cobaltstrike | d37f1719c8b1199b8d205927a11670e98439a1a62d0b2cca648a4c6238a5fa20

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

de34c9e4c2de01941b638cebf5cab7a2
SHA1

5788986a4aa846f798407307cca76118660e7797
SHA256

d37f1719c8b1199b8d205927a11670e98439a1a62d0b2cca648a4c6238a5fa20
SHA512

d8a2799d33e970a410ad3c3e4fe1645726bdf3562b70f57cfe9d74ed608918b9c75227118c0a61bd0fec46fb81de78a07730527f80deb4d8ae124c890bcd06e4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c89-43.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-148.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d5c-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-49.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000160ae-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1920-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225a-3.dat	xmrig
behavioral1/files/0x0008000000015d75-10.dat	xmrig
behavioral1/files/0x0008000000015d7f-20.dat	xmrig
behavioral1/files/0x0007000000015e47-30.dat	xmrig
behavioral1/files/0x0009000000016c89-43.dat	xmrig
behavioral1/files/0x0006000000019030-55.dat	xmrig
behavioral1/files/0x000600000001903d-60.dat	xmrig
behavioral1/files/0x000500000001920f-65.dat	xmrig
behavioral1/files/0x0005000000019234-75.dat	xmrig
behavioral1/files/0x0005000000019241-80.dat	xmrig
behavioral1/files/0x000500000001932a-97.dat	xmrig
behavioral1/files/0x0005000000019346-110.dat	xmrig
behavioral1/files/0x00050000000193af-125.dat	xmrig
behavioral1/files/0x0005000000019494-148.dat	xmrig
behavioral1/memory/2648-201-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1920-179-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1920-1022-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/3032-3991-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2460-3993-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2648-4002-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2148-3998-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2604-4001-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2768-4000-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2704-3999-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2860-3997-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2200-3996-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2696-3992-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2868-3995-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2820-3994-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/356-3990-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2408-3989-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2696-222-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2768-178-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d5c-176.dat	xmrig
behavioral1/memory/2604-188-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-182.dat	xmrig
behavioral1/memory/2820-161-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1920-160-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2460-159-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2704-174-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1920-173-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2148-172-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b4-171.dat	xmrig
behavioral1/memory/1920-168-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2200-167-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-155.dat	xmrig
behavioral1/memory/2860-165-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2868-164-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-143.dat	xmrig
behavioral1/files/0x00050000000193fa-139.dat	xmrig
behavioral1/files/0x00050000000193f8-136.dat	xmrig
behavioral1/files/0x00050000000193c9-130.dat	xmrig
behavioral1/files/0x00050000000193a2-120.dat	xmrig
behavioral1/files/0x0005000000019384-115.dat	xmrig
behavioral1/files/0x000500000001933e-105.dat	xmrig
behavioral1/files/0x00050000000192f0-95.dat	xmrig
behavioral1/files/0x0005000000019273-90.dat	xmrig
behavioral1/files/0x000500000001925c-86.dat	xmrig
behavioral1/files/0x0005000000019228-70.dat	xmrig
behavioral1/files/0x0006000000018d68-49.dat	xmrig
behavioral1/memory/3032-41-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x00090000000160ae-40.dat	xmrig
behavioral1/files/0x0007000000015f1b-33.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2408	KXxcMGI.exe
356	eTxAKAG.exe
3032	VmaQmUZ.exe
2696	wIyaveo.exe
2460	GnYDwIl.exe
2820	OSZQqhp.exe
2868	QXCkdpl.exe
2860	ceDKHCU.exe
2200	ViaOzpl.exe
2148	hWNionS.exe
2704	rEnEHyJ.exe
2768	hKwPRDH.exe
2604	erkPpbn.exe
2648	jptpLij.exe
2340	HRdFzVS.exe
2464	rlyhJVr.exe
2592	FmGmUIV.exe
1136	gQNOrwW.exe
2984	TuRpvNY.exe
2432	sfKvrgh.exe
1636	YTQQoeg.exe
2692	yhqZrFq.exe
2672	iBFQiSs.exe
2936	unHxNbI.exe
2152	XemrHTd.exe
1248	DbcrkEK.exe
2108	QKOuroS.exe
2072	FdSbFmY.exe
836	ozgcBgW.exe
2076	pDLMLcg.exe
816	uXAiLHE.exe
2644	SNLTChI.exe
2268	NfFGDbn.exe
916	vFhHeem.exe
1772	WWqjrJH.exe
2212	bidISkm.exe
1608	LKLQhMW.exe
2404	BzGSChn.exe
2284	iLlaIRi.exe
1324	EXLEXCQ.exe
1112	dwZFzKJ.exe
2572	rqlppOC.exe
2468	thZqDYi.exe
1336	fcBCxej.exe
1792	IDgNFeN.exe
712	YKnIBol.exe
1444	KhJdNtP.exe
880	CBGQmSl.exe
1816	VreHtAl.exe
2448	WmvIUpz.exe
1524	FnnNfsg.exe
1588	xifyrhX.exe
1260	QhZkBMM.exe
2732	LkDQdDQ.exe
2728	PvfIBBr.exe
2020	NBlTcuP.exe
1576	uuiNyJq.exe
2800	nkSMdOO.exe
2832	pLanplw.exe
2852	MDUAbhJ.exe
3008	vWwzQWD.exe
2916	EYfpUKf.exe
1508	YOkvWHq.exe
1308	YJXEqeV.exe

Loads dropped DLL 64 IoCs

pid	Process
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x000b00000001225a-3.dat	upx
behavioral1/files/0x0008000000015d75-10.dat	upx
behavioral1/files/0x0008000000015d7f-20.dat	upx
behavioral1/files/0x0007000000015e47-30.dat	upx
behavioral1/files/0x0009000000016c89-43.dat	upx
behavioral1/files/0x0006000000019030-55.dat	upx
behavioral1/files/0x000600000001903d-60.dat	upx
behavioral1/files/0x000500000001920f-65.dat	upx
behavioral1/files/0x0005000000019234-75.dat	upx
behavioral1/files/0x0005000000019241-80.dat	upx
behavioral1/files/0x000500000001932a-97.dat	upx
behavioral1/files/0x0005000000019346-110.dat	upx
behavioral1/files/0x00050000000193af-125.dat	upx
behavioral1/files/0x0005000000019494-148.dat	upx
behavioral1/memory/2648-201-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1920-1022-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/3032-3991-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2460-3993-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2648-4002-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2148-3998-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2604-4001-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2768-4000-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2704-3999-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2860-3997-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2200-3996-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2696-3992-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2868-3995-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2820-3994-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/356-3990-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2408-3989-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2696-222-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2768-178-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0009000000015d5c-176.dat	upx
behavioral1/memory/2604-188-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x00050000000194d4-182.dat	upx
behavioral1/memory/2820-161-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2460-159-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2704-174-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2148-172-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00050000000194b4-171.dat	upx
behavioral1/memory/2200-167-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-155.dat	upx
behavioral1/memory/2860-165-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2868-164-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019408-143.dat	upx
behavioral1/files/0x00050000000193fa-139.dat	upx
behavioral1/files/0x00050000000193f8-136.dat	upx
behavioral1/files/0x00050000000193c9-130.dat	upx
behavioral1/files/0x00050000000193a2-120.dat	upx
behavioral1/files/0x0005000000019384-115.dat	upx
behavioral1/files/0x000500000001933e-105.dat	upx
behavioral1/files/0x00050000000192f0-95.dat	upx
behavioral1/files/0x0005000000019273-90.dat	upx
behavioral1/files/0x000500000001925c-86.dat	upx
behavioral1/files/0x0005000000019228-70.dat	upx
behavioral1/files/0x0006000000018d68-49.dat	upx
behavioral1/memory/3032-41-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x00090000000160ae-40.dat	upx
behavioral1/files/0x0007000000015f1b-33.dat	upx
behavioral1/files/0x0007000000015e25-25.dat	upx
behavioral1/memory/2408-16-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/356-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HMpSHJe.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONqRyPT.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydFyueJ.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEzzIjt.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrLTYEA.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtxRhKv.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDzrDyz.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxVcNmQ.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxClbDt.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsUIJgQ.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTdzatE.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gICapND.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQSZkEp.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTcinqW.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEYsvem.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOSljVh.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAjmoGv.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfUqYSb.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtnbSVu.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjOAfAh.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCTSYGX.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRmwixV.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeiZTCV.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBZvfgP.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uopVhYF.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLEDsxP.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRMGjrf.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTBwsCy.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVXTyAb.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vozLYlI.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeXvGKH.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGYPNIg.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGryDVs.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbeDhsu.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZxdcKX.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxOHcyf.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXKBCyr.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfQjlwa.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKBWygv.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFQMCcl.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLesACI.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpNlcVv.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCyANSw.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBoDFCa.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMRWXeG.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZGrhdw.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBHhHXH.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnavNvY.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VigGIkG.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcBCxej.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsrYQTS.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSXxrHN.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTxAKAG.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxImcuZ.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVzEMkR.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbDnlum.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZLEEjH.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXXsYvD.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGjwqna.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWCQzNR.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thZqDYi.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfySUCd.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbIkKdC.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dppeGwu.exe	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2408	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1920 wrote to memory of 2408	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1920 wrote to memory of 2408	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1920 wrote to memory of 356	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1920 wrote to memory of 356	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1920 wrote to memory of 356	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1920 wrote to memory of 3032	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1920 wrote to memory of 3032	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1920 wrote to memory of 3032	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1920 wrote to memory of 2696	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1920 wrote to memory of 2696	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1920 wrote to memory of 2696	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1920 wrote to memory of 2460	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1920 wrote to memory of 2460	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1920 wrote to memory of 2460	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1920 wrote to memory of 2820	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1920 wrote to memory of 2820	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1920 wrote to memory of 2820	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1920 wrote to memory of 2868	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1920 wrote to memory of 2868	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1920 wrote to memory of 2868	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1920 wrote to memory of 2860	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1920 wrote to memory of 2860	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1920 wrote to memory of 2860	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1920 wrote to memory of 2200	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1920 wrote to memory of 2200	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1920 wrote to memory of 2200	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1920 wrote to memory of 2148	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1920 wrote to memory of 2148	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1920 wrote to memory of 2148	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1920 wrote to memory of 2704	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1920 wrote to memory of 2704	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1920 wrote to memory of 2704	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1920 wrote to memory of 2768	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1920 wrote to memory of 2768	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1920 wrote to memory of 2768	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1920 wrote to memory of 2604	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1920 wrote to memory of 2604	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1920 wrote to memory of 2604	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1920 wrote to memory of 2648	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1920 wrote to memory of 2648	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1920 wrote to memory of 2648	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1920 wrote to memory of 2340	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1920 wrote to memory of 2340	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1920 wrote to memory of 2340	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1920 wrote to memory of 2464	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1920 wrote to memory of 2464	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1920 wrote to memory of 2464	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1920 wrote to memory of 2592	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1920 wrote to memory of 2592	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1920 wrote to memory of 2592	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1920 wrote to memory of 1136	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1920 wrote to memory of 1136	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1920 wrote to memory of 1136	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1920 wrote to memory of 2984	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1920 wrote to memory of 2984	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1920 wrote to memory of 2984	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1920 wrote to memory of 2432	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1920 wrote to memory of 2432	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1920 wrote to memory of 2432	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1920 wrote to memory of 1636	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1920 wrote to memory of 1636	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1920 wrote to memory of 1636	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1920 wrote to memory of 2692	1920	2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_de34c9e4c2de01941b638cebf5cab7a2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\System\KXxcMGI.exe
  C:\Windows\System\KXxcMGI.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\eTxAKAG.exe
  C:\Windows\System\eTxAKAG.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\VmaQmUZ.exe
  C:\Windows\System\VmaQmUZ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\wIyaveo.exe
  C:\Windows\System\wIyaveo.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\GnYDwIl.exe
  C:\Windows\System\GnYDwIl.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\OSZQqhp.exe
  C:\Windows\System\OSZQqhp.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\QXCkdpl.exe
  C:\Windows\System\QXCkdpl.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ceDKHCU.exe
  C:\Windows\System\ceDKHCU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ViaOzpl.exe
  C:\Windows\System\ViaOzpl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\hWNionS.exe
  C:\Windows\System\hWNionS.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\rEnEHyJ.exe
  C:\Windows\System\rEnEHyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\hKwPRDH.exe
  C:\Windows\System\hKwPRDH.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\erkPpbn.exe
  C:\Windows\System\erkPpbn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\jptpLij.exe
  C:\Windows\System\jptpLij.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\HRdFzVS.exe
  C:\Windows\System\HRdFzVS.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\rlyhJVr.exe
  C:\Windows\System\rlyhJVr.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\FmGmUIV.exe
  C:\Windows\System\FmGmUIV.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\gQNOrwW.exe
  C:\Windows\System\gQNOrwW.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\TuRpvNY.exe
  C:\Windows\System\TuRpvNY.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\sfKvrgh.exe
  C:\Windows\System\sfKvrgh.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\YTQQoeg.exe
  C:\Windows\System\YTQQoeg.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\yhqZrFq.exe
  C:\Windows\System\yhqZrFq.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\iBFQiSs.exe
  C:\Windows\System\iBFQiSs.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\unHxNbI.exe
  C:\Windows\System\unHxNbI.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\XemrHTd.exe
  C:\Windows\System\XemrHTd.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\DbcrkEK.exe
  C:\Windows\System\DbcrkEK.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\QKOuroS.exe
  C:\Windows\System\QKOuroS.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\FdSbFmY.exe
  C:\Windows\System\FdSbFmY.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ozgcBgW.exe
  C:\Windows\System\ozgcBgW.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\pDLMLcg.exe
  C:\Windows\System\pDLMLcg.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\uXAiLHE.exe
  C:\Windows\System\uXAiLHE.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\dwZFzKJ.exe
  C:\Windows\System\dwZFzKJ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\SNLTChI.exe
  C:\Windows\System\SNLTChI.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rqlppOC.exe
  C:\Windows\System\rqlppOC.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\NfFGDbn.exe
  C:\Windows\System\NfFGDbn.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\thZqDYi.exe
  C:\Windows\System\thZqDYi.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\vFhHeem.exe
  C:\Windows\System\vFhHeem.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\fcBCxej.exe
  C:\Windows\System\fcBCxej.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\WWqjrJH.exe
  C:\Windows\System\WWqjrJH.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\IDgNFeN.exe
  C:\Windows\System\IDgNFeN.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\bidISkm.exe
  C:\Windows\System\bidISkm.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\YKnIBol.exe
  C:\Windows\System\YKnIBol.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\LKLQhMW.exe
  C:\Windows\System\LKLQhMW.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\KhJdNtP.exe
  C:\Windows\System\KhJdNtP.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\BzGSChn.exe
  C:\Windows\System\BzGSChn.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\CBGQmSl.exe
  C:\Windows\System\CBGQmSl.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\iLlaIRi.exe
  C:\Windows\System\iLlaIRi.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\VreHtAl.exe
  C:\Windows\System\VreHtAl.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\EXLEXCQ.exe
  C:\Windows\System\EXLEXCQ.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\WmvIUpz.exe
  C:\Windows\System\WmvIUpz.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\FnnNfsg.exe
  C:\Windows\System\FnnNfsg.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\NBlTcuP.exe
  C:\Windows\System\NBlTcuP.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\xifyrhX.exe
  C:\Windows\System\xifyrhX.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\uuiNyJq.exe
  C:\Windows\System\uuiNyJq.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\QhZkBMM.exe
  C:\Windows\System\QhZkBMM.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\nkSMdOO.exe
  C:\Windows\System\nkSMdOO.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\LkDQdDQ.exe
  C:\Windows\System\LkDQdDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\pLanplw.exe
  C:\Windows\System\pLanplw.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\PvfIBBr.exe
  C:\Windows\System\PvfIBBr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\MDUAbhJ.exe
  C:\Windows\System\MDUAbhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\vWwzQWD.exe
  C:\Windows\System\vWwzQWD.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YJXEqeV.exe
  C:\Windows\System\YJXEqeV.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\EYfpUKf.exe
  C:\Windows\System\EYfpUKf.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\TTGWAjr.exe
  C:\Windows\System\TTGWAjr.exe
  2⤵
  PID:2796
- C:\Windows\System\YOkvWHq.exe
  C:\Windows\System\YOkvWHq.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\zxQdBUe.exe
  C:\Windows\System\zxQdBUe.exe
  2⤵
  PID:2912
- C:\Windows\System\UgBTFat.exe
  C:\Windows\System\UgBTFat.exe
  2⤵
  PID:2700
- C:\Windows\System\sOvZdRm.exe
  C:\Windows\System\sOvZdRm.exe
  2⤵
  PID:568
- C:\Windows\System\xKvNYPO.exe
  C:\Windows\System\xKvNYPO.exe
  2⤵
  PID:1668
- C:\Windows\System\XIFCBrm.exe
  C:\Windows\System\XIFCBrm.exe
  2⤵
  PID:1500
- C:\Windows\System\XHdHykB.exe
  C:\Windows\System\XHdHykB.exe
  2⤵
  PID:1528
- C:\Windows\System\AhpEqww.exe
  C:\Windows\System\AhpEqww.exe
  2⤵
  PID:352
- C:\Windows\System\hBQGMUG.exe
  C:\Windows\System\hBQGMUG.exe
  2⤵
  PID:644
- C:\Windows\System\qvzSbeY.exe
  C:\Windows\System\qvzSbeY.exe
  2⤵
  PID:2392
- C:\Windows\System\sPkHVdK.exe
  C:\Windows\System\sPkHVdK.exe
  2⤵
  PID:332
- C:\Windows\System\WBQImWZ.exe
  C:\Windows\System\WBQImWZ.exe
  2⤵
  PID:2568
- C:\Windows\System\FqBIUjW.exe
  C:\Windows\System\FqBIUjW.exe
  2⤵
  PID:760
- C:\Windows\System\BVsubqD.exe
  C:\Windows\System\BVsubqD.exe
  2⤵
  PID:3060
- C:\Windows\System\GSPnJJv.exe
  C:\Windows\System\GSPnJJv.exe
  2⤵
  PID:1580
- C:\Windows\System\xOchJpX.exe
  C:\Windows\System\xOchJpX.exe
  2⤵
  PID:320
- C:\Windows\System\gZVdFdC.exe
  C:\Windows\System\gZVdFdC.exe
  2⤵
  PID:2528
- C:\Windows\System\XmGDsta.exe
  C:\Windows\System\XmGDsta.exe
  2⤵
  PID:2752
- C:\Windows\System\aiVxJSH.exe
  C:\Windows\System\aiVxJSH.exe
  2⤵
  PID:2872
- C:\Windows\System\uDBYZqE.exe
  C:\Windows\System\uDBYZqE.exe
  2⤵
  PID:1788
- C:\Windows\System\sxJQvlC.exe
  C:\Windows\System\sxJQvlC.exe
  2⤵
  PID:2632
- C:\Windows\System\XrGKYHO.exe
  C:\Windows\System\XrGKYHO.exe
  2⤵
  PID:2652
- C:\Windows\System\WaRoHPr.exe
  C:\Windows\System\WaRoHPr.exe
  2⤵
  PID:2636
- C:\Windows\System\ZbLSdNx.exe
  C:\Windows\System\ZbLSdNx.exe
  2⤵
  PID:2680
- C:\Windows\System\cBaTTUD.exe
  C:\Windows\System\cBaTTUD.exe
  2⤵
  PID:2968
- C:\Windows\System\HhaEllq.exe
  C:\Windows\System\HhaEllq.exe
  2⤵
  PID:3024
- C:\Windows\System\heXSAkW.exe
  C:\Windows\System\heXSAkW.exe
  2⤵
  PID:2888
- C:\Windows\System\HkfsFrd.exe
  C:\Windows\System\HkfsFrd.exe
  2⤵
  PID:2352
- C:\Windows\System\SyzspVC.exe
  C:\Windows\System\SyzspVC.exe
  2⤵
  PID:1284
- C:\Windows\System\cEjhjmb.exe
  C:\Windows\System\cEjhjmb.exe
  2⤵
  PID:1884
- C:\Windows\System\GUCDLcj.exe
  C:\Windows\System\GUCDLcj.exe
  2⤵
  PID:3076
- C:\Windows\System\QBtMLmR.exe
  C:\Windows\System\QBtMLmR.exe
  2⤵
  PID:3092
- C:\Windows\System\qOkWLsa.exe
  C:\Windows\System\qOkWLsa.exe
  2⤵
  PID:3108
- C:\Windows\System\EfQMpqi.exe
  C:\Windows\System\EfQMpqi.exe
  2⤵
  PID:3128
- C:\Windows\System\LETWiFT.exe
  C:\Windows\System\LETWiFT.exe
  2⤵
  PID:3156
- C:\Windows\System\TBQWhCk.exe
  C:\Windows\System\TBQWhCk.exe
  2⤵
  PID:3172
- C:\Windows\System\DhekQzu.exe
  C:\Windows\System\DhekQzu.exe
  2⤵
  PID:3188
- C:\Windows\System\igYkKff.exe
  C:\Windows\System\igYkKff.exe
  2⤵
  PID:3244
- C:\Windows\System\SuTtiZs.exe
  C:\Windows\System\SuTtiZs.exe
  2⤵
  PID:3260
- C:\Windows\System\wpFwQzm.exe
  C:\Windows\System\wpFwQzm.exe
  2⤵
  PID:3276
- C:\Windows\System\vDsSEFJ.exe
  C:\Windows\System\vDsSEFJ.exe
  2⤵
  PID:3292
- C:\Windows\System\aYanPZZ.exe
  C:\Windows\System\aYanPZZ.exe
  2⤵
  PID:3312
- C:\Windows\System\BmmfRky.exe
  C:\Windows\System\BmmfRky.exe
  2⤵
  PID:3332
- C:\Windows\System\IrFIHxe.exe
  C:\Windows\System\IrFIHxe.exe
  2⤵
  PID:3352
- C:\Windows\System\QUyslce.exe
  C:\Windows\System\QUyslce.exe
  2⤵
  PID:3368
- C:\Windows\System\QFujvav.exe
  C:\Windows\System\QFujvav.exe
  2⤵
  PID:3388
- C:\Windows\System\MOdkJYn.exe
  C:\Windows\System\MOdkJYn.exe
  2⤵
  PID:3404
- C:\Windows\System\DKRqnqT.exe
  C:\Windows\System\DKRqnqT.exe
  2⤵
  PID:3420
- C:\Windows\System\gIQHqiR.exe
  C:\Windows\System\gIQHqiR.exe
  2⤵
  PID:3436
- C:\Windows\System\dDFSBiw.exe
  C:\Windows\System\dDFSBiw.exe
  2⤵
  PID:3456
- C:\Windows\System\PyqTZBM.exe
  C:\Windows\System\PyqTZBM.exe
  2⤵
  PID:3476
- C:\Windows\System\NjPMSnu.exe
  C:\Windows\System\NjPMSnu.exe
  2⤵
  PID:3496
- C:\Windows\System\WtxRhKv.exe
  C:\Windows\System\WtxRhKv.exe
  2⤵
  PID:3516
- C:\Windows\System\BWgCGze.exe
  C:\Windows\System\BWgCGze.exe
  2⤵
  PID:3532
- C:\Windows\System\ofKDbmY.exe
  C:\Windows\System\ofKDbmY.exe
  2⤵
  PID:3548
- C:\Windows\System\FWRXZIw.exe
  C:\Windows\System\FWRXZIw.exe
  2⤵
  PID:3568
- C:\Windows\System\YrPHKlX.exe
  C:\Windows\System\YrPHKlX.exe
  2⤵
  PID:3584
- C:\Windows\System\OaSrgor.exe
  C:\Windows\System\OaSrgor.exe
  2⤵
  PID:3600
- C:\Windows\System\VkxvkHq.exe
  C:\Windows\System\VkxvkHq.exe
  2⤵
  PID:3616
- C:\Windows\System\SCyANSw.exe
  C:\Windows\System\SCyANSw.exe
  2⤵
  PID:3636
- C:\Windows\System\RILZHab.exe
  C:\Windows\System\RILZHab.exe
  2⤵
  PID:3652
- C:\Windows\System\WmEEQYa.exe
  C:\Windows\System\WmEEQYa.exe
  2⤵
  PID:3672
- C:\Windows\System\erHfMBa.exe
  C:\Windows\System\erHfMBa.exe
  2⤵
  PID:3700
- C:\Windows\System\SxALaMy.exe
  C:\Windows\System\SxALaMy.exe
  2⤵
  PID:3752
- C:\Windows\System\vNPoutI.exe
  C:\Windows\System\vNPoutI.exe
  2⤵
  PID:3776
- C:\Windows\System\esJZMUO.exe
  C:\Windows\System\esJZMUO.exe
  2⤵
  PID:3792
- C:\Windows\System\ZjChQDx.exe
  C:\Windows\System\ZjChQDx.exe
  2⤵
  PID:3808
- C:\Windows\System\sghRhas.exe
  C:\Windows\System\sghRhas.exe
  2⤵
  PID:3828
- C:\Windows\System\xfFxPed.exe
  C:\Windows\System\xfFxPed.exe
  2⤵
  PID:3848
- C:\Windows\System\QuaAVPD.exe
  C:\Windows\System\QuaAVPD.exe
  2⤵
  PID:3872
- C:\Windows\System\HHOgBZf.exe
  C:\Windows\System\HHOgBZf.exe
  2⤵
  PID:3900
- C:\Windows\System\jSFosoV.exe
  C:\Windows\System\jSFosoV.exe
  2⤵
  PID:3988
- C:\Windows\System\uiHSLSz.exe
  C:\Windows\System\uiHSLSz.exe
  2⤵
  PID:4004
- C:\Windows\System\gxYcfxr.exe
  C:\Windows\System\gxYcfxr.exe
  2⤵
  PID:4020
- C:\Windows\System\TTgFYfJ.exe
  C:\Windows\System\TTgFYfJ.exe
  2⤵
  PID:4036
- C:\Windows\System\nTRJRTd.exe
  C:\Windows\System\nTRJRTd.exe
  2⤵
  PID:4052
- C:\Windows\System\IChfmue.exe
  C:\Windows\System\IChfmue.exe
  2⤵
  PID:4068
- C:\Windows\System\XpYQysd.exe
  C:\Windows\System\XpYQysd.exe
  2⤵
  PID:4088
- C:\Windows\System\qGFKdXe.exe
  C:\Windows\System\qGFKdXe.exe
  2⤵
  PID:2664
- C:\Windows\System\EWhvyMo.exe
  C:\Windows\System\EWhvyMo.exe
  2⤵
  PID:1768
- C:\Windows\System\igpIHIv.exe
  C:\Windows\System\igpIHIv.exe
  2⤵
  PID:2756
- C:\Windows\System\ZJrjUlY.exe
  C:\Windows\System\ZJrjUlY.exe
  2⤵
  PID:1192
- C:\Windows\System\wgjRDKn.exe
  C:\Windows\System\wgjRDKn.exe
  2⤵
  PID:2332
- C:\Windows\System\sPaFylT.exe
  C:\Windows\System\sPaFylT.exe
  2⤵
  PID:1304
- C:\Windows\System\iqMPLMK.exe
  C:\Windows\System\iqMPLMK.exe
  2⤵
  PID:3120
- C:\Windows\System\kasDbTZ.exe
  C:\Windows\System\kasDbTZ.exe
  2⤵
  PID:3196
- C:\Windows\System\CrTkudl.exe
  C:\Windows\System\CrTkudl.exe
  2⤵
  PID:2708
- C:\Windows\System\vFeWZnb.exe
  C:\Windows\System\vFeWZnb.exe
  2⤵
  PID:1320
- C:\Windows\System\VbaQWfz.exe
  C:\Windows\System\VbaQWfz.exe
  2⤵
  PID:2656
- C:\Windows\System\JhyDPGn.exe
  C:\Windows\System\JhyDPGn.exe
  2⤵
  PID:1364
- C:\Windows\System\obXZFMf.exe
  C:\Windows\System\obXZFMf.exe
  2⤵
  PID:840
- C:\Windows\System\xfCqfOB.exe
  C:\Windows\System\xfCqfOB.exe
  2⤵
  PID:3140
- C:\Windows\System\bvKDgdL.exe
  C:\Windows\System\bvKDgdL.exe
  2⤵
  PID:3204
- C:\Windows\System\vFwfNRS.exe
  C:\Windows\System\vFwfNRS.exe
  2⤵
  PID:3220
- C:\Windows\System\RwcFymm.exe
  C:\Windows\System\RwcFymm.exe
  2⤵
  PID:3236
- C:\Windows\System\ZwIVENW.exe
  C:\Windows\System\ZwIVENW.exe
  2⤵
  PID:3304
- C:\Windows\System\jvWnfRT.exe
  C:\Windows\System\jvWnfRT.exe
  2⤵
  PID:3376
- C:\Windows\System\OpNlcVv.exe
  C:\Windows\System\OpNlcVv.exe
  2⤵
  PID:3412
- C:\Windows\System\DSkVZew.exe
  C:\Windows\System\DSkVZew.exe
  2⤵
  PID:3484
- C:\Windows\System\cBRqwlS.exe
  C:\Windows\System\cBRqwlS.exe
  2⤵
  PID:3556
- C:\Windows\System\YrxvqoX.exe
  C:\Windows\System\YrxvqoX.exe
  2⤵
  PID:3624
- C:\Windows\System\xYMvidw.exe
  C:\Windows\System\xYMvidw.exe
  2⤵
  PID:3668
- C:\Windows\System\hawQKLk.exe
  C:\Windows\System\hawQKLk.exe
  2⤵
  PID:3720
- C:\Windows\System\WRRtfQL.exe
  C:\Windows\System\WRRtfQL.exe
  2⤵
  PID:3256
- C:\Windows\System\QlARQzA.exe
  C:\Windows\System\QlARQzA.exe
  2⤵
  PID:3744
- C:\Windows\System\FjxlgmP.exe
  C:\Windows\System\FjxlgmP.exe
  2⤵
  PID:3784
- C:\Windows\System\mKoYWEj.exe
  C:\Windows\System\mKoYWEj.exe
  2⤵
  PID:3824
- C:\Windows\System\FtjIPLA.exe
  C:\Windows\System\FtjIPLA.exe
  2⤵
  PID:3860
- C:\Windows\System\tjtlgfe.exe
  C:\Windows\System\tjtlgfe.exe
  2⤵
  PID:3284
- C:\Windows\System\axCXvtv.exe
  C:\Windows\System\axCXvtv.exe
  2⤵
  PID:3328
- C:\Windows\System\RYmDZEO.exe
  C:\Windows\System\RYmDZEO.exe
  2⤵
  PID:3428
- C:\Windows\System\zGsYOTG.exe
  C:\Windows\System\zGsYOTG.exe
  2⤵
  PID:3472
- C:\Windows\System\dxGucod.exe
  C:\Windows\System\dxGucod.exe
  2⤵
  PID:3540
- C:\Windows\System\WBBrRKT.exe
  C:\Windows\System\WBBrRKT.exe
  2⤵
  PID:3608
- C:\Windows\System\ErAEXhM.exe
  C:\Windows\System\ErAEXhM.exe
  2⤵
  PID:3936
- C:\Windows\System\hgipusI.exe
  C:\Windows\System\hgipusI.exe
  2⤵
  PID:3952
- C:\Windows\System\JujAffR.exe
  C:\Windows\System\JujAffR.exe
  2⤵
  PID:3968
- C:\Windows\System\QqYAgFU.exe
  C:\Windows\System\QqYAgFU.exe
  2⤵
  PID:3984
- C:\Windows\System\dvlFrRI.exe
  C:\Windows\System\dvlFrRI.exe
  2⤵
  PID:4048
- C:\Windows\System\aqIYBOn.exe
  C:\Windows\System\aqIYBOn.exe
  2⤵
  PID:3996
- C:\Windows\System\lmYuesl.exe
  C:\Windows\System\lmYuesl.exe
  2⤵
  PID:4028
- C:\Windows\System\FmEdobz.exe
  C:\Windows\System\FmEdobz.exe
  2⤵
  PID:2908
- C:\Windows\System\lGHxnxV.exe
  C:\Windows\System\lGHxnxV.exe
  2⤵
  PID:2096
- C:\Windows\System\pllAsRu.exe
  C:\Windows\System\pllAsRu.exe
  2⤵
  PID:1516
- C:\Windows\System\gHZhzNl.exe
  C:\Windows\System\gHZhzNl.exe
  2⤵
  PID:1328
- C:\Windows\System\ROycvsS.exe
  C:\Windows\System\ROycvsS.exe
  2⤵
  PID:1680
- C:\Windows\System\PlZxyqY.exe
  C:\Windows\System\PlZxyqY.exe
  2⤵
  PID:2324
- C:\Windows\System\YtQElRq.exe
  C:\Windows\System\YtQElRq.exe
  2⤵
  PID:3152
- C:\Windows\System\eccoYZU.exe
  C:\Windows\System\eccoYZU.exe
  2⤵
  PID:3340
- C:\Windows\System\ExuAQHQ.exe
  C:\Windows\System\ExuAQHQ.exe
  2⤵
  PID:3592
- C:\Windows\System\MtndHUr.exe
  C:\Windows\System\MtndHUr.exe
  2⤵
  PID:3816
- C:\Windows\System\YtoBgMV.exe
  C:\Windows\System\YtoBgMV.exe
  2⤵
  PID:3364
- C:\Windows\System\UlSQrxx.exe
  C:\Windows\System\UlSQrxx.exe
  2⤵
  PID:3508
- C:\Windows\System\RwgrowW.exe
  C:\Windows\System\RwgrowW.exe
  2⤵
  PID:3688
- C:\Windows\System\iTkpDfN.exe
  C:\Windows\System\iTkpDfN.exe
  2⤵
  PID:3104
- C:\Windows\System\IldbvBv.exe
  C:\Windows\System\IldbvBv.exe
  2⤵
  PID:3844
- C:\Windows\System\yUcPAFD.exe
  C:\Windows\System\yUcPAFD.exe
  2⤵
  PID:3684
- C:\Windows\System\BRMGjrf.exe
  C:\Windows\System\BRMGjrf.exe
  2⤵
  PID:1924
- C:\Windows\System\tAMdvwV.exe
  C:\Windows\System\tAMdvwV.exe
  2⤵
  PID:3272
- C:\Windows\System\ItgPCaI.exe
  C:\Windows\System\ItgPCaI.exe
  2⤵
  PID:3524
- C:\Windows\System\kUEdxgn.exe
  C:\Windows\System\kUEdxgn.exe
  2⤵
  PID:3924
- C:\Windows\System\JtVazTD.exe
  C:\Windows\System\JtVazTD.exe
  2⤵
  PID:3964
- C:\Windows\System\ZTNxACZ.exe
  C:\Windows\System\ZTNxACZ.exe
  2⤵
  PID:3664
- C:\Windows\System\VPNgPzy.exe
  C:\Windows\System\VPNgPzy.exe
  2⤵
  PID:3044
- C:\Windows\System\BqWggle.exe
  C:\Windows\System\BqWggle.exe
  2⤵
  PID:3324
- C:\Windows\System\trCJMRn.exe
  C:\Windows\System\trCJMRn.exe
  2⤵
  PID:3580
- C:\Windows\System\zQQPNKw.exe
  C:\Windows\System\zQQPNKw.exe
  2⤵
  PID:4016
- C:\Windows\System\eyjyBlh.exe
  C:\Windows\System\eyjyBlh.exe
  2⤵
  PID:1932
- C:\Windows\System\PPjoTDO.exe
  C:\Windows\System\PPjoTDO.exe
  2⤵
  PID:3980
- C:\Windows\System\aXytddA.exe
  C:\Windows\System\aXytddA.exe
  2⤵
  PID:904
- C:\Windows\System\PbjuLNu.exe
  C:\Windows\System\PbjuLNu.exe
  2⤵
  PID:3148
- C:\Windows\System\moYBJMK.exe
  C:\Windows\System\moYBJMK.exe
  2⤵
  PID:3184
- C:\Windows\System\PSEJPPX.exe
  C:\Windows\System\PSEJPPX.exe
  2⤵
  PID:2716
- C:\Windows\System\RCKNtuW.exe
  C:\Windows\System\RCKNtuW.exe
  2⤵
  PID:3344
- C:\Windows\System\FKiaSTt.exe
  C:\Windows\System\FKiaSTt.exe
  2⤵
  PID:3696
- C:\Windows\System\IClkgSh.exe
  C:\Windows\System\IClkgSh.exe
  2⤵
  PID:3772
- C:\Windows\System\OFgtYgt.exe
  C:\Windows\System\OFgtYgt.exe
  2⤵
  PID:3212
- C:\Windows\System\OhuKNWb.exe
  C:\Windows\System\OhuKNWb.exe
  2⤵
  PID:3864
- C:\Windows\System\kxkPjVr.exe
  C:\Windows\System\kxkPjVr.exe
  2⤵
  PID:3948
- C:\Windows\System\MwJYRQQ.exe
  C:\Windows\System\MwJYRQQ.exe
  2⤵
  PID:3932
- C:\Windows\System\DLRAswL.exe
  C:\Windows\System\DLRAswL.exe
  2⤵
  PID:3576
- C:\Windows\System\HpVlnAp.exe
  C:\Windows\System\HpVlnAp.exe
  2⤵
  PID:4084
- C:\Windows\System\iegflmP.exe
  C:\Windows\System\iegflmP.exe
  2⤵
  PID:3976
- C:\Windows\System\XgGyNua.exe
  C:\Windows\System\XgGyNua.exe
  2⤵
  PID:2892
- C:\Windows\System\MmYakpy.exe
  C:\Windows\System\MmYakpy.exe
  2⤵
  PID:3116
- C:\Windows\System\IfUqYSb.exe
  C:\Windows\System\IfUqYSb.exe
  2⤵
  PID:676
- C:\Windows\System\JxOHcyf.exe
  C:\Windows\System\JxOHcyf.exe
  2⤵
  PID:4060
- C:\Windows\System\SuYpukS.exe
  C:\Windows\System\SuYpukS.exe
  2⤵
  PID:2616
- C:\Windows\System\oSZhuPh.exe
  C:\Windows\System\oSZhuPh.exe
  2⤵
  PID:3840
- C:\Windows\System\nvSCSCh.exe
  C:\Windows\System\nvSCSCh.exe
  2⤵
  PID:4104
- C:\Windows\System\lhgQHfd.exe
  C:\Windows\System\lhgQHfd.exe
  2⤵
  PID:4120
- C:\Windows\System\iCOUlvJ.exe
  C:\Windows\System\iCOUlvJ.exe
  2⤵
  PID:4136
- C:\Windows\System\YEkgONP.exe
  C:\Windows\System\YEkgONP.exe
  2⤵
  PID:4152
- C:\Windows\System\EUMkptK.exe
  C:\Windows\System\EUMkptK.exe
  2⤵
  PID:4168
- C:\Windows\System\CSpTuao.exe
  C:\Windows\System\CSpTuao.exe
  2⤵
  PID:4184
- C:\Windows\System\uoSExYf.exe
  C:\Windows\System\uoSExYf.exe
  2⤵
  PID:4200
- C:\Windows\System\GpyWUrU.exe
  C:\Windows\System\GpyWUrU.exe
  2⤵
  PID:4216
- C:\Windows\System\BREXSuu.exe
  C:\Windows\System\BREXSuu.exe
  2⤵
  PID:4232
- C:\Windows\System\qehrVMC.exe
  C:\Windows\System\qehrVMC.exe
  2⤵
  PID:4248
- C:\Windows\System\tJlTogR.exe
  C:\Windows\System\tJlTogR.exe
  2⤵
  PID:4368
- C:\Windows\System\PdXJgQw.exe
  C:\Windows\System\PdXJgQw.exe
  2⤵
  PID:4384
- C:\Windows\System\ARBOlOK.exe
  C:\Windows\System\ARBOlOK.exe
  2⤵
  PID:4404
- C:\Windows\System\yTtxBhr.exe
  C:\Windows\System\yTtxBhr.exe
  2⤵
  PID:4420
- C:\Windows\System\QEaMhHO.exe
  C:\Windows\System\QEaMhHO.exe
  2⤵
  PID:4436
- C:\Windows\System\PQOBslm.exe
  C:\Windows\System\PQOBslm.exe
  2⤵
  PID:4456
- C:\Windows\System\awdHAhQ.exe
  C:\Windows\System\awdHAhQ.exe
  2⤵
  PID:4476
- C:\Windows\System\raXiuqK.exe
  C:\Windows\System\raXiuqK.exe
  2⤵
  PID:4492
- C:\Windows\System\LjiEqiO.exe
  C:\Windows\System\LjiEqiO.exe
  2⤵
  PID:4508
- C:\Windows\System\eEewfdE.exe
  C:\Windows\System\eEewfdE.exe
  2⤵
  PID:4528
- C:\Windows\System\MWVBUhd.exe
  C:\Windows\System\MWVBUhd.exe
  2⤵
  PID:4544
- C:\Windows\System\JHfgiAJ.exe
  C:\Windows\System\JHfgiAJ.exe
  2⤵
  PID:4560
- C:\Windows\System\AKgSQea.exe
  C:\Windows\System\AKgSQea.exe
  2⤵
  PID:4580
- C:\Windows\System\oOZSFTE.exe
  C:\Windows\System\oOZSFTE.exe
  2⤵
  PID:4600
- C:\Windows\System\AIGJzCX.exe
  C:\Windows\System\AIGJzCX.exe
  2⤵
  PID:4668
- C:\Windows\System\FjLYSli.exe
  C:\Windows\System\FjLYSli.exe
  2⤵
  PID:4684
- C:\Windows\System\AOMWQgV.exe
  C:\Windows\System\AOMWQgV.exe
  2⤵
  PID:4700
- C:\Windows\System\JRXlvgW.exe
  C:\Windows\System\JRXlvgW.exe
  2⤵
  PID:4716
- C:\Windows\System\yGInZbl.exe
  C:\Windows\System\yGInZbl.exe
  2⤵
  PID:4736
- C:\Windows\System\umTeKTu.exe
  C:\Windows\System\umTeKTu.exe
  2⤵
  PID:4752
- C:\Windows\System\vJnovpO.exe
  C:\Windows\System\vJnovpO.exe
  2⤵
  PID:4768
- C:\Windows\System\KhVdfZa.exe
  C:\Windows\System\KhVdfZa.exe
  2⤵
  PID:4788
- C:\Windows\System\TunuatJ.exe
  C:\Windows\System\TunuatJ.exe
  2⤵
  PID:4808
- C:\Windows\System\ZUGwqRm.exe
  C:\Windows\System\ZUGwqRm.exe
  2⤵
  PID:4828
- C:\Windows\System\SaHmBav.exe
  C:\Windows\System\SaHmBav.exe
  2⤵
  PID:4844
- C:\Windows\System\WfySUCd.exe
  C:\Windows\System\WfySUCd.exe
  2⤵
  PID:4868
- C:\Windows\System\bwHtWss.exe
  C:\Windows\System\bwHtWss.exe
  2⤵
  PID:4884
- C:\Windows\System\dPCtIrL.exe
  C:\Windows\System\dPCtIrL.exe
  2⤵
  PID:4900
- C:\Windows\System\pKtnwmp.exe
  C:\Windows\System\pKtnwmp.exe
  2⤵
  PID:4920
- C:\Windows\System\kNgBTuF.exe
  C:\Windows\System\kNgBTuF.exe
  2⤵
  PID:4936
- C:\Windows\System\omBahhX.exe
  C:\Windows\System\omBahhX.exe
  2⤵
  PID:4956
- C:\Windows\System\dplEfBa.exe
  C:\Windows\System\dplEfBa.exe
  2⤵
  PID:4972
- C:\Windows\System\IlpsaYB.exe
  C:\Windows\System\IlpsaYB.exe
  2⤵
  PID:4992
- C:\Windows\System\NHuUDVH.exe
  C:\Windows\System\NHuUDVH.exe
  2⤵
  PID:5008
- C:\Windows\System\rBSIgYh.exe
  C:\Windows\System\rBSIgYh.exe
  2⤵
  PID:5036
- C:\Windows\System\IfHbyGD.exe
  C:\Windows\System\IfHbyGD.exe
  2⤵
  PID:5060
- C:\Windows\System\gICapND.exe
  C:\Windows\System\gICapND.exe
  2⤵
  PID:5100
- C:\Windows\System\kETjmJC.exe
  C:\Windows\System\kETjmJC.exe
  2⤵
  PID:5116
- C:\Windows\System\DJhGiqt.exe
  C:\Windows\System\DJhGiqt.exe
  2⤵
  PID:3836
- C:\Windows\System\QjAFPCI.exe
  C:\Windows\System\QjAFPCI.exe
  2⤵
  PID:3200
- C:\Windows\System\qIKrCvf.exe
  C:\Windows\System\qIKrCvf.exe
  2⤵
  PID:3136
- C:\Windows\System\WJshwnt.exe
  C:\Windows\System\WJshwnt.exe
  2⤵
  PID:4208
- C:\Windows\System\dVidMEI.exe
  C:\Windows\System\dVidMEI.exe
  2⤵
  PID:4240
- C:\Windows\System\QUOrGOM.exe
  C:\Windows\System\QUOrGOM.exe
  2⤵
  PID:3452
- C:\Windows\System\RWDamnY.exe
  C:\Windows\System\RWDamnY.exe
  2⤵
  PID:3348
- C:\Windows\System\IjBuHJD.exe
  C:\Windows\System\IjBuHJD.exe
  2⤵
  PID:3920
- C:\Windows\System\SuREnrV.exe
  C:\Windows\System\SuREnrV.exe
  2⤵
  PID:1736
- C:\Windows\System\WsLMIXK.exe
  C:\Windows\System\WsLMIXK.exe
  2⤵
  PID:4268
- C:\Windows\System\ZzRMdpm.exe
  C:\Windows\System\ZzRMdpm.exe
  2⤵
  PID:4416
- C:\Windows\System\WXGqWpC.exe
  C:\Windows\System\WXGqWpC.exe
  2⤵
  PID:4488
- C:\Windows\System\wPySkfR.exe
  C:\Windows\System\wPySkfR.exe
  2⤵
  PID:4524
- C:\Windows\System\ZEKnZup.exe
  C:\Windows\System\ZEKnZup.exe
  2⤵
  PID:4596
- C:\Windows\System\wJWwpQZ.exe
  C:\Windows\System\wJWwpQZ.exe
  2⤵
  PID:4256
- C:\Windows\System\RrPxHgO.exe
  C:\Windows\System\RrPxHgO.exe
  2⤵
  PID:4504
- C:\Windows\System\CirdEep.exe
  C:\Windows\System\CirdEep.exe
  2⤵
  PID:4568
- C:\Windows\System\hxImcuZ.exe
  C:\Windows\System\hxImcuZ.exe
  2⤵
  PID:4608
- C:\Windows\System\EDGptYm.exe
  C:\Windows\System\EDGptYm.exe
  2⤵
  PID:4292
- C:\Windows\System\CWpShre.exe
  C:\Windows\System\CWpShre.exe
  2⤵
  PID:4312
- C:\Windows\System\azHxtHw.exe
  C:\Windows\System\azHxtHw.exe
  2⤵
  PID:4336
- C:\Windows\System\UAAHSaC.exe
  C:\Windows\System\UAAHSaC.exe
  2⤵
  PID:4352
- C:\Windows\System\vozLYlI.exe
  C:\Windows\System\vozLYlI.exe
  2⤵
  PID:4392
- C:\Windows\System\nhqXmUu.exe
  C:\Windows\System\nhqXmUu.exe
  2⤵
  PID:4464
- C:\Windows\System\GXKBCyr.exe
  C:\Windows\System\GXKBCyr.exe
  2⤵
  PID:4696
- C:\Windows\System\TahxgAl.exe
  C:\Windows\System\TahxgAl.exe
  2⤵
  PID:4760
- C:\Windows\System\RCuKwtS.exe
  C:\Windows\System\RCuKwtS.exe
  2⤵
  PID:4616
- C:\Windows\System\eNDQLgA.exe
  C:\Windows\System\eNDQLgA.exe
  2⤵
  PID:4676
- C:\Windows\System\jlnxHID.exe
  C:\Windows\System\jlnxHID.exe
  2⤵
  PID:4744
- C:\Windows\System\yfRNNXh.exe
  C:\Windows\System\yfRNNXh.exe
  2⤵
  PID:4784
- C:\Windows\System\xMzWBgI.exe
  C:\Windows\System\xMzWBgI.exe
  2⤵
  PID:4880
- C:\Windows\System\UBKhUgW.exe
  C:\Windows\System\UBKhUgW.exe
  2⤵
  PID:4852
- C:\Windows\System\BIKqcfW.exe
  C:\Windows\System\BIKqcfW.exe
  2⤵
  PID:4952
- C:\Windows\System\UcPlhTE.exe
  C:\Windows\System\UcPlhTE.exe
  2⤵
  PID:5068
- C:\Windows\System\NpDGJpm.exe
  C:\Windows\System\NpDGJpm.exe
  2⤵
  PID:5084
- C:\Windows\System\GTOunbs.exe
  C:\Windows\System\GTOunbs.exe
  2⤵
  PID:3728
- C:\Windows\System\oqlOUxE.exe
  C:\Windows\System\oqlOUxE.exe
  2⤵
  PID:2280
- C:\Windows\System\KhXfoUV.exe
  C:\Windows\System\KhXfoUV.exe
  2⤵
  PID:3416
- C:\Windows\System\PBKsHvQ.exe
  C:\Windows\System\PBKsHvQ.exe
  2⤵
  PID:4520
- C:\Windows\System\XMYwXuz.exe
  C:\Windows\System\XMYwXuz.exe
  2⤵
  PID:4860
- C:\Windows\System\ZIypzoj.exe
  C:\Windows\System\ZIypzoj.exe
  2⤵
  PID:4100
- C:\Windows\System\MgmiSJy.exe
  C:\Windows\System\MgmiSJy.exe
  2⤵
  PID:4864
- C:\Windows\System\UzJPvNI.exe
  C:\Windows\System\UzJPvNI.exe
  2⤵
  PID:4964
- C:\Windows\System\EPuNoOU.exe
  C:\Windows\System\EPuNoOU.exe
  2⤵
  PID:4452
- C:\Windows\System\oboTwbL.exe
  C:\Windows\System\oboTwbL.exe
  2⤵
  PID:2328
- C:\Windows\System\mlfNkoR.exe
  C:\Windows\System\mlfNkoR.exe
  2⤵
  PID:5052
- C:\Windows\System\UjFMGdP.exe
  C:\Windows\System\UjFMGdP.exe
  2⤵
  PID:4656
- C:\Windows\System\HxALxfg.exe
  C:\Windows\System\HxALxfg.exe
  2⤵
  PID:4364
- C:\Windows\System\cNSkeDX.exe
  C:\Windows\System\cNSkeDX.exe
  2⤵
  PID:4692
- C:\Windows\System\XlEymKc.exe
  C:\Windows\System\XlEymKc.exe
  2⤵
  PID:4984
- C:\Windows\System\bTMSKox.exe
  C:\Windows\System\bTMSKox.exe
  2⤵
  PID:4708
- C:\Windows\System\DQjZPws.exe
  C:\Windows\System\DQjZPws.exe
  2⤵
  PID:4288
- C:\Windows\System\hfzkTmk.exe
  C:\Windows\System\hfzkTmk.exe
  2⤵
  PID:4164
- C:\Windows\System\wOYSrCg.exe
  C:\Windows\System\wOYSrCg.exe
  2⤵
  PID:576
- C:\Windows\System\vCXWhZN.exe
  C:\Windows\System\vCXWhZN.exe
  2⤵
  PID:4540
- C:\Windows\System\GCTSYGX.exe
  C:\Windows\System\GCTSYGX.exe
  2⤵
  PID:4640
- C:\Windows\System\EevliJZ.exe
  C:\Windows\System\EevliJZ.exe
  2⤵
  PID:4300
- C:\Windows\System\hoFDmoS.exe
  C:\Windows\System\hoFDmoS.exe
  2⤵
  PID:4400
- C:\Windows\System\nIpzBfl.exe
  C:\Windows\System\nIpzBfl.exe
  2⤵
  PID:4836
- C:\Windows\System\pITfjPe.exe
  C:\Windows\System\pITfjPe.exe
  2⤵
  PID:5016
- C:\Windows\System\MtnbSVu.exe
  C:\Windows\System\MtnbSVu.exe
  2⤵
  PID:5024
- C:\Windows\System\JfsyDhT.exe
  C:\Windows\System\JfsyDhT.exe
  2⤵
  PID:1856
- C:\Windows\System\kvaaJqE.exe
  C:\Windows\System\kvaaJqE.exe
  2⤵
  PID:5000
- C:\Windows\System\WtLxHRc.exe
  C:\Windows\System\WtLxHRc.exe
  2⤵
  PID:5108
- C:\Windows\System\YdXhEuq.exe
  C:\Windows\System\YdXhEuq.exe
  2⤵
  PID:4500
- C:\Windows\System\WhpcVFE.exe
  C:\Windows\System\WhpcVFE.exe
  2⤵
  PID:4556
- C:\Windows\System\FqMzPnl.exe
  C:\Windows\System\FqMzPnl.exe
  2⤵
  PID:4876
- C:\Windows\System\lCkkYWF.exe
  C:\Windows\System\lCkkYWF.exe
  2⤵
  PID:4516
- C:\Windows\System\wpCgUEI.exe
  C:\Windows\System\wpCgUEI.exe
  2⤵
  PID:4932
- C:\Windows\System\MkACfdY.exe
  C:\Windows\System\MkACfdY.exe
  2⤵
  PID:4576
- C:\Windows\System\gifrneU.exe
  C:\Windows\System\gifrneU.exe
  2⤵
  PID:4308
- C:\Windows\System\ZHOsVjB.exe
  C:\Windows\System\ZHOsVjB.exe
  2⤵
  PID:4916
- C:\Windows\System\TBYRrZp.exe
  C:\Windows\System\TBYRrZp.exe
  2⤵
  PID:4732
- C:\Windows\System\IziTQHz.exe
  C:\Windows\System\IziTQHz.exe
  2⤵
  PID:3716
- C:\Windows\System\jCVKjdo.exe
  C:\Windows\System\jCVKjdo.exe
  2⤵
  PID:4116
- C:\Windows\System\ipPSYVS.exe
  C:\Windows\System\ipPSYVS.exe
  2⤵
  PID:4196
- C:\Windows\System\jBpuevu.exe
  C:\Windows\System\jBpuevu.exe
  2⤵
  PID:4328
- C:\Windows\System\JPCAAJH.exe
  C:\Windows\System\JPCAAJH.exe
  2⤵
  PID:4804
- C:\Windows\System\USwlgfq.exe
  C:\Windows\System\USwlgfq.exe
  2⤵
  PID:4128
- C:\Windows\System\BjWdVHB.exe
  C:\Windows\System\BjWdVHB.exe
  2⤵
  PID:4780
- C:\Windows\System\wqfrelS.exe
  C:\Windows\System\wqfrelS.exe
  2⤵
  PID:4796
- C:\Windows\System\kbIkKdC.exe
  C:\Windows\System\kbIkKdC.exe
  2⤵
  PID:3736
- C:\Windows\System\xkQrrmp.exe
  C:\Windows\System\xkQrrmp.exe
  2⤵
  PID:4144
- C:\Windows\System\BemSoli.exe
  C:\Windows\System\BemSoli.exe
  2⤵
  PID:4380
- C:\Windows\System\IyXPHGS.exe
  C:\Windows\System\IyXPHGS.exe
  2⤵
  PID:5136
- C:\Windows\System\KplsXbK.exe
  C:\Windows\System\KplsXbK.exe
  2⤵
  PID:5160
- C:\Windows\System\dRrgjRr.exe
  C:\Windows\System\dRrgjRr.exe
  2⤵
  PID:5180
- C:\Windows\System\TVspuSz.exe
  C:\Windows\System\TVspuSz.exe
  2⤵
  PID:5200
- C:\Windows\System\heEeTVd.exe
  C:\Windows\System\heEeTVd.exe
  2⤵
  PID:5220
- C:\Windows\System\KsgWeOF.exe
  C:\Windows\System\KsgWeOF.exe
  2⤵
  PID:5236
- C:\Windows\System\RPpRanN.exe
  C:\Windows\System\RPpRanN.exe
  2⤵
  PID:5256
- C:\Windows\System\zXeGZox.exe
  C:\Windows\System\zXeGZox.exe
  2⤵
  PID:5276
- C:\Windows\System\bfPBMIc.exe
  C:\Windows\System\bfPBMIc.exe
  2⤵
  PID:5300
- C:\Windows\System\bTfqjDn.exe
  C:\Windows\System\bTfqjDn.exe
  2⤵
  PID:5320
- C:\Windows\System\wVHfRku.exe
  C:\Windows\System\wVHfRku.exe
  2⤵
  PID:5336
- C:\Windows\System\SXeyKUO.exe
  C:\Windows\System\SXeyKUO.exe
  2⤵
  PID:5360
- C:\Windows\System\zFexooB.exe
  C:\Windows\System\zFexooB.exe
  2⤵
  PID:5376
- C:\Windows\System\mbeDhsu.exe
  C:\Windows\System\mbeDhsu.exe
  2⤵
  PID:5400
- C:\Windows\System\oXqwHVS.exe
  C:\Windows\System\oXqwHVS.exe
  2⤵
  PID:5416
- C:\Windows\System\kPGKfiJ.exe
  C:\Windows\System\kPGKfiJ.exe
  2⤵
  PID:5432
- C:\Windows\System\fmqcdhV.exe
  C:\Windows\System\fmqcdhV.exe
  2⤵
  PID:5460
- C:\Windows\System\oCEbIWg.exe
  C:\Windows\System\oCEbIWg.exe
  2⤵
  PID:5480
- C:\Windows\System\Xugkmjv.exe
  C:\Windows\System\Xugkmjv.exe
  2⤵
  PID:5500
- C:\Windows\System\OJMiAvR.exe
  C:\Windows\System\OJMiAvR.exe
  2⤵
  PID:5520
- C:\Windows\System\BNkgjWM.exe
  C:\Windows\System\BNkgjWM.exe
  2⤵
  PID:5536
- C:\Windows\System\uCoOplA.exe
  C:\Windows\System\uCoOplA.exe
  2⤵
  PID:5556
- C:\Windows\System\xQEWwQT.exe
  C:\Windows\System\xQEWwQT.exe
  2⤵
  PID:5576
- C:\Windows\System\tGZwoEU.exe
  C:\Windows\System\tGZwoEU.exe
  2⤵
  PID:5600
- C:\Windows\System\abGYVdU.exe
  C:\Windows\System\abGYVdU.exe
  2⤵
  PID:5620
- C:\Windows\System\qvsUQzQ.exe
  C:\Windows\System\qvsUQzQ.exe
  2⤵
  PID:5640
- C:\Windows\System\oPuHBwo.exe
  C:\Windows\System\oPuHBwo.exe
  2⤵
  PID:5660
- C:\Windows\System\MdoiAbV.exe
  C:\Windows\System\MdoiAbV.exe
  2⤵
  PID:5680
- C:\Windows\System\jyTFGsP.exe
  C:\Windows\System\jyTFGsP.exe
  2⤵
  PID:5696
- C:\Windows\System\yzoPZPH.exe
  C:\Windows\System\yzoPZPH.exe
  2⤵
  PID:5716
- C:\Windows\System\FLuGVfu.exe
  C:\Windows\System\FLuGVfu.exe
  2⤵
  PID:5736
- C:\Windows\System\VnrLGio.exe
  C:\Windows\System\VnrLGio.exe
  2⤵
  PID:5752
- C:\Windows\System\XJzEeab.exe
  C:\Windows\System\XJzEeab.exe
  2⤵
  PID:5776
- C:\Windows\System\wNXDIKM.exe
  C:\Windows\System\wNXDIKM.exe
  2⤵
  PID:5792
- C:\Windows\System\eoRumri.exe
  C:\Windows\System\eoRumri.exe
  2⤵
  PID:5816
- C:\Windows\System\KgrYnHo.exe
  C:\Windows\System\KgrYnHo.exe
  2⤵
  PID:5832
- C:\Windows\System\mQcQWkP.exe
  C:\Windows\System\mQcQWkP.exe
  2⤵
  PID:5856
- C:\Windows\System\jlgRNzu.exe
  C:\Windows\System\jlgRNzu.exe
  2⤵
  PID:5872
- C:\Windows\System\pyWuPBM.exe
  C:\Windows\System\pyWuPBM.exe
  2⤵
  PID:5896
- C:\Windows\System\QzTpXdN.exe
  C:\Windows\System\QzTpXdN.exe
  2⤵
  PID:5912
- C:\Windows\System\KewLVAZ.exe
  C:\Windows\System\KewLVAZ.exe
  2⤵
  PID:5936
- C:\Windows\System\OvrVOVN.exe
  C:\Windows\System\OvrVOVN.exe
  2⤵
  PID:5952
- C:\Windows\System\WjuIaaT.exe
  C:\Windows\System\WjuIaaT.exe
  2⤵
  PID:5976
- C:\Windows\System\AyYYOSd.exe
  C:\Windows\System\AyYYOSd.exe
  2⤵
  PID:6000
- C:\Windows\System\WTdzatE.exe
  C:\Windows\System\WTdzatE.exe
  2⤵
  PID:6016
- C:\Windows\System\dJetiHi.exe
  C:\Windows\System\dJetiHi.exe
  2⤵
  PID:6032
- C:\Windows\System\vwvLyYl.exe
  C:\Windows\System\vwvLyYl.exe
  2⤵
  PID:6048
- C:\Windows\System\iGXtcMG.exe
  C:\Windows\System\iGXtcMG.exe
  2⤵
  PID:6064
- C:\Windows\System\wIEVDRb.exe
  C:\Windows\System\wIEVDRb.exe
  2⤵
  PID:6080
- C:\Windows\System\XjHPjqj.exe
  C:\Windows\System\XjHPjqj.exe
  2⤵
  PID:6096
- C:\Windows\System\WYePsbe.exe
  C:\Windows\System\WYePsbe.exe
  2⤵
  PID:6112
- C:\Windows\System\SiNToOH.exe
  C:\Windows\System\SiNToOH.exe
  2⤵
  PID:6128
- C:\Windows\System\xJyhvLj.exe
  C:\Windows\System\xJyhvLj.exe
  2⤵
  PID:4912
- C:\Windows\System\hwfEDSZ.exe
  C:\Windows\System\hwfEDSZ.exe
  2⤵
  PID:4224
- C:\Windows\System\BcawbDO.exe
  C:\Windows\System\BcawbDO.exe
  2⤵
  PID:4928
- C:\Windows\System\cZroGBM.exe
  C:\Windows\System\cZroGBM.exe
  2⤵
  PID:1472
- C:\Windows\System\roRTGYn.exe
  C:\Windows\System\roRTGYn.exe
  2⤵
  PID:5004
- C:\Windows\System\tNkpQZn.exe
  C:\Windows\System\tNkpQZn.exe
  2⤵
  PID:5148
- C:\Windows\System\PksBAjM.exe
  C:\Windows\System\PksBAjM.exe
  2⤵
  PID:5176
- C:\Windows\System\eTezuEE.exe
  C:\Windows\System\eTezuEE.exe
  2⤵
  PID:5216
- C:\Windows\System\oTSTUQs.exe
  C:\Windows\System\oTSTUQs.exe
  2⤵
  PID:5272
- C:\Windows\System\RGSnTfT.exe
  C:\Windows\System\RGSnTfT.exe
  2⤵
  PID:5252
- C:\Windows\System\bdWBEzk.exe
  C:\Windows\System\bdWBEzk.exe
  2⤵
  PID:5352
- C:\Windows\System\DAOafyC.exe
  C:\Windows\System\DAOafyC.exe
  2⤵
  PID:5288
- C:\Windows\System\zAIFrrL.exe
  C:\Windows\System\zAIFrrL.exe
  2⤵
  PID:5396
- C:\Windows\System\MiyCDui.exe
  C:\Windows\System\MiyCDui.exe
  2⤵
  PID:5408
- C:\Windows\System\OcuYiRr.exe
  C:\Windows\System\OcuYiRr.exe
  2⤵
  PID:5452
- C:\Windows\System\BMvnEKg.exe
  C:\Windows\System\BMvnEKg.exe
  2⤵
  PID:5496
- C:\Windows\System\bvViwgA.exe
  C:\Windows\System\bvViwgA.exe
  2⤵
  PID:5548
- C:\Windows\System\vXnNRNm.exe
  C:\Windows\System\vXnNRNm.exe
  2⤵
  PID:5592
- C:\Windows\System\GLIgnws.exe
  C:\Windows\System\GLIgnws.exe
  2⤵
  PID:5612
- C:\Windows\System\vnXHnjn.exe
  C:\Windows\System\vnXHnjn.exe
  2⤵
  PID:5704
- C:\Windows\System\CujNahn.exe
  C:\Windows\System\CujNahn.exe
  2⤵
  PID:5744
- C:\Windows\System\VqmXUMD.exe
  C:\Windows\System\VqmXUMD.exe
  2⤵
  PID:5688
- C:\Windows\System\BEfLOIp.exe
  C:\Windows\System\BEfLOIp.exe
  2⤵
  PID:5824
- C:\Windows\System\wgwkKOk.exe
  C:\Windows\System\wgwkKOk.exe
  2⤵
  PID:5732
- C:\Windows\System\qUcakZR.exe
  C:\Windows\System\qUcakZR.exe
  2⤵
  PID:5904
- C:\Windows\System\XsovQMa.exe
  C:\Windows\System\XsovQMa.exe
  2⤵
  PID:5772
- C:\Windows\System\nMtqnXk.exe
  C:\Windows\System\nMtqnXk.exe
  2⤵
  PID:5812
- C:\Windows\System\wZktfIH.exe
  C:\Windows\System\wZktfIH.exe
  2⤵
  PID:5960
- C:\Windows\System\HhEOtUV.exe
  C:\Windows\System\HhEOtUV.exe
  2⤵
  PID:5992
- C:\Windows\System\inCELFD.exe
  C:\Windows\System\inCELFD.exe
  2⤵
  PID:5880
- C:\Windows\System\ZgtXZfL.exe
  C:\Windows\System\ZgtXZfL.exe
  2⤵
  PID:5964
- C:\Windows\System\BrxiGdu.exe
  C:\Windows\System\BrxiGdu.exe
  2⤵
  PID:5924
- C:\Windows\System\btJVTcK.exe
  C:\Windows\System\btJVTcK.exe
  2⤵
  PID:6012
- C:\Windows\System\FGNRdYm.exe
  C:\Windows\System\FGNRdYm.exe
  2⤵
  PID:6136
- C:\Windows\System\VHTJbJs.exe
  C:\Windows\System\VHTJbJs.exe
  2⤵
  PID:5092
- C:\Windows\System\QzWVQJg.exe
  C:\Windows\System\QzWVQJg.exe
  2⤵
  PID:6024
- C:\Windows\System\fMgRExY.exe
  C:\Windows\System\fMgRExY.exe
  2⤵
  PID:6092
- C:\Windows\System\yhCTmkP.exe
  C:\Windows\System\yhCTmkP.exe
  2⤵
  PID:4432
- C:\Windows\System\BsKwxPL.exe
  C:\Windows\System\BsKwxPL.exe
  2⤵
  PID:5156
- C:\Windows\System\dppeGwu.exe
  C:\Windows\System\dppeGwu.exe
  2⤵
  PID:5196
- C:\Windows\System\UQgZjpb.exe
  C:\Windows\System\UQgZjpb.exe
  2⤵
  PID:5208
- C:\Windows\System\pYIaMzT.exe
  C:\Windows\System\pYIaMzT.exe
  2⤵
  PID:5348
- C:\Windows\System\HMpSHJe.exe
  C:\Windows\System\HMpSHJe.exe
  2⤵
  PID:2452
- C:\Windows\System\enKjFft.exe
  C:\Windows\System\enKjFft.exe
  2⤵
  PID:3884
- C:\Windows\System\ezVBnIl.exe
  C:\Windows\System\ezVBnIl.exe
  2⤵
  PID:5388
- C:\Windows\System\UYDxrbj.exe
  C:\Windows\System\UYDxrbj.exe
  2⤵
  PID:5508
- C:\Windows\System\EEtKrcB.exe
  C:\Windows\System\EEtKrcB.exe
  2⤵
  PID:5316
- C:\Windows\System\Bdsykyo.exe
  C:\Windows\System\Bdsykyo.exe
  2⤵
  PID:5516
- C:\Windows\System\HYtBzmX.exe
  C:\Windows\System\HYtBzmX.exe
  2⤵
  PID:5488
- C:\Windows\System\fHyiTNg.exe
  C:\Windows\System\fHyiTNg.exe
  2⤵
  PID:5584
- C:\Windows\System\IMfOeIn.exe
  C:\Windows\System\IMfOeIn.exe
  2⤵
  PID:5652
- C:\Windows\System\dLHBgqq.exe
  C:\Windows\System\dLHBgqq.exe
  2⤵
  PID:5568
- C:\Windows\System\IyHcTcU.exe
  C:\Windows\System\IyHcTcU.exe
  2⤵
  PID:5632
- C:\Windows\System\flmtYwr.exe
  C:\Windows\System\flmtYwr.exe
  2⤵
  PID:5708
- C:\Windows\System\iIxlOqX.exe
  C:\Windows\System\iIxlOqX.exe
  2⤵
  PID:5728
- C:\Windows\System\mHqIbxV.exe
  C:\Windows\System\mHqIbxV.exe
  2⤵
  PID:5768
- C:\Windows\System\rrBPNoW.exe
  C:\Windows\System\rrBPNoW.exe
  2⤵
  PID:5944
- C:\Windows\System\zrNRHtw.exe
  C:\Windows\System\zrNRHtw.exe
  2⤵
  PID:5852
- C:\Windows\System\OpIMfmF.exe
  C:\Windows\System\OpIMfmF.exe
  2⤵
  PID:5920
- C:\Windows\System\amBVQWV.exe
  C:\Windows\System\amBVQWV.exe
  2⤵
  PID:6108
- C:\Windows\System\XfDiwQF.exe
  C:\Windows\System\XfDiwQF.exe
  2⤵
  PID:6028
- C:\Windows\System\bmcYEMt.exe
  C:\Windows\System\bmcYEMt.exe
  2⤵
  PID:2104
- C:\Windows\System\VjdNhNM.exe
  C:\Windows\System\VjdNhNM.exe
  2⤵
  PID:6072
- C:\Windows\System\jtdrKTE.exe
  C:\Windows\System\jtdrKTE.exe
  2⤵
  PID:1540
- C:\Windows\System\DQbLbRu.exe
  C:\Windows\System\DQbLbRu.exe
  2⤵
  PID:5428
- C:\Windows\System\jLIYrVY.exe
  C:\Windows\System\jLIYrVY.exe
  2⤵
  PID:5384
- C:\Windows\System\USEHZKP.exe
  C:\Windows\System\USEHZKP.exe
  2⤵
  PID:1108
- C:\Windows\System\kzqpVAn.exe
  C:\Windows\System\kzqpVAn.exe
  2⤵
  PID:1044
- C:\Windows\System\XujJAiT.exe
  C:\Windows\System\XujJAiT.exe
  2⤵
  PID:5332
- C:\Windows\System\hDzrDyz.exe
  C:\Windows\System\hDzrDyz.exe
  2⤵
  PID:5564
- C:\Windows\System\TIoMntD.exe
  C:\Windows\System\TIoMntD.exe
  2⤵
  PID:5636
- C:\Windows\System\XLQVpCG.exe
  C:\Windows\System\XLQVpCG.exe
  2⤵
  PID:5868
- C:\Windows\System\OGwmCXr.exe
  C:\Windows\System\OGwmCXr.exe
  2⤵
  PID:5988
- C:\Windows\System\YHXWNxK.exe
  C:\Windows\System\YHXWNxK.exe
  2⤵
  PID:6008
- C:\Windows\System\hRmwixV.exe
  C:\Windows\System\hRmwixV.exe
  2⤵
  PID:6088
- C:\Windows\System\efVbeXs.exe
  C:\Windows\System\efVbeXs.exe
  2⤵
  PID:5228
- C:\Windows\System\NuCkllb.exe
  C:\Windows\System\NuCkllb.exe
  2⤵
  PID:5296
- C:\Windows\System\yTBsdmp.exe
  C:\Windows\System\yTBsdmp.exe
  2⤵
  PID:3064
- C:\Windows\System\dMwHFNI.exe
  C:\Windows\System\dMwHFNI.exe
  2⤵
  PID:5544
- C:\Windows\System\mLzqQgj.exe
  C:\Windows\System\mLzqQgj.exe
  2⤵
  PID:5864
- C:\Windows\System\niowVPg.exe
  C:\Windows\System\niowVPg.exe
  2⤵
  PID:5888
- C:\Windows\System\eUMfAHk.exe
  C:\Windows\System\eUMfAHk.exe
  2⤵
  PID:5892
- C:\Windows\System\qioxJOl.exe
  C:\Windows\System\qioxJOl.exe
  2⤵
  PID:5248
- C:\Windows\System\NwpyKSa.exe
  C:\Windows\System\NwpyKSa.exe
  2⤵
  PID:5264
- C:\Windows\System\uwZSvse.exe
  C:\Windows\System\uwZSvse.exe
  2⤵
  PID:6156
- C:\Windows\System\ONqRyPT.exe
  C:\Windows\System\ONqRyPT.exe
  2⤵
  PID:6172
- C:\Windows\System\gAVliwF.exe
  C:\Windows\System\gAVliwF.exe
  2⤵
  PID:6188
- C:\Windows\System\yIzqUuS.exe
  C:\Windows\System\yIzqUuS.exe
  2⤵
  PID:6204
- C:\Windows\System\IkiKgqz.exe
  C:\Windows\System\IkiKgqz.exe
  2⤵
  PID:6220
- C:\Windows\System\RSVSgos.exe
  C:\Windows\System\RSVSgos.exe
  2⤵
  PID:6240
- C:\Windows\System\uZydliF.exe
  C:\Windows\System\uZydliF.exe
  2⤵
  PID:6256
- C:\Windows\System\HdOKLOm.exe
  C:\Windows\System\HdOKLOm.exe
  2⤵
  PID:6272
- C:\Windows\System\GTwevoV.exe
  C:\Windows\System\GTwevoV.exe
  2⤵
  PID:6288
- C:\Windows\System\QHBeLmF.exe
  C:\Windows\System\QHBeLmF.exe
  2⤵
  PID:6304
- C:\Windows\System\OstAhqx.exe
  C:\Windows\System\OstAhqx.exe
  2⤵
  PID:6320
- C:\Windows\System\UTvyPpP.exe
  C:\Windows\System\UTvyPpP.exe
  2⤵
  PID:6336
- C:\Windows\System\LeiZTCV.exe
  C:\Windows\System\LeiZTCV.exe
  2⤵
  PID:6360
- C:\Windows\System\XvxbNnS.exe
  C:\Windows\System\XvxbNnS.exe
  2⤵
  PID:6380
- C:\Windows\System\qXwwoXQ.exe
  C:\Windows\System\qXwwoXQ.exe
  2⤵
  PID:6396
- C:\Windows\System\libhJSa.exe
  C:\Windows\System\libhJSa.exe
  2⤵
  PID:6412
- C:\Windows\System\hbMvCjb.exe
  C:\Windows\System\hbMvCjb.exe
  2⤵
  PID:6428
- C:\Windows\System\eDOTiDs.exe
  C:\Windows\System\eDOTiDs.exe
  2⤵
  PID:6444
- C:\Windows\System\ZTBwsCy.exe
  C:\Windows\System\ZTBwsCy.exe
  2⤵
  PID:6460
- C:\Windows\System\GRbWyLl.exe
  C:\Windows\System\GRbWyLl.exe
  2⤵
  PID:6476
- C:\Windows\System\XkTcDSF.exe
  C:\Windows\System\XkTcDSF.exe
  2⤵
  PID:6492
- C:\Windows\System\lhzDgOo.exe
  C:\Windows\System\lhzDgOo.exe
  2⤵
  PID:6508
- C:\Windows\System\tfhIKrB.exe
  C:\Windows\System\tfhIKrB.exe
  2⤵
  PID:6524
- C:\Windows\System\NBNmkvA.exe
  C:\Windows\System\NBNmkvA.exe
  2⤵
  PID:6540
- C:\Windows\System\JBveWrP.exe
  C:\Windows\System\JBveWrP.exe
  2⤵
  PID:6556
- C:\Windows\System\MacjgHG.exe
  C:\Windows\System\MacjgHG.exe
  2⤵
  PID:6572
- C:\Windows\System\pxVcNmQ.exe
  C:\Windows\System\pxVcNmQ.exe
  2⤵
  PID:6588
- C:\Windows\System\ICzhsHH.exe
  C:\Windows\System\ICzhsHH.exe
  2⤵
  PID:6604
- C:\Windows\System\WZoIwZj.exe
  C:\Windows\System\WZoIwZj.exe
  2⤵
  PID:6632
- C:\Windows\System\ZKLxiPD.exe
  C:\Windows\System\ZKLxiPD.exe
  2⤵
  PID:6648
- C:\Windows\System\GWiXQJY.exe
  C:\Windows\System\GWiXQJY.exe
  2⤵
  PID:6664
- C:\Windows\System\oxdfMzQ.exe
  C:\Windows\System\oxdfMzQ.exe
  2⤵
  PID:6680
- C:\Windows\System\SODtTCG.exe
  C:\Windows\System\SODtTCG.exe
  2⤵
  PID:6696
- C:\Windows\System\kgvNbII.exe
  C:\Windows\System\kgvNbII.exe
  2⤵
  PID:6712
- C:\Windows\System\cLTNTqE.exe
  C:\Windows\System\cLTNTqE.exe
  2⤵
  PID:6728
- C:\Windows\System\AjqFuhc.exe
  C:\Windows\System\AjqFuhc.exe
  2⤵
  PID:6744
- C:\Windows\System\hocGnmK.exe
  C:\Windows\System\hocGnmK.exe
  2⤵
  PID:6760
- C:\Windows\System\WKQjxnc.exe
  C:\Windows\System\WKQjxnc.exe
  2⤵
  PID:6776
- C:\Windows\System\xVVlSyY.exe
  C:\Windows\System\xVVlSyY.exe
  2⤵
  PID:6796
- C:\Windows\System\nVzEMkR.exe
  C:\Windows\System\nVzEMkR.exe
  2⤵
  PID:6812
- C:\Windows\System\rSvnSxS.exe
  C:\Windows\System\rSvnSxS.exe
  2⤵
  PID:6828
- C:\Windows\System\LEtVIwG.exe
  C:\Windows\System\LEtVIwG.exe
  2⤵
  PID:6872
- C:\Windows\System\nLyJPOU.exe
  C:\Windows\System\nLyJPOU.exe
  2⤵
  PID:6888
- C:\Windows\System\poBPKCU.exe
  C:\Windows\System\poBPKCU.exe
  2⤵
  PID:6904
- C:\Windows\System\CvnhDmu.exe
  C:\Windows\System\CvnhDmu.exe
  2⤵
  PID:6920
- C:\Windows\System\kPgPzUc.exe
  C:\Windows\System\kPgPzUc.exe
  2⤵
  PID:6936
- C:\Windows\System\fjzbJgP.exe
  C:\Windows\System\fjzbJgP.exe
  2⤵
  PID:6952
- C:\Windows\System\nKpkXbL.exe
  C:\Windows\System\nKpkXbL.exe
  2⤵
  PID:6968
- C:\Windows\System\rAtgBnK.exe
  C:\Windows\System\rAtgBnK.exe
  2⤵
  PID:6984
- C:\Windows\System\mwTldJu.exe
  C:\Windows\System\mwTldJu.exe
  2⤵
  PID:7000
- C:\Windows\System\mqHxToE.exe
  C:\Windows\System\mqHxToE.exe
  2⤵
  PID:7016
- C:\Windows\System\IeXvGKH.exe
  C:\Windows\System\IeXvGKH.exe
  2⤵
  PID:7032
- C:\Windows\System\fvxQdqo.exe
  C:\Windows\System\fvxQdqo.exe
  2⤵
  PID:7048
- C:\Windows\System\KekPePe.exe
  C:\Windows\System\KekPePe.exe
  2⤵
  PID:7072
- C:\Windows\System\Twacfgy.exe
  C:\Windows\System\Twacfgy.exe
  2⤵
  PID:7088
- C:\Windows\System\oYPMiPf.exe
  C:\Windows\System\oYPMiPf.exe
  2⤵
  PID:7104
- C:\Windows\System\krloaiG.exe
  C:\Windows\System\krloaiG.exe
  2⤵
  PID:7120
- C:\Windows\System\MHNTdFP.exe
  C:\Windows\System\MHNTdFP.exe
  2⤵
  PID:7140
- C:\Windows\System\iWZAFse.exe
  C:\Windows\System\iWZAFse.exe
  2⤵
  PID:7156
- C:\Windows\System\DNYBjra.exe
  C:\Windows\System\DNYBjra.exe
  2⤵
  PID:1652
- C:\Windows\System\IijZSJp.exe
  C:\Windows\System\IijZSJp.exe
  2⤵
  PID:5788
- C:\Windows\System\XKBzTZI.exe
  C:\Windows\System\XKBzTZI.exe
  2⤵
  PID:1604
- C:\Windows\System\LmOuuJa.exe
  C:\Windows\System\LmOuuJa.exe
  2⤵
  PID:6168
- C:\Windows\System\pbVQwhv.exe
  C:\Windows\System\pbVQwhv.exe
  2⤵
  PID:6200
- C:\Windows\System\aFLweBD.exe
  C:\Windows\System\aFLweBD.exe
  2⤵
  PID:1744
- C:\Windows\System\brMsHER.exe
  C:\Windows\System\brMsHER.exe
  2⤵
  PID:6232
- C:\Windows\System\ZmuSvDj.exe
  C:\Windows\System\ZmuSvDj.exe
  2⤵
  PID:6268
- C:\Windows\System\MoLwFvD.exe
  C:\Windows\System\MoLwFvD.exe
  2⤵
  PID:6300
- C:\Windows\System\MTTAJmx.exe
  C:\Windows\System\MTTAJmx.exe
  2⤵
  PID:6332
- C:\Windows\System\CGWIDzK.exe
  C:\Windows\System\CGWIDzK.exe
  2⤵
  PID:6420
- C:\Windows\System\JWoNhfK.exe
  C:\Windows\System\JWoNhfK.exe
  2⤵
  PID:6456
- C:\Windows\System\XCHWHru.exe
  C:\Windows\System\XCHWHru.exe
  2⤵
  PID:6440
- C:\Windows\System\OyQWbNs.exe
  C:\Windows\System\OyQWbNs.exe
  2⤵
  PID:6552
- C:\Windows\System\GfJTaZl.exe
  C:\Windows\System\GfJTaZl.exe
  2⤵
  PID:6752
- C:\Windows\System\hBokUpb.exe
  C:\Windows\System\hBokUpb.exe
  2⤵
  PID:6788
- C:\Windows\System\sgPWeDG.exe
  C:\Windows\System\sgPWeDG.exe
  2⤵
  PID:6824
- C:\Windows\System\qIeXfHe.exe
  C:\Windows\System\qIeXfHe.exe
  2⤵
  PID:6864
- C:\Windows\System\DeJjZee.exe
  C:\Windows\System\DeJjZee.exe
  2⤵
  PID:6916
- C:\Windows\System\XuuAbfI.exe
  C:\Windows\System\XuuAbfI.exe
  2⤵
  PID:6976
- C:\Windows\System\dubwdzg.exe
  C:\Windows\System\dubwdzg.exe
  2⤵
  PID:6932
- C:\Windows\System\jThuBCe.exe
  C:\Windows\System\jThuBCe.exe
  2⤵
  PID:6996
- C:\Windows\System\zYbYsPE.exe
  C:\Windows\System\zYbYsPE.exe
  2⤵
  PID:6348
- C:\Windows\System\qzQDMsT.exe
  C:\Windows\System\qzQDMsT.exe
  2⤵
  PID:7044
- C:\Windows\System\zceTIQw.exe
  C:\Windows\System\zceTIQw.exe
  2⤵
  PID:7116
- C:\Windows\System\NGCJfWI.exe
  C:\Windows\System\NGCJfWI.exe
  2⤵
  PID:5804
- C:\Windows\System\bZxXkWz.exe
  C:\Windows\System\bZxXkWz.exe
  2⤵
  PID:6252
- C:\Windows\System\nXOWwEL.exe
  C:\Windows\System\nXOWwEL.exe
  2⤵
  PID:7060
- C:\Windows\System\aBegjob.exe
  C:\Windows\System\aBegjob.exe
  2⤵
  PID:7128
- C:\Windows\System\PWrQEkL.exe
  C:\Windows\System\PWrQEkL.exe
  2⤵
  PID:236
- C:\Windows\System\oIvnzEn.exe
  C:\Windows\System\oIvnzEn.exe
  2⤵
  PID:6184
- C:\Windows\System\vUAUqDx.exe
  C:\Windows\System\vUAUqDx.exe
  2⤵
  PID:6296
- C:\Windows\System\fWCdhNd.exe
  C:\Windows\System\fWCdhNd.exe
  2⤵
  PID:6228
- C:\Windows\System\XoqSKHZ.exe
  C:\Windows\System\XoqSKHZ.exe
  2⤵
  PID:1600
- C:\Windows\System\JQjHpMH.exe
  C:\Windows\System\JQjHpMH.exe
  2⤵
  PID:6356
- C:\Windows\System\NLKAYfE.exe
  C:\Windows\System\NLKAYfE.exe
  2⤵
  PID:6404
- C:\Windows\System\lBvFFQT.exe
  C:\Windows\System\lBvFFQT.exe
  2⤵
  PID:6500
- C:\Windows\System\kBlntpk.exe
  C:\Windows\System\kBlntpk.exe
  2⤵
  PID:6532
- C:\Windows\System\aSNOdNx.exe
  C:\Windows\System\aSNOdNx.exe
  2⤵
  PID:6584
- C:\Windows\System\ogEfARq.exe
  C:\Windows\System\ogEfARq.exe
  2⤵
  PID:348
- C:\Windows\System\GzGOofy.exe
  C:\Windows\System\GzGOofy.exe
  2⤵
  PID:6628
- C:\Windows\System\KHzYxgw.exe
  C:\Windows\System\KHzYxgw.exe
  2⤵
  PID:6640
- C:\Windows\System\gjOAfAh.exe
  C:\Windows\System\gjOAfAh.exe
  2⤵
  PID:6688
- C:\Windows\System\YmPIPYG.exe
  C:\Windows\System\YmPIPYG.exe
  2⤵
  PID:6736
- C:\Windows\System\jVLlBlS.exe
  C:\Windows\System\jVLlBlS.exe
  2⤵
  PID:6804
- C:\Windows\System\vQsZjMC.exe
  C:\Windows\System\vQsZjMC.exe
  2⤵
  PID:6844
- C:\Windows\System\IGwwmxC.exe
  C:\Windows\System\IGwwmxC.exe
  2⤵
  PID:6724
- C:\Windows\System\zlLFgHN.exe
  C:\Windows\System\zlLFgHN.exe
  2⤵
  PID:6820
- C:\Windows\System\eeHocHn.exe
  C:\Windows\System\eeHocHn.exe
  2⤵
  PID:6964
- C:\Windows\System\nxGUbXz.exe
  C:\Windows\System\nxGUbXz.exe
  2⤵
  PID:6900
- C:\Windows\System\PtjBbXV.exe
  C:\Windows\System\PtjBbXV.exe
  2⤵
  PID:7028
- C:\Windows\System\uQEDzGf.exe
  C:\Windows\System\uQEDzGf.exe
  2⤵
  PID:5724
- C:\Windows\System\jviiyll.exe
  C:\Windows\System\jviiyll.exe
  2⤵
  PID:6284
- C:\Windows\System\rBZvfgP.exe
  C:\Windows\System\rBZvfgP.exe
  2⤵
  PID:7112
- C:\Windows\System\WywIIic.exe
  C:\Windows\System\WywIIic.exe
  2⤵
  PID:6376
- C:\Windows\System\HRJBbix.exe
  C:\Windows\System\HRJBbix.exe
  2⤵
  PID:7100
- C:\Windows\System\SVKSZvb.exe
  C:\Windows\System\SVKSZvb.exe
  2⤵
  PID:6488
- C:\Windows\System\BBuJbIh.exe
  C:\Windows\System\BBuJbIh.exe
  2⤵
  PID:6596
- C:\Windows\System\RqbaoEr.exe
  C:\Windows\System\RqbaoEr.exe
  2⤵
  PID:6152
- C:\Windows\System\dzUIiWC.exe
  C:\Windows\System\dzUIiWC.exe
  2⤵
  PID:6836
- C:\Windows\System\EGYPNIg.exe
  C:\Windows\System\EGYPNIg.exe
  2⤵
  PID:6504
- C:\Windows\System\LoeQsPQ.exe
  C:\Windows\System\LoeQsPQ.exe
  2⤵
  PID:6656
- C:\Windows\System\yHqeEEQ.exe
  C:\Windows\System\yHqeEEQ.exe
  2⤵
  PID:6884
- C:\Windows\System\ymSwcmp.exe
  C:\Windows\System\ymSwcmp.exe
  2⤵
  PID:6768
- C:\Windows\System\hbCpzIA.exe
  C:\Windows\System\hbCpzIA.exe
  2⤵
  PID:7096
- C:\Windows\System\McZAvyv.exe
  C:\Windows\System\McZAvyv.exe
  2⤵
  PID:6708
- C:\Windows\System\bjFHiao.exe
  C:\Windows\System\bjFHiao.exe
  2⤵
  PID:5672
- C:\Windows\System\QBoDFCa.exe
  C:\Windows\System\QBoDFCa.exe
  2⤵
  PID:7040
- C:\Windows\System\XLMtbzc.exe
  C:\Windows\System\XLMtbzc.exe
  2⤵
  PID:7152
- C:\Windows\System\GyTSLDs.exe
  C:\Windows\System\GyTSLDs.exe
  2⤵
  PID:2136
- C:\Windows\System\xlyXeur.exe
  C:\Windows\System\xlyXeur.exe
  2⤵
  PID:6472
- C:\Windows\System\MiHKcWl.exe
  C:\Windows\System\MiHKcWl.exe
  2⤵
  PID:6248
- C:\Windows\System\WkEkPmX.exe
  C:\Windows\System\WkEkPmX.exe
  2⤵
  PID:7056
- C:\Windows\System\meHZdKZ.exe
  C:\Windows\System\meHZdKZ.exe
  2⤵
  PID:7180
- C:\Windows\System\BIVMLGN.exe
  C:\Windows\System\BIVMLGN.exe
  2⤵
  PID:7196
- C:\Windows\System\syrNUqN.exe
  C:\Windows\System\syrNUqN.exe
  2⤵
  PID:7212
- C:\Windows\System\SZTJckI.exe
  C:\Windows\System\SZTJckI.exe
  2⤵
  PID:7228
- C:\Windows\System\GcuupIi.exe
  C:\Windows\System\GcuupIi.exe
  2⤵
  PID:7244
- C:\Windows\System\IDWiXBN.exe
  C:\Windows\System\IDWiXBN.exe
  2⤵
  PID:7260
- C:\Windows\System\NULDkYj.exe
  C:\Windows\System\NULDkYj.exe
  2⤵
  PID:7276
- C:\Windows\System\XULnHKB.exe
  C:\Windows\System\XULnHKB.exe
  2⤵
  PID:7292
- C:\Windows\System\GxwQPXQ.exe
  C:\Windows\System\GxwQPXQ.exe
  2⤵
  PID:7308
- C:\Windows\System\VnPahUM.exe
  C:\Windows\System\VnPahUM.exe
  2⤵
  PID:7324
- C:\Windows\System\IBxlkBn.exe
  C:\Windows\System\IBxlkBn.exe
  2⤵
  PID:7340
- C:\Windows\System\qwmNGPU.exe
  C:\Windows\System\qwmNGPU.exe
  2⤵
  PID:7356
- C:\Windows\System\BiTtvuf.exe
  C:\Windows\System\BiTtvuf.exe
  2⤵
  PID:7372
- C:\Windows\System\flYiQMU.exe
  C:\Windows\System\flYiQMU.exe
  2⤵
  PID:7388
- C:\Windows\System\mZtMYSh.exe
  C:\Windows\System\mZtMYSh.exe
  2⤵
  PID:7404
- C:\Windows\System\snPhgKt.exe
  C:\Windows\System\snPhgKt.exe
  2⤵
  PID:7420
- C:\Windows\System\Yhsowac.exe
  C:\Windows\System\Yhsowac.exe
  2⤵
  PID:7436
- C:\Windows\System\kaWqcVr.exe
  C:\Windows\System\kaWqcVr.exe
  2⤵
  PID:7452
- C:\Windows\System\JewskKB.exe
  C:\Windows\System\JewskKB.exe
  2⤵
  PID:7468
- C:\Windows\System\NSToLvI.exe
  C:\Windows\System\NSToLvI.exe
  2⤵
  PID:7484
- C:\Windows\System\CnYHrHH.exe
  C:\Windows\System\CnYHrHH.exe
  2⤵
  PID:7500
- C:\Windows\System\ACGigGA.exe
  C:\Windows\System\ACGigGA.exe
  2⤵
  PID:7516
- C:\Windows\System\jYqEkbL.exe
  C:\Windows\System\jYqEkbL.exe
  2⤵
  PID:7532
- C:\Windows\System\XiPVRgO.exe
  C:\Windows\System\XiPVRgO.exe
  2⤵
  PID:7548
- C:\Windows\System\xhUnzAc.exe
  C:\Windows\System\xhUnzAc.exe
  2⤵
  PID:7564
- C:\Windows\System\UPSTMKQ.exe
  C:\Windows\System\UPSTMKQ.exe
  2⤵
  PID:7580
- C:\Windows\System\sHkuNLA.exe
  C:\Windows\System\sHkuNLA.exe
  2⤵
  PID:7596
- C:\Windows\System\AyYcGQD.exe
  C:\Windows\System\AyYcGQD.exe
  2⤵
  PID:7612
- C:\Windows\System\iQLdxiE.exe
  C:\Windows\System\iQLdxiE.exe
  2⤵
  PID:7628
- C:\Windows\System\fAsrNcQ.exe
  C:\Windows\System\fAsrNcQ.exe
  2⤵
  PID:7644
- C:\Windows\System\KzIYkwx.exe
  C:\Windows\System\KzIYkwx.exe
  2⤵
  PID:7660
- C:\Windows\System\krsLzHs.exe
  C:\Windows\System\krsLzHs.exe
  2⤵
  PID:7676
- C:\Windows\System\NohswWq.exe
  C:\Windows\System\NohswWq.exe
  2⤵
  PID:7692
- C:\Windows\System\UebfFxf.exe
  C:\Windows\System\UebfFxf.exe
  2⤵
  PID:7712
- C:\Windows\System\PSfGfMT.exe
  C:\Windows\System\PSfGfMT.exe
  2⤵
  PID:7732
- C:\Windows\System\ATPtpqM.exe
  C:\Windows\System\ATPtpqM.exe
  2⤵
  PID:7752
- C:\Windows\System\XFOwvgG.exe
  C:\Windows\System\XFOwvgG.exe
  2⤵
  PID:7776
- C:\Windows\System\cfQjlwa.exe
  C:\Windows\System\cfQjlwa.exe
  2⤵
  PID:7796
- C:\Windows\System\hVXTyAb.exe
  C:\Windows\System\hVXTyAb.exe
  2⤵
  PID:7816
- C:\Windows\System\YEWVoRd.exe
  C:\Windows\System\YEWVoRd.exe
  2⤵
  PID:7832
- C:\Windows\System\bYsXTLt.exe
  C:\Windows\System\bYsXTLt.exe
  2⤵
  PID:7856
- C:\Windows\System\owdVnZX.exe
  C:\Windows\System\owdVnZX.exe
  2⤵
  PID:7872
- C:\Windows\System\MVZkLrp.exe
  C:\Windows\System\MVZkLrp.exe
  2⤵
  PID:7888
- C:\Windows\System\qyrKFbv.exe
  C:\Windows\System\qyrKFbv.exe
  2⤵
  PID:7916
- C:\Windows\System\bmhKQUh.exe
  C:\Windows\System\bmhKQUh.exe
  2⤵
  PID:7992
- C:\Windows\System\XKmYpFh.exe
  C:\Windows\System\XKmYpFh.exe
  2⤵
  PID:8012
- C:\Windows\System\ReCALkP.exe
  C:\Windows\System\ReCALkP.exe
  2⤵
  PID:8028
- C:\Windows\System\vAHuuGG.exe
  C:\Windows\System\vAHuuGG.exe
  2⤵
  PID:8052
- C:\Windows\System\iJVTets.exe
  C:\Windows\System\iJVTets.exe
  2⤵
  PID:8068
- C:\Windows\System\vsGMClZ.exe
  C:\Windows\System\vsGMClZ.exe
  2⤵
  PID:8084
- C:\Windows\System\rSzlrwZ.exe
  C:\Windows\System\rSzlrwZ.exe
  2⤵
  PID:8100
- C:\Windows\System\DOEolfN.exe
  C:\Windows\System\DOEolfN.exe
  2⤵
  PID:8116
- C:\Windows\System\OZPVNrt.exe
  C:\Windows\System\OZPVNrt.exe
  2⤵
  PID:8132
- C:\Windows\System\oOQWQOQ.exe
  C:\Windows\System\oOQWQOQ.exe
  2⤵
  PID:8148
- C:\Windows\System\TvuvkBe.exe
  C:\Windows\System\TvuvkBe.exe
  2⤵
  PID:8164
- C:\Windows\System\ydFyueJ.exe
  C:\Windows\System\ydFyueJ.exe
  2⤵
  PID:8180
- C:\Windows\System\mPOWdIH.exe
  C:\Windows\System\mPOWdIH.exe
  2⤵
  PID:7172
- C:\Windows\System\wRscFXa.exe
  C:\Windows\System\wRscFXa.exe
  2⤵
  PID:6852
- C:\Windows\System\tToleRR.exe
  C:\Windows\System\tToleRR.exe
  2⤵
  PID:6624
- C:\Windows\System\jtGUqRP.exe
  C:\Windows\System\jtGUqRP.exe
  2⤵
  PID:6944
- C:\Windows\System\zPUxCvo.exe
  C:\Windows\System\zPUxCvo.exe
  2⤵
  PID:7220
- C:\Windows\System\SnaDfes.exe
  C:\Windows\System\SnaDfes.exe
  2⤵
  PID:7188
- C:\Windows\System\qvzExBF.exe
  C:\Windows\System\qvzExBF.exe
  2⤵
  PID:7272
- C:\Windows\System\AUmYAyC.exe
  C:\Windows\System\AUmYAyC.exe
  2⤵
  PID:7336
- C:\Windows\System\SkLJuBa.exe
  C:\Windows\System\SkLJuBa.exe
  2⤵
  PID:7400
- C:\Windows\System\SvEDTVy.exe
  C:\Windows\System\SvEDTVy.exe
  2⤵
  PID:7524
- C:\Windows\System\XObeMmY.exe
  C:\Windows\System\XObeMmY.exe
  2⤵
  PID:2824
- C:\Windows\System\SlyWUZO.exe
  C:\Windows\System\SlyWUZO.exe
  2⤵
  PID:7464
- C:\Windows\System\OhxrZxL.exe
  C:\Windows\System\OhxrZxL.exe
  2⤵
  PID:7652
- C:\Windows\System\fmdpaTQ.exe
  C:\Windows\System\fmdpaTQ.exe
  2⤵
  PID:7720
- C:\Windows\System\kRsAnub.exe
  C:\Windows\System\kRsAnub.exe
  2⤵
  PID:7764
- C:\Windows\System\jLVdmXO.exe
  C:\Windows\System\jLVdmXO.exe
  2⤵
  PID:7808
- C:\Windows\System\ZiqUAwK.exe
  C:\Windows\System\ZiqUAwK.exe
  2⤵
  PID:7848
- C:\Windows\System\FNxLFOz.exe
  C:\Windows\System\FNxLFOz.exe
  2⤵
  PID:7224
- C:\Windows\System\NgFiAgh.exe
  C:\Windows\System\NgFiAgh.exe
  2⤵
  PID:7316
- C:\Windows\System\yfFVfXV.exe
  C:\Windows\System\yfFVfXV.exe
  2⤵
  PID:7352
- C:\Windows\System\sleVLNE.exe
  C:\Windows\System\sleVLNE.exe
  2⤵
  PID:7416
- C:\Windows\System\UifcnIe.exe
  C:\Windows\System\UifcnIe.exe
  2⤵
  PID:7448
- C:\Windows\System\wNKYkHg.exe
  C:\Windows\System\wNKYkHg.exe
  2⤵
  PID:7512
- C:\Windows\System\aFoHqey.exe
  C:\Windows\System\aFoHqey.exe
  2⤵
  PID:7576
- C:\Windows\System\yOFGFRB.exe
  C:\Windows\System\yOFGFRB.exe
  2⤵
  PID:7640
- C:\Windows\System\mtDIIHz.exe
  C:\Windows\System\mtDIIHz.exe
  2⤵
  PID:7700
- C:\Windows\System\HlAXadp.exe
  C:\Windows\System\HlAXadp.exe
  2⤵
  PID:7744
- C:\Windows\System\uVDDnXq.exe
  C:\Windows\System\uVDDnXq.exe
  2⤵
  PID:7824
- C:\Windows\System\NHWONHy.exe
  C:\Windows\System\NHWONHy.exe
  2⤵
  PID:7908
- C:\Windows\System\BnznXLc.exe
  C:\Windows\System\BnznXLc.exe
  2⤵
  PID:992
- C:\Windows\System\KqYqtPC.exe
  C:\Windows\System\KqYqtPC.exe
  2⤵
  PID:7944
- C:\Windows\System\jBFKCqj.exe
  C:\Windows\System\jBFKCqj.exe
  2⤵
  PID:7924
- C:\Windows\System\vHFSIlE.exe
  C:\Windows\System\vHFSIlE.exe
  2⤵
  PID:7968
- C:\Windows\System\lMRWXeG.exe
  C:\Windows\System\lMRWXeG.exe
  2⤵
  PID:7988
- C:\Windows\System\rkyhVZP.exe
  C:\Windows\System\rkyhVZP.exe
  2⤵
  PID:8024
- C:\Windows\System\NNgfvAU.exe
  C:\Windows\System\NNgfvAU.exe
  2⤵
  PID:8124
- C:\Windows\System\oTacLRv.exe
  C:\Windows\System\oTacLRv.exe
  2⤵
  PID:8004
- C:\Windows\System\VaESzdW.exe
  C:\Windows\System\VaESzdW.exe
  2⤵
  PID:8044
- C:\Windows\System\LbDnlum.exe
  C:\Windows\System\LbDnlum.exe
  2⤵
  PID:8108
- C:\Windows\System\DiSlZgA.exe
  C:\Windows\System\DiSlZgA.exe
  2⤵
  PID:8144
- C:\Windows\System\CyGjTkB.exe
  C:\Windows\System\CyGjTkB.exe
  2⤵
  PID:7204
- C:\Windows\System\CGLWniK.exe
  C:\Windows\System\CGLWniK.exe
  2⤵
  PID:7012
- C:\Windows\System\rFImIhM.exe
  C:\Windows\System\rFImIhM.exe
  2⤵
  PID:6704
- C:\Windows\System\AqRAOmX.exe
  C:\Windows\System\AqRAOmX.exe
  2⤵
  PID:2348
- C:\Windows\System\LjKbMVM.exe
  C:\Windows\System\LjKbMVM.exe
  2⤵
  PID:7556
- C:\Windows\System\goFGfpA.exe
  C:\Windows\System\goFGfpA.exe
  2⤵
  PID:7252
- C:\Windows\System\FHmfIIz.exe
  C:\Windows\System\FHmfIIz.exe
  2⤵
  PID:7728
- C:\Windows\System\ZFCjCVC.exe
  C:\Windows\System\ZFCjCVC.exe
  2⤵
  PID:7492
- C:\Windows\System\gESscnQ.exe
  C:\Windows\System\gESscnQ.exe
  2⤵
  PID:7656
- C:\Windows\System\DluofKz.exe
  C:\Windows\System\DluofKz.exe
  2⤵
  PID:7284
- C:\Windows\System\gRgKyZu.exe
  C:\Windows\System\gRgKyZu.exe
  2⤵
  PID:7348
- C:\Windows\System\HCfyEtf.exe
  C:\Windows\System\HCfyEtf.exe
  2⤵
  PID:2944
- C:\Windows\System\LfbWbZR.exe
  C:\Windows\System\LfbWbZR.exe
  2⤵
  PID:7604
- C:\Windows\System\jHSkZdJ.exe
  C:\Windows\System\jHSkZdJ.exe
  2⤵
  PID:2840
- C:\Windows\System\rtGhHxj.exe
  C:\Windows\System\rtGhHxj.exe
  2⤵
  PID:7708
- C:\Windows\System\QmBipzB.exe
  C:\Windows\System\QmBipzB.exe
  2⤵
  PID:7936
- C:\Windows\System\cjYBNXI.exe
  C:\Windows\System\cjYBNXI.exe
  2⤵
  PID:7784
- C:\Windows\System\uYcZchx.exe
  C:\Windows\System\uYcZchx.exe
  2⤵
  PID:2040
- C:\Windows\System\BVPHWhr.exe
  C:\Windows\System\BVPHWhr.exe
  2⤵
  PID:6660
- C:\Windows\System\zkbZILz.exe
  C:\Windows\System\zkbZILz.exe
  2⤵
  PID:2064
- C:\Windows\System\lVuDIgt.exe
  C:\Windows\System\lVuDIgt.exe
  2⤵
  PID:8060
- C:\Windows\System\TtDnKhT.exe
  C:\Windows\System\TtDnKhT.exe
  2⤵
  PID:8000
- C:\Windows\System\jKMkITH.exe
  C:\Windows\System\jKMkITH.exe
  2⤵
  PID:2836
- C:\Windows\System\cOujvaZ.exe
  C:\Windows\System\cOujvaZ.exe
  2⤵
  PID:8140
- C:\Windows\System\uUDzSNP.exe
  C:\Windows\System\uUDzSNP.exe
  2⤵
  PID:7268
- C:\Windows\System\IQSZkEp.exe
  C:\Windows\System\IQSZkEp.exe
  2⤵
  PID:7460
- C:\Windows\System\GJNcVKs.exe
  C:\Windows\System\GJNcVKs.exe
  2⤵
  PID:6948
- C:\Windows\System\NNkmZnf.exe
  C:\Windows\System\NNkmZnf.exe
  2⤵
  PID:7560
- C:\Windows\System\TQCwUJL.exe
  C:\Windows\System\TQCwUJL.exe
  2⤵
  PID:7288
- C:\Windows\System\IgOjiII.exe
  C:\Windows\System\IgOjiII.exe
  2⤵
  PID:7668
- C:\Windows\System\hySBKPO.exe
  C:\Windows\System\hySBKPO.exe
  2⤵
  PID:7976
- C:\Windows\System\DzZgvwA.exe
  C:\Windows\System\DzZgvwA.exe
  2⤵
  PID:8096
- C:\Windows\System\snhfHts.exe
  C:\Windows\System\snhfHts.exe
  2⤵
  PID:7844
- C:\Windows\System\lMhErfv.exe
  C:\Windows\System\lMhErfv.exe
  2⤵
  PID:7840
- C:\Windows\System\KBxcfcq.exe
  C:\Windows\System\KBxcfcq.exe
  2⤵
  PID:2948
- C:\Windows\System\hMsmFFa.exe
  C:\Windows\System\hMsmFFa.exe
  2⤵
  PID:2580
- C:\Windows\System\CyBlXYL.exe
  C:\Windows\System\CyBlXYL.exe
  2⤵
  PID:7192
- C:\Windows\System\NNoRrKi.exe
  C:\Windows\System\NNoRrKi.exe
  2⤵
  PID:7804
- C:\Windows\System\BbIQDgR.exe
  C:\Windows\System\BbIQDgR.exe
  2⤵
  PID:7444
- C:\Windows\System\XnbPUOL.exe
  C:\Windows\System\XnbPUOL.exe
  2⤵
  PID:7912
- C:\Windows\System\pKzqczi.exe
  C:\Windows\System\pKzqczi.exe
  2⤵
  PID:8156
- C:\Windows\System\LdmburD.exe
  C:\Windows\System\LdmburD.exe
  2⤵
  PID:7508
- C:\Windows\System\yquMBdm.exe
  C:\Windows\System\yquMBdm.exe
  2⤵
  PID:2792
- C:\Windows\System\swWAoeX.exe
  C:\Windows\System\swWAoeX.exe
  2⤵
  PID:448
- C:\Windows\System\uHvychD.exe
  C:\Windows\System\uHvychD.exe
  2⤵
  PID:3000
- C:\Windows\System\VGryDVs.exe
  C:\Windows\System\VGryDVs.exe
  2⤵
  PID:2900
- C:\Windows\System\EaxGYAc.exe
  C:\Windows\System\EaxGYAc.exe
  2⤵
  PID:7788
- C:\Windows\System\frTtbEm.exe
  C:\Windows\System\frTtbEm.exe
  2⤵
  PID:2196
- C:\Windows\System\RgSPJoT.exe
  C:\Windows\System\RgSPJoT.exe
  2⤵
  PID:7980
- C:\Windows\System\vVqgUKF.exe
  C:\Windows\System\vVqgUKF.exe
  2⤵
  PID:7868
- C:\Windows\System\tvsTezN.exe
  C:\Windows\System\tvsTezN.exe
  2⤵
  PID:5096
- C:\Windows\System\tWStemB.exe
  C:\Windows\System\tWStemB.exe
  2⤵
  PID:7572
- C:\Windows\System\QjNSFNv.exe
  C:\Windows\System\QjNSFNv.exe
  2⤵
  PID:7236
- C:\Windows\System\VYVENxL.exe
  C:\Windows\System\VYVENxL.exe
  2⤵
  PID:8196
- C:\Windows\System\uOoKDPO.exe
  C:\Windows\System\uOoKDPO.exe
  2⤵
  PID:8212
- C:\Windows\System\CwsMulG.exe
  C:\Windows\System\CwsMulG.exe
  2⤵
  PID:8228
- C:\Windows\System\iPoIWWV.exe
  C:\Windows\System\iPoIWWV.exe
  2⤵
  PID:8244
- C:\Windows\System\nyCgbDh.exe
  C:\Windows\System\nyCgbDh.exe
  2⤵
  PID:8260
- C:\Windows\System\SkZoswR.exe
  C:\Windows\System\SkZoswR.exe
  2⤵
  PID:8276
- C:\Windows\System\wZLEEjH.exe
  C:\Windows\System\wZLEEjH.exe
  2⤵
  PID:8292
- C:\Windows\System\zxroIZW.exe
  C:\Windows\System\zxroIZW.exe
  2⤵
  PID:8308
- C:\Windows\System\PXxEjzM.exe
  C:\Windows\System\PXxEjzM.exe
  2⤵
  PID:8324
- C:\Windows\System\hwSpPAX.exe
  C:\Windows\System\hwSpPAX.exe
  2⤵
  PID:8340
- C:\Windows\System\xBeUFbQ.exe
  C:\Windows\System\xBeUFbQ.exe
  2⤵
  PID:8356
- C:\Windows\System\yWiJOFe.exe
  C:\Windows\System\yWiJOFe.exe
  2⤵
  PID:8372
- C:\Windows\System\LHamJyO.exe
  C:\Windows\System\LHamJyO.exe
  2⤵
  PID:8388
- C:\Windows\System\SMWKkPj.exe
  C:\Windows\System\SMWKkPj.exe
  2⤵
  PID:8404
- C:\Windows\System\WzDVzef.exe
  C:\Windows\System\WzDVzef.exe
  2⤵
  PID:8420
- C:\Windows\System\nYuTPZW.exe
  C:\Windows\System\nYuTPZW.exe
  2⤵
  PID:8436
- C:\Windows\System\tVzqDzu.exe
  C:\Windows\System\tVzqDzu.exe
  2⤵
  PID:8452
- C:\Windows\System\DmMymbP.exe
  C:\Windows\System\DmMymbP.exe
  2⤵
  PID:8468
- C:\Windows\System\vTcinqW.exe
  C:\Windows\System\vTcinqW.exe
  2⤵
  PID:8484
- C:\Windows\System\Ivfjwrh.exe
  C:\Windows\System\Ivfjwrh.exe
  2⤵
  PID:8500
- C:\Windows\System\kMbdIcz.exe
  C:\Windows\System\kMbdIcz.exe
  2⤵
  PID:8516
- C:\Windows\System\btzoKwD.exe
  C:\Windows\System\btzoKwD.exe
  2⤵
  PID:8532
- C:\Windows\System\ZYSDfOP.exe
  C:\Windows\System\ZYSDfOP.exe
  2⤵
  PID:8548
- C:\Windows\System\EDuXUkE.exe
  C:\Windows\System\EDuXUkE.exe
  2⤵
  PID:8564
- C:\Windows\System\greJCXY.exe
  C:\Windows\System\greJCXY.exe
  2⤵
  PID:8580
- C:\Windows\System\CpxxriU.exe
  C:\Windows\System\CpxxriU.exe
  2⤵
  PID:8596
- C:\Windows\System\SkUvnJe.exe
  C:\Windows\System\SkUvnJe.exe
  2⤵
  PID:8612
- C:\Windows\System\NeSdnLk.exe
  C:\Windows\System\NeSdnLk.exe
  2⤵
  PID:8628
- C:\Windows\System\cZdNWpZ.exe
  C:\Windows\System\cZdNWpZ.exe
  2⤵
  PID:8644
- C:\Windows\System\QXgxHfg.exe
  C:\Windows\System\QXgxHfg.exe
  2⤵
  PID:8660
- C:\Windows\System\dbaMwSf.exe
  C:\Windows\System\dbaMwSf.exe
  2⤵
  PID:8676
- C:\Windows\System\gRZBhDB.exe
  C:\Windows\System\gRZBhDB.exe
  2⤵
  PID:8692
- C:\Windows\System\FEYsvem.exe
  C:\Windows\System\FEYsvem.exe
  2⤵
  PID:8708
- C:\Windows\System\wOywkQy.exe
  C:\Windows\System\wOywkQy.exe
  2⤵
  PID:8724
- C:\Windows\System\WrfViMw.exe
  C:\Windows\System\WrfViMw.exe
  2⤵
  PID:8740
- C:\Windows\System\xLyWMVZ.exe
  C:\Windows\System\xLyWMVZ.exe
  2⤵
  PID:8756
- C:\Windows\System\yJnYYoY.exe
  C:\Windows\System\yJnYYoY.exe
  2⤵
  PID:8772
- C:\Windows\System\rDbUCsJ.exe
  C:\Windows\System\rDbUCsJ.exe
  2⤵
  PID:8788
- C:\Windows\System\ayRewok.exe
  C:\Windows\System\ayRewok.exe
  2⤵
  PID:8804
- C:\Windows\System\rwBYvYh.exe
  C:\Windows\System\rwBYvYh.exe
  2⤵
  PID:8820
- C:\Windows\System\OBUNrzb.exe
  C:\Windows\System\OBUNrzb.exe
  2⤵
  PID:8836
- C:\Windows\System\LWgoTJw.exe
  C:\Windows\System\LWgoTJw.exe
  2⤵
  PID:8852
- C:\Windows\System\KlKBIkt.exe
  C:\Windows\System\KlKBIkt.exe
  2⤵
  PID:8868
- C:\Windows\System\UXXsYvD.exe
  C:\Windows\System\UXXsYvD.exe
  2⤵
  PID:8884
- C:\Windows\System\jfmwjFy.exe
  C:\Windows\System\jfmwjFy.exe
  2⤵
  PID:8900
- C:\Windows\System\iIXWnPH.exe
  C:\Windows\System\iIXWnPH.exe
  2⤵
  PID:8916
- C:\Windows\System\CvdtahP.exe
  C:\Windows\System\CvdtahP.exe
  2⤵
  PID:8932
- C:\Windows\System\qDSLwkq.exe
  C:\Windows\System\qDSLwkq.exe
  2⤵
  PID:8948
- C:\Windows\System\EkxaGnA.exe
  C:\Windows\System\EkxaGnA.exe
  2⤵
  PID:8964
- C:\Windows\System\wPkSbyE.exe
  C:\Windows\System\wPkSbyE.exe
  2⤵
  PID:8980
- C:\Windows\System\vFXSbqj.exe
  C:\Windows\System\vFXSbqj.exe
  2⤵
  PID:8996
- C:\Windows\System\IHgHVXf.exe
  C:\Windows\System\IHgHVXf.exe
  2⤵
  PID:9012
- C:\Windows\System\XTuaGAM.exe
  C:\Windows\System\XTuaGAM.exe
  2⤵
  PID:9028
- C:\Windows\System\fAkjJjO.exe
  C:\Windows\System\fAkjJjO.exe
  2⤵
  PID:9044
- C:\Windows\System\ILatpZr.exe
  C:\Windows\System\ILatpZr.exe
  2⤵
  PID:9060
- C:\Windows\System\wVUvMea.exe
  C:\Windows\System\wVUvMea.exe
  2⤵
  PID:9076
- C:\Windows\System\iqEeWvh.exe
  C:\Windows\System\iqEeWvh.exe
  2⤵
  PID:9092
- C:\Windows\System\PFgIQhG.exe
  C:\Windows\System\PFgIQhG.exe
  2⤵
  PID:9108
- C:\Windows\System\RcmltHN.exe
  C:\Windows\System\RcmltHN.exe
  2⤵
  PID:9124
- C:\Windows\System\TUhnSnP.exe
  C:\Windows\System\TUhnSnP.exe
  2⤵
  PID:9140
- C:\Windows\System\SzxvsPQ.exe
  C:\Windows\System\SzxvsPQ.exe
  2⤵
  PID:9156
- C:\Windows\System\EJeUwmo.exe
  C:\Windows\System\EJeUwmo.exe
  2⤵
  PID:9176
- C:\Windows\System\zMcpehV.exe
  C:\Windows\System\zMcpehV.exe
  2⤵
  PID:9192
- C:\Windows\System\QTSXbtk.exe
  C:\Windows\System\QTSXbtk.exe
  2⤵
  PID:9208
- C:\Windows\System\CZYhdop.exe
  C:\Windows\System\CZYhdop.exe
  2⤵
  PID:376
- C:\Windows\System\BLbdxPr.exe
  C:\Windows\System\BLbdxPr.exe
  2⤵
  PID:8240
- C:\Windows\System\OXgGkhV.exe
  C:\Windows\System\OXgGkhV.exe
  2⤵
  PID:8304
- C:\Windows\System\vBHJkmb.exe
  C:\Windows\System\vBHJkmb.exe
  2⤵
  PID:8368
- C:\Windows\System\gGjwqna.exe
  C:\Windows\System\gGjwqna.exe
  2⤵
  PID:8428
- C:\Windows\System\JcyYMht.exe
  C:\Windows\System\JcyYMht.exe
  2⤵
  PID:8492
- C:\Windows\System\SnRwxOO.exe
  C:\Windows\System\SnRwxOO.exe
  2⤵
  PID:8220
- C:\Windows\System\tzVgyrb.exe
  C:\Windows\System\tzVgyrb.exe
  2⤵
  PID:8316
- C:\Windows\System\dXXYRrx.exe
  C:\Windows\System\dXXYRrx.exe
  2⤵
  PID:8224
- C:\Windows\System\eEjGICC.exe
  C:\Windows\System\eEjGICC.exe
  2⤵
  PID:1440
- C:\Windows\System\oIfIPIX.exe
  C:\Windows\System\oIfIPIX.exe
  2⤵
  PID:1868
- C:\Windows\System\rXZlptU.exe
  C:\Windows\System\rXZlptU.exe
  2⤵
  PID:8288
- C:\Windows\System\xnRuXpj.exe
  C:\Windows\System\xnRuXpj.exe
  2⤵
  PID:8444
- C:\Windows\System\ybdapEm.exe
  C:\Windows\System\ybdapEm.exe
  2⤵
  PID:8512
- C:\Windows\System\mBQZfed.exe
  C:\Windows\System\mBQZfed.exe
  2⤵
  PID:2132
- C:\Windows\System\PxAQNhj.exe
  C:\Windows\System\PxAQNhj.exe
  2⤵
  PID:8620
- C:\Windows\System\qGqDaHn.exe
  C:\Windows\System\qGqDaHn.exe
  2⤵
  PID:8656
- C:\Windows\System\PjlsUDw.exe
  C:\Windows\System\PjlsUDw.exe
  2⤵
  PID:8748
- C:\Windows\System\JXeVBFq.exe
  C:\Windows\System\JXeVBFq.exe
  2⤵
  PID:1764
- C:\Windows\System\aDeuNai.exe
  C:\Windows\System\aDeuNai.exe
  2⤵
  PID:8848
- C:\Windows\System\McqhgtB.exe
  C:\Windows\System\McqhgtB.exe
  2⤵
  PID:8908
- C:\Windows\System\mJQXBeH.exe
  C:\Windows\System\mJQXBeH.exe
  2⤵
  PID:2856
- C:\Windows\System\ukUMCXp.exe
  C:\Windows\System\ukUMCXp.exe
  2⤵
  PID:9008
- C:\Windows\System\APqBvga.exe
  C:\Windows\System\APqBvga.exe
  2⤵
  PID:9072
- C:\Windows\System\NeEzOqH.exe
  C:\Windows\System\NeEzOqH.exe
  2⤵
  PID:9136
- C:\Windows\System\PenXrSi.exe
  C:\Windows\System\PenXrSi.exe
  2⤵
  PID:9200
- C:\Windows\System\ARllCRD.exe
  C:\Windows\System\ARllCRD.exe
  2⤵
  PID:8336
- C:\Windows\System\wvDEGUu.exe
  C:\Windows\System\wvDEGUu.exe
  2⤵
  PID:8608
- C:\Windows\System\gcZLZZz.exe
  C:\Windows\System\gcZLZZz.exe
  2⤵
  PID:9056
- C:\Windows\System\ShGIOLx.exe
  C:\Windows\System\ShGIOLx.exe
  2⤵
  PID:8544
- C:\Windows\System\SIEdAIU.exe
  C:\Windows\System\SIEdAIU.exe
  2⤵
  PID:8688
- C:\Windows\System\XlKIwrr.exe
  C:\Windows\System\XlKIwrr.exe
  2⤵
  PID:1896
- C:\Windows\System\gKBWygv.exe
  C:\Windows\System\gKBWygv.exe
  2⤵
  PID:8816
- C:\Windows\System\gBnWwaW.exe
  C:\Windows\System\gBnWwaW.exe
  2⤵
  PID:8940
- C:\Windows\System\wESvbEi.exe
  C:\Windows\System\wESvbEi.exe
  2⤵
  PID:9132
- C:\Windows\System\BEpcCCY.exe
  C:\Windows\System\BEpcCCY.exe
  2⤵
  PID:7384
- C:\Windows\System\CwfdHsp.exe
  C:\Windows\System\CwfdHsp.exe
  2⤵
  PID:1840
- C:\Windows\System\FBGUdna.exe
  C:\Windows\System\FBGUdna.exe
  2⤵
  PID:8252
- C:\Windows\System\UNYtjVm.exe
  C:\Windows\System\UNYtjVm.exe
  2⤵
  PID:8924
- C:\Windows\System\goeRBUS.exe
  C:\Windows\System\goeRBUS.exe
  2⤵
  PID:8672
- C:\Windows\System\saTOCoZ.exe
  C:\Windows\System\saTOCoZ.exe
  2⤵
  PID:8736
- C:\Windows\System\bkdqVej.exe
  C:\Windows\System\bkdqVej.exe
  2⤵
  PID:8796
- C:\Windows\System\IUzPbSS.exe
  C:\Windows\System\IUzPbSS.exe
  2⤵
  PID:8860
- C:\Windows\System\auXPRyv.exe
  C:\Windows\System\auXPRyv.exe
  2⤵
  PID:8956
- C:\Windows\System\qTCfADK.exe
  C:\Windows\System\qTCfADK.exe
  2⤵
  PID:9020
- C:\Windows\System\NrqRiwP.exe
  C:\Windows\System\NrqRiwP.exe
  2⤵
  PID:8300
- C:\Windows\System\xluGzpl.exe
  C:\Windows\System\xluGzpl.exe
  2⤵
  PID:9088
- C:\Windows\System\iIoiyiQ.exe
  C:\Windows\System\iIoiyiQ.exe
  2⤵
  PID:9184
- C:\Windows\System\raLjzms.exe
  C:\Windows\System\raLjzms.exe
  2⤵
  PID:7952
- C:\Windows\System\KNncfDk.exe
  C:\Windows\System\KNncfDk.exe
  2⤵
  PID:8256
- C:\Windows\System\jscytQq.exe
  C:\Windows\System\jscytQq.exe
  2⤵
  PID:8352
- C:\Windows\System\FCDbSOh.exe
  C:\Windows\System\FCDbSOh.exe
  2⤵
  PID:8416
- C:\Windows\System\aqZLnxS.exe
  C:\Windows\System\aqZLnxS.exe
  2⤵
  PID:8576
- C:\Windows\System\EFwGfvt.exe
  C:\Windows\System\EFwGfvt.exe
  2⤵
  PID:8844
- C:\Windows\System\mTuNGwX.exe
  C:\Windows\System\mTuNGwX.exe
  2⤵
  PID:7984
- C:\Windows\System\rbzNjhU.exe
  C:\Windows\System\rbzNjhU.exe
  2⤵
  PID:9040
- C:\Windows\System\bxClbDt.exe
  C:\Windows\System\bxClbDt.exe
  2⤵
  PID:9172
- C:\Windows\System\vZGrhdw.exe
  C:\Windows\System\vZGrhdw.exe
  2⤵
  PID:8640
- C:\Windows\System\KODFiYo.exe
  C:\Windows\System\KODFiYo.exe
  2⤵
  PID:1232
- C:\Windows\System\zCfdXir.exe
  C:\Windows\System\zCfdXir.exe
  2⤵
  PID:1624
- C:\Windows\System\TjakQBI.exe
  C:\Windows\System\TjakQBI.exe
  2⤵
  PID:9116
- C:\Windows\System\baFdBSe.exe
  C:\Windows\System\baFdBSe.exe
  2⤵
  PID:2092
- C:\Windows\System\yIJsmPS.exe
  C:\Windows\System\yIJsmPS.exe
  2⤵
  PID:8448
- C:\Windows\System\LGjsvSR.exe
  C:\Windows\System\LGjsvSR.exe
  2⤵
  PID:8508
- C:\Windows\System\HxIjmBC.exe
  C:\Windows\System\HxIjmBC.exe
  2⤵
  PID:8652
- C:\Windows\System\mGyPwyN.exe
  C:\Windows\System\mGyPwyN.exe
  2⤵
  PID:8732
- C:\Windows\System\yuRxMPn.exe
  C:\Windows\System\yuRxMPn.exe
  2⤵
  PID:8384
- C:\Windows\System\jAqwOKb.exe
  C:\Windows\System\jAqwOKb.exe
  2⤵
  PID:8588
- C:\Windows\System\rTXjKGb.exe
  C:\Windows\System\rTXjKGb.exe
  2⤵
  PID:8828
- C:\Windows\System\RHUIKnC.exe
  C:\Windows\System\RHUIKnC.exe
  2⤵
  PID:8208
- C:\Windows\System\hPjuytP.exe
  C:\Windows\System\hPjuytP.exe
  2⤵
  PID:2976
- C:\Windows\System\AFUNfnM.exe
  C:\Windows\System\AFUNfnM.exe
  2⤵
  PID:8460
- C:\Windows\System\DAbohRo.exe
  C:\Windows\System\DAbohRo.exe
  2⤵
  PID:8412
- C:\Windows\System\NVYxVbR.exe
  C:\Windows\System\NVYxVbR.exe
  2⤵
  PID:9224
- C:\Windows\System\PCJknCx.exe
  C:\Windows\System\PCJknCx.exe
  2⤵
  PID:9240
- C:\Windows\System\GOfUslK.exe
  C:\Windows\System\GOfUslK.exe
  2⤵
  PID:9256
- C:\Windows\System\ioesxtK.exe
  C:\Windows\System\ioesxtK.exe
  2⤵
  PID:9272
- C:\Windows\System\pqVjJpo.exe
  C:\Windows\System\pqVjJpo.exe
  2⤵
  PID:9288
- C:\Windows\System\sNQPddn.exe
  C:\Windows\System\sNQPddn.exe
  2⤵
  PID:9304
- C:\Windows\System\YNfVZwv.exe
  C:\Windows\System\YNfVZwv.exe
  2⤵
  PID:9320
- C:\Windows\System\qSvoSdT.exe
  C:\Windows\System\qSvoSdT.exe
  2⤵
  PID:9336
- C:\Windows\System\JdmJieP.exe
  C:\Windows\System\JdmJieP.exe
  2⤵
  PID:9352
- C:\Windows\System\jkWhqSx.exe
  C:\Windows\System\jkWhqSx.exe
  2⤵
  PID:9368
- C:\Windows\System\KYNuSNZ.exe
  C:\Windows\System\KYNuSNZ.exe
  2⤵
  PID:9384
- C:\Windows\System\pKFYJhc.exe
  C:\Windows\System\pKFYJhc.exe
  2⤵
  PID:9468
- C:\Windows\System\iwiDqQO.exe
  C:\Windows\System\iwiDqQO.exe
  2⤵
  PID:9504
- C:\Windows\System\CpZLasQ.exe
  C:\Windows\System\CpZLasQ.exe
  2⤵
  PID:9580
- C:\Windows\System\xmjrQWU.exe
  C:\Windows\System\xmjrQWU.exe
  2⤵
  PID:9596
- C:\Windows\System\auPpofc.exe
  C:\Windows\System\auPpofc.exe
  2⤵
  PID:9620
- C:\Windows\System\uaxMcvZ.exe
  C:\Windows\System\uaxMcvZ.exe
  2⤵
  PID:9636
- C:\Windows\System\tSCfoDb.exe
  C:\Windows\System\tSCfoDb.exe
  2⤵
  PID:9664
- C:\Windows\System\ttbuqAh.exe
  C:\Windows\System\ttbuqAh.exe
  2⤵
  PID:9720
- C:\Windows\System\qIVLXYp.exe
  C:\Windows\System\qIVLXYp.exe
  2⤵
  PID:9736
- C:\Windows\System\BaavLQI.exe
  C:\Windows\System\BaavLQI.exe
  2⤵
  PID:9760
- C:\Windows\System\srExEGx.exe
  C:\Windows\System\srExEGx.exe
  2⤵
  PID:9776
- C:\Windows\System\LcEvJBh.exe
  C:\Windows\System\LcEvJBh.exe
  2⤵
  PID:9792
- C:\Windows\System\vMgxPAM.exe
  C:\Windows\System\vMgxPAM.exe
  2⤵
  PID:9808
- C:\Windows\System\SsrYQTS.exe
  C:\Windows\System\SsrYQTS.exe
  2⤵
  PID:9828
- C:\Windows\System\qwumaFU.exe
  C:\Windows\System\qwumaFU.exe
  2⤵
  PID:9856
- C:\Windows\System\QJyFfpw.exe
  C:\Windows\System\QJyFfpw.exe
  2⤵
  PID:9872
- C:\Windows\System\gQGmbTD.exe
  C:\Windows\System\gQGmbTD.exe
  2⤵
  PID:9904
- C:\Windows\System\SWCQzNR.exe
  C:\Windows\System\SWCQzNR.exe
  2⤵
  PID:9920
- C:\Windows\System\Vpbvjxp.exe
  C:\Windows\System\Vpbvjxp.exe
  2⤵
  PID:9936
- C:\Windows\System\JnHSAPO.exe
  C:\Windows\System\JnHSAPO.exe
  2⤵
  PID:9968
- C:\Windows\System\WWvlnue.exe
  C:\Windows\System\WWvlnue.exe
  2⤵
  PID:9996
- C:\Windows\System\BAlrKUg.exe
  C:\Windows\System\BAlrKUg.exe
  2⤵
  PID:10208
- C:\Windows\System\PqWCQsx.exe
  C:\Windows\System\PqWCQsx.exe
  2⤵
  PID:10228
- C:\Windows\System\PWXliMt.exe
  C:\Windows\System\PWXliMt.exe
  2⤵
  PID:2676
- C:\Windows\System\QdxUYkT.exe
  C:\Windows\System\QdxUYkT.exe
  2⤵
  PID:9280
- C:\Windows\System\dBHhHXH.exe
  C:\Windows\System\dBHhHXH.exe
  2⤵
  PID:9344
- C:\Windows\System\uQJmwcw.exe
  C:\Windows\System\uQJmwcw.exe
  2⤵
  PID:9296
- C:\Windows\System\XofWPBa.exe
  C:\Windows\System\XofWPBa.exe
  2⤵
  PID:9392
- C:\Windows\System\BQCguaT.exe
  C:\Windows\System\BQCguaT.exe
  2⤵
  PID:9408
- C:\Windows\System\JQNPgcJ.exe
  C:\Windows\System\JQNPgcJ.exe
  2⤵
  PID:9024
- C:\Windows\System\fmSOkjR.exe
  C:\Windows\System\fmSOkjR.exe
  2⤵
  PID:2124
- C:\Windows\System\QSxJOFZ.exe
  C:\Windows\System\QSxJOFZ.exe
  2⤵
  PID:1372
- C:\Windows\System\qPrfbNy.exe
  C:\Windows\System\qPrfbNy.exe
  2⤵
  PID:9932
- C:\Windows\System\OWwmrdY.exe
  C:\Windows\System\OWwmrdY.exe
  2⤵
  PID:9956
- C:\Windows\System\OhBnEWI.exe
  C:\Windows\System\OhBnEWI.exe
  2⤵
  PID:9984
- C:\Windows\System\ywaLnSV.exe
  C:\Windows\System\ywaLnSV.exe
  2⤵
  PID:10024
- C:\Windows\System\EMemNZE.exe
  C:\Windows\System\EMemNZE.exe
  2⤵
  PID:10056
- C:\Windows\System\BPvWhFc.exe
  C:\Windows\System\BPvWhFc.exe
  2⤵
  PID:10156
- C:\Windows\System\UathUqB.exe
  C:\Windows\System\UathUqB.exe
  2⤵
  PID:10036
- C:\Windows\System\BxxmFDh.exe
  C:\Windows\System\BxxmFDh.exe
  2⤵
  PID:10068
- C:\Windows\System\WgTsBam.exe
  C:\Windows\System\WgTsBam.exe
  2⤵
  PID:10092
- C:\Windows\System\tkJWron.exe
  C:\Windows\System\tkJWron.exe
  2⤵
  PID:9820
- C:\Windows\System\QpVVuRR.exe
  C:\Windows\System\QpVVuRR.exe
  2⤵
  PID:10120
- C:\Windows\System\uRmiZoU.exe
  C:\Windows\System\uRmiZoU.exe
  2⤵
  PID:10160
- C:\Windows\System\gtReOAC.exe
  C:\Windows\System\gtReOAC.exe
  2⤵
  PID:10188
- C:\Windows\System\pPkISAJ.exe
  C:\Windows\System\pPkISAJ.exe
  2⤵
  PID:9348
- C:\Windows\System\SEoMDno.exe
  C:\Windows\System\SEoMDno.exe
  2⤵
  PID:2920
- C:\Windows\System\UBnGjOH.exe
  C:\Windows\System\UBnGjOH.exe
  2⤵
  PID:1548
- C:\Windows\System\MvylqCq.exe
  C:\Windows\System\MvylqCq.exe
  2⤵
  PID:8832
- C:\Windows\System\MSXxrHN.exe
  C:\Windows\System\MSXxrHN.exe
  2⤵
  PID:9380
- C:\Windows\System\HEzzIjt.exe
  C:\Windows\System\HEzzIjt.exe
  2⤵
  PID:9400
- C:\Windows\System\fCoLSYk.exe
  C:\Windows\System\fCoLSYk.exe
  2⤵
  PID:9516
- C:\Windows\System\JUwpMsv.exe
  C:\Windows\System\JUwpMsv.exe
  2⤵
  PID:9604
- C:\Windows\System\mbMfjQO.exe
  C:\Windows\System\mbMfjQO.exe
  2⤵
  PID:9644
- C:\Windows\System\mjFthqS.exe
  C:\Windows\System\mjFthqS.exe
  2⤵
  PID:9660
- C:\Windows\System\QDsNjVm.exe
  C:\Windows\System\QDsNjVm.exe
  2⤵
  PID:9688
- C:\Windows\System\AqHEcoF.exe
  C:\Windows\System\AqHEcoF.exe
  2⤵
  PID:9700
- C:\Windows\System\RoiRzxo.exe
  C:\Windows\System\RoiRzxo.exe
  2⤵
  PID:9728
- C:\Windows\System\oPvtCsD.exe
  C:\Windows\System\oPvtCsD.exe
  2⤵
  PID:9756
- C:\Windows\System\MBKTeAu.exe
  C:\Windows\System\MBKTeAu.exe
  2⤵
  PID:9788
- C:\Windows\System\TtsGYcO.exe
  C:\Windows\System\TtsGYcO.exe
  2⤵
  PID:9824
- C:\Windows\System\ipJMooj.exe
  C:\Windows\System\ipJMooj.exe
  2⤵
  PID:9852
- C:\Windows\System\Vgeipse.exe
  C:\Windows\System\Vgeipse.exe
  2⤵
  PID:9432
- C:\Windows\System\MHLaTYV.exe
  C:\Windows\System\MHLaTYV.exe
  2⤵
  PID:10236
- C:\Windows\System\lGjdqNc.exe
  C:\Windows\System\lGjdqNc.exe
  2⤵
  PID:9312
- C:\Windows\System\lDNDhts.exe
  C:\Windows\System\lDNDhts.exe
  2⤵
  PID:9948
- C:\Windows\System\HQpZZoA.exe
  C:\Windows\System\HQpZZoA.exe
  2⤵
  PID:9488
- C:\Windows\System\eNhCDmx.exe
  C:\Windows\System\eNhCDmx.exe
  2⤵
  PID:10028
- C:\Windows\System\HAXcweF.exe
  C:\Windows\System\HAXcweF.exe
  2⤵
  PID:10128
- C:\Windows\System\kbNQBmF.exe
  C:\Windows\System\kbNQBmF.exe
  2⤵
  PID:10048
- C:\Windows\System\rrJeLCe.exe
  C:\Windows\System\rrJeLCe.exe
  2⤵
  PID:10112
- C:\Windows\System\kKSWVwO.exe
  C:\Windows\System\kKSWVwO.exe
  2⤵
  PID:10192
- C:\Windows\System\yqTbBfN.exe
  C:\Windows\System\yqTbBfN.exe
  2⤵
  PID:10152
- C:\Windows\System\cTmzrnT.exe
  C:\Windows\System\cTmzrnT.exe
  2⤵
  PID:2412
- C:\Windows\System\hTAcBsI.exe
  C:\Windows\System\hTAcBsI.exe
  2⤵
  PID:9464
- C:\Windows\System\GPcrokK.exe
  C:\Windows\System\GPcrokK.exe
  2⤵
  PID:9632
- C:\Windows\System\KKUYuxk.exe
  C:\Windows\System\KKUYuxk.exe
  2⤵
  PID:9708
- C:\Windows\System\eWvPAzs.exe
  C:\Windows\System\eWvPAzs.exe
  2⤵
  PID:9784
- C:\Windows\System\wsHOjTE.exe
  C:\Windows\System\wsHOjTE.exe
  2⤵
  PID:2712
- C:\Windows\System\cVTkdpV.exe
  C:\Windows\System\cVTkdpV.exe
  2⤵
  PID:9748
- C:\Windows\System\AiRtzSH.exe
  C:\Windows\System\AiRtzSH.exe
  2⤵
  PID:9332
- C:\Windows\System\cCsOujU.exe
  C:\Windows\System\cCsOujU.exe
  2⤵
  PID:9512
- C:\Windows\System\cXRDOtJ.exe
  C:\Windows\System\cXRDOtJ.exe
  2⤵
  PID:9680
- C:\Windows\System\KCuYuPq.exe
  C:\Windows\System\KCuYuPq.exe
  2⤵
  PID:9360
- C:\Windows\System\oCIoDuz.exe
  C:\Windows\System\oCIoDuz.exe
  2⤵
  PID:9364
- C:\Windows\System\lZFmUMB.exe
  C:\Windows\System\lZFmUMB.exe
  2⤵
  PID:9912
- C:\Windows\System\CjKBHpE.exe
  C:\Windows\System\CjKBHpE.exe
  2⤵
  PID:9896
- C:\Windows\System\uzCKreH.exe
  C:\Windows\System\uzCKreH.exe
  2⤵
  PID:9316
- C:\Windows\System\TcDIFtJ.exe
  C:\Windows\System\TcDIFtJ.exe
  2⤵
  PID:9496
- C:\Windows\System\lbBJWbt.exe
  C:\Windows\System\lbBJWbt.exe
  2⤵
  PID:10216
- C:\Windows\System\OUwoVLA.exe
  C:\Windows\System\OUwoVLA.exe
  2⤵
  PID:10096
- C:\Windows\System\HrgqeKu.exe
  C:\Windows\System\HrgqeKu.exe
  2⤵
  PID:9732
- C:\Windows\System\wOKvUsC.exe
  C:\Windows\System\wOKvUsC.exe
  2⤵
  PID:9880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DbcrkEK.exe

Filesize
6.0MB

MD5
4182797d86edbbc7eab4ce1637329f75

SHA1
373a198157e7353adb4a34ecb9b5907039e9e522

SHA256
d6ecb3edfddf768a91aded7c3eebd5b17f8571e5d12fed5cefe8b9038f1fd5bc

SHA512
1e517d118d9c6e8b2c98a93e936e9a4e3950328dc78d0717fdde2ccac03aca7a95c6c53bd9202632c0de48bffcf3f34c1df0b3c1da7dbaa435a1bbbf661ed378

Download Submit
C:\Windows\system\FmGmUIV.exe

Filesize
6.0MB

MD5
1c52a8c4ac61e35a1a23b73b0b3a5df9

SHA1
23bc4b23b609505d40368635a168579375a40a08

SHA256
9130543379957a45f434e91f244f1e09f5ea32a951773e66a8811ec07943a79b

SHA512
f11cc167554e9718d202961b992b1f199c86905c6f89f1969c5ba43879199d815945551028df8597fd665999461b5c9c75a436977a6a5d9da0d110fc11ffe30b

Download Submit
C:\Windows\system\GnYDwIl.exe

Filesize
6.0MB

MD5
fd9b439db073b02a7b609b9bc6c29c52

SHA1
efbb7038cbf36e2c5a5cacd8577099475cdccdf0

SHA256
19e48231c021eef19c5606034cffe72fb5937d433311ff024da7d7a0ce27dad5

SHA512
b35c735bfefde7ed70576515e74d503475a89601754128959ea791d646838eb50bf44bb0a2fdbf99ec9059f29bfe781ee8aae280c5779d6b1883cf6f2ca88ad6

Download Submit
C:\Windows\system\HRdFzVS.exe

Filesize
6.0MB

MD5
88fb53393e8e0162acd2c8d7385a3fac

SHA1
929da4081c9b91abd876544d98f88f40c3056a43

SHA256
e48077515db778e122910635c55b5b07750181cfbc0ddfed960a28782c5b5bd0

SHA512
dad2ab544dcdeb4bd88dd6537c95c819b354bf5772229398c6333d6cfc24777eb807976e57b08eae67c6dfe3ebe99b67caa87ff1eedd68b7199c5bd235170f38

Download Submit
C:\Windows\system\OSZQqhp.exe

Filesize
6.0MB

MD5
601034ca456d6a54d0a06fb66fe67ea8

SHA1
4614318c9016f5e50fc9b9f34fc29cc689e4bbcf

SHA256
3ed897c125e8151bd46bf07d9101fd904b1d51944403aaa1265bdafc31e6b517

SHA512
fca38ca361649192d2b17b1d12edb5e3138741192dd79ee5e08ebf0efd1380c40ac719ee40c63d1ad7fa500b3ce3617b6dfc63998c72d7009117d67fd535add4

Download Submit
C:\Windows\system\QKOuroS.exe

Filesize
6.0MB

MD5
81731bd778630b06732f68a1d3f217c3

SHA1
630596332890535c26486d308ed8cd587eee0fce

SHA256
30ccbc29bae2461f9ae9907aecda1d5c94a03081548355adae31a6efba544603

SHA512
f4eecfde75401c52ef5e96678d60cb65e46ad2c85b6e73404456c57cd0b80e2636e6a725efb8c996f774843b1a0e4eea6f9a8649d16fb4296aa9ee92941b188b

Download Submit
C:\Windows\system\QXCkdpl.exe

Filesize
6.0MB

MD5
75c4b89f7019d85d85185a505f2762c4

SHA1
1a59e3e5b128145b31382931aa83ff2c46567460

SHA256
0974dcf7186cd7abbef34e086ce6353aef300d0f02d15fd8504f2e4e87642068

SHA512
9103c5e83b4d489b1836514ead2077b5a103570f6500b781a1f2d3eda4797d0aa56cc707145d014e80290725672ecd2e95726a621abd5066487f326d23667878

Download Submit
C:\Windows\system\ViaOzpl.exe

Filesize
6.0MB

MD5
5fcc8ea2569f4c1a634129ba423b814b

SHA1
e2302446373b5d2ed0ed36d5aeff14310e301b49

SHA256
f0caf7717243f0a799ef58e90391c907ed136c4a37a58b5d630ab440c02515c6

SHA512
bd2333820e10d1754b6548324e8c008ac70d63726477173bd80036e5807ea891943ba2f1df513f441254bff5a2b36b9ec53dbae31caf9c9b1683027b1f1aa220

Download Submit
C:\Windows\system\VmaQmUZ.exe

Filesize
6.0MB

MD5
e9762d62eed8317ad931c522291704ea

SHA1
c853b67afa44e5f109e4af60977715a92c09c0af

SHA256
d84e2bfde199432c0f5296bc8bd6d523cc1a4091432f05f132f96e44507abdf9

SHA512
f0a94c125804a565b4eaa80c04dd76363376b35b810f1e25f0536e4f71df669b1dba2bf9ccd3875af26f5462156f103f8289c18cd4f2419194bfd0156d453827

Download Submit
C:\Windows\system\XemrHTd.exe

Filesize
6.0MB

MD5
82f8a907b9bb31a5b75b2546f66b0693

SHA1
26ec0737946ffc4469dd02098f63b0e04f3af5b7

SHA256
0476e7f652b5898f094bbb4d7de9f7621aa41bb1e10e078cfea9239008a4e487

SHA512
65bdc0901b5d2fe3bdb4cddcdef0a2c405767951d952f701fa504d6be4081b8b25dd582bf2aed87bb31bbedb9aed716bd3ac158fc19b8b61eb297021d0c0775f

Download Submit
C:\Windows\system\YTQQoeg.exe

Filesize
6.0MB

MD5
90fa8f4595ea7027d3a30680e5581a87

SHA1
c4d807aaed13fa4bbdfb7f98a474e313e017328a

SHA256
2ed3771c534890984a3f93ebde82c6636f9355ca0767fc81607ce3bc2772dba5

SHA512
8ae08849227cf8fc7b6141a2ecc2666390f69c564f2f4e38425df39825a603dc84854fa3a2543e087b423e7fd2bf357bd01418e8531e36aba19ab1e006b7a3d0

Download Submit
C:\Windows\system\eTxAKAG.exe

Filesize
6.0MB

MD5
e25c0340f64bfb760672677c1d413b04

SHA1
ba483ad660a6f2cefb3f9dd1d43ba4d80d534dc4

SHA256
afd6adc9096990e79f2c3171d928f8206bc98cd558bf3ab15842296944232663

SHA512
bfb2e17b5a4267ca956fee5cad106a46b0c1139b42f42d319f42f1abe81c14326239837d878e27cbd75e77a00f1b37d3f5a8a35f2bfe71d2b9e129bb90b22434

Download Submit
C:\Windows\system\erkPpbn.exe

Filesize
6.0MB

MD5
04524037c3f5e83e96c91bea60871d36

SHA1
8a6dbdc54cbb4408c7f3586366bb8d9959d766d2

SHA256
0b68ca855329bf7735f8b26f8ccce56a530632c043c8f548b8729329a1f97b27

SHA512
a08594092f5186881daff24fd0a718b35c0855eb090f0588966f0b4ff9606cc50e68fb69cca3ee78834daf8a2baf52dd8e7c57a91c7d236f1c517c55fd94b996

Download Submit
C:\Windows\system\gQNOrwW.exe

Filesize
6.0MB

MD5
e79b9e15430fa57e3e875c82ec2cd13f

SHA1
0d763160f9ff5d0fe42770387a41642decce3a3d

SHA256
d2a9d1de4ddd8cd3a9b7887a204e0f95e6f0cc310691e6a31e12719dab54108f

SHA512
e1721798fc865ea8ffb9673565679aa53b66ad1e0d0bd7208b9c08a03555bc60b921e88a11280f9f51aac03a37a7f19f132b471d97a71f01f2badb63109b8113

Download Submit
C:\Windows\system\hKwPRDH.exe

Filesize
6.0MB

MD5
fbfb9eedaa3c2f221744e9ee6d283d40

SHA1
6a580477969bce0e80b685b71b4bd0751468cec4

SHA256
b7b2e84e9f8b7f43dac08097e1c995b105327dec93ed8bb7a95e447007a5b6ba

SHA512
79cf84f9cb36ec95831eab3c25eb276c1dc05001f5fad64a889755f94d064650163ec1b60c5c7c6a455d81d454b7d7e736742734cd53fc8a8db5f14786141050

Download Submit
C:\Windows\system\hWNionS.exe

Filesize
6.0MB

MD5
0733d400337608ab51308a56dceebb54

SHA1
128f041249f3e4e0306bd5316066a7f74535e956

SHA256
30a1357a16da4bf82d6ff56eb360836a441df904eb4715e1c4c83f96238a6d87

SHA512
f63cb39855f3c3295b87da37d37be976e2a3ee713c471a9d515461f01f38c82095bcaa8e8781b6a39921e6827605fe9cf3e9c15e6a4e76d13d5c6b64acea8176

Download Submit
C:\Windows\system\iBFQiSs.exe

Filesize
6.0MB

MD5
1abe00a62e4e66987dffdee3bbf6acd8

SHA1
79b0e6a34c8d6bbd7b8405b40811dee8c380d2e0

SHA256
612a2e04a4f391ac80e3c72a2e5bb559867f9223533f54efd12b59196db33174

SHA512
64b106b2c1069c3061339e0e7d4b589b2a10064dfe9c56b05d1ea9336ff0a14a07f5a000ba4bb0ddaa50d163d7cd185c8b6d2ccc1fcacb20d2b3945614824728

Download Submit
C:\Windows\system\jptpLij.exe

Filesize
6.0MB

MD5
d0f02fd91c0bea401d470151f5a71165

SHA1
12a08eab01d62c82496a349055cccc3685dad813

SHA256
7c7ce01f82bd38851df55d4a7830f9a7142df06f61c0c45842484a97813b0318

SHA512
5ffa52ea0ddf7de71d743ab87462a71e11540e4f4c8c444e631b1fb7e984a067c81b3a739b52c38aa8e6224cff61dc7df4f6e084ad24325251c8080c10f1351a

Download Submit
C:\Windows\system\pDLMLcg.exe

Filesize
6.0MB

MD5
4aa844f06619ef7778ec281cff4374e2

SHA1
ee43690ce58a221ca3bab1512aa3d3474d627321

SHA256
a1c49c47659494b84247a8a09ab4f9cde474751307ffa22532a4e5befd7ee4a8

SHA512
36355938ae97b67ab195a8dd834f80e7900bf06350519892334181dc50a52b932480fea284e4642933744ad95f04d64ae21c79d840c9a7681310ae34af4e53a7

Download Submit
C:\Windows\system\rEnEHyJ.exe

Filesize
6.0MB

MD5
9b55941ea251b66403fe93d155b9fc25

SHA1
34359900a0f243a15596e7b7bb0e85479897a1d4

SHA256
7ed914d58eea39da7300acbd146ae995a5981e38d32bd7b3afd367f6fb942a52

SHA512
aa10167370ca71a17c9f30b0b4016817b8983b9f874f6fdfd36a69353b43a4624490c1211523960583ff052d23eb176508c8e0b2bbb0aa1b7f3e3412a677547f

Download Submit
C:\Windows\system\rlyhJVr.exe

Filesize
6.0MB

MD5
2f5dd4036754aa1745e47325c536783b

SHA1
6376dd7b299e0019fed7084c3817a73e3d0b11e3

SHA256
659b61f034d41ca967943325f7ccaebc229f5a7a2c60a8d480e0a1b23299bddd

SHA512
1ea3f4c324b2eb98cf2b778b202a70362687d0d826edf1800078c68e21a2aed7a8a09f778280f7d5c86a05db3edd7d413d3da72997bb3550473247fffbcbadf5

Download Submit
C:\Windows\system\sfKvrgh.exe

Filesize
6.0MB

MD5
12a9c226a835c310092fcf0880e28f1e

SHA1
7bdbadd113ac280a4edfb983289a851d44c4c68f

SHA256
2919cb2cc03b1df233eb698ff5e91663fc5cd6357339bd81cf9c39fff507dea7

SHA512
31a5a77f3fd86b6d7a96675cd3e5a0fac404fb7258845c398c92844212b4056f3be409fc6ca39c73519c373b3ccdfb51e062019c3d497c6c3df88b648755bfe7

Download Submit
C:\Windows\system\uXAiLHE.exe

Filesize
6.0MB

MD5
8f2b8c252ea5f1e28ff2e995ccb5d6b0

SHA1
e7b267e58a070e7993393077ce6723098536877a

SHA256
6e300428d8f36840185dade39588342b4661854e45fa26e55859121d4403092e

SHA512
71da3ab8e1b3dc849270c00374b6cf9c1e269fda044254add72c50e7b37498c9c6ed2c465164afe34f118ad67748d129202fa3c18ecb022d83fe18e0ad772fd4

Download Submit
C:\Windows\system\unHxNbI.exe

Filesize
6.0MB

MD5
6f92ca0d5d5fb0391c94e3a090ca0506

SHA1
c0cdb1da300b249f676b402ac9550d8df6a8249d

SHA256
b86920fca5d167a6faa430f56f8c444e965b916d6ac51f04dddaa4f73358e659

SHA512
e00c14c50d3b8fcde82cef22f886884cbdd3fb8992012fa170a03b4bae30f1aea9d66d1d59db99cf4f9547a1cd4d01e341a02c5484550798c26d9b656ada038d

Download Submit
C:\Windows\system\wIyaveo.exe

Filesize
6.0MB

MD5
c76c0d09211951786379af2a315ee32d

SHA1
69aafcd903b7c008459a0772c98ea18bb46a498b

SHA256
d7a026b184fa03c0e3d399f43d92b6e33643f11f30e95beb8d29f69ff59751f9

SHA512
782e98f54ced37f7fe61941cf23eba3deca256d08ebd6cc91c9cdb6959e31334f0b41dbf94e225b2fcbd05c8afd0b5af20ae6201fd469f1e61e728525c7b12f5

Download Submit
C:\Windows\system\yhqZrFq.exe

Filesize
6.0MB

MD5
9ab5f0279cd04eb78da6c72806a614dc

SHA1
58288e7eb68f53e02d68decf84ca482bf8622383

SHA256
dbac5caeb60a86a5810308dcebadb9962fe36c4a568f753272ae91ebd6cb01e0

SHA512
d5ee6144f2f2567a2d0454aadd78865fd66cc00f0722910e842ba1a6381576a4be13b3f297d5df11bb2958ac6034b282fe8963378b4a53965aa93f11579102fe

Download Submit
\Windows\system\FdSbFmY.exe

Filesize
6.0MB

MD5
f7a1ebbedc17644aa099b17c7338cef8

SHA1
fae3b79757ba286ea1ee09354e7d4cd73ca11fea

SHA256
146a5021d8ba2d8310780ecefe4085204c6fbd2e73d7b88d9de96e3ec8d7efb8

SHA512
dcdfc1f6ce2ee168b1daa81594c3aad376bd55d933346dc1df57e395cbbfd03cefa99052ac89cbd86de3eba608b2171fd504bd7de787c39229a554985d6d1d81

Download Submit
\Windows\system\KXxcMGI.exe

Filesize
6.0MB

MD5
92f3157c1c0dd7876a7059484a4e76e0

SHA1
fea5c0108bdf6f70f1105ad7f2d657cd3ea42b3a

SHA256
f0a6944542fdba28fb1c84749c88527a6feff2616df39c2ba1d6e69b39763da4

SHA512
dbe6d0136b797744e188e5f6f1b1781f01b914d3687c0a1652fa0ce4a2b0a585499930b8f06e65527bcbe9dc7cbe95299f4a48569354588b2579ae108b9d1190

Download Submit
\Windows\system\SNLTChI.exe

Filesize
6.0MB

MD5
6801cd22df3780684b8bac244a94efe1

SHA1
de2a41d5edc9b3923118a416f32f460cf5dc699b

SHA256
37f4ab82171959e44d7fadf07928c63fcbab1c51c97a59e929275c40c318018c

SHA512
fbc594518c6bc98947b823a69af0a42bdf7a4612f152d17d5db16e2bdef83903f6a20557efaa14b0f9314a69fd5b3c14fb9691368391863350c9e63c9232a621

Download Submit
\Windows\system\TuRpvNY.exe

Filesize
6.0MB

MD5
388e1456e1c6280d080f025402ed43b3

SHA1
4d261ad5c43f1e8b2670efa3e646117e058334dd

SHA256
a5b8bf182069de54ca4485a18e79a04397e114c1afb3bd6c0d27d17aa43d97d2

SHA512
389545cfda672f7f4d3cc779f35e559be1fc36a13399bd0c2f36074270da4f7f12c95901c5b5f19381d74749e53b39331349013db6e9d348afd2e6133f99c588

Download Submit
\Windows\system\ceDKHCU.exe

Filesize
6.0MB

MD5
f72f3a4c3189e0d3adeac314fb887f28

SHA1
0b55b4cf137e1f9267c9c190d96a60f4b79ed6f2

SHA256
1dbe6eda2c7f5ad85525f161e625dd4f92d912a51abd54cdd0d9395b3fe69aac

SHA512
2fb0fcb036ca45910a3031e0089703f40f5cc87c4005212d2325609c7f3817c933e3bff108ce34afc7ecba0472a7b56046691e9dbfbab7e3a045fd2ae048263c

Download Submit
\Windows\system\dwZFzKJ.exe

Filesize
6.0MB

MD5
ebf29ad9cfaf9d9f841af3d7d3986641

SHA1
07f7bc43bc5ead1d3bbfe4802ac65a01b7228930

SHA256
6b0a970f76ec49de69eeb9d12880ee07fbddc01aebd114ac8de9874520c53267

SHA512
a5a220b7c08f1869d0fd4f12b8eace97fb41a9a9374b44602191927d5d47b9760ec1c42fa7973211c7ebb3c522c46b54f885210204e18c7589a5f1bc2eb1d44e

Download Submit
\Windows\system\ozgcBgW.exe

Filesize
6.0MB

MD5
436175a1d2ff73a8366ccd904f7c81cb

SHA1
6bc6e7406b0487fb72ca953818c39cabd6c0d434

SHA256
0a72b7eb536cb82765623d825f8e4440de8255828fcd395cd6f65f310ca8d677

SHA512
58a9017b4663dd3f311550bf45d07947f27d5024137915a04c8c945cd27f60d9a4f6851fcbe9a121572d9e065f49c319e23757a51bae4f470366588425f75d09

Download Submit
memory/356-3990-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/356-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3139-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-158-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1920-3377-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3227-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3175-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3143-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-0-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1920-2980-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1350-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1027-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-12-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-221-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1920-220-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-14-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-177-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1920-179-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1920-223-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1022-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3211-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-160-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3379-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1920-163-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1920-173-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1920-166-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1920-168-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-172-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3998-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3996-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2200-167-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2408-16-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3989-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-159-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3993-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2604-188-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4001-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2648-201-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4002-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-222-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3992-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2704-174-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3999-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4000-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2768-178-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2820-161-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3994-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-165-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3997-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3995-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-164-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3991-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/3032-41-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download