cobaltstrike | ec6aa503c004387d233e6c064a001007a333296ec94a1ebbc166ca48987754b5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1719dd5f6cc57f136c68689013a0e827
SHA1

2d6cde177e2a338da57f6d8e00fc594567e7e80d
SHA256

ec6aa503c004387d233e6c064a001007a333296ec94a1ebbc166ca48987754b5
SHA512

2ab83b6fabcee95c8b736c3057dc067d548dbfd3e9edc4b911afdb1ff5b6c44f6157ef6b476cc1f35e88f16eacbab5e74635cd2446bcdddde03d0a447491ff4c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225b-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e74-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739c-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739a-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f9c-21.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173e4-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-200.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-115.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1928-1-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225b-6.dat	xmrig
behavioral1/memory/3056-19-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e74-12.dat	xmrig
behavioral1/memory/2060-25-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2480-30-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000700000001739c-35.dat	xmrig
behavioral1/memory/1472-34-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000700000001739a-33.dat	xmrig
behavioral1/memory/1928-32-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d9f-13.dat	xmrig
behavioral1/memory/1928-23-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2332-22-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f9c-21.dat	xmrig
behavioral1/memory/2816-41-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/3056-45-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1928-44-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/1928-43-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173e4-53.dat	xmrig
behavioral1/memory/2836-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-46.dat	xmrig
behavioral1/memory/1928-56-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f7-68.dat	xmrig
behavioral1/memory/2816-72-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2632-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1472-64-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-63.dat	xmrig
behavioral1/memory/2620-73-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2792-51-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1928-47-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2480-54-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2792-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2836-93-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-95.dat	xmrig
behavioral1/files/0x0005000000019234-85.dat	xmrig
behavioral1/memory/2632-108-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2044-109-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2076-106-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2884-103-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2028-102-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1928-101-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1928-100-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019218-96.dat	xmrig
behavioral1/files/0x0005000000019229-94.dat	xmrig
behavioral1/memory/1928-92-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2620-111-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019277-130.dat	xmrig
behavioral1/files/0x00050000000193c4-150.dat	xmrig
behavioral1/files/0x00050000000193df-165.dat	xmrig
behavioral1/files/0x0005000000019403-175.dat	xmrig
behavioral1/files/0x0005000000019441-185.dat	xmrig
behavioral1/files/0x0005000000019539-200.dat	xmrig
behavioral1/files/0x00050000000194d8-195.dat	xmrig
behavioral1/files/0x000500000001947e-190.dat	xmrig
behavioral1/files/0x000500000001942f-180.dat	xmrig
behavioral1/files/0x0005000000019401-171.dat	xmrig
behavioral1/files/0x00050000000193d9-160.dat	xmrig
behavioral1/files/0x00050000000193cc-155.dat	xmrig
behavioral1/files/0x00050000000193be-145.dat	xmrig
behavioral1/files/0x0005000000019389-140.dat	xmrig
behavioral1/files/0x0005000000019382-135.dat	xmrig
behavioral1/files/0x0005000000019273-125.dat	xmrig
behavioral1/files/0x0005000000019271-121.dat	xmrig
behavioral1/files/0x000500000001926b-115.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2332	hEovaUc.exe
3056	zfmKVTI.exe
2060	UlRuevN.exe
2480	SAiibHc.exe
1472	YEmoSix.exe
2816	GAPEEAE.exe
2792	dPBbxsn.exe
2836	RvUOvUb.exe
2632	dOrEZUB.exe
2620	XeIbHRI.exe
2076	vowBREq.exe
2028	GplJdtD.exe
2884	iKFGHBd.exe
2044	UeMwmTF.exe
1884	CQfcOhk.exe
1084	cpiitAP.exe
1220	qsinmlx.exe
1848	PFKdmZs.exe
1852	xheDStX.exe
2832	uqTSxOo.exe
2800	SPSUSFL.exe
2676	RTLCGaJ.exe
2268	hMceZJQ.exe
2260	acZFBml.exe
2952	QDnZIke.exe
1696	TkfdYao.exe
800	OgjkPaj.exe
2820	EBqcovn.exe
772	ZCsDRZM.exe
1584	goJpqRq.exe
1240	TQshLAk.exe
2016	yLqKzrj.exe
1048	tAVRLEM.exe
624	cqPfdif.exe
1792	HrHtuVF.exe
1800	RpiAnSv.exe
2164	uHPgRFu.exe
352	JlUInCX.exe
2088	YqkyKqC.exe
2372	TEMcbTq.exe
2108	vNYpKEk.exe
336	hFgQWqV.exe
2412	tzIpGMN.exe
616	iNeroYb.exe
2552	AdXEXRk.exe
884	KQbbidy.exe
1764	mkcYBgj.exe
2232	dlRiboq.exe
3044	DgpXiWI.exe
1540	kKeTQyd.exe
1688	GijLXOP.exe
480	XTIfyDW.exe
1932	xGqUhBk.exe
2776	CcOLdJv.exe
1148	curykAD.exe
2188	nxXTimb.exe
2804	pYeWVDA.exe
2932	NSKNKTl.exe
2580	cUOyspZ.exe
2056	FEeGUPj.exe
2200	OmKGRMG.exe
2852	UcgtePe.exe
2588	JHbWGjq.exe
2864	IjwaZkL.exe

Loads dropped DLL 64 IoCs

pid	Process
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-1-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x000c00000001225b-6.dat	upx
behavioral1/memory/3056-19-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000016e74-12.dat	upx
behavioral1/memory/2060-25-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2480-30-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000700000001739c-35.dat	upx
behavioral1/memory/1472-34-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000700000001739a-33.dat	upx
behavioral1/files/0x0008000000016d9f-13.dat	upx
behavioral1/memory/2332-22-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000016f9c-21.dat	upx
behavioral1/memory/2816-41-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/3056-45-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1928-44-0x00000000023C0000-0x0000000002714000-memory.dmp	upx
behavioral1/memory/1928-43-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00080000000173e4-53.dat	upx
behavioral1/memory/2836-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-46.dat	upx
behavioral1/files/0x00050000000191f7-68.dat	upx
behavioral1/memory/2816-72-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2632-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1472-64-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-63.dat	upx
behavioral1/memory/2620-73-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2792-51-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2480-54-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2792-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2836-93-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000500000001924c-95.dat	upx
behavioral1/files/0x0005000000019234-85.dat	upx
behavioral1/memory/2632-108-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2044-109-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2076-106-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2884-103-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2028-102-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x0005000000019218-96.dat	upx
behavioral1/files/0x0005000000019229-94.dat	upx
behavioral1/memory/2620-111-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0005000000019277-130.dat	upx
behavioral1/files/0x00050000000193c4-150.dat	upx
behavioral1/files/0x00050000000193df-165.dat	upx
behavioral1/files/0x0005000000019403-175.dat	upx
behavioral1/files/0x0005000000019441-185.dat	upx
behavioral1/files/0x0005000000019539-200.dat	upx
behavioral1/files/0x00050000000194d8-195.dat	upx
behavioral1/files/0x000500000001947e-190.dat	upx
behavioral1/files/0x000500000001942f-180.dat	upx
behavioral1/files/0x0005000000019401-171.dat	upx
behavioral1/files/0x00050000000193d9-160.dat	upx
behavioral1/files/0x00050000000193cc-155.dat	upx
behavioral1/files/0x00050000000193be-145.dat	upx
behavioral1/files/0x0005000000019389-140.dat	upx
behavioral1/files/0x0005000000019382-135.dat	upx
behavioral1/files/0x0005000000019273-125.dat	upx
behavioral1/files/0x0005000000019271-121.dat	upx
behavioral1/files/0x000500000001926b-115.dat	upx
behavioral1/memory/3056-3316-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2332-3313-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2060-3326-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2480-3330-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1472-3351-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2816-3404-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2792-3614-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EuFqJzl.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVpAPOW.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAGAQix.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHmqvrE.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQdybst.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhmtgQM.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mICZjbJ.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRYLSWL.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VInjuVP.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfEGqXO.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qESBEEL.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcluNHp.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKSHGQH.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRwyyWm.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKhOytC.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IywdcOn.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZgWLUo.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGxTpFL.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScMmgrX.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjVXBLB.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moXbJPX.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlETsMK.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnICdYz.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQVeIbz.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVgmqak.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRvGdqm.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnQXCMn.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFhVtvu.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQDOcTh.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUwEfMC.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvnggqL.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGjzSpX.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUHWKqA.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeWahSl.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azhMPDm.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txDFYBQ.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSItdPw.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqWRHEC.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuUQwmY.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDsFNwG.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZwRvFo.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlKRfoT.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvySROF.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwFkgPp.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arUhVAL.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqtsVhw.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsgAVWr.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFIVYjW.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJvDbfB.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rtbcpgi.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlGcdOd.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZygzUUY.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzmnzRg.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpUEraz.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXtSbds.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLHOoEQ.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oajZkbc.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWotHHK.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njFfmqK.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfzWlnh.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNoeucp.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcOLdJv.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMUVgaR.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bThUMth.exe	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2332	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2332	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 2332	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1928 wrote to memory of 3056	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 3056	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 3056	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1928 wrote to memory of 2480	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2480	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2480	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1928 wrote to memory of 2060	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2060	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 2060	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1928 wrote to memory of 1472	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 1472	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 1472	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1928 wrote to memory of 2816	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2816	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2816	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1928 wrote to memory of 2792	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2792	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2792	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1928 wrote to memory of 2836	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2836	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2836	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1928 wrote to memory of 2632	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2632	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2632	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1928 wrote to memory of 2620	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2620	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2620	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1928 wrote to memory of 2884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1928 wrote to memory of 2076	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2076	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2076	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1928 wrote to memory of 2044	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2044	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2044	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1928 wrote to memory of 2028	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 2028	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 2028	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1928 wrote to memory of 1884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1884	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1928 wrote to memory of 1084	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1084	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1084	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1928 wrote to memory of 1220	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1220	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1220	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1928 wrote to memory of 1848	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 1848	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 1848	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1928 wrote to memory of 1852	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1852	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 1852	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1928 wrote to memory of 2832	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2832	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2832	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1928 wrote to memory of 2800	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2800	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2800	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1928 wrote to memory of 2676	1928	2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_1719dd5f6cc57f136c68689013a0e827_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\hEovaUc.exe
  C:\Windows\System\hEovaUc.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\zfmKVTI.exe
  C:\Windows\System\zfmKVTI.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\SAiibHc.exe
  C:\Windows\System\SAiibHc.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\UlRuevN.exe
  C:\Windows\System\UlRuevN.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\YEmoSix.exe
  C:\Windows\System\YEmoSix.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\GAPEEAE.exe
  C:\Windows\System\GAPEEAE.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\dPBbxsn.exe
  C:\Windows\System\dPBbxsn.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\RvUOvUb.exe
  C:\Windows\System\RvUOvUb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\dOrEZUB.exe
  C:\Windows\System\dOrEZUB.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XeIbHRI.exe
  C:\Windows\System\XeIbHRI.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\iKFGHBd.exe
  C:\Windows\System\iKFGHBd.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\vowBREq.exe
  C:\Windows\System\vowBREq.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\UeMwmTF.exe
  C:\Windows\System\UeMwmTF.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\GplJdtD.exe
  C:\Windows\System\GplJdtD.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\CQfcOhk.exe
  C:\Windows\System\CQfcOhk.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\cpiitAP.exe
  C:\Windows\System\cpiitAP.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\qsinmlx.exe
  C:\Windows\System\qsinmlx.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\PFKdmZs.exe
  C:\Windows\System\PFKdmZs.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\xheDStX.exe
  C:\Windows\System\xheDStX.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\uqTSxOo.exe
  C:\Windows\System\uqTSxOo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\SPSUSFL.exe
  C:\Windows\System\SPSUSFL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\RTLCGaJ.exe
  C:\Windows\System\RTLCGaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\hMceZJQ.exe
  C:\Windows\System\hMceZJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\acZFBml.exe
  C:\Windows\System\acZFBml.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\QDnZIke.exe
  C:\Windows\System\QDnZIke.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\TkfdYao.exe
  C:\Windows\System\TkfdYao.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\OgjkPaj.exe
  C:\Windows\System\OgjkPaj.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\EBqcovn.exe
  C:\Windows\System\EBqcovn.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZCsDRZM.exe
  C:\Windows\System\ZCsDRZM.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\goJpqRq.exe
  C:\Windows\System\goJpqRq.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\TQshLAk.exe
  C:\Windows\System\TQshLAk.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\yLqKzrj.exe
  C:\Windows\System\yLqKzrj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\tAVRLEM.exe
  C:\Windows\System\tAVRLEM.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\cqPfdif.exe
  C:\Windows\System\cqPfdif.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\HrHtuVF.exe
  C:\Windows\System\HrHtuVF.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\RpiAnSv.exe
  C:\Windows\System\RpiAnSv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\uHPgRFu.exe
  C:\Windows\System\uHPgRFu.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\JlUInCX.exe
  C:\Windows\System\JlUInCX.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\YqkyKqC.exe
  C:\Windows\System\YqkyKqC.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\TEMcbTq.exe
  C:\Windows\System\TEMcbTq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\vNYpKEk.exe
  C:\Windows\System\vNYpKEk.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\hFgQWqV.exe
  C:\Windows\System\hFgQWqV.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\tzIpGMN.exe
  C:\Windows\System\tzIpGMN.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\iNeroYb.exe
  C:\Windows\System\iNeroYb.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\AdXEXRk.exe
  C:\Windows\System\AdXEXRk.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\KQbbidy.exe
  C:\Windows\System\KQbbidy.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\mkcYBgj.exe
  C:\Windows\System\mkcYBgj.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\dlRiboq.exe
  C:\Windows\System\dlRiboq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\DgpXiWI.exe
  C:\Windows\System\DgpXiWI.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\kKeTQyd.exe
  C:\Windows\System\kKeTQyd.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\GijLXOP.exe
  C:\Windows\System\GijLXOP.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\XTIfyDW.exe
  C:\Windows\System\XTIfyDW.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\xGqUhBk.exe
  C:\Windows\System\xGqUhBk.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\CcOLdJv.exe
  C:\Windows\System\CcOLdJv.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\curykAD.exe
  C:\Windows\System\curykAD.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\nxXTimb.exe
  C:\Windows\System\nxXTimb.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\pYeWVDA.exe
  C:\Windows\System\pYeWVDA.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\NSKNKTl.exe
  C:\Windows\System\NSKNKTl.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\cUOyspZ.exe
  C:\Windows\System\cUOyspZ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\FEeGUPj.exe
  C:\Windows\System\FEeGUPj.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\OmKGRMG.exe
  C:\Windows\System\OmKGRMG.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UcgtePe.exe
  C:\Windows\System\UcgtePe.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JHbWGjq.exe
  C:\Windows\System\JHbWGjq.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IjwaZkL.exe
  C:\Windows\System\IjwaZkL.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\cUjDAWC.exe
  C:\Windows\System\cUjDAWC.exe
  2⤵
  PID:2544
- C:\Windows\System\OsviCCo.exe
  C:\Windows\System\OsviCCo.exe
  2⤵
  PID:1864
- C:\Windows\System\ENKphgE.exe
  C:\Windows\System\ENKphgE.exe
  2⤵
  PID:2628
- C:\Windows\System\zpuvFbg.exe
  C:\Windows\System\zpuvFbg.exe
  2⤵
  PID:1888
- C:\Windows\System\IzUJNvn.exe
  C:\Windows\System\IzUJNvn.exe
  2⤵
  PID:1684
- C:\Windows\System\xeqYjGs.exe
  C:\Windows\System\xeqYjGs.exe
  2⤵
  PID:2008
- C:\Windows\System\qjmgfJd.exe
  C:\Windows\System\qjmgfJd.exe
  2⤵
  PID:1628
- C:\Windows\System\ftLyiEL.exe
  C:\Windows\System\ftLyiEL.exe
  2⤵
  PID:1724
- C:\Windows\System\bggKgiW.exe
  C:\Windows\System\bggKgiW.exe
  2⤵
  PID:2916
- C:\Windows\System\oXfZkhy.exe
  C:\Windows\System\oXfZkhy.exe
  2⤵
  PID:2408
- C:\Windows\System\fNBKKGd.exe
  C:\Windows\System\fNBKKGd.exe
  2⤵
  PID:2184
- C:\Windows\System\cScUaSh.exe
  C:\Windows\System\cScUaSh.exe
  2⤵
  PID:2356
- C:\Windows\System\eXABeoS.exe
  C:\Windows\System\eXABeoS.exe
  2⤵
  PID:1588
- C:\Windows\System\vQweFNJ.exe
  C:\Windows\System\vQweFNJ.exe
  2⤵
  PID:600
- C:\Windows\System\ZdwNjDu.exe
  C:\Windows\System\ZdwNjDu.exe
  2⤵
  PID:1300
- C:\Windows\System\DkTtTKx.exe
  C:\Windows\System\DkTtTKx.exe
  2⤵
  PID:1544
- C:\Windows\System\SJvUlbm.exe
  C:\Windows\System\SJvUlbm.exe
  2⤵
  PID:896
- C:\Windows\System\QCyMeSL.exe
  C:\Windows\System\QCyMeSL.exe
  2⤵
  PID:3000
- C:\Windows\System\qnrrvNg.exe
  C:\Windows\System\qnrrvNg.exe
  2⤵
  PID:1868
- C:\Windows\System\Rtwaznr.exe
  C:\Windows\System\Rtwaznr.exe
  2⤵
  PID:1624
- C:\Windows\System\bIhMDPE.exe
  C:\Windows\System\bIhMDPE.exe
  2⤵
  PID:3020
- C:\Windows\System\ViEmbfM.exe
  C:\Windows\System\ViEmbfM.exe
  2⤵
  PID:2272
- C:\Windows\System\lWNANCG.exe
  C:\Windows\System\lWNANCG.exe
  2⤵
  PID:940
- C:\Windows\System\SpTAVOk.exe
  C:\Windows\System\SpTAVOk.exe
  2⤵
  PID:2424
- C:\Windows\System\crjJuem.exe
  C:\Windows\System\crjJuem.exe
  2⤵
  PID:2660
- C:\Windows\System\GBOzlon.exe
  C:\Windows\System\GBOzlon.exe
  2⤵
  PID:1808
- C:\Windows\System\FzzcgZn.exe
  C:\Windows\System\FzzcgZn.exe
  2⤵
  PID:1692
- C:\Windows\System\ToZYdeS.exe
  C:\Windows\System\ToZYdeS.exe
  2⤵
  PID:2128
- C:\Windows\System\BujDsKk.exe
  C:\Windows\System\BujDsKk.exe
  2⤵
  PID:2504
- C:\Windows\System\EtIwVhz.exe
  C:\Windows\System\EtIwVhz.exe
  2⤵
  PID:1880
- C:\Windows\System\LZTqVgF.exe
  C:\Windows\System\LZTqVgF.exe
  2⤵
  PID:2092
- C:\Windows\System\hkcPiNU.exe
  C:\Windows\System\hkcPiNU.exe
  2⤵
  PID:3052
- C:\Windows\System\wnzBOHq.exe
  C:\Windows\System\wnzBOHq.exe
  2⤵
  PID:1464
- C:\Windows\System\pwsnNak.exe
  C:\Windows\System\pwsnNak.exe
  2⤵
  PID:2576
- C:\Windows\System\xYHYNDp.exe
  C:\Windows\System\xYHYNDp.exe
  2⤵
  PID:2796
- C:\Windows\System\pZmFnWm.exe
  C:\Windows\System\pZmFnWm.exe
  2⤵
  PID:2396
- C:\Windows\System\yoezpFr.exe
  C:\Windows\System\yoezpFr.exe
  2⤵
  PID:2668
- C:\Windows\System\NSRbAkk.exe
  C:\Windows\System\NSRbAkk.exe
  2⤵
  PID:2100
- C:\Windows\System\jzGEvst.exe
  C:\Windows\System\jzGEvst.exe
  2⤵
  PID:2004
- C:\Windows\System\OGqckLb.exe
  C:\Windows\System\OGqckLb.exe
  2⤵
  PID:1188
- C:\Windows\System\ocSEZMH.exe
  C:\Windows\System\ocSEZMH.exe
  2⤵
  PID:2144
- C:\Windows\System\NMxsEZD.exe
  C:\Windows\System\NMxsEZD.exe
  2⤵
  PID:2664
- C:\Windows\System\wouwRIf.exe
  C:\Windows\System\wouwRIf.exe
  2⤵
  PID:2960
- C:\Windows\System\RYjTJNn.exe
  C:\Windows\System\RYjTJNn.exe
  2⤵
  PID:3040
- C:\Windows\System\oOHFSrm.exe
  C:\Windows\System\oOHFSrm.exe
  2⤵
  PID:944
- C:\Windows\System\ylMFiPW.exe
  C:\Windows\System\ylMFiPW.exe
  2⤵
  PID:2148
- C:\Windows\System\FHAcYtV.exe
  C:\Windows\System\FHAcYtV.exe
  2⤵
  PID:1616
- C:\Windows\System\TerzSgj.exe
  C:\Windows\System\TerzSgj.exe
  2⤵
  PID:3028
- C:\Windows\System\MTZjXjF.exe
  C:\Windows\System\MTZjXjF.exe
  2⤵
  PID:344
- C:\Windows\System\vOWLGgR.exe
  C:\Windows\System\vOWLGgR.exe
  2⤵
  PID:1948
- C:\Windows\System\scsEznN.exe
  C:\Windows\System\scsEznN.exe
  2⤵
  PID:2072
- C:\Windows\System\CMAHybZ.exe
  C:\Windows\System\CMAHybZ.exe
  2⤵
  PID:2112
- C:\Windows\System\WNrOKyb.exe
  C:\Windows\System\WNrOKyb.exe
  2⤵
  PID:2236
- C:\Windows\System\fVWbXBG.exe
  C:\Windows\System\fVWbXBG.exe
  2⤵
  PID:2064
- C:\Windows\System\GZlagWL.exe
  C:\Windows\System\GZlagWL.exe
  2⤵
  PID:2720
- C:\Windows\System\EzYTKYr.exe
  C:\Windows\System\EzYTKYr.exe
  2⤵
  PID:2608
- C:\Windows\System\TUPEnPe.exe
  C:\Windows\System\TUPEnPe.exe
  2⤵
  PID:1908
- C:\Windows\System\kxDunRz.exe
  C:\Windows\System\kxDunRz.exe
  2⤵
  PID:2684
- C:\Windows\System\XtEdyLI.exe
  C:\Windows\System\XtEdyLI.exe
  2⤵
  PID:2748
- C:\Windows\System\GJjgQrH.exe
  C:\Windows\System\GJjgQrH.exe
  2⤵
  PID:1924
- C:\Windows\System\vGsDFzv.exe
  C:\Windows\System\vGsDFzv.exe
  2⤵
  PID:2280
- C:\Windows\System\uhgZkFi.exe
  C:\Windows\System\uhgZkFi.exe
  2⤵
  PID:1064
- C:\Windows\System\lPlPuPy.exe
  C:\Windows\System\lPlPuPy.exe
  2⤵
  PID:2908
- C:\Windows\System\LOAJsBC.exe
  C:\Windows\System\LOAJsBC.exe
  2⤵
  PID:348
- C:\Windows\System\QCDnQxF.exe
  C:\Windows\System\QCDnQxF.exe
  2⤵
  PID:2636
- C:\Windows\System\UOcHIHq.exe
  C:\Windows\System\UOcHIHq.exe
  2⤵
  PID:2368
- C:\Windows\System\MNqOzDd.exe
  C:\Windows\System\MNqOzDd.exe
  2⤵
  PID:2156
- C:\Windows\System\QMcnqPq.exe
  C:\Windows\System\QMcnqPq.exe
  2⤵
  PID:2136
- C:\Windows\System\biMLOTj.exe
  C:\Windows\System\biMLOTj.exe
  2⤵
  PID:1564
- C:\Windows\System\IaKexzJ.exe
  C:\Windows\System\IaKexzJ.exe
  2⤵
  PID:1784
- C:\Windows\System\cShrHNW.exe
  C:\Windows\System\cShrHNW.exe
  2⤵
  PID:804
- C:\Windows\System\cgJWlJQ.exe
  C:\Windows\System\cgJWlJQ.exe
  2⤵
  PID:2880
- C:\Windows\System\uQagrov.exe
  C:\Windows\System\uQagrov.exe
  2⤵
  PID:2772
- C:\Windows\System\osKbKfK.exe
  C:\Windows\System\osKbKfK.exe
  2⤵
  PID:464
- C:\Windows\System\SZdvtNG.exe
  C:\Windows\System\SZdvtNG.exe
  2⤵
  PID:2824
- C:\Windows\System\hFmCrdb.exe
  C:\Windows\System\hFmCrdb.exe
  2⤵
  PID:576
- C:\Windows\System\jwwrLWp.exe
  C:\Windows\System\jwwrLWp.exe
  2⤵
  PID:2024
- C:\Windows\System\BOuVEVW.exe
  C:\Windows\System\BOuVEVW.exe
  2⤵
  PID:2192
- C:\Windows\System\cvfJrEc.exe
  C:\Windows\System\cvfJrEc.exe
  2⤵
  PID:2288
- C:\Windows\System\UfvMqNc.exe
  C:\Windows\System\UfvMqNc.exe
  2⤵
  PID:108
- C:\Windows\System\rHeocYM.exe
  C:\Windows\System\rHeocYM.exe
  2⤵
  PID:2740
- C:\Windows\System\IOFtqNk.exe
  C:\Windows\System\IOFtqNk.exe
  2⤵
  PID:2468
- C:\Windows\System\JlYhtYb.exe
  C:\Windows\System\JlYhtYb.exe
  2⤵
  PID:2416
- C:\Windows\System\FmLFIIr.exe
  C:\Windows\System\FmLFIIr.exe
  2⤵
  PID:660
- C:\Windows\System\WOPUAfy.exe
  C:\Windows\System\WOPUAfy.exe
  2⤵
  PID:3092
- C:\Windows\System\GrTpSoQ.exe
  C:\Windows\System\GrTpSoQ.exe
  2⤵
  PID:3112
- C:\Windows\System\NybNIWH.exe
  C:\Windows\System\NybNIWH.exe
  2⤵
  PID:3132
- C:\Windows\System\kXQcntd.exe
  C:\Windows\System\kXQcntd.exe
  2⤵
  PID:3152
- C:\Windows\System\dgtxLMf.exe
  C:\Windows\System\dgtxLMf.exe
  2⤵
  PID:3172
- C:\Windows\System\tGZCWFI.exe
  C:\Windows\System\tGZCWFI.exe
  2⤵
  PID:3192
- C:\Windows\System\qfzNHbI.exe
  C:\Windows\System\qfzNHbI.exe
  2⤵
  PID:3212
- C:\Windows\System\eyzIUcM.exe
  C:\Windows\System\eyzIUcM.exe
  2⤵
  PID:3232
- C:\Windows\System\caCwCLb.exe
  C:\Windows\System\caCwCLb.exe
  2⤵
  PID:3252
- C:\Windows\System\oAdVqNF.exe
  C:\Windows\System\oAdVqNF.exe
  2⤵
  PID:3268
- C:\Windows\System\rolfjlC.exe
  C:\Windows\System\rolfjlC.exe
  2⤵
  PID:3292
- C:\Windows\System\cRKJuNd.exe
  C:\Windows\System\cRKJuNd.exe
  2⤵
  PID:3312
- C:\Windows\System\gQagoCN.exe
  C:\Windows\System\gQagoCN.exe
  2⤵
  PID:3332
- C:\Windows\System\EdRFJxi.exe
  C:\Windows\System\EdRFJxi.exe
  2⤵
  PID:3352
- C:\Windows\System\PFrBZzP.exe
  C:\Windows\System\PFrBZzP.exe
  2⤵
  PID:3372
- C:\Windows\System\emjweRs.exe
  C:\Windows\System\emjweRs.exe
  2⤵
  PID:3392
- C:\Windows\System\ECQEOYR.exe
  C:\Windows\System\ECQEOYR.exe
  2⤵
  PID:3412
- C:\Windows\System\telZXFs.exe
  C:\Windows\System\telZXFs.exe
  2⤵
  PID:3432
- C:\Windows\System\cnmhmXU.exe
  C:\Windows\System\cnmhmXU.exe
  2⤵
  PID:3452
- C:\Windows\System\MJEJWGd.exe
  C:\Windows\System\MJEJWGd.exe
  2⤵
  PID:3472
- C:\Windows\System\RplnWYt.exe
  C:\Windows\System\RplnWYt.exe
  2⤵
  PID:3492
- C:\Windows\System\cPuKauF.exe
  C:\Windows\System\cPuKauF.exe
  2⤵
  PID:3512
- C:\Windows\System\CGoEVur.exe
  C:\Windows\System\CGoEVur.exe
  2⤵
  PID:3532
- C:\Windows\System\kxSbAFY.exe
  C:\Windows\System\kxSbAFY.exe
  2⤵
  PID:3552
- C:\Windows\System\LvaAtya.exe
  C:\Windows\System\LvaAtya.exe
  2⤵
  PID:3572
- C:\Windows\System\WnmOjxx.exe
  C:\Windows\System\WnmOjxx.exe
  2⤵
  PID:3596
- C:\Windows\System\tRWDBzr.exe
  C:\Windows\System\tRWDBzr.exe
  2⤵
  PID:3616
- C:\Windows\System\UkpFJfV.exe
  C:\Windows\System\UkpFJfV.exe
  2⤵
  PID:3636
- C:\Windows\System\gFmPXVm.exe
  C:\Windows\System\gFmPXVm.exe
  2⤵
  PID:3656
- C:\Windows\System\cnZIdkz.exe
  C:\Windows\System\cnZIdkz.exe
  2⤵
  PID:3676
- C:\Windows\System\RyBuPLd.exe
  C:\Windows\System\RyBuPLd.exe
  2⤵
  PID:3696
- C:\Windows\System\SIeRAgd.exe
  C:\Windows\System\SIeRAgd.exe
  2⤵
  PID:3716
- C:\Windows\System\dpDRsdl.exe
  C:\Windows\System\dpDRsdl.exe
  2⤵
  PID:3736
- C:\Windows\System\UFLdkqJ.exe
  C:\Windows\System\UFLdkqJ.exe
  2⤵
  PID:3756
- C:\Windows\System\MyQxmda.exe
  C:\Windows\System\MyQxmda.exe
  2⤵
  PID:3776
- C:\Windows\System\MkdvijF.exe
  C:\Windows\System\MkdvijF.exe
  2⤵
  PID:3796
- C:\Windows\System\rfKUvDQ.exe
  C:\Windows\System\rfKUvDQ.exe
  2⤵
  PID:3816
- C:\Windows\System\Zoonxcy.exe
  C:\Windows\System\Zoonxcy.exe
  2⤵
  PID:3832
- C:\Windows\System\QXhRpMQ.exe
  C:\Windows\System\QXhRpMQ.exe
  2⤵
  PID:3856
- C:\Windows\System\MTFtKkr.exe
  C:\Windows\System\MTFtKkr.exe
  2⤵
  PID:3876
- C:\Windows\System\UqnNSMm.exe
  C:\Windows\System\UqnNSMm.exe
  2⤵
  PID:3896
- C:\Windows\System\hdiMgPt.exe
  C:\Windows\System\hdiMgPt.exe
  2⤵
  PID:3916
- C:\Windows\System\WZuTgoL.exe
  C:\Windows\System\WZuTgoL.exe
  2⤵
  PID:3936
- C:\Windows\System\EBUWwMW.exe
  C:\Windows\System\EBUWwMW.exe
  2⤵
  PID:3956
- C:\Windows\System\oapdEMm.exe
  C:\Windows\System\oapdEMm.exe
  2⤵
  PID:3976
- C:\Windows\System\RXYFTLp.exe
  C:\Windows\System\RXYFTLp.exe
  2⤵
  PID:3996
- C:\Windows\System\qKOvJIg.exe
  C:\Windows\System\qKOvJIg.exe
  2⤵
  PID:4016
- C:\Windows\System\dgYiSyp.exe
  C:\Windows\System\dgYiSyp.exe
  2⤵
  PID:4036
- C:\Windows\System\hylifYp.exe
  C:\Windows\System\hylifYp.exe
  2⤵
  PID:4056
- C:\Windows\System\ZlUcChk.exe
  C:\Windows\System\ZlUcChk.exe
  2⤵
  PID:4076
- C:\Windows\System\XSyKyaf.exe
  C:\Windows\System\XSyKyaf.exe
  2⤵
  PID:2992
- C:\Windows\System\DSvsdNf.exe
  C:\Windows\System\DSvsdNf.exe
  2⤵
  PID:872
- C:\Windows\System\ZSmMTyX.exe
  C:\Windows\System\ZSmMTyX.exe
  2⤵
  PID:2808
- C:\Windows\System\WltzsvE.exe
  C:\Windows\System\WltzsvE.exe
  2⤵
  PID:284
- C:\Windows\System\PUwlFvt.exe
  C:\Windows\System\PUwlFvt.exe
  2⤵
  PID:1660
- C:\Windows\System\HDuWurZ.exe
  C:\Windows\System\HDuWurZ.exe
  2⤵
  PID:3128
- C:\Windows\System\XpTaETJ.exe
  C:\Windows\System\XpTaETJ.exe
  2⤵
  PID:3144
- C:\Windows\System\EZVYFNv.exe
  C:\Windows\System\EZVYFNv.exe
  2⤵
  PID:3208
- C:\Windows\System\cggLpeF.exe
  C:\Windows\System\cggLpeF.exe
  2⤵
  PID:3240
- C:\Windows\System\wjSNpuB.exe
  C:\Windows\System\wjSNpuB.exe
  2⤵
  PID:3220
- C:\Windows\System\gQiPtqY.exe
  C:\Windows\System\gQiPtqY.exe
  2⤵
  PID:3260
- C:\Windows\System\anJafFS.exe
  C:\Windows\System\anJafFS.exe
  2⤵
  PID:3308
- C:\Windows\System\rTtrQxD.exe
  C:\Windows\System\rTtrQxD.exe
  2⤵
  PID:3340
- C:\Windows\System\JRwLnYW.exe
  C:\Windows\System\JRwLnYW.exe
  2⤵
  PID:3400
- C:\Windows\System\VfWhaJC.exe
  C:\Windows\System\VfWhaJC.exe
  2⤵
  PID:3440
- C:\Windows\System\ouzoExu.exe
  C:\Windows\System\ouzoExu.exe
  2⤵
  PID:3428
- C:\Windows\System\VgTFtHg.exe
  C:\Windows\System\VgTFtHg.exe
  2⤵
  PID:3488
- C:\Windows\System\UwRNxyP.exe
  C:\Windows\System\UwRNxyP.exe
  2⤵
  PID:3520
- C:\Windows\System\PMcrmLj.exe
  C:\Windows\System\PMcrmLj.exe
  2⤵
  PID:3568
- C:\Windows\System\drQyjru.exe
  C:\Windows\System\drQyjru.exe
  2⤵
  PID:3604
- C:\Windows\System\PmSMlSY.exe
  C:\Windows\System\PmSMlSY.exe
  2⤵
  PID:3624
- C:\Windows\System\mJqbafW.exe
  C:\Windows\System\mJqbafW.exe
  2⤵
  PID:3648
- C:\Windows\System\uCkCSNj.exe
  C:\Windows\System\uCkCSNj.exe
  2⤵
  PID:3672
- C:\Windows\System\NBbSyZa.exe
  C:\Windows\System\NBbSyZa.exe
  2⤵
  PID:3728
- C:\Windows\System\sqcufCS.exe
  C:\Windows\System\sqcufCS.exe
  2⤵
  PID:3752
- C:\Windows\System\cmHsjvl.exe
  C:\Windows\System\cmHsjvl.exe
  2⤵
  PID:3804
- C:\Windows\System\EvbqUda.exe
  C:\Windows\System\EvbqUda.exe
  2⤵
  PID:3824
- C:\Windows\System\SvtUGhm.exe
  C:\Windows\System\SvtUGhm.exe
  2⤵
  PID:3844
- C:\Windows\System\KWfPiBD.exe
  C:\Windows\System\KWfPiBD.exe
  2⤵
  PID:3888
- C:\Windows\System\wmaTnBi.exe
  C:\Windows\System\wmaTnBi.exe
  2⤵
  PID:3904
- C:\Windows\System\ZzyenhS.exe
  C:\Windows\System\ZzyenhS.exe
  2⤵
  PID:3964
- C:\Windows\System\xrZKBvP.exe
  C:\Windows\System\xrZKBvP.exe
  2⤵
  PID:4012
- C:\Windows\System\ZonFwpX.exe
  C:\Windows\System\ZonFwpX.exe
  2⤵
  PID:4044
- C:\Windows\System\gAGAQix.exe
  C:\Windows\System\gAGAQix.exe
  2⤵
  PID:4048
- C:\Windows\System\bQeGSUf.exe
  C:\Windows\System\bQeGSUf.exe
  2⤵
  PID:4088
- C:\Windows\System\CanQJpG.exe
  C:\Windows\System\CanQJpG.exe
  2⤵
  PID:2572
- C:\Windows\System\XUFMRfV.exe
  C:\Windows\System\XUFMRfV.exe
  2⤵
  PID:1936
- C:\Windows\System\EIKVnKn.exe
  C:\Windows\System\EIKVnKn.exe
  2⤵
  PID:1072
- C:\Windows\System\AcNfYUz.exe
  C:\Windows\System\AcNfYUz.exe
  2⤵
  PID:3120
- C:\Windows\System\TMeHQzk.exe
  C:\Windows\System\TMeHQzk.exe
  2⤵
  PID:1972
- C:\Windows\System\lgdJwVU.exe
  C:\Windows\System\lgdJwVU.exe
  2⤵
  PID:1668
- C:\Windows\System\TdqwcTF.exe
  C:\Windows\System\TdqwcTF.exe
  2⤵
  PID:3188
- C:\Windows\System\ilNWlPf.exe
  C:\Windows\System\ilNWlPf.exe
  2⤵
  PID:3284
- C:\Windows\System\LgYmgWq.exe
  C:\Windows\System\LgYmgWq.exe
  2⤵
  PID:3244
- C:\Windows\System\NUJFwFa.exe
  C:\Windows\System\NUJFwFa.exe
  2⤵
  PID:3328
- C:\Windows\System\SGxTpFL.exe
  C:\Windows\System\SGxTpFL.exe
  2⤵
  PID:3380
- C:\Windows\System\LMbRbir.exe
  C:\Windows\System\LMbRbir.exe
  2⤵
  PID:3524
- C:\Windows\System\GobzULA.exe
  C:\Windows\System\GobzULA.exe
  2⤵
  PID:3540
- C:\Windows\System\kCBbyrF.exe
  C:\Windows\System\kCBbyrF.exe
  2⤵
  PID:3608
- C:\Windows\System\hWuFyOU.exe
  C:\Windows\System\hWuFyOU.exe
  2⤵
  PID:3692
- C:\Windows\System\PYyYyXW.exe
  C:\Windows\System\PYyYyXW.exe
  2⤵
  PID:3632
- C:\Windows\System\hbYOTGD.exe
  C:\Windows\System\hbYOTGD.exe
  2⤵
  PID:3808
- C:\Windows\System\jteigzO.exe
  C:\Windows\System\jteigzO.exe
  2⤵
  PID:3792
- C:\Windows\System\ywRpfIX.exe
  C:\Windows\System\ywRpfIX.exe
  2⤵
  PID:3828
- C:\Windows\System\GGwgAcb.exe
  C:\Windows\System\GGwgAcb.exe
  2⤵
  PID:3952
- C:\Windows\System\gotqTJr.exe
  C:\Windows\System\gotqTJr.exe
  2⤵
  PID:3984
- C:\Windows\System\PJXGyJS.exe
  C:\Windows\System\PJXGyJS.exe
  2⤵
  PID:4004
- C:\Windows\System\oIbzJlJ.exe
  C:\Windows\System\oIbzJlJ.exe
  2⤵
  PID:4028
- C:\Windows\System\NMFjRTg.exe
  C:\Windows\System\NMFjRTg.exe
  2⤵
  PID:1376
- C:\Windows\System\ghYNeoi.exe
  C:\Windows\System\ghYNeoi.exe
  2⤵
  PID:3088
- C:\Windows\System\bzFxADx.exe
  C:\Windows\System\bzFxADx.exe
  2⤵
  PID:2564
- C:\Windows\System\OLiUYSy.exe
  C:\Windows\System\OLiUYSy.exe
  2⤵
  PID:2324
- C:\Windows\System\NZtasUA.exe
  C:\Windows\System\NZtasUA.exe
  2⤵
  PID:3108
- C:\Windows\System\apItpns.exe
  C:\Windows\System\apItpns.exe
  2⤵
  PID:3324
- C:\Windows\System\GBwIbqY.exe
  C:\Windows\System\GBwIbqY.exe
  2⤵
  PID:3384
- C:\Windows\System\QtBfiGs.exe
  C:\Windows\System\QtBfiGs.exe
  2⤵
  PID:3444
- C:\Windows\System\pzgMfVv.exe
  C:\Windows\System\pzgMfVv.exe
  2⤵
  PID:3764
- C:\Windows\System\rezMTVf.exe
  C:\Windows\System\rezMTVf.exe
  2⤵
  PID:3788
- C:\Windows\System\jAXRFWW.exe
  C:\Windows\System\jAXRFWW.exe
  2⤵
  PID:3724
- C:\Windows\System\tYjuXCK.exe
  C:\Windows\System\tYjuXCK.exe
  2⤵
  PID:3784
- C:\Windows\System\hyumaOf.exe
  C:\Windows\System\hyumaOf.exe
  2⤵
  PID:3080
- C:\Windows\System\nbJidNA.exe
  C:\Windows\System\nbJidNA.exe
  2⤵
  PID:3100
- C:\Windows\System\dmKpGou.exe
  C:\Windows\System\dmKpGou.exe
  2⤵
  PID:4052
- C:\Windows\System\PCNzZag.exe
  C:\Windows\System\PCNzZag.exe
  2⤵
  PID:3280
- C:\Windows\System\uTkSkEx.exe
  C:\Windows\System\uTkSkEx.exe
  2⤵
  PID:3320
- C:\Windows\System\vcgFEZv.exe
  C:\Windows\System\vcgFEZv.exe
  2⤵
  PID:2392
- C:\Windows\System\kNhbfQN.exe
  C:\Windows\System\kNhbfQN.exe
  2⤵
  PID:3684
- C:\Windows\System\WSGwuht.exe
  C:\Windows\System\WSGwuht.exe
  2⤵
  PID:3852
- C:\Windows\System\WZUMhVw.exe
  C:\Windows\System\WZUMhVw.exe
  2⤵
  PID:4072
- C:\Windows\System\irdBpWh.exe
  C:\Windows\System\irdBpWh.exe
  2⤵
  PID:3744
- C:\Windows\System\ncJZBXY.exe
  C:\Windows\System\ncJZBXY.exe
  2⤵
  PID:4092
- C:\Windows\System\jutfYZg.exe
  C:\Windows\System\jutfYZg.exe
  2⤵
  PID:1916
- C:\Windows\System\xqBwspD.exe
  C:\Windows\System\xqBwspD.exe
  2⤵
  PID:3480
- C:\Windows\System\FIerCIh.exe
  C:\Windows\System\FIerCIh.exe
  2⤵
  PID:3508
- C:\Windows\System\RmVkRMd.exe
  C:\Windows\System\RmVkRMd.exe
  2⤵
  PID:4032
- C:\Windows\System\vPCYOdj.exe
  C:\Windows\System\vPCYOdj.exe
  2⤵
  PID:3612
- C:\Windows\System\OyduCxI.exe
  C:\Windows\System\OyduCxI.exe
  2⤵
  PID:856
- C:\Windows\System\iATFECO.exe
  C:\Windows\System\iATFECO.exe
  2⤵
  PID:4108
- C:\Windows\System\SlUddXl.exe
  C:\Windows\System\SlUddXl.exe
  2⤵
  PID:4128
- C:\Windows\System\MoEMoPm.exe
  C:\Windows\System\MoEMoPm.exe
  2⤵
  PID:4148
- C:\Windows\System\FBxrHUk.exe
  C:\Windows\System\FBxrHUk.exe
  2⤵
  PID:4168
- C:\Windows\System\vFdUsYw.exe
  C:\Windows\System\vFdUsYw.exe
  2⤵
  PID:4188
- C:\Windows\System\RHOyviJ.exe
  C:\Windows\System\RHOyviJ.exe
  2⤵
  PID:4208
- C:\Windows\System\hLXVfJM.exe
  C:\Windows\System\hLXVfJM.exe
  2⤵
  PID:4228
- C:\Windows\System\ZtsgZnL.exe
  C:\Windows\System\ZtsgZnL.exe
  2⤵
  PID:4248
- C:\Windows\System\SXcXlNn.exe
  C:\Windows\System\SXcXlNn.exe
  2⤵
  PID:4264
- C:\Windows\System\GIWNBka.exe
  C:\Windows\System\GIWNBka.exe
  2⤵
  PID:4288
- C:\Windows\System\bqbvDRj.exe
  C:\Windows\System\bqbvDRj.exe
  2⤵
  PID:4308
- C:\Windows\System\lysnBsl.exe
  C:\Windows\System\lysnBsl.exe
  2⤵
  PID:4328
- C:\Windows\System\GlXHMOk.exe
  C:\Windows\System\GlXHMOk.exe
  2⤵
  PID:4348
- C:\Windows\System\bKeiNVs.exe
  C:\Windows\System\bKeiNVs.exe
  2⤵
  PID:4376
- C:\Windows\System\VREjgPD.exe
  C:\Windows\System\VREjgPD.exe
  2⤵
  PID:4396
- C:\Windows\System\MioAtsS.exe
  C:\Windows\System\MioAtsS.exe
  2⤵
  PID:4416
- C:\Windows\System\FPXefWj.exe
  C:\Windows\System\FPXefWj.exe
  2⤵
  PID:4432
- C:\Windows\System\GKmbSPM.exe
  C:\Windows\System\GKmbSPM.exe
  2⤵
  PID:4448
- C:\Windows\System\pyTBEaW.exe
  C:\Windows\System\pyTBEaW.exe
  2⤵
  PID:4472
- C:\Windows\System\oWWbSZv.exe
  C:\Windows\System\oWWbSZv.exe
  2⤵
  PID:4500
- C:\Windows\System\VRfRYiD.exe
  C:\Windows\System\VRfRYiD.exe
  2⤵
  PID:4516
- C:\Windows\System\PKxFqRp.exe
  C:\Windows\System\PKxFqRp.exe
  2⤵
  PID:4532
- C:\Windows\System\LbCDZKK.exe
  C:\Windows\System\LbCDZKK.exe
  2⤵
  PID:4548
- C:\Windows\System\LUHWKqA.exe
  C:\Windows\System\LUHWKqA.exe
  2⤵
  PID:4564
- C:\Windows\System\gwzVCAi.exe
  C:\Windows\System\gwzVCAi.exe
  2⤵
  PID:4580
- C:\Windows\System\HXbgaGr.exe
  C:\Windows\System\HXbgaGr.exe
  2⤵
  PID:4604
- C:\Windows\System\KwKwzeh.exe
  C:\Windows\System\KwKwzeh.exe
  2⤵
  PID:4624
- C:\Windows\System\TXkvPIc.exe
  C:\Windows\System\TXkvPIc.exe
  2⤵
  PID:4640
- C:\Windows\System\QiUtJFV.exe
  C:\Windows\System\QiUtJFV.exe
  2⤵
  PID:4656
- C:\Windows\System\dfDIIYO.exe
  C:\Windows\System\dfDIIYO.exe
  2⤵
  PID:4672
- C:\Windows\System\RrCICZO.exe
  C:\Windows\System\RrCICZO.exe
  2⤵
  PID:4688
- C:\Windows\System\ITqQvVh.exe
  C:\Windows\System\ITqQvVh.exe
  2⤵
  PID:4708
- C:\Windows\System\XEWnJrW.exe
  C:\Windows\System\XEWnJrW.exe
  2⤵
  PID:4732
- C:\Windows\System\xEDQlOq.exe
  C:\Windows\System\xEDQlOq.exe
  2⤵
  PID:4748
- C:\Windows\System\HoaGPUh.exe
  C:\Windows\System\HoaGPUh.exe
  2⤵
  PID:4800
- C:\Windows\System\iNebKSd.exe
  C:\Windows\System\iNebKSd.exe
  2⤵
  PID:4816
- C:\Windows\System\qLUpOQg.exe
  C:\Windows\System\qLUpOQg.exe
  2⤵
  PID:4832
- C:\Windows\System\ntoloFf.exe
  C:\Windows\System\ntoloFf.exe
  2⤵
  PID:4864
- C:\Windows\System\RXlKmuw.exe
  C:\Windows\System\RXlKmuw.exe
  2⤵
  PID:4880
- C:\Windows\System\ENlMuel.exe
  C:\Windows\System\ENlMuel.exe
  2⤵
  PID:4896
- C:\Windows\System\fYFVbFP.exe
  C:\Windows\System\fYFVbFP.exe
  2⤵
  PID:4912
- C:\Windows\System\GmQwDrw.exe
  C:\Windows\System\GmQwDrw.exe
  2⤵
  PID:4928
- C:\Windows\System\QUCrLKW.exe
  C:\Windows\System\QUCrLKW.exe
  2⤵
  PID:4944
- C:\Windows\System\OZPLlPK.exe
  C:\Windows\System\OZPLlPK.exe
  2⤵
  PID:4968
- C:\Windows\System\aXtSbds.exe
  C:\Windows\System\aXtSbds.exe
  2⤵
  PID:4984
- C:\Windows\System\uouZivw.exe
  C:\Windows\System\uouZivw.exe
  2⤵
  PID:5004
- C:\Windows\System\syOtoRo.exe
  C:\Windows\System\syOtoRo.exe
  2⤵
  PID:5024
- C:\Windows\System\yDYMsjP.exe
  C:\Windows\System\yDYMsjP.exe
  2⤵
  PID:5048
- C:\Windows\System\THvDHpo.exe
  C:\Windows\System\THvDHpo.exe
  2⤵
  PID:5068
- C:\Windows\System\eHuuGOK.exe
  C:\Windows\System\eHuuGOK.exe
  2⤵
  PID:5088
- C:\Windows\System\YCYmOgQ.exe
  C:\Windows\System\YCYmOgQ.exe
  2⤵
  PID:5108
- C:\Windows\System\hkoPSCZ.exe
  C:\Windows\System\hkoPSCZ.exe
  2⤵
  PID:3248
- C:\Windows\System\vBqJmCw.exe
  C:\Windows\System\vBqJmCw.exe
  2⤵
  PID:3468
- C:\Windows\System\ErdAbYB.exe
  C:\Windows\System\ErdAbYB.exe
  2⤵
  PID:3504
- C:\Windows\System\XNqACSf.exe
  C:\Windows\System\XNqACSf.exe
  2⤵
  PID:4120
- C:\Windows\System\BCBoYQj.exe
  C:\Windows\System\BCBoYQj.exe
  2⤵
  PID:2220
- C:\Windows\System\peBmpvf.exe
  C:\Windows\System\peBmpvf.exe
  2⤵
  PID:2248
- C:\Windows\System\NGgMAMw.exe
  C:\Windows\System\NGgMAMw.exe
  2⤵
  PID:4200
- C:\Windows\System\BgtHPvF.exe
  C:\Windows\System\BgtHPvF.exe
  2⤵
  PID:4144
- C:\Windows\System\UqstNLC.exe
  C:\Windows\System\UqstNLC.exe
  2⤵
  PID:2224
- C:\Windows\System\XVYpdiL.exe
  C:\Windows\System\XVYpdiL.exe
  2⤵
  PID:1040
- C:\Windows\System\rqMwBUH.exe
  C:\Windows\System\rqMwBUH.exe
  2⤵
  PID:4284
- C:\Windows\System\AfIhdoY.exe
  C:\Windows\System\AfIhdoY.exe
  2⤵
  PID:1592
- C:\Windows\System\QPTGzof.exe
  C:\Windows\System\QPTGzof.exe
  2⤵
  PID:4224
- C:\Windows\System\MCxsZiS.exe
  C:\Windows\System\MCxsZiS.exe
  2⤵
  PID:4256
- C:\Windows\System\gSTPegB.exe
  C:\Windows\System\gSTPegB.exe
  2⤵
  PID:4340
- C:\Windows\System\OVBRaJB.exe
  C:\Windows\System\OVBRaJB.exe
  2⤵
  PID:1940
- C:\Windows\System\PANvpzd.exe
  C:\Windows\System\PANvpzd.exe
  2⤵
  PID:2132
- C:\Windows\System\KflxyAz.exe
  C:\Windows\System\KflxyAz.exe
  2⤵
  PID:4404
- C:\Windows\System\yAFGJIg.exe
  C:\Windows\System\yAFGJIg.exe
  2⤵
  PID:4408
- C:\Windows\System\wLFKVFB.exe
  C:\Windows\System\wLFKVFB.exe
  2⤵
  PID:4424
- C:\Windows\System\XeSIEAj.exe
  C:\Windows\System\XeSIEAj.exe
  2⤵
  PID:4480
- C:\Windows\System\QhcGZsd.exe
  C:\Windows\System\QhcGZsd.exe
  2⤵
  PID:4496
- C:\Windows\System\gubzgrU.exe
  C:\Windows\System\gubzgrU.exe
  2⤵
  PID:4508
- C:\Windows\System\UVQYvBK.exe
  C:\Windows\System\UVQYvBK.exe
  2⤵
  PID:4560
- C:\Windows\System\wBQriJy.exe
  C:\Windows\System\wBQriJy.exe
  2⤵
  PID:4540
- C:\Windows\System\AwioICM.exe
  C:\Windows\System\AwioICM.exe
  2⤵
  PID:4616
- C:\Windows\System\RkrFvpR.exe
  C:\Windows\System\RkrFvpR.exe
  2⤵
  PID:4668
- C:\Windows\System\vxUXHLq.exe
  C:\Windows\System\vxUXHLq.exe
  2⤵
  PID:4740
- C:\Windows\System\aHaWNqK.exe
  C:\Windows\System\aHaWNqK.exe
  2⤵
  PID:4684
- C:\Windows\System\LPCJpgt.exe
  C:\Windows\System\LPCJpgt.exe
  2⤵
  PID:4648
- C:\Windows\System\YKVHDlc.exe
  C:\Windows\System\YKVHDlc.exe
  2⤵
  PID:4728
- C:\Windows\System\SAkyNLN.exe
  C:\Windows\System\SAkyNLN.exe
  2⤵
  PID:4796
- C:\Windows\System\PClgBEH.exe
  C:\Windows\System\PClgBEH.exe
  2⤵
  PID:4924
- C:\Windows\System\maNdUwm.exe
  C:\Windows\System\maNdUwm.exe
  2⤵
  PID:4992
- C:\Windows\System\zYBHkzl.exe
  C:\Windows\System\zYBHkzl.exe
  2⤵
  PID:4908
- C:\Windows\System\tBlXjDs.exe
  C:\Windows\System\tBlXjDs.exe
  2⤵
  PID:5044
- C:\Windows\System\aYrdVzF.exe
  C:\Windows\System\aYrdVzF.exe
  2⤵
  PID:4936
- C:\Windows\System\HSKBOiw.exe
  C:\Windows\System\HSKBOiw.exe
  2⤵
  PID:4980
- C:\Windows\System\MKTgMpt.exe
  C:\Windows\System\MKTgMpt.exe
  2⤵
  PID:3848
- C:\Windows\System\FKWAVQk.exe
  C:\Windows\System\FKWAVQk.exe
  2⤵
  PID:5100
- C:\Windows\System\AorqnwZ.exe
  C:\Windows\System\AorqnwZ.exe
  2⤵
  PID:4104
- C:\Windows\System\BhcecTN.exe
  C:\Windows\System\BhcecTN.exe
  2⤵
  PID:4236
- C:\Windows\System\iBcsMXH.exe
  C:\Windows\System\iBcsMXH.exe
  2⤵
  PID:4220
- C:\Windows\System\xHJfVSZ.exe
  C:\Windows\System\xHJfVSZ.exe
  2⤵
  PID:4336
- C:\Windows\System\kjvxuVh.exe
  C:\Windows\System\kjvxuVh.exe
  2⤵
  PID:1536
- C:\Windows\System\sKYEVCg.exe
  C:\Windows\System\sKYEVCg.exe
  2⤵
  PID:4160
- C:\Windows\System\okkBcTV.exe
  C:\Windows\System\okkBcTV.exe
  2⤵
  PID:4176
- C:\Windows\System\EoNGRCu.exe
  C:\Windows\System\EoNGRCu.exe
  2⤵
  PID:1736
- C:\Windows\System\oPNHZFy.exe
  C:\Windows\System\oPNHZFy.exe
  2⤵
  PID:4260
- C:\Windows\System\OtTLvOA.exe
  C:\Windows\System\OtTLvOA.exe
  2⤵
  PID:2296
- C:\Windows\System\RCrSEQj.exe
  C:\Windows\System\RCrSEQj.exe
  2⤵
  PID:2036
- C:\Windows\System\IeWahSl.exe
  C:\Windows\System\IeWahSl.exe
  2⤵
  PID:4600
- C:\Windows\System\qFMaNuD.exe
  C:\Windows\System\qFMaNuD.exe
  2⤵
  PID:4844
- C:\Windows\System\ypAgXAy.exe
  C:\Windows\System\ypAgXAy.exe
  2⤵
  PID:4812
- C:\Windows\System\etKYdww.exe
  C:\Windows\System\etKYdww.exe
  2⤵
  PID:4852
- C:\Windows\System\rTjgJIu.exe
  C:\Windows\System\rTjgJIu.exe
  2⤵
  PID:4892
- C:\Windows\System\HasJFJh.exe
  C:\Windows\System\HasJFJh.exe
  2⤵
  PID:4488
- C:\Windows\System\sYnZkAb.exe
  C:\Windows\System\sYnZkAb.exe
  2⤵
  PID:4612
- C:\Windows\System\AIMzUDA.exe
  C:\Windows\System\AIMzUDA.exe
  2⤵
  PID:4764
- C:\Windows\System\cCyMavY.exe
  C:\Windows\System\cCyMavY.exe
  2⤵
  PID:4768
- C:\Windows\System\SlOaMyM.exe
  C:\Windows\System\SlOaMyM.exe
  2⤵
  PID:5020
- C:\Windows\System\IhrbMGs.exe
  C:\Windows\System\IhrbMGs.exe
  2⤵
  PID:4964
- C:\Windows\System\MiviIEm.exe
  C:\Windows\System\MiviIEm.exe
  2⤵
  PID:444
- C:\Windows\System\kJfeTgG.exe
  C:\Windows\System\kJfeTgG.exe
  2⤵
  PID:4320
- C:\Windows\System\wHJwndB.exe
  C:\Windows\System\wHJwndB.exe
  2⤵
  PID:3548
- C:\Windows\System\taEWFxQ.exe
  C:\Windows\System\taEWFxQ.exe
  2⤵
  PID:4164
- C:\Windows\System\elEysAC.exe
  C:\Windows\System\elEysAC.exe
  2⤵
  PID:4184
- C:\Windows\System\JWHEybh.exe
  C:\Windows\System\JWHEybh.exe
  2⤵
  PID:4372
- C:\Windows\System\cArhsMs.exe
  C:\Windows\System\cArhsMs.exe
  2⤵
  PID:1116
- C:\Windows\System\YwquzYc.exe
  C:\Windows\System\YwquzYc.exe
  2⤵
  PID:4368
- C:\Windows\System\IPxtFVo.exe
  C:\Windows\System\IPxtFVo.exe
  2⤵
  PID:4456
- C:\Windows\System\WWdzTaV.exe
  C:\Windows\System\WWdzTaV.exe
  2⤵
  PID:4652
- C:\Windows\System\oMUVgaR.exe
  C:\Windows\System\oMUVgaR.exe
  2⤵
  PID:4828
- C:\Windows\System\IipkYzy.exe
  C:\Windows\System\IipkYzy.exe
  2⤵
  PID:4444
- C:\Windows\System\zCqiOiT.exe
  C:\Windows\System\zCqiOiT.exe
  2⤵
  PID:4960
- C:\Windows\System\mhspavR.exe
  C:\Windows\System\mhspavR.exe
  2⤵
  PID:5000
- C:\Windows\System\KPDwUAg.exe
  C:\Windows\System\KPDwUAg.exe
  2⤵
  PID:5080
- C:\Windows\System\jhUedHi.exe
  C:\Windows\System\jhUedHi.exe
  2⤵
  PID:4124
- C:\Windows\System\nSHcmJY.exe
  C:\Windows\System\nSHcmJY.exe
  2⤵
  PID:1708
- C:\Windows\System\GjVwcaF.exe
  C:\Windows\System\GjVwcaF.exe
  2⤵
  PID:1068
- C:\Windows\System\JmrrGmx.exe
  C:\Windows\System\JmrrGmx.exe
  2⤵
  PID:4840
- C:\Windows\System\spMrhno.exe
  C:\Windows\System\spMrhno.exe
  2⤵
  PID:4204
- C:\Windows\System\uafbYxg.exe
  C:\Windows\System\uafbYxg.exe
  2⤵
  PID:4464
- C:\Windows\System\DJpyGSm.exe
  C:\Windows\System\DJpyGSm.exe
  2⤵
  PID:4576
- C:\Windows\System\gETabcs.exe
  C:\Windows\System\gETabcs.exe
  2⤵
  PID:4956
- C:\Windows\System\LZlxqes.exe
  C:\Windows\System\LZlxqes.exe
  2⤵
  PID:4888
- C:\Windows\System\nyFJeup.exe
  C:\Windows\System\nyFJeup.exe
  2⤵
  PID:4316
- C:\Windows\System\FUtFPoX.exe
  C:\Windows\System\FUtFPoX.exe
  2⤵
  PID:1080
- C:\Windows\System\YDybydT.exe
  C:\Windows\System\YDybydT.exe
  2⤵
  PID:1128
- C:\Windows\System\GgKlhnB.exe
  C:\Windows\System\GgKlhnB.exe
  2⤵
  PID:4572
- C:\Windows\System\GynepkM.exe
  C:\Windows\System\GynepkM.exe
  2⤵
  PID:4136
- C:\Windows\System\VudnlgI.exe
  C:\Windows\System\VudnlgI.exe
  2⤵
  PID:4592
- C:\Windows\System\TRwZPWY.exe
  C:\Windows\System\TRwZPWY.exe
  2⤵
  PID:4724
- C:\Windows\System\WSXnZTW.exe
  C:\Windows\System\WSXnZTW.exe
  2⤵
  PID:4360
- C:\Windows\System\CklXvXQ.exe
  C:\Windows\System\CklXvXQ.exe
  2⤵
  PID:4632
- C:\Windows\System\xWQRXuu.exe
  C:\Windows\System\xWQRXuu.exe
  2⤵
  PID:5128
- C:\Windows\System\HpNtnKy.exe
  C:\Windows\System\HpNtnKy.exe
  2⤵
  PID:5144
- C:\Windows\System\STbnxtu.exe
  C:\Windows\System\STbnxtu.exe
  2⤵
  PID:5164
- C:\Windows\System\fSAZbvT.exe
  C:\Windows\System\fSAZbvT.exe
  2⤵
  PID:5184
- C:\Windows\System\DlhuYEq.exe
  C:\Windows\System\DlhuYEq.exe
  2⤵
  PID:5200
- C:\Windows\System\bLGMqPJ.exe
  C:\Windows\System\bLGMqPJ.exe
  2⤵
  PID:5216
- C:\Windows\System\bDqUaHd.exe
  C:\Windows\System\bDqUaHd.exe
  2⤵
  PID:5232
- C:\Windows\System\ZAprkgC.exe
  C:\Windows\System\ZAprkgC.exe
  2⤵
  PID:5252
- C:\Windows\System\zkOJHkc.exe
  C:\Windows\System\zkOJHkc.exe
  2⤵
  PID:5272
- C:\Windows\System\WXFXaRy.exe
  C:\Windows\System\WXFXaRy.exe
  2⤵
  PID:5288
- C:\Windows\System\ZlrgQvX.exe
  C:\Windows\System\ZlrgQvX.exe
  2⤵
  PID:5304
- C:\Windows\System\KLcEeAq.exe
  C:\Windows\System\KLcEeAq.exe
  2⤵
  PID:5320
- C:\Windows\System\FeasNzg.exe
  C:\Windows\System\FeasNzg.exe
  2⤵
  PID:5340
- C:\Windows\System\SwULlmr.exe
  C:\Windows\System\SwULlmr.exe
  2⤵
  PID:5364
- C:\Windows\System\xfcLApF.exe
  C:\Windows\System\xfcLApF.exe
  2⤵
  PID:5380
- C:\Windows\System\bbrqpsc.exe
  C:\Windows\System\bbrqpsc.exe
  2⤵
  PID:5408
- C:\Windows\System\MvnTfVF.exe
  C:\Windows\System\MvnTfVF.exe
  2⤵
  PID:5424
- C:\Windows\System\XoSaTZe.exe
  C:\Windows\System\XoSaTZe.exe
  2⤵
  PID:5468
- C:\Windows\System\NDyKEWK.exe
  C:\Windows\System\NDyKEWK.exe
  2⤵
  PID:5484
- C:\Windows\System\SrNoNio.exe
  C:\Windows\System\SrNoNio.exe
  2⤵
  PID:5516
- C:\Windows\System\DXRGMfy.exe
  C:\Windows\System\DXRGMfy.exe
  2⤵
  PID:5536
- C:\Windows\System\ukDiVIL.exe
  C:\Windows\System\ukDiVIL.exe
  2⤵
  PID:5552
- C:\Windows\System\oUQieqU.exe
  C:\Windows\System\oUQieqU.exe
  2⤵
  PID:5572
- C:\Windows\System\veRnGJL.exe
  C:\Windows\System\veRnGJL.exe
  2⤵
  PID:5604
- C:\Windows\System\ZmfrkEU.exe
  C:\Windows\System\ZmfrkEU.exe
  2⤵
  PID:5620
- C:\Windows\System\hsCOZsE.exe
  C:\Windows\System\hsCOZsE.exe
  2⤵
  PID:5636
- C:\Windows\System\pOwZxwT.exe
  C:\Windows\System\pOwZxwT.exe
  2⤵
  PID:5656
- C:\Windows\System\wVGSKJZ.exe
  C:\Windows\System\wVGSKJZ.exe
  2⤵
  PID:5676
- C:\Windows\System\sdsFUrJ.exe
  C:\Windows\System\sdsFUrJ.exe
  2⤵
  PID:5696
- C:\Windows\System\UTEGfLX.exe
  C:\Windows\System\UTEGfLX.exe
  2⤵
  PID:5720
- C:\Windows\System\VdYDcbQ.exe
  C:\Windows\System\VdYDcbQ.exe
  2⤵
  PID:5736
- C:\Windows\System\KMSmceq.exe
  C:\Windows\System\KMSmceq.exe
  2⤵
  PID:5764
- C:\Windows\System\DRxThWa.exe
  C:\Windows\System\DRxThWa.exe
  2⤵
  PID:5780
- C:\Windows\System\cQYPyvQ.exe
  C:\Windows\System\cQYPyvQ.exe
  2⤵
  PID:5796
- C:\Windows\System\tzSYIrB.exe
  C:\Windows\System\tzSYIrB.exe
  2⤵
  PID:5816
- C:\Windows\System\asIZhdF.exe
  C:\Windows\System\asIZhdF.exe
  2⤵
  PID:5832
- C:\Windows\System\kKCCglD.exe
  C:\Windows\System\kKCCglD.exe
  2⤵
  PID:5848
- C:\Windows\System\NaLjhXW.exe
  C:\Windows\System\NaLjhXW.exe
  2⤵
  PID:5864
- C:\Windows\System\ELNdEmO.exe
  C:\Windows\System\ELNdEmO.exe
  2⤵
  PID:5880
- C:\Windows\System\HScCVOw.exe
  C:\Windows\System\HScCVOw.exe
  2⤵
  PID:5904
- C:\Windows\System\FQgVYfu.exe
  C:\Windows\System\FQgVYfu.exe
  2⤵
  PID:5920
- C:\Windows\System\cEyIekr.exe
  C:\Windows\System\cEyIekr.exe
  2⤵
  PID:5936
- C:\Windows\System\vImZUSi.exe
  C:\Windows\System\vImZUSi.exe
  2⤵
  PID:5980
- C:\Windows\System\aGUFrbx.exe
  C:\Windows\System\aGUFrbx.exe
  2⤵
  PID:6000
- C:\Windows\System\xdaUeOZ.exe
  C:\Windows\System\xdaUeOZ.exe
  2⤵
  PID:6016
- C:\Windows\System\ycsLuzm.exe
  C:\Windows\System\ycsLuzm.exe
  2⤵
  PID:6032
- C:\Windows\System\CjNLHjG.exe
  C:\Windows\System\CjNLHjG.exe
  2⤵
  PID:6048
- C:\Windows\System\PHQwAem.exe
  C:\Windows\System\PHQwAem.exe
  2⤵
  PID:6068
- C:\Windows\System\xNBbPsP.exe
  C:\Windows\System\xNBbPsP.exe
  2⤵
  PID:6088
- C:\Windows\System\QNmhRhW.exe
  C:\Windows\System\QNmhRhW.exe
  2⤵
  PID:6104
- C:\Windows\System\svqGQEC.exe
  C:\Windows\System\svqGQEC.exe
  2⤵
  PID:6124
- C:\Windows\System\MrdCDDC.exe
  C:\Windows\System\MrdCDDC.exe
  2⤵
  PID:5140
- C:\Windows\System\rhCmyCf.exe
  C:\Windows\System\rhCmyCf.exe
  2⤵
  PID:5240
- C:\Windows\System\YOwMLtv.exe
  C:\Windows\System\YOwMLtv.exe
  2⤵
  PID:5284
- C:\Windows\System\izpfTgq.exe
  C:\Windows\System\izpfTgq.exe
  2⤵
  PID:5352
- C:\Windows\System\DYpRDRv.exe
  C:\Windows\System\DYpRDRv.exe
  2⤵
  PID:5392
- C:\Windows\System\bThUMth.exe
  C:\Windows\System\bThUMth.exe
  2⤵
  PID:5096
- C:\Windows\System\gLtphSH.exe
  C:\Windows\System\gLtphSH.exe
  2⤵
  PID:5264
- C:\Windows\System\ajVkquA.exe
  C:\Windows\System\ajVkquA.exe
  2⤵
  PID:5372
- C:\Windows\System\hMinnRc.exe
  C:\Windows\System\hMinnRc.exe
  2⤵
  PID:5296
- C:\Windows\System\fSgeqCa.exe
  C:\Windows\System\fSgeqCa.exe
  2⤵
  PID:5436
- C:\Windows\System\TaplhAc.exe
  C:\Windows\System\TaplhAc.exe
  2⤵
  PID:5456
- C:\Windows\System\ZfJXohg.exe
  C:\Windows\System\ZfJXohg.exe
  2⤵
  PID:5196
- C:\Windows\System\xgrORhM.exe
  C:\Windows\System\xgrORhM.exe
  2⤵
  PID:5504
- C:\Windows\System\DAEdlfx.exe
  C:\Windows\System\DAEdlfx.exe
  2⤵
  PID:5580
- C:\Windows\System\jpPwkwq.exe
  C:\Windows\System\jpPwkwq.exe
  2⤵
  PID:5528
- C:\Windows\System\UQhxHvc.exe
  C:\Windows\System\UQhxHvc.exe
  2⤵
  PID:5588
- C:\Windows\System\htPJCxv.exe
  C:\Windows\System\htPJCxv.exe
  2⤵
  PID:5612
- C:\Windows\System\aIXEDNn.exe
  C:\Windows\System\aIXEDNn.exe
  2⤵
  PID:5632
- C:\Windows\System\HXkMqFu.exe
  C:\Windows\System\HXkMqFu.exe
  2⤵
  PID:5672
- C:\Windows\System\rlETsMK.exe
  C:\Windows\System\rlETsMK.exe
  2⤵
  PID:5708
- C:\Windows\System\KwBmrnE.exe
  C:\Windows\System\KwBmrnE.exe
  2⤵
  PID:5684
- C:\Windows\System\AOVDSzK.exe
  C:\Windows\System\AOVDSzK.exe
  2⤵
  PID:5756
- C:\Windows\System\YUjfzhe.exe
  C:\Windows\System\YUjfzhe.exe
  2⤵
  PID:5788
- C:\Windows\System\MMyvZtD.exe
  C:\Windows\System\MMyvZtD.exe
  2⤵
  PID:5828
- C:\Windows\System\sZTyjbX.exe
  C:\Windows\System\sZTyjbX.exe
  2⤵
  PID:5888
- C:\Windows\System\KDsFNwG.exe
  C:\Windows\System\KDsFNwG.exe
  2⤵
  PID:5932
- C:\Windows\System\Qwsvdqa.exe
  C:\Windows\System\Qwsvdqa.exe
  2⤵
  PID:5876
- C:\Windows\System\OdaGKXn.exe
  C:\Windows\System\OdaGKXn.exe
  2⤵
  PID:5916
- C:\Windows\System\fcPRFqW.exe
  C:\Windows\System\fcPRFqW.exe
  2⤵
  PID:5960
- C:\Windows\System\zzdtHze.exe
  C:\Windows\System\zzdtHze.exe
  2⤵
  PID:5948
- C:\Windows\System\SHgQHEP.exe
  C:\Windows\System\SHgQHEP.exe
  2⤵
  PID:6012
- C:\Windows\System\zORNiQB.exe
  C:\Windows\System\zORNiQB.exe
  2⤵
  PID:6064
- C:\Windows\System\KNXnHqH.exe
  C:\Windows\System\KNXnHqH.exe
  2⤵
  PID:6120
- C:\Windows\System\POhhFbK.exe
  C:\Windows\System\POhhFbK.exe
  2⤵
  PID:6116
- C:\Windows\System\ZEFLZVo.exe
  C:\Windows\System\ZEFLZVo.exe
  2⤵
  PID:5388
- C:\Windows\System\ExKDIpS.exe
  C:\Windows\System\ExKDIpS.exe
  2⤵
  PID:5160
- C:\Windows\System\xlaqeKf.exe
  C:\Windows\System\xlaqeKf.exe
  2⤵
  PID:2096
- C:\Windows\System\FxfSXST.exe
  C:\Windows\System\FxfSXST.exe
  2⤵
  PID:5524
- C:\Windows\System\YJmazPO.exe
  C:\Windows\System\YJmazPO.exe
  2⤵
  PID:5664
- C:\Windows\System\UvIOmfx.exe
  C:\Windows\System\UvIOmfx.exe
  2⤵
  PID:5776
- C:\Windows\System\XtMqNlk.exe
  C:\Windows\System\XtMqNlk.exe
  2⤵
  PID:5952
- C:\Windows\System\tpkZAGp.exe
  C:\Windows\System\tpkZAGp.exe
  2⤵
  PID:6044
- C:\Windows\System\FIFHkqc.exe
  C:\Windows\System\FIFHkqc.exe
  2⤵
  PID:6140
- C:\Windows\System\vjnxqrf.exe
  C:\Windows\System\vjnxqrf.exe
  2⤵
  PID:5544
- C:\Windows\System\FHPAUdx.exe
  C:\Windows\System\FHPAUdx.exe
  2⤵
  PID:5332
- C:\Windows\System\MJvtLWL.exe
  C:\Windows\System\MJvtLWL.exe
  2⤵
  PID:5036
- C:\Windows\System\IDlSkaD.exe
  C:\Windows\System\IDlSkaD.exe
  2⤵
  PID:5564
- C:\Windows\System\RFoPgOw.exe
  C:\Windows\System\RFoPgOw.exe
  2⤵
  PID:5712
- C:\Windows\System\KmWJKQd.exe
  C:\Windows\System\KmWJKQd.exe
  2⤵
  PID:5792
- C:\Windows\System\jnHMpKg.exe
  C:\Windows\System\jnHMpKg.exe
  2⤵
  PID:5912
- C:\Windows\System\coIGWYO.exe
  C:\Windows\System\coIGWYO.exe
  2⤵
  PID:6056
- C:\Windows\System\EJprrLC.exe
  C:\Windows\System\EJprrLC.exe
  2⤵
  PID:6076
- C:\Windows\System\HqQCLrr.exe
  C:\Windows\System\HqQCLrr.exe
  2⤵
  PID:5452
- C:\Windows\System\rWDUVbo.exe
  C:\Windows\System\rWDUVbo.exe
  2⤵
  PID:5500
- C:\Windows\System\gKdWfjR.exe
  C:\Windows\System\gKdWfjR.exe
  2⤵
  PID:5180
- C:\Windows\System\NNbeVXM.exe
  C:\Windows\System\NNbeVXM.exe
  2⤵
  PID:5600
- C:\Windows\System\nLhmBNs.exe
  C:\Windows\System\nLhmBNs.exe
  2⤵
  PID:5844
- C:\Windows\System\wfVftpN.exe
  C:\Windows\System\wfVftpN.exe
  2⤵
  PID:6096
- C:\Windows\System\kBYPQsS.exe
  C:\Windows\System\kBYPQsS.exe
  2⤵
  PID:5360
- C:\Windows\System\KeTbYAJ.exe
  C:\Windows\System\KeTbYAJ.exe
  2⤵
  PID:5748
- C:\Windows\System\PXPjSMw.exe
  C:\Windows\System\PXPjSMw.exe
  2⤵
  PID:5416
- C:\Windows\System\PjxoDdv.exe
  C:\Windows\System\PjxoDdv.exe
  2⤵
  PID:5176
- C:\Windows\System\kffPGFd.exe
  C:\Windows\System\kffPGFd.exe
  2⤵
  PID:6084
- C:\Windows\System\LiFTQLK.exe
  C:\Windows\System\LiFTQLK.exe
  2⤵
  PID:5464
- C:\Windows\System\BVbtzcS.exe
  C:\Windows\System\BVbtzcS.exe
  2⤵
  PID:5928
- C:\Windows\System\gvRsomv.exe
  C:\Windows\System\gvRsomv.exe
  2⤵
  PID:5280
- C:\Windows\System\agsTvAn.exe
  C:\Windows\System\agsTvAn.exe
  2⤵
  PID:5512
- C:\Windows\System\SrpDirU.exe
  C:\Windows\System\SrpDirU.exe
  2⤵
  PID:5812
- C:\Windows\System\ztDxWYD.exe
  C:\Windows\System\ztDxWYD.exe
  2⤵
  PID:5260
- C:\Windows\System\JyNQxhR.exe
  C:\Windows\System\JyNQxhR.exe
  2⤵
  PID:5752
- C:\Windows\System\hcyjGfT.exe
  C:\Windows\System\hcyjGfT.exe
  2⤵
  PID:5420
- C:\Windows\System\wDvIUEY.exe
  C:\Windows\System\wDvIUEY.exe
  2⤵
  PID:5156
- C:\Windows\System\jLqVvkK.exe
  C:\Windows\System\jLqVvkK.exe
  2⤵
  PID:6028
- C:\Windows\System\zvEguDo.exe
  C:\Windows\System\zvEguDo.exe
  2⤵
  PID:6164
- C:\Windows\System\xISGsdG.exe
  C:\Windows\System\xISGsdG.exe
  2⤵
  PID:6180
- C:\Windows\System\pXJDFAV.exe
  C:\Windows\System\pXJDFAV.exe
  2⤵
  PID:6200
- C:\Windows\System\IjfgJcP.exe
  C:\Windows\System\IjfgJcP.exe
  2⤵
  PID:6220
- C:\Windows\System\bSQeUOZ.exe
  C:\Windows\System\bSQeUOZ.exe
  2⤵
  PID:6264
- C:\Windows\System\XHmqvrE.exe
  C:\Windows\System\XHmqvrE.exe
  2⤵
  PID:6284
- C:\Windows\System\ARKFZYQ.exe
  C:\Windows\System\ARKFZYQ.exe
  2⤵
  PID:6304
- C:\Windows\System\BgByeeM.exe
  C:\Windows\System\BgByeeM.exe
  2⤵
  PID:6328
- C:\Windows\System\uFWdRLM.exe
  C:\Windows\System\uFWdRLM.exe
  2⤵
  PID:6344
- C:\Windows\System\Ofnysgt.exe
  C:\Windows\System\Ofnysgt.exe
  2⤵
  PID:6364
- C:\Windows\System\YOLMkuz.exe
  C:\Windows\System\YOLMkuz.exe
  2⤵
  PID:6384
- C:\Windows\System\oGyDtmY.exe
  C:\Windows\System\oGyDtmY.exe
  2⤵
  PID:6404
- C:\Windows\System\DEsCmMd.exe
  C:\Windows\System\DEsCmMd.exe
  2⤵
  PID:6420
- C:\Windows\System\HXMPHOa.exe
  C:\Windows\System\HXMPHOa.exe
  2⤵
  PID:6436
- C:\Windows\System\hocXuJg.exe
  C:\Windows\System\hocXuJg.exe
  2⤵
  PID:6452
- C:\Windows\System\csWhqcR.exe
  C:\Windows\System\csWhqcR.exe
  2⤵
  PID:6468
- C:\Windows\System\XHIhXpP.exe
  C:\Windows\System\XHIhXpP.exe
  2⤵
  PID:6484
- C:\Windows\System\wdETOMX.exe
  C:\Windows\System\wdETOMX.exe
  2⤵
  PID:6500
- C:\Windows\System\BStAmyE.exe
  C:\Windows\System\BStAmyE.exe
  2⤵
  PID:6516
- C:\Windows\System\syFMbLQ.exe
  C:\Windows\System\syFMbLQ.exe
  2⤵
  PID:6532
- C:\Windows\System\sXOUzTo.exe
  C:\Windows\System\sXOUzTo.exe
  2⤵
  PID:6548
- C:\Windows\System\ioEVeYm.exe
  C:\Windows\System\ioEVeYm.exe
  2⤵
  PID:6564
- C:\Windows\System\UUruEYm.exe
  C:\Windows\System\UUruEYm.exe
  2⤵
  PID:6580
- C:\Windows\System\wLEPBoE.exe
  C:\Windows\System\wLEPBoE.exe
  2⤵
  PID:6596
- C:\Windows\System\MnzLscq.exe
  C:\Windows\System\MnzLscq.exe
  2⤵
  PID:6612
- C:\Windows\System\GpYJtHc.exe
  C:\Windows\System\GpYJtHc.exe
  2⤵
  PID:6628
- C:\Windows\System\wAyoALE.exe
  C:\Windows\System\wAyoALE.exe
  2⤵
  PID:6644
- C:\Windows\System\vTsvdjZ.exe
  C:\Windows\System\vTsvdjZ.exe
  2⤵
  PID:6660
- C:\Windows\System\oIHnbmg.exe
  C:\Windows\System\oIHnbmg.exe
  2⤵
  PID:6676
- C:\Windows\System\DIYlviI.exe
  C:\Windows\System\DIYlviI.exe
  2⤵
  PID:6692
- C:\Windows\System\epZRAHs.exe
  C:\Windows\System\epZRAHs.exe
  2⤵
  PID:6708
- C:\Windows\System\YdBqQXB.exe
  C:\Windows\System\YdBqQXB.exe
  2⤵
  PID:6724
- C:\Windows\System\HIhxzhw.exe
  C:\Windows\System\HIhxzhw.exe
  2⤵
  PID:6740
- C:\Windows\System\lWWwVsW.exe
  C:\Windows\System\lWWwVsW.exe
  2⤵
  PID:6756
- C:\Windows\System\hXEPnIS.exe
  C:\Windows\System\hXEPnIS.exe
  2⤵
  PID:6772
- C:\Windows\System\ZEZuars.exe
  C:\Windows\System\ZEZuars.exe
  2⤵
  PID:6788
- C:\Windows\System\EVsxmMa.exe
  C:\Windows\System\EVsxmMa.exe
  2⤵
  PID:6804
- C:\Windows\System\Rtbcpgi.exe
  C:\Windows\System\Rtbcpgi.exe
  2⤵
  PID:6820
- C:\Windows\System\rKxfBAk.exe
  C:\Windows\System\rKxfBAk.exe
  2⤵
  PID:6836
- C:\Windows\System\YxtfJCn.exe
  C:\Windows\System\YxtfJCn.exe
  2⤵
  PID:6852
- C:\Windows\System\HPFEMUZ.exe
  C:\Windows\System\HPFEMUZ.exe
  2⤵
  PID:6868
- C:\Windows\System\SiIysLQ.exe
  C:\Windows\System\SiIysLQ.exe
  2⤵
  PID:6884
- C:\Windows\System\ONYoxZT.exe
  C:\Windows\System\ONYoxZT.exe
  2⤵
  PID:6900
- C:\Windows\System\jpSNYAN.exe
  C:\Windows\System\jpSNYAN.exe
  2⤵
  PID:6916
- C:\Windows\System\XgKrfNN.exe
  C:\Windows\System\XgKrfNN.exe
  2⤵
  PID:6932
- C:\Windows\System\GnGbCKT.exe
  C:\Windows\System\GnGbCKT.exe
  2⤵
  PID:6952
- C:\Windows\System\VHHdPzI.exe
  C:\Windows\System\VHHdPzI.exe
  2⤵
  PID:6968
- C:\Windows\System\jnSTQxS.exe
  C:\Windows\System\jnSTQxS.exe
  2⤵
  PID:6984
- C:\Windows\System\QvlsnhZ.exe
  C:\Windows\System\QvlsnhZ.exe
  2⤵
  PID:7000
- C:\Windows\System\FOswLfo.exe
  C:\Windows\System\FOswLfo.exe
  2⤵
  PID:7016
- C:\Windows\System\XkPDMFP.exe
  C:\Windows\System\XkPDMFP.exe
  2⤵
  PID:7032
- C:\Windows\System\YJkBFJG.exe
  C:\Windows\System\YJkBFJG.exe
  2⤵
  PID:7064
- C:\Windows\System\EZsCrMk.exe
  C:\Windows\System\EZsCrMk.exe
  2⤵
  PID:6212
- C:\Windows\System\wTyEThd.exe
  C:\Windows\System\wTyEThd.exe
  2⤵
  PID:5476
- C:\Windows\System\FIvERJc.exe
  C:\Windows\System\FIvERJc.exe
  2⤵
  PID:6192
- C:\Windows\System\dCEiUTM.exe
  C:\Windows\System\dCEiUTM.exe
  2⤵
  PID:6244
- C:\Windows\System\xbOdFzj.exe
  C:\Windows\System\xbOdFzj.exe
  2⤵
  PID:6236
- C:\Windows\System\PeoMgah.exe
  C:\Windows\System\PeoMgah.exe
  2⤵
  PID:6312
- C:\Windows\System\exIPrGh.exe
  C:\Windows\System\exIPrGh.exe
  2⤵
  PID:6324
- C:\Windows\System\vriYrrk.exe
  C:\Windows\System\vriYrrk.exe
  2⤵
  PID:6356
- C:\Windows\System\JaYGDuj.exe
  C:\Windows\System\JaYGDuj.exe
  2⤵
  PID:6392
- C:\Windows\System\eENsKID.exe
  C:\Windows\System\eENsKID.exe
  2⤵
  PID:6444
- C:\Windows\System\KWpdvML.exe
  C:\Windows\System\KWpdvML.exe
  2⤵
  PID:6508
- C:\Windows\System\stBtuZJ.exe
  C:\Windows\System\stBtuZJ.exe
  2⤵
  PID:6496
- C:\Windows\System\Wfelkgy.exe
  C:\Windows\System\Wfelkgy.exe
  2⤵
  PID:6604
- C:\Windows\System\yOPpbLZ.exe
  C:\Windows\System\yOPpbLZ.exe
  2⤵
  PID:6668
- C:\Windows\System\iMibWLJ.exe
  C:\Windows\System\iMibWLJ.exe
  2⤵
  PID:6732
- C:\Windows\System\YTkNhDm.exe
  C:\Windows\System\YTkNhDm.exe
  2⤵
  PID:6828
- C:\Windows\System\mwfsHru.exe
  C:\Windows\System\mwfsHru.exe
  2⤵
  PID:6892
- C:\Windows\System\ZkXwJir.exe
  C:\Windows\System\ZkXwJir.exe
  2⤵
  PID:6960
- C:\Windows\System\EfPScnl.exe
  C:\Windows\System\EfPScnl.exe
  2⤵
  PID:7012
- C:\Windows\System\tiggnMD.exe
  C:\Windows\System\tiggnMD.exe
  2⤵
  PID:6980
- C:\Windows\System\KvHdyxB.exe
  C:\Windows\System\KvHdyxB.exe
  2⤵
  PID:6948
- C:\Windows\System\UQslGyu.exe
  C:\Windows\System\UQslGyu.exe
  2⤵
  PID:6876
- C:\Windows\System\CBQpEgj.exe
  C:\Windows\System\CBQpEgj.exe
  2⤵
  PID:6812
- C:\Windows\System\vOkwVKp.exe
  C:\Windows\System\vOkwVKp.exe
  2⤵
  PID:6748
- C:\Windows\System\UqafKbu.exe
  C:\Windows\System\UqafKbu.exe
  2⤵
  PID:6684
- C:\Windows\System\nNWFRLO.exe
  C:\Windows\System\nNWFRLO.exe
  2⤵
  PID:6620
- C:\Windows\System\FoOYwwm.exe
  C:\Windows\System\FoOYwwm.exe
  2⤵
  PID:7052
- C:\Windows\System\kulYZcJ.exe
  C:\Windows\System\kulYZcJ.exe
  2⤵
  PID:7076
- C:\Windows\System\BERocPl.exe
  C:\Windows\System\BERocPl.exe
  2⤵
  PID:7132
- C:\Windows\System\yKIpoUt.exe
  C:\Windows\System\yKIpoUt.exe
  2⤵
  PID:7096
- C:\Windows\System\EtSNdZQ.exe
  C:\Windows\System\EtSNdZQ.exe
  2⤵
  PID:7120
- C:\Windows\System\hvEqMxW.exe
  C:\Windows\System\hvEqMxW.exe
  2⤵
  PID:5212
- C:\Windows\System\Hnjwfko.exe
  C:\Windows\System\Hnjwfko.exe
  2⤵
  PID:6176
- C:\Windows\System\GrVaEwW.exe
  C:\Windows\System\GrVaEwW.exe
  2⤵
  PID:6228
- C:\Windows\System\TjINDCB.exe
  C:\Windows\System\TjINDCB.exe
  2⤵
  PID:6280
- C:\Windows\System\ZYVogka.exe
  C:\Windows\System\ZYVogka.exe
  2⤵
  PID:6252
- C:\Windows\System\djCYnMN.exe
  C:\Windows\System\djCYnMN.exe
  2⤵
  PID:6352
- C:\Windows\System\mBxojwJ.exe
  C:\Windows\System\mBxojwJ.exe
  2⤵
  PID:6428
- C:\Windows\System\BCnnfiB.exe
  C:\Windows\System\BCnnfiB.exe
  2⤵
  PID:6292
- C:\Windows\System\SOIsutc.exe
  C:\Windows\System\SOIsutc.exe
  2⤵
  PID:6376
- C:\Windows\System\FHehDgS.exe
  C:\Windows\System\FHehDgS.exe
  2⤵
  PID:6768
- C:\Windows\System\nFrYSRN.exe
  C:\Windows\System\nFrYSRN.exe
  2⤵
  PID:6572
- C:\Windows\System\zfRYbmJ.exe
  C:\Windows\System\zfRYbmJ.exe
  2⤵
  PID:7008
- C:\Windows\System\QaudVnv.exe
  C:\Windows\System\QaudVnv.exe
  2⤵
  PID:7060
- C:\Windows\System\phEQUIQ.exe
  C:\Windows\System\phEQUIQ.exe
  2⤵
  PID:7092
- C:\Windows\System\rIKPSvS.exe
  C:\Windows\System\rIKPSvS.exe
  2⤵
  PID:6480
- C:\Windows\System\ceCziFI.exe
  C:\Windows\System\ceCziFI.exe
  2⤵
  PID:7160
- C:\Windows\System\ZAtCqOL.exe
  C:\Windows\System\ZAtCqOL.exe
  2⤵
  PID:5968
- C:\Windows\System\SFZmiwK.exe
  C:\Windows\System\SFZmiwK.exe
  2⤵
  PID:6992
- C:\Windows\System\bwXhcbk.exe
  C:\Windows\System\bwXhcbk.exe
  2⤵
  PID:6716
- C:\Windows\System\XctBmMm.exe
  C:\Windows\System\XctBmMm.exe
  2⤵
  PID:7100
- C:\Windows\System\QorFsRD.exe
  C:\Windows\System\QorFsRD.exe
  2⤵
  PID:5872
- C:\Windows\System\UVZoKdB.exe
  C:\Windows\System\UVZoKdB.exe
  2⤵
  PID:6208
- C:\Windows\System\jcwjOoP.exe
  C:\Windows\System\jcwjOoP.exe
  2⤵
  PID:5568
- C:\Windows\System\wPbktrb.exe
  C:\Windows\System\wPbktrb.exe
  2⤵
  PID:6464
- C:\Windows\System\cmlosec.exe
  C:\Windows\System\cmlosec.exe
  2⤵
  PID:6476
- C:\Windows\System\afgYqZW.exe
  C:\Windows\System\afgYqZW.exe
  2⤵
  PID:6700
- C:\Windows\System\sidnIpJ.exe
  C:\Windows\System\sidnIpJ.exe
  2⤵
  PID:6880
- C:\Windows\System\pFjpJcK.exe
  C:\Windows\System\pFjpJcK.exe
  2⤵
  PID:6340
- C:\Windows\System\aUvVzIU.exe
  C:\Windows\System\aUvVzIU.exe
  2⤵
  PID:7080
- C:\Windows\System\QFcInsc.exe
  C:\Windows\System\QFcInsc.exe
  2⤵
  PID:5348
- C:\Windows\System\JzTqLEz.exe
  C:\Windows\System\JzTqLEz.exe
  2⤵
  PID:6588
- C:\Windows\System\YUNRCGy.exe
  C:\Windows\System\YUNRCGy.exe
  2⤵
  PID:6816
- C:\Windows\System\FpOrLnc.exe
  C:\Windows\System\FpOrLnc.exe
  2⤵
  PID:6400
- C:\Windows\System\HDnQkJv.exe
  C:\Windows\System\HDnQkJv.exe
  2⤵
  PID:6160
- C:\Windows\System\hNCvhYE.exe
  C:\Windows\System\hNCvhYE.exe
  2⤵
  PID:6780
- C:\Windows\System\JDUDbMg.exe
  C:\Windows\System\JDUDbMg.exe
  2⤵
  PID:6624
- C:\Windows\System\jERkxAP.exe
  C:\Windows\System\jERkxAP.exe
  2⤵
  PID:6640
- C:\Windows\System\iSUylIG.exe
  C:\Windows\System\iSUylIG.exe
  2⤵
  PID:5976
- C:\Windows\System\ygghCtF.exe
  C:\Windows\System\ygghCtF.exe
  2⤵
  PID:7144
- C:\Windows\System\XigvPou.exe
  C:\Windows\System\XigvPou.exe
  2⤵
  PID:7112
- C:\Windows\System\RofqMTQ.exe
  C:\Windows\System\RofqMTQ.exe
  2⤵
  PID:6652
- C:\Windows\System\oxjomhq.exe
  C:\Windows\System\oxjomhq.exe
  2⤵
  PID:7172
- C:\Windows\System\YfFsgxm.exe
  C:\Windows\System\YfFsgxm.exe
  2⤵
  PID:7188
- C:\Windows\System\KyTzCCD.exe
  C:\Windows\System\KyTzCCD.exe
  2⤵
  PID:7220
- C:\Windows\System\vkvSrQy.exe
  C:\Windows\System\vkvSrQy.exe
  2⤵
  PID:7244
- C:\Windows\System\vBWVoCn.exe
  C:\Windows\System\vBWVoCn.exe
  2⤵
  PID:7260
- C:\Windows\System\psfsrsp.exe
  C:\Windows\System\psfsrsp.exe
  2⤵
  PID:7276
- C:\Windows\System\HINJkeK.exe
  C:\Windows\System\HINJkeK.exe
  2⤵
  PID:7292
- C:\Windows\System\liGxvRU.exe
  C:\Windows\System\liGxvRU.exe
  2⤵
  PID:7308
- C:\Windows\System\suuzDvt.exe
  C:\Windows\System\suuzDvt.exe
  2⤵
  PID:7324
- C:\Windows\System\LiOoKEV.exe
  C:\Windows\System\LiOoKEV.exe
  2⤵
  PID:7344
- C:\Windows\System\OlMMjnU.exe
  C:\Windows\System\OlMMjnU.exe
  2⤵
  PID:7364
- C:\Windows\System\CNtzsRH.exe
  C:\Windows\System\CNtzsRH.exe
  2⤵
  PID:7396
- C:\Windows\System\LEaJtCN.exe
  C:\Windows\System\LEaJtCN.exe
  2⤵
  PID:7416
- C:\Windows\System\gsylpLA.exe
  C:\Windows\System\gsylpLA.exe
  2⤵
  PID:7444
- C:\Windows\System\MaWpmqH.exe
  C:\Windows\System\MaWpmqH.exe
  2⤵
  PID:7460
- C:\Windows\System\zYsIcVF.exe
  C:\Windows\System\zYsIcVF.exe
  2⤵
  PID:7480
- C:\Windows\System\lJsoTfV.exe
  C:\Windows\System\lJsoTfV.exe
  2⤵
  PID:7496
- C:\Windows\System\TZpDGkh.exe
  C:\Windows\System\TZpDGkh.exe
  2⤵
  PID:7512
- C:\Windows\System\kkQLGgy.exe
  C:\Windows\System\kkQLGgy.exe
  2⤵
  PID:7528
- C:\Windows\System\SlYdoyX.exe
  C:\Windows\System\SlYdoyX.exe
  2⤵
  PID:7544
- C:\Windows\System\wPViLcG.exe
  C:\Windows\System\wPViLcG.exe
  2⤵
  PID:7564
- C:\Windows\System\nbvkauZ.exe
  C:\Windows\System\nbvkauZ.exe
  2⤵
  PID:7584
- C:\Windows\System\XWABGcI.exe
  C:\Windows\System\XWABGcI.exe
  2⤵
  PID:7600
- C:\Windows\System\qDqPIvb.exe
  C:\Windows\System\qDqPIvb.exe
  2⤵
  PID:7616
- C:\Windows\System\uMkOIQy.exe
  C:\Windows\System\uMkOIQy.exe
  2⤵
  PID:7632
- C:\Windows\System\bUMxIjw.exe
  C:\Windows\System\bUMxIjw.exe
  2⤵
  PID:7648
- C:\Windows\System\kFOcnbh.exe
  C:\Windows\System\kFOcnbh.exe
  2⤵
  PID:7668
- C:\Windows\System\peGqnaO.exe
  C:\Windows\System\peGqnaO.exe
  2⤵
  PID:7692
- C:\Windows\System\XUTUYBd.exe
  C:\Windows\System\XUTUYBd.exe
  2⤵
  PID:7716
- C:\Windows\System\RRXklOL.exe
  C:\Windows\System\RRXklOL.exe
  2⤵
  PID:7764
- C:\Windows\System\yBWCwZO.exe
  C:\Windows\System\yBWCwZO.exe
  2⤵
  PID:7780
- C:\Windows\System\KIerlSu.exe
  C:\Windows\System\KIerlSu.exe
  2⤵
  PID:7812
- C:\Windows\System\FfZbwZy.exe
  C:\Windows\System\FfZbwZy.exe
  2⤵
  PID:7828
- C:\Windows\System\fUIdcoy.exe
  C:\Windows\System\fUIdcoy.exe
  2⤵
  PID:7856
- C:\Windows\System\SRkpXrM.exe
  C:\Windows\System\SRkpXrM.exe
  2⤵
  PID:7872
- C:\Windows\System\mXGEZJX.exe
  C:\Windows\System\mXGEZJX.exe
  2⤵
  PID:7888
- C:\Windows\System\sYxyoEP.exe
  C:\Windows\System\sYxyoEP.exe
  2⤵
  PID:7920
- C:\Windows\System\YSeXxFH.exe
  C:\Windows\System\YSeXxFH.exe
  2⤵
  PID:7936
- C:\Windows\System\IymfESu.exe
  C:\Windows\System\IymfESu.exe
  2⤵
  PID:7952
- C:\Windows\System\ahvqCZN.exe
  C:\Windows\System\ahvqCZN.exe
  2⤵
  PID:7972
- C:\Windows\System\MiFvzrA.exe
  C:\Windows\System\MiFvzrA.exe
  2⤵
  PID:7992
- C:\Windows\System\RmsFeuK.exe
  C:\Windows\System\RmsFeuK.exe
  2⤵
  PID:8020
- C:\Windows\System\zquzQOm.exe
  C:\Windows\System\zquzQOm.exe
  2⤵
  PID:8036
- C:\Windows\System\njwZbfg.exe
  C:\Windows\System\njwZbfg.exe
  2⤵
  PID:8056
- C:\Windows\System\JFeXTjt.exe
  C:\Windows\System\JFeXTjt.exe
  2⤵
  PID:8072
- C:\Windows\System\KbfGyDg.exe
  C:\Windows\System\KbfGyDg.exe
  2⤵
  PID:8096
- C:\Windows\System\qjlfBNj.exe
  C:\Windows\System\qjlfBNj.exe
  2⤵
  PID:8116
- C:\Windows\System\GCmVGLp.exe
  C:\Windows\System\GCmVGLp.exe
  2⤵
  PID:8132
- C:\Windows\System\oBmuBTy.exe
  C:\Windows\System\oBmuBTy.exe
  2⤵
  PID:8148
- C:\Windows\System\qCtGooa.exe
  C:\Windows\System\qCtGooa.exe
  2⤵
  PID:8164
- C:\Windows\System\HvyerfZ.exe
  C:\Windows\System\HvyerfZ.exe
  2⤵
  PID:8180
- C:\Windows\System\HZwRvFo.exe
  C:\Windows\System\HZwRvFo.exe
  2⤵
  PID:6844
- C:\Windows\System\BKgktIn.exe
  C:\Windows\System\BKgktIn.exe
  2⤵
  PID:7156
- C:\Windows\System\McCmQzE.exe
  C:\Windows\System\McCmQzE.exe
  2⤵
  PID:6544
- C:\Windows\System\mmornPY.exe
  C:\Windows\System\mmornPY.exe
  2⤵
  PID:6316
- C:\Windows\System\wHiToZp.exe
  C:\Windows\System\wHiToZp.exe
  2⤵
  PID:7152
- C:\Windows\System\ZhiAVML.exe
  C:\Windows\System\ZhiAVML.exe
  2⤵
  PID:7212
- C:\Windows\System\CeYGnIf.exe
  C:\Windows\System\CeYGnIf.exe
  2⤵
  PID:7336
- C:\Windows\System\IOxHlud.exe
  C:\Windows\System\IOxHlud.exe
  2⤵
  PID:7316
- C:\Windows\System\MGdLSUo.exe
  C:\Windows\System\MGdLSUo.exe
  2⤵
  PID:7388
- C:\Windows\System\FWQWDol.exe
  C:\Windows\System\FWQWDol.exe
  2⤵
  PID:7288
- C:\Windows\System\kLPgwLy.exe
  C:\Windows\System\kLPgwLy.exe
  2⤵
  PID:7256
- C:\Windows\System\FYONuzL.exe
  C:\Windows\System\FYONuzL.exe
  2⤵
  PID:7476
- C:\Windows\System\HOJbnCI.exe
  C:\Windows\System\HOJbnCI.exe
  2⤵
  PID:7556
- C:\Windows\System\NhmDRfr.exe
  C:\Windows\System\NhmDRfr.exe
  2⤵
  PID:7580
- C:\Windows\System\HnfbGiR.exe
  C:\Windows\System\HnfbGiR.exe
  2⤵
  PID:7644
- C:\Windows\System\MiliKuY.exe
  C:\Windows\System\MiliKuY.exe
  2⤵
  PID:7688
- C:\Windows\System\BOSTgxV.exe
  C:\Windows\System\BOSTgxV.exe
  2⤵
  PID:7596
- C:\Windows\System\wdzNkTv.exe
  C:\Windows\System\wdzNkTv.exe
  2⤵
  PID:7408
- C:\Windows\System\LunFAzz.exe
  C:\Windows\System\LunFAzz.exe
  2⤵
  PID:7492
- C:\Windows\System\dBueeai.exe
  C:\Windows\System\dBueeai.exe
  2⤵
  PID:7708
- C:\Windows\System\aSHwPoa.exe
  C:\Windows\System\aSHwPoa.exe
  2⤵
  PID:7736
- C:\Windows\System\BckzoMu.exe
  C:\Windows\System\BckzoMu.exe
  2⤵
  PID:7748
- C:\Windows\System\VXqwpXe.exe
  C:\Windows\System\VXqwpXe.exe
  2⤵
  PID:7800
- C:\Windows\System\WewrQjs.exe
  C:\Windows\System\WewrQjs.exe
  2⤵
  PID:7772
- C:\Windows\System\TwvPuEC.exe
  C:\Windows\System\TwvPuEC.exe
  2⤵
  PID:7852
- C:\Windows\System\tjifbwB.exe
  C:\Windows\System\tjifbwB.exe
  2⤵
  PID:7896
- C:\Windows\System\CUPGkFn.exe
  C:\Windows\System\CUPGkFn.exe
  2⤵
  PID:7820
- C:\Windows\System\DxawaEj.exe
  C:\Windows\System\DxawaEj.exe
  2⤵
  PID:7904
- C:\Windows\System\jISfWFF.exe
  C:\Windows\System\jISfWFF.exe
  2⤵
  PID:8000
- C:\Windows\System\kslfgOx.exe
  C:\Windows\System\kslfgOx.exe
  2⤵
  PID:8012
- C:\Windows\System\weyAadE.exe
  C:\Windows\System\weyAadE.exe
  2⤵
  PID:8028
- C:\Windows\System\ZQJaBPg.exe
  C:\Windows\System\ZQJaBPg.exe
  2⤵
  PID:8052
- C:\Windows\System\ykSDpdK.exe
  C:\Windows\System\ykSDpdK.exe
  2⤵
  PID:8088
- C:\Windows\System\nFVrpqy.exe
  C:\Windows\System\nFVrpqy.exe
  2⤵
  PID:8104
- C:\Windows\System\jhKoJaH.exe
  C:\Windows\System\jhKoJaH.exe
  2⤵
  PID:7024
- C:\Windows\System\vVMgKEc.exe
  C:\Windows\System\vVMgKEc.exe
  2⤵
  PID:8108
- C:\Windows\System\RMonGdc.exe
  C:\Windows\System\RMonGdc.exe
  2⤵
  PID:6704
- C:\Windows\System\PAAgmSB.exe
  C:\Windows\System\PAAgmSB.exe
  2⤵
  PID:7268
- C:\Windows\System\dPtIjDb.exe
  C:\Windows\System\dPtIjDb.exe
  2⤵
  PID:8140
- C:\Windows\System\AcHcbRP.exe
  C:\Windows\System\AcHcbRP.exe
  2⤵
  PID:7384
- C:\Windows\System\fUamHGI.exe
  C:\Windows\System\fUamHGI.exe
  2⤵
  PID:7432
- C:\Windows\System\acerjuv.exe
  C:\Windows\System\acerjuv.exe
  2⤵
  PID:7472
- C:\Windows\System\mqctjPr.exe
  C:\Windows\System\mqctjPr.exe
  2⤵
  PID:7612
- C:\Windows\System\QbrMZAy.exe
  C:\Windows\System\QbrMZAy.exe
  2⤵
  PID:7728
- C:\Windows\System\qUNWoAj.exe
  C:\Windows\System\qUNWoAj.exe
  2⤵
  PID:7788
- C:\Windows\System\IrbfKDg.exe
  C:\Windows\System\IrbfKDg.exe
  2⤵
  PID:7964
- C:\Windows\System\cCrOJDv.exe
  C:\Windows\System\cCrOJDv.exe
  2⤵
  PID:7684
- C:\Windows\System\IvoDLaE.exe
  C:\Windows\System\IvoDLaE.exe
  2⤵
  PID:8092
- C:\Windows\System\wPiIvlY.exe
  C:\Windows\System\wPiIvlY.exe
  2⤵
  PID:8160
- C:\Windows\System\DZTXzAZ.exe
  C:\Windows\System\DZTXzAZ.exe
  2⤵
  PID:7208
- C:\Windows\System\zluBcta.exe
  C:\Windows\System\zluBcta.exe
  2⤵
  PID:6924
- C:\Windows\System\wNoGJgI.exe
  C:\Windows\System\wNoGJgI.exe
  2⤵
  PID:7984
- C:\Windows\System\MlKRfoT.exe
  C:\Windows\System\MlKRfoT.exe
  2⤵
  PID:8048
- C:\Windows\System\TOKqfrU.exe
  C:\Windows\System\TOKqfrU.exe
  2⤵
  PID:7228
- C:\Windows\System\USTFzhr.exe
  C:\Windows\System\USTFzhr.exe
  2⤵
  PID:6540
- C:\Windows\System\BXavqOn.exe
  C:\Windows\System\BXavqOn.exe
  2⤵
  PID:8172
- C:\Windows\System\RedOTjT.exe
  C:\Windows\System\RedOTjT.exe
  2⤵
  PID:8144
- C:\Windows\System\fzmFmlR.exe
  C:\Windows\System\fzmFmlR.exe
  2⤵
  PID:7536
- C:\Windows\System\AFatBky.exe
  C:\Windows\System\AFatBky.exe
  2⤵
  PID:7868
- C:\Windows\System\pRAGaHq.exe
  C:\Windows\System\pRAGaHq.exe
  2⤵
  PID:7376
- C:\Windows\System\VLZSjRL.exe
  C:\Windows\System\VLZSjRL.exe
  2⤵
  PID:8128
- C:\Windows\System\UQniZHv.exe
  C:\Windows\System\UQniZHv.exe
  2⤵
  PID:7628
- C:\Windows\System\JtHRMsK.exe
  C:\Windows\System\JtHRMsK.exe
  2⤵
  PID:7836
- C:\Windows\System\jZaEfVh.exe
  C:\Windows\System\jZaEfVh.exe
  2⤵
  PID:7776
- C:\Windows\System\TdnNMUS.exe
  C:\Windows\System\TdnNMUS.exe
  2⤵
  PID:7664
- C:\Windows\System\XoFzmPN.exe
  C:\Windows\System\XoFzmPN.exe
  2⤵
  PID:7944
- C:\Windows\System\BBlKBAG.exe
  C:\Windows\System\BBlKBAG.exe
  2⤵
  PID:7452
- C:\Windows\System\ICpraFp.exe
  C:\Windows\System\ICpraFp.exe
  2⤵
  PID:7356
- C:\Windows\System\mYYHMfy.exe
  C:\Windows\System\mYYHMfy.exe
  2⤵
  PID:7380
- C:\Windows\System\tQQGrlZ.exe
  C:\Windows\System\tQQGrlZ.exe
  2⤵
  PID:7960
- C:\Windows\System\kADkfQl.exe
  C:\Windows\System\kADkfQl.exe
  2⤵
  PID:7928
- C:\Windows\System\ltmsXJH.exe
  C:\Windows\System\ltmsXJH.exe
  2⤵
  PID:7040
- C:\Windows\System\fwBzRtq.exe
  C:\Windows\System\fwBzRtq.exe
  2⤵
  PID:8112
- C:\Windows\System\IhqtUZo.exe
  C:\Windows\System\IhqtUZo.exe
  2⤵
  PID:7360
- C:\Windows\System\lJikfDl.exe
  C:\Windows\System\lJikfDl.exe
  2⤵
  PID:7848
- C:\Windows\System\XplKkan.exe
  C:\Windows\System\XplKkan.exe
  2⤵
  PID:7760
- C:\Windows\System\ZLdPAeP.exe
  C:\Windows\System\ZLdPAeP.exe
  2⤵
  PID:6784
- C:\Windows\System\FdgsZOa.exe
  C:\Windows\System\FdgsZOa.exe
  2⤵
  PID:8084
- C:\Windows\System\TZexZnQ.exe
  C:\Windows\System\TZexZnQ.exe
  2⤵
  PID:8004
- C:\Windows\System\xPieWUz.exe
  C:\Windows\System\xPieWUz.exe
  2⤵
  PID:8068
- C:\Windows\System\itoqShh.exe
  C:\Windows\System\itoqShh.exe
  2⤵
  PID:8196
- C:\Windows\System\abSPWRw.exe
  C:\Windows\System\abSPWRw.exe
  2⤵
  PID:8216
- C:\Windows\System\UxTTxQX.exe
  C:\Windows\System\UxTTxQX.exe
  2⤵
  PID:8232
- C:\Windows\System\spIDuJp.exe
  C:\Windows\System\spIDuJp.exe
  2⤵
  PID:8252
- C:\Windows\System\UJdvufQ.exe
  C:\Windows\System\UJdvufQ.exe
  2⤵
  PID:8268
- C:\Windows\System\gDmgpIN.exe
  C:\Windows\System\gDmgpIN.exe
  2⤵
  PID:8284
- C:\Windows\System\IiUfHyU.exe
  C:\Windows\System\IiUfHyU.exe
  2⤵
  PID:8300
- C:\Windows\System\GgTHQwy.exe
  C:\Windows\System\GgTHQwy.exe
  2⤵
  PID:8316
- C:\Windows\System\WzURIgR.exe
  C:\Windows\System\WzURIgR.exe
  2⤵
  PID:8332
- C:\Windows\System\LBgpXCl.exe
  C:\Windows\System\LBgpXCl.exe
  2⤵
  PID:8352
- C:\Windows\System\QNkkwFB.exe
  C:\Windows\System\QNkkwFB.exe
  2⤵
  PID:8376
- C:\Windows\System\uaImJWG.exe
  C:\Windows\System\uaImJWG.exe
  2⤵
  PID:8396
- C:\Windows\System\oKadOAU.exe
  C:\Windows\System\oKadOAU.exe
  2⤵
  PID:8416
- C:\Windows\System\FCTHaAr.exe
  C:\Windows\System\FCTHaAr.exe
  2⤵
  PID:8452
- C:\Windows\System\Gqpwxfy.exe
  C:\Windows\System\Gqpwxfy.exe
  2⤵
  PID:8476
- C:\Windows\System\NImLsvE.exe
  C:\Windows\System\NImLsvE.exe
  2⤵
  PID:8492
- C:\Windows\System\haQzNfu.exe
  C:\Windows\System\haQzNfu.exe
  2⤵
  PID:8516
- C:\Windows\System\XVQPuMr.exe
  C:\Windows\System\XVQPuMr.exe
  2⤵
  PID:8532
- C:\Windows\System\hCQNslG.exe
  C:\Windows\System\hCQNslG.exe
  2⤵
  PID:8552
- C:\Windows\System\ICGapbj.exe
  C:\Windows\System\ICGapbj.exe
  2⤵
  PID:8576
- C:\Windows\System\kDdSDfF.exe
  C:\Windows\System\kDdSDfF.exe
  2⤵
  PID:8592
- C:\Windows\System\zFIoNbO.exe
  C:\Windows\System\zFIoNbO.exe
  2⤵
  PID:8620
- C:\Windows\System\fQzJEHV.exe
  C:\Windows\System\fQzJEHV.exe
  2⤵
  PID:8636
- C:\Windows\System\vfEWUKG.exe
  C:\Windows\System\vfEWUKG.exe
  2⤵
  PID:8656
- C:\Windows\System\UCWuIFz.exe
  C:\Windows\System\UCWuIFz.exe
  2⤵
  PID:8684
- C:\Windows\System\ZabylLO.exe
  C:\Windows\System\ZabylLO.exe
  2⤵
  PID:8700
- C:\Windows\System\matIiSZ.exe
  C:\Windows\System\matIiSZ.exe
  2⤵
  PID:8716
- C:\Windows\System\azhMPDm.exe
  C:\Windows\System\azhMPDm.exe
  2⤵
  PID:8732
- C:\Windows\System\rdKgBCE.exe
  C:\Windows\System\rdKgBCE.exe
  2⤵
  PID:8748
- C:\Windows\System\liBwQAX.exe
  C:\Windows\System\liBwQAX.exe
  2⤵
  PID:8768
- C:\Windows\System\mNvGwCE.exe
  C:\Windows\System\mNvGwCE.exe
  2⤵
  PID:8784
- C:\Windows\System\kpDyIzm.exe
  C:\Windows\System\kpDyIzm.exe
  2⤵
  PID:8800
- C:\Windows\System\IQiqZkE.exe
  C:\Windows\System\IQiqZkE.exe
  2⤵
  PID:8816
- C:\Windows\System\kYnjAHv.exe
  C:\Windows\System\kYnjAHv.exe
  2⤵
  PID:8832
- C:\Windows\System\JDSnfrD.exe
  C:\Windows\System\JDSnfrD.exe
  2⤵
  PID:8848
- C:\Windows\System\NxfAABh.exe
  C:\Windows\System\NxfAABh.exe
  2⤵
  PID:8864
- C:\Windows\System\CPDbMro.exe
  C:\Windows\System\CPDbMro.exe
  2⤵
  PID:8884
- C:\Windows\System\mvySROF.exe
  C:\Windows\System\mvySROF.exe
  2⤵
  PID:8900
- C:\Windows\System\ToknGgw.exe
  C:\Windows\System\ToknGgw.exe
  2⤵
  PID:8916
- C:\Windows\System\tpJkRQK.exe
  C:\Windows\System\tpJkRQK.exe
  2⤵
  PID:8932
- C:\Windows\System\mdmIMVI.exe
  C:\Windows\System\mdmIMVI.exe
  2⤵
  PID:8952
- C:\Windows\System\JfyfgXo.exe
  C:\Windows\System\JfyfgXo.exe
  2⤵
  PID:8968
- C:\Windows\System\FEdSiga.exe
  C:\Windows\System\FEdSiga.exe
  2⤵
  PID:8984
- C:\Windows\System\RNwAPNp.exe
  C:\Windows\System\RNwAPNp.exe
  2⤵
  PID:9000
- C:\Windows\System\omFJPbE.exe
  C:\Windows\System\omFJPbE.exe
  2⤵
  PID:9016
- C:\Windows\System\DzkKVhi.exe
  C:\Windows\System\DzkKVhi.exe
  2⤵
  PID:9032
- C:\Windows\System\tiPaFzb.exe
  C:\Windows\System\tiPaFzb.exe
  2⤵
  PID:9048
- C:\Windows\System\KbEbXRU.exe
  C:\Windows\System\KbEbXRU.exe
  2⤵
  PID:9064
- C:\Windows\System\yaXfpJm.exe
  C:\Windows\System\yaXfpJm.exe
  2⤵
  PID:9080
- C:\Windows\System\lNNtGjX.exe
  C:\Windows\System\lNNtGjX.exe
  2⤵
  PID:9100
- C:\Windows\System\pjPUGka.exe
  C:\Windows\System\pjPUGka.exe
  2⤵
  PID:9116
- C:\Windows\System\LtcPsiH.exe
  C:\Windows\System\LtcPsiH.exe
  2⤵
  PID:9132
- C:\Windows\System\GKrKqlS.exe
  C:\Windows\System\GKrKqlS.exe
  2⤵
  PID:9148
- C:\Windows\System\gGyUaYJ.exe
  C:\Windows\System\gGyUaYJ.exe
  2⤵
  PID:9164
- C:\Windows\System\XcEOuRz.exe
  C:\Windows\System\XcEOuRz.exe
  2⤵
  PID:9180
- C:\Windows\System\OkzyWbb.exe
  C:\Windows\System\OkzyWbb.exe
  2⤵
  PID:8208
- C:\Windows\System\pLNYEtq.exe
  C:\Windows\System\pLNYEtq.exe
  2⤵
  PID:8228
- C:\Windows\System\nuVvLGa.exe
  C:\Windows\System\nuVvLGa.exe
  2⤵
  PID:8296
- C:\Windows\System\gkUteRq.exe
  C:\Windows\System\gkUteRq.exe
  2⤵
  PID:8364
- C:\Windows\System\awencOH.exe
  C:\Windows\System\awencOH.exe
  2⤵
  PID:8432
- C:\Windows\System\IynPlKi.exe
  C:\Windows\System\IynPlKi.exe
  2⤵
  PID:8384
- C:\Windows\System\TcqliMS.exe
  C:\Windows\System\TcqliMS.exe
  2⤵
  PID:8548
- C:\Windows\System\fuvbohK.exe
  C:\Windows\System\fuvbohK.exe
  2⤵
  PID:8584
- C:\Windows\System\hDGgPkE.exe
  C:\Windows\System\hDGgPkE.exe
  2⤵
  PID:8604
- C:\Windows\System\pAliouL.exe
  C:\Windows\System\pAliouL.exe
  2⤵
  PID:8664
- C:\Windows\System\oQbxWzQ.exe
  C:\Windows\System\oQbxWzQ.exe
  2⤵
  PID:8668
- C:\Windows\System\brqxjLl.exe
  C:\Windows\System\brqxjLl.exe
  2⤵
  PID:8696
- C:\Windows\System\jLcCFwU.exe
  C:\Windows\System\jLcCFwU.exe
  2⤵
  PID:8728
- C:\Windows\System\iuQAcql.exe
  C:\Windows\System\iuQAcql.exe
  2⤵
  PID:8812
- C:\Windows\System\FVAXjOt.exe
  C:\Windows\System\FVAXjOt.exe
  2⤵
  PID:8824
- C:\Windows\System\ArjlryR.exe
  C:\Windows\System\ArjlryR.exe
  2⤵
  PID:8876
- C:\Windows\System\bqTtqnO.exe
  C:\Windows\System\bqTtqnO.exe
  2⤵
  PID:8940
- C:\Windows\System\snpDTrH.exe
  C:\Windows\System\snpDTrH.exe
  2⤵
  PID:8896
- C:\Windows\System\NsQSugA.exe
  C:\Windows\System\NsQSugA.exe
  2⤵
  PID:8980
- C:\Windows\System\cWIfpIE.exe
  C:\Windows\System\cWIfpIE.exe
  2⤵
  PID:8992
- C:\Windows\System\mKAbHUZ.exe
  C:\Windows\System\mKAbHUZ.exe
  2⤵
  PID:8964
- C:\Windows\System\pjDqpoL.exe
  C:\Windows\System\pjDqpoL.exe
  2⤵
  PID:9072
- C:\Windows\System\NJwMJTj.exe
  C:\Windows\System\NJwMJTj.exe
  2⤵
  PID:9144
- C:\Windows\System\oQybKYc.exe
  C:\Windows\System\oQybKYc.exe
  2⤵
  PID:9176
- C:\Windows\System\vgDFdOJ.exe
  C:\Windows\System\vgDFdOJ.exe
  2⤵
  PID:9188
- C:\Windows\System\zRtLzvZ.exe
  C:\Windows\System\zRtLzvZ.exe
  2⤵
  PID:9208
- C:\Windows\System\caMvdum.exe
  C:\Windows\System\caMvdum.exe
  2⤵
  PID:8264
- C:\Windows\System\OjKrIxD.exe
  C:\Windows\System\OjKrIxD.exe
  2⤵
  PID:8408
- C:\Windows\System\xadDjOS.exe
  C:\Windows\System\xadDjOS.exe
  2⤵
  PID:8676
- C:\Windows\System\stLpaNp.exe
  C:\Windows\System\stLpaNp.exe
  2⤵
  PID:8248
- C:\Windows\System\xRgpUxJ.exe
  C:\Windows\System\xRgpUxJ.exe
  2⤵
  PID:8440
- C:\Windows\System\yQTOAYf.exe
  C:\Windows\System\yQTOAYf.exe
  2⤵
  PID:8448
- C:\Windows\System\dCokWJr.exe
  C:\Windows\System\dCokWJr.exe
  2⤵
  PID:8468
- C:\Windows\System\vBKMRFE.exe
  C:\Windows\System\vBKMRFE.exe
  2⤵
  PID:8544
- C:\Windows\System\pNlXSsQ.exe
  C:\Windows\System\pNlXSsQ.exe
  2⤵
  PID:8612
- C:\Windows\System\pbZrqbE.exe
  C:\Windows\System\pbZrqbE.exe
  2⤵
  PID:8628
- C:\Windows\System\qtdABuu.exe
  C:\Windows\System\qtdABuu.exe
  2⤵
  PID:8644
- C:\Windows\System\RtMlcTx.exe
  C:\Windows\System\RtMlcTx.exe
  2⤵
  PID:8796
- C:\Windows\System\FqvrHfM.exe
  C:\Windows\System\FqvrHfM.exe
  2⤵
  PID:8828
- C:\Windows\System\knVBdqk.exe
  C:\Windows\System\knVBdqk.exe
  2⤵
  PID:9056
- C:\Windows\System\HcluNHp.exe
  C:\Windows\System\HcluNHp.exe
  2⤵
  PID:8948
- C:\Windows\System\eRtcnsw.exe
  C:\Windows\System\eRtcnsw.exe
  2⤵
  PID:8976
- C:\Windows\System\ENYKorx.exe
  C:\Windows\System\ENYKorx.exe
  2⤵
  PID:8764
- C:\Windows\System\SxJyzPl.exe
  C:\Windows\System\SxJyzPl.exe
  2⤵
  PID:9196
- C:\Windows\System\WgsdmDa.exe
  C:\Windows\System\WgsdmDa.exe
  2⤵
  PID:8276
- C:\Windows\System\RHxoLeV.exe
  C:\Windows\System\RHxoLeV.exe
  2⤵
  PID:8412
- C:\Windows\System\mXRrjPM.exe
  C:\Windows\System\mXRrjPM.exe
  2⤵
  PID:8176
- C:\Windows\System\rwSVzfF.exe
  C:\Windows\System\rwSVzfF.exe
  2⤵
  PID:8424
- C:\Windows\System\AnAyxQy.exe
  C:\Windows\System\AnAyxQy.exe
  2⤵
  PID:8600
- C:\Windows\System\ZgjnyNu.exe
  C:\Windows\System\ZgjnyNu.exe
  2⤵
  PID:8712
- C:\Windows\System\oONfElP.exe
  C:\Windows\System\oONfElP.exe
  2⤵
  PID:8724
- C:\Windows\System\QSHcnFc.exe
  C:\Windows\System\QSHcnFc.exe
  2⤵
  PID:8652
- C:\Windows\System\xsCxiXg.exe
  C:\Windows\System\xsCxiXg.exe
  2⤵
  PID:9008
- C:\Windows\System\TILsJxx.exe
  C:\Windows\System\TILsJxx.exe
  2⤵
  PID:9028
- C:\Windows\System\VGtoiNC.exe
  C:\Windows\System\VGtoiNC.exe
  2⤵
  PID:9108
- C:\Windows\System\yRYLSWL.exe
  C:\Windows\System\yRYLSWL.exe
  2⤵
  PID:9044
- C:\Windows\System\YuDTbLX.exe
  C:\Windows\System\YuDTbLX.exe
  2⤵
  PID:9204
- C:\Windows\System\bgSyPMP.exe
  C:\Windows\System\bgSyPMP.exe
  2⤵
  PID:8240
- C:\Windows\System\QMxCNvp.exe
  C:\Windows\System\QMxCNvp.exe
  2⤵
  PID:8572
- C:\Windows\System\nkVixVE.exe
  C:\Windows\System\nkVixVE.exe
  2⤵
  PID:8692
- C:\Windows\System\jFoexUH.exe
  C:\Windows\System\jFoexUH.exe
  2⤵
  PID:8568
- C:\Windows\System\uLwobLm.exe
  C:\Windows\System\uLwobLm.exe
  2⤵
  PID:8780
- C:\Windows\System\dljbBJm.exe
  C:\Windows\System\dljbBJm.exe
  2⤵
  PID:9160
- C:\Windows\System\mPPaXhR.exe
  C:\Windows\System\mPPaXhR.exe
  2⤵
  PID:8292
- C:\Windows\System\AnbpuXR.exe
  C:\Windows\System\AnbpuXR.exe
  2⤵
  PID:8512
- C:\Windows\System\uRRuHiQ.exe
  C:\Windows\System\uRRuHiQ.exe
  2⤵
  PID:8808
- C:\Windows\System\XlKYNkk.exe
  C:\Windows\System\XlKYNkk.exe
  2⤵
  PID:8484
- C:\Windows\System\efGLGNg.exe
  C:\Windows\System\efGLGNg.exe
  2⤵
  PID:8464
- C:\Windows\System\tlhKDpT.exe
  C:\Windows\System\tlhKDpT.exe
  2⤵
  PID:9088
- C:\Windows\System\AHWpXCR.exe
  C:\Windows\System\AHWpXCR.exe
  2⤵
  PID:8680
- C:\Windows\System\tIMELAc.exe
  C:\Windows\System\tIMELAc.exe
  2⤵
  PID:8392
- C:\Windows\System\TcSXduw.exe
  C:\Windows\System\TcSXduw.exe
  2⤵
  PID:9236
- C:\Windows\System\XTjaVvy.exe
  C:\Windows\System\XTjaVvy.exe
  2⤵
  PID:9260
- C:\Windows\System\XjaAjeP.exe
  C:\Windows\System\XjaAjeP.exe
  2⤵
  PID:9276
- C:\Windows\System\buRGRtP.exe
  C:\Windows\System\buRGRtP.exe
  2⤵
  PID:9296
- C:\Windows\System\lqJlBMg.exe
  C:\Windows\System\lqJlBMg.exe
  2⤵
  PID:9324
- C:\Windows\System\rzSZeQb.exe
  C:\Windows\System\rzSZeQb.exe
  2⤵
  PID:9340
- C:\Windows\System\WxyVtVy.exe
  C:\Windows\System\WxyVtVy.exe
  2⤵
  PID:9356
- C:\Windows\System\pINDueH.exe
  C:\Windows\System\pINDueH.exe
  2⤵
  PID:9372
- C:\Windows\System\pGgayRJ.exe
  C:\Windows\System\pGgayRJ.exe
  2⤵
  PID:9400
- C:\Windows\System\MtWLkEX.exe
  C:\Windows\System\MtWLkEX.exe
  2⤵
  PID:9420
- C:\Windows\System\oGFnTpu.exe
  C:\Windows\System\oGFnTpu.exe
  2⤵
  PID:9444
- C:\Windows\System\tBBCIrv.exe
  C:\Windows\System\tBBCIrv.exe
  2⤵
  PID:9460
- C:\Windows\System\qWAQWUk.exe
  C:\Windows\System\qWAQWUk.exe
  2⤵
  PID:9488
- C:\Windows\System\jLZormP.exe
  C:\Windows\System\jLZormP.exe
  2⤵
  PID:9504
- C:\Windows\System\LJBPfoa.exe
  C:\Windows\System\LJBPfoa.exe
  2⤵
  PID:9520
- C:\Windows\System\kYAapcU.exe
  C:\Windows\System\kYAapcU.exe
  2⤵
  PID:9536
- C:\Windows\System\TIMaZiO.exe
  C:\Windows\System\TIMaZiO.exe
  2⤵
  PID:9560
- C:\Windows\System\EAHfSPI.exe
  C:\Windows\System\EAHfSPI.exe
  2⤵
  PID:9588
- C:\Windows\System\YhiEtax.exe
  C:\Windows\System\YhiEtax.exe
  2⤵
  PID:9608
- C:\Windows\System\dudtDou.exe
  C:\Windows\System\dudtDou.exe
  2⤵
  PID:9624
- C:\Windows\System\qZgGFcJ.exe
  C:\Windows\System\qZgGFcJ.exe
  2⤵
  PID:9640
- C:\Windows\System\TXacamZ.exe
  C:\Windows\System\TXacamZ.exe
  2⤵
  PID:9664
- C:\Windows\System\sIOywrF.exe
  C:\Windows\System\sIOywrF.exe
  2⤵
  PID:9680
- C:\Windows\System\muzzzJZ.exe
  C:\Windows\System\muzzzJZ.exe
  2⤵
  PID:9708
- C:\Windows\System\GmZSbMo.exe
  C:\Windows\System\GmZSbMo.exe
  2⤵
  PID:9724
- C:\Windows\System\dFcIQeW.exe
  C:\Windows\System\dFcIQeW.exe
  2⤵
  PID:9748
- C:\Windows\System\JLtvvYG.exe
  C:\Windows\System\JLtvvYG.exe
  2⤵
  PID:9764
- C:\Windows\System\yvEAqdu.exe
  C:\Windows\System\yvEAqdu.exe
  2⤵
  PID:9788
- C:\Windows\System\eYFYzWt.exe
  C:\Windows\System\eYFYzWt.exe
  2⤵
  PID:9804
- C:\Windows\System\RlGcdOd.exe
  C:\Windows\System\RlGcdOd.exe
  2⤵
  PID:9828
- C:\Windows\System\nUMJaBO.exe
  C:\Windows\System\nUMJaBO.exe
  2⤵
  PID:9848
- C:\Windows\System\byxCuQD.exe
  C:\Windows\System\byxCuQD.exe
  2⤵
  PID:9864
- C:\Windows\System\LeJTeCb.exe
  C:\Windows\System\LeJTeCb.exe
  2⤵
  PID:9888
- C:\Windows\System\xazfbEO.exe
  C:\Windows\System\xazfbEO.exe
  2⤵
  PID:9904
- C:\Windows\System\vTAsXXr.exe
  C:\Windows\System\vTAsXXr.exe
  2⤵
  PID:9920
- C:\Windows\System\GRTgCHC.exe
  C:\Windows\System\GRTgCHC.exe
  2⤵
  PID:9936
- C:\Windows\System\toDfolV.exe
  C:\Windows\System\toDfolV.exe
  2⤵
  PID:9956
- C:\Windows\System\ldiJzwX.exe
  C:\Windows\System\ldiJzwX.exe
  2⤵
  PID:9972
- C:\Windows\System\AFmYhRK.exe
  C:\Windows\System\AFmYhRK.exe
  2⤵
  PID:10000
- C:\Windows\System\GkQBSKR.exe
  C:\Windows\System\GkQBSKR.exe
  2⤵
  PID:10016
- C:\Windows\System\oiyuYrV.exe
  C:\Windows\System\oiyuYrV.exe
  2⤵
  PID:10032
- C:\Windows\System\muHVGrI.exe
  C:\Windows\System\muHVGrI.exe
  2⤵
  PID:10048
- C:\Windows\System\iQbDUzy.exe
  C:\Windows\System\iQbDUzy.exe
  2⤵
  PID:10088
- C:\Windows\System\kalyvAC.exe
  C:\Windows\System\kalyvAC.exe
  2⤵
  PID:10108
- C:\Windows\System\utpzohI.exe
  C:\Windows\System\utpzohI.exe
  2⤵
  PID:10124
- C:\Windows\System\OAuYUWa.exe
  C:\Windows\System\OAuYUWa.exe
  2⤵
  PID:10140
- C:\Windows\System\szqOSrp.exe
  C:\Windows\System\szqOSrp.exe
  2⤵
  PID:10160
- C:\Windows\System\tFtaEEM.exe
  C:\Windows\System\tFtaEEM.exe
  2⤵
  PID:10176
- C:\Windows\System\rOvzQCW.exe
  C:\Windows\System\rOvzQCW.exe
  2⤵
  PID:10204
- C:\Windows\System\EcppsLF.exe
  C:\Windows\System\EcppsLF.exe
  2⤵
  PID:10224
- C:\Windows\System\KZBiNFa.exe
  C:\Windows\System\KZBiNFa.exe
  2⤵
  PID:9224
- C:\Windows\System\HpUuaDe.exe
  C:\Windows\System\HpUuaDe.exe
  2⤵
  PID:8312
- C:\Windows\System\EuXSANP.exe
  C:\Windows\System\EuXSANP.exe
  2⤵
  PID:9248
- C:\Windows\System\TUOEsts.exe
  C:\Windows\System\TUOEsts.exe
  2⤵
  PID:9308
- C:\Windows\System\GBKVOpN.exe
  C:\Windows\System\GBKVOpN.exe
  2⤵
  PID:9332
- C:\Windows\System\iIgQddN.exe
  C:\Windows\System\iIgQddN.exe
  2⤵
  PID:9364
- C:\Windows\System\KUbWfRK.exe
  C:\Windows\System\KUbWfRK.exe
  2⤵
  PID:8540
- C:\Windows\System\KSHtDVN.exe
  C:\Windows\System\KSHtDVN.exe
  2⤵
  PID:9436
- C:\Windows\System\NfEaoWb.exe
  C:\Windows\System\NfEaoWb.exe
  2⤵
  PID:9472
- C:\Windows\System\wmoAylZ.exe
  C:\Windows\System\wmoAylZ.exe
  2⤵
  PID:9496
- C:\Windows\System\qeYeTPM.exe
  C:\Windows\System\qeYeTPM.exe
  2⤵
  PID:9528
- C:\Windows\System\OUJRwgm.exe
  C:\Windows\System\OUJRwgm.exe
  2⤵
  PID:9548
- C:\Windows\System\hCXvhyn.exe
  C:\Windows\System\hCXvhyn.exe
  2⤵
  PID:9580
- C:\Windows\System\kExUNiD.exe
  C:\Windows\System\kExUNiD.exe
  2⤵
  PID:9632
- C:\Windows\System\EdSjoYF.exe
  C:\Windows\System\EdSjoYF.exe
  2⤵
  PID:9652
- C:\Windows\System\UwnezTy.exe
  C:\Windows\System\UwnezTy.exe
  2⤵
  PID:9688
- C:\Windows\System\nDDOSHE.exe
  C:\Windows\System\nDDOSHE.exe
  2⤵
  PID:9756
- C:\Windows\System\bSlubXC.exe
  C:\Windows\System\bSlubXC.exe
  2⤵
  PID:9772
- C:\Windows\System\GUnroPh.exe
  C:\Windows\System\GUnroPh.exe
  2⤵
  PID:9800
- C:\Windows\System\zRBPqcx.exe
  C:\Windows\System\zRBPqcx.exe
  2⤵
  PID:9820
- C:\Windows\System\FuVJcJq.exe
  C:\Windows\System\FuVJcJq.exe
  2⤵
  PID:9876
- C:\Windows\System\wPObNMe.exe
  C:\Windows\System\wPObNMe.exe
  2⤵
  PID:9912
- C:\Windows\System\qDjnoEF.exe
  C:\Windows\System\qDjnoEF.exe
  2⤵
  PID:9948
- C:\Windows\System\HbIjmEe.exe
  C:\Windows\System\HbIjmEe.exe
  2⤵
  PID:9996
- C:\Windows\System\rKRPsET.exe
  C:\Windows\System\rKRPsET.exe
  2⤵
  PID:10064
- C:\Windows\System\RZoZNlR.exe
  C:\Windows\System\RZoZNlR.exe
  2⤵
  PID:9896
- C:\Windows\System\TPIhoXi.exe
  C:\Windows\System\TPIhoXi.exe
  2⤵
  PID:9964
- C:\Windows\System\MDLTaRF.exe
  C:\Windows\System\MDLTaRF.exe
  2⤵
  PID:10044
- C:\Windows\System\dmeajck.exe
  C:\Windows\System\dmeajck.exe
  2⤵
  PID:10116
- C:\Windows\System\arUhVAL.exe
  C:\Windows\System\arUhVAL.exe
  2⤵
  PID:10152
- C:\Windows\System\SbfDLbb.exe
  C:\Windows\System\SbfDLbb.exe
  2⤵
  PID:10232
- C:\Windows\System\UZnXrak.exe
  C:\Windows\System\UZnXrak.exe
  2⤵
  PID:10216
- C:\Windows\System\TQvfEiu.exe
  C:\Windows\System\TQvfEiu.exe
  2⤵
  PID:8244
- C:\Windows\System\rUNnTKN.exe
  C:\Windows\System\rUNnTKN.exe
  2⤵
  PID:9252
- C:\Windows\System\gTWzmhu.exe
  C:\Windows\System\gTWzmhu.exe
  2⤵
  PID:9268
- C:\Windows\System\uHlvhKr.exe
  C:\Windows\System\uHlvhKr.exe
  2⤵
  PID:9384
- C:\Windows\System\RKUblhQ.exe
  C:\Windows\System\RKUblhQ.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CQfcOhk.exe

Filesize
6.0MB

MD5
d717a4b1b8a5f7bef905e9f3ea7afe79

SHA1
f15951cb24929aca2802854d69187dd3ccb170b3

SHA256
44d956c9766bd9db39e466419f095b9321fb6f7bbdcca655cfa5d68067c1e9d2

SHA512
3ef793d2dede886d74124c99b97424f53f9dc47c46b512604b70f89c3d994c19c29651e113786e0efdc7c7d48a519a8f4d387718cca460cf0685776734646fd9

Download Submit
C:\Windows\system\EBqcovn.exe

Filesize
6.0MB

MD5
2fa77b8adbc0acdb4ac4b7ae2e152595

SHA1
6d7ceeb1a1f428ae18a854ef8e724599d7b0dfa9

SHA256
380068d1576f18052055842c613c8c7babd664fb107891100757099347f490e1

SHA512
0e9ad0ac8ef0021d7b48d535a2378484bd7153ad652a9c8c78b4b6aab17af5fbc2e438aee5b9ff776043147ef064ef5ea4df8ad13bea43ce5356ae082b7338e7

Download Submit
C:\Windows\system\GplJdtD.exe

Filesize
6.0MB

MD5
abd986bc2d280ff91c8f19b5651a4453

SHA1
8503346a7282c4a15346a14695726515b4143242

SHA256
91da19cc1a2e15cf8c9d6fa05258c101f06ea337588aa494730f861d3c9450ec

SHA512
e635a95a17160c773c1e2f337e145e32ef91cda912a0ef9d6e58b2d52226e6f3167e810ff45b6292fefd597730fa4a908c1163f42ffbafc97c1e39514a6ee465

Download Submit
C:\Windows\system\KyNXHoI.exe

Filesize
8B

MD5
51d52e1636a886dde70e1d4c2bd3bd03

SHA1
c833b4dd562be6db70d43555d99c9430988f5982

SHA256
968ed07a2446fe5f1faba06b943af31f55fb15cbccda8744929248a07b4a4f39

SHA512
d20cd1ea384feb70545087c2046003ee1c0001946b04252ca6ac74fef8f1cb4f17a9a12f2bd1f474ff4bf9b280cb06a9274e5e34bf36f550ccb8c7e52ef82720

Download Submit
C:\Windows\system\OgjkPaj.exe

Filesize
6.0MB

MD5
c82555cd382ff35e61eae23ae7ea5890

SHA1
ed1a70f743b0c13bf8598b6f8c631f82ea034187

SHA256
f598f1f4e7cae16f3b60895012c83482f8bc2a92399341a6c51ec305aaec542a

SHA512
f51c8cde6554cffeb43f163ab41acb951560804a43675ad8d10271a727a9d8d61c46a64a81334eb2393bb5fa1e2d0f38dca4ad8567ad1fcb2bb3f251b92baf8f

Download Submit
C:\Windows\system\PFKdmZs.exe

Filesize
6.0MB

MD5
e427bac2a828f5f1ec8d5d8bdb5d9c64

SHA1
816eff2df1c7b6ee33588d29ce17b119b85cd07c

SHA256
9bbbb7f3acffe91833b65e1d6ffbd1f55966603fa2f0ee3450d5c4107ed1d5d6

SHA512
fa8eebd7ac90f2babd9f34768868b3eae3a538953de7ae12be9cbe543123f0a4f53ba5a0a7758b9aac36b7cb6359a74721bc0b4f7b0484b43fe7cc18f742a505

Download Submit
C:\Windows\system\QDnZIke.exe

Filesize
6.0MB

MD5
6cbd80238bf5fba37359b1977bfdb11b

SHA1
5a8249e4f6a522a5b5f0a6f88a72f5f4e65f4ae4

SHA256
e2ded8998b1a569e96573544bdc1ebcc4052fa9874ed7567fd46005816123498

SHA512
a7576c1bde2713820f7f9489ad371b59049e38ac8d3160bf40f1efb27ec85abc4e7077865fe06a7c95e71c70ab15204bb91bf1f22a279c6255b3e08813c80e36

Download Submit
C:\Windows\system\RTLCGaJ.exe

Filesize
6.0MB

MD5
c3ece330141c4eacbb1cbfcf7c48fc1f

SHA1
892da6fc540fdca2032a0b73dcc3fbc908d10d11

SHA256
976455b4051810fb3f03f0197592ef325688b62860b7d63f1ce696aa3ffd3fce

SHA512
abd9ff202ba5ccdad415d9545fce44a8c583cfa0b540beec943e3017a0e305bda1bd22f9ad5aa12d3f7d68058ab921cfb773fb36838891669d8cd8bf968140f4

Download Submit
C:\Windows\system\SPSUSFL.exe

Filesize
6.0MB

MD5
bdc0e9160bf28924f7b3f304823112af

SHA1
110723fcb999f18801772a829006ace76c232989

SHA256
c072b74f87b19fad3e2dd160213cdfbc14fd2ac914d1c60e9b144ce7f462b939

SHA512
161132336653b7c362bf6610aed550f434a0353db728c6a7b221d40c351cf262bd95c9750c40215208ac642cea5fe5797395fabc2f0a3d6a68ad350c45996938

Download Submit
C:\Windows\system\TQshLAk.exe

Filesize
6.0MB

MD5
cc65704808f69159975906221c868488

SHA1
9b7f91a43ee3b974f34c50f3eb77be51831ec124

SHA256
20fe2464cfcb83cb53fe0db04f8ff2bc51560cc4ef44fa779f067d5fa19767ab

SHA512
20de8ee7c2e03fdccd2fea60d45dc0cd11f604a7b0588f78aca091b914e696d146f858921b8180c479a15c97b3447de587ad601500c1a3b32ecada4148069ea4

Download Submit
C:\Windows\system\TkfdYao.exe

Filesize
6.0MB

MD5
b7abdc8648b3732a9ef3a52e36649069

SHA1
58a04aa45c6c859c5226b05538de83a448731c4a

SHA256
374e098cd7bd57e7114fa45058eeb2b1345e148162f141c2321c94142151902f

SHA512
bb7220a7c97b1c055b404fed30524d4de750a860a83099e2cb5a60288933136342b10e45ffd9645b3a6d0cdcc05d7bc3fb9a3a5b76d2e859757f23b4d9307c68

Download Submit
C:\Windows\system\UlRuevN.exe

Filesize
6.0MB

MD5
377718cab7add32088b211d5efda45dd

SHA1
fc83264876a8b900f5c827c8a54bfd5f895931bb

SHA256
772509683e5f9e8528bc9420ae13922f4be8ee3551f78b8463fd0eb2429d48c4

SHA512
3ee4e7001fcaa560fced80f9b433722637db7907a5e01235b4e418677d33fa638b4d54dbebc998b8eff18b6743a3f9c0bbcc415bed90e8b12a5c2bf5a9d2a25d

Download Submit
C:\Windows\system\YEmoSix.exe

Filesize
6.0MB

MD5
1f56093809481c2446f7652586005444

SHA1
e06bab0dd8da520b0e49b62900eef6b5b9169405

SHA256
4372ebb6f8a8fc574e5b766ff50d6b63d4d0a08200421146a7d65546c2b702c6

SHA512
862f000547766e9b3e1b5be448f999a9f45a2090a6de01c3a085581d4c9be482cbe2d1c4fbca35c6c7393ce35b64d3f30a20764f66bf08804d26f65623c5de7d

Download Submit
C:\Windows\system\ZCsDRZM.exe

Filesize
6.0MB

MD5
d6df5548d31b0db72661c80ce43bb4da

SHA1
f6bac82d9cbf3ddc4924a8fda134ef9ef136202e

SHA256
4b7d2f4f6ae2699c28764526459dca8d0d0043bc4bd245d2caa395c7d36032c9

SHA512
ed578751029a18432fbe4e7ebc3b8dbbcebcfd27c9f781104250202e084c6bfd23b324d5e582ac66c36e1a432b026a5975289b04cd8f39de3122ce9eda04eeb7

Download Submit
C:\Windows\system\acZFBml.exe

Filesize
6.0MB

MD5
fad89611da1f8b23a6e2ee2f30dce5df

SHA1
4f2ce47726dfdc2d77e76d398ccab88a9c135329

SHA256
699d5daa2d9bfba6672bbd989364aa02c3cb029271c245186f7a0f070adc435c

SHA512
af1b8fc47b1f0374c7f442ff8f6218932ef50323e3dbe3f1785bb48056e53a2e38bcf9645266ba6f8b7eeeb3c52e0768d95a070bca63943ad4f878506715e9c4

Download Submit
C:\Windows\system\cpiitAP.exe

Filesize
6.0MB

MD5
4369d3c4bba5a40d92d87b3ceaa38b64

SHA1
5ce61f24c3cff63814723f05fe36178a2948d8c6

SHA256
ddee14449c1a024adebe6b6b290b5766e330a83a5b94b7562edd3554bccabfdd

SHA512
57b473513d910b575c8e2a5a38a96e5bec0412d9e99fcd6e9a024dfc6d0aab95539209014af58b6c8e4efbe955968155272d97e5c9f709fd0732ece8afef838b

Download Submit
C:\Windows\system\dOrEZUB.exe

Filesize
6.0MB

MD5
87994aa00e49cf333e826b7b085b1014

SHA1
60578847e9add02b63fbbd9322a108101ebe6665

SHA256
bd85379cd4b4a6350fbf82557a68807c061b53fc0eb74d207b89c061c66c8311

SHA512
66e5add1491fd285e672e37b4ff9f3403c46ebd6bf87e9d40b32e0f8f8031c205c45e677b23184779b55ab5b69be8dc5bbd8420dd503cc4401438538a02ada2d

Download Submit
C:\Windows\system\goJpqRq.exe

Filesize
6.0MB

MD5
584cdb55b57a31e89b2dfeae57b19880

SHA1
9ff246aa3816f0dd0be42b93de3037909f16b22f

SHA256
482920279df827f45b271ff79abce16fee2fbf8e584bd82615e4a25d378af7dd

SHA512
8599632e75fe5b1bd928b74c1e673cebb797b6ca0ebabeb6c02ab0314242aa84001d85d0bcca3d1f96c98e23c4b8e0969aa2af8f9d6ac64b498b90d29a7fba67

Download Submit
C:\Windows\system\hEovaUc.exe

Filesize
6.0MB

MD5
3de7919e30d5687bc1dcead38c5d598a

SHA1
be76828963cfaffd4d8615abcd4d982fcbb2f507

SHA256
574f152983dc7587ed231e2293b0a661aabcb1d7c99eb45fe8b21440241ef56e

SHA512
9d4dde8571a671a5fcf83d33d0b2bd39c7aa0f9573213afa8339526f1a10784fb6607a2138bea12187d7393ed86401d85a77b06acfc98274875d630f72b5c4f4

Download Submit
C:\Windows\system\hMceZJQ.exe

Filesize
6.0MB

MD5
85d13414f44f382fb2b7720e8cfad1fe

SHA1
968a3821ebfef88cfba5164c9872a000c9899f05

SHA256
774afe9cf26b2b24968b8dd8da97eaaba7257765490ecdcdfd703723bc32d1fa

SHA512
a0620d58ee122bd913150c2e572c5297ff588a0e3af6139637437ef65f21f179aeeb76e0466f4cc216912592ea2c8f510c9be7a3882c6347b7e84e2d2e398a2f

Download Submit
C:\Windows\system\iKFGHBd.exe

Filesize
6.0MB

MD5
48cc5abc4e9c5c40a108098a1d732dca

SHA1
786aecdb6f87f4958cf5c3047c45c1e12807787e

SHA256
eed4106f89566147bfedc83061dafe0e91a3922ca2466c2ab9efa2f90f5f1171

SHA512
2ca68783a40085fc760e09329d8f56a018a85fc9aeb99f562d33637acdfde90cf2fdb822f80a6955638e224e828a62dbeb568708e123a2d1c366e71ac37ad63b

Download Submit
C:\Windows\system\qsinmlx.exe

Filesize
6.0MB

MD5
9e38e364756cc42513cfb0d8aec29819

SHA1
5192e77d58d79b27d0a7a1a60b5fdcbda8de67a9

SHA256
333a373b416ec7d9ac42e0dda8d0bd30aa67e295d8a43026abb8e6abff07da32

SHA512
901b239cbc53003c680875942a942c3b73cb2c7b83c2ed1c009fa8371283f831a01186174d42690dd03498cd4d61f168c95f19524e9f027bdc2bc1db098c0d6d

Download Submit
C:\Windows\system\uqTSxOo.exe

Filesize
6.0MB

MD5
ae3d8d297e16043a9dc766a642f919e3

SHA1
133a9fbb0a5eda5ae1822b3491d461a20680416f

SHA256
2bacd5e1a4d36ad22ce9eba1a245296cb5835cec3b2aef046d906735d76abbc6

SHA512
3583fc86589859c3770d8d3a5059f1e8bd75e9b693e8dbf92a7c941a088ee829774874fc81ed3c90e36b13b7e8b7631934a42fda3bbf2bd4d5c7578004a89208

Download Submit
C:\Windows\system\vowBREq.exe

Filesize
6.0MB

MD5
a942141590090d840b7716ad63cb0d9e

SHA1
19c592e5b2185648e0d790c662d7d50e0ad21e9d

SHA256
5057d9779a190f3126503a83a57155c5c80aee9b7d47750a6dc5c08757d26f35

SHA512
67b96b26a17759fea0771456e4b198854dca3ddc49760a4684bdcc34a29e2dd27bdf55451602a071c1483181f5f4cdd7833ffecfd19fd4ec59e439d9268ae01d

Download Submit
C:\Windows\system\xheDStX.exe

Filesize
6.0MB

MD5
49a761f10dc38095d7ad2d4139c5ac6a

SHA1
af855f0982a6e0d63d6298c07282e54718842daa

SHA256
f06391415e981db2127a86d47c693540bcf9ca592c75e2efbd4ef7d3634415b2

SHA512
92fd31c5d93e6ed3fc659a380b433c53de0caef47b1309b86d421244fae46805428a70506f1798f81cfb5c0b0e79b3083ddf4ae072d3f5ec31e9d25edb340c6c

Download Submit
C:\Windows\system\yLqKzrj.exe

Filesize
6.0MB

MD5
12fba4c9a74003a7bebed4ec07d6ebe8

SHA1
763d5a4580bb53a686c4db78be8a71532becbf2a

SHA256
869371160d337686b16e0b3c191fd7b1fd294c8fdeff51efa1efe858c0465853

SHA512
f5cd848e4c5aa7f1d03aea2c6ea3156cdd829b17093daf5c25e7155e6da507d29e46098f9ba6d956ca0076185c85fafd86a7f9a4c9ae9d4ccd55ba1ea8458c4a

Download Submit
C:\Windows\system\zfmKVTI.exe

Filesize
6.0MB

MD5
fb4422572ab2610e258610344d845743

SHA1
df7309485f87cd1e5cc847f15ad798eb8a708677

SHA256
23851fee02942e47a144068dfeff6d28f1a8fb6b3efeea333e5bd9f28084b58b

SHA512
ceb05edcca3808cc1f858092c69a7931eb996c525a7292a0bbd0e205e478a8755286b2e0be5ef83bdeec12e6c8a4c33db435ee4f0f0ca08dbe817954b091107f

Download Submit
\Windows\system\GAPEEAE.exe

Filesize
6.0MB

MD5
287040a8e8ac4ea0f47e1f83d4cf6193

SHA1
1f50877dfa48e6378a09ee5521ca196044c1b09b

SHA256
3fd6ff419afae9d0980c30da4d97f4a7ad06f582984edb2fb9e0bf281733890a

SHA512
90b843da8cc321a06e559052a1b90296af8c200954f44cd22cfb127d19c981237618fd40821c2f00a2c5704e55f2c55a8c5c3a7640c0e9d1f703509bbbee5464

Download Submit
\Windows\system\RvUOvUb.exe

Filesize
6.0MB

MD5
ebab194b76daf979711ebe459955e115

SHA1
c932e91bc702db5e5d048d18da810ce0f3535010

SHA256
df5fa936d50928bc18d7d5c48bb52d8b1c84ae89887b1944e3b6f27e0d3f5a3c

SHA512
4ebb41fbf188fccdad53db162b7ff4bb5b462af91c00384addfcac7c118557f0fcadfdf62b01552707af19073c5ce14da5f4ce4f8c140095a6d054bc4abfabd2

Download Submit
\Windows\system\SAiibHc.exe

Filesize
6.0MB

MD5
d3df1057a9639aae38c15ee43774fee5

SHA1
9d1bf6f65af9e1f64e64a53f318184bcfa539a84

SHA256
c0b7ae95e88e4012cbbc4ccee7d32761f677818c67e9ecfb90af49c4b2b37f7d

SHA512
36cbe2b3f6bcf3dc3fb03d87482b7671942ba666a25fcc40d770ca867542391248a86fe76af0e99d68c6e44ca34584ed5f999724987d25be010deb55c3e45c0b

Download Submit
\Windows\system\UeMwmTF.exe

Filesize
6.0MB

MD5
296329eefa0d66b74d634e7fc5fa427e

SHA1
b02a4754e60e390c3b1a701502702d09f3f01172

SHA256
1be7a6a7dba900efa15dc01bc04f0714bf1ee89f3570eaf7997e4b9bc88058e7

SHA512
6a9f69b18c55d0cb856e0674960f5ec45cad77a3cef72e7150121fb940235024da28a1dafc9384badf1ee03c8df13571d1ca82455cf681d30fb0e967614093c4

Download Submit
\Windows\system\XeIbHRI.exe

Filesize
6.0MB

MD5
aa45db25a59947bc3ca57525fcb4cc32

SHA1
c56a10672272bbbaa3473199307691a71647ad2b

SHA256
4e7a39f894b3b1118492246bb18e6ff0c7cfdca9321703a0c0062eae2d96ab8c

SHA512
5f4340cc96da0dc1793bfe6ced731473266608fc5a5ec200c983c1186f0f32264b14d55765a0f4274eaeec657d386ead256145feb8fb3fdd346998da929e87ae

Download Submit
\Windows\system\dPBbxsn.exe

Filesize
6.0MB

MD5
191d364fb4b299746fba8b0b18cb611b

SHA1
c0a8032b903d1a71c61da65289d425d89a11f756

SHA256
19ea6531968f4a250167d55b806e878631deb70a84ae34383610aa4dceb60377

SHA512
b077e6603a1b702afb7843af07a6cab05055ea59f8d8f7f4bb41eb875e18d79d25897a545b43b5c426eb79c7f47f26edc958fb0cc6b9875ce1c8726630c36270

Download Submit
memory/1472-64-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1472-3351-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1472-34-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1928-56-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1928-1-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-75-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-113-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-36-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1928-32-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1928-23-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-7-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-44-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-101-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-100-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-47-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-43-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-92-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-84-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1003-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-110-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-70-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-625-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1928-61-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1928-720-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2028-3942-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-102-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-109-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2044-3963-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3326-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-25-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-106-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3949-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-22-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3313-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2480-3330-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-30-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-54-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3937-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-111-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-73-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3640-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2632-108-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2632-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3614-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-51-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-76-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-41-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3404-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2816-72-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3623-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-93-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3959-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2884-103-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3316-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-45-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-19-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download