cobaltstrike | 2e5601d7ab3e9a3fd1b5b62283ca3459041ec58bd21d5a7c3ce4407b7df0e653

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

28b5bf9bc186e3f919b8902b1697c131
SHA1

06e1fed93e9243ea8cfa4def1c0357ca70f4045c
SHA256

2e5601d7ab3e9a3fd1b5b62283ca3459041ec58bd21d5a7c3ce4407b7df0e653
SHA512

58519ac12ca473d85e6ff61f5aa897c3c1b6bbc1ae1d3831024fd1d6681d347f02a9ad55fe244aa3a1dd00a7365ae700cae47325adb64aa2dd33f4272631ab51
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-23.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-45.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001873d-32.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-76.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925e-69.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018683-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2440-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/memory/2204-8-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00070000000186fd-15.dat	xmrig
behavioral1/files/0x00070000000186ee-9.dat	xmrig
behavioral1/memory/1944-14-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2568-22-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000018728-23.dat	xmrig
behavioral1/memory/3040-36-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000600000001878f-45.dat	xmrig
behavioral1/memory/1748-34-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000600000001873d-32.dat	xmrig
behavioral1/memory/2440-1125-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2404-941-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2640-488-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2664-271-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x00050000000197f8-189.dat	xmrig
behavioral1/files/0x0005000000019838-192.dat	xmrig
behavioral1/files/0x00050000000196b1-182.dat	xmrig
behavioral1/files/0x0005000000019667-173.dat	xmrig
behavioral1/files/0x000500000001977d-187.dat	xmrig
behavioral1/files/0x0005000000019623-162.dat	xmrig
behavioral1/files/0x00050000000196af-177.dat	xmrig
behavioral1/files/0x0005000000019625-166.dat	xmrig
behavioral1/files/0x0005000000019621-149.dat	xmrig
behavioral1/files/0x0005000000019622-156.dat	xmrig
behavioral1/files/0x0005000000019619-141.dat	xmrig
behavioral1/files/0x000500000001961d-137.dat	xmrig
behavioral1/files/0x000500000001961f-145.dat	xmrig
behavioral1/files/0x0005000000019615-123.dat	xmrig
behavioral1/files/0x000500000001961b-136.dat	xmrig
behavioral1/files/0x0005000000019611-113.dat	xmrig
behavioral1/memory/2440-110-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-126.dat	xmrig
behavioral1/memory/980-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960f-107.dat	xmrig
behavioral1/files/0x000500000001960d-99.dat	xmrig
behavioral1/files/0x0005000000019613-117.dat	xmrig
behavioral1/memory/2404-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2736-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2116-86-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000500000001960b-89.dat	xmrig
behavioral1/files/0x0005000000019609-84.dat	xmrig
behavioral1/memory/2640-79-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-76.dat	xmrig
behavioral1/memory/2664-71-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000800000001925e-69.dat	xmrig
behavioral1/memory/2648-66-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1944-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2736-57-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000187a5-55.dat	xmrig
behavioral1/files/0x0008000000018683-62.dat	xmrig
behavioral1/memory/2772-51-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0006000000018784-41.dat	xmrig
behavioral1/memory/2920-49-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2440-38-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2204-48-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2736-3957-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2920-3989-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2568-4001-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2648-4003-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2772-4006-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/3040-4005-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2640-4004-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2204	DkXJaNC.exe
1944	KTVqPFC.exe
2568	HyRjJeX.exe
1748	WFFeWsw.exe
3040	odZCFLk.exe
2920	tPvsgSf.exe
2772	SZQILYE.exe
2736	UdyNsFk.exe
2648	dCKGrbk.exe
2664	CSjstnx.exe
2640	LQjTqit.exe
2116	XTouzgZ.exe
2404	NvkGvTc.exe
980	EThecsG.exe
1108	TtHQFCZ.exe
2036	PYvxQZX.exe
1992	AwqzxGk.exe
2848	qmukdkI.exe
2828	CsJMkQi.exe
1664	mMhCWYr.exe
2980	ScNgJsv.exe
1968	pHOIFsq.exe
1808	KlBxirc.exe
2432	xkqHGjy.exe
800	WbRCuSf.exe
2180	drIuZRJ.exe
2368	cCkSEbL.exe
2408	fELbdAl.exe
2096	hgeCIRY.exe
2816	SpZGMOR.exe
1184	uJRhNck.exe
1672	GIsZZRt.exe
1604	EowDusP.exe
3068	WSTTVNt.exe
1712	mFdlRbj.exe
856	qryUeqa.exe
1088	dnugMmV.exe
1556	JWkoXGw.exe
1660	SBBnmcu.exe
912	tjxTsVP.exe
1528	dnvGuhH.exe
952	dHEXQve.exe
2232	tQmSREO.exe
2276	CuKtHnT.exe
2084	vJnJNPw.exe
352	xphEynu.exe
2064	dtdGlCV.exe
1804	rHofZyT.exe
2032	ysjWpiJ.exe
804	QgobcMK.exe
1704	Tingate.exe
2540	ExgVMet.exe
1588	lOntWSU.exe
1692	uHzahwR.exe
1628	jduzQJn.exe
2388	CESdmLN.exe
2300	jlrdJnt.exe
1044	gRDPZPz.exe
2884	OqRswye.exe
2660	MYcPNgB.exe
1396	duQfsai.exe
848	dNAiGPX.exe
2868	aBaljPY.exe
2992	Uknjckx.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2440-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/memory/2204-8-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00070000000186fd-15.dat	upx
behavioral1/files/0x00070000000186ee-9.dat	upx
behavioral1/memory/1944-14-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2568-22-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000018728-23.dat	upx
behavioral1/memory/3040-36-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000600000001878f-45.dat	upx
behavioral1/memory/1748-34-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000600000001873d-32.dat	upx
behavioral1/memory/2404-941-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2640-488-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2664-271-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x00050000000197f8-189.dat	upx
behavioral1/files/0x0005000000019838-192.dat	upx
behavioral1/files/0x00050000000196b1-182.dat	upx
behavioral1/files/0x0005000000019667-173.dat	upx
behavioral1/files/0x000500000001977d-187.dat	upx
behavioral1/files/0x0005000000019623-162.dat	upx
behavioral1/files/0x00050000000196af-177.dat	upx
behavioral1/files/0x0005000000019625-166.dat	upx
behavioral1/files/0x0005000000019621-149.dat	upx
behavioral1/files/0x0005000000019622-156.dat	upx
behavioral1/files/0x0005000000019619-141.dat	upx
behavioral1/files/0x000500000001961d-137.dat	upx
behavioral1/files/0x000500000001961f-145.dat	upx
behavioral1/files/0x0005000000019615-123.dat	upx
behavioral1/files/0x000500000001961b-136.dat	upx
behavioral1/files/0x0005000000019611-113.dat	upx
behavioral1/files/0x0005000000019617-126.dat	upx
behavioral1/memory/980-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000500000001960f-107.dat	upx
behavioral1/files/0x000500000001960d-99.dat	upx
behavioral1/files/0x0005000000019613-117.dat	upx
behavioral1/memory/2404-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2736-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2116-86-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000500000001960b-89.dat	upx
behavioral1/files/0x0005000000019609-84.dat	upx
behavioral1/memory/2640-79-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-76.dat	upx
behavioral1/memory/2664-71-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000800000001925e-69.dat	upx
behavioral1/memory/2648-66-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1944-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2736-57-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00060000000187a5-55.dat	upx
behavioral1/files/0x0008000000018683-62.dat	upx
behavioral1/memory/2772-51-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0006000000018784-41.dat	upx
behavioral1/memory/2920-49-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2440-38-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2204-48-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2736-3957-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2920-3989-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2568-4001-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2648-4003-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2772-4006-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/3040-4005-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2640-4004-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2664-4040-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1944-4041-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vJnJNPw.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVbmGzC.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkebpYC.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJmbsjP.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzKEHHp.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLGNTfm.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjGRRTk.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmiVZeP.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkeImhZ.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKjCwYX.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApNTNmk.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImkxOZo.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DteEFfD.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IICFIRu.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOIkWxR.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlBxirc.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYQvbHV.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqJHlMP.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgeHJHR.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBeYJDR.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScNgJsv.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LADhEIF.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHazmMr.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeAClxK.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMQHiPM.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxWOOmm.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsvmBKZ.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrvBWSY.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZSVdWs.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qotsWIv.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHDGAls.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyRjJeX.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duQfsai.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwydGtV.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHAYiUw.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPUCCfC.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jppGyik.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBKeGFN.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcAxdmp.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfdRRtk.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOdoAXg.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnMZpSE.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXkiBfX.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbTQlpa.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdCgEOb.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuQanPr.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyaGCNA.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfSzjZR.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtGWowX.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNniTMa.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDbUrwF.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyHkyJw.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrSbqtq.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYcQikn.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dadgcAD.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYXHyyH.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdNFuNr.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpyGkaX.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkXJaNC.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIsZZRt.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPnexSw.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHStLtc.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CofyqnE.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edHrxTE.exe	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2204	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2204	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 2204	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2440 wrote to memory of 1944	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 1944	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 1944	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2440 wrote to memory of 2568	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2568	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 2568	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2440 wrote to memory of 1748	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 1748	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 1748	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2440 wrote to memory of 3040	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 3040	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 3040	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2440 wrote to memory of 2920	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2920	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2920	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2440 wrote to memory of 2772	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2772	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2772	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2440 wrote to memory of 2736	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2736	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2736	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2440 wrote to memory of 2648	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2648	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2648	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2440 wrote to memory of 2664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2440 wrote to memory of 2640	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2640	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2640	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2440 wrote to memory of 2116	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 2116	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 2116	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2440 wrote to memory of 2404	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 2404	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 2404	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2440 wrote to memory of 980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2440 wrote to memory of 1108	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 1108	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 1108	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2440 wrote to memory of 2036	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 2036	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 2036	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2440 wrote to memory of 1992	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 1992	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 1992	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2440 wrote to memory of 2848	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2848	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2848	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2440 wrote to memory of 2828	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2828	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2828	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2440 wrote to memory of 2980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 2980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 2980	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2440 wrote to memory of 1664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 1664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 1664	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2440 wrote to memory of 1808	2440	2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_28b5bf9bc186e3f919b8902b1697c131_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System\DkXJaNC.exe
  C:\Windows\System\DkXJaNC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\KTVqPFC.exe
  C:\Windows\System\KTVqPFC.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\HyRjJeX.exe
  C:\Windows\System\HyRjJeX.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WFFeWsw.exe
  C:\Windows\System\WFFeWsw.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\odZCFLk.exe
  C:\Windows\System\odZCFLk.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\tPvsgSf.exe
  C:\Windows\System\tPvsgSf.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\SZQILYE.exe
  C:\Windows\System\SZQILYE.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\UdyNsFk.exe
  C:\Windows\System\UdyNsFk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\dCKGrbk.exe
  C:\Windows\System\dCKGrbk.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\CSjstnx.exe
  C:\Windows\System\CSjstnx.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\LQjTqit.exe
  C:\Windows\System\LQjTqit.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\XTouzgZ.exe
  C:\Windows\System\XTouzgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\NvkGvTc.exe
  C:\Windows\System\NvkGvTc.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\EThecsG.exe
  C:\Windows\System\EThecsG.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\TtHQFCZ.exe
  C:\Windows\System\TtHQFCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\PYvxQZX.exe
  C:\Windows\System\PYvxQZX.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\AwqzxGk.exe
  C:\Windows\System\AwqzxGk.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\qmukdkI.exe
  C:\Windows\System\qmukdkI.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\CsJMkQi.exe
  C:\Windows\System\CsJMkQi.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ScNgJsv.exe
  C:\Windows\System\ScNgJsv.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\mMhCWYr.exe
  C:\Windows\System\mMhCWYr.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\KlBxirc.exe
  C:\Windows\System\KlBxirc.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\pHOIFsq.exe
  C:\Windows\System\pHOIFsq.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\WbRCuSf.exe
  C:\Windows\System\WbRCuSf.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\xkqHGjy.exe
  C:\Windows\System\xkqHGjy.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\drIuZRJ.exe
  C:\Windows\System\drIuZRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\cCkSEbL.exe
  C:\Windows\System\cCkSEbL.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\fELbdAl.exe
  C:\Windows\System\fELbdAl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\hgeCIRY.exe
  C:\Windows\System\hgeCIRY.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\SpZGMOR.exe
  C:\Windows\System\SpZGMOR.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\uJRhNck.exe
  C:\Windows\System\uJRhNck.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\WSTTVNt.exe
  C:\Windows\System\WSTTVNt.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\GIsZZRt.exe
  C:\Windows\System\GIsZZRt.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\qryUeqa.exe
  C:\Windows\System\qryUeqa.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\EowDusP.exe
  C:\Windows\System\EowDusP.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\dnugMmV.exe
  C:\Windows\System\dnugMmV.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\mFdlRbj.exe
  C:\Windows\System\mFdlRbj.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\JWkoXGw.exe
  C:\Windows\System\JWkoXGw.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\SBBnmcu.exe
  C:\Windows\System\SBBnmcu.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\tjxTsVP.exe
  C:\Windows\System\tjxTsVP.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\dnvGuhH.exe
  C:\Windows\System\dnvGuhH.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\dHEXQve.exe
  C:\Windows\System\dHEXQve.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\tQmSREO.exe
  C:\Windows\System\tQmSREO.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\CuKtHnT.exe
  C:\Windows\System\CuKtHnT.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\vJnJNPw.exe
  C:\Windows\System\vJnJNPw.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\xphEynu.exe
  C:\Windows\System\xphEynu.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\dtdGlCV.exe
  C:\Windows\System\dtdGlCV.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ysjWpiJ.exe
  C:\Windows\System\ysjWpiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\rHofZyT.exe
  C:\Windows\System\rHofZyT.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\Tingate.exe
  C:\Windows\System\Tingate.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\QgobcMK.exe
  C:\Windows\System\QgobcMK.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\uHzahwR.exe
  C:\Windows\System\uHzahwR.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ExgVMet.exe
  C:\Windows\System\ExgVMet.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\CESdmLN.exe
  C:\Windows\System\CESdmLN.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\lOntWSU.exe
  C:\Windows\System\lOntWSU.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\jlrdJnt.exe
  C:\Windows\System\jlrdJnt.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\jduzQJn.exe
  C:\Windows\System\jduzQJn.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\gRDPZPz.exe
  C:\Windows\System\gRDPZPz.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OqRswye.exe
  C:\Windows\System\OqRswye.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\MYcPNgB.exe
  C:\Windows\System\MYcPNgB.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\duQfsai.exe
  C:\Windows\System\duQfsai.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\ISOGUAx.exe
  C:\Windows\System\ISOGUAx.exe
  2⤵
  PID:2636
- C:\Windows\System\dNAiGPX.exe
  C:\Windows\System\dNAiGPX.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\nvRocXC.exe
  C:\Windows\System\nvRocXC.exe
  2⤵
  PID:680
- C:\Windows\System\aBaljPY.exe
  C:\Windows\System\aBaljPY.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\aBIWaJb.exe
  C:\Windows\System\aBIWaJb.exe
  2⤵
  PID:692
- C:\Windows\System\Uknjckx.exe
  C:\Windows\System\Uknjckx.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\pywxJKL.exe
  C:\Windows\System\pywxJKL.exe
  2⤵
  PID:2488
- C:\Windows\System\OZIoyck.exe
  C:\Windows\System\OZIoyck.exe
  2⤵
  PID:2820
- C:\Windows\System\HGWgFkd.exe
  C:\Windows\System\HGWgFkd.exe
  2⤵
  PID:2260
- C:\Windows\System\aiiCDJw.exe
  C:\Windows\System\aiiCDJw.exe
  2⤵
  PID:768
- C:\Windows\System\vUtrhOH.exe
  C:\Windows\System\vUtrhOH.exe
  2⤵
  PID:2184
- C:\Windows\System\HGjfVRy.exe
  C:\Windows\System\HGjfVRy.exe
  2⤵
  PID:1204
- C:\Windows\System\uzyYOOe.exe
  C:\Windows\System\uzyYOOe.exe
  2⤵
  PID:996
- C:\Windows\System\WcAxdmp.exe
  C:\Windows\System\WcAxdmp.exe
  2⤵
  PID:304
- C:\Windows\System\cOAIlbg.exe
  C:\Windows\System\cOAIlbg.exe
  2⤵
  PID:316
- C:\Windows\System\JsecZlW.exe
  C:\Windows\System\JsecZlW.exe
  2⤵
  PID:2436
- C:\Windows\System\gZYTAtX.exe
  C:\Windows\System\gZYTAtX.exe
  2⤵
  PID:2128
- C:\Windows\System\znLdqQz.exe
  C:\Windows\System\znLdqQz.exe
  2⤵
  PID:276
- C:\Windows\System\CzkiEJi.exe
  C:\Windows\System\CzkiEJi.exe
  2⤵
  PID:1564
- C:\Windows\System\amQMTqD.exe
  C:\Windows\System\amQMTqD.exe
  2⤵
  PID:1468
- C:\Windows\System\eOyKLuR.exe
  C:\Windows\System\eOyKLuR.exe
  2⤵
  PID:1900
- C:\Windows\System\BfCNITt.exe
  C:\Windows\System\BfCNITt.exe
  2⤵
  PID:2072
- C:\Windows\System\BZVuqiR.exe
  C:\Windows\System\BZVuqiR.exe
  2⤵
  PID:1360
- C:\Windows\System\fSwFiHe.exe
  C:\Windows\System\fSwFiHe.exe
  2⤵
  PID:1688
- C:\Windows\System\WJmbsjP.exe
  C:\Windows\System\WJmbsjP.exe
  2⤵
  PID:1580
- C:\Windows\System\AbrkOXT.exe
  C:\Windows\System\AbrkOXT.exe
  2⤵
  PID:1812
- C:\Windows\System\YAcBeNp.exe
  C:\Windows\System\YAcBeNp.exe
  2⤵
  PID:2456
- C:\Windows\System\ObKLFIq.exe
  C:\Windows\System\ObKLFIq.exe
  2⤵
  PID:3044
- C:\Windows\System\qARQFJi.exe
  C:\Windows\System\qARQFJi.exe
  2⤵
  PID:2476
- C:\Windows\System\ppPrvjw.exe
  C:\Windows\System\ppPrvjw.exe
  2⤵
  PID:2856
- C:\Windows\System\jpvvJiW.exe
  C:\Windows\System\jpvvJiW.exe
  2⤵
  PID:1764
- C:\Windows\System\Wrkqgid.exe
  C:\Windows\System\Wrkqgid.exe
  2⤵
  PID:2748
- C:\Windows\System\lSXRKWY.exe
  C:\Windows\System\lSXRKWY.exe
  2⤵
  PID:1124
- C:\Windows\System\YyMTfIz.exe
  C:\Windows\System\YyMTfIz.exe
  2⤵
  PID:1152
- C:\Windows\System\WqrYATz.exe
  C:\Windows\System\WqrYATz.exe
  2⤵
  PID:2356
- C:\Windows\System\bmiVZeP.exe
  C:\Windows\System\bmiVZeP.exe
  2⤵
  PID:1776
- C:\Windows\System\BfdRRtk.exe
  C:\Windows\System\BfdRRtk.exe
  2⤵
  PID:2520
- C:\Windows\System\rJxxsqh.exe
  C:\Windows\System\rJxxsqh.exe
  2⤵
  PID:2824
- C:\Windows\System\eicjNXc.exe
  C:\Windows\System\eicjNXc.exe
  2⤵
  PID:2104
- C:\Windows\System\ZiSHlKN.exe
  C:\Windows\System\ZiSHlKN.exe
  2⤵
  PID:1612
- C:\Windows\System\qjxVHHm.exe
  C:\Windows\System\qjxVHHm.exe
  2⤵
  PID:2060
- C:\Windows\System\JuTnepA.exe
  C:\Windows\System\JuTnepA.exe
  2⤵
  PID:1708
- C:\Windows\System\GBfGKSG.exe
  C:\Windows\System\GBfGKSG.exe
  2⤵
  PID:836
- C:\Windows\System\bLkxsIf.exe
  C:\Windows\System\bLkxsIf.exe
  2⤵
  PID:3092
- C:\Windows\System\OppiflS.exe
  C:\Windows\System\OppiflS.exe
  2⤵
  PID:3112
- C:\Windows\System\qYdXeZh.exe
  C:\Windows\System\qYdXeZh.exe
  2⤵
  PID:3132
- C:\Windows\System\HhbOaPv.exe
  C:\Windows\System\HhbOaPv.exe
  2⤵
  PID:3152
- C:\Windows\System\jRYgihe.exe
  C:\Windows\System\jRYgihe.exe
  2⤵
  PID:3168
- C:\Windows\System\VKtrHVp.exe
  C:\Windows\System\VKtrHVp.exe
  2⤵
  PID:3188
- C:\Windows\System\fVZHJvf.exe
  C:\Windows\System\fVZHJvf.exe
  2⤵
  PID:3208
- C:\Windows\System\XstPjvf.exe
  C:\Windows\System\XstPjvf.exe
  2⤵
  PID:3232
- C:\Windows\System\XjIsKNx.exe
  C:\Windows\System\XjIsKNx.exe
  2⤵
  PID:3248
- C:\Windows\System\PFOvsnw.exe
  C:\Windows\System\PFOvsnw.exe
  2⤵
  PID:3272
- C:\Windows\System\WVpNgDZ.exe
  C:\Windows\System\WVpNgDZ.exe
  2⤵
  PID:3288
- C:\Windows\System\jaOcFUC.exe
  C:\Windows\System\jaOcFUC.exe
  2⤵
  PID:3312
- C:\Windows\System\TYsPifS.exe
  C:\Windows\System\TYsPifS.exe
  2⤵
  PID:3332
- C:\Windows\System\VGiPrbj.exe
  C:\Windows\System\VGiPrbj.exe
  2⤵
  PID:3352
- C:\Windows\System\EGNLEXb.exe
  C:\Windows\System\EGNLEXb.exe
  2⤵
  PID:3372
- C:\Windows\System\RFhquKb.exe
  C:\Windows\System\RFhquKb.exe
  2⤵
  PID:3392
- C:\Windows\System\lACNsTY.exe
  C:\Windows\System\lACNsTY.exe
  2⤵
  PID:3412
- C:\Windows\System\Tfylzoe.exe
  C:\Windows\System\Tfylzoe.exe
  2⤵
  PID:3428
- C:\Windows\System\gmeniDl.exe
  C:\Windows\System\gmeniDl.exe
  2⤵
  PID:3448
- C:\Windows\System\wtgxhTX.exe
  C:\Windows\System\wtgxhTX.exe
  2⤵
  PID:3464
- C:\Windows\System\BAyAFbc.exe
  C:\Windows\System\BAyAFbc.exe
  2⤵
  PID:3480
- C:\Windows\System\DKkELtl.exe
  C:\Windows\System\DKkELtl.exe
  2⤵
  PID:3504
- C:\Windows\System\dUGkrHS.exe
  C:\Windows\System\dUGkrHS.exe
  2⤵
  PID:3520
- C:\Windows\System\XQbtEne.exe
  C:\Windows\System\XQbtEne.exe
  2⤵
  PID:3544
- C:\Windows\System\BcTxPza.exe
  C:\Windows\System\BcTxPza.exe
  2⤵
  PID:3560
- C:\Windows\System\cMepaYG.exe
  C:\Windows\System\cMepaYG.exe
  2⤵
  PID:3596
- C:\Windows\System\OEQbfyg.exe
  C:\Windows\System\OEQbfyg.exe
  2⤵
  PID:3616
- C:\Windows\System\YTZZZVt.exe
  C:\Windows\System\YTZZZVt.exe
  2⤵
  PID:3636
- C:\Windows\System\jgehABN.exe
  C:\Windows\System\jgehABN.exe
  2⤵
  PID:3656
- C:\Windows\System\xMymNvi.exe
  C:\Windows\System\xMymNvi.exe
  2⤵
  PID:3676
- C:\Windows\System\pKZMACb.exe
  C:\Windows\System\pKZMACb.exe
  2⤵
  PID:3692
- C:\Windows\System\XNasTmK.exe
  C:\Windows\System\XNasTmK.exe
  2⤵
  PID:3712
- C:\Windows\System\uBkBoZE.exe
  C:\Windows\System\uBkBoZE.exe
  2⤵
  PID:3732
- C:\Windows\System\wisCTys.exe
  C:\Windows\System\wisCTys.exe
  2⤵
  PID:3752
- C:\Windows\System\YNxhtKf.exe
  C:\Windows\System\YNxhtKf.exe
  2⤵
  PID:3772
- C:\Windows\System\dUFaWwt.exe
  C:\Windows\System\dUFaWwt.exe
  2⤵
  PID:3792
- C:\Windows\System\EnWRaXF.exe
  C:\Windows\System\EnWRaXF.exe
  2⤵
  PID:3808
- C:\Windows\System\lickzjT.exe
  C:\Windows\System\lickzjT.exe
  2⤵
  PID:3828
- C:\Windows\System\faRbicM.exe
  C:\Windows\System\faRbicM.exe
  2⤵
  PID:3844
- C:\Windows\System\krDpxpP.exe
  C:\Windows\System\krDpxpP.exe
  2⤵
  PID:3876
- C:\Windows\System\HoLCTwZ.exe
  C:\Windows\System\HoLCTwZ.exe
  2⤵
  PID:3892
- C:\Windows\System\RLxquIz.exe
  C:\Windows\System\RLxquIz.exe
  2⤵
  PID:3912
- C:\Windows\System\VnuMAuN.exe
  C:\Windows\System\VnuMAuN.exe
  2⤵
  PID:3932
- C:\Windows\System\MyWdueG.exe
  C:\Windows\System\MyWdueG.exe
  2⤵
  PID:3956
- C:\Windows\System\vVanCmh.exe
  C:\Windows\System\vVanCmh.exe
  2⤵
  PID:3972
- C:\Windows\System\SqoJnlJ.exe
  C:\Windows\System\SqoJnlJ.exe
  2⤵
  PID:3992
- C:\Windows\System\WjZYVYo.exe
  C:\Windows\System\WjZYVYo.exe
  2⤵
  PID:4008
- C:\Windows\System\BDPjfwA.exe
  C:\Windows\System\BDPjfwA.exe
  2⤵
  PID:4024
- C:\Windows\System\zVbmGzC.exe
  C:\Windows\System\zVbmGzC.exe
  2⤵
  PID:4044
- C:\Windows\System\imRFWYA.exe
  C:\Windows\System\imRFWYA.exe
  2⤵
  PID:4060
- C:\Windows\System\YGqOvae.exe
  C:\Windows\System\YGqOvae.exe
  2⤵
  PID:4084
- C:\Windows\System\bGXkPKh.exe
  C:\Windows\System\bGXkPKh.exe
  2⤵
  PID:2168
- C:\Windows\System\hshpxDL.exe
  C:\Windows\System\hshpxDL.exe
  2⤵
  PID:592
- C:\Windows\System\RyuFaMW.exe
  C:\Windows\System\RyuFaMW.exe
  2⤵
  PID:2928
- C:\Windows\System\quMObGI.exe
  C:\Windows\System\quMObGI.exe
  2⤵
  PID:2312
- C:\Windows\System\rXyBOsu.exe
  C:\Windows\System\rXyBOsu.exe
  2⤵
  PID:2448
- C:\Windows\System\hwFVsZk.exe
  C:\Windows\System\hwFVsZk.exe
  2⤵
  PID:2556
- C:\Windows\System\eBvVJkz.exe
  C:\Windows\System\eBvVJkz.exe
  2⤵
  PID:880
- C:\Windows\System\IcyNHQp.exe
  C:\Windows\System\IcyNHQp.exe
  2⤵
  PID:2596
- C:\Windows\System\XxzDZFh.exe
  C:\Windows\System\XxzDZFh.exe
  2⤵
  PID:2692
- C:\Windows\System\ixlDNBB.exe
  C:\Windows\System\ixlDNBB.exe
  2⤵
  PID:596
- C:\Windows\System\evEDCRm.exe
  C:\Windows\System\evEDCRm.exe
  2⤵
  PID:1136
- C:\Windows\System\xbfYJcJ.exe
  C:\Windows\System\xbfYJcJ.exe
  2⤵
  PID:284
- C:\Windows\System\tckwIVG.exe
  C:\Windows\System\tckwIVG.exe
  2⤵
  PID:1224
- C:\Windows\System\yKvNxke.exe
  C:\Windows\System\yKvNxke.exe
  2⤵
  PID:3104
- C:\Windows\System\qVxMGWK.exe
  C:\Windows\System\qVxMGWK.exe
  2⤵
  PID:3184
- C:\Windows\System\hOjroLK.exe
  C:\Windows\System\hOjroLK.exe
  2⤵
  PID:3088
- C:\Windows\System\ELYmoBq.exe
  C:\Windows\System\ELYmoBq.exe
  2⤵
  PID:3128
- C:\Windows\System\ImQzUDq.exe
  C:\Windows\System\ImQzUDq.exe
  2⤵
  PID:3204
- C:\Windows\System\OTpHfYv.exe
  C:\Windows\System\OTpHfYv.exe
  2⤵
  PID:3296
- C:\Windows\System\hFNpUNM.exe
  C:\Windows\System\hFNpUNM.exe
  2⤵
  PID:3340
- C:\Windows\System\CUiymxi.exe
  C:\Windows\System\CUiymxi.exe
  2⤵
  PID:3388
- C:\Windows\System\vzGGeiL.exe
  C:\Windows\System\vzGGeiL.exe
  2⤵
  PID:3424
- C:\Windows\System\ZxFMTpW.exe
  C:\Windows\System\ZxFMTpW.exe
  2⤵
  PID:3360
- C:\Windows\System\CIclsVC.exe
  C:\Windows\System\CIclsVC.exe
  2⤵
  PID:3404
- C:\Windows\System\ohlnQfb.exe
  C:\Windows\System\ohlnQfb.exe
  2⤵
  PID:3496
- C:\Windows\System\YVocIIU.exe
  C:\Windows\System\YVocIIU.exe
  2⤵
  PID:3440
- C:\Windows\System\DoqeKHk.exe
  C:\Windows\System\DoqeKHk.exe
  2⤵
  PID:3512
- C:\Windows\System\yBHqsxe.exe
  C:\Windows\System\yBHqsxe.exe
  2⤵
  PID:3584
- C:\Windows\System\Fbjyrcj.exe
  C:\Windows\System\Fbjyrcj.exe
  2⤵
  PID:3028
- C:\Windows\System\mmoXizx.exe
  C:\Windows\System\mmoXizx.exe
  2⤵
  PID:3604
- C:\Windows\System\cODNKtn.exe
  C:\Windows\System\cODNKtn.exe
  2⤵
  PID:3668
- C:\Windows\System\VgiarZS.exe
  C:\Windows\System\VgiarZS.exe
  2⤵
  PID:3748
- C:\Windows\System\IKdoUUg.exe
  C:\Windows\System\IKdoUUg.exe
  2⤵
  PID:3816
- C:\Windows\System\XkuUxPr.exe
  C:\Windows\System\XkuUxPr.exe
  2⤵
  PID:3648
- C:\Windows\System\meAacAl.exe
  C:\Windows\System\meAacAl.exe
  2⤵
  PID:3728
- C:\Windows\System\xuIfmcj.exe
  C:\Windows\System\xuIfmcj.exe
  2⤵
  PID:3868
- C:\Windows\System\ZugsBuX.exe
  C:\Windows\System\ZugsBuX.exe
  2⤵
  PID:3904
- C:\Windows\System\dgdiJgG.exe
  C:\Windows\System\dgdiJgG.exe
  2⤵
  PID:3764
- C:\Windows\System\kIwSBOy.exe
  C:\Windows\System\kIwSBOy.exe
  2⤵
  PID:3840
- C:\Windows\System\qdoEWcQ.exe
  C:\Windows\System\qdoEWcQ.exe
  2⤵
  PID:3980
- C:\Windows\System\zUvhYey.exe
  C:\Windows\System\zUvhYey.exe
  2⤵
  PID:4020
- C:\Windows\System\FkvlyWD.exe
  C:\Windows\System\FkvlyWD.exe
  2⤵
  PID:4092
- C:\Windows\System\gCTcCQe.exe
  C:\Windows\System\gCTcCQe.exe
  2⤵
  PID:2376
- C:\Windows\System\cXxnwiV.exe
  C:\Windows\System\cXxnwiV.exe
  2⤵
  PID:4068
- C:\Windows\System\RjTjRVX.exe
  C:\Windows\System\RjTjRVX.exe
  2⤵
  PID:4032
- C:\Windows\System\UpTryyJ.exe
  C:\Windows\System\UpTryyJ.exe
  2⤵
  PID:1552
- C:\Windows\System\IrWDMIX.exe
  C:\Windows\System\IrWDMIX.exe
  2⤵
  PID:1464
- C:\Windows\System\sIJUcRe.exe
  C:\Windows\System\sIJUcRe.exe
  2⤵
  PID:1548
- C:\Windows\System\zpLVUmu.exe
  C:\Windows\System\zpLVUmu.exe
  2⤵
  PID:2344
- C:\Windows\System\UrCxkpp.exe
  C:\Windows\System\UrCxkpp.exe
  2⤵
  PID:1368
- C:\Windows\System\tfFLjjP.exe
  C:\Windows\System\tfFLjjP.exe
  2⤵
  PID:2020
- C:\Windows\System\roUhTmd.exe
  C:\Windows\System\roUhTmd.exe
  2⤵
  PID:3108
- C:\Windows\System\cQlEWkI.exe
  C:\Windows\System\cQlEWkI.exe
  2⤵
  PID:916
- C:\Windows\System\dtXsBcK.exe
  C:\Windows\System\dtXsBcK.exe
  2⤵
  PID:3164
- C:\Windows\System\uKXJIyK.exe
  C:\Windows\System\uKXJIyK.exe
  2⤵
  PID:3260
- C:\Windows\System\YBxRwJS.exe
  C:\Windows\System\YBxRwJS.exe
  2⤵
  PID:3308
- C:\Windows\System\fLQMXTi.exe
  C:\Windows\System\fLQMXTi.exe
  2⤵
  PID:3240
- C:\Windows\System\NTyPqBm.exe
  C:\Windows\System\NTyPqBm.exe
  2⤵
  PID:3244
- C:\Windows\System\rGYphdC.exe
  C:\Windows\System\rGYphdC.exe
  2⤵
  PID:3364
- C:\Windows\System\kaYFLnI.exe
  C:\Windows\System\kaYFLnI.exe
  2⤵
  PID:3460
- C:\Windows\System\MEMsors.exe
  C:\Windows\System\MEMsors.exe
  2⤵
  PID:3540
- C:\Windows\System\prxHpAM.exe
  C:\Windows\System\prxHpAM.exe
  2⤵
  PID:3576
- C:\Windows\System\IyMBrXX.exe
  C:\Windows\System\IyMBrXX.exe
  2⤵
  PID:3664
- C:\Windows\System\uEXTjql.exe
  C:\Windows\System\uEXTjql.exe
  2⤵
  PID:3788
- C:\Windows\System\jXENrso.exe
  C:\Windows\System\jXENrso.exe
  2⤵
  PID:3652
- C:\Windows\System\nDuiCIv.exe
  C:\Windows\System\nDuiCIv.exe
  2⤵
  PID:3860
- C:\Windows\System\IOGSwAT.exe
  C:\Windows\System\IOGSwAT.exe
  2⤵
  PID:3804
- C:\Windows\System\NyBVBWm.exe
  C:\Windows\System\NyBVBWm.exe
  2⤵
  PID:3928
- C:\Windows\System\WSIwNFy.exe
  C:\Windows\System\WSIwNFy.exe
  2⤵
  PID:3888
- C:\Windows\System\bNuWFtA.exe
  C:\Windows\System\bNuWFtA.exe
  2⤵
  PID:4080
- C:\Windows\System\CxwIMaH.exe
  C:\Windows\System\CxwIMaH.exe
  2⤵
  PID:1584
- C:\Windows\System\MkeImhZ.exe
  C:\Windows\System\MkeImhZ.exe
  2⤵
  PID:4072
- C:\Windows\System\QfwbTwS.exe
  C:\Windows\System\QfwbTwS.exe
  2⤵
  PID:1860
- C:\Windows\System\eKEWFsG.exe
  C:\Windows\System\eKEWFsG.exe
  2⤵
  PID:2656
- C:\Windows\System\PTnpidC.exe
  C:\Windows\System\PTnpidC.exe
  2⤵
  PID:3100
- C:\Windows\System\IrfJmAw.exe
  C:\Windows\System\IrfJmAw.exe
  2⤵
  PID:2716
- C:\Windows\System\LdshCtM.exe
  C:\Windows\System\LdshCtM.exe
  2⤵
  PID:3216
- C:\Windows\System\sVimgCM.exe
  C:\Windows\System\sVimgCM.exe
  2⤵
  PID:3280
- C:\Windows\System\TDMIxGs.exe
  C:\Windows\System\TDMIxGs.exe
  2⤵
  PID:3532
- C:\Windows\System\qSdpuEv.exe
  C:\Windows\System\qSdpuEv.exe
  2⤵
  PID:3824
- C:\Windows\System\dMfAzwt.exe
  C:\Windows\System\dMfAzwt.exe
  2⤵
  PID:4108
- C:\Windows\System\wdAoGQL.exe
  C:\Windows\System\wdAoGQL.exe
  2⤵
  PID:4128
- C:\Windows\System\egnMApf.exe
  C:\Windows\System\egnMApf.exe
  2⤵
  PID:4160
- C:\Windows\System\cROnYJz.exe
  C:\Windows\System\cROnYJz.exe
  2⤵
  PID:4180
- C:\Windows\System\LjqjVia.exe
  C:\Windows\System\LjqjVia.exe
  2⤵
  PID:4200
- C:\Windows\System\eiUILpA.exe
  C:\Windows\System\eiUILpA.exe
  2⤵
  PID:4220
- C:\Windows\System\MLbReuy.exe
  C:\Windows\System\MLbReuy.exe
  2⤵
  PID:4240
- C:\Windows\System\sxzQscX.exe
  C:\Windows\System\sxzQscX.exe
  2⤵
  PID:4260
- C:\Windows\System\hrqLczK.exe
  C:\Windows\System\hrqLczK.exe
  2⤵
  PID:4280
- C:\Windows\System\OHazmMr.exe
  C:\Windows\System\OHazmMr.exe
  2⤵
  PID:4300
- C:\Windows\System\qmQhnid.exe
  C:\Windows\System\qmQhnid.exe
  2⤵
  PID:4320
- C:\Windows\System\dsfCSkj.exe
  C:\Windows\System\dsfCSkj.exe
  2⤵
  PID:4340
- C:\Windows\System\bOdoAXg.exe
  C:\Windows\System\bOdoAXg.exe
  2⤵
  PID:4360
- C:\Windows\System\zMWayhx.exe
  C:\Windows\System\zMWayhx.exe
  2⤵
  PID:4380
- C:\Windows\System\ynMkxhV.exe
  C:\Windows\System\ynMkxhV.exe
  2⤵
  PID:4400
- C:\Windows\System\rjBHFar.exe
  C:\Windows\System\rjBHFar.exe
  2⤵
  PID:4420
- C:\Windows\System\AibzJao.exe
  C:\Windows\System\AibzJao.exe
  2⤵
  PID:4440
- C:\Windows\System\vWinqgT.exe
  C:\Windows\System\vWinqgT.exe
  2⤵
  PID:4460
- C:\Windows\System\mJdxvUT.exe
  C:\Windows\System\mJdxvUT.exe
  2⤵
  PID:4480
- C:\Windows\System\xfIbTOA.exe
  C:\Windows\System\xfIbTOA.exe
  2⤵
  PID:4500
- C:\Windows\System\qerSqZi.exe
  C:\Windows\System\qerSqZi.exe
  2⤵
  PID:4520
- C:\Windows\System\NjwDwbi.exe
  C:\Windows\System\NjwDwbi.exe
  2⤵
  PID:4536
- C:\Windows\System\jDYWlYn.exe
  C:\Windows\System\jDYWlYn.exe
  2⤵
  PID:4556
- C:\Windows\System\RUXZpBN.exe
  C:\Windows\System\RUXZpBN.exe
  2⤵
  PID:4580
- C:\Windows\System\ioeSpwC.exe
  C:\Windows\System\ioeSpwC.exe
  2⤵
  PID:4600
- C:\Windows\System\tZbHwie.exe
  C:\Windows\System\tZbHwie.exe
  2⤵
  PID:4620
- C:\Windows\System\awJSWrh.exe
  C:\Windows\System\awJSWrh.exe
  2⤵
  PID:4640
- C:\Windows\System\svSKiTO.exe
  C:\Windows\System\svSKiTO.exe
  2⤵
  PID:4660
- C:\Windows\System\mLbhzch.exe
  C:\Windows\System\mLbhzch.exe
  2⤵
  PID:4680
- C:\Windows\System\nLfWutc.exe
  C:\Windows\System\nLfWutc.exe
  2⤵
  PID:4700
- C:\Windows\System\edHrxTE.exe
  C:\Windows\System\edHrxTE.exe
  2⤵
  PID:4720
- C:\Windows\System\OQoiwkm.exe
  C:\Windows\System\OQoiwkm.exe
  2⤵
  PID:4740
- C:\Windows\System\szrpleO.exe
  C:\Windows\System\szrpleO.exe
  2⤵
  PID:4760
- C:\Windows\System\HRdjWyi.exe
  C:\Windows\System\HRdjWyi.exe
  2⤵
  PID:4780
- C:\Windows\System\tjjqqdd.exe
  C:\Windows\System\tjjqqdd.exe
  2⤵
  PID:4800
- C:\Windows\System\HpEAHVc.exe
  C:\Windows\System\HpEAHVc.exe
  2⤵
  PID:4820
- C:\Windows\System\SwjNLvf.exe
  C:\Windows\System\SwjNLvf.exe
  2⤵
  PID:4840
- C:\Windows\System\fqVzSpP.exe
  C:\Windows\System\fqVzSpP.exe
  2⤵
  PID:4860
- C:\Windows\System\VfQXHby.exe
  C:\Windows\System\VfQXHby.exe
  2⤵
  PID:4880
- C:\Windows\System\JsHlwTl.exe
  C:\Windows\System\JsHlwTl.exe
  2⤵
  PID:4900
- C:\Windows\System\ujTgTaJ.exe
  C:\Windows\System\ujTgTaJ.exe
  2⤵
  PID:4920
- C:\Windows\System\ltmOmTz.exe
  C:\Windows\System\ltmOmTz.exe
  2⤵
  PID:4940
- C:\Windows\System\LNEYqqK.exe
  C:\Windows\System\LNEYqqK.exe
  2⤵
  PID:4960
- C:\Windows\System\LxAHKIz.exe
  C:\Windows\System\LxAHKIz.exe
  2⤵
  PID:4980
- C:\Windows\System\NeRExlR.exe
  C:\Windows\System\NeRExlR.exe
  2⤵
  PID:5008
- C:\Windows\System\mxIsqyR.exe
  C:\Windows\System\mxIsqyR.exe
  2⤵
  PID:5028
- C:\Windows\System\kcbbIto.exe
  C:\Windows\System\kcbbIto.exe
  2⤵
  PID:5048
- C:\Windows\System\hEgnrMB.exe
  C:\Windows\System\hEgnrMB.exe
  2⤵
  PID:5068
- C:\Windows\System\YrLvxnt.exe
  C:\Windows\System\YrLvxnt.exe
  2⤵
  PID:5088
- C:\Windows\System\urNaHsr.exe
  C:\Windows\System\urNaHsr.exe
  2⤵
  PID:5108
- C:\Windows\System\XtoLgVf.exe
  C:\Windows\System\XtoLgVf.exe
  2⤵
  PID:3324
- C:\Windows\System\DavBZgW.exe
  C:\Windows\System\DavBZgW.exe
  2⤵
  PID:3632
- C:\Windows\System\gPJJsGb.exe
  C:\Windows\System\gPJJsGb.exe
  2⤵
  PID:3488
- C:\Windows\System\oiTkMnX.exe
  C:\Windows\System\oiTkMnX.exe
  2⤵
  PID:3900
- C:\Windows\System\DyoFMAY.exe
  C:\Windows\System\DyoFMAY.exe
  2⤵
  PID:3852
- C:\Windows\System\ZWxaySv.exe
  C:\Windows\System\ZWxaySv.exe
  2⤵
  PID:1644
- C:\Windows\System\xBJAzeq.exe
  C:\Windows\System\xBJAzeq.exe
  2⤵
  PID:4016
- C:\Windows\System\jIZENOo.exe
  C:\Windows\System\jIZENOo.exe
  2⤵
  PID:2316
- C:\Windows\System\DeIQhLs.exe
  C:\Windows\System\DeIQhLs.exe
  2⤵
  PID:2604
- C:\Windows\System\weNHMuP.exe
  C:\Windows\System\weNHMuP.exe
  2⤵
  PID:2196
- C:\Windows\System\SAgQQwe.exe
  C:\Windows\System\SAgQQwe.exe
  2⤵
  PID:1516
- C:\Windows\System\PcarVCd.exe
  C:\Windows\System\PcarVCd.exe
  2⤵
  PID:3672
- C:\Windows\System\KGKnQKL.exe
  C:\Windows\System\KGKnQKL.exe
  2⤵
  PID:4120
- C:\Windows\System\FDtOUli.exe
  C:\Windows\System\FDtOUli.exe
  2⤵
  PID:4148
- C:\Windows\System\LRHKNwi.exe
  C:\Windows\System\LRHKNwi.exe
  2⤵
  PID:4188
- C:\Windows\System\uWinMVQ.exe
  C:\Windows\System\uWinMVQ.exe
  2⤵
  PID:4176
- C:\Windows\System\GcSRIXv.exe
  C:\Windows\System\GcSRIXv.exe
  2⤵
  PID:4212
- C:\Windows\System\moUzPXm.exe
  C:\Windows\System\moUzPXm.exe
  2⤵
  PID:4252
- C:\Windows\System\WfRDQjD.exe
  C:\Windows\System\WfRDQjD.exe
  2⤵
  PID:4308
- C:\Windows\System\SNMfaZY.exe
  C:\Windows\System\SNMfaZY.exe
  2⤵
  PID:4336
- C:\Windows\System\eiwMhnO.exe
  C:\Windows\System\eiwMhnO.exe
  2⤵
  PID:4368
- C:\Windows\System\kXcZAWW.exe
  C:\Windows\System\kXcZAWW.exe
  2⤵
  PID:4372
- C:\Windows\System\GBkfLUF.exe
  C:\Windows\System\GBkfLUF.exe
  2⤵
  PID:4412
- C:\Windows\System\PKjCwYX.exe
  C:\Windows\System\PKjCwYX.exe
  2⤵
  PID:4468
- C:\Windows\System\okgKqew.exe
  C:\Windows\System\okgKqew.exe
  2⤵
  PID:4492
- C:\Windows\System\LXcumeY.exe
  C:\Windows\System\LXcumeY.exe
  2⤵
  PID:4544
- C:\Windows\System\TXRUppd.exe
  C:\Windows\System\TXRUppd.exe
  2⤵
  PID:2808
- C:\Windows\System\ZKahpIE.exe
  C:\Windows\System\ZKahpIE.exe
  2⤵
  PID:4596
- C:\Windows\System\XRUpEGA.exe
  C:\Windows\System\XRUpEGA.exe
  2⤵
  PID:4608
- C:\Windows\System\MEMmTmO.exe
  C:\Windows\System\MEMmTmO.exe
  2⤵
  PID:4668
- C:\Windows\System\RmybJbr.exe
  C:\Windows\System\RmybJbr.exe
  2⤵
  PID:4688
- C:\Windows\System\qxGMfjw.exe
  C:\Windows\System\qxGMfjw.exe
  2⤵
  PID:4696
- C:\Windows\System\FVTkwCt.exe
  C:\Windows\System\FVTkwCt.exe
  2⤵
  PID:4756
- C:\Windows\System\KVUMHGI.exe
  C:\Windows\System\KVUMHGI.exe
  2⤵
  PID:4776
- C:\Windows\System\ZgKLnoZ.exe
  C:\Windows\System\ZgKLnoZ.exe
  2⤵
  PID:4836
- C:\Windows\System\tOsVOoE.exe
  C:\Windows\System\tOsVOoE.exe
  2⤵
  PID:2904
- C:\Windows\System\HnMZpSE.exe
  C:\Windows\System\HnMZpSE.exe
  2⤵
  PID:2908
- C:\Windows\System\NdCgEOb.exe
  C:\Windows\System\NdCgEOb.exe
  2⤵
  PID:4912
- C:\Windows\System\lkajxgJ.exe
  C:\Windows\System\lkajxgJ.exe
  2⤵
  PID:4948
- C:\Windows\System\gMOgqeT.exe
  C:\Windows\System\gMOgqeT.exe
  2⤵
  PID:4932
- C:\Windows\System\tGBOzng.exe
  C:\Windows\System\tGBOzng.exe
  2⤵
  PID:4976
- C:\Windows\System\fWYfyWX.exe
  C:\Windows\System\fWYfyWX.exe
  2⤵
  PID:5020
- C:\Windows\System\gsqBZjI.exe
  C:\Windows\System\gsqBZjI.exe
  2⤵
  PID:5080
- C:\Windows\System\dOYtMyT.exe
  C:\Windows\System\dOYtMyT.exe
  2⤵
  PID:3268
- C:\Windows\System\HlGJSRB.exe
  C:\Windows\System\HlGJSRB.exe
  2⤵
  PID:3556
- C:\Windows\System\mmSCgeX.exe
  C:\Windows\System\mmSCgeX.exe
  2⤵
  PID:3724
- C:\Windows\System\RwLBbPp.exe
  C:\Windows\System\RwLBbPp.exe
  2⤵
  PID:3864
- C:\Windows\System\YEfMTbR.exe
  C:\Windows\System\YEfMTbR.exe
  2⤵
  PID:3968
- C:\Windows\System\CHWxLca.exe
  C:\Windows\System\CHWxLca.exe
  2⤵
  PID:4052
- C:\Windows\System\oyVEJVX.exe
  C:\Windows\System\oyVEJVX.exe
  2⤵
  PID:2308
- C:\Windows\System\WdXgUdH.exe
  C:\Windows\System\WdXgUdH.exe
  2⤵
  PID:4104
- C:\Windows\System\lvrqwcq.exe
  C:\Windows\System\lvrqwcq.exe
  2⤵
  PID:3380
- C:\Windows\System\ilpDmAP.exe
  C:\Windows\System\ilpDmAP.exe
  2⤵
  PID:4124
- C:\Windows\System\kZQwxYg.exe
  C:\Windows\System\kZQwxYg.exe
  2⤵
  PID:4208
- C:\Windows\System\NavVcSv.exe
  C:\Windows\System\NavVcSv.exe
  2⤵
  PID:4272
- C:\Windows\System\DqFveRi.exe
  C:\Windows\System\DqFveRi.exe
  2⤵
  PID:4312
- C:\Windows\System\QxexMxV.exe
  C:\Windows\System\QxexMxV.exe
  2⤵
  PID:4376
- C:\Windows\System\SnOBHal.exe
  C:\Windows\System\SnOBHal.exe
  2⤵
  PID:4472
- C:\Windows\System\ECVGjjE.exe
  C:\Windows\System\ECVGjjE.exe
  2⤵
  PID:4488
- C:\Windows\System\wPIKqqq.exe
  C:\Windows\System\wPIKqqq.exe
  2⤵
  PID:4516
- C:\Windows\System\qLAcdrq.exe
  C:\Windows\System\qLAcdrq.exe
  2⤵
  PID:4568
- C:\Windows\System\PuQanPr.exe
  C:\Windows\System\PuQanPr.exe
  2⤵
  PID:4632
- C:\Windows\System\EXLxVoC.exe
  C:\Windows\System\EXLxVoC.exe
  2⤵
  PID:2328
- C:\Windows\System\vtMYHTJ.exe
  C:\Windows\System\vtMYHTJ.exe
  2⤵
  PID:2464
- C:\Windows\System\joCZqPW.exe
  C:\Windows\System\joCZqPW.exe
  2⤵
  PID:4768
- C:\Windows\System\htbesbZ.exe
  C:\Windows\System\htbesbZ.exe
  2⤵
  PID:4816
- C:\Windows\System\sFWhXTZ.exe
  C:\Windows\System\sFWhXTZ.exe
  2⤵
  PID:4872
- C:\Windows\System\qPGnJuy.exe
  C:\Windows\System\qPGnJuy.exe
  2⤵
  PID:4916
- C:\Windows\System\zhHBYGL.exe
  C:\Windows\System\zhHBYGL.exe
  2⤵
  PID:4996
- C:\Windows\System\lxXPNfN.exe
  C:\Windows\System\lxXPNfN.exe
  2⤵
  PID:5016
- C:\Windows\System\uHIuRAJ.exe
  C:\Windows\System\uHIuRAJ.exe
  2⤵
  PID:3220
- C:\Windows\System\HUKcVoj.exe
  C:\Windows\System\HUKcVoj.exe
  2⤵
  PID:3800
- C:\Windows\System\gqeEWqK.exe
  C:\Windows\System\gqeEWqK.exe
  2⤵
  PID:3740
- C:\Windows\System\rebhNGl.exe
  C:\Windows\System\rebhNGl.exe
  2⤵
  PID:3988
- C:\Windows\System\EoelrGy.exe
  C:\Windows\System\EoelrGy.exe
  2⤵
  PID:772
- C:\Windows\System\iugtYwu.exe
  C:\Windows\System\iugtYwu.exe
  2⤵
  PID:3344
- C:\Windows\System\YvPILOf.exe
  C:\Windows\System\YvPILOf.exe
  2⤵
  PID:4168
- C:\Windows\System\ueBVCFJ.exe
  C:\Windows\System\ueBVCFJ.exe
  2⤵
  PID:4288
- C:\Windows\System\UmIggjb.exe
  C:\Windows\System\UmIggjb.exe
  2⤵
  PID:5124
- C:\Windows\System\OEzFxuX.exe
  C:\Windows\System\OEzFxuX.exe
  2⤵
  PID:5144
- C:\Windows\System\fIxTSky.exe
  C:\Windows\System\fIxTSky.exe
  2⤵
  PID:5164
- C:\Windows\System\sbgzETp.exe
  C:\Windows\System\sbgzETp.exe
  2⤵
  PID:5184
- C:\Windows\System\HxjyPjS.exe
  C:\Windows\System\HxjyPjS.exe
  2⤵
  PID:5204
- C:\Windows\System\WklrgPX.exe
  C:\Windows\System\WklrgPX.exe
  2⤵
  PID:5224
- C:\Windows\System\WsUJAsI.exe
  C:\Windows\System\WsUJAsI.exe
  2⤵
  PID:5244
- C:\Windows\System\SXFRBri.exe
  C:\Windows\System\SXFRBri.exe
  2⤵
  PID:5264
- C:\Windows\System\cHawfMb.exe
  C:\Windows\System\cHawfMb.exe
  2⤵
  PID:5284
- C:\Windows\System\eoIeugo.exe
  C:\Windows\System\eoIeugo.exe
  2⤵
  PID:5304
- C:\Windows\System\TZoOfPb.exe
  C:\Windows\System\TZoOfPb.exe
  2⤵
  PID:5328
- C:\Windows\System\mRuyVMk.exe
  C:\Windows\System\mRuyVMk.exe
  2⤵
  PID:5348
- C:\Windows\System\lOIECyk.exe
  C:\Windows\System\lOIECyk.exe
  2⤵
  PID:5368
- C:\Windows\System\PjDltZj.exe
  C:\Windows\System\PjDltZj.exe
  2⤵
  PID:5388
- C:\Windows\System\DFHBLBE.exe
  C:\Windows\System\DFHBLBE.exe
  2⤵
  PID:5408
- C:\Windows\System\fuJMBaq.exe
  C:\Windows\System\fuJMBaq.exe
  2⤵
  PID:5428
- C:\Windows\System\deuwesm.exe
  C:\Windows\System\deuwesm.exe
  2⤵
  PID:5448
- C:\Windows\System\vtQYEvC.exe
  C:\Windows\System\vtQYEvC.exe
  2⤵
  PID:5468
- C:\Windows\System\tfeQnZO.exe
  C:\Windows\System\tfeQnZO.exe
  2⤵
  PID:5488
- C:\Windows\System\yOilQcn.exe
  C:\Windows\System\yOilQcn.exe
  2⤵
  PID:5508
- C:\Windows\System\NjorIGy.exe
  C:\Windows\System\NjorIGy.exe
  2⤵
  PID:5528
- C:\Windows\System\xAdkjOG.exe
  C:\Windows\System\xAdkjOG.exe
  2⤵
  PID:5548
- C:\Windows\System\mYfaxAY.exe
  C:\Windows\System\mYfaxAY.exe
  2⤵
  PID:5568
- C:\Windows\System\szvGQuy.exe
  C:\Windows\System\szvGQuy.exe
  2⤵
  PID:5588
- C:\Windows\System\hrvBWSY.exe
  C:\Windows\System\hrvBWSY.exe
  2⤵
  PID:5608
- C:\Windows\System\ApNTNmk.exe
  C:\Windows\System\ApNTNmk.exe
  2⤵
  PID:5628
- C:\Windows\System\kjJWfeN.exe
  C:\Windows\System\kjJWfeN.exe
  2⤵
  PID:5648
- C:\Windows\System\rdbLQuS.exe
  C:\Windows\System\rdbLQuS.exe
  2⤵
  PID:5668
- C:\Windows\System\lDYwsaI.exe
  C:\Windows\System\lDYwsaI.exe
  2⤵
  PID:5688
- C:\Windows\System\EUeBwMZ.exe
  C:\Windows\System\EUeBwMZ.exe
  2⤵
  PID:5708
- C:\Windows\System\uSpWHLf.exe
  C:\Windows\System\uSpWHLf.exe
  2⤵
  PID:5728
- C:\Windows\System\cCvkUwR.exe
  C:\Windows\System\cCvkUwR.exe
  2⤵
  PID:5752
- C:\Windows\System\LBdioqf.exe
  C:\Windows\System\LBdioqf.exe
  2⤵
  PID:5772
- C:\Windows\System\TyILinw.exe
  C:\Windows\System\TyILinw.exe
  2⤵
  PID:5792
- C:\Windows\System\uTbWptf.exe
  C:\Windows\System\uTbWptf.exe
  2⤵
  PID:5812
- C:\Windows\System\orboVHY.exe
  C:\Windows\System\orboVHY.exe
  2⤵
  PID:5832
- C:\Windows\System\wXLeBIE.exe
  C:\Windows\System\wXLeBIE.exe
  2⤵
  PID:5852
- C:\Windows\System\XzjeZld.exe
  C:\Windows\System\XzjeZld.exe
  2⤵
  PID:5872
- C:\Windows\System\VZguxIO.exe
  C:\Windows\System\VZguxIO.exe
  2⤵
  PID:5892
- C:\Windows\System\qMIpVCV.exe
  C:\Windows\System\qMIpVCV.exe
  2⤵
  PID:5912
- C:\Windows\System\hGhWkAo.exe
  C:\Windows\System\hGhWkAo.exe
  2⤵
  PID:5932
- C:\Windows\System\fYPjGCm.exe
  C:\Windows\System\fYPjGCm.exe
  2⤵
  PID:5952
- C:\Windows\System\NcJKANn.exe
  C:\Windows\System\NcJKANn.exe
  2⤵
  PID:5972
- C:\Windows\System\dVMADan.exe
  C:\Windows\System\dVMADan.exe
  2⤵
  PID:5992
- C:\Windows\System\WXEHgMf.exe
  C:\Windows\System\WXEHgMf.exe
  2⤵
  PID:6012
- C:\Windows\System\yQiMAEG.exe
  C:\Windows\System\yQiMAEG.exe
  2⤵
  PID:6032
- C:\Windows\System\qUpTjhE.exe
  C:\Windows\System\qUpTjhE.exe
  2⤵
  PID:6052
- C:\Windows\System\vtbUrJN.exe
  C:\Windows\System\vtbUrJN.exe
  2⤵
  PID:6072
- C:\Windows\System\lzrIfju.exe
  C:\Windows\System\lzrIfju.exe
  2⤵
  PID:6092
- C:\Windows\System\zZSVdWs.exe
  C:\Windows\System\zZSVdWs.exe
  2⤵
  PID:6112
- C:\Windows\System\ifKHPcM.exe
  C:\Windows\System\ifKHPcM.exe
  2⤵
  PID:6132
- C:\Windows\System\gLfXETY.exe
  C:\Windows\System\gLfXETY.exe
  2⤵
  PID:4416
- C:\Windows\System\uRRMGHJ.exe
  C:\Windows\System\uRRMGHJ.exe
  2⤵
  PID:4548
- C:\Windows\System\gbiCwvP.exe
  C:\Windows\System\gbiCwvP.exe
  2⤵
  PID:4592
- C:\Windows\System\EFyXIbn.exe
  C:\Windows\System\EFyXIbn.exe
  2⤵
  PID:4648
- C:\Windows\System\HDsCcXZ.exe
  C:\Windows\System\HDsCcXZ.exe
  2⤵
  PID:1048
- C:\Windows\System\EEbcSZP.exe
  C:\Windows\System\EEbcSZP.exe
  2⤵
  PID:4788
- C:\Windows\System\wuieFdX.exe
  C:\Windows\System\wuieFdX.exe
  2⤵
  PID:2912
- C:\Windows\System\toNgUXL.exe
  C:\Windows\System\toNgUXL.exe
  2⤵
  PID:4936
- C:\Windows\System\fNfhtDq.exe
  C:\Windows\System\fNfhtDq.exe
  2⤵
  PID:5076
- C:\Windows\System\QeAClxK.exe
  C:\Windows\System\QeAClxK.exe
  2⤵
  PID:3908
- C:\Windows\System\swjvleB.exe
  C:\Windows\System\swjvleB.exe
  2⤵
  PID:3924
- C:\Windows\System\IFkMyCs.exe
  C:\Windows\System\IFkMyCs.exe
  2⤵
  PID:3264
- C:\Windows\System\tHYTElG.exe
  C:\Windows\System\tHYTElG.exe
  2⤵
  PID:4156
- C:\Windows\System\ejuTCHC.exe
  C:\Windows\System\ejuTCHC.exe
  2⤵
  PID:4268
- C:\Windows\System\AEkasKr.exe
  C:\Windows\System\AEkasKr.exe
  2⤵
  PID:5152
- C:\Windows\System\MwydGtV.exe
  C:\Windows\System\MwydGtV.exe
  2⤵
  PID:5176
- C:\Windows\System\HqdDPcm.exe
  C:\Windows\System\HqdDPcm.exe
  2⤵
  PID:5212
- C:\Windows\System\KckgiLx.exe
  C:\Windows\System\KckgiLx.exe
  2⤵
  PID:5252
- C:\Windows\System\iWXbgqp.exe
  C:\Windows\System\iWXbgqp.exe
  2⤵
  PID:5256
- C:\Windows\System\JaLVnUz.exe
  C:\Windows\System\JaLVnUz.exe
  2⤵
  PID:5292
- C:\Windows\System\PpVQBwP.exe
  C:\Windows\System\PpVQBwP.exe
  2⤵
  PID:5364
- C:\Windows\System\FAyKqFP.exe
  C:\Windows\System\FAyKqFP.exe
  2⤵
  PID:5396
- C:\Windows\System\YXkiBfX.exe
  C:\Windows\System\YXkiBfX.exe
  2⤵
  PID:5416
- C:\Windows\System\ShZYLCp.exe
  C:\Windows\System\ShZYLCp.exe
  2⤵
  PID:5420
- C:\Windows\System\FLtIOFC.exe
  C:\Windows\System\FLtIOFC.exe
  2⤵
  PID:5484
- C:\Windows\System\KWPCIjo.exe
  C:\Windows\System\KWPCIjo.exe
  2⤵
  PID:5520
- C:\Windows\System\NIleULY.exe
  C:\Windows\System\NIleULY.exe
  2⤵
  PID:5536
- C:\Windows\System\sLaszpu.exe
  C:\Windows\System\sLaszpu.exe
  2⤵
  PID:5584
- C:\Windows\System\ryaFnWH.exe
  C:\Windows\System\ryaFnWH.exe
  2⤵
  PID:5624
- C:\Windows\System\WWPZdMb.exe
  C:\Windows\System\WWPZdMb.exe
  2⤵
  PID:5640
- C:\Windows\System\FwxKBGK.exe
  C:\Windows\System\FwxKBGK.exe
  2⤵
  PID:5660
- C:\Windows\System\keyppXa.exe
  C:\Windows\System\keyppXa.exe
  2⤵
  PID:5700
- C:\Windows\System\beBmoAN.exe
  C:\Windows\System\beBmoAN.exe
  2⤵
  PID:5768
- C:\Windows\System\gwFhlcU.exe
  C:\Windows\System\gwFhlcU.exe
  2⤵
  PID:5764
- C:\Windows\System\VKgEJuX.exe
  C:\Windows\System\VKgEJuX.exe
  2⤵
  PID:5784
- C:\Windows\System\CnQiBdM.exe
  C:\Windows\System\CnQiBdM.exe
  2⤵
  PID:5828
- C:\Windows\System\JjMmPeP.exe
  C:\Windows\System\JjMmPeP.exe
  2⤵
  PID:5864
- C:\Windows\System\IqJcdJh.exe
  C:\Windows\System\IqJcdJh.exe
  2⤵
  PID:5908
- C:\Windows\System\LHOtrlj.exe
  C:\Windows\System\LHOtrlj.exe
  2⤵
  PID:5940
- C:\Windows\System\jjDmZNG.exe
  C:\Windows\System\jjDmZNG.exe
  2⤵
  PID:5964
- C:\Windows\System\LADhEIF.exe
  C:\Windows\System\LADhEIF.exe
  2⤵
  PID:6008
- C:\Windows\System\AYByCYB.exe
  C:\Windows\System\AYByCYB.exe
  2⤵
  PID:6048
- C:\Windows\System\HWdCKEm.exe
  C:\Windows\System\HWdCKEm.exe
  2⤵
  PID:6080
- C:\Windows\System\CKfFFwD.exe
  C:\Windows\System\CKfFFwD.exe
  2⤵
  PID:6108
- C:\Windows\System\hgbyhmU.exe
  C:\Windows\System\hgbyhmU.exe
  2⤵
  PID:6140
- C:\Windows\System\RlbAPDA.exe
  C:\Windows\System\RlbAPDA.exe
  2⤵
  PID:4496
- C:\Windows\System\lckygzx.exe
  C:\Windows\System\lckygzx.exe
  2⤵
  PID:4528
- C:\Windows\System\TWkKmYX.exe
  C:\Windows\System\TWkKmYX.exe
  2⤵
  PID:4728
- C:\Windows\System\ZzKEHHp.exe
  C:\Windows\System\ZzKEHHp.exe
  2⤵
  PID:1092
- C:\Windows\System\BXmTSda.exe
  C:\Windows\System\BXmTSda.exe
  2⤵
  PID:4952
- C:\Windows\System\xHjWgvz.exe
  C:\Windows\System\xHjWgvz.exe
  2⤵
  PID:5084
- C:\Windows\System\CLjLoAJ.exe
  C:\Windows\System\CLjLoAJ.exe
  2⤵
  PID:2976
- C:\Windows\System\NAIltTy.exe
  C:\Windows\System\NAIltTy.exe
  2⤵
  PID:3472
- C:\Windows\System\kxbgGwc.exe
  C:\Windows\System\kxbgGwc.exe
  2⤵
  PID:4100
- C:\Windows\System\xYRGrjz.exe
  C:\Windows\System\xYRGrjz.exe
  2⤵
  PID:5132
- C:\Windows\System\emdgvvo.exe
  C:\Windows\System\emdgvvo.exe
  2⤵
  PID:2012
- C:\Windows\System\TbcUhbX.exe
  C:\Windows\System\TbcUhbX.exe
  2⤵
  PID:5196
- C:\Windows\System\FDuquNE.exe
  C:\Windows\System\FDuquNE.exe
  2⤵
  PID:5324
- C:\Windows\System\MYQvbHV.exe
  C:\Windows\System\MYQvbHV.exe
  2⤵
  PID:5340
- C:\Windows\System\IrhZkSM.exe
  C:\Windows\System\IrhZkSM.exe
  2⤵
  PID:5404
- C:\Windows\System\pRJQLKl.exe
  C:\Windows\System\pRJQLKl.exe
  2⤵
  PID:5496
- C:\Windows\System\NaJoQDJ.exe
  C:\Windows\System\NaJoQDJ.exe
  2⤵
  PID:5516
- C:\Windows\System\xGmdWBA.exe
  C:\Windows\System\xGmdWBA.exe
  2⤵
  PID:5596
- C:\Windows\System\yBDSRSG.exe
  C:\Windows\System\yBDSRSG.exe
  2⤵
  PID:5616
- C:\Windows\System\HiVhnmJ.exe
  C:\Windows\System\HiVhnmJ.exe
  2⤵
  PID:5656
- C:\Windows\System\aXIFxiR.exe
  C:\Windows\System\aXIFxiR.exe
  2⤵
  PID:5676
- C:\Windows\System\HPnexSw.exe
  C:\Windows\System\HPnexSw.exe
  2⤵
  PID:5740
- C:\Windows\System\gfbBwsD.exe
  C:\Windows\System\gfbBwsD.exe
  2⤵
  PID:5808
- C:\Windows\System\PpQPUfm.exe
  C:\Windows\System\PpQPUfm.exe
  2⤵
  PID:5868
- C:\Windows\System\tVUXcvA.exe
  C:\Windows\System\tVUXcvA.exe
  2⤵
  PID:5960
- C:\Windows\System\wxFMuCw.exe
  C:\Windows\System\wxFMuCw.exe
  2⤵
  PID:6020
- C:\Windows\System\OfyVhZc.exe
  C:\Windows\System\OfyVhZc.exe
  2⤵
  PID:6028
- C:\Windows\System\XDMoSZa.exe
  C:\Windows\System\XDMoSZa.exe
  2⤵
  PID:6100
- C:\Windows\System\ieJRkbo.exe
  C:\Windows\System\ieJRkbo.exe
  2⤵
  PID:6128
- C:\Windows\System\PCuSYDk.exe
  C:\Windows\System\PCuSYDk.exe
  2⤵
  PID:4672
- C:\Windows\System\CdnzuRK.exe
  C:\Windows\System\CdnzuRK.exe
  2⤵
  PID:4856
- C:\Windows\System\nlCguos.exe
  C:\Windows\System\nlCguos.exe
  2⤵
  PID:4928
- C:\Windows\System\AXxbqUF.exe
  C:\Windows\System\AXxbqUF.exe
  2⤵
  PID:2304
- C:\Windows\System\lqAuyqh.exe
  C:\Windows\System\lqAuyqh.exe
  2⤵
  PID:3124
- C:\Windows\System\wjNVcxG.exe
  C:\Windows\System\wjNVcxG.exe
  2⤵
  PID:5156
- C:\Windows\System\ycywhOi.exe
  C:\Windows\System\ycywhOi.exe
  2⤵
  PID:5232
- C:\Windows\System\wFdoNfW.exe
  C:\Windows\System\wFdoNfW.exe
  2⤵
  PID:1740
- C:\Windows\System\jQCkRLu.exe
  C:\Windows\System\jQCkRLu.exe
  2⤵
  PID:1332
- C:\Windows\System\tLFUyAP.exe
  C:\Windows\System\tLFUyAP.exe
  2⤵
  PID:5524
- C:\Windows\System\BwUBaBq.exe
  C:\Windows\System\BwUBaBq.exe
  2⤵
  PID:5540
- C:\Windows\System\HJwYjHH.exe
  C:\Windows\System\HJwYjHH.exe
  2⤵
  PID:5704
- C:\Windows\System\LriojOa.exe
  C:\Windows\System\LriojOa.exe
  2⤵
  PID:5848
- C:\Windows\System\tWQSEnS.exe
  C:\Windows\System\tWQSEnS.exe
  2⤵
  PID:5840
- C:\Windows\System\AQhCYjx.exe
  C:\Windows\System\AQhCYjx.exe
  2⤵
  PID:1668
- C:\Windows\System\kwUPJop.exe
  C:\Windows\System\kwUPJop.exe
  2⤵
  PID:5944
- C:\Windows\System\zQwrhTI.exe
  C:\Windows\System\zQwrhTI.exe
  2⤵
  PID:6120
- C:\Windows\System\jfTWeQs.exe
  C:\Windows\System\jfTWeQs.exe
  2⤵
  PID:4436
- C:\Windows\System\CntMuCZ.exe
  C:\Windows\System\CntMuCZ.exe
  2⤵
  PID:4564
- C:\Windows\System\TtCLDlU.exe
  C:\Windows\System\TtCLDlU.exe
  2⤵
  PID:4792
- C:\Windows\System\SgGHCZm.exe
  C:\Windows\System\SgGHCZm.exe
  2⤵
  PID:3836
- C:\Windows\System\skQCwVN.exe
  C:\Windows\System\skQCwVN.exe
  2⤵
  PID:6156
- C:\Windows\System\guBkmpK.exe
  C:\Windows\System\guBkmpK.exe
  2⤵
  PID:6176
- C:\Windows\System\RqyqnCr.exe
  C:\Windows\System\RqyqnCr.exe
  2⤵
  PID:6196
- C:\Windows\System\RcDIFPv.exe
  C:\Windows\System\RcDIFPv.exe
  2⤵
  PID:6216
- C:\Windows\System\RUFgRNh.exe
  C:\Windows\System\RUFgRNh.exe
  2⤵
  PID:6236
- C:\Windows\System\UNspzSM.exe
  C:\Windows\System\UNspzSM.exe
  2⤵
  PID:6256
- C:\Windows\System\YxlLfWa.exe
  C:\Windows\System\YxlLfWa.exe
  2⤵
  PID:6276
- C:\Windows\System\MfzyCsf.exe
  C:\Windows\System\MfzyCsf.exe
  2⤵
  PID:6296
- C:\Windows\System\CvuDVyl.exe
  C:\Windows\System\CvuDVyl.exe
  2⤵
  PID:6316
- C:\Windows\System\TypPSjn.exe
  C:\Windows\System\TypPSjn.exe
  2⤵
  PID:6336
- C:\Windows\System\tGGehBg.exe
  C:\Windows\System\tGGehBg.exe
  2⤵
  PID:6356
- C:\Windows\System\qXujjNr.exe
  C:\Windows\System\qXujjNr.exe
  2⤵
  PID:6376
- C:\Windows\System\ZykLaBY.exe
  C:\Windows\System\ZykLaBY.exe
  2⤵
  PID:6400
- C:\Windows\System\LLryJvB.exe
  C:\Windows\System\LLryJvB.exe
  2⤵
  PID:6420
- C:\Windows\System\PJPKcuJ.exe
  C:\Windows\System\PJPKcuJ.exe
  2⤵
  PID:6440
- C:\Windows\System\IpXOKyv.exe
  C:\Windows\System\IpXOKyv.exe
  2⤵
  PID:6460
- C:\Windows\System\wNvMtUO.exe
  C:\Windows\System\wNvMtUO.exe
  2⤵
  PID:6480
- C:\Windows\System\esaiwZV.exe
  C:\Windows\System\esaiwZV.exe
  2⤵
  PID:6500
- C:\Windows\System\jVIOzLV.exe
  C:\Windows\System\jVIOzLV.exe
  2⤵
  PID:6520
- C:\Windows\System\frRMdjA.exe
  C:\Windows\System\frRMdjA.exe
  2⤵
  PID:6540
- C:\Windows\System\OaRfcQC.exe
  C:\Windows\System\OaRfcQC.exe
  2⤵
  PID:6560
- C:\Windows\System\fqmcmTN.exe
  C:\Windows\System\fqmcmTN.exe
  2⤵
  PID:6580
- C:\Windows\System\MPHWapI.exe
  C:\Windows\System\MPHWapI.exe
  2⤵
  PID:6600
- C:\Windows\System\VtFnPAN.exe
  C:\Windows\System\VtFnPAN.exe
  2⤵
  PID:6620
- C:\Windows\System\DoeCnvJ.exe
  C:\Windows\System\DoeCnvJ.exe
  2⤵
  PID:6640
- C:\Windows\System\TMVwhyr.exe
  C:\Windows\System\TMVwhyr.exe
  2⤵
  PID:6660
- C:\Windows\System\bnzorBB.exe
  C:\Windows\System\bnzorBB.exe
  2⤵
  PID:6680
- C:\Windows\System\mBUCpYH.exe
  C:\Windows\System\mBUCpYH.exe
  2⤵
  PID:6700
- C:\Windows\System\pvEuezl.exe
  C:\Windows\System\pvEuezl.exe
  2⤵
  PID:6720
- C:\Windows\System\xUmewQp.exe
  C:\Windows\System\xUmewQp.exe
  2⤵
  PID:6740
- C:\Windows\System\eRIImhj.exe
  C:\Windows\System\eRIImhj.exe
  2⤵
  PID:6760
- C:\Windows\System\RliMvgF.exe
  C:\Windows\System\RliMvgF.exe
  2⤵
  PID:6780
- C:\Windows\System\CLxGaVD.exe
  C:\Windows\System\CLxGaVD.exe
  2⤵
  PID:6800
- C:\Windows\System\mAnUwiO.exe
  C:\Windows\System\mAnUwiO.exe
  2⤵
  PID:6820
- C:\Windows\System\AKmFtab.exe
  C:\Windows\System\AKmFtab.exe
  2⤵
  PID:6840
- C:\Windows\System\ZKxONef.exe
  C:\Windows\System\ZKxONef.exe
  2⤵
  PID:6860
- C:\Windows\System\qXkghZt.exe
  C:\Windows\System\qXkghZt.exe
  2⤵
  PID:6880
- C:\Windows\System\JSLXQGk.exe
  C:\Windows\System\JSLXQGk.exe
  2⤵
  PID:6900
- C:\Windows\System\XCyvBHA.exe
  C:\Windows\System\XCyvBHA.exe
  2⤵
  PID:6920
- C:\Windows\System\yurQODf.exe
  C:\Windows\System\yurQODf.exe
  2⤵
  PID:6940
- C:\Windows\System\TJbaZlD.exe
  C:\Windows\System\TJbaZlD.exe
  2⤵
  PID:6960
- C:\Windows\System\zJaJVKi.exe
  C:\Windows\System\zJaJVKi.exe
  2⤵
  PID:6976
- C:\Windows\System\ufBieoT.exe
  C:\Windows\System\ufBieoT.exe
  2⤵
  PID:6996
- C:\Windows\System\XzHuKlW.exe
  C:\Windows\System\XzHuKlW.exe
  2⤵
  PID:7020
- C:\Windows\System\uiGoBkp.exe
  C:\Windows\System\uiGoBkp.exe
  2⤵
  PID:7040
- C:\Windows\System\GNPHRon.exe
  C:\Windows\System\GNPHRon.exe
  2⤵
  PID:7060
- C:\Windows\System\ivVwQLz.exe
  C:\Windows\System\ivVwQLz.exe
  2⤵
  PID:7080
- C:\Windows\System\zdmcEpf.exe
  C:\Windows\System\zdmcEpf.exe
  2⤵
  PID:7100
- C:\Windows\System\ddEEwii.exe
  C:\Windows\System\ddEEwii.exe
  2⤵
  PID:7120
- C:\Windows\System\RqNeony.exe
  C:\Windows\System\RqNeony.exe
  2⤵
  PID:7140
- C:\Windows\System\IwofwOU.exe
  C:\Windows\System\IwofwOU.exe
  2⤵
  PID:7160
- C:\Windows\System\zVPhtCf.exe
  C:\Windows\System\zVPhtCf.exe
  2⤵
  PID:5180
- C:\Windows\System\sxGRJXU.exe
  C:\Windows\System\sxGRJXU.exe
  2⤵
  PID:5296
- C:\Windows\System\iwmxKhN.exe
  C:\Windows\System\iwmxKhN.exe
  2⤵
  PID:5500
- C:\Windows\System\kNubOvm.exe
  C:\Windows\System\kNubOvm.exe
  2⤵
  PID:2616
- C:\Windows\System\IJUkeRX.exe
  C:\Windows\System\IJUkeRX.exe
  2⤵
  PID:5664
- C:\Windows\System\oKbQgqG.exe
  C:\Windows\System\oKbQgqG.exe
  2⤵
  PID:5968
- C:\Windows\System\TBCIdbi.exe
  C:\Windows\System\TBCIdbi.exe
  2⤵
  PID:6088
- C:\Windows\System\VEVSjBT.exe
  C:\Windows\System\VEVSjBT.exe
  2⤵
  PID:4732
- C:\Windows\System\JlANgRU.exe
  C:\Windows\System\JlANgRU.exe
  2⤵
  PID:4876
- C:\Windows\System\dwkBeas.exe
  C:\Windows\System\dwkBeas.exe
  2⤵
  PID:6148
- C:\Windows\System\fPcGsxR.exe
  C:\Windows\System\fPcGsxR.exe
  2⤵
  PID:6192
- C:\Windows\System\gDFCuDU.exe
  C:\Windows\System\gDFCuDU.exe
  2⤵
  PID:6212
- C:\Windows\System\FNJTYnk.exe
  C:\Windows\System\FNJTYnk.exe
  2⤵
  PID:6252
- C:\Windows\System\QeyUaab.exe
  C:\Windows\System\QeyUaab.exe
  2⤵
  PID:6292
- C:\Windows\System\lmSLywi.exe
  C:\Windows\System\lmSLywi.exe
  2⤵
  PID:6324
- C:\Windows\System\VOBloLv.exe
  C:\Windows\System\VOBloLv.exe
  2⤵
  PID:6352
- C:\Windows\System\SFsIcOn.exe
  C:\Windows\System\SFsIcOn.exe
  2⤵
  PID:6368
- C:\Windows\System\qvaNiiI.exe
  C:\Windows\System\qvaNiiI.exe
  2⤵
  PID:6416
- C:\Windows\System\RUHnGlz.exe
  C:\Windows\System\RUHnGlz.exe
  2⤵
  PID:6456
- C:\Windows\System\zvVrSpq.exe
  C:\Windows\System\zvVrSpq.exe
  2⤵
  PID:6516
- C:\Windows\System\fFLtIbE.exe
  C:\Windows\System\fFLtIbE.exe
  2⤵
  PID:6528
- C:\Windows\System\FHStLtc.exe
  C:\Windows\System\FHStLtc.exe
  2⤵
  PID:6552
- C:\Windows\System\vsHGndA.exe
  C:\Windows\System\vsHGndA.exe
  2⤵
  PID:6596
- C:\Windows\System\AeVlYXr.exe
  C:\Windows\System\AeVlYXr.exe
  2⤵
  PID:6632
- C:\Windows\System\xErVdwW.exe
  C:\Windows\System\xErVdwW.exe
  2⤵
  PID:2752
- C:\Windows\System\SxhXwVi.exe
  C:\Windows\System\SxhXwVi.exe
  2⤵
  PID:6656
- C:\Windows\System\kvqdCQy.exe
  C:\Windows\System\kvqdCQy.exe
  2⤵
  PID:6692
- C:\Windows\System\hwURTaE.exe
  C:\Windows\System\hwURTaE.exe
  2⤵
  PID:6756
- C:\Windows\System\NvByYGO.exe
  C:\Windows\System\NvByYGO.exe
  2⤵
  PID:6796
- C:\Windows\System\NgruPWg.exe
  C:\Windows\System\NgruPWg.exe
  2⤵
  PID:6828
- C:\Windows\System\HHAYiUw.exe
  C:\Windows\System\HHAYiUw.exe
  2⤵
  PID:6848
- C:\Windows\System\gpxAtwu.exe
  C:\Windows\System\gpxAtwu.exe
  2⤵
  PID:6876
- C:\Windows\System\OmMlodw.exe
  C:\Windows\System\OmMlodw.exe
  2⤵
  PID:6892
- C:\Windows\System\DLaCzXD.exe
  C:\Windows\System\DLaCzXD.exe
  2⤵
  PID:6956
- C:\Windows\System\aeQRPLV.exe
  C:\Windows\System\aeQRPLV.exe
  2⤵
  PID:6992
- C:\Windows\System\geQNAsD.exe
  C:\Windows\System\geQNAsD.exe
  2⤵
  PID:6968
- C:\Windows\System\IwZDcNQ.exe
  C:\Windows\System\IwZDcNQ.exe
  2⤵
  PID:7032
- C:\Windows\System\ImsVyMU.exe
  C:\Windows\System\ImsVyMU.exe
  2⤵
  PID:7072
- C:\Windows\System\yBupLuB.exe
  C:\Windows\System\yBupLuB.exe
  2⤵
  PID:7108
- C:\Windows\System\aWfYlCY.exe
  C:\Windows\System\aWfYlCY.exe
  2⤵
  PID:7152
- C:\Windows\System\UsVqhKA.exe
  C:\Windows\System\UsVqhKA.exe
  2⤵
  PID:5276
- C:\Windows\System\nZqtXXn.exe
  C:\Windows\System\nZqtXXn.exe
  2⤵
  PID:5172
- C:\Windows\System\HILkshr.exe
  C:\Windows\System\HILkshr.exe
  2⤵
  PID:5984
- C:\Windows\System\fHVRTgt.exe
  C:\Windows\System\fHVRTgt.exe
  2⤵
  PID:6068
- C:\Windows\System\jpGVhyz.exe
  C:\Windows\System\jpGVhyz.exe
  2⤵
  PID:3144
- C:\Windows\System\KsIWVrC.exe
  C:\Windows\System\KsIWVrC.exe
  2⤵
  PID:6152
- C:\Windows\System\ZRbLvTC.exe
  C:\Windows\System\ZRbLvTC.exe
  2⤵
  PID:6232
- C:\Windows\System\kLPQQRh.exe
  C:\Windows\System\kLPQQRh.exe
  2⤵
  PID:6164
- C:\Windows\System\HhkbGEq.exe
  C:\Windows\System\HhkbGEq.exe
  2⤵
  PID:6264
- C:\Windows\System\CUbDFlU.exe
  C:\Windows\System\CUbDFlU.exe
  2⤵
  PID:6392
- C:\Windows\System\FwqufmA.exe
  C:\Windows\System\FwqufmA.exe
  2⤵
  PID:3592
- C:\Windows\System\JWRrssA.exe
  C:\Windows\System\JWRrssA.exe
  2⤵
  PID:2552
- C:\Windows\System\mwpWTni.exe
  C:\Windows\System\mwpWTni.exe
  2⤵
  PID:6448
- C:\Windows\System\czpEeLt.exe
  C:\Windows\System\czpEeLt.exe
  2⤵
  PID:6556
- C:\Windows\System\EDpSHww.exe
  C:\Windows\System\EDpSHww.exe
  2⤵
  PID:2780
- C:\Windows\System\ImcvFxH.exe
  C:\Windows\System\ImcvFxH.exe
  2⤵
  PID:6576
- C:\Windows\System\awRitZv.exe
  C:\Windows\System\awRitZv.exe
  2⤵
  PID:6616
- C:\Windows\System\MGEQpyp.exe
  C:\Windows\System\MGEQpyp.exe
  2⤵
  PID:6708
- C:\Windows\System\gWrhzuP.exe
  C:\Windows\System\gWrhzuP.exe
  2⤵
  PID:6752
- C:\Windows\System\YqvVNgk.exe
  C:\Windows\System\YqvVNgk.exe
  2⤵
  PID:6812
- C:\Windows\System\gakIPcu.exe
  C:\Windows\System\gakIPcu.exe
  2⤵
  PID:6912
- C:\Windows\System\aAMhGwe.exe
  C:\Windows\System\aAMhGwe.exe
  2⤵
  PID:7008
- C:\Windows\System\MTFMCFQ.exe
  C:\Windows\System\MTFMCFQ.exe
  2⤵
  PID:6952
- C:\Windows\System\lYTQUJD.exe
  C:\Windows\System\lYTQUJD.exe
  2⤵
  PID:7012
- C:\Windows\System\TSQInCy.exe
  C:\Windows\System\TSQInCy.exe
  2⤵
  PID:7112
- C:\Windows\System\EwftdKP.exe
  C:\Windows\System\EwftdKP.exe
  2⤵
  PID:7092
- C:\Windows\System\YXcMTde.exe
  C:\Windows\System\YXcMTde.exe
  2⤵
  PID:2564
- C:\Windows\System\illuIBp.exe
  C:\Windows\System\illuIBp.exe
  2⤵
  PID:5440
- C:\Windows\System\YJOvhLJ.exe
  C:\Windows\System\YJOvhLJ.exe
  2⤵
  PID:5604
- C:\Windows\System\kBgjCiZ.exe
  C:\Windows\System\kBgjCiZ.exe
  2⤵
  PID:4748
- C:\Windows\System\aWtjYUS.exe
  C:\Windows\System\aWtjYUS.exe
  2⤵
  PID:6496
- C:\Windows\System\EpJYVBL.exe
  C:\Windows\System\EpJYVBL.exe
  2⤵
  PID:6492
- C:\Windows\System\PYWDRcr.exe
  C:\Windows\System\PYWDRcr.exe
  2⤵
  PID:6612
- C:\Windows\System\EyHkyJw.exe
  C:\Windows\System\EyHkyJw.exe
  2⤵
  PID:6856
- C:\Windows\System\TkyvPbJ.exe
  C:\Windows\System\TkyvPbJ.exe
  2⤵
  PID:6772
- C:\Windows\System\Zdutsja.exe
  C:\Windows\System\Zdutsja.exe
  2⤵
  PID:7036
- C:\Windows\System\qRYZtlO.exe
  C:\Windows\System\qRYZtlO.exe
  2⤵
  PID:2120
- C:\Windows\System\EHqPmMg.exe
  C:\Windows\System\EHqPmMg.exe
  2⤵
  PID:7184
- C:\Windows\System\SJZbQkp.exe
  C:\Windows\System\SJZbQkp.exe
  2⤵
  PID:7204
- C:\Windows\System\eMQHiPM.exe
  C:\Windows\System\eMQHiPM.exe
  2⤵
  PID:7224
- C:\Windows\System\aClKQzZ.exe
  C:\Windows\System\aClKQzZ.exe
  2⤵
  PID:7244
- C:\Windows\System\qXVVCiH.exe
  C:\Windows\System\qXVVCiH.exe
  2⤵
  PID:7272
- C:\Windows\System\gddnysT.exe
  C:\Windows\System\gddnysT.exe
  2⤵
  PID:7292
- C:\Windows\System\npbYEhB.exe
  C:\Windows\System\npbYEhB.exe
  2⤵
  PID:7312
- C:\Windows\System\AkOLTpG.exe
  C:\Windows\System\AkOLTpG.exe
  2⤵
  PID:7332
- C:\Windows\System\cznjYam.exe
  C:\Windows\System\cznjYam.exe
  2⤵
  PID:7352
- C:\Windows\System\EenVxLI.exe
  C:\Windows\System\EenVxLI.exe
  2⤵
  PID:7368
- C:\Windows\System\qsMnCEk.exe
  C:\Windows\System\qsMnCEk.exe
  2⤵
  PID:7388
- C:\Windows\System\IJuwuhw.exe
  C:\Windows\System\IJuwuhw.exe
  2⤵
  PID:7404
- C:\Windows\System\OtQDeJZ.exe
  C:\Windows\System\OtQDeJZ.exe
  2⤵
  PID:7428
- C:\Windows\System\LCzmqVl.exe
  C:\Windows\System\LCzmqVl.exe
  2⤵
  PID:7448
- C:\Windows\System\jfaYFrf.exe
  C:\Windows\System\jfaYFrf.exe
  2⤵
  PID:7472
- C:\Windows\System\lOjgDoO.exe
  C:\Windows\System\lOjgDoO.exe
  2⤵
  PID:7492
- C:\Windows\System\OWIpOJR.exe
  C:\Windows\System\OWIpOJR.exe
  2⤵
  PID:7508
- C:\Windows\System\QaKqjpW.exe
  C:\Windows\System\QaKqjpW.exe
  2⤵
  PID:7532
- C:\Windows\System\raypeUX.exe
  C:\Windows\System\raypeUX.exe
  2⤵
  PID:7552
- C:\Windows\System\sVksRkv.exe
  C:\Windows\System\sVksRkv.exe
  2⤵
  PID:7572
- C:\Windows\System\LxKvbCu.exe
  C:\Windows\System\LxKvbCu.exe
  2⤵
  PID:7592
- C:\Windows\System\ArpJcbq.exe
  C:\Windows\System\ArpJcbq.exe
  2⤵
  PID:7612
- C:\Windows\System\QkOplVk.exe
  C:\Windows\System\QkOplVk.exe
  2⤵
  PID:7632
- C:\Windows\System\YhDuthd.exe
  C:\Windows\System\YhDuthd.exe
  2⤵
  PID:7648
- C:\Windows\System\WzrUPnn.exe
  C:\Windows\System\WzrUPnn.exe
  2⤵
  PID:7672
- C:\Windows\System\JdunLlr.exe
  C:\Windows\System\JdunLlr.exe
  2⤵
  PID:7692
- C:\Windows\System\IuLoPaY.exe
  C:\Windows\System\IuLoPaY.exe
  2⤵
  PID:7712
- C:\Windows\System\aYXLzmQ.exe
  C:\Windows\System\aYXLzmQ.exe
  2⤵
  PID:7732
- C:\Windows\System\wEPPBHP.exe
  C:\Windows\System\wEPPBHP.exe
  2⤵
  PID:7752
- C:\Windows\System\PWqEFpK.exe
  C:\Windows\System\PWqEFpK.exe
  2⤵
  PID:7772
- C:\Windows\System\tJSfOhB.exe
  C:\Windows\System\tJSfOhB.exe
  2⤵
  PID:7792
- C:\Windows\System\bvIIuQG.exe
  C:\Windows\System\bvIIuQG.exe
  2⤵
  PID:7812
- C:\Windows\System\ihobhql.exe
  C:\Windows\System\ihobhql.exe
  2⤵
  PID:7832
- C:\Windows\System\UCITMqt.exe
  C:\Windows\System\UCITMqt.exe
  2⤵
  PID:7852
- C:\Windows\System\uJjREHF.exe
  C:\Windows\System\uJjREHF.exe
  2⤵
  PID:7872
- C:\Windows\System\GsMdqjc.exe
  C:\Windows\System\GsMdqjc.exe
  2⤵
  PID:7892
- C:\Windows\System\oPSoihE.exe
  C:\Windows\System\oPSoihE.exe
  2⤵
  PID:7912
- C:\Windows\System\jLwsfsM.exe
  C:\Windows\System\jLwsfsM.exe
  2⤵
  PID:7932
- C:\Windows\System\LGdIgjS.exe
  C:\Windows\System\LGdIgjS.exe
  2⤵
  PID:7956
- C:\Windows\System\oQxEUnf.exe
  C:\Windows\System\oQxEUnf.exe
  2⤵
  PID:7976
- C:\Windows\System\ygFLtmz.exe
  C:\Windows\System\ygFLtmz.exe
  2⤵
  PID:8000
- C:\Windows\System\wkFnGXi.exe
  C:\Windows\System\wkFnGXi.exe
  2⤵
  PID:8020
- C:\Windows\System\xuimQeZ.exe
  C:\Windows\System\xuimQeZ.exe
  2⤵
  PID:8040
- C:\Windows\System\ZktHHbb.exe
  C:\Windows\System\ZktHHbb.exe
  2⤵
  PID:8060
- C:\Windows\System\oqJHlMP.exe
  C:\Windows\System\oqJHlMP.exe
  2⤵
  PID:8080
- C:\Windows\System\QBiGKBI.exe
  C:\Windows\System\QBiGKBI.exe
  2⤵
  PID:8100
- C:\Windows\System\WFtOjzo.exe
  C:\Windows\System\WFtOjzo.exe
  2⤵
  PID:8120
- C:\Windows\System\ucdAJvH.exe
  C:\Windows\System\ucdAJvH.exe
  2⤵
  PID:8136
- C:\Windows\System\jyaGCNA.exe
  C:\Windows\System\jyaGCNA.exe
  2⤵
  PID:8160
- C:\Windows\System\fALvVIC.exe
  C:\Windows\System\fALvVIC.exe
  2⤵
  PID:8176
- C:\Windows\System\JqdAQTf.exe
  C:\Windows\System\JqdAQTf.exe
  2⤵
  PID:5360
- C:\Windows\System\EzXWokV.exe
  C:\Windows\System\EzXWokV.exe
  2⤵
  PID:2968
- C:\Windows\System\TabQUlK.exe
  C:\Windows\System\TabQUlK.exe
  2⤵
  PID:6648
- C:\Windows\System\ZTktUdv.exe
  C:\Windows\System\ZTktUdv.exe
  2⤵
  PID:5236
- C:\Windows\System\EpaODgi.exe
  C:\Windows\System\EpaODgi.exe
  2⤵
  PID:6572
- C:\Windows\System\OrWxEds.exe
  C:\Windows\System\OrWxEds.exe
  2⤵
  PID:6776
- C:\Windows\System\LAiriUP.exe
  C:\Windows\System\LAiriUP.exe
  2⤵
  PID:6736
- C:\Windows\System\yesHabN.exe
  C:\Windows\System\yesHabN.exe
  2⤵
  PID:7212
- C:\Windows\System\sQAoXsf.exe
  C:\Windows\System\sQAoXsf.exe
  2⤵
  PID:7252
- C:\Windows\System\mwIiYJZ.exe
  C:\Windows\System\mwIiYJZ.exe
  2⤵
  PID:7236
- C:\Windows\System\mOWFuvu.exe
  C:\Windows\System\mOWFuvu.exe
  2⤵
  PID:7192
- C:\Windows\System\gizCmGf.exe
  C:\Windows\System\gizCmGf.exe
  2⤵
  PID:7304
- C:\Windows\System\uHwVQNU.exe
  C:\Windows\System\uHwVQNU.exe
  2⤵
  PID:7288
- C:\Windows\System\pmqSPua.exe
  C:\Windows\System\pmqSPua.exe
  2⤵
  PID:7324
- C:\Windows\System\MAreAcR.exe
  C:\Windows\System\MAreAcR.exe
  2⤵
  PID:7360
- C:\Windows\System\PYkvIqo.exe
  C:\Windows\System\PYkvIqo.exe
  2⤵
  PID:7396
- C:\Windows\System\dTZMvUH.exe
  C:\Windows\System\dTZMvUH.exe
  2⤵
  PID:7436
- C:\Windows\System\zTgwTxL.exe
  C:\Windows\System\zTgwTxL.exe
  2⤵
  PID:7444
- C:\Windows\System\HkzHvxI.exe
  C:\Windows\System\HkzHvxI.exe
  2⤵
  PID:7520
- C:\Windows\System\CrOGCaI.exe
  C:\Windows\System\CrOGCaI.exe
  2⤵
  PID:7544
- C:\Windows\System\DniRYXf.exe
  C:\Windows\System\DniRYXf.exe
  2⤵
  PID:7560
- C:\Windows\System\rFUsqjR.exe
  C:\Windows\System\rFUsqjR.exe
  2⤵
  PID:7620
- C:\Windows\System\oudGukT.exe
  C:\Windows\System\oudGukT.exe
  2⤵
  PID:7656
- C:\Windows\System\ELcxCQL.exe
  C:\Windows\System\ELcxCQL.exe
  2⤵
  PID:7660
- C:\Windows\System\RDqThgq.exe
  C:\Windows\System\RDqThgq.exe
  2⤵
  PID:7688
- C:\Windows\System\AFCnAHe.exe
  C:\Windows\System\AFCnAHe.exe
  2⤵
  PID:7724
- C:\Windows\System\HjndXxd.exe
  C:\Windows\System\HjndXxd.exe
  2⤵
  PID:7760
- C:\Windows\System\vhIKzlZ.exe
  C:\Windows\System\vhIKzlZ.exe
  2⤵
  PID:7820
- C:\Windows\System\xaBIwed.exe
  C:\Windows\System\xaBIwed.exe
  2⤵
  PID:7804
- C:\Windows\System\fEEwmzL.exe
  C:\Windows\System\fEEwmzL.exe
  2⤵
  PID:7868
- C:\Windows\System\nICYjXt.exe
  C:\Windows\System\nICYjXt.exe
  2⤵
  PID:5000
- C:\Windows\System\NdeOpnQ.exe
  C:\Windows\System\NdeOpnQ.exe
  2⤵
  PID:7940
- C:\Windows\System\sYZwodC.exe
  C:\Windows\System\sYZwodC.exe
  2⤵
  PID:7984
- C:\Windows\System\TzBzMUN.exe
  C:\Windows\System\TzBzMUN.exe
  2⤵
  PID:7988
- C:\Windows\System\JGxniYS.exe
  C:\Windows\System\JGxniYS.exe
  2⤵
  PID:8068
- C:\Windows\System\cKhYlHN.exe
  C:\Windows\System\cKhYlHN.exe
  2⤵
  PID:8016
- C:\Windows\System\UpVunPl.exe
  C:\Windows\System\UpVunPl.exe
  2⤵
  PID:8056
- C:\Windows\System\vrdfWYW.exe
  C:\Windows\System\vrdfWYW.exe
  2⤵
  PID:8152
- C:\Windows\System\nIwpuAR.exe
  C:\Windows\System\nIwpuAR.exe
  2⤵
  PID:8096
- C:\Windows\System\VJaRdRQ.exe
  C:\Windows\System\VJaRdRQ.exe
  2⤵
  PID:5644
- C:\Windows\System\kPVNpZt.exe
  C:\Windows\System\kPVNpZt.exe
  2⤵
  PID:5820
- C:\Windows\System\dTeJkcY.exe
  C:\Windows\System\dTeJkcY.exe
  2⤵
  PID:7136
- C:\Windows\System\PVkHDrf.exe
  C:\Windows\System\PVkHDrf.exe
  2⤵
  PID:6436
- C:\Windows\System\xJBuuhy.exe
  C:\Windows\System\xJBuuhy.exe
  2⤵
  PID:7172
- C:\Windows\System\iDgdXcJ.exe
  C:\Windows\System\iDgdXcJ.exe
  2⤵
  PID:2776
- C:\Windows\System\NDRPkBn.exe
  C:\Windows\System\NDRPkBn.exe
  2⤵
  PID:7180
- C:\Windows\System\SOJsoWr.exe
  C:\Windows\System\SOJsoWr.exe
  2⤵
  PID:7264
- C:\Windows\System\HDeDzvr.exe
  C:\Windows\System\HDeDzvr.exe
  2⤵
  PID:576
- C:\Windows\System\fpalolS.exe
  C:\Windows\System\fpalolS.exe
  2⤵
  PID:7344
- C:\Windows\System\dPCTogN.exe
  C:\Windows\System\dPCTogN.exe
  2⤵
  PID:7320
- C:\Windows\System\JvITmci.exe
  C:\Windows\System\JvITmci.exe
  2⤵
  PID:7380
- C:\Windows\System\IBcMLvx.exe
  C:\Windows\System\IBcMLvx.exe
  2⤵
  PID:7416
- C:\Windows\System\ZJHuXEY.exe
  C:\Windows\System\ZJHuXEY.exe
  2⤵
  PID:2644
- C:\Windows\System\YuFnVHR.exe
  C:\Windows\System\YuFnVHR.exe
  2⤵
  PID:7588
- C:\Windows\System\nlSWHvL.exe
  C:\Windows\System\nlSWHvL.exe
  2⤵
  PID:7568
- C:\Windows\System\YpXqMFP.exe
  C:\Windows\System\YpXqMFP.exe
  2⤵
  PID:292
- C:\Windows\System\TYvvDiT.exe
  C:\Windows\System\TYvvDiT.exe
  2⤵
  PID:7708
- C:\Windows\System\hMpxLSS.exe
  C:\Windows\System\hMpxLSS.exe
  2⤵
  PID:7780
- C:\Windows\System\SZJQpKC.exe
  C:\Windows\System\SZJQpKC.exe
  2⤵
  PID:7808
- C:\Windows\System\uWJFBTn.exe
  C:\Windows\System\uWJFBTn.exe
  2⤵
  PID:7784
- C:\Windows\System\IPhZQDM.exe
  C:\Windows\System\IPhZQDM.exe
  2⤵
  PID:7848
- C:\Windows\System\zwiSctt.exe
  C:\Windows\System\zwiSctt.exe
  2⤵
  PID:7888
- C:\Windows\System\FzULZDe.exe
  C:\Windows\System\FzULZDe.exe
  2⤵
  PID:7928
- C:\Windows\System\CtJbfpf.exe
  C:\Windows\System\CtJbfpf.exe
  2⤵
  PID:7964
- C:\Windows\System\LJKaElM.exe
  C:\Windows\System\LJKaElM.exe
  2⤵
  PID:8092
- C:\Windows\System\NbzCGcz.exe
  C:\Windows\System\NbzCGcz.exe
  2⤵
  PID:3008
- C:\Windows\System\oNFNYHn.exe
  C:\Windows\System\oNFNYHn.exe
  2⤵
  PID:8168
- C:\Windows\System\gkwJVMq.exe
  C:\Windows\System\gkwJVMq.exe
  2⤵
  PID:8184
- C:\Windows\System\ScfrNdf.exe
  C:\Windows\System\ScfrNdf.exe
  2⤵
  PID:1684
- C:\Windows\System\NOhurXE.exe
  C:\Windows\System\NOhurXE.exe
  2⤵
  PID:1484
- C:\Windows\System\vDtgQPt.exe
  C:\Windows\System\vDtgQPt.exe
  2⤵
  PID:6532
- C:\Windows\System\pWVTRAQ.exe
  C:\Windows\System\pWVTRAQ.exe
  2⤵
  PID:2004
- C:\Windows\System\nsOzdMF.exe
  C:\Windows\System\nsOzdMF.exe
  2⤵
  PID:7348
- C:\Windows\System\gPUCCfC.exe
  C:\Windows\System\gPUCCfC.exe
  2⤵
  PID:7240
- C:\Windows\System\CQANyIV.exe
  C:\Windows\System\CQANyIV.exe
  2⤵
  PID:7364
- C:\Windows\System\rKHkcgt.exe
  C:\Windows\System\rKHkcgt.exe
  2⤵
  PID:1348
- C:\Windows\System\rxnSCFu.exe
  C:\Windows\System\rxnSCFu.exe
  2⤵
  PID:2760
- C:\Windows\System\bcvatzz.exe
  C:\Windows\System\bcvatzz.exe
  2⤵
  PID:7624
- C:\Windows\System\NghmYZc.exe
  C:\Windows\System\NghmYZc.exe
  2⤵
  PID:7640
- C:\Windows\System\AjNYGOK.exe
  C:\Windows\System\AjNYGOK.exe
  2⤵
  PID:7764
- C:\Windows\System\jkebpYC.exe
  C:\Windows\System\jkebpYC.exe
  2⤵
  PID:7844
- C:\Windows\System\kzQiMVz.exe
  C:\Windows\System\kzQiMVz.exe
  2⤵
  PID:8188
- C:\Windows\System\eUhQMBS.exe
  C:\Windows\System\eUhQMBS.exe
  2⤵
  PID:5900
- C:\Windows\System\FrSbqtq.exe
  C:\Windows\System\FrSbqtq.exe
  2⤵
  PID:2948
- C:\Windows\System\XolXOCt.exe
  C:\Windows\System\XolXOCt.exe
  2⤵
  PID:6268
- C:\Windows\System\YHBPRAW.exe
  C:\Windows\System\YHBPRAW.exe
  2⤵
  PID:7088
- C:\Windows\System\ERkObIj.exe
  C:\Windows\System\ERkObIj.exe
  2⤵
  PID:2936
- C:\Windows\System\VculZGV.exe
  C:\Windows\System\VculZGV.exe
  2⤵
  PID:708
- C:\Windows\System\zkPWoMc.exe
  C:\Windows\System\zkPWoMc.exe
  2⤵
  PID:7440
- C:\Windows\System\DZHnZnn.exe
  C:\Windows\System\DZHnZnn.exe
  2⤵
  PID:7504
- C:\Windows\System\CigJtxa.exe
  C:\Windows\System\CigJtxa.exe
  2⤵
  PID:7900
- C:\Windows\System\enIQMdK.exe
  C:\Windows\System\enIQMdK.exe
  2⤵
  PID:6284
- C:\Windows\System\PJZVCfa.exe
  C:\Windows\System\PJZVCfa.exe
  2⤵
  PID:6896
- C:\Windows\System\HffzFBJ.exe
  C:\Windows\System\HffzFBJ.exe
  2⤵
  PID:2008
- C:\Windows\System\MVFwnRs.exe
  C:\Windows\System\MVFwnRs.exe
  2⤵
  PID:7464
- C:\Windows\System\CofyqnE.exe
  C:\Windows\System\CofyqnE.exe
  2⤵
  PID:2944
- C:\Windows\System\DdMemtC.exe
  C:\Windows\System\DdMemtC.exe
  2⤵
  PID:2016
- C:\Windows\System\OxDjNnG.exe
  C:\Windows\System\OxDjNnG.exe
  2⤵
  PID:2676
- C:\Windows\System\YPbyGmr.exe
  C:\Windows\System\YPbyGmr.exe
  2⤵
  PID:448
- C:\Windows\System\CCcxeqA.exe
  C:\Windows\System\CCcxeqA.exe
  2⤵
  PID:1148
- C:\Windows\System\QWFzEDF.exe
  C:\Windows\System\QWFzEDF.exe
  2⤵
  PID:1640
- C:\Windows\System\gXOrvgR.exe
  C:\Windows\System\gXOrvgR.exe
  2⤵
  PID:2212
- C:\Windows\System\hRZxPii.exe
  C:\Windows\System\hRZxPii.exe
  2⤵
  PID:7232
- C:\Windows\System\MlLPVic.exe
  C:\Windows\System\MlLPVic.exe
  2⤵
  PID:7680
- C:\Windows\System\SnLmbAf.exe
  C:\Windows\System\SnLmbAf.exe
  2⤵
  PID:8196
- C:\Windows\System\LauvKDe.exe
  C:\Windows\System\LauvKDe.exe
  2⤵
  PID:8212
- C:\Windows\System\IcTqRuc.exe
  C:\Windows\System\IcTqRuc.exe
  2⤵
  PID:8228
- C:\Windows\System\qCrACpH.exe
  C:\Windows\System\qCrACpH.exe
  2⤵
  PID:8244
- C:\Windows\System\jYcQikn.exe
  C:\Windows\System\jYcQikn.exe
  2⤵
  PID:8260
- C:\Windows\System\qlenKGQ.exe
  C:\Windows\System\qlenKGQ.exe
  2⤵
  PID:8276
- C:\Windows\System\PGoCmgg.exe
  C:\Windows\System\PGoCmgg.exe
  2⤵
  PID:8308
- C:\Windows\System\yQlMhOM.exe
  C:\Windows\System\yQlMhOM.exe
  2⤵
  PID:8344
- C:\Windows\System\pLRkczY.exe
  C:\Windows\System\pLRkczY.exe
  2⤵
  PID:8376
- C:\Windows\System\IhkWDrp.exe
  C:\Windows\System\IhkWDrp.exe
  2⤵
  PID:8396
- C:\Windows\System\HyJBfLQ.exe
  C:\Windows\System\HyJBfLQ.exe
  2⤵
  PID:8412
- C:\Windows\System\mHYzkRU.exe
  C:\Windows\System\mHYzkRU.exe
  2⤵
  PID:8436
- C:\Windows\System\rEFcoed.exe
  C:\Windows\System\rEFcoed.exe
  2⤵
  PID:8452
- C:\Windows\System\LpfmKGA.exe
  C:\Windows\System\LpfmKGA.exe
  2⤵
  PID:8468
- C:\Windows\System\tNYquKL.exe
  C:\Windows\System\tNYquKL.exe
  2⤵
  PID:8512
- C:\Windows\System\dadgcAD.exe
  C:\Windows\System\dadgcAD.exe
  2⤵
  PID:8548
- C:\Windows\System\YQEnGim.exe
  C:\Windows\System\YQEnGim.exe
  2⤵
  PID:8564
- C:\Windows\System\gsufkCo.exe
  C:\Windows\System\gsufkCo.exe
  2⤵
  PID:8580
- C:\Windows\System\vlUUpXt.exe
  C:\Windows\System\vlUUpXt.exe
  2⤵
  PID:8624
- C:\Windows\System\KMWHAQa.exe
  C:\Windows\System\KMWHAQa.exe
  2⤵
  PID:8640
- C:\Windows\System\LiiEesW.exe
  C:\Windows\System\LiiEesW.exe
  2⤵
  PID:8656
- C:\Windows\System\KChCrDc.exe
  C:\Windows\System\KChCrDc.exe
  2⤵
  PID:8672
- C:\Windows\System\OJomGyv.exe
  C:\Windows\System\OJomGyv.exe
  2⤵
  PID:8688
- C:\Windows\System\VugfDkv.exe
  C:\Windows\System\VugfDkv.exe
  2⤵
  PID:8704
- C:\Windows\System\LfKkDDz.exe
  C:\Windows\System\LfKkDDz.exe
  2⤵
  PID:8724
- C:\Windows\System\GfviGRw.exe
  C:\Windows\System\GfviGRw.exe
  2⤵
  PID:8740
- C:\Windows\System\bRjtkxE.exe
  C:\Windows\System\bRjtkxE.exe
  2⤵
  PID:8780
- C:\Windows\System\pcmrnTC.exe
  C:\Windows\System\pcmrnTC.exe
  2⤵
  PID:8796
- C:\Windows\System\MHOQQgq.exe
  C:\Windows\System\MHOQQgq.exe
  2⤵
  PID:8816
- C:\Windows\System\XOwtqUl.exe
  C:\Windows\System\XOwtqUl.exe
  2⤵
  PID:8832
- C:\Windows\System\qqxxMIZ.exe
  C:\Windows\System\qqxxMIZ.exe
  2⤵
  PID:8848
- C:\Windows\System\ZmTYCWB.exe
  C:\Windows\System\ZmTYCWB.exe
  2⤵
  PID:8864
- C:\Windows\System\FeXRbHc.exe
  C:\Windows\System\FeXRbHc.exe
  2⤵
  PID:8880
- C:\Windows\System\DBoaFfK.exe
  C:\Windows\System\DBoaFfK.exe
  2⤵
  PID:8896
- C:\Windows\System\UIJsWdB.exe
  C:\Windows\System\UIJsWdB.exe
  2⤵
  PID:8912
- C:\Windows\System\FUnlvRJ.exe
  C:\Windows\System\FUnlvRJ.exe
  2⤵
  PID:8928
- C:\Windows\System\FiXzGSO.exe
  C:\Windows\System\FiXzGSO.exe
  2⤵
  PID:8944
- C:\Windows\System\GgPUXAd.exe
  C:\Windows\System\GgPUXAd.exe
  2⤵
  PID:8960
- C:\Windows\System\xQsOqsr.exe
  C:\Windows\System\xQsOqsr.exe
  2⤵
  PID:9028
- C:\Windows\System\JdLJjXG.exe
  C:\Windows\System\JdLJjXG.exe
  2⤵
  PID:9044
- C:\Windows\System\ebiprTH.exe
  C:\Windows\System\ebiprTH.exe
  2⤵
  PID:9060
- C:\Windows\System\Zbxtbbv.exe
  C:\Windows\System\Zbxtbbv.exe
  2⤵
  PID:9076
- C:\Windows\System\EBVsJDt.exe
  C:\Windows\System\EBVsJDt.exe
  2⤵
  PID:9092
- C:\Windows\System\DZeHPSJ.exe
  C:\Windows\System\DZeHPSJ.exe
  2⤵
  PID:9108
- C:\Windows\System\EpShurp.exe
  C:\Windows\System\EpShurp.exe
  2⤵
  PID:9148
- C:\Windows\System\QPFBolj.exe
  C:\Windows\System\QPFBolj.exe
  2⤵
  PID:9164
- C:\Windows\System\fXcWuNT.exe
  C:\Windows\System\fXcWuNT.exe
  2⤵
  PID:9180
- C:\Windows\System\dYhLWGj.exe
  C:\Windows\System\dYhLWGj.exe
  2⤵
  PID:9204
- C:\Windows\System\aznrcUU.exe
  C:\Windows\System\aznrcUU.exe
  2⤵
  PID:7720
- C:\Windows\System\XYRcUIb.exe
  C:\Windows\System\XYRcUIb.exe
  2⤵
  PID:1532
- C:\Windows\System\AntAQIs.exe
  C:\Windows\System\AntAQIs.exe
  2⤵
  PID:872
- C:\Windows\System\QGrppJQ.exe
  C:\Windows\System\QGrppJQ.exe
  2⤵
  PID:1912
- C:\Windows\System\qTzahiy.exe
  C:\Windows\System\qTzahiy.exe
  2⤵
  PID:7056
- C:\Windows\System\lXqVfjs.exe
  C:\Windows\System\lXqVfjs.exe
  2⤵
  PID:7328
- C:\Windows\System\GSVdxaT.exe
  C:\Windows\System\GSVdxaT.exe
  2⤵
  PID:8252
- C:\Windows\System\AeJOZlw.exe
  C:\Windows\System\AeJOZlw.exe
  2⤵
  PID:8336
- C:\Windows\System\sXBjgkv.exe
  C:\Windows\System\sXBjgkv.exe
  2⤵
  PID:2188
- C:\Windows\System\VLzLVbT.exe
  C:\Windows\System\VLzLVbT.exe
  2⤵
  PID:1936
- C:\Windows\System\TfVvSEO.exe
  C:\Windows\System\TfVvSEO.exe
  2⤵
  PID:8364
- C:\Windows\System\usOcjgg.exe
  C:\Windows\System\usOcjgg.exe
  2⤵
  PID:8424
- C:\Windows\System\sjOkaIJ.exe
  C:\Windows\System\sjOkaIJ.exe
  2⤵
  PID:2720
- C:\Windows\System\PEelQrN.exe
  C:\Windows\System\PEelQrN.exe
  2⤵
  PID:8392
- C:\Windows\System\vFUTGyG.exe
  C:\Windows\System\vFUTGyG.exe
  2⤵
  PID:8492
- C:\Windows\System\sdxnwJj.exe
  C:\Windows\System\sdxnwJj.exe
  2⤵
  PID:8544
- C:\Windows\System\CAUtdDC.exe
  C:\Windows\System\CAUtdDC.exe
  2⤵
  PID:8556
- C:\Windows\System\OQPhDco.exe
  C:\Windows\System\OQPhDco.exe
  2⤵
  PID:8600
- C:\Windows\System\PAGIDpv.exe
  C:\Windows\System\PAGIDpv.exe
  2⤵
  PID:8616
- C:\Windows\System\BUojwge.exe
  C:\Windows\System\BUojwge.exe
  2⤵
  PID:8648
- C:\Windows\System\xxNLveh.exe
  C:\Windows\System\xxNLveh.exe
  2⤵
  PID:8736
- C:\Windows\System\UvOrMvv.exe
  C:\Windows\System\UvOrMvv.exe
  2⤵
  PID:8760
- C:\Windows\System\PerFxIx.exe
  C:\Windows\System\PerFxIx.exe
  2⤵
  PID:8776
- C:\Windows\System\CsNqAao.exe
  C:\Windows\System\CsNqAao.exe
  2⤵
  PID:8772
- C:\Windows\System\KvmJkBf.exe
  C:\Windows\System\KvmJkBf.exe
  2⤵
  PID:8856
- C:\Windows\System\DykJdAA.exe
  C:\Windows\System\DykJdAA.exe
  2⤵
  PID:8804
- C:\Windows\System\oltCYak.exe
  C:\Windows\System\oltCYak.exe
  2⤵
  PID:8936
- C:\Windows\System\XwPAkKk.exe
  C:\Windows\System\XwPAkKk.exe
  2⤵
  PID:8924
- C:\Windows\System\tbpnMyd.exe
  C:\Windows\System\tbpnMyd.exe
  2⤵
  PID:8972
- C:\Windows\System\DSVPbVU.exe
  C:\Windows\System\DSVPbVU.exe
  2⤵
  PID:8996
- C:\Windows\System\LlHvUCm.exe
  C:\Windows\System\LlHvUCm.exe
  2⤵
  PID:9012
- C:\Windows\System\mKVgioC.exe
  C:\Windows\System\mKVgioC.exe
  2⤵
  PID:9036
- C:\Windows\System\SlbytCn.exe
  C:\Windows\System\SlbytCn.exe
  2⤵
  PID:9088
- C:\Windows\System\MLNacpu.exe
  C:\Windows\System\MLNacpu.exe
  2⤵
  PID:9084
- C:\Windows\System\tvbGRcK.exe
  C:\Windows\System\tvbGRcK.exe
  2⤵
  PID:9132
- C:\Windows\System\MUXgzyf.exe
  C:\Windows\System\MUXgzyf.exe
  2⤵
  PID:9156
- C:\Windows\System\BEMfLMo.exe
  C:\Windows\System\BEMfLMo.exe
  2⤵
  PID:9200
- C:\Windows\System\TubRSEk.exe
  C:\Windows\System\TubRSEk.exe
  2⤵
  PID:9172
- C:\Windows\System\IKhJIHb.exe
  C:\Windows\System\IKhJIHb.exe
  2⤵
  PID:8220
- C:\Windows\System\xupwFdK.exe
  C:\Windows\System\xupwFdK.exe
  2⤵
  PID:8372
- C:\Windows\System\WtFPUAe.exe
  C:\Windows\System\WtFPUAe.exe
  2⤵
  PID:8356
- C:\Windows\System\jaFmJss.exe
  C:\Windows\System\jaFmJss.exe
  2⤵
  PID:8464
- C:\Windows\System\YLUYwjf.exe
  C:\Windows\System\YLUYwjf.exe
  2⤵
  PID:8408
- C:\Windows\System\MVwkIyD.exe
  C:\Windows\System\MVwkIyD.exe
  2⤵
  PID:8388
- C:\Windows\System\HWWaawN.exe
  C:\Windows\System\HWWaawN.exe
  2⤵
  PID:8524
- C:\Windows\System\DxBvpwU.exe
  C:\Windows\System\DxBvpwU.exe
  2⤵
  PID:8500
- C:\Windows\System\WAuzuHF.exe
  C:\Windows\System\WAuzuHF.exe
  2⤵
  PID:8608
- C:\Windows\System\lxWOOmm.exe
  C:\Windows\System\lxWOOmm.exe
  2⤵
  PID:8596
- C:\Windows\System\caoNxlX.exe
  C:\Windows\System\caoNxlX.exe
  2⤵
  PID:8664
- C:\Windows\System\BfSzjZR.exe
  C:\Windows\System\BfSzjZR.exe
  2⤵
  PID:8748
- C:\Windows\System\oFRNaya.exe
  C:\Windows\System\oFRNaya.exe
  2⤵
  PID:8732
- C:\Windows\System\pTNEHCm.exe
  C:\Windows\System\pTNEHCm.exe
  2⤵
  PID:8824
- C:\Windows\System\bDUpsMN.exe
  C:\Windows\System\bDUpsMN.exe
  2⤵
  PID:8920
- C:\Windows\System\QyiJJVt.exe
  C:\Windows\System\QyiJJVt.exe
  2⤵
  PID:8812
- C:\Windows\System\eUATGUt.exe
  C:\Windows\System\eUATGUt.exe
  2⤵
  PID:8840
- C:\Windows\System\nDdjtKq.exe
  C:\Windows\System\nDdjtKq.exe
  2⤵
  PID:9024
- C:\Windows\System\QXVZxnd.exe
  C:\Windows\System\QXVZxnd.exe
  2⤵
  PID:9040
- C:\Windows\System\GiIRoyu.exe
  C:\Windows\System\GiIRoyu.exe
  2⤵
  PID:8904
- C:\Windows\System\zzZGSWp.exe
  C:\Windows\System\zzZGSWp.exe
  2⤵
  PID:9188
- C:\Windows\System\SgFSTsJ.exe
  C:\Windows\System\SgFSTsJ.exe
  2⤵
  PID:9144
- C:\Windows\System\QVtkFOc.exe
  C:\Windows\System\QVtkFOc.exe
  2⤵
  PID:340
- C:\Windows\System\NtgZAWa.exe
  C:\Windows\System\NtgZAWa.exe
  2⤵
  PID:8320
- C:\Windows\System\XVajCMF.exe
  C:\Windows\System\XVajCMF.exe
  2⤵
  PID:7548
- C:\Windows\System\igFMxXj.exe
  C:\Windows\System\igFMxXj.exe
  2⤵
  PID:8360
- C:\Windows\System\sPCvrIu.exe
  C:\Windows\System\sPCvrIu.exe
  2⤵
  PID:8404
- C:\Windows\System\fQItNYi.exe
  C:\Windows\System\fQItNYi.exe
  2⤵
  PID:8700
- C:\Windows\System\jppGyik.exe
  C:\Windows\System\jppGyik.exe
  2⤵
  PID:8984
- C:\Windows\System\PXyBikT.exe
  C:\Windows\System\PXyBikT.exe
  2⤵
  PID:8484
- C:\Windows\System\gclEfmR.exe
  C:\Windows\System\gclEfmR.exe
  2⤵
  PID:8588
- C:\Windows\System\xBYCXAJ.exe
  C:\Windows\System\xBYCXAJ.exe
  2⤵
  PID:8892
- C:\Windows\System\APLKVwg.exe
  C:\Windows\System\APLKVwg.exe
  2⤵
  PID:8008
- C:\Windows\System\VIcLaEW.exe
  C:\Windows\System\VIcLaEW.exe
  2⤵
  PID:9124
- C:\Windows\System\feWGuXt.exe
  C:\Windows\System\feWGuXt.exe
  2⤵
  PID:8428
- C:\Windows\System\oknoPsz.exe
  C:\Windows\System\oknoPsz.exe
  2⤵
  PID:2200
- C:\Windows\System\HIxTGiR.exe
  C:\Windows\System\HIxTGiR.exe
  2⤵
  PID:8480
- C:\Windows\System\YkgvJTC.exe
  C:\Windows\System\YkgvJTC.exe
  2⤵
  PID:8956
- C:\Windows\System\sztObfn.exe
  C:\Windows\System\sztObfn.exe
  2⤵
  PID:8284
- C:\Windows\System\QzhqJBO.exe
  C:\Windows\System\QzhqJBO.exe
  2⤵
  PID:8332
- C:\Windows\System\gFwNsXB.exe
  C:\Windows\System\gFwNsXB.exe
  2⤵
  PID:8872
- C:\Windows\System\okpPsqe.exe
  C:\Windows\System\okpPsqe.exe
  2⤵
  PID:8256
- C:\Windows\System\dmYvEFz.exe
  C:\Windows\System\dmYvEFz.exe
  2⤵
  PID:2872
- C:\Windows\System\paGdlvt.exe
  C:\Windows\System\paGdlvt.exe
  2⤵
  PID:9072
- C:\Windows\System\oeDlqgH.exe
  C:\Windows\System\oeDlqgH.exe
  2⤵
  PID:8720
- C:\Windows\System\JsQaxXJ.exe
  C:\Windows\System\JsQaxXJ.exe
  2⤵
  PID:8684
- C:\Windows\System\iqmzqZi.exe
  C:\Windows\System\iqmzqZi.exe
  2⤵
  PID:9228
- C:\Windows\System\FgsVizb.exe
  C:\Windows\System\FgsVizb.exe
  2⤵
  PID:9248
- C:\Windows\System\ImkxOZo.exe
  C:\Windows\System\ImkxOZo.exe
  2⤵
  PID:9264
- C:\Windows\System\JzLcKLU.exe
  C:\Windows\System\JzLcKLU.exe
  2⤵
  PID:9280
- C:\Windows\System\pnztcis.exe
  C:\Windows\System\pnztcis.exe
  2⤵
  PID:9296
- C:\Windows\System\aDZtKiD.exe
  C:\Windows\System\aDZtKiD.exe
  2⤵
  PID:9312
- C:\Windows\System\mfVWJIo.exe
  C:\Windows\System\mfVWJIo.exe
  2⤵
  PID:9328
- C:\Windows\System\WClwwjl.exe
  C:\Windows\System\WClwwjl.exe
  2⤵
  PID:9352
- C:\Windows\System\YBiGFrk.exe
  C:\Windows\System\YBiGFrk.exe
  2⤵
  PID:9368
- C:\Windows\System\GgeHJHR.exe
  C:\Windows\System\GgeHJHR.exe
  2⤵
  PID:9384
- C:\Windows\System\hxnAUok.exe
  C:\Windows\System\hxnAUok.exe
  2⤵
  PID:9404
- C:\Windows\System\veKYeOE.exe
  C:\Windows\System\veKYeOE.exe
  2⤵
  PID:9420
- C:\Windows\System\fAefNJt.exe
  C:\Windows\System\fAefNJt.exe
  2⤵
  PID:9436
- C:\Windows\System\QeJhLVO.exe
  C:\Windows\System\QeJhLVO.exe
  2⤵
  PID:9456
- C:\Windows\System\iaYXiEo.exe
  C:\Windows\System\iaYXiEo.exe
  2⤵
  PID:9484
- C:\Windows\System\wSvvqbM.exe
  C:\Windows\System\wSvvqbM.exe
  2⤵
  PID:9528
- C:\Windows\System\ANDoapo.exe
  C:\Windows\System\ANDoapo.exe
  2⤵
  PID:9572
- C:\Windows\System\inlrViR.exe
  C:\Windows\System\inlrViR.exe
  2⤵
  PID:9600
- C:\Windows\System\JyXAVmq.exe
  C:\Windows\System\JyXAVmq.exe
  2⤵
  PID:9620
- C:\Windows\System\NRLtFnI.exe
  C:\Windows\System\NRLtFnI.exe
  2⤵
  PID:9636
- C:\Windows\System\KiciEBn.exe
  C:\Windows\System\KiciEBn.exe
  2⤵
  PID:9656
- C:\Windows\System\kRUwWYb.exe
  C:\Windows\System\kRUwWYb.exe
  2⤵
  PID:9672
- C:\Windows\System\nXYBkoD.exe
  C:\Windows\System\nXYBkoD.exe
  2⤵
  PID:9708
- C:\Windows\System\GvhYVgV.exe
  C:\Windows\System\GvhYVgV.exe
  2⤵
  PID:9732
- C:\Windows\System\JIzhiaH.exe
  C:\Windows\System\JIzhiaH.exe
  2⤵
  PID:9748
- C:\Windows\System\GxivMVf.exe
  C:\Windows\System\GxivMVf.exe
  2⤵
  PID:9776
- C:\Windows\System\eGRBHjE.exe
  C:\Windows\System\eGRBHjE.exe
  2⤵
  PID:9796
- C:\Windows\System\lsKUbEO.exe
  C:\Windows\System\lsKUbEO.exe
  2⤵
  PID:9812
- C:\Windows\System\FcDhAnU.exe
  C:\Windows\System\FcDhAnU.exe
  2⤵
  PID:9832
- C:\Windows\System\gFZNahr.exe
  C:\Windows\System\gFZNahr.exe
  2⤵
  PID:9856
- C:\Windows\System\SUUsKyl.exe
  C:\Windows\System\SUUsKyl.exe
  2⤵
  PID:9876
- C:\Windows\System\PwnZyfI.exe
  C:\Windows\System\PwnZyfI.exe
  2⤵
  PID:9892
- C:\Windows\System\MnTzZls.exe
  C:\Windows\System\MnTzZls.exe
  2⤵
  PID:9916
- C:\Windows\System\LlEMXFN.exe
  C:\Windows\System\LlEMXFN.exe
  2⤵
  PID:9936
- C:\Windows\System\uIZVBfG.exe
  C:\Windows\System\uIZVBfG.exe
  2⤵
  PID:9952
- C:\Windows\System\ZhJyyeN.exe
  C:\Windows\System\ZhJyyeN.exe
  2⤵
  PID:9980
- C:\Windows\System\MlvITSs.exe
  C:\Windows\System\MlvITSs.exe
  2⤵
  PID:10000
- C:\Windows\System\zxDOzrc.exe
  C:\Windows\System\zxDOzrc.exe
  2⤵
  PID:10020
- C:\Windows\System\JccvbQu.exe
  C:\Windows\System\JccvbQu.exe
  2⤵
  PID:10036
- C:\Windows\System\ARWHQpX.exe
  C:\Windows\System\ARWHQpX.exe
  2⤵
  PID:10060
- C:\Windows\System\IZsUxir.exe
  C:\Windows\System\IZsUxir.exe
  2⤵
  PID:10080
- C:\Windows\System\VMToTau.exe
  C:\Windows\System\VMToTau.exe
  2⤵
  PID:10100
- C:\Windows\System\bLtlBRb.exe
  C:\Windows\System\bLtlBRb.exe
  2⤵
  PID:10120
- C:\Windows\System\XYXHyyH.exe
  C:\Windows\System\XYXHyyH.exe
  2⤵
  PID:10136
- C:\Windows\System\oJwSffs.exe
  C:\Windows\System\oJwSffs.exe
  2⤵
  PID:10156
- C:\Windows\System\PuIjloM.exe
  C:\Windows\System\PuIjloM.exe
  2⤵
  PID:10172
- C:\Windows\System\ltMOEJY.exe
  C:\Windows\System\ltMOEJY.exe
  2⤵
  PID:10188
- C:\Windows\System\cRjwPKX.exe
  C:\Windows\System\cRjwPKX.exe
  2⤵
  PID:10204
- C:\Windows\System\LOZSrcz.exe
  C:\Windows\System\LOZSrcz.exe
  2⤵
  PID:10220
- C:\Windows\System\vdNFuNr.exe
  C:\Windows\System\vdNFuNr.exe
  2⤵
  PID:2516
- C:\Windows\System\lTBwLnh.exe
  C:\Windows\System\lTBwLnh.exe
  2⤵
  PID:9004
- C:\Windows\System\LhclFJM.exe
  C:\Windows\System\LhclFJM.exe
  2⤵
  PID:9256
- C:\Windows\System\NYGfMOE.exe
  C:\Windows\System\NYGfMOE.exe
  2⤵
  PID:9292
- C:\Windows\System\DVpWOAR.exe
  C:\Windows\System\DVpWOAR.exe
  2⤵
  PID:9244
- C:\Windows\System\xCVlKvt.exe
  C:\Windows\System\xCVlKvt.exe
  2⤵
  PID:8576
- C:\Windows\System\pmEgCxl.exe
  C:\Windows\System\pmEgCxl.exe
  2⤵
  PID:9380
- C:\Windows\System\NnoNqos.exe
  C:\Windows\System\NnoNqos.exe
  2⤵
  PID:9308
- C:\Windows\System\LAbmLnM.exe
  C:\Windows\System\LAbmLnM.exe
  2⤵
  PID:9276
- C:\Windows\System\WpdnrKk.exe
  C:\Windows\System\WpdnrKk.exe
  2⤵
  PID:9452
- C:\Windows\System\gKdrzsr.exe
  C:\Windows\System\gKdrzsr.exe
  2⤵
  PID:9464
- C:\Windows\System\hivHiDY.exe
  C:\Windows\System\hivHiDY.exe
  2⤵
  PID:9468
- C:\Windows\System\MQNpWPx.exe
  C:\Windows\System\MQNpWPx.exe
  2⤵
  PID:9508
- C:\Windows\System\Hiwkcaw.exe
  C:\Windows\System\Hiwkcaw.exe
  2⤵
  PID:9616
- C:\Windows\System\EinHKaO.exe
  C:\Windows\System\EinHKaO.exe
  2⤵
  PID:9648
- C:\Windows\System\kSBwoja.exe
  C:\Windows\System\kSBwoja.exe
  2⤵
  PID:9688
- C:\Windows\System\cSeaAXE.exe
  C:\Windows\System\cSeaAXE.exe
  2⤵
  PID:9716
- C:\Windows\System\BhGxqcP.exe
  C:\Windows\System\BhGxqcP.exe
  2⤵
  PID:9764
- C:\Windows\System\hjdLpfq.exe
  C:\Windows\System\hjdLpfq.exe
  2⤵
  PID:9744
- C:\Windows\System\qCKHgmB.exe
  C:\Windows\System\qCKHgmB.exe
  2⤵
  PID:9788
- C:\Windows\System\RwvmolI.exe
  C:\Windows\System\RwvmolI.exe
  2⤵
  PID:9844
- C:\Windows\System\vmzIuei.exe
  C:\Windows\System\vmzIuei.exe
  2⤵
  PID:9852
- C:\Windows\System\OazLJcr.exe
  C:\Windows\System\OazLJcr.exe
  2⤵
  PID:9868
- C:\Windows\System\unzmkme.exe
  C:\Windows\System\unzmkme.exe
  2⤵
  PID:9908
- C:\Windows\System\XlmZepP.exe
  C:\Windows\System\XlmZepP.exe
  2⤵
  PID:9944
- C:\Windows\System\bxEaeTF.exe
  C:\Windows\System\bxEaeTF.exe
  2⤵
  PID:9968
- C:\Windows\System\ECgVkaR.exe
  C:\Windows\System\ECgVkaR.exe
  2⤵
  PID:10012
- C:\Windows\System\CMYrsIn.exe
  C:\Windows\System\CMYrsIn.exe
  2⤵
  PID:10044
- C:\Windows\System\ANVRXqu.exe
  C:\Windows\System\ANVRXqu.exe
  2⤵
  PID:10088
- C:\Windows\System\pftPGIn.exe
  C:\Windows\System\pftPGIn.exe
  2⤵
  PID:10116
- C:\Windows\System\DteEFfD.exe
  C:\Windows\System\DteEFfD.exe
  2⤵
  PID:10200
- C:\Windows\System\XePAjrc.exe
  C:\Windows\System\XePAjrc.exe
  2⤵
  PID:9068
- C:\Windows\System\fFubAyr.exe
  C:\Windows\System\fFubAyr.exe
  2⤵
  PID:9364
- C:\Windows\System\neGosfp.exe
  C:\Windows\System\neGosfp.exe
  2⤵
  PID:9412
- C:\Windows\System\IElDHby.exe
  C:\Windows\System\IElDHby.exe
  2⤵
  PID:10232
- C:\Windows\System\QkBXMaE.exe
  C:\Windows\System\QkBXMaE.exe
  2⤵
  PID:9344
- C:\Windows\System\tIZygel.exe
  C:\Windows\System\tIZygel.exe
  2⤵
  PID:9524
- C:\Windows\System\AZkVQZg.exe
  C:\Windows\System\AZkVQZg.exe
  2⤵
  PID:9584
- C:\Windows\System\VnFaLRI.exe
  C:\Windows\System\VnFaLRI.exe
  2⤵
  PID:9588
- C:\Windows\System\wGtcAOE.exe
  C:\Windows\System\wGtcAOE.exe
  2⤵
  PID:9224
- C:\Windows\System\aiGaodU.exe
  C:\Windows\System\aiGaodU.exe
  2⤵
  PID:9720
- C:\Windows\System\ansoZhy.exe
  C:\Windows\System\ansoZhy.exe
  2⤵
  PID:9792
- C:\Windows\System\xmXjDLl.exe
  C:\Windows\System\xmXjDLl.exe
  2⤵
  PID:9904
- C:\Windows\System\JnWiOJX.exe
  C:\Windows\System\JnWiOJX.exe
  2⤵
  PID:9348
- C:\Windows\System\DfBrYyx.exe
  C:\Windows\System\DfBrYyx.exe
  2⤵
  PID:10032
- C:\Windows\System\LcbDTGI.exe
  C:\Windows\System\LcbDTGI.exe
  2⤵
  PID:9664
- C:\Windows\System\DnHihYf.exe
  C:\Windows\System\DnHihYf.exe
  2⤵
  PID:9928
- C:\Windows\System\GHOijfl.exe
  C:\Windows\System\GHOijfl.exe
  2⤵
  PID:10068
- C:\Windows\System\dqGSxYL.exe
  C:\Windows\System\dqGSxYL.exe
  2⤵
  PID:9884
- C:\Windows\System\nPXLJKu.exe
  C:\Windows\System\nPXLJKu.exe
  2⤵
  PID:10132
- C:\Windows\System\CmqZxQP.exe
  C:\Windows\System\CmqZxQP.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AwqzxGk.exe

Filesize
6.0MB

MD5
b621fb2df57c10d8a7f1852f952e5f24

SHA1
c13c50cbabf51e37cd4caa1941f6c39ac6fcf08a

SHA256
da88c1323f3cac885c591366473c3727778d698770035ef6222762725c90e930

SHA512
564e5261ab1e639c6b8fe68bb4cfdf7b08eb2c795d2d786a948aaa11493f74bcf2eed36d729b6b0393745c55078821f13f56b0802d01cde0b483f91c3f124fa5

Download Submit
C:\Windows\system\CSjstnx.exe

Filesize
6.0MB

MD5
745ae606f124bb457ec8f90333e60e20

SHA1
50d8444d594fd4b55f6af5071cf9feee478605ff

SHA256
8ec635bdd1c776f80ec422bae848d12a4a37f760cd5199e5160f612c48109ca6

SHA512
dd54f459a426b67f477010e2837c7421cf9e64b5bc0d0dd3dfb972d58782d68208cf0508c0f03488e81b9cfdb8079200da04af3997e825836ec5c8920ed5f8e9

Download Submit
C:\Windows\system\CsJMkQi.exe

Filesize
6.0MB

MD5
23395ce122a988c4b16219ba369deba0

SHA1
c9eb2ef96500d35da26e1cd085ffe2333fc22d9f

SHA256
3676f6732cf82aeaa5c3df3e333e1975fe48316ce89092babadf6e49f484bd41

SHA512
39c38b669961f4e53e8319399aecf9c30ca4722bff9f23479946944ff0c45d241d85169a3a9567dad7e64b88c37313003851771c8e67f3c541c44a28d2b5f705

Download Submit
C:\Windows\system\EThecsG.exe

Filesize
6.0MB

MD5
acb9c163c1d4abc91815750002ff850c

SHA1
50d685fff6cd5bd6ac22584a1c104ae4ebcbfe49

SHA256
feb44b87113c25cf4cd3d9a3e4a7840d6ef3ffc5f4e2175b29cac482f29c3de0

SHA512
ded6f5f917802eaf4a73c5e955274cbdacf6591a015d4d7e154be321ead3ed588cbd0fdf20e1bc62ed0bee9d11b0ee45c26de7740d21d99ddaf59e24bffb0d25

Download Submit
C:\Windows\system\LQjTqit.exe

Filesize
6.0MB

MD5
61898c97a76174d27adb4b31cee10d9e

SHA1
8f4dddb37ca42e5aad73e8ef921e5fec932ea5b9

SHA256
884ec6b3b939c626dc0dfa82130f5bbff6bd62a474b27801a5835acb3d723951

SHA512
90c9e1a694fea338a2402d5f34a57c8c88399de2bd4a104ef130de22c4936b65de608cfb927e957f846deaeb05cf0ca6c6a5a2fe502b550762390086d0021b44

Download Submit
C:\Windows\system\NvkGvTc.exe

Filesize
6.0MB

MD5
8a2aab7dd925c1800f4bc7e7a5f02d67

SHA1
8a447be64f4dcd9b02ffc69a249b2d3765f31c4c

SHA256
d69d714952dd5f7d1c97c2d770011eb2e4352497f1119918299b65ed34370fad

SHA512
8c0953212b82f7d42017d140c0a503551830b88c22ad1a1f847849f945586db3b4aae738940ebb8519871240b79f03ede53c326fa06cee472977d622ecf7c979

Download Submit
C:\Windows\system\PYvxQZX.exe

Filesize
6.0MB

MD5
90f3415f947d1764e63b0ef89fc6b1a9

SHA1
e0e8c3cd76a3bc913edf2275c8670e11ce126259

SHA256
5b90b77b30126171aa457559e18c55643d0b664baf5b050c165f31ad091081a5

SHA512
a7572787074e96a5e9249426cbc846f7e218b474b48f62c00235847fec2b2820c0754182e03742161f30ddfaa6c8ec4c4df90c5f72f0da393bc620c7e55ff204

Download Submit
C:\Windows\system\SZQILYE.exe

Filesize
6.0MB

MD5
fad0198e2ca06f8e49b502f619314dac

SHA1
8d75e11c58e131b57bd0bc15485065c26e1ae06b

SHA256
00b2cf4c33e5a189cf89dd0c277f77a8cb294adf56e06d155e9ceb6234df95c5

SHA512
e7465249f1690082a5710ebe3f45cd0a8b835bd6dd6791a516672937a15f3c5c67902626124750dc529c08693dceda41dfb496081a57e263f8b1afe4bbc23217

Download Submit
C:\Windows\system\ScNgJsv.exe

Filesize
6.0MB

MD5
64071fba004525aa0d7239669b0f9d5a

SHA1
04ab39748348cff6104e081ac327b405ace2b061

SHA256
6ce8a28dc2661accce168e0f97b13db41a8f41d0f58ddf63e4065eaf6d965188

SHA512
79ae5cb93ee7c8ba0144ee2fa1efab60fc0b137e5d2f85fdee1901d083849bb031cb5815b714fb325c22a4ad469808c0444622afc9e8ff3c0bb47a242716076e

Download Submit
C:\Windows\system\SpZGMOR.exe

Filesize
6.0MB

MD5
a453c120b0501e629c2909178e5c38d3

SHA1
6de2839673ba359cdf61d72e48bdc73711e3623d

SHA256
0683c6cf52f1621e779dea7f2a7a5ddc0f17654ebb5260fed257589eb736c6a1

SHA512
2a5e8625f9880db60cd222c19fd298cfdf3d55cf69609f9cfa3e3754245c0e6529a41ce9319dffd71a3d0658fead246e3827165efb2086fc07a28ee3fd808026

Download Submit
C:\Windows\system\TtHQFCZ.exe

Filesize
6.0MB

MD5
9fe9e43b6d86048181d2107666359522

SHA1
cbed7cb0f7064e2eb450ded3dafc45da9b9a299b

SHA256
cb330ce1f951a4134056215596bc0b26432b1b8ab337546aa94d90055e294930

SHA512
3f555b55128e05f381108ace385f43cfa808c7eec804517c5d665ea3b11be9f4db3e0a290b3e6fe02bcf2d816d60c69d145f0adfcf1268eb84886574a8a70f96

Download Submit
C:\Windows\system\UdyNsFk.exe

Filesize
6.0MB

MD5
810d09258566b5338162a8ef3535a853

SHA1
d958db1b4787752df234fc6c7c836b3608339ba2

SHA256
317a5bda6eefabfeb8a21f6babca1a2fb9d35a3df606e3a5af65813bb05d8a2b

SHA512
dc583b74c999d3db75d7e57f01a3d2d8cea20bd90060d27dd8ef063a87c64fe8503981b9370f28031b21abe140aef9d25908bba5297904529971b2a4a7e0be95

Download Submit
C:\Windows\system\XTouzgZ.exe

Filesize
6.0MB

MD5
ad5b239fee44e24d14cdfd95f79638e0

SHA1
639b630f9037a2ed10d62d03b9a7d9cfcebffc9f

SHA256
c4a45dfa7df4e82bd35cb30396a0b7ed4580cabbad31db6e348dee38c531627c

SHA512
d9a9bfd62c8b8033f3247d22c8ae6bdeae1c7155a9b67264750ec8bf8b3f761b4c5dc38f460561a13f71a0083478ff2d41657f2ce30244dc75818092d4532c6f

Download Submit
C:\Windows\system\cCkSEbL.exe

Filesize
6.0MB

MD5
848fec1ee90e9aeea29b25d869cd639a

SHA1
1ed9956d1cf1a2458aad451fb8c10e5fcc3200b3

SHA256
71522742e3d3f56130c478714f94203f2f5c3db9f8c8266f84df8cc5e33633bb

SHA512
4a72912b7f5213ee12c3ad7295ec8de162ba5f69e1cbfb694019561e888dededfc4b4e2b3541eaa2f80ec5821ceff2843dc8effa01a8136c3cef739d8a18bfaa

Download Submit
C:\Windows\system\dCKGrbk.exe

Filesize
6.0MB

MD5
256dfeeefd03cc117be97f9661f8ea56

SHA1
ab74b452fad8614b87915ad81ab58dcd0b07bbfa

SHA256
8559d59e6be45ad4d04b5bdb99c21e7a580a3bc264f7ae0b0fedbd11cc4db61d

SHA512
992c2b492d57195298f666e72b2096737e4de3c6495ec61e3b1a5e9c8d1fb72447b01ac722dd2e560b94eff449f59cd2083336b43c5586bd89fcd17493b819c4

Download Submit
C:\Windows\system\drIuZRJ.exe

Filesize
6.0MB

MD5
b7b118ac7ede0bb1fa693100c59686d9

SHA1
d3fd2412829e7af899b224ab9ec24d46a918dd3d

SHA256
34475089279540cb959bf8d36a2f74c97d9582983b396b124ad6dfbe47f9a85b

SHA512
6fb88e703c0ecaf3bd2139a2f2614ca87e9be2407f7aa9977e1534512567d9a117ab884537f617aec675e252a2395a4fc4c4c8763da181bee42cad7d3e0200ba

Download Submit
C:\Windows\system\fELbdAl.exe

Filesize
6.0MB

MD5
c50767d68e4b102c6f71868574fa3786

SHA1
0db9d4b559b5fa94de93119d5526c06fb953b9d4

SHA256
babe839c6372bcc146cc55846c73ac6f93ec02c1a3750135f4a85a4fdbb64e29

SHA512
b65f7e5c28c12e3ad4f461469e13c14dec3acd76ea94d4f5e9f0b47c1375f190e854f7a5f1558629630149df0c307865f59e9c2d5b54e6cb7fc99fde89b30c56

Download Submit
C:\Windows\system\hgeCIRY.exe

Filesize
6.0MB

MD5
18f19f1d3184c5a3b8c3b7095aeaabca

SHA1
924ea0ff35b3080bb7dc5b584f56cebbe2d6107a

SHA256
da7e88369850979f3a989d8a4878f575b0c230c46e706ffd6260c1df7eff5d88

SHA512
b4fc598ee531a663818273e8c2073b028553247ec543aa4a8d4571d3712c07f0267534ba64e7856a61b56042a64e5b37984dc7378a206b3eb392c5bad10f566b

Download Submit
C:\Windows\system\mMhCWYr.exe

Filesize
6.0MB

MD5
17ccd0d29a70246fad50e7a15f26328a

SHA1
a5223c319d2c77a3720275d84c0df908d8eb410d

SHA256
cea5e093131042113982abd97077c3bf868a2a5b485265a178497ffb532a7e69

SHA512
3ebae49a47ea8d0ca5b3e56004980fc7b219aa49382b3e88c20c7658a38c7988d0baadcadb12a4415a315016cb71cc652043087f704c8d62ee3ac570f94061e5

Download Submit
C:\Windows\system\odZCFLk.exe

Filesize
6.0MB

MD5
2aa0aacfad00150fc08c035f2d0ec524

SHA1
7d9ddec0702aa7f8d84c6790bb14b86357f963c5

SHA256
f8715723ef87116e8e8b02ff61abd7ce9ab4eef44b0f08b4b645b116198332f1

SHA512
c772a717b3fb6248cc88a530c7bdec611331fb513f7fdb0df784f8bfd74a6d3be0396270fbe87a8c59785dc436fddc297cbec4208c917f78282a2044e874564c

Download Submit
C:\Windows\system\pHOIFsq.exe

Filesize
6.0MB

MD5
ebd48f1ea0136f9468bd0df366c6aa09

SHA1
9870c88ef43111ad4999244699f29948d58be473

SHA256
98fee60debde8a75bb81080d58727377cbcadd32565af4d295d93965583af204

SHA512
53ff8a16c03ceebee7ce5cb616e358376613850ee8c18409db02623239d55f426cfbc8713396966c83c08e5f3f1c2e2aed5fc161d5d02103c23a16d3deb8aa96

Download Submit
C:\Windows\system\qmukdkI.exe

Filesize
6.0MB

MD5
72487f90d67940e51774147c4bcbfa6d

SHA1
0c05f0b8d6466dd5bfaead2ad98870b33d5948ce

SHA256
620da9c633a2552db57aa691e07205b8e4d077bbd01d41a1124a7127c4b56ce0

SHA512
7e918d5638d60153dd683451ca1b23da0340c7e108c552a7dcdce83e385673837411939988073d7a4261dcf00daf919f5c4345b24577e08d3f44206e45afe3db

Download Submit
C:\Windows\system\tPvsgSf.exe

Filesize
6.0MB

MD5
1dff5ea53f313462a68d42ea49399c40

SHA1
cfa40757697d9e03b86429a23dbb7b72ec329250

SHA256
043ee06a79f66169541b0888ed7357cf8a463fc3e3e69e5c228cf21caead6403

SHA512
7eb98f56961d067360f99bb4395c60316d09db8c65956ffafc713769bd9e9decb370c19a20f911f8714d68bf25157631e00ea79ca3b7ca13c36796319de2dcb1

Download Submit
C:\Windows\system\uJRhNck.exe

Filesize
6.0MB

MD5
ed97d00ee56b81b44cb1ccabec39a630

SHA1
eb2d7a053af98678dccebfa03398ab4b66611f6b

SHA256
a167c96977348a3130477fd9fd3d04751c73ec06fac962762507c6348e8c742b

SHA512
0b09f9b90d84003d6a5cb02b242d97d4ee9066525023640be6d1e968a79ebcc3858890534670e64ff95a9a27fa193d9a84155d402c91aa53671e353a97d1ccce

Download Submit
C:\Windows\system\xkqHGjy.exe

Filesize
6.0MB

MD5
e63be6514364155f6076a6a7a4bb94dd

SHA1
54d96631651eb04f2303e02ad78b9142720029b3

SHA256
e3c31d0536e74801fd2d5ae1f53ee7fedf49c12435585b678ba03cf8889d5c10

SHA512
d83d8633d6e62cdd158a52e4095629fc127d4e6c8e4bb0b0c96e33e449edde4676c1480bb8aaf85cd6723cc29000480d102cd85eb06d2d97f951bb6ffbd00b09

Download Submit
\Windows\system\DkXJaNC.exe

Filesize
6.0MB

MD5
f152cd03706e6ec9805af2f1765cad25

SHA1
b28792c740151e91e2fd30ab00ed3d12fb11e441

SHA256
bbfefc15c39a3ae8a6ff03704a6d3dfc7395932bdd5713fe1f37b0ea302e3820

SHA512
bd27fe69da14a908bfe90b67f5db5d0220056e823d9fd63110ccd094c7108471ea03804faf4dfee1e378944e3c40873bd1d6a9a1f832c27704c7d1f52328909d

Download Submit
\Windows\system\GIsZZRt.exe

Filesize
6.0MB

MD5
dfbe1d60dc3e76344638d5820d19f3ab

SHA1
d132883ddd10ab8a536730fa573a534171bb4dc6

SHA256
5691f3162e6122b832a2329a80cac2aeebfeaf74ef20f125893ade040090f749

SHA512
901ba037a5f1ff2f8e68f2bbdb9c7e61c4178f23169400e872b0f7d197dd78f33246e0274bbb69feda6b993c29301ae6e37f2227c67635feece968db71237e0c

Download Submit
\Windows\system\HyRjJeX.exe

Filesize
6.0MB

MD5
774fab86329133bfee79d5e6ab6f4ec1

SHA1
bca245792da46a9c6f6b1606270ab3847ecc4c5f

SHA256
047360391e56e46718686bf7edd7f7f34391aba9885f848b681c01dc3f70caa9

SHA512
ee55894bdaa72192616c6456a213e470c7d7ab23472ae9e01b1f3913bfdeebb0556c040b8d0469d86a2e6c16133d0d44e0490ec1e13c348974858b2b4942914b

Download Submit
\Windows\system\KTVqPFC.exe

Filesize
6.0MB

MD5
28f189858268a5be4a1cc5cf67473349

SHA1
bae062d8499a112d8f7b9d79afc10beb04c18730

SHA256
c47bffc271dc218415628196488449e93609c8563699409d0ed715fe227a069e

SHA512
78cb5857f9d921426725472068b4a19f6cf5c624241e3d30bfaa83bd7ab554d4e5340acda2662f8158e60c449e947938db60e1696661c46c0882d15e63bbc28f

Download Submit
\Windows\system\KlBxirc.exe

Filesize
6.0MB

MD5
cad8f43dfcd686aeb64243a77dae3488

SHA1
9d44a92c5080a816ea89d1d285f5ec29d196859d

SHA256
fd7f55f9f278ef7eafcc6fc27d90069106d911f9e14fd3296319a977499b40cb

SHA512
d91638292d6833ac6b78494d7a104e473fe6a84a99b73f3df657ef0ef90c644b80790a4d2c6ee29a72b0d5011564d287993c78a6514f72b2a6291aa4ea4687f2

Download Submit
\Windows\system\WFFeWsw.exe

Filesize
6.0MB

MD5
2564fcd59ecaec773803ca59427eb5c8

SHA1
73dfcbd86b516343841e0e8d8b0ebfb4a346db8c

SHA256
5fc1f1ebc15329a0d8573e0019f045d2ca41748234f6ba1b5b04df0c4d6462eb

SHA512
5988375d2e90f8c69654a3c8a46f4e98efa82a3450d454164f301075a7e9c0fec023dec93a342b229174d42cb516fb0470e166767bc907289c4aa98ed59104d7

Download Submit
\Windows\system\WSTTVNt.exe

Filesize
6.0MB

MD5
75d4191c3923e8b604b5916c16d55f7b

SHA1
7f4ba6c5e030d4bc778842f5a01a57d7207d7207

SHA256
39ad4f7031fdf63dadfc19a66d69c70c25e21af50798972668cd692365cb3649

SHA512
c8608aaa67e33a2bc6faa75e87f9748e617c64f5397e6402586ff0b721419dc52ac9ef538e121f2216b9e26111954ee5be9d0892791e89a21bd26122b446eda0

Download Submit
\Windows\system\WbRCuSf.exe

Filesize
6.0MB

MD5
bb3a2862ec5360d7cd5f8338e852b7af

SHA1
22843ad7d57d931887c1b5cf7ec30b1d165428f8

SHA256
6822508073ec73af95a468ab5ef5d883a75691bf9d1995b55627048ff9cb4621

SHA512
df2e65fa694c43d386547cf55dd1e7a9a4d5c6fc0daf747220f8d2ed0d14caecacf4125487e80265b31bf5c95dfd72e3244300941ef3a6787a12446c2172de6c

Download Submit
memory/980-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/980-4039-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-34-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1944-58-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-4041-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-14-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-86-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2116-4038-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2204-48-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2204-4008-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2204-8-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2404-941-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2404-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2404-4007-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-56-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-103-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-106-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-93-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/2440-91-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-110-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-270-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-12-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-50-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-78-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-35-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-24-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2440-70-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-708-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-21-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2440-65-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-940-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-38-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1125-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1285-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4001-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2568-22-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2640-488-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2640-79-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4004-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4003-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2648-66-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2664-71-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2664-271-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4040-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2736-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3957-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-57-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-51-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4006-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3989-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2920-49-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4005-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/3040-36-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download