cobaltstrike | 6fe69195e9d1e9f6e9a33c490cace556296ab77615949223f5b1ae9103bcbaf6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b1472d5eea71ad927beda28c699b49d8
SHA1

9813875b42e40481fa6e4c507a1d23798e6b1452
SHA256

6fe69195e9d1e9f6e9a33c490cace556296ab77615949223f5b1ae9103bcbaf6
SHA512

4f78f37cf5f053770c73335a206c43027c57ba488dc57c13aa58ef631665571adafdeb7e35e4c9062841254e5ee351c4f251738eab96d592a6c92b428971ba45
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000162e4-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-17.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-60.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-24.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-77.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017570-76.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-75.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-85.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d22-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2244-0-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012280-3.dat	xmrig
behavioral1/files/0x00340000000162e4-11.dat	xmrig
behavioral1/files/0x000800000001660e-17.dat	xmrig
behavioral1/memory/2768-21-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2244-23-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2776-22-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-60.dat	xmrig
behavioral1/files/0x0008000000016890-24.dat	xmrig
behavioral1/memory/2600-78-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-91.dat	xmrig
behavioral1/files/0x0005000000019237-136.dat	xmrig
behavioral1/memory/2244-874-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2244-755-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924f-165.dat	xmrig
behavioral1/files/0x0005000000019203-164.dat	xmrig
behavioral1/files/0x0005000000019354-162.dat	xmrig
behavioral1/files/0x0006000000018fdf-156.dat	xmrig
behavioral1/files/0x0006000000018d7b-155.dat	xmrig
behavioral1/files/0x0005000000018745-154.dat	xmrig
behavioral1/files/0x0005000000019299-152.dat	xmrig
behavioral1/files/0x0005000000019274-144.dat	xmrig
behavioral1/files/0x0005000000019358-170.dat	xmrig
behavioral1/files/0x00050000000192a1-160.dat	xmrig
behavioral1/files/0x0006000000018be7-118.dat	xmrig
behavioral1/files/0x000500000001871c-111.dat	xmrig
behavioral1/files/0x000500000001870c-102.dat	xmrig
behavioral1/files/0x000500000001927a-149.dat	xmrig
behavioral1/files/0x0005000000019261-143.dat	xmrig
behavioral1/files/0x0006000000019056-129.dat	xmrig
behavioral1/files/0x0006000000018d83-121.dat	xmrig
behavioral1/memory/2244-101-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/812-100-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-98.dat	xmrig
behavioral1/memory/2148-95-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2244-94-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/896-93-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2372-88-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2244-82-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2892-81-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2196-80-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2596-79-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-77.dat	xmrig
behavioral1/files/0x0008000000017570-76.dat	xmrig
behavioral1/files/0x0009000000016cf0-75.dat	xmrig
behavioral1/memory/2244-87-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-85.dat	xmrig
behavioral1/files/0x0007000000016ca0-74.dat	xmrig
behavioral1/memory/1672-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2244-67-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/812-66-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2548-59-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d22-56.dat	xmrig
behavioral1/memory/2884-49-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cab-47.dat	xmrig
behavioral1/files/0x0007000000016c89-33.dat	xmrig
behavioral1/memory/896-30-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2956-20-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2244-12-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2768-3803-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2776-3801-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/812-3815-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/896-3848-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1672-4371-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2776	bxUXFTE.exe
2956	HHXTJbr.exe
2768	cNnXbVx.exe
896	TNjNBPW.exe
2884	YHwUUuw.exe
2548	gPjSUIX.exe
812	nvdcAUO.exe
1672	xNxAQpX.exe
2600	yrLAKXg.exe
2596	SWPOobj.exe
2196	ofjSCTy.exe
2892	UAlhoVn.exe
2372	OKoqCZd.exe
2148	ujlHahA.exe
2052	TMTfHtm.exe
2652	nWukXDt.exe
820	kvXqvcG.exe
2012	UeIqBQu.exe
856	tragcji.exe
1364	jUgdCyg.exe
1256	NIgYTOu.exe
2124	tZwWwlr.exe
1700	VITwOEh.exe
2832	xTNNaAo.exe
536	zxxIExb.exe
1764	SQEdmeG.exe
1056	XznChTq.exe
1140	JocidZg.exe
1156	eMuLcrW.exe
1320	OqxKlYn.exe
2236	TSAaMfj.exe
1944	iPbBVAZ.exe
1972	AejQybL.exe
2040	njYxaPW.exe
1868	fDmcWFb.exe
920	yIJqnJb.exe
568	iHPobEr.exe
784	szEWoEv.exe
1812	mYZaVzc.exe
1552	XCVSWAw.exe
1368	MpxTXIc.exe
776	GSPKyfi.exe
1248	ImvJnEh.exe
1728	HKymmdw.exe
1864	kJaNOEy.exe
356	PjGYPAE.exe
1196	aIqZDVj.exe
2100	yqSDaAj.exe
2324	yLxcxIL.exe
2468	jPSTQXY.exe
844	ojOZsOD.exe
1792	oUkMvos.exe
2512	iBrIejG.exe
2104	AngDvTw.exe
3060	OAFrGCc.exe
900	lLgucgO.exe
2320	cImIkTT.exe
1968	bPpWvhw.exe
1688	WFqJFkW.exe
2464	TBMkZan.exe
2376	VFtOpdn.exe
2180	SeAvTXO.exe
2840	GSOxkqJ.exe
2724	hIVunCk.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2244-0-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x000a000000012280-3.dat	upx
behavioral1/files/0x00340000000162e4-11.dat	upx
behavioral1/files/0x000800000001660e-17.dat	upx
behavioral1/memory/2768-21-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2776-22-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-60.dat	upx
behavioral1/files/0x0008000000016890-24.dat	upx
behavioral1/memory/2600-78-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0005000000018697-91.dat	upx
behavioral1/files/0x0005000000019237-136.dat	upx
behavioral1/files/0x000500000001924f-165.dat	upx
behavioral1/files/0x0005000000019203-164.dat	upx
behavioral1/files/0x0005000000019354-162.dat	upx
behavioral1/files/0x0006000000018fdf-156.dat	upx
behavioral1/files/0x0006000000018d7b-155.dat	upx
behavioral1/files/0x0005000000018745-154.dat	upx
behavioral1/files/0x0005000000019299-152.dat	upx
behavioral1/files/0x0005000000019274-144.dat	upx
behavioral1/files/0x0005000000019358-170.dat	upx
behavioral1/files/0x00050000000192a1-160.dat	upx
behavioral1/files/0x0006000000018be7-118.dat	upx
behavioral1/files/0x000500000001871c-111.dat	upx
behavioral1/files/0x000500000001870c-102.dat	upx
behavioral1/files/0x000500000001927a-149.dat	upx
behavioral1/files/0x0005000000019261-143.dat	upx
behavioral1/files/0x0006000000019056-129.dat	upx
behavioral1/files/0x0006000000018d83-121.dat	upx
behavioral1/memory/812-100-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000018706-98.dat	upx
behavioral1/memory/2148-95-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/896-93-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2372-88-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2244-82-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2892-81-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2196-80-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2596-79-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-77.dat	upx
behavioral1/files/0x0008000000017570-76.dat	upx
behavioral1/files/0x0009000000016cf0-75.dat	upx
behavioral1/files/0x000d000000018683-85.dat	upx
behavioral1/files/0x0007000000016ca0-74.dat	upx
behavioral1/memory/1672-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/812-66-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2548-59-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0008000000016d22-56.dat	upx
behavioral1/memory/2884-49-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0007000000016cab-47.dat	upx
behavioral1/files/0x0007000000016c89-33.dat	upx
behavioral1/memory/896-30-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2956-20-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2768-3803-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2776-3801-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/812-3815-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/896-3848-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1672-4371-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2600-4372-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2196-4373-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2892-4374-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2596-4376-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2148-4375-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2372-4377-0x000000013F610000-0x000000013F964000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tGQDIXt.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFXgHpW.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBVvhdZ.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciNVERQ.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsDwuUu.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETpngfh.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEfwMrJ.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvayFUP.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYiwILu.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrMRLwq.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyRnCPr.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVZesED.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUMpLju.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njYxaPW.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xewirCF.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXNWbfT.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maGTeTC.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flTYGJk.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYODyRN.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLLQloB.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afQLlVI.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiEGxnH.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDDPnjK.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdZqxqy.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKSNCYg.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWBqSAT.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jluDrxl.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtTwQip.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRLkEfG.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tstiEnq.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKJNUKa.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIhaNmi.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhRQBHs.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOmwjfq.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhuJQUO.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjGYPAE.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHuyTzB.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdRQcri.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efrmBjf.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZfIpeS.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFOQSkR.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGFpUUn.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWdkfFi.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVXWlXm.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibFjXAX.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqukHKJ.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJBTrux.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdXmPyy.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCELXWt.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfFuNGR.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpgilkM.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWgrVsR.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpXYAMY.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHlUEHF.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJPCiuK.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lImLZMd.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiAPjIq.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTvyURR.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEBbVwb.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXHpnsW.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZZpMGR.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BujCMPz.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAfVcnS.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCtsUkS.exe	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2776	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2776	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2776	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2244 wrote to memory of 2956	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2956	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2956	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2244 wrote to memory of 2768	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 2768	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 2768	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2244 wrote to memory of 896	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 896	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 896	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2244 wrote to memory of 2884	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2884	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2884	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2244 wrote to memory of 2600	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2600	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2600	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2244 wrote to memory of 2548	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 2548	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 2548	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2244 wrote to memory of 2596	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 2596	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 2596	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2244 wrote to memory of 812	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 812	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 812	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2244 wrote to memory of 2196	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 2196	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 2196	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2244 wrote to memory of 1672	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 1672	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 1672	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2244 wrote to memory of 2892	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2892	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2892	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2244 wrote to memory of 2372	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2372	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2372	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2244 wrote to memory of 2148	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2148	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2148	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2244 wrote to memory of 2052	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 2052	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 2052	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2244 wrote to memory of 1700	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 1700	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 1700	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2244 wrote to memory of 2652	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2652	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2652	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2244 wrote to memory of 2832	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 2832	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 2832	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2244 wrote to memory of 820	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 820	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 820	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2244 wrote to memory of 536	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2244 wrote to memory of 536	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2244 wrote to memory of 536	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2244 wrote to memory of 2012	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2244 wrote to memory of 2012	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2244 wrote to memory of 2012	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2244 wrote to memory of 1764	2244	2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_b1472d5eea71ad927beda28c699b49d8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\System\bxUXFTE.exe
  C:\Windows\System\bxUXFTE.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HHXTJbr.exe
  C:\Windows\System\HHXTJbr.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\cNnXbVx.exe
  C:\Windows\System\cNnXbVx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\TNjNBPW.exe
  C:\Windows\System\TNjNBPW.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\YHwUUuw.exe
  C:\Windows\System\YHwUUuw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yrLAKXg.exe
  C:\Windows\System\yrLAKXg.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\gPjSUIX.exe
  C:\Windows\System\gPjSUIX.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\SWPOobj.exe
  C:\Windows\System\SWPOobj.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\nvdcAUO.exe
  C:\Windows\System\nvdcAUO.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\ofjSCTy.exe
  C:\Windows\System\ofjSCTy.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\xNxAQpX.exe
  C:\Windows\System\xNxAQpX.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\UAlhoVn.exe
  C:\Windows\System\UAlhoVn.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\OKoqCZd.exe
  C:\Windows\System\OKoqCZd.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\ujlHahA.exe
  C:\Windows\System\ujlHahA.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\TMTfHtm.exe
  C:\Windows\System\TMTfHtm.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\VITwOEh.exe
  C:\Windows\System\VITwOEh.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\nWukXDt.exe
  C:\Windows\System\nWukXDt.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\xTNNaAo.exe
  C:\Windows\System\xTNNaAo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\kvXqvcG.exe
  C:\Windows\System\kvXqvcG.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\zxxIExb.exe
  C:\Windows\System\zxxIExb.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\UeIqBQu.exe
  C:\Windows\System\UeIqBQu.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\SQEdmeG.exe
  C:\Windows\System\SQEdmeG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\tragcji.exe
  C:\Windows\System\tragcji.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\JocidZg.exe
  C:\Windows\System\JocidZg.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\jUgdCyg.exe
  C:\Windows\System\jUgdCyg.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\eMuLcrW.exe
  C:\Windows\System\eMuLcrW.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\NIgYTOu.exe
  C:\Windows\System\NIgYTOu.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\TSAaMfj.exe
  C:\Windows\System\TSAaMfj.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\tZwWwlr.exe
  C:\Windows\System\tZwWwlr.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\iPbBVAZ.exe
  C:\Windows\System\iPbBVAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\XznChTq.exe
  C:\Windows\System\XznChTq.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\AejQybL.exe
  C:\Windows\System\AejQybL.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\OqxKlYn.exe
  C:\Windows\System\OqxKlYn.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\njYxaPW.exe
  C:\Windows\System\njYxaPW.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\fDmcWFb.exe
  C:\Windows\System\fDmcWFb.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\yIJqnJb.exe
  C:\Windows\System\yIJqnJb.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\iHPobEr.exe
  C:\Windows\System\iHPobEr.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\szEWoEv.exe
  C:\Windows\System\szEWoEv.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\mYZaVzc.exe
  C:\Windows\System\mYZaVzc.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\XCVSWAw.exe
  C:\Windows\System\XCVSWAw.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\MpxTXIc.exe
  C:\Windows\System\MpxTXIc.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\GSPKyfi.exe
  C:\Windows\System\GSPKyfi.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ImvJnEh.exe
  C:\Windows\System\ImvJnEh.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\HKymmdw.exe
  C:\Windows\System\HKymmdw.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\kJaNOEy.exe
  C:\Windows\System\kJaNOEy.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\PjGYPAE.exe
  C:\Windows\System\PjGYPAE.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\aIqZDVj.exe
  C:\Windows\System\aIqZDVj.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\yLxcxIL.exe
  C:\Windows\System\yLxcxIL.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\yqSDaAj.exe
  C:\Windows\System\yqSDaAj.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\ojOZsOD.exe
  C:\Windows\System\ojOZsOD.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\jPSTQXY.exe
  C:\Windows\System\jPSTQXY.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\oUkMvos.exe
  C:\Windows\System\oUkMvos.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\iBrIejG.exe
  C:\Windows\System\iBrIejG.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\AngDvTw.exe
  C:\Windows\System\AngDvTw.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\OAFrGCc.exe
  C:\Windows\System\OAFrGCc.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\cImIkTT.exe
  C:\Windows\System\cImIkTT.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\lLgucgO.exe
  C:\Windows\System\lLgucgO.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\WFqJFkW.exe
  C:\Windows\System\WFqJFkW.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\bPpWvhw.exe
  C:\Windows\System\bPpWvhw.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\TBMkZan.exe
  C:\Windows\System\TBMkZan.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\VFtOpdn.exe
  C:\Windows\System\VFtOpdn.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GexekEv.exe
  C:\Windows\System\GexekEv.exe
  2⤵
  PID:1596
- C:\Windows\System\SeAvTXO.exe
  C:\Windows\System\SeAvTXO.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\txKuHwC.exe
  C:\Windows\System\txKuHwC.exe
  2⤵
  PID:2760
- C:\Windows\System\GSOxkqJ.exe
  C:\Windows\System\GSOxkqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\dBFVGIZ.exe
  C:\Windows\System\dBFVGIZ.exe
  2⤵
  PID:2896
- C:\Windows\System\hIVunCk.exe
  C:\Windows\System\hIVunCk.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\rSzSsAk.exe
  C:\Windows\System\rSzSsAk.exe
  2⤵
  PID:2240
- C:\Windows\System\GrMRLwq.exe
  C:\Windows\System\GrMRLwq.exe
  2⤵
  PID:2880
- C:\Windows\System\rqEsxNK.exe
  C:\Windows\System\rqEsxNK.exe
  2⤵
  PID:2556
- C:\Windows\System\xENZPKy.exe
  C:\Windows\System\xENZPKy.exe
  2⤵
  PID:1532
- C:\Windows\System\fWxZUyu.exe
  C:\Windows\System\fWxZUyu.exe
  2⤵
  PID:2888
- C:\Windows\System\BrRWkGC.exe
  C:\Windows\System\BrRWkGC.exe
  2⤵
  PID:2876
- C:\Windows\System\ufwOypc.exe
  C:\Windows\System\ufwOypc.exe
  2⤵
  PID:1028
- C:\Windows\System\ErXvAKH.exe
  C:\Windows\System\ErXvAKH.exe
  2⤵
  PID:2532
- C:\Windows\System\EKxhyVm.exe
  C:\Windows\System\EKxhyVm.exe
  2⤵
  PID:2096
- C:\Windows\System\dLXJFfP.exe
  C:\Windows\System\dLXJFfP.exe
  2⤵
  PID:2872
- C:\Windows\System\DPMewuQ.exe
  C:\Windows\System\DPMewuQ.exe
  2⤵
  PID:708
- C:\Windows\System\tROsgQy.exe
  C:\Windows\System\tROsgQy.exe
  2⤵
  PID:2972
- C:\Windows\System\OswjopO.exe
  C:\Windows\System\OswjopO.exe
  2⤵
  PID:2024
- C:\Windows\System\BzfTBVD.exe
  C:\Windows\System\BzfTBVD.exe
  2⤵
  PID:2212
- C:\Windows\System\afEpCCj.exe
  C:\Windows\System\afEpCCj.exe
  2⤵
  PID:1896
- C:\Windows\System\mWPfxQs.exe
  C:\Windows\System\mWPfxQs.exe
  2⤵
  PID:1088
- C:\Windows\System\VwjzZSs.exe
  C:\Windows\System\VwjzZSs.exe
  2⤵
  PID:1748
- C:\Windows\System\gHLdvbw.exe
  C:\Windows\System\gHLdvbw.exe
  2⤵
  PID:1576
- C:\Windows\System\tfFuwfN.exe
  C:\Windows\System\tfFuwfN.exe
  2⤵
  PID:764
- C:\Windows\System\SiwMbYa.exe
  C:\Windows\System\SiwMbYa.exe
  2⤵
  PID:2396
- C:\Windows\System\parjJmv.exe
  C:\Windows\System\parjJmv.exe
  2⤵
  PID:616
- C:\Windows\System\EYZNmPS.exe
  C:\Windows\System\EYZNmPS.exe
  2⤵
  PID:3068
- C:\Windows\System\ETpngfh.exe
  C:\Windows\System\ETpngfh.exe
  2⤵
  PID:1264
- C:\Windows\System\UxTKkVn.exe
  C:\Windows\System\UxTKkVn.exe
  2⤵
  PID:2064
- C:\Windows\System\rJdTdar.exe
  C:\Windows\System\rJdTdar.exe
  2⤵
  PID:760
- C:\Windows\System\KxsDqTq.exe
  C:\Windows\System\KxsDqTq.exe
  2⤵
  PID:2088
- C:\Windows\System\ngaiIoj.exe
  C:\Windows\System\ngaiIoj.exe
  2⤵
  PID:2336
- C:\Windows\System\uYpvsIe.exe
  C:\Windows\System\uYpvsIe.exe
  2⤵
  PID:1588
- C:\Windows\System\nMkpaMM.exe
  C:\Windows\System\nMkpaMM.exe
  2⤵
  PID:1992
- C:\Windows\System\hhhLZmv.exe
  C:\Windows\System\hhhLZmv.exe
  2⤵
  PID:2792
- C:\Windows\System\SbhSEUc.exe
  C:\Windows\System\SbhSEUc.exe
  2⤵
  PID:2668
- C:\Windows\System\shHDvam.exe
  C:\Windows\System\shHDvam.exe
  2⤵
  PID:2728
- C:\Windows\System\meLBXtY.exe
  C:\Windows\System\meLBXtY.exe
  2⤵
  PID:2916
- C:\Windows\System\WHQXFwv.exe
  C:\Windows\System\WHQXFwv.exe
  2⤵
  PID:3040
- C:\Windows\System\PwCaERM.exe
  C:\Windows\System\PwCaERM.exe
  2⤵
  PID:1396
- C:\Windows\System\MOTdJVL.exe
  C:\Windows\System\MOTdJVL.exe
  2⤵
  PID:1796
- C:\Windows\System\YtHQfny.exe
  C:\Windows\System\YtHQfny.exe
  2⤵
  PID:448
- C:\Windows\System\bMOWYXB.exe
  C:\Windows\System\bMOWYXB.exe
  2⤵
  PID:2964
- C:\Windows\System\WTZpxLa.exe
  C:\Windows\System\WTZpxLa.exe
  2⤵
  PID:3084
- C:\Windows\System\gUupjjj.exe
  C:\Windows\System\gUupjjj.exe
  2⤵
  PID:3100
- C:\Windows\System\VQGWGOr.exe
  C:\Windows\System\VQGWGOr.exe
  2⤵
  PID:3116
- C:\Windows\System\zJIzSRA.exe
  C:\Windows\System\zJIzSRA.exe
  2⤵
  PID:3132
- C:\Windows\System\uzRZweN.exe
  C:\Windows\System\uzRZweN.exe
  2⤵
  PID:3148
- C:\Windows\System\LIKAcKu.exe
  C:\Windows\System\LIKAcKu.exe
  2⤵
  PID:3164
- C:\Windows\System\msUiSje.exe
  C:\Windows\System\msUiSje.exe
  2⤵
  PID:3180
- C:\Windows\System\gluwVdE.exe
  C:\Windows\System\gluwVdE.exe
  2⤵
  PID:3196
- C:\Windows\System\daXBeIG.exe
  C:\Windows\System\daXBeIG.exe
  2⤵
  PID:3212
- C:\Windows\System\FhdySTG.exe
  C:\Windows\System\FhdySTG.exe
  2⤵
  PID:3228
- C:\Windows\System\xVviQRI.exe
  C:\Windows\System\xVviQRI.exe
  2⤵
  PID:3244
- C:\Windows\System\tXHpnsW.exe
  C:\Windows\System\tXHpnsW.exe
  2⤵
  PID:3260
- C:\Windows\System\WkjmJri.exe
  C:\Windows\System\WkjmJri.exe
  2⤵
  PID:3276
- C:\Windows\System\cfsITgl.exe
  C:\Windows\System\cfsITgl.exe
  2⤵
  PID:3292
- C:\Windows\System\URAVxor.exe
  C:\Windows\System\URAVxor.exe
  2⤵
  PID:3308
- C:\Windows\System\EXVWizE.exe
  C:\Windows\System\EXVWizE.exe
  2⤵
  PID:3324
- C:\Windows\System\raeXcdL.exe
  C:\Windows\System\raeXcdL.exe
  2⤵
  PID:3340
- C:\Windows\System\UhemPes.exe
  C:\Windows\System\UhemPes.exe
  2⤵
  PID:3356
- C:\Windows\System\hEVKpGw.exe
  C:\Windows\System\hEVKpGw.exe
  2⤵
  PID:3372
- C:\Windows\System\XggUAoC.exe
  C:\Windows\System\XggUAoC.exe
  2⤵
  PID:3388
- C:\Windows\System\gnVktVF.exe
  C:\Windows\System\gnVktVF.exe
  2⤵
  PID:3404
- C:\Windows\System\BtpWEvB.exe
  C:\Windows\System\BtpWEvB.exe
  2⤵
  PID:3420
- C:\Windows\System\OXoVLAh.exe
  C:\Windows\System\OXoVLAh.exe
  2⤵
  PID:3436
- C:\Windows\System\NgEtIzE.exe
  C:\Windows\System\NgEtIzE.exe
  2⤵
  PID:3452
- C:\Windows\System\UYwGddX.exe
  C:\Windows\System\UYwGddX.exe
  2⤵
  PID:3468
- C:\Windows\System\KZQFdzj.exe
  C:\Windows\System\KZQFdzj.exe
  2⤵
  PID:3484
- C:\Windows\System\jOCssUc.exe
  C:\Windows\System\jOCssUc.exe
  2⤵
  PID:3500
- C:\Windows\System\ARiBRro.exe
  C:\Windows\System\ARiBRro.exe
  2⤵
  PID:3516
- C:\Windows\System\hpQiJSy.exe
  C:\Windows\System\hpQiJSy.exe
  2⤵
  PID:3532
- C:\Windows\System\ESDRmRa.exe
  C:\Windows\System\ESDRmRa.exe
  2⤵
  PID:3548
- C:\Windows\System\BgSzeyI.exe
  C:\Windows\System\BgSzeyI.exe
  2⤵
  PID:3564
- C:\Windows\System\JaiqAuY.exe
  C:\Windows\System\JaiqAuY.exe
  2⤵
  PID:3580
- C:\Windows\System\JdKeMml.exe
  C:\Windows\System\JdKeMml.exe
  2⤵
  PID:3596
- C:\Windows\System\PqHQLvC.exe
  C:\Windows\System\PqHQLvC.exe
  2⤵
  PID:3612
- C:\Windows\System\DQoiILX.exe
  C:\Windows\System\DQoiILX.exe
  2⤵
  PID:3628
- C:\Windows\System\UWgrVsR.exe
  C:\Windows\System\UWgrVsR.exe
  2⤵
  PID:3644
- C:\Windows\System\DfOTPUS.exe
  C:\Windows\System\DfOTPUS.exe
  2⤵
  PID:3660
- C:\Windows\System\APoqpUj.exe
  C:\Windows\System\APoqpUj.exe
  2⤵
  PID:3676
- C:\Windows\System\wCXOQjr.exe
  C:\Windows\System\wCXOQjr.exe
  2⤵
  PID:3692
- C:\Windows\System\OZxeAVG.exe
  C:\Windows\System\OZxeAVG.exe
  2⤵
  PID:3708
- C:\Windows\System\IVcFysi.exe
  C:\Windows\System\IVcFysi.exe
  2⤵
  PID:3724
- C:\Windows\System\UkxWtIi.exe
  C:\Windows\System\UkxWtIi.exe
  2⤵
  PID:3740
- C:\Windows\System\pfcHmyW.exe
  C:\Windows\System\pfcHmyW.exe
  2⤵
  PID:3756
- C:\Windows\System\AycjYGF.exe
  C:\Windows\System\AycjYGF.exe
  2⤵
  PID:3772
- C:\Windows\System\GqukHKJ.exe
  C:\Windows\System\GqukHKJ.exe
  2⤵
  PID:3788
- C:\Windows\System\BwDZGjE.exe
  C:\Windows\System\BwDZGjE.exe
  2⤵
  PID:3804
- C:\Windows\System\yuURLPG.exe
  C:\Windows\System\yuURLPG.exe
  2⤵
  PID:3820
- C:\Windows\System\lRDSSrp.exe
  C:\Windows\System\lRDSSrp.exe
  2⤵
  PID:3836
- C:\Windows\System\jlVfuSU.exe
  C:\Windows\System\jlVfuSU.exe
  2⤵
  PID:3852
- C:\Windows\System\PUQgzMh.exe
  C:\Windows\System\PUQgzMh.exe
  2⤵
  PID:3868
- C:\Windows\System\GwNyEox.exe
  C:\Windows\System\GwNyEox.exe
  2⤵
  PID:3884
- C:\Windows\System\wqBMrWA.exe
  C:\Windows\System\wqBMrWA.exe
  2⤵
  PID:3900
- C:\Windows\System\XIJQDyu.exe
  C:\Windows\System\XIJQDyu.exe
  2⤵
  PID:3916
- C:\Windows\System\leHttvH.exe
  C:\Windows\System\leHttvH.exe
  2⤵
  PID:3932
- C:\Windows\System\rLmCyeV.exe
  C:\Windows\System\rLmCyeV.exe
  2⤵
  PID:3948
- C:\Windows\System\WlhBZSJ.exe
  C:\Windows\System\WlhBZSJ.exe
  2⤵
  PID:3964
- C:\Windows\System\lerrxRK.exe
  C:\Windows\System\lerrxRK.exe
  2⤵
  PID:3980
- C:\Windows\System\pehBSDs.exe
  C:\Windows\System\pehBSDs.exe
  2⤵
  PID:3996
- C:\Windows\System\dpoKfAf.exe
  C:\Windows\System\dpoKfAf.exe
  2⤵
  PID:4012
- C:\Windows\System\vyqJzBz.exe
  C:\Windows\System\vyqJzBz.exe
  2⤵
  PID:4028
- C:\Windows\System\tRxysgH.exe
  C:\Windows\System\tRxysgH.exe
  2⤵
  PID:4044
- C:\Windows\System\BYQOTWw.exe
  C:\Windows\System\BYQOTWw.exe
  2⤵
  PID:4060
- C:\Windows\System\WGSOrHY.exe
  C:\Windows\System\WGSOrHY.exe
  2⤵
  PID:4080
- C:\Windows\System\BQqaPkL.exe
  C:\Windows\System\BQqaPkL.exe
  2⤵
  PID:2364
- C:\Windows\System\YOkiKWt.exe
  C:\Windows\System\YOkiKWt.exe
  2⤵
  PID:2508
- C:\Windows\System\qtTwQip.exe
  C:\Windows\System\qtTwQip.exe
  2⤵
  PID:1824
- C:\Windows\System\miVYyQQ.exe
  C:\Windows\System\miVYyQQ.exe
  2⤵
  PID:2140
- C:\Windows\System\ugolAPF.exe
  C:\Windows\System\ugolAPF.exe
  2⤵
  PID:2300
- C:\Windows\System\rHvCNlP.exe
  C:\Windows\System\rHvCNlP.exe
  2⤵
  PID:1976
- C:\Windows\System\qvetWOW.exe
  C:\Windows\System\qvetWOW.exe
  2⤵
  PID:2424
- C:\Windows\System\ePnuyPB.exe
  C:\Windows\System\ePnuyPB.exe
  2⤵
  PID:2704
- C:\Windows\System\AVZqMgO.exe
  C:\Windows\System\AVZqMgO.exe
  2⤵
  PID:2752
- C:\Windows\System\rrioeqx.exe
  C:\Windows\System\rrioeqx.exe
  2⤵
  PID:2680
- C:\Windows\System\jCOJwYw.exe
  C:\Windows\System\jCOJwYw.exe
  2⤵
  PID:848
- C:\Windows\System\ReKlVXx.exe
  C:\Windows\System\ReKlVXx.exe
  2⤵
  PID:544
- C:\Windows\System\znFknZK.exe
  C:\Windows\System\znFknZK.exe
  2⤵
  PID:264
- C:\Windows\System\jVtzItJ.exe
  C:\Windows\System\jVtzItJ.exe
  2⤵
  PID:3092
- C:\Windows\System\AKOagcT.exe
  C:\Windows\System\AKOagcT.exe
  2⤵
  PID:3124
- C:\Windows\System\eYkKwBy.exe
  C:\Windows\System\eYkKwBy.exe
  2⤵
  PID:3156
- C:\Windows\System\eMKLsIJ.exe
  C:\Windows\System\eMKLsIJ.exe
  2⤵
  PID:3188
- C:\Windows\System\VJuwuDE.exe
  C:\Windows\System\VJuwuDE.exe
  2⤵
  PID:3236
- C:\Windows\System\ZRkAiHD.exe
  C:\Windows\System\ZRkAiHD.exe
  2⤵
  PID:3252
- C:\Windows\System\pnBVtYa.exe
  C:\Windows\System\pnBVtYa.exe
  2⤵
  PID:3284
- C:\Windows\System\WoowGmc.exe
  C:\Windows\System\WoowGmc.exe
  2⤵
  PID:3288
- C:\Windows\System\ZMUDioO.exe
  C:\Windows\System\ZMUDioO.exe
  2⤵
  PID:3320
- C:\Windows\System\KVFXgll.exe
  C:\Windows\System\KVFXgll.exe
  2⤵
  PID:3396
- C:\Windows\System\pMToazE.exe
  C:\Windows\System\pMToazE.exe
  2⤵
  PID:3428
- C:\Windows\System\uZZpMGR.exe
  C:\Windows\System\uZZpMGR.exe
  2⤵
  PID:3460
- C:\Windows\System\LditPed.exe
  C:\Windows\System\LditPed.exe
  2⤵
  PID:3492
- C:\Windows\System\HclDeQi.exe
  C:\Windows\System\HclDeQi.exe
  2⤵
  PID:3508
- C:\Windows\System\lDZrRhW.exe
  C:\Windows\System\lDZrRhW.exe
  2⤵
  PID:3556
- C:\Windows\System\DMJtWqx.exe
  C:\Windows\System\DMJtWqx.exe
  2⤵
  PID:3588
- C:\Windows\System\DEABdBE.exe
  C:\Windows\System\DEABdBE.exe
  2⤵
  PID:3576
- C:\Windows\System\ysgdRrs.exe
  C:\Windows\System\ysgdRrs.exe
  2⤵
  PID:3652
- C:\Windows\System\oTUFoCS.exe
  C:\Windows\System\oTUFoCS.exe
  2⤵
  PID:3668
- C:\Windows\System\ISqOhZj.exe
  C:\Windows\System\ISqOhZj.exe
  2⤵
  PID:3700
- C:\Windows\System\BOqJcMK.exe
  C:\Windows\System\BOqJcMK.exe
  2⤵
  PID:3732
- C:\Windows\System\uklcYYi.exe
  C:\Windows\System\uklcYYi.exe
  2⤵
  PID:3764
- C:\Windows\System\VurweTp.exe
  C:\Windows\System\VurweTp.exe
  2⤵
  PID:3812
- C:\Windows\System\nvjIBaC.exe
  C:\Windows\System\nvjIBaC.exe
  2⤵
  PID:3844
- C:\Windows\System\CDAlfBO.exe
  C:\Windows\System\CDAlfBO.exe
  2⤵
  PID:3876
- C:\Windows\System\TkuxzDK.exe
  C:\Windows\System\TkuxzDK.exe
  2⤵
  PID:3892
- C:\Windows\System\LLMRkwI.exe
  C:\Windows\System\LLMRkwI.exe
  2⤵
  PID:3924
- C:\Windows\System\CbqDsKn.exe
  C:\Windows\System\CbqDsKn.exe
  2⤵
  PID:3956
- C:\Windows\System\XJBTrux.exe
  C:\Windows\System\XJBTrux.exe
  2⤵
  PID:3988
- C:\Windows\System\jbcVjVc.exe
  C:\Windows\System\jbcVjVc.exe
  2⤵
  PID:4020
- C:\Windows\System\YelQgIW.exe
  C:\Windows\System\YelQgIW.exe
  2⤵
  PID:4076
- C:\Windows\System\hPCAfRf.exe
  C:\Windows\System\hPCAfRf.exe
  2⤵
  PID:4088
- C:\Windows\System\jpGwavT.exe
  C:\Windows\System\jpGwavT.exe
  2⤵
  PID:4092
- C:\Windows\System\TvRnGMn.exe
  C:\Windows\System\TvRnGMn.exe
  2⤵
  PID:1312
- C:\Windows\System\MIzNsLF.exe
  C:\Windows\System\MIzNsLF.exe
  2⤵
  PID:2484
- C:\Windows\System\XVvbzxO.exe
  C:\Windows\System\XVvbzxO.exe
  2⤵
  PID:2676
- C:\Windows\System\TFiCUOT.exe
  C:\Windows\System\TFiCUOT.exe
  2⤵
  PID:3080
- C:\Windows\System\SRLkEfG.exe
  C:\Windows\System\SRLkEfG.exe
  2⤵
  PID:3128
- C:\Windows\System\jrRpKrw.exe
  C:\Windows\System\jrRpKrw.exe
  2⤵
  PID:2712
- C:\Windows\System\XyAjata.exe
  C:\Windows\System\XyAjata.exe
  2⤵
  PID:3160
- C:\Windows\System\pJYHfev.exe
  C:\Windows\System\pJYHfev.exe
  2⤵
  PID:3224
- C:\Windows\System\KDNsagj.exe
  C:\Windows\System\KDNsagj.exe
  2⤵
  PID:3336
- C:\Windows\System\DRuiwod.exe
  C:\Windows\System\DRuiwod.exe
  2⤵
  PID:3348
- C:\Windows\System\GxMhqUw.exe
  C:\Windows\System\GxMhqUw.exe
  2⤵
  PID:3448
- C:\Windows\System\gmPmYTj.exe
  C:\Windows\System\gmPmYTj.exe
  2⤵
  PID:3512
- C:\Windows\System\UQsOxxP.exe
  C:\Windows\System\UQsOxxP.exe
  2⤵
  PID:3560
- C:\Windows\System\vEgjUAL.exe
  C:\Windows\System\vEgjUAL.exe
  2⤵
  PID:3604
- C:\Windows\System\gDOuSSW.exe
  C:\Windows\System\gDOuSSW.exe
  2⤵
  PID:3672
- C:\Windows\System\iOzYYaA.exe
  C:\Windows\System\iOzYYaA.exe
  2⤵
  PID:3768
- C:\Windows\System\BpxrVkX.exe
  C:\Windows\System\BpxrVkX.exe
  2⤵
  PID:3832
- C:\Windows\System\JZfbVju.exe
  C:\Windows\System\JZfbVju.exe
  2⤵
  PID:3864
- C:\Windows\System\xnuXisg.exe
  C:\Windows\System\xnuXisg.exe
  2⤵
  PID:3928
- C:\Windows\System\KMlTOqj.exe
  C:\Windows\System\KMlTOqj.exe
  2⤵
  PID:4004
- C:\Windows\System\wIhaNmi.exe
  C:\Windows\System\wIhaNmi.exe
  2⤵
  PID:4052
- C:\Windows\System\ZRQjvtv.exe
  C:\Windows\System\ZRQjvtv.exe
  2⤵
  PID:2152
- C:\Windows\System\OwFpRtq.exe
  C:\Windows\System\OwFpRtq.exe
  2⤵
  PID:4104
- C:\Windows\System\bfNwvvU.exe
  C:\Windows\System\bfNwvvU.exe
  2⤵
  PID:4120
- C:\Windows\System\PHyaEfj.exe
  C:\Windows\System\PHyaEfj.exe
  2⤵
  PID:4136
- C:\Windows\System\yBsGFPY.exe
  C:\Windows\System\yBsGFPY.exe
  2⤵
  PID:4152
- C:\Windows\System\TZUOwBG.exe
  C:\Windows\System\TZUOwBG.exe
  2⤵
  PID:4168
- C:\Windows\System\iiqqlgD.exe
  C:\Windows\System\iiqqlgD.exe
  2⤵
  PID:4184
- C:\Windows\System\XhQYEgd.exe
  C:\Windows\System\XhQYEgd.exe
  2⤵
  PID:4200
- C:\Windows\System\nPRMPEY.exe
  C:\Windows\System\nPRMPEY.exe
  2⤵
  PID:4216
- C:\Windows\System\vugPCOx.exe
  C:\Windows\System\vugPCOx.exe
  2⤵
  PID:4232
- C:\Windows\System\eantcFe.exe
  C:\Windows\System\eantcFe.exe
  2⤵
  PID:4248
- C:\Windows\System\MAgIOKn.exe
  C:\Windows\System\MAgIOKn.exe
  2⤵
  PID:4264
- C:\Windows\System\YmpaDuw.exe
  C:\Windows\System\YmpaDuw.exe
  2⤵
  PID:4280
- C:\Windows\System\xdXmPyy.exe
  C:\Windows\System\xdXmPyy.exe
  2⤵
  PID:4296
- C:\Windows\System\bCRArIx.exe
  C:\Windows\System\bCRArIx.exe
  2⤵
  PID:4312
- C:\Windows\System\HPTCzIm.exe
  C:\Windows\System\HPTCzIm.exe
  2⤵
  PID:4332
- C:\Windows\System\gTJFOpn.exe
  C:\Windows\System\gTJFOpn.exe
  2⤵
  PID:4348
- C:\Windows\System\FnGHixq.exe
  C:\Windows\System\FnGHixq.exe
  2⤵
  PID:4364
- C:\Windows\System\txmTZxI.exe
  C:\Windows\System\txmTZxI.exe
  2⤵
  PID:4380
- C:\Windows\System\jdUkWlv.exe
  C:\Windows\System\jdUkWlv.exe
  2⤵
  PID:4396
- C:\Windows\System\jDTpzTW.exe
  C:\Windows\System\jDTpzTW.exe
  2⤵
  PID:4412
- C:\Windows\System\BbCfRcz.exe
  C:\Windows\System\BbCfRcz.exe
  2⤵
  PID:4428
- C:\Windows\System\PVVMwsW.exe
  C:\Windows\System\PVVMwsW.exe
  2⤵
  PID:4444
- C:\Windows\System\ihvoCmQ.exe
  C:\Windows\System\ihvoCmQ.exe
  2⤵
  PID:4460
- C:\Windows\System\aYjjuot.exe
  C:\Windows\System\aYjjuot.exe
  2⤵
  PID:4476
- C:\Windows\System\CKdHVxW.exe
  C:\Windows\System\CKdHVxW.exe
  2⤵
  PID:4492
- C:\Windows\System\PbMKKBz.exe
  C:\Windows\System\PbMKKBz.exe
  2⤵
  PID:4508
- C:\Windows\System\vJAkJyw.exe
  C:\Windows\System\vJAkJyw.exe
  2⤵
  PID:4524
- C:\Windows\System\jhstsGU.exe
  C:\Windows\System\jhstsGU.exe
  2⤵
  PID:4540
- C:\Windows\System\KZpomVw.exe
  C:\Windows\System\KZpomVw.exe
  2⤵
  PID:4556
- C:\Windows\System\RgALQpG.exe
  C:\Windows\System\RgALQpG.exe
  2⤵
  PID:4572
- C:\Windows\System\aUMIQGt.exe
  C:\Windows\System\aUMIQGt.exe
  2⤵
  PID:4588
- C:\Windows\System\BVCoNQM.exe
  C:\Windows\System\BVCoNQM.exe
  2⤵
  PID:4604
- C:\Windows\System\ETvAvsf.exe
  C:\Windows\System\ETvAvsf.exe
  2⤵
  PID:4620
- C:\Windows\System\XjlgnzD.exe
  C:\Windows\System\XjlgnzD.exe
  2⤵
  PID:4636
- C:\Windows\System\ceXVazi.exe
  C:\Windows\System\ceXVazi.exe
  2⤵
  PID:4652
- C:\Windows\System\ahSuSqU.exe
  C:\Windows\System\ahSuSqU.exe
  2⤵
  PID:4668
- C:\Windows\System\YYThQqa.exe
  C:\Windows\System\YYThQqa.exe
  2⤵
  PID:4684
- C:\Windows\System\mfBFQhz.exe
  C:\Windows\System\mfBFQhz.exe
  2⤵
  PID:4700
- C:\Windows\System\fNZKNRh.exe
  C:\Windows\System\fNZKNRh.exe
  2⤵
  PID:4716
- C:\Windows\System\SNVKbMf.exe
  C:\Windows\System\SNVKbMf.exe
  2⤵
  PID:4732
- C:\Windows\System\rnqBoEY.exe
  C:\Windows\System\rnqBoEY.exe
  2⤵
  PID:4748
- C:\Windows\System\RMJMOKj.exe
  C:\Windows\System\RMJMOKj.exe
  2⤵
  PID:4764
- C:\Windows\System\PSnGifo.exe
  C:\Windows\System\PSnGifo.exe
  2⤵
  PID:4780
- C:\Windows\System\iFjcMtr.exe
  C:\Windows\System\iFjcMtr.exe
  2⤵
  PID:4796
- C:\Windows\System\EqUilxl.exe
  C:\Windows\System\EqUilxl.exe
  2⤵
  PID:4812
- C:\Windows\System\QbeMwiB.exe
  C:\Windows\System\QbeMwiB.exe
  2⤵
  PID:4828
- C:\Windows\System\rogrJiX.exe
  C:\Windows\System\rogrJiX.exe
  2⤵
  PID:4844
- C:\Windows\System\HOtuCxF.exe
  C:\Windows\System\HOtuCxF.exe
  2⤵
  PID:4860
- C:\Windows\System\rQFWQAA.exe
  C:\Windows\System\rQFWQAA.exe
  2⤵
  PID:4876
- C:\Windows\System\aqmEXcS.exe
  C:\Windows\System\aqmEXcS.exe
  2⤵
  PID:4892
- C:\Windows\System\BpXYAMY.exe
  C:\Windows\System\BpXYAMY.exe
  2⤵
  PID:4908
- C:\Windows\System\VRrJotK.exe
  C:\Windows\System\VRrJotK.exe
  2⤵
  PID:4924
- C:\Windows\System\dhehrVx.exe
  C:\Windows\System\dhehrVx.exe
  2⤵
  PID:4940
- C:\Windows\System\JVVtSQw.exe
  C:\Windows\System\JVVtSQw.exe
  2⤵
  PID:4956
- C:\Windows\System\mwaTauJ.exe
  C:\Windows\System\mwaTauJ.exe
  2⤵
  PID:4972
- C:\Windows\System\rjNOmmd.exe
  C:\Windows\System\rjNOmmd.exe
  2⤵
  PID:4988
- C:\Windows\System\ymXWtMV.exe
  C:\Windows\System\ymXWtMV.exe
  2⤵
  PID:5004
- C:\Windows\System\KEwTOum.exe
  C:\Windows\System\KEwTOum.exe
  2⤵
  PID:5020
- C:\Windows\System\HHOqPRb.exe
  C:\Windows\System\HHOqPRb.exe
  2⤵
  PID:5036
- C:\Windows\System\FyRnCPr.exe
  C:\Windows\System\FyRnCPr.exe
  2⤵
  PID:5052
- C:\Windows\System\szlhyBK.exe
  C:\Windows\System\szlhyBK.exe
  2⤵
  PID:5068
- C:\Windows\System\YvUiNSi.exe
  C:\Windows\System\YvUiNSi.exe
  2⤵
  PID:5084
- C:\Windows\System\KFFbsVK.exe
  C:\Windows\System\KFFbsVK.exe
  2⤵
  PID:5100
- C:\Windows\System\fPOnlAk.exe
  C:\Windows\System\fPOnlAk.exe
  2⤵
  PID:5116
- C:\Windows\System\TXUBobP.exe
  C:\Windows\System\TXUBobP.exe
  2⤵
  PID:2688
- C:\Windows\System\NvywOHS.exe
  C:\Windows\System\NvywOHS.exe
  2⤵
  PID:2272
- C:\Windows\System\vWJUbLf.exe
  C:\Windows\System\vWJUbLf.exe
  2⤵
  PID:3192
- C:\Windows\System\oAvMuiW.exe
  C:\Windows\System\oAvMuiW.exe
  2⤵
  PID:3332
- C:\Windows\System\wFbyMAT.exe
  C:\Windows\System\wFbyMAT.exe
  2⤵
  PID:3412
- C:\Windows\System\mjoQLPd.exe
  C:\Windows\System\mjoQLPd.exe
  2⤵
  PID:3528
- C:\Windows\System\LtXZmBG.exe
  C:\Windows\System\LtXZmBG.exe
  2⤵
  PID:3608
- C:\Windows\System\EUPZSfg.exe
  C:\Windows\System\EUPZSfg.exe
  2⤵
  PID:3784
- C:\Windows\System\bmFVfTA.exe
  C:\Windows\System\bmFVfTA.exe
  2⤵
  PID:3912
- C:\Windows\System\gHlUEHF.exe
  C:\Windows\System\gHlUEHF.exe
  2⤵
  PID:4056
- C:\Windows\System\pTxYZix.exe
  C:\Windows\System\pTxYZix.exe
  2⤵
  PID:4100
- C:\Windows\System\jxQsfru.exe
  C:\Windows\System\jxQsfru.exe
  2⤵
  PID:4148
- C:\Windows\System\QtPdfMa.exe
  C:\Windows\System\QtPdfMa.exe
  2⤵
  PID:4180
- C:\Windows\System\qRRYKyF.exe
  C:\Windows\System\qRRYKyF.exe
  2⤵
  PID:4196
- C:\Windows\System\aogjzFh.exe
  C:\Windows\System\aogjzFh.exe
  2⤵
  PID:4228
- C:\Windows\System\tGQDIXt.exe
  C:\Windows\System\tGQDIXt.exe
  2⤵
  PID:4260
- C:\Windows\System\VAlRSMM.exe
  C:\Windows\System\VAlRSMM.exe
  2⤵
  PID:4292
- C:\Windows\System\XugXPov.exe
  C:\Windows\System\XugXPov.exe
  2⤵
  PID:4324
- C:\Windows\System\eoAXEbT.exe
  C:\Windows\System\eoAXEbT.exe
  2⤵
  PID:4360
- C:\Windows\System\jsSeDzM.exe
  C:\Windows\System\jsSeDzM.exe
  2⤵
  PID:4408
- C:\Windows\System\PJSuzfj.exe
  C:\Windows\System\PJSuzfj.exe
  2⤵
  PID:4420
- C:\Windows\System\MjVifNX.exe
  C:\Windows\System\MjVifNX.exe
  2⤵
  PID:4472
- C:\Windows\System\BJkIMfW.exe
  C:\Windows\System\BJkIMfW.exe
  2⤵
  PID:4488
- C:\Windows\System\CBlIguO.exe
  C:\Windows\System\CBlIguO.exe
  2⤵
  PID:4520
- C:\Windows\System\iaoNnJH.exe
  C:\Windows\System\iaoNnJH.exe
  2⤵
  PID:4568
- C:\Windows\System\qvvbnYc.exe
  C:\Windows\System\qvvbnYc.exe
  2⤵
  PID:4600
- C:\Windows\System\LfZHWgR.exe
  C:\Windows\System\LfZHWgR.exe
  2⤵
  PID:4632
- C:\Windows\System\bKNtWOl.exe
  C:\Windows\System\bKNtWOl.exe
  2⤵
  PID:4664
- C:\Windows\System\GldXwIH.exe
  C:\Windows\System\GldXwIH.exe
  2⤵
  PID:4696
- C:\Windows\System\CdEcenm.exe
  C:\Windows\System\CdEcenm.exe
  2⤵
  PID:4728
- C:\Windows\System\zeMvyzH.exe
  C:\Windows\System\zeMvyzH.exe
  2⤵
  PID:4744
- C:\Windows\System\YToMRpR.exe
  C:\Windows\System\YToMRpR.exe
  2⤵
  PID:4776
- C:\Windows\System\lsQXIqH.exe
  C:\Windows\System\lsQXIqH.exe
  2⤵
  PID:4824
- C:\Windows\System\rjGwYEu.exe
  C:\Windows\System\rjGwYEu.exe
  2⤵
  PID:4856
- C:\Windows\System\LYAOBeF.exe
  C:\Windows\System\LYAOBeF.exe
  2⤵
  PID:4888
- C:\Windows\System\FitGqkI.exe
  C:\Windows\System\FitGqkI.exe
  2⤵
  PID:4920
- C:\Windows\System\ZarthUO.exe
  C:\Windows\System\ZarthUO.exe
  2⤵
  PID:4952
- C:\Windows\System\GHuyTzB.exe
  C:\Windows\System\GHuyTzB.exe
  2⤵
  PID:4984
- C:\Windows\System\zZDbNKR.exe
  C:\Windows\System\zZDbNKR.exe
  2⤵
  PID:5000
- C:\Windows\System\iMtCyOX.exe
  C:\Windows\System\iMtCyOX.exe
  2⤵
  PID:5048
- C:\Windows\System\NcMEVPw.exe
  C:\Windows\System\NcMEVPw.exe
  2⤵
  PID:5080
- C:\Windows\System\bEZifwM.exe
  C:\Windows\System\bEZifwM.exe
  2⤵
  PID:5112
- C:\Windows\System\GFgXTAT.exe
  C:\Windows\System\GFgXTAT.exe
  2⤵
  PID:3108
- C:\Windows\System\dnAfOyx.exe
  C:\Windows\System\dnAfOyx.exe
  2⤵
  PID:3272
- C:\Windows\System\kjAzTDl.exe
  C:\Windows\System\kjAzTDl.exe
  2⤵
  PID:3480
- C:\Windows\System\JQCdSdv.exe
  C:\Windows\System\JQCdSdv.exe
  2⤵
  PID:3800
- C:\Windows\System\waqiwBD.exe
  C:\Windows\System\waqiwBD.exe
  2⤵
  PID:4008
- C:\Windows\System\mKkgqMs.exe
  C:\Windows\System\mKkgqMs.exe
  2⤵
  PID:4128
- C:\Windows\System\LEfwMrJ.exe
  C:\Windows\System\LEfwMrJ.exe
  2⤵
  PID:4192
- C:\Windows\System\RwgJEZa.exe
  C:\Windows\System\RwgJEZa.exe
  2⤵
  PID:4240
- C:\Windows\System\UrIVupK.exe
  C:\Windows\System\UrIVupK.exe
  2⤵
  PID:4340
- C:\Windows\System\OHOnPPl.exe
  C:\Windows\System\OHOnPPl.exe
  2⤵
  PID:4372
- C:\Windows\System\HVxnVHU.exe
  C:\Windows\System\HVxnVHU.exe
  2⤵
  PID:4440
- C:\Windows\System\xewirCF.exe
  C:\Windows\System\xewirCF.exe
  2⤵
  PID:4516
- C:\Windows\System\CblDdke.exe
  C:\Windows\System\CblDdke.exe
  2⤵
  PID:2748
- C:\Windows\System\WmJCkTl.exe
  C:\Windows\System\WmJCkTl.exe
  2⤵
  PID:4648
- C:\Windows\System\UXeNaRE.exe
  C:\Windows\System\UXeNaRE.exe
  2⤵
  PID:4692
- C:\Windows\System\kdlLfwW.exe
  C:\Windows\System\kdlLfwW.exe
  2⤵
  PID:4792
- C:\Windows\System\AlWmTwh.exe
  C:\Windows\System\AlWmTwh.exe
  2⤵
  PID:4804
- C:\Windows\System\xdKHiDU.exe
  C:\Windows\System\xdKHiDU.exe
  2⤵
  PID:4900
- C:\Windows\System\WXUhuBh.exe
  C:\Windows\System\WXUhuBh.exe
  2⤵
  PID:4936
- C:\Windows\System\YxIlSqk.exe
  C:\Windows\System\YxIlSqk.exe
  2⤵
  PID:5044
- C:\Windows\System\lgmjasr.exe
  C:\Windows\System\lgmjasr.exe
  2⤵
  PID:5096
- C:\Windows\System\LZcMnVG.exe
  C:\Windows\System\LZcMnVG.exe
  2⤵
  PID:3064
- C:\Windows\System\gPAXKtP.exe
  C:\Windows\System\gPAXKtP.exe
  2⤵
  PID:3688
- C:\Windows\System\rHPVRpK.exe
  C:\Windows\System\rHPVRpK.exe
  2⤵
  PID:5136
- C:\Windows\System\aywgztE.exe
  C:\Windows\System\aywgztE.exe
  2⤵
  PID:5152
- C:\Windows\System\amQieuX.exe
  C:\Windows\System\amQieuX.exe
  2⤵
  PID:5168
- C:\Windows\System\sVtgtNq.exe
  C:\Windows\System\sVtgtNq.exe
  2⤵
  PID:5184
- C:\Windows\System\GjYoPyz.exe
  C:\Windows\System\GjYoPyz.exe
  2⤵
  PID:5200
- C:\Windows\System\rdVZUJW.exe
  C:\Windows\System\rdVZUJW.exe
  2⤵
  PID:5216
- C:\Windows\System\vppzOwe.exe
  C:\Windows\System\vppzOwe.exe
  2⤵
  PID:5232
- C:\Windows\System\PNLqroa.exe
  C:\Windows\System\PNLqroa.exe
  2⤵
  PID:5248
- C:\Windows\System\ZJyktUh.exe
  C:\Windows\System\ZJyktUh.exe
  2⤵
  PID:5264
- C:\Windows\System\OjbhoNI.exe
  C:\Windows\System\OjbhoNI.exe
  2⤵
  PID:5280
- C:\Windows\System\azIyfQg.exe
  C:\Windows\System\azIyfQg.exe
  2⤵
  PID:5296
- C:\Windows\System\BujCMPz.exe
  C:\Windows\System\BujCMPz.exe
  2⤵
  PID:5312
- C:\Windows\System\ZWyOkEJ.exe
  C:\Windows\System\ZWyOkEJ.exe
  2⤵
  PID:5328
- C:\Windows\System\tWTXhnf.exe
  C:\Windows\System\tWTXhnf.exe
  2⤵
  PID:5344
- C:\Windows\System\xCHlyUk.exe
  C:\Windows\System\xCHlyUk.exe
  2⤵
  PID:5360
- C:\Windows\System\JcWXfnF.exe
  C:\Windows\System\JcWXfnF.exe
  2⤵
  PID:5376
- C:\Windows\System\wHCqvKI.exe
  C:\Windows\System\wHCqvKI.exe
  2⤵
  PID:5392
- C:\Windows\System\TwuTjwJ.exe
  C:\Windows\System\TwuTjwJ.exe
  2⤵
  PID:5408
- C:\Windows\System\HDehJHJ.exe
  C:\Windows\System\HDehJHJ.exe
  2⤵
  PID:5428
- C:\Windows\System\YrOKJJE.exe
  C:\Windows\System\YrOKJJE.exe
  2⤵
  PID:5444
- C:\Windows\System\pSbspnD.exe
  C:\Windows\System\pSbspnD.exe
  2⤵
  PID:5460
- C:\Windows\System\kStjFNT.exe
  C:\Windows\System\kStjFNT.exe
  2⤵
  PID:5476
- C:\Windows\System\wTDKnaw.exe
  C:\Windows\System\wTDKnaw.exe
  2⤵
  PID:5492
- C:\Windows\System\PRrBrMf.exe
  C:\Windows\System\PRrBrMf.exe
  2⤵
  PID:5508
- C:\Windows\System\jqidCBv.exe
  C:\Windows\System\jqidCBv.exe
  2⤵
  PID:5524
- C:\Windows\System\taxzssc.exe
  C:\Windows\System\taxzssc.exe
  2⤵
  PID:5540
- C:\Windows\System\DwQIvWB.exe
  C:\Windows\System\DwQIvWB.exe
  2⤵
  PID:5556
- C:\Windows\System\ptrvHFQ.exe
  C:\Windows\System\ptrvHFQ.exe
  2⤵
  PID:5572
- C:\Windows\System\oEppeBK.exe
  C:\Windows\System\oEppeBK.exe
  2⤵
  PID:5588
- C:\Windows\System\hqaFjUV.exe
  C:\Windows\System\hqaFjUV.exe
  2⤵
  PID:5604
- C:\Windows\System\uyWSOnQ.exe
  C:\Windows\System\uyWSOnQ.exe
  2⤵
  PID:5620
- C:\Windows\System\aQsSUcX.exe
  C:\Windows\System\aQsSUcX.exe
  2⤵
  PID:5636
- C:\Windows\System\hzTGZXW.exe
  C:\Windows\System\hzTGZXW.exe
  2⤵
  PID:5652
- C:\Windows\System\lOVYBfI.exe
  C:\Windows\System\lOVYBfI.exe
  2⤵
  PID:5668
- C:\Windows\System\JNrFJST.exe
  C:\Windows\System\JNrFJST.exe
  2⤵
  PID:5684
- C:\Windows\System\sdHFaJM.exe
  C:\Windows\System\sdHFaJM.exe
  2⤵
  PID:5700
- C:\Windows\System\yNEagKK.exe
  C:\Windows\System\yNEagKK.exe
  2⤵
  PID:5716
- C:\Windows\System\UHMzLvF.exe
  C:\Windows\System\UHMzLvF.exe
  2⤵
  PID:5732
- C:\Windows\System\oXxSyWM.exe
  C:\Windows\System\oXxSyWM.exe
  2⤵
  PID:5748
- C:\Windows\System\IAPikvd.exe
  C:\Windows\System\IAPikvd.exe
  2⤵
  PID:5764
- C:\Windows\System\vPMgwfL.exe
  C:\Windows\System\vPMgwfL.exe
  2⤵
  PID:5780
- C:\Windows\System\YcpsxsP.exe
  C:\Windows\System\YcpsxsP.exe
  2⤵
  PID:5796
- C:\Windows\System\posAejL.exe
  C:\Windows\System\posAejL.exe
  2⤵
  PID:5812
- C:\Windows\System\PUcsizX.exe
  C:\Windows\System\PUcsizX.exe
  2⤵
  PID:5828
- C:\Windows\System\rKxFDNZ.exe
  C:\Windows\System\rKxFDNZ.exe
  2⤵
  PID:5844
- C:\Windows\System\lFJPCZL.exe
  C:\Windows\System\lFJPCZL.exe
  2⤵
  PID:5860
- C:\Windows\System\zpbbKqE.exe
  C:\Windows\System\zpbbKqE.exe
  2⤵
  PID:5876
- C:\Windows\System\YiPubKi.exe
  C:\Windows\System\YiPubKi.exe
  2⤵
  PID:5892
- C:\Windows\System\HNKIuTk.exe
  C:\Windows\System\HNKIuTk.exe
  2⤵
  PID:5908
- C:\Windows\System\IxEcxIu.exe
  C:\Windows\System\IxEcxIu.exe
  2⤵
  PID:5924
- C:\Windows\System\dMjoNpV.exe
  C:\Windows\System\dMjoNpV.exe
  2⤵
  PID:5940
- C:\Windows\System\rNDFjAw.exe
  C:\Windows\System\rNDFjAw.exe
  2⤵
  PID:5956
- C:\Windows\System\nNNbyIp.exe
  C:\Windows\System\nNNbyIp.exe
  2⤵
  PID:5972
- C:\Windows\System\mXtJkmb.exe
  C:\Windows\System\mXtJkmb.exe
  2⤵
  PID:5988
- C:\Windows\System\bKYuHGq.exe
  C:\Windows\System\bKYuHGq.exe
  2⤵
  PID:6004
- C:\Windows\System\DKvDiaK.exe
  C:\Windows\System\DKvDiaK.exe
  2⤵
  PID:6020
- C:\Windows\System\UiyASgz.exe
  C:\Windows\System\UiyASgz.exe
  2⤵
  PID:6036
- C:\Windows\System\TYODyRN.exe
  C:\Windows\System\TYODyRN.exe
  2⤵
  PID:6052
- C:\Windows\System\mqnBdgF.exe
  C:\Windows\System\mqnBdgF.exe
  2⤵
  PID:6068
- C:\Windows\System\GLvpnbm.exe
  C:\Windows\System\GLvpnbm.exe
  2⤵
  PID:6084
- C:\Windows\System\bNebqiB.exe
  C:\Windows\System\bNebqiB.exe
  2⤵
  PID:6100
- C:\Windows\System\lZhDOkq.exe
  C:\Windows\System\lZhDOkq.exe
  2⤵
  PID:6116
- C:\Windows\System\CYCaCBB.exe
  C:\Windows\System\CYCaCBB.exe
  2⤵
  PID:6132
- C:\Windows\System\KazlrTX.exe
  C:\Windows\System\KazlrTX.exe
  2⤵
  PID:3944
- C:\Windows\System\CnzvRpf.exe
  C:\Windows\System\CnzvRpf.exe
  2⤵
  PID:4272
- C:\Windows\System\AGnVHBC.exe
  C:\Windows\System\AGnVHBC.exe
  2⤵
  PID:4388
- C:\Windows\System\gCurobs.exe
  C:\Windows\System\gCurobs.exe
  2⤵
  PID:4452
- C:\Windows\System\rNHfLUP.exe
  C:\Windows\System\rNHfLUP.exe
  2⤵
  PID:4612
- C:\Windows\System\uwdHSwo.exe
  C:\Windows\System\uwdHSwo.exe
  2⤵
  PID:4756
- C:\Windows\System\kmgpYCy.exe
  C:\Windows\System\kmgpYCy.exe
  2⤵
  PID:2944
- C:\Windows\System\lumGagC.exe
  C:\Windows\System\lumGagC.exe
  2⤵
  PID:4884
- C:\Windows\System\xmIShCc.exe
  C:\Windows\System\xmIShCc.exe
  2⤵
  PID:4980
- C:\Windows\System\QbmOjuz.exe
  C:\Windows\System\QbmOjuz.exe
  2⤵
  PID:5108
- C:\Windows\System\pGDgIZJ.exe
  C:\Windows\System\pGDgIZJ.exe
  2⤵
  PID:3720
- C:\Windows\System\KLOEFiC.exe
  C:\Windows\System\KLOEFiC.exe
  2⤵
  PID:5144
- C:\Windows\System\FLLQloB.exe
  C:\Windows\System\FLLQloB.exe
  2⤵
  PID:5176
- C:\Windows\System\timIkKI.exe
  C:\Windows\System\timIkKI.exe
  2⤵
  PID:5208
- C:\Windows\System\xfQGSQM.exe
  C:\Windows\System\xfQGSQM.exe
  2⤵
  PID:5256
- C:\Windows\System\UJuVZrN.exe
  C:\Windows\System\UJuVZrN.exe
  2⤵
  PID:5272
- C:\Windows\System\iZNYgLu.exe
  C:\Windows\System\iZNYgLu.exe
  2⤵
  PID:5304
- C:\Windows\System\rhcBPFD.exe
  C:\Windows\System\rhcBPFD.exe
  2⤵
  PID:5336
- C:\Windows\System\fkFQSWD.exe
  C:\Windows\System\fkFQSWD.exe
  2⤵
  PID:5368
- C:\Windows\System\UYTwbbf.exe
  C:\Windows\System\UYTwbbf.exe
  2⤵
  PID:5400
- C:\Windows\System\niKrUJf.exe
  C:\Windows\System\niKrUJf.exe
  2⤵
  PID:5420
- C:\Windows\System\XorQaJb.exe
  C:\Windows\System\XorQaJb.exe
  2⤵
  PID:5456
- C:\Windows\System\duVRFXg.exe
  C:\Windows\System\duVRFXg.exe
  2⤵
  PID:5488
- C:\Windows\System\EAMmGjA.exe
  C:\Windows\System\EAMmGjA.exe
  2⤵
  PID:5520
- C:\Windows\System\VxhlCEr.exe
  C:\Windows\System\VxhlCEr.exe
  2⤵
  PID:5552
- C:\Windows\System\DGFpUUn.exe
  C:\Windows\System\DGFpUUn.exe
  2⤵
  PID:2604
- C:\Windows\System\asRhWOs.exe
  C:\Windows\System\asRhWOs.exe
  2⤵
  PID:5612
- C:\Windows\System\sQAWbTu.exe
  C:\Windows\System\sQAWbTu.exe
  2⤵
  PID:5644
- C:\Windows\System\ytaIeDG.exe
  C:\Windows\System\ytaIeDG.exe
  2⤵
  PID:5676
- C:\Windows\System\WJHUVLV.exe
  C:\Windows\System\WJHUVLV.exe
  2⤵
  PID:5708
- C:\Windows\System\PcONbGT.exe
  C:\Windows\System\PcONbGT.exe
  2⤵
  PID:5740
- C:\Windows\System\OMYtHXZ.exe
  C:\Windows\System\OMYtHXZ.exe
  2⤵
  PID:5772
- C:\Windows\System\QGdXOSX.exe
  C:\Windows\System\QGdXOSX.exe
  2⤵
  PID:5804
- C:\Windows\System\OfzEMQU.exe
  C:\Windows\System\OfzEMQU.exe
  2⤵
  PID:5836
- C:\Windows\System\WsKjdKu.exe
  C:\Windows\System\WsKjdKu.exe
  2⤵
  PID:5868
- C:\Windows\System\ydukfsO.exe
  C:\Windows\System\ydukfsO.exe
  2⤵
  PID:5888
- C:\Windows\System\GffvoXn.exe
  C:\Windows\System\GffvoXn.exe
  2⤵
  PID:5932
- C:\Windows\System\DCcJwFP.exe
  C:\Windows\System\DCcJwFP.exe
  2⤵
  PID:5964
- C:\Windows\System\RgxulHl.exe
  C:\Windows\System\RgxulHl.exe
  2⤵
  PID:5996
- C:\Windows\System\uSgMqpm.exe
  C:\Windows\System\uSgMqpm.exe
  2⤵
  PID:6012
- C:\Windows\System\kCQkGaZ.exe
  C:\Windows\System\kCQkGaZ.exe
  2⤵
  PID:6060
- C:\Windows\System\NvawWBI.exe
  C:\Windows\System\NvawWBI.exe
  2⤵
  PID:6092
- C:\Windows\System\RPGrzNZ.exe
  C:\Windows\System\RPGrzNZ.exe
  2⤵
  PID:6124
- C:\Windows\System\VfQBKYA.exe
  C:\Windows\System\VfQBKYA.exe
  2⤵
  PID:4072
- C:\Windows\System\kZXiRxO.exe
  C:\Windows\System\kZXiRxO.exe
  2⤵
  PID:4304
- C:\Windows\System\pWdkfFi.exe
  C:\Windows\System\pWdkfFi.exe
  2⤵
  PID:4548
- C:\Windows\System\AzuQCdD.exe
  C:\Windows\System\AzuQCdD.exe
  2⤵
  PID:4852
- C:\Windows\System\fdNrDaO.exe
  C:\Windows\System\fdNrDaO.exe
  2⤵
  PID:4948
- C:\Windows\System\RbUeFxn.exe
  C:\Windows\System\RbUeFxn.exe
  2⤵
  PID:3620
- C:\Windows\System\UevkIYE.exe
  C:\Windows\System\UevkIYE.exe
  2⤵
  PID:5180
- C:\Windows\System\cHVsdmU.exe
  C:\Windows\System\cHVsdmU.exe
  2⤵
  PID:5212
- C:\Windows\System\QKSNCYg.exe
  C:\Windows\System\QKSNCYg.exe
  2⤵
  PID:5288
- C:\Windows\System\WhodzPK.exe
  C:\Windows\System\WhodzPK.exe
  2⤵
  PID:5352
- C:\Windows\System\lusTANl.exe
  C:\Windows\System\lusTANl.exe
  2⤵
  PID:5416
- C:\Windows\System\iuInNsg.exe
  C:\Windows\System\iuInNsg.exe
  2⤵
  PID:5484
- C:\Windows\System\PlfQvHV.exe
  C:\Windows\System\PlfQvHV.exe
  2⤵
  PID:5548
- C:\Windows\System\DIVQMQs.exe
  C:\Windows\System\DIVQMQs.exe
  2⤵
  PID:5616
- C:\Windows\System\wAHuluS.exe
  C:\Windows\System\wAHuluS.exe
  2⤵
  PID:5648
- C:\Windows\System\dShNPgq.exe
  C:\Windows\System\dShNPgq.exe
  2⤵
  PID:5744
- C:\Windows\System\zNfWmsh.exe
  C:\Windows\System\zNfWmsh.exe
  2⤵
  PID:5776
- C:\Windows\System\dnFLsHh.exe
  C:\Windows\System\dnFLsHh.exe
  2⤵
  PID:5788
- C:\Windows\System\cvxkUOW.exe
  C:\Windows\System\cvxkUOW.exe
  2⤵
  PID:5852
- C:\Windows\System\qUipNrm.exe
  C:\Windows\System\qUipNrm.exe
  2⤵
  PID:5948
- C:\Windows\System\szwydKT.exe
  C:\Windows\System\szwydKT.exe
  2⤵
  PID:5980
- C:\Windows\System\ZDWmPCG.exe
  C:\Windows\System\ZDWmPCG.exe
  2⤵
  PID:6044
- C:\Windows\System\lYjWNzO.exe
  C:\Windows\System\lYjWNzO.exe
  2⤵
  PID:6112
- C:\Windows\System\EqtngTO.exe
  C:\Windows\System\EqtngTO.exe
  2⤵
  PID:4176
- C:\Windows\System\IwyIijF.exe
  C:\Windows\System\IwyIijF.exe
  2⤵
  PID:4680
- C:\Windows\System\pywHmNB.exe
  C:\Windows\System\pywHmNB.exe
  2⤵
  PID:5148
- C:\Windows\System\AzkuPXZ.exe
  C:\Windows\System\AzkuPXZ.exe
  2⤵
  PID:5260
- C:\Windows\System\aFQTWLW.exe
  C:\Windows\System\aFQTWLW.exe
  2⤵
  PID:5324
- C:\Windows\System\uYXzShn.exe
  C:\Windows\System\uYXzShn.exe
  2⤵
  PID:5440
- C:\Windows\System\qFJhujC.exe
  C:\Windows\System\qFJhujC.exe
  2⤵
  PID:5580
- C:\Windows\System\aIzINPK.exe
  C:\Windows\System\aIzINPK.exe
  2⤵
  PID:6156
- C:\Windows\System\nBMTVoE.exe
  C:\Windows\System\nBMTVoE.exe
  2⤵
  PID:6172
- C:\Windows\System\ahCsmzj.exe
  C:\Windows\System\ahCsmzj.exe
  2⤵
  PID:6188
- C:\Windows\System\kMurOvp.exe
  C:\Windows\System\kMurOvp.exe
  2⤵
  PID:6204
- C:\Windows\System\ezblwIb.exe
  C:\Windows\System\ezblwIb.exe
  2⤵
  PID:6220
- C:\Windows\System\uWuspCG.exe
  C:\Windows\System\uWuspCG.exe
  2⤵
  PID:6236
- C:\Windows\System\ZNQdFDI.exe
  C:\Windows\System\ZNQdFDI.exe
  2⤵
  PID:6252
- C:\Windows\System\oUZYfWS.exe
  C:\Windows\System\oUZYfWS.exe
  2⤵
  PID:6268
- C:\Windows\System\BSxRDLn.exe
  C:\Windows\System\BSxRDLn.exe
  2⤵
  PID:6284
- C:\Windows\System\ecnmuHk.exe
  C:\Windows\System\ecnmuHk.exe
  2⤵
  PID:6300
- C:\Windows\System\NMaiOHL.exe
  C:\Windows\System\NMaiOHL.exe
  2⤵
  PID:6316
- C:\Windows\System\tktKDXc.exe
  C:\Windows\System\tktKDXc.exe
  2⤵
  PID:6332
- C:\Windows\System\hkIbtar.exe
  C:\Windows\System\hkIbtar.exe
  2⤵
  PID:6348
- C:\Windows\System\mEiLbpV.exe
  C:\Windows\System\mEiLbpV.exe
  2⤵
  PID:6364
- C:\Windows\System\gFhCCje.exe
  C:\Windows\System\gFhCCje.exe
  2⤵
  PID:6380
- C:\Windows\System\HDIAsHz.exe
  C:\Windows\System\HDIAsHz.exe
  2⤵
  PID:6396
- C:\Windows\System\CmraYBx.exe
  C:\Windows\System\CmraYBx.exe
  2⤵
  PID:6412
- C:\Windows\System\JiUvpmu.exe
  C:\Windows\System\JiUvpmu.exe
  2⤵
  PID:6428
- C:\Windows\System\GyGzljG.exe
  C:\Windows\System\GyGzljG.exe
  2⤵
  PID:6444
- C:\Windows\System\yxgiqYJ.exe
  C:\Windows\System\yxgiqYJ.exe
  2⤵
  PID:6460
- C:\Windows\System\RIELrtU.exe
  C:\Windows\System\RIELrtU.exe
  2⤵
  PID:6476
- C:\Windows\System\pMAidMw.exe
  C:\Windows\System\pMAidMw.exe
  2⤵
  PID:6492
- C:\Windows\System\VbBhIKr.exe
  C:\Windows\System\VbBhIKr.exe
  2⤵
  PID:6508
- C:\Windows\System\TmrISdq.exe
  C:\Windows\System\TmrISdq.exe
  2⤵
  PID:6524
- C:\Windows\System\uwbwOgQ.exe
  C:\Windows\System\uwbwOgQ.exe
  2⤵
  PID:6540
- C:\Windows\System\SuWwPXx.exe
  C:\Windows\System\SuWwPXx.exe
  2⤵
  PID:6556
- C:\Windows\System\UQiaEqt.exe
  C:\Windows\System\UQiaEqt.exe
  2⤵
  PID:6572
- C:\Windows\System\jVmJvHE.exe
  C:\Windows\System\jVmJvHE.exe
  2⤵
  PID:6588
- C:\Windows\System\ZdOrXcQ.exe
  C:\Windows\System\ZdOrXcQ.exe
  2⤵
  PID:6604
- C:\Windows\System\beJgEER.exe
  C:\Windows\System\beJgEER.exe
  2⤵
  PID:6620
- C:\Windows\System\OuTvHlu.exe
  C:\Windows\System\OuTvHlu.exe
  2⤵
  PID:6636
- C:\Windows\System\AyDZaes.exe
  C:\Windows\System\AyDZaes.exe
  2⤵
  PID:6652
- C:\Windows\System\PbMZdBu.exe
  C:\Windows\System\PbMZdBu.exe
  2⤵
  PID:6668
- C:\Windows\System\IjOHuxk.exe
  C:\Windows\System\IjOHuxk.exe
  2⤵
  PID:6684
- C:\Windows\System\uADxQKl.exe
  C:\Windows\System\uADxQKl.exe
  2⤵
  PID:6700
- C:\Windows\System\UuGKlij.exe
  C:\Windows\System\UuGKlij.exe
  2⤵
  PID:6716
- C:\Windows\System\oVfCSOv.exe
  C:\Windows\System\oVfCSOv.exe
  2⤵
  PID:6732
- C:\Windows\System\jrBYZoK.exe
  C:\Windows\System\jrBYZoK.exe
  2⤵
  PID:6748
- C:\Windows\System\ulDwBEy.exe
  C:\Windows\System\ulDwBEy.exe
  2⤵
  PID:6764
- C:\Windows\System\PtfVFhj.exe
  C:\Windows\System\PtfVFhj.exe
  2⤵
  PID:6780
- C:\Windows\System\XgcVzTp.exe
  C:\Windows\System\XgcVzTp.exe
  2⤵
  PID:6796
- C:\Windows\System\WpwoJWD.exe
  C:\Windows\System\WpwoJWD.exe
  2⤵
  PID:6812
- C:\Windows\System\PCiMtmC.exe
  C:\Windows\System\PCiMtmC.exe
  2⤵
  PID:6828
- C:\Windows\System\bGqiich.exe
  C:\Windows\System\bGqiich.exe
  2⤵
  PID:6844
- C:\Windows\System\YdoqtXZ.exe
  C:\Windows\System\YdoqtXZ.exe
  2⤵
  PID:6860
- C:\Windows\System\bHnUgCt.exe
  C:\Windows\System\bHnUgCt.exe
  2⤵
  PID:6876
- C:\Windows\System\uVWDPae.exe
  C:\Windows\System\uVWDPae.exe
  2⤵
  PID:6892
- C:\Windows\System\HPVFVWV.exe
  C:\Windows\System\HPVFVWV.exe
  2⤵
  PID:6908
- C:\Windows\System\pOjxVKz.exe
  C:\Windows\System\pOjxVKz.exe
  2⤵
  PID:6924
- C:\Windows\System\KoMUkNZ.exe
  C:\Windows\System\KoMUkNZ.exe
  2⤵
  PID:6940
- C:\Windows\System\hXMHFNR.exe
  C:\Windows\System\hXMHFNR.exe
  2⤵
  PID:6956
- C:\Windows\System\arvqGVu.exe
  C:\Windows\System\arvqGVu.exe
  2⤵
  PID:6972
- C:\Windows\System\lfaABKr.exe
  C:\Windows\System\lfaABKr.exe
  2⤵
  PID:6988
- C:\Windows\System\ntkfTTd.exe
  C:\Windows\System\ntkfTTd.exe
  2⤵
  PID:7004
- C:\Windows\System\UOtapme.exe
  C:\Windows\System\UOtapme.exe
  2⤵
  PID:7020
- C:\Windows\System\wiQbNIt.exe
  C:\Windows\System\wiQbNIt.exe
  2⤵
  PID:7036
- C:\Windows\System\aYrWuDe.exe
  C:\Windows\System\aYrWuDe.exe
  2⤵
  PID:7052
- C:\Windows\System\TTriNHE.exe
  C:\Windows\System\TTriNHE.exe
  2⤵
  PID:7068
- C:\Windows\System\XUznlvG.exe
  C:\Windows\System\XUznlvG.exe
  2⤵
  PID:7084
- C:\Windows\System\ZetYkBh.exe
  C:\Windows\System\ZetYkBh.exe
  2⤵
  PID:7100
- C:\Windows\System\KNFUEWN.exe
  C:\Windows\System\KNFUEWN.exe
  2⤵
  PID:7116
- C:\Windows\System\YaHRfoO.exe
  C:\Windows\System\YaHRfoO.exe
  2⤵
  PID:7132
- C:\Windows\System\pBQYwdC.exe
  C:\Windows\System\pBQYwdC.exe
  2⤵
  PID:7148
- C:\Windows\System\NSVTVVj.exe
  C:\Windows\System\NSVTVVj.exe
  2⤵
  PID:7164
- C:\Windows\System\vOfgwGf.exe
  C:\Windows\System\vOfgwGf.exe
  2⤵
  PID:5692
- C:\Windows\System\zNwniEI.exe
  C:\Windows\System\zNwniEI.exe
  2⤵
  PID:5808
- C:\Windows\System\vJHvZZU.exe
  C:\Windows\System\vJHvZZU.exe
  2⤵
  PID:6000
- C:\Windows\System\VpFXFBj.exe
  C:\Windows\System\VpFXFBj.exe
  2⤵
  PID:6096
- C:\Windows\System\LTJNVqq.exe
  C:\Windows\System\LTJNVqq.exe
  2⤵
  PID:2440
- C:\Windows\System\LzpKMwb.exe
  C:\Windows\System\LzpKMwb.exe
  2⤵
  PID:2672
- C:\Windows\System\VtGDRbA.exe
  C:\Windows\System\VtGDRbA.exe
  2⤵
  PID:2716
- C:\Windows\System\SWnzhpm.exe
  C:\Windows\System\SWnzhpm.exe
  2⤵
  PID:2908
- C:\Windows\System\OIhGoDN.exe
  C:\Windows\System\OIhGoDN.exe
  2⤵
  PID:5228
- C:\Windows\System\zZNOPaa.exe
  C:\Windows\System\zZNOPaa.exe
  2⤵
  PID:3004
- C:\Windows\System\zhTfdks.exe
  C:\Windows\System\zhTfdks.exe
  2⤵
  PID:2224
- C:\Windows\System\yHgFYnC.exe
  C:\Windows\System\yHgFYnC.exe
  2⤵
  PID:1736
- C:\Windows\System\lSzqnpL.exe
  C:\Windows\System\lSzqnpL.exe
  2⤵
  PID:1360
- C:\Windows\System\nMEncjt.exe
  C:\Windows\System\nMEncjt.exe
  2⤵
  PID:6212
- C:\Windows\System\KvewqFd.exe
  C:\Windows\System\KvewqFd.exe
  2⤵
  PID:6232
- C:\Windows\System\tstiEnq.exe
  C:\Windows\System\tstiEnq.exe
  2⤵
  PID:6264
- C:\Windows\System\HVJoQFs.exe
  C:\Windows\System\HVJoQFs.exe
  2⤵
  PID:6296
- C:\Windows\System\TJnrYga.exe
  C:\Windows\System\TJnrYga.exe
  2⤵
  PID:6344
- C:\Windows\System\QTOLKIJ.exe
  C:\Windows\System\QTOLKIJ.exe
  2⤵
  PID:6360
- C:\Windows\System\ZlOyyzz.exe
  C:\Windows\System\ZlOyyzz.exe
  2⤵
  PID:6392
- C:\Windows\System\EpyAXsn.exe
  C:\Windows\System\EpyAXsn.exe
  2⤵
  PID:6424
- C:\Windows\System\ljvVeGh.exe
  C:\Windows\System\ljvVeGh.exe
  2⤵
  PID:6456
- C:\Windows\System\TWCGDeX.exe
  C:\Windows\System\TWCGDeX.exe
  2⤵
  PID:6488
- C:\Windows\System\rwkDGPN.exe
  C:\Windows\System\rwkDGPN.exe
  2⤵
  PID:6532
- C:\Windows\System\UBjYeRl.exe
  C:\Windows\System\UBjYeRl.exe
  2⤵
  PID:6552
- C:\Windows\System\cYZRofd.exe
  C:\Windows\System\cYZRofd.exe
  2⤵
  PID:6584
- C:\Windows\System\GRxTbBr.exe
  C:\Windows\System\GRxTbBr.exe
  2⤵
  PID:328
- C:\Windows\System\ykhZSGL.exe
  C:\Windows\System\ykhZSGL.exe
  2⤵
  PID:6632
- C:\Windows\System\zhRQBHs.exe
  C:\Windows\System\zhRQBHs.exe
  2⤵
  PID:6664
- C:\Windows\System\uCWWXKk.exe
  C:\Windows\System\uCWWXKk.exe
  2⤵
  PID:6696
- C:\Windows\System\cuyPRIc.exe
  C:\Windows\System\cuyPRIc.exe
  2⤵
  PID:6728
- C:\Windows\System\JwHpFeX.exe
  C:\Windows\System\JwHpFeX.exe
  2⤵
  PID:6760
- C:\Windows\System\evKzsOq.exe
  C:\Windows\System\evKzsOq.exe
  2⤵
  PID:6792
- C:\Windows\System\ZuqAqPl.exe
  C:\Windows\System\ZuqAqPl.exe
  2⤵
  PID:6824
- C:\Windows\System\LzrsUIi.exe
  C:\Windows\System\LzrsUIi.exe
  2⤵
  PID:6856
- C:\Windows\System\yXhaSdy.exe
  C:\Windows\System\yXhaSdy.exe
  2⤵
  PID:6888
- C:\Windows\System\zySwbuk.exe
  C:\Windows\System\zySwbuk.exe
  2⤵
  PID:6920
- C:\Windows\System\ShWDeQx.exe
  C:\Windows\System\ShWDeQx.exe
  2⤵
  PID:6952
- C:\Windows\System\fVZesED.exe
  C:\Windows\System\fVZesED.exe
  2⤵
  PID:6984
- C:\Windows\System\CCocwwj.exe
  C:\Windows\System\CCocwwj.exe
  2⤵
  PID:7016
- C:\Windows\System\ZVVfTEc.exe
  C:\Windows\System\ZVVfTEc.exe
  2⤵
  PID:7048
- C:\Windows\System\bjMWKLY.exe
  C:\Windows\System\bjMWKLY.exe
  2⤵
  PID:7080
- C:\Windows\System\UNjfKcs.exe
  C:\Windows\System\UNjfKcs.exe
  2⤵
  PID:7112
- C:\Windows\System\TOmwjfq.exe
  C:\Windows\System\TOmwjfq.exe
  2⤵
  PID:7144
- C:\Windows\System\HiKUQOg.exe
  C:\Windows\System\HiKUQOg.exe
  2⤵
  PID:5724
- C:\Windows\System\ZqNUCwd.exe
  C:\Windows\System\ZqNUCwd.exe
  2⤵
  PID:5968
- C:\Windows\System\LgJQwDY.exe
  C:\Windows\System\LgJQwDY.exe
  2⤵
  PID:6108
- C:\Windows\System\YRTdkvu.exe
  C:\Windows\System\YRTdkvu.exe
  2⤵
  PID:2900
- C:\Windows\System\KACxRVZ.exe
  C:\Windows\System\KACxRVZ.exe
  2⤵
  PID:2232
- C:\Windows\System\xTfkCkN.exe
  C:\Windows\System\xTfkCkN.exe
  2⤵
  PID:3028
- C:\Windows\System\snyPQVw.exe
  C:\Windows\System\snyPQVw.exe
  2⤵
  PID:6168
- C:\Windows\System\aPYihhU.exe
  C:\Windows\System\aPYihhU.exe
  2⤵
  PID:6228
- C:\Windows\System\fRFzRWj.exe
  C:\Windows\System\fRFzRWj.exe
  2⤵
  PID:6308
- C:\Windows\System\YxIcTPU.exe
  C:\Windows\System\YxIcTPU.exe
  2⤵
  PID:6372
- C:\Windows\System\vwxcarq.exe
  C:\Windows\System\vwxcarq.exe
  2⤵
  PID:6436
- C:\Windows\System\AzTGVfk.exe
  C:\Windows\System\AzTGVfk.exe
  2⤵
  PID:6500
- C:\Windows\System\BNvbwqF.exe
  C:\Windows\System\BNvbwqF.exe
  2⤵
  PID:6564
- C:\Windows\System\MPcebyE.exe
  C:\Windows\System\MPcebyE.exe
  2⤵
  PID:6600
- C:\Windows\System\YiClYwy.exe
  C:\Windows\System\YiClYwy.exe
  2⤵
  PID:6648
- C:\Windows\System\PXSbMLG.exe
  C:\Windows\System\PXSbMLG.exe
  2⤵
  PID:6712
- C:\Windows\System\UdTBedR.exe
  C:\Windows\System\UdTBedR.exe
  2⤵
  PID:6788
- C:\Windows\System\zOreHdc.exe
  C:\Windows\System\zOreHdc.exe
  2⤵
  PID:6872
- C:\Windows\System\XvkbWKn.exe
  C:\Windows\System\XvkbWKn.exe
  2⤵
  PID:6936
- C:\Windows\System\ExmdsXQ.exe
  C:\Windows\System\ExmdsXQ.exe
  2⤵
  PID:7000
- C:\Windows\System\mYSQgni.exe
  C:\Windows\System\mYSQgni.exe
  2⤵
  PID:7044
- C:\Windows\System\mAfVcnS.exe
  C:\Windows\System\mAfVcnS.exe
  2⤵
  PID:7096
- C:\Windows\System\pbuyvGQ.exe
  C:\Windows\System\pbuyvGQ.exe
  2⤵
  PID:5680
- C:\Windows\System\AXXAYBX.exe
  C:\Windows\System\AXXAYBX.exe
  2⤵
  PID:6064
- C:\Windows\System\xdhgOxY.exe
  C:\Windows\System\xdhgOxY.exe
  2⤵
  PID:2924
- C:\Windows\System\ZSLKBOs.exe
  C:\Windows\System\ZSLKBOs.exe
  2⤵
  PID:6180
- C:\Windows\System\TdsCKIS.exe
  C:\Windows\System\TdsCKIS.exe
  2⤵
  PID:6276
- C:\Windows\System\FqWhlBm.exe
  C:\Windows\System\FqWhlBm.exe
  2⤵
  PID:7172
- C:\Windows\System\NZCVmNF.exe
  C:\Windows\System\NZCVmNF.exe
  2⤵
  PID:7188
- C:\Windows\System\kBeGIbG.exe
  C:\Windows\System\kBeGIbG.exe
  2⤵
  PID:7204
- C:\Windows\System\KtSjKcs.exe
  C:\Windows\System\KtSjKcs.exe
  2⤵
  PID:7220
- C:\Windows\System\RVjGMha.exe
  C:\Windows\System\RVjGMha.exe
  2⤵
  PID:7236
- C:\Windows\System\wzAMjvS.exe
  C:\Windows\System\wzAMjvS.exe
  2⤵
  PID:7252
- C:\Windows\System\hWNPPxp.exe
  C:\Windows\System\hWNPPxp.exe
  2⤵
  PID:7268
- C:\Windows\System\qVubTSi.exe
  C:\Windows\System\qVubTSi.exe
  2⤵
  PID:7284
- C:\Windows\System\VjjErTN.exe
  C:\Windows\System\VjjErTN.exe
  2⤵
  PID:7300
- C:\Windows\System\PBPiMWJ.exe
  C:\Windows\System\PBPiMWJ.exe
  2⤵
  PID:7316
- C:\Windows\System\IblAwVj.exe
  C:\Windows\System\IblAwVj.exe
  2⤵
  PID:7332
- C:\Windows\System\fakeKxB.exe
  C:\Windows\System\fakeKxB.exe
  2⤵
  PID:7348
- C:\Windows\System\mWHSbVJ.exe
  C:\Windows\System\mWHSbVJ.exe
  2⤵
  PID:7364
- C:\Windows\System\kYVdKGB.exe
  C:\Windows\System\kYVdKGB.exe
  2⤵
  PID:7380
- C:\Windows\System\tTzTRgy.exe
  C:\Windows\System\tTzTRgy.exe
  2⤵
  PID:7396
- C:\Windows\System\TxWAqpo.exe
  C:\Windows\System\TxWAqpo.exe
  2⤵
  PID:7412
- C:\Windows\System\bYGWcOv.exe
  C:\Windows\System\bYGWcOv.exe
  2⤵
  PID:7428
- C:\Windows\System\ptaOeRA.exe
  C:\Windows\System\ptaOeRA.exe
  2⤵
  PID:7444
- C:\Windows\System\AnZkToP.exe
  C:\Windows\System\AnZkToP.exe
  2⤵
  PID:7460
- C:\Windows\System\BRofUvp.exe
  C:\Windows\System\BRofUvp.exe
  2⤵
  PID:7476
- C:\Windows\System\QuYWSPH.exe
  C:\Windows\System\QuYWSPH.exe
  2⤵
  PID:7492
- C:\Windows\System\KYOxJig.exe
  C:\Windows\System\KYOxJig.exe
  2⤵
  PID:7508
- C:\Windows\System\xpJOsvj.exe
  C:\Windows\System\xpJOsvj.exe
  2⤵
  PID:7524
- C:\Windows\System\qFwAnoL.exe
  C:\Windows\System\qFwAnoL.exe
  2⤵
  PID:7540
- C:\Windows\System\yUVYKia.exe
  C:\Windows\System\yUVYKia.exe
  2⤵
  PID:7556
- C:\Windows\System\dXIOgmX.exe
  C:\Windows\System\dXIOgmX.exe
  2⤵
  PID:7572
- C:\Windows\System\qCVGGfs.exe
  C:\Windows\System\qCVGGfs.exe
  2⤵
  PID:7588
- C:\Windows\System\hARmoBq.exe
  C:\Windows\System\hARmoBq.exe
  2⤵
  PID:7604
- C:\Windows\System\rRXcPRa.exe
  C:\Windows\System\rRXcPRa.exe
  2⤵
  PID:7620
- C:\Windows\System\cdLwKuI.exe
  C:\Windows\System\cdLwKuI.exe
  2⤵
  PID:7636
- C:\Windows\System\alAheQf.exe
  C:\Windows\System\alAheQf.exe
  2⤵
  PID:7652
- C:\Windows\System\jdmKXOS.exe
  C:\Windows\System\jdmKXOS.exe
  2⤵
  PID:7668
- C:\Windows\System\xxCtaEu.exe
  C:\Windows\System\xxCtaEu.exe
  2⤵
  PID:7684
- C:\Windows\System\unxiDzQ.exe
  C:\Windows\System\unxiDzQ.exe
  2⤵
  PID:7700
- C:\Windows\System\WyzBozH.exe
  C:\Windows\System\WyzBozH.exe
  2⤵
  PID:7716
- C:\Windows\System\hyOwnLi.exe
  C:\Windows\System\hyOwnLi.exe
  2⤵
  PID:7732
- C:\Windows\System\iDvDkcx.exe
  C:\Windows\System\iDvDkcx.exe
  2⤵
  PID:7748
- C:\Windows\System\vlBJFsP.exe
  C:\Windows\System\vlBJFsP.exe
  2⤵
  PID:7764
- C:\Windows\System\wzkQfGE.exe
  C:\Windows\System\wzkQfGE.exe
  2⤵
  PID:7780
- C:\Windows\System\bsPhtmw.exe
  C:\Windows\System\bsPhtmw.exe
  2⤵
  PID:7800
- C:\Windows\System\WpSvvZX.exe
  C:\Windows\System\WpSvvZX.exe
  2⤵
  PID:7816
- C:\Windows\System\JaOXulJ.exe
  C:\Windows\System\JaOXulJ.exe
  2⤵
  PID:7832
- C:\Windows\System\fmGlMmH.exe
  C:\Windows\System\fmGlMmH.exe
  2⤵
  PID:7848
- C:\Windows\System\HEySAiD.exe
  C:\Windows\System\HEySAiD.exe
  2⤵
  PID:7864
- C:\Windows\System\NEqjFvf.exe
  C:\Windows\System\NEqjFvf.exe
  2⤵
  PID:7880
- C:\Windows\System\VWxuvHv.exe
  C:\Windows\System\VWxuvHv.exe
  2⤵
  PID:7896
- C:\Windows\System\GTpDmPK.exe
  C:\Windows\System\GTpDmPK.exe
  2⤵
  PID:7912
- C:\Windows\System\oEZjLrR.exe
  C:\Windows\System\oEZjLrR.exe
  2⤵
  PID:7928
- C:\Windows\System\EeQEVRD.exe
  C:\Windows\System\EeQEVRD.exe
  2⤵
  PID:7944
- C:\Windows\System\TqSGqiA.exe
  C:\Windows\System\TqSGqiA.exe
  2⤵
  PID:7960
- C:\Windows\System\IbOXqal.exe
  C:\Windows\System\IbOXqal.exe
  2⤵
  PID:7976
- C:\Windows\System\JmTvREa.exe
  C:\Windows\System\JmTvREa.exe
  2⤵
  PID:7992
- C:\Windows\System\hXmSUyu.exe
  C:\Windows\System\hXmSUyu.exe
  2⤵
  PID:8008
- C:\Windows\System\wLPxItl.exe
  C:\Windows\System\wLPxItl.exe
  2⤵
  PID:8024
- C:\Windows\System\zsUqBOf.exe
  C:\Windows\System\zsUqBOf.exe
  2⤵
  PID:8040
- C:\Windows\System\IJoCcqp.exe
  C:\Windows\System\IJoCcqp.exe
  2⤵
  PID:8056
- C:\Windows\System\sCAlYJV.exe
  C:\Windows\System\sCAlYJV.exe
  2⤵
  PID:8072
- C:\Windows\System\kiuWIiy.exe
  C:\Windows\System\kiuWIiy.exe
  2⤵
  PID:8088
- C:\Windows\System\kofvfcq.exe
  C:\Windows\System\kofvfcq.exe
  2⤵
  PID:8104
- C:\Windows\System\MfnHXYw.exe
  C:\Windows\System\MfnHXYw.exe
  2⤵
  PID:8120
- C:\Windows\System\LsxazmU.exe
  C:\Windows\System\LsxazmU.exe
  2⤵
  PID:8136
- C:\Windows\System\EVXWlXm.exe
  C:\Windows\System\EVXWlXm.exe
  2⤵
  PID:8152
- C:\Windows\System\TLauMkE.exe
  C:\Windows\System\TLauMkE.exe
  2⤵
  PID:8168
- C:\Windows\System\JxFarDe.exe
  C:\Windows\System\JxFarDe.exe
  2⤵
  PID:8184
- C:\Windows\System\hTvyURR.exe
  C:\Windows\System\hTvyURR.exe
  2⤵
  PID:6484
- C:\Windows\System\frSJRxW.exe
  C:\Windows\System\frSJRxW.exe
  2⤵
  PID:1408
- C:\Windows\System\mNzcKOk.exe
  C:\Windows\System\mNzcKOk.exe
  2⤵
  PID:6692
- C:\Windows\System\BDeTlNv.exe
  C:\Windows\System\BDeTlNv.exe
  2⤵
  PID:6852
- C:\Windows\System\fcxXyVj.exe
  C:\Windows\System\fcxXyVj.exe
  2⤵
  PID:2800
- C:\Windows\System\BlSsiFI.exe
  C:\Windows\System\BlSsiFI.exe
  2⤵
  PID:7076
- C:\Windows\System\omHuxPY.exe
  C:\Windows\System\omHuxPY.exe
  2⤵
  PID:5872
- C:\Windows\System\xTGPxUd.exe
  C:\Windows\System\xTGPxUd.exe
  2⤵
  PID:6152
- C:\Windows\System\kbcAkHs.exe
  C:\Windows\System\kbcAkHs.exe
  2⤵
  PID:6356
- C:\Windows\System\tqYDSaI.exe
  C:\Windows\System\tqYDSaI.exe
  2⤵
  PID:7196
- C:\Windows\System\rmwSdTe.exe
  C:\Windows\System\rmwSdTe.exe
  2⤵
  PID:7228
- C:\Windows\System\DjLBQSj.exe
  C:\Windows\System\DjLBQSj.exe
  2⤵
  PID:7260
- C:\Windows\System\uSwUFce.exe
  C:\Windows\System\uSwUFce.exe
  2⤵
  PID:7292
- C:\Windows\System\hWqlcJr.exe
  C:\Windows\System\hWqlcJr.exe
  2⤵
  PID:7324
- C:\Windows\System\ZuSpXCO.exe
  C:\Windows\System\ZuSpXCO.exe
  2⤵
  PID:7356
- C:\Windows\System\WUKPBGH.exe
  C:\Windows\System\WUKPBGH.exe
  2⤵
  PID:7376
- C:\Windows\System\siBUIZW.exe
  C:\Windows\System\siBUIZW.exe
  2⤵
  PID:7408
- C:\Windows\System\tCdFKaF.exe
  C:\Windows\System\tCdFKaF.exe
  2⤵
  PID:7440
- C:\Windows\System\UVXEaUT.exe
  C:\Windows\System\UVXEaUT.exe
  2⤵
  PID:7484
- C:\Windows\System\saumlqj.exe
  C:\Windows\System\saumlqj.exe
  2⤵
  PID:8000
- C:\Windows\System\hluwPKh.exe
  C:\Windows\System\hluwPKh.exe
  2⤵
  PID:8048
- C:\Windows\System\dZlBoJE.exe
  C:\Windows\System\dZlBoJE.exe
  2⤵
  PID:8080
- C:\Windows\System\ZWNCUYt.exe
  C:\Windows\System\ZWNCUYt.exe
  2⤵
  PID:8112
- C:\Windows\System\eFaGOfc.exe
  C:\Windows\System\eFaGOfc.exe
  2⤵
  PID:8144
- C:\Windows\System\MTUOGWU.exe
  C:\Windows\System\MTUOGWU.exe
  2⤵
  PID:8176
- C:\Windows\System\ajlbMVK.exe
  C:\Windows\System\ajlbMVK.exe
  2⤵
  PID:6808
- C:\Windows\System\IGIZrlc.exe
  C:\Windows\System\IGIZrlc.exe
  2⤵
  PID:7012
- C:\Windows\System\oEETqbO.exe
  C:\Windows\System\oEETqbO.exe
  2⤵
  PID:7232
- C:\Windows\System\TKVvtIU.exe
  C:\Windows\System\TKVvtIU.exe
  2⤵
  PID:2164
- C:\Windows\System\xiCgRTD.exe
  C:\Windows\System\xiCgRTD.exe
  2⤵
  PID:2764
- C:\Windows\System\XzYOdAB.exe
  C:\Windows\System\XzYOdAB.exe
  2⤵
  PID:1872
- C:\Windows\System\RJPCiuK.exe
  C:\Windows\System\RJPCiuK.exe
  2⤵
  PID:7712
- C:\Windows\System\ZmaeygJ.exe
  C:\Windows\System\ZmaeygJ.exe
  2⤵
  PID:7648
- C:\Windows\System\RRIiwAi.exe
  C:\Windows\System\RRIiwAi.exe
  2⤵
  PID:7692
- C:\Windows\System\cImFiRz.exe
  C:\Windows\System\cImFiRz.exe
  2⤵
  PID:7728
- C:\Windows\System\GtnpuCc.exe
  C:\Windows\System\GtnpuCc.exe
  2⤵
  PID:7744
- C:\Windows\System\DwjPuMR.exe
  C:\Windows\System\DwjPuMR.exe
  2⤵
  PID:7796
- C:\Windows\System\ovGqmCt.exe
  C:\Windows\System\ovGqmCt.exe
  2⤵
  PID:7828
- C:\Windows\System\bKhauBE.exe
  C:\Windows\System\bKhauBE.exe
  2⤵
  PID:7860
- C:\Windows\System\KYwErvB.exe
  C:\Windows\System\KYwErvB.exe
  2⤵
  PID:7892
- C:\Windows\System\obnBPvb.exe
  C:\Windows\System\obnBPvb.exe
  2⤵
  PID:7924
- C:\Windows\System\vwZNcgS.exe
  C:\Windows\System\vwZNcgS.exe
  2⤵
  PID:2772
- C:\Windows\System\kFIwHdH.exe
  C:\Windows\System\kFIwHdH.exe
  2⤵
  PID:7984
- C:\Windows\System\fkIAoHO.exe
  C:\Windows\System\fkIAoHO.exe
  2⤵
  PID:2624
- C:\Windows\System\CkyRZjN.exe
  C:\Windows\System\CkyRZjN.exe
  2⤵
  PID:3036
- C:\Windows\System\MYvHELb.exe
  C:\Windows\System\MYvHELb.exe
  2⤵
  PID:6388
- C:\Windows\System\JmtCTzo.exe
  C:\Windows\System\JmtCTzo.exe
  2⤵
  PID:6596
- C:\Windows\System\QrJrZpc.exe
  C:\Windows\System\QrJrZpc.exe
  2⤵
  PID:6776
- C:\Windows\System\xsiCCMl.exe
  C:\Windows\System\xsiCCMl.exe
  2⤵
  PID:3048
- C:\Windows\System\sTAVNtW.exe
  C:\Windows\System\sTAVNtW.exe
  2⤵
  PID:8096
- C:\Windows\System\LcuaFJr.exe
  C:\Windows\System\LcuaFJr.exe
  2⤵
  PID:8100
- C:\Windows\System\PspLkhl.exe
  C:\Windows\System\PspLkhl.exe
  2⤵
  PID:2216
- C:\Windows\System\wQCXtUa.exe
  C:\Windows\System\wQCXtUa.exe
  2⤵
  PID:1636
- C:\Windows\System\TzQQkoI.exe
  C:\Windows\System\TzQQkoI.exe
  2⤵
  PID:2360
- C:\Windows\System\bfDdHcR.exe
  C:\Windows\System\bfDdHcR.exe
  2⤵
  PID:2080
- C:\Windows\System\LrcbPMh.exe
  C:\Windows\System\LrcbPMh.exe
  2⤵
  PID:2160
- C:\Windows\System\IixtAbV.exe
  C:\Windows\System\IixtAbV.exe
  2⤵
  PID:7436
- C:\Windows\System\cMpNJrk.exe
  C:\Windows\System\cMpNJrk.exe
  2⤵
  PID:6948
- C:\Windows\System\YUKbWLz.exe
  C:\Windows\System\YUKbWLz.exe
  2⤵
  PID:6292
- C:\Windows\System\TSZAOSH.exe
  C:\Windows\System\TSZAOSH.exe
  2⤵
  PID:3032
- C:\Windows\System\UGHSnOv.exe
  C:\Windows\System\UGHSnOv.exe
  2⤵
  PID:7344
- C:\Windows\System\fPSPaeo.exe
  C:\Windows\System\fPSPaeo.exe
  2⤵
  PID:7500
- C:\Windows\System\yWqFqGQ.exe
  C:\Windows\System\yWqFqGQ.exe
  2⤵
  PID:1488
- C:\Windows\System\YNuzJor.exe
  C:\Windows\System\YNuzJor.exe
  2⤵
  PID:2824
- C:\Windows\System\NTKOlxk.exe
  C:\Windows\System\NTKOlxk.exe
  2⤵
  PID:2808
- C:\Windows\System\rlpRsbZ.exe
  C:\Windows\System\rlpRsbZ.exe
  2⤵
  PID:2268
- C:\Windows\System\PuAisbb.exe
  C:\Windows\System\PuAisbb.exe
  2⤵
  PID:7644
- C:\Windows\System\lvDVMBT.exe
  C:\Windows\System\lvDVMBT.exe
  2⤵
  PID:7788
- C:\Windows\System\IHvSEYX.exe
  C:\Windows\System\IHvSEYX.exe
  2⤵
  PID:7908
- C:\Windows\System\OmekwfL.exe
  C:\Windows\System\OmekwfL.exe
  2⤵
  PID:2660
- C:\Windows\System\rAyQCaL.exe
  C:\Windows\System\rAyQCaL.exe
  2⤵
  PID:2128
- C:\Windows\System\DxdMUgt.exe
  C:\Windows\System\DxdMUgt.exe
  2⤵
  PID:3044
- C:\Windows\System\ZiFjsLG.exe
  C:\Windows\System\ZiFjsLG.exe
  2⤵
  PID:2736
- C:\Windows\System\aaVoQwA.exe
  C:\Windows\System\aaVoQwA.exe
  2⤵
  PID:7280
- C:\Windows\System\BJZFagn.exe
  C:\Windows\System\BJZFagn.exe
  2⤵
  PID:7216
- C:\Windows\System\Pmjilbe.exe
  C:\Windows\System\Pmjilbe.exe
  2⤵
  PID:1064
- C:\Windows\System\FfNeDlo.exe
  C:\Windows\System\FfNeDlo.exe
  2⤵
  PID:1036
- C:\Windows\System\mhZUgDc.exe
  C:\Windows\System\mhZUgDc.exe
  2⤵
  PID:2580
- C:\Windows\System\zTaxMsm.exe
  C:\Windows\System\zTaxMsm.exe
  2⤵
  PID:7876
- C:\Windows\System\jnmsZNg.exe
  C:\Windows\System\jnmsZNg.exe
  2⤵
  PID:1004
- C:\Windows\System\FzKJfgr.exe
  C:\Windows\System\FzKJfgr.exe
  2⤵
  PID:6520
- C:\Windows\System\PnoNQCL.exe
  C:\Windows\System\PnoNQCL.exe
  2⤵
  PID:8128
- C:\Windows\System\ScKBJZB.exe
  C:\Windows\System\ScKBJZB.exe
  2⤵
  PID:8164
- C:\Windows\System\gVFwrJU.exe
  C:\Windows\System\gVFwrJU.exe
  2⤵
  PID:2868
- C:\Windows\System\IQQnAPR.exe
  C:\Windows\System\IQQnAPR.exe
  2⤵
  PID:7708
- C:\Windows\System\WYJDJVX.exe
  C:\Windows\System\WYJDJVX.exe
  2⤵
  PID:2568
- C:\Windows\System\VRbhqeb.exe
  C:\Windows\System\VRbhqeb.exe
  2⤵
  PID:600
- C:\Windows\System\kZrxJQj.exe
  C:\Windows\System\kZrxJQj.exe
  2⤵
  PID:7972
- C:\Windows\System\LrNnpWy.exe
  C:\Windows\System\LrNnpWy.exe
  2⤵
  PID:3024
- C:\Windows\System\avJQlxH.exe
  C:\Windows\System\avJQlxH.exe
  2⤵
  PID:7844
- C:\Windows\System\uqXekJy.exe
  C:\Windows\System\uqXekJy.exe
  2⤵
  PID:620
- C:\Windows\System\fJFnGZx.exe
  C:\Windows\System\fJFnGZx.exe
  2⤵
  PID:7812
- C:\Windows\System\dUWTDdg.exe
  C:\Windows\System\dUWTDdg.exe
  2⤵
  PID:2444
- C:\Windows\System\qRuvisr.exe
  C:\Windows\System\qRuvisr.exe
  2⤵
  PID:1724
- C:\Windows\System\okFGPRb.exe
  C:\Windows\System\okFGPRb.exe
  2⤵
  PID:660
- C:\Windows\System\eBkMLVI.exe
  C:\Windows\System\eBkMLVI.exe
  2⤵
  PID:8068
- C:\Windows\System\RtnOtYI.exe
  C:\Windows\System\RtnOtYI.exe
  2⤵
  PID:7312
- C:\Windows\System\DbMndHO.exe
  C:\Windows\System\DbMndHO.exe
  2⤵
  PID:8204
- C:\Windows\System\ZDczAmN.exe
  C:\Windows\System\ZDczAmN.exe
  2⤵
  PID:8220
- C:\Windows\System\cyWpDQV.exe
  C:\Windows\System\cyWpDQV.exe
  2⤵
  PID:8236
- C:\Windows\System\LpPlkVj.exe
  C:\Windows\System\LpPlkVj.exe
  2⤵
  PID:8252
- C:\Windows\System\VaNxpxD.exe
  C:\Windows\System\VaNxpxD.exe
  2⤵
  PID:8268
- C:\Windows\System\aIjzIPX.exe
  C:\Windows\System\aIjzIPX.exe
  2⤵
  PID:8284
- C:\Windows\System\TgCnaLU.exe
  C:\Windows\System\TgCnaLU.exe
  2⤵
  PID:8300
- C:\Windows\System\rfOinOT.exe
  C:\Windows\System\rfOinOT.exe
  2⤵
  PID:8316
- C:\Windows\System\ziblqFR.exe
  C:\Windows\System\ziblqFR.exe
  2⤵
  PID:8332
- C:\Windows\System\TcxYLvo.exe
  C:\Windows\System\TcxYLvo.exe
  2⤵
  PID:8348
- C:\Windows\System\jaolKAM.exe
  C:\Windows\System\jaolKAM.exe
  2⤵
  PID:8364
- C:\Windows\System\CpPMxeM.exe
  C:\Windows\System\CpPMxeM.exe
  2⤵
  PID:8380
- C:\Windows\System\stXgQYO.exe
  C:\Windows\System\stXgQYO.exe
  2⤵
  PID:8396
- C:\Windows\System\FYptPAq.exe
  C:\Windows\System\FYptPAq.exe
  2⤵
  PID:8412
- C:\Windows\System\byFgHli.exe
  C:\Windows\System\byFgHli.exe
  2⤵
  PID:8428
- C:\Windows\System\vzerDjm.exe
  C:\Windows\System\vzerDjm.exe
  2⤵
  PID:8444
- C:\Windows\System\kcDedqN.exe
  C:\Windows\System\kcDedqN.exe
  2⤵
  PID:8460
- C:\Windows\System\cJLVxdw.exe
  C:\Windows\System\cJLVxdw.exe
  2⤵
  PID:8476
- C:\Windows\System\dNZLiyo.exe
  C:\Windows\System\dNZLiyo.exe
  2⤵
  PID:8492
- C:\Windows\System\TFGsjYR.exe
  C:\Windows\System\TFGsjYR.exe
  2⤵
  PID:8508
- C:\Windows\System\whLCbwr.exe
  C:\Windows\System\whLCbwr.exe
  2⤵
  PID:8524
- C:\Windows\System\chMYGhn.exe
  C:\Windows\System\chMYGhn.exe
  2⤵
  PID:8540
- C:\Windows\System\JFvdHwG.exe
  C:\Windows\System\JFvdHwG.exe
  2⤵
  PID:8556
- C:\Windows\System\tfHwadV.exe
  C:\Windows\System\tfHwadV.exe
  2⤵
  PID:8572
- C:\Windows\System\rnTdKar.exe
  C:\Windows\System\rnTdKar.exe
  2⤵
  PID:8588
- C:\Windows\System\fMkoFhC.exe
  C:\Windows\System\fMkoFhC.exe
  2⤵
  PID:8604
- C:\Windows\System\CyhkwYT.exe
  C:\Windows\System\CyhkwYT.exe
  2⤵
  PID:8620
- C:\Windows\System\rgwCQQv.exe
  C:\Windows\System\rgwCQQv.exe
  2⤵
  PID:8636
- C:\Windows\System\ajYwWtZ.exe
  C:\Windows\System\ajYwWtZ.exe
  2⤵
  PID:8652
- C:\Windows\System\iYEvrwb.exe
  C:\Windows\System\iYEvrwb.exe
  2⤵
  PID:8668
- C:\Windows\System\PhuJQUO.exe
  C:\Windows\System\PhuJQUO.exe
  2⤵
  PID:8684
- C:\Windows\System\aBOyBFm.exe
  C:\Windows\System\aBOyBFm.exe
  2⤵
  PID:8700
- C:\Windows\System\HLQjMwF.exe
  C:\Windows\System\HLQjMwF.exe
  2⤵
  PID:8716
- C:\Windows\System\zvsaTOX.exe
  C:\Windows\System\zvsaTOX.exe
  2⤵
  PID:8732
- C:\Windows\System\JVvyAGa.exe
  C:\Windows\System\JVvyAGa.exe
  2⤵
  PID:8748
- C:\Windows\System\LWpKCoX.exe
  C:\Windows\System\LWpKCoX.exe
  2⤵
  PID:8764
- C:\Windows\System\DYrPAOo.exe
  C:\Windows\System\DYrPAOo.exe
  2⤵
  PID:8780
- C:\Windows\System\vFnllAu.exe
  C:\Windows\System\vFnllAu.exe
  2⤵
  PID:8796
- C:\Windows\System\UXVSbfn.exe
  C:\Windows\System\UXVSbfn.exe
  2⤵
  PID:8812
- C:\Windows\System\SXNWbfT.exe
  C:\Windows\System\SXNWbfT.exe
  2⤵
  PID:8828
- C:\Windows\System\WyNOCMi.exe
  C:\Windows\System\WyNOCMi.exe
  2⤵
  PID:8844
- C:\Windows\System\lYXxsLB.exe
  C:\Windows\System\lYXxsLB.exe
  2⤵
  PID:8860
- C:\Windows\System\grdXQos.exe
  C:\Windows\System\grdXQos.exe
  2⤵
  PID:8876
- C:\Windows\System\yANaihY.exe
  C:\Windows\System\yANaihY.exe
  2⤵
  PID:8892
- C:\Windows\System\sfaSnuR.exe
  C:\Windows\System\sfaSnuR.exe
  2⤵
  PID:8908
- C:\Windows\System\UGbBQGd.exe
  C:\Windows\System\UGbBQGd.exe
  2⤵
  PID:8924
- C:\Windows\System\XDxtOqy.exe
  C:\Windows\System\XDxtOqy.exe
  2⤵
  PID:8940
- C:\Windows\System\XdtiJDF.exe
  C:\Windows\System\XdtiJDF.exe
  2⤵
  PID:8956
- C:\Windows\System\sICHpYP.exe
  C:\Windows\System\sICHpYP.exe
  2⤵
  PID:8972
- C:\Windows\System\afQLlVI.exe
  C:\Windows\System\afQLlVI.exe
  2⤵
  PID:8988
- C:\Windows\System\JPmNFAx.exe
  C:\Windows\System\JPmNFAx.exe
  2⤵
  PID:9008
- C:\Windows\System\WntbqGu.exe
  C:\Windows\System\WntbqGu.exe
  2⤵
  PID:9024
- C:\Windows\System\KZHBhIC.exe
  C:\Windows\System\KZHBhIC.exe
  2⤵
  PID:9040
- C:\Windows\System\rCainvF.exe
  C:\Windows\System\rCainvF.exe
  2⤵
  PID:9056
- C:\Windows\System\RiEGxnH.exe
  C:\Windows\System\RiEGxnH.exe
  2⤵
  PID:9072
- C:\Windows\System\qaYTPqk.exe
  C:\Windows\System\qaYTPqk.exe
  2⤵
  PID:9088
- C:\Windows\System\czKnHfR.exe
  C:\Windows\System\czKnHfR.exe
  2⤵
  PID:9104
- C:\Windows\System\CCJrmPO.exe
  C:\Windows\System\CCJrmPO.exe
  2⤵
  PID:9120
- C:\Windows\System\bRALJPc.exe
  C:\Windows\System\bRALJPc.exe
  2⤵
  PID:9136
- C:\Windows\System\eqIEaUl.exe
  C:\Windows\System\eqIEaUl.exe
  2⤵
  PID:9152
- C:\Windows\System\MyoVFtu.exe
  C:\Windows\System\MyoVFtu.exe
  2⤵
  PID:9168
- C:\Windows\System\aCgCrpY.exe
  C:\Windows\System\aCgCrpY.exe
  2⤵
  PID:9184
- C:\Windows\System\WaILUmk.exe
  C:\Windows\System\WaILUmk.exe
  2⤵
  PID:9200
- C:\Windows\System\DijhXkm.exe
  C:\Windows\System\DijhXkm.exe
  2⤵
  PID:2788
- C:\Windows\System\fFHyTFT.exe
  C:\Windows\System\fFHyTFT.exe
  2⤵
  PID:8216
- C:\Windows\System\IGypYsJ.exe
  C:\Windows\System\IGypYsJ.exe
  2⤵
  PID:8308
- C:\Windows\System\fpSQXLF.exe
  C:\Windows\System\fpSQXLF.exe
  2⤵
  PID:8344
- C:\Windows\System\dSmTvhL.exe
  C:\Windows\System\dSmTvhL.exe
  2⤵
  PID:8404
- C:\Windows\System\rYxAfPN.exe
  C:\Windows\System\rYxAfPN.exe
  2⤵
  PID:7404
- C:\Windows\System\PHLolqR.exe
  C:\Windows\System\PHLolqR.exe
  2⤵
  PID:7856
- C:\Windows\System\CkjcBtd.exe
  C:\Windows\System\CkjcBtd.exe
  2⤵
  PID:8500
- C:\Windows\System\ylCSJgD.exe
  C:\Windows\System\ylCSJgD.exe
  2⤵
  PID:8564
- C:\Windows\System\WROWtcq.exe
  C:\Windows\System\WROWtcq.exe
  2⤵
  PID:8200
- C:\Windows\System\tTWMHXn.exe
  C:\Windows\System\tTWMHXn.exe
  2⤵
  PID:8264
- C:\Windows\System\oWRlHFG.exe
  C:\Windows\System\oWRlHFG.exe
  2⤵
  PID:8328
- C:\Windows\System\ZWftXfA.exe
  C:\Windows\System\ZWftXfA.exe
  2⤵
  PID:8392
- C:\Windows\System\IkMsmdl.exe
  C:\Windows\System\IkMsmdl.exe
  2⤵
  PID:8568
- C:\Windows\System\lMUiGcn.exe
  C:\Windows\System\lMUiGcn.exe
  2⤵
  PID:8628
- C:\Windows\System\YasiiTB.exe
  C:\Windows\System\YasiiTB.exe
  2⤵
  PID:8484
- C:\Windows\System\ZNreSKj.exe
  C:\Windows\System\ZNreSKj.exe
  2⤵
  PID:8692
- C:\Windows\System\uRZgpZe.exe
  C:\Windows\System\uRZgpZe.exe
  2⤵
  PID:8724
- C:\Windows\System\EKjKusa.exe
  C:\Windows\System\EKjKusa.exe
  2⤵
  PID:8788
- C:\Windows\System\QIvibHn.exe
  C:\Windows\System\QIvibHn.exe
  2⤵
  PID:8852
- C:\Windows\System\kCRvNrt.exe
  C:\Windows\System\kCRvNrt.exe
  2⤵
  PID:8676
- C:\Windows\System\BtswwbC.exe
  C:\Windows\System\BtswwbC.exe
  2⤵
  PID:8612
- C:\Windows\System\hFipszh.exe
  C:\Windows\System\hFipszh.exe
  2⤵
  PID:8804
- C:\Windows\System\xbigsmZ.exe
  C:\Windows\System\xbigsmZ.exe
  2⤵
  PID:8952
- C:\Windows\System\bfCCHEE.exe
  C:\Windows\System\bfCCHEE.exe
  2⤵
  PID:8680
- C:\Windows\System\RZxmkIc.exe
  C:\Windows\System\RZxmkIc.exe
  2⤵
  PID:8776
- C:\Windows\System\soqiOIy.exe
  C:\Windows\System\soqiOIy.exe
  2⤵
  PID:8936
- C:\Windows\System\LFnHRDV.exe
  C:\Windows\System\LFnHRDV.exe
  2⤵
  PID:8872
- C:\Windows\System\uNZIKJl.exe
  C:\Windows\System\uNZIKJl.exe
  2⤵
  PID:9020
- C:\Windows\System\TJSTNgu.exe
  C:\Windows\System\TJSTNgu.exe
  2⤵
  PID:8996
- C:\Windows\System\aDIgmrb.exe
  C:\Windows\System\aDIgmrb.exe
  2⤵
  PID:9000
- C:\Windows\System\EKmpfGy.exe
  C:\Windows\System\EKmpfGy.exe
  2⤵
  PID:9180
- C:\Windows\System\XWEAkVU.exe
  C:\Windows\System\XWEAkVU.exe
  2⤵
  PID:9068
- C:\Windows\System\sirWQOL.exe
  C:\Windows\System\sirWQOL.exe
  2⤵
  PID:9100
- C:\Windows\System\iMgrDna.exe
  C:\Windows\System\iMgrDna.exe
  2⤵
  PID:9164
- C:\Windows\System\OxsjYfM.exe
  C:\Windows\System\OxsjYfM.exe
  2⤵
  PID:956
- C:\Windows\System\xtynynS.exe
  C:\Windows\System\xtynynS.exe
  2⤵
  PID:1452
- C:\Windows\System\eBueHVW.exe
  C:\Windows\System\eBueHVW.exe
  2⤵
  PID:8440
- C:\Windows\System\MPOZLTE.exe
  C:\Windows\System\MPOZLTE.exe
  2⤵
  PID:8260
- C:\Windows\System\flzRqUu.exe
  C:\Windows\System\flzRqUu.exe
  2⤵
  PID:8456
- C:\Windows\System\oHVAYsF.exe
  C:\Windows\System\oHVAYsF.exe
  2⤵
  PID:8472
- C:\Windows\System\wDlZNSR.exe
  C:\Windows\System\wDlZNSR.exe
  2⤵
  PID:8324
- C:\Windows\System\UXwmfQp.exe
  C:\Windows\System\UXwmfQp.exe
  2⤵
  PID:8584
- C:\Windows\System\NSZDChi.exe
  C:\Windows\System\NSZDChi.exe
  2⤵
  PID:8552
- C:\Windows\System\uQhbCPl.exe
  C:\Windows\System\uQhbCPl.exe
  2⤵
  PID:8808
- C:\Windows\System\rvAgFZW.exe
  C:\Windows\System\rvAgFZW.exe
  2⤵
  PID:9112
- C:\Windows\System\zvjEiNo.exe
  C:\Windows\System\zvjEiNo.exe
  2⤵
  PID:9132
- C:\Windows\System\yqsMwtK.exe
  C:\Windows\System\yqsMwtK.exe
  2⤵
  PID:8408
- C:\Windows\System\yWBlOSS.exe
  C:\Windows\System\yWBlOSS.exe
  2⤵
  PID:8468
- C:\Windows\System\fyPxEQN.exe
  C:\Windows\System\fyPxEQN.exe
  2⤵
  PID:8616
- C:\Windows\System\NGeqizd.exe
  C:\Windows\System\NGeqizd.exe
  2⤵
  PID:9232
- C:\Windows\System\OTMuhPt.exe
  C:\Windows\System\OTMuhPt.exe
  2⤵
  PID:9248
- C:\Windows\System\eKekIzd.exe
  C:\Windows\System\eKekIzd.exe
  2⤵
  PID:9264
- C:\Windows\System\oVrubgE.exe
  C:\Windows\System\oVrubgE.exe
  2⤵
  PID:8756
- C:\Windows\System\IVErrpy.exe
  C:\Windows\System\IVErrpy.exe
  2⤵
  PID:10100
- C:\Windows\System\FuZviJt.exe
  C:\Windows\System\FuZviJt.exe
  2⤵
  PID:10172
- C:\Windows\System\CCELXWt.exe
  C:\Windows\System\CCELXWt.exe
  2⤵
  PID:8520
- C:\Windows\System\lImLZMd.exe
  C:\Windows\System\lImLZMd.exe
  2⤵
  PID:8388
- C:\Windows\System\RWXiVEX.exe
  C:\Windows\System\RWXiVEX.exe
  2⤵
  PID:8516
- C:\Windows\System\QvUVLSf.exe
  C:\Windows\System\QvUVLSf.exe
  2⤵
  PID:8916
- C:\Windows\System\KncaGtw.exe
  C:\Windows\System\KncaGtw.exe
  2⤵
  PID:8964
- C:\Windows\System\zNHqHCY.exe
  C:\Windows\System\zNHqHCY.exe
  2⤵
  PID:9176
- C:\Windows\System\ZLJNhWB.exe
  C:\Windows\System\ZLJNhWB.exe
  2⤵
  PID:1012
- C:\Windows\System\QKIXxsZ.exe
  C:\Windows\System\QKIXxsZ.exe
  2⤵
  PID:8196
- C:\Windows\System\EpnPzMI.exe
  C:\Windows\System\EpnPzMI.exe
  2⤵
  PID:8276
- C:\Windows\System\mMllqgK.exe
  C:\Windows\System\mMllqgK.exe
  2⤵
  PID:9272
- C:\Windows\System\utgYsgK.exe
  C:\Windows\System\utgYsgK.exe
  2⤵
  PID:9288
- C:\Windows\System\vKYbGmq.exe
  C:\Windows\System\vKYbGmq.exe
  2⤵
  PID:9304
- C:\Windows\System\SjBLfbU.exe
  C:\Windows\System\SjBLfbU.exe
  2⤵
  PID:9320
- C:\Windows\System\WsrVHaz.exe
  C:\Windows\System\WsrVHaz.exe
  2⤵
  PID:9340
- C:\Windows\System\ohUwQAr.exe
  C:\Windows\System\ohUwQAr.exe
  2⤵
  PID:9368
- C:\Windows\System\RVjGtYv.exe
  C:\Windows\System\RVjGtYv.exe
  2⤵
  PID:9328
- C:\Windows\System\OhcmueO.exe
  C:\Windows\System\OhcmueO.exe
  2⤵
  PID:9392
- C:\Windows\System\sDbIgdw.exe
  C:\Windows\System\sDbIgdw.exe
  2⤵
  PID:9408
- C:\Windows\System\ZGjaExQ.exe
  C:\Windows\System\ZGjaExQ.exe
  2⤵
  PID:9424
- C:\Windows\System\OxbQyXM.exe
  C:\Windows\System\OxbQyXM.exe
  2⤵
  PID:9440
- C:\Windows\System\OLWSBZf.exe
  C:\Windows\System\OLWSBZf.exe
  2⤵
  PID:9460
- C:\Windows\System\FNnHTKY.exe
  C:\Windows\System\FNnHTKY.exe
  2⤵
  PID:9476
- C:\Windows\System\KmEmrRI.exe
  C:\Windows\System\KmEmrRI.exe
  2⤵
  PID:9492
- C:\Windows\System\wJHVqfW.exe
  C:\Windows\System\wJHVqfW.exe
  2⤵
  PID:9508
- C:\Windows\System\wdLVoRU.exe
  C:\Windows\System\wdLVoRU.exe
  2⤵
  PID:9524
- C:\Windows\System\LGGWGCA.exe
  C:\Windows\System\LGGWGCA.exe
  2⤵
  PID:9540
- C:\Windows\System\qTCIHFl.exe
  C:\Windows\System\qTCIHFl.exe
  2⤵
  PID:9556
- C:\Windows\System\Dgqwzwd.exe
  C:\Windows\System\Dgqwzwd.exe
  2⤵
  PID:9572
- C:\Windows\System\QvIDUXm.exe
  C:\Windows\System\QvIDUXm.exe
  2⤵
  PID:9588
- C:\Windows\System\jEqgwzQ.exe
  C:\Windows\System\jEqgwzQ.exe
  2⤵
  PID:9604
- C:\Windows\System\Ysuqlxi.exe
  C:\Windows\System\Ysuqlxi.exe
  2⤵
  PID:9624
- C:\Windows\System\cuYAZyS.exe
  C:\Windows\System\cuYAZyS.exe
  2⤵
  PID:9636
- C:\Windows\System\BZvjuyz.exe
  C:\Windows\System\BZvjuyz.exe
  2⤵
  PID:9648
- C:\Windows\System\xgrIDLb.exe
  C:\Windows\System\xgrIDLb.exe
  2⤵
  PID:9672
- C:\Windows\System\IQkRjWg.exe
  C:\Windows\System\IQkRjWg.exe
  2⤵
  PID:9688
- C:\Windows\System\PSiRghA.exe
  C:\Windows\System\PSiRghA.exe
  2⤵
  PID:9704
- C:\Windows\System\WXKvsTJ.exe
  C:\Windows\System\WXKvsTJ.exe
  2⤵
  PID:9720
- C:\Windows\System\IeGOPzm.exe
  C:\Windows\System\IeGOPzm.exe
  2⤵
  PID:9732
- C:\Windows\System\fBiEYxp.exe
  C:\Windows\System\fBiEYxp.exe
  2⤵
  PID:9752
- C:\Windows\System\HneBDll.exe
  C:\Windows\System\HneBDll.exe
  2⤵
  PID:9760
- C:\Windows\System\NgUSGFS.exe
  C:\Windows\System\NgUSGFS.exe
  2⤵
  PID:9784
- C:\Windows\System\BsGnJPT.exe
  C:\Windows\System\BsGnJPT.exe
  2⤵
  PID:9800
- C:\Windows\System\fBTVrna.exe
  C:\Windows\System\fBTVrna.exe
  2⤵
  PID:9812
- C:\Windows\System\cLeLqMi.exe
  C:\Windows\System\cLeLqMi.exe
  2⤵
  PID:9832
- C:\Windows\System\RknyCEe.exe
  C:\Windows\System\RknyCEe.exe
  2⤵
  PID:9848
- C:\Windows\System\soDrdXf.exe
  C:\Windows\System\soDrdXf.exe
  2⤵
  PID:9864
- C:\Windows\System\BkKUMqC.exe
  C:\Windows\System\BkKUMqC.exe
  2⤵
  PID:9880
- C:\Windows\System\NwySuiD.exe
  C:\Windows\System\NwySuiD.exe
  2⤵
  PID:9896
- C:\Windows\System\WwMkswK.exe
  C:\Windows\System\WwMkswK.exe
  2⤵
  PID:9916
- C:\Windows\System\pDJadej.exe
  C:\Windows\System\pDJadej.exe
  2⤵
  PID:9936
- C:\Windows\System\ujpFaHW.exe
  C:\Windows\System\ujpFaHW.exe
  2⤵
  PID:9952
- C:\Windows\System\zPbOvGf.exe
  C:\Windows\System\zPbOvGf.exe
  2⤵
  PID:9964
- C:\Windows\System\xVIBSDI.exe
  C:\Windows\System\xVIBSDI.exe
  2⤵
  PID:9992
- C:\Windows\System\aRfUpka.exe
  C:\Windows\System\aRfUpka.exe
  2⤵
  PID:10000
- C:\Windows\System\iGjmWnH.exe
  C:\Windows\System\iGjmWnH.exe
  2⤵
  PID:10016
- C:\Windows\System\HCHIemA.exe
  C:\Windows\System\HCHIemA.exe
  2⤵
  PID:10032
- C:\Windows\System\VljvxtX.exe
  C:\Windows\System\VljvxtX.exe
  2⤵
  PID:10048
- C:\Windows\System\JTRkvek.exe
  C:\Windows\System\JTRkvek.exe
  2⤵
  PID:10064
- C:\Windows\System\nhXWQzP.exe
  C:\Windows\System\nhXWQzP.exe
  2⤵
  PID:10088
- C:\Windows\System\UNAdsCh.exe
  C:\Windows\System\UNAdsCh.exe
  2⤵
  PID:10108
- C:\Windows\System\pejfHqF.exe
  C:\Windows\System\pejfHqF.exe
  2⤵
  PID:10128
- C:\Windows\System\euMiFkO.exe
  C:\Windows\System\euMiFkO.exe
  2⤵
  PID:10148
- C:\Windows\System\vuOUZzz.exe
  C:\Windows\System\vuOUZzz.exe
  2⤵
  PID:10164
- C:\Windows\System\vGRaccA.exe
  C:\Windows\System\vGRaccA.exe
  2⤵
  PID:10184
- C:\Windows\System\XRSlprm.exe
  C:\Windows\System\XRSlprm.exe
  2⤵
  PID:10204
- C:\Windows\System\tRxTMGv.exe
  C:\Windows\System\tRxTMGv.exe
  2⤵
  PID:10224
- C:\Windows\System\aKJNUKa.exe
  C:\Windows\System\aKJNUKa.exe
  2⤵
  PID:8648
- C:\Windows\System\FmqjPsl.exe
  C:\Windows\System\FmqjPsl.exe
  2⤵
  PID:9224
- C:\Windows\System\QBlGetc.exe
  C:\Windows\System\QBlGetc.exe
  2⤵
  PID:10144
- C:\Windows\System\aLsKMjD.exe
  C:\Windows\System\aLsKMjD.exe
  2⤵
  PID:9240
- C:\Windows\System\sKzCbaO.exe
  C:\Windows\System\sKzCbaO.exe
  2⤵
  PID:9096
- C:\Windows\System\JjjMABE.exe
  C:\Windows\System\JjjMABE.exe
  2⤵
  PID:8900
- C:\Windows\System\XWSYBsG.exe
  C:\Windows\System\XWSYBsG.exe
  2⤵
  PID:9148
- C:\Windows\System\sycyFCG.exe
  C:\Windows\System\sycyFCG.exe
  2⤵
  PID:8760
- C:\Windows\System\mUtFZbN.exe
  C:\Windows\System\mUtFZbN.exe
  2⤵
  PID:9312
- C:\Windows\System\nVnQAdq.exe
  C:\Windows\System\nVnQAdq.exe
  2⤵
  PID:9344
- C:\Windows\System\yQvQXPL.exe
  C:\Windows\System\yQvQXPL.exe
  2⤵
  PID:9388
- C:\Windows\System\lKzSmdr.exe
  C:\Windows\System\lKzSmdr.exe
  2⤵
  PID:9448
- C:\Windows\System\RlYDOTZ.exe
  C:\Windows\System\RlYDOTZ.exe
  2⤵
  PID:9360
- C:\Windows\System\qpfZOqL.exe
  C:\Windows\System\qpfZOqL.exe
  2⤵
  PID:9452
- C:\Windows\System\DfbItxR.exe
  C:\Windows\System\DfbItxR.exe
  2⤵
  PID:9500
- C:\Windows\System\gOdXUQU.exe
  C:\Windows\System\gOdXUQU.exe
  2⤵
  PID:9484
- C:\Windows\System\AJQpdlG.exe
  C:\Windows\System\AJQpdlG.exe
  2⤵
  PID:9536
- C:\Windows\System\hpIfYkR.exe
  C:\Windows\System\hpIfYkR.exe
  2⤵
  PID:9516
- C:\Windows\System\WEGJDqK.exe
  C:\Windows\System\WEGJDqK.exe
  2⤵
  PID:9564
- C:\Windows\System\yUMpLju.exe
  C:\Windows\System\yUMpLju.exe
  2⤵
  PID:9632
- C:\Windows\System\TnaSXtJ.exe
  C:\Windows\System\TnaSXtJ.exe
  2⤵
  PID:9612
- C:\Windows\System\fdRBiCs.exe
  C:\Windows\System\fdRBiCs.exe
  2⤵
  PID:9684
- C:\Windows\System\MzwvQJJ.exe
  C:\Windows\System\MzwvQJJ.exe
  2⤵
  PID:9748
- C:\Windows\System\asTqXNQ.exe
  C:\Windows\System\asTqXNQ.exe
  2⤵
  PID:9816
- C:\Windows\System\MchuNMO.exe
  C:\Windows\System\MchuNMO.exe
  2⤵
  PID:9876
- C:\Windows\System\EfXRxNn.exe
  C:\Windows\System\EfXRxNn.exe
  2⤵
  PID:9980
- C:\Windows\System\eFXgHpW.exe
  C:\Windows\System\eFXgHpW.exe
  2⤵
  PID:9728
- C:\Windows\System\lsikqPO.exe
  C:\Windows\System\lsikqPO.exe
  2⤵
  PID:9796
- C:\Windows\System\egMlNLO.exe
  C:\Windows\System\egMlNLO.exe
  2⤵
  PID:9912
- C:\Windows\System\GsmluJU.exe
  C:\Windows\System\GsmluJU.exe
  2⤵
  PID:9764
- C:\Windows\System\MhGbkdW.exe
  C:\Windows\System\MhGbkdW.exe
  2⤵
  PID:9824
- C:\Windows\System\ISksWpY.exe
  C:\Windows\System\ISksWpY.exe
  2⤵
  PID:9888
- C:\Windows\System\zFJeYdI.exe
  C:\Windows\System\zFJeYdI.exe
  2⤵
  PID:10024
- C:\Windows\System\RRGLRHu.exe
  C:\Windows\System\RRGLRHu.exe
  2⤵
  PID:10056
- C:\Windows\System\maGTeTC.exe
  C:\Windows\System\maGTeTC.exe
  2⤵
  PID:10112
- C:\Windows\System\WMgQPue.exe
  C:\Windows\System\WMgQPue.exe
  2⤵
  PID:10180
- C:\Windows\System\dJVTRws.exe
  C:\Windows\System\dJVTRws.exe
  2⤵
  PID:10068
- C:\Windows\System\uLNHjXI.exe
  C:\Windows\System\uLNHjXI.exe
  2⤵
  PID:7724
- C:\Windows\System\wclrehQ.exe
  C:\Windows\System\wclrehQ.exe
  2⤵
  PID:9256
- C:\Windows\System\cugQKtg.exe
  C:\Windows\System\cugQKtg.exe
  2⤵
  PID:8772
- C:\Windows\System\byugAVz.exe
  C:\Windows\System\byugAVz.exe
  2⤵
  PID:9284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HHXTJbr.exe

Filesize
6.0MB

MD5
bd6e66fa76428a62ebd51c47f721b179

SHA1
5631ddee9710e51b732f13b6d3bac9389ff08eb7

SHA256
f827f69a1bc582fb0c86f321f4a7110d7956841ea8461db35833bb227d9bc94b

SHA512
695d78696ff27bcf4e178dda09023e77859b7590490ec7f13f3715ef5e7f9db30e2bcca4e3af16cfa18474e89616e5b10c832a6016f7812da41114363bf1dd73

Download Submit
C:\Windows\system\JocidZg.exe

Filesize
6.0MB

MD5
783adec04f7b45144a4f68ec4f59a437

SHA1
e43ca6d0714c3f487db1c92da8f9e87ddf583d00

SHA256
2603ebfbd96f1bcc0171f2f896d710f72d12f9ce5067365b4d7d2ca8296faa6a

SHA512
38e3c4390ebd6410d2e99e1bbc1e30d1d31a775f25bde5b3d07263b7bab207bae52c724bda72939513dbd4877226e56c31832e1e986010d2523bd784b3bb1abe

Download Submit
C:\Windows\system\NIgYTOu.exe

Filesize
6.0MB

MD5
565ee202e6f1e55cdaa1837bafe08a4d

SHA1
456e8d048c8118dd5d0f88b5c38fbaa16a811894

SHA256
75ac0a7a63a1431552b0d0122fced4705fa6e965828cba39302c622634dcfa5b

SHA512
91f25cc366e1ec4ceb24feca69bdc4b9ee7dddf2d24a5c70ed6949df0b257919c96987adad657a8bce8e62b2115a7e08899aeadb53e2c1815441c7a95bd3b633

Download Submit
C:\Windows\system\OKoqCZd.exe

Filesize
6.0MB

MD5
616b328e05f68328b8020b42821bff7b

SHA1
3a62bbb6e66d4f81cd197a91fd748684202fab5b

SHA256
e48e4351fbd585f070211275a3e8183918f2ea895912b76457dfbbcb5077dc1d

SHA512
56d370375836fcd1a340427aa491788ce15cd7b98b4563065c1a9991510003f6d72541b6693513b5d580d70610b0b8db988744d2b51a57317ff9fd0e25b33355

Download Submit
C:\Windows\system\OqxKlYn.exe

Filesize
6.0MB

MD5
a7bb548c6e65e992f4f697a2e82cfd30

SHA1
39738bc8628f4f3b7f8e0bfb60d9e68021f1367e

SHA256
7abe0aa448f1d411a8d3098d0fd544c9280058cae708d16051801256f98334cb

SHA512
c52df6cf624129221c686249c918d26b1d619dcf10d2f4601fe15cc1788128fa80510be8e950e0a90a2301242c36a8e366b667a5b247cfda5c98b678f99a9744

Download Submit
C:\Windows\system\SQEdmeG.exe

Filesize
6.0MB

MD5
d961165bf74d3aa3a793744fa344cdab

SHA1
31b9594415096cde0f95a5d8b82457cfc3c3f26f

SHA256
a433581d25e0275ec90e131e81c36b5e3dce01504b9c2ac27c9add56ceff82cd

SHA512
154bc1d252c8c8425d2c6d75d1f6c7304efc9253186f1cdf2e6635702a912ade6110b610f0787728a8d447e8cb8b15f104200a7e457d535df40f4157c5845922

Download Submit
C:\Windows\system\SWPOobj.exe

Filesize
6.0MB

MD5
2eda82fafbae8f33a143bc439cf806b7

SHA1
85cd9497e743baec4a9041a6e4355e849efd0019

SHA256
5b6dae642b0d80e051e75085dadb4108fb37ccff5f4ef843569df5f3431c308f

SHA512
93c5a840c41604f224421666da001995b3c115db7852879896bd2402832a5e7d9fdbb86428dadfed9ea9a08d7fb42ef8866a3609187ed7a8ad6331f416a36b32

Download Submit
C:\Windows\system\TMTfHtm.exe

Filesize
6.0MB

MD5
fa33d3cff1952e807398289abcb2e7fb

SHA1
eb933f7eaa770454d995ec1aec352136883d0db4

SHA256
bcb03b465502ba08de35f31f0ec1ab39e3b899ec548a4caee681aef9a395aaf5

SHA512
ced851ebd957b0d4ce96cf2109dbb3e5560d75f5308a4139a21852f00c003be3437fd149f73c96b247790b9b5991988f8ab19f5e5ef13afcb6acfc9a006af822

Download Submit
C:\Windows\system\UAlhoVn.exe

Filesize
6.0MB

MD5
ab1948191b42c425fb7e07514b8520c2

SHA1
66149d3366808fad4ac98040858f7d38fbc476a1

SHA256
745205839e20eed532ce6680146ba1318dad2fdb6a150e5a1c044e7cdf958cf7

SHA512
43b37ea145afa188144cd156b7b60d9268fb5ee0cb23bcfad66f3e1f40be79cfb9af6fb4a919bedb8342f8188bb8aa5bd6fc15e6601644aeb235fad6e43e6e01

Download Submit
C:\Windows\system\UeIqBQu.exe

Filesize
6.0MB

MD5
a4908e9d0dded8c86d6c5e09c34b86b7

SHA1
1cc039e9dbe3aa5eb7df1c4de4b606011ff59234

SHA256
2d6a55936da33a56c12444abd538e6fafc8260e0df5bb661a411c3cf3f2ae440

SHA512
0ea62ebc8ec5dde505e20a9e4846194e4126aca10a0db18c3f854048b1d101bbd4583f2baf5e9c07d4913a23489ad968d77da5defc3eca5214ddc2768135542b

Download Submit
C:\Windows\system\XznChTq.exe

Filesize
6.0MB

MD5
2e0195c7dff2085fc0624cc712a2261d

SHA1
22d34da0d98cf227866d34bdaf8d0222038bfcbd

SHA256
96463322849a35bc604c92fa0b9523bdb71e99111603639b09d63b3d001b9f6e

SHA512
58f8a6e1d19e89acc68e489c2c93eba1a0615bbf22ef4d1fbac7d6ba9842a50732e83662d88ce145f7995a6dae8bfae10097f514edb98e2914c014bc234370a0

Download Submit
C:\Windows\system\YHwUUuw.exe

Filesize
6.0MB

MD5
4bf6d3eaf750692e56146f0e9148ab7f

SHA1
e676721b3f1cd65a0ce1f7120be50628ea0b4d36

SHA256
c6740d23e68aeb0f440bf32d7573f2862ea7856a9b74a790293bbb0c5d7a588c

SHA512
df5427d9bd87d87d557ec2591ccc7bcfa5c9d9b2fdc03ace4bc9b8d5d3efaff0449a69e9da607cd40b57e9f8fa495f07c7db3b2cd4766d6a2e27254fae72b0a5

Download Submit
C:\Windows\system\cNnXbVx.exe

Filesize
6.0MB

MD5
10b42d7c65083eb5ae215a6b01ce61c4

SHA1
4c55e47e362fa9ef4be47bce50658e2cae36d44b

SHA256
36df51ba84f2dfe07f5132215a4a49e4f273794943b7cec6609d52084b243180

SHA512
a39320af76ca839d1652149347ec7277495c182ea57f8af28a7710e7116fd4dcf5bdf3fe31df0f4bc14425f3fe1adc192c03f06d4ab1c2a2b13384cee1d1f602

Download Submit
C:\Windows\system\eMuLcrW.exe

Filesize
6.0MB

MD5
b5b3b4313e93975eb8299ec4322379f6

SHA1
b9cb28ef22077decb6f8663660eff4c3e290f526

SHA256
49f06388c2c10c75ff1d2544cb832b513ca68e926e0505c2e078b9343d4c4329

SHA512
75225ee068a1858dd7bc08d7f14be65ba1a23bbff429872d41294373e22bda5d0c5b2b9cd0cb5831f39a823483cea703261168b5d3e3971bb4b32109e8847bdd

Download Submit
C:\Windows\system\gPjSUIX.exe

Filesize
6.0MB

MD5
db153b5c55b977398d8383f48090f58e

SHA1
9293c5384812836573803a6504dfccbb3815cf4e

SHA256
ad1b6398d46a223df78fdd8ae6023a5c749e7c686a75f1e17d52f759f70f49ec

SHA512
6d958609fed43b898cea978d80b439a801ac8f00dc58bcb3035640b29dbeb099090db6baba8dcea2ca94873f450657c50c4309895335439eff20877c4f3ffadf

Download Submit
C:\Windows\system\jUgdCyg.exe

Filesize
6.0MB

MD5
1bed10bb65da8e0eda7540375a6eea97

SHA1
4772d4e7abaf5f68f6477dd2a50ff8592f3a1e7d

SHA256
668667cbca053b854047300bdcb7bdc72e4aaf3a8c29976de365e97cc60e287a

SHA512
65b1b92a7a37579ce5dca34383cf7744e3cd9a5ad6fb770ced22369d213e1d0f2b1c47eb664d9c5d1f174736e8eef1602b5a0e06a2521207d1ee816135e33d57

Download Submit
C:\Windows\system\kvXqvcG.exe

Filesize
6.0MB

MD5
7158fe5da19645b666b9cc79796b5493

SHA1
b4ddb6393903b6325251b15b4d859fa268a057c1

SHA256
5637ff62b91e224098d5f07bf3e44f61f4744853d8181ec6cb4ccd869b0e65cf

SHA512
4284c2719e9541e15ff2a07e31f4d0e4fc76a31a8e4d33f28af9f5ebfda69bd4aed4e501d4db36d59da051088bec743172765083e2c55550399802ae2a0d6eec

Download Submit
C:\Windows\system\nWukXDt.exe

Filesize
6.0MB

MD5
30aae54844ab57383dce3e1badf9ef63

SHA1
5d7af3bfd0ba5c5becbde09bf5314d4e6762c6dc

SHA256
37d86c8319ebafb41e0b67324b92b37c8974e4d451a2bc0f2cc836182be78bb3

SHA512
6b681cc838ac2d5027f0ff5809351eca4745b9403ad77dc7adb668c676f398d09861e902ce25a3f785a34b7cf82d856052e2d06ed2047087ada474652af4898e

Download Submit
C:\Windows\system\nvdcAUO.exe

Filesize
6.0MB

MD5
83bb8fcb061fd4ceeb2f72c629e26d29

SHA1
664b013090ec699412b088eabfbb7df532ecabbe

SHA256
9bd36f24d3ec5b8af92d7b40eb23a65c4055394e3d29b0812ba2dd912b2536f9

SHA512
ade0135e8ce5e79e64676d67684b69b3e6d389e7ab02f5b26ef5308da695608ae7f8986d12f4691b71c8cabffa66b0f21f182d7fb493ec863c7f96f5ae8f2c81

Download Submit
C:\Windows\system\ofjSCTy.exe

Filesize
6.0MB

MD5
370f6165afad9fb7b4c02656df139feb

SHA1
fa66237f5da54f0a91dd9163342be8169d29482f

SHA256
14a2d7c2a2e44c6bdcd3a55660413df63f832eb93a485784f655550d6b2c0605

SHA512
155a715103b62fab6e0ad8c5f98585319992ee0a6c2e149b75d0c72bb67464c9e70d4141ac1849c0d20b8a8f7a9a099ac49e520399dbf7d36fedc98a8e7fef5e

Download Submit
C:\Windows\system\tZwWwlr.exe

Filesize
6.0MB

MD5
130b81bd450dd042123e69b128202600

SHA1
9e5b5958aa3095843d36aa683973a8f0f20bceb0

SHA256
08f45c0730b2fd413d8b0f8b395d018364115c5949454355fa8bd3dbee48623c

SHA512
c7633e3991a33b7bef0decfe64dba915345b63f76a364fc5763e33db5659f5a5d6326b201429544c03c0c58c393fb73bcf4a233fcb0e307991bb444773343100

Download Submit
C:\Windows\system\tragcji.exe

Filesize
6.0MB

MD5
bbcc0d5111227918f7e1ec400778cd66

SHA1
f4a8ebf1a5ab131e36a291ee5b9184c2c273979d

SHA256
0763c821294b01874536bf7a64b2235dfb83ea2a555793ebd1de7fcbd6c90919

SHA512
8dd0817d975add5aa1ee324eb5b677170da0df4086db11a968b3b1cb86261431cadc727d83cf28ff2d9123b3d163ba02561d879aa7427b719ceccb5aa466c034

Download Submit
C:\Windows\system\ujlHahA.exe

Filesize
6.0MB

MD5
c5a1d85935be86cfab0393c80b707d0f

SHA1
408fc952a14fe16e1489cc6b93c75921f969922e

SHA256
32a13528f8a87cb6a8eded15113bcd864d1522f826d43ea9b43c400f0dbcb08e

SHA512
2a7a89bdecdf27337bcd3a70eab8de400a30ba02c6220b5a54268dcacf8494f51b89fc708d52c062b47c9abab68ca6f566f5cd21841059824c88050263d39e13

Download Submit
C:\Windows\system\xTNNaAo.exe

Filesize
6.0MB

MD5
6444e07720da6ecea27a6254344df95a

SHA1
624d4d223adf82ce3c735e706a0f563be9338885

SHA256
d07e2ecaeaf52e98252eb83ab95d04a2b8a073730884c5c88b1bc78eb285fad3

SHA512
ccfed456f7ed64386aa91babcd724767fe40d5906f8984b85e96f9558f6de5f7ffb5268945dcbdce62bbb8484df0fb1e6c0b506994a6995381aa939527d2ac23

Download Submit
C:\Windows\system\yrLAKXg.exe

Filesize
6.0MB

MD5
955910838a8723c70753b27bc1162945

SHA1
fbe8a3bc3b2679794ee53124e314b6794ed4872f

SHA256
9c27d1e370049878665e39cf364a87818b4f99492d946f3ad2975c4b904f2296

SHA512
7764369ed46e99d98a753d63b96810fe5c6be81b8d5ec34641e9d0097b7664b74de69fcf52c15079a77a9f5138ebdc409cbdf7edd01a132248e5410d3dec68d6

Download Submit
C:\Windows\system\zxxIExb.exe

Filesize
6.0MB

MD5
f611949c7dc0b7962d2b9b1461b3e54c

SHA1
8b4567c334b3a25041d80e20cd1aead5d3b186c0

SHA256
68c95938240adfa3f874a43020773914e4146a67d858f42f621d6a5651e035af

SHA512
120c75ca05a2cbbcac77537efe54f932c41fd25670edca47d1a7ffbf55ab1804d0913323e7a8bdd79cd465911447331478a85bb96a75e8ace7a2e3e15d3bdbe7

Download Submit
\Windows\system\AejQybL.exe

Filesize
6.0MB

MD5
ce41d37f21603b490f89f2945c9ba606

SHA1
4ec05a2fb76b6001d3804d907a168800fc386d5b

SHA256
d87ad1144d4d62524718d537940cbfd5ce016877d13964d126bedfe580d714f4

SHA512
72609f96a58297baa77113b49c1529da178cd877b1e9283d264fee1d2afcc27827d5d821202a459e62c4462c22ee4b6218cbc9b7a302e50dc662136c0fbf2929

Download Submit
\Windows\system\TNjNBPW.exe

Filesize
6.0MB

MD5
31c743bd8909eb677516a7a0f7dc989b

SHA1
ce73a901f5db333e18fcab25efd738d29ba39885

SHA256
45675d58b2351409208e72198cd4ab1e4190ddf7f29800569d6e7a53f0efb892

SHA512
8b0fe31f118a16f40543346910c3a71eafb7b4f8eae25092aa76963219fce9b4fbafaf30db527caf462a45e5b3185467a58e3db35e2d398408123d9ed7b98d9e

Download Submit
\Windows\system\TSAaMfj.exe

Filesize
6.0MB

MD5
23c882d2ae730d6bf214ad41bc6f0d7f

SHA1
582ed69b9294022ccac543837cffaf0a3a0d5c3a

SHA256
2e5737b43df165cf35fdc9a49ef5b643f4262a20c056f04679e8fc555204dd1a

SHA512
07decf6b666c675461af80e2bea8ebb69aa70a993cac2b132a8e23c90b7d8ac4b1e5cdc5bd805c5e427ac2b36cf30585ec2bd25ef59d4174ef96ece937e342eb

Download Submit
\Windows\system\VITwOEh.exe

Filesize
6.0MB

MD5
f2a8c24cbd03ab4d508eb18d94fb77b4

SHA1
4bc23be4ec7583b86af8ae002e1c2f782aab0ecf

SHA256
31626b28c68f9e825c16b9d36e641d7967abf57cf2fb26603870cb85443480b6

SHA512
aa734c000ef2eb43c189b1dd5cffa34fba78ddd944d09b7d61cd999c0681cf72c21dfd2fa624ed00f76e3108443df2545c8e90a3c8f0071a0eead25643b8fb1c

Download Submit
\Windows\system\bxUXFTE.exe

Filesize
6.0MB

MD5
e65e3c9da93bf6f162931b331ce72b3e

SHA1
993b2549cb0187f2112084f8931e5de1db1e1509

SHA256
3d29b27133fc8f9aa5668a6e7d52328a3447328f6844f96d7a97ac1b46e41977

SHA512
777de684e265f1081dffc16fab5f2bfaa37d122d9e313c82b172da1aafc77483823fd512b5b6e33e22eb275b8439ff0e8ac396c8b151ffdf2aeda15893784664

Download Submit
\Windows\system\iPbBVAZ.exe

Filesize
6.0MB

MD5
206268d80b60b6b07076444ff3a9c70d

SHA1
c789f411b526f9952cb2e5b7c1705c242eb9c0d1

SHA256
530fd734e58879f9e9986c5a54d8a4c09fbd3e54e5668c2d96ce1adca3158089

SHA512
d0d2632db2497af002042a50b17a503dbd13cde589b7c2fde2a14bd7a0957521d01ec2db09e4487d06415f936fb79d90835f71d98b1a3b507c1001b6e0f6c262

Download Submit
\Windows\system\xNxAQpX.exe

Filesize
6.0MB

MD5
149fcb1f6ce0659e7c7e79e638bf1e65

SHA1
b00f0c5cec2215f8b537b2a48601acf0dc5951f3

SHA256
db4da19a4f1ed7c369c07eb241290ca7489c509201e90b4eca86a17b420a4106

SHA512
e7a02ce1d4b96b0d9953a18b48b13159826270db9f460bb3d76d0e3a88577112c12926cd6a0e92094e5a2f9034e87aa8d82e4752a7ee7e1f1eacc864322320a7

Download Submit
memory/812-66-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/812-100-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/812-3815-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/896-3848-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/896-93-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/896-30-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-4371-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1672-73-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2148-95-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-4375-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4373-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2196-80-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2244-82-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-28-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2244-87-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-0-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-18-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-94-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-72-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2244-71-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2244-69-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-67-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-101-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-23-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2244-58-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-57-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2244-606-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-37-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2244-12-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-50-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2244-874-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-755-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-4377-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2372-88-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2548-59-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4376-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2596-79-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4372-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2600-78-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2768-21-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3803-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2776-22-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3801-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-49-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4374-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-81-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-20-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download