cobaltstrike | 34036243c05948427b708675f402b67ef351052b99c554befb61ca82091f9531

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

10590637af61ca5888048403496353b7
SHA1

099e242cfba1d82a410a73292489166e36dd302b
SHA256

34036243c05948427b708675f402b67ef351052b99c554befb61ca82091f9531
SHA512

f8ca436ca7da77595966853fd6b28b3d21af82fc63334020bf2a77e4d3ff0eec1ac35476b0b3e89f7e82e358a7c1ff0de14da683d3fa7e7847f776fbbe665f79
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016645-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001686c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ac1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c95-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce1-36.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-50.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-71.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-6.dat	xmrig
behavioral1/files/0x0008000000016645-11.dat	xmrig
behavioral1/files/0x000800000001686c-12.dat	xmrig
behavioral1/files/0x0007000000016ac1-21.dat	xmrig
behavioral1/files/0x0008000000016c73-26.dat	xmrig
behavioral1/files/0x0007000000016c95-30.dat	xmrig
behavioral1/files/0x0007000000016ce1-36.dat	xmrig
behavioral1/files/0x00060000000174a6-50.dat	xmrig
behavioral1/files/0x0015000000018676-65.dat	xmrig
behavioral1/files/0x0006000000018c44-90.dat	xmrig
behavioral1/files/0x0005000000019259-128.dat	xmrig
behavioral1/memory/2116-1197-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-160.dat	xmrig
behavioral1/files/0x0005000000019377-157.dat	xmrig
behavioral1/files/0x000500000001929a-152.dat	xmrig
behavioral1/files/0x0005000000019319-150.dat	xmrig
behavioral1/files/0x0005000000019278-142.dat	xmrig
behavioral1/files/0x000500000001926c-135.dat	xmrig
behavioral1/files/0x0005000000019217-120.dat	xmrig
behavioral1/files/0x00050000000191d2-110.dat	xmrig
behavioral1/files/0x0005000000019387-161.dat	xmrig
behavioral1/files/0x0005000000019275-141.dat	xmrig
behavioral1/files/0x0005000000019268-133.dat	xmrig
behavioral1/files/0x0005000000019240-125.dat	xmrig
behavioral1/files/0x00050000000191f6-115.dat	xmrig
behavioral1/files/0x00060000000190e1-105.dat	xmrig
behavioral1/files/0x000600000001904c-100.dat	xmrig
behavioral1/files/0x0006000000018f65-95.dat	xmrig
behavioral1/files/0x0006000000018c34-85.dat	xmrig
behavioral1/files/0x00050000000187a2-80.dat	xmrig
behavioral1/files/0x0005000000018697-75.dat	xmrig
behavioral1/files/0x0005000000018696-71.dat	xmrig
behavioral1/files/0x000600000001757f-60.dat	xmrig
behavioral1/files/0x00060000000174c3-55.dat	xmrig
behavioral1/files/0x0008000000016d47-45.dat	xmrig
behavioral1/files/0x0007000000016d0d-41.dat	xmrig
behavioral1/memory/2720-1228-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1472-1226-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/864-1224-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/1232-1222-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2108-1220-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2644-1218-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2584-1216-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2624-1214-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2116-1213-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2708-1212-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2756-1210-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2688-1208-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2704-1206-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2340-1204-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2840-1202-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2116-2090-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2116-2153-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2116-2160-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2116-2181-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2116-2194-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2116-2201-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2116-2202-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2116-2244-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2116-2237-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2116-2208-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2688-3334-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2756-3333-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2720	RqdSnmK.exe
2840	BuPLSfs.exe
2340	LChLIkL.exe
2704	PvEzVnU.exe
2688	IYHWmGa.exe
2756	sQsHTae.exe
2708	EwGKwZL.exe
2624	bTsdzLE.exe
2584	zluxBiy.exe
2644	oLdDaHO.exe
2108	TWCjiJE.exe
1232	KFakJSn.exe
864	VqrlxSu.exe
1472	BZfLpYX.exe
3024	icCDhdU.exe
2356	jkJfDrj.exe
2936	gLWRfAV.exe
2896	UvqcfbA.exe
1100	GHRkgBl.exe
908	TZQsnvw.exe
1660	mbAecpm.exe
1972	HeSmDVI.exe
1208	ogkuatP.exe
2360	hfwRRCU.exe
1128	LlnKnhK.exe
2176	npkkdFd.exe
2496	cimSmzp.exe
1792	veIbvhS.exe
1596	WiDgzNi.exe
1180	QyiNFlo.exe
2404	TynwzMM.exe
2532	pYVsyLA.exe
1528	UfmuiTb.exe
1676	WtNXmGI.exe
1848	BLUxLVm.exe
3040	GsxiYvg.exe
2128	EYNhYPH.exe
2552	nBUwVsg.exe
2148	dRAAnkA.exe
1388	CHitxrL.exe
2784	BSvKDCN.exe
1876	IDOinca.exe
944	wnDFYuc.exe
1752	mkrqhcy.exe
2396	lWzyKxS.exe
2308	iCltvov.exe
1704	TfUzpSt.exe
284	wWCLgJF.exe
2420	TwYDCaD.exe
1640	TGzuBjN.exe
2328	UuAaTvk.exe
980	IoUcnAU.exe
880	qZHUWnu.exe
3068	JmCqRZG.exe
2252	dYezJns.exe
1576	rDiOdWs.exe
1572	qqEoqsR.exe
2856	NqbzOfw.exe
2696	ZqoodQx.exe
1328	ZFyZzwL.exe
2352	vlwsbrY.exe
2612	eImjfpN.exe
1628	yfRJjcA.exe
2740	kWzsbRO.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0005000000010300-6.dat	upx
behavioral1/files/0x0008000000016645-11.dat	upx
behavioral1/files/0x000800000001686c-12.dat	upx
behavioral1/files/0x0007000000016ac1-21.dat	upx
behavioral1/files/0x0008000000016c73-26.dat	upx
behavioral1/files/0x0007000000016c95-30.dat	upx
behavioral1/files/0x0007000000016ce1-36.dat	upx
behavioral1/files/0x00060000000174a6-50.dat	upx
behavioral1/files/0x0015000000018676-65.dat	upx
behavioral1/files/0x0006000000018c44-90.dat	upx
behavioral1/files/0x0005000000019259-128.dat	upx
behavioral1/files/0x0005000000019365-160.dat	upx
behavioral1/files/0x0005000000019377-157.dat	upx
behavioral1/files/0x000500000001929a-152.dat	upx
behavioral1/files/0x0005000000019319-150.dat	upx
behavioral1/files/0x0005000000019278-142.dat	upx
behavioral1/files/0x000500000001926c-135.dat	upx
behavioral1/files/0x0005000000019217-120.dat	upx
behavioral1/files/0x00050000000191d2-110.dat	upx
behavioral1/files/0x0005000000019387-161.dat	upx
behavioral1/files/0x0005000000019275-141.dat	upx
behavioral1/files/0x0005000000019268-133.dat	upx
behavioral1/files/0x0005000000019240-125.dat	upx
behavioral1/files/0x00050000000191f6-115.dat	upx
behavioral1/files/0x00060000000190e1-105.dat	upx
behavioral1/files/0x000600000001904c-100.dat	upx
behavioral1/files/0x0006000000018f65-95.dat	upx
behavioral1/files/0x0006000000018c34-85.dat	upx
behavioral1/files/0x00050000000187a2-80.dat	upx
behavioral1/files/0x0005000000018697-75.dat	upx
behavioral1/files/0x0005000000018696-71.dat	upx
behavioral1/files/0x000600000001757f-60.dat	upx
behavioral1/files/0x00060000000174c3-55.dat	upx
behavioral1/files/0x0008000000016d47-45.dat	upx
behavioral1/files/0x0007000000016d0d-41.dat	upx
behavioral1/memory/2720-1228-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1472-1226-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/864-1224-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/1232-1222-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2108-1220-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2644-1218-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2584-1216-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2624-1214-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2708-1212-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2756-1210-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2688-1208-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2704-1206-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2340-1204-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2840-1202-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2116-2090-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2688-3334-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2756-3333-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2840-3355-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2704-3378-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1232-4013-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2644-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2340-4132-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2720-4119-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/864-4112-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2108-4108-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2584-4105-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2708-4103-0x000000013F410000-0x000000013F764000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oBEMxOZ.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEgHBpa.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbcePnd.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQPwwFS.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSJldGN.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNQUMGY.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEogCNu.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltAHRQT.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrNcdSs.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jghcLWB.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMLyJft.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtAgpKc.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUGyoHH.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLTrhXQ.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCDjBnm.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHZGjYN.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnhXJsK.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAaetdH.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwMpdtN.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQmiTdG.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHhNIJr.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEblImr.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQHZcav.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idLPjMb.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLNhgbn.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifioehW.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdRLSlj.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgZxJqR.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLciMcf.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNTAYNY.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejtDRZw.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmlHAVy.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NziMLyB.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnnLFZv.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDUwOmU.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPxDlfz.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucMLpiB.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inAFueu.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcobcDE.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPOVkle.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVRJcaL.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNActMN.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTTxcoi.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWASuLq.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSnqjFz.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCCZLDg.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUXFwZI.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wubcKSU.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DttgoKX.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkSjnqf.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYezJns.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuZTWZo.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKdcFGA.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRxzEwV.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbGOlhS.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGWOeFd.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTJdgho.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzJFaCs.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMRHPmN.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGNTSwi.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiNlpbz.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcyobXv.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEcYrBo.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYwZKSQ.exe	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2720	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2720	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2720	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2116 wrote to memory of 2840	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2840	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2840	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2116 wrote to memory of 2340	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2340	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2340	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2116 wrote to memory of 2704	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2704	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2704	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2116 wrote to memory of 2688	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2688	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2688	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2116 wrote to memory of 2756	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2756	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2756	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2116 wrote to memory of 2708	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2708	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2708	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2116 wrote to memory of 2624	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2624	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2624	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2116 wrote to memory of 2584	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2584	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2584	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2116 wrote to memory of 2644	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2644	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2644	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2116 wrote to memory of 2108	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2108	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 2108	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2116 wrote to memory of 1232	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 1232	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 1232	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2116 wrote to memory of 864	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 864	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 864	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2116 wrote to memory of 1472	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 1472	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 1472	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2116 wrote to memory of 3024	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 3024	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 3024	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2116 wrote to memory of 2356	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 2356	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 2356	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2116 wrote to memory of 2936	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 2936	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 2936	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2116 wrote to memory of 2896	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2896	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 2896	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2116 wrote to memory of 1100	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 1100	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 1100	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2116 wrote to memory of 908	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 908	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 908	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2116 wrote to memory of 1660	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 1660	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 1660	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2116 wrote to memory of 1972	2116	2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_10590637af61ca5888048403496353b7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System\RqdSnmK.exe
  C:\Windows\System\RqdSnmK.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\BuPLSfs.exe
  C:\Windows\System\BuPLSfs.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\LChLIkL.exe
  C:\Windows\System\LChLIkL.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\PvEzVnU.exe
  C:\Windows\System\PvEzVnU.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\IYHWmGa.exe
  C:\Windows\System\IYHWmGa.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\sQsHTae.exe
  C:\Windows\System\sQsHTae.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\EwGKwZL.exe
  C:\Windows\System\EwGKwZL.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\bTsdzLE.exe
  C:\Windows\System\bTsdzLE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\zluxBiy.exe
  C:\Windows\System\zluxBiy.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\oLdDaHO.exe
  C:\Windows\System\oLdDaHO.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\TWCjiJE.exe
  C:\Windows\System\TWCjiJE.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\KFakJSn.exe
  C:\Windows\System\KFakJSn.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\VqrlxSu.exe
  C:\Windows\System\VqrlxSu.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\BZfLpYX.exe
  C:\Windows\System\BZfLpYX.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\icCDhdU.exe
  C:\Windows\System\icCDhdU.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\jkJfDrj.exe
  C:\Windows\System\jkJfDrj.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\gLWRfAV.exe
  C:\Windows\System\gLWRfAV.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\UvqcfbA.exe
  C:\Windows\System\UvqcfbA.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\GHRkgBl.exe
  C:\Windows\System\GHRkgBl.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\TZQsnvw.exe
  C:\Windows\System\TZQsnvw.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\mbAecpm.exe
  C:\Windows\System\mbAecpm.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\HeSmDVI.exe
  C:\Windows\System\HeSmDVI.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ogkuatP.exe
  C:\Windows\System\ogkuatP.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\hfwRRCU.exe
  C:\Windows\System\hfwRRCU.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\LlnKnhK.exe
  C:\Windows\System\LlnKnhK.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\EYNhYPH.exe
  C:\Windows\System\EYNhYPH.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\npkkdFd.exe
  C:\Windows\System\npkkdFd.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\dRAAnkA.exe
  C:\Windows\System\dRAAnkA.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cimSmzp.exe
  C:\Windows\System\cimSmzp.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\CHitxrL.exe
  C:\Windows\System\CHitxrL.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\veIbvhS.exe
  C:\Windows\System\veIbvhS.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\BSvKDCN.exe
  C:\Windows\System\BSvKDCN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\WiDgzNi.exe
  C:\Windows\System\WiDgzNi.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\IDOinca.exe
  C:\Windows\System\IDOinca.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\QyiNFlo.exe
  C:\Windows\System\QyiNFlo.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\wnDFYuc.exe
  C:\Windows\System\wnDFYuc.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\TynwzMM.exe
  C:\Windows\System\TynwzMM.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mkrqhcy.exe
  C:\Windows\System\mkrqhcy.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pYVsyLA.exe
  C:\Windows\System\pYVsyLA.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\lWzyKxS.exe
  C:\Windows\System\lWzyKxS.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\UfmuiTb.exe
  C:\Windows\System\UfmuiTb.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\iCltvov.exe
  C:\Windows\System\iCltvov.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\WtNXmGI.exe
  C:\Windows\System\WtNXmGI.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\TfUzpSt.exe
  C:\Windows\System\TfUzpSt.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\BLUxLVm.exe
  C:\Windows\System\BLUxLVm.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\TwYDCaD.exe
  C:\Windows\System\TwYDCaD.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\GsxiYvg.exe
  C:\Windows\System\GsxiYvg.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\TGzuBjN.exe
  C:\Windows\System\TGzuBjN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\nBUwVsg.exe
  C:\Windows\System\nBUwVsg.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\UuAaTvk.exe
  C:\Windows\System\UuAaTvk.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\wWCLgJF.exe
  C:\Windows\System\wWCLgJF.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\IoUcnAU.exe
  C:\Windows\System\IoUcnAU.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\qZHUWnu.exe
  C:\Windows\System\qZHUWnu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\JmCqRZG.exe
  C:\Windows\System\JmCqRZG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\dYezJns.exe
  C:\Windows\System\dYezJns.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\rDiOdWs.exe
  C:\Windows\System\rDiOdWs.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\qqEoqsR.exe
  C:\Windows\System\qqEoqsR.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\NqbzOfw.exe
  C:\Windows\System\NqbzOfw.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZqoodQx.exe
  C:\Windows\System\ZqoodQx.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\vlwsbrY.exe
  C:\Windows\System\vlwsbrY.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZFyZzwL.exe
  C:\Windows\System\ZFyZzwL.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\kWzsbRO.exe
  C:\Windows\System\kWzsbRO.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\eImjfpN.exe
  C:\Windows\System\eImjfpN.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\KvvDbJZ.exe
  C:\Windows\System\KvvDbJZ.exe
  2⤵
  PID:2384
- C:\Windows\System\yfRJjcA.exe
  C:\Windows\System\yfRJjcA.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\tloAqeJ.exe
  C:\Windows\System\tloAqeJ.exe
  2⤵
  PID:3028
- C:\Windows\System\bzxDned.exe
  C:\Windows\System\bzxDned.exe
  2⤵
  PID:2284
- C:\Windows\System\JnnLFZv.exe
  C:\Windows\System\JnnLFZv.exe
  2⤵
  PID:2064
- C:\Windows\System\JESgcKS.exe
  C:\Windows\System\JESgcKS.exe
  2⤵
  PID:2456
- C:\Windows\System\bDUwOmU.exe
  C:\Windows\System\bDUwOmU.exe
  2⤵
  PID:2028
- C:\Windows\System\ZDKIFgL.exe
  C:\Windows\System\ZDKIFgL.exe
  2⤵
  PID:2484
- C:\Windows\System\yDWRIij.exe
  C:\Windows\System\yDWRIij.exe
  2⤵
  PID:836
- C:\Windows\System\hHnjhmQ.exe
  C:\Windows\System\hHnjhmQ.exe
  2⤵
  PID:1956
- C:\Windows\System\vjFAGoq.exe
  C:\Windows\System\vjFAGoq.exe
  2⤵
  PID:1308
- C:\Windows\System\TyaKduw.exe
  C:\Windows\System\TyaKduw.exe
  2⤵
  PID:1732
- C:\Windows\System\eEJkEeZ.exe
  C:\Windows\System\eEJkEeZ.exe
  2⤵
  PID:1724
- C:\Windows\System\HkkIzQb.exe
  C:\Windows\System\HkkIzQb.exe
  2⤵
  PID:1496
- C:\Windows\System\mzOjSln.exe
  C:\Windows\System\mzOjSln.exe
  2⤵
  PID:2504
- C:\Windows\System\cidyYLx.exe
  C:\Windows\System\cidyYLx.exe
  2⤵
  PID:976
- C:\Windows\System\XBxHGkS.exe
  C:\Windows\System\XBxHGkS.exe
  2⤵
  PID:2112
- C:\Windows\System\NWLIHHj.exe
  C:\Windows\System\NWLIHHj.exe
  2⤵
  PID:948
- C:\Windows\System\MXaJRxg.exe
  C:\Windows\System\MXaJRxg.exe
  2⤵
  PID:2960
- C:\Windows\System\rXrcLzA.exe
  C:\Windows\System\rXrcLzA.exe
  2⤵
  PID:584
- C:\Windows\System\gwLSMgU.exe
  C:\Windows\System\gwLSMgU.exe
  2⤵
  PID:1712
- C:\Windows\System\BsiHPCv.exe
  C:\Windows\System\BsiHPCv.exe
  2⤵
  PID:1552
- C:\Windows\System\MNActMN.exe
  C:\Windows\System\MNActMN.exe
  2⤵
  PID:1612
- C:\Windows\System\ftSpseY.exe
  C:\Windows\System\ftSpseY.exe
  2⤵
  PID:2104
- C:\Windows\System\slCuLLA.exe
  C:\Windows\System\slCuLLA.exe
  2⤵
  PID:1744
- C:\Windows\System\TaBkjnl.exe
  C:\Windows\System\TaBkjnl.exe
  2⤵
  PID:2172
- C:\Windows\System\ATywUjW.exe
  C:\Windows\System\ATywUjW.exe
  2⤵
  PID:1872
- C:\Windows\System\DcxUzNs.exe
  C:\Windows\System\DcxUzNs.exe
  2⤵
  PID:2716
- C:\Windows\System\Dailzrv.exe
  C:\Windows\System\Dailzrv.exe
  2⤵
  PID:1688
- C:\Windows\System\qePiCfA.exe
  C:\Windows\System\qePiCfA.exe
  2⤵
  PID:1804
- C:\Windows\System\NwgynDb.exe
  C:\Windows\System\NwgynDb.exe
  2⤵
  PID:2080
- C:\Windows\System\BdIKlFL.exe
  C:\Windows\System\BdIKlFL.exe
  2⤵
  PID:1476
- C:\Windows\System\AwRSnPZ.exe
  C:\Windows\System\AwRSnPZ.exe
  2⤵
  PID:2868
- C:\Windows\System\SQbxhcp.exe
  C:\Windows\System\SQbxhcp.exe
  2⤵
  PID:2100
- C:\Windows\System\paothRF.exe
  C:\Windows\System\paothRF.exe
  2⤵
  PID:668
- C:\Windows\System\NIkVSRk.exe
  C:\Windows\System\NIkVSRk.exe
  2⤵
  PID:2000
- C:\Windows\System\CbvrpcA.exe
  C:\Windows\System\CbvrpcA.exe
  2⤵
  PID:1928
- C:\Windows\System\bCSLJIs.exe
  C:\Windows\System\bCSLJIs.exe
  2⤵
  PID:752
- C:\Windows\System\dSIulJE.exe
  C:\Windows\System\dSIulJE.exe
  2⤵
  PID:1516
- C:\Windows\System\FhLvSMc.exe
  C:\Windows\System\FhLvSMc.exe
  2⤵
  PID:1824
- C:\Windows\System\pfCNdaX.exe
  C:\Windows\System\pfCNdaX.exe
  2⤵
  PID:2016
- C:\Windows\System\okhYMdo.exe
  C:\Windows\System\okhYMdo.exe
  2⤵
  PID:1988
- C:\Windows\System\MNJQjRo.exe
  C:\Windows\System\MNJQjRo.exe
  2⤵
  PID:2368
- C:\Windows\System\xskkhHl.exe
  C:\Windows\System\xskkhHl.exe
  2⤵
  PID:1784
- C:\Windows\System\skSErCO.exe
  C:\Windows\System\skSErCO.exe
  2⤵
  PID:1756
- C:\Windows\System\AKWwrpR.exe
  C:\Windows\System\AKWwrpR.exe
  2⤵
  PID:2268
- C:\Windows\System\akafKam.exe
  C:\Windows\System\akafKam.exe
  2⤵
  PID:2476
- C:\Windows\System\IOADEGs.exe
  C:\Windows\System\IOADEGs.exe
  2⤵
  PID:2712
- C:\Windows\System\CqakMns.exe
  C:\Windows\System\CqakMns.exe
  2⤵
  PID:992
- C:\Windows\System\lslZFdr.exe
  C:\Windows\System\lslZFdr.exe
  2⤵
  PID:2908
- C:\Windows\System\UqOWqSu.exe
  C:\Windows\System\UqOWqSu.exe
  2⤵
  PID:1880
- C:\Windows\System\zbSCVci.exe
  C:\Windows\System\zbSCVci.exe
  2⤵
  PID:2572
- C:\Windows\System\FrjVOuO.exe
  C:\Windows\System\FrjVOuO.exe
  2⤵
  PID:2204
- C:\Windows\System\kFUvSoL.exe
  C:\Windows\System\kFUvSoL.exe
  2⤵
  PID:1004
- C:\Windows\System\NiwqtoN.exe
  C:\Windows\System\NiwqtoN.exe
  2⤵
  PID:984
- C:\Windows\System\aCrzGnY.exe
  C:\Windows\System\aCrzGnY.exe
  2⤵
  PID:1672
- C:\Windows\System\TmlleNn.exe
  C:\Windows\System\TmlleNn.exe
  2⤵
  PID:1728
- C:\Windows\System\QYJvNlv.exe
  C:\Windows\System\QYJvNlv.exe
  2⤵
  PID:3076
- C:\Windows\System\gLTrhXQ.exe
  C:\Windows\System\gLTrhXQ.exe
  2⤵
  PID:3092
- C:\Windows\System\MfZSzIG.exe
  C:\Windows\System\MfZSzIG.exe
  2⤵
  PID:3116
- C:\Windows\System\vEEiCQy.exe
  C:\Windows\System\vEEiCQy.exe
  2⤵
  PID:3132
- C:\Windows\System\ECtVEqR.exe
  C:\Windows\System\ECtVEqR.exe
  2⤵
  PID:3156
- C:\Windows\System\NtDdwAa.exe
  C:\Windows\System\NtDdwAa.exe
  2⤵
  PID:3176
- C:\Windows\System\tTWteZg.exe
  C:\Windows\System\tTWteZg.exe
  2⤵
  PID:3192
- C:\Windows\System\jghcLWB.exe
  C:\Windows\System\jghcLWB.exe
  2⤵
  PID:3212
- C:\Windows\System\GcSlBMG.exe
  C:\Windows\System\GcSlBMG.exe
  2⤵
  PID:3232
- C:\Windows\System\TlnSNFL.exe
  C:\Windows\System\TlnSNFL.exe
  2⤵
  PID:3256
- C:\Windows\System\uORHWAE.exe
  C:\Windows\System\uORHWAE.exe
  2⤵
  PID:3272
- C:\Windows\System\XHHnrEI.exe
  C:\Windows\System\XHHnrEI.exe
  2⤵
  PID:3292
- C:\Windows\System\fCkNeOb.exe
  C:\Windows\System\fCkNeOb.exe
  2⤵
  PID:3316
- C:\Windows\System\fFpSbZA.exe
  C:\Windows\System\fFpSbZA.exe
  2⤵
  PID:3332
- C:\Windows\System\fRELkcO.exe
  C:\Windows\System\fRELkcO.exe
  2⤵
  PID:3352
- C:\Windows\System\cpbfhRu.exe
  C:\Windows\System\cpbfhRu.exe
  2⤵
  PID:3376
- C:\Windows\System\cWUlnjl.exe
  C:\Windows\System\cWUlnjl.exe
  2⤵
  PID:3392
- C:\Windows\System\AUMcmtb.exe
  C:\Windows\System\AUMcmtb.exe
  2⤵
  PID:3416
- C:\Windows\System\UchshLy.exe
  C:\Windows\System\UchshLy.exe
  2⤵
  PID:3432
- C:\Windows\System\SmZFloO.exe
  C:\Windows\System\SmZFloO.exe
  2⤵
  PID:3456
- C:\Windows\System\sRMTIqV.exe
  C:\Windows\System\sRMTIqV.exe
  2⤵
  PID:3476
- C:\Windows\System\DeDbiMm.exe
  C:\Windows\System\DeDbiMm.exe
  2⤵
  PID:3492
- C:\Windows\System\ubYmxDm.exe
  C:\Windows\System\ubYmxDm.exe
  2⤵
  PID:3516
- C:\Windows\System\lZrmZYx.exe
  C:\Windows\System\lZrmZYx.exe
  2⤵
  PID:3532
- C:\Windows\System\roeHslI.exe
  C:\Windows\System\roeHslI.exe
  2⤵
  PID:3548
- C:\Windows\System\JACkayk.exe
  C:\Windows\System\JACkayk.exe
  2⤵
  PID:3572
- C:\Windows\System\oadVGJX.exe
  C:\Windows\System\oadVGJX.exe
  2⤵
  PID:3596
- C:\Windows\System\oDGlQTw.exe
  C:\Windows\System\oDGlQTw.exe
  2⤵
  PID:3612
- C:\Windows\System\LTSEezy.exe
  C:\Windows\System\LTSEezy.exe
  2⤵
  PID:3632
- C:\Windows\System\lEyWKPV.exe
  C:\Windows\System\lEyWKPV.exe
  2⤵
  PID:3656
- C:\Windows\System\PBGajVM.exe
  C:\Windows\System\PBGajVM.exe
  2⤵
  PID:3672
- C:\Windows\System\wAbJCka.exe
  C:\Windows\System\wAbJCka.exe
  2⤵
  PID:3688
- C:\Windows\System\QmdIFKL.exe
  C:\Windows\System\QmdIFKL.exe
  2⤵
  PID:3708
- C:\Windows\System\GvWBXfS.exe
  C:\Windows\System\GvWBXfS.exe
  2⤵
  PID:3732
- C:\Windows\System\JYAkhBx.exe
  C:\Windows\System\JYAkhBx.exe
  2⤵
  PID:3748
- C:\Windows\System\oOgbofZ.exe
  C:\Windows\System\oOgbofZ.exe
  2⤵
  PID:3776
- C:\Windows\System\zwftFHl.exe
  C:\Windows\System\zwftFHl.exe
  2⤵
  PID:3796
- C:\Windows\System\gsjzvwv.exe
  C:\Windows\System\gsjzvwv.exe
  2⤵
  PID:3812
- C:\Windows\System\AENWmWU.exe
  C:\Windows\System\AENWmWU.exe
  2⤵
  PID:3832
- C:\Windows\System\dPCUbQS.exe
  C:\Windows\System\dPCUbQS.exe
  2⤵
  PID:3856
- C:\Windows\System\CxpjkBM.exe
  C:\Windows\System\CxpjkBM.exe
  2⤵
  PID:3872
- C:\Windows\System\zDNnWSO.exe
  C:\Windows\System\zDNnWSO.exe
  2⤵
  PID:3888
- C:\Windows\System\pcZwnwq.exe
  C:\Windows\System\pcZwnwq.exe
  2⤵
  PID:3912
- C:\Windows\System\UnQyYwY.exe
  C:\Windows\System\UnQyYwY.exe
  2⤵
  PID:3932
- C:\Windows\System\xTTxcoi.exe
  C:\Windows\System\xTTxcoi.exe
  2⤵
  PID:3952
- C:\Windows\System\RQmiTdG.exe
  C:\Windows\System\RQmiTdG.exe
  2⤵
  PID:3976
- C:\Windows\System\gFjGUsf.exe
  C:\Windows\System\gFjGUsf.exe
  2⤵
  PID:3996
- C:\Windows\System\TmFKcml.exe
  C:\Windows\System\TmFKcml.exe
  2⤵
  PID:4016
- C:\Windows\System\ZsRWJJV.exe
  C:\Windows\System\ZsRWJJV.exe
  2⤵
  PID:4036
- C:\Windows\System\ohsdzWZ.exe
  C:\Windows\System\ohsdzWZ.exe
  2⤵
  PID:4056
- C:\Windows\System\dsXXowD.exe
  C:\Windows\System\dsXXowD.exe
  2⤵
  PID:4076
- C:\Windows\System\GEMdsLv.exe
  C:\Windows\System\GEMdsLv.exe
  2⤵
  PID:4092
- C:\Windows\System\abMtiBu.exe
  C:\Windows\System\abMtiBu.exe
  2⤵
  PID:2428
- C:\Windows\System\dktLhQx.exe
  C:\Windows\System\dktLhQx.exe
  2⤵
  PID:1608
- C:\Windows\System\VzoVSza.exe
  C:\Windows\System\VzoVSza.exe
  2⤵
  PID:860
- C:\Windows\System\rQwsQmN.exe
  C:\Windows\System\rQwsQmN.exe
  2⤵
  PID:2576
- C:\Windows\System\iqEXoPS.exe
  C:\Windows\System\iqEXoPS.exe
  2⤵
  PID:2088
- C:\Windows\System\egeJGxl.exe
  C:\Windows\System\egeJGxl.exe
  2⤵
  PID:1852
- C:\Windows\System\AvxbmoI.exe
  C:\Windows\System\AvxbmoI.exe
  2⤵
  PID:1068
- C:\Windows\System\SRzWrJj.exe
  C:\Windows\System\SRzWrJj.exe
  2⤵
  PID:300
- C:\Windows\System\pCIpxcC.exe
  C:\Windows\System\pCIpxcC.exe
  2⤵
  PID:2440
- C:\Windows\System\KpbLvVi.exe
  C:\Windows\System\KpbLvVi.exe
  2⤵
  PID:3100
- C:\Windows\System\AMlExwM.exe
  C:\Windows\System\AMlExwM.exe
  2⤵
  PID:3172
- C:\Windows\System\MfLfbgn.exe
  C:\Windows\System\MfLfbgn.exe
  2⤵
  PID:3188
- C:\Windows\System\PjwfPPE.exe
  C:\Windows\System\PjwfPPE.exe
  2⤵
  PID:3240
- C:\Windows\System\leXCxLl.exe
  C:\Windows\System\leXCxLl.exe
  2⤵
  PID:3228
- C:\Windows\System\NGQLpwb.exe
  C:\Windows\System\NGQLpwb.exe
  2⤵
  PID:3288
- C:\Windows\System\HqFEeIn.exe
  C:\Windows\System\HqFEeIn.exe
  2⤵
  PID:3312
- C:\Windows\System\twazmsg.exe
  C:\Windows\System\twazmsg.exe
  2⤵
  PID:3340
- C:\Windows\System\OztPLIu.exe
  C:\Windows\System\OztPLIu.exe
  2⤵
  PID:3408
- C:\Windows\System\LJjnkky.exe
  C:\Windows\System\LJjnkky.exe
  2⤵
  PID:3452
- C:\Windows\System\bmlEfSb.exe
  C:\Windows\System\bmlEfSb.exe
  2⤵
  PID:3424
- C:\Windows\System\bpwVldq.exe
  C:\Windows\System\bpwVldq.exe
  2⤵
  PID:3488
- C:\Windows\System\HaCMJAK.exe
  C:\Windows\System\HaCMJAK.exe
  2⤵
  PID:3556
- C:\Windows\System\eLIIhtt.exe
  C:\Windows\System\eLIIhtt.exe
  2⤵
  PID:3604
- C:\Windows\System\JLBMHFe.exe
  C:\Windows\System\JLBMHFe.exe
  2⤵
  PID:3608
- C:\Windows\System\QahENFp.exe
  C:\Windows\System\QahENFp.exe
  2⤵
  PID:3544
- C:\Windows\System\fbfhWpL.exe
  C:\Windows\System\fbfhWpL.exe
  2⤵
  PID:3584
- C:\Windows\System\YzSrWGJ.exe
  C:\Windows\System\YzSrWGJ.exe
  2⤵
  PID:3620
- C:\Windows\System\XBEECPi.exe
  C:\Windows\System\XBEECPi.exe
  2⤵
  PID:3728
- C:\Windows\System\ncPsbFF.exe
  C:\Windows\System\ncPsbFF.exe
  2⤵
  PID:3740
- C:\Windows\System\YfjCLRp.exe
  C:\Windows\System\YfjCLRp.exe
  2⤵
  PID:3804
- C:\Windows\System\MgvMAAZ.exe
  C:\Windows\System\MgvMAAZ.exe
  2⤵
  PID:3844
- C:\Windows\System\pVXfoQS.exe
  C:\Windows\System\pVXfoQS.exe
  2⤵
  PID:3788
- C:\Windows\System\PmHcWcJ.exe
  C:\Windows\System\PmHcWcJ.exe
  2⤵
  PID:3924
- C:\Windows\System\doobMRI.exe
  C:\Windows\System\doobMRI.exe
  2⤵
  PID:3904
- C:\Windows\System\XNNKAlu.exe
  C:\Windows\System\XNNKAlu.exe
  2⤵
  PID:3900
- C:\Windows\System\hBYrsfS.exe
  C:\Windows\System\hBYrsfS.exe
  2⤵
  PID:4004
- C:\Windows\System\YpVLsrt.exe
  C:\Windows\System\YpVLsrt.exe
  2⤵
  PID:4048
- C:\Windows\System\cHoqQCC.exe
  C:\Windows\System\cHoqQCC.exe
  2⤵
  PID:4032
- C:\Windows\System\OuOOhuo.exe
  C:\Windows\System\OuOOhuo.exe
  2⤵
  PID:4068
- C:\Windows\System\ipTcmzr.exe
  C:\Windows\System\ipTcmzr.exe
  2⤵
  PID:664
- C:\Windows\System\qPifCDN.exe
  C:\Windows\System\qPifCDN.exe
  2⤵
  PID:1684
- C:\Windows\System\mTJdgho.exe
  C:\Windows\System\mTJdgho.exe
  2⤵
  PID:1152
- C:\Windows\System\qJOGFdv.exe
  C:\Windows\System\qJOGFdv.exe
  2⤵
  PID:2900
- C:\Windows\System\LRnCVIF.exe
  C:\Windows\System\LRnCVIF.exe
  2⤵
  PID:2212
- C:\Windows\System\daiQWDs.exe
  C:\Windows\System\daiQWDs.exe
  2⤵
  PID:2544
- C:\Windows\System\OcFlCLI.exe
  C:\Windows\System\OcFlCLI.exe
  2⤵
  PID:3152
- C:\Windows\System\BuruvZX.exe
  C:\Windows\System\BuruvZX.exe
  2⤵
  PID:3220
- C:\Windows\System\KSExEZy.exe
  C:\Windows\System\KSExEZy.exe
  2⤵
  PID:3300
- C:\Windows\System\NbOvRvq.exe
  C:\Windows\System\NbOvRvq.exe
  2⤵
  PID:3184
- C:\Windows\System\ngqVJHq.exe
  C:\Windows\System\ngqVJHq.exe
  2⤵
  PID:3384
- C:\Windows\System\DCGHIRc.exe
  C:\Windows\System\DCGHIRc.exe
  2⤵
  PID:3512
- C:\Windows\System\LlCNYYI.exe
  C:\Windows\System\LlCNYYI.exe
  2⤵
  PID:3628
- C:\Windows\System\TJgNxXv.exe
  C:\Windows\System\TJgNxXv.exe
  2⤵
  PID:3500
- C:\Windows\System\EWRgIDs.exe
  C:\Windows\System\EWRgIDs.exe
  2⤵
  PID:3684
- C:\Windows\System\ihyRknp.exe
  C:\Windows\System\ihyRknp.exe
  2⤵
  PID:3696
- C:\Windows\System\qSKGlGq.exe
  C:\Windows\System\qSKGlGq.exe
  2⤵
  PID:3464
- C:\Windows\System\pFAmqLk.exe
  C:\Windows\System\pFAmqLk.exe
  2⤵
  PID:3756
- C:\Windows\System\hZEDfpL.exe
  C:\Windows\System\hZEDfpL.exe
  2⤵
  PID:3772
- C:\Windows\System\HRYmdAx.exe
  C:\Windows\System\HRYmdAx.exe
  2⤵
  PID:3852
- C:\Windows\System\nbLWXvo.exe
  C:\Windows\System\nbLWXvo.exe
  2⤵
  PID:3828
- C:\Windows\System\egKhEfR.exe
  C:\Windows\System\egKhEfR.exe
  2⤵
  PID:3992
- C:\Windows\System\LnCBcKQ.exe
  C:\Windows\System\LnCBcKQ.exe
  2⤵
  PID:4044
- C:\Windows\System\szcRQsD.exe
  C:\Windows\System\szcRQsD.exe
  2⤵
  PID:2700
- C:\Windows\System\AUICqBz.exe
  C:\Windows\System\AUICqBz.exe
  2⤵
  PID:3124
- C:\Windows\System\CaFqCEA.exe
  C:\Windows\System\CaFqCEA.exe
  2⤵
  PID:872
- C:\Windows\System\pMJAGLn.exe
  C:\Windows\System\pMJAGLn.exe
  2⤵
  PID:2888
- C:\Windows\System\jMNoCRz.exe
  C:\Windows\System\jMNoCRz.exe
  2⤵
  PID:3108
- C:\Windows\System\fYNjPuW.exe
  C:\Windows\System\fYNjPuW.exe
  2⤵
  PID:3324
- C:\Windows\System\ETUBBuM.exe
  C:\Windows\System\ETUBBuM.exe
  2⤵
  PID:3644
- C:\Windows\System\XMLyJft.exe
  C:\Windows\System\XMLyJft.exe
  2⤵
  PID:3268
- C:\Windows\System\EbzTXvL.exe
  C:\Windows\System\EbzTXvL.exe
  2⤵
  PID:3524
- C:\Windows\System\zPxDlfz.exe
  C:\Windows\System\zPxDlfz.exe
  2⤵
  PID:3472
- C:\Windows\System\flUZoYC.exe
  C:\Windows\System\flUZoYC.exe
  2⤵
  PID:3896
- C:\Windows\System\TXDsefn.exe
  C:\Windows\System\TXDsefn.exe
  2⤵
  PID:3928
- C:\Windows\System\uaoRKjm.exe
  C:\Windows\System\uaoRKjm.exe
  2⤵
  PID:3848
- C:\Windows\System\cVBUBKg.exe
  C:\Windows\System\cVBUBKg.exe
  2⤵
  PID:3560
- C:\Windows\System\GQbruXt.exe
  C:\Windows\System\GQbruXt.exe
  2⤵
  PID:4108
- C:\Windows\System\oipLkGL.exe
  C:\Windows\System\oipLkGL.exe
  2⤵
  PID:4136
- C:\Windows\System\crOSsvK.exe
  C:\Windows\System\crOSsvK.exe
  2⤵
  PID:4152
- C:\Windows\System\fvcvdVo.exe
  C:\Windows\System\fvcvdVo.exe
  2⤵
  PID:4172
- C:\Windows\System\JsywHRM.exe
  C:\Windows\System\JsywHRM.exe
  2⤵
  PID:4192
- C:\Windows\System\bUXFwZI.exe
  C:\Windows\System\bUXFwZI.exe
  2⤵
  PID:4212
- C:\Windows\System\iLKajzg.exe
  C:\Windows\System\iLKajzg.exe
  2⤵
  PID:4232
- C:\Windows\System\FqVGsPt.exe
  C:\Windows\System\FqVGsPt.exe
  2⤵
  PID:4252
- C:\Windows\System\HNktEcq.exe
  C:\Windows\System\HNktEcq.exe
  2⤵
  PID:4276
- C:\Windows\System\pBMbwuP.exe
  C:\Windows\System\pBMbwuP.exe
  2⤵
  PID:4296
- C:\Windows\System\lBmZACi.exe
  C:\Windows\System\lBmZACi.exe
  2⤵
  PID:4316
- C:\Windows\System\bqfKaXa.exe
  C:\Windows\System\bqfKaXa.exe
  2⤵
  PID:4336
- C:\Windows\System\XYdOTUA.exe
  C:\Windows\System\XYdOTUA.exe
  2⤵
  PID:4356
- C:\Windows\System\ngqhbfe.exe
  C:\Windows\System\ngqhbfe.exe
  2⤵
  PID:4372
- C:\Windows\System\WxZbxuG.exe
  C:\Windows\System\WxZbxuG.exe
  2⤵
  PID:4392
- C:\Windows\System\wbXPTpI.exe
  C:\Windows\System\wbXPTpI.exe
  2⤵
  PID:4416
- C:\Windows\System\elmzVmo.exe
  C:\Windows\System\elmzVmo.exe
  2⤵
  PID:4432
- C:\Windows\System\lkIDblV.exe
  C:\Windows\System\lkIDblV.exe
  2⤵
  PID:4452
- C:\Windows\System\adIrzQl.exe
  C:\Windows\System\adIrzQl.exe
  2⤵
  PID:4472
- C:\Windows\System\ZSJldGN.exe
  C:\Windows\System\ZSJldGN.exe
  2⤵
  PID:4492
- C:\Windows\System\QCBrDhZ.exe
  C:\Windows\System\QCBrDhZ.exe
  2⤵
  PID:4512
- C:\Windows\System\ypXwfHN.exe
  C:\Windows\System\ypXwfHN.exe
  2⤵
  PID:4528
- C:\Windows\System\RCDjFgB.exe
  C:\Windows\System\RCDjFgB.exe
  2⤵
  PID:4548
- C:\Windows\System\EAFfUes.exe
  C:\Windows\System\EAFfUes.exe
  2⤵
  PID:4564
- C:\Windows\System\GXiYWEg.exe
  C:\Windows\System\GXiYWEg.exe
  2⤵
  PID:4584
- C:\Windows\System\qISjuXo.exe
  C:\Windows\System\qISjuXo.exe
  2⤵
  PID:4600
- C:\Windows\System\mzqFczq.exe
  C:\Windows\System\mzqFczq.exe
  2⤵
  PID:4624
- C:\Windows\System\DnVgCdd.exe
  C:\Windows\System\DnVgCdd.exe
  2⤵
  PID:4644
- C:\Windows\System\UhJJNvx.exe
  C:\Windows\System\UhJJNvx.exe
  2⤵
  PID:4664
- C:\Windows\System\nFShREj.exe
  C:\Windows\System\nFShREj.exe
  2⤵
  PID:4692
- C:\Windows\System\CcEMOHV.exe
  C:\Windows\System\CcEMOHV.exe
  2⤵
  PID:4716
- C:\Windows\System\cMKWVQx.exe
  C:\Windows\System\cMKWVQx.exe
  2⤵
  PID:4732
- C:\Windows\System\eNQUMGY.exe
  C:\Windows\System\eNQUMGY.exe
  2⤵
  PID:4756
- C:\Windows\System\ojjouOK.exe
  C:\Windows\System\ojjouOK.exe
  2⤵
  PID:4772
- C:\Windows\System\LmZryoC.exe
  C:\Windows\System\LmZryoC.exe
  2⤵
  PID:4792
- C:\Windows\System\IWlJCRq.exe
  C:\Windows\System\IWlJCRq.exe
  2⤵
  PID:4808
- C:\Windows\System\ucMLpiB.exe
  C:\Windows\System\ucMLpiB.exe
  2⤵
  PID:4824
- C:\Windows\System\PXDfVTA.exe
  C:\Windows\System\PXDfVTA.exe
  2⤵
  PID:4848
- C:\Windows\System\awGINKK.exe
  C:\Windows\System\awGINKK.exe
  2⤵
  PID:4876
- C:\Windows\System\UHhNIJr.exe
  C:\Windows\System\UHhNIJr.exe
  2⤵
  PID:4892
- C:\Windows\System\wtAgpKc.exe
  C:\Windows\System\wtAgpKc.exe
  2⤵
  PID:4912
- C:\Windows\System\gaJzyDf.exe
  C:\Windows\System\gaJzyDf.exe
  2⤵
  PID:4928
- C:\Windows\System\OUVBJGB.exe
  C:\Windows\System\OUVBJGB.exe
  2⤵
  PID:4948
- C:\Windows\System\hxpyNtw.exe
  C:\Windows\System\hxpyNtw.exe
  2⤵
  PID:4964
- C:\Windows\System\ndcFRGQ.exe
  C:\Windows\System\ndcFRGQ.exe
  2⤵
  PID:4992
- C:\Windows\System\JLUZigr.exe
  C:\Windows\System\JLUZigr.exe
  2⤵
  PID:5012
- C:\Windows\System\jIeXYzG.exe
  C:\Windows\System\jIeXYzG.exe
  2⤵
  PID:5028
- C:\Windows\System\qxUxeSA.exe
  C:\Windows\System\qxUxeSA.exe
  2⤵
  PID:5048
- C:\Windows\System\PngdlGk.exe
  C:\Windows\System\PngdlGk.exe
  2⤵
  PID:5068
- C:\Windows\System\fWHDgSM.exe
  C:\Windows\System\fWHDgSM.exe
  2⤵
  PID:5092
- C:\Windows\System\FDZhrEL.exe
  C:\Windows\System\FDZhrEL.exe
  2⤵
  PID:5112
- C:\Windows\System\OzBpSJC.exe
  C:\Windows\System\OzBpSJC.exe
  2⤵
  PID:2004
- C:\Windows\System\cGFpuPP.exe
  C:\Windows\System\cGFpuPP.exe
  2⤵
  PID:3036
- C:\Windows\System\wXHFRkT.exe
  C:\Windows\System\wXHFRkT.exe
  2⤵
  PID:3112
- C:\Windows\System\VNTAYNY.exe
  C:\Windows\System\VNTAYNY.exe
  2⤵
  PID:3204
- C:\Windows\System\YlVAyBR.exe
  C:\Windows\System\YlVAyBR.exe
  2⤵
  PID:3144
- C:\Windows\System\SEVgcXV.exe
  C:\Windows\System\SEVgcXV.exe
  2⤵
  PID:3680
- C:\Windows\System\mqOedtr.exe
  C:\Windows\System\mqOedtr.exe
  2⤵
  PID:3988
- C:\Windows\System\JCBZMqr.exe
  C:\Windows\System\JCBZMqr.exe
  2⤵
  PID:3944
- C:\Windows\System\YhrVmtX.exe
  C:\Windows\System\YhrVmtX.exe
  2⤵
  PID:4084
- C:\Windows\System\cWKIUEH.exe
  C:\Windows\System\cWKIUEH.exe
  2⤵
  PID:4132
- C:\Windows\System\NhcaozD.exe
  C:\Windows\System\NhcaozD.exe
  2⤵
  PID:4148
- C:\Windows\System\bURPFoM.exe
  C:\Windows\System\bURPFoM.exe
  2⤵
  PID:4188
- C:\Windows\System\KUCwqPD.exe
  C:\Windows\System\KUCwqPD.exe
  2⤵
  PID:4292
- C:\Windows\System\hmUwsdM.exe
  C:\Windows\System\hmUwsdM.exe
  2⤵
  PID:4328
- C:\Windows\System\JQDHYhe.exe
  C:\Windows\System\JQDHYhe.exe
  2⤵
  PID:4180
- C:\Windows\System\OVgoGqx.exe
  C:\Windows\System\OVgoGqx.exe
  2⤵
  PID:4304
- C:\Windows\System\TJrTeTY.exe
  C:\Windows\System\TJrTeTY.exe
  2⤵
  PID:4412
- C:\Windows\System\PSqIFae.exe
  C:\Windows\System\PSqIFae.exe
  2⤵
  PID:4448
- C:\Windows\System\tOLUAtO.exe
  C:\Windows\System\tOLUAtO.exe
  2⤵
  PID:4348
- C:\Windows\System\VxVaRdg.exe
  C:\Windows\System\VxVaRdg.exe
  2⤵
  PID:4520
- C:\Windows\System\xAUrgGp.exe
  C:\Windows\System\xAUrgGp.exe
  2⤵
  PID:4560
- C:\Windows\System\UdoLtdF.exe
  C:\Windows\System\UdoLtdF.exe
  2⤵
  PID:4464
- C:\Windows\System\BWBSosI.exe
  C:\Windows\System\BWBSosI.exe
  2⤵
  PID:4636
- C:\Windows\System\qsDcwHJ.exe
  C:\Windows\System\qsDcwHJ.exe
  2⤵
  PID:4680
- C:\Windows\System\esbAGPR.exe
  C:\Windows\System\esbAGPR.exe
  2⤵
  PID:4612
- C:\Windows\System\cbgbKzY.exe
  C:\Windows\System\cbgbKzY.exe
  2⤵
  PID:4652
- C:\Windows\System\bRflviY.exe
  C:\Windows\System\bRflviY.exe
  2⤵
  PID:4580
- C:\Windows\System\IOuoLLj.exe
  C:\Windows\System\IOuoLLj.exe
  2⤵
  PID:4704
- C:\Windows\System\oiNlpbz.exe
  C:\Windows\System\oiNlpbz.exe
  2⤵
  PID:4740
- C:\Windows\System\NevrNwL.exe
  C:\Windows\System\NevrNwL.exe
  2⤵
  PID:4844
- C:\Windows\System\FWBjQFB.exe
  C:\Windows\System\FWBjQFB.exe
  2⤵
  PID:4816
- C:\Windows\System\dcgNbcC.exe
  C:\Windows\System\dcgNbcC.exe
  2⤵
  PID:4884
- C:\Windows\System\ejtDRZw.exe
  C:\Windows\System\ejtDRZw.exe
  2⤵
  PID:4956
- C:\Windows\System\TfHGtuj.exe
  C:\Windows\System\TfHGtuj.exe
  2⤵
  PID:5000
- C:\Windows\System\vCjiVql.exe
  C:\Windows\System\vCjiVql.exe
  2⤵
  PID:4940
- C:\Windows\System\vGqlUEU.exe
  C:\Windows\System\vGqlUEU.exe
  2⤵
  PID:4936
- C:\Windows\System\sAAWfJr.exe
  C:\Windows\System\sAAWfJr.exe
  2⤵
  PID:5080
- C:\Windows\System\oQDmruH.exe
  C:\Windows\System\oQDmruH.exe
  2⤵
  PID:5060
- C:\Windows\System\ueDGsHY.exe
  C:\Windows\System\ueDGsHY.exe
  2⤵
  PID:1868
- C:\Windows\System\IyMLLos.exe
  C:\Windows\System\IyMLLos.exe
  2⤵
  PID:1736
- C:\Windows\System\gwUAkke.exe
  C:\Windows\System\gwUAkke.exe
  2⤵
  PID:2020
- C:\Windows\System\HUPplHf.exe
  C:\Windows\System\HUPplHf.exe
  2⤵
  PID:3372
- C:\Windows\System\kXYZkRA.exe
  C:\Windows\System\kXYZkRA.exe
  2⤵
  PID:3840
- C:\Windows\System\CofaALr.exe
  C:\Windows\System\CofaALr.exe
  2⤵
  PID:4116
- C:\Windows\System\vRoxQgO.exe
  C:\Windows\System\vRoxQgO.exe
  2⤵
  PID:3444
- C:\Windows\System\nRHypTL.exe
  C:\Windows\System\nRHypTL.exe
  2⤵
  PID:4164
- C:\Windows\System\MoNxFwi.exe
  C:\Windows\System\MoNxFwi.exe
  2⤵
  PID:4284
- C:\Windows\System\IziSxbP.exe
  C:\Windows\System\IziSxbP.exe
  2⤵
  PID:4332
- C:\Windows\System\GpiRmDp.exe
  C:\Windows\System\GpiRmDp.exe
  2⤵
  PID:4308
- C:\Windows\System\EehaNhN.exe
  C:\Windows\System\EehaNhN.exe
  2⤵
  PID:4264
- C:\Windows\System\eXCeQRl.exe
  C:\Windows\System\eXCeQRl.exe
  2⤵
  PID:4488
- C:\Windows\System\RZaqrMk.exe
  C:\Windows\System\RZaqrMk.exe
  2⤵
  PID:4556
- C:\Windows\System\PwMTdck.exe
  C:\Windows\System\PwMTdck.exe
  2⤵
  PID:4632
- C:\Windows\System\VFdAjUE.exe
  C:\Windows\System\VFdAjUE.exe
  2⤵
  PID:4672
- C:\Windows\System\pbPBobz.exe
  C:\Windows\System\pbPBobz.exe
  2⤵
  PID:4544
- C:\Windows\System\sBUDbNy.exe
  C:\Windows\System\sBUDbNy.exe
  2⤵
  PID:4660
- C:\Windows\System\TvdCiud.exe
  C:\Windows\System\TvdCiud.exe
  2⤵
  PID:4700
- C:\Windows\System\rryfTcN.exe
  C:\Windows\System\rryfTcN.exe
  2⤵
  PID:4920
- C:\Windows\System\BDNLOkD.exe
  C:\Windows\System\BDNLOkD.exe
  2⤵
  PID:4836
- C:\Windows\System\fXZQIXq.exe
  C:\Windows\System\fXZQIXq.exe
  2⤵
  PID:5076
- C:\Windows\System\SRUziGt.exe
  C:\Windows\System\SRUziGt.exe
  2⤵
  PID:4872
- C:\Windows\System\keTiUny.exe
  C:\Windows\System\keTiUny.exe
  2⤵
  PID:4904
- C:\Windows\System\qnTgtVF.exe
  C:\Windows\System\qnTgtVF.exe
  2⤵
  PID:3304
- C:\Windows\System\gkNsPsA.exe
  C:\Windows\System\gkNsPsA.exe
  2⤵
  PID:5056
- C:\Windows\System\gHvIZXA.exe
  C:\Windows\System\gHvIZXA.exe
  2⤵
  PID:4124
- C:\Windows\System\UQgGaOw.exe
  C:\Windows\System\UQgGaOw.exe
  2⤵
  PID:3200
- C:\Windows\System\kaNXqer.exe
  C:\Windows\System\kaNXqer.exe
  2⤵
  PID:3592
- C:\Windows\System\HpDIJGo.exe
  C:\Windows\System\HpDIJGo.exe
  2⤵
  PID:4144
- C:\Windows\System\sswwqHo.exe
  C:\Windows\System\sswwqHo.exe
  2⤵
  PID:4324
- C:\Windows\System\oBEMxOZ.exe
  C:\Windows\System\oBEMxOZ.exe
  2⤵
  PID:4384
- C:\Windows\System\LpgoFjJ.exe
  C:\Windows\System\LpgoFjJ.exe
  2⤵
  PID:4184
- C:\Windows\System\IGpelUl.exe
  C:\Windows\System\IGpelUl.exe
  2⤵
  PID:4724
- C:\Windows\System\uGzsJJe.exe
  C:\Windows\System\uGzsJJe.exe
  2⤵
  PID:4620
- C:\Windows\System\aQUiscB.exe
  C:\Windows\System\aQUiscB.exe
  2⤵
  PID:4804
- C:\Windows\System\qLGlkJW.exe
  C:\Windows\System\qLGlkJW.exe
  2⤵
  PID:4088
- C:\Windows\System\lBidqHx.exe
  C:\Windows\System\lBidqHx.exe
  2⤵
  PID:5136
- C:\Windows\System\GpiOLNa.exe
  C:\Windows\System\GpiOLNa.exe
  2⤵
  PID:5156
- C:\Windows\System\YXNiIcv.exe
  C:\Windows\System\YXNiIcv.exe
  2⤵
  PID:5176
- C:\Windows\System\gPwerXq.exe
  C:\Windows\System\gPwerXq.exe
  2⤵
  PID:5204
- C:\Windows\System\tZMJVpe.exe
  C:\Windows\System\tZMJVpe.exe
  2⤵
  PID:5220
- C:\Windows\System\XCDjBnm.exe
  C:\Windows\System\XCDjBnm.exe
  2⤵
  PID:5352
- C:\Windows\System\CNZOjPo.exe
  C:\Windows\System\CNZOjPo.exe
  2⤵
  PID:5368
- C:\Windows\System\aPADNim.exe
  C:\Windows\System\aPADNim.exe
  2⤵
  PID:5384
- C:\Windows\System\oyqWhkU.exe
  C:\Windows\System\oyqWhkU.exe
  2⤵
  PID:5404
- C:\Windows\System\zfunZqe.exe
  C:\Windows\System\zfunZqe.exe
  2⤵
  PID:5420
- C:\Windows\System\FlRonbS.exe
  C:\Windows\System\FlRonbS.exe
  2⤵
  PID:5436
- C:\Windows\System\TxRHAiv.exe
  C:\Windows\System\TxRHAiv.exe
  2⤵
  PID:5452
- C:\Windows\System\NSbSfrp.exe
  C:\Windows\System\NSbSfrp.exe
  2⤵
  PID:5468
- C:\Windows\System\AycjBJQ.exe
  C:\Windows\System\AycjBJQ.exe
  2⤵
  PID:5488
- C:\Windows\System\YvmexBe.exe
  C:\Windows\System\YvmexBe.exe
  2⤵
  PID:5508
- C:\Windows\System\wqAVAXQ.exe
  C:\Windows\System\wqAVAXQ.exe
  2⤵
  PID:5524
- C:\Windows\System\lnLyLiy.exe
  C:\Windows\System\lnLyLiy.exe
  2⤵
  PID:5544
- C:\Windows\System\tinSWYH.exe
  C:\Windows\System\tinSWYH.exe
  2⤵
  PID:5560
- C:\Windows\System\oHxMTIk.exe
  C:\Windows\System\oHxMTIk.exe
  2⤵
  PID:5576
- C:\Windows\System\bKxpQkD.exe
  C:\Windows\System\bKxpQkD.exe
  2⤵
  PID:5592
- C:\Windows\System\zwoZbPg.exe
  C:\Windows\System\zwoZbPg.exe
  2⤵
  PID:5644
- C:\Windows\System\GQuzDFd.exe
  C:\Windows\System\GQuzDFd.exe
  2⤵
  PID:5660
- C:\Windows\System\YVnuznG.exe
  C:\Windows\System\YVnuznG.exe
  2⤵
  PID:5676
- C:\Windows\System\pPcpZcV.exe
  C:\Windows\System\pPcpZcV.exe
  2⤵
  PID:5692
- C:\Windows\System\ZGCYxXJ.exe
  C:\Windows\System\ZGCYxXJ.exe
  2⤵
  PID:5708
- C:\Windows\System\jxzTDgf.exe
  C:\Windows\System\jxzTDgf.exe
  2⤵
  PID:5724
- C:\Windows\System\CwOslVE.exe
  C:\Windows\System\CwOslVE.exe
  2⤵
  PID:5740
- C:\Windows\System\AWGcOSB.exe
  C:\Windows\System\AWGcOSB.exe
  2⤵
  PID:5756
- C:\Windows\System\tLSDDYU.exe
  C:\Windows\System\tLSDDYU.exe
  2⤵
  PID:5772
- C:\Windows\System\CeoNEVu.exe
  C:\Windows\System\CeoNEVu.exe
  2⤵
  PID:5788
- C:\Windows\System\BRIkUOC.exe
  C:\Windows\System\BRIkUOC.exe
  2⤵
  PID:5804
- C:\Windows\System\hFjSZvt.exe
  C:\Windows\System\hFjSZvt.exe
  2⤵
  PID:5820
- C:\Windows\System\FvbJUUz.exe
  C:\Windows\System\FvbJUUz.exe
  2⤵
  PID:5860
- C:\Windows\System\QDiefjw.exe
  C:\Windows\System\QDiefjw.exe
  2⤵
  PID:5876
- C:\Windows\System\UnrAMRh.exe
  C:\Windows\System\UnrAMRh.exe
  2⤵
  PID:5892
- C:\Windows\System\WuNttyL.exe
  C:\Windows\System\WuNttyL.exe
  2⤵
  PID:5908
- C:\Windows\System\qmuQvto.exe
  C:\Windows\System\qmuQvto.exe
  2⤵
  PID:5924
- C:\Windows\System\AwpRsWk.exe
  C:\Windows\System\AwpRsWk.exe
  2⤵
  PID:5940
- C:\Windows\System\pudkxDu.exe
  C:\Windows\System\pudkxDu.exe
  2⤵
  PID:5956
- C:\Windows\System\ehxWgdZ.exe
  C:\Windows\System\ehxWgdZ.exe
  2⤵
  PID:5972
- C:\Windows\System\YuDhokS.exe
  C:\Windows\System\YuDhokS.exe
  2⤵
  PID:5992
- C:\Windows\System\ASFcxwZ.exe
  C:\Windows\System\ASFcxwZ.exe
  2⤵
  PID:6012
- C:\Windows\System\OhHEbnA.exe
  C:\Windows\System\OhHEbnA.exe
  2⤵
  PID:6032
- C:\Windows\System\YzJFaCs.exe
  C:\Windows\System\YzJFaCs.exe
  2⤵
  PID:6052
- C:\Windows\System\UHisQrg.exe
  C:\Windows\System\UHisQrg.exe
  2⤵
  PID:6068
- C:\Windows\System\ZpHcicd.exe
  C:\Windows\System\ZpHcicd.exe
  2⤵
  PID:6084
- C:\Windows\System\OrYcOuT.exe
  C:\Windows\System\OrYcOuT.exe
  2⤵
  PID:6100
- C:\Windows\System\qUgqhmp.exe
  C:\Windows\System\qUgqhmp.exe
  2⤵
  PID:6120
- C:\Windows\System\bCxuDRR.exe
  C:\Windows\System\bCxuDRR.exe
  2⤵
  PID:6140
- C:\Windows\System\VOLPpRP.exe
  C:\Windows\System\VOLPpRP.exe
  2⤵
  PID:4864
- C:\Windows\System\txkzCeX.exe
  C:\Windows\System\txkzCeX.exe
  2⤵
  PID:4008
- C:\Windows\System\rmuvapr.exe
  C:\Windows\System\rmuvapr.exe
  2⤵
  PID:4224
- C:\Windows\System\RfwGCrf.exe
  C:\Windows\System\RfwGCrf.exe
  2⤵
  PID:3940
- C:\Windows\System\aFXraXx.exe
  C:\Windows\System\aFXraXx.exe
  2⤵
  PID:5064
- C:\Windows\System\TPuyCNh.exe
  C:\Windows\System\TPuyCNh.exe
  2⤵
  PID:4480
- C:\Windows\System\fVlmBmG.exe
  C:\Windows\System\fVlmBmG.exe
  2⤵
  PID:4408
- C:\Windows\System\FpjYvCr.exe
  C:\Windows\System\FpjYvCr.exe
  2⤵
  PID:4688
- C:\Windows\System\dEODemN.exe
  C:\Windows\System\dEODemN.exe
  2⤵
  PID:5024
- C:\Windows\System\exzsZTE.exe
  C:\Windows\System\exzsZTE.exe
  2⤵
  PID:4752
- C:\Windows\System\lBSJxER.exe
  C:\Windows\System\lBSJxER.exe
  2⤵
  PID:5148
- C:\Windows\System\qbxObaf.exe
  C:\Windows\System\qbxObaf.exe
  2⤵
  PID:5184
- C:\Windows\System\DnLMTLX.exe
  C:\Windows\System\DnLMTLX.exe
  2⤵
  PID:5196
- C:\Windows\System\vIhubfI.exe
  C:\Windows\System\vIhubfI.exe
  2⤵
  PID:5200
- C:\Windows\System\fIywiwY.exe
  C:\Windows\System\fIywiwY.exe
  2⤵
  PID:5216
- C:\Windows\System\XpccKbd.exe
  C:\Windows\System\XpccKbd.exe
  2⤵
  PID:2604
- C:\Windows\System\xoYClyT.exe
  C:\Windows\System\xoYClyT.exe
  2⤵
  PID:2600
- C:\Windows\System\QbUMWVl.exe
  C:\Windows\System\QbUMWVl.exe
  2⤵
  PID:1920
- C:\Windows\System\GQYjHVQ.exe
  C:\Windows\System\GQYjHVQ.exe
  2⤵
  PID:3016
- C:\Windows\System\PzIUYLk.exe
  C:\Windows\System\PzIUYLk.exe
  2⤵
  PID:2008
- C:\Windows\System\PSBHTFw.exe
  C:\Windows\System\PSBHTFw.exe
  2⤵
  PID:2040
- C:\Windows\System\geTrhjo.exe
  C:\Windows\System\geTrhjo.exe
  2⤵
  PID:1760
- C:\Windows\System\MvxTVMG.exe
  C:\Windows\System\MvxTVMG.exe
  2⤵
  PID:1716
- C:\Windows\System\nfgbjUW.exe
  C:\Windows\System\nfgbjUW.exe
  2⤵
  PID:2764
- C:\Windows\System\XUPhyJo.exe
  C:\Windows\System\XUPhyJo.exe
  2⤵
  PID:1592
- C:\Windows\System\KwkXUXr.exe
  C:\Windows\System\KwkXUXr.exe
  2⤵
  PID:3020
- C:\Windows\System\sFobYLz.exe
  C:\Windows\System\sFobYLz.exe
  2⤵
  PID:2056
- C:\Windows\System\KRfCDXF.exe
  C:\Windows\System\KRfCDXF.exe
  2⤵
  PID:1632
- C:\Windows\System\fsGbOAh.exe
  C:\Windows\System\fsGbOAh.exe
  2⤵
  PID:5332
- C:\Windows\System\lmoojzg.exe
  C:\Windows\System\lmoojzg.exe
  2⤵
  PID:5392
- C:\Windows\System\ASraslI.exe
  C:\Windows\System\ASraslI.exe
  2⤵
  PID:5380
- C:\Windows\System\XIKwhPJ.exe
  C:\Windows\System\XIKwhPJ.exe
  2⤵
  PID:5464
- C:\Windows\System\tkMdsNM.exe
  C:\Windows\System\tkMdsNM.exe
  2⤵
  PID:5416
- C:\Windows\System\EocJINN.exe
  C:\Windows\System\EocJINN.exe
  2⤵
  PID:5516
- C:\Windows\System\DXsaZzV.exe
  C:\Windows\System\DXsaZzV.exe
  2⤵
  PID:5588
- C:\Windows\System\omWAiHH.exe
  C:\Windows\System\omWAiHH.exe
  2⤵
  PID:5752
- C:\Windows\System\yVLiyvO.exe
  C:\Windows\System\yVLiyvO.exe
  2⤵
  PID:5688
- C:\Windows\System\QyzStnO.exe
  C:\Windows\System\QyzStnO.exe
  2⤵
  PID:5496
- C:\Windows\System\igygMzn.exe
  C:\Windows\System\igygMzn.exe
  2⤵
  PID:5536
- C:\Windows\System\gGzzVbW.exe
  C:\Windows\System\gGzzVbW.exe
  2⤵
  PID:5616
- C:\Windows\System\EMRHPmN.exe
  C:\Windows\System\EMRHPmN.exe
  2⤵
  PID:5632
- C:\Windows\System\gcCOJSB.exe
  C:\Windows\System\gcCOJSB.exe
  2⤵
  PID:5672
- C:\Windows\System\AnRoUxn.exe
  C:\Windows\System\AnRoUxn.exe
  2⤵
  PID:5736
- C:\Windows\System\QWASuLq.exe
  C:\Windows\System\QWASuLq.exe
  2⤵
  PID:5800
- C:\Windows\System\fGNTSwi.exe
  C:\Windows\System\fGNTSwi.exe
  2⤵
  PID:5840
- C:\Windows\System\VMBZYBZ.exe
  C:\Windows\System\VMBZYBZ.exe
  2⤵
  PID:5856
- C:\Windows\System\PCvLkbo.exe
  C:\Windows\System\PCvLkbo.exe
  2⤵
  PID:5920
- C:\Windows\System\FNIMnXf.exe
  C:\Windows\System\FNIMnXf.exe
  2⤵
  PID:5984
- C:\Windows\System\AauOndj.exe
  C:\Windows\System\AauOndj.exe
  2⤵
  PID:6064
- C:\Windows\System\eSMihgP.exe
  C:\Windows\System\eSMihgP.exe
  2⤵
  PID:6096
- C:\Windows\System\nCtkNwF.exe
  C:\Windows\System\nCtkNwF.exe
  2⤵
  PID:4860
- C:\Windows\System\DayUiHj.exe
  C:\Windows\System\DayUiHj.exe
  2⤵
  PID:4500
- C:\Windows\System\XuSyQyh.exe
  C:\Windows\System\XuSyQyh.exe
  2⤵
  PID:4440
- C:\Windows\System\wktEJFV.exe
  C:\Windows\System\wktEJFV.exe
  2⤵
  PID:2844
- C:\Windows\System\tktGbPZ.exe
  C:\Windows\System\tktGbPZ.exe
  2⤵
  PID:5100
- C:\Windows\System\rXJErhK.exe
  C:\Windows\System\rXJErhK.exe
  2⤵
  PID:4748
- C:\Windows\System\oZaUyvM.exe
  C:\Windows\System\oZaUyvM.exe
  2⤵
  PID:5964
- C:\Windows\System\vgulYrm.exe
  C:\Windows\System\vgulYrm.exe
  2⤵
  PID:3012
- C:\Windows\System\yLOokRX.exe
  C:\Windows\System\yLOokRX.exe
  2⤵
  PID:6044
- C:\Windows\System\KjjIiFc.exe
  C:\Windows\System\KjjIiFc.exe
  2⤵
  PID:6112
- C:\Windows\System\onxBcYE.exe
  C:\Windows\System\onxBcYE.exe
  2⤵
  PID:4868
- C:\Windows\System\uMdLBIO.exe
  C:\Windows\System\uMdLBIO.exe
  2⤵
  PID:5104
- C:\Windows\System\agbGOFu.exe
  C:\Windows\System\agbGOFu.exe
  2⤵
  PID:5144
- C:\Windows\System\vYuoAIP.exe
  C:\Windows\System\vYuoAIP.exe
  2⤵
  PID:5164
- C:\Windows\System\KJRttnX.exe
  C:\Windows\System\KJRttnX.exe
  2⤵
  PID:5280
- C:\Windows\System\PfRwJaz.exe
  C:\Windows\System\PfRwJaz.exe
  2⤵
  PID:1228
- C:\Windows\System\GGdefPC.exe
  C:\Windows\System\GGdefPC.exe
  2⤵
  PID:2472
- C:\Windows\System\IEOeqOL.exe
  C:\Windows\System\IEOeqOL.exe
  2⤵
  PID:5328
- C:\Windows\System\RgLIwch.exe
  C:\Windows\System\RgLIwch.exe
  2⤵
  PID:808
- C:\Windows\System\TIHVyXH.exe
  C:\Windows\System\TIHVyXH.exe
  2⤵
  PID:5232
- C:\Windows\System\PzpeOQA.exe
  C:\Windows\System\PzpeOQA.exe
  2⤵
  PID:5340
- C:\Windows\System\YBNuQKV.exe
  C:\Windows\System\YBNuQKV.exe
  2⤵
  PID:5264
- C:\Windows\System\JyzwWbf.exe
  C:\Windows\System\JyzwWbf.exe
  2⤵
  PID:5284
- C:\Windows\System\oVQFWhb.exe
  C:\Windows\System\oVQFWhb.exe
  2⤵
  PID:5300
- C:\Windows\System\rsuNdlR.exe
  C:\Windows\System\rsuNdlR.exe
  2⤵
  PID:5324
- C:\Windows\System\mbrwBgj.exe
  C:\Windows\System\mbrwBgj.exe
  2⤵
  PID:5656
- C:\Windows\System\NolUWDs.exe
  C:\Windows\System\NolUWDs.exe
  2⤵
  PID:5400
- C:\Windows\System\iSVBTtx.exe
  C:\Windows\System\iSVBTtx.exe
  2⤵
  PID:5412
- C:\Windows\System\NROrbcZ.exe
  C:\Windows\System\NROrbcZ.exe
  2⤵
  PID:1132
- C:\Windows\System\NmcUPdc.exe
  C:\Windows\System\NmcUPdc.exe
  2⤵
  PID:2024
- C:\Windows\System\VRnGmip.exe
  C:\Windows\System\VRnGmip.exe
  2⤵
  PID:5532
- C:\Windows\System\vPcDubu.exe
  C:\Windows\System\vPcDubu.exe
  2⤵
  PID:5732
- C:\Windows\System\VjXDXfi.exe
  C:\Windows\System\VjXDXfi.exe
  2⤵
  PID:5780
- C:\Windows\System\fSnqjFz.exe
  C:\Windows\System\fSnqjFz.exe
  2⤵
  PID:5768
- C:\Windows\System\fLApadZ.exe
  C:\Windows\System\fLApadZ.exe
  2⤵
  PID:5480
- C:\Windows\System\swwCfbV.exe
  C:\Windows\System\swwCfbV.exe
  2⤵
  PID:5816
- C:\Windows\System\KbkvLAl.exe
  C:\Windows\System\KbkvLAl.exe
  2⤵
  PID:5668
- C:\Windows\System\frLYLqE.exe
  C:\Windows\System\frLYLqE.exe
  2⤵
  PID:5852
- C:\Windows\System\WWbiXEc.exe
  C:\Windows\System\WWbiXEc.exe
  2⤵
  PID:5868
- C:\Windows\System\UzkSHkM.exe
  C:\Windows\System\UzkSHkM.exe
  2⤵
  PID:5888
- C:\Windows\System\ujCFEcM.exe
  C:\Windows\System\ujCFEcM.exe
  2⤵
  PID:6028
- C:\Windows\System\NeNZObP.exe
  C:\Windows\System\NeNZObP.exe
  2⤵
  PID:4640
- C:\Windows\System\BmlHAVy.exe
  C:\Windows\System\BmlHAVy.exe
  2⤵
  PID:4900
- C:\Windows\System\lqhwiFk.exe
  C:\Windows\System\lqhwiFk.exe
  2⤵
  PID:6040
- C:\Windows\System\VOnkSpL.exe
  C:\Windows\System\VOnkSpL.exe
  2⤵
  PID:4832
- C:\Windows\System\RoWnVJL.exe
  C:\Windows\System\RoWnVJL.exe
  2⤵
  PID:5212
- C:\Windows\System\LEgHBpa.exe
  C:\Windows\System\LEgHBpa.exe
  2⤵
  PID:6000
- C:\Windows\System\jEkXmgJ.exe
  C:\Windows\System\jEkXmgJ.exe
  2⤵
  PID:3664
- C:\Windows\System\NHKmiaF.exe
  C:\Windows\System\NHKmiaF.exe
  2⤵
  PID:2824
- C:\Windows\System\SeQqyRr.exe
  C:\Windows\System\SeQqyRr.exe
  2⤵
  PID:5244
- C:\Windows\System\CJGbobi.exe
  C:\Windows\System\CJGbobi.exe
  2⤵
  PID:2680
- C:\Windows\System\tcyobXv.exe
  C:\Windows\System\tcyobXv.exe
  2⤵
  PID:1432
- C:\Windows\System\sghEcHd.exe
  C:\Windows\System\sghEcHd.exe
  2⤵
  PID:2336
- C:\Windows\System\adxOvYx.exe
  C:\Windows\System\adxOvYx.exe
  2⤵
  PID:5292
- C:\Windows\System\OdaljTf.exe
  C:\Windows\System\OdaljTf.exe
  2⤵
  PID:5320
- C:\Windows\System\ywbqoZR.exe
  C:\Windows\System\ywbqoZR.exe
  2⤵
  PID:2240
- C:\Windows\System\eeIEukS.exe
  C:\Windows\System\eeIEukS.exe
  2⤵
  PID:5376
- C:\Windows\System\likESPI.exe
  C:\Windows\System\likESPI.exe
  2⤵
  PID:1976
- C:\Windows\System\tvsZusk.exe
  C:\Windows\System\tvsZusk.exe
  2⤵
  PID:5716
- C:\Windows\System\vhsCwUa.exe
  C:\Windows\System\vhsCwUa.exe
  2⤵
  PID:5608
- C:\Windows\System\QrwtKcf.exe
  C:\Windows\System\QrwtKcf.exe
  2⤵
  PID:5612
- C:\Windows\System\GfaADsG.exe
  C:\Windows\System\GfaADsG.exe
  2⤵
  PID:5848
- C:\Windows\System\pwKpnkb.exe
  C:\Windows\System\pwKpnkb.exe
  2⤵
  PID:6136
- C:\Windows\System\HEblImr.exe
  C:\Windows\System\HEblImr.exe
  2⤵
  PID:5228
- C:\Windows\System\uQstJOY.exe
  C:\Windows\System\uQstJOY.exe
  2⤵
  PID:6024
- C:\Windows\System\SwIstBS.exe
  C:\Windows\System\SwIstBS.exe
  2⤵
  PID:4344
- C:\Windows\System\JwHEbFy.exe
  C:\Windows\System\JwHEbFy.exe
  2⤵
  PID:5152
- C:\Windows\System\NjPqlfQ.exe
  C:\Windows\System\NjPqlfQ.exe
  2⤵
  PID:2564
- C:\Windows\System\Birfkej.exe
  C:\Windows\System\Birfkej.exe
  2⤵
  PID:5308
- C:\Windows\System\HPNMhkR.exe
  C:\Windows\System\HPNMhkR.exe
  2⤵
  PID:5980
- C:\Windows\System\RfWmvtc.exe
  C:\Windows\System\RfWmvtc.exe
  2⤵
  PID:2248
- C:\Windows\System\QHiKZuo.exe
  C:\Windows\System\QHiKZuo.exe
  2⤵
  PID:5260
- C:\Windows\System\BWyWKsu.exe
  C:\Windows\System\BWyWKsu.exe
  2⤵
  PID:1524
- C:\Windows\System\vpPCweI.exe
  C:\Windows\System\vpPCweI.exe
  2⤵
  PID:5784
- C:\Windows\System\bohYsqq.exe
  C:\Windows\System\bohYsqq.exe
  2⤵
  PID:6108
- C:\Windows\System\pvWlgCi.exe
  C:\Windows\System\pvWlgCi.exe
  2⤵
  PID:6132
- C:\Windows\System\TgzaMCL.exe
  C:\Windows\System\TgzaMCL.exe
  2⤵
  PID:4160
- C:\Windows\System\rOJbAlZ.exe
  C:\Windows\System\rOJbAlZ.exe
  2⤵
  PID:5276
- C:\Windows\System\dWXONSM.exe
  C:\Windows\System\dWXONSM.exe
  2⤵
  PID:5360
- C:\Windows\System\AREbnbm.exe
  C:\Windows\System\AREbnbm.exe
  2⤵
  PID:6148
- C:\Windows\System\PYObIWX.exe
  C:\Windows\System\PYObIWX.exe
  2⤵
  PID:6164
- C:\Windows\System\pjXNmco.exe
  C:\Windows\System\pjXNmco.exe
  2⤵
  PID:6180
- C:\Windows\System\bKdcFGA.exe
  C:\Windows\System\bKdcFGA.exe
  2⤵
  PID:6196
- C:\Windows\System\KDrSGsn.exe
  C:\Windows\System\KDrSGsn.exe
  2⤵
  PID:6212
- C:\Windows\System\vxXapkO.exe
  C:\Windows\System\vxXapkO.exe
  2⤵
  PID:6228
- C:\Windows\System\KEogCNu.exe
  C:\Windows\System\KEogCNu.exe
  2⤵
  PID:6244
- C:\Windows\System\nawEqpy.exe
  C:\Windows\System\nawEqpy.exe
  2⤵
  PID:6260
- C:\Windows\System\OhpvCsE.exe
  C:\Windows\System\OhpvCsE.exe
  2⤵
  PID:6276
- C:\Windows\System\qgWYuqT.exe
  C:\Windows\System\qgWYuqT.exe
  2⤵
  PID:6292
- C:\Windows\System\QblBWFY.exe
  C:\Windows\System\QblBWFY.exe
  2⤵
  PID:6308
- C:\Windows\System\rwIEbss.exe
  C:\Windows\System\rwIEbss.exe
  2⤵
  PID:6324
- C:\Windows\System\TFEnPgi.exe
  C:\Windows\System\TFEnPgi.exe
  2⤵
  PID:6340
- C:\Windows\System\CyIQZTu.exe
  C:\Windows\System\CyIQZTu.exe
  2⤵
  PID:6356
- C:\Windows\System\vCBYfsD.exe
  C:\Windows\System\vCBYfsD.exe
  2⤵
  PID:6372
- C:\Windows\System\jDokICI.exe
  C:\Windows\System\jDokICI.exe
  2⤵
  PID:6388
- C:\Windows\System\TfRyIzO.exe
  C:\Windows\System\TfRyIzO.exe
  2⤵
  PID:6404
- C:\Windows\System\PvetHIS.exe
  C:\Windows\System\PvetHIS.exe
  2⤵
  PID:6420
- C:\Windows\System\obFGeSc.exe
  C:\Windows\System\obFGeSc.exe
  2⤵
  PID:6436
- C:\Windows\System\ADnTXOe.exe
  C:\Windows\System\ADnTXOe.exe
  2⤵
  PID:6452
- C:\Windows\System\GUMMKOn.exe
  C:\Windows\System\GUMMKOn.exe
  2⤵
  PID:6468
- C:\Windows\System\oHBxPKz.exe
  C:\Windows\System\oHBxPKz.exe
  2⤵
  PID:6484
- C:\Windows\System\uzPmViZ.exe
  C:\Windows\System\uzPmViZ.exe
  2⤵
  PID:6500
- C:\Windows\System\aOqZAiw.exe
  C:\Windows\System\aOqZAiw.exe
  2⤵
  PID:6516
- C:\Windows\System\duBGgbf.exe
  C:\Windows\System\duBGgbf.exe
  2⤵
  PID:6532
- C:\Windows\System\PacCpkm.exe
  C:\Windows\System\PacCpkm.exe
  2⤵
  PID:6548
- C:\Windows\System\DgLiKuu.exe
  C:\Windows\System\DgLiKuu.exe
  2⤵
  PID:6564
- C:\Windows\System\gDhwdoa.exe
  C:\Windows\System\gDhwdoa.exe
  2⤵
  PID:6580
- C:\Windows\System\iPskhWp.exe
  C:\Windows\System\iPskhWp.exe
  2⤵
  PID:6596
- C:\Windows\System\FlQPWrN.exe
  C:\Windows\System\FlQPWrN.exe
  2⤵
  PID:6612
- C:\Windows\System\YUTerNA.exe
  C:\Windows\System\YUTerNA.exe
  2⤵
  PID:6628
- C:\Windows\System\jWDUTJd.exe
  C:\Windows\System\jWDUTJd.exe
  2⤵
  PID:6644
- C:\Windows\System\TMxyTIA.exe
  C:\Windows\System\TMxyTIA.exe
  2⤵
  PID:6660
- C:\Windows\System\VbjorEq.exe
  C:\Windows\System\VbjorEq.exe
  2⤵
  PID:6676
- C:\Windows\System\afleWsJ.exe
  C:\Windows\System\afleWsJ.exe
  2⤵
  PID:6692
- C:\Windows\System\LlOEURZ.exe
  C:\Windows\System\LlOEURZ.exe
  2⤵
  PID:6712
- C:\Windows\System\tbgNyqR.exe
  C:\Windows\System\tbgNyqR.exe
  2⤵
  PID:6728
- C:\Windows\System\SMmQOWu.exe
  C:\Windows\System\SMmQOWu.exe
  2⤵
  PID:6744
- C:\Windows\System\gEFOiIc.exe
  C:\Windows\System\gEFOiIc.exe
  2⤵
  PID:6760
- C:\Windows\System\zwauPtf.exe
  C:\Windows\System\zwauPtf.exe
  2⤵
  PID:6776
- C:\Windows\System\QgJiFyE.exe
  C:\Windows\System\QgJiFyE.exe
  2⤵
  PID:6792
- C:\Windows\System\SjphEOn.exe
  C:\Windows\System\SjphEOn.exe
  2⤵
  PID:6808
- C:\Windows\System\XXLECKf.exe
  C:\Windows\System\XXLECKf.exe
  2⤵
  PID:6824
- C:\Windows\System\rPTcVSC.exe
  C:\Windows\System\rPTcVSC.exe
  2⤵
  PID:6840
- C:\Windows\System\PCPAoiA.exe
  C:\Windows\System\PCPAoiA.exe
  2⤵
  PID:6856
- C:\Windows\System\aHOslwh.exe
  C:\Windows\System\aHOslwh.exe
  2⤵
  PID:6872
- C:\Windows\System\mVpYOKI.exe
  C:\Windows\System\mVpYOKI.exe
  2⤵
  PID:6888
- C:\Windows\System\EWByvCp.exe
  C:\Windows\System\EWByvCp.exe
  2⤵
  PID:6904
- C:\Windows\System\BZuVVlb.exe
  C:\Windows\System\BZuVVlb.exe
  2⤵
  PID:6920
- C:\Windows\System\yLGdRbY.exe
  C:\Windows\System\yLGdRbY.exe
  2⤵
  PID:6936
- C:\Windows\System\XcuRUqn.exe
  C:\Windows\System\XcuRUqn.exe
  2⤵
  PID:6952
- C:\Windows\System\UudKvVx.exe
  C:\Windows\System\UudKvVx.exe
  2⤵
  PID:6968
- C:\Windows\System\UIVsJYg.exe
  C:\Windows\System\UIVsJYg.exe
  2⤵
  PID:6984
- C:\Windows\System\NziMLyB.exe
  C:\Windows\System\NziMLyB.exe
  2⤵
  PID:7000
- C:\Windows\System\mXeUsFY.exe
  C:\Windows\System\mXeUsFY.exe
  2⤵
  PID:7016
- C:\Windows\System\ZZxHoDw.exe
  C:\Windows\System\ZZxHoDw.exe
  2⤵
  PID:7032
- C:\Windows\System\mxIZTqN.exe
  C:\Windows\System\mxIZTqN.exe
  2⤵
  PID:7048
- C:\Windows\System\PaJWJyT.exe
  C:\Windows\System\PaJWJyT.exe
  2⤵
  PID:7068
- C:\Windows\System\VcWHpDy.exe
  C:\Windows\System\VcWHpDy.exe
  2⤵
  PID:7084
- C:\Windows\System\iNKDepw.exe
  C:\Windows\System\iNKDepw.exe
  2⤵
  PID:7100
- C:\Windows\System\RHxpvXA.exe
  C:\Windows\System\RHxpvXA.exe
  2⤵
  PID:7116
- C:\Windows\System\AbljdFL.exe
  C:\Windows\System\AbljdFL.exe
  2⤵
  PID:7132
- C:\Windows\System\bsZHpwG.exe
  C:\Windows\System\bsZHpwG.exe
  2⤵
  PID:7148
- C:\Windows\System\usjOgYZ.exe
  C:\Windows\System\usjOgYZ.exe
  2⤵
  PID:7164
- C:\Windows\System\SbcePnd.exe
  C:\Windows\System\SbcePnd.exe
  2⤵
  PID:2848
- C:\Windows\System\fMjSJAM.exe
  C:\Windows\System\fMjSJAM.exe
  2⤵
  PID:5348
- C:\Windows\System\NTcqGfe.exe
  C:\Windows\System\NTcqGfe.exe
  2⤵
  PID:6192
- C:\Windows\System\CzDGMTj.exe
  C:\Windows\System\CzDGMTj.exe
  2⤵
  PID:6176
- C:\Windows\System\PITabZQ.exe
  C:\Windows\System\PITabZQ.exe
  2⤵
  PID:6268
- C:\Windows\System\zzuybdG.exe
  C:\Windows\System\zzuybdG.exe
  2⤵
  PID:6332
- C:\Windows\System\dXAGvxy.exe
  C:\Windows\System\dXAGvxy.exe
  2⤵
  PID:6252
- C:\Windows\System\rjgGmKm.exe
  C:\Windows\System\rjgGmKm.exe
  2⤵
  PID:6348
- C:\Windows\System\xUQpQuN.exe
  C:\Windows\System\xUQpQuN.exe
  2⤵
  PID:6380
- C:\Windows\System\PptpGKW.exe
  C:\Windows\System\PptpGKW.exe
  2⤵
  PID:6444
- C:\Windows\System\wqCYoeC.exe
  C:\Windows\System\wqCYoeC.exe
  2⤵
  PID:6396
- C:\Windows\System\lMUyLnE.exe
  C:\Windows\System\lMUyLnE.exe
  2⤵
  PID:6460
- C:\Windows\System\rWGHEad.exe
  C:\Windows\System\rWGHEad.exe
  2⤵
  PID:6524
- C:\Windows\System\cmPtRbB.exe
  C:\Windows\System\cmPtRbB.exe
  2⤵
  PID:6508
- C:\Windows\System\exzhNdI.exe
  C:\Windows\System\exzhNdI.exe
  2⤵
  PID:6572
- C:\Windows\System\UvokyGY.exe
  C:\Windows\System\UvokyGY.exe
  2⤵
  PID:6608
- C:\Windows\System\OjbOYpy.exe
  C:\Windows\System\OjbOYpy.exe
  2⤵
  PID:6652
- C:\Windows\System\rBLGvtf.exe
  C:\Windows\System\rBLGvtf.exe
  2⤵
  PID:6720
- C:\Windows\System\kRKVZrx.exe
  C:\Windows\System\kRKVZrx.exe
  2⤵
  PID:6700
- C:\Windows\System\luQxXRJ.exe
  C:\Windows\System\luQxXRJ.exe
  2⤵
  PID:6740
- C:\Windows\System\PKXVkmC.exe
  C:\Windows\System\PKXVkmC.exe
  2⤵
  PID:6772
- C:\Windows\System\eGOOtes.exe
  C:\Windows\System\eGOOtes.exe
  2⤵
  PID:6900
- C:\Windows\System\qvBBhwd.exe
  C:\Windows\System\qvBBhwd.exe
  2⤵
  PID:6784
- C:\Windows\System\hwZDtcF.exe
  C:\Windows\System\hwZDtcF.exe
  2⤵
  PID:6820
- C:\Windows\System\yITawER.exe
  C:\Windows\System\yITawER.exe
  2⤵
  PID:6884
- C:\Windows\System\OntaxdN.exe
  C:\Windows\System\OntaxdN.exe
  2⤵
  PID:6948
- C:\Windows\System\qowzexb.exe
  C:\Windows\System\qowzexb.exe
  2⤵
  PID:6960
- C:\Windows\System\vzKxwQl.exe
  C:\Windows\System\vzKxwQl.exe
  2⤵
  PID:7028
- C:\Windows\System\qqLxVjj.exe
  C:\Windows\System\qqLxVjj.exe
  2⤵
  PID:7092
- C:\Windows\System\SUGyoHH.exe
  C:\Windows\System\SUGyoHH.exe
  2⤵
  PID:7008
- C:\Windows\System\WzNmweN.exe
  C:\Windows\System\WzNmweN.exe
  2⤵
  PID:7076
- C:\Windows\System\NpRbVxZ.exe
  C:\Windows\System\NpRbVxZ.exe
  2⤵
  PID:7140
- C:\Windows\System\inAFueu.exe
  C:\Windows\System\inAFueu.exe
  2⤵
  PID:7124
- C:\Windows\System\kWbdByA.exe
  C:\Windows\System\kWbdByA.exe
  2⤵
  PID:6172
- C:\Windows\System\JGwJryz.exe
  C:\Windows\System\JGwJryz.exe
  2⤵
  PID:6300
- C:\Windows\System\wIwiKkL.exe
  C:\Windows\System\wIwiKkL.exe
  2⤵
  PID:5312
- C:\Windows\System\bIZkIJI.exe
  C:\Windows\System\bIZkIJI.exe
  2⤵
  PID:6208
- C:\Windows\System\MnjFPZG.exe
  C:\Windows\System\MnjFPZG.exe
  2⤵
  PID:6368
- C:\Windows\System\zHRrgxy.exe
  C:\Windows\System\zHRrgxy.exe
  2⤵
  PID:6492
- C:\Windows\System\zwhyTFw.exe
  C:\Windows\System\zwhyTFw.exe
  2⤵
  PID:6432
- C:\Windows\System\HzBKjgi.exe
  C:\Windows\System\HzBKjgi.exe
  2⤵
  PID:6604
- C:\Windows\System\wuZCPIU.exe
  C:\Windows\System\wuZCPIU.exe
  2⤵
  PID:6544
- C:\Windows\System\NnWvuBk.exe
  C:\Windows\System\NnWvuBk.exe
  2⤵
  PID:6624
- C:\Windows\System\lucYiyC.exe
  C:\Windows\System\lucYiyC.exe
  2⤵
  PID:6768
- C:\Windows\System\SqYudwc.exe
  C:\Windows\System\SqYudwc.exe
  2⤵
  PID:6708
- C:\Windows\System\ADqvfAi.exe
  C:\Windows\System\ADqvfAi.exe
  2⤵
  PID:6852
- C:\Windows\System\qiyyHix.exe
  C:\Windows\System\qiyyHix.exe
  2⤵
  PID:7060
- C:\Windows\System\GvKSnfs.exe
  C:\Windows\System\GvKSnfs.exe
  2⤵
  PID:684
- C:\Windows\System\vTDpExe.exe
  C:\Windows\System\vTDpExe.exe
  2⤵
  PID:6156
- C:\Windows\System\RkjnVjB.exe
  C:\Windows\System\RkjnVjB.exe
  2⤵
  PID:6480
- C:\Windows\System\uhKGbvt.exe
  C:\Windows\System\uhKGbvt.exe
  2⤵
  PID:7112
- C:\Windows\System\bXlhuug.exe
  C:\Windows\System\bXlhuug.exe
  2⤵
  PID:6996
- C:\Windows\System\ifioehW.exe
  C:\Windows\System\ifioehW.exe
  2⤵
  PID:7156
- C:\Windows\System\BRxzEwV.exe
  C:\Windows\System\BRxzEwV.exe
  2⤵
  PID:6416
- C:\Windows\System\WvIJVHd.exe
  C:\Windows\System\WvIJVHd.exe
  2⤵
  PID:6668
- C:\Windows\System\qKXumRu.exe
  C:\Windows\System\qKXumRu.exe
  2⤵
  PID:6964
- C:\Windows\System\zTKfvHJ.exe
  C:\Windows\System\zTKfvHJ.exe
  2⤵
  PID:6588
- C:\Windows\System\fYLlTsE.exe
  C:\Windows\System\fYLlTsE.exe
  2⤵
  PID:6672
- C:\Windows\System\OocunvJ.exe
  C:\Windows\System\OocunvJ.exe
  2⤵
  PID:7044
- C:\Windows\System\tiwTqSo.exe
  C:\Windows\System\tiwTqSo.exe
  2⤵
  PID:6916
- C:\Windows\System\gdYgezS.exe
  C:\Windows\System\gdYgezS.exe
  2⤵
  PID:7180
- C:\Windows\System\cKQUxBq.exe
  C:\Windows\System\cKQUxBq.exe
  2⤵
  PID:7196
- C:\Windows\System\ANxHAcJ.exe
  C:\Windows\System\ANxHAcJ.exe
  2⤵
  PID:7212
- C:\Windows\System\FoXJUFs.exe
  C:\Windows\System\FoXJUFs.exe
  2⤵
  PID:7228
- C:\Windows\System\wkRlwEy.exe
  C:\Windows\System\wkRlwEy.exe
  2⤵
  PID:7244
- C:\Windows\System\kFXcGZv.exe
  C:\Windows\System\kFXcGZv.exe
  2⤵
  PID:7260
- C:\Windows\System\qMXGDot.exe
  C:\Windows\System\qMXGDot.exe
  2⤵
  PID:7276
- C:\Windows\System\BInwKNF.exe
  C:\Windows\System\BInwKNF.exe
  2⤵
  PID:7292
- C:\Windows\System\NBBVHGq.exe
  C:\Windows\System\NBBVHGq.exe
  2⤵
  PID:7308
- C:\Windows\System\HYiEePV.exe
  C:\Windows\System\HYiEePV.exe
  2⤵
  PID:7328
- C:\Windows\System\rdtZiLq.exe
  C:\Windows\System\rdtZiLq.exe
  2⤵
  PID:7344
- C:\Windows\System\ReDvSXD.exe
  C:\Windows\System\ReDvSXD.exe
  2⤵
  PID:7360
- C:\Windows\System\TbQIzxl.exe
  C:\Windows\System\TbQIzxl.exe
  2⤵
  PID:7376
- C:\Windows\System\KQzUPGW.exe
  C:\Windows\System\KQzUPGW.exe
  2⤵
  PID:7392
- C:\Windows\System\mKanKyl.exe
  C:\Windows\System\mKanKyl.exe
  2⤵
  PID:7408
- C:\Windows\System\PTFUxbO.exe
  C:\Windows\System\PTFUxbO.exe
  2⤵
  PID:7424
- C:\Windows\System\oofpYTh.exe
  C:\Windows\System\oofpYTh.exe
  2⤵
  PID:7440
- C:\Windows\System\SubKwAw.exe
  C:\Windows\System\SubKwAw.exe
  2⤵
  PID:7456
- C:\Windows\System\EsuzJAF.exe
  C:\Windows\System\EsuzJAF.exe
  2⤵
  PID:7472
- C:\Windows\System\jUYzQCR.exe
  C:\Windows\System\jUYzQCR.exe
  2⤵
  PID:7488
- C:\Windows\System\eqWfygA.exe
  C:\Windows\System\eqWfygA.exe
  2⤵
  PID:7520
- C:\Windows\System\tVIqwOY.exe
  C:\Windows\System\tVIqwOY.exe
  2⤵
  PID:7536
- C:\Windows\System\juuvkQv.exe
  C:\Windows\System\juuvkQv.exe
  2⤵
  PID:7552
- C:\Windows\System\JpypthX.exe
  C:\Windows\System\JpypthX.exe
  2⤵
  PID:7568
- C:\Windows\System\lBSoXwC.exe
  C:\Windows\System\lBSoXwC.exe
  2⤵
  PID:7584
- C:\Windows\System\wCIJRTc.exe
  C:\Windows\System\wCIJRTc.exe
  2⤵
  PID:7600
- C:\Windows\System\eWzocrc.exe
  C:\Windows\System\eWzocrc.exe
  2⤵
  PID:7616
- C:\Windows\System\FbusGGs.exe
  C:\Windows\System\FbusGGs.exe
  2⤵
  PID:7636
- C:\Windows\System\MWWvJvT.exe
  C:\Windows\System\MWWvJvT.exe
  2⤵
  PID:7652
- C:\Windows\System\TpsoWcZ.exe
  C:\Windows\System\TpsoWcZ.exe
  2⤵
  PID:7672
- C:\Windows\System\UVkFqTQ.exe
  C:\Windows\System\UVkFqTQ.exe
  2⤵
  PID:7688
- C:\Windows\System\CgNUWiT.exe
  C:\Windows\System\CgNUWiT.exe
  2⤵
  PID:7704
- C:\Windows\System\MzpGcIS.exe
  C:\Windows\System\MzpGcIS.exe
  2⤵
  PID:7720
- C:\Windows\System\LHZegkr.exe
  C:\Windows\System\LHZegkr.exe
  2⤵
  PID:7736
- C:\Windows\System\EuZTWZo.exe
  C:\Windows\System\EuZTWZo.exe
  2⤵
  PID:7752
- C:\Windows\System\NeyhbEX.exe
  C:\Windows\System\NeyhbEX.exe
  2⤵
  PID:7772
- C:\Windows\System\uWLVTmL.exe
  C:\Windows\System\uWLVTmL.exe
  2⤵
  PID:7788
- C:\Windows\System\kqKcOzP.exe
  C:\Windows\System\kqKcOzP.exe
  2⤵
  PID:7804
- C:\Windows\System\uiUOLXT.exe
  C:\Windows\System\uiUOLXT.exe
  2⤵
  PID:7820
- C:\Windows\System\dDGkrNY.exe
  C:\Windows\System\dDGkrNY.exe
  2⤵
  PID:7836
- C:\Windows\System\bHZGjYN.exe
  C:\Windows\System\bHZGjYN.exe
  2⤵
  PID:7852
- C:\Windows\System\GiGzBfF.exe
  C:\Windows\System\GiGzBfF.exe
  2⤵
  PID:7868
- C:\Windows\System\aBfVwrf.exe
  C:\Windows\System\aBfVwrf.exe
  2⤵
  PID:7888
- C:\Windows\System\YZYhjSJ.exe
  C:\Windows\System\YZYhjSJ.exe
  2⤵
  PID:7904
- C:\Windows\System\SpJPsMA.exe
  C:\Windows\System\SpJPsMA.exe
  2⤵
  PID:7920
- C:\Windows\System\laVtVmH.exe
  C:\Windows\System\laVtVmH.exe
  2⤵
  PID:7936
- C:\Windows\System\UoIEWXh.exe
  C:\Windows\System\UoIEWXh.exe
  2⤵
  PID:7952
- C:\Windows\System\LClYoPe.exe
  C:\Windows\System\LClYoPe.exe
  2⤵
  PID:7968
- C:\Windows\System\SDlyxFc.exe
  C:\Windows\System\SDlyxFc.exe
  2⤵
  PID:7984
- C:\Windows\System\azifave.exe
  C:\Windows\System\azifave.exe
  2⤵
  PID:8000
- C:\Windows\System\nrbribl.exe
  C:\Windows\System\nrbribl.exe
  2⤵
  PID:8016
- C:\Windows\System\yxDkfBP.exe
  C:\Windows\System\yxDkfBP.exe
  2⤵
  PID:8032
- C:\Windows\System\VAdCiXM.exe
  C:\Windows\System\VAdCiXM.exe
  2⤵
  PID:8048
- C:\Windows\System\mGvQCQE.exe
  C:\Windows\System\mGvQCQE.exe
  2⤵
  PID:8072
- C:\Windows\System\vgOxfPU.exe
  C:\Windows\System\vgOxfPU.exe
  2⤵
  PID:8088
- C:\Windows\System\lkpJnpq.exe
  C:\Windows\System\lkpJnpq.exe
  2⤵
  PID:8104
- C:\Windows\System\hfOWSKt.exe
  C:\Windows\System\hfOWSKt.exe
  2⤵
  PID:8120
- C:\Windows\System\JpatPsd.exe
  C:\Windows\System\JpatPsd.exe
  2⤵
  PID:8136
- C:\Windows\System\JKDnFfG.exe
  C:\Windows\System\JKDnFfG.exe
  2⤵
  PID:8152
- C:\Windows\System\qIAIfzi.exe
  C:\Windows\System\qIAIfzi.exe
  2⤵
  PID:8172
- C:\Windows\System\JxCzSWk.exe
  C:\Windows\System\JxCzSWk.exe
  2⤵
  PID:8188
- C:\Windows\System\RDobWlj.exe
  C:\Windows\System\RDobWlj.exe
  2⤵
  PID:6640
- C:\Windows\System\BHiwxYt.exe
  C:\Windows\System\BHiwxYt.exe
  2⤵
  PID:7040
- C:\Windows\System\wGjbchw.exe
  C:\Windows\System\wGjbchw.exe
  2⤵
  PID:7452
- C:\Windows\System\dVdmCMK.exe
  C:\Windows\System\dVdmCMK.exe
  2⤵
  PID:7516
- C:\Windows\System\NIbaWvo.exe
  C:\Windows\System\NIbaWvo.exe
  2⤵
  PID:7580
- C:\Windows\System\wubcKSU.exe
  C:\Windows\System\wubcKSU.exe
  2⤵
  PID:7680
- C:\Windows\System\equSxGA.exe
  C:\Windows\System\equSxGA.exe
  2⤵
  PID:7744
- C:\Windows\System\uRfBMqr.exe
  C:\Windows\System\uRfBMqr.exe
  2⤵
  PID:7812
- C:\Windows\System\QwqVwHW.exe
  C:\Windows\System\QwqVwHW.exe
  2⤵
  PID:7728
- C:\Windows\System\GYStfOl.exe
  C:\Windows\System\GYStfOl.exe
  2⤵
  PID:7768
- C:\Windows\System\LxwzBAd.exe
  C:\Windows\System\LxwzBAd.exe
  2⤵
  PID:7832
- C:\Windows\System\WZnyUjR.exe
  C:\Windows\System\WZnyUjR.exe
  2⤵
  PID:7884
- C:\Windows\System\jpnOcQI.exe
  C:\Windows\System\jpnOcQI.exe
  2⤵
  PID:7948
- C:\Windows\System\KXXtzKs.exe
  C:\Windows\System\KXXtzKs.exe
  2⤵
  PID:8012
- C:\Windows\System\SqkrTzC.exe
  C:\Windows\System\SqkrTzC.exe
  2⤵
  PID:7996
- C:\Windows\System\GOZQFxo.exe
  C:\Windows\System\GOZQFxo.exe
  2⤵
  PID:7960
- C:\Windows\System\oJwXLNr.exe
  C:\Windows\System\oJwXLNr.exe
  2⤵
  PID:8056
- C:\Windows\System\CoKXgeJ.exe
  C:\Windows\System\CoKXgeJ.exe
  2⤵
  PID:8096
- C:\Windows\System\tGcuhpn.exe
  C:\Windows\System\tGcuhpn.exe
  2⤵
  PID:8160
- C:\Windows\System\cgjXEsi.exe
  C:\Windows\System\cgjXEsi.exe
  2⤵
  PID:6980
- C:\Windows\System\wpYNhAW.exe
  C:\Windows\System\wpYNhAW.exe
  2⤵
  PID:8184
- C:\Windows\System\TrSBHYc.exe
  C:\Windows\System\TrSBHYc.exe
  2⤵
  PID:8084
- C:\Windows\System\kvCxetn.exe
  C:\Windows\System\kvCxetn.exe
  2⤵
  PID:8148
- C:\Windows\System\WsTAfdh.exe
  C:\Windows\System\WsTAfdh.exe
  2⤵
  PID:6928
- C:\Windows\System\VuUxYGP.exe
  C:\Windows\System\VuUxYGP.exe
  2⤵
  PID:7208
- C:\Windows\System\fbyrrIz.exe
  C:\Windows\System\fbyrrIz.exe
  2⤵
  PID:7272
- C:\Windows\System\SkCtgLN.exe
  C:\Windows\System\SkCtgLN.exe
  2⤵
  PID:7324
- C:\Windows\System\ZCnydnH.exe
  C:\Windows\System\ZCnydnH.exe
  2⤵
  PID:7252
- C:\Windows\System\aEcYrBo.exe
  C:\Windows\System\aEcYrBo.exe
  2⤵
  PID:7316
- C:\Windows\System\xNGEcEz.exe
  C:\Windows\System\xNGEcEz.exe
  2⤵
  PID:7388
- C:\Windows\System\csDLUXA.exe
  C:\Windows\System\csDLUXA.exe
  2⤵
  PID:7368
- C:\Windows\System\WHmtRKg.exe
  C:\Windows\System\WHmtRKg.exe
  2⤵
  PID:7432
- C:\Windows\System\WyvdTcz.exe
  C:\Windows\System\WyvdTcz.exe
  2⤵
  PID:7436
- C:\Windows\System\QkDXeNy.exe
  C:\Windows\System\QkDXeNy.exe
  2⤵
  PID:7484
- C:\Windows\System\FsxKVZo.exe
  C:\Windows\System\FsxKVZo.exe
  2⤵
  PID:7560
- C:\Windows\System\sCDdbQO.exe
  C:\Windows\System\sCDdbQO.exe
  2⤵
  PID:7576
- C:\Windows\System\ciaSCST.exe
  C:\Windows\System\ciaSCST.exe
  2⤵
  PID:7848
- C:\Windows\System\rFtYzCe.exe
  C:\Windows\System\rFtYzCe.exe
  2⤵
  PID:7828
- C:\Windows\System\somtxvR.exe
  C:\Windows\System\somtxvR.exe
  2⤵
  PID:7632
- C:\Windows\System\WdsKKMb.exe
  C:\Windows\System\WdsKKMb.exe
  2⤵
  PID:7780
- C:\Windows\System\jQlmTEE.exe
  C:\Windows\System\jQlmTEE.exe
  2⤵
  PID:7864
- C:\Windows\System\osqezIE.exe
  C:\Windows\System\osqezIE.exe
  2⤵
  PID:7944
- C:\Windows\System\diyzhbd.exe
  C:\Windows\System\diyzhbd.exe
  2⤵
  PID:7932
- C:\Windows\System\FvsvKmK.exe
  C:\Windows\System\FvsvKmK.exe
  2⤵
  PID:7992
- C:\Windows\System\dUGtGyP.exe
  C:\Windows\System\dUGtGyP.exe
  2⤵
  PID:8168
- C:\Windows\System\NnmTqvH.exe
  C:\Windows\System\NnmTqvH.exe
  2⤵
  PID:8164
- C:\Windows\System\TlVyIqw.exe
  C:\Windows\System\TlVyIqw.exe
  2⤵
  PID:6836
- C:\Windows\System\EMjNrNs.exe
  C:\Windows\System\EMjNrNs.exe
  2⤵
  PID:7304
- C:\Windows\System\ELTKsPC.exe
  C:\Windows\System\ELTKsPC.exe
  2⤵
  PID:7384
- C:\Windows\System\ZGsAapg.exe
  C:\Windows\System\ZGsAapg.exe
  2⤵
  PID:7548
- C:\Windows\System\VEYlxiB.exe
  C:\Windows\System\VEYlxiB.exe
  2⤵
  PID:7288
- C:\Windows\System\FudgamN.exe
  C:\Windows\System\FudgamN.exe
  2⤵
  PID:7980
- C:\Windows\System\oOYwULq.exe
  C:\Windows\System\oOYwULq.exe
  2⤵
  PID:7648
- C:\Windows\System\zgaOvig.exe
  C:\Windows\System\zgaOvig.exe
  2⤵
  PID:7628
- C:\Windows\System\kRAtjKM.exe
  C:\Windows\System\kRAtjKM.exe
  2⤵
  PID:7716
- C:\Windows\System\DoQIxDV.exe
  C:\Windows\System\DoQIxDV.exe
  2⤵
  PID:7760
- C:\Windows\System\dGOwiEH.exe
  C:\Windows\System\dGOwiEH.exe
  2⤵
  PID:7664
- C:\Windows\System\iYhLyDM.exe
  C:\Windows\System\iYhLyDM.exe
  2⤵
  PID:8196
- C:\Windows\System\IxndeCL.exe
  C:\Windows\System\IxndeCL.exe
  2⤵
  PID:8212
- C:\Windows\System\bttMjOV.exe
  C:\Windows\System\bttMjOV.exe
  2⤵
  PID:8228
- C:\Windows\System\GCkVwuA.exe
  C:\Windows\System\GCkVwuA.exe
  2⤵
  PID:8244
- C:\Windows\System\dBvlWpm.exe
  C:\Windows\System\dBvlWpm.exe
  2⤵
  PID:8260
- C:\Windows\System\EIsRUoa.exe
  C:\Windows\System\EIsRUoa.exe
  2⤵
  PID:8280
- C:\Windows\System\iOLXWXi.exe
  C:\Windows\System\iOLXWXi.exe
  2⤵
  PID:8296
- C:\Windows\System\hAxfAfz.exe
  C:\Windows\System\hAxfAfz.exe
  2⤵
  PID:8312
- C:\Windows\System\xPilgDC.exe
  C:\Windows\System\xPilgDC.exe
  2⤵
  PID:8332
- C:\Windows\System\TuXslJv.exe
  C:\Windows\System\TuXslJv.exe
  2⤵
  PID:8348
- C:\Windows\System\MCGuFcO.exe
  C:\Windows\System\MCGuFcO.exe
  2⤵
  PID:8364
- C:\Windows\System\LXYRRap.exe
  C:\Windows\System\LXYRRap.exe
  2⤵
  PID:8380
- C:\Windows\System\VbGOlhS.exe
  C:\Windows\System\VbGOlhS.exe
  2⤵
  PID:8396
- C:\Windows\System\WlEuRPF.exe
  C:\Windows\System\WlEuRPF.exe
  2⤵
  PID:8412
- C:\Windows\System\kFieKST.exe
  C:\Windows\System\kFieKST.exe
  2⤵
  PID:8432
- C:\Windows\System\tFUMxLD.exe
  C:\Windows\System\tFUMxLD.exe
  2⤵
  PID:8448
- C:\Windows\System\MpfOQff.exe
  C:\Windows\System\MpfOQff.exe
  2⤵
  PID:8464
- C:\Windows\System\aGWOeFd.exe
  C:\Windows\System\aGWOeFd.exe
  2⤵
  PID:8480
- C:\Windows\System\qKkCpTJ.exe
  C:\Windows\System\qKkCpTJ.exe
  2⤵
  PID:8496
- C:\Windows\System\PBSQYqi.exe
  C:\Windows\System\PBSQYqi.exe
  2⤵
  PID:8516
- C:\Windows\System\tNfCGbC.exe
  C:\Windows\System\tNfCGbC.exe
  2⤵
  PID:8532
- C:\Windows\System\oFupnfZ.exe
  C:\Windows\System\oFupnfZ.exe
  2⤵
  PID:8548
- C:\Windows\System\pkjcGny.exe
  C:\Windows\System\pkjcGny.exe
  2⤵
  PID:8564
- C:\Windows\System\AYofMMh.exe
  C:\Windows\System\AYofMMh.exe
  2⤵
  PID:8580
- C:\Windows\System\gTsnrKi.exe
  C:\Windows\System\gTsnrKi.exe
  2⤵
  PID:8596
- C:\Windows\System\rhDZeVA.exe
  C:\Windows\System\rhDZeVA.exe
  2⤵
  PID:8612
- C:\Windows\System\VuPHFdY.exe
  C:\Windows\System\VuPHFdY.exe
  2⤵
  PID:8628
- C:\Windows\System\qUesMJW.exe
  C:\Windows\System\qUesMJW.exe
  2⤵
  PID:8644
- C:\Windows\System\dpfrHib.exe
  C:\Windows\System\dpfrHib.exe
  2⤵
  PID:8664
- C:\Windows\System\PvEZobT.exe
  C:\Windows\System\PvEZobT.exe
  2⤵
  PID:8680
- C:\Windows\System\mTgmJoq.exe
  C:\Windows\System\mTgmJoq.exe
  2⤵
  PID:8696
- C:\Windows\System\nNWCZqY.exe
  C:\Windows\System\nNWCZqY.exe
  2⤵
  PID:8712
- C:\Windows\System\dDsyXIY.exe
  C:\Windows\System\dDsyXIY.exe
  2⤵
  PID:8728
- C:\Windows\System\LOCJGXO.exe
  C:\Windows\System\LOCJGXO.exe
  2⤵
  PID:8760
- C:\Windows\System\IdYrMlZ.exe
  C:\Windows\System\IdYrMlZ.exe
  2⤵
  PID:8776
- C:\Windows\System\EiIoLaS.exe
  C:\Windows\System\EiIoLaS.exe
  2⤵
  PID:8792
- C:\Windows\System\NwbFvCs.exe
  C:\Windows\System\NwbFvCs.exe
  2⤵
  PID:8812
- C:\Windows\System\NjDllUI.exe
  C:\Windows\System\NjDllUI.exe
  2⤵
  PID:8836
- C:\Windows\System\jcUjKQr.exe
  C:\Windows\System\jcUjKQr.exe
  2⤵
  PID:8852
- C:\Windows\System\vXptDrR.exe
  C:\Windows\System\vXptDrR.exe
  2⤵
  PID:8868
- C:\Windows\System\CdpTKzW.exe
  C:\Windows\System\CdpTKzW.exe
  2⤵
  PID:8892
- C:\Windows\System\FbpCTCM.exe
  C:\Windows\System\FbpCTCM.exe
  2⤵
  PID:8908
- C:\Windows\System\OqLmzfz.exe
  C:\Windows\System\OqLmzfz.exe
  2⤵
  PID:8924
- C:\Windows\System\lgTPnyh.exe
  C:\Windows\System\lgTPnyh.exe
  2⤵
  PID:8940
- C:\Windows\System\WfmuWMg.exe
  C:\Windows\System\WfmuWMg.exe
  2⤵
  PID:8964
- C:\Windows\System\kMCwnSR.exe
  C:\Windows\System\kMCwnSR.exe
  2⤵
  PID:8980
- C:\Windows\System\OjOnPLT.exe
  C:\Windows\System\OjOnPLT.exe
  2⤵
  PID:8996
- C:\Windows\System\IXOXthV.exe
  C:\Windows\System\IXOXthV.exe
  2⤵
  PID:9012
- C:\Windows\System\lwbRstG.exe
  C:\Windows\System\lwbRstG.exe
  2⤵
  PID:9028
- C:\Windows\System\LESvxLg.exe
  C:\Windows\System\LESvxLg.exe
  2⤵
  PID:9044
- C:\Windows\System\RhDGVcV.exe
  C:\Windows\System\RhDGVcV.exe
  2⤵
  PID:9064
- C:\Windows\System\LrTsFzA.exe
  C:\Windows\System\LrTsFzA.exe
  2⤵
  PID:9084
- C:\Windows\System\oZOSblW.exe
  C:\Windows\System\oZOSblW.exe
  2⤵
  PID:9100
- C:\Windows\System\hOWNcaZ.exe
  C:\Windows\System\hOWNcaZ.exe
  2⤵
  PID:9136
- C:\Windows\System\HKBsYUI.exe
  C:\Windows\System\HKBsYUI.exe
  2⤵
  PID:9196
- C:\Windows\System\sCJyHEf.exe
  C:\Windows\System\sCJyHEf.exe
  2⤵
  PID:9212
- C:\Windows\System\IuIvWWo.exe
  C:\Windows\System\IuIvWWo.exe
  2⤵
  PID:7400
- C:\Windows\System\zHsDseX.exe
  C:\Windows\System\zHsDseX.exe
  2⤵
  PID:8128
- C:\Windows\System\VTYqWzI.exe
  C:\Windows\System\VTYqWzI.exe
  2⤵
  PID:7268
- C:\Windows\System\WdHNslA.exe
  C:\Windows\System\WdHNslA.exe
  2⤵
  PID:8144
- C:\Windows\System\sIKRqLa.exe
  C:\Windows\System\sIKRqLa.exe
  2⤵
  PID:8240
- C:\Windows\System\UezVrSi.exe
  C:\Windows\System\UezVrSi.exe
  2⤵
  PID:8308
- C:\Windows\System\Jwsmrkt.exe
  C:\Windows\System\Jwsmrkt.exe
  2⤵
  PID:8376
- C:\Windows\System\ToEWLvw.exe
  C:\Windows\System\ToEWLvw.exe
  2⤵
  PID:8444
- C:\Windows\System\gGjjuLl.exe
  C:\Windows\System\gGjjuLl.exe
  2⤵
  PID:8476
- C:\Windows\System\TliKLgs.exe
  C:\Windows\System\TliKLgs.exe
  2⤵
  PID:8572
- C:\Windows\System\WgLwMeC.exe
  C:\Windows\System\WgLwMeC.exe
  2⤵
  PID:8424
- C:\Windows\System\OuDhQFC.exe
  C:\Windows\System\OuDhQFC.exe
  2⤵
  PID:8356
- C:\Windows\System\RDkgyAh.exe
  C:\Windows\System\RDkgyAh.exe
  2⤵
  PID:7624
- C:\Windows\System\gVfQaQb.exe
  C:\Windows\System\gVfQaQb.exe
  2⤵
  PID:8224
- C:\Windows\System\UrxPNRf.exe
  C:\Windows\System\UrxPNRf.exe
  2⤵
  PID:8288
- C:\Windows\System\IfsmbLc.exe
  C:\Windows\System\IfsmbLc.exe
  2⤵
  PID:8360
- C:\Windows\System\ccaUyvc.exe
  C:\Windows\System\ccaUyvc.exe
  2⤵
  PID:8492
- C:\Windows\System\SloOrnp.exe
  C:\Windows\System\SloOrnp.exe
  2⤵
  PID:8556
- C:\Windows\System\FJWNlLo.exe
  C:\Windows\System\FJWNlLo.exe
  2⤵
  PID:8620
- C:\Windows\System\UEaVbfl.exe
  C:\Windows\System\UEaVbfl.exe
  2⤵
  PID:8704
- C:\Windows\System\mLGALKr.exe
  C:\Windows\System\mLGALKr.exe
  2⤵
  PID:8736
- C:\Windows\System\LKtwhUk.exe
  C:\Windows\System\LKtwhUk.exe
  2⤵
  PID:8756
- C:\Windows\System\CdrLvYy.exe
  C:\Windows\System\CdrLvYy.exe
  2⤵
  PID:8784
- C:\Windows\System\tfJKfsV.exe
  C:\Windows\System\tfJKfsV.exe
  2⤵
  PID:8800
- C:\Windows\System\cnQuInt.exe
  C:\Windows\System\cnQuInt.exe
  2⤵
  PID:8804
- C:\Windows\System\iaNGacE.exe
  C:\Windows\System\iaNGacE.exe
  2⤵
  PID:8860
- C:\Windows\System\rlYRJvO.exe
  C:\Windows\System\rlYRJvO.exe
  2⤵
  PID:8876
- C:\Windows\System\wdRLSlj.exe
  C:\Windows\System\wdRLSlj.exe
  2⤵
  PID:8888
- C:\Windows\System\QGXrkRX.exe
  C:\Windows\System\QGXrkRX.exe
  2⤵
  PID:8936
- C:\Windows\System\FMmiELK.exe
  C:\Windows\System\FMmiELK.exe
  2⤵
  PID:8948
- C:\Windows\System\YZuxcvH.exe
  C:\Windows\System\YZuxcvH.exe
  2⤵
  PID:6352
- C:\Windows\System\mcfvNvx.exe
  C:\Windows\System\mcfvNvx.exe
  2⤵
  PID:9036
- C:\Windows\System\lgZxJqR.exe
  C:\Windows\System\lgZxJqR.exe
  2⤵
  PID:9020
- C:\Windows\System\RXwhXeQ.exe
  C:\Windows\System\RXwhXeQ.exe
  2⤵
  PID:9052
- C:\Windows\System\dNOhymr.exe
  C:\Windows\System\dNOhymr.exe
  2⤵
  PID:9080
- C:\Windows\System\EfNnlDu.exe
  C:\Windows\System\EfNnlDu.exe
  2⤵
  PID:9092
- C:\Windows\System\UkJjdeR.exe
  C:\Windows\System\UkJjdeR.exe
  2⤵
  PID:9120
- C:\Windows\System\QeBgHWj.exe
  C:\Windows\System\QeBgHWj.exe
  2⤵
  PID:7352
- C:\Windows\System\KxLhaMG.exe
  C:\Windows\System\KxLhaMG.exe
  2⤵
  PID:9148
- C:\Windows\System\kaohRhJ.exe
  C:\Windows\System\kaohRhJ.exe
  2⤵
  PID:8428
- C:\Windows\System\GkOEvMh.exe
  C:\Windows\System\GkOEvMh.exe
  2⤵
  PID:9164
- C:\Windows\System\lMHSrEC.exe
  C:\Windows\System\lMHSrEC.exe
  2⤵
  PID:9180
- C:\Windows\System\ZZsCHWR.exe
  C:\Windows\System\ZZsCHWR.exe
  2⤵
  PID:7544
- C:\Windows\System\HcaomMw.exe
  C:\Windows\System\HcaomMw.exe
  2⤵
  PID:7564
- C:\Windows\System\tyJKsqZ.exe
  C:\Windows\System\tyJKsqZ.exe
  2⤵
  PID:8208
- C:\Windows\System\cbeSXNm.exe
  C:\Windows\System\cbeSXNm.exe
  2⤵
  PID:7668
- C:\Windows\System\Nlmamvi.exe
  C:\Windows\System\Nlmamvi.exe
  2⤵
  PID:8304
- C:\Windows\System\XziTohd.exe
  C:\Windows\System\XziTohd.exe
  2⤵
  PID:8544
- C:\Windows\System\aASGrYz.exe
  C:\Windows\System\aASGrYz.exe
  2⤵
  PID:8420
- C:\Windows\System\wTrqKxE.exe
  C:\Windows\System\wTrqKxE.exe
  2⤵
  PID:8256
- C:\Windows\System\WHGbvnq.exe
  C:\Windows\System\WHGbvnq.exe
  2⤵
  PID:8592
- C:\Windows\System\yNGRVEf.exe
  C:\Windows\System\yNGRVEf.exe
  2⤵
  PID:8740
- C:\Windows\System\lNdgykh.exe
  C:\Windows\System\lNdgykh.exe
  2⤵
  PID:8080
- C:\Windows\System\rmQuuIm.exe
  C:\Windows\System\rmQuuIm.exe
  2⤵
  PID:8652
- C:\Windows\System\StNAuLp.exe
  C:\Windows\System\StNAuLp.exe
  2⤵
  PID:8824
- C:\Windows\System\ykTqfdo.exe
  C:\Windows\System\ykTqfdo.exe
  2⤵
  PID:8828
- C:\Windows\System\Ylvmwyl.exe
  C:\Windows\System\Ylvmwyl.exe
  2⤵
  PID:7612
- C:\Windows\System\YCMHkhr.exe
  C:\Windows\System\YCMHkhr.exe
  2⤵
  PID:8988
- C:\Windows\System\HdYgTeR.exe
  C:\Windows\System\HdYgTeR.exe
  2⤵
  PID:8972
- C:\Windows\System\eMdjmVZ.exe
  C:\Windows\System\eMdjmVZ.exe
  2⤵
  PID:9024
- C:\Windows\System\fKjdJYE.exe
  C:\Windows\System\fKjdJYE.exe
  2⤵
  PID:8276
- C:\Windows\System\kIpUZlC.exe
  C:\Windows\System\kIpUZlC.exe
  2⤵
  PID:9108
- C:\Windows\System\SvFzAtS.exe
  C:\Windows\System\SvFzAtS.exe
  2⤵
  PID:9208
- C:\Windows\System\TbepGFx.exe
  C:\Windows\System\TbepGFx.exe
  2⤵
  PID:7224
- C:\Windows\System\yMfAbAt.exe
  C:\Windows\System\yMfAbAt.exe
  2⤵
  PID:8660
- C:\Windows\System\WRNNxIN.exe
  C:\Windows\System\WRNNxIN.exe
  2⤵
  PID:9204
- C:\Windows\System\gJqqHzA.exe
  C:\Windows\System\gJqqHzA.exe
  2⤵
  PID:7240
- C:\Windows\System\tDufeIi.exe
  C:\Windows\System\tDufeIi.exe
  2⤵
  PID:8508
- C:\Windows\System\dILJMtI.exe
  C:\Windows\System\dILJMtI.exe
  2⤵
  PID:8324
- C:\Windows\System\aNNTYSZ.exe
  C:\Windows\System\aNNTYSZ.exe
  2⤵
  PID:8708
- C:\Windows\System\zYxlrsc.exe
  C:\Windows\System\zYxlrsc.exe
  2⤵
  PID:8900
- C:\Windows\System\yLuTUjC.exe
  C:\Windows\System\yLuTUjC.exe
  2⤵
  PID:9008
- C:\Windows\System\DecGBSc.exe
  C:\Windows\System\DecGBSc.exe
  2⤵
  PID:9132
- C:\Windows\System\rNGveFv.exe
  C:\Windows\System\rNGveFv.exe
  2⤵
  PID:8960
- C:\Windows\System\MJZaJuU.exe
  C:\Windows\System\MJZaJuU.exe
  2⤵
  PID:9116
- C:\Windows\System\rSglNqX.exe
  C:\Windows\System\rSglNqX.exe
  2⤵
  PID:8488
- C:\Windows\System\qdqvAcL.exe
  C:\Windows\System\qdqvAcL.exe
  2⤵
  PID:8672
- C:\Windows\System\mYSGgRe.exe
  C:\Windows\System\mYSGgRe.exe
  2⤵
  PID:8752
- C:\Windows\System\eHQIGRM.exe
  C:\Windows\System\eHQIGRM.exe
  2⤵
  PID:8884
- C:\Windows\System\gbjkOgH.exe
  C:\Windows\System\gbjkOgH.exe
  2⤵
  PID:8844
- C:\Windows\System\lXtyduP.exe
  C:\Windows\System\lXtyduP.exe
  2⤵
  PID:7336
- C:\Windows\System\eoakkjq.exe
  C:\Windows\System\eoakkjq.exe
  2⤵
  PID:9072
- C:\Windows\System\pFRjNWf.exe
  C:\Windows\System\pFRjNWf.exe
  2⤵
  PID:9232
- C:\Windows\System\RqyAKqA.exe
  C:\Windows\System\RqyAKqA.exe
  2⤵
  PID:9248
- C:\Windows\System\nXLjLtw.exe
  C:\Windows\System\nXLjLtw.exe
  2⤵
  PID:9264
- C:\Windows\System\voBZion.exe
  C:\Windows\System\voBZion.exe
  2⤵
  PID:9280
- C:\Windows\System\URoqRgs.exe
  C:\Windows\System\URoqRgs.exe
  2⤵
  PID:9308
- C:\Windows\System\bSdPJAo.exe
  C:\Windows\System\bSdPJAo.exe
  2⤵
  PID:9324
- C:\Windows\System\uzgpZkh.exe
  C:\Windows\System\uzgpZkh.exe
  2⤵
  PID:9340
- C:\Windows\System\BiyPYlz.exe
  C:\Windows\System\BiyPYlz.exe
  2⤵
  PID:9356
- C:\Windows\System\KKnmbWI.exe
  C:\Windows\System\KKnmbWI.exe
  2⤵
  PID:9372
- C:\Windows\System\lJivKGf.exe
  C:\Windows\System\lJivKGf.exe
  2⤵
  PID:9388
- C:\Windows\System\znJAjyn.exe
  C:\Windows\System\znJAjyn.exe
  2⤵
  PID:9404
- C:\Windows\System\MGxOsak.exe
  C:\Windows\System\MGxOsak.exe
  2⤵
  PID:9420
- C:\Windows\System\XTbWAIr.exe
  C:\Windows\System\XTbWAIr.exe
  2⤵
  PID:9440
- C:\Windows\System\dZOdalR.exe
  C:\Windows\System\dZOdalR.exe
  2⤵
  PID:9460
- C:\Windows\System\UDKBUIQ.exe
  C:\Windows\System\UDKBUIQ.exe
  2⤵
  PID:9480
- C:\Windows\System\QhJqJFi.exe
  C:\Windows\System\QhJqJFi.exe
  2⤵
  PID:9520
- C:\Windows\System\HGDzqeH.exe
  C:\Windows\System\HGDzqeH.exe
  2⤵
  PID:9644
- C:\Windows\System\LRuLgTC.exe
  C:\Windows\System\LRuLgTC.exe
  2⤵
  PID:9684
- C:\Windows\System\LFhzKDu.exe
  C:\Windows\System\LFhzKDu.exe
  2⤵
  PID:9700
- C:\Windows\System\fqlCBkB.exe
  C:\Windows\System\fqlCBkB.exe
  2⤵
  PID:9716
- C:\Windows\System\fOPkVmZ.exe
  C:\Windows\System\fOPkVmZ.exe
  2⤵
  PID:9764
- C:\Windows\System\WwtPWkv.exe
  C:\Windows\System\WwtPWkv.exe
  2⤵
  PID:9780
- C:\Windows\System\MuPECzo.exe
  C:\Windows\System\MuPECzo.exe
  2⤵
  PID:9800
- C:\Windows\System\iKuQxPw.exe
  C:\Windows\System\iKuQxPw.exe
  2⤵
  PID:9816
- C:\Windows\System\kvSEGMi.exe
  C:\Windows\System\kvSEGMi.exe
  2⤵
  PID:9832
- C:\Windows\System\KyxFzjF.exe
  C:\Windows\System\KyxFzjF.exe
  2⤵
  PID:9848
- C:\Windows\System\mYoobfQ.exe
  C:\Windows\System\mYoobfQ.exe
  2⤵
  PID:9864
- C:\Windows\System\OFUVJZJ.exe
  C:\Windows\System\OFUVJZJ.exe
  2⤵
  PID:9880
- C:\Windows\System\zFmOYMs.exe
  C:\Windows\System\zFmOYMs.exe
  2⤵
  PID:9896
- C:\Windows\System\wYuYdPS.exe
  C:\Windows\System\wYuYdPS.exe
  2⤵
  PID:9912
- C:\Windows\System\YoOXbpJ.exe
  C:\Windows\System\YoOXbpJ.exe
  2⤵
  PID:9928
- C:\Windows\System\IpWuwJW.exe
  C:\Windows\System\IpWuwJW.exe
  2⤵
  PID:9944
- C:\Windows\System\pblOfyF.exe
  C:\Windows\System\pblOfyF.exe
  2⤵
  PID:9960
- C:\Windows\System\IzWHqMo.exe
  C:\Windows\System\IzWHqMo.exe
  2⤵
  PID:9976
- C:\Windows\System\UnNoFeB.exe
  C:\Windows\System\UnNoFeB.exe
  2⤵
  PID:9992
- C:\Windows\System\vJauMKc.exe
  C:\Windows\System\vJauMKc.exe
  2⤵
  PID:10008
- C:\Windows\System\rOtLfaD.exe
  C:\Windows\System\rOtLfaD.exe
  2⤵
  PID:10024
- C:\Windows\System\HePslFj.exe
  C:\Windows\System\HePslFj.exe
  2⤵
  PID:10044
- C:\Windows\System\OgLCBuh.exe
  C:\Windows\System\OgLCBuh.exe
  2⤵
  PID:10060
- C:\Windows\System\NwvUBws.exe
  C:\Windows\System\NwvUBws.exe
  2⤵
  PID:10080
- C:\Windows\System\ouNMbPK.exe
  C:\Windows\System\ouNMbPK.exe
  2⤵
  PID:10100
- C:\Windows\System\oaIHhJw.exe
  C:\Windows\System\oaIHhJw.exe
  2⤵
  PID:10116
- C:\Windows\System\aXVBZFm.exe
  C:\Windows\System\aXVBZFm.exe
  2⤵
  PID:10132
- C:\Windows\System\KdQkGEg.exe
  C:\Windows\System\KdQkGEg.exe
  2⤵
  PID:10152
- C:\Windows\System\JcOuNPE.exe
  C:\Windows\System\JcOuNPE.exe
  2⤵
  PID:10168
- C:\Windows\System\USOzNFQ.exe
  C:\Windows\System\USOzNFQ.exe
  2⤵
  PID:10196
- C:\Windows\System\WMyUrUj.exe
  C:\Windows\System\WMyUrUj.exe
  2⤵
  PID:10216
- C:\Windows\System\MTgLJUZ.exe
  C:\Windows\System\MTgLJUZ.exe
  2⤵
  PID:9176
- C:\Windows\System\tIYQcbF.exe
  C:\Windows\System\tIYQcbF.exe
  2⤵
  PID:9076
- C:\Windows\System\PefBqtC.exe
  C:\Windows\System\PefBqtC.exe
  2⤵
  PID:8372
- C:\Windows\System\mPhdjRY.exe
  C:\Windows\System\mPhdjRY.exe
  2⤵
  PID:9260
- C:\Windows\System\yKbowCu.exe
  C:\Windows\System\yKbowCu.exe
  2⤵
  PID:9292
- C:\Windows\System\ZLbRxQv.exe
  C:\Windows\System\ZLbRxQv.exe
  2⤵
  PID:9332
- C:\Windows\System\skfGlFZ.exe
  C:\Windows\System\skfGlFZ.exe
  2⤵
  PID:9396
- C:\Windows\System\VYFzdJv.exe
  C:\Windows\System\VYFzdJv.exe
  2⤵
  PID:9436
- C:\Windows\System\esvlLSy.exe
  C:\Windows\System\esvlLSy.exe
  2⤵
  PID:9380
- C:\Windows\System\EkVLCxj.exe
  C:\Windows\System\EkVLCxj.exe
  2⤵
  PID:9448
- C:\Windows\System\AVZnJIA.exe
  C:\Windows\System\AVZnJIA.exe
  2⤵
  PID:9472
- C:\Windows\System\SvmrsHZ.exe
  C:\Windows\System\SvmrsHZ.exe
  2⤵
  PID:9500
- C:\Windows\System\XZUHORV.exe
  C:\Windows\System\XZUHORV.exe
  2⤵
  PID:9532
- C:\Windows\System\cHUyxTD.exe
  C:\Windows\System\cHUyxTD.exe
  2⤵
  PID:9544
- C:\Windows\System\PxRoeEu.exe
  C:\Windows\System\PxRoeEu.exe
  2⤵
  PID:9556
- C:\Windows\System\lQPfTBX.exe
  C:\Windows\System\lQPfTBX.exe
  2⤵
  PID:9572
- C:\Windows\System\tfujboC.exe
  C:\Windows\System\tfujboC.exe
  2⤵
  PID:9588
- C:\Windows\System\CQznpxH.exe
  C:\Windows\System\CQznpxH.exe
  2⤵
  PID:9604
- C:\Windows\System\zjiNcer.exe
  C:\Windows\System\zjiNcer.exe
  2⤵
  PID:9628
- C:\Windows\System\cGeiNGP.exe
  C:\Windows\System\cGeiNGP.exe
  2⤵
  PID:9652
- C:\Windows\System\xoEROzc.exe
  C:\Windows\System\xoEROzc.exe
  2⤵
  PID:9664
- C:\Windows\System\rMboNJF.exe
  C:\Windows\System\rMboNJF.exe
  2⤵
  PID:9712
- C:\Windows\System\LEJKrgV.exe
  C:\Windows\System\LEJKrgV.exe
  2⤵
  PID:9812
- C:\Windows\System\WJDCCUa.exe
  C:\Windows\System\WJDCCUa.exe
  2⤵
  PID:9772
- C:\Windows\System\EZLIfTc.exe
  C:\Windows\System\EZLIfTc.exe
  2⤵
  PID:9760
- C:\Windows\System\owReANg.exe
  C:\Windows\System\owReANg.exe
  2⤵
  PID:9824
- C:\Windows\System\pgrgwpq.exe
  C:\Windows\System\pgrgwpq.exe
  2⤵
  PID:9888
- C:\Windows\System\zAzHJDq.exe
  C:\Windows\System\zAzHJDq.exe
  2⤵
  PID:9904
- C:\Windows\System\YZzERBn.exe
  C:\Windows\System\YZzERBn.exe
  2⤵
  PID:9952
- C:\Windows\System\qEwkXje.exe
  C:\Windows\System\qEwkXje.exe
  2⤵
  PID:9988
- C:\Windows\System\IVXObnz.exe
  C:\Windows\System\IVXObnz.exe
  2⤵
  PID:10004
- C:\Windows\System\oHmBurd.exe
  C:\Windows\System\oHmBurd.exe
  2⤵
  PID:10032
- C:\Windows\System\nbwbNqE.exe
  C:\Windows\System\nbwbNqE.exe
  2⤵
  PID:10068
- C:\Windows\System\HEcCrGs.exe
  C:\Windows\System\HEcCrGs.exe
  2⤵
  PID:10092
- C:\Windows\System\tLPktZc.exe
  C:\Windows\System\tLPktZc.exe
  2⤵
  PID:10176
- C:\Windows\System\SaeHAhG.exe
  C:\Windows\System\SaeHAhG.exe
  2⤵
  PID:10192
- C:\Windows\System\kzIisRg.exe
  C:\Windows\System\kzIisRg.exe
  2⤵
  PID:10236
- C:\Windows\System\PDTcCCT.exe
  C:\Windows\System\PDTcCCT.exe
  2⤵
  PID:9276
- C:\Windows\System\LEOcvXL.exe
  C:\Windows\System\LEOcvXL.exe
  2⤵
  PID:9368
- C:\Windows\System\xmaXSSg.exe
  C:\Windows\System\xmaXSSg.exe
  2⤵
  PID:9316
- C:\Windows\System\TPyOpnj.exe
  C:\Windows\System\TPyOpnj.exe
  2⤵
  PID:9492
- C:\Windows\System\NbMEtZT.exe
  C:\Windows\System\NbMEtZT.exe
  2⤵
  PID:9528
- C:\Windows\System\QbtrZAx.exe
  C:\Windows\System\QbtrZAx.exe
  2⤵
  PID:9568
- C:\Windows\System\GywCYbn.exe
  C:\Windows\System\GywCYbn.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZfLpYX.exe

Filesize
6.0MB

MD5
e85d723b31059b56816b1e853151f05e

SHA1
62ea7c4a30847308d3ceed50ecaa46a9dd5e7e54

SHA256
51104164064bd047a4f0fb6aeeae731e04ace5a36c80af5403412834cdf97c35

SHA512
3ba898eae1f04dd921bd5bdd6cbed6466921781d1011b0432c2f00a188b7d77cd2e292b3a9f9eb015ad07072cfcbbcf5cd53b8c3ff924ab1cbee1fe26891308d

Download Submit
C:\Windows\system\BuPLSfs.exe

Filesize
6.0MB

MD5
f1d9dae7502ef39e80c1c04d5aa6523e

SHA1
1320e64f83583b3d77191ad37dd9562f246e599f

SHA256
b8b4c2ac1367c4e0bd215947ca4f19a7bdd55b3c0029d0aa1d4b4c37b3c88267

SHA512
58aa6a076b1a1371807cadaf5a623320939b2f428d755db53c53688f762d93ed03efcba9ce44771ae695aa9df651e9c96ea05db593c7a4e097b278986547975f

Download Submit
C:\Windows\system\EwGKwZL.exe

Filesize
6.0MB

MD5
5c8437409bbd5ac5ba4c484ce8845e99

SHA1
aaf1036f44521090222dad8854271640effed21b

SHA256
7fa9205507e66c0178d766d40560d503a3ceda0f17b994885aafda184b1b53ba

SHA512
6abbf2bca8fdef4d53f3d57b2288a4c8d5e3a601246cbccc615995b0ddd98f5447d330aeba98c468a0a77fd2351f276b6a13a3f9d2b3f836c9f91556c256d111

Download Submit
C:\Windows\system\GHRkgBl.exe

Filesize
6.0MB

MD5
cc813d89836b045c5f9401aa40ed604a

SHA1
ab4bfecf9f0dccb353038bddf646db94b6d69922

SHA256
79fed766983e08f7027ffe6045a0f0981f773730dbc54f053ddcb655b50a2bd6

SHA512
b375fb0dcaee01fe73b15a6ac821ae41627ccd8af2eaa4bac894a5d8cc82bbb044ddbc07e8a468ea5ecddc76e992f777f864b190d4f7f650049e9c700551087d

Download Submit
C:\Windows\system\HeSmDVI.exe

Filesize
6.0MB

MD5
2b9155096c9511e685dcb8220a0fa6f6

SHA1
ec90902ffc4701aa6e428432b97de939344b26d9

SHA256
159bf248815c5a3a2007c36abefb31b86ce66c0cc222b07ea68bc134cfc6e813

SHA512
ca9f8bc47d44639bc06fd57d78fe49f28294ada42656df66e410fe69d64b23ff07ba82c685e5eb6153b1ca69b1d25b5eb7eaa0790eb5e1f49361692b140de5b2

Download Submit
C:\Windows\system\IYHWmGa.exe

Filesize
6.0MB

MD5
3d90b3a640e581636bee36990ea96a42

SHA1
e9482a08d49ea685f07122335362e941b6b47f7b

SHA256
67865f0717aa0c318a810104b24cf1dc1e012f902dfe8428cb9ad1474f7c9c05

SHA512
bfe83fddbc198300596fe32407bc4380a13835ae3211ccc0a40d944b2fdcbb191e7cb9991458bda1206d6362a12996f1642a9de1ad27635a7d9d0363b5233c78

Download Submit
C:\Windows\system\KFakJSn.exe

Filesize
6.0MB

MD5
070fed11cdc6734e114186d984f0b020

SHA1
7f069a26a0ee30a462a9ee6f79b72615b54508b6

SHA256
e631bf7c8c94e9af861c994cb680ad2755a0270a089b304a94c9dada666f3454

SHA512
95392798ec5069a9f886db5992f39e1add180df87bc949e8c5404d674265fdc7f8aa193ea85485c62edae96d4cc2402e06651d4a564720cd96f101263e30f46c

Download Submit
C:\Windows\system\LlnKnhK.exe

Filesize
6.0MB

MD5
c8bfa7cc5f1c65a768207c355597971c

SHA1
380ca06f327564c26387ae25ee0505b3870dedfc

SHA256
81f6e2e22ec3234cdb07f8d567bcf2d27e43a588b60523da416b46a0148b1cd4

SHA512
417f6696deca290d04f42c216df65e9745b23c9430c3048ced8765420621847aa0f0efe4a0c231b85fb42a7e6d7d323ab993a38cd783da76442c810ba57eb9a7

Download Submit
C:\Windows\system\PvEzVnU.exe

Filesize
6.0MB

MD5
c68dfb399b8086e64ad042e00c6e3e66

SHA1
ca33d9f1cc1fd343fbb16942dbb949e378dcd7ad

SHA256
5751ed4a60b00ec0ed8fcafb44df411d69bbec3059a6bfc6b7a3658fa3680b6b

SHA512
2ff801b77e42656d90dc61c95a9487a8bd752dec61b882b992c57c530b951a92057dea825c60cb88d4a2b0a61d0cf5d398cf381ec04d9210c82161c669b2726a

Download Submit
C:\Windows\system\RqdSnmK.exe

Filesize
6.0MB

MD5
1861bb54914129fc53dcc76300869177

SHA1
a7b689570b8f38e64e903c370a3e4a689a5c380e

SHA256
94c7d97efd82e1fa7e46253a326bf4295083620ec0cccfec4eda9e774889b97e

SHA512
0f78f0216bfbc5f2b832c936d5e4b2bfe9976fad0ac7e9f3a74f1bc39be557546ed13821e2f9be3132b18442617ee2809fbd1eebcde33b55954b0c0b73f35e2c

Download Submit
C:\Windows\system\TWCjiJE.exe

Filesize
6.0MB

MD5
4a93ebc5703dbabbd5a5ca14c74f472a

SHA1
b4ce5b1c7be9281688d7c0dcbb8c989cf64079fc

SHA256
9e2e26d6c5d954928ba52ff11e8c22f14b7e93bfd9bb6cae7622da746743e63d

SHA512
872e9541910083799f263bd3300d71217e67ec310c46877f4aa7fd61e25723d09c3d087f52acd72b90c092a153800e5896d98c98b370b5a5db1e31f1b08a0d81

Download Submit
C:\Windows\system\TZQsnvw.exe

Filesize
6.0MB

MD5
65fb4b2e25759d699da2cd69913db436

SHA1
800ccdb1fdadfc875ef4b5b47705ccc18eabb9fb

SHA256
7ff28fda38d4b9604b455fde0a6a65e6270620be6608bf072273ca6c83751d9e

SHA512
9ca211fba54f2333d9ee22937ea97ffb6df7c48e2038954747f6d1a73d3f5cf2403b891a32601891fd2add99a303114fce80264f508d32c85f076ffd962c8ce5

Download Submit
C:\Windows\system\UvqcfbA.exe

Filesize
6.0MB

MD5
9dbd49c3cb96e8c50bda7663acc1c164

SHA1
970f511cc7bf01131b3ea3d8df5e5925c0205fb4

SHA256
05c8ae23bc1d8b7c3900480623ad031f21690c94babef7d6f3206376f3a9ee06

SHA512
2a645bc76201e89cbc6d86fb502b5f6e9c96f28dba5b5a77b41f0c037486482e6c3a99815dbea94579503595a3698ee0b231861f5bf08d0f329003e3ea3c0473

Download Submit
C:\Windows\system\VqrlxSu.exe

Filesize
6.0MB

MD5
5b77ad2275ab4994b0ca393ca7846888

SHA1
2d877c0d56ead940d5a17869581d339213b46a93

SHA256
02f81749f3d9641c6fb0ffec5ecaa48981847bb57c009d0f96bb0297a6a9f19b

SHA512
12325003e2bac28d3f30534de0d95f713561fc6113d54bd42522f838bb115b1f9d87b8e4fda077cc4172377281701a573c996566bfb320827d49d2a4379c6633

Download Submit
C:\Windows\system\WiDgzNi.exe

Filesize
6.0MB

MD5
754874a73c64b4c98d2de2ec19161985

SHA1
6c2cfd8cd4d315865a56baad07965398eb87847f

SHA256
d52355804b8840220a9e7b8929fd5b8b994dc34b91f48dbf2aedd23a15326a6e

SHA512
afd5246017c369943cb0aef602bf6e4eb2639eb5b8a132b6f52d48b58a9eb9f6ad5b35a4df17ac719454388a2fddde89ee9ad59bdccf9c55731ad4d024edd301

Download Submit
C:\Windows\system\bTsdzLE.exe

Filesize
6.0MB

MD5
90208417551cecdd710e0190eb20ff24

SHA1
56be0d03225f8b6d96fe5429c5d554e9c00db338

SHA256
3dc345d1b95a2cd9f5be0efc37001ca071966b217c863b813ed9a3a26237c04a

SHA512
99e6665197e9841881346f5ab562f7b5bde4f219128b2059a1612600c8426f79c5f3cd317b7535b5502e551917a58bd1f73c71bc909828e54665bd672271ce09

Download Submit
C:\Windows\system\cimSmzp.exe

Filesize
6.0MB

MD5
d76f573c606eb1f1e85b535139c70841

SHA1
bdabb54e5252e7b20dda667c64888467666c1de8

SHA256
a6f593e2d9440753cc7a464aafce2c85dd831a430065a08f9b6b8a6a3aefcb3c

SHA512
4acee5ed3cb3966c353f412a8ea77a664ef6faed0a17ede176ad1df4923701605005b1540bc8aa12815cbd633425fa8100c079620e6aa70f69f5c48670cb4313

Download Submit
C:\Windows\system\gLWRfAV.exe

Filesize
6.0MB

MD5
37c61fe67a8eb76ef7eb5556c05d4975

SHA1
79c00d3c554323ba6f404df4ac7c15aeb78005df

SHA256
dd39e919b6f525b22e46693f93672ca14861ed7f949f4efe16522576a8d16834

SHA512
c831a3003151d6df97a263820b4e868cdcbaf0decf8241900521f8139b8cf827a0869db0ca18e7d22c1c3b8cbb328cb9b8c2bff4a2b58c407a33e9f1da4d556a

Download Submit
C:\Windows\system\hfwRRCU.exe

Filesize
6.0MB

MD5
37bdc8e67a552717bddc2ab62b1c20ca

SHA1
33d269cbdeaa9dc5519321b28066ea9b5f7e6cf8

SHA256
9327e6a5ed4c3a64314945e34c9fff6d9bb977dbfd54c4754bee79d285195b18

SHA512
66ff44ba975520330356c489aa63ec1221a26fe5cfe2c4408025e8a6a508e880edaaaf4d09c462a9966227121ab6960897e0093cc7b729f8a55a73cdab375049

Download Submit
C:\Windows\system\icCDhdU.exe

Filesize
6.0MB

MD5
79e339a013d21d788bb383246b7eac97

SHA1
d60c772f84d2c256201dfaf838ce7ff7bbf70ed3

SHA256
d878891a0f9c85243bf487ac19e0a0d4752be59b85623c5d2d45f5b5f83b97f7

SHA512
8c652802c27575f0d4d60670cf60167774e3dcafae15e619a735e202cb716c8dcf90bff91e112a6cb1d211b542b2f3b1c46c27622884c4945cd007e20adaaf0b

Download Submit
C:\Windows\system\jkJfDrj.exe

Filesize
6.0MB

MD5
1510035b4db11fefe16446543ff215fe

SHA1
383433481bebd441723620f1cb8176632bb20e50

SHA256
d5045a14bdc47507a5372e58572d8cd9c6b27d5792d150007d07f9bac032f716

SHA512
788353012edfd76aae7f1299263f26d4d9e099296a30cbc223c4a7065a6a99575df7d331292593ca1a2571274a01dcd56fd740aabb59a1f2884d3e24f1ea40cb

Download Submit
C:\Windows\system\mbAecpm.exe

Filesize
6.0MB

MD5
a3ed4a12036793b9a4ac3cddccdb2d9d

SHA1
d08c6ae354e09a698ec274515d48ccaaef226982

SHA256
24e165afa246d2eaa034e7bea75dd47b84256ad8a962d66a518a9d6193f69bda

SHA512
5a9c11093d901d849d0c0bfdbaf3b73b4f2693fbdf508906b15c2840a9d88dadf24089ec3604b811a8d0ae150589461c8fe56b342907e28f83ad6cd1aa043ff1

Download Submit
C:\Windows\system\npkkdFd.exe

Filesize
6.0MB

MD5
a80d708d2cbd6734b411463c26941bbd

SHA1
0328268c15a932c7cc9f9fcb50f2dacc77df83c3

SHA256
85634be9660c049cbe861c62c05b70e59c69c49098b5c6eff714c7cc793ddca3

SHA512
4a356b4432871f5a03a1d36964e4892f2e3ef3de767e918d2e82855cac00ba84a77357757977f9ad571cf41878a95709f6f750753b6746011ee537893a3620a7

Download Submit
C:\Windows\system\oLdDaHO.exe

Filesize
6.0MB

MD5
ba4fef92efae230bfdfe2b60f13b30ea

SHA1
239b6d3db5a6c2e395c0e5b26b04c44afccaee31

SHA256
69fd85d0a0afcb703f62cc5c982441f070b869011a814ae506a14c09c4ab1369

SHA512
cab6f979cf62b04ecb7c3b41b5e7049528c4f41e1bc0a79b860d5261ca51b011d52d8f0d8bf80c28f6071406deba88c05f8d3644d61c6a284623727d6924a02b

Download Submit
C:\Windows\system\ogkuatP.exe

Filesize
6.0MB

MD5
ab169a4d00bd1aed3514b28c25c7daa0

SHA1
51fb8ad642fc4e841420710a34c3f18d9a6ad65b

SHA256
53a118e1731d7d040ac466bd1352f42a5535765c2a85a9147fb2e848f2653477

SHA512
962e3d901c1414c0da650d1dabab832c33d8b401c539682ccc783059417aa2aeba24a9aa36dc5840729394dfc38bea311e12b217610044c98e93076c7c8e734c

Download Submit
C:\Windows\system\sQsHTae.exe

Filesize
6.0MB

MD5
0ad7fbf682e3838de196c0b069b8aba3

SHA1
174e66b7e95490120b30118be8c57c8b8b412022

SHA256
4df41f1b4ca18f22752f17c46ac81bf39e1b7944e4797e4f2457f103eb47e2f3

SHA512
6b226d8d454726f01dd16c24d244889e22d68e22ab11e9e967fab398f6c922c3b1b65b69962e30bf9e0d6580b4a1225b7bcf38b3fcdf27fd0531fe99ebfc9784

Download Submit
C:\Windows\system\veIbvhS.exe

Filesize
6.0MB

MD5
1d97fd6c5c317df1b29b3300315df64d

SHA1
2aac59aa2eec2f907ff06a2c9cc85c8621c4169c

SHA256
ad5809c6f4dc42e2eb6f53a98b61e33a130878b52755f2a54a26777fbbb7829e

SHA512
dbdb6269442f7a6110c301ddd32e38baa9ca32411b1359cdfcc6e7a07344e9e671824eea6b23f7785198de3c8bcc23061decf23ca58787ad56318ca29369d73e

Download Submit
C:\Windows\system\zluxBiy.exe

Filesize
6.0MB

MD5
23503e312ae469956d0b01f21116dd00

SHA1
a2f5973c299862e45131818718531c2aac5507ec

SHA256
61a6350d40dc54987c1b710d5311715e9206992e822b479c8227d37cf7f00b66

SHA512
d4a630a17c5f514765a6d16849e997477de4ec47fe40b645e1fc56d269312358ea248d9fb49ec298941d65cfa49ac9b29d5a937f996064ce55ec0d7faa106da8

Download Submit
\Windows\system\BSvKDCN.exe

Filesize
6.0MB

MD5
cdab9001270965a55ef3860793038b44

SHA1
76a5454e461024b97913d535e5f0795c404310cf

SHA256
a50571df83e2fb010423632c6af7381e77a843ef03feb5c42f2924b47f2a53f0

SHA512
11eb543fa68153497e280912960a791b58caef292a872d5ae0c9f7491080ca76a3cd7cf84d57cadd52d0500f56cba23c456ae00983e04eb7ce0e5792ec59a59d

Download Submit
\Windows\system\CHitxrL.exe

Filesize
6.0MB

MD5
3772d390d16178a9cce84626f4bdd4c7

SHA1
3d3601566ee715bc309d805b38e568bf594a73b1

SHA256
3af5ddf6440a601674bf2adde608e16a39362dfdc758e776964208566876a0bc

SHA512
a5349d8971591ae33a8d81010c06bbcbf551714df71f2fe59ab4aaec49822e109251d54d8e3f3f9135c78de02f8408e68408d06c93abc94a0d3e005489788059

Download Submit
\Windows\system\EYNhYPH.exe

Filesize
6.0MB

MD5
8bcc972dcfd78bc2ab347ce5e32390bd

SHA1
c9547a9f03a450b6ef79e83f6879f8b25b856fc9

SHA256
c8d1c9122a06b1b0d6d7268d7c1a031b90fb50e6d6af23ea37cda851cc60d6eb

SHA512
b8cec76b23e26da81c58e671792891cf1c6e3218003037bb189d3306e00e3d39957487063a548cf882b8e91ac9a7f513f0c792197fa4760f606104ec4288e9b4

Download Submit
\Windows\system\IDOinca.exe

Filesize
6.0MB

MD5
1cada0e4ed0771c0da7d47c86dfe5547

SHA1
7927ae11e89cd189b4b17142651b731d0b5e4108

SHA256
8fe9bd5bb0aaf62674d995c7eee51f7fe4ed1d653148fe8fbcc376e8501f0d52

SHA512
dde34b5dc55389bda2b4d11c7ca9a7ba92f616fae3a08f2c32d3828ffc59d37943264194ec700ca4a17788696432e1c8eca3fa78a4a0dba0177913f8461d037a

Download Submit
\Windows\system\LChLIkL.exe

Filesize
6.0MB

MD5
ad93ce7aaeb81da9ea42138c286d51fd

SHA1
a1bf524eb56d896babfe3550efa148e0191e0b89

SHA256
28173832f9ade725eb6a885ecc94d8022aa941f7f5939f49ba7c5abe5c6b14e7

SHA512
81192b729f3d50d3b634811005d3cd4b8303b3cfa8f68c2a3530187fb29f520f3ca67dd7430868bd9f90a42d9fa4c90a3f4ad6746aa846ecdeeac1d1517d01fd

Download Submit
\Windows\system\QyiNFlo.exe

Filesize
6.0MB

MD5
3a4d892a388cb7cd1b33ae72f552e503

SHA1
522cbb184dffd1d3ce3252d99a35b213440e5ec2

SHA256
8d0c6e64530c45431aa970d1d2ed4c7b70ae2f139b71e68b79623c95e2529855

SHA512
c11319723a1c33e206986ad314f141fec167d4262aad4406c6d505a30e608ee33e102ca7db5c56136181d7fb3f62a5b2095611885c844c4a2d020933b7ce72dc

Download Submit
\Windows\system\dRAAnkA.exe

Filesize
6.0MB

MD5
57a3f892a11332683973578a6eaa7f39

SHA1
0ff5261f889e14c1989b997ba4cbcc9fba230d60

SHA256
9941eca7474b9e3abf5a1803c84b6dd1e98afe5624f3c05809fc5d69eb322776

SHA512
801ded63337b9d35049bd24fcc69fa23f7556ae4d2823d4c5bb2574d5bcaaa7f71248446df9e01a02ffe6267fa3012ce454562a6229aea7c83dfc8d053f58dcb

Download Submit
memory/864-4112-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/864-1224-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1232-4013-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1232-1222-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1226-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4108-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1220-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1221-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2217-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1225-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-0-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1227-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1219-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2116-1217-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1197-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1215-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2208-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1213-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2237-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1211-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1223-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1209-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2257-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1207-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2244-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1205-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2226-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1203-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2268-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1201-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2090-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2091-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2153-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2160-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2181-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2194-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2201-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2203-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2202-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1204-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-4132-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1216-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4105-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1214-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1218-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3334-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1208-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3378-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1206-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1212-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4103-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1228-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4119-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1210-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3333-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3355-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1202-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download