cobaltstrike | 395ab258752633ae8d0ef212a63a8ffc1c546dd0fc1a08706b2e974ed7881e46

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

370ecaede22d778c7ae06ee48293f974
SHA1

8017624016ec2ec471fd66a98190fac2441be08d
SHA256

395ab258752633ae8d0ef212a63a8ffc1c546dd0fc1a08706b2e974ed7881e46
SHA512

d450a75a4382ddb72d5a76d268f13fd294507380186c5b03297cc569adab4a316381a3bcc6caa1add4b10a636e3689e59a9b796f7883d1b0ce8ff311af57d343
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000016d69-10.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-12.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-35.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-62.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2304-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/memory/2860-8-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0027000000016d69-10.dat	xmrig
behavioral1/memory/2972-16-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-12.dat	xmrig
behavioral1/memory/1380-23-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0014000000016fc9-24.dat	xmrig
behavioral1/memory/2752-29-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2756-37-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2304-36-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-35.dat	xmrig
behavioral1/files/0x00060000000186c3-38.dat	xmrig
behavioral1/memory/2860-43-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2772-45-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b05-47.dat	xmrig
behavioral1/files/0x0008000000018b28-58.dat	xmrig
behavioral1/memory/2560-60-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2780-53-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2972-52-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b50-62.dat	xmrig
behavioral1/files/0x00070000000193b8-76.dat	xmrig
behavioral1/files/0x00050000000195c7-87.dat	xmrig
behavioral1/memory/2948-92-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-104.dat	xmrig
behavioral1/memory/2916-109-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-131.dat	xmrig
behavioral1/files/0x0005000000019bf6-145.dat	xmrig
behavioral1/files/0x0005000000019d61-162.dat	xmrig
behavioral1/files/0x000500000001a03c-193.dat	xmrig
behavioral1/memory/752-207-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-203.dat	xmrig
behavioral1/memory/2924-486-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2780-1793-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2088-1812-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2860-1819-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/1380-1815-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1188-1794-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2560-1791-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2948-1820-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/752-1821-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2772-1772-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2924-1822-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2916-1823-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2752-1697-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2972-1609-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2916-616-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2948-223-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-198.dat	xmrig
behavioral1/files/0x0005000000019fdd-188.dat	xmrig
behavioral1/files/0x0005000000019fd4-183.dat	xmrig
behavioral1/files/0x0005000000019e92-179.dat	xmrig
behavioral1/files/0x0005000000019d6d-172.dat	xmrig
behavioral1/files/0x0005000000019d62-167.dat	xmrig
behavioral1/files/0x0005000000019c3c-157.dat	xmrig
behavioral1/files/0x0005000000019bf9-152.dat	xmrig
behavioral1/memory/2088-144-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-142.dat	xmrig
behavioral1/files/0x000500000001998d-136.dat	xmrig
behavioral1/files/0x00050000000197fd-126.dat	xmrig
behavioral1/files/0x0005000000019761-121.dat	xmrig
behavioral1/files/0x000500000001975a-116.dat	xmrig
behavioral1/memory/1188-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2924-101-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	NLjlLTY.exe
2972	FCTionw.exe
1380	yIWZtvw.exe
2752	mBCLhYn.exe
2756	UKqnaZp.exe
2772	bSSrYjf.exe
2780	yOQiIwq.exe
2560	BXXmXfH.exe
1188	DyCfuar.exe
2088	kQUedyH.exe
752	MesgloG.exe
2948	xJtTybD.exe
2924	VEahiah.exe
2916	uRLbEdG.exe
3064	fcQjZDK.exe
2940	Rfzppku.exe
2628	QRNyLGX.exe
1788	xVOwMUJ.exe
1812	kJaFGSX.exe
2132	wmmGKBg.exe
1980	CYvtcVc.exe
2356	zFAIwDs.exe
2440	EgczDpV.exe
2076	QmbSveW.exe
2336	ngRcxpJ.exe
2408	CvbdOAA.exe
560	goBwIcQ.exe
772	GMsOipp.exe
944	ytPcLVX.exe
976	zOewyPx.exe
2204	RmQKFwS.exe
1728	rJwXYTM.exe
2548	RFVVfHY.exe
1512	QqUACyQ.exe
764	AqdZDjn.exe
796	EZuciWT.exe
2644	OmXwaHB.exe
1832	KaWWaHQ.exe
1304	LEUPzWr.exe
2444	MkIxvZR.exe
1936	vhTygqV.exe
2036	VEoEKsT.exe
1760	jZGmQCe.exe
1992	mVpthxz.exe
2796	fZMRaSQ.exe
2592	oXJpUbl.exe
2376	mphUgYw.exe
1724	jKQfcaR.exe
2368	ewGHSxw.exe
2380	vgpaKJx.exe
2824	lKIiIVQ.exe
2276	GdZCoqz.exe
2096	mrFrwHw.exe
2912	YjrQFZb.exe
1184	POrUBUB.exe
2764	jCdBcqx.exe
1616	XQnZYEQ.exe
2816	iKLYqJz.exe
3048	ENwOWBD.exe
968	cvAqLah.exe
2952	DcPXTsH.exe
2488	TRXzJmK.exe
2676	mQYtYEO.exe
1028	TrSrvgg.exe

Loads dropped DLL 64 IoCs

pid	Process
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/memory/2860-8-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0027000000016d69-10.dat	upx
behavioral1/memory/2972-16-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0002000000018334-12.dat	upx
behavioral1/memory/1380-23-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0014000000016fc9-24.dat	upx
behavioral1/memory/2752-29-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2756-37-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2304-36-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-35.dat	upx
behavioral1/files/0x00060000000186c3-38.dat	upx
behavioral1/memory/2860-43-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2772-45-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0007000000018b05-47.dat	upx
behavioral1/files/0x0008000000018b28-58.dat	upx
behavioral1/memory/2560-60-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2780-53-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2972-52-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0008000000018b50-62.dat	upx
behavioral1/files/0x00070000000193b8-76.dat	upx
behavioral1/files/0x00050000000195c7-87.dat	upx
behavioral1/memory/2948-92-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000019643-104.dat	upx
behavioral1/memory/2916-109-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0005000000019820-131.dat	upx
behavioral1/files/0x0005000000019bf6-145.dat	upx
behavioral1/files/0x0005000000019d61-162.dat	upx
behavioral1/files/0x000500000001a03c-193.dat	upx
behavioral1/memory/752-207-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-203.dat	upx
behavioral1/memory/2924-486-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2780-1793-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2088-1812-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2860-1819-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/1380-1815-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1188-1794-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2560-1791-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2948-1820-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/752-1821-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2772-1772-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2924-1822-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2916-1823-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2752-1697-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2972-1609-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2916-616-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2948-223-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000500000001a049-198.dat	upx
behavioral1/files/0x0005000000019fdd-188.dat	upx
behavioral1/files/0x0005000000019fd4-183.dat	upx
behavioral1/files/0x0005000000019e92-179.dat	upx
behavioral1/files/0x0005000000019d6d-172.dat	upx
behavioral1/files/0x0005000000019d62-167.dat	upx
behavioral1/files/0x0005000000019c3c-157.dat	upx
behavioral1/files/0x0005000000019bf9-152.dat	upx
behavioral1/memory/2088-144-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf5-142.dat	upx
behavioral1/files/0x000500000001998d-136.dat	upx
behavioral1/files/0x00050000000197fd-126.dat	upx
behavioral1/files/0x0005000000019761-121.dat	upx
behavioral1/files/0x000500000001975a-116.dat	upx
behavioral1/memory/1188-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2924-101-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OAiGGkJ.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlvWizN.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiHAxgy.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgRREpr.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSIvjaH.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeMIiKP.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKwFDAO.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSuGPxg.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDpqKbg.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guclnuZ.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKduscl.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHrkkoD.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUXxWNl.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFFjpbt.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gvanaxs.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rqzsjsp.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoqdyDj.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWYtvWi.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSNNUis.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjeeopZ.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oidKJMT.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPFAHsZ.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKOGofi.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChgZsHo.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTfFqBx.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCXyLsA.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNxTzsj.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCMQvLY.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqVucTl.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXnHYhB.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilTRHmg.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUjPEVw.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHwwFwm.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLhdYdO.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trrYhyT.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGLenZs.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkHqPhF.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHktnnn.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAgvuNo.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuzGsOi.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfhCWhs.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvFiaZQ.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHvUWpa.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RndZBRB.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqlEWTT.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UebLHAF.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmcwqYF.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLMOYcN.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRpOTKn.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrrldRI.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGvYfJC.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XiVxyTu.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgQPQbs.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHuJAnH.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuZYxZf.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVMOtib.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpCOpmK.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSApiYL.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgFvqWs.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvAwqhK.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsXxckm.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdiFbtK.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPvFOVy.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPkVylV.exe	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2860	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2860	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2860	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2972	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2972	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2972	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 1380	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1380	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1380	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 2752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2756	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2756	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2756	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2772	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2772	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2772	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2780	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2780	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2780	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2560	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2560	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2560	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 1188	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 1188	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 1188	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2088	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2088	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2088	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 752	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2948	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2948	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2948	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2924	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 2924	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 2924	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 2916	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 2916	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 2916	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 3064	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 3064	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 3064	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 2940	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 2940	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 2940	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 2628	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2628	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2628	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 1788	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1788	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1788	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1812	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1812	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1812	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 2132	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2132	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2132	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 1980	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 1980	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 1980	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2356	2304	2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_370ecaede22d778c7ae06ee48293f974_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System\NLjlLTY.exe
  C:\Windows\System\NLjlLTY.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\FCTionw.exe
  C:\Windows\System\FCTionw.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\yIWZtvw.exe
  C:\Windows\System\yIWZtvw.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\mBCLhYn.exe
  C:\Windows\System\mBCLhYn.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\UKqnaZp.exe
  C:\Windows\System\UKqnaZp.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\bSSrYjf.exe
  C:\Windows\System\bSSrYjf.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\yOQiIwq.exe
  C:\Windows\System\yOQiIwq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\BXXmXfH.exe
  C:\Windows\System\BXXmXfH.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\DyCfuar.exe
  C:\Windows\System\DyCfuar.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\kQUedyH.exe
  C:\Windows\System\kQUedyH.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\MesgloG.exe
  C:\Windows\System\MesgloG.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\xJtTybD.exe
  C:\Windows\System\xJtTybD.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\VEahiah.exe
  C:\Windows\System\VEahiah.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\uRLbEdG.exe
  C:\Windows\System\uRLbEdG.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\fcQjZDK.exe
  C:\Windows\System\fcQjZDK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\Rfzppku.exe
  C:\Windows\System\Rfzppku.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QRNyLGX.exe
  C:\Windows\System\QRNyLGX.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\xVOwMUJ.exe
  C:\Windows\System\xVOwMUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\kJaFGSX.exe
  C:\Windows\System\kJaFGSX.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\wmmGKBg.exe
  C:\Windows\System\wmmGKBg.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\CYvtcVc.exe
  C:\Windows\System\CYvtcVc.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\zFAIwDs.exe
  C:\Windows\System\zFAIwDs.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\EgczDpV.exe
  C:\Windows\System\EgczDpV.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\QmbSveW.exe
  C:\Windows\System\QmbSveW.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ngRcxpJ.exe
  C:\Windows\System\ngRcxpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\CvbdOAA.exe
  C:\Windows\System\CvbdOAA.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\goBwIcQ.exe
  C:\Windows\System\goBwIcQ.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\GMsOipp.exe
  C:\Windows\System\GMsOipp.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ytPcLVX.exe
  C:\Windows\System\ytPcLVX.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\zOewyPx.exe
  C:\Windows\System\zOewyPx.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\RmQKFwS.exe
  C:\Windows\System\RmQKFwS.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\rJwXYTM.exe
  C:\Windows\System\rJwXYTM.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RFVVfHY.exe
  C:\Windows\System\RFVVfHY.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\QqUACyQ.exe
  C:\Windows\System\QqUACyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\AqdZDjn.exe
  C:\Windows\System\AqdZDjn.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\EZuciWT.exe
  C:\Windows\System\EZuciWT.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\OmXwaHB.exe
  C:\Windows\System\OmXwaHB.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\KaWWaHQ.exe
  C:\Windows\System\KaWWaHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\LEUPzWr.exe
  C:\Windows\System\LEUPzWr.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\MkIxvZR.exe
  C:\Windows\System\MkIxvZR.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\vhTygqV.exe
  C:\Windows\System\vhTygqV.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\VEoEKsT.exe
  C:\Windows\System\VEoEKsT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\jZGmQCe.exe
  C:\Windows\System\jZGmQCe.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\mVpthxz.exe
  C:\Windows\System\mVpthxz.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\fZMRaSQ.exe
  C:\Windows\System\fZMRaSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\oXJpUbl.exe
  C:\Windows\System\oXJpUbl.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\mphUgYw.exe
  C:\Windows\System\mphUgYw.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\jKQfcaR.exe
  C:\Windows\System\jKQfcaR.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ewGHSxw.exe
  C:\Windows\System\ewGHSxw.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\vgpaKJx.exe
  C:\Windows\System\vgpaKJx.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\lKIiIVQ.exe
  C:\Windows\System\lKIiIVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\GdZCoqz.exe
  C:\Windows\System\GdZCoqz.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\mrFrwHw.exe
  C:\Windows\System\mrFrwHw.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\YjrQFZb.exe
  C:\Windows\System\YjrQFZb.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\POrUBUB.exe
  C:\Windows\System\POrUBUB.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\jCdBcqx.exe
  C:\Windows\System\jCdBcqx.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XQnZYEQ.exe
  C:\Windows\System\XQnZYEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\iKLYqJz.exe
  C:\Windows\System\iKLYqJz.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ENwOWBD.exe
  C:\Windows\System\ENwOWBD.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\cvAqLah.exe
  C:\Windows\System\cvAqLah.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\DcPXTsH.exe
  C:\Windows\System\DcPXTsH.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\TRXzJmK.exe
  C:\Windows\System\TRXzJmK.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\mQYtYEO.exe
  C:\Windows\System\mQYtYEO.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\TrSrvgg.exe
  C:\Windows\System\TrSrvgg.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\uQZYlBs.exe
  C:\Windows\System\uQZYlBs.exe
  2⤵
  PID:1824
- C:\Windows\System\ismqaMa.exe
  C:\Windows\System\ismqaMa.exe
  2⤵
  PID:2596
- C:\Windows\System\tOUlSwR.exe
  C:\Windows\System\tOUlSwR.exe
  2⤵
  PID:2328
- C:\Windows\System\AyPOXak.exe
  C:\Windows\System\AyPOXak.exe
  2⤵
  PID:2668
- C:\Windows\System\CrDpPVS.exe
  C:\Windows\System\CrDpPVS.exe
  2⤵
  PID:2556
- C:\Windows\System\OIUMHxc.exe
  C:\Windows\System\OIUMHxc.exe
  2⤵
  PID:2612
- C:\Windows\System\HelmwGs.exe
  C:\Windows\System\HelmwGs.exe
  2⤵
  PID:1872
- C:\Windows\System\FQGbnjz.exe
  C:\Windows\System\FQGbnjz.exe
  2⤵
  PID:2672
- C:\Windows\System\VpHiudJ.exe
  C:\Windows\System\VpHiudJ.exe
  2⤵
  PID:1336
- C:\Windows\System\rbxkKli.exe
  C:\Windows\System\rbxkKli.exe
  2⤵
  PID:1516
- C:\Windows\System\gsgjEFH.exe
  C:\Windows\System\gsgjEFH.exe
  2⤵
  PID:1664
- C:\Windows\System\DlsbGEu.exe
  C:\Windows\System\DlsbGEu.exe
  2⤵
  PID:1656
- C:\Windows\System\AXzBJdm.exe
  C:\Windows\System\AXzBJdm.exe
  2⤵
  PID:1040
- C:\Windows\System\YwiJMcx.exe
  C:\Windows\System\YwiJMcx.exe
  2⤵
  PID:2648
- C:\Windows\System\PYuoJFA.exe
  C:\Windows\System\PYuoJFA.exe
  2⤵
  PID:1012
- C:\Windows\System\hqyjiis.exe
  C:\Windows\System\hqyjiis.exe
  2⤵
  PID:1864
- C:\Windows\System\OLWniWn.exe
  C:\Windows\System\OLWniWn.exe
  2⤵
  PID:2392
- C:\Windows\System\XNaPhzu.exe
  C:\Windows\System\XNaPhzu.exe
  2⤵
  PID:688
- C:\Windows\System\dPDhXsV.exe
  C:\Windows\System\dPDhXsV.exe
  2⤵
  PID:264
- C:\Windows\System\GijYzrg.exe
  C:\Windows\System\GijYzrg.exe
  2⤵
  PID:1716
- C:\Windows\System\nFbHDXL.exe
  C:\Windows\System\nFbHDXL.exe
  2⤵
  PID:2064
- C:\Windows\System\kMQSnzr.exe
  C:\Windows\System\kMQSnzr.exe
  2⤵
  PID:2976
- C:\Windows\System\snIeoWd.exe
  C:\Windows\System\snIeoWd.exe
  2⤵
  PID:3012
- C:\Windows\System\Rqzsjsp.exe
  C:\Windows\System\Rqzsjsp.exe
  2⤵
  PID:2712
- C:\Windows\System\oZldagt.exe
  C:\Windows\System\oZldagt.exe
  2⤵
  PID:2936
- C:\Windows\System\beSqTnY.exe
  C:\Windows\System\beSqTnY.exe
  2⤵
  PID:2352
- C:\Windows\System\OVLZfRO.exe
  C:\Windows\System\OVLZfRO.exe
  2⤵
  PID:1772
- C:\Windows\System\LXWswKa.exe
  C:\Windows\System\LXWswKa.exe
  2⤵
  PID:1952
- C:\Windows\System\taJtoSn.exe
  C:\Windows\System\taJtoSn.exe
  2⤵
  PID:2284
- C:\Windows\System\wopNfSF.exe
  C:\Windows\System\wopNfSF.exe
  2⤵
  PID:1084
- C:\Windows\System\bHkBuRV.exe
  C:\Windows\System\bHkBuRV.exe
  2⤵
  PID:1820
- C:\Windows\System\uNOmrLB.exe
  C:\Windows\System\uNOmrLB.exe
  2⤵
  PID:2332
- C:\Windows\System\IkykLII.exe
  C:\Windows\System\IkykLII.exe
  2⤵
  PID:2456
- C:\Windows\System\kXbmwva.exe
  C:\Windows\System\kXbmwva.exe
  2⤵
  PID:1596
- C:\Windows\System\xnOefMx.exe
  C:\Windows\System\xnOefMx.exe
  2⤵
  PID:2468
- C:\Windows\System\gExQczU.exe
  C:\Windows\System\gExQczU.exe
  2⤵
  PID:1428
- C:\Windows\System\RLNldFE.exe
  C:\Windows\System\RLNldFE.exe
  2⤵
  PID:1660
- C:\Windows\System\OKjObEx.exe
  C:\Windows\System\OKjObEx.exe
  2⤵
  PID:928
- C:\Windows\System\AEGBQdf.exe
  C:\Windows\System\AEGBQdf.exe
  2⤵
  PID:1848
- C:\Windows\System\fUCYUZV.exe
  C:\Windows\System\fUCYUZV.exe
  2⤵
  PID:2020
- C:\Windows\System\JrljkSN.exe
  C:\Windows\System\JrljkSN.exe
  2⤵
  PID:1276
- C:\Windows\System\qZPCJFx.exe
  C:\Windows\System\qZPCJFx.exe
  2⤵
  PID:2996
- C:\Windows\System\AvAwqhK.exe
  C:\Windows\System\AvAwqhK.exe
  2⤵
  PID:2428
- C:\Windows\System\kJsPCoM.exe
  C:\Windows\System\kJsPCoM.exe
  2⤵
  PID:2740
- C:\Windows\System\dWlFRpe.exe
  C:\Windows\System\dWlFRpe.exe
  2⤵
  PID:3044
- C:\Windows\System\OqVucTl.exe
  C:\Windows\System\OqVucTl.exe
  2⤵
  PID:1252
- C:\Windows\System\LSRqLNW.exe
  C:\Windows\System\LSRqLNW.exe
  2⤵
  PID:1692
- C:\Windows\System\jqsQglv.exe
  C:\Windows\System\jqsQglv.exe
  2⤵
  PID:2200
- C:\Windows\System\ydhkvDt.exe
  C:\Windows\System\ydhkvDt.exe
  2⤵
  PID:2716
- C:\Windows\System\AGZODZH.exe
  C:\Windows\System\AGZODZH.exe
  2⤵
  PID:2896
- C:\Windows\System\GAhTqbX.exe
  C:\Windows\System\GAhTqbX.exe
  2⤵
  PID:2884
- C:\Windows\System\ZXggADX.exe
  C:\Windows\System\ZXggADX.exe
  2⤵
  PID:836
- C:\Windows\System\BBzAtWB.exe
  C:\Windows\System\BBzAtWB.exe
  2⤵
  PID:2272
- C:\Windows\System\rhROzVR.exe
  C:\Windows\System\rhROzVR.exe
  2⤵
  PID:2240
- C:\Windows\System\DFIIMrS.exe
  C:\Windows\System\DFIIMrS.exe
  2⤵
  PID:2008
- C:\Windows\System\aAgxfZk.exe
  C:\Windows\System\aAgxfZk.exe
  2⤵
  PID:2732
- C:\Windows\System\MZIJOcN.exe
  C:\Windows\System\MZIJOcN.exe
  2⤵
  PID:3056
- C:\Windows\System\waoYZZy.exe
  C:\Windows\System\waoYZZy.exe
  2⤵
  PID:3084
- C:\Windows\System\zDLbzss.exe
  C:\Windows\System\zDLbzss.exe
  2⤵
  PID:3104
- C:\Windows\System\VabjBgH.exe
  C:\Windows\System\VabjBgH.exe
  2⤵
  PID:3124
- C:\Windows\System\RQRChBE.exe
  C:\Windows\System\RQRChBE.exe
  2⤵
  PID:3152
- C:\Windows\System\xSnqrFg.exe
  C:\Windows\System\xSnqrFg.exe
  2⤵
  PID:3176
- C:\Windows\System\BXKkXnY.exe
  C:\Windows\System\BXKkXnY.exe
  2⤵
  PID:3196
- C:\Windows\System\HAdFBOX.exe
  C:\Windows\System\HAdFBOX.exe
  2⤵
  PID:3212
- C:\Windows\System\bxQNpwv.exe
  C:\Windows\System\bxQNpwv.exe
  2⤵
  PID:3236
- C:\Windows\System\qLMOYcN.exe
  C:\Windows\System\qLMOYcN.exe
  2⤵
  PID:3252
- C:\Windows\System\qCZkaNb.exe
  C:\Windows\System\qCZkaNb.exe
  2⤵
  PID:3276
- C:\Windows\System\tORakWQ.exe
  C:\Windows\System\tORakWQ.exe
  2⤵
  PID:3296
- C:\Windows\System\KUWdApI.exe
  C:\Windows\System\KUWdApI.exe
  2⤵
  PID:3316
- C:\Windows\System\cJHprJl.exe
  C:\Windows\System\cJHprJl.exe
  2⤵
  PID:3336
- C:\Windows\System\gCLbWyJ.exe
  C:\Windows\System\gCLbWyJ.exe
  2⤵
  PID:3356
- C:\Windows\System\fHYbwTw.exe
  C:\Windows\System\fHYbwTw.exe
  2⤵
  PID:3376
- C:\Windows\System\SPBlkeW.exe
  C:\Windows\System\SPBlkeW.exe
  2⤵
  PID:3396
- C:\Windows\System\VYNxrDT.exe
  C:\Windows\System\VYNxrDT.exe
  2⤵
  PID:3416
- C:\Windows\System\nvTZEOW.exe
  C:\Windows\System\nvTZEOW.exe
  2⤵
  PID:3436
- C:\Windows\System\ZQxDMbI.exe
  C:\Windows\System\ZQxDMbI.exe
  2⤵
  PID:3456
- C:\Windows\System\dzzPfrM.exe
  C:\Windows\System\dzzPfrM.exe
  2⤵
  PID:3476
- C:\Windows\System\SqDdRJv.exe
  C:\Windows\System\SqDdRJv.exe
  2⤵
  PID:3496
- C:\Windows\System\jXcGHlG.exe
  C:\Windows\System\jXcGHlG.exe
  2⤵
  PID:3516
- C:\Windows\System\ePXQgDU.exe
  C:\Windows\System\ePXQgDU.exe
  2⤵
  PID:3536
- C:\Windows\System\dxMsGAr.exe
  C:\Windows\System\dxMsGAr.exe
  2⤵
  PID:3556
- C:\Windows\System\nnBIWOB.exe
  C:\Windows\System\nnBIWOB.exe
  2⤵
  PID:3576
- C:\Windows\System\UbnvVmN.exe
  C:\Windows\System\UbnvVmN.exe
  2⤵
  PID:3604
- C:\Windows\System\ADhSinn.exe
  C:\Windows\System\ADhSinn.exe
  2⤵
  PID:3624
- C:\Windows\System\HYvbKFL.exe
  C:\Windows\System\HYvbKFL.exe
  2⤵
  PID:3644
- C:\Windows\System\dgtMwts.exe
  C:\Windows\System\dgtMwts.exe
  2⤵
  PID:3664
- C:\Windows\System\ophUwNg.exe
  C:\Windows\System\ophUwNg.exe
  2⤵
  PID:3684
- C:\Windows\System\zICWiTu.exe
  C:\Windows\System\zICWiTu.exe
  2⤵
  PID:3704
- C:\Windows\System\YmfDtwc.exe
  C:\Windows\System\YmfDtwc.exe
  2⤵
  PID:3728
- C:\Windows\System\WCkeAth.exe
  C:\Windows\System\WCkeAth.exe
  2⤵
  PID:3748
- C:\Windows\System\KkHqPhF.exe
  C:\Windows\System\KkHqPhF.exe
  2⤵
  PID:3768
- C:\Windows\System\QiyDngx.exe
  C:\Windows\System\QiyDngx.exe
  2⤵
  PID:3784
- C:\Windows\System\OFGRink.exe
  C:\Windows\System\OFGRink.exe
  2⤵
  PID:3808
- C:\Windows\System\xRliSlV.exe
  C:\Windows\System\xRliSlV.exe
  2⤵
  PID:3824
- C:\Windows\System\doJwsPn.exe
  C:\Windows\System\doJwsPn.exe
  2⤵
  PID:3848
- C:\Windows\System\bHzQTef.exe
  C:\Windows\System\bHzQTef.exe
  2⤵
  PID:3868
- C:\Windows\System\rmQduaS.exe
  C:\Windows\System\rmQduaS.exe
  2⤵
  PID:3888
- C:\Windows\System\rFhWuWa.exe
  C:\Windows\System\rFhWuWa.exe
  2⤵
  PID:3908
- C:\Windows\System\JOLCQcv.exe
  C:\Windows\System\JOLCQcv.exe
  2⤵
  PID:3928
- C:\Windows\System\gyVMnmU.exe
  C:\Windows\System\gyVMnmU.exe
  2⤵
  PID:3948
- C:\Windows\System\uuGcsKF.exe
  C:\Windows\System\uuGcsKF.exe
  2⤵
  PID:3968
- C:\Windows\System\jZkvHPp.exe
  C:\Windows\System\jZkvHPp.exe
  2⤵
  PID:3988
- C:\Windows\System\ZzIQLCi.exe
  C:\Windows\System\ZzIQLCi.exe
  2⤵
  PID:4012
- C:\Windows\System\oOzpYYr.exe
  C:\Windows\System\oOzpYYr.exe
  2⤵
  PID:4036
- C:\Windows\System\yVMtrkM.exe
  C:\Windows\System\yVMtrkM.exe
  2⤵
  PID:4056
- C:\Windows\System\sqFeAtc.exe
  C:\Windows\System\sqFeAtc.exe
  2⤵
  PID:4076
- C:\Windows\System\MPsqbjk.exe
  C:\Windows\System\MPsqbjk.exe
  2⤵
  PID:996
- C:\Windows\System\yYdudQn.exe
  C:\Windows\System\yYdudQn.exe
  2⤵
  PID:520
- C:\Windows\System\YRZtIHs.exe
  C:\Windows\System\YRZtIHs.exe
  2⤵
  PID:3008
- C:\Windows\System\BgDkjMh.exe
  C:\Windows\System\BgDkjMh.exe
  2⤵
  PID:2588
- C:\Windows\System\dfvgVgr.exe
  C:\Windows\System\dfvgVgr.exe
  2⤵
  PID:2224
- C:\Windows\System\WvjsbkB.exe
  C:\Windows\System\WvjsbkB.exe
  2⤵
  PID:1364
- C:\Windows\System\vhlKOEg.exe
  C:\Windows\System\vhlKOEg.exe
  2⤵
  PID:3096
- C:\Windows\System\DbXgIvv.exe
  C:\Windows\System\DbXgIvv.exe
  2⤵
  PID:3100
- C:\Windows\System\ATUWzBv.exe
  C:\Windows\System\ATUWzBv.exe
  2⤵
  PID:3120
- C:\Windows\System\ZNpbeyi.exe
  C:\Windows\System\ZNpbeyi.exe
  2⤵
  PID:3184
- C:\Windows\System\ixTkSqQ.exe
  C:\Windows\System\ixTkSqQ.exe
  2⤵
  PID:3228
- C:\Windows\System\OGlQLpC.exe
  C:\Windows\System\OGlQLpC.exe
  2⤵
  PID:3268
- C:\Windows\System\LTxqFbL.exe
  C:\Windows\System\LTxqFbL.exe
  2⤵
  PID:3312
- C:\Windows\System\ANPXnvh.exe
  C:\Windows\System\ANPXnvh.exe
  2⤵
  PID:3292
- C:\Windows\System\oWilDBN.exe
  C:\Windows\System\oWilDBN.exe
  2⤵
  PID:3384
- C:\Windows\System\wXnHYhB.exe
  C:\Windows\System\wXnHYhB.exe
  2⤵
  PID:3388
- C:\Windows\System\cvpGZqq.exe
  C:\Windows\System\cvpGZqq.exe
  2⤵
  PID:3432
- C:\Windows\System\WMXsiro.exe
  C:\Windows\System\WMXsiro.exe
  2⤵
  PID:3472
- C:\Windows\System\lNJvTyp.exe
  C:\Windows\System\lNJvTyp.exe
  2⤵
  PID:3512
- C:\Windows\System\KjHSbCl.exe
  C:\Windows\System\KjHSbCl.exe
  2⤵
  PID:3488
- C:\Windows\System\pSyUFUW.exe
  C:\Windows\System\pSyUFUW.exe
  2⤵
  PID:3548
- C:\Windows\System\VzQSiTk.exe
  C:\Windows\System\VzQSiTk.exe
  2⤵
  PID:3572
- C:\Windows\System\PBdGbtl.exe
  C:\Windows\System\PBdGbtl.exe
  2⤵
  PID:3612
- C:\Windows\System\kwJvCXm.exe
  C:\Windows\System\kwJvCXm.exe
  2⤵
  PID:3660
- C:\Windows\System\FHFZXmy.exe
  C:\Windows\System\FHFZXmy.exe
  2⤵
  PID:3712
- C:\Windows\System\bvwCuPo.exe
  C:\Windows\System\bvwCuPo.exe
  2⤵
  PID:3716
- C:\Windows\System\ZXVbtgv.exe
  C:\Windows\System\ZXVbtgv.exe
  2⤵
  PID:3764
- C:\Windows\System\rKfGWSF.exe
  C:\Windows\System\rKfGWSF.exe
  2⤵
  PID:3800
- C:\Windows\System\NdigjnB.exe
  C:\Windows\System\NdigjnB.exe
  2⤵
  PID:3832
- C:\Windows\System\jEZlFKS.exe
  C:\Windows\System\jEZlFKS.exe
  2⤵
  PID:3816
- C:\Windows\System\YpRNslW.exe
  C:\Windows\System\YpRNslW.exe
  2⤵
  PID:3884
- C:\Windows\System\RfhMYtB.exe
  C:\Windows\System\RfhMYtB.exe
  2⤵
  PID:3896
- C:\Windows\System\ngVqzWS.exe
  C:\Windows\System\ngVqzWS.exe
  2⤵
  PID:3964
- C:\Windows\System\zgaYxgd.exe
  C:\Windows\System\zgaYxgd.exe
  2⤵
  PID:4004
- C:\Windows\System\ktCHyRS.exe
  C:\Windows\System\ktCHyRS.exe
  2⤵
  PID:4044
- C:\Windows\System\FghRhLU.exe
  C:\Windows\System\FghRhLU.exe
  2⤵
  PID:4048
- C:\Windows\System\bqExsSa.exe
  C:\Windows\System\bqExsSa.exe
  2⤵
  PID:1128
- C:\Windows\System\ShcPtUl.exe
  C:\Windows\System\ShcPtUl.exe
  2⤵
  PID:2652
- C:\Windows\System\ITHuEvW.exe
  C:\Windows\System\ITHuEvW.exe
  2⤵
  PID:2748
- C:\Windows\System\FqbzfJd.exe
  C:\Windows\System\FqbzfJd.exe
  2⤵
  PID:2116
- C:\Windows\System\qVngeYV.exe
  C:\Windows\System\qVngeYV.exe
  2⤵
  PID:3080
- C:\Windows\System\hjcOodK.exe
  C:\Windows\System\hjcOodK.exe
  2⤵
  PID:3076
- C:\Windows\System\VBxWRio.exe
  C:\Windows\System\VBxWRio.exe
  2⤵
  PID:3164
- C:\Windows\System\ensvHVN.exe
  C:\Windows\System\ensvHVN.exe
  2⤵
  PID:3264
- C:\Windows\System\QHMAauH.exe
  C:\Windows\System\QHMAauH.exe
  2⤵
  PID:3288
- C:\Windows\System\gLMieJX.exe
  C:\Windows\System\gLMieJX.exe
  2⤵
  PID:3372
- C:\Windows\System\pWRtDuC.exe
  C:\Windows\System\pWRtDuC.exe
  2⤵
  PID:3368
- C:\Windows\System\LMtExLr.exe
  C:\Windows\System\LMtExLr.exe
  2⤵
  PID:3428
- C:\Windows\System\gUXxWNl.exe
  C:\Windows\System\gUXxWNl.exe
  2⤵
  PID:3552
- C:\Windows\System\dwnOBsQ.exe
  C:\Windows\System\dwnOBsQ.exe
  2⤵
  PID:3592
- C:\Windows\System\ihCrUQu.exe
  C:\Windows\System\ihCrUQu.exe
  2⤵
  PID:3640
- C:\Windows\System\LqiRrrA.exe
  C:\Windows\System\LqiRrrA.exe
  2⤵
  PID:3616
- C:\Windows\System\DVQQlWt.exe
  C:\Windows\System\DVQQlWt.exe
  2⤵
  PID:3744
- C:\Windows\System\aLQUXEu.exe
  C:\Windows\System\aLQUXEu.exe
  2⤵
  PID:3776
- C:\Windows\System\NoTuTZc.exe
  C:\Windows\System\NoTuTZc.exe
  2⤵
  PID:3844
- C:\Windows\System\IwlpsyQ.exe
  C:\Windows\System\IwlpsyQ.exe
  2⤵
  PID:3864
- C:\Windows\System\ICvBNZL.exe
  C:\Windows\System\ICvBNZL.exe
  2⤵
  PID:3956
- C:\Windows\System\IsfgNOf.exe
  C:\Windows\System\IsfgNOf.exe
  2⤵
  PID:3960
- C:\Windows\System\WmuOrji.exe
  C:\Windows\System\WmuOrji.exe
  2⤵
  PID:4052
- C:\Windows\System\IITRBjd.exe
  C:\Windows\System\IITRBjd.exe
  2⤵
  PID:2820
- C:\Windows\System\KaQwZAM.exe
  C:\Windows\System\KaQwZAM.exe
  2⤵
  PID:1008
- C:\Windows\System\cWYsBzZ.exe
  C:\Windows\System\cWYsBzZ.exe
  2⤵
  PID:3192
- C:\Windows\System\UaYbkgB.exe
  C:\Windows\System\UaYbkgB.exe
  2⤵
  PID:3208
- C:\Windows\System\BCVQPUN.exe
  C:\Windows\System\BCVQPUN.exe
  2⤵
  PID:3248
- C:\Windows\System\tFwxFtO.exe
  C:\Windows\System\tFwxFtO.exe
  2⤵
  PID:3352
- C:\Windows\System\snDKvxy.exe
  C:\Windows\System\snDKvxy.exe
  2⤵
  PID:3444
- C:\Windows\System\CeMSjBL.exe
  C:\Windows\System\CeMSjBL.exe
  2⤵
  PID:3004
- C:\Windows\System\TedCYvA.exe
  C:\Windows\System\TedCYvA.exe
  2⤵
  PID:3544
- C:\Windows\System\HAVnYEb.exe
  C:\Windows\System\HAVnYEb.exe
  2⤵
  PID:3676
- C:\Windows\System\DmWvfHV.exe
  C:\Windows\System\DmWvfHV.exe
  2⤵
  PID:2988
- C:\Windows\System\AFTkIum.exe
  C:\Windows\System\AFTkIum.exe
  2⤵
  PID:3836
- C:\Windows\System\QxxxFOX.exe
  C:\Windows\System\QxxxFOX.exe
  2⤵
  PID:3724
- C:\Windows\System\BvHZdyE.exe
  C:\Windows\System\BvHZdyE.exe
  2⤵
  PID:4032
- C:\Windows\System\ZLvjerr.exe
  C:\Windows\System\ZLvjerr.exe
  2⤵
  PID:600
- C:\Windows\System\dTHyjRE.exe
  C:\Windows\System\dTHyjRE.exe
  2⤵
  PID:3140
- C:\Windows\System\kLOXtgC.exe
  C:\Windows\System\kLOXtgC.exe
  2⤵
  PID:3424
- C:\Windows\System\gloIMMf.exe
  C:\Windows\System\gloIMMf.exe
  2⤵
  PID:3532
- C:\Windows\System\wzMMTZv.exe
  C:\Windows\System\wzMMTZv.exe
  2⤵
  PID:3172
- C:\Windows\System\dDVZpsJ.exe
  C:\Windows\System\dDVZpsJ.exe
  2⤵
  PID:4104
- C:\Windows\System\SmGcrJC.exe
  C:\Windows\System\SmGcrJC.exe
  2⤵
  PID:4120
- C:\Windows\System\vUutygw.exe
  C:\Windows\System\vUutygw.exe
  2⤵
  PID:4144
- C:\Windows\System\fusNNcl.exe
  C:\Windows\System\fusNNcl.exe
  2⤵
  PID:4164
- C:\Windows\System\gEVexiI.exe
  C:\Windows\System\gEVexiI.exe
  2⤵
  PID:4184
- C:\Windows\System\AERSGoh.exe
  C:\Windows\System\AERSGoh.exe
  2⤵
  PID:4204
- C:\Windows\System\FhXAhqT.exe
  C:\Windows\System\FhXAhqT.exe
  2⤵
  PID:4224
- C:\Windows\System\ynipsfe.exe
  C:\Windows\System\ynipsfe.exe
  2⤵
  PID:4244
- C:\Windows\System\YAyPvHq.exe
  C:\Windows\System\YAyPvHq.exe
  2⤵
  PID:4264
- C:\Windows\System\bKVMUjb.exe
  C:\Windows\System\bKVMUjb.exe
  2⤵
  PID:4284
- C:\Windows\System\yiRlIqy.exe
  C:\Windows\System\yiRlIqy.exe
  2⤵
  PID:4304
- C:\Windows\System\RecLbCC.exe
  C:\Windows\System\RecLbCC.exe
  2⤵
  PID:4324
- C:\Windows\System\hQbEzbb.exe
  C:\Windows\System\hQbEzbb.exe
  2⤵
  PID:4344
- C:\Windows\System\yzoEXRI.exe
  C:\Windows\System\yzoEXRI.exe
  2⤵
  PID:4364
- C:\Windows\System\HgCmBih.exe
  C:\Windows\System\HgCmBih.exe
  2⤵
  PID:4388
- C:\Windows\System\KPxaWBd.exe
  C:\Windows\System\KPxaWBd.exe
  2⤵
  PID:4408
- C:\Windows\System\iOJyKZO.exe
  C:\Windows\System\iOJyKZO.exe
  2⤵
  PID:4428
- C:\Windows\System\WXDudXc.exe
  C:\Windows\System\WXDudXc.exe
  2⤵
  PID:4444
- C:\Windows\System\GmCxnqb.exe
  C:\Windows\System\GmCxnqb.exe
  2⤵
  PID:4468
- C:\Windows\System\VLhCbzR.exe
  C:\Windows\System\VLhCbzR.exe
  2⤵
  PID:4488
- C:\Windows\System\lsRGxae.exe
  C:\Windows\System\lsRGxae.exe
  2⤵
  PID:4508
- C:\Windows\System\wNcFXWc.exe
  C:\Windows\System\wNcFXWc.exe
  2⤵
  PID:4528
- C:\Windows\System\jAtMOhi.exe
  C:\Windows\System\jAtMOhi.exe
  2⤵
  PID:4548
- C:\Windows\System\MVcBbFP.exe
  C:\Windows\System\MVcBbFP.exe
  2⤵
  PID:4568
- C:\Windows\System\rlepZwc.exe
  C:\Windows\System\rlepZwc.exe
  2⤵
  PID:4592
- C:\Windows\System\lzEdIva.exe
  C:\Windows\System\lzEdIva.exe
  2⤵
  PID:4612
- C:\Windows\System\ypVgoNC.exe
  C:\Windows\System\ypVgoNC.exe
  2⤵
  PID:4632
- C:\Windows\System\vHZeDEf.exe
  C:\Windows\System\vHZeDEf.exe
  2⤵
  PID:4652
- C:\Windows\System\hTLEcWq.exe
  C:\Windows\System\hTLEcWq.exe
  2⤵
  PID:4672
- C:\Windows\System\eWzKBWp.exe
  C:\Windows\System\eWzKBWp.exe
  2⤵
  PID:4692
- C:\Windows\System\lpzcWpM.exe
  C:\Windows\System\lpzcWpM.exe
  2⤵
  PID:4712
- C:\Windows\System\nYZsizt.exe
  C:\Windows\System\nYZsizt.exe
  2⤵
  PID:4728
- C:\Windows\System\enRQGeT.exe
  C:\Windows\System\enRQGeT.exe
  2⤵
  PID:4752
- C:\Windows\System\TYVNOcv.exe
  C:\Windows\System\TYVNOcv.exe
  2⤵
  PID:4776
- C:\Windows\System\EeaqmVH.exe
  C:\Windows\System\EeaqmVH.exe
  2⤵
  PID:4796
- C:\Windows\System\SuoSJmG.exe
  C:\Windows\System\SuoSJmG.exe
  2⤵
  PID:4816
- C:\Windows\System\nKyUuZC.exe
  C:\Windows\System\nKyUuZC.exe
  2⤵
  PID:4836
- C:\Windows\System\xCAfTmK.exe
  C:\Windows\System\xCAfTmK.exe
  2⤵
  PID:4856
- C:\Windows\System\diLokMt.exe
  C:\Windows\System\diLokMt.exe
  2⤵
  PID:4876
- C:\Windows\System\YQsCqDL.exe
  C:\Windows\System\YQsCqDL.exe
  2⤵
  PID:4896
- C:\Windows\System\AtvcuGl.exe
  C:\Windows\System\AtvcuGl.exe
  2⤵
  PID:4916
- C:\Windows\System\mdJTCZW.exe
  C:\Windows\System\mdJTCZW.exe
  2⤵
  PID:4936
- C:\Windows\System\UMOuJNg.exe
  C:\Windows\System\UMOuJNg.exe
  2⤵
  PID:4956
- C:\Windows\System\YqyOBUp.exe
  C:\Windows\System\YqyOBUp.exe
  2⤵
  PID:4976
- C:\Windows\System\bvaGTUd.exe
  C:\Windows\System\bvaGTUd.exe
  2⤵
  PID:4996
- C:\Windows\System\ZrGYNsf.exe
  C:\Windows\System\ZrGYNsf.exe
  2⤵
  PID:5020
- C:\Windows\System\DJpQogR.exe
  C:\Windows\System\DJpQogR.exe
  2⤵
  PID:5040
- C:\Windows\System\pjkiKCN.exe
  C:\Windows\System\pjkiKCN.exe
  2⤵
  PID:5060
- C:\Windows\System\mzZWndC.exe
  C:\Windows\System\mzZWndC.exe
  2⤵
  PID:5080
- C:\Windows\System\oremTkK.exe
  C:\Windows\System\oremTkK.exe
  2⤵
  PID:5100
- C:\Windows\System\RczTmzO.exe
  C:\Windows\System\RczTmzO.exe
  2⤵
  PID:2812
- C:\Windows\System\CKTKCwM.exe
  C:\Windows\System\CKTKCwM.exe
  2⤵
  PID:3876
- C:\Windows\System\bAWnmKU.exe
  C:\Windows\System\bAWnmKU.exe
  2⤵
  PID:4068
- C:\Windows\System\yTBtHAF.exe
  C:\Windows\System\yTBtHAF.exe
  2⤵
  PID:3220
- C:\Windows\System\VkdPqCC.exe
  C:\Windows\System\VkdPqCC.exe
  2⤵
  PID:2012
- C:\Windows\System\ujfkrdF.exe
  C:\Windows\System\ujfkrdF.exe
  2⤵
  PID:3328
- C:\Windows\System\hYJHHpQ.exe
  C:\Windows\System\hYJHHpQ.exe
  2⤵
  PID:2836
- C:\Windows\System\QYBEmsE.exe
  C:\Windows\System\QYBEmsE.exe
  2⤵
  PID:4100
- C:\Windows\System\ERFWbLm.exe
  C:\Windows\System\ERFWbLm.exe
  2⤵
  PID:4136
- C:\Windows\System\xtCPRRo.exe
  C:\Windows\System\xtCPRRo.exe
  2⤵
  PID:4180
- C:\Windows\System\yKrfkrU.exe
  C:\Windows\System\yKrfkrU.exe
  2⤵
  PID:4212
- C:\Windows\System\XzEDOoR.exe
  C:\Windows\System\XzEDOoR.exe
  2⤵
  PID:4216
- C:\Windows\System\YfUyZny.exe
  C:\Windows\System\YfUyZny.exe
  2⤵
  PID:4256
- C:\Windows\System\CvlwHmO.exe
  C:\Windows\System\CvlwHmO.exe
  2⤵
  PID:4280
- C:\Windows\System\yLeDSQs.exe
  C:\Windows\System\yLeDSQs.exe
  2⤵
  PID:4320
- C:\Windows\System\uzIYrws.exe
  C:\Windows\System\uzIYrws.exe
  2⤵
  PID:4352
- C:\Windows\System\JajagRE.exe
  C:\Windows\System\JajagRE.exe
  2⤵
  PID:4416
- C:\Windows\System\EwrrCjg.exe
  C:\Windows\System\EwrrCjg.exe
  2⤵
  PID:4456
- C:\Windows\System\dQgIfXM.exe
  C:\Windows\System\dQgIfXM.exe
  2⤵
  PID:4504
- C:\Windows\System\OIgLScJ.exe
  C:\Windows\System\OIgLScJ.exe
  2⤵
  PID:4516
- C:\Windows\System\VvYFPPH.exe
  C:\Windows\System\VvYFPPH.exe
  2⤵
  PID:4520
- C:\Windows\System\MBQDubl.exe
  C:\Windows\System\MBQDubl.exe
  2⤵
  PID:4556
- C:\Windows\System\KfJZdPf.exe
  C:\Windows\System\KfJZdPf.exe
  2⤵
  PID:3036
- C:\Windows\System\NSJrGxq.exe
  C:\Windows\System\NSJrGxq.exe
  2⤵
  PID:4604
- C:\Windows\System\hfwApBE.exe
  C:\Windows\System\hfwApBE.exe
  2⤵
  PID:4648
- C:\Windows\System\PuhEqbI.exe
  C:\Windows\System\PuhEqbI.exe
  2⤵
  PID:4664
- C:\Windows\System\AXwQkNk.exe
  C:\Windows\System\AXwQkNk.exe
  2⤵
  PID:4708
- C:\Windows\System\JsOjqpy.exe
  C:\Windows\System\JsOjqpy.exe
  2⤵
  PID:4720
- C:\Windows\System\kyzJGrQ.exe
  C:\Windows\System\kyzJGrQ.exe
  2⤵
  PID:4792
- C:\Windows\System\qbkRnPh.exe
  C:\Windows\System\qbkRnPh.exe
  2⤵
  PID:4812
- C:\Windows\System\PHXUGjY.exe
  C:\Windows\System\PHXUGjY.exe
  2⤵
  PID:4844
- C:\Windows\System\WBhTLQg.exe
  C:\Windows\System\WBhTLQg.exe
  2⤵
  PID:4868
- C:\Windows\System\XiKCDNy.exe
  C:\Windows\System\XiKCDNy.exe
  2⤵
  PID:4892
- C:\Windows\System\rZNIfjl.exe
  C:\Windows\System\rZNIfjl.exe
  2⤵
  PID:4924
- C:\Windows\System\MlmAMfz.exe
  C:\Windows\System\MlmAMfz.exe
  2⤵
  PID:4968
- C:\Windows\System\GSoOfQT.exe
  C:\Windows\System\GSoOfQT.exe
  2⤵
  PID:5004
- C:\Windows\System\bmgEbCR.exe
  C:\Windows\System\bmgEbCR.exe
  2⤵
  PID:2316
- C:\Windows\System\UPTVhxL.exe
  C:\Windows\System\UPTVhxL.exe
  2⤵
  PID:5072
- C:\Windows\System\mmgwQmi.exe
  C:\Windows\System\mmgwQmi.exe
  2⤵
  PID:5088
- C:\Windows\System\ntYStFY.exe
  C:\Windows\System\ntYStFY.exe
  2⤵
  PID:3924
- C:\Windows\System\LCSOSlN.exe
  C:\Windows\System\LCSOSlN.exe
  2⤵
  PID:1536
- C:\Windows\System\dGLrEtH.exe
  C:\Windows\System\dGLrEtH.exe
  2⤵
  PID:3204
- C:\Windows\System\nnPYwbW.exe
  C:\Windows\System\nnPYwbW.exe
  2⤵
  PID:2956
- C:\Windows\System\kkkecpM.exe
  C:\Windows\System\kkkecpM.exe
  2⤵
  PID:2600
- C:\Windows\System\tyYNQdk.exe
  C:\Windows\System\tyYNQdk.exe
  2⤵
  PID:700
- C:\Windows\System\USJVeYh.exe
  C:\Windows\System\USJVeYh.exe
  2⤵
  PID:4156
- C:\Windows\System\uSaQonc.exe
  C:\Windows\System\uSaQonc.exe
  2⤵
  PID:4236
- C:\Windows\System\wqVscVT.exe
  C:\Windows\System\wqVscVT.exe
  2⤵
  PID:4300
- C:\Windows\System\WlkntMd.exe
  C:\Windows\System\WlkntMd.exe
  2⤵
  PID:4312
- C:\Windows\System\UkvWvqL.exe
  C:\Windows\System\UkvWvqL.exe
  2⤵
  PID:4336
- C:\Windows\System\fmorkVG.exe
  C:\Windows\System\fmorkVG.exe
  2⤵
  PID:4420
- C:\Windows\System\DWcjojD.exe
  C:\Windows\System\DWcjojD.exe
  2⤵
  PID:4544
- C:\Windows\System\XOvFOzB.exe
  C:\Windows\System\XOvFOzB.exe
  2⤵
  PID:4620
- C:\Windows\System\zninmlI.exe
  C:\Windows\System\zninmlI.exe
  2⤵
  PID:2228
- C:\Windows\System\cSlKvhR.exe
  C:\Windows\System\cSlKvhR.exe
  2⤵
  PID:4640
- C:\Windows\System\PkEsIEh.exe
  C:\Windows\System\PkEsIEh.exe
  2⤵
  PID:4580
- C:\Windows\System\WLRSSkO.exe
  C:\Windows\System\WLRSSkO.exe
  2⤵
  PID:4736
- C:\Windows\System\QfqDrPu.exe
  C:\Windows\System\QfqDrPu.exe
  2⤵
  PID:4784
- C:\Windows\System\bboteAV.exe
  C:\Windows\System\bboteAV.exe
  2⤵
  PID:4824
- C:\Windows\System\SpXPPnF.exe
  C:\Windows\System\SpXPPnF.exe
  2⤵
  PID:4804
- C:\Windows\System\FTfFqBx.exe
  C:\Windows\System\FTfFqBx.exe
  2⤵
  PID:4884
- C:\Windows\System\RezXrUW.exe
  C:\Windows\System\RezXrUW.exe
  2⤵
  PID:4964
- C:\Windows\System\DgbCdwj.exe
  C:\Windows\System\DgbCdwj.exe
  2⤵
  PID:4972
- C:\Windows\System\JydyeTx.exe
  C:\Windows\System\JydyeTx.exe
  2⤵
  PID:5076
- C:\Windows\System\nZlUIUT.exe
  C:\Windows\System\nZlUIUT.exe
  2⤵
  PID:4024
- C:\Windows\System\VAPCjFo.exe
  C:\Windows\System\VAPCjFo.exe
  2⤵
  PID:3028
- C:\Windows\System\NwvWBnp.exe
  C:\Windows\System\NwvWBnp.exe
  2⤵
  PID:2720
- C:\Windows\System\NcxBsyO.exe
  C:\Windows\System\NcxBsyO.exe
  2⤵
  PID:4064
- C:\Windows\System\bcKzRtV.exe
  C:\Windows\System\bcKzRtV.exe
  2⤵
  PID:4176
- C:\Windows\System\DdsIKHb.exe
  C:\Windows\System\DdsIKHb.exe
  2⤵
  PID:4340
- C:\Windows\System\yHRLxLl.exe
  C:\Windows\System\yHRLxLl.exe
  2⤵
  PID:4496
- C:\Windows\System\BqtOYxL.exe
  C:\Windows\System\BqtOYxL.exe
  2⤵
  PID:3700
- C:\Windows\System\xxeVJLl.exe
  C:\Windows\System\xxeVJLl.exe
  2⤵
  PID:2696
- C:\Windows\System\xKqEdVU.exe
  C:\Windows\System\xKqEdVU.exe
  2⤵
  PID:4608
- C:\Windows\System\prxfmRr.exe
  C:\Windows\System\prxfmRr.exe
  2⤵
  PID:4688
- C:\Windows\System\LUjPEVw.exe
  C:\Windows\System\LUjPEVw.exe
  2⤵
  PID:4724
- C:\Windows\System\MgdpoMw.exe
  C:\Windows\System\MgdpoMw.exe
  2⤵
  PID:4872
- C:\Windows\System\GIsrHru.exe
  C:\Windows\System\GIsrHru.exe
  2⤵
  PID:4952
- C:\Windows\System\POHVdjy.exe
  C:\Windows\System\POHVdjy.exe
  2⤵
  PID:5032
- C:\Windows\System\dVtjyHL.exe
  C:\Windows\System\dVtjyHL.exe
  2⤵
  PID:5056
- C:\Windows\System\ELHpOSJ.exe
  C:\Windows\System\ELHpOSJ.exe
  2⤵
  PID:5136
- C:\Windows\System\eByiBLL.exe
  C:\Windows\System\eByiBLL.exe
  2⤵
  PID:5156
- C:\Windows\System\ffexVDk.exe
  C:\Windows\System\ffexVDk.exe
  2⤵
  PID:5176
- C:\Windows\System\fUQtlGU.exe
  C:\Windows\System\fUQtlGU.exe
  2⤵
  PID:5196
- C:\Windows\System\mhsWDQm.exe
  C:\Windows\System\mhsWDQm.exe
  2⤵
  PID:5216
- C:\Windows\System\tdAPgfR.exe
  C:\Windows\System\tdAPgfR.exe
  2⤵
  PID:5236
- C:\Windows\System\LuxAJFq.exe
  C:\Windows\System\LuxAJFq.exe
  2⤵
  PID:5256
- C:\Windows\System\dgvBskO.exe
  C:\Windows\System\dgvBskO.exe
  2⤵
  PID:5280
- C:\Windows\System\HVdpqlC.exe
  C:\Windows\System\HVdpqlC.exe
  2⤵
  PID:5300
- C:\Windows\System\JRMvDFp.exe
  C:\Windows\System\JRMvDFp.exe
  2⤵
  PID:5320
- C:\Windows\System\JnAShnC.exe
  C:\Windows\System\JnAShnC.exe
  2⤵
  PID:5340
- C:\Windows\System\oMBfLPf.exe
  C:\Windows\System\oMBfLPf.exe
  2⤵
  PID:5360
- C:\Windows\System\qoWYpxJ.exe
  C:\Windows\System\qoWYpxJ.exe
  2⤵
  PID:5380
- C:\Windows\System\FIbcohn.exe
  C:\Windows\System\FIbcohn.exe
  2⤵
  PID:5404
- C:\Windows\System\trWaIfO.exe
  C:\Windows\System\trWaIfO.exe
  2⤵
  PID:5424
- C:\Windows\System\gtFqggZ.exe
  C:\Windows\System\gtFqggZ.exe
  2⤵
  PID:5444
- C:\Windows\System\OAiGGkJ.exe
  C:\Windows\System\OAiGGkJ.exe
  2⤵
  PID:5464
- C:\Windows\System\qrNLuEn.exe
  C:\Windows\System\qrNLuEn.exe
  2⤵
  PID:5484
- C:\Windows\System\FsXxckm.exe
  C:\Windows\System\FsXxckm.exe
  2⤵
  PID:5504
- C:\Windows\System\tLxARPy.exe
  C:\Windows\System\tLxARPy.exe
  2⤵
  PID:5524
- C:\Windows\System\bYXJJcu.exe
  C:\Windows\System\bYXJJcu.exe
  2⤵
  PID:5544
- C:\Windows\System\qyBFzgX.exe
  C:\Windows\System\qyBFzgX.exe
  2⤵
  PID:5564
- C:\Windows\System\JHaAgum.exe
  C:\Windows\System\JHaAgum.exe
  2⤵
  PID:5584
- C:\Windows\System\MtMhSiv.exe
  C:\Windows\System\MtMhSiv.exe
  2⤵
  PID:5604
- C:\Windows\System\bsLHkZF.exe
  C:\Windows\System\bsLHkZF.exe
  2⤵
  PID:5624
- C:\Windows\System\QlZcQkT.exe
  C:\Windows\System\QlZcQkT.exe
  2⤵
  PID:5644
- C:\Windows\System\cdffLzC.exe
  C:\Windows\System\cdffLzC.exe
  2⤵
  PID:5664
- C:\Windows\System\JaJeWtq.exe
  C:\Windows\System\JaJeWtq.exe
  2⤵
  PID:5684
- C:\Windows\System\GDhOBiI.exe
  C:\Windows\System\GDhOBiI.exe
  2⤵
  PID:5708
- C:\Windows\System\vfYVOxy.exe
  C:\Windows\System\vfYVOxy.exe
  2⤵
  PID:5728
- C:\Windows\System\HKoogmv.exe
  C:\Windows\System\HKoogmv.exe
  2⤵
  PID:5748
- C:\Windows\System\QpHiVGd.exe
  C:\Windows\System\QpHiVGd.exe
  2⤵
  PID:5768
- C:\Windows\System\zuahRrp.exe
  C:\Windows\System\zuahRrp.exe
  2⤵
  PID:5788
- C:\Windows\System\llIrTrQ.exe
  C:\Windows\System\llIrTrQ.exe
  2⤵
  PID:5808
- C:\Windows\System\ZfBxeIr.exe
  C:\Windows\System\ZfBxeIr.exe
  2⤵
  PID:5828
- C:\Windows\System\sSUOsVr.exe
  C:\Windows\System\sSUOsVr.exe
  2⤵
  PID:5848
- C:\Windows\System\JdRfVHb.exe
  C:\Windows\System\JdRfVHb.exe
  2⤵
  PID:5868
- C:\Windows\System\lHoDyen.exe
  C:\Windows\System\lHoDyen.exe
  2⤵
  PID:5888
- C:\Windows\System\TTTRLiU.exe
  C:\Windows\System\TTTRLiU.exe
  2⤵
  PID:5908
- C:\Windows\System\SNWPKmG.exe
  C:\Windows\System\SNWPKmG.exe
  2⤵
  PID:5928
- C:\Windows\System\zIeonnl.exe
  C:\Windows\System\zIeonnl.exe
  2⤵
  PID:5948
- C:\Windows\System\EEXeDcj.exe
  C:\Windows\System\EEXeDcj.exe
  2⤵
  PID:5968
- C:\Windows\System\tQajSAp.exe
  C:\Windows\System\tQajSAp.exe
  2⤵
  PID:5988
- C:\Windows\System\zTdXrca.exe
  C:\Windows\System\zTdXrca.exe
  2⤵
  PID:6008
- C:\Windows\System\yhlHupU.exe
  C:\Windows\System\yhlHupU.exe
  2⤵
  PID:6028
- C:\Windows\System\emVzgis.exe
  C:\Windows\System\emVzgis.exe
  2⤵
  PID:6048
- C:\Windows\System\xlLvcoq.exe
  C:\Windows\System\xlLvcoq.exe
  2⤵
  PID:6068
- C:\Windows\System\EyfYSNd.exe
  C:\Windows\System\EyfYSNd.exe
  2⤵
  PID:6088
- C:\Windows\System\PjiACFh.exe
  C:\Windows\System\PjiACFh.exe
  2⤵
  PID:6112
- C:\Windows\System\HyscbQc.exe
  C:\Windows\System\HyscbQc.exe
  2⤵
  PID:6132
- C:\Windows\System\JZjQoDI.exe
  C:\Windows\System\JZjQoDI.exe
  2⤵
  PID:3692
- C:\Windows\System\QYvVvOW.exe
  C:\Windows\System\QYvVvOW.exe
  2⤵
  PID:2888
- C:\Windows\System\ubXwLyK.exe
  C:\Windows\System\ubXwLyK.exe
  2⤵
  PID:4192
- C:\Windows\System\WdTPeRG.exe
  C:\Windows\System\WdTPeRG.exe
  2⤵
  PID:4240
- C:\Windows\System\MmifdSd.exe
  C:\Windows\System\MmifdSd.exe
  2⤵
  PID:4500
- C:\Windows\System\FAsDVnL.exe
  C:\Windows\System\FAsDVnL.exe
  2⤵
  PID:4564
- C:\Windows\System\gPmLfjV.exe
  C:\Windows\System\gPmLfjV.exe
  2⤵
  PID:4624
- C:\Windows\System\hLAKQaX.exe
  C:\Windows\System\hLAKQaX.exe
  2⤵
  PID:4760
- C:\Windows\System\bpuJYPO.exe
  C:\Windows\System\bpuJYPO.exe
  2⤵
  PID:4932
- C:\Windows\System\CzPEtZW.exe
  C:\Windows\System\CzPEtZW.exe
  2⤵
  PID:4988
- C:\Windows\System\xpUNuPV.exe
  C:\Windows\System\xpUNuPV.exe
  2⤵
  PID:5164
- C:\Windows\System\ovHgnEM.exe
  C:\Windows\System\ovHgnEM.exe
  2⤵
  PID:5148
- C:\Windows\System\YmGrZrL.exe
  C:\Windows\System\YmGrZrL.exe
  2⤵
  PID:5208
- C:\Windows\System\NZJwWZn.exe
  C:\Windows\System\NZJwWZn.exe
  2⤵
  PID:5252
- C:\Windows\System\KsRLUPs.exe
  C:\Windows\System\KsRLUPs.exe
  2⤵
  PID:5272
- C:\Windows\System\TOTuqlt.exe
  C:\Windows\System\TOTuqlt.exe
  2⤵
  PID:5328
- C:\Windows\System\ASvYYeT.exe
  C:\Windows\System\ASvYYeT.exe
  2⤵
  PID:5348
- C:\Windows\System\tMRTCdp.exe
  C:\Windows\System\tMRTCdp.exe
  2⤵
  PID:2136
- C:\Windows\System\yOIcqko.exe
  C:\Windows\System\yOIcqko.exe
  2⤵
  PID:5392
- C:\Windows\System\XyPnuPe.exe
  C:\Windows\System\XyPnuPe.exe
  2⤵
  PID:5456
- C:\Windows\System\kZmHcQl.exe
  C:\Windows\System\kZmHcQl.exe
  2⤵
  PID:5492
- C:\Windows\System\frZNzSb.exe
  C:\Windows\System\frZNzSb.exe
  2⤵
  PID:5532
- C:\Windows\System\OxSdPMC.exe
  C:\Windows\System\OxSdPMC.exe
  2⤵
  PID:5536
- C:\Windows\System\sTfRLlh.exe
  C:\Windows\System\sTfRLlh.exe
  2⤵
  PID:5576
- C:\Windows\System\IpvLvdq.exe
  C:\Windows\System\IpvLvdq.exe
  2⤵
  PID:5600
- C:\Windows\System\vXOjaTg.exe
  C:\Windows\System\vXOjaTg.exe
  2⤵
  PID:5660
- C:\Windows\System\rSVgdBu.exe
  C:\Windows\System\rSVgdBu.exe
  2⤵
  PID:5692
- C:\Windows\System\dQpQJzq.exe
  C:\Windows\System\dQpQJzq.exe
  2⤵
  PID:5696
- C:\Windows\System\gcygdEn.exe
  C:\Windows\System\gcygdEn.exe
  2⤵
  PID:5724
- C:\Windows\System\giJUSRE.exe
  C:\Windows\System\giJUSRE.exe
  2⤵
  PID:5780
- C:\Windows\System\jzMRezq.exe
  C:\Windows\System\jzMRezq.exe
  2⤵
  PID:5800
- C:\Windows\System\gNPDzMl.exe
  C:\Windows\System\gNPDzMl.exe
  2⤵
  PID:5856
- C:\Windows\System\pwDYDhd.exe
  C:\Windows\System\pwDYDhd.exe
  2⤵
  PID:5864
- C:\Windows\System\wQHiGkv.exe
  C:\Windows\System\wQHiGkv.exe
  2⤵
  PID:5880
- C:\Windows\System\zmbGGYn.exe
  C:\Windows\System\zmbGGYn.exe
  2⤵
  PID:5944
- C:\Windows\System\KTGmZcw.exe
  C:\Windows\System\KTGmZcw.exe
  2⤵
  PID:5976
- C:\Windows\System\tPFAHsZ.exe
  C:\Windows\System\tPFAHsZ.exe
  2⤵
  PID:6016
- C:\Windows\System\nzunInb.exe
  C:\Windows\System\nzunInb.exe
  2⤵
  PID:6020
- C:\Windows\System\BJDeGtW.exe
  C:\Windows\System\BJDeGtW.exe
  2⤵
  PID:6040
- C:\Windows\System\WLpKyUy.exe
  C:\Windows\System\WLpKyUy.exe
  2⤵
  PID:6080
- C:\Windows\System\mweNbSw.exe
  C:\Windows\System\mweNbSw.exe
  2⤵
  PID:6124
- C:\Windows\System\mYQkOLb.exe
  C:\Windows\System\mYQkOLb.exe
  2⤵
  PID:4132
- C:\Windows\System\qIIMnOy.exe
  C:\Windows\System\qIIMnOy.exe
  2⤵
  PID:3976
- C:\Windows\System\kUuzHBA.exe
  C:\Windows\System\kUuzHBA.exe
  2⤵
  PID:4380
- C:\Windows\System\xlvVCnK.exe
  C:\Windows\System\xlvVCnK.exe
  2⤵
  PID:4600
- C:\Windows\System\RRpOTKn.exe
  C:\Windows\System\RRpOTKn.exe
  2⤵
  PID:4660
- C:\Windows\System\ZVerlKG.exe
  C:\Windows\System\ZVerlKG.exe
  2⤵
  PID:5124
- C:\Windows\System\vdBpNFn.exe
  C:\Windows\System\vdBpNFn.exe
  2⤵
  PID:5192
- C:\Windows\System\VhKShIK.exe
  C:\Windows\System\VhKShIK.exe
  2⤵
  PID:5288
- C:\Windows\System\nJOfKtC.exe
  C:\Windows\System\nJOfKtC.exe
  2⤵
  PID:5312
- C:\Windows\System\YsMtaeF.exe
  C:\Windows\System\YsMtaeF.exe
  2⤵
  PID:5308
- C:\Windows\System\heVCOMX.exe
  C:\Windows\System\heVCOMX.exe
  2⤵
  PID:5352
- C:\Windows\System\qjLdEYe.exe
  C:\Windows\System\qjLdEYe.exe
  2⤵
  PID:2728
- C:\Windows\System\LPwwZUb.exe
  C:\Windows\System\LPwwZUb.exe
  2⤵
  PID:5480
- C:\Windows\System\ZHqdNGB.exe
  C:\Windows\System\ZHqdNGB.exe
  2⤵
  PID:5516
- C:\Windows\System\ogtZZXe.exe
  C:\Windows\System\ogtZZXe.exe
  2⤵
  PID:5612
- C:\Windows\System\lyDfZHn.exe
  C:\Windows\System\lyDfZHn.exe
  2⤵
  PID:5636
- C:\Windows\System\ItIfVze.exe
  C:\Windows\System\ItIfVze.exe
  2⤵
  PID:5672
- C:\Windows\System\guaBYdv.exe
  C:\Windows\System\guaBYdv.exe
  2⤵
  PID:5756
- C:\Windows\System\CoqdyDj.exe
  C:\Windows\System\CoqdyDj.exe
  2⤵
  PID:5796
- C:\Windows\System\YNfUqOc.exe
  C:\Windows\System\YNfUqOc.exe
  2⤵
  PID:5840
- C:\Windows\System\tYYySrS.exe
  C:\Windows\System\tYYySrS.exe
  2⤵
  PID:5884
- C:\Windows\System\BPOCkic.exe
  C:\Windows\System\BPOCkic.exe
  2⤵
  PID:5980
- C:\Windows\System\OMXWxgg.exe
  C:\Windows\System\OMXWxgg.exe
  2⤵
  PID:6004
- C:\Windows\System\kEXUkQo.exe
  C:\Windows\System\kEXUkQo.exe
  2⤵
  PID:6076
- C:\Windows\System\TVKVNDx.exe
  C:\Windows\System\TVKVNDx.exe
  2⤵
  PID:6128
- C:\Windows\System\wjyGPFD.exe
  C:\Windows\System\wjyGPFD.exe
  2⤵
  PID:2804
- C:\Windows\System\jXSQbKO.exe
  C:\Windows\System\jXSQbKO.exe
  2⤵
  PID:4196
- C:\Windows\System\VcQoLaM.exe
  C:\Windows\System\VcQoLaM.exe
  2⤵
  PID:4944
- C:\Windows\System\GpuKLUE.exe
  C:\Windows\System\GpuKLUE.exe
  2⤵
  PID:5188
- C:\Windows\System\hiZsuvv.exe
  C:\Windows\System\hiZsuvv.exe
  2⤵
  PID:5228
- C:\Windows\System\qzCwRhO.exe
  C:\Windows\System\qzCwRhO.exe
  2⤵
  PID:1712
- C:\Windows\System\KNvOlYO.exe
  C:\Windows\System\KNvOlYO.exe
  2⤵
  PID:5440
- C:\Windows\System\VfUyoGm.exe
  C:\Windows\System\VfUyoGm.exe
  2⤵
  PID:5400
- C:\Windows\System\idLlpnN.exe
  C:\Windows\System\idLlpnN.exe
  2⤵
  PID:5520
- C:\Windows\System\IDVMwUy.exe
  C:\Windows\System\IDVMwUy.exe
  2⤵
  PID:5736
- C:\Windows\System\ZAByQoH.exe
  C:\Windows\System\ZAByQoH.exe
  2⤵
  PID:3000
- C:\Windows\System\oOcsivt.exe
  C:\Windows\System\oOcsivt.exe
  2⤵
  PID:5776
- C:\Windows\System\REnwCcv.exe
  C:\Windows\System\REnwCcv.exe
  2⤵
  PID:5900
- C:\Windows\System\dHZKNwG.exe
  C:\Windows\System\dHZKNwG.exe
  2⤵
  PID:6044
- C:\Windows\System\jcLqSdm.exe
  C:\Windows\System\jcLqSdm.exe
  2⤵
  PID:6096
- C:\Windows\System\QrDSESG.exe
  C:\Windows\System\QrDSESG.exe
  2⤵
  PID:6140
- C:\Windows\System\uHpXGpK.exe
  C:\Windows\System\uHpXGpK.exe
  2⤵
  PID:4540
- C:\Windows\System\sZaQMik.exe
  C:\Windows\System\sZaQMik.exe
  2⤵
  PID:5132
- C:\Windows\System\GDszsJD.exe
  C:\Windows\System\GDszsJD.exe
  2⤵
  PID:5168
- C:\Windows\System\jEWUBAB.exe
  C:\Windows\System\jEWUBAB.exe
  2⤵
  PID:5336
- C:\Windows\System\kiCPQmu.exe
  C:\Windows\System\kiCPQmu.exe
  2⤵
  PID:5460
- C:\Windows\System\CKgNUaE.exe
  C:\Windows\System\CKgNUaE.exe
  2⤵
  PID:5652
- C:\Windows\System\FwVrFqW.exe
  C:\Windows\System\FwVrFqW.exe
  2⤵
  PID:5820
- C:\Windows\System\jbjIgUP.exe
  C:\Windows\System\jbjIgUP.exe
  2⤵
  PID:1700
- C:\Windows\System\VrqtUWi.exe
  C:\Windows\System\VrqtUWi.exe
  2⤵
  PID:6152
- C:\Windows\System\oExoikZ.exe
  C:\Windows\System\oExoikZ.exe
  2⤵
  PID:6172
- C:\Windows\System\ynfkbvr.exe
  C:\Windows\System\ynfkbvr.exe
  2⤵
  PID:6192
- C:\Windows\System\iRUFUlT.exe
  C:\Windows\System\iRUFUlT.exe
  2⤵
  PID:6212
- C:\Windows\System\ywibWVP.exe
  C:\Windows\System\ywibWVP.exe
  2⤵
  PID:6232
- C:\Windows\System\zvGjOxR.exe
  C:\Windows\System\zvGjOxR.exe
  2⤵
  PID:6248
- C:\Windows\System\yOeRSVR.exe
  C:\Windows\System\yOeRSVR.exe
  2⤵
  PID:6272
- C:\Windows\System\LoXxwiw.exe
  C:\Windows\System\LoXxwiw.exe
  2⤵
  PID:6292
- C:\Windows\System\ILxolxE.exe
  C:\Windows\System\ILxolxE.exe
  2⤵
  PID:6316
- C:\Windows\System\VpbPnrb.exe
  C:\Windows\System\VpbPnrb.exe
  2⤵
  PID:6336
- C:\Windows\System\UHOeYnM.exe
  C:\Windows\System\UHOeYnM.exe
  2⤵
  PID:6360
- C:\Windows\System\TewkxYd.exe
  C:\Windows\System\TewkxYd.exe
  2⤵
  PID:6380
- C:\Windows\System\eaFkxhg.exe
  C:\Windows\System\eaFkxhg.exe
  2⤵
  PID:6400
- C:\Windows\System\YiucSqY.exe
  C:\Windows\System\YiucSqY.exe
  2⤵
  PID:6420
- C:\Windows\System\zBQBPpv.exe
  C:\Windows\System\zBQBPpv.exe
  2⤵
  PID:6440
- C:\Windows\System\fJcycDT.exe
  C:\Windows\System\fJcycDT.exe
  2⤵
  PID:6460
- C:\Windows\System\DgQPQbs.exe
  C:\Windows\System\DgQPQbs.exe
  2⤵
  PID:6480
- C:\Windows\System\YwYsDij.exe
  C:\Windows\System\YwYsDij.exe
  2⤵
  PID:6500
- C:\Windows\System\igADitv.exe
  C:\Windows\System\igADitv.exe
  2⤵
  PID:6520
- C:\Windows\System\tHOKliT.exe
  C:\Windows\System\tHOKliT.exe
  2⤵
  PID:6540
- C:\Windows\System\mtJfFEw.exe
  C:\Windows\System\mtJfFEw.exe
  2⤵
  PID:6560
- C:\Windows\System\lWLbOCx.exe
  C:\Windows\System\lWLbOCx.exe
  2⤵
  PID:6580
- C:\Windows\System\TKqdXvy.exe
  C:\Windows\System\TKqdXvy.exe
  2⤵
  PID:6600
- C:\Windows\System\hQoMabl.exe
  C:\Windows\System\hQoMabl.exe
  2⤵
  PID:6620
- C:\Windows\System\qXIwCNu.exe
  C:\Windows\System\qXIwCNu.exe
  2⤵
  PID:6640
- C:\Windows\System\SVNPOxn.exe
  C:\Windows\System\SVNPOxn.exe
  2⤵
  PID:6660
- C:\Windows\System\qLbxQIv.exe
  C:\Windows\System\qLbxQIv.exe
  2⤵
  PID:6680
- C:\Windows\System\TWYtvWi.exe
  C:\Windows\System\TWYtvWi.exe
  2⤵
  PID:6700
- C:\Windows\System\uzipWMS.exe
  C:\Windows\System\uzipWMS.exe
  2⤵
  PID:6720
- C:\Windows\System\ZkoNSrN.exe
  C:\Windows\System\ZkoNSrN.exe
  2⤵
  PID:6740
- C:\Windows\System\DSumlSD.exe
  C:\Windows\System\DSumlSD.exe
  2⤵
  PID:6760
- C:\Windows\System\eOgEKDV.exe
  C:\Windows\System\eOgEKDV.exe
  2⤵
  PID:6780
- C:\Windows\System\KTrQoUU.exe
  C:\Windows\System\KTrQoUU.exe
  2⤵
  PID:6804
- C:\Windows\System\AoOdbQH.exe
  C:\Windows\System\AoOdbQH.exe
  2⤵
  PID:6824
- C:\Windows\System\GIJZZOq.exe
  C:\Windows\System\GIJZZOq.exe
  2⤵
  PID:6848
- C:\Windows\System\IcBmtZI.exe
  C:\Windows\System\IcBmtZI.exe
  2⤵
  PID:6868
- C:\Windows\System\lZtTmuE.exe
  C:\Windows\System\lZtTmuE.exe
  2⤵
  PID:6888
- C:\Windows\System\cRmMZSm.exe
  C:\Windows\System\cRmMZSm.exe
  2⤵
  PID:6908
- C:\Windows\System\UZBbrYl.exe
  C:\Windows\System\UZBbrYl.exe
  2⤵
  PID:6928
- C:\Windows\System\mkOjgbL.exe
  C:\Windows\System\mkOjgbL.exe
  2⤵
  PID:6956
- C:\Windows\System\HRzoZZK.exe
  C:\Windows\System\HRzoZZK.exe
  2⤵
  PID:6980
- C:\Windows\System\jGkQrrH.exe
  C:\Windows\System\jGkQrrH.exe
  2⤵
  PID:7000
- C:\Windows\System\PirJLUC.exe
  C:\Windows\System\PirJLUC.exe
  2⤵
  PID:7020
- C:\Windows\System\SXfEgUy.exe
  C:\Windows\System\SXfEgUy.exe
  2⤵
  PID:7040
- C:\Windows\System\YHgXcOt.exe
  C:\Windows\System\YHgXcOt.exe
  2⤵
  PID:7060
- C:\Windows\System\eHODAmf.exe
  C:\Windows\System\eHODAmf.exe
  2⤵
  PID:7080
- C:\Windows\System\AjCCvFP.exe
  C:\Windows\System\AjCCvFP.exe
  2⤵
  PID:2124
- C:\Windows\System\BiHAxgy.exe
  C:\Windows\System\BiHAxgy.exe
  2⤵
  PID:3144
- C:\Windows\System\OhUKfxs.exe
  C:\Windows\System\OhUKfxs.exe
  2⤵
  PID:5572
- C:\Windows\System\ftGGcAV.exe
  C:\Windows\System\ftGGcAV.exe
  2⤵
  PID:5432
- C:\Windows\System\PLumiTG.exe
  C:\Windows\System\PLumiTG.exe
  2⤵
  PID:5964
- C:\Windows\System\ZpyfOxn.exe
  C:\Windows\System\ZpyfOxn.exe
  2⤵
  PID:6148
- C:\Windows\System\rFccQUX.exe
  C:\Windows\System\rFccQUX.exe
  2⤵
  PID:3600
- C:\Windows\System\GPoSzCS.exe
  C:\Windows\System\GPoSzCS.exe
  2⤵
  PID:6228
- C:\Windows\System\kjSXBsO.exe
  C:\Windows\System\kjSXBsO.exe
  2⤵
  PID:6260
- C:\Windows\System\aRmuhNa.exe
  C:\Windows\System\aRmuhNa.exe
  2⤵
  PID:6264
- C:\Windows\System\bMPahbC.exe
  C:\Windows\System\bMPahbC.exe
  2⤵
  PID:6288
- C:\Windows\System\bqsBKwc.exe
  C:\Windows\System\bqsBKwc.exe
  2⤵
  PID:6324
- C:\Windows\System\zJoYXMg.exe
  C:\Windows\System\zJoYXMg.exe
  2⤵
  PID:6328
- C:\Windows\System\WCCmsxJ.exe
  C:\Windows\System\WCCmsxJ.exe
  2⤵
  PID:6396
- C:\Windows\System\QiaYmIU.exe
  C:\Windows\System\QiaYmIU.exe
  2⤵
  PID:6408
- C:\Windows\System\QAONTBi.exe
  C:\Windows\System\QAONTBi.exe
  2⤵
  PID:6432
- C:\Windows\System\ARbprbI.exe
  C:\Windows\System\ARbprbI.exe
  2⤵
  PID:6516
- C:\Windows\System\yOOtbXi.exe
  C:\Windows\System\yOOtbXi.exe
  2⤵
  PID:6512
- C:\Windows\System\TMgCOBd.exe
  C:\Windows\System\TMgCOBd.exe
  2⤵
  PID:6532
- C:\Windows\System\xrNughe.exe
  C:\Windows\System\xrNughe.exe
  2⤵
  PID:2320
- C:\Windows\System\sPBosbW.exe
  C:\Windows\System\sPBosbW.exe
  2⤵
  PID:6568
- C:\Windows\System\zlawKcg.exe
  C:\Windows\System\zlawKcg.exe
  2⤵
  PID:6612
- C:\Windows\System\XnbTnru.exe
  C:\Windows\System\XnbTnru.exe
  2⤵
  PID:6668
- C:\Windows\System\usLkDXN.exe
  C:\Windows\System\usLkDXN.exe
  2⤵
  PID:6672
- C:\Windows\System\iJQCaYj.exe
  C:\Windows\System\iJQCaYj.exe
  2⤵
  PID:1736
- C:\Windows\System\nnsxJSk.exe
  C:\Windows\System\nnsxJSk.exe
  2⤵
  PID:6748
- C:\Windows\System\pfwGncH.exe
  C:\Windows\System\pfwGncH.exe
  2⤵
  PID:6788
- C:\Windows\System\NpSSNxr.exe
  C:\Windows\System\NpSSNxr.exe
  2⤵
  PID:6732
- C:\Windows\System\kbrXAIK.exe
  C:\Windows\System\kbrXAIK.exe
  2⤵
  PID:2128
- C:\Windows\System\KbRXfgP.exe
  C:\Windows\System\KbRXfgP.exe
  2⤵
  PID:2964
- C:\Windows\System\gijlnQn.exe
  C:\Windows\System\gijlnQn.exe
  2⤵
  PID:6836
- C:\Windows\System\nLoMUeN.exe
  C:\Windows\System\nLoMUeN.exe
  2⤵
  PID:6864
- C:\Windows\System\lPxoGgD.exe
  C:\Windows\System\lPxoGgD.exe
  2⤵
  PID:2084
- C:\Windows\System\NGZkgZr.exe
  C:\Windows\System\NGZkgZr.exe
  2⤵
  PID:6904
- C:\Windows\System\IMhuSVh.exe
  C:\Windows\System\IMhuSVh.exe
  2⤵
  PID:1360
- C:\Windows\System\FZwMARH.exe
  C:\Windows\System\FZwMARH.exe
  2⤵
  PID:6968
- C:\Windows\System\nGJtcNI.exe
  C:\Windows\System\nGJtcNI.exe
  2⤵
  PID:6988
- C:\Windows\System\jbKkjlA.exe
  C:\Windows\System\jbKkjlA.exe
  2⤵
  PID:6996
- C:\Windows\System\NPEOtSz.exe
  C:\Windows\System\NPEOtSz.exe
  2⤵
  PID:7056
- C:\Windows\System\iyHWokH.exe
  C:\Windows\System\iyHWokH.exe
  2⤵
  PID:840
- C:\Windows\System\DkJziVX.exe
  C:\Windows\System\DkJziVX.exe
  2⤵
  PID:7036
- C:\Windows\System\rbcuAyW.exe
  C:\Windows\System\rbcuAyW.exe
  2⤵
  PID:2452
- C:\Windows\System\dSwUQLC.exe
  C:\Windows\System\dSwUQLC.exe
  2⤵
  PID:7100
- C:\Windows\System\mTFiXJB.exe
  C:\Windows\System\mTFiXJB.exe
  2⤵
  PID:7136
- C:\Windows\System\hjhmWpE.exe
  C:\Windows\System\hjhmWpE.exe
  2⤵
  PID:7096
- C:\Windows\System\kgcHeny.exe
  C:\Windows\System\kgcHeny.exe
  2⤵
  PID:7140
- C:\Windows\System\phZbMiV.exe
  C:\Windows\System\phZbMiV.exe
  2⤵
  PID:7164
- C:\Windows\System\ZgRREpr.exe
  C:\Windows\System\ZgRREpr.exe
  2⤵
  PID:5012
- C:\Windows\System\voFENBT.exe
  C:\Windows\System\voFENBT.exe
  2⤵
  PID:824
- C:\Windows\System\wOdWYFr.exe
  C:\Windows\System\wOdWYFr.exe
  2⤵
  PID:2852
- C:\Windows\System\kspPmHd.exe
  C:\Windows\System\kspPmHd.exe
  2⤵
  PID:5656
- C:\Windows\System\gxKxlNd.exe
  C:\Windows\System\gxKxlNd.exe
  2⤵
  PID:5936
- C:\Windows\System\Uvkjbja.exe
  C:\Windows\System\Uvkjbja.exe
  2⤵
  PID:6184
- C:\Windows\System\OhpIVav.exe
  C:\Windows\System\OhpIVav.exe
  2⤵
  PID:6204
- C:\Windows\System\ENjiUtR.exe
  C:\Windows\System\ENjiUtR.exe
  2⤵
  PID:6300
- C:\Windows\System\juPjDRb.exe
  C:\Windows\System\juPjDRb.exe
  2⤵
  PID:6352
- C:\Windows\System\LrbZXPH.exe
  C:\Windows\System\LrbZXPH.exe
  2⤵
  PID:6428
- C:\Windows\System\pIDNCnN.exe
  C:\Windows\System\pIDNCnN.exe
  2⤵
  PID:6412
- C:\Windows\System\lMcfFnB.exe
  C:\Windows\System\lMcfFnB.exe
  2⤵
  PID:6508
- C:\Windows\System\ozlOvvx.exe
  C:\Windows\System\ozlOvvx.exe
  2⤵
  PID:6552
- C:\Windows\System\czDvZMn.exe
  C:\Windows\System\czDvZMn.exe
  2⤵
  PID:6572
- C:\Windows\System\IjchCEx.exe
  C:\Windows\System\IjchCEx.exe
  2⤵
  PID:6648
- C:\Windows\System\llNJepR.exe
  C:\Windows\System\llNJepR.exe
  2⤵
  PID:4028
- C:\Windows\System\PbGyxcY.exe
  C:\Windows\System\PbGyxcY.exe
  2⤵
  PID:6692
- C:\Windows\System\Tydklem.exe
  C:\Windows\System\Tydklem.exe
  2⤵
  PID:6800
- C:\Windows\System\UoefYIx.exe
  C:\Windows\System\UoefYIx.exe
  2⤵
  PID:6832
- C:\Windows\System\jAtwKkj.exe
  C:\Windows\System\jAtwKkj.exe
  2⤵
  PID:6816
- C:\Windows\System\TdirlQG.exe
  C:\Windows\System\TdirlQG.exe
  2⤵
  PID:6920
- C:\Windows\System\cVwqRMN.exe
  C:\Windows\System\cVwqRMN.exe
  2⤵
  PID:856
- C:\Windows\System\wGkgaKu.exe
  C:\Windows\System\wGkgaKu.exe
  2⤵
  PID:1148
- C:\Windows\System\HMouuvx.exe
  C:\Windows\System\HMouuvx.exe
  2⤵
  PID:6976
- C:\Windows\System\IHsASsZ.exe
  C:\Windows\System\IHsASsZ.exe
  2⤵
  PID:7016
- C:\Windows\System\cYVSveT.exe
  C:\Windows\System\cYVSveT.exe
  2⤵
  PID:7092
- C:\Windows\System\YojqVdl.exe
  C:\Windows\System\YojqVdl.exe
  2⤵
  PID:1732
- C:\Windows\System\wkjuCUK.exe
  C:\Windows\System\wkjuCUK.exe
  2⤵
  PID:6108
- C:\Windows\System\QogUQHA.exe
  C:\Windows\System\QogUQHA.exe
  2⤵
  PID:6952
- C:\Windows\System\FGYVkgs.exe
  C:\Windows\System\FGYVkgs.exe
  2⤵
  PID:268
- C:\Windows\System\CbhqDGR.exe
  C:\Windows\System\CbhqDGR.exe
  2⤵
  PID:1528
- C:\Windows\System\SaMoTKz.exe
  C:\Windows\System\SaMoTKz.exe
  2⤵
  PID:6160
- C:\Windows\System\rdNplCf.exe
  C:\Windows\System\rdNplCf.exe
  2⤵
  PID:4764
- C:\Windows\System\lYrqdgz.exe
  C:\Windows\System\lYrqdgz.exe
  2⤵
  PID:6256
- C:\Windows\System\isafFgo.exe
  C:\Windows\System\isafFgo.exe
  2⤵
  PID:6308
- C:\Windows\System\NUHwlun.exe
  C:\Windows\System\NUHwlun.exe
  2⤵
  PID:6368
- C:\Windows\System\ArsKGpg.exe
  C:\Windows\System\ArsKGpg.exe
  2⤵
  PID:6388
- C:\Windows\System\HywcvhA.exe
  C:\Windows\System\HywcvhA.exe
  2⤵
  PID:6548
- C:\Windows\System\dQUWcUu.exe
  C:\Windows\System\dQUWcUu.exe
  2⤵
  PID:6676
- C:\Windows\System\XfrNndi.exe
  C:\Windows\System\XfrNndi.exe
  2⤵
  PID:6752
- C:\Windows\System\ldkSevU.exe
  C:\Windows\System\ldkSevU.exe
  2⤵
  PID:6772
- C:\Windows\System\UepNegO.exe
  C:\Windows\System\UepNegO.exe
  2⤵
  PID:2900
- C:\Windows\System\eOJZPnT.exe
  C:\Windows\System\eOJZPnT.exe
  2⤵
  PID:6884
- C:\Windows\System\JfrtKVl.exe
  C:\Windows\System\JfrtKVl.exe
  2⤵
  PID:2504
- C:\Windows\System\sfJwQkU.exe
  C:\Windows\System\sfJwQkU.exe
  2⤵
  PID:7052
- C:\Windows\System\UySmZrC.exe
  C:\Windows\System\UySmZrC.exe
  2⤵
  PID:2144
- C:\Windows\System\LmgBtsn.exe
  C:\Windows\System\LmgBtsn.exe
  2⤵
  PID:1300
- C:\Windows\System\MzQUqjr.exe
  C:\Windows\System\MzQUqjr.exe
  2⤵
  PID:7160
- C:\Windows\System\SdonwHd.exe
  C:\Windows\System\SdonwHd.exe
  2⤵
  PID:6036
- C:\Windows\System\OHOdbfE.exe
  C:\Windows\System\OHOdbfE.exe
  2⤵
  PID:6344
- C:\Windows\System\bWvrmkZ.exe
  C:\Windows\System\bWvrmkZ.exe
  2⤵
  PID:2700
- C:\Windows\System\xnTWfpx.exe
  C:\Windows\System\xnTWfpx.exe
  2⤵
  PID:1576
- C:\Windows\System\trYOkhs.exe
  C:\Windows\System\trYOkhs.exe
  2⤵
  PID:2208
- C:\Windows\System\JsEXsXQ.exe
  C:\Windows\System\JsEXsXQ.exe
  2⤵
  PID:828
- C:\Windows\System\jtVwRMy.exe
  C:\Windows\System\jtVwRMy.exe
  2⤵
  PID:6880
- C:\Windows\System\uPGjCXv.exe
  C:\Windows\System\uPGjCXv.exe
  2⤵
  PID:6972
- C:\Windows\System\wxzyZDU.exe
  C:\Windows\System\wxzyZDU.exe
  2⤵
  PID:2464
- C:\Windows\System\aDToBPx.exe
  C:\Windows\System\aDToBPx.exe
  2⤵
  PID:1808
- C:\Windows\System\KBxsAjj.exe
  C:\Windows\System\KBxsAjj.exe
  2⤵
  PID:6964
- C:\Windows\System\IcnoTGp.exe
  C:\Windows\System\IcnoTGp.exe
  2⤵
  PID:6240
- C:\Windows\System\peXFDth.exe
  C:\Windows\System\peXFDth.exe
  2⤵
  PID:6496
- C:\Windows\System\xWcERMY.exe
  C:\Windows\System\xWcERMY.exe
  2⤵
  PID:468
- C:\Windows\System\oPqVJgH.exe
  C:\Windows\System\oPqVJgH.exe
  2⤵
  PID:2384
- C:\Windows\System\CZTklcM.exe
  C:\Windows\System\CZTklcM.exe
  2⤵
  PID:7068
- C:\Windows\System\WfCihEo.exe
  C:\Windows\System\WfCihEo.exe
  2⤵
  PID:7156
- C:\Windows\System\xkIQpPI.exe
  C:\Windows\System\xkIQpPI.exe
  2⤵
  PID:6476
- C:\Windows\System\hDYoREc.exe
  C:\Windows\System\hDYoREc.exe
  2⤵
  PID:6616
- C:\Windows\System\uMNLild.exe
  C:\Windows\System\uMNLild.exe
  2⤵
  PID:1636
- C:\Windows\System\KYYrfKb.exe
  C:\Windows\System\KYYrfKb.exe
  2⤵
  PID:6220
- C:\Windows\System\rSXevGG.exe
  C:\Windows\System\rSXevGG.exe
  2⤵
  PID:6356
- C:\Windows\System\VcTVCAU.exe
  C:\Windows\System\VcTVCAU.exe
  2⤵
  PID:316
- C:\Windows\System\wmhYnJw.exe
  C:\Windows\System\wmhYnJw.exe
  2⤵
  PID:6164
- C:\Windows\System\WbJvTio.exe
  C:\Windows\System\WbJvTio.exe
  2⤵
  PID:5376
- C:\Windows\System\grnlXuO.exe
  C:\Windows\System\grnlXuO.exe
  2⤵
  PID:7176
- C:\Windows\System\prqflaZ.exe
  C:\Windows\System\prqflaZ.exe
  2⤵
  PID:7192
- C:\Windows\System\gmaaIij.exe
  C:\Windows\System\gmaaIij.exe
  2⤵
  PID:7220
- C:\Windows\System\cltvsXd.exe
  C:\Windows\System\cltvsXd.exe
  2⤵
  PID:7236
- C:\Windows\System\qcUSeZA.exe
  C:\Windows\System\qcUSeZA.exe
  2⤵
  PID:7264
- C:\Windows\System\cgfQscZ.exe
  C:\Windows\System\cgfQscZ.exe
  2⤵
  PID:7280
- C:\Windows\System\hJauJku.exe
  C:\Windows\System\hJauJku.exe
  2⤵
  PID:7296
- C:\Windows\System\oagCkEH.exe
  C:\Windows\System\oagCkEH.exe
  2⤵
  PID:7324
- C:\Windows\System\pLvZTCe.exe
  C:\Windows\System\pLvZTCe.exe
  2⤵
  PID:7344
- C:\Windows\System\srjCNeb.exe
  C:\Windows\System\srjCNeb.exe
  2⤵
  PID:7360
- C:\Windows\System\VkYuYtQ.exe
  C:\Windows\System\VkYuYtQ.exe
  2⤵
  PID:7376
- C:\Windows\System\iPiWmXE.exe
  C:\Windows\System\iPiWmXE.exe
  2⤵
  PID:7392
- C:\Windows\System\CncDqiu.exe
  C:\Windows\System\CncDqiu.exe
  2⤵
  PID:7408
- C:\Windows\System\NwIwuDH.exe
  C:\Windows\System\NwIwuDH.exe
  2⤵
  PID:7432
- C:\Windows\System\RkMGpGk.exe
  C:\Windows\System\RkMGpGk.exe
  2⤵
  PID:7456
- C:\Windows\System\SGlasJn.exe
  C:\Windows\System\SGlasJn.exe
  2⤵
  PID:7484
- C:\Windows\System\xCeQaUK.exe
  C:\Windows\System\xCeQaUK.exe
  2⤵
  PID:7504
- C:\Windows\System\nGISeuk.exe
  C:\Windows\System\nGISeuk.exe
  2⤵
  PID:7524
- C:\Windows\System\BMMadOQ.exe
  C:\Windows\System\BMMadOQ.exe
  2⤵
  PID:7540
- C:\Windows\System\LkwarFa.exe
  C:\Windows\System\LkwarFa.exe
  2⤵
  PID:7560
- C:\Windows\System\TDqjXRT.exe
  C:\Windows\System\TDqjXRT.exe
  2⤵
  PID:7580
- C:\Windows\System\xsfpyTb.exe
  C:\Windows\System\xsfpyTb.exe
  2⤵
  PID:7596
- C:\Windows\System\atdKtwT.exe
  C:\Windows\System\atdKtwT.exe
  2⤵
  PID:7624
- C:\Windows\System\OCNXJsI.exe
  C:\Windows\System\OCNXJsI.exe
  2⤵
  PID:7640
- C:\Windows\System\EEDFXsj.exe
  C:\Windows\System\EEDFXsj.exe
  2⤵
  PID:7656
- C:\Windows\System\OyzBNyd.exe
  C:\Windows\System\OyzBNyd.exe
  2⤵
  PID:7680
- C:\Windows\System\jAPSiUN.exe
  C:\Windows\System\jAPSiUN.exe
  2⤵
  PID:7704
- C:\Windows\System\CZipTyv.exe
  C:\Windows\System\CZipTyv.exe
  2⤵
  PID:7724
- C:\Windows\System\tpVlrhZ.exe
  C:\Windows\System\tpVlrhZ.exe
  2⤵
  PID:7740
- C:\Windows\System\OvkWayJ.exe
  C:\Windows\System\OvkWayJ.exe
  2⤵
  PID:7764
- C:\Windows\System\YNODran.exe
  C:\Windows\System\YNODran.exe
  2⤵
  PID:7788
- C:\Windows\System\YBDcrRC.exe
  C:\Windows\System\YBDcrRC.exe
  2⤵
  PID:7808
- C:\Windows\System\AdRmSCe.exe
  C:\Windows\System\AdRmSCe.exe
  2⤵
  PID:7828
- C:\Windows\System\iBwKged.exe
  C:\Windows\System\iBwKged.exe
  2⤵
  PID:7848
- C:\Windows\System\uHktnnn.exe
  C:\Windows\System\uHktnnn.exe
  2⤵
  PID:7868
- C:\Windows\System\lSOESVa.exe
  C:\Windows\System\lSOESVa.exe
  2⤵
  PID:7884
- C:\Windows\System\EdKFsna.exe
  C:\Windows\System\EdKFsna.exe
  2⤵
  PID:7904
- C:\Windows\System\OCXyLsA.exe
  C:\Windows\System\OCXyLsA.exe
  2⤵
  PID:7924
- C:\Windows\System\TqFiYNd.exe
  C:\Windows\System\TqFiYNd.exe
  2⤵
  PID:7948
- C:\Windows\System\FaAAuCY.exe
  C:\Windows\System\FaAAuCY.exe
  2⤵
  PID:7964
- C:\Windows\System\phFCfpe.exe
  C:\Windows\System\phFCfpe.exe
  2⤵
  PID:7984
- C:\Windows\System\omSTCgv.exe
  C:\Windows\System\omSTCgv.exe
  2⤵
  PID:8008
- C:\Windows\System\ayTjiTU.exe
  C:\Windows\System\ayTjiTU.exe
  2⤵
  PID:8028
- C:\Windows\System\jvrzhki.exe
  C:\Windows\System\jvrzhki.exe
  2⤵
  PID:8044
- C:\Windows\System\CSIvjaH.exe
  C:\Windows\System\CSIvjaH.exe
  2⤵
  PID:8068
- C:\Windows\System\pYPDjzZ.exe
  C:\Windows\System\pYPDjzZ.exe
  2⤵
  PID:8084
- C:\Windows\System\hUqrWow.exe
  C:\Windows\System\hUqrWow.exe
  2⤵
  PID:8108
- C:\Windows\System\ClJGQRg.exe
  C:\Windows\System\ClJGQRg.exe
  2⤵
  PID:8128
- C:\Windows\System\ucUvsJg.exe
  C:\Windows\System\ucUvsJg.exe
  2⤵
  PID:8148
- C:\Windows\System\oOUcqyr.exe
  C:\Windows\System\oOUcqyr.exe
  2⤵
  PID:8168
- C:\Windows\System\bmuNZTv.exe
  C:\Windows\System\bmuNZTv.exe
  2⤵
  PID:6452
- C:\Windows\System\JipaYVd.exe
  C:\Windows\System\JipaYVd.exe
  2⤵
  PID:7200
- C:\Windows\System\dNMiPIW.exe
  C:\Windows\System\dNMiPIW.exe
  2⤵
  PID:7208
- C:\Windows\System\xLUdMIF.exe
  C:\Windows\System\xLUdMIF.exe
  2⤵
  PID:7232
- C:\Windows\System\ROgEfNR.exe
  C:\Windows\System\ROgEfNR.exe
  2⤵
  PID:7304
- C:\Windows\System\zmZfAmw.exe
  C:\Windows\System\zmZfAmw.exe
  2⤵
  PID:7316
- C:\Windows\System\mBxKVJj.exe
  C:\Windows\System\mBxKVJj.exe
  2⤵
  PID:7336
- C:\Windows\System\DHDDktB.exe
  C:\Windows\System\DHDDktB.exe
  2⤵
  PID:7384
- C:\Windows\System\UIBUxsc.exe
  C:\Windows\System\UIBUxsc.exe
  2⤵
  PID:7440
- C:\Windows\System\PJKDUBT.exe
  C:\Windows\System\PJKDUBT.exe
  2⤵
  PID:7464
- C:\Windows\System\WtoWFXF.exe
  C:\Windows\System\WtoWFXF.exe
  2⤵
  PID:7476
- C:\Windows\System\rdNlyMF.exe
  C:\Windows\System\rdNlyMF.exe
  2⤵
  PID:7512
- C:\Windows\System\fIBJxkr.exe
  C:\Windows\System\fIBJxkr.exe
  2⤵
  PID:608
- C:\Windows\System\BXgTdpn.exe
  C:\Windows\System\BXgTdpn.exe
  2⤵
  PID:7572
- C:\Windows\System\bEjwnRj.exe
  C:\Windows\System\bEjwnRj.exe
  2⤵
  PID:7260
- C:\Windows\System\IaJjfed.exe
  C:\Windows\System\IaJjfed.exe
  2⤵
  PID:2536
- C:\Windows\System\zDCuUkQ.exe
  C:\Windows\System\zDCuUkQ.exe
  2⤵
  PID:7616
- C:\Windows\System\CRAzIvt.exe
  C:\Windows\System\CRAzIvt.exe
  2⤵
  PID:7664
- C:\Windows\System\oJSRcsD.exe
  C:\Windows\System\oJSRcsD.exe
  2⤵
  PID:7696
- C:\Windows\System\qbWKKnW.exe
  C:\Windows\System\qbWKKnW.exe
  2⤵
  PID:7736
- C:\Windows\System\PSNNUis.exe
  C:\Windows\System\PSNNUis.exe
  2⤵
  PID:7752
- C:\Windows\System\YdvHFWi.exe
  C:\Windows\System\YdvHFWi.exe
  2⤵
  PID:7756
- C:\Windows\System\FFQUNiS.exe
  C:\Windows\System\FFQUNiS.exe
  2⤵
  PID:7804
- C:\Windows\System\MVFuRmY.exe
  C:\Windows\System\MVFuRmY.exe
  2⤵
  PID:7836
- C:\Windows\System\CDMtEAl.exe
  C:\Windows\System\CDMtEAl.exe
  2⤵
  PID:7880
- C:\Windows\System\zSsdbWb.exe
  C:\Windows\System\zSsdbWb.exe
  2⤵
  PID:7932
- C:\Windows\System\rgMRiij.exe
  C:\Windows\System\rgMRiij.exe
  2⤵
  PID:7960
- C:\Windows\System\wsUiWkd.exe
  C:\Windows\System\wsUiWkd.exe
  2⤵
  PID:7992
- C:\Windows\System\hSuGPxg.exe
  C:\Windows\System\hSuGPxg.exe
  2⤵
  PID:8020
- C:\Windows\System\ZNjMcfF.exe
  C:\Windows\System\ZNjMcfF.exe
  2⤵
  PID:8056
- C:\Windows\System\VubNNSy.exe
  C:\Windows\System\VubNNSy.exe
  2⤵
  PID:8080
- C:\Windows\System\pvrMpWh.exe
  C:\Windows\System\pvrMpWh.exe
  2⤵
  PID:8120
- C:\Windows\System\qsdMRpK.exe
  C:\Windows\System\qsdMRpK.exe
  2⤵
  PID:2040
- C:\Windows\System\xJXayOx.exe
  C:\Windows\System\xJXayOx.exe
  2⤵
  PID:8180
- C:\Windows\System\VcwlgZZ.exe
  C:\Windows\System\VcwlgZZ.exe
  2⤵
  PID:7204
- C:\Windows\System\FcdCFfl.exe
  C:\Windows\System\FcdCFfl.exe
  2⤵
  PID:7228
- C:\Windows\System\gJyXrtx.exe
  C:\Windows\System\gJyXrtx.exe
  2⤵
  PID:7276
- C:\Windows\System\ZziUGQL.exe
  C:\Windows\System\ZziUGQL.exe
  2⤵
  PID:7332
- C:\Windows\System\iWiXxoU.exe
  C:\Windows\System\iWiXxoU.exe
  2⤵
  PID:7356
- C:\Windows\System\eAxhXOd.exe
  C:\Windows\System\eAxhXOd.exe
  2⤵
  PID:7452
- C:\Windows\System\xgspWwh.exe
  C:\Windows\System\xgspWwh.exe
  2⤵
  PID:7500
- C:\Windows\System\xkrHZBz.exe
  C:\Windows\System\xkrHZBz.exe
  2⤵
  PID:7568
- C:\Windows\System\YTqfDqC.exe
  C:\Windows\System\YTqfDqC.exe
  2⤵
  PID:7556
- C:\Windows\System\slDJZlB.exe
  C:\Windows\System\slDJZlB.exe
  2⤵
  PID:7648
- C:\Windows\System\gMgrIHB.exe
  C:\Windows\System\gMgrIHB.exe
  2⤵
  PID:7672
- C:\Windows\System\vZGOmxj.exe
  C:\Windows\System\vZGOmxj.exe
  2⤵
  PID:7716
- C:\Windows\System\uxJyuRi.exe
  C:\Windows\System\uxJyuRi.exe
  2⤵
  PID:7772
- C:\Windows\System\pAAYTbK.exe
  C:\Windows\System\pAAYTbK.exe
  2⤵
  PID:7780
- C:\Windows\System\rvqZvXn.exe
  C:\Windows\System\rvqZvXn.exe
  2⤵
  PID:7860
- C:\Windows\System\DLvXVbl.exe
  C:\Windows\System\DLvXVbl.exe
  2⤵
  PID:7936
- C:\Windows\System\EHvUWpa.exe
  C:\Windows\System\EHvUWpa.exe
  2⤵
  PID:8016
- C:\Windows\System\AwGxtvp.exe
  C:\Windows\System\AwGxtvp.exe
  2⤵
  PID:8052
- C:\Windows\System\sSgXvLz.exe
  C:\Windows\System\sSgXvLz.exe
  2⤵
  PID:8144
- C:\Windows\System\DWZxqSu.exe
  C:\Windows\System\DWZxqSu.exe
  2⤵
  PID:7720
- C:\Windows\System\OgMAjnG.exe
  C:\Windows\System\OgMAjnG.exe
  2⤵
  PID:7188
- C:\Windows\System\imbvNug.exe
  C:\Windows\System\imbvNug.exe
  2⤵
  PID:7480
- C:\Windows\System\HhvkriC.exe
  C:\Windows\System\HhvkriC.exe
  2⤵
  PID:7536
- C:\Windows\System\PNNXWGC.exe
  C:\Windows\System\PNNXWGC.exe
  2⤵
  PID:1476
- C:\Windows\System\QPUXjnt.exe
  C:\Windows\System\QPUXjnt.exe
  2⤵
  PID:7608
- C:\Windows\System\BdgNmyq.exe
  C:\Windows\System\BdgNmyq.exe
  2⤵
  PID:2420
- C:\Windows\System\ODimzxO.exe
  C:\Windows\System\ODimzxO.exe
  2⤵
  PID:7692
- C:\Windows\System\tworoDv.exe
  C:\Windows\System\tworoDv.exe
  2⤵
  PID:7776
- C:\Windows\System\pHYhPHY.exe
  C:\Windows\System\pHYhPHY.exe
  2⤵
  PID:7896
- C:\Windows\System\nUrTLqO.exe
  C:\Windows\System\nUrTLqO.exe
  2⤵
  PID:7916
- C:\Windows\System\uneaZpN.exe
  C:\Windows\System\uneaZpN.exe
  2⤵
  PID:8000
- C:\Windows\System\vVZlwQC.exe
  C:\Windows\System\vVZlwQC.exe
  2⤵
  PID:8104
- C:\Windows\System\VHeVvbc.exe
  C:\Windows\System\VHeVvbc.exe
  2⤵
  PID:8136
- C:\Windows\System\VOlELwY.exe
  C:\Windows\System\VOlELwY.exe
  2⤵
  PID:7172
- C:\Windows\System\qVMOtib.exe
  C:\Windows\System\qVMOtib.exe
  2⤵
  PID:7372
- C:\Windows\System\oBBmNwP.exe
  C:\Windows\System\oBBmNwP.exe
  2⤵
  PID:7444
- C:\Windows\System\FYRMaPS.exe
  C:\Windows\System\FYRMaPS.exe
  2⤵
  PID:7552
- C:\Windows\System\VuEeVIs.exe
  C:\Windows\System\VuEeVIs.exe
  2⤵
  PID:7796
- C:\Windows\System\uUPlpxO.exe
  C:\Windows\System\uUPlpxO.exe
  2⤵
  PID:7800
- C:\Windows\System\BrzWulU.exe
  C:\Windows\System\BrzWulU.exe
  2⤵
  PID:7876
- C:\Windows\System\UvrWFlD.exe
  C:\Windows\System\UvrWFlD.exe
  2⤵
  PID:8092
- C:\Windows\System\DPanmBg.exe
  C:\Windows\System\DPanmBg.exe
  2⤵
  PID:4376
- C:\Windows\System\bkNAsyY.exe
  C:\Windows\System\bkNAsyY.exe
  2⤵
  PID:7312
- C:\Windows\System\FvkAalq.exe
  C:\Windows\System\FvkAalq.exe
  2⤵
  PID:7588
- C:\Windows\System\wMqBznM.exe
  C:\Windows\System\wMqBznM.exe
  2⤵
  PID:7824
- C:\Windows\System\YoCWrbk.exe
  C:\Windows\System\YoCWrbk.exe
  2⤵
  PID:8060
- C:\Windows\System\iZeTnWc.exe
  C:\Windows\System\iZeTnWc.exe
  2⤵
  PID:7956
- C:\Windows\System\qXfxpuf.exe
  C:\Windows\System\qXfxpuf.exe
  2⤵
  PID:8004
- C:\Windows\System\mZKtptO.exe
  C:\Windows\System\mZKtptO.exe
  2⤵
  PID:8164
- C:\Windows\System\WcreUqJ.exe
  C:\Windows\System\WcreUqJ.exe
  2⤵
  PID:8200
- C:\Windows\System\qucHrov.exe
  C:\Windows\System\qucHrov.exe
  2⤵
  PID:8224
- C:\Windows\System\ZrrldRI.exe
  C:\Windows\System\ZrrldRI.exe
  2⤵
  PID:8240
- C:\Windows\System\fhoOQKg.exe
  C:\Windows\System\fhoOQKg.exe
  2⤵
  PID:8256
- C:\Windows\System\MKsPCfF.exe
  C:\Windows\System\MKsPCfF.exe
  2⤵
  PID:8272
- C:\Windows\System\nplkiox.exe
  C:\Windows\System\nplkiox.exe
  2⤵
  PID:8292
- C:\Windows\System\SKeJMJX.exe
  C:\Windows\System\SKeJMJX.exe
  2⤵
  PID:8308
- C:\Windows\System\lNxTzsj.exe
  C:\Windows\System\lNxTzsj.exe
  2⤵
  PID:8328
- C:\Windows\System\levjXQE.exe
  C:\Windows\System\levjXQE.exe
  2⤵
  PID:8352
- C:\Windows\System\vyQcKUp.exe
  C:\Windows\System\vyQcKUp.exe
  2⤵
  PID:8368
- C:\Windows\System\LwfbmaN.exe
  C:\Windows\System\LwfbmaN.exe
  2⤵
  PID:8396
- C:\Windows\System\SnnsQjK.exe
  C:\Windows\System\SnnsQjK.exe
  2⤵
  PID:8412
- C:\Windows\System\wAvCDzO.exe
  C:\Windows\System\wAvCDzO.exe
  2⤵
  PID:8436
- C:\Windows\System\rvEhlGP.exe
  C:\Windows\System\rvEhlGP.exe
  2⤵
  PID:8452
- C:\Windows\System\IhGxond.exe
  C:\Windows\System\IhGxond.exe
  2⤵
  PID:8472
- C:\Windows\System\zscJDqb.exe
  C:\Windows\System\zscJDqb.exe
  2⤵
  PID:8492
- C:\Windows\System\spxOcLt.exe
  C:\Windows\System\spxOcLt.exe
  2⤵
  PID:8516
- C:\Windows\System\QupKhar.exe
  C:\Windows\System\QupKhar.exe
  2⤵
  PID:8536
- C:\Windows\System\kPAbuSm.exe
  C:\Windows\System\kPAbuSm.exe
  2⤵
  PID:8552
- C:\Windows\System\qCskvDW.exe
  C:\Windows\System\qCskvDW.exe
  2⤵
  PID:8568
- C:\Windows\System\eqEwbPg.exe
  C:\Windows\System\eqEwbPg.exe
  2⤵
  PID:8584
- C:\Windows\System\XEqhbGt.exe
  C:\Windows\System\XEqhbGt.exe
  2⤵
  PID:8600
- C:\Windows\System\jhsgbxt.exe
  C:\Windows\System\jhsgbxt.exe
  2⤵
  PID:8616
- C:\Windows\System\jJNycBF.exe
  C:\Windows\System\jJNycBF.exe
  2⤵
  PID:8644
- C:\Windows\System\NEqTfDa.exe
  C:\Windows\System\NEqTfDa.exe
  2⤵
  PID:8664
- C:\Windows\System\uRJpBTU.exe
  C:\Windows\System\uRJpBTU.exe
  2⤵
  PID:8692
- C:\Windows\System\ulLWQKg.exe
  C:\Windows\System\ulLWQKg.exe
  2⤵
  PID:8708
- C:\Windows\System\OXXpqXl.exe
  C:\Windows\System\OXXpqXl.exe
  2⤵
  PID:8724
- C:\Windows\System\tehmYOS.exe
  C:\Windows\System\tehmYOS.exe
  2⤵
  PID:8740
- C:\Windows\System\IipWwdf.exe
  C:\Windows\System\IipWwdf.exe
  2⤵
  PID:8760
- C:\Windows\System\IxnAYAt.exe
  C:\Windows\System\IxnAYAt.exe
  2⤵
  PID:8776
- C:\Windows\System\sedFOcc.exe
  C:\Windows\System\sedFOcc.exe
  2⤵
  PID:8796
- C:\Windows\System\PvrabeB.exe
  C:\Windows\System\PvrabeB.exe
  2⤵
  PID:8812
- C:\Windows\System\bgWuOxH.exe
  C:\Windows\System\bgWuOxH.exe
  2⤵
  PID:8840
- C:\Windows\System\HHwCZMw.exe
  C:\Windows\System\HHwCZMw.exe
  2⤵
  PID:8856
- C:\Windows\System\tVKCfQG.exe
  C:\Windows\System\tVKCfQG.exe
  2⤵
  PID:8876
- C:\Windows\System\IdcIlWY.exe
  C:\Windows\System\IdcIlWY.exe
  2⤵
  PID:8972
- C:\Windows\System\lDpqKbg.exe
  C:\Windows\System\lDpqKbg.exe
  2⤵
  PID:9004
- C:\Windows\System\hdiFbtK.exe
  C:\Windows\System\hdiFbtK.exe
  2⤵
  PID:9020
- C:\Windows\System\qAyDytP.exe
  C:\Windows\System\qAyDytP.exe
  2⤵
  PID:9044
- C:\Windows\System\ErMBwYD.exe
  C:\Windows\System\ErMBwYD.exe
  2⤵
  PID:9068
- C:\Windows\System\VcpvQtO.exe
  C:\Windows\System\VcpvQtO.exe
  2⤵
  PID:9096
- C:\Windows\System\facRTol.exe
  C:\Windows\System\facRTol.exe
  2⤵
  PID:9112
- C:\Windows\System\VjzliAJ.exe
  C:\Windows\System\VjzliAJ.exe
  2⤵
  PID:9128
- C:\Windows\System\GhfQNUA.exe
  C:\Windows\System\GhfQNUA.exe
  2⤵
  PID:9148
- C:\Windows\System\xIwVvZh.exe
  C:\Windows\System\xIwVvZh.exe
  2⤵
  PID:9164
- C:\Windows\System\MBlIBvh.exe
  C:\Windows\System\MBlIBvh.exe
  2⤵
  PID:9184
- C:\Windows\System\dZEMOfd.exe
  C:\Windows\System\dZEMOfd.exe
  2⤵
  PID:9200
- C:\Windows\System\XBZdvow.exe
  C:\Windows\System\XBZdvow.exe
  2⤵
  PID:8208
- C:\Windows\System\FBHDjzu.exe
  C:\Windows\System\FBHDjzu.exe
  2⤵
  PID:8040
- C:\Windows\System\ZHBQwZt.exe
  C:\Windows\System\ZHBQwZt.exe
  2⤵
  PID:8236
- C:\Windows\System\NUFoicH.exe
  C:\Windows\System\NUFoicH.exe
  2⤵
  PID:8280
- C:\Windows\System\nCCzIgz.exe
  C:\Windows\System\nCCzIgz.exe
  2⤵
  PID:8300
- C:\Windows\System\pvyDUvr.exe
  C:\Windows\System\pvyDUvr.exe
  2⤵
  PID:8340
- C:\Windows\System\yLvcIoe.exe
  C:\Windows\System\yLvcIoe.exe
  2⤵
  PID:8364
- C:\Windows\System\vZmfvdI.exe
  C:\Windows\System\vZmfvdI.exe
  2⤵
  PID:8376
- C:\Windows\System\dXTYrAT.exe
  C:\Windows\System\dXTYrAT.exe
  2⤵
  PID:8424
- C:\Windows\System\yWUKCJe.exe
  C:\Windows\System\yWUKCJe.exe
  2⤵
  PID:8460
- C:\Windows\System\cCSCAbM.exe
  C:\Windows\System\cCSCAbM.exe
  2⤵
  PID:8500
- C:\Windows\System\PYghnBb.exe
  C:\Windows\System\PYghnBb.exe
  2⤵
  PID:8532
- C:\Windows\System\EOzrhCW.exe
  C:\Windows\System\EOzrhCW.exe
  2⤵
  PID:8580
- C:\Windows\System\VCMQvLY.exe
  C:\Windows\System\VCMQvLY.exe
  2⤵
  PID:8624
- C:\Windows\System\oqISipS.exe
  C:\Windows\System\oqISipS.exe
  2⤵
  PID:8640
- C:\Windows\System\oxHeozg.exe
  C:\Windows\System\oxHeozg.exe
  2⤵
  PID:8688
- C:\Windows\System\hWwpSVY.exe
  C:\Windows\System\hWwpSVY.exe
  2⤵
  PID:8736
- C:\Windows\System\EOunSNz.exe
  C:\Windows\System\EOunSNz.exe
  2⤵
  PID:8768
- C:\Windows\System\PlETuyJ.exe
  C:\Windows\System\PlETuyJ.exe
  2⤵
  PID:8792
- C:\Windows\System\AzcvedP.exe
  C:\Windows\System\AzcvedP.exe
  2⤵
  PID:8832
- C:\Windows\System\QLEQClw.exe
  C:\Windows\System\QLEQClw.exe
  2⤵
  PID:8864
- C:\Windows\System\VHXsaeA.exe
  C:\Windows\System\VHXsaeA.exe
  2⤵
  PID:8872
- C:\Windows\System\XEeNRnY.exe
  C:\Windows\System\XEeNRnY.exe
  2⤵
  PID:8896
- C:\Windows\System\fqoOLzq.exe
  C:\Windows\System\fqoOLzq.exe
  2⤵
  PID:8916
- C:\Windows\System\BVRrToM.exe
  C:\Windows\System\BVRrToM.exe
  2⤵
  PID:8936
- C:\Windows\System\IbEwdev.exe
  C:\Windows\System\IbEwdev.exe
  2⤵
  PID:8952
- C:\Windows\System\dmfbCYl.exe
  C:\Windows\System\dmfbCYl.exe
  2⤵
  PID:8968
- C:\Windows\System\qLOarEI.exe
  C:\Windows\System\qLOarEI.exe
  2⤵
  PID:8992
- C:\Windows\System\jpoQetl.exe
  C:\Windows\System\jpoQetl.exe
  2⤵
  PID:9016
- C:\Windows\System\sGsYWlr.exe
  C:\Windows\System\sGsYWlr.exe
  2⤵
  PID:9076
- C:\Windows\System\WFfCDgi.exe
  C:\Windows\System\WFfCDgi.exe
  2⤵
  PID:9064
- C:\Windows\System\NgJMcJP.exe
  C:\Windows\System\NgJMcJP.exe
  2⤵
  PID:9124
- C:\Windows\System\ZvBdPrm.exe
  C:\Windows\System\ZvBdPrm.exe
  2⤵
  PID:9104
- C:\Windows\System\KCssjCC.exe
  C:\Windows\System\KCssjCC.exe
  2⤵
  PID:8252
- C:\Windows\System\fHUWdNg.exe
  C:\Windows\System\fHUWdNg.exe
  2⤵
  PID:9144
- C:\Windows\System\DnxLSup.exe
  C:\Windows\System\DnxLSup.exe
  2⤵
  PID:8232
- C:\Windows\System\GXFFNaC.exe
  C:\Windows\System\GXFFNaC.exe
  2⤵
  PID:8320
- C:\Windows\System\yPmZLJI.exe
  C:\Windows\System\yPmZLJI.exe
  2⤵
  PID:8336
- C:\Windows\System\aITXykf.exe
  C:\Windows\System\aITXykf.exe
  2⤵
  PID:8344
- C:\Windows\System\umplDiA.exe
  C:\Windows\System\umplDiA.exe
  2⤵
  PID:8444
- C:\Windows\System\cAgvuNo.exe
  C:\Windows\System\cAgvuNo.exe
  2⤵
  PID:8508
- C:\Windows\System\WwiLJvY.exe
  C:\Windows\System\WwiLJvY.exe
  2⤵
  PID:8596
- C:\Windows\System\CktWzEr.exe
  C:\Windows\System\CktWzEr.exe
  2⤵
  PID:8656
- C:\Windows\System\UjxWelE.exe
  C:\Windows\System\UjxWelE.exe
  2⤵
  PID:8684
- C:\Windows\System\ZQLVDCC.exe
  C:\Windows\System\ZQLVDCC.exe
  2⤵
  PID:8636
- C:\Windows\System\mZCgkgm.exe
  C:\Windows\System\mZCgkgm.exe
  2⤵
  PID:9088
- C:\Windows\System\whuRbJK.exe
  C:\Windows\System\whuRbJK.exe
  2⤵
  PID:9160
- C:\Windows\System\UfMqDhd.exe
  C:\Windows\System\UfMqDhd.exe
  2⤵
  PID:8196
- C:\Windows\System\EYjvCsB.exe
  C:\Windows\System\EYjvCsB.exe
  2⤵
  PID:9136
- C:\Windows\System\rUooBWH.exe
  C:\Windows\System\rUooBWH.exe
  2⤵
  PID:8304
- C:\Windows\System\efINGkI.exe
  C:\Windows\System\efINGkI.exe
  2⤵
  PID:8408
- C:\Windows\System\PPWmkhs.exe
  C:\Windows\System\PPWmkhs.exe
  2⤵
  PID:8512
- C:\Windows\System\bwDeocv.exe
  C:\Windows\System\bwDeocv.exe
  2⤵
  PID:8528
- C:\Windows\System\eVnozuw.exe
  C:\Windows\System\eVnozuw.exe
  2⤵
  PID:8548
- C:\Windows\System\JWGywro.exe
  C:\Windows\System\JWGywro.exe
  2⤵
  PID:8720
- C:\Windows\System\AYBhvFr.exe
  C:\Windows\System\AYBhvFr.exe
  2⤵
  PID:8732
- C:\Windows\System\cLkMLBq.exe
  C:\Windows\System\cLkMLBq.exe
  2⤵
  PID:8824
- C:\Windows\System\Xywvwln.exe
  C:\Windows\System\Xywvwln.exe
  2⤵
  PID:8908
- C:\Windows\System\xwNHheq.exe
  C:\Windows\System\xwNHheq.exe
  2⤵
  PID:9052
- C:\Windows\System\IhCsxQE.exe
  C:\Windows\System\IhCsxQE.exe
  2⤵
  PID:9172
- C:\Windows\System\FiJQqjB.exe
  C:\Windows\System\FiJQqjB.exe
  2⤵
  PID:9084
- C:\Windows\System\cRezArV.exe
  C:\Windows\System\cRezArV.exe
  2⤵
  PID:8488
- C:\Windows\System\yKkUCKU.exe
  C:\Windows\System\yKkUCKU.exe
  2⤵
  PID:8432
- C:\Windows\System\qDXMawt.exe
  C:\Windows\System\qDXMawt.exe
  2⤵
  PID:8716
- C:\Windows\System\HTMBCnu.exe
  C:\Windows\System\HTMBCnu.exe
  2⤵
  PID:8868
- C:\Windows\System\HTFnFnC.exe
  C:\Windows\System\HTFnFnC.exe
  2⤵
  PID:8948
- C:\Windows\System\OtfkxbS.exe
  C:\Windows\System\OtfkxbS.exe
  2⤵
  PID:8940
- C:\Windows\System\YGDDHRJ.exe
  C:\Windows\System\YGDDHRJ.exe
  2⤵
  PID:9000
- C:\Windows\System\VoxDdyF.exe
  C:\Windows\System\VoxDdyF.exe
  2⤵
  PID:8756
- C:\Windows\System\TaySVcv.exe
  C:\Windows\System\TaySVcv.exe
  2⤵
  PID:8420
- C:\Windows\System\gtGwrvF.exe
  C:\Windows\System\gtGwrvF.exe
  2⤵
  PID:8752
- C:\Windows\System\mGKELqc.exe
  C:\Windows\System\mGKELqc.exe
  2⤵
  PID:8888
- C:\Windows\System\ZgycTAU.exe
  C:\Windows\System\ZgycTAU.exe
  2⤵
  PID:8984
- C:\Windows\System\zSerZyB.exe
  C:\Windows\System\zSerZyB.exe
  2⤵
  PID:9208
- C:\Windows\System\ctQARGB.exe
  C:\Windows\System\ctQARGB.exe
  2⤵
  PID:8468
- C:\Windows\System\pbaYrfz.exe
  C:\Windows\System\pbaYrfz.exe
  2⤵
  PID:9056
- C:\Windows\System\YPiUFTO.exe
  C:\Windows\System\YPiUFTO.exe
  2⤵
  PID:8392
- C:\Windows\System\lavuGJW.exe
  C:\Windows\System\lavuGJW.exe
  2⤵
  PID:9028
- C:\Windows\System\kjJNjja.exe
  C:\Windows\System\kjJNjja.exe
  2⤵
  PID:8960
- C:\Windows\System\DFELBLM.exe
  C:\Windows\System\DFELBLM.exe
  2⤵
  PID:9228
- C:\Windows\System\pKQXtzJ.exe
  C:\Windows\System\pKQXtzJ.exe
  2⤵
  PID:9252
- C:\Windows\System\ktTjZCk.exe
  C:\Windows\System\ktTjZCk.exe
  2⤵
  PID:9276
- C:\Windows\System\ozSBCcV.exe
  C:\Windows\System\ozSBCcV.exe
  2⤵
  PID:9292
- C:\Windows\System\yuWutQT.exe
  C:\Windows\System\yuWutQT.exe
  2⤵
  PID:9316
- C:\Windows\System\gQdqnST.exe
  C:\Windows\System\gQdqnST.exe
  2⤵
  PID:9332
- C:\Windows\System\eZeBJpu.exe
  C:\Windows\System\eZeBJpu.exe
  2⤵
  PID:9356
- C:\Windows\System\qMmbycW.exe
  C:\Windows\System\qMmbycW.exe
  2⤵
  PID:9372
- C:\Windows\System\pGfGRgM.exe
  C:\Windows\System\pGfGRgM.exe
  2⤵
  PID:9396
- C:\Windows\System\KmqpQHd.exe
  C:\Windows\System\KmqpQHd.exe
  2⤵
  PID:9412
- C:\Windows\System\iaUzvci.exe
  C:\Windows\System\iaUzvci.exe
  2⤵
  PID:9436
- C:\Windows\System\MsNsYfM.exe
  C:\Windows\System\MsNsYfM.exe
  2⤵
  PID:9452
- C:\Windows\System\MoIqbsT.exe
  C:\Windows\System\MoIqbsT.exe
  2⤵
  PID:9472
- C:\Windows\System\qqOcIiY.exe
  C:\Windows\System\qqOcIiY.exe
  2⤵
  PID:9488
- C:\Windows\System\BsJHVmL.exe
  C:\Windows\System\BsJHVmL.exe
  2⤵
  PID:9516
- C:\Windows\System\GoTGuVY.exe
  C:\Windows\System\GoTGuVY.exe
  2⤵
  PID:9532
- C:\Windows\System\rvTRXFH.exe
  C:\Windows\System\rvTRXFH.exe
  2⤵
  PID:9552
- C:\Windows\System\MkjebiA.exe
  C:\Windows\System\MkjebiA.exe
  2⤵
  PID:9572
- C:\Windows\System\bCWhpyr.exe
  C:\Windows\System\bCWhpyr.exe
  2⤵
  PID:9592
- C:\Windows\System\ODsWVuJ.exe
  C:\Windows\System\ODsWVuJ.exe
  2⤵
  PID:9616
- C:\Windows\System\btthMla.exe
  C:\Windows\System\btthMla.exe
  2⤵
  PID:9636
- C:\Windows\System\yHOSdbY.exe
  C:\Windows\System\yHOSdbY.exe
  2⤵
  PID:9652
- C:\Windows\System\xpCOpmK.exe
  C:\Windows\System\xpCOpmK.exe
  2⤵
  PID:9668
- C:\Windows\System\EAKxkGD.exe
  C:\Windows\System\EAKxkGD.exe
  2⤵
  PID:9688
- C:\Windows\System\VIKMYQm.exe
  C:\Windows\System\VIKMYQm.exe
  2⤵
  PID:9704
- C:\Windows\System\lWNKEOc.exe
  C:\Windows\System\lWNKEOc.exe
  2⤵
  PID:9720
- C:\Windows\System\kYxrebi.exe
  C:\Windows\System\kYxrebi.exe
  2⤵
  PID:9744
- C:\Windows\System\BrEKRBS.exe
  C:\Windows\System\BrEKRBS.exe
  2⤵
  PID:9772
- C:\Windows\System\ZMiLiuQ.exe
  C:\Windows\System\ZMiLiuQ.exe
  2⤵
  PID:9796
- C:\Windows\System\pVDYsTM.exe
  C:\Windows\System\pVDYsTM.exe
  2⤵
  PID:9816
- C:\Windows\System\XHfmqlQ.exe
  C:\Windows\System\XHfmqlQ.exe
  2⤵
  PID:9836
- C:\Windows\System\xbJrWpd.exe
  C:\Windows\System\xbJrWpd.exe
  2⤵
  PID:9856
- C:\Windows\System\AlAfvga.exe
  C:\Windows\System\AlAfvga.exe
  2⤵
  PID:9880
- C:\Windows\System\ErrasGe.exe
  C:\Windows\System\ErrasGe.exe
  2⤵
  PID:9896
- C:\Windows\System\XpVUVfh.exe
  C:\Windows\System\XpVUVfh.exe
  2⤵
  PID:9916
- C:\Windows\System\NSlgshE.exe
  C:\Windows\System\NSlgshE.exe
  2⤵
  PID:9936
- C:\Windows\System\KMKEQZW.exe
  C:\Windows\System\KMKEQZW.exe
  2⤵
  PID:9952
- C:\Windows\System\prikNrV.exe
  C:\Windows\System\prikNrV.exe
  2⤵
  PID:9972
- C:\Windows\System\UPLnbOQ.exe
  C:\Windows\System\UPLnbOQ.exe
  2⤵
  PID:10000
- C:\Windows\System\TAyNGAj.exe
  C:\Windows\System\TAyNGAj.exe
  2⤵
  PID:10016
- C:\Windows\System\eUGuGnP.exe
  C:\Windows\System\eUGuGnP.exe
  2⤵
  PID:10036
- C:\Windows\System\DlvWizN.exe
  C:\Windows\System\DlvWizN.exe
  2⤵
  PID:10052
- C:\Windows\System\CVhGVVo.exe
  C:\Windows\System\CVhGVVo.exe
  2⤵
  PID:10076
- C:\Windows\System\kuzGsOi.exe
  C:\Windows\System\kuzGsOi.exe
  2⤵
  PID:10096
- C:\Windows\System\xpjmBlD.exe
  C:\Windows\System\xpjmBlD.exe
  2⤵
  PID:10120
- C:\Windows\System\IevaNUO.exe
  C:\Windows\System\IevaNUO.exe
  2⤵
  PID:10136
- C:\Windows\System\XZePmmQ.exe
  C:\Windows\System\XZePmmQ.exe
  2⤵
  PID:10160
- C:\Windows\System\DpWYTMl.exe
  C:\Windows\System\DpWYTMl.exe
  2⤵
  PID:10176
- C:\Windows\System\KIEFcfV.exe
  C:\Windows\System\KIEFcfV.exe
  2⤵
  PID:10200
- C:\Windows\System\deWwJWg.exe
  C:\Windows\System\deWwJWg.exe
  2⤵
  PID:10220
- C:\Windows\System\PfrZvnr.exe
  C:\Windows\System\PfrZvnr.exe
  2⤵
  PID:9220
- C:\Windows\System\biHocWH.exe
  C:\Windows\System\biHocWH.exe
  2⤵
  PID:9260
- C:\Windows\System\FFVUbSM.exe
  C:\Windows\System\FFVUbSM.exe
  2⤵
  PID:9240
- C:\Windows\System\oLVRpVu.exe
  C:\Windows\System\oLVRpVu.exe
  2⤵
  PID:9304
- C:\Windows\System\qBzxMVL.exe
  C:\Windows\System\qBzxMVL.exe
  2⤵
  PID:9324
- C:\Windows\System\dIcsZWZ.exe
  C:\Windows\System\dIcsZWZ.exe
  2⤵
  PID:9364
- C:\Windows\System\VPUaKBM.exe
  C:\Windows\System\VPUaKBM.exe
  2⤵
  PID:9384
- C:\Windows\System\vLAeQbu.exe
  C:\Windows\System\vLAeQbu.exe
  2⤵
  PID:9404
- C:\Windows\System\WvricMh.exe
  C:\Windows\System\WvricMh.exe
  2⤵
  PID:9468
- C:\Windows\System\HYUDgTB.exe
  C:\Windows\System\HYUDgTB.exe
  2⤵
  PID:9504
- C:\Windows\System\UDuCUcA.exe
  C:\Windows\System\UDuCUcA.exe
  2⤵
  PID:9540
- C:\Windows\System\YJOucmv.exe
  C:\Windows\System\YJOucmv.exe
  2⤵
  PID:9564
- C:\Windows\System\UyXQzQQ.exe
  C:\Windows\System\UyXQzQQ.exe
  2⤵
  PID:9608
- C:\Windows\System\SmdPYub.exe
  C:\Windows\System\SmdPYub.exe
  2⤵
  PID:9628
- C:\Windows\System\hsHRUws.exe
  C:\Windows\System\hsHRUws.exe
  2⤵
  PID:9664
- C:\Windows\System\YXzbfVr.exe
  C:\Windows\System\YXzbfVr.exe
  2⤵
  PID:9644
- C:\Windows\System\utsMcbf.exe
  C:\Windows\System\utsMcbf.exe
  2⤵
  PID:9740
- C:\Windows\System\xoKUkRd.exe
  C:\Windows\System\xoKUkRd.exe
  2⤵
  PID:9756
- C:\Windows\System\TfvoDOJ.exe
  C:\Windows\System\TfvoDOJ.exe
  2⤵
  PID:9808
- C:\Windows\System\VATcXHN.exe
  C:\Windows\System\VATcXHN.exe
  2⤵
  PID:9812
- C:\Windows\System\gCDSdaD.exe
  C:\Windows\System\gCDSdaD.exe
  2⤵
  PID:9864
- C:\Windows\System\jSpsPOy.exe
  C:\Windows\System\jSpsPOy.exe
  2⤵
  PID:9888
- C:\Windows\System\LyEeNGt.exe
  C:\Windows\System\LyEeNGt.exe
  2⤵
  PID:9944
- C:\Windows\System\GkuyxPr.exe
  C:\Windows\System\GkuyxPr.exe
  2⤵
  PID:9992
- C:\Windows\System\jPvFOVy.exe
  C:\Windows\System\jPvFOVy.exe
  2⤵
  PID:10024
- C:\Windows\System\SqMlwnO.exe
  C:\Windows\System\SqMlwnO.exe
  2⤵
  PID:10008
- C:\Windows\System\YOlFiJY.exe
  C:\Windows\System\YOlFiJY.exe
  2⤵
  PID:10048
- C:\Windows\System\ZGlMwQO.exe
  C:\Windows\System\ZGlMwQO.exe
  2⤵
  PID:10088
- C:\Windows\System\vLwvjId.exe
  C:\Windows\System\vLwvjId.exe
  2⤵
  PID:10128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BXXmXfH.exe

Filesize
6.0MB

MD5
86e039bfc6f9f509773edeb64ca7d80e

SHA1
0e857771edb6f3398ec098901c2def256db2f844

SHA256
073491ff03f4db145303f704b72195065b9dcebc20a2eebd86d86e66e996aadb

SHA512
922179dc2d70c40160b33edcb558ffc4643cadca8fe66f2651cb6bcd80c12a21a5b34c258f4d163a2ef28d3e2d8a3861dc27b3473804b7ef56a31dc087061da6

Download Submit
C:\Windows\system\CvbdOAA.exe

Filesize
6.0MB

MD5
41a1ba7ecc85a4f8f4297e93097e11b2

SHA1
da01e387374fa29a55449e25afbb079237bfcf83

SHA256
0bc279224ee80572280e1e3770af391a5deba4a5c96629766cc6dfffddd6350b

SHA512
76281c22b57c79cab499ec2dbddfd5e3259f1fc19943dd492f8e7a62871134e18868d57c660d889ecf57c0ffbfdc1ba83994b435c889128d88dfd4c355136fec

Download Submit
C:\Windows\system\EgczDpV.exe

Filesize
6.0MB

MD5
54f644a5abfcaecaabaffbc5b3b674f9

SHA1
52d22effcc7c0e48117ec8bdf38bce064ee231af

SHA256
167def7ce106eb5ac648115fd09914fb7fa848ec285a5ad13ee025c78e724635

SHA512
f86f28891986a99d6be943cd0be90b17b23d714ac9fd2fe10c5fa5f1e2c3de06933f98e2cf347c66259f0ce9f7be47121a7ddd734bc72be6733cac05f24f9767

Download Submit
C:\Windows\system\GMsOipp.exe

Filesize
6.0MB

MD5
1c1230f67c346208b6d918ae38564539

SHA1
58a0e4b51f4fbf8838613eedf600babe3765800a

SHA256
956eba6a855047b14a8598df6a6e55185e332d9b44f6a50dd4ba22e78a3937c3

SHA512
ccf5baa204b397baec20b91771666d2ad44e3d22a14e9224cc6849fe69907d206f75feca352733b0a65aa47f852abdb833b431980054255f28ee815b263876de

Download Submit
C:\Windows\system\MesgloG.exe

Filesize
6.0MB

MD5
fae418005705c7e9ec96cae5015e8b8b

SHA1
95af726c6e2b616dddf923b6b36d66ff759e1da2

SHA256
aeaff3a5e42d69f2b9f9e4f37c828dce7f73827fb9099e8a5e55d3aef2d05a4f

SHA512
552da7dae244a04e3f1cca73187667ed26e7403b72faa18813a228d94f924e8260a7b1216bb0600ed3ad798f5c7e8bff7e6b8197613f2e8ffd9977d8ad1d92a0

Download Submit
C:\Windows\system\QRNyLGX.exe

Filesize
6.0MB

MD5
79dcc8e812ce1fea2d9225eb345f556a

SHA1
b08e4aea7c8e248fe83ae53699b7aa28e990e256

SHA256
cd80d3d276c22dc095e8aca43c470b20dde3811089a97ea0ac42967d534db297

SHA512
2aa143f6d2bb937a893cf26eb04bce908dbeb7e324ebfc3675ba58d88edc6410ffe96933718a1203cd5278888a7b58653e7761d2135f7eb0abee5b24260cdbd3

Download Submit
C:\Windows\system\QmbSveW.exe

Filesize
6.0MB

MD5
c16fda39817df6ce8ec8ad3bf3450791

SHA1
6616e8f2eef87b041ac08d5c00d29beeded41e58

SHA256
6f97bdffad42e9f17bd686dd03d69ddd9cdb4e2b59ed2ce1afa08690fb1471fc

SHA512
33271b02bbc7afffe387752f894299ff96fdde052ac39a4518ec39888c9edbce916c80ea4c532e01d2412ba581a5b2aadfbb487d6beb70d614cf2b1d776a9b59

Download Submit
C:\Windows\system\Rfzppku.exe

Filesize
6.0MB

MD5
ef5d3aaf6f4c89aebb9cd909b913fb71

SHA1
cfa76d08cce1df4cc45da5b3cc68836833802920

SHA256
d8a7065b5220ca700da27b2264e16b835822bd14399b285ecc134edc9700b061

SHA512
3982a0a0d9a7a8390fe1103c2ca4a4258caa8ba4d8cdcc5669340254638e03f61fa175a2d1d6e4e3cf174ef43e6522984d323d6d60fe62991cf2b907b401c37a

Download Submit
C:\Windows\system\RmQKFwS.exe

Filesize
6.0MB

MD5
978aec8a97ac4a7c82c4c51c2b36f059

SHA1
d26a235d9ec9ac8afe3bdaa5996e4514a79d2393

SHA256
482409f68bafc5fbdae8cd7579b619cb5a12e1145edd02a3096af07526b0f6e5

SHA512
99e9cca7d846dca7eda7f79ac13a5e7c7653fc7bae3cff69adad19897165f4ba0797bc018531f267c5eca8d17ab8f503550298ae88fc34b18bb9bc27c766a35b

Download Submit
C:\Windows\system\UKqnaZp.exe

Filesize
6.0MB

MD5
9f6e0cbbdbf57e15e04905355f756a2d

SHA1
470342ddf15d540066b5fb40fed8e686a9e9bdef

SHA256
d611f4b732bff1a46c4b34c823f929f998dffd8d5d79685777f9d86056c5a5c9

SHA512
2147b30706b5ec1bf4261502573dfa61393a269becf7ff006537f169b14bdf2df71d4e4d20e554b7caccffa292185b2040cf653cd10ca7174082ebd6152e5be1

Download Submit
C:\Windows\system\VEahiah.exe

Filesize
6.0MB

MD5
8ae3fa9209b3fa4f84d0e2c3c7ffa250

SHA1
01cbee10fbe29c69a2de25ceff3c54c8c375f2bc

SHA256
f5ecc21a885931984b1debdb610460020acf2d51db248052b41820e79f6acfdf

SHA512
e759754181ead9a98ae1ce026cebd256b19203fc3d8baa2b5de5b692fde8b8823d4fad0ab73e5589cfa9e9169b64bafd5e5d74f25e0411d2190f8afe7d52328b

Download Submit
C:\Windows\system\fcQjZDK.exe

Filesize
6.0MB

MD5
00af552579f6efef2ddbf3758b5121b1

SHA1
099740e867735a243610e4bfdd36f3a8700462bb

SHA256
ae9fd0b82fc92eb53a46f200eaecb48c329c1c83dc8f8f125542741cd25cbd1c

SHA512
10a510030af8fd40edcacdb1c83bf55e7debaf7e081c07d9220010a910552f8f07f9340b05b05ac891b4354f32625ff090c811e63c561275a8b84e1c717a8b6c

Download Submit
C:\Windows\system\goBwIcQ.exe

Filesize
6.0MB

MD5
8f72840d2d91378bb1f5e5b621878aff

SHA1
7af79b42601deb06f66b133d9c3fb886717d5810

SHA256
99af2a1b70166ccec5d340e8517f4ef74d88386d160f0908626f68af6182968d

SHA512
8c88c8fe9ccef4a908492b39b0bae1864d38506132307dd7c21341c83678a192d984b79e84c0b1f6c7473397932560ed83b78caf822f39ae32485b5dcf944688

Download Submit
C:\Windows\system\kJaFGSX.exe

Filesize
6.0MB

MD5
dff60943a1d4c3fd07b92c57ec3f079b

SHA1
dc8c5cdb56ad8c90cbe9197e439ddaad6660493b

SHA256
feab3db2865ead84517acf37fef33a6a74abfe5e3dfa688b160164b9e1639a8f

SHA512
f80b49a1312d57f4c787e63c9b037d6ff041b212e25bbba055b7f0090f4a88d45fd8712c64e78b20226c7d0af667c0b5b18d2739903903dda89d8bc0d82ec395

Download Submit
C:\Windows\system\kQUedyH.exe

Filesize
6.0MB

MD5
d5ed0e56666f8e468a4a0c3af7eaab4a

SHA1
2a94d181864c15db0f42e7c35fce340d6551aa72

SHA256
4ce241cc4ad1f5126b36b8f825d7c6943e2c5d15614db4d1337f2343f57ee2ca

SHA512
98f2eb7b75d984ac0380a17cd309ace77e85177450bf079e01645353b1ea396e726f14fd34498cd69673035a5d20294d941f35deb5d2c6ffc56ab66644b7f40e

Download Submit
C:\Windows\system\ngRcxpJ.exe

Filesize
6.0MB

MD5
b72116bc3520c4f648ba65709b09896e

SHA1
83d9453e227ce74ad4c7ddd2929a447bbd83edbf

SHA256
8a0f6b3998cdb920a87a359a4b22a39527bee1464ed40f3f79b772ef24398d53

SHA512
09e5fb69abe1f1f66c7138f86bcb5a1e9acef850897d0974e52c7dfc3decc4e4911f15cb513eb745d9ffebe8d418c9b682499be2c5d86a6e2b7ace425867f356

Download Submit
C:\Windows\system\rJwXYTM.exe

Filesize
6.0MB

MD5
201ac7a89bb11bb08b7499dbebdf3000

SHA1
90c9dcbd71f332fe4c98645dda80384c6c5d5b93

SHA256
30dbf3a9198f940207b2689b9759adbd8f0d5d0db59042c17ce6a36390f7d4b9

SHA512
0a041eaa121c3d57b4dabc099ce423e64fdea726edccd0a9994e0116674284c83c021bd234398fc9db6f6282e90e289a1634ac22713063e873ff5b89a8b7f99e

Download Submit
C:\Windows\system\wmmGKBg.exe

Filesize
6.0MB

MD5
b22fa3580030377ab378e1e9a802d954

SHA1
8dfabdf0c59ca3c825835cbd6f2a83ccd831f0ae

SHA256
fc1337a6e4b1047c9177fa4fed560be1e61573b4fd1ca33b85ac14ec8dd7240f

SHA512
d1d9992b010d867d4e58786e724d3daf7967e9abd9c46ddf8f55efda6ba98151ab46dd90a6fa621582d657def175766c5b7584c89d349f8fd96e6284c8ba8af5

Download Submit
C:\Windows\system\xVOwMUJ.exe

Filesize
6.0MB

MD5
a707dd689866356d54c98be2f93686fe

SHA1
5cdda8ab12163fcd9c8cc3094975c4f1a6c78630

SHA256
221b815042619fa0cd3ca4be395d3eab42cf8ebbf5267cc187c71229128527f6

SHA512
3a51807be650e45d866a5c0826e77c8563cc06b541de0cbe62515b4079093eba08c175487381c75652fca6baa1fa533572bea1f97ebf1b72d2ca365accaedb32

Download Submit
C:\Windows\system\yIWZtvw.exe

Filesize
6.0MB

MD5
be144f5c4daf1d00fda717ec58cb9991

SHA1
2b1c91da562f459d59ec182fe70e4032c48ce387

SHA256
d91173409707b7b68210b9dd51303fb3c51ea93357b3c3665bb42da6782aaeb6

SHA512
78f2c552cd70f5c9605e473cac03935df9f2d651f2fdc2efe089797179c377e2632c3ab6a0bbc9f963b06ef8d6170df2ded2c737948e4444f7ec58ac9638538c

Download Submit
C:\Windows\system\ytPcLVX.exe

Filesize
6.0MB

MD5
356f69dc6cc814e5eaa73c83b2eaf729

SHA1
8c3d79d04935c44fb477278234c76d2835a78a78

SHA256
567c4d06fd183577e3e09a1915247b353173e6043eb4bba5abef93f332c4176e

SHA512
185d68ea8c8a2a62488a8e9be262dcc31249775d8eb2907821eeb88dbb54970194f760c8a1a842a5ff583a63721c28c62e38543a029da6de6226ed00f07cb7e4

Download Submit
C:\Windows\system\zFAIwDs.exe

Filesize
6.0MB

MD5
f00e00ce80a5a2de2b5951c34344c2cc

SHA1
7f90e1ba3529ee839dab56dc373a33b3ab8aa2f0

SHA256
2227b29e1811c6b31e340af6b5fd5edef7761305a83ef4630509e560823d06fa

SHA512
fcd1500f90e510470aa1aad2820e2dbdadeeb1a1ddd4c5e0789617c1bed1b674df93235e57c3ba269a51e2fcc15927fa2f72d3535f965cf8072289ac16037af4

Download Submit
C:\Windows\system\zOewyPx.exe

Filesize
6.0MB

MD5
a585e623e2e820b8a76ab220a0cec980

SHA1
ef1e4ac3d10ce051a14e4f4238d88054c024b593

SHA256
abc673c4e71b9133194db09de2752fe6ed89926d666a09fad49713bb41756559

SHA512
595b9e8d6efea98d6aa3e40ab3b1052f1195caf4f63c1becd8ddb88c80605959c58dffd876e3e13dd6a757874142aa20c333a754098f86125692bad92e5ad63e

Download Submit
\Windows\system\CYvtcVc.exe

Filesize
6.0MB

MD5
360173942b422d72a79034830ca55ed0

SHA1
4d9efa272e939f2bf098166ac4c9f52cfd316ef7

SHA256
cd050d8bc71289354f9240a67046e84df33badd13247be955f1ca7c17d3d418e

SHA512
3778ec8eae6ccc1dd12499a8083e51f0cc38c75a650361a5b9df6b24460a85c77bef106450ffd080fd98da74d1c7779d29cf7cb31dfd555ab1a3ec557cb4146e

Download Submit
\Windows\system\DyCfuar.exe

Filesize
6.0MB

MD5
ae35848acf72d9e01f1c7c8089e5c7b2

SHA1
7a4a93ae750083fd5aaf53b84c77d99632ac33ee

SHA256
540819dc04c760ab99f2ab95599d49624d451bf3f8eba26f295b95031ec9e5e7

SHA512
8770e12a258beb56edd09dd9c0fcb5e1590e3a32295f83d4a8cb03069d3c3638d8187d0d478eaaeac939590c97f2383d97f14b5f5f74eacf03d865a76dbc882a

Download Submit
\Windows\system\FCTionw.exe

Filesize
6.0MB

MD5
4977d97623611a7bea6db6d20b33a0ae

SHA1
e0069a37ece9ff8d5074ae82aedcf4cbd1234f2e

SHA256
6f49e477451046969e038a5b89d2bc941edcc0aaf453a77551407087a3c375c2

SHA512
162b9d263fa3552d1386a7e6f3c63ed6f1ced0d7508ae01197de9c0c580fd402576f7ad6144897c7d8b7603215fe817ae961b689c7aa57529fdf5bc2b45c4923

Download Submit
\Windows\system\NLjlLTY.exe

Filesize
6.0MB

MD5
113a8d64ee0e184aae508f22c5402bf8

SHA1
8771f023753c2ede99896a88e77b8cd1af33df8b

SHA256
1c3f878d4b1db3227f905926d1d1c34e7703b46b0e3195408842820849e18c2e

SHA512
fcd1859b34ecf1356063778156a7d51b83ac165ef38e4bda132c6c50ffbda8da9942b00ad3b247b9468e2154ec2c86189463b73386065902deb73412e1754a4a

Download Submit
\Windows\system\bSSrYjf.exe

Filesize
6.0MB

MD5
d35e828ec91ea9143924c509b5ba78e7

SHA1
b30feb508ff2e9abd6a203b16a19908cb2e8f23b

SHA256
9f5ca5024144a738816d15d0cc1d2804d3fdb9f159e81c391ae478d144b5605d

SHA512
7b00dd926575a701f45b0723e9fe332dfcff170cc4aeb5e4b0989aeec17aed64cc86736faf7277592b9b14e7eca03fc097d8cdb01a2fc38724e19ab34d5b3ddd

Download Submit
\Windows\system\mBCLhYn.exe

Filesize
6.0MB

MD5
fc0c158f0c4ebff475efed716d14daf6

SHA1
3d89493f8e04ab8939bdb37d6ba14ddddc6e692e

SHA256
c139d69bbcc1c63115cb581b03a359f72478df7e1e645da50fb0f414e30d9d5a

SHA512
280e1b5d5495e234e24aae2cbd382df5582353d7e51e6a04f9198fc73e817a5ea8d39907be6339c6c64ffd2ba2daea053068c3b701a814ab4342ca66bf403455

Download Submit
\Windows\system\uRLbEdG.exe

Filesize
6.0MB

MD5
b77f4affda39e26ba243db14e76fbf5d

SHA1
622081fd4394a9200a355f613aa9f51dbef6f523

SHA256
17f6980c87c8d5cd50757a43406e6ec460ba810f959baf19ced411d20cd35ac2

SHA512
63d1bae37f02e868fe036955559c53b0dfeae19e5a2975377fdfb58c2222c37795cf6fdaa8a82f5f2544c3484e4cf3e79310c0bfe23c45ee3138fafc9e5fe3f2

Download Submit
\Windows\system\xJtTybD.exe

Filesize
6.0MB

MD5
ecf4a5904a239a1d83210dbd7aab72b3

SHA1
59a2cb345685911f025ac6ee4b1877f888eb086b

SHA256
14ef74cf9de8642932b94eb793253eeac28f016c3749038462e3a220cd60b12e

SHA512
b5772f519c307f015cba3661559e0dd2cef4f1e710e9daff1ef8fed1de191b377681900c37a4a7a4e464d1614765147b0775e7237980c6124de48331f8c8aafa

Download Submit
\Windows\system\yOQiIwq.exe

Filesize
6.0MB

MD5
19cb3918739fc67ed86a106c3fc5ac3e

SHA1
20e34e95e4d25b32f779997d3732860ad32dd792

SHA256
7675456ef6196e41078778a09ab5624a36757bb42953fab68163265396b54315

SHA512
3df8a79c8113bc15c492566ecd7446623074e086fda8b56e6effb2a992ac9a6a62550c46b1257262661db38d1f499527b69594494a17ef1687497fef02abebf9

Download Submit
memory/752-86-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/752-1821-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/752-207-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1188-70-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1188-108-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1188-1794-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1380-59-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1380-23-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1380-1815-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1812-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-78-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-144-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-36-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2304-105-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-48-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-73-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-443-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-44-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2304-63-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-88-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-40-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-81-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2304-114-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-97-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-5-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-683-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-113-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-553-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2304-14-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2304-211-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-55-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-21-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-39-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-0-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2304-175-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/2304-25-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-32-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1791-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-100-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-60-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-69-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-29-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1697-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-77-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3161-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-37-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-45-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2772-85-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1772-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2780-53-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-91-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1793-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2860-8-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-43-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1819-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-616-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2916-109-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1823-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2924-101-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1822-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2924-486-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1820-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2948-223-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2948-92-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2972-16-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1609-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2972-52-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download