cobaltstrike | 7b1d7b55a7f4be5a1c60ecb66602c644c940f34565c6bdcdd58350de608cdaaa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a2febd15fe8e66e16cf7f34b06f97196
SHA1

937d365004880da672d3ded13e2faae258636721
SHA256

7b1d7b55a7f4be5a1c60ecb66602c644c940f34565c6bdcdd58350de608cdaaa
SHA512

ef34e846494b27b9c19849e21609f35fddad3fe49276b14284dac52062bd4d00211759e211b0beb63647d220534d72a3dfff833f9573f39f0930a9eb90518319
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUa:T+q56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-37.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-46.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015d5c-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-108.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162b8-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2036-1-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/memory/2652-9-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d75-10.dat	xmrig
behavioral1/memory/2196-14-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d7f-12.dat	xmrig
behavioral1/memory/2516-21-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e25-30.dat	xmrig
behavioral1/memory/2632-34-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2688-32-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e47-28.dat	xmrig
behavioral1/files/0x0007000000015f1b-37.dat	xmrig
behavioral1/files/0x00080000000160ae-46.dat	xmrig
behavioral1/files/0x0034000000015d5c-60.dat	xmrig
behavioral1/memory/548-67-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-76.dat	xmrig
behavioral1/memory/2036-78-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2404-79-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2196-77-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1864-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2996-87-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-86.dat	xmrig
behavioral1/memory/2148-85-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-83.dat	xmrig
behavioral1/memory/2036-82-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2036-75-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-95.dat	xmrig
behavioral1/memory/1084-96-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2812-99-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-103.dat	xmrig
behavioral1/files/0x0005000000019346-128.dat	xmrig
behavioral1/files/0x00050000000193af-143.dat	xmrig
behavioral1/files/0x0005000000019494-168.dat	xmrig
behavioral1/files/0x00050000000194b4-178.dat	xmrig
behavioral1/files/0x00050000000194da-188.dat	xmrig
behavioral1/memory/2148-819-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2996-896-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2404-581-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-184.dat	xmrig
behavioral1/files/0x00050000000194a7-173.dat	xmrig
behavioral1/files/0x0005000000019408-163.dat	xmrig
behavioral1/files/0x00050000000193fa-158.dat	xmrig
behavioral1/files/0x00050000000193f8-154.dat	xmrig
behavioral1/files/0x00050000000193c9-148.dat	xmrig
behavioral1/files/0x0005000000019384-133.dat	xmrig
behavioral1/files/0x00050000000193a2-138.dat	xmrig
behavioral1/files/0x000500000001933e-123.dat	xmrig
behavioral1/files/0x000500000001932a-118.dat	xmrig
behavioral1/files/0x00050000000192f0-113.dat	xmrig
behavioral1/files/0x0005000000019273-108.dat	xmrig
behavioral1/memory/484-55-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00070000000162b8-59.dat	xmrig
behavioral1/memory/2244-54-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1084-53-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2036-50-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-44.dat	xmrig
behavioral1/memory/2036-43-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2196-4011-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2632-4017-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2688-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1084-4042-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/548-4048-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2996-4090-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2812-4091-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2652	vlXBBCI.exe
2196	BHSticM.exe
2516	qNJEOtL.exe
2688	uqAxKow.exe
2632	qIuLlss.exe
2244	jFQMvoh.exe
484	eIFUlva.exe
1084	WGJgfbS.exe
548	MScItRC.exe
1864	PsjTcEU.exe
2404	nXuvUel.exe
2148	JKFgXcc.exe
2996	tKQXcGf.exe
2812	taxHqel.exe
1968	kGgUlcY.exe
2508	PbnqOey.exe
568	rwSUzJg.exe
1164	weeYhjb.exe
1664	TWYXIbF.exe
1440	enKnHlP.exe
2248	urGVEJH.exe
1940	VJXibbe.exe
3028	DRRZVtI.exe
2096	qfEhyeW.exe
2008	OhBWPFv.exe
1484	qMYAmsB.exe
1588	AyobdxM.exe
1520	FPxmgfc.exe
2004	tncEMyv.exe
2552	NGTMiON.exe
1680	gONZWZn.exe
1360	FjajoDw.exe
1068	CqOgXel.exe
1808	NjLziwW.exe
1556	dVkuxMV.exe
1188	JNzGmoq.exe
772	RYlcsdj.exe
2160	SVxenou.exe
1052	FfEWfmq.exe
1712	IAEoguh.exe
2416	clrUNQx.exe
2564	tTCUlBB.exe
2072	nolVVsg.exe
2276	cWCUQpp.exe
1924	oSnusVQ.exe
2052	JfruKWS.exe
2264	RpImThc.exe
1100	lBcWyTD.exe
1028	iUCNrKC.exe
2772	eHgcZsP.exe
2540	RxlMxOA.exe
2904	eNggHXw.exe
2332	OqCWLbI.exe
2776	zjYbeZA.exe
2672	xgbKDyk.exe
2660	fbMaAra.exe
1764	eHBGpkA.exe
780	WrlMUmn.exe
2920	xAKMoZB.exe
2068	ubOfywN.exe
3056	LzsrMzt.exe
2936	vTwuqXt.exe
2076	aBOkSTU.exe
2640	TayIXek.exe

Loads dropped DLL 64 IoCs

pid	Process
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2036-1-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/memory/2652-9-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0008000000015d75-10.dat	upx
behavioral1/memory/2196-14-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0008000000015d7f-12.dat	upx
behavioral1/memory/2516-21-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0007000000015e25-30.dat	upx
behavioral1/memory/2632-34-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2688-32-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000015e47-28.dat	upx
behavioral1/files/0x0007000000015f1b-37.dat	upx
behavioral1/files/0x00080000000160ae-46.dat	upx
behavioral1/files/0x0034000000015d5c-60.dat	upx
behavioral1/memory/548-67-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0005000000019228-76.dat	upx
behavioral1/memory/2404-79-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2196-77-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1864-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2996-87-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019234-86.dat	upx
behavioral1/memory/2148-85-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x000500000001920f-83.dat	upx
behavioral1/files/0x0005000000019241-95.dat	upx
behavioral1/memory/1084-96-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2812-99-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000500000001925c-103.dat	upx
behavioral1/files/0x0005000000019346-128.dat	upx
behavioral1/files/0x00050000000193af-143.dat	upx
behavioral1/files/0x0005000000019494-168.dat	upx
behavioral1/files/0x00050000000194b4-178.dat	upx
behavioral1/files/0x00050000000194da-188.dat	upx
behavioral1/memory/2148-819-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2996-896-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2404-581-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-184.dat	upx
behavioral1/files/0x00050000000194a7-173.dat	upx
behavioral1/files/0x0005000000019408-163.dat	upx
behavioral1/files/0x00050000000193fa-158.dat	upx
behavioral1/files/0x00050000000193f8-154.dat	upx
behavioral1/files/0x00050000000193c9-148.dat	upx
behavioral1/files/0x0005000000019384-133.dat	upx
behavioral1/files/0x00050000000193a2-138.dat	upx
behavioral1/files/0x000500000001933e-123.dat	upx
behavioral1/files/0x000500000001932a-118.dat	upx
behavioral1/files/0x00050000000192f0-113.dat	upx
behavioral1/files/0x0005000000019273-108.dat	upx
behavioral1/memory/484-55-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00070000000162b8-59.dat	upx
behavioral1/memory/2244-54-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1084-53-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-44.dat	upx
behavioral1/memory/2036-43-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2196-4011-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2632-4017-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2688-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1084-4042-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/548-4048-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2996-4090-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2812-4091-0x000000013FE20000-0x0000000140174000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IEAhtUO.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbNxKBs.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzWDQTE.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhUABSy.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxuxZxz.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abUbmCt.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrmIkLG.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPWVGZh.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYlcsdj.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNvjHni.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVLUIIP.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJVViMW.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzikEOP.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsxytiF.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otTcjPo.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dClralV.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpZXUQb.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjoElFG.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRKidTl.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOaQgzw.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxuNUwC.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyfJnne.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycMyNfV.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtBZDub.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYqelgP.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtpAzhT.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEsoCjT.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeGvueD.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuWusJd.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmYEnQl.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBhHWUv.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANlFaAb.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjihoEY.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCzLhYs.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfEhyeW.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prYCZxE.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXegftg.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOzPtkx.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MScItRC.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWliIcv.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTvdpHq.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IazGpJr.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIujVhM.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAQTFIh.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqVVKwW.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiUyfVw.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHibPOi.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkmnYpE.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGPFyWt.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frwfmnz.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPYPTJu.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwSJhbU.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAXBpYB.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otaIXQR.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoXdYKZ.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNLXWFr.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaoZNjD.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfrPtFh.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgbKDyk.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WffTCkg.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkcEAyc.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrJzJFf.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXMNawK.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLnaoHC.exe	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2652	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 2652	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 2652	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2036 wrote to memory of 2196	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2196	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2196	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2036 wrote to memory of 2516	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2516	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2516	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2036 wrote to memory of 2632	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2632	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2632	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2036 wrote to memory of 2688	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2688	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2688	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2036 wrote to memory of 2244	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2244	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 2244	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2036 wrote to memory of 484	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 484	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 484	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2036 wrote to memory of 1084	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 1084	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 1084	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2036 wrote to memory of 548	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 548	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 548	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2036 wrote to memory of 1864	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 1864	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 1864	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2036 wrote to memory of 2148	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2148	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2148	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2036 wrote to memory of 2404	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2404	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2404	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2036 wrote to memory of 2996	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2996	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2996	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2036 wrote to memory of 2812	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 2812	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 2812	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2036 wrote to memory of 1968	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 1968	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 1968	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2036 wrote to memory of 2508	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2508	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 2508	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2036 wrote to memory of 568	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 568	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 568	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2036 wrote to memory of 1164	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1164	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1164	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2036 wrote to memory of 1664	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 1664	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 1664	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2036 wrote to memory of 1440	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 1440	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 1440	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2036 wrote to memory of 2248	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 2248	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 2248	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2036 wrote to memory of 1940	2036	2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_a2febd15fe8e66e16cf7f34b06f97196_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\System\vlXBBCI.exe
  C:\Windows\System\vlXBBCI.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BHSticM.exe
  C:\Windows\System\BHSticM.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\qNJEOtL.exe
  C:\Windows\System\qNJEOtL.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\qIuLlss.exe
  C:\Windows\System\qIuLlss.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\uqAxKow.exe
  C:\Windows\System\uqAxKow.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\jFQMvoh.exe
  C:\Windows\System\jFQMvoh.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\eIFUlva.exe
  C:\Windows\System\eIFUlva.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\WGJgfbS.exe
  C:\Windows\System\WGJgfbS.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MScItRC.exe
  C:\Windows\System\MScItRC.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\PsjTcEU.exe
  C:\Windows\System\PsjTcEU.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\JKFgXcc.exe
  C:\Windows\System\JKFgXcc.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\nXuvUel.exe
  C:\Windows\System\nXuvUel.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\tKQXcGf.exe
  C:\Windows\System\tKQXcGf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\taxHqel.exe
  C:\Windows\System\taxHqel.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\kGgUlcY.exe
  C:\Windows\System\kGgUlcY.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\PbnqOey.exe
  C:\Windows\System\PbnqOey.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\rwSUzJg.exe
  C:\Windows\System\rwSUzJg.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\weeYhjb.exe
  C:\Windows\System\weeYhjb.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\TWYXIbF.exe
  C:\Windows\System\TWYXIbF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\enKnHlP.exe
  C:\Windows\System\enKnHlP.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\urGVEJH.exe
  C:\Windows\System\urGVEJH.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\VJXibbe.exe
  C:\Windows\System\VJXibbe.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\DRRZVtI.exe
  C:\Windows\System\DRRZVtI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\qfEhyeW.exe
  C:\Windows\System\qfEhyeW.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\OhBWPFv.exe
  C:\Windows\System\OhBWPFv.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\qMYAmsB.exe
  C:\Windows\System\qMYAmsB.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\AyobdxM.exe
  C:\Windows\System\AyobdxM.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FPxmgfc.exe
  C:\Windows\System\FPxmgfc.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\tncEMyv.exe
  C:\Windows\System\tncEMyv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\NGTMiON.exe
  C:\Windows\System\NGTMiON.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\gONZWZn.exe
  C:\Windows\System\gONZWZn.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\FjajoDw.exe
  C:\Windows\System\FjajoDw.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\CqOgXel.exe
  C:\Windows\System\CqOgXel.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\NjLziwW.exe
  C:\Windows\System\NjLziwW.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\dVkuxMV.exe
  C:\Windows\System\dVkuxMV.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\JNzGmoq.exe
  C:\Windows\System\JNzGmoq.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\SVxenou.exe
  C:\Windows\System\SVxenou.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\RYlcsdj.exe
  C:\Windows\System\RYlcsdj.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\FfEWfmq.exe
  C:\Windows\System\FfEWfmq.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\IAEoguh.exe
  C:\Windows\System\IAEoguh.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\clrUNQx.exe
  C:\Windows\System\clrUNQx.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\tTCUlBB.exe
  C:\Windows\System\tTCUlBB.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\nolVVsg.exe
  C:\Windows\System\nolVVsg.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\cWCUQpp.exe
  C:\Windows\System\cWCUQpp.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\oSnusVQ.exe
  C:\Windows\System\oSnusVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\JfruKWS.exe
  C:\Windows\System\JfruKWS.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\RpImThc.exe
  C:\Windows\System\RpImThc.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lBcWyTD.exe
  C:\Windows\System\lBcWyTD.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\iUCNrKC.exe
  C:\Windows\System\iUCNrKC.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\eHgcZsP.exe
  C:\Windows\System\eHgcZsP.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RxlMxOA.exe
  C:\Windows\System\RxlMxOA.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\eNggHXw.exe
  C:\Windows\System\eNggHXw.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OqCWLbI.exe
  C:\Windows\System\OqCWLbI.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\zjYbeZA.exe
  C:\Windows\System\zjYbeZA.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\xgbKDyk.exe
  C:\Windows\System\xgbKDyk.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\fbMaAra.exe
  C:\Windows\System\fbMaAra.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\eHBGpkA.exe
  C:\Windows\System\eHBGpkA.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WrlMUmn.exe
  C:\Windows\System\WrlMUmn.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\xAKMoZB.exe
  C:\Windows\System\xAKMoZB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ubOfywN.exe
  C:\Windows\System\ubOfywN.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\LzsrMzt.exe
  C:\Windows\System\LzsrMzt.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\vTwuqXt.exe
  C:\Windows\System\vTwuqXt.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\aBOkSTU.exe
  C:\Windows\System\aBOkSTU.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\TayIXek.exe
  C:\Windows\System\TayIXek.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\GHoUWFa.exe
  C:\Windows\System\GHoUWFa.exe
  2⤵
  PID:692
- C:\Windows\System\nOvZsRI.exe
  C:\Windows\System\nOvZsRI.exe
  2⤵
  PID:2488
- C:\Windows\System\Bklnmgm.exe
  C:\Windows\System\Bklnmgm.exe
  2⤵
  PID:1060
- C:\Windows\System\ZGFZcXA.exe
  C:\Windows\System\ZGFZcXA.exe
  2⤵
  PID:1948
- C:\Windows\System\PRcBpsK.exe
  C:\Windows\System\PRcBpsK.exe
  2⤵
  PID:2960
- C:\Windows\System\gvkIScb.exe
  C:\Windows\System\gvkIScb.exe
  2⤵
  PID:1676
- C:\Windows\System\sNMYRIo.exe
  C:\Windows\System\sNMYRIo.exe
  2⤵
  PID:1768
- C:\Windows\System\KkLhVMd.exe
  C:\Windows\System\KkLhVMd.exe
  2⤵
  PID:2580
- C:\Windows\System\yLxmLXR.exe
  C:\Windows\System\yLxmLXR.exe
  2⤵
  PID:2144
- C:\Windows\System\xCZxpJK.exe
  C:\Windows\System\xCZxpJK.exe
  2⤵
  PID:1364
- C:\Windows\System\yBwljgZ.exe
  C:\Windows\System\yBwljgZ.exe
  2⤵
  PID:1720
- C:\Windows\System\JTXocVf.exe
  C:\Windows\System\JTXocVf.exe
  2⤵
  PID:1552
- C:\Windows\System\xkxPuKH.exe
  C:\Windows\System\xkxPuKH.exe
  2⤵
  PID:920
- C:\Windows\System\jusAwCT.exe
  C:\Windows\System\jusAwCT.exe
  2⤵
  PID:620
- C:\Windows\System\mUpSbzh.exe
  C:\Windows\System\mUpSbzh.exe
  2⤵
  PID:1544
- C:\Windows\System\TvyPSuZ.exe
  C:\Windows\System\TvyPSuZ.exe
  2⤵
  PID:2504
- C:\Windows\System\AnakLYO.exe
  C:\Windows\System\AnakLYO.exe
  2⤵
  PID:2432
- C:\Windows\System\kBfkWhA.exe
  C:\Windows\System\kBfkWhA.exe
  2⤵
  PID:2304
- C:\Windows\System\WwzJGcy.exe
  C:\Windows\System\WwzJGcy.exe
  2⤵
  PID:2888
- C:\Windows\System\FVDJrON.exe
  C:\Windows\System\FVDJrON.exe
  2⤵
  PID:916
- C:\Windows\System\otNYxfF.exe
  C:\Windows\System\otNYxfF.exe
  2⤵
  PID:1616
- C:\Windows\System\MASzFQQ.exe
  C:\Windows\System\MASzFQQ.exe
  2⤵
  PID:1612
- C:\Windows\System\FVoAEHf.exe
  C:\Windows\System\FVoAEHf.exe
  2⤵
  PID:2568
- C:\Windows\System\RqGLIOl.exe
  C:\Windows\System\RqGLIOl.exe
  2⤵
  PID:592
- C:\Windows\System\OkuKEEq.exe
  C:\Windows\System\OkuKEEq.exe
  2⤵
  PID:600
- C:\Windows\System\DrzzPlY.exe
  C:\Windows\System\DrzzPlY.exe
  2⤵
  PID:2012
- C:\Windows\System\gmImVZX.exe
  C:\Windows\System\gmImVZX.exe
  2⤵
  PID:2940
- C:\Windows\System\KluFQan.exe
  C:\Windows\System\KluFQan.exe
  2⤵
  PID:644
- C:\Windows\System\YYVYJwQ.exe
  C:\Windows\System\YYVYJwQ.exe
  2⤵
  PID:2116
- C:\Windows\System\VQrUcfM.exe
  C:\Windows\System\VQrUcfM.exe
  2⤵
  PID:2480
- C:\Windows\System\lxlknRE.exe
  C:\Windows\System\lxlknRE.exe
  2⤵
  PID:3032
- C:\Windows\System\XWbLSVO.exe
  C:\Windows\System\XWbLSVO.exe
  2⤵
  PID:2628
- C:\Windows\System\bhvEszB.exe
  C:\Windows\System\bhvEszB.exe
  2⤵
  PID:1648
- C:\Windows\System\Ssaqtfy.exe
  C:\Windows\System\Ssaqtfy.exe
  2⤵
  PID:1204
- C:\Windows\System\vXCUxTe.exe
  C:\Windows\System\vXCUxTe.exe
  2⤵
  PID:2500
- C:\Windows\System\SIOmsxE.exe
  C:\Windows\System\SIOmsxE.exe
  2⤵
  PID:908
- C:\Windows\System\csxeIlR.exe
  C:\Windows\System\csxeIlR.exe
  2⤵
  PID:2044
- C:\Windows\System\UvKkzUL.exe
  C:\Windows\System\UvKkzUL.exe
  2⤵
  PID:1744
- C:\Windows\System\rLpHckw.exe
  C:\Windows\System\rLpHckw.exe
  2⤵
  PID:1996
- C:\Windows\System\wdoQWqi.exe
  C:\Windows\System\wdoQWqi.exe
  2⤵
  PID:2908
- C:\Windows\System\ehjNAzM.exe
  C:\Windows\System\ehjNAzM.exe
  2⤵
  PID:2952
- C:\Windows\System\kqMuYrz.exe
  C:\Windows\System\kqMuYrz.exe
  2⤵
  PID:2948
- C:\Windows\System\ZjsbTJm.exe
  C:\Windows\System\ZjsbTJm.exe
  2⤵
  PID:1816
- C:\Windows\System\vxBTGPr.exe
  C:\Windows\System\vxBTGPr.exe
  2⤵
  PID:2060
- C:\Windows\System\oOagCUu.exe
  C:\Windows\System\oOagCUu.exe
  2⤵
  PID:768
- C:\Windows\System\nitjmCo.exe
  C:\Windows\System\nitjmCo.exe
  2⤵
  PID:2668
- C:\Windows\System\SwmFUqz.exe
  C:\Windows\System\SwmFUqz.exe
  2⤵
  PID:704
- C:\Windows\System\DlvrcEH.exe
  C:\Windows\System\DlvrcEH.exe
  2⤵
  PID:1348
- C:\Windows\System\KNvjHni.exe
  C:\Windows\System\KNvjHni.exe
  2⤵
  PID:2168
- C:\Windows\System\yUHyfSb.exe
  C:\Windows\System\yUHyfSb.exe
  2⤵
  PID:1784
- C:\Windows\System\kktMHtM.exe
  C:\Windows\System\kktMHtM.exe
  2⤵
  PID:2240
- C:\Windows\System\MLeAKbH.exe
  C:\Windows\System\MLeAKbH.exe
  2⤵
  PID:1792
- C:\Windows\System\BQdmyRS.exe
  C:\Windows\System\BQdmyRS.exe
  2⤵
  PID:1936
- C:\Windows\System\EgECcIt.exe
  C:\Windows\System\EgECcIt.exe
  2⤵
  PID:884
- C:\Windows\System\DXAdUMD.exe
  C:\Windows\System\DXAdUMD.exe
  2⤵
  PID:1916
- C:\Windows\System\tosepyj.exe
  C:\Windows\System\tosepyj.exe
  2⤵
  PID:3044
- C:\Windows\System\PphGIDX.exe
  C:\Windows\System\PphGIDX.exe
  2⤵
  PID:2120
- C:\Windows\System\dmrYXYr.exe
  C:\Windows\System\dmrYXYr.exe
  2⤵
  PID:1876
- C:\Windows\System\KwtLOGM.exe
  C:\Windows\System\KwtLOGM.exe
  2⤵
  PID:2140
- C:\Windows\System\QduWooY.exe
  C:\Windows\System\QduWooY.exe
  2⤵
  PID:2336
- C:\Windows\System\WLHOOYI.exe
  C:\Windows\System\WLHOOYI.exe
  2⤵
  PID:2224
- C:\Windows\System\gsHKekt.exe
  C:\Windows\System\gsHKekt.exe
  2⤵
  PID:1524
- C:\Windows\System\JKzVpti.exe
  C:\Windows\System\JKzVpti.exe
  2⤵
  PID:880
- C:\Windows\System\yhDwLom.exe
  C:\Windows\System\yhDwLom.exe
  2⤵
  PID:2380
- C:\Windows\System\yjSybID.exe
  C:\Windows\System\yjSybID.exe
  2⤵
  PID:3080
- C:\Windows\System\zZUeDfj.exe
  C:\Windows\System\zZUeDfj.exe
  2⤵
  PID:3096
- C:\Windows\System\bMlIzqG.exe
  C:\Windows\System\bMlIzqG.exe
  2⤵
  PID:3120
- C:\Windows\System\EeGvueD.exe
  C:\Windows\System\EeGvueD.exe
  2⤵
  PID:3140
- C:\Windows\System\mtomwWu.exe
  C:\Windows\System\mtomwWu.exe
  2⤵
  PID:3160
- C:\Windows\System\ZniyAOO.exe
  C:\Windows\System\ZniyAOO.exe
  2⤵
  PID:3180
- C:\Windows\System\jBQxfyO.exe
  C:\Windows\System\jBQxfyO.exe
  2⤵
  PID:3200
- C:\Windows\System\VfBgwPw.exe
  C:\Windows\System\VfBgwPw.exe
  2⤵
  PID:3216
- C:\Windows\System\UJoqjej.exe
  C:\Windows\System\UJoqjej.exe
  2⤵
  PID:3240
- C:\Windows\System\hBvMKwJ.exe
  C:\Windows\System\hBvMKwJ.exe
  2⤵
  PID:3256
- C:\Windows\System\VzWDQTE.exe
  C:\Windows\System\VzWDQTE.exe
  2⤵
  PID:3280
- C:\Windows\System\kGZTDzc.exe
  C:\Windows\System\kGZTDzc.exe
  2⤵
  PID:3296
- C:\Windows\System\RCStkjR.exe
  C:\Windows\System\RCStkjR.exe
  2⤵
  PID:3320
- C:\Windows\System\tXxwlhd.exe
  C:\Windows\System\tXxwlhd.exe
  2⤵
  PID:3340
- C:\Windows\System\VHofAOS.exe
  C:\Windows\System\VHofAOS.exe
  2⤵
  PID:3360
- C:\Windows\System\lbwAeYl.exe
  C:\Windows\System\lbwAeYl.exe
  2⤵
  PID:3380
- C:\Windows\System\npLkeLv.exe
  C:\Windows\System\npLkeLv.exe
  2⤵
  PID:3400
- C:\Windows\System\bMsBYyn.exe
  C:\Windows\System\bMsBYyn.exe
  2⤵
  PID:3420
- C:\Windows\System\BpkgcSJ.exe
  C:\Windows\System\BpkgcSJ.exe
  2⤵
  PID:3440
- C:\Windows\System\VUlqxEa.exe
  C:\Windows\System\VUlqxEa.exe
  2⤵
  PID:3460
- C:\Windows\System\NUcArKo.exe
  C:\Windows\System\NUcArKo.exe
  2⤵
  PID:3480
- C:\Windows\System\DKXvSBW.exe
  C:\Windows\System\DKXvSBW.exe
  2⤵
  PID:3504
- C:\Windows\System\LDEryOy.exe
  C:\Windows\System\LDEryOy.exe
  2⤵
  PID:3524
- C:\Windows\System\vUcdVEx.exe
  C:\Windows\System\vUcdVEx.exe
  2⤵
  PID:3540
- C:\Windows\System\PRZWcYZ.exe
  C:\Windows\System\PRZWcYZ.exe
  2⤵
  PID:3564
- C:\Windows\System\zbCLgEF.exe
  C:\Windows\System\zbCLgEF.exe
  2⤵
  PID:3584
- C:\Windows\System\LCnZifH.exe
  C:\Windows\System\LCnZifH.exe
  2⤵
  PID:3604
- C:\Windows\System\ZqFMGyp.exe
  C:\Windows\System\ZqFMGyp.exe
  2⤵
  PID:3624
- C:\Windows\System\Tyqeeku.exe
  C:\Windows\System\Tyqeeku.exe
  2⤵
  PID:3644
- C:\Windows\System\ekArdYL.exe
  C:\Windows\System\ekArdYL.exe
  2⤵
  PID:3664
- C:\Windows\System\WffTCkg.exe
  C:\Windows\System\WffTCkg.exe
  2⤵
  PID:3684
- C:\Windows\System\vNoQNQN.exe
  C:\Windows\System\vNoQNQN.exe
  2⤵
  PID:3700
- C:\Windows\System\CGWQUtU.exe
  C:\Windows\System\CGWQUtU.exe
  2⤵
  PID:3724
- C:\Windows\System\xZplQAL.exe
  C:\Windows\System\xZplQAL.exe
  2⤵
  PID:3740
- C:\Windows\System\wIUbnEt.exe
  C:\Windows\System\wIUbnEt.exe
  2⤵
  PID:3768
- C:\Windows\System\AhUABSy.exe
  C:\Windows\System\AhUABSy.exe
  2⤵
  PID:3784
- C:\Windows\System\YspAmcq.exe
  C:\Windows\System\YspAmcq.exe
  2⤵
  PID:3808
- C:\Windows\System\PMoNoHT.exe
  C:\Windows\System\PMoNoHT.exe
  2⤵
  PID:3828
- C:\Windows\System\rmcukaq.exe
  C:\Windows\System\rmcukaq.exe
  2⤵
  PID:3848
- C:\Windows\System\CWjBZcQ.exe
  C:\Windows\System\CWjBZcQ.exe
  2⤵
  PID:3868
- C:\Windows\System\cLEVyqx.exe
  C:\Windows\System\cLEVyqx.exe
  2⤵
  PID:3888
- C:\Windows\System\BAqBUcs.exe
  C:\Windows\System\BAqBUcs.exe
  2⤵
  PID:3908
- C:\Windows\System\GySRulF.exe
  C:\Windows\System\GySRulF.exe
  2⤵
  PID:3928
- C:\Windows\System\WebDWCE.exe
  C:\Windows\System\WebDWCE.exe
  2⤵
  PID:3948
- C:\Windows\System\nBNoBwv.exe
  C:\Windows\System\nBNoBwv.exe
  2⤵
  PID:3968
- C:\Windows\System\dilKUle.exe
  C:\Windows\System\dilKUle.exe
  2⤵
  PID:3984
- C:\Windows\System\HBJHXLF.exe
  C:\Windows\System\HBJHXLF.exe
  2⤵
  PID:4008
- C:\Windows\System\KpQBfaA.exe
  C:\Windows\System\KpQBfaA.exe
  2⤵
  PID:4024
- C:\Windows\System\PLBoRcB.exe
  C:\Windows\System\PLBoRcB.exe
  2⤵
  PID:4048
- C:\Windows\System\AtWimat.exe
  C:\Windows\System\AtWimat.exe
  2⤵
  PID:4068
- C:\Windows\System\hAJtxju.exe
  C:\Windows\System\hAJtxju.exe
  2⤵
  PID:4088
- C:\Windows\System\CUhWTaq.exe
  C:\Windows\System\CUhWTaq.exe
  2⤵
  PID:1880
- C:\Windows\System\rzLzqan.exe
  C:\Windows\System\rzLzqan.exe
  2⤵
  PID:1872
- C:\Windows\System\OOaUcIV.exe
  C:\Windows\System\OOaUcIV.exe
  2⤵
  PID:1096
- C:\Windows\System\VIATjPR.exe
  C:\Windows\System\VIATjPR.exe
  2⤵
  PID:3104
- C:\Windows\System\eAXzcny.exe
  C:\Windows\System\eAXzcny.exe
  2⤵
  PID:3156
- C:\Windows\System\klvVWna.exe
  C:\Windows\System\klvVWna.exe
  2⤵
  PID:3136
- C:\Windows\System\mSKgzop.exe
  C:\Windows\System\mSKgzop.exe
  2⤵
  PID:3224
- C:\Windows\System\uEMzBuW.exe
  C:\Windows\System\uEMzBuW.exe
  2⤵
  PID:3236
- C:\Windows\System\XBsHIky.exe
  C:\Windows\System\XBsHIky.exe
  2⤵
  PID:3268
- C:\Windows\System\LHmnTfh.exe
  C:\Windows\System\LHmnTfh.exe
  2⤵
  PID:3304
- C:\Windows\System\hDnIYJr.exe
  C:\Windows\System\hDnIYJr.exe
  2⤵
  PID:3308
- C:\Windows\System\EoetcqI.exe
  C:\Windows\System\EoetcqI.exe
  2⤵
  PID:3336
- C:\Windows\System\AAzaowb.exe
  C:\Windows\System\AAzaowb.exe
  2⤵
  PID:3392
- C:\Windows\System\HJpPiQw.exe
  C:\Windows\System\HJpPiQw.exe
  2⤵
  PID:3408
- C:\Windows\System\CsZoXPD.exe
  C:\Windows\System\CsZoXPD.exe
  2⤵
  PID:588
- C:\Windows\System\jbNScfM.exe
  C:\Windows\System\jbNScfM.exe
  2⤵
  PID:3456
- C:\Windows\System\RhgHeGz.exe
  C:\Windows\System\RhgHeGz.exe
  2⤵
  PID:3492
- C:\Windows\System\bJsAJKg.exe
  C:\Windows\System\bJsAJKg.exe
  2⤵
  PID:3560
- C:\Windows\System\vJtwxXU.exe
  C:\Windows\System\vJtwxXU.exe
  2⤵
  PID:3592
- C:\Windows\System\nOaQgzw.exe
  C:\Windows\System\nOaQgzw.exe
  2⤵
  PID:936
- C:\Windows\System\PiijHBy.exe
  C:\Windows\System\PiijHBy.exe
  2⤵
  PID:3612
- C:\Windows\System\WiUyfVw.exe
  C:\Windows\System\WiUyfVw.exe
  2⤵
  PID:3676
- C:\Windows\System\MIEwEGC.exe
  C:\Windows\System\MIEwEGC.exe
  2⤵
  PID:3716
- C:\Windows\System\HOcStMp.exe
  C:\Windows\System\HOcStMp.exe
  2⤵
  PID:3760
- C:\Windows\System\AaSiZmm.exe
  C:\Windows\System\AaSiZmm.exe
  2⤵
  PID:3736
- C:\Windows\System\jIDPfbI.exe
  C:\Windows\System\jIDPfbI.exe
  2⤵
  PID:3776
- C:\Windows\System\jvMDBxn.exe
  C:\Windows\System\jvMDBxn.exe
  2⤵
  PID:3824
- C:\Windows\System\sWMWzyO.exe
  C:\Windows\System\sWMWzyO.exe
  2⤵
  PID:3880
- C:\Windows\System\GHlTjMz.exe
  C:\Windows\System\GHlTjMz.exe
  2⤵
  PID:3924
- C:\Windows\System\CArnYDU.exe
  C:\Windows\System\CArnYDU.exe
  2⤵
  PID:3904
- C:\Windows\System\RbovLJk.exe
  C:\Windows\System\RbovLJk.exe
  2⤵
  PID:3960
- C:\Windows\System\iLWMSjp.exe
  C:\Windows\System\iLWMSjp.exe
  2⤵
  PID:3996
- C:\Windows\System\eeleddj.exe
  C:\Windows\System\eeleddj.exe
  2⤵
  PID:3980
- C:\Windows\System\MCPOVQW.exe
  C:\Windows\System\MCPOVQW.exe
  2⤵
  PID:4016
- C:\Windows\System\ndSnFDo.exe
  C:\Windows\System\ndSnFDo.exe
  2⤵
  PID:4084
- C:\Windows\System\ObGRLEU.exe
  C:\Windows\System\ObGRLEU.exe
  2⤵
  PID:3036
- C:\Windows\System\PzZtAsv.exe
  C:\Windows\System\PzZtAsv.exe
  2⤵
  PID:2992
- C:\Windows\System\VZykTsw.exe
  C:\Windows\System\VZykTsw.exe
  2⤵
  PID:2616
- C:\Windows\System\iTkArxT.exe
  C:\Windows\System\iTkArxT.exe
  2⤵
  PID:3148
- C:\Windows\System\hKdpgzd.exe
  C:\Windows\System\hKdpgzd.exe
  2⤵
  PID:3192
- C:\Windows\System\XNyNHdc.exe
  C:\Windows\System\XNyNHdc.exe
  2⤵
  PID:3272
- C:\Windows\System\UoXdYKZ.exe
  C:\Windows\System\UoXdYKZ.exe
  2⤵
  PID:3248
- C:\Windows\System\cCQpwJe.exe
  C:\Windows\System\cCQpwJe.exe
  2⤵
  PID:3292
- C:\Windows\System\Hizknrc.exe
  C:\Windows\System\Hizknrc.exe
  2⤵
  PID:3376
- C:\Windows\System\KIJysZP.exe
  C:\Windows\System\KIJysZP.exe
  2⤵
  PID:2752
- C:\Windows\System\xZzuKer.exe
  C:\Windows\System\xZzuKer.exe
  2⤵
  PID:3432
- C:\Windows\System\QuvyAcS.exe
  C:\Windows\System\QuvyAcS.exe
  2⤵
  PID:3548
- C:\Windows\System\LSpXETa.exe
  C:\Windows\System\LSpXETa.exe
  2⤵
  PID:3536
- C:\Windows\System\jJLDoQP.exe
  C:\Windows\System\jJLDoQP.exe
  2⤵
  PID:3680
- C:\Windows\System\XLkLgxE.exe
  C:\Windows\System\XLkLgxE.exe
  2⤵
  PID:3712
- C:\Windows\System\TjFQQGT.exe
  C:\Windows\System\TjFQQGT.exe
  2⤵
  PID:3660
- C:\Windows\System\bCRlajn.exe
  C:\Windows\System\bCRlajn.exe
  2⤵
  PID:580
- C:\Windows\System\bmKXZtA.exe
  C:\Windows\System\bmKXZtA.exe
  2⤵
  PID:3884
- C:\Windows\System\HXDFeNj.exe
  C:\Windows\System\HXDFeNj.exe
  2⤵
  PID:3896
- C:\Windows\System\VrPacqd.exe
  C:\Windows\System\VrPacqd.exe
  2⤵
  PID:4004
- C:\Windows\System\NpLFyzz.exe
  C:\Windows\System\NpLFyzz.exe
  2⤵
  PID:2944
- C:\Windows\System\eqeJNpF.exe
  C:\Windows\System\eqeJNpF.exe
  2⤵
  PID:3940
- C:\Windows\System\BdblwvV.exe
  C:\Windows\System\BdblwvV.exe
  2⤵
  PID:4060
- C:\Windows\System\oVDRllQ.exe
  C:\Windows\System\oVDRllQ.exe
  2⤵
  PID:2928
- C:\Windows\System\NEXFeRv.exe
  C:\Windows\System\NEXFeRv.exe
  2⤵
  PID:2988
- C:\Windows\System\pFeBPvG.exe
  C:\Windows\System\pFeBPvG.exe
  2⤵
  PID:3128
- C:\Windows\System\EAFBCan.exe
  C:\Windows\System\EAFBCan.exe
  2⤵
  PID:3176
- C:\Windows\System\BycjpIE.exe
  C:\Windows\System\BycjpIE.exe
  2⤵
  PID:3372
- C:\Windows\System\aLMcsTl.exe
  C:\Windows\System\aLMcsTl.exe
  2⤵
  PID:2780
- C:\Windows\System\lfJYHJR.exe
  C:\Windows\System\lfJYHJR.exe
  2⤵
  PID:3572
- C:\Windows\System\QWuJvRl.exe
  C:\Windows\System\QWuJvRl.exe
  2⤵
  PID:3060
- C:\Windows\System\wTWFOfh.exe
  C:\Windows\System\wTWFOfh.exe
  2⤵
  PID:3632
- C:\Windows\System\ZXlJRyP.exe
  C:\Windows\System\ZXlJRyP.exe
  2⤵
  PID:3732
- C:\Windows\System\GRCmGGv.exe
  C:\Windows\System\GRCmGGv.exe
  2⤵
  PID:3796
- C:\Windows\System\GwufWDI.exe
  C:\Windows\System\GwufWDI.exe
  2⤵
  PID:2088
- C:\Windows\System\KWcmXmU.exe
  C:\Windows\System\KWcmXmU.exe
  2⤵
  PID:2132
- C:\Windows\System\BYrwNTc.exe
  C:\Windows\System\BYrwNTc.exe
  2⤵
  PID:3864
- C:\Windows\System\unzwKjh.exe
  C:\Windows\System\unzwKjh.exe
  2⤵
  PID:2080
- C:\Windows\System\vzpgqpj.exe
  C:\Windows\System\vzpgqpj.exe
  2⤵
  PID:1652
- C:\Windows\System\TlRypmO.exe
  C:\Windows\System\TlRypmO.exe
  2⤵
  PID:3208
- C:\Windows\System\chmktwK.exe
  C:\Windows\System\chmktwK.exe
  2⤵
  PID:2560
- C:\Windows\System\sbghOvF.exe
  C:\Windows\System\sbghOvF.exe
  2⤵
  PID:3188
- C:\Windows\System\IOfvETs.exe
  C:\Windows\System\IOfvETs.exe
  2⤵
  PID:3436
- C:\Windows\System\DTFvHyB.exe
  C:\Windows\System\DTFvHyB.exe
  2⤵
  PID:3520
- C:\Windows\System\mfAkaVI.exe
  C:\Windows\System\mfAkaVI.exe
  2⤵
  PID:3800
- C:\Windows\System\SpETURJ.exe
  C:\Windows\System\SpETURJ.exe
  2⤵
  PID:3640
- C:\Windows\System\bsfbNtH.exe
  C:\Windows\System\bsfbNtH.exe
  2⤵
  PID:1804
- C:\Windows\System\dpuUdAx.exe
  C:\Windows\System\dpuUdAx.exe
  2⤵
  PID:2620
- C:\Windows\System\zehmoJx.exe
  C:\Windows\System\zehmoJx.exe
  2⤵
  PID:3836
- C:\Windows\System\PQrgfoN.exe
  C:\Windows\System\PQrgfoN.exe
  2⤵
  PID:2600
- C:\Windows\System\JxuNUwC.exe
  C:\Windows\System\JxuNUwC.exe
  2⤵
  PID:3976
- C:\Windows\System\GPNUnxV.exe
  C:\Windows\System\GPNUnxV.exe
  2⤵
  PID:4056
- C:\Windows\System\XxpaPGX.exe
  C:\Windows\System\XxpaPGX.exe
  2⤵
  PID:4064
- C:\Windows\System\oZsDhFD.exe
  C:\Windows\System\oZsDhFD.exe
  2⤵
  PID:3368
- C:\Windows\System\MyfDPRx.exe
  C:\Windows\System\MyfDPRx.exe
  2⤵
  PID:3352
- C:\Windows\System\XwUtoJE.exe
  C:\Windows\System\XwUtoJE.exe
  2⤵
  PID:2860
- C:\Windows\System\IeKRYZF.exe
  C:\Windows\System\IeKRYZF.exe
  2⤵
  PID:2648
- C:\Windows\System\Cjizdmu.exe
  C:\Windows\System\Cjizdmu.exe
  2⤵
  PID:536
- C:\Windows\System\RKkdMSM.exe
  C:\Windows\System\RKkdMSM.exe
  2⤵
  PID:3412
- C:\Windows\System\JqoTnWa.exe
  C:\Windows\System\JqoTnWa.exe
  2⤵
  PID:3708
- C:\Windows\System\dJTlSaz.exe
  C:\Windows\System\dJTlSaz.exe
  2⤵
  PID:4100
- C:\Windows\System\PCONNzM.exe
  C:\Windows\System\PCONNzM.exe
  2⤵
  PID:4204
- C:\Windows\System\udJkAEU.exe
  C:\Windows\System\udJkAEU.exe
  2⤵
  PID:4228
- C:\Windows\System\MLixbIC.exe
  C:\Windows\System\MLixbIC.exe
  2⤵
  PID:4248
- C:\Windows\System\thOCezu.exe
  C:\Windows\System\thOCezu.exe
  2⤵
  PID:4268
- C:\Windows\System\GKOSrWK.exe
  C:\Windows\System\GKOSrWK.exe
  2⤵
  PID:4284
- C:\Windows\System\rWQqlwK.exe
  C:\Windows\System\rWQqlwK.exe
  2⤵
  PID:4308
- C:\Windows\System\jfFuVQT.exe
  C:\Windows\System\jfFuVQT.exe
  2⤵
  PID:4328
- C:\Windows\System\BaUvGJI.exe
  C:\Windows\System\BaUvGJI.exe
  2⤵
  PID:4348
- C:\Windows\System\jaoafth.exe
  C:\Windows\System\jaoafth.exe
  2⤵
  PID:4372
- C:\Windows\System\PyfJnne.exe
  C:\Windows\System\PyfJnne.exe
  2⤵
  PID:4392
- C:\Windows\System\XaEeyOk.exe
  C:\Windows\System\XaEeyOk.exe
  2⤵
  PID:4408
- C:\Windows\System\CAYNATA.exe
  C:\Windows\System\CAYNATA.exe
  2⤵
  PID:4432
- C:\Windows\System\vjRNwhF.exe
  C:\Windows\System\vjRNwhF.exe
  2⤵
  PID:4452
- C:\Windows\System\dndQvXV.exe
  C:\Windows\System\dndQvXV.exe
  2⤵
  PID:4472
- C:\Windows\System\QHFzFCe.exe
  C:\Windows\System\QHFzFCe.exe
  2⤵
  PID:4492
- C:\Windows\System\qMWtjAh.exe
  C:\Windows\System\qMWtjAh.exe
  2⤵
  PID:4508
- C:\Windows\System\qyEYier.exe
  C:\Windows\System\qyEYier.exe
  2⤵
  PID:4524
- C:\Windows\System\kbnSDhN.exe
  C:\Windows\System\kbnSDhN.exe
  2⤵
  PID:4556
- C:\Windows\System\kUuSvBW.exe
  C:\Windows\System\kUuSvBW.exe
  2⤵
  PID:4572
- C:\Windows\System\HtznDlo.exe
  C:\Windows\System\HtznDlo.exe
  2⤵
  PID:4596
- C:\Windows\System\WbRepTu.exe
  C:\Windows\System\WbRepTu.exe
  2⤵
  PID:4616
- C:\Windows\System\GwQLZQA.exe
  C:\Windows\System\GwQLZQA.exe
  2⤵
  PID:4632
- C:\Windows\System\MqzvZPd.exe
  C:\Windows\System\MqzvZPd.exe
  2⤵
  PID:4648
- C:\Windows\System\DcldezK.exe
  C:\Windows\System\DcldezK.exe
  2⤵
  PID:4664
- C:\Windows\System\fbjSOLq.exe
  C:\Windows\System\fbjSOLq.exe
  2⤵
  PID:4680
- C:\Windows\System\daKoQso.exe
  C:\Windows\System\daKoQso.exe
  2⤵
  PID:4700
- C:\Windows\System\kmuzJOB.exe
  C:\Windows\System\kmuzJOB.exe
  2⤵
  PID:4720
- C:\Windows\System\HuVpTTx.exe
  C:\Windows\System\HuVpTTx.exe
  2⤵
  PID:4736
- C:\Windows\System\yJXlHKO.exe
  C:\Windows\System\yJXlHKO.exe
  2⤵
  PID:4752
- C:\Windows\System\SvbsmfC.exe
  C:\Windows\System\SvbsmfC.exe
  2⤵
  PID:4768
- C:\Windows\System\kzKYxYx.exe
  C:\Windows\System\kzKYxYx.exe
  2⤵
  PID:4800
- C:\Windows\System\VXTTnEO.exe
  C:\Windows\System\VXTTnEO.exe
  2⤵
  PID:4832
- C:\Windows\System\oAzFGFw.exe
  C:\Windows\System\oAzFGFw.exe
  2⤵
  PID:4848
- C:\Windows\System\HFrMQio.exe
  C:\Windows\System\HFrMQio.exe
  2⤵
  PID:4876
- C:\Windows\System\baDtsCE.exe
  C:\Windows\System\baDtsCE.exe
  2⤵
  PID:4900
- C:\Windows\System\IMrhiJB.exe
  C:\Windows\System\IMrhiJB.exe
  2⤵
  PID:4928
- C:\Windows\System\suNxurh.exe
  C:\Windows\System\suNxurh.exe
  2⤵
  PID:4948
- C:\Windows\System\lcERonK.exe
  C:\Windows\System\lcERonK.exe
  2⤵
  PID:4968
- C:\Windows\System\cqFtACJ.exe
  C:\Windows\System\cqFtACJ.exe
  2⤵
  PID:4984
- C:\Windows\System\PsxytiF.exe
  C:\Windows\System\PsxytiF.exe
  2⤵
  PID:5008
- C:\Windows\System\ezVwvja.exe
  C:\Windows\System\ezVwvja.exe
  2⤵
  PID:5024
- C:\Windows\System\ujnSpkj.exe
  C:\Windows\System\ujnSpkj.exe
  2⤵
  PID:5048
- C:\Windows\System\OkxWUnI.exe
  C:\Windows\System\OkxWUnI.exe
  2⤵
  PID:5068
- C:\Windows\System\MQATgto.exe
  C:\Windows\System\MQATgto.exe
  2⤵
  PID:5084
- C:\Windows\System\riEsMws.exe
  C:\Windows\System\riEsMws.exe
  2⤵
  PID:5100
- C:\Windows\System\aQGSgGd.exe
  C:\Windows\System\aQGSgGd.exe
  2⤵
  PID:3844
- C:\Windows\System\vCpLYfA.exe
  C:\Windows\System\vCpLYfA.exe
  2⤵
  PID:2728
- C:\Windows\System\DDPExtN.exe
  C:\Windows\System\DDPExtN.exe
  2⤵
  PID:3448
- C:\Windows\System\XsixGxM.exe
  C:\Windows\System\XsixGxM.exe
  2⤵
  PID:4120
- C:\Windows\System\GMioTNc.exe
  C:\Windows\System\GMioTNc.exe
  2⤵
  PID:4140
- C:\Windows\System\UDFMfND.exe
  C:\Windows\System\UDFMfND.exe
  2⤵
  PID:4156
- C:\Windows\System\Mkezyrx.exe
  C:\Windows\System\Mkezyrx.exe
  2⤵
  PID:4256
- C:\Windows\System\mXsFEeB.exe
  C:\Windows\System\mXsFEeB.exe
  2⤵
  PID:4176
- C:\Windows\System\RWdXBUO.exe
  C:\Windows\System\RWdXBUO.exe
  2⤵
  PID:4192
- C:\Windows\System\aOqPSzZ.exe
  C:\Windows\System\aOqPSzZ.exe
  2⤵
  PID:4244
- C:\Windows\System\joqzSzT.exe
  C:\Windows\System\joqzSzT.exe
  2⤵
  PID:4296
- C:\Windows\System\BVLUIIP.exe
  C:\Windows\System\BVLUIIP.exe
  2⤵
  PID:2128
- C:\Windows\System\HoHIrNH.exe
  C:\Windows\System\HoHIrNH.exe
  2⤵
  PID:4320
- C:\Windows\System\LIWrxGt.exe
  C:\Windows\System\LIWrxGt.exe
  2⤵
  PID:4364
- C:\Windows\System\lcRDJZN.exe
  C:\Windows\System\lcRDJZN.exe
  2⤵
  PID:4416
- C:\Windows\System\Zfnoceb.exe
  C:\Windows\System\Zfnoceb.exe
  2⤵
  PID:4460
- C:\Windows\System\VCWSvlw.exe
  C:\Windows\System\VCWSvlw.exe
  2⤵
  PID:4504
- C:\Windows\System\ARIPLKq.exe
  C:\Windows\System\ARIPLKq.exe
  2⤵
  PID:1972
- C:\Windows\System\jXsHxPj.exe
  C:\Windows\System\jXsHxPj.exe
  2⤵
  PID:4488
- C:\Windows\System\dZlgHhd.exe
  C:\Windows\System\dZlgHhd.exe
  2⤵
  PID:4580
- C:\Windows\System\fYOAfaN.exe
  C:\Windows\System\fYOAfaN.exe
  2⤵
  PID:896
- C:\Windows\System\ZfkfAZn.exe
  C:\Windows\System\ZfkfAZn.exe
  2⤵
  PID:4728
- C:\Windows\System\NNwOwmQ.exe
  C:\Windows\System\NNwOwmQ.exe
  2⤵
  PID:4744
- C:\Windows\System\DRTkvKD.exe
  C:\Windows\System\DRTkvKD.exe
  2⤵
  PID:4776
- C:\Windows\System\OygDBtU.exe
  C:\Windows\System\OygDBtU.exe
  2⤵
  PID:4708
- C:\Windows\System\PnTqJxN.exe
  C:\Windows\System\PnTqJxN.exe
  2⤵
  PID:4784
- C:\Windows\System\veCVIqC.exe
  C:\Windows\System\veCVIqC.exe
  2⤵
  PID:4808
- C:\Windows\System\npsxqJv.exe
  C:\Windows\System\npsxqJv.exe
  2⤵
  PID:4816
- C:\Windows\System\VoTWDxp.exe
  C:\Windows\System\VoTWDxp.exe
  2⤵
  PID:4856
- C:\Windows\System\uhfSfjq.exe
  C:\Windows\System\uhfSfjq.exe
  2⤵
  PID:4860
- C:\Windows\System\scrJnHr.exe
  C:\Windows\System\scrJnHr.exe
  2⤵
  PID:4896
- C:\Windows\System\TTxKhHm.exe
  C:\Windows\System\TTxKhHm.exe
  2⤵
  PID:1288
- C:\Windows\System\tqNBXdf.exe
  C:\Windows\System\tqNBXdf.exe
  2⤵
  PID:4940
- C:\Windows\System\ogTGmZR.exe
  C:\Windows\System\ogTGmZR.exe
  2⤵
  PID:4976
- C:\Windows\System\ribjyop.exe
  C:\Windows\System\ribjyop.exe
  2⤵
  PID:4980
- C:\Windows\System\uCysjHT.exe
  C:\Windows\System\uCysjHT.exe
  2⤵
  PID:5016
- C:\Windows\System\JHibPOi.exe
  C:\Windows\System\JHibPOi.exe
  2⤵
  PID:5040
- C:\Windows\System\WjCnYph.exe
  C:\Windows\System\WjCnYph.exe
  2⤵
  PID:5080
- C:\Windows\System\AuTwSvU.exe
  C:\Windows\System\AuTwSvU.exe
  2⤵
  PID:3964
- C:\Windows\System\tgcqesO.exe
  C:\Windows\System\tgcqesO.exe
  2⤵
  PID:4116
- C:\Windows\System\OdCJvfF.exe
  C:\Windows\System\OdCJvfF.exe
  2⤵
  PID:4224
- C:\Windows\System\mdQuzeK.exe
  C:\Windows\System\mdQuzeK.exe
  2⤵
  PID:4132
- C:\Windows\System\rPpffJq.exe
  C:\Windows\System\rPpffJq.exe
  2⤵
  PID:4172
- C:\Windows\System\cDZKWHL.exe
  C:\Windows\System\cDZKWHL.exe
  2⤵
  PID:1500
- C:\Windows\System\QObjwru.exe
  C:\Windows\System\QObjwru.exe
  2⤵
  PID:820
- C:\Windows\System\sInwzSF.exe
  C:\Windows\System\sInwzSF.exe
  2⤵
  PID:4316
- C:\Windows\System\uJVViMW.exe
  C:\Windows\System\uJVViMW.exe
  2⤵
  PID:2956
- C:\Windows\System\GdnbcgA.exe
  C:\Windows\System\GdnbcgA.exe
  2⤵
  PID:4500
- C:\Windows\System\kkmnYpE.exe
  C:\Windows\System\kkmnYpE.exe
  2⤵
  PID:4536
- C:\Windows\System\KMPvFDn.exe
  C:\Windows\System\KMPvFDn.exe
  2⤵
  PID:1268
- C:\Windows\System\SbuUsgB.exe
  C:\Windows\System\SbuUsgB.exe
  2⤵
  PID:4424
- C:\Windows\System\kzTBbJe.exe
  C:\Windows\System\kzTBbJe.exe
  2⤵
  PID:4568
- C:\Windows\System\dgBsqxq.exe
  C:\Windows\System\dgBsqxq.exe
  2⤵
  PID:4532
- C:\Windows\System\WzikEOP.exe
  C:\Windows\System\WzikEOP.exe
  2⤵
  PID:4660
- C:\Windows\System\JcXVtMO.exe
  C:\Windows\System\JcXVtMO.exe
  2⤵
  PID:4716
- C:\Windows\System\NHrRySR.exe
  C:\Windows\System\NHrRySR.exe
  2⤵
  PID:4888
- C:\Windows\System\kPOBGkE.exe
  C:\Windows\System\kPOBGkE.exe
  2⤵
  PID:4640
- C:\Windows\System\eCqpqNf.exe
  C:\Windows\System\eCqpqNf.exe
  2⤵
  PID:4936
- C:\Windows\System\bIzlaYv.exe
  C:\Windows\System\bIzlaYv.exe
  2⤵
  PID:2448
- C:\Windows\System\uNHIHTU.exe
  C:\Windows\System\uNHIHTU.exe
  2⤵
  PID:4868
- C:\Windows\System\UfcCQeh.exe
  C:\Windows\System\UfcCQeh.exe
  2⤵
  PID:5056
- C:\Windows\System\dJqSmtx.exe
  C:\Windows\System\dJqSmtx.exe
  2⤵
  PID:4076
- C:\Windows\System\alUMPPl.exe
  C:\Windows\System\alUMPPl.exe
  2⤵
  PID:4956
- C:\Windows\System\oBzZXSy.exe
  C:\Windows\System\oBzZXSy.exe
  2⤵
  PID:4368
- C:\Windows\System\RhHBPyM.exe
  C:\Windows\System\RhHBPyM.exe
  2⤵
  PID:5116
- C:\Windows\System\eakgyKF.exe
  C:\Windows\System\eakgyKF.exe
  2⤵
  PID:1308
- C:\Windows\System\XjihoEY.exe
  C:\Windows\System\XjihoEY.exe
  2⤵
  PID:4184
- C:\Windows\System\eRtfpxS.exe
  C:\Windows\System\eRtfpxS.exe
  2⤵
  PID:4200
- C:\Windows\System\YEgdtgb.exe
  C:\Windows\System\YEgdtgb.exe
  2⤵
  PID:4236
- C:\Windows\System\gMdfXnv.exe
  C:\Windows\System\gMdfXnv.exe
  2⤵
  PID:4548
- C:\Windows\System\FgJcPxt.exe
  C:\Windows\System\FgJcPxt.exe
  2⤵
  PID:4384
- C:\Windows\System\juAodar.exe
  C:\Windows\System\juAodar.exe
  2⤵
  PID:784
- C:\Windows\System\uFzokDr.exe
  C:\Windows\System\uFzokDr.exe
  2⤵
  PID:4760
- C:\Windows\System\Ydaeuvf.exe
  C:\Windows\System\Ydaeuvf.exe
  2⤵
  PID:4468
- C:\Windows\System\ogHaxqw.exe
  C:\Windows\System\ogHaxqw.exe
  2⤵
  PID:4792
- C:\Windows\System\TwowRvI.exe
  C:\Windows\System\TwowRvI.exe
  2⤵
  PID:4732
- C:\Windows\System\eTOmsDr.exe
  C:\Windows\System\eTOmsDr.exe
  2⤵
  PID:5036
- C:\Windows\System\ruuPBmO.exe
  C:\Windows\System\ruuPBmO.exe
  2⤵
  PID:3008
- C:\Windows\System\OJKJvJE.exe
  C:\Windows\System\OJKJvJE.exe
  2⤵
  PID:2236
- C:\Windows\System\aMoCXsW.exe
  C:\Windows\System\aMoCXsW.exe
  2⤵
  PID:1740
- C:\Windows\System\KQibRdo.exe
  C:\Windows\System\KQibRdo.exe
  2⤵
  PID:4552
- C:\Windows\System\lhHRDLH.exe
  C:\Windows\System\lhHRDLH.exe
  2⤵
  PID:5128
- C:\Windows\System\MhEOaSs.exe
  C:\Windows\System\MhEOaSs.exe
  2⤵
  PID:5144
- C:\Windows\System\zxuyTOk.exe
  C:\Windows\System\zxuyTOk.exe
  2⤵
  PID:5224
- C:\Windows\System\GrvBoeX.exe
  C:\Windows\System\GrvBoeX.exe
  2⤵
  PID:5244
- C:\Windows\System\HtggjXY.exe
  C:\Windows\System\HtggjXY.exe
  2⤵
  PID:5260
- C:\Windows\System\CIzSkRR.exe
  C:\Windows\System\CIzSkRR.exe
  2⤵
  PID:5276
- C:\Windows\System\cAzrvkC.exe
  C:\Windows\System\cAzrvkC.exe
  2⤵
  PID:5296
- C:\Windows\System\mDSvMRR.exe
  C:\Windows\System\mDSvMRR.exe
  2⤵
  PID:5312
- C:\Windows\System\prYCZxE.exe
  C:\Windows\System\prYCZxE.exe
  2⤵
  PID:5336
- C:\Windows\System\JaHZYQI.exe
  C:\Windows\System\JaHZYQI.exe
  2⤵
  PID:5352
- C:\Windows\System\IXegftg.exe
  C:\Windows\System\IXegftg.exe
  2⤵
  PID:5368
- C:\Windows\System\eHawSGK.exe
  C:\Windows\System\eHawSGK.exe
  2⤵
  PID:5384
- C:\Windows\System\lhvmikz.exe
  C:\Windows\System\lhvmikz.exe
  2⤵
  PID:5404
- C:\Windows\System\gujoorC.exe
  C:\Windows\System\gujoorC.exe
  2⤵
  PID:5424
- C:\Windows\System\qmUbiSA.exe
  C:\Windows\System\qmUbiSA.exe
  2⤵
  PID:5440
- C:\Windows\System\qcrBJul.exe
  C:\Windows\System\qcrBJul.exe
  2⤵
  PID:5484
- C:\Windows\System\eCoWYDg.exe
  C:\Windows\System\eCoWYDg.exe
  2⤵
  PID:5500
- C:\Windows\System\OYfTRJj.exe
  C:\Windows\System\OYfTRJj.exe
  2⤵
  PID:5520
- C:\Windows\System\GQyzOhf.exe
  C:\Windows\System\GQyzOhf.exe
  2⤵
  PID:5536
- C:\Windows\System\HXUezGu.exe
  C:\Windows\System\HXUezGu.exe
  2⤵
  PID:5552
- C:\Windows\System\YZHYAcw.exe
  C:\Windows\System\YZHYAcw.exe
  2⤵
  PID:5572
- C:\Windows\System\ClIAAZY.exe
  C:\Windows\System\ClIAAZY.exe
  2⤵
  PID:5608
- C:\Windows\System\ZtGHsfn.exe
  C:\Windows\System\ZtGHsfn.exe
  2⤵
  PID:5624
- C:\Windows\System\bnWVLjR.exe
  C:\Windows\System\bnWVLjR.exe
  2⤵
  PID:5640
- C:\Windows\System\ycMyNfV.exe
  C:\Windows\System\ycMyNfV.exe
  2⤵
  PID:5656
- C:\Windows\System\uuWusJd.exe
  C:\Windows\System\uuWusJd.exe
  2⤵
  PID:5680
- C:\Windows\System\GRVuJmH.exe
  C:\Windows\System\GRVuJmH.exe
  2⤵
  PID:5696
- C:\Windows\System\taRXFdl.exe
  C:\Windows\System\taRXFdl.exe
  2⤵
  PID:5728
- C:\Windows\System\thRUAqi.exe
  C:\Windows\System\thRUAqi.exe
  2⤵
  PID:5748
- C:\Windows\System\abDDwOe.exe
  C:\Windows\System\abDDwOe.exe
  2⤵
  PID:5768
- C:\Windows\System\QqwCZnk.exe
  C:\Windows\System\QqwCZnk.exe
  2⤵
  PID:5788
- C:\Windows\System\rrflhup.exe
  C:\Windows\System\rrflhup.exe
  2⤵
  PID:5812
- C:\Windows\System\DaUUOHY.exe
  C:\Windows\System\DaUUOHY.exe
  2⤵
  PID:5828
- C:\Windows\System\afYqket.exe
  C:\Windows\System\afYqket.exe
  2⤵
  PID:5852
- C:\Windows\System\xtdZvhI.exe
  C:\Windows\System\xtdZvhI.exe
  2⤵
  PID:5868
- C:\Windows\System\JHSyUeU.exe
  C:\Windows\System\JHSyUeU.exe
  2⤵
  PID:5884
- C:\Windows\System\aaeKOdh.exe
  C:\Windows\System\aaeKOdh.exe
  2⤵
  PID:5904
- C:\Windows\System\eJhoyHj.exe
  C:\Windows\System\eJhoyHj.exe
  2⤵
  PID:5920
- C:\Windows\System\IUBDPzu.exe
  C:\Windows\System\IUBDPzu.exe
  2⤵
  PID:5940
- C:\Windows\System\IIvsSgx.exe
  C:\Windows\System\IIvsSgx.exe
  2⤵
  PID:5960
- C:\Windows\System\tefidZT.exe
  C:\Windows\System\tefidZT.exe
  2⤵
  PID:5992
- C:\Windows\System\GgwlMPW.exe
  C:\Windows\System\GgwlMPW.exe
  2⤵
  PID:6012
- C:\Windows\System\jSEOajF.exe
  C:\Windows\System\jSEOajF.exe
  2⤵
  PID:6028
- C:\Windows\System\cTdzxqc.exe
  C:\Windows\System\cTdzxqc.exe
  2⤵
  PID:6044
- C:\Windows\System\NtBZDub.exe
  C:\Windows\System\NtBZDub.exe
  2⤵
  PID:6060
- C:\Windows\System\jkxBvJl.exe
  C:\Windows\System\jkxBvJl.exe
  2⤵
  PID:6076
- C:\Windows\System\opynLnN.exe
  C:\Windows\System\opynLnN.exe
  2⤵
  PID:6092
- C:\Windows\System\sfxilSc.exe
  C:\Windows\System\sfxilSc.exe
  2⤵
  PID:6108
- C:\Windows\System\fZbzoTn.exe
  C:\Windows\System\fZbzoTn.exe
  2⤵
  PID:6124
- C:\Windows\System\GjUAEkJ.exe
  C:\Windows\System\GjUAEkJ.exe
  2⤵
  PID:6140
- C:\Windows\System\wbasQdI.exe
  C:\Windows\System\wbasQdI.exe
  2⤵
  PID:4544
- C:\Windows\System\kUuwjZn.exe
  C:\Windows\System\kUuwjZn.exe
  2⤵
  PID:4844
- C:\Windows\System\cirxXdI.exe
  C:\Windows\System\cirxXdI.exe
  2⤵
  PID:5112
- C:\Windows\System\HmpoCfR.exe
  C:\Windows\System\HmpoCfR.exe
  2⤵
  PID:1516
- C:\Windows\System\LSMIfMT.exe
  C:\Windows\System\LSMIfMT.exe
  2⤵
  PID:4220
- C:\Windows\System\zuZsOmX.exe
  C:\Windows\System\zuZsOmX.exe
  2⤵
  PID:5136
- C:\Windows\System\WEBaLRy.exe
  C:\Windows\System\WEBaLRy.exe
  2⤵
  PID:4960
- C:\Windows\System\NPnxBIP.exe
  C:\Windows\System\NPnxBIP.exe
  2⤵
  PID:5156
- C:\Windows\System\dVTIOOA.exe
  C:\Windows\System\dVTIOOA.exe
  2⤵
  PID:5176
- C:\Windows\System\eBqRRfN.exe
  C:\Windows\System\eBqRRfN.exe
  2⤵
  PID:5240
- C:\Windows\System\MSHbjGO.exe
  C:\Windows\System\MSHbjGO.exe
  2⤵
  PID:5000
- C:\Windows\System\cPJJxhq.exe
  C:\Windows\System\cPJJxhq.exe
  2⤵
  PID:5208
- C:\Windows\System\dAgdSIG.exe
  C:\Windows\System\dAgdSIG.exe
  2⤵
  PID:5284
- C:\Windows\System\bNwydtH.exe
  C:\Windows\System\bNwydtH.exe
  2⤵
  PID:5380
- C:\Windows\System\xseYpvy.exe
  C:\Windows\System\xseYpvy.exe
  2⤵
  PID:5252
- C:\Windows\System\IXErfLz.exe
  C:\Windows\System\IXErfLz.exe
  2⤵
  PID:5320
- C:\Windows\System\CjACmoI.exe
  C:\Windows\System\CjACmoI.exe
  2⤵
  PID:5464
- C:\Windows\System\ELEHwIO.exe
  C:\Windows\System\ELEHwIO.exe
  2⤵
  PID:5468
- C:\Windows\System\tFdzZFc.exe
  C:\Windows\System\tFdzZFc.exe
  2⤵
  PID:5480
- C:\Windows\System\PYrIfZa.exe
  C:\Windows\System\PYrIfZa.exe
  2⤵
  PID:5544
- C:\Windows\System\GLSXYQO.exe
  C:\Windows\System\GLSXYQO.exe
  2⤵
  PID:5580
- C:\Windows\System\qLhadBu.exe
  C:\Windows\System\qLhadBu.exe
  2⤵
  PID:836
- C:\Windows\System\qfsYFad.exe
  C:\Windows\System\qfsYFad.exe
  2⤵
  PID:5564
- C:\Windows\System\tyNisxh.exe
  C:\Windows\System\tyNisxh.exe
  2⤵
  PID:5492
- C:\Windows\System\paNKnyR.exe
  C:\Windows\System\paNKnyR.exe
  2⤵
  PID:5600
- C:\Windows\System\dxdTnVI.exe
  C:\Windows\System\dxdTnVI.exe
  2⤵
  PID:5664
- C:\Windows\System\WcxEwuA.exe
  C:\Windows\System\WcxEwuA.exe
  2⤵
  PID:5672
- C:\Windows\System\wuKqwDI.exe
  C:\Windows\System\wuKqwDI.exe
  2⤵
  PID:5720
- C:\Windows\System\XtHywUM.exe
  C:\Windows\System\XtHywUM.exe
  2⤵
  PID:5620
- C:\Windows\System\YkOYqci.exe
  C:\Windows\System\YkOYqci.exe
  2⤵
  PID:5688
- C:\Windows\System\SLlzWzC.exe
  C:\Windows\System\SLlzWzC.exe
  2⤵
  PID:5756
- C:\Windows\System\AGfYOha.exe
  C:\Windows\System\AGfYOha.exe
  2⤵
  PID:5804
- C:\Windows\System\wYcCUff.exe
  C:\Windows\System\wYcCUff.exe
  2⤵
  PID:2156
- C:\Windows\System\RcOVIUD.exe
  C:\Windows\System\RcOVIUD.exe
  2⤵
  PID:5848
- C:\Windows\System\acBfHQK.exe
  C:\Windows\System\acBfHQK.exe
  2⤵
  PID:5916
- C:\Windows\System\VivjBUc.exe
  C:\Windows\System\VivjBUc.exe
  2⤵
  PID:468
- C:\Windows\System\BHPayoN.exe
  C:\Windows\System\BHPayoN.exe
  2⤵
  PID:5936
- C:\Windows\System\VvQlOip.exe
  C:\Windows\System\VvQlOip.exe
  2⤵
  PID:5984
- C:\Windows\System\BkjLEKd.exe
  C:\Windows\System\BkjLEKd.exe
  2⤵
  PID:6008
- C:\Windows\System\oSOCuDA.exe
  C:\Windows\System\oSOCuDA.exe
  2⤵
  PID:6052
- C:\Windows\System\YtDtvZS.exe
  C:\Windows\System\YtDtvZS.exe
  2⤵
  PID:6040
- C:\Windows\System\FTiBboB.exe
  C:\Windows\System\FTiBboB.exe
  2⤵
  PID:5032
- C:\Windows\System\yBBMgnW.exe
  C:\Windows\System\yBBMgnW.exe
  2⤵
  PID:6088
- C:\Windows\System\COrBtAr.exe
  C:\Windows\System\COrBtAr.exe
  2⤵
  PID:4656
- C:\Windows\System\lGcpzMJ.exe
  C:\Windows\System\lGcpzMJ.exe
  2⤵
  PID:4388
- C:\Windows\System\HxhmFUK.exe
  C:\Windows\System\HxhmFUK.exe
  2⤵
  PID:4344
- C:\Windows\System\ysxJgyt.exe
  C:\Windows\System\ysxJgyt.exe
  2⤵
  PID:4692
- C:\Windows\System\lImFiTP.exe
  C:\Windows\System\lImFiTP.exe
  2⤵
  PID:5200
- C:\Windows\System\eUYrNpd.exe
  C:\Windows\System\eUYrNpd.exe
  2⤵
  PID:5184
- C:\Windows\System\AqboflB.exe
  C:\Windows\System\AqboflB.exe
  2⤵
  PID:5272
- C:\Windows\System\zzoAARU.exe
  C:\Windows\System\zzoAARU.exe
  2⤵
  PID:5348
- C:\Windows\System\DFZyvqk.exe
  C:\Windows\System\DFZyvqk.exe
  2⤵
  PID:5324
- C:\Windows\System\GpbKYDd.exe
  C:\Windows\System\GpbKYDd.exe
  2⤵
  PID:5064
- C:\Windows\System\hSVzBNe.exe
  C:\Windows\System\hSVzBNe.exe
  2⤵
  PID:5436
- C:\Windows\System\wmokTkh.exe
  C:\Windows\System\wmokTkh.exe
  2⤵
  PID:5364
- C:\Windows\System\npdTShE.exe
  C:\Windows\System\npdTShE.exe
  2⤵
  PID:5560
- C:\Windows\System\FgeQfAB.exe
  C:\Windows\System\FgeQfAB.exe
  2⤵
  PID:3012
- C:\Windows\System\SwaNePR.exe
  C:\Windows\System\SwaNePR.exe
  2⤵
  PID:5820
- C:\Windows\System\WrSDaUj.exe
  C:\Windows\System\WrSDaUj.exe
  2⤵
  PID:5760
- C:\Windows\System\qNUUzvi.exe
  C:\Windows\System\qNUUzvi.exe
  2⤵
  PID:5796
- C:\Windows\System\nUlqLCZ.exe
  C:\Windows\System\nUlqLCZ.exe
  2⤵
  PID:5636
- C:\Windows\System\QUVrppX.exe
  C:\Windows\System\QUVrppX.exe
  2⤵
  PID:5716
- C:\Windows\System\bVOqXSn.exe
  C:\Windows\System\bVOqXSn.exe
  2⤵
  PID:1200
- C:\Windows\System\kgtvJXj.exe
  C:\Windows\System\kgtvJXj.exe
  2⤵
  PID:5892
- C:\Windows\System\MskEZxR.exe
  C:\Windows\System\MskEZxR.exe
  2⤵
  PID:5952
- C:\Windows\System\DRzUywt.exe
  C:\Windows\System\DRzUywt.exe
  2⤵
  PID:6020
- C:\Windows\System\dTiSoPc.exe
  C:\Windows\System\dTiSoPc.exe
  2⤵
  PID:6136
- C:\Windows\System\qyHTgGh.exe
  C:\Windows\System\qyHTgGh.exe
  2⤵
  PID:5836
- C:\Windows\System\KRglVAF.exe
  C:\Windows\System\KRglVAF.exe
  2⤵
  PID:1044
- C:\Windows\System\diWYuOv.exe
  C:\Windows\System\diWYuOv.exe
  2⤵
  PID:4480
- C:\Windows\System\yEtsQdg.exe
  C:\Windows\System\yEtsQdg.exe
  2⤵
  PID:4996
- C:\Windows\System\YzDylPc.exe
  C:\Windows\System\YzDylPc.exe
  2⤵
  PID:5236
- C:\Windows\System\sIcKYGf.exe
  C:\Windows\System\sIcKYGf.exe
  2⤵
  PID:5328
- C:\Windows\System\hEExjKM.exe
  C:\Windows\System\hEExjKM.exe
  2⤵
  PID:5456
- C:\Windows\System\GYuaULm.exe
  C:\Windows\System\GYuaULm.exe
  2⤵
  PID:1332
- C:\Windows\System\bkhEFBc.exe
  C:\Windows\System\bkhEFBc.exe
  2⤵
  PID:5648
- C:\Windows\System\sNrSfPw.exe
  C:\Windows\System\sNrSfPw.exe
  2⤵
  PID:5776
- C:\Windows\System\FHHFMkq.exe
  C:\Windows\System\FHHFMkq.exe
  2⤵
  PID:5448
- C:\Windows\System\PQdvTYK.exe
  C:\Windows\System\PQdvTYK.exe
  2⤵
  PID:5496
- C:\Windows\System\KNgJxOg.exe
  C:\Windows\System\KNgJxOg.exe
  2⤵
  PID:6104
- C:\Windows\System\OQkCIKP.exe
  C:\Windows\System\OQkCIKP.exe
  2⤵
  PID:5256
- C:\Windows\System\kalKWxk.exe
  C:\Windows\System\kalKWxk.exe
  2⤵
  PID:3000
- C:\Windows\System\sDcWeXE.exe
  C:\Windows\System\sDcWeXE.exe
  2⤵
  PID:4168
- C:\Windows\System\JLOqpgS.exe
  C:\Windows\System\JLOqpgS.exe
  2⤵
  PID:4644
- C:\Windows\System\sziQCPw.exe
  C:\Windows\System\sziQCPw.exe
  2⤵
  PID:5060
- C:\Windows\System\zNeAtSj.exe
  C:\Windows\System\zNeAtSj.exe
  2⤵
  PID:5124
- C:\Windows\System\icVyjif.exe
  C:\Windows\System\icVyjif.exe
  2⤵
  PID:5332
- C:\Windows\System\srpckoH.exe
  C:\Windows\System\srpckoH.exe
  2⤵
  PID:5652
- C:\Windows\System\vsaLRSV.exe
  C:\Windows\System\vsaLRSV.exe
  2⤵
  PID:2968
- C:\Windows\System\zkcEAyc.exe
  C:\Windows\System\zkcEAyc.exe
  2⤵
  PID:5912
- C:\Windows\System\TRgiNXx.exe
  C:\Windows\System\TRgiNXx.exe
  2⤵
  PID:956
- C:\Windows\System\ZoxTrrm.exe
  C:\Windows\System\ZoxTrrm.exe
  2⤵
  PID:5232
- C:\Windows\System\PJRFfQR.exe
  C:\Windows\System\PJRFfQR.exe
  2⤵
  PID:6084
- C:\Windows\System\SaqbRKL.exe
  C:\Windows\System\SaqbRKL.exe
  2⤵
  PID:5736
- C:\Windows\System\mxFhtKB.exe
  C:\Windows\System\mxFhtKB.exe
  2⤵
  PID:2748
- C:\Windows\System\tcLRbfj.exe
  C:\Windows\System\tcLRbfj.exe
  2⤵
  PID:5596
- C:\Windows\System\pWbYwpy.exe
  C:\Windows\System\pWbYwpy.exe
  2⤵
  PID:6164
- C:\Windows\System\RgTdegq.exe
  C:\Windows\System\RgTdegq.exe
  2⤵
  PID:6180
- C:\Windows\System\RCmuUIo.exe
  C:\Windows\System\RCmuUIo.exe
  2⤵
  PID:6196
- C:\Windows\System\kxsasmH.exe
  C:\Windows\System\kxsasmH.exe
  2⤵
  PID:6212
- C:\Windows\System\LghlNzR.exe
  C:\Windows\System\LghlNzR.exe
  2⤵
  PID:6232
- C:\Windows\System\DSvkcGh.exe
  C:\Windows\System\DSvkcGh.exe
  2⤵
  PID:6252
- C:\Windows\System\ibiFDvX.exe
  C:\Windows\System\ibiFDvX.exe
  2⤵
  PID:6268
- C:\Windows\System\gFqMNbm.exe
  C:\Windows\System\gFqMNbm.exe
  2⤵
  PID:6284
- C:\Windows\System\EfGHPgS.exe
  C:\Windows\System\EfGHPgS.exe
  2⤵
  PID:6308
- C:\Windows\System\UHCwxtX.exe
  C:\Windows\System\UHCwxtX.exe
  2⤵
  PID:6332
- C:\Windows\System\IOLOSPB.exe
  C:\Windows\System\IOLOSPB.exe
  2⤵
  PID:6352
- C:\Windows\System\LwAShTL.exe
  C:\Windows\System\LwAShTL.exe
  2⤵
  PID:6388
- C:\Windows\System\lXvGOkE.exe
  C:\Windows\System\lXvGOkE.exe
  2⤵
  PID:6404
- C:\Windows\System\nsRGHqz.exe
  C:\Windows\System\nsRGHqz.exe
  2⤵
  PID:6420
- C:\Windows\System\YFKXWKZ.exe
  C:\Windows\System\YFKXWKZ.exe
  2⤵
  PID:6436
- C:\Windows\System\SEvVcpC.exe
  C:\Windows\System\SEvVcpC.exe
  2⤵
  PID:6452
- C:\Windows\System\smUgfBG.exe
  C:\Windows\System\smUgfBG.exe
  2⤵
  PID:6468
- C:\Windows\System\GqDovvv.exe
  C:\Windows\System\GqDovvv.exe
  2⤵
  PID:6484
- C:\Windows\System\lmQgsZl.exe
  C:\Windows\System\lmQgsZl.exe
  2⤵
  PID:6500
- C:\Windows\System\xnuTiuw.exe
  C:\Windows\System\xnuTiuw.exe
  2⤵
  PID:6516
- C:\Windows\System\fLImatm.exe
  C:\Windows\System\fLImatm.exe
  2⤵
  PID:6532
- C:\Windows\System\OvolGBu.exe
  C:\Windows\System\OvolGBu.exe
  2⤵
  PID:6548
- C:\Windows\System\JvcbjRY.exe
  C:\Windows\System\JvcbjRY.exe
  2⤵
  PID:6624
- C:\Windows\System\bxuxZxz.exe
  C:\Windows\System\bxuxZxz.exe
  2⤵
  PID:6644
- C:\Windows\System\ndVoiox.exe
  C:\Windows\System\ndVoiox.exe
  2⤵
  PID:6660
- C:\Windows\System\otTcjPo.exe
  C:\Windows\System\otTcjPo.exe
  2⤵
  PID:6676
- C:\Windows\System\DSkoYxI.exe
  C:\Windows\System\DSkoYxI.exe
  2⤵
  PID:6692
- C:\Windows\System\FshrNVm.exe
  C:\Windows\System\FshrNVm.exe
  2⤵
  PID:6708
- C:\Windows\System\MsYmUHf.exe
  C:\Windows\System\MsYmUHf.exe
  2⤵
  PID:6728
- C:\Windows\System\NnWzoZa.exe
  C:\Windows\System\NnWzoZa.exe
  2⤵
  PID:6744
- C:\Windows\System\upsDSTF.exe
  C:\Windows\System\upsDSTF.exe
  2⤵
  PID:6760
- C:\Windows\System\wYrDyoD.exe
  C:\Windows\System\wYrDyoD.exe
  2⤵
  PID:6784
- C:\Windows\System\IIQUhtG.exe
  C:\Windows\System\IIQUhtG.exe
  2⤵
  PID:6800
- C:\Windows\System\ItxpeJQ.exe
  C:\Windows\System\ItxpeJQ.exe
  2⤵
  PID:6820
- C:\Windows\System\rCzLhYs.exe
  C:\Windows\System\rCzLhYs.exe
  2⤵
  PID:6840
- C:\Windows\System\KYPRtQU.exe
  C:\Windows\System\KYPRtQU.exe
  2⤵
  PID:6884
- C:\Windows\System\PUrbBmQ.exe
  C:\Windows\System\PUrbBmQ.exe
  2⤵
  PID:6900
- C:\Windows\System\bPYmlOK.exe
  C:\Windows\System\bPYmlOK.exe
  2⤵
  PID:6916
- C:\Windows\System\JvwulzO.exe
  C:\Windows\System\JvwulzO.exe
  2⤵
  PID:6932
- C:\Windows\System\dOCcqIi.exe
  C:\Windows\System\dOCcqIi.exe
  2⤵
  PID:6948
- C:\Windows\System\DFuDitq.exe
  C:\Windows\System\DFuDitq.exe
  2⤵
  PID:6968
- C:\Windows\System\vSjySix.exe
  C:\Windows\System\vSjySix.exe
  2⤵
  PID:6984
- C:\Windows\System\MlDUMIJ.exe
  C:\Windows\System\MlDUMIJ.exe
  2⤵
  PID:7004
- C:\Windows\System\mbjTAJS.exe
  C:\Windows\System\mbjTAJS.exe
  2⤵
  PID:7024
- C:\Windows\System\VpzzAcP.exe
  C:\Windows\System\VpzzAcP.exe
  2⤵
  PID:7040
- C:\Windows\System\UcgSuwF.exe
  C:\Windows\System\UcgSuwF.exe
  2⤵
  PID:7056
- C:\Windows\System\xgvIhMR.exe
  C:\Windows\System\xgvIhMR.exe
  2⤵
  PID:7072
- C:\Windows\System\qUjvzMS.exe
  C:\Windows\System\qUjvzMS.exe
  2⤵
  PID:7088
- C:\Windows\System\CThFRpa.exe
  C:\Windows\System\CThFRpa.exe
  2⤵
  PID:7148
- C:\Windows\System\TplqgfD.exe
  C:\Windows\System\TplqgfD.exe
  2⤵
  PID:7164
- C:\Windows\System\gwUldZI.exe
  C:\Windows\System\gwUldZI.exe
  2⤵
  PID:6204
- C:\Windows\System\gQuzxTG.exe
  C:\Windows\System\gQuzxTG.exe
  2⤵
  PID:6276
- C:\Windows\System\wWliIcv.exe
  C:\Windows\System\wWliIcv.exe
  2⤵
  PID:6328
- C:\Windows\System\pZwdzHH.exe
  C:\Windows\System\pZwdzHH.exe
  2⤵
  PID:5980
- C:\Windows\System\wkdKpMg.exe
  C:\Windows\System\wkdKpMg.exe
  2⤵
  PID:6364
- C:\Windows\System\BEufdxX.exe
  C:\Windows\System\BEufdxX.exe
  2⤵
  PID:5216
- C:\Windows\System\abUbmCt.exe
  C:\Windows\System\abUbmCt.exe
  2⤵
  PID:4324
- C:\Windows\System\kPWVGZh.exe
  C:\Windows\System\kPWVGZh.exe
  2⤵
  PID:6148
- C:\Windows\System\sEdHwtV.exe
  C:\Windows\System\sEdHwtV.exe
  2⤵
  PID:6188
- C:\Windows\System\mJrAtrQ.exe
  C:\Windows\System\mJrAtrQ.exe
  2⤵
  PID:6260
- C:\Windows\System\KdEaaLU.exe
  C:\Windows\System\KdEaaLU.exe
  2⤵
  PID:6444
- C:\Windows\System\RmNsMYb.exe
  C:\Windows\System\RmNsMYb.exe
  2⤵
  PID:6508
- C:\Windows\System\krREZKh.exe
  C:\Windows\System\krREZKh.exe
  2⤵
  PID:5292
- C:\Windows\System\MrmIkLG.exe
  C:\Windows\System\MrmIkLG.exe
  2⤵
  PID:6460
- C:\Windows\System\EmYEnQl.exe
  C:\Windows\System\EmYEnQl.exe
  2⤵
  PID:5808
- C:\Windows\System\oYYrUWC.exe
  C:\Windows\System\oYYrUWC.exe
  2⤵
  PID:6584
- C:\Windows\System\RKDMcUe.exe
  C:\Windows\System\RKDMcUe.exe
  2⤵
  PID:6348
- C:\Windows\System\wzSnCFS.exe
  C:\Windows\System\wzSnCFS.exe
  2⤵
  PID:6496
- C:\Windows\System\MCaOkwz.exe
  C:\Windows\System\MCaOkwz.exe
  2⤵
  PID:6432
- C:\Windows\System\hOcqYtU.exe
  C:\Windows\System\hOcqYtU.exe
  2⤵
  PID:6560
- C:\Windows\System\inxQrCG.exe
  C:\Windows\System\inxQrCG.exe
  2⤵
  PID:6632
- C:\Windows\System\HFlGQWJ.exe
  C:\Windows\System\HFlGQWJ.exe
  2⤵
  PID:6672
- C:\Windows\System\bDPsJQx.exe
  C:\Windows\System\bDPsJQx.exe
  2⤵
  PID:6740
- C:\Windows\System\JsCoAhb.exe
  C:\Windows\System\JsCoAhb.exe
  2⤵
  PID:6852
- C:\Windows\System\jByzHYd.exe
  C:\Windows\System\jByzHYd.exe
  2⤵
  PID:6756
- C:\Windows\System\pgfWXpS.exe
  C:\Windows\System\pgfWXpS.exe
  2⤵
  PID:6684
- C:\Windows\System\jAGwZeI.exe
  C:\Windows\System\jAGwZeI.exe
  2⤵
  PID:6864
- C:\Windows\System\QSrVEYw.exe
  C:\Windows\System\QSrVEYw.exe
  2⤵
  PID:6908
- C:\Windows\System\pHNflJG.exe
  C:\Windows\System\pHNflJG.exe
  2⤵
  PID:6944
- C:\Windows\System\OgQrTeP.exe
  C:\Windows\System\OgQrTeP.exe
  2⤵
  PID:7048
- C:\Windows\System\niDpqBr.exe
  C:\Windows\System\niDpqBr.exe
  2⤵
  PID:6892
- C:\Windows\System\WxfZvaP.exe
  C:\Windows\System\WxfZvaP.exe
  2⤵
  PID:6992
- C:\Windows\System\PgpYmhf.exe
  C:\Windows\System\PgpYmhf.exe
  2⤵
  PID:6996
- C:\Windows\System\ojRckZU.exe
  C:\Windows\System\ojRckZU.exe
  2⤵
  PID:7104
- C:\Windows\System\mgdnpUc.exe
  C:\Windows\System\mgdnpUc.exe
  2⤵
  PID:7128
- C:\Windows\System\TmVmiKe.exe
  C:\Windows\System\TmVmiKe.exe
  2⤵
  PID:6036
- C:\Windows\System\gznozLJ.exe
  C:\Windows\System\gznozLJ.exe
  2⤵
  PID:6376
- C:\Windows\System\pWiZFHL.exe
  C:\Windows\System\pWiZFHL.exe
  2⤵
  PID:6224
- C:\Windows\System\WcDwVVl.exe
  C:\Windows\System\WcDwVVl.exe
  2⤵
  PID:5616
- C:\Windows\System\LpPoxmU.exe
  C:\Windows\System\LpPoxmU.exe
  2⤵
  PID:6304
- C:\Windows\System\hYrhZno.exe
  C:\Windows\System\hYrhZno.exe
  2⤵
  PID:6360
- C:\Windows\System\VGDxuAR.exe
  C:\Windows\System\VGDxuAR.exe
  2⤵
  PID:6380
- C:\Windows\System\wIiMBPr.exe
  C:\Windows\System\wIiMBPr.exe
  2⤵
  PID:6416
- C:\Windows\System\ykaKJZQ.exe
  C:\Windows\System\ykaKJZQ.exe
  2⤵
  PID:6524
- C:\Windows\System\DoWlKGd.exe
  C:\Windows\System\DoWlKGd.exe
  2⤵
  PID:6616
- C:\Windows\System\OsgdgPg.exe
  C:\Windows\System\OsgdgPg.exe
  2⤵
  PID:6480
- C:\Windows\System\JhyqjRW.exe
  C:\Windows\System\JhyqjRW.exe
  2⤵
  PID:6556
- C:\Windows\System\IKBbXIK.exe
  C:\Windows\System\IKBbXIK.exe
  2⤵
  PID:6772
- C:\Windows\System\xveCgab.exe
  C:\Windows\System\xveCgab.exe
  2⤵
  PID:6812
- C:\Windows\System\WFoqsnn.exe
  C:\Windows\System\WFoqsnn.exe
  2⤵
  PID:6836
- C:\Windows\System\PEmmEiU.exe
  C:\Windows\System\PEmmEiU.exe
  2⤵
  PID:6720
- C:\Windows\System\WLzgiVV.exe
  C:\Windows\System\WLzgiVV.exe
  2⤵
  PID:6940
- C:\Windows\System\anqussr.exe
  C:\Windows\System\anqussr.exe
  2⤵
  PID:6832
- C:\Windows\System\NWinYsW.exe
  C:\Windows\System\NWinYsW.exe
  2⤵
  PID:7108
- C:\Windows\System\DMFoGNJ.exe
  C:\Windows\System\DMFoGNJ.exe
  2⤵
  PID:7032
- C:\Windows\System\gJdMRBc.exe
  C:\Windows\System\gJdMRBc.exe
  2⤵
  PID:6240
- C:\Windows\System\jXBxiJY.exe
  C:\Windows\System\jXBxiJY.exe
  2⤵
  PID:7132
- C:\Windows\System\KYjhZBA.exe
  C:\Windows\System\KYjhZBA.exe
  2⤵
  PID:7144
- C:\Windows\System\AqSSxSR.exe
  C:\Windows\System\AqSSxSR.exe
  2⤵
  PID:5712
- C:\Windows\System\jGTjKhb.exe
  C:\Windows\System\jGTjKhb.exe
  2⤵
  PID:6544
- C:\Windows\System\RAFboaM.exe
  C:\Windows\System\RAFboaM.exe
  2⤵
  PID:6176
- C:\Windows\System\iGuDeTO.exe
  C:\Windows\System\iGuDeTO.exe
  2⤵
  PID:6476
- C:\Windows\System\LjULEXN.exe
  C:\Windows\System\LjULEXN.exe
  2⤵
  PID:6320
- C:\Windows\System\FBhHWUv.exe
  C:\Windows\System\FBhHWUv.exe
  2⤵
  PID:6600
- C:\Windows\System\IuyOHrr.exe
  C:\Windows\System\IuyOHrr.exe
  2⤵
  PID:6580
- C:\Windows\System\fLnaoHC.exe
  C:\Windows\System\fLnaoHC.exe
  2⤵
  PID:6808
- C:\Windows\System\GGIyvOI.exe
  C:\Windows\System\GGIyvOI.exe
  2⤵
  PID:6796
- C:\Windows\System\nHkmVAr.exe
  C:\Windows\System\nHkmVAr.exe
  2⤵
  PID:6980
- C:\Windows\System\ZxsrDsR.exe
  C:\Windows\System\ZxsrDsR.exe
  2⤵
  PID:6956
- C:\Windows\System\phqLbQw.exe
  C:\Windows\System\phqLbQw.exe
  2⤵
  PID:7160
- C:\Windows\System\VFISard.exe
  C:\Windows\System\VFISard.exe
  2⤵
  PID:6540
- C:\Windows\System\ntIcgyw.exe
  C:\Windows\System\ntIcgyw.exe
  2⤵
  PID:6860
- C:\Windows\System\OxbHSrl.exe
  C:\Windows\System\OxbHSrl.exe
  2⤵
  PID:7176
- C:\Windows\System\wvGbZzN.exe
  C:\Windows\System\wvGbZzN.exe
  2⤵
  PID:7256
- C:\Windows\System\DxeIdzw.exe
  C:\Windows\System\DxeIdzw.exe
  2⤵
  PID:7276
- C:\Windows\System\UYdRUmA.exe
  C:\Windows\System\UYdRUmA.exe
  2⤵
  PID:7296
- C:\Windows\System\ANlFaAb.exe
  C:\Windows\System\ANlFaAb.exe
  2⤵
  PID:7316
- C:\Windows\System\qZlNyVS.exe
  C:\Windows\System\qZlNyVS.exe
  2⤵
  PID:7336
- C:\Windows\System\TkrUdWL.exe
  C:\Windows\System\TkrUdWL.exe
  2⤵
  PID:7356
- C:\Windows\System\RJVdfCk.exe
  C:\Windows\System\RJVdfCk.exe
  2⤵
  PID:7372
- C:\Windows\System\ygvNqAv.exe
  C:\Windows\System\ygvNqAv.exe
  2⤵
  PID:7388
- C:\Windows\System\MeiEDTV.exe
  C:\Windows\System\MeiEDTV.exe
  2⤵
  PID:7416
- C:\Windows\System\fXSIAnD.exe
  C:\Windows\System\fXSIAnD.exe
  2⤵
  PID:7432
- C:\Windows\System\hdSbHJz.exe
  C:\Windows\System\hdSbHJz.exe
  2⤵
  PID:7448
- C:\Windows\System\pTvEAMv.exe
  C:\Windows\System\pTvEAMv.exe
  2⤵
  PID:7464
- C:\Windows\System\tdQaQme.exe
  C:\Windows\System\tdQaQme.exe
  2⤵
  PID:7480
- C:\Windows\System\UdtsvHL.exe
  C:\Windows\System\UdtsvHL.exe
  2⤵
  PID:7500
- C:\Windows\System\pZGxUjo.exe
  C:\Windows\System\pZGxUjo.exe
  2⤵
  PID:7528
- C:\Windows\System\CnbQjRP.exe
  C:\Windows\System\CnbQjRP.exe
  2⤵
  PID:7544
- C:\Windows\System\HWneXzS.exe
  C:\Windows\System\HWneXzS.exe
  2⤵
  PID:7560
- C:\Windows\System\olVUxKK.exe
  C:\Windows\System\olVUxKK.exe
  2⤵
  PID:7584
- C:\Windows\System\WpiQzmQ.exe
  C:\Windows\System\WpiQzmQ.exe
  2⤵
  PID:7612
- C:\Windows\System\IFdUAaw.exe
  C:\Windows\System\IFdUAaw.exe
  2⤵
  PID:7628
- C:\Windows\System\tZBNOYa.exe
  C:\Windows\System\tZBNOYa.exe
  2⤵
  PID:7648
- C:\Windows\System\GjTNlKn.exe
  C:\Windows\System\GjTNlKn.exe
  2⤵
  PID:7668
- C:\Windows\System\xFemsEQ.exe
  C:\Windows\System\xFemsEQ.exe
  2⤵
  PID:7684
- C:\Windows\System\VbATrRw.exe
  C:\Windows\System\VbATrRw.exe
  2⤵
  PID:7700
- C:\Windows\System\sNtnsdL.exe
  C:\Windows\System\sNtnsdL.exe
  2⤵
  PID:7716
- C:\Windows\System\ouRpoSs.exe
  C:\Windows\System\ouRpoSs.exe
  2⤵
  PID:7732
- C:\Windows\System\mkwuUDK.exe
  C:\Windows\System\mkwuUDK.exe
  2⤵
  PID:7748
- C:\Windows\System\XALZAgU.exe
  C:\Windows\System\XALZAgU.exe
  2⤵
  PID:7764
- C:\Windows\System\bzOKBfp.exe
  C:\Windows\System\bzOKBfp.exe
  2⤵
  PID:7792
- C:\Windows\System\acdXqBB.exe
  C:\Windows\System\acdXqBB.exe
  2⤵
  PID:7812
- C:\Windows\System\mCbRYCu.exe
  C:\Windows\System\mCbRYCu.exe
  2⤵
  PID:7828
- C:\Windows\System\AEFwgZw.exe
  C:\Windows\System\AEFwgZw.exe
  2⤵
  PID:7880
- C:\Windows\System\RdXqZCA.exe
  C:\Windows\System\RdXqZCA.exe
  2⤵
  PID:7896
- C:\Windows\System\WIfKrws.exe
  C:\Windows\System\WIfKrws.exe
  2⤵
  PID:7916
- C:\Windows\System\fIOwBiu.exe
  C:\Windows\System\fIOwBiu.exe
  2⤵
  PID:7940
- C:\Windows\System\HknQDoq.exe
  C:\Windows\System\HknQDoq.exe
  2⤵
  PID:7956
- C:\Windows\System\MFgImoP.exe
  C:\Windows\System\MFgImoP.exe
  2⤵
  PID:7972
- C:\Windows\System\CQOgkqy.exe
  C:\Windows\System\CQOgkqy.exe
  2⤵
  PID:7992
- C:\Windows\System\XiuyApA.exe
  C:\Windows\System\XiuyApA.exe
  2⤵
  PID:8008
- C:\Windows\System\MWKtutm.exe
  C:\Windows\System\MWKtutm.exe
  2⤵
  PID:8028
- C:\Windows\System\eXSuOul.exe
  C:\Windows\System\eXSuOul.exe
  2⤵
  PID:8052
- C:\Windows\System\iQoPtcX.exe
  C:\Windows\System\iQoPtcX.exe
  2⤵
  PID:8068
- C:\Windows\System\NsgxzJQ.exe
  C:\Windows\System\NsgxzJQ.exe
  2⤵
  PID:8084
- C:\Windows\System\emQvLyt.exe
  C:\Windows\System\emQvLyt.exe
  2⤵
  PID:8116
- C:\Windows\System\oikDqVc.exe
  C:\Windows\System\oikDqVc.exe
  2⤵
  PID:8132
- C:\Windows\System\IiDHIcf.exe
  C:\Windows\System\IiDHIcf.exe
  2⤵
  PID:8152
- C:\Windows\System\bMKkRqM.exe
  C:\Windows\System\bMKkRqM.exe
  2⤵
  PID:8172
- C:\Windows\System\DodxXJz.exe
  C:\Windows\System\DodxXJz.exe
  2⤵
  PID:6220
- C:\Windows\System\qfMWBKN.exe
  C:\Windows\System\qfMWBKN.exe
  2⤵
  PID:7064
- C:\Windows\System\iHMWwvL.exe
  C:\Windows\System\iHMWwvL.exe
  2⤵
  PID:7016
- C:\Windows\System\LHHrJRJ.exe
  C:\Windows\System\LHHrJRJ.exe
  2⤵
  PID:6412
- C:\Windows\System\nAiSYmq.exe
  C:\Windows\System\nAiSYmq.exe
  2⤵
  PID:6876
- C:\Windows\System\IVpAWRs.exe
  C:\Windows\System\IVpAWRs.exe
  2⤵
  PID:7184
- C:\Windows\System\NqldNNL.exe
  C:\Windows\System\NqldNNL.exe
  2⤵
  PID:7204
- C:\Windows\System\tpISBrN.exe
  C:\Windows\System\tpISBrN.exe
  2⤵
  PID:6396
- C:\Windows\System\tnqavNu.exe
  C:\Windows\System\tnqavNu.exe
  2⤵
  PID:7224
- C:\Windows\System\noKtazR.exe
  C:\Windows\System\noKtazR.exe
  2⤵
  PID:7244
- C:\Windows\System\guKPfPL.exe
  C:\Windows\System\guKPfPL.exe
  2⤵
  PID:7188
- C:\Windows\System\dcWhtpr.exe
  C:\Windows\System\dcWhtpr.exe
  2⤵
  PID:7284
- C:\Windows\System\ZGPFyWt.exe
  C:\Windows\System\ZGPFyWt.exe
  2⤵
  PID:3040
- C:\Windows\System\vNiQqZL.exe
  C:\Windows\System\vNiQqZL.exe
  2⤵
  PID:7328
- C:\Windows\System\NJixEMs.exe
  C:\Windows\System\NJixEMs.exe
  2⤵
  PID:7364
- C:\Windows\System\pESkAxZ.exe
  C:\Windows\System\pESkAxZ.exe
  2⤵
  PID:7400
- C:\Windows\System\ZMzqzdh.exe
  C:\Windows\System\ZMzqzdh.exe
  2⤵
  PID:7472
- C:\Windows\System\TciWvgi.exe
  C:\Windows\System\TciWvgi.exe
  2⤵
  PID:7512
- C:\Windows\System\LNLXWFr.exe
  C:\Windows\System\LNLXWFr.exe
  2⤵
  PID:7524
- C:\Windows\System\YAGQEgb.exe
  C:\Windows\System\YAGQEgb.exe
  2⤵
  PID:7608
- C:\Windows\System\TngyPxX.exe
  C:\Windows\System\TngyPxX.exe
  2⤵
  PID:7576
- C:\Windows\System\zcXahVk.exe
  C:\Windows\System\zcXahVk.exe
  2⤵
  PID:7644
- C:\Windows\System\PtnvpVx.exe
  C:\Windows\System\PtnvpVx.exe
  2⤵
  PID:7676
- C:\Windows\System\NKlxyEn.exe
  C:\Windows\System\NKlxyEn.exe
  2⤵
  PID:7744
- C:\Windows\System\fogRbME.exe
  C:\Windows\System\fogRbME.exe
  2⤵
  PID:7784
- C:\Windows\System\ZgcMqCb.exe
  C:\Windows\System\ZgcMqCb.exe
  2⤵
  PID:7660
- C:\Windows\System\VxiTZBI.exe
  C:\Windows\System\VxiTZBI.exe
  2⤵
  PID:7728
- C:\Windows\System\UOWsptt.exe
  C:\Windows\System\UOWsptt.exe
  2⤵
  PID:7856
- C:\Windows\System\SGJClTu.exe
  C:\Windows\System\SGJClTu.exe
  2⤵
  PID:7756
- C:\Windows\System\RtjiZVw.exe
  C:\Windows\System\RtjiZVw.exe
  2⤵
  PID:7888
- C:\Windows\System\taRrSXh.exe
  C:\Windows\System\taRrSXh.exe
  2⤵
  PID:7924
- C:\Windows\System\PmmnAuT.exe
  C:\Windows\System\PmmnAuT.exe
  2⤵
  PID:7932
- C:\Windows\System\aGiIFae.exe
  C:\Windows\System\aGiIFae.exe
  2⤵
  PID:7948
- C:\Windows\System\tOJwfCp.exe
  C:\Windows\System\tOJwfCp.exe
  2⤵
  PID:8048
- C:\Windows\System\jKfUlct.exe
  C:\Windows\System\jKfUlct.exe
  2⤵
  PID:8024
- C:\Windows\System\YbXZFgr.exe
  C:\Windows\System\YbXZFgr.exe
  2⤵
  PID:8080
- C:\Windows\System\qnwhIpZ.exe
  C:\Windows\System\qnwhIpZ.exe
  2⤵
  PID:8112
- C:\Windows\System\aitkqFS.exe
  C:\Windows\System\aitkqFS.exe
  2⤵
  PID:8104
- C:\Windows\System\mXovqCT.exe
  C:\Windows\System\mXovqCT.exe
  2⤵
  PID:6620
- C:\Windows\System\Dpphisz.exe
  C:\Windows\System\Dpphisz.exe
  2⤵
  PID:6636
- C:\Windows\System\lNdxLag.exe
  C:\Windows\System\lNdxLag.exe
  2⤵
  PID:7012
- C:\Windows\System\MpbiPtn.exe
  C:\Windows\System\MpbiPtn.exe
  2⤵
  PID:7196
- C:\Windows\System\hcVgwml.exe
  C:\Windows\System\hcVgwml.exe
  2⤵
  PID:7216
- C:\Windows\System\VDhBNkR.exe
  C:\Windows\System\VDhBNkR.exe
  2⤵
  PID:7232
- C:\Windows\System\nFmoyrE.exe
  C:\Windows\System\nFmoyrE.exe
  2⤵
  PID:7268
- C:\Windows\System\esRkmBh.exe
  C:\Windows\System\esRkmBh.exe
  2⤵
  PID:7380
- C:\Windows\System\arSNteY.exe
  C:\Windows\System\arSNteY.exe
  2⤵
  PID:7220
- C:\Windows\System\TvqHbsV.exe
  C:\Windows\System\TvqHbsV.exe
  2⤵
  PID:7444
- C:\Windows\System\frwfmnz.exe
  C:\Windows\System\frwfmnz.exe
  2⤵
  PID:7592
- C:\Windows\System\ePkyDpj.exe
  C:\Windows\System\ePkyDpj.exe
  2⤵
  PID:7208
- C:\Windows\System\gkxKKzr.exe
  C:\Windows\System\gkxKKzr.exe
  2⤵
  PID:7516
- C:\Windows\System\GRtxwuE.exe
  C:\Windows\System\GRtxwuE.exe
  2⤵
  PID:7496
- C:\Windows\System\JRcEIvQ.exe
  C:\Windows\System\JRcEIvQ.exe
  2⤵
  PID:7708
- C:\Windows\System\wexbaow.exe
  C:\Windows\System\wexbaow.exe
  2⤵
  PID:7852
- C:\Windows\System\kiuMEqO.exe
  C:\Windows\System\kiuMEqO.exe
  2⤵
  PID:7776
- C:\Windows\System\gHmSpsR.exe
  C:\Windows\System\gHmSpsR.exe
  2⤵
  PID:7692
- C:\Windows\System\zPIOCTE.exe
  C:\Windows\System\zPIOCTE.exe
  2⤵
  PID:7840
- C:\Windows\System\cIHRnkX.exe
  C:\Windows\System\cIHRnkX.exe
  2⤵
  PID:8124
- C:\Windows\System\nQmIaJP.exe
  C:\Windows\System\nQmIaJP.exe
  2⤵
  PID:8100
- C:\Windows\System\uoDBJhu.exe
  C:\Windows\System\uoDBJhu.exe
  2⤵
  PID:8140
- C:\Windows\System\AiWxKTw.exe
  C:\Windows\System\AiWxKTw.exe
  2⤵
  PID:8164
- C:\Windows\System\iqroBBn.exe
  C:\Windows\System\iqroBBn.exe
  2⤵
  PID:8060
- C:\Windows\System\OBBmtAF.exe
  C:\Windows\System\OBBmtAF.exe
  2⤵
  PID:6492
- C:\Windows\System\hTMtFlG.exe
  C:\Windows\System\hTMtFlG.exe
  2⤵
  PID:6244
- C:\Windows\System\fzmwmbx.exe
  C:\Windows\System\fzmwmbx.exe
  2⤵
  PID:7396
- C:\Windows\System\oUPqALd.exe
  C:\Windows\System\oUPqALd.exe
  2⤵
  PID:7344
- C:\Windows\System\vQmDCac.exe
  C:\Windows\System\vQmDCac.exe
  2⤵
  PID:7460
- C:\Windows\System\MOlGeZL.exe
  C:\Windows\System\MOlGeZL.exe
  2⤵
  PID:7272
- C:\Windows\System\EQLOVIh.exe
  C:\Windows\System\EQLOVIh.exe
  2⤵
  PID:7020
- C:\Windows\System\YQjaKBz.exe
  C:\Windows\System\YQjaKBz.exe
  2⤵
  PID:7820
- C:\Windows\System\nXPhyco.exe
  C:\Windows\System\nXPhyco.exe
  2⤵
  PID:7864
- C:\Windows\System\wlXNxsd.exe
  C:\Windows\System\wlXNxsd.exe
  2⤵
  PID:8016
- C:\Windows\System\XpPyGHw.exe
  C:\Windows\System\XpPyGHw.exe
  2⤵
  PID:7876
- C:\Windows\System\nDjkqLo.exe
  C:\Windows\System\nDjkqLo.exe
  2⤵
  PID:5764
- C:\Windows\System\nVooDKn.exe
  C:\Windows\System\nVooDKn.exe
  2⤵
  PID:7292
- C:\Windows\System\lelcfGO.exe
  C:\Windows\System\lelcfGO.exe
  2⤵
  PID:7580
- C:\Windows\System\fTGpaKa.exe
  C:\Windows\System\fTGpaKa.exe
  2⤵
  PID:7540
- C:\Windows\System\YaFThcT.exe
  C:\Windows\System\YaFThcT.exe
  2⤵
  PID:8004
- C:\Windows\System\pHtahlv.exe
  C:\Windows\System\pHtahlv.exe
  2⤵
  PID:8000
- C:\Windows\System\hwbdbHT.exe
  C:\Windows\System\hwbdbHT.exe
  2⤵
  PID:7600
- C:\Windows\System\VlFUmjY.exe
  C:\Windows\System\VlFUmjY.exe
  2⤵
  PID:7348
- C:\Windows\System\yrJzJFf.exe
  C:\Windows\System\yrJzJFf.exe
  2⤵
  PID:7488
- C:\Windows\System\hFQbfKS.exe
  C:\Windows\System\hFQbfKS.exe
  2⤵
  PID:7848
- C:\Windows\System\ZXKbiTH.exe
  C:\Windows\System\ZXKbiTH.exe
  2⤵
  PID:7572
- C:\Windows\System\FJDNogl.exe
  C:\Windows\System\FJDNogl.exe
  2⤵
  PID:7712
- C:\Windows\System\qHtkAnc.exe
  C:\Windows\System\qHtkAnc.exe
  2⤵
  PID:7568
- C:\Windows\System\TLhiwDL.exe
  C:\Windows\System\TLhiwDL.exe
  2⤵
  PID:8128
- C:\Windows\System\jPBSORw.exe
  C:\Windows\System\jPBSORw.exe
  2⤵
  PID:6428
- C:\Windows\System\VCnBnlE.exe
  C:\Windows\System\VCnBnlE.exe
  2⤵
  PID:7556
- C:\Windows\System\iILeghh.exe
  C:\Windows\System\iILeghh.exe
  2⤵
  PID:7508
- C:\Windows\System\pvKPWkb.exe
  C:\Windows\System\pvKPWkb.exe
  2⤵
  PID:7804
- C:\Windows\System\BNUDNmn.exe
  C:\Windows\System\BNUDNmn.exe
  2⤵
  PID:7100
- C:\Windows\System\qiHAXBv.exe
  C:\Windows\System\qiHAXBv.exe
  2⤵
  PID:8200
- C:\Windows\System\oJFQeKY.exe
  C:\Windows\System\oJFQeKY.exe
  2⤵
  PID:8220
- C:\Windows\System\yAvRRbv.exe
  C:\Windows\System\yAvRRbv.exe
  2⤵
  PID:8236
- C:\Windows\System\gPpWZgg.exe
  C:\Windows\System\gPpWZgg.exe
  2⤵
  PID:8260
- C:\Windows\System\PEOTGjs.exe
  C:\Windows\System\PEOTGjs.exe
  2⤵
  PID:8280
- C:\Windows\System\NAtOlcz.exe
  C:\Windows\System\NAtOlcz.exe
  2⤵
  PID:8296
- C:\Windows\System\pLdpewL.exe
  C:\Windows\System\pLdpewL.exe
  2⤵
  PID:8328
- C:\Windows\System\rDaKGLf.exe
  C:\Windows\System\rDaKGLf.exe
  2⤵
  PID:8344
- C:\Windows\System\aJHElev.exe
  C:\Windows\System\aJHElev.exe
  2⤵
  PID:8372
- C:\Windows\System\WfplacY.exe
  C:\Windows\System\WfplacY.exe
  2⤵
  PID:8388
- C:\Windows\System\DSrdpTj.exe
  C:\Windows\System\DSrdpTj.exe
  2⤵
  PID:8420
- C:\Windows\System\jkEJguw.exe
  C:\Windows\System\jkEJguw.exe
  2⤵
  PID:8436
- C:\Windows\System\dRnqluJ.exe
  C:\Windows\System\dRnqluJ.exe
  2⤵
  PID:8452
- C:\Windows\System\FPDzcdh.exe
  C:\Windows\System\FPDzcdh.exe
  2⤵
  PID:8484
- C:\Windows\System\gyhoQEx.exe
  C:\Windows\System\gyhoQEx.exe
  2⤵
  PID:8500
- C:\Windows\System\xkvTZFA.exe
  C:\Windows\System\xkvTZFA.exe
  2⤵
  PID:8520
- C:\Windows\System\HWoowRu.exe
  C:\Windows\System\HWoowRu.exe
  2⤵
  PID:8540
- C:\Windows\System\xlNzDee.exe
  C:\Windows\System\xlNzDee.exe
  2⤵
  PID:8556
- C:\Windows\System\fxUebDb.exe
  C:\Windows\System\fxUebDb.exe
  2⤵
  PID:8572
- C:\Windows\System\DdBPHFW.exe
  C:\Windows\System\DdBPHFW.exe
  2⤵
  PID:8592
- C:\Windows\System\ijgcGtK.exe
  C:\Windows\System\ijgcGtK.exe
  2⤵
  PID:8616
- C:\Windows\System\vnfyoLW.exe
  C:\Windows\System\vnfyoLW.exe
  2⤵
  PID:8632
- C:\Windows\System\PIujVhM.exe
  C:\Windows\System\PIujVhM.exe
  2⤵
  PID:8656
- C:\Windows\System\dBtWZuR.exe
  C:\Windows\System\dBtWZuR.exe
  2⤵
  PID:8688
- C:\Windows\System\OtFBeJZ.exe
  C:\Windows\System\OtFBeJZ.exe
  2⤵
  PID:8712
- C:\Windows\System\qjoElFG.exe
  C:\Windows\System\qjoElFG.exe
  2⤵
  PID:8728
- C:\Windows\System\rZxgizG.exe
  C:\Windows\System\rZxgizG.exe
  2⤵
  PID:8748
- C:\Windows\System\IIqvEin.exe
  C:\Windows\System\IIqvEin.exe
  2⤵
  PID:8768
- C:\Windows\System\LuwvhVP.exe
  C:\Windows\System\LuwvhVP.exe
  2⤵
  PID:8788
- C:\Windows\System\Jntsynh.exe
  C:\Windows\System\Jntsynh.exe
  2⤵
  PID:8804
- C:\Windows\System\jzcHzzE.exe
  C:\Windows\System\jzcHzzE.exe
  2⤵
  PID:8820
- C:\Windows\System\SGsAPWk.exe
  C:\Windows\System\SGsAPWk.exe
  2⤵
  PID:8844
- C:\Windows\System\qWwAnqS.exe
  C:\Windows\System\qWwAnqS.exe
  2⤵
  PID:8864
- C:\Windows\System\GKdyFjQ.exe
  C:\Windows\System\GKdyFjQ.exe
  2⤵
  PID:8880
- C:\Windows\System\PraURwT.exe
  C:\Windows\System\PraURwT.exe
  2⤵
  PID:8896
- C:\Windows\System\ZGtijOd.exe
  C:\Windows\System\ZGtijOd.exe
  2⤵
  PID:8912
- C:\Windows\System\IDJfQkn.exe
  C:\Windows\System\IDJfQkn.exe
  2⤵
  PID:8928
- C:\Windows\System\RTfFlPm.exe
  C:\Windows\System\RTfFlPm.exe
  2⤵
  PID:8944
- C:\Windows\System\atMFWsW.exe
  C:\Windows\System\atMFWsW.exe
  2⤵
  PID:8972
- C:\Windows\System\lXwACaY.exe
  C:\Windows\System\lXwACaY.exe
  2⤵
  PID:8996
- C:\Windows\System\QUkoqQW.exe
  C:\Windows\System\QUkoqQW.exe
  2⤵
  PID:9012
- C:\Windows\System\nTotfyj.exe
  C:\Windows\System\nTotfyj.exe
  2⤵
  PID:9028
- C:\Windows\System\hSzRpbW.exe
  C:\Windows\System\hSzRpbW.exe
  2⤵
  PID:9048
- C:\Windows\System\VMGCOrm.exe
  C:\Windows\System\VMGCOrm.exe
  2⤵
  PID:9072
- C:\Windows\System\peyQMCm.exe
  C:\Windows\System\peyQMCm.exe
  2⤵
  PID:9088
- C:\Windows\System\wlaJpbO.exe
  C:\Windows\System\wlaJpbO.exe
  2⤵
  PID:9108
- C:\Windows\System\axlbUoF.exe
  C:\Windows\System\axlbUoF.exe
  2⤵
  PID:9152
- C:\Windows\System\xWuGIDR.exe
  C:\Windows\System\xWuGIDR.exe
  2⤵
  PID:9172
- C:\Windows\System\AYYdqkY.exe
  C:\Windows\System\AYYdqkY.exe
  2⤵
  PID:9188
- C:\Windows\System\wEEvgWm.exe
  C:\Windows\System\wEEvgWm.exe
  2⤵
  PID:9204
- C:\Windows\System\OXWPMqu.exe
  C:\Windows\System\OXWPMqu.exe
  2⤵
  PID:8212
- C:\Windows\System\kjMTwCX.exe
  C:\Windows\System\kjMTwCX.exe
  2⤵
  PID:8232
- C:\Windows\System\BQJxoBL.exe
  C:\Windows\System\BQJxoBL.exe
  2⤵
  PID:6372
- C:\Windows\System\ugRYYhH.exe
  C:\Windows\System\ugRYYhH.exe
  2⤵
  PID:8288
- C:\Windows\System\WxtIYtA.exe
  C:\Windows\System\WxtIYtA.exe
  2⤵
  PID:8324
- C:\Windows\System\ifeJHFa.exe
  C:\Windows\System\ifeJHFa.exe
  2⤵
  PID:8356
- C:\Windows\System\BrGJCEo.exe
  C:\Windows\System\BrGJCEo.exe
  2⤵
  PID:8396
- C:\Windows\System\UCzkwQt.exe
  C:\Windows\System\UCzkwQt.exe
  2⤵
  PID:8408
- C:\Windows\System\IsEHKSU.exe
  C:\Windows\System\IsEHKSU.exe
  2⤵
  PID:8448
- C:\Windows\System\powgDTr.exe
  C:\Windows\System\powgDTr.exe
  2⤵
  PID:8320
- C:\Windows\System\PLbPZNU.exe
  C:\Windows\System\PLbPZNU.exe
  2⤵
  PID:8516
- C:\Windows\System\JaIsdUS.exe
  C:\Windows\System\JaIsdUS.exe
  2⤵
  PID:8532
- C:\Windows\System\gxSMUSD.exe
  C:\Windows\System\gxSMUSD.exe
  2⤵
  PID:8584
- C:\Windows\System\ayTukOt.exe
  C:\Windows\System\ayTukOt.exe
  2⤵
  PID:8640
- C:\Windows\System\QawUult.exe
  C:\Windows\System\QawUult.exe
  2⤵
  PID:8652
- C:\Windows\System\dpbbkhC.exe
  C:\Windows\System\dpbbkhC.exe
  2⤵
  PID:8476
- C:\Windows\System\JJSLiLV.exe
  C:\Windows\System\JJSLiLV.exe
  2⤵
  PID:8736
- C:\Windows\System\wsjqqYO.exe
  C:\Windows\System\wsjqqYO.exe
  2⤵
  PID:8796
- C:\Windows\System\IEAhtUO.exe
  C:\Windows\System\IEAhtUO.exe
  2⤵
  PID:8828
- C:\Windows\System\VRKidTl.exe
  C:\Windows\System\VRKidTl.exe
  2⤵
  PID:8936
- C:\Windows\System\OMvMUCC.exe
  C:\Windows\System\OMvMUCC.exe
  2⤵
  PID:8744
- C:\Windows\System\iNSFCRu.exe
  C:\Windows\System\iNSFCRu.exe
  2⤵
  PID:9064
- C:\Windows\System\RguYLOG.exe
  C:\Windows\System\RguYLOG.exe
  2⤵
  PID:8816
- C:\Windows\System\doZDvZM.exe
  C:\Windows\System\doZDvZM.exe
  2⤵
  PID:8852
- C:\Windows\System\giwzzsu.exe
  C:\Windows\System\giwzzsu.exe
  2⤵
  PID:9080
- C:\Windows\System\yMjHfOK.exe
  C:\Windows\System\yMjHfOK.exe
  2⤵
  PID:9036
- C:\Windows\System\FODCyCB.exe
  C:\Windows\System\FODCyCB.exe
  2⤵
  PID:8952
- C:\Windows\System\KsYAoto.exe
  C:\Windows\System\KsYAoto.exe
  2⤵
  PID:8968
- C:\Windows\System\yckmtEt.exe
  C:\Windows\System\yckmtEt.exe
  2⤵
  PID:9144
- C:\Windows\System\JoiowDn.exe
  C:\Windows\System\JoiowDn.exe
  2⤵
  PID:9168
- C:\Windows\System\dLuZGkR.exe
  C:\Windows\System\dLuZGkR.exe
  2⤵
  PID:9212
- C:\Windows\System\KOzPtkx.exe
  C:\Windows\System\KOzPtkx.exe
  2⤵
  PID:8312
- C:\Windows\System\MEcakUd.exe
  C:\Windows\System\MEcakUd.exe
  2⤵
  PID:8248
- C:\Windows\System\ZysEcft.exe
  C:\Windows\System\ZysEcft.exe
  2⤵
  PID:8252
- C:\Windows\System\blbZSbp.exe
  C:\Windows\System\blbZSbp.exe
  2⤵
  PID:8536
- C:\Windows\System\WpgUPKI.exe
  C:\Windows\System\WpgUPKI.exe
  2⤵
  PID:8624
- C:\Windows\System\GMyJRhq.exe
  C:\Windows\System\GMyJRhq.exe
  2⤵
  PID:8360
- C:\Windows\System\geOppHO.exe
  C:\Windows\System\geOppHO.exe
  2⤵
  PID:8568
- C:\Windows\System\KtOHNFn.exe
  C:\Windows\System\KtOHNFn.exe
  2⤵
  PID:8812
- C:\Windows\System\nMoeeom.exe
  C:\Windows\System\nMoeeom.exe
  2⤵
  PID:8872
- C:\Windows\System\yPlLfcZ.exe
  C:\Windows\System\yPlLfcZ.exe
  2⤵
  PID:8980
- C:\Windows\System\OFNWPFW.exe
  C:\Windows\System\OFNWPFW.exe
  2⤵
  PID:9024
- C:\Windows\System\EcxHHoh.exe
  C:\Windows\System\EcxHHoh.exe
  2⤵
  PID:9104
- C:\Windows\System\wgZFMaO.exe
  C:\Windows\System\wgZFMaO.exe
  2⤵
  PID:9084
- C:\Windows\System\tQleOoQ.exe
  C:\Windows\System\tQleOoQ.exe
  2⤵
  PID:9128
- C:\Windows\System\IyeeXGS.exe
  C:\Windows\System\IyeeXGS.exe
  2⤵
  PID:9132
- C:\Windows\System\VmhkECY.exe
  C:\Windows\System\VmhkECY.exe
  2⤵
  PID:8244
- C:\Windows\System\dyTWlzi.exe
  C:\Windows\System\dyTWlzi.exe
  2⤵
  PID:8228
- C:\Windows\System\yfAZcMI.exe
  C:\Windows\System\yfAZcMI.exe
  2⤵
  PID:8368
- C:\Windows\System\AChRklu.exe
  C:\Windows\System\AChRklu.exe
  2⤵
  PID:8468
- C:\Windows\System\yqixlpY.exe
  C:\Windows\System\yqixlpY.exe
  2⤵
  PID:8384
- C:\Windows\System\cxhPNEm.exe
  C:\Windows\System\cxhPNEm.exe
  2⤵
  PID:8664
- C:\Windows\System\hbywqvS.exe
  C:\Windows\System\hbywqvS.exe
  2⤵
  PID:8508
- C:\Windows\System\jutppyA.exe
  C:\Windows\System\jutppyA.exe
  2⤵
  PID:8892
- C:\Windows\System\OkcuTvo.exe
  C:\Windows\System\OkcuTvo.exe
  2⤵
  PID:8920
- C:\Windows\System\JmWakmm.exe
  C:\Windows\System\JmWakmm.exe
  2⤵
  PID:8860
- C:\Windows\System\ZcVHGKH.exe
  C:\Windows\System\ZcVHGKH.exe
  2⤵
  PID:8208
- C:\Windows\System\ZlEwPcd.exe
  C:\Windows\System\ZlEwPcd.exe
  2⤵
  PID:8612
- C:\Windows\System\YBDuYMo.exe
  C:\Windows\System\YBDuYMo.exe
  2⤵
  PID:8412
- C:\Windows\System\qkqdqrh.exe
  C:\Windows\System\qkqdqrh.exe
  2⤵
  PID:8628
- C:\Windows\System\ztKDJPB.exe
  C:\Windows\System\ztKDJPB.exe
  2⤵
  PID:8784
- C:\Windows\System\BtYnMEn.exe
  C:\Windows\System\BtYnMEn.exe
  2⤵
  PID:9116
- C:\Windows\System\DRGqMEp.exe
  C:\Windows\System\DRGqMEp.exe
  2⤵
  PID:8308
- C:\Windows\System\TFHHtFR.exe
  C:\Windows\System\TFHHtFR.exe
  2⤵
  PID:8428
- C:\Windows\System\USFvPbA.exe
  C:\Windows\System\USFvPbA.exe
  2⤵
  PID:8496
- C:\Windows\System\eCwSoos.exe
  C:\Windows\System\eCwSoos.exe
  2⤵
  PID:9160
- C:\Windows\System\pmaZAAB.exe
  C:\Windows\System\pmaZAAB.exe
  2⤵
  PID:8316
- C:\Windows\System\uniEbeD.exe
  C:\Windows\System\uniEbeD.exe
  2⤵
  PID:9040
- C:\Windows\System\KVpLbNz.exe
  C:\Windows\System\KVpLbNz.exe
  2⤵
  PID:8836
- C:\Windows\System\kOBiyoc.exe
  C:\Windows\System\kOBiyoc.exe
  2⤵
  PID:8888
- C:\Windows\System\sigtBvZ.exe
  C:\Windows\System\sigtBvZ.exe
  2⤵
  PID:9224
- C:\Windows\System\wJssdan.exe
  C:\Windows\System\wJssdan.exe
  2⤵
  PID:9248
- C:\Windows\System\hvdnypF.exe
  C:\Windows\System\hvdnypF.exe
  2⤵
  PID:9264
- C:\Windows\System\YFMrcUw.exe
  C:\Windows\System\YFMrcUw.exe
  2⤵
  PID:9280
- C:\Windows\System\OlRgiWc.exe
  C:\Windows\System\OlRgiWc.exe
  2⤵
  PID:9300
- C:\Windows\System\HaOCIXX.exe
  C:\Windows\System\HaOCIXX.exe
  2⤵
  PID:9324
- C:\Windows\System\yrpGHKp.exe
  C:\Windows\System\yrpGHKp.exe
  2⤵
  PID:9344
- C:\Windows\System\sFgQdya.exe
  C:\Windows\System\sFgQdya.exe
  2⤵
  PID:9364
- C:\Windows\System\JDhoZfQ.exe
  C:\Windows\System\JDhoZfQ.exe
  2⤵
  PID:9380
- C:\Windows\System\hSofXON.exe
  C:\Windows\System\hSofXON.exe
  2⤵
  PID:9404
- C:\Windows\System\EAHTuzm.exe
  C:\Windows\System\EAHTuzm.exe
  2⤵
  PID:9424
- C:\Windows\System\mqGIxXe.exe
  C:\Windows\System\mqGIxXe.exe
  2⤵
  PID:9444
- C:\Windows\System\aGXWXGj.exe
  C:\Windows\System\aGXWXGj.exe
  2⤵
  PID:9468
- C:\Windows\System\Wztikez.exe
  C:\Windows\System\Wztikez.exe
  2⤵
  PID:9484
- C:\Windows\System\GeUEjuO.exe
  C:\Windows\System\GeUEjuO.exe
  2⤵
  PID:9508
- C:\Windows\System\GSwAXgk.exe
  C:\Windows\System\GSwAXgk.exe
  2⤵
  PID:9524
- C:\Windows\System\DKwFBzH.exe
  C:\Windows\System\DKwFBzH.exe
  2⤵
  PID:9540
- C:\Windows\System\qdkudwp.exe
  C:\Windows\System\qdkudwp.exe
  2⤵
  PID:9556
- C:\Windows\System\FgbPkpo.exe
  C:\Windows\System\FgbPkpo.exe
  2⤵
  PID:9580
- C:\Windows\System\XhBJSwu.exe
  C:\Windows\System\XhBJSwu.exe
  2⤵
  PID:9608
- C:\Windows\System\WfQJiTw.exe
  C:\Windows\System\WfQJiTw.exe
  2⤵
  PID:9628
- C:\Windows\System\cSDcDlq.exe
  C:\Windows\System\cSDcDlq.exe
  2⤵
  PID:9644
- C:\Windows\System\uqvcvzc.exe
  C:\Windows\System\uqvcvzc.exe
  2⤵
  PID:9668
- C:\Windows\System\WiwJdMR.exe
  C:\Windows\System\WiwJdMR.exe
  2⤵
  PID:9684
- C:\Windows\System\eUMbKRm.exe
  C:\Windows\System\eUMbKRm.exe
  2⤵
  PID:9704
- C:\Windows\System\qsiksJe.exe
  C:\Windows\System\qsiksJe.exe
  2⤵
  PID:9724
- C:\Windows\System\CZlpwFj.exe
  C:\Windows\System\CZlpwFj.exe
  2⤵
  PID:9744
- C:\Windows\System\CHetRAx.exe
  C:\Windows\System\CHetRAx.exe
  2⤵
  PID:9760
- C:\Windows\System\UmWNjib.exe
  C:\Windows\System\UmWNjib.exe
  2⤵
  PID:9792
- C:\Windows\System\cRaexph.exe
  C:\Windows\System\cRaexph.exe
  2⤵
  PID:9808
- C:\Windows\System\LRSkJzq.exe
  C:\Windows\System\LRSkJzq.exe
  2⤵
  PID:9824
- C:\Windows\System\BCSMcQO.exe
  C:\Windows\System\BCSMcQO.exe
  2⤵
  PID:9840
- C:\Windows\System\cCCLwDC.exe
  C:\Windows\System\cCCLwDC.exe
  2⤵
  PID:9860
- C:\Windows\System\ndPKvWw.exe
  C:\Windows\System\ndPKvWw.exe
  2⤵
  PID:9880
- C:\Windows\System\eXLhrZv.exe
  C:\Windows\System\eXLhrZv.exe
  2⤵
  PID:9904
- C:\Windows\System\DCEGeLg.exe
  C:\Windows\System\DCEGeLg.exe
  2⤵
  PID:9920
- C:\Windows\System\xbManHq.exe
  C:\Windows\System\xbManHq.exe
  2⤵
  PID:9940
- C:\Windows\System\TnWeoOn.exe
  C:\Windows\System\TnWeoOn.exe
  2⤵
  PID:9960
- C:\Windows\System\LsGHMrk.exe
  C:\Windows\System\LsGHMrk.exe
  2⤵
  PID:9980
- C:\Windows\System\yJWXWCH.exe
  C:\Windows\System\yJWXWCH.exe
  2⤵
  PID:10012
- C:\Windows\System\sPmZxZR.exe
  C:\Windows\System\sPmZxZR.exe
  2⤵
  PID:10036
- C:\Windows\System\uTgWetC.exe
  C:\Windows\System\uTgWetC.exe
  2⤵
  PID:10052
- C:\Windows\System\FpIFJwp.exe
  C:\Windows\System\FpIFJwp.exe
  2⤵
  PID:10072
- C:\Windows\System\CZVRzGV.exe
  C:\Windows\System\CZVRzGV.exe
  2⤵
  PID:10088
- C:\Windows\System\kzYdkqC.exe
  C:\Windows\System\kzYdkqC.exe
  2⤵
  PID:10104
- C:\Windows\System\jUtIndB.exe
  C:\Windows\System\jUtIndB.exe
  2⤵
  PID:10120
- C:\Windows\System\xYLUTcv.exe
  C:\Windows\System\xYLUTcv.exe
  2⤵
  PID:10140
- C:\Windows\System\lLQaarR.exe
  C:\Windows\System\lLQaarR.exe
  2⤵
  PID:10160
- C:\Windows\System\bJsCSLE.exe
  C:\Windows\System\bJsCSLE.exe
  2⤵
  PID:10176
- C:\Windows\System\WljPKZq.exe
  C:\Windows\System\WljPKZq.exe
  2⤵
  PID:10192
- C:\Windows\System\FfkZiZX.exe
  C:\Windows\System\FfkZiZX.exe
  2⤵
  PID:10228
- C:\Windows\System\Udevlvu.exe
  C:\Windows\System\Udevlvu.exe
  2⤵
  PID:8908
- C:\Windows\System\MWZfbXJ.exe
  C:\Windows\System\MWZfbXJ.exe
  2⤵
  PID:9244
- C:\Windows\System\cWnlbvW.exe
  C:\Windows\System\cWnlbvW.exe
  2⤵
  PID:9308
- C:\Windows\System\DOTZHEG.exe
  C:\Windows\System\DOTZHEG.exe
  2⤵
  PID:9332
- C:\Windows\System\jWNbOeR.exe
  C:\Windows\System\jWNbOeR.exe
  2⤵
  PID:9360
- C:\Windows\System\ZaoZNjD.exe
  C:\Windows\System\ZaoZNjD.exe
  2⤵
  PID:9400
- C:\Windows\System\oulVqXL.exe
  C:\Windows\System\oulVqXL.exe
  2⤵
  PID:9416
- C:\Windows\System\yqNOzEu.exe
  C:\Windows\System\yqNOzEu.exe
  2⤵
  PID:9456
- C:\Windows\System\OCoWWcn.exe
  C:\Windows\System\OCoWWcn.exe
  2⤵
  PID:9476
- C:\Windows\System\PhotPSv.exe
  C:\Windows\System\PhotPSv.exe
  2⤵
  PID:9504
- C:\Windows\System\skljMnq.exe
  C:\Windows\System\skljMnq.exe
  2⤵
  PID:9548
- C:\Windows\System\YaRWlsk.exe
  C:\Windows\System\YaRWlsk.exe
  2⤵
  PID:9592
- C:\Windows\System\vHdugKX.exe
  C:\Windows\System\vHdugKX.exe
  2⤵
  PID:9596
- C:\Windows\System\OkSLRof.exe
  C:\Windows\System\OkSLRof.exe
  2⤵
  PID:9636
- C:\Windows\System\DwJGOzU.exe
  C:\Windows\System\DwJGOzU.exe
  2⤵
  PID:9664
- C:\Windows\System\IAQTFIh.exe
  C:\Windows\System\IAQTFIh.exe
  2⤵
  PID:9680
- C:\Windows\System\jWWrSzW.exe
  C:\Windows\System\jWWrSzW.exe
  2⤵
  PID:9712
- C:\Windows\System\yGNhGrT.exe
  C:\Windows\System\yGNhGrT.exe
  2⤵
  PID:9740
- C:\Windows\System\LMvmZyU.exe
  C:\Windows\System\LMvmZyU.exe
  2⤵
  PID:9776
- C:\Windows\System\HZbyygd.exe
  C:\Windows\System\HZbyygd.exe
  2⤵
  PID:9820
- C:\Windows\System\qyDApTj.exe
  C:\Windows\System\qyDApTj.exe
  2⤵
  PID:9888
- C:\Windows\System\NXWShHK.exe
  C:\Windows\System\NXWShHK.exe
  2⤵
  PID:9928
- C:\Windows\System\wuhcedy.exe
  C:\Windows\System\wuhcedy.exe
  2⤵
  PID:9956
- C:\Windows\System\nNibQEu.exe
  C:\Windows\System\nNibQEu.exe
  2⤵
  PID:10020
- C:\Windows\System\rTwqnzE.exe
  C:\Windows\System\rTwqnzE.exe
  2⤵
  PID:10060
- C:\Windows\System\YGESsrM.exe
  C:\Windows\System\YGESsrM.exe
  2⤵
  PID:10132
- C:\Windows\System\PIGxWpM.exe
  C:\Windows\System\PIGxWpM.exe
  2⤵
  PID:10148
- C:\Windows\System\kbNxKBs.exe
  C:\Windows\System\kbNxKBs.exe
  2⤵
  PID:10044
- C:\Windows\System\zIcOsnq.exe
  C:\Windows\System\zIcOsnq.exe
  2⤵
  PID:10188
- C:\Windows\System\zpaUDTu.exe
  C:\Windows\System\zpaUDTu.exe
  2⤵
  PID:10212
- C:\Windows\System\NajuctM.exe
  C:\Windows\System\NajuctM.exe
  2⤵
  PID:9320
- C:\Windows\System\MNPOAWL.exe
  C:\Windows\System\MNPOAWL.exe
  2⤵
  PID:9376
- C:\Windows\System\DFepaZz.exe
  C:\Windows\System\DFepaZz.exe
  2⤵
  PID:9436
- C:\Windows\System\kFznMQn.exe
  C:\Windows\System\kFznMQn.exe
  2⤵
  PID:9292
- C:\Windows\System\fbjPNNH.exe
  C:\Windows\System\fbjPNNH.exe
  2⤵
  PID:9356
- C:\Windows\System\VcmUxHo.exe
  C:\Windows\System\VcmUxHo.exe
  2⤵
  PID:9516
- C:\Windows\System\PSbwseD.exe
  C:\Windows\System\PSbwseD.exe
  2⤵
  PID:9536
- C:\Windows\System\ViKSSph.exe
  C:\Windows\System\ViKSSph.exe
  2⤵
  PID:9784
- C:\Windows\System\cRUKbEY.exe
  C:\Windows\System\cRUKbEY.exe
  2⤵
  PID:9756
- C:\Windows\System\NxUMCrA.exe
  C:\Windows\System\NxUMCrA.exe
  2⤵
  PID:9768
- C:\Windows\System\apAMLPT.exe
  C:\Windows\System\apAMLPT.exe
  2⤵
  PID:9700
- C:\Windows\System\xkMIckh.exe
  C:\Windows\System\xkMIckh.exe
  2⤵
  PID:9900
- C:\Windows\System\cHWOhYT.exe
  C:\Windows\System\cHWOhYT.exe
  2⤵
  PID:9868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AyobdxM.exe

Filesize
6.0MB

MD5
cbe6e77ee9e34eb8708be85fec27a66b

SHA1
c3ff9ce2dc5cdb45184c6294c74c1453f24f483f

SHA256
9728883d10070b4c415c2b101ad432a877829e8e44d7cb19d0828fe841f0857a

SHA512
f61d622eb1c2f4e14b3be8f73c3caa033f616cb560d2b5ad4ecd6b770aa7c90df5e1e764b228eca56bf6e433b95b6a88288804ae1cc4278b78803b9a30046398

Download Submit
C:\Windows\system\DRRZVtI.exe

Filesize
6.0MB

MD5
7ff9e56e9a688d17713b358157c2aa96

SHA1
911d601db19d35c7b1216b81922405b13aabe9ac

SHA256
b56169844a2c2b9ac558386f31b2f6bc85e091f7571fc1971645a3d54b63bf0d

SHA512
e3172eea48e7d1da0fe32c48c278a16b42589a521e0b4ca1d2447917b4045b761a4b2e5e4ff8d519d942fe30d1cf8d5ceb1cdd642f9f4c3e919b0176e067662e

Download Submit
C:\Windows\system\FPxmgfc.exe

Filesize
6.0MB

MD5
acab1d64e13a8287c66ab9de1bfe614e

SHA1
ed29fe6aafadadec9714da28eab91254f4a51bce

SHA256
1fa1b0b1b248df1fe983f43d34f76dd35849e106f8c26735ba0e8a2a538fd138

SHA512
fc27649e08bddc2c39783dc5b6e6de803a93afafe73614c3bafea7112029195a172cdadcc4c8b34c6266d4e86996decdcbaf7ed46e4c66eb77fe8f610f933478

Download Submit
C:\Windows\system\FjajoDw.exe

Filesize
6.0MB

MD5
40ab5a42c2111d1c020705baf724c14b

SHA1
81a8b5a49b95ac3f65fc57abe1aaae697a16aae9

SHA256
8ac12282c72146f17c1984954d20f130539725a0a8fa3eeee764ce4de0cfdc5a

SHA512
4fc9e9b4de9a2e56b6d08f09221884e93bacc50809b5b0e95a711526e3cc87acaffa1f477e5d5b6d318452f7dcfe9d49dd0407d8feee87ca35c8efc6a46aba4c

Download Submit
C:\Windows\system\JKFgXcc.exe

Filesize
6.0MB

MD5
c53e87497509060c5ad42f29154877c4

SHA1
b65616423bce52faf0aa497e7b81b9f53bb334d0

SHA256
f69950d6397680f56fb0f3ab24bf79e43db11a0c9a788b04a33bd9096fa20436

SHA512
028cb4ee303cadca7e498c84f6e5a3ed875c070f10b0b9461bff586e7db09fe253d792aea90c755cc02f9be455b1252c43f561dcf092036de4f97029e5a61365

Download Submit
C:\Windows\system\MScItRC.exe

Filesize
6.0MB

MD5
64daee9204fe2bc346eb2b4a9e7eda87

SHA1
6e8ca15d6207b9a7e0c18ef9ead1901da98fb4cf

SHA256
eedc0ffa9dd6af7be52ab25445741da066cdf3a7d67ed642f22ec839da356424

SHA512
dde1ad2564543dae6195b2c8cf2e6d1258e152f905bf8c6ed8be8d0bf76ba51319ab62b51caaa7adc8184e5a6f497ab5e22629eec61d7f73817e646d3d852257

Download Submit
C:\Windows\system\NGTMiON.exe

Filesize
6.0MB

MD5
494b68f4eaa8782a14fde6e059974db3

SHA1
5ff0808924efa20337545ae58ca0186084923447

SHA256
3c9a10f5bbf54a27b6b8e3685a2200648d2b64c3f01d54622815024ffbb1ea36

SHA512
badbd4b3a2c4421117c7c4ca4680bee55ed32ef8e284f42c1dd68af1925870ffbf96ccb051ea56a4e5f4d8b88b3abe3405f311793ac7581ec1b13d28506ca330

Download Submit
C:\Windows\system\OhBWPFv.exe

Filesize
6.0MB

MD5
212fc4e7ba50ed1a87fa5d567403782f

SHA1
c85a15775c38cbb944ad91d511267898fc1418d4

SHA256
5f4c6b8305c4855097f74928c4902b428bed6215c565b47bf65a24f9ae580d1c

SHA512
497486702363ede6965413b8cecc89f05d0a8ec2b18092fc4e4376281ad07539b6a82d6d14f9fcdb1493c92ef5b0a1322d9bec90f0dd4f2450d97f92d803af34

Download Submit
C:\Windows\system\PbnqOey.exe

Filesize
6.0MB

MD5
cfeeb11b44f14a70da0733dcbcb32e6e

SHA1
f3cad80931cb24fccdc22169a69142b5f11195ca

SHA256
42385b6fb762f32fd559e05c1ba1b21a728c932a370f6ece9e5a3a155f22ccdd

SHA512
5d3740f92399da4a36088607f16896406bed807ce72213e19dc01008718cc56509b76a173b4e3b31f23272ea890d0bb5259c37bfdf6fcb8ffdc1305fa4f5c0a1

Download Submit
C:\Windows\system\TWYXIbF.exe

Filesize
6.0MB

MD5
9984814ddbe2120f786af5753b325f26

SHA1
4909103114b6be4a84e7081acfb3ff333326740d

SHA256
7f895960c188d54ad9cdb35114cd8009210414af8cd434071042bbb7a1e502fb

SHA512
1e362ca41059234b2436e643012f1f86d00e773f2a368764af9a1615628975f44ead0dca6ce3e01f24c457e9aafc7cdbbf93d254d94e5dc154255c10147363cc

Download Submit
C:\Windows\system\VJXibbe.exe

Filesize
6.0MB

MD5
b0f8124c6d92ec2626cc1c1f0f076e10

SHA1
81ce7076c1ba798b46b2e1c2064eea7822fc7f8e

SHA256
0b71375fc7658185d52e457f523e0ac305f4b79913eef28d7679a9ab45767763

SHA512
aae27a4eae535d2491c6e61ae7e74e98b8e351c77b60557d30575e44ed16dbe6b34c29ef439c4d68cf9dfc7a607c8af3aeb3d024eb92ca017f65bcdee971c056

Download Submit
C:\Windows\system\eIFUlva.exe

Filesize
6.0MB

MD5
e754cbf1708805573d66cc477a1abd21

SHA1
3f4f0cc2d14de47875f78491bceec84d792a6eec

SHA256
2e3a4a0fc4d4d26955eeadda8e0d6edbd8c9cdce9a69d28e8e1999eed16ebcc7

SHA512
36c2b26e6d44191088755824ad43ada7b9f3b77634c424e728b7a99bd188630c29956b83f021a77191ff57843ef58dd2152c573aa5c5b34107b5d7237f5c4bc2

Download Submit
C:\Windows\system\enKnHlP.exe

Filesize
6.0MB

MD5
c90be7a669c6aae564d9be3abe2c2b82

SHA1
14ffa931e68f24620a32215aeb0b6e2e453b2b58

SHA256
60855ea16d959f04714dd3d8352eb448f215f1f87e3bf28c7dd4f80bce66eaab

SHA512
6900a6b5cca0823e7fe0a437f3454a012cd015e73a2d3f4021890fe7cc7e17ec87368697d090fbf43a865eb03faf2a20f87baed647281b913d99b7d55f0cf730

Download Submit
C:\Windows\system\gONZWZn.exe

Filesize
6.0MB

MD5
acd2e268d6cc07f5261ee9347e963bd1

SHA1
bb3b5fcd6673a53d617d624757258c9a5da12ca9

SHA256
94f864be6f90d18f78ede2f311292672dc148285b2476047fccaa12ce31770b2

SHA512
b0861a0f5579a18d0826a90dff88df0ce61822eae07d74ef5f61382618551e8358cfc4a8e5a62dfef1d13cc626c317ebb6cc90b7087d89eb867aaba2dd4cb692

Download Submit
C:\Windows\system\jFQMvoh.exe

Filesize
6.0MB

MD5
d54ee2a7d0ad551066fa1a4ec28875aa

SHA1
4e25772873b4a628462573ff3ab7b6f5506d94d1

SHA256
459ff834c87e3126a33d566964829d7a110863f859b4d8cece81aca7340c0b4d

SHA512
7f57afda6742f4f5cb8c4cec850b71aa24cb6d53932115872037794b2c1cbdfefe1525bf9666b34a8c8d207ec1f07b7755a24c62e06faa7f3f1bd1e67fe7d7b0

Download Submit
C:\Windows\system\kGgUlcY.exe

Filesize
6.0MB

MD5
9d0a101a6b35b4f8db9c7fabc87b1cd7

SHA1
d3eb616253bb31b1270575b944b7ced93bba286d

SHA256
03fe55aec6f8297d5b8d977cbfbd59ac5461d22bef272f4763fe41fb882c888c

SHA512
91a01cd6f281852edcdecee1b4bb156995e176e9805e405615765c6edf0907861e660ae484fc9940297414a0f3f651463cc6b3d2c0a85537311e94b4207f8212

Download Submit
C:\Windows\system\nXuvUel.exe

Filesize
6.0MB

MD5
d7a5c1e1ddf77227987738d1a0d7020d

SHA1
79c598af3faf3fb983692c758068211c80828bf9

SHA256
aace8b69f3f04b964703c8480d462a736d9024e3cfff8e99f60aa4f0fbc87fcf

SHA512
01d28002297a425e38696595a8f937e59bd4c407b4196bbabb8f0accd9891afea6c841099fdbfb0179fc7cbb21e85790b1e45be873330aeb3c614fc2d21c24fc

Download Submit
C:\Windows\system\qIuLlss.exe

Filesize
6.0MB

MD5
7ca77874c2cd444ac3f45d699bd1d8fa

SHA1
7aa4c9d2174eefc2d8f14ce960896b8b89f3080e

SHA256
5c4cb6eda6b89dc6e9a82668db8b0c57fb88c3cf6ba408797ed3b6ddf993e83f

SHA512
70efcfe722960200a8d93565459890bdec2e9485d53f53c4b877c092890d5d01cb9630f0a57d9cb088934e1a5f00d148da0616434343bdd532634ca5d254329f

Download Submit
C:\Windows\system\qMYAmsB.exe

Filesize
6.0MB

MD5
6cb93d7215fa7faa369c02d8ecb4046b

SHA1
177e3d80fb6ef0029c5541aafe29650c62440c6c

SHA256
d38881907027f6207de8107cd4b32dc9758a1187b52e39a2c70d53e05661f962

SHA512
17dc9d87c5a7ece9c2223148b0ad1f76ce2c65fa0994b6fb34f1a76f80007684afe65dc3657555361209c478704ba2b6092d78f00e3f0601f4b38dccb88b42f4

Download Submit
C:\Windows\system\qNJEOtL.exe

Filesize
6.0MB

MD5
4ebe4249e5982329eee6bcc513afd570

SHA1
8c13527444b6a2a1575a6f5ed7ea76c7006bb6ba

SHA256
e260d8cefe651ff2024b92670b46620054ef05a0cd3854c388d79f9dde8eaff6

SHA512
7d3556d0a69ff04cfa3221d16007eddf5e78f77d34042d0f906ce6f62d2bb2196fbd875f1423e934010915cfd5d59f05cb51acfdbcd8cdb6c90c51f87867a20d

Download Submit
C:\Windows\system\qfEhyeW.exe

Filesize
6.0MB

MD5
ec5cac1df48923d802185d4e11bb7167

SHA1
98dcf265eccb190b92eb8feebf61199271199cea

SHA256
b274f9ee05081b04158a4b55d109b5816953deffc9ca4a510985cc4ec5756044

SHA512
ace8041b733b48b817e70fbd3a42c67bb6a4f3d7ecf9c9870a9eb1f68f4d6cd1beefdc1c73f17f745fa4f0cab8b81369c45c8d88ee8bcf18115ac51d59794a72

Download Submit
C:\Windows\system\rwSUzJg.exe

Filesize
6.0MB

MD5
3201b6fec6376c56c200612bd9995672

SHA1
a08dd7635c90589debec46f81ef5004b2a529cf6

SHA256
22c89a084c788ccee91b72b5b9e162ab02ee402346ebd97c6e909dc0aa414aad

SHA512
6c4317a738685085dfdeba28bcea0792c3eb747db09099e2e037a2c69365c291e9eb5cc1f7f321073b00489a90276cde452c87cbfe9af7335c36cec7cae8b9de

Download Submit
C:\Windows\system\tKQXcGf.exe

Filesize
6.0MB

MD5
36d81c296dff78a1a1423fa3b26bd282

SHA1
cc0c05502b454f2bbe25d4bbcbed683404096424

SHA256
9238aedc2f009104ff33bff018edc0d106b001f3343479e6ca289356932690bd

SHA512
ac32bbf3933eeb55e696d05ed62c82c8d47f48ebd46ee477f47500920094b3685fa3d94b5a4c851124747030d36f62163250b4af6a10f91ecab11a61a1d08ff5

Download Submit
C:\Windows\system\taxHqel.exe

Filesize
6.0MB

MD5
2c240b44f504b7a2fa41111503b772ad

SHA1
b7fd1e7c2107fef78d38a0425a26c5e784526f80

SHA256
ba7c2ff3997526ef4d9e0f79f4d9b81b18154a5c0ea5d8e0314d665792536f96

SHA512
7be5a1b1cda9f9fbd6fa2ed8fa4318bb2ca9c86692a27287341c16a0d9d77d1a2fc53db7fada4af174968698ada57b7cbb0fd72749ad31c7c044984858edb7d3

Download Submit
C:\Windows\system\tncEMyv.exe

Filesize
6.0MB

MD5
175d4d6344ba20134b8443de0a1295ef

SHA1
c9712162e16174142b5a83019f5d3cdcdd1661c7

SHA256
eddb23b453c234d5691cb2ecd2398027d9d321f75a272bd20b9a69cb084bdae8

SHA512
5d25083f6834ef30fbcd836ae56d23ae24d8344839634f3f51d772a95b195cd361d07b228fd2236bd22db5bf339f459ceceda6b4940a3e282eb94a0bfc587735

Download Submit
C:\Windows\system\uqAxKow.exe

Filesize
6.0MB

MD5
2075ed58b300980bb697240d14af6985

SHA1
73932aa313c4d702d914d5e2f3df273c5f1c0c33

SHA256
349bab8301f7ecd5604a991932f994b9d290fbf1766392838ee8180aeff75641

SHA512
475c36fea29a3c594e0cd969f605b2c8f768deb09b2134d07a00d6d4cceef3e211cd614742cb0070ee003c59df6d78223eeade1dfe28f8b25171741a9ea64430

Download Submit
C:\Windows\system\urGVEJH.exe

Filesize
6.0MB

MD5
dca4d2aeccebd2df85611f5d07b6c7d5

SHA1
0208d850aaf0ec22274c556b3ffcb669e6f4bc18

SHA256
5491642828f01be37301bb9e46a3903c351944b79eaf643828962c6d7ca78d9d

SHA512
0eae9e79895ca1b904ff5c892263f40612023ee342f5e072e093a9ca96be1fa5794bcc1ed96bc8d727befa9bbd5be5f97d3af3212ed82f94798680cbbccfd06e

Download Submit
C:\Windows\system\vlXBBCI.exe

Filesize
6.0MB

MD5
f5cd7bb30d1926a7f4aea63bc1c0a993

SHA1
541138d27dd66e2b9c59ec3ad4cac6cea4a89dd8

SHA256
d24b606e7914d0b7d8b660dd18f2f634bfdd2e99b1de13041c9b5fed0982a1c3

SHA512
1312973822a3cbee778304f383f8f4d420585440fbb4ecb462bbfd4a28216fd14a4cf1a8edecacff2c374e0d17fc4aa4a4aea54078dbffa90010c6658af0afff

Download Submit
C:\Windows\system\weeYhjb.exe

Filesize
6.0MB

MD5
c849f222b837132e5d7ecb36db5c081d

SHA1
1a1c3931bde0359fa824a0d073ef8b9b2c8cfb3f

SHA256
e99a11720113b96d1958bb2a0bb07584c15c96a00ceb236bd4145ba349faf4f6

SHA512
9754809e737172bb2ff0f49123422dad43b49a89846d43a0a9fbb12edece1e48d8875d4a24c601f65e3e32d9311999cbce254d1c0e013ec0f0c5378e99f05bae

Download Submit
\Windows\system\BHSticM.exe

Filesize
6.0MB

MD5
5c13beb5d8fbf0c0224d685f87f25ef5

SHA1
26e939be6e981a142ee79d14d80dc64dd167197d

SHA256
d86c7408d47e83e23009f7ecde88eacf0df27e51795a9eab08c30e45857ec79b

SHA512
97a5fb3e3cbd2ba9901f27c8c3a27c7a62bcfa3eb9d68c1b270c35301ae935b4ccf48b1de3d8e42e1f7774b282464cf3ef3da046f6440c00642c0697579de488

Download Submit
\Windows\system\PsjTcEU.exe

Filesize
6.0MB

MD5
eaf8237820605f929ea51b68f7896f56

SHA1
d04c08b60c61fad785a9fa73ecc5af23b614782f

SHA256
6bb48cba1ec4fdfb0dcc694ae8fe11f02e06924726f260a684758b143d64a789

SHA512
6f1533de8db46e8a9ae0d034d9ffd9bd83c0a189ed74c4b559d3c70be4553e225e4f4b5835a7f0135714a2f3a23a5c387b6ffa041fe9c5fc8a49d83abc90a86e

Download Submit
\Windows\system\WGJgfbS.exe

Filesize
6.0MB

MD5
758eb03a0cb10df74a0f23dd413c819a

SHA1
ffb963c74205cb365b8753c2304a122b6eb8d3b9

SHA256
248151033dd2c4ab5cf441874c59ca6ce9a13b14fc0a29e907effe2f6f31a054

SHA512
19de66fcf1cba5381df0efbf5a7ba5b1274126658a1a543bd747423171658af99dad3fcda689a8f7a232db41ef41093ae25712fbc8234fc12c03d96f5b00eed7

Download Submit
memory/484-55-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/548-4048-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/548-67-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1084-96-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1084-4042-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1084-53-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1864-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-78-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2036-43-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1381-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-703-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2036-50-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-462-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-251-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-51-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2036-84-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-82-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2036-31-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-66-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-101-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-93-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2036-7-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2036-75-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2148-85-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2148-819-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2196-14-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4011-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2196-77-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2244-54-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2404-581-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-79-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-21-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-34-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4017-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-9-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2688-32-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-99-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4091-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2996-896-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2996-87-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2996-4090-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download