.exe
  2⤵
  PID:9336
- C:\Windows\System\wXWrNLm.exe
  C:\Windows\System\wXWrNLm.exe
  2⤵
  PID:9352
- C:\Windows\System\NjBRbpN.exe
  C:\Windows\System\NjBRbpN.exe
  2⤵
  PID:9368
- C:\Windows\System\tZbDNMT.exe
  C:\Windows\System\tZbDNMT.exe
  2⤵
  PID:9384
- C:\Windows\System\Lkbmtjh.exe
  C:\Windows\System\Lkbmtjh.exe
  2⤵
  PID:9400
- C:\Windows\System\wKPhLRm.exe
  C:\Windows\System\wKPhLRm.exe
  2⤵
  PID:9416
- C:\Windows\System\SQbmKKy.exe
  C:\Windows\System\SQbmKKy.exe
  2⤵
  PID:9432
- C:\Windows\System\hvhWAKZ.exe
  C:\Windows\System\hvhWAKZ.exe
  2⤵
  PID:9448
- C:\Windows\System\ofgSDLV.exe
  C:\Windows\System\ofgSDLV.exe
  2⤵
  PID:9464
- C:\Windows\System\vkBpwVh.exe
  C:\Windows\System\vkBpwVh.exe
  2⤵
  PID:9480
- C:\Windows\System\bbGAHJS.exe
  C:\Windows\System\bbGAHJS.exe
  2⤵
  PID:9504
- C:\Windows\System\AJAAWEZ.exe
  C:\Windows\System\AJAAWEZ.exe
  2⤵
  PID:9520
- C:\Windows\System\EaGwXFm.exe
  C:\Windows\System\EaGwXFm.exe
  2⤵
  PID:9548
- C:\Windows\System\yQujsbC.exe
  C:\Windows\System\yQujsbC.exe
  2⤵
  PID:9592
- C:\Windows\System\xKTFdTX.exe
  C:\Windows\System\xKTFdTX.exe
  2⤵
  PID:9624
- C:\Windows\System\skOVIXM.exe
  C:\Windows\System\skOVIXM.exe
  2⤵
  PID:9644
- C:\Windows\System\ActsHfZ.exe
  C:\Windows\System\ActsHfZ.exe
  2⤵
  PID:9668
- C:\Windows\System\NljHypR.exe
  C:\Windows\System\NljHypR.exe
  2⤵
  PID:9688
- C:\Windows\System\SxkOQnb.exe
  C:\Windows\System\SxkOQnb.exe
  2⤵
  PID:9704
- C:\Windows\System\wQDnNNu.exe
  C:\Windows\System\wQDnNNu.exe
  2⤵
  PID:9724
- C:\Windows\System\YjgCuNd.exe
  C:\Windows\System\YjgCuNd.exe
  2⤵
  PID:9744
- C:\Windows\System\VNhepZl.exe
  C:\Windows\System\VNhepZl.exe
  2⤵
  PID:9764
- C:\Windows\System\qXHRgCq.exe
  C:\Windows\System\qXHRgCq.exe
  2⤵
  PID:9784
- C:\Windows\System\eYXwHlP.exe
  C:\Windows\System\eYXwHlP.exe
  2⤵
  PID:9804
- C:\Windows\System\aGaDoor.exe
  C:\Windows\System\aGaDoor.exe
  2⤵
  PID:9828
- C:\Windows\System\tSkIPcQ.exe
  C:\Windows\System\tSkIPcQ.exe
  2⤵
  PID:9856
- C:\Windows\System\vfxYgcp.exe
  C:\Windows\System\vfxYgcp.exe
  2⤵
  PID:9872
- C:\Windows\System\jUCntIV.exe
  C:\Windows\System\jUCntIV.exe
  2⤵
  PID:9892
- C:\Windows\System\lwbNffg.exe
  C:\Windows\System\lwbNffg.exe
  2⤵
  PID:9912
- C:\Windows\System\dHWXnKx.exe
  C:\Windows\System\dHWXnKx.exe
  2⤵
  PID:9928
- C:\Windows\System\OhHLOTx.exe
  C:\Windows\System\OhHLOTx.exe
  2⤵
  PID:9948
- C:\Windows\System\FfKDoKr.exe
  C:\Windows\System\FfKDoKr.exe
  2⤵
  PID:9968
- C:\Windows\System\HnMHToA.exe
  C:\Windows\System\HnMHToA.exe
  2⤵
  PID:9984
- C:\Windows\System\RHdBHSq.exe
  C:\Windows\System\RHdBHSq.exe
  2⤵
  PID:10004
- C:\Windows\System\sdIfzcW.exe
  C:\Windows\System\sdIfzcW.exe
  2⤵
  PID:10032
- C:\Windows\System\HFAHRJl.exe
  C:\Windows\System\HFAHRJl.exe
  2⤵
  PID:10052
- C:\Windows\System\ljdIILV.exe
  C:\Windows\System\ljdIILV.exe
  2⤵
  PID:10076
- C:\Windows\System\NlbUBlg.exe
  C:\Windows\System\NlbUBlg.exe
  2⤵
  PID:10096
- C:\Windows\System\iInMZsv.exe
  C:\Windows\System\iInMZsv.exe
  2⤵
  PID:10116
- C:\Windows\System\ZrVEZvZ.exe
  C:\Windows\System\ZrVEZvZ.exe
  2⤵
  PID:10132
- C:\Windows\System\McNOYNg.exe
  C:\Windows\System\McNOYNg.exe
  2⤵
  PID:10156
- C:\Windows\System\HyKocZv.exe
  C:\Windows\System\HyKocZv.exe
  2⤵
  PID:10176
- C:\Windows\System\CugCIEL.exe
  C:\Windows\System\CugCIEL.exe
  2⤵
  PID:10192
- C:\Windows\System\lZWQgzg.exe
  C:\Windows\System\lZWQgzg.exe
  2⤵
  PID:10212
- C:\Windows\System\oUEYkrj.exe
  C:\Windows\System\oUEYkrj.exe
  2⤵
  PID:10228
- C:\Windows\System\dDGQdzM.exe
  C:\Windows\System\dDGQdzM.exe
  2⤵
  PID:9220
- C:\Windows\System\JBLivUL.exe
  C:\Windows\System\JBLivUL.exe
  2⤵
  PID:9292
- C:\Windows\System\AXvVdId.exe
  C:\Windows\System\AXvVdId.exe
  2⤵
  PID:9232
- C:\Windows\System\PaLdRCk.exe
  C:\Windows\System\PaLdRCk.exe
  2⤵
  PID:9296
- C:\Windows\System\RebGkYd.exe
  C:\Windows\System\RebGkYd.exe
  2⤵
  PID:9304
- C:\Windows\System\vHIMuJb.exe
  C:\Windows\System\vHIMuJb.exe
  2⤵
  PID:9316
- C:\Windows\System\jdWYenI.exe
  C:\Windows\System\jdWYenI.exe
  2⤵
  PID:9408
- C:\Windows\System\QLuCmtH.exe
  C:\Windows\System\QLuCmtH.exe
  2⤵
  PID:9460
- C:\Windows\System\GwdGIkM.exe
  C:\Windows\System\GwdGIkM.exe
  2⤵
  PID:9396
- C:\Windows\System\GokPPny.exe
  C:\Windows\System\GokPPny.exe
  2⤵
  PID:9496
- C:\Windows\System\dBFJKKP.exe
  C:\Windows\System\dBFJKKP.exe
  2⤵
  PID:9516
- C:\Windows\System\bwVwKEK.exe
  C:\Windows\System\bwVwKEK.exe
  2⤵
  PID:9572
- C:\Windows\System\WRsSogr.exe
  C:\Windows\System\WRsSogr.exe
  2⤵
  PID:9540
- C:\Windows\System\idJDvlu.exe
  C:\Windows\System\idJDvlu.exe
  2⤵
  PID:9608
- C:\Windows\System\pgHSxDs.exe
  C:\Windows\System\pgHSxDs.exe
  2⤵
  PID:9636
- C:\Windows\System\SpvyWoU.exe
  C:\Windows\System\SpvyWoU.exe
  2⤵
  PID:9676
- C:\Windows\System\UMxODiQ.exe
  C:\Windows\System\UMxODiQ.exe
  2⤵
  PID:9700
- C:\Windows\System\GCgSrKc.exe
  C:\Windows\System\GCgSrKc.exe
  2⤵
  PID:9732
- C:\Windows\System\mIIhDzU.exe
  C:\Windows\System\mIIhDzU.exe
  2⤵
  PID:9756
- C:\Windows\System\igPpJBR.exe
  C:\Windows\System\igPpJBR.exe
  2⤵
  PID:9792
- C:\Windows\System\InSrZMM.exe
  C:\Windows\System\InSrZMM.exe
  2⤵
  PID:9820
- C:\Windows\System\RZwWCrs.exe
  C:\Windows\System\RZwWCrs.exe
  2⤵
  PID:9884
- C:\Windows\System\zZCuXdx.exe
  C:\Windows\System\zZCuXdx.exe
  2⤵
  PID:9908
- C:\Windows\System\attLPBm.exe
  C:\Windows\System\attLPBm.exe
  2⤵
  PID:9924
- C:\Windows\System\VjGpfbz.exe
  C:\Windows\System\VjGpfbz.exe
  2⤵
  PID:9964
- C:\Windows\System\clgxQMC.exe
  C:\Windows\System\clgxQMC.exe
  2⤵
  PID:10000
- C:\Windows\System\PpOocpj.exe
  C:\Windows\System\PpOocpj.exe
  2⤵
  PID:10024
- C:\Windows\System\LpglwnA.exe
  C:\Windows\System\LpglwnA.exe
  2⤵
  PID:10044
- C:\Windows\System\FllQJbC.exe
  C:\Windows\System\FllQJbC.exe
  2⤵
  PID:10068
- C:\Windows\System\eWBMlGo.exe
  C:\Windows\System\eWBMlGo.exe
  2⤵
  PID:10104
- C:\Windows\System\qPfzCOl.exe
  C:\Windows\System\qPfzCOl.exe
  2⤵
  PID:10128
- C:\Windows\System\hJWrKMA.exe
  C:\Windows\System\hJWrKMA.exe
  2⤵
  PID:10164
- C:\Windows\System\ThDBwvH.exe
  C:\Windows\System\ThDBwvH.exe
  2⤵
  PID:10188
- C:\Windows\System\rgsKjQp.exe
  C:\Windows\System\rgsKjQp.exe
  2⤵
  PID:10236
- C:\Windows\System\sKSDSiK.exe
  C:\Windows\System\sKSDSiK.exe
  2⤵
  PID:9248
- C:\Windows\System\yLcmHhx.exe
  C:\Windows\System\yLcmHhx.exe
  2⤵
  PID:9836
- C:\Windows\System\qJHaEQM.exe
  C:\Windows\System\qJHaEQM.exe
  2⤵
  PID:9428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFPrjyk.exe

Filesize
6.0MB

MD5
654b32b6603ccc3430ef34e3cdcfaf7c

SHA1
4cd0ee24b0bcbe888790bcf63d4b60ba5cc1e20e

SHA256
b0b77d575d9bf39e22ef8d3538951a40c22ed30516934e3ff3c4d56ef02999a0

SHA512
a37e9451e6ec1c410fd4477b31165dc46a69408244940f6238fd50f55502d9e9a6f62277a04405c896f572984868923122904dc94e9c6189de062ade4300ef0c

Download Submit
C:\Windows\system\FDAfLZI.exe

Filesize
6.0MB

MD5
5159b281f056c242aa27be8ead75a751

SHA1
75d8d7b5a2d5fb509594d8e7dc3d400848b2b44f

SHA256
526551166141b48cf006ad379a105b9b8672b17667700e4368112196031a490b

SHA512
07b198ac5abe05e4db67ec32f14a4cc7d3b4e3c06e2f68d0137dc3354a10a46324772438891978299a554123388e85e8f3465425048a88ab8763dfc9c1f68ecc

Download Submit
C:\Windows\system\GndSxkD.exe

Filesize
6.0MB

MD5
4302206e8a28ad4e0e24a45708e8dc85

SHA1
5bb038781e81c9be5d5ecc67e83d9a573b151206

SHA256
5437d909c3b7db237ee2dbe5aece439e879e71ded01580e831d458c3098fb847

SHA512
d9ea0513b58088798aded4520f0c946365dcf46fb0a48b763fec72b5b5bc4ff8249e31859636b5a5795139eab1090e8c01dba0796d69ff58beb4383f4045f252

Download Submit
C:\Windows\system\OiqOJLV.exe

Filesize
6.0MB

MD5
2041d494e88fe3724b7fb6ea6dd105c5

SHA1
ece2720b5b0cada8a37a6888a462e218654725d7

SHA256
6d4049a483f310d724ddeb91c67b05d62b7b4dfebe5b3750516a1debd9e6d7dd

SHA512
87790e8fa0f773a6503329338eeac93d9d3e6691c2077e4562474494ab7e7cf083f635aad89a44f48373af40bb42534a88c6090de74a3ec5c9031c5004a19165

Download Submit
C:\Windows\system\SMqriOc.exe

Filesize
6.0MB

MD5
bec4a9d95f9ac1e804c7bf32535c9a1a

SHA1
3b7559facbc43bff76509b323e2549a9c1c59d9a

SHA256
7e6f23368bc6486d0a114606e5bfcb9c401b87d5ec07b06726ecc862ececa711

SHA512
0fe2a8245652d94e89760fee45c6edc31ee2b96f972d9de577d8a6be2d9508d3eaf96b76a00c4704c21c0a263eae7a2af109f03a56b7a99fa018dee40a386174

Download Submit
C:\Windows\system\VMKvTDh.exe

Filesize
6.0MB

MD5
2667b2fd5b601cfbe6d9a1b5c552dcb5

SHA1
5609f8ba1a7b574e3abb39e7b75d7a01bde163a6

SHA256
3eca6fa97a0a8c3866ddd1147320de7cfe8ec5238074df3cdef6b364eb035edd

SHA512
8fb5dbd2e67000db3a4f04bb352a394cb1cb7c6e13d958b5f48578ee49abaa0c7a1c5ea43039608046a9746bcce13179d70289be6042a3e016fe157a2b72ff7d

Download Submit
C:\Windows\system\Vezisjj.exe

Filesize
6.0MB

MD5
8bbb6e58d30a4e1466364a582874ff7c

SHA1
29f480b71f7daf9dd9e8e52fb4a542dd4d351b2f

SHA256
6480c4e22a5330f3c412e2c9d5ad0cc62d65a4c1d12cd1aeb378e92935a3f631

SHA512
447de65fec06ebc72a2f72d0d75e2f4d3dac4aefd3eaca7fd9f726bef29f558b0937fbbfbff75596238b37256c1bf9d26c534f1abb3fa94ca89fdd2dfdadf9e2

Download Submit
C:\Windows\system\WukSptj.exe

Filesize
6.0MB

MD5
9cc5477e51942e6092c7100363c56542

SHA1
28fb3b932c403c8fc831027f4d4170b6f7c26882

SHA256
4bf833c7f6881ee436ae6f174c7062ab618358d3e402f45fb3cae809f593b82c

SHA512
016ed84846eb0ff25b466aaba0e385e1cb53573214120ca7a261be5434d48b59f30b29f33b44c01d8f55309ba05e3c2bdc9b601e88368cb37f4e6e672886562b

Download Submit
C:\Windows\system\YHejqzA.exe

Filesize
6.0MB

MD5
0506b5aecd9881edfb964c49b96d6381

SHA1
3722057cbe12a7fdeaeaff53ace25cd36aae7180

SHA256
e572affc76eb81e1cced736d034ccd3363802bf93355935453039e21094e2eda

SHA512
eee2d5de3ce812a941e42fceb99a09bfc221b363bfe50f304fa1e29914dfc4098de315e19cde3b5b2ae802585add4425e057f3baf470cfdab706a327677476ff

Download Submit
C:\Windows\system\YdJeLTN.exe

Filesize
6.0MB

MD5
7e31dae28a3ce94c6c8321f98a5b0099

SHA1
451f0fa4526748f72481db222cbef3146ee97bc9

SHA256
e0baceebb8eee1f1c559390b152e4c731af86496f33769b4248aefcb6fa3909e

SHA512
db970abc5f65d477454576a2cc9757f3562f089ed41c0313b8802f4a6ec36ea3840c7683de84087df51646d71f70b7850b6490bdb6c848a47c446658f8544e68

Download Submit
C:\Windows\system\bAiyzKY.exe

Filesize
6.0MB

MD5
607cf5b66ffb6f36f11b57e95371fc38

SHA1
3a5b3a7f3afdb814a4cc221b61783d471a58f0fd

SHA256
eb103e48f19126a7869587529211eff6c1215f07723b604195d12ae631962c49

SHA512
48cce21a3f2628d4727a07512b3f9fa7efea2e303d9b50ce4879e109ed7158d91e0f90ddeb9db21c8c04ff95ad3b8c27cfe4414a5eb85ef2d2d189ac5640a78b

Download Submit
C:\Windows\system\cxvLfBp.exe

Filesize
6.0MB

MD5
2c94d3e975f150d3a46ea790fa66ad37

SHA1
7c70e28c772dea6e7f5ca836fdf2447f351d6afe

SHA256
5507ec8e36076524f2ae6c86fa7a3c6ad8cee6b9d9f240822ae3cc7a085cdec6

SHA512
5a98df152a4ba5805b2928cf8a795e9f991c5a6974363bf7ebc0638b3fe414b220a2ab57d1165186cefffdd01ae24842c12dd7db523d518021a2de0b54cb6421

Download Submit
C:\Windows\system\iFtpQyh.exe

Filesize
6.0MB

MD5
99b79b3c01c9fc5529875723ccc63f10

SHA1
0affec5e20e01060b7463b157e1a8e161b743bac

SHA256
a369223b08e3aeacd8b4f1a25a27683c3ae2f70002faf0398d566eae8ae71c21

SHA512
9acee3338d6372b1cf7d329a9cbf6b52357790088ac9d71657705251a2b377f013459d0a801369a225c12211d3b3e27866b0e8e0c6f7f1fdc104e7d2170872a6

Download Submit
C:\Windows\system\imGIEET.exe

Filesize
6.0MB

MD5
5079b6fae0771e03ebaa4c9e4c87eeb7

SHA1
e890d888e261d324471661d39a00572e7124e12d

SHA256
f7d04b09bfb5b9a45e0f21aae6f7a8d44605ad2220071136b1aa9f5328d91e7d

SHA512
3156e5ed795fc3d6a0cc5c70e4dcbbf39ed3a2d647271aea41a898fcb87bc194bf23efbddf1c2eb506167189792ff7d99b0a27d75d6232c713cf3c1c542de4f7

Download Submit
C:\Windows\system\lyKjhBn.exe

Filesize
6.0MB

MD5
daa87cd725ffd5bf420e3946c07cfcf8

SHA1
d38581b3d6a92d608564be4d270f154ebd788a5a

SHA256
250192a275388aba80b585cacdce27b17f0da21f8efe3b23f1f40f6953f659eb

SHA512
6a803cfb33174738812641ba8204f59e2c2d9e06614d39f5ca187783a4a9fb3e8690a3656edf33141b73a46717ceb72fd08d6e34c54fd8230c11d8d428c56dc8

Download Submit
C:\Windows\system\oQoqGsE.exe

Filesize
6.0MB

MD5
12af2da8efe35ade589a68a6c291ecc8

SHA1
fb7a52162de4eb4f5d70aa12216e7ebb90fbbaf3

SHA256
171fa7310ccb6e2872736f84111429696dec69f211e8102dff2529ec766ba4a6

SHA512
9d058a8643bede638e03d3a7cad1c3da5ff86de078509e491c4cb51562b6644750e0cdd17362abccfdba057b6f0716b12c0ee77d27dbe297ff13cb4c81503809

Download Submit
C:\Windows\system\oUReIsI.exe

Filesize
6.0MB

MD5
2dd6c52025f84da14252f9689149983d

SHA1
7408682d4f24110e9ae225680291cb2dec5bb434

SHA256
da676b6a9ed5baff3f3f88e0846eed48b00c286ed3de4460aa6cba19812f0379

SHA512
ab7acde4331368e22c82218d0bfa7d1f69c5682e4334258143611c7d782ed6888e9d22d9ba56f5924e76255e7f8cc7366a91c614e629b7a461770151735c9a86

Download Submit
C:\Windows\system\pjHicFv.exe

Filesize
6.0MB

MD5
3286a71558f27d245f421a42eb660908

SHA1
e7705bbf4fc623ff42f381d1724e566a4138b84a

SHA256
94c98086f55916817a29175f0e3f37fcbfdd2b5d57651e812b49bff41fe1cc24

SHA512
44d00839e219df671e2c96b77bd90acfe3f39ab3e4c9c6c1c81160a41242e135266b514948417c29c58107c693032e9b6445afa1e4ed21f5049c4c71452f468e

Download Submit
C:\Windows\system\sNZbqqC.exe

Filesize
6.0MB

MD5
c004ff3f6410261df4e14f396c0c56c5

SHA1
e979096fefe42845ca802c59f11aee1d60d35053

SHA256
078b3f52bdcc1df10a542b6bf00da40e619041ffcdcc854efbbc0e127631a1c3

SHA512
0783a1557760f7addd430b19d3b31b42bb6d5920ff841f8c2e6e03fc116740f12eb6518bdc34df0782152d0387ddac95c1a660bfd9c697db3b8d5fb0199ba89d

Download Submit
C:\Windows\system\vRIXwUq.exe

Filesize
6.0MB

MD5
190f76e32f73db14f89f6bb119d49697

SHA1
9f1315324bb315f706fa21bb822dfcfaf59a4097

SHA256
e75a8e75947c9f716afddd784df8e256e12a57a6faaab327d9843672872868ad

SHA512
35563534af48a6e30af3f2f1ad6dcd64010d84d97e9a7e1467e1ca6a589e97e05dd2680dbe2509bb9e69a4f891beeff0f097a78f9df5d4df427254900adf936f

Download Submit
C:\Windows\system\wNeqbus.exe

Filesize
6.0MB

MD5
cdaf4fe0171b81e44a23218a5099dea3

SHA1
1e0bfe064ebf4a81b433f1b6a0ae08a7c7b06ebf

SHA256
d59d8fadf989ef9592024df17841c5b707b7dd8c69365689b46cc10d5c4beb84

SHA512
90826d72a95efb1f184aeaac3f59dcd3ffae78607dcb140b927672a7db3bbb639a67eb68ea978458a58144b7ce28ab5eaf7d9e311c9059f2adc9f68a3c2bb5d9

Download Submit
\Windows\system\BaEWFqt.exe

Filesize
6.0MB

MD5
4b74a900a7b445d949f240df18e91722

SHA1
609ebba331779677f6918d2c4c339bbb33dd1d8a

SHA256
cd8e6005489cffc1aea2593b16c20e1afe50caac0c67c7079f4c06a618602969

SHA512
4d920b848787c703c64d88debb7bc45cc4e06406a659af83a146aa3b841ffee76f28ef2bbdae0bcd8041ff3e7afbc86919bf204de41c0fe05efafc4f47b96f0d

Download Submit
\Windows\system\CjrBMje.exe

Filesize
6.0MB

MD5
d5cf4ab37f0968189343336734451f26

SHA1
cef11b47ddf73b334ece3c04f2453da9c5c89c79

SHA256
96388b88229593351d1fff8a6463aa1deffed4058a8f519dc08a3e04f04d531c

SHA512
65af965455cb392aad8fdde6dd3952f411210459f81423acce6406fdb2515dad2ea42beab11add9ff7afc222bda590c7605eb9a6e4a1d59f6af8adf5063f947b

Download Submit
\Windows\system\DTjFAii.exe

Filesize
6.0MB

MD5
7ec80be821e55a98df599b34325c0dea

SHA1
7e8a23ac263fc48de991593e622416861f17dc2a

SHA256
9eac003029ee88623ecc2dfea5f3c13164ec5b56cf95322c1cb5a0d99ab95f1f

SHA512
9595a6b3986ae30828f68d63b32fe500f0db25652c6ce8a1ce7c53ed3a90e87a7ee2068dce61377e4ddff540cc93e9fa3cb5fed0a095f27f4b1233565c4d676a

Download Submit
\Windows\system\FkISJLd.exe

Filesize
6.0MB

MD5
9706d0554bd20348d3a9a70da5b706e5

SHA1
9591abc24b24cf4283f2ce7437842eb1888cda02

SHA256
65fa2ef63d9d3cb0bb01b9cbd2b2066c34944bf0834d64a5070f0d2cc1dcd69a

SHA512
fbb33754dd11cd9b847a72fc5837463892866d093180e88579e6af54725190c090b959d1b77b1fb0a95ac441df1e74966e6c392ad98ad3f2a9b94fe68dce34b3

Download Submit
\Windows\system\TFrGgXP.exe

Filesize
6.0MB

MD5
9114d02c2b45fbf96772b87da1395724

SHA1
928b22b6e89ad764daf4bd6aabcba0210d26f582

SHA256
4d5dce4b8e8399543605aacdc85dfdbef3c46e3595cbfdb7e6a0d48400ba0762

SHA512
41f7b577c994dfac4a96bd3d34a02afea51b2937e3c851501075f00ba9fb8aa674575de9ca9bf9bad69c91d6b6abae58eb3c74325ac977e14f519d570a15ba9e

Download Submit
\Windows\system\dWFODkN.exe

Filesize
6.0MB

MD5
4dbecd9ede06b8fa5f951bcd7a11ab94

SHA1
afee40b4e8ea4c82bfc609a9169e154e1b2bfd62

SHA256
7f9c434114a6546ab8fac465c5f2a536506fd608948a669ad9591331306bba0e

SHA512
10941e6c1150b32330e42fe5b9343725cbfb3c2d8a81b54f6b89fd60f9877afbfcb73252dd7c7c3382cde74a456c698b4f6475be863b9573cd37ab37d8578227

Download Submit
\Windows\system\grtedBA.exe

Filesize
6.0MB

MD5
4c04c607cc78c1bc70e85b08fb4986f0

SHA1
546acb9025e352b33996c9e1402f3b3f8f3823c5

SHA256
8fdaaebf4a364e603b68225e6aed1f54650a9b9b99c23020dfff917315244ce2

SHA512
049d8252ae6acdcbdcc575f28e6757f056438ca5308c69e31a8900aabf5ddd7ed4272b0962a8ea3b3dccb1ab62c6303540cc36b9685188b8507c3fca451620f9

Download Submit
\Windows\system\jsrZgXh.exe

Filesize
6.0MB

MD5
f326261b86e5558ef4f84285331e5be4

SHA1
c02e27b3fd2049b2b5e29e8cc20ea161841c0a05

SHA256
9250514a1d199bc53948a50cfa0085a7adb63e68d40f2731357358594c986987

SHA512
a4866aac5f0e8aa4f2bd50b0726f0e053e5a1290cfb6f52f25d3aa2989b7f5e64c9c5ee4f5e6eeb0018da3267686b921b75cc42f25dcc5e352c7c6d0e9cecf07

Download Submit
\Windows\system\mruDYSv.exe

Filesize
6.0MB

MD5
420df2eb65b10d603efcecec18104fd3

SHA1
e9fe2294d76f812a6017ea32fba94f0d89370906

SHA256
577a40a2f36b64423744970737bc4c7ef201537210ae6c7ff2fe4c878106659d

SHA512
d47615f8d983d9626513c8433fd90ac28beab79a4b7e61859653dcd0c2db84ad9303756206c72a93b46a65c524eaa532ed4c4312283f664027142c042419cb87

Download Submit
\Windows\system\qfSQCsz.exe

Filesize
6.0MB

MD5
44296084b07309c4c19e9c3c8fbc227e

SHA1
08a9ab6cb0a5f6a777c25011bfd8f35df56e74ec

SHA256
872ef687d48158e891ddae3aac44276095811e91059ac5d4068b17f24d430c7a

SHA512
3d58a531d8fd5178b993c0d8d13ee678728a7ece38a0ad376617bd6762b5ff960b4cefb984670f260ca68078be138c92361e293aa548daadbcade820d5467f80

Download Submit
\Windows\system\vBdzEYg.exe

Filesize
6.0MB

MD5
39a761c46850c85ce36823e22ad075ed

SHA1
b77c006633eda13dfdd101c81f311ddb4d761e46

SHA256
79f3758288a60f13b7d8d21a49dd756c08e70dffa010c6b3227d7c16b0e6e83a

SHA512
f28115fe1a8e10875ed6201043a0f3566e51fafa0c6eace60362612ec2f87fe962fb3ad6de24647256287a1a6a77eb2cc00eb42cbbbf525d6e560e3655fb2dad

Download Submit
memory/824-55-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/824-3831-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1308-110-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1308-4065-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1960-3530-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1960-9-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1960-41-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3836-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-54-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-22-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-109-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-89-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2436-82-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2436-34-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2436-38-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-53-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2436-37-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2436-927-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-873-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-770-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-59-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2436-91-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2436-441-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2436-103-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-105-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-29-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-106-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2436-20-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-114-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-0-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2436-13-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2436-70-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-6-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2452-15-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-43-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3533-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4010-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-85-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2520-542-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-348-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3947-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-77-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-61-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2568-27-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3555-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-67-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2604-108-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3852-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2664-111-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3884-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2664-69-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2724-42-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3821-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2724-81-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2940-655-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2940-96-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2952-115-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4079-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3839-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-74-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-35-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download