cobaltstrike | 946b764ea9d4a329ea6f23ee1d5c59c491c5e6169f20634ae99ed57a1660906e

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6f81dc972e21989900228520b86728a7
SHA1

f2b0460856d95f4ad720dfaff529fcd8f4bdaf01
SHA256

946b764ea9d4a329ea6f23ee1d5c59c491c5e6169f20634ae99ed57a1660906e
SHA512

3a5c2e5b954f32ad03bac1fbe811ac2cb52ad353e11896a6e2b078c978900d86059ccddb3af41536ba7526dd40cdf98d7ea1d01c2c8d531be8b7065fc19196aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000016aa9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbe-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd1-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ea4-38.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016dd7-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-123.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-122.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-119.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018663-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-102.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-74.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000001866e-63.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-48.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1872-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x000d000000016aa9-3.dat	xmrig
behavioral1/files/0x0007000000016d9a-8.dat	xmrig
behavioral1/files/0x0007000000016dbe-12.dat	xmrig
behavioral1/memory/1800-19-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1872-23-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2260-22-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2936-21-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd1-24.dat	xmrig
behavioral1/memory/1872-17-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/796-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2832-37-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ea4-38.dat	xmrig
behavioral1/files/0x000a000000016dd7-34.dat	xmrig
behavioral1/memory/1872-53-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1664-1177-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2796-1022-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2116-1020-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2784-714-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a5-164.dat	xmrig
behavioral1/files/0x0005000000019397-160.dat	xmrig
behavioral1/files/0x000500000001937b-156.dat	xmrig
behavioral1/files/0x000500000001936b-152.dat	xmrig
behavioral1/files/0x0005000000019356-148.dat	xmrig
behavioral1/files/0x0005000000019353-144.dat	xmrig
behavioral1/files/0x000500000001928c-140.dat	xmrig
behavioral1/files/0x0005000000019284-136.dat	xmrig
behavioral1/files/0x0005000000019266-132.dat	xmrig
behavioral1/files/0x0005000000019263-128.dat	xmrig
behavioral1/files/0x0005000000019259-125.dat	xmrig
behavioral1/files/0x0005000000019244-124.dat	xmrig
behavioral1/files/0x00050000000191ff-123.dat	xmrig
behavioral1/files/0x00060000000190e0-122.dat	xmrig
behavioral1/files/0x000600000001903b-121.dat	xmrig
behavioral1/files/0x0006000000018c26-120.dat	xmrig
behavioral1/files/0x0005000000018792-119.dat	xmrig
behavioral1/files/0x0016000000018663-117.dat	xmrig
behavioral1/memory/1872-92-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/1872-81-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2268-59-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019256-113.dat	xmrig
behavioral1/files/0x000500000001922c-112.dat	xmrig
behavioral1/memory/2784-42-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d4-102.dat	xmrig
behavioral1/memory/1664-96-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1872-88-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2796-87-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190ce-86.dat	xmrig
behavioral1/memory/2116-77-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2652-76-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f53-75.dat	xmrig
behavioral1/files/0x0006000000018c1a-74.dat	xmrig
behavioral1/files/0x000f00000001866e-63.dat	xmrig
behavioral1/files/0x0009000000016d36-48.dat	xmrig
behavioral1/memory/1800-3620-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/796-3650-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2936-3636-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2260-3695-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2832-3659-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2268-3737-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2652-3742-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2784-3730-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2116-3815-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2796-3828-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2260	OEfnanB.exe
1800	zpMgpXc.exe
2936	QSwdMyc.exe
796	KvySJyq.exe
2832	BtkDpMR.exe
2784	CYIKcBN.exe
2268	SvbfWbI.exe
2652	rwaiDfp.exe
2796	eTAKIkU.exe
2116	fSWNHtm.exe
1664	GwAzLsG.exe
2712	SgGljlo.exe
2036	wyzpJfa.exe
1424	IkhhvUW.exe
2744	UcDPRqa.exe
2648	TxMWxGt.exe
2628	dUJkjkD.exe
1796	mEbYyKO.exe
2972	ylgDYdG.exe
2384	mfRsotm.exe
1512	ktwtALj.exe
2856	eESGQTv.exe
1560	qQtggnp.exe
2992	nzWfUTC.exe
2176	iwiFuvH.exe
2984	AHtjZNz.exe
2072	YHAxYdy.exe
1676	BhQkcIW.exe
2080	TiDvjKR.exe
2344	MbHoGhk.exe
2608	ufFwGIV.exe
920	YPVGbyC.exe
752	Myoyhrp.exe
3044	DXQLVbM.exe
3052	wFneFfy.exe
704	HUMoGUY.exe
968	gFClqeI.exe
1012	jvOUDVL.exe
1624	cMumysZ.exe
1784	BPDlaDi.exe
1536	VdNteMZ.exe
2516	uzgvWgL.exe
2544	isCEtQr.exe
896	QcvQfSe.exe
1304	JMJIvCy.exe
1992	BGjXubr.exe
2708	rYboXzz.exe
1168	egnvvFl.exe
2196	FloVqQr.exe
1728	ecaEfgq.exe
560	xHNoPXh.exe
2548	MHrNGLq.exe
608	dfFyZIp.exe
1040	nbnoBFv.exe
808	uBSEyQJ.exe
1576	XmUcXeb.exe
2168	yVdYzHC.exe
2868	hyxZcCJ.exe
2932	Agxvvco.exe
1440	Wdgyxky.exe
2752	vczKzTb.exe
2764	JBFJVEJ.exe
1744	yVGstOs.exe
1496	KvGyzSO.exe

Loads dropped DLL 64 IoCs

pid	Process
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1872-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000d000000016aa9-3.dat	upx
behavioral1/files/0x0007000000016d9a-8.dat	upx
behavioral1/files/0x0007000000016dbe-12.dat	upx
behavioral1/memory/1800-19-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2260-22-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2936-21-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0007000000016dd1-24.dat	upx
behavioral1/memory/796-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2832-37-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0009000000016ea4-38.dat	upx
behavioral1/files/0x000a000000016dd7-34.dat	upx
behavioral1/memory/1872-53-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1664-1177-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2796-1022-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2116-1020-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2784-714-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00050000000193a5-164.dat	upx
behavioral1/files/0x0005000000019397-160.dat	upx
behavioral1/files/0x000500000001937b-156.dat	upx
behavioral1/files/0x000500000001936b-152.dat	upx
behavioral1/files/0x0005000000019356-148.dat	upx
behavioral1/files/0x0005000000019353-144.dat	upx
behavioral1/files/0x000500000001928c-140.dat	upx
behavioral1/files/0x0005000000019284-136.dat	upx
behavioral1/files/0x0005000000019266-132.dat	upx
behavioral1/files/0x0005000000019263-128.dat	upx
behavioral1/files/0x0005000000019259-125.dat	upx
behavioral1/files/0x0005000000019244-124.dat	upx
behavioral1/files/0x00050000000191ff-123.dat	upx
behavioral1/files/0x00060000000190e0-122.dat	upx
behavioral1/files/0x000600000001903b-121.dat	upx
behavioral1/files/0x0006000000018c26-120.dat	upx
behavioral1/files/0x0005000000018792-119.dat	upx
behavioral1/files/0x0016000000018663-117.dat	upx
behavioral1/memory/2268-59-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0005000000019256-113.dat	upx
behavioral1/files/0x000500000001922c-112.dat	upx
behavioral1/memory/2784-42-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00050000000191d4-102.dat	upx
behavioral1/memory/1664-96-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2796-87-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00060000000190ce-86.dat	upx
behavioral1/memory/2116-77-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2652-76-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0006000000018f53-75.dat	upx
behavioral1/files/0x0006000000018c1a-74.dat	upx
behavioral1/files/0x000f00000001866e-63.dat	upx
behavioral1/files/0x0009000000016d36-48.dat	upx
behavioral1/memory/1800-3620-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/796-3650-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2936-3636-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2260-3695-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2832-3659-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2268-3737-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2652-3742-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2784-3730-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2116-3815-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2796-3828-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1664-3827-0x000000013F730000-0x000000013FA84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Nljpjko.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndlzJRw.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiyTSdJ.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEcUFqn.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGscJtM.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obUYSIL.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsSvIji.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrwLnDI.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqJROjq.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhQoWTb.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGjuBEd.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuqVoBH.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxgcuSw.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vknPaIR.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnsHtkV.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIZyBlH.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFIERxl.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLPTLYa.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjmmLOw.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfdjeHZ.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtLaPCS.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxiIlWX.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpFXsAn.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUtYihk.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSokNgz.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eESGQTv.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrcpPKM.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbIoQvM.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSWNHtm.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Myoyhrp.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwZkbyj.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVmlBGc.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDKVrkZ.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kImDCvD.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxcBtBd.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyvGbmA.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igrOYQh.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKRQPRs.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okcKyQE.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHtjZNz.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzkxaWP.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBbTnjm.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIloAkh.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtOmThc.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCFAvKy.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkKRWMu.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwrrCvA.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpxTTKp.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcuAsQt.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcDPRqa.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSZkJVn.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJMVEJD.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTgCuIz.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNACyYD.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuoIMOd.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNaxomn.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cniRtqN.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcEucEU.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QICkdFe.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BusxRkU.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVJTYJT.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeomCcF.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSwdMyc.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXDEzgS.exe	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2260	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1872 wrote to memory of 2260	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1872 wrote to memory of 2260	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1872 wrote to memory of 1800	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1872 wrote to memory of 1800	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1872 wrote to memory of 1800	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1872 wrote to memory of 2936	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1872 wrote to memory of 2936	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1872 wrote to memory of 2936	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1872 wrote to memory of 796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1872 wrote to memory of 796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1872 wrote to memory of 796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1872 wrote to memory of 2832	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1872 wrote to memory of 2832	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1872 wrote to memory of 2832	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1872 wrote to memory of 2784	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1872 wrote to memory of 2784	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1872 wrote to memory of 2784	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1872 wrote to memory of 2268	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1872 wrote to memory of 2268	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1872 wrote to memory of 2268	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1872 wrote to memory of 2744	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1872 wrote to memory of 2744	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1872 wrote to memory of 2744	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1872 wrote to memory of 2652	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1872 wrote to memory of 2652	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1872 wrote to memory of 2652	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1872 wrote to memory of 2648	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1872 wrote to memory of 2648	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1872 wrote to memory of 2648	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1872 wrote to memory of 2796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1872 wrote to memory of 2796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1872 wrote to memory of 2796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1872 wrote to memory of 2628	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1872 wrote to memory of 2628	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1872 wrote to memory of 2628	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1872 wrote to memory of 2116	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1872 wrote to memory of 2116	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1872 wrote to memory of 2116	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1872 wrote to memory of 1796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1872 wrote to memory of 1796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1872 wrote to memory of 1796	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1872 wrote to memory of 1664	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1872 wrote to memory of 1664	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1872 wrote to memory of 1664	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1872 wrote to memory of 2972	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1872 wrote to memory of 2972	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1872 wrote to memory of 2972	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1872 wrote to memory of 2712	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1872 wrote to memory of 2712	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1872 wrote to memory of 2712	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1872 wrote to memory of 2384	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1872 wrote to memory of 2384	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1872 wrote to memory of 2384	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1872 wrote to memory of 2036	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1872 wrote to memory of 2036	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1872 wrote to memory of 2036	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1872 wrote to memory of 1512	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1872 wrote to memory of 1512	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1872 wrote to memory of 1512	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1872 wrote to memory of 1424	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1872 wrote to memory of 1424	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1872 wrote to memory of 1424	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1872 wrote to memory of 2856	1872	2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_6f81dc972e21989900228520b86728a7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\System\OEfnanB.exe
  C:\Windows\System\OEfnanB.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\zpMgpXc.exe
  C:\Windows\System\zpMgpXc.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\QSwdMyc.exe
  C:\Windows\System\QSwdMyc.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\KvySJyq.exe
  C:\Windows\System\KvySJyq.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\BtkDpMR.exe
  C:\Windows\System\BtkDpMR.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\CYIKcBN.exe
  C:\Windows\System\CYIKcBN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\SvbfWbI.exe
  C:\Windows\System\SvbfWbI.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\UcDPRqa.exe
  C:\Windows\System\UcDPRqa.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\rwaiDfp.exe
  C:\Windows\System\rwaiDfp.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\TxMWxGt.exe
  C:\Windows\System\TxMWxGt.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\eTAKIkU.exe
  C:\Windows\System\eTAKIkU.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\dUJkjkD.exe
  C:\Windows\System\dUJkjkD.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\fSWNHtm.exe
  C:\Windows\System\fSWNHtm.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\mEbYyKO.exe
  C:\Windows\System\mEbYyKO.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\GwAzLsG.exe
  C:\Windows\System\GwAzLsG.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ylgDYdG.exe
  C:\Windows\System\ylgDYdG.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\SgGljlo.exe
  C:\Windows\System\SgGljlo.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\mfRsotm.exe
  C:\Windows\System\mfRsotm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\wyzpJfa.exe
  C:\Windows\System\wyzpJfa.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ktwtALj.exe
  C:\Windows\System\ktwtALj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\IkhhvUW.exe
  C:\Windows\System\IkhhvUW.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\eESGQTv.exe
  C:\Windows\System\eESGQTv.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\qQtggnp.exe
  C:\Windows\System\qQtggnp.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\nzWfUTC.exe
  C:\Windows\System\nzWfUTC.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\iwiFuvH.exe
  C:\Windows\System\iwiFuvH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\AHtjZNz.exe
  C:\Windows\System\AHtjZNz.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\YHAxYdy.exe
  C:\Windows\System\YHAxYdy.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\BhQkcIW.exe
  C:\Windows\System\BhQkcIW.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\TiDvjKR.exe
  C:\Windows\System\TiDvjKR.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\MbHoGhk.exe
  C:\Windows\System\MbHoGhk.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ufFwGIV.exe
  C:\Windows\System\ufFwGIV.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YPVGbyC.exe
  C:\Windows\System\YPVGbyC.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\Myoyhrp.exe
  C:\Windows\System\Myoyhrp.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\DXQLVbM.exe
  C:\Windows\System\DXQLVbM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\wFneFfy.exe
  C:\Windows\System\wFneFfy.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\HUMoGUY.exe
  C:\Windows\System\HUMoGUY.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\gFClqeI.exe
  C:\Windows\System\gFClqeI.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\jvOUDVL.exe
  C:\Windows\System\jvOUDVL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\cMumysZ.exe
  C:\Windows\System\cMumysZ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\egnvvFl.exe
  C:\Windows\System\egnvvFl.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\BPDlaDi.exe
  C:\Windows\System\BPDlaDi.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ecaEfgq.exe
  C:\Windows\System\ecaEfgq.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\VdNteMZ.exe
  C:\Windows\System\VdNteMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\xHNoPXh.exe
  C:\Windows\System\xHNoPXh.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\uzgvWgL.exe
  C:\Windows\System\uzgvWgL.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\MHrNGLq.exe
  C:\Windows\System\MHrNGLq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\isCEtQr.exe
  C:\Windows\System\isCEtQr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\dfFyZIp.exe
  C:\Windows\System\dfFyZIp.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\QcvQfSe.exe
  C:\Windows\System\QcvQfSe.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\nbnoBFv.exe
  C:\Windows\System\nbnoBFv.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\JMJIvCy.exe
  C:\Windows\System\JMJIvCy.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\uBSEyQJ.exe
  C:\Windows\System\uBSEyQJ.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\BGjXubr.exe
  C:\Windows\System\BGjXubr.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\XmUcXeb.exe
  C:\Windows\System\XmUcXeb.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\rYboXzz.exe
  C:\Windows\System\rYboXzz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\yVdYzHC.exe
  C:\Windows\System\yVdYzHC.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\FloVqQr.exe
  C:\Windows\System\FloVqQr.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\hyxZcCJ.exe
  C:\Windows\System\hyxZcCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\Agxvvco.exe
  C:\Windows\System\Agxvvco.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\Wdgyxky.exe
  C:\Windows\System\Wdgyxky.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\vczKzTb.exe
  C:\Windows\System\vczKzTb.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\JBFJVEJ.exe
  C:\Windows\System\JBFJVEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\yVGstOs.exe
  C:\Windows\System\yVGstOs.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\KvGyzSO.exe
  C:\Windows\System\KvGyzSO.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\gramKIW.exe
  C:\Windows\System\gramKIW.exe
  2⤵
  PID:540
- C:\Windows\System\xuKlDWz.exe
  C:\Windows\System\xuKlDWz.exe
  2⤵
  PID:2988
- C:\Windows\System\GuLyEXn.exe
  C:\Windows\System\GuLyEXn.exe
  2⤵
  PID:912
- C:\Windows\System\ComGVCx.exe
  C:\Windows\System\ComGVCx.exe
  2⤵
  PID:2136
- C:\Windows\System\IxAEkJQ.exe
  C:\Windows\System\IxAEkJQ.exe
  2⤵
  PID:1320
- C:\Windows\System\uYxLVfZ.exe
  C:\Windows\System\uYxLVfZ.exe
  2⤵
  PID:1660
- C:\Windows\System\muRBUFX.exe
  C:\Windows\System\muRBUFX.exe
  2⤵
  PID:1716
- C:\Windows\System\JzDsbqI.exe
  C:\Windows\System\JzDsbqI.exe
  2⤵
  PID:2252
- C:\Windows\System\dauosqS.exe
  C:\Windows\System\dauosqS.exe
  2⤵
  PID:544
- C:\Windows\System\FxivsiW.exe
  C:\Windows\System\FxivsiW.exe
  2⤵
  PID:2076
- C:\Windows\System\JiUXSqs.exe
  C:\Windows\System\JiUXSqs.exe
  2⤵
  PID:636
- C:\Windows\System\aPwjhOM.exe
  C:\Windows\System\aPwjhOM.exe
  2⤵
  PID:2528
- C:\Windows\System\bwLJQzL.exe
  C:\Windows\System\bwLJQzL.exe
  2⤵
  PID:2500
- C:\Windows\System\BCByKOZ.exe
  C:\Windows\System\BCByKOZ.exe
  2⤵
  PID:1980
- C:\Windows\System\dIaHrrv.exe
  C:\Windows\System\dIaHrrv.exe
  2⤵
  PID:1100
- C:\Windows\System\MQsBTYe.exe
  C:\Windows\System\MQsBTYe.exe
  2⤵
  PID:1892
- C:\Windows\System\jdIqGPM.exe
  C:\Windows\System\jdIqGPM.exe
  2⤵
  PID:1724
- C:\Windows\System\oiaNirI.exe
  C:\Windows\System\oiaNirI.exe
  2⤵
  PID:1524
- C:\Windows\System\XpekSSD.exe
  C:\Windows\System\XpekSSD.exe
  2⤵
  PID:2316
- C:\Windows\System\AXIFRLD.exe
  C:\Windows\System\AXIFRLD.exe
  2⤵
  PID:2084
- C:\Windows\System\RqXJVlz.exe
  C:\Windows\System\RqXJVlz.exe
  2⤵
  PID:2432
- C:\Windows\System\MQhQMni.exe
  C:\Windows\System\MQhQMni.exe
  2⤵
  PID:1228
- C:\Windows\System\WbmpWUg.exe
  C:\Windows\System\WbmpWUg.exe
  2⤵
  PID:952
- C:\Windows\System\ILGYaPM.exe
  C:\Windows\System\ILGYaPM.exe
  2⤵
  PID:2772
- C:\Windows\System\kbiKHFg.exe
  C:\Windows\System\kbiKHFg.exe
  2⤵
  PID:2624
- C:\Windows\System\TRSiJWY.exe
  C:\Windows\System\TRSiJWY.exe
  2⤵
  PID:1492
- C:\Windows\System\MQwKbQC.exe
  C:\Windows\System\MQwKbQC.exe
  2⤵
  PID:1196
- C:\Windows\System\GgWFyKy.exe
  C:\Windows\System\GgWFyKy.exe
  2⤵
  PID:2724
- C:\Windows\System\CmrSsAF.exe
  C:\Windows\System\CmrSsAF.exe
  2⤵
  PID:2008
- C:\Windows\System\rhQoWTb.exe
  C:\Windows\System\rhQoWTb.exe
  2⤵
  PID:2184
- C:\Windows\System\MCdteJV.exe
  C:\Windows\System\MCdteJV.exe
  2⤵
  PID:1104
- C:\Windows\System\onwrwco.exe
  C:\Windows\System\onwrwco.exe
  2⤵
  PID:1592
- C:\Windows\System\SxaTqBd.exe
  C:\Windows\System\SxaTqBd.exe
  2⤵
  PID:776
- C:\Windows\System\mGByAQj.exe
  C:\Windows\System\mGByAQj.exe
  2⤵
  PID:3084
- C:\Windows\System\mTtZjyS.exe
  C:\Windows\System\mTtZjyS.exe
  2⤵
  PID:3104
- C:\Windows\System\HlZFCqX.exe
  C:\Windows\System\HlZFCqX.exe
  2⤵
  PID:3124
- C:\Windows\System\FGjuBEd.exe
  C:\Windows\System\FGjuBEd.exe
  2⤵
  PID:3144
- C:\Windows\System\LAxedZm.exe
  C:\Windows\System\LAxedZm.exe
  2⤵
  PID:3164
- C:\Windows\System\KVQEbCG.exe
  C:\Windows\System\KVQEbCG.exe
  2⤵
  PID:3184
- C:\Windows\System\tcjiwHw.exe
  C:\Windows\System\tcjiwHw.exe
  2⤵
  PID:3204
- C:\Windows\System\RocGZWV.exe
  C:\Windows\System\RocGZWV.exe
  2⤵
  PID:3220
- C:\Windows\System\wMBaxAW.exe
  C:\Windows\System\wMBaxAW.exe
  2⤵
  PID:3244
- C:\Windows\System\XabGYbj.exe
  C:\Windows\System\XabGYbj.exe
  2⤵
  PID:3264
- C:\Windows\System\UZIpfOj.exe
  C:\Windows\System\UZIpfOj.exe
  2⤵
  PID:3284
- C:\Windows\System\OerRhtB.exe
  C:\Windows\System\OerRhtB.exe
  2⤵
  PID:3304
- C:\Windows\System\xhBiNCD.exe
  C:\Windows\System\xhBiNCD.exe
  2⤵
  PID:3324
- C:\Windows\System\ElioiFz.exe
  C:\Windows\System\ElioiFz.exe
  2⤵
  PID:3344
- C:\Windows\System\SqTpYoX.exe
  C:\Windows\System\SqTpYoX.exe
  2⤵
  PID:3364
- C:\Windows\System\FLziDiZ.exe
  C:\Windows\System\FLziDiZ.exe
  2⤵
  PID:3384
- C:\Windows\System\NgvjIPy.exe
  C:\Windows\System\NgvjIPy.exe
  2⤵
  PID:3404
- C:\Windows\System\hufRjwE.exe
  C:\Windows\System\hufRjwE.exe
  2⤵
  PID:3424
- C:\Windows\System\ncEdkKI.exe
  C:\Windows\System\ncEdkKI.exe
  2⤵
  PID:3444
- C:\Windows\System\BLGHscG.exe
  C:\Windows\System\BLGHscG.exe
  2⤵
  PID:3464
- C:\Windows\System\dCyTAbh.exe
  C:\Windows\System\dCyTAbh.exe
  2⤵
  PID:3488
- C:\Windows\System\BVcgVQL.exe
  C:\Windows\System\BVcgVQL.exe
  2⤵
  PID:3508
- C:\Windows\System\kfcXghY.exe
  C:\Windows\System\kfcXghY.exe
  2⤵
  PID:3528
- C:\Windows\System\dikNliq.exe
  C:\Windows\System\dikNliq.exe
  2⤵
  PID:3548
- C:\Windows\System\qcMsLQt.exe
  C:\Windows\System\qcMsLQt.exe
  2⤵
  PID:3568
- C:\Windows\System\TZGJCsC.exe
  C:\Windows\System\TZGJCsC.exe
  2⤵
  PID:3588
- C:\Windows\System\JLHKqlU.exe
  C:\Windows\System\JLHKqlU.exe
  2⤵
  PID:3608
- C:\Windows\System\SyWjefT.exe
  C:\Windows\System\SyWjefT.exe
  2⤵
  PID:3628
- C:\Windows\System\NDrkYqB.exe
  C:\Windows\System\NDrkYqB.exe
  2⤵
  PID:3648
- C:\Windows\System\nqMqWBn.exe
  C:\Windows\System\nqMqWBn.exe
  2⤵
  PID:3668
- C:\Windows\System\ArWPQYb.exe
  C:\Windows\System\ArWPQYb.exe
  2⤵
  PID:3688
- C:\Windows\System\iWWYwXm.exe
  C:\Windows\System\iWWYwXm.exe
  2⤵
  PID:3708
- C:\Windows\System\JieOglu.exe
  C:\Windows\System\JieOglu.exe
  2⤵
  PID:3728
- C:\Windows\System\tdkjoJc.exe
  C:\Windows\System\tdkjoJc.exe
  2⤵
  PID:3748
- C:\Windows\System\JlaBSqL.exe
  C:\Windows\System\JlaBSqL.exe
  2⤵
  PID:3768
- C:\Windows\System\MNDRoQL.exe
  C:\Windows\System\MNDRoQL.exe
  2⤵
  PID:3788
- C:\Windows\System\Nljpjko.exe
  C:\Windows\System\Nljpjko.exe
  2⤵
  PID:3808
- C:\Windows\System\SCUOrfx.exe
  C:\Windows\System\SCUOrfx.exe
  2⤵
  PID:3828
- C:\Windows\System\pFnlJKQ.exe
  C:\Windows\System\pFnlJKQ.exe
  2⤵
  PID:3848
- C:\Windows\System\fVQoCsK.exe
  C:\Windows\System\fVQoCsK.exe
  2⤵
  PID:3868
- C:\Windows\System\RcPIGDc.exe
  C:\Windows\System\RcPIGDc.exe
  2⤵
  PID:3888
- C:\Windows\System\SPHDbBE.exe
  C:\Windows\System\SPHDbBE.exe
  2⤵
  PID:3908
- C:\Windows\System\XoooYIX.exe
  C:\Windows\System\XoooYIX.exe
  2⤵
  PID:3928
- C:\Windows\System\wZGUkmd.exe
  C:\Windows\System\wZGUkmd.exe
  2⤵
  PID:3948
- C:\Windows\System\cuUOgcL.exe
  C:\Windows\System\cuUOgcL.exe
  2⤵
  PID:3968
- C:\Windows\System\wSZkJVn.exe
  C:\Windows\System\wSZkJVn.exe
  2⤵
  PID:3988
- C:\Windows\System\niIAVsI.exe
  C:\Windows\System\niIAVsI.exe
  2⤵
  PID:4008
- C:\Windows\System\rUVBccK.exe
  C:\Windows\System\rUVBccK.exe
  2⤵
  PID:4028
- C:\Windows\System\rApPfTn.exe
  C:\Windows\System\rApPfTn.exe
  2⤵
  PID:4048
- C:\Windows\System\TMATsKE.exe
  C:\Windows\System\TMATsKE.exe
  2⤵
  PID:4068
- C:\Windows\System\ZSgUfjB.exe
  C:\Windows\System\ZSgUfjB.exe
  2⤵
  PID:4088
- C:\Windows\System\ADztTLc.exe
  C:\Windows\System\ADztTLc.exe
  2⤵
  PID:1648
- C:\Windows\System\rMVsZGj.exe
  C:\Windows\System\rMVsZGj.exe
  2⤵
  PID:2572
- C:\Windows\System\qfMUaVe.exe
  C:\Windows\System\qfMUaVe.exe
  2⤵
  PID:1148
- C:\Windows\System\aXQNUsq.exe
  C:\Windows\System\aXQNUsq.exe
  2⤵
  PID:3032
- C:\Windows\System\SmmwVCM.exe
  C:\Windows\System\SmmwVCM.exe
  2⤵
  PID:1920
- C:\Windows\System\jjzIYRm.exe
  C:\Windows\System\jjzIYRm.exe
  2⤵
  PID:1760
- C:\Windows\System\OcmDRlO.exe
  C:\Windows\System\OcmDRlO.exe
  2⤵
  PID:1692
- C:\Windows\System\LxFBmnl.exe
  C:\Windows\System\LxFBmnl.exe
  2⤵
  PID:2324
- C:\Windows\System\zYIpJni.exe
  C:\Windows\System\zYIpJni.exe
  2⤵
  PID:916
- C:\Windows\System\tJFvEkM.exe
  C:\Windows\System\tJFvEkM.exe
  2⤵
  PID:1288
- C:\Windows\System\pvtUURX.exe
  C:\Windows\System\pvtUURX.exe
  2⤵
  PID:2068
- C:\Windows\System\yCQxqHA.exe
  C:\Windows\System\yCQxqHA.exe
  2⤵
  PID:2496
- C:\Windows\System\rRLxUeJ.exe
  C:\Windows\System\rRLxUeJ.exe
  2⤵
  PID:2760
- C:\Windows\System\SrxZoxn.exe
  C:\Windows\System\SrxZoxn.exe
  2⤵
  PID:2696
- C:\Windows\System\GcZUcnn.exe
  C:\Windows\System\GcZUcnn.exe
  2⤵
  PID:1316
- C:\Windows\System\SYEVYjY.exe
  C:\Windows\System\SYEVYjY.exe
  2⤵
  PID:1704
- C:\Windows\System\oVrDgXG.exe
  C:\Windows\System\oVrDgXG.exe
  2⤵
  PID:3092
- C:\Windows\System\WadxEXs.exe
  C:\Windows\System\WadxEXs.exe
  2⤵
  PID:3116
- C:\Windows\System\UHvcdnl.exe
  C:\Windows\System\UHvcdnl.exe
  2⤵
  PID:3156
- C:\Windows\System\JAOpwfc.exe
  C:\Windows\System\JAOpwfc.exe
  2⤵
  PID:3196
- C:\Windows\System\YBSlyAW.exe
  C:\Windows\System\YBSlyAW.exe
  2⤵
  PID:3232
- C:\Windows\System\DazfbGi.exe
  C:\Windows\System\DazfbGi.exe
  2⤵
  PID:3272
- C:\Windows\System\nHPuhHW.exe
  C:\Windows\System\nHPuhHW.exe
  2⤵
  PID:3312
- C:\Windows\System\DIIJBDs.exe
  C:\Windows\System\DIIJBDs.exe
  2⤵
  PID:3332
- C:\Windows\System\cFyGLSv.exe
  C:\Windows\System\cFyGLSv.exe
  2⤵
  PID:3356
- C:\Windows\System\ifAlGUi.exe
  C:\Windows\System\ifAlGUi.exe
  2⤵
  PID:3400
- C:\Windows\System\vTqXZpK.exe
  C:\Windows\System\vTqXZpK.exe
  2⤵
  PID:3420
- C:\Windows\System\ckPrOYP.exe
  C:\Windows\System\ckPrOYP.exe
  2⤵
  PID:3452
- C:\Windows\System\FGLGFBf.exe
  C:\Windows\System\FGLGFBf.exe
  2⤵
  PID:3516
- C:\Windows\System\xECnzFt.exe
  C:\Windows\System\xECnzFt.exe
  2⤵
  PID:3544
- C:\Windows\System\CKtCOCd.exe
  C:\Windows\System\CKtCOCd.exe
  2⤵
  PID:3576
- C:\Windows\System\XgrZnPi.exe
  C:\Windows\System\XgrZnPi.exe
  2⤵
  PID:3580
- C:\Windows\System\CwrnSmF.exe
  C:\Windows\System\CwrnSmF.exe
  2⤵
  PID:3644
- C:\Windows\System\MnQIffC.exe
  C:\Windows\System\MnQIffC.exe
  2⤵
  PID:3676
- C:\Windows\System\LMGXkwO.exe
  C:\Windows\System\LMGXkwO.exe
  2⤵
  PID:3716
- C:\Windows\System\XIZDcdv.exe
  C:\Windows\System\XIZDcdv.exe
  2⤵
  PID:3736
- C:\Windows\System\UHRrrqL.exe
  C:\Windows\System\UHRrrqL.exe
  2⤵
  PID:3776
- C:\Windows\System\uBGyGLV.exe
  C:\Windows\System\uBGyGLV.exe
  2⤵
  PID:3800
- C:\Windows\System\zguSoyV.exe
  C:\Windows\System\zguSoyV.exe
  2⤵
  PID:3844
- C:\Windows\System\cniRtqN.exe
  C:\Windows\System\cniRtqN.exe
  2⤵
  PID:3864
- C:\Windows\System\YqblQJF.exe
  C:\Windows\System\YqblQJF.exe
  2⤵
  PID:3924
- C:\Windows\System\SdtGhvc.exe
  C:\Windows\System\SdtGhvc.exe
  2⤵
  PID:3944
- C:\Windows\System\MjXeUOh.exe
  C:\Windows\System\MjXeUOh.exe
  2⤵
  PID:3976
- C:\Windows\System\ldsUhMp.exe
  C:\Windows\System\ldsUhMp.exe
  2⤵
  PID:3980
- C:\Windows\System\DDmPPSl.exe
  C:\Windows\System\DDmPPSl.exe
  2⤵
  PID:4024
- C:\Windows\System\qdmkRxO.exe
  C:\Windows\System\qdmkRxO.exe
  2⤵
  PID:4060
- C:\Windows\System\dvgsTsp.exe
  C:\Windows\System\dvgsTsp.exe
  2⤵
  PID:984
- C:\Windows\System\wIPiNVv.exe
  C:\Windows\System\wIPiNVv.exe
  2⤵
  PID:2580
- C:\Windows\System\uxAejcW.exe
  C:\Windows\System\uxAejcW.exe
  2⤵
  PID:2552
- C:\Windows\System\UoFCvsB.exe
  C:\Windows\System\UoFCvsB.exe
  2⤵
  PID:884
- C:\Windows\System\mfjRpTl.exe
  C:\Windows\System\mfjRpTl.exe
  2⤵
  PID:700
- C:\Windows\System\xeRDjAM.exe
  C:\Windows\System\xeRDjAM.exe
  2⤵
  PID:1588
- C:\Windows\System\slinKhR.exe
  C:\Windows\System\slinKhR.exe
  2⤵
  PID:2756
- C:\Windows\System\fuqVoBH.exe
  C:\Windows\System\fuqVoBH.exe
  2⤵
  PID:1268
- C:\Windows\System\ZXcTJmJ.exe
  C:\Windows\System\ZXcTJmJ.exe
  2⤵
  PID:2996
- C:\Windows\System\wJMjoGN.exe
  C:\Windows\System\wJMjoGN.exe
  2⤵
  PID:3080
- C:\Windows\System\OyjHdGb.exe
  C:\Windows\System\OyjHdGb.exe
  2⤵
  PID:1888
- C:\Windows\System\CTrULun.exe
  C:\Windows\System\CTrULun.exe
  2⤵
  PID:3176
- C:\Windows\System\OQvkdnS.exe
  C:\Windows\System\OQvkdnS.exe
  2⤵
  PID:3212
- C:\Windows\System\oTlmHxJ.exe
  C:\Windows\System\oTlmHxJ.exe
  2⤵
  PID:3276
- C:\Windows\System\zswSCJE.exe
  C:\Windows\System\zswSCJE.exe
  2⤵
  PID:3392
- C:\Windows\System\YWfcMwH.exe
  C:\Windows\System\YWfcMwH.exe
  2⤵
  PID:3432
- C:\Windows\System\RSpSFYa.exe
  C:\Windows\System\RSpSFYa.exe
  2⤵
  PID:3520
- C:\Windows\System\QKlsbay.exe
  C:\Windows\System\QKlsbay.exe
  2⤵
  PID:3604
- C:\Windows\System\QPKmlmS.exe
  C:\Windows\System\QPKmlmS.exe
  2⤵
  PID:3584
- C:\Windows\System\dWqOAfT.exe
  C:\Windows\System\dWqOAfT.exe
  2⤵
  PID:3624
- C:\Windows\System\aFCKMsy.exe
  C:\Windows\System\aFCKMsy.exe
  2⤵
  PID:3696
- C:\Windows\System\jqNfCSR.exe
  C:\Windows\System\jqNfCSR.exe
  2⤵
  PID:3780
- C:\Windows\System\LakVJiq.exe
  C:\Windows\System\LakVJiq.exe
  2⤵
  PID:3884
- C:\Windows\System\iEqyeUR.exe
  C:\Windows\System\iEqyeUR.exe
  2⤵
  PID:3880
- C:\Windows\System\hffVwnr.exe
  C:\Windows\System\hffVwnr.exe
  2⤵
  PID:2180
- C:\Windows\System\MzsyvXX.exe
  C:\Windows\System\MzsyvXX.exe
  2⤵
  PID:4000
- C:\Windows\System\dXxZhgU.exe
  C:\Windows\System\dXxZhgU.exe
  2⤵
  PID:4044
- C:\Windows\System\XCwMIJw.exe
  C:\Windows\System\XCwMIJw.exe
  2⤵
  PID:1028
- C:\Windows\System\WVehPsk.exe
  C:\Windows\System\WVehPsk.exe
  2⤵
  PID:2880
- C:\Windows\System\ZssOvwD.exe
  C:\Windows\System\ZssOvwD.exe
  2⤵
  PID:2312
- C:\Windows\System\JXiiAWC.exe
  C:\Windows\System\JXiiAWC.exe
  2⤵
  PID:2584
- C:\Windows\System\pwQVqsY.exe
  C:\Windows\System\pwQVqsY.exe
  2⤵
  PID:2412
- C:\Windows\System\nrMTxNc.exe
  C:\Windows\System\nrMTxNc.exe
  2⤵
  PID:2684
- C:\Windows\System\trHHYEg.exe
  C:\Windows\System\trHHYEg.exe
  2⤵
  PID:4100
- C:\Windows\System\NIRoLLQ.exe
  C:\Windows\System\NIRoLLQ.exe
  2⤵
  PID:4120
- C:\Windows\System\lUenEhY.exe
  C:\Windows\System\lUenEhY.exe
  2⤵
  PID:4140
- C:\Windows\System\tnzuFzX.exe
  C:\Windows\System\tnzuFzX.exe
  2⤵
  PID:4160
- C:\Windows\System\SqTZgHw.exe
  C:\Windows\System\SqTZgHw.exe
  2⤵
  PID:4180
- C:\Windows\System\LwYaNJK.exe
  C:\Windows\System\LwYaNJK.exe
  2⤵
  PID:4200
- C:\Windows\System\HIEwUZD.exe
  C:\Windows\System\HIEwUZD.exe
  2⤵
  PID:4220
- C:\Windows\System\ADKieQB.exe
  C:\Windows\System\ADKieQB.exe
  2⤵
  PID:4240
- C:\Windows\System\REsDRwr.exe
  C:\Windows\System\REsDRwr.exe
  2⤵
  PID:4260
- C:\Windows\System\bfPEdhS.exe
  C:\Windows\System\bfPEdhS.exe
  2⤵
  PID:4280
- C:\Windows\System\KKoCcms.exe
  C:\Windows\System\KKoCcms.exe
  2⤵
  PID:4300
- C:\Windows\System\syEvdow.exe
  C:\Windows\System\syEvdow.exe
  2⤵
  PID:4320
- C:\Windows\System\bNqpUyf.exe
  C:\Windows\System\bNqpUyf.exe
  2⤵
  PID:4340
- C:\Windows\System\pvwMcfc.exe
  C:\Windows\System\pvwMcfc.exe
  2⤵
  PID:4360
- C:\Windows\System\nSPjWgc.exe
  C:\Windows\System\nSPjWgc.exe
  2⤵
  PID:4380
- C:\Windows\System\FqMjhKU.exe
  C:\Windows\System\FqMjhKU.exe
  2⤵
  PID:4400
- C:\Windows\System\GQyCkPy.exe
  C:\Windows\System\GQyCkPy.exe
  2⤵
  PID:4420
- C:\Windows\System\VXHwcyx.exe
  C:\Windows\System\VXHwcyx.exe
  2⤵
  PID:4440
- C:\Windows\System\JVrznTt.exe
  C:\Windows\System\JVrznTt.exe
  2⤵
  PID:4460
- C:\Windows\System\kcsPsbs.exe
  C:\Windows\System\kcsPsbs.exe
  2⤵
  PID:4480
- C:\Windows\System\YtVCvWm.exe
  C:\Windows\System\YtVCvWm.exe
  2⤵
  PID:4500
- C:\Windows\System\nmibCOD.exe
  C:\Windows\System\nmibCOD.exe
  2⤵
  PID:4520
- C:\Windows\System\rOqEIgy.exe
  C:\Windows\System\rOqEIgy.exe
  2⤵
  PID:4540
- C:\Windows\System\NHEoSUw.exe
  C:\Windows\System\NHEoSUw.exe
  2⤵
  PID:4560
- C:\Windows\System\yPxhFpE.exe
  C:\Windows\System\yPxhFpE.exe
  2⤵
  PID:4580
- C:\Windows\System\rquqSYT.exe
  C:\Windows\System\rquqSYT.exe
  2⤵
  PID:4600
- C:\Windows\System\ylfFALJ.exe
  C:\Windows\System\ylfFALJ.exe
  2⤵
  PID:4620
- C:\Windows\System\VdjIgTF.exe
  C:\Windows\System\VdjIgTF.exe
  2⤵
  PID:4640
- C:\Windows\System\jLgmqGL.exe
  C:\Windows\System\jLgmqGL.exe
  2⤵
  PID:4660
- C:\Windows\System\MtHRoTu.exe
  C:\Windows\System\MtHRoTu.exe
  2⤵
  PID:4680
- C:\Windows\System\VoYhqzf.exe
  C:\Windows\System\VoYhqzf.exe
  2⤵
  PID:4704
- C:\Windows\System\YkKRWMu.exe
  C:\Windows\System\YkKRWMu.exe
  2⤵
  PID:4724
- C:\Windows\System\zgxBBTS.exe
  C:\Windows\System\zgxBBTS.exe
  2⤵
  PID:4744
- C:\Windows\System\tjkYVke.exe
  C:\Windows\System\tjkYVke.exe
  2⤵
  PID:4764
- C:\Windows\System\rvMIgHx.exe
  C:\Windows\System\rvMIgHx.exe
  2⤵
  PID:4784
- C:\Windows\System\OVPfMvY.exe
  C:\Windows\System\OVPfMvY.exe
  2⤵
  PID:4804
- C:\Windows\System\EmeslHQ.exe
  C:\Windows\System\EmeslHQ.exe
  2⤵
  PID:4824
- C:\Windows\System\pSRXLei.exe
  C:\Windows\System\pSRXLei.exe
  2⤵
  PID:4844
- C:\Windows\System\HjgLtpC.exe
  C:\Windows\System\HjgLtpC.exe
  2⤵
  PID:4864
- C:\Windows\System\lvEIOsa.exe
  C:\Windows\System\lvEIOsa.exe
  2⤵
  PID:4888
- C:\Windows\System\sMJIHmS.exe
  C:\Windows\System\sMJIHmS.exe
  2⤵
  PID:4908
- C:\Windows\System\bBQvkva.exe
  C:\Windows\System\bBQvkva.exe
  2⤵
  PID:4928
- C:\Windows\System\otblknm.exe
  C:\Windows\System\otblknm.exe
  2⤵
  PID:4948
- C:\Windows\System\fcnaaXz.exe
  C:\Windows\System\fcnaaXz.exe
  2⤵
  PID:4968
- C:\Windows\System\qkCJdLg.exe
  C:\Windows\System\qkCJdLg.exe
  2⤵
  PID:4988
- C:\Windows\System\DVPlvkE.exe
  C:\Windows\System\DVPlvkE.exe
  2⤵
  PID:5008
- C:\Windows\System\eSjqpKC.exe
  C:\Windows\System\eSjqpKC.exe
  2⤵
  PID:5028
- C:\Windows\System\VIIFRyx.exe
  C:\Windows\System\VIIFRyx.exe
  2⤵
  PID:5048
- C:\Windows\System\sLHXRYO.exe
  C:\Windows\System\sLHXRYO.exe
  2⤵
  PID:5068
- C:\Windows\System\eyvGbmA.exe
  C:\Windows\System\eyvGbmA.exe
  2⤵
  PID:5088
- C:\Windows\System\uVvyFkC.exe
  C:\Windows\System\uVvyFkC.exe
  2⤵
  PID:5108
- C:\Windows\System\tjhazfc.exe
  C:\Windows\System\tjhazfc.exe
  2⤵
  PID:3152
- C:\Windows\System\EkcMwdV.exe
  C:\Windows\System\EkcMwdV.exe
  2⤵
  PID:3236
- C:\Windows\System\kotwPVL.exe
  C:\Windows\System\kotwPVL.exe
  2⤵
  PID:3380
- C:\Windows\System\uAoYcJQ.exe
  C:\Windows\System\uAoYcJQ.exe
  2⤵
  PID:3504
- C:\Windows\System\JRLiRac.exe
  C:\Windows\System\JRLiRac.exe
  2⤵
  PID:3600
- C:\Windows\System\IHcOOGz.exe
  C:\Windows\System\IHcOOGz.exe
  2⤵
  PID:3560
- C:\Windows\System\xwEokpa.exe
  C:\Windows\System\xwEokpa.exe
  2⤵
  PID:3704
- C:\Windows\System\ZZXuRxf.exe
  C:\Windows\System\ZZXuRxf.exe
  2⤵
  PID:3824
- C:\Windows\System\WkUYEeM.exe
  C:\Windows\System\WkUYEeM.exe
  2⤵
  PID:3936
- C:\Windows\System\uZeczxw.exe
  C:\Windows\System\uZeczxw.exe
  2⤵
  PID:4076
- C:\Windows\System\hNxpSmj.exe
  C:\Windows\System\hNxpSmj.exe
  2⤵
  PID:2156
- C:\Windows\System\owRpVhF.exe
  C:\Windows\System\owRpVhF.exe
  2⤵
  PID:2292
- C:\Windows\System\HCyrBAi.exe
  C:\Windows\System\HCyrBAi.exe
  2⤵
  PID:1044
- C:\Windows\System\rMrbRYv.exe
  C:\Windows\System\rMrbRYv.exe
  2⤵
  PID:2188
- C:\Windows\System\nOvlBcS.exe
  C:\Windows\System\nOvlBcS.exe
  2⤵
  PID:4136
- C:\Windows\System\PBLXKiE.exe
  C:\Windows\System\PBLXKiE.exe
  2⤵
  PID:4168
- C:\Windows\System\HYLyHDT.exe
  C:\Windows\System\HYLyHDT.exe
  2⤵
  PID:4188
- C:\Windows\System\CwUkjxY.exe
  C:\Windows\System\CwUkjxY.exe
  2⤵
  PID:4212
- C:\Windows\System\WQTWltR.exe
  C:\Windows\System\WQTWltR.exe
  2⤵
  PID:4236
- C:\Windows\System\mQjaRJs.exe
  C:\Windows\System\mQjaRJs.exe
  2⤵
  PID:4288
- C:\Windows\System\sGTbLqQ.exe
  C:\Windows\System\sGTbLqQ.exe
  2⤵
  PID:4276
- C:\Windows\System\kOJrOQx.exe
  C:\Windows\System\kOJrOQx.exe
  2⤵
  PID:4348
- C:\Windows\System\FUaFrdl.exe
  C:\Windows\System\FUaFrdl.exe
  2⤵
  PID:4372
- C:\Windows\System\VnghTKM.exe
  C:\Windows\System\VnghTKM.exe
  2⤵
  PID:4416
- C:\Windows\System\OGmGMeh.exe
  C:\Windows\System\OGmGMeh.exe
  2⤵
  PID:4448
- C:\Windows\System\sxEctJn.exe
  C:\Windows\System\sxEctJn.exe
  2⤵
  PID:4488
- C:\Windows\System\JAlRZIv.exe
  C:\Windows\System\JAlRZIv.exe
  2⤵
  PID:4472
- C:\Windows\System\igrOYQh.exe
  C:\Windows\System\igrOYQh.exe
  2⤵
  PID:4548
- C:\Windows\System\ecvRnIr.exe
  C:\Windows\System\ecvRnIr.exe
  2⤵
  PID:4572
- C:\Windows\System\lOSuHDB.exe
  C:\Windows\System\lOSuHDB.exe
  2⤵
  PID:4592
- C:\Windows\System\equMlOC.exe
  C:\Windows\System\equMlOC.exe
  2⤵
  PID:4652
- C:\Windows\System\TByoAJf.exe
  C:\Windows\System\TByoAJf.exe
  2⤵
  PID:4672
- C:\Windows\System\hNkGOpM.exe
  C:\Windows\System\hNkGOpM.exe
  2⤵
  PID:4720
- C:\Windows\System\HcEBLkW.exe
  C:\Windows\System\HcEBLkW.exe
  2⤵
  PID:4760
- C:\Windows\System\ufZFGoh.exe
  C:\Windows\System\ufZFGoh.exe
  2⤵
  PID:4812
- C:\Windows\System\WBFfmtA.exe
  C:\Windows\System\WBFfmtA.exe
  2⤵
  PID:4840
- C:\Windows\System\pFdlMEU.exe
  C:\Windows\System\pFdlMEU.exe
  2⤵
  PID:4872
- C:\Windows\System\IZyEuAd.exe
  C:\Windows\System\IZyEuAd.exe
  2⤵
  PID:4900
- C:\Windows\System\rkxoQwx.exe
  C:\Windows\System\rkxoQwx.exe
  2⤵
  PID:4920
- C:\Windows\System\FGafwmZ.exe
  C:\Windows\System\FGafwmZ.exe
  2⤵
  PID:4976
- C:\Windows\System\NFHxyLs.exe
  C:\Windows\System\NFHxyLs.exe
  2⤵
  PID:5004
- C:\Windows\System\GXDEzgS.exe
  C:\Windows\System\GXDEzgS.exe
  2⤵
  PID:5056
- C:\Windows\System\wkxhfwq.exe
  C:\Windows\System\wkxhfwq.exe
  2⤵
  PID:5096
- C:\Windows\System\GiwXmCt.exe
  C:\Windows\System\GiwXmCt.exe
  2⤵
  PID:5080
- C:\Windows\System\UVzfUqw.exe
  C:\Windows\System\UVzfUqw.exe
  2⤵
  PID:3216
- C:\Windows\System\FBveklg.exe
  C:\Windows\System\FBveklg.exe
  2⤵
  PID:3360
- C:\Windows\System\egadfOr.exe
  C:\Windows\System\egadfOr.exe
  2⤵
  PID:3496
- C:\Windows\System\ZQcJLVI.exe
  C:\Windows\System\ZQcJLVI.exe
  2⤵
  PID:3784
- C:\Windows\System\RYnqAaa.exe
  C:\Windows\System\RYnqAaa.exe
  2⤵
  PID:3720
- C:\Windows\System\kxRFOzJ.exe
  C:\Windows\System\kxRFOzJ.exe
  2⤵
  PID:3896
- C:\Windows\System\GFsqOdi.exe
  C:\Windows\System\GFsqOdi.exe
  2⤵
  PID:2964
- C:\Windows\System\YbFkOFW.exe
  C:\Windows\System\YbFkOFW.exe
  2⤵
  PID:1636
- C:\Windows\System\XdLgOqc.exe
  C:\Windows\System\XdLgOqc.exe
  2⤵
  PID:4108
- C:\Windows\System\UseDvhR.exe
  C:\Windows\System\UseDvhR.exe
  2⤵
  PID:4152
- C:\Windows\System\lAPXIhC.exe
  C:\Windows\System\lAPXIhC.exe
  2⤵
  PID:1628
- C:\Windows\System\SwrrCvA.exe
  C:\Windows\System\SwrrCvA.exe
  2⤵
  PID:4316
- C:\Windows\System\khrBBPu.exe
  C:\Windows\System\khrBBPu.exe
  2⤵
  PID:4336
- C:\Windows\System\mXooyvD.exe
  C:\Windows\System\mXooyvD.exe
  2⤵
  PID:4352
- C:\Windows\System\aUybIbC.exe
  C:\Windows\System\aUybIbC.exe
  2⤵
  PID:4452
- C:\Windows\System\WZPQlVz.exe
  C:\Windows\System\WZPQlVz.exe
  2⤵
  PID:4528
- C:\Windows\System\vYBxKyB.exe
  C:\Windows\System\vYBxKyB.exe
  2⤵
  PID:4516
- C:\Windows\System\ndlzJRw.exe
  C:\Windows\System\ndlzJRw.exe
  2⤵
  PID:4568
- C:\Windows\System\lgreYXL.exe
  C:\Windows\System\lgreYXL.exe
  2⤵
  PID:4636
- C:\Windows\System\fJMVEJD.exe
  C:\Windows\System\fJMVEJD.exe
  2⤵
  PID:4712
- C:\Windows\System\QjlsIxC.exe
  C:\Windows\System\QjlsIxC.exe
  2⤵
  PID:4780
- C:\Windows\System\MxmShhJ.exe
  C:\Windows\System\MxmShhJ.exe
  2⤵
  PID:4796
- C:\Windows\System\BXAFzvT.exe
  C:\Windows\System\BXAFzvT.exe
  2⤵
  PID:4904
- C:\Windows\System\nHgLefo.exe
  C:\Windows\System\nHgLefo.exe
  2⤵
  PID:4956
- C:\Windows\System\AHlYHCn.exe
  C:\Windows\System\AHlYHCn.exe
  2⤵
  PID:5036
- C:\Windows\System\kfRPqEK.exe
  C:\Windows\System\kfRPqEK.exe
  2⤵
  PID:5084
- C:\Windows\System\yIloAkh.exe
  C:\Windows\System\yIloAkh.exe
  2⤵
  PID:3096
- C:\Windows\System\WQeXkHg.exe
  C:\Windows\System\WQeXkHg.exe
  2⤵
  PID:3280
- C:\Windows\System\aEbGaMC.exe
  C:\Windows\System\aEbGaMC.exe
  2⤵
  PID:3620
- C:\Windows\System\cJSNYMl.exe
  C:\Windows\System\cJSNYMl.exe
  2⤵
  PID:3700
- C:\Windows\System\SRFGhwq.exe
  C:\Windows\System\SRFGhwq.exe
  2⤵
  PID:1752
- C:\Windows\System\KwZkbyj.exe
  C:\Windows\System\KwZkbyj.exe
  2⤵
  PID:4128
- C:\Windows\System\XsGGlEJ.exe
  C:\Windows\System\XsGGlEJ.exe
  2⤵
  PID:4172
- C:\Windows\System\FlfdwmA.exe
  C:\Windows\System\FlfdwmA.exe
  2⤵
  PID:5140
- C:\Windows\System\rHOPvbB.exe
  C:\Windows\System\rHOPvbB.exe
  2⤵
  PID:5160
- C:\Windows\System\NyRsemN.exe
  C:\Windows\System\NyRsemN.exe
  2⤵
  PID:5180
- C:\Windows\System\ASYRada.exe
  C:\Windows\System\ASYRada.exe
  2⤵
  PID:5200
- C:\Windows\System\qJKQeDi.exe
  C:\Windows\System\qJKQeDi.exe
  2⤵
  PID:5220
- C:\Windows\System\ptjHnIC.exe
  C:\Windows\System\ptjHnIC.exe
  2⤵
  PID:5252
- C:\Windows\System\hcBXWSy.exe
  C:\Windows\System\hcBXWSy.exe
  2⤵
  PID:5276
- C:\Windows\System\EcHkjhJ.exe
  C:\Windows\System\EcHkjhJ.exe
  2⤵
  PID:5296
- C:\Windows\System\FATadja.exe
  C:\Windows\System\FATadja.exe
  2⤵
  PID:5316
- C:\Windows\System\bMtbARh.exe
  C:\Windows\System\bMtbARh.exe
  2⤵
  PID:5336
- C:\Windows\System\JIUCZCD.exe
  C:\Windows\System\JIUCZCD.exe
  2⤵
  PID:5356
- C:\Windows\System\XvsjbbI.exe
  C:\Windows\System\XvsjbbI.exe
  2⤵
  PID:5376
- C:\Windows\System\rYQPPht.exe
  C:\Windows\System\rYQPPht.exe
  2⤵
  PID:5396
- C:\Windows\System\IvTXUsZ.exe
  C:\Windows\System\IvTXUsZ.exe
  2⤵
  PID:5416
- C:\Windows\System\fFSSmCO.exe
  C:\Windows\System\fFSSmCO.exe
  2⤵
  PID:5436
- C:\Windows\System\AqIyVei.exe
  C:\Windows\System\AqIyVei.exe
  2⤵
  PID:5452
- C:\Windows\System\kFHLLNn.exe
  C:\Windows\System\kFHLLNn.exe
  2⤵
  PID:5476
- C:\Windows\System\oDXBiMj.exe
  C:\Windows\System\oDXBiMj.exe
  2⤵
  PID:5496
- C:\Windows\System\EVyzgbL.exe
  C:\Windows\System\EVyzgbL.exe
  2⤵
  PID:5516
- C:\Windows\System\anYTSKa.exe
  C:\Windows\System\anYTSKa.exe
  2⤵
  PID:5536
- C:\Windows\System\XTVJJDb.exe
  C:\Windows\System\XTVJJDb.exe
  2⤵
  PID:5556
- C:\Windows\System\tUTpgam.exe
  C:\Windows\System\tUTpgam.exe
  2⤵
  PID:5576
- C:\Windows\System\qEfRQPK.exe
  C:\Windows\System\qEfRQPK.exe
  2⤵
  PID:5596
- C:\Windows\System\aaAXRgk.exe
  C:\Windows\System\aaAXRgk.exe
  2⤵
  PID:5616
- C:\Windows\System\iQCJtVm.exe
  C:\Windows\System\iQCJtVm.exe
  2⤵
  PID:5636
- C:\Windows\System\datyxxs.exe
  C:\Windows\System\datyxxs.exe
  2⤵
  PID:5656
- C:\Windows\System\YjinhEM.exe
  C:\Windows\System\YjinhEM.exe
  2⤵
  PID:5676
- C:\Windows\System\pVfjxuK.exe
  C:\Windows\System\pVfjxuK.exe
  2⤵
  PID:5696
- C:\Windows\System\nDBtfDp.exe
  C:\Windows\System\nDBtfDp.exe
  2⤵
  PID:5716
- C:\Windows\System\BUfjjEw.exe
  C:\Windows\System\BUfjjEw.exe
  2⤵
  PID:5736
- C:\Windows\System\AiAVWBv.exe
  C:\Windows\System\AiAVWBv.exe
  2⤵
  PID:5756
- C:\Windows\System\FVnkyMz.exe
  C:\Windows\System\FVnkyMz.exe
  2⤵
  PID:5776
- C:\Windows\System\ngFBnph.exe
  C:\Windows\System\ngFBnph.exe
  2⤵
  PID:5796
- C:\Windows\System\dBnDtpt.exe
  C:\Windows\System\dBnDtpt.exe
  2⤵
  PID:5816
- C:\Windows\System\fKUoEHt.exe
  C:\Windows\System\fKUoEHt.exe
  2⤵
  PID:5836
- C:\Windows\System\zNsrywS.exe
  C:\Windows\System\zNsrywS.exe
  2⤵
  PID:5856
- C:\Windows\System\hkHrzhP.exe
  C:\Windows\System\hkHrzhP.exe
  2⤵
  PID:5876
- C:\Windows\System\mkEyTcB.exe
  C:\Windows\System\mkEyTcB.exe
  2⤵
  PID:5896
- C:\Windows\System\LnQaOrm.exe
  C:\Windows\System\LnQaOrm.exe
  2⤵
  PID:5916
- C:\Windows\System\THwJeab.exe
  C:\Windows\System\THwJeab.exe
  2⤵
  PID:5936
- C:\Windows\System\TdoUNQb.exe
  C:\Windows\System\TdoUNQb.exe
  2⤵
  PID:5956
- C:\Windows\System\UVQKjpW.exe
  C:\Windows\System\UVQKjpW.exe
  2⤵
  PID:5976
- C:\Windows\System\bkYDrWY.exe
  C:\Windows\System\bkYDrWY.exe
  2⤵
  PID:5996
- C:\Windows\System\tzYHSaV.exe
  C:\Windows\System\tzYHSaV.exe
  2⤵
  PID:6016
- C:\Windows\System\ImCqjIu.exe
  C:\Windows\System\ImCqjIu.exe
  2⤵
  PID:6036
- C:\Windows\System\aTLiAtX.exe
  C:\Windows\System\aTLiAtX.exe
  2⤵
  PID:6056
- C:\Windows\System\IwtmxJM.exe
  C:\Windows\System\IwtmxJM.exe
  2⤵
  PID:6076
- C:\Windows\System\mDqEdvB.exe
  C:\Windows\System\mDqEdvB.exe
  2⤵
  PID:6096
- C:\Windows\System\VJEWCdW.exe
  C:\Windows\System\VJEWCdW.exe
  2⤵
  PID:6116
- C:\Windows\System\ydmbVBj.exe
  C:\Windows\System\ydmbVBj.exe
  2⤵
  PID:6136
- C:\Windows\System\ISndMcn.exe
  C:\Windows\System\ISndMcn.exe
  2⤵
  PID:4256
- C:\Windows\System\vTdIztK.exe
  C:\Windows\System\vTdIztK.exe
  2⤵
  PID:4292
- C:\Windows\System\RhTTFTK.exe
  C:\Windows\System\RhTTFTK.exe
  2⤵
  PID:4436
- C:\Windows\System\hqLwcZB.exe
  C:\Windows\System\hqLwcZB.exe
  2⤵
  PID:4536
- C:\Windows\System\WlHSUGx.exe
  C:\Windows\System\WlHSUGx.exe
  2⤵
  PID:4696
- C:\Windows\System\gDSCEDp.exe
  C:\Windows\System\gDSCEDp.exe
  2⤵
  PID:4740
- C:\Windows\System\vgyTwJE.exe
  C:\Windows\System\vgyTwJE.exe
  2⤵
  PID:4880
- C:\Windows\System\dPdEfTo.exe
  C:\Windows\System\dPdEfTo.exe
  2⤵
  PID:4924
- C:\Windows\System\TkCyQdc.exe
  C:\Windows\System\TkCyQdc.exe
  2⤵
  PID:5020
- C:\Windows\System\SRitCMv.exe
  C:\Windows\System\SRitCMv.exe
  2⤵
  PID:5060
- C:\Windows\System\YNBzHcr.exe
  C:\Windows\System\YNBzHcr.exe
  2⤵
  PID:3996
- C:\Windows\System\BpJZaSI.exe
  C:\Windows\System\BpJZaSI.exe
  2⤵
  PID:2872
- C:\Windows\System\RSAIxkB.exe
  C:\Windows\System\RSAIxkB.exe
  2⤵
  PID:4176
- C:\Windows\System\KiVWBhA.exe
  C:\Windows\System\KiVWBhA.exe
  2⤵
  PID:5132
- C:\Windows\System\OMlKRUj.exe
  C:\Windows\System\OMlKRUj.exe
  2⤵
  PID:5176
- C:\Windows\System\sbgklyh.exe
  C:\Windows\System\sbgklyh.exe
  2⤵
  PID:5196
- C:\Windows\System\bIsUcpS.exe
  C:\Windows\System\bIsUcpS.exe
  2⤵
  PID:5268
- C:\Windows\System\wFxlffo.exe
  C:\Windows\System\wFxlffo.exe
  2⤵
  PID:5292
- C:\Windows\System\hJbHwbI.exe
  C:\Windows\System\hJbHwbI.exe
  2⤵
  PID:5324
- C:\Windows\System\vXfzSim.exe
  C:\Windows\System\vXfzSim.exe
  2⤵
  PID:5348
- C:\Windows\System\PDKVrkZ.exe
  C:\Windows\System\PDKVrkZ.exe
  2⤵
  PID:5388
- C:\Windows\System\vyZBfCe.exe
  C:\Windows\System\vyZBfCe.exe
  2⤵
  PID:5408
- C:\Windows\System\ygOyWhV.exe
  C:\Windows\System\ygOyWhV.exe
  2⤵
  PID:5472
- C:\Windows\System\gzpxJzm.exe
  C:\Windows\System\gzpxJzm.exe
  2⤵
  PID:5484
- C:\Windows\System\AbOKEQQ.exe
  C:\Windows\System\AbOKEQQ.exe
  2⤵
  PID:5524
- C:\Windows\System\kOnGhny.exe
  C:\Windows\System\kOnGhny.exe
  2⤵
  PID:5548
- C:\Windows\System\EqfeXyb.exe
  C:\Windows\System\EqfeXyb.exe
  2⤵
  PID:5592
- C:\Windows\System\bfOgUsx.exe
  C:\Windows\System\bfOgUsx.exe
  2⤵
  PID:5608
- C:\Windows\System\VlbSotD.exe
  C:\Windows\System\VlbSotD.exe
  2⤵
  PID:5652
- C:\Windows\System\sLrgrlL.exe
  C:\Windows\System\sLrgrlL.exe
  2⤵
  PID:5692
- C:\Windows\System\vNwLZXs.exe
  C:\Windows\System\vNwLZXs.exe
  2⤵
  PID:5724
- C:\Windows\System\MwHdXfR.exe
  C:\Windows\System\MwHdXfR.exe
  2⤵
  PID:5728
- C:\Windows\System\wjHJgcK.exe
  C:\Windows\System\wjHJgcK.exe
  2⤵
  PID:5792
- C:\Windows\System\PnoerSk.exe
  C:\Windows\System\PnoerSk.exe
  2⤵
  PID:5824
- C:\Windows\System\VBFxMbU.exe
  C:\Windows\System\VBFxMbU.exe
  2⤵
  PID:5848
- C:\Windows\System\TafnEDV.exe
  C:\Windows\System\TafnEDV.exe
  2⤵
  PID:5904
- C:\Windows\System\YyvgNLl.exe
  C:\Windows\System\YyvgNLl.exe
  2⤵
  PID:5944
- C:\Windows\System\tezJGWp.exe
  C:\Windows\System\tezJGWp.exe
  2⤵
  PID:5948
- C:\Windows\System\vEEjuut.exe
  C:\Windows\System\vEEjuut.exe
  2⤵
  PID:5988
- C:\Windows\System\BblIpTw.exe
  C:\Windows\System\BblIpTw.exe
  2⤵
  PID:6012
- C:\Windows\System\fqLNNCZ.exe
  C:\Windows\System\fqLNNCZ.exe
  2⤵
  PID:6048
- C:\Windows\System\VXBkyMa.exe
  C:\Windows\System\VXBkyMa.exe
  2⤵
  PID:6092
- C:\Windows\System\uemXesB.exe
  C:\Windows\System\uemXesB.exe
  2⤵
  PID:6124
- C:\Windows\System\QhBsZUV.exe
  C:\Windows\System\QhBsZUV.exe
  2⤵
  PID:4308
- C:\Windows\System\EGJfOqd.exe
  C:\Windows\System\EGJfOqd.exe
  2⤵
  PID:4376
- C:\Windows\System\JDVmQYj.exe
  C:\Windows\System\JDVmQYj.exe
  2⤵
  PID:4432
- C:\Windows\System\gHpjtIM.exe
  C:\Windows\System\gHpjtIM.exe
  2⤵
  PID:4628
- C:\Windows\System\hkXcflX.exe
  C:\Windows\System\hkXcflX.exe
  2⤵
  PID:4856
- C:\Windows\System\FZNlWXd.exe
  C:\Windows\System\FZNlWXd.exe
  2⤵
  PID:3340
- C:\Windows\System\SiyTSdJ.exe
  C:\Windows\System\SiyTSdJ.exe
  2⤵
  PID:3484
- C:\Windows\System\FdodXHt.exe
  C:\Windows\System\FdodXHt.exe
  2⤵
  PID:4080
- C:\Windows\System\epZBVOO.exe
  C:\Windows\System\epZBVOO.exe
  2⤵
  PID:5136
- C:\Windows\System\nJaMvaT.exe
  C:\Windows\System\nJaMvaT.exe
  2⤵
  PID:5260
- C:\Windows\System\kAMyasu.exe
  C:\Windows\System\kAMyasu.exe
  2⤵
  PID:5304
- C:\Windows\System\WQzzYJA.exe
  C:\Windows\System\WQzzYJA.exe
  2⤵
  PID:5352
- C:\Windows\System\WWwaBlj.exe
  C:\Windows\System\WWwaBlj.exe
  2⤵
  PID:5428
- C:\Windows\System\fRKicsb.exe
  C:\Windows\System\fRKicsb.exe
  2⤵
  PID:5448
- C:\Windows\System\GqSjIvO.exe
  C:\Windows\System\GqSjIvO.exe
  2⤵
  PID:5488
- C:\Windows\System\jUexwla.exe
  C:\Windows\System\jUexwla.exe
  2⤵
  PID:5584
- C:\Windows\System\EEcUFqn.exe
  C:\Windows\System\EEcUFqn.exe
  2⤵
  PID:5624
- C:\Windows\System\PxREgKO.exe
  C:\Windows\System\PxREgKO.exe
  2⤵
  PID:5708
- C:\Windows\System\meFghZN.exe
  C:\Windows\System\meFghZN.exe
  2⤵
  PID:5732
- C:\Windows\System\IKAHJgJ.exe
  C:\Windows\System\IKAHJgJ.exe
  2⤵
  PID:5804
- C:\Windows\System\tRDIhlz.exe
  C:\Windows\System\tRDIhlz.exe
  2⤵
  PID:5844
- C:\Windows\System\JcqclSt.exe
  C:\Windows\System\JcqclSt.exe
  2⤵
  PID:5908
- C:\Windows\System\dtOmThc.exe
  C:\Windows\System\dtOmThc.exe
  2⤵
  PID:5932
- C:\Windows\System\gRmhueU.exe
  C:\Windows\System\gRmhueU.exe
  2⤵
  PID:6052
- C:\Windows\System\VrrJGNW.exe
  C:\Windows\System\VrrJGNW.exe
  2⤵
  PID:6072
- C:\Windows\System\PCoItGe.exe
  C:\Windows\System\PCoItGe.exe
  2⤵
  PID:6084
- C:\Windows\System\hzqwdVd.exe
  C:\Windows\System\hzqwdVd.exe
  2⤵
  PID:4192
- C:\Windows\System\yHMVMFc.exe
  C:\Windows\System\yHMVMFc.exe
  2⤵
  PID:4552
- C:\Windows\System\iOkEJMs.exe
  C:\Windows\System\iOkEJMs.exe
  2⤵
  PID:4964
- C:\Windows\System\QGPfPOX.exe
  C:\Windows\System\QGPfPOX.exe
  2⤵
  PID:4980
- C:\Windows\System\yTlfQUr.exe
  C:\Windows\System\yTlfQUr.exe
  2⤵
  PID:3564
- C:\Windows\System\ynLpLdR.exe
  C:\Windows\System\ynLpLdR.exe
  2⤵
  PID:5168
- C:\Windows\System\JDHjxyw.exe
  C:\Windows\System\JDHjxyw.exe
  2⤵
  PID:6160
- C:\Windows\System\mDJISQk.exe
  C:\Windows\System\mDJISQk.exe
  2⤵
  PID:6180
- C:\Windows\System\GSzJVrE.exe
  C:\Windows\System\GSzJVrE.exe
  2⤵
  PID:6200
- C:\Windows\System\IsaMHde.exe
  C:\Windows\System\IsaMHde.exe
  2⤵
  PID:6220
- C:\Windows\System\XGhSuru.exe
  C:\Windows\System\XGhSuru.exe
  2⤵
  PID:6240
- C:\Windows\System\AIfjDzp.exe
  C:\Windows\System\AIfjDzp.exe
  2⤵
  PID:6260
- C:\Windows\System\odbYGcA.exe
  C:\Windows\System\odbYGcA.exe
  2⤵
  PID:6280
- C:\Windows\System\RQDvjcL.exe
  C:\Windows\System\RQDvjcL.exe
  2⤵
  PID:6300
- C:\Windows\System\xOsZbXM.exe
  C:\Windows\System\xOsZbXM.exe
  2⤵
  PID:6320
- C:\Windows\System\KtNXPYI.exe
  C:\Windows\System\KtNXPYI.exe
  2⤵
  PID:6340
- C:\Windows\System\rSfazDv.exe
  C:\Windows\System\rSfazDv.exe
  2⤵
  PID:6360
- C:\Windows\System\nptwYKn.exe
  C:\Windows\System\nptwYKn.exe
  2⤵
  PID:6380
- C:\Windows\System\WORbNGT.exe
  C:\Windows\System\WORbNGT.exe
  2⤵
  PID:6400
- C:\Windows\System\WbgwsCF.exe
  C:\Windows\System\WbgwsCF.exe
  2⤵
  PID:6420
- C:\Windows\System\ISDzIam.exe
  C:\Windows\System\ISDzIam.exe
  2⤵
  PID:6440
- C:\Windows\System\SbMpclV.exe
  C:\Windows\System\SbMpclV.exe
  2⤵
  PID:6460
- C:\Windows\System\NUNneOI.exe
  C:\Windows\System\NUNneOI.exe
  2⤵
  PID:6480
- C:\Windows\System\eYLiJkB.exe
  C:\Windows\System\eYLiJkB.exe
  2⤵
  PID:6500
- C:\Windows\System\RnqlwCg.exe
  C:\Windows\System\RnqlwCg.exe
  2⤵
  PID:6520
- C:\Windows\System\VCyxlkz.exe
  C:\Windows\System\VCyxlkz.exe
  2⤵
  PID:6540
- C:\Windows\System\pIGKfvE.exe
  C:\Windows\System\pIGKfvE.exe
  2⤵
  PID:6560
- C:\Windows\System\NeEFPPM.exe
  C:\Windows\System\NeEFPPM.exe
  2⤵
  PID:6580
- C:\Windows\System\rLhjGKs.exe
  C:\Windows\System\rLhjGKs.exe
  2⤵
  PID:6600
- C:\Windows\System\hScQCIq.exe
  C:\Windows\System\hScQCIq.exe
  2⤵
  PID:6620
- C:\Windows\System\UizTqXL.exe
  C:\Windows\System\UizTqXL.exe
  2⤵
  PID:6640
- C:\Windows\System\LDivmAU.exe
  C:\Windows\System\LDivmAU.exe
  2⤵
  PID:6660
- C:\Windows\System\xdsPTBz.exe
  C:\Windows\System\xdsPTBz.exe
  2⤵
  PID:6680
- C:\Windows\System\wRCIhyu.exe
  C:\Windows\System\wRCIhyu.exe
  2⤵
  PID:6708
- C:\Windows\System\TPXGOWE.exe
  C:\Windows\System\TPXGOWE.exe
  2⤵
  PID:6728
- C:\Windows\System\CvMRaGd.exe
  C:\Windows\System\CvMRaGd.exe
  2⤵
  PID:6748
- C:\Windows\System\omjScxp.exe
  C:\Windows\System\omjScxp.exe
  2⤵
  PID:6768
- C:\Windows\System\rghFSFm.exe
  C:\Windows\System\rghFSFm.exe
  2⤵
  PID:6788
- C:\Windows\System\QIZGkeZ.exe
  C:\Windows\System\QIZGkeZ.exe
  2⤵
  PID:6808
- C:\Windows\System\GdKFVwd.exe
  C:\Windows\System\GdKFVwd.exe
  2⤵
  PID:6828
- C:\Windows\System\SVuMhxn.exe
  C:\Windows\System\SVuMhxn.exe
  2⤵
  PID:6848
- C:\Windows\System\hcReYLV.exe
  C:\Windows\System\hcReYLV.exe
  2⤵
  PID:6868
- C:\Windows\System\XnpuIHe.exe
  C:\Windows\System\XnpuIHe.exe
  2⤵
  PID:6888
- C:\Windows\System\mtaYCnX.exe
  C:\Windows\System\mtaYCnX.exe
  2⤵
  PID:6908
- C:\Windows\System\YpcJzGb.exe
  C:\Windows\System\YpcJzGb.exe
  2⤵
  PID:6928
- C:\Windows\System\GuLqLPs.exe
  C:\Windows\System\GuLqLPs.exe
  2⤵
  PID:6948
- C:\Windows\System\CjiqlTW.exe
  C:\Windows\System\CjiqlTW.exe
  2⤵
  PID:6968
- C:\Windows\System\dfPGPeZ.exe
  C:\Windows\System\dfPGPeZ.exe
  2⤵
  PID:6988
- C:\Windows\System\zEGzGOO.exe
  C:\Windows\System\zEGzGOO.exe
  2⤵
  PID:7008
- C:\Windows\System\JrWBZOX.exe
  C:\Windows\System\JrWBZOX.exe
  2⤵
  PID:7028
- C:\Windows\System\MOXiYnJ.exe
  C:\Windows\System\MOXiYnJ.exe
  2⤵
  PID:7048
- C:\Windows\System\UwAjYuh.exe
  C:\Windows\System\UwAjYuh.exe
  2⤵
  PID:7068
- C:\Windows\System\WGwOkch.exe
  C:\Windows\System\WGwOkch.exe
  2⤵
  PID:7088
- C:\Windows\System\UBVIMoD.exe
  C:\Windows\System\UBVIMoD.exe
  2⤵
  PID:7108
- C:\Windows\System\CxpAcet.exe
  C:\Windows\System\CxpAcet.exe
  2⤵
  PID:7128
- C:\Windows\System\ceIarsF.exe
  C:\Windows\System\ceIarsF.exe
  2⤵
  PID:7148
- C:\Windows\System\dTqMQUC.exe
  C:\Windows\System\dTqMQUC.exe
  2⤵
  PID:5208
- C:\Windows\System\yDkeBig.exe
  C:\Windows\System\yDkeBig.exe
  2⤵
  PID:5328
- C:\Windows\System\VhLcxZI.exe
  C:\Windows\System\VhLcxZI.exe
  2⤵
  PID:5464
- C:\Windows\System\hHBUdgW.exe
  C:\Windows\System\hHBUdgW.exe
  2⤵
  PID:5552
- C:\Windows\System\TUHOVIV.exe
  C:\Windows\System\TUHOVIV.exe
  2⤵
  PID:5644
- C:\Windows\System\wvIzhlC.exe
  C:\Windows\System\wvIzhlC.exe
  2⤵
  PID:5772
- C:\Windows\System\UhnVzdN.exe
  C:\Windows\System\UhnVzdN.exe
  2⤵
  PID:5852
- C:\Windows\System\RHtXWzY.exe
  C:\Windows\System\RHtXWzY.exe
  2⤵
  PID:5884
- C:\Windows\System\pmQqJdd.exe
  C:\Windows\System\pmQqJdd.exe
  2⤵
  PID:6028
- C:\Windows\System\lDbdllT.exe
  C:\Windows\System\lDbdllT.exe
  2⤵
  PID:5968
- C:\Windows\System\oEeEXmp.exe
  C:\Windows\System\oEeEXmp.exe
  2⤵
  PID:6128
- C:\Windows\System\ARlTSik.exe
  C:\Windows\System\ARlTSik.exe
  2⤵
  PID:4800
- C:\Windows\System\VvxjPvN.exe
  C:\Windows\System\VvxjPvN.exe
  2⤵
  PID:2564
- C:\Windows\System\pVUDqvc.exe
  C:\Windows\System\pVUDqvc.exe
  2⤵
  PID:5156
- C:\Windows\System\sqYCJqf.exe
  C:\Windows\System\sqYCJqf.exe
  2⤵
  PID:6176
- C:\Windows\System\cAhBjwT.exe
  C:\Windows\System\cAhBjwT.exe
  2⤵
  PID:6192
- C:\Windows\System\cpLJsWk.exe
  C:\Windows\System\cpLJsWk.exe
  2⤵
  PID:6256
- C:\Windows\System\MBlZLun.exe
  C:\Windows\System\MBlZLun.exe
  2⤵
  PID:6232
- C:\Windows\System\owNILhT.exe
  C:\Windows\System\owNILhT.exe
  2⤵
  PID:6308
- C:\Windows\System\hoTbIQX.exe
  C:\Windows\System\hoTbIQX.exe
  2⤵
  PID:6332
- C:\Windows\System\caFpWMb.exe
  C:\Windows\System\caFpWMb.exe
  2⤵
  PID:6352
- C:\Windows\System\fLezQie.exe
  C:\Windows\System\fLezQie.exe
  2⤵
  PID:6392
- C:\Windows\System\WuGpSst.exe
  C:\Windows\System\WuGpSst.exe
  2⤵
  PID:6436
- C:\Windows\System\Pqzpyoo.exe
  C:\Windows\System\Pqzpyoo.exe
  2⤵
  PID:6496
- C:\Windows\System\AGGfOmm.exe
  C:\Windows\System\AGGfOmm.exe
  2⤵
  PID:6508
- C:\Windows\System\gbgRbaU.exe
  C:\Windows\System\gbgRbaU.exe
  2⤵
  PID:6532
- C:\Windows\System\avjdhXh.exe
  C:\Windows\System\avjdhXh.exe
  2⤵
  PID:6552
- C:\Windows\System\kImDCvD.exe
  C:\Windows\System\kImDCvD.exe
  2⤵
  PID:6608
- C:\Windows\System\kqnnNtp.exe
  C:\Windows\System\kqnnNtp.exe
  2⤵
  PID:6636
- C:\Windows\System\BogsAsg.exe
  C:\Windows\System\BogsAsg.exe
  2⤵
  PID:6668
- C:\Windows\System\fzRcuIy.exe
  C:\Windows\System\fzRcuIy.exe
  2⤵
  PID:6700
- C:\Windows\System\fvhqKNQ.exe
  C:\Windows\System\fvhqKNQ.exe
  2⤵
  PID:6720
- C:\Windows\System\wynTpjB.exe
  C:\Windows\System\wynTpjB.exe
  2⤵
  PID:6784
- C:\Windows\System\GhRVSco.exe
  C:\Windows\System\GhRVSco.exe
  2⤵
  PID:6816
- C:\Windows\System\gPXvzYr.exe
  C:\Windows\System\gPXvzYr.exe
  2⤵
  PID:6836
- C:\Windows\System\JZGSbCY.exe
  C:\Windows\System\JZGSbCY.exe
  2⤵
  PID:6876
- C:\Windows\System\OxbGrNq.exe
  C:\Windows\System\OxbGrNq.exe
  2⤵
  PID:6900
- C:\Windows\System\KuZQQOQ.exe
  C:\Windows\System\KuZQQOQ.exe
  2⤵
  PID:6944
- C:\Windows\System\WucaFrs.exe
  C:\Windows\System\WucaFrs.exe
  2⤵
  PID:6984
- C:\Windows\System\UrAOzVo.exe
  C:\Windows\System\UrAOzVo.exe
  2⤵
  PID:7004
- C:\Windows\System\XYHNvdu.exe
  C:\Windows\System\XYHNvdu.exe
  2⤵
  PID:7044
- C:\Windows\System\MTtwtZC.exe
  C:\Windows\System\MTtwtZC.exe
  2⤵
  PID:7076
- C:\Windows\System\KzIgazh.exe
  C:\Windows\System\KzIgazh.exe
  2⤵
  PID:7100
- C:\Windows\System\sMWHQeT.exe
  C:\Windows\System\sMWHQeT.exe
  2⤵
  PID:7144
- C:\Windows\System\fihnwRX.exe
  C:\Windows\System\fihnwRX.exe
  2⤵
  PID:7164
- C:\Windows\System\ZWDscgj.exe
  C:\Windows\System\ZWDscgj.exe
  2⤵
  PID:5424
- C:\Windows\System\HHpWFnD.exe
  C:\Windows\System\HHpWFnD.exe
  2⤵
  PID:5664
- C:\Windows\System\pfVnoQN.exe
  C:\Windows\System\pfVnoQN.exe
  2⤵
  PID:5752
- C:\Windows\System\AeiKGbz.exe
  C:\Windows\System\AeiKGbz.exe
  2⤵
  PID:5868
- C:\Windows\System\OdtMEBS.exe
  C:\Windows\System\OdtMEBS.exe
  2⤵
  PID:6044
- C:\Windows\System\XtWMsRV.exe
  C:\Windows\System\XtWMsRV.exe
  2⤵
  PID:4428
- C:\Windows\System\Hasesyc.exe
  C:\Windows\System\Hasesyc.exe
  2⤵
  PID:5192
- C:\Windows\System\xRrcGVD.exe
  C:\Windows\System\xRrcGVD.exe
  2⤵
  PID:6188
- C:\Windows\System\YWBQbzs.exe
  C:\Windows\System\YWBQbzs.exe
  2⤵
  PID:6152
- C:\Windows\System\hhkxWPE.exe
  C:\Windows\System\hhkxWPE.exe
  2⤵
  PID:6296
- C:\Windows\System\cgukiTf.exe
  C:\Windows\System\cgukiTf.exe
  2⤵
  PID:6312
- C:\Windows\System\zDXIdpO.exe
  C:\Windows\System\zDXIdpO.exe
  2⤵
  PID:6396
- C:\Windows\System\PwSVLmV.exe
  C:\Windows\System\PwSVLmV.exe
  2⤵
  PID:6488
- C:\Windows\System\Rxtraqb.exe
  C:\Windows\System\Rxtraqb.exe
  2⤵
  PID:6412
- C:\Windows\System\sTLVxyJ.exe
  C:\Windows\System\sTLVxyJ.exe
  2⤵
  PID:6476
- C:\Windows\System\yLGSJkQ.exe
  C:\Windows\System\yLGSJkQ.exe
  2⤵
  PID:2852
- C:\Windows\System\iJWgAol.exe
  C:\Windows\System\iJWgAol.exe
  2⤵
  PID:6568
- C:\Windows\System\MsXuZpS.exe
  C:\Windows\System\MsXuZpS.exe
  2⤵
  PID:668
- C:\Windows\System\HuqEywc.exe
  C:\Windows\System\HuqEywc.exe
  2⤵
  PID:6744
- C:\Windows\System\IAeMPwM.exe
  C:\Windows\System\IAeMPwM.exe
  2⤵
  PID:6856
- C:\Windows\System\LqVPXIw.exe
  C:\Windows\System\LqVPXIw.exe
  2⤵
  PID:6776
- C:\Windows\System\vsOhNHt.exe
  C:\Windows\System\vsOhNHt.exe
  2⤵
  PID:6884
- C:\Windows\System\kkijWoS.exe
  C:\Windows\System\kkijWoS.exe
  2⤵
  PID:6960
- C:\Windows\System\wpFssPB.exe
  C:\Windows\System\wpFssPB.exe
  2⤵
  PID:6956
- C:\Windows\System\OxkVtKl.exe
  C:\Windows\System\OxkVtKl.exe
  2⤵
  PID:7060
- C:\Windows\System\UcEucEU.exe
  C:\Windows\System\UcEucEU.exe
  2⤵
  PID:7084
- C:\Windows\System\RKjeqKC.exe
  C:\Windows\System\RKjeqKC.exe
  2⤵
  PID:5528
- C:\Windows\System\SvNIBqK.exe
  C:\Windows\System\SvNIBqK.exe
  2⤵
  PID:5628
- C:\Windows\System\DHifMMx.exe
  C:\Windows\System\DHifMMx.exe
  2⤵
  PID:5984
- C:\Windows\System\QICkdFe.exe
  C:\Windows\System\QICkdFe.exe
  2⤵
  PID:5784
- C:\Windows\System\gcnAQmw.exe
  C:\Windows\System\gcnAQmw.exe
  2⤵
  PID:4916
- C:\Windows\System\TfOkQIe.exe
  C:\Windows\System\TfOkQIe.exe
  2⤵
  PID:5044
- C:\Windows\System\CGDeJzI.exe
  C:\Windows\System\CGDeJzI.exe
  2⤵
  PID:6292
- C:\Windows\System\HODEHdZ.exe
  C:\Windows\System\HODEHdZ.exe
  2⤵
  PID:2028
- C:\Windows\System\AwjhHGo.exe
  C:\Windows\System\AwjhHGo.exe
  2⤵
  PID:6528
- C:\Windows\System\DcGZivh.exe
  C:\Windows\System\DcGZivh.exe
  2⤵
  PID:7180
- C:\Windows\System\hbfXoRC.exe
  C:\Windows\System\hbfXoRC.exe
  2⤵
  PID:7204
- C:\Windows\System\CSvKwIk.exe
  C:\Windows\System\CSvKwIk.exe
  2⤵
  PID:7224
- C:\Windows\System\mCbhqEf.exe
  C:\Windows\System\mCbhqEf.exe
  2⤵
  PID:7244
- C:\Windows\System\nVVgozA.exe
  C:\Windows\System\nVVgozA.exe
  2⤵
  PID:7260
- C:\Windows\System\eELDmhO.exe
  C:\Windows\System\eELDmhO.exe
  2⤵
  PID:7284
- C:\Windows\System\XckXOPV.exe
  C:\Windows\System\XckXOPV.exe
  2⤵
  PID:7304
- C:\Windows\System\FHHXaix.exe
  C:\Windows\System\FHHXaix.exe
  2⤵
  PID:7324
- C:\Windows\System\cApEtec.exe
  C:\Windows\System\cApEtec.exe
  2⤵
  PID:7344
- C:\Windows\System\wiIUBuz.exe
  C:\Windows\System\wiIUBuz.exe
  2⤵
  PID:7364
- C:\Windows\System\jEQvJcr.exe
  C:\Windows\System\jEQvJcr.exe
  2⤵
  PID:7384
- C:\Windows\System\CeWVCTJ.exe
  C:\Windows\System\CeWVCTJ.exe
  2⤵
  PID:7404
- C:\Windows\System\PQZUDLC.exe
  C:\Windows\System\PQZUDLC.exe
  2⤵
  PID:7424
- C:\Windows\System\rPrzDpg.exe
  C:\Windows\System\rPrzDpg.exe
  2⤵
  PID:7444
- C:\Windows\System\ZipnHIG.exe
  C:\Windows\System\ZipnHIG.exe
  2⤵
  PID:7464
- C:\Windows\System\rwKrzvv.exe
  C:\Windows\System\rwKrzvv.exe
  2⤵
  PID:7484
- C:\Windows\System\NpKhmCP.exe
  C:\Windows\System\NpKhmCP.exe
  2⤵
  PID:7500
- C:\Windows\System\oQsMpvU.exe
  C:\Windows\System\oQsMpvU.exe
  2⤵
  PID:7524
- C:\Windows\System\JiDcmqn.exe
  C:\Windows\System\JiDcmqn.exe
  2⤵
  PID:7544
- C:\Windows\System\sGkaxJH.exe
  C:\Windows\System\sGkaxJH.exe
  2⤵
  PID:7564
- C:\Windows\System\BkpgtCT.exe
  C:\Windows\System\BkpgtCT.exe
  2⤵
  PID:7584
- C:\Windows\System\YRhwhiX.exe
  C:\Windows\System\YRhwhiX.exe
  2⤵
  PID:7604
- C:\Windows\System\vgVuCBY.exe
  C:\Windows\System\vgVuCBY.exe
  2⤵
  PID:7624
- C:\Windows\System\TGEFjYd.exe
  C:\Windows\System\TGEFjYd.exe
  2⤵
  PID:7644
- C:\Windows\System\XpxTTKp.exe
  C:\Windows\System\XpxTTKp.exe
  2⤵
  PID:7664
- C:\Windows\System\YfARfsB.exe
  C:\Windows\System\YfARfsB.exe
  2⤵
  PID:7684
- C:\Windows\System\WpPyxhH.exe
  C:\Windows\System\WpPyxhH.exe
  2⤵
  PID:7704
- C:\Windows\System\WGscJtM.exe
  C:\Windows\System\WGscJtM.exe
  2⤵
  PID:7724
- C:\Windows\System\pTgCuIz.exe
  C:\Windows\System\pTgCuIz.exe
  2⤵
  PID:7744
- C:\Windows\System\MODqDUR.exe
  C:\Windows\System\MODqDUR.exe
  2⤵
  PID:7764
- C:\Windows\System\hAxpQcI.exe
  C:\Windows\System\hAxpQcI.exe
  2⤵
  PID:7784
- C:\Windows\System\tdLeiwR.exe
  C:\Windows\System\tdLeiwR.exe
  2⤵
  PID:7808
- C:\Windows\System\IagEaOd.exe
  C:\Windows\System\IagEaOd.exe
  2⤵
  PID:7828
- C:\Windows\System\ScnUiqE.exe
  C:\Windows\System\ScnUiqE.exe
  2⤵
  PID:7848
- C:\Windows\System\AqhWlFV.exe
  C:\Windows\System\AqhWlFV.exe
  2⤵
  PID:7868
- C:\Windows\System\vUjVnww.exe
  C:\Windows\System\vUjVnww.exe
  2⤵
  PID:7888
- C:\Windows\System\mGGurom.exe
  C:\Windows\System\mGGurom.exe
  2⤵
  PID:7908
- C:\Windows\System\ctFWaVM.exe
  C:\Windows\System\ctFWaVM.exe
  2⤵
  PID:7928
- C:\Windows\System\stOGZit.exe
  C:\Windows\System\stOGZit.exe
  2⤵
  PID:7944
- C:\Windows\System\KwgyRVG.exe
  C:\Windows\System\KwgyRVG.exe
  2⤵
  PID:7964
- C:\Windows\System\NhnNnZw.exe
  C:\Windows\System\NhnNnZw.exe
  2⤵
  PID:7984
- C:\Windows\System\tZLGTdB.exe
  C:\Windows\System\tZLGTdB.exe
  2⤵
  PID:8004
- C:\Windows\System\nLlrPCm.exe
  C:\Windows\System\nLlrPCm.exe
  2⤵
  PID:8028
- C:\Windows\System\HMaWLeH.exe
  C:\Windows\System\HMaWLeH.exe
  2⤵
  PID:8048
- C:\Windows\System\NlWYdIh.exe
  C:\Windows\System\NlWYdIh.exe
  2⤵
  PID:8068
- C:\Windows\System\iYmPjVb.exe
  C:\Windows\System\iYmPjVb.exe
  2⤵
  PID:8088
- C:\Windows\System\SQqKnLm.exe
  C:\Windows\System\SQqKnLm.exe
  2⤵
  PID:8108
- C:\Windows\System\nZWeEUv.exe
  C:\Windows\System\nZWeEUv.exe
  2⤵
  PID:8128
- C:\Windows\System\mgtwJOz.exe
  C:\Windows\System\mgtwJOz.exe
  2⤵
  PID:8148
- C:\Windows\System\UWeXzFI.exe
  C:\Windows\System\UWeXzFI.exe
  2⤵
  PID:8168
- C:\Windows\System\zhjbwSn.exe
  C:\Windows\System\zhjbwSn.exe
  2⤵
  PID:8188
- C:\Windows\System\ktyMQgI.exe
  C:\Windows\System\ktyMQgI.exe
  2⤵
  PID:2480
- C:\Windows\System\BusxRkU.exe
  C:\Windows\System\BusxRkU.exe
  2⤵
  PID:6652
- C:\Windows\System\VuPnsYQ.exe
  C:\Windows\System\VuPnsYQ.exe
  2⤵
  PID:6612
- C:\Windows\System\CdaCQyc.exe
  C:\Windows\System\CdaCQyc.exe
  2⤵
  PID:6764
- C:\Windows\System\HtdpWNF.exe
  C:\Windows\System\HtdpWNF.exe
  2⤵
  PID:1816
- C:\Windows\System\UAsWNrj.exe
  C:\Windows\System\UAsWNrj.exe
  2⤵
  PID:6920
- C:\Windows\System\hBZMVZN.exe
  C:\Windows\System\hBZMVZN.exe
  2⤵
  PID:2876
- C:\Windows\System\lcAdHpY.exe
  C:\Windows\System\lcAdHpY.exe
  2⤵
  PID:7156
- C:\Windows\System\QZZHfYi.exe
  C:\Windows\System\QZZHfYi.exe
  2⤵
  PID:5468
- C:\Windows\System\ypgcaJW.exe
  C:\Windows\System\ypgcaJW.exe
  2⤵
  PID:4608
- C:\Windows\System\EeIcLvE.exe
  C:\Windows\System\EeIcLvE.exe
  2⤵
  PID:4196
- C:\Windows\System\JjCPjLZ.exe
  C:\Windows\System\JjCPjLZ.exe
  2⤵
  PID:6156
- C:\Windows\System\NioVExF.exe
  C:\Windows\System\NioVExF.exe
  2⤵
  PID:6248
- C:\Windows\System\cZvpVUL.exe
  C:\Windows\System\cZvpVUL.exe
  2⤵
  PID:7200
- C:\Windows\System\xzTYnvI.exe
  C:\Windows\System\xzTYnvI.exe
  2⤵
  PID:7212
- C:\Windows\System\aSIMUgX.exe
  C:\Windows\System\aSIMUgX.exe
  2⤵
  PID:7236
- C:\Windows\System\CdcaWci.exe
  C:\Windows\System\CdcaWci.exe
  2⤵
  PID:7252
- C:\Windows\System\OYAdTxo.exe
  C:\Windows\System\OYAdTxo.exe
  2⤵
  PID:7292
- C:\Windows\System\DxbDnKS.exe
  C:\Windows\System\DxbDnKS.exe
  2⤵
  PID:7360
- C:\Windows\System\IOKzQOg.exe
  C:\Windows\System\IOKzQOg.exe
  2⤵
  PID:7392
- C:\Windows\System\NyaNdJG.exe
  C:\Windows\System\NyaNdJG.exe
  2⤵
  PID:7376
- C:\Windows\System\NSORUbY.exe
  C:\Windows\System\NSORUbY.exe
  2⤵
  PID:7432
- C:\Windows\System\geBtcsB.exe
  C:\Windows\System\geBtcsB.exe
  2⤵
  PID:7460
- C:\Windows\System\GPbuAyi.exe
  C:\Windows\System\GPbuAyi.exe
  2⤵
  PID:7512
- C:\Windows\System\jdZVgaF.exe
  C:\Windows\System\jdZVgaF.exe
  2⤵
  PID:7560
- C:\Windows\System\jnuAnrz.exe
  C:\Windows\System\jnuAnrz.exe
  2⤵
  PID:7540
- C:\Windows\System\mGYrjac.exe
  C:\Windows\System\mGYrjac.exe
  2⤵
  PID:7612
- C:\Windows\System\nimwCId.exe
  C:\Windows\System\nimwCId.exe
  2⤵
  PID:7652
- C:\Windows\System\gtOjveb.exe
  C:\Windows\System\gtOjveb.exe
  2⤵
  PID:7676
- C:\Windows\System\fCcDqee.exe
  C:\Windows\System\fCcDqee.exe
  2⤵
  PID:7696
- C:\Windows\System\lpjENtL.exe
  C:\Windows\System\lpjENtL.exe
  2⤵
  PID:7800
- C:\Windows\System\UnxxhpT.exe
  C:\Windows\System\UnxxhpT.exe
  2⤵
  PID:7796
- C:\Windows\System\HpkoQiV.exe
  C:\Windows\System\HpkoQiV.exe
  2⤵
  PID:7780
- C:\Windows\System\obgTlvv.exe
  C:\Windows\System\obgTlvv.exe
  2⤵
  PID:7824
- C:\Windows\System\tfrlqyz.exe
  C:\Windows\System\tfrlqyz.exe
  2⤵
  PID:2792
- C:\Windows\System\TvTdcny.exe
  C:\Windows\System\TvTdcny.exe
  2⤵
  PID:7876
- C:\Windows\System\gQTEvky.exe
  C:\Windows\System\gQTEvky.exe
  2⤵
  PID:7916
- C:\Windows\System\QqKOWJs.exe
  C:\Windows\System\QqKOWJs.exe
  2⤵
  PID:7952
- C:\Windows\System\wbAcaVT.exe
  C:\Windows\System\wbAcaVT.exe
  2⤵
  PID:7996
- C:\Windows\System\RvtgNTx.exe
  C:\Windows\System\RvtgNTx.exe
  2⤵
  PID:7976
- C:\Windows\System\rSneyzg.exe
  C:\Windows\System\rSneyzg.exe
  2⤵
  PID:8020
- C:\Windows\System\wRkDpba.exe
  C:\Windows\System\wRkDpba.exe
  2⤵
  PID:8064
- C:\Windows\System\iGOsRJc.exe
  C:\Windows\System\iGOsRJc.exe
  2⤵
  PID:8104
- C:\Windows\System\gFPysjY.exe
  C:\Windows\System\gFPysjY.exe
  2⤵
  PID:8156
- C:\Windows\System\oFrscZm.exe
  C:\Windows\System\oFrscZm.exe
  2⤵
  PID:8140
- C:\Windows\System\Shpaiyv.exe
  C:\Windows\System\Shpaiyv.exe
  2⤵
  PID:6432
- C:\Windows\System\GElBiaW.exe
  C:\Windows\System\GElBiaW.exe
  2⤵
  PID:6756
- C:\Windows\System\bybQZdR.exe
  C:\Windows\System\bybQZdR.exe
  2⤵
  PID:6980
- C:\Windows\System\TQaPUhG.exe
  C:\Windows\System\TQaPUhG.exe
  2⤵
  PID:7136
- C:\Windows\System\zYDWRxb.exe
  C:\Windows\System\zYDWRxb.exe
  2⤵
  PID:6820
- C:\Windows\System\SjoFZgF.exe
  C:\Windows\System\SjoFZgF.exe
  2⤵
  PID:5972
- C:\Windows\System\jbxpaYJ.exe
  C:\Windows\System\jbxpaYJ.exe
  2⤵
  PID:2804
- C:\Windows\System\EnMMURl.exe
  C:\Windows\System\EnMMURl.exe
  2⤵
  PID:6376
- C:\Windows\System\xfdjeHZ.exe
  C:\Windows\System\xfdjeHZ.exe
  2⤵
  PID:7172
- C:\Windows\System\TAIOhXE.exe
  C:\Windows\System\TAIOhXE.exe
  2⤵
  PID:6328
- C:\Windows\System\DEXjILR.exe
  C:\Windows\System\DEXjILR.exe
  2⤵
  PID:7216
- C:\Windows\System\fSDhMgh.exe
  C:\Windows\System\fSDhMgh.exe
  2⤵
  PID:7396
- C:\Windows\System\IVmlBGc.exe
  C:\Windows\System\IVmlBGc.exe
  2⤵
  PID:7436
- C:\Windows\System\MyJueIx.exe
  C:\Windows\System\MyJueIx.exe
  2⤵
  PID:7496
- C:\Windows\System\zJOdeoQ.exe
  C:\Windows\System\zJOdeoQ.exe
  2⤵
  PID:7596
- C:\Windows\System\BLRtWag.exe
  C:\Windows\System\BLRtWag.exe
  2⤵
  PID:7508
- C:\Windows\System\pLzMboy.exe
  C:\Windows\System\pLzMboy.exe
  2⤵
  PID:7592
- C:\Windows\System\hwEEEIO.exe
  C:\Windows\System\hwEEEIO.exe
  2⤵
  PID:7656
- C:\Windows\System\AiGgzmG.exe
  C:\Windows\System\AiGgzmG.exe
  2⤵
  PID:7756
- C:\Windows\System\HQwjpLR.exe
  C:\Windows\System\HQwjpLR.exe
  2⤵
  PID:7736
- C:\Windows\System\GIPLYAt.exe
  C:\Windows\System\GIPLYAt.exe
  2⤵
  PID:2660
- C:\Windows\System\HqpdboY.exe
  C:\Windows\System\HqpdboY.exe
  2⤵
  PID:7856
- C:\Windows\System\xGkARvM.exe
  C:\Windows\System\xGkARvM.exe
  2⤵
  PID:7924
- C:\Windows\System\azRNWmh.exe
  C:\Windows\System\azRNWmh.exe
  2⤵
  PID:7904
- C:\Windows\System\EludweN.exe
  C:\Windows\System\EludweN.exe
  2⤵
  PID:8016
- C:\Windows\System\GQqCbWH.exe
  C:\Windows\System\GQqCbWH.exe
  2⤵
  PID:8076
- C:\Windows\System\ZTWFUnT.exe
  C:\Windows\System\ZTWFUnT.exe
  2⤵
  PID:8144
- C:\Windows\System\vHFhAZv.exe
  C:\Windows\System\vHFhAZv.exe
  2⤵
  PID:8124
- C:\Windows\System\bEWneFs.exe
  C:\Windows\System\bEWneFs.exe
  2⤵
  PID:6780
- C:\Windows\System\hNZnpNx.exe
  C:\Windows\System\hNZnpNx.exe
  2⤵
  PID:6924
- C:\Windows\System\sOJdYQc.exe
  C:\Windows\System\sOJdYQc.exe
  2⤵
  PID:7080
- C:\Windows\System\FYwezNW.exe
  C:\Windows\System\FYwezNW.exe
  2⤵
  PID:5572
- C:\Windows\System\eqAxDzt.exe
  C:\Windows\System\eqAxDzt.exe
  2⤵
  PID:7124
- C:\Windows\System\JbLDshV.exe
  C:\Windows\System\JbLDshV.exe
  2⤵
  PID:7232
- C:\Windows\System\kCLCYZp.exe
  C:\Windows\System\kCLCYZp.exe
  2⤵
  PID:7296
- C:\Windows\System\eFiUsew.exe
  C:\Windows\System\eFiUsew.exe
  2⤵
  PID:7380
- C:\Windows\System\ZFRAJaD.exe
  C:\Windows\System\ZFRAJaD.exe
  2⤵
  PID:7480
- C:\Windows\System\yslTIPw.exe
  C:\Windows\System\yslTIPw.exe
  2⤵
  PID:7636
- C:\Windows\System\MCupkwB.exe
  C:\Windows\System\MCupkwB.exe
  2⤵
  PID:7420
- C:\Windows\System\HZUzPxY.exe
  C:\Windows\System\HZUzPxY.exe
  2⤵
  PID:7792
- C:\Windows\System\DTyvuBc.exe
  C:\Windows\System\DTyvuBc.exe
  2⤵
  PID:2840
- C:\Windows\System\jrXsUOV.exe
  C:\Windows\System\jrXsUOV.exe
  2⤵
  PID:2892
- C:\Windows\System\WmdAvmS.exe
  C:\Windows\System\WmdAvmS.exe
  2⤵
  PID:8036
- C:\Windows\System\dJCnrEz.exe
  C:\Windows\System\dJCnrEz.exe
  2⤵
  PID:2916
- C:\Windows\System\JDIhsvJ.exe
  C:\Windows\System\JDIhsvJ.exe
  2⤵
  PID:7940
- C:\Windows\System\CIwWqpR.exe
  C:\Windows\System\CIwWqpR.exe
  2⤵
  PID:6860
- C:\Windows\System\vAEULbb.exe
  C:\Windows\System\vAEULbb.exe
  2⤵
  PID:7240
- C:\Windows\System\GFoQbPA.exe
  C:\Windows\System\GFoQbPA.exe
  2⤵
  PID:7104
- C:\Windows\System\nfRyuXW.exe
  C:\Windows\System\nfRyuXW.exe
  2⤵
  PID:7280
- C:\Windows\System\tDQmvSh.exe
  C:\Windows\System\tDQmvSh.exe
  2⤵
  PID:8200
- C:\Windows\System\gfaigig.exe
  C:\Windows\System\gfaigig.exe
  2⤵
  PID:8220
- C:\Windows\System\CwThNyJ.exe
  C:\Windows\System\CwThNyJ.exe
  2⤵
  PID:8240
- C:\Windows\System\DIMtyXt.exe
  C:\Windows\System\DIMtyXt.exe
  2⤵
  PID:8260
- C:\Windows\System\rVcZnsv.exe
  C:\Windows\System\rVcZnsv.exe
  2⤵
  PID:8276
- C:\Windows\System\DjpyYzy.exe
  C:\Windows\System\DjpyYzy.exe
  2⤵
  PID:8292
- C:\Windows\System\uBUTKKk.exe
  C:\Windows\System\uBUTKKk.exe
  2⤵
  PID:8308
- C:\Windows\System\zhxQdwU.exe
  C:\Windows\System\zhxQdwU.exe
  2⤵
  PID:8324
- C:\Windows\System\HtdiTVr.exe
  C:\Windows\System\HtdiTVr.exe
  2⤵
  PID:8344
- C:\Windows\System\lDqDoTM.exe
  C:\Windows\System\lDqDoTM.exe
  2⤵
  PID:8360
- C:\Windows\System\sGnDmsS.exe
  C:\Windows\System\sGnDmsS.exe
  2⤵
  PID:8376
- C:\Windows\System\lQNmOxk.exe
  C:\Windows\System\lQNmOxk.exe
  2⤵
  PID:8392
- C:\Windows\System\tEIbPjT.exe
  C:\Windows\System\tEIbPjT.exe
  2⤵
  PID:8408
- C:\Windows\System\RMlROqe.exe
  C:\Windows\System\RMlROqe.exe
  2⤵
  PID:8424
- C:\Windows\System\gJSLGwA.exe
  C:\Windows\System\gJSLGwA.exe
  2⤵
  PID:8440
- C:\Windows\System\NIokSXR.exe
  C:\Windows\System\NIokSXR.exe
  2⤵
  PID:8500
- C:\Windows\System\JRjpgtC.exe
  C:\Windows\System\JRjpgtC.exe
  2⤵
  PID:8516
- C:\Windows\System\rpAOUTv.exe
  C:\Windows\System\rpAOUTv.exe
  2⤵
  PID:8536
- C:\Windows\System\zgOuKlD.exe
  C:\Windows\System\zgOuKlD.exe
  2⤵
  PID:8568
- C:\Windows\System\gPvRVKv.exe
  C:\Windows\System\gPvRVKv.exe
  2⤵
  PID:8600
- C:\Windows\System\uUebLYu.exe
  C:\Windows\System\uUebLYu.exe
  2⤵
  PID:8620
- C:\Windows\System\ZVJTYJT.exe
  C:\Windows\System\ZVJTYJT.exe
  2⤵
  PID:8640
- C:\Windows\System\NVLOilZ.exe
  C:\Windows\System\NVLOilZ.exe
  2⤵
  PID:8656
- C:\Windows\System\eLOUgWI.exe
  C:\Windows\System\eLOUgWI.exe
  2⤵
  PID:8672
- C:\Windows\System\ggycpEK.exe
  C:\Windows\System\ggycpEK.exe
  2⤵
  PID:8688
- C:\Windows\System\wBNMtJF.exe
  C:\Windows\System\wBNMtJF.exe
  2⤵
  PID:8704
- C:\Windows\System\lJDTlah.exe
  C:\Windows\System\lJDTlah.exe
  2⤵
  PID:8720
- C:\Windows\System\LymUMPy.exe
  C:\Windows\System\LymUMPy.exe
  2⤵
  PID:8736
- C:\Windows\System\QzOOhLJ.exe
  C:\Windows\System\QzOOhLJ.exe
  2⤵
  PID:8756
- C:\Windows\System\IzuFQhV.exe
  C:\Windows\System\IzuFQhV.exe
  2⤵
  PID:8772
- C:\Windows\System\gZbYYJZ.exe
  C:\Windows\System\gZbYYJZ.exe
  2⤵
  PID:8788
- C:\Windows\System\aJTExUm.exe
  C:\Windows\System\aJTExUm.exe
  2⤵
  PID:8804
- C:\Windows\System\aGjMDTv.exe
  C:\Windows\System\aGjMDTv.exe
  2⤵
  PID:8820
- C:\Windows\System\DmtlVjZ.exe
  C:\Windows\System\DmtlVjZ.exe
  2⤵
  PID:8840
- C:\Windows\System\BYSICNV.exe
  C:\Windows\System\BYSICNV.exe
  2⤵
  PID:8860
- C:\Windows\System\iUzwckB.exe
  C:\Windows\System\iUzwckB.exe
  2⤵
  PID:8876
- C:\Windows\System\pBBkVwl.exe
  C:\Windows\System\pBBkVwl.exe
  2⤵
  PID:8892
- C:\Windows\System\rhPAcXq.exe
  C:\Windows\System\rhPAcXq.exe
  2⤵
  PID:8912
- C:\Windows\System\zEAEtEN.exe
  C:\Windows\System\zEAEtEN.exe
  2⤵
  PID:8928
- C:\Windows\System\awPLDKr.exe
  C:\Windows\System\awPLDKr.exe
  2⤵
  PID:8944
- C:\Windows\System\nILfHOV.exe
  C:\Windows\System\nILfHOV.exe
  2⤵
  PID:8964
- C:\Windows\System\RCyKMxW.exe
  C:\Windows\System\RCyKMxW.exe
  2⤵
  PID:8984
- C:\Windows\System\WrRlamD.exe
  C:\Windows\System\WrRlamD.exe
  2⤵
  PID:9000
- C:\Windows\System\lMhnUVB.exe
  C:\Windows\System\lMhnUVB.exe
  2⤵
  PID:9016
- C:\Windows\System\GbUhfre.exe
  C:\Windows\System\GbUhfre.exe
  2⤵
  PID:9032
- C:\Windows\System\tFVFONi.exe
  C:\Windows\System\tFVFONi.exe
  2⤵
  PID:9048
- C:\Windows\System\JGGXvCA.exe
  C:\Windows\System\JGGXvCA.exe
  2⤵
  PID:9068
- C:\Windows\System\fCeOsPQ.exe
  C:\Windows\System\fCeOsPQ.exe
  2⤵
  PID:9084
- C:\Windows\System\MZUUeJV.exe
  C:\Windows\System\MZUUeJV.exe
  2⤵
  PID:9104
- C:\Windows\System\vFVFnrx.exe
  C:\Windows\System\vFVFnrx.exe
  2⤵
  PID:9128
- C:\Windows\System\xCItXwg.exe
  C:\Windows\System\xCItXwg.exe
  2⤵
  PID:9144
- C:\Windows\System\fXaBLes.exe
  C:\Windows\System\fXaBLes.exe
  2⤵
  PID:9160
- C:\Windows\System\ijiwkip.exe
  C:\Windows\System\ijiwkip.exe
  2⤵
  PID:9176
- C:\Windows\System\gfyOBNQ.exe
  C:\Windows\System\gfyOBNQ.exe
  2⤵
  PID:9192
- C:\Windows\System\CfFOVye.exe
  C:\Windows\System\CfFOVye.exe
  2⤵
  PID:9208
- C:\Windows\System\jzUgbZB.exe
  C:\Windows\System\jzUgbZB.exe
  2⤵
  PID:7616
- C:\Windows\System\qqdpzrw.exe
  C:\Windows\System\qqdpzrw.exe
  2⤵
  PID:7672
- C:\Windows\System\cQSzaLS.exe
  C:\Windows\System\cQSzaLS.exe
  2⤵
  PID:7732
- C:\Windows\System\VzXUgyd.exe
  C:\Windows\System\VzXUgyd.exe
  2⤵
  PID:8288
- C:\Windows\System\kwrJbKr.exe
  C:\Windows\System\kwrJbKr.exe
  2⤵
  PID:8320
- C:\Windows\System\kpXOYZv.exe
  C:\Windows\System\kpXOYZv.exe
  2⤵
  PID:8384
- C:\Windows\System\wviZppr.exe
  C:\Windows\System\wviZppr.exe
  2⤵
  PID:8448
- C:\Windows\System\GApoCMt.exe
  C:\Windows\System\GApoCMt.exe
  2⤵
  PID:8464
- C:\Windows\System\NKggBRS.exe
  C:\Windows\System\NKggBRS.exe
  2⤵
  PID:3300
- C:\Windows\System\GpZPnzJ.exe
  C:\Windows\System\GpZPnzJ.exe
  2⤵
  PID:8512
- C:\Windows\System\VPiUuMq.exe
  C:\Windows\System\VPiUuMq.exe
  2⤵
  PID:8552
- C:\Windows\System\MIIvMuY.exe
  C:\Windows\System\MIIvMuY.exe
  2⤵
  PID:1552
- C:\Windows\System\FmopqPi.exe
  C:\Windows\System\FmopqPi.exe
  2⤵
  PID:4700
- C:\Windows\System\qZEZHrg.exe
  C:\Windows\System\qZEZHrg.exe
  2⤵
  PID:4648
- C:\Windows\System\HsxhhzK.exe
  C:\Windows\System\HsxhhzK.exe
  2⤵
  PID:5228
- C:\Windows\System\RWQPJEb.exe
  C:\Windows\System\RWQPJEb.exe
  2⤵
  PID:8632
- C:\Windows\System\UIzDAhF.exe
  C:\Windows\System\UIzDAhF.exe
  2⤵
  PID:8680
- C:\Windows\System\mkaRqpl.exe
  C:\Windows\System\mkaRqpl.exe
  2⤵
  PID:8664
- C:\Windows\System\eHBWuII.exe
  C:\Windows\System\eHBWuII.exe
  2⤵
  PID:1132
- C:\Windows\System\cITivkD.exe
  C:\Windows\System\cITivkD.exe
  2⤵
  PID:8780
- C:\Windows\System\XVucNyA.exe
  C:\Windows\System\XVucNyA.exe
  2⤵
  PID:1084
- C:\Windows\System\BGoaASH.exe
  C:\Windows\System\BGoaASH.exe
  2⤵
  PID:8768
- C:\Windows\System\TgPilEH.exe
  C:\Windows\System\TgPilEH.exe
  2⤵
  PID:8828
- C:\Windows\System\xLbJPcC.exe
  C:\Windows\System\xLbJPcC.exe
  2⤵
  PID:8920
- C:\Windows\System\GFeCFyt.exe
  C:\Windows\System\GFeCFyt.exe
  2⤵
  PID:2920
- C:\Windows\System\UnCcnjh.exe
  C:\Windows\System\UnCcnjh.exe
  2⤵
  PID:2944
- C:\Windows\System\FkTJkCA.exe
  C:\Windows\System\FkTJkCA.exe
  2⤵
  PID:8940
- C:\Windows\System\ueTYioO.exe
  C:\Windows\System\ueTYioO.exe
  2⤵
  PID:1296
- C:\Windows\System\YcJVHCm.exe
  C:\Windows\System\YcJVHCm.exe
  2⤵
  PID:9040
- C:\Windows\System\vReppdZ.exe
  C:\Windows\System\vReppdZ.exe
  2⤵
  PID:9092
- C:\Windows\System\CMVqwaY.exe
  C:\Windows\System\CMVqwaY.exe
  2⤵
  PID:9136
- C:\Windows\System\PulBwra.exe
  C:\Windows\System\PulBwra.exe
  2⤵
  PID:9124
- C:\Windows\System\JvOeNCn.exe
  C:\Windows\System\JvOeNCn.exe
  2⤵
  PID:2452
- C:\Windows\System\BxkUiJn.exe
  C:\Windows\System\BxkUiJn.exe
  2⤵
  PID:3000
- C:\Windows\System\bkhBhUC.exe
  C:\Windows\System\bkhBhUC.exe
  2⤵
  PID:7576
- C:\Windows\System\kJteZDD.exe
  C:\Windows\System\kJteZDD.exe
  2⤵
  PID:7416
- C:\Windows\System\hDURwMj.exe
  C:\Windows\System\hDURwMj.exe
  2⤵
  PID:2848
- C:\Windows\System\pgiyLEV.exe
  C:\Windows\System\pgiyLEV.exe
  2⤵
  PID:8000
- C:\Windows\System\kHaXvVx.exe
  C:\Windows\System\kHaXvVx.exe
  2⤵
  PID:2732
- C:\Windows\System\tJzqddC.exe
  C:\Windows\System\tJzqddC.exe
  2⤵
  PID:6596
- C:\Windows\System\EyJRawG.exe
  C:\Windows\System\EyJRawG.exe
  2⤵
  PID:8160
- C:\Windows\System\WdehPVO.exe
  C:\Windows\System\WdehPVO.exe
  2⤵
  PID:1804
- C:\Windows\System\HSKPrpF.exe
  C:\Windows\System\HSKPrpF.exe
  2⤵
  PID:1972
- C:\Windows\System\DVZMqWj.exe
  C:\Windows\System\DVZMqWj.exe
  2⤵
  PID:1036
- C:\Windows\System\qwTjCrn.exe
  C:\Windows\System\qwTjCrn.exe
  2⤵
  PID:7492
- C:\Windows\System\qfYavJW.exe
  C:\Windows\System\qfYavJW.exe
  2⤵
  PID:8212
- C:\Windows\System\UMmmEGi.exe
  C:\Windows\System\UMmmEGi.exe
  2⤵
  PID:404
- C:\Windows\System\BwNEwGy.exe
  C:\Windows\System\BwNEwGy.exe
  2⤵
  PID:2120
- C:\Windows\System\ZGqqNbb.exe
  C:\Windows\System\ZGqqNbb.exe
  2⤵
  PID:8400
- C:\Windows\System\IKEBQOh.exe
  C:\Windows\System\IKEBQOh.exe
  2⤵
  PID:8460
- C:\Windows\System\crAPtJC.exe
  C:\Windows\System\crAPtJC.exe
  2⤵
  PID:8472
- C:\Windows\System\cHBzemF.exe
  C:\Windows\System\cHBzemF.exe
  2⤵
  PID:1876
- C:\Windows\System\mpUBoXA.exe
  C:\Windows\System\mpUBoXA.exe
  2⤵
  PID:8484
- C:\Windows\System\CkNsUfw.exe
  C:\Windows\System\CkNsUfw.exe
  2⤵
  PID:8544
- C:\Windows\System\fqynPUS.exe
  C:\Windows\System\fqynPUS.exe
  2⤵
  PID:4588
- C:\Windows\System\YeTzmEv.exe
  C:\Windows\System\YeTzmEv.exe
  2⤵
  PID:8560
- C:\Windows\System\sFwSxYz.exe
  C:\Windows\System\sFwSxYz.exe
  2⤵
  PID:3036
- C:\Windows\System\DrVTuNb.exe
  C:\Windows\System\DrVTuNb.exe
  2⤵
  PID:8252
- C:\Windows\System\QXurWjB.exe
  C:\Windows\System\QXurWjB.exe
  2⤵
  PID:8716
- C:\Windows\System\JMzcYln.exe
  C:\Windows\System\JMzcYln.exe
  2⤵
  PID:8764
- C:\Windows\System\JiEEAKM.exe
  C:\Windows\System\JiEEAKM.exe
  2⤵
  PID:8888
- C:\Windows\System\sRaooNc.exe
  C:\Windows\System\sRaooNc.exe
  2⤵
  PID:8976
- C:\Windows\System\DBPQQVi.exe
  C:\Windows\System\DBPQQVi.exe
  2⤵
  PID:8800
- C:\Windows\System\vDLgLQJ.exe
  C:\Windows\System\vDLgLQJ.exe
  2⤵
  PID:8796
- C:\Windows\System\tihyNFa.exe
  C:\Windows\System\tihyNFa.exe
  2⤵
  PID:9012
- C:\Windows\System\xlkQuDO.exe
  C:\Windows\System\xlkQuDO.exe
  2⤵
  PID:9168
- C:\Windows\System\AJtaYVb.exe
  C:\Windows\System\AJtaYVb.exe
  2⤵
  PID:7332
- C:\Windows\System\CqRmWyx.exe
  C:\Windows\System\CqRmWyx.exe
  2⤵
  PID:6428
- C:\Windows\System\OTDzIob.exe
  C:\Windows\System\OTDzIob.exe
  2⤵
  PID:2444
- C:\Windows\System\whgyGSN.exe
  C:\Windows\System\whgyGSN.exe
  2⤵
  PID:2456
- C:\Windows\System\ovRNZLK.exe
  C:\Windows\System\ovRNZLK.exe
  2⤵
  PID:2356
- C:\Windows\System\odNZBjj.exe
  C:\Windows\System\odNZBjj.exe
  2⤵
  PID:5264
- C:\Windows\System\kRaiwtC.exe
  C:\Windows\System\kRaiwtC.exe
  2⤵
  PID:6576
- C:\Windows\System\FdeKkaQ.exe
  C:\Windows\System\FdeKkaQ.exe
  2⤵
  PID:1904
- C:\Windows\System\oqchYGg.exe
  C:\Windows\System\oqchYGg.exe
  2⤵
  PID:3024
- C:\Windows\System\GCZrURm.exe
  C:\Windows\System\GCZrURm.exe
  2⤵
  PID:8232
- C:\Windows\System\HWJjqxe.exe
  C:\Windows\System\HWJjqxe.exe
  2⤵
  PID:1300
- C:\Windows\System\QNyWjbC.exe
  C:\Windows\System\QNyWjbC.exe
  2⤵
  PID:324
- C:\Windows\System\eCgClOz.exe
  C:\Windows\System\eCgClOz.exe
  2⤵
  PID:2308
- C:\Windows\System\ntrnMDi.exe
  C:\Windows\System\ntrnMDi.exe
  2⤵
  PID:8356
- C:\Windows\System\OOERCiH.exe
  C:\Windows\System\OOERCiH.exe
  2⤵
  PID:2164
- C:\Windows\System\JTYbCoP.exe
  C:\Windows\System\JTYbCoP.exe
  2⤵
  PID:9060
- C:\Windows\System\WmTUgug.exe
  C:\Windows\System\WmTUgug.exe
  2⤵
  PID:7752
- C:\Windows\System\VzonivP.exe
  C:\Windows\System\VzonivP.exe
  2⤵
  PID:8696
- C:\Windows\System\kHHHBtq.exe
  C:\Windows\System\kHHHBtq.exe
  2⤵
  PID:8936
- C:\Windows\System\EfLQBWz.exe
  C:\Windows\System\EfLQBWz.exe
  2⤵
  PID:9080
- C:\Windows\System\EleJTFb.exe
  C:\Windows\System\EleJTFb.exe
  2⤵
  PID:1540
- C:\Windows\System\hhYAAsq.exe
  C:\Windows\System\hhYAAsq.exe
  2⤵
  PID:1700
- C:\Windows\System\ROTVUFY.exe
  C:\Windows\System\ROTVUFY.exe
  2⤵
  PID:8024
- C:\Windows\System\zKqcTci.exe
  C:\Windows\System\zKqcTci.exe
  2⤵
  PID:6456
- C:\Windows\System\FhtLaKX.exe
  C:\Windows\System\FhtLaKX.exe
  2⤵
  PID:8616
- C:\Windows\System\FAcowDF.exe
  C:\Windows\System\FAcowDF.exe
  2⤵
  PID:3416
- C:\Windows\System\HdjfGBz.exe
  C:\Windows\System\HdjfGBz.exe
  2⤵
  PID:8404
- C:\Windows\System\JkNcfnv.exe
  C:\Windows\System\JkNcfnv.exe
  2⤵
  PID:2908
- C:\Windows\System\UBecKeo.exe
  C:\Windows\System\UBecKeo.exe
  2⤵
  PID:8812
- C:\Windows\System\veBzCtz.exe
  C:\Windows\System\veBzCtz.exe
  2⤵
  PID:8712
- C:\Windows\System\qeocOfO.exe
  C:\Windows\System\qeocOfO.exe
  2⤵
  PID:9116
- C:\Windows\System\JHDbwMe.exe
  C:\Windows\System\JHDbwMe.exe
  2⤵
  PID:8700
- C:\Windows\System\YPTWmcz.exe
  C:\Windows\System\YPTWmcz.exe
  2⤵
  PID:9096
- C:\Windows\System\uWDTWXR.exe
  C:\Windows\System\uWDTWXR.exe
  2⤵
  PID:1652
- C:\Windows\System\zeJodcW.exe
  C:\Windows\System\zeJodcW.exe
  2⤵
  PID:2424
- C:\Windows\System\nkpathV.exe
  C:\Windows\System\nkpathV.exe
  2⤵
  PID:2172
- C:\Windows\System\MrPIfLH.exe
  C:\Windows\System\MrPIfLH.exe
  2⤵
  PID:9188
- C:\Windows\System\QBOVuSc.exe
  C:\Windows\System\QBOVuSc.exe
  2⤵
  PID:8608
- C:\Windows\System\cXPpbGL.exe
  C:\Windows\System\cXPpbGL.exe
  2⤵
  PID:2928
- C:\Windows\System\lqCJVqQ.exe
  C:\Windows\System\lqCJVqQ.exe
  2⤵
  PID:8080
- C:\Windows\System\dsFgRAy.exe
  C:\Windows\System\dsFgRAy.exe
  2⤵
  PID:8268
- C:\Windows\System\hrcpPKM.exe
  C:\Windows\System\hrcpPKM.exe
  2⤵
  PID:7476
- C:\Windows\System\uKtYGxo.exe
  C:\Windows\System\uKtYGxo.exe
  2⤵
  PID:1520
- C:\Windows\System\YUmFRMo.exe
  C:\Windows\System\YUmFRMo.exe
  2⤵
  PID:5240
- C:\Windows\System\aRGOSJp.exe
  C:\Windows\System\aRGOSJp.exe
  2⤵
  PID:7320
- C:\Windows\System\lTxHSWn.exe
  C:\Windows\System\lTxHSWn.exe
  2⤵
  PID:8576
- C:\Windows\System\iIMhDhC.exe
  C:\Windows\System\iIMhDhC.exe
  2⤵
  PID:8420
- C:\Windows\System\QEzeTIL.exe
  C:\Windows\System\QEzeTIL.exe
  2⤵
  PID:9220
- C:\Windows\System\ozKDFFO.exe
  C:\Windows\System\ozKDFFO.exe
  2⤵
  PID:9236
- C:\Windows\System\GYyPTBi.exe
  C:\Windows\System\GYyPTBi.exe
  2⤵
  PID:9252
- C:\Windows\System\LXYixRa.exe
  C:\Windows\System\LXYixRa.exe
  2⤵
  PID:9268
- C:\Windows\System\HtVzZUf.exe
  C:\Windows\System\HtVzZUf.exe
  2⤵
  PID:9284
- C:\Windows\System\zXkXBzN.exe
  C:\Windows\System\zXkXBzN.exe
  2⤵
  PID:9304
- C:\Windows\System\INSQZAu.exe
  C:\Windows\System\INSQZAu.exe
  2⤵
  PID:9320
- C:\Windows\System\gXwPyeg.exe
  C:\Windows\System\gXwPyeg.exe
  2⤵
  PID:9340
- C:\Windows\System\ZvPJnMr.exe
  C:\Windows\System\ZvPJnMr.exe
  2⤵
  PID:9356
- C:\Windows\System\zYdmBDy.exe
  C:\Windows\System\zYdmBDy.exe
  2⤵
  PID:9372
- C:\Windows\System\LTyBONE.exe
  C:\Windows\System\LTyBONE.exe
  2⤵
  PID:9388
- C:\Windows\System\GSuueAD.exe
  C:\Windows\System\GSuueAD.exe
  2⤵
  PID:9404
- C:\Windows\System\rSAdvSD.exe
  C:\Windows\System\rSAdvSD.exe
  2⤵
  PID:9424
- C:\Windows\System\zoAZwET.exe
  C:\Windows\System\zoAZwET.exe
  2⤵
  PID:9440
- C:\Windows\System\CvZXYvV.exe
  C:\Windows\System\CvZXYvV.exe
  2⤵
  PID:9456
- C:\Windows\System\kxgcuSw.exe
  C:\Windows\System\kxgcuSw.exe
  2⤵
  PID:9472
- C:\Windows\System\LqXlgSG.exe
  C:\Windows\System\LqXlgSG.exe
  2⤵
  PID:9488
- C:\Windows\System\SFbwKMF.exe
  C:\Windows\System\SFbwKMF.exe
  2⤵
  PID:9508
- C:\Windows\System\BhDjCWD.exe
  C:\Windows\System\BhDjCWD.exe
  2⤵
  PID:9524
- C:\Windows\System\QavHPCi.exe
  C:\Windows\System\QavHPCi.exe
  2⤵
  PID:9540
- C:\Windows\System\GwQqcwo.exe
  C:\Windows\System\GwQqcwo.exe
  2⤵
  PID:9556
- C:\Windows\System\YwNmCHT.exe
  C:\Windows\System\YwNmCHT.exe
  2⤵
  PID:9572
- C:\Windows\System\crnGDea.exe
  C:\Windows\System\crnGDea.exe
  2⤵
  PID:9588
- C:\Windows\System\ZbDRDJw.exe
  C:\Windows\System\ZbDRDJw.exe
  2⤵
  PID:9604
- C:\Windows\System\ZuIjTVJ.exe
  C:\Windows\System\ZuIjTVJ.exe
  2⤵
  PID:9620
- C:\Windows\System\JwlbSSr.exe
  C:\Windows\System\JwlbSSr.exe
  2⤵
  PID:9636
- C:\Windows\System\UEOCuqq.exe
  C:\Windows\System\UEOCuqq.exe
  2⤵
  PID:9652
- C:\Windows\System\Uyyzlqc.exe
  C:\Windows\System\Uyyzlqc.exe
  2⤵
  PID:9668
- C:\Windows\System\rIzSisQ.exe
  C:\Windows\System\rIzSisQ.exe
  2⤵
  PID:9724
- C:\Windows\System\RmRVxMc.exe
  C:\Windows\System\RmRVxMc.exe
  2⤵
  PID:9752
- C:\Windows\System\GIQyqEK.exe
  C:\Windows\System\GIQyqEK.exe
  2⤵
  PID:9812
- C:\Windows\System\efjgghB.exe
  C:\Windows\System\efjgghB.exe
  2⤵
  PID:9856
- C:\Windows\System\HsDngGD.exe
  C:\Windows\System\HsDngGD.exe
  2⤵
  PID:9872
- C:\Windows\System\ycMPOyU.exe
  C:\Windows\System\ycMPOyU.exe
  2⤵
  PID:9896
- C:\Windows\System\ILtyyaJ.exe
  C:\Windows\System\ILtyyaJ.exe
  2⤵
  PID:9920
- C:\Windows\System\MZCxTYY.exe
  C:\Windows\System\MZCxTYY.exe
  2⤵
  PID:9940
- C:\Windows\System\vPZTSUs.exe
  C:\Windows\System\vPZTSUs.exe
  2⤵
  PID:9956
- C:\Windows\System\pgeKVlp.exe
  C:\Windows\System\pgeKVlp.exe
  2⤵
  PID:9976
- C:\Windows\System\myfjAOt.exe
  C:\Windows\System\myfjAOt.exe
  2⤵
  PID:9992
- C:\Windows\System\xiywXKt.exe
  C:\Windows\System\xiywXKt.exe
  2⤵
  PID:10012
- C:\Windows\System\tbOaixW.exe
  C:\Windows\System\tbOaixW.exe
  2⤵
  PID:10036
- C:\Windows\System\mmmilDm.exe
  C:\Windows\System\mmmilDm.exe
  2⤵
  PID:10052
- C:\Windows\System\fMCiPEB.exe
  C:\Windows\System\fMCiPEB.exe
  2⤵
  PID:10076
- C:\Windows\System\TUtcznL.exe
  C:\Windows\System\TUtcznL.exe
  2⤵
  PID:10096
- C:\Windows\System\GjHjZLr.exe
  C:\Windows\System\GjHjZLr.exe
  2⤵
  PID:10116
- C:\Windows\System\ByMTdEC.exe
  C:\Windows\System\ByMTdEC.exe
  2⤵
  PID:10140
- C:\Windows\System\UyICPJl.exe
  C:\Windows\System\UyICPJl.exe
  2⤵
  PID:10156
- C:\Windows\System\QrdKnFH.exe
  C:\Windows\System\QrdKnFH.exe
  2⤵
  PID:10176
- C:\Windows\System\qufDlTT.exe
  C:\Windows\System\qufDlTT.exe
  2⤵
  PID:10192
- C:\Windows\System\aBgqNil.exe
  C:\Windows\System\aBgqNil.exe
  2⤵
  PID:10216
- C:\Windows\System\AQhDlrI.exe
  C:\Windows\System\AQhDlrI.exe
  2⤵
  PID:10232
- C:\Windows\System\IWgtoiU.exe
  C:\Windows\System\IWgtoiU.exe
  2⤵
  PID:9248
- C:\Windows\System\TGCyfwK.exe
  C:\Windows\System\TGCyfwK.exe
  2⤵
  PID:2380
- C:\Windows\System\UQtjBFk.exe
  C:\Windows\System\UQtjBFk.exe
  2⤵
  PID:9300
- C:\Windows\System\obUYSIL.exe
  C:\Windows\System\obUYSIL.exe
  2⤵
  PID:9336
- C:\Windows\System\iObqwtd.exe
  C:\Windows\System\iObqwtd.exe
  2⤵
  PID:9384
- C:\Windows\System\FLuPlzB.exe
  C:\Windows\System\FLuPlzB.exe
  2⤵
  PID:9468
- C:\Windows\System\xNACyYD.exe
  C:\Windows\System\xNACyYD.exe
  2⤵
  PID:9368
- C:\Windows\System\HOQROJL.exe
  C:\Windows\System\HOQROJL.exe
  2⤵
  PID:9436
- C:\Windows\System\lBebnCT.exe
  C:\Windows\System\lBebnCT.exe
  2⤵
  PID:9564
- C:\Windows\System\EJCzyru.exe
  C:\Windows\System\EJCzyru.exe
  2⤵
  PID:9520
- C:\Windows\System\mfzIeyT.exe
  C:\Windows\System\mfzIeyT.exe
  2⤵
  PID:9660
- C:\Windows\System\TNYjIgS.exe
  C:\Windows\System\TNYjIgS.exe
  2⤵
  PID:9612
- C:\Windows\System\tFsINtv.exe
  C:\Windows\System\tFsINtv.exe
  2⤵
  PID:9684
- C:\Windows\System\gItVItt.exe
  C:\Windows\System\gItVItt.exe
  2⤵
  PID:9700
- C:\Windows\System\JThcUTP.exe
  C:\Windows\System\JThcUTP.exe
  2⤵
  PID:9716
- C:\Windows\System\UDkJeft.exe
  C:\Windows\System\UDkJeft.exe
  2⤵
  PID:9744
- C:\Windows\System\nSVsnBX.exe
  C:\Windows\System\nSVsnBX.exe
  2⤵
  PID:9764
- C:\Windows\System\FQACNym.exe
  C:\Windows\System\FQACNym.exe
  2⤵
  PID:9832
- C:\Windows\System\ISmlkwq.exe
  C:\Windows\System\ISmlkwq.exe
  2⤵
  PID:9800
- C:\Windows\System\mvgJfQe.exe
  C:\Windows\System\mvgJfQe.exe
  2⤵
  PID:9840
- C:\Windows\System\BxSXndA.exe
  C:\Windows\System\BxSXndA.exe
  2⤵
  PID:9868
- C:\Windows\System\EUaUnqL.exe
  C:\Windows\System\EUaUnqL.exe
  2⤵
  PID:9888
- C:\Windows\System\roLpXtT.exe
  C:\Windows\System\roLpXtT.exe
  2⤵
  PID:9948
- C:\Windows\System\qwCsyIQ.exe
  C:\Windows\System\qwCsyIQ.exe
  2⤵
  PID:9968
- C:\Windows\System\UftqFqE.exe
  C:\Windows\System\UftqFqE.exe
  2⤵
  PID:10024
- C:\Windows\System\oLpCPgb.exe
  C:\Windows\System\oLpCPgb.exe
  2⤵
  PID:10032
- C:\Windows\System\tImEiyb.exe
  C:\Windows\System\tImEiyb.exe
  2⤵
  PID:10064
- C:\Windows\System\CKJuRfN.exe
  C:\Windows\System\CKJuRfN.exe
  2⤵
  PID:10092
- C:\Windows\System\pmnWSpD.exe
  C:\Windows\System\pmnWSpD.exe
  2⤵
  PID:10108
- C:\Windows\System\Rkvhjwp.exe
  C:\Windows\System\Rkvhjwp.exe
  2⤵
  PID:10148
- C:\Windows\System\lhbcrUr.exe
  C:\Windows\System\lhbcrUr.exe
  2⤵
  PID:10164
- C:\Windows\System\tGyNvxM.exe
  C:\Windows\System\tGyNvxM.exe
  2⤵
  PID:10208
- C:\Windows\System\lPEpPyz.exe
  C:\Windows\System\lPEpPyz.exe
  2⤵
  PID:7336
- C:\Windows\System\NGfyxcE.exe
  C:\Windows\System\NGfyxcE.exe
  2⤵
  PID:8996
- C:\Windows\System\gSRqFaz.exe
  C:\Windows\System\gSRqFaz.exe
  2⤵
  PID:9420
- C:\Windows\System\Njwzmjl.exe
  C:\Windows\System\Njwzmjl.exe
  2⤵
  PID:9380
- C:\Windows\System\LsuIpGu.exe
  C:\Windows\System\LsuIpGu.exe
  2⤵
  PID:9480
- C:\Windows\System\kBLmYzt.exe
  C:\Windows\System\kBLmYzt.exe
  2⤵
  PID:9500
- C:\Windows\System\MZFFzLL.exe
  C:\Windows\System\MZFFzLL.exe
  2⤵
  PID:9552
- C:\Windows\System\FIlSCLB.exe
  C:\Windows\System\FIlSCLB.exe
  2⤵
  PID:9692
- C:\Windows\System\hXNlpLd.exe
  C:\Windows\System\hXNlpLd.exe
  2⤵
  PID:9828
- C:\Windows\System\vOnbtOz.exe
  C:\Windows\System\vOnbtOz.exe
  2⤵
  PID:9792
- C:\Windows\System\siinwxX.exe
  C:\Windows\System\siinwxX.exe
  2⤵
  PID:9776
- C:\Windows\System\eWQiAem.exe
  C:\Windows\System\eWQiAem.exe
  2⤵
  PID:9712
- C:\Windows\System\XINTutQ.exe
  C:\Windows\System\XINTutQ.exe
  2⤵
  PID:9880
- C:\Windows\System\dKSpbXl.exe
  C:\Windows\System\dKSpbXl.exe
  2⤵
  PID:9964
- C:\Windows\System\ZtLaPCS.exe
  C:\Windows\System\ZtLaPCS.exe
  2⤵
  PID:10128
- C:\Windows\System\IYzPsfG.exe
  C:\Windows\System\IYzPsfG.exe
  2⤵
  PID:10136
- C:\Windows\System\kpFUeTQ.exe
  C:\Windows\System\kpFUeTQ.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AHtjZNz.exe

Filesize
6.0MB

MD5
2dc508a11716fa81ab96a4e75193ea68

SHA1
3d72305634de36488288c8fc1893bc2a73a5617a

SHA256
13b25a8e3765a112b6b7c774dfe5346f2ef4f3b13773d03330244e52084bf9c5

SHA512
6094562826d1c6d1595454333ef47ce38eab9da830d31ed17ae89ee4753e542511e1468152179c8e56a67df872994d11dade9fc7b7d4c84bb34dd3ef9f589a67

Download Submit
C:\Windows\system\BhQkcIW.exe

Filesize
6.0MB

MD5
d0b5eb520e67674cdad522e7c81a8499

SHA1
871a2f51223bbf272ff85c3192899e2b6c2b02d5

SHA256
a3f38c55e2cdaad6f2d991a062cf735ac9cf5cd02ba17276ea4354d26d3cb6be

SHA512
6545882292240835da8cf187a64daf674f436b87924644d6d2c521d03adaa41ea5a019d72e164ce9d694a1df633c567b762acc6066a13cc8ab6079eb5fb87c03

Download Submit
C:\Windows\system\BtkDpMR.exe

Filesize
6.0MB

MD5
2af032ce20db4ec6809a8fa74d38dcfc

SHA1
2d023218bc59eb78d3ce27430996bd5339ce8353

SHA256
1d4a95158686db026e77b3dc37db58a6b29e6706b3d00220df884deebb8c97c0

SHA512
ee2483451ca4bec95cd301d76cb92886b78862f58099eb08cfc793ba111cf3e11466d1b84d93ac150f1e48ff9a7746d85d10c2f4450ef95770c6d0a59ccc74b6

Download Submit
C:\Windows\system\GwAzLsG.exe

Filesize
6.0MB

MD5
53f5c771b546a2cec0e95a6caa4afc07

SHA1
9bd7f42417fe74823d3d195521906fcf02e65493

SHA256
7c8b1064a6565e10dcfeddfbf0b7d99b3313234aedc8fd3e04e6b1f8ef831c28

SHA512
a3ad9b2c16d8efaf1550ec3a2fc28883ed6e2641a2349ea60d501568c593e990782c4b36bffe9984609d5e8353992aaa9d372ab813102ab298201af66970f064

Download Submit
C:\Windows\system\IkhhvUW.exe

Filesize
6.0MB

MD5
706b6ce443eef952063374e1a49bfd11

SHA1
8aa469d6f655657c20478b0cd616824b84955db8

SHA256
f0a5d50b1b6838a030411a0ecf97bbbfc7cbcf4cb0dcd434152660889bad5a1f

SHA512
7a0b985ebbcf8f00b2f8ab1b32fe7f36eb5060c790ef00ea871f6468b1a0a4dcf3a173cb99779ee99179da42a44cdd1b7f48d2984b72e52d5fbefb87e2bda9cb

Download Submit
C:\Windows\system\MbHoGhk.exe

Filesize
6.0MB

MD5
841a6211fc958372ed618bf19a23ee52

SHA1
60ad72c229c7f86d2114198d54c5f74580f34ad4

SHA256
174b889f9d7f5492de102f3acd1153fab9d50fd5ecd84eb6eb5f7d717c942f51

SHA512
39ef752c4341a8e0f7fa765e5251f39227fc3535282751260c9b6863f55d88a7a89b1f8d11fae34ffd862892d096b6cfd32aab91c8a0d3862a24d19d9fabc048

Download Submit
C:\Windows\system\SgGljlo.exe

Filesize
6.0MB

MD5
9b20685820096629ec6b29e415f619e8

SHA1
ead130eed51a52666803e932c00cb745e20d0644

SHA256
74f6e50a1495c02449d4051750d799e6b16a894107fdb2a6329ed907b1c355ce

SHA512
0f9325b6857cc7cbc9e48f19b5c8954469eacbe65494b177c738175e9ebe3e57edd0ea80aa4b44085d7c6f018a16ee20bb61e45e523a826bcab8a00a578f86d7

Download Submit
C:\Windows\system\SvbfWbI.exe

Filesize
6.0MB

MD5
a7604aaa5ec6e3a4b65b03fbf8abd1c8

SHA1
ac02ffbe8f8b40265c5f92a9c7d3ab1c010f59a2

SHA256
29054cfc1c3ab8f4adbb268d20fd586c7e41fa749fcfc09ec13c3940330459f7

SHA512
748ddb375e82a5c8ed79e334d3426146b36c4f9cccd6891b5c50d79075ea51caec658de8c987254472c3198f6c6f52428e6a6f8ca6f068524171efb149952553

Download Submit
C:\Windows\system\TiDvjKR.exe

Filesize
6.0MB

MD5
d9b75777194c9f75f301661820a5f10b

SHA1
e8d1ebee07a8f558a6eaabef18704c16351c6299

SHA256
94a18fd8f77dfb568ebe1947d8c199549759af1cacde0aee53c4815ddfdbdeef

SHA512
be9a149016e4b00b2e4376d0c168706ca33a4690390954016bfce46f44543eff77c81d16309105f1eafc7c652e6128bc2802409a750a3caf13a842a431425379

Download Submit
C:\Windows\system\TxMWxGt.exe

Filesize
6.0MB

MD5
5d3d2e5bd4736d2fa3660d51e901800f

SHA1
e4ad269630ef8ba59ff9c2e05be0f546b7169b7f

SHA256
e292445334ae8d8597e785fb4e32bce72876d033f5f8905f94e42d76e5ecfcd8

SHA512
6ad33bb8a8b4b7f6ae77511dd878e54d9fa35a46d467949b554a1341db950c229243c68af28fe07d374bacacabfbbe8bae362f9b75ee3f39e35c5e29617b0222

Download Submit
C:\Windows\system\UcDPRqa.exe

Filesize
6.0MB

MD5
465a332aa51c183ec9148cd6bdbe7b9b

SHA1
9f7cc4a7a4c83a95559f3470411ed70bb447682f

SHA256
4e3a4c598a2d2d317de7d1e5afbea1a2617d7ebf920242f70defe7251af9b130

SHA512
d6c36cd8f6e527978d2ded7a97583d748fd4e5c127e921fc44d7e52ec2a276057eb893f9a27ad3a4679f88bab78266386fc27f45144e4e377b1342d7a0be8c7f

Download Submit
C:\Windows\system\YHAxYdy.exe

Filesize
6.0MB

MD5
26bd9170be61d78abed0eebe64d608ce

SHA1
dec92cb31dd0d1ddf6554042daa5f91406b1915a

SHA256
6379cd84ad2382b8ca037630fe3e26a216d5e630e2a1513058417663ee3cec12

SHA512
c7e4099d76edf3a74f027136eab3bdb1e0ed1f7ed32d33b431b3dfe8eefec7d69628d3b7f35213c7747cbc4ef3e51d68d905306936ae6850833dded439ffd258

Download Submit
C:\Windows\system\YPVGbyC.exe

Filesize
6.0MB

MD5
d3c75e8aa2a8c9539c2a45c5bb9c9f51

SHA1
2facd9a0a894305fa82d1de6bf8c2dc7eacaac49

SHA256
e9b79905fedf2381ee781da3fbf407c1f2a691cf80bf2c53d302db8e6dbc91d1

SHA512
f5e24efba03812443c5460bda9c3959d89d31319357c6fffd494dcdadf953e0c68ef504a8dea9da85a45fe914bb7a25251d0b4457602258fd77a986bc2ee94af

Download Submit
C:\Windows\system\dUJkjkD.exe

Filesize
6.0MB

MD5
059a0de163c405381e002db3d9d2dd21

SHA1
d9626c2eaf33fff9e28ae05c5f694fd5a5cdd3c8

SHA256
1eecb5d51cc8f1d2f8099850967ca9690f3639cb57982a6941f6ead88185df24

SHA512
0b8fd039033294be05f98d4f8ce7cae18ead7edf826c42aebcb7f65240befe0eddedac6d61d9871072758057fd774d7305425a83c7b6406da51e9c150fa64499

Download Submit
C:\Windows\system\eESGQTv.exe

Filesize
6.0MB

MD5
f59c9938f0d9fdada79a43d64b0a65ce

SHA1
8b2b50441f80d3988c44797b696806fa08ab6707

SHA256
d226c13f1a0093cc5501bc29d542111974d44df2a7448abbf09677eefbf3382d

SHA512
752da3006dc131cda2f0a1889b05ab8b3197487cf084ec1ac2941406ab1f505e5e72464379a6a74751cbff92813f037b70ca18f2c5d7a4fe77846b4f88e1c860

Download Submit
C:\Windows\system\eTAKIkU.exe

Filesize
6.0MB

MD5
fd88d2c0691fcebdcc8a117bda3dbef9

SHA1
a2179020b85689d35a164879fc80b71cbb05a96b

SHA256
8feccbcbd1545019bcd299c1ce49399d6f973fe12c56714e9c1ccf9762a2c7a1

SHA512
1bd373961b62a72caf24a5db3c065dbc29dd383efca2dea7de53f76aebdb18996a7e059bfd1dffe8f55ba5ddec88ef126eb4b2a8b6e3a3d230baa8fa5b4e203a

Download Submit
C:\Windows\system\fSWNHtm.exe

Filesize
6.0MB

MD5
d9cd47a2d1850c1dc592054a6258a265

SHA1
b8e74cfdb1edde387723e13515e4f021864dabdf

SHA256
35f66e59ddb963ab75eacc713354e55c242a300e98ce94d516b90fb38c8356aa

SHA512
84b22649af299004d33e1e77edf957289b3ac314416e55e62347adbe6d565b8bf7b08059246a670d362d5cbe380fd72198e9da41a2bb4953cca852d884562d3e

Download Submit
C:\Windows\system\iwiFuvH.exe

Filesize
6.0MB

MD5
50be64ae76f5ca93a460f676e20e2bd6

SHA1
1f20c5be1c20480852540b59a4cbbbfd4a7de2d1

SHA256
30a0bbb9554ce7619ee01bfa815d8e172a8a5a5bbd030c7968f27a4c8e0e8585

SHA512
28f0f0674d813eae457d143e5d5b1035903a977278f6411b956acdbe1799520bdcd303eb46434b32356faae55dc9e266e864dfb74530cb1902dbf85afdff7a22

Download Submit
C:\Windows\system\ktwtALj.exe

Filesize
6.0MB

MD5
71124f648971922455acfd01f38d6638

SHA1
7dcc07e5940c7418bdeef285a24cef3c8fcae82f

SHA256
64e0c7ac2f96ed0812bac5f4f79a72040eec3c7f6c7bb9f3b4c88e2e02544892

SHA512
867bd456e2d1f6a55c5a8ed80abde6612eb7aa0fbcef91b1fb6a2ce057c1b49043faf020f0e8957ad0eb6fdb9d2c42cac1623d708391da8dfc9124c000ab8bda

Download Submit
C:\Windows\system\mEbYyKO.exe

Filesize
6.0MB

MD5
7a41b9dbac1a810b10a4ffb908d987a9

SHA1
aa23be6ee4a77b316a9c46344a41c0cf945f0156

SHA256
22770526e6ab7e019b344f35f5a657c9bf1fde2efa663aa0cfc1c874490d8147

SHA512
f0bf2656123c9ae0874a9fb02379dfc6dcbf08a15daa903feaa1784498f246c474c3accadb44d75e48e65d0089da0e400d92d57a8b9bc2f2d6a0b3c938dad020

Download Submit
C:\Windows\system\mfRsotm.exe

Filesize
6.0MB

MD5
7b1af9e2831dd753d80e58710c23e1f6

SHA1
8a01b31a6f49788261bb7fd2396ac4026337b36c

SHA256
bd12e9d4ebea5d43505740d8eb911a16324c92ba9c8c628137b8496a90a0fc43

SHA512
48fb3865db6ab790007e04aae260f2cdbbe3b11c84d49919bf7509dab57daddb75d41bdb350ecc68cb80259837e1c0117672bb195accca543183bfa79e5a6b74

Download Submit
C:\Windows\system\nzWfUTC.exe

Filesize
6.0MB

MD5
15c712d4c53d8c660ba9f49cf6052e94

SHA1
d56275f2afb7bdc4fc74ef6f86db92d4089da30a

SHA256
d6f0db63ebdf67d79cc065b8bd76f44612ec986e6cba864c410c553b79c087dd

SHA512
59be3f2ac1839b6da90482292b4ec7c70e02b808fcace6c2b19427b63f41c56b31fdf19306fb3fa21cf03f4cd5112cd2e6eee9159111c65e3fd23586d59a30ba

Download Submit
C:\Windows\system\qQtggnp.exe

Filesize
6.0MB

MD5
e9db452a3a2590c0f96986ebe7fc142f

SHA1
fd0548ad90e0762b9d38bd1c61407dd3d22ec2a0

SHA256
13d2065962cf512afa6908134f891b180422b9f1f0c77e35607652725c55e95e

SHA512
e07bbeeac46313380d6801c51e71c655399fc7ed68b03741483c91d6ac61d2d8d63ac1bbd809d23ee25c764dd6b6d17ade8a6a6da3d8006d74de29611d24933c

Download Submit
C:\Windows\system\rwaiDfp.exe

Filesize
6.0MB

MD5
6e4c8ecc9bab38bda939d976f1ca3ac9

SHA1
3f5eb5bbe644a74d984e6ecfb3605f990264a221

SHA256
07b41c6987c7eaf16408fbb8e86ff002b5b74fd5348735e1fbd9ee09550b6e19

SHA512
c8f6f71a0bce0a23204071d486f271e53fce05f60fff4c5dc071eeb446017f919bce406505aab9d8e0b369c51bcd619e8f36e3a8793abce43de9484ae6b82014

Download Submit
C:\Windows\system\ufFwGIV.exe

Filesize
6.0MB

MD5
7786ea673acec3b652974d04aee465bd

SHA1
2c58f2c0b2d92623d10ebb2fc61d53d4cb053d10

SHA256
4413ce2e1b72965c6fe30ecf8c97b844e2f5ffd3884f2e2db90a668f271a286e

SHA512
6292e49223c533053265f8134220bd2af1c230af4b991d574c5927712c8322ae7b36875059ad61c81c210e4e05a0a908bf8fb108348cba5cffb470742ec81887

Download Submit
C:\Windows\system\wyzpJfa.exe

Filesize
6.0MB

MD5
ca0321e1d4c0f61adaa15c11a05e3e66

SHA1
ba8c9088ca328cd2beda7a344b25880cde7359ef

SHA256
c6c56fc62edfc1fb300910c045909096890f341ff3eabc50fad1eeca9029af51

SHA512
2b312e57af683d1ed165929496cab0ccd47e097b976431747d4fc60c9d5e532514d964e358d6f0dc12d3e2032abdf169afc79336c6647204538e6aa817f33c7f

Download Submit
C:\Windows\system\ylgDYdG.exe

Filesize
6.0MB

MD5
4d58e691c7961b9a10521e752cb8bede

SHA1
a184937f5344b6a41226fcf924171ac462095b41

SHA256
e3f699d4c3c3b6c1714d1a49ba1d03b2388502fe96ac40fbf44ccf4ad94b0508

SHA512
a126705e833362e3533221f3e8b6ee9f32a26147a48639cc0ae97dfd72d203d8eebd742acec73e7679add7d49a1af620f9f6c5428d5663b3d3a470e6c5be4b8e

Download Submit
\Windows\system\CYIKcBN.exe

Filesize
6.0MB

MD5
ea9170aba34e2ba071d68ed54d09d268

SHA1
ccdb0cd6cd31d7c176dfd43b322a81a9f0328ea8

SHA256
f0a8a321822399a41d8e42967e67668c3d62bde7d18065eca0dc05a946341bc1

SHA512
63d152fde4a768949dbb63c607189f3ebf103529fb50eee265732440ff90c3b200bab3e4c2aaf7617e63cc52f52097645044055ac88f2b80de6f95527cb19351

Download Submit
\Windows\system\KvySJyq.exe

Filesize
6.0MB

MD5
c18c35f96828148238207019752b4908

SHA1
073a6050ae3a378be0f21ae0adb0b38ff72a5256

SHA256
131a3710b7c7e259577de68503f21da1ef6eb90eee771f31fe69ff6f58baaa0f

SHA512
d1329acfca8a2420baf0f416502cdbde3f4e070a2e27a793e7f06be688b94202c8ff76f8f05466527e758186f9fd648b92605f955c65c8966c43e4f3e8f56ffb

Download Submit
\Windows\system\OEfnanB.exe

Filesize
6.0MB

MD5
5126dc57f6fe364861d767c1484ec510

SHA1
692414565486581ca80442552c0db0d382921603

SHA256
78877e7540491e93e4027d62603a1b1efde2bfacaa09059e0ae7fd47d352adc4

SHA512
77c59b5de7a8373dd8da3099d31fb09cf6fbe6f4bf17253e360cd667faf93b120e7a2574511b2b7037beecab257361431139b03fca1041053bf6d9187ab0292a

Download Submit
\Windows\system\QSwdMyc.exe

Filesize
6.0MB

MD5
b10bf2f1c36e8b8c69ea0b35f97368d5

SHA1
cb0b16fc7daea6e8775182010dd6fd74b0a66001

SHA256
7e12950f6cd02660a0d9907646c963bfb99ca940b086f11083b577eecf9dc950

SHA512
2f50935fef917b398f700aeb58f7b1d0556540605b810f8fca96bf0b7af5e5748183d9aaa8523beb15ea96f704ef91754df83fee1409d77cca5f46784094b7cd

Download Submit
\Windows\system\zpMgpXc.exe

Filesize
6.0MB

MD5
7111fc764c8b5034a4586277d6811a61

SHA1
1e202dba23f7d527ab73452c94b2b69a90f4179d

SHA256
737eaffb0ce3ed6a25710b04be6707c602d23a09c951503a2ffe7d6500c2ee66

SHA512
feb30e8c9ee465d994681f384c9c7b390208009958266429d7e813f96d3cf28948476e58ea7d064f04c6470f4f3f7166e22f68bbf5b7d4a04b2f443ea747cf08

Download Submit
memory/796-30-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/796-3650-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1177-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1664-96-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3827-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1800-19-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1800-3620-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1623-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-39-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-715-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-866-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1872-23-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1175-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1176-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1329-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1475-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1872-0-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1872-108-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-92-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-81-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-70-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1872-61-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-25-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-114-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-1021-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1872-53-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1872-104-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1872-20-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1872-36-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-17-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1872-88-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1872-85-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1020-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-77-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-3815-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3695-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2260-22-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2268-59-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3737-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-76-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3742-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-714-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-42-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3730-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1022-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3828-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-87-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3659-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-37-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3636-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2936-21-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download